diff options
| author | wiz <wiz@pkgsrc.org> | 2021-10-06 08:15:57 +0000 |
|---|---|---|
| committer | wiz <wiz@pkgsrc.org> | 2021-10-06 08:15:57 +0000 |
| commit | 6e3b92e1d7a76c561de7b8806da88b30e42a163a (patch) | |
| tree | 8a5c72d7652d09a5f527f6d34cfe2590ee94bbc7 /net | |
| parent | 3bbc90407a1daf22a3c41efbf975a4c957cdcfb7 (diff) | |
| download | pkgsrc-6e3b92e1d7a76c561de7b8806da88b30e42a163a.tar.gz | |
rsync: fix CVE-2020-14387 using upstream patch.
Bump PKGREVISION.
Diffstat (limited to 'net')
| -rw-r--r-- | net/rsync/Makefile | 3 | ||||
| -rw-r--r-- | net/rsync/distinfo | 3 | ||||
| -rw-r--r-- | net/rsync/patches/patch-rsync-ssl | 16 |
3 files changed, 20 insertions, 2 deletions
diff --git a/net/rsync/Makefile b/net/rsync/Makefile index 2d80908c6b4..b9aba774b1e 100644 --- a/net/rsync/Makefile +++ b/net/rsync/Makefile @@ -1,6 +1,7 @@ -# $NetBSD: Makefile,v 1.115 2020/08/07 08:33:37 adam Exp $ +# $NetBSD: Makefile,v 1.116 2021/10/06 08:15:57 wiz Exp $ DISTNAME= rsync-3.2.3 +PKGREVISION= 1 CATEGORIES= net MASTER_SITES= http://rsync.samba.org/ftp/rsync/ MASTER_SITES+= http://rsync.samba.org/ftp/rsync/old-versions/ diff --git a/net/rsync/distinfo b/net/rsync/distinfo index ec66c134225..5222c67828b 100644 --- a/net/rsync/distinfo +++ b/net/rsync/distinfo @@ -1,4 +1,4 @@ -$NetBSD: distinfo,v 1.51 2020/08/07 08:33:37 adam Exp $ +$NetBSD: distinfo,v 1.52 2021/10/06 08:15:57 wiz Exp $ SHA1 (rsync-3.2.3.tar.gz) = 00823f43901e7da39f3f0daf20ec9efae47e959e RMD160 (rsync-3.2.3.tar.gz) = 6eea543c7034f1ef4997f72011d4fcdda2a960da @@ -6,3 +6,4 @@ SHA512 (rsync-3.2.3.tar.gz) = 48b68491f3ef644dbbbfcaec5ab90a1028593e02d50367ce16 Size (rsync-3.2.3.tar.gz) = 1069784 bytes SHA1 (patch-Makefile.in) = ba65c144ebc47aae943ef0e6255b6d8745beaa09 SHA1 (patch-authenticate.c) = 39b60b2a0742c8b161c2923f89828bd604aa7e83 +SHA1 (patch-rsync-ssl) = 2934471e328d635348f490eb42450856cca271f7 diff --git a/net/rsync/patches/patch-rsync-ssl b/net/rsync/patches/patch-rsync-ssl new file mode 100644 index 00000000000..b74f56725c7 --- /dev/null +++ b/net/rsync/patches/patch-rsync-ssl @@ -0,0 +1,16 @@ +$NetBSD: patch-rsync-ssl,v 1.1 2021/10/06 08:15:57 wiz Exp $ + +CVE-2020-14387: +rsync-ssl does not verify the hostname in the server certificate when using openssl + +--- rsync-ssl.orig 2020-06-17 01:27:48.000000000 +0000 ++++ rsync-ssl +@@ -129,7 +129,7 @@ function rsync_ssl_helper { + fi + + if [[ $RSYNC_SSL_TYPE == openssl ]]; then +- exec $RSYNC_SSL_OPENSSL s_client $caopt $certopt -quiet -verify_quiet -servername $hostname -connect $hostname:$port ++ exec $RSYNC_SSL_OPENSSL s_client $caopt $certopt -quiet -verify_quiet -servername $hostname -verify_hostname $hostname -connect $hostname:$port + elif [[ $RSYNC_SSL_TYPE == gnutls ]]; then + exec $RSYNC_SSL_GNUTLS --logfile=/dev/null $gnutls_cert_opt $gnutls_opts $hostname:$port + else |