diff options
author | Colin Watson <cjwatson@debian.org> | 2011-01-25 01:51:25 +0000 |
---|---|---|
committer | Colin Watson <cjwatson@debian.org> | 2011-01-25 01:51:25 +0000 |
commit | 5e750371bb19c8cc58b5faea70278d857acdae0a (patch) | |
tree | fa223746d886bda4acb9e242675bbcc4ddba4efb /debian/patches | |
parent | 26883397c648afa38ed502e68652945a794b0cd3 (diff) |
Backport SELinux build fix from CVS.
Diffstat (limited to 'debian/patches')
-rw-r--r-- | debian/patches/selinux-build-failure.patch | 236 | ||||
-rw-r--r-- | debian/patches/series | 3 |
2 files changed, 239 insertions, 0 deletions
diff --git a/debian/patches/selinux-build-failure.patch b/debian/patches/selinux-build-failure.patch new file mode 100644 index 000000000..47c953009 --- /dev/null +++ b/debian/patches/selinux-build-failure.patch | |||
@@ -0,0 +1,236 @@ | |||
1 | Description: Fix SELinux build failure | ||
2 | Origin: backport, http://bazaar.launchpad.net/~vcs-imports/openssh/main/revision/6317 | ||
3 | Author: Damien Miller <djm@mindrot.org> | ||
4 | Last-Update: 2011-01-25 | ||
5 | |||
6 | Index: b/Makefile.in | ||
7 | =================================================================== | ||
8 | --- a/Makefile.in | ||
9 | +++ b/Makefile.in | ||
10 | @@ -48,6 +48,7 @@ | ||
11 | CFLAGS=@CFLAGS@ | ||
12 | CPPFLAGS=-I. -I$(srcdir) @CPPFLAGS@ $(PATHS) @DEFS@ | ||
13 | LIBS=@LIBS@ | ||
14 | +SSHLIBS=@SSHLIBS@ | ||
15 | SSHDLIBS=@SSHDLIBS@ | ||
16 | LIBEDIT=@LIBEDIT@ | ||
17 | AR=@AR@ | ||
18 | @@ -144,7 +145,7 @@ | ||
19 | $(RANLIB) $@ | ||
20 | |||
21 | ssh$(EXEEXT): $(LIBCOMPAT) libssh.a $(SSHOBJS) | ||
22 | - $(LD) -o $@ $(SSHOBJS) $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS) | ||
23 | + $(LD) -o $@ $(SSHOBJS) $(LDFLAGS) -lssh -lopenbsd-compat $(SSHLIBS) $(LIBS) | ||
24 | |||
25 | sshd$(EXEEXT): libssh.a $(LIBCOMPAT) $(SSHDOBJS) | ||
26 | $(LD) -o $@ $(SSHDOBJS) $(LDFLAGS) -lssh -lopenbsd-compat $(SSHDLIBS) $(LIBS) | ||
27 | Index: b/configure.ac | ||
28 | =================================================================== | ||
29 | --- a/configure.ac | ||
30 | +++ b/configure.ac | ||
31 | @@ -761,7 +761,6 @@ | ||
32 | [ AC_DEFINE(USE_SOLARIS_PROCESS_CONTRACTS, 1, | ||
33 | [Define if you have Solaris process contracts]) | ||
34 | SSHDLIBS="$SSHDLIBS -lcontract" | ||
35 | - AC_SUBST(SSHDLIBS) | ||
36 | SPC_MSG="yes" ], ) | ||
37 | ], | ||
38 | ) | ||
39 | @@ -772,7 +771,6 @@ | ||
40 | [ AC_DEFINE(USE_SOLARIS_PROJECTS, 1, | ||
41 | [Define if you have Solaris projects]) | ||
42 | SSHDLIBS="$SSHDLIBS -lproject" | ||
43 | - AC_SUBST(SSHDLIBS) | ||
44 | SP_MSG="yes" ], ) | ||
45 | ], | ||
46 | ) | ||
47 | @@ -3539,11 +3537,14 @@ | ||
48 | LIBS="$LIBS -lselinux" | ||
49 | ], | ||
50 | AC_MSG_ERROR(SELinux support requires libselinux library)) | ||
51 | + SSHLIBS="$SSHLIBS $LIBSELINUX" | ||
52 | SSHDLIBS="$SSHDLIBS $LIBSELINUX" | ||
53 | AC_CHECK_FUNCS(getseuserbyname get_default_context_with_level) | ||
54 | LIBS="$save_LIBS" | ||
55 | fi ] | ||
56 | ) | ||
57 | +AC_SUBST(SSHLIBS) | ||
58 | +AC_SUBST(SSHDLIBS) | ||
59 | |||
60 | # Check whether user wants Kerberos 5 support | ||
61 | KRB5_MSG="no" | ||
62 | @@ -4365,6 +4366,9 @@ | ||
