Pullup ticket #6507 - requested by tm

net/rsync: security fix Revisions pulled up: - net/rsync/Makefile 1.116 - net/rsync/distinfo 1.52 - net/rsync/patches/patch-rsync-ssl 1.1 --- Module Name: pkgsrc Committed By: wiz Date: Wed Oct 6 08:15:57 UTC 2021 Modified Files: pkgsrc/net/rsync: Makefile distinfo Added Files: pkgsrc/net/rsync/patches: patch-rsync-ssl Log Message: rsync: fix CVE-2020-14387 using upstream patch. Bump PKGREVISION.
author: bsiegert <bsiegert@pkgsrc.org> 2021-10-08 13:15:53 +0000
committer: bsiegert <bsiegert@pkgsrc.org> 2021-10-08 13:15:53 +0000
commit: 37777eaf9740b2834458de8222e2e5512d996253 (patch)
tree: 314c134070096c5880c4a40345b6152f176a994f
parent: 4a96f44e6cfc02bfa2f419bbd8668a05967b2f20 (diff)
download: pkgsrc-37777eaf9740b2834458de8222e2e5512d996253.tar.gz
3 files changed, 20 insertions, 2 deletions
diff --git a/net/rsync/Makefile b/net/rsync/Makefile
index 2d80908c6b4..3491096a387 100644
--- a/net/rsync/Makefile
+++ b/net/rsync/Makefile
@@ -1,6 +1,7 @@
-# $NetBSD: Makefile,v 1.115 2020/08/07 08:33:37 adam Exp $
+# $NetBSD: Makefile,v 1.115.10.1 2021/10/08 13:15:53 bsiegert Exp $
 
 DISTNAME=	rsync-3.2.3
+PKGREVISION=	1
 CATEGORIES=	net
 MASTER_SITES=	http://rsync.samba.org/ftp/rsync/
 MASTER_SITES+=	http://rsync.samba.org/ftp/rsync/old-versions/
diff --git a/net/rsync/distinfo b/net/rsync/distinfo
index ec66c134225..7b809582ce9 100644
--- a/net/rsync/distinfo
+++ b/net/rsync/distinfo
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.51 2020/08/07 08:33:37 adam Exp $
+$NetBSD: distinfo,v 1.51.10.1 2021/10/08 13:15:53 bsiegert Exp $
 
 SHA1 (rsync-3.2.3.tar.gz) = 00823f43901e7da39f3f0daf20ec9efae47e959e
 RMD160 (rsync-3.2.3.tar.gz) = 6eea543c7034f1ef4997f72011d4fcdda2a960da
@@ -6,3 +6,4 @@ SHA512 (rsync-3.2.3.tar.gz) = 48b68491f3ef644dbbbfcaec5ab90a1028593e02d50367ce16
 Size (rsync-3.2.3.tar.gz) = 1069784 bytes
 SHA1 (patch-Makefile.in) = ba65c144ebc47aae943ef0e6255b6d8745beaa09
 SHA1 (patch-authenticate.c) = 39b60b2a0742c8b161c2923f89828bd604aa7e83
+SHA1 (patch-rsync-ssl) = 2934471e328d635348f490eb42450856cca271f7
diff --git a/net/rsync/patches/patch-rsync-ssl b/net/rsync/patches/patch-rsync-ssl
new file mode 100644
index 00000000000..18abda0da4b
--- /dev/null
+++ b/net/rsync/patches/patch-rsync-ssl
@@ -0,0 +1,16 @@
+$NetBSD: patch-rsync-ssl,v 1.1.2.2 2021/10/08 13:15:53 bsiegert Exp $
+
+CVE-2020-14387:
+rsync-ssl does not verify the hostname in the server certificate when using openssl
+
+--- rsync-ssl.orig	2020-06-17 01:27:48.000000000 +0000
++++ rsync-ssl
+@@ -129,7 +129,7 @@ function rsync_ssl_helper {
+     fi
+ 
+     if [[ $RSYNC_SSL_TYPE == openssl ]]; then
+-	exec $RSYNC_SSL_OPENSSL s_client $caopt $certopt -quiet -verify_quiet -servername $hostname -connect $hostname:$port
++	exec $RSYNC_SSL_OPENSSL s_client $caopt $certopt -quiet -verify_quiet -servername $hostname -verify_hostname $hostname -connect $hostname:$port
+     elif [[ $RSYNC_SSL_TYPE == gnutls ]]; then
+ 	exec $RSYNC_SSL_GNUTLS --logfile=/dev/null $gnutls_cert_opt $gnutls_opts $hostname:$port
+     else
author	bsiegert <bsiegert@pkgsrc.org>	2021-10-08 13:15:53 +0000
committer	bsiegert <bsiegert@pkgsrc.org>	2021-10-08 13:15:53 +0000
commit	37777eaf9740b2834458de8222e2e5512d996253 (patch)
tree	314c134070096c5880c4a40345b6152f176a994f
parent	4a96f44e6cfc02bfa2f419bbd8668a05967b2f20 (diff)
download	pkgsrc-37777eaf9740b2834458de8222e2e5512d996253.tar.gz