1
0
mirror of https://git.FreeBSD.org/ports.git synced 2024-12-24 04:33:24 +00:00

- rssh < 2.2.1 has information disclosure vulnerability, so update to 2.2.1

- rssh depends on rsync and rdist (optionally)

PR:		71472
Submitted by:	leeym
Approved by:	portmgr (marcus)
This commit is contained in:
Yen-Ming Lee 2004-09-21 20:37:18 +00:00
parent fb1884842d
commit 8795b919c3
Notes: svn2git 2021-03-31 03:12:20 +00:00
svn path=/head/; revision=118328
3 changed files with 20 additions and 97 deletions

View File

@ -6,7 +6,7 @@
#
PORTNAME= rssh
PORTVERSION= 2.1.1
PORTVERSION= 2.2.1
CATEGORIES= shells security
MASTER_SITES= ${MASTER_SITE_SOURCEFORGE}
MASTER_SITE_SUBDIR= ${PORTNAME}
@ -15,11 +15,28 @@ MAINTAINER= enigmatyc@laposte.net
COMMENT= A Restricted Secure SHell only for sftp or/and scp
GNU_CONFIGURE= yes
MAN1= rssh.1
MAN5= rssh.conf.5
PLIST_FILES= bin/rssh etc/rssh.conf.dist libexec/rssh_chroot_helper
OPTIONS= RSYNC "rsync support" off \
RDIST "rdist support" off
.include <bsd.port.pre.mk>
.if ${OSVERSION} < 500000
IGNORE= wordexp() is not supported on 4.x
.endif
.if defined(WITH_RSYNC)
RUN_DEPENDS+= ${LOCALBASE}/bin/rsync:${PORTSDIR}/net/rsync
CONFIGURE_ARGS+=--with-rsync=${LOCALBASE}/bin/rsync
.endif
.if defined(WITH_RSYNC)
RUN_DEPENDS+= ${LOCALBASE}/bin/rdist6:${PORTSDIR}/net/rdist6
CONFIGURE_ARGS+=--with-rdist=${LOCALBASE}/bin/rdist6
.endif
.include <bsd.port.post.mk>

View File

@ -1,2 +1,2 @@
MD5 (rssh-2.1.1.tar.gz) = d5260ad91fe71ba28ecb310892cc4139
SIZE (rssh-2.1.1.tar.gz) = 88858
MD5 (rssh-2.2.1.tar.gz) = 2d427ee7f4ea46b075fa0ab3f39b4089
SIZE (rssh-2.2.1.tar.gz) = 95552

View File

@ -1,94 +0,0 @@
--- util.c.orig Mon Jul 7 20:41:29 2003
+++ util.c Fri Apr 16 01:28:16 2004
@@ -1,9 +1,9 @@
/*
* util.c - utility functions for rssh
- *
+ *
* Copyright 2003 Derek D. Martin ( code at pizzashack dot org ).
*
- * This program is licensed under a BSD-style license, as follows:
+ * This program is licensed under a BSD-style license, as follows:
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@@ -66,10 +66,10 @@
extern char *username;
extern char *progname;
-/*
+/*
* build_arg_vector() - return a pointer to a vector of strings which
* represent the arguments of the command to execv().
- */
+ */
char **build_arg_vector( char *str, size_t reserve )
{
@@ -77,18 +77,18 @@
int retc;
result.we_offs = reserve;
- if ( (retc = wordexp(str, &result, WRDE_NOCMD|WRDE_DOOFFS)) ){
+ if ( (retc = wordexp(str, &result, WRDE_NOCMD|WRDE_DOOFS)) ){
log_set_priority(LOG_ERR);
switch( retc ){
case WRDE_BADCHAR:
case WRDE_CMDSUB:
- fprintf(stderr, "%s: bad characters in arguments\n",
+ fprintf(stderr, "%s: bad characters in arguments\n",
progname);
log_msg("user %s used bad chars in command",
username);
break;
default:
- fprintf(stderr, "%s: error expanding arguments\n",
+ fprintf(stderr, "%s: error expanding arguments\n",
progname);
log_msg("error expanding arguments for user %s",
username);
@@ -105,7 +105,7 @@
log_set_priority(LOG_ERR);
/* determine which commands are usable for error message */
- if ( (flags & (RSSH_ALLOW_SCP | RSSH_ALLOW_SFTP)) ==
+ if ( (flags & (RSSH_ALLOW_SCP | RSSH_ALLOW_SFTP)) ==
(RSSH_ALLOW_SCP | RSSH_ALLOW_SFTP) )
cmd = " to scp or sftp";
else if ( flags & RSSH_ALLOW_SCP )
@@ -147,7 +147,7 @@
len = strlen(PATH_SFTP_SERVER);
if ( cl_len < len ) len = cl_len;
/* check to see if cl starts with an allowed command */
- if ( !(strncmp(cl, PATH_SFTP_SERVER, len)) &&
+ if ( !(strncmp(cl, PATH_SFTP_SERVER, len)) &&
(isspace(cl[len]) || cl[len] == '\0') &&
opts->shell_flags & RSSH_ALLOW_SFTP )
return PATH_SFTP_SERVER;
@@ -155,7 +155,7 @@
len = 3;
/* if cl_len is less than 3, then it's not a valid command */
if ( cl_len < 3 ) return NULL;
- if ( !(strncmp(cl, "scp", len)) &&
+ if ( !(strncmp(cl, "scp", len)) &&
(isspace(cl[len])) &&
opts->shell_flags & RSSH_ALLOW_SCP ){
return PATH_SCP;
@@ -183,7 +183,7 @@
len--;
}
if ( (strncmp(root, path, len)) ) return NULL;
-
+
/*
* path[len] is the first character of path which is not part of root.
* If it is not '/' then we chopped path off in the middle of a path
@@ -223,7 +223,7 @@
* them. Returns the bits in the bool pointers of the
* same name, and returns FALSE if the bits are not valid
*/
-int validate_access( const char *temp, bool *allow_sftp,
+int validate_access( const char *temp, bool *allow_sftp,
bool *allow_scp )
{
char scp[2];