summarylogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--.SRCINFO10
-rw-r--r--PKGBUILD11
-rw-r--r--tuntap.patch35
3 files changed, 50 insertions, 6 deletions
diff --git a/.SRCINFO b/.SRCINFO
index 4bcbedbacc82..3ab67870e582 100644
--- a/.SRCINFO
+++ b/.SRCINFO
@@ -1,7 +1,7 @@
pkgbase = openssh-selinux
- pkgdesc = Free version of the SSH connectivity tools with SELinux support
+ pkgdesc = Premier connectivity tool for remote login with the SSH protocol, with SELinux support
pkgver = 7.7p1
- pkgrel = 1
+ pkgrel = 2
url = https://www.openssh.com/portable.html
arch = x86_64
groups = selinux
@@ -14,8 +14,8 @@ pkgbase = openssh-selinux
depends = libselinux
optdepends = xorg-xauth: X11 forwarding
optdepends = x11-ssh-askpass: input passphrase in X
- provides = openssh=7.7p1-1
- provides = selinux-openssh=7.7p1-1
+ provides = openssh=7.7p1-2
+ provides = selinux-openssh=7.7p1-2
conflicts = openssh
conflicts = selinux-openssh
backup = etc/ssh/ssh_config
@@ -24,6 +24,7 @@ pkgbase = openssh-selinux
source = https://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-7.7p1.tar.gz
source = https://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-7.7p1.tar.gz.asc
source = openssl-1.1.0.patch
+ source = tuntap.patch
source = sshdgenkeys.service
source = sshd@.service
source = sshd.service
@@ -34,6 +35,7 @@ pkgbase = openssh-selinux
sha256sums = d73be7e684e99efcd024be15a30bffcbe41b012b2f7b3c9084aed621775e6b8f
sha256sums = SKIP
sha256sums = fa91849cc3161916f563bda5413676342e0bcc2705857e9d01b73c70e4904adf
+ sha256sums = bd3698425ece4853d67a9f9e934d37ad22948754c9b82e0a872eb854e94220ce
sha256sums = 4031577db6416fcbaacf8a26a024ecd3939e5c10fe6a86ee3f0eea5093d533b7
sha256sums = 3a0845737207f4eda221c9c9fb64e766ade9684562d8ba4f705f7ae6826886e5
sha256sums = c5ed9fa629f8f8dbf3bae4edbad4441c36df535088553fe82695c52d7bde30aa
diff --git a/PKGBUILD b/PKGBUILD
index 0650cab6d920..3fd34a1216c0 100644
--- a/PKGBUILD
+++ b/PKGBUILD
@@ -5,11 +5,14 @@
# SELinux Maintainer: Nicolas Iooss (nicolas <dot> iooss <at> m4x <dot> org)
# SELinux Contributor: Timothée Ravier <tim@siosm.fr>
# SELinux Contributor: Nicky726 <Nicky726@gmail.com>
+#
+# This PKGBUILD is maintained on https://github.com/archlinuxhardened/selinux.
+# If you want to help keep it up to date, please open a Pull Request there.
pkgname=openssh-selinux
pkgver=7.7p1
-pkgrel=1
-pkgdesc='Free version of the SSH connectivity tools with SELinux support'
+pkgrel=2
+pkgdesc='Premier connectivity tool for remote login with the SSH protocol, with SELinux support'
url='https://www.openssh.com/portable.html'
license=('custom:BSD')
arch=('x86_64')
@@ -24,6 +27,7 @@ groups=('selinux')
validpgpkeys=('59C2118ED206D927E667EBE3D3E5F56B6D920D30')
source=("https://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/${pkgname/-selinux}-${pkgver}.tar.gz"{,.asc}
'openssl-1.1.0.patch'
+ 'tuntap.patch'
'sshdgenkeys.service'
'sshd@.service'
'sshd.service'
@@ -33,6 +37,7 @@ source=("https://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/${pkgname/-selinux
sha256sums=('d73be7e684e99efcd024be15a30bffcbe41b012b2f7b3c9084aed621775e6b8f'
'SKIP'
'fa91849cc3161916f563bda5413676342e0bcc2705857e9d01b73c70e4904adf'
+ 'bd3698425ece4853d67a9f9e934d37ad22948754c9b82e0a872eb854e94220ce'
'4031577db6416fcbaacf8a26a024ecd3939e5c10fe6a86ee3f0eea5093d533b7'
'3a0845737207f4eda221c9c9fb64e766ade9684562d8ba4f705f7ae6826886e5'
'c5ed9fa629f8f8dbf3bae4edbad4441c36df535088553fe82695c52d7bde30aa'
@@ -46,6 +51,8 @@ prepare() {
cd "${srcdir}/${pkgname/-selinux}-${pkgver}"
# OpenSSL 1.1.0 patch from http://vega.pgw.jp/~kabe/vsd/patch/openssh-7.4p1-openssl-1.1.0c.patch.html
patch -p1 -i ../openssl-1.1.0.patch
+
+ patch -p1 -i ../tuntap.patch
}
build() {
diff --git a/tuntap.patch b/tuntap.patch
new file mode 100644
index 000000000000..232d8e59b80c
--- /dev/null
+++ b/tuntap.patch
@@ -0,0 +1,35 @@
+From cfb1d9bc76734681e3dea532a1504fcd466fbe91 Mon Sep 17 00:00:00 2001
+From: Damien Miller <djm@mindrot.org>
+Date: Fri, 13 Apr 2018 13:38:06 +1000
+Subject: Fix tunnel forwarding broken in 7.7p1
+
+bz2855, ok dtucker@
+---
+ openbsd-compat/port-net.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/openbsd-compat/port-net.c b/openbsd-compat/port-net.c
+index 7050629..bb53562 100644
+--- a/openbsd-compat/port-net.c
++++ b/openbsd-compat/port-net.c
+@@ -185,7 +185,7 @@ sys_tun_open(int tun, int mode, char **ifname)
+ else
+ debug("%s: %s mode %d fd %d", __func__, ifr.ifr_name, mode, fd);
+
+- if (ifname != NULL && (*ifname = strdup(ifr.ifr_name)))
++ if (ifname != NULL && (*ifname = strdup(ifr.ifr_name)) == NULL)
+ goto failed;
+
+ return (fd);
+@@ -272,7 +272,7 @@ sys_tun_open(int tun, int mode, char **ifname)
+ goto failed;
+ }
+
+- if (ifname != NULL && (*ifname = strdup(ifr.ifr_name)))
++ if (ifname != NULL && (*ifname = strdup(ifr.ifr_name)) == NULL)
+ goto failed;
+
+ close(sock);
+--
+cgit v1.1
+