Date: Sunday, February 5, 2012 @ 10:15:17 Author: bisson Revision: 149042
archrelease: copy trunk to extra-i686, extra-x86_64 Added: rssh/repos/extra-i686/PKGBUILD (from rev 149041, rssh/trunk/PKGBUILD) rssh/repos/extra-i686/destdir.patch (from rev 149041, rssh/trunk/destdir.patch) rssh/repos/extra-i686/rsync.patch (from rev 149041, rssh/trunk/rsync.patch) rssh/repos/extra-x86_64/PKGBUILD (from rev 149041, rssh/trunk/PKGBUILD) rssh/repos/extra-x86_64/destdir.patch (from rev 149041, rssh/trunk/destdir.patch) rssh/repos/extra-x86_64/rsync.patch (from rev 149041, rssh/trunk/rsync.patch) Deleted: rssh/repos/extra-i686/PKGBUILD rssh/repos/extra-i686/destdir.patch rssh/repos/extra-i686/rsync.patch rssh/repos/extra-x86_64/PKGBUILD rssh/repos/extra-x86_64/destdir.patch rssh/repos/extra-x86_64/rsync.patch ----------------------------+ extra-i686/PKGBUILD | 74 +++++++++++++++------------ extra-i686/destdir.patch | 48 +++++++++--------- extra-i686/rsync.patch | 114 +++++++++++++++++++++---------------------- extra-x86_64/PKGBUILD | 74 +++++++++++++++------------ extra-x86_64/destdir.patch | 48 +++++++++--------- extra-x86_64/rsync.patch | 114 +++++++++++++++++++++---------------------- 6 files changed, 242 insertions(+), 230 deletions(-) Deleted: extra-i686/PKGBUILD =================================================================== --- extra-i686/PKGBUILD 2012-02-05 15:14:33 UTC (rev 149041) +++ extra-i686/PKGBUILD 2012-02-05 15:15:17 UTC (rev 149042) @@ -1,34 +0,0 @@ -# $Id$ -# Maintainer: Judd Vinet <jvi...@zeroflux.org> -pkgname=rssh -pkgver=2.3.3 -pkgrel=2 -pkgdesc='A restricted shell for use with OpenSSH, allowing only scp and/or sftp' -arch=('i686' 'x86_64') -url='http://www.pizzashack.org/rssh/' -depends=('openssh' 'glibc') -backup=('etc/rssh.conf') -license=('custom:rssh') -source=("http://downloads.sourceforge.net/sourceforge/rssh/rssh-$pkgver.tar.gz" - 'destdir.patch' - 'rsync.patch') -sha1sums=('0a6dd80b5e6059e0db12c9f1276121dd966b610a' - '85bd1694decae5872cbeeafd578b147eb13313c6' - '41f32f8a77b3a2b924ede6044ab67846e06b5d20') - -build() { - cd "$srcdir/$pkgname-$pkgver" - - patch -p1 < ../destdir.patch - patch -p1 < ../rsync.patch # FS#21783, debian patch - - ./configure --prefix=/usr --libexecdir=/usr/lib/rssh \ - --mandir=/usr/share/man --sysconfdir=/etc - make -} - -package() { - cd "$srcdir/$pkgname-$pkgver" - make DESTDIR="$pkgdir" install - install -Dm644 LICENSE "$pkgdir"/usr/share/licenses/rssh/LICENSE -} Copied: rssh/repos/extra-i686/PKGBUILD (from rev 149041, rssh/trunk/PKGBUILD) =================================================================== --- extra-i686/PKGBUILD (rev 0) +++ extra-i686/PKGBUILD 2012-02-05 15:15:17 UTC (rev 149042) @@ -0,0 +1,40 @@ +# $Id$ +# Contributor: Judd Vinet <jvi...@zeroflux.org> +# Maintainer: Gaetan Bisson <bis...