[arch-commits] Commit in rssh/trunk (PKGBUILD destdir.patch rssh.patch rsync.patch)

Thu Nov 25 18:27:37 UTC 2010

Date: Thursday, November 25, 2010 @ 13:27:36
  Author: bisson
Revision: 100737

fix FS#21783 and update other patch

Added:
  rssh/trunk/destdir.patch
  rssh/trunk/rsync.patch
Modified:
  rssh/trunk/PKGBUILD
Deleted:
  rssh/trunk/rssh.patch

---------------+
 PKGBUILD      |   29 ++++++++++++++++------------
 destdir.patch |   24 +++++++++++++++++++++++
 rssh.patch    |   24 -----------------------
 rsync.patch   |   57 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++
 4 files changed, 98 insertions(+), 36 deletions(-)

Modified: PKGBUILD
===================================================================

--- PKGBUILD	2010-11-25 18:25:03 UTC (rev 100736)
+++ PKGBUILD	2010-11-25 18:27:36 UTC (rev 100737)
@@ -2,28 +2,33 @@
 # Maintainer: Judd Vinet <jvinet at zeroflux.org>
 pkgname=rssh
 pkgver=2.3.3
-pkgrel=1
+pkgrel=2
 pkgdesc='A restricted shell for use with OpenSSH, allowing only scp and/or sftp'
 arch=('i686' 'x86_64')
-url='http://www.pizzashack.org/rssh/index.shtml'
+url='http://www.pizzashack.org/rssh/'
 depends=('openssh' 'glibc')
 backup=('etc/rssh.conf')
 license=('custom:rssh')
 source=("http://downloads.sourceforge.net/sourceforge/rssh/rssh-$pkgver.tar.gz"
-        'rssh.patch')
+        'destdir.patch'
+        'rsync.patch')
 sha1sums=('0a6dd80b5e6059e0db12c9f1276121dd966b610a'
-          '07deb7c88a52dccb45aa45a59f9e98e5c511ff3a')
+          '85bd1694decae5872cbeeafd578b147eb13313c6'
+          '41f32f8a77b3a2b924ede6044ab67846e06b5d20')
 
 build() {
-  cd "$srcdir/$pkgname-$pkgver"
-  patch -Np0 < ../rssh.patch
-  ./configure --prefix=/usr --libexecdir=/usr/lib/rssh \
-    --mandir=/usr/share/man --sysconfdir=/etc
-  make
+	cd "$srcdir/$pkgname-$pkgver"
+
+	patch -p1 < ../destdir.patch
+	patch -p1 < ../rsync.patch # FS#21783, debian patch
+
+	./configure --prefix=/usr --libexecdir=/usr/lib/rssh \
+		--mandir=/usr/share/man --sysconfdir=/etc
+	make
 }
 
 package() {
-  cd "$srcdir/$pkgname-$pkgver"
-  make DESTDIR="$pkgdir" install
-  install -Dm644 LICENSE "$pkgdir"/usr/share/licenses/rssh/LICENSE
+	cd "$srcdir/$pkgname-$pkgver"
+	make DESTDIR="$pkgdir" install
+	install -Dm644 LICENSE "$pkgdir"/usr/share/licenses/rssh/LICENSE
 }

Added: destdir.patch
===================================================================
--- destdir.patch	                        (rev 0)
+++ destdir.patch	2010-11-25 18:27:36 UTC (rev 100737)
@@ -0,0 +1,24 @@
+diff -aur old//Makefile.am new//Makefile.am
+--- old//Makefile.am	2006-12-21 23:22:37.000000000 +0100
++++ new//Makefile.am	2010-11-25 18:15:29.253376150 +0100
+@@ -16,7 +16,7 @@
+ 	$(CC) -c $(DEFS) $(ourdefs) $(CFLAGS) $(CPPFLAGS) $(LDFLAGS) $<
+ 
+ install-exec-hook:
+-	chmod u+s $(libexecdir)/rssh_chroot_helper
++	chmod u+s $(DESTDIR)$(libexecdir)/rssh_chroot_helper
+ 
+ rpm:	dist
+ 	rpmbuild -ta --sign $(base).tar.gz
+diff -aur old//Makefile.in new//Makefile.in
+--- old//Makefile.in	2010-08-01 15:59:54.000000000 +0200
++++ new//Makefile.in	2010-11-25 18:15:29.253376150 +0100
+@@ -830,7 +830,7 @@
+ 	$(CC) -c $(DEFS) $(ourdefs) $(CFLAGS) $(CPPFLAGS) $(LDFLAGS) $<
+ 
+ install-exec-hook:
+-	chmod u+s $(libexecdir)/rssh_chroot_helper
++	chmod u+s $(DESTDIR)$(libexecdir)/rssh_chroot_helper
+ 
+ rpm:	dist
+ 	rpmbuild -ta --sign $(base).tar.gz

