Bug#950473: marked as done (Please remove usage of hardcoded SELinux security classes)

["Debian Bug Tracking System" <owner@bugs.debian.org>]

Your message dated Sat, 25 Jul 2020 00:08:35 +0000
with message-id <E1jz7jv-00017i-9D@fasolo.debian.org>
and subject line Bug#950473: fixed in openssh-ssh1 1:7.5p1-12
has caused the Debian Bug report #950473,
regarding Please remove usage of hardcoded SELinux security classes
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
950473: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=950473
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

• To: Debian Bug Tracking System <submit@bugs.debian.org>
• Subject: Please remove usage of hardcoded SELinux security classes
• From: Laurent Bigonville <bigon@debian.org>
• Date: Sun, 02 Feb 2020 11:49:33 +0100
• Message-id: <158064057376.106333.15764046922249516384.reportbug@fornost.bigon.be>

Source: openssh-ssh1
Version: 1:7.5p1-11
Severity: normal
User: selinux-devel@lists.alioth.debian.org
Usertags: selinux selinux-aware

Hello,

It looks like this package is using hardcoded SELinux security classes,
this is deprecated in libselinux for about 5 years and upstream is
planning to remove support for this in their upcoming release (3.1).

Please remove the selinux/flask.h include and port to the new API using
string_to_security_class() instead of the hardcoded class.

AFAICS, it's only used for SECCLASS_CHR_FILE class in openbsd-compat/port-linux.c

Kind regards,

Laurent Bigonville


-- System Information:
Debian Release: bullseye/sid
  APT prefers unstable-debug
  APT policy: (500, 'unstable-debug'), (500, 'unstable'), (1, 'experimental-debug'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 5.4.0-3-amd64 (SMP w/8 CPU cores)
Kernel taint flags: TAINT_FIRMWARE_WORKAROUND
Locale: LANG=fr_BE.UTF-8, LC_CTYPE=fr_BE.UTF-8 (charmap=UTF-8), LANGUAGE=fr_BE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: SELinux: enabled - Mode: Permissive - Policy name: refpolicy

--- End Message ---

--- Begin Message ---

• To: 950473-close@bugs.debian.org
• Subject: Bug#950473: fixed in openssh-ssh1 1:7.5p1-12
• From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
• Date: Sat, 25 Jul 2020 00:08:35 +0000
• Message-id: <E1jz7jv-00017i-9D@fasolo.debian.org>
• Reply-to: Colin Watson <cjwatson@debian.org>

Source: openssh-ssh1
Source-Version: 1:7.5p1-12
Done: Colin Watson <cjwatson@debian.org>

We believe that the bug you reported is fixed in the latest version of
openssh-ssh1, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 950473@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Colin Watson <cjwatson@debian.org> (supplier of updated openssh-ssh1 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Sat, 25 Jul 2020 00:41:01 +0100
Source: openssh-ssh1
Architecture: source
Version: 1:7.5p1-12
Distribution: unstable
Urgency: medium
Maintainer: Debian OpenSSH Maintainers <debian-ssh@lists.debian.org>
Changed-By: Colin Watson <cjwatson@debian.org>
Closes: 950473
Changes:
 openssh-ssh1 (1:7.5p1-12) unstable; urgency=medium
 .
   * Use debhelper-compat instead of debian/compat.
   * Cherry-pick from upstream:
     - Avoid inclusion of deprecated selinux/flask.h (closes: #950473).
Checksums-Sha1:
 5b1412fc582cec8738997d6ba169eaad5042d044 2268 openssh-ssh1_7.5p1-12.dsc
 6844417a56572c2bd270219a74cca3553de41fc4 106128 openssh-ssh1_7.5p1-12.debian.tar.xz
Checksums-Sha256:
 4457e369175e560d0064bc55e7255917ce6ac1877e696c97e5e51ebb47617f25 2268 openssh-ssh1_7.5p1-12.dsc
 fb40466df6c3f1adef6fa0b3409282cb4d947875d2e1bbc062bde1a95d5cabfc 106128 openssh-ssh1_7.5p1-12.debian.tar.xz
Files:
 73633077f5391738b244f2a183811642 2268 net optional openssh-ssh1_7.5p1-12.dsc
 ff0d7aefc1048d76d401a8cd27aaabd1 106128 net optional openssh-ssh1_7.5p1-12.debian.tar.xz

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEErApP8SYRtvzPAcEROTWH2X2GUAsFAl8bchQACgkQOTWH2X2G
UAuQIg//dKKicgU7moNv4xWwESzUI7eYEwyQU/o8JuEDwLyo9hZ6lXN2UqR8y+sh
GjF3Rp+QPvlps0KPlxm7LRkp5Ng4hKRTNYj0B4EkzRdZjF7vbjdd6nmxP1GAuEbn
fW2+bWrk12gj9yUr3L1LcRHZQTV+AcezuFVdRM62YNRYiuB936K45hmajRIr/QGA
zxKW+HL8kWplV1rrutxc4gOJiwqXjjliBcykvrhsJBm4y4yW+HpGVUse0OOrcuTf
awiEeqia9FHODm7W5oJrdZZC2uaF+BCbex7mneWW7Idrxohls01cKMG41HJ34XEP
TExry90sWryFHNII2p3oPoDIfZLGZmH/PqaakfHEjA3+oeemY70Eg2Bi09DoXxh1
DiSx25UCkRptDjLYZwg16S8+KcFl9M+GXERrgZpxA3MjScTr6nvB3xQJxGUw61yp
Ge5byAUXUYjck7qrxtVS+Ejf7dl4CPlzLmAqNHHD7M9AC6kOpIdKMBL7L9yQApSJ
RIieOif3bmsIRLe3+gY92+4VG6t+9qvcQ0qZoz1gye0rDVLVHVJoQwPfOrLtKXVo
KKx2xeI0OMDgyvQaB3irxd5NNPjaWjs5dIFVITdUGKM/SiFN+KQSdKICY+AyuDgB
hHSGjOfkKD/Zdb+ZUYtlMhooxfgc9xWLdvXmt7Q+UKTaN0gku5c=
=J/vh
-----END PGP SIGNATURE-----

--- End Message ---