1 files changed, 33 insertions, 33 deletions

diff --git a/debian/patches/selinux-role.patch b/debian/patches/selinux-role.patch
index e0ca12fb0..1fa0bf928 100644
--- a/debian/patches/selinux-role.patch
+++ b/debian/patches/selinux-role.patch
@@ -1,4 +1,4 @@
-From ae32d626ed3d15cfd7f432358b63c005961921df Mon Sep 17 00:00:00 2001
+From c9638aa44d787849cea1ae273f0908c6313fd19b Mon Sep 17 00:00:00 2001
 From: Manoj Srivastava <srivasta@debian.org>
 Date: Sun, 9 Feb 2014 16:09:49 +0000
 Subject: Handle SELinux authorisation roles
@@ -32,7 +32,7 @@ Patch-Name: selinux-role.patch
  16 files changed, 104 insertions(+), 31 deletions(-)
 
 diff --git a/auth.h b/auth.h
-index 124e597..79e4ea5 100644
+index d081c94..f099e98 100644
 --- a/auth.h
 +++ b/auth.h
 @@ -59,6 +59,7 @@ struct Authctxt {
@@ -44,10 +44,10 @@ index 124e597..79e4ea5 100644
         char            *info;          /* Extra info for next auth_log */
  #ifdef BSD_AUTH
 diff --git a/auth1.c b/auth1.c
-index 0f870b3..c707390 100644
+index 5038828..52b17db 100644
 --- a/auth1.c
 +++ b/auth1.c
-@@ -380,7 +380,7 @@ void
+@@ -381,7 +381,7 @@ void
  do_authentication(Authctxt *authctxt)
  {
         u_int ulen;
@@ -56,7 +56,7 @@ index 0f870b3..c707390 100644
  
         /* Get the name of the user that we wish to log in as. */
         packet_read_expect(SSH_CMSG_USER);
-@@ -389,11 +389,17 @@ do_authentication(Authctxt *authctxt)
+@@ -390,11 +390,17 @@ do_authentication(Authctxt *authctxt)
         user = packet_get_cstring(&ulen);
         packet_check_eom();
  
@@ -75,10 +75,10 @@ index 0f870b3..c707390 100644
         /* Verify that the user is a valid user. */
         if ((authctxt->pw = PRIVSEP(getpwnamallow(user))) != NULL)
 diff --git a/auth2.c b/auth2.c
-index fbe3e1b..70f2925 100644
+index 2f0d565..fa1a588 100644
 --- a/auth2.c
 +++ b/auth2.c
-@@ -216,7 +216,7 @@ input_userauth_request(int type, u_int32_t seq, void *ctxt)
+@@ -217,7 +217,7 @@ input_userauth_request(int type, u_int32_t seq, void *ctxt)
  {
         Authctxt *authctxt = ctxt;
         Authmethod *m = NULL;
@@ -87,7 +87,7 @@ index fbe3e1b..70f2925 100644
         int authenticated = 0;
  
         if (authctxt == NULL)
-@@ -228,8 +228,13 @@ input_userauth_request(int type, u_int32_t seq, void *ctxt)
+@@ -229,8 +229,13 @@ input_userauth_request(int type, u_int32_t seq, void *ctxt)
         debug("userauth-request for user %s service %s method %s", user, service, method);
         debug("attempt %d failures %d", authctxt->attempt, authctxt->failures);
  
