fix se patch

4 files changed, 153 insertions, 37 deletions

diff --git a/net-misc/openssh/ChangeLog b/net-misc/openssh/ChangeLog
index 0e76caca6c49..23237cdc8f72 100644
--- a/net-misc/openssh/ChangeLog
+++ b/net-misc/openssh/ChangeLog
@@ -1,6 +1,10 @@
 # ChangeLog for net-misc/openssh
 # Copyright 2002-2004 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/net-misc/openssh/ChangeLog,v 1.97 2004/08/18 21:55:16 aliz Exp $
+# $Header: /var/cvsroot/gentoo-x86/net-misc/openssh/ChangeLog,v 1.98 2004/08/19 23:19:09 pebenito Exp $
+
+  19 Aug 2004; Chris PeBenito <pebenito@gentoo.org>
+  +files/openssh-3.9_p1-selinux.diff, openssh-3.9_p1.ebuild:
+  Update SELinux patch
 
   18 Aug 2004; Daniel Ahlberg <aliz@gentoo.org> openssh-3.8.1_p1-r2.ebuild:
   Fixed sftplogging patch, closing #60417 again.
diff --git a/net-misc/openssh/Manifest b/net-misc/openssh/Manifest
index bf9bfeb2859e..322bd686ccc5 100644
--- a/net-misc/openssh/Manifest
+++ b/net-misc/openssh/Manifest
@@ -1,50 +1,51 @@
 -----BEGIN PGP SIGNED MESSAGE-----
 Hash: SHA1
 
