rpms/openssh/devel openssh-5.2p1-selabel.patch, NONE, 1.1 openssh.spec, 1.150, 1.151

Jan F. Chadima jfch2222 at fedoraproject.org
Tue Jun 30 10:26:44 UTC 2009 

Author: jfch2222

Update of /cvs/pkgs/rpms/openssh/devel
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv5629

Modified Files:
	openssh.spec 
Added Files:
	openssh-5.2p1-selabel.patch 
Log Message:
create '~/.ssh/known_hosts' within proper context


openssh-5.2p1-selabel.patch:

--- NEW FILE openssh-5.2p1-selabel.patch ---
diff -up openssh-5.2p1/contrib/ssh-copy-id.selabel openssh-5.2p1/contrib/ssh-copy-id
--- openssh-5.2p1/contrib/ssh-copy-id.selabel	2009-06-29 23:43:03.514390092 +0200
+++ openssh-5.2p1/contrib/ssh-copy-id	2009-06-29 23:44:11.188382120 +0200
@@ -38,7 +38,7 @@ if [ "$#" -lt 1 ] || [ "$1" = "-h" ] || 
   exit 1
 fi
 
-{ eval "$GET_ID" ; } | ssh $1 "umask 077; test -d .ssh || mkdir .ssh ; cat >> .ssh/authorized_keys" || exit 1
+{ eval "$GET_ID" ; } | ssh $1 "umask 077; test -d .ssh || mkdir .ssh ; cat >> .ssh/authorized_keys; test -x /sbin/restorecon && /sbin/restorecon .ssh .ssh/authorized_keys" || exit 1
 
 cat <<EOF
 Now try logging into the machine, with "ssh '$1'", and check in:
diff -up openssh-5.2p1/Makefile.in.selabel openssh-5.2p1/Makefile.in
--- openssh-5.2p1/Makefile.in.selabel	2009-06-29 23:38:34.224128017 +0200
+++ openssh-5.2p1/Makefile.in	2009-06-29 23:38:34.332123333 +0200
@@ -134,7 +134,7 @@ libssh.a: $(LIBSSH_OBJS)
 	$(RANLIB) $@
 
 ssh$(EXEEXT): $(LIBCOMPAT) libssh.a $(SSHOBJS)
-	$(LD) -o $@ $(SSHOBJS) $(LDFLAGS) -lssh -lopenbsd-compat -lfipscheck $(LIBS)
+	$(LD) -o $@ $(SSHOBJS) $(LDFLAGS) -lssh -lopenbsd-compat -lfipscheck -lselinux $(LIBS)
 
 sshd$(EXEEXT): libssh.a	$(LIBCOMPAT) $(SSHDOBJS)
 	$(LD) -o $@ $(SSHDOBJS) $(LDFLAGS) -lssh -lopenbsd-compat $(SSHDLIBS) -lfipscheck $(LIBS)
diff -up openssh-5.2p1/ssh.c.selabel openssh-5.2p1/ssh.c
--- openssh-5.2p1/ssh.c.selabel	2009-06-29 23:38:34.314132116 +0200
+++ openssh-5.2p1/ssh.c	2009-06-29 23:38:34.335927287 +0200
@@ -74,6 +74,7 @@
 #include <openssl/err.h>
 #include <openssl/fips.h>
 #include <fipscheck.h>
+#include <selinux/selinux.h>
 #include "openbsd-compat/openssl-compat.h"
 #include "openbsd-compat/sys-queue.h"
 
@@ -790,10 +791,15 @@ main(int ac, char **av)
 	 */
 	snprintf(buf, sizeof buf, "%.100s%s%.100s", pw->pw_dir,
 	    strcmp(pw->pw_dir, "/") ? "/" : "", _PATH_SSH_USER_DIR);
-	if (stat(buf, &st) < 0)
+	if (stat(buf, &st) < 0) {
+		char *scon;
+
+		matchpathcon(buf, 0700, &scon);
+		setfscreatecon(scon);
 		if (mkdir(buf, 0700) < 0)
 			error("Could not create directory '%.200s'.", buf);
-
+		setfscreatecon(NULL);
+	}
 	/* load options.identity_files */
 	load_public_identity_files();
 


Index: openssh.spec
===================================================================
RCS file: /cvs/pkgs/rpms/openssh/devel/openssh.spec,v
retrieving revision 1.150
retrieving revision 1.151
diff -u -p -r1.150 -r1.151
--- openssh.spec	29 Jun 2009 20:51:17 -0000	1.150
+++ openssh.spec	30 Jun 2009 10:26:13 -0000	1.151
@@ -63,7 +63,7 @@
 Summary: An open source implementation of SSH protocol versions 1 and 2
 Name: openssh
 Version: 5.2p1
-Release: 11%{?dist}%{?rescue_rel}
+Release: 12%{?dist}%{?rescue_rel}
 URL: http://www.openssh.com/portable.html
 #Source0: ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-%{version}.tar.gz
 #Source1: ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-%{version}.tar.gz.asc
@@ -100,6 +100,7 @@ Patch65: openssh-5.2p1-fips.patch
 Patch66: openssh-5.2p1-homechroot.patch
 Patch67: openssh-5.2p1-xmodifiers.patch
 Patch68: openssh-5.2p1-pathmax.patch
+Patch69: openssh-5.2p1-selabel.patch
 
 License: BSD
 Group: Applications/Internet
@@ -234,6 +235,7 @@ an X11 passphrase dialog for OpenSSH.
 %patch66 -p1 -b .homechroot
 %patch67 -p1 -b .xmodifiers
 %patch68 -p1 -b .pathmax
+%patch69 -p1 -b .selabel
 
 autoreconf
 
@@ -468,8 +470,12 @@ fi
 %endif
 
 %changelog
+* Tue Jun 30 2009 Jan F. Chadima <jchadima at redhat.com> - 5.2p1-11
+- create '~/.ssh/known_hosts' within proper context
+
 * Mon Jun 29 2009 Jan F. Chadima <jchadima at redhat.com> - 5.2p1-11
 - length of home path in ssh now limited by PATH_MAX
+- correct timezone with daylight processing
 
 * Sat Jun 27 2009 Jan F. Chadima <jchadima at redhat.com> - 5.2p1-10
 - final version chroot %%h (sftp only)

More information about the fedora-extras-commits mailing list