diff --git a/sdk_container/src/third_party/portage-stable/net-misc/openssh/ChangeLog b/sdk_container/src/third_party/portage-stable/net-misc/openssh/ChangeLog new file mode 100644 index 0000000000..6544587581 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/net-misc/openssh/ChangeLog @@ -0,0 +1,2004 @@ +# ChangeLog for net-misc/openssh +# Copyright 1999-2013 Gentoo Foundation; Distributed under the GPL v2 +# $Header: /var/cvsroot/gentoo-x86/net-misc/openssh/ChangeLog,v 1.465 2013/01/22 02:51:55 robbat2 Exp $ + + 22 Jan 2013; Robin H. Johnson openssh-6.1_p1-r1.ebuild: + Whitespace. + + 22 Jan 2013; Robin H. Johnson openssh-6.1_p1-r1.ebuild: + Bug #435372: update ldns dependency for USE=bindist. + + 18 Jan 2013; Diego E. Pettenò openssh-6.1_p1-r1.ebuild: + Only depend on ldns with ldns USE flag enabled. + +*openssh-6.1_p1-r1 (18 Jan 2013) + + 18 Jan 2013; Robin H. Johnson +openssh-6.1_p1-r1.ebuild, + metadata.xml, openssh-5.9_p1-r4.ebuild, openssh-6.0_p1-r1.ebuild, + openssh-6.0_p1.ebuild, openssh-6.1_p1.ebuild: + Bug #448944: add bindist description. Bug #435372: add LDNS support for SSHFP. + Bug #410541/#266386: convert "need net" to detection of ListenAddress (if you + specify a custom ListenAddress, you should see the migration comments in the + init script). Bug #426084: Include license of init script. Bug #391011: handle + compile for G/FBSD9.0. + + 28 Nov 2012; Robin H. Johnson files/sshd.rc6.4: + Bug #410541: prepare for detection of net variants to warn if the user needs a + rc_need for the actual interface to bind to. Not installed in the rebuild + pending ACK fro vapier. + + 28 Nov 2012; Robin H. Johnson +files/sshd.rc6.4: + Cleanup of sshd init.d in preparation for bug #410541. local keyword is not + POSIX sh. + + 19 Nov 2012; Mike Frysinger openssh-6.1_p1.ebuild: + Only show ecdsa key message when upgrading from older versions, and drop + USE=pam warning wrt valid shells as people should know this #440568 by + poletti.marco. + + 19 Nov 2012; Mike Frysinger openssh-6.1_p1.ebuild: + Update to EAPI=4 to have USE=static depend on USE=static-libs of all the + library packages #443682 by siebz0r. + + 16 Nov 2012; Agostino Sarubbo -openssh-5.5_p1-r2.ebuild, + -openssh-5.6_p1-r2.ebuild, -openssh-5.7_p1-r1.ebuild, + -openssh-5.8_p1-r1.ebuild, -openssh-5.8_p2-r1.ebuild, -openssh-5.8_p2.ebuild, + -openssh-5.9_p1-r3.ebuild: + Remove old + + 11 Nov 2012; Mike Frysinger openssh-6.1_p1.ebuild: + Do not hardcode `pkg-config`. + + 06 Nov 2012; Mike Gilbert openssh-5.5_p1-r2.ebuild, + openssh-5.6_p1-r2.ebuild, openssh-5.7_p1-r1.ebuild, openssh-5.8_p1-r1.ebuild, + openssh-5.8_p2-r1.ebuild, openssh-5.8_p2.ebuild, openssh-5.9_p1-r3.ebuild, + openssh-5.9_p1-r4.ebuild, openssh-6.0_p1-r1.ebuild, openssh-6.0_p1.ebuild, + openssh-6.1_p1.ebuild: + Use a slot dep for openssl; openssl:0.9.8 is not going to work here. Bug + 437480. + + 06 Nov 2012; Rick Farina openssh-5.5_p1-r2.ebuild, + openssh-5.6_p1-r2.ebuild, openssh-5.7_p1-r1.ebuild, openssh-5.8_p1-r1.ebuild, + openssh-5.8_p2-r1.ebuild, openssh-5.8_p2.ebuild, openssh-5.9_p1-r3.ebuild, + openssh-5.9_p1-r4.ebuild, openssh-6.0_p1-r1.ebuild, openssh-6.0_p1.ebuild, + openssh-6.1_p1.ebuild: + openssh needs to match the bindist settings on openssl or it breaks. bug + #437480 + + 12 Oct 2012; Mike Frysinger openssh-6.1_p1.ebuild: + Always specify pid-dir to avoid configure script falling back to /etc/ssh on + broken systems #435668 by Piotr Karbowski. + + 25 Sep 2012; Ulrich Müller openssh-5.5_p1-r2.ebuild, + openssh-5.6_p1-r2.ebuild, openssh-5.7_p1-r1.ebuild, openssh-5.8_p1-r1.ebuild, + openssh-5.8_p2.ebuild, openssh-5.8_p2-r1.ebuild, openssh-5.9_p1-r3.ebuild, + openssh-5.9_p1-r4.ebuild, openssh-6.0_p1.ebuild, openssh-6.0_p1-r1.ebuild, + openssh-6.1_p1.ebuild: + Specify LICENSE more precisely. According to the upstream license note: + "All components are under a BSD licence, or a licence more free than that." + +*openssh-6.1_p1 (08 Sep 2012) + + 08 Sep 2012; Mike Frysinger + +files/openssh-6.1_p1-x509-glue.patch, + +files/openssh-6.1_p1-x509-hpn-glue.patch, +openssh-6.1_p1.ebuild: + Version bump #434278 by Phr33d0m. + +*openssh-6.0_p1-r1 (08 Jun 2012) + + 08 Jun 2012; Mike Frysinger +openssh-6.0_p1-r1.ebuild: + Back hpn patch back down to v11 as v12 does not want to work for us #414401 by + Sean McGovern. + + 02 Jun 2012; Mike Frysinger openssh-5.9_p1-r4.ebuild: + Mark alpha/ia64/s390/sh/sparc stable #396075. + + 29 May 2012; Alexis Ballier openssh-6.0_p1.ebuild: + keyword ~amd64-fbsd + + 29 May 2012; Richard Yao + +files/openssh-6.0_p1-fix-freebsd-compilation.patch, openssh-6.0_p1.ebuild: + Fix build failure on Gentoo FreeBSD 9, written by naota, reviewed by + xarthisius, approved by Chainsaw, bug #391011 + + 23 May 2012; Mike Frysinger openssh-5.5_p1-r2.ebuild, + openssh-5.6_p1-r2.ebuild, openssh-5.7_p1-r1.ebuild, openssh-5.8_p1-r1.ebuild, + openssh-5.8_p2-r1.ebuild, openssh-5.8_p2.ebuild, openssh-5.9_p1-r3.ebuild, + openssh-5.9_p1-r4.ebuild, openssh-6.0_p1.ebuild: + Inherit user eclass for enewuser/etc... + + 17 May 2012; Mike Frysinger + +files/openssh-6.0_p1-test.patch, openssh-6.0_p1.ebuild: + Add fix for POSIX test compat #391011. + + 08 May 2012; Brent Baude openssh-5.9_p1-r4.ebuild: + Marking openssh-5.9_p1-r4 ppc64 for bug 396075 + + 05 May 2012; Jeff Horelick openssh-5.5_p1-r2.ebuild, + openssh-5.6_p1-r2.ebuild, openssh-5.7_p1-r1.ebuild, openssh-5.8_p1-r1.ebuild, + openssh-5.8_p2.ebuild, openssh-5.8_p2-r1.ebuild, openssh-5.9_p1-r3.ebuild, + openssh-5.9_p1-r4.ebuild, openssh-6.0_p1.ebuild: + dev-util/pkgconfig -> virtual/pkgconfig + + 03 May 2012; Mike Frysinger openssh-6.0_p1.ebuild: + Enable locale env var passing by default #367017 by Michael. + +*openssh-6.0_p1 (30 Apr 2012) + + 30 Apr 2012; Mike Frysinger + +files/openssh-6.0_p1-hpn-progressmeter.patch, + +files/openssh-6.0_p1-x509-glue.patch, + +files/openssh-6.0_p1-x509-hpn-glue.patch, +openssh-6.0_p1.ebuild: + Version bump with work from Robin #414071 by Michael Weber. + + 16 Apr 2012; Markus Meier openssh-5.9_p1-r4.ebuild: + arm stable, bug #396075 + + 16 Apr 2012; Brent Baude openssh-5.9_p1-r4.ebuild: + Marking openssh-5.9_p1-r4 ppc for bug 396075 + + 10 Apr 2012; Jeroen Roovers openssh-5.9_p1-r4.ebuild: + Stable for HPPA (bug #396075). + + 09 Apr 2012; Jeff Horelick openssh-5.9_p1-r4.ebuild: + marked x86 per bug 396075 + + 09 Apr 2012; Agostino Sarubbo openssh-5.9_p1-r4.ebuild: + Stable for amd64, wrt bug #396075 + +*openssh-5.9_p1-r4 (15 Mar 2012) + + 15 Mar 2012; Mike Frysinger +openssh-5.9_p1-r4.ebuild, + +files/openssh-5.9_p1-drop-openssl-check.patch: + Drop openssl version checking. + + 13 Mar 2012; Pawel Hajdan jr + openssh-5.5_p1-r2.ebuild, openssh-5.6_p1-r2.ebuild, openssh-5.7_p1-r1.ebuild, + openssh-5.8_p1-r1.ebuild, openssh-5.8_p2.ebuild, openssh-5.8_p2-r1.ebuild, + openssh-5.9_p1-r3.ebuild: + Switch to virtual/shadow. + + 13 Feb 2012; Robin H. Johnson openssh-5.9_p1-r3.ebuild: + Bug #352083: install LPK schema. + + 06 Feb 2012; Jeremy Olexa openssh-5.9_p1-r3.ebuild: + [Bug 402441] net-misc/openssh: Add output to say that ECDSA will not work + when openssl[bindist] is present + + 14 Dec 2011; Michał Górny openssh-5.9_p1-r3.ebuild, + +files/sshd.service, +files/sshd.socket, +files/sshd_at.service: + Install systemd unit files. + + 04 Dec 2011; Sven Wegener files/sshd.rc6, + files/sshd.rc6.1, files/sshd.rc6.2: + move reload to extra_started_commands + + 26 Nov 2011; Mike Frysinger openssh-5.9_p1-r3.ebuild: + Move enew{user,group} to pkg_preinst so `die` works. + + 03 Nov 2011; Mike Frysinger openssh-5.5_p1-r2.ebuild, + openssh-5.6_p1-r2.ebuild, openssh-5.7_p1-r1.ebuild, openssh-5.8_p1-r1.ebuild, + openssh-5.8_p2.ebuild, openssh-5.8_p2-r1.ebuild, openssh-5.9_p1-r3.ebuild: + Use new egetshell helper rather than calling getent directly. + + 02 Nov 2011; Mike Frysinger openssh-5.5_p1-r2.ebuild, + openssh-5.6_p1-r2.ebuild, openssh-5.7_p1-r1.ebuild, openssh-5.8_p1-r1.ebuild, + openssh-5.8_p2.ebuild, openssh-5.8_p2-r1.ebuild, openssh-5.9_p1-r3.ebuild: + Use egetent rather than getent. + +*openssh-5.9_p1-r3 (26 Sep 2011) + + 26 Sep 2011; Mike Frysinger -openssh-5.9_p1.ebuild, + -openssh-5.9_p1-r2.ebuild, +openssh-5.9_p1-r3.ebuild, + +files/openssh-5.9_p1-x509-glue.patch: + Add x509 patch and release. + +*openssh-5.9_p1-r2 (14 Sep 2011) +*openssh-5.8_p2-r1 (14 Sep 2011) + + 14 Sep 2011; Lars Wendler + +openssh-5.8_p2-r1.ebuild, -openssh-5.9_p1-r1.ebuild, + +openssh-5.9_p1-r2.ebuild, files/sshd.rc6.3: + non-maintainer commit: Replaced deprecated opts variable (bug #382227) and + removed --stop option from reload function (bug #382975). Bot changes and + revbumps were done with kind permission from vapier. + + 12 Sep 2011; Mike Frysinger openssh-5.9_p1-r1.ebuild: + Simplify test homedir logic a bit, and fix quoting. + +*openssh-5.9_p1-r1 (07 Sep 2011) + + 07 Sep 2011; Robin H. Johnson +openssh-5.9_p1-r1.ebuild: + Add complete port of HPN+LPK patches, also adjust the HOMEDIR setting for + src_test to complete in more cases. + + 07 Sep 2011; Mike Frysinger openssh-5.9_p1.ebuild: + Retain default AuthorizedKeysFile behavior. + +*openssh-5.9_p1 (07 Sep 2011) + + 07 Sep 2011; Mike Frysinger +openssh-5.9_p1.ebuild, + +files/openssh-5.9_p1-sshd-gssapi-multihomed.patch, +files/sshd.rc6.3: + Version bump. Drop --oknodo in init.d #377771 by Michael Mair-Keimberger. Add + GSSAPI/Kerberos fix #378361 by Kevan Carstensen. + + 28 May 2011; Mike Frysinger files/sshd.rc6.2: + Move custom opts to checkconfig and include those when verifying config + sanity #367303 by Horst Prote. + + 16 May 2011; Robin H. Johnson openssh-5.8_p2.ebuild: + Bug #366643: rediff the LPK patch for LDAP usage. Also merge the Mozilla uid + customization LPK change. + +*openssh-5.8_p2 (09 May 2011) + + 09 May 2011; Mike Frysinger +openssh-5.8_p2.ebuild: + Version bump. + + 16 Apr 2011; Ulrich Mueller openssh-5.5_p1-r2.ebuild, + openssh-5.6_p1-r2.ebuild, openssh-5.7_p1-r1.ebuild, openssh-5.8_p1-r1.ebuild: + Don't PROVIDE virtual/ssh, bug 361121. + + 19 Feb 2011; Mike Frysinger openssh-5.8_p1-r1.ebuild: + Encourage people to update their stored ssh key lists #355223 by Pacho Ramos. + + 19 Feb 2011; Mike Frysinger -openssh-5.8_p1.ebuild, + openssh-5.8_p1-r1.ebuild: + We want openssh-5.8_p1-r1 going stable. + + 13 Feb 2011; Raúl Porcel openssh-5.8_p1.ebuild: + arm/ia64/m68k/s390/sh/sparc stable wrt #353673 + + 11 Feb 2011; Pawel Hajdan jr + openssh-5.8_p1.ebuild: + x86 stable wrt security bug #353673 + + 11 Feb 2011; Kacper Kowalik openssh-5.8_p1.ebuild: + ppc stable wrt 353673 + + 10 Feb 2011; Markos Chandras openssh-5.8_p1.ebuild: + Stable on amd64 wrt bug #353673 + + 10 Feb 2011; Robin H. Johnson openssh-5.5_p1-r2.ebuild, + openssh-5.6_p1-r2.ebuild, openssh-5.7_p1-r1.ebuild, openssh-5.8_p1.ebuild, + openssh-5.8_p1-r1.ebuild: + Revamp AES-CTR-MT disable comment, with explicit reference to upstream + documentation and testcase reference (bug #354113, comment 6). + + 10 Feb 2011; Mike Frysinger openssh-5.8_p1-r1.ebuild, + +files/openssh-5.8_p1-selinux.patch: + Drop openssl build patch since it doesn't seem to be needed anymore, and + apply simple build fix for selinux from upstream #354247 by MarisN. + + 10 Feb 2011; Robin H. Johnson openssh-5.8_p1.ebuild: + Also add AES-CTR fix to 5.8_p1 presently under stabilization. + alpha/hppa/ppc64 are the only stable arches with the broken HPN version at + present. + +*openssh-5.8_p1-r1 (10 Feb 2011) + + 10 Feb 2011; Robin H. Johnson openssh-5.6_p1-r2.ebuild, + openssh-5.7_p1-r1.ebuild, +openssh-5.8_p1-r1.ebuild: + Bug #354113: AES-CTR workaround was dropped from 5.7 and 5.8 when it is still + required. + + 08 Feb 2011; Kacper Kowalik openssh-5.8_p1.ebuild: + ppc64 stable wrt #353673 + + 08 Feb 2011; Tobias Klausmann openssh-5.8_p1.ebuild: + Stable on alpha, bug #353673 + + 08 Feb 2011; Jeroen Roovers openssh-5.8_p1.ebuild: + Stable for HPPA (bug #353673). + +*openssh-5.8_p1 (05 Feb 2011) + + 05 Feb 2011; Mike Frysinger +openssh-5.8_p1.ebuild, + +files/openssh-5.8_p1-x509-hpn-glue.patch: + Version bump #353673. Default HPN to on when available #347193 by Jeremy + Olexa. + +*openssh-5.7_p1-r1 (25 Jan 2011) + + 25 Jan 2011; Mike Frysinger +openssh-5.7_p1-r1.ebuild, + +files/openssh-5.7_p1-x509-hpn-glue.patch: + Add x509/ldap/hpn support back in. Auto-remove ecdsa support from init.d if + openssl lacks support #352645 by William Throwe. + +*openssh-5.7_p1 (24 Jan 2011) + + 24 Jan 2011; Mike Frysinger +openssh-5.7_p1.ebuild, + +files/sshd.rc6.2: + Version bump. + + 10 Dec 2010; Robin H. Johnson metadata.xml: + Update restrict in metadata per mgorny's request to use DEPEND syntax. + + 04 Dec 2010; Raúl Porcel openssh-5.6_p1-r2.ebuild: + alpha/ia64/m68k/s390/sh stable wrt #346395 + + 29 Nov 2010; Brent Baude openssh-5.6_p1-r2.ebuild: + stable ppc64, bug 346395 + + 27 Nov 2010; Michael Weber openssh-5.6_p1-r2.ebuild: + arm/sparc stable (bug 346395) + + 24 Nov 2010; Jeroen Roovers openssh-5.6_p1-r2.ebuild: + Stable for HPPA PPC (bug #346395). + + 22 Nov 2010; Markos Chandras openssh-5.6_p1-r2.ebuild: + Stable on amd64 wrt bug #346395 + + 22 Nov 2010; Thomas Kahle openssh-5.6_p1-r2.ebuild: + x86 stable per bug 346395 + + 11 Oct 2010; Diego E. Pettenò + openssh-5.6_p1-r2.ebuild, +files/sshd.rc6.1: + Update init script to not regenerate the RSA1 host key (for SSH Protocol + 1) unless Protocol 1 is enabled. Modern OpenSSH versions disable Protocol + 1 in the daemon by default. + +*openssh-5.6_p1-r2 (30 Sep 2010) + + 30 Sep 2010; Mike Frysinger +openssh-5.6_p1-r2.ebuild, + +files/openssh-5.6_p1-hpn-progressmeter.patch: + Switch to latest upstream hpn patch, and fix a pointer error in it. + + 24 Sep 2010; Raúl Porcel openssh-5.5_p1-r2.ebuild: + alpha/ia64/m68k/s390/sh/sparc stable wrt #334165 + + 23 Sep 2010; Markus Meier openssh-5.5_p1-r2.ebuild: + arm stable, bug #334165 + + 06 Sep 2010; Brent Baude openssh-5.5_p1-r2.ebuild: + Marking openssh-5.5_p1-r2 ppc64 for bug 334165 + + 28 Aug 2010; Markos Chandras + openssh-5.5_p1-r2.ebuild: + Stable on amd64 wrt bug #334165 + + 28 Aug 2010; Jeroen Roovers openssh-5.5_p1-r2.ebuild: + Stable for HPPA PPC (bug #334165). + +*openssh-5.6_p1-r1 (26 Aug 2010) + + 26 Aug 2010; Mike Frysinger +openssh-5.6_p1-r1.ebuild, + +files/openssh-5.6_p1-x509-hpn-glue.patch: + Update hpn/ldap/x509 patches to new release. + + 25 Aug 2010; Robin H. Johnson openssh-5.6_p1.ebuild: + Update HPN and LPK patches for 5.6p1 series. + + 24 Aug 2010; Pawel Hajdan jr + openssh-5.5_p1-r2.ebuild: + x86 stable wrt bug #334165 + +*openssh-5.6_p1 (23 Aug 2010) + + 23 Aug 2010; Mike Frysinger +openssh-5.6_p1.ebuild: + Version bump. + +*openssh-5.5_p1-r2 (20 Jun 2010) +*openssh-5.4_p1-r3 (20 Jun 2010) + + 20 Jun 2010; Mike Frysinger +openssh-5.4_p1-r3.ebuild, + +openssh-5.5_p1-r2.ebuild: + Switch to the official hpn patches. + +*openssh-5.5_p1-r1 (20 Apr 2010) + + 20 Apr 2010; Robin H. Johnson + +openssh-5.5_p1-r1.ebuild: + The 5.4 patchsets for HPN and LPK apply and work perfectly with 5.5. + +*openssh-5.5_p1 (16 Apr 2010) + + 16 Apr 2010; Mike Frysinger +openssh-5.5_p1.ebuild: + Version bump. + +*openssh-5.4_p1-r2 (29 Mar 2010) + + 29 Mar 2010; Robin H. Johnson + +openssh-5.4_p1-r2.ebuild: + Revbump with HPN and LPK patches available again now. Ported and submitted + to upstream authors. X509 now has more conflicts with HPN, future + revisions may require selection of: x509 XOR (hpn OR lpk). + +*openssh-5.4_p1-r1 (29 Mar 2010) + + 29 Mar 2010; Mike Frysinger +openssh-5.4_p1-r1.ebuild, + +files/openssh-5.4_p1-pkcs11.patch, + +files/openssh-5.4_p1-relative-AuthorizedKeysFile.patch: + Fixes from upstream for pkcs build problems #310929 by Alan Hourihane and + for relative AuthorizedKeysFile handling #308939 by Eric Vander Weele. + + 20 Mar 2010; Mike Frysinger openssh-5.3_p1-r1.ebuild, + openssh-5.4_p1.ebuild: + Fix warning with USE="X509 ldap" #310287 by Nico Baggus. + + 19 Mar 2010; Raúl Porcel openssh-5.3_p1-r1.ebuild: + sparc stable wrt #308555 + + 19 Mar 2010; Mike Frysinger openssh-5.3_p1-r1.ebuild: + Mark alpha/arm/ia64/s390/sh stable #308555. + + 18 Mar 2010; Christian Faulhammer + openssh-5.3_p1-r1.ebuild: + stable x86, bug 308555 + + 13 Mar 2010; Mike Frysinger openssh-5.4_p1.ebuild: + Drop USE=pkcs11 per Alon Bar-Lev #308431. + + 12 Mar 2010; Jeroen Roovers openssh-5.3_p1-r1.ebuild: + Stable for HPPA (bug #308555). + + 12 Mar 2010; Markos Chandras + openssh-5.3_p1-r1.ebuild: + Stable on amd64 wrt bug #308555 + + 10 Mar 2010; Joseph Jezak openssh-5.3_p1-r1.ebuild: + Marked ppc/ppc64 stable for bug #308555. + +*openssh-5.4_p1 (09 Mar 2010) + + 09 Mar 2010; Mike Frysinger +openssh-5.4_p1.ebuild, + +files/openssh-5.4_p1-openssl.patch: + Version bump #308431 by Dirkjan Ochtman. + + 27 Oct 2009; Raúl Porcel openssh-5.2_p1-r3.ebuild: + ia64/m68k/s390/sh/sparc stable wrt #287292 + + 11 Oct 2009; nixnut openssh-5.2_p1-r3.ebuild: + ppc stable #287292 + + 11 Oct 2009; Tobias Klausmann + openssh-5.2_p1-r3.ebuild: + Stable on alpha, bug #287292 + + 11 Oct 2009; Robin H. Johnson + openssh-5.3_p1-r1.ebuild, +files/openssh-5.3_p1-pkcs11-hpn-glue.patch: + Bug #288498: Now we need a glue patch for pkcs11 and HPN together. Really + some of these patchsets need to go to upstream. + +*openssh-5.3_p1-r1 (10 Oct 2009) + + 10 Oct 2009; Robin H. Johnson + +openssh-5.3_p1-r1.ebuild: + Ported the HPN and LPK patches to 5.3p1, mailed upstream as well. + + 07 Oct 2009; Mike Frysinger openssh-5.2_p1-r2.ebuild, + openssh-5.2_p1-r3.ebuild, openssh-5.3_p1.ebuild: + Fix static_use_with handling when there is one option #287292 by Jaak + Ristioja. + + 03 Oct 2009; Jeroen Roovers openssh-5.2_p1-r3.ebuild: + Stable for HPPA (bug #287292). + + 03 Oct 2009; Brent Baude openssh-5.2_p1-r3.ebuild: + Marking openssh-5.2_p1-r3 ppc64 for bug 287292 + + 03 Oct 2009; Markus Meier openssh-5.2_p1-r3.ebuild: + amd64/arm/x86 stable, bug #287292 + +*openssh-5.3_p1 (03 Oct 2009) + + 03 Oct 2009; Mike Frysinger +openssh-5.3_p1.ebuild: + Version bump. + +*openssh-5.2_p1-r3 (23 Aug 2009) + + 23 Aug 2009; Mike Frysinger +openssh-5.2_p1-r3.ebuild, + +files/openssh-5.2_p1-gsskex-fix.patch, + +files/openssh-5.2_p1-x509-hpn-glue.patch: + Update x509 patch, update gsskex patch #279488 by Harald Barth, and update + x509/hpn glue #270508 by BedOS_Gui. + + 13 Aug 2009; Mike Frysinger openssh-5.0_p1-r2.ebuild, + openssh-5.1_p1-r2.ebuild, openssh-5.1_p1-r3.ebuild, + openssh-5.2_p1-r1.ebuild, openssh-5.2_p1-r2.ebuild: + Suggest people reload the sshd server rather than restart it. + + 12 Aug 2009; Christian Ruppert files/sshd.rc6: + Removed "-b 1024" to use ServerKeyBits option instead. + + 19 Jul 2009; Mike Frysinger files/sshd.rc6: + Add checkconfig to reload() #277007 by Michał Górny. + + 10 Jul 2009; Robin H. Johnson files/sshd.rc6: + Allow public calls to checkconfig and gen_keys, for helping automation and + sanity checks. + + 23 Jun 2009; Mike Frysinger openssh-5.2_p1-r2.ebuild, + +files/openssh-5.2_p1-autoconf.patch: + Workaround autoconf-2.63 issues with empty else statements. + + 18 May 2009; Robin H. Johnson + openssh-5.2_p1-r1.ebuild, openssh-5.2_p1-r2.ebuild, + +files/openssh-5.2p1-ldap-stdargs.diff: + Bug #266654: Fix LPK compile under uclibc due to missing include statement + thanks to Bertrand Jacquin . + + 18 May 2009; Robin H. Johnson + openssh-5.2_p1-r2.ebuild: + New release of the HPN patch that makes it mostly usable now. The + multithreaded AES-CTR portion is disabled to avoid hangs however. + + 20 Apr 2009; Mike Frysinger openssh-5.2_p1-r2.ebuild: + Skip pkcs11/kerberos support when USE=static by Alon Bar-Lev #266404 by + Jan Paesmans. + + 12 Apr 2009; Robin H. Johnson + openssh-5.2_p1-r2.ebuild: + Switch to UID instead of hardcoded portage per bug #264841 comment. + + 12 Apr 2009; Robin H. Johnson files/sshd.rc6: + Bug #265491, fix opts with baselayout1. + + 12 Apr 2009; Robin H. Johnson + openssh-5.2_p1-r1.ebuild, openssh-5.2_p1-r2.ebuild: + Bug #264841, the ssh testsuite needs a real shell to run, so run a subset + of tests otherwise. + + 04 Apr 2009; Raúl Porcel openssh-5.2_p1-r1.ebuild: + alpha/arm/ia64/m68k/s390/sh/sparc stable wrt #247466 + + 02 Apr 2009; Markus Meier openssh-5.2_p1-r1.ebuild: + amd64/x86 stable, bug #247466 + + 02 Apr 2009; Brent Baude openssh-5.2_p1-r1.ebuild: + Marking openssh-5.2_p1-r1 ppc64 and ppc for bug 247466 + + 02 Apr 2009; Jeroen Roovers openssh-5.2_p1-r1.ebuild: + Stable for HPPA (bug #247466). + + 11 Mar 2009; Robin H. Johnson + openssh-5.2_p1-r1.ebuild, openssh-5.2_p1-r2.ebuild: + Add the SSH testsuite, because I think the latest HPN patch has a breakage + that was missed. + +*openssh-5.2_p1-r2 (09 Mar 2009) + + 09 Mar 2009; Robin H. Johnson + +openssh-5.2_p1-r2.ebuild: + Added my own unofficial port of the HPN patch, because performance sucks + without it. + + 25 Feb 2009; Mike Frysinger openssh-5.2_p1-r1.ebuild: + Update pkcs11 patch #152170. + +*openssh-5.2_p1-r1 (24 Feb 2009) + + 24 Feb 2009; Robin H. Johnson + +openssh-5.2_p1-r1.ebuild: + LPK patch updated for new OpenSSH release. + + 24 Feb 2009; Mike Frysinger openssh-5.2_p1.ebuild: + Fix X509 patching #260163 by Daniel J. + +*openssh-5.2_p1 (24 Feb 2009) + + 24 Feb 2009; Mike Frysinger +openssh-5.2_p1.ebuild: + Version bump #247466. + + 20 Feb 2009; Raúl Porcel openssh-5.1_p1-r2.ebuild: + ia64/sparc stable wrt #258940 + + 16 Feb 2009; Brent Baude openssh-5.1_p1-r2.ebuild: + stable ppc64, bug 258940 + + 15 Feb 2009; Markus Meier openssh-5.1_p1-r2.ebuild: + amd64/x86 stable, bug #258940 + + 14 Feb 2009; Brent Baude openssh-5.1_p1-r2.ebuild: + stable ppc, bug 258940 + + 14 Feb 2009; Jeroen Roovers openssh-5.1_p1-r2.ebuild: + Stable for HPPA (bug #258940). + + 14 Feb 2009; Tobias Klausmann + openssh-5.1_p1-r2.ebuild: + Stable on alpha, bug #258940 + + 14 Feb 2009; Mike Frysinger + +files/openssh-5.1_p1-x509-headers.patch, openssh-5.1_p1-r2.ebuild, + openssh-5.1_p1-r3.ebuild: + Fix implicit strsep() prototype in x509 code #258795 by orlin. + + 08 Feb 2009; Mike Frysinger openssh-4.4_p1-r6.ebuild, + openssh-4.5_p1-r2.ebuild, openssh-4.6_p1-r4.ebuild, + openssh-4.7_p1-r6.ebuild, openssh-4.7_p1-r20.ebuild, + openssh-5.0_p1-r1.ebuild, openssh-5.0_p1-r2.ebuild, openssh-5.1_p1.ebuild, + openssh-5.1_p1-r1.ebuild, openssh-5.1_p1-r2.ebuild, + openssh-5.1_p1-r3.ebuild: + Drop unused ccc eclass inherit. + + 21 Jan 2009; Jeremy Olexa openssh-5.1_p1-r3.ebuild: + Disable PATH reset in configure script, bug 254615 + + 15 Jan 2009; Robin H. Johnson metadata.xml: + Re-add my tag for metadata.xml, because it's a full + description, not just a restrict based on USE flags. And spanky didn't + have a changelog entry either. + + 13 Jan 2009; Mike Frysinger + files/openssh-5.1_p1-better-ssp-check.patch: + Fixup ssp detection patch #254365 by Felix Riemann. + +*openssh-5.1_p1-r3 (09 Jan 2009) + + 09 Jan 2009; Diego E. Pettenò + +openssh-5.1_p1-r3.ebuild: + Let PAM print motd and last login data to close bug #244816. + + 17 Nov 2008; Mike Frysinger + +files/openssh-5.1_p1-better-ssp-check.patch, openssh-5.1_p1-r1.ebuild, + openssh-5.1_p1-r2.ebuild: + Fix ssp detection on uClibc hosts. + +*openssh-5.1_p1-r2 (03 Nov 2008) + + 03 Nov 2008; Mike Frysinger + +files/openssh-5.1_p1-escaped-banner.patch, + +files/openssh-5.1_p1-null-banner.patch, +openssh-5.1_p1-r2.ebuild: + Fix some issues with printing of banners #244222 by Michał Górny. + + 01 Nov 2008; Robin H. Johnson openssh-5.1_p1.ebuild, + openssh-5.1_p1-r1.ebuild: + Bug #244760, we need to pass --with-ldap, not try to execute it. + + 30 Oct 2008; Brent Baude openssh-5.1_p1-r1.ebuild: + Marking openssh-5.1_p1-r1 ppc for bug 231292 + + 30 Oct 2008; Raúl Porcel openssh-5.1_p1-r1.ebuild: + alpha/ia64/sparc stable #231292 + + 27 Oct 2008; Brent Baude openssh-5.1_p1-r1.ebuild: + Marking openssh-5.1_p1-r1 ppc64 for bug 231292 + + 26 Oct 2008; Jeroen Roovers openssh-5.1_p1-r1.ebuild: + Stable for HPPA (bug #231292). + + 26 Oct 2008; Markus Meier openssh-5.1_p1-r1.ebuild: + amd64/x86 stable, bug #231292 + + 29 Aug 2008; Mike Frysinger openssh-5.1_p1.ebuild, + openssh-5.1_p1-r1.ebuild: + Tweak --with-ldap catch #235594 by BedOS_Gui. + +*openssh-5.1_p1-r1 (23 Aug 2008) + + 23 Aug 2008; Robin H. Johnson + +files/openssh-5.1_p1-ldap-hpn-glue.patch, metadata.xml, + +openssh-5.1_p1-r1.ebuild: + Update the LDAP patches, also mailed to upstream. + + 23 Aug 2008; Robin H. Johnson + +files/openssh-5.1_p1-x509-hpn-glue.patch, openssh-5.1_p1.ebuild: + Forward-port the X509/hpn glue patch per bug #235086. + +*openssh-5.1_p1 (17 Aug 2008) + + 17 Aug 2008; Mike Frysinger +openssh-5.1_p1.ebuild: + Version bump #232891 by Krzysztof Oledzki. + +*openssh-5.0_p1-r2 (23 Jul 2008) + + 23 Jul 2008; Diego Pettenò + +openssh-5.0_p1-r2.ebuild: + Add new revision that use pambase now that it's fully keyworded. Closes + bug #225141 by Davide Pesavento. + + 17 May 2008; nixnut openssh-4.7_p1-r20.ebuild: + Added ~ppc wrt bug 210777 + + 11 May 2008; Ulrich Mueller openssh-4.4_p1-r6.ebuild, + openssh-4.5_p1-r2.ebuild, openssh-4.6_p1-r4.ebuild, + openssh-4.7_p1-r6.ebuild, openssh-4.7_p1-r20.ebuild, + openssh-5.0_p1-r1.ebuild: + Fix dependency: app-admin/skey moved to sys-auth/skey. + +*openssh-5.0_p1-r1 (10 Apr 2008) + + 10 Apr 2008; Mike Frysinger +openssh-5.0_p1-r1.ebuild: + Update HPN and gsskex patch #216932 by Kamil Kisiel. + + 06 Apr 2008; Mike Frysinger openssh-5.0_p1.ebuild: + Remove accidental pkcs11-helper inclusion from DEPEND. + +*openssh-5.0_p1 (05 Apr 2008) + + 05 Apr 2008; Mike Frysinger +openssh-5.0_p1.ebuild: + Version bump. + + 03 Apr 2008; Tobias Scherbaum + openssh-4.7_p1-r6.ebuild: + ppc stable, bug #215702 + + 02 Apr 2008; Mike Frysinger openssh-4.9_p1-r1.ebuild: + Drop unnecessary USE=chroot #215820 by Cybertinus. + + 02 Apr 2008; Jeroen Roovers openssh-4.7_p1-r6.ebuild: + Stable for HPPA (bug #215702). + + 02 Apr 2008; Markus Rothe openssh-4.7_p1-r6.ebuild: + Stable on ppc64; bug #215702 + +*openssh-4.9_p1-r1 (02 Apr 2008) + + 02 Apr 2008; Mike Frysinger + +files/openssh-4.9_p1-x509-hpn-glue.patch, -openssh-4.9_p1.ebuild, + +openssh-4.9_p1-r1.ebuild: + Add updated X509/hpn patches. + + 02 Apr 2008; Raúl Porcel openssh-4.7_p1-r6.ebuild: + alpha/ia64/sparc stable wrt security #215702 + + 02 Apr 2008; Richard Freeman openssh-4.7_p1-r6.ebuild: + amd64 stable - 215702 + + 01 Apr 2008; Christian Faulhammer + openssh-4.7_p1-r6.ebuild: + stable x86, security bug 215702 + +*openssh-4.7_p1-r6 (01 Apr 2008) + + 01 Apr 2008; Mike Frysinger + +files/openssh-4.7_p1-ForceCommand.patch, +openssh-4.7_p1-r6.ebuild: + Fix for ForceCommand bypass #215702. + +*openssh-4.9_p1 (01 Apr 2008) + + 01 Apr 2008; Mike Frysinger +openssh-4.9_p1.ebuild: + Version bump. + + 01 Apr 2008; Chris PeBenito + +files/openssh-4.7p1-selinux.diff, openssh-4.7_p1-r5.ebuild, + openssh-4.7_p1-r20.ebuild: + fix bug #191665, in selinux portion of configure script. + + 30 Mar 2008; Raúl Porcel openssh-4.7_p1-r5.ebuild: + alpha/ia64/sparc stable wrt security #214985 + + 29 Mar 2008; Richard Freeman openssh-4.7_p1-r5.ebuild: + amd64 stable - 214985 + + 29 Mar 2008; Christian Faulhammer + openssh-4.7_p1-r5.ebuild: + stable x86, security bug 214985 + + 29 Mar 2008; Jeroen Roovers openssh-4.7_p1-r5.ebuild: + Stable for HPPA (bug #214985). + + 29 Mar 2008; Brent Baude openssh-4.7_p1-r5.ebuild: + Marking openssh-4.7_p1-r5 ppc64 and ppc for bug 214985 + +*openssh-4.7_p1-r5 (29 Mar 2008) + + 29 Mar 2008; Mike Frysinger + +files/openssh-4.7_p1-CVE-2008-1483.patch, + +files/openssh-4.7_p1-lpk-64bit.patch, + +files/openssh-4.7_p1-packet-size.patch, +openssh-4.7_p1-r5.ebuild: + Fix CVE-2008-1483 #214985. Fix from upstream for scp/packet problems #212433 + by Steven Parkes. Fix from Piotr Stolc for some LPK configs under 64bit + systems #210110. Add gsskex patch (for now) #115553. + + 17 Mar 2008; Santiago M. Mola + openssh-4.7_p1-r20.ebuild: + ~amd64 added wrt bug #210777 + + 14 Mar 2008; Diego Pettenò + openssh-4.7_p1-r20.ebuild: + Disable printing of motd and lastlog when enabling PAM, on the + pambase-dependent ebuild, as system-login takes care of that. Closes bug + #213234. + + 06 Mar 2008; Raúl Porcel openssh-4.7_p1-r20.ebuild: + Add ~alpha/~ia64 wrt #210777 + + 05 Mar 2008; Ferris McCormick + openssh-4.7_p1-r20.ebuild: + Add back ~sparc, Bug #210777, verified as still working with USE=pam. + + 05 Mar 2008; Brent Baude openssh-4.7_p1-r20.ebuild: + keyworded ~arch for ppc64, bug 210777 + + 04 Mar 2008; openssh-4.7_p1-r20.ebuild: + Marked ~x86 (bug #210777). Thanks to Michał Wołonkiewicz for + testing. + + 03 Mar 2008; Jeroen Roovers openssh-4.7_p1-r20.ebuild: + Marked ~hppa (bug #210777). + + 23 Feb 2008; Robin H. Johnson + openssh-4.4_p1-r6.ebuild, openssh-4.5_p1-r2.ebuild, + openssh-4.6_p1-r3.ebuild, openssh-4.7_p1-r1.ebuild: + Drop mips to ~mips because app-admin/skey has dropped the stable mips keyword. + + 23 Feb 2008; Robin H. Johnson metadata.xml: + Add myself as the contact point for LPK issues. I am on base-system for + everything else. + + 20 Feb 2008; Diego Pettenò + openssh-4.7_p1-r20.ebuild: + Fix dependencies for pambase/pam. + +*openssh-4.7_p1-r20 (19 Feb 2008) + + 19 Feb 2008; Diego Pettenò + +files/sshd.pam_include.2, +openssh-4.7_p1-r20.ebuild: + Add a new revision with pambase's system-remote-login as base stack. Now + also prints motd when using PAM. + + 12 Feb 2008; Santiago M. Mola + openssh-4.7_p1-r3.ebuild: + amd64 stable wrt bug #193401 + + 10 Feb 2008; Mike Frysinger + +files/openssh-4.7_p1-x509-hpn-glue.patch, openssh-4.7_p1-r4.ebuild: + Fix building with USE='X509 hpn' #209479 by Jose daLuz. + + 10 Feb 2008; Tobias Scherbaum + openssh-4.7_p1-r3.ebuild: + ppc stable, bug #193401 + + 09 Feb 2008; Brent Baude openssh-4.7_p1-r3.ebuild: + stable ppc64, bug 193401 + +*openssh-4.7_p1-r4 (09 Feb 2008) + + 09 Feb 2008; Mike Frysinger +openssh-4.7_p1-r4.ebuild: + Update HPN patch. + + 28 Jan 2008; Jeroen Roovers openssh-4.7_p1-r3.ebuild: + Stable for HPPA too. + + 24 Jan 2008; Raúl Porcel openssh-4.7_p1-r3.ebuild: + alpha/ia64/sparc/x86 stable + +*openssh-4.7_p1-r3 (21 Nov 2007) + + 21 Nov 2007; Mike Frysinger +openssh-4.7_p1-r3.ebuild: + Update x509/hpn patches. + + 08 Oct 2007; Mike Frysinger openssh-4.7_p1-r1.ebuild, + openssh-4.7_p1-r2.ebuild: + Mirrors have had long enough to update; drop restriction. + +*openssh-4.7_p1-r2 (29 Sep 2007) + + 29 Sep 2007; Mike Frysinger + +files/openssh-4.7_p1-GSSAPI-dns.patch, +openssh-4.7_p1-r2.ebuild: + Enable ssl-engine support #194163 by Nikhil Sethi and add GSSAPI/DNS patch + #165444 by Alex Iribarren. + + 27 Sep 2007; Joshua Kinard openssh-4.7_p1-r1.ebuild: + Stable on mips, per #191321. + + 25 Sep 2007; Mike Frysinger openssh-4.7_p1-r1.ebuild: + Force u+x perms on /etc/skel/.ssh for a while to help with older broken + installs. + + 22 Sep 2007; Mike Frysinger openssh-4.7_p1-r1.ebuild: + Upstream changed openssh-4.7p1-hpn12v18.diff.gz slightly so rebuild manifest + and prevent hitting Gentoo mirrors for a little while #193401 by Timothy + Redaelli. + + 20 Sep 2007; Mike Frysinger files/sshd.rc6: + If restarting, check the config first #192825 by Hans-Werner Hilse. + + 08 Sep 2007; Markus Rothe openssh-4.7_p1-r1.ebuild: + Stable on ppc64; bug #191321 + +*openssh-4.7_p1-r1 (07 Sep 2007) + + 07 Sep 2007; Mike Frysinger +openssh-4.7_p1-r1.ebuild: + Add X509 and hpn patches. + + 07 Sep 2007; Tobias Scherbaum + openssh-4.7_p1.ebuild: + ppc stable, bug #191321 + + 07 Sep 2007; Jeroen Roovers openssh-4.7_p1.ebuild: + Stable for HPPA (bug #191321). + + 07 Sep 2007; Chris Gianelloni openssh-4.7_p1.ebuild: + Stable on amd64 wrt bug #191321. + + 06 Sep 2007; Jose Luis Rivero openssh-4.7_p1.ebuild: + Stable on sparc wrt security bug #191321 + + 06 Sep 2007; Raúl Porcel openssh-4.7_p1.ebuild: + alpha/ia64 stable wrt security #191321 + + 06 Sep 2007; Andrej Kacian openssh-4.7_p1.ebuild: + Stable on x86, security bug #191321. + +*openssh-4.7_p1 (05 Sep 2007) + + 05 Sep 2007; Mike Frysinger +openssh-4.7_p1.ebuild: + Version bump #191321 by Rajiv Aaron Manglani. + + 25 Aug 2007; Mike Frysinger openssh-4.6_p1-r4.ebuild: + Punt securid stuff as upstream is not fast enough to update. + +*openssh-4.6_p1-r4 (06 Aug 2007) + + 06 Aug 2007; Mike Frysinger + +files/openssh-4.6_p1-chan-read-failed.patch, +openssh-4.6_p1-r4.ebuild: + Fix from upstream for spurious chan_read_failed errors #181407. + +*openssh-4.6_p1-r3 (06 Aug 2007) + + 06 Aug 2007; Mike Frysinger +openssh-4.6_p1-r3.ebuild: + Add updated ldap patch #187594. + + 04 Aug 2007; openssh-4.0_p1-r2.ebuild, + openssh-4.1_p1-r1.ebuild, openssh-4.5_p1-r2.ebuild, + openssh-4.6_p1-r2.ebuild: + Stable on amd64. See security bug #183958. + + 02 Aug 2007; Raúl Porcel openssh-4.5_p1-r2.ebuild, + openssh-4.6_p1-r2.ebuild: + x86 stable, no idea why i didn't stabilize them + + 23 Jul 2007; Mike Frysinger openssh-4.2_p1-r1.ebuild, + openssh-4.3_p2-r5.ebuild, openssh-4.4_p1-r6.ebuild, openssh-4.5_p1.ebuild, + openssh-4.5_p1-r1.ebuild, openssh-4.5_p1-r2.ebuild: + Punt bindnow-flags usage. + + 22 Jul 2007; Donnie Berkholz ; + openssh-4.3_p2-r5.ebuild: + Drop virtual/x11 references. + + 21 Jul 2007; Joseph Jezak openssh-4.0_p1-r2.ebuild, + openssh-4.1_p1-r1.ebuild, openssh-4.5_p1-r2.ebuild, + openssh-4.6_p1-r2.ebuild: + Marked ppc/ppc64 stable for bug #183958. + + 10 Jul 2007; Gustavo Zacarias + openssh-4.0_p1-r2.ebuild, openssh-4.1_p1-r1.ebuild: + Stable on sparc wrt #183958 + + 07 Jul 2007; Raúl Porcel openssh-4.0_p1-r2.ebuild, + openssh-4.1_p1-r1.ebuild: + alpha/ia64/x86 stable wrt #183958 + + 07 Jul 2007; Joshua Kinard openssh-4.0_p1-r2.ebuild, + openssh-4.1_p1-r1.ebuild, openssh-4.5_p1-r2.ebuild, + openssh-4.6_p1-r2.ebuild: + Stable on mips, per #183958. + + 05 Jul 2007; Raúl Porcel openssh-4.5_p1-r2.ebuild, + openssh-4.6_p1-r2.ebuild: + alpha/ia64 stable wrt #183958 + + 04 Jul 2007; Jeroen Roovers openssh-4.6_p1-r2.ebuild: + Stable for HPPA (bug #183958). + + 04 Jul 2007; Gustavo Zacarias + openssh-4.5_p1-r2.ebuild, openssh-4.6_p1-r2.ebuild: + Stable on sparc wrt #183958 + + 04 Jul 2007; Jeroen Roovers openssh-4.5_p1-r2.ebuild: + Stable for HPPA (bug #183958). + + 04 Jul 2007; Jeroen Roovers openssh-4.1_p1-r1.ebuild: + Stable for HPPA (bug #183958). + + 04 Jul 2007; Jeroen Roovers openssh-4.0_p1-r2.ebuild: + Stable for HPPA (bug #183958). + +*openssh-4.6_p1-r2 (02 Jul 2007) + + 02 Jul 2007; Diego Pettenò + +files/sshd.pam_include.1, +openssh-4.6_p1-r2.ebuild: + Revision bump to fix the pam.d file. + + 24 Apr 2007; Alexander Færøy + openssh-4.5_p1-r1.ebuild: + Stable on MIPS. + + 18 Mar 2007; Robin H. Johnson + openssh-4.5_p1-r2.ebuild: + Bug #169665, use slightly modified LPK patch to avoid conflict on configure + with SecurID patch. + +*openssh-4.6_p1-r1 (13 Mar 2007) + + 13 Mar 2007; Mike Frysinger + +files/openssh-4.6_p1-ChallengeResponseAuthentication.patch, + +openssh-4.6_p1-r1.ebuild: + Grab fix from upstream for ChallengeResponseAuthentication (to fix USE=pam + defaults) #170670 and add new hpn support. + +*openssh-4.6_p1 (11 Mar 2007) + + 11 Mar 2007; Mike Frysinger + +files/openssh-4.6_p1-include-string-header.patch, +openssh-4.6_p1.ebuild: + Version bump #170385 by Wolfram Schlich. + +*openssh-4.5_p1-r2 (05 Mar 2007) + + 05 Mar 2007; Robin H. Johnson + +openssh-4.5_p1-r2.ebuild: + Bug #168681. Bump for new versions of HPN (compile fix for strict compilers) + and LPK (Addition of LpkFilter as an LDAP filter). + +*openssh-4.5_p1-r1 (23 Feb 2007) + + 23 Feb 2007; Roy Marples files/sshd.rc6, + +openssh-4.5_p1-r1.ebuild: + Bump for a non bash init script. + + 08 Jan 2007; Michael Cummings + openssh-4.5_p1.ebuild: + Stable on amd64 wrt security bug 154389 + + 08 Jan 2007; Bryan Østergaard openssh-4.5_p1.ebuild: + Stable on Alpha, bug 154389. + + 08 Jan 2007; Gustavo Zacarias openssh-4.5_p1.ebuild: + Stable on sparc wrt security #154389 + + 07 Jan 2007; Tobias Scherbaum + openssh-4.5_p1.ebuild: + Stable on ppc wrt bug #154389. + + 07 Jan 2007; Markus Rothe openssh-4.5_p1.ebuild: + Stable on ppc64; bug #154389 + + 06 Jan 2007; Jeroen Roovers openssh-4.5_p1.ebuild: + Stable for HPPA (bug #154389). + + 06 Jan 2007; Christian Faulhammer + openssh-4.5_p1.ebuild: + stable x86, security bug #154389 + + 07 Dec 2006; Diego Pettenò + openssh-4.3_p2-r1.ebuild, openssh-4.3_p2-r5.ebuild, + openssh-4.4_p1-r6.ebuild, openssh-4.5_p1.ebuild: + Require dev-libs/libedit for libedit support, as it's going to be removed + from freebsd-lib in favour of a merged dev-libs/libedit ebuild. + + 08 Nov 2006; Ilya A. Volynets-Evenbakh + openssh-4.4_p1-r6.ebuild: + Stable on mips (#149502) + +*openssh-4.5_p1 (07 Nov 2006) + + 07 Nov 2006; Mike Frysinger +openssh-4.5_p1.ebuild: + Version bump #154389. + + 05 Nov 2006; Brent Baude openssh-4.4_p1-r6.ebuild: + Marking openssh-4.4_p1-r6 ppc64 stable for 149502 + + 03 Nov 2006; Fernando J. Pereda + openssh-4.4_p1-r6.ebuild: + Stable on alpha as per bug #149502 + +*openssh-4.4_p1-r6 (03 Nov 2006) + + 03 Nov 2006; Mike Frysinger + +files/openssh-4.4_p1-ldap-hpn-glue.patch, +openssh-4.4_p1-r6.ebuild: + Grab updated HPN patch to fix -C issues #153854. + + 01 Nov 2006; Tobias Scherbaum + openssh-4.4_p1-r5.ebuild: + ppc stable, bug #149502 + + 01 Nov 2006; Gustavo Zacarias + openssh-4.4_p1-r5.ebuild: + Stable on sparc wrt security #149502 + + 01 Nov 2006; Mike Frysinger + +files/openssh-4.4_p1-x509-hpn-glue.patch, openssh-4.4_p1-r5.ebuild: + Tweak X509 a little so HPN can apply at the sametime #151527 by Bob Reveley. + + 31 Oct 2006; Danny van Dyk + openssh-4.4_p1-r5.ebuild: + Marked stable on amd64. + + 31 Oct 2006; Andrej Kacian openssh-4.4_p1-r5.ebuild: + Stable on x86, security bug #152594. + + 31 Oct 2006; Jeroen Roovers openssh-4.4_p1-r5.ebuild: + Stable for HPPA (bug #149502). + +*openssh-4.4_p1-r5 (25 Oct 2006) + + 25 Oct 2006; Mike Frysinger +openssh-4.4_p1-r5.ebuild: + Add updated securid support. + + 17 Oct 2006; Roy Marples openssh-4.4_p1-r4.ebuild: + Added ~sparc-fbsd keyword. + + 14 Oct 2006; Roy Marples files/sshd.rc6: + Init script now interacts fully with start-stop-daemon. + +*openssh-4.4_p1-r4 (13 Oct 2006) + + 13 Oct 2006; Mike Frysinger +openssh-4.4_p1-r4.ebuild: + Add updated hpn support. + +*openssh-4.4_p1-r3 (04 Oct 2006) + + 04 Oct 2006; Chris PeBenito + +files/openssh-4.4p1-selinux-ac.diff, +openssh-4.4_p1-r3.ebuild: + Fix configure to properly detect SELinux functions. + +*openssh-4.4_p1-r2 (02 Oct 2006) + + 02 Oct 2006; Mike Frysinger +openssh-4.4_p1-r2.ebuild: + Add support for new X509. + + 02 Oct 2006; Andrea Barisani + files/digest-openssh-4.4_p1-r1, Manifest: + Fixing digest wrt bug #149571 + + 30 Sep 2006; Diego Pettenò + openssh-4.4_p1-r1.ebuild: + Make sure pam is the latest eclass called. + + 29 Sep 2006; Markus Rothe openssh-4.3_p2-r5.ebuild: + Stable on ppc64 + +*openssh-4.4_p1-r1 (29 Sep 2006) + + 29 Sep 2006; Andrea Barisani +openssh-4.4_p1-r1.ebuild: + Revision bump for new ldap patch. + +*openssh-4.4_p1 (28 Sep 2006) + + 28 Sep 2006; Mike Frysinger +openssh-4.4_p1.ebuild: + Version bump. + + 27 Sep 2006; Fernando J. Pereda + openssh-4.3_p2-r5.ebuild: + Stable on alpha wrt bug #148228 + + 26 Sep 2006; Gustavo Zacarias + openssh-4.3_p2-r5.ebuild: + Stable on hppa wrt security #148228 + + 26 Sep 2006; Simon Stelling openssh-4.3_p2-r5.ebuild: + stable on amd64; bug 148228 + + 26 Sep 2006; Tobias Scherbaum + openssh-4.3_p2-r5.ebuild: + ppc stable, bug #148228 + + 25 Sep 2006; Jason Wever openssh-4.3_p2-r5.ebuild: + Stable on SPARC wrt security bug #148228. + + 25 Sep 2006; Paul Varner openssh-4.3_p2-r5.ebuild: + Stable on x86. Bug #148228 + +*openssh-4.3_p2-r5 (25 Sep 2006) + + 25 Sep 2006; Tavis Ormandy +openssh-4.3_p2-r5.ebuild, + +files/openssh-4.3_p2-identical-simple-dos-2.patch: + Tweak DOS patch #148228. + + 23 Sep 2006; Mike Frysinger + +files/openssh-4.3_p2-opensc-libs.patch, openssh-4.3_p2-r4.ebuild: + Fix building with --as-needed #148538 by Mart Raudsepp. + + 23 Sep 2006; Mike Frysinger + +files/openssh-4.3_p2-ldap-updates.patch, openssh-4.3_p2-r4.ebuild: + Fixup ldap configure code #148723 by sfp-a7x. + +*openssh-4.3_p2-r4 (22 Sep 2006) + + 22 Sep 2006; Mike Frysinger + +files/openssh-4.3_p2-securid-updates.patch, +openssh-4.3_p2-r4.ebuild: + Force rebuilding of all autotools instead of just cheating with autoconf + #148639 by Alex K. + + 22 Sep 2006; Tobias Scherbaum + openssh-4.3_p2-r3.ebuild: + hppa stable, bug #148228 + + 21 Sep 2006; Tobias Scherbaum + openssh-4.3_p2-r3.ebuild: + ppc stable, bug #148228 + + 21 Sep 2006; Mike Doty openssh-4.3_p2-r3.ebuild: + amd64 stable, bug 148228 + + 21 Sep 2006; Gustavo Zacarias + openssh-4.3_p2-r3.ebuild: + Stable on sparc wrt #148228 + + 21 Sep 2006; openssh-4.3_p2-r3.ebuild: + Stable on x86, security bug #148228. + + 21 Sep 2006; Markus Rothe openssh-4.3_p2-r3.ebuild: + Stable on ppc64; bug #148228 + +*openssh-4.3_p2-r3 (20 Sep 2006) + + 20 Sep 2006; Mike Frysinger + +files/openssh-4.3_p1-chroot.patch, + +files/openssh-4.3_p2-identical-simple-dos.patch, files/sshd.confd, + files/sshd.rc6, +openssh-4.3_p2-r3.ebuild: + Fixes from upstream for minor DOS #148228. + + 08 Sep 2006; Mike Frysinger openssh-4.3_p2-r2.ebuild: + Remove ugly flag mangling and fix building with USE=static #146654 by + Alexander Skwar. + + 05 Jul 2006; Andrea Barisani metadata.xml: + Making my metadata entry a bit more clear. + + 04 Jul 2006; Mike Frysinger openssh-4.3_p2-r2.ebuild: + Add x11-apps/xauth to RDEPEND for USE=X #139235 by Ian Stakenvicius. + + 02 Jul 2006; Robin H. Johnson + files/digest-openssh-3.9_p1-r3, files/digest-openssh-4.0_p1-r2, + files/digest-openssh-4.1_p1-r1, files/digest-openssh-4.2_p1-r1, + files/digest-openssh-4.3_p1, files/digest-openssh-4.3_p2-r1, + files/digest-openssh-4.3_p2-r2, Manifest: + Fix digest weirdness. + + 30 Jun 2006; Robin H. Johnson + files/digest-openssh-4.3_p1, files/digest-openssh-4.3_p2-r1, + files/digest-openssh-4.3_p2-r2, Manifest: + Upstream changed the openssh-lpk-4.3p1-0.3.7.patch file, and didn't alter + the filename! Re-digest as needed. + + 27 Jun 2006; Mike Frysinger + +files/openssh-4.3_p2-configure.patch, openssh-4.3_p1.ebuild, + openssh-4.3_p2-r1.ebuild, openssh-4.3_p2-r2.ebuild: + Fix broken configure script #137921 by Adam Potter. + + 24 Jun 2006; Diego Pettenò + openssh-4.3_p2-r1.ebuild: + Remove x86-fbsd keyword from an older rev, just to be safe. + + 24 Jun 2006; Diego Pettenò + openssh-4.3_p2-r2.ebuild: + Put shadow under conditional userland_GNU, unbreak non-GNU userlands. + + 24 Jun 2006; Joshua Kinard openssh-4.3_p2-r2.ebuild: + Eh, shadow belongs in RDEPEND instead, duh. + + 24 Jun 2006; Joshua Kinard openssh-4.3_p2-r2.ebuild: + Added shadow as a DEPEND so that groupadd is available. + +*openssh-4.3_p2-r2 (08 Jun 2006) + + 08 Jun 2006; Mike Frysinger + +files/openssh-4.3_p2-securid-hpn-glue.patch, + +files/openssh-4.3_p2-x509-hpn-glue.patch, openssh-4.2_p1-r1.ebuild, + +openssh-4.3_p2-r2.ebuild: + Update hpn and x509 patches #135691 by Scott Jones. + + 07 Jun 2006; Joshua Kinard openssh-4.3_p2-r1.ebuild: + Add sys-apps/shadow to RDEPEND/DEPEND so group/useradd is available. Fixes + Bug #135966. + + 29 Apr 2006; Joshua Kinard openssh-4.3_p2-r1.ebuild: + Marked stable on mips. + + 19 Apr 2006; Andrea Barisani openssh-4.3_p1.ebuild, + openssh-4.3_p2-r1.ebuild: + Ok that last commit was stupid, going back and waiting for updated mirrors. + + 19 Apr 2006; openssh-4.3_p1.ebuild, + openssh-4.3_p2-r1.ebuild: + Moving ldap patch to dev.gentoo.org waiting for mirror to get the updated version + and fixing digest issues. bug #130354 + + 17 Apr 2006; Markus Rothe openssh-4.3_p2-r1.ebuild: + Stable on ppc64; bug #130027 + + 17 Apr 2006; Chris Gianelloni + openssh-4.3_p2-r1.ebuild: + Stable on x86 wrt bug #130027. + + 16 Apr 2006; Bryan Østergaard openssh-4.3_p2-r1.ebuild: + Stable on SPARC wrt bug #130027. + + 15 Apr 2006; openssh-4.3_p2-r1.ebuild: + Stable on ppc. Bug #130027 + + 15 Apr 2006; Marcus D. Hanwell + openssh-4.3_p2-r1.ebuild: + Marked stable on amd64, bug 130027. + + 04 Apr 2006; Diego Pettenò + openssh-4.3_p2-r1.ebuild: + Allow using freebsd-lib's libedit with libedit useflag. + + 30 Mar 2006; Diego Pettenò + openssh-4.3_p2-r1.ebuild: + Add ~x86-fbsd keyword. + + 05 Mar 2006; Mike Frysinger + +files/openssh-4.3_p2-selinux.patch.glue, openssh-4.3_p2-r1.ebuild: + Glue selinux and X509 support #125108 by Alon Bar-Lev. + + 05 Mar 2006; Andrea Barisani openssh-4.3_p1.ebuild, + openssh-4.3_p2.ebuild, openssh-4.3_p2-r1.ebuild: + Restored ldap support in 4.3 versions. + +*openssh-4.3_p2-r1 (05 Mar 2006) + + 05 Mar 2006; Chris PeBenito + +files/openssh-4.3_p2-selinux.patch, +openssh-4.3_p2-r1.ebuild: + Bump to update SELinux patch. + +*openssh-4.3_p2 (04 Mar 2006) + + 04 Mar 2006; Mike Frysinger + +files/openssh-4.3_p1-krb5-typos.patch, +openssh-4.3_p2.ebuild: + Version bump and add patch from upstream #124494 by RiverRat. + + 28 Feb 2006; Mike Frysinger files/sshd.rc6: + Add restart function by Michal Fojtik to init.d script #124271. + + 19 Feb 2006; Joshua Kinard openssh-4.2_p1-r1.ebuild: + Marked stable on mips. + +*openssh-4.3_p1 (08 Feb 2006) + + 08 Feb 2006; Mike Frysinger +openssh-4.3_p1.ebuild: + Version bump #121191 by Wolfram Schlich. + + 04 Feb 2006; Mike Frysinger +files/sshd.confd, + files/sshd.rc6, openssh-3.9_p1-r3.ebuild, openssh-4.0_p1-r2.ebuild, + openssh-4.1_p1-r1.ebuild, openssh-4.2_p1.ebuild, openssh-4.2_p1-r1.ebuild: + Pass sshd_config to sshd when starting to better help running multiple + instances of ssh #121530 by ph. + + 03 Feb 2006; Tobias Scherbaum + openssh-4.2_p1-r1.ebuild: + ppc stable, bug #119232 + + 03 Feb 2006; Markus Rothe openssh-4.2_p1-r1.ebuild: + Stable on ppc64: bug #119232 + + 03 Feb 2006; Jose Luis Rivero + openssh-4.2_p1-r1.ebuild: + Stable on alpha wrt sec bug #119232 + + 02 Feb 2006; Rene Nussbaumer + openssh-4.2_p1-r1.ebuild: + Stable on hppa. See bug #119232. + + 02 Feb 2006; Mark Loeser openssh-4.2_p1-r1.ebuild: + Stable on x86; bug #119232 + + 02 Feb 2006; Gustavo Zacarias + openssh-4.2_p1-r1.ebuild: + Stable on sparc wrt security #119232 + + 02 Feb 2006; Simon Stelling openssh-4.2_p1-r1.ebuild: + stable on amd64 wrt bug 119232 + +*openssh-4.2_p1-r1 (01 Feb 2006) + + 01 Feb 2006; Mike Frysinger + +files/openssh-4.2_p1-CVE-2006-0225.patch, +openssh-4.2_p1-r1.ebuild: + Version bump for security #119232. + + 29 Jan 2006; Mike Frysinger + +files/openssh-4.2_p1-cross-compile.patch, openssh-4.0_p1-r2.ebuild, + openssh-4.1_p1-r1.ebuild, openssh-4.2_p1.ebuild: + Fix cross-compiling #120567 by Raphael Burnes. + + 25 Dec 2005; Diego Pettenò openssh-4.2_p1.ebuild: + Use bindnow-flags function instead of -Wl,-z,now. + + 10 Dec 2005; Mike Frysinger files/sshd.rc6: + Update init.d script to allow for multiple instances by Marius Mauch #114996. + + 22 Oct 2005; MATSUU Takuto openssh-4.2_p1.ebuild: + Stable on sh for #109678. + + 22 Oct 2005; Mike Frysinger + +files/openssh-4.2_p1-selinux.patch, openssh-4.2_p1.ebuild: + Fix selinux support #110039 and add back in securid/hpn patches. + + 21 Oct 2005; Bryan Østergaard openssh-4.2_p1.ebuild: + Stable on alpha + ia64, bug 109678. + + 21 Oct 2005; Jason Wever openssh-4.2_p1.ebuild: + Stable on SPARC wrt security bug #109678. + + 21 Oct 2005; Seemant Kulleen openssh-4.2_p1.ebuild: + stable amd64 for bug #109678 + + 21 Oct 2005; Aaron Walker openssh-4.2_p1.ebuild: + Stable on mips for bug #109678. + + 20 Oct 2005; Michael Hanselmann openssh-4.2_p1.ebuild: + Stable on hppa, ppc. + + 20 Oct 2005; openssh-4.2_p1.ebuild: + Marking stable on x86 + + 20 Oct 2005; Brent Baude openssh-4.2_p1.ebuild: + Marking openssh-4.2_p1 ppc64 for bug 109678 + + 19 Oct 2005; Mike Frysinger + openssh-3.8.1_p1-r1.ebuild, openssh-3.9_p1-r3.ebuild, + openssh-4.0_p1-r2.ebuild, openssh-4.1_p1-r1.ebuild, openssh-4.2_p1.ebuild: + Move default xauth location to /usr/bin/xauth. + +*openssh-4.2_p1 (06 Sep 2005) + + 06 Sep 2005; Mike Frysinger + +files/openssh-4.2_p1-kerberos-detection.patch, + +files/openssh-4.2_p1-sftplogging-1.4-gentoo.patch.bz2, + +openssh-4.2_p1.ebuild: + Version bump #104948 by Saurabh Singhvi. + + 05 Sep 2005; Mike Frysinger + +files/openssh-3.9_p1-fix_suid.patch, + -files/openssh-3.9_p1-fix_suid.patch.bz2, + +files/openssh-3.9_p1-fix_suid-x509.patch, openssh-3.8.1_p1-r1.ebuild, + openssh-3.9_p1-r3.ebuild, openssh-4.0_p1-r2.ebuild, + openssh-4.1_p1-r1.ebuild: + Update the x509 patches. + + 05 Sep 2005; Mike Frysinger openssh-4.1_p1-r1.ebuild: + Re-enable smartcard support. + + 20 Aug 2005; Mike Frysinger files/sshd.rc6: + Before starting sshd, sanity check the config file #101893 by Eric Brown. + +*openssh-4.1_p1-r1 (15 Jul 2005) +*openssh-4.0_p1-r2 (15 Jul 2005) +*openssh-3.9_p1-r3 (15 Jul 2005) + + 15 Jul 2005; Andrea Barisani metadata.xml, + +openssh-3.9_p1-r3.ebuild, +openssh-4.0_p1-r2.ebuild, + +openssh-4.1_p1-r1.ebuild: + Updating openssh-lpk ldap patches to version 0.3.6. + + 26 Jun 2005; Mike Frysinger openssh-3.9_p1-r2.ebuild, + openssh-4.0_p1-r1.ebuild, openssh-4.1_p1.ebuild: + Add support for the High Performance patch #96717 by Frank Benkstein. + + 29 May 2005; Mike Frysinger openssh-4.0_p1-r1.ebuild, + openssh-4.1_p1.ebuild: + Add USE=libedit support #94410 by Joe Wells. + +*openssh-4.1_p1 (29 May 2005) + + 29 May 2005; Mike Frysinger +openssh-4.1_p1.ebuild: + Version bump #94261 by Tobias Sager. + + 28 May 2005; Mike Frysinger + +files/openssh-4.0_p1-smartcard-ldap-happy.patch, + openssh-3.8.1_p1-r1.ebuild, openssh-3.9_p1-r2.ebuild, + openssh-4.0_p1-r1.ebuild: + Add support for LDAP and make it mutually exclusive from x509 since they + conflict #58579. + + 22 May 2005; Mike Frysinger openssh-4.0_p1-r1.ebuild: + Add support for RSA SecurID tokens #92233 by Antti Mäkelä. + + 20 May 2005; Diego Pettenò + openssh-3.9_p1-r2.ebuild, openssh-4.0_p1.ebuild, openssh-4.0_p1-r1.ebuild: + Inherit pam eclass for newpamd. + +*openssh-4.0_p1-r1 (29 Apr 2005) + + 29 Apr 2005; Diego Pettenò + +files/sshd.pam_include, +openssh-4.0_p1-r1.ebuild: + Added a new revision depending on virtual/pam (>=pam-0.78) and uses the + include syntax instead of pam_stack.so. + +*openssh-3.9_p1-r2 (17 Mar 2005) + + 17 Mar 2005; Mike Frysinger + files/openssh-3.9_p1-sftplogging-1.2-gentoo.patch.bz2, + +openssh-3.9_p1-r2.ebuild: + Fix bad sftplogging code #82372 by Andrej Kacian. + +*openssh-4.0_p1 (15 Mar 2005) + + 15 Mar 2005; Mike Frysinger + +files/openssh-4.0_p1-sftplogging-1.2-gentoo.patch.bz2, + +openssh-4.0_p1.ebuild: + Version bump #84717 by Michail A.Baikov. + + 13 Mar 2005; Mike Frysinger + +files/openssh-3.9_p1-kerberos-detection.patch, openssh-3.9_p1-r1.ebuild: + Add patch to fix kerberos detection #80811 by Aron Griffis. + + 13 Mar 2005; Mike Frysinger + +files/openssh-3.9_p1-configure-openct.patch, openssh-3.9_p1-r1.ebuild: + Fix USE=-opensc logic with patch by Stian Skjelstad #78730. + + 19 Feb 2005; Mike Frysinger + files/openssh-3.9_p1-largekey.patch.bz2: + Make sure that the largekey properly passes the size of the buffer along + #82463 by David Cuthbert. + + 22 Jan 2005; Daniel Ahlberg + +files/openssh-3.9_p1-pamfix.patch.bz2, openssh-3.9_p1-r1.ebuild: + Added pamfix patch from upstream, closing #65343. + + 07 Jan 2005; Daniel Ahlberg + +files/openssh-3.9_p1-terminal_restore.patch.bz2, + openssh-3.9_p1-r1.ebuild: + Fix terminal restoration after breaking out from sftp and scp, closing #63544. + + 30 Dec 2004; Bryan Østergaard + openssh-3.9_p1-r1.ebuild: + Stable on alpha, bug 59361. + + 29 Dec 2004; Hardave Riar openssh-3.9_p1-r1.ebuild: + Stable on mips, bug #59361. + + 29 Dec 2004; Ciaran McCreesh : + Change encoding to UTF-8 for GLEP 31 compliance + + 29 Dec 2004; Gustavo Zacarias + openssh-3.9_p1-r1.ebuild: + Stable on sparc wrt #59361 + + 29 Dec 2004; Markus Rothe openssh-3.9_p1-r1.ebuild: + Stable for security; bug #59361 + + 29 Dec 2004; openssh-3.9_p1-r1.ebuild: + stable on ppc glsa: 59361 + +*openssh-3.9_p1-r1 (28 Dec 2004) + + 28 Dec 2004; Mike Frysinger + files/openssh-3.9_p1-chroot.patch, +openssh-3.9_p1-r1.ebuild, + +files/openssh-3.9_p1-infoleak.patch: + Add infoleak fix #59361 and allow the chroot