From a2e67e758824387414b0459bddeae41ab792c465 Mon Sep 17 00:00:00 2001 From: Alex Crawford Date: Mon, 9 Mar 2015 09:49:57 -0700 Subject: [PATCH] bump(net-misc/openssh): sync with upstream --- .../md5-cache/net-misc/openssh-6.6.1_p1 | 13 - .../md5-cache/net-misc/openssh-6.6_p1-r1 | 13 - .../md5-cache/net-misc/openssh-6.7_p1 | 14 + .../md5-cache/net-misc/openssh-6.7_p1-r3 | 14 + .../md5-cache/net-misc/openssh-6.7_p1-r4 | 14 + .../portage-stable/net-misc/openssh/ChangeLog | 120 ++++++- .../portage-stable/net-misc/openssh/Manifest | 62 ++-- .../files/openssh-6.3_p1-x509-glue.patch | 16 - .../openssh-6.5_p1-hpn-cipher-align.patch | 114 ------ ...patch => openssh-6.6.1_p1-x509-glue.patch} | 9 +- ... openssh-6.6.1_p1-x509-hpn14v5-glue.patch} | 10 +- .../openssh/files/openssh-6.6.1_p1.patch | 167 --------- ...openssh-6.6_p1-openssl-ignore-status.patch | 17 - .../openssh-6.6_p1-x509-hpn14v4-glue-p2.patch | 26 -- ...openssh-6.7_p1-openssl-ignore-status.patch | 17 + .../files/openssh-6.7_p1-sctp-x509-glue.patch | 42 +++ ...enssh-6.7_p1-sshd-gssapi-multihomed.patch} | 52 +-- .../files/openssh-6.7_p1-x509-glue.patch | 46 +++ .../openssh-6.7_p1-xmalloc-include.patch | 11 + .../net-misc/openssh/metadata.xml | 1 + ...6.1_p1.ebuild => openssh-6.7_p1-r3.ebuild} | 58 ++-- .../net-misc/openssh/openssh-6.7_p1-r4.ebuild | 324 ++++++++++++++++++ ...6.6_p1-r1.ebuild => openssh-6.7_p1.ebuild} | 52 +-- 23 files changed, 717 insertions(+), 495 deletions(-) delete mode 100644 sdk_container/src/third_party/portage-stable/metadata/md5-cache/net-misc/openssh-6.6.1_p1 delete mode 100644 sdk_container/src/third_party/portage-stable/metadata/md5-cache/net-misc/openssh-6.6_p1-r1 create mode 100644 sdk_container/src/third_party/portage-stable/metadata/md5-cache/net-misc/openssh-6.7_p1 create mode 100644 sdk_container/src/third_party/portage-stable/metadata/md5-cache/net-misc/openssh-6.7_p1-r3 create mode 100644 sdk_container/src/third_party/portage-stable/metadata/md5-cache/net-misc/openssh-6.7_p1-r4 delete mode 100644 sdk_container/src/third_party/portage-stable/net-misc/openssh/files/openssh-6.3_p1-x509-glue.patch delete mode 100644 sdk_container/src/third_party/portage-stable/net-misc/openssh/files/openssh-6.5_p1-hpn-cipher-align.patch rename sdk_container/src/third_party/portage-stable/net-misc/openssh/files/{openssh-6.6_p1-x509-glue.patch => openssh-6.6.1_p1-x509-glue.patch} (70%) rename sdk_container/src/third_party/portage-stable/net-misc/openssh/files/{openssh-6.6.1_p1-x509-hpn14v4-glue-p2.patch => openssh-6.6.1_p1-x509-hpn14v5-glue.patch} (86%) delete mode 100644 sdk_container/src/third_party/portage-stable/net-misc/openssh/files/openssh-6.6.1_p1.patch delete mode 100644 sdk_container/src/third_party/portage-stable/net-misc/openssh/files/openssh-6.6_p1-openssl-ignore-status.patch delete mode 100644 sdk_container/src/third_party/portage-stable/net-misc/openssh/files/openssh-6.6_p1-x509-hpn14v4-glue-p2.patch create mode 100644 sdk_container/src/third_party/portage-stable/net-misc/openssh/files/openssh-6.7_p1-openssl-ignore-status.patch create mode 100644 sdk_container/src/third_party/portage-stable/net-misc/openssh/files/openssh-6.7_p1-sctp-x509-glue.patch rename sdk_container/src/third_party/portage-stable/net-misc/openssh/files/{openssh-5.9_p1-sshd-gssapi-multihomed.patch => openssh-6.7_p1-sshd-gssapi-multihomed.patch} (77%) create mode 100644 sdk_container/src/third_party/portage-stable/net-misc/openssh/files/openssh-6.7_p1-x509-glue.patch create mode 100644 sdk_container/src/third_party/portage-stable/net-misc/openssh/files/openssh-6.7_p1-xmalloc-include.patch rename sdk_container/src/third_party/portage-stable/net-misc/openssh/{openssh-6.6.1_p1.ebuild => openssh-6.7_p1-r3.ebuild} (85%) create mode 100644 sdk_container/src/third_party/portage-stable/net-misc/openssh/openssh-6.7_p1-r4.ebuild rename sdk_container/src/third_party/portage-stable/net-misc/openssh/{openssh-6.6_p1-r1.ebuild => openssh-6.7_p1.ebuild} (86%) diff --git a/sdk_container/src/third_party/portage-stable/metadata/md5-cache/net-misc/openssh-6.6.1_p1 b/sdk_container/src/third_party/portage-stable/metadata/md5-cache/net-misc/openssh-6.6.1_p1 deleted file mode 100644 index fe44b33fbc..0000000000 --- a/sdk_container/src/third_party/portage-stable/metadata/md5-cache/net-misc/openssh-6.6.1_p1 +++ /dev/null @@ -1,13 +0,0 @@ -DEFINED_PHASES=configure install postinst preinst prepare setup test -DEPEND=!static? ( selinux? ( >=sys-libs/libselinux-1.28 ) skey? ( >=sys-auth/skey-1.1.5-r1 ) libedit? ( dev-libs/libedit ) >=dev-libs/openssl-0.9.6d:0[bindist=] dev-libs/openssl >=sys-libs/zlib-1.2.3 tcpd? ( >=sys-apps/tcp-wrappers-7.6 ) ldns? ( !bindist? ( net-libs/ldns[ecdsa,ssl] ) bindist? ( net-libs/ldns[-ecdsa,ssl] ) ) ) pam? ( virtual/pam ) kerberos? ( virtual/krb5 ) ldap? ( net-nds/openldap ) static? ( selinux? ( >=sys-libs/libselinux-1.28[static-libs(+)] ) skey? ( >=sys-auth/skey-1.1.5-r1[static-libs(+)] ) libedit? ( dev-libs/libedit[static-libs(+)] ) >=dev-libs/openssl-0.9.6d:0[bindist=] dev-libs/openssl[static-libs(+)] >=sys-libs/zlib-1.2.3[static-libs(+)] tcpd? ( >=sys-apps/tcp-wrappers-7.6[static-libs(+)] ) ldns? ( !bindist? ( net-libs/ldns[ecdsa,ssl,static-libs(+)] ) bindist? ( net-libs/ldns[-ecdsa,ssl,static-libs(+)] ) ) ) virtual/pkgconfig virtual/os-headers sys-devel/autoconf !=sys-devel/automake-1.13:1.13 >=sys-devel/automake-1.14:1.14 ) >=sys-devel/autoconf-2.69 >=sys-devel/libtool-2.4 virtual/pkgconfig -DESCRIPTION=Port of OpenBSD's free SSH release -EAPI=4 -HOMEPAGE=http://www.openssh.org/ -IUSE=bindist +hpn kerberos ldap ldns libedit pam selinux skey static tcpd X X509 -KEYWORDS=~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~arm-linux ~x86-linux -LICENSE=BSD GPL-2 -RDEPEND=!static? ( selinux? ( >=sys-libs/libselinux-1.28 ) skey? ( >=sys-auth/skey-1.1.5-r1 ) libedit? ( dev-libs/libedit ) >=dev-libs/openssl-0.9.6d:0[bindist=] dev-libs/openssl >=sys-libs/zlib-1.2.3 tcpd? ( >=sys-apps/tcp-wrappers-7.6 ) ldns? ( !bindist? ( net-libs/ldns[ecdsa,ssl] ) bindist? ( net-libs/ldns[-ecdsa,ssl] ) ) ) pam? ( virtual/pam ) kerberos? ( virtual/krb5 ) ldap? ( net-nds/openldap ) pam? ( >=sys-auth/pambase-20081028 ) userland_GNU? ( virtual/shadow ) X? ( x11-apps/xauth ) -SLOT=0 -SRC_URI=mirror://openbsd/OpenSSH/portable/openssh-6.6p1.tar.gz hpn? ( http://dev.gentoo.org/~polynomial-c/openssh-6.6.1p1-hpnssh14v4.diff.xz ) ldap? ( mirror://gentoo/openssh-lpk-6.5p1-0.3.14.patch.gz ) X509? ( http://roumenpetrov.info/openssh/x509-7.9/openssh-6.6p1+x509-7.9.diff.gz ) -_eclasses_=autotools c118b9a8e93bfef124f2d7a2fe56a95e eutils 6faef4c127028ccbba3a11400d24ae34 flag-o-matic eda1c0b5ba85b3eeb555a071d69eb819 libtool 52d0e17251d04645ffaa61bfdd858944 multilib 3bf24e6abb9b76d9f6c20600f0b716bf pam aa1ebb3ab720ea04dbbdd6eaaf9554ed systemd 090342761f573a8280dd5aa6b0345f3b toolchain-funcs 0dfbfa13f57c6184f4728d12ac002aac user f54e098dd38ba1c0847a13e685b87747 versionator cd0bcdb170807e4a1984115e9d53a26f -_md5_=adacc649501da615168ff21c1ca1e739 diff --git a/sdk_container/src/third_party/portage-stable/metadata/md5-cache/net-misc/openssh-6.6_p1-r1 b/sdk_container/src/third_party/portage-stable/metadata/md5-cache/net-misc/openssh-6.6_p1-r1 deleted file mode 100644 index b568b4af55..0000000000 --- a/sdk_container/src/third_party/portage-stable/metadata/md5-cache/net-misc/openssh-6.6_p1-r1 +++ /dev/null @@ -1,13 +0,0 @@ -DEFINED_PHASES=configure install postinst preinst prepare setup test -DEPEND=!static? ( selinux? ( >=sys-libs/libselinux-1.28 ) skey? ( >=sys-auth/skey-1.1.5-r1 ) libedit? ( dev-libs/libedit ) >=dev-libs/openssl-0.9.6d:0[bindist=] dev-libs/openssl >=sys-libs/zlib-1.2.3 tcpd? ( >=sys-apps/tcp-wrappers-7.6 ) ldns? ( !bindist? ( net-libs/ldns[ecdsa,ssl] ) bindist? ( net-libs/ldns[-ecdsa,ssl] ) ) ) pam? ( virtual/pam ) kerberos? ( virtual/krb5 ) ldap? ( net-nds/openldap ) static? ( selinux? ( >=sys-libs/libselinux-1.28[static-libs(+)] ) skey? ( >=sys-auth/skey-1.1.5-r1[static-libs(+)] ) libedit? ( dev-libs/libedit[static-libs(+)] ) >=dev-libs/openssl-0.9.6d:0[bindist=] dev-libs/openssl[static-libs(+)] >=sys-libs/zlib-1.2.3[static-libs(+)] tcpd? ( >=sys-apps/tcp-wrappers-7.6[static-libs(+)] ) ldns? ( !bindist? ( net-libs/ldns[ecdsa,ssl,static-libs(+)] ) bindist? ( net-libs/ldns[-ecdsa,ssl,static-libs(+)] ) ) ) virtual/pkgconfig virtual/os-headers sys-devel/autoconf !