Skip site navigation (1)Skip section navigation (2)
Date:      Wed,  8 Sep 2004 01:47:19 +0800 (CST)
From:      Yen-Ming Lee <leeym@FreeBSD.org>
To:        FreeBSD-gnats-submit@FreeBSD.org
Cc:        enigmatyc@laposte.net
Subject:   ports/71472: [PATCH] shells/rssh: update to 2.2.1
Message-ID:  <20040907174719.BD95B3EADE5@utopia.leeym.com>
Resent-Message-ID: <200409071750.i87HoNxe039558@freefall.freebsd.org>

next in thread | raw e-mail | index | archive | help

>Number:         71472
>Category:       ports
>Synopsis:       [PATCH] shells/rssh: update to 2.2.1
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    freebsd-ports-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          update
>Submitter-Id:   current-users
>Arrival-Date:   Tue Sep 07 17:50:23 GMT 2004
>Closed-Date:
>Last-Modified:
>Originator:     Yen-Ming Lee
>Release:        FreeBSD 5.3-BETA3 i386
>Organization:
FreeBSD Taiwan
>Environment:
System: FreeBSD utopia.leeym.com 5.3-BETA3 FreeBSD 5.3-BETA3 #1: Sun Sep  5 01:06:46 CST
>Description:

- rssh < 2.2.1 has information disclosure vulnerability, so update to 2.2.1
- rssh depends on rsync and rdist

Removed file(s):
- files/patch-util.c

Port maintainer (enigmatyc@laposte.net) is cc'd.

Generated with FreeBSD Port Tools 0.63
>How-To-Repeat:

http://www.FreeBSD.org/ports/portaudit/a4815970-c5cc-11d8-8898-000d6111a684.html

>Fix:

--- rssh-2.2.1.patch begins here ---
Index: Makefile
===================================================================
RCS file: /home/pcvs/ports/shells/rssh/Makefile,v
retrieving revision 1.2
diff -u -u -r1.2 Makefile
--- Makefile	23 May 2004 13:31:11 -0000	1.2
+++ Makefile	7 Sep 2004 17:42:05 -0000
@@ -6,7 +6,7 @@
 #
 
 PORTNAME=	rssh
-PORTVERSION=	2.1.1
+PORTVERSION=	2.2.1
 CATEGORIES=	shells security
 MASTER_SITES=	${MASTER_SITE_SOURCEFORGE}
 MASTER_SITE_SUBDIR=	${PORTNAME}
@@ -14,8 +14,15 @@
 MAINTAINER=	enigmatyc@laposte.net
 COMMENT=	A Restricted Secure SHell only for sftp or/and scp
 
+RUN_DEPENDS=	${LOCALBASE}/bin/rsync:${PORTSDIR}/net/rsync \
+		${LOCALBASE}/bin/rdist6:${PORTSDIR}/net/rdist6
+
 GNU_CONFIGURE=	yes
+CONFIGURE_ARGS=	--with-rsync=${LOCALBASE}/bin/rsync \
+		--with-rdist=${LOCALBASE}/bin/rdist6
+
 MAN1=		rssh.1
+MAN5=		rssh.conf.5
 PLIST_FILES=	bin/rssh etc/rssh.conf.dist libexec/rssh_chroot_helper
 
