[openssh] coverity upgrade experimental selinux sandbox

Tue Sep 13 15:15:19 UTC 2011

commit c870e661c7329311a49c121fbe6df3e036bce81d
Author: Jan F. Chadima <jfch at fukusima15.jagda.eu>
Date:   Tue Sep 13 17:14:48 2011 +0200

    coverity upgrade
    experimental selinux sandbox

 openssh-5.9p1-coverity.patch  |   49 +++++----
 openssh-5.9p1-ldap.patch      |  110 ++++++++++----------
 openssh-5.9p1-sesandbox.patch |  228 +++++++++++++++++++++++++++++++++++++++++
 openssh.spec                  |   11 ++-
 4 files changed, 319 insertions(+), 79 deletions(-)
---

diff --git a/openssh-5.9p1-coverity.patch b/openssh-5.9p1-coverity.patch
index 5b9c2d7..8abae8c 100644
--- a/openssh-5.9p1-coverity.patch
+++ b/openssh-5.9p1-coverity.patch
@@ -1,18 +1,23 @@
 diff -up openssh-5.9p1/auth-pam.c.coverity openssh-5.9p1/auth-pam.c
 --- openssh-5.9p1/auth-pam.c.coverity	2009-07-12 14:07:21.000000000 +0200
-+++ openssh-5.9p1/auth-pam.c	2011-09-09 15:13:32.820565436 +0200
-@@ -216,7 +216,7 @@ pthread_join(sp_pthread_t thread, void *
++++ openssh-5.9p1/auth-pam.c	2011-09-13 08:41:24.635521346 +0200
+@@ -216,7 +216,12 @@ pthread_join(sp_pthread_t thread, void *
  	if (sshpam_thread_status != -1)
  		return (sshpam_thread_status);
  	signal(SIGCHLD, sshpam_oldsig);
 -	waitpid(thread, &status, 0);
-+	(void) waitpid(thread, &status, 0);
++	while (waitpid(thread, &status, 0) < 0) {                     
++		if (errno == EINTR)                                
++			continue;
++		fatal("%s: waitpid: %s", __func__,         
++				strerror(errno));                      
++	}
  	return (status);
  }
  #endif
 diff -up openssh-5.9p1/channels.c.coverity openssh-5.9p1/channels.c
 --- openssh-5.9p1/channels.c.coverity	2011-06-23 00:31:57.000000000 +0200
-+++ openssh-5.9p1/channels.c	2011-09-09 15:13:32.911439569 +0200
++++ openssh-5.9p1/channels.c	2011-09-13 08:26:11.771584519 +0200
 @@ -229,11 +229,11 @@ channel_register_fds(Channel *c, int rfd
  	channel_max_fd = MAX(channel_max_fd, wfd);
  	channel_max_fd = MAX(channel_max_fd, efd);
@@ -45,7 +50,7 @@ diff -up openssh-5.9p1/channels.c.coverity openssh-5.9p1/channels.c
  }
 diff -up openssh-5.9p1/clientloop.c.coverity openssh-5.9p1/clientloop.c
 --- openssh-5.9p1/clientloop.c.coverity	2011-06-23 00:31:58.000000000 +0200
-+++ openssh-5.9p1/clientloop.c	2011-09-09 15:13:33.017564323 +0200
++++ openssh-5.9p1/clientloop.c	2011-09-13 08:26:11.889458598 +0200
 @@ -1970,6 +1970,7 @@ client_input_global_request(int type, u_
  	char *rtype;
  	int want_reply;
@@ -56,7 +61,7 @@ diff -up openssh-5.9p1/clientloop.c.coverity openssh-5.9p1/clientloop.c
  	want_reply = packet_get_char();
 diff -up openssh-5.9p1/key.c.coverity openssh-5.9p1/key.c
 --- openssh-5.9p1/key.c.coverity	2011-05-20 11:03:08.000000000 +0200
-+++ openssh-5.9p1/key.c	2011-09-09 15:13:33.145442605 +0200
++++ openssh-5.9p1/key.c	2011-09-13 08:26:12.000459857 +0200
 @@ -803,8 +803,10 @@ key_read(Key *ret, char **cpp)
  		success = 1;
  /*XXXX*/
@@ -69,8 +74,8 @@ diff -up openssh-5.9p1/key.c.coverity openssh-5.9p1/key.c
  		while (*cp == ' ' || *cp == '\t')
  			cp++;
 diff -up openssh-5.9p1/monitor.c.coverity openssh-5.9p1/monitor.c
---- openssh-5.9p1/monitor.c.coverity	2011-09-09 17:13:15.937439833 +0200
-+++ openssh-5.9p1/monitor.c	2011-09-09 17:15:18.625466696 +0200
+--- openssh-5.9p1/monitor.c.coverity	2011-08-05 22:15:18.000000000 +0200
++++ openssh-5.9p1/monitor.c	2011-09-13 08:26:12.132583409 +0200
 @@ -1161,6 +1161,10 @@ mm_answer_keyallowed(int sock, Buffer *m
  			break;
  		}
@@ -93,8 +98,8 @@ diff -up openssh-5.9p1/monitor.c.coverity openssh-5.9p1/monitor.c
  	buffer_put_int(m, allowed);
  	buffer_put_int(m, forced_command != NULL);
 diff -up openssh-5.9p1/openbsd-compat/bindresvport.c.coverity openssh-5.9p1/openbsd-compat/bindresvport.c
---- openssh-5.9p1/openbsd-compat/bindresvport.c.coverity	2011-09-09 17:29:14.709442881 +0200
-+++ openssh-5.9p1/openbsd-compat/bindresvport.c	2011-09-09 17:32:48.770563974 +0200
+--- openssh-5.9p1/openbsd-compat/bindresvport.c.coverity	2010-12-03 00:50:26.000000000 +0100
++++ openssh-5.9p1/openbsd-compat/bindresvport.c	2011-09-13 08:26:12.298464549 +0200
 @@ -58,7 +58,7 @@ bindresvport_sa(int sd, struct sockaddr
  	struct sockaddr_in6 *in6;
  	u_int16_t *portp;
@@ -106,7 +111,7 @@ diff -up openssh-5.9p1/openbsd-compat/bindresvport.c.coverity openssh-5.9p1/open
  	if (sa == NULL) {
 diff -up openssh-5.9p1/packet.c.coverity openssh-5.9p1/packet.c
 --- openssh-5.9p1/packet.c.coverity	2011-05-15 00:58:15.000000000 +0200
-+++ openssh-5.9p1/packet.c	2011-09-09 15:13:33.263447887 +0200
++++ openssh-5.9p1/packet.c	2011-09-13 08:26:12.405461249 +0200
 @@ -1177,6 +1177,7 @@ packet_read_poll1(void)
  		case DEATTACK_DETECTED:
  			packet_disconnect("crc32 compensation attack: "
@@ -126,7 +131,7 @@ diff -up openssh-5.9p1/packet.c.coverity openssh-5.9p1/packet.c
  	setp = (fd_set *)xcalloc(howmany(active_state->connection_out + 1,
 diff -up openssh-5.9p1/progressmeter.c.coverity openssh-5.9p1/progressmeter.c
 --- openssh-5.9p1/progressmeter.c.coverity	2006-08-05 04:39:40.000000000 +0200
-+++ openssh-5.9p1/progressmeter.c	2011-09-09 15:13:33.382566039 +0200
++++ openssh-5.9p1/progressmeter.c	2011-09-13 08:26:12.511520013 +0200
 @@ -65,7 +65,7 @@ static void update_progress_meter(int);
  
  static time_t start;		/* start progress */
@@ -147,7 +152,7 @@ diff -up openssh-5.9p1/progressmeter.c.coverity openssh-5.9p1/progressmeter.c
  	file = f;
 diff -up openssh-5.9p1/progressmeter.h.coverity openssh-5.9p1/progressmeter.h
 --- openssh-5.9p1/progressmeter.h.coverity	2006-03-26 05:30:02.000000000 +0200
-+++ openssh-5.9p1/progressmeter.h	2011-09-09 15:13:33.501438992 +0200
++++ openssh-5.9p1/progressmeter.h	2011-09-13 08:26:12.630521541 +0200
 @@ -23,5 +23,5 @@
   * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
   */
@@ -157,7 +162,7 @@ diff -up openssh-5.9p1/progressmeter.h.coverity openssh-5.9p1/progressmeter.h
  void	stop_progress_meter(void);
 diff -up openssh-5.9p1/scp.c.coverity openssh-5.9p1/scp.c
 --- openssh-5.9p1/scp.c.coverity	2011-01-06 12:41:21.000000000 +0100
-+++ openssh-5.9p1/scp.c	2011-09-09 15:13:33.607564009 +0200
++++ openssh-5.9p1/scp.c	2011-09-13 08:26:12.748520967 +0200
 @@ -155,7 +155,7 @@ killchild(int signo)
  {
  	if (do_cmd_pid > 1) {
@@ -168,8 +173,8 @@ diff -up openssh-5.9p1/scp.c.coverity openssh-5.9p1/scp.c
  
  	if (signo)
 diff -up openssh-5.9p1/servconf.c.coverity openssh-5.9p1/servconf.c
---- openssh-5.9p1/servconf.c.coverity	2011-09-09 17:24:09.333561142 +0200
-+++ openssh-5.9p1/servconf.c	2011-09-09 17:26:41.488502345 +0200
+--- openssh-5.9p1/servconf.c.coverity	2011-06-23 00:30:03.000000000 +0200
++++ openssh-5.9p1/servconf.c	2011-09-13 08:26:12.854521290 +0200
 @@ -1171,7 +1171,7 @@ process_server_config_line(ServerOptions
  			fatal("%s line %d: Missing subsystem name.",
  			    filename, linenum);
@@ -181,7 +186,7 @@ diff -up openssh-5.9p1/servconf.c.coverity openssh-5.9p1/servconf.c
  		for (i = 0; i < options->num_subsystems; i++)
 diff -up openssh-5.9p1/serverloop.c.coverity openssh-5.9p1/serverloop.c
 --- openssh-5.9p1/serverloop.c.coverity	2011-05-20 11:02:50.000000000 +0200
-+++ openssh-5.9p1/serverloop.c	2011-09-09 15:13:33.723564433 +0200
++++ openssh-5.9p1/serverloop.c	2011-09-13 08:26:12.968645756 +0200
 @@ -147,13 +147,13 @@ notify_setup(void)
  static void
  notify_parent(void)
@@ -293,7 +298,7 @@ diff -up openssh-5.9p1/serverloop.c.coverity openssh-5.9p1/serverloop.c
  		tun = forced_tun_device;
 diff -up openssh-5.9p1/sftp-client.c.coverity openssh-5.9p1/sftp-client.c
 --- openssh-5.9p1/sftp-client.c.coverity	2010-12-04 23:02:48.000000000 +0100
-+++ openssh-5.9p1/sftp-client.c	2011-09-09 15:13:33.845564522 +0200
++++ openssh-5.9p1/sftp-client.c	2011-09-13 08:26:13.083520760 +0200
 @@ -149,7 +149,7 @@ get_msg(struct sftp_conn *conn, Buffer *
  }
  
@@ -518,7 +523,7 @@ diff -up openssh-5.9p1/sftp-client.c.coverity openssh-5.9p1/sftp-client.c
  	size_t len = strlen(p1) + strlen(p2) + 2;
 diff -up openssh-5.9p1/sftp-client.h.coverity openssh-5.9p1/sftp-client.h
 --- openssh-5.9p1/sftp-client.h.coverity	2010-12-04 23:02:48.000000000 +0100
-+++ openssh-5.9p1/sftp-client.h	2011-09-09 15:13:33.954567073 +0200
++++ openssh-5.9p1/sftp-client.h	2011-09-13 08:26:13.181525164 +0200
 @@ -56,49 +56,49 @@ struct sftp_conn *do_init(int, int, u_in
  u_int sftp_proto_version(struct sftp_conn *);
  
