--- Begin Message ---
Package: openssh-server
Version: 1:4.7p1-3
Severity: important
Tags: selinux patch
Hi,
there is a problem with this version of openssh server and enabled
SELinux. User mapping to SELinux user don't work.
A small fix of configure script is needed. I rebuild openssh package
myself with attached patch.
See http://readlist.com/lists/tycho.nsa.gov/selinux/1/9751.html
-- System Information:
Debian Release: lenny/sid
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: i386 (i686)
Kernel: Linux 2.6.18-6-xen-686 (SMP w/1 CPU core)
Locale: LANG=C, LC_CTYPE=cs_CZ.ISO-8859-2 (charmap=ISO-8859-2)
Shell: /bin/sh linked to /bin/bash
Versions of packages openssh-server depends on:
ii adduser 3.105 add and remove users and groups
ii debconf [debconf-2.0] 1.5.19 Debian configuration management sy
ii dpkg 1.14.16.6 package maintenance system for Deb
ii libc6 2.7-6 GNU C Library: Shared libraries
ii libcomerr2 1.40.6-1 common error description library
ii libkrb53 1.6.dfsg.3~beta1-2 MIT Kerberos runtime libraries
ii libpam-modules 0.99.7.1-5 Pluggable Authentication Modules f
ii libpam-runtime 0.99.7.1-5 Runtime support for the PAM librar
ii libpam0g 0.99.7.1-5 Pluggable Authentication Modules l
ii libselinux1 2.0.35-1 SELinux shared libraries
ii libssl0.9.8 0.9.8g-4 SSL shared libraries
ii libwrap0 7.6.dbs-14 Wietse Venema's TCP wrappers libra
ii lsb-base 3.1-24 Linux Standard Base 3.1 init scrip
ii openssh-client 1:4.7p1-3 secure shell client, an rlogin/rsh
ii zlib1g 1:1.2.3.3.dfsg-11 compression library - runtime
openssh-server recommends no packages.
-- debconf information excluded
commit d834d15bde3e33e1789866e4df11fd9012da8ca3
Author: Vaclav Ovsik <vaclav.ovsik@i.cz>
Date: Wed Feb 13 16:25:18 2008 +0100
configure: fixed checking getseuserbyname() by adding -lselinux
diff --git a/configure b/configure
index 98a7bb2..9696cad 100755
--- a/configure
+++ b/configure
@@ -25715,6 +25715,7 @@ echo "$as_me: error: SELinux support requires libselinux library" >&2;}
fi
SSHDLIBS="$SSHDLIBS $LIBSELINUX"
+ LIBS="$LIBS $LIBSELINUX"
for ac_func in getseuserbyname get_default_context_with_level
diff --git a/configure.ac b/configure.ac
index 64ef3c6..234c60b 100644
--- a/configure.ac
+++ b/configure.ac
@@ -3243,6 +3243,7 @@ AC_ARG_WITH(selinux,
AC_CHECK_LIB(selinux, setexeccon, [ LIBSELINUX="-lselinux" ],
AC_MSG_ERROR(SELinux support requires libselinux library))
SSHDLIBS="$SSHDLIBS $LIBSELINUX"
+ LIBS="$LIBS $LIBSELINUX"
AC_CHECK_FUNCS(getseuserbyname get_default_context_with_level)
LIBS="$save_LIBS"
fi ]
diff --git a/debian/changelog b/debian/changelog
index 5ad60f1..2b1af36 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,9 @@
+openssh (1:4.7p1-4~icz+1) unstable; urgency=low
+
+ * configure: fixed checking getseuserbyname() by adding -lselinux
+
+ -- Vaclav Ovsik <vaclav.ovsik@i.cz> Wed, 13 Feb 2008 16:24:48 +0100
+
openssh (1:4.7p1-3) unstable; urgency=low
* Improve grammar of ssh-askpass-gnome description.
