[openssh] - Merging selabel patch with the upstream version. (#632914)
Jan F. Chadima
jfch2222 at fedoraproject.org
Mon Sep 13 09:38:50 UTC 2010
commit 84d568abccd3606b312b5ce5b0ad6ca911cd8284
Author: Jan F <jfch at hagar.bobr>
Date: Mon Sep 13 11:38:26 2010 +0200
- Merging selabel patch with the upstream version. (#632914)
openssh-5.6p1-selabel.patch | 85 +++++++++++++++++++++++++++++++++++--------
openssh.spec | 5 ++-
2 files changed, 73 insertions(+), 17 deletions(-)
---
diff --git a/openssh-5.6p1-selabel.patch b/openssh-5.6p1-selabel.patch
index 1cdc7d5..ff5d1f3 100644
--- a/openssh-5.6p1-selabel.patch
+++ b/openssh-5.6p1-selabel.patch
@@ -1,6 +1,44 @@
+diff -up openssh-5.6p1/configure.ac.selabel openssh-5.6p1/configure.ac
+--- openssh-5.6p1/configure.ac.selabel 2010-09-13 11:20:47.000000000 +0200
++++ openssh-5.6p1/configure.ac 2010-09-13 11:20:50.000000000 +0200
+@@ -700,7 +700,6 @@ mips-sony-bsd|mips-sony-newsos4)
+ [ AC_DEFINE(USE_SOLARIS_PROCESS_CONTRACTS, 1,
+ [Define if you have Solaris process contracts])
+ SSHDLIBS="$SSHDLIBS -lcontract"
+- AC_SUBST(SSHDLIBS)
+ SPC_MSG="yes" ], )
+ ],
+ )
+@@ -3500,6 +3499,7 @@ AC_ARG_WITH(selinux,
+ ],
+ AC_MSG_ERROR(SELinux support requires libselinux library))
+ SSHDLIBS="$SSHDLIBS $LIBSELINUX"
++ SSHLIBS="$SSHLIBS $LIBSELINUX"
+ LIBS="$LIBS $LIBSELINUX"
+ AC_CHECK_FUNCS(getseuserbyname get_default_context_with_level)
+ AC_CHECK_FUNCS(setkeycreatecon)
+@@ -4269,6 +4269,8 @@ else
+ fi
+ AC_CHECK_DECL(BROKEN_GETADDRINFO, TEST_SSH_IPV6=no)
+ AC_SUBST(TEST_SSH_IPV6, $TEST_SSH_IPV6)
++AC_SUBST(SSHLIBS)
++AC_SUBST(SSHDLIBS)
+
+ AC_EXEEXT
+ AC_CONFIG_FILES([Makefile buildpkg.sh opensshd.init openssh.xml \
+@@ -4345,6 +4347,9 @@ echo " Libraries: ${LIBS}"
+ if test ! -z "${SSHDLIBS}"; then
+ echo " +for sshd: ${SSHDLIBS}"
+ fi
++if test ! -z "${SSHLIBS}"; then
++echo " +for ssh: ${SSHLIBS}"
++fi
+
+ echo ""
+
diff -up openssh-5.6p1/contrib/ssh-copy-id.selabel openssh-5.6p1/contrib/ssh-copy-id
--- openssh-5.6p1/contrib/ssh-copy-id.selabel 2010-08-10 05:36:09.000000000 +0200
-+++ openssh-5.6p1/contrib/ssh-copy-id 2010-08-23 12:50:20.000000000 +0200
++++ openssh-5.6p1/contrib/ssh-copy-id 2010-09-13 11:20:50.000000000 +0200
@@ -41,7 +41,7 @@ fi
# strip any trailing colon
host=`echo $1 | sed 's/:$//'`
@@ -11,44 +49,59 @@ diff -up openssh-5.6p1/contrib/ssh-copy-id.selabel openssh-5.6p1/contrib/ssh-cop
cat <<EOF
Now try logging into the machine, with "ssh '$host'", and check in:
diff -up openssh-5.6p1/Makefile.in.selabel openssh-5.6p1/Makefile.in
---- openssh-5.6p1/Makefile.in.selabel 2010-08-23 12:47:39.000000000 +0200
-+++ openssh-5.6p1/Makefile.in 2010-08-23 12:47:39.000000000 +0200
-@@ -141,7 +141,7 @@ libssh.a: $(LIBSSH_OBJS)
+--- openssh-5.6p1/Makefile.in.selabel 2010-09-13 11:20:49.000000000 +0200
++++ openssh-5.6p1/Makefile.in 2010-09-13 11:20:50.000000000 +0200
+@@ -47,6 +47,7 @@ LD=@LD@
+ CFLAGS=@CFLAGS@
+ CPPFLAGS=-I. -I$(srcdir) @CPPFLAGS@ $(PATHS) @DEFS@
+ LIBS=@LIBS@
++SSHLIBS=@SSHLIBS@
+ SSHDLIBS=@SSHDLIBS@
+ LIBEDIT=@LIBEDIT@
