|
|
|
|
Changelog for rsync-debuginfo-3.3.0-3.1.x86_64.rpm :
* Thu May 23 2024 David Anes - Correcly enable SIMD in x64: the flag was renamed from - -enable-simd to -enable-roll-simd in 3.2.4- Remove leftovers from previous versions: * rsync-patches-3.2.7.tar.gz * rsync-patches-3.2.7.tar.gz.asc * Thu Apr 18 2024 David Anes - Update to 3.3.0 * BUG FIXES: - Fixed a bug with --sparse --inplace where a trailing gap in the source file would not clear out the trailing data in the destination file. - Fixed an buffer overflow in the checksum2 code if SHA1 is being used for the checksum2 algorithm. - Fixed an issue when rsync is compiled using _FORTIFY_SOURCE so that the extra tests don\'t complain about a strlcpy() limit value (which was too large, even though it wasn\'t possible for the larger value to cause an overflow). (fix bsc#1214616, bsc#1214249) - Add a backtick to the list of characters that the filename quoting needs to escape using backslashes. - Fixed a string-comparison issue in the internal handling of - -progress (a locale such as tr_TR.utf-8 needed the internal triggering of --info options to use upper-case flag names to ensure that they match). - Make sure that a local transfer marks the sender side as trusted. - Change the argv handling to work with a newer popt library - - one that likes to free more data than it used to. - Rsync now calls OpenSSL_add_all_algorithms() when compiled against an older openssl library. - Fixed a problem in the daemon auth for older protocols (29 and before) if the openssl library is being used to compute MD4 checksums. - Fixed rsync -VV on Cygwin -- it needed a flush of stdout. - Fixed an old stats bug that counted devices as symlinks. * ENHANCEMENTS: - Enhanced rrsync with the -no-overwrite option that allows you to ensure that existing files on your restricted but writable directory can\'t be modified. - Enhanced the manpages to mark links with .UR & .UE. If your nroff doesn\'t support these idioms, touch the file .md2man-force in the source directory so that md-convert gets called with the --force-link-text option, and that should ensure that your manpages are still readable even with the ignored markup. - Some manpage improvements on the handling of [global] modules. - Changed the mapfrom & mapto perl scripts (in the support dir) into a single python script named idmap. Converted a couple more perl scripts into python. - Changed the mnt-excl perl script (in the support dir) into a python script. * DEVELOPER RELATED: - Updated config.guess (timestamp 2023-01-01) and config.sub (timestamp 2023-01-21).- Drop rsync-fortified-strlcpy-fix.patch (included upstream). * Tue Mar 12 2024 Bernhard Wiedemann - Avoid package changes in %check * Wed Nov 29 2023 Stefan Schubert - Moved rsyncd.conf and rsyncd.secrets to /usr/etc. * Add rsync-usr-etc.patch * Wed Sep 06 2023 David Anes - Rename patch to follow naming patch policies: fortified-strlcpy-fix.patch -> rsync-fortified-strlcpy-fix.patch * Wed Sep 06 2023 Thorsten Kukuk - Use \"slp\" for bcond, not \"openslp\", like we use for all other packages, too.- Disable slp patch and configure option if bcond slp is disabled. * Tue Sep 05 2023 Dirk Müller - add fortified-strlcpy-fix.patch (bsc#1214616, bsc#1214249) * Tue Sep 05 2023 Fabian Vogt - Disable openslp support on new distros (bsc#1214884) * Wed Jul 26 2023 Antonio Teixeira - Add support directory to %docdir. Includes some upstream provided scripts such as rrsync. (bsc#1212198) * Thu Apr 06 2023 Johannes Segitz - Switch rsyncd symlink to a wrapper script to allow setting a distinct SELinux type (bsc#1209654) * Fri Oct 21 2022 Michael Ströder - New version fixes bug (boo#1203727): implicit containing directory sometimes rejected as unrequested- update to 3.2.7 * BUG FIXES: - Fixed the client-side validating of the remote sender\'s filtering behavior. - More fixes for the \"unrequested file-list name\" name, including a copy of \"/\" with `--relative` enabled and a copy with a lot of related paths with `--relative` enabled (often derived from a `--files-from` list). - When rsync gets an unpack error on an ACL, mention the filename. - Avoid over-setting sanitize_paths when a daemon is serving \"/\" (even if \"use chroot\" is false). * ENHANCEMENTS: - Added negotiated daemon-auth support that allows a stronger checksum digest to be used to validate a user\'s login to the daemon. Added SHA512, SHA256, and SHA1 digests to MD5 & MD4. These