1 files changed, 12 insertions, 229 deletions
diff --git a/debian/patches/selinux-build-failure.patch b/debian/patches/selinux-build-failure.patch
index 89b91ff00..6c99e3f38 100644
--- a/debian/patches/selinux-build-failure.patch
+++ b/debian/patches/selinux-build-failure.patch
@@ -1,236 +1,19 @@
 Description: Fix SELinux build failure
-Origin: backport, http://bazaar.launchpad.net/~vcs-imports/openssh/main/revision/6317
+Origin: other, https://bugzilla.mindrot.org/attachment.cgi?id=1991&action=diff
-Author: Damien Miller <djm@mindrot.org>
+Author: Leonardo Chiqitto <leonardo@ngdn.org>
-Last-Update: 2011-01-25
+Bug: https://bugzilla.mindrot.org/show_bug.cgi?id=1851
+Last-Update: 2011-02-05
-Index: b/Makefile.in
-===================================================================
--- a/Makefile.in
-+++ b/Makefile.in
-@@ -48,6 +48,7 @@
- CFLAGS=@CFLAGS@
- CPPFLAGS=-I. -I$(srcdir) @CPPFLAGS@ $(PATHS) @DEFS@
- LIBS=@LIBS@
-+SSHLIBS=@SSHLIBS@
- SSHDLIBS=@SSHDLIBS@
- LIBEDIT=@LIBEDIT@
- AR=@AR@
-@@ -145,7 +146,7 @@
-        $(RANLIB) $@
- 
- ssh$(EXEEXT): $(LIBCOMPAT) libssh.a $(SSHOBJS)
-       $(LD) -o $@ $(SSHOBJS) $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS)
-+       $(LD) -o $@ $(SSHOBJS) $(LDFLAGS) -lssh -lopenbsd-compat $(SSHLIBS) $(LIBS)
- 
- sshd$(EXEEXT): libssh.a        $(LIBCOMPAT) $(SSHDOBJS)
-        $(LD) -o $@ $(SSHDOBJS) $(LDFLAGS) -lssh -lopenbsd-compat $(SSHDLIBS) $(LIBS)
-Index: b/configure.ac
-===================================================================
--- a/configure.ac
-+++ b/configure.ac
-@@ -761,7 +761,6 @@
-                        [ AC_DEFINE(USE_SOLARIS_PROCESS_CONTRACTS, 1,
-                                [Define if you have Solaris process contracts])
-                          SSHDLIBS="$SSHDLIBS -lcontract"
-                         AC_SUBST(SSHDLIBS)
-                          SPC_MSG="yes" ], )
-                ],
-        )
-@@ -772,7 +771,6 @@
-                        [ AC_DEFINE(USE_SOLARIS_PROJECTS, 1,
-                                [Define if you have Solaris projects])
-                        SSHDLIBS="$SSHDLIBS -lproject"
-                       AC_SUBST(SSHDLIBS)
-                        SP_MSG="yes" ], )
-                ],
-        )
-@@ -3539,11 +3537,14 @@
-                          LIBS="$LIBS -lselinux"
-                        ],
-                        AC_MSG_ERROR(SELinux support requires libselinux library))
-+               SSHLIBS="$SSHLIBS $LIBSELINUX"
-                SSHDLIBS="$SSHDLIBS $LIBSELINUX"
-                AC_CHECK_FUNCS(getseuserbyname get_default_context_with_level)
-                LIBS="$save_LIBS"
-        fi ]
- )
-+AC_SUBST(SSHLIBS)
-+AC_SUBST(SSHDLIBS)
- 
- # Check whether user wants Kerberos 5 support
- KRB5_MSG="no"
-@@ -4365,6 +4366,9 @@
- if test ! -z "${SSHDLIBS}"; then
- echo "         +for sshd: ${SSHDLIBS}"
- fi
-+if test ! -z "${SSHLIBS}"; then
-+echo "          +for ssh: ${SSHLIBS}"
-+fi
- 
- echo ""
- 
-Index: b/configure
-===================================================================
--- a/configure
-+++ b/configure
-@@ -696,7 +696,6 @@
- LOGIN_PROGRAM_FALLBACK
- PATH_PASSWD_PROG
- LD
-SSHDLIBS
- PKGCONFIG
- LIBEDIT
- TEST_SSH_SHA256
-@@ -721,6 +720,8 @@
- PROG_IPCS
- PROG_TAIL
- INSTALL_SSH_PRNG_CMDS
-+SSHLIBS
-+SSHDLIBS
- KRB5CONF
- PRIVSEP_PATH
- xauth_path
-@@ -9047,7 +9048,6 @@
- _ACEOF
- 
-                          SSHDLIBS="$SSHDLIBS -lcontract"
-
-                          SPC_MSG="yes"
- fi
- 
-@@ -9126,7 +9126,6 @@
- _ACEOF
- 
-                        SSHDLIBS="$SSHDLIBS -lproject"
-
-                        SP_MSG="yes"
- fi
- 
-@@ -27806,6 +27805,7 @@
-    { (exit 1); exit 1; }; }
- fi
- 
-+               SSHLIBS="$SSHLIBS $LIBSELINUX"
-                SSHDLIBS="$SSHDLIBS $LIBSELINUX"
- 
- 
-@@ -27908,6 +27908,8 @@
- fi
- 
- 
-+
-+
- # Check whether user wants Kerberos 5 support
- KRB5_MSG="no"
- 
-@@ -31416,7 +31418,6 @@
- LOGIN_PROGRAM_FALLBACK!$LOGIN_PROGRAM_FALLBACK$ac_delim
- PATH_PASSWD_PROG!$PATH_PASSWD_PROG$ac_delim
- LD!$LD$ac_delim
-SSHDLIBS!$SSHDLIBS$ac_delim
- PKGCONFIG!$PKGCONFIG$ac_delim
- LIBEDIT!$LIBEDIT$ac_delim
- TEST_SSH_SHA256!$TEST_SSH_SHA256$ac_delim
-@@ -31433,6 +31434,7 @@
- PROG_SAR!$PROG_SAR$ac_delim
- PROG_W!$PROG_W$ac_delim
- PROG_WHO!$PROG_WHO$ac_delim
-+PROG_LAST!$PROG_LAST$ac_delim
- _ACEOF
- 
-   if test `sed -n "s/.*$ac_delim\$/X/p" conf$$subs.sed | grep -c X` = 97; then
-@@ -31474,7 +31476,6 @@
- ac_delim='%!_!# '
- for ac_last_try in false false false false false :; do
-   cat >conf$$subs.sed <<_ACEOF
-PROG_LAST!$PROG_LAST$ac_delim
- PROG_LASTLOG!$PROG_LASTLOG$ac_delim
- PROG_DF!$PROG_DF$ac_delim
- PROG_VMSTAT!$PROG_VMSTAT$ac_delim
-@@ -31482,6 +31483,8 @@
- PROG_IPCS!$PROG_IPCS$ac_delim
- PROG_TAIL!$PROG_TAIL$ac_delim
- INSTALL_SSH_PRNG_CMDS!$INSTALL_SSH_PRNG_CMDS$ac_delim
-+SSHLIBS!$SSHLIBS$ac_delim
-+SSHDLIBS!$SSHDLIBS$ac_delim
- KRB5CONF!$KRB5CONF$ac_delim
- PRIVSEP_PATH!$PRIVSEP_PATH$ac_delim
- xauth_path!$xauth_path$ac_delim
-@@ -31496,7 +31499,7 @@
- LTLIBOBJS!$LTLIBOBJS$ac_delim
- _ACEOF
- 
-  if test `sed -n "s/.*$ac_delim\$/X/p" conf$$subs.sed | grep -c X` = 20; then
-+  if test `sed -n "s/.*$ac_delim\$/X/p" conf$$subs.sed | grep -c X` = 21; then
-     break
-   elif $ac_last_try; then
-     { { echo "$as_me:$LINENO: error: could not make $CONFIG_STATUS" >&5
-@@ -31993,6 +31996,9 @@
- if test ! -z "${SSHDLIBS}"; then
- echo "         +for sshd: ${SSHDLIBS}"
- fi
-+if test ! -z "${SSHLIBS}"; then
-+echo "          +for ssh: ${SSHLIBS}"
-+fi
- 
- echo ""
- 
 Index: b/openbsd-compat/port-linux.c
 ===================================================================
 --- a/openbsd-compat/port-linux.c
 +++ b/openbsd-compat/port-linux.c
-@@ -218,6 +218,20 @@
+@@ -226,7 +226,7 @@
-        xfree(oldctx);
+ 
-        xfree(newctx);
+        if (!ssh_selinux_enabled())
- }
+                return;
-+
+-       if (path == NULL)
-+void
+       if (path == NULL) {
-+ssh_selinux_setfscreatecon(const char *path)
