Change log for rssh package in Ubuntu
| 1 → 46 of 46 results | First • Previous • Next • Last |
rssh (2.3.4-8ubuntu0.2) cosmic-security; urgency=medium
* SECURITY UPDATE: Command injection
- debian/patches/0009-Verify-scp-command-options.patch: Validate
the allowed scp command line and only permit the flags used in
server mode and only a single argument, to attempt to prevent use
of ssh options to run arbitrary code on the server. This will
break scp -3 to a system running rssh, which seems like an
acceptable loss. (LP #1815935)
- debian/patches/0007-Verify-rsync-command-options.patch: Tighten
validation of the rsync command line to require --server be the
first argument, which should prevent initiation of an outbound rsync
command from the server, which in turn might allow execution of
arbitrary code via ssh configuration similar to scp.
Also reject rsync --daemon and --config command-line options, which
can be used to run arbitrary commands. Thanks, Nick Cleaton.
Do not stop checking the rsync command line at --, since this can
be an argument to some other option and later arguments may still
be interpreted as options. In the few cases where one needs to
rsync to files named things like --rsh, the client can use ./--rsh
instead. Thanks, Nick Cleaton.
- debian/patches/0010-Check-command-line-after-chroot.patch: Unset
the HOME environment variable when running rsync to prevent popt
(against which rsync is linked) from loading a ~/.popt
configuration file, which can run arbitrary commands on the server
or redefine command-line options to bypass argument checking.
Thanks, Nick Cleaton.
- CVE-2019-1000018
- CVE-2019-3463
- CVE-2019-3464
-- Mike Salvatore <email address hidden> Wed, 10 Apr 2019 13:23:31 -0400
Available diffs
rssh (2.3.4-4+deb8u2ubuntu0.14.04.2) trusty-security; urgency=medium
* SECURITY REGRESSION: The previous security regression released in
2.3.4-4+deb8u2ubuntu0.14.04.1 did not resolve all of the regressions
caused by 2.3.4-4+deb8u2ubuntu0.14.04.1. This fix adds support for
the '-pf' and '-pt' variants of the command line options.
(LP: 1815741)
-- Mike Salvatore <email address hidden> Wed, 10 Apr 2019 12:44:43 -0400
Available diffs
rssh (2.3.4-4+deb8u2ubuntu0.16.04.2) xenial-security; urgency=medium
* SECURITY REGRESSION: The previous security regression released in
2.3.4-4+deb8u2ubuntu0.14.04.1 did not resolve all of the regressions
caused by 2.3.4-4+deb8u2ubuntu0.14.04.1. This fix adds support for
the '-pf' and '-pt' variants of the command line options.
(LP: 1815741)
-- Mike Salvatore <email address hidden> Wed, 10 Apr 2019 13:01:45 -0400
Available diffs
rssh (2.3.4-7ubuntu0.1) bionic-security; urgency=medium
* SECURITY UPDATE: Command injection
- debian/patches/0009-Verify-scp-command-options.patch: Validate
the allowed scp command line and only permit the flags used in
server mode and only a single argument, to attempt to prevent use
of ssh options to run arbitrary code on the server. This will
break scp -3 to a system running rssh, which seems like an
acceptable loss. (LP #1815935)
- debian/patches/0007-Verify-rsync-command-options.patch: Tighten
validation of the rsync command line to require --server be the
first argument, which should prevent initiation of an outbound rsync
command from the server, which in turn might allow execution of
arbitrary code via ssh configuration similar to scp.
Also reject rsync --daemon and --config command-line options, which
can be used to run arbitrary commands. Thanks, Nick Cleaton.
Do not stop checking the rsync command line at --, since this can
be an argument to some other option and later arguments may still
be interpreted as options. In the few cases where one needs to
rsync to files named things like --rsh, the client can use ./--rsh
instead. Thanks, Nick Cleaton.
- debian/patches/0010-Check-command-line-after-chroot.patch: Unset
the HOME environment variable when running rsync to prevent popt
(against which rsync is linked) from loading a ~/.popt
configuration file, which can run arbitrary commands on the server
or redefine command-line options to bypass argument checking.
Thanks, Nick Cleaton.
- CVE-2019-1000018
- CVE-2019-3463
- CVE-2019-3464
-- Mike Salvatore <email address hidden> Wed, 10 Apr 2019 13:23:31 -0400
Available diffs
| Deleted in disco-release (Reason: (From Debian) ROM; orphaned upstream, flawed security mod...) |
| Deleted in disco-proposed (Reason: moved to release) |
rssh (2.3.4-12) unstable; urgency=high
* The fix for the scp security vulnerability in 2.3.4-9 combined with
the regression fix in 2.3.4-10 rejected the -pf and -pt options, which
are sent by libssh2's scp support. Add support for those variants.
(LP #1815935)
-- Russ Allbery <email address hidden> Mon, 18 Feb 2019 18:58:27 -0800
Available diffs
- diff from 2.3.4-11 to 2.3.4-12 (992 bytes)
rssh (2.3.4-4+deb8u2ubuntu0.16.04.1) xenial-security; urgency=medium
* SECURITY REGRESSION: The fix for the scp security vulneraability
in 2.3.4-4+deb8u2build0.16.04.1 introduced a regression that
blocked scp of multiple files from a server using rssh. Based on
further analysis of scp's command-line parsing, relax the check
to require the server command contain -f or -t, which should
deactivate scp's support for remote files. (Closes: #921655)
- Merged from Debian, thanks to Russ Allbery for the patch.
-- Steve Beattie <email address hidden> Mon, 11 Feb 2019 16:46:53 -0800
rssh (2.3.4-4+deb8u2ubuntu0.14.04.1) trusty-security; urgency=medium
* SECURITY REGRESSION: The fix for the scp security vulnerability
in 2.3.4-4+deb8u2build0.14.04.1 introduced a regression that
blocked scp of multiple files from a server using rssh. Based on
further analysis of scp's command-line parsing, relax the check
to require the server command contain -f or -t, which should
deactivate scp's support for remote files. (Closes: #921655)
- Merged from Debian, thanks to Russ Allbery for the patch.
-- Steve Beattie <email address hidden> Mon, 11 Feb 2019 17:24:20 -0800
rssh (2.3.4-11) unstable; urgency=high
* The fix for the scp security vulneraability in 2.3.4-9 introduced a
regression that blocked scp of multiple files from a server using
rssh. Based on further analysis of scp's command-line parsing, relax
the check to require the server command contain -f or -t, which should
deactivate scp's support for remote files. (Closes: #921655)
-- Russ Allbery <email address hidden> Sun, 10 Feb 2019 11:17:28 -0800
Available diffs
- diff from 2.3.4-10 to 2.3.4-11 (1.7 KiB)
rssh (2.3.4-4+deb8u2build0.16.04.1) xenial-security; urgency=medium * fake sync from Debian
Available diffs
rssh (2.3.4-4+deb8u2build0.14.04.1) trusty-security; urgency=medium * fake sync from Debian
Available diffs
rssh (2.3.4-4+deb8u1build0.16.04.1) xenial-security; urgency=medium * fake sync from Debian
Available diffs
rssh (2.3.4-4+deb8u1build0.14.04.1) trusty-security; urgency=medium * fake sync from Debian
Available diffs
rssh (2.3.4-10) unstable; urgency=high
* Also reject rsync --daemon and --config command-line options, which
can be used to run arbitrary commands. Thanks, Nick Cleaton.
