From owner-freebsd-ports-bugs@FreeBSD.ORG Thu Dec 2 22:50:08 2004 Return-Path: Delivered-To: freebsd-ports-bugs@hub.freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 194DF16A4CE for ; Thu, 2 Dec 2004 22:50:08 +0000 (GMT) Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id E4B8E43D4C for ; Thu, 2 Dec 2004 22:50:07 +0000 (GMT) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1]) by freefall.freebsd.org (8.13.1/8.13.1) with ESMTP id iB2Mo7go030234 for ; Thu, 2 Dec 2004 22:50:07 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.13.1/8.13.1/Submit) id iB2Mo7Ps030233; Thu, 2 Dec 2004 22:50:07 GMT (envelope-from gnats) Resent-Date: Thu, 2 Dec 2004 22:50:07 GMT Resent-Message-Id: <200412022250.iB2Mo7Ps030233@freefall.freebsd.org> Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer) Resent-To: freebsd-ports-bugs@FreeBSD.org Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org, Hideyuki KURASHINA Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 569EB16A4D0 for ; Thu, 2 Dec 2004 22:40:48 +0000 (GMT) Received: from wasley.bl.mmtr.or.jp (wasley.bl.mmtr.or.jp [210.228.173.142]) by mx1.FreeBSD.org (Postfix) with SMTP id 5C81143D48 for ; Thu, 2 Dec 2004 22:40:47 +0000 (GMT) (envelope-from rushani@FreeBSD.org) Received: (qmail 17879 invoked from network); 3 Dec 2004 07:40:44 +0900 Received: from unknown (HELO localhost) (202.229.142.170) by wasley.bl.mmtr.or.jp with SMTP; 3 Dec 2004 07:40:44 +0900 Message-Id: <20041203.074028.21879762.rushani@FreeBSD.org> Date: Fri, 03 Dec 2004 07:40:28 +0900 (JST) From: Hideyuki KURASHINA To: FreeBSD-gnats-submit@FreeBSD.org X-Send-Pr-Version: 3.113 Subject: ports/74633: [Maintainer update] shells/scponly: Update to 4.0(security vulnerability fixed in this version) X-BeenThere: freebsd-ports-bugs@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Ports bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 02 Dec 2004 22:50:08 -0000 >Number: 74633 >Category: ports >Synopsis: [Maintainer update] shells/scponly: Update to 4.0 (security vulnerability fixed in this version) >Confidential: no >Severity: serious >Priority: medium >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: maintainer-update >Submitter-Id: current-users >Arrival-Date: Thu Dec 02 22:50:07 GMT 2004 >Closed-Date: >Last-Modified: >Originator: Hideyuki KURASHINA >Release: FreeBSD 5.3-STABLE i386 >Organization: >Environment: System: FreeBSD ***.*******.jp 5.3-STABLE FreeBSD 5.3-STABLE #0: Sun Nov 7 16:21:11 JST 2004 hideyuki@***.*******.jp:/usr/obj/usr/src/sys/*** i386 >Description: Update to 4.0, which include a fix for security issue (Arbitrary command execution) recently discoverd by Jason Wies. See followings for details: http://www.sublimation.org/scponly/#relnotes http://www.securityfocus.com/archive/1/383046 http://marc.theaimsgroup.com/?l=bugtraq&m=110202047507273&w=2 >How-To-Repeat: According to the Jason's report, ssh restricteduser@remotehost 'rsync -e "touch /tmp/example --" localhost:/dev/null /tmp' scp command.sh restricteduser@remotehost:/tmp/command.sh ssh restricteduser@remotehost 'scp -S /tmp/command.sh localhost:/dev/null /tmp' Regarding to the first item, /tmp/example is actually touch(1)'ed (Please note that touch(1) is not allowed program by scponly). Second item is confirmed to work. >Fix: Apply following patch, Index: Makefile =================================================================== RCS file: /home/ncvs/ports/shells/scponly/Makefile,v retrieving revision 1.12 diff -u -r1.12 Makefile --- Makefile 17 Jul 2004 13:02:01 -0000 1.12 +++ Makefile 28 Nov 2004 14:25:35 -0000 @@ -15,6 +15,11 @@ # # Core funcionality: # +# SCPONLY_DEFAULT_CHDIR=DIR +# default: undefined +# example: public_html +# define if you want to make users `cd' to this directory after authentication +# # WITHOUT_SCPONLY_WILDCARDS # default: undefined # define if you want to disable wildcard processing. @@ -39,6 +44,10 @@ # default: undefined # define if you want to enable rsync compatibility. # +# WITH_SCPONLY_SVN +# default: undefined +# define if you want to enable subversion compatibility. +# # WITH_SCPONLY_UNISON # default: undefined # define if you want to enable unison compatibility. @@ -53,7 +62,7 @@ # to be installed. PORTNAME= scponly -PORTVERSION= 3.11 +PORTVERSION= 4.0 PORTREVISION= 0 CATEGORIES= shells MASTER_SITES= http://www.sublimation.org/scponly/ @@ -69,6 +78,10 @@ .include +.if defined(SCPONLY_DEFAULT_CHDIR) && !empty(SCPONLY_DEFAULT_CHDIR) +CONFIGURE_ARGS+=--with-default-chdir=${SCPONLY_DEFAULT_CHDIR} +.endif + .if defined(WITHOUT_SCPONLY_WILDCARDS) CONFIGURE_ARGS+=--disable-wildcards .endif @@ -96,6 +109,12 @@ CONFIGURE_ARGS+=--enable-rsync-compat .endif +.if defined(WITH_SCPONLY_SVN) +BUILD_DEPENDS+= svn:${PORTSDIR}/devel/subversion +RUN_DEPENDS+= ${BUILD_DEPENDS} +CONFIGURE_ARGS+=--enable-svn-compat +.endif + .if defined(WITH_SCPONLY_UNISON) BUILD_DEPENDS+= unison:${PORTSDIR}/net/unison RUN_DEPENDS+= ${BUILD_DEPENDS} Index: distinfo =================================================================== RCS file: /home/ncvs/ports/shells/scponly/distinfo,v retrieving revision 1.8 diff -u -r1.8 distinfo --- distinfo 17 Jul 2004 13:02:01 -0000 1.8 +++ distinfo 29 Nov 2004 02:00:43 -0000 @@ -1,2 +1,2 @@ -MD5 (scponly-3.11.tgz) = cdbbc570c2bf3cad33ecf66d0af41372 -SIZE (scponly-3.11.tgz) = 83767 +MD5 (scponly-4.0.tgz) = 1706732945996865ed0cccd440b64fc1 +SIZE (scponly-4.0.tgz) = 85053 Index: files/patch-aa =================================================================== RCS file: files/patch-aa diff -N files/patch-aa --- files/patch-aa 17 Jul 2004 13:02:01 -0000 1.1 +++ /dev/null 1 Jan 1970 00:00:00 -0000 @@ -1,14 +0,0 @@ ---- scponly.c.orig Mon Mar 22 14:30:38 2004 -+++ scponly.c Sat Jul 17 19:43:04 2004 -@@ -442,9 +442,9 @@ - (-1 == asprintf( &env[0], "HOME=%s", homedir))) - { - syslog(LOG_ERR, "could not set HOME environment variable(%s))", logstamp()); -- exit(EXIT_FAIL); -+ exit(EXIT_FAILURE); - } -- if (debug) -+ if (debuglevel) - syslog(LOG_DEBUG, "set HOME environment variable to %s (%s))", env[0], logstamp()); - #endif - >Release-Note: >Audit-Trail: >Unformatted: