rssh: remove

Upstream has not made any releases since 2012 and there are several
known CVEs.

The derivation has been marked broken in nixpkgs since March 2019.
This commit is contained in:
Daniël de Kok 2020-08-25 08:42:55 +02:00
parent c05d71527c
commit 7cbeb32381
4 changed files with 1 additions and 111 deletions

View File

@ -1,97 +0,0 @@
# CAVEATS:
# - Have only tested this with rsync, scp, and sftp. cvs support should work, but chroot integration is unlikely to function without further work
# - It is compiled without rdist support because rdist is ludicrously ancient (and not already in nixpkgs)
{ stdenv, fetchurl, openssh, rsync, cvs }:
stdenv.mkDerivation rec {
pname = "rssh";
version = "2.3.4";
src = fetchurl {
url = "mirror://sourceforge/rssh/rssh/${version}/${pname}-${version}.tar.gz";
sha256 = "f30c6a760918a0ed39cf9e49a49a76cb309d7ef1c25a66e77a41e2b1d0b40cd9";
};
patches = [
./fix-config-path.patch
# Patches from AUR
(fetchurl {
url = "https://aur.archlinux.org/cgit/aur.git/plain/0001-fail-logging.patch?h=rssh";
name = "0001-fail-logging.patch";
sha256 = "d30f2f4fdb1b57f94773f5b0968a4da3356b14a040efe69ec1e976c615035c65";
})
(fetchurl {
url = "https://aur.archlinux.org/cgit/aur.git/plain/0002-info-to-debug.patch?h=rssh";
name = "0002-info-to-debug.patch";
sha256 = "86f6ecf34f62415b0d6204d4cbebc47322dc2ec71732d06aa27758e35d688fcd";
})
(fetchurl {
url = "https://aur.archlinux.org/cgit/aur.git/plain/0003-man-page-spelling.patch?h=rssh";
name = "0003-man-page-spelling.patch";
sha256 = "455b3bbccddf1493999d00c2cd46e62930ef4fd8211e0b7d3a89d8010d6a5431";
})
(fetchurl {
url = "https://aur.archlinux.org/cgit/aur.git/plain/0004-mkchroot.patch?h=rssh";
name = "0004-mkchroot.patch";
sha256 = "f7fd8723d2aa94e64e037c13c2f263a52104af680ab52bfcaea73dfa836457c2";
})
(fetchurl {
url = "https://aur.archlinux.org/cgit/aur.git/plain/0005-mkchroot-arch.patch?h=rssh";
name = "0005-mkchroot-arch.patch";
sha256 = "ac8894c4087a063ae8267d2fdfcde69c2fe6b67a8ff5917e4518b8f73f08ba3f";
})
(fetchurl {
url = "https://aur.archlinux.org/cgit/aur.git/plain/0006-mkchroot-symlink.patch?h=rssh";
name = "0006-mkchroot-symlink.patch";
sha256 = "bce98728cb9b55c92182d4901c5f9adf49376a07c5603514b0004e3d1c85e9c7";
})
(fetchurl {
url = "https://aur.archlinux.org/cgit/aur.git/plain/0007-destdir.patch?h=rssh";
name = "0007-destdir.patch";
sha256 = "7fa03644f81dc37d77cc7e2cad994f17f91b2b8a49b1a74e41030a4ac764385e";
})
(fetchurl {
url = "https://aur.archlinux.org/cgit/aur.git/plain/0008-rsync-protocol.patch?h=rssh";
name = "0008-rsync-protocol.patch";
sha256 = "0c772afe9088eeded129ead86775ef18e58c318bbc58fc3e2585e7ff09cc5e91";
})
];
# Run this after to avoid conflict with patches above
postPatch = ''
sed -i '/chmod u+s/d' Makefile.in
'';
buildInputs = [ openssh rsync cvs ];
configureFlags = [
"--with-sftp-server=${openssh}/libexec/sftp-server"
"--with-scp=${openssh}/bin/scp"
"--with-rsync=${rsync}/bin/rsync"
"--with-cvs=${cvs}/bin/cvs"
];
meta = with stdenv.lib; {
description = "A restricted shell for use with OpenSSH, allowing only scp and/or sftp";
longDescription = ''
rssh also includes support for rsync and cvs. For example, if you have a server which you only want to allow users to copy files off of via scp, without providing shell access, you can use rssh to do that.
'';
homepage = "http://www.pizzashack.org/rssh/";
license = licenses.bsd2;
platforms = platforms.linux;
maintainers = with maintainers; [ arobyn ];
knownVulnerabilities = [
"CVE-2019-1000018"
"CVE-2019-3463"
"CVE-2019-3464"
];
};
passthru = {
shellPath = "/bin/rssh";
};
}

View File

@ -1,12 +0,0 @@
diff -Naur rssh-2.3.4/Makefile.in rssh-2.3.4-fixed/Makefile.in
--- rssh-2.3.4/Makefile.in 2012-11-27 11:19:34.000000000 +1100
+++ rssh-2.3.4-fixed/Makefile.in 2015-11-11 21:13:58.516651742 +1100
@@ -186,7 +186,7 @@
sysconfdir = @sysconfdir@
target_alias = @target_alias@
AUTOMAKE_OPTIONS = nostdinc
-ourdefs = -DPATH_RSSH_CONFIG=\"@sysconfdir@/rssh.conf\" -DPATH_CHROOT_HELPER=\"@libexecdir@/rssh_chroot_helper\"
+ourdefs = -DPATH_RSSH_CONFIG=\"/etc/rssh.conf\" -DPATH_CHROOT_HELPER=\"@libexecdir@/rssh_chroot_helper\"
ourflags = @defcflags@ @static@
AM_CFLAGS = $(ourflags)
nodist_rssh_SOURCES = main.c pathnames.h config.h

View File

@ -467,6 +467,7 @@ mapAliases ({
robomongo = robo3t; #added 2017-09-28
rocm-runtime-ext = throw "rocm-runtime-ext has been removed, since its functionality was added to rocm-runtime"; #added 2020-08-21
rssglx = rss-glx; #added 2015-03-25
rssh = throw "rssh has been removed from nixpkgs: no upstream releases since 2012, several known CVEs"; # added 2020-08-25
recordmydesktop = throw "recordmydesktop has been removed from nixpkgs, as it's unmaintained and uses deprecated libraries"; # added 2019-12-10
gtk-recordmydesktop = throw "gtk-recordmydesktop has been removed from nixpkgs, as it's unmaintained and uses deprecated libraries"; # added 2019-12-10
qt-recordmydesktop = throw "qt-recordmydesktop has been removed from nixpkgs, as it's abandoned and uses deprecated libraries"; # added 2019-12-10

View File

@ -8259,8 +8259,6 @@ in
tcsh = callPackage ../shells/tcsh { };
rssh = callPackage ../shells/rssh { };
rush = callPackage ../shells/rush { };
xonsh = callPackage ../shells/xonsh { };