summaryrefslogtreecommitdiff
path: root/system/rsync/CVE-2020-14387.patch
diff options
context:
space:
mode:
Diffstat (limited to 'system/rsync/CVE-2020-14387.patch')
-rw-r--r--system/rsync/CVE-2020-14387.patch21
1 files changed, 21 insertions, 0 deletions
diff --git a/system/rsync/CVE-2020-14387.patch b/system/rsync/CVE-2020-14387.patch
new file mode 100644
index 000000000..7ed5e7a48
--- /dev/null
+++ b/system/rsync/CVE-2020-14387.patch
@@ -0,0 +1,21 @@
+From: Matt McCutchen <matt@mattmccutchen.net>
+Date: Wed, 26 Aug 2020 16:16:08 +0000 (-0400)
+Subject: rsync-ssl: Verify the hostname in the certificate when using openssl.
+X-Git-Url: http://git.samba.org/?p=rsync.git;a=commitdiff_plain;h=c3f7414;hp=4c4fce51072c9189cfb11b52aa54fed79f5741bd
+
+rsync-ssl: Verify the hostname in the certificate when using openssl.
+---
+
+diff --git a/rsync-ssl b/rsync-ssl
+index 8101975a..46701af1 100755
+--- a/rsync-ssl
++++ b/rsync-ssl
+@@ -129,7 +129,7 @@ function rsync_ssl_helper {
+ fi
+
+ if [[ $RSYNC_SSL_TYPE == openssl ]]; then
+- exec $RSYNC_SSL_OPENSSL s_client $caopt $certopt -quiet -verify_quiet -servername $hostname -connect $hostname:$port
++ exec $RSYNC_SSL_OPENSSL s_client $caopt $certopt -quiet -verify_quiet -servername $hostname -verify_hostname $hostname -connect $hostname:$port
+ elif [[ $RSYNC_SSL_TYPE == gnutls ]]; then
+ exec $RSYNC_SSL_GNUTLS --logfile=/dev/null $gnutls_cert_opt $gnutls_opts $hostname:$port
+ else