diff --git a/1-bugfix-for-CVE-2025-10158.patch b/1-bugfix-for-CVE-2025-10158.patch new file mode 100644 index 0000000000000000000000000000000000000000..6527476e3b04fc9818c81c093a58414479b6d50a --- /dev/null +++ b/1-bugfix-for-CVE-2025-10158.patch @@ -0,0 +1,27 @@ +From 797e17fc4a6f15e3b1756538a9f812b63942686f Mon Sep 17 00:00:00 2001 +From: Andrew Tridgell +Date: Sat, 23 Aug 2025 17:26:53 +1000 +Subject: [PATCH] fixed an invalid access to files array + +this was found by Calum Hutton from Rapid7. It is a real bug, but +analysis shows it can't be leverged into an exploit. Worth fixing +though. + +Many thanks to Calum and Rapid7 for finding and reporting this +--- + sender.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/sender.c b/sender.c +index a4d46c39e..b1588b701 100644 +--- a/sender.c ++++ b/sender.c +@@ -262,6 +262,8 @@ void send_files(int f_in, int f_out) + + if (ndx - cur_flist->ndx_start >= 0) + file = cur_flist->files[ndx - cur_flist->ndx_start]; ++ else if (cur_flist->parent_ndx < 0) ++ exit_cleanup(RERR_PROTOCOL); + else + file = dir_flist->files[cur_flist->parent_ndx]; + if (F_PATHNAME(file)) { diff --git a/rsync.spec b/rsync.spec index da13bf60c79452a707de7fb1b9fe0ab0fe27d197..7917198fea45c8cc59f02382838e2281ce183c11 100644 --- a/rsync.spec +++ b/rsync.spec @@ -1,4 +1,4 @@ -%define anolis_release 1 +%define anolis_release 2 Name: rsync Version: 3.4.1 @@ -14,6 +14,9 @@ Source4: rsyncd.conf Source5: rsyncd.sysconfig Source6: rsyncd@.service + +# https://github.com/RsyncProject/rsync/commit/797e17fc4a6f15e3b1756538a9f812b63942686f.patch +Patch1: 1-bugfix-for-CVE-2025-10158.patch BuildRequires: make vim BuildRequires: gcc BuildRequires: gcc-c++ @@ -108,6 +111,9 @@ chmod -x support/* %{_unitdir}/rsyncd@.service %changelog +* Thu Nov 20 2025 tomcruiseqi - 3.4.1-2 +- Fix CVE-2025-10158 + * Fri Feb 21 2025 yangxinyu - 3.4.1-1 - New version 3.4.1