[scponly] Patch to implement --enable-darcs-compat; also, security issue fixed

Dan Knapp dankna at gmail.com
Sat May 26 16:24:08 EDT 2007 

  Hi, I have impemented a new feature and am submitting the code in
the hopes that you can include it.  I actually sent it to the Debian
maintainer for your package first, simply because he was easier to
reach (no joining the list, etc, ...) but never heard back.  This is a
patch against 4.6.  It also includes a change to debian/rules, a file
which probably isn't in your personal copy of the source tree, ... I'm
not sure how you can deal with that.  The change just turns on my new
feature by default.

  The feature is to enable compatibility with the version-control
system Darcs, analogous to the --enable-svn-compat feature that
already exists.  Since most of the operations just manipulate files
which the user could already access via sftp, I don't think this has
unintended consequences.  It allows every darcs subcommand, except for
"darcs send", because that one would send an email, which would be a
new capability that the user didn't already have.  So my code blocks
it.

  The security issue I alluded to in the subject is a hole I noticed
in your existing code while implementing my feature.  I also fixed it,
which was trivial.  That's not in this patch because I didn't want to
bundle too much stuff together, so you can make a separate decision on
it.  Even though the impact of the hole is probably pretty small, I'm
not sure I should be describing the details on an open list... but
your website didn't make it clear who I should contact privately,
either.  So reply and let me know who I should be talking to, and I'll
send you the patch that fixes that.  It'll be self-evident what the
problem is when you see it.

  Attached, please find a unified-diff patch for my code which
implements --enable-darcs-compat.  Let me know what you think and
whether you'll be including it in the next release?

-- 
Dan Knapp
-------------- next part --------------
A non-text attachment was scrubbed...
Name: darcs-compat.diff
Type: application/octet-stream
Size: 11378 bytes
Desc: not available
Url : https://lists.ccs.neu.edu/pipermail/scponly/attachments/20070526/8702719f/attachment.obj

More information about the scponly mailing list