mirrors/flatcar-scripts
1
0
Fork 0
mirror of https://github.com/flatcar/scripts.git synced 2025-08-24 07:51:03 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #1896 from marineam/openssh

Browse Source 
OpenSSH 7.2_p2
This commit is contained in:
Michael Marineau 2016-04-19 12:54:06 -07:00
commit b9b949571e
9 changed files with 109 additions and 186 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
sdk_container/src/third_party/coreos-overlay/net-misc/openssh/Manifest vendored
View File

@ -1,5 +1,4 @@
DIST openssh-6.8_p1-sctp.patch.xz 7388 SHA256 2c74dd00aaae9f4de908d8e5685ae982779a5069996b98d55e8408eada739a19 SHA512 f93a1d27bc3e57a6d4fa717c9d5ece4f28196f8539cb2f2efc4285dce9a2e94a3f5a59d18fc01ea73a94e90630cee7621240455fce146f781cf7091a828f2db0 WHIRLPOOL 7fb3346c3444654988303ff2a941345c00412a8012d6d419c9e4f870ef4c3362f92a4020d7bff2dc5d1ff9e42cf7287c4346909f8db07154783d5359a73a7476
DIST openssh-7.1p1+x509-8.6.diff.gz 413931 SHA256 cbf661a1fec080dc9ed335a290414154326c2a13f124985db050b86a91073d52 SHA512 c91d0f1b69b6d34984e94b391ad022271e73d0634cef2df355ba555366bc38d30649b478f245b6c51ce79d71adf1b693bc97826e6c6013a78e7ccfb7023b4bcc WHIRLPOOL 4ed4427e80026996c43a188d7d45f2c53fa6a7fd842a248b1225b27f3e9037e761f0ed172d79b53ada81c24d958a2193e94d918f6ca1320e45d5e68379845981
DIST openssh-7.1p1-hpnssh14v9.tar.xz 21580 SHA256 a795c2f2621f537b3fd98172cbd1f7c71869e4da78cd280d123fa19ae4262b97 SHA512 6ce151949bf81b5518b95092a2f18d2f24581954e2c629deaf3c1d10136f32f830567aafb9b4045547e95e3ab63cf750e240eac40e2b9caa6d71cb2b132821ec WHIRLPOOL 8e3c9a1d79112092a6cb42c6766ccdf61e5d8fcd366ea5c7d3bab94cf309bcc12f3761476a288158638a340023aa24519d888caac19fb0ef25fa56bdab06412c
DIST openssh-7.1p1.tar.gz 1493170 SHA256 fc0a6d2d1d063d5c66dffd952493d0cda256cad204f681de0f84ef85b2ad8428 SHA512 f1491ca5a0a733eb27ede966590642a412cb7be7178dcb7b9e5844bbdc8383032f4b00435192b95fc0365b6fe74d6c5ac8d6facbe9d51e1532d049e2f784e8f7 WHIRLPOOL a650a93657f930d20dc3fa24ab720857f63f7cd0a82d1906cf1e58145e866129207851d5e587d678655e5731fa73221ab9b6ea0754533100c25fe2acaa442e05
DIST openssh-lpk-6.8p1-0.3.14.patch.xz 16940 SHA256 d5f048dc7e9d3fca085c152fc31306f1d8fa793e524c538295915b075ec085b0 SHA512 2470b6b46f8c7ac985f82d14b788a3eb81a468a1d5013cb7f89257d9dd78b6037e24bf54ac57b757db8ed1df24332d659cf918c11ea73592fd24a69c25a54081 WHIRLPOOL b041ee9e0efdf370686f11df4131ab5e5ffb2f11cc66c386a8223bf563c5b78ab9443f06e4adc2e506e440cdec9dc5b20f5972cd8d691d786d2f903bb49b947b
DIST openssh-7.2_p1-sctp.patch.xz 8088 SHA256 b9cc21336e23d44548e87964da9ff85ac83ce84693162abb172afb46be4a666e SHA512 b287684337a101a26ab8df6894b679b063cdaa7dfc7b78fcc0ce8350c27526f150a6463c515019beb0af2ff005cc109d2913998f95f828e553b835a4df8b64df WHIRLPOOL 16646a896f746946af84961974be08418b951c80249dce2fd4ae533a4d66e79d4372fd979aeda9c51aff51b86edf4178af18379e948195696a6fa114e2757306
DIST openssh-7.2p2+x509-8.9.diff.gz 449308 SHA256 bd77fcd285d10a86fb2934e90776fe39e4cd2da043384ec2ca45296a60669589 SHA512 c7ed07aae72fd4f967ab5717831c51ad639ca59633c3768f6930bab0947f5429391e3911a7570288a1c688c8c21747f3cb722538ae96de6b50a021010e1506fa WHIRLPOOL 7c1328e471b0e5e9576117ec563b66fea142886b0666b6d51ac9b8ec09286ba7a965b62796c32206e855e484180797a2c31d500c27289f3bc8c7db2d3af95e6f
DIST openssh-7.2p2.tar.gz 1499808 SHA256 a72781d1a043876a224ff1b0032daa4094d87565a68528759c1c2cab5482548c SHA512 44f62b3a7bc50a0735d496a5aedeefb71550d8c10ad8f22b94e29fcc8084842db96e8c4ca41fced17af69e1aab09ed1182a12ad8650d9a46fd8743a0344df95b WHIRLPOOL 95e16af6d1d82f4a660b56854b8e9da947b89e47775c06fe277a612cd1a7cabe7454087eb45034aedfb9b08096ce4aa427b9a37f43f70ccf1073664bdec13386
DIST openssh-lpk-7.2p2-0.3.14.patch.xz 17692 SHA256 2cd4108d60112bd97402f9c27aac2c24d334a37afe0933ad9c6377a257a68aee SHA512 e6a25f8f0106fadcb799300452d6f22034d3fc69bd1c95a3365884873861f41b1e9d49f2c5223dde6fcd00562c652ba466bc8c48833ce5ab353af3a041f75b15 WHIRLPOOL 237343b320772a1588b64c4135758af840199214129d7e8cfa9798f976c32902ca5493ee0c33b16003854fea243556997bc688640a9872b82c06f72c86f2586d

