A program for synchronizing files over a network

Michal Ruprich 15f6d55f9a Fix CVE-2026-43618: integer overflow in compressed-token decoding ... Backport upstream commit 901041dddc9a to fix CVE-2026-43618, an integer overflow in compressed-token decoding in rsync. The patch hardens the receiver's three compressed-token decoders (zlib, zstd, lz4) in token.c by replacing inline token decoding with a shared recv_compressed_token_num() function that includes proper overflow protection. It also adds bounds checking in receiver.c and simple_recv_token to reject malformed token values, preventing potential memory leaks to the wire. Upstream patch: https://github.com/RsyncProject/rsync/commit/901041dd.patch Added a followup commit: https://github.com/RsyncProject/rsync/commit/11e3e239 Resolves: RHEL-174939		2026-06-23 11:41:13 +02:00
.fmf	Resolves: #2081296 - Enable fmf tests in centos stream	2022-05-03 15:04:47 +02:00
.gitignore	Resolves: RHEL-70265 - Rebase rsync to 3.2.5	2024-12-09 19:04:42 +01:00
ci.fmf	Related: #2081296 - Adding ci.fmf for separation of testing results	2022-05-18 16:24:01 +02:00
gating.yaml	Update plans	2025-10-09 10:18:08 +00:00
Makefile	RHEL 9.0.0 Alpha bootstrap	2020-10-14 21:54:13 -07:00
plans.fmf	Update plans	2025-10-09 10:18:08 +00:00
rpminspect.yaml	Resolves: #2053198 - rsync segmentation fault	2022-04-26 08:31:05 +02:00
rsync-3.0.6-iconv-logging.patch	RHEL 9.0.0 Alpha bootstrap	2020-10-14 21:54:13 -07:00
rsync-3.2.2-runtests.patch	RHEL 9.0.0 Alpha bootstrap	2020-10-14 21:54:13 -07:00
rsync-3.2.3-filtering-rules.patch	Resolves: RHEL-70265 - Rebase rsync to 3.2.5	2024-12-09 19:04:42 +01:00
rsync-3.2.5-cve-2024-12085.patch	Resolves: RHEL-70158 - Info Leak via Uninitialized Stack Contents	2025-01-30 10:01:16 +01:00
rsync-3.2.5-cve-2024-12086.patch	Fix CVE-2026-29518: TOCTOU symlink race in rsync daemon no-chroot mode	2026-06-23 10:35:50 +02:00
rsync-3.2.5-cve-2024-12087.patch	Resolves: RHEL-70158 - Info Leak via Uninitialized Stack Contents	2025-01-30 10:01:16 +01:00
rsync-3.2.5-cve-2024-12088.patch	Resolves: RHEL-70158 - Info Leak via Uninitialized Stack Contents	2025-01-30 10:01:16 +01:00
rsync-3.2.5-cve-2024-12747.patch	Resolves: RHEL-70158 - Info Leak via Uninitialized Stack Contents	2025-01-30 10:01:16 +01:00
rsync-3.2.5-cve-2025-10158.patch	Resolves: RHEL-152536 - CVE-2025-10158 Out of bounds array access via negative index	2026-04-13 15:15:44 +02:00
rsync-3.2.5-cve-2026-41035.patch	Resolves: RHEL-169151 - CVE-2026-41035 - Use-after-free vulnerability in extended attribute handling	2026-05-07 12:23:07 +02:00
rsync-3.2.5-default-compression.patch	Resolves: RHEL-70265 - Rebase rsync to 3.2.5	2025-02-05 10:33:59 +01:00
rsync-3.2.5-fix-cve-2026-29518-regressions.patch	Fix CVE-2026-29518: TOCTOU symlink race in rsync daemon no-chroot mode	2026-06-23 10:35:50 +02:00
rsync-3.2.5-fix-cve-2026-29518.patch	Fix CVE-2026-29518: TOCTOU symlink race in rsync daemon no-chroot mode	2026-06-23 10:35:50 +02:00
rsync-3.2.5-fix-cve-2026-43618.patch	Fix CVE-2026-43618: integer overflow in compressed-token decoding	2026-06-23 11:41:13 +02:00
rsync-3.2.5-rrsync-man.patch	Resolves: RHEL-70265 - Rebase rsync to 3.2.5	2024-12-09 19:04:42 +01:00
rsync-3.2.5-ssh-askpass.patch	Resolves: RHEL-104404 - Do not clear DISPLAY unconditionally	2025-10-09 13:26:24 +02:00
rsync-man.patch	RHEL 9.0.0 Alpha bootstrap	2020-10-14 21:54:13 -07:00
rsync-noatime.patch	RHEL 9.0.0 Alpha bootstrap	2020-10-14 21:54:13 -07:00
rsync.spec	Fix CVE-2026-43618: integer overflow in compressed-token decoding	2026-06-23 11:41:13 +02:00
rsyncd.conf	RHEL 9.0.0 Alpha bootstrap	2020-10-14 21:54:13 -07:00
rsyncd.service	RHEL 9.0.0 Alpha bootstrap	2020-10-14 21:54:13 -07:00
rsyncd.socket	RHEL 9.0.0 Alpha bootstrap	2020-10-14 21:54:13 -07:00
rsyncd.sysconfig	RHEL 9.0.0 Alpha bootstrap	2020-10-14 21:54:13 -07:00
rsyncd@.service	RHEL 9.0.0 Alpha bootstrap	2020-10-14 21:54:13 -07:00
sources	Resolves: RHEL-70265 - Rebase rsync to 3.2.5	2024-12-09 19:04:42 +01:00