Backport SELinux build fix from CVS.

author: Colin Watson <cjwatson@debian.org> 2011-01-25 01:51:25 +0000
committer: Colin Watson <cjwatson@debian.org> 2011-01-25 01:51:25 +0000
commit: 5e750371bb19c8cc58b5faea70278d857acdae0a (patch)
tree: fa223746d886bda4acb9e242675bbcc4ddba4efb
parent: 26883397c648afa38ed502e68652945a794b0cd3 (diff)
9 files changed, 277 insertions, 14 deletions
diff --git a/Makefile.in b/Makefile.in
index f51b86a27..415577112 100644
--- a/Makefile.in
+++ b/Makefile.in
@@ -48,6 +48,7 @@ LD=@LD@
 CFLAGS=@CFLAGS@
 CPPFLAGS=-I. -I$(srcdir) @CPPFLAGS@ $(PATHS) @DEFS@
 LIBS=@LIBS@
+SSHLIBS=@SSHLIBS@
 SSHDLIBS=@SSHDLIBS@
 LIBEDIT=@LIBEDIT@
 AR=@AR@
@@ -144,7 +145,7 @@ libssh.a: $(LIBSSH_OBJS)
        $(RANLIB) $@
 ssh$(EXEEXT): $(LIBCOMPAT) libssh.a $(SSHOBJS)
-        $(LD) -o $@ $(SSHOBJS) $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS)
+        $(LD) -o $@ $(SSHOBJS) $(LDFLAGS) -lssh -lopenbsd-compat $(SSHLIBS) $(LIBS)
 sshd$(EXEEXT): libssh.a $(LIBCOMPAT) $(SSHDOBJS)
        $(LD) -o $@ $(SSHDOBJS) $(LDFLAGS) -lssh -lopenbsd-compat $(SSHDLIBS) $(LIBS)
diff --git a/configure b/configure
index 6e05311aa..7eaffb08e 100755
--- a/configure
+++ b/configure
@@ -696,7 +696,6 @@ STARTUP_SCRIPT_SHELL
 LOGIN_PROGRAM_FALLBACK
 PATH_PASSWD_PROG
 LD
-SSHDLIBS
 PKGCONFIG
 LIBEDIT
 TEST_SSH_SHA256
@@ -721,6 +720,8 @@ PROG_UPTIME
 PROG_IPCS
 PROG_TAIL
 INSTALL_SSH_PRNG_CMDS
+SSHLIBS
+SSHDLIBS
 KRB5CONF
 PRIVSEP_PATH
 xauth_path
@@ -9047,7 +9048,6 @@ cat >>confdefs.h <<\_ACEOF
 _ACEOF
                          SSHDLIBS="$SSHDLIBS -lcontract"
                          SPC_MSG="yes"
 fi
@@ -9126,7 +9126,6 @@ cat >>confdefs.h <<\_ACEOF
 _ACEOF
                        SSHDLIBS="$SSHDLIBS -lproject"
                        SP_MSG="yes"
 fi
@@ -27806,6 +27805,7 @@ echo "$as_me: error: SELinux support requires libselinux library" >&2;}
   { (exit 1); exit 1; }; }
 fi
+                SSHLIBS="$SSHLIBS $LIBSELINUX"
                SSHDLIBS="$SSHDLIBS $LIBSELINUX"
@@ -27908,6 +27908,8 @@ done
 fi
 # Check whether user wants Kerberos 5 support
 KRB5_MSG="no"
@@ -31416,7 +31418,6 @@ STARTUP_SCRIPT_SHELL!$STARTUP_SCRIPT_SHELL$ac_delim
 LOGIN_PROGRAM_FALLBACK!$LOGIN_PROGRAM_FALLBACK$ac_delim
 PATH_PASSWD_PROG!$PATH_PASSWD_PROG$ac_delim
 LD!$LD$ac_delim
-SSHDLIBS!$SSHDLIBS$ac_delim
 PKGCONFIG!$PKGCONFIG$ac_delim
 LIBEDIT!$LIBEDIT$ac_delim
 TEST_SSH_SHA256!$TEST_SSH_SHA256$ac_delim
@@ -31433,6 +31434,7 @@ PROG_PS!$PROG_PS$ac_delim
 PROG_SAR!$PROG_SAR$ac_delim
 PROG_W!$PROG_W$ac_delim
 PROG_WHO!$PROG_WHO$ac_delim
+PROG_LAST!$PROG_LAST$ac_delim
 _ACEOF
  if test `sed -n "s/.*$ac_delim\$/X/p" conf$$subs.sed | grep -c X` = 97; then
@@ -31474,7 +31476,6 @@ _ACEOF
 ac_delim='%!_!# '
 for ac_last_try in false false false false false :; do
  cat >conf$$subs.sed <<_ACEOF
-PROG_LAST!$PROG_LAST$ac_delim
 PROG_LASTLOG!$PROG_LASTLOG$ac_delim
 PROG_DF!$PROG_DF$ac_delim
 PROG_VMSTAT!$PROG_VMSTAT$ac_delim
@@ -31482,6 +31483,8 @@ PROG_UPTIME!$PROG_UPTIME$ac_delim
 PROG_IPCS!$PROG_IPCS$ac_delim
 PROG_TAIL!$PROG_TAIL$ac_delim
 INSTALL_SSH_PRNG_CMDS!$INSTALL_SSH_PRNG_CMDS$ac_delim
+SSHLIBS!$SSHLIBS$ac_delim
+SSHDLIBS!$SSHDLIBS$ac_delim
 KRB5CONF!$KRB5CONF$ac_delim
 PRIVSEP_PATH!$PRIVSEP_PATH$ac_delim
 xauth_path!$xauth_path$ac_delim
@@ -31496,7 +31499,7 @@ LIBOBJS!$LIBOBJS$ac_delim
 LTLIBOBJS!$LTLIBOBJS$ac_delim
 _ACEOF
-  if test `sed -n "s/.*$ac_delim\$/X/p" conf$$subs.sed | grep -c X` = 20; then
+  if test `sed -n "s/.*$ac_delim\$/X/p" conf$$subs.sed | grep -c X` = 21; then
    break
  elif $ac_last_try; then
    { { echo "$as_me:$LINENO: error: could not make $CONFIG_STATUS" >&5
@@ -31993,6 +31996,9 @@ echo "         Libraries: ${LIBS}"
 if test ! -z "${SSHDLIBS}"; then
 echo "         +for sshd: ${SSHDLIBS}"
 fi
+if test ! -z "${SSHLIBS}"; then
+echo "          +for ssh: ${SSHLIBS}"
+fi
 echo ""
diff --git a/configure.ac b/configure.ac
index d7d1a988d..f15518b78 100644
--- a/configure.ac
+++ b/configure.ac
@@ -761,7 +761,6 @@ mips-sony-bsd|mips-sony-newsos4)
                        [ AC_DEFINE(USE_SOLARIS_PROCESS_CONTRACTS, 1,
                                [Define if you have Solaris process contracts])
                          SSHDLIBS="$SSHDLIBS -lcontract"
-                          AC_SUBST(SSHDLIBS)
                          SPC_MSG="yes" ], )
                ],
        )
@@ -772,7 +771,6 @@ mips-sony-bsd|mips-sony-newsos4)
                        [ AC_DEFINE(USE_SOLARIS_PROJECTS, 1,
                                [Define if you have Solaris projects])
                        SSHDLIBS="$SSHDLIBS -lproject"
-                        AC_SUBST(SSHDLIBS)
                        SP_MSG="yes" ], )
                ],
        )
@@ -3539,11 +3537,14 @@ AC_ARG_WITH(selinux,
                          LIBS="$LIBS -lselinux"
                        ],
                        AC_MSG_ERROR(SELinux support requires libselinux library))
+                SSHLIBS="$SSHLIBS $LIBSELINUX"
                SSHDLIBS="$SSHDLIBS $LIBSELINUX"
                AC_CHECK_FUNCS(getseuserbyname get_default_context_with_level)
                LIBS="$save_LIBS"
        fi ]
 )
+AC_SUBST(SSHLIBS)
+AC_SUBST(SSHDLIBS)
 # Check whether user wants Kerberos 5 support
 KRB5_MSG="no"
@@ -4365,6 +4366,9 @@ echo "         Libraries: ${LIBS}"
 if test ! -z "${SSHDLIBS}"; then
 echo "         +for sshd: ${SSHDLIBS}"
 fi
+if test ! -z "${SSHLIBS}"; then
+echo "          +for ssh: ${SSHLIBS}"
+fi
 echo ""
diff --git a/debian/changelog b/debian/changelog
index e7f334fe8..b063f0fac 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -26,6 +26,7 @@ openssh (1:5.7p1-1) UNRELEASED; urgency=low
    installations or if you manually add 'HostKey
    /etc/ssh/ssh_host_ecdsa_key' to /etc/ssh/sshd_config.
  * Build-depend on libssl-dev (>= 0.9.8g) to ensure sufficient ECC support.
+  * Backport SELinux build fix from CVS.
 -- Colin Watson <cjwatson@debian.org>  Mon, 24 Jan 2011 12:07:24 +0000
diff --git a/debian/patches/selinux-build-failure.patch b/debian/patches/selinux-build-failure.patch
new file mode 100644
index 000000000..47c953009
--- /dev/null
+++ b/debian/patches/selinux-build-failure.patch
@@ -0,0 +1,236 @@
+Description: Fix SELinux build failure
+Origin: backport, http://bazaar.launchpad.net/~vcs-imports/openssh/main/revision/6317
+Author: Damien Miller <djm@mindrot.org>
+Last-Update: 2011-01-25
+Index: b/Makefile.in
+===================================================================
+--- a/Makefile.in
+++ b/Makefile.in
+@@ -48,6 +48,7 @@
+ CFLAGS=@CFLAGS@
+ CPPFLAGS=-I. -I$(srcdir) @CPPFLAGS@ $(PATHS) @DEFS@
+ LIBS=@LIBS@
+SSHLIBS=@SSHLIBS@
+ SSHDLIBS=@SSHDLIBS@
+ LIBEDIT=@LIBEDIT@
+ AR=@AR@
+@@ -144,7 +145,7 @@
+        $(RANLIB) $@
+ 
+ ssh$(EXEEXT): $(LIBCOMPAT) libssh.a $(SSHOBJS)
+-       $(LD) -o $@ $(SSHOBJS) $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS)
+       $(LD) -o $@ $(SSHOBJS) $(LDFLAGS) -lssh -lopenbsd-compat $(SSHLIBS) $(LIBS)
+ 
+ sshd$(EXEEXT): libssh.a        $(LIBCOMPAT) $(SSHDOBJS)
+        $(LD) -o $@ $(SSHDOBJS) $(LDFLAGS) -lssh -lopenbsd-compat $(SSHDLIBS) $(LIBS)
+Index: b/configure.ac
+===================================================================
+--- a/configure.ac
+++ b/configure.ac
+@@ -761,7 +761,6 @@
+                        [ AC_DEFINE(USE_SOLARIS_PROCESS_CONTRACTS, 1,
+                                [Define if you have Solaris process contracts])
+                          SSHDLIBS="$SSHDLIBS -lcontract"
+-                         AC_SUBST(SSHDLIBS)
+                          SPC_MSG="yes" ], )
+                ],
+        )
+@@ -772,7 +771,6 @@
+                        [ AC_DEFINE(USE_SOLARIS_PROJECTS, 1,
+                                [Define if you have Solaris projects])
+                        SSHDLIBS="$SSHDLIBS -lproject"
+-                       AC_SUBST(SSHDLIBS)
+                        SP_MSG="yes" ], )
+                ],
+        )
+@@ -3539,11 +3537,14 @@
+                          LIBS="$LIBS -lselinux"
+                        ],
+                        AC_MSG_ERROR(SELinux support requires libselinux library))
+               SSHLIBS="$SSHLIBS $LIBSELINUX"
+                SSHDLIBS="$SSHDLIBS $LIBSELINUX"
+                AC_CHECK_FUNCS(getseuserbyname get_default_context_with_level)
+                LIBS="$save_LIBS"
+        fi ]
+ )
+AC_SUBST(SSHLIBS)
+AC_SUBST(SSHDLIBS)
+ 
+ # Check whether user wants Kerberos 5 support
+ KRB5_MSG="no"
+@@ -4365,6 +4366,9 @@
+ if test ! -z "${SSHDLIBS}"; then
+ echo "         +for sshd: ${SSHDLIBS}"
+ fi
+if test ! -z "${SSHLIBS}"; then