@@ -618,7 +623,7 @@ diff -up openssh-5.9p1/sftp-client.h.coverity openssh-5.9p1/sftp-client.h
  #endif
 diff -up openssh-5.9p1/sftp.c.coverity openssh-5.9p1/sftp.c
 --- openssh-5.9p1/sftp.c.coverity	2010-12-04 23:02:48.000000000 +0100
-+++ openssh-5.9p1/sftp.c	2011-09-09 15:13:34.086441893 +0200
++++ openssh-5.9p1/sftp.c	2011-09-13 08:26:13.311521187 +0200
 @@ -206,7 +206,7 @@ killchild(int signo)
  {
  	if (sshpid > 1) {
@@ -733,7 +738,7 @@ diff -up openssh-5.9p1/sftp.c.coverity openssh-5.9p1/sftp.c
  	char s_used[FMT_SCALED_STRSIZE];
 diff -up openssh-5.9p1/ssh-agent.c.coverity openssh-5.9p1/ssh-agent.c
 --- openssh-5.9p1/ssh-agent.c.coverity	2011-06-03 06:14:16.000000000 +0200
-+++ openssh-5.9p1/ssh-agent.c	2011-09-09 15:13:34.203567987 +0200
++++ openssh-5.9p1/ssh-agent.c	2011-09-13 08:26:13.416521025 +0200
 @@ -1147,8 +1147,8 @@ main(int ac, char **av)
  	sanitise_stdfd();
  
@@ -747,7 +752,7 @@ diff -up openssh-5.9p1/ssh-agent.c.coverity openssh-5.9p1/ssh-agent.c
  	/* Disable ptrace on Linux without sgid bit */
 diff -up openssh-5.9p1/sshd.c.coverity openssh-5.9p1/sshd.c
 --- openssh-5.9p1/sshd.c.coverity	2011-06-23 11:45:51.000000000 +0200
-+++ openssh-5.9p1/sshd.c	2011-09-09 15:13:34.317564195 +0200
++++ openssh-5.9p1/sshd.c	2011-09-13 08:26:13.565519531 +0200
 @@ -1302,6 +1302,9 @@ server_accept_loop(int *sock_in, int *so
  		if (num_listen_socks < 0)
  			break;
diff --git a/openssh-5.9p1-ldap.patch b/openssh-5.9p1-ldap.patch
index 10f303e..bc6eb98 100644
--- a/openssh-5.9p1-ldap.patch
+++ b/openssh-5.9p1-ldap.patch
@@ -1,6 +1,6 @@
-diff -up openssh-5.9p0/HOWTO.ldap-keys.ldap openssh-5.9p0/HOWTO.ldap-keys
---- openssh-5.9p0/HOWTO.ldap-keys.ldap	2011-08-30 15:57:12.449212853 +0200
-+++ openssh-5.9p0/HOWTO.ldap-keys	2011-08-30 15:57:12.453101662 +0200
+diff -up openssh-5.9p1/HOWTO.ldap-keys.ldap openssh-5.9p1/HOWTO.ldap-keys
+--- openssh-5.9p1/HOWTO.ldap-keys.ldap	2011-09-13 11:17:05.178644691 +0200
++++ openssh-5.9p1/HOWTO.ldap-keys	2011-09-13 11:17:05.181522429 +0200
 @@ -0,0 +1,108 @@
 +
 +HOW TO START
@@ -110,9 +110,9 @@ diff -up openssh-5.9p0/HOWTO.ldap-keys.ldap openssh-5.9p0/HOWTO.ldap-keys
 +5) Author
 +    Jan F. Chadima <jchadima at redhat.com>
 +
-diff -up openssh-5.9p0/Makefile.in.ldap openssh-5.9p0/Makefile.in
---- openssh-5.9p0/Makefile.in.ldap	2011-08-30 15:57:01.693024742 +0200
-+++ openssh-5.9p0/Makefile.in	2011-08-30 16:00:02.478212295 +0200
+diff -up openssh-5.9p1/Makefile.in.ldap openssh-5.9p1/Makefile.in
+--- openssh-5.9p1/Makefile.in.ldap	2011-09-13 11:17:04.064644353 +0200
++++ openssh-5.9p1/Makefile.in	2011-09-13 11:20:16.996522219 +0200
 @@ -25,6 +25,8 @@ SSH_PROGRAM=@bindir@/ssh
  ASKPASS_PROGRAM=$(libexecdir)/ssh-askpass
  SFTP_SERVER=$(libexecdir)/sftp-server
@@ -135,7 +135,7 @@ diff -up openssh-5.9p0/Makefile.in.ldap openssh-5.9p0/Makefile.in
  	canohost.o channels.o cipher.o cipher-acss.o cipher-aes.o \
 @@ -92,8 +95,8 @@ SSHDOBJS=sshd.o auth-rhosts.o auth-passw
  	roaming_common.o roaming_serv.o \
- 	sandbox-null.o sandbox-rlimit.o sandbox-systrace.o sandbox-darwin.o
+ 	sandbox-null.o sandbox-rlimit.o sandbox-systrace.o sandbox-darwin.o sandbox-selinux.o
  
 -MANPAGES	= moduli.5.out scp.1.out ssh-add.1.out ssh-agent.1.out ssh-keygen.1.out ssh-keyscan.1.out ssh.1.out sshd.8.out sftp-server.8.out sftp.1.out ssh-keysign.8.out ssh-pkcs11-helper.8.out sshd_config.5.out ssh_config.5.out
 -MANPAGES_IN	= moduli.5 scp.1 ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh-keyscan.1 ssh.1 sshd.8 sftp-server.8 sftp.1 ssh-keysign.8 ssh-pkcs11-helper.8 sshd_config.5 ssh_config.5
@@ -207,9 +207,9 @@ diff -up openssh-5.9p0/Makefile.in.ldap openssh-5.9p0/Makefile.in
  	-rm -f $(DESTDIR)$(mandir)/$(mansubdir)1/slogin.1
  
