From 0d804b03ecd2b76058c41df5f6b797bdafd8c217 Mon Sep 17 00:00:00 2001
From: AlmaLinux RelEng Bot <eabdullin@almalinux.org>
Date: Thu, 14 May 2026 05:35:43 -0400
Subject: [PATCH] import CS git rsync-3.1.3-25.el8_10

---
 SOURCES/rsync-3.1.3-cve-2026-41035.patch | 15 +++++++++++++++
 SPECS/rsync.spec                         |  8 +++++++-
 2 files changed, 22 insertions(+), 1 deletion(-)
 create mode 100644 SOURCES/rsync-3.1.3-cve-2026-41035.patch

diff --git a/SOURCES/rsync-3.1.3-cve-2026-41035.patch b/SOURCES/rsync-3.1.3-cve-2026-41035.patch
new file mode 100644
index 0000000..151bc6a
--- /dev/null
+++ b/SOURCES/rsync-3.1.3-cve-2026-41035.patch
@@ -0,0 +1,15 @@
+diff --git a/xattrs.c b/xattrs.c
+index f732fb15..b1b4217e 100644
+--- a/xattrs.c
++++ b/xattrs.c
+@@ -917,8 +917,8 @@ void receive_xattr(int f, struct file_struct *file)
+ 		rxa->num = num;
+ 	}
+ 
+-	if (need_sort && count > 1)
+-		qsort(temp_xattr.items, count, sizeof (rsync_xa), rsync_xal_compare_names);
++	if (need_sort && temp_xattr.count > 1)
++		qsort(temp_xattr.items, temp_xattr.count, sizeof (rsync_xa), rsync_xal_compare_names);
+ 
+ 	ndx = rsync_xal_store(&temp_xattr); /* adds item to rsync_xal_l */
+ 
diff --git a/SPECS/rsync.spec b/SPECS/rsync.spec
index a5b9213..ad94c24 100644
--- a/SPECS/rsync.spec
+++ b/SPECS/rsync.spec
@@ -9,7 +9,7 @@
 Summary: A program for synchronizing files over a network
 Name: rsync
 Version: 3.1.3
-Release: 24%{?dist}
+Release: 25%{?dist}
 Group: Applications/Internet
 URL: http://rsync.samba.org/
 
@@ -50,6 +50,8 @@ Patch18: rsync-3.1.3-cve-2024-12747.patch
 Patch19: rsync-3.1.3-cve-2025-4638.patch
 Patch20: rsync-3.1.3-trust-sender.patch
 Patch21: rsync-3.1.3-cve-2025-10158.patch
+# https://github.com/RsyncProject/rsync/commit/bb0a8118c2d2ab01140bac5e4e327e5e1ef90c9c
+Patch22: rsync-3.1.3-cve-2026-41035.patch
 
 %description
 Rsync uses a reliable algorithm to bring remote and host files into
@@ -109,6 +111,7 @@ patch -p1 -i patches/copy-devices.diff
 %patch19 -p1 -b .cve-2025-4638
 %patch20 -p1 -b .trust-sender
 %patch21 -p1 -b .cve-2025-10158
+%patch22 -p1 -b .cve-2026-41035
 
 %build
 %configure
@@ -155,6 +158,9 @@ chmod -x support/*
 %systemd_postun_with_restart rsyncd.service
 
 %changelog
+* Tue May 05 2026 Michal Ruprich <mruprich@redhat.com> - 3.1.3-25
+- Resolves: RHEL-169141 - CVE-2026-41035 - Use-after-free vulnerability in extended attribute handling
+
 * Wed Mar 11 2026 Michal Ruprich <mruprich@redhat.com> - 3.1.3-24
 - Resolves: RHEL-152887 - CVE-2025-10158 - Out of bounds array access via negative index