Change log for rssh package in Ubuntu
1 → 46 of 46 results | First • Previous • Next • Last |
rssh (2.3.4-8ubuntu0.2) cosmic-security; urgency=medium * SECURITY UPDATE: Command injection - debian/patches/0009-Verify-scp-command-options.patch: Validate the allowed scp command line and only permit the flags used in server mode and only a single argument, to attempt to prevent use of ssh options to run arbitrary code on the server. This will break scp -3 to a system running rssh, which seems like an acceptable loss. (LP #1815935) - debian/patches/0007-Verify-rsync-command-options.patch: Tighten validation of the rsync command line to require --server be the first argument, which should prevent initiation of an outbound rsync command from the server, which in turn might allow execution of arbitrary code via ssh configuration similar to scp. Also reject rsync --daemon and --config command-line options, which can be used to run arbitrary commands. Thanks, Nick Cleaton. Do not stop checking the rsync command line at --, since this can be an argument to some other option and later arguments may still be interpreted as options. In the few cases where one needs to rsync to files named things like --rsh, the client can use ./--rsh instead. Thanks, Nick Cleaton. - debian/patches/0010-Check-command-line-after-chroot.patch: Unset the HOME environment variable when running rsync to prevent popt (against which rsync is linked) from loading a ~/.popt configuration file, which can run arbitrary commands on the server or redefine command-line options to bypass argument checking. Thanks, Nick Cleaton. - CVE-2019-1000018 - CVE-2019-3463 - CVE-2019-3464 -- Mike Salvatore <email address hidden> Wed, 10 Apr 2019 13:23:31 -0400
Available diffs
rssh (2.3.4-4+deb8u2ubuntu0.14.04.2) trusty-security; urgency=medium * SECURITY REGRESSION: The previous security regression released in 2.3.4-4+deb8u2ubuntu0.14.04.1 did not resolve all of the regressions caused by 2.3.4-4+deb8u2ubuntu0.14.04.1. This fix adds support for the '-pf' and '-pt' variants of the command line options. (LP: 1815741) -- Mike Salvatore <email address hidden> Wed, 10 Apr 2019 12:44:43 -0400
Available diffs
rssh (2.3.4-4+deb8u2ubuntu0.16.04.2) xenial-security; urgency=medium * SECURITY REGRESSION: The previous security regression released in 2.3.4-4+deb8u2ubuntu0.14.04.1 did not resolve all of the regressions caused by 2.3.4-4+deb8u2ubuntu0.14.04.1. This fix adds support for the '-pf' and '-pt' variants of the command line options. (LP: 1815741) -- Mike Salvatore <email address hidden> Wed, 10 Apr 2019 13:01:45 -0400
Available diffs
rssh (2.3.4-7ubuntu0.1) bionic-security; urgency=medium * SECURITY UPDATE: Command injection - debian/patches/0009-Verify-scp-command-options.patch: Validate the allowed scp command line and only permit the flags used in server mode and only a single argument, to attempt to prevent use of ssh options to run arbitrary code on the server. This will break scp -3 to a system running rssh, which seems like an acceptable loss. (LP #1815935) - debian/patches/0007-Verify-rsync-command-options.patch: Tighten validation of the rsync command line to require --server be the first argument, which should prevent initiation of an outbound rsync command from the server, which in turn might allow execution of arbitrary code via ssh configuration similar to scp. Also reject rsync --daemon and --config command-line options, which can be used to run arbitrary commands. Thanks, Nick Cleaton. Do not stop checking the rsync command line at --, since this can be an argument to some other option and later arguments may still be interpreted as options. In the few cases where one needs to rsync to files named things like --rsh, the client can use ./--rsh instead. Thanks, Nick Cleaton. - debian/patches/0010-Check-command-line-after-chroot.patch: Unset the HOME environment variable when running rsync to prevent popt (against which rsync is linked) from loading a ~/.popt configuration file, which can run arbitrary commands on the server or redefine command-line options to bypass argument checking. Thanks, Nick Cleaton. - CVE-2019-1000018 - CVE-2019-3463 - CVE-2019-3464 -- Mike Salvatore <email address hidden> Wed, 10 Apr 2019 13:23:31 -0400
