system/rsync/CVE-2020-14387.patch


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21

From: Matt McCutchen <matt@mattmccutchen.net>
Date: Wed, 26 Aug 2020 16:16:08 +0000 (-0400)
Subject: rsync-ssl: Verify the hostname in the certificate when using openssl.
X-Git-Url: http://git.samba.org/?p=rsync.git;a=commitdiff_plain;h=c3f7414;hp=4c4fce51072c9189cfb11b52aa54fed79f5741bd

rsync-ssl: Verify the hostname in the certificate when using openssl.
---

diff --git a/rsync-ssl b/rsync-ssl
index 8101975a..46701af1 100755
--- a/rsync-ssl
+++ b/rsync-ssl
@@ -129,7 +129,7 @@ function rsync_ssl_helper {
     fi
 
     if [[ $RSYNC_SSL_TYPE == openssl ]]; then
-	exec $RSYNC_SSL_OPENSSL s_client $caopt $certopt -quiet -verify_quiet -servername $hostname -connect $hostname:$port
+	exec $RSYNC_SSL_OPENSSL s_client $caopt $certopt -quiet -verify_quiet -servername $hostname -verify_hostname $hostname -connect $hostname:$port
     elif [[ $RSYNC_SSL_TYPE == gnutls ]]; then
 	exec $RSYNC_SSL_GNUTLS --logfile=/dev/null $gnutls_cert_opt $gnutls_opts $hostname:$port
     else