From 7cbeb32381f2c01d2e0ec0d1e36022dae653799c Mon Sep 17 00:00:00 2001 From: Daniƫl de Kok Date: Tue, 25 Aug 2020 08:42:55 +0200 Subject: rssh: remove Upstream has not made any releases since 2012 and there are several known CVEs. The derivation has been marked broken in nixpkgs since March 2019. --- pkgs/shells/rssh/default.nix | 97 ---------------------------------- pkgs/shells/rssh/fix-config-path.patch | 12 ----- pkgs/top-level/aliases.nix | 1 + pkgs/top-level/all-packages.nix | 2 - 4 files changed, 1 insertion(+), 111 deletions(-) delete mode 100644 pkgs/shells/rssh/default.nix delete mode 100644 pkgs/shells/rssh/fix-config-path.patch (limited to 'pkgs') diff --git a/pkgs/shells/rssh/default.nix b/pkgs/shells/rssh/default.nix deleted file mode 100644 index b2bec51a95edd..0000000000000 --- a/pkgs/shells/rssh/default.nix +++ /dev/null @@ -1,97 +0,0 @@ -# CAVEATS: -# - Have only tested this with rsync, scp, and sftp. cvs support should work, but chroot integration is unlikely to function without further work -# - It is compiled without rdist support because rdist is ludicrously ancient (and not already in nixpkgs) - -{ stdenv, fetchurl, openssh, rsync, cvs }: - -stdenv.mkDerivation rec { - pname = "rssh"; - version = "2.3.4"; - - src = fetchurl { - url = "mirror://sourceforge/rssh/rssh/${version}/${pname}-${version}.tar.gz"; - sha256 = "f30c6a760918a0ed39cf9e49a49a76cb309d7ef1c25a66e77a41e2b1d0b40cd9"; - }; - - patches = [ - ./fix-config-path.patch - - # Patches from AUR - (fetchurl { - url = "https://aur.archlinux.org/cgit/aur.git/plain/0001-fail-logging.patch?h=rssh"; - name = "0001-fail-logging.patch"; - sha256 = "d30f2f4fdb1b57f94773f5b0968a4da3356b14a040efe69ec1e976c615035c65"; - }) - (fetchurl { - url = "https://aur.archlinux.org/cgit/aur.git/plain/0002-info-to-debug.patch?h=rssh"; - name = "0002-info-to-debug.patch"; - sha256 = "86f6ecf34f62415b0d6204d4cbebc47322dc2ec71732d06aa27758e35d688fcd"; - }) - (fetchurl { - url = "https://aur.archlinux.org/cgit/aur.git/plain/0003-man-page-spelling.patch?h=rssh"; - name = "0003-man-page-spelling.patch"; - sha256 = "455b3bbccddf1493999d00c2cd46e62930ef4fd8211e0b7d3a89d8010d6a5431"; - }) - (fetchurl { - url = "https://aur.archlinux.org/cgit/aur.git/plain/0004-mkchroot.patch?h=rssh"; - name = "0004-mkchroot.patch"; - sha256 = "f7fd8723d2aa94e64e037c13c2f263a52104af680ab52bfcaea73dfa836457c2"; - }) - (fetchurl { - url = "https://aur.archlinux.org/cgit/aur.git/plain/0005-mkchroot-arch.patch?h=rssh"; - name = "0005-mkchroot-arch.patch"; - sha256 = "ac8894c4087a063ae8267d2fdfcde69c2fe6b67a8ff5917e4518b8f73f08ba3f"; - }) - (fetchurl { - url = "https://aur.archlinux.org/cgit/aur.git/plain/0006-mkchroot-symlink.patch?h=rssh"; - name = "0006-mkchroot-symlink.patch"; - sha256 = "bce98728cb9b55c92182d4901c5f9adf49376a07c5603514b0004e3d1c85e9c7"; - }) - (fetchurl { - url = "https://aur.archlinux.org/cgit/aur.git/plain/0007-destdir.patch?h=rssh"; - name = "0007-destdir.patch"; - sha256 = "7fa03644f81dc37d77cc7e2cad994f17f91b2b8a49b1a74e41030a4ac764385e"; - }) - (fetchurl { - url = "https://aur.archlinux.org/cgit/aur.git/plain/0008-rsync-protocol.patch?h=rssh"; - name = "0008-rsync-protocol.patch"; - sha256 = "0c772afe9088eeded129ead86775ef18e58c318bbc58fc3e2585e7ff09cc5e91"; - }) - ]; - - # Run this after to avoid conflict with patches above - postPatch = '' - sed -i '/chmod u+s/d' Makefile.in - ''; - - - buildInputs = [ openssh rsync cvs ]; - - configureFlags = [ - "--with-sftp-server=${openssh}/libexec/sftp-server" - "--with-scp=${openssh}/bin/scp" - "--with-rsync=${rsync}/bin/rsync" - "--with-cvs=${cvs}/bin/cvs" - ]; - - - meta = with stdenv.lib; { - description = "A restricted shell for use with OpenSSH, allowing only scp and/or sftp"; - longDescription = '' - rssh also includes support for rsync and cvs. For example, if you have a server which you only want to allow users to copy files off of via scp, without providing shell access, you can use rssh to do that. - ''; - homepage = "http://www.pizzashack.org/rssh/"; - license = licenses.bsd2; - platforms = platforms.linux; - maintainers = with maintainers; [ arobyn ]; - knownVulnerabilities = [ - "CVE-2019-1000018" - "CVE-2019-3463" - "CVE-2019-3464" - ]; - }; - - passthru = { - shellPath = "/bin/rssh"; - }; -} diff --git a/pkgs/shells/rssh/fix-config-path.patch b/pkgs/shells/rssh/fix-config-path.patch deleted file mode 100644 index eecffb376ab32..0000000000000 --- a/pkgs/shells/rssh/fix-config-path.patch +++ /dev/null @@ -1,12 +0,0 @@ -diff -Naur rssh-2.3.4/Makefile.in rssh-2.3.4-fixed/Makefile.in ---- rssh-2.3.4/Makefile.in 2012-11-27 11:19:34.000000000 +1100 -+++ rssh-2.3.4-fixed/Makefile.in 2015-11-11 21:13:58.516651742 +1100 -@@ -186,7 +186,7 @@ - sysconfdir = @sysconfdir@ - target_alias = @target_alias@ - AUTOMAKE_OPTIONS = nostdinc --ourdefs = -DPATH_RSSH_CONFIG=\"@sysconfdir@/rssh.conf\" -DPATH_CHROOT_HELPER=\"@libexecdir@/rssh_chroot_helper\" -+ourdefs = -DPATH_RSSH_CONFIG=\"/etc/rssh.conf\" -DPATH_CHROOT_HELPER=\"@libexecdir@/rssh_chroot_helper\" - ourflags = @defcflags@ @static@ - AM_CFLAGS = $(ourflags) - nodist_rssh_SOURCES = main.c pathnames.h config.h diff --git a/pkgs/top-level/aliases.nix b/pkgs/top-level/aliases.nix index 54c8948f4a58c..006985df95d72 100644 --- a/pkgs/top-level/aliases.nix +++ b/pkgs/top-level/aliases.nix @@ -467,6 +467,7 @@ mapAliases ({ robomongo = robo3t; #added 2017-09-28 rocm-runtime-ext = throw "rocm-runtime-ext has been removed, since its functionality was added to rocm-runtime"; #added 2020-08-21 rssglx = rss-glx; #added 2015-03-25 + rssh = throw "rssh has been removed from nixpkgs: no upstream releases since 2012, several known CVEs"; # added 2020-08-25 recordmydesktop = throw "recordmydesktop has been removed from nixpkgs, as it's unmaintained and uses deprecated libraries"; # added 2019-12-10 gtk-recordmydesktop = throw "gtk-recordmydesktop has been removed from nixpkgs, as it's unmaintained and uses deprecated libraries"; # added 2019-12-10 qt-recordmydesktop = throw "qt-recordmydesktop has been removed from nixpkgs, as it's abandoned and uses deprecated libraries"; # added 2019-12-10 diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index 57b7f43be42fe..fa0a5ae5b2c7f 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -8259,8 +8259,6 @@ in tcsh = callPackage ../shells/tcsh { }; - rssh = callPackage ../shells/rssh { }; - rush = callPackage ../shells/rush { }; xonsh = callPackage ../shells/xonsh { }; -- cgit 1.4.1