import UBI rsync-3.2.3-20.el9_5.1

2025-01-15 08:29:11 +00:00 · 2025-01-15 08:29:11 +00:00 · ac1571010d
commit ac1571010d
parent b4be731688
2 changed files with 20 additions and 1 deletions
--- a/SOURCES/rsync-3.2.3-cve-2024-12085.patch
+++ b/SOURCES/rsync-3.2.3-cve-2024-12085.patch
@ -0,0 +1,14 @@
+diff --git a/match.c b/match.c
+index 36e78ed..dfd6af2 100644
+--- a/match.c
+++ b/match.c
+@@ -147,6 +147,9 @@ static void hash_search(int f,struct sum_struct *s,
+ 	int more;
+ 	schar *map;
+ 
+	// prevent possible memory leaks
+	memset(sum2, 0, sizeof sum2);
+
+ 	/* want_i is used to encourage adjacent matches, allowing the RLL
+ 	 * coding of the output to work more efficiently. */
+ 	want_i = 0;
--- a/SPECS/rsync.spec
+++ b/SPECS/rsync.spec
@ -10,7 +10,7 @@
 Summary: A program for synchronizing files over a network
 Name: rsync
 Version: 3.2.3
-Release: 20%{?dist}
+Release: 20%{?dist}.1
 URL: https://rsync.samba.org/

 Source0: https://download.samba.org/pub/rsync/src/rsync-%{version}%{?prerelease}.tar.gz
@ -43,6 +43,7 @@ Patch8: rsync-3.2.3-cve-2022-37434.patch
 Patch9: rsync-3.2.3-cve-2022-29154.patch
 Patch10: rsync-3.2.3-filtering-rules.patch
 Patch11: rsync-3.2.3-delay-updates.patch
+Patch12: rsync-3.2.3-cve-2024-12085.patch

 %description
 Rsync uses a reliable algorithm to bring remote and host files into
@ -88,6 +89,7 @@ patch -p1 -i patches/copy-devices.diff
 %patch9 -p1 -b .cve-2022-29154
 %patch10 -p1 -b .filtering-rules
 %patch11 -p1 -b .delay-updates
+%patch12 -p1 -b .cve-2024-12085

 %build
 %configure --disable-xxhash
@ -134,6 +136,9 @@ install -D -m644 %{SOURCE6} $RPM_BUILD_ROOT/%{_unitdir}/rsyncd@.service
 %systemd_postun_with_restart rsyncd.service

 %changelog
+* Fri Jan 03 2025 Michal Ruprich <mruprich@redhat.com> - 3.2.3-20.1
+- Resolves: RHEL-72495 - Info Leak via Uninitialized Stack Contents
+
 * Thu Oct 19 2023 Alex Iribarren <Alex.Iribarren@cern.ch> - 3.2.3-20
 - Resolves: RHEL-14228 - rsync regression with --delay-updates