Date: Wed, 15 May 2013 17:29:34 +0000 (UTC) From: Chris Rees <crees@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r318250 - in head: . security security/cfs security/cfs/files Message-ID: <201305151729.r4FHTYeV024283@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: crees Date: Wed May 15 17:29:33 2013 New Revision: 318250 URL: http://svnweb.freebsd.org/changeset/ports/318250 Log: security/cfs: Resurrect and maintain CFS. The referenced security issues have been fixed in this version (1.5.0 beta), and some small bugs have been found too, with many fixes from Debian's Gerrit Pape. Obtained from: Debian (parts) Security: CVE-2002-0351 Security: CVE-2006-3123 Added: head/security/cfs/ - copied from r282955, head/security/cfs/ head/security/cfs/files/cfsd.in (contents, props changed) - copied, changed from r282955, head/security/cfs/files/cfsd.sh.in Deleted: head/security/cfs/files/cfsd.sh.in head/security/cfs/files/patch-Makefile head/security/cfs/files/patch-cfs.c head/security/cfs/files/patch-cfs.h head/security/cfs/files/patch-cfs__bf.h head/security/cfs/files/patch-cfs__des.c head/security/cfs/files/patch-cfs__fh.c head/security/cfs/files/patch-cfs__nfs.c head/security/cfs/files/patch-cfs_adm.c head/security/cfs/files/patch-cfsd.8 head/security/cfs/files/patch-cfssh head/security/cfs/files/patch-cmkdir.c head/security/cfs/files/patch-esm__cipher.c head/security/cfs/files/patch-getpass.c head/security/cfs/files/patch-shs.c head/security/cfs/files/patch-shs.h head/security/cfs/files/patch-truerand.c Modified: head/MOVED head/security/Makefile head/security/cfs/Makefile (contents, props changed) head/security/cfs/distinfo (contents, props changed) head/security/cfs/files/pkg-message.in (contents, props changed) head/security/cfs/pkg-descr (contents, props changed) Directory Properties: head/security/cfs/pkg-plist (props changed) Modified: head/MOVED ============================================================================== --- head/MOVED Wed May 15 17:03:17 2013 (r318249) +++ head/MOVED Wed May 15 17:29:33 2013 (r318250) @@ -2678,7 +2678,6 @@ dns/nsd2||2011-09-30|EOL since 2007, uns audio/orpheus|audio/cmus|2011-10-01|Has expired: Contains problem with autotools, security CVE-2005-3863. Use audio/cmus instead sysutils/syslog-ng3-devel|sysutils/syslog-ng-devel|2011-10-04|Port renamed sysutils/cfvers||2011-10-04|Has expired: Dead upstream, author disowns it, use git/hg instead -security/cfs||2011-10-04|Has expired: Locks don't work, ports/137378, unmaintained, dead upstream, insecure devel/p5-Scalar-Util-Clone||2011-10-05|Disappear from CPAN print/lyx14||2011-10-05|Has expired: last release in 2007, use print/lyx16 or print/lyx instead multimedia/enjoympeg||2011-10-05|Has expired: Looks like abandonware, no more public distfiles Modified: head/security/Makefile ============================================================================== --- head/security/Makefile Wed May 15 17:03:17 2013 (r318249) +++ head/security/Makefile Wed May 15 17:29:33 2013 (r318250) @@ -56,6 +56,7 @@ SUBDIR += calife-devel SUBDIR += ccrypt SUBDIR += ccsrch + SUBDIR += cfs SUBDIR += cfv SUBDIR += chaosreader SUBDIR += checkpassword Modified: head/security/cfs/Makefile ============================================================================== --- head/security/cfs/Makefile Tue Oct 4 21:58:09 2011 (r282955) +++ head/security/cfs/Makefile Wed May 15 17:29:33 2013 (r318250) @@ -1,39 +1,25 @@ -# New ports collection makefile for: cfs -# Date created: 30 Jul 1997 -# Whom: John Polstra <jdp@polstra.com> -# +# Created by: John Polstra <jdp@polstra.com> # $FreeBSD$ -# PORTNAME= cfs -PORTVERSION= 1.4.1 -PORTREVISION= 6 +DISTVERSION= 1.5.0.beta CATEGORIES= security -MASTER_SITES= http://www.crypto.com/software/ +MASTER_SITES= http://www.bayofrum.net/dist/${PORTNAME}/ -MAINTAINER= ports@FreeBSD.org +MAINTAINER= crees@FreeBSD.org COMMENT= A cryptographic file system implemented as a user-space NFS server -FORBIDDEN= Buffer overflows allow remote attackers to cause DoS / execute arbitrary code -DEPRECATED= Locks don't work, ports/137378, unmaintained, dead upstream, insecure -EXPIRATION_DATE=2011-10-04 - ALL_TARGET= cfs +MAKE_ARGS= CC=cc MAN1= cattach.1 cdetach.1 cmkdir.1 cpasswd.1 cfssh.1 MAN8= ccat.8 cfsd.8 cname.8 