commit 3bc367b409af68647b718df8e6745c6e677ceae93280065f917d8b9fe5cfc21d Author: David Anes Date: Fri Sep 6 12:59:14 2024 +0000 - rsync-gcc14.patch: fixed the ipv6 configure check (bsc#1230156) OBS-URL: https://build.opensuse.org/package/show/network/rsync?expand=0&rev=125 diff --git a/.gitattributes b/.gitattributes new file mode 100644 index 0000000..9b03811 --- /dev/null +++ b/.gitattributes @@ -0,0 +1,23 @@ +## Default LFS +*.7z filter=lfs diff=lfs merge=lfs -text +*.bsp filter=lfs diff=lfs merge=lfs -text +*.bz2 filter=lfs diff=lfs merge=lfs -text +*.gem filter=lfs diff=lfs merge=lfs -text +*.gz filter=lfs diff=lfs merge=lfs -text +*.jar filter=lfs diff=lfs merge=lfs -text +*.lz filter=lfs diff=lfs merge=lfs -text +*.lzma filter=lfs diff=lfs merge=lfs -text +*.obscpio filter=lfs diff=lfs merge=lfs -text +*.oxt filter=lfs diff=lfs merge=lfs -text +*.pdf filter=lfs diff=lfs merge=lfs -text +*.png filter=lfs diff=lfs merge=lfs -text +*.rpm filter=lfs diff=lfs merge=lfs -text +*.tbz filter=lfs diff=lfs merge=lfs -text +*.tbz2 filter=lfs diff=lfs merge=lfs -text +*.tgz filter=lfs diff=lfs merge=lfs -text +*.ttf filter=lfs diff=lfs merge=lfs -text +*.txz filter=lfs diff=lfs merge=lfs -text +*.whl filter=lfs diff=lfs merge=lfs -text +*.xz filter=lfs diff=lfs merge=lfs -text +*.zip filter=lfs diff=lfs merge=lfs -text +*.zst filter=lfs diff=lfs merge=lfs -text diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..57affb6 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +.osc diff --git a/logrotate.rsync b/logrotate.rsync new file mode 100644 index 0000000..54b80ae --- /dev/null +++ b/logrotate.rsync @@ -0,0 +1,11 @@ +/var/log/rsyncd.log { + compress + dateext + maxage 365 + rotate 99 + size=+1024k + notifempty + missingok + copytruncate +} + diff --git a/rsync-3.3.0.tar.gz b/rsync-3.3.0.tar.gz new file mode 100644 index 0000000..342d518 --- /dev/null +++ b/rsync-3.3.0.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:7399e9a6708c32d678a72a63219e96f23be0be2336e50fd1348498d07041df90 +size 1153969 diff --git a/rsync-3.3.0.tar.gz.asc b/rsync-3.3.0.tar.gz.asc new file mode 100644 index 0000000..ca8740f --- /dev/null +++ b/rsync-3.3.0.tar.gz.asc @@ -0,0 +1,6 @@ +-----BEGIN PGP SIGNATURE----- + +iF0EABECAB0WIQQASMiwJtTJbw5YnC9shZ+xS5aoxQUCZhF6vQAKCRBshZ+xS5ao +xZ6kAKDZkE3C9w/cu8o3/Ic5KNycbcTw8gCdH/pdNo6kSGF3qLelFI6uK5Q4jdA= +=vJGJ +-----END PGP SIGNATURE----- diff --git a/rsync-gcc14.patch b/rsync-gcc14.patch new file mode 100644 index 0000000..375ac51 --- /dev/null +++ b/rsync-gcc14.patch @@ -0,0 +1,13 @@ +Index: rsync-3.3.0/configure.ac +=================================================================== +--- rsync-3.3.0.orig/configure.ac ++++ rsync-3.3.0/configure.ac +@@ -412,7 +412,7 @@ AS_HELP_STRING([--disable-ipv6],[disable + #include + #include + #include +-main() ++int main(void) + { + if (socket(AF_INET6, SOCK_STREAM, 0) < 0) + exit(1); diff --git a/rsync-no-libattr.patch b/rsync-no-libattr.patch new file mode 100644 index 0000000..9410aab --- /dev/null +++ b/rsync-no-libattr.patch @@ -0,0 +1,13 @@ +Index: rsync-3.2.2/configure.ac +=================================================================== +--- rsync-3.2.2.orig/configure.ac ++++ rsync-3.2.2/configure.ac +@@ -1309,7 +1309,7 @@ else + AC_DEFINE(HAVE_LINUX_XATTRS, 1, [True if you have Linux xattrs (or equivalent)]) + AC_DEFINE(SUPPORT_XATTRS, 1) + AC_DEFINE(NO_SYMLINK_USER_XATTRS, 1, [True if symlinks do not support user xattrs]) +- AC_CHECK_LIB(attr,getxattr) ++ AC_SEARCH_LIBS([getxattr], [attr]) + ;; + darwin*) + AC_MSG_RESULT(Using OS X xattrs) diff --git a/rsync-patches-3.3.0.tar.gz b/rsync-patches-3.3.0.tar.gz new file mode 100644 index 0000000..7ca95fb --- /dev/null +++ b/rsync-patches-3.3.0.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:3dd51cd88d25133681106f68622ebedbf191ab25a21ea336ba409136591864b0 +size 98487 diff --git a/rsync-patches-3.3.0.tar.gz.asc b/rsync-patches-3.3.0.tar.gz.asc new file mode 100644 index 0000000..d97f549 --- /dev/null +++ b/rsync-patches-3.3.0.tar.gz.asc @@ -0,0 +1,6 @@ +-----BEGIN PGP SIGNATURE----- + +iF0EABECAB0WIQQASMiwJtTJbw5YnC9shZ+xS5aoxQUCZhF6vQAKCRBshZ+xS5ao +xcOpAJ0e/0uM2Ds98F7lwsTWiYdsJJ4EGwCfU4SaBIySxtKPdHh0Qy6Y1dt8uTc= +=dZu7 +-----END PGP SIGNATURE----- diff --git a/rsync-run-dir.patch b/rsync-run-dir.patch new file mode 100644 index 0000000..cdd0ba5 --- /dev/null +++ b/rsync-run-dir.patch @@ -0,0 +1,12 @@ +diff -ur rsync-3.3.0.old/rsync.h rsync-3.3.0/rsync.h +--- rsync-3.3.0.old/rsync.h 2022-10-16 19:28:58.000000000 +0200 ++++ rsync-3.3.0/rsync.h 2024-08-26 11:31:14.458919925 +0200 +@@ -30,7 +30,7 @@ + /* RSYNCD_SYSCONF is now set in config.h */ + #define RSYNCD_USERCONF "rsyncd.conf" + +-#define DEFAULT_LOCK_FILE "/var/run/rsyncd.lock" ++#define DEFAULT_LOCK_FILE "/run/rsyncd.lock" + #define URL_PREFIX "rsync://" + + #define SYMLINK_PREFIX "/rsyncd-munged/" /* This MUST have a trailing slash! */ diff --git a/rsync-usr-etc.patch b/rsync-usr-etc.patch new file mode 100644 index 0000000..a99cee2 --- /dev/null +++ b/rsync-usr-etc.patch @@ -0,0 +1,76 @@ +Nur in a: .cirrus.yml. +diff -ur a/clientserver.c b/clientserver.c +--- a/clientserver.c 2023-11-28 17:12:41.643268046 +0100 ++++ b/clientserver.c 2023-11-28 17:25:30.476279700 +0100 +@@ -1261,10 +1261,16 @@ + static int load_config(int globals_only) + { + if (!config_file) { +- if (am_daemon < 0 && am_root <= 0) ++ if (am_daemon < 0 && am_root <= 0) { + config_file = RSYNCD_USERCONF; +- else ++ } else { + config_file = RSYNCD_SYSCONF; ++#ifdef RSYNCD_DISTCONF ++ STRUCT_STAT st; ++ if (do_stat(RSYNCD_SYSCONF, &st) != 0) ++ config_file = RSYNCD_DISTCONF; ++#endif ++ } + } + return lp_load(config_file, globals_only); + } +diff -ur a/configure.ac b/configure.ac +--- a/configure.ac 2023-11-28 17:12:41.647268046 +0100 ++++ b/configure.ac 2023-11-28 17:40:15.678280030 +0100 +@@ -175,7 +175,7 @@ + AC_DEFINE_UNQUOTED(RSYNC_PATH, "$RSYNC_PATH", [location of rsync on remote machine]) + + AC_ARG_WITH(rsyncd-conf, +- AS_HELP_STRING([--with-rsyncd-conf=PATH],[set configuration file for rsync server to PATH (default: /etc/rsyncd.conf)]), ++ AS_HELP_STRING([--with-rsyncd-conf=PATH],[set user/admin defined configuration file for rsync server to PATH (default: /etc/rsyncd.conf)]), + [ if test ! -z "$with_rsyncd_conf" ; then + case $with_rsyncd_conf in + yes|no) +@@ -193,7 +193,27 @@ + fi ], + [ RSYNCD_SYSCONF="/etc/rsyncd.conf" ]) + +-AC_DEFINE_UNQUOTED(RSYNCD_SYSCONF, "$RSYNCD_SYSCONF", [location of configuration file for rsync server]) ++AC_DEFINE_UNQUOTED(RSYNCD_SYSCONF, "$RSYNCD_SYSCONF", [location of user/admin defined configuration file for rsync server]) ++ ++AC_ARG_WITH(rsyncd-distconf, ++ AS_HELP_STRING([--with-rsyncd-distconf=PATH],[set vendor configuration file for rsync server to PATH (default: not set)]), ++ [ if test ! -z "$with_rsyncd_distconf" ; then ++ case $with_rsyncd_distconf in ++ yes|no) ++ RSYNCD_DISTCONF="/usr/etc/rsyncd.conf" ++ ;; ++ /*) ++ RSYNCD_DISTCONF="$with_rsyncd_distconf" ++ ;; ++ *) ++ AC_MSG_ERROR(You must specify an absolute path to --with-rsyncd-distconf=PATH) ++ ;; ++ esac ++ fi ++ ], ++ []) ++ ++AC_DEFINE_UNQUOTED(RSYNCD_DISTCONF, "$RSYNCD_DISTCONF", [location of vendor configuration file for rsync server]) + + AC_ARG_WITH(rsh, + AS_HELP_STRING([--with-rsh=CMD],[set remote shell command to CMD (default: ssh)])) +diff -ur a/rsyncd.conf.5.md b/rsyncd.conf.5.md +--- a/rsyncd.conf.5.md 2023-11-28 17:12:41.643268046 +0100 ++++ b/rsyncd.conf.5.md 2023-11-29 13:08:32.125333095 +0100 +@@ -1235,7 +1235,7 @@ + + ## FILES + +-/etc/rsyncd.conf or rsyncd.conf ++rsyncd.conf or /etc/rsyncd.conf or /usr/etc/rsyncd.conf + + ## SEE ALSO + diff --git a/rsync.changes b/rsync.changes new file mode 100644 index 0000000..c683301 --- /dev/null +++ b/rsync.changes @@ -0,0 +1,1346 @@ +------------------------------------------------------------------- +Fri Sep 6 12:23:31 UTC 2024 - Marcus Meissner + +- rsync-gcc14.patch: fixed the ipv6 configure check (bsc#1230156) + +------------------------------------------------------------------- +Mon Aug 26 09:41:28 UTC 2024 - Thorsten Kukuk + +- add patch rsync-run-dir.patch: + * Drop dependency on /var/run compat symlink, this causes problems + on image based systems + +------------------------------------------------------------------- +Thu May 23 11:50:19 UTC 2024 - David Anes + +- Correcly enable SIMD in x64: the flag was renamed from + --enable-simd to -enable-roll-simd in 3.2.4 + +- Remove leftovers from previous versions: + * rsync-patches-3.2.7.tar.gz + * rsync-patches-3.2.7.tar.gz.asc + +------------------------------------------------------------------- +Thu Apr 18 08:22:02 UTC 2024 - David Anes + +- Update to 3.3.0 + * BUG FIXES: + - Fixed a bug with --sparse --inplace where a trailing gap in + the source file would not clear out the trailing data in the + destination file. + - Fixed an buffer overflow in the checksum2 code if SHA1 is + being used for the checksum2 algorithm. + - Fixed an issue when rsync is compiled using _FORTIFY_SOURCE so + that the extra tests don't complain about a strlcpy() limit + value (which was too large, even though it wasn't possible for + the larger value to cause an overflow). + (fix bsc#1214616, bsc#1214249) + - Add a backtick to the list of characters that the filename + quoting needs to escape using backslashes. + - Fixed a string-comparison issue in the internal handling of + --progress (a locale such as tr_TR.utf-8 needed the internal + triggering of --info options to use upper-case flag names to + ensure that they match). + - Make sure that a local transfer marks the sender side as + trusted. + - Change the argv handling to work with a newer popt library + -⁠-⁠ one that likes to free more data than it used to. + - Rsync