From owner-freebsd-ports-bugs@FreeBSD.ORG Tue Sep 7 17:50:23 2004 Return-Path: Delivered-To: freebsd-ports-bugs@hub.freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D91D316A4CF for ; Tue, 7 Sep 2004 17:50:23 +0000 (GMT) Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id BC82843D1D for ; Tue, 7 Sep 2004 17:50:23 +0000 (GMT) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1]) i87HoNao039559 for ; Tue, 7 Sep 2004 17:50:23 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.12.11/8.12.11/Submit) id i87HoNxe039558; Tue, 7 Sep 2004 17:50:23 GMT (envelope-from gnats) Resent-Date: Tue, 7 Sep 2004 17:50:23 GMT Resent-Message-Id: <200409071750.i87HoNxe039558@freefall.freebsd.org> Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer) Resent-To: freebsd-ports-bugs@FreeBSD.org Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org, Yen-Ming Lee Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2BFA216A4CE for ; Tue, 7 Sep 2004 17:47:24 +0000 (GMT) Received: from utopia.leeym.com (utopia.leeym.com [211.21.137.52]) by mx1.FreeBSD.org (Postfix) with ESMTP id 937B043D1D for ; Tue, 7 Sep 2004 17:47:23 +0000 (GMT) (envelope-from leeym@utopia.leeym.com) Received: from localhost (localhost [127.0.0.1]) by utopia.leeym.com (Postfix) with ESMTP id 8EEFA3EADE8; Wed, 8 Sep 2004 01:47:22 +0800 (CST) Received: from utopia.leeym.com ([127.0.0.1]) by localhost (utopia.leeym.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 66307-02; Wed, 8 Sep 2004 01:47:19 +0800 (CST) Received: by utopia.leeym.com (Postfix, from userid 1000) id BD95B3EADE5; Wed, 8 Sep 2004 01:47:19 +0800 (CST) Message-Id: <20040907174719.BD95B3EADE5@utopia.leeym.com> Date: Wed, 8 Sep 2004 01:47:19 +0800 (CST) From: Yen-Ming Lee To: FreeBSD-gnats-submit@FreeBSD.org X-Send-Pr-Version: 3.113 cc: enigmatyc@laposte.net Subject: ports/71472: [PATCH] shells/rssh: update to 2.2.1 X-BeenThere: freebsd-ports-bugs@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Ports bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 07 Sep 2004 17:50:24 -0000 >Number: 71472 >Category: ports >Synopsis: [PATCH] shells/rssh: update to 2.2.1 >Confidential: no >Severity: serious >Priority: medium >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: update >Submitter-Id: current-users >Arrival-Date: Tue Sep 07 17:50:23 GMT 2004 >Closed-Date: >Last-Modified: >Originator: Yen-Ming Lee >Release: FreeBSD 5.3-BETA3 i386 >Organization: FreeBSD Taiwan >Environment: System: FreeBSD utopia.leeym.com 5.3-BETA3 FreeBSD 5.3-BETA3 #1: Sun Sep 5 01:06:46 CST >Description: - rssh < 2.2.1 has information disclosure vulnerability, so update to 2.2.1 - rssh depends on rsync and rdist Removed file(s): - files/patch-util.c Port maintainer (enigmatyc@laposte.net) is cc'd. Generated with FreeBSD Port Tools 0.63 >How-To-Repeat: http://www.FreeBSD.org/ports/portaudit/a4815970-c5cc-11d8-8898-000d6111a684.html >Fix: --- rssh-2.2.1.patch begins here --- Index: Makefile =================================================================== RCS file: /home/pcvs/ports/shells/rssh/Makefile,v retrieving revision 1.2 diff -u -u -r1.2 Makefile --- Makefile 23 May 2004 13:31:11 -0000 1.2 +++ Makefile 7 Sep 2004 17:42:05 -0000 @@ -6,7 +6,7 @@ # PORTNAME= rssh -PORTVERSION= 2.1.1 +PORTVERSION= 2.2.1 CATEGORIES= shells security MASTER_SITES= ${MASTER_SITE_SOURCEFORGE} MASTER_SITE_SUBDIR= ${PORTNAME} @@ -14,8 +14,15 @@ MAINTAINER= enigmatyc@laposte.net COMMENT= A Restricted Secure SHell only for sftp or/and scp +RUN_DEPENDS= ${LOCALBASE}/bin/rsync:${PORTSDIR}/net/rsync \ + ${LOCALBASE}/bin/rdist6:${PORTSDIR}/net/rdist6 + GNU_CONFIGURE= yes +CONFIGURE_ARGS= --with-rsync=${LOCALBASE}/bin/rsync \ + --with-rdist=${LOCALBASE}/bin/rdist6 + MAN1= rssh.1 +MAN5= rssh.conf.5 PLIST_FILES= bin/rssh