summaryrefslogtreecommitdiff
path: root/debian/patches/selinux-role.patch
diff options
context:
space:
mode:
authorColin Watson <cjwatson@debian.org>2018-07-10 15:06:26 +0000
committerColin Watson <cjwatson@debian.org>2018-07-10 15:06:26 +0000
commit064fa3f4a8bd3b2e297bc4cfbaa7a22375323663 (patch)
treec23159a23239438f10da5f025ca2297ad44ca9d5 /debian/patches/selinux-role.patch
parent970f1c25f7c73067f2f07e2e64c88201c90ff490 (diff)
parent92d266b9e75233afd4a1ce663f062b7e9a843e65 (diff)
Merge branch 'fix-authorized_keys-environment-var' into 'master'
Fix ENV restriction of authorized keys See merge request ssh-team/openssh!2
Diffstat (limited to 'debian/patches/selinux-role.patch')
-rw-r--r--debian/patches/selinux-role.patch30
1 files changed, 15 insertions, 15 deletions
diff --git a/debian/patches/selinux-role.patch b/debian/patches/selinux-role.patch
index 5662207cd..5c0bad093 100644
--- a/debian/patches/selinux-role.patch
+++ b/debian/patches/selinux-role.patch
@@ -31,7 +31,7 @@ Patch-Name: selinux-role.patch
31 15 files changed, 97 insertions(+), 30 deletions(-) 31 15 files changed, 97 insertions(+), 30 deletions(-)
32 32
33diff --git a/auth.h b/auth.h 33diff --git a/auth.h b/auth.h
34index 23ce67ca..15ba7073 100644 34index 23ce67caf..15ba7073e 100644
35--- a/auth.h 35--- a/auth.h
36+++ b/auth.h 36+++ b/auth.h
37@@ -65,6 +65,7 @@ struct Authctxt { 37@@ -65,6 +65,7 @@ struct Authctxt {
@@ -43,7 +43,7 @@ index 23ce67ca..15ba7073 100644
43 /* Method lists for multiple authentication */ 43 /* Method lists for multiple authentication */
44 char **auth_methods; /* modified from server config */ 44 char **auth_methods; /* modified from server config */
45diff --git a/auth2.c b/auth2.c 45diff --git a/auth2.c b/auth2.c
46index c34f58c4..be5e9f15 100644 46index c34f58c45..be5e9f15f 100644
47--- a/auth2.c 47--- a/auth2.c
48+++ b/auth2.c 48+++ b/auth2.c
49@@ -218,7 +218,7 @@ input_userauth_request(int type, u_int32_t seq, struct ssh *ssh) 49@@ -218,7 +218,7 @@ input_userauth_request(int type, u_int32_t seq, struct ssh *ssh)
@@ -81,7 +81,7 @@ index c34f58c4..be5e9f15 100644
81 if (auth2_setup_methods_lists(authctxt) != 0) 81 if (auth2_setup_methods_lists(authctxt) != 0)
82 packet_disconnect("no authentication methods enabled"); 82 packet_disconnect("no authentication methods enabled");
83diff --git a/monitor.c b/monitor.c 83diff --git a/monitor.c b/monitor.c
84index 868fb0d2..ed37458f 100644 84index 868fb0d2d..ed37458fb 100644
85--- a/monitor.c 85--- a/monitor.c
86+++ b/monitor.c 86+++ b/monitor.c
87@@ -128,6 +128,7 @@ int mm_answer_sign(int, Buffer *); 87@@ -128,6 +128,7 @@ int mm_answer_sign(int, Buffer *);
@@ -158,7 +158,7 @@ index 868fb0d2..ed37458f 100644
158 buffer_put_int(m, 1); 158 buffer_put_int(m, 1);
159 buffer_put_cstring(m, s->tty); 159 buffer_put_cstring(m, s->tty);
160diff --git a/monitor.h b/monitor.h 160diff --git a/monitor.h b/monitor.h
161index ec41404c..4c7955d7 100644 161index ec41404c7..4c7955d7a 100644
162--- a/monitor.h 162--- a/monitor.h
163+++ b/monitor.h 163+++ b/monitor.h
