rpms/rsync
5
0
Fork 1
Code Issues Pull Requests Releases Activity

Auto sync2gitlab import of rsync-3.1.3-19.el8.src.rpm

Browse Source
This commit is contained in:
CentOS Sources 2022-08-24 22:30:43 +00:00
parent e1ec8b5df8
commit e5df0189f0
3 changed files with 1092 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1065
rsync-3.1.3-cve-2022-29154.patch Normal file
View File

File diff suppressed because it is too large Load Diff

16
rsync-3.1.3-cve-2022-37434.patch Normal file
View File

@ -0,0 +1,16 @@
diff --git a/zlib/inflate.c b/zlib/inflate.c
index e43abd9..bd33c19 100644
--- a/zlib/inflate.c
+++ b/zlib/inflate.c
@@ -740,8 +740,9 @@ int flush;
if (copy > have) copy = have;
if (copy) {
if (state->head != Z_NULL &&
- state->head->extra != Z_NULL) {
- len = state->head->extra_len - state->length;
+ state->head->extra != Z_NULL &&
+ (len = state->head->extra_len - state->length) <
+ state->head->extra_max) {
zmemcpy(state->head->extra + len, next,
len + copy > state->head->extra_max ?
state->head->extra_max - len : copy);

12
rsync.spec
View File

@ -9,7 +9,7 @@
Summary: A program for synchronizing files over a network Summary: A program for synchronizing files over a network
Name: rsync Name: rsync
Version: 3.1.3 Version: 3.1.3
Release: 17%{?dist} Release: 19%{?dist}
Group: Applications/Internet Group: Applications/Internet
URL: http://rsync.samba.org/ URL: http://rsync.samba.org/
@ -38,6 +38,8 @@ Patch7: rsync-3.1.3-skip-compress.patch
Patch8: rsync-3.1.3-xattr.patch Patch8: rsync-3.1.3-xattr.patch
Patch9: rsync-3.1.3-cve-2018-25032.patch Patch9: rsync-3.1.3-cve-2018-25032.patch
Patch10: rsync-3.1.3-sparse-block.patch Patch10: rsync-3.1.3-sparse-block.patch
Patch11: rsync-3.1.3-cve-2022-29154.patch
Patch12: rsync-3.1.3-cve-2022-37434.patch
%description %description
Rsync uses a reliable algorithm to bring remote and host files into Rsync uses a reliable algorithm to bring remote and host files into
@ -86,6 +88,8 @@ patch -p1 -i patches/copy-devices.diff
%patch8 -p1 -b .xattr %patch8 -p1 -b .xattr
%patch9 -p1 -b .cve-2018-25032 %patch9 -p1 -b .cve-2018-25032
%patch10 -p1 -b .spars-block %patch10 -p1 -b .spars-block
%patch11 -p1 -b .cve-2022-29154
%patch12 -p1 -b .cve-2022-37434
%build %build
%configure %configure
@ -132,6 +136,12 @@ chmod -x support/*
%systemd_postun_with_restart rsyncd.service %systemd_postun_with_restart rsyncd.service
%changelog %changelog
* Thu Aug 18 2022 Michal Ruprich <mruprich@redhat.com> - 3.1.3-19
- Resolves: #2116668 - zlib: a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field
* Mon Aug 15 2022 Michal Ruprich <mruprich@redhat.com> - 3.1.3-18
- Resolves: #2111175 - remote arbitrary files write inside the directories of connecting peers
* Mon Aug 08 2022 Michal Ruprich <mruprich@redhat.com> - 3.1.3-17 * Mon Aug 08 2022 Michal Ruprich <mruprich@redhat.com> - 3.1.3-17
- Related: #2043753 - New option should not be sent to the server every time - Related: #2043753 - New option should not be sent to the server every time