patch to support PAM auth #72987. + + 16 Nov 2004; Mike Frysinger openssh-3.9_p1.ebuild: + If USE=pam, then disable PasswordAuthentication since PAM overrides it #71233. + + 14 Sep 2004; Daniel Ahlberg openssh-3.9_p1.ebuild, + files/openssh-3.9_p1-fix_suid.patch.bz2: + Fixed suid binary. + + 14 Sep 2004; Daniel Ahlberg openssh-3.7.1_p2-r1.ebuild, + openssh-3.7.1_p2-r2.ebuild, openssh-3.8.1_p1-r1.ebuild, + openssh-3.8.1_p1-r2.ebuild, openssh-3.8.1_p1.ebuild, openssh-3.8_p1.ebuild, + openssh-3.9_p1.ebuild, files/openssh-3.5_p1-gentoo-sshd-gcc3.patch, + files/openssh-3.5_p1-gentoo-sshd-gcc3.patch.bz2, + files/openssh-3.7.1_p1-selinux.diff, + files/openssh-3.7.1_p1-selinux.diff.bz2, + files/openssh-3.7.1_p2-chroot.patch, + files/openssh-3.7.1_p2-chroot.patch.bz2, + files/openssh-3.7.1_p2-kerberos.patch, + files/openssh-3.7.1_p2-kerberos.patch.bz2, + files/openssh-3.7.1_p2-skey.patch, files/openssh-3.7.1_p2-skey.patch.bz2, + files/openssh-3.8.1_p1-chroot.patch, + files/openssh-3.8.1_p1-chroot.patch.bz2, + files/openssh-3.8.1_p1-kerberos.patch, + files/openssh-3.8.1_p1-kerberos.patch.bz2, + files/openssh-3.8.1_p1-largekey.patch, + files/openssh-3.8.1_p1-largekey.patch.bz2, + files/openssh-3.8.1_p1-opensc.patch, + files/openssh-3.8.1_p1-opensc.patch.bz2, + files/openssh-3.8.1_p1-resolv_functions.patch, + files/openssh-3.8.1_p1-resolv_functions.patch.bz2, + files/openssh-3.8.1_p1-skey.patch, + files/openssh-3.8_p1-resolv_functions.patch.bz2, + files/openssh-3.8_p1-skey.patch, files/openssh-3.8_p1-skey.patch.bz2, + files/openssh-3.9_p1-chroot.patch, files/openssh-3.9_p1-chroot.patch.bz2, + files/openssh-3.9_p1-largekey.patch, + files/openssh-3.9_p1-largekey.patch.bz2, files/openssh-3.9_p1-opensc.patch, + files/openssh-3.9_p1-opensc.patch.bz2, files/openssh-3.9_p1-selinux.diff, + files/openssh-3.9_p1-selinux.diff.bz2, + files/openssh-3.9_p1-sftplogging-1.2-gentoo.patch, + files/openssh-3.9_p1-sftplogging-1.2-gentoo.patch.bz2, + files/openssh-3.9_p1-skey.patch, files/openssh-3.9_p1-skey.patch.bz2, + files/openssh-skeychallenge-args.diff, + files/openssh-skeychallenge-args.diff.bz2: + Compressed patches. + + 20 Aug 2004; Gustavo Zacarias + openssh-3.8.1_p1-r1.ebuild: + Stable on sparc + + 20 Aug 2004; Daniel Ahlberg openssh-3.9_p1.ebuild, + files/openssh-3.9_p1-sftplogging-1.2-gentoo.patch: + Enable X509 now that a updated patch is available, closing #60905. + Fix skey support by running autoconf, closing #60849. + Disable pam if static is in USE, closing #60864. + + 19 Aug 2004; Chris PeBenito + +files/openssh-3.9_p1-selinux.diff, openssh-3.9_p1.ebuild: + Update SELinux patch + + 18 Aug 2004; Daniel Ahlberg openssh-3.8.1_p1-r2.ebuild: + Fixed sftplogging patch, closing #60417 again. + +*openssh-3.9_p1 (18 Aug 2004) + + 18 Aug 2004; Daniel Ahlberg openssh-3.8.1_p1-r2.ebuild, + openssh-3.9_p1.ebuild: + Version bump, closing #60758. + + 16 Aug 2004; Daniel Ahlberg + files/openssh-3.8.1_p1-largekey.patch: + Fixed largekey patch. Closing #60417. + +*openssh-3.8.1_p1-r2 (15 Aug 2004) + + 15 Aug 2004; Daniel Ahlberg openssh-3.8.1_p1-r2.ebuild: + + Added sftp-logging patch, closing #52168. + + Added patch for large keys, closing #55013. + + 08 Jul 2004; Bryan Østergaard + openssh-3.8.1_p1-r1.ebuild: + Stable on alpha. + + 07 Jul 2004; Travis Tilley openssh-3.8.1_p1-r1.ebuild: + stable on amd64 + + 03 Jul 2004; Joshua Kinard openssh-3.8.1_p1-r1.ebuild: + Marked stable on mips. + + 01 Jul 2004; Jon Hood openssh-3.7.1_p2-r1.ebuild, + openssh-3.7.1_p2-r2.ebuild, openssh-3.8.1_p1-r1.ebuild, + openssh-3.8.1_p1.ebuild, openssh-3.8_p1.ebuild: + change virtual/glibc to virtual/libc + + 28 Jun 2004; Brandon Hale openssh-3.8.1_p1-r1.ebuild: + Stable on x86. + + 15 Jun 2004; openssh-3.8.1_p1-r1.ebuild: + pam & uclibc updates + + 07 Jun 2004; Bryan Østergaard openssh-3.8.1_p1.ebuild: + Stable on alpha. + + 05 Jun 2004; Hanselmann Michael + openssh-3.8.1_p1.ebuild: + Replaced ~ppc with ppc in KEYWORDS. + +*openssh-3.8.1_p1-r1 (30 May 2004) + + 30 May 2004; Mike Frysinger + +files/openssh-3.8.1_p1-opensc.patch, +openssh-3.8.1_p1-r1.ebuild: + Add optional support for smartcard stuff #43593 by Andreas Jellinghaus. + + 01 May 2004; Ciaran McCreesh openssh-3.8_p1.ebuild: + Stable on sparc, mips + + 28 Apr 2004; Daniel Ahlberg openssh-3.8.1_p1.ebuild: + Readded X509 patch now that it has been updated upstream. + + 27 Apr 2004; Michael McCabe openssh-3.8.1_p1.ebuild: + Stable on s390 + + 22 Apr 2004; Guy Martin openssh-3.8_p1.ebuild: + Marked stable on hppa. + + 22 Apr 2004; Daniel Ahlberg openssh-3.7.1_p2-r2.ebuild, + openssh-3.8.1_p1.ebuild, openssh-3.8_p1.ebuild: + Fixed IUSE flags. + + 21 Apr 2004; Daniel Ahlberg openssh-3.8_p1.ebuild: + Stable on x86 and amd64. + +*openssh-3.8.1_p1 (21 Apr 2004) + + 21 Apr 2004; Daniel Ahlberg openssh-3.8.1_p1.ebuild: + Version bump. Found by Daniel Webert in #48465. + + 13 Apr 2004; Daniel Ahlberg openssh-3.7.1_p2-r2.ebuild, + openssh-3.8_p1.ebuild: + Updated SRC_URI. + + 23 Mar 2004; Daniel Ahlberg openssh-3.7.1_p2-r1.ebuild, + openssh-3.7.1_p2-r2.ebuild, openssh-3.8_p1.ebuild: + Change download URI for X509 patches temporarily. + + 18 Mar 2004; Daniel Ahlberg files/sshd.rc6, openssh-3.8_p1.ebuild: + Add mkdir -p /var/empty to initscript. Closing #42936. + + 09 Mar 2004; openssh-3.7.1_p2-r2.ebuild: + stable on alpha and ia64 + + 09 Mar 2004; Daniel Ahlberg openssh-3.8_p1.ebuild: + + Add X509 patch back in, bumped to g4. + + Fix static compile by Sascha Silbe in #44077. + + 07 Mar 2004; Joshua Kinard openssh-3.7.1_p2-r2.ebuild: + Marked stable on mips. + + 02 Mar 2004; Brian Jackson openssh-3.8_p1.ebuild: + adding initial s390 support + + 27 Feb 2004; Sven Blumenstein openssh-3.7.1_p2-r2.ebuild: + Stable on sparc. Remember to mkdir /var/empty if it doesnt exist before you + restart sshd... + + 25 Feb 2004; Guy Martin openssh-3.7.1_p2-r2.ebuild: + Marked stable on hppa. + + 25 Feb 2004; Daniel Ahlberg openssh-3.7.1_p2-r2.ebuild: + Backport skey configure.ac patch. + + 24 Feb 2004; Daniel Ahlberg openssh-3.7.1_p2-r2.ebuild: + Unmask for x86 and amd64. + +*openssh-3.8_p1 (24 Feb 2004) + + 24 Feb 2004; Daniel Ahlberg openssh-3.8_p1.ebuild: + Version bump. + + 21 Feb 2004; Daniel Ahlberg openssh-3.7.1_p2-r2.ebuild: + Fix openssh to work with multipe kerbers5 libs. Closing #30310. + + 20 Feb 2004; Daniel Ahlberg openssh-3.7.1_p2-r2.ebuild: + Filter flag if using ldap. Closing #41727. + + 12 Feb 2004; Mike Frysinger : + Set Protocol to only allow ssh2 by default #41215 and enable pam if in USE. + + 10 Jan 2004; Brad House openssh-3.7.1_p2-r2.ebuild: + install doesn't seem to be creating /var/empty + + 08 Jan 2004; openssh-3.5_p1-r1.ebuild, + openssh-3.6.1_p2.ebuild, openssh-3.7.1_p2-r1.ebuild, + openssh-3.7.1_p2-r2.ebuild: + ppc64/mips nightmare.. had to remove tcpd and skey support for various arches + due to other things not being marked stable on those arches + +*openssh-3.7.1_p2-r2 (08 Jan 2004) + + 08 Jan 2004; openssh-3.7.1_p2-r2.ebuild: + added feature request for chrooting via sshd bug #26615 + + 04 Jan 2004; Daniel Ahlberg openssh-3.7.1_p2-r1.ebuild: + Changeing sshd user shell. Closing #35063. + + 03 Jan 2003; Daniel Ahlberg openssh-3.7.1_p2-r1.ebuild: + Change adding sshd user and group to user enewuser and enewgroup. Should + fix #35369. + +*openssh-3.7.1_p2-r1 (05 Nov 2003) + + 17 Nov 2003; Joshua Kinard openssh-3.7.1_p2-r1.ebuild: + Added a gnuconfig_update call for mips systems + + 05 Nov 2003; Tavis Ormandy openssh-3.7.1_p2-r1.ebuild, + files/openssh-skeychallenge-args.diff: + patch needed for compatability with new skey. + + 28 Oct 2003; Chris PeBenito openssh-3.5_p1-r1.ebuild, + openssh-3.6.1_p2.ebuild, openssh-3.7.1_p2.ebuild, + files/openssh-3.7.1_p1-selinux.diff: + Switch SELinux patch from old API to new API. + + 30 Sep 2003; Daniel Ahlberg openssh-3.7.1_p2.ebuild : + Add X509 patch back in, closes #29664. + + 23 Sep 2003; openssh-3.7.1_p2.ebuild: + according to the ChangeLog for openssh =zlib-1.1.4 is a must now. Note: + openssh needs a X509 patch made upstream for p2 + +*openssh-3.7.1_p2 (23 Sep 2003) + + 23 Sep 2003; openssh-3.7.1_p2.ebuild: + security update. http://www.openssh.com/txt/sshpam.adv + + 19 Sep 2003; Chris PeBenito + openssh-3.7.1_p1-r1.ebuild, openssh-3.7.1_p1.ebuild: + Fix SELinux patch for 3.7.1_p1 + + 19 Sep 2003; Daniel Ahlberg openssh-3.7.1_p1-r1.ebuild : + Disabled selinux patch until a new can be made. + Fixed some of the patches to allow the X509 patch to apply. Closing #29105. + +*openssh-3.7.1_p1-r1 (18 Sep 2003) + + 18 Sep 2003; Daniel Ahlberg openssh-3.7.1_p1-r1.ebuild : + Removed krb4 and afs support since they are removed according to the Announcment. + Ebuild cleanups. + Added a bunch of patches from CVS. Among them a fix for CAN-2003-0682. + + 18 Sep 2003; Daniel Ahlberg openssh-3.7.1_p1.ebuild : + Readd X509 patch. Closing #28992. + +*openssh-3.7.1_p1 (16 Sep 2003) + + 16 Sep 2003; Rajiv Aaron Manglani openssh-3.7.1_p1.ebuild: + added warning about restarting sshd. + + 16 Sep 2003; Mike Frysinger : + Another version bump ! :D #28927. This fixes 'more malloc bugs'. + +*openssh-3.7_p1 (16 Sep 2003) + + 16 Sep 2003; Rajiv Aaron Manglani openssh-3.7_p1.ebuild: + added warning about restarting sshd. + + 16 Sep 2003; Mike Frysinger : + Version bump to fix #28873 ... selinux needs to be caught up though :(. + Marked stable due to nature of release (security). + +*openssh-3.6.1_p2-r3 (05 Sep 2003) + + 05 Sep 2003; Tavis Ormandy openssh-3.6.1_p2-r3.ebuild: + adding optional s/key authentication support, using new local USE flag + `skey`, currently ~arch only. #11478 + +*openssh-3.6.1_p2-r1 (06 Aug 2003) + + 06 Aug 2003; Donny Davies openssh-3.6.1_p2-r1.ebuild: + Added new local USE=X509 variable which includes Roumen Petrov's patch + providing support for authentication with X.509 certificates. + + 31 May 2003; Brandon Low files/sshd.rc6: + Add 'use dns logger' to the rcscript + +*openssh-3.6.1_p2 (30 Apr 2003) + + 30 Apr 2003; Daniel Ahlberg openssh-3.6.1_p2.ebuild : + Security update. + +*openssh-3.6.1_p1 (02 Apr 2003) + + 02 Apr 2003; Brandon Low openssh-3.6.1_p1.ebuild: + Bump + +*openssh-3.6_p1 (02 Apr 2003) + + 02 Apr 2003; Brandon Low openssh-3.6_p1.ebuild: + Bump, required some modifications to the selinux patch, test thoroughly + + 09 Feb 2003; Guy Martin : + Added hppa to keywords. + +*openssh-3.5_p1-r1 (20 Jan 2003) + + 30 Mar 2003; Joshua Brindle openssh-3.5_p1-r1.ebuild: + fixed compile options for selinux support + + 20 Mar 2003; Joshua Brindle openssh-3.5_p1-r1.ebuild: + added selinux support + + 15 Mar 2003; Jan Seidel : + Added mips to KEYWORDS + + 13 Mar 2003; Zach Welch openssh-3.5_p1-r1.ebuild: + add arm keyword + + 09 Mar 2003; Aron Griffis openssh-3.5_p1-r1.ebuild: + Mark stable on alpha + + 01 Mar 2003; Brandon Low openssh-3.5_p1-r1.ebuild: + make -> emake + + 21 Jan 2003; Nick Hadaway openssh-3.5_p1-r1.ebuild : + Changed USE="kerberos" to depend on app-crypt/krb5 as heimdal is not + compatible currently. Install app-crypt/kth-krb and set KTH_KRB="yes" + to enable Kerberos IV support. + + 20 Jan 2003; Nick Hadaway openssh-3.5_p1-r1.ebuild, + files/digest-openssh-3.5_p1-r1 : + Added kerberos use flag support. + + 09 Dec 2002; Donny Davies openssh-3.5_p1.ebuild, + openssh-3.4_p1-r2.ebuild, openssh-3.4_p1-r3.ebuild : Add a shells reminder. + + 06 Dec 2002; Rodney Rees : changed sparc ~sparc keywords + + 01 Dec 2002; Jack Morgan openssh-3.5_p1.ebuild : + Removed ~ from sparc/sparc64 keywords. + + 29 Nov 2002; Daniel Ahlberg openssh-3.5_p1.ebuild : + Rewrote patch applying code. + + 22 Nov 2002; Will Woods openssh-3.5_p1.ebuild: + Added patch to fix compile problem on alpha. + + 23 Oct 2002; Maik Schreiber openssh-3.5_p1.ebuild: Changed + "~x86" to "x86" in KEYWORDS. + +*openssh-3.5_p1 (18 Oct 2002) + + 19 Jan 2003; Jan Seidel : + Added mips to keywords + + 18 Oct 2002; Daniel Ahlberg openssh-3.5_p1.ebuild: + Version bump, found by fluxbox in bug #9262. + +*openssh-3.4_p1-r3 (04 July 2002) + + 25 Jul 2002; Nicholas Jones openssh-3.4_p1-r3.ebuild: + + Bopped Brandon on the head. Added -passwords to the end of --with-md5 + No version bump as this doesn't affect most people, and those who need it + can just rsync and emerge. + + 09 Jul 2002; Brandon Low openssh-3.4_p1-r3.ebuild: + + New revision enables md5 passwords, please test and let me know how it + goes so I can unmask. Thanks. + +*openssh-3.4_p1-r2 (04 July 2002) + + 09 Jul 2002; phoen][x openssh-3.4_p1-r2.ebuild: + Added KEYWORDS. + + 04 July 2002; Brandon Low openssh-3.4_p1-r2.ebuild: + Fixes problem of /var/empty being removed if immediately do emerge openssh + emerge openssh. Not an urgent upgrade, but recommended. + +*openssh-3.4_p1-r1 (02 July 2002) + + 02 July 2002; Brandon Low openssh-3.4_p1-r1.ebuild: + This closes bugs 4169, 4170, and 4193. This new ebuild changes the sshd + user from whatever it may be to UID 22, this shouldn't mean anything to most + people because no scripts, nor programs use the sshd UID directly (for that + matter it is only referenced during authentication of new logins via ssh). + However if for some reason your system does have things that were owned by + user sshd, you will need to change their UID. + +*openssh-3.4_p1 (26 June 2002) + + 26 June 2002; Brandon Low : + New version closes soon to be released security hole, PLEASE upgrade + immediately according to the changelogs, this new version closes several + possible holes found during a massive audit of the code. + +*openssh-3.3_p1 (22 June 2002) + + 22 June 2002; Donny Davies : + Chase latest release. Starting with this version sshd uses a new privelaged + process separation scheme. See the docs for more info. + +*openssh-3.2.3_p1-1 (5 June 2002) + + 5 June 2002; Gabriele Giorgetti : + New revision. Changes submitted by Alson van der Meulen gentoo@alm.xs4all.nl + within bug #3391 were added. Bug closed/fixed. + +*openssh-3.2.3_p1 (30 May 2002) + + 30 May 2002; Arcady Genkin : + Update to 3.2.3. + +*openssh-3.2.2_p1 (18 May 2002) + + 18 May 2002; Donny Davies : + Chase latest release + update openssl dependency. + +*openssh-3.1_p1-r2 (03 Apr 2002) + + 03 Apr 2002; Daniel Robbins files/sshd.pam: new pam + sshd file to use pam_stack, pam_nologin and pam_shells, as well as use + pam_unix instead of pam_pwdb. Added updated shadow dependency if pam is + enabled (to depend upon our new shadow with the pam_pwdb to pam_unix + conversion). + +*openssh-3.1_p1 (7 Mar 2002) + + 15 Mar 2002; Bruce A. Locke files/sshd.rc6, files/sshd.rc5: + ssh1 keygen requires a new option in the initscripts + + 13 Mar 2002; M.Schlemmer openssh-3.1_p1-r1.ebuild: + Update rc-script not to fail on restart if there is open sessions. + + 7 Mar 2002; F.Meyndert openssh-3.1_p1.ebuild: + Updated openssh to version 3.1 that fixes a nasty off by one bug in all + previous version. That caused a local root hole. + +*openssh-3.0.2_p1-r1 (01 Feb 2002) + + 01 Feb 2002; G.Bevin ChangeLog: + Added initial ChangeLog which should be updated whenever the package is + updated in any way. This changelog is targetted to users. This means that the + comments should well explained and written in clean English. The details about + writing correct changelogs are explained in the skel.ChangeLog file which you + can find in the root directory of the portage repository. diff --git a/sdk_container/src/third_party/portage-stable/net-misc/openssh/Manifest b/sdk_container/src/third_party/portage-stable/net-misc/openssh/Manifest new file mode 100644 index 0000000000..8855373edc --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/net-misc/openssh/Manifest @@ -0,0 +1,52 @@ +AUX openssh-4.7_p1-GSSAPI-dns.patch 4494 SHA256 88a08f349258d4be5b2faa838a89fe1aa0196502990b745ac0e3a70dda30a0d7 SHA512 4d00a9ed79f66b92502c3e5ee580523f63d7b3643fe1bd330ff97994acce527d4d285d38199cef66eddc0ef68afabf7b268abc60cba871bac5d2e99045d4ac11 WHIRLPOOL 2f118fd2f016c529dbc31e8f2b6b418931e6770ab02c28b7feeaba93e84e7fcd1c742f4420a43a9fec0bdfaa4d4bc7cf14fb860c0a56c68a30e7b136fb60bcdb +AUX openssh-5.2_p1-autoconf.patch 386 SHA256 42bb5f23f02241186abd6158ac15cd1fba0fadb4bd79e6b051fbd05605419ebb SHA512 80a2244e243492d3933646a32fa673078efd72d0e87939b326c2210f23d72675839cfefa2f31617279d51834cc34daf2c3c189c9d92b08875b6b4f68fa7f3844 WHIRLPOOL d4ca3dd8554863d074054489a2dbe5aca3d07fcc5858e908caa5d76dcf8beb661cc3ca6d22a02ab2ca9f504160a6a1acc7f45a4fa775d879b02ee1ae3d113926 +AUX openssh-5.2_p1-gsskex-fix.patch 408 SHA256 8190db31ed2e8dc6ce79030e5c648d04610b06dd8366df5948ef6e990314ee96 SHA512 2022cd25b3e07430752569e07165db313e49a0902ef251df3e50ca96197849be6efbdee360a3a435cae0b5d2dda55acc8676b232d3584f87e204c2fc04b92801 WHIRLPOOL 65da9f3450493ca9a25741e66b2ecf97d7a5576c15485ff3a7c08fc57b06a17b3b6e73b14d2962bf958d9326a6d54c2940f56eb42de4bd5011324bba84c67cca +AUX openssh-5.2_p1-x509-hpn-glue.patch 2851 SHA256 a21336a892b61e29a556d16e9f0a67ee08ad04dd61e3963a201fdf032ce55f75 SHA512 417617acba409539cd2edd59e7640fe732f90265f70d7f4cd91c8b059d44c9c1be63cf336ee3a39a45f1a066bc577e261836b8113296535b9320d77fed3a05bf WHIRLPOOL 901fd8e0ceafd27bd5fdca9007b82842dce2b5aee11c069d0f0229c4568886f0df861c80eb5b3a754a0af795ebb9c78a78a3e76002f17bdbf8349923439deecf +AUX openssh-5.2p1-ldap-stdargs.diff 252 SHA256 97281375efa33e9ce70a55bfa95b6b426208175e7e3ff493012bc25d9b012f45 SHA512 2577b1476211f563bf8a7e62c2341e35cff7208a04b7a3fb1d331721e58f395cdef1ce2ac735b95c31781e06e16ec27c6692df09928393248c971837a1e03079 WHIRLPOOL df65dd54dd12be39fb4b830536f86aef97c086b227de1d87d56788bf8bce39a345da0ed814dd53abdaa5d158c99f0b87cb8510812d10c353a3b8a82493b210af +AUX openssh-5.4_p1-openssl.patch 255 SHA256 f83627039491e9969f1ed5d77fe816465ce75809e8c2f2bfb07012bc21384347 SHA512 8cfd757dbe79ee502c10c5d518730f4e790bd61753120bb168d545dfc702a7a55c274fd9c81d2798ec78cba30f173aaf0bee1f15bb23f9f465c3524a5c81ca2d WHIRLPOOL 852f3e9dc6cd05934b52effa03961a0d989734a28649eb199e1f260d4e8129dffed378d8efdbd40a5f520362fe8fa404a744724135caa39f48e876849cf2350b +AUX openssh-5.6_p1-hpn-progressmeter.patch 334 SHA256 eaa98f954934364a1994111f5a422d0730b6e224822cef03efe6d6fc0c7f056f SHA512 46eb5253549ddca045e67841daa092a8a33a6ae4411e75c301589f0a88159c6d2ccfe45c2f0502314465b93ac6f1965264a9b92b13e0e88d4ff15ced5f4ebfeb WHIRLPOOL 72b05e4243e746fc315468ac1dc8988b92919dbd147470855b8753e0ae37ad3696de6c9ec29346596aee2d60acbbcce79cea5735b9a91b3452a4b4f3f69d3012 +AUX openssh-5.6_p1-x509-hpn-glue.patch 1974 SHA256 164db7af08e0565821d6d609b1beadab39777521bfff143a83acc1e097ad60f1 SHA512 a764d8411f0b7c49d6f51b25153c18648d58dfbc82897903bad826293f3497010ab0343e4a4cc81b37e51c3a28ec04cd5be7c8882126295ba2b38e734e262995 WHIRLPOOL 4a8151dde306eace1404b8e83dc2514cb8f073acb6c759b9a2a9e619181951873afad785f565861f6d1031d9314f8d450faef63629dfd5f1b0074cb78b059578 +AUX openssh-5.7_p1-x509-hpn-glue.patch 1888 SHA256 30f63dea0e810d92790ddaf9813f0b8dec1e827a39e1752faff6bb41382f3c1b SHA512 db839f3cf3c67ef28290551810dc5c8937d1ef401f48ed937165b57191e75944adb25ab36cbf30289f7fc0076ec192c030e40fb5a744c63932b414e49b99946a WHIRLPOOL 2e539c49ef613e2a9912011ac289036381f8fd8d8ff5f2e0088dd3443a1c7fd86c3efe2b2041736bf67b73c8b4b298208de183945dc68c73ad6f35c41fb8a619 +AUX openssh-5.8_p1-selinux.patch 433 SHA256 0de250c75f4dae78406e5151f563bd104b8e7792a825515510e095fb47462cfd SHA512 e6c89eb26b4bc651503ab81d346e780fdec3056302c5e2d8a6be5892fa514f83093370c463aae88091dc20d30013fd32250e040649147797bcca69ddc7d05ae3 WHIRLPOOL f72ccd773b9ff7a897940afddcb38ba9512e0830c33a2381886d2698e0ae0c6a7db9678326945bdf6769acc21d3e4bf8a196161114805d4570af2819e610df84 +AUX openssh-5.8_p1-x509-hpn-glue.patch 1907 SHA256 7ab452c02b141645b764d404aa3de0754ab240a64601a6bb587919673f957682 SHA512 317c04fab93aaf82685e54335c876b2399623ef69428297c2e5934d45f69f0e78a89c79ad7bb186ef12a779ebf0f088ca142d6a426baeb32b166ceca8098572d WHIRLPOOL 34fdef826750070d112dc6c1bf84de11ebfa646fb5cbfb9f76d13dab925cff94996ed51cfdcba4e0b536915883bb4728756b79db157c019ba951ee1a32c18fe3 +AUX openssh-5.9_p1-drop-openssl-check.patch 848 SHA256 89b011e27548b9922deed63ed57a6c94ea8013bb3bfb4d6590ba43d284a2ab86 SHA512 bbcbb61b6fea194e7ee3862a5b462d48ce4cf4fec12cc8a8564fc5fc8f840dca2b4ddf301bf9d12bcbfd3922948023320ea660a8c194d57bf2b1e9d095fc8eb2 WHIRLPOOL dc8e140d2bfe59546b944236ebcc702cd4a19ed5c6ee24d590bb0d50221069666b3797cf1717e6090d12525b3310cd963537e4c2c413bb2692ec85dcb2d33b43 +AUX openssh-5.9_p1-sshd-gssapi-multihomed.patch 6622 SHA256 f5ae8419023d9e5f64c4273e43d60664d0079b5888ed999496038f295852e0ae SHA512 ffa45e97e585c8624792e039e7571b2bb5f38e4554de8bfc1d532f3348fa4a712ea1b6ca054e6a59ed1321a15cf1a9d3bdf3f399cec315346db89bae77abf57d WHIRLPOOL cc4871e3fb91a8075a13b5e49d7d3e0e83106bae0820ae3cf19d3427aad3d701b8f25b2cc2cc881a6315f8e5114fb82da9ca335acccb24afe221d66574fb7685 +AUX openssh-5.9_p1-x509-glue.patch 569 SHA256 579ef6409878cea36828057a82a37232ba230af0acb58438f020c284f06a6510 SHA512 534697c03837c8a6084348245722b8730b2547d0e2adca274077fcac295e13e8f2d8ae4cd788fc1c58824fc7b591e731e02d43873fdbe5f20ca1a87fa3060886 WHIRLPOOL 9dd0de494ba2c4a2dc1577e48ae8a63d95c794981ce1aa8d8f0d7fe464e489763f9af042ebecb6428c70cce56ae0b5ca93904669403bd9cc0e61e34989b82462 +AUX openssh-6.0_p1-fix-freebsd-compilation.patch 546 SHA256 4cee4d0b68a847b7686309ddc92f86fc36254d6e864682225143a28fc91e6187 SHA512 f9b783f76212ded27181b0a5ab8b4efc999a9960a020de54f109dad01a3e49b126a9c59da2286e565717f9e68991d2275e0872d54406f2c56a37d4dd439d92e4 WHIRLPOOL d0307e8e2a464914c9f4b2c790d72ff94eddc776986f0a847e04abede59feb6339bd256fe3dc831b362cb8e7f4e3cdb763a5c3c834f1fd7c32e4325cfb91ce63 +AUX openssh-6.0_p1-hpn-progressmeter.patch 379 SHA256 fb38d9d16132fcc16fb2648bce21e2260fb5cadf0ae2e2a7849638aeb79d3dc7 SHA512 4885f49f38c8a3afdef2ba63f324601214810aef8bbac89c926edca9edc8998f49f5060f1070ee0278ef7cdcdd7329a9b9fa37d1466e32cd2dc81edcdee50f51 WHIRLPOOL f73843d69f9aacea93a965eafecd16a037dae996d879d4b755831413321e3ed1e3e3167eff716a4ae836698b4e51c740bbfcca48033cb1dd4353f8599296272e +AUX openssh-6.0_p1-test.patch 780 SHA256 c5893911cec3eecf84dc13bddbefbe1e1053db11e65a909b5f28eacbdd88a29c SHA512 733ee29c64f2469678ca0a4056332d43179cfe73d7efdd0c3c4b24da75baa74b7661e5039bd6fdbb0a375ae5ad5b60353c715946bb59d477ea0c5efaf70b1697 WHIRLPOOL a98055e2634eea3421dc2117a19e0548dae9b4705f7681e45bd4f33e3782f2ec22097de7f7ed4507d1ba5ed983d10499b786347688fadb6e803d20ea86bd7a02 +AUX openssh-6.0_p1-x509-glue.patch 569 SHA256 8c9048a33036a93f56e254cfd53b18313682d466deadfdcd8937a46793617900 SHA512 ad0c0cc7745a80dcc59e671f98608c0bdadf276449352615e738fe7f2e740e0f68713320c48b88b3b4565fd7e1f1a5653a0965e247bec68011c4eff72a9ffece WHIRLPOOL dde2aa90d6a19aeae8b6ad9586a10ac6b9c0e7b9e30f3e1d511bf7b938a299c75cc5771c8bc22ce6b6582ca7ea4804e545c463546580eacbcd38fa664841add1 +AUX openssh-6.0_p1-x509-hpn-glue.patch 1774 SHA256 b2dcff21652eea92d2ff2640a568070a944e7bfb2bd3217c433e6383a64b0970 SHA512 82793502b8c943f0bd69019ea1cf1172f9579dc6a8f6c91f6aba9a9d743384d5ac84f7a49df07165e252b4ef4fc06b745463bdc58d06da2aca3c7acbb3dd8623 WHIRLPOOL ffd01827dbf8162359cf7a278020f2bfa7ed1ee1051774522623bcf448ffc8a3e28ecff2de5733b352beef5722a9dec2e9bb25fabc7edca615a774f65f756246 +AUX openssh-6.1_p1-x509-glue.patch 573 SHA256 e51aa53e9e0336606fc36af237d50338347b845ee56a66d01f86829c4b46feb6 SHA512 bac2971b6435433d6ac88fb127c178e678fe805f51260454d9d0b631ef52dbafc08343fb307a74a116691545a82f5369dc014e71a7c8c65ba41699b31e1dfb6f WHIRLPOOL dd514ce502f7c7968e8fa526b1b2f7d7945f2d5b5f1f013e54f7513a7c7bf6025dbdeabe566958018db8f7442c9611f7efd435501b4b965b0fe7594e24ee20fc +AUX openssh-6.1_p1-x509-hpn-glue.patch 1491 SHA256 28c5000f7c8b23afc363d066cf96d39c00882274f227b7743b1e376df8b61a2e SHA512 0d6bab08cc400b81d936883bf39f5a461799874f6ea3dcf55c083372ed379bc0066b913646f7a0e32167079ba85409c272b258de179d55660739df4bbbf30e5b WHIRLPOOL dbfbf8eb0312ae119421e45efd8243b089ab2d3c2bc1f7b7cbd5b56f86844dfe42b27952e4ed88653679ec036f70b8edd3e00f17ae097241fbc88567bab38505 +AUX sshd.confd 396 SHA256 29c6d57ac3ec6018cadc6ba6cd9b90c9ed46e20049b970fdcc68ee2481a2ee41 SHA512 b9ae816af54a55e134a9307e376f05367b815f1b3fd545c2a2c312d18aedcf907f413e8bad8db980cdd9aad4011a72a79e1e94594f69500939a9cb46287f2f81 WHIRLPOOL 69f43e6192e009a4663d130f7e40ee8b13c6eb9cc7d960b5e0e22f5d477649c88806a9d219efef211f4346582c2bb51e40d230a8191e5953dbe08bfff976ae53 +AUX sshd.pam 294 SHA256 f01cc51c624b21a815fb6c0be35edc590e2e6f8a5ffbdcabc220a9630517972f SHA512 3268dc826978fbb205968744d83c6f1c838c9c73bf9c4ceee709c5b4168b4aaf06bcde47a32808571fa71cbc5a6bfdb98406995b2b28c9e633ce392a53932d64 WHIRLPOOL fff8966d66d75cd4d70607585b5de063f225a776b73b8b0f8146c5eed6c8ffd2ca38c46f86fa4e2ca8caafcde7797a3f0b177e60baa6fa0642064080883fa68a +AUX sshd.pam_include.2 156 SHA256 166136e27d653e0bf481a6ca79fecb7d9fa2fc3d597d041f97df595f65a8193c SHA512 d3f7e6ca8c9f2b5060ebccb259316bb59c9a7e158e8ef9466765a20db263a4043a590811f1a3ab072b718dbd70898bc69b77e0b19603d7f394b5ac1bd0a4a56c WHIRLPOOL ba7a0a8c3bb39c5fda69de34b822a19696398e0a8789211ac1faae787ee34f9639eb35efe29c67f874b5f9fe674742503e570f441c005974f4a0c93468b8970b +AUX sshd.rc6 2189 SHA256 627125378ccfdd81289531f527346980da249d35499cb71518f88f1452f4c098 SHA512 b2981a6dd9b83a21c718bb4dbfe88a0f1157bc764d1795291a381e380b40141719e5e5cf0cbd89845e81a7e9b0b4fdf938a55ff80ae4b5cac1969189aefa2b1d WHIRLPOOL 136497f366686ae25d78b11c17d4f9235d8980a8a147b380c00c281adaa91940f82a709b7da312736608e3b3ce3a2dbca465a2010f27e9562389de98be5885cf +AUX sshd.rc6.1 2270 SHA256 153119116208d328c496d29b7cb9f85991df93020cc50c83b05ed498b10a2126 SHA512 80f0e460ad7ffd9a6fb279ce2d307cbda1f7352745ffaca381867f636ae64df336a03de0da15aca39619acdbebf41e2ccbd2bb233433f93625754965aaaab780 WHIRLPOOL 6b7a4519282fe99fc36cd0f89f6163ad9c8c9d998b15e84d3758af607627db48cf58ffee1bc4291ac0e7f75455f8f8873cd5d996f3c75f1ea3bef0b249abdffe +AUX sshd.rc6.2 2069 SHA256 94b1fc0d608464fd4a6c7ed23f0b9c44aada3404982d8fd25b8bfe202baffaa6 SHA512 f75f95e6cf912b8c45f7ccf81e764805a56057368b18425abe699b29c3c66d32ea5b2d1c9f6fadf97487430e703e01dc2d965e41b8511f31a3e06d3bcbbc1006 WHIRLPOOL