now calls OpenSSL_add_all_algorithms() when compiled + against an older openssl library. + - Fixed a problem in the daemon auth for older protocols + (29 and before) if the openssl library is being used to + compute MD4 checksums. + - Fixed rsync -VV on Cygwin -⁠-⁠ it needed a flush of stdout. + - Fixed an old stats bug that counted devices as symlinks. + + * ENHANCEMENTS: + - Enhanced rrsync with the -no-overwrite option that allows you + to ensure that existing files on your restricted but writable + directory can't be modified. + - Enhanced the manpages to mark links with .UR & .UE. If your + nroff doesn't support these idioms, touch the file + .md2man-force in the source directory so that md-convert gets + called with the --force-link-text option, and that should + ensure that your manpages are still readable even with the + ignored markup. + - Some manpage improvements on the handling of [global] modules. + - Changed the mapfrom & mapto perl scripts (in the support dir) + into a single python script named idmap. Converted a couple + more perl scripts into python. + - Changed the mnt-excl perl script (in the support dir) into a + python script. + + * DEVELOPER RELATED: + - Updated config.guess (timestamp 2023-01-01) and config.sub + (timestamp 2023-01-21). + +- Drop rsync-fortified-strlcpy-fix.patch (included upstream). + +------------------------------------------------------------------- +Tue Mar 12 08:13:24 UTC 2024 - Bernhard Wiedemann + +- Avoid package changes in %check + +------------------------------------------------------------------- +Wed Nov 29 12:34:30 UTC 2023 - Stefan Schubert + +- Moved rsyncd.conf and rsyncd.secrets to /usr/etc. + * Add rsync-usr-etc.patch + +------------------------------------------------------------------- +Wed Sep 6 09:52:41 UTC 2023 - David Anes + +- Rename patch to follow naming patch policies: + fortified-strlcpy-fix.patch -> rsync-fortified-strlcpy-fix.patch + +------------------------------------------------------------------- +Wed Sep 6 09:19:36 UTC 2023 - Thorsten Kukuk + +- Use "slp" for bcond, not "openslp", like we use for all other + packages, too. +- Disable slp patch and configure option if bcond slp is disabled. + +------------------------------------------------------------------- +Tue Sep 5 12:07:57 UTC 2023 - Dirk Müller + +- add fortified-strlcpy-fix.patch (bsc#1214616, bsc#1214249) + +------------------------------------------------------------------- +Tue Sep 5 11:11:04 UTC 2023 - Fabian Vogt + +- Disable openslp support on new distros (bsc#1214884) + +------------------------------------------------------------------- +Wed Jul 26 15:07:23 UTC 2023 - Antonio Teixeira + +- Add support directory to %docdir. + Includes some upstream provided scripts such as rrsync. (bsc#1212198) + +------------------------------------------------------------------- +Thu Apr 6 11:03:52 UTC 2023 - Johannes Segitz + +- Switch rsyncd symlink to a wrapper script to allow setting a distinct + SELinux type (bsc#1209654) + +------------------------------------------------------------------- +Fri Oct 21 07:52:48 UTC 2022 - Michael Ströder + +- New version fixes bug (boo#1203727): implicit containing directory + sometimes rejected as unrequested + +- update to 3.2.7 + * BUG FIXES: + - Fixed the client-side validating of the remote sender's filtering behavior. + - More fixes for the "unrequested file-list name" name, including a copy of + "/" with `--relative` enabled and a copy with a lot of related paths with + `--relative` enabled (often derived from a `--files-from` list). + - When rsync gets an unpack error on an ACL, mention the filename. + - Avoid over-setting sanitize_paths when a daemon is serving "/" (even if + "use chroot" is false). + * ENHANCEMENTS: + - Added negotiated daemon-auth support that allows a stronger checksum digest + to be used to validate a user's login to the daemon. Added SHA512, SHA256, + and SHA1 digests to MD5 & MD4. These new digests are at the highest priority + in the new daemon-auth negotiation list. + - Added support for the SHA1 digest in file checksums. While this tends to be + overkill, it is available if someone really needs it. This overly-long + checksum is at the lowest priority in the normal checksum negotiation list. + See [`--checksum-choice`](rsync.1#opt) (`--cc`) and the `RSYNC_CHECKSUM_LIST` + environment var for how to customize this. + - Improved the xattr hash table to use a 64-bit key without slowing down the + key's computation. This should make extra sure that a hash collision doesn't + happen. + - If the `--version` option is repeated (e.g. `-VV`) then the information is + output in a (still readable) JSON format. Client side only. + - The script `support/json-rsync-version` is available to get the JSON style + version output from any rsync. The script accepts either text on stdin + **or** an arg that specifies an rsync executable to run with a doubled + `--version` option. If the text we get isn't already in JSON format, it is + converted. Newer rsync versions will provide more complete json info than + older rsync versions. Various tweaks are made to keep the flag names + consistent across versions. + - The [`use chroot`](rsyncd.conf.5#) daemon parameter now defaults to "unset" + so that rsync can use chroot when it works and a sanitized copy when chroot + is not supported (e.g., for a non-root daemon). Explicitly setting the + parameter to true or false (on or off) behaves the same way as before. + - The `--fuzzy` option was optimized a bit to try to cut down on the amount of + computations when considering a big pool of files. The simple heuristic from + Kenneth Finnegan resuled in about a 2x speedup. + - If rsync is forced to use protocol 29 or before (perhaps due to talking to an + rsync before 3.0.0), the modify time of a file is limited to 4-bytes. Rsync + now interprets this value as an unsigned integer so that a current year past + 2038 can continue to be represented. This does mean that years prior to 1970 + cannot be represented in an older protocol, but this trade-off seems like the + right choice given that (1) 2038 is very rapidly approaching, and (2) newer + protocols support a much wider range of old and new dates. + - The rsync client now treats an empty destination arg as an error, just like + it does for an empty source arg. This doesn't affect a `host:` arg (which is + treated the same as `host:.`) since the arg is not completely empty. The use + of [`--old-args`](rsync.1#opt) (including via `RSYNC_OLD_ARGS`) allows the + prior behavior of treating an empty destination arg as a ".". + * PACKAGING RELATED: + - The checksum code now uses openssl's EVP methods, which gets rid of various + deprecation warnings and makes it easy to support more digest methods. On + newer systems, the MD4 digest is marked as legacy in the openssl code, which + makes openssl refuse to support it via EVP. You can choose to ignore this + and allow rsync's MD4 code to be used for older rsync connections (when + talking to an rsync prior to 3.0.0) or you can choose to configure rsync to + tell openssl to enable legacy algorithms (see below). + - A simple openssl config file is supplied that can be installed for rsync to + use. If you install packaging/openssl-rsync.cnf to a public spot (such as + `/etc/ssl/openssl-rsync.cnf`) and then run configure with the option + `--with-openssl-conf=/path/name.cnf`, this will cause rsync to export the + configured path in the OPENSSL_CONF environment variable (when the variable + is not already set). This will enable openssl's MD4 code for rsync to use. + - The packager may wish to include an explicit "use chroot = true" in the top + section of their supplied /etc/rsyncd.conf file if the daemon is being + installed to run as the root user (though rsync should behave the same even + with the value unset, a little extra paranoia doesn't hurt). + - I've noticed that some packagers haven't installed support/nameconvert for + users to use in their chrooted rsync configs. Even if it is not installed + as an executable script (to avoid a python3 dependency) it would be good to + install it with the other rsync-related support scripts. + - It would be good to add support/json-rsync-version to the list of installed + support scripts. + +------------------------------------------------------------------- +Wed Sep 14 09:23:51 UTC 2022 - David Anes + +- Use bundled SLP patch now that upstream fixed it: + * Remove rsync-3.2.5-slp.patch + +------------------------------------------------------------------- +Mon Sep 12 13:17:11 UTC 2022 - Dirk Müller + +- update to 3.2.6: + * More path-cleaning improvements in the file-list validation code to avoid + rejecting of valid args. + * A file-list validation fix for a --files-from file that ends without a + line-terminating character. + * Added a safety check that prevents the sender from removing destination + files when a local copy using --remove-source-files has some files that are + shared between the sending & receiving hierarchies, including the case + where the source dir & destination dir are identical. + * Fixed a bug in the internal MD4 checksum code that could cause the digest + to be sporadically incorrect (the openssl version was/is fine). + * A minor tweak to rrsync added "copy-devices" to the list of known args, but + left it disabled by default. + +------------------------------------------------------------------- +Fri Sep 9 08:32:28 UTC 2022 - Bernhard Wiedemann + +- Build SLE version with g++-11 + to work around nondeterministic g++-7 (boo#1193895) + +------------------------------------------------------------------- +Thu Sep 1 13:11:01 UTC 2022 - Stefan Schubert + +- Migration to /usr/etc: Saving user