33
sdk_container/src/third_party/coreos-overlay/net-misc/openssh/files/openssh-6.8_p1-ssl-engine-configure.patch vendored
View File

@ -1,33 +0,0 @@
https://github.com/openssh/openssh-portable/pull/29
From 003ed46d1bd94bac29c53b26ae70f6321ea11c80 Mon Sep 17 00:00:00 2001
From: Mike Frysinger <vapier@gentoo.org>
Date: Wed, 18 Mar 2015 12:37:24 -0400
Subject: [PATCH] do not abort when --without-ssl-engine --without-openssl is
set
---
configure.ac | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/configure.ac b/configure.ac
index b4d6598..7806d20 100644
--- a/configure.ac
+++ b/configure.ac
@@ -2276,10 +2276,10 @@ openssl_engine=no
AC_ARG_WITH([ssl-engine],
[ --with-ssl-engine Enable OpenSSL (hardware) ENGINE support ],
[
- if test "x$openssl" = "xno" ; then
- AC_MSG_ERROR([cannot use --with-ssl-engine when OpenSSL disabled])
- fi
if test "x$withval" != "xno" ; then
+ if test "x$openssl" = "xno" ; then
+ AC_MSG_ERROR([cannot use --with-ssl-engine when OpenSSL disabled])
+ fi
openssl_engine=yes
fi
]
--
2.3.2

24
sdk_container/src/third_party/coreos-overlay/net-misc/openssh/files/openssh-6.9_p1-x509-warnings.patch vendored
View File

