diff options
| author |   Lars Wendler <polynomial-c@gentoo.org> | 2015-01-31 18:05:36 +0000 |
|---|---|---|
| committer | Lars Wendler <polynomial-c@gentoo.org> | 2015-01-31 18:05:36 +0000 |
| commit | f47eca71b06aa9aa2954dde6e3c06814ba803621 (patch) | |
| tree | 33e7920267b0e6d6e57787806c2326a92c9243f8 | |
| parent | Stable for amd64, wrt bug #535900 (diff) | |
| download | historical-f47eca71b06aa9aa2954dde6e3c06814ba803621.tar.gz historical-f47eca71b06aa9aa2954dde6e3c06814ba803621.tar.bz2 historical-f47eca71b06aa9aa2954dde6e3c06814ba803621.zip | |
Removed old (and vulnerable) versions
Package-Manager: portage-2.2.15/cvs/Linux x86_64
Manifest-Sign-Key: 0x981CA6FC
| -rw-r--r-- | net-misc/openssh/ChangeLog | 15 | ||||
| -rw-r--r-- | net-misc/openssh/Manifest | 45 | ||||
| -rw-r--r-- | net-misc/openssh/files/openssh-5.9_p1-sshd-gssapi-multihomed.patch | 184 | ||||
| -rw-r--r-- | net-misc/openssh/files/openssh-6.3_p1-x509-glue.patch | 16 | ||||
| -rw-r--r-- | net-misc/openssh/files/openssh-6.5_p1-hpn-cipher-align.patch | 114 | ||||
| -rw-r--r-- | net-misc/openssh/files/openssh-6.6.1_p1.patch | 167 | ||||
| -rw-r--r-- | net-misc/openssh/files/openssh-6.6_p1-openssl-ignore-status.patch | 17 | ||||
| -rw-r--r-- | net-misc/openssh/files/openssh-6.6_p1-x509-glue.patch | 16 | ||||
| -rw-r--r-- | net-misc/openssh/files/openssh-6.6_p1-x509-hpn14v4-glue-p2.patch | 26 | ||||
| -rw-r--r-- | net-misc/openssh/openssh-6.6.1_p1-r4.ebuild | 321 | ||||
| -rw-r--r-- | net-misc/openssh/openssh-6.6_p1-r1.ebuild | 317 | ||||
| -rw-r--r-- | net-misc/openssh/openssh-6.7_p1-r1.ebuild | 322 | ||||
| -rw-r--r-- | net-misc/openssh/openssh-6.7_p1-r2.ebuild | 322 |
13 files changed, 27 insertions, 1855 deletions
diff --git a/net-misc/openssh/ChangeLog b/net-misc/openssh/ChangeLog index ac78f4563535..a16dffc0cc12 100644 --- a/net-misc/openssh/ChangeLog +++ b/net-misc/openssh/ChangeLog @@ -1,6 +1,17 @@ # ChangeLog for net-misc/openssh -# Copyright 1999-2014 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/net-misc/openssh/ChangeLog,v 1.542 2014/12/31 07:40:01 vapier Exp $ +# Copyright 1999-2015 Gentoo Foundation; Distributed under the GPL v2 +# $Header: /var/cvsroot/gentoo-x86/net-misc/openssh/ChangeLog,v 1.543 2015/01/31 18:05:34 polynomial-c Exp $ + + 31 Jan 2015; Lars Wendler <polynomial-c@gentoo.org> + -openssh-6.6_p1-r1.ebuild, -openssh-6.6.1_p1-r4.ebuild, + -openssh-6.7_p1-r1.ebuild, -openssh-6.7_p1-r2.ebuild, + -files/openssh-5.9_p1-sshd-gssapi-multihomed.patch, + -files/openssh-6.3_p1-x509-glue.patch, + -files/openssh-6.5_p1-hpn-cipher-align.patch, + -files/openssh-6.6_p1-openssl-ignore-status.patch, + -files/openssh-6.6.1_p1.patch, -files/openssh-6.6_p1-x509-glue.patch, + -files/openssh-6.6_p1-x509-hpn14v4-glue-p2.patch: + Removed old (and vulnerable) versions. 31 Dec 2014; Mike Frysinger <vapier@gentoo.org> openssh-6.7_p1.ebuild: Mark arm64/m68k/s390/sh stable. diff --git a/net-misc/openssh/Manifest b/net-misc/openssh/Manifest index 61de12cd0ece..79711c9c44fc 100644 --- a/net-misc/openssh/Manifest +++ b/net-misc/openssh/Manifest @@ -2,16 +2,9 @@ Hash: SHA256 AUX openssh-4.7_p1-GSSAPI-dns.patch 4494 SHA256 88a08f349258d4be5b2faa838a89fe1aa0196502990b745ac0e3a70dda30a0d7 SHA512 4d00a9ed79f66b92502c3e5ee580523f63d7b3643fe1bd330ff97994acce527d4d285d38199cef66eddc0ef68afabf7b268abc60cba871bac5d2e99045d4ac11 WHIRLPOOL 2f118fd2f016c529dbc31e8f2b6b418931e6770ab02c28b7feeaba93e84e7fcd1c742f4420a43a9fec0bdfaa4d4bc7cf14fb860c0a56c68a30e7b136fb60bcdb -AUX openssh-5.9_p1-sshd-gssapi-multihomed.patch 6622 SHA256 f5ae8419023d9e5f64c4273e43d60664d0079b5888ed999496038f295852e0ae SHA512 ffa45e97e585c8624792e039e7571b2bb5f38e4554de8bfc1d532f3348fa4a712ea1b6ca054e6a59ed1321a15cf1a9d3bdf3f399cec315346db89bae77abf57d WHIRLPOOL cc4871e3fb91a8075a13b5e49d7d3e0e83106bae0820ae3cf19d3427aad3d701b8f25b2cc2cc881a6315f8e5114fb82da9ca335acccb24afe221d66574fb7685 -AUX openssh-6.3_p1-x509-glue.patch 555 SHA256 1166dba2fe590dfee70119ce6dd79f535d7146d0afb8d36bf7a28505ba93a273 SHA512 1a3c2467215dde959fecdd563069d605f29632a7ffc385039a6fc90b2317ca56d463d0abb91a8bb594d321f64456f75a973bb62625deebe92f8787439416b82d WHIRLPOOL f894d19843a3c018efbe3ed365c8abbee52b1d7a3afea11b292a085996fef8d3cc9889a0e6ae596d4db876ed96efcb73d1823a677eac6779f8793c2fb3677cda AUX openssh-6.3_p1-x509-hpn14v2-glue.patch 1451 SHA256 d7179b3c16edd065977aaf56a410e2b9b237206fb619474f312972b430b73c8d SHA512 02577e3f718ff994bb4e962189f17048b4c03104d0a1981683f3c6a1d6d30701db368e132102c8396da2c0f5eb2f6602b26f32f74d19382af34bd9a93fc508f3 WHIRLPOOL b7d224d71634f380bd31b3a1dd3e588a29582255f717a6a308738ad58b485b693d827a53704479995ec2ebca53c9dc9b2113d8de52a1336b67ce83943f946b77 -AUX openssh-6.5_p1-hpn-cipher-align.patch 3024 SHA256 c79e3a201b2150e2fbc1e869233bac6acc27b2b126d4539cc09aa651fb2e60af SHA512 6efc2fa5f0e9b508e162bf20ab21d2c639888250387fa58ec0d812c7b1db125d8c654a0286a8ffc0d5530e5f0ec0ed723f3a5c0b7bd593b356aee2e811a1f4ec WHIRLPOOL 729c14b8d6f55d789ae2ea0e9cb2e0a4caba62dffced273de5c7254732e94673c1dc2d9e260d56e3a641e03ebab55d61c8ab7541fbf75957855b811def115677 AUX openssh-6.6.1_p1-x509-glue.patch 635 SHA256 381794bdfc4880da4411041ab1f795cba303644b0a35e88f0f452fca8c2bfbb8 SHA512 6d3adefc5449f812052221b69c588f9948e6116dd5c5644db4e0426264f06fd9a15f04364c2484ce03267f4a84b8806de7d7a7c9140538d73be9e7b50f4eeb47 WHIRLPOOL 823249e96f7175eef09f86dbcc67f6158c23f453eaa940a33c18a838389204cd3a43f5dccd39b6004e05cb05ea327d33be91c2ee1eb4525f13dc29e6943ea6b6 AUX openssh-6.6.1_p1-x509-hpn14v5-glue.patch 1003 SHA256 a8506f57fb67be25fcba9ee462abc083876f3524b442428a07cf0bbe78735bf5 SHA512 d63eba36ea8488de8bd77fd0b2d005a208f8cf77ae6cf161a063d7efb049b66c7d9f8a12e8fb2f85b73276ba07e52d766bbae26dfd5f2a8537cdd7d991ba94aa WHIRLPOOL a52b2ddbd65bbee865b9fee8dcac6d29cf3a7af61431550bc2f32f9b147bc03fb448cf65e56531c11ec6bb2361515b47a6d9c13db62723e631ea0ef3fc937f6c -AUX openssh-6.6.1_p1.patch 5808 SHA256 de51ab9b8e7454223961487e07aecd82c59d3aa53f6cd47802089b4531674b2d SHA512 dbb00268579a067f835af83f77301ff3758e0cf63bf173073ceca7457e22635e9ca9482955cab21327894e390a8608e6f2463dfc658f8e75f36bba893d8bfe62 WHIRLPOOL 59cd55d08e32cd98db3f4721e09578a64c724b1bee7945dcdb6381fdf70d0b95c5a98977f2624a86eccf96cc9edca0fb13183571b539c4b3feb7e4fb1be3609a -AUX openssh-6.6_p1-openssl-ignore-status.patch 741 SHA256 604b0a5365c1b01c9ab26bf1a60acfe43246e1e44e2f0e78d7ec1e47856599e4 SHA512 578afe9ddb836d16d90eb8b0cf10e9282d9c5c5e639962034490cec0aab1bf98cae9b46fe7850446d0cdd93e848d98ca7ed0bdf2bfec6aad418f4c962d4ea08d WHIRLPOOL d30c079eee59281aa87935ad948c59a4c01f858b88d701575d58737cfe555a5229a5f921bfebe34a69dcd15d2dc5efc062050d183ad5a90180aed4e5b3cdadf4 -AUX openssh-6.6_p1-x509-glue.patch 556 SHA256 b37b83b058ff9fb25742d202e0169afc204f135012624bb2811dcacfa9fb346b SHA512 e9535477fe4b0232d2a06edb9f73d8c50baa77ddcffd166624ea8352f298ad119622347c62c1d1e555318e9e6c7d981d2e9b03c388281b6347943861e8813aea WHIRLPOOL 4f01d975e598ce0fe2160e52dbd8251fd5cdf95880d1ef09b730457620f48038156d4bf21c0810978bfc65c9feb90cdfed97aa20018bc175759096dcd3a044d0 -AUX openssh-6.6_p1-x509-hpn14v4-glue-p2.patch 999 SHA256 748f7caa953028da111d6f18ba91652a4821bc9bca60f5d4a90a6501c0098853 SHA512 d1b3790fc164c803e81c803b9e19e0bc351d2b9f353edb1d3531139898b372731b46fab5974a084830b2bab889b06fa33ce23b7d941f7d61da073c1bbfc5ff51 WHIRLPOOL c1d674b8e1cdc48dd0d8b2e7c8bf8e68cec757578f1217555e37eda8723e83e93b2ce183462499ad2165723eca2350544f810a1d6ec95ce4537a527f7918f117 AUX openssh-6.7_p1-openssl-ignore-status.patch 765 SHA256 b068cc30d4bce5c457cea78233396c9793864ec909f810dd0be87d913673433a SHA512 ab15d6dfdb8d59946684501f6f30ac0eb82676855b7b57f19f2027a7ada072f9062fcb96911111a50cfc3838492faddd282db381ec83d22462644ccddccf0ae7 WHIRLPOOL c0a4ff69d65eeb40c1ace8d5be6f8e59044a8f16dc6b37e87393e79ab80935abf30a9d2a6babc043aba0477f5f79412e1ae5d373daba580178fd85ca1f60e60b AUX openssh-6.7_p1-sctp-x509-glue.patch 1326 SHA256 42eb87eda1685e19add23c1304f17dabd99a1a38a57bfe2bfbb70ab85f6d385e SHA512 7f014e2b1893a5240680e2e14475d61b9b6047d1be3fe404d5971a899c122cc624546e9e5b31bfee5905cf7b4605a0871c3b00ed5c2bd28d84755a49392e1a69 WHIRLPOOL 8d6888163068dbc486bc4eff0dd7d4053f68b9848347eb520dd7d382b0b8c74e3016f7f3ed401c2c2dfd48e73a9077fb9777d39c0f236cc500c53393be426b42 AUX openssh-6.7_p1-sshd-gssapi-multihomed.patch 5489 SHA256 d2a1735b523709a4b4ceaa57862ecb21a95656678bacc5b7da59dc46187ad997 SHA512 a8b8d2c2ab4520c8c7315f6130ee44fec48935a129ce7c7e51a068a4de2c7528980437246b61e4abc4cff614466f8054c554cdbaad4eb0d1f4afcfb434c30bbc WHIRLPOOL e4b97398c324360576a04792357f66be3ed9f17e4113f75275f8422ee0b7ecf28073c7cde01a63e24fa0901b14db822d22d7d2c5936bbee3bd5874a867066967 @@ -22,39 +15,29 @@ AUX sshd.rc6.4 2313 SHA256 97221a017d8ee9de996277c5a794d973a0b5e8180c29c97b3652b AUX sshd.service 242 SHA256 1351c43fe8287f61255ace9fa20790f770d69296b4dd31b0c583983d4cc59843 SHA512 77f50c85a2c944995a39819916eb860cfdc1aff90986e93282e669a0de73c287ecb92d550fd118cfcc8ab538eab677e0d103b23cd959b7e8d9801bc37250c39c WHIRLPOOL 0f5c48d709274c526ceee4f26e35dcb00816ffa9d6661acc1e4e462acb38c3c6108b0e87783eff9da1b1868127c5550c57a5a0a9d7270b927ac4b92191876989 AUX sshd.socket 136 SHA256 c055abcd10c5d372119cbc3708661ddffccdee7a1de1282559c54d03e2f109d9 SHA512 4d31d373b7bdae917dc0cf05418c71d4743e98e354aefcf055f88f55c9c644a5a0e0e605dbb8372c1b98d17c0ea1c8c0fee27d38ab8dbe23c7e420a6a78c6d42 WHIRLPOOL 102d87b708c31e5994e8005437c78b1aa756c6def4ee9ae2fa9be1438f328fc28c9152a4ff2528941be18f1311594490ecd98b66716ec74e970aa3725a98e2e5 AUX sshd_at.service 176 SHA256 332f5ffc30456fe2494095c2aabd1e6e02075ce224e2d49708ac7ccf6d341998 SHA512 662a9c2668902633e6dbcb9435ac35bec3e224afdb2ab6a1df908618536ae9fc1958ba1d611e146c01fddb0c8f41eefdc26de78f45b7f165b1d6b2ee2f23be2a WHIRLPOOL aeb32351380dd674ef7a2e7b537f43116c189f7fddb8bdb8b2c109e9f62b0a73cc0f29f2d46270e658ab6409b8d3671ce9e0d0ba7c0d3674c2f85291a73e6df1 -DIST openssh-6.6.1p1-hpnssh14v5.diff.xz 20952 SHA256 fe31dfbc934be7c7c07ddcd2aef01083c62f225ee8097622aec23d536e118053 SHA512 4e62378e2378e158d8beb1a891aea7cd5197f8eb472e29f9cb01bffdcf98a936386598293a44dccea5b258604b83b95828c3146e284d082d519c4bf761734a97 