diff options
author | Colin Watson <cjwatson@debian.org> | 2013-09-14 23:42:11 +0100 |
---|---|---|
committer | Colin Watson <cjwatson@debian.org> | 2013-09-14 23:42:11 +0100 |
commit | 327155e6824b3ee13837bdde04e4eb47e147ff46 (patch) | |
tree | 8f8743122403c7a2e6ed919156711fb1520c657f /debian/patches/selinux-role.patch | |
parent | 0334ce32304e9ba2a10ee5ca49ca6e8ff3ba6cf4 (diff) | |
parent | 74e339b8f8936bc0d985e053a076d0c9b5e9ea51 (diff) |
* New upstream release (http://www.openssh.com/txt/release-6.3).
- sftp(1): add support for resuming partial downloads using the "reget"
command and on the sftp commandline or on the "get" commandline using
the "-a" (append) option (closes: #158590).
- ssh(1): add an "IgnoreUnknown" configuration option to selectively
suppress errors arising from unknown configuration directives (closes:
#436052).
- sftp(1): update progressmeter when data is acknowledged, not when it's
sent (partially addresses #708372).
- ssh(1): do not fatally exit when attempting to cleanup multiplexing-
created channels that are incompletely opened (closes: #651357).
Diffstat (limited to 'debian/patches/selinux-role.patch')
-rw-r--r-- | debian/patches/selinux-role.patch | 50 |
1 files changed, 25 insertions, 25 deletions
diff --git a/debian/patches/selinux-role.patch b/debian/patches/selinux-role.patch index c41c78b3b..f3376c20a 100644 --- a/debian/patches/selinux-role.patch +++ b/debian/patches/selinux-role.patch | |||
@@ -5,7 +5,7 @@ Description: Handle SELinux authorisation roles | |||
5 | Author: Manoj Srivastava <srivasta@debian.org> | 5 | Author: Manoj Srivastava <srivasta@debian.org> |
6 | Bug: https://bugzilla.mindrot.org/show_bug.cgi?id=1641 | 6 | Bug: https://bugzilla.mindrot.org/show_bug.cgi?id=1641 |
7 | Bug-Debian: http://bugs.debian.org/394795 | 7 | Bug-Debian: http://bugs.debian.org/394795 |
8 | Last-Update: 2013-05-13 | 8 | Last-Update: 2013-09-14 |
9 | 9 | ||
10 | Index: b/auth.h | 10 | Index: b/auth.h |
11 | =================================================================== | 11 | =================================================================== |
@@ -17,13 +17,13 @@ Index: b/auth.h | |||
17 | char *style; | 17 | char *style; |
18 | + char *role; | 18 | + char *role; |
19 | void *kbdintctxt; | 19 | void *kbdintctxt; |
20 | char *info; /* Extra info for next auth_log */ | ||
20 | void *jpake_ctx; | 21 | void *jpake_ctx; |
21 | #ifdef BSD_AUTH | ||
22 | Index: b/auth1.c | 22 | Index: b/auth1.c |
23 | =================================================================== | 23 | =================================================================== |
24 | --- a/auth1.c | 24 | --- a/auth1.c |
25 | +++ b/auth1.c | 25 | +++ b/auth1.c |
26 | @@ -385,7 +385,7 @@ | 26 | @@ -380,7 +380,7 @@ |
27 | do_authentication(Authctxt *authctxt) | 27 | do_authentication(Authctxt *authctxt) |
28 | { | 28 | { |
29 | u_int ulen; | 29 | u_int ulen; |
@@ -32,7 +32,7 @@ Index: b/auth1.c | |||
32 | 32 | ||
33 | /* Get the name of the user that we wish to log in as. */ | 33 | /* Get the name of the user that we wish to log in as. */ |
34 | packet_read_expect(SSH_CMSG_USER); | 34 | packet_read_expect(SSH_CMSG_USER); |
35 | @@ -394,11 +394,17 @@ | 35 | @@ -389,11 +389,17 @@ |
36 | user = packet_get_cstring(&ulen); | 36 | user = packet_get_cstring(&ulen); |
37 | packet_check_eom(); | 37 | packet_check_eom(); |
38 | 38 | ||
@@ -54,7 +54,7 @@ Index: b/auth2.c | |||
