packages/rsync
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

!21 Fix CVE-2022-37434

Browse Source 
From: @fly_fzc 
Reviewed-by: @lvying6 
Signed-off-by: @lvying6
This commit is contained in:
openeuler-ci-bot 2022-08-19 01:45:53 +00:00 committed by Gitee
commit 31d0416674
No known key found for this signature in database
GPG Key ID: 173E9B9CA92EEF8F
3 changed files with 62 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
backport-A-fix-for-the-zlib-fix.patch Normal file
View File

@ -0,0 +1,26 @@
From 9e2921fce8c518e370c324407d35bc83ba12f2d5 Mon Sep 17 00:00:00 2001
From: Wayne Davison <wayne@opencoder.net>
Date: Mon, 8 Aug 2022 20:05:10 -0700
Subject: [PATCH] A fix for the zlib fix.
---
zlib/inflate.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/zlib/inflate.c b/zlib/inflate.c
index d15132ea..e9840b67 100644
--- a/zlib/inflate.c
+++ b/zlib/inflate.c
@@ -739,10 +739,10 @@ int flush;
copy = state->length;
if (copy > have) copy = have;
if (copy) {
- len = state->head->extra_len - state->length;
if (state->head != Z_NULL &&
state->head->extra != Z_NULL &&
- len < state->head->extra_max) {
+ (len = state->head->extra_len - state->length) <
+ state->head->extra_max) {
zmemcpy(state->head->extra + len, next,
len + copy > state->head->extra_max ?
state->head->extra_max - len : copy);

28
backport-CVE-2022-37434.patch Normal file
View File

@ -0,0 +1,28 @@
From 788f11ea6afeb96f0d84f140192165a1ca12ade4 Mon Sep 17 00:00:00 2001
From: Wayne Davison <wayne@opencoder.net>
Date: Sun, 7 Aug 2022 09:27:57 -0700
Subject: [PATCH] Fix zlib bug with a large gzip header extra field
From zlib commit eff308af425b67093bab25f80f1ae950166bece1.
Fixes CVE-2022-37434.
---
zlib/inflate.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/zlib/inflate.c b/zlib/inflate.c
index e43abd9e0..d15132eaf 100644
--- a/zlib/inflate.c
+++ b/zlib/inflate.c
@@ -739,9 +739,10 @@ int flush;
copy = state->length;
if (copy > have) copy = have;
if (copy) {
+ len = state->head->extra_len - state->length;
if (state->head != Z_NULL &&
- state->head->extra != Z_NULL) {
- len = state->head->extra_len - state->length;
+ state->head->extra != Z_NULL &&
+ len < state->head->extra_max) {
zmemcpy(state->head->extra + len, next,
len + copy > state->head->extra_max ?
state->head->extra_max - len : copy);

11
rsync.spec
View File

@ -1,6 +1,6 @@
Name: rsync Name: rsync
Version: 3.2.3 Version: 3.2.3
Release: 2 Release: 3
Summary: Fast incremental file transfer utility Summary: Fast incremental file transfer utility
License: GPLv3+ License: GPLv3+
URL: http://rsync.samba.org/ URL: http://rsync.samba.org/
@ -20,6 +20,8 @@ Obsoletes: rsync-daemon
Patch1: backport-Work-around-glibc-lchmod-issue-a-better-way.patch Patch1: backport-Work-around-glibc-lchmod-issue-a-better-way.patch
Patch2: backport-CVE-2020-14387-rsync-ssl-Verify-the-hostname-in-the-certificate-whe.patch Patch2: backport-CVE-2020-14387-rsync-ssl-Verify-the-hostname-in-the-certificate-whe.patch
Patch3: backport-CVE-2022-37434.patch
Patch4: backport-A-fix-for-the-zlib-fix.patch
%description %description
Rsync is an open source utility that provides fast incremental file transfer. Rsync is an open source utility that provides fast incremental file transfer.
@ -80,9 +82,12 @@ install -D -m644 %{SOURCE6} %{buildroot}/%{_unitdir}/rsyncd@.service
%{_mandir}/man5/rsyncd.conf.5* %{_mandir}/man5/rsyncd.conf.5*
%changelog %changelog
* Thu Aug 18 2022 fuanan <fuanan3@h-partners.com> - 3.2.3-3
- Fix CVE-2022-37434
* Fri Jun 18 2021 yangzhuangzhuang <yangzhuangzhuang1@huawei.com> - 3.2.3-2 * Fri Jun 18 2021 yangzhuangzhuang <yangzhuangzhuang1@huawei.com> - 3.2.3-2
- Type:bugfix - Type:CVE
- ID:NA - CVE:CVE-2020-14387
- SUG:NA - SUG:NA
- DESC:Fix CVE-2020-14387 - DESC:Fix CVE-2020-14387