svn commit: r318250 - in head: . security security/cfs security/cfs/files
Chris Rees
crees at FreeBSD.org
Wed May 15 17:29:36 UTC 2013
Author: crees
Date: Wed May 15 17:29:33 2013
New Revision: 318250
URL: http://svnweb.freebsd.org/changeset/ports/318250
Log:
security/cfs: Resurrect and maintain CFS.
The referenced security issues have been fixed in this version (1.5.0 beta), and
some small bugs have been found too, with many fixes from Debian's Gerrit Pape.
Obtained from: Debian (parts)
Security: CVE-2002-0351
Security: CVE-2006-3123
Added:
head/security/cfs/
- copied from r282955, head/security/cfs/
head/security/cfs/files/cfsd.in (contents, props changed)
- copied, changed from r282955, head/security/cfs/files/cfsd.sh.in
Deleted:
head/security/cfs/files/cfsd.sh.in
head/security/cfs/files/patch-Makefile
head/security/cfs/files/patch-cfs.c
head/security/cfs/files/patch-cfs.h
head/security/cfs/files/patch-cfs__bf.h
head/security/cfs/files/patch-cfs__des.c
head/security/cfs/files/patch-cfs__fh.c
head/security/cfs/files/patch-cfs__nfs.c
head/security/cfs/files/patch-cfs_adm.c
head/security/cfs/files/patch-cfsd.8
head/security/cfs/files/patch-cfssh
head/security/cfs/files/patch-cmkdir.c
head/security/cfs/files/patch-esm__cipher.c
head/security/cfs/files/patch-getpass.c
head/security/cfs/files/patch-shs.c
head/security/cfs/files/patch-shs.h
head/security/cfs/files/patch-truerand.c
Modified:
head/MOVED
head/security/Makefile
head/security/cfs/Makefile (contents, props changed)
head/security/cfs/distinfo (contents, props changed)
head/security/cfs/files/pkg-message.in (contents, props changed)
head/security/cfs/pkg-descr (contents, props changed)
Directory Properties:
head/security/cfs/pkg-plist (props changed)
Modified: head/MOVED
==============================================================================
--- head/MOVED Wed May 15 17:03:17 2013 (r318249)
+++ head/MOVED Wed May 15 17:29:33 2013 (r318250)
@@ -2678,7 +2678,6 @@ dns/nsd2||2011-09-30|EOL since 2007, uns
audio/orpheus|audio/cmus|2011-10-01|Has expired: Contains problem with autotools, security CVE-2005-3863. Use audio/cmus instead
sysutils/syslog-ng3-devel|sysutils/syslog-ng-devel|2011-10-04|Port renamed
sysutils/cfvers||2011-10-04|Has expired: Dead upstream, author disowns it, use git/hg instead
-security/cfs||2011-10-04|Has expired: Locks don't work, ports/137378, unmaintained, dead upstream, insecure
devel/p5-Scalar-Util-Clone||2011-10-05|Disappear from CPAN
print/lyx14||2011-10-05|Has expired: last release in 2007, use print/lyx16 or print/lyx instead
multimedia/enjoympeg||2011-10-05|Has expired: Looks like abandonware, no more public distfiles
Modified: head/security/Makefile
==============================================================================
--- head/security/Makefile Wed May 15 17:03:17 2013 (r318249)
+++ head/security/Makefile Wed May 15 17:29:33 2013 (r318250)
@@ -56,6 +56,7 @@
SUBDIR += calife-devel
SUBDIR += ccrypt
SUBDIR += ccsrch
+ SUBDIR += cfs
SUBDIR += cfv
SUBDIR += chaosreader
SUBDIR += checkpassword
Modified: head/security/cfs/Makefile
==============================================================================
--- head/security/cfs/Makefile Tue Oct 4 21:58:09 2011 (r282955)
+++ head/security/cfs/Makefile Wed May 15 17:29:33 2013 (r318250)
@@ -1,39 +1,25 @@
-# New ports collection makefile for: cfs
-# Date created: 30 Jul 1997
-# Whom: John Polstra <jdp at polstra.com>
-#
+# Created by: John Polstra <jdp at polstra.com>
# $FreeBSD$
-#
PORTNAME= cfs
-PORTVERSION= 1.4.1
-PORTREVISION= 6
+DISTVERSION= 1.5.0.beta
CATEGORIES= security
-MASTER_SITES= http://www.crypto.com/software/
+MASTER_SITES= http://www.bayofrum.net/dist/${PORTNAME}/
-MAINTAINER= ports at FreeBSD.org
+MAINTAINER= crees at FreeBSD.org
COMMENT= A cryptographic file system implemented as a user-space NFS server
-FORBIDDEN= Buffer overflows allow remote attackers to cause DoS / execute arbitrary code
-DEPRECATED= Locks don't work, ports/137378, unmaintained, dead upstream, insecure
-EXPIRATION_DATE=2011-10-04
-
ALL_TARGET= cfs
+MAKE_ARGS= CC=cc
MAN1= cattach.1 cdetach.1 cmkdir.1 cpasswd.1 cfssh.1
MAN8= ccat.8 cfsd.8 cname.8
CFSD_BOOTSTRAP= ${PREFIX}/cfsd-bootstrap
-USE_RC_SUBR= cfsd.sh