b9082ba3854e1842e057717b9a1571ba5ac6bf69c5facb391b7a3d890b13f879d7ae1484eafbbffc17746c3a8184f23e4c3fa831f678eabdea7d23e2c0d1bf63 +AUX sshd.rc6.3 2057 SHA256 43d95b495440ed6b3c1eb82b81712d7f6e58246527605c11d733cb5eb5523254 SHA512 3ddcdeae6c7f4755df1f8fe77d9d1af8c728f8cc18da0feaeccc4b8147f86b4db1ab1bf4ad362c31fac986270b21fe2c80e0414d64f70bfdac2370e22c2c9db2 WHIRLPOOL 57a18d85ab77abe64eddf852975481d974bd68b0b058d854a31158aed14b1706743ad563aa013c770aa124533fb5344bc64d0c06b564e1b53e28e1b0ebe463e8 +AUX sshd.rc6.4 2758 SHA256 7596248118e3d4087a9bbb4d9c7a9a949a472c73e94585084df1d0a744c17e12 SHA512 bfda73dddd8362005b8fc236132e4421e71ee6af4d917fc4956dd37a244b4ed888b10f7b86f90005bdf782e77346fbeb3453f5ffcf39906aee3e06596f84ccec WHIRLPOOL 1881214407406613b62ab86654b757433596f99b481ca80e106937c34b817750813d68a5df48f3004acb4df89c6a48426e3f7cbb4f9c2b6e49a809b50e50260e +AUX sshd.service 206 SHA256 093d4f526e740cbec46ad6a69207407daf01e74da44599d75b979f294c9b0a7b SHA512 67d96a63a6bc874bacc2f43b51c003f2209a4d2283f8435ba3495266e4823d73962fd995f46eab0e8b260107b9a8c416709b2f19e8e94ecea30ddd8280444cfe WHIRLPOOL b48005444104583bd230e68f870a1d0c4a8709f5e8f7fafa45becf259df64052b1938853e8e232b32aae882dbad83d5c78d7796eafb6c02bd0196f7a6a44075f +AUX sshd.socket 136 SHA256 c055abcd10c5d372119cbc3708661ddffccdee7a1de1282559c54d03e2f109d9 SHA512 4d31d373b7bdae917dc0cf05418c71d4743e98e354aefcf055f88f55c9c644a5a0e0e605dbb8372c1b98d17c0ea1c8c0fee27d38ab8dbe23c7e420a6a78c6d42 WHIRLPOOL 102d87b708c31e5994e8005437c78b1aa756c6def4ee9ae2fa9be1438f328fc28c9152a4ff2528941be18f1311594490ecd98b66716ec74e970aa3725a98e2e5 +AUX sshd_at.service 176 SHA256 332f5ffc30456fe2494095c2aabd1e6e02075ce224e2d49708ac7ccf6d341998 SHA512 662a9c2668902633e6dbcb9435ac35bec3e224afdb2ab6a1df908618536ae9fc1958ba1d611e146c01fddb0c8f41eefdc26de78f45b7f165b1d6b2ee2f23be2a WHIRLPOOL aeb32351380dd674ef7a2e7b537f43116c189f7fddb8bdb8b2c109e9f62b0a73cc0f29f2d46270e658ab6409b8d3671ce9e0d0ba7c0d3674c2f85291a73e6df1 +DIST openssh-5.9p1+x509-7.0.diff.gz 181263 SHA256 a28e2535ecbf95deeef682682e7551459cc494bbc1c4ccb89be93cfe826d76ca SHA512 5f6e2be10ce8cf26fffcb782824f59c1f1ca0fa271800e162685ce74d1aac6d9035cfdacc87d3f859d3538bc0b22438a701dfc3c8108a130e6e4b7fdd36e6b16 WHIRLPOOL 00f92e2e235da11a87b30dc49e1a469a781482ea53ddf99fb892ec3796b9a68f62234c0ed72f2a3330f7af90f3afcdc90e2574b6ab5955ec6e64c13b75ab5e89 +DIST openssh-5.9p1-hpn13v11.diff.gz 21971 SHA256 6a47a9e57f87385cac9a380b0b1649b73532afaf40c15f62e9236427c84e7aae SHA512 6f7ae144ff61b4ec7913dc94c7ed9550cfcd30336e3bbfafc6c875c99cf0c90cd7f8ce89d530f2861b9bda95433d591673136ba5a31310226207f787257da3be WHIRLPOOL fe4d9f515e5c51b159b0aa51b01840003de443c2f3e8eca90b657d54f490273d1ba98dbabe2cf3a104edaa0971cae5f5f8c739691310822493f8f2705c01465d +DIST openssh-5.9p1.tar.gz 1110014 SHA256 8d3e8b6b6ff04b525a6dfa6fdeb6a99043ccf6c3310cc32eba84c939b07777d5 SHA512 ccf13e3cb11489f9f7e4788f93ffae1f2c39d48819f0e9cd9197842abc922173d2c3c1ad1a87a2acf4497d67cb9edd48416098388fa33fc0b8e09456b1be7e2f WHIRLPOOL 2e8bd89fd14954a232602a912845ed29a08ca40637f8863fed675b19d18944125ecdbf292c45cf5c297584df6c3131ae4fd3c6bc62595dfebb3831120ea21cd1 +DIST openssh-6.0p1+x509-7.1.diff.gz 200986 SHA256 c11e3837704a24393353fe264d61ffea8c1f23c0cb5b8261866c25677930768b SHA512 f45e16a21955546829c70bbad67a6af2cdf60fc6019d34c8563c3c328ffc477d1b31c3443ce032e7ff29d027979ecade476679d33c40961ac4ba65f96dac4b7f WHIRLPOOL 120063e566d721c233ea02cdf2ea114b7f707248962c126dd9def5377188283bb9da58a32a2d49453f4c37ad7a975e03bcdf106a28a0cb7e655eacc7c3f965c1 +DIST openssh-6.0p1-hpn13v11.diff.bz2 19979 SHA256 a096f6ee6dfddb3996b5e7b806ece2a7709c8cce6560eb026c28d3fb56f71ee9 SHA512 2805ddac19a5c4962e6a57d9a6efd3f17ebac82ee2b6a7eed60521a4fd23468d4be7f67e59562120fb21e1efa7ab9213be5d8ab8e3ff6fb9c2ccd6d6989f460f WHIRLPOOL a588288d0b3a64a8414bf1061055dbf41b8370e59fd89ab6cdc2fc7b93046b467aefb9f9196a65f96bda395db38e3841e1ad781341919829de0d9d8d2a220df1 +DIST openssh-6.0p1-hpn13v12.diff.gz 20223 SHA256 b6158c10fac153dd2a9f5d9b29df1e4db17a91f84f100b99526655317d9bf4c0 SHA512 d5decf82bfdbdcdcea974b3a8d990929908077851a3a8c122bda37e439e19e69973a371ac46683840263ec3c85fb2393a70183786f94b2afaff6577209f202c2 WHIRLPOOL 9347431c34737294f98aa07d1c4468ab0357e766c1ff55ad2e39af10041d9fa0e0253d36c5dde354513c97cf7ccb19ac1db7214c25797d57d917d4ee5a1199da +DIST openssh-6.0p1.tar.gz 1126034 SHA256 589d48e952d6c017e667873486b5df63222f9133d417d0002bd6429d9bd882de SHA512 4fe1f7e0d5e572575b11253916354b333a7eca558720885d5dceb7c89dc5da81cd57feaa4be756dfa4f3e9ef508e5f460e5fda221765191b1c02ae37431a444e WHIRLPOOL 7853155dfd35962ae31958600b6d4f94a3a916dac942f5f533cde3d85c8ea64066b887d66d7722bd647196f57df7ed27f62d5ec4588868754b6cdf999a404001 +DIST openssh-6.1p1+x509-7.2.1.diff.gz 208071 SHA256 02d3703d419fc72be819a4e7fc8cbbb269182862465b6a99cc7b2af32d75a181 SHA512 6c1786c2c32d884e7b8f15e39912ca1d8fb54b1132ffae6d8d4f262356a16267a8e549a822911d0f40eabe49015080ae35fdec521f90e0ef4d05554339f35fa0 WHIRLPOOL 7f260caebdc58fe415b3cb93b08600942a6b171b45df8ff1279d4280930a7103cbefac63ec7f32fdbf9bdcf64278c39bfd55c2dcb41ea5c4934574930494df67 +DIST openssh-6.1p1-hpn13v11.diff.bz2 19999 SHA256 08bfc1f3c582f23b3ce386e78baf37be4af03645fc6eef87f1ef819cc273ecc7 SHA512 4e21384ef4d0b7539c9b7aecb158748b959db7ec84fa023f7969c2db50794e1f68bab375cdea9c2ae8fe16b759650e250aa21d6b8772a1c671d2e1e59adef08a WHIRLPOOL 3918c2c118908e67de4523c8d1f142ca4b2d2d7c045c2337b2f7914096108cf1a138009a838519d292e53fec454ced3a9590bbddf93096bd377196bd7d73ed55 +DIST openssh-6.1p1.tar.gz 1134820 SHA256 d1c157f6c0852e90c191cc7c9018a583b51e3db4035489cb262639d337a1c411 SHA512 1cd58f18b047fa92a3155fa215d69c04e1f03914488a21bcda5434899df6055567e59f77063f0080b0cb437bb2396d3bf4050ed0c5ea2d1dc20d6fd928d5a76c WHIRLPOOL a1ecf33e8c4048c59e55d38cc8bb3f89357ac8fb74fdbb57e24e111e1749620fe6f7e329a744e3cfc9ced3e445539ce85926c7877a0f12475ccf14f124f9234b +DIST openssh-lpk-5.9p1-0.3.14.patch.gz 18335 SHA256 1a922d57a2e7020bf597135437a57080d7d046c9f41a7a53559945ddddbe0892 SHA512 eb4641d30e221eaa409d22ab423e38c1a31dd9dfeacbf978c94827194cb838cc0f832bf96aa4c494a71a5d5d1b90fc6789e8469e35d82ffcaf54305f07ccdb9b WHIRLPOOL 6748426d6d0cda07729744d8993d96a762134a61acf757afc1618ada5cbd9752d9211a89be831e5a4f1744f70cc4fc643b5f745d1f785b53a4e1dbf9d7c92680 +DIST openssh-lpk-6.0p1-0.3.14.patch.gz 18401 SHA256 d0f3d55fd92ecc45aa6120d6ea919c903e4828ce0c2b07612c742a2aa7648beb SHA512 ebf680b90bc289c0d69c22fd6fd666032cdcf4c3850ecdf03e264200d60c50a12f4a5254907c6ab850727216e7837176be5564ae22b68d9b80a67c62f372a9dd WHIRLPOOL 4f8b32c77fc2a9205d283109ccd787a3f37757c18060da39c63147ff09f6b922f4a57ca1ba8d0cdc692f3f1eaba3e5e88eb4287f728ddaaf544d2d425c0cca91 +DIST openssh-lpk-6.1p1-0.3.14.patch.gz 18458 SHA256 2d0e40116e021913668519a42743f89b8fb77f8d5beed863d620cc79999b0b79 SHA512 9cfd83e650cedbc3950b8cf80d0b36fbb7dff8fbe7d017378f9a2ae18189fa6e459e323dae6cd1fa1d82ff948f628563892d0a0f30113b3a8ba5269fe051e784 WHIRLPOOL c1ee5570f0bfb3191c602d575e0e05cabe7d42183bd78c07cac19a2743a59f110728e309fcee6f0b6abc7b141ae8c701d92d010d2b7737739b4cac92406552fa +EBUILD openssh-5.9_p1-r4.ebuild 9210 SHA256 efed8260b1799d44b3d313539c7f88761761e665ab38b2740895d6a99405152c SHA512 e9344b99a24fce4c3f2c186108443079fc66b410373170e57d3be04a74678579fd2dcf136344ca820b8b7f75121ef924c4b36e6a2dfa11dc298dabcd8d91fb98 WHIRLPOOL 9add398de7095604a716a2b76f3bd5ce7cd8035304efaaa1a6a60557804c5714160d582a6f768a2024d8f466db31aca10b4028746d450f09c9b6874e893d6442 +EBUILD openssh-6.0_p1-r1.ebuild 9488 SHA256 f99e6f51f5fc1809cc093e84834699097802d92f8aee712ffcdf1b8548698c08 SHA512 10b19d45b60658e3c61fb74a4c6d4ae1341b4d1129faaa08ec3b655a64f1dc3625ffbe363add33c8e31ac5ebf66cd24415c2324bd5c8d23fad4191e431143be3 WHIRLPOOL 0c35ba4608a5a4fd6c65bfed0f3cde8e8cd7067a94bacf41104c2f0105146a5c79bdec873c2c3a6086637359805ecbb353a2abc9c6e0f2a93a409650aadfff78 +EBUILD openssh-6.0_p1.ebuild 9485 SHA256 32c4280a8babafa169543a919f4cf31231c3d759a7c116b42e3c3981242c0d59 SHA512 bae20dfbea14cfc30f16c7619d63a4a4cb2546d9d5e903e93e3c4d18745c1398d42ab6580a3e10609d81e1020b8f54c35b6413e168775efd3cb8fab064d67f8a WHIRLPOOL 24d16d37714e69a0d4593b745feeb54853e8d7b2de799be8ed76c0e09fe9459da8a3bfbb67b36f120345fc24fdc307a346c4fcb79b95fd8831e8944383f36759 +EBUILD openssh-6.1_p1-r1.ebuild 10144 SHA256 d3a9498da4e88e1a90c5d6573152019f681b12e046dfa0b6a0f186b198cf5bcc SHA512 eb4e95964daa6249c87b3589d85f74fa8ba2bef39e65c9886614a4198aecdc4a7924f9c0d8822a0fbf5d47d26f2f201fcee40dcdf5fc9b773ba1bb4400d75f0c WHIRLPOOL b25c79632964123988bfa97b24c063edf566da56501cd20d6da6ac6aa77e1dc33340a528af20ab2d0404e9a4d7876d61d29dd8d38feba3b7cce205a098372565 +EBUILD openssh-6.1_p1.ebuild 9582 SHA256 e4e060b08be1ae2238889463ad257e6d3b60ccc33c0bd6e5f73e63155795b2cc SHA512 dc3376d4317fe4692b0e3a62acfe7307df0208744dfd35f585eee9768e16493b81dc1ac854f32050dc21470cf1e7681a71c463c4e15a86d8a4b1c99dfdbc83fd WHIRLPOOL d2e7fe4d73ee58318b2b3099d18596db58d2d988e26a1792b9d68dadd3a0fbcda20bf52faf8006913614c995cd7cb7a2e69492c12ede66016639466206fbbc98 +MISC ChangeLog 75754 SHA256 5fd858c44b140031d196ab18449f5daf74d2c5e5d98d0b4baea7ac61c16f6f15 SHA512 8ad2f358741f793aeee19c674177519c696bc1d39fd61336ae46ce423c05ae8221d1d1acb3ec959fbb821debf210761d95cded53b20d40b5a78d7c325ccab7a2 WHIRLPOOL f79d0e0d6db81f5768b4ee3de42508a7ab25ab3ca666410c63065f525e85ca045e30adad0e36799ce5906fe8d3fd8a27cfb68c13a5e8c321226ea1c2382aab5e +MISC metadata.xml 1749 SHA256 efc4abf9bfbc17c1312052e84e77058539851b2e9d0fffb16b2c13bcfda08993 SHA512 18e254f223ddd5bba1b1c4f0ecdd78bffe446a23108bc649d73d8ba626e2940a5a9c5878ab1f8b2689434876e76260fe5a9970649a1287f51033862cf0d5ce36 WHIRLPOOL acb0ce741349f25dbfd58a02a72f5ca45a42ba5441b96766a91b381ed9735efe5105fd6dfaf576bf2dfdd4ef0ed542f81601d74378bc526aac9c0165672dffac diff --git a/sdk_container/src/third_party/portage-stable/net-misc/openssh/files/openssh-3.9_p1-opensc.patch b/sdk_container/src/third_party/portage-stable/net-misc/openssh/files/openssh-3.9_p1-opensc.patch new file mode 100644 index 0000000000..c81dcc9dfe --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/net-misc/openssh/files/openssh-3.9_p1-opensc.patch @@ -0,0 +1,130 @@ +http://bugs.gentoo.org/43593 +http://bugzilla.mindrot.org/show_bug.cgi?id=608 + +Index: scard-opensc.c +=================================================================== +RCS file: /cvs/openssh/scard-opensc.c,v +retrieving revision 1.12 +--- scard-opensc.c ++++ scard-opensc.c +@@ -38,6 +38,8 @@ + #include "readpass.h" + #include "scard.h" + ++int ask_for_pin=0; ++ + #if OPENSSL_VERSION_NUMBER < 0x00907000L && defined(CRYPTO_LOCK_ENGINE) + #define USE_ENGINE + #define RSA_get_default_method RSA_get_default_openssl_method +@@ -119,6 +121,7 @@ + struct sc_pkcs15_prkey_info *key; + struct sc_pkcs15_object *pin_obj; + struct sc_pkcs15_pin_info *pin; ++ char *passphrase = NULL; + + priv = (struct sc_priv_data *) RSA_get_app_data(rsa); + if (priv == NULL) +@@ -156,24 +159,47 @@ + goto err; + } + pin = pin_obj->data; ++ ++ if (sc_pin) ++ passphrase = sc_pin; ++ else if (ask_for_pin) { ++ /* we need a pin but don't have one => ask for the pin */ ++ char prompt[64]; ++ ++ snprintf(prompt, sizeof(prompt), "Enter PIN for %s: ", ++ key_obj->label ? key_obj->label : "smartcard key"); ++ passphrase = read_passphrase(prompt, 0); ++ if (!passphrase || !strcmp(passphrase, "")) ++ goto err; ++ } else ++ /* no pin => error */ ++ goto err; ++ + r = sc_lock(card); + if (r) { + error("Unable to lock smartcard: %s", sc_strerror(r)); + goto err; + } +- if (sc_pin != NULL) { +- r = sc_pkcs15_verify_pin(p15card, pin, sc_pin, +- strlen(sc_pin)); +- if (r) { +- sc_unlock(card); +- error("PIN code verification failed: %s", +- sc_strerror(r)); +- goto err; +- } ++ r = sc_pkcs15_verify_pin(p15card, pin, passphrase, ++ strlen(passphrase)); ++ if (r) { ++ sc_unlock(card); ++ error("PIN code verification failed: %s", ++ sc_strerror(r)); ++ goto err; + } ++ + *key_obj_out = key_obj; ++ if (!sc_pin) { ++ memset(passphrase, 0, strlen(passphrase)); ++ xfree(passphrase); ++ } + return 0; + err: ++ if (!sc_pin && passphrase) { ++ memset(passphrase, 0, strlen(passphrase)); ++ xfree(passphrase); ++ } + sc_close(); + return -1; + } +Index: scard.c +=================================================================== +RCS file: /cvs/openssh/scard.c,v +retrieving revision 1.27 +--- scard.c ++++ scard.c +@@ -35,6 +35,9 @@ + #include "readpass.h" + #include "scard.h" + ++/* currently unused */ ++int ask_for_pin = 0; ++ + #if OPENSSL_VERSION_NUMBER < 0x00907000L + #define USE_ENGINE + #define RSA_get_default_method RSA_get_default_openssl_method +Index: scard.h +=================================================================== +RCS file: /cvs/openssh/scard.h,v +retrieving revision 1.10 +--- scard.h ++++ scard.h +@@ -33,6 +33,8 @@ + #define SCARD_ERROR_NOCARD -2 + #define SCARD_ERROR_APPLET -3 + ++extern int ask_for_pin; ++ + Key **sc_get_keys(const char *, const char *); + void sc_close(void); + int sc_put_key(Key *, const char *); +Index: ssh.c +=================================================================== +RCS file: /cvs/openssh/ssh.c,v +retrieving revision 1.180 +--- ssh.c ++++ ssh.c +@@ -1155,6 +1155,9 @@ + #ifdef SMARTCARD + Key **keys; + ++ if (!options.batch_mode) ++ ask_for_pin = 1; ++ + if (options.smartcard_device != NULL && + options.num_identity_files < SSH_MAX_IDENTITY_FILES && + (keys = sc_get_keys(options.smartcard_device, NULL)) != NULL ) { diff --git a/sdk_container/src/third_party/portage-stable/net-misc/openssh/files/openssh-4.4_p1-ldap-hpn-glue.patch b/sdk_container/src/third_party/portage-stable/net-misc/openssh/files/openssh-4.4_p1-ldap-hpn-glue.patch new file mode 100644 index 0000000000..20e796b5f9 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/net-misc/openssh/files/openssh-4.4_p1-ldap-hpn-glue.patch @@ -0,0 +1,54 @@ +allow ldap and hpn patches to play nice + +--- servconf.c ++++ servconf.c +@@ -116,24 +116,6 @@ + options->num_allow_groups = 0; + options->num_deny_groups = 0; + options->ciphers = NULL; +- options->macs = NULL; +- options->protocol = SSH_PROTO_UNKNOWN; +- options->gateway_ports = -1; +- options->num_subsystems = 0; +- options->max_startups_begin = -1; +- options->max_startups_rate = -1; +- options->max_startups = -1; +- options->max_authtries = -1; +- options->banner = NULL; +- options->use_dns = -1; +- options->client_alive_interval = -1; +- options->client_alive_count_max = -1; +- options->authorized_keys_file = NULL; +- options->authorized_keys_file2 = NULL; +- options->num_accept_env = 0; +- options->permit_tun = -1; +- options->num_permitted_opens = -1; +- options->adm_forced_command = NULL; + #ifdef WITH_LDAP_PUBKEY + /* XXX dirty */ + options->lpk.ld = NULL; +@@ -152,6 +134,24 @@ + options->lpk.flags = FLAG_EMPTY; + #endif + ++ options->macs = NULL; ++ options->protocol = SSH_PROTO_UNKNOWN; ++ options->gateway_ports = -1; ++ options->num_subsystems = 0; ++ options->max_startups_begin = -1; ++ options->max_startups_rate = -1; ++ options->max_startups = -1; ++ options->max_authtries = -1; ++ options->banner = NULL; ++ options->use_dns = -1; ++ options->client_alive_interval = -1; ++ options->client_alive_count_max = -1; ++ options->authorized_keys_file = NULL; ++ options->authorized_keys_file2 = NULL; ++ options->num_accept_env = 0; ++ options->permit_tun = -1; ++ options->num_permitted_opens = -1; ++ options->adm_forced_command = NULL; + } + + void diff --git a/sdk_container/src/third_party/portage-stable/net-misc/openssh/files/openssh-4.7_p1-GSSAPI-dns.patch b/sdk_container/src/third_party/portage-stable/net-misc/openssh/files/openssh-4.7_p1-GSSAPI-dns.patch new file mode 100644 index 0000000000..c81ae5cb70 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/net-misc/openssh/files/openssh-4.7_p1-GSSAPI-dns.patch @@ -0,0 +1,127 @@ +http://bugs.gentoo.org/165444 +https://bugzilla.mindrot.org/show_bug.cgi?id=1008 + +Index: readconf.c +=================================================================== +RCS file: /cvs/openssh/readconf.c,v +retrieving revision 1.135 +diff -u -r1.135 readconf.c +--- readconf.c 5 Aug 2006 02:39:40 -0000 1.135 ++++ readconf.c 19 Aug 2006 11:59:52 -0000 +@@ -126,6 +126,7 @@ + oClearAllForwardings, oNoHostAuthenticationForLocalhost, + oEnableSSHKeysign, oRekeyLimit, oVerifyHostKeyDNS, oConnectTimeout, + oAddressFamily, oGssAuthentication, oGssDelegateCreds, ++ oGssTrustDns, + oServerAliveInterval, oServerAliveCountMax, oIdentitiesOnly, + oSendEnv, oControlPath, oControlMaster, oHashKnownHosts, + oTunnel, oTunnelDevice, oLocalCommand, oPermitLocalCommand, +@@ -163,9 +164,11 @@ + #if defined(GSSAPI) + { "gssapiauthentication", oGssAuthentication }, + { "gssapidelegatecredentials", oGssDelegateCreds }, ++ { "gssapitrustdns", oGssTrustDns }, + #else + { "gssapiauthentication", oUnsupported }, + { "gssapidelegatecredentials", oUnsupported }, ++ { "gssapitrustdns", oUnsupported }, + #endif + { "fallbacktorsh", oDeprecated }, + { "usersh", oDeprecated }, +@@ -444,6 +447,10 @@ + intptr = &options->gss_deleg_creds; + goto parse_flag; + ++ case oGssTrustDns: ++ intptr = &options->gss_trust_dns; ++ goto parse_flag; ++ + case oBatchMode: + intptr = &options->batch_mode; + goto parse_flag; +@@ -1010,6 +1017,7 @@ + options->challenge_response_authentication = -1; + options->gss_authentication = -1; + options->gss_deleg_creds = -1; ++ options->gss_trust_dns = -1; + options->password_authentication = -1; + options->kbd_interactive_authentication = -1; + options->kbd_interactive_devices = NULL; +@@ -1100,6 +1108,8 @@ + options->gss_authentication = 0; + if (options->gss_deleg_creds == -1) + options->gss_deleg_creds = 0; ++ if (options->gss_trust_dns == -1) ++ options->gss_trust_dns = 0; + if (options->password_authentication == -1) + options->password_authentication = 1; + if (options->kbd_interactive_authentication == -1) +Index: readconf.h +=================================================================== +RCS file: /cvs/openssh/readconf.h,v +retrieving revision 1.63 +diff -u -r1.63 readconf.h +--- readconf.h 5 Aug 2006 02:39:40 -0000 1.63 ++++ readconf.h 19 Aug 2006 11:59:52 -0000 +@@ -45,6 +45,7 @@ + /* Try S/Key or TIS, authentication. */ + int gss_authentication; /* Try GSS authentication */ + int gss_deleg_creds; /* Delegate GSS credentials */ ++ int gss_trust_dns; /* Trust DNS for GSS canonicalization */ + int password_authentication; /* Try password + * authentication. */ + int kbd_interactive_authentication; /* Try keyboard-interactive auth. */ +Index: ssh_config.5 +=================================================================== +RCS file: /cvs/openssh/ssh_config.5,v +retrieving revision 1.97 +diff -u -r1.97 ssh_config.5 +--- ssh_config.5 5 Aug 2006 01:34:51 -0000 1.97 ++++ ssh_config.5 19 Aug 2006 11:59:53 -0000 +@@ -483,7 +483,16 @@ + Forward (delegate) credentials to the server. + The default is + .Dq no . +-Note that this option applies to protocol version 2 only. ++Note that this option applies to protocol version 2 connections using GSSAPI. ++.It Cm GSSAPITrustDns ++Set to ++.Dq yes to indicate that the DNS is trusted to securely canonicalize ++the name of the host being connected to. If ++.Dq no, the hostname entered on the ++command line will be passed untouched to the GSSAPI library. ++The default is ++.Dq no . ++This option only applies to protocol version 2 connections using GSSAPI. + .It Cm HashKnownHosts + Indicates that + .Xr ssh 1 +Index: sshconnect2.c +=================================================================== +RCS file: /cvs/openssh/sshconnect2.c,v +retrieving revision 1.151 +diff -u -r1.151 sshconnect2.c +--- sshconnect2.c 18 Aug 2006 14:33:34 -0000 1.151 ++++ sshconnect2.c 19 Aug 2006 11:59:53 -0000 +@@ -499,6 +499,12 @@ + static u_int mech = 0; + OM_uint32 min; + int ok = 0; ++ const char *gss_host; ++ ++ if (options.gss_trust_dns) ++ gss_host = get_canonical_hostname(1); ++ else ++ gss_host = authctxt->host; + + /* Try one GSSAPI method at a time, rather than sending them all at + * once. */ +@@ -511,7 +517,7 @@ + /* My DER encoding requires length<128 */ + if (gss_supported->elements[mech].length < 128 && + ssh_gssapi_check_mechanism(&gssctxt, +- &gss_supported->elements[mech], authctxt->host)) { ++ &gss_supported->elements[mech], gss_host)) { + ok = 1; /* Mechanism works */ + } else { + mech++; diff --git a/sdk_container/src/third_party/portage-stable/net-misc/openssh/files/openssh-4.7p1-selinux.diff b/sdk_container/src/third_party/portage-stable/net-misc/openssh/files/openssh-4.7p1-selinux.diff new file mode 100644 index 0000000000..f1c5c8723a --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/net-misc/openssh/files/openssh-4.7p1-selinux.diff @@ -0,0 +1,11 @@ +diff -purN openssh-4.7p1.orig/configure.ac openssh-4.7p1/configure.ac +--- openssh-4.7p1.orig/configure.ac 2007-08-10 00:36:12.000000000 -0400 ++++ openssh-4.7p1/configure.ac 2008-03-31 19:38:54.548935620 -0400 +@@ -3211,6 +3211,7 @@ AC_ARG_WITH(selinux, + AC_CHECK_LIB(selinux, setexeccon, [ LIBSELINUX="-lselinux" ], + AC_MSG_ERROR(SELinux support requires libselinux library)) + SSHDLIBS="$SSHDLIBS $LIBSELINUX" ++ LIBS="$LIBS $LIBSELINUX" + AC_CHECK_FUNCS(getseuserbyname get_default_context_with_level) + LIBS="$save_LIBS" + fi ] diff --git a/sdk_container/src/third_party/portage-stable/net-misc/openssh/files/openssh-4.9_p1-x509-hpn-glue.patch b/sdk_container/src/third_party/portage-stable/net-misc/openssh/files/openssh-4.9_p1-x509-hpn-glue.patch new file mode 100644 index 0000000000..a024b71400 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/net-misc/openssh/files/openssh-4.9_p1-x509-hpn-glue.patch @@ -0,0 +1,91 @@ +move things around so hpn applies cleanly when using X509 + +--- servconf.c ++++ servconf.c +@@ -106,6 +106,17 @@ + options->log_level = SYSLOG_LEVEL_NOT_SET; + options->rhosts_rsa_authentication = -1; + options->hostbased_authentication = -1; ++ options->hostbased_algorithms = NULL; ++ options->pubkey_algorithms = NULL; ++ ssh_x509flags_initialize(&options->x509flags, 1); ++#ifndef SSH_X509STORE_DISABLED ++ ssh_x509store_initialize(&options->ca); ++#endif /*ndef SSH_X509STORE_DISABLED*/ ++#ifdef SSH_OCSP_ENABLED ++ options->va.type = -1; ++ options->va.certificate_file = NULL; ++ options->va.responder_url = NULL; ++#endif /*def SSH_OCSP_ENABLED*/ + options->hostbased_uses_name_from_packet_only = -1; + options->rsa_authentication = -1; + options->pubkey_authentication = -1; +@@ -147,18 +158,6 @@ + options->num_permitted_opens = -1; + options->adm_forced_command = NULL; + options->chroot_directory = NULL; +- +- options->hostbased_algorithms = NULL; +- options->pubkey_algorithms = NULL; +- ssh_x509flags_initialize(&options->x509flags, 1); +-#ifndef SSH_X509STORE_DISABLED +- ssh_x509store_initialize(&options->ca); +-#endif /*ndef SSH_X509STORE_DISABLED*/ +-#ifdef SSH_OCSP_ENABLED +- options->va.type = -1; +- options->va.certificate_file = NULL; +- options->va.responder_url = NULL; +-#endif /*def SSH_OCSP_ENABLED*/ + } + + void +@@ -329,6 +329,16 @@ + /* Portable-specific options */ + sUsePAM, + /* Standard Options */ ++ sHostbasedAlgorithms, ++ sPubkeyAlgorithms, ++ sX509KeyAlgorithm, ++ sAllowedClientCertPurpose, ++ sKeyAllowSelfIssued, sMandatoryCRL, ++ sCACertificateFile, sCACertificatePath, ++ sCARevocationFile, sCARevocationPath, ++ sCAldapVersion, sCAldapURL, ++ sVAType, sVACertificateFile, ++ sVAOCSPResponderURL, + sPort, sHostKeyFile, sServerKeyBits, sLoginGraceTime, sKeyRegenerationTime, + sPermitRootLogin, sLogFacility, sLogLevel, + sRhostsRSAAuthentication, sRSAAuthentication, +@@ -351,16 +361,6 @@ + sGssAuthentication, sGssCleanupCreds, sAcceptEnv, sPermitTunnel, + sMatch, sPermitOpen, sForceCommand, + sUsePrivilegeSeparation, +- sHostbasedAlgorithms, +- sPubkeyAlgorithms, +- sX509KeyAlgorithm, +- sAllowedClientCertPurpose, +- sKeyAllowSelfIssued, sMandatoryCRL, +- sCACertificateFile, sCACertificatePath, +- sCARevocationFile, sCARevocationPath, +- sCAldapVersion, sCAldapURL, +- sVAType, sVACertificateFile, +- sVAOCSPResponderURL, + sDeprecated, sUnsupported + } ServerOpCodes; + +--- Makefile.in ++++ Makefile.in +@@ -44,11 +44,12 @@ + CC=@CC@ + LD=@LD@ + CFLAGS=@CFLAGS@ +-CPPFLAGS=-I. -I$(srcdir) @CPPFLAGS@ @LDAP_CPPFLAGS@ $(PATHS) @DEFS@ ++CPPFLAGS=-I. -I$(srcdir) @CPPFLAGS@ $(PATHS) @DEFS@ + LIBS=@LIBS@ + SSHDLIBS=@SSHDLIBS@ + LIBEDIT=@LIBEDIT@ + LIBLDAP=@LDAP_LDFLAGS@ @LDAP_LIBS@ ++CPPFLAGS += @LDAP_CPPFLAGS@ + AR=@AR@ + AWK=@AWK@ + RANLIB=@RANLIB@ diff --git a/sdk_container/src/third_party/portage-stable/net-misc/openssh/files/openssh-5.1_p1-better-ssp-check.patch b/sdk_container/src/third_party/portage-stable/net-misc/openssh/files/openssh-5.1_p1-better-ssp-check.patch new file mode 100644 index 0000000000..cc986fcce7 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/net-misc/openssh/files/openssh-5.1_p1-better-ssp-check.patch @@ -0,0 +1,21 @@ +a simple 'int main(){}' function won't generate references to SSP functions +when using -fstack-protector which means systems that dont have SSP support +wont get properly detected as lacking support. instead, create a big buffer +on the stack and use it as that seems to do the trick. + +https://bugzilla.mindrot.org/show_bug.cgi?id=1538 +https://bugs.gentoo.org/244776 + +--- openssh-5.1p1/configure.ac ++++ openssh-5.1p1/configure.ac +@@ -145,8 +145,8 @@ int main(void){return 0;} + AC_MSG_CHECKING(if $t works) + AC_RUN_IFELSE( + [AC_LANG_SOURCE([ +-#include +-int main(void){exit(0);} ++#include ++int main(void){char foo[[1024]];return sprintf(foo, "moo cow") == 7;} + ])], + [ AC_MSG_RESULT(yes) + break ], diff --git a/sdk_container/src/third_party/portage-stable/net-misc/openssh/files/openssh-5.1_p1-escaped-banner.patch b/sdk_container/src/third_party/portage-stable/net-misc/openssh/files/openssh-5.1_p1-escaped-banner.patch new file mode 100644 index 0000000000..440772245d --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/net-misc/openssh/files/openssh-5.1_p1-escaped-banner.patch @@ -0,0 +1,18 @@ +don't escape the banner output + +http://bugs.gentoo.org/244222 +https://bugzilla.mindrot.org/show_bug.cgi?id=1533 + +fix by Michał Górny + +--- sshconnect2.c ++++ sshconnect2.c +@@ -415,7 +415,7 @@ input_userauth_banner(int type, u_int32_t seq, void *ctxt) + if (len > 65536) + len = 65536; + msg = xmalloc(len * 4 + 1); /* max expansion from strnvis() */ +- strnvis(msg, raw, len * 4 + 1, VIS_SAFE|VIS_OCTAL); ++ strnvis(msg, raw, len * 4 + 1, VIS_SAFE|VIS_OCTAL|VIS_NOSLASH); + fprintf(stderr, "%s", msg); + xfree(msg); + } diff --git a/sdk_container/src/third_party/portage-stable/net-misc/openssh/files/openssh-5.1_p1-ldap-hpn-glue.patch b/sdk_container/src/third_party/portage-stable/net-misc/openssh/files/openssh-5.1_p1-ldap-hpn-glue.patch new file mode 100644 index 0000000000..e6e22e865d --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/net-misc/openssh/files/openssh-5.1_p1-ldap-hpn-glue.patch @@ -0,0 +1,55 @@ +diff -Nuar --exclude '*.rej' --exclude '*.orig' openssh-5.1p1+lpk/servconf.c openssh-5.1p1+lpk+glue/servconf.c +--- openssh-5.1p1+lpk/servconf.c 2008-08-23 14:37:18.000000000 -0700 ++++ openssh-5.1p1+lpk+glue/servconf.c 2008-08-23 14:52:19.000000000 -0700 +@@ -111,6 +111,25 @@ + options->num_allow_groups = 0; + options->num_deny_groups = 0; + options->ciphers = NULL; ++#ifdef WITH_LDAP_PUBKEY ++ /* XXX dirty */ ++ options->lpk.ld = NULL; ++ options->lpk.on = -1; ++ options->lpk.servers = NULL; ++ options->lpk.u_basedn = NULL; ++ options->lpk.g_basedn = NULL; ++ options->lpk.binddn = NULL; ++ options->lpk.bindpw = NULL; ++ options->lpk.sgroup = NULL; ++ options->lpk.filter = NULL; ++ options->lpk.fgroup = NULL; ++ options->lpk.l_conf = NULL; ++ options->lpk.tls = -1; ++ options->lpk.b_timeout.tv_sec = -1; ++ options->lpk.s_timeout.tv_sec = -1; ++ options->lpk.flags = FLAG_EMPTY; ++#endif ++ + options->macs = NULL; + options->protocol = SSH_PROTO_UNKNOWN; + options->gateway_ports = -1; +@@ -131,25 +150,6 @@ + options->num_permitted_opens = -1; + options->adm_forced_command = NULL; + options->chroot_directory = NULL; +-#ifdef WITH_LDAP_PUBKEY +- /* XXX dirty */ +- options->lpk.ld = NULL; +- options->lpk.on = -1; +- options->lpk.servers = NULL; +- options->lpk.u_basedn = NULL; +- options->lpk.g_basedn = NULL; +- options->lpk.binddn = NULL; +- options->lpk.bindpw = NULL; +- options->lpk.sgroup = NULL; +- options->lpk.filter = NULL; +- options->lpk.fgroup = NULL; +- options->lpk.l_conf = NULL; +- options->lpk.tls = -1; +- options->lpk.b_timeout.tv_sec = -1; +- options->lpk.s_timeout.tv_sec = -1; +- options->lpk.flags = FLAG_EMPTY; +-#endif +- + } + + void diff --git a/sdk_container/src/third_party/portage-stable/net-misc/openssh/files/openssh-5.1_p1-null-banner.patch b/sdk_container/src/third_party/portage-stable/net-misc/openssh/files/openssh-5.1_p1-null-banner.patch new file mode 100644 index 0000000000..79e5a6c264 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/net-misc/openssh/files/openssh-5.1_p1-null-banner.patch @@ -0,0 +1,35 @@ +apply fixes from upstream for empty banner + +https://bugzilla.mindrot.org/show_bug.cgi?id=1496 +http://bugs.gentoo.org/244222 + +---------------------------- +revision 1.168 +date: 2008/10/03 23:56:28; author: deraadt; state: Exp; lines: +3 -3 +Repair strnvis() buffersize of 4*n+1, with termination gauranteed by the +function. +spotted by des@freebsd, who commited an incorrect fix to the freebsd tree +and (as is fairly typical) did not report the problem to us. But this fix +is correct. +ok djm +---------------------------- +revision 1.167 +date: 2008/07/31 14:48:28; author: markus; state: Exp; lines: +2 -2 +don't allocate space for empty banners; report t8m at centrum.cz; ok deraadt +--- src/usr.bin/ssh/sshconnect2.c 2008/07/17 09:48:00 1.166 ++++ src/usr.bin/ssh/sshconnect2.c 2008/10/04 00:56:28 1.168 +@@ -377,11 +377,11 @@ input_userauth_banner(int type, u_int32_t seq, void *c + debug3("input_userauth_banner"); + raw = packet_get_string(&len); + lang = packet_get_string(NULL); +- if (options.log_level >= SYSLOG_LEVEL_INFO) { ++ if (len > 0 && options.log_level >= SYSLOG_LEVEL_INFO) { + if (len > 65536) + len = 65536; +- msg = xmalloc(len * 4); /* max expansion from strnvis() */ +- strnvis(msg, raw, len * 4, VIS_SAFE|VIS_OCTAL); ++ msg = xmalloc(len * 4 + 1); /* max expansion from strnvis() */ ++ strnvis(msg, raw, len * 4 + 1, VIS_SAFE|VIS_OCTAL); + fprintf(stderr, "%s", msg); + xfree(msg); + } diff --git a/sdk_container/src/third_party/portage-stable/net-misc/openssh/files/openssh-5.1_p1-x509-headers.patch b/sdk_container/src/third_party/portage-stable/net-misc/openssh/files/openssh-5.1_p1-x509-headers.patch new file mode 100644 index 0000000000..b572c2a46e --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/net-misc/openssh/files/openssh-5.1_p1-x509-headers.patch @@ -0,0 +1,14 @@ +need strsep() prototype for 64bit systems + +http://bugs.gentoo.org/258795 + +--- a/auth2-pubkey.c ++++ b/auth2-pubkey.c +@@ -54,6 +54,7 @@ + #endif + #include "monitor_wrap.h" + #include "ssh-x509.h" ++#include + #include "misc.h" + + /* import */ diff --git a/sdk_container/src/third_party/portage-stable/net-misc/openssh/files/openssh-5.1_p1-x509-hpn-glue.patch b/sdk_container/src/third_party/portage-stable/net-misc/openssh/files/openssh-5.1_p1-x509-hpn-glue.patch new file mode 100644 index 0000000000..85f87737e4 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/net-misc/openssh/files/openssh-5.1_p1-x509-hpn-glue.patch @@ -0,0 +1,96 @@ +Move things around so hpn applies cleanly when using X509. + +Forward-Ported-from: files/openssh-4.9_p1-x509-hpn-glue.patch +Signed-off-by: Robin H. Johnson + +diff -Nuar --exclude '*.orig' --exclude '*.rej' openssh-5.1p1+x509/Makefile.in openssh-5.1p1+x509-hpn-glue/Makefile.in +--- openssh-5.1p1+x509/Makefile.in 2008-08-23 14:12:53.000000000 -0700 ++++ openssh-5.1p1+x509-hpn-glue/Makefile.in 2008-08-23 14:13:51.000000000 -0700 +@@ -44,11 +44,12 @@ + CC=@CC@ + LD=@LD@ + CFLAGS=@CFLAGS@ +-CPPFLAGS=-I. -I$(srcdir) @CPPFLAGS@ @LDAP_CPPFLAGS@ $(PATHS) @DEFS@ ++CPPFLAGS=-I. -I$(srcdir) @CPPFLAGS@ $(PATHS) @DEFS@ + LIBS=@LIBS@ + SSHDLIBS=@SSHDLIBS@ + LIBEDIT=@LIBEDIT@ + LIBLDAP=@LDAP_LDFLAGS@ @LDAP_LIBS@ ++CPPFLAGS += @LDAP_CPPFLAGS@ + AR=@AR@ + AWK=@AWK@ + RANLIB=@RANLIB@ +diff -Nuar --exclude '*.orig' --exclude '*.rej' openssh-5.1p1+x509/servconf.c openssh-5.1p1+x509-hpn-glue/servconf.c +--- openssh-5.1p1+x509/servconf.c 2008-08-23 14:12:53.000000000 -0700 ++++ openssh-5.1p1+x509-hpn-glue/servconf.c 2008-08-23 14:23:56.000000000 -0700 +@@ -108,6 +108,17 @@ + options->log_level = SYSLOG_LEVEL_NOT_SET; + options->rhosts_rsa_authentication = -1; + options->hostbased_authentication = -1; ++ options->hostbased_algorithms = NULL; ++ options->pubkey_algorithms = NULL; ++ ssh_x509flags_initialize(&options->x509flags, 1); ++#ifndef SSH_X509STORE_DISABLED ++ ssh_x509store_initialize(&options->ca); ++#endif /*ndef SSH_X509STORE_DISABLED*/ ++#ifdef SSH_OCSP_ENABLED ++ options->va.type = -1; ++ options->va.certificate_file = NULL; ++ options->va.responder_url = NULL; ++#endif /*def SSH_OCSP_ENABLED*/ + options->hostbased_uses_name_from_packet_only = -1; + options->rsa_authentication = -1; + options->pubkey_authentication = -1; +@@ -151,18 +162,6 @@ + options->num_permitted_opens = -1; + options->adm_forced_command = NULL; + options->chroot_directory = NULL; +- +- options->hostbased_algorithms = NULL; +- options->pubkey_algorithms = NULL; +- ssh_x509flags_initialize(&options->x509flags, 1); +-#ifndef SSH_X509STORE_DISABLED +- ssh_x509store_initialize(&options->ca); +-#endif /*ndef SSH_X509STORE_DISABLED*/ +-#ifdef SSH_OCSP_ENABLED +- options->va.type = -1; +- options->va.certificate_file = NULL; +- options->va.responder_url = NULL; +-#endif /*def SSH_OCSP_ENABLED*/ + } + + void +@@ -338,6 +337,16 @@ + /* Portable-specific options */ + sUsePAM, + /* Standard Options */ ++ sHostbasedAlgorithms, ++ sPubkeyAlgorithms, ++ sX509KeyAlgorithm, ++ sAllowedClientCertPurpose, ++ sKeyAllowSelfIssued, sMandatoryCRL, ++ sCACertificateFile, sCACertificatePath, ++ sCARevocationFile, sCARevocationPath, ++ sCAldapVersion, sCAldapURL, ++ sVAType, sVACertificateFile, ++ sVAOCSPResponderURL, + sPort, sHostKeyFile, sServerKeyBits, sLoginGraceTime, sKeyRegenerationTime, + sPermitRootLogin, sLogFacility, sLogLevel, + sRhostsRSAAuthentication, sRSAAuthentication, +@@ -360,16 +369,6 @@ + sGssAuthentication, sGssCleanupCreds, sAcceptEnv, sPermitTunnel, + sMatch, sPermitOpen, sForceCommand, sChrootDirectory, + sUsePrivilegeSeparation, sAllowAgentForwarding, +- sHostbasedAlgorithms, +- sPubkeyAlgorithms, +- sX509KeyAlgorithm, +- sAllowedClientCertPurpose, +- sKeyAllowSelfIssued, sMandatoryCRL, +- sCACertificateFile, sCACertificatePath, +- sCARevocationFile, sCARevocationPath, +- sCAldapVersion, sCAldapURL, +- sVAType, sVACertificateFile, +- sVAOCSPResponderURL, + sDeprecated, sUnsupported + } ServerOpCodes; + diff --git a/sdk_container/src/third_party/portage-stable/net-misc/openssh/files/openssh-5.2_p1-autoconf.patch b/sdk_container/src/third_party/portage-stable/net-misc/openssh/files/openssh-5.2_p1-autoconf.patch new file mode 100644 index 0000000000..24ad7a9cf4 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/net-misc/openssh/files/openssh-5.2_p1-autoconf.patch @@ -0,0 +1,15 @@ +workaround problems with autoconf-2.63 + +http://lists.gnu.org/archive/html/autoconf/2009-04/msg00007.html + +--- a/configure.ac ++++ b/configure.ac +@@ -3603,7 +3603,7 @@ + #include + struct spwd sp; + ],[ sp.sp_expire = sp.sp_lstchg = sp.sp_inact = 0; ], +- [ sp_expire_available=yes ], [] ++ [ sp_expire_available=yes ], [:] + ) + + if test "x$sp_expire_available" = "xyes" ; then diff --git a/sdk_container/src/third_party/portage-stable/net-misc/openssh/files/openssh-5.2_p1-gsskex-fix.patch b/sdk_container/src/third_party/portage-stable/net-misc/openssh/files/openssh-5.2_p1-gsskex-fix.patch new file mode 100644 index 0000000000..8112d6252f --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/net-misc/openssh/files/openssh-5.2_p1-gsskex-fix.patch @@ -0,0 +1,16 @@ +--- clientloop.c ++++ clientloop.c +@@ -1434,11 +1434,13 @@ + if (!rekeying) { + channel_after_select(readset, writeset); + ++#ifdef GSSAPI + if (options.gss_renewal_rekey && + ssh_gssapi_credentials_updated(GSS_C_NO_CONTEXT)) { + debug("credentials updated - forcing rekey"); + need_rekeying = 1; + } ++#endif + + if (need_rekeying || packet_need_rekeying()) { + debug("need rekeying"); diff --git a/sdk_container/src/third_party/portage-stable/net-misc/openssh/files/openssh-5.2_p1-ssh-keysign-readconf.patch b/sdk_container/src/third_party/portage-stable/net-misc/openssh/files/openssh-5.2_p1-ssh-keysign-readconf.patch new file mode 100644 index 0000000000..43f4297e6a --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/net-misc/openssh/files/openssh-5.2_p1-ssh-keysign-readconf.patch @@ -0,0 +1,15 @@ +fix from newer versions for parallel build failures + +http://crosbug.com/31285 + +--- Makefile.in ++++ Makefile.in +@@ -149,7 +149,7 @@ + ssh-keygen$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-keygen.o + $(LD) -o $@ ssh-keygen.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS) + +-ssh-keysign$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-keysign.o ++ssh-keysign$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-keysign.o readconf.o + $(LD) -o $@ ssh-keysign.o readconf.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS) + + ssh-keyscan$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-keyscan.o diff --git a/sdk_container/src/third_party/portage-stable/net-misc/openssh/files/openssh-5.2_p1-x509-hpn-glue.patch b/sdk_container/src/third_party/portage-stable/net-misc/openssh/files/openssh-5.2_p1-x509-hpn-glue.patch new file mode 100644 index 0000000000..9428b74f3c --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/net-misc/openssh/files/openssh-5.2_p1-x509-hpn-glue.patch @@ -0,0 +1,91 @@ +Move things around so hpn applies cleanly when using X509. + +--- openssh-5.2p1+x509/Makefile.in ++++ openssh-5.2p1+x509/Makefile.in +@@ -44,11 +44,12 @@ + CC=@CC@ + LD=@LD@ + CFLAGS=@CFLAGS@ +-CPPFLAGS=-I. -I$(srcdir) @CPPFLAGS@ @LDAP_CPPFLAGS@ $(PATHS) @DEFS@ ++CPPFLAGS=-I. -I$(srcdir) @CPPFLAGS@ $(PATHS) @DEFS@ + LIBS=@LIBS@ + SSHDLIBS=@SSHDLIBS@ + LIBEDIT=@LIBEDIT@ + LIBLDAP=@LDAP_LDFLAGS@ @LDAP_LIBS@ ++CPPFLAGS += @LDAP_CPPFLAGS@ + AR=@AR@ + AWK=@AWK@ + RANLIB=@RANLIB@ +--- openssh-5.2p1+x509/servconf.c ++++ openssh-5.2p1+x509/servconf.c +@@ -108,6 +108,17 @@ + options->log_level = SYSLOG_LEVEL_NOT_SET; + options->rhosts_rsa_authentication = -1; + options->hostbased_authentication = -1; ++ options->hostbased_algorithms = NULL; ++ options->pubkey_algorithms = NULL; ++ ssh_x509flags_initialize(&options->x509flags, 1); ++#ifndef SSH_X509STORE_DISABLED ++ ssh_x509store_initialize(&options->ca); ++#endif /*ndef SSH_X509STORE_DISABLED*/ ++#ifdef SSH_OCSP_ENABLED ++ options->va.type = -1; ++ options->va.certificate_file = NULL; ++ options->va.responder_url = NULL; ++#endif /*def SSH_OCSP_ENABLED*/ + options->hostbased_uses_name_from_packet_only = -1; + options->rsa_authentication = -1; + options->pubkey_authentication = -1; +@@ -152,18 +163,6 @@ + options->adm_forced_command = NULL; + options->chroot_directory = NULL; + options->zero_knowledge_password_authentication = -1; +- +- options->hostbased_algorithms = NULL; +- options->pubkey_algorithms = NULL; +- ssh_x509flags_initialize(&options->x509flags, 1); +-#ifndef SSH_X509STORE_DISABLED +- ssh_x509store_initialize(&options->ca); +-#endif /*ndef SSH_X509STORE_DISABLED*/ +-#ifdef SSH_OCSP_ENABLED +- options->va.type = -1; +- options->va.certificate_file = NULL; +- options->va.responder_url = NULL; +-#endif /*def SSH_OCSP_ENABLED*/ + } + + void +@@ -341,6 +340,16 @@ + /* Portable-specific options */ + sUsePAM, + /* Standard Options */ ++ sHostbasedAlgorithms, ++ sPubkeyAlgorithms, ++ sX509KeyAlgorithm, ++ sAllowedClientCertPurpose, ++ sKeyAllowSelfIssued, sMandatoryCRL, ++ sCACertificateFile, sCACertificatePath, ++ sCARevocationFile, sCARevocationPath, ++ sCAldapVersion, sCAldapURL, ++ sVAType, sVACertificateFile, ++ sVAOCSPResponderURL, + sPort, sHostKeyFile, sServerKeyBits, sLoginGraceTime, sKeyRegenerationTime, + sPermitRootLogin, sLogFacility, sLogLevel, + sRhostsRSAAuthentication, sRSAAuthentication, +@@ -364,16 +373,6 @@ + sMatch, sPermitOpen, sForceCommand, sChrootDirectory, + sUsePrivilegeSeparation, sAllowAgentForwarding, + sZeroKnowledgePasswordAuthentication, +- sHostbasedAlgorithms, +- sPubkeyAlgorithms, +- sX509KeyAlgorithm, +- sAllowedClientCertPurpose, +- sKeyAllowSelfIssued, sMandatoryCRL, +- sCACertificateFile, sCACertificatePath, +- sCARevocationFile, sCARevocationPath, +- sCAldapVersion, sCAldapURL, +- sVAType, sVACertificateFile, +- sVAOCSPResponderURL, + sDeprecated, sUnsupported + } ServerOpCodes; + diff --git a/sdk_container/src/third_party/portage-stable/net-misc/openssh/files/openssh-5.2p1-ldap-stdargs.diff b/sdk_container/src/third_party/portage-stable/net-misc/openssh/files/openssh-5.2p1-ldap-stdargs.diff new file mode 100644 index 0000000000..346d527198 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/net-misc/openssh/files/openssh-5.2p1-ldap-stdargs.diff @@ -0,0 +1,10 @@ +--- ldapauth.c.orig 2009-04-18 18:06:38.000000000 +0200 ++++ ldapauth.c 2009-04-18 18:06:11.000000000 +0200 +@@ -31,6 +31,7 @@ + #include + #include + #include ++#include + + #include "ldapauth.h" + #include "log.h" diff --git a/sdk_container/src/third_party/portage-stable/net-misc/openssh/files/openssh-5.3_p1-pkcs11-hpn-glue.patch b/sdk_container/src/third_party/portage-stable/net-misc/openssh/files/openssh-5.3_p1-pkcs11-hpn-glue.patch new file mode 100644 index 0000000000..0aee2e8490 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/net-misc/openssh/files/openssh-5.3_p1-pkcs11-hpn-glue.patch @@ -0,0 +1,15 @@ +diff -Nuar openssh-5.3p1/Makefile.in openssh-5.3p1.pkcs-hpn-glue/Makefile.in +--- openssh-5.3p1/Makefile.in 2009-10-10 22:52:10.081356354 -0700 ++++ openssh-5.3p1.pkcs-hpn-glue/Makefile.in 2009-10-10 22:55:47.158418049 -0700 +@@ -64,10 +64,10 @@ + + LIBSSH_OBJS=acss.o authfd.o authfile.o bufaux.o bufbn.o buffer.o \ + canohost.o channels.o cipher.o cipher-acss.o cipher-aes.o \ +- pkcs11.o \ + cipher-bf1.o cipher-ctr.o cipher-3des1.o cleanup.o \ + compat.o compress.o crc32.o deattack.o fatal.o hostfile.o \ + log.o match.o md-sha256.o moduli.o nchan.o packet.o \ ++ pkcs11.o \ + readpass.o rsa.o ttymodes.o xmalloc.o addrmatch.o \ + atomicio.o key.o dispatch.o kex.o mac.o uidswap.o uuencode.o misc.o \ + monitor_fdpass.o rijndael.o ssh-dss.o ssh-rsa.o dh.o kexdh.o \ diff --git a/sdk_container/src/third_party/portage-stable/net-misc/openssh/files/openssh-5.4_p1-openssl.patch b/sdk_container/src/third_party/portage-stable/net-misc/openssh/files/openssh-5.4_p1-openssl.patch new file mode 100644 index 0000000000..e4cdb63a26 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/net-misc/openssh/files/openssh-5.4_p1-openssl.patch @@ -0,0 +1,12 @@ +pull in openssl/conf.h for OPENSSL_config() prototype + +--- openbsd-compat/openssl-compat.c ++++ openbsd-compat/openssl-compat.c +@@ -59,6 +59,7 @@ + #endif + + #ifdef USE_OPENSSL_ENGINE ++#include + void + ssh_SSLeay_add_all_algorithms(void) + { diff --git a/sdk_container/src/third_party/portage-stable/net-misc/openssh/files/openssh-5.6_p1-hpn-progressmeter.patch b/sdk_container/src/third_party/portage-stable/net-misc/openssh/files/openssh-5.6_p1-hpn-progressmeter.patch new file mode 100644 index 0000000000..5fe18dfc9a --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/net-misc/openssh/files/openssh-5.6_p1-hpn-progressmeter.patch @@ -0,0 +1,15 @@ +don't go reading random stack values + +already e-mailed to upstream hpn devs + +--- progressmeter.c ++++ progressmeter.c +@@ -183,7 +183,7 @@ + else + percent = 100; + +- snprintf(buf + strlen(buf), win_size - strlen(buf-8), ++ snprintf(buf + strlen(buf), win_size - strlen(buf) - 8, + " %3d%% ", percent); + + /* amount transferred */ diff --git a/sdk_container/src/third_party/portage-stable/net-misc/openssh/files/openssh-5.6_p1-x509-hpn-glue.patch b/sdk_container/src/third_party/portage-stable/net-misc/openssh/files/openssh-5.6_p1-x509-hpn-glue.patch new file mode 100644 index 0000000000..e793311f5f --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/net-misc/openssh/files/openssh-5.6_p1-x509-hpn-glue.patch @@ -0,0 +1,60 @@ +Move things around so hpn applies cleanly when using X509. + +--- a/Makefile.in ++++ b/Makefile.in +@@ -46,11 +46,12 @@ + CC=@CC@ + LD=@LD@ + CFLAGS=@CFLAGS@ +-CPPFLAGS=-I. -I$(srcdir) @CPPFLAGS@ @LDAP_CPPFLAGS@ $(PATHS) @DEFS@ ++CPPFLAGS=-I. -I$(srcdir) @CPPFLAGS@ $(PATHS) @DEFS@ + LIBS=@LIBS@ + SSHDLIBS=@SSHDLIBS@ + LIBEDIT=@LIBEDIT@ + LIBLDAP=@LDAP_LDFLAGS@ @LDAP_LIBS@ ++CPPFLAGS+=@LDAP_CPPFLAGS@ + AR=@AR@ + AWK=@AWK@ + RANLIB=@RANLIB@ +--- a/servconf.c ++++ b/servconf.c +@@ -153,9 +153,6 @@ initialize_server_options(ServerOptions *options) + options->adm_forced_command = NULL; + options->chroot_directory = NULL; + options->zero_knowledge_password_authentication = -1; +- options->revoked_keys_file = NULL; +- options->trusted_user_ca_keys = NULL; +- options->authorized_principals_file = NULL; + + options->hostbased_algorithms = NULL; + options->pubkey_algorithms = NULL; +@@ -168,6 +165,9 @@ initialize_server_options(ServerOptions *options) + options->va.certificate_file = NULL; + options->va.responder_url = NULL; + #endif /*def SSH_OCSP_ENABLED*/ ++ options->revoked_keys_file = NULL; ++ options->trusted_user_ca_keys = NULL; ++ options->authorized_principals_file = NULL; + } + + void +@@ -367,9 +367,6 @@ typedef enum { + sClientAliveCountMax, sAuthorizedKeysFile, sAuthorizedKeysFile2, + sGssAuthentication, sGssCleanupCreds, sAcceptEnv, sPermitTunnel, + sMatch, sPermitOpen, sForceCommand, sChrootDirectory, +- sUsePrivilegeSeparation, sAllowAgentForwarding, +- sZeroKnowledgePasswordAuthentication, sHostCertificate, +- sRevokedKeys, sTrustedUserCAKeys, sAuthorizedPrincipalsFile, + sHostbasedAlgorithms, + sPubkeyAlgorithms, + sX509KeyAlgorithm, +@@ -380,6 +377,9 @@ typedef enum { + sCAldapVersion, sCAldapURL, + sVAType, sVACertificateFile, + sVAOCSPResponderURL, ++ sUsePrivilegeSeparation, sAllowAgentForwarding, ++ sZeroKnowledgePasswordAuthentication, sHostCertificate, ++ sRevokedKeys, sTrustedUserCAKeys, sAuthorizedPrincipalsFile, + sDeprecated, sUnsupported + } ServerOpCodes; + diff --git a/sdk_container/src/third_party/portage-stable/net-misc/openssh/files/openssh-5.7_p1-x509-hpn-glue.patch b/sdk_container/src/third_party/portage-stable/net-misc/openssh/files/openssh-5.7_p1-x509-hpn-glue.patch new file mode 100644 index 0000000000..ee3e757476 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/net-misc/openssh/files/openssh-5.7_p1-x509-hpn-glue.patch @@ -0,0 +1,60 @@ +Move things around so hpn applies cleanly when using X509. + +--- a/Makefile.in ++++ b/Makefile.in +@@ -46,11 +46,12 @@ + CC=@CC@ + LD=@LD@ + CFLAGS=@CFLAGS@ +-CPPFLAGS=-I. -I$(srcdir) @CPPFLAGS@ @LDAP_CPPFLAGS@ $(PATHS) @DEFS@ ++CPPFLAGS=-I. -I$(srcdir) @CPPFLAGS@ $(PATHS) @DEFS@ + LIBS=@LIBS@ + SSHDLIBS=@SSHDLIBS@ + LIBEDIT=@LIBEDIT@ + LIBLDAP=@LDAP_LDFLAGS@ @LDAP_LIBS@ ++CPPFLAGS+=@LDAP_CPPFLAGS@ + AR=@AR@ + AWK=@AWK@ + RANLIB=@RANLIB@ +--- a/servconf.c ++++ b/servconf.c +@@ -153,9 +153,6 @@ initialize_server_options(ServerOptions *options) + options->zero_knowledge_password_authentication = -1; + options->revoked_keys_file = NULL; + options->trusted_user_ca_keys = NULL; +- options->authorized_principals_file = NULL; +- options->ip_qos_interactive = -1; +- options->ip_qos_bulk = -1; + + options->hostbased_algorithms = NULL; + options->pubkey_algorithms = NULL; +@@ -168,6 +165,9 @@ initialize_server_options(ServerOptions *options) + options->va.certificate_file = NULL; + options->va.responder_url = NULL; + #endif /*def SSH_OCSP_ENABLED*/ ++ options->authorized_principals_file = NULL; ++ options->ip_qos_interactive = -1; ++ options->ip_qos_bulk = -1; + } + + void +@@ -367,9 +367,6 @@ typedef enum { + sGssAuthentication, sGssCleanupCreds, sAcceptEnv, sPermitTunnel, + sMatch, sPermitOpen, sForceCommand, sChrootDirectory, + sUsePrivilegeSeparation, sAllowAgentForwarding, +- sZeroKnowledgePasswordAuthentication, sHostCertificate, +- sRevokedKeys, sTrustedUserCAKeys, sAuthorizedPrincipalsFile, +- sKexAlgorithms, sIPQoS, + sHostbasedAlgorithms, + sPubkeyAlgorithms, + sX509KeyAlgorithm, +@@ -380,6 +377,9 @@ typedef enum { + sCAldapVersion, sCAldapURL, + sVAType, sVACertificateFile, + sVAOCSPResponderURL, ++ sZeroKnowledgePasswordAuthentication, sHostCertificate, ++ sRevokedKeys, sTrustedUserCAKeys, sAuthorizedPrincipalsFile, ++ sKexAlgorithms, sIPQoS, + sDeprecated, sUnsupported + } ServerOpCodes; + diff --git a/sdk_container/src/third_party/portage-stable/net-misc/openssh/files/openssh-5.8_p1-selinux.patch b/sdk_container/src/third_party/portage-stable/net-misc/openssh/files/openssh-5.8_p1-selinux.patch new file mode 100644 index 0000000000..7be2879f9a --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/net-misc/openssh/files/openssh-5.8_p1-selinux.patch @@ -0,0 +1,18 @@ +http://bugs.gentoo.org/354247 + +[openbsd-compat/port-linux.c] Bug #1851: fix syntax error in + selinux code. Patch from Leonardo Chiquitto. + +/* $Id: openssh-5.8_p1-selinux.patch,v 1.1 2011/02/10 02:44:53 vapier Exp $ */ + +--- a/openbsd-compat/port-linux.c ++++ b/openbsd-compat/port-linux.c +@@ -213,7 +213,7 @@ + + if (!ssh_selinux_enabled()) + return; +- if (path == NULL) ++ if (path == NULL) { + setfscreatecon(NULL); + return; + } diff --git a/sdk_container/src/third_party/portage-stable/net-misc/openssh/files/openssh-5.8_p1-x509-hpn-glue.patch b/sdk_container/src/third_party/portage-stable/net-misc/openssh/files/openssh-5.8_p1-x509-hpn-glue.patch new file mode 100644 index 0000000000..74d06c79c0 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/net-misc/openssh/files/openssh-5.8_p1-x509-hpn-glue.patch @@ -0,0 +1,61 @@ +Move things around so hpn applies cleanly when using X509. + +--- a/Makefile.in ++++ b/Makefile.in +@@ -46,12 +46,13 @@ + CC=@CC@ + LD=@LD@ + CFLAGS=@CFLAGS@ +-CPPFLAGS=-I. -I$(srcdir) @CPPFLAGS@ @LDAP_CPPFLAGS@ $(PATHS) @DEFS@ ++CPPFLAGS=-I. -I$(srcdir) @CPPFLAGS@ $(PATHS) @DEFS@ + LIBS=@LIBS@ + SSHLIBS=@SSHLIBS@ + SSHDLIBS=@SSHDLIBS@ + LIBEDIT=@LIBEDIT@ + LIBLDAP=@LDAP_LDFLAGS@ @LDAP_LIBS@ ++CPPFLAGS+=@LDAP_CPPFLAGS@ + AR=@AR@ + AWK=@AWK@ + RANLIB=@RANLIB@ +--- a/servconf.c ++++ b/servconf.c +@@ -153,9 +153,6 @@ initialize_server_options(ServerOptions *options) + options->zero_knowledge_password_authentication = -1; + options->revoked_keys_file = NULL; + options->trusted_user_ca_keys = NULL; +- options->authorized_principals_file = NULL; +- options->ip_qos_interactive = -1; +- options->ip_qos_bulk = -1; + + options->hostbased_algorithms = NULL; + options->pubkey_algorithms = NULL; +@@ -168,6 +165,9 @@ initialize_server_options(ServerOptions *options) + options->va.certificate_file = NULL; + options->va.responder_url = NULL; + #endif /*def SSH_OCSP_ENABLED*/ ++ options->authorized_principals_file = NULL; ++ options->ip_qos_interactive = -1; ++ options->ip_qos_bulk = -1; + } + + void +@@ -367,9 +367,6 @@ typedef enum { + sGssAuthentication, sGssCleanupCreds, sAcceptEnv, sPermitTunnel, + sMatch, sPermitOpen, sForceCommand, sChrootDirectory, + sUsePrivilegeSeparation, sAllowAgentForwarding, +- sZeroKnowledgePasswordAuthentication, sHostCertificate, +- sRevokedKeys, sTrustedUserCAKeys, sAuthorizedPrincipalsFile, +- sKexAlgorithms, sIPQoS, + sHostbasedAlgorithms, + sPubkeyAlgorithms, + sX509KeyAlgorithm, +@@ -380,6 +377,9 @@ typedef enum { + sCAldapVersion, sCAldapURL, + sVAType, sVACertificateFile, + sVAOCSPResponderURL, ++ sZeroKnowledgePasswordAuthentication, sHostCertificate, ++ sRevokedKeys, sTrustedUserCAKeys, sAuthorizedPrincipalsFile, ++ sKexAlgorithms, sIPQoS, + sDeprecated, sUnsupported + } ServerOpCodes; + diff --git a/sdk_container/src/third_party/portage-stable/net-misc/openssh/files/openssh-5.9_p1-drop-openssl-check.patch