Fix CVE-2022-37434

backport-A-fix-for-the-zlib-fix.patch

@@ -0,0 +1,26 @@
+From 9e2921fce8c518e370c324407d35bc83ba12f2d5 Mon Sep 17 00:00:00 2001
+From: Wayne Davison <wayne@opencoder.net>
+Date: Mon, 8 Aug 2022 20:05:10 -0700
+Subject: [PATCH] A fix for the zlib fix.
+
+---
+ zlib/inflate.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/zlib/inflate.c b/zlib/inflate.c
+index d15132ea..e9840b67 100644
+--- a/zlib/inflate.c
++++ b/zlib/inflate.c
+@@ -739,10 +739,10 @@ int flush;
+                 copy = state->length;
+                 if (copy > have) copy = have;
+                 if (copy) {
+-                    len = state->head->extra_len - state->length;
+                     if (state->head != Z_NULL &&
+                         state->head->extra != Z_NULL &&
+-                        len < state->head->extra_max) {
++                        (len = state->head->extra_len - state->length) <
++                            state->head->extra_max) {
+                         zmemcpy(state->head->extra + len, next,
+                                 len + copy > state->head->extra_max ?
+                                 state->head->extra_max - len : copy);

backport-CVE-2022-37434.patch

@@ -0,0 +1,28 @@
+From 788f11ea6afeb96f0d84f140192165a1ca12ade4 Mon Sep 17 00:00:00 2001
+From: Wayne Davison <wayne@opencoder.net>
+Date: Sun, 7 Aug 2022 09:27:57 -0700
+Subject: [PATCH] Fix zlib bug with a large gzip header extra field
+
+From zlib commit eff308af425b67093bab25f80f1ae950166bece1.
+Fixes CVE-2022-37434.
+---
+ zlib/inflate.c | 5 +++--
+ 1 file changed, 3 insertions(+), 2 deletions(-)
+
+diff --git a/zlib/inflate.c b/zlib/inflate.c
+index e43abd9e0..d15132eaf 100644
+--- a/zlib/inflate.c
++++ b/zlib/inflate.c
+@@ -739,9 +739,10 @@ int flush;
+                 copy = state->length;
+                 if (copy > have) copy = have;
+                 if (copy) {
++                    len = state->head->extra_len - state->length;
+                     if (state->head != Z_NULL &&
+-                        state->head->extra != Z_NULL) {
+-                        len = state->head->extra_len - state->length;
++                        state->head->extra != Z_NULL &&
++                        len < state->head->extra_max) {
+                         zmemcpy(state->head->extra + len, next,
+                                 len + copy > state->head->extra_max ?
+                                 state->head->extra_max - len : copy);

rsync.spec

@@ -1,6 +1,6 @@
 Name:           rsync
 Version:        3.2.3
-Release:        2
+Release:        3
 Summary:        Fast incremental file transfer utility
 License:        GPLv3+
 URL:            http://rsync.samba.org/
@@ -20,6 +20,8 @@ Obsoletes:      rsync-daemon
 
 Patch1: backport-Work-around-glibc-lchmod-issue-a-better-way.patch
 Patch2: backport-CVE-2020-14387-rsync-ssl-Verify-the-hostname-in-the-certificate-whe.patch
+Patch3: backport-CVE-2022-37434.patch
+Patch4: backport-A-fix-for-the-zlib-fix.patch
 
 %description
 Rsync is an open source utility that provides fast incremental file transfer.
@@ -80,9 +82,12 @@ install -D -m644 %{SOURCE6} %{buildroot}/%{_unitdir}/rsyncd@.service
 %{_mandir}/man5/rsyncd.conf.5*
 
 %changelog
+* Thu Aug 18 2022 fuanan <fuanan3@h-partners.com> - 3.2.3-3
+- Fix CVE-2022-37434
+
 * Fri Jun 18 2021 yangzhuangzhuang <yangzhuangzhuang1@huawei.com> - 3.2.3-2
-- Type:bugfix
-- ID:NA
+- Type:CVE
+- CVE:CVE-2020-14387
 - SUG:NA
 - DESC:Fix CVE-2020-14387