Added optional chroot patch. Note that this is not the one from the contrib directory. The contrib patch doesn't seem to be in sync with the release so I added a revised one by Hank Leininger from the openssh-unix-dev list.

24 years ago · 55c5dfa9dc
2 changed files with 87 additions and 3 deletions
--- a/openssh/openssh-chroot.diff
+++ b/openssh/openssh-chroot.diff
@ -0,0 +1,79 @@
+--- openssh-3.0.2p1/session.c.orig	Sat Dec  1 18:37:08 2001
+++ openssh-3.0.2p1/session.c	Thu Dec 20 14:35:11 2001
+@@ -1038,6 +1038,10 @@
+ 	struct stat st;
+ 	char *argv[10];
+ 	int do_xauth;
+#ifdef HAVE_CHROOT
+	char *user_dir;
+	char *new_root;
+#endif /* HAVE_CHROOT */
+ #ifdef WITH_IRIX_PROJECT
+ 	prid_t projid;
+ #endif /* WITH_IRIX_PROJECT */
+@@ -1111,6 +1115,24 @@
+ 
+ 			if (setlogin(pw->pw_name) < 0)
+ 				error("setlogin failed: %s", strerror(errno));
+#ifdef HAVE_CHROOT
+			user_dir = xstrdup(pw->pw_dir);
+			new_root = user_dir + 1;  										  
+			while((new_root = strchr(new_root, '.')) != NULL) {
+			  new_root--;
+			  if(strncmp(new_root, "/./", 3) == 0) {
+			    *new_root = '\0';
+			    new_root += 2;
+
+			    if(chroot(user_dir) != 0)
+			      fatal("Couldn't chroot to user directory %s", user_dir);
+
+			    pw->pw_dir = new_root;
+			    break;
+			  }
+			  new_root += 2;
+			}
+#endif /* HAVE_CHROOT */
+ 			if (setgid(pw->pw_gid) < 0) {
+ 				perror("setgid");
+ 				exit(1);
+--- openssh-3.0.2p1/configure.ac.orig	Thu Dec 20 14:25:33 2001
+++ openssh-3.0.2p1/configure.ac	Thu Dec 20 14:28:58 2001
+@@ -1721,6 +1721,18 @@
+ 	]
+ )
+ 
+# Check whether to enable chroot support
+CHROOT_MSG="no" 
+AC_ARG_WITH(chroot,
+	[  --with-chroot           Enable use of chroot home directories],
+	[
+		if test "x$withval" != "xno" ; then
+			AC_DEFINE(HAVE_CHROOT)
+			MD5_MSG="yes"
+		fi
+	]
+)
+
+ # Whether to disable shadow password support
+ AC_ARG_WITH(shadow,
+ 	[  --without-shadow        Disable shadow password support],
+@@ -2207,6 +2219,7 @@
+ echo "                 S/KEY support: $SKEY_MSG"
+ echo "          TCP Wrappers support: $TCPW_MSG"
+ echo "          MD5 password support: $MD5_MSG"
+echo "                chroot support: $CHROOT_MSG"
+ echo "   IP address in \$DISPLAY hack: $DISPLAY_HACK_MSG"
+ echo "      Use IPv4 by default hack: $IPV4_HACK_MSG"
+ echo "       Translate v4 in v6 hack: $IPV4_IN6_HACK_MSG"
+--- openssh-3.0.2p1/config.h.in.orig	Thu Dec 20 14:43:20 2001
+++ openssh-3.0.2p1/config.h.in	Thu Dec 20 14:44:08 2001
+@@ -780,6 +780,9 @@
+ /* Define if you have the `__b64_ntop' function. */
+ #undef HAVE___B64_NTOP
+ 
+/* Define if you want the chroot capability */
+#undef HAVE_CHROOT
+
+ /* The size of a `char', as computed by sizeof. */
+ #undef SIZEOF_CHAR
+ 
--- a/openssh/openssh.spec
+++ b/openssh/openssh.spec
@ -23,8 +23,9 @@
 ##  SUCH DAMAGE.
 ##

-%define       with_pcre    yes
-%define       with_skey    no
+%define       with_pcre           yes
+%define       with_skey           no
+%define       with_chroot         no

 #   package information
 Name:         openssh
@ -36,7 +37,7 @@ Distribution: OpenPKG [REL]
 Group:        Cryptography
 License:      BSD
 Version:      3.0.2p1
-Release:      20020206
+Release:      20020307

 #   list of sources
 Source0:      ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-%{version}.tar.gz
@ -45,6 +46,7 @@ Source2:      rc.openssh
 Source3:      sshd_config
 Source4:      ssh_config
 Source5:      ssh-askpass
+Patch0:       openssh-chroot.diff

 #   build information
 Prefix:       %{l_prefix}
@ -74,6 +76,9 @@ AutoReqProv:  no
 %prep
    %setup0 -q -c -a 0
    %setup1 -q -T -D -a 1
+    %if "%{with_chroot}" == "yes"
+    %patch0 -p0
+    %endif

 %build
    #   build faked syslog(3) library