changed configuration files + in /etc and restoring them while an RPM update. + +------------------------------------------------------------------- +Tue Aug 16 08:19:20 UTC 2022 - David Anes + +- Add upstream patch rsync-3.2.5-slp.patch, as the one included in + the released tarball doesn't fully apply. + +- Drop patch rsync-CVE-2022-29154.patch, already included upstream. + +- Update to 3.2.5 + * SECURITY FIXES: + - Added some file-list safety checking that helps to ensure that a rogue + sending rsync can't add unrequested top-level names and/or include recursive + names that should have been excluded by the sender. These extra safety + checks only require the receiver rsync to be updated. When dealing with an + untrusted sending host, it is safest to copy into a dedicated destination + directory for the remote content (i.e. don't copy into a destination + directory that contains files that aren't from the remote host unless you + trust the remote host). Fixes CVE-2022-29154. + - A fix for CVE-2022-37434 in the bundled zlib (buffer overflow issue). + * BUG FIXES: + - Fixed the handling of filenames specified with backslash-quoted wildcards + when the default remote-arg-escaping is enabled. + - Fixed the configure check for signed char that was causing a host that + defaults to unsigned characters to generate bogus rolling checksums. This + made rsync send mostly literal data for a copy instead of finding matching + data in the receiver's basis file (for a file that contains high-bit + characters). + - Lots of manpage improvements, including an attempt to better describe how + include/exclude filters work. + - If rsync is compiled with an xxhash 0.8 library and then moved to a system + with a dynamically linked xxhash 0.7 library, we now detect this and disable + the XX3 hashes (since these routines didn't stabilize until 0.8). + * ENHANCEMENTS: + - The [`--trust-sender`](rsync.1#opt) option was added as a way to bypass the + extra file-list safety checking (should that be required). + * PACKAGING RELATED: + - A note to those wanting to patch older rsync versions: the changes in this + release requires the quoted argument change from 3.2.4. Then, you'll want + every single code change from 3.2.5 since there is no fluff in this release. + - The build date that goes into the manpages is now based on the developer's + release date, not on the build's local-timezone interpretation of the date. + * DEVELOPER RELATED: + - Configure now defaults GETGROUPS_T to gid_t when cross compiling. + - Configure now looks for the bsd/string.h include file in order to fix the + build on a host that has strlcpy() in the main libc but not defined in the + main string.h file. + +------------------------------------------------------------------- +Mon Aug 1 12:27:43 UTC 2022 - David Anes + +- Security fix: [bsc#1201840, CVE-2022-29154] + * arbitrary file write vulnerability via do_server_recv function + * Added patch rsync-CVE-2022-29154.patch + +------------------------------------------------------------------- +Tue Jun 21 10:34:12 UTC 2022 - Stefan Schubert + +- Removed %config flag for files in /usr directory. + +------------------------------------------------------------------- +Mon Jun 20 13:25:06 UTC 2022 - Stefan Schubert + +- Moved logrotate files from user specific directory /etc/logrotate.d + to vendor specific directory /usr/etc/logrotate.d. + +------------------------------------------------------------------- +Tue Apr 19 06:38:55 UTC 2022 - David Anes + +- Update to 3.2.4 + * A new form of arg protection was added that works similarly to + the older `--protect-args` (`-s`) option but in a way that + avoids breaking things like rrsync. + * A long-standing bug was preventing rsync from figuring out the + current locale's decimal point character, which made rsync + always output numbers using the "C" locale. + * Too many changes to list, see included NEWS.md file. +- Drop rsync-CVE-2020-14387.patch, already included upstream. + +------------------------------------------------------------------- +Tue Nov 16 08:59:11 UTC 2021 - Johannes Segitz + +- Added hardening to systemd service(s) (bsc#1181400). Modified: + * rsyncd.service + +------------------------------------------------------------------- +Fri Sep 4 10:25:17 UTC 2020 - Pedro Monreal + +- Security fix: [bsc#1176160, CVE-2020-14387] + * rsync-ssl: Verify the hostname in the certificate when using openssl. +- Add rsync-CVE-2020-14387.patch + +------------------------------------------------------------------- +Fri Aug 7 06:47:00 UTC 2020 - Ismail Dönmez + +- Updated to version 3.2.3 + * Fixes a memory usage regression introduced in 3.2.2 + * Too many changes to list, see included NEWS.md file. +- acls.diff, time-limit.diff and xattrs.diff are now upstream. +- Drop rsync-add_back_use_slp_directive.patch, included in upstream + slp.diff + +------------------------------------------------------------------- +Wed Aug 5 05:23:42 UTC 2020 - Ismail Dönmez + +- Add BR on c++_compiler needed for SIMD support +- Add --enable-simd configure option on x86_64 + +------------------------------------------------------------------- +Wed Aug 5 05:10:51 UTC 2020 - Ismail Dönmez + +- Change BR on xxhash-devel to pkgconfig(libxxhash) and depend + on xxhash >= 0.8.0 since this is needed for XXH3 +- Use xxhash only on suse_version >= 1550 since xxhash 0.8.0 is not + available elsewhere. + +------------------------------------------------------------------- +Tue Jul 7 08:59:17 UTC 2020 - Ismail Dönmez + +- Updated to version 3.2.2 + * Too many changes to list, see included NEWS.md file. +- Add BR on pkgconfig(openssl), rsync now uses openssl for MD4/MD5 +- Add BR on libzstd-devel and liblz4-devel to enable lz4 and zstd + compression support. +- Add BR on xxhash-devel to enable xxhash checksum support. +- Refresh rsync-add_back_use_slp_directive.patch +- Drop rsync-both-compressions.patch, rsync-send_error_to_sender.patch, + rsync-avoid-uploading-after-error.patch, + rsync-fix-prealloc-to-keep-file-size-0-when-possible.patch: + Fixed upstream. + +------------------------------------------------------------------- +Thu Jul 11 06:04:07 UTC 2019 - Antoine Belvire + +- Remove SuSEfirewall2 service since SuSEfirewall2 has been + replaced by firewalld (which already provides a rsyncd service). + +------------------------------------------------------------------- +Mon Apr 15 16:49:02 UTC 2019 - Pedro Monreal Gonzalez + +- Fixed bug numbers in spec file + +------------------------------------------------------------------- +Sat Apr 13 09:49:56 UTC 2019 - Matwey V. Kornilov + +- Add patch: rsync-fix-prealloc-to-keep-file-size-0-when-possible.patch (boo#1108562) + +------------------------------------------------------------------- +Wed Jul 11 15:02:34 CEST 2018 - kukuk@suse.de + +- Don't require systemd explicit, spec file can handle both cases + correct and in containers we don't have systemd [bsc#1100786]. + +------------------------------------------------------------------- +Tue Apr 3 15:01:42 CEST 2018 - kukuk@suse.de + +- Use %license instead of %doc [bsc#1082318] + +------------------------------------------------------------------- +Mon Jan 29 11:03:42 UTC 2018 - pmonrealgonzalez@suse.com + +- Update to version 3.1.3 [bsc#1076503]: + Protocol: 31 (unchanged) + +- SECURITY FIXES: + * Fixed a buffer overrun in the protocol's handling of xattr names and + ensure that the received name is null terminated. + * Fix an issue with --protect-args where the user could specify the arg + in the protected-arg list and short-circuit some of the arg-sanitizing + code. + +- BUG FIXES: + * Don't output about a new backup dir without appropriate info verbosity. + * Fixed some issues with the sort functions in support/rsyncstats script. + * Added a way to specify daemon config lists (e.g. users, groups, etc) + * that contain spaces (see "auth users" in the latest rsyncd.conf manpage). + * If a backup fails (e.g. full disk) rsync exits with an error. + * Fixed a problem with a doubled --fuzzy option combined with --link-dest. + * Avoid invalid output in the summary if either the start or end time had + an error. + * We don't allow a popt alias to affect the --daemon or --server options. + * Fix daemon exclude code to disallow attribute changes in addition to + disallowing transfers. + * Don't force nanoseconds to match if a non-transferred, non-checksummed + file only passed the quick-check w/o comparing nanosecods. + +- ENHANCEMENTS: + * Added the ability for rsync to compare nanosecond times in its + file-check + comparisons, and added support nanosecond times on Mac OS X. + * Added a short-option (-@) for --modify-window. + * Added the --checksum-choice=NAME[,NAME] option to choose the checksum + algorithms. + * Added hashing of xattr names (with using -X) to improve the handling of + files with large numbers of xattrs. + * Added a way to filter xattr names using include/exclude/filter rules + (see the --xattrs option in the manpage for details). + * Added "daemon chroot|uid|gid" to the daemon config (in addition to the + old chroot|uid|gid settings that affect the daemon's transfer process). + * Added "syslog tag" to the daemon configuration. + * Some manpage improvements. + +- DEVELOPER RELATED: + * Tweak the "make" output when yodl isn't around to create the man pages. + * Changed an obsolete autoconf compile macro. + * Support newer yodl versions when converting man pages. + +- Dropped patches fixed upstream: + * rsync-CVE-2017-16548.patch + * rsync-3.1.2-CVE-2018-5764.patch + +- Refreshed patches: + * rsync-send_error_to_sender.patch + +------------------------------------------------------------------- +Thu Jan 18 12:13:48 UTC 2018 - pmonrealgonzalez@suse.com + +- Security fix: Ignore --protect-args when already sent by client + [bsc#1076503, CVE-2018-5764] + * Added patch rsync-3.1.2-CVE-2018-5764.patch + +------------------------------------------------------------------- +Tue Jan 9 17:07:12 UTC 2018 - pmonrealgonzalez@suse.com + +- Fix: Stop file upload after errors [bsc#1062063] +- Added patches: + * rsync-send_error_to_sender.patch + * rsync-avoid-uploading-after-error.patch + +------------------------------------------------------------------- +Tue Nov 28 16:18:45 UTC 2017 - pmonrealgonzalez@suse.com + +- Security fix [bsc#1066644, CVE-2017-16548] + * Missing trailing '\0' character check could lead to remote DoS + * Added rsync-CVE-2017-16548.patch + +------------------------------------------------------------------- +Tue Jul 25 11:55:53 UTC 2017 - tchvatal@suse.com + +- Try more in supporting all scenarios bsc#1046197#c24 + * rsync-both-compressions.patch + +------------------------------------------------------------------- +Mon Jul 24 11:10:14 UTC 2017 - tchvatal@suse.com + +- Execute tests to ensure the basics are still working + +------------------------------------------------------------------- +Mon Jul 24 10:45:16 UTC 2017 - tchvatal@suse.com + +- Refresh patch rsync-both-compressions.patch to include + fix when using old-compress on new zlib on server too + +------------------------------------------------------------------- +Thu Jul 13 09:00:59 UTC 2017 - tchvatal@suse.com + +- Add patch to build with both bundled and external zlib to support + both compression methods at once bsc#1046197: + * rsync-both-compressions.patch + +------------------------------------------------------------------- +Wed Jun 14 12:21:21 UTC 2017 - tchvatal@suse.com + +- We no longer need to inject the pid in post as we do not use + the iniscript relying on it +- Add socket activation service instead of the xinetd service +- Verify in services the configuration to run actually exist +- Drop sle11 support as it does not autoreconf anymore +- Drop patch system-zlib.diff that was never applied +- Switch to system popt and zlib: + * This should not cause issues now because upstream states the + underlying issue why we used the bundled one was fixed by + using more safeguarded error detection + +------------------------------------------------------------------- +Wed Jan 6 10:26:26 UTC 2016 - hsk@imb-jena.de + +- update to 3.1.2 +- drop patches rsync-CVE-2014-9512.patch, + rsync-equivalent_of_CVE-2014-8242.patch (applied upstream) + +------------------------------------------------------------------- +Wed Oct 7 12:26:26 UTC 2015 - vcizek@suse.com + +- better disable slp by default, it doesn't seem to be used much + and it often caused problems (eg boo#898513, bsc#922710) + * set "use slp" in rsyncd.conf to enable + * modified rsync-add_back_use_slp_directive.patch + +------------------------------------------------------------------- +Tue Oct 6 11:16:55 UTC 2015 - vcizek@suse.com + +- add a compatibility flag to avoid checksum collisions (bsc#900914) + * fixes rsync equivalent of librsync's CVE-2014-8242 + * added rsync-equivalent_of_CVE-2014-8242.patch +- modify rsync-add_back_use_slp_directive.patch + +------------------------------------------------------------------- +Tue Aug 11 09:40:36 UTC 2015 - vcizek@suse.com + +- reintroduce "use slp" directive (bsc#922710) + * added rsync-add_back_use_slp_directive.patch + +------------------------------------------------------------------- +Wed Feb 25 02:23:49 UTC 2015 - crrodriguez@opensuse.org + +- rsync-no-libattr.patch: Use AC_SEARCH_LIBS([getxattr], [attr]) + instead of AC_CHECK_LIB(attr,getxattr) so libattr is + not injected as a dependency when glibc is enough since + several years to use getxattr. + +------------------------------------------------------------------- +Mon Feb 2 18:42:25 UTC 2015 - vcizek@suse.com + +- fix for CVE-2014-9512 (bnc#915410) + * path spoofing attack vulnerability + * added rsync-CVE-2014-9512.patch + +------------------------------------------------------------------- +Fri Nov 14 09:19:05 UTC 2014 - dimstar@opensuse.org + +- No longer perform gpg validation; osc source_validator does it + implicit: + + Drop gpg-offline BuildRequires. + + No longer execute gpg_verify. + +------------------------------------------------------------------- +Sun Oct 19 13:38:21 UTC 2014 - p.drouand@gmail.com + +- Do not depend on insserv if the system supports systemd; it's + useless + +------------------------------------------------------------------- +Thu Jul 10 15:28:03 UTC 2014 - kruber@zib.de + +- update to 3.1.1 +- drop rsync-CVE-2014-2855.patch (applied upstream) +- drop 0001-use-lp_num_modules-instead-of-the-removed-lp_numserv.patch + (applied upstream) + +------------------------------------------------------------------- +Fri Jun 20 21:11:04 UTC 2014 - crrodriguez@opensuse.org + +- Remove sysvinit support on distros that have systemd +- Remove libattr-devel from buildRequires, application does + not link to libattr but it picks the glibc implementation + instead. + +------------------------------------------------------------------- +Tue Apr 15 14:57:34 UTC 2014 - vcizek@suse.com + +- fix for CVE-2014-2855 (bnc#873740) + * a denial of service via CPU consumption + * added rsync-CVE-2014-2855.patch + +------------------------------------------------------------------- +Fri Oct 25 12:25:26 UTC 2013 - vcizek@suse.com + +- update to 3.1.0 + * fixes bnc#845185 +- don't apply drop-cache.patch (removed from upstream) +- add 0001-use-lp_num_modules-instead-of-the-removed-lp_numserv.patch +- add gpg-offline tarball checking + +------------------------------------------------------------------- +Mon Aug 5 12:06:32 UTC 2013 - vcizek@suse.com + +- add time-limit.patch from co-distributed rsync-patches as we do + on SLE (fate#312479) + +------------------------------------------------------------------- +Sun Jun 16 23:59:28 UTC 2013 - jengelh@inai.de + +- Explicitly list libattr-devel as BuildRequires +- More robust make install call. Remove redundant %clean section. + +------------------------------------------------------------------- +Fri Apr 5 12:33:30 UTC 2013 - idonmez@suse.com + +- Add Source URL, see https://en.opensuse.org/SourceUrls + +------------------------------------------------------------------- +Thu Jul 26 20:46:02 UTC 2012 - crrodriguez@opensuse.org + +- All daemons that create temporary files must have + PrivateTmp=true set in systemd unit if possible. + +------------------------------------------------------------------- +Sun Feb 5 23:25:26 UTC 2012 - crrodriguez@opensuse.org + +- Build with PIE and full RELRO + +------------------------------------------------------------------- +Wed Dec 21 10:42:30 UTC 2011 - coolo@suse.com + +- add autoconf as buildrequire to avoid implicit dependency + +------------------------------------------------------------------- +Fri Nov 25 01:38:07 UTC 2011 - crrodriguez@opensuse.org + +- Add systemd unit +- Do not BuildRequire textlive + +------------------------------------------------------------------- +Wed Oct 12 03:40:40 UTC 2011 - crrodriguez@opensuse.org + +- Update to version 3.0.9 + * Apply drop-cache patch from rsync-patches tarball, adds option + --drop-cache so rsync is drop the memory cache of files when + finished (aka. stop trashing the system) + * Fix a crash bug in checksum scanning when --inplace is used. + * Fix a memory leak in the xattr code. + * See NEWS for more detail + +------------------------------------------------------------------- +Thu May 12 13:08:59 UTC 2011 - chris@computersalat.de + +- fix build for SLE (spec-cleaner changes) + o makeinstall, _initddir + +------------------------------------------------------------------- +Thu May 5 14:43:40 UTC 2011 - puzel@novell.com + +- updated summary (bnc#691944) and description + +------------------------------------------------------------------- +Tue Mar 29 13:53:04 UTC 2011 - puzel@novell.com + +- update to rsync-3.0.8 + - Notable changes: + - Fixed two buffer-overflow issues. + - Fixed a data-corruption issue when preserving hard-links + without preserving file ownership, and doing deletions either + before or during the transfer (CVE-2011-1097). + - Fixed a potential crash when an rsync daemon has a + filter/exclude list and the transfer is using ACLs or xattrs. + - Fixed a hang if a really large file is being processed by an + rsync that can't handle 64-bit numbers. + - For devices and special files, we now avoid gathering useless + ACL and/or xattr information for files that aren't being + copied. + - Properly handle requesting remote filenames that start with a + dash. + - Fixed a bug in the comparing of upper-case letters in file + suffixes for --skip-compress. + - If an rsync daemon has a module configured without a path + setting, rsync will now disallow access to that module. + - Some improvements to the hard-linking code to ensure that + device-number hashing is working right, and to supply more + information if the hard-link code fails. + - Fixed a bug that prevented --numeric-ids from disabling the + translation of user/group IDs for ACLs. + - The --link-dest checking for identical symlinks now avoids + considering attribute differences that cannot be changed on the + receiver. + - Fixed a bug with --fake-super when copying files and dirs that + aren't user writable. + - Fixed a bug where a sparse file could have its last sparse + block turned into a real block when rsync sets the file size + (requires ftruncate). + - Fixed the working of --force when used with --one-file-system. + - Various manpage improvements. +- run spec-cleaner + +------------------------------------------------------------------- +Sun Sep 19 10:55:59 UTC 2010 - jengelh@medozas.de + +- rsyncd.rc changes: +* Do not use killproc -TERM, but just killproc, so that killproc + waits until the service is actually shut down, before attempting + to restart it (when "restart" is used). Fixes bnc#546977. +* Change the "reload" action to return "missing" because rsyncd + does not handle SIGHUP +* Adjust "force-reload" accordingly + +------------------------------------------------------------------- +Mon Jan 4 14:21:21 UTC 2010 - puzel@novell.com + +- update to rsync-3.0.7 + - Fixed a bogus free when using --xattrs with --backup. + - Avoid an error when --dry-run was trying to stat a prior hard-link + file that hasn't really been created. + - Fixed a problem with --compress (-z) where the receiving side could + return the error "inflate (token) returned -5". + - Fixed a bug where --delete-during could delete in a directory before + it noticed that the sending side sent an I/O error for that + directory (both sides of the transfer must be at least 3.0.7). + - Improved --skip-compress's error handling of bad character-sets and + got rid of a lingering debug fprintf(). + - Fixed the daemon's conveyance of io_error value from the sender. + - An rsync daemon use seteuid() (when available) if it used setuid(). + - Get the permissions right on a --fake-super transferred directory + that needs more owner permissions to emulate root behavior. + - An absolute-path filter rule (i.e. with a '/' modifier) no longer + loses its modifier when sending the filter rules to the remote + rsync. + - Improved the "--delete does not work without -r or -d" message. + - Improved rsync's handling of --timeout to avoid a weird timeout case + where the sender could timeout even though it has recently written + data to the socket (but hasn't read data recently, due to the + writing). + - Some misc manpage improvements. + - Fixed the chmod-temp-dir testsuite on a system without /var/tmp. + - Make sure that a timeout specified in the daemon's config is used as + a maximum timeout value when the user also specifies a timeout. + - Improved the error-exit reporting when rsync gets an error trying to + cleanup after an error: the initial error is reported. + - The AIX sysacls routines will now return ENOSYS if ENOTSUP is + missing. + - Made our (only used if missing) getaddrinfo() routine use + inet_pton() (which we also provide) instead of inet_aton(). + - The exit-related debug messages now mention the program's role so it + is clear who output what message. + +------------------------------------------------------------------- +Fri Aug 21 11:09:20 UTC 2009 - chris@computersalat.de + +- spec mods + o sorted TAGS + o added missing clean section +- rpmlint + o non-conffile-in-etc /etc/sysconfig/SuSEfirewall2.d/services/rsync-server + +------------------------------------------------------------------- +Wed Aug 5 11:24:00 CEST 2009 - puzel@novell.com + +- bump version to 3.0.6 +- drop rsync-allow-slp-disable.patch (merged upstream) + +------------------------------------------------------------------- +Tue May 5 15:29:12 CEST 2009 - puzel@suse.cz + +- add rsync-allow-slp-disable.patch (FATE#306331) + +------------------------------------------------------------------- +Thu Apr 16 12:16:41 CEST 2009 - puzel@suse.cz + +- update to 3.0.6pre1 (bugfix release) +- noteworthy changes: + - Fixed a --read-batch hang when rsync is reading a batch file that was + created from an incremental-recursion transfer + - Fixed the daemon's socket code to handle the simultaneous arrival of + multiple connections. + - Fix --safe-links/--copy-unsafe-links to properly handle symlinks that + have consecutive slashes in the value. + - Fixed the parsing of an [IPv6_LITERAL_ADDR] when a USER@ is prefixed. + - The sender now skips a (bogus) symlink that has a 0-length value, which + avoids a transfer error in the receiver. + - Fixed a case where the sender could die with a tag-0 error if there was + an I/O during the sending of the file list. + - Fixed the rrsync script to avoid a server-side problem when -e is at the + start of the short options. + - Fixed a problem where a vanished directory could turn into an exit code + 23 instead of the proper exit code 24. + - Fixed the --iconv conversion of symlinks when doing a local copy. + receiving side when a mount-point directory did not match a directory in + the transfer. + - Fixed the dropping of an ACL mask when no named ACL values were present. + - Fixed an ACL/xattr corruption issue where the --backup option could cause + rsync to associate the wrong ACL/xattr information with received files. + - Fixed the use of --xattrs with --only-write-batch. + - Fixed the use of --dry-run with --read-batch. + - Fixed a run-time issue for systems that can't find iconv_open() by adding + the --disable-iconv-open configure option. + - Complain and die if the user tries to combine --remove-source-files (or + the deprecated --remove-sent-files) with --read-batch. + +------------------------------------------------------------------- +Tue Mar 24 11:16:57 CET 2009 - puzel@suse.cz + +- add rsync-3.0.5-doc-fix.patch (bnc#487591) + +------------------------------------------------------------------- +Thu Feb 19 14:34:05 CET 2009 - puzel@suse.cz + +- update to 3.0.5 + - initialize xattr data in a couple spots in the hlink code, which avoids a + crash when the xattr pointer's memory happens to start out non-zero + - don't send a bogus "-" option to an older server if there were no short + options specified - fixes (bnc#476379) + - fixed skipping of unneeded updates in a batch file when incremental + recursion is active + - fix the %P logfile escape when the daemon logs from inside a chroot. + - fixed the use of -s (--protect-args) when used with a remote source or + destination that had an empty path (e.g. "host:") + - fixed the use of a dot-dir path (e.g. foo/./bar) inside a --files-from + file when the root of the transfer isn't the current directory + - fixed a bug with "-K --delete" removing symlinks to directories when + incremental recursion is active + - fixed a hard to trigger hang when using --remove-source-files + - got rid of an annoying delay when accessing a daemon via a remote-shell + - properly ignore (superfluous) source args on a --read-batch command + - improved the manpage's description of the '*' wildcard to remove the + confusing "non-empty" qualifier + - fixed reverse lookups in the compatibility-library version of + getnameinfo() + - fixed a bug when using --sparse on a sparse file that has over 2GB of + consecutive sparse data + - avoid a hang when using at least 3 --verbose options on a transfer with a + client sender (which includes local copying) + - fixed a problem with --delete-delay reporting an error when it was ready + to remove a directory that was now gone + - got rid of a bunch of "warn_unused_result" compiler warnings + - if an ftruncate() on a received file fails, it now causes a partial- + transfer warning +- add SuSEfirewall2 rule (bnc#251657) + +------------------------------------------------------------------- +Wed Oct 8 17:48:39 CEST 2008 - puzel@suse.cz + +- fix build: do not run tests as they fail in chrooted environment + +------------------------------------------------------------------- +Mon Sep 22 13:24:57 CEST 2008 - puzel@suse.cz + +- update to 3.0.4 + - update to stable release +- removed rsync-3.0.4pre2-xattrs-test-fix.patch + - fixed in upstream + +------------------------------------------------------------------- +Thu Sep 4 12:29:19 CEST 2008 - puzel@suse.cz + +- update to 3.0.4pre2 + - Fixed the handling of a --partial-dir that cannot be created. + - Fixed a couple issues in the --fake-super handling of xattrs when the + destination files have root-level attributes (e.g. selinux values) that + a non-root copy can't affect. + - The --iconv option now converts the content of a symlink too, instead + of leaving it in the wrong character-set. + - Fixed a bug where --delete-during could delete in a directory before it + noticed that the sending side sent an I/O error for that directory. + - Fixed a crash bug in the hard-link code. + - Fixed the sending of xattr directory information when the code finds a + --link-dest or --copy-dest directory with unchanged xattrs + - Fixed deletion handling when copying a single, empty directory (with no + files) to a differently named, non-existent directory. + - too many other changes and fixes - please, see NEWS and NEWS-rsync-3.0.3 + files +- specfile fixes : + - use %configure and %makeinstall macros + - use %_bindir and %sbindir macros +- removed lutimes-hack.diff (not needed anymore) +- removed rsync-patches-3.0.2.dif (fixed in upstream) + +------------------------------------------------------------------- +Tue Aug 12 10:10:06 CEST 2008 - puzel@suse.cz + +- rsyncd.rc: use Should-Start instead of X-UnitedLinux-Should-Start +- specfile fixes: + * added Should-Stop + * 'make test' moved to %check + * recommend logrotate + +------------------------------------------------------------------- +Mon Apr 14 11:43:03 CEST 2008 - ro@suse.de + +- update to version 3.0.2 + - Fixed a potential buffer overflow in the xattr code. +- update to version 3.0.1 + - Added the 'c'-flag to the itemizing of non-regular files so that the + itemized output doesn't get hidden if there were no attribute changes, + and also so that the itemizing of a --copy-links run will distinguish + between copying an identical non-regular file and the creation of a + revised version with a new value (e.g. a changed symlink referent, a + new device number, etc.). + - quite a lot of other bugfixes, please see OLDNEWS file + +------------------------------------------------------------------- +Tue Mar 11 01:23:13 CET 2008 - ro@suse.de + +- update to version 3.0.0 (shortened, more details see NEWS file) + - The handling of implied directories when using --relative has changed to + send them as directories (e.g. no implied dir is ever sent as a symlink). + - Requesting a remote file-listing without specifying -r (--recursive) now + sends the -d (--dirs) option to the remote rsync rather than sending -r + along with an extra exclude of /*/*. + - In --dry-run mode, the last line of the verbose summary text is output + with a "(DRY RUN)" suffix to help remind you that no updates were made. + Similarly, --only-write-batch outputs "(BATCH ONLY)". + - A writable rsync daemon with "use chroot" disabled now defaults to a + symlink-munging behavior designed to make symlinks safer while also + allowing absolute symlinks to be stored and retrieved. + - Starting up an extra copy of an rsync daemon will not clobber the pidfile + for the running daemon -- if the pidfile exists, the new daemon will exit + with an error. + +- re-applied patches from upstream kit: + - acls.diff,xattrs.diff,slp.diff +- removed patches: + - rsync-overlong.patch (upstream code cleaned up) + - lutimes-hack.diff (should not be needed any more) + - rsync-fix_fuzzy.patch (fixed upstream) + - rsync-hlink_crash.patch (upstream cleaned up) + - munge-symlinks-2.6.9.diff (integrated upstream) + +------------------------------------------------------------------- +Tue Dec 4 18:07:36 CET 2007 - ro@suse.de + +- added munge-symlinks patch (#345507) CVE-2007-6199 + +------------------------------------------------------------------- +Thu Nov 8 16:45:30 CET 2007 - ro@suse.de + +- fix uninitialized struct sx in hlink.c:hard_link_cluster + to prevent crash when using acls (#338358) + +------------------------------------------------------------------- +Fri Sep 14 15:03:17 CEST 2007 - ro@suse.de + +- fix (#300526) restart will start standalone rsync if running + under xinetd + - use a pid file for rsyncd in init script so that rcrsyncd + will not show status running for an rsync started by xinetd + - insert "pid file" entry into rsyncd.conf if not present + +------------------------------------------------------------------- +Wed Sep 12 15:51:20 CEST 2007 - dmueller@suse.de + +- build parallel +- fix hardlinks accross partition + +------------------------------------------------------------------- +Mon Sep 10 17:30:57 CEST 2007 - ro@suse.de + +- fix abort in rsync when acls and fuzzy are used together + (#306263) + +------------------------------------------------------------------- +Fri Aug 17 15:03:44 CEST 2007 - cthiel@suse.de + +- added lutimes-hack.diff to work around a glibc bug in lutimes.c + +------------------------------------------------------------------- +Thu Aug 2 13:52:28 CEST 2007 - ro@suse.de + +- protect from overlong filenames (#294073) CVE-2007-4091 + +------------------------------------------------------------------- +Mon May 14 12:50:38 CEST 2007 - mrueckert@suse.de + +- make build work on older distros again. + +------------------------------------------------------------------- +Tue May 8 16:23:34 CEST 2007 - dmueller@suse.de + +- use builtin zlib copy again + +------------------------------------------------------------------- +Mon May 7 23:34:40 CEST 2007 - dmueller@suse.de + +- update to 2.6.9: + * several important bugfixes + * new features, see included NEWS file +- build against system zlib instead of own zlib copy +- build against system popt instead of own popt copy + +------------------------------------------------------------------- +Wed Apr 18 22:25:38 CEST 2007 - aj@suse.de + +- Use texlive for building. + +------------------------------------------------------------------- +Tue Sep 12 15:42:00 CEST 2006 - ro@suse.de + +- apply fix for xattr.diff from rsync mailing list + +------------------------------------------------------------------- +Tue Aug 22 14:41:11 CEST 2006 - ro@suse.de + +- apply patches/xattr.diff as well (fate#300565) + +------------------------------------------------------------------- +Thu Aug 10 13:38:33 CEST 2006 - dmueller@suse.de + +- fix rc script error code when there's an error in the config + file (#198406) + +------------------------------------------------------------------- +Wed Jun 21 11:56:38 CEST 2006 - ro@suse.de + +- added tag-3 patch from cvs (will be in 2.6.9) + to avoid aborts with "unexpected tag 3" + +------------------------------------------------------------------- +Mon Jun 12 01:55:55 CEST 2006 - ro@suse.de + +- update to version 2.6.8 + - use slp patch as included upstream + - several bugfixes + - errors now include version number + - special files as pipes now printed as "S", no longer "D" + - escaping of unreadable chars has changed + - new --append, --min-size and --prune-empty-dirs options + +------------------------------------------------------------------- +Tue Apr 18 15:17:19 CEST 2006 - ro@suse.de + +- ignore testsuite failure on s390x (filesystem mtimes) + +------------------------------------------------------------------- +Wed Jan 25 21:41:13 CET 2006 - mls@suse.de + +- converted neededforbuild to BuildRequires + +------------------------------------------------------------------- +Thu Jan 19 00:04:48 CET 2006 - schwab@suse.de + +- Don't strip binaries. + +------------------------------------------------------------------- +Fri Oct 14 12:19:33 CEST 2005 - ro@suse.de + +- fix problem in configure to re-enable ACLs (#128323) + +------------------------------------------------------------------- +Tue Aug 2 12:25:35 CEST 2005 - ro@suse.de + +- added acl-fix.patch from wayne to make testsuite pass with acls + +------------------------------------------------------------------- +Fri Jul 29 02:09:54 CEST 2005 - ro@suse.de + +- update to 2.6.6 + +------------------------------------------------------------------- +Mon Jun 6 16:49:10 CEST 2005 - ro@suse.de + +- update to 2.6.5 +- use acl patch as shipped in rsync/patches directory + +------------------------------------------------------------------- +Fri Feb 18 12:46:36 CET 2005 - mmj@suse.de + +- Glibc doesn't cache the timezone as much as it used to, so export + the TZ variable after doing chroot. [#49878] + +------------------------------------------------------------------- +Thu Feb 10 02:40:51 CET 2005 - ro@suse.de + +- added libpng to neededforbuild (for tetex) + +------------------------------------------------------------------- +Wed Dec 1 17:26:45 CET 2004 - ro@suse.de + +- re-register before SLP really times out + +------------------------------------------------------------------- +Wed Dec 1 15:27:06 CET 2004 - ro@suse.de + +- re-worked slp.diff + do not use a timer but hook into central select call + +------------------------------------------------------------------- +Thu Nov 11 17:39:50 CET 2004 - ro@suse.de + +- update to 2.6.3 final + +------------------------------------------------------------------- +Mon Aug 16 20:35:57 CEST 2004 - bk@suse.de + +- updated to 2.6.3-pre1, which is currently in release-testing + (and includes a security fix) + +------------------------------------------------------------------- +Fri Jul 23 11:30:12 CEST 2004 - ro@suse.de + +- fixing problems apparently introduced with the update to 2.6.2: +- fix from cvs to not abort trying to create already created + backup directories (#42780) +- fix from cvs to avoid crash on large trees (#42933) + +------------------------------------------------------------------- +Mon May 10 18:38:40 CEST 2004 - ro@suse.de + +- update to 2.6.2 / ported patches +- fixes a problem with non-chroot modules + +------------------------------------------------------------------- +Thu Apr 1 12:13:06 CEST 2004 - mls@suse.de + +- fix hostname calculation in slp registration code + +------------------------------------------------------------------- +Tue Mar 16 12:44:20 CET 2004 - ro@suse.de + +- add -4 and -6 options to manpage (#36144) + +------------------------------------------------------------------- +Tue Jan 13 16:56:54 CET 2004 - ro@suse.de + +- update to version 2.6.0 + +------------------------------------------------------------------- +Thu Dec 4 12:22:05 CET 2003 - ro@suse.de + +- update to real 2.5.7 + +------------------------------------------------------------------- +Thu Dec 4 10:36:27 CET 2003 - okir@suse.de + +- fix heap overflow (#33478) + +------------------------------------------------------------------- +Sun Nov 23 18:46:28 CET 2003 - adrian@suse.de + +- add patch for SLP support, based on Brad Hards demo implementation + +------------------------------------------------------------------- +Thu Nov 6 17:03:34 CET 2003 - schwab@suse.de + +- Fix quoting in configure script. + +------------------------------------------------------------------- +Fri Oct 24 12:13:59 CEST 2003 - ro@suse.de + +- added make test +- added acl patch, build with acl support + +------------------------------------------------------------------- +Fri Oct 17 11:51:23 CEST 2003 - ro@suse.de + +- don't build as root + +------------------------------------------------------------------- +Mon Aug 18 17:57:59 CEST 2003 - ro@suse.de + +- added stop_on_removal and restart_on_update macro calls + +------------------------------------------------------------------- +Tue May 13 00:25:51 CEST 2003 - ro@suse.de + +- use defattr + +------------------------------------------------------------------- +Wed Mar 5 14:57:57 CET 2003 - ro@suse.de + +- add xinetd-config to filelist + +------------------------------------------------------------------- +Tue Jan 28 12:05:30 CET 2003 - ro@suse.de + +- update to 2.5.6 +- can combine ssh and daemon access +- supports URL like syntax rsync:// +- IPv6 support in hosts.allow/deny +- recursive hang fixed upstream + +------------------------------------------------------------------- +Fri Jan 24 11:48:54 CET 2003 - ro@suse.de + +- added xinetd-config snippet + +------------------------------------------------------------------- +Wed Jan 15 12:51:34 CET 2003 - ro@suse.de + +- added logrotate config + +------------------------------------------------------------------- +Tue Oct 8 14:01:34 CEST 2002 - ro@suse.de + +- fix recursive hangup in server process on broken pipe + +------------------------------------------------------------------- +Wed Aug 14 11:15:11 CEST 2002 - poeml@suse.de + +- fix comment in init script + +------------------------------------------------------------------- +Thu Aug 1 17:33:29 CEST 2002 - ro@suse.de + +- use BuildRoot +- added PreReqs + +------------------------------------------------------------------- +Mon Jul 22 10:03:29 CEST 2002 - kukuk@suse.de + +- Don't source /etc/rc.config in init script [Bug 17123] + +------------------------------------------------------------------- +Mon Jun 17 15:15:52 CEST 2002 - ro@suse.de + +- update to 2.5.5 + setgroups patch removed, has been integrated + zfree patch removed, rsync has current zlib fixes + unsigned patch removed, has been integrated + +------------------------------------------------------------------- +Wed Mar 6 14:46:29 CET 2002 - okir@suse.de + +- applied setgroups security fix + +------------------------------------------------------------------- +Fri Feb 8 11:00:00 CET 2002 - okir@suse.de + +- applied zlib security fix + +------------------------------------------------------------------- +Wed Feb 6 14:21:19 CET 2002 - ro@suse.de + +- make rsyncd a hardlink (#13041) + +------------------------------------------------------------------- +Fri Feb 1 11:55:30 CET 2002 - ro@suse.de + +- added patch for segmentation fault + +------------------------------------------------------------------- +Mon Jan 21 17:09:58 MET 2002 - draht@suse.de + +- corrected diff for log.c + +------------------------------------------------------------------- +Mon Jan 21 00:08:25 CET 2002 - ro@suse.de + +- applied security patch for various signed/unsigned fixes + +------------------------------------------------------------------- +Fri Dec 14 01:33:54 CET 2001 - ro@suse.de + +- removed START_RSYNCD + +------------------------------------------------------------------- +Tue Aug 28 15:01:10 CEST 2001 - ro@suse.de + +- on uninstall, call insserv to cleanup + +------------------------------------------------------------------- +Tue Aug 28 13:02:35 CEST 2001 - ro@suse.de + +- added rc-script and rc-config variable START_RSYNCD + if someone wants to run rsyncd standalone (w/o inetd) (#9496) + +------------------------------------------------------------------- +Mon Sep 25 15:31:45 CEST 2000 - ro@suse.de + +- sorted + +------------------------------------------------------------------- +Wed Sep 13 13:51:34 CEST 2000 - aj@suse.de + +- Work with LFS; fix spec file to not print while building. + +------------------------------------------------------------------- +Mon Sep 11 14:24:35 CEST 2000 - ro@suse.de + +- update to 2.4.6 + +------------------------------------------------------------------- +Fri Aug 18 01:59:08 CEST 2000 - ro@suse.de + +- update to 2.4.4 + +------------------------------------------------------------------- +Thu Jan 20 14:28:39 CET 2000 - aj@suse.de + +- rsync 2.3.2, install man pages -> /usr/share/man. + +------------------------------------------------------------------- +Mon Sep 13 17:23:57 CEST 1999 - bs@suse.de + +- ran old prepare_spec on spec file to switch to new prepare_spec. + +------------------------------------------------------------------- +Fri Aug 13 15:16:27 MEST 1999 - fehr@suse.de + +- update to 2.3.1 +- added rsyncstats shell script + +------------------------------------------------------------------- +Thu Dec 17 16:21:44 MET 1998 - ro@suse.de + +- update to 2.2.1 + +------------------------------------------------------------------- +Sat Nov 28 22:02:28 MET 1998 - bs@suse.de + +- added symlink /usr/sbin/rsyncd (to let it work with tcpd) +- added example configs + +------------------------------------------------------------------- +Tue Nov 24 10:20:14 MET 1998 - ro@suse.de + +- update to 2.2.0 + +------------------------------------------------------------------- +Sat Sep 19 19:29:34 MEST 1998 - ro@suse.de + +- defined _GNU_SOURCE where getopt_long is needed + +------------------------------------------------------------------- +Mon Aug 24 12:17:19 MEST 1998 - ro@suse.de + +- update to 2.1.0 + added manpage for rsyncd.conf + +------------------------------------------------------------------- +Tue May 12 11:29:45 MEST 1998 - ro@suse.de + +- update to 1.7.4 + generate tech_report.ps from tex-src + +------------------------------------------------------------------- +Mon Nov 10 22:38:30 MET 1997 - kfr@suse.de + +- first version for S.u.S.E. (1.6.3) + diff --git a/rsync.keyring b/rsync.keyring new file mode 100644 index 0000000..cc99196 --- /dev/null +++ b/rsync.keyring @@ -0,0 +1,32 @@ +pub 1024D/4B96A8C5 2003-12-19 +uid Wayne Davison +uid Wayne Davison +sub 1024g/29C67D63 2003-12-19 + +-----BEGIN PGP PUBLIC KEY BLOCK----- +Version: GnuPG v2.0.9 (GNU/Linux) + +mQGiBD/ja2cRBACZqtQ/VnuWd2TA/T4nFitXPOF//7uterTWZVMDBrSE3tJdW1lv +90z2g2RJKktJTC3yjs82IH6wWvvFsHDPGXQRuoBr0dPYHBaVhKX85uewigHiE2M1 +1Ub8Vv1c/JDGAh1cNmCAWazghV+emamrWJWq0f0hz5eqq4LCcPwo4riUVwCg9W37 +YAR8Z4NHa6FWjrEKjl2NIMUD/iXJnp6qJFMK9Fs+2dWyL1m/mRb0h+I/cqgpkUvo +gRhL95Jttg2QQtXJWCsB3hA/L/2Iu2bV8iS1aRlZQsAWogA3/m56ROs8cIyN4ouj +1dpPoG7sKGA8BTvXxuSF9l6ngx7208iX+xiQCDeGfBtBFBy70iJxTFGzp2mP3IiP +pwWtBACJ6l8UPwSRmp0Hz/N6H4RkzqGQnvYsMba/uPkRYou/14JsEGCQqjSB99UX +hsPg9wubCEpo3YFTf1p1j3OlbOhiiMkRFwyYaT1fqGjQK0w8hQ1yXHxbXffnz6e3 +gKELz7fNQxS0L/tZkNOT7uyGuwnPsUDCBAzDPMwYVIFRo+MKZLQgV2F5bmUgRGF2 +aXNvbiA8d2F5bmVkQHNhbWJhLm9yZz6IWwQTEQIAGwUCP+NrZwYLCQgHAwIDFQID +AxYCAQIeAQIXgAAKCRBshZ+xS5aoxbKaAJ98/UHW+BAmnsWCvCXYw5xAvjKQuwCg +7rJUYSl3xpb6YmIaBbyyw5QTKiC0LFdheW5lIERhdmlzb24gPHdheW5lZEB1c2Vy +cy5zb3VyY2Vmb3JnZS5uZXQ+iF4EExECAB4FAkFgW4ACGwMGCwkIBwMCAxUCAwMW +AgECHgECF4AACgkQbIWfsUuWqMXxFQCg9Dgb5SnWZroPGl25DL2OYFHdqV4An0N2 +QQj0mVi18JgadtS4xv7yNiDauQENBD/ja3EQBADkZadXo4zP2P9XjCP9jCel2hIp +E/khYifgu8sLYQ3VOaVM6iczw71a+iM3C44CddioGNv0svJ/cEttbtAE5zZIfqm0 +Rd/CYR+kqOkUydss736olRh+4lXLi9dAzDwHoEmlO+i95V6bDdSCAF9+XLhpfUY/ +xtgistlUGTd+wyeQMwADBQP9HXUGOcR18VJsQtFOmXaXv9MSKZYMjCf9R5Z7gcPF +PSIWINyUvMEgnLIrUKJ7pgoA6cLDnYm/lBVP801u5C+D4s79oCnjS21wlOxA2Go0 +hxG6XpT9mwBOWk4uZUK+g8Emeu7Vi6l3XwH8fACdCIfp3wKlqH/qtkqN7Gts95TM +59uIRgQYEQIABgUCP+NrcQAKCRBshZ+xS5aoxUisAKC2tk0y7PNjh9C9vbfx3fdA +gqiD8gCgg6qjwVbeddcrA0a84BB3zXnb93A= +=0IcW +-----END PGP PUBLIC KEY BLOCK----- diff --git a/rsync.spec b/rsync.spec new file mode 100644 index 0000000..0f75b11 --- /dev/null +++ b/rsync.spec @@ -0,0 +1,217 @@ +# +# spec file for package rsync +# +# Copyright (c) 2024 SUSE LLC +# +# All modifications and additions to the file contributed by third parties +# remain the property of their copyright owners, unless otherwise agreed +# upon. The license for this file, and modifications and additions to the +# file, is the same license as for the pristine package itself (unless the +# license for the pristine package is not an Open Source License, in which +# case the license is the MIT License). An "Open Source License" is a +# license that conforms to the Open Source Definition (Version 1.9) +# published by the Open Source Initiative. + +# Please submit bugfixes or comments via https://bugs.opensuse.org/ +# + + +%if 0%{?suse_version} >= 1550 +%bcond_without xxhash +%else +%bcond_with xxhash +%endif + +%if 0%{?suse_version} < 1550 +%bcond_without gcc11 +%else +%bcond_with gcc11 +%endif + +%if 0%{?suse_version} < 1600 +%bcond_without slp +%else +%bcond_with slp +%endif + +Name: rsync +Version: 3.3.0 +Release: 0 +Summary: Versatile tool for fast incremental file transfer +License: GPL-3.0-or-later +Group: Productivity/Networking/Other +URL: https://rsync.samba.org/ +Source: https://rsync.samba.org/ftp/rsync/src/rsync-%{version}.tar.gz +Source1: https://rsync.samba.org/ftp/rsync/src/rsync-patches-%{version}.tar.gz +Source2: logrotate.rsync +Source3: rsyncd.socket +Source4: rsyncd.rc +Source5: rsyncd.conf +Source6: rsyncd.secrets +Source8: rsyncd.service +Source9: rsyncd@.service +Source10: https://rsync.samba.org/ftp/rsync/src/rsync-%{version}.tar.gz.asc +Source11: https://rsync.samba.org/ftp/rsync/src/rsync-patches-%{version}.tar.gz.asc +Source12: %{name}.keyring +Source13: rsyncd +Patch0: rsync-no-libattr.patch +Patch1: rsync-gcc14.patch +Patch2: rsync-usr-etc.patch +Patch3: rsync-run-dir.patch +BuildRequires: autoconf +BuildRequires: automake +BuildRequires: c++_compiler +BuildRequires: libacl-devel +BuildRequires: liblz4-devel +BuildRequires: libzstd-devel +BuildRequires: pkgconfig +BuildRequires: popt-devel +BuildRequires: systemd-rpm-macros +BuildRequires: zlib-devel +%if %{with xxhash} +BuildRequires: pkgconfig(libxxhash) >= 0.8.0 +%endif +%if %{with gcc11} +BuildRequires: gcc11-c++ +%endif +%if %{with slp} +BuildRequires: openslp-devel +%endif +BuildRequires: pkgconfig(openssl) +Requires(post): grep +Requires(post): sed +Recommends: logrotate + +%description +Rsync is a fast and extraordinarily versatile file copying tool. It can copy +locally, to/from another host over any remote shell, or to/from a remote rsync +daemon. It offers a large number of options that control every aspect of its +behavior and permit very flexible specification of the set of files to be +copied. It is famous for its delta-transfer algorithm, which reduces the amount +of data sent over the network by sending only the differences between the +source files and the existing files in the destination. Rsync is widely used +for backups and mirroring and as an improved copy command for everyday use. + +%prep +%setup -q -b 1 +rm -f zlib/*.h zlib/*.c + +%if %{with slp} +patch -p1 < patches/slp.diff +%endif + +%autopatch -p1 + +%build +autoreconf -fiv +%if %{with gcc11} +export CC=gcc-11 +export CXX=g++-11 +%endif +export CFLAGS="%{optflags} -fPIC -DPIC -fPIE" +export CXXFLAGS="$CFLAGS" +export LDFLAGS="-Wl,-z,relro,-z,now -fPIE -pie" +%configure \ + --with-included-popt=no \ + --with-included-zlib=no \ + --disable-debug \ +%if 0%{?suse_version} > 1500 + --with-rsyncd-distconf=%{_distconfdir}/rsyncd.conf \ +%endif +%if !