rpms/rsync
6
0
Fork 1
Code Issues Pull Requests Releases Activity

Resolves: RHEL-91519 - Improper Pointer Arithmetic in pcl

Browse Source
This commit is contained in:
Michal Ruprich 2025-05-26 14:31:54 +02:00
parent 896893c93a
commit 12b12b0194
2 changed files with 61 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

54
rsync-3.1.3-cve-2025-4638.patch Normal file
View File

@ -0,0 +1,54 @@
diff --git a/zlib/inftrees.c b/zlib/inftrees.c
index 44d89cf2..571e8100 100644
--- a/zlib/inftrees.c
+++ b/zlib/inftrees.c
@@ -54,7 +54,7 @@ unsigned short FAR *work;
code FAR *next; /* next available space in table */
const unsigned short FAR *base; /* base value table to use */
const unsigned short FAR *extra; /* extra bits table to use */
- int end; /* use base and extra for symbol > end */
+ unsigned match; /* use base and extra for symbol >= match */
unsigned short count[MAXBITS+1]; /* number of codes of each length */
unsigned short offs[MAXBITS+1]; /* offsets in table for each length */
static const unsigned short lbase[31] = { /* Length codes 257..285 base */
@@ -181,19 +181,17 @@ unsigned short FAR *work;
switch (type) {
case CODES:
base = extra = work; /* dummy value--not used */
- end = 19;
+ match = 20;
break;
case LENS:
base = lbase;
- base -= 257;
extra = lext;
- extra -= 257;
- end = 256;
+ match = 257;
break;
default: /* DISTS */
base = dbase;
extra = dext;
- end = -1;
+ match = 0;
}
/* initialize state for loop */
@@ -216,13 +214,13 @@ unsigned short FAR *work;
for (;;) {
/* create table entry */
here.bits = (unsigned char)(len - drop);
- if ((int)(work[sym]) < end) {
+ if (work[sym] + 1u < match) {
here.op = (unsigned char)0;
here.val = work[sym];
}
- else if ((int)(work[sym]) > end) {
- here.op = (unsigned char)(extra[work[sym]]);
- here.val = base[work[sym]];
+ else if (work[sym] >= match) {
+ here.op = (unsigned char)(extra[work[sym] - match]);
+ here.val = base[work[sym] - match];
}
else {
here.op = (unsigned char)(32 + 64); /* end of block */

8
rsync.spec
View File

@ -9,7 +9,7 @@
Summary: A program for synchronizing files over a network Summary: A program for synchronizing files over a network
Name: rsync Name: rsync
Version: 3.1.3 Version: 3.1.3
Release: 21%{?dist} Release: 22%{?dist}
Group: Applications/Internet Group: Applications/Internet
URL: http://rsync.samba.org/ URL: http://rsync.samba.org/
@ -46,6 +46,8 @@ Patch15: rsync-3.1.3-cve-2024-12085.patch
Patch16: rsync-3.1.3-cve-2024-12087.patch Patch16: rsync-3.1.3-cve-2024-12087.patch
Patch17: rsync-3.1.3-cve-2024-12088.patch Patch17: rsync-3.1.3-cve-2024-12088.patch
Patch18: rsync-3.1.3-cve-2024-12747.patch Patch18: rsync-3.1.3-cve-2024-12747.patch
# a fix for CVE-2016-9840 in zlib but marked as CVE-2025-4638 for a different component
Patch19: rsync-3.1.3-cve-2025-4638.patch
%description %description
Rsync uses a reliable algorithm to bring remote and host files into Rsync uses a reliable algorithm to bring remote and host files into
@ -102,6 +104,7 @@ patch -p1 -i patches/copy-devices.diff
%patch16 -p1 -b .cve-2024-12087 %patch16 -p1 -b .cve-2024-12087
%patch17 -p1 -b .cve-2024-12088 %patch17 -p1 -b .cve-2024-12088
%patch18 -p1 -b .cve-2024-12747 %patch18 -p1 -b .cve-2024-12747
%patch19 -p1 -b .cve-2025-4638
%build %build
%configure %configure
@ -148,6 +151,9 @@ chmod -x support/*
%systemd_postun_with_restart rsyncd.service %systemd_postun_with_restart rsyncd.service
%changelog %changelog
* Mon May 26 2025 Michal Ruprich <mruprich@redhat.com> - 3.1.3-22
- Resolves: RHEL-91519 - Improper Pointer Arithmetic in pcl
* Tue Feb 04 2025 Michal Ruprich <mruprich@redhat.com> - 3.1.3-21 * Tue Feb 04 2025 Michal Ruprich <mruprich@redhat.com> - 3.1.3-21
- Resolves: RHEL-70207 - Path traversal vulnerability in rsync - Resolves: RHEL-70207 - Path traversal vulnerability in rsync