@archlinux.org> + +pkgname=rssh +pkgver=2.3.3 +pkgrel=3 +pkgdesc='Restricted shell for use with OpenSSH, allowing only scp and/or sftp' +url='http://www.pizzashack.org/rssh/' +license=('custom:rssh') +arch=('i686' 'x86_64') +backup=('etc/rssh.conf') +depends=('openssh') +source=("http://downloads.sourceforge.net/sourceforge/rssh/rssh-${pkgver}.tar.gz" + 'destdir.patch' + 'rsync.patch') +sha1sums=('0a6dd80b5e6059e0db12c9f1276121dd966b610a' + '85bd1694decae5872cbeeafd578b147eb13313c6' + '41f32f8a77b3a2b924ede6044ab67846e06b5d20') + +build() { + cd "${srcdir}/${pkgname}-${pkgver}" + + patch -p1 -i ../destdir.patch + patch -p1 -i ../rsync.patch # FS#21783, debian patch + + ./configure \ + --prefix=/usr \ + --libexecdir=/usr/lib/rssh \ + --mandir=/usr/share/man \ + --sysconfdir=/etc \ + + make +} + +package() { + cd "${srcdir}/${pkgname}-${pkgver}" + make DESTDIR="${pkgdir}" install + install -Dm644 LICENSE "${pkgdir}"/usr/share/licenses/rssh/LICENSE +} Deleted: extra-i686/destdir.patch =================================================================== --- extra-i686/destdir.patch 2012-02-05 15:14:33 UTC (rev 149041) +++ extra-i686/destdir.patch 2012-02-05 15:15:17 UTC (rev 149042) @@ -1,24 +0,0 @@ -diff -aur old//Makefile.am new//Makefile.am ---- old//Makefile.am 2006-12-21 23:22:37.000000000 +0100 -+++ new//Makefile.am 2010-11-25 18:15:29.253376150 +0100 -@@ -16,7 +16,7 @@ - $(CC) -c $(DEFS) $(ourdefs) $(CFLAGS) $(CPPFLAGS) $(LDFLAGS) $< - - install-exec-hook: -- chmod u+s $(libexecdir)/rssh_chroot_helper -+ chmod u+s $(DESTDIR)$(libexecdir)/rssh_chroot_helper - - rpm: dist - rpmbuild -ta --sign $(base).tar.gz -diff -aur old//Makefile.in new//Makefile.in ---- old//Makefile.in 2010-08-01 15:59:54.000000000 +0200 -+++ new//Makefile.in 2010-11-25 18:15:29.253376150 +0100 -@@ -830,7 +830,7 @@ - $(CC) -c $(DEFS) $(ourdefs) $(CFLAGS) $(CPPFLAGS) $(LDFLAGS) $< - - install-exec-hook: -- chmod u+s $(libexecdir)/rssh_chroot_helper -+ chmod u+s $(DESTDIR)$(libexecdir)/rssh_chroot_helper - - rpm: dist - rpmbuild -ta --sign $(base).tar.gz Copied: rssh/repos/extra-i686/destdir.patch (from rev 149041, rssh/trunk/destdir.patch) =================================================================== --- extra-i686/destdir.patch (rev 0) +++ extra-i686/destdir.patch 2012-02-05 15:15:17 UTC (rev 149042) @@ -0,0 +1,24 @@ +diff -aur old//Makefile.am new//Makefile.am +--- old//Makefile.am 2006-12-21 23:22:37.000000000 +0100 ++++ new//Makefile.am 2010-11-25 18:15:29.253376150 +0100 +@@ -16,7 +16,7 @@ + $(CC) -c $(DEFS) $(ourdefs) $(CFLAGS) $(CPPFLAGS) $(LDFLAGS) $< + + install-exec-hook: +- chmod u+s $(libexecdir)/rssh_chroot_helper ++ chmod u+s $(DESTDIR)$(libexecdir)/rssh_chroot_helper + + rpm: dist + rpmbuild -ta --sign $(base).tar.gz +diff -aur old//Makefile.in new//Makefile.in +--- old//Makefile.in 2010-08-01 15:59:54.000000000 +0200 ++++ new//Makefile.in 2010-11-25 18:15:29.253376150 +0100 +@@ -830,7 +830,7 @@ + $(CC) -c $(DEFS) $(ourdefs) $(CFLAGS) $(CPPFLAGS) $(LDFLAGS) $< + + install-exec-hook: +- chmod u+s $(libexecdir)/rssh_chroot_helper ++ chmod u+s $(DESTDIR)$(libexecdir)/rssh_chroot_helper + + rpm: dist + rpmbuild -ta --sign $(base).tar.gz Deleted: extra-i686/rsync.patch =================================================================== --- extra-i686/rsync.patch 2012-02-05 15:14:33 UTC (rev 149041) +++ extra-i686/rsync.patch 2012-02-05 15:15:17 UTC (rev 149042) @@ -1,57 +0,0 @@ -diff -aur old//util.c