  tests interop-tests:	$(TARGETS)
-diff -up openssh-5.9p0/configure.ac.ldap openssh-5.9p0/configure.ac
---- openssh-5.9p0/configure.ac.ldap	2011-08-30 15:57:11.297032991 +0200
-+++ openssh-5.9p0/configure.ac	2011-08-30 15:57:12.664024959 +0200
+diff -up openssh-5.9p1/configure.ac.ldap openssh-5.9p1/configure.ac
+--- openssh-5.9p1/configure.ac.ldap	2011-09-13 11:17:04.488583772 +0200
++++ openssh-5.9p1/configure.ac	2011-09-13 11:17:05.418529375 +0200
 @@ -1433,6 +1433,106 @@ AC_ARG_WITH(authorized-keys-command,
  	]
  )
@@ -317,9 +317,9 @@ diff -up openssh-5.9p0/configure.ac.ldap openssh-5.9p0/configure.ac
  dnl    Checks for library functions. Please keep in alphabetical order
  AC_CHECK_FUNCS([ \
  	arc4random \
-diff -up openssh-5.9p0/ldap-helper.c.ldap openssh-5.9p0/ldap-helper.c
---- openssh-5.9p0/ldap-helper.c.ldap	2011-08-30 15:57:12.754025033 +0200
-+++ openssh-5.9p0/ldap-helper.c	2011-08-30 15:57:12.759025510 +0200
+diff -up openssh-5.9p1/ldap-helper.c.ldap openssh-5.9p1/ldap-helper.c
+--- openssh-5.9p1/ldap-helper.c.ldap	2011-09-13 11:17:05.527520185 +0200
++++ openssh-5.9p1/ldap-helper.c	2011-09-13 11:17:05.531521117 +0200
 @@ -0,0 +1,155 @@
 +/* $OpenBSD: ssh-pka-ldap.c,v 1.1 2009/12/03 03:34:42 jfch Exp $ */
 +/*
@@ -476,9 +476,9 @@ diff -up openssh-5.9p0/ldap-helper.c.ldap openssh-5.9p0/ldap-helper.c
 +void   *buffer_get_string(Buffer *b, u_int *l) { return NULL; }
 +void    buffer_put_string(Buffer *b, const void *f, u_int l) {}
 +
-diff -up openssh-5.9p0/ldap-helper.h.ldap openssh-5.9p0/ldap-helper.h
---- openssh-5.9p0/ldap-helper.h.ldap	2011-08-30 15:57:12.835024792 +0200
-+++ openssh-5.9p0/ldap-helper.h	2011-08-30 15:57:12.839024637 +0200
+diff -up openssh-5.9p1/ldap-helper.h.ldap openssh-5.9p1/ldap-helper.h
+--- openssh-5.9p1/ldap-helper.h.ldap	2011-09-13 11:17:05.619520027 +0200
++++ openssh-5.9p1/ldap-helper.h	2011-09-13 11:17:05.621522622 +0200
 @@ -0,0 +1,32 @@
 +/* $OpenBSD: ldap-helper.h,v 1.1 2009/12/03 03:34:42 jfch Exp $ */
 +/*
@@ -512,9 +512,9 @@ diff -up openssh-5.9p0/ldap-helper.h.ldap openssh-5.9p0/ldap-helper.h
 +extern int config_warning_config_file;
 +
 +#endif /* LDAP_HELPER_H */
-diff -up openssh-5.9p0/ldap.conf.ldap openssh-5.9p0/ldap.conf
---- openssh-5.9p0/ldap.conf.ldap	2011-08-30 15:57:12.929026186 +0200
-+++ openssh-5.9p0/ldap.conf	2011-08-30 15:57:12.933024937 +0200
+diff -up openssh-5.9p1/ldap.conf.ldap openssh-5.9p1/ldap.conf
+--- openssh-5.9p1/ldap.conf.ldap	2011-09-13 11:17:05.697522387 +0200
++++ openssh-5.9p1/ldap.conf	2011-09-13 11:17:05.699522577 +0200
 @@ -0,0 +1,88 @@
 +# $Id: openssh-5.5p1-ldap.patch,v 1.3 2010/07/07 13:48:36 jfch2222 Exp $
 +#
@@ -604,9 +604,9 @@ diff -up openssh-5.9p0/ldap.conf.ldap openssh-5.9p0/ldap.conf
 +#tls_cert
 +#tls_key
 +
-diff -up openssh-5.9p0/ldapbody.c.ldap openssh-5.9p0/ldapbody.c
---- openssh-5.9p0/ldapbody.c.ldap	2011-08-30 15:57:13.005024661 +0200
-+++ openssh-5.9p0/ldapbody.c	2011-08-30 15:57:13.011024848 +0200
+diff -up openssh-5.9p1/ldapbody.c.ldap openssh-5.9p1/ldapbody.c
+--- openssh-5.9p1/ldapbody.c.ldap	2011-09-13 11:17:05.782571211 +0200
++++ openssh-5.9p1/ldapbody.c	2011-09-13 11:17:05.785584958 +0200
 @@ -0,0 +1,494 @@
 +/* $OpenBSD: ldapbody.c,v 1.1 2009/12/03 03:34:42 jfch Exp $ */
 +/*
@@ -1102,9 +1102,9 @@ diff -up openssh-5.9p0/ldapbody.c.ldap openssh-5.9p0/ldapbody.c
 +	return;
 +}
 +
-diff -up openssh-5.9p0/ldapbody.h.ldap openssh-5.9p0/ldapbody.h
---- openssh-5.9p0/ldapbody.h.ldap	2011-08-30 15:57:13.087150596 +0200
-+++ openssh-5.9p0/ldapbody.h	2011-08-30 15:57:13.091149461 +0200
+diff -up openssh-5.9p1/ldapbody.h.ldap openssh-5.9p1/ldapbody.h
+--- openssh-5.9p1/ldapbody.h.ldap	2011-09-13 11:17:05.861522789 +0200
++++ openssh-5.9p1/ldapbody.h	2011-09-13 11:17:05.863522010 +0200
 @@ -0,0 +1,37 @@
 +/* $OpenBSD: ldapbody.h,v 1.1 2009/12/03 03:34:42 jfch Exp $ */
 +/*
@@ -1143,9 +1143,9 @@ diff -up openssh-5.9p0/ldapbody.h.ldap openssh-5.9p0/ldapbody.h
 +
 +#endif /* LDAPBODY_H */
 +
-diff -up openssh-5.9p0/ldapconf.c.ldap openssh-5.9p0/ldapconf.c
---- openssh-5.9p0/ldapconf.c.ldap	2011-08-30 15:57:13.164036922 +0200
-+++ openssh-5.9p0/ldapconf.c	2011-08-30 15:57:13.171065499 +0200
+diff -up openssh-5.9p1/ldapconf.c.ldap openssh-5.9p1/ldapconf.c
+--- openssh-5.9p1/ldapconf.c.ldap	2011-09-13 11:17:05.937548294 +0200
++++ openssh-5.9p1/ldapconf.c	2011-09-13 11:17:05.941547073 +0200
 @@ -0,0 +1,682 @@
 +/* $OpenBSD: ldapconf.c,v 1.1 2009/12/03 03:34:42 jfch Exp $ */
 +/*
@@ -1829,9 +1829,9 @@ diff -up openssh-5.9p0/ldapconf.c.ldap openssh-5.9p0/ldapconf.c
 +	dump_cfg_string(lSSH_Filter, options.ssh_filter);
 +}
 +
-diff -up openssh-5.9p0/ldapconf.h.ldap openssh-5.9p0/ldapconf.h
---- openssh-5.9p0/ldapconf.h.ldap	2011-08-30 15:57:13.265149057 +0200
-+++ openssh-5.9p0/ldapconf.h	2011-08-30 15:57:13.271153923 +0200
+diff -up openssh-5.9p1/ldapconf.h.ldap openssh-5.9p1/ldapconf.h
+--- openssh-5.9p1/ldapconf.h.ldap	2011-09-13 11:17:06.016522201 +0200
++++ openssh-5.9p1/ldapconf.h	2011-09-13 11:17:06.018522083 +0200
 @@ -0,0 +1,71 @@
 +/* $OpenBSD: ldapconf.c,v 1.1 2009/12/03 03:34:42 jfch Exp $ */
 +/*
@@ -1904,9 +1904,9 @@ diff -up openssh-5.9p0/ldapconf.h.ldap openssh-5.9p0/ldapconf.h
 +void dump_config(void);
 +
 +#endif /* LDAPCONF_H */
-diff -up openssh-5.9p0/ldapincludes.h.ldap openssh-5.9p0/ldapincludes.h
---- openssh-5.9p0/ldapincludes.h.ldap	2011-08-30 15:57:13.344023601 +0200
-+++ openssh-5.9p0/ldapincludes.h	2011-08-30 15:57:13.348024596 +0200
+diff -up openssh-5.9p1/ldapincludes.h.ldap openssh-5.9p1/ldapincludes.h
+--- openssh-5.9p1/ldapincludes.h.ldap	2011-09-13 11:17:06.123519312 +0200
++++ openssh-5.9p1/ldapincludes.h	2011-09-13 11:17:06.126518977 +0200
 @@ -0,0 +1,41 @@
 +/* $OpenBSD: ldapconf.c,v 1.1 2009/12/03 03:34:42 jfch Exp $ */
 +/*
@@ -1949,9 +1949,9 @@ diff -up openssh-5.9p0/ldapincludes.h.ldap openssh-5.9p0/ldapincludes.h
 +#endif
 +
 +#endif /* LDAPINCLUDES_H */
-diff -up openssh-5.9p0/ldapmisc.c.ldap openssh-5.9p0/ldapmisc.c
---- openssh-5.9p0/ldapmisc.c.ldap	2011-08-30 15:57:13.429148896 +0200
-+++ openssh-5.9p0/ldapmisc.c	2011-08-30 15:57:13.433150396 +0200
+diff -up openssh-5.9p1/ldapmisc.c.ldap openssh-5.9p1/ldapmisc.c
+--- openssh-5.9p1/ldapmisc.c.ldap	2011-09-13 11:17:06.195508388 +0200
++++ openssh-5.9p1/ldapmisc.c	2011-09-13 11:17:06.197507964 +0200
 @@ -0,0 +1,79 @@
 +
 +#include "ldapincludes.h"
@@ -2032,9 +2032,9 @@ diff -up openssh-5.9p0/ldapmisc.c.ldap openssh-5.9p0/ldapmisc.c
 +}
 +#endif
 +
-diff -up openssh-5.9p0/ldapmisc.h.ldap openssh-5.9p0/ldapmisc.h
---- openssh-5.9p0/ldapmisc.h.ldap	2011-08-30 15:57:13.531150853 +0200
-+++ openssh-5.9p0/ldapmisc.h	2011-08-30 15:57:13.537153831 +0200
+diff -up openssh-5.9p1/ldapmisc.h.ldap openssh-5.9p1/ldapmisc.h
+--- openssh-5.9p1/ldapmisc.h.ldap	2011-09-13 11:17:06.273496889 +0200
++++ openssh-5.9p1/ldapmisc.h	2011-09-13 11:17:06.276496151 +0200
 @@ -0,0 +1,35 @@
 +/* $OpenBSD: ldapbody.h,v 1.1 2009/12/03 03:34:42 jfch Exp $ */
 +/*
@@ -2071,9 +2071,9 @@ diff -up openssh-5.9p0/ldapmisc.h.ldap openssh-5.9p0/ldapmisc.h
 +
 +#endif /* LDAPMISC_H */
 +
-diff -up openssh-5.9p0/openssh-lpk-openldap.schema.ldap openssh-5.9p0/openssh-lpk-openldap.schema
---- openssh-5.9p0/openssh-lpk-openldap.schema.ldap	2011-08-30 15:57:13.607025841 +0200
-+++ openssh-5.9p0/openssh-lpk-openldap.schema	2011-08-30 15:57:13.612150461 +0200
+diff -up openssh-5.9p1/openssh-lpk-openldap.schema.ldap openssh-5.9p1/openssh-lpk-openldap.schema
+--- openssh-5.9p1/openssh-lpk-openldap.schema.ldap	2011-09-13 11:17:06.349485171 +0200
++++ openssh-5.9p1/openssh-lpk-openldap.schema	2011-09-13 11:17:06.351484488 +0200
 @@ -0,0 +1,21 @@
 +#
 +# LDAP Public Key Patch schema for use with openssh-ldappubkey
@@ -2096,9 +2096,9 @@ diff -up openssh-5.9p0/openssh-lpk-openldap.schema.ldap openssh-5.9p0/openssh-lp
 +	DESC 'MANDATORY: OpenSSH LPK objectclass'
 +	MUST ( sshPublicKey $ uid ) 
 +	)
-diff -up openssh-5.9p0/openssh-lpk-sun.schema.ldap openssh-5.9p0/openssh-lpk-sun.schema
---- openssh-5.9p0/openssh-lpk-sun.schema.ldap	2011-08-30 15:57:13.696025724 +0200
-+++ openssh-5.9p0/openssh-lpk-sun.schema	2011-08-30 15:57:13.699024704 +0200
+diff -up openssh-5.9p1/openssh-lpk-sun.schema.ldap openssh-5.9p1/openssh-lpk-sun.schema
+--- openssh-5.9p1/openssh-lpk-sun.schema.ldap	2011-09-13 11:17:06.420474045 +0200
++++ openssh-5.9p1/openssh-lpk-sun.schema	2011-09-13 11:17:06.422473843 +0200
 @@ -0,0 +1,23 @@
 +#
 +# LDAP Public Key Patch schema for use with openssh-ldappubkey
@@ -2123,9 +2123,9 @@ diff -up openssh-5.9p0/openssh-lpk-sun.schema.ldap openssh-5.9p0/openssh-lpk-sun
 +	DESC 'MANDATORY: OpenSSH LPK objectclass'
 +	MUST ( sshPublicKey $ uid ) 
 +	)
-diff -up openssh-5.9p0/ssh-ldap-helper.8.ldap openssh-5.9p0/ssh-ldap-helper.8
---- openssh-5.9p0/ssh-ldap-helper.8.ldap	2011-08-30 15:57:13.772026539 +0200
-+++ openssh-5.9p0/ssh-ldap-helper.8	2011-08-30 15:57:13.778026299 +0200
+diff -up openssh-5.9p1/ssh-ldap-helper.8.ldap openssh-5.9p1/ssh-ldap-helper.8
+--- openssh-5.9p1/ssh-ldap-helper.8.ldap	2011-09-13 11:17:06.504461435 +0200
++++ openssh-5.9p1/ssh-ldap-helper.8	2011-09-13 11:17:06.506460976 +0200
 @@ -0,0 +1,79 @@
 +.\" $OpenBSD: ssh-ldap-helper.8,v 1.1 2010/02/10 23:20:38 markus Exp $
 +.\"
@@ -2206,17 +2206,17 @@ diff -up openssh-5.9p0/ssh-ldap-helper.8.ldap openssh-5.9p0/ssh-ldap-helper.8
 +OpenSSH 5.5 + PKA-LDAP .
 +.Sh AUTHORS
 +.An Jan F. Chadima Aq jchadima at redhat.com
