Arch Linux

Please read this before reporting a bug:
https://wiki.archlinux.org/title/Bug_reporting_guidelines

Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.

REPEAT: Do NOT report bugs for outdated packages!
Tasklist

FS#76278 - [rsync] 3.2.7-1 breaks compatibility with rsync 2.6.8

Attached to Project: Arch Linux
Opened by Stephan von Krawczynski (skraw) - Sunday, 23 October 2022, 23:42 GMT
Last edited by Jelle van der Waa (jelly) - Saturday, 22 July 2023, 13:59 GMT
Task Type Bug Report
Category Packages: Extra
Status Closed
Assigned To Jelle van der Waa (jelly)
Christian Hesse (eworm)
Architecture All
Severity Low
Priority Normal
Reported Version
Due in Version Undecided
Due Date Undecided
Percent Complete 100%
Votes 0
Private No

Details

Description:

Using rsync-3.2.7-1 as daemon and trying to connect with a client rsync 2.6.8 ends up in this error message:

@ERROR: auth failed on module XXXX
rsync error: error starting client-server protocol (code 5) at main.c(1308) [sender=2.6.8]

Going back to rsync-3.2.6-2 makes it work again.


Additional info:
* package version(s)
* config and/or log files etc.
Daemon rsyncd.conf:

gid = root
uid = root
read only = false
use chroot = true
transfer logging = true
log format = %a %h %o %f %l %b
log file = /var/log/rsyncd.log
pid file = /var/run/rsyncd.pid
#hosts allow = trusted.hosts
#slp refresh = 300
#use slp = false
secrets file = /etc/rsyncd.secrets
#protocol = 29
hosts allow = 192.168.0.0/16
hosts deny = ALL
list = false

[XXXX]
path = /some path
auth users = XXXX
hosts allow = 192.168.C.D


* link to upstream bug report, if any

Steps to reproduce:

Just connect and try to rsync something with 2.6.8 .
This task depends upon

Closed by  Jelle van der Waa (jelly)
Saturday, 22 July 2023, 13:59 GMT
Reason for closing:  Not a bug
Comment by Toolybird (Toolybird) - Monday, 24 October 2022, 01:08 GMT
This appears to be an upstream issue. Could you please report it there [1]?

[1] https://github.com/WayneD/rsync/issues
Comment by Christian Hesse (eworm) - Monday, 24 October 2022, 08:55 GMT
You should consider updating the client... That version is from 17 years ago!
Comment by Jan de Groot (JGC) - Monday, 24 October 2022, 11:10 GMT
Older client probably uses MD4. Since Arch has a recent version of OpenSSL, MD4 is not enabled by default.

From the changelog:

The checksum code now uses openssl's EVP methods, which gets rid of various deprecation warnings and makes it easy to support more digest methods. On newer systems, the MD4 digest is marked as legacy in the openssl code, which makes openssl refuse to support it via EVP. You can choose to ignore this and allow rsync's MD4 code to be used for older rsync connections (when talking to an rsync prior to 3.0.0) or you can choose to configure rsync to tell openssl to enable legacy algorithms (see below).

A simple openssl config file is supplied that can be installed for rsync to use. If you install packaging/openssl-rsync.cnf to a public spot (such as /etc/ssl/openssl-rsync.cnf) and then run configure with the option --with-openssl-conf=/path/name.cnf, this will cause rsync to export the configured path in the OPENSSL_CONF environment variable (when the variable is not already set). This will enable openssl's MD4 code for rsync to use.

Comment by loqs (loqs) - Monday, 24 October 2022, 12:04 GMT
packaging/openssl-rsync.cnf is for OpenSSL 3.0 and will load the legacy provider in addition to the default. If used with OpenSSL 1.1 it will try and load engines named legacy and default which do not exist causing an error.
Comment by Christian Hesse (eworm) - Tuesday, 25 October 2022, 09:27 GMT
So any concerns closing this with "Not a bug"?

Loading...