diff options
author | Sheila Aman <sheila@vulpine.house> | 2021-07-27 11:58:20 +0000 |
---|---|---|
committer | Sheila Aman <sheila@vulpine.house> | 2021-07-27 11:58:20 +0000 |
commit | 1349e0e9fcaffb78596b7aa2eaeba436f6949318 (patch) | |
tree | fe0330b960b3be8358c5648490ac29bd9cec401e | |
parent | 0802fb7eecef74b8858ca0ddc653555fce360c7a (diff) | |
download | packages-1349e0e9fcaffb78596b7aa2eaeba436f6949318.tar.gz packages-1349e0e9fcaffb78596b7aa2eaeba436f6949318.tar.bz2 packages-1349e0e9fcaffb78596b7aa2eaeba436f6949318.tar.xz packages-1349e0e9fcaffb78596b7aa2eaeba436f6949318.zip |
system/rsync: upgrade to 3.2.3
-rw-r--r-- | system/rsync/APKBUILD | 18 | ||||
-rw-r--r-- | system/rsync/CVE-2020-14387.patch | 21 |
2 files changed, 33 insertions, 6 deletions
diff --git a/system/rsync/APKBUILD b/system/rsync/APKBUILD index f48b55099..a436eaed8 100644 --- a/system/rsync/APKBUILD +++ b/system/rsync/APKBUILD @@ -1,24 +1,28 @@ # Contributor: Natanael Copa <ncopa@alpinelinux.org> # Maintainer: Sheila Aman <sheila@vulpine.house> pkgname=rsync -pkgver=3.1.3 -pkgrel=2 +pkgver=3.2.3 +pkgrel=0 pkgdesc="File transfer program to keep remote files in sync" url="https://rsync.samba.org/" arch="all" license="GPL-3.0+" depends="" checkdepends="fakeroot" -makedepends="perl acl-dev attr-dev popt-dev zlib-dev" +makedepends="perl acl-dev attr-dev lz4-dev openssl-dev popt-dev zlib-dev + zstd-dev" subpackages="$pkgname-doc $pkgname-openrc rrsync::noarch" source="https://download.samba.org/pub/$pkgname/$pkgname-$pkgver.tar.gz rsyncd.initd rsyncd.confd rsyncd.conf rsyncd.logrotate + CVE-2020-14387.patch " # secfixes: +# 3.2.3-r0: +# - CVE-2020-14387 # 3.1.3-r2: # - CVE-2016-9840 # - CVE-2016-9841 @@ -37,7 +41,8 @@ build() { --localstatedir=/var \ --enable-acl-support \ --enable-xattr-support \ - --with-included-zlib=no + --with-included-zlib=no \ + --disable-xxhash make } @@ -62,8 +67,9 @@ rrsync() { install -D -m 755 "$builddir"/support/rrsync "$subpkgdir"/usr/bin/rrsync } -sha512sums="8385f4c0ea37e7a1da3cf45794154f5bc4d1c49bc625ba3b5f85adaf3eafe6d71c15bdcb1410bde731e5d4c19aff3331606637462fa27a68dc3e13192dd78f99 rsync-3.1.3.tar.gz +sha512sums="48b68491f3ef644dbbbfcaec5ab90a1028593e02d50367ce161fd9d3d0bd0a3628bc57c5e5dec4be3a1d213f784f879b8a8fcdfd789ba0f99837cba16e1ae70e rsync-3.2.3.tar.gz 638d87c9a753b35044f6321ccd09d2c0addaab3c52c40863eb6905905576b5268bec67b496df81225528c9e39fbd92e9225d7b3037ab1fda78508d452c78158f rsyncd.initd c7527e289c81bee5e4c14b890817cdb47d14f0d26dd8dcdcbe85c7199cf27c57a0b679bdd1b115bfe00de77b52709cc5d97522a47f63c1bb5104f4a7220c9961 rsyncd.confd 3db8a2b364fc89132af6143af90513deb6be3a78c8180d47c969e33cb5edde9db88aad27758a6911f93781e3c9846aeadc80fffc761c355d6a28358853156b62 rsyncd.conf -b8d6c0bb467a5c963317dc55478d2c10874564cd264d943d4a42037e2fce134fe001fabc92af5c6b5775e84dc310b1c8da147afaa61c99e5663c36580d8651a5 rsyncd.logrotate" +b8d6c0bb467a5c963317dc55478d2c10874564cd264d943d4a42037e2fce134fe001fabc92af5c6b5775e84dc310b1c8da147afaa61c99e5663c36580d8651a5 rsyncd.logrotate +cebd8b23db8fb095e35e133ab828efecc385e159e429b3c2366f411572cdebb3444be0f60b42b2ce3d34476f1ebb4f194933d699978db385ac40c4fba6767991 CVE-2020-14387.patch" diff --git a/system/rsync/CVE-2020-14387.patch b/system/rsync/CVE-2020-14387.patch new file mode 100644 index 000000000..7ed5e7a48 --- /dev/null +++ b/system/rsync/CVE-2020-14387.patch @@ -0,0 +1,21 @@ +From: Matt McCutchen <matt@mattmccutchen.net> +Date: Wed, 26 Aug 2020 16:16:08 +0000 (-0400) +Subject: rsync-ssl: Verify the hostname in the certificate when using openssl. +X-Git-Url: http://git.samba.org/?p=rsync.git;a=commitdiff_plain;h=c3f7414;hp=4c4fce51072c9189cfb11b52aa54fed79f5741bd + +rsync-ssl: Verify the hostname in the certificate when using openssl. +--- + +diff --git a/rsync-ssl b/rsync-ssl +index 8101975a..46701af1 100755 +--- a/rsync-ssl ++++ b/rsync-ssl +@@ -129,7 +129,7 @@ function rsync_ssl_helper { + fi + + if [[ $RSYNC_SSL_TYPE == openssl ]]; then +- exec $RSYNC_SSL_OPENSSL s_client $caopt $certopt -quiet -verify_quiet -servername $hostname -connect $hostname:$port ++ exec $RSYNC_SSL_OPENSSL s_client $caopt $certopt -quiet -verify_quiet -servername $hostname -verify_hostname $hostname -connect $hostname:$port + elif [[ $RSYNC_SSL_TYPE == gnutls ]]; then + exec $RSYNC_SSL_GNUTLS --logfile=/dev/null $gnutls_cert_opt $gnutls_opts $hostname:$port + else |