b/sdk_container/src/third_party/portage-stable/net-misc/openssh/files/openssh-5.9_p1-drop-openssl-check.patch new file mode 100644 index 0000000000..eb621abb17 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/net-misc/openssh/files/openssh-5.9_p1-drop-openssl-check.patch @@ -0,0 +1,25 @@ +newer versions of openssl have started to be compatible across minor versions +too, so this sanity check fails. since we already handle compatibility with +openssl via SONAME checks, we don't need this openssh check at all. + +http://marc.info/?l=openssl-dev&m=133176786215023&w=2 + +--- a/entropy.c ++++ b/entropy.c +@@ -208,16 +208,7 @@ seed_rng(void) + { + #ifndef OPENSSL_PRNG_ONLY + unsigned char buf[RANDOM_SEED_SIZE]; +-#endif +- /* +- * OpenSSL version numbers: MNNFFPPS: major minor fix patch status +- * We match major, minor, fix and status (not patch) +- */ +- if ((SSLeay() ^ OPENSSL_VERSION_NUMBER) & ~0xff0L) +- fatal("OpenSSL version mismatch. Built against %lx, you " +- "have %lx", (u_long)OPENSSL_VERSION_NUMBER, SSLeay()); + +-#ifndef OPENSSL_PRNG_ONLY + if (RAND_status() == 1) { + debug3("RNG is ready, skipping seeding"); + return; diff --git a/sdk_container/src/third_party/portage-stable/net-misc/openssh/files/openssh-5.9_p1-sshd-gssapi-multihomed.patch b/sdk_container/src/third_party/portage-stable/net-misc/openssh/files/openssh-5.9_p1-sshd-gssapi-multihomed.patch new file mode 100644 index 0000000000..6377d0362f --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/net-misc/openssh/files/openssh-5.9_p1-sshd-gssapi-multihomed.patch @@ -0,0 +1,184 @@ +Index: gss-serv.c +=================================================================== +RCS file: /cvs/src/usr.bin/ssh/gss-serv.c,v +retrieving revision 1.22 +diff -u -p -r1.22 gss-serv.c +--- gss-serv.c 8 May 2008 12:02:23 -0000 1.22 ++++ gss-serv.c 11 Jan 2010 05:38:29 -0000 +@@ -41,9 +41,12 @@ + #include "channels.h" + #include "session.h" + #include "misc.h" ++#include "servconf.h" + + #include "ssh-gss.h" + ++extern ServerOptions options; ++ + static ssh_gssapi_client gssapi_client = + { GSS_C_EMPTY_BUFFER, GSS_C_EMPTY_BUFFER, + GSS_C_NO_CREDENTIAL, NULL, {NULL, NULL, NULL}}; +@@ -77,25 +80,32 @@ ssh_gssapi_acquire_cred(Gssctxt *ctx) + char lname[MAXHOSTNAMELEN]; + gss_OID_set oidset; + +- gss_create_empty_oid_set(&status, &oidset); +- gss_add_oid_set_member(&status, ctx->oid, &oidset); +- +- if (gethostname(lname, MAXHOSTNAMELEN)) { +- gss_release_oid_set(&status, &oidset); +- return (-1); +- } ++ if (options.gss_strict_acceptor) { ++ gss_create_empty_oid_set(&status, &oidset); ++ gss_add_oid_set_member(&status, ctx->oid, &oidset); ++ ++ if (gethostname(lname, MAXHOSTNAMELEN)) { ++ gss_release_oid_set(&status, &oidset); ++ return (-1); ++ } ++ ++ if (GSS_ERROR(ssh_gssapi_import_name(ctx, lname))) { ++ gss_release_oid_set(&status, &oidset); ++ return (ctx->major); ++ } ++ ++ if ((ctx->major = gss_acquire_cred(&ctx->minor, ++ ctx->name, 0, oidset, GSS_C_ACCEPT, &ctx->creds, ++ NULL, NULL))) ++ ssh_gssapi_error(ctx); + +- if (GSS_ERROR(ssh_gssapi_import_name(ctx, lname))) { + gss_release_oid_set(&status, &oidset); + return (ctx->major); ++ } else { ++ ctx->name = GSS_C_NO_NAME; ++ ctx->creds = GSS_C_NO_CREDENTIAL; + } +- +- if ((ctx->major = gss_acquire_cred(&ctx->minor, +- ctx->name, 0, oidset, GSS_C_ACCEPT, &ctx->creds, NULL, NULL))) +- ssh_gssapi_error(ctx); +- +- gss_release_oid_set(&status, &oidset); +- return (ctx->major); ++ return GSS_S_COMPLETE; + } + + /* Privileged */ +Index: servconf.c +=================================================================== +RCS file: /cvs/src/usr.bin/ssh/servconf.c,v +retrieving revision 1.201 +diff -u -p -r1.201 servconf.c +--- servconf.c 10 Jan 2010 03:51:17 -0000 1.201 ++++ servconf.c 11 Jan 2010 05:34:56 -0000 +@@ -86,6 +86,7 @@ initialize_server_options(ServerOptions + options->kerberos_get_afs_token = -1; + options->gss_authentication=-1; + options->gss_cleanup_creds = -1; ++ options->gss_strict_acceptor = -1; + options->password_authentication = -1; + options->kbd_interactive_authentication = -1; + options->challenge_response_authentication = -1; +@@ -200,6 +201,8 @@ fill_default_server_options(ServerOption + options->gss_authentication = 0; + if (options->gss_cleanup_creds == -1) + options->gss_cleanup_creds = 1; ++ if (options->gss_strict_acceptor == -1) ++ options->gss_strict_acceptor = 0; + if (options->password_authentication == -1) + options->password_authentication = 1; + if (options->kbd_interactive_authentication == -1) +@@ -277,7 +280,8 @@ typedef enum { + sBanner, sUseDNS, sHostbasedAuthentication, + sHostbasedUsesNameFromPacketOnly, sClientAliveInterval, + sClientAliveCountMax, sAuthorizedKeysFile, +- sGssAuthentication, sGssCleanupCreds, sAcceptEnv, sPermitTunnel, ++ sGssAuthentication, sGssCleanupCreds, sGssStrictAcceptor, ++ sAcceptEnv, sPermitTunnel, + sMatch, sPermitOpen, sForceCommand, sChrootDirectory, + sUsePrivilegeSeparation, sAllowAgentForwarding, + sZeroKnowledgePasswordAuthentication, sHostCertificate, +@@ -327,9 +331,11 @@ static struct { + #ifdef GSSAPI + { "gssapiauthentication", sGssAuthentication, SSHCFG_ALL }, + { "gssapicleanupcredentials", sGssCleanupCreds, SSHCFG_GLOBAL }, ++ { "gssapistrictacceptorcheck", sGssStrictAcceptor, SSHCFG_GLOBAL }, + #else + { "gssapiauthentication", sUnsupported, SSHCFG_ALL }, + { "gssapicleanupcredentials", sUnsupported, SSHCFG_GLOBAL }, ++ { "gssapistrictacceptorcheck", sUnsupported, SSHCFG_GLOBAL }, + #endif + { "passwordauthentication", sPasswordAuthentication, SSHCFG_ALL }, + { "kbdinteractiveauthentication", sKbdInteractiveAuthentication, SSHCFG_ALL }, +@@ -850,6 +856,10 @@ process_server_config_line(ServerOptions + + case sGssCleanupCreds: + intptr = &options->gss_cleanup_creds; ++ goto parse_flag; ++ ++ case sGssStrictAcceptor: ++ intptr = &options->gss_strict_acceptor; + goto parse_flag; + + case sPasswordAuthentication: +Index: servconf.h +=================================================================== +RCS file: /cvs/src/usr.bin/ssh/servconf.h,v +retrieving revision 1.89 +diff -u -p -r1.89 servconf.h +--- servconf.h 9 Jan 2010 23:04:13 -0000 1.89 ++++ servconf.h 11 Jan 2010 05:32:28 -0000 +@@ -92,6 +92,7 @@ typedef struct { + * authenticated with Kerberos. */ + int gss_authentication; /* If true, permit GSSAPI authentication */ + int gss_cleanup_creds; /* If true, destroy cred cache on logout */ ++ int gss_strict_acceptor; /* If true, restrict the GSSAPI acceptor name */ + int password_authentication; /* If true, permit password + * authentication. */ + int kbd_interactive_authentication; /* If true, permit */ +Index: sshd_config +=================================================================== +RCS file: /cvs/src/usr.bin/ssh/sshd_config,v +retrieving revision 1.81 +diff -u -p -r1.81 sshd_config +--- sshd_config 8 Oct 2009 14:03:41 -0000 1.81 ++++ sshd_config 11 Jan 2010 05:32:28 -0000 +@@ -69,6 +69,7 @@ + # GSSAPI options + #GSSAPIAuthentication no + #GSSAPICleanupCredentials yes ++#GSSAPIStrictAcceptorCheck yes + + # Set this to 'yes' to enable PAM authentication, account processing, + # and session processing. If this is enabled, PAM authentication will +Index: sshd_config.5 +=================================================================== +RCS file: /cvs/src/usr.bin/ssh/sshd_config.5,v +retrieving revision 1.116 +diff -u -p -r1.116 sshd_config.5 +--- sshd_config.5 9 Jan 2010 23:04:13 -0000 1.116 ++++ sshd_config.5 11 Jan 2010 05:37:20 -0000 +@@ -386,6 +386,21 @@ on logout. + The default is + .Dq yes . + Note that this option applies to protocol version 2 only. ++.It Cm GSSAPIStrictAcceptorCheck ++Determines whether to be strict about the identity of the GSSAPI acceptor ++a client authenticates against. ++If set to ++.Dq yes ++then the client must authenticate against the ++.Pa host ++service on the current hostname. ++If set to ++.Dq no ++then the client may authenticate against any service key stored in the ++machine's default store. ++This facility is provided to assist with operation on multi homed machines. ++The default is ++.Dq yes . + .It Cm HostbasedAuthentication + Specifies whether rhosts or /etc/hosts.equiv authentication together + with successful public key client host authentication is allowed diff --git a/sdk_container/src/third_party/portage-stable/net-misc/openssh/files/openssh-5.9_p1-x509-glue.patch b/sdk_container/src/third_party/portage-stable/net-misc/openssh/files/openssh-5.9_p1-x509-glue.patch new file mode 100644 index 0000000000..6fbb88b671 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/net-misc/openssh/files/openssh-5.9_p1-x509-glue.patch @@ -0,0 +1,15 @@ +make x509 apply after openssh-5.9_p1-sshd-gssapi-multihomed.patch + +--- openssh-5.9p1+x509-7.0.diff ++++ openssh-5.9p1+x509-7.0.diff +@@ -11995,9 +11995,9 @@ + Specifies whether challenge-response authentication is allowed (e.g. via + PAM or though authentication styles supported in + @@ -430,6 +507,16 @@ ++ This facility is provided to assist with operation on multi homed machines. + The default is + .Dq yes . +- Note that this option applies to protocol version 2 only. + +.It Cm HostbasedAlgorithms + +Specifies the protocol version 2 algorithms used in + +.Dq hostbased diff --git a/sdk_container/src/third_party/portage-stable/net-misc/openssh/files/openssh-6.0_p1-fix-freebsd-compilation.patch b/sdk_container/src/third_party/portage-stable/net-misc/openssh/files/openssh-6.0_p1-fix-freebsd-compilation.patch new file mode 100644 index 0000000000..3b34cd2e35 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/net-misc/openssh/files/openssh-6.0_p1-fix-freebsd-compilation.patch @@ -0,0 +1,15 @@ +diff --git a/configure.ac b/configure.ac +index 2b60300..21b6112 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -725,6 +725,10 @@ mips-sony-bsd|mips-sony-newsos4) + AC_CHECK_HEADER([net/if_tap.h], , + AC_DEFINE([SSH_TUN_NO_L2], [1], [No layer 2 tunnel support])) + AC_DEFINE([BROKEN_GLOB], [1], [FreeBSD glob does not do what we need]) ++ AC_DEFINE([DISABLE_UTMP], [1], ++ [Define if you don't want to use utmp]) ++ AC_DEFINE([DISABLE_WTMP], [1], ++ [Define if you don't want to use wtmp]) + ;; + *-*-bsdi*) + AC_DEFINE([SETEUID_BREAKS_SETUID]) diff --git a/sdk_container/src/third_party/portage-stable/net-misc/openssh/files/openssh-6.0_p1-hpn-progressmeter.patch b/sdk_container/src/third_party/portage-stable/net-misc/openssh/files/openssh-6.0_p1-hpn-progressmeter.patch new file mode 100644 index 0000000000..56805d12a9 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/net-misc/openssh/files/openssh-6.0_p1-hpn-progressmeter.patch @@ -0,0 +1,15 @@ +don't go reading random stack values + +already e-mailed to upstream hpn devs + +--- progressmeter.c ++++ progressmeter.c +@@ -183,7 +183,7 @@ + percent = ((float)cur_pos / end_pos) * 100; + else + percent = 100; +- snprintf(buf + strlen(buf), win_size - strlen(buf-8), ++ snprintf(buf + strlen(buf), win_size - strlen(buf) - 8, + " %3d%% ", percent); + + /* amount transferred */ diff --git a/sdk_container/src/third_party/portage-stable/net-misc/openssh/files/openssh-6.0_p1-test.patch b/sdk_container/src/third_party/portage-stable/net-misc/openssh/files/openssh-6.0_p1-test.patch new file mode 100644 index 0000000000..8b988aed9b --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/net-misc/openssh/files/openssh-6.0_p1-test.patch @@ -0,0 +1,19 @@ +changeset: 10701:b159befd3104 +tag: tip +user: Mike Frysinger +date: Sun Apr 29 00:26:33 2012 -0400 +summary: use = with `test`, not == + +diff -r d8a3ea854288 -r b159befd3104 configure.ac +--- a/configure.ac Fri Apr 27 00:55:42 2012 +0000 ++++ b/configure.ac Sun Apr 29 00:26:33 2012 -0400 +@@ -2591,7 +2591,7 @@ + AC_DEFINE([SANDBOX_DARWIN], [1], [Sandbox using Darwin sandbox_init(3)]) + elif test "x$sandbox_arg" = "xseccomp_filter" || \ + ( test -z "$sandbox_arg" && \ +- test "x$have_seccomp_filter" == "x1" && \ ++ test "x$have_seccomp_filter" = "x1" && \ + test "x$ac_cv_header_linux_audit_h" = "xyes" && \ + test "x$have_seccomp_audit_arch" = "x1" && \ + test "x$have_linux_no_new_privs" = "x1" && \ + diff --git a/sdk_container/src/third_party/portage-stable/net-misc/openssh/files/openssh-6.0_p1-x509-glue.patch b/sdk_container/src/third_party/portage-stable/net-misc/openssh/files/openssh-6.0_p1-x509-glue.patch new file mode 100644 index 0000000000..3633a2af60 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/net-misc/openssh/files/openssh-6.0_p1-x509-glue.patch @@ -0,0 +1,15 @@ +make x509 apply after openssh-5.9_p1-sshd-gssapi-multihomed.patch + +--- openssh-6.0p1+x509-7.1.diff ++++ openssh-6.0p1+x509-7.1.diff +@@ -13502,9 +13502,9 @@ + Specifies whether challenge-response authentication is allowed (e.g. via + PAM or though authentication styles supported in + @@ -430,6 +507,16 @@ ++ This facility is provided to assist with operation on multi homed machines. + The default is + .Dq yes . +- Note that this option applies to protocol version 2 only. + +.It Cm HostbasedAlgorithms + +Specifies the protocol version 2 algorithms used in + +.Dq hostbased diff --git a/sdk_container/src/third_party/portage-stable/net-misc/openssh/files/openssh-6.0_p1-x509-hpn-glue.patch b/sdk_container/src/third_party/portage-stable/net-misc/openssh/files/openssh-6.0_p1-x509-hpn-glue.patch new file mode 100644 index 0000000000..9e3dfdbe3e --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/net-misc/openssh/files/openssh-6.0_p1-x509-hpn-glue.patch @@ -0,0 +1,57 @@ +diff --git a/Makefile.in b/Makefile.in +index ecb45cd..7834fb1 100644 +--- a/Makefile.in ++++ b/Makefile.in +@@ -45,12 +45,13 @@ FIPSLD_CC=@FIPSLD_CC@ + CC=@CC@ + LD=@LD@ + CFLAGS=@CFLAGS@ +-CPPFLAGS=-I. -I$(srcdir) @CPPFLAGS@ @LDAP_CPPFLAGS@ $(PATHS) @DEFS@ ++CPPFLAGS=-I. -I$(srcdir) @CPPFLAGS@ $(PATHS) @DEFS@ + LIBS=@LIBS@ + SSHLIBS=@SSHLIBS@ + SSHDLIBS=@SSHDLIBS@ + LIBEDIT=@LIBEDIT@ + LIBLDAP=@LDAP_LDFLAGS@ @LDAP_LIBS@ ++CPPFLAGS+=@LDAP_CPPFLAGS@ + AR=@AR@ + AWK=@AWK@ + RANLIB=@RANLIB@ +diff --git a/sshconnect.c b/sshconnect.c +index 19a2b06..dd75f78 100644 +--- a/sshconnect.c ++++ b/sshconnect.c +@@ -580,7 +580,7 @@ ssh_exchange_identification(int timeout_ms) + snprintf(buf, sizeof buf, "SSH-%d.%d-%.100s%s", + compat20 ? PROTOCOL_MAJOR_2 : PROTOCOL_MAJOR_1, + compat20 ? PROTOCOL_MINOR_2 : minor1, +- SSH_VERSION, compat20 ? " PKIX\r\n" : "\n"); ++ SSH_VERSION, compat20 ? "\r\n" : "\n"); + if (roaming_atomicio(vwrite, connection_out, buf, strlen(buf)) + != strlen(buf)) + fatal("write: %.100s", strerror(errno)); +diff --git a/sshd.c b/sshd.c +index a5c437d..a1105a0 100644 +--- a/sshd.c ++++ b/sshd.c +@@ -428,8 +428,8 @@ sshd_exchange_identification(int sock_in, int sock_out) + minor = PROTOCOL_MINOR_1; + comment = ""; + } +- snprintf(buf, sizeof buf, "SSH-%d.%d-%.100s%s%s", major, minor, +- SSH_VERSION, comment, newline); ++ snprintf(buf, sizeof buf, "SSH-%d.%d-%.100s%s", major, minor, ++ SSH_VERSION, newline); + server_version_string = xstrdup(buf); + + /* Send our protocol version identification. */ +diff --git a/version.h b/version.h +index 78983d9..ec1746d 100644 +--- a/version.h ++++ b/version.h +@@ -3,4 +3,5 @@ + #define SSH_VERSION "OpenSSH_6.0" + + #define SSH_PORTABLE "p1" ++#define SSH_X509 " PKIX" + #define SSH_RELEASE SSH_VERSION SSH_PORTABLE diff --git a/sdk_container/src/third_party/portage-stable/net-misc/openssh/files/openssh-6.1_p1-x509-glue.patch b/sdk_container/src/third_party/portage-stable/net-misc/openssh/files/openssh-6.1_p1-x509-glue.patch new file mode 100644 index 0000000000..e6db835d1a --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/net-misc/openssh/files/openssh-6.1_p1-x509-glue.patch @@ -0,0 +1,15 @@ +make x509 apply after openssh-5.9_p1-sshd-gssapi-multihomed.patch + +--- openssh-6.1p1+x509-7.2.1.diff ++++ openssh-6.1p1+x509-7.2.1.diff +@@ -13502,9 +13502,9 @@ + Specifies whether challenge-response authentication is allowed (e.g. via + PAM or though authentication styles supported in + @@ -432,6 +509,16 @@ ++ This facility is provided to assist with operation on multi homed machines. + The default is + .Dq yes . +- Note that this option applies to protocol version 2 only. + +.It Cm HostbasedAlgorithms + +Specifies the protocol version 2 algorithms used in + +.Dq hostbased diff --git a/sdk_container/src/third_party/portage-stable/net-misc/openssh/files/openssh-6.1_p1-x509-hpn-glue.patch b/sdk_container/src/third_party/portage-stable/net-misc/openssh/files/openssh-6.1_p1-x509-hpn-glue.patch new file mode 100644 index 0000000000..5d69a50bc7 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/net-misc/openssh/files/openssh-6.1_p1-x509-hpn-glue.patch @@ -0,0 +1,49 @@ +--- a/Makefile.in ++++ b/Makefile.in +@@ -45,12 +45,13 @@ FIPSLD_CC=@FIPSLD_CC@ + CC=@CC@ + LD=@LD@ + CFLAGS=@CFLAGS@ +-CPPFLAGS=-I. -I$(srcdir) @CPPFLAGS@ @LDAP_CPPFLAGS@ $(PATHS) @DEFS@ ++CPPFLAGS=-I. -I$(srcdir) @CPPFLAGS@ $(PATHS) @DEFS@ + LIBS=@LIBS@ + SSHLIBS=@SSHLIBS@ + SSHDLIBS=@SSHDLIBS@ + LIBEDIT=@LIBEDIT@ + LIBLDAP=@LDAP_LDFLAGS@ @LDAP_LIBS@ ++CPPFLAGS+=@LDAP_CPPFLAGS@ + AR=@AR@ + AWK=@AWK@ + RANLIB=@RANLIB@ +--- a/sshconnect.c ++++ b/sshconnect.c +@@ -580,7 +580,7 @@ ssh_exchange_identification(int timeout_ms) + snprintf(buf, sizeof buf, "SSH-%d.%d-%.100s%s", + compat20 ? PROTOCOL_MAJOR_2 : PROTOCOL_MAJOR_1, + compat20 ? PROTOCOL_MINOR_2 : minor1, +- SSH_VERSION, compat20 ? " PKIX\r\n" : "\n"); ++ SSH_VERSION, compat20 ? "\r\n" : "\n"); + if (roaming_atomicio(vwrite, connection_out, buf, strlen(buf)) + != strlen(buf)) + fatal("write: %.100s", strerror(errno)); +--- a/sshd.c ++++ b/sshd.c +@@ -428,8 +428,8 @@ sshd_exchange_identification(int sock_in, int sock_out) + comment = ""; + } + +- xasprintf(&server_version_string, "SSH-%d.%d-%.100s%s%s%s%s", ++ xasprintf(&server_version_string, "SSH-%d.%d-%.100s%s%s%s", +- major, minor, SSH_VERSION, comment, ++ major, minor, SSH_VERSION, + *options.version_addendum == '\0' ? "" : " ", + options.version_addendum, newline); + +--- a/version.h ++++ b/version.h +@@ -3,4 +3,5 @@ + #define SSH_VERSION "OpenSSH_6.0" + + #define SSH_PORTABLE "p1" ++#define SSH_X509 " PKIX" + #define SSH_RELEASE SSH_VERSION SSH_PORTABLE diff --git a/sdk_container/src/third_party/portage-stable/net-misc/openssh/files/sshd.confd b/sdk_container/src/third_party/portage-stable/net-misc/openssh/files/sshd.confd new file mode 100644 index 0000000000..28952b4a28 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/net-misc/openssh/files/sshd.confd @@ -0,0 +1,21 @@ +# /etc/conf.d/sshd: config file for /etc/init.d/sshd + +# Where is your sshd_config file stored? + +SSHD_CONFDIR="/etc/ssh" + + +# Any random options you want to pass to sshd. +# See the sshd(8) manpage for more info. + +SSHD_OPTS="" + + +# Pid file to use (needs to be absolute path). + +#SSHD_PIDFILE="/var/run/sshd.pid" + + +# Path to the sshd binary (needs to be absolute path). + +#SSHD_BINARY="/usr/sbin/sshd" diff --git a/sdk_container/src/third_party/portage-stable/net-misc/openssh/files/sshd.pam b/sdk_container/src/third_party/portage-stable/net-misc/openssh/files/sshd.pam new file mode 100644 index 0000000000..5114940251 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/net-misc/openssh/files/sshd.pam @@ -0,0 +1,9 @@ +#%PAM-1.0 + +auth required pam_stack.so service=system-auth +auth required pam_shells.so +auth required pam_nologin.so +account required pam_stack.so service=system-auth +password required pam_stack.so service=system-auth +session required pam_stack.so service=system-auth + diff --git a/sdk_container/src/third_party/portage-stable/net-misc/openssh/files/sshd.pam_include.2 b/sdk_container/src/third_party/portage-stable/net-misc/openssh/files/sshd.pam_include.2 new file mode 100644 index 0000000000..b801aaafa0 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/net-misc/openssh/files/sshd.pam_include.2 @@ -0,0 +1,4 @@ +auth include system-remote-login +account include system-remote-login +password include system-remote-login +session include system-remote-login diff --git a/sdk_container/src/third_party/portage-stable/net-misc/openssh/files/sshd.rc6 b/sdk_container/src/third_party/portage-stable/net-misc/openssh/files/sshd.rc6 new file mode 100644 index 0000000000..031606862b --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/net-misc/openssh/files/sshd.rc6 @@ -0,0 +1,82 @@ +#!/sbin/runscript +# Copyright 1999-2011 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/net-misc/openssh/files/sshd.rc6,v 1.28 2011/12/04 10:08:19 swegener Exp $ + +extra_commands="checkconfig gen_keys" +extra_started_commands="reload" + +depend() { + use logger dns + need net +} + +SSHD_CONFDIR=${SSHD_CONFDIR:-/etc/ssh} +SSHD_PIDFILE=${SSHD_PIDFILE:-/var/run/${SVCNAME}.pid} +SSHD_BINARY=${SSHD_BINARY:-/usr/sbin/sshd} + +checkconfig() { + if [ ! -d /var/empty ] ; then + mkdir -p /var/empty || return 1 + fi + + if [ ! -e "${SSHD_CONFDIR}"/sshd_config ] ; then + eerror "You need an ${SSHD_CONFDIR}/sshd_config file to run sshd" + eerror "There is a sample file in /usr/share/doc/openssh" + return 1 + fi + + gen_keys || return 1 + + "${SSHD_BINARY}" -t ${myopts} || return 1 +} + +gen_keys() { + if [ ! -e "${SSHD_CONFDIR}"/ssh_host_key ] ; then + einfo "Generating Hostkey..." + /usr/bin/ssh-keygen -t rsa1 -f "${SSHD_CONFDIR}"/ssh_host_key -N '' || return 1 + fi + if [ ! -e "${SSHD_CONFDIR}"/ssh_host_dsa_key ] ; then + einfo "Generating DSA-Hostkey..." + /usr/bin/ssh-keygen -d -f "${SSHD_CONFDIR}"/ssh_host_dsa_key -N '' || return 1 + fi + if [ ! -e "${SSHD_CONFDIR}"/ssh_host_rsa_key ] ; then + einfo "Generating RSA-Hostkey..." + /usr/bin/ssh-keygen -t rsa -f "${SSHD_CONFDIR}"/ssh_host_rsa_key -N '' || return 1 + fi + return 0 +} + +start() { + local myopts="" + [ "${SSHD_PIDFILE}" != "/var/run/sshd.pid" ] \ + && myopts="${myopts} -o PidFile=${SSHD_PIDFILE}" + [ "${SSHD_CONFDIR}" != "/etc/ssh" ] \ + && myopts="${myopts} -f ${SSHD_CONFDIR}/sshd_config" + + checkconfig || return 1 + ebegin "Starting ${SVCNAME}" + start-stop-daemon --start --exec "${SSHD_BINARY}" \ + --pidfile "${SSHD_PIDFILE}" \ + -- ${myopts} ${SSHD_OPTS} + eend $? +} + +stop() { + if [ "${RC_CMD}" = "restart" ] ; then + checkconfig || return 1 + fi + + ebegin "Stopping ${SVCNAME}" + start-stop-daemon --stop --exec "${SSHD_BINARY}" \ + --pidfile "${SSHD_PIDFILE}" --quiet + eend $? +} + +reload() { + checkconfig || return 1 + ebegin "Reloading ${SVCNAME}" + start-stop-daemon --stop --signal HUP --oknodo \ + --exec "${SSHD_BINARY}" --pidfile "${SSHD_PIDFILE}" + eend $? +} diff --git a/sdk_container/src/third_party/portage-stable/net-misc/openssh/files/sshd.rc6.1 b/sdk_container/src/third_party/portage-stable/net-misc/openssh/files/sshd.rc6.1 new file mode 100644 index 0000000000..6524601ce7 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/net-misc/openssh/files/sshd.rc6.1 @@ -0,0 +1,83 @@ +#!/sbin/runscript +# Copyright 1999-2011 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/net-misc/openssh/files/sshd.rc6.1,v 1.2 2011/12/04 10:08:19 swegener Exp $ + +extra_commands="checkconfig gen_keys" +extra_started_commands="reload" + +depend() { + use logger dns + need net +} + +SSHD_CONFDIR=${SSHD_CONFDIR:-/etc/ssh} +SSHD_PIDFILE=${SSHD_PIDFILE:-/var/run/${SVCNAME}.pid} +SSHD_BINARY=${SSHD_BINARY:-/usr/sbin/sshd} + +checkconfig() { + if [ ! -d /var/empty ] ; then + mkdir -p /var/empty || return 1 + fi + + if [ ! -e "${SSHD_CONFDIR}"/sshd_config ] ; then + eerror "You need an ${SSHD_CONFDIR}/sshd_config file to run sshd" + eerror "There is a sample file in /usr/share/doc/openssh" + return 1 + fi + + gen_keys || return 1 + + "${SSHD_BINARY}" -t ${myopts} || return 1 +} + +gen_keys() { + if [ ! -e "${SSHD_CONFDIR}"/ssh_host_key ] && \ + egrep -q '^[ \t]*Protocol[ \t]+.*1' "${SSHD_CONFDIR}"/sshd_config ; then + einfo "Generating RSA1-Hostkey..." + /usr/bin/ssh-keygen -t rsa1 -f "${SSHD_CONFDIR}"/ssh_host_key -N '' || return 1 + fi + if [ ! -e "${SSHD_CONFDIR}"/ssh_host_dsa_key ] ; then + einfo "Generating DSA-Hostkey..." + /usr/bin/ssh-keygen -d -f "${SSHD_CONFDIR}"/ssh_host_dsa_key -N '' || return 1 + fi + if [ ! -e "${SSHD_CONFDIR}"/ssh_host_rsa_key ] ; then + einfo "Generating RSA-Hostkey..." + /usr/bin/ssh-keygen -t rsa -f "${SSHD_CONFDIR}"/ssh_host_rsa_key -N '' || return 1 + fi + return 0 +} + +start() { + local myopts="" + [ "${SSHD_PIDFILE}" != "/var/run/sshd.pid" ] \ + && myopts="${myopts} -o PidFile=${SSHD_PIDFILE}" + [ "${SSHD_CONFDIR}" != "/etc/ssh" ] \ + && myopts="${myopts} -f ${SSHD_CONFDIR}/sshd_config" + + checkconfig || return 1 + ebegin "Starting ${SVCNAME}" + start-stop-daemon --start --exec "${SSHD_BINARY}" \ + --pidfile "${SSHD_PIDFILE}" \ + -- ${myopts} ${SSHD_OPTS} + eend $? +} + +stop() { + if [ "${RC_CMD}" = "restart" ] ; then + checkconfig || return 1 + fi + + ebegin "Stopping ${SVCNAME}" + start-stop-daemon --stop --exec "${SSHD_BINARY}" \ + --pidfile "${SSHD_PIDFILE}" --quiet + eend $? +} + +reload() { + checkconfig || return 1 + ebegin "Reloading ${SVCNAME}" + start-stop-daemon --stop --signal HUP --oknodo \ + --exec "${SSHD_BINARY}" --pidfile "${SSHD_PIDFILE}" + eend $? +} diff --git a/sdk_container/src/third_party/portage-stable/net-misc/openssh/files/sshd.rc6.2 b/sdk_container/src/third_party/portage-stable/net-misc/openssh/files/sshd.rc6.2 new file mode 100644 index 0000000000..22aaaad218 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/net-misc/openssh/files/sshd.rc6.2 @@ -0,0 +1,85 @@ +#!/sbin/runscript +# Copyright 1999-2011 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/net-misc/openssh/files/sshd.rc6.2,v 1.3 2011/12/04 10:08:19 swegener Exp $ + +extra_commands="checkconfig gen_keys" +extra_started_commands="reload" + +depend() { + use logger dns + need net +} + +SSHD_CONFDIR=${SSHD_CONFDIR:-/etc/ssh} +SSHD_PIDFILE=${SSHD_PIDFILE:-/var/run/${SVCNAME}.pid} +SSHD_BINARY=${SSHD_BINARY:-/usr/sbin/sshd} + +checkconfig() { + if [ ! -d /var/empty ] ; then + mkdir -p /var/empty || return 1 + fi + + if [ ! -e "${SSHD_CONFDIR}"/sshd_config ] ; then + eerror "You need an ${SSHD_CONFDIR}/sshd_config file to run sshd" + eerror "There is a sample file in /usr/share/doc/openssh" + return 1 + fi + + gen_keys || return 1 + + [ "${SSHD_PIDFILE}" != "/var/run/sshd.pid" ] \ + && SSHD_OPTS="${SSHD_OPTS} -o PidFile=${SSHD_PIDFILE}" + [ "${SSHD_CONFDIR}" != "/etc/ssh" ] \ + && SSHD_OPTS="${SSHD_OPTS} -f ${SSHD_CONFDIR}/sshd_config" + + "${SSHD_BINARY}" -t ${SSHD_OPTS} || return 1 +} + +gen_key() { + local type=$1 key ks + [ $# -eq 1 ] && ks="${type}_" + key="${SSHD_CONFDIR}/ssh_host_${ks}key" + if [ ! -e "${key}" ] ; then + ebegin "Generating ${type} host key" + ssh-keygen -t ${type} -f "${key}" -N '' + eend $? || return $? + fi +} + +gen_keys() { + if egrep -q '^[[:space:]]*Protocol[[:space:]]+.*1' "${SSHD_CONFDIR}"/sshd_config ; then + gen_key rsa1 "" || return 1 + fi + gen_key dsa && gen_key rsa && gen_key ecdsa + return $? +} + +start() { + checkconfig || return 1 + + ebegin "Starting ${SVCNAME}" + start-stop-daemon --start --exec "${SSHD_BINARY}" \ + --pidfile "${SSHD_PIDFILE}" \ + -- ${SSHD_OPTS} + eend $? +} + +stop() { + if [ "${RC_CMD}" = "restart" ] ; then + checkconfig || return 1 + fi + + ebegin "Stopping ${SVCNAME}" + start-stop-daemon --stop --exec "${SSHD_BINARY}" \ + --pidfile "${SSHD_PIDFILE}" --quiet + eend $? +} + +reload() { + checkconfig || return 1 + ebegin "Reloading ${SVCNAME}" + start-stop-daemon --stop --signal HUP --oknodo \ + --exec "${SSHD_BINARY}" --pidfile "${SSHD_PIDFILE}" + eend $? +} diff --git a/sdk_container/src/third_party/portage-stable/net-misc/openssh/files/sshd.rc6.3 b/sdk_container/src/third_party/portage-stable/net-misc/openssh/files/sshd.rc6.3 new file mode 100755 index 0000000000..c55116e966 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/net-misc/openssh/files/sshd.rc6.3 @@ -0,0 +1,85 @@ +#!/sbin/runscript +# Copyright 1999-2011 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/net-misc/openssh/files/sshd.rc6.3,v 1.2 2011/09/14 21:46:19 polynomial-c Exp $ + +extra_commands="checkconfig gen_keys" +extra_started_commands="reload" + +depend() { + use logger dns + need net +} + +SSHD_CONFDIR=${SSHD_CONFDIR:-/etc/ssh} +SSHD_PIDFILE=${SSHD_PIDFILE:-/var/run/${SVCNAME}.pid} +SSHD_BINARY=${SSHD_BINARY:-/usr/sbin/sshd} + +checkconfig() { + if [ ! -d /var/empty ] ; then + mkdir -p /var/empty || return 1 + fi + + if [ ! -e "${SSHD_CONFDIR}"/sshd_config ] ; then + eerror "You need an ${SSHD_CONFDIR}/sshd_config file to run sshd" + eerror "There is a sample file in /usr/share/doc/openssh" + return 1 + fi + + gen_keys || return 1 + + [ "${SSHD_PIDFILE}" != "/var/run/sshd.pid" ] \ + && SSHD_OPTS="${SSHD_OPTS} -o PidFile=${SSHD_PIDFILE}" + [ "${SSHD_CONFDIR}" != "/etc/ssh" ] \ + && SSHD_OPTS="${SSHD_OPTS} -f ${SSHD_CONFDIR}/sshd_config" + + "${SSHD_BINARY}" -t ${SSHD_OPTS} || return 1 +} + +gen_key() { + local type=$1 key ks + [ $# -eq 1 ] && ks="${type}_" + key="${SSHD_CONFDIR}/ssh_host_${ks}key" + if [ ! -e "${key}" ] ; then + ebegin "Generating ${type} host key" + ssh-keygen -t ${type} -f "${key}" -N '' + eend $? || return $? + fi +} + +gen_keys() { + if egrep -q '^[[:space:]]*Protocol[[:space:]]+.*1' "${SSHD_CONFDIR}"/sshd_config ; then + gen_key rsa1 "" || return 1 + fi + gen_key dsa && gen_key rsa && gen_key ecdsa + return $? +} + +start() { + checkconfig || return 1 + + ebegin "Starting ${SVCNAME}" + start-stop-daemon --start --exec "${SSHD_BINARY}" \ + --pidfile "${SSHD_PIDFILE}" \ + -- ${SSHD_OPTS} + eend $? +} + +stop() { + if [ "${RC_CMD}" = "restart" ] ; then + checkconfig || return 1 + fi + + ebegin "Stopping ${SVCNAME}" + start-stop-daemon --stop --exec "${SSHD_BINARY}" \ + --pidfile "${SSHD_PIDFILE}" --quiet + eend $? +} + +reload() { + checkconfig || return 1 + ebegin "Reloading ${SVCNAME}" + start-stop-daemon --signal HUP \ + --exec "${SSHD_BINARY}" --pidfile "${SSHD_PIDFILE}" + eend $? +} diff --git a/sdk_container/src/third_party/portage-stable/net-misc/openssh/files/sshd.rc6.4 b/sdk_container/src/third_party/portage-stable/net-misc/openssh/files/sshd.rc6.4 new file mode 100755 index 0000000000..7a4be21364 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/net-misc/openssh/files/sshd.rc6.4 @@ -0,0 +1,106 @@ +#!/sbin/runscript +# Copyright 1999-2012 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/net-misc/openssh/files/sshd.rc6.4,v 1.2 2012/11/28 01:07:04 robbat2 Exp $ + +extra_commands="checkconfig gen_keys" +extra_started_commands="reload" + +SSHD_CONFDIR=${SSHD_CONFDIR:-/etc/ssh} +SSHD_CONFIG=${SSHD_CONFIG:-${SSHD_CONFDIR}/sshd_config} +SSHD_PIDFILE=${SSHD_PIDFILE:-/var/run/${SVCNAME}.pid} +SSHD_BINARY=${SSHD_BINARY:-/usr/sbin/sshd} + +depend() { + use logger dns + if [ "${rc_need+set}" = "set" ]; then + : # Do nothing, the user has explicitly set rc_need + else + warn_addr='' + for x in $(awk '/^ListenAddress/{ print $2 }' "$SSHD_CONFIG" 2>/dev/null) ; do + case "$x" in + 0.0.0.0|0.0.0.0:*) ;; + ::|\[::\]*) ;; + *) warn_addr="${warn_addr} $x" ;; + esac + done + unset x + if [ "${warn_addr:+set}" = "set" ]; then + need net + ewarn "You are binding an interface in ListenAddress statement in your sshd_config!" + ewarn "You must add rc_need=\"net.FOO\" to your /etc/conf.d/sshd" + ewarn "where FOO is the interface(s) providing the following address(es):" + ewarn "${warn_addr}" + fi + unset warn_addr + fi +} + +checkconfig() { + if [ ! -d /var/empty ] ; then + mkdir -p /var/empty || return 1 + fi + + if [ ! -e "${SSHD_CONFDIR}"/sshd_config ] ; then + eerror "You need an ${SSHD_CONFDIR}/sshd_config file to run sshd" + eerror "There is a sample file in /usr/share/doc/openssh" + return 1 + fi + + gen_keys || return 1 + + [ "${SSHD_PIDFILE}" != "/var/run/sshd.pid" ] \ + && SSHD_OPTS="${SSHD_OPTS} -o PidFile=${SSHD_PIDFILE}" + [ "${SSHD_CONFDIR}" != "/etc/ssh" ] \ + && SSHD_OPTS="${SSHD_OPTS} -f ${SSHD_CONFDIR}/sshd_config" + + "${SSHD_BINARY}" -t ${SSHD_OPTS} || return 1 +} + +gen_key() { + keytype=$1 + [ $# -eq 1 ] && ks="${keytype}_" + key="${SSHD_CONFDIR}/ssh_host_${ks}key" + if [ ! -e "${key}" ] ; then + ebegin "Generating ${keytype} host key" + ssh-keygen -t ${keytype} -f "${key}" -N '' + eend $? || return $? + fi +} + +gen_keys() { + if egrep -q '^[[:space:]]*Protocol[[:space:]]+.*1' "${SSHD_CONFDIR}"/sshd_config ; then + gen_key rsa1 "" || return 1 + fi + gen_key dsa && gen_key rsa && gen_key ecdsa + return $? +} + +start() { + checkconfig || return 1 + + ebegin "Starting ${SVCNAME}" + start-stop-daemon --start --exec "${SSHD_BINARY}" \ + --pidfile "${SSHD_PIDFILE}" \ + -- ${SSHD_OPTS} + eend $? +} + +stop() { + if [ "${RC_CMD}" = "restart" ] ; then + checkconfig || return 1 + fi + + ebegin "Stopping ${SVCNAME}" + start-stop-daemon --stop --exec "${SSHD_BINARY}" \ + --pidfile "${SSHD_PIDFILE}" --quiet + eend $? +} + +reload() { + checkconfig || return 1 + ebegin "Reloading ${SVCNAME}" + start-stop-daemon --signal HUP \ + --exec "${SSHD_BINARY}" --pidfile "${SSHD_PIDFILE}" + eend $? +} diff --git a/sdk_container/src/third_party/portage-stable/net-misc/openssh/files/sshd.service b/sdk_container/src/third_party/portage-stable/net-misc/openssh/files/sshd.service new file mode 100644 index 0000000000..45f823ac1e --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/net-misc/openssh/files/sshd.service @@ -0,0 +1,10 @@ +[Unit] +Description=OpenSSH server daemon +After=syslog.target network.target auditd.service + +[Service] +ExecStart=/usr/sbin/sshd -D -e +ExecReload=/bin/kill -HUP $MAINPID + +[Install] +WantedBy=multi-user.target diff --git a/sdk_container/src/third_party/portage-stable/net-misc/openssh/files/sshd.socket b/sdk_container/src/third_party/portage-stable/net-misc/openssh/files/sshd.socket new file mode 100644 index 0000000000..94b9533180 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/net-misc/openssh/files/sshd.socket @@ -0,0 +1,10 @@ +[Unit] +Description=OpenSSH Server Socket +Conflicts=sshd.service + +[Socket] +ListenStream=22 +Accept=yes + +[Install] +WantedBy=sockets.target diff --git a/sdk_container/src/third_party/portage-stable/net-misc/openssh/files/sshd_at.service b/sdk_container/src/third_party/portage-stable/net-misc/openssh/files/sshd_at.service new file mode 100644 index 0000000000..2645ad047c --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/net-misc/openssh/files/sshd_at.service @@ -0,0 +1,8 @@ +[Unit] +Description=OpenSSH per-connection server daemon +After=syslog.target auditd.service + +[Service] +ExecStart=-/usr/sbin/sshd -i -e +StandardInput=socket +StandardError=syslog diff --git a/sdk_container/src/third_party/portage-stable/net-misc/openssh/metadata.xml b/sdk_container/src/third_party/portage-stable/net-misc/openssh/metadata.xml new file mode 100644 index 0000000000..b7a3d5cc1d --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/net-misc/openssh/metadata.xml @@ -0,0 +1,30 @@ + + + + base-system + + robbat2@gentoo.org + LPK issues. Only assign if it's a direct LPK issue. Do not directly assign for anything else. + + +OpenSSH is a FREE version of the SSH protocol suite of network connectivity tools that +increasing numbers of people on the Internet are coming to rely on. Many users of telnet, +rlogin, ftp, and other such programs might not realize that their password is transmitted +across the Internet unencrypted, but it is. OpenSSH encrypts all traffic (including passwords) +to effectively eliminate eavesdropping, connection hijacking, and other network-level attacks. +Additionally, OpenSSH provides a myriad of secure tunneling capabilities, as well as a variety +of authentication methods. + +The OpenSSH suite includes the ssh program which replaces rlogin and telnet, scp which +replaces rcp, and sftp which replaces ftp. Also included is sshd which is the server side of +the package, and the other basic utilities like ssh-add, ssh-agent, ssh-keysign, ssh-keyscan, +ssh-keygen and sftp-server. OpenSSH supports SSH protocol versions 1.3, 1.5, and 2.0. + + + Disable EC/RC5 algorithms in OpenSSL for patent reasons. + Enable high performance ssh + Add support for storing SSH public keys in LDAP + Use LDNS for DNSSEC/SSHFP validation. + Adds support for X.509 certificate authentication + + diff --git a/sdk_container/src/third_party/portage-stable/net-misc/openssh/openssh-5.2_p1-r10.ebuild b/sdk_container/src/third_party/portage-stable/net-misc/openssh/openssh-5.2_p1-r10.ebuild new file mode 120000 index 0000000000..6d42c03126 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/net-misc/openssh/openssh-5.2_p1-r10.ebuild @@ -0,0 +1 @@ +openssh-5.2_p1-r3.ebuild \ No newline at end of file diff --git a/sdk_container/src/third_party/portage-stable/net-misc/openssh/openssh-5.2_p1-r3.ebuild b/sdk_container/src/third_party/portage-stable/net-misc/openssh/openssh-5.2_p1-r3.ebuild new file mode 100644 index 0000000000..efcb2d80a3 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/net-misc/openssh/openssh-5.2_p1-r3.ebuild @@ -0,0 +1,259 @@ +# Copyright 1999-2009 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/net-misc/openssh/openssh-5.2_p1-r3.ebuild,v 1.7 2009/10/11 20:21:40 nixnut Exp $ + +inherit eutils flag-o-matic multilib autotools pam useradd + +# Make it more portable between straight releases +# and _p? releases. +PARCH=${P/_/} + +HPN_PATCH="${PARCH}-hpn13v6.diff.gz" +LDAP_PATCH="${PARCH/openssh/openssh-lpk}-0.3.11.patch.gz" +PKCS11_PATCH="${PARCH/p1}pkcs11-0.26.tar.bz2" +X509_VER="6.2.1" X509_PATCH="${PARCH}+x509-${X509_VER}.diff.gz" + +DESCRIPTION="Port of OpenBSD's free SSH release" +HOMEPAGE="http://www.openssh.org/" +# HPN appears twice as sometimes Gentoo has a custom version of it. +SRC_URI="mirror://openbsd/OpenSSH/portable/${PARCH}.tar.gz + http://www.sxw.org.uk/computing/patches/openssh-5.2p1-gsskex-all-20090726.patch + ${HPN_PATCH:+hpn? ( http://www.psc.edu/networking/projects/hpn-ssh/${HPN_PATCH} )} + ${LDAP_PATCH:+ldap? ( mirror://gentoo/${LDAP_PATCH} )} + ${PKCS11_PATCH:+pkcs11? ( http://alon.barlev.googlepages.com/${PKCS11_PATCH} )} + ${X509_PATCH:+X509? ( http://roumenpetrov.info/openssh/x509-${X509_VER}/${X509_PATCH} )}" + +LICENSE="as-is" +SLOT="0" +KEYWORDS="alpha amd64 arm hppa ~ia64 ~m68k ~mips ppc ppc64 ~s390 ~sh ~sparc x86 ~sparc-fbsd ~x86-fbsd" +IUSE="hpn kerberos ldap libedit pam pkcs11 selinux skey smartcard static tcpd X X509" + +RDEPEND="pam? ( virtual/pam ) + kerberos? ( virtual/krb5 ) + selinux? ( >=sys-libs/libselinux-1.28 ) + skey? ( >=sys-auth/skey-1.1.5-r1 ) + ldap? ( net-nds/openldap ) + libedit? ( dev-libs/libedit ) + >=dev-libs/openssl-0.9.6d + >=sys-libs/zlib-1.2.3 + smartcard? ( dev-libs/opensc ) + pkcs11? ( dev-libs/pkcs11-helper ) + tcpd? ( >=sys-apps/tcp-wrappers-7.6 ) + X? ( x11-apps/xauth ) + userland_GNU? ( sys-apps/shadow )" +DEPEND="${RDEPEND} + dev-util/pkgconfig + virtual/os-headers + sys-devel/autoconf" +RDEPEND="${RDEPEND} + pam? ( >=sys-auth/pambase-20081028 )" +PROVIDE="virtual/ssh" + +S=${WORKDIR}/${PARCH} + +pkg_setup() { + # this sucks, but i'd rather have people unable to `emerge -u openssh` + # than not be able to log in to their server any more + maybe_fail() { [[ -z ${!2} ]] && use ${1} && echo ${1} ; } + local fail=" + $(maybe_fail ldap LDAP_PATCH) + $(maybe_fail pkcs11 PKCS11_PATCH) + $(maybe_fail X509 X509_PATCH) + " + fail=$(echo ${fail}) + if [[ -n ${fail} ]] ; then + eerror "Sorry, but this version does not yet support features" + eerror "that you requested: ${fail}" + eerror "Please mask ${PF} for now and check back later:" + eerror " # echo '=${CATEGORY}/${PF}' >> /etc/portage/package.mask" + die "booooo" + fi +} + +src_unpack() { + unpack ${PARCH}.tar.gz + cd "${S}" + + sed -i \ + -e '/_PATH_XAUTH/s:/usr/X11R6/bin/xauth:/usr/bin/xauth:' \ + pathnames.h || die + + if use pkcs11 ; then + cd "${WORKDIR}" + unpack "${PKCS11_PATCH}" + cd "${S}" + EPATCH_OPTS="-p1" epatch "${WORKDIR}"/*pkcs11*/{1,2,4}* + use X509 && EPATCH_OPTS="-R" epatch "${WORKDIR}"/*pkcs11*/1000_all_log.patch + fi + use X509 && epatch "${DISTDIR}"/${X509_PATCH} "${FILESDIR}"/${P}-x509-hpn-glue.patch + use smartcard && epatch "${FILESDIR}"/openssh-3.9_p1-opensc.patch + if ! use X509 ; then + if [[ -n ${LDAP_PATCH} ]] && use ldap ; then + # The patch for bug 210110 64-bit stuff is now included. + epatch "${DISTDIR}"/${LDAP_PATCH} + epatch "${FILESDIR}"/${PN}-5.2p1-ldap-stdargs.diff #266654 + fi + epatch "${DISTDIR}"/openssh-5.2p1-gsskex-all-20090726.patch #115553 #216932 #279488 + epatch "${FILESDIR}"/${P}-gsskex-fix.patch + else + use ldap && ewarn "Sorry, X509 and ldap don't get along, disabling ldap" + fi + #epatch "${FILESDIR}"/${PN}-4.7_p1-GSSAPI-dns.patch #165444 integrated into gsskex + [[ -n ${HPN_PATCH} ]] && use hpn && epatch "${DISTDIR}"/${HPN_PATCH} + epatch "${FILESDIR}"/${PN}-4.7p1-selinux.diff #191665 + epatch "${FILESDIR}"/${P}-autoconf.patch + epatch "${FILESDIR}"/${P}-ssh-keysign-readconf.patch + + # in 5.2p1, the AES-CTR multithreaded variant is temporarily broken, and + # causes random hangs when combined with the -f switch of ssh. + # To avoid this, we change the internal table to use the non-multithread + # version for the meantime. + sed -i \ + -e '/aes...-ctr.*SSH_CIPHER_SSH2/s,evp_aes_ctr_mt,evp_aes_128_ctr,' \ + cipher.c || die + + sed -i "s:-lcrypto:$(pkg-config --libs openssl):" configure{,.ac} || die + + # Disable PATH reset, trust what portage gives us. bug 254615 + sed -i -e 's:^PATH=/:#PATH=/:' configure || die + + eautoreconf +} + +static_use_with() { + local flag=$1 + if use static && use ${flag} ; then + ewarn "Disabling '${flag}' support because of USE='static'" + # rebuild args so that we invert the first one (USE flag) + # but otherwise leave everything else working so we can + # just leverage use_with + shift + [[ -z $1 ]] && flag="${flag} ${flag}" + set -- !${flag} "$@" + fi + use_with "$@" +} + +src_compile() { + export CFLAGS + CFLAGS+=" -fno-strict-aliasing" + + addwrite /dev/ptmx + addpredict /etc/skey/skeykeys #skey configure code triggers this + + local myconf="" + use static && append-ldflags -static + + econf \ + --with-ldflags="${LDFLAGS}" \ + --disable-strip \ + --sysconfdir=/etc/ssh \ + --libexecdir=/usr/$(get_libdir)/misc \ + --datadir=/usr/share/openssh \ + --with-privsep-path=/var/empty \ + --with-privsep-user=sshd \ + --with-md5-passwords \ + --with-ssl-engine \ + $(static_use_with pam) \ + $(static_use_with kerberos kerberos5 /usr) \ + ${LDAP_PATCH:+$(use ldap && use_with ldap)} \ + $(use_with libedit) \ + ${PKCS11_PATCH:+$(use pkcs11 && static_use_with pkcs11)} \ + $(use_with selinux) \ + $(use_with skey) \ + $(use_with smartcard opensc) \ + $(use_with tcpd tcp-wrappers) \ + ${myconf} \ + || die "bad configure" + emake || die "compile problem" +} + +src_install() { + emake install-nokeys DESTDIR="${D}" || die + fperms 600 /etc/ssh/sshd_config + dobin contrib/ssh-copy-id + + newconfd "${FILESDIR}"/sshd.confd sshd + keepdir /var/empty + + newpamd "${FILESDIR}"/sshd.pam_include.2 sshd + if use pam ; then + sed -i \ + -e "/^#UsePAM /s:.*:UsePAM yes:" \ + -e "/^#PasswordAuthentication /s:.*:PasswordAuthentication no:" \ + -e "/^#PrintMotd /s:.*:PrintMotd no:" \ + -e "/^#PrintLastLog /s:.*:PrintLastLog no:" \ + "${D}"/etc/ssh/sshd_config || die "sed of configuration file failed" + fi + + # This instruction is from the HPN webpage, + # Used for the server logging functionality + if [[ -n ${HPN_PATCH} ]] && use hpn; then + keepdir /var/empty/dev + fi + + doman contrib/ssh-copy-id.1 + dodoc ChangeLog CREDITS OVERVIEW README* TODO sshd_config + + diropts -m 0700 + dodir /etc/skel/.ssh +} + +src_test() { + local t tests skipped failed passed shell + tests="interop-tests compat-tests" + skipped="" + shell=$(getent passwd ${UID} | cut -d: -f7) + if [[ ${shell} == */nologin ]] || [[ ${shell} == */false ]] ; then + elog "Running the full OpenSSH testsuite" + elog "requires a usable shell for the 'portage'" + elog "user, so we will run a subset only." + skipped="${skipped} tests" + else + tests="${tests} tests" + fi + for t in ${tests} ; do + # Some tests read from stdin ... + emake -k -j1 ${t} & /dev/null + + ewarn "Remember to merge your config files in /etc/ssh/ and then" + ewarn "reload sshd: '/etc/init.d/sshd reload'." + if use pam ; then + echo + ewarn "Please be aware users need a valid shell in /etc/passwd" + ewarn "in order to be allowed to login." + fi + if use pkcs11 ; then + echo + einfo "For PKCS#11 you should also emerge one of the askpass softwares" + einfo "Example: net-misc/x11-ssh-askpass" + fi + # This instruction is from the HPN webpage, + # Used for the server logging functionality + if [[ -n ${HPN_PATCH} ]] && use hpn; then + echo + einfo "For the HPN server logging patch, you must ensure that" + einfo "your syslog application also listens at /var/empty/dev/log." + fi +} diff --git a/sdk_container/src/third_party/portage-stable/net-misc/openssh/openssh-5.9_p1-r4.ebuild b/sdk_container/src/third_party/portage-stable/net-misc/openssh/openssh-5.9_p1-r4.ebuild new file mode 100644 index 0000000000..c8718324d8 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/net-misc/openssh/openssh-5.9_p1-r4.ebuild @@ -0,0 +1,279 @@ +# Copyright 1999-2013 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/net-misc/openssh/openssh-5.9_p1-r4.ebuild,v 1.14 2013/01/18 01:14:14 robbat2 Exp $ + +EAPI="2" +inherit eutils user flag-o-matic multilib autotools pam systemd + +# Make it more portable between straight releases +# and _p? releases. +PARCH=${P/_} + +HPN_PATCH="${PARCH}-hpn13v11.diff.gz" +LDAP_PATCH="${PARCH/-/-lpk-}-0.3.14.patch.gz" +X509_VER="7.0" X509_PATCH="${PARCH}+x509-${X509_VER}.diff.gz" + +DESCRIPTION="Port of OpenBSD's free SSH release" +HOMEPAGE="http://www.openssh.org/" +SRC_URI="mirror://openbsd/OpenSSH/portable/${PARCH}.tar.gz + ${HPN_PATCH:+hpn? ( http://www.psc.edu/networking/projects/hpn-ssh/${HPN_PATCH} mirror://gentoo/${HPN_PATCH} )} + ${LDAP_PATCH:+ldap? ( mirror://gentoo/${LDAP_PATCH} )} + ${X509_PATCH:+X509? ( http://roumenpetrov.info/openssh/x509-${X509_VER}/${X509_PATCH} )} + " + +LICENSE="BSD GPL-2" +SLOT="0" +KEYWORDS="alpha amd64 arm hppa ia64 m68k ~mips ppc ppc64 s390 sh sparc x86 ~sparc-fbsd ~x86-fbsd" +IUSE="bindist ${HPN_PATCH:++}hpn kerberos ldap libedit pam selinux skey static tcpd X X509" + +RDEPEND="pam? ( virtual/pam ) + kerberos? ( virtual/krb5 ) + selinux? ( >=sys-libs/libselinux-1.28 ) + skey? ( >=sys-auth/skey-1.1.5-r1 ) + ldap? ( net-nds/openldap ) + libedit? ( dev-libs/libedit ) + >=dev-libs/openssl-0.9.6d:0[bindist=] + >=sys-libs/zlib-1.2.3 + tcpd? ( >=sys-apps/tcp-wrappers-7.6 ) + X? ( x11-apps/xauth ) + userland_GNU? ( virtual/shadow )" +DEPEND="${RDEPEND} + virtual/pkgconfig + virtual/os-headers + sys-devel/autoconf" +RDEPEND="${RDEPEND} + pam? ( >=sys-auth/pambase-20081028 )" + +S=${WORKDIR}/${PARCH} + +pkg_setup() { + # this sucks, but i'd rather have people unable to `emerge -u openssh` + # than not be able to log in to their server any more + maybe_fail() { [[ -z ${!2} ]] && echo ${1} ; } + local fail=" + $(use X509 && maybe_fail X509 X509_PATCH) + $(use ldap && maybe_fail ldap LDAP_PATCH) + $(use hpn && maybe_fail hpn HPN_PATCH) + " + fail=$(echo ${fail}) + if [[ -n ${fail} ]] ; then + eerror "Sorry, but this version does not yet support features" + eerror "that you requested: ${fail}" + eerror "Please mask ${PF} for now and check back later:" + eerror " # echo '=${CATEGORY}/${PF}' >> /etc/portage/package.mask" + die "booooo" + fi +} + +src_prepare() { + sed -i \ + -e '/_PATH_XAUTH/s:/usr/X11R6/bin/xauth:/usr/bin/xauth:' \ + pathnames.h || die + # keep this as we need it to avoid the conflict between LPK and HPN changing + # this file. + cp version.h version.h.pristine + + # don't break .ssh/authorized_keys2 for fun + sed -i '/^AuthorizedKeysFile/s:^:#:' sshd_config || die + + epatch "${FILESDIR}"/${PN}-5.9_p1-drop-openssl-check.patch + epatch "${FILESDIR}"/${PN}-5.9_p1-sshd-gssapi-multihomed.patch #378361 + if use X509 ; then + pushd .. >/dev/null + epatch "${FILESDIR}"/${PN}-5.9_p1-x509-glue.patch + popd >/dev/null + epatch "${WORKDIR}"/${X509_PATCH%.*} + epatch "${FILESDIR}"/${PN}-5.8_p1-x509-hpn-glue.patch + fi + if ! use X509 ; then + if [[ -n ${LDAP_PATCH} ]] && use ldap ; then + epatch "${WORKDIR}"/${LDAP_PATCH%.*} + #epatch "${FILESDIR}"/${PN}-5.2p1-ldap-stdargs.diff #266654 - merged + # version.h patch conflict avoidence + mv version.h version.h.lpk + cp -f version.h.pristine version.h + fi + else + use ldap && ewarn "Sorry, X509 and LDAP conflict internally, disabling LDAP" + fi + epatch "${FILESDIR}"/${PN}-4.7_p1-GSSAPI-dns.patch #165444 integrated into gsskex + if [[ -n ${HPN_PATCH} ]] && use hpn; then + epatch "${WORKDIR}"/${HPN_PATCH%.*} + epatch "${FILESDIR}"/${PN}-5.6_p1-hpn-progressmeter.patch + # version.h patch conflict avoidence + mv version.h version.h.hpn + cp -f version.h.pristine version.h + # The AES-CTR multithreaded variant is broken, and causes random hangs + # when combined background threading and control sockets. To avoid + # this, we change the internal table to use the non-multithread version + # for the meantime. Do NOT remove this in new versions. See bug #354113 + # comment #6 for testcase. + # Upstream reference: http://www.psc.edu/networking/projects/hpn-ssh/ + ## Additionally, the MT-AES-CTR mode cipher replaces the default ST-AES-CTR mode + ## cipher. Be aware that if the client process is forked using the -f command line + ## option the process will hang as the parent thread gets 'divorced' from the key + ## generation threads. This issue will be resolved as soon as possible + sed -i \ + -e '/aes...-ctr.*SSH_CIPHER_SSH2/s,evp_aes_ctr_mt,evp_aes_128_ctr,' \ + cipher.c || die + fi + + sed -i "s:-lcrypto:$(pkg-config --libs openssl):" configure{,.ac} || die + + # Disable PATH reset, trust what portage gives us. bug 254615 + sed -i -e 's:^PATH=/:#PATH=/:' configure || die + + # Now we can build a sane merged version.h + ( + sed '/^#define SSH_RELEASE/d' version.h.* | sort -u + printf '#define SSH_RELEASE SSH_VERSION SSH_PORTABLE %s %s\n' \ + "$([ -e version.h.hpn ] && echo SSH_HPN)" \ + "$([ -e version.h.lpk ] && echo SSH_LPK)" + ) > version.h + + eautoreconf +} + +static_use_with() { + local flag=$1 + if use static && use ${flag} ; then + ewarn "Disabling '${flag}' support because of USE='static'" + # rebuild args so that we invert the first one (USE flag) + # but otherwise leave everything else working so we can + # just leverage use_with + shift + [[ -z $1 ]] && flag="${flag} ${flag}" + set -- !${flag} "$@" + fi + use_with "$@" +} + +src_configure() { + addwrite /dev/ptmx + addpredict /etc/skey/skeykeys #skey configure code triggers this + + use static && append-ldflags -static + + econf \ + --with-ldflags="${LDFLAGS}" \ + --disable-strip \ + --sysconfdir=/etc/ssh \ + --libexecdir=/usr/$(get_libdir)/misc \ + --datadir=/usr/share/openssh \ + --with-privsep-path=/var/empty \ + --with-privsep-user=sshd \ + --with-md5-passwords \ + --with-ssl-engine \ + $(static_use_with pam) \ + $(static_use_with kerberos kerberos5 /usr) \ + ${LDAP_PATCH:+$(use X509 || ( use ldap && use_with ldap ))} \ + $(use_with libedit) \ + $(use_with selinux) \ + $(use_with skey) \ + $(use_with tcpd tcp-wrappers) +} + +src_install() { + emake install-nokeys DESTDIR="${D}" || die + fperms 600 /etc/ssh/sshd_config + dobin contrib/ssh-copy-id || die + newinitd "${FILESDIR}"/sshd.rc6.3 sshd + newconfd "${FILESDIR}"/sshd.confd sshd + keepdir /var/empty + + # not all openssl installs support ecc, or are functional #352645 + if ! grep -q '#define OPENSSL_HAS_ECC 1' config.h ; then + elog "dev-libs/openssl was built with 'bindist' - disabling ecdsa support" + dosed 's:&& gen_key ecdsa::' /etc/init.d/sshd || die + fi + + newpamd "${FILESDIR}"/sshd.pam_include.2 sshd + if use pam ; then + sed -i \ + -e "/^#UsePAM /s:.*:UsePAM yes:" \ + -e "/^#PasswordAuthentication /s:.*:PasswordAuthentication no:" \ + -e "/^#PrintMotd /s:.*:PrintMotd no:" \ + -e "/^#PrintLastLog /s:.