rsync/rsync.spec

184 lines
5.9 KiB
RPMSpec
Raw Normal View History

#
# spec file for package rsync
#
# Copyright (c) 2022 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
# Please submit bugfixes or comments via https://bugs.opensuse.org/
#
%if 0%{?suse_version} >= 1550
%bcond_without xxhash
%else
%bcond_with xxhash
%endif
Name: rsync
Accepting request 997517 from home:david.anes:branches:network - Add upstream patch rsync-3.2.5-slp.patch, as the one included in the released tarball doesn't fully apply. - Drop patch rsync-CVE-2022-29154.patch, already included upstream. - Update to 3.2.5 * SECURITY FIXES: - Added some file-list safety checking that helps to ensure that a rogue sending rsync can't add unrequested top-level names and/or include recursive names that should have been excluded by the sender. These extra safety checks only require the receiver rsync to be updated. When dealing with an untrusted sending host, it is safest to copy into a dedicated destination directory for the remote content (i.e. don't copy into a destination directory that contains files that aren't from the remote host unless you trust the remote host). Fixes CVE-2022-29154. - A fix for CVE-2022-37434 in the bundled zlib (buffer overflow issue). * BUG FIXES: - Fixed the handling of filenames specified with backslash-quoted wildcards when the default remote-arg-escaping is enabled. - Fixed the configure check for signed char that was causing a host that defaults to unsigned characters to generate bogus rolling checksums. This made rsync send mostly literal data for a copy instead of finding matching data in the receiver's basis file (for a file that contains high-bit characters). - Lots of manpage improvements, including an attempt to better describe how include/exclude filters work. - If rsync is compiled with an xxhash 0.8 library and then moved to a system with a dynamically linked xxhash 0.7 library, we now detect this and disable the XX3 hashes (since these routines didn't stabilize until 0.8). * ENHANCEMENTS: - The [`--trust-sender`](rsync.1#opt) option was added as a way to bypass the extra file-list safety checking (should that be required). OBS-URL: https://build.opensuse.org/request/show/997517 OBS-URL: https://build.opensuse.org/package/show/network/rsync?expand=0&rev=93
2022-08-17 13:32:58 +02:00
Version: 3.2.5
Release: 0
Summary: Versatile tool for fast incremental file transfer
License: GPL-3.0-or-later
Group: Productivity/Networking/Other
URL: https://rsync.samba.org/
Source: http://rsync.samba.org/ftp/rsync/src/rsync-%{version}.tar.gz
Source1: http://rsync.samba.org/ftp/rsync/src/rsync-patches-%{version}.tar.gz
Source2: logrotate.rsync
Source3: rsyncd.socket
Source4: rsyncd.rc
Source5: rsyncd.conf
Source6: rsyncd.secrets
Source8: rsyncd.service
Source9: rsyncd@.service
Source10: http://rsync.samba.org/ftp/rsync/src/rsync-%{version}.tar.gz.asc
Source11: http://rsync.samba.org/ftp/rsync/src/rsync-patches-%{version}.tar.gz.asc
Source12: %{name}.keyring
Accepting request 997517 from home:david.anes:branches:network - Add upstream patch rsync-3.2.5-slp.patch, as the one included in the released tarball doesn't fully apply. - Drop patch rsync-CVE-2022-29154.patch, already included upstream. - Update to 3.2.5 * SECURITY FIXES: - Added some file-list safety checking that helps to ensure that a rogue sending rsync can't add unrequested top-level names and/or include recursive names that should have been excluded by the sender. These extra safety checks only require the receiver rsync to be updated. When dealing with an untrusted sending host, it is safest to copy into a dedicated destination directory for the remote content (i.e. don't copy into a destination directory that contains files that aren't from the remote host unless you trust the remote host). Fixes CVE-2022-29154. - A fix for CVE-2022-37434 in the bundled zlib (buffer overflow issue). * BUG FIXES: - Fixed the handling of filenames specified with backslash-quoted wildcards when the default remote-arg-escaping is enabled. - Fixed the configure check for signed char that was causing a host that defaults to unsigned characters to generate bogus rolling checksums. This made rsync send