new//util.c ---- old//util.c 2010-08-01 15:07:00.000000000 +0200 -+++ new//util.c 2010-11-25 18:16:24.086709600 +0100 -@@ -56,6 +56,7 @@ - #ifdef HAVE_LIBGEN_H - #include <libgen.h> - #endif /* HAVE_LIBGEN_H */ -+#include <regex.h> - - /* LOCAL INCLUDES */ - #include "pathnames.h" -@@ -187,6 +188,33 @@ - } - - /* -+ * check_rsync_e() - take the command line passed to rssh and look for a -e -+ * option. If one is found, make sure --server is provided -+ * and the option contains only the protocol information. -+ * Returns 1 if the command line is safe; 0 otherwise. -+ */ -+static int check_rsync_e( char *cl ) -+{ -+ int status; -+ regex_t re; -+ -+ /* -+ * This is more complicated than it looks because we don't want to -+ * trigger on the e in --server, but we do want to catch the common -+ * case of -ltpre.iL (which contains -e.). -+ */ -+ static const char pattern[] = "[ \t\v\f]-([^-][^ ]*)?e[^.0-9]"; -+ -+ if ( strstr(cl, "--server") == NULL ) return 0; -+ if ( regcomp(&re, pattern, REG_EXTENDED | REG_NOSUB) != 0 ){ -+ return 0; -+ } -+ status = regexec(&re, cl, 0, NULL, 0); -+ regfree(&re); -+ return (status == 0) ? 0 : 1; -+} -+ -+/* - * check_command_line() - take the command line passed to rssh, and verify - * that the specified command is one the user is - * allowed to run. Return the path of the command -@@ -230,9 +258,9 @@ - - if ( check_command(cl, opts, PATH_RSYNC, RSSH_ALLOW_RSYNC) ){ - /* filter -e option */ -- if ( opt_exist(cl, 'e') ){ -+ if ( opt_exist(cl, 'e') && !check_rsync_e(cl) ){ - fprintf(stderr, "\ninsecure -e option not allowed."); -- log_msg("insecure -e option in rdist command line!"); -+ log_msg("insecure -e option in rsync command line!"); - return NULL; - } - Copied: rssh/repos/extra-i686/rsync.patch (from rev 149041, rssh/trunk/rsync.patch) =================================================================== --- extra-i686/rsync.patch (rev 0) +++ extra-i686/rsync.patch 2012-02-05 15:15:17 UTC (rev 149042) @@ -0,0 +1,57 @@ +diff -aur old//util.c new//util.c +--- old//util.c 2010-08-01 15:07:00.000000000 +0200 ++++ new//util.c 2010-11-25 18:16:24.086709600 +0100 +@@ -56,6 +56,7 @@ + #ifdef HAVE_LIBGEN_H + #include <libgen.h> + #endif /* HAVE_LIBGEN_H */ ++#include <regex.h> + + /* LOCAL INCLUDES */ + #include "pathnames.h" +@@ -187,6 +188,33 @@ + } + + /* ++ * check_rsync_e() - take the command line passed to rssh and look for a -e ++ * option. If one is found, make sure --server is provided ++ * and the option contains only the protocol information. ++ * Returns 1 if the command line is safe; 0 otherwise. ++ */ ++static int check_rsync_e( char *cl ) ++{ ++ int status; ++ regex_t re; ++ ++ /* ++ * This is more complicated than it looks because we don't want to ++ * trigger on the e in --server, but we do want to catch the common ++ * case of -ltpre.iL (which contains -e.). ++ */ ++ static const char pattern[] = "[ \t\v\f]-([^-][^ ]*)?e[^.0-9]"; ++ ++ if ( strstr(cl, "--server") == NULL ) return 0; ++ if ( regcomp(&re, pattern, REG_EXTENDED | REG_NOSUB) != 0 ){ ++ return 0; ++ } ++ status = regexec(&re, cl, 0, NULL, 0); ++ regfree(&re); ++ return (status == 0) ? 