From ac1571010d8533c6737c65228d23c965eeebfe96 Mon Sep 17 00:00:00 2001
From: eabdullin <ed.abdullin.1@gmail.com>
Date: Wed, 15 Jan 2025 08:29:11 +0000
Subject: [PATCH] import UBI rsync-3.2.3-20.el9_5.1

---
 SOURCES/rsync-3.2.3-cve-2024-12085.patch | 14 ++++++++++++++
 SPECS/rsync.spec                         |  7 ++++++-
 2 files changed, 20 insertions(+), 1 deletion(-)
 create mode 100644 SOURCES/rsync-3.2.3-cve-2024-12085.patch

diff --git a/SOURCES/rsync-3.2.3-cve-2024-12085.patch b/SOURCES/rsync-3.2.3-cve-2024-12085.patch
new file mode 100644
index 0000000..bb16cd1
--- /dev/null
+++ b/SOURCES/rsync-3.2.3-cve-2024-12085.patch
@@ -0,0 +1,14 @@
+diff --git a/match.c b/match.c
+index 36e78ed..dfd6af2 100644
+--- a/match.c
++++ b/match.c
+@@ -147,6 +147,9 @@ static void hash_search(int f,struct sum_struct *s,
+ 	int more;
+ 	schar *map;
+ 
++	// prevent possible memory leaks
++	memset(sum2, 0, sizeof sum2);
++
+ 	/* want_i is used to encourage adjacent matches, allowing the RLL
+ 	 * coding of the output to work more efficiently. */
+ 	want_i = 0;
diff --git a/SPECS/rsync.spec b/SPECS/rsync.spec
index 38e53fb..0fdfd56 100644
--- a/SPECS/rsync.spec
+++ b/SPECS/rsync.spec
@@ -10,7 +10,7 @@
 Summary: A program for synchronizing files over a network
 Name: rsync
 Version: 3.2.3
-Release: 20%{?dist}
+Release: 20%{?dist}.1
 URL: https://rsync.samba.org/
 
 Source0: https://download.samba.org/pub/rsync/src/rsync-%{version}%{?prerelease}.tar.gz
@@ -43,6 +43,7 @@ Patch8: rsync-3.2.3-cve-2022-37434.patch
 Patch9: rsync-3.2.3-cve-2022-29154.patch
 Patch10: rsync-3.2.3-filtering-rules.patch
 Patch11: rsync-3.2.3-delay-updates.patch
+Patch12: rsync-3.2.3-cve-2024-12085.patch
 
 %description
 Rsync uses a reliable algorithm to bring remote and host files into
@@ -88,6 +89,7 @@ patch -p1 -i patches/copy-devices.diff
 %patch9 -p1 -b .cve-2022-29154
 %patch10 -p1 -b .filtering-rules
 %patch11 -p1 -b .delay-updates
+%patch12 -p1 -b .cve-2024-12085
 
 %build
 %configure --disable-xxhash
@@ -134,6 +136,9 @@ install -D -m644 %{SOURCE6} $RPM_BUILD_ROOT/%{_unitdir}/rsyncd@.service
 %systemd_postun_with_restart rsyncd.service
 
 %changelog
+* Fri Jan 03 2025 Michal Ruprich <mruprich@redhat.com> - 3.2.3-20.1
+- Resolves: RHEL-72495 - Info Leak via Uninitialized Stack Contents
+
 * Thu Oct 19 2023 Alex Iribarren <Alex.Iribarren@cern.ch> - 3.2.3-20
 - Resolves: RHEL-14228 - rsync regression with --delay-updates