Available diffs
Deleted in disco-release (Reason: (From Debian) ROM; orphaned upstream, flawed security mod...) |
Deleted in disco-proposed (Reason: moved to release) |
rssh (2.3.4-12) unstable; urgency=high * The fix for the scp security vulnerability in 2.3.4-9 combined with the regression fix in 2.3.4-10 rejected the -pf and -pt options, which are sent by libssh2's scp support. Add support for those variants. (LP #1815935) -- Russ Allbery <email address hidden> Mon, 18 Feb 2019 18:58:27 -0800
Available diffs
- diff from 2.3.4-11 to 2.3.4-12 (992 bytes)
rssh (2.3.4-4+deb8u2ubuntu0.16.04.1) xenial-security; urgency=medium * SECURITY REGRESSION: The fix for the scp security vulneraability in 2.3.4-4+deb8u2build0.16.04.1 introduced a regression that blocked scp of multiple files from a server using rssh. Based on further analysis of scp's command-line parsing, relax the check to require the server command contain -f or -t, which should deactivate scp's support for remote files. (Closes: #921655) - Merged from Debian, thanks to Russ Allbery for the patch. -- Steve Beattie <email address hidden> Mon, 11 Feb 2019 16:46:53 -0800
rssh (2.3.4-4+deb8u2ubuntu0.14.04.1) trusty-security; urgency=medium * SECURITY REGRESSION: The fix for the scp security vulnerability in 2.3.4-4+deb8u2build0.14.04.1 introduced a regression that blocked scp of multiple files from a server using rssh. Based on further analysis of scp's command-line parsing, relax the check to require the server command contain -f or -t, which should deactivate scp's support for remote files. (Closes: #921655) - Merged from Debian, thanks to Russ Allbery for the patch. -- Steve Beattie <email address hidden> Mon, 11 Feb 2019 17:24:20 -0800
rssh (2.3.4-11) unstable; urgency=high * The fix for the scp security vulneraability in 2.3.4-9 introduced a regression that blocked scp of multiple files from a server using rssh. Based on further analysis of scp's command-line parsing, relax the check to require the server command contain -f or -t, which should deactivate scp's support for remote files. (Closes: #921655) -- Russ Allbery <email address hidden> Sun, 10 Feb 2019 11:17:28 -0800
Available diffs
- diff from 2.3.4-10 to 2.3.4-11 (1.7 KiB)
rssh (2.3.4-4+deb8u2build0.16.04.1) xenial-security; urgency=medium * fake sync from Debian
Available diffs
rssh (2.3.4-4+deb8u2build0.14.04.1) trusty-security; urgency=medium * fake sync from Debian
Available diffs
rssh (2.3.4-4+deb8u1build0.16.04.1) xenial-security; urgency=medium * fake sync from Debian
Available diffs
rssh (2.3.4-4+deb8u1build0.14.04.1) trusty-security; urgency=medium * fake sync from Debian
Available diffs
rssh (2.3.4-10) unstable; urgency=high * Also reject rsync --daemon and --config command-line options, which can be used to run arbitrary commands. Thanks, Nick Cleaton. (CVE-2019-3463) * Unset the HOME environment variable when running rsync to prevent popt (against which rsync is linked) from loading a ~/.popt configuration file, which can run arbitrary commands on the server or redefine command-line options to bypass argument checking. Thanks, Nick Cleaton. (CVE-2019-3463) * Do not stop checking the rsync command line at --, since this can be an argument to some other option and later arguments may still be interpreted as options. In the few cases where one needs to rsync to files named things like --rsh, the client can use ./--rsh instead. Thanks, Nick Cleaton. * Remove now-unused variables from the rsync validation patch. -- Russ Allbery <email address hidden> Sat, 02 Feb 2019 10:59:47 -0800
Available diffs
- diff from 2.3.4-9 to 2.3.4-10 (4.1 KiB)