+                setfscreatecon(NULL);
-+{
+                return;
-+               security_context_t context;
-+
-+               if (path == NULL) {
-+                       setfscreatecon(NULL);
-+                       return;
-+               }
-+               matchpathcon(path, 0700, &context);
-+               setfscreatecon(context);
-+}
-+
- #endif /* WITH_SELINUX */
- 
- #ifdef LINUX_OOM_ADJUST
-Index: b/openbsd-compat/port-linux.h
-===================================================================
--- a/openbsd-compat/port-linux.h
-+++ b/openbsd-compat/port-linux.h
-@@ -24,6 +24,7 @@
- void ssh_selinux_setup_pty(char *, const char *, const char *);
- void ssh_selinux_setup_exec_context(char *, const char *);
- void ssh_selinux_change_context(const char *);
-+void ssh_selinux_setfscreatecon(const char *);
- #endif
- 
- #ifdef LINUX_OOM_ADJUST
-Index: b/ssh.c
-===================================================================
--- a/ssh.c
-+++ b/ssh.c
-@@ -852,15 +852,12 @@
-            strcmp(pw->pw_dir, "/") ? "/" : "", _PATH_SSH_USER_DIR);
-        if (r > 0 && (size_t)r < sizeof(buf) && stat(buf, &st) < 0) {
- #ifdef WITH_SELINUX
-               char *scon;
-
-               matchpathcon(buf, 0700, &scon);
-               setfscreatecon(scon);
-+               ssh_selinux_setfscreatecon(buf);
- #endif
-                if (mkdir(buf, 0700) < 0)
-                        error("Could not create directory '%.200s'.", buf);
- #ifdef WITH_SELINUX
-               setfscreatecon(NULL);
-+               ssh_selinux_setfscreatecon(NULL);
- #endif
        }
-        /* load options.identity_files */

diff --git a/debian/patches/selinux-build-failure.patch b/debian/patches/selinux-build-failure.patch index 89b91ff00..6c99e3f38 100644 --- a/debian/patches/selinux-build-failure.patch +++ b/debian/patches/selinux-build-failure.patch
@@ -1,236 +1,19 @@
1	Description: Fix SELinux build failure	1	Description: Fix SELinux build failure
2	Origin: backport, http://bazaar.launchpad.net/~vcs-imports/openssh/main/revision/6317	2	Origin: other, https://bugzilla.mindrot.org/attachment.cgi?id=1991&action=diff
3	Author: Damien Miller <djm@mindrot.org>	3	Author: Leonardo Chiqitto <leonardo@ngdn.org>
4	Last-Update: 2011-01-25	4	Bug: https://bugzilla.mindrot.org/show_bug.cgi?id=1851
		5	Last-Update: 2011-02-05
5		6
6	Index: b/Makefile.in
7	===================================================================
8	--- a/Makefile.in
9	+++ b/Makefile.in
10	@@ -48,6 +48,7 @@
11	CFLAGS=@CFLAGS@
12	CPPFLAGS=-I. -I$(srcdir) @CPPFLAGS@ $(PATHS) @DEFS@
13	LIBS=@LIBS@
14	+SSHLIBS=@SSHLIBS@
15	SSHDLIBS=@SSHDLIBS@
16	LIBEDIT=@LIBEDIT@
17	AR=@AR@
18	@@ -145,7 +146,7 @@
19	$(RANLIB) $@
20
21	ssh$(EXEEXT): $(LIBCOMPAT) libssh.a $(SSHOBJS)
22	- $(LD) -o $@ $(SSHOBJS) $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS)
23	+ $(LD) -o $@ $(SSHOBJS) $(LDFLAGS) -lssh -lopenbsd-compat $(SSHLIBS) $(LIBS)
24
25	sshd$(EXEEXT): libssh.a $(LIBCOMPAT) $(SSHDOBJS)
