coverity upgrade

experimental selinux sandbox
2011-09-13 17:14:48 +02:00 · 2011-09-13 17:14:48 +02:00 · c870e661c7
parent c2ea13d263
commit c870e661c7
4 changed files with 319 additions and 79 deletions
--- a/openssh-5.9p1-coverity.patch
+++ b/openssh-5.9p1-coverity.patch
@ -1,18 +1,23 @@
 diff -up openssh-5.9p1/auth-pam.c.coverity openssh-5.9p1/auth-pam.c
 --- openssh-5.9p1/auth-pam.c.coverity	2009-07-12 14:07:21.000000000 +0200
-+++ openssh-5.9p1/auth-pam.c	2011-09-09 15:13:32.820565436 +0200
-@@ -216,7 +216,7 @@ pthread_join(sp_pthread_t thread, void *
+++ openssh-5.9p1/auth-pam.c	2011-09-13 08:41:24.635521346 +0200
+@@ -216,7 +216,12 @@ pthread_join(sp_pthread_t thread, void *
 	if (sshpam_thread_status != -1)
 		return (sshpam_thread_status);
 	signal(SIGCHLD, sshpam_oldsig);
 -	waitpid(thread, &status, 0);
-+	(void) waitpid(thread, &status, 0);
+	while (waitpid(thread, &status, 0) < 0) {                     
+		if (errno == EINTR)                                
+			continue;
+		fatal("%s: waitpid: %s", __func__,         
+				strerror(errno));                      
+	}
 	return (status);
 }
 #endif
 diff -up openssh-5.9p1/channels.c.coverity openssh-5.9p1/channels.c
 --- openssh-5.9p1/channels.c.coverity	2011-06-23 00:31:57.000000000 +0200
-+++ openssh-5.9p1/channels.c	2011-09-09 15:13:32.911439569 +0200
+++ openssh-5.9p1/channels.c	2011-09-13 08:26:11.771584519 +0200
@@ -229,11 +229,11 @@ channel_register_fds(Channel *c, int rfd
 	channel_max_fd = MAX(channel_max_fd, wfd);
 	channel_max_fd = MAX(channel_max_fd, efd);
@ -45,7 +50,7 @@ diff -up openssh-5.9p1/channels.c.coverity openssh-5.9p1/channels.c
 }
 diff -up openssh-5.9p1/clientloop.c.coverity openssh-5.9p1/clientloop.c
 --- openssh-5.9p1/clientloop.c.coverity	2011-06-23 00:31:58.000000000 +0200
-+++ openssh-5.9p1/clientloop.c	2011-09-09 15:13:33.017564323 +0200
+++ openssh-5.9p1/clientloop.c	2011-09-13 08:26:11.889458598 +0200
@@ -1970,6 +1970,7 @@ client_input_global_request(int type, u_
 	char *rtype;
 	int want_reply;
@ -56,7 +61,7 @@ diff -up openssh-5.9p1/clientloop.c.coverity openssh-5.9p1/clientloop.c
 	want_reply = packet_get_char();
 diff -up openssh-5.9p1/key.c.coverity openssh-5.9p1/key.c
 --- openssh-5.9p1/key.c.coverity	2011-05-20 11:03:08.000000000 +0200
-+++ openssh-5.9p1/key.c	2011-09-09 15:13:33.145442605 +0200
+++ openssh-5.9p1/key.c	2011-09-13 08:26:12.000459857 +0200
@@ -803,8 +803,10 @@ key_read(Key *ret, char **cpp)
 		success = 1;
 /*XXXX*/
@ -69,8 +74,8 @@ diff -up openssh-5.9p1/key.c.coverity openssh-5.9p1/key.c
 		while (*cp == ' ' || *cp == '\t')
 			cp++;
 diff -up openssh-5.9p1/monitor.c.coverity openssh-5.9p1/monitor.c
--- openssh-5.9p1/monitor.c.coverity	2011-09-09 17:13:15.937439833 +0200
-+++ openssh-5.9p1/monitor.c	2011-09-09 17:15:18.625466696 +0200
+--- openssh-5.9p1/monitor.c.coverity	2011-08-05 22:15:18.000000000 +0200
+++ openssh-5.9p1/monitor.c	2011-09-13 08:26:12.132583409 +0200
@@ -1161,6 +1161,10 @@ mm_answer_keyallowed(int sock, Buffer *m
 			break;
 		}
@ -93,8 +98,8 @@ diff -up openssh-5.9p1/monitor.c.coverity openssh-5.9p1/monitor.c
 	buffer_put_int(m, allowed);
 	buffer_put_int(m, forced_command != NULL);
 diff -up openssh-5.9p1/openbsd-compat/bindresvport.c.coverity openssh-5.9p1/openbsd-compat/bindresvport.c
--- openssh-5.9p1/openbsd-compat/bindresvport.c.coverity	2011-09-09 17:29:14.709442881 +0200
-+++ openssh-5.9p1/openbsd-compat/bindresvport.c	2011-09-09 17:32:48.770563974 +0200
+--- openssh-5.9p1/openbsd-compat/bindresvport.c.coverity	2010-12-03 00:50:26.000000000 +0100
+++ openssh-5.9p1/openbsd-compat/bindresvport.c	2011-09-13 08:26:12.298464549 +0200
@@ -58,7 +58,7 @@ bindresvport_sa(int sd, struct sockaddr
 	struct sockaddr_in6 *in6;
 	u_int16_t *portp;
@ -106,7 +111,7 @@ diff -up openssh-5.9p1/openbsd-compat/bindresvport.c.coverity openssh-5.9p1/open