@@ -101,7 +101,7 @@ index fbe3e1b..70f2925 100644
  
         if (authctxt->attempt++ == 0) {
                 /* setup auth context */
-@@ -253,8 +258,9 @@ input_userauth_request(int type, u_int32_t seq, void *ctxt)
+@@ -254,8 +259,9 @@ input_userauth_request(int type, u_int32_t seq, void *ctxt)
                     use_privsep ? " [net]" : "");
                 authctxt->service = xstrdup(service);
                 authctxt->style = style ? xstrdup(style) : NULL;
@@ -113,10 +113,10 @@ index fbe3e1b..70f2925 100644
                 if (auth2_setup_methods_lists(authctxt) != 0)
                         packet_disconnect("no authentication methods enabled");
 diff --git a/monitor.c b/monitor.c
-index 2918814..11eac63 100644
+index b0896ef..94b194d 100644
 --- a/monitor.c
 +++ b/monitor.c
-@@ -145,6 +145,7 @@ int mm_answer_sign(int, Buffer *);
+@@ -148,6 +148,7 @@ int mm_answer_sign(int, Buffer *);
  int mm_answer_pwnamallow(int, Buffer *);
  int mm_answer_auth2_read_banner(int, Buffer *);
  int mm_answer_authserv(int, Buffer *);
@@ -124,7 +124,7 @@ index 2918814..11eac63 100644
  int mm_answer_authpassword(int, Buffer *);
  int mm_answer_bsdauthquery(int, Buffer *);
  int mm_answer_bsdauthrespond(int, Buffer *);
-@@ -221,6 +222,7 @@ struct mon_table mon_dispatch_proto20[] = {
+@@ -229,6 +230,7 @@ struct mon_table mon_dispatch_proto20[] = {
      {MONITOR_REQ_SIGN, MON_ONCE, mm_answer_sign},
      {MONITOR_REQ_PWNAM, MON_ONCE, mm_answer_pwnamallow},
      {MONITOR_REQ_AUTHSERV, MON_ONCE, mm_answer_authserv},
@@ -132,7 +132,7 @@ index 2918814..11eac63 100644
      {MONITOR_REQ_AUTH2_READ_BANNER, MON_ONCE, mm_answer_auth2_read_banner},
      {MONITOR_REQ_AUTHPASSWORD, MON_AUTH, mm_answer_authpassword},
  #ifdef USE_PAM
-@@ -822,6 +824,7 @@ mm_answer_pwnamallow(int sock, Buffer *m)
+@@ -841,6 +843,7 @@ mm_answer_pwnamallow(int sock, Buffer *m)
         else {
                 /* Allow service/style information on the auth context */
                 monitor_permit(mon_dispatch, MONITOR_REQ_AUTHSERV, 1);
@@ -140,7 +140,7 @@ index 2918814..11eac63 100644
                 monitor_permit(mon_dispatch, MONITOR_REQ_AUTH2_READ_BANNER, 1);
         }
  #ifdef USE_PAM
-@@ -852,14 +855,37 @@ mm_answer_authserv(int sock, Buffer *m)
+@@ -871,14 +874,37 @@ mm_answer_authserv(int sock, Buffer *m)
  
         authctxt->service = buffer_get_string(m, NULL);
         authctxt->style = buffer_get_string(m, NULL);
@@ -180,7 +180,7 @@ index 2918814..11eac63 100644
         return (0);
  }
  
-@@ -1464,7 +1490,7 @@ mm_answer_pty(int sock, Buffer *m)
+@@ -1485,7 +1511,7 @@ mm_answer_pty(int sock, Buffer *m)
         res = pty_allocate(&s->ptyfd, &s->ttyfd, s->tty, sizeof(s->tty));
         if (res == 0)
                 goto error;
@@ -203,10 +203,10 @@ index 7f32b0c..4d5e8fa 100644
  
  struct mm_master;
 diff --git a/monitor_wrap.c b/monitor_wrap.c
-index 60b987d..f75dc9d 100644
+index e476f0d..6dc890a 100644
 --- a/monitor_wrap.c
 +++ b/monitor_wrap.c
-@@ -318,10 +318,10 @@ mm_auth2_read_banner(void)
+@@ -324,10 +324,10 @@ mm_auth2_read_banner(void)
         return (banner);
  }
  
@@ -219,7 +219,7 @@ index 60b987d..f75dc9d 100644
  {
         Buffer m;
  
-@@ -330,12 +330,30 @@ mm_inform_authserv(char *service, char *style)
+@@ -336,12 +336,30 @@ mm_inform_authserv(char *service, char *style)
         buffer_init(&m);
         buffer_put_cstring(&m, service);
         buffer_put_cstring(&m, style ? style : "");
@@ -361,10 +361,10 @@ index e3d1004..80ce13a 100644
  void ssh_selinux_setfscreatecon(const char *);
  #endif
 diff --git a/platform.c b/platform.c
-index 30fc609..4aab9a9 100644
+index ee313da..f35ec39 100644
 --- a/platform.c
 +++ b/platform.c
-@@ -142,7 +142,7 @@ platform_setusercontext(struct passwd *pw)
+@@ -143,7 +143,7 @@ platform_setusercontext(struct passwd *pw)
   * called if sshd is running as root.
   */
  void
@@ -373,7 +373,7 @@ index 30fc609..4aab9a9 100644
  {
  #if !defined(HAVE_LOGIN_CAP) && defined(USE_PAM)
         /*
-@@ -183,7 +183,7 @@ platform_setusercontext_post_groups(struct passwd *pw)
+@@ -184,7 +184,7 @@ platform_setusercontext_post_groups(struct passwd *pw)
         }
  #endif /* HAVE_SETPCRED */
  #ifdef WITH_SELINUX
@@ -396,10 +396,10 @@ index 1c7a45d..436ae7c 100644
  char *platform_krb5_get_principal_name(const char *);
  int platform_sys_dir_uid(uid_t);
 diff --git a/session.c b/session.c
-index 2bcf818..6848df4 100644
+index 3e96557..6f389ac 100644
 --- a/session.c
 +++ b/session.c
-@@ -1502,7 +1502,7 @@ safely_chroot(const char *path, uid_t uid)
+@@ -1486,7 +1486,7 @@ safely_chroot(const char *path, uid_t uid)
  
