- rssh < 2.2.1 has information disclosure vulnerability, so update to 2.2.1

- rssh depends on rsync and rdist (optionally)

PR:		71472
Submitted by:	leeym
Approved by:	portmgr (marcus)

3 files changed, 20 insertions, 97 deletions

diff --git a/shells/rssh/Makefile b/shells/rssh/Makefile
index 19c4d38..2eafc12 100644
--- a/shells/rssh/Makefile
+++ b/shells/rssh/Makefile
@@ -6,7 +6,7 @@
 #
 
 PORTNAME=	rssh
-PORTVERSION=	2.1.1
+PORTVERSION=	2.2.1
 CATEGORIES=	shells security
 MASTER_SITES=	${MASTER_SITE_SOURCEFORGE}
 MASTER_SITE_SUBDIR=	${PORTNAME}
@@ -15,11 +15,28 @@ MAINTAINER=	enigmatyc@laposte.net
 COMMENT=	A Restricted Secure SHell only for sftp or/and scp
 
 GNU_CONFIGURE=	yes
+
 MAN1=		rssh.1
+MAN5=		rssh.conf.5
 PLIST_FILES=	bin/rssh etc/rssh.conf.dist libexec/rssh_chroot_helper
 
+OPTIONS=	RSYNC "rsync support" off \
+		RDIST "rdist support" off
+
 .include <bsd.port.pre.mk>
+
 .if ${OSVERSION} < 500000
 IGNORE=		wordexp() is not supported on 4.x
 .endif
+
+.if defined(WITH_RSYNC)
+RUN_DEPENDS+=	${LOCALBASE}/bin/rsync:${PORTSDIR}/net/rsync
+CONFIGURE_ARGS+=--with-rsync=${LOCALBASE}/bin/rsync
+.endif
+
+.if defined(WITH_RSYNC)
+RUN_DEPENDS+=	${LOCALBASE}/bin/rdist6:${PORTSDIR}/net/rdist6
+CONFIGURE_ARGS+=--with-rdist=${LOCALBASE}/bin/rdist6
+.endif
+
 .include <bsd.port.post.mk>
diff --git a/shells/rssh/distinfo b/shells/rssh/distinfo
index 5ac9df4..50b868c 100644
--- a/shells/rssh/distinfo
+++ b/shells/rssh/distinfo
@@ -1,2 +1,2 @@
-MD5 (rssh-2.1.1.tar.gz) = d5260ad91fe71ba28ecb310892cc4139
-SIZE (rssh-2.1.1.tar.gz) = 88858
+MD5 (rssh-2.2.1.tar.gz) = 2d427ee7f4ea46b075fa0ab3f39b4089
+SIZE (rssh-2.2.1.tar.gz) = 95552
diff --git a/shells/rssh/files/patch-util.c b/shells/rssh/files/patch-util.c
deleted file mode 100644
index 46474e8..0000000
--- a/shells/rssh/files/patch-util.c
+++ /dev/null
@@ -1,94 +0,0 @@
---- util.c.orig	Mon Jul  7 20:41:29 2003
-+++ util.c	Fri Apr 16 01:28:16 2004
-@@ -1,9 +1,9 @@
- /*
-  * util.c - utility functions for rssh
-- * 
-+ *
-  * Copyright 2003 Derek D. Martin ( code at pizzashack dot org ).
-  *
-- * This program is licensed under a BSD-style license, as follows: 
-+ * This program is licensed under a BSD-style license, as follows:
-  *
-  * Redistribution and use in source and binary forms, with or without
-  * modification, are permitted provided that the following conditions
-@@ -66,10 +66,10 @@
- extern char *username;
- extern char *progname;
- 
--/* 
-+/*
-  * build_arg_vector() - return a pointer to a vector of strings which
-  *                      represent the arguments of the command to execv().
-- */                 
-+ */
- char **build_arg_vector( char *str, size_t reserve )
- {
- 
-@@ -77,18 +77,18 @@
- 	int		retc;
- 
- 	result.we_offs = reserve;
--	if ( (retc = wordexp(str, &result, WRDE_NOCMD|WRDE_DOOFFS)) ){
-+	if ( (retc = wordexp(str, &result, WRDE_NOCMD|WRDE_DOOFS)) ){
- 		log_set_priority(LOG_ERR);
- 		switch( retc ){
- 		case WRDE_BADCHAR:
- 		case WRDE_CMDSUB:
--			fprintf(stderr, "%s: bad characters in arguments\n", 
-+			fprintf(stderr, "%s: bad characters in arguments\n",
- 				progname);
- 			log_msg("user %s used bad chars in command",
- 				username);
- 			break;
- 		default:
--			fprintf(stderr, "%s: error expanding arguments\n", 
-+			fprintf(stderr, "%s: error expanding arguments\n",
- 				progname);
- 			log_msg("error expanding arguments for user %s",
- 				username);
-@@ -105,7 +105,7 @@
- 
- 	log_set_priority(LOG_ERR);
- 	/* determine which commands are usable for error message */
--	if ( (flags & (RSSH_ALLOW_SCP | RSSH_ALLOW_SFTP)) == 
-+	if ( (flags & (RSSH_ALLOW_SCP | RSSH_ALLOW_SFTP)) ==
- 			(RSSH_ALLOW_SCP | RSSH_ALLOW_SFTP) )
- 		cmd = " to scp or sftp";
- 	else if ( flags & RSSH_ALLOW_SCP )
-@@ -147,7 +147,7 @@
- 	len = strlen(PATH_SFTP_SERVER);
- 	if ( cl_len < len ) len = cl_len;
- 	/* check to see if cl starts with an allowed command */
--	if ( !(strncmp(cl, PATH_SFTP_SERVER, len)) && 
-+	if ( !(strncmp(cl, PATH_SFTP_SERVER, len)) &&
- 			(isspace(cl[len]) || cl[len] == '\0') &&
- 			opts->shell_flags & RSSH_ALLOW_SFTP )
- 		return PATH_SFTP_SERVER;
-@@ -155,7 +155,7 @@
- 	len = 3;
- 	/* if cl_len is less than 3, then it's not a valid command */
- 	if ( cl_len < 3 ) return NULL;
--	if ( !(strncmp(cl, "scp", len)) && 
-+	if ( !(strncmp(cl, "scp", len)) &&
- 			(isspace(cl[len])) &&
- 			opts->shell_flags & RSSH_ALLOW_SCP ){
- 		return PATH_SCP;
-@@ -183,7 +183,7 @@
- 		len--;
- 	}
- 	if ( (strncmp(root, path, len)) ) return NULL;
--	
-+
- 	/*
- 	 * path[len] is the first character of path which is not part of root.
- 	 * If it is not '/' then we chopped path off in the middle of a path
-@@ -223,7 +223,7 @@
-  *                     them.  Returns the bits in the bool pointers of the
-  *                     same name, and returns FALSE if the bits are not valid
-  */
--int validate_access( const char *temp, bool *allow_sftp, 
-+int validate_access( const char *temp, bool *allow_sftp,
- 		     bool *allow_scp )
- {
- 	char	scp[2];