Date: Wed, 8 Sep 2004 01:47:19 +0800 (CST) From: Yen-Ming Lee <leeym@FreeBSD.org> To: FreeBSD-gnats-submit@FreeBSD.org Cc: enigmatyc@laposte.net Subject: ports/71472: [PATCH] shells/rssh: update to 2.2.1 Message-ID: <20040907174719.BD95B3EADE5@utopia.leeym.com> Resent-Message-ID: <200409071750.i87HoNxe039558@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 71472 >Category: ports >Synopsis: [PATCH] shells/rssh: update to 2.2.1 >Confidential: no >Severity: serious >Priority: medium >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: update >Submitter-Id: current-users >Arrival-Date: Tue Sep 07 17:50:23 GMT 2004 >Closed-Date: >Last-Modified: >Originator: Yen-Ming Lee >Release: FreeBSD 5.3-BETA3 i386 >Organization: FreeBSD Taiwan >Environment: System: FreeBSD utopia.leeym.com 5.3-BETA3 FreeBSD 5.3-BETA3 #1: Sun Sep 5 01:06:46 CST >Description: - rssh < 2.2.1 has information disclosure vulnerability, so update to 2.2.1 - rssh depends on rsync and rdist Removed file(s): - files/patch-util.c Port maintainer (enigmatyc@laposte.net) is cc'd. Generated with FreeBSD Port Tools 0.63 >How-To-Repeat: http://www.FreeBSD.org/ports/portaudit/a4815970-c5cc-11d8-8898-000d6111a684.html >Fix: --- rssh-2.2.1.patch begins here --- Index: Makefile =================================================================== RCS file: /home/pcvs/ports/shells/rssh/Makefile,v retrieving revision 1.2 diff -u -u -r1.2 Makefile --- Makefile 23 May 2004 13:31:11 -0000 1.2 +++ Makefile 7 Sep 2004 17:42:05 -0000 @@ -6,7 +6,7 @@ # PORTNAME= rssh -PORTVERSION= 2.1.1 +PORTVERSION= 2.2.1 CATEGORIES= shells security MASTER_SITES= ${MASTER_SITE_SOURCEFORGE} MASTER_SITE_SUBDIR= ${PORTNAME} @@ -14,8 +14,15 @@ MAINTAINER= enigmatyc@laposte.net COMMENT= A Restricted Secure SHell only for sftp or/and scp +RUN_DEPENDS= ${LOCALBASE}/bin/rsync:${PORTSDIR}/net/rsync \ + ${LOCALBASE}/bin/rdist6:${PORTSDIR}/net/rdist6 + GNU_CONFIGURE= yes +CONFIGURE_ARGS= --with-rsync=${LOCALBASE}/bin/rsync \ + --with-rdist=${LOCALBASE}/bin/rdist6 + MAN1= rssh.1 +MAN5= rssh.conf.5 PLIST_FILES= bin/rssh etc/rssh.conf.dist libexec/rssh_chroot_helper .include <bsd.port.pre.mk> Index: distinfo =================================================================== RCS file: /home/pcvs/ports/shells/rssh/distinfo,v retrieving revision 1.1 diff -u -u -r1.1 distinfo --- distinfo 21 May 2004 13:37:24 -0000 1.1 +++ distinfo 7 Sep 2004 17:42:05 -0000 @@ -1,2 +1,2 @@ -MD5 (rssh-2.1.1.tar.gz) = d5260ad91fe71ba28ecb310892cc4139 -SIZE (rssh-2.1.1.tar.gz) = 88858 +MD5 (rssh-2.2.1.tar.gz) = 2d427ee7f4ea46b075fa0ab3f39b4089 +SIZE (rssh-2.2.1.tar.gz) = 95552 Index: files/patch-util.c =================================================================== RCS file: files/patch-util.c diff -N files/patch-util.c --- files/patch-util.c 21 May 2004 13:37:24 -0000 1.1 +++ /dev/null 1 Jan 1970 00:00:00 -0000 @@ -1,94 +0,0 @@ ---- util.c.orig Mon Jul 7 20:41:29 2003 -+++ util.c Fri Apr 16 01:28:16 2004 -@@ -1,9 +1,9 @@ - /* - * util.c - utility functions for rssh -- * -+ * - * Copyright 2003 Derek D. Martin ( code at pizzashack dot org ). - * -- * This program is licensed under a BSD-style license, as follows: -+ * This program is licensed under a BSD-style license, as follows: - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions -@@ -66,10 +66,10 @@ - extern char *username; - extern char *progname; - --/* -+/* - * build_arg_vector() - return a pointer to a vector of strings which - * represent the arguments of the command to execv(). -- */ -+ */ - char **build_arg_vector( char *str, size_t reserve ) - { - -@@ -77,18 +77,18 @@ - int retc; - - result.we_offs = reserve; -- if ( (retc = wordexp(str, &result, WRDE_NOCMD|WRDE_DOOFFS)) ){ -+ if ( (retc = wordexp(str, &result, WRDE_NOCMD|WRDE_DOOFS)) ){ - log_set_priority(LOG_ERR); - switch( retc ){ - case WRDE_BADCHAR: - case WRDE_CMDSUB: -- fprintf(stderr, "%s: bad characters in arguments\n", -+ fprintf(stderr, "%s: bad characters in arguments\n", - progname); - log_msg("user %s used bad chars in command", - username); - break; - default: -- fprintf(stderr, "%s: error expanding arguments\n", -+ fprintf(stderr, "%s: error expanding arguments\n", - progname); - log_msg("error expanding arguments for user %s", - username); -@@ -105,7 +105,7 @@ - - log_set_priority(LOG_ERR); - /* determine which commands are usable for error message */ -- if ( (flags & (RSSH_ALLOW_SCP | RSSH_ALLOW_SFTP)) == -+ if ( (flags & (RSSH_ALLOW_SCP | RSSH_ALLOW_SFTP)) == - (RSSH_ALLOW_SCP | RSSH_ALLOW_SFTP) ) - cmd = " to scp or sftp"; - else if ( flags & RSSH_ALLOW_SCP ) -@@ -147,7 +147,7 @@ - len = strlen(PATH_SFTP_SERVER); - if ( cl_len < len ) len = cl_len; - /* check to see if cl starts with an allowed command */ -- if ( !(strncmp(cl, PATH_SFTP_SERVER, len)) && -+ if ( !(strncmp(cl, PATH_SFTP_SERVER, len)) && - (isspace(cl[len]) || cl[len] == '\0') && - opts->shell_flags & RSSH_ALLOW_SFTP ) - return PATH_SFTP_SERVER; -@@ -155,7 +155,7 @@ - len = 3; - /* if cl_len is less than 3, then it's not a valid command */ - if ( cl_len < 3 ) return NULL; -- if ( !(strncmp(cl, "scp", len)) && -+ if ( !(strncmp(cl, "scp", len)) && - (isspace(cl[len])) && - opts->shell_flags & RSSH_ALLOW_SCP ){ - return PATH_SCP; -@@ -183,7 +183,7 @@ - len--; - } - if ( (strncmp(root, path, len)) ) return NULL; -- -+ - /* - * path[len] is the first character of path which is not part of root. - * If it is not '/' then we chopped path off in the middle of a path -@@ -223,7 +223,7 @@ - * them. Returns the bits in the bool pointers of the - * same name, and returns FALSE if the bits are not valid - */ --int validate_access( const char *temp, bool *allow_sftp, -+int validate_access( const char *temp, bool *allow_sftp, - bool *allow_scp ) - { - char scp[2]; --- rssh-2.2.1.patch ends here --- >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040907174719.BD95B3EADE5>