(CVE-2019-3463)
* Unset the HOME environment variable when running rsync to prevent popt
(against which rsync is linked) from loading a ~/.popt configuration
file, which can run arbitrary commands on the server or redefine
command-line options to bypass argument checking. Thanks, Nick
Cleaton. (CVE-2019-3463)
* Do not stop checking the rsync command line at --, since this can be
an argument to some other option and later arguments may still be
interpreted as options. In the few cases where one needs to rsync to
files named things like --rsh, the client can use ./--rsh instead.
Thanks, Nick Cleaton.
* Remove now-unused variables from the rsync validation patch.
-- Russ Allbery <email address hidden> Sat, 02 Feb 2019 10:59:47 -0800
Available diffs
- diff from 2.3.4-9 to 2.3.4-10 (4.1 KiB)
rssh (2.3.4-9) unstable; urgency=high
[ Russ Allbery ]
* Validate the allowed scp command line and only permit the flags used
in server mode and only a single argument, to attempt to prevent use
of ssh options to run arbitrary code on the server. This will break
scp -3 to a system running rssh, which seems like an acceptable loss.
(Closes: #919623, CVE-2019-1000018)
* Tighten validation of the rsync command line to require --server be
the first argument, which should prevent initiation of an outbound
rsync command from the server, which in turn might allow execution of
arbitrary code via ssh configuration similar to scp.
* Add validation of the server command line after chroot when chroot is
enabled. Prior to this change, dangerous argument filtering was not
done when chroot was configured, allowing remote code execution inside
the chroot in some configurations via the previous two bugs and via
the mechanisms in CVE-2012-2251 and CVE-2012-2252.
* Document that the cvs server-side dangerous option filtering is
probably insufficient and should not be considered secure.
* Remove ancient upgrade support in debian/postinst.
* Remove debian/source/options, which was forcing compression to xz (now
the default).
* Update to debhelper compatibility level V12.
* Update standards version to 4.3.0 (no changes required).
[ Ondřej Nový ]
* d/watch: Use https protocol
-- Russ Allbery <email address hidden> Mon, 28 Jan 2019 21:03:59 -0800
Available diffs
- diff from 2.3.4-8 to 2.3.4-9 (5.8 KiB)
| Superseded in disco-release |
| Obsolete in cosmic-release |
| Deleted in cosmic-proposed (Reason: moved to release) |
rssh (2.3.4-8) unstable; urgency=medium * Update Vcs-Git and Vcs-Browser for the move to salsa.debian.org. * Use https URL for copyright-format 1.0. * Update standards version to 4.1.4 (no changes required). -- Russ Allbery <email address hidden> Sun, 22 Apr 2018 10:58:03 -0700
Available diffs
- diff from 2.3.4-7 to 2.3.4-8 (828 bytes)
| Superseded in cosmic-release |
| Published in bionic-release |
| Deleted in bionic-proposed (Reason: moved to release) |
rssh (2.3.4-7) unstable; urgency=medium
* Change the specified mode of conf_convert in the Debian patch to be
0644, since dpkg doesn't support modes the way that Git does and will
ignore the mode anyway. This mismatch was breaking use of dgit for
this package.
-- Russ Allbery <email address hidden> Sat, 23 Dec 2017 20:13:24 -0800
Available diffs
- diff from 2.3.4-6 to 2.3.4-7 (543 bytes)
rssh (2.3.4-6) unstable; urgency=medium
* Add Rules-Requires-Root: no.
* Update to debhelper compatibility level V11.
- Remove now-useless build dependency on dh-autoreconf.
* Clean up trailing whitespace in debian/changelog.
* Update standards version to 4.1.2 (no changes required).
-- Russ Allbery <email address hidden> Sun, 17 Dec 2017 16:21:18 -0800
Available diffs
- diff from 2.3.4-5 to 2.3.4-6 (1.4 KiB)
| Superseded in bionic-release |
| Obsolete in artful-release |
| Obsolete in zesty-release |
| Deleted in zesty-proposed (Reason: moved to release) |
rssh (2.3.4-5) unstable; urgency=medium
* Enable all hardening flags.
* Fix another spelling error in the rssh man page, caught by Lintian.