WHIRLPOOL 6fa125eb13aada17da3b39afb9e588c38c51c3f637402840ee93164c6333c4812088817408ef5d3983062c8039ca54a1046b2dea99eed6e116af163547df3cf5 -DIST openssh-6.6p1+x509-7.9.diff.gz 224691 SHA256 463473f75c1dc250ea4eda21f2c79df6f0b479ea499d044cb51d73073881ca34 SHA512 dc9ee7f0589aa0ba8d3c1c40c505f99a811845d8952bf6bf6b8bd3a00ef4813f3b71db32aadf252d7a320a8bf9cdcdf30b71292869d7830cc42f15ce3d1f3c49 WHIRLPOOL 61158e0dac934d375758904382882e7cd276d076a95ba2be32d03f4a7c7969943bd8d63c269ff16ab78928d7c97465f6e417730be14b5efacf64a029e2f950d7 -DIST openssh-6.6p1+x509-8.0.diff.gz 235994 SHA256 bcacf522dd649e45b6f7bac7ef8bccee8afd770f540baabed74435f1f56cf8af SHA512 1f2bf2f9470cf69d24559371cd673f21c125b20e9bd7d51d26e64f4e487dd5d3ffb1316a7c2b309e0be246f91e7427fbc308d4f643f9983a7a838810cf403815 WHIRLPOOL 2d0d566f9d4d9bf626d8af82d8d6a0e3e57f980b69bade33a7af9ef18ae7ffd433bf5130ec6fc1e51e5a34962d459bae59378ade509dda5513f6f53a86f6430b -DIST openssh-6.6p1-hpnssh14v4.diff.xz 20932 SHA256 16dcc68c399990ec0c801d421d022ceeae0e3aec1e6ffd3fecc5e2f4768cc91b SHA512 7900ccf5ba5fcef5e6f3ed1b3263ad348a4bf63879905bbf9ce5212af64c7f4dae396989c67361ef1b5dfaf97a2d340b3bf75bf37f206b9a18ebee5d84044e2d WHIRLPOOL 163ce9e319cef4dcaf6f38f42afc3b75c6e89c38b43c04189c64c72b4b58bc3f9d7042c7b67243879c87cbe410a607296917e94ff042df2c0a29f2ef82792774 -DIST openssh-6.6p1.tar.gz 1282502 SHA256 48c1f0664b4534875038004cc4f3555b8329c2a81c1df48db5c517800de203bb SHA512 3d3566ed87649882702cad52db1adefebfb3ef788c9f77a493f99db7e9ca2e8edcde793dd426df7df0aed72a42a31c20a63ef51506111369d3a7c49e0bf6c82b WHIRLPOOL 8630c81481a813a92da9c302d22135fe519fcc4826a892080e5a15368d13a6b47947ef47d53aad0a34e6ea49ce4caccc8f06e8afc2c90db0402fbcc2184efe89 DIST openssh-6.7_p1-sctp.patch.xz 7408 SHA256 b33e82309195f2a3f21a9fb14e6da2080b096dcf0d6f1c36c93cdeac683fdd59 SHA512 35da5e58f857e8b24e63b4058e946b71fdf0fecc637cb7af0ba8913869e5aadf8317805838936c84dc24421f03c5c91e1670761bed152fdf325c5a509f1b5d04 WHIRLPOOL cc7bace4aa60d720914e3a6a4ff650b7543d9e4963deab12c19cb5d798547b4fe547690946ff8955e121339e9a3d0ebe06f3ff758cca4bb81a09ac43fc877f58 DIST openssh-6.7p1+x509-8.2.diff.gz 241798 SHA256 85acfcd560b40d4533b82a4e3f443b7137b377868bab424dacdf00581c83240f SHA512 d33ece7ddf382235b032875cf961845b308dc5e4cd1888cb68fee11c95066bb90938f9043cb9410f372efb578b61dfd5d50341da95a92fab5a4c209ac54e1f5e WHIRLPOOL b1fe2b88f0e77312099171f5c83dc670abc4c40d215fdff1e43161e44f806de9e0537cfa3a0001e1c7bbc0d0aed555079455f88b8ff313b00d8e9a19dabcb7d8 DIST openssh-6.7p1-hpnssh14v5.tar.xz 25652 SHA256 7284db65548b6b04142930da86972f96b1f5aa8ad3fc125134412f904f369d7e SHA512 21929805f40c79684ee3ecdb2b495d3204dca90b932aa633c4e0f6a093a417259cdeee10b3e49f3dff426febc6792f45ee23cc0688f05bf047630f3016e0926a WHIRLPOOL 5515cd4c745b061a3e92ac03e8121fb3ffc4b2ff116140625ca7ab2c0211c673b6345e5b08134df8b1743e03f9964017e789e1f0b9da99a0fd5970e14665e681 DIST openssh-6.7p1.tar.gz 1351367 SHA256 b2f8394eae858dabbdef7dac10b99aec00c95462753e80342e530bbb6f725507 SHA512 2469dfcd289948374843311dd9e5f7e144ce1cebd4bfce0d387d0b75cb59f3e1af1b9ebf96bd4ab6407dfa77a013c5d25742971053e61cae2541054aeaca559d WHIRLPOOL ac8ce86d0f6c78c4cb3624b480f189f951d508db38b22d7a5550b7302d5277c1c7d18eaa713d52139abc0f77edacfdb03ced2603125e3ddf9bc09c69e6b70518 -DIST openssh-lpk-6.5p1-0.3.14.patch.gz 18217 SHA256 ad678f366dd7ef63ee164e29b59a4a4d264de9ddf9ad2c1d59178779e83539f3 SHA512 16f0053663ffc9a0670dbf8956dc070e6891e1e47cb1fbbea9567a6a4368c5500bf7e2ff7a2eb7208e651a0121088c271fb0a6ece62b98d103b3337866374610 WHIRLPOOL 34ee5a67e4cb0eb5d8126fde5469b73e0c81d4a7795cd9849c671922227eb8a6767cecf3097acbff338a47c3a7930b285fa4ecf2ebe74cb2e9186f93ec70c40c DIST openssh-lpk-6.7p1-0.3.14.patch.xz 16920 SHA256 0203e6e44e41d58ec46d1611d7efc985134e662bbee51632c29f43ae809003f0 SHA512 344ccde4a04aeb1500400f779e64b2d8a5ad2970de3c4c343ca9605758e22d3812ef5453cd3221b18ad74a9762583c62417879107e4e1dda1398a6a65bcd04b2 WHIRLPOOL 5b6beeb743d04deea70c8b471a328b5f056fd4651e1370c7882e5d12f54fa2170486dcd6f97aa8c58e80af9a2d4012e2dfbcf53185317976d309783ca8d6cf73 -EBUILD openssh-6.6.1_p1-r4.ebuild 9995 SHA256 51403706d20087030b45e1cdaa63e450939bb36be790be7dadd9fb971dcada57 SHA512 1c0b2e3774601391d04c101a2faed7bce67c4aea962d730d2c3037a7dd5d60a620a4fdf7b833897b3b1fc9d7a124752b09247f3839acfa68fe572be6fe0ee2af WHIRLPOOL 47c20ccb64e8d417468ed21c42a7b3d8ec042d600a299ffe4fd1496f7da8d58d543427c0fc7674664fad4243a4d6987c58fa60b6c051af8482956b302ffb9924 -EBUILD openssh-6.6_p1-r1.ebuild 9874 SHA256 223b5e4c5d0d3152e8ffadd20e8bcc391620c779749cf6ff235f0d3a857f7409 SHA512 3104586dedfb189adc780bf56cb030f3a9c2427fe07ce340424ea4e279b6335653b2eb38f9d86a8f6ac76360cd94b87d858863fd79b2054763f72ccb83f1a0ed WHIRLPOOL 1bef688d59baf3cf10ce3ab60f3eeb6e6cf875989ffcf711628f56b34a1344838c3a46ae548399c49f11459e5dd2045fcef810691421e69ef02eb92489c22824 -EBUILD openssh-6.7_p1-r1.ebuild 9890 SHA256 64608df2cff77259d7884ec8995bc3d05ec45b6da1db995899adffb4866de052 SHA512 1ebd67293028c7093c56d52d714b376a51738a24578943461a057b1ba990da3111640738799a762ab6efafb741e032eb3d3370219e0172a2057c25e15bafeb8e WHIRLPOOL 08ac532869b34992d522a15a94f298a54c64c263f04876747202df4aedddbbc2ca6b7d921d880607550e2eb4c8d7fbe9d81c478188a5874e8934f4c8a30c6efd -EBUILD openssh-6.7_p1-r2.ebuild 9886 SHA256 72cc4af916e7a0126271ceb92e8581c31f92d7e84f7355ae9d0b04af02a9451d SHA512 0e7ad5a4bbce4936c03fe788a51467966191b344aec7e3493a3d939821c4d3e4de2f6e1083014e427067581f76bd4733d4580e15103d8c898279d108373f59dc WHIRLPOOL ca174a953a758915abecbba47490b30ed6e2aeca6ee37192601d883f3e9108eae57dac3f3ae3971ec34fc5b742a84faf5e940a664f832c4f5fa17e33a80e53e2 EBUILD openssh-6.7_p1-r3.ebuild 10078 SHA256 1a58e95c28b5b938f2f15b3fec5688dc9509bb038805b0348b11ac31ed3c57e0 SHA512 add8eaebb3c91983a7bac78011700c110917dea6409bf46e784d7e17b1891facb3baacaa0bda71eb2c9b6017fbf1a21b5846434fba8d588724da871e7824f498 WHIRLPOOL 47e04a0644a592e29aaa9ac00b03a377e81cdb1d886119c21a77a0a351c0cea34018a24406449faa814c2f06e1c03b43ac16a78983bb4a9f57c36834ad7babcb EBUILD openssh-6.7_p1.ebuild 10067 SHA256 970be3a06c0293262f6c59d068d290cc71935fe91f4295b1352b6c41c46c3bf7 SHA512 f2b689767c8da075f16e9e5d9fe258e22fb4019034539883d63632c1543d3141787883ec7013f87c23d709a554b4f994c4c2f41b1829e5301b55f7a5da3fbf46 WHIRLPOOL 8d70fd99a1f3307b801999a9c80be4bcc603cbc151170160d78a2fa8a50ceb701657cbb0b0eb9ccfe1287bff9299dcffb36f884b860a5ca88ac4a9936b21a574 -MISC ChangeLog 89721 SHA256 af92c5951fa98f5b76729e229aa3947e16261e9f69396b2dc147a622f500ce43 SHA512 170560d8493fc5177e4a30d00f0b00c39a9fee971d6401630cca24c6ff1d3228d9e57abb0d4321aae90b8de50e420516b2c8c212347de742987d7079bdc1ef77 WHIRLPOOL 8b5d588920fe0d6c36825c51b7d7bec154225c87eaa247909b2b234b6f91c18b68147b5a8d9208a97ac486d1e782f4ac5523b3a46e24db8411a4aafcd927cd05 +MISC ChangeLog 90257 SHA256 f7a985af1600728237b9b3c1b92b5c9ff25cda98fa445644091fee446975c8fb SHA512 8542aa9484ebcccb8db829eacf7a61dba1595280c5d6df163bee351720fd1e00437d5890853defc15e2516920d3980eaec50251f129a8aec2b5d03d7ec50803c WHIRLPOOL e349aec362a4d5d702650454fca7560af686a5d428cc9eff233c01b7f6145cfe5eb556ebe72726183aaf264055005574274faaa58b3b75475532b75aafbd8a7c MISC metadata.xml 1912 SHA256 7b838285f09ad395f237a0d0b9963eee86d0e85b58e6e5b4d5edb093fa888a0a SHA512 e55c10ffd12488720c3da19e55942cfedec63fe767fc1608439b5a3932eeb5488086ad7ef4e1f858c89381e737426f035845ea5e8bede4ed8a0ccabdc656d9b5 WHIRLPOOL 5c07b3dd4a4002cff5df62133ecf570bf79f58e9477d0ad25d60f185ee029183d11118147e3adfec373542659d921e99e787054cfe9284031c974d694de6e9ed -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 -iQIcBAEBCAAGBQJUo6hTAAoJEPGu1DbS6WIARocP/3zmkhm4YsWOXWh57mIjNgvi -tikpMSvrLnx7lwQu0ummprQkx3wn7CWOr1YQisDQgYDxxWPdQkMm5/aBA2LjE4df -sn8tbosOnImsQHwSqaBWPaRzJeip4IPJeg9EQZaYTD7W4FH+rK1r3fHDcOQDklAj -EX15hRmR21ChAnbr/sclxflJFsVecHIY+e/sDEr8vYzK2L9gf0PelG++0zSUB7ox -lF5+fro7MxhaUr7A2uF/1w85FnsOMshcNrnwn/rPsOvtZvhpF/bxuCRTz1VzGh/i -cO/x33h5l+zyavPXC7w3RRaCwHXT+XufSnM1NMXbmLXXN3VFtR3xIl1PlEcHcoH/ -pNyxtcaPcrPQpihiITHNuY6CQX6PhddN8m9rEdMxb9ZXCCKdojRpCLU9Xqib5ea/ -gD7fB99fLcLKJgeiRrKGR5y/ZVo7wVEMMfUeE0Qq1bjRh7i7+at8/RnPo4kPgtql -xAGNFVjoGUiVkHijBAN5lmX6hkpwscblR38PoMmHabRPUJlmDBsapPdOnfNyqHCU -/sOnZANhXX+1PFFDm2LssBr7NY2d0fp7HgkSOdRqdvXa2Enbvu3yqk//8ZtcC6cy -bP+xTH0Gse3g6N4Ve5JYJlP0nt51sCsr7EUTzHjYNTygw5JteOt+MWVXqHExhlbe -lg89s1huEI3z5h2V0WCH -=iFTm +iQIcBAEBCAAGBQJUzRlwAAoJEPiazRVxLXTFZ/0P/1CQN5gQLw4B04ZxRhu3YsDw +FB1B7v9N8f4X66sodjeKvdbYoAMfru7zQIfsQgL2+TTDU8X15fDKabXeDRCOi/1G +sfGoX3eqr6z0XWUk6NuNiOhO3QHsa++4py3gnzkI/qQTb6ih0c6rIIEElz9e0u1G +9bDodeMZi5cQDdUHYGVPdmwk+7hucMKG//vn13SpVQXNB2FsH8FWqoH1ZfgRWX/g +R73YNGveE6mZGzOGkvWsvAETOF4OTwqikYmkZRYias/7fLOuTVpJGLRaocH7xduE +WpnNF9ADPwVqnWfRoRVG+BLMpU/P7RU8yGuwit0gmijbnJGVGmVzLwKgEv8LhNOo +HORJK45kpQq1Q8wQRdrz6xXbE7NhKL+Wj2Kvu/CeGvWayoWNXVYepAOrms9eq6VY +HFgJ3f9de54pF5/dxYq4BG7+ndOYKnCod8d/q6HnoZmiZOhJwKy2r9bTsHpmb9gi +YWpXCUJ2MUPxBVbNHWXTa/TFoig6t75qylV2Qfhnkg52n2qouaXicQM1fmTcFkaj +i8EEppUdEVWywGIXvv2ZkoGGaslyaETWmBH0Iy7i0B3b8Ox1b4kMiKPDScnEjdkh +TrwY5Shv+q1wjjukkrvT8tQU9kHvn8Fdvj2zfAdfuv+O44pI/vKvrKfqvEMMQy26 +rK7P3i/fnMguMgL0jrlh +=rApf -----END PGP SIGNATURE----- diff --git a/net-misc/openssh/files/openssh-5.9_p1-sshd-gssapi-multihomed.patch b/net-misc/openssh/files/openssh-5.9_p1-sshd-gssapi-multihomed.patch deleted file mode 100644 index 6377d0362f57..000000000000 --- a/net-misc/openssh/files/openssh-5.9_p1-sshd-gssapi-multihomed.patch +++ /dev/null @@ -1,184 +0,0 @@ -Index: gss-serv.c -=================================================================== -RCS file: /cvs/src/usr.bin/ssh/gss-serv.c,v -retrieving revision 1.22 -diff -u -p -r1.22 gss-serv.c ---- gss-serv.c 8 May 2008 12:02:23 -0000 1.22 -+++ gss-serv.c 11 Jan 2010 05:38:29 -0000 -@@ -41,9 +41,12 @@ - #include "channels.h" - #include "session.h" - #include "misc.h" -+#include "servconf.h" - - #include "ssh-gss.h" - -+extern ServerOptions options; -+ - static ssh_gssapi_client gssapi_client = - { GSS_C_EMPTY_BUFFER, GSS_C_EMPTY_BUFFER, - GSS_C_NO_CREDENTIAL, NULL, {NULL, NULL, NULL}}; -@@ -77,25 +80,32 @@ ssh_gssapi_acquire_cred(Gssctxt *ctx) - char lname[MAXHOSTNAMELEN]; - gss_OID_set