rssh (2.3.4-9) unstable; urgency=high [ Russ Allbery ] * Validate the allowed scp command line and only permit the flags used in server mode and only a single argument, to attempt to prevent use of ssh options to run arbitrary code on the server. This will break scp -3 to a system running rssh, which seems like an acceptable loss. (Closes: #919623, CVE-2019-1000018) * Tighten validation of the rsync command line to require --server be the first argument, which should prevent initiation of an outbound rsync command from the server, which in turn might allow execution of arbitrary code via ssh configuration similar to scp. * Add validation of the server command line after chroot when chroot is enabled. Prior to this change, dangerous argument filtering was not done when chroot was configured, allowing remote code execution inside the chroot in some configurations via the previous two bugs and via the mechanisms in CVE-2012-2251 and CVE-2012-2252. * Document that the cvs server-side dangerous option filtering is probably insufficient and should not be considered secure. * Remove ancient upgrade support in debian/postinst. * Remove debian/source/options, which was forcing compression to xz (now the default). * Update to debhelper compatibility level V12. * Update standards version to 4.3.0 (no changes required). [ Ondřej Nový ] * d/watch: Use https protocol -- Russ Allbery <email address hidden> Mon, 28 Jan 2019 21:03:59 -0800
Available diffs
- diff from 2.3.4-8 to 2.3.4-9 (5.8 KiB)
Superseded in disco-release |
Obsolete in cosmic-release |
Deleted in cosmic-proposed (Reason: moved to release) |
rssh (2.3.4-8) unstable; urgency=medium * Update Vcs-Git and Vcs-Browser for the move to salsa.debian.org. * Use https URL for copyright-format 1.0. * Update standards version to 4.1.4 (no changes required). -- Russ Allbery <email address hidden> Sun, 22 Apr 2018 10:58:03 -0700
Available diffs
- diff from 2.3.4-7 to 2.3.4-8 (828 bytes)
Superseded in cosmic-release |
Published in bionic-release |
Deleted in bionic-proposed (Reason: moved to release) |
rssh (2.3.4-7) unstable; urgency=medium * Change the specified mode of conf_convert in the Debian patch to be 0644, since dpkg doesn't support modes the way that Git does and will ignore the mode anyway. This mismatch was breaking use of dgit for this package. -- Russ Allbery <email address hidden> Sat, 23 Dec 2017 20:13:24 -0800
Available diffs
- diff from 2.3.4-6 to 2.3.4-7 (543 bytes)
rssh (2.3.4-6) unstable; urgency=medium * Add Rules-Requires-Root: no. * Update to debhelper compatibility level V11. - Remove now-useless build dependency on dh-autoreconf. * Clean up trailing whitespace in debian/changelog. * Update standards version to 4.1.2 (no changes required). -- Russ Allbery <email address hidden> Sun, 17 Dec 2017 16:21:18 -0800
Available diffs
- diff from 2.3.4-5 to 2.3.4-6 (1.4 KiB)
Superseded in bionic-release |
Obsolete in artful-release |
Obsolete in zesty-release |
Deleted in zesty-proposed (Reason: moved to release) |
rssh (2.3.4-5) unstable; urgency=medium * Enable all hardening flags. * Fix another spelling error in the rssh man page, caught by Lintian. * Translation updates: - Indonesian, thanks Izharul Haq. (Closes: #835621) * Switch to the DEP-14 branch layout and update debian/gbp.conf and Vcs-Git accordingly. * Run wrap-and-sort -ast on packaging files. * Switch to https for Vcs-Git and Vcs-Browser URLs. * Fix duplicate license clause in debian/copyright. * Update standards version to 3.9.8 (no changes required). -- Russ Allbery <email address hidden> Mon, 05 Sep 2016 15:39:58 -0700
Available diffs
- diff from 2.3.4-4 to 2.3.4-5 (3.7 KiB)
Superseded in zesty-release |
Obsolete in yakkety-release |
Published in xenial-release |
Obsolete in wily-release |
Obsolete in vivid-release |
Obsolete in utopic-release |
Published in trusty-release |
Deleted in trusty-proposed (Reason: moved to release) |
rssh (2.3.4-4) unstable; urgency=low * Fix typo in the example mkchroot script that causes it to fail to copy the libnss compat modules. Patch from Jeremy Jongepier. (Closes: #729294) * This package is now maintained using gbp pq from git-buildpackage. Remove the TopGit glue and the obsolete README.source package and rename the patches based on the export convention of gbp pq. * Drop override to use xz compression for the binary package. This is now the default in dpkg-buildpackage. * Update standards version to 3.9.5 (no changes required). * Translation updates: - Portuguese (Brazilian), thanks Fernando Ike de Oliveira. (Closes: #723148) * Reformat translations with debconf-updatepo. Add some missing Language fields and update the Report-Msgid-Bugs-To address. -- Russ Allbery <email address hidden> Sat, 07 Dec 2013 19:18:35 -0800