-diff -up openssh-5.9p0/ssh-ldap-wrapper.ldap openssh-5.9p0/ssh-ldap-wrapper
---- openssh-5.9p0/ssh-ldap-wrapper.ldap	2011-08-30 15:57:13.854024986 +0200
-+++ openssh-5.9p0/ssh-ldap-wrapper	2011-08-30 15:57:13.858149926 +0200
+diff -up openssh-5.9p1/ssh-ldap-wrapper.ldap openssh-5.9p1/ssh-ldap-wrapper
+--- openssh-5.9p1/ssh-ldap-wrapper.ldap	2011-09-13 11:17:06.574455869 +0200
++++ openssh-5.9p1/ssh-ldap-wrapper	2011-09-13 11:17:06.576475704 +0200
 @@ -0,0 +1,4 @@
 +#!/bin/sh
 +
 +exec /usr/libexec/openssh/ssh-ldap-helper -s "$1"
 +
-diff -up openssh-5.9p0/ssh-ldap.conf.5.ldap openssh-5.9p0/ssh-ldap.conf.5
---- openssh-5.9p0/ssh-ldap.conf.5.ldap	2011-08-30 15:57:13.934151066 +0200
-+++ openssh-5.9p0/ssh-ldap.conf.5	2011-08-30 15:57:13.942024641 +0200
+diff -up openssh-5.9p1/ssh-ldap.conf.5.ldap openssh-5.9p1/ssh-ldap.conf.5
+--- openssh-5.9p1/ssh-ldap.conf.5.ldap	2011-09-13 11:17:06.650522542 +0200
++++ openssh-5.9p1/ssh-ldap.conf.5	2011-09-13 11:17:06.653474746 +0200
 @@ -0,0 +1,376 @@
 +.\" $OpenBSD: ssh-ldap.conf.5,v 1.1 2010/02/10 23:20:38 markus Exp $
 +.\"
diff --git a/openssh-5.9p1-sesandbox.patch b/openssh-5.9p1-sesandbox.patch
new file mode 100644
index 0000000..8f22621
--- /dev/null
+++ b/openssh-5.9p1-sesandbox.patch
@@ -0,0 +1,228 @@
+diff -up openssh-5.9p1/Makefile.in.sesandbox openssh-5.9p1/Makefile.in
+--- openssh-5.9p1/Makefile.in.sesandbox	2011-09-13 16:00:58.201646362 +0200
++++ openssh-5.9p1/Makefile.in	2011-09-13 16:01:08.284466746 +0200
+@@ -90,7 +90,7 @@ SSHDOBJS=sshd.o auth-rhosts.o auth-passw
+ 	loginrec.o auth-pam.o auth-shadow.o auth-sia.o md5crypt.o \
+ 	sftp-server.o sftp-common.o \
+ 	roaming_common.o roaming_serv.o \
+-	sandbox-null.o sandbox-rlimit.o sandbox-systrace.o sandbox-darwin.o
++	sandbox-null.o sandbox-rlimit.o sandbox-systrace.o sandbox-darwin.o sandbox-selinux.o
+ 
+ MANPAGES	= moduli.5.out scp.1.out ssh-add.1.out ssh-agent.1.out ssh-keygen.1.out ssh-keyscan.1.out ssh.1.out sshd.8.out sftp-server.8.out sftp.1.out ssh-keysign.8.out ssh-pkcs11-helper.8.out sshd_config.5.out ssh_config.5.out
+ MANPAGES_IN	= moduli.5 scp.1 ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh-keyscan.1 ssh.1 sshd.8 sftp-server.8 sftp.1 ssh-keysign.8 ssh-pkcs11-helper.8 sshd_config.5 ssh_config.5
+diff -up openssh-5.9p1/configure.ac.sesandbox openssh-5.9p1/configure.ac
+--- openssh-5.9p1/configure.ac.sesandbox	2011-08-18 06:48:24.000000000 +0200
++++ openssh-5.9p1/configure.ac	2011-09-13 16:01:08.537509294 +0200
+@@ -2476,7 +2476,7 @@ AC_SUBST([SSH_PRIVSEP_USER])
+ # Decide which sandbox style to use
+ sandbox_arg=""
+ AC_ARG_WITH([sandbox],
+-	[  --with-sandbox=style    Specify privilege separation sandbox (no, darwin, rlimit, systrace)],
++	[  --with-sandbox=style    Specify privilege separation sandbox (no, darwin, rlimit, systrace, selinux)],
+ 	[
+ 		if test "x$withval" = "xyes" ; then
+ 			sandbox_arg=""
+@@ -2499,6 +2499,10 @@ elif test "x$sandbox_arg" = "xdarwin" ||
+ 		AC_MSG_ERROR([Darwin seatbelt sandbox requires sandbox.h and sandbox_init function])
+ 	SANDBOX_STYLE="darwin"
+ 	AC_DEFINE([SANDBOX_DARWIN], [1], [Sandbox using Darwin sandbox_init(3)])
++elif test "x$sandbox_arg" = "xselinux" \\
++    test "x$WITH_SELINUX" = "x1"; then
++	SANDBOX_STYLE="selinux"
++	AC_DEFINE([SANDBOX_SELINUX], [1], [Sandbox using selinux(8)])
+ elif test "x$sandbox_arg" = "xrlimit" || \
+      ( test -z "$sandbox_arg" && test "x$ac_cv_func_setrlimit" = "xyes" ) ; then
+ 	test "x$ac_cv_func_setrlimit" != "xyes" && \
+diff -up openssh-5.9p1/openbsd-compat/port-linux.c.sesandbox openssh-5.9p1/openbsd-compat/port-linux.c
+--- openssh-5.9p1/openbsd-compat/port-linux.c.sesandbox	2011-09-13 16:09:04.534585160 +0200
++++ openssh-5.9p1/openbsd-compat/port-linux.c	2011-09-13 16:13:51.827640965 +0200
+@@ -459,24 +459,24 @@ ssh_selinux_setup_pty(char *pwname, cons
+ 	debug3("%s: done", __func__);
+ }
+ 
+-void
++int
+ ssh_selinux_change_context(const char *newname)
+ {
+-	int len, newlen;
++	int len, newlen, rv = -1;
+ 	char *oldctx, *newctx, *cx;
+ 	void (*switchlog) (const char *fmt,...) = logit;
+ 
+ 	if (!ssh_selinux_enabled())
+-		return;
++		return -2;
+ 
+ 	if (getcon((security_context_t *)&oldctx) < 0) {
+ 		logit("%s: getcon failed with %s", __func__, strerror(errno));
+-		return;
++		return -1;
+ 	}
+ 	if ((cx = index(oldctx, ':')) == NULL || (cx = index(cx + 1, ':')) ==
+ 	    NULL) {
+ 		logit ("%s: unparseable context %s", __func__, oldctx);
+-		return;
++		return -1;
+ 	}
+ 
+ 	/*
+@@ -484,8 +484,10 @@ ssh_selinux_change_context(const char *n
+ 	 * security context.
+ 	 */
+ 	if (strncmp(cx, SSH_SELINUX_UNCONFINED_TYPE,
+-	    sizeof(SSH_SELINUX_UNCONFINED_TYPE) - 1) == 0)
++	    sizeof(SSH_SELINUX_UNCONFINED_TYPE) - 1) == 0) {
