From 8795b919c39fc22c0d476a7a6ba34ae36abab39a Mon Sep 17 00:00:00 2001 From: Yen-Ming Lee Date: Tue, 21 Sep 2004 20:37:18 +0000 Subject: - rssh < 2.2.1 has information disclosure vulnerability, so update to 2.2.1 - rssh depends on rsync and rdist (optionally) PR: 71472 Submitted by: leeym Approved by: portmgr (marcus) --- shells/rssh/Makefile | 19 ++++++++- shells/rssh/distinfo | 4 +- shells/rssh/files/patch-util.c | 94 ------------------------------------------ 3 files changed, 20 insertions(+), 97 deletions(-) delete mode 100644 shells/rssh/files/patch-util.c (limited to 'shells/rssh') diff --git a/shells/rssh/Makefile b/shells/rssh/Makefile index 19c4d38faf63..2eafc12183b5 100644 --- a/shells/rssh/Makefile +++ b/shells/rssh/Makefile @@ -6,7 +6,7 @@ # PORTNAME= rssh -PORTVERSION= 2.1.1 +PORTVERSION= 2.2.1 CATEGORIES= shells security MASTER_SITES= ${MASTER_SITE_SOURCEFORGE} MASTER_SITE_SUBDIR= ${PORTNAME} @@ -15,11 +15,28 @@ MAINTAINER= enigmatyc@laposte.net COMMENT= A Restricted Secure SHell only for sftp or/and scp GNU_CONFIGURE= yes + MAN1= rssh.1 +MAN5= rssh.conf.5 PLIST_FILES= bin/rssh etc/rssh.conf.dist libexec/rssh_chroot_helper +OPTIONS= RSYNC "rsync support" off \ + RDIST "rdist support" off + .include + .if ${OSVERSION} < 500000 IGNORE= wordexp() is not supported on 4.x .endif + +.if defined(WITH_RSYNC) +RUN_DEPENDS+= ${LOCALBASE}/bin/rsync:${PORTSDIR}/net/rsync +CONFIGURE_ARGS+=--with-rsync=${LOCALBASE}/bin/rsync +.endif + +.if defined(WITH_RSYNC) +RUN_DEPENDS+= ${LOCALBASE}/bin/rdist6:${PORTSDIR}/net/rdist6 +CONFIGURE_ARGS+=--with-rdist=${LOCALBASE}/bin/rdist6 +.endif + .include diff --git a/shells/rssh/distinfo b/shells/rssh/distinfo index 5ac9df40f477..50b868ca1cb1 100644 --- a/shells/rssh/distinfo +++ b/shells/rssh/distinfo @@ -1,2 +1,2 @@ -MD5 (rssh-2.1.1.tar.gz) = d5260ad91fe71ba28ecb310892cc4139 -SIZE (rssh-2.1.1.tar.gz) = 88858 +MD5 (rssh-2.2.1.tar.gz) = 2d427ee7f4ea46b075fa0ab3f39b4089 +SIZE (rssh-2.2.1.tar.gz) = 95552 diff --git a/shells/rssh/files/patch-util.c b/shells/rssh/files/patch-util.c deleted file mode 100644 index 46474e8e07ad..000000000000 --- a/shells/rssh/files/patch-util.c +++ /dev/null @@ -1,94 +0,0 @@ ---- util.c.orig Mon Jul 7 20:41:29 2003 -+++ util.c Fri Apr 16 01:28:16 2004 -@@ -1,9 +1,9 @@ - /* - * util.c - utility functions for rssh -- * -+ * - * Copyright 2003 Derek D. Martin ( code at pizzashack dot org ). - * -- * This program is licensed under a BSD-style license, as follows: -+ * This program is licensed under a BSD-style license, as follows: - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions -@@ -66,10 +66,10 @@ - extern char *username; - extern char *progname; - --/* -+/* - * build_arg_vector() - return a pointer to a vector of strings which - * represent the arguments of the command to execv(). -- */ -+ */ - char **build_arg_vector( char *str, size_t reserve ) - { - -@@ -77,18 +77,18 @@ - int retc; - - result.we_offs = reserve; -- if ( (retc = wordexp(str, &result, WRDE_NOCMD|WRDE_DOOFFS)) ){ -+ if ( (retc = wordexp(str, &result, WRDE_NOCMD|WRDE_DOOFS)) ){ - log_set_priority(LOG_ERR); - switch( retc ){ - case WRDE_BADCHAR: - case WRDE_CMDSUB: -- fprintf(stderr, "%s: bad characters in arguments\n", -+ fprintf(stderr, "%s: bad characters in arguments\n", - progname); - log_msg("user %s used bad chars in command", - username); - break; - default: -- fprintf(stderr, "%s: error expanding arguments\n", -+ fprintf(stderr, "%s: error expanding arguments\n", - progname); - log_msg("error expanding arguments for user %s", - username); -@@ -105,7 +105,7 @@ - - log_set_priority(LOG_ERR); - /* determine which commands are usable for error message */ -- if ( (flags & (RSSH_ALLOW_SCP | RSSH_ALLOW_SFTP)) == -+ if ( (flags & (RSSH_ALLOW_SCP | RSSH_ALLOW_SFTP)) == - (RSSH_ALLOW_SCP | RSSH_ALLOW_SFTP) ) - cmd = " to scp or sftp"; - else if ( flags & RSSH_ALLOW_SCP ) -@@ -147,7 +147,7 @@ - len = strlen(PATH_SFTP_SERVER); - if ( cl_len < len ) len = cl_len; - /* check to see if cl starts with an allowed command */ -- if ( !(strncmp(cl, PATH_SFTP_SERVER, len)) && -+ if ( !(strncmp(cl, PATH_SFTP_SERVER, len)) && - (isspace(cl[len]) || cl[len] == '\0') && - opts->shell_flags & RSSH_ALLOW_SFTP ) - return PATH_SFTP_SERVER; -@@ -155,7 +155,7 @@ - len = 3; - /* if cl_len is less than 3, then it's not a valid command */ - if ( cl_len < 3 ) return NULL; -- if ( !(strncmp(cl, "scp", len)) && -+ if ( !(strncmp(cl, "scp", len)) && - (isspace(cl[len])) && - opts->shell_flags & RSSH_ALLOW_SCP ){ - return PATH_SCP; -@@ -183,7 +183,7 @@ - len--; - } - if ( (strncmp(root, path, len)) ) return NULL; -- -+ - /* - * path[len] is the first character of path which is not part of root. - * If it is not '/' then we chopped path off in the middle of a path -@@ -223,7 +223,7 @@ - * them. Returns the bits in the bool pointers of the - * same name, and returns FALSE if the bits are not valid - */ --int validate_access( const char *temp, bool *allow_sftp, -+int validate_access( const char *temp, bool *allow_sftp, - bool *allow_scp ) - { - char scp[2]; -- cgit v1.2.3