Available diffs
- diff from 2.3.4-3 to 2.3.4-4 (26.5 KiB)
Superseded in trusty-release |
Obsolete in saucy-release |
Deleted in saucy-proposed (Reason: moved to release) |
rssh (2.3.4-3) unstable; urgency=low * Patch the upstream build system to honor CFLAGS and CPPFLAGS as passed to configure. This fixes use of hardening flags during the build. Thanks to Simon Ruderich for the patch. (Closes: #709941) -- Russ Allbery <email address hidden> Tue, 28 May 2013 14:37:10 -0700
Available diffs
- diff from 2.3.4-2 to 2.3.4-3 (1.3 KiB)
rssh (2.3.4-2) unstable; urgency=low * Upload to unstable. * Fix implicit function declaration compiler warning from the svnserve patch. * Use xz compression for the Debian source and binary package. * Canonicalize the Vcs-Git and Vcs-Browser control fields. * Update standards version to 3.9.4 (no changes required). -- Russ Allbery <email address hidden> Sat, 11 May 2013 17:09:30 -0700
Available diffs
- diff from 2.3.3-6 to 2.3.4-2 (82.8 KiB)
Superseded in saucy-release |
Obsolete in raring-release |
Deleted in raring-proposed (Reason: moved to release) |
rssh (2.3.3-6) unstable; urgency=high * Fix several flaws in validation of rsync options. Ensure --server cannot be hidden from the server by putting it after -- or as the argument to another option. Verify that the -e option's value matches expectations rather than trying to look for invalid -e option values. (CVE-2012-2251) * Reject the rsync --rsh option even if it does not contain a trailing equal sign. (CVE-2012-2252) -- Russ Allbery <email address hidden> Thu, 22 Nov 2012 12:01:41 -0800
Available diffs
- diff from 2.3.3-5 to 2.3.3-6 (3.0 KiB)
rssh (2.3.2-13squeeze1build0.11.04.1) natty-security; urgency=low * fake sync from Debian
Available diffs
rssh (2.3.2-13build0.11.04.1) natty-security; urgency=low * fake sync from Debian -- Jamie Strandboge <email address hidden> Tue, 21 Aug 2012 12:12:10 -0500
Available diffs
rssh (2.3.3-5) unstable; urgency=medium * Apply upstream patch to close security vulnerability that permitted clever manipulation of environment variables on the ssh command line to bypass rssh checking. (CVE-2012-3478) -- Russ Allbery <email address hidden> Fri, 10 Aug 2012 22:14:34 -0700
Available diffs
- diff from 2.3.3-4 to 2.3.3-5 (5.3 KiB)
rssh (2.3.3-4) unstable; urgency=low * Force libexecdir to /usr/lib/rssh. This is not a library package and has no reason to be using the multiarch paths, but picked up the modification to libexecdir as a side effect of the debhelper compatibility level change. (Closes: #663011) -- Russ Allbery <email address hidden> Wed, 07 Mar 2012 16:07:37 -0800
Available diffs
- diff from 2.3.3-1 (in Ubuntu) to 2.3.3-4 (3.5 KiB)
rssh (2.3.3-1) unstable; urgency=low * New upstream release. - Exit with non-zero status when fatal() is called. - Merges Debian fixes/config-parse-fatal, fixes/man-page-hyphen, and fixes/missing-config patches. * In the example mkchroot script, also check for and copy over the dependencies of any of the NSS libraries we copy over. This picks up the libnsl library, which is now required. Print out a warning that mkchroot doesn't copy over any of the libraries required for other supporting programs (rsync, etc.), only those for scp and sftp. (Closes: #611878) * Update debian/copyright to the current DEP-5 format. * Update to debhelper compatibility level V8. * Update to standards version 3.9.1 (no changes required). -- Ubuntu Archive Auto-Sync <email address hidden> Sat, 30 Apr 2011 13:40:22 +0000
Available diffs
- diff from 2.3.2-13 to 2.3.3-1 (82.0 KiB)
rssh (2.3.2-13) unstable; urgency=low * When allocating the buffer to tell a locked-out user what commands are supported, add an additional byte for the nul at the end of the string. (Closes: #601145) -- Ubuntu Archive Auto-Sync <email address hidden> Fri, 12 Nov 2010 10:56:44 +0000
Available diffs
- diff from 2.3.2-12 to 2.3.2-13 (1.0 KiB)
rssh (2.3.2-12) unstable; urgency=low * If parsing the configuration file fails, abort with an error rather than continuing on and applying the defaults, since the defaults may be wrong for the current user. Patch from Jon Barber. * Fix spelling error (seperate for separate) in rssh man page. * Remove version from openssh-server dependency since it was older than oldstable. * Update standards version to 3.9.0 (no changes required). -- Ubuntu Archive Auto-Sync <email address hidden> Fri, 15 Oct 2010 09:58:39 +0000
Available diffs
- diff from 2.3.2-11 to 2.3.2-12 (1.9 KiB)
rssh (2.3.2-11) unstable; urgency=low * Switch to 3.0 (quilt) source format. - Remove build dependency on quilt and debian/rules machinery. * Remove all of the files touched by autoreconf -i. * Remove Jesus Climent from uploaders. He hasn't had time to work on the package in a while. * Update standards version to 3.8.4 (no changes required). -- Ubuntu Archive Auto-Sync <email address hidden> Sun, 09 May 2010 14:01:51 +0100
Available diffs
- diff from 2.3.2-10 to 2.3.2-11 (1.8 KiB)
rssh (2.3.2-10) unstable; urgency=low * Update standards version 3.8.2 (no changes required). * Translation updates: - Czech, thanks Martin Šín. (Closes: #533389) - Russian, thanks Yuri Kozlov. (Closes: #537062) -- Ubuntu Archive Auto-Sync <email address hidden> Fri, 06 Nov 2009 10:33:44 +0000
Available diffs
- diff from 2.3.2-9 to 2.3.2-10 (2.3 KiB)
rssh (2.3.2-9) unstable; urgency=low * This package is now maintained using Git and TopGit. A quilt patch series is exported from TopGit branches for the final Debian package. Update debian/README.source, the Vcs-* control fields, and debian/rules accordingly. * Add support for svnserve (Subversion). This requires a change in the format of /etc/rssh.conf to add an additional binary digit to the permissions field. /etc/rssh.conf will be automatically updated as part of the package upgrade using /usr/share/rssh/conf_convert. Patch from Davide Scola. (Closes: #284756) * In mkchroot, also install /dev/zero in the chroot. Noted in an updated patch from Ross Davis sent to the rssh-discuss list. * Remove postrm script that removed rssh from /etc/shells. We do that in postinst on upgrade and have for some time, so this maintainer script was unnecessary. * Convert to the proposed new copyright format. * Swap Maintainer and Uploaders, making me the primary maintainer. I've done all of the recent uploads. * Update debhelper compatibility level to V7. - Use rule minimization with overrides. - Move install, examples, and manpage lists into separate files. - Add --enable-static if "static" is in DEB_CONFIGURE_OPTIONS rather than requiring the variable be set to exactly --enable-static. - Remove unnecessary debian/dirs. * Update standards version to 3.8.1 (no changes required). * Translation updates: - Spanish, thanks Francisco Javier Cuadrado. (Closes: #509356) -- Ubuntu Archive Auto-Sync <email address hidden> Wed, 29 Apr 2009 12:10:47 +0100
Available diffs
- diff from 2.3.2-8 to 2.3.2-9 (18.7 KiB)
rssh (2.3.2-8) unstable; urgency=low * The upstream mkchroot script uses echo -e, so make it a /bin/bash script, which is less invasive than rewriting all of the echo statements to printf. Thanks, Raphael Geissert. (Closes: #489653) * Update standards version to 3.8.0. - Add a README.source file pointing to the quilt documentation. -- Ubuntu Archive Auto-Sync <email address hidden> Wed, 05 Nov 2008 17:56:56 +0000
Available diffs
- diff from 2.3.2-7 to 2.3.2-8 (950 bytes)
rssh (2.3.2-7) unstable; urgency=low * Translation updates: - Galician, thanks Jacobo Tarrio. (Closes: #483220) -- Ubuntu Archive Auto-Sync <email address hidden> Thu, 29 May 2008 13:29:27 +0100
Available diffs
- diff from 2.3.2-6 to 2.3.2-7 (1.2 KiB)
