-
Notifications
You must be signed in to change notification settings - Fork 554
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
rsync: Address CVE-2020-14387 (#2749)
The upstream patch for CVE-2020-14387 was added after 3.2.3 and will be included in the upcoming 3.2.4 release. For now, backport the patch to our current 3.2.3 version. Signed-off-by: Chris Co <[email protected]>
- Loading branch information
1 parent
c2fc238
commit 8a3d212
Showing
2 changed files
with
32 additions
and
2 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,26 @@ | ||
| From c3f7414c450faaf6a8281cc4a4403529aeb7d859 Mon Sep 17 00:00:00 2001 | ||
| From: Matt McCutchen <[email protected]> | ||
| Date: Wed, 26 Aug 2020 12:16:08 -0400 | ||
| Subject: [PATCH] rsync-ssl: Verify the hostname in the certificate when using | ||
| openssl. | ||
|
|
||
| --- | ||
| rsync-ssl | 2 +- | ||
| 1 file changed, 1 insertion(+), 1 deletion(-) | ||
|
|
||
| diff --git a/rsync-ssl b/rsync-ssl | ||
| index 8101975a..46701af1 100755 | ||
| --- a/rsync-ssl | ||
| +++ b/rsync-ssl | ||
| @@ -129,7 +129,7 @@ function rsync_ssl_helper { | ||
| fi | ||
|
|
||
| if [[ $RSYNC_SSL_TYPE == openssl ]]; then | ||
| - exec $RSYNC_SSL_OPENSSL s_client $caopt $certopt -quiet -verify_quiet -servername $hostname -connect $hostname:$port | ||
| + exec $RSYNC_SSL_OPENSSL s_client $caopt $certopt -quiet -verify_quiet -servername $hostname -verify_hostname $hostname -connect $hostname:$port | ||
| elif [[ $RSYNC_SSL_TYPE == gnutls ]]; then | ||
| exec $RSYNC_SSL_GNUTLS --logfile=/dev/null $gnutls_cert_opt $gnutls_opts $hostname:$port | ||
| else | ||
| -- | ||
| 2.25.1 | ||
|
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,13 +1,14 @@ | ||
| Summary: Fast incremental file transfer. | ||
| Name: rsync | ||
| Version: 3.2.3 | ||
| Release: 1%{?dist} | ||
| Release: 2%{?dist} | ||
| License: GPLv3+ | ||
| Vendor: Microsoft Corporation | ||
| Distribution: Mariner | ||
| Group: Appication/Internet | ||
| URL: https://rsync.samba.org/ | ||
| Source0: https://download.samba.org/pub/rsync/src/%{name}-%{version}.tar.gz | ||
| Patch0: CVE-2020-14387.patch | ||
| BuildRequires: lz4-devel | ||
| BuildRequires: systemd | ||
| BuildRequires: zlib-devel | ||
|
|
@@ -19,7 +20,7 @@ Requires: zlib | |
| Rsync is a fast and extraordinarily versatile file copying tool. It can copy locally, to/from another host over any remote shell, or to/from a remote rsync daemon. It offers a large number of options that control every aspect of its behavior and permit very flexible specification of the set of files to be copied. It is famous for its delta-transfer algorithm, which reduces the amount of data sent over the network by sending only the differences between the source files and the existing files in the destination. Rsync is widely used for backups and mirroring and as an improved copy command for everyday use. | ||
|
|
||
| %prep | ||
| %setup -q | ||
| %autosetup | ||
|
|
||
| %build | ||
| %configure --with-included-zlib=no --disable-xxhash | ||
|
|
@@ -62,6 +63,9 @@ make %{?_smp_mflags} check | |
| %{_sysconfdir}/rsyncd.conf | ||
|
|
||
| %changelog | ||
| * Thu Apr 14 2022 Chris Co <[email protected]> - 3.2.3-2 | ||
| - Add patch for CVE-2020-14387 | ||
|
|
||
| * Tue Jan 11 2022 Neha Agarwal <[email protected]> - 3.2.3-1 | ||
| - Update to version 3.2.3. | ||
|
|
||
|
|
||