change selinux patches for new (2.6) selinux api

author: Chris PeBenito <pebenito@gentoo.org> 2003-10-29 03:17:58 +0000
committer: Chris PeBenito <pebenito@gentoo.org> 2003-10-29 03:17:58 +0000
commit: 012ea86abd9aa55db6c0a5c270c99f10802b7b74 (patch)
tree: 67d1ef6396321c2b93d39f7dab6c6ec9c015a432 /net-misc/openssh
parent: version bump (diff)
download: gentoo-2-012ea86abd9aa55db6c0a5c270c99f10802b7b74.tar.gz
gentoo-2-012ea86abd9aa55db6c0a5c270c99f10802b7b74.tar.bz2
gentoo-2-012ea86abd9aa55db6c0a5c270c99f10802b7b74.zip
9 files changed, 141 insertions, 52 deletions
diff --git a/net-misc/openssh/ChangeLog b/net-misc/openssh/ChangeLog
index 8fa98bda37e1..a2d1d17d2a7b 100644
--- a/net-misc/openssh/ChangeLog
+++ b/net-misc/openssh/ChangeLog
@@ -1,6 +1,11 @@
 # ChangeLog for net-misc/openssh
 # Copyright 2002-2003 Gentoo Technologies, Inc.; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/net-misc/openssh/ChangeLog,v 1.54 2003/09/30 17:49:24 aliz Exp $
+# $Header: /var/cvsroot/gentoo-x86/net-misc/openssh/ChangeLog,v 1.55 2003/10/29 03:17:56 pebenito Exp $
+
+  28 Oct 2003; Chris PeBenito <pebenito@gentoo.org> openssh-3.5_p1-r1.ebuild,
+  openssh-3.6.1_p2.ebuild, openssh-3.7.1_p2.ebuild,
+  files/openssh-3.7.1_p1-selinux.diff:
+  Switch SELinux patch from old API to new API.
 
