ports/71472: [PATCH] shells/rssh: update to 2.2.1
Yen-Ming Lee
leeym at FreeBSD.org
Tue Sep 7 17:50:24 UTC 2004
>Number: 71472
>Category: ports
>Synopsis: [PATCH] shells/rssh: update to 2.2.1
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: freebsd-ports-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: update
>Submitter-Id: current-users
>Arrival-Date: Tue Sep 07 17:50:23 GMT 2004
>Closed-Date:
>Last-Modified:
>Originator: Yen-Ming Lee
>Release: FreeBSD 5.3-BETA3 i386
>Organization:
FreeBSD Taiwan
>Environment:
System: FreeBSD utopia.leeym.com 5.3-BETA3 FreeBSD 5.3-BETA3 #1: Sun Sep 5 01:06:46 CST
>Description:
- rssh < 2.2.1 has information disclosure vulnerability, so update to 2.2.1
- rssh depends on rsync and rdist
Removed file(s):
- files/patch-util.c
Port maintainer (enigmatyc at laposte.net) is cc'd.
Generated with FreeBSD Port Tools 0.63
>How-To-Repeat:
http://www.FreeBSD.org/ports/portaudit/a4815970-c5cc-11d8-8898-000d6111a684.html
>Fix:
--- rssh-2.2.1.patch begins here ---
Index: Makefile
===================================================================
RCS file: /home/pcvs/ports/shells/rssh/Makefile,v
retrieving revision 1.2
diff -u -u -r1.2 Makefile
--- Makefile 23 May 2004 13:31:11 -0000 1.2
+++ Makefile 7 Sep 2004 17:42:05 -0000
@@ -6,7 +6,7 @@
#
PORTNAME= rssh
-PORTVERSION= 2.1.1
+PORTVERSION= 2.2.1
CATEGORIES= shells security
MASTER_SITES= ${MASTER_SITE_SOURCEFORGE}
MASTER_SITE_SUBDIR= ${PORTNAME}
@@ -14,8 +14,15 @@
MAINTAINER= enigmatyc at laposte.net
COMMENT= A Restricted Secure SHell only for sftp or/and scp
+RUN_DEPENDS= ${LOCALBASE}/bin/rsync:${PORTSDIR}/net/rsync \
+ ${LOCALBASE}/bin/rdist6:${PORTSDIR}/net/rdist6
+
GNU_CONFIGURE= yes
+CONFIGURE_ARGS= --with-rsync=${LOCALBASE}/bin/rsync \
+ --with-rdist=${LOCALBASE}/bin/rdist6
+
MAN1= rssh.1
+MAN5= rssh.conf.5
PLIST_FILES= bin/rssh etc/rssh.conf.dist libexec/rssh_chroot_helper
.include <bsd.port.pre.mk>
Index: distinfo
===================================================================
RCS file: /home/pcvs/ports/shells/rssh/distinfo,v
retrieving revision 1.1
diff -u -u -r1.1 distinfo
--- distinfo 21 May 2004 13:37:24 -0000 1.1
+++ distinfo 7 Sep 2004 17:42:05 -0000
@@ -1,2 +1,2 @@
-MD5 (rssh-2.1.1.tar.gz) = d5260ad91fe71ba28ecb310892cc4139
-SIZE (rssh-2.1.1.tar.gz) = 88858
+MD5 (rssh-2.2.1.tar.gz) = 2d427ee7f4ea46b075fa0ab3f39b4089
+SIZE (rssh-2.2.1.tar.gz) = 95552
Index: files/patch-util.c
===================================================================
RCS file: files/patch-util.c
diff -N files/patch-util.c
--- files/patch-util.c 21 May 2004 13:37:24 -0000 1.1
+++ /dev/null 1 Jan 1970 00:00:00 -0000
@@ -1,94 +0,0 @@
---- util.c.orig Mon Jul 7 20:41:29 2003
-+++ util.c Fri Apr 16 01:28:16 2004
-@@ -1,9 +1,9 @@
- /*
- * util.c - utility functions for rssh
-- *
-+ *
- * Copyright 2003 Derek D. Martin ( code at pizzashack dot org ).
- *
-- * This program is licensed under a BSD-style license, as follows:
-+ * This program is licensed under a BSD-style license, as follows:
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
-@@ -66,10 +66,10 @@
- extern char *username;
- extern char *progname;
-
--/*
-+/*
- * build_arg_vector() - return a pointer to a vector of strings which
- * represent the arguments of the command to execv().
-- */
-+ */
- char **build_arg_vector( char *str, size_t reserve )
- {
-
-@@ -77,18 +77,18 @@
- int retc;
-
- result.we_offs = reserve;
-- if ( (retc = wordexp(str, &result, WRDE_NOCMD|WRDE_DOOFFS)) ){
-+ if ( (retc = wordexp(str, &result, WRDE_NOCMD|WRDE_DOOFS)) ){
- log_set_priority(LOG_ERR);
- switch( retc ){
- case WRDE_BADCHAR:
- case WRDE_CMDSUB:
-- fprintf(stderr, "%s: bad characters in arguments\n",
-+ fprintf(stderr, "%s: bad characters in arguments\n",
- progname);
- log_msg("user %s used bad chars in command",
- username);
- break;
- default:
-- fprintf(stderr, "%s: error expanding arguments\n",
-+ fprintf(stderr, "%s: error expanding arguments\n",
- progname);
- log_msg("error expanding arguments for user %s",
- username);
-@@ -105,7 +105,7 @@
-
- log_set_priority(LOG_ERR);
- /* determine which commands are usable for error message */
-- if ( (flags & (RSSH_ALLOW_SCP | RSSH_ALLOW_SFTP)) ==
-+ if ( (flags & (RSSH_ALLOW_SCP | RSSH_ALLOW_SFTP)) ==
- (RSSH_ALLOW_SCP | RSSH_ALLOW_SFTP) )
- cmd = " to scp or sftp";
- else if ( flags & RSSH_ALLOW_SCP )
-@@ -147,7 +147,7 @@
- len = strlen(PATH_SFTP_SERVER);
- if ( cl_len < len ) len = cl_len;
- /* check to see if cl starts with an allowed command */
-- if ( !(strncmp(cl, PATH_SFTP_SERVER, len)) &&
-+ if ( !(strncmp(cl, PATH_SFTP_SERVER, len)) &&
- (isspace(cl[len]) || cl[len] == '\0') &&
- opts->shell_flags & RSSH_ALLOW_SFTP )
- return PATH_SFTP_SERVER;
-@@ -155,7 +155,7 @@
- len = 3;
- /* if cl_len is less than 3, then it's not a valid command */
- if ( cl_len < 3 ) return NULL;
-- if ( !(strncmp(cl, "scp", len)) &&
-+ if ( !(strncmp(cl, "scp", len)) &&
- (isspace(cl[len])) &&
- opts->shell_flags & RSSH_ALLOW_SCP ){
- return PATH_SCP;
-@@ -183,7 +183,7 @@
- len--;
- }
- if ( (strncmp(root, path, len)) ) return NULL;
--
-+
- /*
- * path[len] is the first character of path which is not part of root.
- * If it is not '/' then we chopped path off in the middle of a path
-@@ -223,7 +223,7 @@
- * them. Returns the bits in the bool pointers of the
- * same name, and returns FALSE if the bits are not valid
- */
--int validate_access( const char *temp, bool *allow_sftp,
-+int validate_access( const char *temp, bool *allow_sftp,
- bool *allow_scp )
- {
- char scp[2];
--- rssh-2.2.1.patch ends here ---
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-ports-bugs
mailing list