+echo "          +for ssh: ${SSHLIBS}"
+fi
+ 
+ echo ""
+ 
+Index: b/configure
+===================================================================
+--- a/configure
+++ b/configure
+@@ -696,7 +696,6 @@
+ LOGIN_PROGRAM_FALLBACK
+ PATH_PASSWD_PROG
+ LD
+-SSHDLIBS
+ PKGCONFIG
+ LIBEDIT
+ TEST_SSH_SHA256
+@@ -721,6 +720,8 @@
+ PROG_IPCS
+ PROG_TAIL
+ INSTALL_SSH_PRNG_CMDS
+SSHLIBS
+SSHDLIBS
+ KRB5CONF
+ PRIVSEP_PATH
+ xauth_path
+@@ -9047,7 +9159,6 @@
+ _ACEOF
+ 
+                          SSHDLIBS="$SSHDLIBS -lcontract"
+-
+                          SPC_MSG="yes"
+ fi
+ 
+@@ -9126,7 +9237,6 @@
+ _ACEOF
+ 
+                        SSHDLIBS="$SSHDLIBS -lproject"
+-
+                        SP_MSG="yes"
+ fi
+ 
+@@ -27806,6 +27916,7 @@
+    { (exit 1); exit 1; }; }
+ fi
+ 
+               SSHLIBS="$SSHLIBS $LIBSELINUX"
+                SSHDLIBS="$SSHDLIBS $LIBSELINUX"
+ 
+ 
+@@ -27908,6 +28019,8 @@
+ fi
+ 
+ 
+
+
+ # Check whether user wants Kerberos 5 support
+ KRB5_MSG="no"
+ 
+@@ -31416,7 +31529,6 @@
+ LOGIN_PROGRAM_FALLBACK!$LOGIN_PROGRAM_FALLBACK$ac_delim
+ PATH_PASSWD_PROG!$PATH_PASSWD_PROG$ac_delim
+ LD!$LD$ac_delim
+-SSHDLIBS!$SSHDLIBS$ac_delim
+ PKGCONFIG!$PKGCONFIG$ac_delim
+ LIBEDIT!$LIBEDIT$ac_delim
+ TEST_SSH_SHA256!$TEST_SSH_SHA256$ac_delim
+@@ -31433,6 +31545,7 @@
+ PROG_SAR!$PROG_SAR$ac_delim
+ PROG_W!$PROG_W$ac_delim
+ PROG_WHO!$PROG_WHO$ac_delim
+PROG_LAST!$PROG_LAST$ac_delim
+ _ACEOF
+ 
+   if test `sed -n "s/.*$ac_delim\$/X/p" conf$$subs.sed | grep -c X` = 97; then
+@@ -31474,7 +31587,6 @@
+ ac_delim='%!_!# '
+ for ac_last_try in false false false false false :; do
+   cat >conf$$subs.sed <<_ACEOF
+-PROG_LAST!$PROG_LAST$ac_delim
+ PROG_LASTLOG!$PROG_LASTLOG$ac_delim
+ PROG_DF!$PROG_DF$ac_delim
+ PROG_VMSTAT!$PROG_VMSTAT$ac_delim
+@@ -31482,6 +31594,8 @@
+ PROG_IPCS!$PROG_IPCS$ac_delim
+ PROG_TAIL!$PROG_TAIL$ac_delim
+ INSTALL_SSH_PRNG_CMDS!$INSTALL_SSH_PRNG_CMDS$ac_delim
+SSHLIBS!$SSHLIBS$ac_delim
+SSHDLIBS!$SSHDLIBS$ac_delim
+ KRB5CONF!$KRB5CONF$ac_delim
+ PRIVSEP_PATH!$PRIVSEP_PATH$ac_delim
+ xauth_path!$xauth_path$ac_delim
+@@ -31496,7 +31610,7 @@
+ LTLIBOBJS!$LTLIBOBJS$ac_delim
+ _ACEOF
+ 
+-  if test `sed -n "s/.*$ac_delim\$/X/p" conf$$subs.sed | grep -c X` = 20; then
+  if test `sed -n "s/.*$ac_delim\$/X/p" conf$$subs.sed | grep -c X` = 21; then
+     break
+   elif $ac_last_try; then
+     { { echo "$as_me:$LINENO: error: could not make $CONFIG_STATUS" >&5
+@@ -31993,6 +32107,9 @@
+ if test ! -z "${SSHDLIBS}"; then
+ echo "         +for sshd: ${SSHDLIBS}"
+ fi
+if test ! -z "${SSHLIBS}"; then
+echo "          +for ssh: ${SSHLIBS}"
+fi
+ 
+ echo ""
+ 
+Index: b/openbsd-compat/port-linux.c
+===================================================================
+--- a/openbsd-compat/port-linux.c
+++ b/openbsd-compat/port-linux.c
+@@ -222,6 +222,20 @@
+        xfree(oldctx);
+        xfree(newctx);
+ }
+
+void
+ssh_selinux_setfscreatecon(const char *path)
+{
+               security_context_t context;
+
+               if (path == NULL) {
+                       setfscreatecon(NULL);
+                       return;
+               }
+               matchpathcon(path, 0700, &context);
+               setfscreatecon(context);
+}
+
+ #endif /* WITH_SELINUX */
+ 
+ #ifdef LINUX_OOM_ADJUST
+Index: b/openbsd-compat/port-linux.h
+===================================================================
+--- a/openbsd-compat/port-linux.h
+++ b/openbsd-compat/port-linux.h
+@@ -24,6 +24,7 @@
+ void ssh_selinux_setup_pty(char *, const char *);
+ void ssh_selinux_setup_exec_context(char *);
+ void ssh_selinux_change_context(const char *);
+void ssh_selinux_setfscreatecon(const char *);
+ #endif
+ 
+ #ifdef LINUX_OOM_ADJUST
+Index: b/ssh.c
+===================================================================
+--- a/ssh.c
+++ b/ssh.c
+@@ -852,15 +852,12 @@
+            strcmp(pw->pw_dir, "/") ? "/" : "", _PATH_SSH_USER_DIR);
+        if (r > 0 && (size_t)r < sizeof(buf) && stat(buf, &st) < 0) {
+ #ifdef WITH_SELINUX
+-               char *scon;
+-
+-               matchpathcon(buf, 0700, &scon);
+-               setfscreatecon(scon);
+               ssh_selinux_setfscreatecon(buf);
+ #endif
+                if (mkdir(buf, 0700) < 0)
+                        error("Could not create directory '%.200s'.", buf);
+ #ifdef WITH_SELINUX