   30 Sep 2003; Daniel Ahlberg <aliz@gentoo.org> openssh-3.7.1_p2.ebuild :
   Add X509 patch back in, closes #29664.
diff --git a/net-misc/openssh/Manifest b/net-misc/openssh/Manifest
index d9ef7a1c31f6..11c6d4824248 100644
--- a/net-misc/openssh/Manifest
+++ b/net-misc/openssh/Manifest
@@ -1,11 +1,12 @@
-MD5 504ad7df05ca6fd1502a9e09c789f3f9 ChangeLog 8684
-MD5 1a78187fa0276dd70838221652de9904 openssh-3.5_p1-r1.ebuild 3952
-MD5 7da0d74da62cb106957c26ad08235c30 openssh-3.6.1_p2.ebuild 3968
-MD5 f0fd721647f9585bce6cc709b7a69411 openssh-3.7.1_p2.ebuild 4173
+MD5 dd18c67f333d21115a68c7f028a8879a openssh-3.5_p1-r1.ebuild 3574
+MD5 d6e7d6966badc556772e2a9462eae053 openssh-3.7.1_p2.ebuild 4018
+MD5 f06870a4ed8746032e81561c4e59ecb5 ChangeLog 8906
 MD5 0feff9b09e482567359625301bddce1c metadata.xml 1329
-MD5 f2472f97f00f203eee538d04a25acac5 files/digest-openssh-3.5_p1-r1 136
-MD5 3d26d49ccd595bca906f540f5d8b8c31 files/digest-openssh-3.6.1_p2 139
-MD5 2cb187d8f60994c5e1b5fef2bcb6e85d files/openssh-3.5_p1-gentoo-sshd-gcc3.patch 315
+MD5 137be01859a55aee00b52284b6905f34 openssh-3.6.1_p2.ebuild 3595
+MD5 49cc9062ff27ad7d4e8f94b136ed76a2 files/openssh-3.7.1_p1-selinux.diff 3394
+MD5 8f421fd8d19a104dc78150e4b1904a46 files/digest-openssh-3.5_p1-r1 65
 MD5 b86ae0c43a704c4ee2abd2ce5c955f8f files/sshd.pam 294
+MD5 2f8fc1bd837220c9708d9d8b0730fe2c files/digest-openssh-3.7.1_p2 142
+MD5 31789e51878741d2af4b1312db79fa2f files/digest-openssh-3.6.1_p2 67
+MD5 2cb187d8f60994c5e1b5fef2bcb6e85d files/openssh-3.5_p1-gentoo-sshd-gcc3.patch 315
 MD5 17b2fa077852f2c2990ec97c51bf198b files/sshd.rc6 1233
-MD5 027945e85c6dd7964b26e6bf10756200 files/digest-openssh-3.7.1_p2 218
diff --git a/net-misc/openssh/files/digest-openssh-3.5_p1-r1 b/net-misc/openssh/files/digest-openssh-3.5_p1-r1
index e343647cc782..e24f781804e4 100644
--- a/net-misc/openssh/files/digest-openssh-3.5_p1-r1
+++ b/net-misc/openssh/files/digest-openssh-3.5_p1-r1
@@ -1,2 +1 @@
 MD5 42bd78508d208b55843c84dd54dea848 openssh-3.5p1.tar.gz 851486
-MD5 03c080bfe302f8eb7c6d4d79f5994310 openssh_3.5p1-5.se1.diff.gz 60431
diff --git a/net-misc/openssh/files/digest-openssh-3.6.1_p2 b/net-misc/openssh/files/digest-openssh-3.6.1_p2
index 7576198e5d33..70f355454a00 100644
--- a/net-misc/openssh/files/digest-openssh-3.6.1_p2
+++ b/net-misc/openssh/files/digest-openssh-3.6.1_p2
@@ -1,2 +1 @@
 MD5 f3879270bffe479e1bd057aa36258696 openssh-3.6.1p2.tar.gz 879629
-MD5 c425e65927b359382bf3618d265d45f1 openssh_3.6p1-5.se1.diff.bz2 54985
diff --git a/net-misc/openssh/files/digest-openssh-3.7.1_p2 b/net-misc/openssh/files/digest-openssh-3.7.1_p2
index d46309c81b8c..920c333856ca 100644
--- a/net-misc/openssh/files/digest-openssh-3.7.1_p2
+++ b/net-misc/openssh/files/digest-openssh-3.7.1_p2
@@ -1,3 +1,2 @@
 MD5 61cf5b059938718308836d00f6764a94 openssh-3.7.1p2.tar.gz 792280
-MD5 d8f4c22cec973d2e22551455fe5bc28c openssh-3.7.1_p1-selinux.diff.bz2 7677
 MD5 83e000a867eba10ef7f18c169d979360 openssh-3.7.1p2+x509g2.diff.gz 125455
diff --git a/net-misc/openssh/files/openssh-3.7.1_p1-selinux.diff b/net-misc/openssh/files/openssh-3.7.1_p1-selinux.diff
new file mode 100644
index 000000000000..97bcc75f95b1
--- /dev/null
+++ b/net-misc/openssh/files/openssh-3.7.1_p1-selinux.diff
@@ -0,0 +1,116 @@
+diff -urN openssh-3.7.1p1.orig/Makefile.in openssh-3.7.1p1/Makefile.in
+--- openssh-3.7.1p1.orig/Makefile.in	2003-09-13 20:40:36.000000000 -0500
++++ openssh-3.7.1p1/Makefile.in	2003-09-19 19:08:04.000000000 -0500
+@@ -40,7 +40,7 @@
+ 
+ CC=@CC@
+ LD=@LD@
+-CFLAGS=@CFLAGS@
++CFLAGS=@CFLAGS@ -DWITH_SELINUX
+ CPPFLAGS=-I. -I$(srcdir) @CPPFLAGS@ $(PATHS) @DEFS@
+ LIBS=@LIBS@
+ LIBPAM=@LIBPAM@
+@@ -53,7 +53,7 @@
