- Merging selabel patch with the upstream version. (#632914)
This commit is contained in:
		
							parent
							
								
									93909d91af
								
							
						
					
					
						commit
						84d568abcc
					
				| @ -1,6 +1,44 @@ | |||||||
|  | diff -up openssh-5.6p1/configure.ac.selabel openssh-5.6p1/configure.ac
 | ||||||
|  | --- openssh-5.6p1/configure.ac.selabel	2010-09-13 11:20:47.000000000 +0200
 | ||||||
|  | +++ openssh-5.6p1/configure.ac	2010-09-13 11:20:50.000000000 +0200
 | ||||||
|  | @@ -700,7 +700,6 @@ mips-sony-bsd|mips-sony-newsos4)
 | ||||||
|  |  			[ AC_DEFINE(USE_SOLARIS_PROCESS_CONTRACTS, 1, | ||||||
|  |  				[Define if you have Solaris process contracts]) | ||||||
|  |  			  SSHDLIBS="$SSHDLIBS -lcontract" | ||||||
|  | -			  AC_SUBST(SSHDLIBS)
 | ||||||
|  |  			  SPC_MSG="yes" ], ) | ||||||
|  |  		], | ||||||
|  |  	) | ||||||
|  | @@ -3500,6 +3499,7 @@ AC_ARG_WITH(selinux,
 | ||||||
|  |  			], | ||||||
|  |  			AC_MSG_ERROR(SELinux support requires libselinux library)) | ||||||
|  |  		SSHDLIBS="$SSHDLIBS $LIBSELINUX" | ||||||
|  | +		SSHLIBS="$SSHLIBS $LIBSELINUX"
 | ||||||
|  |  		LIBS="$LIBS $LIBSELINUX" | ||||||
|  |  		AC_CHECK_FUNCS(getseuserbyname get_default_context_with_level) | ||||||
|  |  		AC_CHECK_FUNCS(setkeycreatecon) | ||||||
|  | @@ -4269,6 +4269,8 @@ else
 | ||||||
|  |  fi | ||||||
|  |  AC_CHECK_DECL(BROKEN_GETADDRINFO,  TEST_SSH_IPV6=no) | ||||||
|  |  AC_SUBST(TEST_SSH_IPV6, $TEST_SSH_IPV6) | ||||||
|  | +AC_SUBST(SSHLIBS)
 | ||||||
|  | +AC_SUBST(SSHDLIBS)
 | ||||||
|  |   | ||||||
|  |  AC_EXEEXT | ||||||
|  |  AC_CONFIG_FILES([Makefile buildpkg.sh opensshd.init openssh.xml \ | ||||||
|  | @@ -4345,6 +4347,9 @@ echo "         Libraries: ${LIBS}"
 | ||||||
|  |  if test ! -z "${SSHDLIBS}"; then | ||||||
|  |  echo "         +for sshd: ${SSHDLIBS}" | ||||||
|  |  fi | ||||||
|  | +if test ! -z "${SSHLIBS}"; then
 | ||||||
|  | +echo "         +for ssh: ${SSHLIBS}"
 | ||||||
|  | +fi
 | ||||||
|  |   | ||||||
|  |  echo "" | ||||||
|  |   | ||||||
| diff -up openssh-5.6p1/contrib/ssh-copy-id.selabel openssh-5.6p1/contrib/ssh-copy-id
 | diff -up openssh-5.6p1/contrib/ssh-copy-id.selabel openssh-5.6p1/contrib/ssh-copy-id
 | ||||||
| --- openssh-5.6p1/contrib/ssh-copy-id.selabel	2010-08-10 05:36:09.000000000 +0200
 | --- openssh-5.6p1/contrib/ssh-copy-id.selabel	2010-08-10 05:36:09.000000000 +0200
 | ||||||
| +++ openssh-5.6p1/contrib/ssh-copy-id	2010-08-23 12:50:20.000000000 +0200
 | +++ openssh-5.6p1/contrib/ssh-copy-id	2010-09-13 11:20:50.000000000 +0200
 | ||||||
| @@ -41,7 +41,7 @@ fi
 | @@ -41,7 +41,7 @@ fi
 | ||||||
|  # strip any trailing colon |  # strip any trailing colon | ||||||
|  host=`echo $1 | sed 's/:$//'` |  host=`echo $1 | sed 's/:$//'` | ||||||
| @ -11,44 +49,59 @@ diff -up openssh-5.6p1/contrib/ssh-copy-id.selabel openssh-5.6p1/contrib/ssh-cop | |||||||
|  cat <<EOF |  cat <<EOF | ||||||