+-               setfscreatecon(NULL);
+               ssh_selinux_setfscreatecon(NULL);
+ #endif
+        }
+        /* load options.identity_files */
diff --git a/debian/patches/series b/debian/patches/series
index 751a9868c..a3431201e 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -36,6 +36,9 @@ openbsd-docs.patch
 ssh-argv0.patch
 doc-hash-tab-completion.patch
+# Upstream backports
+selinux-build-failure.patch
 # Debian-specific configuration
 gnome-ssh-askpass2-icon.patch
 debian-config.patch
diff --git a/openbsd-compat/port-linux.c b/openbsd-compat/port-linux.c
index 86a7146a6..744a404c8 100644
--- a/openbsd-compat/port-linux.c
+++ b/openbsd-compat/port-linux.c
@@ -222,6 +222,20 @@ ssh_selinux_change_context(const char *newname)
        xfree(oldctx);
        xfree(newctx);
 }
+void
+ssh_selinux_setfscreatecon(const char *path)
+{
+                security_context_t context;
+                if (path == NULL) {
+                        setfscreatecon(NULL);
+                        return;
+                }
+                matchpathcon(path, 0700, &context);
+                setfscreatecon(context);
+}
 #endif /* WITH_SELINUX */
 #ifdef LINUX_OOM_ADJUST
diff --git a/openbsd-compat/port-linux.h b/openbsd-compat/port-linux.h
index 209d9a7a2..884482bf5 100644
--- a/openbsd-compat/port-linux.h
+++ b/openbsd-compat/port-linux.h
@@ -24,6 +24,7 @@ int ssh_selinux_enabled(void);
 void ssh_selinux_setup_pty(char *, const char *);
 void ssh_selinux_setup_exec_context(char *);
 void ssh_selinux_change_context(const char *);
+void ssh_selinux_setfscreatecon(const char *);
 #endif
 #ifdef LINUX_OOM_ADJUST
diff --git a/ssh.c b/ssh.c
index 77dbde058..aa2ad4a2f 100644
--- a/ssh.c
+++ b/ssh.c
@@ -852,15 +852,12 @@ main(int ac, char **av)
            strcmp(pw->pw_dir, "/") ? "/" : "", _PATH_SSH_USER_DIR);
        if (r > 0 && (size_t)r < sizeof(buf) && stat(buf, &st) < 0) {
 #ifdef WITH_SELINUX
-                char *scon;
+                ssh_selinux_setfscreatecon(buf);
-                matchpathcon(buf, 0700, &scon);
-                setfscreatecon(scon);
 #endif
                if (mkdir(buf, 0700) < 0)
                        error("Could not create directory '%.200s'.", buf);
 #ifdef WITH_SELINUX
-                setfscreatecon(NULL);
+                ssh_selinux_setfscreatecon(NULL);
 #endif
        }
        /* load options.identity_files */
author	Colin Watson <cjwatson@debian.org>	2011-01-25 01:51:25 +0000
committer	Colin Watson <cjwatson@debian.org>	2011-01-25 01:51:25 +0000
commit	5e750371bb19c8cc58b5faea70278d857acdae0a (patch)
tree	fa223746d886bda4acb9e242675bbcc4ddba4efb
parent	26883397c648afa38ed502e68652945a794b0cd3 (diff)

diff --git a/Makefile.in b/Makefile.in index f51b86a27..415577112 100644 --- a/Makefile.in +++ b/Makefile.in
@@ -48,6 +48,7 @@ LD=@LD@
48	CFLAGS=@CFLAGS@	48	CFLAGS=@CFLAGS@
49	CPPFLAGS=-I. -I$(srcdir) @CPPFLAGS@ $(PATHS) @DEFS@	49	CPPFLAGS=-I. -I$(srcdir) @CPPFLAGS@ $(PATHS) @DEFS@
50	LIBS=@LIBS@	50	LIBS=@LIBS@
		51	SSHLIBS=@SSHLIBS@
51	SSHDLIBS=@SSHDLIBS@	52	SSHDLIBS=@SSHDLIBS@
52	LIBEDIT=@LIBEDIT@	53	LIBEDIT=@LIBEDIT@
53	AR=@AR@	54	AR=@AR@
@@ -144,7 +145,7 @@ libssh.a: $(LIBSSH_OBJS)
144	$(RANLIB) $@	145	$(RANLIB) $@
145		146
146	ssh$(EXEEXT): $(LIBCOMPAT) libssh.a $(SSHOBJS)	147	ssh$(EXEEXT): $(LIBCOMPAT) libssh.a $(SSHOBJS)
147	$(LD) -o $@ $(SSHOBJS) $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS)	148	$(LD) -o $@ $(SSHOBJS) $(LDFLAGS) -lssh -lopenbsd-compat $(SSHLIBS) $(LIBS)
148		149
149	sshd$(EXEEXT): libssh.a $(LIBCOMPAT) $(SSHDOBJS)	150	sshd$(EXEEXT): libssh.a $(LIBCOMPAT) $(SSHDOBJS)
150	$(LD) -o $@ $(SSHDOBJS) $(LDFLAGS) -lssh -lopenbsd-compat $(SSHDLIBS) $(LIBS)	151	$(LD) -o $@ $(SSHDOBJS) $(LDFLAGS) -lssh -lopenbsd-compat $(SSHDLIBS) $(LIBS)


diff --git a/configure b/configure index 6e05311aa..7eaffb08e 100755 --- a/configure +++ b/configure
@@ -696,7 +696,6 @@ STARTUP_SCRIPT_SHELL
696	LOGIN_PROGRAM_FALLBACK	696	LOGIN_PROGRAM_FALLBACK
697	PATH_PASSWD_PROG	697	PATH_PASSWD_PROG
698	LD	698	LD
699	SSHDLIBS
700	PKGCONFIG	699	PKGCONFIG
701	LIBEDIT	700	LIBEDIT
702	TEST_SSH_SHA256	701	TEST_SSH_SHA256
@@ -721,6 +720,8 @@ PROG_UPTIME
721	PROG_IPCS	720	PROG_IPCS
722	PROG_TAIL	721	PROG_TAIL
723	INSTALL_SSH_PRNG_CMDS	722	INSTALL_SSH_PRNG_CMDS
		723	SSHLIBS
