-Add both versions of each configure flag (--enable-x/--disable-x) for safety

-Update to May 26, 2011 snapshot: Add support for OpenSSH's sftp-server umask option. Remove inline references to satisify certain compilers Remove the now unnecessary sftp-logging compatibility mode. When getopt_long is not available, like on AIX, use bundled NetBSD getopt_long. Update the SECURITY document to include a reference to /etc/popt and \ ~/.popt as they relate to rsync. Fix for rsync-3.0 which now uses a short -e option, with an optional argument as a server side option indicating protocol compatibility. Fix scponly crash on Solaris Fix detection and inclusion of getopt on certain platforms Document risks associated with popt reading /etc/popt and ~/.popt Document getopt requirement (when certain configure options are enabled) - cleanup redundant BUILD_DEPENDS+= [1] PR: ports/157804 Submitted by: Rob Farmer <rfarmer _at_ predatorlabs.net> (maintainer), ohauer [1] Approved by: maintainer
author: Olli Hauer <ohauer@FreeBSD.org> 2011-06-18 17:24:07 +0000
committer: Olli Hauer <ohauer@FreeBSD.org> 2011-06-18 17:24:07 +0000
commit: b8c2df43b83a066e472886266e30e304c9e043fa (patch)
tree: 79463f476a627359293e3cd757182f58222ed831 /shells/scponly
parent: f9e2d008d3931e98223fdb891910b7e736028656 (diff)
download: ports-b8c2df43b83a066e472886266e30e304c9e043fa.tar.gz
ports-b8c2df43b83a066e472886266e30e304c9e043fa.zip
5 files changed, 32 insertions, 179 deletions
diff --git a/shells/scponly/Makefile b/shells/scponly/Makefile
index 4b9a8a647ff4..f1844dc4b96c 100644
--- a/shells/scponly/Makefile
+++ b/shells/scponly/Makefile
@@ -6,10 +6,11 @@
 #
 
 PORTNAME=	scponly
-PORTVERSION=	4.8
-PORTREVISION=	3
+PORTVERSION=	4.8.20110526
 CATEGORIES=	shells security
-MASTER_SITES=	SF/${PORTNAME}/${PORTNAME}/${PORTNAME}-${PORTVERSION}
+MASTER_SITES=	SF
+MASTER_SITE_SUBDIR=	${PORTNAME}/${PORTNAME}-snapshots
+DISTNAME=	${PORTNAME}-20110526
 EXTRACT_SUFX=	.tgz
 
 MAINTAINER=	rfarmer@predatorlabs.net
@@ -26,7 +27,6 @@ OPTIONS=	SCPONLY_WILDCARDS "wildcards processing" on \
 		SCPONLY_CHROOT "chroot functionality" off \
 		SCPONLY_RSYNC "rsync compatibility" off \
 		SCPONLY_SCP "vanilla scp compatibility" off \
-		SCPONLY_SFTP_LOGGING "sftp logging compatibility" off \
 		SCPONLY_SVN "subversion compatibility" off \
 		SCPONLY_SVNSERVE "subversion compatibility svn+ssh://" off \
 		SCPONLY_UNISON "unison compatibility" off \
@@ -38,11 +38,15 @@ OPTIONS=	SCPONLY_WILDCARDS "wildcards processing" on \
 CONFIGURE_ARGS+=--with-default-chdir=${SCPONLY_DEFAULT_CHDIR}
 .endif
 
-.if defined(WITHOUT_SCPONLY_WILDCARDS)
+.if defined(WITH_SCPONLY_WILDCARDS)
+CONFIGURE_ARGS+=--enable-wildcards
+.else
 CONFIGURE_ARGS+=--disable-wildcards
 .endif
 
-.if defined(WITHOUT_SCPONLY_GFTP)
+.if defined(WITH_SCPONLY_GFTP)
+CONFIGURE_ARGS+=--enable-gftp-compat
+.else
 CONFIGURE_ARGS+=--disable-gftp-compat
 .endif
 
@@ -56,40 +60,50 @@ PLIST_SUB+=	SCPONLY_CHROOT="@comment "
 