+ SED=@SED@
+ ENT=@ENT@
+ XAUTH_PATH=@XAUTH_PATH@
+-LDFLAGS=-L. -Lopenbsd-compat/ @LDFLAGS@
++LDFLAGS=-L. -Lopenbsd-compat/ @LDFLAGS@ -lselinux
+ EXEEXT=@EXEEXT@
+ 
+ INSTALL_SSH_PRNG_CMDS=@INSTALL_SSH_PRNG_CMDS@
+diff -urN openssh-3.7.1p1.orig/session.c openssh-3.7.1p1/session.c
+--- openssh-3.7.1p1.orig/session.c	2003-09-15 20:52:19.000000000 -0500
++++ openssh-3.7.1p1/session.c	2003-09-19 19:08:36.000000000 -0500
+@@ -62,6 +62,11 @@
+ #include "ssh-gss.h"
+ #endif
+ 
++#ifdef WITH_SELINUX
++#include <selinux/get_context_list.h>
++#include <selinux/selinux.h>
++#endif
++
+ /* func */
+ 
+ Session *session_new(void);
+@@ -1291,6 +1296,19 @@
+ #endif
+ 	if (getuid() != pw->pw_uid || geteuid() != pw->pw_uid)
+ 		fatal("Failed to set uids to %u.", (u_int) pw->pw_uid);
++#ifdef WITH_SELINUX
++	if (is_selinux_enabled())
++	  {
++	    security_context_t scontext;
++	    if (get_default_context(pw->pw_name,NULL,&scontext))
++	      fatal("Failed to get default security context for %s.", pw->pw_name);
++	    if (setexeccon(scontext)) {
++	      freecon(scontext);
++	      fatal("Failed to set exec security context %s for %s.", scontext, pw->pw_name);
++	    }
++	    freecon(scontext);
++	  }
++#endif
+ }
+ 
+ static void
+diff -urN openssh-3.7.1p1.orig/sshpty.c openssh-3.7.1p1/sshpty.c
+--- openssh-3.7.1p1.orig/sshpty.c	2003-08-24 20:16:21.000000000 -0500
++++ openssh-3.7.1p1/sshpty.c	2003-09-19 19:08:04.000000000 -0500
+@@ -22,6 +22,12 @@
+ #include "log.h"
+ #include "misc.h"
+ 
++#ifdef WITH_SELINUX
++#include <selinux/flask.h>
++#include <selinux/get_context_list.h>
++#include <selinux/selinux.h>
++#endif
++
+ /* Pty allocated with _getpty gets broken if we do I_PUSH:es to it. */
+ #if defined(HAVE__GETPTY) || defined(HAVE_OPENPTY)
+ #undef HAVE_DEV_PTMX
+@@ -386,6 +392,37 @@
+ 	 * Warn but continue if filesystem is read-only and the uids match/
+ 	 * tty is owned by root.
+ 	 */
++#ifdef WITH_SELINUX
++	if (is_selinux_enabled()) {
++	  security_context_t 	  new_tty_context=NULL,
++	    user_context=NULL, old_tty_context=NULL; 
++
++	  if (get_default_context(pw->pw_name,NULL,&user_context))
++	      fatal("Failed to get default security context for %s.", pw->pw_name);
++
++	  if (getfilecon(ttyname, &old_tty_context)<0) {
++	    error("getfilecon(%.100s) failed: %.100s", ttyname,
++		  strerror(errno));
++	  }
++	  else 
++	    {
++	      if ( security_compute_relabel(user_context,old_tty_context,SECCLASS_CHR_FILE,&new_tty_context)!=0) {
++		error("security_compute_relabel(%.100s) failed: %.100s", ttyname,
++		      strerror(errno));
++	      } 
++	      else 
++		{
++		  if (setfilecon (ttyname, new_tty_context) != 0) {
++		    error("setfilecon(%.100s, %s) failed: %.100s",
++			  ttyname, new_tty_context, strerror(errno));
++		  }
++		  freecon(new_tty_context);
++		}
++	      freecon(old_tty_context);
++	    }
++	  freecon(user_context);
++	}
++#endif
+ 	if (stat(ttyname, &st))
+ 		fatal("stat(%.100s) failed: %.100s", ttyname,
+ 		    strerror(errno));
+@@ -415,4 +452,5 @@
+ 				    ttyname, (u_int)mode, strerror(errno));
+ 		}
+ 	}
++
+ }
diff --git a/net-misc/openssh/openssh-3.5_p1-r1.ebuild b/net-misc/openssh/openssh-3.5_p1-r1.ebuild
index 87e954547e68..319ed3082aa2 100644
--- a/net-misc/openssh/openssh-3.5_p1-r1.ebuild
+++ b/net-misc/openssh/openssh-3.5_p1-r1.ebuild
@@ -1,6 +1,6 @@
 # Copyright 1999-2003 Gentoo Technologies, Inc.
 # Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/net-misc/openssh/openssh-3.5_p1-r1.ebuild,v 1.17 2003/09/26 06:05:29 vapier Exp $
+# $Header: /var/cvsroot/gentoo-x86/net-misc/openssh/openssh-3.5_p1-r1.ebuild,v 1.18 2003/10/29 03:17:56 pebenito Exp $
 