etc/rssh.conf.dist libexec/rssh_chroot_helper .include Index: distinfo =================================================================== RCS file: /home/pcvs/ports/shells/rssh/distinfo,v retrieving revision 1.1 diff -u -u -r1.1 distinfo --- distinfo 21 May 2004 13:37:24 -0000 1.1 +++ distinfo 7 Sep 2004 17:42:05 -0000 @@ -1,2 +1,2 @@ -MD5 (rssh-2.1.1.tar.gz) = d5260ad91fe71ba28ecb310892cc4139 -SIZE (rssh-2.1.1.tar.gz) = 88858 +MD5 (rssh-2.2.1.tar.gz) = 2d427ee7f4ea46b075fa0ab3f39b4089 +SIZE (rssh-2.2.1.tar.gz) = 95552 Index: files/patch-util.c =================================================================== RCS file: files/patch-util.c diff -N files/patch-util.c --- files/patch-util.c 21 May 2004 13:37:24 -0000 1.1 +++ /dev/null 1 Jan 1970 00:00:00 -0000 @@ -1,94 +0,0 @@ ---- util.c.orig Mon Jul 7 20:41:29 2003 -+++ util.c Fri Apr 16 01:28:16 2004 -@@ -1,9 +1,9 @@ - /* - * util.c - utility functions for rssh -- * -+ * - * Copyright 2003 Derek D. Martin ( code at pizzashack dot org ). - * -- * This program is licensed under a BSD-style license, as follows: -+ * This program is licensed under a BSD-style license, as follows: - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions -@@ -66,10 +66,10 @@ - extern char *username; - extern char *progname; - --/* -+/* - * build_arg_vector() - return a pointer to a vector of strings which - * represent the arguments of the command to execv(). -- */ -+ */ - char **build_arg_vector( char *str, size_t reserve ) - { - -@@ -77,18 +77,18 @@ - int retc; - - result.we_offs = reserve; -- if ( (retc = wordexp(str, &result, WRDE_NOCMD|WRDE_DOOFFS)) ){ -+ if ( (retc = wordexp(str, &result, WRDE_NOCMD|WRDE_DOOFS)) ){ - log_set_priority(LOG_ERR); - switch( retc ){ - case WRDE_BADCHAR: - case WRDE_CMDSUB: -- fprintf(stderr, "%s: bad characters in arguments\n", -+ fprintf(stderr, "%s: bad characters in arguments\n", - progname); - log_msg("user %s used bad chars in command", - username); - break; - default: -- fprintf(stderr, "%s: error expanding arguments\n", -+ fprintf(stderr, "%s: error expanding arguments\n", - progname); - log_msg("error expanding arguments for user %s", - username); -@@ -105,7 +105,7 @@ - - log_set_priority(LOG_ERR); - /* determine which commands are usable for error message */ -- if ( (flags & (RSSH_ALLOW_SCP | RSSH_ALLOW_SFTP)) == -+ if ( (flags & (RSSH_ALLOW_SCP | RSSH_ALLOW_SFTP)) == - (RSSH_ALLOW_SCP | RSSH_ALLOW_SFTP) ) - cmd = " to scp or sftp"; - else if ( flags & RSSH_ALLOW_SCP ) -@@ -147,7 +147,7 @@ - len = strlen(PATH_SFTP_SERVER); - if ( cl_len < len ) len = cl_len; - /* check to see if cl starts with an allowed command */ -- if ( !(strncmp(cl, PATH_SFTP_SERVER, len)) && -+ if ( !(strncmp(cl, PATH_SFTP_SERVER, len)) && - (isspace(cl[len]) || cl[len] == '\0') && - opts->shell_flags & RSSH_ALLOW_SFTP ) - return PATH_SFTP_SERVER; -@@ -155,7 +155,7 @@ - len = 3; - /* if cl_len is less than 3, then it's not a valid command */ - if ( cl_len < 3 ) return NULL; -- if ( !(strncmp(cl, "scp", len)) && -+ if ( !(strncmp(cl, "scp", len)) && - (isspace(cl[len])) && - opts->shell_flags & RSSH_ALLOW_SCP ){ - return PATH_SCP; -@@ -183,7 +183,7 @@ - len--; - } - if ( (strncmp(root, path, len)) ) return NULL; -- -+ - /* - * path[len] is the first character of path which is not part of root. - * If it is not '/' then we chopped path off in the middle of a path -@@ -223,7 +223,7 @@ - * them. Returns the bits in the bool pointers of the - * same name, and returns FALSE if the bits are not valid - */ --int validate_access( const char *temp, bool *allow_sftp, -+int validate_access( const char *temp, bool *allow_sftp, - bool *allow_scp ) - { - char scp[2]; --- rssh-2.2.1.patch ends here --- >Release-Note: >Audit-Trail: >Unformatted: