Debian Bug report logs - #193664
Please apply this SE Linux patch

Toggle useless messages

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Torsten Knodt <tk-debian@datas-world.de>

To: Debian Bug Tracking System <submit@bugs.debian.org>

Subject: Please apply this SE Linux patch

Date: Sat, 17 May 2003 21:25:30 +0200

[Message part 1 (text/plain, inline)]

Package: openssh
Version: unavailable; reported 2003-05-17
Severity: wishlist
Tags: upstream patch sid

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hello,
please apply this SE Linux patch. It is based on the patch of Russell Coker.
This one also compiles on non-i386. I also upgraded do po-debconf and
corrected some lintian errors (see changelog).

BTW: Why is there a openssh-krb5 package, when openssh supports krb5?

Regards
	Torsten

- -- System Information:
Debian Release: testing/unstable
Architecture: sh: line 1: /usr/bin/dpkg: Permission denied
Kernel: Linux tk-hybrid-1 2.4.20 #4 Son Mai 4 12:23:33 CEST 2003 i586
Locale: LANG=C, LC_CTYPE=C

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)

iD8DBQE+xoyqX1/CjdwsodIRAjikAJ9xUedbPkNidHM42lWT/7pC3Q7fdgCfWwB4
5/aDfA0jQfdNJzZEARpQMIQ=
=y48k
-----END PGP SIGNATURE-----

[openssh-3.6.1p2.diff (text/plain, attachment)]

Message #10 received at 193664@bugs.debian.org (full text, mbox, reply):

From: Colin Watson <cjwatson@debian.org>

To: Torsten Knodt <tk-debian@datas-world.de>, 193664@bugs.debian.org

Subject: Re: Bug#193664: Please apply this SE Linux patch

Date: Sun, 18 May 2003 02:41:21 +0100

On Sat, May 17, 2003 at 09:25:30PM +0200, Torsten Knodt wrote:
> Hello,
> please apply this SE Linux patch. It is based on the patch of Russell Coker.

I don't intend to apply this in Debian, mostly because I'm not
enthusiastic about trying to forward-port it to every new upstream
release myself. Please ask Russell to push it upstream instead, where it
will get a better security review.

> BTW: Why is there a openssh-krb5 package, when openssh supports krb5?

Look at the diff for openssh-krb5 and you'll see. I think proper krb5
support will be in 3.7, but 3.6 only supports Kerberos V for protocol 1,
and it's possible there are some extra patches on top of that.

BTW, please don't bundle multiple changes into a single patch; it makes
it much harder to deal with. I didn't know how to disentangle SE Linux
changes from random cosmetic stuff, so I've only been able to apply the
(small) parts of your patch that were obviously independent.

> diff -uiwbBrN plain/openssh-3.6.1p2/debian/config included/openssh-3.6.1p2/debian/config
> --- plain/openssh-3.6.1p2/debian/config	2003-05-17 16:02:07.000000000 +0200
> +++ included/openssh-3.6.1p2/debian/config	2003-05-17 21:02:52.000000000 +0200
> @@ -19,7 +19,7 @@
> 
>  if [ -e /etc/init.d/ssh ] && ! grep -q pidfile /etc/init.d/ssh
>  then
> -  db_fset ssh/use_old_init_script isdefault true
> +  db_fset ssh/use_old_init_script seen false
>    db_input medium ssh/use_old_init_script || true
>    db_go
> 
> @@ -27,7 +27,7 @@
>    [ "$RET" = "false" ] && exit 0
>  else
>    db_set ssh/use_old_init_script true
> -  db_fset ssh/use_old_init_script isdefault false
> +  db_fset ssh/use_old_init_script seen true
>  fi
> 
>  if [ -z "$version" -a ! -e /etc/ssh/sshd_config ]

Applied.

> -Depends: ${shlibs:Depends}, libpam-modules (>= 0.72-9), debconf, adduser
> -Conflicts: ssh-nonfree (<<2), ssh-socks, ssh2, debconf (<<0.2.17), debconf-tiny (<<0.2.17), sftp, rsh-client (<<0.16.1-1)
> +Depends: ${misc:Depends}, ${shlibs:Depends}, libpam-modules (>= 0.72-9), adduser
> +Conflicts: ssh-nonfree (<<2), ssh-socks, ssh2, sftp, rsh-client (<<0.16.1-1)

Why did you remove the debconf dependency? The debconf dependency needs
to be increased to debconf (>= 0.5) for the seen flag, not removed.
(debconf isn't an essential package.)