-MD5 cbf8d9de9057e597c646d26cc2b35b23 ChangeLog 14654
-MD5 0feff9b09e482567359625301bddce1c metadata.xml 1329
-MD5 ec96fb49d91d5e77e391b92b93b76488 openssh-3.7.1_p2-r1.ebuild 4086
 MD5 2fc7548ab51d3e0db127dd23f4f2c5f8 openssh-3.7.1_p2-r2.ebuild 4605
-MD5 07179e41e3c7d022657732605478a8bd openssh-3.8.1_p1.ebuild 4030
-MD5 685c84b3f8cc4608d391deb65fd75198 openssh-3.8_p1.ebuild 4198
 MD5 e03d5b76db7eed6a83a4c849a5249363 openssh-3.8.1_p1-r1.ebuild 4204
+MD5 9f31a515c3f820b775770dfa0d7c08ac ChangeLog 14795
+MD5 685c84b3f8cc4608d391deb65fd75198 openssh-3.8_p1.ebuild 4198
 MD5 9651f6aa81ee4d5113b1f644a3f020ee openssh-3.8.1_p1-r2.ebuild 4215
-MD5 b5c1ab336aed06931b4a5a798918d701 openssh-3.9_p1.ebuild 4094
-MD5 2f8fc1bd837220c9708d9d8b0730fe2c files/digest-openssh-3.7.1_p2-r2 142
-MD5 2f8fc1bd837220c9708d9d8b0730fe2c files/digest-openssh-3.7.1_p2-r1 142
-MD5 2cb187d8f60994c5e1b5fef2bcb6e85d files/openssh-3.5_p1-gentoo-sshd-gcc3.patch 315
+MD5 0feff9b09e482567359625301bddce1c metadata.xml 1329
+MD5 07179e41e3c7d022657732605478a8bd openssh-3.8.1_p1.ebuild 4030
+MD5 ef231babf0904bcd0eef42f3c195f594 openssh-3.9_p1.ebuild 4124
+MD5 ec96fb49d91d5e77e391b92b93b76488 openssh-3.7.1_p2-r1.ebuild 4086
+MD5 5e42c267d017c8bcf5a68a8b16398736 files/openssh-3.8_p1-skey.patch 326
 MD5 9e179b1c0e3a139a5a9067c6e5bd6595 files/openssh-3.7.1_p1-selinux.diff 3389
+MD5 5dfcc55849d6f192385a209550890cf4 files/openssh-3.9_p1-selinux.diff 3278
+MD5 e95d63b8ba5af76772f92fec4544fa3d files/openssh-3.8.1_p1-largekey.patch 2986
+MD5 2f8fc1bd837220c9708d9d8b0730fe2c files/digest-openssh-3.7.1_p2-r2 142
+MD5 e62c6cfae268e95fb406080c91713c1a files/digest-openssh-3.8_p1 138
+MD5 7c16095191b5dc9d653dcb658650c88c files/digest-openssh-3.8.1_p1-r2 141
+MD5 5e42c267d017c8bcf5a68a8b16398736 files/openssh-3.9_p1-skey.patch 326
 MD5 b31110303673214476c57e1bed28e1ce files/openssh-skeychallenge-args.diff 925
+MD5 33b0a1a9cf8349c411da7e97e3a5df64 files/openssh-3.9_p1-opensc.patch 3499
+MD5 f3838696f97d8942b708798fa021c688 files/openssh-3.8.1_p1-kerberos.patch 745
+MD5 7c16095191b5dc9d653dcb658650c88c files/digest-openssh-3.8.1_p1-r1 141
+MD5 319cf9de283116bf886d3aab3d036249 files/openssh-3.8_p1-resolv_functions.patch 422
 MD5 b86ae0c43a704c4ee2abd2ce5c955f8f files/sshd.pam 294
-MD5 0a1428803057b7d25e624c6b297980d8 files/sshd.rc6 1281
-MD5 8f72054fc8c55107b5bf7ce13a8ad083 files/openssh-3.7.1_p2-chroot.patch 2884
-MD5 e62c6cfae268e95fb406080c91713c1a files/digest-openssh-3.8_p1 138
+MD5 8f72054fc8c55107b5bf7ce13a8ad083 files/openssh-3.9_p1-chroot.patch 2884
+MD5 33b0a1a9cf8349c411da7e97e3a5df64 files/openssh-3.8.1_p1-opensc.patch 3499
+MD5 7c16095191b5dc9d653dcb658650c88c files/digest-openssh-3.8.1_p1 141
+MD5 e7a7b68069e34f966baa81fe2ce239a5 files/openssh-3.9_p1-largekey.patch 3105
+MD5 2cb187d8f60994c5e1b5fef2bcb6e85d files/openssh-3.5_p1-gentoo-sshd-gcc3.patch 315
+MD5 205d23485d062d360fa7f50cc7d28be6 files/openssh-3.9_p1-sftplogging-1.2-gentoo.patch 23272
+MD5 9a7321e9cbe9b8851ee71a85322bab27 files/openssh-3.8.1p1-sftplogging-1.2-gentoo.patch 23240
 MD5 47853493e53ca7d4ac9942d6a76fb855 files/openssh-3.7.1_p2-kerberos.patch 1190
+MD5 8f72054fc8c55107b5bf7ce13a8ad083 files/openssh-3.8.1_p1-chroot.patch 2884
+MD5 2f8fc1bd837220c9708d9d8b0730fe2c files/digest-openssh-3.7.1_p2-r1 142
 MD5 9b53f18685eeb54c381c9bd11b9b80cc files/openssh-3.7.1_p2-skey.patch 326
-MD5 8f72054fc8c55107b5bf7ce13a8ad083 files/openssh-3.8_p1-chroot.patch 2884
+MD5 aea1862566d745a6263e0b4f318de80e files/digest-openssh-3.9_p1 65
 MD5 f3838696f97d8942b708798fa021c688 files/openssh-3.8_p1-kerberos.patch 745
-MD5 319cf9de283116bf886d3aab3d036249 files/openssh-3.8_p1-resolv_functions.patch 422
-MD5 5e42c267d017c8bcf5a68a8b16398736 files/openssh-3.8_p1-skey.patch 326
-MD5 7c16095191b5dc9d653dcb658650c88c files/digest-openssh-3.8.1_p1 141
-MD5 8f72054fc8c55107b5bf7ce13a8ad083 files/openssh-3.8.1_p1-chroot.patch 2884
-MD5 f3838696f97d8942b708798fa021c688 files/openssh-3.8.1_p1-kerberos.patch 745
+MD5 0a1428803057b7d25e624c6b297980d8 files/sshd.rc6 1281
 MD5 319cf9de283116bf886d3aab3d036249 files/openssh-3.8.1_p1-resolv_functions.patch 422
 MD5 5e42c267d017c8bcf5a68a8b16398736 files/openssh-3.8.1_p1-skey.patch 326
-MD5 7c16095191b5dc9d653dcb658650c88c files/digest-openssh-3.8.1_p1-r1 141
-MD5 7c16095191b5dc9d653dcb658650c88c files/digest-openssh-3.8.1_p1-r2 141
-MD5 33b0a1a9cf8349c411da7e97e3a5df64 files/openssh-3.8.1_p1-opensc.patch 3499
-MD5 e95d63b8ba5af76772f92fec4544fa3d files/openssh-3.8.1_p1-largekey.patch 2986
-MD5 aea1862566d745a6263e0b4f318de80e files/digest-openssh-3.9_p1 65
-MD5 9a7321e9cbe9b8851ee71a85322bab27 files/openssh-3.8.1p1-sftplogging-1.2-gentoo.patch 23240
-MD5 8f72054fc8c55107b5bf7ce13a8ad083 files/openssh-3.9_p1-chroot.patch 2884
-MD5 e7a7b68069e34f966baa81fe2ce239a5 files/openssh-3.9_p1-largekey.patch 3105
-MD5 33b0a1a9cf8349c411da7e97e3a5df64 files/openssh-3.9_p1-opensc.patch 3499
-MD5 205d23485d062d360fa7f50cc7d28be6 files/openssh-3.9_p1-sftplogging-1.2-gentoo.patch 23272
-MD5 5e42c267d017c8bcf5a68a8b16398736 files/openssh-3.9_p1-skey.patch 326
+MD5 8f72054fc8c55107b5bf7ce13a8ad083 files/openssh-3.8_p1-chroot.patch 2884
+MD5 8f72054fc8c55107b5bf7ce13a8ad083 files/openssh-3.7.1_p2-chroot.patch 2884
 -----BEGIN PGP SIGNATURE-----
-Version: GnuPG v1.9.10 (GNU/Linux)
+Version: GnuPG v1.2.5 (GNU/Linux)
 