rssh (2.3.2-6) unstable; urgency=low * Allow the -e option to rsync in conjunction with --server when it contains a protocol version. As of version three, rsync reused the -e option to pass protocol information. (Closes: #471803) * Avoid a segfault when logging is disabled and the configuration file could not be opened. Thanks, Thomas Liske. (Closes: #470262) * Update the example mkchroot.sh script, thanks to Carsten Maass and proctor mcduff. (Closes: #465528) - Fix the parsing of ldd output. - Create /dev/null and /dev/log in the chroot. - Update the sftp-server and rssh_chroot_helper paths for Debian. - Copy /etc/ld.* files recursively. - Add better error handling. * Suggest makejail for the chroot setup. (Closes: #458563) * Clean all patches of extraneous headers and timestamps. * Mention in README.Debian that the upstream maintainer doesn't plan future releases and therefore major new work (such as Subversion support) may require taking over upstream maintenance. * Add a Homepage control field and drop the XS-* prefixes for the Vcs control fields. * Add the upstream copyright statement and the complete license to debian/copyright. * Add a watch file. * debian/rules cleanup: - Use a stamp file for installation. - Depend on the quilt stamp file to prevent repeating configure. - Use touch $@ to create stamp files. - Simplify the rule structure. * Update standards version to 3.7.3 (no changes required). -- Ubuntu Archive Auto-Sync <email address hidden> Fri, 02 May 2008 02:24:50 +0100
rssh (2.3.2-5) unstable; urgency=low * Fix the logic for checking whether the setuid status of rssh_chroot_helper was overridden by the sysadmin. The previous logic would only make it setuid if dpkg-statoverride couldn't be found. Thanks, Peter Baumann. (Closes: #425431) * Don't add rssh to /etc/shells; restricted shells should not be listed there. Remove it from /etc/shells if upgrading from an older version. Also, we don't need to conditionalize running add-shell and remove-shell, since debianutils is essential and has had add-shell and remove-shell since etch. (Closes: #424672) * Remove the obsolete security note from the config script. * Fix the build system to not run configure twice. * Add XS-Vcs-Svn and XS-Vcs-Browser control fields. -- Ubuntu Archive Auto-Sync <email address hidden> Wed, 23 May 2007 06:29:06 +0100
rssh (2.3.2-4) unstable; urgency=low * Rewrite the prompt for a setuid rssh_chroot_helper to follow the DevRef debconf style guidelines and not mention an incorrect path in /usr/bin. (Closes: #421000) * Don't use config.status as a stamp file, since then the ordering of removal causes make clean to fail after a build. (Closes: #424281) * Translation updates: - Swedish, thanks Daniel Nylander. - Dutch, thanks cobaco. - Portuguese, thanks Miguel Figueiredo. (Closes: #418924) - German, thanks Helge Kreutzmann. (Closes: #419252) - Italian, thanks Luca Monducci. (Closes: #419398) - French, thanks Michel Grentzinger. (Closes: #420430) - Japanese, thanks Hideki Yamane. (Closes: #422265) -- Ubuntu Archive Auto-Sync <email address hidden> Fri, 18 May 2007 09:38:40 +0100
rssh (2.3.2-3) unstable; urgency=low * In the example mkchroot script, warn that /etc/passwd is copied into the chroot and the user may wish to remove unnecessary users and sensitive information. (Closes: #366655) * Let debhelper handle debconf purging in postrm properly, fixing purging failures when debconf isn't installed. (Closes: #417009) * Remove debconf update notes for versions that are now older than oldstable. (Closes: #388957) * Improve the README.Debian security information. Move the details from the debconf security note to here to eliminate the rest of the debconf note abuse. * Fix incorrect hyphens in the rssh man page. * Recognize reconfigure in postinst. * Don't die on unknown actions in maintainer scripts. * Only remove rssh from /etc/shells on remove and purge, not upgrade. * Use $(CURDIR) instead of `pwd` in debian/rules. * Update standards version to 3.7.2 (no changes required). * Update debhelper compatibility level to V5. * Translation updates: - Spanish, thanks Steve Lord Flaubert. (Closes: #415185) - Dutch, thanks cobaco. (Closes: #415505)
