diff options
| author | Chris Rees <crees@FreeBSD.org> | 2013-05-15 17:29:33 +0000 |
|---|---|---|
| committer | Chris Rees <crees@FreeBSD.org> | 2013-05-15 17:29:33 +0000 |
| commit | ef6baa35965adc8e867d48f995b10b1229875370 (patch) | |
| tree | cdd4643238bb17905d3fee0cf5dc9805a4fe85e6 | |
| parent | - Update GNU Awk to 4.1.0 (diff) | |
security/cfs: Resurrect and maintain CFS.
The referenced security issues have been fixed in this version (1.5.0 beta), and
some small bugs have been found too, with many fixes from Debian's Gerrit Pape.
Obtained from: Debian (parts)
Security: CVE-2002-0351
Security: CVE-2006-3123
Notes
Notes:
svn path=/head/; revision=318250
| -rw-r--r-- | MOVED | 1 | ||||
| -rw-r--r-- | security/Makefile | 1 | ||||
| -rw-r--r-- | security/cfs/Makefile | 38 | ||||
| -rw-r--r-- | security/cfs/distinfo | 2 | ||||
| -rw-r--r-- | security/cfs/files/cfsd.in | 49 | ||||
| -rw-r--r-- | security/cfs/files/pkg-message.in | 22 | ||||
| -rw-r--r-- | security/cfs/pkg-descr | 11 | ||||
| -rw-r--r-- | security/cfs/pkg-plist | 13 |
8 files changed, 136 insertions, 1 deletions
@@ -2678,7 +2678,6 @@ dns/nsd2||2011-09-30|EOL since 2007, unsupported. Use dns/nsd instead audio/orpheus|audio/cmus|2011-10-01|Has expired: Contains problem with autotools, security CVE-2005-3863. Use audio/cmus instead sysutils/syslog-ng3-devel|sysutils/syslog-ng-devel|2011-10-04|Port renamed sysutils/cfvers||2011-10-04|Has expired: Dead upstream, author disowns it, use git/hg instead -security/cfs||2011-10-04|Has expired: Locks don't work, ports/137378, unmaintained, dead upstream, insecure devel/p5-Scalar-Util-Clone||2011-10-05|Disappear from CPAN print/lyx14||2011-10-05|Has expired: last release in 2007, use print/lyx16 or print/lyx instead multimedia/enjoympeg||2011-10-05|Has expired: Looks like abandonware, no more public distfiles diff --git a/security/Makefile b/security/Makefile index cb8f87a8fc8b..301171687bd9 100644 --- a/security/Makefile +++ b/security/Makefile @@ -56,6 +56,7 @@ SUBDIR += calife-devel SUBDIR += ccrypt SUBDIR += ccsrch + SUBDIR += cfs SUBDIR += cfv SUBDIR += chaosreader SUBDIR += checkpassword diff --git a/security/cfs/Makefile b/security/cfs/Makefile new file mode 100644 index 000000000000..d8063fdc1728 --- /dev/null +++ b/security/cfs/Makefile @@ -0,0 +1,38 @@ +# Created by: John Polstra <jdp@polstra.com> +# $FreeBSD$ + +PORTNAME= cfs +DISTVERSION= 1.5.0.beta +CATEGORIES= security +MASTER_SITES= http://www.bayofrum.net/dist/${PORTNAME}/ + +MAINTAINER= crees@FreeBSD.org +COMMENT= A cryptographic file system implemented as a user-space NFS server + +ALL_TARGET= cfs +MAKE_ARGS= CC=cc +MAN1= cattach.1 cdetach.1 cmkdir.1 cpasswd.1 cfssh.1 +MAN8= ccat.8 cfsd.8 cname.8 + +CFSD_BOOTSTRAP= ${PREFIX}/cfsd-bootstrap +USE_RC_SUBR= cfsd +SUB_FILES= pkg-message +SUB_LIST= CFSD_BOOTSTRAP=${CFSD_BOOTSTRAP} +PLIST_SUB= CFSD_BOOTSTRAP=${CFSD_BOOTSTRAP} + +post-patch: + ${REINPLACE_CMD} 's/^\.TH SSH/.TH CFSSH/' ${WRKSRC}/cfssh.1 + +do-install: + @cd ${WRKSRC}; \ + ${INSTALL_PROGRAM} ccat cfsd cname ${PREFIX}/sbin; \ + ${INSTALL_PROGRAM} cattach cdetach cmkdir cpasswd ${PREFIX}/bin; \ + ${INSTALL_SCRIPT} cfssh ${PREFIX}/bin/cfssh; \ + ${INSTALL_MAN} ${MAN1} ${PREFIX}/man/man1; \ + ${INSTALL_MAN} ${MAN8} ${PREFIX}/man/man8; \ + ${MKDIR} ${PREFIX}/share/doc/cfs; \ + ${INSTALL_DATA} README.install notes.ms ${PREFIX}/share/doc/cfs + ${INSTALL} -d ${_BINOWNGRP} -m 0 ${CFSD_BOOTSTRAP} + @${CAT} ${PKGMESSAGE} + +.include <bsd.port.mk> diff --git a/security/cfs/distinfo b/security/cfs/distinfo new file mode 100644 index 000000000000..60c1a6a42b16 --- /dev/null +++ b/security/cfs/distinfo @@ -0,0 +1,2 @@ +SHA256 (cfs-1.5.0.beta.tar.gz) = 55eed20e9e2dd05bf54aa34a91fd90574005f805e9d4eb9c1dcf63d188ffdc59 +SIZE (cfs-1.5.0.beta.tar.gz) = 108992 diff --git a/security/cfs/files/cfsd.in b/security/cfs/files/cfsd.in new file mode 100644 index 000000000000..065f0daeaa1e --- /dev/null +++ b/security/cfs/files/cfsd.in @@ -0,0 +1,49 @@ +#!/bin/sh +# +# $FreeBSD$ +# +# PROVIDE: cfsd +# REQUIRE: mountd +# +# Add the following line to /etc/rc.conf to enable cfsd: +# +# cfsd_enable=YES +# +# Additional options: +# +# cfsd_port=3049 # the port to listen to +# cfsd_mountpoint=/crypt # the CFS mountpoint +# + +. /etc/rc.subr + +name=cfsd +rcvar=cfsd_enable + +load_rc_config $name + +: ${cfsd_enable=no} +: ${cfsd_port=3049} +: ${cfsd_mountpoint=/crypt} + +command=%%PREFIX%%/sbin/cfsd +command_args="$cfsd_port > /dev/null 2>&1" +required_dirs="%%CFSD_BOOTSTRAP%% $cfsd_mountpoint" +start_postcmd=cfsd_poststart +stop_precmd=cfsd_prestop + +cfsd_poststart() +{ + if [ -n "$cfsd_mountpoint" ]; then + mount -o port="$cfsd_port",mntudp,nfsv2 localhost:%%CFSD_BOOTSTRAP%% "$cfsd_mountpoint" + fi +} + +cfsd_prestop() +{ + if [ -n "$cfsd_mountpoint" ]; then + umount "$cfsd_mountpoint" + fi +} + +run_rc_command $1 diff --git a/security/cfs/files/pkg-message.in b/security/cfs/files/pkg-message.in new file mode 100644 index 000000000000..31217fe7c7e7 --- /dev/null +++ b/security/cfs/files/pkg-message.in @@ -0,0 +1,22 @@ +=============================================================================== +Quick start instructions: + + - add the following entry to /etc/exports: + + %%CFSD_BOOTSTRAP%% localhost + + - create the default CFS mountpoint (if you want to use a different + mountpoint, set the cfsd_mountpoint variable in /etc/rc.conf): + + # mkdir /crypt + + - enable rpcbind, mountd and cfsd in /etc/rc.conf: + + cfsd_enable="YES" + mountd_enable="YES" + + - start mountd and cfsd, or restart: + + # service mountd start + # service cfsd start +=============================================================================== diff --git a/security/cfs/pkg-descr b/security/cfs/pkg-descr new file mode 100644 index 000000000000..2611ddd37af7 --- /dev/null +++ b/security/cfs/pkg-descr @@ -0,0 +1,11 @@ +This is CFS, Matt Blaze's Cryptographic File System. It provides +transparent encryption and decryption of selected directory trees. +It is implemented as a user-level NFS server and thus does not +require any kernel modifications. + +For an overview of how to use it, read "${PREFIX}/share/doc/cfs/notes.ms" +and the manual pages. There is a paper describing CFS at: + + http://www.crypto.com/papers/cfs.pdf + +WWW: http://www.bayofrum.net/cgi-bin/fossil/cfs/ diff --git a/security/cfs/pkg-plist b/security/cfs/pkg-plist new file mode 100644 index 000000000000..b32516fed14c --- /dev/null +++ b/security/cfs/pkg-plist @@ -0,0 +1,13 @@ +bin/cattach +bin/cdetach +bin/cmkdir +bin/cpasswd +bin/cfssh +sbin/ccat +sbin/cfsd +sbin/cname +share/doc/cfs/README.install +share/doc/cfs/notes.ms +@exec install -d -o root -g wheel -m 0 %%CFSD_BOOTSTRAP%% 2>/dev/null || true +@unexec rmdir %%CFSD_BOOTSTRAP%% 2>/dev/null || true +@dirrm share/doc/cfs |