From 04d4f897e99d3698a5b74088865cfdf1dd5243f1 Mon Sep 17 00:00:00 2001 From: Colin Watson Date: Thu, 27 Jan 2011 12:12:48 +0000 Subject: Fix crash in ssh_selinux_setfscreatecon when SELinux is disabled (LP: #708571). --- debian/changelog | 7 ++++++ debian/patches/selinux-setfscreatecon-crash.patch | 28 +++++++++++++++++++++++ debian/patches/series | 3 +++ 3 files changed, 38 insertions(+) create mode 100644 debian/patches/selinux-setfscreatecon-crash.patch (limited to 'debian') diff --git a/debian/changelog b/debian/changelog index ab59d980a..08f22e8b7 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,10 @@ +openssh (1:5.7p1-2) UNRELEASED; urgency=low + + * Fix crash in ssh_selinux_setfscreatecon when SELinux is disabled + (LP: #708571). + + -- Colin Watson Thu, 27 Jan 2011 12:05:26 +0000 + openssh (1:5.7p1-1) experimental; urgency=low * New upstream release (http://www.openssh.org/txt/release-5.7): diff --git a/debian/patches/selinux-setfscreatecon-crash.patch b/debian/patches/selinux-setfscreatecon-crash.patch new file mode 100644 index 000000000..8d09d3529 --- /dev/null +++ b/debian/patches/selinux-setfscreatecon-crash.patch @@ -0,0 +1,28 @@ +Description: Fix crash in ssh_selinux_setfscreatecon when SELinux is disabled +Author: Colin Watson +Bug-Ubuntu: https://bugs.launchpad.net/bugs/708571 +Forwarded: https://bugzilla.mindrot.org/show_bug.cgi?id=1851 +Last-Update: 2011-01-27 + +Index: b/openbsd-compat/port-linux.c +=================================================================== +--- a/openbsd-compat/port-linux.c ++++ b/openbsd-compat/port-linux.c +@@ -224,12 +224,15 @@ + { + security_context_t context; + ++ if (!ssh_selinux_enabled()) ++ return; ++ + if (path == NULL) { + setfscreatecon(NULL); + return; + } +- matchpathcon(path, 0700, &context); +- setfscreatecon(context); ++ if (matchpathcon(path, 0700, &context) == 0) ++ setfscreatecon(context); + } + + #endif /* WITH_SELINUX */ diff --git a/debian/patches/series b/debian/patches/series index a3431201e..15b5d91db 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -39,6 +39,9 @@ doc-hash-tab-completion.patch # Upstream backports selinux-build-failure.patch +# Miscellaneous bug fixes +selinux-setfscreatecon-crash.patch + # Debian-specific configuration gnome-ssh-askpass2-icon.patch debian-config.patch -- cgit v1.2.3