		724	SSHDLIBS
724	KRB5CONF	725	KRB5CONF
725	PRIVSEP_PATH	726	PRIVSEP_PATH
726	xauth_path	727	xauth_path
@@ -9047,7 +9048,6 @@ cat >>confdefs.h <<\_ACEOF
9047	_ACEOF	9048	_ACEOF
9048		9049
9049	SSHDLIBS="$SSHDLIBS -lcontract"	9050	SSHDLIBS="$SSHDLIBS -lcontract"
9050
9051	SPC_MSG="yes"	9051	SPC_MSG="yes"
9052	fi	9052	fi
9053		9053
@@ -9126,7 +9126,6 @@ cat >>confdefs.h <<\_ACEOF
9126	_ACEOF	9126	_ACEOF
9127		9127
9128	SSHDLIBS="$SSHDLIBS -lproject"	9128	SSHDLIBS="$SSHDLIBS -lproject"
9129
9130	SP_MSG="yes"	9129	SP_MSG="yes"
9131	fi	9130	fi
9132		9131
@@ -27806,6 +27805,7 @@ echo "$as_me: error: SELinux support requires libselinux library" >&2;}
27806	{ (exit 1); exit 1; }; }	27805	{ (exit 1); exit 1; }; }
27807	fi	27806	fi
27808		27807
		27808	SSHLIBS="$SSHLIBS $LIBSELINUX"
27809	SSHDLIBS="$SSHDLIBS $LIBSELINUX"	27809	SSHDLIBS="$SSHDLIBS $LIBSELINUX"
27810		27810
27811		27811
@@ -27908,6 +27908,8 @@ done
27908	fi	27908	fi
27909		27909
27910		27910
		27911
		27912
27911	# Check whether user wants Kerberos 5 support	27913	# Check whether user wants Kerberos 5 support
27912	KRB5_MSG="no"	27914	KRB5_MSG="no"
27913		27915
@@ -31416,7 +31418,6 @@ STARTUP_SCRIPT_SHELL!$STARTUP_SCRIPT_SHELL$ac_delim
31416	LOGIN_PROGRAM_FALLBACK!$LOGIN_PROGRAM_FALLBACK$ac_delim	31418	LOGIN_PROGRAM_FALLBACK!$LOGIN_PROGRAM_FALLBACK$ac_delim
31417	PATH_PASSWD_PROG!$PATH_PASSWD_PROG$ac_delim	31419	PATH_PASSWD_PROG!$PATH_PASSWD_PROG$ac_delim
31418	LD!$LD$ac_delim	31420	LD!$LD$ac_delim
31419	SSHDLIBS!$SSHDLIBS$ac_delim
31420	PKGCONFIG!$PKGCONFIG$ac_delim	31421	PKGCONFIG!$PKGCONFIG$ac_delim
31421	LIBEDIT!$LIBEDIT$ac_delim	31422	LIBEDIT!$LIBEDIT$ac_delim
31422	TEST_SSH_SHA256!$TEST_SSH_SHA256$ac_delim	31423	TEST_SSH_SHA256!$TEST_SSH_SHA256$ac_delim
@@ -31433,6 +31434,7 @@ PROG_PS!$PROG_PS$ac_delim
31433	PROG_SAR!$PROG_SAR$ac_delim	31434	PROG_SAR!$PROG_SAR$ac_delim
31434	PROG_W!$PROG_W$ac_delim	31435	PROG_W!$PROG_W$ac_delim
31435	PROG_WHO!$PROG_WHO$ac_delim	31436	PROG_WHO!$PROG_WHO$ac_delim
		31437	PROG_LAST!$PROG_LAST$ac_delim
31436	_ACEOF	31438	_ACEOF
31437		31439
31438	if test `sed -n "s/.*$ac_delim\$/X/p" conf$$subs.sed \| grep -c X` = 97; then	31440	if test `sed -n "s/.*$ac_delim\$/X/p" conf$$subs.sed \| grep -c X` = 97; then
@@ -31474,7 +31476,6 @@ _ACEOF
31474	ac_delim='%!_!# '	31476	ac_delim='%!_!# '
31475	for ac_last_try in false false false false false :; do	31477	for ac_last_try in false false false false false :; do
31476	cat >conf$$subs.sed <<_ACEOF	31478	cat >conf$$subs.sed <<_ACEOF
31477	PROG_LAST!$PROG_LAST$ac_delim
31478	PROG_LASTLOG!$PROG_LASTLOG$ac_delim	31479	PROG_LASTLOG!$PROG_LASTLOG$ac_delim
31479	PROG_DF!$PROG_DF$ac_delim	31480	PROG_DF!$PROG_DF$ac_delim
31480	PROG_VMSTAT!$PROG_VMSTAT$ac_delim	31481	PROG_VMSTAT!$PROG_VMSTAT$ac_delim
@@ -31482,6 +31483,8 @@ PROG_UPTIME!$PROG_UPTIME$ac_delim
31482	PROG_IPCS!$PROG_IPCS$ac_delim	31483	PROG_IPCS!$PROG_IPCS$ac_delim
31483	PROG_TAIL!$PROG_TAIL$ac_delim	31484	PROG_TAIL!$PROG_TAIL$ac_delim
31484	INSTALL_SSH_PRNG_CMDS!$INSTALL_SSH_PRNG_CMDS$ac_delim	31485	INSTALL_SSH_PRNG_CMDS!$INSTALL_SSH_PRNG_CMDS$ac_delim
		31486	SSHLIBS!$SSHLIBS$ac_delim
		31487	SSHDLIBS!$SSHDLIBS$ac_delim
31485	KRB5CONF!$KRB5CONF$ac_delim	31488	KRB5CONF!$KRB5CONF$ac_delim
31486	PRIVSEP_PATH!$PRIVSEP_PATH$ac_delim	31489	PRIVSEP_PATH!$PRIVSEP_PATH$ac_delim
31487	xauth_path!$xauth_path$ac_delim	31490	xauth_path!$xauth_path$ac_delim
@@ -31496,7 +31499,7 @@ LIBOBJS!$LIBOBJS$ac_delim
31496	LTLIBOBJS!$LTLIBOBJS$ac_delim	31499	LTLIBOBJS!$LTLIBOBJS$ac_delim
31497	_ACEOF	31500	_ACEOF
31498		31501
31499	if test `sed -n "s/.*$ac_delim\$/X/p" conf$$subs.sed \| grep -c X` = 20; then	31502	if test `sed -n "s/.*$ac_delim\$/X/p" conf$$subs.sed \| grep -c X` = 21; then
31500	break	31503	break
31501	elif $ac_last_try; then	31504	elif $ac_last_try; then
31502	{ { echo "$as_me:$LINENO: error: could not make $CONFIG_STATUS" >&5	31505	{ { echo "$as_me:$LINENO: error: could not make $CONFIG_STATUS" >&5
@@ -31993,6 +31996,9 @@ echo " Libraries: ${LIBS}"
31993	if test ! -z "${SSHDLIBS}"; then	31996	if test ! -z "${SSHDLIBS}"; then
31994	echo " +for sshd: ${SSHDLIBS}"	31997	echo " +for sshd: ${SSHDLIBS}"
31995	fi	31998	fi
		31999	if test ! -z "${SSHLIBS}"; then
		32000	echo " +for ssh: ${SSHLIBS}"
		32001	fi
31996		32002
31997	echo ""	32003	echo ""