  /* Set login name, uid, gid, and groups. */
  void
@@ -407,8 +407,8 @@ index 2bcf818..6848df4 100644
 +do_setusercontext(struct passwd *pw, const char *role)
  {
         char *chroot_path, *tmp;
- 
-@@ -1530,7 +1530,7 @@ do_setusercontext(struct passwd *pw)
+ #ifdef USE_LIBIAF
+@@ -1517,7 +1517,7 @@ do_setusercontext(struct passwd *pw)
                 endgrent();
  #endif
  
@@ -417,7 +417,7 @@ index 2bcf818..6848df4 100644
  
                 if (options.chroot_directory != NULL &&
                     strcasecmp(options.chroot_directory, "none") != 0) {
-@@ -1679,7 +1679,7 @@ do_child(Session *s, const char *command)
+@@ -1676,7 +1676,7 @@ do_child(Session *s, const char *command)
  
         /* Force a password change */
         if (s->authctxt->force_pwchange) {
@@ -426,7 +426,7 @@ index 2bcf818..6848df4 100644
                 child_close_fds();
                 do_pwchange(s);
                 exit(1);
-@@ -1706,7 +1706,7 @@ do_child(Session *s, const char *command)
+@@ -1703,7 +1703,7 @@ do_child(Session *s, const char *command)
                 /* When PAM is enabled we rely on it to do the nologin check */
                 if (!options.use_pam)
                         do_nologin(pw);
@@ -435,7 +435,7 @@ index 2bcf818..6848df4 100644
                 /*
                  * PAM session modules in do_setusercontext may have
                  * generated messages, so if this in an interactive
-@@ -2117,7 +2117,7 @@ session_pty_req(Session *s)
+@@ -2114,7 +2114,7 @@ session_pty_req(Session *s)
         tty_parse_modes(s->ttyfd, &n_bytes);
  
         if (!use_privsep)
@@ -458,10 +458,10 @@ index 6a2f35e..ef6593c 100644
                        const char *value);
  
 diff --git a/sshd.c b/sshd.c
-index d787fea..e343d90 100644
+index 3a6be65..48a14dd 100644
 --- a/sshd.c
 +++ b/sshd.c
-@@ -769,7 +769,7 @@ privsep_postauth(Authctxt *authctxt)
+@@ -772,7 +772,7 @@ privsep_postauth(Authctxt *authctxt)
         explicit_bzero(rnd, sizeof(rnd));
  
         /* Drop privileges */
@@ -471,10 +471,10 @@ index d787fea..e343d90 100644
   skip:
         /* It is safe now to apply the key state */
 diff --git a/sshpty.c b/sshpty.c
-index bbbc0fe..8cc26a2 100644
+index a2059b7..3512ec8 100644
 --- a/sshpty.c
 +++ b/sshpty.c
-@@ -200,7 +200,7 @@ pty_change_window_size(int ptyfd, u_int row, u_int col,
+@@ -187,7 +187,7 @@ pty_change_window_size(int ptyfd, u_int row, u_int col,
  }
  
  void
@@ -483,7 +483,7 @@ index bbbc0fe..8cc26a2 100644
  {
         struct group *grp;
         gid_t gid;
-@@ -227,7 +227,7 @@ pty_setowner(struct passwd *pw, const char *tty)
+@@ -214,7 +214,7 @@ pty_setowner(struct passwd *pw, const char *tty)
                     strerror(errno));
  
  #ifdef WITH_SELINUX