diff --git a/main/rsync/APKBUILD b/main/rsync/APKBUILD index 1d3196ed010..c065040da03 100644 --- a/main/rsync/APKBUILD +++ b/main/rsync/APKBUILD @@ -1,7 +1,7 @@ # Maintainer: Natanael Copa pkgname=rsync pkgver=3.4.1 -pkgrel=0 +pkgrel=1 pkgdesc="A file transfer program to keep remote files in sync" url="https://rsync.samba.org/" arch="all" @@ -24,9 +24,13 @@ source="https://download.samba.org/pub/rsync/rsync-$pkgver.tar.gz rsyncd.confd rsyncd.conf rsyncd.logrotate + + CVE-2025-10158-fix-invalid-access-to-files-array.patch " # secfixes: +# 3.4.1-r1: +# - CVE-2025-10158 # 3.4.0-r0: # - CVE-2024-12084 # - CVE-2024-12085 @@ -104,4 +108,5 @@ b9bf1aa02f96e4294642ead5751bd529ca1267c08e83a16342fba5736c3a8ec89568feb11fb737e9 d91337cfb57e6e3b2a8ba1e24f7d851dd927bfc327da2212b9eb0acda0e1ca2f24987f6dcc4903eccc3bf170e0f115172b3cfa5a172700495296f26302c834d7 rsyncd.confd 3db8a2b364fc89132af6143af90513deb6be3a78c8180d47c969e33cb5edde9db88aad27758a6911f93781e3c9846aeadc80fffc761c355d6a28358853156b62 rsyncd.conf e7ff164926785c4eff2ea641c7ce2d270b25f1c26d93a6108bb6ff2c0207a28ebfd93dca39596243446ce41aceaeae62fc2b34084eb9c9086fcdbc03a657eed8 rsyncd.logrotate +935ef8777b74ba8f57d7bd3ebbf281e04e0b1b7b74cb9552a93396669228e3764ba27e5fec5858583c0e06b678c95a4467ff057865a28249d19af5997b3c7305 CVE-2025-10158-fix-invalid-access-to-files-array.patch " diff --git a/main/rsync/CVE-2025-10158-fix-invalid-access-to-files-array.patch b/main/rsync/CVE-2025-10158-fix-invalid-access-to-files-array.patch new file mode 100644 index 00000000000..618b54366af --- /dev/null +++ b/main/rsync/CVE-2025-10158-fix-invalid-access-to-files-array.patch @@ -0,0 +1,28 @@ +Source: https://github.com/RsyncProject/rsync/commit/797e17fc4a6f15e3b1756538a9f812b63942686f +From 797e17fc4a6f15e3b1756538a9f812b63942686f Mon Sep 17 00:00:00 2001 +From: Andrew Tridgell +Date: Sat, 23 Aug 2025 17:26:53 +1000 +Subject: [PATCH] fixed an invalid access to files array + +this was found by Calum Hutton from Rapid7. It is a real bug, but +analysis shows it can't be leverged into an exploit. Worth fixing +though. + +Many thanks to Calum and Rapid7 for finding and reporting this +--- + sender.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/sender.c b/sender.c +index a4d46c39e..b1588b701 100644 +--- a/sender.c ++++ b/sender.c +@@ -262,6 +262,8 @@ void send_files(int f_in, int f_out) + + if (ndx - cur_flist->ndx_start >= 0) + file = cur_flist->files[ndx - cur_flist->ndx_start]; ++ else if (cur_flist->parent_ndx < 0) ++ exit_cleanup(RERR_PROTOCOL); + else + file = dir_flist->files[cur_flist->parent_ndx]; + if (F_PATHNAME(file)) {