[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#465614: marked as done (bad selinux user context, broken openssh configure script)



Your message dated Wed, 13 Feb 2008 19:02:08 +0000
with message-id <E1JPMrw-0007lH-GM@ries.debian.org>
and subject line Bug#465614: fixed in openssh 1:4.7p1-4
has caused the Debian Bug report #465614,
regarding bad selinux user context, broken openssh configure script
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
465614: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=465614
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message ---
Package: openssh-server
Version: 1:4.7p1-3
Severity: important
Tags: selinux patch

Hi,
there is a problem with this version of openssh server and enabled
SELinux. User mapping to SELinux user don't work.

A small fix of configure script is needed. I rebuild openssh package
myself with attached patch.
See http://readlist.com/lists/tycho.nsa.gov/selinux/1/9751.html


-- System Information:
Debian Release: lenny/sid
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: i386 (i686)

Kernel: Linux 2.6.18-6-xen-686 (SMP w/1 CPU core)
Locale: LANG=C, LC_CTYPE=cs_CZ.ISO-8859-2 (charmap=ISO-8859-2)
Shell: /bin/sh linked to /bin/bash

Versions of packages openssh-server depends on:
ii  adduser               3.105              add and remove users and groups
ii  debconf [debconf-2.0] 1.5.19             Debian configuration management sy
ii  dpkg                  1.14.16.6          package maintenance system for Deb
ii  libc6                 2.7-6              GNU C Library: Shared libraries
ii  libcomerr2            1.40.6-1           common error description library
ii  libkrb53              1.6.dfsg.3~beta1-2 MIT Kerberos runtime libraries
ii  libpam-modules        0.99.7.1-5         Pluggable Authentication Modules f
ii  libpam-runtime        0.99.7.1-5         Runtime support for the PAM librar
ii  libpam0g              0.99.7.1-5         Pluggable Authentication Modules l
ii  libselinux1           2.0.35-1           SELinux shared libraries
ii  libssl0.9.8           0.9.8g-4           SSL shared libraries
ii  libwrap0              7.6.dbs-14         Wietse Venema's TCP wrappers libra
ii  lsb-base              3.1-24             Linux Standard Base 3.1 init scrip
ii  openssh-client        1:4.7p1-3          secure shell client, an rlogin/rsh
ii  zlib1g                1:1.2.3.3.dfsg-11  compression library - runtime

openssh-server recommends no packages.

-- debconf information excluded
commit d834d15bde3e33e1789866e4df11fd9012da8ca3
Author: Vaclav Ovsik <vaclav.ovsik@i.cz>
Date:   Wed Feb 13 16:25:18 2008 +0100

    configure: fixed checking getseuserbyname() by adding -lselinux

diff --git a/configure b/configure
index 98a7bb2..9696cad 100755
--- a/configure
+++ b/configure
@@ -25715,6 +25715,7 @@ echo "$as_me: error: SELinux support requires libselinux library" >&2;}
 fi
 
 		SSHDLIBS="$SSHDLIBS $LIBSELINUX"
+		LIBS="$LIBS $LIBSELINUX"
 
 
 for ac_func in getseuserbyname get_default_context_with_level
diff --git a/configure.ac b/configure.ac
index 64ef3c6..234c60b 100644
--- a/configure.ac
+++ b/configure.ac
@@ -3243,6 +3243,7 @@ AC_ARG_WITH(selinux,
 		AC_CHECK_LIB(selinux, setexeccon, [ LIBSELINUX="-lselinux" ],
 		    AC_MSG_ERROR(SELinux support requires libselinux library))
 		SSHDLIBS="$SSHDLIBS $LIBSELINUX"
+		LIBS="$LIBS $LIBSELINUX"
 		AC_CHECK_FUNCS(getseuserbyname get_default_context_with_level)
 		LIBS="$save_LIBS"
 	fi ]
diff --git a/debian/changelog b/debian/changelog
index 5ad60f1..2b1af36 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,9 @@
+openssh (1:4.7p1-4~icz+1) unstable; urgency=low
+
+  * configure: fixed checking getseuserbyname() by adding -lselinux
+
+ -- Vaclav Ovsik <vaclav.ovsik@i.cz>  Wed, 13 Feb 2008 16:24:48 +0100
+
 openssh (1:4.7p1-3) unstable; urgency=low
 
   * Improve grammar of ssh-askpass-gnome description.