* Translation updates:
- Indonesian, thanks Izharul Haq. (Closes: #835621)
* Switch to the DEP-14 branch layout and update debian/gbp.conf and
Vcs-Git accordingly.
* Run wrap-and-sort -ast on packaging files.
* Switch to https for Vcs-Git and Vcs-Browser URLs.
* Fix duplicate license clause in debian/copyright.
* Update standards version to 3.9.8 (no changes required).
-- Russ Allbery <email address hidden> Mon, 05 Sep 2016 15:39:58 -0700
Available diffs
- diff from 2.3.4-4 to 2.3.4-5 (3.7 KiB)
| Superseded in zesty-release |
| Obsolete in yakkety-release |
| Published in xenial-release |
| Obsolete in wily-release |
| Obsolete in vivid-release |
| Obsolete in utopic-release |
| Published in trusty-release |
| Deleted in trusty-proposed (Reason: moved to release) |
rssh (2.3.4-4) unstable; urgency=low
* Fix typo in the example mkchroot script that causes it to fail to
copy the libnss compat modules. Patch from Jeremy Jongepier.
(Closes: #729294)
* This package is now maintained using gbp pq from git-buildpackage.
Remove the TopGit glue and the obsolete README.source package and
rename the patches based on the export convention of gbp pq.
* Drop override to use xz compression for the binary package. This is
now the default in dpkg-buildpackage.
* Update standards version to 3.9.5 (no changes required).
* Translation updates:
- Portuguese (Brazilian), thanks Fernando Ike de Oliveira.
(Closes: #723148)
* Reformat translations with debconf-updatepo. Add some missing
Language fields and update the Report-Msgid-Bugs-To address.
-- Russ Allbery <email address hidden> Sat, 07 Dec 2013 19:18:35 -0800
Available diffs
- diff from 2.3.4-3 to 2.3.4-4 (26.5 KiB)
| Superseded in trusty-release |
| Obsolete in saucy-release |
| Deleted in saucy-proposed (Reason: moved to release) |
rssh (2.3.4-3) unstable; urgency=low
* Patch the upstream build system to honor CFLAGS and CPPFLAGS as passed
to configure. This fixes use of hardening flags during the build.
Thanks to Simon Ruderich for the patch. (Closes: #709941)
-- Russ Allbery <email address hidden> Tue, 28 May 2013 14:37:10 -0700
Available diffs
- diff from 2.3.4-2 to 2.3.4-3 (1.3 KiB)
rssh (2.3.4-2) unstable; urgency=low
* Upload to unstable.
* Fix implicit function declaration compiler warning from the svnserve
patch.
* Use xz compression for the Debian source and binary package.
* Canonicalize the Vcs-Git and Vcs-Browser control fields.
* Update standards version to 3.9.4 (no changes required).
-- Russ Allbery <email address hidden> Sat, 11 May 2013 17:09:30 -0700
Available diffs
- diff from 2.3.3-6 to 2.3.4-2 (82.8 KiB)
| Superseded in saucy-release |
| Obsolete in raring-release |
| Deleted in raring-proposed (Reason: moved to release) |
rssh (2.3.3-6) unstable; urgency=high
* Fix several flaws in validation of rsync options. Ensure --server
cannot be hidden from the server by putting it after -- or as the
argument to another option. Verify that the -e option's value matches
expectations rather than trying to look for invalid -e option values.