+ AR=@AR@
+@@ -141,7 +142,7 @@ libssh.a: $(LIBSSH_OBJS)
$(RANLIB) $@
ssh$(EXEEXT): $(LIBCOMPAT) libssh.a $(SSHOBJS)
- $(LD) -o $@ $(SSHOBJS) $(LDFLAGS) -lssh -lopenbsd-compat -lfipscheck $(LIBS)
-+ $(LD) -o $@ $(SSHOBJS) $(LDFLAGS) -lssh -lopenbsd-compat -lfipscheck -lselinux $(LIBS)
++ $(LD) -o $@ $(SSHOBJS) $(LDFLAGS) -lssh -lopenbsd-compat -lfipscheck $(SSHLIBS) $(LIBS)
sshd$(EXEEXT): libssh.a $(LIBCOMPAT) $(SSHDOBJS)
$(LD) -o $@ $(SSHDOBJS) $(LDFLAGS) -lssh -lopenbsd-compat -lfipscheck $(SSHDLIBS) $(LIBS)
-diff -up openssh-5.6p1/ssh.c.selabel openssh-5.6p1/ssh.c
---- openssh-5.6p1/ssh.c.selabel 2010-08-23 12:47:39.000000000 +0200
-+++ openssh-5.6p1/ssh.c 2010-08-23 12:47:39.000000000 +0200
-@@ -74,6 +74,7 @@
- #include <openssl/err.h>
- #include <openssl/fips.h>
- #include <fipscheck.h>
-+#include <selinux/selinux.h>
- #include "openbsd-compat/openssl-compat.h"
- #include "openbsd-compat/sys-queue.h"
+diff -up openssh-5.6p1/openbsd-compat/port-linux.h.selabel openssh-5.6p1/openbsd-compat/port-linux.h
+--- openssh-5.6p1/openbsd-compat/port-linux.h.selabel 2009-12-08 03:39:48.000000000 +0100
++++ openssh-5.6p1/openbsd-compat/port-linux.h 2010-09-13 11:20:50.000000000 +0200
+@@ -20,6 +20,7 @@
+ #define _PORT_LINUX_H
-@@ -848,10 +849,17 @@ main(int ac, char **av)
+ #ifdef WITH_SELINUX
++#include <selinux/selinux.h>
+ int ssh_selinux_enabled(void);
+ void ssh_selinux_setup_pty(char *, const char *);
+ void ssh_selinux_setup_exec_context(char *);
+diff -up openssh-5.6p1/ssh.c.selabel openssh-5.6p1/ssh.c
+--- openssh-5.6p1/ssh.c.selabel 2010-09-13 11:20:50.000000000 +0200
++++ openssh-5.6p1/ssh.c 2010-09-13 11:23:02.000000000 +0200
+@@ -848,10 +848,21 @@ main(int ac, char **av)
*/
r = snprintf(buf, sizeof buf, "%s%s%s", pw->pw_dir,
strcmp(pw->pw_dir, "/") ? "/" : "", _PATH_SSH_USER_DIR);
- if (r > 0 && (size_t)r < sizeof(buf) && stat(buf, &st) < 0)
+ if (r > 0 && (size_t)r < sizeof(buf) && stat(buf, &st) < 0) {
++#ifdef WITH_SELINUX
+ char *scon;
+
+ if (matchpathcon(buf, 0700, &scon) != -1) {
+ setfscreatecon(scon);
+ matchpathcon_fini();
+ }
++#endif
if (mkdir(buf, 0700) < 0)
error("Could not create directory '%.200s'.", buf);
-
++#ifdef WITH_SELINUX
+ setfscreatecon(NULL);
++#endif
+ }
/* load options.identity_files */
load_public_identity_files();
diff --git a/openssh.spec b/openssh.spec
index 8692a3d..0169151 100644
--- a/openssh.spec
+++ b/openssh.spec
@@ -581,8 +581,11 @@ fi
%endif
%changelog
+* Mon Sep 13 2010 Jan F. Chadima <jchadima at redhat.com> - 5.6p1-5 + 0.9.2-27
+- Merging selabel patch with the upstream version. (#632914)
+
* Mon Sep 13 2010 Jan F. Chadima <jchadima at redhat.com> - 5.6p1-4 + 0.9.2-27
-- Tweaking selabel batch to work properly without selinux rules loaded. (#632914)
+- Tweaking selabel patch to work properly without selinux rules loaded. (#632914)
* Wed Sep 8 2010 Tomas Mraz <tmraz at redhat.com> - 5.6p1-3 + 0.9.2-27
- Make fipscheck hmacs compliant with FHS - requires new fipscheck
More information about the scm-commits
mailing list