@ -1,24 +0,0 @@
diff -ur openssh-6.9p1.orig/sshconnect2.c openssh-6.9p1/sshconnect2.c
--- openssh-6.9p1.orig/sshconnect2.c 2015-07-01 14:56:26.766316866 -0700
+++ openssh-6.9p1/sshconnect2.c 2015-07-01 14:59:22.828692366 -0700
@@ -1404,7 +1404,7 @@
static int
get_allowed_keytype(Key *k) {
char *pattern;
- char *alg;
+ const char *alg;
if (k->type == KEY_RSA1 || k->type == KEY_UNSPEC)
return KEY_UNSPEC;
diff -ur openssh-6.9p1.orig/x509_nm_cmp.c openssh-6.9p1/x509_nm_cmp.c
--- openssh-6.9p1.orig/x509_nm_cmp.c 2015-07-01 14:56:26.129311890 -0700
+++ openssh-6.9p1/x509_nm_cmp.c 2015-07-01 14:59:14.086624068 -0700
@@ -133,7 +133,7 @@
tag = M_ASN1_STRING_type(in);
if (tag != V_ASN1_UTF8STRING) {
/*OpenSSL method surprisingly require non-const(!?) ASN1_STRING!*/
- return(ASN1_STRING_to_UTF8(out, in));
+ return(ASN1_STRING_to_UTF8(out, (ASN1_STRING *) in));
}
l = M_ASN1_STRING_length(in);

34
sdk_container/src/third_party/coreos-overlay/net-misc/openssh/files/openssh-7.1_p1-CVE-2016-0777.patch vendored
View File

@ -1,34 +0,0 @@
--- openssh-7.1p1/readconf.c
+++ openssh-7.1p1/readconf.c
@@ -1660,7 +1660,7 @@
options->tun_remote = -1;
options->local_command = NULL;
options->permit_local_command = -1;
- options->use_roaming = -1;
+ options->use_roaming = 0;
options->visual_host_key = -1;
options->ip_qos_interactive = -1;
options->ip_qos_bulk = -1;
@@ -1833,8 +1833,7 @@
options->tun_remote = SSH_TUNID_ANY;
if (options->permit_local_command == -1)
options->permit_local_command = 0;
- if (options->use_roaming == -1)
- options->use_roaming = 1;
+ options->use_roaming = 0;
if (options->visual_host_key == -1)
options->visual_host_key = 0;
if (options->ip_qos_interactive == -1)
--- openssh-7.1p1/ssh.c
+++ openssh-7.1p1/ssh.c
@@ -1932,9 +1932,6 @@
fork_postauth();
}
- if (options.use_roaming)
- request_roaming();
-
return client_loop(tty_flag, tty_flag ?
options.escape_char : SSH_ESCAPECHAR_NONE, id);
}

20
sdk_container/src/third_party/coreos-overlay/net-misc/openssh/files/openssh-6.3_p1-x509-hpn14v2-glue.patch → sdk_container/src/third_party/coreos-overlay/net-misc/openssh/files/openssh-7.1_p2-x509-hpn14v10-glue.patch vendored
View File

@ -1,5 +1,5 @@
--- openssh-6.3p1/Makefile.in
+++ openssh-6.3p1/Makefile.in
--- openssh-7.1p2/Makefile.in
+++ openssh-7.1p2/Makefile.in
@@ -45,7 +45,7 @@
CC=@CC@
LD=@LD@
@ -17,8 +17,8 @@
AR=@AR@
AWK=@AWK@
RANLIB=@RANLIB@
--- openssh-6.3p1/sshconnect.c
+++ openssh-6.3p1/sshconnect.c
--- openssh-7.1p2/sshconnect.c
+++ openssh-7.1p2/sshconnect.c
@@ -465,7 +465,7 @@
{
/* Send our own protocol version identification. */
@ -28,8 +28,8 @@
PROTOCOL_MAJOR_2, PROTOCOL_MINOR_2, SSH_VERSION);
} else {
xasprintf(&client_version_string, "SSH-%d.%d-%.100s\n",
--- openssh-6.3p1/sshd.c
+++ openssh-6.3p1/sshd.c
--- openssh-7.1p2/sshd.c
+++ openssh-7.1p2/sshd.c
@@ -472,8 +472,8 @@
comment = "";
}
@ -41,11 +41,11 @@
*options.version_addendum == '\0' ? "" : " ",
options.version_addendum, newline);
--- openssh-6.3p1/version.h
+++ openssh-6.3p1/version.h
--- openssh-7.1p2/version.h
+++ openssh-7.1p2/version.h
@@ -3,4 +3,5 @@
#define SSH_VERSION "OpenSSH_6.3"
#define SSH_VERSION "OpenSSH_7.1"
#define SSH_PORTABLE "p1"
#define SSH_PORTABLE "p2"
+#define SSH_X509 " PKIX"
#define SSH_RELEASE SSH_VERSION SSH_PORTABLE

