Bug#465614: bad selinux user context, broken openssh configure script
Package: openssh-server
Version: 1:4.7p1-3
Severity: important
Tags: selinux patch
Hi,
there is a problem with this version of openssh server and enabled
SELinux. User mapping to SELinux user don't work.
A small fix of configure script is needed. I rebuild openssh package
myself with attached patch.
See http://readlist.com/lists/tycho.nsa.gov/selinux/1/9751.html
-- System Information:
Debian Release: lenny/sid
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: i386 (i686)
Kernel: Linux 2.6.18-6-xen-686 (SMP w/1 CPU core)
Locale: LANG=C, LC_CTYPE=cs_CZ.ISO-8859-2 (charmap=ISO-8859-2)
Shell: /bin/sh linked to /bin/bash
Versions of packages openssh-server depends on:
ii adduser 3.105 add and remove users and groups
ii debconf [debconf-2.0] 1.5.19 Debian configuration management sy
ii dpkg 1.14.16.6 package maintenance system for Deb
ii libc6 2.7-6 GNU C Library: Shared libraries
ii libcomerr2 1.40.6-1 common error description library
ii libkrb53 1.6.dfsg.3~beta1-2 MIT Kerberos runtime libraries
ii libpam-modules 0.99.7.1-5 Pluggable Authentication Modules f
ii libpam-runtime 0.99.7.1-5 Runtime support for the PAM librar
ii libpam0g 0.99.7.1-5 Pluggable Authentication Modules l
ii libselinux1 2.0.35-1 SELinux shared libraries
ii libssl0.9.8 0.9.8g-4 SSL shared libraries
ii libwrap0 7.6.dbs-14 Wietse Venema's TCP wrappers libra
ii lsb-base 3.1-24 Linux Standard Base 3.1 init scrip
ii openssh-client 1:4.7p1-3 secure shell client, an rlogin/rsh
ii zlib1g 1:1.2.3.3.dfsg-11 compression library - runtime
openssh-server recommends no packages.
-- debconf information excluded
commit d834d15bde3e33e1789866e4df11fd9012da8ca3
Author: Vaclav Ovsik <vaclav.ovsik@i.cz>
Date: Wed Feb 13 16:25:18 2008 +0100
configure: fixed checking getseuserbyname() by adding -lselinux
diff --git a/configure b/configure
index 98a7bb2..9696cad 100755
--- a/configure
+++ b/configure
@@ -25715,6 +25715,7 @@ echo "$as_me: error: SELinux support requires libselinux library" >&2;}
fi
SSHDLIBS="$SSHDLIBS $LIBSELINUX"
+ LIBS="$LIBS $LIBSELINUX"
for ac_func in getseuserbyname get_default_context_with_level
diff --git a/configure.ac b/configure.ac
index 64ef3c6..234c60b 100644
--- a/configure.ac
+++ b/configure.ac
@@ -3243,6 +3243,7 @@ AC_ARG_WITH(selinux,
AC_CHECK_LIB(selinux, setexeccon, [ LIBSELINUX="-lselinux" ],
AC_MSG_ERROR(SELinux support requires libselinux library))
SSHDLIBS="$SSHDLIBS $LIBSELINUX"
+ LIBS="$LIBS $LIBSELINUX"
AC_CHECK_FUNCS(getseuserbyname get_default_context_with_level)
LIBS="$save_LIBS"
fi ]
diff --git a/debian/changelog b/debian/changelog
index 5ad60f1..2b1af36 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,9 @@
+openssh (1:4.7p1-4~icz+1) unstable; urgency=low
+
+ * configure: fixed checking getseuserbyname() by adding -lselinux
+
+ -- Vaclav Ovsik <vaclav.ovsik@i.cz> Wed, 13 Feb 2008 16:24:48 +0100
+
openssh (1:4.7p1-3) unstable; urgency=low
* Improve grammar of ssh-askpass-gnome description.
Reply to: