Differential D19474

shells/rssh: Apply fixes for basename(3) handling and some security issues
ClosedPublic
Actions

Authored by kai on Mar 5 2019, 10:34 PM.

Details

Reviewers

miwi
tcberner
joneum

Commits

rP494951: MFH: r494837
rP494837: shells/rssh: Apply fixes for basename(3) handling and some security issues

Summary

Apply fixes for the handling of basename(3) that has been changed to be POSIX compliant in r308264. Without those fixes rssh crashes always with signal 11 upon invocation in FreeBSD 12 and later. [1] [2]

Also add patches [3] for recently discovered security issues:
- CVE-2019-1000018
- CVE-2019-3463
- CVE-2019-3464

PR: 235121
Submitted by: topical@gmx.net (former version), Jason Harris [2]
Security: d193aa9f-3f8c-11e9-9a24-6805ca0b38e8
MFH: 2019Q1
Obtained from: Debian [3]
Approved by: (one of the mentors)

Test Plan

poudriere (11.2-, 12.0-RELEASE, 13.0-CURRENT@r344648 amd64 + i386) -> OK
portlint -> Skipped (only bumped PORTREVISION and added new patches)
Runtime tests -> OK

shells/rssh has been officially abandoned by upstream and even the maintainer of the Debian package will pull the plug for the next stable release of Debian. So I think it would make sense to deprecate the port as well. I'm still waiting for some feedback of the maintainer.