=sys-devel/automake-1.13:1.13 >=sys-devel/automake-1.14:1.14 ) >=sys-devel/autoconf-2.69 >=sys-devel/libtool-2.4 virtual/pkgconfig -DESCRIPTION=Port of OpenBSD's free SSH release -EAPI=4 -HOMEPAGE=http://www.openssh.org/ -IUSE=bindist +hpn kerberos ldap ldns libedit pam selinux skey static tcpd X X509 -KEYWORDS=alpha amd64 arm arm64 hppa ia64 m68k ~mips ppc ppc64 s390 sh sparc x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~arm-linux ~x86-linux -LICENSE=BSD GPL-2 -RDEPEND=!static? ( selinux? ( >=sys-libs/libselinux-1.28 ) skey? ( >=sys-auth/skey-1.1.5-r1 ) libedit? ( dev-libs/libedit ) >=dev-libs/openssl-0.9.6d:0[bindist=] dev-libs/openssl >=sys-libs/zlib-1.2.3 tcpd? ( >=sys-apps/tcp-wrappers-7.6 ) ldns? ( !bindist? ( net-libs/ldns[ecdsa,ssl] ) bindist? ( net-libs/ldns[-ecdsa,ssl] ) ) ) pam? ( virtual/pam ) kerberos? ( virtual/krb5 ) ldap? ( net-nds/openldap ) pam? ( >=sys-auth/pambase-20081028 ) userland_GNU? ( virtual/shadow ) X? ( x11-apps/xauth ) -SLOT=0 -SRC_URI=mirror://openbsd/OpenSSH/portable/openssh-6.6p1.tar.gz hpn? ( http://dev.gentoo.org/~polynomial-c/openssh-6.6p1-hpnssh14v4.diff.xz ) ldap? ( mirror://gentoo/openssh-lpk-6.5p1-0.3.14.patch.gz ) X509? ( http://roumenpetrov.info/openssh/x509-7.9/openssh-6.6p1+x509-7.9.diff.gz ) -_eclasses_=autotools c118b9a8e93bfef124f2d7a2fe56a95e eutils 6faef4c127028ccbba3a11400d24ae34 flag-o-matic eda1c0b5ba85b3eeb555a071d69eb819 libtool 52d0e17251d04645ffaa61bfdd858944 multilib 3bf24e6abb9b76d9f6c20600f0b716bf pam aa1ebb3ab720ea04dbbdd6eaaf9554ed systemd 090342761f573a8280dd5aa6b0345f3b toolchain-funcs 0dfbfa13f57c6184f4728d12ac002aac user f54e098dd38ba1c0847a13e685b87747 versionator cd0bcdb170807e4a1984115e9d53a26f -_md5_=179c120a4e2844fd997c311c17b95b4e diff --git a/sdk_container/src/third_party/portage-stable/metadata/md5-cache/net-misc/openssh-6.7_p1 b/sdk_container/src/third_party/portage-stable/metadata/md5-cache/net-misc/openssh-6.7_p1 new file mode 100644 index 0000000000..fc5c7b3246 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/md5-cache/net-misc/openssh-6.7_p1 @@ -0,0 +1,14 @@ +DEFINED_PHASES=configure install postinst preinst prepare setup test +DEPEND=!static? ( sctp? ( net-misc/lksctp-tools ) selinux? ( >=sys-libs/libselinux-1.28 ) skey? ( >=sys-auth/skey-1.1.5-r1 ) libedit? ( dev-libs/libedit ) >=dev-libs/openssl-0.9.6d:0[bindist=] dev-libs/openssl >=sys-libs/zlib-1.2.3 ldns? ( !bindist? ( net-libs/ldns[ecdsa,ssl] ) bindist? ( net-libs/ldns[-ecdsa,ssl] ) ) ) pam? ( virtual/pam ) kerberos? ( virtual/krb5 ) ldap? ( net-nds/openldap ) static? ( sctp? ( net-misc/lksctp-tools[static-libs(+)] ) selinux? ( >=sys-libs/libselinux-1.28[static-libs(+)] ) skey? ( >=sys-auth/skey-1.1.5-r1[static-libs(+)] ) libedit? ( dev-libs/libedit[static-libs(+)] ) >=dev-libs/openssl-0.9.6d:0[bindist=] dev-libs/openssl[static-libs(+)] >=sys-libs/zlib-1.2.3[static-libs(+)] ldns? ( !bindist? ( net-libs/ldns[ecdsa,ssl,static-libs(+)] ) bindist? ( net-libs/ldns[-ecdsa,ssl,static-libs(+)] ) ) ) virtual/pkgconfig virtual/os-headers sys-devel/autoconf !=sys-devel/automake-1.13:1.13 >=sys-devel/automake-1.14:1.14 ) >=sys-devel/autoconf-2.69 >=sys-devel/libtool-2.4 virtual/pkgconfig +DESCRIPTION=Port of OpenBSD's free SSH release +EAPI=4 +HOMEPAGE=http://www.openssh.org/ +IUSE=bindist +hpn kerberos ldap ldns libedit pam +pie sctp selinux skey static X X509 +KEYWORDS=alpha amd64 arm arm64 hppa ia64 m68k ~mips ppc ppc64 s390 sh sparc x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~arm-linux ~x86-linux +LICENSE=BSD GPL-2 +RDEPEND=!static? ( sctp? ( net-misc/lksctp-tools ) selinux? ( >=sys-libs/libselinux-1.28 ) skey? ( >=sys-auth/skey-1.1.5-r1 ) libedit? ( dev-libs/libedit ) >=dev-libs/openssl-0.9.6d:0[bindist=] dev-libs/openssl >=sys-libs/zlib-1.2.3 ldns? ( !bindist? ( net-libs/ldns[ecdsa,ssl] ) bindist? ( net-libs/ldns[-ecdsa,ssl] ) ) ) pam? ( virtual/pam ) kerberos? ( virtual/krb5 ) ldap? ( net-nds/openldap ) pam? ( >=sys-auth/pambase-20081028 ) userland_GNU? ( virtual/shadow ) X? ( x11-apps/xauth ) +REQUIRED_USE=pie? ( !static ) +SLOT=0 +SRC_URI=mirror://openbsd/OpenSSH/portable/openssh-6.7p1.tar.gz mirror://gentoo/openssh-6.7_p1-sctp.patch.xz hpn? ( mirror://gentoo/openssh-6.7p1-hpnssh14v5.tar.xz http://dev.gentoo.org/~vapier/dist/openssh-6.7p1-hpnssh14v5.tar.xz mirror://sourceforge/hpnssh/openssh-6.7p1-hpnssh14v5.tar.xz ) ldap? ( mirror://gentoo/openssh-lpk-6.7p1-0.3.14.patch.xz ) +_eclasses_=autotools c118b9a8e93bfef124f2d7a2fe56a95e eutils 6faef4c127028ccbba3a11400d24ae34 flag-o-matic eda1c0b5ba85b3eeb555a071d69eb819 libtool 52d0e17251d04645ffaa61bfdd858944 multilib 3bf24e6abb9b76d9f6c20600f0b716bf pam aa1ebb3ab720ea04dbbdd6eaaf9554ed systemd 090342761f573a8280dd5aa6b0345f3b toolchain-funcs 0dfbfa13f57c6184f4728d12ac002aac user f54e098dd38ba1c0847a13e685b87747 versionator cd0bcdb170807e4a1984115e9d53a26f +_md5_=99cf0d8b634db4e1f271aa7512b7bf8b diff --git a/sdk_container/src/third_party/portage-stable/metadata/md5-cache/net-misc/openssh-6.7_p1-r3 b/sdk_container/src/third_party/portage-stable/metadata/md5-cache/net-misc/openssh-6.7_p1-r3 new file mode 100644 index 0000000000..d91ef89c17 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/md5-cache/net-misc/openssh-6.7_p1-r3 @@ -0,0 +1,14 @@ +DEFINED_PHASES=configure install postinst preinst prepare setup test +DEPEND=!static? ( sctp? ( net-misc/lksctp-tools ) selinux? ( >=sys-libs/libselinux-1.28 ) skey? ( >=sys-auth/skey-1.1.5-r1 ) libedit? ( dev-libs/libedit ) >=dev-libs/openssl-0.9.6d:0[bindist=] dev-libs/openssl >=sys-libs/zlib-1.2.3 ldns? ( !bindist? ( net-libs/ldns[ecdsa,ssl] ) bindist? ( net-libs/ldns[-ecdsa,ssl] ) ) ) pam? ( virtual/pam ) kerberos? ( virtual/krb5 ) ldap? ( net-nds/openldap ) static? ( sctp? ( net-misc/lksctp-tools[static-libs(+)] ) selinux? ( >=sys-libs/libselinux-1.28[static-libs(+)] ) skey? ( >=sys-auth/skey-1.1.5-r1[static-libs(+)] ) libedit? ( dev-libs/libedit[static-libs(+)] ) >=dev-libs/openssl-0.9.6d:0[bindist=] dev-libs/openssl[static-libs(+)] >=sys-libs/zlib-1.2.3[static-libs(+)] ldns? ( !bindist? ( net-libs/ldns[ecdsa,ssl,static-libs(+)] ) bindist? ( net-libs/ldns[-ecdsa,ssl,static-libs(+)] ) ) ) virtual/pkgconfig virtual/os-headers sys-devel/autoconf !=sys-devel/automake-1.13:1.13 >=sys-devel/automake-1.14:1.14 ) >=sys-devel/autoconf-2.69 >=sys-devel/libtool-2.4 virtual/pkgconfig +DESCRIPTION=Port of OpenBSD's free SSH release +EAPI=4 +HOMEPAGE=http://www.openssh.org/ +IUSE=bindist +hpn kerberos kernel_linux ldap ldns libedit pam +pie sctp selinux skey static X X509 +KEYWORDS=~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~arm-linux ~x86-linux +LICENSE=BSD GPL-2 +RDEPEND=!static? ( sctp? ( net-misc/lksctp-tools ) selinux? ( >=sys-libs/libselinux-1.28 ) skey? ( >=sys-auth/skey-1.1.5-r1 ) libedit? ( dev-libs/libedit ) >=dev-libs/openssl-0.9.6d:0[bindist=] dev-libs/openssl >=sys-libs/zlib-1.2.3 ldns? ( !bindist? ( net-libs/ldns[ecdsa,ssl] ) bindist? ( net-libs/ldns[-ecdsa,ssl] ) ) ) pam? ( virtual/pam ) kerberos? ( virtual/krb5 ) ldap? ( net-nds/openldap ) pam? ( >=sys-auth/pambase-20081028 ) userland_GNU? ( virtual/shadow ) X? ( x11-apps/xauth ) +REQUIRED_USE=pie? ( !static ) +SLOT=0 +SRC_URI=mirror://openbsd/OpenSSH/portable/openssh-6.7p1.tar.gz mirror://gentoo/openssh-6.7_p1-sctp.patch.xz hpn? ( mirror://gentoo/openssh-6.7p1-hpnssh14v5.tar.xz http://dev.gentoo.org/~vapier/dist/openssh-6.7p1-hpnssh14v5.tar.xz mirror://sourceforge/hpnssh/openssh-6.7p1-hpnssh14v5.tar.xz ) ldap? ( mirror://gentoo/openssh-lpk-6.7p1-0.3.14.patch.xz ) X509? ( http://roumenpetrov.info/openssh/x509-8.2/openssh-6.7p1+x509-8.2.diff.gz ) +_eclasses_=autotools c118b9a8e93bfef124f2d7a2fe56a95e eutils 6faef4c127028ccbba3a11400d24ae34 flag-o-matic eda1c0b5ba85b3eeb555a071d69eb819 libtool 52d0e17251d04645ffaa61bfdd858944 multilib 3bf24e6abb9b76d9f6c20600f0b716bf pam aa1ebb3ab720ea04dbbdd6eaaf9554ed systemd 090342761f573a8280dd5aa6b0345f3b toolchain-funcs 0dfbfa13f57c6184f4728d12ac002aac user f54e098dd38ba1c0847a13e685b87747 versionator cd0bcdb170807e4a1984115e9d53a26f +_md5_=cce2c1d88bb21956b474c1f2c057ff08 diff --git a/sdk_container/src/third_party/portage-stable/metadata/md5-cache/net-misc/openssh-6.7_p1-r4 b/sdk_container/src/third_party/portage-stable/metadata/md5-cache/net-misc/openssh-6.7_p1-r4 new file mode 100644 index 0000000000..de1ee85299 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/md5-cache/net-misc/openssh-6.7_p1-r4 @@ -0,0 +1,14 @@ +DEFINED_PHASES=configure install postinst preinst prepare setup test +DEPEND=!static? ( sctp? ( net-misc/lksctp-tools ) selinux? ( >=sys-libs/libselinux-1.28 ) skey? ( >=sys-auth/skey-1.1.5-r1 ) libedit? ( dev-libs/libedit ) >=dev-libs/openssl-0.9.6d:0[bindist=] dev-libs/openssl >=sys-libs/zlib-1.2.3 ldns? ( !bindist? ( net-libs/ldns[ecdsa,ssl] ) bindist? ( net-libs/ldns[-ecdsa,ssl] ) ) ) pam? ( virtual/pam ) kerberos? ( virtual/krb5 ) ldap? ( net-nds/openldap ) static? ( sctp? ( net-misc/lksctp-tools[static-libs(+)] ) selinux? ( >=sys-libs/libselinux-1.28[static-libs(+)] ) skey? ( >=sys-auth/skey-1.1.5-r1[static-libs(+)] ) libedit? ( dev-libs/libedit[static-libs(+)] ) >=dev-libs/openssl-0.9.6d:0[bindist=] dev-libs/openssl[static-libs(+)] >=sys-libs/zlib-1.2.3[static-libs(+)] ldns? ( !bindist? ( net-libs/ldns[ecdsa,ssl,static-libs(+)] ) bindist? ( net-libs/ldns[-ecdsa,ssl,static-libs(+)] ) ) ) virtual/pkgconfig virtual/os-headers sys-devel/autoconf !