diff --git a/.hgtags b/.hgtags
--- a/.hgtags
+++ b/.hgtags
@@ -37,3 +37,4 @@ 8fbd8b0c3ddc2fa4ac9e4ca16942a03eb593df2d
f0609aa5d5d05a1ca2f97c3995542236131c9d8a v4.11.6
b5b30547d90d2e088472a70c84878f429ffbf40d v4.12.0
9072253aa8894d20c00b4a43dc61c2168c1eff94 v4.12.1
+6a517543ea9ef9987d74371bd2a315eb0b232dc9 v4.12.2
diff --git a/docs/release-notes/release-notes-4.12.0.rst b/docs/release-notes/release-notes-4.12.0.rst
--- a/docs/release-notes/release-notes-4.12.0.rst
+++ b/docs/release-notes/release-notes-4.12.0.rst
@@ -32,7 +32,7 @@ New Features
prevent problems when connection to LDAP is not stable causing RhodeCode
instances to freeze waiting on LDAP connections.
- User groups: expose public user group profiles. Allows to see members of a user
- groups by other team members, if they have proper permissions.
+ group by other team members, if they have proper permissions.
- UI: show pull request page in quick nav menu on my account for quicker access.
- UI: hidden/outdated comments now have visible markers next to line numbers.
This allows access to them without showing all hidden comments.
@@ -99,7 +99,7 @@ Performance
^^^^^^^^^^^
- Diffs: don't use recurred diffset attachment in diffs. This makes
-this structure much harder to garbage collect. Reduces memory usage.
+ this structure much harder to garbage collect. Reduces memory usage.
- Diff cache: added caching for better performance of large pull requests.
@@ -114,7 +114,7 @@ Fixes
- Pull requests: fixed cases with default expected refs are closed or unavailable.
For Mercurial with closed default branch a compare across forks could fail.
- Core: properly report 502 errors for gevent and gunicorn.
- Gevent wtih Gunicorn doesn't raise normal pycurl errors.
+ Gevent with Gunicorn doesn't raise normal pycurl errors.
- Auth plugins: fixed problem with cache of settings in multi-worker mode.
The previous implementation had a bug that cached the settings in each class,
caused not refreshing the update of settings in multi-worker mode.
@@ -130,14 +130,15 @@ Upgrade notes
^^^^^^^^^^^^^
- This release adds support for SVN hook. This required lots of changes on how we
-handle SVN protocol. We did thoughtful tests for SVN compatibility.
-Please be advised to check the behaviour of SVN repositories during this update.
+ handle SVN protocol. We did thoughtful tests for SVN compatibility.
+ Please be advised to check the behaviour of SVN repositories during this update.
A check and migrate of SVN hooks is required. In order to do so, please execute
`Rescan filesystem` from admin > settings > Remap and Rescan. This will migrate
all SVN hook to latest available version. To migrate single repository only,
please go to the following url: `your-rhodecode-server.com/REPO_NAME/settings/advanced/hooks`
-- Diff caches are turned off by default for backward compatibility. We however recommend
-turning them on either individually for bigger repositories or globally for every repository.
-This setting can be found in admin > settings > vcs, or repository > settings > vcs
+- Diff caches are turned off by default for backward compatibility.
+ We however recommend turning them on either individually for bigger
+ repositories or globally for every repository.
+ This setting can be found in admin > settings > vcs, or repository > settings > vcs
diff --git a/docs/release-notes/release-notes-4.12.2.rst b/docs/release-notes/release-notes-4.12.2.rst
new file mode 100644
--- /dev/null
+++ b/docs/release-notes/release-notes-4.12.2.rst
@@ -0,0 +1,41 @@
+|RCE| 4.12.2 |RNS|
+------------------
+
+Release Date
+^^^^^^^^^^^^
+
+- 2018-05-16
+
+
+New Features
+^^^^^^^^^^^^
+
+
+
+General
+^^^^^^^
+
+- Jenkins: further improve handling of proxied Jenkins server.
+
+
+Security
+^^^^^^^^
+
+- SSH: fixed found problem with key-storage that could allow remote logins
+ performed by rhodecode authorized users with specially crafted SSH Keys.