CFSD_BOOTSTRAP= ${PREFIX}/cfsd-bootstrap -USE_RC_SUBR= cfsd.sh +USE_RC_SUBR= cfsd SUB_FILES= pkg-message SUB_LIST= CFSD_BOOTSTRAP=${CFSD_BOOTSTRAP} PLIST_SUB= CFSD_BOOTSTRAP=${CFSD_BOOTSTRAP} -.include <bsd.port.pre.mk> - -.if ${OSVERSION} < 700000 -BROKEN= does not compile on FreeBSD 6.x -.endif - post-patch: ${REINPLACE_CMD} 's/^\.TH SSH/.TH CFSSH/' ${WRKSRC}/cfssh.1 @@ -49,4 +35,4 @@ do-install: ${INSTALL} -d ${_BINOWNGRP} -m 0 ${CFSD_BOOTSTRAP} @${CAT} ${PKGMESSAGE} -.include <bsd.port.post.mk> +.include <bsd.port.mk> Modified: head/security/cfs/distinfo ============================================================================== --- head/security/cfs/distinfo Tue Oct 4 21:58:09 2011 (r282955) +++ head/security/cfs/distinfo Wed May 15 17:29:33 2013 (r318250) @@ -1,2 +1,2 @@ -SHA256 (cfs-1.4.1.tar.gz) = d5c823d86a2c73019eede7d4e7853e9572f38e42b585428c3f92e75ed60312d8 -SIZE (cfs-1.4.1.tar.gz) = 98943 +SHA256 (cfs-1.5.0.beta.tar.gz) = 55eed20e9e2dd05bf54aa34a91fd90574005f805e9d4eb9c1dcf63d188ffdc59 +SIZE (cfs-1.5.0.beta.tar.gz) = 108992 Copied and modified: head/security/cfs/files/cfsd.in (from r282955, head/security/cfs/files/cfsd.sh.in) ============================================================================== --- head/security/cfs/files/cfsd.sh.in Tue Oct 4 21:58:09 2011 (r282955, copy source) +++ head/security/cfs/files/cfsd.in Wed May 15 17:29:33 2013 (r318250) @@ -2,36 +2,40 @@ # # $FreeBSD$ # - # PROVIDE: cfsd # REQUIRE: mountd - # # Add the following line to /etc/rc.conf to enable cfsd: # -# cfsd_enable="YES" +# cfsd_enable=YES # # Additional options: # -# cfsd_port="3049,udp" # the port to listen to -# XXX ports/133593 yar suggested that the ,udp suffix be used to avoid -# hangs of mount_nfs -- it's ignored by cfsd so shouldn't cause any problems -# cfsd_mountpoint="/crypt" # the CFS mountpoint +# cfsd_port=3049 # the port to listen to +# cfsd_mountpoint=/crypt # the CFS mountpoint # . /etc/rc.subr -name="cfsd" -rcvar=`set_rcvar` +name=cfsd +rcvar=cfsd_enable + +load_rc_config $name + +: ${cfsd_enable=no} +: ${cfsd_port=3049} +: ${cfsd_mountpoint=/crypt} -command="%%PREFIX%%/sbin/cfsd" -start_postcmd="cfsd_poststart" -stop_precmd="cfsd_prestop" +command=%%PREFIX%%/sbin/cfsd +command_args="$cfsd_port > /dev/null 2>&1" +required_dirs="%%CFSD_BOOTSTRAP%% $cfsd_mountpoint" +start_postcmd=cfsd_poststart +stop_precmd=cfsd_prestop cfsd_poststart() { if [ -n "$cfsd_mountpoint" ]; then - mount -o port="$cfsd_port",nfsv2 localhost:%%CFSD_BOOTSTRAP%% "$cfsd_mountpoint" + mount -o port="$cfsd_port",mntudp,nfsv2 localhost:%%CFSD_BOOTSTRAP%% "$cfsd_mountpoint" fi } @@ -42,12 +46,4 @@ cfsd_prestop() fi } -load_rc_config $name -: ${cfsd_enable="NO"} -: ${cfsd_port="3049,udp"} -: ${cfsd_mountpoint="/crypt"} - -command_args="$cfsd_port >/dev/null 2>&1" -required_dirs="%%CFSD_BOOTSTRAP%% $cfsd_mountpoint" - -run_rc_command "$1" +run_rc_command $1 Modified: head/security/cfs/files/pkg-message.in ============================================================================== --- head/security/cfs/files/pkg-message.in Tue Oct 4 21:58:09 2011 (r282955) +++ head/security/cfs/files/pkg-message.in Wed May 15 17:29:33 2013 (r318250) @@ -8,20 +8,15 @@ Quick start instructions: - create the default CFS mountpoint (if you want to use a different mountpoint, set the cfsd_mountpoint variable in /etc/rc.conf): - mkdir /crypt + # mkdir /crypt - enable rpcbind, mountd and cfsd in /etc/rc.conf: - FreeBSD 4.x: - - portmap_enable="YES" - single_mountd_enable="YES" cfsd_enable="YES" - - FreeBSD 5.x: - mountd_enable="YES" - cfsd_enable="YES" - - reboot the system + - start mountd and cfsd, or restart: + + # service mountd start + # service cfsd start =============================================================================== Modified: head/security/cfs/pkg-descr ============================================================================== --- head/security/cfs/pkg-descr Tue Oct 4 21:58:09 2011 (r282955) +++ head/security/cfs/pkg-descr Wed May 15 17:29:33 2013 (r318250) @@ -8,4 +8,4 @@ and the manual pages. There is a paper http://www.crypto.com/papers/cfs.pdf -WWW: http://www.crypto.com/software/ +WWW: http://www.bayofrum.net/cgi-bin/fossil/cfs/
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201305151729.r4FHTYeV024283>