Index: openssh-5.7p1/ChangeLog =================================================================== --- openssh-5.7p1.orig/ChangeLog +++ openssh-5.7p1/ChangeLog @@ -1,3 +1,10 @@ +20110125 + - (djm) [configure.ac Makefile.in ssh.c openbsd-compat/port-linux.c + openbsd-compat/port-linux.h] Move SELinux-specific code from ssh.c to + port-linux.c to avoid compilation errors. Add -lselinux to ssh when + building with SELinux support to avoid linking failure; report from + amk AT spamfence.net; ok dtucker + 20110122 - (dtucker) [configure.ac openbsd-compat/openssl-compat.{c,h}] Add RSA_get_default_method() for the benefit of openssl versions that don't Index: openssh-5.7p1/configure.ac =================================================================== --- openssh-5.7p1.orig/configure.ac +++ openssh-5.7p1/configure.ac @@ -1,4 +1,4 @@ -# $Id: configure.ac,v 1.469 2011/01/21 22:37:05 dtucker Exp $ +# $Id: configure.ac,v 1.470 2011/01/25 01:16:17 djm Exp $ # # Copyright (c) 1999-2004 Damien Miller # @@ -15,7 +15,7 @@ # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. AC_INIT(OpenSSH, Portable, openssh-unix-dev@mindrot.org) -AC_REVISION($Revision: 1.469 $) +AC_REVISION($Revision: 1.470 $) AC_CONFIG_SRCDIR([ssh.c]) # local macros @@ -737,7 +737,6 @@ mips-sony-bsd|mips-sony-newsos4) [ AC_DEFINE(USE_SOLARIS_PROCESS_CONTRACTS, 1, [Define if you have Solaris process contracts]) SSHDLIBS="$SSHDLIBS -lcontract" - AC_SUBST(SSHDLIBS) SPC_MSG="yes" ], ) ], ) @@ -748,7 +747,6 @@ mips-sony-bsd|mips-sony-newsos4) [ AC_DEFINE(USE_SOLARIS_PROJECTS, 1, [Define if you have Solaris projects]) SSHDLIBS="$SSHDLIBS -lproject" - AC_SUBST(SSHDLIBS) SP_MSG="yes" ], ) ], ) @@ -3515,11 +3513,14 @@ AC_ARG_WITH(selinux, LIBS="$LIBS -lselinux" ], AC_MSG_ERROR(SELinux support requires libselinux library)) + SSHLIBS="$SSHLIBS $LIBSELINUX" SSHDLIBS="$SSHDLIBS $LIBSELINUX" AC_CHECK_FUNCS(getseuserbyname get_default_context_with_level) LIBS="$save_LIBS" fi ] ) +AC_SUBST(SSHLIBS) +AC_SUBST(SSHDLIBS) # Check whether user wants Linux audit support LINUX_AUDIT_MSG="no" @@ -4356,6 +4357,9 @@ echo " Libraries: ${LIBS}" if test ! -z "${SSHDLIBS}"; then echo " +for sshd: ${SSHDLIBS}" fi +if test ! -z "${SSHLIBS}"; then +echo " +for ssh: ${SSHLIBS}" +fi echo "" Index: openssh-5.7p1/Makefile.in =================================================================== --- openssh-5.7p1.orig/Makefile.in +++ openssh-5.7p1/Makefile.in @@ -1,4 +1,4 @@ -# $Id: Makefile.in,v 1.320 2011/01/17 10:15:29 dtucker Exp $ +# $Id: Makefile.in,v 1.321 2011/01/25 01:16:16 djm Exp $ # uncomment if you run a non bourne compatable shell. Ie. csh #SHELL = @SH@ @@ -47,6 +47,7 @@ CFLAGS=@CFLAGS@ CPPFLAGS=-I. -I$(srcdir) @CPPFLAGS@ $(PATHS) @DEFS@ LIBS=@LIBS@ LIBAUDIT=@LIBAUDIT@ +SSHLIBS=@SSHLIBS@ SSHDLIBS=@SSHDLIBS@ LIBEDIT=@LIBEDIT@ AR=@AR@ @@ -143,7 +144,7 @@ libssh.a: $(LIBSSH_OBJS) $(RANLIB) $@ ssh$(EXEEXT): $(LIBCOMPAT) libssh.a $(SSHOBJS) - $(LD) -o $@ $(SSHOBJS) $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS) + $(LD) -o $@ $(SSHOBJS) $(LDFLAGS) -lssh -lopenbsd-compat $(SSHLIBS) $(LIBS) sshd$(EXEEXT): libssh.a $(LIBCOMPAT) $(SSHDOBJS) $(LD) -o $@ $(SSHDOBJS) $(LDFLAGS) -lssh -lopenbsd-compat $(SSHDLIBS) $(LIBS) $(LIBAUDIT) Index: openssh-5.7p1/openbsd-compat/port-linux.c =================================================================== --- openssh-5.7p1.orig/openbsd-compat/port-linux.c +++ openssh-5.7p1/openbsd-compat/port-linux.c @@ -1,4 +1,4 @@ -/* $Id: port-linux.c,v 1.11 2011/01/17 07:50:24 dtucker Exp $ */ +/* $Id: port-linux.c,v 1.12 2011/01/25 01:16:18 djm Exp $ */ /* * Copyright (c) 2005 Daniel Walsh @@ -205,6 +205,20 @@ ssh_selinux_change_context(const char *n xfree(oldctx); xfree(newctx); } + +void +ssh_selinux_setfscreatecon(const char *path) +{ + security_context_t context; + + if (path == NULL) { + setfscreatecon(NULL); + return; + } + matchpathcon(path, 0700, &context); + setfscreatecon(context); +} + #endif /* WITH_SELINUX */ #ifdef LINUX_OOM_ADJUST Index: openssh-5.7p1/openbsd-compat/port-linux.h =================================================================== --- openssh-5.7p1.orig/openbsd-compat/port-linux.h +++ openssh-5.7p1/openbsd-compat/port-linux.h @@ -1,4 +1,4 @@ -/* $Id: port-linux.h,v 1.4 2009/12/08 02:39:48 dtucker Exp $ */ +/* $Id: port-linux.h,v 1.5 2011/01/25 01:16:18 djm Exp $ */ /* * Copyright (c) 2006 Damien Miller @@ -24,6 +24,7 @@ int ssh_selinux_enabled(void); void ssh_selinux_setup_pty(char *, const char *); void ssh_selinux_setup_exec_context(char *); void ssh_selinux_change_context(const char *); +void ssh_selinux_setfscreatecon(const char *); #endif #ifdef LINUX_OOM_ADJUST Index: openssh-5.7p1/ssh.c =================================================================== --- openssh-5.7p1.orig/ssh.c +++ openssh-5.7p1/ssh.c @@ -857,15 +857,12 @@ main(int ac, char **av) strcmp(pw->pw_dir, "/") ? "/" : "", _PATH_SSH_USER_DIR); if (r > 0 && (size_t)r < sizeof(buf) && stat(buf, &st) < 0) { #ifdef WITH_SELINUX - char *scon; - - matchpathcon(buf, 0700, &scon); - setfscreatecon(scon); + ssh_selinux_setfscreatecon(buf); #endif if (mkdir(buf, 0700) < 0) error("Could not create directory '%.200s'.", buf); #ifdef WITH_SELINUX - setfscreatecon(NULL); + ssh_selinux_setfscreatecon(NULL); #endif } /* load options.identity_files */