164@@ -68,6 +68,8 @@ enum monitor_reqtype { 164@@ -68,6 +68,8 @@ enum monitor_reqtype {
@@ -171,7 +171,7 @@ index ec41404c..4c7955d7 100644
171 171
172 struct monitor { 172 struct monitor {
173diff --git a/monitor_wrap.c b/monitor_wrap.c 173diff --git a/monitor_wrap.c b/monitor_wrap.c
174index e749efc1..7b2d06c6 100644 174index e749efc18..7b2d06c65 100644
175--- a/monitor_wrap.c 175--- a/monitor_wrap.c
176+++ b/monitor_wrap.c 176+++ b/monitor_wrap.c
177@@ -331,10 +331,10 @@ mm_auth2_read_banner(void) 177@@ -331,10 +331,10 @@ mm_auth2_read_banner(void)
@@ -219,7 +219,7 @@ index e749efc1..7b2d06c6 100644
219 int 219 int
220 mm_auth_password(struct ssh *ssh, char *password) 220 mm_auth_password(struct ssh *ssh, char *password)
221diff --git a/monitor_wrap.h b/monitor_wrap.h 221diff --git a/monitor_wrap.h b/monitor_wrap.h
222index 0970d1f8..492de5c8 100644 222index 0970d1f87..492de5c85 100644
223--- a/monitor_wrap.h 223--- a/monitor_wrap.h
224+++ b/monitor_wrap.h 224+++ b/monitor_wrap.h
225@@ -43,7 +43,8 @@ int mm_is_monitor(void); 225@@ -43,7 +43,8 @@ int mm_is_monitor(void);
@@ -233,7 +233,7 @@ index 0970d1f8..492de5c8 100644
233 char *mm_auth2_read_banner(void); 233 char *mm_auth2_read_banner(void);
234 int mm_auth_password(struct ssh *, char *); 234 int mm_auth_password(struct ssh *, char *);
235diff --git a/openbsd-compat/port-linux.c b/openbsd-compat/port-linux.c 235diff --git a/openbsd-compat/port-linux.c b/openbsd-compat/port-linux.c
236index 8c5325cc..8a3e5c68 100644 236index 8c5325cc3..8a3e5c68d 100644
237--- a/openbsd-compat/port-linux.c 237--- a/openbsd-compat/port-linux.c
238+++ b/openbsd-compat/port-linux.c 238+++ b/openbsd-compat/port-linux.c
239@@ -27,6 +27,12 @@ 239@@ -27,6 +27,12 @@
@@ -314,7 +314,7 @@ index 8c5325cc..8a3e5c68 100644
314 /* XXX: should these calls fatal() upon failure in enforcing mode? */ 314 /* XXX: should these calls fatal() upon failure in enforcing mode? */
315 315
316diff --git a/openbsd-compat/port-linux.h b/openbsd-compat/port-linux.h 316diff --git a/openbsd-compat/port-linux.h b/openbsd-compat/port-linux.h
317index 3c22a854..c8812942 100644 317index 3c22a854d..c88129428 100644
318--- a/openbsd-compat/port-linux.h 318--- a/openbsd-compat/port-linux.h
319+++ b/openbsd-compat/port-linux.h 319+++ b/openbsd-compat/port-linux.h
320@@ -19,8 +19,8 @@ 320@@ -19,8 +19,8 @@
@@ -329,7 +329,7 @@ index 3c22a854..c8812942 100644
329 void ssh_selinux_setfscreatecon(const char *); 329 void ssh_selinux_setfscreatecon(const char *);
330 #endif 330 #endif
331diff --git a/platform.c b/platform.c 331diff --git a/platform.c b/platform.c
332index 18c7751d..380ee3a4 100644 332index 18c7751de..380ee3a41 100644
333--- a/platform.c 333--- a/platform.c
334+++ b/platform.c 334+++ b/platform.c
335@@ -143,7 +143,7 @@ platform_setusercontext(struct passwd *pw) 335@@ -143,7 +143,7 @@ platform_setusercontext(struct passwd *pw)
@@ -351,7 +351,7 @@ index 18c7751d..380ee3a4 100644
351 } 351 }
352 352
353diff --git a/platform.h b/platform.h 353diff --git a/platform.h b/platform.h
354index ea4f9c58..60d72ffe 100644 354index ea4f9c584..60d72ffe7 100644