new digests are at the highest priority in the new daemon-auth negotiation list. - Added support for the SHA1 digest in file checksums. While this tends to be overkill, it is available if someone really needs it. This overly-long checksum is at the lowest priority in the normal checksum negotiation list. See [`--checksum-choice`](rsync.1#opt) (`--cc`) and the `RSYNC_CHECKSUM_LIST` environment var for how to customize this. - Improved the xattr hash table to use a 64-bit key without slowing down the key\'s computation. This should make extra sure that a hash collision doesn\'t happen. - If the `--version` option is repeated (e.g. `-VV`) then the information is output in a (still readable) JSON format. Client side only. - The script `support/json-rsync-version` is available to get the JSON style version output from any rsync. The script accepts either text on stdin * *or * * an arg that specifies an rsync executable to run with a doubled `--version` option. If the text we get isn\'t already in JSON format, it is converted. Newer rsync versions will provide more complete json info than older rsync versions. Various tweaks are made to keep the flag names consistent across versions. - The [`use chroot`](rsyncd.conf.5#) daemon parameter now defaults to \"unset\" so that rsync can use chroot when it works and a sanitized copy when chroot is not supported (e.g., for a non-root daemon). Explicitly setting the parameter to true or false (on or off) behaves the same way as before. - The `--fuzzy` option was optimized a bit to try to cut down on the amount of computations when considering a big pool of files. The simple heuristic from Kenneth Finnegan resuled in about a 2x speedup. - If rsync is forced to use protocol 29 or before (perhaps due to talking to an rsync before 3.0.0), the modify time of a file is limited to 4-bytes. Rsync now interprets this value as an unsigned integer so that a current year past 2038 can continue to be represented. This does mean that years prior to 1970 cannot be represented in an older protocol, but this trade-off seems like the right choice given that (1) 2038 is very rapidly approaching, and (2) newer protocols support a much wider range of old and new dates. - The rsync client now treats an empty destination arg as an error, just like it does for an empty source arg. This doesn\'t affect a `host:` arg (which is treated the same as `host:.`) since the arg is not completely empty. The use of [`--old-args`](rsync.1#opt) (including via `RSYNC_OLD_ARGS`) allows the prior behavior of treating an empty destination arg as a \".\". * PACKAGING RELATED: - The checksum code now uses openssl\'s EVP methods, which gets rid of various deprecation warnings and makes it easy to support more digest methods. On newer systems, the MD4 digest is marked as legacy in the openssl code, which makes openssl refuse to support it via EVP. You can choose to ignore this and allow rsync\'s MD4 code to be used for older rsync connections (when talking to an rsync prior to 3.0.0) or you can choose to configure rsync to tell openssl to enable legacy algorithms (see below). - A simple openssl config file is supplied that can be installed for rsync to use. If you install packaging/openssl-rsync.cnf to a public spot (such as `/etc/ssl/openssl-rsync.cnf`) and then run configure with the option `--with-openssl-conf=/path/name.cnf`, this will cause rsync to export the configured path in the OPENSSL_CONF environment variable (when the variable is not already set). This will enable openssl\'s MD4 code for rsync to use. - The packager may wish to include an explicit \"use chroot = true\" in the top section of their supplied /etc/rsyncd.conf file if the daemon is being installed to run as the root user (though rsync should behave the same even with the value unset, a little extra paranoia doesn\'t hurt). - I\'ve noticed that some packagers haven\'t installed support/nameconvert for users to use in their chrooted rsync configs. Even if it is not installed as an executable script (to avoid a python3 dependency) it would be good to install it with the other rsync-related support scripts. - It would be good to add support/json-rsync-version to the list of installed support scripts. * Wed Sep 14 2022 David Anes - Use bundled SLP patch now that upstream fixed it: * Remove rsync-3.2.5-slp.patch * Mon Sep 12 2022 Dirk Müller - update to 3.2.6: * More path-cleaning improvements in the file-list