+USE_RC_SUBR= cfsd
SUB_FILES= pkg-message
SUB_LIST= CFSD_BOOTSTRAP=${CFSD_BOOTSTRAP}
PLIST_SUB= CFSD_BOOTSTRAP=${CFSD_BOOTSTRAP}
-.include <bsd.port.pre.mk>
-
-.if ${OSVERSION} < 700000
-BROKEN= does not compile on FreeBSD 6.x
-.endif
-
post-patch:
${REINPLACE_CMD} 's/^\.TH SSH/.TH CFSSH/' ${WRKSRC}/cfssh.1
@@ -49,4 +35,4 @@ do-install:
${INSTALL} -d ${_BINOWNGRP} -m 0 ${CFSD_BOOTSTRAP}
@${CAT} ${PKGMESSAGE}
-.include <bsd.port.post.mk>
+.include <bsd.port.mk>
Modified: head/security/cfs/distinfo
==============================================================================
--- head/security/cfs/distinfo Tue Oct 4 21:58:09 2011 (r282955)
+++ head/security/cfs/distinfo Wed May 15 17:29:33 2013 (r318250)
@@ -1,2 +1,2 @@
-SHA256 (cfs-1.4.1.tar.gz) = d5c823d86a2c73019eede7d4e7853e9572f38e42b585428c3f92e75ed60312d8
-SIZE (cfs-1.4.1.tar.gz) = 98943
+SHA256 (cfs-1.5.0.beta.tar.gz) = 55eed20e9e2dd05bf54aa34a91fd90574005f805e9d4eb9c1dcf63d188ffdc59
+SIZE (cfs-1.5.0.beta.tar.gz) = 108992
Copied and modified: head/security/cfs/files/cfsd.in (from r282955, head/security/cfs/files/cfsd.sh.in)
==============================================================================
--- head/security/cfs/files/cfsd.sh.in Tue Oct 4 21:58:09 2011 (r282955, copy source)
+++ head/security/cfs/files/cfsd.in Wed May 15 17:29:33 2013 (r318250)
@@ -2,36 +2,40 @@
#
# $FreeBSD$
#
-
# PROVIDE: cfsd
# REQUIRE: mountd
-
#
# Add the following line to /etc/rc.conf to enable cfsd:
#
-# cfsd_enable="YES"
+# cfsd_enable=YES
#
# Additional options:
#
-# cfsd_port="3049,udp" # the port to listen to
-# XXX ports/133593 yar suggested that the ,udp suffix be used to avoid
-# hangs of mount_nfs -- it's ignored by cfsd so shouldn't cause any problems
-# cfsd_mountpoint="/crypt" # the CFS mountpoint
+# cfsd_port=3049 # the port to listen to
+# cfsd_mountpoint=/crypt # the CFS mountpoint
#
. /etc/rc.subr
-name="cfsd"
-rcvar=`set_rcvar`
+name=cfsd
+rcvar=cfsd_enable
+
+load_rc_config $name
+
+: ${cfsd_enable=no}
+: ${cfsd_port=3049}
+: ${cfsd_mountpoint=/crypt}
-command="%%PREFIX%%/sbin/cfsd"
-start_postcmd="cfsd_poststart"
-stop_precmd="cfsd_prestop"
+command=%%PREFIX%%/sbin/cfsd
+command_args="$cfsd_port > /dev/null 2>&1"
+required_dirs="%%CFSD_BOOTSTRAP%% $cfsd_mountpoint"
+start_postcmd=cfsd_poststart
+stop_precmd=cfsd_prestop
cfsd_poststart()
{
if [ -n "$cfsd_mountpoint" ]; then
- mount -o port="$cfsd_port",nfsv2 localhost:%%CFSD_BOOTSTRAP%% "$cfsd_mountpoint"
+ mount -o port="$cfsd_port",mntudp,nfsv2 localhost:%%CFSD_BOOTSTRAP%% "$cfsd_mountpoint"
fi
}
@@ -42,12 +46,4 @@ cfsd_prestop()
fi
}
-load_rc_config $name
-: ${cfsd_enable="NO"}
-: ${cfsd_port="3049,udp"}
-: ${cfsd_mountpoint="/crypt"}
-
-command_args="$cfsd_port >/dev/null 2>&1"
-required_dirs="%%CFSD_BOOTSTRAP%% $cfsd_mountpoint"
-
-run_rc_command "$1"
+run_rc_command $1
Modified: head/security/cfs/files/pkg-message.in
==============================================================================
--- head/security/cfs/files/pkg-message.in Tue Oct 4 21:58:09 2011 (r282955)
+++ head/security/cfs/files/pkg-message.in Wed May 15 17:29:33 2013 (r318250)
@@ -8,20 +8,15 @@ Quick start instructions:
- create the default CFS mountpoint (if you want to use a different
mountpoint, set the cfsd_mountpoint variable in /etc/rc.conf):
- mkdir /crypt
+ # mkdir /crypt
- enable rpcbind, mountd and cfsd in /etc/rc.conf:
- FreeBSD 4.x:
-
- portmap_enable="YES"
- single_mountd_enable="YES"
cfsd_enable="YES"
-
- FreeBSD 5.x:
-
mountd_enable="YES"
- cfsd_enable="YES"
- - reboot the system
+ - start mountd and cfsd, or restart:
+
+ # service mountd start
+ # service cfsd start
===============================================================================
Modified: head/security/cfs/pkg-descr
==============================================================================
--- head/security/cfs/pkg-descr Tue Oct 4 21:58:09 2011 (r282955)
+++ head/security/cfs/pkg-descr Wed May 15 17:29:33 2013 (r318250)
@@ -8,4 +8,4 @@ and the manual pages. There is a paper
http://www.crypto.com/papers/cfs.pdf
-WWW: http://www.crypto.com/software/
+WWW: http://www.bayofrum.net/cgi-bin/fossil/cfs/
More information about the svn-ports-head
mailing list