(CVE-2012-2251)
* Reject the rsync --rsh option even if it does not contain a trailing
equal sign. (CVE-2012-2252)
-- Russ Allbery <email address hidden> Thu, 22 Nov 2012 12:01:41 -0800
Available diffs
- diff from 2.3.3-5 to 2.3.3-6 (3.0 KiB)
rssh (2.3.2-13squeeze1build0.11.04.1) natty-security; urgency=low * fake sync from Debian
Available diffs
rssh (2.3.2-13build0.11.04.1) natty-security; urgency=low * fake sync from Debian -- Jamie Strandboge <email address hidden> Tue, 21 Aug 2012 12:12:10 -0500
Available diffs
rssh (2.3.3-5) unstable; urgency=medium
* Apply upstream patch to close security vulnerability that permitted
clever manipulation of environment variables on the ssh command line
to bypass rssh checking. (CVE-2012-3478)
-- Russ Allbery <email address hidden> Fri, 10 Aug 2012 22:14:34 -0700
Available diffs
- diff from 2.3.3-4 to 2.3.3-5 (5.3 KiB)
rssh (2.3.3-4) unstable; urgency=low
* Force libexecdir to /usr/lib/rssh. This is not a library package and
has no reason to be using the multiarch paths, but picked up the
modification to libexecdir as a side effect of the debhelper
compatibility level change. (Closes: #663011)
-- Russ Allbery <email address hidden> Wed, 07 Mar 2012 16:07:37 -0800
Available diffs
- diff from 2.3.3-1 (in Ubuntu) to 2.3.3-4 (3.5 KiB)
rssh (2.3.3-1) unstable; urgency=low
* New upstream release.
- Exit with non-zero status when fatal() is called.
- Merges Debian fixes/config-parse-fatal, fixes/man-page-hyphen, and
fixes/missing-config patches.
* In the example mkchroot script, also check for and copy over the
dependencies of any of the NSS libraries we copy over. This picks up
the libnsl library, which is now required. Print out a warning that
mkchroot doesn't copy over any of the libraries required for other
supporting programs (rsync, etc.), only those for scp and sftp.
(Closes: #611878)
* Update debian/copyright to the current DEP-5 format.
* Update to debhelper compatibility level V8.
* Update to standards version 3.9.1 (no changes required).
-- Ubuntu Archive Auto-Sync <email address hidden> Sat, 30 Apr 2011 13:40:22 +0000
Available diffs
- diff from 2.3.2-13 to 2.3.3-1 (82.0 KiB)
rssh (2.3.2-13) unstable; urgency=low
* When allocating the buffer to tell a locked-out user what commands are
supported, add an additional byte for the nul at the end of the
string. (Closes: #601145)
-- Ubuntu Archive Auto-Sync <email address hidden> Fri, 12 Nov 2010 10:56:44 +0000
Available diffs
- diff from 2.3.2-12 to 2.3.2-13 (1.0 KiB)
rssh (2.3.2-12) unstable; urgency=low
* If parsing the configuration file fails, abort with an error rather
than continuing on and applying the defaults, since the defaults may
be wrong for the current user. Patch from Jon Barber.
* Fix spelling error (seperate for separate) in rssh man page.
* Remove version from openssh-server dependency since it was older than
oldstable.
* Update standards version to 3.9.0 (no changes required).
-- Ubuntu Archive Auto-Sync <email address hidden> Fri, 15 Oct 2010 09:58:39 +0000
Available diffs
- diff from 2.3.2-11 to 2.3.2-12 (1.9 KiB)
rssh (2.3.2-11) unstable; urgency=low
* Switch to 3.0 (quilt) source format.
- Remove build dependency on quilt and debian/rules machinery.
* Remove all of the files touched by autoreconf -i.
* Remove Jesus Climent from uploaders. He hasn't had time to work on
the package in a while.
* Update standards version to 3.8.4 (no changes required).
-- Ubuntu Archive Auto-Sync <email address hidden> Sun, 09 May 2010 14:01:51 +0100
Available diffs
- diff from 2.3.2-10 to 2.3.2-11 (1.8 KiB)
rssh (2.3.2-10) unstable; urgency=low
* Update standards version 3.8.2 (no changes required).