oidset; - -- gss_create_empty_oid_set(&status, &oidset); -- gss_add_oid_set_member(&status, ctx->oid, &oidset); -- -- if (gethostname(lname, MAXHOSTNAMELEN)) { -- gss_release_oid_set(&status, &oidset); -- return (-1); -- } -+ if (options.gss_strict_acceptor) { -+ gss_create_empty_oid_set(&status, &oidset); -+ gss_add_oid_set_member(&status, ctx->oid, &oidset); -+ -+ if (gethostname(lname, MAXHOSTNAMELEN)) { -+ gss_release_oid_set(&status, &oidset); -+ return (-1); -+ } -+ -+ if (GSS_ERROR(ssh_gssapi_import_name(ctx, lname))) { -+ gss_release_oid_set(&status, &oidset); -+ return (ctx->major); -+ } -+ -+ if ((ctx->major = gss_acquire_cred(&ctx->minor, -+ ctx->name, 0, oidset, GSS_C_ACCEPT, &ctx->creds, -+ NULL, NULL))) -+ ssh_gssapi_error(ctx); - -- if (GSS_ERROR(ssh_gssapi_import_name(ctx, lname))) { - gss_release_oid_set(&status, &oidset); - return (ctx->major); -+ } else { -+ ctx->name = GSS_C_NO_NAME; -+ ctx->creds = GSS_C_NO_CREDENTIAL; - } -- -- if ((ctx->major = gss_acquire_cred(&ctx->minor, -- ctx->name, 0, oidset, GSS_C_ACCEPT, &ctx->creds, NULL, NULL))) -- ssh_gssapi_error(ctx); -- -- gss_release_oid_set(&status, &oidset); -- return (ctx->major); -+ return GSS_S_COMPLETE; - } - - /* Privileged */ -Index: servconf.c -=================================================================== -RCS file: /cvs/src/usr.bin/ssh/servconf.c,v -retrieving revision 1.201 -diff -u -p -r1.201 servconf.c ---- servconf.c 10 Jan 2010 03:51:17 -0000 1.201 -+++ servconf.c 11 Jan 2010 05:34:56 -0000 -@@ -86,6 +86,7 @@ initialize_server_options(ServerOptions - options->kerberos_get_afs_token = -1; - options->gss_authentication=-1; - options->gss_cleanup_creds = -1; -+ options->gss_strict_acceptor = -1; - options->password_authentication = -1; - options->kbd_interactive_authentication = -1; - options->challenge_response_authentication = -1; -@@ -200,6 +201,8 @@ fill_default_server_options(ServerOption - options->gss_authentication = 0; - if (options->gss_cleanup_creds == -1) - options->gss_cleanup_creds = 1; -+ if (options->gss_strict_acceptor == -1) -+ options->gss_strict_acceptor = 0; - if (options->password_authentication == -1) - options->password_authentication = 1; - if (options->kbd_interactive_authentication == -1) -@@ -277,7 +280,8 @@ typedef enum { - sBanner, sUseDNS, sHostbasedAuthentication, - sHostbasedUsesNameFromPacketOnly, sClientAliveInterval, - sClientAliveCountMax, sAuthorizedKeysFile, -- sGssAuthentication, sGssCleanupCreds, sAcceptEnv, sPermitTunnel, -+ sGssAuthentication, sGssCleanupCreds, sGssStrictAcceptor, -+ sAcceptEnv, sPermitTunnel, - sMatch, sPermitOpen, sForceCommand, sChrootDirectory, - sUsePrivilegeSeparation, sAllowAgentForwarding, - sZeroKnowledgePasswordAuthentication, sHostCertificate, -@@ -327,9 +331,11 @@ static struct { - #ifdef GSSAPI - { "gssapiauthentication", sGssAuthentication, SSHCFG_ALL }, - { "gssapicleanupcredentials", sGssCleanupCreds, SSHCFG_GLOBAL }, -+ { "gssapistrictacceptorcheck", sGssStrictAcceptor, SSHCFG_GLOBAL }, - #else - { "gssapiauthentication", sUnsupported, SSHCFG_ALL }, - { "gssapicleanupcredentials", sUnsupported, SSHCFG_GLOBAL }, -+ { "gssapistrictacceptorcheck", sUnsupported, SSHCFG_GLOBAL }, - #endif - { "passwordauthentication", sPasswordAuthentication, SSHCFG_ALL }, - { "kbdinteractiveauthentication", sKbdInteractiveAuthentication, SSHCFG_ALL }, -@@ -850,6 +856,10 @@ process_server_config_line(ServerOptions - - case sGssCleanupCreds: - intptr = &options->gss_cleanup_creds; -+ goto parse_flag; -+ -+ case sGssStrictAcceptor: -+ intptr = &options->gss_strict_acceptor; - goto parse_flag; - - case sPasswordAuthentication: -Index: servconf.h -=================================================================== -RCS file: /cvs/src/usr.bin/ssh/servconf.h,v -retrieving revision 1.89 -diff -u -p -r1.89 servconf.h ---- servconf.h 9 Jan 2010 23:04:13 -0000 1.89 -+++ servconf.h 11 Jan 2010 05:32:28 -0000 -@@ -92,6 +92,7 @@ typedef struct { - * authenticated with Kerberos. */ - int gss_authentication; /* If true, permit GSSAPI authentication */ - int gss_cleanup_creds; /* If true, destroy cred cache on logout */ -+ int gss_strict_acceptor; /* If true, restrict the GSSAPI acceptor name */ - int password_authentication; /* If true, permit password - * authentication. */ - int kbd_interactive_authentication; /* If true, permit */ -Index: sshd_config -=================================================================== -RCS file: /cvs/src/usr.bin/ssh/sshd_config,v -retrieving revision 1.81 -diff -u -p -r1.81 sshd_config ---- sshd_config 8 Oct 2009 14:03:41 -0000 1.81 -+++ sshd_config 11 Jan 2010 05:32:28 -0000 -@@ -69,6 +69,7 @@ - # GSSAPI options - #GSSAPIAuthentication no - #GSSAPICleanupCredentials yes -+#GSSAPIStrictAcceptorCheck yes - - # Set this to 'yes' to enable PAM authentication, account processing, - # and session processing. If this is enabled, PAM authentication will -Index: sshd_config.5 -=================================================================== -RCS file: /cvs/src/usr.bin/ssh/sshd_config.5,v -retrieving revision 1.116 -diff -u -p -r1.116 sshd_config.5 ---- sshd_config.5 9 Jan 2010 23:04:13 -0000 1.116 -+++ sshd_config.5 11 Jan 2010 05:37:20 -0000 -@@ -386,6 +386,21 @@ on logout. - The default is - .Dq yes . - Note that this option applies to protocol version 2 only. -+.It Cm GSSAPIStrictAcceptorCheck -+Determines whether to be strict about the identity of the GSSAPI acceptor -+a client authenticates against. -+If set to -+.Dq yes -+then the client must authenticate against the -+.Pa host -+service on the current hostname. -+If set to -+.Dq no -+then the client may authenticate against any service key stored in the -+machine's default store. -+This facility is provided to assist with operation on multi homed machines. -+The default is -+.Dq yes . - .It Cm HostbasedAuthentication - Specifies whether rhosts or /etc/hosts.equiv authentication together - with successful public key client host authentication is allowed diff --git a/net-misc/openssh/files/openssh-6.3_p1-x509-glue.patch b/net-misc/openssh/files/openssh-6.3_p1-x509-glue.patch deleted file mode 100644 index f70d44a12796..000000000000 --- a/net-misc/openssh/files/openssh-6.3_p1-x509-glue.patch +++ /dev/null @@ -1,16 +0,0 @@ -make x509 apply after openssh-5.9_p1-sshd-gssapi-multihomed.patch - ---- openssh-6.3p1+x509-7.6.diff -+++ openssh-6.3p1+x509-7.6.diff -@@ -14784,10 +14784,9 @@ - .It Cm ChallengeResponseAuthentication - Specifies whether challenge-response authentication is allowed (e.g. via - PAM or though authentication styles supported in --@@ -490,6 +567,16 @@ -+@@ -490,5 +567,15 @@ - The default is - .Dq yes . -- Note that this option applies to protocol version 2 only. - +.It Cm HostbasedAlgorithms - +Specifies the protocol version 2 algorithms used in - +.Dq hostbased diff --git a/net-misc/openssh/files/openssh-6.5_p1-hpn-cipher-align.patch b/net-misc/openssh/files/openssh-6.5_p1-hpn-cipher-align.patch deleted file mode 100644 index cfb060fdc5f4..000000000000 --- a/net-misc/openssh/files/openssh-6.5_p1-hpn-cipher-align.patch +++ /dev/null @@ -1,114 +0,0 @@ -https://bugs.gentoo.org/498632 - -make sure we do not use unaligned loads/stores as some arches really hate that. - ---- a/cipher-ctr-mt.c -+++ b/cipher-ctr-mt.c -@@ -58,8 +58,16 @@ - /* Collect thread stats and print at cancellation when in debug mode */ - /* #define CIPHER_THREAD_STATS */ - --/* Use single-byte XOR instead of 8-byte XOR */ --/* #define CIPHER_BYTE_XOR */ -+/* Can the system do unaligned loads natively? */ -+#if defined(__aarch64__) || \ -+ defined(__i386__) || \ -+ defined(__powerpc__) || \ -+ defined(__x86_64__) -+# define CIPHER_UNALIGNED_OK -+#endif -+#if defined(__SIZEOF_INT128__) -+# define CIPHER_INT128_OK -+#endif - /*-------------------- END TUNABLES --------------------*/ - - -@@ -285,8 +293,20 @@ thread_loop(void *x) - - static int - ssh_aes_ctr(EVP_CIPHER_CTX *ctx, u_char *dest, const u_char *src, -- u_int len) -+ size_t len) - { -+ typedef union { -+#ifdef CIPHER_INT128_OK -+ __uint128_t *u128; -+#endif -+ uint64_t *u64; -+ uint32_t *u32; -+ uint8_t *u8; -+ const uint8_t *cu8; -+ uintptr_t u; -+ } ptrs_t; -+ ptrs_t destp, srcp, bufp; -+ uintptr_t align; - struct ssh_aes_ctr_ctx *c; - struct kq *q, *oldq; - int ridx; -@@ -301,35 +321,41 @@ ssh_aes_ctr(EVP_CIPHER_CTX *ctx, u_char *dest, const u_char *src, - ridx = c->ridx; - - /* src already padded to block multiple */ -+ srcp.cu8 = src; -+ destp.u8 = dest; - while (len > 0) { - buf = q->keys[ridx]; -+ bufp.u8 = buf; - --#ifdef CIPHER_BYTE_XOR -- dest[0] = src[0] ^ buf[0]; -- dest[1] = src[1] ^ buf[1]; -- dest[2] = src[2] ^ buf[2]; -- dest[3] = src[3] ^ buf[3]; -- dest[4] = src[4] ^ buf[4]; -- dest[5] = src[5] ^ buf[5]; -- dest[6] = src[6] ^ buf[6]; -- dest[7] = src[7] ^ buf[7]; -- dest[8] = src[8] ^ buf[8]; -- dest[9] = src[9] ^ buf[9]; -- dest[10] = src[10] ^ buf[10]; -- dest[11] = src[11] ^ buf[11]; -- dest[12] = src[12] ^ buf[12]; -- dest[13] = src[13] ^ buf[13]; -- dest[14] = src[14] ^ buf[14]; -- dest[15] = src[15] ^ buf[15]; --#else -- *(uint64_t *)dest = *(uint64_t *)src ^ *(uint64_t *)buf; -- *(uint64_t *)(dest + 8) = *(uint64_t *)(src + 8) ^ -- *(uint64_t *)(buf + 8); --#endif -+ /* figure out the alignment on the fly */ -+#ifdef CIPHER_UNALIGNED_OK -+ align = 0; -+#else -+ align = destp.u | srcp.u | bufp.u; -+#endif -+ -+#ifdef CIPHER_INT128_OK -+ if ((align & 0xf) == 0) { -+ destp.u128[0] = srcp.u128[0] ^ bufp.u128[0]; -+ } else -+#endif -+ if ((align & 0x7) == 0) { -+ destp.u64[0] = srcp.u64[0] ^ bufp.u64[0]; -+ destp.u64[1] = srcp.u64[1] ^ bufp.u64[1]; -+ } else if ((align & 0x3) == 0) { -+ destp.u32[0] = srcp.u32[0] ^ bufp.u32[0]; -+ destp.u32[1] = srcp.u32[1] ^ bufp.u32[1]; -+ destp.u32[2] = srcp.u32[2] ^ bufp.u32[2]; -+ destp.u32[3] = srcp.u32[3] ^ bufp.u32[3]; -+ } else { -+ size_t i; -+ for (i = 0; i < AES_BLOCK_SIZE; ++i) -+ dest[i] = src[i] ^ buf[i]; -+ } - -- dest += 16; -- src += 16; -- len -= 16; -+ destp.u += AES_BLOCK_SIZE; -+ srcp.u += AES_BLOCK_SIZE; -+ len -= AES_BLOCK_SIZE; - ssh_ctr_inc(ctx->iv, AES_BLOCK_SIZE); - - /* Increment