cfs 1.4.1_6 security =19

FORBIDDEN: Buffer overflows allow remote attackers to cause DoS / execute arbitrary code
DEPRECATED: Locks don't work, ports/137378, unmaintained, dead upstream, insecure
This port expired on: 2011-10-04
IGNORE: is forbidden: Buffer overflows allow remote attackers to cause DoS / execute arbitrary code
A cryptographic file system implemented as a user-space NFS server

There is no maintainer for this port.
Any concerns regarding this port should be directed to the FreeBSD Ports mailing list via ports@FreeBSD.org
Port Added: unknown
License: not specified in port

---

---

This is CFS, Matt Blaze's Cryptographic File System.  It provides
transparent encryption and decryption of selected directory trees.
It is implemented as a user-level NFS server and thus does not
require any kernel modifications.

For an overview of how to use it, read "${PREFIX}/share/doc/cfs/notes.ms"
and the manual pages.  There is a paper describing CFS at:

    http://www.crypto.com/papers/cfs.pdf

WWW: http://www.crypto.com/software/

CVSWeb : Main Web Site : Distfiles Availability : PortsMonThere are no ports dependent upon this port

---

No installation instructions: this port has been deleted.

The package name of this deleted port was: cfs

---

Configuration Options

     No options to configure

---

Master Sites:

http://www.crypto.com/software/

ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/distfiles/

• port deleted on 2011-10-04
  REASON: Has expired: Locks don't work, ports/137378, unmaintained, dead upstream, insecure
  

Remove expired port:
2011-10-04 security/cfs: Locks don't work, ports/137378, unmaintained, dead
upstream, insecure

- After more research, mark FORBIDDEN -- vulnerable to buffer overflows.
- As per policy on security issues, shorten removal date to one month.

Security:       CVE-2002-0351
Security:       DSA-116-1

Mark deprecated; broken for two years with no fix.

Expires on 4/Nov

PR:             ports/137378 ports/155788

Fix rc script to stop nfs hangs

PR:             ports/133563
Submitted by:   Thiemo Nordenholz <list@thiemo.net>, yar

-remove MD5

Begin the process of deprecating sysutils/rc_subr by
s#. %%RC_SUBR%%#. /etc/rc.subr#

For ports maintained by ports@FreeBSD.org, remove names and/or
e-mail addresses from the pkg-descr file that could reasonably
be mistaken for maintainer contact information in order to avoid
confusion on the part of users looking for support. As a pleasant
side effect this also avoids confusion and/or frustration for people
who are no longer maintaining those ports.

Attempt to fix port after usb2 import.

Submitted by:   ed

- Mark BROKEN on FreeBSD 6.x

Reported by:    pointyhat

Fix build for 7.0
Thanks to alfred@ for his help.

Remove USE_REINPLACE from all categories starting with S

Reset green@ as maintainer at his request.

Hat:            portmgr

SHA256ify

Approved by: krion@

BROKEN on 7.0: Does not compile

- convert cfsd.sh to rcNG
- add a CFS bootstrap directory to the port (${PREFIX}/cfsd-bootstrap)
- mount that CFS bootstrap directory in cfsd.sh (default mountpoint is /crypt,
  configurable in /etc/rc.conf)
- explain how to quickly setup cfsd in pkg-message
- do display pkg-message
- while here, use USE_RC_SUBR

PR:             ports/18800
Submitted by:   Louis Mamakos <louie@TransSys.COM>, myself
Approved by:    green (maintainer)

- Merge and split existing patch-a[a-f] files.
- Fix types issues on 64-bits architectures.

PR:             ports/75878
Submitted by:   Ville-Pertti Keinonen <will@exomi.com>
Approved by:    maintainer timeout (3 months)

Back out the work-around for CFS's failure to use 8-bit filenames.  It
appears to be crashing some people (but not others).

Reinstate changes made during ports freeze, correcting "PORTREVESION"
so that the version is actually bumped.

Committing stuff during ports freezes is generally frowned upon.

Revamp cfssh(1) so that it creates the attach points randomly again.
It used $RANDOM when it was a ksh script, but here it had always
been broken because ash (/bin/sh) doesn't have it.

Also, make the cfssh manpage refer to itself as cfssh instead of ssh.

Submitted by:   Martin Kammerhofer <dada@sbox.tugraz.at>
PR:             65620

Previously, cfsd would screw up if you used 8-bit filenames.  Fix the
checksum mechanism for pathnames so that it works for those paths.

Submitted by:   Olof Samuelsson <olof@s8n.pp.se>
PR:     35353

SIZEify (maintainer timeout)

Update the link to Matt Blaze's CFS paper.

Clear moonlight beckons.
Requiem mors pacem pkg-comment,
And be calm ports tree.

E Nomini Patri, E Fili, E Spiritu Sancti.

Notify users of security/cfs that rpcbind may need -L to accept
connections to register cfs with it.

Determined by:  Brad Forschinger <freebsd@bnjf.id.au>

Upgrade to 1.4.1.

PR:             29638
Submitted by:   Scott Renfro <scott@renfro.org>

Bump PORTREVISION.    

Fix a possible-corruption-at-end-of-file bug.    

Convert category security to new layout.  

Install cfsd.sh script only if not already installed    

Use 'killall cfsd' on stop    

Use new style start/stop rc.d script   Unrestrict port since we are able to
distribute crypto    

Strategically change a couple malloc() calls to calloc() calls so that   every
request doesn't return NFSERR_STALE.  This CFS bug brought to   light by the
letters p, h, and k :)  

Remove empty directory on deinstall    

Update to cfs version 1.4.0 beta 2.    

17 vulnerabilities affecting 41 ports have been reported in the past 14 days

^* - modified, not new

All vulnerabilities