63 | if test ! -z "${SSHDLIBS}"; then | ||
64 | echo " +for sshd: ${SSHDLIBS}" | ||
65 | fi | ||
66 | +if test ! -z "${SSHLIBS}"; then | ||
67 | +echo " +for ssh: ${SSHLIBS}" | ||
68 | +fi | ||
69 | |||
70 | echo "" | ||
71 | |||
72 | Index: b/configure | ||
73 | =================================================================== | ||
74 | --- a/configure | ||
75 | +++ b/configure | ||
76 | @@ -696,7 +696,6 @@ | ||
77 | LOGIN_PROGRAM_FALLBACK | ||
78 | PATH_PASSWD_PROG | ||
79 | LD | ||
80 | -SSHDLIBS | ||
81 | PKGCONFIG | ||
82 | LIBEDIT | ||
83 | TEST_SSH_SHA256 | ||
84 | @@ -721,6 +720,8 @@ | ||
85 | PROG_IPCS | ||
86 | PROG_TAIL | ||
87 | INSTALL_SSH_PRNG_CMDS | ||
88 | +SSHLIBS | ||
89 | +SSHDLIBS | ||
90 | KRB5CONF | ||
91 | PRIVSEP_PATH | ||
92 | xauth_path | ||
93 | @@ -9047,7 +9159,6 @@ | ||
94 | _ACEOF | ||
95 | |||
96 | SSHDLIBS="$SSHDLIBS -lcontract" | ||
97 | - | ||
98 | SPC_MSG="yes" | ||
99 | fi | ||
100 | |||
101 | @@ -9126,7 +9237,6 @@ | ||
102 | _ACEOF | ||
103 | |||
104 | SSHDLIBS="$SSHDLIBS -lproject" | ||
105 | - | ||
106 | SP_MSG="yes" | ||
107 | fi | ||
108 | |||
109 | @@ -27806,6 +27916,7 @@ | ||
110 | { (exit 1); exit 1; }; } | ||
111 | fi | ||
112 | |||
113 | + SSHLIBS="$SSHLIBS $LIBSELINUX" | ||
114 | SSHDLIBS="$SSHDLIBS $LIBSELINUX" | ||
115 | |||
116 | |||
117 | @@ -27908,6 +28019,8 @@ | ||
118 | fi | ||
119 | |||
120 | |||
121 | + | ||
122 | + | ||
123 | # Check whether user wants Kerberos 5 support | ||
124 | KRB5_MSG="no" | ||
125 | |||
126 | @@ -31416,7 +31529,6 @@ | ||
127 | LOGIN_PROGRAM_FALLBACK!$LOGIN_PROGRAM_FALLBACK$ac_delim | ||
128 | PATH_PASSWD_PROG!$PATH_PASSWD_PROG$ac_delim | ||
129 | LD!$LD$ac_delim | ||
130 | -SSHDLIBS!$SSHDLIBS$ac_delim | ||
131 | PKGCONFIG!$PKGCONFIG$ac_delim | ||
132 | LIBEDIT!$LIBEDIT$ac_delim | ||
133 | TEST_SSH_SHA256!$TEST_SSH_SHA256$ac_delim | ||
134 | @@ -31433,6 +31545,7 @@ | ||
135 | PROG_SAR!$PROG_SAR$ac_delim | ||
136 | PROG_W!$PROG_W$ac_delim | ||
137 | PROG_WHO!$PROG_WHO$ac_delim | ||
138 | +PROG_LAST!$PROG_LAST$ac_delim | ||
139 | _ACEOF | ||
140 | |||
141 | if test `sed -n "s/.*$ac_delim\$/X/p" conf$$subs.sed | grep -c X` = 97; then | ||
142 | @@ -31474,7 +31587,6 @@ | ||
143 | ac_delim='%!_!# ' | ||
144 | for ac_last_try in false false false false false :; do | ||
145 | cat >conf$$subs.sed <<_ACEOF | ||
146 | -PROG_LAST!$PROG_LAST$ac_delim | ||
147 | PROG_LASTLOG!$PROG_LASTLOG$ac_delim | ||
148 | PROG_DF!$PROG_DF$ac_delim | ||
149 | PROG_VMSTAT!$PROG_VMSTAT$ac_delim | ||
150 | @@ -31482,6 +31594,8 @@ | ||
151 | PROG_IPCS!$PROG_IPCS$ac_delim | ||
152 | PROG_TAIL!$PROG_TAIL$ac_delim | ||
153 | INSTALL_SSH_PRNG_CMDS!$INSTALL_SSH_PRNG_CMDS$ac_delim | ||
154 | +SSHLIBS!$SSHLIBS$ac_delim | ||
155 | +SSHDLIBS!$SSHDLIBS$ac_delim | ||
156 | KRB5CONF!$KRB5CONF$ac_delim | ||
157 | PRIVSEP_PATH!$PRIVSEP_PATH$ac_delim | ||
158 | xauth_path!$xauth_path$ac_delim | ||
159 | @@ -31496,7 +31610,7 @@ | ||
160 | LTLIBOBJS!$LTLIBOBJS$ac_delim | ||
161 | _ACEOF | ||
162 | |||
163 | - if test `sed -n "s/.*$ac_delim\$/X/p" conf$$subs.sed | grep -c X` = 20; then | ||
164 | + if test `sed -n "s/.*$ac_delim\$/X/p" conf$$subs.sed | grep -c X` = 21; then | ||
