summaryrefslogtreecommitdiff
path: root/shells
diff options
context:
space:
mode:
authordarcy <darcy@pkgsrc.org>2013-02-28 19:33:01 +0000
committerdarcy <darcy@pkgsrc.org>2013-02-28 19:33:01 +0000
commitdc32711c072a9fb0b516eb09b7daab7c3e16c768 (patch)
tree18aee591f71f172067e247a1723844df9051a5ac /shells
parentdd7eba139374a475151a5f377cdf76d23f21a63e (diff)
downloadpkgsrc-dc32711c072a9fb0b516eb09b7daab7c3e16c768.tar.gz
Add Debian patch to allow rssh to work with rsync protocol version 3.
http://patch-tracker.debian.org/patch/series/view/rssh/2.3.4-1/fixes/rsync-protocol.diff
Diffstat (limited to 'shells')
-rw-r--r--shells/rssh/Makefile3
-rw-r--r--shells/rssh/distinfo3
-rw-r--r--shells/rssh/patches/patch-util.c106
3 files changed, 110 insertions, 2 deletions
diff --git a/shells/rssh/Makefile b/shells/rssh/Makefile
index 184d96100b5..83f12c02e9d 100644
--- a/shells/rssh/Makefile
+++ b/shells/rssh/Makefile
@@ -1,6 +1,7 @@
-# $NetBSD: Makefile,v 1.15 2012/11/28 13:54:53 wiz Exp $
+# $NetBSD: Makefile,v 1.16 2013/02/28 19:33:02 darcy Exp $
DISTNAME= rssh-2.3.4
+PKGREVISION= 1
CATEGORIES= shells security
MASTER_SITES= ${MASTER_SITE_SOURCEFORGE:=rssh/}
diff --git a/shells/rssh/distinfo b/shells/rssh/distinfo
index 90c6fd61853..9a5e4093c15 100644
--- a/shells/rssh/distinfo
+++ b/shells/rssh/distinfo
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.7 2012/11/28 13:54:54 wiz Exp $
+$NetBSD: distinfo,v 1.8 2013/02/28 19:33:02 darcy Exp $
SHA1 (rssh-2.3.4.tar.gz) = e13ae1fdce4b0c89ef70f4695689139c8409e2e8
RMD160 (rssh-2.3.4.tar.gz) = 4fdd086820fe67f6dc97671875c43dcad9c4afd3
@@ -6,3 +6,4 @@ Size (rssh-2.3.4.tar.gz) = 113315 bytes
SHA1 (patch-aa) = 0210a1c717098e6afa760192cc8f9d6811d2fd9f
SHA1 (patch-ab) = 19a5f7ffe3fef0c6aa17c1611c564c45a802ea96
SHA1 (patch-rsshconf.c) = a2c2b14bf3619f77cf4e3cbfeaaa4b356d145443
+SHA1 (patch-util.c) = dcfb7943662aaa733e99d78a810582af1d5d5581
diff --git a/shells/rssh/patches/patch-util.c b/shells/rssh/patches/patch-util.c
new file mode 100644
index 00000000000..8f83f5f6c4b
--- /dev/null
+++ b/shells/rssh/patches/patch-util.c
@@ -0,0 +1,106 @@
+$NetBSD: patch-util.c,v 1.1 2013/02/28 19:33:02 darcy Exp $
+
+- Patch from Debian to allow rsync to work with rssh
+
+--- util.c.orig 2012-11-27 01:14:49.000000000 +0000
++++ util.c
+@@ -56,6 +56,7 @@
+ #ifdef HAVE_LIBGEN_H
+ #include <libgen.h>
+ #endif /* HAVE_LIBGEN_H */
++#include <regex.h>
+
+ /* LOCAL INCLUDES */
+ #include "pathnames.h"
+@@ -196,6 +197,71 @@ bool check_command( char *cl, ShellOptio
+ return rc;
+ }
+
++/*
++ * rsync_e_okay() - take the command line passed to rssh and look for an -e
++ * option. If one is found, make sure --server is provided
++ * and the option contains only the protocol information.
++ * Also check for and reject any --rsh option. Returns FALSE
++ * if the command line should not be allowed, TRUE if it is
++ * okay.
++ */
++static int rsync_e_okay( char **vec )
++{
++ regex_t re;
++ int server = FALSE;
++ int e_found = FALSE;
++
++ /*
++ * rsync will send -e, followed by either just "." (meaning no special
++ * protocol) or "N.N" (meaning a pre-release protocol version),
++ * followed by some number of alphabetic flags indicating various
++ * supported options. There may be other options between - and the e,
++ * but -e will always be the last option in the string. A typical
++ * option passed by the client is "-ltpre.iL".
++ *
++ * Note that if --server is given, this should never be parsed as a
++ * shell, but we'll tightly verify it anyway, just in case.
++ *
++ * This regex matches the acceptable flags containing -e, so if it
++ * does not match, the command line should be rejected.
++ */
++ static const char pattern[]
++ = "^-[a-df-zA-Z]*e[0-9]*\\.[0-9]*[a-zA-Z]*$";
++
++ /*
++ * Only recognize --server if it's the first option. rsync itself
++ * always passes it that way, and if it's not the first argument, it
++ * could be hidden from the server as an argument to some other
++ * option.
++ */
++ if ( vec && vec[0] && vec[1] && strcmp(vec[1], "--server") == 0 ){
++ server = TRUE;
++ }
++
++ /* Check the remaining options for -e or --rsh. */
++ if ( regcomp(&re, pattern, REG_EXTENDED | REG_NOSUB) != 0 ){
++ return FALSE;
++ }
++ while (vec && *vec){
++ if ( strcmp(*vec, "--") == 0 ) break;
++ if ( strcmp(*vec, "--rsh") == 0
++ || strncmp(*vec, "--rsh=", strlen("--rsh=")) == 0 ){
++ regfree(&re);
++ return FALSE;
++ }
++ if ( strncmp(*vec, "--", 2) != 0 && opt_exist(*vec, 'e') ){
++ e_found = TRUE;
++ if ( regexec(&re, *vec, 0, NULL, 0) != 0 ){
++ regfree(&re);
++ return FALSE;
++ }
++ }
++ vec++;
++ }
++ regfree(&re);
++ if ( e_found && !server ) return FALSE;
++ return TRUE;
++}
+
+ /*
+ * check_command_line() - take the command line passed to rssh, and verify
+@@ -230,14 +296,11 @@ char *check_command_line( char **cl, She
+
+ if ( check_command(*cl, opts, PATH_RSYNC, RSSH_ALLOW_RSYNC) ){
+ /* filter -e option */
+- if ( opt_filter(cl, 'e') ) return NULL;
+- while (cl && *cl){
+- if ( strstr(*cl, "--rsh" ) ){
+- fprintf(stderr, "\ninsecure --rsh= not allowed.");
+- log_msg("insecure --rsh option in rsync command line!");
+- return NULL;
+- }
+- cl++;
++ if ( !rsync_e_okay(cl) ){
++ fprintf(stderr, "\ninsecure -e or --rsh option not allowed.");
++ log_msg("insecure -e or --rsh option in rsync command line!");
++ return NULL;
++
+ }
+ return PATH_RSYNC;
+ }