 .if defined(WITH_SCPONLY_RSYNC)
 BUILD_DEPENDS+=	rsync:${PORTSDIR}/net/rsync
-RUN_DEPENDS+=	${BUILD_DEPENDS}
 CONFIGURE_ARGS+=--enable-rsync-compat
+.else
+CONFIGURE_ARGS+=--disable-rsync-compat
 .endif
 
 .if defined(WITH_SCPONLY_SCP)
 CONFIGURE_ARGS+=--enable-scp-compat
-.endif
-
-.if defined(WITH_SCPONLY_SFTP_LOGGING)
-CONFIGURE_ARGS+=--enable-sftp-logging-compat
+.else
+CONFIGURE_ARGS+=--disable-scp-compat
 .endif
 
 .if defined(WITH_SCPONLY_SVN)
-BUILD_DEPENDS+=	svn:${PORTSDIR}/devel/subversion
-RUN_DEPENDS+=	${BUILD_DEPENDS}
 CONFIGURE_ARGS+=--enable-svn-compat
+.else
+CONFIGURE_ARGS+=--disable-svn-compat
 .endif
 
 .if defined(WITH_SCPONLY_SVNSERVE)
-BUILD_DEPENDS+=	svnserve:${PORTSDIR}/devel/subversion
-RUN_DEPENDS+=	${BUILD_DEPENDS}
 CONFIGURE_ARGS+=--enable-svnserv-compat
+.else
+CONFIGURE_ARGS+=--disable-svnserv-compat
 .endif
 
 .if defined(WITH_SCPONLY_UNISON)
 BUILD_DEPENDS+=	unison:${PORTSDIR}/net/unison
-RUN_DEPENDS+=	${BUILD_DEPENDS}
 CONFIGURE_ARGS+=--enable-unison-compat
+.else
+CONFIGURE_ARGS+=--disable-unison-compat
 .endif
 
 .if defined(WITH_SCPONLY_WINSCP)
 CONFIGURE_ARGS+=--enable-winscp-compat
+.else
+CONFIGURE_ARGS+=--disable-winscp-compat
 .endif
 