=sys-devel/automake-1.13:1.13 >=sys-devel/automake-1.14:1.14 ) >=sys-devel/autoconf-2.69 >=sys-devel/libtool-2.4 virtual/pkgconfig +DESCRIPTION=Port of OpenBSD's free SSH release +EAPI=4 +HOMEPAGE=http://www.openssh.org/ +IUSE=bindist +hpn kerberos kernel_linux ldap ldns libedit pam +pie sctp selinux skey static X X509 +KEYWORDS=~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~arm-linux ~x86-linux +LICENSE=BSD GPL-2 +RDEPEND=!static? ( sctp? ( net-misc/lksctp-tools ) selinux? ( >=sys-libs/libselinux-1.28 ) skey? ( >=sys-auth/skey-1.1.5-r1 ) libedit? ( dev-libs/libedit ) >=dev-libs/openssl-0.9.6d:0[bindist=] dev-libs/openssl >=sys-libs/zlib-1.2.3 ldns? ( !bindist? ( net-libs/ldns[ecdsa,ssl] ) bindist? ( net-libs/ldns[-ecdsa,ssl] ) ) ) pam? ( virtual/pam ) kerberos? ( virtual/krb5 ) ldap? ( net-nds/openldap ) pam? ( >=sys-auth/pambase-20081028 ) userland_GNU? ( virtual/shadow ) X? ( x11-apps/xauth ) +REQUIRED_USE=pie? ( !static ) +SLOT=0 +SRC_URI=mirror://openbsd/OpenSSH/portable/openssh-6.7p1.tar.gz mirror://gentoo/openssh-6.7_p1-sctp.patch.xz hpn? ( mirror://gentoo/openssh-6.7p1-hpnssh14v5.tar.xz http://dev.gentoo.org/~vapier/dist/openssh-6.7p1-hpnssh14v5.tar.xz mirror://sourceforge/hpnssh/openssh-6.7p1-hpnssh14v5.tar.xz ) ldap? ( mirror://gentoo/openssh-lpk-6.7p1-0.3.14.patch.xz ) X509? ( http://roumenpetrov.info/openssh/x509-8.2/openssh-6.7p1+x509-8.2.diff.gz ) +_eclasses_=autotools c118b9a8e93bfef124f2d7a2fe56a95e eutils 6faef4c127028ccbba3a11400d24ae34 flag-o-matic eda1c0b5ba85b3eeb555a071d69eb819 libtool 52d0e17251d04645ffaa61bfdd858944 multilib 3bf24e6abb9b76d9f6c20600f0b716bf pam aa1ebb3ab720ea04dbbdd6eaaf9554ed systemd 090342761f573a8280dd5aa6b0345f3b toolchain-funcs 0dfbfa13f57c6184f4728d12ac002aac user f54e098dd38ba1c0847a13e685b87747 versionator cd0bcdb170807e4a1984115e9d53a26f +_md5_=5772ef3fca88f8e864f3b29e1a57d2dd diff --git a/sdk_container/src/third_party/portage-stable/net-misc/openssh/ChangeLog b/sdk_container/src/third_party/portage-stable/net-misc/openssh/ChangeLog index 3972f13f5d..b04934afe1 100644 --- a/sdk_container/src/third_party/portage-stable/net-misc/openssh/ChangeLog +++ b/sdk_container/src/third_party/portage-stable/net-misc/openssh/ChangeLog @@ -1,6 +1,122 @@ # ChangeLog for net-misc/openssh -# Copyright 1999-2014 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/net-misc/openssh/ChangeLog,v 1.521 2014/04/25 07:11:59 polynomial-c Exp $ +# Copyright 1999-2015 Gentoo Foundation; Distributed under the GPL v2 +# $Header: /var/cvsroot/gentoo-x86/net-misc/openssh/ChangeLog,v 1.544 2015/02/27 22:06:53 chutzpah Exp $ + +*openssh-6.7_p1-r4 (27 Feb 2015) + + 27 Feb 2015; Patrick McLean + +files/openssh-6.7_p1-xmalloc-include.patch, +openssh-6.7_p1-r4.ebuild: + Add patch to fix crasher bug triggered on hardened x86_64 machines with + USE=X509 and ancient clients. + + 31 Jan 2015; Lars Wendler + -openssh-6.6_p1-r1.ebuild, -openssh-6.6.1_p1-r4.ebuild, + -openssh-6.7_p1-r1.ebuild, -openssh-6.7_p1-r2.ebuild, + -files/openssh-5.9_p1-sshd-gssapi-multihomed.patch, + -files/openssh-6.3_p1-x509-glue.patch, + -files/openssh-6.5_p1-hpn-cipher-align.patch, + -files/openssh-6.6_p1-openssl-ignore-status.patch, + -files/openssh-6.6.1_p1.patch, -files/openssh-6.6_p1-x509-glue.patch, + -files/openssh-6.6_p1-x509-hpn14v4-glue-p2.patch: + Removed old (and vulnerable) versions. + + 31 Dec 2014; Mike Frysinger openssh-6.7_p1.ebuild: + Mark arm64/m68k/s390/sh stable. + + 31 Dec 2014; Mike Frysinger openssh-6.7_p1-r3.ebuild, + openssh-6.7_p1.ebuild: + Note the removal of USE=tcpd support due to upstream #533462 by Martin + Mokrejš. + + 06 Dec 2014; Agostino Sarubbo openssh-6.7_p1.ebuild: + Stable for ia64, wrt bug #505942 + + 04 Dec 2014; Agostino Sarubbo openssh-6.7_p1.ebuild: + Stable for ppc64, wrt bug #505942 + + 03 Dec 2014; Agostino Sarubbo openssh-6.7_p1.ebuild: + Stable for ppc, wrt bug #505942 + + 02 Dec 2014; Agostino Sarubbo openssh-6.7_p1.ebuild: + Stable for alpha, wrt bug #505942 + + 01 Dec 2014; Agostino Sarubbo openssh-6.7_p1.ebuild: + Stable for sparc, wrt bug #505942 + + 29 Nov 2014; Markus Meier openssh-6.7_p1.ebuild: + arm stable, bug #505942 + + 29 Nov 2014; Agostino Sarubbo openssh-6.7_p1.ebuild: + Stable for x86, wrt bug #505942 + + 29 Nov 2014; Agostino Sarubbo openssh-6.7_p1.ebuild: + Stable for amd64, wrt bug #505942 + +*openssh-6.7_p1-r3 (25 Nov 2014) + + 25 Nov 2014; Patrick McLean +openssh-6.7_p1-r3.ebuild: + Revision bump, make the /var/run -> /run move only apply when kernel_linux is + on, /run is a Linux-ism. + +*openssh-6.7_p1-r2 (24 Nov 2014) + + 24 Nov 2014; Patrick McLean +openssh-6.7_p1-r2.ebuild: + Revision bump, migrate /var/run to /run. + +*openssh-6.7_p1-r1 (24 Nov 2014) + + 24 Nov 2014; Patrick McLean +openssh-6.7_p1-r1.ebuild, + +files/openssh-6.7_p1-sctp-x509-glue.patch, + +files/openssh-6.7_p1-x509-glue.patch: + Revision bump, add the X509 version 8.2 patch. + + 24 Nov 2014; Jeroen Roovers openssh-6.7_p1.ebuild: + Stable for HPPA (bug #505942). + + 16 Nov 2014; Mike Frysinger openssh-6.7_p1.ebuild: + Pull in lksctp-tools for USE=sctp #529436 by Michał Górny. + +*openssh-6.7_p1 (15 Nov 2014) + + 15 Nov 2014; Mike Frysinger + +files/openssh-6.7_p1-openssl-ignore-status.patch, + +files/openssh-6.7_p1-sshd-gssapi-multihomed.patch, +openssh-6.7_p1.ebuild, + metadata.xml: + Version bump #524662 by Lars Wendler. + + 15 Nov 2014; Mike Frysinger openssh-6.6.1_p1-r4.ebuild: + Add USE=pie to control building sshd as a PIE #504764 by David Kredba. Reject + pie/static USE combos #507434 by Alexander Hof. + +*openssh-6.6.1_p1-r4 (28 Sep 2014) + + 28 Sep 2014; Lars Wendler + -openssh-6.6.1_p1-r2.ebuild, -openssh-6.6.1_p1-r3.ebuild, + +openssh-6.6.1_p1-r4.ebuild, + -files/openssh-6.6.1_p1-x509-hpn14v4-glue-p2.patch: + Fixed bug value assigned for SSH_BUG_LARGEWINDOW with + openssh-6.6.1p1-hpnssh14v5 patch (bug #523962). + +*openssh-6.6.1_p1-r3 (08 Sep 2014) + + 08 Sep 2014; Lars Wendler + +openssh-6.6.1_p1-r3.ebuild, +files/openssh-6.6.1_p1-x509-glue.patch, + +files/openssh-6.6.1_p1-x509-hpn14v5-glue.patch: + Bumped hpn patch to 14v5 and X509 patch to version 8.0. + +*openssh-6.6.1_p1-r2 (04 Aug 2014) + + 04 Aug 2014; Lars Wendler + -openssh-6.6.1_p1-r1.ebuild, +openssh-6.6.1_p1-r2.ebuild: + Fixed version number reported by openssh. Thanks to Luis Ressel for reporting + this in bug #519078. + +*openssh-6.6.1_p1-r1 (04 Aug 2014) + + 04 Aug 2014; Lars Wendler -openssh-6.6.1_p1.ebuild, + +openssh-6.6.1_p1-r1.ebuild, files/openssh-6.6.1_p1.patch: + Fixed mistakenly replaced @ char. Thanks to Luis Ressel for reporting this in + bug #519076. *openssh-6.6.1_p1 (25 Apr 2014) diff --git a/sdk_container/src/third_party/portage-stable/net-misc/openssh/Manifest b/sdk_container/src/third_party/portage-stable/net-misc/openssh/Manifest index c7f0bdaee2..2a7a9ff085 100644 --- a/sdk_container/src/third_party/portage-stable/net-misc/openssh/Manifest +++ b/sdk_container/src/third_party/portage-stable/net-misc/openssh/Manifest @@ -2,44 +2,44 @@ Hash: SHA256 AUX openssh-4.7_p1-GSSAPI-dns.patch 4494 SHA256 88a08f349258d4be5b2faa838a89fe1aa0196502990b745ac0e3a70dda30a0d7 SHA512 4d00a9ed79f66b92502c3e5ee580523f63d7b3643fe1bd330ff97994acce527d4d285d38199cef66eddc0ef68afabf7b268abc60cba871bac5d2e99045d4ac11 WHIRLPOOL 2f118fd2f016c529dbc31e8f2b6b418931e6770ab02c28b7feeaba93e84e7fcd1c742f4420a43a9fec0bdfaa4d4bc7cf14fb860c0a56c68a30e7b136fb60bcdb -AUX openssh-5.9_p1-sshd-gssapi-multihomed.patch 6622 SHA256 f5ae8419023d9e5f64c4273e43d60664d0079b5888ed999496038f295852e0ae SHA512 ffa45e97e585c8624792e039e7571b2bb5f38e4554de8bfc1d532f3348fa4a712ea1b6ca054e6a59ed1321a15cf1a9d3bdf3f399cec315346db89bae77abf57d WHIRLPOOL cc4871e3fb91a8075a13b5e49d7d3e0e83106bae0820ae3cf19d3427aad3d701b8f25b2cc2cc881a6315f8e5114fb82da9ca335acccb24afe221d66574fb7685 -AUX openssh-6.3_p1-x509-glue.patch 555 SHA256 1166dba2fe590dfee70119ce6dd79f535d7146d0afb8d36bf7a28505ba93a273 SHA512 1a3c2467215dde959fecdd563069d605f29632a7ffc385039a6fc90b2317ca56d463d0abb91a8bb594d321f64456f75a973bb62625deebe92f8787439416b82d WHIRLPOOL f894d19843a3c018efbe3ed365c8abbee52b1d7a3afea11b292a085996fef8d3cc9889a0e6ae596d4db876ed96efcb73d1823a677eac6779f8793c2fb3677cda AUX openssh-6.3_p1-x509-hpn14v2-glue.patch 1451 SHA256 d7179b3c16edd065977aaf56a410e2b9b237206fb619474f312972b430b73c8d SHA512 02577e3f718ff994bb4e962189f17048b4c03104d0a1981683f3c6a1d6d30701db368e132102c8396da2c0f5eb2f6602b26f32f74d19382af34bd9a93fc508f3 WHIRLPOOL b7d224d71634f380bd31b3a1dd3e588a29582255f717a6a308738ad58b485b693d827a53704479995ec2ebca53c9dc9b2113d8de52a1336b67ce83943f946b77 -AUX openssh-6.5_p1-hpn-cipher-align.patch 3024 SHA256 c79e3a201b2150e2fbc1e869233bac6acc27b2b126d4539cc09aa651fb2e60af SHA512 6efc2fa5f0e9b508e162bf20ab21d2c639888250387fa58ec0d812c7b1db125d8c654a0286a8ffc0d5530e5f0ec0ed723f3a5c0b7bd593b356aee2e811a1f4ec WHIRLPOOL 729c14b8d6f55d789ae2ea0e9cb2e0a4caba62dffced273de5c7254732e94673c1dc2d9e260d56e3a641e03ebab55d61c8ab7541fbf75957855b811def115677 -AUX openssh-6.6.1_p1-x509-hpn14v4-glue-p2.patch 1003 SHA256 e22812a235d2d9ad5bfe0e92dce104429031c8c7d3cfd1bef271e68dd30545c7 SHA512 16dacf6caa5bd622274b08d643a55fbb47f234481a72e4de6989355fd8580cde3d55e2039fab925e72c9f5a7fcf8de7c2f1c5281454df1cb190c966bc1a06ced WHIRLPOOL 093386515423ef78ea39de1657b2b8688e51147172457ea3253fd469b3b3d9f364565a21f979cf99876a3de75cdc5e9a97f743fdedca429e4181f021a7dac224 -AUX openssh-6.6.1_p1.patch 5817 SHA256 94304e311d7e290d97ba017d07fc89ba7de46af9f9918b5594bcaf8f25567661 SHA512 0cd29a21beb038d1f4093d0872ad477942113e9c991153d3c80ee8aa02c1e7c7108c6c8f85bb097bc0f9f46ef6e05f7ce4c6ee1a55cda1ee39886a5d0304f606 WHIRLPOOL b464f6e93b4036ec87652e3489b45fc15a821264a7458177091637fd0195ffbe36abff4da3afc84927dd73773402a0e7b1c2c4af2532b1d710d820247526c635 -AUX openssh-6.6_p1-openssl-ignore-status.patch 741 SHA256 604b0a5365c1b01c9ab26bf1a60acfe43246e1e44e2f0e78d7ec1e47856599e4 SHA512 578afe9ddb836d16d90eb8b0cf10e9282d9c5c5e639962034490cec0aab1bf98cae9b46fe7850446d0cdd93e848d98ca7ed0bdf2bfec6aad418f4c962d4ea08d WHIRLPOOL d30c079eee59281aa87935ad948c59a4c01f858b88d701575d58737cfe555a5229a5f921bfebe34a69dcd15d2dc5efc062050d183ad5a90180aed4e5b3cdadf4 -AUX