From 11c3be8c5f6f2e2fd9087efc3d0f2b7a8ed52694 Mon Sep 17 00:00:00 2001 From: CentOS Sources Date: May 12 2015 16:09:33 +0000 Subject: import openssh-6.6.1p1-12.el7_1 --- diff --git a/SOURCES/openssh-6.6.1p1-mls-fix-labeling.patch b/SOURCES/openssh-6.6.1p1-mls-fix-labeling.patch new file mode 100644 index 0000000..1e8a8e2 --- /dev/null +++ b/SOURCES/openssh-6.6.1p1-mls-fix-labeling.patch @@ -0,0 +1,17 @@ +diff --git a/openbsd-compat/port-linux.c b/openbsd-compat/port-linux.c +index 22ea8ef..2660085 100644 +--- a/openbsd-compat/port-linux.c ++++ b/openbsd-compat/port-linux.c +@@ -116,7 +116,11 @@ ssh_selinux_setup_pty(char *pwname, const char *tty) + + debug3("%s: setting TTY context on %s", __func__, tty); + +- user_ctx = ssh_selinux_getctxbyname(pwname); ++ if (getexeccon(&user_ctx) != 0) { ++ error("%s: getexeccon: %s", __func__, strerror(errno)); ++ goto out; ++ } ++ + + /* XXX: should these calls fatal() upon failure in enforcing mode? */ + diff --git a/SPECS/openssh.spec b/SPECS/openssh.spec index c677a1e..c4abf71 100644 --- a/SPECS/openssh.spec +++ b/SPECS/openssh.spec @@ -64,7 +64,7 @@ # Do not forget to bump pam_ssh_agent_auth release if you rewind the main package release to 1 %define openssh_ver 6.6.1p1 -%define openssh_rel 11 +%define openssh_rel 12 %define pam_ssh_agent_ver 0.9.3 %define pam_ssh_agent_rel 9 @@ -217,6 +217,8 @@ Patch915: openssh-6.6.1p1-servconf-parser.patch Patch916: openssh-6.6.1p1-ignore-SIGXFSZ-in-postauth.patch # log via monitor in chroots without /dev/log (#1083482) Patch918: openssh-6.6.1p1-log-in-chroot.patch +# MLS labeling according to chosen sensitivity (#1202843) +Patch919: openssh-6.6.1p1-mls-fix-labeling.patch License: BSD Group: Applications/Internet @@ -438,6 +440,7 @@ popd %patch915 -p1 -b .servconf %patch916 -p1 -b .SIGXFSZ %patch918 -p1 -b .log-in-chroot +%patch919 -p1 -b .mls-labels %patch802 -p1 -b .GSSAPIEnablek5users %patch200 -p1 -b .audit @@ -762,6 +765,9 @@ getent passwd sshd >/dev/null || \ %endif %changelog +* Thu Mar 19 2015 Jakub Jelen 6.6.1p1-12 + 0.9.3-9 +- Fix labeling in MLS according to selected sensitivity (#1202843) + * Fri Jan 16 2015 Petr Lautrbach 6.6.1p1-11 + 0.9.3-9 - fix direction in CRYPTO_SESSION audit message (#1171248)