|  Now try logging into the machine, with "ssh '$host'", and check in: |  Now try logging into the machine, with "ssh '$host'", and check in: | ||||||
| diff -up openssh-5.6p1/Makefile.in.selabel openssh-5.6p1/Makefile.in
 | diff -up openssh-5.6p1/Makefile.in.selabel openssh-5.6p1/Makefile.in
 | ||||||
| --- openssh-5.6p1/Makefile.in.selabel	2010-08-23 12:47:39.000000000 +0200
 | --- openssh-5.6p1/Makefile.in.selabel	2010-09-13 11:20:49.000000000 +0200
 | ||||||
| +++ openssh-5.6p1/Makefile.in	2010-08-23 12:47:39.000000000 +0200
 | +++ openssh-5.6p1/Makefile.in	2010-09-13 11:20:50.000000000 +0200
 | ||||||
| @@ -141,7 +141,7 @@ libssh.a: $(LIBSSH_OBJS)
 | @@ -47,6 +47,7 @@ LD=@LD@
 | ||||||
|  |  CFLAGS=@CFLAGS@ | ||||||
|  |  CPPFLAGS=-I. -I$(srcdir) @CPPFLAGS@ $(PATHS) @DEFS@ | ||||||
|  |  LIBS=@LIBS@ | ||||||
|  | +SSHLIBS=@SSHLIBS@
 | ||||||
|  |  SSHDLIBS=@SSHDLIBS@ | ||||||
|  |  LIBEDIT=@LIBEDIT@ | ||||||
|  |  AR=@AR@ | ||||||
|  | @@ -141,7 +142,7 @@ libssh.a: $(LIBSSH_OBJS)
 | ||||||
|  	$(RANLIB) $@ |  	$(RANLIB) $@ | ||||||
|   |   | ||||||
|  ssh$(EXEEXT): $(LIBCOMPAT) libssh.a $(SSHOBJS) |  ssh$(EXEEXT): $(LIBCOMPAT) libssh.a $(SSHOBJS) | ||||||
| -	$(LD) -o $@ $(SSHOBJS) $(LDFLAGS) -lssh -lopenbsd-compat -lfipscheck $(LIBS)
 | -	$(LD) -o $@ $(SSHOBJS) $(LDFLAGS) -lssh -lopenbsd-compat -lfipscheck $(LIBS)
 | ||||||
| +	$(LD) -o $@ $(SSHOBJS) $(LDFLAGS) -lssh -lopenbsd-compat -lfipscheck -lselinux $(LIBS)
 | +	$(LD) -o $@ $(SSHOBJS) $(LDFLAGS) -lssh -lopenbsd-compat -lfipscheck $(SSHLIBS) $(LIBS)
 | ||||||
|   |   | ||||||
|  sshd$(EXEEXT): libssh.a	$(LIBCOMPAT) $(SSHDOBJS) |  sshd$(EXEEXT): libssh.a	$(LIBCOMPAT) $(SSHDOBJS) | ||||||
|  	$(LD) -o $@ $(SSHDOBJS) $(LDFLAGS) -lssh -lopenbsd-compat -lfipscheck $(SSHDLIBS) $(LIBS) |  	$(LD) -o $@ $(SSHDOBJS) $(LDFLAGS) -lssh -lopenbsd-compat -lfipscheck $(SSHDLIBS) $(LIBS) | ||||||
| diff -up openssh-5.6p1/ssh.c.selabel openssh-5.6p1/ssh.c
 | diff -up openssh-5.6p1/openbsd-compat/port-linux.h.selabel openssh-5.6p1/openbsd-compat/port-linux.h
 | ||||||
| --- openssh-5.6p1/ssh.c.selabel	2010-08-23 12:47:39.000000000 +0200
 | --- openssh-5.6p1/openbsd-compat/port-linux.h.selabel	2009-12-08 03:39:48.000000000 +0100
 | ||||||
| +++ openssh-5.6p1/ssh.c	2010-08-23 12:47:39.000000000 +0200
 | +++ openssh-5.6p1/openbsd-compat/port-linux.h	2010-09-13 11:20:50.000000000 +0200
 | ||||||
| @@ -74,6 +74,7 @@
 | @@ -20,6 +20,7 @@
 | ||||||
|  #include <openssl/err.h> |  #define _PORT_LINUX_H | ||||||
|  #include <openssl/fips.h> |  | ||||||
|  #include <fipscheck.h> |  | ||||||
| +#include <selinux/selinux.h>
 |  | ||||||
|  #include "openbsd-compat/openssl-compat.h" |  | ||||||
|  #include "openbsd-compat/sys-queue.h" |  | ||||||
|   |   | ||||||
| @@ -848,10 +849,17 @@ main(int ac, char **av)
 |  #ifdef WITH_SELINUX | ||||||
|  | +#include <selinux/selinux.h>
 | ||||||
|  |  int ssh_selinux_enabled(void); | ||||||
