From cb2cce45d9268cd0906469b18a06ed74be426a23 Mon Sep 17 00:00:00 2001 From: Alex Crawford Date: Fri, 8 Apr 2016 13:17:40 -0700 Subject: [PATCH] prune(net-misc/openssh): moved to coreos-overlay --- .../portage-stable/net-misc/openssh/ChangeLog | 221 -- .../net-misc/openssh/ChangeLog-2015 | 2518 ----------------- .../portage-stable/net-misc/openssh/Manifest | 57 - .../files/openssh-4.7_p1-GSSAPI-dns.patch | 127 - .../openssh-6.3_p1-x509-hpn14v2-glue.patch | 51 - .../files/openssh-6.6.1_p1-x509-glue.patch | 17 - .../openssh-6.6.1_p1-x509-hpn14v5-glue.patch | 26 - ...openssh-6.7_p1-openssl-ignore-status.patch | 17 - .../files/openssh-6.7_p1-sctp-x509-glue.patch | 42 - ...penssh-6.7_p1-sshd-gssapi-multihomed.patch | 162 -- .../files/openssh-6.7_p1-x509-glue.patch | 46 - .../openssh-6.7_p1-xmalloc-include.patch | 11 - .../files/openssh-6.8_p1-sctp-x509-glue.patch | 90 - .../openssh-6.8_p1-ssh-keygen-no-ssh1.patch | 40 - ...penssh-6.8_p1-sshd-gssapi-multihomed.patch | 162 -- .../openssh-6.8_p1-ssl-engine-configure.patch | 33 - .../openssh-6.8_p1-teraterm-hpn-glue.patch | 15 - .../files/openssh-6.8_p1-teraterm.patch | 69 - .../files/openssh-6.9_p1-x509-warnings.patch | 24 - .../files/openssh-7.0_p1-sctp-x509-glue.patch | 74 - .../files/openssh-7.1_p1-hpn-x509-glue.patch | 11 - .../net-misc/openssh/files/sshd.confd | 21 - .../net-misc/openssh/files/sshd.pam_include.2 | 4 - .../net-misc/openssh/files/sshd.rc6.4 | 85 - .../net-misc/openssh/files/sshd.service | 11 - .../net-misc/openssh/files/sshd.socket | 10 - .../net-misc/openssh/files/sshd_at.service | 8 - .../net-misc/openssh/metadata.xml | 37 - .../net-misc/openssh/openssh-6.7_p1-r4.ebuild | 323 --- .../net-misc/openssh/openssh-6.7_p1.ebuild | 322 --- .../net-misc/openssh/openssh-6.8_p1-r5.ebuild | 331 --- .../net-misc/openssh/openssh-6.9_p1-r1.ebuild | 322 --- .../net-misc/openssh/openssh-6.9_p1-r2.ebuild | 310 -- .../net-misc/openssh/openssh-7.0_p1.ebuild | 323 --- .../net-misc/openssh/openssh-7.1_p1-r1.ebuild | 328 --- .../net-misc/openssh/openssh-7.1_p1-r2.ebuild | 326 --- .../net-misc/openssh/openssh-7.1_p1.ebuild | 325 --- 37 files changed, 6899 deletions(-) delete mode 100644 sdk_container/src/third_party/portage-stable/net-misc/openssh/ChangeLog delete mode 100644 sdk_container/src/third_party/portage-stable/net-misc/openssh/ChangeLog-2015 delete mode 100644 sdk_container/src/third_party/portage-stable/net-misc/openssh/Manifest delete mode 100644 sdk_container/src/third_party/portage-stable/net-misc/openssh/files/openssh-4.7_p1-GSSAPI-dns.patch delete mode 100644 sdk_container/src/third_party/portage-stable/net-misc/openssh/files/openssh-6.3_p1-x509-hpn14v2-glue.patch delete mode 100644 sdk_container/src/third_party/portage-stable/net-misc/openssh/files/openssh-6.6.1_p1-x509-glue.patch delete mode 100644 sdk_container/src/third_party/portage-stable/net-misc/openssh/files/openssh-6.6.1_p1-x509-hpn14v5-glue.patch delete mode 100644 sdk_container/src/third_party/portage-stable/net-misc/openssh/files/openssh-6.7_p1-openssl-ignore-status.patch delete mode 100644 sdk_container/src/third_party/portage-stable/net-misc/openssh/files/openssh-6.7_p1-sctp-x509-glue.patch delete mode 100644 sdk_container/src/third_party/portage-stable/net-misc/openssh/files/openssh-6.7_p1-sshd-gssapi-multihomed.patch delete mode 100644 sdk_container/src/third_party/portage-stable/net-misc/openssh/files/openssh-6.7_p1-x509-glue.patch delete mode 100644 sdk_container/src/third_party/portage-stable/net-misc/openssh/files/openssh-6.7_p1-xmalloc-include.patch delete mode 100644 sdk_container/src/third_party/portage-stable/net-misc/openssh/files/openssh-6.8_p1-sctp-x509-glue.patch delete mode 100644 sdk_container/src/third_party/portage-stable/net-misc/openssh/files/openssh-6.8_p1-ssh-keygen-no-ssh1.patch delete mode 100644 sdk_container/src/third_party/portage-stable/net-misc/openssh/files/openssh-6.8_p1-sshd-gssapi-multihomed.patch delete mode 100644 sdk_container/src/third_party/portage-stable/net-misc/openssh/files/openssh-6.8_p1-ssl-engine-configure.patch delete mode 100644 sdk_container/src/third_party/portage-stable/net-misc/openssh/files/openssh-6.8_p1-teraterm-hpn-glue.patch delete mode 100644 sdk_container/src/third_party/portage-stable/net-misc/openssh/files/openssh-6.8_p1-teraterm.patch delete mode 100644 sdk_container/src/third_party/portage-stable/net-misc/openssh/files/openssh-6.9_p1-x509-warnings.patch delete mode 100644 sdk_container/src/third_party/portage-stable/net-misc/openssh/files/openssh-7.0_p1-sctp-x509-glue.patch delete mode 100644 sdk_container/src/third_party/portage-stable/net-misc/openssh/files/openssh-7.1_p1-hpn-x509-glue.patch delete mode 100644 sdk_container/src/third_party/portage-stable/net-misc/openssh/files/sshd.confd delete mode 100644 sdk_container/src/third_party/portage-stable/net-misc/openssh/files/sshd.pam_include.2 delete mode 100644 sdk_container/src/third_party/portage-stable/net-misc/openssh/files/sshd.rc6.4 delete mode 100644 sdk_container/src/third_party/portage-stable/net-misc/openssh/files/sshd.service delete mode 100644 sdk_container/src/third_party/portage-stable/net-misc/openssh/files/sshd.socket delete mode 100644 sdk_container/src/third_party/portage-stable/net-misc/openssh/files/sshd_at.service delete mode 100644 sdk_container/src/third_party/portage-stable/net-misc/openssh/metadata.xml delete mode 100644 sdk_container/src/third_party/portage-stable/net-misc/openssh/openssh-6.7_p1-r4.ebuild delete mode 100644 sdk_container/src/third_party/portage-stable/net-misc/openssh/openssh-6.7_p1.ebuild delete mode 100644 sdk_container/src/third_party/portage-stable/net-misc/openssh/openssh-6.8_p1-r5.ebuild delete mode 100644 sdk_container/src/third_party/portage-stable/net-misc/openssh/openssh-6.9_p1-r1.ebuild delete mode 100644 sdk_container/src/third_party/portage-stable/net-misc/openssh/openssh-6.9_p1-r2.ebuild delete mode 100644 sdk_container/src/third_party/portage-stable/net-misc/openssh/openssh-7.0_p1.ebuild delete mode 100644 sdk_container/src/third_party/portage-stable/net-misc/openssh/openssh-7.1_p1-r1.ebuild delete mode 100644 sdk_container/src/third_party/portage-stable/net-misc/openssh/openssh-7.1_p1-r2.ebuild delete mode 100644 sdk_container/src/third_party/portage-stable/net-misc/openssh/openssh-7.1_p1.ebuild diff --git a/sdk_container/src/third_party/portage-stable/net-misc/openssh/ChangeLog b/sdk_container/src/third_party/portage-stable/net-misc/openssh/ChangeLog deleted file mode 100644 index 564161dc36..0000000000 --- a/sdk_container/src/third_party/portage-stable/net-misc/openssh/ChangeLog +++ /dev/null @@ -1,221 +0,0 @@ -# ChangeLog for net-misc/openssh -# Copyright 1999-2015 Gentoo Foundation; Distributed under the GPL v2 -# (auto-generated from git log) - -*openssh-6.9_p1-r2 (09 Aug 2015) -*openssh-6.9_p1-r1 (09 Aug 2015) -*openssh-6.8_p1-r5 (09 Aug 2015) -*openssh-6.7_p1-r4 (09 Aug 2015) -*openssh-6.7_p1 (09 Aug 2015) - - 09 Aug 2015; Robin H. Johnson - +files/openssh-4.7_p1-GSSAPI-dns.patch, - +files/openssh-6.3_p1-x509-hpn14v2-glue.patch, - +files/openssh-6.6.1_p1-x509-glue.patch, - +files/openssh-6.6.1_p1-x509-hpn14v5-glue.patch, - +files/openssh-6.7_p1-openssl-ignore-status.patch, - +files/openssh-6.7_p1-sctp-x509-glue.patch, - +files/openssh-6.7_p1-sshd-gssapi-multihomed.patch, - +files/openssh-6.7_p1-x509-glue.patch, - +files/openssh-6.7_p1-xmalloc-include.patch, - +files/openssh-6.8_p1-sctp-x509-glue.patch, - +files/openssh-6.8_p1-ssh-keygen-no-ssh1.patch, - +files/openssh-6.8_p1-sshd-gssapi-multihomed.patch, - +files/openssh-6.8_p1-ssl-engine-configure.patch, - +files/openssh-6.8_p1-teraterm-hpn-glue.patch, - +files/openssh-6.8_p1-teraterm.patch, - +files/openssh-6.9_p1-x509-warnings.patch, +files/sshd.confd, - +files/sshd.pam_include.2, +files/sshd.rc6.4, +files/sshd.service, - +files/sshd.socket, +files/sshd_at.service, +metadata.xml, - +openssh-6.7_p1.ebuild, +openssh-6.7_p1-r4.ebuild, - +openssh-6.8_p1-r5.ebuild, +openssh-6.9_p1-r1.ebuild, - +openssh-6.9_p1-r2.ebuild: - proj/gentoo: Initial commit - - This commit represents a new era for Gentoo: - Storing the gentoo-x86 tree in Git, as converted from CVS. - - This commit is the start of the NEW history. - Any historical data is intended to be grafted onto this point. - - Creation process: - 1. Take final CVS checkout snapshot - 2. Remove ALL ChangeLog* files - 3. Transform all Manifests to thin - 4. Remove empty Manifests - 5. Convert all stale $Header$/$Id$ CVS keywords to non-expanded Git $Id$ - 5.1. Do not touch files with -kb/-ko keyword flags. - - Signed-off-by: Robin H. Johnson - X-Thanks: Alec Warner - did the GSoC 2006 migration - tests - X-Thanks: Robin H. Johnson - infra guy, herding this - project - X-Thanks: Nguyen Thai Ngoc Duy - Former Gentoo - developer, wrote Git features for the migration - X-Thanks: Brian Harring - wrote much python to improve - cvs2svn - X-Thanks: Rich Freeman - validation scripts - X-Thanks: Patrick Lauer - Gentoo dev, running new 2014 - work in migration - X-Thanks: Michał Górny - scripts, QA, nagging - X-Thanks: All of other Gentoo developers - many ideas and lots of paint on - the bikeshed - - 09 Aug 2015; Ulrich Müller files/sshd.rc6.4: - [QA] Remove executable bit from files, bug 550434. - - 12 Aug 2015; Mike Frysinger openssh-6.9_p1-r2.ebuild: - relax USE=tcpd check to a warning #531156 - -*openssh-7.0_p1 (12 Aug 2015) - - 12 Aug 2015; Mike Frysinger - files/openssh-6.8_p1-ssl-engine-configure.patch, +openssh-7.0_p1.ebuild: - version bump to 7.0_p1 #557340 - - 12 Aug 2015; Patrick McLean - +files/openssh-7.0_p1-sctp-x509-glue.patch, openssh-7.0_p1.ebuild: - Update X509 patch to version 8.5 and re-enable USE flag - - Package-Manager: portage-2.2.20.1 - - 13 Aug 2015; Mike Frysinger openssh-7.0_p1.ebuild: - add warnings about key support in newer versions #557388 - -*openssh-7.1_p1 (21 Aug 2015) - - 21 Aug 2015; Lars Wendler +openssh-7.1_p1.ebuild: - Bump to version 7.1_p1 - - Package-Manager: portage-2.2.20.1 - Signed-off-by: Lars Wendler - - 24 Aug 2015; Justin Lecher metadata.xml, - openssh-6.7_p1.ebuild, openssh-6.7_p1-r4.ebuild, openssh-6.8_p1-r5.ebuild, - openssh-6.9_p1-r1.ebuild, openssh-6.9_p1-r2.ebuild, openssh-7.0_p1.ebuild, - openssh-7.1_p1.ebuild: - Use https by default - - Convert all URLs for sites supporting encrypted connections from http to - https - - Signed-off-by: Justin Lecher - - 24 Aug 2015; Mike Gilbert metadata.xml: - Revert DOCTYPE SYSTEM https changes in metadata.xml - - repoman does not yet accept the https version. - This partially reverts eaaface92ee81f30a6ac66fe7acbcc42c00dc450. - - Bug: https://bugs.gentoo.org/552720 - - 24 Aug 2015; Patrick McLean - +files/openssh-7.1_p1-hpn-x509-glue.patch, openssh-7.1_p1.ebuild: - Re-enable the X509 USE flag for version 7.1p1 - - Package-Manager: portage-2.2.20.1 - - 12 Sep 2015; Zero_Chaos openssh-6.9_p1-r2.ebuild, - openssh-7.0_p1.ebuild, openssh-7.1_p1.ebuild: - relax bindist use flag deps slightly to allow for actual - buildable/functional options - - Package-Manager: portage-2.2.20.1 - - 12 Sep 2015; Mike Frysinger openssh-6.9_p1-r2.ebuild, - openssh-7.0_p1.ebuild, openssh-7.1_p1.ebuild: - require newer openssl - - This matches the INSTALL guidelines in the source code. - - 13 Sep 2015; Zero_Chaos openssh-6.9_p1-r2.ebuild, - openssh-7.0_p1.ebuild, openssh-7.1_p1.ebuild: - revert improper 4411ff42539dc7917a8db314327c6fbe699a616f - - Package-Manager: portage-2.2.20.1 - - 14 Sep 2015; Mike Frysinger openssh-6.9_p1-r2.ebuild, - openssh-7.0_p1.ebuild, openssh-7.1_p1.ebuild: - fix openssl[static-libs] dep to match SLOT=0 #560306 - - Since we use (+) in the dep, we might match the non-zero openssl dep - in which case portage won't pull in static-libs support in SLOT=0. - -*openssh-7.1_p1-r1 (20 Sep 2015) - - 20 Sep 2015; Julian Ospald +openssh-7.1_p1-r1.ebuild: - add libressl support - - 26 Sep 2015; Mike Frysinger openssh-7.1_p1-r1.ebuild: - note ssh-dss client config options too - -*openssh-7.1_p1-r2 (29 Oct 2015) - - 29 Oct 2015; Mike Frysinger +openssh-7.1_p1-r2.ebuild: - fix tun window size in hpn mode #564236 - - 29 Oct 2015; Mike Frysinger openssh-7.1_p1.ebuild, - openssh-7.1_p1-r1.ebuild, openssh-7.1_p1-r2.ebuild: - make hpn-x509 glue patch application more robust #564380 - - Rather than encode the full name of the hpn patchset in the glue patch, - apply it from the hpn patchset dir. - - 30 Oct 2015; Yuta Satoh openssh-7.1_p1-r2.ebuild: - Drop special settings for Gentoo/FreeBSD 9.0 or later. - - 03 Nov 2015; Mikle Kolyada openssh-7.1_p1-r2.ebuild: - amd64 stable wrt bug #555518 - - Package-Manager: portage-2.2.20.1 - - 03 Nov 2015; Agostino Sarubbo openssh-7.1_p1-r2.ebuild: - x86 stable wrt bug #555518 - - Package-Manager: portage-2.2.20.1 - RepoMan-Options: --include-arches="x86" - - 04 Nov 2015; Agostino Sarubbo openssh-7.1_p1-r2.ebuild: - ppc stable wrt bug #555518 - - Package-Manager: portage-2.2.20.1 - RepoMan-Options: --include-arches="ppc" - - 05 Nov 2015; Agostino Sarubbo openssh-7.1_p1-r2.ebuild: - sparc stable wrt bug #555518 - - Package-Manager: portage-2.2.20.1 - RepoMan-Options: --include-arches="sparc" - - 05 Nov 2015; Markus Meier openssh-7.1_p1-r2.ebuild: - arm stable, bug #555518 - - Package-Manager: portage-2.2.23 - RepoMan-Options: --include-arches="arm" - - 06 Nov 2015; Jeroen Roovers openssh-7.1_p1-r2.ebuild: - Stable for HPPA PPC64 (bug #555518). - - Package-Manager: portage-2.2.24 - RepoMan-Options: --ignore-arches - - 10 Nov 2015; Mike Frysinger openssh-7.1_p1-r2.ebuild: - warn about change in default root config #555518#16 - - 10 Nov 2015; Mike Frysinger openssh-6.7_p1.ebuild, - openssh-6.7_p1-r4.ebuild, openssh-6.8_p1-r5.ebuild, - openssh-6.9_p1-r1.ebuild, openssh-6.9_p1-r2.ebuild, openssh-7.0_p1.ebuild, - openssh-7.1_p1.ebuild, openssh-7.1_p1-r1.ebuild, openssh-7.1_p1-r2.ebuild: - drop skey addpredict - - The openssh configure script changed a long time ago to not compile+run a - skey test program. It's only compile+link now which means the code does - not try to access any paths and we can drop this sandbox logic. - - 10 Nov 2015; Mike Frysinger openssh-7.1_p1-r2.ebuild: - mark arm64/ia64/m68k/s390/sh stable #555518 - - 15 Nov 2015; Matt Turner openssh-7.1_p1-r2.ebuild: - alpha stable, bug 555518. - diff --git a/sdk_container/src/third_party/portage-stable/net-misc/openssh/ChangeLog-2015 b/sdk_container/src/third_party/portage-stable/net-misc/openssh/ChangeLog-2015 deleted file mode 100644 index a864535cf4..0000000000 --- a/sdk_container/src/third_party/portage-stable/net-misc/openssh/ChangeLog-2015 +++ /dev/null @@ -1,2518 +0,0 @@ -# ChangeLog for net-misc/openssh -# Copyright 1999-2015 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/net-misc/openssh/ChangeLog,v 1.575 2015/08/05 08:21:17 vapier Exp $ - - 05 Aug 2015; Mike Frysinger openssh-6.9_p1-r2.ebuild: - Use the rlimit sandbox for x32 ABI until the seccomp one is fixed #553748 by - Kyle Sanderson. - - 28 Jul 2015; Mike Frysinger openssh-6.9_p1-r2.ebuild: - List USE=ssl as a requirement for USE=ldns and clean up the ldns deps a bit - #555708 by Nicholas Fish. - - 23 Jul 2015; Agostino Sarubbo openssh-6.9_p1-r2.ebuild: - Stable for sparc, wrt bug #553724 - - 23 Jul 2015; Agostino Sarubbo openssh-6.9_p1-r2.ebuild: - Stable for ppc, wrt bug #553724 - - 20 Jul 2015; Tobias Klausmann openssh-6.9_p1-r2.ebuild: - Stable on alpha, bug 553724 - - 20 Jul 2015; Mike Frysinger openssh-6.9_p1-r2.ebuild: - Mark arm64/ia64/m68k/s390/sh stable #553724. - - 19 Jul 2015; Markus Meier openssh-6.9_p1-r2.ebuild: - arm stable, bug #554724 - - 19 Jul 2015; Mikle Kolyada openssh-6.9_p1-r2.ebuild: - x86 stable wrt bug #553724 - - 19 Jul 2015; Jeroen Roovers openssh-6.9_p1-r2.ebuild: - Stable for HPPA (bug #553724). - - 19 Jul 2015; Jeroen Roovers openssh-6.9_p1-r2.ebuild: - Stable for PPC64 (bug #553724). - - 18 Jul 2015; Mikle Kolyada openssh-6.9_p1-r2.ebuild: - amd64 stable wrt bug #553724 - -*openssh-6.9_p1-r2 (08 Jul 2015) - - 08 Jul 2015; Mike Frysinger +openssh-6.9_p1-r2.ebuild: - Update hpn patchset and drop the server logging patch from it. - -*openssh-6.9_p1-r1 (01 Jul 2015) - - 01 Jul 2015; Patrick McLean - +files/openssh-6.9_p1-x509-warnings.patch, +openssh-6.9_p1-r1.ebuild, - -openssh-6.9_p1.ebuild: - Revision bump, add the updated X509 patch, drop 5.9_p1-r0 ebuild. - -*openssh-6.9_p1 (01 Jul 2015) - - 01 Jul 2015; Lars Wendler - -openssh-6.7_p1-r3.ebuild, -openssh-6.8_p1.ebuild, -openssh-6.8_p1-r1.ebuild, - -openssh-6.8_p1-r2.ebuild, -openssh-6.8_p1-r3.ebuild, - -openssh-6.8_p1-r4.ebuild, +openssh-6.9_p1.ebuild: - Security bump (bug #553724). Removed old. - - 04 May 2015; Mike Frysinger files/sshd.rc6.4: - Clean up depend scan logic a bit. - -*openssh-6.8_p1-r5 (28 Apr 2015) - - 28 Apr 2015; Mike Frysinger - +files/openssh-6.8_p1-teraterm-hpn-glue.patch, - +files/openssh-6.8_p1-teraterm.patch, +openssh-6.8_p1-r5.ebuild: - Add fix from upstream for old TeraTerm clients #547944 by William Hubbs. Pull - in some upstream hpn updates. - - 13 Apr 2015; Mike Frysinger files/sshd.rc6.4: - Use SSHD_CONFIG everywhere #546008 by Alexander Sulfrian. - -*openssh-6.8_p1-r4 (06 Apr 2015) - - 06 Apr 2015; Patrick McLean +openssh-6.8_p1-r4.ebuild: - Revision bump, bump the X509 patch to version 8.3.1. - -*openssh-6.8_p1-r3 (25 Mar 2015) - - 25 Mar 2015; Mike Frysinger +openssh-6.8_p1-r3.ebuild: - Fix the server logging patch to work on IPv6 & x86 (socketcall) #544254 by - Thomas D.. - - 25 Mar 2015; Mike Frysinger - files/openssh-6.8_p1-ssh-keygen-no-ssh1.patch: - Update to the version merged upstream that also fixes USE=-ssl behavior. - - 24 Mar 2015; Patrick Lauer openssh-6.8_p1-r1.ebuild, - openssh-6.8_p1-r2.ebuild: - Undo changes and use package.use.mask instead - - 24 Mar 2015; Patrick Lauer openssh-6.8_p1-r1.ebuild, - openssh-6.8_p1-r2.ebuild: - Disable hpn in 6.8 #544254 - - 23 Mar 2015; Mike Frysinger openssh-6.8_p1-r2.ebuild: - Fix building on systems w/out getpeername syscall #544196 by Patrick Lauer. - -*openssh-6.8_p1-r2 (22 Mar 2015) - - 22 Mar 2015; Mike Frysinger - +files/openssh-6.8_p1-ssh-keygen-no-ssh1.patch, +openssh-6.8_p1-r2.ebuild: - Fix ssh-keygen -A behavior when USE=-ssh1 #544078 by Thomas D. Update hpn - patchset to pass tests and work under seccomp sandbox. - - 22 Mar 2015; Mike Frysinger openssh-6.8_p1-r1.ebuild: - Also note hosts.allow in the error message #531156#20 by Arfrever Frehtes - Taifersar Arahesis. - - 20 Mar 2015; Mike Frysinger openssh-6.8_p1-r1.ebuild: - Also check /etc/hosts.allow for tcp-wrappers #531156#18 by Martin Mokrejš. - - 19 Mar 2015; Mike Frysinger openssh-6.8_p1-r1.ebuild: - Refresh ldap patch #543822 by Anton Gubarkov. Move configure options to an - array so we can put inline comments; restore the X509/openssl configure check - as pointed out by Patrick. - - 19 Mar 2015; Mike Frysinger openssh-6.8_p1-r1.ebuild: - Fix hpn usage of openssl checks #543736 by Andrei Slavoiu. - - 19 Mar 2015; Mike Frysinger openssh-6.8_p1-r1.ebuild: - Move more conflicting USE flag checks to REQUIRED_USE. - -*openssh-6.8_p1-r1 (19 Mar 2015) - - 19 Mar 2015; Patrick McLean - +files/openssh-6.8_p1-sctp-x509-glue.patch, +openssh-6.8_p1-r1.ebuild: - Revision bump, re-enable X509 USE flag. - -*openssh-6.8_p1 (18 Mar 2015) - - 18 Mar 2015; Mike Frysinger - +files/openssh-6.8_p1-sshd-gssapi-multihomed.patch, - +files/openssh-6.8_p1-ssl-engine-configure.patch, +openssh-6.8_p1.ebuild, - metadata.xml: - Version bump #543694 by Jason A. Donenfeld. - -*openssh-6.7_p1-r4 (27 Feb 2015) - - 27 Feb 2015; Patrick McLean - +files/openssh-6.7_p1-xmalloc-include.patch, +openssh-6.7_p1-r4.ebuild: - Add patch to fix crasher bug triggered on hardened x86_64 machines with - USE=X509 and ancient clients. - - 31 Jan 2015; Lars Wendler - -openssh-6.6_p1-r1.ebuild, -openssh-6.6.1_p1-r4.ebuild, - -openssh-6.7_p1-r1.ebuild, -openssh-6.7_p1-r2.ebuild, - -files/openssh-5.9_p1-sshd-gssapi-multihomed.patch, - -files/openssh-6.3_p1-x509-glue.patch, - -files/openssh-6.5_p1-hpn-cipher-align.patch, - -files/openssh-6.6_p1-openssl-ignore-status.patch, - -files/openssh-6.6.1_p1.patch, -files/openssh-6.6_p1-x509-glue.patch, - -files/openssh-6.6_p1-x509-hpn14v4-glue-p2.patch: - Removed old (and vulnerable) versions. - - 31 Dec 2014; Mike Frysinger openssh-6.7_p1.ebuild: - Mark arm64/m68k/s390/sh stable. - - 31 Dec 2014; Mike Frysinger openssh-6.7_p1-r3.ebuild, - openssh-6.7_p1.ebuild: - Note the removal of USE=tcpd support due to upstream #533462 by Martin - Mokrejš. - - 06 Dec 2014; Agostino Sarubbo openssh-6.7_p1.ebuild: - Stable for ia64, wrt bug #505942 - - 04 Dec 2014; Agostino Sarubbo openssh-6.7_p1.ebuild: - Stable for ppc64, wrt bug #505942 - - 03 Dec 2014; Agostino Sarubbo openssh-6.7_p1.ebuild: - Stable for ppc, wrt bug #505942 - - 02 Dec 2014; Agostino Sarubbo openssh-6.7_p1.ebuild: - Stable for alpha, wrt bug #505942 - - 01 Dec 2014; Agostino Sarubbo openssh-6.7_p1.ebuild: - Stable for sparc, wrt bug #505942 - - 29 Nov 2014; Markus Meier openssh-6.7_p1.ebuild: - arm stable, bug #505942 - - 29 Nov 2014; Agostino Sarubbo openssh-6.7_p1.ebuild: - Stable for x86, wrt bug #505942 - - 29 Nov 2014; Agostino Sarubbo openssh-6.7_p1.ebuild: - Stable for amd64, wrt bug #505942 - -*openssh-6.7_p1-r3 (25 Nov 2014) - - 25 Nov 2014; Patrick McLean +openssh-6.7_p1-r3.ebuild: - Revision bump, make the /var/run -> /run move only apply when kernel_linux is - on, /run is a Linux-ism. - -*openssh-6.7_p1-r2 (24 Nov 2014) - - 24 Nov 2014; Patrick McLean +openssh-6.7_p1-r2.ebuild: - Revision bump, migrate /var/run to /run. - -*openssh-6.7_p1-r1 (24 Nov 2014) - - 24 Nov 2014; Patrick McLean +openssh-6.7_p1-r1.ebuild, - +files/openssh-6.7_p1-sctp-x509-glue.patch, - +files/openssh-6.7_p1-x509-glue.patch: - Revision bump, add the X509 version 8.2 patch. - - 24 Nov 2014; Jeroen Roovers openssh-6.7_p1.ebuild: - Stable for HPPA (bug #505942). - - 16 Nov 2014; Mike Frysinger openssh-6.7_p1.ebuild: - Pull in lksctp-tools for USE=sctp #529436 by Michał Górny. - -*openssh-6.7_p1 (15 Nov 2014) - - 15 Nov 2014; Mike Frysinger - +files/openssh-6.7_p1-openssl-ignore-status.patch, - +files/openssh-6.7_p1-sshd-gssapi-multihomed.patch, +openssh-6.7_p1.ebuild, - metadata.xml: - Version bump #524662 by Lars Wendler. - - 15 Nov 2014; Mike Frysinger openssh-6.6.1_p1-r4.ebuild: - Add USE=pie to control building sshd as a PIE #504764 by David Kredba. Reject - pie/static USE combos #507434 by Alexander Hof. - -*openssh-6.6.1_p1-r4 (28 Sep 2014) - - 28 Sep 2014; Lars Wendler - -openssh-6.6.1_p1-r2.ebuild, -openssh-6.6.1_p1-r3.ebuild, - +openssh-6.6.1_p1-r4.ebuild, - -files/openssh-6.6.1_p1-x509-hpn14v4-glue-p2.patch: - Fixed bug value assigned for SSH_BUG_LARGEWINDOW with - openssh-6.6.1p1-hpnssh14v5 patch (bug #523962). - -*openssh-6.6.1_p1-r3 (08 Sep 2014) - - 08 Sep 2014; Lars Wendler - +openssh-6.6.1_p1-r3.ebuild, +files/openssh-6.6.1_p1-x509-glue.patch, - +files/openssh-6.6.1_p1-x509-hpn14v5-glue.patch: - Bumped hpn patch to 14v5 and X509 patch to version 8.0. - -*openssh-6.6.1_p1-r2 (04 Aug 2014) - - 04 Aug 2014; Lars Wendler - -openssh-6.6.1_p1-r1.ebuild, +openssh-6.6.1_p1-r2.ebuild: - Fixed version number reported by openssh. Thanks to Luis Ressel for reporting - this in bug #519078. - -*openssh-6.6.1_p1-r1 (04 Aug 2014) - - 04 Aug 2014; Lars Wendler -openssh-6.6.1_p1.ebuild, - +openssh-6.6.1_p1-r1.ebuild, files/openssh-6.6.1_p1.patch: - Fixed mistakenly replaced @ char. Thanks to Luis Ressel for reporting this in - bug #519076. - -*openssh-6.6.1_p1 (25 Apr 2014) - - 25 Apr 2014; Lars Wendler +openssh-6.6.1_p1.ebuild, - +files/openssh-6.6.1_p1-x509-hpn14v4-glue-p2.patch, - +files/openssh-6.6.1_p1.patch: - Version bump by James Cloos (bug #508604). This is an unusual one as upstream - only provides a patch (not a release tarball). - - 24 Apr 2014; Lars Wendler - -files/openssh-5.2p1-ldap-stdargs.diff, -files/openssh-5.4_p1-openssl.patch, - -files/openssh-5.6_p1-hpn-progressmeter.patch, - -files/openssh-5.8_p1-x509-hpn-glue.patch, - -files/openssh-5.9_p1-drop-openssl-check.patch, - -files/openssh-5.9_p1-x509-glue.patch, - -files/openssh-6.0_p1-fix-freebsd-compilation.patch, - -files/openssh-6.0_p1-hpn-progressmeter.patch, - -files/openssh-6.0_p1-test.patch, -files/openssh-6.0_p1-x509-glue.patch, - -files/openssh-6.0_p1-x509-hpn-glue.patch, - -files/openssh-6.1_p1-x509-glue.patch, - -files/openssh-6.1_p1-x509-hpn-glue.patch, - -files/openssh-6.2_p2-x509-glue.patch, - -files/openssh-6.2_p2-x509-hpn-glue.patch, - -files/openssh-6.2_p2-x509-hpn14v1-glue.patch, - -files/openssh-6.3_p1-aes-gcm.patch, -files/openssh-6.4_p1-x509-glue.patch, - -files/sshd.pam, -files/sshd.rc6, -files/sshd.rc6.1, -files/sshd.rc6.2, - -files/sshd.rc6.3: - Removed old files from FILESDIR. - - 23 Mar 2014; Agostino Sarubbo -openssh-5.9_p1-r4.ebuild, - -openssh-6.0_p1-r1.ebuild, -openssh-6.1_p1-r1.ebuild, - -openssh-6.2_p2-r5.ebuild, -openssh-6.3_p1-r1.ebuild, - -openssh-6.4_p1-r1.ebuild: - Remove old - - 23 Mar 2014; Agostino Sarubbo openssh-6.6_p1-r1.ebuild: - Stable for alpha, wrt bug #505066 - - 23 Mar 2014; Agostino Sarubbo openssh-6.6_p1-r1.ebuild: - Stable for sparc, wrt bug #505066 - - 23 Mar 2014; Agostino Sarubbo openssh-6.6_p1-r1.ebuild: - Stable for ppc64, wrt bug #505066 - - 23 Mar 2014; Agostino Sarubbo openssh-6.6_p1-r1.ebuild: - Stable for ppc, wrt bug #505066 - - 22 Mar 2014; Markus Meier openssh-6.6_p1-r1.ebuild: - arm stable, bug #505066 - - 22 Mar 2014; Jeroen Roovers openssh-6.6_p1-r1.ebuild: - Stable for HPPA (bug #505066). - - 21 Mar 2014; Mike Frysinger openssh-6.6_p1-r1.ebuild: - Also disable -ftrapv flag in configure.ac #505182 by Jeroen Roovers. - - 21 Mar 2014; Mike Frysinger openssh-6.6_p1-r1.ebuild: - Disable -ftrapv flag on hppa until gcc ICEs get sorted out #505182 by Jeroen - Roovers. - - 20 Mar 2014; Mike Frysinger openssh-6.6_p1-r1.ebuild: - Mark arm64/ia64/m68k/s390/sh stable #505066. - -*openssh-6.6_p1-r1 (20 Mar 2014) - - 20 Mar 2014; Lars Wendler -openssh-6.6_p1.ebuild, - +openssh-6.6_p1-r1.ebuild: - Fixed hpn patch to not add a false patch level to ssh's version string - (6.6p2). Committed straight to stable where -r0 was stable. - - 20 Mar 2014; Agostino Sarubbo openssh-6.6_p1.ebuild: - Stable for x86, wrt bug #505066 - - 20 Mar 2014; Agostino Sarubbo openssh-6.6_p1.ebuild: - Stable for amd64, wrt bug #505066 - - 20 Mar 2014; Mike Frysinger - files/openssh-6.6_p1-openssl-ignore-status.patch: - link in upstream bug url - - 20 Mar 2014; Mike Frysinger - +files/openssh-6.6_p1-openssl-ignore-status.patch, openssh-6.6_p1.ebuild: - Fix openssl version check to accept dev/beta/release versions. - -*openssh-6.6_p1 (19 Mar 2014) - - 19 Mar 2014; Mike Frysinger - +files/openssh-6.6_p1-x509-glue.patch, - +files/openssh-6.6_p1-x509-hpn14v4-glue-p2.patch, +openssh-6.6_p1.ebuild, - -files/openssh-6.5_p1-x509-glue.patch, - -files/openssh-6.5_p1-x509-hpn14v4-glue-p2.patch, -openssh-6.5_p1-r1.ebuild: - Version bump. - - 14 Mar 2014; Mike Frysinger - files/openssh-6.5_p1-hpn-cipher-align.patch: - Fix build on 32bit systems #504616 by Toralf Förster. - -*openssh-6.5_p1-r1 (14 Mar 2014) - - 14 Mar 2014; Mike Frysinger - +files/openssh-6.5_p1-hpn-cipher-align.patch, +openssh-6.5_p1-r1.ebuild, - -openssh-6.5_p1.ebuild: - Avoid unaligned loads/stores in USE=hpn cipher code #498632 by Bruno. - -*openssh-6.5_p1 (14 Mar 2014) - - 14 Mar 2014; Mike Frysinger - +files/openssh-6.5_p1-x509-glue.patch, - +files/openssh-6.5_p1-x509-hpn14v4-glue-p2.patch, +openssh-6.5_p1.ebuild: - Version bump #499962 by Lars Wendler. - - 14 Feb 2014; Akinori Hattori openssh-6.4_p1-r1.ebuild: - ia64 stable wrt bug #477894 - - 01 Feb 2014; Raúl Porcel openssh-6.4_p1-r1.ebuild: - Stable on sparc after p.use.masking hpn, bug #499552 - - 31 Jan 2014; Raúl Porcel openssh-6.4_p1-r1.ebuild: - Move to -sparc, bug #499552 - - 26 Jan 2014; Agostino Sarubbo openssh-6.4_p1-r1.ebuild: - Stable for sparc, wrt bug #477894 - - 23 Jan 2014; Joseph Jezak openssh-6.4_p1-r1.ebuild: - Marked ppc/ppc64 stable for bug #477894. - - 18 Jan 2014; Mike Frysinger openssh-6.4_p1-r1.ebuild: - Add arm64 love. - - 16 Jan 2014; Mike Frysinger openssh-6.4_p1-r1.ebuild: - Mark m68k/s390/sh stable. - - 02 Jan 2014; Lars Wendler openssh-6.4_p1-r1.ebuild: - amd64 stable (bug #477894). - - 25 Dec 2013; Markus Meier openssh-6.4_p1-r1.ebuild: - arm stable, bug #477894 - - 24 Dec 2013; Agostino Sarubbo openssh-6.4_p1-r1.ebuild: - Stable for x86, wrt bug #477894 - - 11 Dec 2013; Jeroen Roovers openssh-6.4_p1-r1.ebuild: - Stable for