mostly literal data for a copy instead of finding matching data in the receiver's basis file (for a file that contains high-bit characters). - Lots of manpage improvements, including an attempt to better describe how include/exclude filters work. - If rsync is compiled with an xxhash 0.8 library and then moved to a system with a dynamically linked xxhash 0.7 library, we now detect this and disable the XX3 hashes (since these routines didn't stabilize until 0.8). * ENHANCEMENTS: - The [`--trust-sender`](rsync.1#opt) option was added as a way to bypass the extra file-list safety checking (should that be required). OBS-URL: https://build.opensuse.org/request/show/997517 OBS-URL: https://build.opensuse.org/package/show/network/rsync?expand=0&rev=93
2022-08-17 13:32:58 +02:00
# PATCH-FIX-UPSTREAM: slp.diff included in distribution tar file does not apply
# cleanly, therefore we use the upstream patch directly (for 3.2.5)
Source13: https://raw.githubusercontent.com/WayneD/rsync-patches/d899304ea5daa125417f296bdd6f8bff0ed342ca/slp.diff#:/rsync-3.2.5-slp.patch
Patch0: rsync-no-libattr.patch
Accepting request 997517 from home:david.anes:branches:network - Add upstream patch rsync-3.2.5-slp.patch, as the one included in the released tarball doesn't fully apply. - Drop patch rsync-CVE-2022-29154.patch, already included upstream. - Update to 3.2.5 * SECURITY FIXES: - Added some file-list safety checking that helps to ensure that a rogue sending rsync can't add unrequested top-level names and/or include recursive names that should have been excluded by the sender. These extra safety checks only require the receiver rsync to be updated. When dealing with an untrusted sending host, it is safest to copy into a dedicated destination directory for the remote content (i.e. don't copy into a destination directory that contains files that aren't from the remote host unless you trust the remote host). Fixes CVE-2022-29154. - A fix for CVE-2022-37434 in the bundled zlib (buffer overflow issue). * BUG FIXES: - Fixed the handling of filenames specified with backslash-quoted wildcards when the default remote-arg-escaping is enabled. - Fixed the configure check for signed char that was causing a host that defaults to unsigned characters to generate bogus rolling checksums. This made rsync send mostly literal data for a copy instead of finding matching data in the receiver's basis file (for a file that contains high-bit characters). - Lots of manpage improvements, including an attempt to better describe how include/exclude filters work. - If rsync is compiled with an xxhash 0.8 library and then moved to a system with a dynamically linked xxhash 0.7 library, we now detect this and disable the XX3 hashes (since these routines didn't stabilize until 0.8). * ENHANCEMENTS: - The [`--trust-sender`](rsync.1#opt) option was added as a way to bypass the extra file-list safety checking (should that be required). OBS-URL: https://build.opensuse.org/request/show/997517 OBS-URL: https://build.opensuse.org/package/show/network/rsync?expand=0&rev=93
2022-08-17 13:32:58 +02:00
Patch1: rsync-3.2.5-slp.patch
BuildRequires: autoconf
BuildRequires: automake
BuildRequires: c++_compiler
BuildRequires: libacl-devel
BuildRequires: liblz4-devel
BuildRequires: libzstd-devel
BuildRequires: openslp-devel
BuildRequires: pkgconfig
BuildRequires: popt-devel
BuildRequires: systemd-rpm-macros
BuildRequires: zlib-devel
%if %{with xxhash}
BuildRequires: pkgconfig(libxxhash) >= 0.8.0
%endif
BuildRequires: pkgconfig(openssl)
Requires(post): grep
Requires(post): sed
Recommends: logrotate
%description
Rsync is a fast and extraordinarily versatile file copying tool. It can copy
locally, to/from another host over any remote shell, or to/from a remote rsync
daemon. It offers a large number of options that control every aspect of its
behavior and permit very flexible specification of the set of files to be
copied. It is famous for its delta-transfer algorithm, which reduces the amount
of data sent over the network by sending only the differences between the
source files and the existing files in the destination. Rsync is widely used
for backups and mirroring and as an improved copy command for everyday use.
