summarylogtreecommitdiffstats
diff options
context:
space:
mode:
authorChristian Hesse2015-06-30 11:44:28 +0200
committerChristian Hesse2015-06-30 11:44:28 +0200
commit12aafec21d5121eb43159d696998f166e725fbbf (patch)
tree309e0a9fa986b891a28bf7b3f803440d6bb58822
downloadaur-12aafec21d5121eb43159d696998f166e725fbbf.tar.gz
initial import of rssh 2.3.4-5
-rw-r--r--.SRCINFO34
-rw-r--r--0001-fail-logging.patch30
-rw-r--r--0002-info-to-debug.patch108
-rw-r--r--0003-man-page-spelling.patch26
-rw-r--r--0004-mkchroot.patch190
-rw-r--r--0005-mkchroot-arch.patch29
-rw-r--r--0006-mkchroot-symlink.patch12
-rw-r--r--0007-destdir.patch24
-rw-r--r--0008-rsync-protocol.patch130
-rw-r--r--PKGBUILD76
10 files changed, 659 insertions, 0 deletions
diff --git a/.SRCINFO b/.SRCINFO
new file mode 100644
index 000000000000..421f95c96a49
--- /dev/null
+++ b/.SRCINFO
@@ -0,0 +1,34 @@
+pkgbase = rssh
+ pkgdesc = Restricted secure shell allowing only scp, sftp, cvs, rsync or rdist
+ pkgver = 2.3.4
+ pkgrel = 5
+ url = http://www.pizzashack.org/rssh/
+ arch = i686
+ arch = x86_64
+ arch = armv6h
+ license = custom:rssh
+ depends = openssh
+ backup = etc/rssh.conf
+ source = http://downloads.sourceforge.net/sourceforge/rssh/rssh-2.3.4.tar.gz
+ source = http://downloads.sourceforge.net/sourceforge/rssh/rssh-2.3.4.tar.gz.sig
+ source = 0001-fail-logging.patch
+ source = 0002-info-to-debug.patch
+ source = 0003-man-page-spelling.patch
+ source = 0004-mkchroot.patch
+ source = 0005-mkchroot-arch.patch
+ source = 0006-mkchroot-symlink.patch
+ source = 0007-destdir.patch
+ source = 0008-rsync-protocol.patch
+ sha256sums = f30c6a760918a0ed39cf9e49a49a76cb309d7ef1c25a66e77a41e2b1d0b40cd9
+ sha256sums = SKIP
+ sha256sums = d30f2f4fdb1b57f94773f5b0968a4da3356b14a040efe69ec1e976c615035c65
+ sha256sums = 86f6ecf34f62415b0d6204d4cbebc47322dc2ec71732d06aa27758e35d688fcd
+ sha256sums = 455b3bbccddf1493999d00c2cd46e62930ef4fd8211e0b7d3a89d8010d6a5431
+ sha256sums = f7fd8723d2aa94e64e037c13c2f263a52104af680ab52bfcaea73dfa836457c2
+ sha256sums = ac8894c4087a063ae8267d2fdfcde69c2fe6b67a8ff5917e4518b8f73f08ba3f
+ sha256sums = bce98728cb9b55c92182d4901c5f9adf49376a07c5603514b0004e3d1c85e9c7
+ sha256sums = 7fa03644f81dc37d77cc7e2cad994f17f91b2b8a49b1a74e41030a4ac764385e
+ sha256sums = 0c772afe9088eeded129ead86775ef18e58c318bbc58fc3e2585e7ff09cc5e91
+
+pkgname = rssh
+
diff --git a/0001-fail-logging.patch b/0001-fail-logging.patch
new file mode 100644
index 000000000000..7a2c44d3b0b9
--- /dev/null
+++ b/0001-fail-logging.patch
@@ -0,0 +1,30 @@
+From: Russ Allbery <rra@debian.org>
+Subject: [PATCH] Fix allocation of buffer for fail log message
+
+The failure log message when the user isn't permitted to run the
+command they're attempting includes a summary of the commands the
+user is allowed to run. The allocation for that string was not
+reserving space for the nul byte at the end of the string, causing
+a one-byte overwrite past the end of the string.