 	if (sa == NULL) {
 diff -up openssh-5.9p1/packet.c.coverity openssh-5.9p1/packet.c
 --- openssh-5.9p1/packet.c.coverity	2011-05-15 00:58:15.000000000 +0200
-+++ openssh-5.9p1/packet.c	2011-09-09 15:13:33.263447887 +0200
+++ openssh-5.9p1/packet.c	2011-09-13 08:26:12.405461249 +0200
@@ -1177,6 +1177,7 @@ packet_read_poll1(void)
 		case DEATTACK_DETECTED:
 			packet_disconnect("crc32 compensation attack: "
@ -126,7 +131,7 @@ diff -up openssh-5.9p1/packet.c.coverity openssh-5.9p1/packet.c
 	setp = (fd_set *)xcalloc(howmany(active_state->connection_out + 1,
 diff -up openssh-5.9p1/progressmeter.c.coverity openssh-5.9p1/progressmeter.c
 --- openssh-5.9p1/progressmeter.c.coverity	2006-08-05 04:39:40.000000000 +0200
-+++ openssh-5.9p1/progressmeter.c	2011-09-09 15:13:33.382566039 +0200
+++ openssh-5.9p1/progressmeter.c	2011-09-13 08:26:12.511520013 +0200
@@ -65,7 +65,7 @@ static void update_progress_meter(int);
 
 static time_t start;		/* start progress */
@ -147,7 +152,7 @@ diff -up openssh-5.9p1/progressmeter.c.coverity openssh-5.9p1/progressmeter.c
 	file = f;
 diff -up openssh-5.9p1/progressmeter.h.coverity openssh-5.9p1/progressmeter.h
 --- openssh-5.9p1/progressmeter.h.coverity	2006-03-26 05:30:02.000000000 +0200
-+++ openssh-5.9p1/progressmeter.h	2011-09-09 15:13:33.501438992 +0200
+++ openssh-5.9p1/progressmeter.h	2011-09-13 08:26:12.630521541 +0200
@@ -23,5 +23,5 @@
  * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  */
@ -157,7 +162,7 @@ diff -up openssh-5.9p1/progressmeter.h.coverity openssh-5.9p1/progressmeter.h
 void	stop_progress_meter(void);
 diff -up openssh-5.9p1/scp.c.coverity openssh-5.9p1/scp.c
 --- openssh-5.9p1/scp.c.coverity	2011-01-06 12:41:21.000000000 +0100
-+++ openssh-5.9p1/scp.c	2011-09-09 15:13:33.607564009 +0200
+++ openssh-5.9p1/scp.c	2011-09-13 08:26:12.748520967 +0200
@@ -155,7 +155,7 @@ killchild(int signo)
 {
 	if (do_cmd_pid > 1) {
@ -168,8 +173,8 @@ diff -up openssh-5.9p1/scp.c.coverity openssh-5.9p1/scp.c
 
 	if (signo)
 diff -up openssh-5.9p1/servconf.c.coverity openssh-5.9p1/servconf.c
--- openssh-5.9p1/servconf.c.coverity	2011-09-09 17:24:09.333561142 +0200
-+++ openssh-5.9p1/servconf.c	2011-09-09 17:26:41.488502345 +0200
+--- openssh-5.9p1/servconf.c.coverity	2011-06-23 00:30:03.000000000 +0200
+++ openssh-5.9p1/servconf.c	2011-09-13 08:26:12.854521290 +0200
@@ -1171,7 +1171,7 @@ process_server_config_line(ServerOptions
 			fatal("%s line %d: Missing subsystem name.",
 			    filename, linenum);
@ -181,7 +186,7 @@ diff -up openssh-5.9p1/servconf.c.coverity openssh-5.9p1/servconf.c
 		for (i = 0; i < options->num_subsystems; i++)
 diff -up openssh-5.9p1/serverloop.c.coverity openssh-5.9p1/serverloop.c
 --- openssh-5.9p1/serverloop.c.coverity	2011-05-20 11:02:50.000000000 +0200
-+++ openssh-5.9p1/serverloop.c	2011-09-09 15:13:33.723564433 +0200
+++ openssh-5.9p1/serverloop.c	2011-09-13 08:26:12.968645756 +0200
@@ -147,13 +147,13 @@ notify_setup(void)
 static void
 notify_parent(void)
@ -293,7 +298,7 @@ diff -up openssh-5.9p1/serverloop.c.coverity openssh-5.9p1/serverloop.c
 		tun = forced_tun_device;
 diff -up openssh-5.9p1/sftp-client.c.coverity openssh-5.9p1/sftp-client.c
 --- openssh-5.9p1/sftp-client.c.coverity	2010-12-04 23:02:48.000000000 +0100
-+++ openssh-5.9p1/sftp-client.c	2011-09-09 15:13:33.845564522 +0200
+++ openssh-5.9p1/sftp-client.c	2011-09-13 08:26:13.083520760 +0200
@@ -149,7 +149,7 @@ get_msg(struct sftp_conn *conn, Buffer *
 }
 
@ -518,7 +523,7 @@ diff -up openssh-5.9p1/sftp-client.c.coverity openssh-5.9p1/sftp-client.c
 	size_t len = strlen(p1) + strlen(p2) + 2;
 diff -up openssh-5.9p1/sftp-client.h.coverity openssh-5.9p1/sftp-client.h
 --- openssh-5.9p1/sftp-client.h.coverity	2010-12-04 23:02:48.000000000 +0100
-+++ openssh-5.9p1/sftp-client.h	2011-09-09 15:13:33.954567073 +0200