165 | break | ||
166 | elif $ac_last_try; then | ||
167 | { { echo "$as_me:$LINENO: error: could not make $CONFIG_STATUS" >&5 | ||
168 | @@ -31993,6 +32107,9 @@ | ||
169 | if test ! -z "${SSHDLIBS}"; then | ||
170 | echo " +for sshd: ${SSHDLIBS}" | ||
171 | fi | ||
172 | +if test ! -z "${SSHLIBS}"; then | ||
173 | +echo " +for ssh: ${SSHLIBS}" | ||
174 | +fi | ||
175 | |||
176 | echo "" | ||
177 | |||
178 | Index: b/openbsd-compat/port-linux.c | ||
179 | =================================================================== | ||
180 | --- a/openbsd-compat/port-linux.c | ||
181 | +++ b/openbsd-compat/port-linux.c | ||
182 | @@ -222,6 +222,20 @@ | ||
183 | xfree(oldctx); | ||
184 | xfree(newctx); | ||
185 | } | ||
186 | + | ||
187 | +void | ||
188 | +ssh_selinux_setfscreatecon(const char *path) | ||
189 | +{ | ||
190 | + security_context_t context; | ||
191 | + | ||
192 | + if (path == NULL) { | ||
193 | + setfscreatecon(NULL); | ||
194 | + return; | ||
195 | + } | ||
196 | + matchpathcon(path, 0700, &context); | ||
197 | + setfscreatecon(context); | ||
198 | +} | ||
199 | + | ||
200 | #endif /* WITH_SELINUX */ | ||
201 | |||
202 | #ifdef LINUX_OOM_ADJUST | ||
203 | Index: b/openbsd-compat/port-linux.h | ||
204 | =================================================================== | ||
205 | --- a/openbsd-compat/port-linux.h | ||
206 | +++ b/openbsd-compat/port-linux.h | ||
207 | @@ -24,6 +24,7 @@ | ||
208 | void ssh_selinux_setup_pty(char *, const char *); | ||
209 | void ssh_selinux_setup_exec_context(char *); | ||
210 | void ssh_selinux_change_context(const char *); | ||
211 | +void ssh_selinux_setfscreatecon(const char *); | ||
212 | #endif | ||
213 | |||
214 | #ifdef LINUX_OOM_ADJUST | ||
215 | Index: b/ssh.c | ||
216 | =================================================================== | ||
217 | --- a/ssh.c | ||
218 | +++ b/ssh.c | ||
219 | @@ -852,15 +852,12 @@ | ||
220 | strcmp(pw->pw_dir, "/") ? "/" : "", _PATH_SSH_USER_DIR); | ||
221 | if (r > 0 && (size_t)r < sizeof(buf) && stat(buf, &st) < 0) { | ||
222 | #ifdef WITH_SELINUX | ||
223 | - char *scon; | ||
224 | - | ||
225 | - matchpathcon(buf, 0700, &scon); | ||
226 | - setfscreatecon(scon); | ||
227 | + ssh_selinux_setfscreatecon(buf); | ||
228 | #endif | ||
229 | if (mkdir(buf, 0700) < 0) | ||
230 | error("Could not create directory '%.200s'.", buf); | ||
231 | #ifdef WITH_SELINUX | ||
232 | - setfscreatecon(NULL); | ||
233 | + ssh_selinux_setfscreatecon(NULL); | ||
234 | #endif | ||
235 | } | ||
236 | /* load options.identity_files */ | ||
diff --git a/debian/patches/series b/debian/patches/series index 751a9868c..a3431201e 100644 --- a/debian/patches/series +++ b/debian/patches/series | |||
@@ -36,6 +36,9 @@ openbsd-docs.patch | |||
36 | ssh-argv0.patch | 36 | ssh-argv0.patch |
37 | doc-hash-tab-completion.patch | 37 | doc-hash-tab-completion.patch |
38 | 38 | ||
39 | # Upstream backports | ||
40 | selinux-build-failure.patch | ||
41 | |||
39 | # Debian-specific configuration | 42 | # Debian-specific configuration |
40 | gnome-ssh-askpass2-icon.patch | 43 | gnome-ssh-askpass2-icon.patch |
41 | debian-config.patch | 44 | debian-config.patch |