+# svn, svnlook ... are per default in subversion
+# only check for one of them!
+.if defined(WITH_SCPONLY_SVN) || defined(WITH_SCPONLY_SVNSERVE)
+BUILD_DEPENDS+=	svn:${PORTSDIR}/devel/subversion
+.endif
+
+RUN_DEPENDS:=	${BUILD_DEPENDS}
+
 post-patch:
 	@${ECHO_MSG} "In addition to knobs available from the OPTIONS dialog,"
 	@${ECHO_MSG} "you may set SCPONLY_DEFAULT_CHDIR to make users 'cd' to"
diff --git a/shells/scponly/distinfo b/shells/scponly/distinfo
index 710f7b3fccac..1af6aee557c9 100644
--- a/shells/scponly/distinfo
+++ b/shells/scponly/distinfo
@@ -1,2 +1,2 @@
-SHA256 (scponly-4.8.tgz) = 1693dd678355749c5d9e48ecdd4628dbfe71d82955afde950ee8d88b5adc01cf
-SIZE (scponly-4.8.tgz) = 101687
+SHA256 (scponly-20110526.tgz) = 46aac15a277a86ae43add03b4480150ac65830c7f0ef683532d383ba93dd7b03
+SIZE (scponly-20110526.tgz) = 116147
diff --git a/shells/scponly/files/patch-SECURITY b/shells/scponly/files/patch-SECURITY
deleted file mode 100644
index 89da8df8e0ce..000000000000
--- a/shells/scponly/files/patch-SECURITY
+++ /dev/null
@@ -1,32 +0,0 @@
---- SECURITY.orig	2010-12-10 15:03:24.950162769 -0800
-+++ SECURITY	2010-12-10 15:03:31.669374009 -0800
-@@ -28,6 +28,10 @@
- 
- 	  svn, svnserve, rsync, and unison
- 
-+	  Note specifically that rsync uses popt for parsing command line arguments
-+	  and popt explicitly checks /etc/popt and $HOME/.popt for aliases. Thus,
-+	  users can likely bypass argument checking for rsync.
-+
- 4) Make sure that all files required for the chroot have the IMMUTABLE and
-    UNDELETABLE bits set.  Other bits might also be prudent. See: man 1 chattr.
- 
-@@ -39,13 +43,16 @@
-    ~/.ssh, ~/.unison, ~/.subversion
- 
-    NOTE: depending on file permissions in the above, ssh, unison, and
--   subversion may not work correctly.
-+   subversion may not work correctly.  Also note that the location of the
-+   above directories is sometimes system dependent, so please check the
-+   documentation specific to your system.
- 
- 7) Make sure that every directory the users have write permissions to are
-    on a filesystem that is mounted NODEV, NOEXEC.  Eg. Make sure that they
-    cannot execute files that they have permissions to upload.  They should
-    also not need permissions to create any devices.  If the user can't execute
--   any files that he has access to upload, then you need not worry about the
-+   any files that he has access to upload and the executable files on the
-+   system are not considered harmful, then you need not worry about the
-    security problems referencing svn/svnserve above!
- 
- 8) Monitor your logs!  If you start to see something funny, odd, or strange in
diff --git a/shells/scponly/files/patch-helper.c b/shells/scponly/files/patch-helper.c
deleted file mode 100644
index a7696d0288a3..000000000000
--- a/shells/scponly/files/patch-helper.c
+++ /dev/null
@@ -1,91 +0,0 @@
---- helper.c	2007/08/10 18:37:27	1.24
-+++ helper.c	2008/03/08 18:57:48	1.25
-@@ -26,6 +26,11 @@
- #endif
- #endif
- 
-+#ifdef RSYNC_COMPAT
-+#define RSYNC_ARG_SERVER 0x01
-+#define RSYNC_ARG_EXECUTE 0x02
-+#endif
-+
- #define MAX(x,y)	( ( x > y ) ? x : y )
- #define MIN(x,y)	( ( x < y ) ? x : y )
- 
-@@ -164,6 +169,13 @@
- 	int			ch;
- 	int			ac=0;
- 	int			longopt_index = 0;
-+#ifdef RSYNC_COMPAT
-+	/* 
-+	 * bitwise flag: 0x01 = server, 0x02 = -e.
-+	 * Thus 0x03 is allowed and 0x01 is allowed, but 0x02 is not allowed
-+	 */
-+	int			rsync_flags = 0; 
-+#endif /* RSYNC_COMPAT */
- 
- 	while (cmdarg != NULL)
- 	{
-@@ -182,7 +194,7 @@
- 			 */
- 			if (1 == cmdarg->getoptflag)
- 			{
--				debug(LOG_DEBUG, "Using getopt processing for cmd %s\n (%s)", cmdarg->name, logstamp());
-+				debug(LOG_DEBUG, "Using getopt processing for cmd%s\n (%s)", cmdarg->name, logstamp());
- 				/*	
- 				 *	first count the arguments in the vector
