15:59 kai 

shells/rssh: Mark as deprecated and set to expire

Upstream has officially abandoned the port some time ago and the software
was maintained then for a while by the Debian project.

But even Debian will now pull the plug and rssh won't be available in their
next stable release. Considering these facts it makes sense to let this port
expire towards the end of Q2.

PR:		235121
Approved by:	miwi (mentor), maintainer
Differential Revision:	https://reviews.freebsd.org/D19503

 

20:45 kai 

shells/rssh: Apply fixes for basename(3) handling and some security issues

basename(3) has been changed to be POSIX compliant in r308264. This implies
that it can possibly write to the passed string. shells/rssh passes a const
string, so it always crashes on invocation with FreeBSD 12 and later. The
new patches remedy this issue. [1] [2]

During further tests and research came to light that there were also
recently discovered security issues with the parsing of rsync/scp command
line arguments and insufficient sanitization of environment variables when
using rysnc.

The corresponding fixes have been incorporated to the new patches and the
already existing patch for the RSYNC option has been tightened for the
argument parsing. Please note that with this patch the scp option "-3" can
no longer be used. [3]

Furthermore, another patch was applied to make this port a bit more secure.
That patch handles a buffer allocation issue for an error message. [4]

PR:		235121
Submitted by:	topical@gmx.net (first version) [1], Jason Harris (maintainer) [2]
Approved by:	tcberner (mentor)
Obtained from:	Debian [3] [4]
MFH:		2019Q1
Security:	d193aa9f-3f8c-11e9-9a24-6805ca0b38e8
Differential Revision:	https://reviews.freebsd.org/D19474

 

14:25 mat 

Remove ${PORTSDIR}/ from dependencies, categories r, s, t, and u.

With hat:	portmgr
Sponsored by:	Absolight

 

09:49 amdmi3 

- Add CPE info

 

17:42 bapt 

Add an @shell keyword to handle adding and remove a shell path in /etc/shell
Bump port revision of all ports that were doing it wrong prior to the keyword

CR:		D208
Reviewed by:	antoine
With hat:	portmgr

 

17:18 pawel 

- Add rsync3 support
- Add LICENSE

PR:		ports/180573
Submitted by:	maintainer

 

09:03 bapt 

Support stage
Fix build with clang on head (symbol collision)

 

22:57 bapt 

Add NO_STAGE all over the place in preparation for the staging support (cat:
shells)

 

04:05 miwi 

- Pass maintainership to submitter
- While here trim header

PR:		180420
Submitted by:	Jason Harris <jharris@widomaker.com>

 

21:26 pav 

- Drop all my ports

 

20:34 pav 

- Fix typo in OPTIONS code

Spotted by:	rm
Feature safe:	yes

 

20:17 pav 

- Update to 2.3.4

PR:		ports/173980
Submitted by:	nemysis <nemysis@gmx.ch>
Feature safe:	yes

 

04:27 rea 

shells/rssh: mark FORBIDDEN due to being vulnerable

http://www.vuxml.org/freebsd/65b25acc-e63b-11e1-b81c-001b77d09812.html
documents rather serious vulnerability that allows people to curcumvent
protections put by rssh, thus making it a kind of non-usable tool.

Security:	65b25acc-e63b-11e1-b81c-001b77d09812

00:35 amdmi3 

- Switch SourceForge ports to the new File Release System: categories starting
with P,R,S

14:32 pav 

- Readd shells/rssh without rsync support. I'm still actively using it.

14:05 tabthorpe 

2008-08-21 shells/rssh: No longer maintained upstream

21:08 pav 

- Replace BROKEN with IGNORE

03:37 tabthorpe 

- Mark as BROKEN, does not work with rsync 3

04:00 tabthorpe 

- change maintainer address on ports I maintain

Approved by:    clsung (mentor)

07:30 beech 

- Remove 4.x cruft
- Partial commit (use of destdir is deprecated)

PR:             ports/113930
Submitted by:   Thomas Abthorpe <thomas@goodking.ca> (maintainer)
Approved by:    sat (mentor)

20:03 rafan 

- Pass maintainership to submitter
- Reformat pkg-descr

PR:             ports/100447
Submitted by:   Thomas Abthorpe <thomas at goodking.ca>

04:18 linimon 

Reset bouncing maintainer address enigmatyc@laposte.net.

Hat:            portmgr

17:47 mnag 

- Update to 2.3.2 and UnFORBIDDEN

PR:             94255
Submitted by:   delphij
Approved by:    portmgr (marcus)

15:10 simon 

Mark FORBIDDEN due to local privilege escalation.

Security:      
http://vuxml.FreeBSD.org/e34d0c2e-9efb-11da-b410-000e0c2e438a.html
Security:       http://www.pizzashack.org/rssh/security.shtml
Prodded by:     remko

20:12 pav 

- Add itself to /etc/shells

PR:             ports/81257
Submitted by:   Hirohisa Yamaguchi <umq@ueo.co.jp>
Approved by:    maintainer timeout (16 days)

09:07 simon 

Update to version 2.2.3 to fix security vulnerability.

Security:      
http://vuxml.FreeBSD.org/f11b219a-44b6-11d9-ae2f-021106004fd6.html
With hat:       secteam
Approved by:    maintainer timeout (security; 2 days), erwin (mentor)

09:17 leeym 

There is a string format vulnerability in rssh-2.2.1
http://www.pizzashack.org/rssh/security.shtml

- update to 2.2.2
- use REINPLACE_CMD instead of the patch file
- correct the knob for RDIST

PR:             73143
Submitted by:   leeym

20:37 leeym 

- rssh < 2.2.1 has information disclosure vulnerability, so update to 2.2.1
- rssh depends on rsync and rdist (optionally)

PR:             71472
Submitted by:   leeym
Approved by:    portmgr (marcus)

13:31 clement 

- Mark rssh as IGNORE on 4.x (wordexp() is not supported)
  Maintainer informed.

13:37 clement 

Add rssh 2.1.1, a Restricted Secure SHell only for sftp or/and scp.

rssh is a Restricted Secure SHell that allow only the use of sftp or
scp. It could be use when you need an account (and a valid shell) in
order to execute sftp or scp but when you don't want to give the
possibility to log in to this user.

WWW: http://www.pizzashack.org/rssh/index.shtml

PR:             ports/65860
Submitted by:   enigmatyc