Resolves: #2111177 - remote arbitrary files write inside the directories of connecting peers

2022-08-25 10:29:38 +02:00 · 2022-08-25 10:29:38 +02:00 · 38c542ff38
commit 38c542ff38
parent eb69e042dc
2 changed files with 1091 additions and 1 deletions
--- a/rsync-3.2.3-cve-2022-29154.patch
+++ b/rsync-3.2.3-cve-2022-29154.patch
--- a/rsync.spec
+++ b/rsync.spec
@ -10,7 +10,7 @@
 Summary: A program for synchronizing files over a network
 Name: rsync
 Version: 3.2.3
-Release: 17%{?dist}
+Release: 18%{?dist}
 URL: https://rsync.samba.org/

 Source0: https://download.samba.org/pub/rsync/src/rsync-%{version}%{?prerelease}.tar.gz
@ -40,6 +40,7 @@ Patch5: rsync-3.2.3-segfault.patch
 Patch6: rsync-3.2.3-atimes.patch
 Patch7: rsync-3.1.3-cve-2018-25032.patch
 Patch8: rsync-3.2.3-cve-2022-37434.patch
+Patch9: rsync-3.2.3-cve-2022-29154.patch

 %description
 Rsync uses a reliable algorithm to bring remote and host files into
@ -82,6 +83,7 @@ patch -p1 -i patches/copy-devices.diff
 %patch6 -p1 -b .atimes
 %patch7 -p1 -b .cve-2018-25032
 %patch8 -p1 -b .cve-2022-37434
+%patch9 -p1 -b .cve-2022-29154

 %build
 %configure --disable-xxhash
@ -128,6 +130,9 @@ install -D -m644 %{SOURCE6} $RPM_BUILD_ROOT/%{_unitdir}/rsyncd@.service
 %systemd_postun_with_restart rsyncd.service

 %changelog
+* Thu Aug 25 2022 Michal Ruprich <mruprich@redhat.com> - 3.2.3-18
+- Resolves: #2111177 - remote arbitrary files write inside the directories of connecting peers
+
 * Thu Aug 18 2022 Michal Ruprich <mruprich@redhat.com> - 3.2.3-17
 - Resolves: #2116669 - zlib: a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field