Fix selinux support #110039 and add back in securid/hpn patches.

Package-Manager: portage-2.0.53_rc6

5 files changed, 111 insertions, 19 deletions

diff --git a/net-misc/openssh/ChangeLog b/net-misc/openssh/ChangeLog
index 9ef7d23024f8..9791a0f9aed1 100644
--- a/net-misc/openssh/ChangeLog
+++ b/net-misc/openssh/ChangeLog
@@ -1,6 +1,10 @@
 # ChangeLog for net-misc/openssh
 # Copyright 1999-2005 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/net-misc/openssh/ChangeLog,v 1.139 2005/10/21 21:09:18 kloeri Exp $
+# $Header: /var/cvsroot/gentoo-x86/net-misc/openssh/ChangeLog,v 1.140 2005/10/22 00:03:45 vapier Exp $
+
+  22 Oct 2005; Mike Frysinger <vapier@gentoo.org>
+  +files/openssh-4.2_p1-selinux.patch, openssh-4.2_p1.ebuild:
+  Fix selinux support #110039 and add back in securid/hpn patches.
 
   21 Oct 2005; Bryan Østergaard <kloeri@gentoo.org> openssh-4.2_p1.ebuild:
   Stable on alpha + ia64, bug 109678.
diff --git a/net-misc/openssh/Manifest b/net-misc/openssh/Manifest
index df565c2526f4..b043f01a5bef 100644
--- a/net-misc/openssh/Manifest
+++ b/net-misc/openssh/Manifest
@@ -1,12 +1,12 @@
 -----BEGIN PGP SIGNED MESSAGE-----
 Hash: SHA1
 
-MD5 ca1dcb020d2284cb48d6973399dfef54 ChangeLog 23081
+MD5 82fe3565d314821743168cb4a3b6007a ChangeLog 23261
 MD5 2fc26aef45c8705e6da5e3fe6650af47 files/digest-openssh-3.8.1_p1-r1 219
 MD5 1c2b632d1118068966049ae41b33c012 files/digest-openssh-3.9_p1-r3 281
 MD5 c92c33beb73a2d008cb3744ebd7e4f88 files/digest-openssh-4.0_p1-r2 360
 MD5 9da4e1a777f8baaa5caffb5084a68ed4 files/digest-openssh-4.1_p1-r1 360
-MD5 0494f3d85ca907c1c771a18ac172c4f7 files/digest-openssh-4.2_p1 213
+MD5 db2bfdf0d8a833d533ca97e4cd9645b6 files/digest-openssh-4.2_p1 360
 MD5 7880e18b2a91e5927810dddc7bda270f files/openssh-3.7.1_p1-selinux.diff.bz2 1353
 MD5 6d3c9b201c2e89b7156b2fc37ade9721 files/openssh-3.8.1_p1-chroot.patch.bz2 1119
 MD5 857f14fd111169d8838d07fb46769938 files/openssh-3.8.1_p1-kerberos.patch.bz2 465
@@ -34,6 +34,7 @@ MD5 f58807d5d75bc9929883e6876c7ddd46 files/openssh-3.9_p1-terminal_restore.patch
 MD5 d235f6e0c273e8a968b6759b12a8fd11 files/openssh-4.0_p1-sftplogging-1.2-gentoo.patch.bz2 5770
 MD5 4bee5c8ce11f30487154c3742e004f7d files/openssh-4.0_p1-smartcard-ldap-happy.patch 545
 MD5 21a3d3ba5d33cb010404c562ef1078b1 files/openssh-4.2_p1-kerberos-detection.patch 359
+MD5 551a19fc1be4d7792633865816bc9426 files/openssh-4.2_p1-selinux.patch 2355
 MD5 9cf3a0fb4e8709dde06bd4a3c61eeaff files/openssh-4.2_p1-sftplogging-1.4-gentoo.patch.bz2 5718
 MD5 eca7ba0b23754a710b42a79c1fb5e248 files/openssh-securid-1.3.1-updates.patch 445
 MD5 b86ae0c43a704c4ee2abd2ce5c955f8f files/sshd.pam 294
@@ -44,11 +45,11 @@ MD5 3af6afd052caef27a0707c9b941d41c6 openssh-3.8.1_p1-r1.ebuild 4407
 MD5 007223c0520d91c52557714c4bc6b0ca openssh-3.9_p1-r3.ebuild 5010
 MD5 f57b335cd90d3ec4233a98c6617dce3b openssh-4.0_p1-r2.ebuild 5362
 MD5 6a8c34205a609252e4811a9ff5fbb8bf openssh-4.1_p1-r1.ebuild 5323
-MD5 94eca7f523dc51ba685fcf8018773c89 openssh-4.2_p1.ebuild 5390
+MD5 da3c2285f1201b47e97a6ae506fb839a openssh-4.2_p1.ebuild 5273
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1.4.2 (GNU/Linux)
 