+
+Signed-off-by: Russ Allbery <rra@debian.org>
+
+---
+ util.c | 2 +-
+ 1 files changed, 1 insertions(+), 1 deletions(-)
+
+diff --git a/util.c b/util.c
+index e576755..49f8be1 100644
+--- a/util.c
++++ b/util.c
+@@ -84,7 +84,7 @@ void fail( int flags, int argc, char **argv )
+ /* create msg indicating what is allowed */
+ if ( !size ) cmd = "This user is locked out.";
+ else {
+- size += 18;
++ size += 18 + 1;
+ if ( !(cmd = (char *)malloc(size)) ){
+ log_msg("fatal error: out of mem allocating log msg");
+ exit(1);
+--
+tg: (05d6ee0..) fixes/fail-logging (depends on: upstream)
diff --git a/0002-info-to-debug.patch b/0002-info-to-debug.patch
new file mode 100644
index 000000000000..0b6b03180bae
--- /dev/null
+++ b/0002-info-to-debug.patch
@@ -0,0 +1,108 @@
+From: Russ Allbery <rra@stanford.edu>
+Subject: [PATCH] Lower priority of syslog messages to debug
+
+Lower priority of all of the routine syslog messages from info to debug
+to cut down on log noise.
+
+Signed-off-by: Russ Allbery <rra@stanford.edu>
+
+---
+ rsshconf.c | 20 ++++++++++----------
+ 1 files changed, 10 insertions(+), 10 deletions(-)
+
+diff --git a/rsshconf.c b/rsshconf.c
+index 3dcb2cf..a69f556 100644
+--- a/rsshconf.c
++++ b/rsshconf.c
+@@ -438,7 +438,7 @@ int process_allow_scp( ShellOptions_t *opts,
+ return FALSE;
+ }
+ if (log){
+- log_set_priority(LOG_INFO);
++ log_set_priority(LOG_DEBUG);
+ log_msg("allowing scp to all users");
+ }
+ opts->shell_flags |= RSSH_ALLOW_SCP;
+@@ -465,7 +465,7 @@ int process_allow_sftp( ShellOptions_t *opts,
+ return FALSE;
+ }
+ if (log){
+- log_set_priority(LOG_INFO);
++ log_set_priority(LOG_DEBUG);
+ log_msg("allowing sftp to all users");
+ }
+ opts->shell_flags |= RSSH_ALLOW_SFTP;
+@@ -493,7 +493,7 @@ int process_allow_cvs( ShellOptions_t *opts,
+ return FALSE;
+ }
+ if (log){
+- log_set_priority(LOG_INFO);
++ log_set_priority(LOG_DEBUG);
+ log_msg("allowing cvs to all users");
+ }
+ opts->shell_flags |= RSSH_ALLOW_CVS;
+@@ -520,7 +520,7 @@ int process_allow_rdist( ShellOptions_t *opts,
+ lineno);
+ return FALSE;
+ }
+- log_set_priority(LOG_INFO);
++ log_set_priority(LOG_DEBUG);
+ if (log){
+ log_msg("allowing rdist to all users");
+ opts->shell_flags |= RSSH_ALLOW_RDIST;
+@@ -549,7 +549,7 @@ int process_allow_rsync( ShellOptions_t *opts,
+ return FALSE;
+ }
+ if (log){
+- log_set_priority(LOG_INFO);
++ log_set_priority(LOG_DEBUG);
+ log_msg("allowing rsync to all users");
+ }
+ opts->shell_flags |= RSSH_ALLOW_RSYNC;
+@@ -585,7 +585,7 @@ int process_chroot_path( ShellOptions_t *opts,
+ /* get rid of any old value for chroot path, assign new one */
+ if ( opts->chroot_path ) free(opts->chroot_path);
+ if (log){
+- log_set_priority(LOG_INFO);
++ log_set_priority(LOG_DEBUG);
+ log_msg("chrooting all users to %s", temp);
+ }
+ /* we must not free temp, since opts points to it */
+@@ -783,7 +783,7 @@ int process_log_facility( ShellOptions_t *opts,
+ return FALSE;
+ }
+ if ( facname ){
+- log_set_priority(LOG_INFO);
++ log_set_priority(LOG_DEBUG);
+ if (log) log_msg("setting log facility to %s", facname);
+ log_set_facility(fac);
+ return TRUE;
+@@ -828,7 +828,7 @@ int process_umask( ShellOptions_t *opts,
+ return FALSE;
+ }
+ if (log){
+- log_set_priority(LOG_INFO);
++ log_set_priority(LOG_DEBUG);
+ log_msg("setting umask to %#o", mask);
+ }
+ opts->rssh_umask = mask;
+@@ -889,7 +889,7 @@ int process_user( ShellOptions_t *opts,
+ */
+ if ( (strcmp(user, username)) ) return TRUE;
+ if (log){
+- log_set_priority(LOG_INFO);
++ log_set_priority(LOG_DEBUG);
+ log_msg("line %d: configuring user %s", lineno, user);
+ }
+ if ( !(len = eat_colon(temp + pos)) ){
+@@ -970,7 +970,7 @@ cleanup:
+ tmpmask = 077;
+ }
+ if (log){
+- log_set_priority(LOG_INFO);
++ log_set_priority(LOG_DEBUG);
+ log_msg("setting %s's umask to %#o", user, tmpmask);
+ }
+ opts->rssh_umask = tmpmask;
+--
+tg: (05d6ee0..) fixes/info-to-debug (depends on: upstream)
diff --git a/0003-man-page-spelling.patch b/0003-man-page-spelling.patch
new file mode 100644
index 000000000000..9cebe1fc8a91
--- /dev/null
+++ b/0003-man-page-spelling.patch
@@ -0,0 +1,26 @@
+From: Russ Allbery <rra@debian.org>
+Subject: [PATCH] Fix spelling errors in manual pages
+
+Fix spelling errors such as seperate for separate.
+
+Signed-off-by: Russ Allbery <rra@debian.org>
+
+---
+ rssh.1 | 2 +-
+ 1 files changed, 1 insertions(+), 1 deletions(-)
+
+diff --git a/rssh.1 b/rssh.1
+index caa2636..8a6898e 100644
+--- a/rssh.1
++++ b/rssh.1
+@@ -148,7 +148,7 @@ programs other than what are absolutely necessary to provide the service you
+ are trying to provide. This prevents them from running standard system
+ commands.
+ .P
+-Then, make sure the user's files inside the jail are on a seperate filesystem
++Then, make sure the user's files inside the jail are on a separate filesystem
+ from your system's executables. If possible in your environment, make sure
+ you mount this filesystem using the
+ .IR noexec " and " nosuid
+--
+tg: (05d6ee0..) fixes/man-page-spelling (depends on: upstream)
diff --git a/0004-mkchroot.patch b/0004-mkchroot.patch
new file mode 100644
index 000000000000..d83cd25dcdd5
--- /dev/null
+++ b/0004-mkchroot.patch
@@ -0,0 +1,190 @@
+From: Russ Allbery <rra@stanford.edu>
+Subject: [PATCH] Fixes and improvements to mkchroot.sh
+
+Debian wants libnss_compat* in addition to libnss_files* for UID lookups
+to work properly, and doesn't have a libnss1_files*. With multiarch,
+these libraries have also been moved into a subdirectory of /lib.
+
+Create the /dev/null device in the chroot, needed by sftp-server. Create
+the /dev/log device in the chroot, for one less step.
+
+Update the code to copy over libraries to be able to parse the new output
+from ldd.
+
+Update file paths for Debian.
+
+Add better error handling.
+
+Warn that /etc/passwd is being copied into the chroot jail and that the
+user may wish to edit out some users and remove any sensitive
+information. (Debian Bug#366655)
+
+Thanks to proctor mcduff for his contributions.
+
+Signed-off-by: Russ Allbery <rra@stanford.edu>
+
+---
+ mkchroot.sh | 105 +++++++++++++++++++++++++++++++++++++++++++++-------------
+ 1 files changed, 81 insertions(+), 24 deletions(-)
+
+diff --git a/mkchroot.sh b/mkchroot.sh
+index 9e17d5d..25f3a7d 100755
+--- a/mkchroot.sh
++++ b/mkchroot.sh
+@@ -1,13 +1,13 @@
+-#!/bin/sh
++#!/bin/bash
+
+ #####################################################################
+ #####################################################################
+ ##
+ ## mkchroot.sh - set up a chroot jail.