+ 		switchlog = debug3;
++		rv = -2;
++	}
+ 
+ 	newlen = strlen(oldctx) + strlen(newname) + 1;
+ 	newctx = xmalloc(newlen);
+@@ -499,8 +501,11 @@ ssh_selinux_change_context(const char *n
+ 	if (setcon(newctx) < 0)
+ 		switchlog("%s: setcon %s from %s failed with %s", __func__,
+ 		    newctx, oldctx, strerror(errno));
++	else
++		rv = 0;
+ 	xfree(oldctx);
+ 	xfree(newctx);
++	return rv;
+ }
+ 
+ void
+diff -up openssh-5.9p1/openbsd-compat/port-linux.h.sesandbox openssh-5.9p1/openbsd-compat/port-linux.h
+--- openssh-5.9p1/openbsd-compat/port-linux.h.sesandbox	2011-09-13 16:14:10.371460199 +0200
++++ openssh-5.9p1/openbsd-compat/port-linux.h	2011-09-13 16:14:40.377646062 +0200
+@@ -23,7 +23,7 @@
+ int ssh_selinux_enabled(void);
+ void ssh_selinux_setup_pty(char *, const char *);
+ void ssh_selinux_setup_exec_context(char *);
+-void ssh_selinux_change_context(const char *);
++int ssh_selinux_change_context(const char *);
+ void ssh_selinux_chopy_context(void);
+ void ssh_selinux_setfscreatecon(const char *);
+ #endif
+diff -up openssh-5.9p1/sandbox-selinux.c.sesandbox openssh-5.9p1/sandbox-selinux.c
+--- openssh-5.9p1/sandbox-selinux.c.sesandbox	2011-09-13 16:01:08.715520826 +0200
++++ openssh-5.9p1/sandbox-selinux.c	2011-09-13 16:20:02.463511312 +0200
+@@ -0,0 +1,120 @@
++/* $Id: sandbox-selinux.c,v 1.0 2011/01/17 10:15:30 jfch Exp $ */
++ 
++/*
++ * Copyright 2011 Red Hat, Inc.  All rights reserved.
++ * Use is subject to license terms.
++ *
++ * Redistribution and use in source and binary forms, with or without
++ * modification, are permitted provided that the following conditions
++ * are met:
++ * 1. Redistributions of source code must retain the above copyright
++ *    notice, this list of conditions and the following disclaimer.
++ * 2. Redistributions in binary form must reproduce the above copyright
++ *    notice, this list of conditions and the following disclaimer in the
++ *    documentation and/or other materials provided with the distribution.
++ *
++ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
++ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
++ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
++ * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
++ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
++ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
++ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
++ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
++ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
++ *
++ * Red Hat author: Jan F. Chadima <jchadima at redhat.com>
++ */
++
++
++#include "includes.h"
++
++#ifdef SANDBOX_SELINUX
++
++#include <sys/types.h>
++
++#include <errno.h>
++#include <stdarg.h>
++#include <stdio.h>
++#include <stdlib.h>
++#include <string.h>
++#include <unistd.h>
++
++#include "log.h"
++#include "ssh-sandbox.h"
++#include "xmalloc.h"
++#include "openbsd-comnpat/port-linux.h"
++
++/* selinux based sandbox */
++
++struct ssh_sandbox {
++	pid_t child_pid;
++};
++
++struct ssh_sandbox *
++ssh_sandbox_init(void)
++{
++	struct ssh_sandbox *box;
++
++	/*
++	 * Strictly, we don't need to maintain any state here but we need
++	 * to return non-NULL to satisfy the API.
++	 */
++	box = xcalloc(1, sizeof(*box));
++	box->child_pid = 0;
++	return box;
++}
++
++static void
++rlimit_ssh_sandbox_child(struct ssh_sandbox *box)
++{
++	struct rlimit rl_zero;
++
++	rl_zero.rlim_cur = rl_zero.rlim_max = 0;
++
++	if (setrlimit(RLIMIT_FSIZE, &rl_zero) == -1)
++		fatal("%s: setrlimit(RLIMIT_FSIZE, { 0, 0 }): %s",
++			__func__, strerror(errno));
++	if (setrlimit(RLIMIT_NOFILE, &rl_zero) == -1)
++		fatal("%s: setrlimit(RLIMIT_NOFILE, { 0, 0 }): %s",
++			__func__, strerror(errno));
++#ifdef HAVE_RLIMIT_NPROC
++	if (setrlimit(RLIMIT_NPROC, &rl_zero) == -1)
++		fatal("%s: setrlimit(RLIMIT_NPROC, { 0, 0 }): %s",
++			__func__, strerror(errno));
++#endif
++}
++
++void
++ssh_sandbox_child(struct ssh_sandbox *box)
++{
++	switch (ssh_selinux_change_context("sshd_sandbox_t")) {
++	case 0:
++		debug3("selinux sandbox sucessfully enabled");
++		break;
++	case -2:
++		logit("selinux not useful, using rlimit sandbox instead");
++		rlimit_ssh_sandbox_child(box);
++		break;
++	case -1:
++		fatal("cannot set up selinux sandbox");
++	default:
++		fatal("inmternal error in selinux sandbox");
++	}
++}
++
++void
++ssh_sandbox_parent_finish(struct ssh_sandbox *box)
++{
++	free(box);
++	debug3("%s: finished", __func__);
++}
++
++void
++ssh_sandbox_parent_preauth(struct ssh_sandbox *box, pid_t child_pid)
++{
++	box->child_pid = child_pid;
++}
++
++#endif /* SANDBOX_NULL */
diff --git a/openssh.spec b/openssh.spec
index 4369375..795b156 100644
--- a/openssh.spec
+++ b/openssh.spec
@@ -79,7 +79,7 @@
 