%{with xxhash} + --disable-xxhash\ +%endif +%ifarch x86_64 + --enable-roll-simd \ +%endif +%if %{with slp} + --enable-slp \ +%endif + --enable-acl-support \ + --enable-xattr-support +%make_build reconfigure +%make_build + +%check +chmod +x support/* +%make_build check +chmod -x support/* + +%install +%make_install +rm -f %{buildroot}%{_sbindir}/rsyncd +install -d %{buildroot}%{_sysconfdir}/init.d +install -d %{buildroot}%{_sysconfdir}/xinetd.d +install -d %{buildroot}%{_sbindir} +install -m 755 %{SOURCE13} %{buildroot}%{_sbindir}/rsyncd +install -m 755 support/rsyncstats %{buildroot}%{_bindir} +%if 0%{?suse_version} > 1500 +install -d %{buildroot}%{_distconfdir}/logrotate.d +install -m 644 %{SOURCE2} %{buildroot}%{_distconfdir}/logrotate.d/rsync +install -m 644 %{SOURCE5} %{buildroot}%{_distconfdir}/rsyncd.conf +install -m 600 %{SOURCE6} %{buildroot}%{_distconfdir}/rsyncd.secrets +echo "# This is a template only. Create your own entries in /etc/rsyncd.secrets" >>%{buildroot}%{_distconfdir}/rsyncd.secrets +echo +%else +install -d %{buildroot}%{_sysconfdir}/logrotate.d +install -m 644 %{SOURCE2} %{buildroot}%{_sysconfdir}/logrotate.d/rsync +install -m 644 %{SOURCE5} %{buildroot}%{_sysconfdir}/rsyncd.conf +install -m 600 %{SOURCE6} %{buildroot}%{_sysconfdir}/rsyncd.secrets +%endif +install -D -m 0644 %{SOURCE9} %{buildroot}%{_unitdir}/rsyncd@.service +install -D -m 0644 %{SOURCE8} %{buildroot}%{_unitdir}/rsyncd.service +install -D -m 0644 %{SOURCE3} %{buildroot}%{_unitdir}/rsyncd.socket +ln -sf service %{buildroot}%{_sbindir}/rcrsyncd +chmod -x support/* + +%pre +%service_add_pre rsyncd.service +%if 0%{?suse_version} > 1500 +# Prepare for migration to /usr/etc; save any old .rpmsave +for i in logrotate.d/rsync rsyncd.conf rsyncd.secrets; do + test -f %{_sysconfdir}/${i}.rpmsave && mv -v %{_sysconfdir}/${i}.rpmsave %{_sysconfdir}/${i}.rpmsave.old ||: +done +%endif + +%if 0%{?suse_version} > 1500 +%posttrans +# Migration to /usr/etc, restore just created .rpmsave +for i in logrotate.d/rsync rsyncd.conf rsyncd.secrets; do + test -f %{_sysconfdir}/${i}.rpmsave && mv -v %{_sysconfdir}/${i}.rpmsave %{_sysconfdir}/${i} ||: +done +%endif + +%preun +%service_del_preun rsyncd.service + +%post +%service_add_post rsyncd.service + +%postun +%service_del_postun rsyncd.service + +%files +%license COPYING +%doc NEWS.md README.md tech_report.tex support/ +%{_unitdir}/rsyncd@.service +%{_unitdir}/rsyncd.service +%{_unitdir}/rsyncd.socket +%if 0%{?suse_version} > 1500 +%{_distconfdir}/logrotate.d/rsync +%{_distconfdir}/rsyncd.conf +%{_distconfdir}/rsyncd.secrets +%else +%config(noreplace) %{_sysconfdir}/logrotate.d/rsync +%config(noreplace) %{_sysconfdir}/rsyncd.conf +%config(noreplace) %{_sysconfdir}/rsyncd.secrets +%endif +%{_sbindir}/rcrsyncd +%{_sbindir}/rsyncd +%{_bindir}/rsyncstats +%{_bindir}/rsync +%{_bindir}/rsync-ssl +%{_mandir}/man1/rsync.1%{?ext_man} +%{_mandir}/man1/rsync-ssl.1%{?ext_man} +%{_mandir}/man5/rsyncd.conf.5%{?ext_man} + +%changelog diff --git a/rsyncd b/rsyncd new file mode 100644 index 0000000..52b0175 --- /dev/null +++ b/rsyncd @@ -0,0 +1,6 @@ +#!/bin/sh + +# We need this wrapper instead of a plain symlink to be able to set +# a different SELinux label on this +exec -a rsyncd /usr/bin/rsync "$@" + diff --git a/rsyncd.conf b/rsyncd.conf new file mode 100644 index 0000000..fd6b18b --- /dev/null +++ b/rsyncd.conf @@ -0,0 +1,16 @@ +gid = users +read only = true +use chroot = true +transfer logging = true +log format = %h %o %f %l %b +log file = /var/log/rsyncd.log +pid file = /run/rsyncd.pid +hosts allow = trusted.hosts +slp refresh = 300 +use slp = false + +#[Example] +# path = /home/Example +# comment = An Example +# auth users = user +# secrets file = /etc/rsyncd.secrets diff --git a/rsyncd.rc b/rsyncd.rc new file mode 100644 index 0000000..d7ba778 --- /dev/null +++ b/rsyncd.rc @@ -0,0 +1,137 @@ +#! /bin/sh +# Copyright (c) 1996, 1997, 1998 S.u.S.E. GmbH +# Copyright (c) 1998, 1999, 2000, 2001 SuSE GmbH +# Copyright (c) 2002 SuSE Linux AG +# +# Author: Kurt Garloff +# +# init.d/rsyncd +# +# and symbolic its link +# +# /sbin/rcrsyncd +# +# System startup script for the rsync daemon +# +### BEGIN INIT INFO +# Provides: rsync +# Required-Start: $remote_fs $syslog +# Required-Stop: $remote_fs $syslog +# Should-Start: slpd +# Should-Stop: slpd +# Default-Start: 3 5 +# Default-Stop: 0 1 2 6 +# Description: Start the rsync server daemon +# Short-Description: Start the rsync server daemon +### END INIT INFO + +RSYNCD_BIN=/usr/sbin/rsyncd +test -x $RSYNCD_BIN || exit 5 +RSYNCD_PID=/var/run/rsyncd.pid + +# Shell functions sourced from /etc/rc.status: +# rc_check check and set local and overall rc status +# rc_status check and set local and overall rc status +# rc_status -v ditto but be verbose in local rc status +# rc_status -v -r ditto and clear the local rc status +# rc_failed set local and overall rc status to failed +# rc_failed set local and overall rc status to +# rc_reset clear local rc status (overall remains) +# rc_exit exit appropriate to overall rc status +. /etc/rc.status + +# First reset status of this service +rc_reset + +# Return values acc. to LSB for all commands but status: +# 0 - success +# 1 - generic or unspecified error +# 2 - invalid or excess argument(s) +# 3 - unimplemented feature (e.g. "reload") +# 4 - insufficient privilege +# 5 - program is not installed +# 6 - program is not configured +# 7 - program is not running +# +# Note that starting an already running service, stopping +# or restarting a not-running service as well as the restart +# with force-reload (in case signalling is not supported) are +# considered a success. + +case "$1" in + start) + echo -n "Starting rsync daemon" + ## Start daemon with startproc(8). If this fails + ## the echo return value is set appropriate. + + # NOTE: startproc return 0, even if service is + # already running to match LSB spec. + startproc -p $RSYNCD_PID -t 1 $RSYNCD_BIN --daemon + + # Remember status and be verbose + rc_status -v + ;; + stop) + echo -n "Shutting down rsync daemon" + ## Stop daemon with killproc(8) and if this fails + ## set echo the echo return value. + + killproc -p $RSYNCD_PID $RSYNCD_BIN + + # Remember status and be verbose + rc_status -v + ;; + try-restart) + ## Stop the service and if this succeeds (i.e. the + ## service was running before), start it again. + ## Note: try-restart is not (yet) part of LSB (as of 0.7.5) + $0 status >/dev/null && $0 restart + + # Remember status and be quiet + rc_status + ;; + restart) + ## Stop the service and regardless of whether it was + ## running or not, start it again. + $0 stop + $0 start + + # Remember status and be quiet + rc_status + ;; + force-reload) + ## Signal the daemon to reload its config. Most daemons + ## do this on signal 1 (SIGHUP). + ## If it does not support it, restart. + + echo "Reload service rsync" + "$0" restart + rc_status -v + ;; + reload) + # rsyncd does not catch SIGHUP + echo -n "Reload service rsync" + rc_failed 3 + rc_status -v + ;; + status) + echo -n "Checking for rsync daemon: " + ## Check status with checkproc(8), if process is running + ## checkproc will return with exit status 0. + + # Status has a slightly different for the status command: + # 0 - service running + # 1 - service dead, but /var/run/ pid file exists + # 2 - service dead, but /var/lock/ lock file exists + # 3 - service not running + + # NOTE: checkproc returns LSB compliant status values. + checkproc -p $RSYNCD_PID $RSYNCD_BIN + rc_status -v + ;; + *) + echo "Usage: $0 {start|stop|status|try-restart|restart|force-reload|reload}" + exit 1 + ;; +esac +rc_exit diff --git a/rsyncd.secrets b/rsyncd.secrets new file mode 100644 index 0000000..13e7cb9 --- /dev/null +++ b/rsyncd.secrets @@ -0,0 +1 @@ +# user:passwd diff --git a/rsyncd.service b/rsyncd.service new file mode 100644 index 0000000..4c7bd65 --- /dev/null +++ b/rsyncd.service @@ -0,0 +1,22 @@ +[Unit] +Description=Start the rsync server daemon +After=network.target +ConditionPathExists=/etc/rsyncd.conf + +[Service] +ExecStart=/usr/sbin/rsyncd --daemon --no-detach +IOSchedulingClass=idle +CPUSchedulingPolicy=batch +PrivateTmp=true +# added automatically, for details please see +# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort +ProtectHostname=true +ProtectKernelTunables=true +ProtectKernelModules=true +ProtectKernelLogs=true +ProtectControlGroups=true +RestrictRealtime=true +# end of automatic additions + +[Install] +WantedBy=multi-user.target diff --git a/rsyncd.socket b/rsyncd.socket new file mode 100644 index 0000000..31b00a4 --- /dev/null +++ b/rsyncd.socket @@ -0,0 +1,10 @@ +[Unit] +Description=Rsync Server Socket +Conflicts=rsyncd.service + +[Socket] +ListenStream=873 +Accept=yes + +[Install] +WantedBy=sockets.target diff --git a/rsyncd@.service b/rsyncd@.service new file mode 100644 index 0000000..710ecd9 --- /dev/null +++ b/rsyncd@.service @@ -0,0 +1,11 @@ +[Unit] +Description=Start the rsync server daemon +After=network.target +ConditionPathExists=/etc/rsyncd.conf + +[Service] +ExecStart=/usr/sbin/rsyncd --daemon --no-detach +IOSchedulingClass=idle +CPUSchedulingPolicy=batch +PrivateTmp=true +StandardInput=socket