 inherit eutils
 
@@ -10,20 +10,18 @@ PARCH=${P/_/}
 S=${WORKDIR}/${PARCH}
 DESCRIPTION="Port of OpenBSD's free SSH release"
 HOMEPAGE="http://www.openssh.com/"
-SRC_URI="ftp://ftp.openbsd.org/pub/unix/OpenBSD/OpenSSH/portable/${PARCH}.tar.gz
-	selinux? ( http://www.coker.com.au/selinux/ssh/openssh_3.5p1-5.se1.diff.gz )"
+SRC_URI="ftp://ftp.openbsd.org/pub/unix/OpenBSD/OpenSSH/portable/${PARCH}.tar.gz"
 
 LICENSE="as-is"
 SLOT="0"
 KEYWORDS="x86 ppc ~sparc alpha mips ~hppa arm"
-IUSE="ipv6 static pam tcpd kerberos selinux"
+IUSE="ipv6 static pam tcpd kerberos"
 
 # openssh recognizes when openssl has been slightly upgraded and refuses to run.
 # This new rev will use the new openssl.
 RDEPEND="virtual/glibc
 	pam? ( >=sys-libs/pam-0.73 >=sys-apps/shadow-4.0.2-r2 )
 	kerberos? ( app-crypt/mit-krb5 )
-	selinux? ( sys-apps/selinux-small )
 	>=dev-libs/openssl-0.9.6d
 	sys-libs/zlib"
 
@@ -36,7 +34,6 @@ PROVIDE="virtual/ssh"
 src_unpack() {
 	unpack ${A}
 	cd ${S}
-	use selinux && epatch ${DISTDIR}/openssh_3.5p1-5.se1.diff.gz
 
 	if [ `use alpha` ]; then
 		 epatch ${FILESDIR}/${P}-gentoo-sshd-gcc3.patch || die
@@ -61,8 +58,6 @@ src_compile() {
 		myconf="${myconf} --with-kerberos4=/usr/athena"
 	fi
 
-	use selinux && CFLAGS="${CFLAGS} -DWITH_SELINUX"
-
 	./configure \
 		--prefix=/usr \
 		--sysconfdir=/etc/ssh \
@@ -81,13 +76,6 @@ src_compile() {
 		perl -pi -e "s|-lcrypto|/usr/lib/libcrypto.a|g" Makefile
 	fi
 