31998		32004


diff --git a/configure.ac b/configure.ac index d7d1a988d..f15518b78 100644 --- a/configure.ac +++ b/configure.ac
@@ -761,7 +761,6 @@ mips-sony-bsd\|mips-sony-newsos4)
761	[ AC_DEFINE(USE_SOLARIS_PROCESS_CONTRACTS, 1,	761	[ AC_DEFINE(USE_SOLARIS_PROCESS_CONTRACTS, 1,
762	[Define if you have Solaris process contracts])	762	[Define if you have Solaris process contracts])
763	SSHDLIBS="$SSHDLIBS -lcontract"	763	SSHDLIBS="$SSHDLIBS -lcontract"
764	AC_SUBST(SSHDLIBS)
765	SPC_MSG="yes" ], )	764	SPC_MSG="yes" ], )
766	],	765	],
767	)	766	)
@@ -772,7 +771,6 @@ mips-sony-bsd\|mips-sony-newsos4)
772	[ AC_DEFINE(USE_SOLARIS_PROJECTS, 1,	771	[ AC_DEFINE(USE_SOLARIS_PROJECTS, 1,
773	[Define if you have Solaris projects])	772	[Define if you have Solaris projects])
774	SSHDLIBS="$SSHDLIBS -lproject"	773	SSHDLIBS="$SSHDLIBS -lproject"
775	AC_SUBST(SSHDLIBS)
776	SP_MSG="yes" ], )	774	SP_MSG="yes" ], )
777	],	775	],
778	)	776	)
@@ -3539,11 +3537,14 @@ AC_ARG_WITH(selinux,
3539	LIBS="$LIBS -lselinux"	3537	LIBS="$LIBS -lselinux"
3540	],	3538	],
3541	AC_MSG_ERROR(SELinux support requires libselinux library))	3539	AC_MSG_ERROR(SELinux support requires libselinux library))
		3540	SSHLIBS="$SSHLIBS $LIBSELINUX"
3542	SSHDLIBS="$SSHDLIBS $LIBSELINUX"	3541	SSHDLIBS="$SSHDLIBS $LIBSELINUX"
3543	AC_CHECK_FUNCS(getseuserbyname get_default_context_with_level)	3542	AC_CHECK_FUNCS(getseuserbyname get_default_context_with_level)
3544	LIBS="$save_LIBS"	3543	LIBS="$save_LIBS"
3545	fi ]	3544	fi ]
3546	)	3545	)
		3546	AC_SUBST(SSHLIBS)
		3547	AC_SUBST(SSHDLIBS)
3547		3548
3548	# Check whether user wants Kerberos 5 support	3549	# Check whether user wants Kerberos 5 support
3549	KRB5_MSG="no"	3550	KRB5_MSG="no"
@@ -4365,6 +4366,9 @@ echo " Libraries: ${LIBS}"
4365	if test ! -z "${SSHDLIBS}"; then	4366	if test ! -z "${SSHDLIBS}"; then
4366	echo " +for sshd: ${SSHDLIBS}"	4367	echo " +for sshd: ${SSHDLIBS}"
4367	fi	4368	fi
		4369	if test ! -z "${SSHLIBS}"; then
		4370	echo " +for ssh: ${SSHLIBS}"
		4371	fi
4368		4372
4369	echo ""	4373	echo ""
4370		4374


diff --git a/debian/changelog b/debian/changelog index e7f334fe8..b063f0fac 100644 --- a/debian/changelog +++ b/debian/changelog
@@ -26,6 +26,7 @@ openssh (1:5.7p1-1) UNRELEASED; urgency=low
26	installations or if you manually add 'HostKey	26	installations or if you manually add 'HostKey
27	/etc/ssh/ssh_host_ecdsa_key' to /etc/ssh/sshd_config.	27	/etc/ssh/ssh_host_ecdsa_key' to /etc/ssh/sshd_config.
28	* Build-depend on libssl-dev (>= 0.9.8g) to ensure sufficient ECC support.	28	* Build-depend on libssl-dev (>= 0.9.8g) to ensure sufficient ECC support.
		29	* Backport SELinux build fix from CVS.
29		30
30	-- Colin Watson <cjwatson@debian.org> Mon, 24 Jan 2011 12:07:24 +0000	31	-- Colin Watson <cjwatson@debian.org> Mon, 24 Jan 2011 12:07:24 +0000
31		32


diff --git a/debian/patches/selinux-build-failure.patch b/debian/patches/selinux-build-failure.patch new file mode 100644 index 000000000..47c953009 --- /dev/null +++ b/debian/patches/selinux-build-failure.patch
@@ -0,0 +1,236 @@
		1	Description: Fix SELinux build failure
		2	Origin: backport, http://bazaar.launchpad.net/~vcs-imports/openssh/main/revision/6317
		3	Author: Damien Miller <djm@mindrot.org>
		4	Last-Update: 2011-01-25
		5
		6	Index: b/Makefile.in
		7	===================================================================
		8	--- a/Makefile.in
		9	+++ b/Makefile.in
		10	@@ -48,6 +48,7 @@
		11	CFLAGS=@CFLAGS@
		12	CPPFLAGS=-I. -I$(srcdir) @CPPFLAGS@ $(PATHS) @DEFS@
		13	LIBS=@LIBS@
		14	+SSHLIBS=@SSHLIBS@
		15	SSHDLIBS=@SSHDLIBS@
		16	LIBEDIT=@LIBEDIT@
		17	AR=@AR@
		18	@@ -144,7 +145,7 @@
		19	$(RANLIB) $@
		20
		21	ssh$(EXEEXT): $(LIBCOMPAT) libssh.a $(SSHOBJS)
		22	- $(LD) -o $@ $(SSHOBJS) $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS)
		23	+ $(LD) -o $@ $(SSHOBJS) $(LDFLAGS) -lssh -lopenbsd-compat $(SSHLIBS) $(LIBS)
		24
		25	sshd$(EXEEXT): libssh.a $(LIBCOMPAT) $(SSHDOBJS)
		26	$(LD) -o $@ $(SSHDOBJS) $(LDFLAGS) -lssh -lopenbsd-compat $(SSHDLIBS) $(LIBS)
		27	Index: b/configure.ac
		28	===================================================================
		29	--- a/configure.ac
		30	+++ b/configure.ac
		31	@@ -761,7 +761,6 @@
		32	[ AC_DEFINE(USE_SOLARIS_PROCESS_CONTRACTS, 1,
		33	[Define if you have Solaris process contracts])