openssh-6.6_p1-x509-glue.patch 556 SHA256 b37b83b058ff9fb25742d202e0169afc204f135012624bb2811dcacfa9fb346b SHA512 e9535477fe4b0232d2a06edb9f73d8c50baa77ddcffd166624ea8352f298ad119622347c62c1d1e555318e9e6c7d981d2e9b03c388281b6347943861e8813aea WHIRLPOOL 4f01d975e598ce0fe2160e52dbd8251fd5cdf95880d1ef09b730457620f48038156d4bf21c0810978bfc65c9feb90cdfed97aa20018bc175759096dcd3a044d0 -AUX openssh-6.6_p1-x509-hpn14v4-glue-p2.patch 999 SHA256 748f7caa953028da111d6f18ba91652a4821bc9bca60f5d4a90a6501c0098853 SHA512 d1b3790fc164c803e81c803b9e19e0bc351d2b9f353edb1d3531139898b372731b46fab5974a084830b2bab889b06fa33ce23b7d941f7d61da073c1bbfc5ff51 WHIRLPOOL c1d674b8e1cdc48dd0d8b2e7c8bf8e68cec757578f1217555e37eda8723e83e93b2ce183462499ad2165723eca2350544f810a1d6ec95ce4537a527f7918f117 +AUX openssh-6.6.1_p1-x509-glue.patch 635 SHA256 381794bdfc4880da4411041ab1f795cba303644b0a35e88f0f452fca8c2bfbb8 SHA512 6d3adefc5449f812052221b69c588f9948e6116dd5c5644db4e0426264f06fd9a15f04364c2484ce03267f4a84b8806de7d7a7c9140538d73be9e7b50f4eeb47 WHIRLPOOL 823249e96f7175eef09f86dbcc67f6158c23f453eaa940a33c18a838389204cd3a43f5dccd39b6004e05cb05ea327d33be91c2ee1eb4525f13dc29e6943ea6b6 +AUX openssh-6.6.1_p1-x509-hpn14v5-glue.patch 1003 SHA256 a8506f57fb67be25fcba9ee462abc083876f3524b442428a07cf0bbe78735bf5 SHA512 d63eba36ea8488de8bd77fd0b2d005a208f8cf77ae6cf161a063d7efb049b66c7d9f8a12e8fb2f85b73276ba07e52d766bbae26dfd5f2a8537cdd7d991ba94aa WHIRLPOOL a52b2ddbd65bbee865b9fee8dcac6d29cf3a7af61431550bc2f32f9b147bc03fb448cf65e56531c11ec6bb2361515b47a6d9c13db62723e631ea0ef3fc937f6c +AUX openssh-6.7_p1-openssl-ignore-status.patch 765 SHA256 b068cc30d4bce5c457cea78233396c9793864ec909f810dd0be87d913673433a SHA512 ab15d6dfdb8d59946684501f6f30ac0eb82676855b7b57f19f2027a7ada072f9062fcb96911111a50cfc3838492faddd282db381ec83d22462644ccddccf0ae7 WHIRLPOOL c0a4ff69d65eeb40c1ace8d5be6f8e59044a8f16dc6b37e87393e79ab80935abf30a9d2a6babc043aba0477f5f79412e1ae5d373daba580178fd85ca1f60e60b +AUX openssh-6.7_p1-sctp-x509-glue.patch 1326 SHA256 42eb87eda1685e19add23c1304f17dabd99a1a38a57bfe2bfbb70ab85f6d385e SHA512 7f014e2b1893a5240680e2e14475d61b9b6047d1be3fe404d5971a899c122cc624546e9e5b31bfee5905cf7b4605a0871c3b00ed5c2bd28d84755a49392e1a69 WHIRLPOOL 8d6888163068dbc486bc4eff0dd7d4053f68b9848347eb520dd7d382b0b8c74e3016f7f3ed401c2c2dfd48e73a9077fb9777d39c0f236cc500c53393be426b42 +AUX openssh-6.7_p1-sshd-gssapi-multihomed.patch 5489 SHA256 d2a1735b523709a4b4ceaa57862ecb21a95656678bacc5b7da59dc46187ad997 SHA512 a8b8d2c2ab4520c8c7315f6130ee44fec48935a129ce7c7e51a068a4de2c7528980437246b61e4abc4cff614466f8054c554cdbaad4eb0d1f4afcfb434c30bbc WHIRLPOOL e4b97398c324360576a04792357f66be3ed9f17e4113f75275f8422ee0b7ecf28073c7cde01a63e24fa0901b14db822d22d7d2c5936bbee3bd5874a867066967 +AUX openssh-6.7_p1-x509-glue.patch 1633 SHA256 58031e90e0bf220028934ab590af6ccfc45722629b2416df13d84f10c9b94478 SHA512 364ca0280be5cc83d1dedf7727323fd5fc0093c6dbcf9cc8ccaa30ee754b866584be28da1166953f03faf8745d6364e33fad7daad9be9a29681a8674eb9d292b WHIRLPOOL b79a6cff897be78793bbf2ca03154103aa1380647b8c53e104155fd68122568a8e7dea23996213b192e4269f980b1035d3ca395dbd2c318fd81a45f44d110c31 +AUX openssh-6.7_p1-xmalloc-include.patch 390 SHA256 ea43a6a211d8cae4a078b748736f43d4a9d11804ace65886dec826b878dec28e SHA512 b51d9149418217828bdc53c234e248f8be1703b480ccf808814d37cd2589bccdbecff0046d2f2d0e4626420d0d4c2e02d25a9cc07ae31b365cd0b848ccc02035 WHIRLPOOL 04b298eb481fef585b055eb3d706cca55ad6efed6168246f0031e5f614085ae5e70cbb77717047d6c70d7d13a6846657e4a0089d4b8cdf5d9d05652ee22f7209 AUX sshd.confd 396 SHA256 29c6d57ac3ec6018cadc6ba6cd9b90c9ed46e20049b970fdcc68ee2481a2ee41 SHA512 b9ae816af54a55e134a9307e376f05367b815f1b3fd545c2a2c312d18aedcf907f413e8bad8db980cdd9aad4011a72a79e1e94594f69500939a9cb46287f2f81 WHIRLPOOL 69f43e6192e009a4663d130f7e40ee8b13c6eb9cc7d960b5e0e22f5d477649c88806a9d219efef211f4346582c2bb51e40d230a8191e5953dbe08bfff976ae53 AUX sshd.pam_include.2 156 SHA256 166136e27d653e0bf481a6ca79fecb7d9fa2fc3d597d041f97df595f65a8193c SHA512 d3f7e6ca8c9f2b5060ebccb259316bb59c9a7e158e8ef9466765a20db263a4043a590811f1a3ab072b718dbd70898bc69b77e0b19603d7f394b5ac1bd0a4a56c WHIRLPOOL ba7a0a8c3bb39c5fda69de34b822a19696398e0a8789211ac1faae787ee34f9639eb35efe29c67f874b5f9fe674742503e570f441c005974f4a0c93468b8970b AUX sshd.rc6.4 2313 SHA256 97221a017d8ee9de996277c5a794d973a0b5e8180c29c97b3652bd1984a7b5d0 SHA512 88826bc9923299ac4c1502e7076483d6c197fd5a0e693bc2e1690f82bcd7d1bbd144aae2ffd92acb28d6fe912233aa93346e00c72917de65c22811ce9cd5bff7 WHIRLPOOL a77bad5891eb74770ae12e79131a99e5645a83841d14f1d60e39581a23b9d86e66b2e5fb7d0c989afac410eb5c6a627b83389d54085d1b78c89fc07852f8eb66 AUX sshd.service 242 SHA256 1351c43fe8287f61255ace9fa20790f770d69296b4dd31b0c583983d4cc59843 SHA512 77f50c85a2c944995a39819916eb860cfdc1aff90986e93282e669a0de73c287ecb92d550fd118cfcc8ab538eab677e0d103b23cd959b7e8d9801bc37250c39c WHIRLPOOL 0f5c48d709274c526ceee4f26e35dcb00816ffa9d6661acc1e4e462acb38c3c6108b0e87783eff9da1b1868127c5550c57a5a0a9d7270b927ac4b92191876989 AUX sshd.socket 136 SHA256 c055abcd10c5d372119cbc3708661ddffccdee7a1de1282559c54d03e2f109d9 SHA512 4d31d373b7bdae917dc0cf05418c71d4743e98e354aefcf055f88f55c9c644a5a0e0e605dbb8372c1b98d17c0ea1c8c0fee27d38ab8dbe23c7e420a6a78c6d42 WHIRLPOOL 102d87b708c31e5994e8005437c78b1aa756c6def4ee9ae2fa9be1438f328fc28c9152a4ff2528941be18f1311594490ecd98b66716ec74e970aa3725a98e2e5 AUX sshd_at.service 176 SHA256 332f5ffc30456fe2494095c2aabd1e6e02075ce224e2d49708ac7ccf6d341998 SHA512 662a9c2668902633e6dbcb9435ac35bec3e224afdb2ab6a1df908618536ae9fc1958ba1d611e146c01fddb0c8f41eefdc26de78f45b7f165b1d6b2ee2f23be2a WHIRLPOOL aeb32351380dd674ef7a2e7b537f43116c189f7fddb8bdb8b2c109e9f62b0a73cc0f29f2d46270e658ab6409b8d3671ce9e0d0ba7c0d3674c2f85291a73e6df1 -DIST openssh-6.6.1p1-hpnssh14v4.diff.xz 20952 SHA256 cd65166bbc5d0790d4e60fcac592c2b1861171bdaaf31f56ac2a30e8cdf2b4bc SHA512 0867a935f88bd4d34616658d965ed9a6947b0653e455c7398297be1958bad970de76aa47563f0d44244d006c039e040498ce922e904b8d9ca9a5f1ef7704616c WHIRLPOOL 8a84968ceb062a13ad58b95b5e0bf9b0efdedd8c0e81d3231aceda3df33e504e39676bc7d2310027ba103f8f04778664bacce09b9e3e1ef76d359f2372329267 -DIST openssh-6.6p1+x509-7.9.diff.gz 224691 SHA256 463473f75c1dc250ea4eda21f2c79df6f0b479ea499d044cb51d73073881ca34 SHA512 dc9ee7f0589aa0ba8d3c1c40c505f99a811845d8952bf6bf6b8bd3a00ef4813f3b71db32aadf252d7a320a8bf9cdcdf30b71292869d7830cc42f15ce3d1f3c49 WHIRLPOOL 61158e0dac934d375758904382882e7cd276d076a95ba2be32d03f4a7c7969943bd8d63c269ff16ab78928d7c97465f6e417730be14b5efacf64a029e2f950d7 -DIST openssh-6.6p1-hpnssh14v4.diff.xz 20932 SHA256 16dcc68c399990ec0c801d421d022ceeae0e3aec1e6ffd3fecc5e2f4768cc91b SHA512 7900ccf5ba5fcef5e6f3ed1b3263ad348a4bf63879905bbf9ce5212af64c7f4dae396989c67361ef1b5dfaf97a2d340b3bf75bf37f206b9a18ebee5d84044e2d WHIRLPOOL 163ce9e319cef4dcaf6f38f42afc3b75c6e89c38b43c04189c64c72b4b58bc3f9d7042c7b67243879c87cbe410a607296917e94ff042df2c0a29f2ef82792774 -DIST openssh-6.6p1.tar.gz 1282502 SHA256 48c1f0664b4534875038004cc4f3555b8329c2a81c1df48db5c517800de203bb SHA512 3d3566ed87649882702cad52db1adefebfb3ef788c9f77a493f99db7e9ca2e8edcde793dd426df7df0aed72a42a31c20a63ef51506111369d3a7c49e0bf6c82b WHIRLPOOL 8630c81481a813a92da9c302d22135fe519fcc4826a892080e5a15368d13a6b47947ef47d53aad0a34e6ea49ce4caccc8f06e8afc2c90db0402fbcc2184efe89 -DIST openssh-lpk-6.5p1-0.3.14.patch.gz 18217 SHA256 ad678f366dd7ef63ee164e29b59a4a4d264de9ddf9ad2c1d59178779e83539f3 SHA512 16f0053663ffc9a0670dbf8956dc070e6891e1e47cb1fbbea9567a6a4368c5500bf7e2ff7a2eb7208e651a0121088c271fb0a6ece62b98d103b3337866374610 WHIRLPOOL 34ee5a67e4cb0eb5d8126fde5469b73e0c81d4a7795cd9849c671922227eb8a6767cecf3097acbff338a47c3a7930b285fa4ecf2ebe74cb2e9186f93ec70c40c -EBUILD openssh-6.6.1_p1.ebuild 9942 SHA256 e22a5d870c7df47061d0afbac2c0c5f11d015a51aad6e7ca6b6f5337e72b97c9 SHA512 1d83572bf34d95687a9c36d2680e3e888d1286762a5300b06d5f81d741802364c056d3b879c79ccb26517d2aec59435a99ba22051aef3e379824b79ee2fe9bcf WHIRLPOOL 29828c94bcdea63fece0a2e7a00ab5594e85cb052cf1177ff9353c5986f494f51b98aae44d1bf9754869a765131b4a74a3f2e2fb20a1e6c93bb293e4d50aa675 -EBUILD openssh-6.6_p1-r1.ebuild 9874 SHA256 223b5e4c5d0d3152e8ffadd20e8bcc391620c779749cf6ff235f0d3a857f7409 SHA512 3104586dedfb189adc780bf56cb030f3a9c2427fe07ce340424ea4e279b6335653b2eb38f9d86a8f6ac76360cd94b87d858863fd79b2054763f72ccb83f1a0ed WHIRLPOOL 1bef688d59baf3cf10ce3ab60f3eeb6e6cf875989ffcf711628f56b34a1344838c3a46ae548399c49f11459e5dd2045fcef810691421e69ef02eb92489c22824 -MISC ChangeLog 86087 SHA256 d228fa486b75ec96ff621d7092a8985963c513a063013c486d66cd999bdf25f6 SHA512 f5bfd7c52aeb31646d0664179210523f02ea72e976c76b9695b17bd32137380465c5b4dc2e469e17ad5e3f02542555748e4aad42d54a56f57699ee36b3858456 WHIRLPOOL 5932b005760a1f9c4695a7493154e1eb0aeab5c5df423229e735d0513699e6a9d1838f87ca89b74bcbda353534ebe30171c257ee6731ccaa0ccd2cf6b78096c7 -MISC metadata.xml 1837 SHA256 5f8be0245926a5dc8007dd78594febffc68bbcb45306630d027666872e664050 SHA512 76e044611e16ede9bb9697c0ad448c149131f1f20b84ef1000fb77d6cec954abd48542fd26299a372b4411aa0ecb161ed38396b2c3b5c11c71a4bc247e0b23ed WHIRLPOOL 46c8b0f7911fec3ca086e1601cfab5d03e01a7d8cd2069460975545438f6fa5964f138d19a70ec7db7f1f8c9c0fbb48dcec6ee8269fa9d7b432214e9e3e46806 +DIST openssh-6.7_p1-sctp.patch.xz 7408 SHA256 b33e82309195f2a3f21a9fb14e6da2080b096dcf0d6f1c36c93cdeac683fdd59 