From 5e750371bb19c8cc58b5faea70278d857acdae0a Mon Sep 17 00:00:00 2001
From: Colin Watson <cjwatson@debian.org>
Date: Tue, 25 Jan 2011 01:51:25 +0000
Subject: Backport SELinux build fix from CVS.

---
 debian/changelog                           |   1 +
 debian/patches/selinux-build-failure.patch | 236 +++++++++++++++++++++++++++++
 debian/patches/series                      |   3 +
 3 files changed, 240 insertions(+)
 create mode 100644 debian/patches/selinux-build-failure.patch

(limited to 'debian')

diff --git a/debian/changelog b/debian/changelog
index e7f334fe8..b063f0fac 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -26,6 +26,7 @@ openssh (1:5.7p1-1) UNRELEASED; urgency=low
     installations or if you manually add 'HostKey
     /etc/ssh/ssh_host_ecdsa_key' to /etc/ssh/sshd_config.
   * Build-depend on libssl-dev (>= 0.9.8g) to ensure sufficient ECC support.
+  * Backport SELinux build fix from CVS.
 
  -- Colin Watson <cjwatson@debian.org>  Mon, 24 Jan 2011 12:07:24 +0000
 
diff --git a/debian/patches/selinux-build-failure.patch b/debian/patches/selinux-build-failure.patch
new file mode 100644
index 000000000..47c953009
--- /dev/null
+++ b/debian/patches/selinux-build-failure.patch
@@ -0,0 +1,236 @@
+Description: Fix SELinux build failure
+Origin: backport, http://bazaar.launchpad.net/~vcs-imports/openssh/main/revision/6317
+Author: Damien Miller <djm@mindrot.org>
+Last-Update: 2011-01-25
+
+Index: b/Makefile.in
+===================================================================
+--- a/Makefile.in
++++ b/Makefile.in
+@@ -48,6 +48,7 @@
+ CFLAGS=@CFLAGS@
+ CPPFLAGS=-I. -I$(srcdir) @CPPFLAGS@ $(PATHS) @DEFS@
+ LIBS=@LIBS@
++SSHLIBS=@SSHLIBS@
+ SSHDLIBS=@SSHDLIBS@
+ LIBEDIT=@LIBEDIT@
+ AR=@AR@
+@@ -144,7 +145,7 @@
+ 	$(RANLIB) $@
+ 
+ ssh$(EXEEXT): $(LIBCOMPAT) libssh.a $(SSHOBJS)
+-	$(LD) -o $@ $(SSHOBJS) $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS)
++	$(LD) -o $@ $(SSHOBJS) $(LDFLAGS) -lssh -lopenbsd-compat $(SSHLIBS) $(LIBS)
+ 
+ sshd$(EXEEXT): libssh.a	$(LIBCOMPAT) $(SSHDOBJS)
+ 	$(LD) -o $@ $(SSHDOBJS) $(LDFLAGS) -lssh -lopenbsd-compat $(SSHDLIBS) $(LIBS)
+Index: b/configure.ac
+===================================================================
+--- a/configure.ac
++++ b/configure.ac
+@@ -761,7 +761,6 @@
+ 			[ AC_DEFINE(USE_SOLARIS_PROCESS_CONTRACTS, 1,
+ 				[Define if you have Solaris process contracts])
+ 			  SSHDLIBS="$SSHDLIBS -lcontract"
+-			  AC_SUBST(SSHDLIBS)
+ 			  SPC_MSG="yes" ], )
+ 		],
+ 	)
+@@ -772,7 +771,6 @@
+ 			[ AC_DEFINE(USE_SOLARIS_PROJECTS, 1,
+ 				[Define if you have Solaris projects])
+ 			SSHDLIBS="$SSHDLIBS -lproject"
+-			AC_SUBST(SSHDLIBS)
+ 			SP_MSG="yes" ], )
+ 		],
+ 	)
+@@ -3539,11 +3537,14 @@
+ 			  LIBS="$LIBS -lselinux"
+ 			],
+ 			AC_MSG_ERROR(SELinux support requires libselinux library))
++		SSHLIBS="$SSHLIBS $LIBSELINUX"
+ 		SSHDLIBS="$SSHDLIBS $LIBSELINUX"
+ 		AC_CHECK_FUNCS(getseuserbyname get_default_context_with_level)
+ 		LIBS="$save_LIBS"
+ 	fi ]
+ )
++AC_SUBST(SSHLIBS)
++AC_SUBST(SSHDLIBS)
+ 
+ # Check whether user wants Kerberos 5 support
+ KRB5_MSG="no"
+@@ -4365,6 +4366,9 @@
+ if test ! -z "${SSHDLIBS}"; then
+ echo "         +for sshd: ${SSHDLIBS}"
+ fi
++if test ! -z "${SSHLIBS}"; then
++echo "          +for ssh: ${SSHLIBS}"
++fi
+ 
+ echo ""
+ 
+Index: b/configure
+===================================================================
+--- a/configure
++++ b/configure
+@@ -696,7 +696,6 @@
+ LOGIN_PROGRAM_FALLBACK
+ PATH_PASSWD_PROG
+ LD
+-SSHDLIBS
+ PKGCONFIG
+ LIBEDIT
+ TEST_SSH_SHA256
+@@ -721,6 +720,8 @@
+ PROG_IPCS
+ PROG_TAIL
+ INSTALL_SSH_PRNG_CMDS
++SSHLIBS
++SSHDLIBS
+ KRB5CONF
+ PRIVSEP_PATH
+ xauth_path
+@@ -9047,7 +9159,6 @@
+ _ACEOF
+ 
+ 			  SSHDLIBS="$SSHDLIBS -lcontract"
+-
+ 			  SPC_MSG="yes"
+ fi
+ 
+@@ -9126,7 +9237,6 @@
+ _ACEOF
+ 
+ 			SSHDLIBS="$SSHDLIBS -lproject"
+-
+ 			SP_MSG="yes"
+ fi
+ 
+@@ -27806,6 +27916,7 @@
+    { (exit 1); exit 1; }; }
+ fi
+ 
++		SSHLIBS="$SSHLIBS $LIBSELINUX"
+ 		SSHDLIBS="$SSHDLIBS $LIBSELINUX"
+ 
+ 
+@@ -27908,6 +28019,8 @@
+ fi
+ 
+ 
++
++
+ # Check whether user wants Kerberos 5 support
+ KRB5_MSG="no"
+ 
+@@ -31416,7 +31529,6 @@
+ LOGIN_PROGRAM_FALLBACK!$LOGIN_PROGRAM_FALLBACK$ac_delim
+ PATH_PASSWD_PROG!$PATH_PASSWD_PROG$ac_delim
+ LD!$LD$ac_delim
+-SSHDLIBS!$SSHDLIBS$ac_delim
+ PKGCONFIG!$PKGCONFIG$ac_delim
+ LIBEDIT!$LIBEDIT$ac_delim
+ TEST_SSH_SHA256!$TEST_SSH_SHA256$ac_delim
+@@ -31433,6 +31545,7 @@
+ PROG_SAR!$PROG_SAR$ac_delim
+ PROG_W!$PROG_W$ac_delim
+ PROG_WHO!$PROG_WHO$ac_delim
++PROG_LAST!$PROG_LAST$ac_delim
+ _ACEOF
+ 
+   if test `sed -n "s/.*$ac_delim\$/X/p" conf$$subs.sed | grep -c X` = 97; then
+@@ -31474,7 +31587,6 @@
+ ac_delim='%!_!# '
+ for ac_last_try in false false false false false :; do
+   cat >conf$$subs.sed <<_ACEOF
+-PROG_LAST!$PROG_LAST$ac_delim
+ PROG_LASTLOG!$PROG_LASTLOG$ac_delim
+ PROG_DF!$PROG_DF$ac_delim
+ PROG_VMSTAT!$PROG_VMSTAT$ac_delim
+@@ -31482,6 +31594,8 @@
+ PROG_IPCS!$PROG_IPCS$ac_delim
+ PROG_TAIL!$PROG_TAIL$ac_delim
+ INSTALL_SSH_PRNG_CMDS!$INSTALL_SSH_PRNG_CMDS$ac_delim
++SSHLIBS!$SSHLIBS$ac_delim
++SSHDLIBS!$SSHDLIBS$ac_delim
+ KRB5CONF!$KRB5CONF$ac_delim
+ PRIVSEP_PATH!$PRIVSEP_PATH$ac_delim
+ xauth_path!$xauth_path$ac_delim
+@@ -31496,7 +31610,7 @@
+ LTLIBOBJS!$LTLIBOBJS$ac_delim
+ _ACEOF
+ 
+-  if test `sed -n "s/.*$ac_delim\$/X/p" conf$$subs.sed | grep -c X` = 20; then
++  if test `sed -n "s/.*$ac_delim\$/X/p" conf$$subs.sed | grep -c X` = 21; then
+     break
+   elif $ac_last_try; then
+     { { echo "$as_me:$LINENO: error: could not make $CONFIG_STATUS" >&5
+@@ -31993,6 +32107,9 @@
+ if test ! -z "${SSHDLIBS}"; then
+ echo "         +for sshd: ${SSHDLIBS}"
+ fi
++if test ! -z "${SSHLIBS}"; then
++echo "          +for ssh: ${SSHLIBS}"
++fi
+ 
+ echo ""
+ 
+Index: b/openbsd-compat/port-linux.c
+===================================================================
+--- a/openbsd-compat/port-linux.c
++++ b/openbsd-compat/port-linux.c
+@@ -222,6 +222,20 @@
+ 	xfree(oldctx);
+ 	xfree(newctx);
+ }
++
++void
++ssh_selinux_setfscreatecon(const char *path)
++{
++		security_context_t context;
++
++		if (path == NULL) {
++			setfscreatecon(NULL);
++			return;
++		}
++		matchpathcon(path, 0700, &context);
++		setfscreatecon(context);
++}
++
+ #endif /* WITH_SELINUX */
+ 
+ #ifdef LINUX_OOM_ADJUST
+Index: b/openbsd-compat/port-linux.h
+===================================================================
+--- a/openbsd-compat/port-linux.h
++++ b/openbsd-compat/port-linux.h
+@@ -24,6 +24,7 @@
+ void ssh_selinux_setup_pty(char *, const char *);
+ void ssh_selinux_setup_exec_context(char *);
+ void ssh_selinux_change_context(const char *);
++void ssh_selinux_setfscreatecon(const char *);
+ #endif
+ 
+ #ifdef LINUX_OOM_ADJUST
+Index: b/ssh.c
+===================================================================
+--- a/ssh.c
++++ b/ssh.c
+@@ -852,15 +852,12 @@
+ 	    strcmp(pw->pw_dir, "/") ? "/" : "", _PATH_SSH_USER_DIR);
+ 	if (r > 0 && (size_t)r < sizeof(buf) && stat(buf, &st) < 0) {
+ #ifdef WITH_SELINUX
+-		char *scon;
+-
+-		matchpathcon(buf, 0700, &scon);
+-		setfscreatecon(scon);
++		ssh_selinux_setfscreatecon(buf);
+ #endif
+ 		if (mkdir(buf, 0700) < 0)
+ 			error("Could not create directory '%.200s'.", buf);
+ #ifdef WITH_SELINUX
+-		setfscreatecon(NULL);
++		ssh_selinux_setfscreatecon(NULL);
+ #endif
+ 	}
+ 	/* load options.identity_files */
diff --git a/debian/patches/series b/debian/patches/series
index 751a9868c..a3431201e 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -36,6 +36,9 @@ openbsd-docs.patch
 ssh-argv0.patch
 doc-hash-tab-completion.patch
 
+# Upstream backports
+selinux-build-failure.patch
+
 # Debian-specific configuration
 gnome-ssh-askpass2-icon.patch
 debian-config.patch
-- 
cgit v1.2.3