* Translation updates:
- Czech, thanks Martin Šín. (Closes: #533389)
- Russian, thanks Yuri Kozlov. (Closes: #537062)
-- Ubuntu Archive Auto-Sync <email address hidden> Fri, 06 Nov 2009 10:33:44 +0000
Available diffs
- diff from 2.3.2-9 to 2.3.2-10 (2.3 KiB)
rssh (2.3.2-9) unstable; urgency=low
* This package is now maintained using Git and TopGit. A quilt
patch series is exported from TopGit branches for the final Debian
package. Update debian/README.source, the Vcs-* control fields, and
debian/rules accordingly.
* Add support for svnserve (Subversion). This requires a change in the
format of /etc/rssh.conf to add an additional binary digit to the
permissions field. /etc/rssh.conf will be automatically updated as
part of the package upgrade using /usr/share/rssh/conf_convert. Patch
from Davide Scola. (Closes: #284756)
* In mkchroot, also install /dev/zero in the chroot. Noted in an
updated patch from Ross Davis sent to the rssh-discuss list.
* Remove postrm script that removed rssh from /etc/shells. We do that
in postinst on upgrade and have for some time, so this maintainer
script was unnecessary.
* Convert to the proposed new copyright format.
* Swap Maintainer and Uploaders, making me the primary maintainer. I've
done all of the recent uploads.
* Update debhelper compatibility level to V7.
- Use rule minimization with overrides.
- Move install, examples, and manpage lists into separate files.
- Add --enable-static if "static" is in DEB_CONFIGURE_OPTIONS rather
than requiring the variable be set to exactly --enable-static.
- Remove unnecessary debian/dirs.
* Update standards version to 3.8.1 (no changes required).
* Translation updates:
- Spanish, thanks Francisco Javier Cuadrado. (Closes: #509356)
-- Ubuntu Archive Auto-Sync <email address hidden> Wed, 29 Apr 2009 12:10:47 +0100
Available diffs
- diff from 2.3.2-8 to 2.3.2-9 (18.7 KiB)
rssh (2.3.2-8) unstable; urgency=low
* The upstream mkchroot script uses echo -e, so make it a /bin/bash
script, which is less invasive than rewriting all of the echo
statements to printf. Thanks, Raphael Geissert. (Closes: #489653)
* Update standards version to 3.8.0.
- Add a README.source file pointing to the quilt documentation.
-- Ubuntu Archive Auto-Sync <email address hidden> Wed, 05 Nov 2008 17:56:56 +0000
Available diffs
- diff from 2.3.2-7 to 2.3.2-8 (950 bytes)
rssh (2.3.2-7) unstable; urgency=low
* Translation updates:
- Galician, thanks Jacobo Tarrio. (Closes: #483220)
-- Ubuntu Archive Auto-Sync <email address hidden> Thu, 29 May 2008 13:29:27 +0100
Available diffs
- diff from 2.3.2-6 to 2.3.2-7 (1.2 KiB)
rssh (2.3.2-6) unstable; urgency=low
* Allow the -e option to rsync in conjunction with --server when it
contains a protocol version. As of version three, rsync reused the -e
option to pass protocol information. (Closes: #471803)
* Avoid a segfault when logging is disabled and the configuration file
could not be opened. Thanks, Thomas Liske. (Closes: #470262)
* Update the example mkchroot.sh script, thanks to Carsten Maass and
proctor mcduff. (Closes: #465528)
- Fix the parsing of ldd output.
- Create /dev/null and /dev/log in the chroot.
- Update the sftp-server and rssh_chroot_helper paths for Debian.
- Copy /etc/ld.* files recursively.
- Add better error handling.
* Suggest makejail for the chroot setup. (Closes: #458563)
* Clean all patches of extraneous headers and timestamps.
* Mention in README.Debian that the upstream maintainer doesn't plan
future releases and therefore major new work (such as Subversion
support) may require taking over upstream maintenance.
* Add a Homepage control field and drop the XS-* prefixes for the Vcs
control fields.
* Add the upstream copyright statement and the complete license to
debian/copyright.