--- End Message ---
--- Begin Message ---
Source: openssh
Source-Version: 1:4.7p1-4
We believe that the bug you reported is fixed in the latest version of
openssh, which is due to be installed in the Debian FTP archive:
openssh-client-udeb_4.7p1-4_i386.udeb
to pool/main/o/openssh/openssh-client-udeb_4.7p1-4_i386.udeb
openssh-client_4.7p1-4_i386.deb
to pool/main/o/openssh/openssh-client_4.7p1-4_i386.deb
openssh-server-udeb_4.7p1-4_i386.udeb
to pool/main/o/openssh/openssh-server-udeb_4.7p1-4_i386.udeb
openssh-server_4.7p1-4_i386.deb
to pool/main/o/openssh/openssh-server_4.7p1-4_i386.deb
openssh_4.7p1-4.diff.gz
to pool/main/o/openssh/openssh_4.7p1-4.diff.gz
openssh_4.7p1-4.dsc
to pool/main/o/openssh/openssh_4.7p1-4.dsc
ssh-askpass-gnome_4.7p1-4_i386.deb
to pool/main/o/openssh/ssh-askpass-gnome_4.7p1-4_i386.deb
ssh-krb5_4.7p1-4_all.deb
to pool/main/o/openssh/ssh-krb5_4.7p1-4_all.deb
ssh_4.7p1-4_all.deb
to pool/main/o/openssh/ssh_4.7p1-4_all.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 465614@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Colin Watson <cjwatson@debian.org> (supplier of updated openssh package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Wed, 13 Feb 2008 18:18:52 +0000
Source: openssh
Binary: openssh-client openssh-server ssh ssh-krb5 ssh-askpass-gnome openssh-client-udeb openssh-server-udeb
Architecture: source all i386
Version: 1:4.7p1-4
Distribution: unstable
Urgency: low
Maintainer: Debian OpenSSH Maintainers <debian-ssh@lists.debian.org>
Changed-By: Colin Watson <cjwatson@debian.org>
Description:
openssh-client - secure shell client, an rlogin/rsh/rcp replacement
openssh-client-udeb - secure shell client for the Debian installer (udeb)
openssh-server - secure shell server, an rshd replacement
openssh-server-udeb - secure shell server for the Debian installer (udeb)
ssh - secure shell client and server (metapackage)
ssh-askpass-gnome - interactive X program to prompt users for a passphrase for ssh-ad
ssh-krb5 - secure shell client and server (transitional package)
Closes: 255870 465614
Changes:
openssh (1:4.7p1-4) unstable; urgency=low
.
[ Caleb Case ]
* Fix configure detection of getseuserbyname and
get_default_context_with_level (closes: #465614, LP: #188136).
.
[ Colin Watson ]
* Include the autogenerated debian/copyright in the source package.
* Move /etc/pam.d/ssh to /etc/pam.d/sshd, allowing us to stop defining
SSHD_PAM_SERVICE (closes: #255870).
Files:
0e18f8e7f7f9b72d5b3952917c970794 1104 net standard openssh_4.7p1-4.dsc
4255f3e6dfc3e959e4f26886347bf878 187162 net standard openssh_4.7p1-4.diff.gz
b87b3b7eb6ae5d728158529d4d733637 1040 net extra ssh_4.7p1-4_all.deb
81a4a99b3e2c660e6920049e5eddbf19 87610 net extra ssh-krb5_4.7p1-4_all.deb
ba28c94daa90e9cfe439e360db028f42 662204 net standard openssh-client_4.7p1-4_i386.deb
9ad89f503ab9b5256999b2e7b0b94f76 244132 net optional openssh-server_4.7p1-4_i386.deb
eb5d36f9539a53095ecf4a364f148c0d 95096 gnome optional ssh-askpass-gnome_4.7p1-4_i386.deb
43bae32a82388045eb4726ac1ed9dc88 158554 debian-installer optional openssh-client-udeb_4.7p1-4_i386.udeb
527b769a128dc48fcdbd4faf2b25b833 169090 debian-installer optional openssh-server-udeb_4.7p1-4_i386.udeb
Package-Type: udeb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Colin Watson <cjwatson@debian.org> -- Debian developer
iD8DBQFHsztp9t0zAhD6TNERApdpAJsE46HcZoMa0m3IKAKqlsRYU0VTXQCeIkTS
PriU9C7kzeUm7YCtcyriERw=
=uYmT
-----END PGP SIGNATURE-----
--- End Message ---