0 : 1; ++} ++ ++/* + * check_command_line() - take the command line passed to rssh, and verify + * that the specified command is one the user is + * allowed to run. Return the path of the command +@@ -230,9 +258,9 @@ + + if ( check_command(cl, opts, PATH_RSYNC, RSSH_ALLOW_RSYNC) ){ + /* filter -e option */ +- if ( opt_exist(cl, 'e') ){ ++ if ( opt_exist(cl, 'e') && !check_rsync_e(cl) ){ + fprintf(stderr, "\ninsecure -e option not allowed."); +- log_msg("insecure -e option in rdist command line!"); ++ log_msg("insecure -e option in rsync command line!"); + return NULL; + } + Deleted: extra-x86_64/PKGBUILD =================================================================== --- extra-x86_64/PKGBUILD 2012-02-05 15:14:33 UTC (rev 149041) +++ extra-x86_64/PKGBUILD 2012-02-05 15:15:17 UTC (rev 149042) @@ -1,34 +0,0 @@ -# $Id$ -# Maintainer: Judd Vinet <jvi...@zeroflux.org> -pkgname=rssh -pkgver=2.3.3 -pkgrel=2 -pkgdesc='A restricted shell for use with OpenSSH, allowing only scp and/or sftp' -arch=('i686' 'x86_64') -url='http://www.pizzashack.org/rssh/' -depends=('openssh' 'glibc') -backup=('etc/rssh.conf') -license=('custom:rssh') -source=("http://downloads.sourceforge.net/sourceforge/rssh/rssh-$pkgver.tar.gz" - 'destdir.patch' - 'rsync.patch') -sha1sums=('0a6dd80b5e6059e0db12c9f1276121dd966b610a' - '85bd1694decae5872cbeeafd578b147eb13313c6' - '41f32f8a77b3a2b924ede6044ab67846e06b5d20') - -build() { - cd "$srcdir/$pkgname-$pkgver" - - patch -p1 < ../destdir.patch - patch -p1 < ../rsync.patch # FS#21783, debian patch - - ./configure --prefix=/usr --libexecdir=/usr/lib/rssh \ - --mandir=/usr/share/man --sysconfdir=/etc - make -} - -package() { - cd "$srcdir/$pkgname-$pkgver" - make DESTDIR="$pkgdir" install - install -Dm644 LICENSE "$pkgdir"/usr/share/licenses/rssh/LICENSE -} Copied: rssh/repos/extra-x86_64/PKGBUILD (from rev 149041, rssh/trunk/PKGBUILD) =================================================================== --- extra-x86_64/PKGBUILD (rev 0) +++ extra-x86_64/PKGBUILD 2012-02-05 15:15:17 UTC (rev 149042) @@ -0,0 +1,40 @@ +# $Id$ +# Contributor: Judd Vinet <jvi...@zeroflux.org> +# Maintainer: Gaetan Bisson <bis...@archlinux.org> + +pkgname=rssh +pkgver=2.3.3 +pkgrel=3 +pkgdesc='Restricted shell for use with OpenSSH, allowing only scp and/or sftp' +url='http://www.pizzashack.org/rssh/' +license=('custom:rssh') +arch=('i686' 'x86_64') +backup=('etc/rssh.conf') +depends=('openssh') +source=("http://downloads.sourceforge.net/sourceforge/rssh/rssh-${pkgver}.tar.gz" + 'destdir.patch' + 'rsync.patch') +sha1sums=('0a6dd80b5e6059e0db12c9f1276121dd966b610a' + '85bd1694decae5872cbeeafd578b147eb13313c6' + '41f32f8a77b3a2b924ede6044ab67846e06b5d20') + +build() { + cd "${srcdir}/${pkgname}-${pkgver}" + + patch -p1 -i ../destdir.patch + patch -p1 -i ../rsync.patch # FS#21783, debian patch + + ./configure \ + --prefix=/usr \ + --libexecdir=/usr/lib/rssh \ + --mandir=/usr/share/man \ + --sysconfdir=/etc \ + + make +} + +package() { + cd "${srcdir}/${pkgname}-${pkgver}" + make DESTDIR="${pkgdir}" install + install -Dm644 LICENSE "${pkgdir}"/usr/share/licenses/rssh/LICENSE +} Deleted: extra-x86_64/destdir.patch =================================================================== --- extra-x86_64/destdir.patch 2012-02-05 15:14:33 UTC (rev 149041) +++ extra-x86_64/destdir.patch 2012-02-05 15:15:17 UTC (rev 149042) @@ -1,24 +0,0 @@ -diff -aur old//Makefile.am new//Makefile.am ---- old//Makefile.am 2006-12-21 23:22:37.000000000 +0100 -+++ new//Makefile.am 2010-11-25 18:15:29.253376150 +0100 -@@ -16,7 +16,7 @@ - $(CC) -c $(DEFS) $(ourdefs) $(CFLAGS) $(CPPFLAGS) $(LDFLAGS) $< - - install-exec-hook: -- chmod u+s $(libexecdir)/rssh_chroot_helper -+ chmod u+s $(DESTDIR)$(libexecdir)/rssh_chroot_helper - - rpm: dist - rpmbuild -ta --sign $(base).tar.gz -diff -aur old//Makefile.in new//Makefile.in ---- old//Makefile.in 2010-08-01 15:59:54.000000000 +0200 -+++ new//Makefile.in 2010-11-25 18:15:29.253376150 +0100 -@@ -830,7 +830,7 @@ - $(CC) -c $(DEFS) $(ourdefs) $(CFLAGS) $(CPPFLAGS) $(LDFLAGS) $< - - install-exec-hook: -- chmod u+s $(libexecdir)/rssh_chroot_helper -+ chmod u+s $(DESTDIR)$(libexecdir)/rssh_chroot_helper - - rpm: dist - rpmbuild -ta --sign $(base).tar.gz Copied: rssh/repos/extra-x86_64/destdir.patch (from rev 149041, rssh/trunk/destdir.patch) =================================================================== --- extra-x86_64/destdir.patch (rev 0) +++ extra-x86_64/destdir.patch 2012-02-05 15:15:17 UTC (rev 149042) @@ -0,0 +1,24 @@ +diff -aur old//Makefile.am new//Makefile.am +--- old//Makefile.am 2006-12-21 23:22:37.000000000 +0100 ++++ new//Makefile.am 2010-11-25 18:15:29.253376150 +0100 +@@ -16,7 +16,7 @@ + $(CC) -c $(DEFS) $(ourdefs) $(CFLAGS) $(CPPFLAGS) $(LDFLAGS) $< + + install-exec-hook: +- chmod u+s $(libexecdir)/rssh_chroot_helper ++ chmod u+s $(DESTDIR)$(libexecdir)/rssh_chroot_helper + + rpm: dist + rpmbuild -ta --sign $(base).tar.gz +diff -aur old//Makefile.in new//Makefile.in +--- old//Makefile.in 2010-08-01 15:59:54.000000000 +0200 ++++ new//Makefile.in 2010-11-25 18:15:29.253376150 +0100 +@@ -830,7 +830,7 @@ + $(CC) -c $(DEFS) $(ourdefs) $(CFLAGS) $(CPPFLAGS) $(LDFLAGS) $< + + install-exec-hook: +- chmod u+s $(libexecdir)/rssh_chroot_helper ++ chmod u+s $(DESTDIR)$(libexecdir)/rssh_chroot_helper + + rpm: dist + rpmbuild -ta --sign $(base).tar.gz Deleted: extra-x86_64/rsync.patch =================================================================== --- extra-x86_64/rsync.patch 2012-02-05 15:14:33 UTC (rev 149041) +++ extra-x86_64/rsync.patch 2012-02-05 15:15:17 UTC (rev 149042) @@ -1,57 +0,0 @@ -diff -aur old//util.c new//util.c ---- old//util.c 2010-08-01 15:07:00.000000000 +0200 -+++ new//util.c 2010-11-25 18:16:24.086709600 +0100 -@@ -56,6 +56,7 @@ - #ifdef HAVE_LIBGEN_H - #include <libgen.h> - #endif /* HAVE_LIBGEN_H */ -+#include <regex.h> - - /* LOCAL INCLUDES */ - #include "pathnames.h" -@@ -187,6 +188,33 @@ - } - - /* -+ * check_rsync_e() - take the command line passed to rssh and look for a -e -+ * option. If one is found, make sure --server is provided -+ * and the option contains only the protocol information. -+ * Returns 1 if the command line is safe; 0 otherwise. -+ */ -+static int check_rsync_e( char *cl ) -+{ -+ int status; -+ regex_t re; -+ -+ /* -+ * This is more complicated than it looks because we don't want to -+ * trigger on the e in --server, but we do want to catch the common -+ * case of -ltpre.iL (which contains -e.). -+ */ -+ static const char pattern[] = "[ \t\v\f]-([^-][^ ]*)?e[^.0-9]"; -+ -+ if ( strstr(cl, "--server") == NULL ) return 0; -+ if ( regcomp(&re, pattern, REG_EXTENDED | REG_NOSUB) != 0 ){ -+ return 0; -+ } -+ status = regexec(&re, cl, 0, NULL, 0); -+ regfree(&re); -+ return (status == 0) ? 0 : 1; -+} -+ -+/* - * check_command_line() - take the command line passed to rssh, and verify - * that the specified command is one the user is - * allowed to run. Return the path of the command -@@ -230,9 +258,9 @@ - - if ( check_command(cl, opts, PATH_RSYNC, RSSH_ALLOW_RSYNC) ){ - /* filter -e option */ -- if ( opt_exist(cl, 'e') ){ -+ if ( opt_exist(cl, 'e') && !check_rsync_e(cl) ){ - fprintf(stderr, "\ninsecure -e option not allowed."); -- log_msg("insecure -e option in rdist command line!"); -+ log_msg("insecure -e option in rsync command line!"); - return NULL; - } - Copied: rssh/repos/extra-x86_64/rsync.patch (from rev 149041, rssh/trunk/rsync.patch) =================================================================== --- extra-x86_64/rsync.patch (rev 0) +++ extra-x86_64/rsync.patch 2012-02-05 15:15:17 UTC (rev 149042) @@ -0,0 +1,57 @@ +diff -aur old//util.c new//util.c +--- old//util.c 2010-08-01 15:07:00.000000000 +0200 ++++ new//util.c 2010-11-25 18:16:24.086709600 +0100 +@@ -56,6 +56,7 @@ + #ifdef HAVE_LIBGEN_H + #include <libgen.h> + #endif /* HAVE_LIBGEN_H */ ++#include <regex.h> + + /* LOCAL INCLUDES */ + #include "pathnames.h" +@@ -187,6 +188,33 @@ + } + + /* ++ * check_rsync_e() - take the command line passed to rssh and look for a -e ++ * option. If one is found, make sure --server is provided ++ * and the option contains only the protocol information. ++ * Returns 1 if the command line is safe; 0 otherwise. ++ */ ++static int check_rsync_e( char *cl ) ++{ ++ int status; ++ regex_t re; ++ ++ /* ++ * This is more complicated than it looks because we don't want to ++ * trigger on the e in --server, but we do want to catch the common ++ * case of -ltpre.iL (which contains -e.). ++ */ ++ static const char pattern[] = "[ \t\v\f]-([^-][^ ]*)?e[^.0-9]"; ++ ++ if ( strstr(cl, "--server") == NULL ) return 0; ++ if ( regcomp(&re, pattern, REG_EXTENDED | REG_NOSUB) != 0 ){ ++ return 0; ++ } ++ status = regexec(&re, cl, 0, NULL, 0); ++ regfree(&re); ++ return (status == 0) ? 0 : 1; ++} ++ ++/* + * check_command_line() - take the command line passed to rssh, and verify + * that the specified command is one the user is + * allowed to run. Return the path of the command +@@ -230,9 +258,9 @@ + + if ( check_command(cl, opts, PATH_RSYNC, RSSH_ALLOW_RSYNC) ){ + /* filter -e option */ +- if ( opt_exist(cl, 'e') ){ ++ if ( opt_exist(cl, 'e') && !check_rsync_e(cl) ){ + fprintf(stderr, "\ninsecure -e option not allowed."); +- log_msg("insecure -e option in rdist command line!"); ++ log_msg("insecure -e option in rsync command line!"); + return NULL; + } +