Name: rssh
Version: 2.3.4
Release: 20%{?dist}
Summary: Restricted shell for use with OpenSSH, allowing only scp and/or sftp
License: BSD
URL: http://www.pizzashack.org/rssh/
Source0: http://downloads.sourceforge.net/%{name}/%{name}-%{version}.tar.gz
Source1: http://downloads.sourceforge.net/%{name}/%{name}-%{version}.tar.gz.sig
Patch0: rssh-2.3.4-makefile.patch
Patch2: rssh-2.3.4-command-line-error.patch
# https://sourceforge.net/p/rssh/mailman/message/36536555/
# CVE-2019-3463 CVE-2019-3464 007
Patch3: rssh-2.3.4-Verify-rsync-command-options.patch
# https://sourceforge.net/p/rssh/mailman/message/36530715/
# https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=919623
# CVE-2019-1000018 009
Patch4: rssh-2.3.4-Verify-scp-command-options.patch
# 010
Patch5: rssh-2.3.4-Check-command-line-after-chroot.patch
BuildRequires: make
BuildRequires: gcc
BuildRequires: openssh-server
BuildRequires: openssh-clients
BuildRequires: cvs
BuildRequires: rsync
BuildRequires: rdist
Requires: openssh-server
Requires(pre): shadow-utils
%description
rssh is a restricted shell for use with OpenSSH, allowing only scp
and/or sftp. For example, if you have a server which you only want
to allow users to copy files off of via scp, without providing shell
access, you can use rssh to do that. It is a alternative to scponly.
%prep
%setup -q
%patch0 -p1 -b .makefile
%patch2 -p1 -b .cmdline-error
%patch3 -p1 -b .rsync_opts
%patch4 -p1 -b .scp_opts
%patch5 -p1 -b .chroot_cmd
chmod 644 conf_convert.sh
chmod 644 mkchroot.sh
%build
%configure
%make_build
%install
%make_install
# since rssh 2.3.4, default config is installed as rssh.conf.default,
# rename it for packaging in rpm
mv %{buildroot}/%{_sysconfdir}/rssh.conf{.default,}
%pre
getent group rsshusers >/dev/null || groupadd -r rsshusers
exit 0
%files
%license COPYING
%doc AUTHORS ChangeLog CHROOT NEWS README SECURITY TODO
%doc conf_convert.sh mkchroot.sh
%{_mandir}/man1/rssh.1*
%{_mandir}/man5/rssh.conf.5*
%config(noreplace) %{_sysconfdir}/rssh.conf
%attr(750, root, rsshusers) %{_bindir}/rssh
%attr(4750, root, rsshusers) %{_libexecdir}/rssh_chroot_helper
%changelog
* Wed Jan 27 2021 Fedora Release Engineering <releng@fedoraproject.org> - 2.3.4-20
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
* Sat Aug 01 2020 Fedora Release Engineering <releng@fedoraproject.org> - 2.3.4-19
- Second attempt - Rebuilt for
https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
* Wed Jul 29 2020 Fedora Release Engineering <releng@fedoraproject.org> - 2.3.4-18
- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
* Thu Jan 30 2020 Fedora Release Engineering <releng@fedoraproject.org> - 2.3.4-17
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
* Sat Dec 21 2019 Frederick Lefebvre <fredlef@amazon.com> - 2.3.4-16
- Fix regression in patch for CVE-2019-1000018.
* Wed Oct 30 2019 Xavier Bachelot <xavier@bachelot.org> - 2.3.4-15
- Clean up specfile.
- Add patches for CVE-2019-3463, CVE-2019-3464 and CVE-2019-1000018.
* Fri Jul 26 2019 Fedora Release Engineering <releng@fedoraproject.org> - 2.3.4-14
- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
* Sat Feb 02 2019 Fedora Release Engineering <releng@fedoraproject.org> - 2.3.4-13
- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
* Sat Jul 14 2018 Fedora Release Engineering <releng@fedoraproject.org> - 2.3.4-12
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
* Fri Feb 09 2018 Fedora Release Engineering <releng@fedoraproject.org> - 2.3.4-11
- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
* Thu Aug 03 2017 Fedora Release Engineering <releng@fedoraproject.org> - 2.3.4-10
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild
* Thu Jul 27 2017 Fedora Release Engineering <releng@fedoraproject.org> - 2.3.4-9
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
* Sat Feb 11 2017 Fedora Release Engineering <releng@fedoraproject.org> - 2.3.4-8
- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild
* Thu Feb 04 2016 Fedora Release Engineering <releng@fedoraproject.org> - 2.3.4-7
- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild
* Thu Jun 18 2015 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.3.4-6
- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild
* Mon Aug 18 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.3.4-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
* Sun Jun 08 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.3.4-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
* Sun Aug 04 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.3.4-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
* Thu Feb 14 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.3.4-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild
* Mon Dec 10 2012 Tomas Hoger <thoger@fedoraproject.org> - 2.3.4-1
- Update to upstream version 2.3.4, which fixes CVE-2012-3478 and CVE-2012-2252
- Updated rsync-protocol.patch to fix CVE-2012-2251, and to apply on top of the
CVE-2012-3478 and CVE-2012-2252 fixes.
- Updated makefile.patch to preserve RPM CFLAGS.
- Added command-line-error.patch (from Debian), correcting error message
generated when insecure command line option is used (CVE-2012-3478 fix
regression).
* Sat Jul 21 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.3.3-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
* Mon Feb 6 2012 Daniel Drake <dsd@laptop.org> - 2.3.3-3
- Add patch for rsync3 compat (#485946)
* Sat Jan 14 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.3.3-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild
* Thu May 19 2011 Rahul Sundaram <sundaram@fedoraproject.org> - 2.3.3-1
- Upstream security fix release. Resolves rhbz#705904
* Wed Feb 09 2011 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.3.2-8
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
* Sun Jul 26 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.3.2-7
- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild
* Wed Feb 25 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.3.2-6
- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild
* Thu Oct 30 2008 Ian Weller <ianweller@gmail.com> - 2.3.2-5
- Remove pre and post scripts
- https://bugzilla.redhat.com/show_bug.cgi?id=456182#c17
* Mon Aug 11 2008 Rahul Sundaram <sundaram@fedoraproject.org> - 2.3.2-4
- Fix review issues and apply patch
* Thu Aug 07 2008 Rahul Sundaram <sundaram@fedoraproject.org> - 2.3.2-3
- Fix postun to remove rssh shell
* Wed Jul 30 2008 Rahul Sundaram <sundaram@fedoraproject.org> - 2.3.2-2
- Fix BR and defattr. Added a group and shell
* Tue Jul 22 2008 Rahul Sundaram <sundaram@fedoraproject.org> - 2.3.2-1
- initial spec