diff options
author | crees <crees@FreeBSD.org> | 2013-05-16 01:29:33 +0800 |
---|---|---|
committer | crees <crees@FreeBSD.org> | 2013-05-16 01:29:33 +0800 |
commit | b3fc97974dbe8e4f6f7820963522874ed068a304 (patch) | |
tree | cdd4643238bb17905d3fee0cf5dc9805a4fe85e6 /security/cfs | |
parent | e12a511bced5267812760411dda5d77bbdbdc496 (diff) | |
download | freebsd-ports-graphics-b3fc97974dbe8e4f6f7820963522874ed068a304.tar.gz freebsd-ports-graphics-b3fc97974dbe8e4f6f7820963522874ed068a304.tar.zst freebsd-ports-graphics-b3fc97974dbe8e4f6f7820963522874ed068a304.zip |
security/cfs: Resurrect and maintain CFS.
The referenced security issues have been fixed in this version (1.5.0 beta), and
some small bugs have been found too, with many fixes from Debian's Gerrit Pape.
Obtained from: Debian (parts)
Security: CVE-2002-0351
Security: CVE-2006-3123
Diffstat (limited to 'security/cfs')
-rw-r--r-- | security/cfs/Makefile | 38 | ||||
-rw-r--r-- | security/cfs/distinfo | 2 | ||||
-rw-r--r-- | security/cfs/files/cfsd.in | 49 | ||||
-rw-r--r-- | security/cfs/files/pkg-message.in | 22 | ||||
-rw-r--r-- | security/cfs/pkg-descr | 11 | ||||
-rw-r--r-- | security/cfs/pkg-plist | 13 |
6 files changed, 135 insertions, 0 deletions
diff --git a/security/cfs/Makefile b/security/cfs/Makefile new file mode 100644 index 00000000000..d8063fdc172 --- /dev/null +++ b/security/cfs/Makefile @@ -0,0 +1,38 @@ +# Created by: John Polstra <jdp@polstra.com> +# $FreeBSD$ + +PORTNAME= cfs +DISTVERSION= 1.5.0.beta +CATEGORIES= security +MASTER_SITES= http://www.bayofrum.net/dist/${PORTNAME}/ + +MAINTAINER= crees@FreeBSD.org +COMMENT= A cryptographic file system implemented as a user-space NFS server + +ALL_TARGET= cfs +MAKE_ARGS= CC=cc +MAN1= cattach.1 cdetach.1 cmkdir.1 cpasswd.1 cfssh.1 +MAN8= ccat.8 cfsd.8 cname.8 + +CFSD_BOOTSTRAP= ${PREFIX}/cfsd-bootstrap +USE_RC_SUBR= cfsd +SUB_FILES= pkg-message +SUB_LIST= CFSD_BOOTSTRAP=${CFSD_BOOTSTRAP} +PLIST_SUB= CFSD_BOOTSTRAP=${CFSD_BOOTSTRAP} + +post-patch: + ${REINPLACE_CMD} 's/^\.TH SSH/.TH CFSSH/' ${WRKSRC}/cfssh.1 + +do-install: + @cd ${WRKSRC}; \ + ${INSTALL_PROGRAM} ccat cfsd cname ${PREFIX}/sbin; \ + ${INSTALL_PROGRAM} cattach cdetach cmkdir cpasswd ${PREFIX}/bin; \ + ${INSTALL_SCRIPT} cfssh ${PREFIX}/bin/cfssh; \ + ${INSTALL_MAN} ${MAN1} ${PREFIX}/man/man1; \ + ${INSTALL_MAN} ${MAN8} ${PREFIX}/man/man8; \ + ${MKDIR} ${PREFIX}/share/doc/cfs; \ + ${INSTALL_DATA} README.install notes.ms ${PREFIX}/share/doc/cfs + ${INSTALL} -d ${_BINOWNGRP} -m 0 ${CFSD_BOOTSTRAP} + @${CAT} ${PKGMESSAGE} + +.include <bsd.port.mk> diff --git a/security/cfs/distinfo b/security/cfs/distinfo new file mode 100644 index 00000000000..60c1a6a42b1 --- /dev/null +++ b/security/cfs/distinfo @@ -0,0 +1,2 @@ +SHA256 (cfs-1.5.0.beta.tar.gz) = 55eed20e9e2dd05bf54aa34a91fd90574005f805e9d4eb9c1dcf63d188ffdc59 +SIZE (cfs-1.5.0.beta.tar.gz) = 108992 diff --git a/security/cfs/files/cfsd.in b/security/cfs/files/cfsd.in new file mode 100644 index 00000000000..065f0daeaa1 --- /dev/null +++ b/security/cfs/files/cfsd.in @@ -0,0 +1,49 @@ +#!