diff options
| author |   Mike Frysinger <vapier@gentoo.org> | 2005-10-22 00:03:45 +0000 |
|---|---|---|
| committer | Mike Frysinger <vapier@gentoo.org> | 2005-10-22 00:03:45 +0000 |
| commit | b0c7ce3eeb3bd1b2429ca600c72b3ac84cda5f59 (patch) | |
| tree | dec513136474bb80f437bc19d27214db3093915a | |
| parent | Remove mask on xawdecode now that's gone. (diff) | |
| download | gentoo-2-b0c7ce3eeb3bd1b2429ca600c72b3ac84cda5f59.tar.gz gentoo-2-b0c7ce3eeb3bd1b2429ca600c72b3ac84cda5f59.tar.bz2 gentoo-2-b0c7ce3eeb3bd1b2429ca600c72b3ac84cda5f59.zip | |
Fix selinux support #110039 and add back in securid/hpn patches.
(Portage version: 2.0.53_rc6)
| -rw-r--r-- | net-misc/openssh/ChangeLog | 6 | ||||
| -rw-r--r-- | net-misc/openssh/files/digest-openssh-4.2_p1 | 4 | ||||
| -rw-r--r-- | net-misc/openssh/files/openssh-4.2_p1-selinux.patch | 87 | ||||
| -rw-r--r-- | net-misc/openssh/openssh-4.2_p1.ebuild | 20 |
4 files changed, 104 insertions, 13 deletions
diff --git a/net-misc/openssh/ChangeLog b/net-misc/openssh/ChangeLog index 9ef7d23024f8..9791a0f9aed1 100644 --- a/net-misc/openssh/ChangeLog +++ b/net-misc/openssh/ChangeLog @@ -1,6 +1,10 @@ # ChangeLog for net-misc/openssh # Copyright 1999-2005 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/net-misc/openssh/ChangeLog,v 1.139 2005/10/21 21:09:18 kloeri Exp $ +# $Header: /var/cvsroot/gentoo-x86/net-misc/openssh/ChangeLog,v 1.140 2005/10/22 00:03:45 vapier Exp $ + + 22 Oct 2005; Mike Frysinger <vapier@gentoo.org> + +files/openssh-4.2_p1-selinux.patch, openssh-4.2_p1.ebuild: + Fix selinux support #110039 and add back in securid/hpn patches. 21 Oct 2005; Bryan Østergaard <kloeri@gentoo.org> openssh-4.2_p1.ebuild: Stable on alpha + ia64, bug 109678. diff --git a/net-misc/openssh/files/digest-openssh-4.2_p1 b/net-misc/openssh/files/digest-openssh-4.2_p1 index 4b810f577470..df3ae09caa4b 100644 --- a/net-misc/openssh/files/digest-openssh-4.2_p1 +++ b/net-misc/openssh/files/digest-openssh-4.2_p1 @@ -1,3 +1,5 @@ +MD5 6c89525f43b93fb2671af345dd85783b openssh-4.2p1+SecurID_v1.3.2.patch 616248 +MD5 cda9a91dc66ff20be49ba379be9089fd openssh-4.2p1+x509-5.2.diff.gz 123592 +MD5 4b8f0befa09f234d6e7f1a5849b86197 openssh-4.2p1-hpn11.diff 14765 MD5 df899194a340c933944b193477c628fa openssh-4.2p1.tar.gz 914165 MD5 b779906d657d63794144cabe2bf978b8 openssh-lpk-4.1p1-0.3.6.patch 60312 -MD5 cda9a91dc66ff20be49ba379be9089fd openssh-4.2p1+x509-5.2.diff.gz 123592 diff --git a/net-misc/openssh/files/openssh-4.2_p1-selinux.patch b/net-misc/openssh/files/openssh-4.2_p1-selinux.patch new file mode 100644 index 000000000000..88c2b74e43fc --- /dev/null +++ b/net-misc/openssh/files/openssh-4.2_p1-selinux.patch @@ -0,0 +1,87 @@ +--- openssh/session.c ++++ openssh/session.c +@@ -66,6 +66,11 @@ + #include "ssh-gss.h" + #endif + ++#ifdef WITH_SELINUX ++#include <selinux/get_context_list.h> ++#include <selinux/selinux.h> ++#endif ++ + /* func */ + + Session *session_new(void); +@@ -1304,6 +1309,19 @@ + #endif + if (getuid() != pw->pw_uid || geteuid() != pw->pw_uid) + fatal("Failed to set uids to %u.", (u_int) pw->pw_uid); ++#ifdef WITH_SELINUX ++ if (is_selinux_enabled()) ++ { ++ security_context_t scontext; ++ if (get_default_context(pw->pw_name,NULL,&scontext)) ++ fatal("Failed to get default security context for %s.", pw->pw_name); ++ if (setexeccon(scontext)) { ++ freecon(scontext); ++ fatal("Failed to set exec security context %s for %s.", scontext, pw->pw_name); ++ } ++ freecon(scontext); ++ } ++#endif + } + + static void +--- openssh/sshpty.c ++++ openssh/sshpty.c +@@ -30,6 +30,12 @@ + #define O_NOCTTY 0 + #endif + ++#ifdef WITH_SELINUX ++#include <selinux/flask.h> ++#include <selinux/get_context_list.h> ++#include <selinux/selinux.h> ++#endif ++ + /* + * Allocates and opens a pty. Returns 0 if no pty could be allocated, or + * nonzero if a pty was successfully allocated. On success, open file +@@ -196,6 +202,37 @@ + * Warn but continue if filesystem is read-only and the uids match/ + * tty is owned by root. + */ ++#ifdef WITH_SELINUX ++ if (is_selinux_enabled()) { ++ security_context_t new_tty_context=NULL, ++ user_context=NULL, old_tty_context=NULL; ++ ++ if (get_default_context(pw->pw_name,NULL,&user_context)) ++ fatal("Failed to get default security context for %s.", pw->pw_name); ++ ++ if (getfilecon(tty, &old_tty_context)<0) { ++ error("getfilecon(%.100s) failed: %.100s", tty, ++ strerror(errno)); ++ } ++ else ++ { ++ if ( security_compute_relabel(user_context,old_tty_context,SECCLASS_CHR_FILE,&new_tty_context)!=0) { ++ error("security_compute_relabel(%.100s) failed: %.100s", tty, ++ strerror(errno)); ++ } ++ else ++ { ++ if (setfilecon (tty, new_tty_context) != 0) { ++ error("setfilecon(%.100s, %s) failed: %.100s", ++ tty, new_tty_context, strerror(errno)); ++ } ++ freecon(new_tty_context); ++ } ++ freecon(old_tty_context); ++ } ++ freecon(user_context); ++ } ++#endif + if (stat(tty, &st)) + fatal("stat(%.100s) failed: %.100s", tty, + strerror(errno)); diff --git a/net-misc/openssh/openssh-4.2_p1.ebuild b/net-misc/openssh/openssh-4.2_p1.ebuild index 6755b6e05fd7..5a6ec4f3759c 100644 --- a/net-misc/openssh/openssh-4.2_p1.ebuild +++ b/net-misc/openssh/openssh-4.2_p1.ebuild @@ -1,6 +1,6 @@ # Copyright 1999-2005 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/net-misc/openssh/openssh-4.2_p1.ebuild,v 1.10 2005/10/21 21:09:18 kloeri Exp $ +# $Header: /var/cvsroot/gentoo-x86/net-misc/openssh/openssh-4.2_p1.ebuild,v 1.11 2005/10/22 00:03:45 vapier Exp $ inherit eutils flag-o-matic ccc pam @@ -8,20 +8,18 @@ inherit eutils flag-o-matic ccc pam # and _p? releases. PARCH=${P/_/} -SFTPLOG_PATCH_VER="1.2" X509_PATCH="${PARCH}+x509-5.2.diff.gz" -SELINUX_PATCH="openssh-3.9_p1-selinux.diff" -SECURID_PATCH="" #${PARCH}+SecurID_v1.3.1.patch" +SECURID_PATCH="${PARCH}+SecurID_v1.3.2.patch" LDAP_PATCH="${PARCH/-4.2/-lpk-4.1}-0.3.6.patch" -HPN_PATCH="" #${PARCH/4.2/4.1}-hpn11.diff" +HPN_PATCH="${PARCH}-hpn11.diff" DESCRIPTION="Port of OpenBSD's free SSH release" HOMEPAGE="http://www.openssh.com/" SRC_URI="mirror://openbsd/OpenSSH/portable/${PARCH}.tar.gz ldap? ( http://www.opendarwin.org/en/projects/openssh-lpk/files/${LDAP_PATCH} ) - X509? ( http://roumenpetrov.info/openssh/x509-5.2/${X509_PATCH} )" -# hpn? ( http://www.psc.edu/networking/projects/hpn-ssh/${HPN_PATCH} )" -# smartcard? ( http://www.omniti.com/~jesus/projects/${SECURID_PATCH} )" + X509? ( http://roumenpetrov.info/openssh/x509-5.2/${X509_PATCH} ) + hpn? ( http://www.psc.edu/networking/projects/hpn-ssh/${HPN_PATCH} ) + smartcard? ( http://www.omniti.com/~jesus/projects/${SECURID_PATCH} )" LICENSE="as-is" SLOT="0" @@ -60,11 +58,11 @@ src_unpack() { use sftplogging && epatch "${FILESDIR}"/openssh-4.2_p1-sftplogging-1.4-gentoo.patch.bz2 use skey && epatch "${FILESDIR}"/openssh-3.9_p1-skey.patch.bz2 use chroot && epatch "${FILESDIR}"/openssh-3.9_p1-chroot.patch - use selinux && epatch "${FILESDIR}"/${SELINUX_PATCH}.bz2 + epatch "${FILESDIR}"/openssh-4.2_p1-selinux.patch use smartcard && epatch "${FILESDIR}"/openssh-3.9_p1-opensc.patch.bz2 if ! use X509 ; then if [[ -n ${SECURID_PATCH} ]] && use smartcard ; then - epatch "${DISTDIR}"/${SECURID_PATCH} "${FILESDIR}"/openssh-securid-1.3.1-updates.patch + epatch "${DISTDIR}"/${SECURID_PATCH} use ldap && epatch "${FILESDIR}"/openssh-4.0_p1-smartcard-ldap-happy.patch fi if use sftplogging ; then @@ -93,7 +91,7 @@ src_compile() { filter-flags -funroll-loops myconf="${myconf} --with-ldap" fi - use selinux && append-flags "-DWITH_SELINUX" + use selinux && append-flags -DWITH_SELINUX && append-ldflags -lselinux if use static ; then append-ldflags -static |