Salut M. espie@, Dear ports@, this diff fixes CVE-2020-14387 for net/rsync.
Kind regards, mbuhl Index: net/rsync/Makefile =================================================================== RCS file: /cvs/ports/net/rsync/Makefile,v retrieving revision 1.90 diff -u -p -r1.90 Makefile --- net/rsync/Makefile 30 Jul 2021 18:13:51 -0000 1.90 +++ net/rsync/Makefile 2 Aug 2021 12:22:13 -0000 @@ -3,7 +3,7 @@ COMMENT = mirroring/synchronization over low bandwidth links DISTNAME = rsync-3.2.3 -REVISION = 0 +REVISION = 1 CATEGORIES = net HOMEPAGE = https://rsync.samba.org/ Index: net/rsync/patches/patch-rsync-ssl =================================================================== RCS file: net/rsync/patches/patch-rsync-ssl diff -N net/rsync/patches/patch-rsync-ssl --- /dev/null 1 Jan 1970 00:00:00 -0000 +++ net/rsync/patches/patch-rsync-ssl 2 Aug 2021 12:22:13 -0000 @@ -0,0 +1,18 @@ +$OpenBSD$ + +Fix CVE-2020-14387: rsync-ssl does not verify the hostname in the server + certificate when using openssl + https://bugzilla.redhat.com/show_bug.cgi?id=1875549 + +Index: rsync-ssl +--- rsync-ssl.orig ++++ rsync-ssl +@@ -129,7 +129,7 @@ function rsync_ssl_helper { + fi + + if [[ $RSYNC_SSL_TYPE == openssl ]]; then +- exec $RSYNC_SSL_OPENSSL s_client $caopt $certopt -quiet -verify_quiet -servername $hostname -connect $hostname:$port ++ exec $RSYNC_SSL_OPENSSL s_client $caopt $certopt -quiet -verify_quiet -servername $hostname -verify_hostname $hostname -connect $hostname:$port + elif [[ $RSYNC_SSL_TYPE == gnutls ]]; then + exec $RSYNC_SSL_GNUTLS --logfile=/dev/null $gnutls_cert_opt $gnutls_opts $hostname:$port + else
