Hello community, here is the log from the commit of package rsync for openSUSE:Factory checked in at 2020-09-08 22:45:00 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/rsync (Old) and /work/SRC/openSUSE:Factory/.rsync.new.3399 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "rsync" Tue Sep 8 22:45:00 2020 rev:73 rq:832054 version:3.2.3 Changes: -------- --- /work/SRC/openSUSE:Factory/rsync/rsync.changes 2020-08-19 18:43:20.047417050 +0200 +++ /work/SRC/openSUSE:Factory/.rsync.new.3399/rsync.changes 2020-09-08 22:45:36.791466267 +0200 @@ -1,0 +2,7 @@ +Fri Sep 4 10:25:17 UTC 2020 - Pedro Monreal <[email protected]> + +- Security fix: [bsc#1176160, CVE-2020-14387] + * rsync-ssl: Verify the hostname in the certificate when using openssl. +- Add rsync-CVE-2020-14387.patch + +------------------------------------------------------------------- New: ---- rsync-CVE-2020-14387.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ rsync.spec ++++++ --- /var/tmp/diff_new_pack.cFY5fY/_old 2020-09-08 22:45:38.479467089 +0200 +++ /var/tmp/diff_new_pack.cFY5fY/_new 2020-09-08 22:45:38.479467089 +0200 @@ -42,6 +42,7 @@ Source11: http://rsync.samba.org/ftp/rsync/src/rsync-patches-%{version}.tar.gz.asc Source12: %{name}.keyring Patch0: rsync-no-libattr.patch +Patch1: rsync-CVE-2020-14387.patch BuildRequires: autoconf BuildRequires: automake BuildRequires: c++_compiler @@ -78,6 +79,7 @@ patch -p1 < patches/slp.diff %patch0 -p1 +%patch1 -p1 %build autoreconf -fiv ++++++ rsync-CVE-2020-14387.patch ++++++ X-Git-Url: http://git.samba.org/?p=rsync.git;a=blobdiff_plain;f=rsync-ssl;h=46701af160ecff16680b30faf6a1f325fac62359;hp=8101975ac6ef1e9e683e6658a61e49fbe02c5f52;hb=c3f7414;hpb=4c4fce51072c9189cfb11b52aa54fed79f5741bd diff --git a/rsync-ssl b/rsync-ssl index 8101975a..46701af1 100755 --- a/rsync-ssl +++ b/rsync-ssl @@ -129,7 +129,7 @@ function rsync_ssl_helper { fi if [[ $RSYNC_SSL_TYPE == openssl ]]; then - exec $RSYNC_SSL_OPENSSL s_client $caopt $certopt -quiet -verify_quiet -servername $hostname -connect $hostname:$port + exec $RSYNC_SSL_OPENSSL s_client $caopt $certopt -quiet -verify_quiet -servername $hostname -verify_hostname $hostname -connect $hostname:$port elif [[ $RSYNC_SSL_TYPE == gnutls ]]; then exec $RSYNC_SSL_GNUTLS --logfile=/dev/null $gnutls_cert_opt $gnutls_opts $hostname:$port else
