5d5c619410
A flaw was found in rsync in versions since 3.2.0pre1. Rsync improperly validates certificate with host mismatch vulnerability. A remote, unauthenticated attacker could exploit the flaw by performing a man-in-the-middle attack using a valid certificate for another hostname which could compromise confidentiality and integrity of data transmitted using rsync-ssl. The highest threat from this vulnerability is to data confidentiality and integrity. This flaw affects rsync versions before 3.2.4. Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> [Peter: add a comment explaining what patch fixes this CVE] Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
33 lines
815 B
Makefile
33 lines
815 B
Makefile
################################################################################
|
|
#
|
|
# rsync
|
|
#
|
|
################################################################################
|
|
|
|
RSYNC_VERSION = 3.2.3
|
|
RSYNC_SITE = http://rsync.samba.org/ftp/rsync/src
|
|
RSYNC_LICENSE = GPL-3.0+ with exceptions
|
|
RSYNC_LICENSE_FILES = COPYING
|
|
RSYNC_CPE_ID_VENDOR = samba
|
|
RSYNC_DEPENDENCIES = zlib popt
|
|
RSYNC_CONF_OPTS = \
|
|
--with-included-zlib=no \
|
|
--with-included-popt=no \
|
|
--disable-simd \
|
|
--disable-openssl \
|
|
--disable-xxhash \
|
|
--disable-zstd \
|
|
--disable-lz4 \
|
|
--disable-asm
|
|
|
|
# 0001-rsync-ssl-Verify-the-hostname-in-the-certificate-when-using-openssl.patch
|
|
RSYNC_IGNORE_CVES += CVE-2020-14387
|
|
|
|
ifeq ($(BR2_PACKAGE_ACL),y)
|
|
RSYNC_DEPENDENCIES += acl
|
|
else
|
|
RSYNC_CONF_OPTS += --disable-acl-support
|
|
endif
|
|
|
|
$(eval $(autotools-package))
|