Deleted: rssh.patch
===================================================================
--- rssh.patch	2010-11-25 18:25:03 UTC (rev 100736)
+++ rssh.patch	2010-11-25 18:27:36 UTC (rev 100737)
@@ -1,24 +0,0 @@
-diff -Naur Makefile.am Makefile.am
---- Makefile.am	2006-01-03 09:34:59.000000000 -0800
-+++ Makefile.am	2006-06-29 23:38:56.000000000 -0700
-@@ -16,7 +16,7 @@
- 	$(CC) -c $(DEFS) $(ourdefs) $(CFLAGS) $(CPPFLAGS) $(LDFLAGS) $<
- 
- install-exec-hook:
--	chmod u+s $(libexecdir)/rssh_chroot_helper
-+	chmod u+s $(DESTDIR)$(libexecdir)/rssh_chroot_helper
- 
- rpm:	dist
- 	rpmbuild -ta --sign $(base).tar.gz
-diff -Naur Makefile.in Makefile.in
---- Makefile.in	2006-01-06 18:24:57.000000000 -0800
-+++ Makefile.in	2006-06-29 23:38:30.000000000 -0700
-@@ -728,7 +728,7 @@
- 	$(CC) -c $(DEFS) $(ourdefs) $(CFLAGS) $(CPPFLAGS) $(LDFLAGS) $<
- 
- install-exec-hook:
--	chmod u+s $(libexecdir)/rssh_chroot_helper
-+	chmod u+s $(DESTDIR)$(libexecdir)/rssh_chroot_helper
- 
- rpm:	dist
- 	rpmbuild -ta --sign $(base).tar.gz

Added: rsync.patch
===================================================================
--- rsync.patch	                        (rev 0)
+++ rsync.patch	2010-11-25 18:27:36 UTC (rev 100737)
@@ -0,0 +1,57 @@
+diff -aur old//util.c new//util.c
+--- old//util.c	2010-08-01 15:07:00.000000000 +0200
++++ new//util.c	2010-11-25 18:16:24.086709600 +0100
+@@ -56,6 +56,7 @@
+ #ifdef HAVE_LIBGEN_H
+ #include <libgen.h>
+ #endif /* HAVE_LIBGEN_H */
++#include <regex.h>
+ 
+ /* LOCAL INCLUDES */
+ #include "pathnames.h"
+@@ -187,6 +188,33 @@
+ }
+ 
+ /*
++ * check_rsync_e() - take the command line passed to rssh and look for a -e
++ *                   option.  If one is found, make sure --server is provided
++ *                   and the option contains only the protocol information.
++ *                   Returns 1 if the command line is safe; 0 otherwise.
++ */
++static int check_rsync_e( char *cl )
++{
++	int	status;
++	regex_t	re;
++
++	/*
++	 * This is more complicated than it looks because we don't want to
++	 * trigger on the e in --server, but we do want to catch the common
++	 * case of -ltpre.iL (which contains -e.).
++	 */
++	static const char pattern[] = "[ \t\v\f]-([^-][^ ]*)?e[^.0-9]";
++
++	if ( strstr(cl, "--server") == NULL ) return 0;
++	if ( regcomp(&re, pattern, REG_EXTENDED | REG_NOSUB) != 0 ){
++		return 0;
++	}
++	status = regexec(&re, cl, 0, NULL, 0);
++	regfree(&re);
++	return (status == 0) ? 0 : 1;
++}
++
++/*
+  * check_command_line() - take the command line passed to rssh, and verify
+  * 			  that the specified command is one the user is
+  * 			  allowed to run.  Return the path of the command
+@@ -230,9 +258,9 @@
+ 
+ 	if ( check_command(cl, opts, PATH_RSYNC, RSSH_ALLOW_RSYNC) ){
+ 		/* filter -e option */
+-		if ( opt_exist(cl, 'e') ){
++		if ( opt_exist(cl, 'e') && !check_rsync_e(cl) ){
+ 			fprintf(stderr, "\ninsecure -e option not allowed.");
+-			log_msg("insecure -e option in rdist command line!");
++			log_msg("insecure -e option in rsync command line!");
+ 			return NULL;
+ 		}
+ 		