-iD8DBQFBJMgXHTu7gpaalycRAgPSAKDJI+pIVTPzBwU7/RSl8OHS8SvLUACgrNGd
-D0TI/xySLv6DAj5n2RnOgRw=
-=lnjC
+iD8DBQFBJTWHGFJQsIJWJy4RAgHRAJ0XtpCwlSTwwHzAylJv1eklWtMRfwCfdLOd
+ViRcLnxFC1HDuiDpDzbN2IY=
+=gY1i
 -----END PGP SIGNATURE-----
diff --git a/net-misc/openssh/files/openssh-3.9_p1-selinux.diff b/net-misc/openssh/files/openssh-3.9_p1-selinux.diff
new file mode 100644
index 000000000000..e845c683d874
--- /dev/null
+++ b/net-misc/openssh/files/openssh-3.9_p1-selinux.diff
@@ -0,0 +1,110 @@
+diff -urN openssh-3.7.1p1.orig/Makefile.in openssh-3.7.1p1/Makefile.in
+--- openssh-3.7.1p1.orig/Makefile.in	2003-09-13 20:40:36.000000000 -0500
++++ openssh-3.7.1p1/Makefile.in	2003-09-19 19:08:04.000000000 -0500
+@@ -40,7 +40,7 @@
+ 
+ CC=@CC@
+ LD=@LD@
+-CFLAGS=@CFLAGS@
++CFLAGS=@CFLAGS@ -DWITH_SELINUX
+ CPPFLAGS=-I. -I$(srcdir) @CPPFLAGS@ $(PATHS) @DEFS@
+ LIBS=@LIBS@
+ LIBPAM=@LIBPAM@
+@@ -53,7 +53,7 @@
+ SED=@SED@
+ ENT=@ENT@
+ XAUTH_PATH=@XAUTH_PATH@
+-LDFLAGS=-L. -Lopenbsd-compat/ @LDFLAGS@
++LDFLAGS=-L. -Lopenbsd-compat/ @LDFLAGS@ -lselinux
+ EXEEXT=@EXEEXT@
+ 
+ INSTALL_SSH_PRNG_CMDS=@INSTALL_SSH_PRNG_CMDS@
+diff -urN openssh-3.7.1p1.orig/session.c openssh-3.7.1p1/session.c
+--- openssh-3.7.1p1.orig/session.c	2003-09-15 20:52:19.000000000 -0500
++++ openssh-3.7.1p1/session.c	2003-09-19 19:08:36.000000000 -0500
+@@ -66,6 +66,11 @@
+ #include "ssh-gss.h"
+ #endif
+ 
++#ifdef WITH_SELINUX
++#include <selinux/get_context_list.h>
++#include <selinux/selinux.h>
++#endif
++
+ /* func */
+ 
+ Session *session_new(void);
+@@ -1304,6 +1309,19 @@
+ #endif
+ 	if (getuid() != pw->pw_uid || geteuid() != pw->pw_uid)
+ 		fatal("Failed to set uids to %u.", (u_int) pw->pw_uid);
++#ifdef WITH_SELINUX
++	if (is_selinux_enabled())
++	  {
++	    security_context_t scontext;
++	    if (get_default_context(pw->pw_name,NULL,&scontext))
++	      fatal("Failed to get default security context for %s.", pw->pw_name);
++	    if (setexeccon(scontext)) {
++	      freecon(scontext);
++	      fatal("Failed to set exec security context %s for %s.", scontext, pw->pw_name);
++	    }
++	    freecon(scontext);
++	  }
++#endif
+ }
+ 
+ static void
+diff -urN openssh-3.7.1p1.orig/sshpty.c openssh-3.7.1p1/sshpty.c
+--- openssh-3.7.1p1.orig/sshpty.c	2003-08-24 20:16:21.000000000 -0500
++++ openssh-3.7.1p1/sshpty.c	2003-09-19 19:08:04.000000000 -0500
+@@ -30,6 +30,12 @@
+ #define O_NOCTTY 0
+ #endif
+
++#ifdef WITH_SELINUX
++#include <selinux/flask.h>
++#include <selinux/get_context_list.h>
++#include <selinux/selinux.h>
++#endif
++
+ /*
+  * Allocates and opens a pty.  Returns 0 if no pty could be allocated, or
+  * nonzero if a pty was successfully allocated.  On success, open file
+@@ -196,6 +202,37 @@
+ 	 * Warn but continue if filesystem is read-only and the uids match/
+ 	 * tty is owned by root.
+ 	 */
++#ifdef WITH_SELINUX
++	if (is_selinux_enabled()) {
++	  security_context_t 	  new_tty_context=NULL,
++	    user_context=NULL, old_tty_context=NULL; 
++
++	  if (get_default_context(pw->pw_name,NULL,&user_context))
++	      fatal("Failed to get default security context for %s.", pw->pw_name);
++
++	  if (getfilecon(tty, &old_tty_context)<0) {
++	    error("getfilecon(%.100s) failed: %.100s", tty,
++		  strerror(errno));
++	  }
++	  else 
++	    {
++	      if ( security_compute_relabel(user_context,old_tty_context,SECCLASS_CHR_FILE,&new_tty_context)!=0) {
++		error("security_compute_relabel(%.100s) failed: %.100s", tty,
++		      strerror(errno));
++	      } 
++	      else 
++		{
++		  if (setfilecon (tty, new_tty_context) != 0) {
++		    error("setfilecon(%.100s, %s) failed: %.100s",
++			  tty, new_tty_context, strerror(errno));
++		  }
++		  freecon(new_tty_context);
++		}
++	      freecon(old_tty_context);
++	    }
++	  freecon(user_context);
++	}
++#endif
+ 	if (stat(tty, &st))
+ 		fatal("stat(%.100s) failed: %.100s", tty,
+ 		    strerror(errno));
diff --git a/net-misc/openssh/openssh-3.9_p1.ebuild b/net-misc/openssh/openssh-3.9_p1.ebuild
index cbb7321d34df..1b838604ea2e 100644
--- a/net-misc/openssh/openssh-3.9_p1.ebuild
+++ b/net-misc/openssh/openssh-3.9_p1.ebuild
@@ -1,6 +1,6 @@
 # Copyright 1999-2004 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/net-misc/openssh/openssh-3.9_p1.ebuild,v 1.2 2004/08/19 15:32:22 vapier Exp $
+# $Header: /var/cvsroot/gentoo-x86/net-misc/openssh/openssh-3.9_p1.ebuild,v 1.3 2004/08/19 23:19:09 pebenito Exp $
 
