Debian
rssh package

Change logs for rssh source package in Wheezy

  1. Wheezy (7.0)
  2. Change log 
  • rssh (2.3.3-6) unstable; urgency=high


  * Fix several flaws in validation of rsync options.  Ensure --server
    cannot be hidden from the server by putting it after -- or as the
    argument to another option.  Verify that the -e option's value matches
    expectations rather than trying to look for invalid -e option values.
    (CVE-2012-2251)
  * Reject the rsync --rsh option even if it does not contain a trailing
    equal sign.  (CVE-2012-2252)

 -- Russ Allbery <email address hidden>  Thu, 22 Nov 2012 12:01:41 -0800
  • rssh (2.3.3-5) unstable; urgency=medium


  * Apply upstream patch to close security vulnerability that permitted
    clever manipulation of environment variables on the ssh command line
    to bypass rssh checking.  (CVE-2012-3478)

 -- Russ Allbery <email address hidden>  Fri, 10 Aug 2012 22:14:34 -0700
  • rssh (2.3.3-4) unstable; urgency=low


  * Force libexecdir to /usr/lib/rssh.  This is not a library package and
    has no reason to be using the multiarch paths, but picked up the
    modification to libexecdir as a side effect of the debhelper
    compatibility level change.  (Closes: #663011)

 -- Russ Allbery <email address hidden>  Wed, 07 Mar 2012 16:07:37 -0800
  • rssh (2.3.3-2) unstable; urgency=low


  * Update examples/mkchroot.sh to include libnss modules in a multiarch
    subdirectory of /lib if none exist directly in /lib.
  * Update to debhelper compatibility level V9.
    - Enable compiler hardening flags, including bindnow and PIE.
      (Closes: #654155)
  * Use dh-autoreconf to regenerate the Autotools build system rather than
    rolling our own equivalent.
  * Update standards version to 3.9.2 (no changes required).

 -- Russ Allbery <email address hidden>  Sun, 05 Feb 2012 19:51:55 -0800
  • rssh (2.3.3-1) unstable; urgency=low
  * New upstream release.    - Exit with non-zero status when fatal() is called.    - Merges Debian fixes/config-parse-fatal, fixes/man-page-hyphen, and      fixes/missing-config patches.  * In the example mkchroot script, also check for and copy over the    dependencies of any of the NSS libraries we copy over.  This picks up    the libnsl library, which is now required.  Print out a warning that    mkchroot doesn't copy over any of the libraries required for other    supporting programs (rsync, etc.), only those for scp and sftp.    (Closes: #611878)  * Update debian/copyright to the current DEP-5 format.  * Update to debhelper compatibility level V8.  * Update to standards version 3.9.1 (no changes required). -- Russ Allbery <email address hidden>  Mon, 28 Feb 2011 17:45:00 -0800
  • rssh (2.3.2-13) unstable; urgency=low


  * When allocating the buffer to tell a locked-out user what commands are
    supported, add an additional byte for the nul at the end of the
    string.  (Closes: #601145)

 -- Russ Allbery <email address hidden>  Wed, 10 Nov 2010 11:23:07 -0800