So after looking further into the way the systems affected by this issue are configured, this is what is happening:
1- rsync client is requesting a directory: rsync -v -rp sshuser@server:/var/cache/foo /tmp/foo 2- the server has an ssh forced command configured that is returning the contents of a different directory: rsync --server --sender -pr . /var/cache/bar 3- The updated rsync client now gets files from a different directory than what was requested, and is bailing out The CVE-2022-29154 security update now validates that the server returns a list of files that match the list of files that were requested, instead of blindly accepting what the server sends, so I'm pretty confident the error message is normal. I will be recreating this scenario to confirm. ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-29154 -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to rsync in Ubuntu. https://bugs.launchpad.net/bugs/2009575 Title: Upgrade to 3.1.3-8ubuntu0.5 causing sync errors Status in rsync package in Ubuntu: Confirmed Bug description: Hi Several systems running Ubuntu 20.04 upgraded their rsync package from 3.1.3-8ubuntu0.4 to 3.1.3-8ubuntu0.5 overnight. Automated syncs that connect to a 16.04 ESM server are now failing with: receiving file list ... ERROR: rejecting unrequested file-list name: [redacted] rsync error: protocol incompatibility (code 2) at flist.c(916) [Receiver=3.1.3] Reverting to the previous release (3.1.3-8ubuntu0.4) on the client side solves the problem. This has been seen on multiple servers running 20.04 on amd64, I'll update this bug with details if we find it on other series too. The 16.04 ESM server being connected to is using the rsync package version 3.1.1-3ubuntu1.3+esm2, so no recent upgrades on that end. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/rsync/+bug/2009575/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : [email protected] Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