/bin/sh +# +# $FreeBSD$ +# +# PROVIDE: cfsd +# REQUIRE: mountd +# +# Add the following line to /etc/rc.conf to enable cfsd: +# +# cfsd_enable=YES +# +# Additional options: +# +# cfsd_port=3049 # the port to listen to +# cfsd_mountpoint=/crypt # the CFS mountpoint +# + +. /etc/rc.subr + +name=cfsd +rcvar=cfsd_enable + +load_rc_config $name + +: ${cfsd_enable=no} +: ${cfsd_port=3049} +: ${cfsd_mountpoint=/crypt} + +command=%%PREFIX%%/sbin/cfsd +command_args="$cfsd_port > /dev/null 2>&1" +required_dirs="%%CFSD_BOOTSTRAP%% $cfsd_mountpoint" +start_postcmd=cfsd_poststart +stop_precmd=cfsd_prestop + +cfsd_poststart() +{ + if [ -n "$cfsd_mountpoint" ]; then + mount -o port="$cfsd_port",mntudp,nfsv2 localhost:%%CFSD_BOOTSTRAP%% "$cfsd_mountpoint" + fi +} + +cfsd_prestop() +{ + if [ -n "$cfsd_mountpoint" ]; then + umount "$cfsd_mountpoint" + fi +} + +run_rc_command $1 diff --git a/security/cfs/files/pkg-message.in b/security/cfs/files/pkg-message.in new file mode 100644 index 00000000000..31217fe7c7e --- /dev/null +++ b/security/cfs/files/pkg-message.in @@ -0,0 +1,22 @@ +=============================================================================== +Quick start instructions: + + - add the following entry to /etc/exports: + + %%CFSD_BOOTSTRAP%% localhost + + - create the default CFS mountpoint (if you want to use a different + mountpoint, set the cfsd_mountpoint variable in /etc/rc.conf): + + # mkdir /crypt + + - enable rpcbind, mountd and cfsd in /etc/rc.conf: + + cfsd_enable="YES" + mountd_enable="YES" + + - start mountd and cfsd, or restart: + + # service mountd start + # service cfsd start +=============================================================================== diff --git a/security/cfs/pkg-descr b/security/cfs/pkg-descr new file mode 100644 index 00000000000..2611ddd37af --- /dev/null +++ b/security/cfs/pkg-descr @@ -0,0 +1,11 @@ +This is CFS, Matt Blaze's Cryptographic File System. It provides +transparent encryption and decryption of selected directory trees. +It is implemented as a user-level NFS server and thus does not +require any kernel modifications. + +For an overview of how to use it, read "${PREFIX}/share/doc/cfs/notes.ms" +and the manual pages. There is a paper describing CFS at: + + http://www.crypto.com/papers/cfs.pdf + +WWW: http://www.bayofrum.net/cgi-bin/fossil/cfs/ diff --git a/security/cfs/pkg-plist b/security/cfs/pkg-plist new file mode 100644 index 00000000000..b32516fed14 --- /dev/null +++ b/security/cfs/pkg-plist @@ -0,0 +1,13 @@ +bin/cattach +bin/cdetach +bin/cmkdir +bin/cpasswd +bin/cfssh +sbin/ccat +sbin/cfsd +sbin/cname +share/doc/cfs/README.install +share/doc/cfs/notes.ms +@exec install -d -o root -g wheel -m 0 %%CFSD_BOOTSTRAP%% 2>/dev/null || true +@unexec rmdir %%CFSD_BOOTSTRAP%% 2>/dev/null || true +@dirrm share/doc/cfs |