> diff -uiwbBrN plain/openssh-3.6.1p2/debian/postinst.old included/openssh-3.6.1p2/debian/postinst.old
> --- plain/openssh-3.6.1p2/debian/postinst.old	2003-05-17 16:02:07.000000000 +0200
> +++ included/openssh-3.6.1p2/debian/postinst.old	1970-01-01 01:00:00.000000000 +0100

Applied.

> diff -uiwbBrN plain/openssh-3.6.1p2/debian/rules included/openssh-3.6.1p2/debian/rules
> --- plain/openssh-3.6.1p2/debian/rules	2003-05-17 16:02:07.000000000 +0200
> +++ included/openssh-3.6.1p2/debian/rules	2003-05-17 20:25:49.000000000 +0200
> @@ -17,7 +17,10 @@
> 
>  #PKG_VER = $(shell perl -e 'print <> =~ /\((.*)\)/' debian/changelog)
> 
> -build: build-stamp
> +debian/po/templates.pot: debian/templates
> +	@debconf-updatepo
> +
> +build: debian/po/templates.pot build-stamp

See bug #183986 for why I won't be doing it this way. (Since there's a
separate bug filed for it, please keep any po-debconf patches completely
separate.)

Thanks,

-- 
Colin Watson                                  [cjwatson@flatline.org.uk]

Message #15 received at 193664@bugs.debian.org (full text, mbox, reply):

From: Colin Watson <cjwatson@debian.org>

To: Torsten Knodt <tk-debian@datas-world.de>, 193664@bugs.debian.org

Subject: Re: Bug#193664: Please apply this SE Linux patch

Date: Sun, 18 May 2003 03:56:42 +0100

On Sun, May 18, 2003 at 02:41:21AM +0100, Colin Watson wrote:
> On Sat, May 17, 2003 at 09:25:30PM +0200, Torsten Knodt wrote:
> > -Depends: ${shlibs:Depends}, libpam-modules (>= 0.72-9), debconf, adduser
> > -Conflicts: ssh-nonfree (<<2), ssh-socks, ssh2, debconf (<<0.2.17), debconf-tiny (<<0.2.17), sftp, rsh-client (<<0.16.1-1)
> > +Depends: ${misc:Depends}, ${shlibs:Depends}, libpam-modules (>= 0.72-9), adduser
> > +Conflicts: ssh-nonfree (<<2), ssh-socks, ssh2, sftp, rsh-client (<<0.16.1-1)
> 
> Why did you remove the debconf dependency? The debconf dependency needs
> to be increased to debconf (>= 0.5) for the seen flag, not removed.
> (debconf isn't an essential package.)

Oh, I see, it ends up in ${misc:Depends}. Hmm. I need to investigate the
woody-compatibility implications of that one.

I'm inclined to think that openssh built on >= sarge should depend on
debconf (>= 1.2.0) so that encoding specifications in the generated
templates file work, but openssh built on woody should only depend on
debconf (>= 0.5). As a result, I'm going to need to roll my own substvar
anyway.

Cheers,

-- 
Colin Watson                                  [cjwatson@flatline.org.uk]

Message #22 received at 193664-done@bugs.debian.org (full text, mbox, reply):

From: Colin Watson <cjwatson@debian.org>

To: 193664-done@bugs.debian.org

Subject: Re: Please apply this SE Linux patch

Date: Sun, 3 Jul 2005 17:08:29 +0100

On Sat, May 17, 2003 at 09:25:30PM +0200, Torsten Knodt wrote:
> please apply this SE Linux patch. It is based on the patch of Russell Coker.

Thanks to Manoj Srivastava, I applied an updated SELinux patch in
openssh 1:4.1p1-4, which should deal with this bug too.

Cheers,

-- 
Colin Watson                                       [cjwatson@debian.org]

Send a report that this bug log contains spam.