HPPA (bug #477894). - - 11 Dec 2013; Tim Harder openssh-5.9_p1-r4.ebuild, - openssh-6.0_p1-r1.ebuild, openssh-6.1_p1-r1.ebuild, openssh-6.2_p2-r5.ebuild, - openssh-6.3_p1-r1.ebuild, openssh-6.4_p1-r1.ebuild: - Make sure ldap support is truly enabled before installing the openldap - schema. - - 09 Nov 2013; Tim Harder -openssh-6.4_p1.ebuild: - Remove insecure version due to improperly using the 6.3_p1 tarball. - -*openssh-6.4_p1-r1 (09 Nov 2013) - - 09 Nov 2013; Tim Harder +openssh-6.4_p1-r1.ebuild, - +files/openssh-6.4_p1-x509-glue.patch: - Update x509 patch. - -*openssh-6.4_p1 (09 Nov 2013) - - 09 Nov 2013; Robin H. Johnson +openssh-6.4_p1.ebuild: - Add real OpenSSH-6.4p1 release (nearly identical to 6.3, just with the AES-GCM - fix). - - 08 Nov 2013; Tim Harder -openssh-6.2_p2-r3.ebuild, - -openssh-6.2_p2-r4.ebuild: - Remove insecure versions. - -*openssh-6.2_p2-r5 (08 Nov 2013) - - 08 Nov 2013; Tim Harder +openssh-6.2_p2-r5.ebuild: - Apply AES-GCM cipher patch for the 6.2 series (bug #490728). - - 08 Nov 2013; Tim Harder -openssh-6.3_p1.ebuild: - Remove insecure version. - -*openssh-6.3_p1-r1 (08 Nov 2013) - - 08 Nov 2013; Tim Harder +openssh-6.3_p1-r1.ebuild, - +files/openssh-6.3_p1-aes-gcm.patch: - Apply patch to fix a memory corruption vulnerability with the AES-GCM cipher - (bug #490728). - -*openssh-6.3_p1 (05 Nov 2013) - - 05 Nov 2013; Tim Harder +openssh-6.3_p1.ebuild, - +files/openssh-6.3_p1-x509-glue.patch, - +files/openssh-6.3_p1-x509-hpn14v2-glue.patch: - Version bump (bug #488482). - -*openssh-6.2_p2-r4 (15 Aug 2013) - - 15 Aug 2013; Tim Harder +openssh-6.2_p2-r4.ebuild, - +files/openssh-6.2_p2-x509-hpn14v1-glue.patch: - Update to hpn14v1 patch that fixes the multi-threaded AES-CTR cipher when the - process forks to the background or when using the rlimit sandbox. - -*openssh-6.2_p2-r3 (21 Jul 2013) - - 21 Jul 2013; Tim Harder -openssh-6.2_p2-r2.ebuild, - +openssh-6.2_p2-r3.ebuild: - Fix hpn support when pseudo-tty allocation is disabled (bug #477506). - - 18 Jul 2013; Tim Harder -openssh-6.0_p1.ebuild, - -openssh-6.1_p1.ebuild, -openssh-6.2_p2.ebuild, -openssh-6.2_p2-r1.ebuild, - -files/openssh-5.2_p1-autoconf.patch, -files/openssh-5.2_p1-gsskex-fix.patch, - -files/openssh-5.2_p1-x509-hpn-glue.patch, - -files/openssh-5.6_p1-x509-hpn-glue.patch, - -files/openssh-5.7_p1-x509-hpn-glue.patch, - -files/openssh-5.8_p1-selinux.patch: - Remove old. - -*openssh-6.2_p2-r2 (18 Jul 2013) - - 18 Jul 2013; Tim Harder +openssh-6.2_p2-r2.ebuild: - Fix xauth path (bug #477304 by Tobias Klausmann) and move into ~arch. - - 27 Jun 2013; Tim Harder Manifest: - Update ldap patch to fix segfault issue. - -*openssh-6.2_p2-r1 (27 Jun 2013) - - 27 Jun 2013; Tim Harder +openssh-6.2_p2-r1.ebuild: - Revision bump, add ldap and hpn support. - -*openssh-6.2_p2 (24 Jun 2013) - - 24 Jun 2013; Mike Frysinger - +files/openssh-6.2_p2-x509-glue.patch, - +files/openssh-6.2_p2-x509-hpn-glue.patch, +openssh-6.2_p2.ebuild, - -files/openssh-6.2_p1-x509-glue.patch, - -files/openssh-6.2_p1-x509-hpn-glue.patch, -openssh-6.2_p1.ebuild: - Version bump #470222 by Jason A. Donenfeld. - - 23 Jun 2013; Mike Frysinger openssh-6.2_p1.ebuild: - Move into ~arch w/hpn disabled as it randomly hangs. - - 19 Jun 2013; Mike Frysinger openssh-5.9_p1-r4.ebuild, - openssh-6.0_p1-r1.ebuild, openssh-6.1_p1-r1.ebuild, openssh-6.2_p1.ebuild: - Call epatch_user #473004 by Jan Pobrislo. - - 09 Jun 2013; Mike Frysinger metadata.xml: - Add upstream CPE tag (security info) from ChromiumOS. - - 24 Apr 2013; Mike Frysinger files/sshd.rc6.4: - Use new -A flag with ssh-keygen to take care of generating all the right keys - #457026 by Mike Gilbert. - - 04 Apr 2013; Mike Gilbert files/sshd.service: - Add ExecStartPre=/usr/bin/ssh-keygen -A to sshd.service. Bug 457026. - - 30 Mar 2013; Tim Harder openssh-6.2_p1.ebuild, - +files/openssh-6.2_p1-x509-glue.patch, - +files/openssh-6.2_p1-x509-hpn-glue.patch: - Update glue patches for X509 support. - -*openssh-6.2_p1 (24 Mar 2013) - - 24 Mar 2013; Mike Frysinger +openssh-6.2_p1.ebuild: - Initial version. Needs ldap, and a little more testing w/custom hpn patch. - - 21 Feb 2013; Zac Medico openssh-6.1_p1-r1.ebuild: - Fix for prefix and add ~arm-linux + ~x86-linux keywords. - - 22 Jan 2013; Robin H. Johnson openssh-6.1_p1-r1.ebuild: - Whitespace. - - 22 Jan 2013; Robin H. Johnson openssh-6.1_p1-r1.ebuild: - Bug #435372: update ldns dependency for USE=bindist. - - 18 Jan 2013; Diego E. Pettenò openssh-6.1_p1-r1.ebuild: - Only depend on ldns with ldns USE flag enabled. - -*openssh-6.1_p1-r1 (18 Jan 2013) - - 18 Jan 2013; Robin H. Johnson +openssh-6.1_p1-r1.ebuild, - metadata.xml, openssh-5.9_p1-r4.ebuild, openssh-6.0_p1-r1.ebuild, - openssh-6.0_p1.ebuild, openssh-6.1_p1.ebuild: - Bug #448944: add bindist description. Bug #435372: add LDNS support for SSHFP. - Bug #410541/#266386: convert "need net" to detection of ListenAddress (if you - specify a custom ListenAddress, you should see the migration comments in the - init script). Bug #426084: Include license of init script. Bug #391011: handle - compile for G/FBSD9.0. - - 28 Nov 2012; Robin H. Johnson files/sshd.rc6.4: - Bug #410541: prepare for detection of net variants to warn if the user needs a - rc_need for the actual interface to bind to. Not installed in the rebuild - pending ACK fro vapier. - - 28 Nov 2012; Robin H. Johnson +files/sshd.rc6.4: - Cleanup of sshd init.d in preparation for bug #410541. local keyword is not - POSIX sh. - - 19 Nov 2012; Mike Frysinger openssh-6.1_p1.ebuild: - Only show ecdsa key message when upgrading from older versions, and drop - USE=pam warning wrt valid shells as people should know this #440568 by - poletti.marco. - - 19 Nov 2012; Mike Frysinger openssh-6.1_p1.ebuild: - Update to EAPI=4 to have USE=static depend on USE=static-libs of all the - library packages #443682 by siebz0r. - - 16 Nov 2012; Agostino Sarubbo -openssh-5.5_p1-r2.ebuild, - -openssh-5.6_p1-r2.ebuild, -openssh-5.7_p1-r1.ebuild, - -openssh-5.8_p1-r1.ebuild, -openssh-5.8_p2-r1.ebuild, -openssh-5.8_p2.ebuild, - -openssh-5.9_p1-r3.ebuild: - Remove old - - 11 Nov 2012; Mike Frysinger openssh-6.1_p1.ebuild: - Do not hardcode `pkg-config`. - - 06 Nov 2012; Mike Gilbert openssh-5.5_p1-r2.ebuild, - openssh-5.6_p1-r2.ebuild, openssh-5.7_p1-r1.ebuild, openssh-5.8_p1-r1.ebuild, - openssh-5.8_p2-r1.ebuild, openssh-5.8_p2.ebuild, openssh-5.9_p1-r3.ebuild, - openssh-5.9_p1-r4.ebuild, openssh-6.0_p1-r1.ebuild, openssh-6.0_p1.ebuild, - openssh-6.1_p1.ebuild: - Use a slot dep for openssl; openssl:0.9.8 is not going to work here. Bug - 437480. - - 06 Nov 2012; Rick Farina openssh-5.5_p1-r2.ebuild, - openssh-5.6_p1-r2.ebuild, openssh-5.7_p1-r1.ebuild, openssh-5.8_p1-r1.ebuild, - openssh-5.8_p2-r1.ebuild, openssh-5.8_p2.ebuild, openssh-5.9_p1-r3.ebuild, - openssh-5.9_p1-r4.ebuild, openssh-6.0_p1-r1.ebuild, openssh-6.0_p1.ebuild, - openssh-6.1_p1.ebuild: - openssh needs to match the bindist settings on openssl or it breaks. bug - #437480 - - 12 Oct 2012; Mike Frysinger openssh-6.1_p1.ebuild: - Always specify pid-dir to avoid configure script falling back to /etc/ssh on - broken systems #435668 by Piotr Karbowski. - - 25 Sep 2012; Ulrich Müller openssh-5.5_p1-r2.ebuild, - openssh-5.6_p1-r2.ebuild, openssh-5.7_p1-r1.ebuild, openssh-5.8_p1-r1.ebuild, - openssh-5.8_p2.ebuild, openssh-5.8_p2-r1.ebuild, openssh-5.9_p1-r3.ebuild, - openssh-5.9_p1-r4.ebuild, openssh-6.0_p1.ebuild, openssh-6.0_p1-r1.ebuild, - openssh-6.1_p1.ebuild: - Specify LICENSE more precisely. According to the upstream license note: - "All components are under a BSD licence, or a licence more free than that." - -*openssh-6.1_p1 (08 Sep 2012) - - 08 Sep 2012; Mike Frysinger - +files/openssh-6.1_p1-x509-glue.patch, - +files/openssh-6.1_p1-x509-hpn-glue.patch, +openssh-6.1_p1.ebuild: - Version bump #434278 by Phr33d0m. - -*openssh-6.0_p1-r1 (08 Jun 2012) - - 08 Jun 2012; Mike Frysinger +openssh-6.0_p1-r1.ebuild: - Back hpn patch back down to v11 as v12 does not want to work for us #414401 by - Sean McGovern. - - 02 Jun 2012; Mike Frysinger openssh-5.9_p1-r4.ebuild: - Mark alpha/ia64/s390/sh/sparc stable #396075. - - 29 May 2012; Alexis Ballier openssh-6.0_p1.ebuild: - keyword ~amd64-fbsd - - 29 May 2012; Richard Yao - +files/openssh-6.0_p1-fix-freebsd-compilation.patch, openssh-6.0_p1.ebuild: - Fix build failure on Gentoo FreeBSD 9, written by naota, reviewed by - xarthisius, approved by Chainsaw, bug #391011 - - 23 May 2012; Mike Frysinger openssh-5.5_p1-r2.ebuild, - openssh-5.6_p1-r2.ebuild, openssh-5.7_p1-r1.ebuild, openssh-5.8_p1-r1.ebuild, - openssh-5.8_p2-r1.ebuild, openssh-5.8_p2.ebuild, openssh-5.9_p1-r3.ebuild, - openssh-5.9_p1-r4.ebuild, openssh-6.0_p1.ebuild: - Inherit user eclass for enewuser/etc... - - 17 May 2012; Mike Frysinger - +files/openssh-6.0_p1-test.patch, openssh-6.0_p1.ebuild: - Add fix for POSIX test compat #391011. - - 08 May 2012; Brent Baude openssh-5.9_p1-r4.ebuild: - Marking openssh-5.9_p1-r4 ppc64 for bug 396075 - - 05 May 2012; Jeff Horelick openssh-5.5_p1-r2.ebuild, - openssh-5.6_p1-r2.ebuild, openssh-5.7_p1-r1.ebuild, openssh-5.8_p1-r1.ebuild, - openssh-5.8_p2.ebuild, openssh-5.8_p2-r1.ebuild, openssh-5.9_p1-r3.ebuild, - openssh-5.9_p1-r4.ebuild, openssh-6.0_p1.ebuild: - dev-util/pkgconfig -> virtual/pkgconfig - - 03 May 2012; Mike Frysinger openssh-6.0_p1.ebuild: - Enable locale env var passing by default #367017 by Michael. - -*openssh-6.0_p1 (30 Apr 2012) - - 30 Apr 2012; Mike Frysinger - +files/openssh-6.0_p1-hpn-progressmeter.patch, - +files/openssh-6.0_p1-x509-glue.patch, - +files/openssh-6.0_p1-x509-hpn-glue.patch, +openssh-6.0_p1.ebuild: - Version bump with work from Robin #414071 by Michael Weber. - - 16 Apr 2012; Markus Meier openssh-5.9_p1-r4.ebuild: - arm stable, bug #396075 - - 16 Apr 2012; Brent Baude openssh-5.9_p1-r4.ebuild: - Marking openssh-5.9_p1-r4 ppc for bug 396075 - - 10 Apr 2012; Jeroen Roovers openssh-5.9_p1-r4.ebuild: - Stable for HPPA (bug #396075). - - 09 Apr 2012; Jeff Horelick openssh-5.9_p1-r4.ebuild: - marked x86 per bug 396075 - - 09 Apr 2012; Agostino Sarubbo openssh-5.9_p1-r4.ebuild: - Stable for amd64, wrt bug #396075 - -*openssh-5.9_p1-r4 (15 Mar 2012) - - 15 Mar 2012; Mike Frysinger +openssh-5.9_p1-r4.ebuild, - +files/openssh-5.9_p1-drop-openssl-check.patch: - Drop openssl version checking. - - 13 Mar 2012; Pawel Hajdan jr - openssh-5.5_p1-r2.ebuild, openssh-5.6_p1-r2.ebuild, openssh-5.7_p1-r1.ebuild, - openssh-5.8_p1-r1.ebuild, openssh-5.8_p2.ebuild, openssh-5.8_p2-r1.ebuild, - openssh-5.9_p1-r3.ebuild: - Switch to virtual/shadow. - - 13 Feb 2012; Robin H. Johnson openssh-5.9_p1-r3.ebuild: - Bug #352083: install LPK schema. - - 06 Feb 2012; Jeremy Olexa openssh-5.9_p1-r3.ebuild: - [Bug 402441] net-misc/openssh: Add output to say that ECDSA will not work - when openssl[bindist] is present - - 14 Dec 2011; Michał Górny openssh-5.9_p1-r3.ebuild, - +files/sshd.service, +files/sshd.socket, +files/sshd_at.service: - Install systemd unit files. - - 04 Dec 2011; Sven Wegener files/sshd.rc6, - files/sshd.rc6.1, files/sshd.rc6.2: - move reload to extra_started_commands - - 26 Nov 2011; Mike Frysinger openssh-5.9_p1-r3.ebuild: - Move enew{user,group} to pkg_preinst so `die` works. - - 03 Nov 2011; Mike Frysinger openssh-5.5_p1-r2.ebuild, - openssh-5.6_p1-r2.ebuild, openssh-5.7_p1-r1.ebuild, openssh-5.8_p1-r1.ebuild, - openssh-5.8_p2.ebuild, openssh-5.8_p2-r1.ebuild, openssh-5.9_p1-r3.ebuild: - Use new egetshell helper rather than calling getent directly. - - 02 Nov 2011; Mike Frysinger openssh-5.5_p1-r2.ebuild, - openssh-5.6_p1-r2.ebuild, openssh-5.7_p1-r1.ebuild, openssh-5.8_p1-r1.ebuild, - openssh-5.8_p2.ebuild, openssh-5.8_p2-r1.ebuild, openssh-5.9_p1-r3.ebuild: - Use egetent rather than getent. - -*openssh-5.9_p1-r3 (26 Sep 2011) - - 26 Sep 2011; Mike Frysinger -openssh-5.9_p1.ebuild, - -openssh-5.9_p1-r2.ebuild, +openssh-5.9_p1-r3.ebuild, - +files/openssh-5.9_p1-x509-glue.patch: - Add x509 patch and release. - -*openssh-5.9_p1-r2 (14 Sep 2011) -*openssh-5.8_p2-r1 (14 Sep 2011) - - 14 Sep 2011; Lars Wendler - +openssh-5.8_p2-r1.ebuild, -openssh-5.9_p1-r1.ebuild, - +openssh-5.9_p1-r2.ebuild, files/sshd.rc6.3: - non-maintainer commit: Replaced deprecated opts variable (bug #382227) and - removed --stop option from reload function (bug #382975). Bot changes and - revbumps were done with kind permission from vapier. - - 12 Sep 2011; Mike Frysinger openssh-5.9_p1-r1.ebuild: - Simplify test homedir logic a bit, and fix quoting. - -*openssh-5.9_p1-r1 (07 Sep 2011) - - 07 Sep 2011; Robin H. Johnson +openssh-5.9_p1-r1.ebuild: - Add complete port of HPN+LPK patches, also adjust the HOMEDIR setting for - src_test to complete in more cases. - - 07 Sep 2011; Mike Frysinger openssh-5.9_p1.ebuild: - Retain default AuthorizedKeysFile behavior. - -*openssh-5.9_p1 (07 Sep 2011) - - 07 Sep 2011; Mike Frysinger +openssh-5.9_p1.ebuild, - +files/openssh-5.9_p1-sshd-gssapi-multihomed.patch, +files/sshd.rc6.3: - Version bump. Drop --oknodo in init.d #377771 by Michael Mair-Keimberger. Add - GSSAPI/Kerberos fix #378361 by Kevan Carstensen. - - 28 May 2011; Mike Frysinger files/sshd.rc6.2: - Move custom opts to checkconfig and include those when verifying config - sanity #367303 by Horst Prote. - - 16 May 2011; Robin H. Johnson openssh-5.8_p2.ebuild: - Bug #366643: rediff the LPK patch for LDAP usage. Also merge the Mozilla uid - customization LPK change. - -*openssh-5.8_p2 (09 May 2011) - - 09 May 2011; Mike Frysinger +openssh-5.8_p2.ebuild: - Version bump. - - 16 Apr 2011; Ulrich Mueller openssh-5.5_p1-r2.ebuild, - openssh-5.6_p1-r2.ebuild, openssh-5.7_p1-r1.ebuild, openssh-5.8_p1-r1.ebuild: - Don't PROVIDE virtual/ssh, bug 361121. - - 19 Feb 2011; Mike Frysinger openssh-5.8_p1-r1.ebuild: - Encourage people to update their stored ssh key lists #355223 by Pacho Ramos. - - 19 Feb 2011; Mike Frysinger -openssh-5.8_p1.ebuild, - openssh-5.8_p1-r1.ebuild: - We want openssh-5.8_p1-r1 going stable. - - 13 Feb 2011; Raúl Porcel openssh-5.8_p1.ebuild: - arm/ia64/m68k/s390/sh/sparc stable wrt #353673 - - 11 Feb 2011; Pawel Hajdan jr - openssh-5.8_p1.ebuild: - x86 stable wrt security bug #353673 - - 11 Feb 2011; Kacper Kowalik openssh-5.8_p1.ebuild: - ppc stable wrt 353673 - - 10 Feb 2011; Markos Chandras openssh-5.8_p1.ebuild: - Stable on amd64 wrt bug #353673 - - 10 Feb 2011; Robin H. Johnson openssh-5.5_p1-r2.ebuild, - openssh-5.6_p1-r2.ebuild, openssh-5.7_p1-r1.ebuild, openssh-5.8_p1.ebuild, - openssh-5.8_p1-r1.ebuild: - Revamp AES-CTR-MT disable comment, with explicit reference to upstream - documentation and testcase reference (bug #354113, comment 6). - - 10 Feb 2011; Mike Frysinger openssh-5.8_p1-r1.ebuild, - +files/openssh-5.8_p1-selinux.patch: - Drop openssl build patch since it doesn't seem to be needed anymore, and - apply simple build fix for selinux from upstream #354247 by MarisN. - - 10 Feb 2011; Robin H. Johnson openssh-5.8_p1.ebuild: - Also add AES-CTR fix to 5.8_p1 presently under stabilization. - alpha/hppa/ppc64 are the only stable arches with the broken HPN version at - present. - -*openssh-5.8_p1-r1 (10 Feb 2011) - - 10 Feb 2011; Robin H. Johnson openssh-5.6_p1-r2.ebuild, - openssh-5.7_p1-r1.ebuild, +openssh-5.8_p1-r1.ebuild: - Bug #354113: AES-CTR workaround was dropped from 5.7 and 5.8 when it is still - required. - - 08 Feb 2011; Kacper Kowalik openssh-5.8_p1.ebuild: - ppc64 stable wrt #353673 - - 08 Feb 2011; Tobias Klausmann openssh-5.8_p1.ebuild: - Stable on alpha, bug #353673 - - 08 Feb 2011; Jeroen Roovers openssh-5.8_p1.ebuild: - Stable for HPPA (bug #353673). - -*openssh-5.8_p1 (05 Feb 2011) - - 05 Feb 2011; Mike Frysinger +openssh-5.8_p1.ebuild, - +files/openssh-5.8_p1-x509-hpn-glue.patch: - Version bump #353673. Default HPN to on when available #347193 by Jeremy - Olexa. - -*openssh-5.7_p1-r1 (25 Jan 2011) - - 25 Jan 2011; Mike Frysinger +openssh-5.7_p1-r1.ebuild, - +files/openssh-5.7_p1-x509-hpn-glue.patch: - Add x509/ldap/hpn support back in. Auto-remove ecdsa support from init.d if - openssl lacks support #352645 by William Throwe. - -*openssh-5.7_p1 (24 Jan 2011) - - 24 Jan 2011; Mike Frysinger +openssh-5.7_p1.ebuild, - +files/sshd.rc6.2: - Version bump. - - 10 Dec 2010; Robin H. Johnson metadata.xml: - Update restrict in metadata per mgorny's request to use DEPEND syntax. - - 04 Dec 2010; Raúl Porcel openssh-5.6_p1-r2.ebuild: - alpha/ia64/m68k/s390/sh stable wrt #346395 - - 29 Nov 2010; Brent Baude openssh-5.6_p1-r2.ebuild: - stable ppc64, bug 346395 - - 27 Nov 2010; Michael Weber openssh-5.6_p1-r2.ebuild: - arm/sparc stable (bug 346395) - - 24 Nov 2010; Jeroen Roovers openssh-5.6_p1-r2.ebuild: - Stable for HPPA PPC (bug #346395). - - 22 Nov 2010; Markos Chandras openssh-5.6_p1-r2.ebuild: - Stable on amd64 wrt bug #346395 - - 22 Nov 2010; Thomas Kahle openssh-5.6_p1-r2.ebuild: - x86 stable per bug 346395 - - 11 Oct 2010; Diego E. Pettenò - openssh-5.6_p1-r2.ebuild, +files/sshd.rc6.1: - Update init script to not regenerate the RSA1 host key (for SSH Protocol - 1) unless Protocol 1 is enabled. Modern OpenSSH versions disable Protocol - 1 in the daemon by default. - -*openssh-5.6_p1-r2 (30 Sep 2010) - - 30 Sep 2010; Mike Frysinger +openssh-5.6_p1-r2.ebuild, - +files/openssh-5.6_p1-hpn-progressmeter.patch: - Switch to latest upstream hpn patch, and fix a pointer error in it. - - 24 Sep 2010; Raúl Porcel openssh-5.5_p1-r2.ebuild: - alpha/ia64/m68k/s390/sh/sparc stable wrt #334165 - - 23 Sep 2010; Markus Meier openssh-5.5_p1-r2.ebuild: - arm stable, bug #334165 - - 06 Sep 2010; Brent Baude openssh-5.5_p1-r2.ebuild: - Marking openssh-5.5_p1-r2 ppc64 for bug 334165 - - 28 Aug 2010; Markos Chandras - openssh-5.5_p1-r2.ebuild: - Stable on amd64 wrt bug #334165 - - 28 Aug 2010; Jeroen Roovers openssh-5.5_p1-r2.ebuild: - Stable for HPPA PPC (bug #334165). - -*openssh-5.6_p1-r1 (26 Aug 2010) - - 26 Aug 2010; Mike Frysinger +openssh-5.6_p1-r1.ebuild, - +files/openssh-5.6_p1-x509-hpn-glue.patch: - Update hpn/ldap/x509 patches to new release. - - 25 Aug 2010; Robin H. Johnson openssh-5.6_p1.ebuild: - Update HPN and LPK patches for 5.6p1 series. - - 24 Aug 2010; Pawel Hajdan jr - openssh-5.5_p1-r2.ebuild: - x86 stable wrt bug #334165 - -*openssh-5.6_p1 (23 Aug 2010) - - 23 Aug 2010; Mike Frysinger +openssh-5.6_p1.ebuild: - Version bump. - -*openssh-5.5_p1-r2 (20 Jun 2010) -*openssh-5.4_p1-r3 (20 Jun 2010) - - 20 Jun 2010; Mike Frysinger +openssh-5.4_p1-r3.ebuild, - +openssh-5.5_p1-r2.ebuild: - Switch to the official hpn patches. - -*openssh-5.5_p1-r1 (20 Apr 2010) - - 20 Apr 2010; Robin H. Johnson - +openssh-5.5_p1-r1.ebuild: - The 5.4 patchsets for HPN and LPK apply and work perfectly with 5.5. - -*openssh-5.5_p1 (16 Apr 2010) - - 16 Apr 2010; Mike Frysinger +openssh-5.5_p1.ebuild: - Version bump. - -*openssh-5.4_p1-r2 (29 Mar 2010) - - 29 Mar 2010; Robin H. Johnson - +openssh-5.4_p1-r2.ebuild: - Revbump with HPN and LPK patches available again now. Ported and submitted - to upstream authors. X509 now has more conflicts with HPN, future - revisions may require selection of: x509 XOR (hpn OR lpk). - -*openssh-5.4_p1-r1 (29 Mar 2010) - - 29 Mar 2010; Mike Frysinger +openssh-5.4_p1-r1.ebuild, - +files/openssh-5.4_p1-pkcs11.patch, - +files/openssh-5.4_p1-relative-AuthorizedKeysFile.patch: - Fixes from upstream for pkcs build problems #310929 by Alan Hourihane and - for relative AuthorizedKeysFile handling #308939 by Eric Vander Weele. - - 20 Mar 2010; Mike Frysinger openssh-5.3_p1-r1.ebuild, - openssh-5.4_p1.ebuild: - Fix warning with USE="X509 ldap" #310287 by Nico Baggus. - - 19 Mar 2010; Raúl Porcel openssh-5.3_p1-r1.ebuild: - sparc stable wrt #308555 - - 19 Mar 2010; Mike Frysinger openssh-5.3_p1-r1.ebuild: - Mark alpha/arm/ia64/s390/sh stable #308555. - - 18 Mar 2010; Christian Faulhammer - openssh-5.3_p1-r1.ebuild: - stable x86, bug 308555 - - 13 Mar 2010; Mike Frysinger openssh-5.4_p1.ebuild: - Drop USE=pkcs11 per Alon Bar-Lev #308431. - - 12 Mar 2010; Jeroen Roovers openssh-5.3_p1-r1.ebuild: - Stable for HPPA (bug #308555). - - 12 Mar 2010; Markos Chandras - openssh-5.3_p1-r1.ebuild: - Stable on amd64 wrt bug #308555 - - 10 Mar 2010; Joseph Jezak openssh-5.3_p1-r1.ebuild: - Marked ppc/ppc64 stable for bug #308555. - -*openssh-5.4_p1 (09 Mar 2010) - - 09 Mar 2010; Mike Frysinger +openssh-5.4_p1.ebuild, - +files/openssh-5.4_p1-openssl.patch: - Version bump #308431 by Dirkjan Ochtman. - - 27 Oct 2009; Raúl Porcel openssh-5.2_p1-r3.ebuild: - ia64/m68k/s390/sh/sparc stable wrt #287292 - - 11 Oct 2009; nixnut openssh-5.2_p1-r3.ebuild: - ppc stable #287292 - - 11 Oct 2009; Tobias Klausmann - openssh-5.2_p1-r3.ebuild: - Stable on alpha, bug #287292 - - 11 Oct 2009; Robin H. Johnson - openssh-5.3_p1-r1.ebuild, +files/openssh-5.3_p1-pkcs11-hpn-glue.patch: - Bug #288498: Now we need a glue patch for pkcs11 and HPN together. Really - some of these patchsets need to go to upstream. - -*openssh-5.3_p1-r1 (10 Oct 2009) - - 10 Oct 2009; Robin H. Johnson - +openssh-5.3_p1-r1.ebuild: - Ported the HPN and LPK patches to 5.3p1, mailed upstream as well. - - 07 Oct 2009; Mike Frysinger openssh-5.2_p1-r2.ebuild, - openssh-5.2_p1-r3.ebuild, openssh-5.3_p1.ebuild: - Fix static_use_with handling when there is one option #287292 by Jaak - Ristioja. - - 03 Oct 2009; Jeroen Roovers openssh-5.2_p1-r3.ebuild: - Stable for HPPA (bug #287292). - - 03 Oct 2009; Brent Baude openssh-5.2_p1-r3.ebuild: - Marking openssh-5.2_p1-r3 ppc64 for bug 287292 - - 03 Oct 2009; Markus Meier openssh-5.2_p1-r3.ebuild: - amd64/arm/x86 stable, bug #287292 - -*openssh-5.3_p1 (03 Oct 2009) - - 03 Oct 2009; Mike Frysinger +openssh-5.3_p1.ebuild: - Version bump. - -*openssh-5.2_p1-r3 (23 Aug 2009) - - 23 Aug 2009; Mike Frysinger +openssh-5.2_p1-r3.ebuild, - +files/openssh-5.2_p1-gsskex-fix.patch, - +files/openssh-5.2_p1-x509-hpn-glue.patch: - Update x509 patch, update gsskex patch #279488 by Harald Barth, and update - x509/hpn glue #270508 by BedOS_Gui. - - 13 Aug 2009; Mike Frysinger openssh-5.0_p1-r2.ebuild, - openssh-5.1_p1-r2.ebuild, openssh-5.1_p1-r3.ebuild, - openssh-5.2_p1-r1.ebuild, openssh-5.2_p1-r2.ebuild: - Suggest people reload the sshd server rather than restart it. - - 12 Aug 2009; Christian Ruppert files/sshd.rc6: - Removed "-b 1024" to use ServerKeyBits option instead. - - 19 Jul 2009; Mike Frysinger files/sshd.rc6: - Add checkconfig to reload() #277007 by Michał Górny. - - 10 Jul 2009; Robin H. Johnson files/sshd.rc6: - Allow public calls to checkconfig and gen_keys, for helping automation and - sanity checks. - - 23 Jun 2009; Mike Frysinger openssh-5.2_p1-r2.ebuild, - +files/openssh-5.2_p1-autoconf.patch: - Workaround autoconf-2.63 issues with empty else statements. - - 18 May 2009; Robin H. Johnson - openssh-5.2_p1-r1.ebuild, openssh-5.2_p1-r2.ebuild, - +files/openssh-5.2p1-ldap-stdargs.diff: - Bug #266654: Fix LPK compile under uclibc due to missing include statement - thanks to Bertrand Jacquin . - - 18 May 2009; Robin H. Johnson - openssh-5.2_p1-r2.ebuild: - New release of the HPN patch that makes it mostly usable now. The - multithreaded AES-CTR portion is disabled to avoid hangs however. - - 20 Apr 2009; Mike Frysinger openssh-5.2_p1-r2.ebuild: - Skip pkcs11/kerberos support when USE=static by Alon Bar-Lev #266404 by - Jan Paesmans. - - 12 Apr 2009; Robin H. Johnson - openssh-5.2_p1-r2.ebuild: - Switch to UID instead of hardcoded portage per bug #264841 comment. - - 12 Apr 2009; Robin H. Johnson files/sshd.rc6: - Bug #265491, fix opts with baselayout1. - - 12 Apr 2009; Robin H. Johnson - openssh-5.2_p1-r1.ebuild, openssh-5.2_p1-r2.ebuild: - Bug #264841, the ssh testsuite needs a real shell to run, so run a subset - of tests otherwise. - - 04 Apr 2009; Raúl Porcel openssh-5.2_p1-r1.ebuild: - alpha/arm/ia64/m68k/s390/sh/sparc stable wrt #247466 - - 02 Apr 2009; Markus Meier openssh-5.2_p1-r1.ebuild: - amd64/x86 stable, bug #247466 - - 02 Apr 2009; Brent Baude openssh-5.2_p1-r1.ebuild: - Marking openssh-5.2_p1-r1 ppc64 and ppc for bug 247466 - - 02 Apr 2009; Jeroen Roovers openssh-5.2_p1-r1.ebuild: - Stable for HPPA (bug #247466). - - 11 Mar 2009; Robin H. Johnson - openssh-5.2_p1-r1.ebuild, openssh-5.2_p1-r2.ebuild: - Add the SSH testsuite, because I think the latest HPN patch has a breakage - that was missed. - -*openssh-5.2_p1-r2 (09 Mar 2009) - - 09 Mar 2009; Robin H. Johnson - +openssh-5.2_p1-r2.ebuild: - Added my own unofficial port of the HPN patch, because performance sucks - without it. - - 25 Feb 2009; Mike Frysinger openssh-5.2_p1-r1.ebuild: - Update pkcs11 patch #152170. - -*openssh-5.2_p1-r1 (24 Feb 2009) - - 24 Feb 2009; Robin H. Johnson - +openssh-5.2_p1-r1.ebuild: - LPK patch updated for new OpenSSH release. - - 24 Feb 2009; Mike Frysinger openssh-5.2_p1.ebuild: - Fix X509 patching #260163 by Daniel J. - -*openssh-5.2_p1 (24 Feb 2009) - - 24 Feb 2009; Mike Frysinger +openssh-5.2_p1.ebuild: - Version bump #247466. - - 20 Feb 2009; Raúl Porcel openssh-5.1_p1-r2.ebuild: - ia64/sparc stable wrt #258940 - - 16 Feb 2009; Brent Baude openssh-5.1_p1-r2.ebuild: - stable ppc64, bug 258940 - - 15 Feb 2009; Markus Meier openssh-5.1_p1-r2.ebuild: - amd64/x86 stable, bug #258940 - - 14 Feb 2009; Brent Baude openssh-5.1_p1-r2.ebuild: - stable ppc, bug 258940 - - 14 Feb 2009; Jeroen Roovers openssh-5.1_p1-r2.ebuild: - Stable for HPPA (bug #258940). - - 14 Feb 2009; Tobias Klausmann - openssh-5.1_p1-r2.ebuild: - Stable on alpha, bug #258940 - - 14 Feb 2009; Mike Frysinger - +files/openssh-5.1_p1-x509-headers.patch, openssh-5.1_p1-r2.ebuild, - openssh-5.1_p1-r3.ebuild: - Fix implicit strsep() prototype in x509 code #258795 by orlin. - - 08 Feb 2009; Mike Frysinger openssh-4.4_p1-r6.ebuild, - openssh-4.5_p1-r2.ebuild, openssh-4.6_p1-r4.ebuild, - openssh-4.7_p1-r6.ebuild, openssh-4.7_p1-r20.ebuild, - openssh-5.0_p1-r1.ebuild, openssh-5.0_p1-r2.ebuild, openssh-5.1_p1.ebuild, - openssh-5.1_p1-r1.ebuild, openssh-5.1_p1-r2.ebuild, - openssh-5.1_p1-r3.ebuild: - Drop unused ccc eclass inherit. - - 21 Jan 2009; Jeremy Olexa openssh-5.1_p1-r3.ebuild: - Disable PATH reset in configure script, bug 254615 - - 15 Jan 2009; Robin H. Johnson metadata.xml: - Re-add my tag for metadata.xml, because it's a full - description, not just a restrict based on USE flags. And spanky didn't - have a changelog entry either. - - 13 Jan 2009; Mike Frysinger - files/openssh-5.1_p1-better-ssp-check.patch: - Fixup ssp detection patch #254365 by Felix Riemann. - -*openssh-5.1_p1-r3 (09 Jan 2009) - - 09 Jan 2009; Diego E. Pettenò - +openssh-5.1_p1-r3.ebuild: - Let PAM print motd and last login data to close bug #244816. - - 17 Nov 2008; Mike Frysinger - +files/openssh-5.1_p1-better-ssp-check.patch, openssh-5.1_p1-r1.ebuild, - openssh-5.1_p1-r2.ebuild: - Fix ssp detection on uClibc hosts. - -*openssh-5.1_p1-r2 (03 Nov 2008) - - 03 Nov 2008; Mike Frysinger - +files/openssh-5.1_p1-escaped-banner.patch, - +files/openssh-5.1_p1-null-banner.patch, +openssh-5.1_p1-r2.ebuild: - Fix some issues with printing of banners #244222 by Michał Górny. - - 01 Nov 2008; Robin H. Johnson openssh-5.1_p1.ebuild, - openssh-5.1_p1-r1.ebuild: - Bug #244760, we need to pass --with-ldap, not try to execute it. - - 30 Oct 2008; Brent Baude openssh-5.1_p1-r1.ebuild: - Marking openssh-5.1_p1-r1 ppc for bug 231292 - - 30 Oct 2008; Raúl Porcel openssh-5.1_p1-r1.ebuild: - alpha/ia64/sparc stable #231292 - - 27 Oct 2008; Brent Baude openssh-5.1_p1-r1.ebuild: - Marking openssh-5.1_p1-r1 ppc64 for bug 231292 - - 26 Oct 2008; Jeroen Roovers openssh-5.1_p1-r1.ebuild: - Stable for HPPA (bug #231292). - - 26 Oct 2008; Markus Meier openssh-5.1_p1-r1.ebuild: - amd64/x86 stable, bug #231292 - - 29 Aug 2008; Mike Frysinger openssh-5.1_p1.ebuild, - openssh-5.1_p1-r1.ebuild: - Tweak --with-ldap catch #235594 by BedOS_Gui. - -*openssh-5.1_p1-r1 (23 Aug 2008) - - 23 Aug 2008; Robin H. Johnson - +files/openssh-5.1_p1-ldap-hpn-glue.patch, metadata.xml, - +openssh-5.1_p1-r1.ebuild: - Update the LDAP patches, also mailed to upstream. - - 23 Aug 2008; Robin H. Johnson - +files/openssh-5.1_p1-x509-hpn-glue.patch, openssh-5.1_p1.ebuild: - Forward-port the X509/hpn glue patch per bug #235086. - -*openssh-5.1_p1 (17 Aug 2008) - - 17 Aug 2008; Mike Frysinger +openssh-5.1_p1.ebuild: - Version bump #232891 by Krzysztof Oledzki. - -*openssh-5.0_p1-r2 (23 Jul 2008) - - 23 Jul 2008; Diego Pettenò - +openssh-5.0_p1-r2.ebuild: - Add new revision that use pambase now that it's fully keyworded. Closes - bug #225141 by Davide Pesavento. - - 