+ ##
+-## This script is written to work for Red Hat 8/9 systems, but may work on
+-## other systems. Or, it may not... In fact, it may not work at all. Use at
+-## your own risk. :)
++## This script is written to work for Red Hat 8/9 systems and adapted to work
++## on Debian systems, but may work on other systems. Or, it may not... In
++## fact, it may not work at all. Use at your own risk. :)
+ ##
+
+ fail() {
+@@ -96,9 +96,9 @@ fi
+ # copy SSH files
+
+ scp_path="/usr/bin/scp"
+-sftp_server_path="/usr/libexec/openssh/sftp-server"
++sftp_server_path="/usr/lib/openssh/sftp-server"
+ rssh_path="/usr/bin/rssh"
+-chroot_helper_path="/usr/libexec/rssh_chroot_helper"
++chroot_helper_path="/usr/lib/rssh/rssh_chroot_helper"
+
+ for jail_path in `dirname "$jail_dir$scp_path"` `dirname "$jail_dir$sftp_server_path"` `dirname "$jail_dir$chroot_helper_path"`; do
+
+@@ -125,19 +125,56 @@ cp "$chroot_helper_path" "$jail_dir$chroot_helper_path" || \
+ #
+ # identify and copy libraries needed in the jail
+ #
++# Sample ldd output:
++#
++# linux-gate.so.1 => (0xffffe000)
++# libresolv.so.2 => /lib/i686/cmov/libresolv.so.2 (0xb7ef2000)
++# libcrypto.so.0.9.8 => /usr/lib/i686/cmov/libcrypto.so.0.9.8 (0xb7da8000)
++# libutil.so.1 => /lib/i686/cmov/libutil.so.1 (0xb7da3000)
++# libz.so.1 => /usr/lib/libz.so.1 (0xb7d8e000)
++# libnsl.so.1 => /lib/i686/cmov/libnsl.so.1 (0xb7d76000)
++# libcrypt.so.1 => /lib/i686/cmov/libcrypt.so.1 (0xb7d44000)
++# libgssapi_krb5.so.2 => /usr/lib/libgssapi_krb5.so.2 (0xb7d1b000)
++# libkrb5.so.3 => /usr/lib/libkrb5.so.3 (0xb7c8d000)
++# libk5crypto.so.3 => /usr/lib/libk5crypto.so.3 (0xb7c69000)
++# libcom_err.so.2 => /lib/libcom_err.so.2 (0xb7c66000)
++# libc.so.6 => /lib/i686/cmov/libc.so.6 (0xb7b19000)
++# libdl.so.2 => /lib/i686/cmov/libdl.so.2 (0xb7b15000)
++# libkrb5support.so.0 => /usr/lib/libkrb5support.so.0 (0xb7b0d000)
++# libkeyutils.so.1 => /lib/libkeyutils.so.1 (0xb7b09000)
++# /lib/ld-linux.so.2 (0xb7f13000)
++#
++# either the first or the third column may contain a path
++#
+
+-for prog in $scp_path $sftp_server_path $rssh_path $chroot_helper_path; do
++for prog in $scp_path $sftp_server_path $rssh_path $chroot_helper_path \
++ /lib/libnss_compat* /lib/libnss_files* /lib/*/libnss_comat* \
++ /lib/*/libnss_files*; do
++ if [ ! -f "$prog" ] ; then
++ continue
++ fi
+ echo "Copying libraries for $prog."
+- libs=`ldd $prog | tr -s ' ' | cut -d' ' -f3`
++ libs=`ldd $prog | awk '$1 ~ /^\// {print $1} $3 ~ /^\// {print $3}'`
+ for lib in $libs; do
+- mkdir -p "$jail_dir$(dirname $lib)"
++ mkdir -p "$jail_dir$(dirname $lib)" || \
++ fail "Error creating $(dirname $lib). Exiting" 6
+ echo -e "\t$lib"
+- cp "$lib" "$jail_dir$lib"
++ cp "$lib" "$jail_dir$lib" || \
++ fail "Error copying $lib. Exiting" 6
+ done
+ done
+
++# On Debian with multiarch, the libnss files are in /lib/<triplet>, where
++# <triplet> is the relevant architecture triplet. Just copy everything
++# that's installed, since we're not sure which ones we'll need.
+ echo "copying name service resolution libraries..."