-	if [ "`use selinux`" ]
-	then
-		#add -lsecure
-		sed "s:LIBS=\(.*\):LIBS=\1 -lsecure:" < Makefile > Makefile.new
-		mv Makefile.new Makefile
-	fi
-
 	emake || die "compile problem"
 }
 
diff --git a/net-misc/openssh/openssh-3.6.1_p2.ebuild b/net-misc/openssh/openssh-3.6.1_p2.ebuild
index ba1ac5dccf46..9bc6eb98b463 100644
--- a/net-misc/openssh/openssh-3.6.1_p2.ebuild
+++ b/net-misc/openssh/openssh-3.6.1_p2.ebuild
@@ -1,6 +1,6 @@
 # Copyright 1999-2003 Gentoo Technologies, Inc.
 # Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/net-misc/openssh/openssh-3.6.1_p2.ebuild,v 1.8 2003/09/26 06:05:51 vapier Exp $
+# $Header: /var/cvsroot/gentoo-x86/net-misc/openssh/openssh-3.6.1_p2.ebuild,v 1.9 2003/10/29 03:17:56 pebenito Exp $
 
 inherit eutils
 
@@ -10,20 +10,18 @@ PARCH=${P/_/}
 S=${WORKDIR}/${PARCH}
 DESCRIPTION="Port of OpenBSD's free SSH release"
 HOMEPAGE="http://www.openssh.com/"
-SRC_URI="ftp://ftp.openbsd.org/pub/unix/OpenBSD/OpenSSH/portable/${PARCH}.tar.gz
-	selinux? ( http://lostlogicx.com/gentoo/openssh_3.6p1-5.se1.diff.bz2 )"
+SRC_URI="ftp://ftp.openbsd.org/pub/unix/OpenBSD/OpenSSH/portable/${PARCH}.tar.gz"
 
 LICENSE="as-is"
 SLOT="0"
 KEYWORDS="x86 ppc sparc alpha mips hppa arm amd64"
-IUSE="ipv6 static pam tcpd kerberos selinux"
+IUSE="ipv6 static pam tcpd kerberos"
 
 # openssh recognizes when openssl has been slightly upgraded and refuses to run.
 # This new rev will use the new openssl.
 RDEPEND="virtual/glibc
 	pam? ( >=sys-libs/pam-0.73 >=sys-apps/shadow-4.0.2-r2 )
 	kerberos? ( app-crypt/mit-krb5 )
-	selinux? ( sys-apps/selinux-small )
 	>=dev-libs/openssl-0.9.6d
 	sys-libs/zlib"
 
@@ -36,7 +34,6 @@ PROVIDE="virtual/ssh"
 src_unpack() {
 	unpack ${PARCH}.tar.gz
 	cd ${S}
-	use selinux && epatch ${DISTDIR}/openssh_3.6p1-5.se1.diff.bz2
 
 	if [ `use alpha` ]; then
 		 epatch ${FILESDIR}/${PN}-3.5_p1-gentoo-sshd-gcc3.patch || die
@@ -61,8 +58,6 @@ src_compile() {
 		myconf="${myconf} --with-kerberos4=/usr/athena"
 	fi
 
-	use selinux && CFLAGS="${CFLAGS} -DWITH_SELINUX"
-
 	./configure \
 		--prefix=/usr \
 		--sysconfdir=/etc/ssh \
@@ -81,13 +76,6 @@ src_compile() {
 		perl -pi -e "s|-lcrypto|/usr/lib/libcrypto.a|g" Makefile
 	fi
 