355--- a/platform.h 355--- a/platform.h
356+++ b/platform.h 356+++ b/platform.h
357@@ -25,7 +25,7 @@ void platform_post_fork_parent(pid_t child_pid); 357@@ -25,7 +25,7 @@ void platform_post_fork_parent(pid_t child_pid);
@@ -364,7 +364,7 @@ index ea4f9c58..60d72ffe 100644
364 char *platform_krb5_get_principal_name(const char *); 364 char *platform_krb5_get_principal_name(const char *);
365 int platform_sys_dir_uid(uid_t); 365 int platform_sys_dir_uid(uid_t);
366diff --git a/session.c b/session.c 366diff --git a/session.c b/session.c
367index 58826db1..ff301c98 100644 367index 58826db16..ff301c983 100644
368--- a/session.c 368--- a/session.c
369+++ b/session.c 369+++ b/session.c
370@@ -1322,7 +1322,7 @@ safely_chroot(const char *path, uid_t uid) 370@@ -1322,7 +1322,7 @@ safely_chroot(const char *path, uid_t uid)
@@ -413,7 +413,7 @@ index 58826db1..ff301c98 100644
413 /* Set window size from the packet. */ 413 /* Set window size from the packet. */
414 pty_change_window_size(s->ptyfd, s->row, s->col, s->xpixel, s->ypixel); 414 pty_change_window_size(s->ptyfd, s->row, s->col, s->xpixel, s->ypixel);
415diff --git a/session.h b/session.h 415diff --git a/session.h b/session.h
416index 54dd1f0c..8535ebce 100644 416index 54dd1f0ca..8535ebcef 100644
417--- a/session.h 417--- a/session.h
418+++ b/session.h 418+++ b/session.h
419@@ -76,7 +76,7 @@ void session_pty_cleanup2(Session *); 419@@ -76,7 +76,7 @@ void session_pty_cleanup2(Session *);
@@ -426,7 +426,7 @@ index 54dd1f0c..8535ebce 100644
426 const char *session_get_remote_name_or_ip(struct ssh *, u_int, int); 426 const char *session_get_remote_name_or_ip(struct ssh *, u_int, int);
427 427
428diff --git a/sshd.c b/sshd.c 428diff --git a/sshd.c b/sshd.c
429index 4ed0364f..6d911c19 100644 429index 4ed0364f2..6d911c19a 100644
430--- a/sshd.c 430--- a/sshd.c
431+++ b/sshd.c 431+++ b/sshd.c
432@@ -679,7 +679,7 @@ privsep_postauth(Authctxt *authctxt) 432@@ -679,7 +679,7 @@ privsep_postauth(Authctxt *authctxt)
@@ -439,7 +439,7 @@ index 4ed0364f..6d911c19 100644
439 skip: 439 skip:
440 /* It is safe now to apply the key state */ 440 /* It is safe now to apply the key state */
441diff --git a/sshpty.c b/sshpty.c 441diff --git a/sshpty.c b/sshpty.c
442index 4da84d05..676ade50 100644 442index 4da84d05f..676ade50e 100644
443--- a/sshpty.c 443--- a/sshpty.c
444+++ b/sshpty.c 444+++ b/sshpty.c
445@@ -162,7 +162,7 @@ pty_change_window_size(int ptyfd, u_int row, u_int col, 445@@ -162,7 +162,7 @@ pty_change_window_size(int ptyfd, u_int row, u_int col,
@@ -461,7 +461,7 @@ index 4da84d05..676ade50 100644
461 461
462 if (st.st_uid != pw->pw_uid || st.st_gid != gid) { 462 if (st.st_uid != pw->pw_uid || st.st_gid != gid) {
463diff --git a/sshpty.h b/sshpty.h 463diff --git a/sshpty.h b/sshpty.h
464index 9ec7e9a1..de7e000a 100644 464index 9ec7e9a15..de7e000ae 100644
465--- a/sshpty.h 465--- a/sshpty.h
466+++ b/sshpty.h 466+++ b/sshpty.h
467@@ -24,5 +24,5 @@ int pty_allocate(int *, int *, char *, size_t); 467@@ -24,5 +24,5 @@ int pty_allocate(int *, int *, char *, size_t);