From 9995d7a6b9572b917e46c6fb2285583b83b59eac9b4780fecebccced1a402ac7 Mon Sep 17 00:00:00 2001 From: David Anes Date: Fri, 21 Oct 2022 10:12:55 +0000 Subject: [PATCH] Accepting request 1030355 from home:david.anes:branches:home:stroeder:sys - New version fixes bug (boo#1203727): implicit containing directory sometimes rejected as unrequested - update to 3.2.7 * BUG FIXES: - Fixed the client-side validating of the remote sender's filtering behavior. - More fixes for the "unrequested file-list name" name, including a copy of "/" with `--relative` enabled and a copy with a lot of related paths with `--relative` enabled (often derived from a `--files-from` list). - When rsync gets an unpack error on an ACL, mention the filename. - Avoid over-setting sanitize_paths when a daemon is serving "/" (even if "use chroot" is false). * ENHANCEMENTS: - Added negotiated daemon-auth support that allows a stronger checksum digest to be used to validate a user's login to the daemon. Added SHA512, SHA256, and SHA1 digests to MD5 & MD4. These new digests are at the highest priority in the new daemon-auth negotiation list. - Added support for the SHA1 digest in file checksums. While this tends to be overkill, it is available if someone really needs it. This overly-long checksum is at the lowest priority in the normal checksum negotiation list. See [`--checksum-choice`](rsync.1#opt) (`--cc`) and the `RSYNC_CHECKSUM_LIST` environment var for how to customize this. - Improved the xattr hash table to use a 64-bit key without slowing down the key's computation. This should make extra sure that a hash collision doesn't happen. - If the `--version` option is repeated (e.g. `-VV`) then the information is output in a (still readable) JSON format. Client side only. - The script `support/json-rsync-version` is available to get the JSON style version output from any rsync. The script accepts either text on stdin **or** an arg that specifies an rsync executable to run with a doubled `--version` option. If the text we get isn't already in JSON format, it is OBS-URL: https://build.opensuse.org/request/show/1030355 OBS-URL: https://build.opensuse.org/package/show/network/rsync?expand=0&rev=100 --- rsync-3.2.6.tar.gz | 3 -- rsync-3.2.6.tar.gz.asc | 6 --- rsync-3.2.7.tar.gz | 3 ++ rsync-3.2.7.tar.gz.asc | 6 +++ rsync-patches-3.2.6.tar.gz | 3 -- rsync-patches-3.2.6.tar.gz.asc | 6 --- rsync-patches-3.2.7.tar.gz | 3 ++ rsync-patches-3.2.7.tar.gz.asc | 6 +++ rsync.changes | 81 ++++++++++++++++++++++++++++++++++ rsync.spec | 2 +- 10 files changed, 100 insertions(+), 19 deletions(-) delete mode 100644 rsync-3.2.6.tar.gz delete mode 100644 rsync-3.2.6.tar.gz.asc create mode 100644 rsync-3.2.7.tar.gz create mode 100644 rsync-3.2.7.tar.gz.asc delete mode 100644 rsync-patches-3.2.6.tar.gz delete mode 100644 rsync-patches-3.2.6.tar.gz.asc create mode 100644 rsync-patches-3.2.7.tar.gz create mode 100644 rsync-patches-3.2.7.tar.gz.asc diff --git a/rsync-3.2.6.tar.gz b/rsync-3.2.6.tar.gz deleted file mode 100644 index c61a439..0000000 --- a/rsync-3.2.6.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:fb3365bab27837d41feaf42e967c57bd3a47bc8f10765a3671efd6a3835454d3 -size 1138593 diff --git a/rsync-3.2.6.tar.gz.asc b/rsync-3.2.6.tar.gz.asc deleted file mode 100644 index d64310f..0000000 --- a/rsync-3.2.6.tar.gz.asc +++ /dev/null @@ -1,6 +0,0 @@ ------BEGIN PGP SIGNATURE----- - -iF0EABECAB0WIQQASMiwJtTJbw5YnC9shZ+xS5aoxQUCYxuTBgAKCRBshZ+xS5ao -xSUKAJ93lV+9DRfr1pFientsDrx0n7rmKACglNSPRICguhVZzHyFBauHRvU8jY8= -=/1ey ------END PGP SIGNATURE----- diff --git a/rsync-3.2.7.tar.gz b/rsync-3.2.7.tar.gz new file mode 100644 index 0000000..bf5bef1 --- /dev/null +++ b/rsync-3.2.7.