17 May 2008; nixnut openssh-4.7_p1-r20.ebuild: - Added ~ppc wrt bug 210777 - - 11 May 2008; Ulrich Mueller openssh-4.4_p1-r6.ebuild, - openssh-4.5_p1-r2.ebuild, openssh-4.6_p1-r4.ebuild, - openssh-4.7_p1-r6.ebuild, openssh-4.7_p1-r20.ebuild, - openssh-5.0_p1-r1.ebuild: - Fix dependency: app-admin/skey moved to sys-auth/skey. - -*openssh-5.0_p1-r1 (10 Apr 2008) - - 10 Apr 2008; Mike Frysinger +openssh-5.0_p1-r1.ebuild: - Update HPN and gsskex patch #216932 by Kamil Kisiel. - - 06 Apr 2008; Mike Frysinger openssh-5.0_p1.ebuild: - Remove accidental pkcs11-helper inclusion from DEPEND. - -*openssh-5.0_p1 (05 Apr 2008) - - 05 Apr 2008; Mike Frysinger +openssh-5.0_p1.ebuild: - Version bump. - - 03 Apr 2008; Tobias Scherbaum - openssh-4.7_p1-r6.ebuild: - ppc stable, bug #215702 - - 02 Apr 2008; Mike Frysinger openssh-4.9_p1-r1.ebuild: - Drop unnecessary USE=chroot #215820 by Cybertinus. - - 02 Apr 2008; Jeroen Roovers openssh-4.7_p1-r6.ebuild: - Stable for HPPA (bug #215702). - - 02 Apr 2008; Markus Rothe openssh-4.7_p1-r6.ebuild: - Stable on ppc64; bug #215702 - -*openssh-4.9_p1-r1 (02 Apr 2008) - - 02 Apr 2008; Mike Frysinger - +files/openssh-4.9_p1-x509-hpn-glue.patch, -openssh-4.9_p1.ebuild, - +openssh-4.9_p1-r1.ebuild: - Add updated X509/hpn patches. - - 02 Apr 2008; Raúl Porcel openssh-4.7_p1-r6.ebuild: - alpha/ia64/sparc stable wrt security #215702 - - 02 Apr 2008; Richard Freeman openssh-4.7_p1-r6.ebuild: - amd64 stable - 215702 - - 01 Apr 2008; Christian Faulhammer - openssh-4.7_p1-r6.ebuild: - stable x86, security bug 215702 - -*openssh-4.7_p1-r6 (01 Apr 2008) - - 01 Apr 2008; Mike Frysinger - +files/openssh-4.7_p1-ForceCommand.patch, +openssh-4.7_p1-r6.ebuild: - Fix for ForceCommand bypass #215702. - -*openssh-4.9_p1 (01 Apr 2008) - - 01 Apr 2008; Mike Frysinger +openssh-4.9_p1.ebuild: - Version bump. - - 01 Apr 2008; Chris PeBenito - +files/openssh-4.7p1-selinux.diff, openssh-4.7_p1-r5.ebuild, - openssh-4.7_p1-r20.ebuild: - fix bug #191665, in selinux portion of configure script. - - 30 Mar 2008; Raúl Porcel openssh-4.7_p1-r5.ebuild: - alpha/ia64/sparc stable wrt security #214985 - - 29 Mar 2008; Richard Freeman openssh-4.7_p1-r5.ebuild: - amd64 stable - 214985 - - 29 Mar 2008; Christian Faulhammer - openssh-4.7_p1-r5.ebuild: - stable x86, security bug 214985 - - 29 Mar 2008; Jeroen Roovers openssh-4.7_p1-r5.ebuild: - Stable for HPPA (bug #214985). - - 29 Mar 2008; Brent Baude openssh-4.7_p1-r5.ebuild: - Marking openssh-4.7_p1-r5 ppc64 and ppc for bug 214985 - -*openssh-4.7_p1-r5 (29 Mar 2008) - - 29 Mar 2008; Mike Frysinger - +files/openssh-4.7_p1-CVE-2008-1483.patch, - +files/openssh-4.7_p1-lpk-64bit.patch, - +files/openssh-4.7_p1-packet-size.patch, +openssh-4.7_p1-r5.ebuild: - Fix CVE-2008-1483 #214985. Fix from upstream for scp/packet problems #212433 - by Steven Parkes. Fix from Piotr Stolc for some LPK configs under 64bit - systems #210110. Add gsskex patch (for now) #115553. - - 17 Mar 2008; Santiago M. Mola - openssh-4.7_p1-r20.ebuild: - ~amd64 added wrt bug #210777 - - 14 Mar 2008; Diego Pettenò - openssh-4.7_p1-r20.ebuild: - Disable printing of motd and lastlog when enabling PAM, on the - pambase-dependent ebuild, as system-login takes care of that. Closes bug - #213234. - - 06 Mar 2008; Raúl Porcel openssh-4.7_p1-r20.ebuild: - Add ~alpha/~ia64 wrt #210777 - - 05 Mar 2008; Ferris McCormick - openssh-4.7_p1-r20.ebuild: - Add back ~sparc, Bug #210777, verified as still working with USE=pam. - - 05 Mar 2008; Brent Baude openssh-4.7_p1-r20.ebuild: - keyworded ~arch for ppc64, bug 210777 - - 04 Mar 2008; openssh-4.7_p1-r20.ebuild: - Marked ~x86 (bug #210777). Thanks to Michał Wołonkiewicz for - testing. - - 03 Mar 2008; Jeroen Roovers openssh-4.7_p1-r20.ebuild: - Marked ~hppa (bug #210777). - - 23 Feb 2008; Robin H. Johnson - openssh-4.4_p1-r6.ebuild, openssh-4.5_p1-r2.ebuild, - openssh-4.6_p1-r3.ebuild, openssh-4.7_p1-r1.ebuild: - Drop mips to ~mips because app-admin/skey has dropped the stable mips keyword. - - 23 Feb 2008; Robin H. Johnson metadata.xml: - Add myself as the contact point for LPK issues. I am on base-system for - everything else. - - 20 Feb 2008; Diego Pettenò - openssh-4.7_p1-r20.ebuild: - Fix dependencies for pambase/pam. - -*openssh-4.7_p1-r20 (19 Feb 2008) - - 19 Feb 2008; Diego Pettenò - +files/sshd.pam_include.2, +openssh-4.7_p1-r20.ebuild: - Add a new revision with pambase's system-remote-login as base stack. Now - also prints motd when using PAM. - - 12 Feb 2008; Santiago M. Mola - openssh-4.7_p1-r3.ebuild: - amd64 stable wrt bug #193401 - - 10 Feb 2008; Mike Frysinger - +files/openssh-4.7_p1-x509-hpn-glue.patch, openssh-4.7_p1-r4.ebuild: - Fix building with USE='X509 hpn' #209479 by Jose daLuz. - - 10 Feb 2008; Tobias Scherbaum - openssh-4.7_p1-r3.ebuild: - ppc stable, bug #193401 - - 09 Feb 2008; Brent Baude openssh-4.7_p1-r3.ebuild: - stable ppc64, bug 193401 - -*openssh-4.7_p1-r4 (09 Feb 2008) - - 09 Feb 2008; Mike Frysinger +openssh-4.7_p1-r4.ebuild: - Update HPN patch. - - 28 Jan 2008; Jeroen Roovers openssh-4.7_p1-r3.ebuild: - Stable for HPPA too. - - 24 Jan 2008; Raúl Porcel openssh-4.7_p1-r3.ebuild: - alpha/ia64/sparc/x86 stable - -*openssh-4.7_p1-r3 (21 Nov 2007) - - 21 Nov 2007; Mike Frysinger +openssh-4.7_p1-r3.ebuild: - Update x509/hpn patches. - - 08 Oct 2007; Mike Frysinger openssh-4.7_p1-r1.ebuild, - openssh-4.7_p1-r2.ebuild: - Mirrors have had long enough to update; drop restriction. - -*openssh-4.7_p1-r2 (29 Sep 2007) - - 29 Sep 2007; Mike Frysinger - +files/openssh-4.7_p1-GSSAPI-dns.patch, +openssh-4.7_p1-r2.ebuild: - Enable ssl-engine support #194163 by Nikhil Sethi and add GSSAPI/DNS patch - #165444 by Alex Iribarren. - - 27 Sep 2007; Joshua Kinard openssh-4.7_p1-r1.ebuild: - Stable on mips, per #191321. - - 25 Sep 2007; Mike Frysinger openssh-4.7_p1-r1.ebuild: - Force u+x perms on /etc/skel/.ssh for a while to help with older broken - installs. - - 22 Sep 2007; Mike Frysinger openssh-4.7_p1-r1.ebuild: - Upstream changed openssh-4.7p1-hpn12v18.diff.gz slightly so rebuild manifest - and prevent hitting Gentoo mirrors for a little while #193401 by Timothy - Redaelli. - - 20 Sep 2007; Mike Frysinger files/sshd.rc6: - If restarting, check the config first #192825 by Hans-Werner Hilse. - - 08 Sep 2007; Markus Rothe openssh-4.7_p1-r1.ebuild: - Stable on ppc64; bug #191321 - -*openssh-4.7_p1-r1 (07 Sep 2007) - - 07 Sep 2007; Mike Frysinger +openssh-4.7_p1-r1.ebuild: - Add X509 and hpn patches. - - 07 Sep 2007; Tobias Scherbaum - openssh-4.7_p1.ebuild: - ppc stable, bug #191321 - - 07 Sep 2007; Jeroen Roovers openssh-4.7_p1.ebuild: - Stable for HPPA (bug #191321). - - 07 Sep 2007; Chris Gianelloni openssh-4.7_p1.ebuild: - Stable on amd64 wrt bug #191321. - - 06 Sep 2007; Jose Luis Rivero openssh-4.7_p1.ebuild: - Stable on sparc wrt security bug #191321 - - 06 Sep 2007; Raúl Porcel openssh-4.7_p1.ebuild: - alpha/ia64 stable wrt security #191321 - - 06 Sep 2007; Andrej Kacian openssh-4.7_p1.ebuild: - Stable on x86, security bug #191321. - -*openssh-4.7_p1 (05 Sep 2007) - - 05 Sep 2007; Mike Frysinger +openssh-4.7_p1.ebuild: - Version bump #191321 by Rajiv Aaron Manglani. - - 25 Aug 2007; Mike Frysinger openssh-4.6_p1-r4.ebuild: - Punt securid stuff as upstream is not fast enough to update. - -*openssh-4.6_p1-r4 (06 Aug 2007) - - 06 Aug 2007; Mike Frysinger - +files/openssh-4.6_p1-chan-read-failed.patch, +openssh-4.6_p1-r4.ebuild: - Fix from upstream for spurious chan_read_failed errors #181407. - -*openssh-4.6_p1-r3 (06 Aug 2007) - - 06 Aug 2007; Mike Frysinger +openssh-4.6_p1-r3.ebuild: - Add updated ldap patch #187594. - - 04 Aug 2007; openssh-4.0_p1-r2.ebuild, - openssh-4.1_p1-r1.ebuild, openssh-4.5_p1-r2.ebuild, - openssh-4.6_p1-r2.ebuild: - Stable on amd64. See security bug #183958. - - 02 Aug 2007; Raúl Porcel openssh-4.5_p1-r2.ebuild, - openssh-4.6_p1-r2.ebuild: - x86 stable, no idea why i didn't stabilize them - - 23 Jul 2007; Mike Frysinger openssh-4.2_p1-r1.ebuild, - openssh-4.3_p2-r5.ebuild, openssh-4.4_p1-r6.ebuild, openssh-4.5_p1.ebuild, - openssh-4.5_p1-r1.ebuild, openssh-4.5_p1-r2.ebuild: - Punt bindnow-flags usage. - - 22 Jul 2007; Donnie Berkholz ; - openssh-4.3_p2-r5.ebuild: - Drop virtual/x11 references. - - 21 Jul 2007; Joseph Jezak openssh-4.0_p1-r2.ebuild, - openssh-4.1_p1-r1.ebuild, openssh-4.5_p1-r2.ebuild, - openssh-4.6_p1-r2.ebuild: - Marked ppc/ppc64 stable for bug #183958. - - 10 Jul 2007; Gustavo Zacarias - openssh-4.0_p1-r2.ebuild, openssh-4.1_p1-r1.ebuild: - Stable on sparc wrt #183958 - - 07 Jul 2007; Raúl Porcel openssh-4.0_p1-r2.ebuild, - openssh-4.1_p1-r1.ebuild: - alpha/ia64/x86 stable wrt #183958 - - 07 Jul 2007; Joshua Kinard openssh-4.0_p1-r2.ebuild, - openssh-4.1_p1-r1.ebuild, openssh-4.5_p1-r2.ebuild, - openssh-4.6_p1-r2.ebuild: - Stable on mips, per #183958. - - 05 Jul 2007; Raúl Porcel openssh-4.5_p1-r2.ebuild, - openssh-4.6_p1-r2.ebuild: - alpha/ia64 stable wrt #183958 - - 04 Jul 2007; Jeroen Roovers openssh-4.6_p1-r2.ebuild: - Stable for HPPA (bug #183958). - - 04 Jul 2007; Gustavo Zacarias - openssh-4.5_p1-r2.ebuild, openssh-4.6_p1-r2.ebuild: - Stable on sparc wrt #183958 - - 04 Jul 2007; Jeroen Roovers openssh-4.5_p1-r2.ebuild: - Stable for HPPA (bug #183958). - - 04 Jul 2007; Jeroen Roovers openssh-4.1_p1-r1.ebuild: - Stable for HPPA (bug #183958). - - 04 Jul 2007; Jeroen Roovers openssh-4.0_p1-r2.ebuild: - Stable for HPPA (bug #183958). - -*openssh-4.6_p1-r2 (02 Jul 2007) - - 02 Jul 2007; Diego Pettenò - +files/sshd.pam_include.1, +openssh-4.6_p1-r2.ebuild: - Revision bump to fix the pam.d file. - - 24 Apr 2007; Alexander Færøy - openssh-4.5_p1-r1.ebuild: - Stable on MIPS. - - 18 Mar 2007; Robin H. Johnson - openssh-4.5_p1-r2.ebuild: - Bug #169665, use slightly modified LPK patch to avoid conflict on configure - with SecurID patch. - -*openssh-4.6_p1-r1 (13 Mar 2007) - - 13 Mar 2007; Mike Frysinger - +files/openssh-4.6_p1-ChallengeResponseAuthentication.patch, - +openssh-4.6_p1-r1.ebuild: - Grab fix from upstream for ChallengeResponseAuthentication (to fix USE=pam - defaults) #170670 and add new hpn support. - -*openssh-4.6_p1 (11 Mar 2007) - - 11 Mar 2007; Mike Frysinger - +files/openssh-4.6_p1-include-string-header.patch, +openssh-4.6_p1.ebuild: - Version bump #170385 by Wolfram Schlich. - -*openssh-4.5_p1-r2 (05 Mar 2007) - - 05 Mar 2007; Robin H. Johnson - +openssh-4.5_p1-r2.ebuild: - Bug #168681. Bump for new versions of HPN (compile fix for strict compilers) - and LPK (Addition of LpkFilter as an LDAP filter). - -*openssh-4.5_p1-r1 (23 Feb 2007) - - 23 Feb 2007; Roy Marples files/sshd.rc6, - +openssh-4.5_p1-r1.ebuild: - Bump for a non bash init script. - - 08 Jan 2007; Michael Cummings - openssh-4.5_p1.ebuild: - Stable on amd64 wrt security bug 154389 - - 08 Jan 2007; Bryan Østergaard openssh-4.5_p1.ebuild: - Stable on Alpha, bug 154389. - - 08 Jan 2007; Gustavo Zacarias openssh-4.5_p1.ebuild: - Stable on sparc wrt security #154389 - - 07 Jan 2007; Tobias Scherbaum - openssh-4.5_p1.ebuild: - Stable on ppc wrt bug #154389. - - 07 Jan 2007; Markus Rothe openssh-4.5_p1.ebuild: - Stable on ppc64; bug #154389 - - 06 Jan 2007; Jeroen Roovers openssh-4.5_p1.ebuild: - Stable for HPPA (bug #154389). - - 06 Jan 2007; Christian Faulhammer - openssh-4.5_p1.ebuild: - stable x86, security bug #154389 - - 07 Dec 2006; Diego Pettenò - openssh-4.3_p2-r1.ebuild, openssh-4.3_p2-r5.ebuild, - openssh-4.4_p1-r6.ebuild, openssh-4.5_p1.ebuild: - Require dev-libs/libedit for libedit support, as it's going to be removed - from freebsd-lib in favour of a merged dev-libs/libedit ebuild. - - 08 Nov 2006; Ilya A. Volynets-Evenbakh - openssh-4.4_p1-r6.ebuild: - Stable on mips (#149502) - -*openssh-4.5_p1 (07 Nov 2006) - - 07 Nov 2006; Mike Frysinger +openssh-4.5_p1.ebuild: - Version bump #154389. - - 05 Nov 2006; Brent Baude openssh-4.4_p1-r6.ebuild: - Marking openssh-4.4_p1-r6 ppc64 stable for 149502 - - 03 Nov 2006; Fernando J. Pereda - openssh-4.4_p1-r6.ebuild: - Stable on alpha as per bug #149502 - -*openssh-4.4_p1-r6 (03 Nov 2006) - - 03 Nov 2006; Mike Frysinger - +files/openssh-4.4_p1-ldap-hpn-glue.patch, +openssh-4.4_p1-r6.ebuild: - Grab updated HPN patch to fix -C issues #153854. - - 01 Nov 2006; Tobias Scherbaum - openssh-4.4_p1-r5.ebuild: - ppc stable, bug #149502 - - 01 Nov 2006; Gustavo Zacarias - openssh-4.4_p1-r5.ebuild: - Stable on sparc wrt security #149502 - - 01 Nov 2006; Mike Frysinger - +files/openssh-4.4_p1-x509-hpn-glue.patch, openssh-4.4_p1-r5.ebuild: - Tweak X509 a little so HPN can apply at the sametime #151527 by Bob Reveley. - - 31 Oct 2006; Danny van Dyk - openssh-4.4_p1-r5.ebuild: - Marked stable on amd64. - - 31 Oct 2006; Andrej Kacian openssh-4.4_p1-r5.ebuild: - Stable on x86, security bug #152594. - - 31 Oct 2006; Jeroen Roovers openssh-4.4_p1-r5.ebuild: - Stable for HPPA (bug #149502). - -*openssh-4.4_p1-r5 (25 Oct 2006) - - 25 Oct 2006; Mike Frysinger +openssh-4.4_p1-r5.ebuild: - Add updated securid support. - - 17 Oct 2006; Roy Marples openssh-4.4_p1-r4.ebuild: - Added ~sparc-fbsd keyword. - - 14 Oct 2006; Roy Marples files/sshd.rc6: - Init script now interacts fully with start-stop-daemon. - -*openssh-4.4_p1-r4 (13 Oct 2006) - - 13 Oct 2006; Mike Frysinger +openssh-4.4_p1-r4.ebuild: - Add updated hpn support. - -*openssh-4.4_p1-r3 (04 Oct 2006) - - 04 Oct 2006; Chris PeBenito - +files/openssh-4.4p1-selinux-ac.diff, +openssh-4.4_p1-r3.ebuild: - Fix configure to properly detect SELinux functions. - -*openssh-4.4_p1-r2 (02 Oct 2006) - - 02 Oct 2006; Mike Frysinger +openssh-4.4_p1-r2.ebuild: - Add support for new X509. - - 02 Oct 2006; Andrea Barisani - files/digest-openssh-4.4_p1-r1, Manifest: - Fixing digest wrt bug #149571 - - 30 Sep 2006; Diego Pettenò - openssh-4.4_p1-r1.ebuild: - Make sure pam is the latest eclass called. - - 29 Sep 2006; Markus Rothe openssh-4.3_p2-r5.ebuild: - Stable on ppc64 - -*openssh-4.4_p1-r1 (29 Sep 2006) - - 29 Sep 2006; Andrea Barisani +openssh-4.4_p1-r1.ebuild: - Revision bump for new ldap patch. - -*openssh-4.4_p1 (28 Sep 2006) - - 28 Sep 2006; Mike Frysinger +openssh-4.4_p1.ebuild: - Version bump. - - 27 Sep 2006; Fernando J. Pereda - openssh-4.3_p2-r5.ebuild: - Stable on alpha wrt bug #148228 - - 26 Sep 2006; Gustavo Zacarias - openssh-4.3_p2-r5.ebuild: - Stable on hppa wrt security #148228 - - 26 Sep 2006; Simon Stelling openssh-4.3_p2-r5.ebuild: - stable on amd64; bug 148228 - - 26 Sep 2006; Tobias Scherbaum - openssh-4.3_p2-r5.ebuild: - ppc stable, bug #148228 - - 25 Sep 2006; Jason Wever openssh-4.3_p2-r5.ebuild: - Stable on SPARC wrt security bug #148228. - - 25 Sep 2006; Paul Varner openssh-4.3_p2-r5.ebuild: - Stable on x86. Bug #148228 - -*openssh-4.3_p2-r5 (25 Sep 2006) - - 25 Sep 2006; Tavis Ormandy +openssh-4.3_p2-r5.ebuild, - +files/openssh-4.3_p2-identical-simple-dos-2.patch: - Tweak DOS patch #148228. - - 23 Sep 2006; Mike Frysinger - +files/openssh-4.3_p2-opensc-libs.patch, openssh-4.3_p2-r4.ebuild: - Fix building with --as-needed #148538 by Mart Raudsepp. - - 23 Sep 2006; Mike Frysinger - +files/openssh-4.3_p2-ldap-updates.patch, openssh-4.3_p2-r4.ebuild: - Fixup ldap configure code #148723 by sfp-a7x. - -*openssh-4.3_p2-r4 (22 Sep 2006) - - 22 Sep 2006; Mike Frysinger - +files/openssh-4.3_p2-securid-updates.patch, +openssh-4.3_p2-r4.ebuild: - Force rebuilding of all autotools instead of just cheating with autoconf - #148639 by Alex K. - - 22 Sep 2006; Tobias Scherbaum - openssh-4.3_p2-r3.ebuild: - hppa stable, bug #148228 - - 21 Sep 2006; Tobias Scherbaum - openssh-4.3_p2-r3.ebuild: - ppc stable, bug #148228 - - 21 Sep 2006; Mike Doty openssh-4.3_p2-r3.ebuild: - amd64 stable, bug 148228 - - 21 Sep 2006; Gustavo Zacarias - openssh-4.3_p2-r3.ebuild: - Stable on sparc wrt #148228 - - 21 Sep 2006; openssh-4.3_p2-r3.ebuild: - Stable on x86, security bug #148228. - - 21 Sep 2006; Markus Rothe openssh-4.3_p2-r3.ebuild: - Stable on ppc64; bug #148228 - -*openssh-4.3_p2-r3 (20 Sep 2006) - - 20 Sep 2006; Mike Frysinger - +files/openssh-4.3_p1-chroot.patch, - +files/openssh-4.3_p2-identical-simple-dos.patch, files/sshd.confd, - files/sshd.rc6, +openssh-4.3_p2-r3.ebuild: - Fixes from upstream for minor DOS #148228. - - 08 Sep 2006; Mike Frysinger openssh-4.3_p2-r2.ebuild: - Remove ugly flag mangling and fix building with USE=static #146654 by - Alexander Skwar. - - 05 Jul 2006; Andrea Barisani metadata.xml: - Making my metadata entry a bit more clear. - - 04 Jul 2006; Mike Frysinger openssh-4.3_p2-r2.ebuild: - Add x11-apps/xauth to RDEPEND for USE=X #139235 by Ian Stakenvicius. - - 02 Jul 2006; Robin H. Johnson - files/digest-openssh-3.9_p1-r3, files/digest-openssh-4.0_p1-r2, - files/digest-openssh-4.1_p1-r1, files/digest-openssh-4.2_p1-r1, - files/digest-openssh-4.3_p1, files/digest-openssh-4.3_p2-r1, - files/digest-openssh-4.3_p2-r2, Manifest: - Fix digest weirdness. - - 30 Jun 2006; Robin H. Johnson - files/digest-openssh-4.3_p1, files/digest-openssh-4.3_p2-r1, - files/digest-openssh-4.3_p2-r2, Manifest: - Upstream changed the openssh-lpk-4.3p1-0.3.7.patch file, and didn't alter - the filename! Re-digest as needed. - - 27 Jun 2006; Mike Frysinger - +files/openssh-4.3_p2-configure.patch, openssh-4.3_p1.ebuild, - openssh-4.3_p2-r1.ebuild, openssh-4.3_p2-r2.ebuild: - Fix broken configure script #137921 by Adam Potter. - - 24 Jun 2006; Diego Pettenò - openssh-4.3_p2-r1.ebuild: - Remove x86-fbsd keyword from an older rev, just to be safe. - - 24 Jun 2006; Diego Pettenò - openssh-4.3_p2-r2.ebuild: - Put shadow under conditional userland_GNU, unbreak non-GNU userlands. - - 24 Jun 2006; Joshua Kinard openssh-4.3_p2-r2.ebuild: - Eh, shadow belongs in RDEPEND instead, duh. - - 24 Jun 2006; Joshua Kinard openssh-4.3_p2-r2.ebuild: - Added shadow as a DEPEND so that groupadd is available. - -*openssh-4.3_p2-r2 (08 Jun 2006) - - 08 Jun 2006; Mike Frysinger - +files/openssh-4.3_p2-securid-hpn-glue.patch, - +files/openssh-4.3_p2-x509-hpn-glue.patch, openssh-4.2_p1-r1.ebuild, - +openssh-4.3_p2-r2.ebuild: - Update hpn and x509 patches #135691 by Scott Jones. - - 07 Jun 2006; Joshua Kinard openssh-4.3_p2-r1.ebuild: - Add sys-apps/shadow to RDEPEND/DEPEND so group/useradd is available. Fixes - Bug #135966. - - 29 Apr 2006; Joshua Kinard openssh-4.3_p2-r1.ebuild: - Marked stable on mips. - - 19 Apr 2006; Andrea Barisani openssh-4.3_p1.ebuild, - openssh-4.3_p2-r1.ebuild: - Ok that last commit was stupid, going back and waiting for updated mirrors. - - 19 Apr 2006; openssh-4.3_p1.ebuild, - openssh-4.3_p2-r1.ebuild: - Moving ldap patch to dev.gentoo.org waiting for mirror to get the updated version - and fixing digest issues. bug #130354 - - 17 Apr 2006; Markus Rothe openssh-4.3_p2-r1.ebuild: - Stable on ppc64; bug #130027 - - 17 Apr 2006; Chris Gianelloni - openssh-4.3_p2-r1.ebuild: - Stable on x86 wrt bug #130027. - - 16 Apr 2006; Bryan Østergaard openssh-4.3_p2-r1.ebuild: - Stable on SPARC wrt bug #130027. - - 15 Apr 2006; openssh-4.3_p2-r1.ebuild: - Stable on ppc. Bug #130027 - - 15 Apr 2006; Marcus D. Hanwell - openssh-4.3_p2-r1.ebuild: - Marked stable on amd64, bug 130027. - - 04 Apr 2006; Diego Pettenò - openssh-4.3_p2-r1.ebuild: - Allow using freebsd-lib's libedit with libedit useflag. - - 30 Mar 2006; Diego Pettenò - openssh-4.3_p2-r1.ebuild: - Add ~x86-fbsd keyword. - - 05 Mar 2006; Mike Frysinger - +files/openssh-4.3_p2-selinux.patch.glue, openssh-4.3_p2-r1.ebuild: - Glue selinux and X509 support #125108 by Alon Bar-Lev. - - 05 Mar 2006; Andrea Barisani openssh-4.3_p1.ebuild, - openssh-4.3_p2.ebuild, openssh-4.3_p2-r1.ebuild: - Restored ldap support in 4.3 versions. - -*openssh-4.3_p2-r1 (05 Mar 2006) - - 05 Mar 2006; Chris PeBenito - +files/openssh-4.3_p2-selinux.patch, +openssh-4.3_p2-r1.ebuild: - Bump to update SELinux patch. - -*openssh-4.3_p2 (04 Mar 2006) - - 04 Mar 2006; Mike Frysinger - +files/openssh-4.3_p1-krb5-typos.patch, +openssh-4.3_p2.ebuild: - Version bump and add patch from upstream #124494 by RiverRat. - - 28 Feb 2006; Mike Frysinger files/sshd.rc6: - Add restart function by Michal Fojtik to init.d script #124271. - - 19 Feb 2006; Joshua Kinard openssh-4.2_p1-r1.ebuild: - Marked stable on mips. - -*openssh-4.3_p1 (08 Feb 2006) - - 08 Feb 2006; Mike Frysinger +openssh-4.3_p1.ebuild: - Version bump #121191 by Wolfram Schlich. - - 04 Feb 2006; Mike Frysinger +files/sshd.confd, - files/sshd.rc6, openssh-3.9_p1-r3.ebuild, openssh-4.0_p1-r2.ebuild, - openssh-4.1_p1-r1.ebuild, openssh-4.2_p1.ebuild, openssh-4.2_p1-r1.ebuild: - Pass sshd_config to sshd when starting to better help running multiple - instances of ssh #121530 by ph. - - 03 Feb 2006; Tobias Scherbaum - openssh-4.2_p1-r1.ebuild: - ppc stable, bug #119232 - - 03 Feb 2006; Markus Rothe openssh-4.2_p1-r1.ebuild: - Stable on ppc64: bug #119232 - - 03 Feb 2006; Jose Luis Rivero - openssh-4.2_p1-r1.ebuild: - Stable on alpha wrt sec bug #119232 - - 02 Feb 2006; Rene Nussbaumer - openssh-4.2_p1-r1.ebuild: - Stable on hppa. See bug #119232. - - 02 Feb 2006; Mark Loeser openssh-4.2_p1-r1.ebuild: - Stable on x86; bug #119232 - - 02 Feb 2006; Gustavo Zacarias - openssh-4.2_p1-r1.ebuild: - Stable on sparc wrt security #119232 - - 02 Feb 2006; Simon Stelling openssh-4.2_p1-r1.ebuild: - stable on amd64 wrt bug 119232 - -*openssh-4.2_p1-r1 (01 Feb 2006) - - 01 Feb 2006; Mike Frysinger - +files/openssh-4.2_p1-CVE-2006-0225.patch, +openssh-4.2_p1-r1.ebuild: - Version bump for security #119232. - - 29 Jan 2006; Mike Frysinger - +files/openssh-4.2_p1-cross-compile.patch, openssh-4.0_p1-r2.ebuild, - openssh-4.1_p1-r1.ebuild, openssh-4.2_p1.ebuild: - Fix cross-compiling #120567 by Raphael Burnes. - - 25 Dec 2005; Diego Pettenò openssh-4.2_p1.ebuild: - Use bindnow-flags function instead of -Wl,-z,now. - - 10 Dec 2005; Mike Frysinger files/sshd.rc6: - Update init.d script to allow for multiple instances by Marius Mauch #114996. - - 22 Oct 2005; MATSUU Takuto openssh-4.2_p1.ebuild: - Stable on sh for #109678. - - 22 Oct 2005; Mike Frysinger - +files/openssh-4.2_p1-selinux.patch, openssh-4.2_p1.ebuild: - Fix selinux support #110039 and add back in securid/hpn patches. - - 21 Oct 2005; Bryan Østergaard openssh-4.2_p1.ebuild: - Stable on alpha + ia64, bug 109678. - - 21 Oct 2005; Jason Wever openssh-4.2_p1.ebuild: - Stable on SPARC wrt security bug #109678. - - 21 Oct 2005; Seemant Kulleen openssh-4.2_p1.ebuild: - stable amd64 for bug #109678 - - 21 Oct 2005; Aaron Walker openssh-4.2_p1.ebuild: - Stable on mips for bug #109678. - - 20 Oct 2005; Michael Hanselmann openssh-4.2_p1.ebuild: - Stable on hppa, ppc. - - 20 Oct 2005; openssh-4.2_p1.ebuild: - Marking stable on x86 - - 20 Oct 2005; Brent Baude openssh-4.2_p1.ebuild: - Marking openssh-4.2_p1 ppc64 for bug 109678 - - 19 Oct 2005; Mike Frysinger - openssh-3.8.1_p1-r1.ebuild, openssh-3.9_p1-r3.ebuild, - openssh-4.0_p1-r2.ebuild, openssh-4.1_p1-r1.ebuild, openssh-4.2_p1.ebuild: - Move default xauth location to /usr/bin/xauth. - -*openssh-4.2_p1 (06 Sep 2005) - - 06 Sep 2005; Mike Frysinger - +files/openssh-4.2_p1-kerberos-detection.patch, - +files/openssh-4.2_p1-sftplogging-1.4-gentoo.patch.bz2, - +openssh-4.2_p1.ebuild: - Version bump #104948 by Saurabh Singhvi. - - 05 Sep 2005; Mike Frysinger - +files/openssh-3.9_p1-fix_suid.patch, - -files/openssh-3.9_p1-fix_suid.patch.bz2, - +files/openssh-3.9_p1-fix_suid-x509.patch, openssh-3.8.1_p1-r1.ebuild, - openssh-3.9_p1-r3.ebuild, openssh-4.0_p1-r2.ebuild, - openssh-4.1_p1-r1.ebuild: - Update the x509 patches. - - 05 Sep 2005; Mike Frysinger openssh-4.1_p1-r1.ebuild: - Re-enable smartcard support. - - 20 Aug 2005; Mike Frysinger files/sshd.rc6: - Before starting sshd, sanity check the config file #101893 by Eric Brown. - -*openssh-4.1_p1-r1 (15 Jul 2005) -*openssh-4.0_p1-r2 (15 Jul 2005) -*openssh-3.9_p1-r3 (15 Jul 2005) - - 15 Jul 2005; Andrea Barisani metadata.xml, - +openssh-3.9_p1-r3.ebuild, +openssh-4.0_p1-r2.ebuild, - +openssh-4.1_p1-r1.ebuild: - Updating openssh-lpk ldap patches to version 0.3.6. - - 26 Jun 2005; Mike Frysinger openssh-3.9_p1-r2.ebuild, - openssh-4.0_p1-r1.ebuild, openssh-4.1_p1.ebuild: - Add support for the High Performance patch #96717 by Frank Benkstein. - - 29 May 2005; Mike Frysinger openssh-4.0_p1-r1.ebuild, - openssh-4.1_p1.ebuild: - Add USE=libedit support #94410 by Joe Wells. - -*openssh-4.1_p1 (29 May 2005) - - 29 May 2005; Mike Frysinger +openssh-4.1_p1.ebuild: - Version bump #94261 by Tobias Sager. - - 28 May 2005; Mike Frysinger - +files/openssh-4.0_p1-smartcard-ldap-happy.patch, - openssh-3.8.1_p1-r1.ebuild, openssh-3.9_p1-r2.ebuild, - openssh-4.0_p1-r1.ebuild: - Add support for LDAP and make it mutually exclusive from x509 since they - conflict #58579. - - 22 May 2005; Mike Frysinger openssh-4.0_p1-r1.ebuild: - Add support for RSA SecurID tokens #92233 by Antti Mäkelä. - - 20 May 2005; Diego Pettenò - openssh-3.9_p1-r2.ebuild, openssh-4.0_p1.ebuild, openssh-4.0_p1-r1.ebuild: - Inherit pam eclass for newpamd. - -*openssh-4.0_p1-r1 (29 Apr 2005) - - 29 Apr 2005; Diego Pettenò - +files/sshd.pam_include, +openssh-4.0_p1-r1.ebuild: - Added a new revision depending on virtual/pam (>=pam-0.78) and uses the - include syntax instead of pam_stack.so. - -*openssh-3.9_p1-r2 (17 Mar 2005) - - 17 Mar 2005; Mike Frysinger - files/openssh-3.9_p1-sftplogging-1.2-gentoo.patch.bz2, - +openssh-3.9_p1-r2.ebuild: - Fix bad sftplogging code #82372 by Andrej Kacian. - -*openssh-4.0_p1 (15 Mar 2005) - - 15 Mar 2005; Mike Frysinger - +files/openssh-4.0_p1-sftplogging-1.2-gentoo.patch.bz2, - +openssh-4.0_p1.ebuild: - Version bump #84717 by Michail A.Baikov. - - 13 Mar 2005; Mike Frysinger - +files/openssh-3.9_p1-kerberos-detection.patch, openssh-3.9_p1-r1.ebuild: - Add patch to fix kerberos detection #80811 by Aron Griffis. - - 13 Mar 2005; Mike Frysinger - +files/openssh-3.9_p1-configure-openct.patch, openssh-3.9_p1-r1.ebuild: - Fix USE=-opensc logic with patch by Stian Skjelstad #78730. - - 19 Feb 2005; Mike Frysinger - files/openssh-3.9_p1-largekey.patch.bz2: - Make sure that the largekey properly passes the size of the buffer along - #82463 by David Cuthbert. - - 22 Jan 2005; Daniel Ahlberg - +files/openssh-3.9_p1-pamfix.patch.bz2, openssh-3.9_p1-r1.ebuild: - Added pamfix patch from upstream, closing #65343. - - 07 Jan 2005; Daniel Ahlberg - +files/openssh-3.9_p1-terminal_restore.patch.bz2, - openssh-3.9_p1-r1.ebuild: - Fix terminal restoration after breaking out from sftp and scp, closing #63544. - - 30 Dec 2004; Bryan Østergaard - openssh-3.9_p1-r1.ebuild: - Stable on alpha, bug 59361. - - 29 Dec 2004; Hardave Riar openssh-3.9_p1-r1.ebuild: - Stable on mips, bug #59361. - - 29 Dec 2004; Ciaran McCreesh : - Change encoding to UTF-8 for GLEP 31 compliance - - 29 Dec 2004; Gustavo Zacarias - openssh-3.9_p1-r1.ebuild: - Stable on sparc wrt #59361 - - 29 Dec 2004; Markus Rothe openssh-3.9_p1-r1.ebuild: - Stable for security; bug #59361 - - 29 Dec 2004; openssh-3.9_p1-r1.ebuild: - stable on ppc glsa: 59361 - -*openssh-3.9_p1-r1 (28 Dec 2004) - - 28 Dec 2004; Mike Frysinger - files/openssh-3.9_p1-chroot.patch, +openssh-3.9_p1-r1.ebuild, - +files/openssh-3.9_p1-infoleak.patch: - Add infoleak fix #59361 and allow the chroot patch to support PAM auth #72987. - - 16 Nov 2004; Mike Frysinger openssh-3.9_p1.ebuild: - If USE=pam, then disable PasswordAuthentication since PAM overrides it #71233. - - 14 Sep 2004; Daniel Ahlberg openssh-3.9_p1.ebuild, - files/openssh-3.9_p1-fix_suid.patch.bz2: - Fixed suid binary. - - 14 Sep 2004; Daniel Ahlberg openssh-3.7.1_p2-r1.ebuild, - openssh-3.7.1_p2-r2.ebuild, openssh-3.8.1_p1-r1.ebuild, - openssh-3.8.1_p1-r2.ebuild, openssh-3.8.1_p1.ebuild, openssh-3.8_p1.ebuild, - openssh-3.9_p1.ebuild, files/openssh-3.5_p1-gentoo-sshd-gcc3.patch, - files/openssh-3.5_p1-gentoo-sshd-gcc3.patch.bz2, - files/openssh-3.7.1_p1-selinux.diff, - files/openssh-3.7.1_p1-selinux.diff.bz2, - files/openssh-3.7.1_p2-chroot.patch, - files/openssh-3.7.1_p2-chroot.patch.bz2, - files/openssh-3.7.1_p2-kerberos.patch, - files/openssh-3.7.1_p2-kerberos.patch.bz2, - files/openssh-3.7.1_p2-skey.patch, files/openssh-3.7.1_p2-skey.patch.bz2, - files/openssh-3.8.1_p1-chroot.patch, - files/openssh-3.8.1_p1-chroot.patch.bz2, - files/openssh-3.8.1_p1-kerberos.patch, - files/openssh-3.8.1_p1-kerberos.patch.bz2, - files/openssh-3.8.1_p1-largekey.patch, - files/openssh-3.8.1_p1-largekey.patch.bz2, - files/openssh-3.8.1_p1-opensc.patch, - files/openssh-3.8.1_p1-opensc.patch.bz2, - files/openssh-3.8.1_p1-resolv_functions.patch, - files/openssh-3.8.1_p1-resolv_functions.patch.bz2, - files/openssh-3.8.1_p1-skey.patch, - files/openssh-3.8_p1-resolv_functions.patch.bz2, - files/openssh-3.8_p1-skey.patch, files/openssh-3.8_p1-skey.patch.bz2, - files/openssh-3.9_p1-chroot.patch, files/openssh-3.9_p1-chroot.patch.bz2, - files/openssh-3.9_p1-largekey.patch, - files/openssh-3.9_p1-largekey.patch.bz2, files/openssh-3.9_p1-opensc.patch, - files/openssh-3.9_p1-opensc.patch.bz2, files/openssh-3.9_p1-selinux.diff, - files/openssh-3.9_p1-selinux.diff.bz2, - files/openssh-3.9_p1-sftplogging-1.2-gentoo.patch, - files/openssh-3.9_p1-sftplogging-1.2-gentoo.patch.bz2, - files/openssh-3.9_p1-skey.patch, files/openssh-3.9_p1-skey.patch.bz2, - files/openssh-skeychallenge-args.diff, - files/openssh-skeychallenge-args.diff.bz2: - Compressed patches. - - 20 Aug 2004; Gustavo Zacarias - openssh-3.8.1_p1-r1.ebuild: - Stable on sparc - - 20 Aug 2004; Daniel Ahlberg openssh-3.9_p1.ebuild, - files/openssh-3.9_p1-sftplogging-1.2-gentoo.patch: - Enable X509 now that a updated patch is available, closing #60905. - Fix skey support by running autoconf, closing #60849. - Disable pam if static is in USE, closing #60864. - - 19 Aug 2004; Chris PeBenito - +files/openssh-3.9_p1-selinux.diff, openssh-3.9_p1.ebuild: - Update SELinux patch - - 18 Aug 2004; Daniel Ahlberg openssh-3.8.1_p1-r2.ebuild: - Fixed sftplogging patch, closing #60417 again. - -*openssh-3.9_p1 (18 Aug 2004) - - 18 Aug 2004; Daniel Ahlberg openssh-3.8.1_p1-r2.ebuild, - openssh-3.9_p1.ebuild: - Version bump, closing #60758. - - 16 Aug 2004; Daniel Ahlberg - files/openssh-3.8.1_p1-largekey.patch: - Fixed largekey patch. Closing #60417. - -*openssh-3.8.1_p1-r2 (15 Aug 2004) - - 15 Aug 2004; Daniel Ahlberg openssh-3.8.1_p1-r2.ebuild: - + Added sftp-logging patch, closing #52168. - + Added patch for large keys, closing #55013. - - 08 Jul 2004; Bryan Østergaard - openssh-3.8.1_p1-r1.ebuild: - Stable on alpha. - - 07 Jul 2004; Travis Tilley openssh-3.8.1_p1-r1.ebuild: - stable on amd64 - - 03 Jul 2004; Joshua Kinard openssh-3.8.1_p1-r1.ebuild: - Marked stable on mips. - - 01 Jul 2004; Jon Hood openssh-3.7.1_p2-r1.ebuild, - openssh-3.7.1_p2-r2.ebuild, openssh-3.8.1_p1-r1.ebuild, - openssh-3.8.1_p1.ebuild, openssh-3.8_p1.ebuild: - change virtual/glibc to virtual/libc - - 28 Jun 2004; Brandon Hale openssh-3.8.1_p1-r1.ebuild: - Stable on x86. - - 15 Jun 2004; openssh-3.8.1_p1-r1.ebuild: - pam & uclibc updates - - 07 Jun 2004; Bryan Østergaard openssh-3.8.1_p1.ebuild: - Stable on alpha. - - 05 Jun 2004; Hanselmann Michael - openssh-3.8.1_p1.ebuild: - Replaced ~ppc with ppc in KEYWORDS. - -*openssh-3.8.1_p1-r1 (30 May 2004) - - 30 May 2004; Mike Frysinger - +files/openssh-3.8.1_p1-opensc.patch, +openssh-3.8.1_p1-r1.ebuild: - Add optional support for smartcard stuff #43593 by Andreas Jellinghaus. - - 01 May 2004; Ciaran McCreesh openssh-3.8_p1.ebuild: - Stable on sparc, mips - - 28 Apr 2004; Daniel Ahlberg openssh-3.8.1_p1.ebuild: - Readded X509 patch now that it has been updated upstream. - - 27 Apr 2004; Michael McCabe openssh-3.8.1_p1.ebuild: - Stable on s390 - - 22 Apr 2004; Guy Martin openssh-3.8_p1.ebuild: - Marked stable on hppa. - - 22 Apr 2004; Daniel Ahlberg openssh-3.7.1_p2-r2.ebuild, - openssh-3.8.1_p1.ebuild, openssh-3.8_p1.ebuild: - Fixed IUSE flags. - - 21 Apr 2004; Daniel Ahlberg openssh-3.8_p1.ebuild: - Stable on x86 and amd64. - -*openssh-3.8.1_p1 (21 Apr 2004) - - 21 Apr 2004; Daniel Ahlberg openssh-3.8.1_p1.ebuild: - Version bump. Found by Daniel Webert in #48465. - - 13 Apr 2004; Daniel Ahlberg openssh-3.7.1_p2-r2.ebuild, - openssh-3.8_p1.ebuild: - Updated SRC_URI. - - 23 Mar 2004; Daniel Ahlberg openssh-3.7.1_p2-r1.ebuild, - openssh-3.7.1_p2-r2.ebuild, openssh-3.8_p1.ebuild: - Change download URI for X509 patches temporarily. - - 18 Mar 2004; Daniel Ahlberg files/sshd.rc6, openssh-3.8_p1.ebuild: - Add mkdir -p /var/empty to initscript. Closing #42936. - - 09 Mar 2004; openssh-3.7.1_p2-r2.ebuild: - stable on alpha and ia64 - - 09 Mar 2004; Daniel Ahlberg openssh-3.8_p1.ebuild: - + Add X509 patch back in, bumped to g4. - + Fix static compile by Sascha Silbe in #44077. - - 07 Mar 2004; Joshua Kinard openssh-3.7.1_p2-r2.ebuild: - Marked stable on mips. - - 02 Mar 2004; Brian Jackson openssh-3.8_p1.ebuild: - adding initial s390 support - - 27 Feb 2004; Sven Blumenstein openssh-3.7.1_p2-r2.ebuild: - Stable on sparc. Remember to mkdir /var/empty if it doesnt exist before you - restart sshd... - - 25 Feb 2004; Guy Martin openssh-3.7.1_p2-r2.ebuild: - Marked stable on hppa. - - 25 Feb 2004; Daniel Ahlberg openssh-3.7.1_p2-r2.ebuild: - Backport skey configure.ac patch. - - 24 Feb 2004; Daniel Ahlberg openssh-3.7.1_p2-r2.ebuild: - Unmask for x86 and amd64. - -*openssh-3.8_p1 (24 Feb 2004) - - 24 Feb 2004; Daniel Ahlberg openssh-3.8_p1.ebuild: - Version bump. - - 21 Feb 2004; Daniel Ahlberg openssh-3.7.1_p2-r2.ebuild: - Fix openssh to work with multipe kerbers5 libs. Closing #30310. - - 20 Feb 2004; Daniel Ahlberg openssh-3.7.1_p2-r2.ebuild: - Filter flag if using ldap. Closing #41727. - - 12 Feb 2004; Mike Frysinger : - Set Protocol to only allow ssh2 by default #41215 and enable pam if in USE. - - 10 Jan 2004; Brad House openssh-3.7.1_p2-r2.ebuild: - install doesn't seem to be creating /var/empty - - 08 Jan 2004; openssh-3.5_p1-r1.ebuild, - openssh-3.6.1_p2.ebuild, openssh-3.7.1_p2-r1.ebuild, - openssh-3.7.1_p2-r2.ebuild: - ppc64/mips nightmare.. had to remove tcpd and skey support for various arches - due to other things not being marked stable on those arches - -*openssh-3.7.1_p2-r2 (08 Jan 2004) - - 08 Jan 2004; openssh-3.7.1_p2-r2.ebuild: - added feature request for chrooting via sshd bug #26615 - - 04 Jan 2004; Daniel Ahlberg openssh-3.7.1_p2-r1.ebuild: - Changeing sshd user shell. Closing #35063. - - 03 Jan 2003; Daniel Ahlberg openssh-3.7.1_p2-r1.ebuild: - Change adding sshd user and group to user enewuser and enewgroup. Should - fix #35369. - -*openssh-3.7.1_p2-r1 (05 Nov 2003) - - 17 Nov 2003; Joshua Kinard openssh-3.7.1_p2-r1.ebuild: - Added a gnuconfig_update call for mips systems - - 05 Nov 2003; Tavis Ormandy openssh-3.7.1_p2-r1.ebuild, - files/openssh-skeychallenge-args.diff: - patch needed for compatability with new skey. - - 28 Oct 2003; Chris PeBenito openssh-3.5_p1-r1.ebuild, - openssh-3.6.1_p2.ebuild, openssh-3.7.1_p2.ebuild, - files/openssh-3.7.1_p1-selinux.diff: - Switch SELinux patch from old API to new API. - - 30 Sep 2003; Daniel Ahlberg openssh-3.7.1_p2.ebuild : - Add X509 patch back in, closes #29664. - - 23 Sep 2003; openssh-3.7.1_p2.ebuild: - according to the ChangeLog for openssh =zlib-1.1.4 is a must now. Note: - openssh needs a X509 patch made upstream for p2 - -*openssh-3.7.1_p2 (23 Sep 2003) - - 23 Sep 2003; openssh-3.7.1_p2.ebuild: - security update. http://www.openssh.com/txt/sshpam.adv - - 19 Sep 2003; Chris PeBenito - openssh-3.7.1_p1-r1.ebuild, openssh-3.7.1_p1.ebuild: - Fix SELinux patch for 3.7.1_p1 - - 19 Sep 2003; Daniel Ahlberg openssh-3.7.1_p1-r1.ebuild : - Disabled selinux patch until a new can be made. - Fixed some of the patches to allow the X509 patch to apply. Closing #29105. - -*openssh-3.7.1_p1-r1 (18 Sep 2003) - - 18 Sep 2003; Daniel Ahlberg openssh-3.7.1_p1-r1.ebuild : - Removed krb4 and afs support since they are removed according to the Announcment. - Ebuild cleanups. - Added a bunch of patches from CVS. Among them a fix for CAN-2003-0682. - - 18 Sep 2003; Daniel Ahlberg openssh-3.7.1_p1.ebuild : - Readd X509 patch. Closing #28992. - -*openssh-3.7.1_p1 (16 Sep 2003) - - 16 Sep 2003; Rajiv Aaron Manglani openssh-3.7.1_p1.ebuild: - added warning about restarting sshd. - - 16 Sep 2003; Mike Frysinger : - Another version bump ! :D #28927. This fixes 'more malloc bugs'. - -*openssh-3.7_p1 (16 Sep 2003) - - 16 Sep 2003; Rajiv Aaron Manglani openssh-3.7_p1.ebuild: - added warning about restarting sshd. - - 16 Sep 2003; Mike Frysinger : - Version bump to fix #28873 ... selinux needs to be caught up though :(. - Marked stable due to nature of release (security). - -*openssh-3.6.1_p2-r3 (05 Sep 2003) - - 05 Sep 2003; Tavis Ormandy openssh-3.6.1_p2-r3.ebuild: - adding optional s/key authentication support, using new local USE flag - `skey`, currently ~arch only. #11478 - -*openssh-3.6.1_p2-r1 (06 Aug 2003) - - 06 Aug 2003; Donny Davies openssh-3.6.1_p2-r1.ebuild: - Added new local USE=X509 variable which includes Roumen Petrov's patch - providing support for authentication with X.509 certificates. - - 31 May 2003; Brandon Low files/sshd.rc6: - Add 'use dns logger' to the rcscript - -*openssh-3.6.1_p2 (30 Apr 2003) - - 30 Apr 2003; Daniel Ahlberg openssh-3.6.1_p2.ebuild : - Security update. - -*openssh-3.6.1_p1 (02 Apr 2003) - - 02 Apr 2003; Brandon Low openssh-3.6.1_p1.ebuild: - Bump - -*openssh-3.6_p1 (02 Apr 2003) - - 02 Apr 2003; Brandon Low openssh-3.6_p1.ebuild: - Bump, required some modifications to the selinux patch, test thoroughly - - 09 Feb 2003; Guy Martin : - Added hppa to keywords. - -*openssh-3.5_p1-r1 (20 Jan 2003) - - 30 Mar 2003; Joshua Brindle openssh-3.5_p1-r1.ebuild: - fixed compile options for selinux support - - 20 Mar 2003; Joshua Brindle openssh-3.5_p1-r1.ebuild: - added selinux support - - 15 Mar 2003; Jan Seidel : - Added mips to KEYWORDS - - 13 Mar 2003; Zach Welch openssh-3.5_p1-r1.ebuild: - add arm keyword - - 09 Mar 2003; Aron Griffis openssh-3.5_p1-r1.ebuild: - Mark stable on alpha - - 01 Mar 2003; Brandon Low openssh-3.5_p1-r1.ebuild: - make -> emake - - 21 Jan 2003; Nick Hadaway openssh-3.5_p1-r1.ebuild : - Changed USE="kerberos" to depend on app-crypt/krb5 as heimdal is not - compatible currently. Install app-crypt/kth-krb and set KTH_KRB="yes" - to enable Kerberos IV support. - - 20 Jan 2003; Nick Hadaway openssh-3.5_p1-r1.ebuild, - files/digest-openssh-3.5_p1-r1 : - Added kerberos use flag support. - - 09 Dec 2002; Donny Davies openssh-3.5_p1.ebuild, - openssh-3.4_p1-r2.ebuild, openssh-3.4_p1-r3.ebuild : Add a shells reminder. - - 06 Dec 2002; Rodney Rees : changed sparc ~sparc keywords - - 01 Dec 2002; Jack Morgan openssh-3.5_p1.ebuild : - Removed ~ from sparc/sparc64 keywords. - - 29 Nov 2002; Daniel Ahlberg openssh-3.5_p1.ebuild : - Rewrote patch applying code. - - 22 Nov 2002; Will Woods openssh-3.5_p1.ebuild: - Added patch to fix compile problem on alpha. - - 23 Oct 2002; Maik Schreiber openssh-3.5_p1.ebuild: Changed - "~x86" to "x86" in KEYWORDS. - -*openssh-3.5_p1 (18 Oct 2002) - - 19 Jan 2003; Jan Seidel : - Added mips to keywords - - 18 Oct 2002; Daniel Ahlberg openssh-3.5_p1.ebuild: - Version bump, found by fluxbox in bug #9262. - -*openssh-3.4_p1-r3 (04 July 2002) - - 25 Jul 2002; Nicholas Jones openssh-3.4_p1-r3.ebuild: - - Bopped Brandon on the head. Added -passwords to the end of --with-md5 - No version bump as this doesn't affect most people, and those who need it - can just rsync and emerge. - - 09 Jul 2002; Brandon Low openssh-3.4_p1-r3.ebuild: - - New revision enables md5 passwords, please test and let me know how it - goes so I can unmask. Thanks. - -*openssh-3.4_p1-r2 (04 July 2002) - - 09 Jul 2002; phoen][x openssh-3.4_p1-r2.ebuild: - Added KEYWORDS. - - 04 July 2002; Brandon Low openssh-3.4_p1-r2.ebuild: - Fixes problem of /var/empty being removed if immediately do emerge openssh - emerge openssh. Not an urgent upgrade, but recommended. - -*openssh-3.4_p1-r1 (02 July 2002) - - 02 July 2002; Brandon Low openssh-3.4_p1-r1.ebuild: - This closes bugs 4169, 4170, and 4193. This new ebuild changes the sshd - user from whatever it may be to UID 22, this shouldn't mean anything to most - people because no scripts, nor programs use the sshd UID directly (for that - matter it is only referenced during authentication of new logins via ssh). - However if for some reason your system does have things that were owned by - user sshd, you will need to change their UID. - -*openssh-3.4_p1 (26 June 2002) - - 26 June 2002; Brandon Low : - New version closes soon to be released security hole, PLEASE upgrade - immediately according to the changelogs, this new version closes several - possible holes found during a massive audit of the code. - -*openssh-3.3_p1 (22 June 2002) - - 22 June 2002; Donny Davies : - Chase latest release. Starting with this version sshd uses a new privelaged - process separation scheme. See the docs for more info. - -*openssh-3.2.3_p1-1 (5 June 2002) - - 5 June 2002; Gabriele Giorgetti : - New revision. Changes submitted by Alson van der Meulen gentoo@alm.xs4all.nl - within bug #3391 were added. Bug closed/fixed. - -*openssh-3.2.3_p1 (30 May 2002) - - 30 May 2002; Arcady Genkin : - Update to 3.2.3. - -*openssh-3.2.2_p1 (18 May 2002) - - 18 May 2002; Donny Davies : - Chase latest release + update openssl dependency. - -*openssh-3.1_p1-r2 (03 Apr 2002) - - 03 Apr 2002; Daniel Robbins files/sshd.pam: new pam - sshd file to use pam_stack, pam_nologin and pam_shells, as well as use - pam_unix instead of pam_pwdb. Added updated shadow dependency if pam is - enabled (to depend upon our new shadow with the pam_pwdb to pam_unix - conversion). - -*openssh-3.1_p1 (7 Mar 2002) - - 15 Mar 2002; Bruce A. Locke files/sshd.rc6, files/sshd.rc5: - ssh1 keygen requires a new option in the initscripts - - 13 Mar 2002; M.Schlemmer openssh-3.1_p1-r1.ebuild: - Update rc-script not to fail on restart if there is open sessions. - - 7 Mar 2002; F.Meyndert openssh-3.1_p1.ebuild: - Updated openssh to version 3.1 that fixes a nasty off by one bug in all - previous version. That caused a local root hole. - -*openssh-3.0.2_p1-r1 (01 Feb 2002) - - 01 Feb 2002; G.Bevin ChangeLog: - Added initial ChangeLog which should be updated whenever the package is - updated in any way. This changelog is targetted to users. This means that the - comments should well explained and written in clean English. The details about - writing correct changelogs are explained in the skel.ChangeLog file which you - can find in the root directory of the portage repository. diff --git a/sdk_container/src/third_party/portage-stable/net-misc/openssh/Manifest b/sdk_container/src/third_party/portage-stable/net-misc/openssh/Manifest deleted file mode 100644 index c1796de406..0000000000 --- a/sdk_container/src/third_party/portage-stable/net-misc/openssh/Manifest +++ /dev/null @@ -1,57 +0,0 @@ -AUX openssh-4.7_p1-GSSAPI-dns.patch 4494 SHA256 88a08f349258d4be5b2faa838a89fe1aa0196502990b745ac0e3a70dda30a0d7 SHA512 4d00a9ed79f66b92502c3e5ee580523f63d7b3643fe1bd330ff97994acce527d4d285d38199cef66eddc0ef68afabf7b268abc60cba871bac5d2e99045d4ac11 WHIRLPOOL 2f118fd2f016c529dbc31e8f2b6b418931e6770ab02c28b7feeaba93e84e7fcd1c742f4420a43a9fec0bdfaa4d4bc7cf14fb860c0a56c68a30e7b136fb60bcdb -AUX openssh-6.3_p1-x509-hpn14v2-glue.patch 1451 SHA256 d7179b3c16edd065977aaf56a410e2b9b237206fb619474f312972b430b73c8d SHA512 02577e3f718ff994bb4e962189f17048b4c03104d0a1981683f3c6a1d6d30701db368e132102c8396da2c0f5eb2f6602b26f32f74d19382af34bd9a93fc508f3 WHIRLPOOL b7d224d71634f380bd31b3a1dd3e588a29582255f717a6a308738ad58b485b693d827a53704479995ec2ebca53c9dc9b2113d8de52a1336b67ce83943f946b77 -AUX openssh-6.6.1_p1-x509-glue.patch 635 SHA256 381794bdfc4880da4411041ab1f795cba303644b0a35e88f0f452fca8c2bfbb8 SHA512 6d3adefc5449f812052221b69c588f9948e6116dd5c5644db4e0426264f06fd9a15f04364c2484ce03267f4a84b8806de7d7a7c9140538d73be9e7b50f4eeb47 WHIRLPOOL 823249e96f7175eef09f86dbcc67f6158c23f453eaa940a33c18a838389204cd3a43f5dccd39b6004e05cb05ea327d33be91c2ee1eb4525f13dc29e6943ea6b6 -AUX openssh-6.6.1_p1-x509-hpn14v5-glue.patch 1003 SHA256 a8506f57fb67be25fcba9ee462abc083876f3524b442428a07cf0bbe78735bf5 SHA512 d63eba36ea8488de8bd77fd0b2d005a208f8cf77ae6cf161a063d7efb049b66c7d9f8a12e8fb2f85b73276ba07e52d766bbae26dfd5f2a8537cdd7d991ba94aa WHIRLPOOL a52b2ddbd65bbee865b9fee8dcac6d29cf3a7af61431550bc2f32f9b147bc03fb448cf65e56531c11ec6bb2361515b47a6d9c13db62723e631ea0ef3fc937f6c -AUX openssh-6.7_p1-openssl-ignore-status.patch 765 SHA256 b068cc30d4bce5c457cea78233396c9793864ec909f810dd0be87d913673433a SHA512 ab15d6dfdb8d59946684501f6f30ac0eb82676855b7b57f19f2027a7ada072f9062fcb96911111a50cfc3838492faddd282db381ec83d22462644ccddccf0ae7 WHIRLPOOL c0a4ff69d65eeb40c1ace8d5be6f8e59044a8f16dc6b37e87393e79ab80935abf30a9d2a6babc043aba0477f5f79412e1ae5d373daba580178fd85ca1f60e60b -AUX openssh-6.7_p1-sctp-x509-glue.patch 1326 SHA256 42eb87eda1685e19add23c1304f17dabd99a1a38a57bfe2bfbb70ab85f6d385e SHA512 7f014e2b1893a5240680e2e14475d61b9b6047d1be3fe404d5971a899c122cc624546e9e5b31bfee5905cf7b4605a0871c3b00ed5c2bd28d84755a49392e1a69 WHIRLPOOL 8d6888163068dbc486bc4eff0dd7d4053f68b9848347eb520dd7d382b0b8c74e3016f7f3ed401c2c2dfd48e73a9077fb9777d39c0f236cc500c53393be426b42 -AUX openssh-6.7_p1-sshd-gssapi-multihomed.patch 5489 SHA256 d2a1735b523709a4b4ceaa57862ecb21a95656678bacc5b7da59dc46187ad997 SHA512 a8b8d2c2ab4520c8c7315f6130ee44fec48935a129ce7c7e51a068a4de2c7528980437246b61e4abc4cff614466f8054c554cdbaad4eb0d1f4afcfb434c30bbc WHIRLPOOL e4b97398c324360576a04792357f66be3ed9f17e4113f75275f8422ee0b7ecf28073c7cde01a63e24fa0901b14db822d22d7d2c5936bbee3bd5874a867066967 -AUX openssh-6.7_p1-x509-glue.patch 1633 SHA256 58031e90e0bf220028934ab590af6ccfc45722629b2416df13d84f10c9b94478 SHA512 364ca0280be5cc83d1dedf7727323fd5fc0093c6dbcf9cc8ccaa30ee754b866584be28da1166953f03faf8745d6364e33fad7daad9be9a29681a8674eb9d292b WHIRLPOOL b79a6cff897be78793bbf2ca03154103aa1380647b8c53e104155fd68122568a8e7dea23996213b192e4269f980b1035d3ca395dbd2c318fd81a45f44d110c31 -AUX openssh-6.7_p1-xmalloc-include.patch 390 SHA256 ea43a6a211d8cae4a078b748736f43d4a9d11804ace65886dec826b878dec28e SHA512 b51d9149418217828bdc53c234e248f8be1703b480ccf808814d37cd2589bccdbecff0046d2f2d0e4626420d0d4c2e02d25a9cc07ae31b365cd0b848ccc02035 WHIRLPOOL 04b298eb481fef585b055eb3d706cca55ad6efed6168246f0031e5f614085ae5e70cbb77717047d6c70d7d13a6846657e4a0089d4b8cdf5d9d05652ee22f7209 -AUX openssh-6.8_p1-sctp-x509-glue.patch 2937 SHA256 fe79e3e828f8599e7bad787c6e35bce5f6781a0875c56b250f0d7fde83e2f841 SHA512 776a4eab916ff64d255fb19dca26f0cb1cebb0a5d0c2dbcb40ecbf97b122fb20123532897fb962b27fae375c059ef0dc00c771bf47b67bd092a5ebb3f2252216 WHIRLPOOL c8126624b4be260f8fe40a4a9d7142b6f77ee15504e2d280c6429360ebbf53103974746d5746fe4b27edec6246f01afa1d921d1b5a2d46ae808e4bb41afbb181 -AUX openssh-6.8_p1-ssh-keygen-no-ssh1.patch 1209 SHA256 2ef08a14aab7d5c761670321ed6c66fb8e66c467625ce22448b2d1c020686b66 SHA512 1fae1c0b36b5e792861e83868d55de9e3df85270fda4aaf465c83e2deaf47045429f94c84d1abd270be4fc7519a42e3676839edda588322273e6ebd3ff37a570 WHIRLPOOL 93619f61208f86cc3857a5d2283343645614d7285b56f4585e073405e16c396272cb590e96225f09046de8fe918de5e1a81504385dda2ca3a0d467d0fdfde76f -AUX openssh-6.8_p1-sshd-gssapi-multihomed.patch 5464 SHA256 5f3506f0d45c22de85cf170c7dfeff134a144ec94f9fc1c57c5b3b797ee82756 SHA512 7bfbf720af2728abb55f73b67609967f34da27fea9a9dd6e0293e486a03d7d1167f506623771792d782707bfe58b46c69675bb3c5ad83332b7a50ee748176fbc WHIRLPOOL 81432c4ba7e34d216d73f63945f3c8d52d9113c07fb1f7c3dd5b39ac96223d38d2321a6d6de21b58b29767576c2a779a5703fa2e5727cd3fe4981581e822155d -AUX openssh-6.8_p1-ssl-engine-configure.patch 936 SHA256 cb3f34ef031aa5360b082468b4afb8b7fd2c778c990c2f20fda250167725ff88 SHA512 4b7840f719ad58c1f196327a52534f0a21264ce47e8df4a335e9f58d9d5eae33dbb9a75a2a714c3bdae6bee04728e66020ed57eb521fc1164521c4c5aa4a9a93 WHIRLPOOL 662d6eedb091021d5da4cdbd6d623e3678e54fb75cb52d8afdc4ef9c31f98d95f8445c2fde834d622b0aabf8b9593244847da574201ed176c350747526a28fe5 -AUX openssh-6.8_p1-teraterm-hpn-glue.patch 536 SHA256 846aa1a470e27767103c8c390a3ed9087aeaffc1d2bf8d4f5779af6274dfbbc9 SHA512 26ebfa3e0c39ed62fc9eb81a95e47d2543714f731f0b983d8d79ff2b0c19ab1b0bf8f7ba13f360ec633bd1ee219da9a6b2a0027c72766188beb3a380fd6c3224 WHIRLPOOL 34ac035a9c059d72e94ff3efab763c8a50749b9497c644c7b4685e22295d0c517daaf4bfaace73deeb2d003bea1e53fd84c94bd67c3b89d1c1f085ef845bf486 -AUX openssh-6.8_p1-teraterm.patch 1814 SHA256 e73e938524f15c4dc3368e7ba6b7d74ee2e83a7f0e97ed5460787d7caad04be1 SHA512 f39134d2257d86c5bf128754f8c1024057b9b1882984d5d70b86d2676d761b4a16681e76ae3f47f3abd23a07a75b6ebde6652431d9a86d5c3b9745c36577b8dc WHIRLPOOL c7d4dc5f2843fb6bc462d733a841b52599a9d49b344dc0a6fa71348624060736c02489130ae16692c5e1619200c954278df73a3f1020a77fe8712f99b329faaa -AUX openssh-6.9_p1-x509-warnings.patch 904 SHA256 6a52292b024704c7793188a0fc066336ec5cc7c8297071b2993618a332292c00 SHA512 11ea56ce2a7b87d046d1458e30947dd7f09c8959197e7fbadb57aec46fbd6a0694a2bd05b69978b1f719da2560f19e14d9ea10f6eca6f5b211f335505edd8c2b WHIRLPOOL 22dc4e2144534e180075e90ffe240a07bbd915b27a150e07f0d75889ad7a9103f8d1e5d477320df2b0f40e18d8c33fd99ad3cde7695557b69014318f219dc8dd -AUX openssh-7.0_p1-sctp-x509-glue.patch 2655 SHA256 f01218be5cc344797d6a1db034e6916b0383ea7188d0341ec1e4a3281c5917a6 SHA512 b53aaca05e671be9d8456e7d1aea3ed32afd333922f39c58aa3f9c2539a2d40bdf02ec23c438602e9a590702bcdf96901fb09dfaad93f4ab3fc735d7d189752d WHIRLPOOL 1d6a1947accb77fbd5b578d9e57a51f6ffc9d0d30c806beabea9b2a672ce1af17a283422fb58c835edd8370a5dbe4500ef515ec59af8a3948af5fc15a58a6da0 -AUX openssh-7.1_p1-hpn-x509-glue.patch 535 SHA256 28fabcb503632c57f4f4dfdbdd3e5f2eea97a1f1f216e19125d382820db484b5 SHA512 7f81586e8f755a2451bee962da6a76285fa1609cf761e1ed335e14b07dc28dd0dd9741654a26039d1029e34a45950cdf869132a137461118d9fd1ca142675010 WHIRLPOOL 4e55dd712f7e24f03d7a72017e7238c7bbda53aa54e4068a37a7dadc0f73f4777f9a8c58fefe4d671755ab24c747108dc57af6a08918f70e3425abe7faadc96a -AUX sshd.confd 396 SHA256 29c6d57ac3ec6018cadc6ba6cd9b90c9ed46e20049b970fdcc68ee2481a2ee41 SHA512 b9ae816af54a55e134a9307e376f05367b815f1b3fd545c2a2c312d18aedcf907f413e8bad8db980cdd9aad4011a72a79e1e94594f69500939a9cb46287f2f81 WHIRLPOOL 69f43e6192e009a4663d130f7e40ee8b13c6eb9cc7d960b5e0e22f5d477649c88806a9d219efef211f4346582c2bb51e40d230a8191e5953dbe08bfff976ae53 -AUX sshd.pam_include.2 156 SHA256 166136e27d653e0bf481a6ca79fecb7d9fa2fc3d597d041f97df595f65a8193c SHA512 d3f7e6ca8c9f2b5060ebccb259316bb59c9a7e158e8ef9466765a20db263a4043a590811f1a3ab072b718dbd70898bc69b77e0b19603d7f394b5ac1bd0a4a56c WHIRLPOOL ba7a0a8c3bb39c5fda69de34b822a19696398e0a8789211ac1faae787ee34f9639eb35efe29c67f874b5f9fe674742503e570f441c005974f4a0c93468b8970b -AUX sshd.rc6.4 2114 SHA256 b577e0ac07558205e2229b32bf52ab52d050acda3748708d9a36dc4365a3a725 SHA512 8bde7a1acf3a743982f0d1c951319adf9a401839a17c0bc55e5541940440187e08d46e0def650bcc758669841bcabb9d80afe81f37efee39bb451f131a58f0eb WHIRLPOOL fa4372c2673762bb5f2a9a67e0fea130b45ba7b76244c972fd14845b3689d9f841ffcd5ca21dcbaa58d547eea385936e65ef4a48279c95bc795c6b4cc90b2ddb -AUX sshd.service 242 SHA256 1351c43fe8287f61255ace9fa20790f770d69296b4dd31b0c583983d4cc59843 SHA512 77f50c85a2c944995a39819916eb860cfdc1aff90986e93282e669a0de73c287ecb92d550fd118cfcc8ab538eab677e0d103b23cd959b7e8d9801bc37250c39c WHIRLPOOL 0f5c48d709274c526ceee4f26e35dcb00816ffa9d6661acc1e4e462acb38c3c6108b0e87783eff9da1b1868127c5550c57a5a0a9d7270b927ac4b92191876989 -AUX sshd.socket 136 SHA256 c055abcd10c5d372119cbc3708661ddffccdee7a1de1282559c54d03e2f109d9 SHA512 4d31d373b7bdae917dc0cf05418c71d4743e98e354aefcf055f88f55c9c644a5a0e0e605dbb8372c1b98d17c0ea1c8c0fee27d38ab8dbe23c7e420a6a78c6d42 WHIRLPOOL 102d87b708c31e5994e8005437c78b1aa756c6def4ee9ae2fa9be1438f328fc28c9152a4ff2528941be18f1311594490ecd98b66716ec74e970aa3725a98e2e5 -AUX sshd_at.service 176 SHA256 332f5ffc30456fe2494095c2aabd1e6e02075ce224e2d49708ac7ccf6d341998 SHA512 662a9c2668902633e6dbcb9435ac35bec3e224afdb2ab6a1df908618536ae9fc1958ba1d611e146c01fddb0c8f41eefdc26de78f45b7f165b1d6b2ee2f23be2a WHIRLPOOL aeb32351380dd674ef7a2e7b537f43116c189f7fddb8bdb8b2c109e9f62b0a73cc0f29f2d46270e658ab6409b8d3671ce9e0d0ba7c0d3674c2f85291a73e6df1 -DIST openssh-6.7_p1-sctp.patch.xz 7408 SHA256 b33e82309195f2a3f21a9fb14e6da2080b096dcf0d6f1c36c93cdeac683fdd59 SHA512 35da5e58f857e8b24e63b4058e946b71fdf0fecc637cb7af0ba8913869e5aadf8317805838936c84dc24421f03c5c91e1670761bed152fdf325c5a509f1b5d04 WHIRLPOOL cc7bace4aa60d720914e3a6a4ff650b7543d9e4963deab12c19cb5d798547b4fe547690946ff8955e121339e9a3d0ebe06f3ff758cca4bb81a09ac43fc877f58 -DIST openssh-6.7p1+x509-8.2.diff.gz 241798 SHA256 85acfcd560b40d4533b82a4e3f443b7137b377868bab424dacdf00581c83240f SHA512 d33ece7ddf382235b032875cf961845b308dc5e4cd1888cb68fee11c95066bb90938f9043cb9410f372efb578b61dfd5d50341da95a92fab5a4c209ac54e1f5e WHIRLPOOL b1fe2b88f0e77312099171f5c83dc670abc4c40d215fdff1e43161e44f806de9e0537cfa3a0001e1c7bbc0d0aed555079455f88b8ff313b00d8e9a19dabcb7d8 -DIST openssh-6.7p1-hpnssh14v5.tar.xz 25652 SHA256 7284db65548b6b04142930da86972f96b1f5aa8ad3fc125134412f904f369d7e SHA512 21929805f40c79684ee3ecdb2b495d3204dca90b932aa633c4e0f6a093a417259cdeee10b3e49f3dff426febc6792f45ee23cc0688f05bf047630f3016e0926a WHIRLPOOL 5515cd4c745b061a3e92ac03e8121fb3ffc4b2ff116140625ca7ab2c0211c673b6345e5b08134df8b1743e03f9964017e789e1f0b9da99a0fd5970e14665e681 -DIST openssh-6.7p1.tar.gz 1351367 SHA256 b2f8394eae858dabbdef7dac10b99aec00c95462753e80342e530bbb6f725507 SHA512 2469dfcd289948374843311dd9e5f7e144ce1cebd4bfce0d387d0b75cb59f3e1af1b9ebf96bd4ab6407dfa77a013c5d25742971053e61cae2541054aeaca559d WHIRLPOOL ac8ce86d0f6c78c4cb3624b480f189f951d508db38b22d7a5550b7302d5277c1c7d18eaa713d52139abc0f77edacfdb03ced2603125e3ddf9bc09c69e6b70518 -DIST openssh-6.8_p1-sctp.patch.xz 7388 SHA256 2c74dd00aaae9f4de908d8e5685ae982779a5069996b98d55e8408eada739a19 SHA512 f93a1d27bc3e57a6d4fa717c9d5ece4f28196f8539cb2f2efc4285dce9a2e94a3f5a59d18fc01ea73a94e90630cee7621240455fce146f781cf7091a828f2db0 WHIRLPOOL 7fb3346c3444654988303ff2a941345c00412a8012d6d419c9e4f870ef4c3362f92a4020d7bff2dc5d1ff9e42cf7287c4346909f8db07154783d5359a73a7476 -DIST openssh-6.8_p1-x509-8.3.1-glue.patch.xz 141096 SHA256 1e8c911b1403e47a37c24d0ebbfa36d46204c06b38d93ed9ae6d2a0953d3bba6 SHA512 942f09f20d898b4865707b5b48012545d7f8171353427ddb773cffaf1b8c664f48375cb85292592ccba63da695e99def42d17c52a61bb93b89827f53cf3ad918 WHIRLPOOL 66ace7a191a562485ee144516912dee52c84fcfbe8b710b3429211cd9d849dc24d4419c5fa6fd3968f9ab250cf474a692db326c2ac3ef930081b8a5777875a73 -DIST openssh-6.8p1+x509-8.3.1.diff.gz 351502 SHA256 64d0b7cd428352a2d77d9decb02ec744eca4433bcb35288745859eb19ccf4fcf SHA512 6525b7ddae13752f145bda42fe6d65ec40a8c9d44766b749cf49ff904d6b1941e088e560c2a532a3dc0003ac1e29d56a28ea3ed1533ee5abcd696cd80ae88d8e WHIRLPOOL 32f45411d250b7c46f2408bfca6b12223e901fa15c27db449c06cd5b1ab7a0e853fffed5971ca635c5080d1796196a8661b8d1503bdcdb28d61e0d082f28590b -DIST openssh-6.8p1-r5-hpnssh14v5.tar.xz 27240 SHA256 4fe25701ea8717e88bf2355a76fb5370819f927af99efba3e4f06fe3264fbf58 SHA512 29a2086c6bf868bb1c8d2601e1ac83a82de48ed9f9cf6a3762b3f899112d939507b563d0117b4bec87008dd0434e0735e4a4f8c779a64d719d3873224918d16c WHIRLPOOL a4f3e841530d08363c94dfb55911e79f130668e459dc2e1ebb477c14dcf7d3bd71ad63c55e0ff2ba80684e67a8f40867b0a9fd01aabe3fe1533ef604f84a76b3 -DIST openssh-6.8p1.tar.gz 1475953 SHA256 3ff64ce73ee124480b5bf767b9830d7d3c03bbcb6abe716b78f0192c37ce160e SHA512 7c4457e4525a56cdabb1164ffaf6bed1c094294ae7d06dd3484dcffcd87738fcffe7019b6cae0032c254b0389832644522d5a9f2603b50637ffeb9999b5fcede WHIRLPOOL 3ac9cc4fe0b11ca66c0220618d0ef0c5925e5605d4d3d55c9579b708c478cf8613b7575fe213aba57054d97d3290baac4eba26b7a630d22477ec947f22327a5a -DIST openssh-6.9p1+x509-8.4.diff.gz 425687 SHA256 0ed8bfff0d2ecd9f3791ae1f168ca3270bb66d7ab7bc0a8ff2d61d2ab829c3fb SHA512 596cb65408db06fb299b92160147685b001dc23929ecf5c4bd11a8b0475d79695c7b4dbe8a878d7fbcd944155935fd62a14e35c79204b39e413f5eaa961ef76c WHIRLPOOL 771fa0f4f6a20ed49ba201605fcdcbfc41a0f094ef4a89ca2433ee51b7c8bf99cc266f26bd7877c61ff92e9a50c7d65119ba75ba64eaa029bd567bab3ee243c2 -DIST openssh-6.9p1-hpnssh14v5.tar.xz 25164 SHA256 67c0b043525c838522d17ba8ed3ffa81aa212ae0f43c3d989a3e649fd0a2ca48 SHA512 bef32f6dd97e949e0973d30248401b86233ca66ace750c5050158a748fe279db46c8ee59b6f3de2193f52bab3a1c19372296b86136d7d65a312769008d0acf3a WHIRLPOOL 65241de2409bfe452b0bcf6282f0571a2bbf6d02d4d5cb97db78bd42e8be439c47da8a54d33272a85d50d648e2e4af56b574bc8add56c65e2ff9ccd59b90f65c -DIST openssh-6.9p1-r1-hpnssh14v5.tar.xz 21396 SHA256 84e9e28a1488ccf66e29a7c90442b3bc4833a6fa186260fb6853b5a1b19c0beb SHA512 476064dbdb3d82b86ad7c481a4a301ff0d46bd281fe7ca0c29f34ae50b0034028760997ae2c934a265499c154f4534d35ead647aa63d1a4545ed503a5364eada WHIRLPOOL 74eaf2fe0a6ecd0e2fa5078034628d4c76c75b121f3c813ff8a098ab28363daa3800d03936046aa3aebbfdab3afd31ef30a207399f5e305d7f71e5f3c7e4f4a7 -DIST openssh-6.9p1.tar.gz 1487617 SHA256 6e074df538f357d440be6cf93dc581a21f22d39e236f217fcd8eacbb6c896cfe SHA512 68fec9b4e512fe126a5d35b01e2cc656d810b75052ed8a36bc85cd0a05de7318b15ed287bc95cf9bcb3fa2f385029151d85aced55e07fbcc79e6c779bee6751d