rpms/openssh/devel openssh-5.2p1-sesftp.patch, NONE, 1.1 openssh-5.2p1-pathmax.patch, 1.1, 1.2 openssh-5.2p1-selabel.patch, 1.1, 1.2 openssh.spec, 1.151, 1.152

Fri Jul 17 07:07:00 UTC 2009

Author: jfch2222

Update of /cvs/pkgs/rpms/openssh/devel
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv3410

Modified Files:
	openssh-5.2p1-pathmax.patch openssh-5.2p1-selabel.patch 
	openssh.spec 
Added Files:
	openssh-5.2p1-sesftp.patch 
Log Message:
changed internal-sftp context to sftpd_t


openssh-5.2p1-sesftp.patch:
 session.c |    2 ++
 1 file changed, 2 insertions(+)

--- NEW FILE openssh-5.2p1-sesftp.patch ---

diff -up openssh-5.2p1/session.c.sesftp openssh-5.2p1/session.c

--- openssh-5.2p1/session.c.sesftp	2009-07-16 22:34:26.000000000 +0200

+++ openssh-5.2p1/session.c	2009-07-16 22:59:22.000000000 +0200

@@ -58,6 +58,7 @@

 #include <stdlib.h>

 #include <string.h>

 #include <unistd.h>

+#include <selinux/selinux.h>

 

 #include "openbsd-compat/sys-queue.h"

 #include "xmalloc.h"

@@ -1816,6 +1817,7 @@ do_child(Session *s, const char *command

 		argv[i] = NULL;

 		optind = optreset = 1;

 		__progname = argv[0];

+		setcon ("system_u:system_r:sftpd_t");

 		exit(sftp_server_main(i, argv, s->pw));

 	}

 

openssh-5.2p1-pathmax.patch:
 ssh.c |   14 ++++++++------
 1 file changed, 8 insertions(+), 6 deletions(-)

Index: openssh-5.2p1-pathmax.patch
===================================================================
RCS file: /cvs/pkgs/rpms/openssh/devel/openssh-5.2p1-pathmax.patch,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -p -r1.1 -r1.2
--- openssh-5.2p1-pathmax.patch	29 Jun 2009 20:51:17 -0000	1.1
+++ openssh-5.2p1-pathmax.patch	17 Jul 2009 07:06:58 -0000	1.2
@@ -1,6 +1,6 @@
 diff -up openssh-5.2p1/ssh.c.pathmax openssh-5.2p1/ssh.c
---- openssh-5.2p1/ssh.c.pathmax	2009-06-29 22:13:17.251360372 +0200
-+++ openssh-5.2p1/ssh.c	2009-06-29 22:14:46.036292525 +0200
+--- openssh-5.2p1/ssh.c.pathmax	2009-07-08 14:23:19.000000000 +0200
++++ openssh-5.2p1/ssh.c	2009-07-08 14:26:26.000000000 +0200
 @@ -49,6 +49,7 @@
  #include <sys/resource.h>
  #include <sys/ioctl.h>
@@ -9,12 +9,39 @@ diff -up openssh-5.2p1/ssh.c.pathmax ope
  