		34	SSHDLIBS="$SSHDLIBS -lcontract"
		35	- AC_SUBST(SSHDLIBS)
		36	SPC_MSG="yes" ], )
		37	],
		38	)
		39	@@ -772,7 +771,6 @@
		40	[ AC_DEFINE(USE_SOLARIS_PROJECTS, 1,
		41	[Define if you have Solaris projects])
		42	SSHDLIBS="$SSHDLIBS -lproject"
		43	- AC_SUBST(SSHDLIBS)
		44	SP_MSG="yes" ], )
		45	],
		46	)
		47	@@ -3539,11 +3537,14 @@
		48	LIBS="$LIBS -lselinux"
		49	],
		50	AC_MSG_ERROR(SELinux support requires libselinux library))
		51	+ SSHLIBS="$SSHLIBS $LIBSELINUX"
		52	SSHDLIBS="$SSHDLIBS $LIBSELINUX"
		53	AC_CHECK_FUNCS(getseuserbyname get_default_context_with_level)
		54	LIBS="$save_LIBS"
		55	fi ]
		56	)
		57	+AC_SUBST(SSHLIBS)
		58	+AC_SUBST(SSHDLIBS)
		59
		60	# Check whether user wants Kerberos 5 support
		61	KRB5_MSG="no"
		62	@@ -4365,6 +4366,9 @@
		63	if test ! -z "${SSHDLIBS}"; then
		64	echo " +for sshd: ${SSHDLIBS}"
		65	fi
		66	+if test ! -z "${SSHLIBS}"; then
		67	+echo " +for ssh: ${SSHLIBS}"
		68	+fi
		69
		70	echo ""
		71
		72	Index: b/configure
		73	===================================================================
		74	--- a/configure
		75	+++ b/configure
		76	@@ -696,7 +696,6 @@
		77	LOGIN_PROGRAM_FALLBACK
		78	PATH_PASSWD_PROG
		79	LD
		80	-SSHDLIBS
		81	PKGCONFIG
		82	LIBEDIT
		83	TEST_SSH_SHA256
		84	@@ -721,6 +720,8 @@
		85	PROG_IPCS
		86	PROG_TAIL
		87	INSTALL_SSH_PRNG_CMDS
		88	+SSHLIBS
		89	+SSHDLIBS
		90	KRB5CONF
		91	PRIVSEP_PATH
		92	xauth_path
		93	@@ -9047,7 +9159,6 @@
		94	_ACEOF
		95
		96	SSHDLIBS="$SSHDLIBS -lcontract"
		97	-
		98	SPC_MSG="yes"
		99	fi
		100
		101	@@ -9126,7 +9237,6 @@
		102	_ACEOF
		103
		104	SSHDLIBS="$SSHDLIBS -lproject"
		105	-
		106	SP_MSG="yes"
		107	fi
		108
		109	@@ -27806,6 +27916,7 @@
		110	{ (exit 1); exit 1; }; }
		111	fi
		112
		113	+ SSHLIBS="$SSHLIBS $LIBSELINUX"
		114	SSHDLIBS="$SSHDLIBS $LIBSELINUX"
		115
		116
		117	@@ -27908,6 +28019,8 @@
		118	fi
		119
		120
		121	+
		122	+
		123	# Check whether user wants Kerberos 5 support
		124	KRB5_MSG="no"
		125
		126	@@ -31416,7 +31529,6 @@
		127	LOGIN_PROGRAM_FALLBACK!$LOGIN_PROGRAM_FALLBACK$ac_delim
		128	PATH_PASSWD_PROG!$PATH_PASSWD_PROG$ac_delim
		129	LD!$LD$ac_delim
		130	-SSHDLIBS!$SSHDLIBS$ac_delim
		131	PKGCONFIG!$PKGCONFIG$ac_delim
		132	LIBEDIT!$LIBEDIT$ac_delim
		133	TEST_SSH_SHA256!$TEST_SSH_SHA256$ac_delim
		134	@@ -31433,6 +31545,7 @@
		135	PROG_SAR!$PROG_SAR$ac_delim
		136	PROG_W!$PROG_W$ac_delim
		137	PROG_WHO!$PROG_WHO$ac_delim
		138	+PROG_LAST!$PROG_LAST$ac_delim
		139	_ACEOF
		140
		141	if test `sed -n "s/.*$ac_delim\$/X/p" conf$$subs.sed \| grep -c X` = 97; then
		142	@@ -31474,7 +31587,6 @@
		143	ac_delim='%!_!# '
		144	for ac_last_try in false false false false false :; do
		145	cat >conf$$subs.sed <<_ACEOF
		146	-PROG_LAST!$PROG_LAST$ac_delim
		147	PROG_LASTLOG!$PROG_LASTLOG$ac_delim
		148	PROG_DF!$PROG_DF$ac_delim
		149	PROG_VMSTAT!$PROG_VMSTAT$ac_delim
		150	@@ -31482,6 +31594,8 @@
		151	PROG_IPCS!$PROG_IPCS$ac_delim
		152	PROG_TAIL!$PROG_TAIL$ac_delim
		153	INSTALL_SSH_PRNG_CMDS!$INSTALL_SSH_PRNG_CMDS$ac_delim
		154	+SSHLIBS!$SSHLIBS$ac_delim
		155	+SSHDLIBS!$SSHDLIBS$ac_delim
		156	KRB5CONF!$KRB5CONF$ac_delim
		157	PRIVSEP_PATH!$PRIVSEP_PATH$ac_delim
		158	xauth_path!$xauth_path$ac_delim
		159	@@ -31496,7 +31610,7 @@
		160	LTLIBOBJS!$LTLIBOBJS$ac_delim
		161	_ACEOF
		162
		163	- if test `sed -n "s/.*$ac_delim\$/X/p" conf$$subs.sed \| grep -c X` = 20; then
		164	+ if test `sed -n "s/.*$ac_delim\$/X/p" conf$$subs.sed \| grep -c X` = 21; then
		165	break
		166	elif $ac_last_try; then
		167	{ { echo "$as_me:$LINENO: error: could not make $CONFIG_STATUS" >&5
		168	@@ -31993,6 +32107,9 @@
		169	if test ! -z "${SSHDLIBS}"; then
		170	echo " +for sshd: ${SSHDLIBS}"
		171	fi
		172	+if test ! -z "${SSHLIBS}"; then
		173	+echo " +for ssh: ${SSHLIBS}"
		174	+fi
		175
		176	echo ""
		177
		178	Index: b/openbsd-compat/port-linux.c
		179	===================================================================
		180	--- a/openbsd-compat/port-linux.c
		181	+++ b/openbsd-compat/port-linux.c
		182	@@ -222,6 +222,20 @@
		183	xfree(oldctx);
		184	xfree(newctx);
		185	}
		186	+
		187	+void
		188	+ssh_selinux_setfscreatecon(const char *path)
		189	+{
		190	+ security_context_t context;
		191	+
		192	+ if (path == NULL) {
		193	+ setfscreatecon(NULL);
