<div dir="ltr">The git code should have this fixed. Feel free to build it yourself, or try the executable in the tar file from here:<div><br></div><div><a href="https://download.samba.org/pub/rsync/binaries/opensuse-15-x86_64/">https://download.samba.org/pub/rsync/binaries/opensuse-15-x86_64/</a></div><div><br clear="all"><div><div dir="ltr" class="gmail_signature" data-smartmail="gmail_signature">..wayne..</div></div><br></div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Sat, Sep 24, 2022 at 5:02 PM jimc via rsync <<a href="mailto:rsync@lists.samba.org">rsync@lists.samba.org</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">Version: rsync-3.2.6-1.1.x86_64 from OpenSuSE Tumbleweed, get it from<br>
<a href="https://download.opensuse.org/repositories/openSUSE:/Factory/standard/x86_64/rsync-3.2.6-1.1.x86_64.rpm" rel="noreferrer" target="_blank">https://download.opensuse.org/repositories/openSUSE:/Factory/standard/x86_64/rsync-3.2.6-1.1.x86_64.rpm</a><br>
(or .src.rpm).<br>
<br>
Symptom: In certain circumstances (see the reproducer script), rsync<br>
from a remote source to a local destination and using a --files-from <br>
list<br>
sometimes rejects an implicit containing directory with this error <br>
message:<br>
ERROR: rejecting unrequested file-list name: usr/lib64<br>
rsync error: protocol incompatibility (code 2) at flist.c(998) \<br>
[Receiver=3.2.6]<br>
<br>
Success or failure depends on arcane determinstic variations, and there<br>
is a suspicion that the same input might produce different output at<br>
different times. However, I repeated two variants 20 times a few secs<br>
apart and they always worked or failed.<br>
<br>
I've found these variant behaviors:<br>
* With either sender version, receiver 3.2.5 always works and 3.2.6<br>
sometimes fails.<br>
* If both the source and destination are local, it always works.<br>
* If the destination is remote, it works. Failures are seen with a<br>
remote source.<br>
* All my test cases have two implicit containing directories.<br>
The first one has never been seen to fail but the second one does.<br>
I haven't investigated if third or subsequent dirs would fail.<br>
In one case where the second dir failed, exchanging the two filenames<br>
led to both of them succeeding.<br>
* I'm using rsync in a configuration management system and it needs some<br>
options. If I remove -K -O --numeric-ids leaving only --rsh=ssh -a<br>
--files-from, it fails or works equally.<br>
* If I add --trust-sender then failing cases start working.<br>
<br>
v3.2.5 has an addition to recognize if a rogue sender adds unrequested<br>
toplevel names etc. (CVE-2022-29154) The option --trust-sender<br>
disables the new paranoia. If this option is added to the execution<br>
command line, spurious rejections disappear. Clearly the bugfixes in<br>
file-list processing added in v3.2.6 had a bad interaction with the new<br>
paranoia.<br>
<br>
Attaching reproducer script rsyncbug.sh .<br>
<br>
-- <br>
James F. Carter Email: <a href="mailto:jimc@jfcarter.net" target="_blank">jimc@jfcarter.net</a><br>
Web: <a href="http://www.math.ucla.edu/~jimc" rel="noreferrer" target="_blank">http://www.math.ucla.edu/~jimc</a> (q.v. for PGP key)<br>
-- <br>
Please use reply-all for most replies to avoid omitting the mailing list.<br>
To unsubscribe or change options: <a href="https://lists.samba.org/mailman/listinfo/rsync" rel="noreferrer" target="_blank">https://lists.samba.org/mailman/listinfo/rsync</a><br>
Before posting, read: <a href="http://www.catb.org/~esr/faqs/smart-questions.html" rel="noreferrer" target="_blank">http://www.catb.org/~esr/faqs/smart-questions.html</a><br>
</blockquote></div>