* Add a watch file.
* debian/rules cleanup:
- Use a stamp file for installation.
- Depend on the quilt stamp file to prevent repeating configure.
- Use touch $@ to create stamp files.
- Simplify the rule structure.
* Update standards version to 3.7.3 (no changes required).
-- Ubuntu Archive Auto-Sync <email address hidden> Fri, 02 May 2008 02:24:50 +0100
rssh (2.3.2-5) unstable; urgency=low
* Fix the logic for checking whether the setuid status of
rssh_chroot_helper was overridden by the sysadmin. The previous logic
would only make it setuid if dpkg-statoverride couldn't be found.
Thanks, Peter Baumann. (Closes: #425431)
* Don't add rssh to /etc/shells; restricted shells should not be listed
there. Remove it from /etc/shells if upgrading from an older version.
Also, we don't need to conditionalize running add-shell and
remove-shell, since debianutils is essential and has had add-shell and
remove-shell since etch. (Closes: #424672)
* Remove the obsolete security note from the config script.
* Fix the build system to not run configure twice.
* Add XS-Vcs-Svn and XS-Vcs-Browser control fields.
-- Ubuntu Archive Auto-Sync <email address hidden> Wed, 23 May 2007 06:29:06 +0100
rssh (2.3.2-4) unstable; urgency=low
* Rewrite the prompt for a setuid rssh_chroot_helper to follow the
DevRef debconf style guidelines and not mention an incorrect path in
/usr/bin. (Closes: #421000)
* Don't use config.status as a stamp file, since then the ordering of
removal causes make clean to fail after a build. (Closes: #424281)
* Translation updates:
- Swedish, thanks Daniel Nylander.
- Dutch, thanks cobaco.
- Portuguese, thanks Miguel Figueiredo. (Closes: #418924)
- German, thanks Helge Kreutzmann. (Closes: #419252)
- Italian, thanks Luca Monducci. (Closes: #419398)
- French, thanks Michel Grentzinger. (Closes: #420430)
- Japanese, thanks Hideki Yamane. (Closes: #422265)
-- Ubuntu Archive Auto-Sync <email address hidden> Fri, 18 May 2007 09:38:40 +0100
rssh (2.3.2-3) unstable; urgency=low
* In the example mkchroot script, warn that /etc/passwd is copied into
the chroot and the user may wish to remove unnecessary users and
sensitive information. (Closes: #366655)
* Let debhelper handle debconf purging in postrm properly, fixing
purging failures when debconf isn't installed. (Closes: #417009)
* Remove debconf update notes for versions that are now older than
oldstable. (Closes: #388957)
* Improve the README.Debian security information. Move the details from
the debconf security note to here to eliminate the rest of the debconf
note abuse.
* Fix incorrect hyphens in the rssh man page.
* Recognize reconfigure in postinst.
* Don't die on unknown actions in maintainer scripts.
* Only remove rssh from /etc/shells on remove and purge, not upgrade.
* Use $(CURDIR) instead of `pwd` in debian/rules.
* Update standards version to 3.7.2 (no changes required).
* Update debhelper compatibility level to V5.
* Translation updates:
- Spanish, thanks Steve Lord Flaubert. (Closes: #415185)
- Dutch, thanks cobaco. (Closes: #415505)
rssh (2.3.2-1) unstable; urgency=low
* New co-maintainer.
* New upstream release.
- Incorporates fixes from NMU. (Closes: #346322, #355935, #357715)
- Incorporates missing va_end also fixed in NMU. (Closes: #339531)
* Don't compress example scripts. (Closes: #333923)
* Mention chroot and jail in the rssh description. (Closes: #335475)
* Add libnss_compat* to the chroot script. (Closes: #335384)
* Drop the ssh-krb5 alternative; it doesn't use the right sftp-server
path. Add Suggests pointing to the other supported commands.
* Drop the configuration caution from the package description; it's in
the man page and the long description isn't supposed to include
configuration information for the package.
