import rsync-3.2.3-9.el9_0.2

2022-08-24 13:08:24 -04:00 · 2022-08-24 13:08:24 -04:00 · 1ba4001a51
commit 1ba4001a51
parent ad5072fdd7
2 changed files with 1091 additions and 1 deletions
--- a/SOURCES/rsync-3.2.3-cve-2022-29154.patch
+++ b/SOURCES/rsync-3.2.3-cve-2022-29154.patch
--- a/SPECS/rsync.spec
+++ b/SPECS/rsync.spec
@ -10,7 +10,7 @@
 Summary: A program for synchronizing files over a network
 Name: rsync
 Version: 3.2.3
-Release: 9%{?dist}.1
+Release: 9%{?dist}.2
 URL: https://rsync.samba.org/

 Source0: https://download.samba.org/pub/rsync/src/rsync-%{version}%{?prerelease}.tar.gz
@ -36,6 +36,7 @@ Patch1: rsync-3.2.2-runtests.patch
 Patch2: rsync-3.2.3-lchmod.patch
 Patch3: rsync-3.2.3-append-mode.patch
 Patch4: rsync-3.2.3-cve-2018-25032.patch
+Patch5: rsync-3.2.3-cve-2022-29154.patch

 %description
 Rsync uses a reliable algorithm to bring remote and host files into
@ -74,6 +75,7 @@ patch -p1 -i patches/copy-devices.diff
 %patch2 -p1 -b .lchmod
 %patch3 -p1 -b .append-mode
 %patch4 -p1 -b .cve-2018-25032
+%patch5 -p1 -b .cve-2022-29154

 %build
 %configure --disable-xxhash
@ -120,6 +122,9 @@ install -D -m644 %{SOURCE6} $RPM_BUILD_ROOT/%{_unitdir}/rsyncd@.service
 %systemd_postun_with_restart rsyncd.service

 %changelog
+* Mon Aug 15 2022 Michal Ruprich <mruprich@redhat.com> - 3.2.3-9.2
+- Resolves: #2111176 - remote arbitrary files write inside the directories of connecting peers
+
 * Thu Apr 21 2022 Michal Ruprich <mruprich@redhat.com> - 3.2.3-9.1
 - Resolves: #2074784 - A flaw found in zlib v1.2.2.2 through zlib v1.2.11 when compressing certain inputs