-	if [ "`use selinux`" ]
-	then
-		#add -lsecure
-		sed "s:LIBS=\(.*\):LIBS=\1 -lsecure:" < Makefile > Makefile.new
-		mv Makefile.new Makefile
-	fi
-
 	emake || die "compile problem"
 }
 
diff --git a/net-misc/openssh/openssh-3.7.1_p2.ebuild b/net-misc/openssh/openssh-3.7.1_p2.ebuild
index 0b6d7815211c..4f166a20d002 100644
--- a/net-misc/openssh/openssh-3.7.1_p2.ebuild
+++ b/net-misc/openssh/openssh-3.7.1_p2.ebuild
@@ -1,6 +1,6 @@
 # Copyright 1999-2003 Gentoo Technologies, Inc.
 # Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/net-misc/openssh/openssh-3.7.1_p2.ebuild,v 1.6 2003/09/30 17:49:24 aliz Exp $
+# $Header: /var/cvsroot/gentoo-x86/net-misc/openssh/openssh-3.7.1_p2.ebuild,v 1.7 2003/10/29 03:17:56 pebenito Exp $
 
 inherit eutils flag-o-matic ccc
 [ `use kerberos` ] && append-flags -I/usr/include/gssapi
@@ -10,13 +10,12 @@ inherit eutils flag-o-matic ccc
 PARCH=${P/_/}
 
 X509_PATCH="${PARCH}+x509g2.diff.gz"
-SELINUX_PATCH="openssh-3.7.1_p1-selinux.diff.bz2"
+SELINUX_PATCH="openssh-3.7.1_p1-selinux.diff"
 
 S=${WORKDIR}/${PARCH}
 DESCRIPTION="Port of OpenBSD's free SSH release"
 HOMEPAGE="http://www.openssh.com/"
 SRC_URI="mirror://openssh/${PARCH}.tar.gz
-	selinux? ( http://dev.gentoo.org/~pebenito/${SELINUX_PATCH} )
 	X509? ( http://roumenpetrov.info/openssh/x509g2/${X509_PATCH} )"
 
 LICENSE="as-is"
@@ -30,7 +29,7 @@ RDEPEND="virtual/glibc
 	pam? ( >=sys-libs/pam-0.73
 		>=sys-apps/shadow-4.0.2-r2 )
 	kerberos? ( app-crypt/mit-krb5 )
-	selinux? ( sys-apps/selinux-small )
+	selinux? ( sys-libs/libselinux )
 	skey? ( app-admin/skey )
 	>=dev-libs/openssl-0.9.6d
 	>=sys-libs/zlib-1.1.4
@@ -45,7 +44,7 @@ PROVIDE="virtual/ssh"
 src_unpack() {
 	unpack ${PARCH}.tar.gz ; cd ${S}
 
-	use selinux && epatch ${DISTDIR}/${SELINUX_PATCH}
+	use selinux && epatch ${FILESDIR}/${SELINUX_PATCH}
 	use alpha && epatch ${FILESDIR}/${PN}-3.5_p1-gentoo-sshd-gcc3.patch
 	use X509 && epatch ${DISTDIR}/${X509_PATCH}
 
@@ -93,11 +92,6 @@ src_compile() {
 		sed -i "s:-lcrypto:/usr/lib/libcrypto.a:g" Makefile
 	}
 
-	use selinux && {
-		#add -lsecure
-		sed -i "s:LIBS=\(.*\):LIBS=\1 -lsecure:" Makefile
-	}
-
 	emake || die "compile problem"
 }
author	Chris PeBenito <pebenito@gentoo.org>	2003-10-29 03:17:58 +0000
committer	Chris PeBenito <pebenito@gentoo.org>	2003-10-29 03:17:58 +0000
commit	012ea86abd9aa55db6c0a5c270c99f10802b7b74 (patch)
tree	67d1ef6396321c2b93d39f7dab6c6ec9c015a432 /net-misc/openssh
parent	version bump (diff)
download	gentoo-2-012ea86abd9aa55db6c0a5c270c99f10802b7b74.tar.gz gentoo-2-012ea86abd9aa55db6c0a5c270c99f10802b7b74.tar.bz2 gentoo-2-012ea86abd9aa55db6c0a5c270c99f10802b7b74.zip