mirrors/flatcar-scripts
1
0
Fork 0
mirror of https://github.com/flatcar/scripts.git synced 2026-05-05 04:06:33 +02:00
Code Issues Packages Projects Releases Wiki Activity

net-misc/openssh: Sync with Gentoo

Browse Source 
It's from Gentoo commit 5b974a3c903327b37f46a0212bf397ef634a67fd.
This commit is contained in:
Krzesimir Nowak 2023-09-25 16:41:34 +02:00
parent 96088a2e14
commit 21c3c57ce9
6 changed files with 34 additions and 117 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
sdk_container/src/third_party/coreos-overlay/net-misc/openssh/Manifest vendored
View File

@ -1,2 +1,2 @@
DIST openssh-9.3p2.tar.gz 1835850 BLAKE2B 38f8d4ada263112b318fafccabf0a33a004d8290a867434004eb3d37127c9bdabe6e0225fca9d6d68fb54338fec81dcc9313ca7c91d3a033311db44174dc9f6f SHA512 15b8c57aa120186f1d1c3c2b8dc6ffd26733e12f755a6b0a4255d9ec1815a61506275ff5723b4ac029e44bc2ad22852ac36e1101f292348fbfa79aa1a4cd3f35
DIST openssh-9.3p2.tar.gz.asc 833 BLAKE2B cfba3867d7f97cb2c904bd3ae111bd63e8a050464b66e3f3f22390839a153d57ef5819182f8ad99a6b520f27881143552dc64fccfc33dcc0483ffe1ef33a5a47 SHA512 759e512a36a3a62264803b517298a65c83e1daebd9867e28ea1ca4999c38539368815ccda86540a4f5d45fa79c539d8242995ba55f2918baf2a7404c105e337a
DIST openssh-9.4p1.tar.gz 1845094 BLAKE2B d13d758129cce947d3f12edb6e88406aad10de6887b19ffa3ebd8e382b742a05f2a692a8824aec99939f6c7e13fbccc3bb14e5ee112f9a9255d4882eb87dcf53 SHA512 0aaedeced7dbc70419c7245eb0e9db4ef570e0e7739b890ebae04d56da5fe8d147e8e150f3c943f60730976569e3ac6cc8da62ec7e2a78e2ef47d295ca0b1d25
DIST openssh-9.4p1.tar.gz.asc 833 BLAKE2B 95eedd9356766e5d0ea1261da3dc4c7869f054b418c626fb35815a0aa655b1ddbf54436b437d98c4344b05c9196c8fa1f592eac07b3ccf08bd3e980f8b6955af SHA512 983b4ebaa3b98e70831ce686cb503270926c065163a2510eef0c5102ef50b6e665b889ee15ea8c0bd7c4bbddb19270f036e1d554a8212ef2c292f9c682c8631a

11
sdk_container/src/third_party/coreos-overlay/net-misc/openssh/files/openssh-9.3_p1-gss-use-HOST_NAME_MAX.patch vendored
View File

@ -1,11 +0,0 @@
--- a/gss-serv.c
+++ b/gss-serv.c
@@ -105,7 +105,7 @@ ssh_gssapi_acquire_cred(Gssctxt *ctx)
gss_create_empty_oid_set(&status, &oidset);
gss_add_oid_set_member(&status, ctx->oid, &oidset);
- if (gethostname(lname, MAXHOSTNAMELEN)) {
+ if (gethostname(lname, HOST_NAME_MAX)) {
gss_release_oid_set(&status, &oidset);
return (-1);
}

58
sdk_container/src/third_party/coreos-overlay/net-misc/openssh/files/openssh-9.3_p1-openssl-version-compat-check.patch vendored
View File

@ -1,58 +0,0 @@
https://bugzilla.mindrot.org/show_bug.cgi?id=3548
--- a/openbsd-compat/openssl-compat.c
+++ b/openbsd-compat/openssl-compat.c
@@ -48,19 +48,25 @@ ssh_compatible_openssl(long headerver, long libver)
if (headerver == libver)
return 1;
- /* for versions < 1.0.0, major,minor,fix,status must match */
- if (headerver < 0x1000000f) {
- mask = 0xfffff00fL; /* major,minor,fix,status */
- return (headerver & mask) == (libver & mask);
+ /*
+ * For versions < 3.0.0, major,minor,status must match and library
+ * fix version must be equal to or newer than the header.
+ */
+ if (headerver < 0x3000000f) {
+ mask = 0xfff0000fL; /* major,minor,status */
+ hfix = (headerver & 0x000ff000) >> 12;
+ lfix = (libver & 0x000ff000) >> 12;
+ if ( (headerver & mask) == (libver & mask) && lfix >= hfix)
+ return 1;
}
/*
- * For versions >= 1.0.0, major,minor,status must match and library
- * fix version must be equal to or newer than the header.
+ * For versions >= 3.0.0, major must match and minor,status must be
+ * equal to or greater than the header.
*/
- mask = 0xfff00000L; /* major,minor,status */
- hfix = (headerver & 0x000ff000) >> 12;
- lfix = (libver & 0x000ff000) >> 12;
+ mask = 0xf000000fL; /* major, status */
+ hfix = (headerver & 0x0ffffff0L) >> 12;
+ lfix = (libver & 0x0ffffff0L) >> 12;
if ( (headerver & mask) == (libver & mask) && lfix >= hfix)
return 1;
return 0;
--- a/openbsd-compat/regress/opensslvertest.c
+++ b/openbsd-compat/regress/opensslvertest.c
@@ -31,7 +31,7 @@ struct version_test {
{ 0x0090802fL, 0x0090804fL, 1}, /* newer library fix version: ok */
{ 0x0090802fL, 0x0090801fL, 1}, /* older library fix version: ok */
{ 0x0090802fL, 0x0090702fL, 0}, /* older library minor version: NO */
- { 0x0090802fL, 0x0090902fL, 0}, /* newer library minor version: NO */
+ { 0x0090802fL, 0x0090902fL, 1}, /* newer library minor version: ok */
{ 0x0090802fL, 0x0080802fL, 0}, /* older library major version: NO */
{ 0x0090802fL, 0x1000100fL, 0}, /* newer library major version: NO */
@@ -41,7 +41,7 @@ struct version_test {
{ 0x1000101fL, 0x1000100fL, 1}, /* older library patch version: ok */
{ 0x1000101fL, 0x1000201fL, 1}, /* newer library fix version: ok */
{ 0x1000101fL, 0x1000001fL, 0}, /* older library fix version: NO */
- { 0x1000101fL, 0x1010101fL, 0}, /* newer library minor version: NO */
+ { 0x1000101fL, 0x1010101fL, 1}, /* newer library minor version: ok */
{ 0x1000101fL, 0x0000101fL, 0}, /* older library major version: NO */
{ 0x1000101fL, 0x2000101fL, 0}, /* newer library major version: NO */
};

21
sdk_container/src/third_party/coreos-overlay/net-misc/openssh/files/openssh-9.3_p2-zlib-1.3.patch vendored Normal file
View File

@ -0,0 +1,21 @@
https://bugs.gentoo.org/912766
https://github.com/openssh/openssh-portable/commit/cb4ed12ffc332d1f72d054ed92655b5f1c38f621
From cb4ed12ffc332d1f72d054ed92655b5f1c38f621 Mon Sep 17 00:00:00 2001
From: Darren Tucker <dtucker@dtucker.net>
Date: Sat, 19 Aug 2023 07:39:08 +1000
Subject: [PATCH] Fix zlib version check for 1.3 and future version.
bz#3604.
--- a/configure.ac
+++ b/configure.ac
@@ -1464,7 +1464,7 @@ else
[[
int a=0, b=0, c=0, d=0, n, v;
n = sscanf(ZLIB_VERSION, "%d.%d.%d.%d", &a, &b, &c, &d);
- if (n != 3 && n != 4)
+ if (n < 1)
exit(1);
v = a*1000000 + b*10000 + c*100 + d;
fprintf(stderr, "found zlib version %s (%d)\n", ZLIB_VERSION, v);

1
sdk_container/src/third_party/coreos-overlay/net-misc/openssh/files/sshd.socket vendored
View File

@ -5,7 +5,6 @@ Conflicts=sshd.service
[Socket]
ListenStream=22
Accept=yes
TriggerLimitBurst=0
[Install]
WantedBy=sockets.target

56
sdk_container/src/third_party/coreos-overlay/net-misc/openssh/openssh-9.3_p2-r1.ebuild → sdk_container/src/third_party/coreos-overlay/net-misc/openssh/openssh-9.4_p1.ebuild vendored
View File