WHIRLPOOL 1dcb291383c9f934b512f61ce9f6e0319f22e112ce3f6eace2a868ca0f99c709c65bae14a9815e2ef237f8132fe72c583cffb7ea20bdfa2aaa77cf347967be7f -DIST openssh-7.0p1+x509-8.5.diff.gz 411960 SHA256 6000557f1ddae06aff8837d440d93342a923fada571fec59fc5dedf388fb5f9e SHA512 1241419ea32a21b0ef15fb3845344c9b1126ecee94265b074e60af794eacdb39a98983040a61b9f169e0a6d5a0a248e1bbf9d9b3e56df50cb382441a26dddafd WHIRLPOOL 117e8c9bb05ded7fdf261e9aca709540e0a3817bc5b3e70472e8c802063e37ee24feae4c1b3a909177ab163e53c2d614b4f0fc75aad1ca44c0e0584eeff55a81 -DIST openssh-7.0p1-hpnssh14v5.tar.xz 21428 SHA256 6032c4547c9f83a6f648ac7c39cdad2bd6fd725e5f3ab2411c5b30298aae1451 SHA512 d4cf4a628c11515bfe8c3a91b4b7039fca28c2f89ad1dde062c4cb433b984b10dec2d37b1f338f18aa7813e60d8608b65ca95b930edc33086710b82780875942 WHIRLPOOL 7b686f243c98017453b3da3e98b7524650b4a0a75fda6add80c7c233d468194d1d1333ffa4445c20856d807548aaa356c87a03ca87d8995a4b7ba350c7714d1e -DIST openssh-7.0p1.tar.gz 1493376 SHA256 fd5932493a19f4c81153d812ee4e042b49bbd3b759ab3d9344abecc2bc1485e5 SHA512 d82aa8e85630c3e2102e69da477185e0d30d84211d7d4ee0a1d9822bd234d649fe369bf91ce3d2b5ef0caee687d383cb761b682d3bf24bccbd2ce9a1fe9d9f50 WHIRLPOOL bb8007450ffee580df5a73e3d6ab9b54b7151c46c3b996516e5cb776034be21cbef1281a520279655137e218a757d8092cba3f66e216c6b4c6828876540cb5df -DIST openssh-7.1p1+x509-8.6.diff.gz 413931 SHA256 cbf661a1fec080dc9ed335a290414154326c2a13f124985db050b86a91073d52 SHA512 c91d0f1b69b6d34984e94b391ad022271e73d0634cef2df355ba555366bc38d30649b478f245b6c51ce79d71adf1b693bc97826e6c6013a78e7ccfb7023b4bcc WHIRLPOOL 4ed4427e80026996c43a188d7d45f2c53fa6a7fd842a248b1225b27f3e9037e761f0ed172d79b53ada81c24d958a2193e94d918f6ca1320e45d5e68379845981 -DIST openssh-7.1p1-hpnssh14v9.tar.xz 21580 SHA256 a795c2f2621f537b3fd98172cbd1f7c71869e4da78cd280d123fa19ae4262b97 SHA512 6ce151949bf81b5518b95092a2f18d2f24581954e2c629deaf3c1d10136f32f830567aafb9b4045547e95e3ab63cf750e240eac40e2b9caa6d71cb2b132821ec WHIRLPOOL 8e3c9a1d79112092a6cb42c6766ccdf61e5d8fcd366ea5c7d3bab94cf309bcc12f3761476a288158638a340023aa24519d888caac19fb0ef25fa56bdab06412c -DIST openssh-7.1p1.tar.gz 1493170 SHA256 fc0a6d2d1d063d5c66dffd952493d0cda256cad204f681de0f84ef85b2ad8428 SHA512 f1491ca5a0a733eb27ede966590642a412cb7be7178dcb7b9e5844bbdc8383032f4b00435192b95fc0365b6fe74d6c5ac8d6facbe9d51e1532d049e2f784e8f7 WHIRLPOOL a650a93657f930d20dc3fa24ab720857f63f7cd0a82d1906cf1e58145e866129207851d5e587d678655e5731fa73221ab9b6ea0754533100c25fe2acaa442e05 -DIST openssh-lpk-6.7p1-0.3.14.patch.xz 16920 SHA256 0203e6e44e41d58ec46d1611d7efc985134e662bbee51632c29f43ae809003f0 SHA512 344ccde4a04aeb1500400f779e64b2d8a5ad2970de3c4c343ca9605758e22d3812ef5453cd3221b18ad74a9762583c62417879107e4e1dda1398a6a65bcd04b2 WHIRLPOOL 5b6beeb743d04deea70c8b471a328b5f056fd4651e1370c7882e5d12f54fa2170486dcd6f97aa8c58e80af9a2d4012e2dfbcf53185317976d309783ca8d6cf73 -DIST openssh-lpk-6.8p1-0.3.14.patch.xz 16940 SHA256 d5f048dc7e9d3fca085c152fc31306f1d8fa793e524c538295915b075ec085b0 SHA512 2470b6b46f8c7ac985f82d14b788a3eb81a468a1d5013cb7f89257d9dd78b6037e24bf54ac57b757db8ed1df24332d659cf918c11ea73592fd24a69c25a54081 WHIRLPOOL b041ee9e0efdf370686f11df4131ab5e5ffb2f11cc66c386a8223bf563c5b78ab9443f06e4adc2e506e440cdec9dc5b20f5972cd8d691d786d2f903bb49b947b -EBUILD openssh-6.7_p1-r4.ebuild 9962 SHA256 d5ee5fc5b008ed2a42dab88a2ee3b988ccd14e93683b895b952589796f2585fe SHA512 419e9d536bc5e4b6dc6be430d20fd1c0264c314bb9ed60c9e197e6d3adb1bff909caf20167078a98b6c6b5510eb4a5e4986d2e9d3e65fac3fee96ee83d13193d WHIRLPOOL f5ea97bfaf39efa2d2fab55d8dad16f5d8cf5aa7ad6069ce93288eb415a450aab3eb25f3c8d1ece478f0a438ec9a37460a7dcdc4f676e92d67118a362b9edbe0 -EBUILD openssh-6.7_p1.ebuild 9895 SHA256 6d55ff5b4ea32b940f37980bc950922c996998b29ff8f16731a62d4e8e6c15c1 SHA512 7b078e8910250eba2bb39f7e43c8f1f691462194f66e78845bd0ef61751aca88cea43dcb0a395e1b7382093e1a1585bacce75efc82610ce2017dd8d71c9327d0 WHIRLPOOL ffdd64ad99c21061e34562e7f482b87a86fa44c54edf72ac5f44c59f40a46265f8f1693b7d684555c8087ce701efbe54a7314ad4ce7b7f60e21d38f9c30f5e0b -EBUILD openssh-6.8_p1-r5.ebuild 10402 SHA256 31b415473a164acddf74006fe8dfedf6761727511f2a3d8682510e8fcfa5664d SHA512 b1b8a582c9bf71f147c6881d751feccbdfc66fb23c7278abe1fd15670fcf904bc4625ecffaf72fa1d743333345faeb5aebc47148849cd6bf28258c71f1cdeba4 WHIRLPOOL f92a028e1b638dee5dbe2cebe0b0a6ea3a5da982e34d6839da0359ce856f8ef57369db17ddb08149a25b1c4fd274fe4ae6d5dbd03d8870dc27fa49e6288354bd -EBUILD openssh-6.9_p1-r1.ebuild 10048 SHA256 5e7f1e77587f1ed120c659d322399d4b273f5c2c70790603c29f24b09cf04100 SHA512 49be48792087b37d30bb123117034cd771cac3e175ef7fecf926ff2ecf117da4c874d62fd1c2ac54c2b767ecc326f9474dbece49ce718a795ae20d19c2ad5cb8 WHIRLPOOL a9b0f0c2b8f187dda30389069599261b74f676b2e3f2f6303d49c8d9da71104e1050e4f1f276032367a8dd1e94bbca758fd36f0aa2caa69c8707cc3b27c8aefd -EBUILD openssh-6.9_p1-r2.ebuild 9765 SHA256 3aba2e3be73521662168957f8280241e3df91d680e2ca53b3a5bc0767a149c08 SHA512 d5482cae7f61ab259688e7ff77dd9fd776a6c5eb97c22365b171641db72dc9fb9d2025d3e4cc2e128bdd4a9e5dd04097090d50b6f64f7c72383fd86700d4402b WHIRLPOOL a761aaecd8f6f72f0b72dc1db8e19e32f3077b75cd413f33d5b3358c96fb49e4f9cf068467924d67a19f6b5217dbb5068e935d150c3c17871e6614b9d1d112a7 -EBUILD openssh-7.0_p1.ebuild 10478 SHA256 05bab74c747f77bfe968ce9371be64844412c23a1229c4d1597a472503db0d3e SHA512 578482c3f9b6f8a5183046483079bc3d895bd7f8deb0e1860f5afe6cb651fbb2be69557f9dc60000e54e7381870ea4239f6381377d7d772bd2ce30e212d0dea5 WHIRLPOOL 634d0dbfad64a39d510d11be4be97f35c338b8f20cd976e936ddf3eb845283bafc3eb2cc8d3de426501de841210401a1c8cfebf179e7fbd11d04d2a8d366773b -EBUILD openssh-7.1_p1-r1.ebuild 10628 SHA256 872b21e52174c3c99b372ed98c20aa03fdacf9bd97e4c851ce3b808a7f0e9c35 SHA512 9af7362eb6f2415011476e4591f811719d9ab727c5745ef1cdd52eb64fbf825d64a00a3575e41cb3d720bd9658410d6da450c94871c336058a5cfbe0dfd789b2 WHIRLPOOL 6cb7816f52d488a94a59ba87030b2c01400528886627bf98df2d22d33d4f0659ea96e477d198280ec140f2f776b07cfa536ea311645d6717085d0fbecc10a6e7 -EBUILD openssh-7.1_p1-r2.ebuild 10633 SHA256 8997385c50f1dd8bdf5332c86f2d52addbd9127195c8cadf79c4bbbc09e41cdf SHA512 c58e4e57459c4cf63c7636a10213032c118c48069fa2dd52f0055209ebd1aec434602f5cc6342659d861955c599c8fba53f802b5a2f1b8effa5f2c38f06ba490 WHIRLPOOL aa77e4be2cf7130db21c89ed6c94040ed77dce254198a50af03a073e947f8fb73b487c77b74ad801c126769fd978a233227caa8ba5bbfebcd5bafe5a602ee8b2 -EBUILD openssh-7.1_p1.ebuild 10525 SHA256 c979f16f19cda5596874edc1a18cc2fe296d56156ae46cc62e52473ddc79d7d9 SHA512 dcbb07dc1a1c1963343e10bfa63db468de1dde32ac85eaf2b8058ea24e6be578b1a4bf7c52aa27fb06a748a17fd874fa209341d980599f77d32bfcce8b8f029c WHIRLPOOL 578559127d1dbe26a1d76b7546895ba45da2f59a15ad403bfe69920260e62aa89395a73695d0ae38331d7e76db70b311bfd66e1594364714eb33f23fb7a35045 -MISC ChangeLog 8368 SHA256 2ca18433f2cd75ed2345bb2a83dfaa2d5e8b12da44ac2c5a082f30b60b0cbfeb SHA512 ff073eef05797e40e321bcf980fc5f20e274444ed4a82e2deb251c6117d4a05d21dfd53a6d8de90cb3d963afe14297bbc0408edabb63e9f5969891efc2117435 WHIRLPOOL 9d0a121948ed25cc7fab1df3c227e7e60158f5fdd009ae00b0041691f8be91b4dc415cc50357ad2e5e0ee72dc32c20fa798eccce65897e8faaa0d5149eec31df -MISC ChangeLog-2015 95783 SHA256 53b51ee42a1faf42d80733382986e4fd606366b7bb6350c76f44df851e071890 SHA512 95a4f4243cb8cd8901208adc3632e191ab27a5ea2ce947e832264833262d8bd1e74a7e4f3545d6f2da8d2b473a59cfc7014aa88d5b0ea30e348c4f5d9323c8e5 WHIRLPOOL 5b56a38ddcf0308b681fc1c1fe8107c37ea1385e30ebc435d22f73c38947f9afdbb37ffb1c22bc48c83117cb91b946831cd83bab2807c248292fd2822002f828 -MISC metadata.xml 2129 SHA256 f786d2849baa9c48bf58e1e5d71dec826998961dc96ae13937c2853900b4a289 SHA512 a8ce6d4781f98279cc7666a36f0e80229358d61a2ef9f7486d26233b523780963d43b2cca332301901a22a15ac2e79d2abce399028b47c95d65bccc49f609376 WHIRLPOOL c59d747bc802dd8e3c3bcc3d0e7168c1ad00ba48f74226e5da5dd1a1ea769882861c0bcd9bcb117fc92d8fca746f7d69a39b77a4dfcb5c0279f672bba2cb3eec diff --git a/sdk_container/src/third_party/portage-stable/net-misc/openssh/files/openssh-4.7_p1-GSSAPI-dns.patch b/sdk_container/src/third_party/portage-stable/net-misc/openssh/files/openssh-4.7_p1-GSSAPI-dns.patch deleted file mode 100644 index c81ae5cb70..0000000000 --- a/sdk_container/src/third_party/portage-stable/net-misc/openssh/files/openssh-4.7_p1-GSSAPI-dns.patch +++ /dev/null @@ -1,127 +0,0 @@ -http://bugs.gentoo.org/165444 -https://bugzilla.mindrot.org/show_bug.cgi?id=1008 - -Index: readconf.c -=================================================================== -RCS file: /cvs/openssh/readconf.c,v -retrieving revision 1.135 -diff -u -r1.135 readconf.c ---- readconf.c 5 Aug 2006 02:39:40 -0000 1.135 -+++ readconf.c 19 Aug 2006 11:59:52 -0000 -@@ -126,6 +126,7 @@ - oClearAllForwardings, oNoHostAuthenticationForLocalhost, - oEnableSSHKeysign, oRekeyLimit, oVerifyHostKeyDNS, oConnectTimeout, - oAddressFamily, oGssAuthentication, oGssDelegateCreds, -+ oGssTrustDns, - oServerAliveInterval, oServerAliveCountMax, oIdentitiesOnly, - oSendEnv, oControlPath, oControlMaster, oHashKnownHosts, - oTunnel, oTunnelDevice, oLocalCommand, oPermitLocalCommand, -@@ -163,9 +164,11 @@ - #if defined(GSSAPI) - { "gssapiauthentication", oGssAuthentication }, - { "gssapidelegatecredentials", oGssDelegateCreds }, -+ { "gssapitrustdns", oGssTrustDns }, - #else - { "gssapiauthentication", oUnsupported }, - { "gssapidelegatecredentials", oUnsupported }, -+ { "gssapitrustdns", oUnsupported }, - #endif - { "fallbacktorsh", oDeprecated }, - { "usersh", oDeprecated }, -@@ -444,6 +447,10 @@ - intptr = &options->gss_deleg_creds; - goto parse_flag; - -+ case oGssTrustDns: -+ intptr = &options->gss_trust_dns; -+ goto parse_flag; -+ - case oBatchMode: - intptr = &options->batch_mode; - goto parse_flag; -@@ -1010,6 +1017,7 @@ - options->challenge_response_authentication = -1; - options->gss_authentication = -1; - options->gss_deleg_creds = -1; -+ options->gss_trust_dns = -1; - options->password_authentication = -1; - options->kbd_interactive_authentication = -1; - options->kbd_interactive_devices = NULL; -@@ -1100,6 +1108,8 @@ - options->gss_authentication = 0; - if (options->gss_deleg_creds == -1) - options->gss_deleg_creds = 0; -+ if (options->gss_trust_dns == -1) -+ options->gss_trust_dns = 0; - if (options->password_authentication == -1) - options->password_authentication = 1; - if (options->kbd_interactive_authentication == -1) -Index: readconf.h -=================================================================== -RCS file: /cvs/openssh/readconf.h,v -retrieving revision 1.63 -diff -u -r1.63 readconf.h ---- readconf.h 5 Aug 2006 02:39:40 -0000 1.63 -+++ readconf.h 19 Aug 2006 11:59:52 -0000 -@@ -45,6 +45,7 @@ - /* Try S/Key or TIS, authentication. */ - int gss_authentication; /* Try GSS authentication */ - int gss_deleg_creds; /* Delegate GSS credentials */ -+ int gss_trust_dns; /* Trust DNS for GSS canonicalization */ - int password_authentication; /* Try password - * authentication. */ - int kbd_interactive_authentication; /* Try keyboard-interactive auth. */ -Index: ssh_config.5 -=================================================================== -RCS file: /cvs/openssh/ssh_config.5,v -retrieving revision 1.97 -diff -u -r1.97 ssh_config.5 ---- ssh_config.5 5 Aug 2006 01:34:51 -0000 1.97 -+++ ssh_config.5 19 Aug 2006 11:59:53 -0000 -@@ -483,7 +483,16 @@ - Forward (delegate) credentials to the server. - The default is - .Dq no . --Note that this option applies to protocol version 2 only. -+Note that this option applies to protocol version 2 connections using GSSAPI. -+.It Cm GSSAPITrustDns -+Set to -+.Dq yes to indicate that the DNS is trusted to securely canonicalize -+the name of the host being connected to. If -+.Dq no, the hostname entered on the -+command line will be passed untouched to the GSSAPI library. -+The default is -+.Dq no . -+This option only applies to protocol version 2 connections using GSSAPI. - .It Cm HashKnownHosts - Indicates that - .Xr ssh 1 -Index: sshconnect2.c -=================================================================== -RCS file: /cvs/openssh/sshconnect2.c,v -retrieving revision 1.151 -diff -u -r1.151 sshconnect2.c ---- sshconnect2.c 18 Aug 2006 14:33:34 -0000 1.151 -+++ sshconnect2.c 19 Aug 2006 11:59:53 -0000 -@@ -499,6 +499,12 @@ - static u_int mech = 0; - OM_uint32 min; - int ok = 0; -+ const char *gss_host; -+ -+ if (options.gss_trust_dns) -+ gss_host = get_canonical_hostname(1); -+ else -+ gss_host = authctxt->host; - - /* Try one GSSAPI method at a time, rather than sending them all at - * once. */ -@@ -511,7 +517,7 @@ - /* My DER encoding requires length<128 */ - if (gss_supported->elements[mech].length < 128 && - ssh_gssapi_check_mechanism(&gssctxt, -- &gss_supported->elements[mech], authctxt->host)) { -+ &gss_supported->elements[mech], gss_host)) { - ok = 1; /* Mechanism works */ - } else { - mech++; diff --git a/sdk_container/src/third_party/portage-stable/net-misc/openssh/files/openssh-6.3_p1-x509-hpn14v2-glue.patch b/sdk_container/src/third_party/portage-stable/net-misc/openssh/files/openssh-6.3_p1-x509-hpn14v2-glue.patch deleted file mode 100644 index c3647d5aa2..0000000000 --- a/sdk_container/src/third_party/portage-stable/net-misc/openssh/files/openssh-6.3_p1-x509-hpn14v2-glue.patch +++ /dev/null @@ -1,51 +0,0 @@ ---- openssh-6.3p1/Makefile.in -+++ openssh-6.3p1/Makefile.in -@@ -45,7 +45,7 @@ - CC=@CC@ - LD=@LD@ - CFLAGS=@CFLAGS@ --CPPFLAGS=-I. -I$(srcdir) @CPPFLAGS@ @LDAP_CPPFLAGS@ $(PATHS) @DEFS@ -+CPPFLAGS=-I. -I$(srcdir) @CPPFLAGS@ $(PATHS) @DEFS@ - LIBS=@LIBS@ - K5LIBS=@K5LIBS@ - GSSLIBS=@GSSLIBS@ -@@ -53,6 +53,7 @@ - SSHDLIBS=@SSHDLIBS@ - LIBEDIT=@LIBEDIT@ - LIBLDAP=@LDAP_LDFLAGS@ @LDAP_LIBS@ -+CPPFLAGS+=@LDAP_CPPFLAGS@ - AR=@AR@ - AWK=@AWK@ - RANLIB=@RANLIB@ ---- openssh-6.3p1/sshconnect.c -+++ openssh-6.3p1/sshconnect.c -@@ -465,7 +465,7 @@ - { - /* Send our own protocol version identification. */ - if (compat20) { -- xasprintf(&client_version_string, "SSH-%d.%d-%.100s PKIX\r\n", -+ xasprintf(&client_version_string, "SSH-%d.%d-%.100s\r\n", - PROTOCOL_MAJOR_2, PROTOCOL_MINOR_2, SSH_VERSION); - } else { - xasprintf(&client_version_string, "SSH-%d.%d-%.100s\n", ---- openssh-6.3p1/sshd.c -+++ openssh-6.3p1/sshd.c -@@ -472,8 +472,8 @@ - comment = ""; - } - -- xasprintf(&server_version_string, "SSH-%d.%d-%.100s%s%s%s%s", -- major, minor, SSH_VERSION, comment, -+ xasprintf(&server_version_string, "SSH-%d.%d-%.100s%s%s%s", -+ major, minor, SSH_VERSION, - *options.version_addendum == '\0' ? "" : " ", - options.version_addendum, newline); - ---- openssh-6.3p1/version.h -+++ openssh-6.3p1/version.h -@@ -3,4 +3,5 @@ - #define SSH_VERSION "OpenSSH_6.3" - - #define SSH_PORTABLE "p1" -+#define SSH_X509 " PKIX" - #define SSH_RELEASE SSH_VERSION SSH_PORTABLE diff --git a/sdk_container/src/third_party/portage-stable/net-misc/openssh/files/openssh-6.6.1_p1-x509-glue.patch b/sdk_container/src/third_party/portage-stable/net-misc/openssh/files/openssh-6.6.1_p1-x509-glue.patch deleted file mode 100644 index 2a34ee96d5..0000000000 --- a/sdk_container/src/third_party/portage-stable/net-misc/openssh/files/openssh-6.6.1_p1-x509-glue.patch +++ /dev/null @@ -1,17 +0,0 @@ -Make x509 apply after openssh-5.9_p1-sshd-gssapi-multihomed.patch. - ---- openssh-6.6p1+x509-8.0.diff -+++ openssh-6.6p1+x509-8.0.diff -@@ -16337,10 +16337,10 @@ - .It Cm ChallengeResponseAuthentication - Specifies whether challenge-response authentication is allowed (e.g. via - PAM or though authentication styles supported in --@@ -499,6 +576,16 @@ -+@@ -514,6 +591,16 @@ -+ This facility is provided to assist with operation on multi homed machines. - The default is - .Dq yes . -- Note that this option applies to protocol version 2 only. - +.It Cm HostbasedAlgorithms - +Specifies the protocol version 2 algorithms used in - +.Dq hostbased diff --git a/sdk_container/src/third_party/portage-stable/net-misc/openssh/files/openssh-6.6.1_p1-x509-hpn14v5-glue.patch b/sdk_container/src/third_party/portage-stable/net-misc/openssh/files/openssh-6.6.1_p1-x509-hpn14v5-glue.patch deleted file mode 100644 index beb22926ae..0000000000 --- a/sdk_container/src/third_party/portage-stable/net-misc/openssh/files/openssh-6.6.1_p1-x509-hpn14v5-glue.patch +++ /dev/null @@ -1,26 +0,0 @@ -make the hpn patch apply when the x509 patch has also been applied - ---- openssh-6.6.1p1-hpnssh14v5.diff -+++ openssh-6.6.1p1-hpnssh14v5.diff -@@ -1742,18 +1742,14 @@ - if (options->ip_qos_interactive == -1) - options->ip_qos_interactive = IPTOS_LOWDELAY; - if (options->ip_qos_bulk == -1) --@@ -345,9 +392,10 @@ -+@@ -345,6 +392,7 @@ - sUsePrivilegeSeparation, sAllowAgentForwarding, - sHostCertificate, - sRevokedKeys, sTrustedUserCAKeys, sAuthorizedPrincipalsFile, --+ sTcpRcvBufPoll, sHPNDisabled, sHPNBufferSize, -++ sTcpRcvBufPoll, sHPNDisabled, sHPNBufferSize, sNoneEnabled, - sKexAlgorithms, sIPQoS, sVersionAddendum, - sAuthorizedKeysCommand, sAuthorizedKeysCommandUser, --- sAuthenticationMethods, sHostKeyAgent, --+ sAuthenticationMethods, sNoneEnabled, sHostKeyAgent, -- sDeprecated, sUnsupported -- } ServerOpCodes; -- -+ sAuthenticationMethods, sHostKeyAgent, - @@ -468,6 +516,10 @@ - { "revokedkeys", sRevokedKeys, SSHCFG_ALL }, - { "trustedusercakeys", sTrustedUserCAKeys, SSHCFG_ALL }, diff --git a/sdk_container/src/third_party/portage-stable/net-misc/openssh/files/openssh-6.7_p1-openssl-ignore-status.patch b/sdk_container/src/third_party/portage-stable/net-misc/openssh/files/openssh-6.7_p1-openssl-ignore-status.patch deleted file mode 100644 index fa33af39b6..0000000000 --- a/sdk_container/src/third_party/portage-stable/net-misc/openssh/files/openssh-6.7_p1-openssl-ignore-status.patch +++ /dev/null @@ -1,17 +0,0 @@ -the last nibble of the openssl version represents the status. that is, -whether it is a beta or release. when it comes to version checks in -openssh, this component does not matter, so ignore it. - -https://bugzilla.mindrot.org/show_bug.cgi?id=2212 - ---- a/openbsd-compat/openssl-compat.c -+++ b/openbsd-compat/openssl-compat.c -@@ -58,7 +58,7 @@ ssh_compatible_openssl(long headerver, long libver) - * For versions >= 1.0.0, major,minor,status must match and library - * fix version must be equal to or newer than the header. - */ -- mask = 0xfff0000fL; /* major,minor,status */ -+ mask = 0xfff00000L; /* major,minor,status */ - hfix = (headerver & 0x000ff000) >> 12; - lfix = (libver & 0x000ff000) >> 12; - if ( (headerver & mask) == (libver & mask) && lfix >= hfix) diff --git a/sdk_container/src/third_party/portage-stable/net-misc/openssh/files/openssh-6.7_p1-sctp-x509-glue.patch b/sdk_container/src/third_party/portage-stable/net-misc/openssh/files/openssh-6.7_p1-sctp-x509-glue.patch deleted file mode 100644 index bd0b7ce12b..0000000000 --- a/sdk_container/src/third_party/portage-stable/net-misc/openssh/files/openssh-6.7_p1-sctp-x509-glue.patch +++ /dev/null @@ -1,42 +0,0 @@ ---- openssh-6.7_p1-sctp.patch.orig 2014-11-24 10:34:31.817538707 -0800 -+++ openssh-6.7_p1-sctp.patch 2014-11-24 10:38:52.744990154 -0800 -@@ -195,14 +195,6 @@ - .Op Fl c Ar cipher - .Op Fl F Ar ssh_config - .Op Fl i Ar identity_file --@@ -178,6 +178,7 @@ For full details of the options listed b -- .It ServerAliveCountMax -- .It StrictHostKeyChecking -- .It TCPKeepAlive --+.It Transport -- .It UsePrivilegedPort -- .It User -- .It UserKnownHostsFile - @@ -218,6 +219,8 @@ and - to print debugging messages about their progress. - This is helpful in -@@ -482,14 +474,6 @@ - .Op Fl b Ar bind_address - .Op Fl c Ar cipher_spec - .Op Fl D Oo Ar bind_address : Oc Ns Ar port --@@ -473,6 +473,7 @@ For full details of the options listed b -- .It StreamLocalBindUnlink -- .It StrictHostKeyChecking -- .It TCPKeepAlive --+.It Transport -- .It Tunnel -- .It TunnelDevice -- .It UsePrivilegedPort - @@ -665,6 +666,8 @@ Trusted X11 forwardings are not subjecte - controls. - .It Fl y -@@ -527,7 +511,7 @@ -- again: -+ - - while ((opt = getopt(ac, av, "1246ab:c:e:fgi:kl:m:no:p:qstvx" - + while ((opt = getopt(ac, av, "1246ab:c:e:fgi:kl:m:no:p:qstvx" SCTP_OPT -- "ACD:E:F:I:KL:MNO:PQ:R:S:TVw:W:XYy")) != -1) { -+ "ACD:E:F:" ENGCONFIG "I:KL:MNO:PQ:R:S:TVw:W:XYy")) != -1) { - switch (opt) { - case '1': - @@ -732,6 +738,11 @@ main(int ac, char **av) diff --git a/sdk_container/src/third_party/portage-stable/net-misc/openssh/files/openssh-6.7_p1-sshd-gssapi-multihomed.patch b/sdk_container/src/third_party/portage-stable/net-misc/openssh/files/openssh-6.7_p1-sshd-gssapi-multihomed.patch deleted file mode 100644 index 96818e42ec..0000000000 --- a/sdk_container/src/third_party/portage-stable/net-misc/openssh/files/openssh-6.7_p1-sshd-gssapi-multihomed.patch +++ /dev/null @@ -1,162 +0,0 @@ -https://bugs.gentoo.org/378361 -https://bugzilla.mindrot.org/show_bug.cgi?id=928 - ---- a/gss-serv.c -+++ b/gss-serv.c -@@ -41,9 +41,12 @@ - #include "channels.h" - #include "session.h" - #include "misc.h" -+#include "servconf.h" - - #include "ssh-gss.h" - -+extern ServerOptions options; -+ - static ssh_gssapi_client gssapi_client = - { GSS_C_EMPTY_BUFFER, GSS_C_EMPTY_BUFFER, - GSS_C_NO_CREDENTIAL, NULL, {NULL, NULL, NULL}}; -@@ -77,25 +80,32 @@ ssh_gssapi_acquire_cred(Gssctxt *ctx) - char lname[NI_MAXHOST]; - gss_OID_set oidset; - -- gss_create_empty_oid_set(&status, &oidset); -- gss_add_oid_set_member(&status, ctx->oid, &oidset); -- -- if (gethostname(lname, sizeof(lname))) { -- gss_release_oid_set(&status, &oidset); -- return (-1); -- } -+ if (options.gss_strict_acceptor) { -+ gss_create_empty_oid_set(&status, &oidset); -+ gss_add_oid_set_member(&status, ctx->oid, &oidset); -+ -+ if (gethostname(lname, MAXHOSTNAMELEN)) { -+ gss_release_oid_set(&status, &oidset); -+ return (-1); -+ } -+ -+ if (GSS_ERROR(ssh_gssapi_import_name(ctx, lname))) { -+ gss_release_oid_set(&status, &oidset); -+ return (ctx->major); -+ } -+ -+ if ((ctx->major = gss_acquire_cred(&ctx->minor, -+ ctx->name, 0, oidset, GSS_C_ACCEPT, &ctx->creds, -+ NULL, NULL))) -+ ssh_gssapi_error(ctx); - -- if (GSS_ERROR(ssh_gssapi_import_name(ctx, lname))) { - gss_release_oid_set(&status, &oidset); - return (ctx->major); -+ } else { -+ ctx->name = GSS_C_NO_NAME; -+ ctx->creds = GSS_C_NO_CREDENTIAL; - } -- -- if ((ctx->major = gss_acquire_cred(&ctx->minor, -- ctx->name, 0, oidset, GSS_C_ACCEPT, &ctx->creds, NULL, NULL))) -- ssh_gssapi_error(ctx); -- -- gss_release_oid_set(&status, &oidset); -- return (ctx->major); -+ return GSS_S_COMPLETE; - } - - /* Privileged */ ---- a/servconf.c -+++ b/servconf.c -@@ -86,6 +86,7 @@ initialize_server_options(ServerOptions - options->kerberos_get_afs_token = -1; - options->gss_authentication=-1; - options->gss_cleanup_creds = -1; -+ options->gss_strict_acceptor = -1; - options->password_authentication = -1; - options->kbd_interactive_authentication = -1; - options->challenge_response_authentication = -1; -@@ -200,6 +201,8 @@ fill_default_server_options(ServerOption - options->gss_authentication = 0; - if (options->gss_cleanup_creds == -1) - options->gss_cleanup_creds = 1; -+ if (options->gss_strict_acceptor == -1) -+ options->gss_strict_acceptor = 0; - if (options->password_authentication == -1) - options->password_authentication = 1; - if (options->kbd_interactive_authentication == -1) -@@ -277,7 +280,8 @@ typedef enum { - sBanner, sUseDNS, sHostbasedAuthentication, - sHostbasedUsesNameFromPacketOnly, sClientAliveInterval, - sClientAliveCountMax, sAuthorizedKeysFile, -- sGssAuthentication, sGssCleanupCreds, sAcceptEnv, sPermitTunnel, -+ sGssAuthentication, sGssCleanupCreds, sGssStrictAcceptor, -+ sAcceptEnv, sPermitTunnel, - sMatch, sPermitOpen, sForceCommand, sChrootDirectory, - sUsePrivilegeSeparation, sAllowAgentForwarding, - sZeroKnowledgePasswordAuthentication, sHostCertificate, -@@ -327,9 +331,11 @@ static struct { - #ifdef GSSAPI - { "gssapiauthentication", sGssAuthentication, SSHCFG_ALL }, - { "gssapicleanupcredentials", sGssCleanupCreds, SSHCFG_GLOBAL }, -+ { "gssapistrictacceptorcheck", sGssStrictAcceptor, SSHCFG_GLOBAL }, - #else - { "gssapiauthentication", sUnsupported, SSHCFG_ALL }, - { "gssapicleanupcredentials", sUnsupported, SSHCFG_GLOBAL }, -+ { "gssapistrictacceptorcheck", sUnsupported, SSHCFG_GLOBAL }, - #endif - { "passwordauthentication", sPasswordAuthentication, SSHCFG_ALL }, - { "kbdinteractiveauthentication", sKbdInteractiveAuthentication, SSHCFG_ALL }, -@@ -850,6 +856,10 @@ process_server_config_line(ServerOptions - - case sGssCleanupCreds: - intptr = &options->gss_cleanup_creds; -+ goto parse_flag; -+ -+ case sGssStrictAcceptor: -+ intptr = &options->gss_strict_acceptor; - goto parse_flag; - - case sPasswordAuthentication: ---- a/servconf.h -+++ b/servconf.h -@@ -92,6 +92,7 @@ typedef struct { - * authenticated with Kerberos. */ - int gss_authentication; /* If true, permit GSSAPI authentication */ - int gss_cleanup_creds; /* If true, destroy cred cache on logout */ -+ int gss_strict_acceptor; /* If true, restrict the GSSAPI acceptor name */ - int password_authentication; /* If true, permit password - * authentication. */ - int kbd_interactive_authentication; /* If true, permit */ ---- a/sshd_config -+++ b/sshd_config -@@ -69,6 +69,7 @@ - # GSSAPI options - #GSSAPIAuthentication no - #GSSAPICleanupCredentials yes -+#GSSAPIStrictAcceptorCheck yes - - # Set this to 'yes' to enable PAM authentication, account processing, - # and session processing. If this is enabled, PAM authentication will ---- a/sshd_config.5 -+++ b/sshd_config.5 -@@ -386,6 +386,21 @@ on logout. - The default is - .Dq yes . - Note that this option applies to protocol version 2 only. -+.It Cm GSSAPIStrictAcceptorCheck -+Determines whether to be strict about the identity of the GSSAPI acceptor -+a client authenticates against. -+If set to -+.Dq yes -+then the client must authenticate against the -+.Pa host -+service on the current hostname. -+If set to -+.Dq no -+then the client may authenticate against any service key stored in the -+machine's default store. -+This facility is provided to assist with operation on multi homed machines. -+The default is -+.Dq yes . - .It Cm HostbasedAuthentication - Specifies whether rhosts or /etc/hosts.equiv authentication together - with successful public key client host authentication is allowed diff --git a/sdk_container/src/third_party/portage-stable/net-misc/openssh/files/openssh-6.7_p1-x509-glue.patch b/sdk_container/src/third_party/portage-stable/net-misc/openssh/files/openssh-6.7_p1-x509-glue.patch deleted file mode 100644 index 71b9c51731..0000000000 --- a/sdk_container/src/third_party/portage-stable/net-misc/openssh/files/openssh-6.7_p1-x509-glue.patch +++ /dev/null @@ -1,46 +0,0 @@ ---- openssh-6.7p1.orig/sshd_config.5 2014-11-24 10:24:29.356244415 -0800 -+++ openssh-6.7p1/sshd_config.5 2014-11-24 10:23:49.415029039 -0800 -@@ -610,21 +610,6 @@ - The default is - .Dq yes . - Note that this option applies to protocol version 2 only. --.It Cm GSSAPIStrictAcceptorCheck --Determines whether to be strict about the identity of the GSSAPI acceptor --a client authenticates against. --If set to --.Dq yes --then the client must authenticate against the --.Pa host --service on the current hostname. --If set to --.Dq no --then the client may authenticate against any service key stored in the --machine's default store. --This facility is provided to assist with operation on multi homed machines. --The default is --.Dq yes . - .It Cm HostbasedAuthentication - Specifies whether rhosts or /etc/hosts.equiv authentication together - with successful public key client host authentication is allowed -@@ -651,6 +636,21 @@ - attempting to resolve the name from the TCP connection itself. - The default is - .Dq no . -+.It Cm GSSAPIStrictAcceptorCheck -+Determines whether to be strict about the identity of the GSSAPI acceptor -+a client authenticates against. -+If set to -+.Dq yes -+then the client must authenticate against the -+.Pa host -+service on the current hostname. -+If set to -+.Dq no -+then the client may authenticate against any service key stored in the -+machine's default store. -+This facility is provided to assist with operation on multi homed machines. -+The default is -+.Dq yes . - .It Cm HostCertificate - Specifies a file containing a public host certificate. - The certificate's public key must match a private host key already specified diff --git a/sdk_container/src/third_party/portage-stable/net-misc/openssh/files/openssh-6.7_p1-xmalloc-include.patch b/sdk_container/src/third_party/portage-stable/net-misc/openssh/files/openssh-6.7_p1-xmalloc-include.patch deleted file mode 100644 index 170031daad..0000000000 --- a/sdk_container/src/third_party/portage-stable/net-misc/openssh/files/openssh-6.7_p1-xmalloc-include.patch +++ /dev/null @@ -1,11 +0,0 @@ -diff -ur openssh-6.7p1.orig/ssh-rsa.c openssh-6.7p1/ssh-rsa.c ---- openssh-6.7p1.orig/ssh-rsa.c 2015-02-24 14:52:54.512197868 -0800 -+++ openssh-6.7p1/ssh-rsa.c 2015-02-27 11:48:54.173951646 -0800 -@@ -34,6 +34,7 @@ - #include "sshkey.h" - #include "digest.h" - #include "evp-compat.h" -+#include "xmalloc.h" - - /*NOTE: Do not define USE_LEGACY_RSA_... if build - is with FIPS capable OpenSSL */ diff --git a/sdk_container/src/third_party/portage-stable/net-misc/openssh/files/openssh-6.8_p1-sctp-x509-glue.patch b/sdk_container/src/third_party/portage-stable/net-misc/openssh/files/openssh-6.8_p1-sctp-x509-glue.patch deleted file mode 100644 index 7b12e9a67c..0000000000 --- a/sdk_container/src/third_party/portage-stable/net-misc/openssh/files/openssh-6.8_p1-sctp-x509-glue.patch +++ /dev/null @@ -1,90 +0,0 @@ ---- openssh-6.8_p1-sctp.patch.orig 2015-03-18 17:52:40.563506822 -0700 -+++ openssh-6.8_p1-sctp.patch 2015-03-18 18:14:30.919753194 -0700 -@@ -184,34 +184,6 @@ - int port; /* Port to connect. */ - int address_family; - int connection_attempts; /* Max attempts (seconds) before ----- a/scp.1 --+++ b/scp.1 --@@ -19,7 +19,7 @@ -- .Sh SYNOPSIS -- .Nm scp -- .Bk -words ---.Op Fl 12346BCpqrv --+.Op Fl 12346BCpqrvz -- .Op Fl c Ar cipher -- .Op Fl F Ar ssh_config -- .Op Fl i Ar identity_file --@@ -178,6 +178,7 @@ For full details of the options listed b -- .It ServerAliveCountMax -- .It StrictHostKeyChecking -- .It TCPKeepAlive --+.It Transport -- .It UpdateHostKeys -- .It UsePrivilegedPort -- .It User --@@ -218,6 +219,8 @@ and -- to print debugging messages about their progress. -- This is helpful in -- debugging connection, authentication, and configuration problems. --+.It Fl z --+Use the SCTP protocol for connection instead of TCP which is the default. -- .El -- .Sh EXIT STATUS -- .Ex -std scp - --- a/scp.c - +++ b/scp.c - @@ -395,7 +395,11 @@ main(int argc, char **argv) -@@ -471,34 +443,6 @@ - int protocol; /* Supported protocol versions. */ - struct ForwardOptions fwd_opts; /* forwarding options */ - SyslogFacility log_facility; /* Facility for system logging. */ ----- a/ssh.1 --+++ b/ssh.1 --@@ -43,7 +43,7 @@ -- .Sh SYNOPSIS -- .Nm ssh -- .Bk -words ---.Op Fl 1246AaCfGgKkMNnqsTtVvXxYy --+.Op Fl 1246AaCfGgKkMNnqsTtVvXxYyz -- .Op Fl b Ar bind_address -- .Op Fl c Ar cipher_spec -- .Op Fl D Oo Ar bind_address : Oc Ns Ar port --@@ -473,6 +473,7 @@ For full details of the options listed b -- .It StreamLocalBindUnlink -- .It StrictHostKeyChecking -- .It TCPKeepAlive --+.It Transport -- .It Tunnel -- .It TunnelDevice -- .It UsePrivilegedPort --@@ -665,6 +666,8 @@ Trusted X11 forwardings are not subjecte -- controls. -- .It Fl y -- Send log information using the --+.It Fl z --+Use the SCTP protocol for connection instead of TCP which is the default. -- .Xr syslog 3 -- system module. -- By default this information is sent to stderr. - --- a/ssh.c - +++ b/ssh.c - @@ -194,12 +194,17 @@ extern int muxserver_sock; -@@ -520,13 +464,11 @@ - " [-D [bind_address:]port] [-E log_file] [-e escape_char]\n" - " [-F configfile] [-I pkcs11] [-i identity_file]\n" - " [-L [bind_address:]port:host:hostport] [-l login_name] [-m mac_spec]\n" --@@ -506,7 +512,7 @@ main(int ac, char **av) -- argv0 = av[0]; -+@@ -506,4 +512,4 @@ main(int ac, char **av) - -- again: --- while ((opt = getopt(ac, av, "1246ab:c:e:fgi:kl:m:no:p:qstvx" --+ while ((opt = getopt(ac, av, "1246ab:c:e:fgi:kl:m:no:p:qstvx" SCTP_OPT -- "ACD:E:F:GI:KL:MNO:PQ:R:S:TVw:W:XYy")) != -1) { -+- while ((opt = getopt(ac, av, "1246ab:c:de:fgi:kl:m:no:p:qstvx" -++ while ((opt = getopt(ac, av, "1246ab:c:de:fgi:kl:m:no:p:qstvx" SCTP_OPT -+ "ACD:E:F:" ENGCONFIG "I:KL:MNO:PQ:R:S:TVw:W:XYy")) != -1) { - switch (opt) { - case '1': - @@ -732,6 +738,11 @@ main(int ac, char **av) diff --git a/sdk_container/src/third_party/portage-stable/net-misc/openssh/files/openssh-6.8_p1-ssh-keygen-no-ssh1.patch b/sdk_container/src/third_party/portage-stable/net-misc/openssh/files/openssh-6.8_p1-ssh-keygen-no-ssh1.patch deleted file mode 100644 index e14a728f43..0000000000 --- a/sdk_container/src/third_party/portage-stable/net-misc/openssh/files/openssh-6.8_p1-ssh-keygen-no-ssh1.patch +++ /dev/null @@ -1,40 +0,0 @@ -https://bugs.gentoo.org/544078 -https://bugzilla.mindrot.org/show_bug.cgi?id=2369 - -From 117c961c8d1f0537973df5a6a937389b4b7b61b4 Mon Sep 17 00:00:00 2001 -From: "djm@openbsd.org" -Date: Mon, 23 Mar 2015 06:06:38 +0000 -Subject: [PATCH] upstream commit - -for ssh-keygen -A, don't try (and fail) to generate ssh - v.1 keys when compiled without SSH1 support RSA/DSA/ECDSA keys when compiled - without OpenSSL based on patch by Mike Frysinger; bz#2369 ---- - ssh-keygen.c | 8 ++++++-- - 1 file changed, 6 insertions(+), 2 deletions(-) - -diff --git a/ssh-keygen.c b/ssh-keygen.c -index a3c2362..96dd8b4 100644 ---- a/ssh-keygen.c -+++ b/ssh-keygen.c -@@ -948,12 +948,16 @@ do_gen_all_hostkeys(struct passwd *pw) - char *key_type_display; - char *path; - } key_types[] = { -+#ifdef WITH_OPENSSL -+#ifdef WITH_SSH1 - { "rsa1", "RSA1", _PATH_HOST_KEY_FILE }, -+#endif /* WITH_SSH1 */ - { "rsa", "RSA" ,_PATH_HOST_RSA_KEY_FILE }, - { "dsa", "DSA", _PATH_HOST_DSA_KEY_FILE }, - #ifdef OPENSSL_HAS_ECC - { "ecdsa", "ECDSA",_PATH_HOST_ECDSA_KEY_FILE }, --#endif -+#endif /* OPENSSL_HAS_ECC */ -+#endif /* WITH_OPENSSL */ - { "ed25519", "ED25519",_PATH_HOST_ED25519_KEY_FILE }, - { NULL, NULL, NULL } - }; --- -2.3.3 - diff --git a/sdk_container/src/third_party/portage-stable/net-misc/openssh/files/openssh-6.8_p1-sshd-gssapi-multihomed.patch b/sdk_container/src/third_party/portage-stable/net-misc/openssh/files/openssh-6.8_p1-sshd-gssapi-multihomed.patch deleted file mode 100644 index 48fce1e2c2..0000000000 --- a/sdk_container/src/third_party/portage-stable/net-misc/openssh/files/openssh-6.8_p1-sshd-gssapi-multihomed.patch +++ /dev/null @@ -1,162 +0,0 @@ -https://bugs.gentoo.org/378361 -https://bugzilla.mindrot.org/show_bug.cgi?id=928 - ---- a/gss-serv.c -+++ b/gss-serv.c -@@ -41,9 +41,12 @@ - #include "channels.h" - #include "session.h" - #include "misc.h" -+#include "servconf.h" - - #include "ssh-gss.h" - -+extern ServerOptions options; -+ - static ssh_gssapi_client gssapi_client = - { GSS_C_EMPTY_BUFFER, GSS_C_EMPTY_BUFFER, - GSS_C_NO_CREDENTIAL, NULL, {NULL, NULL, NULL, NULL}}; -@@ -77,25 +80,32 @@ ssh_gssapi_acquire_cred(Gssctxt *ctx) - char lname[NI_MAXHOST]; - gss_OID_set oidset; - -- gss_create_empty_oid_set(&status, &oidset); -- gss_add_oid_set_member(&status, ctx->oid, &oidset); -- -- if (gethostname(lname, sizeof(lname))) { -- gss_release_oid_set(&status, &oidset); -- return (-1); -- } -+ if (options.gss_strict_acceptor) { -+ gss_create_empty_oid_set(&status, &oidset); -+ gss_add_oid_set_member(&status, ctx->oid, &oidset); -+ -+ if (gethostname(lname, MAXHOSTNAMELEN)) { -+ gss_release_oid_set(&status, &oidset); -+ return (-1); -+ } -+ -+ if (GSS_ERROR(ssh_gssapi_import_name(ctx, lname))) { -+ gss_release_oid_set(&status, &oidset); -+ return (ctx->major); -+ } -+ -+ if ((ctx->major = gss_acquire_cred(&ctx->minor, -+ ctx->name, 0, oidset, GSS_C_ACCEPT, &ctx->creds, -+ NULL, NULL))) -+ ssh_gssapi_error(ctx); - -- if (GSS_ERROR(ssh_gssapi_import_name(ctx, lname))) { - gss_release_oid_set(&status, &oidset); - return (ctx->major); -+ } else { -+ ctx->name = GSS_C_NO_NAME; -+ ctx->creds = GSS_C_NO_CREDENTIAL; - } -- -- if ((ctx->major = gss_acquire_cred(&ctx->minor, -- ctx->name, 0, oidset, GSS_C_ACCEPT, &ctx->creds, NULL, NULL))) -- ssh_gssapi_error(ctx); -- -- gss_release_oid_set(&status, &oidset); -- return (ctx->major); -+ return GSS_S_COMPLETE; - } - - /* Privileged */ ---- a/servconf.c -+++ b/servconf.c -@@ -86,6 +86,7 @@ initialize_server_options(ServerOptions - options->kerberos_get_afs_token = -1; - options->gss_authentication=-1; - options->gss_cleanup_creds = -1; -+ options->gss_strict_acceptor = -1; - options->password_authentication = -1; - options->kbd_interactive_authentication = -1; - options->challenge_response_authentication = -1; -@@ -200,6 +201,8 @@ fill_default_server_options(ServerOption - options->gss_authentication = 0; - if (options->gss_cleanup_creds == -1) - options->gss_cleanup_creds = 1; -+ if (options->gss_strict_acceptor == -1) -+ options->gss_strict_acceptor = 0; - if (options->password_authentication == -1) - options->password_authentication = 1; - if (options->kbd_interactive_authentication == -1) -@@ -277,7 +280,8 @@ typedef enum { - sBanner, sUseDNS, sHostbasedAuthentication, - sHostbasedUsesNameFromPacketOnly, sHostbasedAcceptedKeyTypes, - sClientAliveInterval, sClientAliveCountMax, sAuthorizedKeysFile, -- sGssAuthentication, sGssCleanupCreds, sAcceptEnv, sPermitTunnel, -+ sGssAuthentication, sGssCleanupCreds, sGssStrictAcceptor, -+ sAcceptEnv, sPermitTunnel, - sMatch, sPermitOpen, sForceCommand, sChrootDirectory, - sUsePrivilegeSeparation, sAllowAgentForwarding, - sHostCertificate, -@@ -327,9 +331,11 @@ static struct { - #ifdef GSSAPI - { "gssapiauthentication", sGssAuthentication, SSHCFG_ALL }, - { "gssapicleanupcredentials", sGssCleanupCreds, SSHCFG_GLOBAL }, -+ { "gssapistrictacceptorcheck", sGssStrictAcceptor, SSHCFG_GLOBAL }, - #else - { "gssapiauthentication", sUnsupported, SSHCFG_ALL }, - { "gssapicleanupcredentials", sUnsupported, SSHCFG_GLOBAL }, -+ { "gssapistrictacceptorcheck", sUnsupported, SSHCFG_GLOBAL }, - #endif - { "passwordauthentication", sPasswordAuthentication, SSHCFG_ALL }, - { "kbdinteractiveauthentication", sKbdInteractiveAuthentication, SSHCFG_ALL }, -@@ -850,6 +856,10 @@ process_server_config_line(ServerOptions - - case sGssCleanupCreds: - intptr = &options->gss_cleanup_creds; -+ goto parse_flag; -+ -+ case sGssStrictAcceptor: -+ intptr = &options->gss_strict_acceptor; - goto parse_flag; - - case sPasswordAuthentication: ---- a/servconf.h -+++ b/servconf.h -@@ -92,6 +92,7 @@ typedef struct { - * authenticated with Kerberos. */ - int gss_authentication; /* If true, permit GSSAPI authentication */ - int gss_cleanup_creds; /* If true, destroy cred cache on logout */ -+ int gss_strict_acceptor; /* If true, restrict the GSSAPI acceptor name */ - int password_authentication; /* If true, permit password - * authentication. */ - int kbd_interactive_authentication; /* If true, permit */ ---- a/sshd_config -+++ b/sshd_config -@@ -69,6 +69,7 @@ - # GSSAPI options - #GSSAPIAuthentication no - #GSSAPICleanupCredentials yes -+#GSSAPIStrictAcceptorCheck yes - - # Set this to 'yes' to enable PAM authentication, account processing, - # and session processing. If this is enabled, PAM authentication will ---- a/sshd_config.5 -+++ b/sshd_config.5 -@@ -386,6 +386,21 @@ on logout. - The default is - .Dq yes . - Note that this option applies to protocol version 2 only. -+.It Cm GSSAPIStrictAcceptorCheck -+Determines whether to be strict about the identity of the GSSAPI acceptor -+a client authenticates against. -+If set to -+.Dq yes -+then the client must authenticate against the -+.Pa host -+service on the current hostname. -+If set to -+.Dq no -+then the client may authenticate against any service key stored in the -+machine's default store. -+This facility is provided to assist with operation on multi homed machines. -+The default is -+.Dq yes . - .It Cm HostbasedAcceptedKeyTypes - Specifies the key types that will be accepted for hostbased authentication - as a comma-separated pattern list. diff --git a/sdk_container/src/third_party/portage-stable/net-misc/openssh/files/openssh-6.8_p1-ssl-engine-configure.patch b/sdk_container/src/third_party/portage-stable/net-misc/openssh/files/openssh-6.8_p1-ssl-engine-configure.patch deleted file mode 100644 index a355e2c9ab..0000000000 --- a/sdk_container/src/third_party/portage-stable/net-misc/openssh/files/openssh-6.8_p1-ssl-engine-configure.patch +++ /dev/null @@ -1,33 +0,0 @@ -https://github.com/openssh/openssh-portable/pull/29 - -From 003ed46d1bd94bac29c53b26ae70f6321ea11c80 Mon Sep 17 00:00:00 2001 -From: Mike Frysinger -Date: Wed, 18 Mar 2015 12:37:24 -0400 -Subject: [PATCH] do not abort when --without-ssl-engine --without-openssl is - set - ---- - configure.ac | 6 +++--- - 1 file changed, 3 insertions(+), 3 deletions(-) - -diff --git a/configure.ac b/configure.ac -index b4d6598..7806d20 100644 ---- a/configure.ac -+++ b/configure.ac -@@ -2276,10 +2276,10 @@ openssl_engine=no - AC_ARG_WITH([ssl-engine], - [ --with-ssl-engine Enable OpenSSL (hardware) ENGINE support ], - [ -- if test "x$openssl" = "xno" ; then -- AC_MSG_ERROR([cannot use --with-ssl-engine when OpenSSL disabled]) -- fi - if test "x$withval" != "xno" ; then -+ if test "x$openssl" = "xno" ; then -+ AC_MSG_ERROR([cannot use --with-ssl-engine when OpenSSL disabled]) -+ fi - openssl_engine=yes - fi - ] --- -2.3.2 - diff --git a/sdk_container/src/third_party/portage-stable/net-misc/openssh/files/openssh-6.8_p1-teraterm-hpn-glue.patch b/sdk_container/src/third_party/portage-stable/net-misc/openssh/files/openssh-6.8_p1-teraterm-hpn-glue.patch deleted file mode 100644 index e72b1e6baf..0000000000 --- a/sdk_container/src/third_party/portage-stable/net-misc/openssh/files/openssh-6.8_p1-teraterm-hpn-glue.patch +++ /dev/null @@ -1,15 +0,0 @@ ---- a/0005-support-dynamically-sized-receive-buffers.patch -+++ b/0005-support-dynamically-sized-receive-buffers.patch -@@ -411,10 +411,10 @@ index af2f007..41b782b 100644 - --- a/compat.h - +++ b/compat.h - @@ -60,6 +60,7 @@ -- #define SSH_NEW_OPENSSH 0x04000000 - #define SSH_BUG_DYNAMIC_RPORT 0x08000000 - #define SSH_BUG_CURVE25519PAD 0x10000000 --+#define SSH_BUG_LARGEWINDOW 0x20000000 -+ #define SSH_BUG_HOSTKEYS 0x20000000 -++#define SSH_BUG_LARGEWINDOW 0x40000000 - - void enable_compat13(void); - void enable_compat20(void); diff --git a/sdk_container/src/third_party/portage-stable/net-misc/openssh/files/openssh-6.8_p1-teraterm.patch b/sdk_container/src/third_party/portage-stable/net-misc/openssh/files/openssh-6.8_p1-teraterm.patch deleted file mode 100644 index f99e92f29e..0000000000 --- a/sdk_container/src/third_party/portage-stable/net-misc/openssh/files/openssh-6.8_p1-teraterm.patch +++ /dev/null @@ -1,69 +0,0 @@ -https://bugs.gentoo.org/547944 - -From d8f391caef62378463a0e6b36f940170dadfe605 Mon Sep 17 00:00:00 2001 -From: "dtucker@openbsd.org" -Date: Fri, 10 Apr 2015 05:16:50 +0000 -Subject: [PATCH] upstream commit - -Don't send hostkey advertisments - (hostkeys-00@openssh.com) to current versions of Tera Term as they can't - handle them. Newer versions should be OK. Patch from Bryan Drewery and - IWAMOTO Kouichi, ok djm@ ---- - compat.c | 13 ++++++++++++- - compat.h | 3 ++- - sshd.c | 6 +++++- - 3 files changed, 19 insertions(+), 3 deletions(-) - -diff --git a/compat.c b/compat.c -index 2498168..0934de9 100644 ---- a/compat.c -+++ b/compat.c -@@ -167,6 +167,17 @@ compat_datafellows(const char *version) - SSH_BUG_SCANNER }, - { "Probe-*", - SSH_BUG_PROBE }, -+ { "TeraTerm SSH*," -+ "TTSSH/1.5.*," -+ "TTSSH/2.1*," -+ "TTSSH/2.2*," -+ "TTSSH/2.3*," -+ "TTSSH/2.4*," -+ "TTSSH/2.5*," -+ "TTSSH/2.6*," -+ "TTSSH/2.70*," -+ "TTSSH/2.71*," -+ "TTSSH/2.72*", SSH_BUG_HOSTKEYS }, - { NULL, 0 } - }; - -diff --git a/compat.h b/compat.h -index af2f007..83507f0 100644 ---- a/compat.h -+++ b/compat.h -@@ -60,6 +60,7 @@ - #define SSH_NEW_OPENSSH 0x04000000 - #define SSH_BUG_DYNAMIC_RPORT 0x08000000 - #define SSH_BUG_CURVE25519PAD 0x10000000 -+#define SSH_BUG_HOSTKEYS 0x20000000 - - void enable_compat13(void); - void enable_compat20(void); -diff --git a/sshd.c b/sshd.c -index 6aa17fa..60b0cd4 100644 ---- a/sshd.c -+++ b/sshd.c -@@ -928,6 +928,10 @@ notify_hostkeys(struct ssh *ssh) - int i, nkeys, r; - char *fp; - -+ /* Some clients cannot cope with the hostkeys message, skip those. */ -+ if (datafellows & SSH_BUG_HOSTKEYS) -+ return; -+ - if ((buf = sshbuf_new()) == NULL) - fatal("%s: sshbuf_new", __func__); - for (i = nkeys = 0; i < options.num_host_key_files; i++) { --- -2.3.6 - diff --git a/sdk_container/src/third_party/portage-stable/net-misc/openssh/files/openssh-6.9_p1-x509-warnings.patch b/sdk_container/src/third_party/portage-stable/net-misc/openssh/files/openssh-6.9_p1-x509-warnings.patch deleted file mode 100644 index 9ce2967af4..0000000000 --- a/sdk_container/src/third_party/portage-stable/net-misc/openssh/files/openssh-6.9_p1-x509-warnings.patch +++ /dev/null @@ -1,24 +0,0 @@ -diff -ur openssh-6.9p1.orig/sshconnect2.c openssh-6.9p1/sshconnect2.c ---- openssh-6.9p1.orig/sshconnect2.c 2015-07-01 14:56:26.766316866 -0700 -+++ openssh-6.9p1/sshconnect2.c 2015-07-01 14:59:22.828692366 -0700 -@@ -1404,7 +1404,7 @@ - static int - get_allowed_keytype(Key *k) { - char *pattern; -- char *alg; -+ const char *alg; - - if (k->type == KEY_RSA1 || k->type == KEY_UNSPEC) - return KEY_UNSPEC; -diff -ur openssh-6.9p1.orig/x509_nm_cmp.c openssh-6.9p1/x509_nm_cmp.c ---- openssh-6.9p1.orig/x509_nm_cmp.c 2015-07-01 14:56:26.129311890 -0700 -+++ openssh-6.9p1/x509_nm_cmp.c 2015-07-01 14:59:14.086624068 -0700 -@@ -133,7 +133,7 @@ - tag = M_ASN1_STRING_type(in); - if (tag != V_ASN1_UTF8STRING) { - /*OpenSSL method surprisingly require non-const(!?) ASN1_STRING!*/ -- return(ASN1_STRING_to_UTF8(out, in)); -+ return(ASN1_STRING_to_UTF8(out, (ASN1_STRING *) in)); - } - - l = M_ASN1_STRING_length(in); diff --git a/sdk_container/src/third_party/portage-stable/net-misc/openssh/files/openssh-7.0_p1-sctp-x509-glue.patch b/sdk_container/src/third_party/portage-stable/net-misc/openssh/files/openssh-7.0_p1-sctp-x509-glue.patch deleted file mode 100644 index d793f9084d..0000000000 --- a/sdk_container/src/third_party/portage-stable/net-misc/openssh/files/openssh-7.0_p1-sctp-x509-glue.patch +++ /dev/null @@ -1,74 +0,0 @@ ---- openssh-6.8_p1-sctp.patch.1 2015-08-12 16:01:13.854769013 -0700 -+++ openssh-6.8_p1-sctp.patch 2015-08-12 16:00:38.208488789 -0700 -@@ -195,14 +195,6 @@ - .Op Fl c Ar cipher - .Op Fl F Ar ssh_config - .Op Fl i Ar identity_file --@@ -178,6 +178,7 @@ For full details of the options listed b -- .It ServerAliveCountMax -- .It StrictHostKeyChecking -- .It TCPKeepAlive --+.It Transport -- .It UpdateHostKeys -- .It UsePrivilegedPort -- .It User - @@ -218,6 +219,8 @@ and - to print debugging messages about their progress. - This is helpful in -@@ -477,19 +469,11 @@ - .Sh SYNOPSIS - .Nm ssh - .Bk -words ---.Op Fl 1246AaCfGgKkMNnqsTtVvXxYy --+.Op Fl 1246AaCfGgKkMNnqsTtVvXxYyz -+-.Op Fl 1246AaCdfgKkMNnqsTtVvXxYy -++.Op Fl 1246AaCdfgKkMNnqsTtVvXxYyz - .Op Fl b Ar bind_address - .Op Fl c Ar cipher_spec - .Op Fl D Oo Ar bind_address : Oc Ns Ar port --@@ -473,6 +473,7 @@ For full details of the options listed b -- .It StreamLocalBindUnlink -- .It StrictHostKeyChecking -- .It TCPKeepAlive --+.It Transport -- .It Tunnel -- .It TunnelDevice -- .It UsePrivilegedPort - @@ -665,6 +666,8 @@ Trusted X11 forwardings are not subjecte - controls. - .It Fl y -@@ -501,7 +485,7 @@ - By default this information is sent to stderr. - --- a/ssh.c - +++ b/ssh.c --@@ -194,12 +194,17 @@ extern int muxserver_sock; -+@@ -194,11 +194,16 @@ extern int muxserver_sock; - extern u_int muxclient_command; - - /* Prints a help message to the user. This function never returns. */ -@@ -515,18 +499,17 @@ - usage(void) - { - fprintf(stderr, ---"usage: ssh [-1246AaCfGgKkMNnqsTtVvXxYy] [-b bind_address] [-c cipher_spec]\n" --+"usage: ssh [-1246AaCfGgKkMNnqsTtVvXxYy" SCTP_OPT "] [-b bind_address] [-c cipher_spec]\n" -+-"usage: ssh [-1246AaCdfgKkMNnqsTtVvXxYy] [-b bind_address] [-c cipher_spec]\n" -++"usage: ssh [-1246AaCdfgKkMNnqsTtVvXxYy" SCTP_OPT "] [-b bind_address] [-c cipher_spec]\n" - " [-D [bind_address:]port] [-E log_file] [-e escape_char]\n" - " [-F configfile] [-I pkcs11] [-i identity_file]\n" -- " [-L [bind_address:]port:host:hostport] [-l login_name] [-m mac_spec]\n" - @@ -506,7 +512,7 @@ main(int ac, char **av) -- argv0 = av[0]; -+ # define ENGCONFIG "" -+ #endif - -- again: --- while ((opt = getopt(ac, av, "1246ab:c:e:fgi:kl:m:no:p:qstvx" --+ while ((opt = getopt(ac, av, "1246ab:c:e:fgi:kl:m:no:p:qstvx" SCTP_OPT -- "ACD:E:F:GI:KL:MNO:PQ:R:S:TVw:W:XYy")) != -1) { -+- while ((opt = getopt(ac, av, "1246ab:c:de:fgi:kl:m:no:p:qstvx" -++ while ((opt = getopt(ac, av, "1246ab:c:de:fgi:kl:m:no:p:qstvx" SCTP_OPT -+ "ACD:E:F:" ENGCONFIG "I:KL:MNO:PQ:R:S:TVw:W:XYy")) != -1) { - switch (opt) { - case '1': - @@ -732,6 +738,11 @@ main(int ac, char **av) diff --git a/sdk_container/src/third_party/portage-stable/net-misc/openssh/files/openssh-7.1_p1-hpn-x509-glue.patch b/sdk_container/src/third_party/portage-stable/net-misc/openssh/files/openssh-7.1_p1-hpn-x509-glue.patch deleted file mode 100644 index 393ea998ca..0000000000 --- a/sdk_container/src/third_party/portage-stable/net-misc/openssh/files/openssh-7.1_p1-hpn-x509-glue.patch +++ /dev/null @@ -1,11 +0,0 @@ ---- openssh-7.0p1-hpnssh14v5/0002-add-support-for-the-NONE-cipher.patch.orig 2015-08-24 11:17:05.379280954 -0700 -+++ openssh-7.0p1-hpnssh14v5/0002-add-support-for-the-NONE-cipher.patch 2015-08-24 11:19:30.788424050 -0700 -@@ -80,7 +80,7 @@ - + else - + fatal("Pre-authentication none cipher requests are not allowed."); - + } -- debug("kex: %s %s %s %s", -+ debug("kex: %s cipher: %s MAC: %s compression: %s", - ctos ? "client->server" : "server->client", - newkeys->enc.name, - diff --git a/myproposal.h b/myproposal.h diff --git a/sdk_container/src/third_party/portage-stable/net-misc/openssh/files/sshd.confd b/sdk_container/src/third_party/portage-stable/net-misc/openssh/files/sshd.confd deleted file mode 100644 index 28952b4a28..0000000000 --- a/sdk_container/src/third_party/portage-stable/net-misc/openssh/files/sshd.confd +++ /dev/null @@ -1,21 +0,0 @@ -# /etc/conf.d/sshd: config file for /etc/init.d/sshd - -# Where is your sshd_config file stored? - -SSHD_CONFDIR="/etc/ssh" - - -# Any random options you want to pass to sshd. -# See the sshd(8) manpage for more info. - -SSHD_OPTS="" - - -# Pid file to use (needs to be absolute path). - -#SSHD_PIDFILE="/var/run/sshd.pid" - - -# Path to the sshd binary (needs to be absolute path). - -#SSHD_BINARY="/usr/sbin/sshd" diff --git a/sdk_container/src/third_party/portage-stable/net-misc/openssh/files/sshd.pam_include.2 b/sdk_container/src/third_party/portage-stable/net-misc/openssh/files/sshd.pam_include.2 deleted file mode 100644 index b801aaafa0..0000000000 --- a/sdk_container/src/third_party/portage-stable/net-misc/openssh/files/sshd.pam_include.2 +++ /dev/null @@ -1,4 +0,0 @@ -auth include system-remote-login -account include system-remote-login -password include system-remote-login -session include system-remote-login diff --git a/sdk_container/src/third_party/portage-stable/net-misc/openssh/files/sshd.rc6.4 b/sdk_container/src/third_party/portage-stable/net-misc/openssh/files/sshd.rc6.4 deleted file mode 100644 index 34e19706de..0000000000 --- a/sdk_container/src/third_party/portage-stable/net-misc/openssh/files/sshd.rc6.4 +++ /dev/null @@ -1,85 +0,0 @@ -#!/sbin/runscript -# Copyright 1999-2015 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 -# $Id$ - -extra_commands="checkconfig" -extra_started_commands="reload" - -: ${SSHD_CONFDIR:=/etc/ssh} -: ${SSHD_CONFIG:=${SSHD_CONFDIR}/sshd_config} -: ${SSHD_PIDFILE:=/var/run/${SVCNAME}.pid} -: ${SSHD_BINARY:=/usr/sbin/sshd} - -depend() { - use logger dns - if [ "${rc_need+set}" = "set" ] ; then - : # Do nothing, the user has explicitly set rc_need - else - local x warn_addr - for x in $(awk '/^ListenAddress/{ print $2 }' "$SSHD_CONFIG" 2>/dev/null) ; do - case "${x}" in - 0.0.0.0|0.0.0.0:*) ;; - ::|\[::\]*) ;; - *) warn_addr="${warn_addr} ${x}" ;; - esac - done - if [ -n "${warn_addr}" ] ; then - need net - ewarn "You are binding an interface in ListenAddress statement in your sshd_config!" - ewarn "You must add rc_need=\"net.FOO\" to your /etc/conf.d/sshd" - ewarn "where FOO is the interface(s) providing the following address(es):" - ewarn "${warn_addr}" - fi - fi -} - -checkconfig() { - if [ ! -d /var/empty ] ; then - mkdir -p /var/empty || return 1 - fi - - if [ ! -e "${SSHD_CONFIG}" ] ; then - eerror "You need an ${SSHD_CONFIG} file to run sshd" - eerror "There is a sample file in /usr/share/doc/openssh" - return 1 - fi - - ssh-keygen -A || return 1 - - [ "${SSHD_PIDFILE}" != "/var/run/sshd.pid" ] \ - && SSHD_OPTS="${SSHD_OPTS} -o PidFile=${SSHD_PIDFILE}" - [ "${SSHD_CONFIG}" != "/etc/ssh/sshd_config" ] \ - && SSHD_OPTS="${SSHD_OPTS} -f ${SSHD_CONFIG}" - - "${SSHD_BINARY}" -t ${SSHD_OPTS} || return 1 -} - -start() { - checkconfig || return 1 - - ebegin "Starting ${SVCNAME}" - start-stop-daemon --start --exec "${SSHD_BINARY}" \ - --pidfile "${SSHD_PIDFILE}" \ - -- ${SSHD_OPTS} - eend $? -} - -stop() { - if [ "${RC_CMD}" = "restart" ] ; then - checkconfig || return 1 - fi - - ebegin "Stopping ${SVCNAME}" - start-stop-daemon --stop --exec "${SSHD_BINARY}" \ - --pidfile "${SSHD_PIDFILE}" --quiet - eend $? -} - -reload() { - checkconfig || return 1 - ebegin "Reloading ${SVCNAME}" - start-stop-daemon --signal HUP \ - --exec "${SSHD_BINARY}" --pidfile "${SSHD_PIDFILE}" - eend $? -} diff --git a/sdk_container/src/third_party/portage-stable/net-misc/openssh/files/sshd.service b/sdk_container/src/third_party/portage-stable/net-misc/openssh/files/sshd.service deleted file mode 100644 index b5e96b3a25..0000000000 --- a/sdk_container/src/third_party/portage-stable/net-misc/openssh/files/sshd.service +++ /dev/null @@ -1,11 +0,0 @@ -[Unit] -Description=OpenSSH server daemon -After=syslog.target network.target auditd.service - -[Service] -ExecStartPre=/usr/bin/ssh-keygen -A -ExecStart=/usr/sbin/sshd -D -e -ExecReload=/bin/kill -HUP $MAINPID - -[Install] -WantedBy=multi-user.target diff --git a/sdk_container/src/third_party/portage-stable/net-misc/openssh/files/sshd.socket b/sdk_container/src/third_party/portage-stable/net-misc/openssh/files/sshd.socket deleted file mode 100644 index 94b9533180..0000000000 --- a/sdk_container/src/third_party/portage-stable/net-misc/openssh/files/sshd.socket +++ /dev/null @@ -1,10 +0,0 @@ -[Unit] -Description=OpenSSH Server Socket -Conflicts=sshd.service - -[Socket] -ListenStream=22 -Accept=yes - -[Install] -WantedBy=sockets.target diff --git a/sdk_container/src/third_party/portage-stable/net-misc/openssh/files/sshd_at.service b/sdk_container/src/third_party/portage-stable/net-misc/openssh/files/sshd_at.service deleted file mode 100644 index 2645ad047c..0000000000 --- a/sdk_container/src/third_party/portage-stable/net-misc/openssh/files/sshd_at.service +++ /dev/null @@ -1,8 +0,0 @@ -[Unit] -Description=OpenSSH per-connection server daemon -After=syslog.target auditd.service - -[Service] -ExecStart=-/usr/sbin/sshd -i -e -StandardInput=socket -StandardError=syslog diff --git a/sdk_container/src/third_party/portage-stable/net-misc/openssh/metadata.xml b/sdk_container/src/third_party/portage-stable/net-misc/openssh/metadata.xml deleted file mode 100644 index ec8bad168c..0000000000 --- a/sdk_container/src/third_party/portage-stable/net-misc/openssh/metadata.xml +++ /dev/null @@ -1,37 +0,0 @@ - - - - base-system - - robbat2@gentoo.org - LPK issues. Only assign if it's a direct LPK issue. Do not directly assign for anything else. - - -OpenSSH is a FREE version of the SSH protocol suite of network connectivity tools that -increasing numbers of people on the Internet are coming to rely on. Many users of telnet, -rlogin, ftp, and other such programs might not realize that their password is transmitted -across the Internet unencrypted, but it is. OpenSSH encrypts all traffic (including passwords) -to effectively eliminate eavesdropping, connection hijacking, and other network-level attacks. -Additionally, OpenSSH provides a myriad of secure tunneling capabilities, as well as a variety -of authentication methods. - -The OpenSSH suite includes the ssh program which replaces rlogin and telnet, scp which -replaces rcp, and sftp which replaces ftp. Also included is sshd which is the server side of -the package, and the other basic utilities like ssh-add, ssh-agent, ssh-keysign, ssh-keyscan, -ssh-keygen and sftp-server. OpenSSH supports SSH protocol versions 1.3, 1.5, and 2.0. - - - Disable EC/RC5 algorithms in OpenSSL for patent reasons. - Enable high performance ssh - Add support for storing SSH public keys in LDAP - Use LDNS for DNSSEC/SSHFP validation. - Support for Stream Control Transmission Protocol - Support the legacy/weak SSH1 protocol - Enable additional crypto algorithms via OpenSSL - Adds support for X.509 certificate authentication - - - cpe:/a:openssh:openssh - hpnssh - - diff --git a/sdk_container/src/third_party/portage-stable/net-misc/openssh/openssh-6.7_p1-r4.ebuild b/sdk_container/src/third_party/portage-stable/net-misc/openssh/openssh-6.7_p1-r4.ebuild deleted file mode 100644 index 3398875107..0000000000 --- a/sdk_container/src/third_party/portage-stable/net-misc/openssh/openssh-6.7_p1-r4.ebuild +++ /dev/null @@ -1,323 +0,0 @@ -# Copyright 1999-2015 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 -# $Id$ - -EAPI="4" -inherit eutils user flag-o-matic multilib autotools pam systemd versionator - -# Make it more portable between straight releases -# and _p? releases. -PARCH=${P/_} - -HPN_PATCH="${PN}-6.7p1-hpnssh14v5.tar.xz" -LDAP_PATCH="${PN}-lpk-6.7p1-0.3.14.patch.xz" -X509_VER="8.2" X509_PATCH="${PARCH}+x509-${X509_VER}.diff.gz" - -DESCRIPTION="Port of OpenBSD's free SSH release" -HOMEPAGE="http://www.openssh.org/" -SRC_URI="mirror://openbsd/OpenSSH/portable/${PARCH}.tar.gz - mirror://gentoo/${P}-sctp.patch.xz - ${HPN_PATCH:+hpn? ( - mirror://gentoo/${HPN_PATCH} - https://dev.gentoo.org/~vapier/dist/${HPN_PATCH} - mirror://sourceforge/hpnssh/${HPN_PATCH} - )} - ${LDAP_PATCH:+ldap? ( mirror://gentoo/${LDAP_PATCH} )} - ${X509_PATCH:+X509? ( http://roumenpetrov.info/openssh/x509-${X509_VER}/${X509_PATCH} )} - " - -LICENSE="BSD GPL-2" -SLOT="0" -KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~arm-linux ~x86-linux" -IUSE="bindist ${HPN_PATCH:++}hpn kerberos kernel_linux ldap ldns libedit pam +pie sctp selinux skey static X X509" -REQUIRED_USE="pie? ( !static )" - -LIB_DEPEND="sctp? ( net-misc/lksctp-tools[static-libs(+)] ) - selinux? ( >=sys-libs/libselinux-1.28[static-libs(+)] ) - skey? ( >=sys-auth/skey-1.1.5-r1[static-libs(+)] ) - libedit? ( dev-libs/libedit[static-libs(+)] ) - >=dev-libs/openssl-0.9.6d:0[bindist=] - dev-libs/openssl[static-libs(+)] - >=sys-libs/zlib-1.2.3[static-libs(+)]" -RDEPEND=" - !static? ( - ${LIB_DEPEND//\[static-libs(+)]} - ldns? ( - !bindist? ( net-libs/ldns[ecdsa,ssl] ) - bindist? ( net-libs/ldns[-ecdsa,ssl] ) - ) - ) - pam? ( virtual/pam ) - kerberos? ( virtual/krb5 ) - ldap? ( net-nds/openldap )" -DEPEND="${RDEPEND} - static? ( - ${LIB_DEPEND} - ldns? ( - !bindist? ( net-libs/ldns[ecdsa,ssl,static-libs(+)] ) - bindist? ( net-libs/ldns[-ecdsa,ssl,static-libs(+)] ) - ) - ) - virtual/pkgconfig - virtual/os-headers - sys-devel/autoconf" -RDEPEND="${RDEPEND} - pam? ( >=sys-auth/pambase-20081028 ) - userland_GNU? ( virtual/shadow ) - X? ( x11-apps/xauth )" - -S=${WORKDIR}/${PARCH} - -pkg_setup() { - # this sucks, but i'd rather have people unable to `emerge -u openssh` - # than not be able to log in to their server any more - maybe_fail() { [[ -z ${!2} ]] && echo "$1" ; } - local fail=" - $(use X509 && maybe_fail X509 X509_PATCH) - $(use ldap && maybe_fail ldap LDAP_PATCH) - $(use hpn && maybe_fail hpn HPN_PATCH) - " - fail=$(echo ${fail}) - if [[ -n ${fail} ]] ; then - eerror "Sorry, but this version does not yet support features" - eerror "that you requested: ${fail}" - eerror "Please mask ${PF} for now and check back later:" - eerror " # echo '=${CATEGORY}/${PF}' >> /etc/portage/package.mask" - die "booooo" - fi -} - -save_version() { - # version.h patch conflict avoidence - mv version.h version.h.