59
sdk_container/src/third_party/coreos-overlay/net-misc/openssh/files/openssh-4.7_p1-GSSAPI-dns.patch → sdk_container/src/third_party/coreos-overlay/net-misc/openssh/files/openssh-7.2_p1-GSSAPI-dns.patch vendored
View File

@ -1,22 +1,17 @@
http://bugs.gentoo.org/165444
https://bugzilla.mindrot.org/show_bug.cgi?id=1008
Index: readconf.c
===================================================================
RCS file: /cvs/openssh/readconf.c,v
retrieving revision 1.135
diff -u -r1.135 readconf.c
--- readconf.c 5 Aug 2006 02:39:40 -0000 1.135
+++ readconf.c 19 Aug 2006 11:59:52 -0000
@@ -126,6 +126,7 @@
--- openssh-7.2p1/readconf.c
+++ openssh-7.2p1/readconf.c
@@ -148,6 +148,7 @@
oClearAllForwardings, oNoHostAuthenticationForLocalhost,
oEnableSSHKeysign, oRekeyLimit, oVerifyHostKeyDNS, oConnectTimeout,
oAddressFamily, oGssAuthentication, oGssDelegateCreds,
+ oGssTrustDns,
oServerAliveInterval, oServerAliveCountMax, oIdentitiesOnly,
oSendEnv, oControlPath, oControlMaster, oHashKnownHosts,
oTunnel, oTunnelDevice, oLocalCommand, oPermitLocalCommand,
@@ -163,9 +164,11 @@
oSendEnv, oControlPath, oControlMaster, oControlPersist,
oHashKnownHosts,
@@ -194,9 +195,11 @@
#if defined(GSSAPI)
{ "gssapiauthentication", oGssAuthentication },
{ "gssapidelegatecredentials", oGssDelegateCreds },
@ -28,7 +23,7 @@ diff -u -r1.135 readconf.c
#endif
{ "fallbacktorsh", oDeprecated },
{ "usersh", oDeprecated },
@@ -444,6 +447,10 @@
@@ -930,6 +933,10 @@
intptr = &options->gss_deleg_creds;
goto parse_flag;
@ -39,7 +34,7 @@ diff -u -r1.135 readconf.c
case oBatchMode:
intptr = &options->batch_mode;
goto parse_flag;
@@ -1010,6 +1017,7 @@
@@ -1649,6 +1656,7 @@
options->challenge_response_authentication = -1;
options->gss_authentication = -1;
options->gss_deleg_creds = -1;
@ -47,7 +42,7 @@ diff -u -r1.135 readconf.c
options->password_authentication = -1;
options->kbd_interactive_authentication = -1;
options->kbd_interactive_devices = NULL;
@@ -1100,6 +1108,8 @@
@@ -1779,6 +1787,8 @@
options->gss_authentication = 0;
if (options->gss_deleg_creds == -1)
options->gss_deleg_creds = 0;
@ -56,14 +51,9 @@ diff -u -r1.135 readconf.c
if (options->password_authentication == -1)
options->password_authentication = 1;
if (options->kbd_interactive_authentication == -1)
Index: readconf.h
===================================================================
RCS file: /cvs/openssh/readconf.h,v
retrieving revision 1.63
diff -u -r1.63 readconf.h
--- readconf.h 5 Aug 2006 02:39:40 -0000 1.63
+++ readconf.h 19 Aug 2006 11:59:52 -0000
@@ -45,6 +45,7 @@
--- openssh-7.2p1/readconf.h
+++ openssh-7.2p1/readconf.h
@@ -46,6 +46,7 @@
/* Try S/Key or TIS, authentication. */
int gss_authentication; /* Try GSS authentication */
int gss_deleg_creds; /* Delegate GSS credentials */
@ -71,18 +61,12 @@ diff -u -r1.63 readconf.h
int password_authentication; /* Try password
* authentication. */
int kbd_interactive_authentication; /* Try keyboard-interactive auth. */
Index: ssh_config.5
===================================================================
RCS file: /cvs/openssh/ssh_config.5,v
retrieving revision 1.97
diff -u -r1.97 ssh_config.5
--- ssh_config.5 5 Aug 2006 01:34:51 -0000 1.97
+++ ssh_config.5 19 Aug 2006 11:59:53 -0000
@@ -483,7 +483,16 @@
--- openssh-7.2p1/ssh_config.5
+++ openssh-7.2p1/ssh_config.5
@@ -830,6 +830,16 @@
Forward (delegate) credentials to the server.
The default is
.Dq no .
-Note that this option applies to protocol version 2 only.
+Note that this option applies to protocol version 2 connections using GSSAPI.
+.It Cm GSSAPITrustDns
+Set to
@ -96,14 +80,9 @@ diff -u -r1.97 ssh_config.5
.It Cm HashKnownHosts
Indicates that
.Xr ssh 1
Index: sshconnect2.c
===================================================================
RCS file: /cvs/openssh/sshconnect2.c,v
retrieving revision 1.151
diff -u -r1.151 sshconnect2.c
--- sshconnect2.c 18 Aug 2006 14:33:34 -0000 1.151
+++ sshconnect2.c 19 Aug 2006 11:59:53 -0000
@@ -499,6 +499,12 @@
--- openssh-7.2p1/sshconnect2.c
+++ openssh-7.2p1/sshconnect2.c
@@ -656,6 +656,12 @@
static u_int mech = 0;
OM_uint32 min;
int ok = 0;
@ -116,7 +95,7 @@ diff -u -r1.151 sshconnect2.c
/* Try one GSSAPI method at a time, rather than sending them all at
* once. */
@@ -511,7 +517,7 @@
@@ -668,7 +674,7 @@
/* My DER encoding requires length<128 */
if (gss_supported->elements[mech].length < 128 &&
ssh_gssapi_check_mechanism(&gssctxt,

