Received: by mail.netbsd.org (Postfix, from userid 605)
	id 0133D84F06; Fri,  8 Oct 2021 13:15:55 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
	by mail.netbsd.org (Postfix) with ESMTP id 384E784F05
	for <pkgsrc-changes@NetBSD.org>; Fri,  8 Oct 2021 13:15:54 +0000 (UTC)
X-Virus-Scanned: amavisd-new at netbsd.org
Received: from mail.netbsd.org ([127.0.0.1])
	by localhost (mail.netbsd.org [127.0.0.1]) (amavisd-new, port 10025)
	with ESMTP id mA4CmEYCXA4s for <pkgsrc-changes@netbsd.org>;
	Fri,  8 Oct 2021 13:15:53 +0000 (UTC)
Received: from cvs.NetBSD.org (ivanova.NetBSD.org [IPv6:2001:470:a085:999:28c:faff:fe03:5984])
	by mail.netbsd.org (Postfix) with ESMTP id 966B984D12
	for <pkgsrc-changes@NetBSD.org>; Fri,  8 Oct 2021 13:15:53 +0000 (UTC)
Received: by cvs.NetBSD.org (Postfix, from userid 500)
	id 89977FA97; Fri,  8 Oct 2021 13:15:53 +0000 (UTC)
Content-Transfer-Encoding: 7bit
Content-Type: multipart/mixed; boundary="_----------=_1633698953144860"
MIME-Version: 1.0
Date: Fri, 8 Oct 2021 13:15:53 +0000
From: "Benny Siegert" <bsiegert@netbsd.org>
Subject: CVS commit: [pkgsrc-2021Q3] pkgsrc/net/rsync
To: pkgsrc-changes@NetBSD.org
Reply-To: bsiegert@netbsd.org
X-Mailer: log_accum
Message-Id: <20211008131553.89977FA97@cvs.NetBSD.org>
Sender: pkgsrc-changes-owner@NetBSD.org
List-Id: <pkgsrc-changes.NetBSD.org>
Precedence: bulk
List-Unsubscribe: <mailto:majordomo@NetBSD.org?subject=Unsubscribe%20pkgsrc-changes&body=unsubscribe%20pkgsrc-changes>

This is a multi-part message in MIME format.

--_----------=_1633698953144860
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
Content-Type: text/plain; charset="US-ASCII"

Module Name:	pkgsrc
Committed By:	bsiegert
Date:		Fri Oct  8 13:15:53 UTC 2021

Modified Files:
	pkgsrc/net/rsync [pkgsrc-2021Q3]: Makefile distinfo
Added Files:
	pkgsrc/net/rsync/patches [pkgsrc-2021Q3]: patch-rsync-ssl

Log Message:
Pullup ticket #6507 - requested by tm
net/rsync: security fix

Revisions pulled up:
- net/rsync/Makefile                                            1.116
- net/rsync/distinfo                                            1.52
- net/rsync/patches/patch-rsync-ssl                             1.1

---
   Module Name:	pkgsrc
   Committed By:	wiz
   Date:		Wed Oct  6 08:15:57 UTC 2021

   Modified Files:
   	pkgsrc/net/rsync: Makefile distinfo
   Added Files:
   	pkgsrc/net/rsync/patches: patch-rsync-ssl

   Log Message:
   rsync: fix CVE-2020-14387 using upstream patch.

   Bump PKGREVISION.


To generate a diff of this commit:
cvs rdiff -u -r1.115 -r1.115.10.1 pkgsrc/net/rsync/Makefile
cvs rdiff -u -r1.51 -r1.51.10.1 pkgsrc/net/rsync/distinfo
cvs rdiff -u -r0 -r1.1.2.2 pkgsrc/net/rsync/patches/patch-rsync-ssl

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.


