[Bug 2060967] Re: noble/rsync buffer overflow detected
This bug was fixed in the package rsync - 3.2.7-1ubuntu1 --- rsync (3.2.7-1ubuntu1) noble; urgency=medium * add d/p/fix_crashes_with_fortified_strlcpy.patch (LP: #2060967) - Fixes a buffer overflow when using -F flag. -- Mitchell Dzurick Fri, 12 Apr 2024 10:09:41 -0700 ** Changed in: rsync (Ubuntu) Status: In Progress => Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2060967 Title: noble/rsync buffer overflow detected To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/rsync/+bug/2060967/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2060967] Re: noble/rsync buffer overflow detected
Package is in proposed now. Testing in an LXC container shows a fix of this behavior. $ lxc launch ubuntu-daily:noble n $ lxc shell n # dpkg -s rsync | grep Version: Version: 3.2.7-1build2 # rsync -F --delete-after --archive /etc/os-release /tmp/ *** buffer overflow detected ***: terminated rsync: connection unexpectedly closed (11 bytes received so far) [sender] rsync error: error in rsync protocol data stream (code 12) at io.c(231) [sender=3.2.7] # cat
[Bug 2060967] Re: noble/rsync buffer overflow detected
I'm surprised this wasn't caught by the DEP8 tests. Care to also perhaps add a simple smoke test, like (note it's not using ssh or any network): $ rsync -F --delete-after --archive /etc/os-release /tmp/ *** buffer overflow detected ***: terminated rsync: connection unexpectedly closed (34 bytes received so far) [sender] rsync error: error in rsync protocol data stream (code 12) at io.c(231) [sender=3.2.7] ** Changed in: rsync (Ubuntu) Importance: Undecided => High ** Changed in: rsync (Ubuntu) Importance: High => Critical -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2060967 Title: noble/rsync buffer overflow detected To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/rsync/+bug/2060967/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2060967] Re: noble/rsync buffer overflow detected
The debian patch looks promising in my local testing. I uploaded a test package to run dep8 tests against. If those look green I'll submit my MP and get it in ASAP. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2060967 Title: noble/rsync buffer overflow detected To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/rsync/+bug/2060967/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2060967] Re: noble/rsync buffer overflow detected
** Changed in: rsync (Ubuntu) Assignee: (unassigned) => Mitchell Dzurick (mitchdz) ** Changed in: rsync (Ubuntu) Status: Triaged => In Progress -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2060967 Title: noble/rsync buffer overflow detected To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/rsync/+bug/2060967/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2060967] Re: noble/rsync buffer overflow detected
** Merge proposal linked: https://code.launchpad.net/~mitchdz/ubuntu/+source/rsync/+git/rsync/+merge/464218 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2060967 Title: noble/rsync buffer overflow detected To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/rsync/+bug/2060967/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2060967] Re: noble/rsync buffer overflow detected
This looks like it could already be fixed in debian with https://salsa.debian.org/debian/rsync/-/commit/d3a0eccf989175b096c10b6c42b02b1ee1306a00 I'll try an ubuntu build with this patch and report back. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2060967 Title: noble/rsync buffer overflow detected To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/rsync/+bug/2060967/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2060967] Re: noble/rsync buffer overflow detected
** Also affects: rsync (Ubuntu Focal) Importance: Undecided Status: New ** Also affects: rsync (Ubuntu Jammy) Importance: Undecided Status: New ** Also affects: rsync (Ubuntu Mantic) Importance: Undecided Status: New ** Changed in: rsync (Ubuntu Focal) Status: New => Invalid ** Changed in: rsync (Ubuntu Jammy) Status: New => Invalid ** Changed in: rsync (Ubuntu Mantic) Status: New => Invalid -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2060967 Title: noble/rsync buffer overflow detected To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/rsync/+bug/2060967/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2060967] Re: noble/rsync buffer overflow detected
I was able to reproduce this in a noble LXD container. $ lxc launch ubuntu-daily:noble n $ lxc shell n # ssh-keygen -t rsa # cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys # touch testfile.txt # rsync -F --delete-after --archive /root/testfile.txt 127.0.0.1:/tmp/ The authenticity of host '127.0.0.1 (127.0.0.1)' can't be established. ED25519 key fingerprint is SHA256:1w9TL8K1uwpKXpyd9rFuNQPQNJ5EolG3NGNbdkUl9VE. This key is not known by any other names. Are you sure you want to continue connecting (yes/no/[fingerprint])? yes Warning: Permanently added '127.0.0.1' (ED25519) to the list of known hosts. *** buffer overflow detected ***: terminated rsync: connection unexpectedly closed (34 bytes received so far) [sender] rsync error: error in rsync protocol data stream (code 12) at io.c(231) [sender=3.2.7] -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2060967 Title: noble/rsync buffer overflow detected To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/rsync/+bug/2060967/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2060967] Re: noble/rsync buffer overflow detected
Quickly testing Jammy/Mantic in a similar fashion as above I do not see the buffer overflow. ** Changed in: rsync (Ubuntu) Status: Confirmed => Triaged -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2060967 Title: noble/rsync buffer overflow detected To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/rsync/+bug/2060967/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2060967] Re: noble/rsync buffer overflow detected
Status changed to 'Confirmed' because the bug affects multiple users. ** Changed in: rsync (Ubuntu) Status: New => Confirmed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2060967 Title: noble/rsync buffer overflow detected To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/rsync/+bug/2060967/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs