diff options
Diffstat (limited to 'shells')
-rw-r--r-- | shells/scponly/Makefile | 3 | ||||
-rw-r--r-- | shells/scponly/distinfo | 1 | ||||
-rw-r--r-- | shells/scponly/files/patch-helper.c | 88 | ||||
-rw-r--r-- | shells/scponly/files/patch-scponly.c | 38 |
4 files changed, 123 insertions, 7 deletions
diff --git a/shells/scponly/Makefile b/shells/scponly/Makefile index 5130d16d057f..953a4b190f5e 100644 --- a/shells/scponly/Makefile +++ b/shells/scponly/Makefile @@ -71,11 +71,10 @@ PORTNAME= scponly PORTVERSION= 4.8 -PORTREVISION= 1 +PORTREVISION= 2 CATEGORIES= shells security MASTER_SITES= http://www.sublimation.org/scponly/ \ SF/${PORTNAME}/${PORTNAME}/${PORTNAME}-${PORTVERSION} - EXTRACT_SUFX= .tgz MAINTAINER= rfarmer@predatorlabs.net diff --git a/shells/scponly/distinfo b/shells/scponly/distinfo index 2b739182a14c..710f7b3fccac 100644 --- a/shells/scponly/distinfo +++ b/shells/scponly/distinfo @@ -1,3 +1,2 @@ -MD5 (scponly-4.8.tgz) = 139ac9abd7f3b8dbc5c5520745318f8a SHA256 (scponly-4.8.tgz) = 1693dd678355749c5d9e48ecdd4628dbfe71d82955afde950ee8d88b5adc01cf SIZE (scponly-4.8.tgz) = 101687 diff --git a/shells/scponly/files/patch-helper.c b/shells/scponly/files/patch-helper.c index a72af80225e9..a7696d0288a3 100644 --- a/shells/scponly/files/patch-helper.c +++ b/shells/scponly/files/patch-helper.c @@ -1,11 +1,91 @@ ---- helper.c.orig 2010-01-05 21:06:05.000000000 -0800 -+++ helper.c 2010-01-05 21:06:18.000000000 -0800 -@@ -230,7 +230,7 @@ +--- helper.c 2007/08/10 18:37:27 1.24 ++++ helper.c 2008/03/08 18:57:48 1.25 +@@ -26,6 +26,11 @@ + #endif + #endif + ++#ifdef RSYNC_COMPAT ++#define RSYNC_ARG_SERVER 0x01 ++#define RSYNC_ARG_EXECUTE 0x02 ++#endif ++ + #define MAX(x,y) ( ( x > y ) ? x : y ) + #define MIN(x,y) ( ( x < y ) ? x : y ) + +@@ -164,6 +169,13 @@ + int ch; + int ac=0; + int longopt_index = 0; ++#ifdef RSYNC_COMPAT ++ /* ++ * bitwise flag: 0x01 = server, 0x02 = -e. ++ * Thus 0x03 is allowed and 0x01 is allowed, but 0x02 is not allowed ++ */ ++ int rsync_flags = 0; ++#endif /* RSYNC_COMPAT */ + + while (cmdarg != NULL) + { +@@ -182,7 +194,7 @@ + */ + if (1 == cmdarg->getoptflag) + { +- debug(LOG_DEBUG, "Using getopt processing for cmd %s\n (%s)", cmdarg->name, logstamp()); ++ debug(LOG_DEBUG, "Using getopt processing for cmd%s\n (%s)", cmdarg->name, logstamp()); + /* + * first count the arguments in the vector + */ +@@ -207,7 +219,7 @@ + * otherwise, try a glibc-style reset of the global getopt vars + */ + optind=0; +-#endif ++#endif /* HAVE_OPTRESET */ + /* + * tell getopt to only be strict if the 'opts' is well defined + */ +@@ -216,6 +228,18 @@ + + debug(LOG_DEBUG, "getopt processing returned '%c' (%s)", ch, logstamp()); + ++#ifdef RSYNC_COMPAT ++ if (exact_match(cmdarg->name, PROG_RSYNC) && (ch == 's' || ch == 'e')) { ++ if (ch == 's') ++ rsync_flags |= RSYNC_ARG_SERVER; ++ else ++ /* -e */ ++ rsync_flags |= RSYNC_ARG_EXECUTE; ++ debug(LOG_DEBUG, "rsync_flags are now set to: %0x", rsync_flags); ++ } ++ else ++#endif /* RSYNC_COMPAT */ ++ + /* if the character is found in badarg, then it's not a permitted option */ + if (cmdarg->badarg != NULL && (strchr(cmdarg->badarg, ch) != NULL)) + { +@@ -230,14 +254,23 @@ return 1; } } -#elif -+#else ++#ifdef RSYNC_COMPAT ++ /* it's not safe if the execute flag was set and server was not set */ ++ if ((rsync_flags & RSYNC_ARG_EXECUTE) != 0 && (rsync_flags & RSYNC_ARG_SERVER) == 0) { ++ syslog(LOG_ERR, "option 'e' is not allowed unless '--server' is also set with cmd %s (%s)", ++ PROG_RSYNC, logstamp()); ++ return 1; ++ } ++#endif /* RSYNC_COMPAT */ ++ ++#elif /* HAVE_GETOPT */ /* * make sure that processing doesn't continue if we can't validate a rsync check * and if the getopt flag is set. + */ + syslog(LOG_ERR, "a getopt() argument check could not be performed for %s, recompile scponly without support for %s or rebuild scponly with getopt", av[0], av[0]); + return 1; +-#endif ++#endif /* HAVE_GETOPT */ + } + else + /* diff --git a/shells/scponly/files/patch-scponly.c b/shells/scponly/files/patch-scponly.c new file mode 100644 index 000000000000..571d73489bb6 --- /dev/null +++ b/shells/scponly/files/patch-scponly.c @@ -0,0 +1,38 @@ +--- scponly.c 2008/01/15 06:30:20 1.45 ++++ scponly.c 2008/03/08 18:57:48 1.46 +@@ -91,16 +91,18 @@ + + #ifdef RSYNC_COMPAT + struct option rsync_longopts[] = { ++ /* options we need to know about that are safe */ ++ {"server", 0, 0, (int)'s'}, + /* I use 'e' for val here because that's what's listed in cmd_arg_t->badarg */ +- {"rsh", 1, 0, (int)'e'}, ++ {"rsh", 1, 0, (int)'r'}, + /* the following are disabled because they use daemon mode */ +- {"daemon", 0, 0, (int)'e'}, +- {"rsync-path", 1, 0, (int)'e'}, +- {"address", 1, 0, (int)'e'}, +- {"port", 1, 0, (int)'e'}, +- {"sockopts", 1, 0, (int)'e'}, +- {"config", 1, 0, (int)'e'}, +- {"no-detach", 0, 0, (int)'e'}, ++ {"daemon", 0, 0, (int)'d'}, ++ {"rsync-path", 1, 0, (int)'d'}, ++ {"address", 1, 0, (int)'d'}, ++ {"port", 1, 0, (int)'d'}, ++ {"sockopts", 1, 0, (int)'d'}, ++ {"config", 1, 0, (int)'d'}, ++ {"no-detach", 0, 0, (int)'d'}, + { NULL, 0, NULL, 0 }, + }; + #endif +@@ -157,7 +159,7 @@ + { PROG_SCP, 1, 1, "SoF", "dfl:prtvBCc:i:P:q1246S:o:F:", empty_longopts }, + #endif + #ifdef RSYNC_COMPAT +- { PROG_RSYNC, 1, 0, "e", "e:", rsync_longopts }, ++ { PROG_RSYNC, 1, 0, "rde", "e::", rsync_longopts }, + #endif + #ifdef UNISON_COMPAT + { PROG_UNISON, 0, 0, "-rshcmd", NULL, empty_longopts }, |