54 | =================================================================== | 54 | =================================================================== |
55 | --- a/auth2.c | 55 | --- a/auth2.c |
56 | +++ b/auth2.c | 56 | +++ b/auth2.c |
57 | @@ -219,7 +219,7 @@ | 57 | @@ -222,7 +222,7 @@ |
58 | { | 58 | { |
59 | Authctxt *authctxt = ctxt; | 59 | Authctxt *authctxt = ctxt; |
60 | Authmethod *m = NULL; | 60 | Authmethod *m = NULL; |
@@ -63,7 +63,7 @@ Index: b/auth2.c | |||
63 | int authenticated = 0; | 63 | int authenticated = 0; |
64 | 64 | ||
65 | if (authctxt == NULL) | 65 | if (authctxt == NULL) |
66 | @@ -231,8 +231,13 @@ | 66 | @@ -234,8 +234,13 @@ |
67 | debug("userauth-request for user %s service %s method %s", user, service, method); | 67 | debug("userauth-request for user %s service %s method %s", user, service, method); |
68 | debug("attempt %d failures %d", authctxt->attempt, authctxt->failures); | 68 | debug("attempt %d failures %d", authctxt->attempt, authctxt->failures); |
69 | 69 | ||
@@ -77,7 +77,7 @@ Index: b/auth2.c | |||
77 | 77 | ||
78 | if (authctxt->attempt++ == 0) { | 78 | if (authctxt->attempt++ == 0) { |
79 | /* setup auth context */ | 79 | /* setup auth context */ |
80 | @@ -256,8 +261,9 @@ | 80 | @@ -259,8 +264,9 @@ |
81 | use_privsep ? " [net]" : ""); | 81 | use_privsep ? " [net]" : ""); |
82 | authctxt->service = xstrdup(service); | 82 | authctxt->service = xstrdup(service); |
83 | authctxt->style = style ? xstrdup(style) : NULL; | 83 | authctxt->style = style ? xstrdup(style) : NULL; |
@@ -92,7 +92,7 @@ Index: b/monitor.c | |||
92 | =================================================================== | 92 | =================================================================== |
93 | --- a/monitor.c | 93 | --- a/monitor.c |
94 | +++ b/monitor.c | 94 | +++ b/monitor.c |
95 | @@ -145,6 +145,7 @@ | 95 | @@ -146,6 +146,7 @@ |
96 | int mm_answer_pwnamallow(int, Buffer *); | 96 | int mm_answer_pwnamallow(int, Buffer *); |
97 | int mm_answer_auth2_read_banner(int, Buffer *); | 97 | int mm_answer_auth2_read_banner(int, Buffer *); |
98 | int mm_answer_authserv(int, Buffer *); | 98 | int mm_answer_authserv(int, Buffer *); |
@@ -100,7 +100,7 @@ Index: b/monitor.c | |||
100 | int mm_answer_authpassword(int, Buffer *); | 100 | int mm_answer_authpassword(int, Buffer *); |
101 | int mm_answer_bsdauthquery(int, Buffer *); | 101 | int mm_answer_bsdauthquery(int, Buffer *); |
102 | int mm_answer_bsdauthrespond(int, Buffer *); | 102 | int mm_answer_bsdauthrespond(int, Buffer *); |
103 | @@ -226,6 +227,7 @@ | 103 | @@ -227,6 +228,7 @@ |
104 | {MONITOR_REQ_SIGN, MON_ONCE, mm_answer_sign}, | 104 | {MONITOR_REQ_SIGN, MON_ONCE, mm_answer_sign}, |
105 | {MONITOR_REQ_PWNAM, MON_ONCE, mm_answer_pwnamallow}, | 105 | {MONITOR_REQ_PWNAM, MON_ONCE, mm_answer_pwnamallow}, |
106 | {MONITOR_REQ_AUTHSERV, MON_ONCE, mm_answer_authserv}, | 106 | {MONITOR_REQ_AUTHSERV, MON_ONCE, mm_answer_authserv}, |
@@ -108,7 +108,7 @@ Index: b/monitor.c | |||
108 | {MONITOR_REQ_AUTH2_READ_BANNER, MON_ONCE, mm_answer_auth2_read_banner}, | 108 | {MONITOR_REQ_AUTH2_READ_BANNER, MON_ONCE, mm_answer_auth2_read_banner}, |
109 | {MONITOR_REQ_AUTHPASSWORD, MON_AUTH, mm_answer_authpassword}, | 109 | {MONITOR_REQ_AUTHPASSWORD, MON_AUTH, mm_answer_authpassword}, |
110 | #ifdef USE_PAM | 110 | #ifdef USE_PAM |
111 | @@ -837,6 +839,7 @@ | 111 | @@ -844,6 +846,7 @@ |
112 | else { | 112 | else { |