SHA512 35da5e58f857e8b24e63b4058e946b71fdf0fecc637cb7af0ba8913869e5aadf8317805838936c84dc24421f03c5c91e1670761bed152fdf325c5a509f1b5d04 WHIRLPOOL cc7bace4aa60d720914e3a6a4ff650b7543d9e4963deab12c19cb5d798547b4fe547690946ff8955e121339e9a3d0ebe06f3ff758cca4bb81a09ac43fc877f58 +DIST openssh-6.7p1+x509-8.2.diff.gz 241798 SHA256 85acfcd560b40d4533b82a4e3f443b7137b377868bab424dacdf00581c83240f SHA512 d33ece7ddf382235b032875cf961845b308dc5e4cd1888cb68fee11c95066bb90938f9043cb9410f372efb578b61dfd5d50341da95a92fab5a4c209ac54e1f5e WHIRLPOOL b1fe2b88f0e77312099171f5c83dc670abc4c40d215fdff1e43161e44f806de9e0537cfa3a0001e1c7bbc0d0aed555079455f88b8ff313b00d8e9a19dabcb7d8 +DIST openssh-6.7p1-hpnssh14v5.tar.xz 25652 SHA256 7284db65548b6b04142930da86972f96b1f5aa8ad3fc125134412f904f369d7e SHA512 21929805f40c79684ee3ecdb2b495d3204dca90b932aa633c4e0f6a093a417259cdeee10b3e49f3dff426febc6792f45ee23cc0688f05bf047630f3016e0926a WHIRLPOOL 5515cd4c745b061a3e92ac03e8121fb3ffc4b2ff116140625ca7ab2c0211c673b6345e5b08134df8b1743e03f9964017e789e1f0b9da99a0fd5970e14665e681 +DIST openssh-6.7p1.tar.gz 1351367 SHA256 b2f8394eae858dabbdef7dac10b99aec00c95462753e80342e530bbb6f725507 SHA512 2469dfcd289948374843311dd9e5f7e144ce1cebd4bfce0d387d0b75cb59f3e1af1b9ebf96bd4ab6407dfa77a013c5d25742971053e61cae2541054aeaca559d WHIRLPOOL ac8ce86d0f6c78c4cb3624b480f189f951d508db38b22d7a5550b7302d5277c1c7d18eaa713d52139abc0f77edacfdb03ced2603125e3ddf9bc09c69e6b70518 +DIST openssh-lpk-6.7p1-0.3.14.patch.xz 16920 SHA256 0203e6e44e41d58ec46d1611d7efc985134e662bbee51632c29f43ae809003f0 SHA512 344ccde4a04aeb1500400f779e64b2d8a5ad2970de3c4c343ca9605758e22d3812ef5453cd3221b18ad74a9762583c62417879107e4e1dda1398a6a65bcd04b2 WHIRLPOOL 5b6beeb743d04deea70c8b471a328b5f056fd4651e1370c7882e5d12f54fa2170486dcd6f97aa8c58e80af9a2d4012e2dfbcf53185317976d309783ca8d6cf73 +EBUILD openssh-6.7_p1-r3.ebuild 10078 SHA256 1a58e95c28b5b938f2f15b3fec5688dc9509bb038805b0348b11ac31ed3c57e0 SHA512 add8eaebb3c91983a7bac78011700c110917dea6409bf46e784d7e17b1891facb3baacaa0bda71eb2c9b6017fbf1a21b5846434fba8d588724da871e7824f498 WHIRLPOOL 47e04a0644a592e29aaa9ac00b03a377e81cdb1d886119c21a77a0a351c0cea34018a24406449faa814c2f06e1c03b43ac16a78983bb4a9f57c36834ad7babcb +EBUILD openssh-6.7_p1-r4.ebuild 10138 SHA256 e4f6c4e80485352cc75e62c0212670a0d7f4a19bcf1eed9972bbeaff8b7a2743 SHA512 fdcd7759a85412bdf05be5003d20289a862f13f945e1972e56a36602df426641ef3497399e06ff0da9a51cf2bd54831b6208ac399d42d3ce3e3b1493ffa7655c WHIRLPOOL ae24dbcc182627c356961f4ce290cb1b489e29fa13beaf27212bd4847a36f02af53a8508320cf2a76be88741297ac7533faf53c1d3b15d70299cff536ae8502f +EBUILD openssh-6.7_p1.ebuild 10067 SHA256 970be3a06c0293262f6c59d068d290cc71935fe91f4295b1352b6c41c46c3bf7 SHA512 f2b689767c8da075f16e9e5d9fe258e22fb4019034539883d63632c1543d3141787883ec7013f87c23d709a554b4f994c4c2f41b1829e5301b55f7a5da3fbf46 WHIRLPOOL 8d70fd99a1f3307b801999a9c80be4bcc603cbc151170160d78a2fa8a50ceb701657cbb0b0eb9ccfe1287bff9299dcffb36f884b860a5ca88ac4a9936b21a574 +MISC ChangeLog 90520 SHA256 7c454f72794840d7da66364b62442136c3e91daf02055252c4f92b7cd9199c47 SHA512 572532d5c72adeff37a120419dc58e8d56252dafbc5f1bd8cdb8bf0547b81ddc2878a0b1944d9ff6d51fbabbee61f22c0283b38e09a60293c6ea7303cd4f94c2 WHIRLPOOL bc29ceca24b297a1f3cb2739bd0806564f792d1d58c2c781cbec437a75436b775ac2baf8985404a47fdf3129c9157ee35de18e7d8a50de5c66561df58d50e56b +MISC metadata.xml 1912 SHA256 7b838285f09ad395f237a0d0b9963eee86d0e85b58e6e5b4d5edb093fa888a0a SHA512 e55c10ffd12488720c3da19e55942cfedec63fe767fc1608439b5a3932eeb5488086ad7ef4e1f858c89381e737426f035845ea5e8bede4ed8a0ccabdc656d9b5 WHIRLPOOL 5c07b3dd4a4002cff5df62133ecf570bf79f58e9477d0ad25d60f185ee029183d11118147e3adfec373542659d921e99e787054cfe9284031c974d694de6e9ed -----BEGIN PGP SIGNATURE----- -Version: GnuPG v2.0.22 (GNU/Linux) +Version: GnuPG v2 -iQIcBAEBCAAGBQJTWgrAAAoJEPiazRVxLXTFdIkQAIOF7SLpIDS02wx0TP7zs6rv -GLj+3H3PwTN8CteRmm12jUYWZ5xQE2VRdE+l0lbNFhMS3DXkXJjmYSLe41m7iHY4 -RrfN9JNXzxOczj2IOOeCU+NYxvCooDVDV59U7zuOGc2jwf/Nfp/DhWETsLXlFnWg -VUE9NmWkVt8e8+RKisHUabBeTKWnQWMSbHx5dFL5C/jTgv4fNqN0132VBYBYc0cO -a1BufvLt+p6mKHt/Q03Qz0HjrI+IuUupsBVpGukS19A6tMJDJVaBtHclvK5bwsi2 -CIV73dDFU6VqVN+YalhOhFkf6pBmUpdVjsSSQfnzvrQV/dZDZtZ0Pt+VgHsomCoq -2GPpTcyBZXV/HVxUXblhI0zjYFUtmQonO9tsGEd3VDQxTfZaqJmDcRJCI8ok4FoG -BSM//TUnwMhygdQyF2QacWbxI5ONQM6eUd5/KGwcULzcs5wqYjSZWIwTUq/I7Sqj -7ZYcd8oAtwpV8OiOrjs6B7znn/rBR8lBRPDJjeAqtlfAk9Lc8RCoWuNaOkaGsSyI -rgAR1zWjafgokEIKf56b9ZbIgJGO37v6AIdJiPR3OrKGfbx/r3NtgSWPgfHfmzoj -g2G2OkGu5VKOL1j6MiZeSjxnFgCZCKo9ZYM1SqPaX+P/Py6f9u9iCuAh1wqEVatR -5apVyMiMls/63DWB9U0a -=szWn +iQIcBAEBCAAGBQJU8OqIAAoJEHy/RO9cNQiDxxsQAKcwgw0LRAp0fN2tCyitm0sW +EQJfzjXV8bzPW1PRIVsru3SR5gkTaeig139jPDswmcxm3EDj+AEvQZW8UU9YnF4P +o/RXaGkuwquOpvDEoJ4cE1qjIYzUIIsCiaMdBshweD/Gkur+gUOYI892kHuJXPUs ++nTpCMyhcj7mW8Ueu65xvYXxndoJq3z5ULGivex1HEGz2lPLA1TAhIaPoxIjx/dj +9IVLqw8pZiHYY3pgqqdA880xqIXWNmPPGPFFitt3jUrCR6kisiBLdGF1edIH5+4V +3aogwWyvdoziiRN9iPtOetZT/q0KRewHUdYyEeKndtXNzb0naINOcR3IjX1RMg0V +3Qcda+RwOnvG2NfsvkcYK59Ar8thQag3+xLEhTHV7K1Sgl7ndXmRA0e/Obj7TH5M +0Ql7L/kLkNakpZ8GNv0ZjqX2dAsjdUe0eVYKn/I+2PxIR+aw7Hjz1dtfZnXKKQM1 +LMoVvQHJz4qR7fFu67edz3PybtOS+4BRy1Lw88I3eg1ql9hhsqQtneD2xXp8us03 +SbuKR3GLnW1o6Ax5VDMkkW0oY2VB9FQQ3pJybkFUzjejo8hn5PG6OiM6aP15iI/Z +0GG7VGKasywc52HEj0hq3FI/sgJDmrqk0vPBfxdsdp5e0z8uMZCBhLV5I0MVBTbK +Jdi46gtdvo7eCnXY8+Fk +=nfVc -----END PGP SIGNATURE----- diff --git a/sdk_container/src/third_party/portage-stable/net-misc/openssh/files/openssh-6.3_p1-x509-glue.patch b/sdk_container/src/third_party/portage-stable/net-misc/openssh/files/openssh-6.3_p1-x509-glue.patch deleted file mode 100644 index f70d44a127..0000000000 --- a/sdk_container/src/third_party/portage-stable/net-misc/openssh/files/openssh-6.3_p1-x509-glue.patch +++ /dev/null @@ -1,16 +0,0 @@ -make x509 apply after openssh-5.9_p1-sshd-gssapi-multihomed.patch - ---- openssh-6.3p1+x509-7.6.diff -+++ openssh-6.3p1+x509-7.6.diff -@@ -14784,10 +14784,9 @@ - .It Cm ChallengeResponseAuthentication - Specifies whether challenge-response authentication is allowed (e.g. via - PAM or though authentication styles supported in --@@ -490,6 +567,16 @@ -+@@ -490,5 +567,15 @@ - The default is - .Dq yes . -- Note that this option applies to protocol version 2 only. - +.It Cm HostbasedAlgorithms - +Specifies the protocol version 2 algorithms used in - +.Dq hostbased diff --git a/sdk_container/src/third_party/portage-stable/net-misc/openssh/files/openssh-6.5_p1-hpn-cipher-align.patch b/sdk_container/src/third_party/portage-stable/net-misc/openssh/files/openssh-6.5_p1-hpn-cipher-align.patch deleted file mode 100644 index cfb060fdc5..0000000000 --- a/sdk_container/src/third_party/portage-stable/net-misc/openssh/files/openssh-6.5_p1-hpn-cipher-align.patch +++ /dev/null @@ -1,114 +0,0 @@ -https://bugs.gentoo.org/498632 - -make sure we do not use unaligned loads/stores as some arches really hate that. - ---- a/cipher-ctr-mt.c -+++ b/cipher-ctr-mt.c -@@ -58,8 +58,16 @@ - /* Collect thread stats and print at cancellation when in debug mode */ - /* #define CIPHER_THREAD_STATS */ - --/* Use single-byte XOR instead of 8-byte XOR */ --/* #define CIPHER_BYTE_XOR */ -+/* Can the system do unaligned loads natively? */ -+#if defined(__aarch64__) || \ -+ defined(__i386__) || \ -+ defined(__powerpc__) || \ -+ defined(__x86_64__) -+# define CIPHER_UNALIGNED_OK -+#endif -+#if defined(__SIZEOF_INT128__) -+# define CIPHER_INT128_OK -+#endif - /*-------------------- END TUNABLES --------------------*/ - - -@@ -285,8 +293,20 @@ thread_loop(void *x) - - static int - ssh_aes_ctr(EVP_CIPHER_CTX *ctx, u_char *dest, const u_char *src, -- u_int len) -+ size_t len) - { -+ typedef union { -+#ifdef CIPHER_INT128_OK -+ __uint128_t *u128; -+#endif -+ uint64_t *u64; -+ uint32_t *u32; -+ uint8_t *u8; -+ const uint8_t *cu8; -+ uintptr_t u; -+ } ptrs_t; -+ ptrs_t destp, srcp, bufp; -+ uintptr_t align; - struct ssh_aes_ctr_ctx *c; - struct kq *q, *oldq; - int ridx; -@@ -301,35 +321,41 @@ ssh_aes_ctr(EVP_CIPHER_CTX *ctx, u_char *dest, const u_char *src, - ridx = c->ridx; - - /* src already padded to block multiple */ -+ srcp.cu8 = src; -+ destp.u8 = dest; - while (len > 0) { - buf = q->keys[ridx]; -+ bufp.u8 = buf; - --#ifdef CIPHER_BYTE_XOR -- dest[0] = src[0] ^ buf[0]; -- dest[1] = src[1] ^ buf[1]; -- dest[2] = src[2] ^ buf[2]; -- dest[3] = src[3] ^ buf[3]; -- dest[4] = src[4] ^ buf[4]; -- dest[5] = src[5] ^ buf[5]; -- dest[6] = src[6] ^ buf[6]; -- dest[7] = src[7] ^ buf[7]; -- dest[8] = src[8] ^ buf[8]; -- dest[9] = src[9] ^ buf[9]; -- dest[10] = src[10] ^ buf[10]; -- dest[11] = src[11] ^ buf[11]; -- dest[12] = src[12] ^ buf[12]; -- dest[13] = src[13] ^ buf[13]; -- dest[14] = src[14] ^ buf[14]; -- dest[15] = src[15] ^ buf[15]; --#else -- *(uint64_t *)dest = *(uint64_t *)src ^ *(uint64_t *)buf; -- *(uint64_t *)(dest + 8) = *(uint64_t *)(src + 8) ^ -- *(uint64_t *)(buf + 8); --#endif -+ /* figure out the alignment on the fly */ -+#ifdef CIPHER_UNALIGNED_OK -+ align = 0; -+#else -+ align = destp.u | srcp.u | bufp.u; -+#endif -+ -+#ifdef CIPHER_INT128_OK -+ if ((align & 0xf) == 0) { -+ destp.u128[0] = srcp.u128[0] ^ bufp.u128[0]; -+ } else -+#endif -+ if ((align & 0x7) == 0) { -+ destp.u64[0] = srcp.u64[0] ^ bufp.u64[0]; -+ destp.u64[1] = srcp.u64[1] ^ bufp.u64[1]; -+ } else if ((align & 0x3) == 0) { -+ destp.u32[0] = srcp.u32[0] ^ bufp.u32[0]; -+ destp.u32[1] = srcp.u32[1] ^ bufp.u32[1]; -+ destp.u32[2] = srcp.u32[2] ^ bufp.u32[2]; -+ destp.u32[3] = srcp.u32[3] ^ bufp.u32[3]; -+ } else { -+ size_t i; -+ for (i = 0; i < AES_BLOCK_SIZE; ++i) -+ dest[i] = src[i] ^ buf[i]; -+ } - -- dest += 16; -- src += 16; -- len -= 16; -+ destp.u += AES_BLOCK_SIZE; -+ srcp.u += AES_BLOCK_SIZE; -+ len -= AES_BLOCK_SIZE; - ssh_ctr_inc(ctx->iv, AES_BLOCK_SIZE); - - /* Increment read index, switch queues on rollover */ diff --git a/sdk_container/src/third_party/portage-stable/net-misc/openssh/files/openssh-6.6_p1-x509-glue.patch b/sdk_container/src/third_party/portage-stable/net-misc/openssh/files/openssh-6.6.1_p1-x509-glue.patch similarity index 70% rename from sdk_container/src/third_party/portage-stable/net-misc/openssh/files/openssh-6.6_p1-x509-glue.patch rename to sdk_container/src/third_party/portage-stable/net-misc/openssh/files/openssh-6.6.1_p1-x509-glue.patch index 0ba3e456f9..2a34ee96d5 100644 --- a/sdk_container/src/third_party/portage-stable/net-misc/openssh/files/openssh-6.6_p1-x509-glue.patch +++ b/sdk_container/src/third_party/portage-stable/net-misc/openssh/files/openssh-6.6.1_p1-x509-glue.patch @@ -1,13 +1,14 @@ Make x509 apply after openssh-5.9_p1-sshd-gssapi-multihomed.patch. ---- openssh-6.6p1+x509-7.9.diff -+++ openssh-6.6p1+x509-7.9.diff -@@ -15473,10 +15473,9 @@ +--- openssh-6.6p1+x509-8.0.diff ++++ openssh-6.6p1+x509-8.0.diff +@@ -16337,10 +16337,10 @@ .It Cm ChallengeResponseAuthentication Specifies whether challenge-response authentication is allowed (e.g. via PAM or though authentication styles supported in -@@ -499,6 +576,16 @@ -+@@ -499,5 +576,15 @@ ++@@ -514,6 +591,16 @@ ++ This facility is provided to assist with operation on multi homed machines. The default is .Dq yes . - Note that this option applies to protocol version 2 only. diff --git a/sdk_container/src/third_party/portage-stable/net-misc/openssh/files/openssh-6.6.1_p1-x509-hpn14v4-glue-p2.patch b/sdk_container/src/third_party/portage-stable/net-misc/openssh/files/openssh-6.6.1_p1-x509-hpn14v5-glue.patch similarity index 86% rename from sdk_container/src/third_party/portage-stable/net-misc/openssh/files/openssh-6.6.1_p1-x509-hpn14v4-glue-p2.patch rename to sdk_container/src/third_party/portage-stable/net-misc/openssh/files/openssh-6.6.1_p1-x509-hpn14v5-glue.patch index c76015dd93..beb22926ae 100644 --- a/sdk_container/src/third_party/portage-stable/net-misc/openssh/files/openssh-6.6.1_p1-x509-hpn14v4-glue-p2.patch +++ b/sdk_container/src/third_party/portage-stable/net-misc/openssh/files/openssh-6.6.1_p1-x509-hpn14v5-glue.patch @@ -1,13 +1,13 @@ make the hpn patch apply when the x509 patch has also been applied ---- openssh-6.6.1p1-hpnssh14v4.diff -+++ openssh-6.6.1p1-hpnssh14v4.diff +--- openssh-6.6.1p1-hpnssh14v5.diff ++++ openssh-6.6.1p1-hpnssh14v5.diff @@ -1742,18 +1742,14 @@ if (options->ip_qos_interactive == -1) options->ip_qos_interactive = IPTOS_LOWDELAY; if (options->ip_qos_bulk == -1) --@@ -345,9 +393,10 @@ -+@@ -345,6 +393,7 @@ +-@@ -345,9 +392,10 @@ ++@@ -345,6 +392,7 @@ sUsePrivilegeSeparation, sAllowAgentForwarding, sHostCertificate, sRevokedKeys, sTrustedUserCAKeys, sAuthorizedPrincipalsFile, @@ -21,6 +21,6 @@ make the hpn patch apply when the x509 patch has also been applied - } ServerOpCodes; - + sAuthenticationMethods, sHostKeyAgent, - @@ -468,6 +517,10 @@ + @@ -468,6 +516,10 @@ { "revokedkeys", sRevokedKeys, SSHCFG_ALL }, { "trustedusercakeys", sTrustedUserCAKeys, SSHCFG_ALL }, diff --git a/sdk_container/src/third_party/portage-stable/net-misc/openssh/files/openssh-6.6.1_p1.patch b/sdk_container/src/third_party/portage-stable/net-misc/openssh/files/openssh-6.6.1_p1.patch deleted file mode 100644 index b11f6fb1a7..0000000000 --- a/sdk_container/src/third_party/portage-stable/net-misc/openssh/files/openssh-6.6.1_p1.patch +++ /dev/null @@ -1,167 +0,0 @@ -Hi, - -So I screwed up when writing the support for the curve25519 KEX method -that doesn't depend on OpenSSL's BIGNUM type - a bug in my code left -leading zero bytes where they should have been skipped. The impact of -this is that OpenSSH 6.5 and 6.6 will fail during key exchange with a -peer that implements curve25519-sha256 at libssh.org properly about 0.2% -of the time (one in every 512ish connections). - -We've fixed this for OpenSSH 6.7 by avoiding the curve25519-sha256 -key exchange for previous versions, but I'd recommend distributors -of OpenSSH apply this patch so the affected code doesn't become -too entrenched in LTS releases. - -The patch fixes the bug and makes OpenSSH identify itself as 6.6.1 so as -to distinguish itself from the incorrect versions so the compatibility -code to disable the affected KEX isn't activated. - -I've committed this on the 6.6 branch too. - -Apologies for the hassle. - --d - -Index: version.h -=================================================================== -RCS file: /var/cvs/openssh/version.h,v -retrieving revision 1.82 -diff -u -p -r1.82 version.h ---- version.h 27 Feb 2014 23:01:54 -0000 1.82 -+++ version.h 20 Apr 2014 03:35:15 -0000 -@@ -1,6 +1,6 @@ - /* $OpenBSD: version.h,v 1.70 2014/02/27 22:57:40 djm Exp $ */ - --#define SSH_VERSION "OpenSSH_6.6" -+#define SSH_VERSION "OpenSSH_6.6.1" - - #define SSH_PORTABLE "p1" - #define SSH_RELEASE SSH_VERSION SSH_PORTABLE -Index: compat.c -=================================================================== -RCS file: /var/cvs/openssh/compat.c,v -retrieving revision 1.82 -retrieving revision 1.85 -diff -u -p -r1.82 -r1.85 ---- compat.c 31 Dec 2013 01:25:41 -0000 1.82 -+++ compat.c 20 Apr 2014 03:33:59 -0000 1.85 -@@ -95,6 +95,9 @@ compat_datafellows(const char *version) - { "Sun_SSH_1.0*", SSH_BUG_NOREKEY|SSH_BUG_EXTEOF}, - { "OpenSSH_4*", 0 }, - { "OpenSSH_5*", SSH_NEW_OPENSSH|SSH_BUG_DYNAMIC_RPORT}, -+ { "OpenSSH_6.6.1*", SSH_NEW_OPENSSH}, -+ { "OpenSSH_6.5*," -+ "OpenSSH_6.6*", SSH_NEW_OPENSSH|SSH_BUG_CURVE25519PAD}, - { "OpenSSH*", SSH_NEW_OPENSSH }, - { "*MindTerm*", 0 }, - { "2.1.0*", SSH_BUG_SIGBLOB|SSH_BUG_HMAC| -@@ -251,7 +254,6 @@ compat_cipher_proposal(char *cipher_prop - return cipher_prop; - } - -- - char * - compat_pkalg_proposal(char *pkalg_prop) - { -@@ -263,5 +265,18 @@ compat_pkalg_proposal(char *pkalg_prop) - if (*pkalg_prop == '\0') - fatal("No supported PK algorithms found"); - return pkalg_prop; -+} -+ -+char * -+compat_kex_proposal(char *kex_prop) -+{ -+ if (!(datafellows & SSH_BUG_CURVE25519PAD)) -+ return kex_prop; -+ debug2("%s: original KEX proposal: %s", __func__, kex_prop); -+ kex_prop = filter_proposal(kex_prop, "curve25519-sha256 at libssh.org"); -+ debug2("%s: compat KEX proposal: %s", __func__, kex_prop); -+ if (*kex_prop == '\0') -+ fatal("No supported key exchange algorithms found"); -+ return kex_prop; - } - -Index: compat.h -=================================================================== -RCS file: /var/cvs/openssh/compat.h,v -retrieving revision 1.42 -retrieving revision 1.43 -diff -u -p -r1.42 -r1.43 ---- compat.h 31 Dec 2013 01:25:41 -0000 1.42 -+++ compat.h 20 Apr 2014 03:25:31 -0000 1.43 -@@ -59,6 +59,7 @@ - #define SSH_BUG_RFWD_ADDR 0x02000000 - #define SSH_NEW_OPENSSH 0x04000000 - #define SSH_BUG_DYNAMIC_RPORT 0x08000000 -+#define SSH_BUG_CURVE25519PAD 0x10000000 - - void enable_compat13(void); - void enable_compat20(void); -@@ -66,6 +67,7 @@ void compat_datafellows(const char * - int proto_spec(const char *); - char *compat_cipher_proposal(char *); - char *compat_pkalg_proposal(char *); -+char *compat_kex_proposal(char *); - - extern int compat13; - extern int compat20; -Index: sshd.c -=================================================================== -RCS file: /var/cvs/openssh/sshd.c,v -retrieving revision 1.448 -retrieving revision 1.453 -diff -u -p -r1.448 -r1.453 ---- sshd.c 26 Feb 2014 23:20:08 -0000 1.448 -+++ sshd.c 20 Apr 2014 03:28:41 -0000 1.453 -@@ -2462,6 +2438,9 @@ do_ssh2_kex(void) - if (options.kex_algorithms != NULL) - myproposal[PROPOSAL_KEX_ALGS] = options.kex_algorithms; - -+ myproposal[PROPOSAL_KEX_ALGS] = compat_kex_proposal( -+ myproposal[PROPOSAL_KEX_ALGS]); -+ - if (options.rekey_limit || options.rekey_interval) - packet_set_rekey_limits((u_int32_t)options.rekey_limit, - (time_t)options.rekey_interval); -Index: sshconnect2.c -=================================================================== -RCS file: /var/cvs/openssh/sshconnect2.c,v -retrieving revision 1.197 -retrieving revision 1.199 -diff -u -p -r1.197 -r1.199 ---- sshconnect2.c 4 Feb 2014 00:20:16 -0000 1.197 -+++ sshconnect2.c 20 Apr 2014 03:25:31 -0000 1.199 -@@ -195,6 +196,8 @@ ssh_kex2(char *host, struct sockaddr *ho - } - if (options.kex_algorithms != NULL) - myproposal[PROPOSAL_KEX_ALGS] = options.kex_algorithms; -+ myproposal[PROPOSAL_KEX_ALGS] = compat_kex_proposal( -+ myproposal[PROPOSAL_KEX_ALGS]); - - if (options.rekey_limit || options.rekey_interval) - packet_set_rekey_limits((u_int32_t)options.rekey_limit, -Index: bufaux.c -=================================================================== -RCS file: /var/cvs/openssh/bufaux.c,v -retrieving revision 1.62 -retrieving revision 1.63 -diff -u -p -r1.62 -r1.63 ---- bufaux.c 4 Feb 2014 00:20:15 -0000 1.62 -+++ bufaux.c 20 Apr 2014 03:24:50 -0000 1.63 -@@ -1,4 +1,4 @@ --/* $OpenBSD: bufaux.c,v 1.56 2014/02/02 03:44:31 