diff options
Diffstat (limited to 'net/rsync/patches/patch-rsync-ssl')
-rw-r--r-- | net/rsync/patches/patch-rsync-ssl | 16 |
1 files changed, 16 insertions, 0 deletions
diff --git a/net/rsync/patches/patch-rsync-ssl b/net/rsync/patches/patch-rsync-ssl new file mode 100644 index 00000000000..18abda0da4b --- /dev/null +++ b/net/rsync/patches/patch-rsync-ssl @@ -0,0 +1,16 @@ +$NetBSD: patch-rsync-ssl,v 1.1.2.2 2021/10/08 13:15:53 bsiegert Exp $ + +CVE-2020-14387: +rsync-ssl does not verify the hostname in the server certificate when using openssl + +--- rsync-ssl.orig 2020-06-17 01:27:48.000000000 +0000 ++++ rsync-ssl +@@ -129,7 +129,7 @@ function rsync_ssl_helper { + fi + + if [[ $RSYNC_SSL_TYPE == openssl ]]; then +- exec $RSYNC_SSL_OPENSSL s_client $caopt $certopt -quiet -verify_quiet -servername $hostname -connect $hostname:$port ++ exec $RSYNC_SSL_OPENSSL s_client $caopt $certopt -quiet -verify_quiet -servername $hostname -verify_hostname $hostname -connect $hostname:$port + elif [[ $RSYNC_SSL_TYPE == gnutls ]]; then + exec $RSYNC_SSL_GNUTLS --logfile=/dev/null $gnutls_cert_opt $gnutls_opts $hostname:$port + else |