113 | /* Allow service/style information on the auth context */ | 113 | /* Allow service/style information on the auth context */ |
114 | monitor_permit(mon_dispatch, MONITOR_REQ_AUTHSERV, 1); | 114 | monitor_permit(mon_dispatch, MONITOR_REQ_AUTHSERV, 1); |
@@ -116,7 +116,7 @@ Index: b/monitor.c | |||
116 | monitor_permit(mon_dispatch, MONITOR_REQ_AUTH2_READ_BANNER, 1); | 116 | monitor_permit(mon_dispatch, MONITOR_REQ_AUTH2_READ_BANNER, 1); |
117 | } | 117 | } |
118 | #ifdef USE_PAM | 118 | #ifdef USE_PAM |
119 | @@ -869,14 +872,37 @@ | 119 | @@ -874,14 +877,37 @@ |
120 | 120 | ||
121 | authctxt->service = buffer_get_string(m, NULL); | 121 | authctxt->service = buffer_get_string(m, NULL); |
122 | authctxt->style = buffer_get_string(m, NULL); | 122 | authctxt->style = buffer_get_string(m, NULL); |
@@ -127,12 +127,12 @@ Index: b/monitor.c | |||
127 | + __func__, authctxt->service, authctxt->style, authctxt->role); | 127 | + __func__, authctxt->service, authctxt->style, authctxt->role); |
128 | 128 | ||
129 | if (strlen(authctxt->style) == 0) { | 129 | if (strlen(authctxt->style) == 0) { |
130 | xfree(authctxt->style); | 130 | free(authctxt->style); |
131 | authctxt->style = NULL; | 131 | authctxt->style = NULL; |
132 | } | 132 | } |
133 | 133 | ||
134 | + if (strlen(authctxt->role) == 0) { | 134 | + if (strlen(authctxt->role) == 0) { |
135 | + xfree(authctxt->role); | 135 | + free(authctxt->role); |
136 | + authctxt->role = NULL; | 136 | + authctxt->role = NULL; |
137 | + } | 137 | + } |
138 | + | 138 | + |
@@ -149,14 +149,14 @@ Index: b/monitor.c | |||
149 | + __func__, authctxt->role); | 149 | + __func__, authctxt->role); |
150 | + | 150 | + |
151 | + if (strlen(authctxt->role) == 0) { | 151 | + if (strlen(authctxt->role) == 0) { |
152 | + xfree(authctxt->role); | 152 | + free(authctxt->role); |
153 | + authctxt->role = NULL; | 153 | + authctxt->role = NULL; |
154 | + } | 154 | + } |
155 | + | 155 | + |
156 | return (0); | 156 | return (0); |
157 | } | 157 | } |
158 | 158 | ||
159 | @@ -1471,7 +1497,7 @@ | 159 | @@ -1486,7 +1512,7 @@ |
160 | res = pty_allocate(&s->ptyfd, &s->ttyfd, s->tty, sizeof(s->tty)); | 160 | res = pty_allocate(&s->ptyfd, &s->ttyfd, s->tty, sizeof(s->tty)); |
161 | if (res == 0) | 161 | if (res == 0) |
162 | goto error; | 162 | goto error; |
@@ -182,7 +182,7 @@ Index: b/monitor_wrap.c | |||
182 | =================================================================== | 182 | =================================================================== |
183 | --- a/monitor_wrap.c | 183 | --- a/monitor_wrap.c |
184 | +++ b/monitor_wrap.c | 184 | +++ b/monitor_wrap.c |
185 | @@ -318,10 +318,10 @@ | 185 | @@ -320,10 +320,10 @@ |
186 | return (banner); | 186 | return (banner); |
187 | } | 187 | } |
188 | 188 | ||
@@ -195,7 +195,7 @@ Index: b/monitor_wrap.c | |||
195 | { | 195 | { |
196 | Buffer m; | 196 | Buffer m; |
197 | 197 | ||
198 | @@ -330,11 +330,29 @@ | 198 | @@ -332,11 +332,29 @@ |
199 | buffer_init(&m); | 199 | buffer_init(&m); |
200 | buffer_put_cstring(&m, service); | 200 | buffer_put_cstring(&m, service); |
201 | buffer_put_cstring(&m, style ? style : ""); | 201 | buffer_put_cstring(&m, style ? style : ""); |
@@ -284,7 +284,7 @@ Index: b/openbsd-compat/port-linux.c | |||
284 | #endif | 284 | #endif |
285 | 285 | ||
286 | if (r != 0) { | 286 | if (r != 0) { |
287 | @@ -107,7 +120,7 @@ | 287 | @@ -105,7 +118,7 @@ |
288 | 288 | ||
289 | /* Set the execution context to the default for the specified user */ | 289 | /* Set the execution context to the default for the specified user */ |
