From umq@ueo.co.jp  Mon Feb 20 14:13:19 2006
Return-Path: <umq@ueo.co.jp>
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 5F1C316A420
	for <FreeBSD-gnats-submit@freebsd.org>; Mon, 20 Feb 2006 14:13:19 +0000 (GMT)
	(envelope-from umq@ueo.co.jp)
Received: from mvs2.plala.or.jp (c158130.vh.plala.or.jp [210.150.158.130])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 87A7F43D48
	for <FreeBSD-gnats-submit@freebsd.org>; Mon, 20 Feb 2006 14:13:17 +0000 (GMT)
	(envelope-from umq@ueo.co.jp)
Received: from eupheme.kaumoge.org ([58.95.93.247]) by mvs2.plala.or.jp
          with ESMTP
          id <20060220141316.HXVW16182.mvs2.plala.or.jp@eupheme.kaumoge.org>
          for <FreeBSD-gnats-submit@freebsd.org>;
          Mon, 20 Feb 2006 23:13:16 +0900
Received: from calliope.kaumoge.org (calliope.kaumoge.org [192.168.233.120])
	by eupheme.kaumoge.org (8.12.11/8.12.11/20030713) with ESMTP id k1KEDbAJ097549
	for <FreeBSD-gnats-submit@freebsd.org>; Mon, 20 Feb 2006 23:13:38 +0900 (JST)
	(envelope-from umq@ueo.co.jp)
Message-Id: <863bie5dac.wl%umq@ueo.co.jp>
Date: Mon, 20 Feb 2006 23:13:15 +0900
From: Hirohisa Yamaguchi <umq@ueo.co.jp>
Reply-To: Hirohisa Yamaguchi <umq@ueo.co.jp>
To: FreeBSD-gnats-submit@freebsd.org
Subject: [update] shells/rssh update to 2.3.2 fixes root compromise bug
X-Send-Pr-Version: 3.113

>Number:         93594
>Category:       ports
>Synopsis:       [update] shells/rssh update to 2.3.2 fixes root compromise bug
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    freebsd-ports-bugs
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          change-request
>Submitter-Id:   current-users
>Arrival-Date:   Mon Feb 20 14:20:13 GMT 2006
>Closed-Date:    Mon Mar 13 01:45:05 GMT 2006
>Last-Modified:  Mon Mar 13 01:50:30 GMT 2006
>Originator:     Hirohisa Yamaguchi
>Release:        FreeBSD 7.0-CURRENT amd64
>Organization:
<organization of PR author (multiple lines)>
>Environment:
System: FreeBSD calliope.****.org 7.0-CURRENT FreeBSD 7.0-CURRENT #0: Thu Jan 26 11:28:00 JST 2006 root@calliope.****.org:/usr/obj/usr/src/sys/CALLIOPE64 amd64
>Description:
	The root compromise bug in rssh, reported as CVE-2005-3345, has been fixed in the new version 2.3.2.
	Please remove FORBIDDEN tag.

	CVE-2005-3345: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3345
	Release News: http://www.pizzashack.org/rssh/index.shtml
>How-To-Repeat:
>Fix:

	the patch follows

diff -rpu ports/orig/shells/rssh/Makefile ports/shells/rssh/Makefile
--- ports/orig/shells/rssh/Makefile	Fri Feb 17 00:10:24 2006
+++ ports/shells/rssh/Makefile	Mon Feb 20 23:02:31 2006
@@ -6,15 +6,13 @@
 #
 
 PORTNAME=	rssh
-PORTVERSION=	2.2.3
+PORTVERSION=	2.3.2
 CATEGORIES=	shells security
 MASTER_SITES=	${MASTER_SITE_SOURCEFORGE}
 MASTER_SITE_SUBDIR=	${PORTNAME}
 
 MAINTAINER=	enigmatyc@laposte.net
 COMMENT=	A Restricted Secure SHell only for sftp or/and scp
-
-FORBIDDEN=	http://vuxml.FreeBSD.org/e34d0c2e-9efb-11da-b410-000e0c2e438a.html
 
 GNU_CONFIGURE=	yes
 USE_REINPLACE=	yes
diff -rpu ports/orig/shells/rssh/distinfo ports/shells/rssh/distinfo
--- ports/orig/shells/rssh/distinfo	Tue Jan 24 10:04:18 2006
+++ ports/shells/rssh/distinfo	Mon Feb 20 22:54:30 2006
@@ -1,3 +1,3 @@
-MD5 (rssh-2.2.3.tar.gz) = 74f40a4fd5d2b097af34a817e21a33cf
-SHA256 (rssh-2.2.3.tar.gz) = 2a6bd0924cbd691c90ac3f6d4504cf184b381688c52fbe6efe3f0bdea39a1e1e
-SIZE (rssh-2.2.3.tar.gz) = 107216
+MD5 (rssh-2.3.2.tar.gz) = 65712f2c06ff5fc6fc783bc8c2e4e1ba
+SHA256 (rssh-2.3.2.tar.gz) = 8569a07dd96c8f70d0310186b37bbb2e8e591807ac1d1bd0990c02bfd467ba57
+SIZE (rssh-2.3.2.tar.gz) = 113959
>Release-Note:
>Audit-Trail:
State-Changed-From-To: open->feedback 
State-Changed-By: edwin 
State-Changed-When: Mon Feb 20 14:28:12 UTC 2006 
State-Changed-Why:  
Awaiting maintainers feedback 

http://www.freebsd.org/cgi/query-pr.cgi?pr=93594 
State-Changed-From-To: feedback->closed 
State-Changed-By: edwin 
State-Changed-When: Mon Mar 13 01:44:48 UTC 2006 
State-Changed-Why:  
Closed on Hirohisa Yamaguchi <umq@ueo.co.jp>s request. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=93594 

From: Hirohisa Yamaguchi <umq@ueo.co.jp>
To: edwin@FreeBSD.org
Cc: bug-followup@FreeBSD.org
Subject: Re: ports/93594: [update] shells/rssh update to 2.3.2 fixes root compromise bug
Date: Mon, 13 Mar 2006 10:41:09 +0900

 At Mon, 20 Feb 2006 14:28:12 GMT,
 Edwin Groothuis wrote:
 > State-Changed-From-To: open->feedback
 > Awaiting maintainers feedback
 
 > http://www.freebsd.org/cgi/query-pr.cgi?pr=93594
 
 as ports/94255 has been comitted, would you please close this one?
 
>Unformatted:
