From 1349e0e9fcaffb78596b7aa2eaeba436f6949318 Mon Sep 17 00:00:00 2001
From: Sheila Aman <sheila@vulpine.house>
Date: Tue, 27 Jul 2021 11:58:20 +0000
Subject: system/rsync: upgrade to 3.2.3

---
 system/rsync/CVE-2020-14387.patch | 21 +++++++++++++++++++++
 1 file changed, 21 insertions(+)
 create mode 100644 system/rsync/CVE-2020-14387.patch

(limited to 'system/rsync/CVE-2020-14387.patch')

diff --git a/system/rsync/CVE-2020-14387.patch b/system/rsync/CVE-2020-14387.patch
new file mode 100644
index 000000000..7ed5e7a48
--- /dev/null
+++ b/system/rsync/CVE-2020-14387.patch
@@ -0,0 +1,21 @@
+From: Matt McCutchen <matt@mattmccutchen.net>
+Date: Wed, 26 Aug 2020 16:16:08 +0000 (-0400)
+Subject: rsync-ssl: Verify the hostname in the certificate when using openssl.
+X-Git-Url: http://git.samba.org/?p=rsync.git;a=commitdiff_plain;h=c3f7414;hp=4c4fce51072c9189cfb11b52aa54fed79f5741bd
+
+rsync-ssl: Verify the hostname in the certificate when using openssl.
+---
+
+diff --git a/rsync-ssl b/rsync-ssl
+index 8101975a..46701af1 100755
+--- a/rsync-ssl
++++ b/rsync-ssl
+@@ -129,7 +129,7 @@ function rsync_ssl_helper {
+     fi
+ 
+     if [[ $RSYNC_SSL_TYPE == openssl ]]; then
+-	exec $RSYNC_SSL_OPENSSL s_client $caopt $certopt -quiet -verify_quiet -servername $hostname -connect $hostname:$port
++	exec $RSYNC_SSL_OPENSSL s_client $caopt $certopt -quiet -verify_quiet -servername $hostname -verify_hostname $hostname -connect $hostname:$port
+     elif [[ $RSYNC_SSL_TYPE == gnutls ]]; then
+ 	exec $RSYNC_SSL_GNUTLS --logfile=/dev/null $gnutls_cert_opt $gnutls_opts $hostname:$port
+     else
-- 
cgit v1.2.3-70-g09d2