From 7b9f46be1b08a43f4b83e232957c5b4ae4de5f6d Mon Sep 17 00:00:00 2001 From: AlmaLinux RelEng Bot Date: Tue, 7 Apr 2026 12:56:14 -0400 Subject: [PATCH] import UBI rsync-3.4.1-2.el10_1.2 --- rsync-3.4.1-cve-2025-10158.patch | 27 +++++++++++++++++++++++++++ rsync-3.4.1-ssh-askpass.patch | 15 +++++++++++++++ rsync.spec | 12 +++++++++++- 3 files changed, 53 insertions(+), 1 deletion(-) create mode 100644 rsync-3.4.1-cve-2025-10158.patch create mode 100644 rsync-3.4.1-ssh-askpass.patch diff --git a/rsync-3.4.1-cve-2025-10158.patch b/rsync-3.4.1-cve-2025-10158.patch new file mode 100644 index 0000000..6527476 --- /dev/null +++ b/rsync-3.4.1-cve-2025-10158.patch @@ -0,0 +1,27 @@ +From 797e17fc4a6f15e3b1756538a9f812b63942686f Mon Sep 17 00:00:00 2001 +From: Andrew Tridgell +Date: Sat, 23 Aug 2025 17:26:53 +1000 +Subject: [PATCH] fixed an invalid access to files array + +this was found by Calum Hutton from Rapid7. It is a real bug, but +analysis shows it can't be leverged into an exploit. Worth fixing +though. + +Many thanks to Calum and Rapid7 for finding and reporting this +--- + sender.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/sender.c b/sender.c +index a4d46c39e..b1588b701 100644 +--- a/sender.c ++++ b/sender.c +@@ -262,6 +262,8 @@ void send_files(int f_in, int f_out) + + if (ndx - cur_flist->ndx_start >= 0) + file = cur_flist->files[ndx - cur_flist->ndx_start]; ++ else if (cur_flist->parent_ndx < 0) ++ exit_cleanup(RERR_PROTOCOL); + else + file = dir_flist->files[cur_flist->parent_ndx]; + if (F_PATHNAME(file)) { diff --git a/rsync-3.4.1-ssh-askpass.patch b/rsync-3.4.1-ssh-askpass.patch new file mode 100644 index 0000000..8941495 --- /dev/null +++ b/rsync-3.4.1-ssh-askpass.patch @@ -0,0 +1,15 @@ +diff --git a/main.c b/main.c +index 7222a83..630ca03 100644 +--- a/main.c ++++ b/main.c +@@ -1743,7 +1743,9 @@ int main(int argc,char *argv[]) + our_gid = MY_GID(); + am_root = our_uid == ROOT_UID; + +- unset_env_var("DISPLAY"); ++ // DISPLAY should only be cleared if SSH_ASKPASS is empty ++ if (!getenv("SSH_ASKPASS")) ++ unset_env_var("DISPLAY"); + + #if defined USE_OPENSSL && defined SET_OPENSSL_CONF + #define TO_STR2(x) #x diff --git a/rsync.spec b/rsync.spec index 8ca039d..7889ace 100644 --- a/rsync.spec +++ b/rsync.spec @@ -9,7 +9,7 @@ Summary: A program for synchronizing files over a network Name: rsync Version: 3.4.1 -Release: 2%{?prerelease}%{?dist} +Release: 2%{?prerelease}%{?dist}.2 URL: https://rsync.samba.org/ Source0: https://download.samba.org/pub/rsync/src/rsync-%{version}%{?prerelease}.tar.gz @@ -45,6 +45,8 @@ License: GPL-3.0-or-later Patch1: rsync-3.2.2-runtests.patch # creating rrsync.1.md would require commonmark, we copy it instead Patch2: rsync-3.4.1-rrsync-man.patch +Patch3: rsync-3.4.1-ssh-askpass.patch +Patch4: rsync-3.4.1-cve-2025-10158.patch %description Rsync uses a reliable algorithm to bring remote and host files into @@ -86,6 +88,8 @@ may be used to setup a restricted rsync users via ssh logins. %patch 1 -p1 -b .runtests %patch 2 -p1 -b .rrsync +%patch 3 -p1 -b .ssh-askpass +%patch 4 -p1 -b .cve-2025-10158 %build %configure \ @@ -143,6 +147,12 @@ install -D -m644 %{SOURCE6} $RPM_BUILD_ROOT/%{_unitdir}/rsyncd@.service %systemd_postun_with_restart rsyncd.service %changelog +* Thu Mar 12 2026 Michal Ruprich - 3.4.1-2.2 +- Resolves: RHEL-152885 - CVE-2025-10158 Out of bounds array access via negative index + +* Thu Mar 12 2026 Michal Ruprich - 3.4.1-2.1 +- Resolves: RHEL-152878 - clearing DISPLAY breaks SSH_ASKPASS expectations + * Thu Jan 30 2025 Michal Ruprich - 3.4.1-2 - Resolves: RHEL-71293 - Build rsync with --with-rrsync