+++ openssh-5.9p1/sftp-client.h	2011-09-13 08:26:13.181525164 +0200
@@ -56,49 +56,49 @@ struct sftp_conn *do_init(int, int, u_in
 u_int sftp_proto_version(struct sftp_conn *);
 
@ -618,7 +623,7 @@ diff -up openssh-5.9p1/sftp-client.h.coverity openssh-5.9p1/sftp-client.h
 #endif
 diff -up openssh-5.9p1/sftp.c.coverity openssh-5.9p1/sftp.c
 --- openssh-5.9p1/sftp.c.coverity	2010-12-04 23:02:48.000000000 +0100
-+++ openssh-5.9p1/sftp.c	2011-09-09 15:13:34.086441893 +0200
+++ openssh-5.9p1/sftp.c	2011-09-13 08:26:13.311521187 +0200
@@ -206,7 +206,7 @@ killchild(int signo)
 {
 	if (sshpid > 1) {
@ -733,7 +738,7 @@ diff -up openssh-5.9p1/sftp.c.coverity openssh-5.9p1/sftp.c
 	char s_used[FMT_SCALED_STRSIZE];
 diff -up openssh-5.9p1/ssh-agent.c.coverity openssh-5.9p1/ssh-agent.c
 --- openssh-5.9p1/ssh-agent.c.coverity	2011-06-03 06:14:16.000000000 +0200
-+++ openssh-5.9p1/ssh-agent.c	2011-09-09 15:13:34.203567987 +0200
+++ openssh-5.9p1/ssh-agent.c	2011-09-13 08:26:13.416521025 +0200
@@ -1147,8 +1147,8 @@ main(int ac, char **av)
 	sanitise_stdfd();
 
@ -747,7 +752,7 @@ diff -up openssh-5.9p1/ssh-agent.c.coverity openssh-5.9p1/ssh-agent.c
 	/* Disable ptrace on Linux without sgid bit */
 diff -up openssh-5.9p1/sshd.c.coverity openssh-5.9p1/sshd.c
 --- openssh-5.9p1/sshd.c.coverity	2011-06-23 11:45:51.000000000 +0200
-+++ openssh-5.9p1/sshd.c	2011-09-09 15:13:34.317564195 +0200
+++ openssh-5.9p1/sshd.c	2011-09-13 08:26:13.565519531 +0200
@@ -1302,6 +1302,9 @@ server_accept_loop(int *sock_in, int *so
 		if (num_listen_socks < 0)
 			break;
--- a/openssh-5.9p1-ldap.patch
+++ b/openssh-5.9p1-ldap.patch
@ -1,6 +1,6 @@
-diff -up openssh-5.9p0/HOWTO.ldap-keys.ldap openssh-5.9p0/HOWTO.ldap-keys
--- openssh-5.9p0/HOWTO.ldap-keys.ldap	2011-08-30 15:57:12.449212853 +0200
-+++ openssh-5.9p0/HOWTO.ldap-keys	2011-08-30 15:57:12.453101662 +0200
+diff -up openssh-5.9p1/HOWTO.ldap-keys.ldap openssh-5.9p1/HOWTO.ldap-keys
+--- openssh-5.9p1/HOWTO.ldap-keys.ldap	2011-09-13 11:17:05.178644691 +0200
+++ openssh-5.9p1/HOWTO.ldap-keys	2011-09-13 11:17:05.181522429 +0200
@@ -0,0 +1,108 @@
 +
 +HOW TO START
@ -110,9 +110,9 @@ diff -up openssh-5.9p0/HOWTO.ldap-keys.ldap openssh-5.9p0/HOWTO.ldap-keys
 +5) Author
 +    Jan F. Chadima <jchadima@redhat.com>
 +
-diff -up openssh-5.9p0/Makefile.in.ldap openssh-5.9p0/Makefile.in
--- openssh-5.9p0/Makefile.in.ldap	2011-08-30 15:57:01.693024742 +0200
-+++ openssh-5.9p0/Makefile.in	2011-08-30 16:00:02.478212295 +0200
+diff -up openssh-5.9p1/Makefile.in.ldap openssh-5.9p1/Makefile.in
+--- openssh-5.9p1/Makefile.in.ldap	2011-09-13 11:17:04.064644353 +0200
+++ openssh-5.9p1/Makefile.in	2011-09-13 11:20:16.996522219 +0200
@@ -25,6 +25,8 @@ SSH_PROGRAM=@bindir@/ssh
 ASKPASS_PROGRAM=$(libexecdir)/ssh-askpass
 SFTP_SERVER=$(libexecdir)/sftp-server
@ -135,7 +135,7 @@ diff -up openssh-5.9p0/Makefile.in.ldap openssh-5.9p0/Makefile.in
 	canohost.o channels.o cipher.o cipher-acss.o cipher-aes.o \
@@ -92,8 +95,8 @@ SSHDOBJS=sshd.o auth-rhosts.o auth-passw
 	roaming_common.o roaming_serv.o \
- 	sandbox-null.o sandbox-rlimit.o sandbox-systrace.o sandbox-darwin.o
+ 	sandbox-null.o sandbox-rlimit.o sandbox-systrace.o sandbox-darwin.o sandbox-selinux.o
 
 -MANPAGES	= moduli.5.out scp.1.out ssh-add.1.out ssh-agent.1.out ssh-keygen.1.out ssh-keyscan.1.out ssh.1.out sshd.8.out sftp-server.8.out sftp.1.out ssh-keysign.8.out ssh-pkcs11-helper.8.out sshd_config.5.out ssh_config.5.out
 -MANPAGES_IN	= moduli.5 scp.1 ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh-keyscan.1 ssh.1 sshd.8 sftp-server.8 sftp.1 ssh-keysign.8 ssh-pkcs11-helper.8 sshd_config.5 ssh_config.5
@ -207,9 +207,9 @@ diff -up openssh-5.9p0/Makefile.in.ldap openssh-5.9p0/Makefile.in
 	-rm -f $(DESTDIR)$(mandir)/$(mansubdir)1/slogin.1
 
 tests interop-tests:	$(TARGETS)
