Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package rsync for openSUSE:Factory checked in at 2025-12-18 18:30:42 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/rsync (Old) and /work/SRC/openSUSE:Factory/.rsync.new.1928 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "rsync" Thu Dec 18 18:30:42 2025 rev:95 rq:1323385 version:3.4.1 Changes: -------- --- /work/SRC/openSUSE:Factory/rsync/rsync.changes 2025-04-02 17:04:51.311955772 +0200 +++ /work/SRC/openSUSE:Factory/.rsync.new.1928/rsync.changes 2025-12-18 18:31:01.724546875 +0100 @@ -1,0 +2,7 @@ +Tue Dec 16 12:40:48 UTC 2025 - David Anes <[email protected]> + +- Security update (CVE-2025-10158, bsc#1254441): rsync: Out of + bounds array access via negative index + - Add rsync-CVE-2025-10158.patch + +------------------------------------------------------------------- New: ---- rsync-CVE-2025-10158.patch ----------(New B)---------- New: bounds array access via negative index - Add rsync-CVE-2025-10158.patch ----------(New E)---------- ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ rsync.spec ++++++ --- /var/tmp/diff_new_pack.jDV5nt/_old 2025-12-18 18:31:02.676586860 +0100 +++ /var/tmp/diff_new_pack.jDV5nt/_new 2025-12-18 18:31:02.680587028 +0100 @@ -1,7 +1,7 @@ # # spec file for package rsync # -# Copyright (c) 2025 SUSE LLC +# Copyright (c) 2025 SUSE LLC and contributors # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -61,6 +61,9 @@ Patch5: rsyncd-return-from-list-command-with-0.patch # https://github.com/RsyncProject/rsync/pull/716 Patch6: rsync341-gcc15-bool.patch +# bsc#1254441, CVE-2025-10158: rsync: Out of bounds array access via negative index +# https://github.com/RsyncProject/rsync/commit/797e17fc4a6f15e3b1756538a9f812b63942686f +Patch7: rsync-CVE-2025-10158.patch BuildRequires: autoconf BuildRequires: automake BuildRequires: c++_compiler ++++++ rsync-CVE-2025-10158.patch ++++++ >From 797e17fc4a6f15e3b1756538a9f812b63942686f Mon Sep 17 00:00:00 2001 From: Andrew Tridgell <[email protected]> Date: Sat, 23 Aug 2025 17:26:53 +1000 Subject: [PATCH] fixed an invalid access to files array this was found by Calum Hutton from Rapid7. It is a real bug, but analysis shows it can't be leverged into an exploit. Worth fixing though. Many thanks to Calum and Rapid7 for finding and reporting this --- sender.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/sender.c b/sender.c index a4d46c39e..b1588b701 100644 --- a/sender.c +++ b/sender.c @@ -262,6 +262,8 @@ void send_files(int f_in, int f_out) if (ndx - cur_flist->ndx_start >= 0) file = cur_flist->files[ndx - cur_flist->ndx_start]; + else if (cur_flist->parent_ndx < 0) + exit_cleanup(RERR_PROTOCOL); else file = dir_flist->files[cur_flist->parent_ndx]; if (F_PATHNAME(file)) {