read index, switch queues on rollover */ diff --git a/net-misc/openssh/files/openssh-6.6.1_p1.patch b/net-misc/openssh/files/openssh-6.6.1_p1.patch deleted file mode 100644 index 2a8a87cd5276..000000000000 --- a/net-misc/openssh/files/openssh-6.6.1_p1.patch +++ /dev/null @@ -1,167 +0,0 @@ -Hi, - -So I screwed up when writing the support for the curve25519 KEX method -that doesn't depend on OpenSSL's BIGNUM type - a bug in my code left -leading zero bytes where they should have been skipped. The impact of -this is that OpenSSH 6.5 and 6.6 will fail during key exchange with a -peer that implements curve25519-sha256 at libssh.org properly about 0.2% -of the time (one in every 512ish connections). - -We've fixed this for OpenSSH 6.7 by avoiding the curve25519-sha256 -key exchange for previous versions, but I'd recommend distributors -of OpenSSH apply this patch so the affected code doesn't become -too entrenched in LTS releases. - -The patch fixes the bug and makes OpenSSH identify itself as 6.6.1 so as -to distinguish itself from the incorrect versions so the compatibility -code to disable the affected KEX isn't activated. - -I've committed this on the 6.6 branch too. - -Apologies for the hassle. - --d - -Index: version.h -=================================================================== -RCS file: /var/cvs/openssh/version.h,v -retrieving revision 1.82 -diff -u -p -r1.82 version.h ---- version.h 27 Feb 2014 23:01:54 -0000 1.82 -+++ version.h 20 Apr 2014 03:35:15 -0000 -@@ -1,6 +1,6 @@ - /* $OpenBSD: version.h,v 1.70 2014/02/27 22:57:40 djm Exp $ */ - --#define SSH_VERSION "OpenSSH_6.6" -+#define SSH_VERSION "OpenSSH_6.6.1" - - #define SSH_PORTABLE "p1" - #define SSH_RELEASE SSH_VERSION SSH_PORTABLE -Index: compat.c -=================================================================== -RCS file: /var/cvs/openssh/compat.c,v -retrieving revision 1.82 -retrieving revision 1.85 -diff -u -p -r1.82 -r1.85 ---- compat.c 31 Dec 2013 01:25:41 -0000 1.82 -+++ compat.c 20 Apr 2014 03:33:59 -0000 1.85 -@@ -95,6 +95,9 @@ compat_datafellows(const char *version) - { "Sun_SSH_1.0*", SSH_BUG_NOREKEY|SSH_BUG_EXTEOF}, - { "OpenSSH_4*", 0 }, - { "OpenSSH_5*", SSH_NEW_OPENSSH|SSH_BUG_DYNAMIC_RPORT}, -+ { "OpenSSH_6.6.1*", SSH_NEW_OPENSSH}, -+ { "OpenSSH_6.5*," -+ "OpenSSH_6.6*", SSH_NEW_OPENSSH|SSH_BUG_CURVE25519PAD}, - { "OpenSSH*", SSH_NEW_OPENSSH }, - { "*MindTerm*", 0 }, - { "2.1.0*", SSH_BUG_SIGBLOB|SSH_BUG_HMAC| -@@ -251,7 +254,6 @@ compat_cipher_proposal(char *cipher_prop - return cipher_prop; - } - -- - char * - compat_pkalg_proposal(char *pkalg_prop) - { -@@ -263,5 +265,18 @@ compat_pkalg_proposal(char *pkalg_prop) - if (*pkalg_prop == '\0') - fatal("No supported PK algorithms found"); - return pkalg_prop; -+} -+ -+char * -+compat_kex_proposal(char *kex_prop) -+{ -+ if (!(datafellows & SSH_BUG_CURVE25519PAD)) -+ return kex_prop; -+ debug2("%s: original KEX proposal: %s", __func__, kex_prop); -+ kex_prop = filter_proposal(kex_prop, "curve25519-sha256@libssh.org"); -+ debug2("%s: compat KEX proposal: %s", __func__, kex_prop); -+ if (*kex_prop == '\0') -+ fatal("No supported key exchange algorithms found"); -+ return kex_prop; - } - -Index: compat.h -=================================================================== -RCS file: /var/cvs/openssh/compat.h,v -retrieving revision 1.42 -retrieving revision 1.43 -diff -u -p -r1.42 -r1.43 ---- compat.h 31 Dec 2013 01:25:41 -0000 1.42 -+++ compat.h 20 Apr 2014 03:25:31 -0000 1.43 -@@ -59,6 +59,7 @@ - #define SSH_BUG_RFWD_ADDR 0x02000000 - #define SSH_NEW_OPENSSH 0x04000000 - #define SSH_BUG_DYNAMIC_RPORT 0x08000000 -+#define SSH_BUG_CURVE25519PAD 0x10000000 - - void enable_compat13(void); - void enable_compat20(void); -@@ -66,6 +67,7 @@ void compat_datafellows(const char * - int proto_spec(const char *); - char *compat_cipher_proposal(char *); - char *compat_pkalg_proposal(char *); -+char *compat_kex_proposal(char *); - - extern int compat13; - extern int compat20; -Index: sshd.c -=================================================================== -RCS file: /var/cvs/openssh/sshd.c,v -retrieving revision 1.448 -retrieving revision 1.453 -diff -u -p -r1.448 -r1.453 ---- sshd.c 26 Feb 2014 23:20:08 -0000 1.448 -+++ sshd.c 20 Apr 2014 03:28:41 -0000 1.453 -@@ -2462,6 +2438,9 @@ do_ssh2_kex(void) - if (options.kex_algorithms != NULL) - myproposal[PROPOSAL_KEX_ALGS] = options.kex_algorithms; - -+ myproposal[PROPOSAL_KEX_ALGS] = compat_kex_proposal( -+ myproposal[PROPOSAL_KEX_ALGS]); -+ - if (options.rekey_limit || options.rekey_interval) - packet_set_rekey_limits((u_int32_t)options.rekey_limit, - (time_t)options.rekey_interval); -Index: sshconnect2.c -=================================================================== -RCS file: /var/cvs/openssh/sshconnect2.c,v -retrieving revision 1.197 -retrieving revision 1.199 -diff -u -p -r1.197 -r1.199 ---- sshconnect2.c 4 Feb 2014 00:20:16 -0000 1.197 -+++ sshconnect2.c 20 Apr 2014 03:25:31 -0000 1.199 -@@ -195,6 +196,8 @@ ssh_kex2(char *host, struct sockaddr *ho - } - if (options.kex_algorithms != NULL) - myproposal[PROPOSAL_KEX_ALGS] = options.kex_algorithms; -+ myproposal[PROPOSAL_KEX_ALGS] = compat_kex_proposal( -+ myproposal[PROPOSAL_KEX_ALGS]); - - if (options.rekey_limit || options.rekey_interval) - packet_set_rekey_limits((u_int32_t)options.rekey_limit, -Index: bufaux.c -=================================================================== -RCS file: /var/cvs/openssh/bufaux.c,v -retrieving revision 1.62 -retrieving revision 1.63 -diff -u -p -r1.62 -r1.63 ---- bufaux.c 4 Feb 2014 00:20:15 -0000 1.62 -+++ bufaux.c 20 Apr 2014 03:24:50 -0000 1.63 -@@ -1,4 +1,4 @@ --/* $OpenBSD: bufaux.c,v 1.56 2014/02/02 03:44:31 djm Exp $ */ -+/* $OpenBSD: bufaux.c,v 1.57 2014/04/16 23:22:45 djm Exp $ */ - /* - * Author: Tatu Ylonen <ylo@cs.hut.fi> - * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland -@@ -372,6 +372,9 @@ buffer_put_bignum2_from_string(Buffer *b - - if (l > 8 * 1024) - fatal("%s: length %u too long", __func__, l); -+ /* Skip leading zero bytes */ -+ for (; l > 0 && *s == 0; l--, s++) -+ ; - p = buf = xmalloc(l + 1); - /* - * If most significant bit is set then prepend a zero byte to diff --git a/net-misc/openssh/files/openssh-6.6_p1-openssl-ignore-status.patch b/net-misc/openssh/files/openssh-6.6_p1-openssl-ignore-status.patch deleted file mode 100644 index 6db6b97dbead..000000000000 --- a/net-misc/openssh/files/openssh-6.6_p1-openssl-ignore-status.patch +++ /dev/null @@ -1,17 +0,0 @@ -the last nibble of the openssl version represents the status. that is, -whether it is a beta or release. when it comes to version checks in -openssh, this component does not matter, so ignore it. - -https://bugzilla.mindrot.org/show_bug.cgi?id=2212 - ---- a/entropy.c -+++ b/entropy.c -@@ -216,7 +216,7 @@ seed_rng(void) - * allow 1.0.1 to work with 1.0.0). Going backwards is only allowed - * within a patch series. - */ -- u_long version_mask = SSLeay() >= 0x1000000f ? ~0xffff0L : ~0xff0L; -+ u_long version_mask = SSLeay() >= 0x1000000f ? ~0xfffffL : ~0xff0L; - if (((SSLeay() ^ OPENSSL_VERSION_NUMBER) & version_mask) || - (SSLeay() >> 12) < (OPENSSL_VERSION_NUMBER >> 12)) - fatal("OpenSSL version mismatch. Built against %lx, you " diff --git a/net-misc/openssh/files/openssh-6.6_p1-x509-glue.patch b/net-misc/openssh/files/openssh-6.6_p1-x509-glue.patch deleted file mode 100644 index 0ba3e456f91f..000000000000 --- a/net-misc/openssh/files/openssh-6.6_p1-x509-glue.patch +++ /dev/null @@ -1,16 +0,0 @@ -Make x509 apply after openssh-5.9_p1-sshd-gssapi-multihomed.patch. - ---- openssh-6.6p1+x509-7.9.diff -+++ openssh-6.6p1+x509-7.9.diff -@@ -15473,10 +15473,9 @@ - .It Cm ChallengeResponseAuthentication - Specifies whether challenge-response authentication is allowed (e.g. via - PAM or though authentication styles supported in --@@ -499,6 +576,16 @@ -+@@ -499,5 +576,15 @@ - The default is - .Dq yes . -- Note that this option applies to protocol version 2 only. - +.It Cm HostbasedAlgorithms - +Specifies the protocol version 2 algorithms used in - +.Dq hostbased diff --git a/net-misc/openssh/files/openssh-6.6_p1-x509-hpn14v4-glue-p2.patch b/net-misc/openssh/files/openssh-6.6_p1-x509-hpn14v4-glue-p2.patch deleted file mode 100644 index a69830e08968..000000000000 --- a/net-misc/openssh/files/openssh-6.6_p1-x509-hpn14v4-glue-p2.patch +++ /dev/null @@ -1,26 +0,0 @@ -make the hpn patch apply when the x509 patch has also been applied - ---- openssh-6.6p1-hpnssh14v4.diff -+++ openssh-6.6p1-hpnssh14v4.diff -@@ -1742,18 +1742,14 @@ - if (options->ip_qos_interactive == -1) - options->ip_qos_interactive = IPTOS_LOWDELAY; - if (options->ip_qos_bulk == -1) --@@ -345,9 +393,10 @@ -+@@ -345,6 +393,7 @@ - sUsePrivilegeSeparation, sAllowAgentForwarding, - sHostCertificate, - sRevokedKeys, sTrustedUserCAKeys, sAuthorizedPrincipalsFile, --+ sTcpRcvBufPoll, sHPNDisabled, sHPNBufferSize, -++ sTcpRcvBufPoll, sHPNDisabled, sHPNBufferSize, sNoneEnabled, - sKexAlgorithms, sIPQoS, sVersionAddendum, - sAuthorizedKeysCommand, sAuthorizedKeysCommandUser, --- sAuthenticationMethods, sHostKeyAgent, --+ sAuthenticationMethods, sNoneEnabled, sHostKeyAgent, -- sDeprecated, sUnsupported -- } ServerOpCodes; -- -+ sAuthenticationMethods, sHostKeyAgent, - @@ -468,6 +517,10 @@ - { "revokedkeys", sRevokedKeys, SSHCFG_ALL }, - { "trustedusercakeys", sTrustedUserCAKeys, SSHCFG_ALL }, diff --git a/net-misc/openssh/openssh-6.6.1_p1-r4.ebuild b/net-misc/openssh/openssh-6.6.1_p1-r4.ebuild deleted file mode 100644 index 399eaa73263a..000000000000 --- a/net-misc/openssh/openssh-6.6.1_p1-r4.ebuild +++ /dev/null @@ -1,321 +0,0 @@ -# Copyright 1999-2014 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/net-misc/openssh/openssh-6.6.1_p1-r4.ebuild,v 1.2 2014/11/15 20:13:58 vapier Exp $ - -EAPI="4" -inherit eutils user flag-o-matic multilib autotools pam systemd versionator - -# Make it more portable between straight releases -# and _p? releases. -PARCH=${P/.1_} - -#HPN_PATCH="${PN}-6.6p1-hpnssh14v4.diff.gz" -HPN_PATCH="${PN}-6.6.1p1-hpnssh14v5.diff.xz" -LDAP_PATCH="${PN}-lpk-6.5p1-0.3.14.patch.gz" -X509_VER="8.0" X509_PATCH="${PARCH}+x509-${X509_VER}.diff.gz" - -DESCRIPTION="Port of OpenBSD's free SSH release" -HOMEPAGE="http://www.openssh.org/" -SRC_URI="mirror://openbsd/OpenSSH/portable/${PARCH}.tar.gz - ${HPN_PATCH:+hpn? ( http://dev.gentoo.org/~polynomial-c/${HPN_PATCH} )} - ${LDAP_PATCH:+ldap? ( mirror://gentoo/${LDAP_PATCH} )} - ${X509_PATCH:+X509? ( http://roumenpetrov.info/openssh/x509-${X509_VER}/${X509_PATCH} )} - " - #${HPN_PATCH:+hpn? ( mirror://sourceforge/hpnssh/${HPN_PATCH} )} - -LICENSE="BSD GPL-2" -SLOT="0" -KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~arm-linux ~x86-linux" -IUSE="bindist ${HPN_PATCH:++}hpn kerberos ldap ldns libedit pam +pie selinux skey static tcpd X X509" -REQUIRED_USE="pie? ( !static )" - -LIB_DEPEND="selinux? ( >=sys-libs/libselinux-1.28[static-libs(+)] ) - skey? ( >=sys-auth/skey-1.1.5-r1[static-libs(+)] ) - libedit? ( dev-libs/libedit[static-libs(+)] ) - >=dev-libs/openssl-0.9.6d:0[bindist=] - dev-libs/openssl[static-libs(+)] - >=sys-libs/zlib-1.2.3[static-libs(+)] - tcpd? ( >=sys-apps/tcp-wrappers-7.6[static-libs(+)] )" -RDEPEND=" - !static? ( - ${LIB_DEPEND//\[static-libs(+)]} - ldns? ( - !bindist? ( net-libs/ldns[ecdsa,ssl] ) - bindist? ( net-libs/ldns[-ecdsa,ssl] ) - ) - ) - pam? ( virtual/pam ) - kerberos? ( virtual/krb5 ) - ldap? ( net-nds/openldap )" -DEPEND="${RDEPEND} - static? ( - ${LIB_DEPEND} - ldns? ( - !bindist? ( net-libs/ldns[ecdsa,ssl,static-libs(+)] ) - bindist? ( net-libs/ldns[-ecdsa,ssl,static-libs(+)] ) - ) - ) - virtual/pkgconfig - virtual/os-headers - sys-devel/autoconf" -RDEPEND="${RDEPEND} - pam? ( >=sys-auth/pambase-20081028 ) - userland_GNU? ( virtual/shadow ) - X? ( x11-apps/xauth )" - -S=${WORKDIR}/${PARCH} - -pkg_setup() { - # this sucks, but i'd rather have people unable to `emerge -u openssh` - # than not be able to log in to their server any more - maybe_fail() { [[ -z ${!2} ]] && echo "$1" ; } - local fail=" - $(use X509 && maybe_fail X509 X509_PATCH) - $(use ldap && maybe_fail ldap LDAP_PATCH) - $(use hpn && maybe_fail hpn HPN_PATCH) - " - fail=$(echo ${fail}) - if [[ -n ${fail} ]] ; then - eerror "Sorry, but this version does not yet support features" - eerror "that you requested: ${fail}" - eerror "Please mask ${PF} for now and check back later:" - eerror " # echo '=${CATEGORY}/${PF}' >> /etc/portage/package.mask" - die "booooo" - fi -} - -save_version() { - # version.h patch conflict avoidence - mv version.h version.h.$1 - cp -f version.h.pristine version.h -} - -src_prepare() { - epatch "${FILESDIR}"/${P}.patch #508604 - - sed -i \ - -e "/_PATH_XAUTH/s:/usr/X11R6/bin/xauth:${EPREFIX}/usr/bin/xauth:" \ - pathnames.h || die - # keep this as we need it to avoid the conflict between LPK and HPN changing - # this file. - cp version.h version.h.pristine - - # don't break .ssh/authorized_keys2 for fun - sed -i '/^AuthorizedKeysFile/s:^:#:' sshd_config || die - - epatch "${FILESDIR}"/${PN}-5.9_p1-sshd-gssapi-multihomed.patch #378361 - if use X509 ; then - pushd .. >/dev/null - epatch "${FILESDIR}"/${PN}-6.6.1_p1-x509-glue.patch - use hpn && epatch "${FILESDIR}"/${PN}-6.6.1_p1-x509-hpn14v5-glue.patch - popd >/dev/null - epatch "${WORKDIR}"/${X509_PATCH%.*} - epatch "${FILESDIR}"/${PN}-6.3_p1-x509-hpn14v2-glue.patch - save_version X509 - fi - if ! use X509 ; then - if [[ -n ${LDAP_PATCH} ]] && use ldap ; then - epatch "${WORKDIR}"/${LDAP_PATCH%.*} - save_version LPK - fi - else - use ldap && ewarn "Sorry, X509 and LDAP conflict internally, disabling LDAP" - fi - epatch "${FILESDIR}"/${PN}-4.7_p1-GSSAPI-dns.patch #165444 integrated into gsskex - epatch "${FILESDIR}"/${PN}-6.6_p1-openssl-ignore-status.patch - if [[ -n ${HPN_PATCH} ]] && use hpn; then - epatch "${WORKDIR}"/${HPN_PATCH%.*} - epatch "${FILESDIR}"/${PN}-6.5_p1-hpn-cipher-align.patch #498632 - save_version HPN - fi - - tc-export PKG_CONFIG - local sed_args=( - -e "s:-lcrypto:$(${PKG_CONFIG} --libs openssl):" - # Disable PATH reset, trust what portage gives us #254615 - -e 's:^PATH=/:#PATH=/:' - # Disable fortify flags ... our gcc does this for us - -e 's:-D_FORTIFY_SOURCE=2::' - ) - # The -ftrapv flag ICEs on hppa #505182 - use hppa && sed_args+=( - -e '/CFLAGS/s:-ftrapv:-fdisable-this-test:' - -e '/OSSH_CHECK_CFLAG_LINK.*-ftrapv/d' - ) - sed -i "${sed_args[@]}" configure{.ac,} || die - - epatch_user #473004 - - # Now we can build a sane merged version.h - ( - sed '/^#define SSH_RELEASE/d' version.h.* | sort -u - macros=() - for p in HPN LPK X509 ; do [ -e version.h.${p} ] && macros+=( SSH_${p} ) ; done - printf '#define SSH_RELEASE SSH_VERSION SSH_PORTABLE %s\n' "${macros}" - ) > version.h - - eautoreconf -} - -static_use_with() { - local flag=$1 - if use static && use ${flag} ; then - ewarn "Disabling '${flag}' support because of USE='static'" - # rebuild args so that we invert the first one (USE flag) - # but otherwise leave everything else working so we can - # just leverage use_with - shift - [[ -z $1 ]] && flag="${flag} ${flag}" - set -- !${flag} "$@" - fi - use_with "$@" -} - -src_configure() { - local myconf - addwrite /dev/ptmx - addpredict /etc/skey/skeykeys #skey configure code triggers this - - use static && append-ldflags -static - - # Special settings for Gentoo/FreeBSD 9.0 or later (see bug #391011) - if use elibc_FreeBSD && version_is_at_least 9.0 "$(uname -r|sed 's/\(.\..\).*/\1/')" ; then - myconf="${myconf} --disable-utmp --disable-wtmp --disable-wtmpx" - append-ldflags -lutil - fi - - econf \ - --with-ldflags="${LDFLAGS}" \ - --disable-strip \ - --with-pid-dir="${EPREFIX}"/var/run \ - --sysconfdir="${EPREFIX}"/etc/ssh \ - --libexecdir="${EPREFIX}"/usr/$(get_libdir)/misc \ - --datadir="${EPREFIX}"/usr/share/openssh \ - --with-privsep-path="${EPREFIX}"/var/empty \ - --with-privsep-user=sshd \ - --with-md5-passwords \ - --with-ssl-engine \ - $(static_use_with pam) \ - $(static_use_with kerberos kerberos5 /usr) \ - ${LDAP_PATCH:+$(use X509 || ( use ldap && use_with ldap ))} \ - $(use_with ldns) \ - $(use_with libedit) \ - $(use_with pie) \ - $(use_with selinux) \ - $(use_with skey) \ - $(use_with tcpd tcp-wrappers) \ - ${myconf} -} - -src_install() { - emake install-nokeys DESTDIR="${D}" - fperms 600 /etc/ssh/sshd_config - dobin contrib/ssh-copy-id - newinitd "${FILESDIR}"/sshd.rc6.4 sshd - newconfd "${FILESDIR}"/sshd.confd sshd - keepdir /var/empty - - # not all openssl installs support ecc, or are functional #352645 - if ! grep -q '#define OPENSSL_HAS_ECC 1' config.h ; then - elog "dev-libs/openssl was built with 'bindist' - disabling ecdsa support" - sed -i 's:&& gen_key ecdsa::' "${ED}"/etc/init.d/sshd || die - fi - - newpamd "${FILESDIR}"/sshd.pam_include.2 sshd - if use pam ; then - sed -i \ - -e "/^#UsePAM /s:.*:UsePAM yes:" \ - -e "/^#PasswordAuthentication /s:.*:PasswordAuthentication no:" \ - -e "/^#PrintMotd /s:.*:PrintMotd no:" \ - -e "/^#PrintLastLog /s:.*:PrintLastLog no:" \ - "${ED}"/etc/ssh/sshd_config || die "sed of configuration file failed" - fi - - # Gentoo tweaks to default config files - cat <<-EOF >> "${ED}"/etc/ssh/sshd_config - - # Allow client to pass locale environment variables #367017 - AcceptEnv LANG LC_* - EOF - cat <<-EOF >> "${ED}"/etc/ssh/ssh_config - - # Send locale environment variables #367017 - SendEnv LANG LC_* - EOF - - # This instruction is from the HPN webpage, - # Used for the server logging functionality - if [[ -n ${HPN_PATCH} ]] && use hpn ; then - keepdir /var/empty/dev - fi - - if ! use X509 && [[ -n ${LDAP_PATCH} ]] && use ldap ; then - insinto /etc/openldap/schema/ - newins openssh-lpk_openldap.schema openssh-lpk.schema - fi - - doman contrib/ssh-copy-id.1 - dodoc ChangeLog CREDITS OVERVIEW README* TODO sshd_config - - diropts -m 0700 - dodir /etc/skel/.ssh - - systemd_dounit "${FILESDIR}"/sshd.{service,socket} - systemd_newunit "${FILESDIR}"/sshd_at.service 'sshd@.service' -} - -src_test() { - local t tests skipped failed passed shell - tests="interop-tests compat-tests" - skipped="" - shell=$(egetshell ${UID}) - if [[ ${shell} == */nologin ]] || [[ ${shell} == */false ]] ; then - elog "Running the full OpenSSH testsuite" - elog "requires a usable shell for the 'portage'" - elog "user, so we will run a subset only." - skipped="${skipped} tests" - else - tests="${tests} tests" - fi - # It will also attempt to write to the homedir .ssh - local sshhome=${T}/homedir - mkdir -p "${sshhome}"/.ssh - for t in ${tests} ; do - # Some tests read from stdin ... - HOMEDIR="${sshhome}" \ - emake -k -j1 ${t} </dev/null \ - && passed="${passed}${t} " \ - || failed="${failed}${t} " - done - einfo "Passed tests: ${passed}" - ewarn "Skipped tests: ${skipped}" - if [[ -n ${failed} ]] ; then - ewarn "Failed tests: ${failed}" - die "Some tests failed: ${failed}" - else - einfo "Failed tests: ${failed}" - return 0 - fi -} - -pkg_preinst() { - enewgroup sshd 22 - enewuser sshd 22 -1 /var/empty sshd -} - -pkg_postinst() { - if has_version "<${CATEGORY}/${PN}-5.8_p1" ; then - elog "Starting with openssh-5.8p1, the server will default to a newer key" - elog "algorithm (ECDSA). You are encouraged to manually update your stored" - elog "keys list as servers update theirs. See ssh-keyscan(1) for more info." - fi - ewarn "Remember to merge your config files in /etc/ssh/ and then" - ewarn "reload sshd: '/etc/init.d/sshd reload'." - # This instruction is from the HPN webpage, - # Used for the server logging functionality - if [[ -n ${HPN_PATCH} ]] && use hpn ; then - echo - einfo "For the HPN server logging patch, you must ensure that" - einfo "your syslog application also listens at /var/empty/dev/log." - fi -} diff --git a/net-misc/openssh/openssh-6.6_p1-r1.ebuild b/net-misc/openssh/openssh-6.6_p1-r1.ebuild deleted file mode 100644 index cb597224f4bf..000000000000 --- a/net-misc/openssh/openssh-6.6_p1-r1.ebuild +++ /dev/null @@ -1,317 +0,0 @@ -# Copyright 1999-2014 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/net-misc/openssh/openssh-6.6_p1-r1.ebuild,v 1.10 2014/03/23 09:54:17 ago Exp $ - -EAPI="4" -inherit eutils user flag-o-matic