[Bug 2011622] Re: rsync 3.1.3-8ubuntu0.5 (CVE-2022-29154 patch) breaks remote brace interpretation
Marc Deslauriers
2011622 at bugs.launchpad.net
Wed Mar 15 22:09:39 UTC 2023
Hi,
The security fix for CVE-2022-29154 unfortunately changed the way
arguments are handled.
Could you try adding --old-args ? That should restore the previous
behaviour you are expecting.
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-29154
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to rsync in Ubuntu.
https://bugs.launchpad.net/bugs/2011622
Title:
rsync 3.1.3-8ubuntu0.5 (CVE-2022-29154 patch) breaks remote brace
interpretation
Status in rsync package in Ubuntu:
New
Bug description:
Commands like this:
rsync -a host.example.org:\{this,that} .
have worked for decades, in multiple Ubuntu versions, but were broken by the rsync 3.1.3-8ubuntu0 update (on the client, i.e. the machine on which I type that command).
(To be clear, the backslash there quotes the '{' so that it is sent to
the remote rsync rather than being interpreted by the local shell.)
("What happens instead?" It now says "rsync: link_stat
"/home/flaps/{this,that}" failed: No such file or directory (2)".)
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/rsync/+bug/2011622/+subscriptions
More information about the foundations-bugs
mailing list