Package: rssh / 2.3.2-13squeeze3
Metadata
Package | Version | Patches format |
---|---|---|
rssh | 2.3.2-13squeeze3 | 3.0 (quilt) |
Patch series
view the series filePatch | File delta | Description |
---|---|---|
fixes/config parse fatal.diff p1 | (download) |
main.c.in |
1 1 + 0 - 0 ! |
[patch] abort if config file could not be parsed Previously, if the configuration could not be parsed, rssh would continue on with its defaults. This meant that if there were an error in a per-user configuration line, the global options would be applied, even if they shouldn't be for that user. Instead, exit after any failure to parse the configuration, turning a syntactically invalid configuration file into a fatal error for all users. This is safer and makes it more likely that the problem will be corrected and not lead to unintended consequences. Signed-off-by: Russ Allbery <rra@debian.org> |
fixes/fail logging.diff p1 | (download) |
util.c |
2 1 + 1 - 0 ! |
[patch] fix allocation of buffer for fail log message The failure log message when the user isn't permitted to run the command they're attempting includes a summary of the commands the user is allowed to run. The allocation for that string was not reserving space for the nul byte at the end of the string, causing a one-byte overwrite past the end of the string. Signed-off-by: Russ Allbery <rra@debian.org> |
fixes/info to debug.diff p1 | (download) |
rsshconf.c |
20 10 + 10 - 0 ! |
[patch] lower priority of syslog messages to debug Lower priority of all of the routine syslog messages from info to debug to cut down on log noise. Signed-off-by: Russ Allbery <rra@stanford.edu> |
fixes/man page hyphen.diff p1 | (download) |
rssh.1 |
6 3 + 3 - 0 ! |
[patch] command-line switches in man pages should be minuses Hyphens used for command-line switches in manual pages should be minus signs, not hyphens. Signed-off-by: Russ Allbery <rra@stanford.edu> |
fixes/man page spelling.diff p1 | (download) |
rssh.1 |
2 1 + 1 - 0 ! |
[patch] fix spelling errors in manual pages Fix spelling errors such as seperate for separate. Signed-off-by: Russ Allbery <rra@debian.org> |
fixes/missing config.diff p1 | (download) |
rsshconf.c |
9 6 + 3 - 0 ! |
[patch] avoid segfault on missingn configuration file Avoid a segfault when logging is disabled and the configuration file doesn't exist. Thanks, Thomas Liske. Debian Bug#458563 Signed-off-by: Russ Allbery <rra@stanford.edu> |
fixes/mkchroot.diff p1 | (download) |
mkchroot.sh |
84 61 + 23 - 0 ! |
[patch] fixes and improvements to mkchroot.sh Debian wants libnss_compat* in addition to libnss_files* for UID lookups to work properly, and doesn't have a libnss1_files*. Create the /dev/null device in the chroot, needed by sftp-server. Create the /dev/log device in the chroot, for one less step. Update the code to copy over libraries to be able to parse the new output from ldd. Update file paths for Debian. Add better error handling. Warn that /etc/passwd is being copied into the chroot jail and that the user may wish to edit out some users and remove any sensitive information. (Debian Bug#366655) Thanks to proctor mcduff for his contributions. Signed-off-by: Russ Allbery <rra@stanford.edu> |
fixes/command line checking.diff | (download) |
main.c.in |
6 4 + 2 - 0 ! |
[patch] fix command line security parsing Henrik Erkkonen has discovered that, through clever manipulation of environment variables on the ssh command line, it is possible to circumvent rssh. This patch would constitute the upstream 2.3.4 release if upstream had a chance to make a new release. Signed-off-by: Russ Allbery <rra@debian.org> |
fixes/command line error.diff p1 | (download) |
util.c |
2 1 + 1 - 0 ! |
[patch] fix error message from invalid options Don't refer to all invalid options as invalid scp options. Signed-off-by: Russ Allbery <rra@debian.org> |
fixes/rsync protocol.diff p1 | (download) |
util.c |
80 73 + 7 - 0 ! |
[patch] handle the rsync v3 -e option for protocol information As of rsync 3, rsync reused the -e option to pass protocol information from the client to the server. We therefore cannot reject all -e options to rsync, only ones not sent with --server or containing something other than protocol information as an argument. Also scan the rsync command line for any --rsh option and reject it as well. This replaces and improves the upstream strategy for rejecting that command-line option, taking advantage of the parsing added to check the -e option. Based on work by Robert Hardy. Debian Bug#471803 Signed-off-by: Russ Allbery <rra@stanford.edu> |
features/subversion.diff | (download) |
conf_convert |
48 48 + 0 - 0 ! |
[patch] add support for subversion (svnserve) Adds support for svn access via svnserve. This adds an additional field to the bitmask in /etc/rssh.conf that's used to control Subversion access. Users authorized to run svnserve may run only svnserve -t exactly. Patch from Davide Scola <davide.scola@gmail.com> Debian Bug#284756 Signed-off-by: Russ Allbery <rra@stanford.edu> |