+-tar -cf - /lib/libnss_files* /lib/libnss1_files* | tar -C "$jail_dir" -xvf - |sed 's/^/\t/'
++if [ -n "$(find /lib -maxdepth 1 -name 'libnss*_' -print -quit)" ] ; then
++ tar -cf - /lib/libnss_compat* /lib/libnss*_files* \
++ | tar -C "$jail_dir" -xvf - | sed 's/^/\t/'
++else
++ tar -cf - /lib/*/libnss_compat* /lib/*/libnss*_files* \
++ | tar -C "$jail_dir" -xvf - | sed 's/^/\t/'
++fi
+
+ #####################################################################
+ #
+@@ -145,29 +182,49 @@ tar -cf - /lib/libnss_files* /lib/libnss1_files* | tar -C "$jail_dir" -xvf - |se
+ #
+
+ echo "Setting up /etc in the chroot jail"
+-mkdir -p "$jail_dir/etc"
+-cp /etc/nsswitch.conf "$jail_dir/etc/"
+-cp /etc/passwd "$jail_dir/etc/"
+-cp /etc/ld.* "$jail_dir/etc/"
+-
+-echo -e "Chroot jail configuration completed."
+-echo -e "\nNOTE: if you are not using the passwd file for authentication,"
+-echo -e "you may need to copy some of the /lib/libnss_* files into the jail.\n"
+-
++mkdir -p "$jail_dir/etc" || fail "Error creating /etc. Exiting" 7
++cp /etc/nsswitch.conf "$jail_dir/etc/" || \
++ fail "Error copying /etc/nsswitch.conf. Exiting" 7
++cp /etc/passwd "$jail_dir/etc/" || \
++ fail "Error copying /etc/passwd. Exiting" 7
++cp -r /etc/ld.* "$jail_dir/etc/" || \
++ fail "Error copying /etc/ld.*. Exiting" 7
++echo -e "\nWARNING: Copying /etc/passwd into the chroot jail. You may wish"
++echo -e "to edit out unnecessary users and remove any sensitive information"
++echo -e "from it."
+
+ #####################################################################
+ #
+-# set up /dev/log
++# set up /dev
+ #
+
+ mkdir -p "$jail_dir/dev"
++if [ `whoami` = "root" ]; then
++ cp -a /dev/log "$jail_dir/dev" || \
++ fail "Error creating /dev/log. Exiting" 8
++ cp -a /dev/null "$jail_dir/dev" || \
++ fail "Error creating /dev/null. Exiting" 8
++ cp -a /dev/zero "$jail_dir/dev" || \
++ fail "Error creating /dev/zero. Exiting" 8
++else
++ echo -e "NOT creating /dev/null and /dev/log in the chroot jail. \c"
++ echo -e "You are not root.\n"
++fi
++
++echo -e "Chroot jail configuration completed.\n"
++
++echo -e "NOTE: if you are not using the passwd file for authentication,"
++echo -e "you may need to copy some of the /lib/libnss_* files into the jail.\n"
++
++echo -e "NOTE: if you are using any programs other than scp and sftp, you will"
++echo -e "need to copy the server binaries and any libraries they depend on"
++echo -e "into the chroot manually. Use ldd on the binary to find the needed"
++echo -e "libraries.\n"
+
+ echo -e "NOTE: you must MANUALLY edit your syslog rc script to start syslogd"
+ echo -e "with appropriate options to log to $jail_dir/dev/log. In most cases,"
+ echo -e "you will need to start syslog as:\n"
+-echo -e " /sbin/syslogd -a $jail_dir/dev/log\n"
++echo -e " /sbin/syslogd -a $jail_dir/dev/log\n\n"
+
+ echo -e "NOTE: we make no guarantee that ANY of this will work for you... \c"
+ echo -e "if it\ndoesn't, you're on your own. Sorry!\n"
+-
+-
+--
+tg: (05d6ee0..) fixes/mkchroot (depends on: upstream)
diff --git a/0005-mkchroot-arch.patch b/0005-mkchroot-arch.patch
new file mode 100644
index 000000000000..b039ed15d274
--- /dev/null
+++ b/0005-mkchroot-arch.patch
@@ -0,0 +1,29 @@
+--- a/mkchroot.sh 2012-08-06 08:00:53.806524961 +0200
++++ b/mkchroot.sh 2012-08-03 11:00:39.000000000 +0200
+@@ -96,7 +96,7 @@ fi
+ # copy SSH files
+
+ scp_path="/usr/bin/scp"
+-sftp_server_path="/usr/lib/openssh/sftp-server"
++sftp_server_path="/usr/lib/ssh/sftp-server"
+ rssh_path="/usr/bin/rssh"
+ chroot_helper_path="/usr/lib/rssh/rssh_chroot_helper"
+
+@@ -159,7 +159,7 @@ for prog in $scp_path $sftp_server_path
+ mkdir -p "$jail_dir$(dirname $lib)" || \
+ fail "Error creating $(dirname $lib). Exiting" 6
+ echo -e "\t$lib"
+- cp "$lib" "$jail_dir$lib" || \
++ cp -f "$lib" "$jail_dir$lib" || \
+ fail "Error copying $lib. Exiting" 6
+ done
+ done
+@@ -168,7 +168,7 @@ done
+ # <triplet> is the relevant architecture triplet. Just copy everything
+ # that's installed, since we're not sure which ones we'll need.
