[Bug 2007833] [NEW] latent stderr bug breaks transfers with newer rsync clients
Peter Thomassen
2007833 at bugs.launchpad.net
Mon Feb 20 10:05:17 UTC 2023
*** This bug is a security vulnerability ***
Public security bug reported:
libfile-rsyncp-perl is used by backuppc version 3 (as packaged in 18.04
and 20.04). When backupping remote clients with rsync 3.2.3,
File::RsyncP chokes on a change in stderr handling of that rsync
version, and backups fail [1].
The failure is due to a long-standing, latent bug in File::RsyncP that
did not surface earlier [2]. It practically makes using BackupPC 3
impossible with clients using rsync 3.2.3, as is packaged for 22.04. The
fact that BackupPC on 20.04 can't be used to back up machines with 22.04
has been a problem for users elsewhere as well [3].
A new version of File::RsyncP is available, fixing only this specific
issue: https://metacpan.org/release/CBARRATT/File-RsyncP-0.76
It would be great if this fix could be released for Ubuntu 20.04 (and
perhaps also 18.04). I'm not sure what the criteria for security
releases are, but I think it should go through the security channel (as
it impacts availability, and a denial-of-service bug for a backup
service is pretty bad).
Thank you very much for your work on this package!
[1]: https://github.com/WayneD/rsync/issues/95
[2]: https://github.com/backuppc/backuppc/issues/369#issuecomment-692431546
[3]: https://www.mail-archive.com/backuppc-users@lists.sourceforge.net/msg32673.html
** Affects: libfile-rsyncp-perl (Ubuntu)
Importance: Undecided
Status: New
** Information type changed from Private Security to Public
** Information type changed from Public to Public Security
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to libfile-rsyncp-perl in Ubuntu.
https://bugs.launchpad.net/bugs/2007833
Title:
latent stderr bug breaks transfers with newer rsync clients
Status in libfile-rsyncp-perl package in Ubuntu:
New
Bug description:
libfile-rsyncp-perl is used by backuppc version 3 (as packaged in
18.04 and 20.04). When backupping remote clients with rsync 3.2.3,
File::RsyncP chokes on a change in stderr handling of that rsync
version, and backups fail [1].
The failure is due to a long-standing, latent bug in File::RsyncP that
did not surface earlier [2]. It practically makes using BackupPC 3
impossible with clients using rsync 3.2.3, as is packaged for 22.04.
The fact that BackupPC on 20.04 can't be used to back up machines with
22.04 has been a problem for users elsewhere as well [3].
A new version of File::RsyncP is available, fixing only this specific
issue: https://metacpan.org/release/CBARRATT/File-RsyncP-0.76
It would be great if this fix could be released for Ubuntu 20.04 (and
perhaps also 18.04). I'm not sure what the criteria for security
releases are, but I think it should go through the security channel
(as it impacts availability, and a denial-of-service bug for a backup
service is pretty bad).
Thank you very much for your work on this package!
[1]: https://github.com/WayneD/rsync/issues/95
[2]: https://github.com/backuppc/backuppc/issues/369#issuecomment-692431546
[3]: https://www.mail-archive.com/backuppc-users@lists.sourceforge.net/msg32673.html
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libfile-rsyncp-perl/+bug/2007833/+subscriptions
More information about the foundations-bugs
mailing list