rssh (2.3.2-1) unstable; urgency=low * New co-maintainer. * New upstream release. - Incorporates fixes from NMU. (Closes: #346322, #355935, #357715) - Incorporates missing va_end also fixed in NMU. (Closes: #339531) * Don't compress example scripts. (Closes: #333923) * Mention chroot and jail in the rssh description. (Closes: #335475) * Add libnss_compat* to the chroot script. (Closes: #335384) * Drop the ssh-krb5 alternative; it doesn't use the right sftp-server path. Add Suggests pointing to the other supported commands. * Drop the configuration caution from the package description; it's in the man page and the long description isn't supposed to include configuration information for the package. * Rework README.Debian a little to point to the rssh man page instead of SECURITY (upstream moved the security notes there) and emphasize reading the documentation before using the package. * Update logcheck rules. * debian/rules and debian/control cleanup. - Switch to quilt for patches. It works essentially the same as the script the package was using but is more standard and is the current recommended tool. - Run dh_shlibdeps to pick up proper dependency information. - Get the debconf dependency from debhelper. - Use debian/compat instead of setting DH_COMPAT. - Use dh_installman instead of the deprecated dh_installmanpages. - Remove duplicate rssh.docs configuration file. - Don't install config.{guess,sub}; configure doesn't use them. - Rename NEWS.Debian to NEWS so that debhelper installs it. - Install logcheck rules with debhelper. - Simplify unused rules and remove some boilerplate. * Translation updates. - Swedish, thanks Daniel Nylander. (Closes: #341412) -- Ubuntu Archive Auto-Sync <email address hidden> Thu, 15 Jun 2006 15:32:02 +0100
rssh (2.3.0-1.1) unstable; urgency=high * NMU (with maintainer permission). * Backport code changes from upstream 2.3.2 release. - Fixes coding error that runs cvs instead of rsync and rdist and bypasses various security checks. (Closes: #346322) - Fixes use of uninitialized variables that crash the chroot helper program. (Closes: #355935) -- Martin Pitt <email address hidden> Sat, 18 Mar 2006 20:29:29 -0800
rssh (2.3.0-1) unstable; urgency=high * New upstream release. * This package is a security update: - closes CVE-2005-3345. - Closes: #344424, #344395 -- Jesus Climent <email address hidden> Mon, 19 Dec 2005 20:00:02 +0200
rssh (2.2.3-3) unstable; urgency=low * Changed the path of sftp-server to /usr/lib/openssh/sftp-server to cope with ssh changes, in the helper script to create the chroots. * Add rssh to /etc/shells (Closes: #312330). * Added a logcheck file (Closes: #319802). * Lowered the log output from INFO to DEBUG, to reduce the amount of information rssh spits (Closes: #325684). -- Jesus Climent <email address hidden> Sun, 9 Oct 2005 21:48:35 +0000
rssh (2.2.3-1) unstable; urgency=high * New upstream release * Security fix: CAN-2004-1161. Closes: #284207. * Translations update: - de.po: Jens Nachtigall (Closes: #276697) - ja.po: Hideki Yamane (Closes: #272899) - cs.po: Miroslav Kure (Closes: #287300) - it.po: Luca Monducci (Closes: #288828) * Urgency set to high due to the security fix and to get it into Sarge. -- Jesus Climent <email address hidden> Wed, 19 Jan 2005 10:02:13 +0000
rssh (2.2.2-1ubuntu0.1) hoary-security; urgency=high * SECURITY UPDATE: execution of arbitrary programs * util.c, util.h: - Applied patch by Debian Team (upstream version) to fix the vulnerability. * References: - CAN-2004-1161 -- Gerardo Di Giacomo <email address hidden> Wed, 11 May 2005 16:49:54 +0000
rssh (2.2.2-1) unstable; urgency=high * New upstream release (Closes: #278157) * Urgency set to high due to the bug #278157, which happens to be a security bug. Thanks to the reporters: Hideki Yamane and Florian Weimer. -- Jesus Climent <email address hidden> Wed, 27 Oct 2004 09:44:54 +0000
rssh (2.1.1-5) unstable; urgency=low * Corrected dependency on ssh-krb5 (Closes: #232575) -- Jesus Climent <email address hidden> Fri, 13 Feb 2004 20:43:23 +0000
1 → 46 of 46 results | First • Previous • Next • Last |