  #include <ctype.h>
  #include <errno.h>
-@@ -209,7 +210,7 @@ int
+@@ -208,8 +209,8 @@ void muxserver_listen(void);
+ int
  main(int ac, char **av)
  {
- 	int i, opt, exit_status, use_syslog;
+-	int i, opt, exit_status, use_syslog;
 -	char *p, *cp, *line, buf[256];
-+	char *p, *cp, *line, buf[PATH_MAX];
++	int i, r, opt, exit_status, use_syslog;
++	char *p, *cp, *line, buf[MAXPATHLEN];
  	struct stat st;
  	struct passwd *pw;
  	int dummy, timeout_ms;
+@@ -624,9 +625,10 @@ main(int ac, char **av)
+ 			fatal("Can't open user config file %.100s: "
+ 			    "%.100s", config, strerror(errno));
+ 	} else {
+-		snprintf(buf, sizeof buf, "%.100s/%.100s", pw->pw_dir,
++		r = snprintf(buf, sizeof buf, "%s/%s", pw->pw_dir,
+ 		    _PATH_SSH_USER_CONFFILE);
+-		(void)read_config_file(buf, host, &options, 1);
++		if (r > 0 && (size_t)r < sizeof(buf))
++			(void)read_config_file(buf, host, &options, 1);
+ 
+ 		/* Read systemwide configuration file after use config. */
+ 		(void)read_config_file(_PATH_HOST_CONFIG_FILE, host,
+@@ -787,9 +789,9 @@ main(int ac, char **av)
+ 	 * Now that we are back to our own permissions, create ~/.ssh
+ 	 * directory if it doesn't already exist.
+ 	 */
+-	snprintf(buf, sizeof buf, "%.100s%s%.100s", pw->pw_dir,
++	r = snprintf(buf, sizeof buf, "%s%s%s", pw->pw_dir,
+ 	    strcmp(pw->pw_dir, "/") ? "/" : "", _PATH_SSH_USER_DIR);
+-	if (stat(buf, &st) < 0)
++	if (r > 0 && (size_t)r < sizeof(buf) && stat(buf, &st) < 0)
+ 		if (mkdir(buf, 0700) < 0)
+ 			error("Could not create directory '%.200s'.", buf);
+ 

openssh-5.2p1-selabel.patch:
 Makefile.in         |    2 +-
 contrib/ssh-copy-id |    2 +-
 ssh.c               |   10 ++++++++--
 3 files changed, 10 insertions(+), 4 deletions(-)

Index: openssh-5.2p1-selabel.patch
===================================================================
RCS file: /cvs/pkgs/rpms/openssh/devel/openssh-5.2p1-selabel.patch,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -p -r1.1 -r1.2
--- openssh-5.2p1-selabel.patch	30 Jun 2009 10:26:13 -0000	1.1
+++ openssh-5.2p1-selabel.patch	17 Jul 2009 07:06:59 -0000	1.2
@@ -1,6 +1,6 @@
 diff -up openssh-5.2p1/contrib/ssh-copy-id.selabel openssh-5.2p1/contrib/ssh-copy-id
---- openssh-5.2p1/contrib/ssh-copy-id.selabel	2009-06-29 23:43:03.514390092 +0200
-+++ openssh-5.2p1/contrib/ssh-copy-id	2009-06-29 23:44:11.188382120 +0200
+--- openssh-5.2p1/contrib/ssh-copy-id.selabel	2009-01-21 10:29:21.000000000 +0100
++++ openssh-5.2p1/contrib/ssh-copy-id	2009-07-08 14:28:27.000000000 +0200
 @@ -38,7 +38,7 @@ if [ "$#" -lt 1 ] || [ "$1" = "-h" ] || 
    exit 1
  fi
@@ -11,8 +11,8 @@ diff -up openssh-5.2p1/contrib/ssh-copy-
  cat <<EOF
  Now try logging into the machine, with "ssh '$1'", and check in:
 diff -up openssh-5.2p1/Makefile.in.selabel openssh-5.2p1/Makefile.in
---- openssh-5.2p1/Makefile.in.selabel	2009-06-29 23:38:34.224128017 +0200
-+++ openssh-5.2p1/Makefile.in	2009-06-29 23:38:34.332123333 +0200
+--- openssh-5.2p1/Makefile.in.selabel	2009-07-08 14:28:25.000000000 +0200
++++ openssh-5.2p1/Makefile.in	2009-07-08 14:28:27.000000000 +0200
 @@ -134,7 +134,7 @@ libssh.a: $(LIBSSH_OBJS)
  	$(RANLIB) $@
  