multilib autotools pam systemd versionator - -# Make it more portable between straight releases -# and _p? releases. -PARCH=${P/_} - -#HPN_PATCH="${PN}-6.6p1-hpnssh14v4.diff.gz" -HPN_PATCH="${PN}-6.6p1-hpnssh14v4.diff.xz" -LDAP_PATCH="${PN}-lpk-6.5p1-0.3.14.patch.gz" -X509_VER="7.9" X509_PATCH="${PARCH}+x509-${X509_VER}.diff.gz" - -DESCRIPTION="Port of OpenBSD's free SSH release" -HOMEPAGE="http://www.openssh.org/" -SRC_URI="mirror://openbsd/OpenSSH/portable/${PARCH}.tar.gz - ${HPN_PATCH:+hpn? ( http://dev.gentoo.org/~polynomial-c/${HPN_PATCH} )} - ${LDAP_PATCH:+ldap? ( mirror://gentoo/${LDAP_PATCH} )} - ${X509_PATCH:+X509? ( http://roumenpetrov.info/openssh/x509-${X509_VER}/${X509_PATCH} )} - " - #${HPN_PATCH:+hpn? ( mirror://sourceforge/hpnssh/${HPN_PATCH} )} - -LICENSE="BSD GPL-2" -SLOT="0" -KEYWORDS="alpha amd64 arm arm64 hppa ia64 m68k ~mips ppc ppc64 s390 sh sparc x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~arm-linux ~x86-linux" -IUSE="bindist ${HPN_PATCH:++}hpn kerberos ldap ldns libedit pam selinux skey static tcpd X X509" - -LIB_DEPEND="selinux? ( >=sys-libs/libselinux-1.28[static-libs(+)] ) - skey? ( >=sys-auth/skey-1.1.5-r1[static-libs(+)] ) - libedit? ( dev-libs/libedit[static-libs(+)] ) - >=dev-libs/openssl-0.9.6d:0[bindist=] - dev-libs/openssl[static-libs(+)] - >=sys-libs/zlib-1.2.3[static-libs(+)] - tcpd? ( >=sys-apps/tcp-wrappers-7.6[static-libs(+)] )" -RDEPEND=" - !static? ( - ${LIB_DEPEND//\[static-libs(+)]} - ldns? ( - !bindist? ( net-libs/ldns[ecdsa,ssl] ) - bindist? ( net-libs/ldns[-ecdsa,ssl] ) - ) - ) - pam? ( virtual/pam ) - kerberos? ( virtual/krb5 ) - ldap? ( net-nds/openldap )" -DEPEND="${RDEPEND} - static? ( - ${LIB_DEPEND} - ldns? ( - !bindist? ( net-libs/ldns[ecdsa,ssl,static-libs(+)] ) - bindist? ( net-libs/ldns[-ecdsa,ssl,static-libs(+)] ) - ) - ) - virtual/pkgconfig - virtual/os-headers - sys-devel/autoconf" -RDEPEND="${RDEPEND} - pam? ( >=sys-auth/pambase-20081028 ) - userland_GNU? ( virtual/shadow ) - X? ( x11-apps/xauth )" - -S=${WORKDIR}/${PARCH} - -pkg_setup() { - # this sucks, but i'd rather have people unable to `emerge -u openssh` - # than not be able to log in to their server any more - maybe_fail() { [[ -z ${!2} ]] && echo "$1" ; } - local fail=" - $(use X509 && maybe_fail X509 X509_PATCH) - $(use ldap && maybe_fail ldap LDAP_PATCH) - $(use hpn && maybe_fail hpn HPN_PATCH) - " - fail=$(echo ${fail}) - if [[ -n ${fail} ]] ; then - eerror "Sorry, but this version does not yet support features" - eerror "that you requested: ${fail}" - eerror "Please mask ${PF} for now and check back later:" - eerror " # echo '=${CATEGORY}/${PF}' >> /etc/portage/package.mask" - die "booooo" - fi -} - -save_version() { - # version.h patch conflict avoidence - mv version.h version.h.$1 - cp -f version.h.pristine version.h -} - -src_prepare() { - sed -i \ - -e "/_PATH_XAUTH/s:/usr/X11R6/bin/xauth:${EPREFIX}/usr/bin/xauth:" \ - pathnames.h || die - # keep this as we need it to avoid the conflict between LPK and HPN changing - # this file. - cp version.h version.h.pristine - - # don't break .ssh/authorized_keys2 for fun - sed -i '/^AuthorizedKeysFile/s:^:#:' sshd_config || die - - epatch "${FILESDIR}"/${PN}-5.9_p1-sshd-gssapi-multihomed.patch #378361 - if use X509 ; then - pushd .. >/dev/null - epatch "${FILESDIR}"/${PN}-6.6_p1-x509-glue.patch - use hpn && epatch "${FILESDIR}"/${PN}-6.6_p1-x509-hpn14v4-glue-p2.patch - popd >/dev/null - epatch "${WORKDIR}"/${X509_PATCH%.*} - epatch "${FILESDIR}"/${PN}-6.3_p1-x509-hpn14v2-glue.patch - save_version X509 - fi - if ! use X509 ; then - if [[ -n ${LDAP_PATCH} ]] && use ldap ; then - epatch "${WORKDIR}"/${LDAP_PATCH%.*} - save_version LPK - fi - else - use ldap && ewarn "Sorry, X509 and LDAP conflict internally, disabling LDAP" - fi - epatch "${FILESDIR}"/${PN}-4.7_p1-GSSAPI-dns.patch #165444 integrated into gsskex - epatch "${FILESDIR}"/${PN}-6.6_p1-openssl-ignore-status.patch - if [[ -n ${HPN_PATCH} ]] && use hpn; then - epatch "${WORKDIR}"/${HPN_PATCH%.*} - epatch "${FILESDIR}"/${PN}-6.5_p1-hpn-cipher-align.patch #498632 - save_version HPN - fi - - tc-export PKG_CONFIG - local sed_args=( - -e "s:-lcrypto:$(${PKG_CONFIG} --libs openssl):" - # Disable PATH reset, trust what portage gives us #254615 - -e 's:^PATH=/:#PATH=/:' - # Disable fortify flags ... our gcc does this for us - -e 's:-D_FORTIFY_SOURCE=2::' - ) - # The -ftrapv flag ICEs on hppa #505182 - use hppa && sed_args+=( - -e '/CFLAGS/s:-ftrapv:-fdisable-this-test:' - -e '/OSSH_CHECK_CFLAG_LINK.*-ftrapv/d' - ) - sed -i "${sed_args[@]}" configure{.ac,} || die - - epatch_user #473004 - - # Now we can build a sane merged version.h - ( - sed '/^#define SSH_RELEASE/d' version.h.* | sort -u - macros=() - for p in HPN LPK X509 ; do [ -e version.h.${p} ] && macros+=( SSH_${p} ) ; done - printf '#define SSH_RELEASE SSH_VERSION SSH_PORTABLE %s\n' "${macros}" - ) > version.h - - eautoreconf -} - -static_use_with() { - local flag=$1 - if use static && use ${flag} ; then - ewarn "Disabling '${flag}' support because of USE='static'" - # rebuild args so that we invert the first one (USE flag) - # but otherwise leave everything else working so we can - # just leverage use_with - shift - [[ -z $1 ]] && flag="${flag} ${flag}" - set -- !${flag} "$@" - fi - use_with "$@" -} - -src_configure() { - local myconf - addwrite /dev/ptmx - addpredict /etc/skey/skeykeys #skey configure code triggers this - - use static && append-ldflags -static - - # Special settings for Gentoo/FreeBSD 9.0 or later (see bug #391011) - if use elibc_FreeBSD && version_is_at_least 9.0 "$(uname -r|sed 's/\(.\..\).*/\1/')" ; then - myconf="${myconf} --disable-utmp --disable-wtmp --disable-wtmpx" - append-ldflags -lutil - fi - - econf \ - --with-ldflags="${LDFLAGS}" \ - --disable-strip \ - --with-pid-dir="${EPREFIX}"/var/run \ - --sysconfdir="${EPREFIX}"/etc/ssh \ - --libexecdir="${EPREFIX}"/usr/$(get_libdir)/misc \ - --datadir="${EPREFIX}"/usr/share/openssh \ - --with-privsep-path="${EPREFIX}"/var/empty \ - --with-privsep-user=sshd \ - --with-md5-passwords \ - --with-ssl-engine \ - $(static_use_with pam) \ - $(static_use_with kerberos kerberos5 /usr) \ - ${LDAP_PATCH:+$(use X509 || ( use ldap && use_with ldap ))} \ - $(use_with ldns) \ - $(use_with libedit) \ - $(use_with selinux) \ - $(use_with skey) \ - $(use_with tcpd tcp-wrappers) \ - ${myconf} -} - -src_install() { - emake install-nokeys DESTDIR="${D}" - fperms 600 /etc/ssh/sshd_config - dobin contrib/ssh-copy-id - newinitd "${FILESDIR}"/sshd.rc6.4 sshd - newconfd "${FILESDIR}"/sshd.confd sshd - keepdir /var/empty - - # not all openssl installs support ecc, or are functional #352645 - if ! grep -q '#define OPENSSL_HAS_ECC 1' config.h ; then - elog "dev-libs/openssl was built with 'bindist' - disabling ecdsa support" - sed -i 's:&& gen_key ecdsa::' "${ED}"/etc/init.d/sshd || die - fi - - newpamd "${FILESDIR}"/sshd.pam_include.2 sshd - if use pam ; then - sed -i \ - -e "/^#UsePAM /s:.*:UsePAM yes:" \ - -e "/^#PasswordAuthentication /s:.*:PasswordAuthentication no:" \ - -e "/^#PrintMotd /s:.*:PrintMotd no:" \ - -e "/^#PrintLastLog /s:.*:PrintLastLog no:" \ - "${ED}"/etc/ssh/sshd_config || die "sed of configuration file failed" - fi - - # Gentoo tweaks to default config files - cat <<-EOF >> "${ED}"/etc/ssh/sshd_config - - # Allow client to pass locale environment variables #367017 - AcceptEnv LANG LC_* - EOF - cat <<-EOF >> "${ED}"/etc/ssh/ssh_config - - # Send locale environment variables #367017 - SendEnv LANG LC_* - EOF - - # This instruction is from the HPN webpage, - # Used for the server logging functionality - if [[ -n ${HPN_PATCH} ]] && use hpn ; then - keepdir /var/empty/dev - fi - - if ! use X509 && [[ -n ${LDAP_PATCH} ]] && use ldap ; then - insinto /etc/openldap/schema/ - newins openssh-lpk_openldap.schema openssh-lpk.schema - fi - - doman contrib/ssh-copy-id.1 - dodoc ChangeLog CREDITS OVERVIEW README* TODO sshd_config - - diropts -m 0700 - dodir /etc/skel/.ssh - - systemd_dounit "${FILESDIR}"/sshd.{service,socket} - systemd_newunit "${FILESDIR}"/sshd_at.service 'sshd@.service' -} - -src_test() { - local t tests skipped failed passed shell - tests="interop-tests compat-tests" - skipped="" - shell=$(egetshell ${UID}) - if [[ ${shell} == */nologin ]] || [[ ${shell} == */false ]] ; then - elog "Running the full OpenSSH testsuite" - elog "requires a usable shell for the 'portage'" - elog "user, so we will run a subset only." - skipped="${skipped} tests" - else - tests="${tests} tests" - fi - # It will also attempt to write to the homedir .ssh - local sshhome=${T}/homedir - mkdir -p "${sshhome}"/.ssh - for t in ${tests} ; do - # Some tests read from stdin ... - HOMEDIR="${sshhome}" \ - emake -k -j1 ${t} </dev/null \ - && passed="${passed}${t} " \ - || failed="${failed}${t} " - done - einfo "Passed tests: ${passed}" - ewarn "Skipped tests: ${skipped}" - if [[ -n ${failed} ]] ; then - ewarn "Failed tests: ${failed}" - die "Some tests failed: ${failed}" - else - einfo "Failed tests: ${failed}" - return 0 - fi -} - -pkg_preinst() { - enewgroup sshd 22 - enewuser sshd 22 -1 /var/empty sshd -} - -pkg_postinst() { - if has_version "<${CATEGORY}/${PN}-5.8_p1" ; then - elog "Starting with openssh-5.8p1, the server will default to a newer key" - elog "algorithm (ECDSA). You are encouraged to manually update your stored" - elog "keys list as servers update theirs. See ssh-keyscan(1) for more info." - fi - ewarn "Remember to merge your config files in /etc/ssh/ and then" - ewarn "reload sshd: '/etc/init.d/sshd reload'." - # This instruction is from the HPN webpage, - # Used for the server logging functionality - if [[ -n ${HPN_PATCH} ]] && use hpn ; then - echo - einfo "For the HPN server logging patch, you must ensure that" - einfo "your syslog application also listens at /var/empty/dev/log." - fi -} diff --git a/net-misc/openssh/openssh-6.7_p1-r1.ebuild b/net-misc/openssh/openssh-6.7_p1-r1.ebuild deleted file mode 100644 index 95228ae1a4ac..000000000000 --- a/net-misc/openssh/openssh-6.7_p1-r1.ebuild +++ /dev/null @@ -1,322 +0,0 @@ -# Copyright 1999-2014 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/net-misc/openssh/openssh-6.7_p1-r1.ebuild,v 1.1 2014/11/24 19:13:23 chutzpah Exp $ - -EAPI="4" -inherit eutils user flag-o-matic multilib autotools pam systemd versionator - -# Make it more portable between straight releases -# and _p? releases. -PARCH=${P/_} - -HPN_PATCH="${PN}-6.7p1-hpnssh14v5.tar.xz" -LDAP_PATCH="${PN}-lpk-6.7p1-0.3.14.patch.xz" -X509_VER="8.2" X509_PATCH="${PARCH}+x509-${X509_VER}.diff.gz" - -DESCRIPTION="Port of OpenBSD's free SSH release" -HOMEPAGE="http://www.openssh.org/" -SRC_URI="mirror://openbsd/OpenSSH/portable/${PARCH}.tar.gz - mirror://gentoo/${P}-sctp.patch.xz - ${HPN_PATCH:+hpn? ( - mirror://gentoo/${HPN_PATCH} - http://dev.gentoo.org/~vapier/dist/${HPN_PATCH} - mirror://sourceforge/hpnssh/${HPN_PATCH} - )} - ${LDAP_PATCH:+ldap? ( mirror://gentoo/${LDAP_PATCH} )} - ${X509_PATCH:+X509? ( http://roumenpetrov.info/openssh/x509-${X509_VER}/${X509_PATCH} )} - " - -LICENSE="BSD GPL-2" -SLOT="0" -KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~arm-linux ~x86-linux" -IUSE="bindist ${HPN_PATCH:++}hpn kerberos ldap ldns libedit pam +pie sctp selinux skey static X X509" -REQUIRED_USE="pie? ( !static )" - -LIB_DEPEND="sctp? ( net-misc/lksctp-tools[static-libs(+)] ) - selinux? ( >=sys-libs/libselinux-1.28[static-libs(+)] ) - skey? ( >=sys-auth/skey-1.1.5-r1[static-libs(+)] ) - libedit? ( dev-libs/libedit[static-libs(+)] ) - >=dev-libs/openssl-0.9.6d:0[bindist=] - dev-libs/openssl[static-libs(+)] - >=sys-libs/zlib-1.2.3[static-libs(+)]" -RDEPEND=" - !static? ( - ${LIB_DEPEND//\[static-libs(+)]} - ldns? ( - !bindist? ( net-libs/ldns[ecdsa,ssl] ) - bindist? ( net-libs/ldns[-ecdsa,ssl] ) - ) - ) - pam? ( virtual/pam ) - kerberos? ( virtual/krb5 ) - ldap? ( net-nds/openldap )" -DEPEND="${RDEPEND} - static? ( - ${LIB_DEPEND} - ldns? ( - !bindist? ( net-libs/ldns[ecdsa,ssl,static-libs(+)] ) - bindist? ( net-libs/ldns[-ecdsa,ssl,static-libs(+)] ) - ) - ) - virtual/pkgconfig - virtual/os-headers - sys-devel/autoconf" -RDEPEND="${RDEPEND} - pam? ( >=sys-auth/pambase-20081028 ) - userland_GNU? ( virtual/shadow ) - X? ( x11-apps/xauth )" - -S=${WORKDIR}/${PARCH} - -pkg_setup() { - # this sucks, but i'd rather have people unable to `emerge -u openssh` - # than not be able to log in to their server any more - maybe_fail() { [[ -z ${!2} ]] && echo "$1" ; } - local fail=" - $(use X509 && maybe_fail X509 X509_PATCH) - $(use ldap && maybe_fail ldap LDAP_PATCH) - $(use hpn && maybe_fail hpn HPN_PATCH) - " - fail=$(echo ${fail}) - if [[ -n ${fail} ]] ; then - eerror "Sorry, but this version does not yet support features" - eerror "that you requested: ${fail}" - eerror "Please mask ${PF} for now and check back later:" - eerror " # echo '=${CATEGORY}/${PF}' >> /etc/portage/package.mask" - die "booooo" - fi -} - -save_version() { - # version.h patch conflict avoidence - mv version.h version.h.$1 - cp -f version.h.pristine version.h -} - -src_prepare() { - sed -i \ - -e "/_PATH_XAUTH/s:/usr/X11R6/bin/xauth:${EPREFIX}/usr/bin/xauth:" \ - pathnames.h || die - # keep this as we need it to avoid the conflict between LPK and HPN changing - # this file. - cp version.h version.h.pristine - - # don't break .ssh/authorized_keys2 for fun - sed -i '/^AuthorizedKeysFile/s:^:#:' sshd_config || die - - epatch "${FILESDIR}"/${PN}-6.7_p1-sshd-gssapi-multihomed.patch #378361 - if use X509 ; then - pushd .. >/dev/null - epatch "${FILESDIR}"/${P}-x509-glue.patch - epatch "${FILESDIR}"/${P}-sctp-x509-glue.patch - popd >/dev/null - epatch "${WORKDIR}"/${X509_PATCH%.*} - epatch "${FILESDIR}"/${PN}-6.3_p1-x509-hpn14v2-glue.patch - save_version X509 - fi - if ! use X509 ; then - if [[ -n ${LDAP_PATCH} ]] && use ldap ; then - epatch "${WORKDIR}"/${LDAP_PATCH%.*} - save_version LPK - fi - else - use ldap && ewarn "Sorry, X509 and LDAP conflict internally, disabling LDAP" - fi - epatch "${FILESDIR}"/${PN}-4.7_p1-GSSAPI-dns.patch #165444 integrated into gsskex - epatch "${FILESDIR}"/${PN}-6.7_p1-openssl-ignore-status.patch - epatch "${WORKDIR}"/${PN}-6.7_p1-sctp.patch - if [[ -n ${HPN_PATCH} ]] && use hpn; then - epatch "${WORKDIR}"/${HPN_PATCH%.*}/* - save_version HPN - fi - - tc-export PKG_CONFIG - local sed_args=( - -e "s:-lcrypto:$(${PKG_CONFIG} --libs openssl):" - # Disable PATH reset, trust what portage gives us #254615 - -e 's:^PATH=/:#PATH=/:' - # Disable fortify flags ... our gcc does this for us - -e 's:-D_FORTIFY_SOURCE=2::' - ) - # The -ftrapv flag ICEs on hppa #505182 - use hppa && sed_args+=( - -e '/CFLAGS/s:-ftrapv:-fdisable-this-test:' - -e '/OSSH_CHECK_CFLAG_LINK.*-ftrapv/d' - ) - sed -i "${sed_args[@]}" configure{.ac,} || die - - epatch_user #473004 - - # Now we can build a sane merged version.h - ( - sed '/^#define SSH_RELEASE/d' version.h.* | sort -u - macros=() - for p in HPN LPK X509 ; do [ -e version.h.${p} ] && macros+=( SSH_${p} ) ; done - printf '#define SSH_RELEASE SSH_VERSION SSH_PORTABLE %s\n' "${macros}" - ) > version.h - - eautoreconf -} - -static_use_with() { - local flag=$1 - if use static && use ${flag} ; then - ewarn "Disabling '${flag}' support because of USE='static'" - # rebuild args so that we invert the first one (USE flag) - # but otherwise leave everything else working so we can - # just leverage use_with - shift - [[ -z $1 ]] && flag="${flag} ${flag}" - set -- !${flag} "$@" - fi - use_with "$@" -} - -src_configure() { - local myconf=() - addwrite /dev/ptmx - addpredict /etc/skey/skeykeys #skey configure code triggers this - - use static && append-ldflags -static - - # Special settings for Gentoo/FreeBSD 9.0 or later (see bug #391011) - if use elibc_FreeBSD && version_is_at_least 9.0 "$(uname -r|sed 's/\(.\..\).*/\1/')" ; then - myconf+=( --disable-utmp --disable-wtmp --disable-wtmpx ) - append-ldflags -lutil - fi - - econf \ - --with-ldflags="${LDFLAGS}" \ - --disable-strip \ - --with-pid-dir="${EPREFIX}"/var/run \ - --sysconfdir="${EPREFIX}"/etc/ssh \ - --libexecdir="${EPREFIX}"/usr/$(get_libdir)/misc \ - --datadir="${EPREFIX}"/usr/share/openssh \ - --with-privsep-path="${EPREFIX}"/var/empty \ - --with-privsep-user=sshd \ - --with-md5-passwords \ - --with-ssl-engine \ - $(static_use_with pam) \ - $(static_use_with kerberos kerberos5 "${EPREFIX}"/usr) \ - ${LDAP_PATCH:+$(use X509 || ( use ldap && use_with ldap ))} \ - $(use_with ldns) \ - $(use_with libedit) \ - $(use_with pie) \ - $(use_with sctp) \ - $(use_with selinux) \ - $(use_with skey) \ - "${myconf[@]}" -} - -src_install() { - emake install-nokeys DESTDIR="${D}" - fperms 600 /etc/ssh/sshd_config - dobin contrib/ssh-copy-id - newinitd "${FILESDIR}"/sshd.rc6.4 sshd - newconfd "${FILESDIR}"/sshd.confd sshd - keepdir /var/empty - - # not all openssl installs support ecc, or are functional #352645 - if ! grep -q '#define OPENSSL_HAS_ECC 1' config.h ; then - elog "dev-libs/openssl was built with 'bindist' - disabling ecdsa support" - sed -i 's:&& gen_key ecdsa::' "${ED}"/etc/init.d/sshd || die - fi - - newpamd "${FILESDIR}"/sshd.pam_include.2 sshd - if use pam ; then - sed -i \ - -e "/^#UsePAM /s:.*:UsePAM yes:" \ - -e "/^#PasswordAuthentication /s:.*:PasswordAuthentication no:" \ - -e "/^#PrintMotd /s:.*:PrintMotd no:" \ - -e "/^#PrintLastLog /s:.*:PrintLastLog no:" \ - "${ED}"/etc/ssh/sshd_config || die "sed of configuration file failed" - fi - - # Gentoo tweaks to default config files - cat <<-EOF >> "${ED}"/etc/ssh/sshd_config - - # Allow client to pass locale environment variables #367017 - AcceptEnv LANG LC_* - EOF - cat <<-EOF >> "${ED}"/etc/ssh/ssh_config - - # Send locale environment variables #367017 - SendEnv LANG LC_* - EOF - - # This instruction is from the HPN webpage, - # Used for the server logging functionality - if [[ -n ${HPN_PATCH} ]] && use hpn ; then - keepdir /var/empty/dev - fi - - if ! use X509 && [[ -n ${LDAP_PATCH} ]] && use ldap ; then - insinto /etc/openldap/schema/ - newins openssh-lpk_openldap.schema openssh-lpk.schema - fi - - doman contrib/ssh-copy-id.1 - dodoc ChangeLog CREDITS OVERVIEW README* TODO sshd_config - - diropts -m 0700 - dodir /etc/skel/.ssh - - systemd_dounit "${FILESDIR}"/sshd.{service,socket} - systemd_newunit "${FILESDIR}"/sshd_at.service 'sshd@.service' -} - -src_test() { - local t tests skipped failed passed shell - tests="interop-tests compat-tests" - skipped="" - shell=$(egetshell ${UID}) - if [[ ${shell} == */nologin ]] || [[ ${shell} == */false ]] ; then - elog "Running the full OpenSSH testsuite" - elog "requires a usable shell for the 'portage'" - elog "user, so we will run a subset only." - skipped="${skipped} tests" - else - tests="${tests} tests" - fi - # It will also attempt to write to the homedir .ssh - local sshhome=${T}/homedir - mkdir -p "${sshhome}"/.ssh - for t in ${tests} ; do - # Some tests read from stdin ... - HOMEDIR="${sshhome}" \ - emake -k -j1 ${t} </dev/null \ - && passed="${passed}${t} " \ - || failed="${failed}${t} " - done - einfo "Passed tests: ${passed}" - ewarn "Skipped tests: ${skipped}" - if [[ -n ${failed} ]] ; then - ewarn "Failed tests: ${failed}" - die "Some tests failed: ${failed}" - else - einfo "Failed tests: ${failed}" - return 0 - fi -} - -pkg_preinst() { - enewgroup sshd 22 - enewuser sshd 22 -1 /var/empty sshd -} - -pkg_postinst() { - if has_version "<${CATEGORY}/${PN}-5.8_p1" ; then - elog "Starting with openssh-5.8p1, the server will default to a newer key" - elog "algorithm (ECDSA). You are encouraged to manually update your stored" - elog "keys list as servers update theirs. See ssh-keyscan(1) for more info." - fi - ewarn "Remember to merge your config files in /etc/ssh/ and then" - ewarn "reload sshd: '/etc/init.d/sshd reload'." - # This instruction is from the HPN webpage, - # Used for the server logging functionality - if [[ -n ${HPN_PATCH} ]] && use hpn ; then - echo - einfo "For the HPN server logging patch, you must ensure that" - einfo "your syslog application also listens at /var/empty/dev/log." - fi -} diff --git a/net-misc/openssh/openssh-6.7_p1-r2.ebuild b/net-misc/openssh/openssh-6.7_p1-r2.ebuild deleted file mode 