%prep
%setup -q -b 1
rm -f zlib/*.h
Accepting request 997517 from home:david.anes:branches:network - Add upstream patch rsync-3.2.5-slp.patch, as the one included in the released tarball doesn't fully apply. - Drop patch rsync-CVE-2022-29154.patch, already included upstream. - Update to 3.2.5 * SECURITY FIXES: - Added some file-list safety checking that helps to ensure that a rogue sending rsync can't add unrequested top-level names and/or include recursive names that should have been excluded by the sender. These extra safety checks only require the receiver rsync to be updated. When dealing with an untrusted sending host, it is safest to copy into a dedicated destination directory for the remote content (i.e. don't copy into a destination directory that contains files that aren't from the remote host unless you trust the remote host). Fixes CVE-2022-29154. - A fix for CVE-2022-37434 in the bundled zlib (buffer overflow issue). * BUG FIXES: - Fixed the handling of filenames specified with backslash-quoted wildcards when the default remote-arg-escaping is enabled. - Fixed the configure check for signed char that was causing a host that defaults to unsigned characters to generate bogus rolling checksums. This made rsync send mostly literal data for a copy instead of finding matching data in the receiver's basis file (for a file that contains high-bit characters). - Lots of manpage improvements, including an attempt to better describe how include/exclude filters work. - If rsync is compiled with an xxhash 0.8 library and then moved to a system with a dynamically linked xxhash 0.7 library, we now detect this and disable the XX3 hashes (since these routines didn't stabilize until 0.8). * ENHANCEMENTS: - The [`--trust-sender`](rsync.1#opt) option was added as a way to bypass the extra file-list safety checking (should that be required). OBS-URL: https://build.opensuse.org/request/show/997517 OBS-URL: https://build.opensuse.org/package/show/network/rsync?expand=0&rev=93
2022-08-17 13:32:58 +02:00
# TODO: (See Source13/Patch1) we have to re-enable the patching of SLP using
# the patch included in the distributed tar file for next version, for now
# we apply latest upstream patch (for 3.2.5) from Github, the one included
# in tar fiel desn't apply cleanly
# patch -p1 < patches/slp.diff
%autopatch -p1
%build
autoreconf -fiv
export CFLAGS="%{optflags} -fPIC -DPIC -fPIE"
export LDFLAGS="-Wl,-z,relro,-z,now -fPIE -pie"
%configure \
--with-included-popt=no \
--with-included-zlib=no \
--disable-debug \
%if !%{with xxhash}
--disable-xxhash\
%endif
%ifarch x86_64
--enable-simd \
%endif
--enable-slp \
--enable-acl-support \
--enable-xattr-support
%make_build reconfigure
%make_build
%check
%make_build check
%install
%make_install
rm -f %{buildroot}%{_sbindir}/rsyncd
install -d %{buildroot}%{_sysconfdir}/init.d
install -d %{buildroot}%{_sysconfdir}/xinetd.d
install -d %{buildroot}%{_sbindir}
ln -sf ../bin/rsync %{buildroot}%{_sbindir}/rsyncd
install -m 755 support/rsyncstats %{buildroot}%{_bindir}
%if 0%{?suse_version} > 1500
install -d %{buildroot}%{_distconfdir}/logrotate.d
install -m 644 %{SOURCE2} %{buildroot}%{_distconfdir}/logrotate.d/rsync
%else
install -d %{buildroot}%{_sysconfdir}/logrotate.d
install -m 644 %{SOURCE2} %{buildroot}%{_sysconfdir}/logrotate.d/rsync
%endif
install -m 644 %{SOURCE5} %{buildroot}%{_sysconfdir}/rsyncd.conf
install -m 600 %{SOURCE6} %{buildroot}%{_sysconfdir}/rsyncd.secrets
install -D -m 0644 %{SOURCE9} %{buildroot}%{_unitdir}/rsyncd@.service
install -D -m 0644 %{SOURCE8} %{buildroot}%{_unitdir}/rsyncd.service
install -D -m 0644 %{SOURCE3} %{buildroot}%{_unitdir}/rsyncd.socket
ln -sf service %{buildroot}%{_sbindir}/rcrsyncd
%pre
%service_add_pre rsyncd.service
%if 0%{?suse_version} > 1500
# Prepare for migration to /usr/etc; save any old .rpmsave
for i in logrotate.d/rsync ; do
test -f %{_sysconfdir}/${i}.rpmsave && mv -v %{_sysconfdir}/${i}.rpmsave %{_sysconfdir}/${i}.rpmsave.old ||:
done
%endif
%if 0%{?suse_version} > 1500
%posttrans
# Migration to /usr/etc, restore just created .rpmsave
for i in logrotate.d/rsync ; do
test -f %{_sysconfdir}/${i}.rpmsave && mv -v %{_sysconfdir}/${i}.rpmsave %{_sysconfdir}/${i} ||:
done
%endif
%preun
%service_del_preun rsyncd.service
%post
%service_add_post rsyncd.service
%postun
%service_del_postun rsyncd.service
%files
%license COPYING
%doc NEWS.md README.md tech_report.tex
%{_unitdir}/rsyncd@.service
%{_unitdir}/rsyncd.service
%{_unitdir}/rsyncd.socket
%config(noreplace) %{_sysconfdir}/rsyncd.conf
%config(noreplace) %{_sysconfdir}/rsyncd.secrets
%if 0%{?suse_version} > 1500
%{_distconfdir}/logrotate.d/rsync
%else
%config(noreplace) %{_sysconfdir}/logrotate.d/rsync
%endif
%{_sbindir}/rcrsyncd
%{_sbindir}/rsyncd
%{_bindir}/rsyncstats
%{_bindir}/rsync
%{_bindir}/rsync-ssl
%{_mandir}/man1/rsync.1%{?ext_man}
%{_mandir}/man1/rsync-ssl.1%{?ext_man}
%{_mandir}/man5/rsyncd.conf.5%{?ext_man}
%changelog