30
sdk_container/src/third_party/coreos-overlay/net-misc/openssh/files/openssh-7.0_p1-sctp-x509-glue.patch → sdk_container/src/third_party/coreos-overlay/net-misc/openssh/files/openssh-7.2_p1-sctp-x509-glue.patch vendored
View File

@ -1,10 +1,10 @@
--- openssh-6.8_p1-sctp.patch.1 2015-08-12 16:01:13.854769013 -0700
+++ openssh-6.8_p1-sctp.patch 2015-08-12 16:00:38.208488789 -0700
--- openssh-7.2_p1-sctp.patch
+++ openssh-7.2_p1-sctp.patch
@@ -195,14 +195,6 @@
.Op Fl c Ar cipher
.Op Fl F Ar ssh_config
.Op Fl i Ar identity_file
-@@ -178,6 +178,7 @@ For full details of the options listed b
-@@ -181,6 +181,7 @@ For full details of the options listed below, and their possible values, see
- .It ServerAliveCountMax
- .It StrictHostKeyChecking
- .It TCPKeepAlive
@ -12,7 +12,7 @@
- .It UpdateHostKeys
- .It UsePrivilegedPort
- .It User
@@ -218,6 +219,8 @@ and
@@ -222,6 +223,8 @@ and
to print debugging messages about their progress.
This is helpful in
@@ -477,19 +469,11 @@
@ -26,23 +26,23 @@
.Op Fl b Ar bind_address
.Op Fl c Ar cipher_spec
.Op Fl D Oo Ar bind_address : Oc Ns Ar port
-@@ -473,6 +473,7 @@ For full details of the options listed b
-@@ -536,6 +536,7 @@ For full details of the options listed below, and their possible values, see
- .It StreamLocalBindUnlink
- .It StrictHostKeyChecking
- .It TCPKeepAlive
-+.It Transport
- .It Tunnel
- .It TunnelDevice
- .It UsePrivilegedPort
@@ -665,6 +666,8 @@ Trusted X11 forwardings are not subjecte
controls.
- .It UpdateHostKeys
@@ -770,6 +771,8 @@ controls.
.Pp
.It Fl y
@@ -501,7 +485,7 @@
By default this information is sent to stderr.
index f9ff91f..d0d92ce 100644
--- a/ssh.c
+++ b/ssh.c
-@@ -194,12 +194,17 @@ extern int muxserver_sock;
+@@ -194,11 +194,16 @@ extern int muxserver_sock;
-@@ -195,12 +195,17 @@ extern int muxserver_sock;
+@@ -195,11 +195,16 @@ extern int muxserver_sock;
extern u_int muxclient_command;
/* Prints a help message to the user. This function never returns. */
@ -55,9 +55,9 @@
+-"usage: ssh [-1246AaCdfgKkMNnqsTtVvXxYy] [-b bind_address] [-c cipher_spec]\n"
++"usage: ssh [-1246AaCdfgKkMNnqsTtVvXxYy" SCTP_OPT "] [-b bind_address] [-c cipher_spec]\n"
" [-D [bind_address:]port] [-E log_file] [-e escape_char]\n"
" [-F configfile] [-I pkcs11] [-i identity_file]\n"
- " [-L [bind_address:]port:host:hostport] [-l login_name] [-m mac_spec]\n"
@@ -506,7 +512,7 @@ main(int ac, char **av)
" [-F configfile] [-I pkcs11] [-i identity_file] [-L address]\n"
- " [-l login_name] [-m mac_spec] [-O ctl_cmd] [-o option] [-p port]\n"
@@ -605,7 +610,7 @@ main(int ac, char **av)
- argv0 = av[0];
+ # define ENGCONFIG ""
+ #endif
@ -71,4 +71,4 @@
+ "ACD:E:F:" ENGCONFIG "I:KL:MNO:PQ:R:S:TVw:W:XYy")) != -1) {
switch (opt) {
case '1':
@@ -732,6 +738,11 @@ main(int ac, char **av)
@@ -845,6 +850,11 @@ main(int ac, char **av)