+ echo "copying name service resolution libraries..."
+-if [ -n "$(find /lib -maxdepth 1 -name 'libnss*_' -print -quit)" ] ; then
++if [ -n "$(find /lib/ -maxdepth 1 -name 'libnss*' -print -quit)" ] ; then
+ tar -cf - /lib/libnss_compat* /lib/libnss*_files* \
+ | tar -C "$jail_dir" -xvf - | sed 's/^/\t/'
+ else
diff --git a/0006-mkchroot-symlink.patch b/0006-mkchroot-symlink.patch
new file mode 100644
index 000000000000..280cac2676d3
--- /dev/null
+++ b/0006-mkchroot-symlink.patch
@@ -0,0 +1,12 @@
+--- a/mkchroot.sh 2014-10-07 15:41:21.168017698 +0200
++++ b/mkchroot.sh 2014-10-07 15:47:19.483758137 +0200
+@@ -111,6 +111,9 @@ for jail_path in `dirname "$jail_dir$scp
+
+ done
+
++ln -fst "${jail_dir}" "usr/lib" || \
++ fail "Error creating /lib symlink. Exiting." 5
++
+ cp "$scp_path" "$jail_dir$scp_path" || \
+ fail "Error copying $scp_path. Exiting." 5
+ cp "$sftp_server_path" "$jail_dir$sftp_server_path" || \
diff --git a/0007-destdir.patch b/0007-destdir.patch
new file mode 100644
index 000000000000..90fa03e6d9ed
--- /dev/null
+++ b/0007-destdir.patch
@@ -0,0 +1,24 @@
+diff -aur old//Makefile.am new//Makefile.am
+--- old//Makefile.am 2006-12-21 23:22:37.000000000 +0100
++++ new//Makefile.am 2010-11-25 18:15:29.253376150 +0100
+@@ -16,7 +16,7 @@
+ $(CC) -c $(DEFS) $(ourdefs) $(CFLAGS) $(CPPFLAGS) $(LDFLAGS) $<
+
+ install-exec-hook:
+- chmod u+s $(libexecdir)/rssh_chroot_helper
++ chmod u+s $(DESTDIR)$(libexecdir)/rssh_chroot_helper
+
+ rpm: dist
+ rpmbuild -ta --sign $(base).tar.gz
+diff -aur old//Makefile.in new//Makefile.in
+--- old//Makefile.in 2010-08-01 15:59:54.000000000 +0200
++++ new//Makefile.in 2010-11-25 18:15:29.253376150 +0100
+@@ -830,7 +830,7 @@
+ $(CC) -c $(DEFS) $(ourdefs) $(CFLAGS) $(CPPFLAGS) $(LDFLAGS) $<
+
+ install-exec-hook:
+- chmod u+s $(libexecdir)/rssh_chroot_helper
++ chmod u+s $(DESTDIR)$(libexecdir)/rssh_chroot_helper
+
+ rpm: dist
+ rpmbuild -ta --sign $(base).tar.gz
diff --git a/0008-rsync-protocol.patch b/0008-rsync-protocol.patch
new file mode 100644
index 000000000000..e1694ee0adc3
--- /dev/null
+++ b/0008-rsync-protocol.patch
@@ -0,0 +1,130 @@
+From: Russ Allbery <rra@stanford.edu>
+Subject: [PATCH] Handle the rsync v3 -e option for protocol information
+
+As of rsync 3, rsync reused the -e option to pass protocol information
+from the client to the server. We therefore cannot reject all -e
+options to rsync, only ones not sent with --server or containing
+something other than protocol information as an argument.
+
+Also scan the rsync command line for any --rsh option and reject it as
+well. This replaces and improves the upstream strategy for rejecting
+that command-line option, taking advantage of the parsing added to
+check the -e option.