 # Do not forget to bump pam_ssh_agent_auth release if you rewind the main package release to 1
 %define openssh_ver 5.9p1
-%define openssh_rel 7
+%define openssh_rel 8
 %define pam_ssh_agent_ver 0.9.2
 %define pam_ssh_agent_rel 32
 
@@ -145,6 +145,8 @@ Patch400: openssh-5.9p1-role.patch
 Patch401: openssh-5.9p1-mls.patch
 #?
 Patch402: openssh-5.9p1-sftp-chroot.patch
+#?
+Patch403: openssh-5.9p1-sesandbox.patch
 
 #https://bugzilla.mindrot.org/show_bug.cgi?id=1663
 Patch500: openssh-5.9p1-akc.patch
@@ -412,6 +414,7 @@ popd
 %patch400 -p1 -b .role
 %patch401 -p1 -b .mls
 %patch402 -p1 -b .sftp-chroot
+%patch403 -p1 -b .sesandbox
 %endif
 
 %patch500 -p1 -b .akc
@@ -517,7 +520,7 @@ fi
 	--with-pam \
 %endif
 %if %{WITH_SELINUX}
-	--with-selinux --with-audit=linux \
+	--with-selinux --with-audit=linux --with-sandbox-style=selinux \
 %endif
 %if %{kerberos5}
 	--with-kerberos5${krb5_prefix:+=${krb5_prefix}} \
@@ -786,6 +789,10 @@ fi
 %endif
 
 %changelog
+* Tue Sep 13 2011 Jan F. Chadima <jchadima at redhat.com> - 5.9p1-8 + 0.9.2-32
+- coverity upgrade
+- experimental selinux sandbox
+
 * Tue Sep 13 2011 Jan F. Chadima <jchadima at redhat.com> - 5.9p1-7 + 0.9.2-32
 - fully reanable auditing
 