$1 - cp -f version.h.pristine version.h -} - -src_prepare() { - sed -i \ - -e "/_PATH_XAUTH/s:/usr/X11R6/bin/xauth:${EPREFIX}/usr/bin/xauth:" \ - pathnames.h || die - # keep this as we need it to avoid the conflict between LPK and HPN changing - # this file. - cp version.h version.h.pristine - - # don't break .ssh/authorized_keys2 for fun - sed -i '/^AuthorizedKeysFile/s:^:#:' sshd_config || die - - epatch "${FILESDIR}"/${PN}-6.7_p1-sshd-gssapi-multihomed.patch #378361 - if use X509 ; then - pushd .. >/dev/null - epatch "${FILESDIR}"/${P}-x509-glue.patch - epatch "${FILESDIR}"/${P}-sctp-x509-glue.patch - popd >/dev/null - epatch "${WORKDIR}"/${X509_PATCH%.*} - epatch "${FILESDIR}"/${PN}-6.3_p1-x509-hpn14v2-glue.patch - epatch "${FILESDIR}"/${PN}-6.7_p1-xmalloc-include.patch - save_version X509 - fi - if ! use X509 ; then - if [[ -n ${LDAP_PATCH} ]] && use ldap ; then - epatch "${WORKDIR}"/${LDAP_PATCH%.*} - save_version LPK - fi - else - use ldap && ewarn "Sorry, X509 and LDAP conflict internally, disabling LDAP" - fi - epatch "${FILESDIR}"/${PN}-4.7_p1-GSSAPI-dns.patch #165444 integrated into gsskex - epatch "${FILESDIR}"/${PN}-6.7_p1-openssl-ignore-status.patch - epatch "${WORKDIR}"/${PN}-6.7_p1-sctp.patch - if [[ -n ${HPN_PATCH} ]] && use hpn; then - epatch "${WORKDIR}"/${HPN_PATCH%.*}/* - save_version HPN - fi - - tc-export PKG_CONFIG - local sed_args=( - -e "s:-lcrypto:$(${PKG_CONFIG} --libs openssl):" - # Disable PATH reset, trust what portage gives us #254615 - -e 's:^PATH=/:#PATH=/:' - # Disable fortify flags ... our gcc does this for us - -e 's:-D_FORTIFY_SOURCE=2::' - ) - # The -ftrapv flag ICEs on hppa #505182 - use hppa && sed_args+=( - -e '/CFLAGS/s:-ftrapv:-fdisable-this-test:' - -e '/OSSH_CHECK_CFLAG_LINK.*-ftrapv/d' - ) - sed -i "${sed_args[@]}" configure{.ac,} || die - - epatch_user #473004 - - # Now we can build a sane merged version.h - ( - sed '/^#define SSH_RELEASE/d' version.h.* | sort -u - macros=() - for p in HPN LPK X509 ; do [ -e version.h.${p} ] && macros+=( SSH_${p} ) ; done - printf '#define SSH_RELEASE SSH_VERSION SSH_PORTABLE %s\n' "${macros}" - ) > version.h - - eautoreconf -} - -static_use_with() { - local flag=$1 - if use static && use ${flag} ; then - ewarn "Disabling '${flag}' support because of USE='static'" - # rebuild args so that we invert the first one (USE flag) - # but otherwise leave everything else working so we can - # just leverage use_with - shift - [[ -z $1 ]] && flag="${flag} ${flag}" - set -- !${flag} "$@" - fi - use_with "$@" -} - -src_configure() { - local myconf=() - addwrite /dev/ptmx - - use static && append-ldflags -static - - # Special settings for Gentoo/FreeBSD 9.0 or later (see bug #391011) - if use elibc_FreeBSD && version_is_at_least 9.0 "$(uname -r|sed 's/\(.\..\).*/\1/')" ; then - myconf+=( --disable-utmp --disable-wtmp --disable-wtmpx ) - append-ldflags -lutil - fi - - econf \ - --with-ldflags="${LDFLAGS}" \ - --disable-strip \ - --with-pid-dir="${EPREFIX}"$(usex kernel_linux '' '/var')/run \ - --sysconfdir="${EPREFIX}"/etc/ssh \ - --libexecdir="${EPREFIX}"/usr/$(get_libdir)/misc \ - --datadir="${EPREFIX}"/usr/share/openssh \ - --with-privsep-path="${EPREFIX}"/var/empty \ - --with-privsep-user=sshd \ - --with-md5-passwords \ - --with-ssl-engine \ - $(static_use_with pam) \ - $(static_use_with kerberos kerberos5 "${EPREFIX}"/usr) \ - ${LDAP_PATCH:+$(use X509 || ( use ldap && use_with ldap ))} \ - $(use_with ldns) \ - $(use_with libedit) \ - $(use_with pie) \ - $(use_with sctp) \ - $(use_with selinux) \ - $(use_with skey) \ - "${myconf[@]}" -} - -src_install() { - emake install-nokeys DESTDIR="${D}" - fperms 600 /etc/ssh/sshd_config - dobin contrib/ssh-copy-id - newinitd "${FILESDIR}"/sshd.rc6.4 sshd - newconfd "${FILESDIR}"/sshd.confd sshd - keepdir /var/empty - - # not all openssl installs support ecc, or are functional #352645 - if ! grep -q '#define OPENSSL_HAS_ECC 1' config.h ; then - elog "dev-libs/openssl was built with 'bindist' - disabling ecdsa support" - sed -i 's:&& gen_key ecdsa::' "${ED}"/etc/init.d/sshd || die - fi - - newpamd "${FILESDIR}"/sshd.pam_include.2 sshd - if use pam ; then - sed -i \ - -e "/^#UsePAM /s:.*:UsePAM yes:" \ - -e "/^#PasswordAuthentication /s:.*:PasswordAuthentication no:" \ - -e "/^#PrintMotd /s:.*:PrintMotd no:" \ - -e "/^#PrintLastLog /s:.*:PrintLastLog no:" \ - "${ED}"/etc/ssh/sshd_config || die "sed of configuration file failed" - fi - - # Gentoo tweaks to default config files - cat <<-EOF >> "${ED}"/etc/ssh/sshd_config - - # Allow client to pass locale environment variables #367017 - AcceptEnv LANG LC_* - EOF - cat <<-EOF >> "${ED}"/etc/ssh/ssh_config - - # Send locale environment variables #367017 - SendEnv LANG LC_* - EOF - - # This instruction is from the HPN webpage, - # Used for the server logging functionality - if [[ -n ${HPN_PATCH} ]] && use hpn ; then - keepdir /var/empty/dev - fi - - if ! use X509 && [[ -n ${LDAP_PATCH} ]] && use ldap ; then - insinto /etc/openldap/schema/ - newins openssh-lpk_openldap.schema openssh-lpk.schema - fi - - doman contrib/ssh-copy-id.1 - dodoc ChangeLog CREDITS OVERVIEW README* TODO sshd_config - - diropts -m 0700 - dodir /etc/skel/.ssh - - systemd_dounit "${FILESDIR}"/sshd.{service,socket} - systemd_newunit "${FILESDIR}"/sshd_at.service 'sshd@.service' -} - -src_test() { - local t tests skipped failed passed shell - tests="interop-tests compat-tests" - skipped="" - shell=$(egetshell ${UID}) - if [[ ${shell} == */nologin ]] || [[ ${shell} == */false ]] ; then - elog "Running the full OpenSSH testsuite" - elog "requires a usable shell for the 'portage'" - elog "user, so we will run a subset only." - skipped="${skipped} tests" - else - tests="${tests} tests" - fi - # It will also attempt to write to the homedir .ssh - local sshhome=${T}/homedir - mkdir -p "${sshhome}"/.ssh - for t in ${tests} ; do - # Some tests read from stdin ... - HOMEDIR="${sshhome}" \ - emake -k -j1 ${t} > /etc/portage/package.mask" - die "booooo" - fi -} - -save_version() { - # version.h patch conflict avoidence - mv version.h version.h.$1 - cp -f version.h.pristine version.h -} - -src_prepare() { - sed -i \ - -e "/_PATH_XAUTH/s:/usr/X11R6/bin/xauth:${EPREFIX}/usr/bin/xauth:" \ - pathnames.h || die - # keep this as we need it to avoid the conflict between LPK and HPN changing - # this file. - cp version.h version.h.pristine - - # don't break .ssh/authorized_keys2 for fun - sed -i '/^AuthorizedKeysFile/s:^:#:' sshd_config || die - - epatch "${FILESDIR}"/${PN}-6.7_p1-sshd-gssapi-multihomed.patch #378361 - if use X509 ; then - pushd .. >/dev/null - epatch "${FILESDIR}"/${PN}-6.6.1_p1-x509-glue.patch - use hpn && epatch "${FILESDIR}"/${PN}-6.6.1_p1-x509-hpn14v5-glue.patch - popd >/dev/null - epatch "${WORKDIR}"/${X509_PATCH%.*} - epatch "${FILESDIR}"/${PN}-6.3_p1-x509-hpn14v2-glue.patch - save_version X509 - fi - if ! use X509 ; then - if [[ -n ${LDAP_PATCH} ]] && use ldap ; then - epatch "${WORKDIR}"/${LDAP_PATCH%.*} - save_version LPK - fi - else - use ldap && ewarn "Sorry, X509 and LDAP conflict internally, disabling LDAP" - fi - epatch "${FILESDIR}"/${PN}-4.7_p1-GSSAPI-dns.patch #165444 integrated into gsskex - epatch "${FILESDIR}"/${PN}-6.7_p1-openssl-ignore-status.patch - epatch "${WORKDIR}"/${PN}-6.7_p1-sctp.patch - if [[ -n ${HPN_PATCH} ]] && use hpn; then - epatch "${WORKDIR}"/${HPN_PATCH%.*}/* - save_version HPN - fi - - tc-export PKG_CONFIG - local sed_args=( - -e "s:-lcrypto:$(${PKG_CONFIG} --libs openssl):" - # Disable PATH reset, trust what portage gives us #254615 - -e 's:^PATH=/:#PATH=/:' - # Disable fortify flags ... our gcc does this for us - -e 's:-D_FORTIFY_SOURCE=2::' - ) - # The -ftrapv flag ICEs on hppa #505182 - use hppa && sed_args+=( - -e '/CFLAGS/s:-ftrapv:-fdisable-this-test:' - -e '/OSSH_CHECK_CFLAG_LINK.*-ftrapv/d' - ) - sed -i "${sed_args[@]}" configure{.ac,} || die - - epatch_user #473004 - - # Now we can build a sane merged version.h - ( - sed '/^#define SSH_RELEASE/d' version.h.* | sort -u - macros=() - for p in HPN LPK X509 ; do [ -e version.h.${p} ] && macros+=( SSH_${p} ) ; done - printf '#define SSH_RELEASE SSH_VERSION SSH_PORTABLE %s\n' "${macros}" - ) > version.h - - eautoreconf -} - -static_use_with() { - local flag=$1 - if use static && use ${flag} ; then - ewarn "Disabling '${flag}' support because of USE='static'" - # rebuild args so that we invert the first one (USE flag) - # but otherwise leave everything else working so we can - # just leverage use_with - shift - [[ -z $1 ]] && flag="${flag} ${flag}" - set -- !${flag} "$@" - fi - use_with "$@" -} - -src_configure() { - local myconf=() - addwrite /dev/ptmx - - use static && append-ldflags -static - - # Special settings for Gentoo/FreeBSD 9.0 or later (see bug #391011) - if use elibc_FreeBSD && version_is_at_least 9.0 "$(uname -r|sed 's/\(.\..\).*/\1/')" ; then - myconf+=( --disable-utmp --disable-wtmp --disable-wtmpx ) - append-ldflags -lutil - fi - - econf \ - --with-ldflags="${LDFLAGS}" \ - --disable-strip \ - --with-pid-dir="${EPREFIX}"/var/run \ - --sysconfdir="${EPREFIX}"/etc/ssh \ - --libexecdir="${EPREFIX}"/usr/$(get_libdir)/misc \ - --datadir="${EPREFIX}"/usr/share/openssh \ - --with-privsep-path="${EPREFIX}"/var/empty \ - --with-privsep-user=sshd \ - --with-md5-passwords \ - --with-ssl-engine \ - $(static_use_with pam) \ - $(static_use_with kerberos kerberos5 "${EPREFIX}"/usr) \ - ${LDAP_PATCH:+$(use X509 || ( use ldap && use_with ldap ))} \ - $(use_with ldns) \ - $(use_with libedit) \ - $(use_with pie) \ - $(use_with sctp) \ - $(use_with selinux) \ - $(use_with skey) \ - "${myconf[@]}" -} - -src_install() { - emake install-nokeys DESTDIR="${D}" - fperms 600 /etc/ssh/sshd_config - dobin contrib/ssh-copy-id - newinitd "${FILESDIR}"/sshd.rc6.4 sshd - newconfd "${FILESDIR}"/sshd.confd sshd - keepdir /var/empty - - # not all openssl installs support ecc, or are functional #352645 - if ! grep -q '#define OPENSSL_HAS_ECC 1' config.h ; then - elog "dev-libs/openssl was built with 'bindist' - disabling ecdsa support" - sed -i 's:&& gen_key ecdsa::' "${ED}"/etc/init.d/sshd || die - fi - - newpamd "${FILESDIR}"/sshd.pam_include.2 sshd - if use pam ; then - sed -i \ - -e "/^#UsePAM /s:.*:UsePAM yes:" \ - -e "/^#PasswordAuthentication /s:.*:PasswordAuthentication no:" \ - -e "/^#PrintMotd /s:.*:PrintMotd no:" \ - -e "/^#PrintLastLog /s:.*:PrintLastLog no:" \ - "${ED}"/etc/ssh/sshd_config || die "sed of configuration file failed" - fi - - # Gentoo tweaks to default config files - cat <<-EOF >> "${ED}"/etc/ssh/sshd_config - - # Allow client to pass locale environment variables #367017 - AcceptEnv LANG LC_* - EOF - cat <<-EOF >> "${ED}"/etc/ssh/ssh_config - - # Send locale environment variables #367017 - SendEnv LANG LC_* - EOF - - # This instruction is from the HPN webpage, - # Used for the server logging functionality - if [[ -n ${HPN_PATCH} ]] && use hpn ; then - keepdir /var/empty/dev - fi - - if ! use X509 && [[ -n ${LDAP_PATCH} ]] && use ldap ; then - insinto /etc/openldap/schema/ - newins openssh-lpk_openldap.schema openssh-lpk.schema - fi - - doman contrib/ssh-copy-id.1 - dodoc ChangeLog CREDITS OVERVIEW README* TODO sshd_config - - diropts -m 0700 - dodir /etc/skel/.ssh - - systemd_dounit "${FILESDIR}"/sshd.{service,socket} - systemd_newunit "${FILESDIR}"/sshd_at.service 'sshd@.service' -} - -src_test() { - local t tests skipped failed passed shell - tests="interop-tests compat-tests" - skipped="" - shell=$(egetshell ${UID}) - if [[ ${shell} == */nologin ]] || [[ ${shell} == */false ]] ; then - elog "Running the full OpenSSH testsuite" - elog "requires a usable shell for the 'portage'" - elog "user, so we will run a subset only." - skipped="${skipped} tests" - else - tests="${tests} tests" - fi - # It will also attempt to write to the homedir .ssh - local sshhome=${T}/homedir - mkdir -p "${sshhome}"/.ssh - for t in ${tests} ; do - # Some tests read from stdin ... - HOMEDIR="${sshhome}" \ - emake -k -j1 ${t} > /etc/portage/package.mask" - die "booooo" - fi - - # Make sure people who are using tcp wrappers are notified of its removal. #531156 - if grep -qs '^ *sshd *:' "${EROOT}"/etc/hosts.{allow,deny} ; then - eerror "Sorry, but openssh no longer supports tcp-wrappers, and it seems like" - eerror "you're trying to use it. Update your ${EROOT}etc/hosts.{allow,deny} please." - die "USE=tcpd no longer works" - fi -} - -save_version() { - # version.h patch conflict avoidence - mv version.h version.h.$1 - cp -f version.h.pristine version.h -} - -src_prepare() { - sed -i \ - -e "/_PATH_XAUTH/s:/usr/X11R6/bin/xauth:${EPREFIX}/usr/bin/xauth:" \ - pathnames.h || die - # keep this as we need it to avoid the conflict between LPK and HPN changing - # this file. - cp version.h version.h.pristine - - # don't break .ssh/authorized_keys2 for fun - sed -i '/^AuthorizedKeysFile/s:^:#:' sshd_config || die - - epatch "${FILESDIR}"/${PN}-6.8_p1-sshd-gssapi-multihomed.patch #378361 - if use X509 ; then - pushd .. >/dev/null - epatch "${WORKDIR}"/${P}-x509-${X509_VER}-glue.patch - epatch "${FILESDIR}"/${P}-sctp-x509-glue.patch - popd >/dev/null - epatch "${WORKDIR}"/${X509_PATCH%.*} - epatch "${FILESDIR}"/${PN}-6.3_p1-x509-hpn14v2-glue.patch - save_version X509 - fi - if use ldap ; then - epatch "${WORKDIR}"/${LDAP_PATCH%.*} - save_version LPK - fi - epatch "${FILESDIR}"/${PN}-4.7_p1-GSSAPI-dns.patch #165444 integrated into gsskex - epatch "${FILESDIR}"/${PN}-6.7_p1-openssl-ignore-status.patch - epatch "${FILESDIR}"/${PN}-6.8_p1-ssh-keygen-no-ssh1.patch #544078 - epatch "${FILESDIR}"/${PN}-6.8_p1-teraterm.patch #547944 - # The X509 patchset fixes this independently. - use X509 || epatch "${FILESDIR}"/${PN}-6.8_p1-ssl-engine-configure.patch - epatch "${WORKDIR}"/${P}-sctp.patch - if use hpn ; then - # The teraterm patch pulled in an upstream update. - pushd "${WORKDIR}"/${HPN_PATCH%.*.*} >/dev/null - epatch "${FILESDIR}"/${PN}-6.8_p1-teraterm-hpn-glue.patch - popd >/dev/null - EPATCH_FORCE="yes" EPATCH_SUFFIX="patch" \ - EPATCH_MULTI_MSG="Applying HPN patchset ..." \ - epatch "${WORKDIR}"/${HPN_PATCH%.*.*} - save_version HPN - fi - - tc-export PKG_CONFIG - local sed_args=( - -e "s:-lcrypto:$(${PKG_CONFIG} --libs openssl):" - # Disable PATH reset, trust what portage gives us #254615 - -e 's:^PATH=/:#PATH=/:' - # Disable fortify flags ... our gcc does this for us - -e 's:-D_FORTIFY_SOURCE=2::' - ) - # The -ftrapv flag ICEs on hppa #505182 - use hppa && sed_args+=( - -e '/CFLAGS/s:-ftrapv:-fdisable-this-test:' - -e '/OSSH_CHECK_CFLAG_LINK.*-ftrapv/d' - ) - sed -i "${sed_args[@]}" configure{.ac,} || die - - epatch_user #473004 - - # Now we can build a sane merged version.h - ( - sed '/^#define SSH_RELEASE/d' version.h.* | sort -u - macros=() - for p in HPN LPK X509 ; do [ -e version.h.${p} ] && macros+=( SSH_${p} ) ; done - printf '#define SSH_RELEASE SSH_VERSION SSH_PORTABLE %s\n' "${macros}" - ) > version.h - - eautoreconf -} - -src_configure() { - addwrite /dev/ptmx - - use debug && append-cppflags -DSANDBOX_SECCOMP_FILTER_DEBUG - use static && append-ldflags -static - - local myconf=( - --with-ldflags="${LDFLAGS}" - --disable-strip - --with-pid-dir="${EPREFIX}"$(usex kernel_linux '' '/var')/run - --sysconfdir="${EPREFIX}"/etc/ssh - --libexecdir="${EPREFIX}"/usr/$(get_libdir)/misc - --datadir="${EPREFIX}"/usr/share/openssh - --with-privsep-path="${EPREFIX}"/var/empty - --with-privsep-user=sshd - $(use_with kerberos kerberos5 "${EPREFIX}"/usr) - # We apply the ldap patch conditionally, so can't pass --without-ldap - # unconditionally else we get unknown flag warnings. - $(use ldap && use_with ldap) - $(use_with ldns) - $(use_with libedit) - $(use_with pam) - $(use_with pie) - $(use_with sctp) - $(use_with selinux) - $(use_with skey) - $(use_with ssh1) - # The X509 patch deletes this option entirely. - $(use X509 || use_with ssl openssl) - $(use_with ssl md5-passwords) - $(use_with ssl ssl-engine) - ) - - # Special settings for Gentoo/FreeBSD 9.0 or later (see bug #391011) - if use elibc_FreeBSD && version_is_at_least 9.0 "$(uname -r|sed 's/\(.\..\).*/\1/')" ; then - myconf+=( --disable-utmp --disable-wtmp --disable-wtmpx ) - append-ldflags -lutil - fi - - econf "${myconf[@]}" -} - -src_install() { - emake install-nokeys DESTDIR="${D}" - fperms 600 /etc/ssh/sshd_config - dobin contrib/ssh-copy-id - newinitd "${FILESDIR}"/sshd.rc6.4 sshd - newconfd "${FILESDIR}"/sshd.confd sshd - keepdir /var/empty - - newpamd "${FILESDIR}"/sshd.pam_include.2 sshd - if use pam ; then - sed -i \ - -e "/^#UsePAM /s:.*:UsePAM yes:" \ - -e "/^#PasswordAuthentication /s:.*:PasswordAuthentication no:" \ - -e "/^#PrintMotd /s:.*:PrintMotd no:" \ - -e "/^#PrintLastLog /s:.*:PrintLastLog no:" \ - "${ED}"/etc/ssh/sshd_config || die - fi - - # Gentoo tweaks to default config files - cat <<-EOF >> "${ED}"/etc/ssh/sshd_config - - # Allow client to pass locale environment variables #367017 - AcceptEnv LANG LC_* - EOF - cat <<-EOF >> "${ED}"/etc/ssh/ssh_config - - # Send locale environment variables #367017 - SendEnv LANG LC_* - EOF - - # This instruction is from the HPN webpage, - # Used for the server logging functionality - if [[ -n ${HPN_PATCH} ]] && use hpn ; then - keepdir /var/empty/dev - fi - - if ! use X509 && [[ -n ${LDAP_PATCH} ]] && use ldap ; then - insinto /etc/openldap/schema/ - newins openssh-lpk_openldap.schema openssh-lpk.schema - fi - - doman contrib/ssh-copy-id.1 - dodoc ChangeLog CREDITS OVERVIEW README* TODO sshd_config - - diropts -m 0700 - dodir /etc/skel/.ssh - - systemd_dounit "${FILESDIR}"/sshd.{service,socket} - systemd_newunit "${FILESDIR}"/sshd_at.service 'sshd@.service' -} - -src_test() { - local t tests skipped failed passed shell - tests="interop-tests compat-tests" - skipped="" - shell=$(egetshell ${UID}) - if [[ ${shell} == */nologin ]] || [[ ${shell} == */false ]] ; then - elog "Running the full OpenSSH testsuite" - elog "requires a usable shell for the 'portage'" - elog "user, so we will run a subset only." - skipped="${skipped} tests" - else - tests="${tests} tests" - fi - # It will also attempt to write to the homedir .ssh - local sshhome=${T}/homedir - mkdir -p "${sshhome}"/.ssh - for t in ${tests} ; do - # Some tests read from stdin ... - HOMEDIR="${sshhome}" \ - emake -k -j1 ${t} > /etc/portage/package.mask" - die "booooo" - fi - - # Make sure people who are using tcp wrappers are notified of its removal. #531156 - if grep -qs '^ *sshd *:' "${EROOT}"/etc/hosts.{allow,deny} ; then - eerror "Sorry, but openssh no longer supports tcp-wrappers, and it seems like" - eerror "you're trying to use it. Update your ${EROOT}etc/hosts.{allow,deny} please." - die "USE=tcpd no longer works" - fi -} - -save_version() { - # version.h patch conflict avoidence - mv version.h version.h.$1 - cp -f version.h.pristine version.h -} - -src_prepare() { - sed -i \ - -e "/_PATH_XAUTH/s:/usr/X11R6/bin/xauth:${EPREFIX}/usr/bin/xauth:" \ - pathnames.h || die - # keep this as we need it to avoid the conflict between LPK and HPN changing - # this file. - cp version.h version.h.pristine - - # don't break .ssh/authorized_keys2 for fun - sed -i '/^AuthorizedKeysFile/s:^:#:' sshd_config || die - - if use X509 ; then - pushd .. >/dev/null - #epatch "${WORKDIR}"/${PN}-6.8_p1-x509-${X509_VER}-glue.patch - epatch "${FILESDIR}"/${PN}-6.8_p1-sctp-x509-glue.patch - popd >/dev/null - epatch "${WORKDIR}"/${X509_PATCH%.*} - epatch "${FILESDIR}"/${PN}-6.3_p1-x509-hpn14v2-glue.patch - epatch "${FILESDIR}"/${PN}-6.9_p1-x509-warnings.patch - save_version X509 - fi - if use ldap ; then - epatch "${WORKDIR}"/${LDAP_PATCH%.*} - save_version LPK - fi - epatch "${FILESDIR}"/${PN}-4.7_p1-GSSAPI-dns.patch #165444 integrated into gsskex - epatch "${FILESDIR}"/${PN}-6.7_p1-openssl-ignore-status.patch - # The X509 patchset fixes this independently. - use X509 || epatch "${FILESDIR}"/${PN}-6.8_p1-ssl-engine-configure.patch - epatch "${WORKDIR}"/${PN}-6.8_p1-sctp.patch - if use hpn ; then - EPATCH_FORCE="yes" EPATCH_SUFFIX="patch" \ - EPATCH_MULTI_MSG="Applying HPN patchset ..." \ - epatch "${WORKDIR}"/${HPN_PATCH%.*.*} - save_version HPN - fi - - tc-export PKG_CONFIG - local sed_args=( - -e "s:-lcrypto:$(${PKG_CONFIG} --libs openssl):" - # Disable PATH reset, trust what portage gives us #254615 - -e 's:^PATH=/:#PATH=/:' - # Disable fortify flags ... our gcc does this for us - -e 's:-D_FORTIFY_SOURCE=2::' - ) - # The -ftrapv flag ICEs on hppa #505182 - use hppa && sed_args+=( - -e '/CFLAGS/s:-ftrapv:-fdisable-this-test:' - -e '/OSSH_CHECK_CFLAG_LINK.*-ftrapv/d' - ) - sed -i "${sed_args[@]}" configure{.ac,} || die - - epatch_user #473004 - - # Now we can build a sane merged version.h - ( - sed '/^#define SSH_RELEASE/d' version.h.* | sort -u - macros=() - for p in HPN LPK X509 ; do [ -e version.h.${p} ] && macros+=( SSH_${p} ) ; done - printf '#define SSH_RELEASE SSH_VERSION SSH_PORTABLE %s\n' "${macros}" - ) > version.h - - eautoreconf -} - -src_configure() { - addwrite /dev/ptmx - - use debug && append-cppflags -DSANDBOX_SECCOMP_FILTER_DEBUG - use static && append-ldflags -static - - local myconf=( - --with-ldflags="${LDFLAGS}" - --disable-strip - --with-pid-dir="${EPREFIX}"$(usex kernel_linux '' '/var')/run - --sysconfdir="${EPREFIX}"/etc/ssh - --libexecdir="${EPREFIX}"/usr/$(get_libdir)/misc - --datadir="${EPREFIX}"/usr/share/openssh - --with-privsep-path="${EPREFIX}"/var/empty - --with-privsep-user=sshd - $(use_with kerberos kerberos5 "${EPREFIX}"/usr) - # We apply the ldap patch conditionally, so can't pass --without-ldap - # unconditionally else we get unknown flag warnings. - $(use ldap && use_with ldap) - $(use_with ldns) - $(use_with libedit) - $(use_with pam) - $(use_with pie) - $(use_with sctp) - $(use_with selinux) - $(use_with skey) - $(use_with ssh1) - # The X509 patch deletes this option entirely. - $(use X509 || use_with ssl openssl) - $(use_with ssl md5-passwords) - $(use_with ssl ssl-engine) - ) - - # Special settings for Gentoo/FreeBSD 9.0 or later (see bug #391011) - if use elibc_FreeBSD && version_is_at_least 9.0 "$(uname -r|sed 's/\(.\..\).*/\1/')" ; then - myconf+=( --disable-utmp --disable-wtmp --disable-wtmpx ) - append-ldflags -lutil - fi - - econf "${myconf[@]}" -} - -src_install() { - emake install-nokeys DESTDIR="${D}" - fperms 600 /etc/ssh/sshd_config - dobin contrib/ssh-copy-id - newinitd "${FILESDIR}"/sshd.rc6.4 sshd - newconfd "${FILESDIR}"/sshd.confd sshd - keepdir /var/empty - - newpamd "${FILESDIR}"/sshd.pam_include.2 sshd - if use pam ; then - sed -i \ - -e "/^#UsePAM /s:.*:UsePAM yes:" \ - -e "/^#PasswordAuthentication /s:.*:PasswordAuthentication no:" \ - -e "/^#PrintMotd /s:.*:PrintMotd no:" \ - -e "/^#PrintLastLog /s:.*:PrintLastLog no:" \ - "${ED}"/etc/ssh/sshd_config || die - fi - - # Gentoo tweaks to default config files - cat <<-EOF >> "${ED}"/etc/ssh/sshd_config - - # Allow client to pass locale environment variables #367017 - AcceptEnv LANG LC_* - EOF - cat <<-EOF >> "${ED}"/etc/ssh/ssh_config - - # Send locale environment variables #367017 - SendEnv LANG LC_* - EOF - - # This instruction is from the HPN webpage, - # Used for the server logging functionality - if [[ -n ${HPN_PATCH} ]] && use hpn ; then - keepdir /var/empty/dev - fi - - if ! use X509 && [[ -n ${LDAP_PATCH} ]] && use ldap ; then - insinto /etc/openldap/schema/ - newins openssh-lpk_openldap.schema openssh-lpk.schema - fi - - doman contrib/ssh-copy-id.1 - dodoc ChangeLog CREDITS OVERVIEW README* TODO sshd_config - - diropts -m 0700 - dodir /etc/skel/.ssh - - systemd_dounit "${FILESDIR}"/sshd.{service,socket} - systemd_newunit "${FILESDIR}"/sshd_at.service 'sshd@.service' -} - -src_test() { - local t tests skipped failed passed shell - tests="interop-tests compat-tests" - skipped="" - shell=$(egetshell ${UID}) - if [[ ${shell} == */nologin ]] || [[ ${shell} == */false ]] ; then - elog "Running the full OpenSSH testsuite" - elog "requires a usable shell for the 'portage'" - elog "user, so we will run a subset only." - skipped="${skipped} tests" - else - tests="${tests} tests" - fi - # It will also attempt to write to the homedir .ssh - local sshhome=${T}/homedir - mkdir -p "${sshhome}"/.ssh - for t in ${tests} ; do - # Some tests read from stdin ... - HOMEDIR="${sshhome}" \ - emake -k -j1 ${t} > /etc/portage/package.mask" - die "booooo" - fi - - # Make sure people who are using tcp wrappers are notified of its removal. #531156 - if grep -qs '^ *sshd *:' "${EROOT}"/etc/hosts.{allow,deny} ; then - ewarn "Sorry, but openssh no longer supports tcp-wrappers, and it seems like" - ewarn "you're trying to use it. Update your ${EROOT}etc/hosts.{allow,deny} please." - fi -} - -save_version() { - # version.h patch conflict avoidence - mv version.h version.h.$1 - cp -f version.h.pristine version.h -} - -src_prepare() { - sed -i \ - -e "/_PATH_XAUTH/s:/usr/X11R6/bin/xauth:${EPREFIX}/usr/bin/xauth:" \ - pathnames.h || die - # keep this as we need it to avoid the conflict between LPK and HPN changing - # this file. - cp version.h version.h.pristine - - # don't break .ssh/authorized_keys2 for fun - sed -i '/^AuthorizedKeysFile/s:^:#:' sshd_config || die - - if use X509 ; then - pushd .. >/dev/null - #epatch "${WORKDIR}"/${PN}-6.8_p1-x509-${X509_VER}-glue.patch - epatch "${FILESDIR}"/${PN}-6.8_p1-sctp-x509-glue.patch - popd >/dev/null - epatch "${WORKDIR}"/${X509_PATCH%.