security/cfs: Resurrect and maintain CFS.

The referenced security issues have been fixed in this version (1.5.0 beta), and some small bugs have been found too, with many fixes from Debian's Gerrit Pape. Obtained from: Debian (parts) Security: CVE-2002-0351 Security: CVE-2006-3123
svn path=/head/; revision=318250
2013-05-15 17:29:33 +00:00 · 2013-05-15 17:29:33 +00:00 · ef6baa3596 · 2021-03-31 03:12:20 +00:00
commit ef6baa3596
parent 6855537854
8 changed files with 136 additions and 1 deletions
--- a/1
+++ b/1
@ -2678,7 +2678,6 @@ dns/nsd2||2011-09-30|EOL since 2007, unsupported. Use dns/nsd instead
 audio/orpheus|audio/cmus|2011-10-01|Has expired: Contains problem with autotools, security CVE-2005-3863. Use audio/cmus instead
 sysutils/syslog-ng3-devel|sysutils/syslog-ng-devel|2011-10-04|Port renamed
 sysutils/cfvers||2011-10-04|Has expired: Dead upstream, author disowns it, use git/hg instead
-security/cfs||2011-10-04|Has expired: Locks don't work, ports/137378, unmaintained, dead upstream, insecure
 devel/p5-Scalar-Util-Clone||2011-10-05|Disappear from CPAN
 print/lyx14||2011-10-05|Has expired: last release in 2007, use print/lyx16 or print/lyx instead
 multimedia/enjoympeg||2011-10-05|Has expired: Looks like abandonware, no more public distfiles
--- a/security/Makefile
+++ b/security/Makefile
@ -56,6 +56,7 @@
    SUBDIR += calife-devel
    SUBDIR += ccrypt
    SUBDIR += ccsrch
+    SUBDIR += cfs
    SUBDIR += cfv
    SUBDIR += chaosreader
    SUBDIR += checkpassword
--- a/security/cfs/Makefile
+++ b/security/cfs/Makefile
@ -0,0 +1,38 @@
+# Created by: John Polstra <jdp@polstra.com>
+# $FreeBSD$
+
+PORTNAME=	cfs
+DISTVERSION=	1.5.0.beta
+CATEGORIES=	security
+MASTER_SITES=	http://www.bayofrum.net/dist/${PORTNAME}/
+
+MAINTAINER=	crees@FreeBSD.org
+COMMENT=	A cryptographic file system implemented as a user-space NFS server
+
+ALL_TARGET=	cfs
+MAKE_ARGS=	CC=cc
+MAN1=		cattach.1 cdetach.1 cmkdir.1 cpasswd.1 cfssh.1
+MAN8=		ccat.8 cfsd.8 cname.8
+
+CFSD_BOOTSTRAP=	${PREFIX}/cfsd-bootstrap
+USE_RC_SUBR=	cfsd
+SUB_FILES=	pkg-message
+SUB_LIST=	CFSD_BOOTSTRAP=${CFSD_BOOTSTRAP}
+PLIST_SUB=	CFSD_BOOTSTRAP=${CFSD_BOOTSTRAP}
+
+post-patch:
+	${REINPLACE_CMD} 's/^\.TH SSH/.TH CFSSH/' ${WRKSRC}/cfssh.1
+
+do-install:
+	@cd ${WRKSRC}; \
+	    ${INSTALL_PROGRAM} ccat cfsd cname ${PREFIX}/sbin; \
+	    ${INSTALL_PROGRAM} cattach cdetach cmkdir cpasswd ${PREFIX}/bin; \
+	    ${INSTALL_SCRIPT} cfssh ${PREFIX}/bin/cfssh; \
+	    ${INSTALL_MAN} ${MAN1} ${PREFIX}/man/man1; \
+	    ${INSTALL_MAN} ${MAN8} ${PREFIX}/man/man8; \
+	    ${MKDIR} ${PREFIX}/share/doc/cfs; \
+	    ${INSTALL_DATA} README.install notes.ms ${PREFIX}/share/doc/cfs
+	${INSTALL} -d ${_BINOWNGRP} -m 0 ${CFSD_BOOTSTRAP}
+	@${CAT} ${PKGMESSAGE}
+
+.include <bsd.port.mk>
--- a/security/cfs/distinfo