100644 index 24440d9b8c53..000000000000 --- a/net-misc/openssh/openssh-6.7_p1-r2.ebuild +++ /dev/null @@ -1,322 +0,0 @@ -# Copyright 1999-2014 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/net-misc/openssh/openssh-6.7_p1-r2.ebuild,v 1.1 2014/11/24 19:18:50 chutzpah Exp $ - -EAPI="4" -inherit eutils user flag-o-matic multilib autotools pam systemd versionator - -# Make it more portable between straight releases -# and _p? releases. -PARCH=${P/_} - -HPN_PATCH="${PN}-6.7p1-hpnssh14v5.tar.xz" -LDAP_PATCH="${PN}-lpk-6.7p1-0.3.14.patch.xz" -X509_VER="8.2" X509_PATCH="${PARCH}+x509-${X509_VER}.diff.gz" - -DESCRIPTION="Port of OpenBSD's free SSH release" -HOMEPAGE="http://www.openssh.org/" -SRC_URI="mirror://openbsd/OpenSSH/portable/${PARCH}.tar.gz - mirror://gentoo/${P}-sctp.patch.xz - ${HPN_PATCH:+hpn? ( - mirror://gentoo/${HPN_PATCH} - http://dev.gentoo.org/~vapier/dist/${HPN_PATCH} - mirror://sourceforge/hpnssh/${HPN_PATCH} - )} - ${LDAP_PATCH:+ldap? ( mirror://gentoo/${LDAP_PATCH} )} - ${X509_PATCH:+X509? ( http://roumenpetrov.info/openssh/x509-${X509_VER}/${X509_PATCH} )} - " - -LICENSE="BSD GPL-2" -SLOT="0" -KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~arm-linux ~x86-linux" -IUSE="bindist ${HPN_PATCH:++}hpn kerberos ldap ldns libedit pam +pie sctp selinux skey static X X509" -REQUIRED_USE="pie? ( !static )" - -LIB_DEPEND="sctp? ( net-misc/lksctp-tools[static-libs(+)] ) - selinux? ( >=sys-libs/libselinux-1.28[static-libs(+)] ) - skey? ( >=sys-auth/skey-1.1.5-r1[static-libs(+)] ) - libedit? ( dev-libs/libedit[static-libs(+)] ) - >=dev-libs/openssl-0.9.6d:0[bindist=] - dev-libs/openssl[static-libs(+)] - >=sys-libs/zlib-1.2.3[static-libs(+)]" -RDEPEND=" - !static? ( - ${LIB_DEPEND//\[static-libs(+)]} - ldns? ( - !bindist? ( net-libs/ldns[ecdsa,ssl] ) - bindist? ( net-libs/ldns[-ecdsa,ssl] ) - ) - ) - pam? ( virtual/pam ) - kerberos? ( virtual/krb5 ) - ldap? ( net-nds/openldap )" -DEPEND="${RDEPEND} - static? ( - ${LIB_DEPEND} - ldns? ( - !bindist? ( net-libs/ldns[ecdsa,ssl,static-libs(+)] ) - bindist? ( net-libs/ldns[-ecdsa,ssl,static-libs(+)] ) - ) - ) - virtual/pkgconfig - virtual/os-headers - sys-devel/autoconf" -RDEPEND="${RDEPEND} - pam? ( >=sys-auth/pambase-20081028 ) - userland_GNU? ( virtual/shadow ) - X? ( x11-apps/xauth )" - -S=${WORKDIR}/${PARCH} - -pkg_setup() { - # this sucks, but i'd rather have people unable to `emerge -u openssh` - # than not be able to log in to their server any more - maybe_fail() { [[ -z ${!2} ]] && echo "$1" ; } - local fail=" - $(use X509 && maybe_fail X509 X509_PATCH) - $(use ldap && maybe_fail ldap LDAP_PATCH) - $(use hpn && maybe_fail hpn HPN_PATCH) - " - fail=$(echo ${fail}) - if [[ -n ${fail} ]] ; then - eerror "Sorry, but this version does not yet support features" - eerror "that you requested: ${fail}" - eerror "Please mask ${PF} for now and check back later:" - eerror " # echo '=${CATEGORY}/${PF}' >> /etc/portage/package.mask" - die "booooo" - fi -} - -save_version() { - # version.h patch conflict avoidence - mv version.h version.h.$1 - cp -f version.h.pristine version.h -} - -src_prepare() { - sed -i \ - -e "/_PATH_XAUTH/s:/usr/X11R6/bin/xauth:${EPREFIX}/usr/bin/xauth:" \ - pathnames.h || die - # keep this as we need it to avoid the conflict between LPK and HPN changing - # this file. - cp version.h version.h.pristine - - # don't break .ssh/authorized_keys2 for fun - sed -i '/^AuthorizedKeysFile/s:^:#:' sshd_config || die - - epatch "${FILESDIR}"/${PN}-6.7_p1-sshd-gssapi-multihomed.patch #378361 - if use X509 ; then - pushd .. >/dev/null - epatch "${FILESDIR}"/${P}-x509-glue.patch - epatch "${FILESDIR}"/${P}-sctp-x509-glue.patch - popd >/dev/null - epatch "${WORKDIR}"/${X509_PATCH%.*} - epatch "${FILESDIR}"/${PN}-6.3_p1-x509-hpn14v2-glue.patch - save_version X509 - fi - if ! use X509 ; then - if [[ -n ${LDAP_PATCH} ]] && use ldap ; then - epatch "${WORKDIR}"/${LDAP_PATCH%.*} - save_version LPK - fi - else - use ldap && ewarn "Sorry, X509 and LDAP conflict internally, disabling LDAP" - fi - epatch "${FILESDIR}"/${PN}-4.7_p1-GSSAPI-dns.patch #165444 integrated into gsskex - epatch "${FILESDIR}"/${PN}-6.7_p1-openssl-ignore-status.patch - epatch "${WORKDIR}"/${PN}-6.7_p1-sctp.patch - if [[ -n ${HPN_PATCH} ]] && use hpn; then - epatch "${WORKDIR}"/${HPN_PATCH%.*}/* - save_version HPN - fi - - tc-export PKG_CONFIG - local sed_args=( - -e "s:-lcrypto:$(${PKG_CONFIG} --libs openssl):" - # Disable PATH reset, trust what portage gives us #254615 - -e 's:^PATH=/:#PATH=/:' - # Disable fortify flags ... our gcc does this for us - -e 's:-D_FORTIFY_SOURCE=2::' - ) - # The -ftrapv flag ICEs on hppa #505182 - use hppa && sed_args+=( - -e '/CFLAGS/s:-ftrapv:-fdisable-this-test:' - -e '/OSSH_CHECK_CFLAG_LINK.*-ftrapv/d' - ) - sed -i "${sed_args[@]}" configure{.ac,} || die - - epatch_user #473004 - - # Now we can build a sane merged version.h - ( - sed '/^#define SSH_RELEASE/d' version.h.* | sort -u - macros=() - for p in HPN LPK X509 ; do [ -e version.h.${p} ] && macros+=( SSH_${p} ) ; done - printf '#define SSH_RELEASE SSH_VERSION SSH_PORTABLE %s\n' "${macros}" - ) > version.h - - eautoreconf -} - -static_use_with() { - local flag=$1 - if use static && use ${flag} ; then - ewarn "Disabling '${flag}' support because of USE='static'" - # rebuild args so that we invert the first one (USE flag) - # but otherwise leave everything else working so we can - # just leverage use_with - shift - [[ -z $1 ]] && flag="${flag} ${flag}" - set -- !${flag} "$@" - fi - use_with "$@" -} - -src_configure() { - local myconf=() - addwrite /dev/ptmx - addpredict /etc/skey/skeykeys #skey configure code triggers this - - use static && append-ldflags -static - - # Special settings for Gentoo/FreeBSD 9.0 or later (see bug #391011) - if use elibc_FreeBSD && version_is_at_least 9.0 "$(uname -r|sed 's/\(.\..\).*/\1/')" ; then - myconf+=( --disable-utmp --disable-wtmp --disable-wtmpx ) - append-ldflags -lutil - fi - - econf \ - --with-ldflags="${LDFLAGS}" \ - --disable-strip \ - --with-pid-dir="${EPREFIX}"/run \ - --sysconfdir="${EPREFIX}"/etc/ssh \ - --libexecdir="${EPREFIX}"/usr/$(get_libdir)/misc \ - --datadir="${EPREFIX}"/usr/share/openssh \ - --with-privsep-path="${EPREFIX}"/var/empty \ - --with-privsep-user=sshd \ - --with-md5-passwords \ - --with-ssl-engine \ - $(static_use_with pam) \ - $(static_use_with kerberos kerberos5 "${EPREFIX}"/usr) \ - ${LDAP_PATCH:+$(use X509 || ( use ldap && use_with ldap ))} \ - $(use_with ldns) \ - $(use_with libedit) \ - $(use_with pie) \ - $(use_with sctp) \ - $(use_with selinux) \ - $(use_with skey) \ - "${myconf[@]}" -} - -src_install() { - emake install-nokeys DESTDIR="${D}" - fperms 600 /etc/ssh/sshd_config - dobin contrib/ssh-copy-id - newinitd "${FILESDIR}"/sshd.rc6.4 sshd - newconfd "${FILESDIR}"/sshd.confd sshd - keepdir /var/empty - - # not all openssl installs support ecc, or are functional #352645 - if ! grep -q '#define OPENSSL_HAS_ECC 1' config.h ; then - elog "dev-libs/openssl was built with 'bindist' - disabling ecdsa support" - sed -i 's:&& gen_key ecdsa::' "${ED}"/etc/init.d/sshd || die - fi - - newpamd "${FILESDIR}"/sshd.pam_include.2 sshd - if use pam ; then - sed -i \ - -e "/^#UsePAM /s:.*:UsePAM yes:" \ - -e "/^#PasswordAuthentication /s:.*:PasswordAuthentication no:" \ - -e "/^#PrintMotd /s:.*:PrintMotd no:" \ - -e "/^#PrintLastLog /s:.*:PrintLastLog no:" \ - "${ED}"/etc/ssh/sshd_config || die "sed of configuration file failed" - fi - - # Gentoo tweaks to default config files - cat <<-EOF >> "${ED}"/etc/ssh/sshd_config - - # Allow client to pass locale environment variables #367017 - AcceptEnv LANG LC_* - EOF - cat <<-EOF >> "${ED}"/etc/ssh/ssh_config - - # Send locale environment variables #367017 - SendEnv LANG LC_* - EOF - - # This instruction is from the HPN webpage, - # Used for the server logging functionality - if [[ -n ${HPN_PATCH} ]] && use hpn ; then - keepdir /var/empty/dev - fi - - if ! use X509 && [[ -n ${LDAP_PATCH} ]] && use ldap ; then - insinto /etc/openldap/schema/ - newins openssh-lpk_openldap.schema openssh-lpk.schema - fi - - doman contrib/ssh-copy-id.1 - dodoc ChangeLog CREDITS OVERVIEW README* TODO sshd_config - - diropts -m 0700 - dodir /etc/skel/.ssh - - systemd_dounit "${FILESDIR}"/sshd.{service,socket} - systemd_newunit "${FILESDIR}"/sshd_at.service 'sshd@.service' -} - -src_test() { - local t tests skipped failed passed shell - tests="interop-tests compat-tests" - skipped="" - shell=$(egetshell ${UID}) - if [[ ${shell} == */nologin ]] || [[ ${shell} == */false ]] ; then - elog "Running the full OpenSSH testsuite" - elog "requires a usable shell for the 'portage'" - elog "user, so we will run a subset only." - skipped="${skipped} tests" - else - tests="${tests} tests" - fi - # It will also attempt to write to the homedir .ssh - local sshhome=${T}/homedir - mkdir -p "${sshhome}"/.ssh - for t in ${tests} ; do - # Some tests read from stdin ... - HOMEDIR="${sshhome}" \ - emake -k -j1 ${t} </dev/null \ - && passed="${passed}${t} " \ - || failed="${failed}${t} " - done - einfo "Passed tests: ${passed}" - ewarn "Skipped tests: ${skipped}" - if [[ -n ${failed} ]] ; then - ewarn "Failed tests: ${failed}" - die "Some tests failed: ${failed}" - else - einfo "Failed tests: ${failed}" - return 0 - fi -} - -pkg_preinst() { - enewgroup sshd 22 - enewuser sshd 22 -1 /var/empty sshd -} - -pkg_postinst() { - if has_version "<${CATEGORY}/${PN}-5.8_p1" ; then - elog "Starting with openssh-5.8p1, the server will default to a newer key" - elog "algorithm (ECDSA). You are encouraged to manually update your stored" - elog "keys list as servers update theirs. See ssh-keyscan(1) for more info." - fi - ewarn "Remember to merge your config files in /etc/ssh/ and then" - ewarn "reload sshd: '/etc/init.d/sshd reload'." - # This instruction is from the HPN webpage, - # Used for the server logging functionality - if [[ -n ${HPN_PATCH} ]] && use hpn ; then - echo - einfo "For the HPN server logging patch, you must ensure that" - einfo "your syslog application also listens at /var/empty/dev/log." - fi -} |