* Rework README.Debian a little to point to the rssh man page instead of
SECURITY (upstream moved the security notes there) and emphasize
reading the documentation before using the package.
* Update logcheck rules.
* debian/rules and debian/control cleanup.
- Switch to quilt for patches. It works essentially the same as the
script the package was using but is more standard and is the current
recommended tool.
- Run dh_shlibdeps to pick up proper dependency information.
- Get the debconf dependency from debhelper.
- Use debian/compat instead of setting DH_COMPAT.
- Use dh_installman instead of the deprecated dh_installmanpages.
- Remove duplicate rssh.docs configuration file.
- Don't install config.{guess,sub}; configure doesn't use them.
- Rename NEWS.Debian to NEWS so that debhelper installs it.
- Install logcheck rules with debhelper.
- Simplify unused rules and remove some boilerplate.
* Translation updates.
- Swedish, thanks Daniel Nylander. (Closes: #341412)
-- Ubuntu Archive Auto-Sync <email address hidden> Thu, 15 Jun 2006 15:32:02 +0100
rssh (2.3.0-1.1) unstable; urgency=high
* NMU (with maintainer permission).
* Backport code changes from upstream 2.3.2 release.
- Fixes coding error that runs cvs instead of rsync and rdist and
bypasses various security checks. (Closes: #346322)
- Fixes use of uninitialized variables that crash the chroot helper
program. (Closes: #355935)
-- Martin Pitt <email address hidden> Sat, 18 Mar 2006 20:29:29 -0800
rssh (2.3.0-1) unstable; urgency=high
* New upstream release.
* This package is a security update:
- closes CVE-2005-3345.
- Closes: #344424, #344395
-- Jesus Climent <email address hidden> Mon, 19 Dec 2005 20:00:02 +0200
rssh (2.2.3-3) unstable; urgency=low
* Changed the path of sftp-server to /usr/lib/openssh/sftp-server to
cope with ssh changes, in the helper script to create the chroots.
* Add rssh to /etc/shells (Closes: #312330).
* Added a logcheck file (Closes: #319802).
* Lowered the log output from INFO to DEBUG, to reduce the amount of
information rssh spits (Closes: #325684).
-- Jesus Climent <email address hidden> Sun, 9 Oct 2005 21:48:35 +0000
rssh (2.2.3-1) unstable; urgency=high
* New upstream release
* Security fix: CAN-2004-1161. Closes: #284207.
* Translations update:
- de.po: Jens Nachtigall (Closes: #276697)
- ja.po: Hideki Yamane (Closes: #272899)
- cs.po: Miroslav Kure (Closes: #287300)
- it.po: Luca Monducci (Closes: #288828)
* Urgency set to high due to the security fix and to get it into Sarge.
-- Jesus Climent <email address hidden> Wed, 19 Jan 2005 10:02:13 +0000
rssh (2.2.2-1ubuntu0.1) hoary-security; urgency=high
* SECURITY UPDATE: execution of arbitrary programs
* util.c, util.h:
- Applied patch by Debian Team (upstream version) to fix the
vulnerability.
* References:
- CAN-2004-1161
-- Gerardo Di Giacomo <email address hidden> Wed, 11 May 2005 16:49:54 +0000
rssh (2.2.2-1) unstable; urgency=high
* New upstream release (Closes: #278157)
* Urgency set to high due to the bug #278157, which happens to be a security
bug. Thanks to the reporters: Hideki Yamane and Florian Weimer.
-- Jesus Climent <email address hidden> Wed, 27 Oct 2004 09:44:54 +0000
rssh (2.1.1-5) unstable; urgency=low * Corrected dependency on ssh-krb5 (Closes: #232575) -- Jesus Climent <email address hidden> Fri, 13 Feb 2004 20:43:23 +0000
| 1 → 46 of 46 results | First • Previous • Next • Last |