 inherit eutils flag-o-matic ccc gnuconfig
 
@@ -10,6 +10,7 @@ PARCH=${P/_/}
 
 SFTPLOG_PATCH_VER="1.2"
 X509_PATCH="${PARCH}+x509h.diff.gz"
+SELINUX_PATCH="openssh-3.9_p1-selinux.diff"
 
 S=${WORKDIR}/${PARCH}
 DESCRIPTION="Port of OpenBSD's free SSH release"
@@ -41,7 +42,7 @@ DEPEND="${RDEPEND}
 PROVIDE="virtual/ssh"
 
 pkg_setup() {
-	if use X509 || use selinux; then
+	if use X509; then
 		eerror "No updated patch available for ${P}."
 		die
 	fi
@@ -57,7 +58,7 @@ src_unpack() {
 	use skey && epatch ${FILESDIR}/${P}-skey.patch
 	use chroot && epatch ${FILESDIR}/${P}-chroot.patch
 #	use X509 && epatch ${DISTDIR}/${X509_PATCH}
-#	use selinux && epatch ${FILESDIR}/${SELINUX_PATCH}
+	use selinux && epatch ${FILESDIR}/${SELINUX_PATCH}
 	use smartcard && epatch ${FILESDIR}/${P}-opensc.patch
 }