+
+
+Performance
+^^^^^^^^^^^
+
+
+
+Fixes
+^^^^^
+
+
+
+Upgrade notes
+^^^^^^^^^^^^^
+
+- Unscheduled release addressing found security problem.
diff --git a/docs/release-notes/release-notes.rst b/docs/release-notes/release-notes.rst
--- a/docs/release-notes/release-notes.rst
+++ b/docs/release-notes/release-notes.rst
@@ -9,6 +9,7 @@ Release Notes
.. toctree::
:maxdepth: 1
+ release-notes-4.12.2.rst
release-notes-4.12.1.rst
release-notes-4.12.0.rst
release-notes-4.11.6.rst
diff --git a/rhodecode/apps/admin/views/users.py b/rhodecode/apps/admin/views/users.py
--- a/rhodecode/apps/admin/views/users.py
+++ b/rhodecode/apps/admin/views/users.py
@@ -835,7 +835,7 @@ class UsersView(UserAppView):
fingerprint = key.hash_md5()
ssh_key = SshKeyModel().create(
- c.user.user_id, fingerprint, key_data, description)
+ c.user.user_id, fingerprint, key.keydata, description)
ssh_key_data = ssh_key.get_api_data()
audit_logger.store_web(
diff --git a/rhodecode/apps/my_account/views/my_account_ssh_keys.py b/rhodecode/apps/my_account/views/my_account_ssh_keys.py
--- a/rhodecode/apps/my_account/views/my_account_ssh_keys.py
+++ b/rhodecode/apps/my_account/views/my_account_ssh_keys.py
@@ -98,7 +98,7 @@ class MyAccountSshKeysView(BaseAppView,
fingerprint = key.hash_md5()
ssh_key = SshKeyModel().create(
- c.user.user_id, fingerprint, key_data, description)
+ c.user.user_id, fingerprint, key.keydata, description)
ssh_key_data = ssh_key.get_api_data()
audit_logger.store_web(
diff --git a/rhodecode/apps/ssh_support/utils.py b/rhodecode/apps/ssh_support/utils.py
--- a/rhodecode/apps/ssh_support/utils.py
+++ b/rhodecode/apps/ssh_support/utils.py
@@ -84,16 +84,23 @@ def _generate_ssh_authorized_keys_file(
for user_key in all_active_keys:
username = user_key.user.username
user_id = user_key.user.user_id
+ # replace all newline from ends and inside
+ safe_key_data = user_key.ssh_key_data\
+ .strip()\
+ .replace('\n', ' ') \
+ .replace('\t', ' ') \
+ .replace('\r', ' ')
- keys_file.write(
- line_tmpl.format(
- ssh_opts=ssh_opts or SSH_OPTS,
- wrapper_command=ssh_wrapper_cmd,
- ini_path=ini_path,
- user_id=user_id,
- user=username,
- user_key_id=user_key.ssh_key_id,
- key=user_key.ssh_key_data))
+ line = line_tmpl.format(
+ ssh_opts=ssh_opts or SSH_OPTS,
+ wrapper_command=ssh_wrapper_cmd,
+ ini_path=ini_path,
+ user_id=user_id,
+ user=username,
+ user_key_id=user_key.ssh_key_id,
+ key=safe_key_data)
+
+ keys_file.write(line)
log.debug('addkey: Key added for user: `%s`', username)
keys_file.close()
diff --git a/rhodecode/templates/admin/users/user_edit_ssh_keys_generate.mako b/rhodecode/templates/admin/users/user_edit_ssh_keys_generate.mako
--- a/rhodecode/templates/admin/users/user_edit_ssh_keys_generate.mako
+++ b/rhodecode/templates/admin/users/user_edit_ssh_keys_generate.mako
@@ -8,13 +8,13 @@
${_('Private key')}
-# Save the content as
-# Windows: /Users//.ssh/id_rsa_rhodecode_access_priv.key
-# macOS: /Users//.ssh/id_rsa_rhodecode_access_priv.key
-# Linux: /home//.ssh/id_rsa_rhodecode_access_priv.key
+# Save the below content as
+# Windows: /Users/{username}/.ssh/id_rsa_rhodecode_access_priv.key
+# macOS: /Users/{yourname}/.ssh/id_rsa_rhodecode_access_priv.key
+# Linux: /home/{username}/.ssh/id_rsa_rhodecode_access_priv.key
# Change permissions to 0600 to make it secure, and usable.
-e.g chmod 0600 /home//.ssh/id_rsa_rhodecode_access_priv.key
+e.g chmod 0600 /home/{username}/.ssh/id_rsa_rhodecode_access_priv.key