Announce: OpenSSH 5.7 released

Andreas M. Kirchwitz amk at spamfence.net
Tue Jan 25 03:08:13 EST 2011 

Damien Miller <djm at cvs.openbsd.org> wrote:

> OpenSSH 5.7 has just been released. It will be available from the
> mirrors listed at http://www.openssh.com/ shortly.

Thanks for the new release!

Updated from OpenSSH 5.6p1 to 5.7p1 on Fedora 14 Linux (32 Bit),
and there seems to be a minor glitch with SELinux support
(if configured with --with-selinux).

ssh.c now contains direct SELinux function calls (matchpathcon,
setfscreatecon), and compilation fails because the C headers
(selinux/selinux.h) are not included.

This can be fixed by adding this to ssh.c:

  #ifdef WITH_SELINUX
  #include <selinux/selinux.h>
  #endif

However, then linking of ssh.o fails, because the SELinux
library (-lselinux) is only used for sshd by default.
This can be fixed by changing the rule for ssh.*:

  ssh$(EXEEXT): $(LIBCOMPAT) libssh.a $(SSHOBJS)
    $(LD) -o $@ $(SSHOBJS) $(LDFLAGS) -lssh -lopenbsd-compat -lselinux $(LIBS)

After that, OpenSSH compiles and works fine. ;-)

Previously, all SELinux related stuff was cleanly encapsulated
in openbsd-compat/port-linux.c, so that might explain the
new dependencies that come through the changes in ssh.c.

I think most people who compile OpenSSH from source should be
able to fix this, so it's really not a big thing. But just
wanted to let you know so it might be fixed in the next version.

	Keep up the good work ... Andreas


===============================================================================
OpenSSH 5.7p1 SELinux patch
===============================================================================

--- Makefile.orig	2011-01-24 12:12:05.000000000 +0100
+++ Makefile	2011-01-24 12:14:42.000000000 +0100
@@ -142,7 +142,7 @@
 	$(RANLIB) $@
 
 ssh$(EXEEXT): $(LIBCOMPAT) libssh.a $(SSHOBJS)
-	$(LD) -o $@ $(SSHOBJS) $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS)
+	$(LD) -o $@ $(SSHOBJS) $(LDFLAGS) -lssh -lopenbsd-compat -lselinux $(LIBS)
 
 sshd$(EXEEXT): libssh.a	$(LIBCOMPAT) $(SSHDOBJS)
 	$(LD) -o $@ $(SSHDOBJS) $(LDFLAGS) -lssh -lopenbsd-compat $(SSHDLIBS) $(LIBS)
--- ssh.c.orig	2011-01-06 23:51:18.000000000 +0100
+++ ssh.c	2011-01-24 12:15:12.000000000 +0100
@@ -109,6 +109,10 @@
 #include "ssh-pkcs11.h"
 #endif
 
+#ifdef WITH_SELINUX
+#include <selinux/selinux.h>
+#endif
+
 extern char *__progname;
 
 /* Flag indicating whether debug mode is on.  May be set on the command line. */

More information about the openssh-unix-dev mailing list