Salut M. espie@,
Dear ports@,
this diff fixes CVE-2020-14387 for net/rsync.
Kind regards,
mbuhl
Index: net/rsync/Makefile
===================================================================
RCS file: /cvs/ports/net/rsync/Makefile,v
retrieving revision 1.90
diff -u -p -r1.90 Makefile
--- net/rsync/Makefile 30 Jul 2021 18:13:51 -0000 1.90
+++ net/rsync/Makefile 2 Aug 2021 12:22:13 -0000
@@ -3,7 +3,7 @@
COMMENT = mirroring/synchronization over low bandwidth links
DISTNAME = rsync-3.2.3
-REVISION = 0
+REVISION = 1
CATEGORIES = net
HOMEPAGE = https://rsync.samba.org/
Index: net/rsync/patches/patch-rsync-ssl
===================================================================
RCS file: net/rsync/patches/patch-rsync-ssl
diff -N net/rsync/patches/patch-rsync-ssl
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ net/rsync/patches/patch-rsync-ssl 2 Aug 2021 12:22:13 -0000
@@ -0,0 +1,18 @@
+$OpenBSD$
+
+Fix CVE-2020-14387: rsync-ssl does not verify the hostname in the server
+ certificate when using openssl
+ https://bugzilla.redhat.com/show_bug.cgi?id=1875549
+
+Index: rsync-ssl
+--- rsync-ssl.orig
++++ rsync-ssl
+@@ -129,7 +129,7 @@ function rsync_ssl_helper {
+ fi
+
+ if [[ $RSYNC_SSL_TYPE == openssl ]]; then
+- exec $RSYNC_SSL_OPENSSL s_client $caopt $certopt -quiet -verify_quiet -servername $hostname -connect $hostname:$port
++ exec $RSYNC_SSL_OPENSSL s_client $caopt $certopt -quiet -verify_quiet -servername $hostname -verify_hostname $hostname -connect $hostname:$port
+ elif [[ $RSYNC_SSL_TYPE == gnutls ]]; then
+ exec $RSYNC_SSL_GNUTLS --logfile=/dev/null $gnutls_cert_opt $gnutls_opts $hostname:$port
+ else
No comments:
Post a Comment