40
sdk_container/src/third_party/coreos-overlay/net-misc/openssh/metadata.xml vendored Normal file
View File

@ -0,0 +1,40 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
<pkgmetadata>
<maintainer type="project">
<email>base-system@gentoo.org</email>
<name>Gentoo Base System</name>
</maintainer>
<maintainer type="person">
<email>robbat2@gentoo.org</email>
<description>LPK issues. Only assign if it's a direct LPK issue. Do not directly assign for anything else.</description>
</maintainer>
<longdescription>
OpenSSH is a FREE version of the SSH protocol suite of network connectivity tools that
increasing numbers of people on the Internet are coming to rely on. Many users of telnet,
rlogin, ftp, and other such programs might not realize that their password is transmitted
across the Internet unencrypted, but it is. OpenSSH encrypts all traffic (including passwords)
to effectively eliminate eavesdropping, connection hijacking, and other network-level attacks.
Additionally, OpenSSH provides a myriad of secure tunneling capabilities, as well as a variety
of authentication methods.
The OpenSSH suite includes the ssh program which replaces rlogin and telnet, scp which
replaces rcp, and sftp which replaces ftp. Also included is sshd which is the server side of
the package, and the other basic utilities like ssh-add, ssh-agent, ssh-keysign, ssh-keyscan,
ssh-keygen and sftp-server. OpenSSH supports SSH protocol versions 1.3, 1.5, and 2.0.
</longdescription>
<use>
<flag name="bindist">Disable EC/RC5 algorithms in OpenSSL for patent reasons.</flag>
<flag name="hpn">Enable high performance ssh</flag>
<flag name="ldap">Add support for storing SSH public keys in LDAP</flag>
<flag name="ldns">Use LDNS for DNSSEC/SSHFP validation.</flag>
<flag name="sctp">Support for Stream Control Transmission Protocol</flag>
<flag name="ssh1">Support the legacy/weak SSH1 protocol</flag>
<flag name="ssl">Enable additional crypto algorithms via OpenSSL</flag>
<flag name="X509">Adds support for X.509 certificate authentication</flag>
</use>
<upstream>
<remote-id type="cpe">cpe:/a:openssh:openssh</remote-id>
<remote-id type="sourceforge">hpnssh</remote-id>
</upstream>
</pkgmetadata>

34
sdk_container/src/third_party/coreos-overlay/net-misc/openssh/openssh-7.1_p1-r5.ebuild → sdk_container/src/third_party/coreos-overlay/net-misc/openssh/openssh-7.2_p2.ebuild vendored
View File