-iD8DBQFDWVkoKf2g/qXtneoRAlr8AJ9S00yaa7E6OpyguJJUh0bGWKo3PACgjIS9
-ZGwnGRrlrUrFnNrW3lSToKo=
-=VayF
+iD8DBQFDWYHzgIKl8Uu19MoRAlIQAJ46vJQgEpYnptZq3vDL5xw4ayCbUwCdHKdQ
+iSzHTQFHx/qyU/tWX56477c=
+=GtnT
 -----END PGP SIGNATURE-----
diff --git a/net-misc/openssh/files/digest-openssh-4.2_p1 b/net-misc/openssh/files/digest-openssh-4.2_p1
index 4b810f577470..df3ae09caa4b 100644
--- a/net-misc/openssh/files/digest-openssh-4.2_p1
+++ b/net-misc/openssh/files/digest-openssh-4.2_p1
@@ -1,3 +1,5 @@
+MD5 6c89525f43b93fb2671af345dd85783b openssh-4.2p1+SecurID_v1.3.2.patch 616248
+MD5 cda9a91dc66ff20be49ba379be9089fd openssh-4.2p1+x509-5.2.diff.gz 123592
+MD5 4b8f0befa09f234d6e7f1a5849b86197 openssh-4.2p1-hpn11.diff 14765
 MD5 df899194a340c933944b193477c628fa openssh-4.2p1.tar.gz 914165
 MD5 b779906d657d63794144cabe2bf978b8 openssh-lpk-4.1p1-0.3.6.patch 60312
-MD5 cda9a91dc66ff20be49ba379be9089fd openssh-4.2p1+x509-5.2.diff.gz 123592
diff --git a/net-misc/openssh/files/openssh-4.2_p1-selinux.patch b/net-misc/openssh/files/openssh-4.2_p1-selinux.patch
new file mode 100644
index 000000000000..88c2b74e43fc
--- /dev/null
+++ b/net-misc/openssh/files/openssh-4.2_p1-selinux.patch
@@ -0,0 +1,87 @@
+--- openssh/session.c
++++ openssh/session.c
+@@ -66,6 +66,11 @@
+ #include "ssh-gss.h"
+ #endif
+ 
++#ifdef WITH_SELINUX
++#include <selinux/get_context_list.h>
++#include <selinux/selinux.h>
++#endif
++
+ /* func */
+ 
+ Session *session_new(void);
+@@ -1304,6 +1309,19 @@
+ #endif
+ 	if (getuid() != pw->pw_uid || geteuid() != pw->pw_uid)
+ 		fatal("Failed to set uids to %u.", (u_int) pw->pw_uid);
++#ifdef WITH_SELINUX
++	if (is_selinux_enabled())
++	  {
++	    security_context_t scontext;
++	    if (get_default_context(pw->pw_name,NULL,&scontext))
++	      fatal("Failed to get default security context for %s.", pw->pw_name);
++	    if (setexeccon(scontext)) {
++	      freecon(scontext);
++	      fatal("Failed to set exec security context %s for %s.", scontext, pw->pw_name);
++	    }
++	    freecon(scontext);
++	  }
++#endif
+ }
+ 
+ static void
+--- openssh/sshpty.c
++++ openssh/sshpty.c
+@@ -30,6 +30,12 @@
+ #define O_NOCTTY 0
+ #endif
+
++#ifdef WITH_SELINUX
++#include <selinux/flask.h>
++#include <selinux/get_context_list.h>
++#include <selinux/selinux.h>
++#endif
++
+ /*
+  * Allocates and opens a pty.  Returns 0 if no pty could be allocated, or
+  * nonzero if a pty was successfully allocated.  On success, open file
+@@ -196,6 +202,37 @@
+ 	 * Warn but continue if filesystem is read-only and the uids match/
+ 	 * tty is owned by root.
+ 	 */
++#ifdef WITH_SELINUX
++	if (is_selinux_enabled()) {
++	  security_context_t 	  new_tty_context=NULL,
++	    user_context=NULL, old_tty_context=NULL; 
++
++	  if (get_default_context(pw->pw_name,NULL,&user_context))
++	      fatal("Failed to get default security context for %s.", pw->pw_name);
++
++	  if (getfilecon(tty, &old_tty_context)<0) {
++	    error("getfilecon(%.100s) failed: %.100s", tty,
++		  strerror(errno));
++	  }
++	  else 
++	    {
++	      if ( security_compute_relabel(user_context,old_tty_context,SECCLASS_CHR_FILE,&new_tty_context)!=0) {
++		error("security_compute_relabel(%.100s) failed: %.100s", tty,
++		      strerror(errno));
++	      } 
++	      else 
++		{
++		  if (setfilecon (tty, new_tty_context) != 0) {
++		    error("setfilecon(%.100s, %s) failed: %.100s",
++			  tty, new_tty_context, strerror(errno));
++		  }
++		  freecon(new_tty_context);
++		}
++	      freecon(old_tty_context);
++	    }
++	  freecon(user_context);
++	}
++#endif
+ 	if (stat(tty, &st))
+ 		fatal("stat(%.100s) failed: %.100s", tty,
+ 		    strerror(errno));
diff --git a/net-misc/openssh/openssh-4.2_p1.ebuild b/net-misc/openssh/openssh-4.2_p1.ebuild
index 6755b6e05fd7..5a6ec4f3759c 100644
--- a/net-misc/openssh/openssh-4.2_p1.ebuild
+++ b/net-misc/openssh/openssh-4.2_p1.ebuild
@@ -1,6 +1,6 @@
 # Copyright 1999-2005 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/net-misc/openssh/openssh-4.2_p1.ebuild,v 1.10 2005/10/21 21:09:18 kloeri Exp $
+# $Header: /var/cvsroot/gentoo-x86/net-misc/openssh/openssh-4.2_p1.ebuild,v 1.11 2005/10/22 00:03:45 vapier Exp $
 
