From 6b53040a393367499f5d1174c5b30d2c4b91def2 Mon Sep 17 00:00:00 2001
From: AlmaLinux RelEng Bot <eabdullin@almalinux.org>
Date: Thu, 2 Apr 2026 07:24:49 -0400
Subject: [PATCH] import CS git rsync-3.1.3-24.el8_10

---
 SOURCES/rsync-3.1.3-cve-2025-10158.patch | 27 ++++++++++++++++++++++++
 SPECS/rsync.spec                         |  7 +++++-
 2 files changed, 33 insertions(+), 1 deletion(-)
 create mode 100644 SOURCES/rsync-3.1.3-cve-2025-10158.patch

diff --git a/SOURCES/rsync-3.1.3-cve-2025-10158.patch b/SOURCES/rsync-3.1.3-cve-2025-10158.patch
new file mode 100644
index 0000000..6527476
--- /dev/null
+++ b/SOURCES/rsync-3.1.3-cve-2025-10158.patch
@@ -0,0 +1,27 @@
+From 797e17fc4a6f15e3b1756538a9f812b63942686f Mon Sep 17 00:00:00 2001
+From: Andrew Tridgell <andrew@tridgell.net>
+Date: Sat, 23 Aug 2025 17:26:53 +1000
+Subject: [PATCH] fixed an invalid access to files array
+
+this was found by Calum Hutton from Rapid7. It is a real bug, but
+analysis shows it can't be leverged into an exploit. Worth fixing
+though.
+
+Many thanks to Calum and Rapid7 for finding and reporting this
+---
+ sender.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/sender.c b/sender.c
+index a4d46c39e..b1588b701 100644
+--- a/sender.c
++++ b/sender.c
+@@ -262,6 +262,8 @@ void send_files(int f_in, int f_out)
+ 
+ 		if (ndx - cur_flist->ndx_start >= 0)
+ 			file = cur_flist->files[ndx - cur_flist->ndx_start];
++		else if (cur_flist->parent_ndx < 0)
++			exit_cleanup(RERR_PROTOCOL);
+ 		else
+ 			file = dir_flist->files[cur_flist->parent_ndx];
+ 		if (F_PATHNAME(file)) {
diff --git a/SPECS/rsync.spec b/SPECS/rsync.spec
index ea9b51c..a5b9213 100644
--- a/SPECS/rsync.spec
+++ b/SPECS/rsync.spec
@@ -9,7 +9,7 @@
 Summary: A program for synchronizing files over a network
 Name: rsync
 Version: 3.1.3
-Release: 23%{?dist}
+Release: 24%{?dist}
 Group: Applications/Internet
 URL: http://rsync.samba.org/
 
@@ -49,6 +49,7 @@ Patch18: rsync-3.1.3-cve-2024-12747.patch
 # a fix for CVE-2016-9840 in zlib but marked as CVE-2025-4638 for a different component
 Patch19: rsync-3.1.3-cve-2025-4638.patch
 Patch20: rsync-3.1.3-trust-sender.patch
+Patch21: rsync-3.1.3-cve-2025-10158.patch
 
 %description
 Rsync uses a reliable algorithm to bring remote and host files into
@@ -107,6 +108,7 @@ patch -p1 -i patches/copy-devices.diff
 %patch18 -p1 -b .cve-2024-12747
 %patch19 -p1 -b .cve-2025-4638
 %patch20 -p1 -b .trust-sender
+%patch21 -p1 -b .cve-2025-10158
 
 %build
 %configure
@@ -153,6 +155,9 @@ chmod -x support/*
 %systemd_postun_with_restart rsyncd.service
 
 %changelog
+* Wed Mar 11 2026 Michal Ruprich <mruprich@redhat.com> - 3.1.3-24
+- Resolves: RHEL-152887 - CVE-2025-10158 - Out of bounds array access via negative index
+
 * Wed May 28 2025 Michal Ruprich <mruprich@redhat.com> - 3.1.3-23
 - Resolves: RHEL-52004 - Slowness in rsync due to extra validation steps