@ -1,25 +1,25 @@
# Copyright 1999-2015 Gentoo Foundation
# Copyright 1999-2016 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
# $Id$
EAPI="4"
EAPI="5"
inherit eutils user flag-o-matic multilib autotools pam systemd versionator
# Make it more portable between straight releases
# and _p? releases.
PARCH=${P/_}
HPN_PATCH="${PARCH}-hpnssh14v9.tar.xz"
LDAP_PATCH="${PN}-lpk-6.8p1-0.3.14.patch.xz"
X509_VER="8.6" X509_PATCH="${PN}-${PV//_/}+x509-${X509_VER}.diff.gz"
#HPN_PATCH="${PARCH}-hpnssh14v10.tar.xz"
LDAP_PATCH="${PN}-lpk-7.2p2-0.3.14.patch.xz"
X509_VER="8.9" X509_PATCH="${PN}-${PV/_}+x509-${X509_VER}.diff.gz"
DESCRIPTION="Port of OpenBSD's free SSH release"
HOMEPAGE="http://www.openssh.org/"
SRC_URI="mirror://openbsd/OpenSSH/portable/${PARCH}.tar.gz
mirror://gentoo/${PN}-6.8_p1-sctp.patch.xz
mirror://gentoo/${PN}-7.2_p1-sctp.patch.xz
${HPN_PATCH:+hpn? (
mirror://gentoo/${HPN_PATCH}
https://dev.gentoo.org/~polynomial-c/${HPN_PATCH}
mirror://sourceforge/hpnssh/${HPN_PATCH}
)}
${LDAP_PATCH:+ldap? ( mirror://gentoo/${LDAP_PATCH} )}
@ -112,25 +112,24 @@ src_prepare() {
if use X509 ; then
pushd .. >/dev/null
if use hpn ; then
pushd ${HPN_PATCH%.*.*} >/dev/null
epatch "${FILESDIR}"/${PN}-7.1_p1-hpn-x509-glue.patch
popd >/dev/null
epatch "${FILESDIR}"/${PN}-7.0_p1-sctp-x509-glue.patch
fi
epatch "${FILESDIR}"/${PN}-7.2_p1-sctp-x509-glue.patch
popd >/dev/null
epatch "${WORKDIR}"/${X509_PATCH%.*}
epatch "${FILESDIR}"/${PN}-6.3_p1-x509-hpn14v2-glue.patch
epatch "${FILESDIR}"/${PN}-6.9_p1-x509-warnings.patch
save_version X509
#epatch "${FILESDIR}"/${PN}-7.1_p2-x509-hpn14v10-glue.patch
#save_version X509
fi
if use ldap ; then
epatch "${WORKDIR}"/${LDAP_PATCH%.*}
save_version LPK
fi
epatch "${FILESDIR}"/${PN}-4.7_p1-GSSAPI-dns.patch #165444 integrated into gsskex
epatch "${FILESDIR}"/${PN}-7.2_p1-GSSAPI-dns.patch #165444 integrated into gsskex
epatch "${FILESDIR}"/${PN}-6.7_p1-openssl-ignore-status.patch
# The X509 patchset fixes this independently.
use X509 || epatch "${FILESDIR}"/${PN}-6.8_p1-ssl-engine-configure.patch
epatch "${WORKDIR}"/${PN}-6.8_p1-sctp.patch
epatch "${WORKDIR}"/${PN}-7.2_p1-sctp.patch
if use hpn ; then
EPATCH_FORCE="yes" EPATCH_SUFFIX="patch" \
EPATCH_MULTI_MSG="Applying HPN patchset ..." \
@ -138,8 +137,6 @@ src_prepare() {
save_version HPN
fi
epatch "${FILESDIR}"/${PN}-7.1_p1-CVE-2016-0777.patch
tc-export PKG_CONFIG
local sed_args=(
-e "s:-lcrypto:$(${PKG_CONFIG} --libs openssl):"
@ -195,8 +192,7 @@ src_configure() {
$(use_with selinux)
$(use_with skey)
$(use_with ssh1)
# The X509 patch deletes this option entirely.
$(use X509 || use_with ssl openssl)
$(use_with ssl openssl)
$(use_with ssl md5-passwords)
$(use_with ssl ssl-engine)
)