- 				 */
-@@ -207,7 +219,7 @@
- 				 *	otherwise, try a glibc-style reset of the global getopt vars
- 				 */
- 				optind=0;
--#endif
-+#endif /* HAVE_OPTRESET */
- 				/*
- 				 *	tell getopt to only be strict if the 'opts' is well defined
- 				 */
-@@ -216,6 +228,18 @@
- 					
- 					debug(LOG_DEBUG, "getopt processing returned '%c' (%s)", ch, logstamp());
- 					
-+#ifdef RSYNC_COMPAT
-+					if (exact_match(cmdarg->name, PROG_RSYNC) && (ch == 's' || ch == 'e')) {
-+						if (ch == 's')
-+							rsync_flags |= RSYNC_ARG_SERVER;
-+						else
-+							/* -e */
-+							rsync_flags |= RSYNC_ARG_EXECUTE;
-+						debug(LOG_DEBUG, "rsync_flags are now set to: %0x", rsync_flags);
-+					}
-+					else
-+#endif /* RSYNC_COMPAT */
-+
- 					/* if the character is found in badarg, then it's not a permitted option */
- 					if (cmdarg->badarg != NULL && (strchr(cmdarg->badarg, ch) != NULL))
- 					{
-@@ -230,14 +254,23 @@
- 						return 1;
- 					}
- 				}
--#elif
-+#ifdef RSYNC_COMPAT
-+				/* it's not safe if the execute flag was set and server was not set */
-+				if ((rsync_flags & RSYNC_ARG_EXECUTE) != 0 && (rsync_flags & RSYNC_ARG_SERVER) == 0) {
-+						syslog(LOG_ERR, "option 'e' is not allowed unless '--server' is also set with cmd %s (%s)", 
-+							PROG_RSYNC, logstamp());
-+						return 1;
-+				}
-+#endif /* RSYNC_COMPAT */
-+
-+#elif /* HAVE_GETOPT */
- 				/*
- 				 * make sure that processing doesn't continue if we can't validate a rsync check
- 				 * and if the getopt flag is set.
- 				 */
- 				syslog(LOG_ERR, "a getopt() argument check could not be performed for %s, recompile scponly without support for %s or rebuild scponly with getopt", av[0], av[0]);
- 				return 1;
--#endif
-+#endif /* HAVE_GETOPT */
- 			}
- 			else
- 			/*
diff --git a/shells/scponly/files/patch-scponly.c b/shells/scponly/files/patch-scponly.c
deleted file mode 100644
index 571d73489bb6..000000000000
--- a/shells/scponly/files/patch-scponly.c
+++ /dev/null
@@ -1,38 +0,0 @@
---- scponly.c	2008/01/15 06:30:20	1.45
-+++ scponly.c	2008/03/08 18:57:48	1.46
-@@ -91,16 +91,18 @@
- 
- #ifdef RSYNC_COMPAT
- struct option rsync_longopts[] = {
-+	/* options we need to know about that are safe */
-+	{"server",			0,	0,		(int)'s'},
- 	/* I use 'e' for val here because that's what's listed in cmd_arg_t->badarg  */
--	{"rsh", 			1,	0,		(int)'e'},
-+	{"rsh", 			1,	0,		(int)'r'},
- 	/* the following are disabled because they use daemon mode */
--	{"daemon",			0,	0,		(int)'e'},
--	{"rsync-path",		1,	0,		(int)'e'},
--	{"address",			1,	0,		(int)'e'},
--	{"port",			1,	0,		(int)'e'},
--	{"sockopts",		1,	0,		(int)'e'},
--	{"config",			1,	0,		(int)'e'},
--	{"no-detach",		0,	0,		(int)'e'},
-+	{"daemon",			0,	0,		(int)'d'},
-+	{"rsync-path",		1,	0,		(int)'d'},
-+	{"address",			1,	0,		(int)'d'},
-+	{"port",			1,	0,		(int)'d'},
-+	{"sockopts",		1,	0,		(int)'d'},
-+	{"config",			1,	0,		(int)'d'},
-+	{"no-detach",		0,	0,		(int)'d'},
- 	{ NULL,				0,	NULL,	0 },
- 	};
- #endif
-@@ -157,7 +159,7 @@
- 	{ PROG_SCP, 		1, 				1,				"SoF",			"dfl:prtvBCc:i:P:q1246S:o:F:", empty_longopts },
- #endif
- #ifdef RSYNC_COMPAT
--	{ PROG_RSYNC, 		1, 				0,				"e",			"e:",			rsync_longopts },
-+	{ PROG_RSYNC, 		1, 				0,				"rde",			"e::",			rsync_longopts },
- #endif	
- #ifdef UNISON_COMPAT	
- 	{ PROG_UNISON, 		0, 				0,				"-rshcmd",		NULL, 			empty_longopts },
author	Olli Hauer <ohauer@FreeBSD.org>	2011-06-18 17:24:07 +0000
committer	Olli Hauer <ohauer@FreeBSD.org>	2011-06-18 17:24:07 +0000
commit	b8c2df43b83a066e472886266e30e304c9e043fa (patch)
tree	79463f476a627359293e3cd757182f58222ed831 /shells/scponly
parent	f9e2d008d3931e98223fdb891910b7e736028656 (diff)
download	ports-b8c2df43b83a066e472886266e30e304c9e043fa.tar.gz ports-b8c2df43b83a066e472886266e30e304c9e043fa.zip