		194	+ return;
		195	+ }
		196	+ matchpathcon(path, 0700, &context);
		197	+ setfscreatecon(context);
		198	+}
		199	+
		200	#endif /* WITH_SELINUX */
		201
		202	#ifdef LINUX_OOM_ADJUST
		203	Index: b/openbsd-compat/port-linux.h
		204	===================================================================
		205	--- a/openbsd-compat/port-linux.h
		206	+++ b/openbsd-compat/port-linux.h
		207	@@ -24,6 +24,7 @@
		208	void ssh_selinux_setup_pty(char , const char );
		209	void ssh_selinux_setup_exec_context(char *);
		210	void ssh_selinux_change_context(const char *);
		211	+void ssh_selinux_setfscreatecon(const char *);
		212	#endif
		213
		214	#ifdef LINUX_OOM_ADJUST
		215	Index: b/ssh.c
		216	===================================================================
		217	--- a/ssh.c
		218	+++ b/ssh.c
		219	@@ -852,15 +852,12 @@
		220	strcmp(pw->pw_dir, "/") ? "/" : "", _PATH_SSH_USER_DIR);
		221	if (r > 0 && (size_t)r < sizeof(buf) && stat(buf, &st) < 0) {
		222	#ifdef WITH_SELINUX
		223	- char *scon;
		224	-
		225	- matchpathcon(buf, 0700, &scon);
		226	- setfscreatecon(scon);
		227	+ ssh_selinux_setfscreatecon(buf);
		228	#endif
		229	if (mkdir(buf, 0700) < 0)
		230	error("Could not create directory '%.200s'.", buf);
		231	#ifdef WITH_SELINUX
		232	- setfscreatecon(NULL);
		233	+ ssh_selinux_setfscreatecon(NULL);
		234	#endif
		235	}
		236	/* load options.identity_files */


diff --git a/debian/patches/series b/debian/patches/series index 751a9868c..a3431201e 100644 --- a/debian/patches/series +++ b/debian/patches/series
@@ -36,6 +36,9 @@ openbsd-docs.patch
36	ssh-argv0.patch	36	ssh-argv0.patch
37	doc-hash-tab-completion.patch	37	doc-hash-tab-completion.patch
38		38
		39	# Upstream backports
		40	selinux-build-failure.patch
		41
39	# Debian-specific configuration	42	# Debian-specific configuration
40	gnome-ssh-askpass2-icon.patch	43	gnome-ssh-askpass2-icon.patch
41	debian-config.patch	44	debian-config.patch


diff --git a/openbsd-compat/port-linux.c b/openbsd-compat/port-linux.c index 86a7146a6..744a404c8 100644 --- a/openbsd-compat/port-linux.c +++ b/openbsd-compat/port-linux.c
@@ -222,6 +222,20 @@ ssh_selinux_change_context(const char *newname)
222	xfree(oldctx);	222	xfree(oldctx);
223	xfree(newctx);	223	xfree(newctx);
224	}	224	}
		225
		226	void
		227	ssh_selinux_setfscreatecon(const char *path)
		228	{
		229	security_context_t context;
		230
		231	if (path == NULL) {
		232	setfscreatecon(NULL);
		233	return;
		234	}
		235	matchpathcon(path, 0700, &context);
		236	setfscreatecon(context);
		237	}
		238
225	#endif /* WITH_SELINUX */	239	#endif /* WITH_SELINUX */
226		240
227	#ifdef LINUX_OOM_ADJUST	241	#ifdef LINUX_OOM_ADJUST


diff --git a/openbsd-compat/port-linux.h b/openbsd-compat/port-linux.h index 209d9a7a2..884482bf5 100644 --- a/openbsd-compat/port-linux.h +++ b/openbsd-compat/port-linux.h
@@ -24,6 +24,7 @@ int ssh_selinux_enabled(void);
24	void ssh_selinux_setup_pty(char , const char );	24	void ssh_selinux_setup_pty(char , const char );
25	void ssh_selinux_setup_exec_context(char *);	25	void ssh_selinux_setup_exec_context(char *);
26	void ssh_selinux_change_context(const char *);	26	void ssh_selinux_change_context(const char *);
		27	void ssh_selinux_setfscreatecon(const char *);
27	#endif	28	#endif
28		29
29	#ifdef LINUX_OOM_ADJUST	30	#ifdef LINUX_OOM_ADJUST


diff --git a/ssh.c b/ssh.c index 77dbde058..aa2ad4a2f 100644 --- a/ssh.c +++ b/ssh.c
@@ -852,15 +852,12 @@ main(int ac, char **av)
852	strcmp(pw->pw_dir, "/") ? "/" : "", _PATH_SSH_USER_DIR);	852	strcmp(pw->pw_dir, "/") ? "/" : "", _PATH_SSH_USER_DIR);
853	if (r > 0 && (size_t)r < sizeof(buf) && stat(buf, &st) < 0) {	853	if (r > 0 && (size_t)r < sizeof(buf) && stat(buf, &st) < 0) {
854	#ifdef WITH_SELINUX	854	#ifdef WITH_SELINUX
855	char *scon;	855	ssh_selinux_setfscreatecon(buf);
856
857	matchpathcon(buf, 0700, &scon);
858	setfscreatecon(scon);
859	#endif	856	#endif
860	if (mkdir(buf, 0700) < 0)	857	if (mkdir(buf, 0700) < 0)
861	error("Could not create directory '%.200s'.", buf);	858	error("Could not create directory '%.200s'.", buf);
862	#ifdef WITH_SELINUX	859	#ifdef WITH_SELINUX
863	setfscreatecon(NULL);	860	ssh_selinux_setfscreatecon(NULL);
864	#endif	861	#endif
865	}	862	}
866	/* load options.identity_files */	863	/* load options.identity_files */