security/cfs: Resurrect and maintain CFS.

The referenced security issues have been fixed in this version (1.5.0 beta), and some small bugs have been found too, with many fixes from Debian's Gerrit Pape. Obtained from: Debian (parts) Security: CVE-2002-0351 Security: CVE-2006-3123
author: crees <crees@FreeBSD.org> 2013-05-16 01:29:33 +0800
committer: crees <crees@FreeBSD.org> 2013-05-16 01:29:33 +0800
commit: b3fc97974dbe8e4f6f7820963522874ed068a304 (patch)
tree: cdd4643238bb17905d3fee0cf5dc9805a4fe85e6
parent: e12a511bced5267812760411dda5d77bbdbdc496 (diff)
download: freebsd-ports-gnome-b3fc97974dbe8e4f6f7820963522874ed068a304.tar.gz
freebsd-ports-gnome-b3fc97974dbe8e4f6f7820963522874ed068a304.tar.zst
freebsd-ports-gnome-b3fc97974dbe8e4f6f7820963522874ed068a304.zip
8 files changed, 136 insertions, 1 deletions
diff --git a/MOVED b/MOVED
index 5f48c9065309..e7eb039a4226 100644
--- a/MOVED
+++ b/MOVED
@@ -2678,7 +2678,6 @@ dns/nsd2||2011-09-30|EOL since 2007, unsupported. Use dns/nsd instead
 audio/orpheus|audio/cmus|2011-10-01|Has expired: Contains problem with autotools, security CVE-2005-3863. Use audio/cmus instead
 sysutils/syslog-ng3-devel|sysutils/syslog-ng-devel|2011-10-04|Port renamed
 sysutils/cfvers||2011-10-04|Has expired: Dead upstream, author disowns it, use git/hg instead
-security/cfs||2011-10-04|Has expired: Locks don't work, ports/137378, unmaintained, dead upstream, insecure
 devel/p5-Scalar-Util-Clone||2011-10-05|Disappear from CPAN
 print/lyx14||2011-10-05|Has expired: last release in 2007, use print/lyx16 or print/lyx instead
 multimedia/enjoympeg||2011-10-05|Has expired: Looks like abandonware, no more public distfiles
diff --git a/security/Makefile b/security/Makefile
index cb8f87a8fc8b..301171687bd9 100644
--- a/security/Makefile
+++ b/security/Makefile
@@ -56,6 +56,7 @@
     SUBDIR += calife-devel
     SUBDIR += ccrypt
     SUBDIR += ccsrch
+    SUBDIR += cfs
     SUBDIR += cfv
     SUBDIR += chaosreader
     SUBDIR += checkpassword
diff --git a/security/cfs/Makefile b/security/cfs/Makefile
new file mode 100644
index 000000000000..d8063fdc1728
--- /dev/null
+++ b/security/cfs/Makefile
@@ -0,0 +1,38 @@
+# Created by: John Polstra <jdp@polstra.com>
+# $FreeBSD$
+
+PORTNAME=	cfs
+DISTVERSION=	1.5.0.beta
+CATEGORIES=	security
+MASTER_SITES=	http://www.bayofrum.net/dist/${PORTNAME}/
+
+MAINTAINER=	crees@FreeBSD.org
+COMMENT=	A cryptographic file system implemented as a user-space NFS server
+
+ALL_TARGET=	cfs
+MAKE_ARGS=	CC=cc
+MAN1=		cattach.1 cdetach.1 cmkdir.1 cpasswd.1 cfssh.1
+MAN8=		ccat.8 cfsd.8 cname.8
+
+CFSD_BOOTSTRAP=	${PREFIX}/cfsd-bootstrap
+USE_RC_SUBR=	cfsd
+SUB_FILES=	pkg-message
+SUB_LIST=	CFSD_BOOTSTRAP=${CFSD_BOOTSTRAP}
+PLIST_SUB=	CFSD_BOOTSTRAP=${CFSD_BOOTSTRAP}
+
+post-patch:
+	${REINPLACE_CMD} 's/^\.TH SSH/.TH CFSSH/' ${WRKSRC}/cfssh.1
+
+do-install:
+	@cd ${WRKSRC}; \
+	    ${INSTALL_PROGRAM} ccat cfsd cname ${PREFIX}/sbin; \
+	    ${INSTALL_PROGRAM} cattach cdetach cmkdir cpasswd ${PREFIX}/bin; \
+	    ${INSTALL_SCRIPT} cfssh ${PREFIX}/bin/cfssh; \
+	    ${INSTALL_MAN} ${MAN1} ${PREFIX}/man/man1; \
+	    ${INSTALL_MAN} ${MAN8} ${PREFIX}/man/man8; \
+	    ${MKDIR} ${PREFIX}/share/doc/cfs; \
+	    ${INSTALL_DATA} README.install notes.ms ${PREFIX}/share/doc/cfs
+	${INSTALL} -d ${_BINOWNGRP} -m 0 ${CFSD_BOOTSTRAP}
+	@${CAT} ${PKGMESSAGE}
+
+.include <bsd.port.mk>
diff --git a/security/cfs/distinfo b/security/cfs/distinfo
new file mode 100644
index 000000000000..60c1a6a42b16
--- /dev/null
+++ b/security/cfs/distinfo
@@ -0,0 +1,2 @@
+SHA256 (cfs-1.5.0.beta.tar.gz) = 55eed20e9e2dd05bf54aa34a91fd90574005f805e9d4eb9c1dcf63d188ffdc59
+SIZE (cfs-1.5.0.beta.tar.gz) = 108992
diff --git a/security/cfs/files/cfsd.in b/security/cfs/files/cfsd.in
new file mode 100644
index 000000000000..065f0daeaa1e
--- /dev/null
+++ b/security/cfs/files/cfsd.in
@@ -0,0 +1,49 @@
+#!/bin/sh
+#
+# $FreeBSD$
+#
+# PROVIDE: cfsd
+# REQUIRE: mountd
+#
+# Add the following line to /etc/rc.conf to enable cfsd:
+#
+# cfsd_enable=YES
+#
+# Additional options:
+#
+# cfsd_port=3049		# the port to listen to
+# cfsd_mountpoint=/crypt	# the CFS mountpoint
+#
+
+. /etc/rc.subr
+
+name=cfsd
+rcvar=cfsd_enable
+
+load_rc_config $name
+
+: ${cfsd_enable=no}
+: ${cfsd_port=3049}
+: ${cfsd_mountpoint=/crypt}
+
+command=%%PREFIX%%/sbin/cfsd
+command_args="$cfsd_port > /dev/null 2>&1"
+required_dirs="%%CFSD_BOOTSTRAP%% $cfsd_mountpoint"
+start_postcmd=cfsd_poststart
+stop_precmd=cfsd_prestop
+
+cfsd_poststart()
+{
+	if [ -n "$cfsd_mountpoint" ]; then
+		mount -o port="$cfsd_port",mntudp,nfsv2 localhost:%%CFSD_BOOTSTRAP%% "$cfsd_mountpoint"
+	fi
+}
+
+cfsd_prestop()
+{
+	if [ -n "$cfsd_mountpoint" ]; then
+		umount "$cfsd_mountpoint"
+	fi
+}
+
+run_rc_command $1
diff --git a/security/cfs/files/pkg-message.in b/security/cfs/files/pkg-message.in
new file mode 100644
index 000000000000..31217fe7c7e7
--- /dev/null
+++ b/security/cfs/files/pkg-message.in
@@ -0,0 +1,22 @@
+===============================================================================
+Quick start instructions:
+
+  - add the following entry to /etc/exports:
+
+    %%CFSD_BOOTSTRAP%% localhost
+
+  - create the default CFS mountpoint (if you want to use a different
+    mountpoint, set the cfsd_mountpoint variable in /etc/rc.conf):
+
+    # mkdir /crypt
+
+  - enable rpcbind, mountd and cfsd in /etc/rc.conf:
+
+      cfsd_enable="YES"
+      mountd_enable="YES"
+
+  - start mountd and cfsd, or restart:
+
+    # service mountd start
+    # service cfsd start
+===============================================================================
diff --git a/security/cfs/pkg-descr b/security/cfs/pkg-descr
new file mode 100644
index 000000000000..2611ddd37af7
--- /dev/null
+++ b/security/cfs/pkg-descr
@@ -0,0 +1,11 @@
+This is CFS, Matt Blaze's Cryptographic File System.  It provides
+transparent encryption and decryption of selected directory trees.
+It is implemented as a user-level NFS server and thus does not
+require any kernel modifications.
+
+For an overview of how to use it, read "${PREFIX}/share/doc/cfs/notes.ms"
+and the manual pages.  There is a paper describing CFS at:
+
+    http://www.crypto.com/papers/cfs.pdf
+
+WWW: http://www.bayofrum.net/cgi-bin/fossil/cfs/
diff --git a/security/cfs/pkg-plist b/security/cfs/pkg-plist
new file mode 100644
index 000000000000..b32516fed14c
--- /dev/null
+++ b/security/cfs/pkg-plist
@@ -0,0 +1,13 @@
+bin/cattach
+bin/cdetach
+bin/cmkdir
+bin/cpasswd
+bin/cfssh
+sbin/ccat
+sbin/cfsd
+sbin/cname
+share/doc/cfs/README.install
+share/doc/cfs/notes.ms
+@exec install -d -o root -g wheel -m 0 %%CFSD_BOOTSTRAP%% 2>/dev/null || true
+@unexec rmdir %%CFSD_BOOTSTRAP%% 2>/dev/null || true
+@dirrm share/doc/cfs
author	crees <crees@FreeBSD.org>	2013-05-16 01:29:33 +0800
committer	crees <crees@FreeBSD.org>	2013-05-16 01:29:33 +0800
commit	b3fc97974dbe8e4f6f7820963522874ed068a304 (patch)
tree	cdd4643238bb17905d3fee0cf5dc9805a4fe85e6
parent	e12a511bced5267812760411dda5d77bbdbdc496 (diff)
download	freebsd-ports-gnome-b3fc97974dbe8e4f6f7820963522874ed068a304.tar.gz freebsd-ports-gnome-b3fc97974dbe8e4f6f7820963522874ed068a304.tar.zst freebsd-ports-gnome-b3fc97974dbe8e4f6f7820963522874ed068a304.zip