290 | void | 290 | void |
@@ -293,7 +293,7 @@ Index: b/openbsd-compat/port-linux.c | |||
293 | { | 293 | { |
294 | security_context_t user_ctx = NULL; | 294 | security_context_t user_ctx = NULL; |
295 | 295 | ||
296 | @@ -116,7 +129,7 @@ | 296 | @@ -114,7 +127,7 @@ |
297 | 297 | ||
298 | debug3("%s: setting execution context", __func__); | 298 | debug3("%s: setting execution context", __func__); |
299 | 299 | ||
@@ -302,7 +302,7 @@ Index: b/openbsd-compat/port-linux.c | |||
302 | if (setexeccon(user_ctx) != 0) { | 302 | if (setexeccon(user_ctx) != 0) { |
303 | switch (security_getenforce()) { | 303 | switch (security_getenforce()) { |
304 | case -1: | 304 | case -1: |
305 | @@ -138,7 +151,7 @@ | 305 | @@ -136,7 +149,7 @@ |
306 | 306 | ||
307 | /* Set the TTY context for the specified user */ | 307 | /* Set the TTY context for the specified user */ |
308 | void | 308 | void |
@@ -311,7 +311,7 @@ Index: b/openbsd-compat/port-linux.c | |||
311 | { | 311 | { |
312 | security_context_t new_tty_ctx = NULL; | 312 | security_context_t new_tty_ctx = NULL; |
313 | security_context_t user_ctx = NULL; | 313 | security_context_t user_ctx = NULL; |
314 | @@ -149,7 +162,7 @@ | 314 | @@ -147,7 +160,7 @@ |
315 | 315 | ||
316 | debug3("%s: setting TTY context on %s", __func__, tty); | 316 | debug3("%s: setting TTY context on %s", __func__, tty); |
317 | 317 | ||
@@ -392,7 +392,7 @@ Index: b/session.c | |||
392 | 392 | ||
393 | if (options.chroot_directory != NULL && | 393 | if (options.chroot_directory != NULL && |
394 | strcasecmp(options.chroot_directory, "none") != 0) { | 394 | strcasecmp(options.chroot_directory, "none") != 0) { |
395 | @@ -1633,7 +1633,7 @@ | 395 | @@ -1646,7 +1646,7 @@ |
396 | 396 | ||
397 | /* Force a password change */ | 397 | /* Force a password change */ |
398 | if (s->authctxt->force_pwchange) { | 398 | if (s->authctxt->force_pwchange) { |
@@ -401,7 +401,7 @@ Index: b/session.c | |||
401 | child_close_fds(); | 401 | child_close_fds(); |
402 | do_pwchange(s); | 402 | do_pwchange(s); |
403 | exit(1); | 403 | exit(1); |
404 | @@ -1660,7 +1660,7 @@ | 404 | @@ -1673,7 +1673,7 @@ |
405 | /* When PAM is enabled we rely on it to do the nologin check */ | 405 | /* When PAM is enabled we rely on it to do the nologin check */ |
406 | if (!options.use_pam) | 406 | if (!options.use_pam) |
407 | do_nologin(pw); | 407 | do_nologin(pw); |
@@ -410,7 +410,7 @@ Index: b/session.c | |||
410 | /* | 410 | /* |
411 | * PAM session modules in do_setusercontext may have | 411 | * PAM session modules in do_setusercontext may have |
412 | * generated messages, so if this in an interactive | 412 | * generated messages, so if this in an interactive |
413 | @@ -2072,7 +2072,7 @@ | 413 | @@ -2084,7 +2084,7 @@ |
414 | tty_parse_modes(s->ttyfd, &n_bytes); | 414 | tty_parse_modes(s->ttyfd, &n_bytes); |
415 | 415 | ||
416 | if (!use_privsep) | 416 | if (!use_privsep) |
@@ -436,7 +436,7 @@ Index: b/sshd.c | |||
436 | =================================================================== | 436 | =================================================================== |
437 | --- a/sshd.c | 437 | --- a/sshd.c |
438 | +++ b/sshd.c | 438 | +++ b/sshd.c |
439 | @@ -745,7 +745,7 @@ | 439 | @@ -753,7 +753,7 @@ |
440 | RAND_seed(rnd, sizeof(rnd)); | 440 | RAND_seed(rnd, sizeof(rnd)); |
441 | 441 | ||
442 | /* Drop privileges */ | 442 | /* Drop privileges */ |