+++ b/security/cfs/distinfo
@ -0,0 +1,2 @@
+SHA256 (cfs-1.5.0.beta.tar.gz) = 55eed20e9e2dd05bf54aa34a91fd90574005f805e9d4eb9c1dcf63d188ffdc59
+SIZE (cfs-1.5.0.beta.tar.gz) = 108992
--- a/security/cfs/files/cfsd.in
+++ b/security/cfs/files/cfsd.in
@ -0,0 +1,49 @@
+#!/bin/sh
+#
+# $FreeBSD$
+#
+# PROVIDE: cfsd
+# REQUIRE: mountd
+#
+# Add the following line to /etc/rc.conf to enable cfsd:
+#
+# cfsd_enable=YES
+#
+# Additional options:
+#
+# cfsd_port=3049		# the port to listen to
+# cfsd_mountpoint=/crypt	# the CFS mountpoint
+#
+
+. /etc/rc.subr
+
+name=cfsd
+rcvar=cfsd_enable
+
+load_rc_config $name
+
+: ${cfsd_enable=no}
+: ${cfsd_port=3049}
+: ${cfsd_mountpoint=/crypt}
+
+command=%%PREFIX%%/sbin/cfsd
+command_args="$cfsd_port > /dev/null 2>&1"
+required_dirs="%%CFSD_BOOTSTRAP%% $cfsd_mountpoint"
+start_postcmd=cfsd_poststart
+stop_precmd=cfsd_prestop
+
+cfsd_poststart()
+{
+	if [ -n "$cfsd_mountpoint" ]; then
+		mount -o port="$cfsd_port",mntudp,nfsv2 localhost:%%CFSD_BOOTSTRAP%% "$cfsd_mountpoint"
+	fi
+}
+
+cfsd_prestop()
+{
+	if [ -n "$cfsd_mountpoint" ]; then
+		umount "$cfsd_mountpoint"
+	fi
+}
+
+run_rc_command $1
--- a/security/cfs/files/pkg-message.in
+++ b/security/cfs/files/pkg-message.in
@ -0,0 +1,22 @@
+===============================================================================
+Quick start instructions:
+
+  - add the following entry to /etc/exports:
+
+    %%CFSD_BOOTSTRAP%% localhost
+
+  - create the default CFS mountpoint (if you want to use a different
+    mountpoint, set the cfsd_mountpoint variable in /etc/rc.conf):
+
+    # mkdir /crypt
+
+  - enable rpcbind, mountd and cfsd in /etc/rc.conf:
+
+      cfsd_enable="YES"
+      mountd_enable="YES"
+
+  - start mountd and cfsd, or restart:
+
+    # service mountd start
+    # service cfsd start
+===============================================================================
--- a/security/cfs/pkg-descr
+++ b/security/cfs/pkg-descr
@ -0,0 +1,11 @@
+This is CFS, Matt Blaze's Cryptographic File System.  It provides
+transparent encryption and decryption of selected directory trees.
+It is implemented as a user-level NFS server and thus does not
+require any kernel modifications.
+
+For an overview of how to use it, read "${PREFIX}/share/doc/cfs/notes.ms"
+and the manual pages.  There is a paper describing CFS at:
+
+    http://www.crypto.com/papers/cfs.pdf
+
+WWW: http://www.bayofrum.net/cgi-bin/fossil/cfs/
--- a/security/cfs/pkg-plist
+++ b/security/cfs/pkg-plist
@ -0,0 +1,13 @@
+bin/cattach
+bin/cdetach
+bin/cmkdir
+bin/cpasswd
+bin/cfssh
+sbin/ccat
+sbin/cfsd
+sbin/cname
+share/doc/cfs/README.install
+share/doc/cfs/notes.ms
+@exec install -d -o root -g wheel -m 0 %%CFSD_BOOTSTRAP%% 2>/dev/null || true
+@unexec rmdir %%CFSD_BOOTSTRAP%% 2>/dev/null || true
+@dirrm share/doc/cfs