validation code to avoid rejecting of valid args. * A file-list validation fix for a --files-from file that ends without a line-terminating character. * Added a safety check that prevents the sender from removing destination files when a local copy using --remove-source-files has some files that are shared between the sending & receiving hierarchies, including the case where the source dir & destination dir are identical. * Fixed a bug in the internal MD4 checksum code that could cause the digest to be sporadically incorrect (the openssl version was/is fine). * A minor tweak to rrsync added \"copy-devices\" to the list of known args, but left it disabled by default. * Fri Sep 09 2022 Bernhard Wiedemann - Build SLE version with g++-11 to work around nondeterministic g++-7 (boo#1193895) * Thu Sep 01 2022 Stefan Schubert - Migration to /usr/etc: Saving user changed configuration files in /etc and restoring them while an RPM update. * Tue Aug 16 2022 David Anes - Add upstream patch rsync-3.2.5-slp.patch, as the one included in the released tarball doesn\'t fully apply.- Drop patch rsync-CVE-2022-29154.patch, already included upstream.- Update to 3.2.5 * SECURITY FIXES: - Added some file-list safety checking that helps to ensure that a rogue sending rsync can\'t add unrequested top-level names and/or include recursive names that should have been excluded by the sender. These extra safety checks only require the receiver rsync to be updated. When dealing with an untrusted sending host, it is safest to copy into a dedicated destination directory for the remote content (i.e. don\'t copy into a destination directory that contains files that aren\'t from the remote host unless you trust the remote host). Fixes CVE-2022-29154. - A fix for CVE-2022-37434 in the bundled zlib (buffer overflow issue). * BUG FIXES: - Fixed the handling of filenames specified with backslash-quoted wildcards when the default remote-arg-escaping is enabled. - Fixed the configure check for signed char that was causing a host that defaults to unsigned characters to generate bogus rolling checksums. This made rsync send mostly literal data for a copy instead of finding matching data in the receiver\'s basis file (for a file that contains high-bit characters). - Lots of manpage improvements, including an attempt to better describe how include/exclude filters work. - If rsync is compiled with an xxhash 0.8 library and then moved to a system with a dynamically linked xxhash 0.7 library, we now detect this and disable the XX3 hashes (since these routines didn\'t stabilize until 0.8). * ENHANCEMENTS: - The [`--trust-sender`](rsync.1#opt) option was added as a way to bypass the extra file-list safety checking (should that be required). * PACKAGING RELATED: - A note to those wanting to patch older rsync versions: the changes in this release requires the quoted argument change from 3.2.4. Then, you\'ll want every single code change from 3.2.5 since there is no fluff in this release. - The build date that goes into the manpages is now based on the developer\'s release date, not on the build\'s local-timezone interpretation of the date. * DEVELOPER RELATED: - Configure now defaults GETGROUPS_T to gid_t when cross compiling. - Configure now looks for the bsd/string.h include file in order to fix the build on a host that has strlcpy() in the main libc but not defined in the main string.h file. * Mon Aug 01 2022 David Anes - Security fix: [bsc#1201840, CVE-2022-29154] * arbitrary file write vulnerability via do_server_recv function * Added patch rsync-CVE-2022-29154.patch * Tue Jun 21 2022 Stefan Schubert - Removed %config flag for files in /usr directory. * Mon Jun 20 2022 Stefan Schubert - Moved logrotate files from user specific directory /etc/logrotate.d to vendor specific directory /usr/etc/logrotate.d. * Tue Apr 19 2022 David Anes - Update to 3.2.4 * A new form of arg protection was added that works similarly to the older `--protect-args` (`-s`) option but in a way that avoids breaking things like rrsync. * A long-standing bug was preventing rsync from figuring out the current locale\'s decimal point character, which made rsync always output numbers using the \"C\" locale. * Too many changes to list, see included NEWS.md file.- Drop rsync-CVE-2020-14387.patch, already included upstream. * Tue Nov 16 2021 Johannes Segitz - Added hardening to systemd service(s) (bsc#1181400). Modified: * rsyncd.service
|
|
|