*} - epatch "${FILESDIR}"/${PN}-6.3_p1-x509-hpn14v2-glue.patch - epatch "${FILESDIR}"/${PN}-6.9_p1-x509-warnings.patch - save_version X509 - fi - if use ldap ; then - epatch "${WORKDIR}"/${LDAP_PATCH%.*} - save_version LPK - fi - epatch "${FILESDIR}"/${PN}-4.7_p1-GSSAPI-dns.patch #165444 integrated into gsskex - epatch "${FILESDIR}"/${PN}-6.7_p1-openssl-ignore-status.patch - # The X509 patchset fixes this independently. - use X509 || epatch "${FILESDIR}"/${PN}-6.8_p1-ssl-engine-configure.patch - epatch "${WORKDIR}"/${PN}-6.8_p1-sctp.patch - if use hpn ; then - EPATCH_FORCE="yes" EPATCH_SUFFIX="patch" \ - EPATCH_MULTI_MSG="Applying HPN patchset ..." \ - epatch "${WORKDIR}"/${HPN_PATCH%.*.*} - save_version HPN - fi - - tc-export PKG_CONFIG - local sed_args=( - -e "s:-lcrypto:$(${PKG_CONFIG} --libs openssl):" - # Disable PATH reset, trust what portage gives us #254615 - -e 's:^PATH=/:#PATH=/:' - # Disable fortify flags ... our gcc does this for us - -e 's:-D_FORTIFY_SOURCE=2::' - ) - # The -ftrapv flag ICEs on hppa #505182 - use hppa && sed_args+=( - -e '/CFLAGS/s:-ftrapv:-fdisable-this-test:' - -e '/OSSH_CHECK_CFLAG_LINK.*-ftrapv/d' - ) - sed -i "${sed_args[@]}" configure{.ac,} || die - - epatch_user #473004 - - # Now we can build a sane merged version.h - ( - sed '/^#define SSH_RELEASE/d' version.h.* | sort -u - macros=() - for p in HPN LPK X509 ; do [ -e version.h.${p} ] && macros+=( SSH_${p} ) ; done - printf '#define SSH_RELEASE SSH_VERSION SSH_PORTABLE %s\n' "${macros}" - ) > version.h - - eautoreconf -} - -src_configure() { - addwrite /dev/ptmx - - use debug && append-cppflags -DSANDBOX_SECCOMP_FILTER_DEBUG - use static && append-ldflags -static - - local myconf=( - --with-ldflags="${LDFLAGS}" - --disable-strip - --with-pid-dir="${EPREFIX}"$(usex kernel_linux '' '/var')/run - --sysconfdir="${EPREFIX}"/etc/ssh - --libexecdir="${EPREFIX}"/usr/$(get_libdir)/misc - --datadir="${EPREFIX}"/usr/share/openssh - --with-privsep-path="${EPREFIX}"/var/empty - --with-privsep-user=sshd - $(use_with kerberos kerberos5 "${EPREFIX}"/usr) - # We apply the ldap patch conditionally, so can't pass --without-ldap - # unconditionally else we get unknown flag warnings. - $(use ldap && use_with ldap) - $(use_with ldns) - $(use_with libedit) - $(use_with pam) - $(use_with pie) - $(use_with sctp) - $(use_with selinux) - $(use_with skey) - $(use_with ssh1) - # The X509 patch deletes this option entirely. - $(use X509 || use_with ssl openssl) - $(use_with ssl md5-passwords) - $(use_with ssl ssl-engine) - ) - - # The seccomp sandbox is broken on x32, so use the older method for now. #553748 - use amd64 && [[ ${ABI} == "x32" ]] && myconf+=( --with-sandbox=rlimit ) - - # Special settings for Gentoo/FreeBSD 9.0 or later (see bug #391011) - if use elibc_FreeBSD && version_is_at_least 9.0 "$(uname -r|sed 's/\(.\..\).*/\1/')" ; then - myconf+=( --disable-utmp --disable-wtmp --disable-wtmpx ) - append-ldflags -lutil - fi - - econf "${myconf[@]}" -} - -src_install() { - emake install-nokeys DESTDIR="${D}" - fperms 600 /etc/ssh/sshd_config - dobin contrib/ssh-copy-id - newinitd "${FILESDIR}"/sshd.rc6.4 sshd - newconfd "${FILESDIR}"/sshd.confd sshd - keepdir /var/empty - - newpamd "${FILESDIR}"/sshd.pam_include.2 sshd - if use pam ; then - sed -i \ - -e "/^#UsePAM /s:.*:UsePAM yes:" \ - -e "/^#PasswordAuthentication /s:.*:PasswordAuthentication no:" \ - -e "/^#PrintMotd /s:.*:PrintMotd no:" \ - -e "/^#PrintLastLog /s:.*:PrintLastLog no:" \ - "${ED}"/etc/ssh/sshd_config || die - fi - - # Gentoo tweaks to default config files - cat <<-EOF >> "${ED}"/etc/ssh/sshd_config - - # Allow client to pass locale environment variables #367017 - AcceptEnv LANG LC_* - EOF - cat <<-EOF >> "${ED}"/etc/ssh/ssh_config - - # Send locale environment variables #367017 - SendEnv LANG LC_* - EOF - - if ! use X509 && [[ -n ${LDAP_PATCH} ]] && use ldap ; then - insinto /etc/openldap/schema/ - newins openssh-lpk_openldap.schema openssh-lpk.schema - fi - - doman contrib/ssh-copy-id.1 - dodoc ChangeLog CREDITS OVERVIEW README* TODO sshd_config - - diropts -m 0700 - dodir /etc/skel/.ssh - - systemd_dounit "${FILESDIR}"/sshd.{service,socket} - systemd_newunit "${FILESDIR}"/sshd_at.service 'sshd@.service' -} - -src_test() { - local t tests skipped failed passed shell - tests="interop-tests compat-tests" - skipped="" - shell=$(egetshell ${UID}) - if [[ ${shell} == */nologin ]] || [[ ${shell} == */false ]] ; then - elog "Running the full OpenSSH testsuite" - elog "requires a usable shell for the 'portage'" - elog "user, so we will run a subset only." - skipped="${skipped} tests" - else - tests="${tests} tests" - fi - # It will also attempt to write to the homedir .ssh - local sshhome=${T}/homedir - mkdir -p "${sshhome}"/.ssh - for t in ${tests} ; do - # Some tests read from stdin ... - HOMEDIR="${sshhome}" \ - emake -k -j1 ${t} > /etc/portage/package.mask" - die "booooo" - fi - - # Make sure people who are using tcp wrappers are notified of its removal. #531156 - if grep -qs '^ *sshd *:' "${EROOT}"/etc/hosts.{allow,deny} ; then - ewarn "Sorry, but openssh no longer supports tcp-wrappers, and it seems like" - ewarn "you're trying to use it. Update your ${EROOT}etc/hosts.{allow,deny} please." - fi -} - -save_version() { - # version.h patch conflict avoidence - mv version.h version.h.$1 - cp -f version.h.pristine version.h -} - -src_prepare() { - sed -i \ - -e "/_PATH_XAUTH/s:/usr/X11R6/bin/xauth:${EPREFIX}/usr/bin/xauth:" \ - pathnames.h || die - # keep this as we need it to avoid the conflict between LPK and HPN changing - # this file. - cp version.h version.h.pristine - - # don't break .ssh/authorized_keys2 for fun - sed -i '/^AuthorizedKeysFile/s:^:#:' sshd_config || die - - if use X509 ; then - pushd .. >/dev/null - #epatch "${WORKDIR}"/${PN}-6.8_p1-x509-${X509_VER}-glue.patch - epatch "${FILESDIR}"/${PN}-7.0_p1-sctp-x509-glue.patch - popd >/dev/null - epatch "${WORKDIR}"/${X509_PATCH%.*} - epatch "${FILESDIR}"/${PN}-6.3_p1-x509-hpn14v2-glue.patch - epatch "${FILESDIR}"/${PN}-6.9_p1-x509-warnings.patch - save_version X509 - fi - if use ldap ; then - epatch "${WORKDIR}"/${LDAP_PATCH%.*} - save_version LPK - fi - epatch "${FILESDIR}"/${PN}-4.7_p1-GSSAPI-dns.patch #165444 integrated into gsskex - epatch "${FILESDIR}"/${PN}-6.7_p1-openssl-ignore-status.patch - # The X509 patchset fixes this independently. - use X509 || epatch "${FILESDIR}"/${PN}-6.8_p1-ssl-engine-configure.patch - epatch "${WORKDIR}"/${PN}-6.8_p1-sctp.patch - if use hpn ; then - EPATCH_FORCE="yes" EPATCH_SUFFIX="patch" \ - EPATCH_MULTI_MSG="Applying HPN patchset ..." \ - epatch "${WORKDIR}"/${HPN_PATCH%.*.*} - save_version HPN - fi - - tc-export PKG_CONFIG - local sed_args=( - -e "s:-lcrypto:$(${PKG_CONFIG} --libs openssl):" - # Disable PATH reset, trust what portage gives us #254615 - -e 's:^PATH=/:#PATH=/:' - # Disable fortify flags ... our gcc does this for us - -e 's:-D_FORTIFY_SOURCE=2::' - ) - # The -ftrapv flag ICEs on hppa #505182 - use hppa && sed_args+=( - -e '/CFLAGS/s:-ftrapv:-fdisable-this-test:' - -e '/OSSH_CHECK_CFLAG_LINK.*-ftrapv/d' - ) - sed -i "${sed_args[@]}" configure{.ac,} || die - - epatch_user #473004 - - # Now we can build a sane merged version.h - ( - sed '/^#define SSH_RELEASE/d' version.h.* | sort -u - macros=() - for p in HPN LPK X509 ; do [ -e version.h.${p} ] && macros+=( SSH_${p} ) ; done - printf '#define SSH_RELEASE SSH_VERSION SSH_PORTABLE %s\n' "${macros}" - ) > version.h - - eautoreconf -} - -src_configure() { - addwrite /dev/ptmx - - use debug && append-cppflags -DSANDBOX_SECCOMP_FILTER_DEBUG - use static && append-ldflags -static - - local myconf=( - --with-ldflags="${LDFLAGS}" - --disable-strip - --with-pid-dir="${EPREFIX}"$(usex kernel_linux '' '/var')/run - --sysconfdir="${EPREFIX}"/etc/ssh - --libexecdir="${EPREFIX}"/usr/$(get_libdir)/misc - --datadir="${EPREFIX}"/usr/share/openssh - --with-privsep-path="${EPREFIX}"/var/empty - --with-privsep-user=sshd - $(use_with kerberos kerberos5 "${EPREFIX}"/usr) - # We apply the ldap patch conditionally, so can't pass --without-ldap - # unconditionally else we get unknown flag warnings. - $(use ldap && use_with ldap) - $(use_with ldns) - $(use_with libedit) - $(use_with pam) - $(use_with pie) - $(use_with sctp) - $(use_with selinux) - $(use_with skey) - $(use_with ssh1) - # The X509 patch deletes this option entirely. - $(use X509 || use_with ssl openssl) - $(use_with ssl md5-passwords) - $(use_with ssl ssl-engine) - ) - - # The seccomp sandbox is broken on x32, so use the older method for now. #553748 - use amd64 && [[ ${ABI} == "x32" ]] && myconf+=( --with-sandbox=rlimit ) - - # Special settings for Gentoo/FreeBSD 9.0 or later (see bug #391011) - if use elibc_FreeBSD && version_is_at_least 9.0 "$(uname -r|sed 's/\(.\..\).*/\1/')" ; then - myconf+=( --disable-utmp --disable-wtmp --disable-wtmpx ) - append-ldflags -lutil - fi - - econf "${myconf[@]}" -} - -src_install() { - emake install-nokeys DESTDIR="${D}" - fperms 600 /etc/ssh/sshd_config - dobin contrib/ssh-copy-id - newinitd "${FILESDIR}"/sshd.rc6.4 sshd - newconfd "${FILESDIR}"/sshd.confd sshd - keepdir /var/empty - - newpamd "${FILESDIR}"/sshd.pam_include.2 sshd - if use pam ; then - sed -i \ - -e "/^#UsePAM /s:.*:UsePAM yes:" \ - -e "/^#PasswordAuthentication /s:.*:PasswordAuthentication no:" \ - -e "/^#PrintMotd /s:.*:PrintMotd no:" \ - -e "/^#PrintLastLog /s:.*:PrintLastLog no:" \ - "${ED}"/etc/ssh/sshd_config || die - fi - - # Gentoo tweaks to default config files - cat <<-EOF >> "${ED}"/etc/ssh/sshd_config - - # Allow client to pass locale environment variables #367017 - AcceptEnv LANG LC_* - EOF - cat <<-EOF >> "${ED}"/etc/ssh/ssh_config - - # Send locale environment variables #367017 - SendEnv LANG LC_* - EOF - - if ! use X509 && [[ -n ${LDAP_PATCH} ]] && use ldap ; then - insinto /etc/openldap/schema/ - newins openssh-lpk_openldap.schema openssh-lpk.schema - fi - - doman contrib/ssh-copy-id.1 - dodoc ChangeLog CREDITS OVERVIEW README* TODO sshd_config - - diropts -m 0700 - dodir /etc/skel/.ssh - - systemd_dounit "${FILESDIR}"/sshd.{service,socket} - systemd_newunit "${FILESDIR}"/sshd_at.service 'sshd@.service' -} - -src_test() { - local t tests skipped failed passed shell - tests="interop-tests compat-tests" - skipped="" - shell=$(egetshell ${UID}) - if [[ ${shell} == */nologin ]] || [[ ${shell} == */false ]] ; then - elog "Running the full OpenSSH testsuite" - elog "requires a usable shell for the 'portage'" - elog "user, so we will run a subset only." - skipped="${skipped} tests" - else - tests="${tests} tests" - fi - # It will also attempt to write to the homedir .ssh - local sshhome=${T}/homedir - mkdir -p "${sshhome}"/.ssh - for t in ${tests} ; do - # Some tests read from stdin ... - HOMEDIR="${sshhome}" \ - emake -k -j1 ${t} > /etc/portage/package.mask" - die "booooo" - fi - - # Make sure people who are using tcp wrappers are notified of its removal. #531156 - if grep -qs '^ *sshd *:' "${EROOT}"/etc/hosts.{allow,deny} ; then - ewarn "Sorry, but openssh no longer supports tcp-wrappers, and it seems like" - ewarn "you're trying to use it. Update your ${EROOT}etc/hosts.{allow,deny} please." - fi -} - -save_version() { - # version.h patch conflict avoidence - mv version.h version.h.$1 - cp -f version.h.pristine version.h -} - -src_prepare() { - sed -i \ - -e "/_PATH_XAUTH/s:/usr/X11R6/bin/xauth:${EPREFIX}/usr/bin/xauth:" \ - pathnames.h || die - # keep this as we need it to avoid the conflict between LPK and HPN changing - # this file. - cp version.h version.h.pristine - - # don't break .ssh/authorized_keys2 for fun - sed -i '/^AuthorizedKeysFile/s:^:#:' sshd_config || die - - if use X509 ; then - pushd .. >/dev/null - pushd ${HPN_PATCH%.*.*} >/dev/null - epatch "${FILESDIR}"/${PN}-7.1_p1-hpn-x509-glue.patch - popd >/dev/null - epatch "${FILESDIR}"/${PN}-7.0_p1-sctp-x509-glue.patch - popd >/dev/null - epatch "${WORKDIR}"/${X509_PATCH%.*} - epatch "${FILESDIR}"/${PN}-6.3_p1-x509-hpn14v2-glue.patch - epatch "${FILESDIR}"/${PN}-6.9_p1-x509-warnings.patch - save_version X509 - fi - if use ldap ; then - epatch "${WORKDIR}"/${LDAP_PATCH%.*} - save_version LPK - fi - epatch "${FILESDIR}"/${PN}-4.7_p1-GSSAPI-dns.patch #165444 integrated into gsskex - epatch "${FILESDIR}"/${PN}-6.7_p1-openssl-ignore-status.patch - # The X509 patchset fixes this independently. - use X509 || epatch "${FILESDIR}"/${PN}-6.8_p1-ssl-engine-configure.patch - epatch "${WORKDIR}"/${PN}-6.8_p1-sctp.patch - if use hpn ; then - EPATCH_FORCE="yes" EPATCH_SUFFIX="patch" \ - EPATCH_MULTI_MSG="Applying HPN patchset ..." \ - epatch "${WORKDIR}"/${HPN_PATCH%.*.*} - save_version HPN - fi - - tc-export PKG_CONFIG - local sed_args=( - -e "s:-lcrypto:$(${PKG_CONFIG} --libs openssl):" - # Disable PATH reset, trust what portage gives us #254615 - -e 's:^PATH=/:#PATH=/:' - # Disable fortify flags ... our gcc does this for us - -e 's:-D_FORTIFY_SOURCE=2::' - ) - # The -ftrapv flag ICEs on hppa #505182 - use hppa && sed_args+=( - -e '/CFLAGS/s:-ftrapv:-fdisable-this-test:' - -e '/OSSH_CHECK_CFLAG_LINK.*-ftrapv/d' - ) - sed -i "${sed_args[@]}" configure{.ac,} || die - - epatch_user #473004 - - # Now we can build a sane merged version.h - ( - sed '/^#define SSH_RELEASE/d' version.h.* | sort -u - macros=() - for p in HPN LPK X509 ; do [ -e version.h.${p} ] && macros+=( SSH_${p} ) ; done - printf '#define SSH_RELEASE SSH_VERSION SSH_PORTABLE %s\n' "${macros}" - ) > version.h - - eautoreconf -} - -src_configure() { - addwrite /dev/ptmx - - use debug && append-cppflags -DSANDBOX_SECCOMP_FILTER_DEBUG - use static && append-ldflags -static - - local myconf=( - --with-ldflags="${LDFLAGS}" - --disable-strip - --with-pid-dir="${EPREFIX}"$(usex kernel_linux '' '/var')/run - --sysconfdir="${EPREFIX}"/etc/ssh - --libexecdir="${EPREFIX}"/usr/$(get_libdir)/misc - --datadir="${EPREFIX}"/usr/share/openssh - --with-privsep-path="${EPREFIX}"/var/empty - --with-privsep-user=sshd - $(use_with kerberos kerberos5 "${EPREFIX}"/usr) - # We apply the ldap patch conditionally, so can't pass --without-ldap - # unconditionally else we get unknown flag warnings. - $(use ldap && use_with ldap) - $(use_with ldns) - $(use_with libedit) - $(use_with pam) - $(use_with pie) - $(use_with sctp) - $(use_with selinux) - $(use_with skey) - $(use_with ssh1) - # The X509 patch deletes this option entirely. - $(use X509 || use_with ssl openssl) - $(use_with ssl md5-passwords) - $(use_with ssl ssl-engine) - ) - - # The seccomp sandbox is broken on x32, so use the older method for now. #553748 - use amd64 && [[ ${ABI} == "x32" ]] && myconf+=( --with-sandbox=rlimit ) - - # Special settings for Gentoo/FreeBSD 9.0 or later (see bug #391011) - if use elibc_FreeBSD && version_is_at_least 9.0 "$(uname -r|sed 's/\(.\..\).*/\1/')" ; then - myconf+=( --disable-utmp --disable-wtmp --disable-wtmpx ) - append-ldflags -lutil - fi - - econf "${myconf[@]}" -} - -src_install() { - emake install-nokeys DESTDIR="${D}" - fperms 600 /etc/ssh/sshd_config - dobin contrib/ssh-copy-id - newinitd "${FILESDIR}"/sshd.rc6.4 sshd - newconfd "${FILESDIR}"/sshd.confd sshd - keepdir /var/empty - - newpamd "${FILESDIR}"/sshd.pam_include.2 sshd - if use pam ; then - sed -i \ - -e "/^#UsePAM /s:.*:UsePAM yes:" \ - -e "/^#PasswordAuthentication /s:.*:PasswordAuthentication no:" \ - -e "/^#PrintMotd /s:.*:PrintMotd no:" \ - -e "/^#PrintLastLog /s:.*:PrintLastLog no:" \ - "${ED}"/etc/ssh/sshd_config || die - fi - - # Gentoo tweaks to default config files - cat <<-EOF >> "${ED}"/etc/ssh/sshd_config - - # Allow client to pass locale environment variables #367017 - AcceptEnv LANG LC_* - EOF - cat <<-EOF >> "${ED}"/etc/ssh/ssh_config - - # Send locale environment variables #367017 - SendEnv LANG LC_* - EOF - - if ! use X509 && [[ -n ${LDAP_PATCH} ]] && use ldap ; then - insinto /etc/openldap/schema/ - newins openssh-lpk_openldap.schema openssh-lpk.schema - fi - - doman contrib/ssh-copy-id.1 - dodoc ChangeLog CREDITS OVERVIEW README* TODO sshd_config - - diropts -m 0700 - dodir /etc/skel/.ssh - - systemd_dounit "${FILESDIR}"/sshd.{service,socket} - systemd_newunit "${FILESDIR}"/sshd_at.service 'sshd@.service' -} - -src_test() { - local t tests skipped failed passed shell - tests="interop-tests compat-tests" - skipped="" - shell=$(egetshell ${UID}) - if [[ ${shell} == */nologin ]] || [[ ${shell} == */false ]] ; then - elog "Running the full OpenSSH testsuite" - elog "requires a usable shell for the 'portage'" - elog "user, so we will run a subset only." - skipped="${skipped} tests" - else - tests="${tests} tests" - fi - # It will also attempt to write to the homedir .ssh - local sshhome=${T}/homedir - mkdir -p "${sshhome}"/.ssh - for t in ${tests} ; do - # Some tests read from stdin ... - HOMEDIR="${sshhome}" \ - emake -k -j1 ${t} > /etc/portage/package.mask" - die "booooo" - fi - - # Make sure people who are using tcp wrappers are notified of its removal. #531156 - if grep -qs '^ *sshd *:' "${EROOT}"/etc/hosts.{allow,deny} ; then - ewarn "Sorry, but openssh no longer supports tcp-wrappers, and it seems like" - ewarn "you're trying to use it. Update your ${EROOT}etc/hosts.{allow,deny} please." - fi -} - -save_version() { - # version.h patch conflict avoidence - mv version.h version.h.$1 - cp -f version.h.pristine version.h -} - -src_prepare() { - sed -i \ - -e "/_PATH_XAUTH/s:/usr/X11R6/bin/xauth:${EPREFIX}/usr/bin/xauth:" \ - pathnames.h || die - # keep this as we need it to avoid the conflict between LPK and HPN changing - # this file. - cp version.h version.h.pristine - - # don't break .ssh/authorized_keys2 for fun - sed -i '/^AuthorizedKeysFile/s:^:#:' sshd_config || die - - if use X509 ; then - pushd .. >/dev/null - pushd ${HPN_PATCH%.*.*} >/dev/null - epatch "${FILESDIR}"/${PN}-7.1_p1-hpn-x509-glue.patch - popd >/dev/null - epatch "${FILESDIR}"/${PN}-7.0_p1-sctp-x509-glue.patch - popd >/dev/null - epatch "${WORKDIR}"/${X509_PATCH%.*} - epatch "${FILESDIR}"/${PN}-6.3_p1-x509-hpn14v2-glue.patch - epatch "${FILESDIR}"/${PN}-6.9_p1-x509-warnings.patch - save_version X509 - fi - if use ldap ; then - epatch "${WORKDIR}"/${LDAP_PATCH%.*} - save_version LPK - fi - epatch "${FILESDIR}"/${PN}-4.7_p1-GSSAPI-dns.patch #165444 integrated into gsskex - epatch "${FILESDIR}"/${PN}-6.7_p1-openssl-ignore-status.patch - # The X509 patchset fixes this independently. - use X509 || epatch "${FILESDIR}"/${PN}-6.8_p1-ssl-engine-configure.patch - epatch "${WORKDIR}"/${PN}-6.8_p1-sctp.patch - if use hpn ; then - EPATCH_FORCE="yes" EPATCH_SUFFIX="patch" \ - EPATCH_MULTI_MSG="Applying HPN patchset ..." \ - epatch "${WORKDIR}"/${HPN_PATCH%.*.*} - save_version HPN - fi - - tc-export PKG_CONFIG - local sed_args=( - -e "s:-lcrypto:$(${PKG_CONFIG} --libs openssl):" - # Disable PATH reset, trust what portage gives us #254615 - -e 's:^PATH=/:#PATH=/:' - # Disable fortify flags ... our gcc does this for us - -e 's:-D_FORTIFY_SOURCE=2::' - ) - # The -ftrapv flag ICEs on hppa #505182 - use hppa && sed_args+=( - -e '/CFLAGS/s:-ftrapv:-fdisable-this-test:' - -e '/OSSH_CHECK_CFLAG_LINK.*-ftrapv/d' - ) - sed -i "${sed_args[@]}" configure{.ac,} || die - - epatch_user #473004 - - # Now we can build a sane merged version.h - ( - sed '/^#define SSH_RELEASE/d' version.h.* | sort -u - macros=() - for p in HPN LPK X509 ; do [ -e version.h.${p} ] && macros+=( SSH_${p} ) ; done - printf '#define SSH_RELEASE SSH_VERSION SSH_PORTABLE %s\n' "${macros}" - ) > version.h - - eautoreconf -} - -src_configure() { - addwrite /dev/ptmx - - use debug && append-cppflags -DSANDBOX_SECCOMP_FILTER_DEBUG - use static && append-ldflags -static - - local myconf=( - --with-ldflags="${LDFLAGS}" - --disable-strip - --with-pid-dir="${EPREFIX}"$(usex kernel_linux '' '/var')/run - --sysconfdir="${EPREFIX}"/etc/ssh - --libexecdir="${EPREFIX}"/usr/$(get_libdir)/misc - --datadir="${EPREFIX}"/usr/share/openssh - --with-privsep-path="${EPREFIX}"/var/empty - --with-privsep-user=sshd - $(use_with kerberos kerberos5 "${EPREFIX}"/usr) - # We apply the ldap patch conditionally, so can't pass --without-ldap - # unconditionally else we get unknown flag warnings. - $(use ldap && use_with ldap) - $(use_with ldns) - $(use_with libedit) - $(use_with pam) - $(use_with pie) - $(use_with sctp) - $(use_with selinux) - $(use_with skey) - $(use_with ssh1) - # The X509 patch deletes this option entirely. - $(use X509 || use_with ssl openssl) - $(use_with ssl md5-passwords) - $(use_with ssl ssl-engine) - ) - - # The seccomp sandbox is broken on x32, so use the older method for now. #553748 - use amd64 && [[ ${ABI} == "x32" ]] && myconf+=( --with-sandbox=rlimit ) - - econf "${myconf[@]}" -} - -src_install() { - emake install-nokeys DESTDIR="${D}" - fperms 600 /etc/ssh/sshd_config - dobin contrib/ssh-copy-id - newinitd "${FILESDIR}"/sshd.rc6.4 sshd - newconfd "${FILESDIR}"/sshd.confd sshd - keepdir /var/empty - - newpamd "${FILESDIR}"/sshd.pam_include.2 sshd - if use pam ; then - sed -i \ - -e "/^#UsePAM /s:.*:UsePAM yes:" \ - -e "/^#PasswordAuthentication /s:.*:PasswordAuthentication no:" \ - -e "/^#PrintMotd /s:.*:PrintMotd no:" \ - -e "/^#PrintLastLog /s:.*:PrintLastLog no:" \ - "${ED}"/etc/ssh/sshd_config || die - fi - - # Gentoo tweaks to default config files - cat <<-EOF >> "${ED}"/etc/ssh/sshd_config - - # Allow client to pass locale environment variables #367017 - AcceptEnv LANG LC_* - EOF - cat <<-EOF >> "${ED}"/etc/ssh/ssh_config - - # Send locale environment variables #367017 - SendEnv LANG LC_* - EOF - - if ! use X509 && [[ -n ${LDAP_PATCH} ]] && use ldap ; then - insinto /etc/openldap/schema/ - newins openssh-lpk_openldap.schema openssh-lpk.schema - fi - - doman contrib/ssh-copy-id.1 - dodoc ChangeLog CREDITS OVERVIEW README* TODO sshd_config - - diropts -m 0700 - dodir /etc/skel/.ssh - - systemd_dounit "${FILESDIR}"/sshd.{service,socket} - systemd_newunit "${FILESDIR}"/sshd_at.service 'sshd@.service' -} - -src_test() { - local t tests skipped failed passed shell - tests="interop-tests compat-tests" - skipped="" - shell=$(egetshell ${UID}) - if [[ ${shell} == */nologin ]] || [[ ${shell} == */false ]] ; then - elog "Running the full OpenSSH testsuite" - elog "requires a usable shell for the 'portage'" - elog "user, so we will run a subset only." - skipped="${skipped} tests" - else - tests="${tests} tests" - fi - # It will also attempt to write to the homedir .ssh - local sshhome=${T}/homedir - mkdir -p "${sshhome}"/.ssh - for t in ${tests} ; do - # Some tests read from stdin ... - HOMEDIR="${sshhome}" \ - emake -k -j1 ${t} > /etc/portage/package.mask" - die "booooo" - fi - - # Make sure people who are using tcp wrappers are notified of its removal. #531156 - if grep -qs '^ *sshd *:' "${EROOT}"/etc/hosts.{allow,deny} ; then - ewarn "Sorry, but openssh no longer supports tcp-wrappers, and it seems like" - ewarn "you're trying to use it. Update your ${EROOT}etc/hosts.{allow,deny} please." - fi -} - -save_version() { - # version.h patch conflict avoidence - mv version.h version.h.$1 - cp -f version.h.pristine version.h -} - -src_prepare() { - sed -i \ - -e "/_PATH_XAUTH/s:/usr/X11R6/bin/xauth:${EPREFIX}/usr/bin/xauth:" \ - pathnames.h || die - # keep this as we need it to avoid the conflict between LPK and HPN changing - # this file. - cp version.h version.h.pristine - - # don't break .ssh/authorized_keys2 for fun - sed -i '/^AuthorizedKeysFile/s:^:#:' sshd_config || die - - if use X509 ; then - pushd .. >/dev/null - pushd ${HPN_PATCH%.*.*} >/dev/null - epatch "${FILESDIR}"/${PN}-7.1_p1-hpn-x509-glue.patch - popd >/dev/null - epatch "${FILESDIR}"/${PN}-7.0_p1-sctp-x509-glue.patch - popd >/dev/null - epatch "${WORKDIR}"/${X509_PATCH%.*} - epatch "${FILESDIR}"/${PN}-6.3_p1-x509-hpn14v2-glue.patch - epatch "${FILESDIR}"/${PN}-6.9_p1-x509-warnings.patch - save_version X509 - fi - if use ldap ; then - epatch "${WORKDIR}"/${LDAP_PATCH%.*} - save_version LPK - fi - epatch "${FILESDIR}"/${PN}-4.7_p1-GSSAPI-dns.patch #165444 integrated into gsskex - epatch "${FILESDIR}"/${PN}-6.7_p1-openssl-ignore-status.patch - # The X509 patchset fixes this independently. - use X509 || epatch "${FILESDIR}"/${PN}-6.8_p1-ssl-engine-configure.patch - epatch "${WORKDIR}"/${PN}-6.8_p1-sctp.patch - if use hpn ; then - EPATCH_FORCE="yes" EPATCH_SUFFIX="patch" \ - EPATCH_MULTI_MSG="Applying HPN patchset ..." \ - epatch "${WORKDIR}"/${HPN_PATCH%.*.*} - save_version HPN - fi - - tc-export PKG_CONFIG - local sed_args=( - -e "s:-lcrypto:$(${PKG_CONFIG} --libs openssl):" - # Disable PATH reset, trust what portage gives us #254615 - -e 's:^PATH=/:#PATH=/:' - # Disable fortify flags ... our gcc does this for us - -e 's:-D_FORTIFY_SOURCE=2::' - ) - # The -ftrapv flag ICEs on hppa #505182 - use hppa && sed_args+=( - -e '/CFLAGS/s:-ftrapv:-fdisable-this-test:' - -e '/OSSH_CHECK_CFLAG_LINK.*-ftrapv/d' - ) - sed -i "${sed_args[@]}" configure{.ac,} || die - - epatch_user #473004 - - # Now we can build a sane merged version.h - ( - sed '/^#define SSH_RELEASE/d' version.h.* | sort -u - macros=() - for p in HPN LPK X509 ; do [ -e version.h.${p} ] && macros+=( SSH_${p} ) ; done - printf '#define SSH_RELEASE SSH_VERSION SSH_PORTABLE %s\n' "${macros}" - ) > version.h - - eautoreconf -} - -src_configure() { - addwrite /dev/ptmx - - use debug && append-cppflags -DSANDBOX_SECCOMP_FILTER_DEBUG - use static && append-ldflags -static - - local myconf=( - --with-ldflags="${LDFLAGS}" - --disable-strip - --with-pid-dir="${EPREFIX}"$(usex kernel_linux '' '/var')/run - --sysconfdir="${EPREFIX}"/etc/ssh - --libexecdir="${EPREFIX}"/usr/$(get_libdir)/misc - --datadir="${EPREFIX}"/usr/share/openssh - --with-privsep-path="${EPREFIX}"/var/empty - --with-privsep-user=sshd - $(use_with kerberos kerberos5 "${EPREFIX}"/usr) - # We apply the ldap patch conditionally, so can't pass --without-ldap - # unconditionally else we get unknown flag warnings. - $(use ldap && use_with ldap) - $(use_with ldns) - $(use_with libedit) - $(use_with pam) - $(use_with pie) - $(use_with sctp) - $(use_with selinux) - $(use_with skey) - $(use_with ssh1) - # The X509 patch deletes this option entirely. - $(use X509 || use_with ssl openssl) - $(use_with ssl md5-passwords) - $(use_with ssl ssl-engine) - ) - - # The seccomp sandbox is broken on x32, so use the older method for now. #553748 - use amd64 && [[ ${ABI} == "x32" ]] && myconf+=( --with-sandbox=rlimit ) - - # Special settings for Gentoo/FreeBSD 9.0 or later (see bug #391011) - if use elibc_FreeBSD && version_is_at_least 9.0 "$(uname -r|sed 's/\(.\..\).*/\1/')" ; then - myconf+=( --disable-utmp --disable-wtmp --disable-wtmpx ) - append-ldflags -lutil - fi - - econf "${myconf[@]}" -} - -src_install() { - emake install-nokeys DESTDIR="${D}" - fperms 600 /etc/ssh/sshd_config - dobin contrib/ssh-copy-id - newinitd "${FILESDIR}"/sshd.rc6.4 sshd - newconfd "${FILESDIR}"/sshd.confd sshd - keepdir /var/empty - - newpamd "${FILESDIR}"/sshd.pam_include.2 sshd - if use pam ; then - sed -i \ - -e "/^#UsePAM /s:.*:UsePAM yes:" \ - -e "/^#PasswordAuthentication /s:.*:PasswordAuthentication no:" \ - -e "/^#PrintMotd /s:.*:PrintMotd no:" \ - -e "/^#PrintLastLog /s:.*:PrintLastLog no:" \ - "${ED}"/etc/ssh/sshd_config || die - fi - - # Gentoo tweaks to default config files - cat <<-EOF >> "${ED}"/etc/ssh/sshd_config - - # Allow client to pass locale environment variables #367017 - AcceptEnv LANG LC_* - EOF - cat <<-EOF >> "${ED}"/etc/ssh/ssh_config - - # Send locale environment variables #367017 - SendEnv LANG LC_* - EOF - - if ! use X509 && [[ -n ${LDAP_PATCH} ]] && use ldap ; then - insinto /etc/openldap/schema/ - newins openssh-lpk_openldap.schema openssh-lpk.schema - fi - - doman contrib/ssh-copy-id.1 - dodoc ChangeLog CREDITS OVERVIEW README* TODO sshd_config - - diropts -m 0700 - dodir /etc/skel/.ssh - - systemd_dounit "${FILESDIR}"/sshd.{service,socket} - systemd_newunit "${FILESDIR}"/sshd_at.service 'sshd@.service' -} - -src_test() { - local t tests skipped failed passed shell - tests="interop-tests compat-tests" - skipped="" - shell=$(egetshell ${UID}) - if [[ ${shell} == */nologin ]] || [[ ${shell} == */false ]] ; then - elog "Running the full OpenSSH testsuite" - elog "requires a usable shell for the 'portage'" - elog "user, so we will run a subset only." - skipped="${skipped} tests" - else - tests="${tests} tests" - fi - # It will also attempt to write to the homedir .ssh - local sshhome=${T}/homedir - mkdir -p "${sshhome}"/.ssh - for t in ${tests} ; do - # Some tests read from stdin ... - HOMEDIR="${sshhome}" \ - emake -k -j1 ${t}