3.1.3-8ubuntu0.7 was just uploaded to focal unapproved with the
documentation additions and an appropriate .changes file:
Changes:
rsync (3.1.3-8ubuntu0.7) focal; urgency=medium
.
* d/p/add-trust-sender-option-docs.patch: Add manpage and help documentation
for the --trust-sender option (LP: #2028810)
.
rsync (3.1.3-8ubuntu0.6) focal; urgency=medium
.
* d/p/add-trust-sender-option.patch: Add --trust-sender argument to decrease
overhead when transferring files (LP: #2028810)
In order to mitigate the performance decrease experienced by the security
update blocking arbitrary file writes by remote servers, this update allows
users the option to inherently trust the remote server instead. The
--trust-sender argument tells the local server to trust the remote server's
file list, leading to a speedup in transfer speed since the extra checks
are no longer needed. The argument should only be used when transferring
between two controlled servers though, to avoid arbitrary file access from
a malicious server.
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to rsync in Ubuntu.
https://bugs.launchpad.net/bugs/2028810
Title:
rsync 3.1.3 performance regression
Status in rsync package in Ubuntu:
Fix Released
Status in rsync source package in Focal:
Fix Committed
Bug description:
[Impact]
Recent necessary security fixes to rsync have caused a slow down in
transfer speeds due to additional authentication. In more recent
versions of rsync this can be mitigated when the environment is
trusted with the --trust-sender flag.
In order to accomidate this use case, the flag should be backported to
focal too.
[Test Plan]
$ lxc launch ubuntu:focal test-rsync-receiver
$ lxc exec test-rsync-receiver bash
# apt update && apt dist-upgrade -y
# apt install openssh-server rsync -y
# passwd ubuntu
- set password for user
# exit
- Check ip of receiver with lxc list
$ lxc list
$ lxc launch ubuntu:focal test-rsync-sender
$ lxc exec test-rsync-sender bash
# apt update && apt dist-upgrade -y
# apt install rsync -y
- Create a random file to send over
# dd if=/dev/urandom of=randomfile.bin bs=1M count=1000
- Send without --trust-sender
# rsync -av randomfile.bin ubuntu@<receiver ip>:~/file1.bin
- Send with --trust-sender
# rsync -av --trust-sender randomfile.bin ubuntu@<receiver ip>:~/file2.bin
With the fix in place, --trust-sender is a valid argument and the
transfer is notably faster as reported back by rsync.
[Where problems could occur]
Since this change adds a new feature in the form of an input flag,
problems could occour when using it. This could include issues from
skipping security checks between the sending and receiving machine.
Another possible problem would be issues with command line input
parsing due to the additional valid argument.
[Other Info]
The --trust-sender option is already available in Jammy and later
[Original Description]
OS: Ubuntu 20.04 Focal
Package: rsync 3.1.3-8ubuntu0.5
rsync's performance was regressed by ~7x amount after some security
patch (debian/patches/CVE-2022-29154-*) was applied to the package,
and introduced a list of filters that iterate on every file being
transferred. We think that was where the performance regression came
from.
A Jammy version of the package (3.2.5) introduced a new flag "--trust-
sender" that allowed user to avoid the expensive client-side filtering
introduced by those security patches. After pulling this change
(https://github.com/WayneD/rsync/commit/cff8f044776c5143a5b270969d4bb0f1fea8b017)
from rsync ourselves and applied it to the Focal version, the
performance regression went away.
The patch we used to backport our Focal rsync is attached in this
thread. Can you please backport it too?
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/rsync/+bug/2028810/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