@@ -23,8 +23,8 @@ diff -up openssh-5.2p1/Makefile.in.selab
  sshd$(EXEEXT): libssh.a	$(LIBCOMPAT) $(SSHDOBJS)
  	$(LD) -o $@ $(SSHDOBJS) $(LDFLAGS) -lssh -lopenbsd-compat $(SSHDLIBS) -lfipscheck $(LIBS)
 diff -up openssh-5.2p1/ssh.c.selabel openssh-5.2p1/ssh.c
---- openssh-5.2p1/ssh.c.selabel	2009-06-29 23:38:34.314132116 +0200
-+++ openssh-5.2p1/ssh.c	2009-06-29 23:38:34.335927287 +0200
+--- openssh-5.2p1/ssh.c.selabel	2009-07-08 14:28:27.000000000 +0200
++++ openssh-5.2p1/ssh.c	2009-07-08 14:34:00.000000000 +0200
 @@ -74,6 +74,7 @@
  #include <openssl/err.h>
  #include <openssl/fips.h>
@@ -33,12 +33,12 @@ diff -up openssh-5.2p1/ssh.c.selabel ope
  #include "openbsd-compat/openssl-compat.h"
  #include "openbsd-compat/sys-queue.h"
  
-@@ -790,10 +791,15 @@ main(int ac, char **av)
+@@ -791,10 +792,15 @@ main(int ac, char **av)
  	 */
- 	snprintf(buf, sizeof buf, "%.100s%s%.100s", pw->pw_dir,
+ 	r = snprintf(buf, sizeof buf, "%s%s%s", pw->pw_dir,
  	    strcmp(pw->pw_dir, "/") ? "/" : "", _PATH_SSH_USER_DIR);
--	if (stat(buf, &st) < 0)
-+	if (stat(buf, &st) < 0) {
+-	if (r > 0 && (size_t)r < sizeof(buf) && stat(buf, &st) < 0)
++	if (r > 0 && (size_t)r < sizeof(buf) && stat(buf, &st) < 0) {
 +		char *scon;
 +
 +		matchpathcon(buf, 0700, &scon);


Index: openssh.spec
===================================================================
RCS file: /cvs/pkgs/rpms/openssh/devel/openssh.spec,v
retrieving revision 1.151
retrieving revision 1.152
diff -u -p -r1.151 -r1.152
--- openssh.spec	30 Jun 2009 10:26:13 -0000	1.151
+++ openssh.spec	17 Jul 2009 07:06:59 -0000	1.152
@@ -63,7 +63,7 @@
 Summary: An open source implementation of SSH protocol versions 1 and 2
 Name: openssh
 Version: 5.2p1
-Release: 12%{?dist}%{?rescue_rel}
+Release: 14%{?dist}%{?rescue_rel}
 URL: http://www.openssh.com/portable.html
 #Source0: ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-%{version}.tar.gz
 #Source1: ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-%{version}.tar.gz.asc
@@ -101,6 +101,7 @@ Patch66: openssh-5.2p1-homechroot.patch
 Patch67: openssh-5.2p1-xmodifiers.patch
 Patch68: openssh-5.2p1-pathmax.patch
 Patch69: openssh-5.2p1-selabel.patch
+Patch70: openssh-5.2p1-sesftp.patch
 
 License: BSD
 Group: Applications/Internet
@@ -236,6 +237,7 @@ an X11 passphrase dialog for OpenSSH.
 %patch67 -p1 -b .xmodifiers
 %patch68 -p1 -b .pathmax
 %patch69 -p1 -b .selabel
+%patch70 -p1 -b .sesftp
 
 autoreconf
 
@@ -470,7 +472,13 @@ fi
 %endif
 
 %changelog
-* Tue Jun 30 2009 Jan F. Chadima <jchadima at redhat.com> - 5.2p1-11
+* Fri Jul 17 2009 Jan F. Chadima <jchadima at redhat.com> - 5.2p1-14
+- changed internal-sftp context to sftpd_t
+
+* Fri Jul  3 2009 Jan F. Chadima <jchadima at redhat.com> - 5.2p1-13
+- changed home length path patch to upstream version
+
+* Tue Jun 30 2009 Jan F. Chadima <jchadima at redhat.com> - 5.2p1-12
 - create '~/.ssh/known_hosts' within proper context
 
 * Mon Jun 29 2009 Jan F. Chadima <jchadima at redhat.com> - 5.2p1-11


