Resolves: #2116669 - zlib: a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field
This commit is contained in:
Michal Ruprich
parent
bf0b0151cc
commit
eb69e042dc
16
rsync-3.2.3-cve-2022-37434.patch
Normal file
16
rsync-3.2.3-cve-2022-37434.patch
Normal file
@ -0,0 +1,16 @@
|
|||||||
|
diff --git a/zlib/inflate.c b/zlib/inflate.c
|
||||||
|
index e43abd9..bd33c19 100644
|
||||||
|
--- a/zlib/inflate.c
|
||||||
|
+++ b/zlib/inflate.c
|
||||||
|
@@ -740,8 +740,9 @@ int flush;
|
||||||
|
if (copy > have) copy = have;
|
||||||
|
if (copy) {
|
||||||
|
if (state->head != Z_NULL &&
|
||||||
|
- state->head->extra != Z_NULL) {
|
||||||
|
- len = state->head->extra_len - state->length;
|
||||||
|
+ state->head->extra != Z_NULL &&
|
||||||
|
+ (len = state->head->extra_len - state->length) <
|
||||||
|
+ state->head->extra_max) {
|
||||||
|
zmemcpy(state->head->extra + len, next,
|
||||||
|
len + copy > state->head->extra_max ?
|
||||||
|
state->head->extra_max - len : copy);
|
||||||
@ -10,7 +10,7 @@
|
|||||||
Summary: A program for synchronizing files over a network
|
Summary: A program for synchronizing files over a network
|
||||||
Name: rsync
|
Name: rsync
|
||||||
Version: 3.2.3
|
Version: 3.2.3
|
||||||
Release: 16%{?dist}
|
Release: 17%{?dist}
|
||||||
URL: https://rsync.samba.org/
|
URL: https://rsync.samba.org/
|
||||||
|
|
||||||
Source0: https://download.samba.org/pub/rsync/src/rsync-%{version}%{?prerelease}.tar.gz
|
Source0: https://download.samba.org/pub/rsync/src/rsync-%{version}%{?prerelease}.tar.gz
|
||||||
@ -39,6 +39,7 @@ Patch4: rsync-3.2.3-xattr.patch
|
|||||||
Patch5: rsync-3.2.3-segfault.patch
|
Patch5: rsync-3.2.3-segfault.patch
|
||||||
Patch6: rsync-3.2.3-atimes.patch
|
Patch6: rsync-3.2.3-atimes.patch
|
||||||
Patch7: rsync-3.1.3-cve-2018-25032.patch
|
Patch7: rsync-3.1.3-cve-2018-25032.patch
|
||||||
|
Patch8: rsync-3.2.3-cve-2022-37434.patch
|
||||||
|
|
||||||
%description
|
%description
|
||||||
Rsync uses a reliable algorithm to bring remote and host files into
|
Rsync uses a reliable algorithm to bring remote and host files into
|
||||||
@ -80,6 +81,7 @@ patch -p1 -i patches/copy-devices.diff
|
|||||||
%patch5 -p1 -b .segfault
|
%patch5 -p1 -b .segfault
|
||||||
%patch6 -p1 -b .atimes
|
%patch6 -p1 -b .atimes
|
||||||
%patch7 -p1 -b .cve-2018-25032
|
%patch7 -p1 -b .cve-2018-25032
|
||||||
|
%patch8 -p1 -b .cve-2022-37434
|
||||||
|
|
||||||
%build
|
%build
|
||||||
%configure --disable-xxhash
|
%configure --disable-xxhash
|
||||||
@ -126,6 +128,9 @@ install -D -m644 %{SOURCE6} $RPM_BUILD_ROOT/%{_unitdir}/rsyncd@.service
|
|||||||
%systemd_postun_with_restart rsyncd.service
|
%systemd_postun_with_restart rsyncd.service
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Thu Aug 18 2022 Michal Ruprich <mruprich@redhat.com> - 3.2.3-17
|
||||||
|
- Resolves: #2116669 - zlib: a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field
|
||||||
|
|
||||||
* Wed May 18 2022 Michal Ruprich <mruprich@redhat.com> - 3.2.3-16
|
* Wed May 18 2022 Michal Ruprich <mruprich@redhat.com> - 3.2.3-16
|
||||||
- Related: #2081296 - Adding ci.fmf for separation of testing results
|
- Related: #2081296 - Adding ci.fmf for separation of testing results
|
||||||
|
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user