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:4e7d9d3f6ed10878c58c5fb724a67dacf4b6aac7340b13e488fb2dc41346f2bb +size 1149787 diff --git a/rsync-3.2.7.tar.gz.asc b/rsync-3.2.7.tar.gz.asc new file mode 100644 index 0000000..68ab590 --- /dev/null +++ b/rsync-3.2.7.tar.gz.asc @@ -0,0 +1,6 @@ +-----BEGIN PGP SIGNATURE----- + +iF0EABECAB0WIQQASMiwJtTJbw5YnC9shZ+xS5aoxQUCY1HvAwAKCRBshZ+xS5ao +xZFiAKC3MJgYOMf5VfpfAbld/+ydZRznMQCgkF/yaDJvKMNOslSRNuMZ/eXZ84g= +=Q+uI +-----END PGP SIGNATURE----- diff --git a/rsync-patches-3.2.6.tar.gz b/rsync-patches-3.2.6.tar.gz deleted file mode 100644 index 80ebef5..0000000 --- a/rsync-patches-3.2.6.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:c3d13132b560f456fd8fc9fdf9f59377e91adf0dfc8117e33800d14b483d1a85 -size 148382 diff --git a/rsync-patches-3.2.6.tar.gz.asc b/rsync-patches-3.2.6.tar.gz.asc deleted file mode 100644 index 2bd1efb..0000000 --- a/rsync-patches-3.2.6.tar.gz.asc +++ /dev/null @@ -1,6 +0,0 @@ ------BEGIN PGP SIGNATURE----- - -iF0EABECAB0WIQQASMiwJtTJbw5YnC9shZ+xS5aoxQUCYxuTBgAKCRBshZ+xS5ao -xT3GAJ9x92f73eR0i6ah6tZW3akcNfvdyQCg48BRbfKrraXkT/ipmb8sY+xowGo= -=Ma/E ------END PGP SIGNATURE----- diff --git a/rsync-patches-3.2.7.tar.gz b/rsync-patches-3.2.7.tar.gz new file mode 100644 index 0000000..c66c0df --- /dev/null +++ b/rsync-patches-3.2.7.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:e7e5e9ea0b6dd7639c7a5c6f49a1d06be20d449d59f60ba59b238e1aa79b13f0 +size 99514 diff --git a/rsync-patches-3.2.7.tar.gz.asc b/rsync-patches-3.2.7.tar.gz.asc new file mode 100644 index 0000000..f878511 --- /dev/null +++ b/rsync-patches-3.2.7.tar.gz.asc @@ -0,0 +1,6 @@ +-----BEGIN PGP SIGNATURE----- + +iF0EABECAB0WIQQASMiwJtTJbw5YnC9shZ+xS5aoxQUCY1HvAwAKCRBshZ+xS5ao +xR3uAJ46yBJwj44DSq5YGtnUJKhLHUJLjwCfbcdunUI6bpF6Yp4IGgPUSxHIsoI= +=+RP4 +-----END PGP SIGNATURE----- diff --git a/rsync.changes b/rsync.changes index 39b0fb7..fca93e9 100644 --- a/rsync.changes +++ b/rsync.changes @@ -1,3 +1,84 @@ +------------------------------------------------------------------- +Fri Oct 21 07:52:48 UTC 2022 - Michael Ströder + +- New version fixes bug (boo#1203727): implicit containing directory + sometimes rejected as unrequested + +- update to 3.2.7 + * BUG FIXES: + - Fixed the client-side validating of the remote sender's filtering behavior. + - More fixes for the "unrequested file-list name" name, including a copy of + "/" with `--relative` enabled and a copy with a lot of related paths with + `--relative` enabled (often derived from a `--files-from` list). + - When rsync gets an unpack error on an ACL, mention the filename. + - Avoid over-setting sanitize_paths when a daemon is serving "/" (even if + "use chroot" is false). + * ENHANCEMENTS: + - Added negotiated daemon-auth support that allows a stronger checksum digest + to be used to validate a user's login to the daemon. Added SHA512, SHA256, + and SHA1 digests to MD5 & MD4. These new digests are at the highest priority + in the new daemon-auth negotiation list. + - Added support for the SHA1 digest in file checksums. While this tends to be + overkill, it is available if someone really needs it. This overly-long + checksum is at the lowest priority in the normal checksum negotiation list. + See [`--checksum-choice`](rsync.1#opt) (`--cc`) and the `RSYNC_CHECKSUM_LIST` + environment var for how to customize this. + - Improved the xattr hash table to use a 64-bit key without slowing down the + key's computation. This should make extra sure that a hash collision doesn't + happen. + - If the `--version` option is repeated (e.g. `-VV`) then the information is + output in a (still readable) JSON format. Client side only. + - The script `support/json-rsync-version` is available to get the JSON style + version output from any rsync. The script accepts either text on stdin + **or** an arg that specifies an rsync executable to run with a doubled + `--version` option. If the text we get isn't already in JSON format, it is + converted. Newer rsync versions will provide more complete json info than + older rsync versions. Various tweaks are made to keep the flag names + consistent across versions. + - The [`use chroot`](rsyncd.conf.5#) daemon parameter now defaults to "unset" + so that rsync can use chroot when it works and a sanitized copy when chroot + is not supported (e.g., for a non-root daemon). Explicitly setting the + parameter to true or false (on or off) behaves the same way as before. + - The `--fuzzy` option was optimized a bit to try to cut down on the amount of + computations when considering a big pool of files. The simple heuristic from + Kenneth Finnegan resuled in about a 2x speedup. + - If rsync is forced to use protocol 29 or before (perhaps due to talking to an + rsync before 3.0.0), the modify time of a file is limited to 4-bytes. Rsync + now interprets this value as an unsigned integer so that a current year past + 2038 can continue to be represented. This does mean that years prior to 1970 + cannot be represented in an older protocol, but this trade-off seems like the + right choice given that (1) 2038 is very rapidly approaching, and (2) newer + protocols support a much wider range of old and new dates. + - The rsync client now treats an empty destination arg as an error, just like + it does for an empty source arg. This doesn't affect a `host:` arg (which is + treated the same as `host:.`) since the arg is not completely empty. The use + of [`--old-args`](rsync.1#opt) (including via `RSYNC_OLD_ARGS`) allows the + prior behavior of treating an empty destination arg as a ".". + * PACKAGING RELATED: + - The checksum code now uses openssl's EVP methods, which gets rid of various + deprecation warnings and makes it easy to support more digest methods. On + newer systems, the MD4 digest is marked as legacy in the openssl code, which + makes openssl refuse to support it via EVP. You can choose to ignore this + and allow rsync's MD4 code to be used for older rsync connections (when + talking to an rsync prior to 3.0.0) or you can choose to configure rsync to + tell openssl to enable legacy algorithms (see below). + - A simple openssl config file is supplied that can be installed for rsync to + use. If you install packaging/openssl-rsync.cnf to a public spot (such as + `/etc/ssl/openssl-rsync.cnf`) and then run configure with the option + `--with-openssl-conf=/path/name.cnf`, this will cause rsync to export the + configured path in the OPENSSL_CONF environment variable (when the variable + is not already set). This will enable openssl's MD4 code for rsync to use. + - The packager may wish to include an explicit "use chroot = true" in the top + section of their supplied /etc/rsyncd.conf file if the daemon is being + installed to run as the root user (though rsync should behave the same even + with the value unset, a little extra paranoia doesn't hurt). + - I've noticed that some packagers haven't installed support/nameconvert for + users to use in their chrooted rsync configs. Even if it is not installed + as an executable script (to avoid a python3 dependency) it would be good to + install it with the other rsync-related support scripts. + - It would be good to add support/json-rsync-version to the list of installed + support scripts. + ------------------------------------------------------------------- Wed Sep 14 09:23:51 UTC 2022 - David Anes diff --git a/rsync.spec b/rsync.spec index ae2c960..7f21016 100644 --- a/rsync.spec +++ b/rsync.spec @@ -29,7 +29,7 @@ %endif Name: rsync -Version: 3.2.6 +Version: 3.2.7 Release: 0 Summary: Versatile tool for fast incremental file transfer License: GPL-3.0-or-later