Re: [suse-security] SUSE Security Announcement: kdelibs (SuSE-SA:2004:014)
Kastus wrote on Thu Jun 03 2004 - 19:44:15 CEST:
On Wed, May 26, 2004 at 01:41:23PM +0200, Sebastian Krahmer wrote:
2) Pending vulnerabilities in SUSE Distributions and Workarounds:
- rsync rsync prior to version 2.6.1 does not properly sanitize paths when running as read/write daemon without chroot. New update packages are available on our ftp servers which fix this problem.
This is about rsync-2.6.2-8.2, right?
I've updated using YOU and now am not able to rsync large directories:
rsync -av --delete /home/* /home.backup/ building file list ... done rsync: connection unexpectedly closed (8 bytes read so far) rsync error: error in rsync protocol data stream (code 12) at io.c(342)
The version shipped with 9.1 works just fine with the same directories.
Was this update rushed in? Any fixes?
Thanks, -Kastus
--
Hi Kastus, IIRC, both YOU and fou4s download the patch rpms unless you tell them otherwise. Have you tried the "unpatched" rsync-*.rpm which is also available from the SuSE ftp servers ??? Might be worth a try. Hope this helps, Gar -- __________________________________________________________________ Introducing the New Netscape Internet Service. Only $9.95 a month -- Sign up today at http://isp.netscape.com/register Netscape. Just the Net You Need. New! Netscape Toolbar for Internet Explorer Search from anywhere on the Web and block those annoying pop-ups. Download now at http://channels.netscape.com/ns/search/install.jsp
On Thu, Jun 03, 2004 at 05:32:59PM -0400, GarUlbricht7@netscape.net wrote:
Have you tried the "unpatched" rsync-*.rpm which is also available from the SuSE ftp servers ???
As I understand it, it is a problem with rsync 2.6.2 and not with the form of packaging (patch or full rpm) The bug in rsync 2.6.2 has also been reported on Fedora mailing list.
Might be worth a try.
Thanks for suggestion, anyway. Regards, -Kastus
Have you tried the "unpatched" rsync-*.rpm which is also available from the SuSE ftp servers ???
As I understand it, it is a problem with rsync 2.6.2 and not with the form of packaging (patch or full rpm)
The bug in rsync 2.6.2 has also been reported on Fedora mailing list.
Might be worth a try.
Thanks for suggestion, anyway.
Regards, -Kastus
Please try multiple -v options to see where it fails. We're not aware of any problems with it (yet). Thanks, Roman.
On Fri, Jun 04, 2004 at 08:08:45AM +0200, Roman Drahtmueller wrote:
Please try multiple -v options to see where it fails.
With rsync-2.6.0-78 it works without problems: fizia:~ # rsync -a --delete /home/* /home.backup/ fizia:~ # With rsync-2.6.2-82 it fails: fizia:~ # /tmp/rsync -avv --delete /home/* /home.backup/ building file list ... [sender] expand file_list to 131072 bytes, did move [sender] expand file_list to 262144 bytes, did move [sender] expand file_list to 524288 bytes, did move done [receiver] expand file_list to 131072 bytes, did move [receiver] expand file_list to 262144 bytes, did move [receiver] expand file_list to 524288 bytes, did move [receiver] expand file_list to 131072 bytes, did move deleting in CD [receiver] expand file_list to 131072 bytes, did move deleting in anton [receiver] expand file_list to 131072 bytes, did move rsync: connection unexpectedly closed (8 bytes read so far) rsync error: error in rsync protocol data stream (code 12) at io.c(342) fizia:~ # When I try -vvv, it comes to the point [sender] make_file(anton/.netscape/cache/11/cache3CA11D31113079E.jpg,*,2) [sender] clearing per-dir .cvsignore exclude list [sender] make_file(anton/.netscape/cache/12,*,2) [sender] make_file(anton/.netscape/cache/12/cache3CA11D92143079E.jpg,*,2) and hangs there. If I try to attach strace to rsync processes, both of them are sitting at select: select(2, NULL, [1], NULL, {23, 481000} select(5, NULL, [4], NULL, {41, 907000} /home and /home.backup are separate partitions with reiserfs 40GB in size with ~28GB of data.
We're not aware of any problems with it (yet).
Well, this is a surprize. Please let me know if you want me to do more testing. I also reported this to www.suse.com/feedback Thanks, -Kastus (To contact me in private, replace NOSPAM with kastus in my address)
participants (3)
-
GarUlbricht7@netscape.net -
Kastus -
Roman Drahtmueller