26	$(LD) -o $@ $(SSHDOBJS) $(LDFLAGS) -lssh -lopenbsd-compat $(SSHDLIBS) $(LIBS)
27	Index: b/configure.ac
28	===================================================================
29	--- a/configure.ac
30	+++ b/configure.ac
31	@@ -761,7 +761,6 @@
32	[ AC_DEFINE(USE_SOLARIS_PROCESS_CONTRACTS, 1,
33	[Define if you have Solaris process contracts])
34	SSHDLIBS="$SSHDLIBS -lcontract"
35	- AC_SUBST(SSHDLIBS)
36	SPC_MSG="yes" ], )
37	],
38	)
39	@@ -772,7 +771,6 @@
40	[ AC_DEFINE(USE_SOLARIS_PROJECTS, 1,
41	[Define if you have Solaris projects])
42	SSHDLIBS="$SSHDLIBS -lproject"
43	- AC_SUBST(SSHDLIBS)
44	SP_MSG="yes" ], )
45	],
46	)
47	@@ -3539,11 +3537,14 @@
48	LIBS="$LIBS -lselinux"
49	],
50	AC_MSG_ERROR(SELinux support requires libselinux library))
51	+ SSHLIBS="$SSHLIBS $LIBSELINUX"
52	SSHDLIBS="$SSHDLIBS $LIBSELINUX"
53	AC_CHECK_FUNCS(getseuserbyname get_default_context_with_level)
54	LIBS="$save_LIBS"
55	fi ]
56	)
57	+AC_SUBST(SSHLIBS)
58	+AC_SUBST(SSHDLIBS)
59
60	# Check whether user wants Kerberos 5 support
61	KRB5_MSG="no"
62	@@ -4365,6 +4366,9 @@
63	if test ! -z "${SSHDLIBS}"; then
64	echo " +for sshd: ${SSHDLIBS}"
65	fi
66	+if test ! -z "${SSHLIBS}"; then
67	+echo " +for ssh: ${SSHLIBS}"
68	+fi
69
70	echo ""
71
72	Index: b/configure
73	===================================================================
74	--- a/configure
75	+++ b/configure
76	@@ -696,7 +696,6 @@
77	LOGIN_PROGRAM_FALLBACK
78	PATH_PASSWD_PROG
79	LD
80	-SSHDLIBS
81	PKGCONFIG
82	LIBEDIT
83	TEST_SSH_SHA256
84	@@ -721,6 +720,8 @@
85	PROG_IPCS
86	PROG_TAIL
87	INSTALL_SSH_PRNG_CMDS
88	+SSHLIBS
89	+SSHDLIBS
90	KRB5CONF
91	PRIVSEP_PATH
92	xauth_path
93	@@ -9047,7 +9048,6 @@
94	_ACEOF
95
96	SSHDLIBS="$SSHDLIBS -lcontract"
97	-
98	SPC_MSG="yes"
99	fi
100
101	@@ -9126,7 +9126,6 @@
102	_ACEOF
103
104	SSHDLIBS="$SSHDLIBS -lproject"
105	-
106	SP_MSG="yes"
107	fi
108
109	@@ -27806,6 +27805,7 @@
110	{ (exit 1); exit 1; }; }
111	fi
112
113	+ SSHLIBS="$SSHLIBS $LIBSELINUX"
114	SSHDLIBS="$SSHDLIBS $LIBSELINUX"
115
116
117	@@ -27908,6 +27908,8 @@
118	fi
119
120
121	+
122	+
123	# Check whether user wants Kerberos 5 support
124	KRB5_MSG="no"
125
126	@@ -31416,7 +31418,6 @@
127	LOGIN_PROGRAM_FALLBACK!$LOGIN_PROGRAM_FALLBACK$ac_delim
128	PATH_PASSWD_PROG!$PATH_PASSWD_PROG$ac_delim
129	LD!$LD$ac_delim
130	-SSHDLIBS!$SSHDLIBS$ac_delim
131	PKGCONFIG!$PKGCONFIG$ac_delim
132	LIBEDIT!$LIBEDIT$ac_delim
133	TEST_SSH_SHA256!$TEST_SSH_SHA256$ac_delim
134	@@ -31433,6 +31434,7 @@
135	PROG_SAR!$PROG_SAR$ac_delim
136	PROG_W!$PROG_W$ac_delim
137	PROG_WHO!$PROG_WHO$ac_delim
138	+PROG_LAST!$PROG_LAST$ac_delim
139	_ACEOF
140
141	if test `sed -n "s/.*$ac_delim\$/X/p" conf$$subs.sed \| grep -c X` = 97; then
142	@@ -31474,7 +31476,6 @@
143	ac_delim='%!_!# '
144	for ac_last_try in false false false false false :; do
145	cat >conf$$subs.sed <<_ACEOF
146	-PROG_LAST!$PROG_LAST$ac_delim
147	PROG_LASTLOG!$PROG_LASTLOG$ac_delim
148	PROG_DF!$PROG_DF$ac_delim
149	PROG_VMSTAT!$PROG_VMSTAT$ac_delim
150	@@ -31482,6 +31483,8 @@
151	PROG_IPCS!$PROG_IPCS$ac_delim
152	PROG_TAIL!$PROG_TAIL$ac_delim
153	INSTALL_SSH_PRNG_CMDS!$INSTALL_SSH_PRNG_CMDS$ac_delim
154	+SSHLIBS!$SSHLIBS$ac_delim
155	+SSHDLIBS!$SSHDLIBS$ac_delim
156	KRB5CONF!$KRB5CONF$ac_delim
157	PRIVSEP_PATH!$PRIVSEP_PATH$ac_delim
158	xauth_path!$xauth_path$ac_delim
159	@@ -31496,7 +31499,7 @@
160	LTLIBOBJS!$LTLIBOBJS$ac_delim
161	_ACEOF
162
163	- if test `sed -n "s/.*$ac_delim\$/X/p" conf$$subs.sed \| grep -c X` = 20; then
164	+ if test `sed -n "s/.*$ac_delim\$/X/p" conf$$subs.sed \| grep -c X` = 21; then
165	break
166	elif $ac_last_try; then
167	{ { echo "$as_me:$LINENO: error: could not make $CONFIG_STATUS" >&5
168	@@ -31993,6 +31996,9 @@
169	if test ! -z "${SSHDLIBS}"; then
170	echo " +for sshd: ${SSHDLIBS}"
171	fi
172	+if test ! -z "${SSHLIBS}"; then
173	+echo " +for ssh: ${SSHLIBS}"
174	+fi
175
176	echo ""
177
178	Index: b/openbsd-compat/port-linux.c	7	Index: b/openbsd-compat/port-linux.c
179	===================================================================	8	===================================================================
180	--- a/openbsd-compat/port-linux.c	9	--- a/openbsd-compat/port-linux.c
181	+++ b/openbsd-compat/port-linux.c	10	+++ b/openbsd-compat/port-linux.c
182	@@ -218,6 +218,20 @@	11	@@ -226,7 +226,7 @@
183	xfree(oldctx);	12
184	xfree(newctx);	13	if (!ssh_selinux_enabled())
185	}	14	return;
186	+	15	- if (path == NULL)
187	+void	16	+ if (path == NULL) {
188	+ssh_selinux_setfscreatecon(const char *path)	17	setfscreatecon(NULL);
189	+{	18	return;
190	+ security_context_t context;
191	+
192	+ if (path == NULL) {
193	+ setfscreatecon(NULL);
194	+ return;
195	+ }
196	+ matchpathcon(path, 0700, &context);
197	+ setfscreatecon(context);
198	+}
199	+
200	#endif /* WITH_SELINUX */
201
202	#ifdef LINUX_OOM_ADJUST
203	Index: b/openbsd-compat/port-linux.h
204	===================================================================
205	--- a/openbsd-compat/port-linux.h
206	+++ b/openbsd-compat/port-linux.h
207	@@ -24,6 +24,7 @@
208	void ssh_selinux_setup_pty(char , const char , const char *);
209	void ssh_selinux_setup_exec_context(char , const char );
210	void ssh_selinux_change_context(const char *);
211	+void ssh_selinux_setfscreatecon(const char *);
212	#endif
213
214	#ifdef LINUX_OOM_ADJUST
215	Index: b/ssh.c
216	===================================================================
217	--- a/ssh.c
218	+++ b/ssh.c
219	@@ -852,15 +852,12 @@
220	strcmp(pw->pw_dir, "/") ? "/" : "", _PATH_SSH_USER_DIR);
221	if (r > 0 && (size_t)r < sizeof(buf) && stat(buf, &st) < 0) {
222	#ifdef WITH_SELINUX
223	- char *scon;
224	-
225	- matchpathcon(buf, 0700, &scon);
226	- setfscreatecon(scon);
227	+ ssh_selinux_setfscreatecon(buf);
228	#endif
229	if (mkdir(buf, 0700) < 0)
230	error("Could not create directory '%.200s'.", buf);
231	#ifdef WITH_SELINUX
232	- setfscreatecon(NULL);
233	+ ssh_selinux_setfscreatecon(NULL);
234	#endif
235	}	19	}
236	/* load options.identity_files */