*:PrintLastLog no:" \ + "${D}"/etc/ssh/sshd_config || die "sed of configuration file failed" + fi + + # This instruction is from the HPN webpage, + # Used for the server logging functionality + if [[ -n ${HPN_PATCH} ]] && use hpn ; then + keepdir /var/empty/dev + fi + + if use ldap ; then + insinto /etc/openldap/schema/ + newins openssh-lpk_openldap.schema openssh-lpk.schema + fi + + doman contrib/ssh-copy-id.1 + dodoc ChangeLog CREDITS OVERVIEW README* TODO sshd_config + + diropts -m 0700 + dodir /etc/skel/.ssh + + systemd_dounit "${FILESDIR}"/sshd.{service,socket} || die + systemd_newunit "${FILESDIR}"/sshd_at.service 'sshd@.service' || die +} + +src_test() { + local t tests skipped failed passed shell + tests="interop-tests compat-tests" + skipped="" + shell=$(egetshell ${UID}) + if [[ ${shell} == */nologin ]] || [[ ${shell} == */false ]] ; then + elog "Running the full OpenSSH testsuite" + elog "requires a usable shell for the 'portage'" + elog "user, so we will run a subset only." + skipped="${skipped} tests" + else + tests="${tests} tests" + fi + # It will also attempt to write to the homedir .ssh + local sshhome=${T}/homedir + mkdir -p "${sshhome}"/.ssh + for t in ${tests} ; do + # Some tests read from stdin ... + HOMEDIR="${sshhome}" \ + emake -k -j1 ${t} > /etc/portage/package.mask" + die "booooo" + fi +} + +save_version() { + # version.h patch conflict avoidence + mv version.h version.h.$1 + cp -f version.h.pristine version.h +} + +src_prepare() { + sed -i \ + -e '/_PATH_XAUTH/s:/usr/X11R6/bin/xauth:/usr/bin/xauth:' \ + pathnames.h || die + # keep this as we need it to avoid the conflict between LPK and HPN changing + # this file. + cp version.h version.h.pristine + + # don't break .ssh/authorized_keys2 for fun + sed -i '/^AuthorizedKeysFile/s:^:#:' sshd_config || die + + epatch "${FILESDIR}"/${PN}-5.9_p1-sshd-gssapi-multihomed.patch #378361 + if use X509 ; then + pushd .. >/dev/null + epatch "${FILESDIR}"/${PN}-6.0_p1-x509-glue.patch + popd >/dev/null + epatch "${WORKDIR}"/${X509_PATCH%.*} + epatch "${FILESDIR}"/${PN}-6.0_p1-x509-hpn-glue.patch + save_version X509 + fi + if ! use X509 ; then + if [[ -n ${LDAP_PATCH} ]] && use ldap ; then + epatch "${WORKDIR}"/${LDAP_PATCH%.*} + save_version LPK + fi + else + use ldap && ewarn "Sorry, X509 and LDAP conflict internally, disabling LDAP" + fi + epatch "${FILESDIR}"/${PN}-6.0_p1-test.patch #391011 + epatch "${FILESDIR}"/${PN}-6.0_p1-fix-freebsd-compilation.patch #391011 + epatch "${FILESDIR}"/${PN}-4.7_p1-GSSAPI-dns.patch #165444 integrated into gsskex + if [[ -n ${HPN_PATCH} ]] && use hpn; then + epatch "${WORKDIR}"/${HPN_PATCH%.*} + epatch "${FILESDIR}"/${PN}-5.6_p1-hpn-progressmeter.patch + save_version HPN + # The AES-CTR multithreaded variant is broken, and causes random hangs + # when combined background threading and control sockets. To avoid + # this, we change the internal table to use the non-multithread version + # for the meantime. Do NOT remove this in new versions. See bug #354113 + # comment #6 for testcase. + # Upstream reference: http://www.psc.edu/networking/projects/hpn-ssh/ + ## Additionally, the MT-AES-CTR mode cipher replaces the default ST-AES-CTR mode + ## cipher. Be aware that if the client process is forked using the -f command line + ## option the process will hang as the parent thread gets 'divorced' from the key + ## generation threads. This issue will be resolved as soon as possible + sed -i \ + -e '/aes...-ctr.*SSH_CIPHER_SSH2/s,evp_aes_ctr_mt,evp_aes_128_ctr,' \ + cipher.c || die + fi + + sed -i "s:-lcrypto:$(pkg-config --libs openssl):" configure{,.ac} || die + + # Disable PATH reset, trust what portage gives us. bug 254615 + sed -i -e 's:^PATH=/:#PATH=/:' configure || die + + # Now we can build a sane merged version.h + ( + sed '/^#define SSH_RELEASE/d' version.h.* | sort -u + macros=() + for p in HPN LPK X509 ; do [ -e version.h.${p} ] && macros+=( SSH_${p} ) ; done + printf '#define SSH_RELEASE SSH_VERSION SSH_PORTABLE %s\n' "${macros}" + ) > version.h + + eautoreconf +} + +static_use_with() { + local flag=$1 + if use static && use ${flag} ; then + ewarn "Disabling '${flag}' support because of USE='static'" + # rebuild args so that we invert the first one (USE flag) + # but otherwise leave everything else working so we can + # just leverage use_with + shift + [[ -z $1 ]] && flag="${flag} ${flag}" + set -- !${flag} "$@" + fi + use_with "$@" +} + +src_configure() { + addwrite /dev/ptmx + addpredict /etc/skey/skeykeys #skey configure code triggers this + + use static && append-ldflags -static + + econf \ + --with-ldflags="${LDFLAGS}" \ + --disable-strip \ + --sysconfdir=/etc/ssh \ + --libexecdir=/usr/$(get_libdir)/misc \ + --datadir=/usr/share/openssh \ + --with-privsep-path=/var/empty \ + --with-privsep-user=sshd \ + --with-md5-passwords \ + --with-ssl-engine \ + $(static_use_with pam) \ + $(static_use_with kerberos kerberos5 /usr) \ + ${LDAP_PATCH:+$(use X509 || ( use ldap && use_with ldap ))} \ + $(use_with libedit) \ + $(use_with selinux) \ + $(use_with skey) \ + $(use_with tcpd tcp-wrappers) +} + +src_install() { + emake install-nokeys DESTDIR="${D}" || die + fperms 600 /etc/ssh/sshd_config + dobin contrib/ssh-copy-id || die + newinitd "${FILESDIR}"/sshd.rc6.3 sshd + newconfd "${FILESDIR}"/sshd.confd sshd + keepdir /var/empty + + # not all openssl installs support ecc, or are functional #352645 + if ! grep -q '#define OPENSSL_HAS_ECC 1' config.h ; then + elog "dev-libs/openssl was built with 'bindist' - disabling ecdsa support" + dosed 's:&& gen_key ecdsa::' /etc/init.d/sshd || die + fi + + newpamd "${FILESDIR}"/sshd.pam_include.2 sshd + if use pam ; then + sed -i \ + -e "/^#UsePAM /s:.*:UsePAM yes:" \ + -e "/^#PasswordAuthentication /s:.*:PasswordAuthentication no:" \ + -e "/^#PrintMotd /s:.*:PrintMotd no:" \ + -e "/^#PrintLastLog /s:.*:PrintLastLog no:" \ + "${D}"/etc/ssh/sshd_config || die "sed of configuration file failed" + fi + + # Gentoo tweaks to default config files + cat <<-EOF >> "${D}"/etc/ssh/sshd_config + + # Allow client to pass locale environment variables #367017 + AcceptEnv LANG LC_* + EOF + cat <<-EOF >> "${D}"/etc/ssh/ssh_config + + # Send locale environment variables #367017 + SendEnv LANG LC_* + EOF + + # This instruction is from the HPN webpage, + # Used for the server logging functionality + if [[ -n ${HPN_PATCH} ]] && use hpn ; then + keepdir /var/empty/dev + fi + + if use ldap ; then + insinto /etc/openldap/schema/ + newins openssh-lpk_openldap.schema openssh-lpk.schema + fi + + doman contrib/ssh-copy-id.1 + dodoc ChangeLog CREDITS OVERVIEW README* TODO sshd_config + + diropts -m 0700 + dodir /etc/skel/.ssh + + systemd_dounit "${FILESDIR}"/sshd.{service,socket} || die + systemd_newunit "${FILESDIR}"/sshd_at.service 'sshd@.service' || die +} + +src_test() { + local t tests skipped failed passed shell + tests="interop-tests compat-tests" + skipped="" + shell=$(egetshell ${UID}) + if [[ ${shell} == */nologin ]] || [[ ${shell} == */false ]] ; then + elog "Running the full OpenSSH testsuite" + elog "requires a usable shell for the 'portage'" + elog "user, so we will run a subset only." + skipped="${skipped} tests" + else + tests="${tests} tests" + fi + # It will also attempt to write to the homedir .ssh + local sshhome=${T}/homedir + mkdir -p "${sshhome}"/.ssh + for t in ${tests} ; do + # Some tests read from stdin ... + HOMEDIR="${sshhome}" \ + emake -k -j1 ${t} > /etc/portage/package.mask" + die "booooo" + fi +} + +save_version() { + # version.h patch conflict avoidence + mv version.h version.h.$1 + cp -f version.h.pristine version.h +} + +src_prepare() { + sed -i \ + -e '/_PATH_XAUTH/s:/usr/X11R6/bin/xauth:/usr/bin/xauth:' \ + pathnames.h || die + # keep this as we need it to avoid the conflict between LPK and HPN changing + # this file. + cp version.h version.h.pristine + + # don't break .ssh/authorized_keys2 for fun + sed -i '/^AuthorizedKeysFile/s:^:#:' sshd_config || die + + epatch "${FILESDIR}"/${PN}-5.9_p1-sshd-gssapi-multihomed.patch #378361 + if use X509 ; then + pushd .. >/dev/null + epatch "${FILESDIR}"/${PN}-6.0_p1-x509-glue.patch + popd >/dev/null + epatch "${WORKDIR}"/${X509_PATCH%.*} + epatch "${FILESDIR}"/${PN}-6.0_p1-x509-hpn-glue.patch + save_version X509 + fi + if ! use X509 ; then + if [[ -n ${LDAP_PATCH} ]] && use ldap ; then + epatch "${WORKDIR}"/${LDAP_PATCH%.*} + save_version LPK + fi + else + use ldap && ewarn "Sorry, X509 and LDAP conflict internally, disabling LDAP" + fi + epatch "${FILESDIR}"/${PN}-6.0_p1-test.patch #391011 + epatch "${FILESDIR}"/${PN}-6.0_p1-fix-freebsd-compilation.patch #391011 + epatch "${FILESDIR}"/${PN}-4.7_p1-GSSAPI-dns.patch #165444 integrated into gsskex + if [[ -n ${HPN_PATCH} ]] && use hpn; then + epatch "${WORKDIR}"/${HPN_PATCH%.*} + epatch "${FILESDIR}"/${PN}-6.0_p1-hpn-progressmeter.patch + save_version HPN + # The AES-CTR multithreaded variant is broken, and causes random hangs + # when combined background threading and control sockets. To avoid + # this, we change the internal table to use the non-multithread version + # for the meantime. Do NOT remove this in new versions. See bug #354113 + # comment #6 for testcase. + # Upstream reference: http://www.psc.edu/networking/projects/hpn-ssh/ + ## Additionally, the MT-AES-CTR mode cipher replaces the default ST-AES-CTR mode + ## cipher. Be aware that if the client process is forked using the -f command line + ## option the process will hang as the parent thread gets 'divorced' from the key + ## generation threads. This issue will be resolved as soon as possible + sed -i \ + -e '/aes...-ctr.*SSH_CIPHER_SSH2/s,evp_aes_ctr_mt,evp_aes_128_ctr,' \ + cipher.c || die + fi + + sed -i "s:-lcrypto:$(pkg-config --libs openssl):" configure{,.ac} || die + + # Disable PATH reset, trust what portage gives us. bug 254615 + sed -i -e 's:^PATH=/:#PATH=/:' configure || die + + # Now we can build a sane merged version.h + ( + sed '/^#define SSH_RELEASE/d' version.h.* | sort -u + macros=() + for p in HPN LPK X509 ; do [ -e version.h.${p} ] && macros+=( SSH_${p} ) ; done + printf '#define SSH_RELEASE SSH_VERSION SSH_PORTABLE %s\n' "${macros}" + ) > version.h + + eautoreconf +} + +static_use_with() { + local flag=$1 + if use static && use ${flag} ; then + ewarn "Disabling '${flag}' support because of USE='static'" + # rebuild args so that we invert the first one (USE flag) + # but otherwise leave everything else working so we can + # just leverage use_with + shift + [[ -z $1 ]] && flag="${flag} ${flag}" + set -- !${flag} "$@" + fi + use_with "$@" +} + +src_configure() { + addwrite /dev/ptmx + addpredict /etc/skey/skeykeys #skey configure code triggers this + + use static && append-ldflags -static + + econf \ + --with-ldflags="${LDFLAGS}" \ + --disable-strip \ + --sysconfdir=/etc/ssh \ + --libexecdir=/usr/$(get_libdir)/misc \ + --datadir=/usr/share/openssh \ + --with-privsep-path=/var/empty \ + --with-privsep-user=sshd \ + --with-md5-passwords \ + --with-ssl-engine \ + $(static_use_with pam) \ + $(static_use_with kerberos kerberos5 /usr) \ + ${LDAP_PATCH:+$(use X509 || ( use ldap && use_with ldap ))} \ + $(use_with libedit) \ + $(use_with selinux) \ + $(use_with skey) \ + $(use_with tcpd tcp-wrappers) +} + +src_install() { + emake install-nokeys DESTDIR="${D}" || die + fperms 600 /etc/ssh/sshd_config + dobin contrib/ssh-copy-id || die + newinitd "${FILESDIR}"/sshd.rc6.3 sshd + newconfd "${FILESDIR}"/sshd.confd sshd + keepdir /var/empty + + # not all openssl installs support ecc, or are functional #352645 + if ! grep -q '#define OPENSSL_HAS_ECC 1' config.h ; then + elog "dev-libs/openssl was built with 'bindist' - disabling ecdsa support" + dosed 's:&& gen_key ecdsa::' /etc/init.d/sshd || die + fi + + newpamd "${FILESDIR}"/sshd.pam_include.2 sshd + if use pam ; then + sed -i \ + -e "/^#UsePAM /s:.*:UsePAM yes:" \ + -e "/^#PasswordAuthentication /s:.*:PasswordAuthentication no:" \ + -e "/^#PrintMotd /s:.*:PrintMotd no:" \ + -e "/^#PrintLastLog /s:.*:PrintLastLog no:" \ + "${D}"/etc/ssh/sshd_config || die "sed of configuration file failed" + fi + + # Gentoo tweaks to default config files + cat <<-EOF >> "${D}"/etc/ssh/sshd_config + + # Allow client to pass locale environment variables #367017 + AcceptEnv LANG LC_* + EOF + cat <<-EOF >> "${D}"/etc/ssh/ssh_config + + # Send locale environment variables #367017 + SendEnv LANG LC_* + EOF + + # This instruction is from the HPN webpage, + # Used for the server logging functionality + if [[ -n ${HPN_PATCH} ]] && use hpn ; then + keepdir /var/empty/dev + fi + + if use ldap ; then + insinto /etc/openldap/schema/ + newins openssh-lpk_openldap.schema openssh-lpk.schema + fi + + doman contrib/ssh-copy-id.1 + dodoc ChangeLog CREDITS OVERVIEW README* TODO sshd_config + + diropts -m 0700 + dodir /etc/skel/.ssh + + systemd_dounit "${FILESDIR}"/sshd.{service,socket} || die + systemd_newunit "${FILESDIR}"/sshd_at.service 'sshd@.service' || die +} + +src_test() { + local t tests skipped failed passed shell + tests="interop-tests compat-tests" + skipped="" + shell=$(egetshell ${UID}) + if [[ ${shell} == */nologin ]] || [[ ${shell} == */false ]] ; then + elog "Running the full OpenSSH testsuite" + elog "requires a usable shell for the 'portage'" + elog "user, so we will run a subset only." + skipped="${skipped} tests" + else + tests="${tests} tests" + fi + # It will also attempt to write to the homedir .ssh + local sshhome=${T}/homedir + mkdir -p "${sshhome}"/.ssh + for t in ${tests} ; do + # Some tests read from stdin ... + HOMEDIR="${sshhome}" \ + emake -k -j1 ${t} > /etc/portage/package.mask" + die "booooo" + fi +} + +save_version() { + # version.h patch conflict avoidence + mv version.h version.h.$1 + cp -f version.h.pristine version.h +} + +src_prepare() { + sed -i \ + -e '/_PATH_XAUTH/s:/usr/X11R6/bin/xauth:/usr/bin/xauth:' \ + pathnames.h || die + # keep this as we need it to avoid the conflict between LPK and HPN changing + # this file. + cp version.h version.h.pristine + + # don't break .ssh/authorized_keys2 for fun + sed -i '/^AuthorizedKeysFile/s:^:#:' sshd_config || die + + epatch "${FILESDIR}"/${PN}-5.9_p1-sshd-gssapi-multihomed.patch #378361 + if use X509 ; then + pushd .. >/dev/null + epatch "${FILESDIR}"/${PN}-6.1_p1-x509-glue.patch + popd >/dev/null + epatch "${WORKDIR}"/${X509_PATCH%.*} + epatch "${FILESDIR}"/${PN}-6.1_p1-x509-hpn-glue.patch + save_version X509 + fi + if ! use X509 ; then + if [[ -n ${LDAP_PATCH} ]] && use ldap ; then + epatch "${WORKDIR}"/${LDAP_PATCH%.*} + save_version LPK + fi + else + use ldap && ewarn "Sorry, X509 and LDAP conflict internally, disabling LDAP" + fi + epatch "${FILESDIR}"/${PN}-6.0_p1-fix-freebsd-compilation.patch #391011 + epatch "${FILESDIR}"/${PN}-4.7_p1-GSSAPI-dns.patch #165444 integrated into gsskex + if [[ -n ${HPN_PATCH} ]] && use hpn; then + epatch "${WORKDIR}"/${HPN_PATCH%.*} + epatch "${FILESDIR}"/${PN}-5.6_p1-hpn-progressmeter.patch + save_version HPN + # The AES-CTR multithreaded variant is broken, and causes random hangs + # when combined background threading and control sockets. To avoid + # this, we change the internal table to use the non-multithread version + # for the meantime. Do NOT remove this in new versions. See bug #354113 + # comment #6 for testcase. + # Upstream reference: http://www.psc.edu/networking/projects/hpn-ssh/ + ## Additionally, the MT-AES-CTR mode cipher replaces the default ST-AES-CTR mode + ## cipher. Be aware that if the client process is forked using the -f command line + ## option the process will hang as the parent thread gets 'divorced' from the key + ## generation threads. This issue will be resolved as soon as possible + sed -i \ + -e '/aes...-ctr.*SSH_CIPHER_SSH2/s,evp_aes_ctr_mt,evp_aes_128_ctr,' \ + cipher.c || die + fi + + tc-export PKG_CONFIG + sed -i "s:-lcrypto:$(${PKG_CONFIG} --libs openssl):" configure{,.ac} || die + + # Disable PATH reset, trust what portage gives us. bug 254615 + sed -i -e 's:^PATH=/:#PATH=/:' configure || die + + # Now we can build a sane merged version.h + ( + sed '/^#define SSH_RELEASE/d' version.h.* | sort -u + macros=() + for p in HPN LPK X509 ; do [ -e version.h.${p} ] && macros+=( SSH_${p} ) ; done + printf '#define SSH_RELEASE SSH_VERSION SSH_PORTABLE %s\n' "${macros}" + ) > version.h + + eautoreconf +} + +static_use_with() { + local flag=$1 + if use static && use ${flag} ; then + ewarn "Disabling '${flag}' support because of USE='static'" + # rebuild args so that we invert the first one (USE flag) + # but otherwise leave everything else working so we can + # just leverage use_with + shift + [[ -z $1 ]] && flag="${flag} ${flag}" + set -- !${flag} "$@" + fi + use_with "$@" +} + +src_configure() { + local myconf + addwrite /dev/ptmx + addpredict /etc/skey/skeykeys #skey configure code triggers this + + use static && append-ldflags -static + + # Special settings for Gentoo/FreeBSD 9.0 or later (see bug #391011) + if use elibc_FreeBSD && version_is_at_least 9.0 "$(uname -r|sed 's/\(.\..\).*/\1/')" ; then + myconf="${myconf} --disable-utmp --disable-wtmp --disable-wtmpx" + append-ldflags -lutil + fi + + econf \ + --with-ldflags="${LDFLAGS}" \ + --disable-strip \ + --with-pid-dir=/var/run \ + --sysconfdir=/etc/ssh \ + --libexecdir=/usr/$(get_libdir)/misc \ + --datadir=/usr/share/openssh \ + --with-privsep-path=/var/empty \ + --with-privsep-user=sshd \ + --with-md5-passwords \ + --with-ssl-engine \ + $(static_use_with pam) \ + $(static_use_with kerberos kerberos5 /usr) \ + ${LDAP_PATCH:+$(use X509 || ( use ldap && use_with ldap ))} \ + $(use_with ldns) \ + $(use_with libedit) \ + $(use_with selinux) \ + $(use_with skey) \ + $(use_with tcpd tcp-wrappers) \ + ${myconf} +} + +src_install() { + emake install-nokeys DESTDIR="${D}" + fperms 600 /etc/ssh/sshd_config + dobin contrib/ssh-copy-id + newinitd "${FILESDIR}"/sshd.rc6.4 sshd + newconfd "${FILESDIR}"/sshd.confd sshd + keepdir /var/empty + + # not all openssl installs support ecc, or are functional #352645 + if ! grep -q '#define OPENSSL_HAS_ECC 1' config.h ; then + elog "dev-libs/openssl was built with 'bindist' - disabling ecdsa support" + sed -i 's:&& gen_key ecdsa::' "${ED}"/etc/init.d/sshd || die + fi + + newpamd "${FILESDIR}"/sshd.pam_include.2 sshd + if use pam ; then + sed -i \ + -e "/^#UsePAM /s:.*:UsePAM yes:" \ + -e "/^#PasswordAuthentication /s:.*:PasswordAuthentication no:" \ + -e "/^#PrintMotd /s:.*:PrintMotd no:" \ + -e "/^#PrintLastLog /s:.*:PrintLastLog no:" \ + "${ED}"/etc/ssh/sshd_config || die "sed of configuration file failed" + fi + + # Gentoo tweaks to default config files + cat <<-EOF >> "${ED}"/etc/ssh/sshd_config + + # Allow client to pass locale environment variables #367017 + AcceptEnv LANG LC_* + EOF + cat <<-EOF >> "${ED}"/etc/ssh/ssh_config + + # Send locale environment variables #367017 + SendEnv LANG LC_* + EOF + + # This instruction is from the HPN webpage, + # Used for the server logging functionality + if [[ -n ${HPN_PATCH} ]] && use hpn ; then + keepdir /var/empty/dev + fi + + if use ldap ; then + insinto /etc/openldap/schema/ + newins openssh-lpk_openldap.schema openssh-lpk.schema + fi + + doman contrib/ssh-copy-id.1 + dodoc ChangeLog CREDITS OVERVIEW README* TODO sshd_config + + diropts -m 0700 + dodir /etc/skel/.ssh + + systemd_dounit "${FILESDIR}"/sshd.{service,socket} + systemd_newunit "${FILESDIR}"/sshd_at.service 'sshd@.service' +} + +src_test() { + local t tests skipped failed passed shell + tests="interop-tests compat-tests" + skipped="" + shell=$(egetshell ${UID}) + if [[ ${shell} == */nologin ]] || [[ ${shell} == */false ]] ; then + elog "Running the full OpenSSH testsuite" + elog "requires a usable shell for the 'portage'" + elog "user, so we will run a subset only." + skipped="${skipped} tests" + else + tests="${tests} tests" + fi + # It will also attempt to write to the homedir .ssh + local sshhome=${T}/homedir + mkdir -p "${sshhome}"/.ssh + for t in ${tests} ; do + # Some tests read from stdin ... + HOMEDIR="${sshhome}" \ + emake -k -j1 ${t} > /etc/portage/package.mask" + die "booooo" + fi +} + +save_version() { + # version.h patch conflict avoidence + mv version.h version.h.$1 + cp -f version.h.pristine version.h +} + +src_prepare() { + sed -i \ + -e '/_PATH_XAUTH/s:/usr/X11R6/bin/xauth:/usr/bin/xauth:' \ + pathnames.h || die + # keep this as we need it to avoid the conflict between LPK and HPN changing + # this file. + cp version.h version.h.pristine + + # don't break .ssh/authorized_keys2 for fun + sed -i '/^AuthorizedKeysFile/s:^:#:' sshd_config || die + + epatch "${FILESDIR}"/${PN}-5.9_p1-sshd-gssapi-multihomed.patch #378361 + if use X509 ; then + pushd .. >/dev/null + epatch "${FILESDIR}"/${PN}-6.1_p1-x509-glue.patch + popd >/dev/null + epatch "${WORKDIR}"/${X509_PATCH%.*} + epatch "${FILESDIR}"/${PN}-6.1_p1-x509-hpn-glue.patch + save_version X509 + fi + if ! use X509 ; then + if [[ -n ${LDAP_PATCH} ]] && use ldap ; then + epatch "${WORKDIR}"/${LDAP_PATCH%.*} + save_version LPK + fi + else + use ldap && ewarn "Sorry, X509 and LDAP conflict internally, disabling LDAP" + fi + epatch "${FILESDIR}"/${PN}-6.0_p1-fix-freebsd-compilation.patch #391011 + epatch "${FILESDIR}"/${PN}-4.7_p1-GSSAPI-dns.patch #165444 integrated into gsskex + if [[ -n ${HPN_PATCH} ]] && use hpn; then + epatch "${WORKDIR}"/${HPN_PATCH%.*} + epatch "${FILESDIR}"/${PN}-5.6_p1-hpn-progressmeter.patch + save_version HPN + # The AES-CTR multithreaded variant is broken, and causes random hangs + # when combined background threading and control sockets. To avoid + # this, we change the internal table to use the non-multithread version + # for the meantime. Do NOT remove this in new versions. See bug #354113 + # comment #6 for testcase. + # Upstream reference: http://www.psc.edu/networking/projects/hpn-ssh/ + ## Additionally, the MT-AES-CTR mode cipher replaces the default ST-AES-CTR mode + ## cipher. Be aware that if the client process is forked using the -f command line + ## option the process will hang as the parent thread gets 'divorced' from the key + ## generation threads. This issue will be resolved as soon as possible + sed -i \ + -e '/aes...-ctr.*SSH_CIPHER_SSH2/s,evp_aes_ctr_mt,evp_aes_128_ctr,' \ + cipher.c || die + fi + + tc-export PKG_CONFIG + sed -i "s:-lcrypto:$(${PKG_CONFIG} --libs openssl):" configure{,.ac} || die + + # Disable PATH reset, trust what portage gives us. bug 254615 + sed -i -e 's:^PATH=/:#PATH=/:' configure || die + + # Now we can build a sane merged version.h + ( + sed '/^#define SSH_RELEASE/d' version.h.* | sort -u + macros=() + for p in HPN LPK X509 ; do [ -e version.h.${p} ] && macros+=( SSH_${p} ) ; done + printf '#define SSH_RELEASE SSH_VERSION SSH_PORTABLE %s\n' "${macros}" + ) > version.h + + eautoreconf +} + +static_use_with() { + local flag=$1 + if use static && use ${flag} ; then + ewarn "Disabling '${flag}' support because of USE='static'" + # rebuild args so that we invert the first one (USE flag) + # but otherwise leave everything else working so we can + # just leverage use_with + shift + [[ -z $1 ]] && flag="${flag} ${flag}" + set -- !${flag} "$@" + fi + use_with "$@" +} + +src_configure() { + addwrite /dev/ptmx + addpredict /etc/skey/skeykeys #skey configure code triggers this + + use static && append-ldflags -static + + econf \ + --with-ldflags="${LDFLAGS}" \ + --disable-strip \ + --with-pid-dir=/var/run \ + --sysconfdir=/etc/ssh \ + --libexecdir=/usr/$(get_libdir)/misc \ + --datadir=/usr/share/openssh \ + --with-privsep-path=/var/empty \ + --with-privsep-user=sshd \ + --with-md5-passwords \ + --with-ssl-engine \ + $(static_use_with pam) \ + $(static_use_with kerberos kerberos5 /usr) \ + ${LDAP_PATCH:+$(use X509 || ( use ldap && use_with ldap ))} \ + $(use_with libedit) \ + $(use_with selinux) \ + $(use_with skey) \ + $(use_with tcpd tcp-wrappers) +} + +src_install() { + emake install-nokeys DESTDIR="${D}" + fperms 600 /etc/ssh/sshd_config + dobin contrib/ssh-copy-id + newinitd "${FILESDIR}"/sshd.rc6.3 sshd + newconfd "${FILESDIR}"/sshd.confd sshd + keepdir /var/empty + + # not all openssl installs support ecc, or are functional #352645 + if ! grep -q '#define OPENSSL_HAS_ECC 1' config.h ; then + elog "dev-libs/openssl was built with 'bindist' - disabling ecdsa support" + sed -i 's:&& gen_key ecdsa::' "${ED}"/etc/init.d/sshd || die + fi + + newpamd "${FILESDIR}"/sshd.pam_include.2 sshd + if use pam ; then + sed -i \ + -e "/^#UsePAM /s:.*:UsePAM yes:" \ + -e "/^#PasswordAuthentication /s:.*:PasswordAuthentication no:" \ + -e "/^#PrintMotd /s:.*:PrintMotd no:" \ + -e "/^#PrintLastLog /s:.*:PrintLastLog no:" \ + "${ED}"/etc/ssh/sshd_config || die "sed of configuration file failed" + fi + + # Gentoo tweaks to default config files + cat <<-EOF >> "${ED}"/etc/ssh/sshd_config + + # Allow client to pass locale environment variables #367017 + AcceptEnv LANG LC_* + EOF + cat <<-EOF >> "${ED}"/etc/ssh/ssh_config + + # Send locale environment variables #367017 + SendEnv LANG LC_* + EOF + + # This instruction is from the HPN webpage, + # Used for the server logging functionality + if [[ -n ${HPN_PATCH} ]] && use hpn ; then + keepdir /var/empty/dev + fi + + if use ldap ; then + insinto /etc/openldap/schema/ + newins openssh-lpk_openldap.schema openssh-lpk.schema + fi + + doman contrib/ssh-copy-id.1 + dodoc ChangeLog CREDITS OVERVIEW README* TODO sshd_config + + diropts -m 0700 + dodir /etc/skel/.ssh + + systemd_dounit "${FILESDIR}"/sshd.{service,socket} + systemd_newunit "${FILESDIR}"/sshd_at.service 'sshd@.service' +} + +src_test() { + local t tests skipped failed passed shell + tests="interop-tests compat-tests" + skipped="" + shell=$(egetshell ${UID}) + if [[ ${shell} == */nologin ]] || [[ ${shell} == */false ]] ; then + elog "Running the full OpenSSH testsuite" + elog "requires a usable shell for the 'portage'" + elog "user, so we will run a subset only." + skipped="${skipped} tests" + else + tests="${tests} tests" + fi + # It will also attempt to write to the homedir .ssh + local sshhome=${T}/homedir + mkdir -p "${sshhome}"/.ssh + for t in ${tests} ; do + # Some tests read from stdin ... + HOMEDIR="${sshhome}" \ + emake -k -j1 ${t}