+
+Based on work by Robert Hardy.
+
+Debian Bug#471803
+
+Signed-off-by: Russ Allbery <rra@stanford.edu>
+
+---
+ util.c | 80 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++-------
+ 1 file changed, 72 insertions(+), 8 deletions(-)
+
+diff --git a/util.c b/util.c
+index f98d2bc..a257b06 100644
+--- a/util.c
++++ b/util.c
+@@ -56,6 +56,7 @@
+ #ifdef HAVE_LIBGEN_H
+ #include <libgen.h>
+ #endif /* HAVE_LIBGEN_H */
++#include <regex.h>
+
+ /* LOCAL INCLUDES */
+ #include "pathnames.h"
+@@ -198,6 +199,73 @@ bool check_command( char *cl, ShellOptions_t *opts, char *cmd, int cmdflag )
+
+
+ /*
++ * rsync_e_okay() - take the command line passed to rssh and look for an -e
++ * option. If one is found, make sure --server is provided
++ * and the option contains only the protocol information.
++ * Also check for and reject any --rsh option. Returns FALSE
++ * if the command line should not be allowed, TRUE if it is
++ * okay.
++ */
++static int rsync_e_okay( char **vec )
++{
++ regex_t re;
++ int server = FALSE;
++ int e_found = FALSE;
++
++ /*
++ * rsync will send -e, followed by either just "." (meaning no special
++ * protocol) or "N.N" (meaning a pre-release protocol version),
++ * followed by some number of alphabetic flags indicating various
++ * supported options. There may be other options between - and the e,
++ * but -e will always be the last option in the string. A typical
++ * option passed by the client is "-ltpre.iL".
++ *
++ * Note that if --server is given, this should never be parsed as a
++ * shell, but we'll tightly verify it anyway, just in case.
++ *
++ * This regex matches the acceptable flags containing -e, so if it
++ * does not match, the command line should be rejected.
++ */
++ static const char pattern[]
++ = "^-[a-df-zA-Z]*e[0-9]*\\.[0-9]*[a-zA-Z]*$";
++
++ /*
++ * Only recognize --server if it's the first option. rsync itself
++ * always passes it that way, and if it's not the first argument, it
++ * could be hidden from the server as an argument to some other
++ * option.
++ */
++ if ( vec && vec[0] && vec[1] && strcmp(vec[1], "--server") == 0 ){
++ server = TRUE;
++ }
++
++ /* Check the remaining options for -e or --rsh. */
++ if ( regcomp(&re, pattern, REG_EXTENDED | REG_NOSUB) != 0 ){
++ return FALSE;
++ }
++ while (vec && *vec){
++ if ( strcmp(*vec, "--") == 0 ) break;
++ if ( strcmp(*vec, "--rsh") == 0
++ || strncmp(*vec, "--rsh=", strlen("--rsh=")) == 0 ){
++ regfree(&re);
++ return FALSE;
++ }
++ if ( strncmp(*vec, "--", 2) != 0 && opt_exist(*vec, 'e') ){
++ e_found = TRUE;
++ if ( regexec(&re, *vec, 0, NULL, 0) != 0 ){
++ regfree(&re);
++ return FALSE;
++ }
++ }
++ vec++;
++ }
++ regfree(&re);
++ if ( e_found && !server ) return FALSE;
++ return TRUE;
++}
++
++
++/*
+ * check_command_line() - take the command line passed to rssh, and verify
+ * that the specified command is one the user is
+ * allowed to run and validate the arguments. Return the
+@@ -230,14 +298,10 @@ char *check_command_line( char **cl, ShellOptions_t *opts )
+
+ if ( check_command(*cl, opts, PATH_RSYNC, RSSH_ALLOW_RSYNC) ){
+ /* filter -e option */
+- if ( opt_filter(cl, 'e') ) return NULL;
+- while (cl && *cl){
+- if ( strstr(*cl, "--rsh" ) ){
+- fprintf(stderr, "\ninsecure --rsh= not allowed.");
+- log_msg("insecure --rsh option in rsync command line!");
+- return NULL;
+- }
+- cl++;
++ if ( !rsync_e_okay(cl) ){
++ fprintf(stderr, "\ninsecure -e or --rsh option not allowed.");
++ log_msg("insecure -e or --rsh option in rsync command line!");
++ return NULL;
+ }
+ return PATH_RSYNC;
+ }
+--
+tg: (f8b36e2..) fixes/rsync-protocol (depends on: upstream)
diff --git a/PKGBUILD b/PKGBUILD
new file mode 100644
index 000000000000..8962cac7fd7b
--- /dev/null
+++ b/PKGBUILD
@@ -0,0 +1,76 @@
+# Maintainer: Christian Hesse <mail@eworm.de>
+# Contributor: Judd Vinet <jvinet@zeroflux.org>
+# Contributor: Gaetan Bisson <bisson@archlinux.org>
+
+pkgname=rssh
+pkgver=2.3.4
+pkgrel=5
+pkgdesc='Restricted secure shell allowing only scp, sftp, cvs, rsync or rdist'
+url='http://www.pizzashack.org/rssh/'
+license=('custom:rssh')
+arch=('i686' 'x86_64' 'armv6h')
+backup=('etc/rssh.conf')
+depends=('openssh')
+validpgpkeys=('3A6FE9A6B62D6B47DC496B6D7637654281CFE75D')
+source=("http://downloads.sourceforge.net/sourceforge/rssh/rssh-${pkgver}.tar.gz"{,.sig}
+ '0001-fail-logging.patch'
+ '0002-info-to-debug.patch'
+ '0003-man-page-spelling.patch'
+ '0004-mkchroot.patch'
+ '0005-mkchroot-arch.patch'
+ '0006-mkchroot-symlink.patch'
+ '0007-destdir.patch'
+ '0008-rsync-protocol.patch')
+sha256sums=('f30c6a760918a0ed39cf9e49a49a76cb309d7ef1c25a66e77a41e2b1d0b40cd9'
+ 'SKIP'
+ 'd30f2f4fdb1b57f94773f5b0968a4da3356b14a040efe69ec1e976c615035c65'
+ '86f6ecf34f62415b0d6204d4cbebc47322dc2ec71732d06aa27758e35d688fcd'
+ '455b3bbccddf1493999d00c2cd46e62930ef4fd8211e0b7d3a89d8010d6a5431'
+ 'f7fd8723d2aa94e64e037c13c2f263a52104af680ab52bfcaea73dfa836457c2'
+ 'ac8894c4087a063ae8267d2fdfcde69c2fe6b67a8ff5917e4518b8f73f08ba3f'
+ 'bce98728cb9b55c92182d4901c5f9adf49376a07c5603514b0004e3d1c85e9c7'
+ '7fa03644f81dc37d77cc7e2cad994f17f91b2b8a49b1a74e41030a4ac764385e'
+ '0c772afe9088eeded129ead86775ef18e58c318bbc58fc3e2585e7ff09cc5e91')
+
+prepare() {
+ cd "${srcdir}/${pkgname}-${pkgver}"
+
+ # from debian package (2.3.3-4)
+ # http://ftp.de.debian.org/debian/pool/main/r/rssh/rssh_2.3.3-4.debian.tar.gz
+
+ patch -Np1 < ${srcdir}/0001-fail-logging.patch
+ patch -Np1 < ${srcdir}/0002-info-to-debug.patch
+ patch -Np1 < ${srcdir}/0003-man-page-spelling.patch
+ patch -Np1 < ${srcdir}/0004-mkchroot.patch
+
+ patch -Np1 < ${srcdir}/0005-mkchroot-arch.patch
+ patch -Np1 < ${srcdir}/0006-mkchroot-symlink.patch
+
+ patch -Np1 < ${srcdir}/0007-destdir.patch
+
+ patch -Np1 < ${srcdir}/0008-rsync-protocol.patch
+}
+
+build() {
+ cd "${srcdir}/${pkgname}-${pkgver}"
+
+ ./configure \
+ --prefix=/usr \
+ --libexecdir=/usr/lib/rssh \
+ --mandir=/usr/share/man \
+ --sysconfdir=/etc \
+
+ make
+}
+
+package() {
+ cd "${srcdir}/${pkgname}-${pkgver}"
+
+ make DESTDIR="${pkgdir}" install
+ mv ${pkgdir}/etc/rssh.conf.default ${pkgdir}/etc/rssh.conf
+
+ install -D -m0644 LICENSE "${pkgdir}"/usr/share/licenses/rssh/LICENSE
+
+ install -D -m0755 mkchroot.sh "${pkgdir}"/usr/bin/mkchroot
+}
+