-diff -up openssh-5.9p0/configure.ac.ldap openssh-5.9p0/configure.ac
--- openssh-5.9p0/configure.ac.ldap	2011-08-30 15:57:11.297032991 +0200
-+++ openssh-5.9p0/configure.ac	2011-08-30 15:57:12.664024959 +0200
+diff -up openssh-5.9p1/configure.ac.ldap openssh-5.9p1/configure.ac
+--- openssh-5.9p1/configure.ac.ldap	2011-09-13 11:17:04.488583772 +0200
+++ openssh-5.9p1/configure.ac	2011-09-13 11:17:05.418529375 +0200
@@ -1433,6 +1433,106 @@ AC_ARG_WITH(authorized-keys-command,
 	]
 )
@ -317,9 +317,9 @@ diff -up openssh-5.9p0/configure.ac.ldap openssh-5.9p0/configure.ac
 dnl    Checks for library functions. Please keep in alphabetical order
 AC_CHECK_FUNCS([ \
 	arc4random \
-diff -up openssh-5.9p0/ldap-helper.c.ldap openssh-5.9p0/ldap-helper.c
--- openssh-5.9p0/ldap-helper.c.ldap	2011-08-30 15:57:12.754025033 +0200
-+++ openssh-5.9p0/ldap-helper.c	2011-08-30 15:57:12.759025510 +0200
+diff -up openssh-5.9p1/ldap-helper.c.ldap openssh-5.9p1/ldap-helper.c
+--- openssh-5.9p1/ldap-helper.c.ldap	2011-09-13 11:17:05.527520185 +0200
+++ openssh-5.9p1/ldap-helper.c	2011-09-13 11:17:05.531521117 +0200
@@ -0,0 +1,155 @@
 +/* $OpenBSD: ssh-pka-ldap.c,v 1.1 2009/12/03 03:34:42 jfch Exp $ */
 +/*
@ -476,9 +476,9 @@ diff -up openssh-5.9p0/ldap-helper.c.ldap openssh-5.9p0/ldap-helper.c
 +void   *buffer_get_string(Buffer *b, u_int *l) { return NULL; }
 +void    buffer_put_string(Buffer *b, const void *f, u_int l) {}
 +
-diff -up openssh-5.9p0/ldap-helper.h.ldap openssh-5.9p0/ldap-helper.h
--- openssh-5.9p0/ldap-helper.h.ldap	2011-08-30 15:57:12.835024792 +0200
-+++ openssh-5.9p0/ldap-helper.h	2011-08-30 15:57:12.839024637 +0200
+diff -up openssh-5.9p1/ldap-helper.h.ldap openssh-5.9p1/ldap-helper.h
+--- openssh-5.9p1/ldap-helper.h.ldap	2011-09-13 11:17:05.619520027 +0200
+++ openssh-5.9p1/ldap-helper.h	2011-09-13 11:17:05.621522622 +0200
@@ -0,0 +1,32 @@
 +/* $OpenBSD: ldap-helper.h,v 1.1 2009/12/03 03:34:42 jfch Exp $ */
 +/*
@ -512,9 +512,9 @@ diff -up openssh-5.9p0/ldap-helper.h.ldap openssh-5.9p0/ldap-helper.h
 +extern int config_warning_config_file;
 +
 +#endif /* LDAP_HELPER_H */
-diff -up openssh-5.9p0/ldap.conf.ldap openssh-5.9p0/ldap.conf
--- openssh-5.9p0/ldap.conf.ldap	2011-08-30 15:57:12.929026186 +0200
-+++ openssh-5.9p0/ldap.conf	2011-08-30 15:57:12.933024937 +0200
+diff -up openssh-5.9p1/ldap.conf.ldap openssh-5.9p1/ldap.conf
+--- openssh-5.9p1/ldap.conf.ldap	2011-09-13 11:17:05.697522387 +0200
+++ openssh-5.9p1/ldap.conf	2011-09-13 11:17:05.699522577 +0200
@@ -0,0 +1,88 @@
 +# $Id: openssh-5.5p1-ldap.patch,v 1.3 2010/07/07 13:48:36 jfch2222 Exp $
 +#
@ -604,9 +604,9 @@ diff -up openssh-5.9p0/ldap.conf.ldap openssh-5.9p0/ldap.conf
 +#tls_cert
 +#tls_key
 +
-diff -up openssh-5.9p0/ldapbody.c.ldap openssh-5.9p0/ldapbody.c
--- openssh-5.9p0/ldapbody.c.ldap	2011-08-30 15:57:13.005024661 +0200
-+++ openssh-5.9p0/ldapbody.c	2011-08-30 15:57:13.011024848 +0200
+diff -up openssh-5.9p1/ldapbody.c.ldap openssh-5.9p1/ldapbody.c
+--- openssh-5.9p1/ldapbody.c.ldap	2011-09-13 11:17:05.782571211 +0200
+++ openssh-5.9p1/ldapbody.c	2011-09-13 11:17:05.785584958 +0200
@@ -0,0 +1,494 @@
 +/* $OpenBSD: ldapbody.c,v 1.1 2009/12/03 03:34:42 jfch Exp $ */
 +/*
@ -1102,9 +1102,9 @@ diff -up openssh-5.9p0/ldapbody.c.ldap openssh-5.9p0/ldapbody.c
 +	return;
 +}
 +
-diff -up openssh-5.9p0/ldapbody.h.ldap openssh-5.9p0/ldapbody.h
--- openssh-5.9p0/ldapbody.h.ldap	2011-08-30 15:57:13.087150596 +0200
-+++ openssh-5.9p0/ldapbody.h	2011-08-30 15:57:13.091149461 +0200
+diff -up openssh-5.9p1/ldapbody.h.ldap openssh-5.9p1/ldapbody.h
+--- openssh-5.9p1/ldapbody.h.ldap	2011-09-13 11:17:05.861522789 +0200
+++ openssh-5.9p1/ldapbody.h	2011-09-13 11:17:05.863522010 +0200
@@ -0,0 +1,37 @@
 +/* $OpenBSD: ldapbody.h,v 1.1 2009/12/03 03:34:42 jfch Exp $ */
 +/*
@ -1143,9 +1143,9 @@ diff -up openssh-5.9p0/ldapbody.h.ldap openssh-5.9p0/ldapbody.h