--_----------=_1633698953144860
Content-Disposition: inline
Content-Length: 2406
Content-Transfer-Encoding: binary
Content-Type: text/x-diff; charset=us-ascii

Modified files:

Index: pkgsrc/net/rsync/Makefile
diff -u pkgsrc/net/rsync/Makefile:1.115 pkgsrc/net/rsync/Makefile:1.115.10.1
--- pkgsrc/net/rsync/Makefile:1.115	Fri Aug  7 08:33:37 2020
+++ pkgsrc/net/rsync/Makefile	Fri Oct  8 13:15:53 2021
@@ -1,6 +1,7 @@
-# $NetBSD: Makefile,v 1.115 2020/08/07 08:33:37 adam Exp $
+# $NetBSD: Makefile,v 1.115.10.1 2021/10/08 13:15:53 bsiegert Exp $
 
 DISTNAME=	rsync-3.2.3
+PKGREVISION=	1
 CATEGORIES=	net
 MASTER_SITES=	http://rsync.samba.org/ftp/rsync/
 MASTER_SITES+=	http://rsync.samba.org/ftp/rsync/old-versions/

Index: pkgsrc/net/rsync/distinfo
diff -u pkgsrc/net/rsync/distinfo:1.51 pkgsrc/net/rsync/distinfo:1.51.10.1
--- pkgsrc/net/rsync/distinfo:1.51	Fri Aug  7 08:33:37 2020
+++ pkgsrc/net/rsync/distinfo	Fri Oct  8 13:15:53 2021
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.51 2020/08/07 08:33:37 adam Exp $
+$NetBSD: distinfo,v 1.51.10.1 2021/10/08 13:15:53 bsiegert Exp $
 
 SHA1 (rsync-3.2.3.tar.gz) = 00823f43901e7da39f3f0daf20ec9efae47e959e
 RMD160 (rsync-3.2.3.tar.gz) = 6eea543c7034f1ef4997f72011d4fcdda2a960da
@@ -6,3 +6,4 @@ SHA512 (rsync-3.2.3.tar.gz) = 48b68491f3
 Size (rsync-3.2.3.tar.gz) = 1069784 bytes
 SHA1 (patch-Makefile.in) = ba65c144ebc47aae943ef0e6255b6d8745beaa09
 SHA1 (patch-authenticate.c) = 39b60b2a0742c8b161c2923f89828bd604aa7e83
+SHA1 (patch-rsync-ssl) = 2934471e328d635348f490eb42450856cca271f7

Added files:

Index: pkgsrc/net/rsync/patches/patch-rsync-ssl
diff -u /dev/null pkgsrc/net/rsync/patches/patch-rsync-ssl:1.1.2.2
--- /dev/null	Fri Oct  8 13:15:53 2021
+++ pkgsrc/net/rsync/patches/patch-rsync-ssl	Fri Oct  8 13:15:53 2021
@@ -0,0 +1,16 @@
+$NetBSD: patch-rsync-ssl,v 1.1.2.2 2021/10/08 13:15:53 bsiegert Exp $
+
+CVE-2020-14387:
+rsync-ssl does not verify the hostname in the server certificate when using openssl
+
+--- rsync-ssl.orig	2020-06-17 01:27:48.000000000 +0000
++++ rsync-ssl
+@@ -129,7 +129,7 @@ function rsync_ssl_helper {
+     fi
+ 
+     if [[ $RSYNC_SSL_TYPE == openssl ]]; then
+-	exec $RSYNC_SSL_OPENSSL s_client $caopt $certopt -quiet -verify_quiet -servername $hostname -connect $hostname:$port
++	exec $RSYNC_SSL_OPENSSL s_client $caopt $certopt -quiet -verify_quiet -servername $hostname -verify_hostname $hostname -connect $hostname:$port
+     elif [[ $RSYNC_SSL_TYPE == gnutls ]]; then
+ 	exec $RSYNC_SSL_GNUTLS --logfile=/dev/null $gnutls_cert_opt $gnutls_opts $hostname:$port
+     else


--_----------=_1633698953144860--