 .include <bsd.port.pre.mk>
Index: distinfo
===================================================================
RCS file: /home/pcvs/ports/shells/rssh/distinfo,v
retrieving revision 1.1
diff -u -u -r1.1 distinfo
--- distinfo	21 May 2004 13:37:24 -0000	1.1
+++ distinfo	7 Sep 2004 17:42:05 -0000
@@ -1,2 +1,2 @@
-MD5 (rssh-2.1.1.tar.gz) = d5260ad91fe71ba28ecb310892cc4139
-SIZE (rssh-2.1.1.tar.gz) = 88858
+MD5 (rssh-2.2.1.tar.gz) = 2d427ee7f4ea46b075fa0ab3f39b4089
+SIZE (rssh-2.2.1.tar.gz) = 95552
Index: files/patch-util.c
===================================================================
RCS file: files/patch-util.c
diff -N files/patch-util.c
--- files/patch-util.c	21 May 2004 13:37:24 -0000	1.1
+++ /dev/null	1 Jan 1970 00:00:00 -0000
@@ -1,94 +0,0 @@
---- util.c.orig	Mon Jul  7 20:41:29 2003
-+++ util.c	Fri Apr 16 01:28:16 2004
-@@ -1,9 +1,9 @@
- /*
-  * util.c - utility functions for rssh
-- * 
-+ *
-  * Copyright 2003 Derek D. Martin ( code at pizzashack dot org ).
-  *
-- * This program is licensed under a BSD-style license, as follows: 
-+ * This program is licensed under a BSD-style license, as follows:
-  *
-  * Redistribution and use in source and binary forms, with or without
-  * modification, are permitted provided that the following conditions
-@@ -66,10 +66,10 @@
- extern char *username;
- extern char *progname;
- 
--/* 
-+/*
-  * build_arg_vector() - return a pointer to a vector of strings which
-  *                      represent the arguments of the command to execv().
-- */                 
-+ */
- char **build_arg_vector( char *str, size_t reserve )
- {
- 
-@@ -77,18 +77,18 @@
- 	int		retc;
- 
- 	result.we_offs = reserve;
--	if ( (retc = wordexp(str, &result, WRDE_NOCMD|WRDE_DOOFFS)) ){
-+	if ( (retc = wordexp(str, &result, WRDE_NOCMD|WRDE_DOOFS)) ){
- 		log_set_priority(LOG_ERR);
- 		switch( retc ){
- 		case WRDE_BADCHAR:
- 		case WRDE_CMDSUB:
--			fprintf(stderr, "%s: bad characters in arguments\n", 
-+			fprintf(stderr, "%s: bad characters in arguments\n",
- 				progname);
- 			log_msg("user %s used bad chars in command",
- 				username);
- 			break;
- 		default:
--			fprintf(stderr, "%s: error expanding arguments\n", 
-+			fprintf(stderr, "%s: error expanding arguments\n",
- 				progname);
- 			log_msg("error expanding arguments for user %s",
- 				username);
-@@ -105,7 +105,7 @@
- 
- 	log_set_priority(LOG_ERR);
- 	/* determine which commands are usable for error message */
--	if ( (flags & (RSSH_ALLOW_SCP | RSSH_ALLOW_SFTP)) == 
-+	if ( (flags & (RSSH_ALLOW_SCP | RSSH_ALLOW_SFTP)) ==
- 			(RSSH_ALLOW_SCP | RSSH_ALLOW_SFTP) )
- 		cmd = " to scp or sftp";
- 	else if ( flags & RSSH_ALLOW_SCP )
-@@ -147,7 +147,7 @@
- 	len = strlen(PATH_SFTP_SERVER);
- 	if ( cl_len < len ) len = cl_len;
- 	/* check to see if cl starts with an allowed command */
--	if ( !(strncmp(cl, PATH_SFTP_SERVER, len)) && 
-+	if ( !(strncmp(cl, PATH_SFTP_SERVER, len)) &&
- 			(isspace(cl[len]) || cl[len] == '\0') &&
- 			opts->shell_flags & RSSH_ALLOW_SFTP )
- 		return PATH_SFTP_SERVER;
-@@ -155,7 +155,7 @@
- 	len = 3;
- 	/* if cl_len is less than 3, then it's not a valid command */
- 	if ( cl_len < 3 ) return NULL;
--	if ( !(strncmp(cl, "scp", len)) && 
-+	if ( !(strncmp(cl, "scp", len)) &&
- 			(isspace(cl[len])) &&
- 			opts->shell_flags & RSSH_ALLOW_SCP ){
- 		return PATH_SCP;
-@@ -183,7 +183,7 @@
- 		len--;
- 	}
- 	if ( (strncmp(root, path, len)) ) return NULL;
--	
-+
- 	/*
- 	 * path[len] is the first character of path which is not part of root.
- 	 * If it is not '/' then we chopped path off in the middle of a path
-@@ -223,7 +223,7 @@
-  *                     them.  Returns the bits in the bool pointers of the
-  *                     same name, and returns FALSE if the bits are not valid
-  */
--int validate_access( const char *temp, bool *allow_sftp, 
-+int validate_access( const char *temp, bool *allow_sftp,
- 		     bool *allow_scp )
- {
- 	char	scp[2];
--- rssh-2.2.1.patch ends here ---

>Release-Note:
>Audit-Trail:
>Unformatted:



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040907174719.BD95B3EADE5>