[Bug 2009575] Re: Upgrade to 3.1.3-8ubuntu0.5 causing sync errors

Marc Deslauriers 2009575 at bugs.launchpad.net
Tue Mar 7 19:07:05 UTC 2023 

So after looking further into the way the systems affected by this issue
are configured, this is what is happening:

1- rsync client is requesting a directory: rsync -v -rp sshuser at server:/var/cache/foo /tmp/foo
2- the server has an ssh forced command configured that is returning the contents of a different directory: rsync --server --sender -pr . /var/cache/bar
3- The updated rsync client now gets files from a different directory than what was requested, and is bailing out

The CVE-2022-29154 security update now validates that the server returns
a list of files that match the list of files that were requested,
instead of blindly accepting what the server sends, so I'm pretty
confident the error message is normal. I will be recreating this
scenario to confirm.

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-29154

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to rsync in Ubuntu.
https://bugs.launchpad.net/bugs/2009575

Title:
  Upgrade to 3.1.3-8ubuntu0.5 causing sync errors

Status in rsync package in Ubuntu:
  Confirmed

Bug description:
  Hi

  Several systems running Ubuntu 20.04 upgraded their rsync package from
  3.1.3-8ubuntu0.4 to 3.1.3-8ubuntu0.5 overnight.

  Automated syncs that connect to a 16.04 ESM server are now failing
  with:

  receiving file list ...
  ERROR: rejecting unrequested file-list name: [redacted]
  rsync error: protocol incompatibility (code 2) at flist.c(916) [Receiver=3.1.3]

  Reverting to the previous release (3.1.3-8ubuntu0.4) on the client
  side solves the problem.

  This has been seen on multiple servers running 20.04 on amd64, I'll
  update this bug with details if we find it on other series too.

  The 16.04 ESM server being connected to is using the rsync package
  version 3.1.1-3ubuntu1.3+esm2, so no recent upgrades on that end.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/rsync/+bug/2009575/+subscriptions

More information about the foundations-bugs mailing list