Announce: OpenSSH 5.7 released

Damien Miller djm at mindrot.org
Tue Jan 25 11:17:19 EST 2011 

On Mon, 24 Jan 2011, Andreas M. Kirchwitz wrote:

> Damien Miller <djm at cvs.openbsd.org> wrote:
> 
> > OpenSSH 5.7 has just been released. It will be available from the
> > mirrors listed at http://www.openssh.com/ shortly.
> 
> Thanks for the new release!
> 
> Updated from OpenSSH 5.6p1 to 5.7p1 on Fedora 14 Linux (32 Bit),
> and there seems to be a minor glitch with SELinux support
> (if configured with --with-selinux).
> 
> ssh.c now contains direct SELinux function calls (matchpathcon,
> setfscreatecon), and compilation fails because the C headers
> (selinux/selinux.h) are not included.

[snip]

Thanks for the report and sorry for the hassle. I'd like to commit this
fix:


Index: Makefile.in
===================================================================
RCS file: /var/cvs/openssh/Makefile.in,v
retrieving revision 1.320
diff -u -p -r1.320 Makefile.in
--- Makefile.in	17 Jan 2011 10:15:29 -0000	1.320
+++ Makefile.in	25 Jan 2011 00:16:03 -0000
@@ -46,6 +46,7 @@ LD=@LD@
 CFLAGS=@CFLAGS@
 CPPFLAGS=-I. -I$(srcdir) @CPPFLAGS@ $(PATHS) @DEFS@
 LIBS=@LIBS@
+SSHLIBS=@SSHLIBS@
 SSHDLIBS=@SSHDLIBS@
 LIBEDIT=@LIBEDIT@
 AR=@AR@
@@ -142,7 +143,7 @@ libssh.a: $(LIBSSH_OBJS)
 	$(RANLIB) $@
 
 ssh$(EXEEXT): $(LIBCOMPAT) libssh.a $(SSHOBJS)
-	$(LD) -o $@ $(SSHOBJS) $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS)
+	$(LD) -o $@ $(SSHOBJS) $(LDFLAGS) -lssh -lopenbsd-compat $(SSHLIBS) $(LIBS)
 
 sshd$(EXEEXT): libssh.a	$(LIBCOMPAT) $(SSHDOBJS)
 	$(LD) -o $@ $(SSHDOBJS) $(LDFLAGS) -lssh -lopenbsd-compat $(SSHDLIBS) $(LIBS)
Index: configure.ac
===================================================================
RCS file: /var/cvs/openssh/configure.ac,v
retrieving revision 1.467
diff -u -p -r1.467 configure.ac
--- configure.ac	17 Jan 2011 10:15:30 -0000	1.467
+++ configure.ac	25 Jan 2011 00:16:03 -0000
@@ -737,7 +737,6 @@ mips-sony-bsd|mips-sony-newsos4)
 			[ AC_DEFINE(USE_SOLARIS_PROCESS_CONTRACTS, 1,
 				[Define if you have Solaris process contracts])
 			  SSHDLIBS="$SSHDLIBS -lcontract"
-			  AC_SUBST(SSHDLIBS)
 			  SPC_MSG="yes" ], )
 		],
 	)
@@ -748,7 +747,6 @@ mips-sony-bsd|mips-sony-newsos4)
 			[ AC_DEFINE(USE_SOLARIS_PROJECTS, 1,
 				[Define if you have Solaris projects])
 			SSHDLIBS="$SSHDLIBS -lproject"
-			AC_SUBST(SSHDLIBS)
 			SP_MSG="yes" ], )
 		],
 	)
@@ -3509,11 +3507,14 @@ AC_ARG_WITH(selinux,
 			  LIBS="$LIBS -lselinux"
 			],
 			AC_MSG_ERROR(SELinux support requires libselinux library))
+		SSHLIBS="$SSHLIBS $LIBSELINUX"
 		SSHDLIBS="$SSHDLIBS $LIBSELINUX"
 		AC_CHECK_FUNCS(getseuserbyname get_default_context_with_level)
 		LIBS="$save_LIBS"
 	fi ]
 )
+AC_SUBST(SSHLIBS)
+AC_SUBST(SSHDLIBS)
 
 # Check whether user wants Kerberos 5 support
 KRB5_MSG="no"
@@ -4334,6 +4335,9 @@ echo "      Linker flags: ${LDFLAGS}"
 echo "         Libraries: ${LIBS}"
 if test ! -z "${SSHDLIBS}"; then
 echo "         +for sshd: ${SSHDLIBS}"
+fi
+if test ! -z "${SSHLIBS}"; then
+echo "          +for ssh: ${SSHLIBS}"
 fi
 
 echo ""
Index: ssh.c
===================================================================
RCS file: /var/cvs/openssh/ssh.c,v
retrieving revision 1.350
diff -u -p -r1.350 ssh.c
--- ssh.c	6 Jan 2011 22:51:18 -0000	1.350
+++ ssh.c	25 Jan 2011 00:16:03 -0000
@@ -852,15 +852,12 @@ main(int ac, char **av)
 	    strcmp(pw->pw_dir, "/") ? "/" : "", _PATH_SSH_USER_DIR);
 	if (r > 0 && (size_t)r < sizeof(buf) && stat(buf, &st) < 0) {
 #ifdef WITH_SELINUX
-		char *scon;
-
-		matchpathcon(buf, 0700, &scon);
-		setfscreatecon(scon);
+		ssh_selinux_setfscreatecon(buf);
 #endif
 		if (mkdir(buf, 0700) < 0)
 			error("Could not create directory '%.200s'.", buf);
 #ifdef WITH_SELINUX
-		setfscreatecon(NULL);
+		ssh_selinux_setfscreatecon(NULL);
 #endif
 	}
 	/* load options.identity_files */
Index: openbsd-compat/port-linux.c
===================================================================
RCS file: /var/cvs/openssh/openbsd-compat/port-linux.c,v
retrieving revision 1.11
diff -u -p -r1.11 port-linux.c
--- openbsd-compat/port-linux.c	17 Jan 2011 07:50:24 -0000	1.11
+++ openbsd-compat/port-linux.c	25 Jan 2011 00:16:04 -0000
@@ -205,6 +205,20 @@ ssh_selinux_change_context(const char *n
 	xfree(oldctx);
 	xfree(newctx);
 }
+
+void
+ssh_selinux_setfscreatecon(const char *path)
+{
+		security_context_t context;
+
+		if (path == NULL) {
+			setfscreatecon(NULL);
+			return;
+		}
+		matchpathcon(path, 0700, &context);
+		setfscreatecon(context);
+}
+
 #endif /* WITH_SELINUX */
 
 #ifdef LINUX_OOM_ADJUST
Index: openbsd-compat/port-linux.h
===================================================================
RCS file: /var/cvs/openssh/openbsd-compat/port-linux.h,v
retrieving revision 1.4
diff -u -p -r1.4 port-linux.h
--- openbsd-compat/port-linux.h	8 Dec 2009 02:39:48 -0000	1.4
+++ openbsd-compat/port-linux.h	25 Jan 2011 00:16:04 -0000
@@ -24,6 +24,7 @@ int ssh_selinux_enabled(void);
 void ssh_selinux_setup_pty(char *, const char *);
 void ssh_selinux_setup_exec_context(char *);
 void ssh_selinux_change_context(const char *);
+void ssh_selinux_setfscreatecon(const char *);
 #endif
 
 #ifdef LINUX_OOM_ADJUST

More information about the openssh-unix-dev mailing list