#1106088 rsync: 'failed verification -- update discarded' involving --link-dest and symlinks

Package:
rsync
Source:
rsync
Description:
fast, versatile, remote (and local) file-copying tool
Submitter:
Lucas Nussbaum
Date:
2026-05-25 23:57:01 UTC
Severity:
normal
Tags:
#1106088#5
Date:
2025-05-19 14:25:07 UTC
From:
To:
Package: rsync
Version: 3.2.7-1+deb12u1
Severity: serious
Justification: renders package unusable in common use cases (backup server)
Control: notfound -1 3.2.7-1
Control: found -1 3.2.7-1+deb12u2
Control: notfound -1 3.3.0+ds1-2
Control: found -1 3.3.0+ds1-3
Control: found -1 3.4.1+ds1-3
Control: affects dirvish

Hi,

I ran into this problem after upgrading a system from Debian 11 to
Debian 12, and trying to back it up using dirvish (that uses rsync with
--link-dest).

A minimal reproducer is attached, to be executed with:
# rsync -vlr --link-dest=/path-to/link-dest/ root@localhost:/path-to/source/ /path-to/dest/

This fails with:
---------------------------------------->8
receiving incremental file list
created directory /root/rsync/dest
libcrypt-dev/
libcrypt-dev/TODO.md.gz
WARNING: libcrypt-dev/TODO.md.gz failed verification -- update discarded (will try again).
libcrypt-dev/copyright
WARNING: libcrypt-dev/copyright failed verification -- update discarded (will try again).
libcrypt-dev/other_file_in_both
libcrypt-dev/other_file_in_source
libcrypt-dev/TODO.md.gz
ERROR: libcrypt-dev/TODO.md.gz failed verification -- update discarded.
libcrypt-dev/copyright
ERROR: libcrypt-dev/copyright failed verification -- update discarded.

sent 499 bytes  received 7,860 bytes  16,718.00 bytes/sec
total size is 8,292  speedup is 0.99
rsync error: some files/attrs were not transferred (see previous errors) (code 23) at main.c(1852) [generator=3.4.0]
---------------------------------------->8

I don't fully understand the issue (why does it affect TODO.md.gz and
copyright, but not 'other_file_in_both'?)

I bisected using snapshot.d.o. The problem was introduced between 3.2.7-1 and
3.2.7-1+deb12u1, or between 3.3.0+ds1-2 and 3.3.0+ds1-3. It affects the
version in testing.

I wondered about severity:important vs severity:serious, but decided for
serious since I did not understand the impact of this issue (due to not
understanding the issue).

Workarounds include hacking the 'link-dest' dir to remove the
problematic files.

Lucas

#1106088#28
Date:
2026-02-07 23:50:27 UTC
From:
To:
I had the same problem with 3.4.1+ds1-5+deb13u1 on both source and destination with a single file among 500k. Adding -W fixed the problem. When trying to replicate the bug in order to create a minimal example, I failed and could not reproduce it at all.
#1106088#33
Date:
2026-04-30 13:18:55 UTC
From:
To:
We believe that the bug you reported is fixed in the latest version of
rsync, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 1093160@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Samuel Henrique <samueloph@debian.org> (supplier of updated rsync package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
Format: 1.8
Date: Thu, 30 Apr 2026 09:50:10 -0300
Source: rsync
Architecture: source
Version: 3.4.2+ds1-2
Distribution: unstable
Urgency: medium
Maintainer: Samuel Henrique <samueloph@debian.org>
Changed-By: Samuel Henrique <samueloph@debian.org>
Closes: 1093160
Changes:
 rsync (3.4.2+ds1-2) unstable; urgency=medium
 .
   * d/p/syscall_use_openat2...: New patch to fix symlink handling on the
     receiver (closes: #1093160)
Checksums-Sha1:
 e38b3307d8d0e220b5a1588b72a90478d61ffa13 2156 rsync_3.4.2+ds1-2.dsc
 1a29a6f4a8c8129ad170f21dd1a058c53f7e436e 655380 rsync_3.4.2+ds1.orig.tar.xz
 c76c1229801833f8b30a900b357399b9b75c0472 37844 rsync_3.4.2+ds1-2.debian.tar.xz
 e3021290b000268f88df83bb681e7bb40e4349b4 6862 rsync_3.4.2+ds1-2_amd64.buildinfo
Checksums-Sha256:
 1455d4845be8e7a8f96666328151f80ec982c7c38abae8c4d94740d02a735dc6 2156 rsync_3.4.2+ds1-2.dsc
 0cc3e28aa7d2e735ede35f9b49b57171c375215bb533d03df7b795961704476f 655380 rsync_3.4.2+ds1.orig.tar.xz
 dc9810cb07dd9d764cbf92227b5afce4c6ec4a9f7f17686422c93dfe971ef96b 37844 rsync_3.4.2+ds1-2.debian.tar.xz
 149ec47a8294576d51b85013b8ec2475e44a50e154fe156bb32683992c358328 6862 rsync_3.4.2+ds1-2_amd64.buildinfo
Files:
 c1834652f4297cae16f548912290dd42 2156 net optional rsync_3.4.2+ds1-2.dsc
 0a90fe592f3ed3ebbd1c45831e6df830 655380 net optional rsync_3.4.2+ds1.orig.tar.xz
 21cdaf735f2fb30ef64afd16731f2ddf 37844 net optional rsync_3.4.2+ds1-2.debian.tar.xz
 a81ddc87edca8d96e65a6a9b210542f4 6862 net optional rsync_3.4.2+ds1-2_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEBdtqg34QX0sdAsVfu6n6rcz7RwcFAmnzUYUACgkQu6n6rcz7
RwcfhhAA0xgo1WWxKq+FZTYbSPlarwcjifOsuj8uUI+FME2uNEnqMoHPMuFLFB0g
RJij3wmZ2N6TtvqbrDJpmTko8IlkrkMlW2KVdOVj6Ct57f/BYVSpmWW9ZhVhWcG9
EmaBtmmtgacbrs6xLoZdkQ6pWlOhov15WZgSu4qngWrrA4pLXu3b3lbI3BZzFd/b
m1gC740Un/AKNYh/RSHQBk6glaKkjjRwHDYaEpZxS4D0LK+RO5VzSKNR0pU9gL9P
S3ICg9MOXxviFbQA39sBLievShT0iqT+Pln2krkc8qo3x2Z4YDZy5oMKnp7GapEZ
sTfFZRWfxua/sO6ZIhSf6WHWU+8jm4r8E88O0kHzdZyh3yOwTu4XAZbFUHA6wkdD
Uza7uYKO8g1jEP9Ag5cAbKArU2/F66UJJhNhaEpK1QdlLtcoz0TVlGFErsfWSd1G
Ibd6Ij91azhXyjKiejXyRjcPNnzfpO9+lfXH7aCtsk5gnm9La30qPHFrgP2AvY5/
6KqvzklEbX2owy4AYv3NcjLTl79BtsH8SuT5jiyHL4rg0bBsxb9CQcG/BHPOdXLw
2pEgwdU0Y3IA3kqCd9uoHrD9VwTibk/qJgRvtdUpCAINet3bUJKULKKLZw76IR2l
KW4nmUvDyr34WIIaH8J18yZ3bbM4m6kNQMIANln1/EMl6N98j3Q=
=pAxH
-----END PGP SIGNATURE-----

#1106088#34
Date:
2026-05-07 22:02:34 UTC
From:
To:
We believe that the bug you reported is fixed in the latest version of
rsync, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 1093160@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Samuel Henrique <samueloph@debian.org> (supplier of updated rsync package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
Format: 1.8
Date: Thu, 30 Apr 2026 10:05:39 -0300
Source: rsync
Architecture: source
Version: 3.4.1+ds1-5+deb13u2
Distribution: trixie
Urgency: medium
Maintainer: Samuel Henrique <samueloph@debian.org>
Changed-By: Samuel Henrique <samueloph@debian.org>
Closes: 1093160
Changes:
 rsync (3.4.1+ds1-5+deb13u2) trixie; urgency=medium
 .
   * d/p/syscall_use_openat2...: New patch to fix symlink handling on the
     receiver (closes: #1093160)
   * Add patch for CVE-2026-41035
Checksums-Sha1:
 61840aecd8b74687fb2396c2bcdf7a9132991e8d 2224 rsync_3.4.1+ds1-5+deb13u2.dsc
 0afa2bd51aad7d236910c4144aa01963cdb4eb3a 646840 rsync_3.4.1+ds1.orig.tar.xz
 aca0546d9d22f8a353fc4f9e45a676600c1cb6e7 40620 rsync_3.4.1+ds1-5+deb13u2.debian.tar.xz
 60ac34346fe01cc2740359b81927f71b053991d2 6959 rsync_3.4.1+ds1-5+deb13u2_amd64.buildinfo
Checksums-Sha256:
 0f80ada223dc21c23620cd84854a518ae3041304532f3faa939be26b5a367874 2224 rsync_3.4.1+ds1-5+deb13u2.dsc
 bb9e2dda7e79d9639bc04bdafff6bb0b06a606ed915358b574696384215c9e5c 646840 rsync_3.4.1+ds1.orig.tar.xz
 3dec355dba485a786cd94052c453dfe0ffb63f3b1e84871a05a991f52ea2e20d 40620 rsync_3.4.1+ds1-5+deb13u2.debian.tar.xz
 ff230621516a16295f78fcc3e0aa52bb5da4078602f5af5642c4f8349c27d8b3 6959 rsync_3.4.1+ds1-5+deb13u2_amd64.buildinfo
Files:
 e9bde6c03747026fcb4ee0bf85d0db9c 2224 net optional rsync_3.4.1+ds1-5+deb13u2.dsc
 6ed869a0c4012385c8da8cc272cab3b8 646840 net optional rsync_3.4.1+ds1.orig.tar.xz
 2cf7b6e2569cc09179c539859a6c841c 40620 net optional rsync_3.4.1+ds1-5+deb13u2.debian.tar.xz
 d03a2eaefb95bfeef30a21632d90ae13 6959 net optional rsync_3.4.1+ds1-5+deb13u2_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEBdtqg34QX0sdAsVfu6n6rcz7RwcFAmn8iv8ACgkQu6n6rcz7
RwdVFQ//W2uvu+OcCqMC2lNCDgIN5A5e12a2umNy6+hZLo/IHjf/5tawXBKzRafb
VseufG6SxY/h8sJap7GB2SPYByVO6f8amkk5o7dh+YBBRfxkjEJYWe2BeCZSwBCd
qB3xrrxZeqDcSIQvfvE3kwJfzDLg0sCzHqjmlZoYtj3bREZ4YDDPmH8FdYiumipq
qa7vmcoZrmOBMquBut8NQPfSds+V95lVWig8BNOaZGFWFq1KuuowEvNl4UwRpCJn
SV0yb9gn3YGfekLgz7Ef5cUvsY8I7g37lDLN8WX/cbApWfJVNdgA5ZLBhe0vWUTR
jYVO/6ra7lFv20BMM8V4h0NWi6862Xz3JC21nU2z0IQgzQOnl+agEGciV3DjW+Hz
z+4cj384fMBcD0CX2Tgv7iz6kNsbZUX+FOz7Fl3FndKTD/ct3y9LLmVUz41UHu2O
wzAiON1wICaOL7dS6Jh8s4Y8QR0/jdtiRfirsp+MZOqIyP+tk4WPs729FNbWqbP8
e3/phZHQmHRaX3mYopFWaKZ13J07O9pHYIlwBMqFD6IFjLtn3tuFbbQkTHF5gm7t
YZs/313+T87J7psL81+7TJKeDHQvToKboya2gyCgA+LcZp6ulV0Bxp8hJSM4XJ3t
JxfnEbXe2WBH0D6cTyH0ELiRCd8mgOdK4scf/7Wx92Bh21QSkBw=
=olE5
-----END PGP SIGNATURE-----