 +
 +#endif /* LDAPBODY_H */
 +
-diff -up openssh-5.9p0/ldapconf.c.ldap openssh-5.9p0/ldapconf.c
--- openssh-5.9p0/ldapconf.c.ldap	2011-08-30 15:57:13.164036922 +0200
-+++ openssh-5.9p0/ldapconf.c	2011-08-30 15:57:13.171065499 +0200
+diff -up openssh-5.9p1/ldapconf.c.ldap openssh-5.9p1/ldapconf.c
+--- openssh-5.9p1/ldapconf.c.ldap	2011-09-13 11:17:05.937548294 +0200
+++ openssh-5.9p1/ldapconf.c	2011-09-13 11:17:05.941547073 +0200
@@ -0,0 +1,682 @@
 +/* $OpenBSD: ldapconf.c,v 1.1 2009/12/03 03:34:42 jfch Exp $ */
 +/*
@ -1829,9 +1829,9 @@ diff -up openssh-5.9p0/ldapconf.c.ldap openssh-5.9p0/ldapconf.c
 +	dump_cfg_string(lSSH_Filter, options.ssh_filter);
 +}
 +
-diff -up openssh-5.9p0/ldapconf.h.ldap openssh-5.9p0/ldapconf.h
--- openssh-5.9p0/ldapconf.h.ldap	2011-08-30 15:57:13.265149057 +0200
-+++ openssh-5.9p0/ldapconf.h	2011-08-30 15:57:13.271153923 +0200
+diff -up openssh-5.9p1/ldapconf.h.ldap openssh-5.9p1/ldapconf.h
+--- openssh-5.9p1/ldapconf.h.ldap	2011-09-13 11:17:06.016522201 +0200
+++ openssh-5.9p1/ldapconf.h	2011-09-13 11:17:06.018522083 +0200
@@ -0,0 +1,71 @@
 +/* $OpenBSD: ldapconf.c,v 1.1 2009/12/03 03:34:42 jfch Exp $ */
 +/*
@ -1904,9 +1904,9 @@ diff -up openssh-5.9p0/ldapconf.h.ldap openssh-5.9p0/ldapconf.h
 +void dump_config(void);
 +
 +#endif /* LDAPCONF_H */
-diff -up openssh-5.9p0/ldapincludes.h.ldap openssh-5.9p0/ldapincludes.h
--- openssh-5.9p0/ldapincludes.h.ldap	2011-08-30 15:57:13.344023601 +0200
-+++ openssh-5.9p0/ldapincludes.h	2011-08-30 15:57:13.348024596 +0200
+diff -up openssh-5.9p1/ldapincludes.h.ldap openssh-5.9p1/ldapincludes.h
+--- openssh-5.9p1/ldapincludes.h.ldap	2011-09-13 11:17:06.123519312 +0200
+++ openssh-5.9p1/ldapincludes.h	2011-09-13 11:17:06.126518977 +0200
@@ -0,0 +1,41 @@
 +/* $OpenBSD: ldapconf.c,v 1.1 2009/12/03 03:34:42 jfch Exp $ */
 +/*
@ -1949,9 +1949,9 @@ diff -up openssh-5.9p0/ldapincludes.h.ldap openssh-5.9p0/ldapincludes.h
 +#endif
 +
 +#endif /* LDAPINCLUDES_H */
-diff -up openssh-5.9p0/ldapmisc.c.ldap openssh-5.9p0/ldapmisc.c
--- openssh-5.9p0/ldapmisc.c.ldap	2011-08-30 15:57:13.429148896 +0200
-+++ openssh-5.9p0/ldapmisc.c	2011-08-30 15:57:13.433150396 +0200
+diff -up openssh-5.9p1/ldapmisc.c.ldap openssh-5.9p1/ldapmisc.c
+--- openssh-5.9p1/ldapmisc.c.ldap	2011-09-13 11:17:06.195508388 +0200
+++ openssh-5.9p1/ldapmisc.c	2011-09-13 11:17:06.197507964 +0200
@@ -0,0 +1,79 @@
 +
 +#include "ldapincludes.h"
@ -2032,9 +2032,9 @@ diff -up openssh-5.9p0/ldapmisc.c.ldap openssh-5.9p0/ldapmisc.c
 +}
 +#endif
 +
-diff -up openssh-5.9p0/ldapmisc.h.ldap openssh-5.9p0/ldapmisc.h
--- openssh-5.9p0/ldapmisc.h.ldap	2011-08-30 15:57:13.531150853 +0200
-+++ openssh-5.9p0/ldapmisc.h	2011-08-30 15:57:13.537153831 +0200
+diff -up openssh-5.9p1/ldapmisc.h.ldap openssh-5.9p1/ldapmisc.h
+--- openssh-5.9p1/ldapmisc.h.ldap	2011-09-13 11:17:06.273496889 +0200
+++ openssh-5.9p1/ldapmisc.h	2011-09-13 11:17:06.276496151 +0200
@@ -0,0 +1,35 @@
 +/* $OpenBSD: ldapbody.h,v 1.1 2009/12/03 03:34:42 jfch Exp $ */
 +/*
@ -2071,9 +2071,9 @@ diff -up openssh-5.9p0/ldapmisc.h.ldap openssh-5.9p0/ldapmisc.h
 +
 +#endif /* LDAPMISC_H */
 +
-diff -up openssh-5.9p0/openssh-lpk-openldap.schema.ldap openssh-5.9p0/openssh-lpk-openldap.schema
--- openssh-5.9p0/openssh-lpk-openldap.schema.ldap	2011-08-30 15:57:13.607025841 +0200
-+++ openssh-5.9p0/openssh-lpk-openldap.schema	2011-08-30 15:57:13.612150461 +0200
+diff -up openssh-5.9p1/openssh-lpk-openldap.schema.ldap openssh-5.9p1/openssh-lpk-openldap.schema
+--- openssh-5.9p1/openssh-lpk-openldap.schema.ldap	2011-09-13 11:17:06.349485171 +0200
+++ openssh-5.9p1/openssh-lpk-openldap.schema	2011-09-13 11:17:06.351484488 +0200
@@ -0,0 +1,21 @@
 +#
 +# LDAP Public Key Patch schema for use with openssh-ldappubkey
@ -2096,9 +2096,9 @@ diff -up openssh-5.9p0/openssh-lpk-openldap.schema.ldap openssh-5.9p0/openssh-lp
 +	DESC 'MANDATORY: OpenSSH LPK objectclass'
 +	MUST ( sshPublicKey $ uid ) 
 +	)
-diff -up openssh-5.9p0/openssh-lpk-sun.schema.ldap openssh-5.9p0/openssh-lpk-sun.schema
--- openssh-5.9p0/openssh-lpk-sun.schema.ldap	2011-08-30 15:57:13.696025724 +0200
-+++ openssh-5.9p0/openssh-lpk-sun.schema	2011-08-30 15:57:13.699024704 +0200
+diff -up openssh-5.9p1/openssh-lpk-sun.schema.ldap openssh-5.9p1/openssh-lpk-sun.schema
+--- openssh-5.9p1/openssh-lpk-sun.schema.ldap	2011-09-13 11:17:06.420474045 +0200
+++ openssh-5.9p1/openssh-lpk-sun.schema	2011-09-13 11:17:06.422473843 +0200
@@ -0,0 +1,23 @@
 +#
 +# LDAP Public Key Patch schema for use with openssh-ldappubkey
@ -2123,9 +2123,9 @@ diff -up openssh-5.9p0/openssh-lpk-sun.schema.ldap openssh-5.9p0/openssh-lpk-sun
 +	DESC 'MANDATORY: OpenSSH LPK objectclass'
 +	MUST ( sshPublicKey $ uid ) 
 +	)
-diff -up openssh-5.9p0/ssh-ldap-helper.8.ldap openssh-5.9p0/ssh-ldap-helper.8
--- openssh-5.9p0/ssh-ldap-helper.8.ldap	2011-08-30 15:57:13.772026539 +0200
-+++ openssh-5.9p0/ssh-ldap-helper.8	2011-08-30 15:57:13.778026299 +0200
+diff -up openssh-5.9p1/ssh-ldap-helper.8.ldap openssh-5.9p1/ssh-ldap-helper.8
+--- openssh-5.9p1/ssh-ldap-helper.8.ldap	2011-09-13 11:17:06.504461435 +0200
+++ openssh-5.9p1/ssh-ldap-helper.8	2011-09-13 11:17:06.506460976 +0200
@@ -0,0 +1,79 @@
 +.\" $OpenBSD: ssh-ldap-helper.8,v 1.1 2010/02/10 23:20:38 markus Exp $
 +.\"
@ -2206,17 +2206,17 @@ diff -up openssh-5.9p0/ssh-ldap-helper.8.ldap openssh-5.9p0/ssh-ldap-helper.8
 +OpenSSH 5.5 + PKA-LDAP .
 +.Sh AUTHORS
 +.An Jan F. Chadima Aq jchadima@redhat.com
-diff -up openssh-5.9p0/ssh-ldap-wrapper.ldap openssh-5.9p0/ssh-ldap-wrapper
--- openssh-5.9p0/ssh-ldap-wrapper.ldap	2011-08-30 15:57:13.854024986 +0200
-+++ openssh-5.9p0/ssh-ldap-wrapper	2011-08-30 15:57:13.858149926 +0200
+diff -up openssh-5.9p1/ssh-ldap-wrapper.ldap openssh-5.9p1/ssh-ldap-wrapper
+--- openssh-5.9p1/ssh-ldap-wrapper.ldap	2011-09-13 11:17:06.574455869 +0200
+++ openssh-5.9p1/ssh-ldap-wrapper	2011-09-13 11:17:06.576475704 +0200
@@ -0,0 +1,4 @@
 +#!/bin/sh
 +
 +exec /usr/libexec/openssh/ssh-ldap-helper -s "$1"
 +
-diff -up openssh-5.9p0/ssh-ldap.conf.5.ldap openssh-5.9p0/ssh-ldap.conf.5
--- openssh-5.9p0/ssh-ldap.conf.5.ldap	2011-08-30 15:57:13.934151066 +0200
-+++ openssh-5.9p0/ssh-ldap.conf.5	2011-08-30 15:57:13.942024641 +0200
+diff -up openssh-5.9p1/ssh-ldap.conf.5.ldap openssh-5.9p1/ssh-ldap.conf.5
+--- openssh-5.9p1/ssh-ldap.conf.5.ldap	2011-09-13 11:17:06.650522542 +0200
+++ openssh-5.9p1/ssh-ldap.conf.5	2011-09-13 11:17:06.653474746 +0200
@@ -0,0 +1,376 @@
 +.\" $OpenBSD: ssh-ldap.conf.5,v 1.1 2010/02/10 23:20:38 markus Exp $
 +.\"
--- a/openssh-5.9p1-sesandbox.patch
+++ b/openssh-5.9p1-sesandbox.patch
@ -0,0 +1,228 @@
+diff -up openssh-5.9p1/Makefile.in.sesandbox openssh-5.9p1/Makefile.in
+--- openssh-5.9p1/Makefile.in.sesandbox	2011-09-13 16:00:58.201646362 +0200
+++ openssh-5.9p1/Makefile.in	2011-09-13 16:01:08.284466746 +0200
+@@ -90,7 +90,7 @@ SSHDOBJS=sshd.o auth-rhosts.o auth-passw
+ 	loginrec.o auth-pam.o auth-shadow.o auth-sia.o md5crypt.o \
+ 	sftp-server.o sftp-common.o \
+ 	roaming_common.o roaming_serv.o \
+-	sandbox-null.o sandbox-rlimit.o sandbox-systrace.o sandbox-darwin.o
+	sandbox-null.o sandbox-rlimit.o sandbox-systrace.o sandbox-darwin.o sandbox-selinux.o
+ 
+ MANPAGES	= moduli.5.out scp.1.out ssh-add.1.out ssh-agent.1.out ssh-keygen.1.out ssh-keyscan.1.out ssh.1.out sshd.8.out sftp-server.8.out sftp.1.out ssh-keysign.8.out ssh-pkcs11-helper.8.out sshd_config.5.out ssh_config.5.out
+ MANPAGES_IN	= moduli.5 scp.1 ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh-keyscan.1 ssh.1 sshd.8 sftp-server.8 sftp.1 ssh-keysign.8 ssh-pkcs11-helper.8 sshd_config.5 ssh_config.5
+diff -up openssh-5.9p1/configure.ac.sesandbox openssh-5.9p1/configure.ac
+--- openssh-5.9p1/configure.ac.sesandbox	2011-08-18 06:48:24.000000000 +0200
+++ openssh-5.9p1/configure.ac	2011-09-13 16:01:08.537509294 +0200
+@@ -2476,7 +2476,7 @@ AC_SUBST([SSH_PRIVSEP_USER])
+ # Decide which sandbox style to use
+ sandbox_arg=""
+ AC_ARG_WITH([sandbox],
+-	[  --with-sandbox=style    Specify privilege separation sandbox (no, darwin, rlimit, systrace)],
+	[  --with-sandbox=style    Specify privilege separation sandbox (no, darwin, rlimit, systrace, selinux)],
+ 	[
+ 		if test "x$withval" = "xyes" ; then
+ 			sandbox_arg=""
+@@ -2499,6 +2499,10 @@ elif test "x$sandbox_arg" = "xdarwin" ||
+ 		AC_MSG_ERROR([Darwin seatbelt sandbox requires sandbox.h and sandbox_init function])
+ 	SANDBOX_STYLE="darwin"
+ 	AC_DEFINE([SANDBOX_DARWIN], [1], [Sandbox using Darwin sandbox_init(3)])
+elif test "x$sandbox_arg" = "xselinux" \\
+    test "x$WITH_SELINUX" = "x1"; then
+	SANDBOX_STYLE="selinux"
+	AC_DEFINE([SANDBOX_SELINUX], [1], [Sandbox using selinux(8)])
+ elif test "x$sandbox_arg" = "xrlimit" || \
+      ( test -z "$sandbox_arg" && test "x$ac_cv_func_setrlimit" = "xyes" ) ; then
+ 	test "x$ac_cv_func_setrlimit" != "xyes" && \
+diff -up openssh-5.9p1/openbsd-compat/port-linux.c.sesandbox openssh-5.9p1/openbsd-compat/port-linux.c
+--- openssh-5.9p1/openbsd-compat/port-linux.c.sesandbox	2011-09-13 16:09:04.534585160 +0200
+++ openssh-5.9p1/openbsd-compat/port-linux.c	2011-09-13 16:13:51.827640965 +0200
+@@ -459,24 +459,24 @@ ssh_selinux_setup_pty(char *pwname, cons
+ 	debug3("%s: done", __func__);
+ }
+ 
+-void
+int
+ ssh_selinux_change_context(const char *newname)
+ {
+-	int len, newlen;
+	int len, newlen, rv = -1;
+ 	char *oldctx, *newctx, *cx;
+ 	void (*switchlog) (const char *fmt,...) = logit;
+ 
+ 	if (!ssh_selinux_enabled())
+-		return;
+		return -2;
+ 
+ 	if (getcon((security_context_t *)&oldctx) < 0) {
+ 		logit("%s: getcon failed with %s", __func__, strerror(errno));
+-		return;
+		return -1;
+ 	}
+ 	if ((cx = index(oldctx, ':')) == NULL || (cx = index(cx + 1, ':')) ==
+ 	    NULL) {
+ 		logit ("%s: unparseable context %s", __func__, oldctx);
+-		return;
+		return -1;
+ 	}
+ 
+ 	/*
+@@ -484,8 +484,10 @@ ssh_selinux_change_context(const char *n
+ 	 * security context.
+ 	 */
+ 	if (strncmp(cx, SSH_SELINUX_UNCONFINED_TYPE,
+-	    sizeof(SSH_SELINUX_UNCONFINED_TYPE) - 1) == 0)
+	    sizeof(SSH_SELINUX_UNCONFINED_TYPE) - 1) == 0) {
+ 		switchlog = debug3;
+		rv = -2;
+	}
+ 
+ 	newlen = strlen(oldctx) + strlen(newname) + 1;
+ 	newctx = xmalloc(newlen);
+@@ -499,8 +501,11 @@ ssh_selinux_change_context(const char *n
+ 	if (setcon(newctx) < 0)
+ 		switchlog("%s: setcon %s from %s failed with %s", __func__,
+ 		    newctx, oldctx, strerror(errno));
+	else
+		rv = 0;
+ 	xfree(oldctx);
+ 	xfree(newctx);
+	return rv;
+ }
+ 
+ void
+diff -up openssh-5.9p1/openbsd-compat/port-linux.h.sesandbox openssh-5.9p1/openbsd-compat/port-linux.h
+--- openssh-5.9p1/openbsd-compat/port-linux.h.sesandbox	2011-09-13 16:14:10.371460199 +0200
+++ openssh-5.9p1/openbsd-compat/port-linux.h	2011-09-13 16:14:40.377646062 +0200
+@@ -23,7 +23,7 @@
+ int ssh_selinux_enabled(void);
+ void ssh_selinux_setup_pty(char *, const char *);
+ void ssh_selinux_setup_exec_context(char *);
+-void ssh_selinux_change_context(const char *);
+int ssh_selinux_change_context(const char *);
+ void ssh_selinux_chopy_context(void);
+ void ssh_selinux_setfscreatecon(const char *);
+ #endif
+diff -up openssh-5.9p1/sandbox-selinux.c.sesandbox openssh-5.9p1/sandbox-selinux.c
+--- openssh-5.9p1/sandbox-selinux.c.sesandbox	2011-09-13 16:01:08.715520826 +0200
+++ openssh-5.9p1/sandbox-selinux.c	2011-09-13 16:20:02.463511312 +0200
+@@ -0,0 +1,120 @@
+/* $Id: sandbox-selinux.c,v 1.0 2011/01/17 10:15:30 jfch Exp $ */
+ 
+/*
+ * Copyright 2011 Red Hat, Inc.  All rights reserved.
+ * Use is subject to license terms.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+ * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ * Red Hat author: Jan F. Chadima <jchadima@redhat.com>
+ */
+
+
+#include "includes.h"
+
+#ifdef SANDBOX_SELINUX
+
+#include <sys/types.h>
+
+#include <errno.h>
+#include <stdarg.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <unistd.h>
+
+#include "log.h"
+#include "ssh-sandbox.h"
+#include "xmalloc.h"
+#include "openbsd-comnpat/port-linux.h"
+
+/* selinux based sandbox */
+
+struct ssh_sandbox {
+	pid_t child_pid;
+};
+
+struct ssh_sandbox *
+ssh_sandbox_init(void)
+{
+	struct ssh_sandbox *box;
+
+	/*
+	 * Strictly, we don't need to maintain any state here but we need
+	 * to return non-NULL to satisfy the API.
+	 */
+	box = xcalloc(1, sizeof(*box));
+	box->child_pid = 0;
+	return box;
+}
+
+static void
+rlimit_ssh_sandbox_child(struct ssh_sandbox *box)
+{
+	struct rlimit rl_zero;
+
+	rl_zero.rlim_cur = rl_zero.rlim_max = 0;
+
+	if (setrlimit(RLIMIT_FSIZE, &rl_zero) == -1)
+		fatal("%s: setrlimit(RLIMIT_FSIZE, { 0, 0 }): %s",
+			__func__, strerror(errno));
+	if (setrlimit(RLIMIT_NOFILE, &rl_zero) == -1)
+		fatal("%s: setrlimit(RLIMIT_NOFILE, { 0, 0 }): %s",
+			__func__, strerror(errno));
+#ifdef HAVE_RLIMIT_NPROC
+	if (setrlimit(RLIMIT_NPROC, &rl_zero) == -1)
+		fatal("%s: setrlimit(RLIMIT_NPROC, { 0, 0 }): %s",
+			__func__, strerror(errno));
+#endif
+}
+
+void
+ssh_sandbox_child(struct ssh_sandbox *box)
+{
+	switch (ssh_selinux_change_context("sshd_sandbox_t")) {
+	case 0:
+		debug3("selinux sandbox sucessfully enabled");
+		break;
+	case -2:
+		logit("selinux not useful, using rlimit sandbox instead");
+		rlimit_ssh_sandbox_child(box);
+		break;
+	case -1:
+		fatal("cannot set up selinux sandbox");
+	default:
+		fatal("inmternal error in selinux sandbox");
+	}
+}
+
+void
+ssh_sandbox_parent_finish(struct ssh_sandbox *box)
+{
+	free(box);
+	debug3("%s: finished", __func__);
+}
+
+void
+ssh_sandbox_parent_preauth(struct ssh_sandbox *box, pid_t child_pid)
+{
+	box->child_pid = child_pid;
+}
+
+#endif /* SANDBOX_NULL */
--- a/openssh.spec
+++ b/openssh.spec
@ -79,7 +79,7 @@

 # Do not forget to bump pam_ssh_agent_auth release if you rewind the main package release to 1
 %define openssh_ver 5.9p1
-%define openssh_rel 7
+%define openssh_rel 8
 %define pam_ssh_agent_ver 0.9.2
 %define pam_ssh_agent_rel 32

@ -145,6 +145,8 @@ Patch400: openssh-5.9p1-role.patch
 Patch401: openssh-5.9p1-mls.patch
 #?
 Patch402: openssh-5.9p1-sftp-chroot.patch
+#?
+Patch403: openssh-5.9p1-sesandbox.patch

 #https://bugzilla.mindrot.org/show_bug.cgi?id=1663
 Patch500: openssh-5.9p1-akc.patch
@ -412,6 +414,7 @@ popd
 %patch400 -p1 -b .role
 %patch401 -p1 -b .mls
 %patch402 -p1 -b .sftp-chroot
+%patch403 -p1 -b .sesandbox
 %endif

 %patch500 -p1 -b .akc
@ -517,7 +520,7 @@ fi
 	--with-pam \
 %endif
 %if %{WITH_SELINUX}
-	--with-selinux --with-audit=linux \
+	--with-selinux --with-audit=linux --with-sandbox-style=selinux \
 %endif
 %if %{kerberos5}
 	--with-kerberos5${krb5_prefix:+=${krb5_prefix}} \
@ -786,6 +789,10 @@ fi
 %endif

 %changelog
+* Tue Sep 13 2011 Jan F. Chadima <jchadima@redhat.com> - 5.9p1-8 + 0.9.2-32
+- coverity upgrade
+- experimental selinux sandbox
+
 * Tue Sep 13 2011 Jan F. Chadima <jchadima@redhat.com> - 5.9p1-7 + 0.9.2-32
 - fully reanable auditing