@ -19,7 +19,7 @@ S="${WORKDIR}/${PARCH}"
LICENSE="BSD GPL-2"
SLOT="0"
KEYWORDS="~alpha amd64 ~arm arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris"
KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris"
# Probably want to drop ssl defaulting to on in a future version.
IUSE="abi_mips_n32 audit debug kerberos ldns libedit livecd pam +pie security-key selinux +ssl static test X xmss"
@ -86,8 +86,7 @@ PATCHES=(
"${FILESDIR}/${PN}-9.3_p1-disable-conch-interop-tests.patch"
"${FILESDIR}/${PN}-9.3_p1-fix-putty-tests.patch"
"${FILESDIR}/${PN}-9.3_p1-deny-shmget-shmat-shmdt-in-preauth-privsep-child.patch"
"${FILESDIR}/${PN}-9.3_p1-gss-use-HOST_NAME_MAX.patch" #834044
"${FILESDIR}/${PN}-9.3_p1-openssl-version-compat-check.patch"
"${FILESDIR}/${PN}-9.3_p2-zlib-1.3.patch" #912766
)
pkg_pretend() {
@ -100,6 +99,9 @@ pkg_pretend() {
done
if [[ -n ${enabled_eol_flags} && ${OPENSSH_EOL_USE_FLAGS_I_KNOW_WHAT_I_AM_DOING} != yes ]]; then
# Skip for binary packages entirely because of environment saving, bug #907892
[[ ${MERGE_TYPE} == binary ]] && return
ewarn "net-misc/openssh does not support USE='${enabled_eol_flags%,}' anymore."
ewarn "The Base system team *STRONGLY* recommends you not rely on this functionality,"
ewarn "since these USE flags required third-party patches that often trigger bugs"
@ -227,37 +229,6 @@ src_test() {
emake -j1 "${tests[@]}" </dev/null
}
insert_include() {
local src_config=${1} options=${2} includedir=${3}
local name copy regexp_options regexp lineno comment_options
name=${src_config##*/}
copy="${T}/${name}"
cp -a "${src_config}" "${copy}" || die
# Catch "Option ", "#Option " or "# Option ".
regexp_options=${options//,/'\|'}
regexp='^[[:space:]]*#\?[[:space:]]*\('"${regexp_options}"'\)[[:space:]]'
lineno=$(set -o pipefail; grep -ne "${regexp}" -m 1 "${copy}" | cut -d : -f 1 || die)
# We have found a first line with the option, now find a first
# non-comment line just above the comments of the option. The
# lineno - 2 is here to ignore the line just above the option
# in case the comment block is separated by an empty line.
lineno=$(set -o pipefail; head -n $((lineno - 2)) "${copy}" | grep -ne '^[[:space:]]*\([^#]\|$\)' | tail -n 1 | cut -d : -f 1 || die)
comment_options=${options//,/ or }
{
head -n "${lineno}" "${copy}" || die
cat <<-EOF || die
# Make sure that all ${comment_options} options are below this Include!
Include "${EPREFIX}/${includedir}/*.conf"
EOF
tail -n "+${lineno}" "${copy}" || die
} >"${src_config}"
rm -f "${copy}" || die
}
# Gentoo tweaks to default config files.
tweak_ssh_configs() {
local locale_vars=(
@ -271,9 +242,12 @@ tweak_ssh_configs() {
)
dodir /etc/ssh/ssh_config.d /etc/ssh/sshd_config.d
insert_include "${ED}"/etc/ssh/ssh_config 'Host,Match' '/etc/ssh/ssh_config.d'
insert_include "${ED}"/etc/ssh/sshd_config 'Match' '/etc/ssh/sshd_config.d'
cat <<-EOF >> "${ED}"/etc/ssh/ssh_config || die
Include "${EPREFIX}/etc/ssh/ssh_config.d/*.conf"
EOF
cat <<-EOF >> "${ED}"/etc/ssh/sshd_config || die
Include "${EPREFIX}/etc/ssh/sshd_config.d/*.conf"
EOF
cat <<-EOF >> "${ED}"/etc/ssh/ssh_config.d/9999999gentoo.conf || die
# Send locale environment variables (bug #367017)
@ -292,10 +266,6 @@ tweak_ssh_configs() {
ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGmdnm9tUDbO9IDSwBK6TbQa+PXYPCPy6rbTrTtw7PHkccKrpp0yVhp5HdEIcKr6pLlVDBfOLX9QUsyCOV0wzfjIJNlGEYsdlLJizHhbn2mUjvSAHQqZETYP81eFzLQNnPHt4EVVUh7VfDESU84KezmD5QlWpXLmvU31/yMf+Se8xhHTvKSCZIFImWwoG6mbUoWf9nzpIoaSjB+weqqUUmpaaasXVal72J+UX2B+2RPW3RcT0eOzQgqlJL3RKrTJvdsjE3JEAvGq3lGHSZXy28G3skua2SmVi/w4yCE6gbODqnTWlg7+wC604ydGXA8VJiS5ap43JXiUFFAaQ==
EOF
# Move sshd's Subsystem option to a drop-in file.
grep -ie 'subsystem' "${ED}"/etc/ssh/sshd_config >"${ED}"/etc/ssh/sshd_config.d/9999999gentoo-subsystem.conf || die
sed -i -e '/[Ss]ubsystem/d' "${ED}"/etc/ssh/sshd_config
cat <<-EOF >> "${ED}"/etc/ssh/sshd_config.d/9999999gentoo.conf || die
# Allow client to pass locale environment variables (bug #367017)
AcceptEnv ${locale_vars[*]}
@ -321,10 +291,6 @@ tweak_ssh_configs() {
PermitRootLogin Yes
EOF
fi
local sshd_drop_ins=("${ED}"/etc/ssh/sshd_config.d/*.conf)
fperms 0700 /etc/ssh/sshd_config.d
fperms 0600 "${sshd_drop_ins[@]#${ED}}"
}
src_install() {