From 1349e0e9fcaffb78596b7aa2eaeba436f6949318 Mon Sep 17 00:00:00 2001
From: Sheila Aman <sheila@vulpine.house>
Date: Tue, 27 Jul 2021 11:58:20 +0000
Subject: system/rsync: upgrade to 3.2.3
---
system/rsync/APKBUILD | 18 ++++++++++++------
system/rsync/CVE-2020-14387.patch | 21 +++++++++++++++++++++
2 files changed, 33 insertions(+), 6 deletions(-)
create mode 100644 system/rsync/CVE-2020-14387.patch
(limited to 'system')
diff --git a/system/rsync/APKBUILD b/system/rsync/APKBUILD
index f48b55099..a436eaed8 100644
--- a/system/rsync/APKBUILD
+++ b/system/rsync/APKBUILD
@@ -1,24 +1,28 @@
# Contributor: Natanael Copa <ncopa@alpinelinux.org>
# Maintainer: Sheila Aman <sheila@vulpine.house>
pkgname=rsync
-pkgver=3.1.3
-pkgrel=2
+pkgver=3.2.3
+pkgrel=0
pkgdesc="File transfer program to keep remote files in sync"
url="https://rsync.samba.org/"
arch="all"
license="GPL-3.0+"
depends=""
checkdepends="fakeroot"
-makedepends="perl acl-dev attr-dev popt-dev zlib-dev"
+makedepends="perl acl-dev attr-dev lz4-dev openssl-dev popt-dev zlib-dev
+ zstd-dev"
subpackages="$pkgname-doc $pkgname-openrc rrsync::noarch"
source="https://download.samba.org/pub/$pkgname/$pkgname-$pkgver.tar.gz
rsyncd.initd
rsyncd.confd
rsyncd.conf
rsyncd.logrotate
+ CVE-2020-14387.patch
"
# secfixes:
+# 3.2.3-r0:
+# - CVE-2020-14387
# 3.1.3-r2:
# - CVE-2016-9840
# - CVE-2016-9841
@@ -37,7 +41,8 @@ build() {
--localstatedir=/var \
--enable-acl-support \
--enable-xattr-support \
- --with-included-zlib=no
+ --with-included-zlib=no \
+ --disable-xxhash
make
}
@@ -62,8 +67,9 @@ rrsync() {
install -D -m 755 "$builddir"/support/rrsync "$subpkgdir"/usr/bin/rrsync
}
-sha512sums="8385f4c0ea37e7a1da3cf45794154f5bc4d1c49bc625ba3b5f85adaf3eafe6d71c15bdcb1410bde731e5d4c19aff3331606637462fa27a68dc3e13192dd78f99 rsync-3.1.3.tar.gz
+sha512sums="48b68491f3ef644dbbbfcaec5ab90a1028593e02d50367ce161fd9d3d0bd0a3628bc57c5e5dec4be3a1d213f784f879b8a8fcdfd789ba0f99837cba16e1ae70e rsync-3.2.3.tar.gz
638d87c9a753b35044f6321ccd09d2c0addaab3c52c40863eb6905905576b5268bec67b496df81225528c9e39fbd92e9225d7b3037ab1fda78508d452c78158f rsyncd.initd
c7527e289c81bee5e4c14b890817cdb47d14f0d26dd8dcdcbe85c7199cf27c57a0b679bdd1b115bfe00de77b52709cc5d97522a47f63c1bb5104f4a7220c9961 rsyncd.confd
3db8a2b364fc89132af6143af90513deb6be3a78c8180d47c969e33cb5edde9db88aad27758a6911f93781e3c9846aeadc80fffc761c355d6a28358853156b62 rsyncd.conf
-b8d6c0bb467a5c963317dc55478d2c10874564cd264d943d4a42037e2fce134fe001fabc92af5c6b5775e84dc310b1c8da147afaa61c99e5663c36580d8651a5 rsyncd.logrotate"
+b8d6c0bb467a5c963317dc55478d2c10874564cd264d943d4a42037e2fce134fe001fabc92af5c6b5775e84dc310b1c8da147afaa61c99e5663c36580d8651a5 rsyncd.logrotate
+cebd8b23db8fb095e35e133ab828efecc385e159e429b3c2366f411572cdebb3444be0f60b42b2ce3d34476f1ebb4f194933d699978db385ac40c4fba6767991 CVE-2020-14387.patch"
diff --git a/system/rsync/CVE-2020-14387.patch b/system/rsync/CVE-2020-14387.patch
new file mode 100644
index 000000000..7ed5e7a48
--- /dev/null
+++ b/system/rsync/CVE-2020-14387.patch
@@ -0,0 +1,21 @@
+From: Matt McCutchen <matt@mattmccutchen.net>
+Date: Wed, 26 Aug 2020 16:16:08 +0000 (-0400)
+Subject: rsync-ssl: Verify the hostname in the certificate when using openssl.
+X-Git-Url: http://git.samba.org/?p=rsync.git;a=commitdiff_plain;h=c3f7414;hp=4c4fce51072c9189cfb11b52aa54fed79f5741bd
+
+rsync-ssl: Verify the hostname in the certificate when using openssl.
+---
+
+diff --git a/rsync-ssl b/rsync-ssl
+index 8101975a..46701af1 100755
+--- a/rsync-ssl
++++ b/rsync-ssl
+@@ -129,7 +129,7 @@ function rsync_ssl_helper {
+ fi
+
+ if [[ $RSYNC_SSL_TYPE == openssl ]]; then
+- exec $RSYNC_SSL_OPENSSL s_client $caopt $certopt -quiet -verify_quiet -servername $hostname -connect $hostname:$port
++ exec $RSYNC_SSL_OPENSSL s_client $caopt $certopt -quiet -verify_quiet -servername $hostname -verify_hostname $hostname -connect $hostname:$port
+ elif [[ $RSYNC_SSL_TYPE == gnutls ]]; then
+ exec $RSYNC_SSL_GNUTLS --logfile=/dev/null $gnutls_cert_opt $gnutls_opts $hostname:$port
+ else
--
cgit v1.2.3-70-g09d2