|  |  void ssh_selinux_setup_pty(char *, const char *); | ||||||
|  |  void ssh_selinux_setup_exec_context(char *); | ||||||
|  | diff -up openssh-5.6p1/ssh.c.selabel openssh-5.6p1/ssh.c
 | ||||||
|  | --- openssh-5.6p1/ssh.c.selabel	2010-09-13 11:20:50.000000000 +0200
 | ||||||
|  | +++ openssh-5.6p1/ssh.c	2010-09-13 11:23:02.000000000 +0200
 | ||||||
|  | @@ -848,10 +848,21 @@ main(int ac, char **av)
 | ||||||
|  	 */ |  	 */ | ||||||
|  	r = snprintf(buf, sizeof buf, "%s%s%s", pw->pw_dir, |  	r = snprintf(buf, sizeof buf, "%s%s%s", pw->pw_dir, | ||||||
|  	    strcmp(pw->pw_dir, "/") ? "/" : "", _PATH_SSH_USER_DIR); |  	    strcmp(pw->pw_dir, "/") ? "/" : "", _PATH_SSH_USER_DIR); | ||||||
| -	if (r > 0 && (size_t)r < sizeof(buf) && stat(buf, &st) < 0)
 | -	if (r > 0 && (size_t)r < sizeof(buf) && stat(buf, &st) < 0)
 | ||||||
| +	if (r > 0 && (size_t)r < sizeof(buf) && stat(buf, &st) < 0) {
 | +	if (r > 0 && (size_t)r < sizeof(buf) && stat(buf, &st) < 0) {
 | ||||||
|  | +#ifdef WITH_SELINUX
 | ||||||
| +		char *scon;
 | +		char *scon;
 | ||||||
| +
 | +
 | ||||||
| +		if (matchpathcon(buf, 0700, &scon) != -1) {
 | +		if (matchpathcon(buf, 0700, &scon) != -1) {
 | ||||||
| +			setfscreatecon(scon);
 | +			setfscreatecon(scon);
 | ||||||
| +			matchpathcon_fini();
 | +			matchpathcon_fini();
 | ||||||
| +		}
 | +		}
 | ||||||
|  | +#endif
 | ||||||
|  		if (mkdir(buf, 0700) < 0) |  		if (mkdir(buf, 0700) < 0) | ||||||
|  			error("Could not create directory '%.200s'.", buf); |  			error("Could not create directory '%.200s'.", buf); | ||||||
| -
 | -
 | ||||||
|  | +#ifdef WITH_SELINUX
 | ||||||
| +		setfscreatecon(NULL);
 | +		setfscreatecon(NULL);
 | ||||||
|  | +#endif
 | ||||||
| +	}
 | +	}
 | ||||||
|  	/* load options.identity_files */ |  	/* load options.identity_files */ | ||||||
|  	load_public_identity_files(); |  	load_public_identity_files(); | ||||||
|  | |||||||
| @ -581,8 +581,11 @@ fi | |||||||
| %endif | %endif | ||||||
| 
 | 
 | ||||||
| %changelog | %changelog | ||||||
|  | * Mon Sep 13 2010 Jan F. Chadima <jchadima@redhat.com> - 5.6p1-5 + 0.9.2-27 | ||||||
|  | - Merging selabel patch with the upstream version. (#632914) | ||||||
|  | 
 | ||||||
| * Mon Sep 13 2010 Jan F. Chadima <jchadima@redhat.com> - 5.6p1-4 + 0.9.2-27 | * Mon Sep 13 2010 Jan F. Chadima <jchadima@redhat.com> - 5.6p1-4 + 0.9.2-27 | ||||||
| - Tweaking selabel batch to work properly without selinux rules loaded. (#632914) | - Tweaking selabel patch to work properly without selinux rules loaded. (#632914) | ||||||
| 
 | 
 | ||||||
| * Wed Sep  8 2010 Tomas Mraz <tmraz@redhat.com> - 5.6p1-3 + 0.9.2-27 | * Wed Sep  8 2010 Tomas Mraz <tmraz@redhat.com> - 5.6p1-3 + 0.9.2-27 | ||||||
| - Make fipscheck hmacs compliant with FHS - requires new fipscheck | - Make fipscheck hmacs compliant with FHS - requires new fipscheck | ||||||
|  | |||||||
		Loading…
	
		Reference in New Issue
	
	Block a user