 inherit eutils flag-o-matic ccc pam
 
@@ -8,20 +8,18 @@ inherit eutils flag-o-matic ccc pam
 # and _p? releases.
 PARCH=${P/_/}
 
-SFTPLOG_PATCH_VER="1.2"
 X509_PATCH="${PARCH}+x509-5.2.diff.gz"
-SELINUX_PATCH="openssh-3.9_p1-selinux.diff"
-SECURID_PATCH="" #${PARCH}+SecurID_v1.3.1.patch"
+SECURID_PATCH="${PARCH}+SecurID_v1.3.2.patch"
 LDAP_PATCH="${PARCH/-4.2/-lpk-4.1}-0.3.6.patch"
-HPN_PATCH="" #${PARCH/4.2/4.1}-hpn11.diff"
+HPN_PATCH="${PARCH}-hpn11.diff"
 
 DESCRIPTION="Port of OpenBSD's free SSH release"
 HOMEPAGE="http://www.openssh.com/"
 SRC_URI="mirror://openbsd/OpenSSH/portable/${PARCH}.tar.gz
 	ldap? ( http://www.opendarwin.org/en/projects/openssh-lpk/files/${LDAP_PATCH} )
-	X509? ( http://roumenpetrov.info/openssh/x509-5.2/${X509_PATCH} )"
-#	hpn? ( http://www.psc.edu/networking/projects/hpn-ssh/${HPN_PATCH} )"
-#	smartcard? ( http://www.omniti.com/~jesus/projects/${SECURID_PATCH} )"
+	X509? ( http://roumenpetrov.info/openssh/x509-5.2/${X509_PATCH} )
+	hpn? ( http://www.psc.edu/networking/projects/hpn-ssh/${HPN_PATCH} )
+	smartcard? ( http://www.omniti.com/~jesus/projects/${SECURID_PATCH} )"
 
 LICENSE="as-is"
 SLOT="0"
@@ -60,11 +58,11 @@ src_unpack() {
 	use sftplogging && epatch "${FILESDIR}"/openssh-4.2_p1-sftplogging-1.4-gentoo.patch.bz2
 	use skey && epatch "${FILESDIR}"/openssh-3.9_p1-skey.patch.bz2
 	use chroot && epatch "${FILESDIR}"/openssh-3.9_p1-chroot.patch
-	use selinux && epatch "${FILESDIR}"/${SELINUX_PATCH}.bz2
+	epatch "${FILESDIR}"/openssh-4.2_p1-selinux.patch
 	use smartcard && epatch "${FILESDIR}"/openssh-3.9_p1-opensc.patch.bz2
 	if ! use X509 ; then
 		if [[ -n ${SECURID_PATCH} ]] && use smartcard ; then
-			epatch "${DISTDIR}"/${SECURID_PATCH} "${FILESDIR}"/openssh-securid-1.3.1-updates.patch
+			epatch "${DISTDIR}"/${SECURID_PATCH}
 			use ldap && epatch "${FILESDIR}"/openssh-4.0_p1-smartcard-ldap-happy.patch
 		fi
 		if use sftplogging ; then
@@ -93,7 +91,7 @@ src_compile() {
 		filter-flags -funroll-loops
 		myconf="${myconf} --with-ldap"
 	fi
-	use selinux && append-flags "-DWITH_SELINUX"
+	use selinux && append-flags -DWITH_SELINUX && append-ldflags -lselinux
 
 	if use static ; then
 		append-ldflags -static