--- End Message ---
--- Begin Message ---
Source: openssh
Source-Version: 1:4.7p1-4

We believe that the bug you reported is fixed in the latest version of
openssh, which is due to be installed in the Debian FTP archive:

openssh-client-udeb_4.7p1-4_i386.udeb
  to pool/main/o/openssh/openssh-client-udeb_4.7p1-4_i386.udeb
openssh-client_4.7p1-4_i386.deb
  to pool/main/o/openssh/openssh-client_4.7p1-4_i386.deb
openssh-server-udeb_4.7p1-4_i386.udeb
  to pool/main/o/openssh/openssh-server-udeb_4.7p1-4_i386.udeb
openssh-server_4.7p1-4_i386.deb
  to pool/main/o/openssh/openssh-server_4.7p1-4_i386.deb
openssh_4.7p1-4.diff.gz
  to pool/main/o/openssh/openssh_4.7p1-4.diff.gz
openssh_4.7p1-4.dsc
  to pool/main/o/openssh/openssh_4.7p1-4.dsc
ssh-askpass-gnome_4.7p1-4_i386.deb
  to pool/main/o/openssh/ssh-askpass-gnome_4.7p1-4_i386.deb
ssh-krb5_4.7p1-4_all.deb
  to pool/main/o/openssh/ssh-krb5_4.7p1-4_all.deb
ssh_4.7p1-4_all.deb
  to pool/main/o/openssh/ssh_4.7p1-4_all.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 465614@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Colin Watson <cjwatson@debian.org> (supplier of updated openssh package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Wed, 13 Feb 2008 18:18:52 +0000
Source: openssh
Binary: openssh-client openssh-server ssh ssh-krb5 ssh-askpass-gnome openssh-client-udeb openssh-server-udeb
Architecture: source all i386
Version: 1:4.7p1-4
Distribution: unstable
Urgency: low
Maintainer: Debian OpenSSH Maintainers <debian-ssh@lists.debian.org>
Changed-By: Colin Watson <cjwatson@debian.org>
Description: 
 openssh-client - secure shell client, an rlogin/rsh/rcp replacement
 openssh-client-udeb - secure shell client for the Debian installer (udeb)
 openssh-server - secure shell server, an rshd replacement
 openssh-server-udeb - secure shell server for the Debian installer (udeb)
 ssh        - secure shell client and server (metapackage)
 ssh-askpass-gnome - interactive X program to prompt users for a passphrase for ssh-ad
 ssh-krb5   - secure shell client and server (transitional package)
Closes: 255870 465614
Changes: 
 openssh (1:4.7p1-4) unstable; urgency=low
 .
   [ Caleb Case ]
   * Fix configure detection of getseuserbyname and
     get_default_context_with_level (closes: #465614, LP: #188136).
 .
   [ Colin Watson ]
   * Include the autogenerated debian/copyright in the source package.
   * Move /etc/pam.d/ssh to /etc/pam.d/sshd, allowing us to stop defining
     SSHD_PAM_SERVICE (closes: #255870).
Files: 
 0e18f8e7f7f9b72d5b3952917c970794 1104 net standard openssh_4.7p1-4.dsc
 4255f3e6dfc3e959e4f26886347bf878 187162 net standard openssh_4.7p1-4.diff.gz
 b87b3b7eb6ae5d728158529d4d733637 1040 net extra ssh_4.7p1-4_all.deb
 81a4a99b3e2c660e6920049e5eddbf19 87610 net extra ssh-krb5_4.7p1-4_all.deb
 ba28c94daa90e9cfe439e360db028f42 662204 net standard openssh-client_4.7p1-4_i386.deb
 9ad89f503ab9b5256999b2e7b0b94f76 244132 net optional openssh-server_4.7p1-4_i386.deb
 eb5d36f9539a53095ecf4a364f148c0d 95096 gnome optional ssh-askpass-gnome_4.7p1-4_i386.deb
 43bae32a82388045eb4726ac1ed9dc88 158554 debian-installer optional openssh-client-udeb_4.7p1-4_i386.udeb
 527b769a128dc48fcdbd4faf2b25b833 169090 debian-installer optional openssh-server-udeb_4.7p1-4_i386.udeb
Package-Type: udeb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Colin Watson <cjwatson@debian.org> -- Debian developer

iD8DBQFHsztp9t0zAhD6TNERApdpAJsE46HcZoMa0m3IKAKqlsRYU0VTXQCeIkTS
PriU9C7kzeUm7YCtcyriERw=
=uYmT
-----END PGP SIGNATURE-----



--- End Message ---

Reply to: