From ca05b36451a1fd77710af97f886a242ca3083275 Mon Sep 17 00:00:00 2001 From: "Jan F. Chadima" Date: Tue, 30 Jun 2009 10:26:13 +0000 Subject: [PATCH] create '~/.ssh/known_hosts' within proper context --- openssh-5.2p1-selabel.patch | 53 +++++++++++++++++++++++++++++++++++++ openssh.spec | 8 +++++- 2 files changed, 60 insertions(+), 1 deletion(-) create mode 100644 openssh-5.2p1-selabel.patch diff --git a/openssh-5.2p1-selabel.patch b/openssh-5.2p1-selabel.patch new file mode 100644 index 0000000..a367739 --- /dev/null +++ b/openssh-5.2p1-selabel.patch @@ -0,0 +1,53 @@ +diff -up openssh-5.2p1/contrib/ssh-copy-id.selabel openssh-5.2p1/contrib/ssh-copy-id +--- openssh-5.2p1/contrib/ssh-copy-id.selabel 2009-06-29 23:43:03.514390092 +0200 ++++ openssh-5.2p1/contrib/ssh-copy-id 2009-06-29 23:44:11.188382120 +0200 +@@ -38,7 +38,7 @@ if [ "$#" -lt 1 ] || [ "$1" = "-h" ] || + exit 1 + fi + +-{ eval "$GET_ID" ; } | ssh $1 "umask 077; test -d .ssh || mkdir .ssh ; cat >> .ssh/authorized_keys" || exit 1 ++{ eval "$GET_ID" ; } | ssh $1 "umask 077; test -d .ssh || mkdir .ssh ; cat >> .ssh/authorized_keys; test -x /sbin/restorecon && /sbin/restorecon .ssh .ssh/authorized_keys" || exit 1 + + cat < + #include + #include ++#include + #include "openbsd-compat/openssl-compat.h" + #include "openbsd-compat/sys-queue.h" + +@@ -790,10 +791,15 @@ main(int ac, char **av) + */ + snprintf(buf, sizeof buf, "%.100s%s%.100s", pw->pw_dir, + strcmp(pw->pw_dir, "/") ? "/" : "", _PATH_SSH_USER_DIR); +- if (stat(buf, &st) < 0) ++ if (stat(buf, &st) < 0) { ++ char *scon; ++ ++ matchpathcon(buf, 0700, &scon); ++ setfscreatecon(scon); + if (mkdir(buf, 0700) < 0) + error("Could not create directory '%.200s'.", buf); +- ++ setfscreatecon(NULL); ++ } + /* load options.identity_files */ + load_public_identity_files(); + diff --git a/openssh.spec b/openssh.spec index 4e328da..6d12f9a 100644 --- a/openssh.spec +++ b/openssh.spec @@ -63,7 +63,7 @@ Summary: An open source implementation of SSH protocol versions 1 and 2 Name: openssh Version: 5.2p1 -Release: 11%{?dist}%{?rescue_rel} +Release: 12%{?dist}%{?rescue_rel} URL: http://www.openssh.com/portable.html #Source0: ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-%{version}.tar.gz #Source1: ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-%{version}.tar.gz.asc @@ -100,6 +100,7 @@ Patch65: openssh-5.2p1-fips.patch Patch66: openssh-5.2p1-homechroot.patch Patch67: openssh-5.2p1-xmodifiers.patch Patch68: openssh-5.2p1-pathmax.patch +Patch69: openssh-5.2p1-selabel.patch License: BSD Group: Applications/Internet @@ -234,6 +235,7 @@ an X11 passphrase dialog for OpenSSH. %patch66 -p1 -b .homechroot %patch67 -p1 -b .xmodifiers %patch68 -p1 -b .pathmax +%patch69 -p1 -b .selabel autoreconf @@ -468,8 +470,12 @@ fi %endif %changelog +* Tue Jun 30 2009 Jan F. Chadima - 5.2p1-11 +- create '~/.ssh/known_hosts' within proper context + * Mon Jun 29 2009 Jan F. Chadima - 5.2p1-11 - length of home path in ssh now limited by PATH_MAX +- correct timezone with daylight processing * Sat Jun 27 2009 Jan F. Chadima - 5.2p1-10 - final version chroot %%h (sftp only)