Two diffs are attached, incorporating feedback from espie@ sthen@ and naddy@. Feedback is welcome. OK?
1. rsync_stable.diff: intended for -stable. brings bundled zlib from rsync 3.2.4 to 3.2.3 with this commit: https://github.com/WayneD/rsync/commit/1de71e8a7870fa1be29f562df61f4c5c4685818f Christian Weisgerber writes: > I'd say they simply merged in the fix and didn't worry whether there > is an actual vulnerability. We could do that in -stable without > pulling in the whole 3.2.4 update. 2. rsync.diff: - --enable-md5-asm (from naddy@ to retain checking whether to enable MD5 ASM optimizations... yes (x86_64)) - --with-nobody-user=_rsync - install rrsync(1) man page. If --with-rrsync is used to build and install the man page, it introduces python3 as a dependency to run ${WRKSRC}/md-convert script. Drawback: rrsync(1) prints 3.2.4pre4 - remove compat.c (fixed) - remove configure.sh (use --with-nobody-user=_rsync instead) - remove receiver.c (upstreamed) - rsync(1) patch: churn - rsyncd.conf patch: add missing ${PREFIX}/bin and remove ${SYSCONFDIR} bits - rrsync patch: churn and moves from perl to python3 I plan to do the following soon (these don't have to hold up the update): - add zstd flavor - port py-braceexpand for better rrsync support Stuart Henderson writes: > (As a cvs repo mirror operator I still want it to build with zstd > support enabled though! :-) ... > We could do with a port > of py-braceexpand to support this script. Testing ======= I additionally tested rrsync by transferring files/deadbeef ~/.ssh/authorized_keys: command="rrsync -ro files" ssh-ed25519 key and transferred files: scp puffy@localhost:deadbeef /tmp Extra stuff =========== bundled zlib ============ - Keep bundled zlib as is. tj@ and I wanted to move to system zlib in the hopes it would be updated faster. espie@ said rsync has a good security track record. Marc Espie writes: > I don't have time to look very closely, but I'm not quite sure that's wise. > rsync is very security-conscious, and I wouldn't be surprised if their > embedded > version would be more recent. Christian Weisgerber writes: > This requires an explanation. > I seem to remember that rsync's bundled zlib is modified and the > bitstream it produces is incompatible with standard zlib. > Something something... -z -zz... ?? Stuart Henderson writes: > There was a reason for using the bundled zlib, but I think that the way > compression negotiation now works, it should be fairly ok to do this. simd ==== Christian Weisgerber writes: > Christian Weisgerber: > >> * We should try --enable-roll-simd --enable-roll-asm for the >> checksum asm. > > I checked, and it doesn't work: > --enable-roll-simd adds intrinsics-based C++ code for SSE2 and SSSE3; > --enable-roll-asm then adds assembly code for AVX2 on top of it. > >> In 3.2.3, the configure test for the C++ intrinsics fails >> with an ld.so error...!? > > Same in 3.2.4. That should be investigated, but that's outside of > the scope of the port. I see the same compiling this snippet from the configure script: https://namtsui.com/public/rsync_simd.cpp.txt $ ./a.out ld.so: a.out: relocation error 37 idx 3 Killed upstream says experimental for now. see: https://github.com/WayneD/rsync/issues/230 --enable-roll-simd enable/disable to control rolling-checksum SIMD optimizations (requires c++) --enable-md5-asm enable/disable to control MD5 ASM optimizations
rsync.diff
Description: rsync.diff
rsync_stable.diff
Description: rsync_stable.diff