djm Exp $ */ -+/* $OpenBSD: bufaux.c,v 1.57 2014/04/16 23:22:45 djm Exp $ */ - /* - * Author: Tatu Ylonen - * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland -@@ -372,6 +372,9 @@ buffer_put_bignum2_from_string(Buffer *b - - if (l > 8 * 1024) - fatal("%s: length %u too long", __func__, l); -+ /* Skip leading zero bytes */ -+ for (; l > 0 && *s == 0; l--, s++) -+ ; - p = buf = xmalloc(l + 1); - /* - * If most significant bit is set then prepend a zero byte to diff --git a/sdk_container/src/third_party/portage-stable/net-misc/openssh/files/openssh-6.6_p1-openssl-ignore-status.patch b/sdk_container/src/third_party/portage-stable/net-misc/openssh/files/openssh-6.6_p1-openssl-ignore-status.patch deleted file mode 100644 index 6db6b97dbe..0000000000 --- a/sdk_container/src/third_party/portage-stable/net-misc/openssh/files/openssh-6.6_p1-openssl-ignore-status.patch +++ /dev/null @@ -1,17 +0,0 @@ -the last nibble of the openssl version represents the status. that is, -whether it is a beta or release. when it comes to version checks in -openssh, this component does not matter, so ignore it. - -https://bugzilla.mindrot.org/show_bug.cgi?id=2212 - ---- a/entropy.c -+++ b/entropy.c -@@ -216,7 +216,7 @@ seed_rng(void) - * allow 1.0.1 to work with 1.0.0). Going backwards is only allowed - * within a patch series. - */ -- u_long version_mask = SSLeay() >= 0x1000000f ? ~0xffff0L : ~0xff0L; -+ u_long version_mask = SSLeay() >= 0x1000000f ? ~0xfffffL : ~0xff0L; - if (((SSLeay() ^ OPENSSL_VERSION_NUMBER) & version_mask) || - (SSLeay() >> 12) < (OPENSSL_VERSION_NUMBER >> 12)) - fatal("OpenSSL version mismatch. Built against %lx, you " diff --git a/sdk_container/src/third_party/portage-stable/net-misc/openssh/files/openssh-6.6_p1-x509-hpn14v4-glue-p2.patch b/sdk_container/src/third_party/portage-stable/net-misc/openssh/files/openssh-6.6_p1-x509-hpn14v4-glue-p2.patch deleted file mode 100644 index a69830e089..0000000000 --- a/sdk_container/src/third_party/portage-stable/net-misc/openssh/files/openssh-6.6_p1-x509-hpn14v4-glue-p2.patch +++ /dev/null @@ -1,26 +0,0 @@ -make the hpn patch apply when the x509 patch has also been applied - ---- openssh-6.6p1-hpnssh14v4.diff -+++ openssh-6.6p1-hpnssh14v4.diff -@@ -1742,18 +1742,14 @@ - if (options->ip_qos_interactive == -1) - options->ip_qos_interactive = IPTOS_LOWDELAY; - if (options->ip_qos_bulk == -1) --@@ -345,9 +393,10 @@ -+@@ -345,6 +393,7 @@ - sUsePrivilegeSeparation, sAllowAgentForwarding, - sHostCertificate, - sRevokedKeys, sTrustedUserCAKeys, sAuthorizedPrincipalsFile, --+ sTcpRcvBufPoll, sHPNDisabled, sHPNBufferSize, -++ sTcpRcvBufPoll, sHPNDisabled, sHPNBufferSize, sNoneEnabled, - sKexAlgorithms, sIPQoS, sVersionAddendum, - sAuthorizedKeysCommand, sAuthorizedKeysCommandUser, --- sAuthenticationMethods, sHostKeyAgent, --+ sAuthenticationMethods, sNoneEnabled, sHostKeyAgent, -- sDeprecated, sUnsupported -- } ServerOpCodes; -- -+ sAuthenticationMethods, sHostKeyAgent, - @@ -468,6 +517,10 @@ - { "revokedkeys", sRevokedKeys, SSHCFG_ALL }, - { "trustedusercakeys", sTrustedUserCAKeys, SSHCFG_ALL }, diff --git a/sdk_container/src/third_party/portage-stable/net-misc/openssh/files/openssh-6.7_p1-openssl-ignore-status.patch b/sdk_container/src/third_party/portage-stable/net-misc/openssh/files/openssh-6.7_p1-openssl-ignore-status.patch new file mode 100644 index 0000000000..fa33af39b6 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/net-misc/openssh/files/openssh-6.7_p1-openssl-ignore-status.patch @@ -0,0 +1,17 @@ +the last nibble of the openssl version represents the status. that is, +whether it is a beta or release. when it comes to version checks in +openssh, this component does not matter, so ignore it. + +https://bugzilla.mindrot.org/show_bug.cgi?id=2212 + +--- a/openbsd-compat/openssl-compat.c ++++ b/openbsd-compat/openssl-compat.c +@@ -58,7 +58,7 @@ ssh_compatible_openssl(long headerver, long libver) + * For versions >= 1.0.0, major,minor,status must match and library + * fix version must be equal to or newer than the header. + */ +- mask = 0xfff0000fL; /* major,minor,status */ ++ mask = 0xfff00000L; /* major,minor,status */ + hfix = (headerver & 0x000ff000) >> 12; + lfix = (libver & 0x000ff000) >> 12; + if ( (headerver & mask) == (libver & mask) && lfix >= hfix) diff --git a/sdk_container/src/third_party/portage-stable/net-misc/openssh/files/openssh-6.7_p1-sctp-x509-glue.patch b/sdk_container/src/third_party/portage-stable/net-misc/openssh/files/openssh-6.7_p1-sctp-x509-glue.patch new file mode 100644 index 0000000000..bd0b7ce12b --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/net-misc/openssh/files/openssh-6.7_p1-sctp-x509-glue.patch @@ -0,0 +1,42 @@ +--- openssh-6.7_p1-sctp.patch.orig 2014-11-24 10:34:31.817538707 -0800 ++++ openssh-6.7_p1-sctp.patch 2014-11-24 10:38:52.744990154 -0800 +@@ -195,14 +195,6 @@ + .Op Fl c Ar cipher + .Op Fl F Ar ssh_config + .Op Fl i Ar identity_file +-@@ -178,6 +178,7 @@ For full details of the options listed b +- .It ServerAliveCountMax +- .It StrictHostKeyChecking +- .It TCPKeepAlive +-+.It Transport +- .It UsePrivilegedPort +- .It User +- .It UserKnownHostsFile + @@ -218,6 +219,8 @@ and + to print debugging messages about their progress. + This is helpful in +@@ -482,14 +474,6 @@ + .Op Fl b Ar bind_address + .Op Fl c Ar cipher_spec + .Op Fl D Oo Ar bind_address : Oc Ns Ar port +-@@ -473,6 +473,7 @@ For full details of the options listed b +- .It StreamLocalBindUnlink +- .It StrictHostKeyChecking +- .It TCPKeepAlive +-+.It Transport +- .It Tunnel +- .It TunnelDevice +- .It UsePrivilegedPort + @@ -665,6 +666,8 @@ Trusted X11 forwardings are not subjecte + controls. + .It Fl y +@@ -527,7 +511,7 @@ +- again: ++ + - while ((opt = getopt(ac, av, "1246ab:c:e:fgi:kl:m:no:p:qstvx" + + while ((opt = getopt(ac, av, "1246ab:c:e:fgi:kl:m:no:p:qstvx" SCTP_OPT +- "ACD:E:F:I:KL:MNO:PQ:R:S:TVw:W:XYy")) != -1) { ++ "ACD:E:F:" ENGCONFIG "I:KL:MNO:PQ:R:S:TVw:W:XYy")) != -1) { + switch (opt) { + case '1': + @@ -732,6 +738,11 @@ main(int ac, char **av) diff --git a/sdk_container/src/third_party/portage-stable/net-misc/openssh/files/openssh-5.9_p1-sshd-gssapi-multihomed.patch b/sdk_container/src/third_party/portage-stable/net-misc/openssh/files/openssh-6.7_p1-sshd-gssapi-multihomed.patch similarity index 77% rename from sdk_container/src/third_party/portage-stable/net-misc/openssh/files/openssh-5.9_p1-sshd-gssapi-multihomed.patch rename to sdk_container/src/third_party/portage-stable/net-misc/openssh/files/openssh-6.7_p1-sshd-gssapi-multihomed.patch index 6377d0362f..96818e42ec 100644 --- a/sdk_container/src/third_party/portage-stable/net-misc/openssh/files/openssh-5.9_p1-sshd-gssapi-multihomed.patch +++ b/sdk_container/src/third_party/portage-stable/net-misc/openssh/files/openssh-6.7_p1-sshd-gssapi-multihomed.patch @@ -1,10 +1,8 @@ -Index: gss-serv.c -=================================================================== -RCS file: /cvs/src/usr.bin/ssh/gss-serv.c,v -retrieving revision 1.22 -diff -u -p -r1.22 gss-serv.c ---- gss-serv.c 8 May 2008 12:02:23 -0000 1.22 -+++ gss-serv.c 11 Jan 2010 05:38:29 -0000 +https://bugs.gentoo.org/378361 +https://bugzilla.mindrot.org/show_bug.cgi?id=928 + +--- a/gss-serv.c ++++ b/gss-serv.c @@ -41,9 +41,12 @@ #include "channels.h" #include "session.h" @@ -19,13 +17,13 @@ diff -u -p -r1.22 gss-serv.c { GSS_C_EMPTY_BUFFER, GSS_C_EMPTY_BUFFER, GSS_C_NO_CREDENTIAL, NULL, {NULL, NULL, NULL}}; @@ -77,25 +80,32 @@ ssh_gssapi_acquire_cred(Gssctxt *ctx) - char lname[MAXHOSTNAMELEN]; + char lname[NI_MAXHOST]; gss_OID_set oidset; - gss_create_empty_oid_set(&status, &oidset); - gss_add_oid_set_member(&status, ctx->oid, &oidset); - -- if (gethostname(lname, MAXHOSTNAMELEN)) { +- if (gethostname(lname, sizeof(lname))) { - gss_release_oid_set(&status, &oidset); - return (-1); - } @@ -66,13 +64,8 @@ diff -u -p -r1.22 gss-serv.c } /* Privileged */ -Index: servconf.c -=================================================================== -RCS file: /cvs/src/usr.bin/ssh/servconf.c,v -retrieving revision 1.201 -diff -u -p -r1.201 servconf.c ---- servconf.c 10 Jan 2010 03:51:17 -0000 1.201 -+++ servconf.c 11 Jan 2010 05:34:56 -0000 +--- a/servconf.c ++++ b/servconf.c @@ -86,6 +86,7 @@ initialize_server_options(ServerOptions options->kerberos_get_afs_token = -1; options->gss_authentication=-1; @@ -123,13 +116,8 @@ diff -u -p -r1.201 servconf.c goto parse_flag; case sPasswordAuthentication: -Index: servconf.h -=================================================================== -RCS file: /cvs/src/usr.bin/ssh/servconf.h,v -retrieving revision 1.89 -diff -u -p -r1.89 servconf.h ---- servconf.h 9 Jan 2010 23:04:13 -0000 1.89 -+++ servconf.h 11 Jan 2010 05:32:28 -0000 +--- a/servconf.h ++++ b/servconf.h @@ -92,6 +92,7 @@ typedef struct { * authenticated with Kerberos. */ int gss_authentication; /* If true, permit GSSAPI authentication */ @@ -138,13 +126,8 @@ diff -u -p -r1.89 servconf.h int password_authentication; /* If true, permit password * authentication. */ int kbd_interactive_authentication; /* If true, permit */ -Index: sshd_config -=================================================================== -RCS file: /cvs/src/usr.bin/ssh/sshd_config,v -retrieving revision 1.81 -diff -u -p -r1.81 sshd_config ---- sshd_config 8 Oct 2009 14:03:41 -0000 1.81 -+++ sshd_config 11 Jan 2010 05:32:28 -0000 +--- a/sshd_config ++++ b/sshd_config @@ -69,6 +69,7 @@ # GSSAPI options #GSSAPIAuthentication no @@ -153,13 +136,8 @@ diff -u -p -r1.81 sshd_config # Set this to 'yes' to enable PAM authentication, account processing, # and session processing. If this is enabled, PAM authentication will -Index: sshd_config.5 -=================================================================== -RCS file: /cvs/src/usr.bin/ssh/sshd_config.5,v -retrieving revision 1.116 -diff -u -p -r1.116 sshd_config.5 ---- sshd_config.5 9 Jan 2010 23:04:13 -0000 1.116 -+++ sshd_config.5 11 Jan 2010 05:37:20 -0000 +--- a/sshd_config.5 ++++ b/sshd_config.5 @@ -386,6 +386,21 @@ on logout. The default is .Dq yes . diff --git a/sdk_container/src/third_party/portage-stable/net-misc/openssh/files/openssh-6.7_p1-x509-glue.patch b/sdk_container/src/third_party/portage-stable/net-misc/openssh/files/openssh-6.7_p1-x509-glue.patch new file mode 100644 index 0000000000..71b9c51731 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/net-misc/openssh/files/openssh-6.7_p1-x509-glue.patch @@ -0,0 +1,46 @@ +--- openssh-6.7p1.orig/sshd_config.5 2014-11-24 10:24:29.356244415 -0800 ++++ openssh-6.7p1/sshd_config.5 2014-11-24 10:23:49.415029039 -0800 +@@ -610,21 +610,6 @@ + The default is + .Dq yes . + Note that this option applies to protocol version 2 only. +-.It Cm GSSAPIStrictAcceptorCheck +-Determines whether to be strict about the identity of the GSSAPI acceptor +-a client authenticates against. +-If set to +-.Dq yes +-then the client must authenticate against the +-.Pa host +-service on the current hostname. +-If set to +-.Dq no +-then the client may authenticate against any service key stored in the +-machine's default store. +-This facility is provided to assist with operation on multi homed machines. +-The default is +-.Dq yes . + .It Cm HostbasedAuthentication + Specifies whether rhosts or /etc/hosts.equiv authentication together + with successful public key client host authentication is allowed +@@ -651,6 +636,21 @@ + attempting to resolve the name from the TCP connection itself. + The default is + .Dq no . ++.It Cm GSSAPIStrictAcceptorCheck ++Determines whether to be strict about the identity of the GSSAPI acceptor ++a client authenticates against. ++If set to ++.Dq yes ++then the client must authenticate against the ++.Pa host ++service on the current hostname. ++If set to ++.Dq no ++then the client may authenticate against any service key stored in the ++machine's default store. ++This facility is provided to assist with operation on multi homed machines. ++The default is ++.Dq yes . + .It Cm HostCertificate + Specifies a file containing a public host certificate. + The certificate's public key must match a private host key already specified diff --git a/sdk_container/src/third_party/portage-stable/net-misc/openssh/files/openssh-6.7_p1-xmalloc-include.patch b/sdk_container/src/third_party/portage-stable/net-misc/openssh/files/openssh-6.7_p1-xmalloc-include.patch new file mode 100644 index 0000000000..170031daad --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/net-misc/openssh/files/openssh-6.7_p1-xmalloc-include.patch @@ -0,0 +1,11 @@ +diff -ur openssh-6.7p1.orig/ssh-rsa.c openssh-6.7p1/ssh-rsa.c +--- openssh-6.7p1.orig/ssh-rsa.c 2015-02-24 14:52:54.512197868 -0800 ++++ openssh-6.7p1/ssh-rsa.c 2015-02-27 11:48:54.173951646 -0800 +@@ -34,6 +34,7 @@ + #include "sshkey.h" + #include "digest.h" + #include "evp-compat.h" ++#include "xmalloc.h" + + /*NOTE: Do not define USE_LEGACY_RSA_... if build + is with FIPS capable OpenSSL */ diff --git a/sdk_container/src/third_party/portage-stable/net-misc/openssh/metadata.xml b/sdk_container/src/third_party/portage-stable/net-misc/openssh/metadata.xml index 5765fa2ac5..885648b44d 100644 --- a/sdk_container/src/third_party/portage-stable/net-misc/openssh/metadata.xml +++ b/sdk_container/src/third_party/portage-stable/net-misc/openssh/metadata.xml @@ -25,6 +25,7 @@ ssh-keygen and sftp-server. OpenSSH supports SSH protocol versions 1.3, 1.5, and Enable high performance ssh Add support for storing SSH public keys in LDAP Use LDNS for DNSSEC/SSHFP validation. + Support for Stream Control Transmission Protocol Adds support for X.509 certificate authentication diff --git a/sdk_container/src/third_party/portage-stable/net-misc/openssh/openssh-6.6.1_p1.ebuild b/sdk_container/src/third_party/portage-stable/net-misc/openssh/openssh-6.7_p1-r3.ebuild similarity index 85% rename from sdk_container/src/third_party/portage-stable/net-misc/openssh/openssh-6.6.1_p1.ebuild rename to sdk_container/src/third_party/portage-stable/net-misc/openssh/openssh-6.7_p1-r3.ebuild index 50c2d746c7..45134d4fc2 100644 --- a/sdk_container/src/third_party/portage-stable/net-misc/openssh/openssh-6.6.1_p1.ebuild +++ b/sdk_container/src/third_party/portage-stable/net-misc/openssh/openssh-6.7_p1-r3.ebuild @@ -1,40 +1,44 @@ # Copyright 1999-2014 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/net-misc/openssh/openssh-6.6.1_p1.ebuild,v 1.1 2014/04/25 07:11:59 polynomial-c Exp $ +# $Header: /var/cvsroot/gentoo-x86/net-misc/openssh/openssh-6.7_p1-r3.ebuild,v 1.2 2014/12/31 07:29:47 vapier Exp $ EAPI="4" inherit eutils user flag-o-matic multilib autotools pam systemd versionator # Make it more portable between straight releases # and _p? releases. -PARCH=${P/.1_} +PARCH=${P/_} -#HPN_PATCH="${PN}-6.6p1-hpnssh14v4.diff.gz" -HPN_PATCH="${PN}-6.6.1p1-hpnssh14v4.diff.xz" -LDAP_PATCH="${PN}-lpk-6.5p1-0.3.14.patch.gz" -X509_VER="7.9" X509_PATCH="${PARCH}+x509-${X509_VER}.diff.gz" +HPN_PATCH="${PN}-6.7p1-hpnssh14v5.tar.xz" +LDAP_PATCH="${PN}-lpk-6.7p1-0.3.14.patch.xz" +X509_VER="8.2" X509_PATCH="${PARCH}+x509-${X509_VER}.diff.gz" DESCRIPTION="Port of OpenBSD's free SSH release" HOMEPAGE="http://www.openssh.org/" SRC_URI="mirror://openbsd/OpenSSH/portable/${PARCH}.tar.gz - ${HPN_PATCH:+hpn? ( http://dev.gentoo.org/~polynomial-c/${HPN_PATCH} )} + mirror://gentoo/${P}-sctp.patch.xz + ${HPN_PATCH:+hpn? ( + mirror://gentoo/${HPN_PATCH} + http://dev.gentoo.org/~vapier/dist/${HPN_PATCH} + mirror://sourceforge/hpnssh/${HPN_PATCH} + )} ${LDAP_PATCH:+ldap? ( mirror://gentoo/${LDAP_PATCH} )} ${X509_PATCH:+X509? ( http://roumenpetrov.info/openssh/x509-${X509_VER}/${X509_PATCH} )} " - #${HPN_PATCH:+hpn? ( mirror://sourceforge/hpnssh/${HPN_PATCH} )} LICENSE="BSD GPL-2" SLOT="0" KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~arm-linux ~x86-linux" -IUSE="bindist ${HPN_PATCH:++}hpn kerberos ldap ldns libedit pam selinux skey static tcpd X X509" +IUSE="bindist ${HPN_PATCH:++}hpn kerberos kernel_linux ldap ldns libedit pam +pie sctp selinux skey static X X509" +REQUIRED_USE="pie? ( !static )" -LIB_DEPEND="selinux? ( >=sys-libs/libselinux-1.28[static-libs(+)] ) +LIB_DEPEND="sctp? ( net-misc/lksctp-tools[static-libs(+)] ) + selinux? ( >=sys-libs/libselinux-1.28[static-libs(+)] ) skey? ( >=sys-auth/skey-1.1.5-r1[static-libs(+)] ) libedit? ( dev-libs/libedit[static-libs(+)] ) >=dev-libs/openssl-0.9.6d:0[bindist=] dev-libs/openssl[static-libs(+)] - >=sys-libs/zlib-1.2.3[static-libs(+)] - tcpd? ( >=sys-apps/tcp-wrappers-7.6[static-libs(+)] )" + >=sys-libs/zlib-1.2.3[static-libs(+)]" RDEPEND=" !static? ( ${LIB_DEPEND//\[static-libs(+)]} @@ -100,13 +104,11 @@ src_prepare() { # don't break .ssh/authorized_keys2 for fun sed -i '/^AuthorizedKeysFile/s:^:#:' sshd_config || die - epatch "${FILESDIR}"/${P}.patch #508604 - - epatch "${FILESDIR}"/${PN}-5.9_p1-sshd-gssapi-multihomed.patch #378361 + epatch "${FILESDIR}"/${PN}-6.7_p1-sshd-gssapi-multihomed.patch #378361 if use X509 ; then pushd .. >/dev/null - epatch "${FILESDIR}"/${PN}-6.6_p1-x509-glue.patch - use hpn && epatch "${FILESDIR}"/${PN}-6.6.1_p1-x509-hpn14v4-glue-p2.patch + epatch "${FILESDIR}"/${P}-x509-glue.patch + epatch "${FILESDIR}"/${P}-sctp-x509-glue.patch popd >/dev/null epatch "${WORKDIR}"/${X509_PATCH%.*} epatch "${FILESDIR}"/${PN}-6.3_p1-x509-hpn14v2-glue.patch @@ -121,10 +123,10 @@ src_prepare() { use ldap && ewarn "Sorry, X509 and LDAP conflict internally, disabling LDAP" fi epatch "${FILESDIR}"/${PN}-4.7_p1-GSSAPI-dns.patch #165444 integrated into gsskex - epatch "${FILESDIR}"/${PN}-6.6_p1-openssl-ignore-status.patch + epatch "${FILESDIR}"/${PN}-6.7_p1-openssl-ignore-status.patch + epatch "${WORKDIR}"/${PN}-6.7_p1-sctp.patch if [[ -n ${HPN_PATCH} ]] && use hpn; then - epatch "${WORKDIR}"/${HPN_PATCH%.*} - epatch "${FILESDIR}"/${PN}-6.5_p1-hpn-cipher-align.patch #498632 + epatch "${WORKDIR}"/${HPN_PATCH%.*}/* save_version HPN fi @@ -171,7 +173,7 @@ static_use_with() { } src_configure() { - local myconf + local myconf=() addwrite /dev/ptmx addpredict /etc/skey/skeykeys #skey configure code triggers this @@ -179,14 +181,14 @@ src_configure() { # Special settings for Gentoo/FreeBSD 9.0 or later (see bug #391011) if use elibc_FreeBSD && version_is_at_least 9.0 "$(uname -r|sed 's/\(.\..\).*/\1/')" ; then - myconf="${myconf} --disable-utmp --disable-wtmp --disable-wtmpx" + myconf+=( --disable-utmp --disable-wtmp --disable-wtmpx ) append-ldflags -lutil fi econf \ --with-ldflags="${LDFLAGS}" \ --disable-strip \ - --with-pid-dir="${EPREFIX}"/var/run \ + --with-pid-dir="${EPREFIX}"$(usex kernel_linux '' '/var')/run \ --sysconfdir="${EPREFIX}"/etc/ssh \ --libexecdir="${EPREFIX}"/usr/$(get_libdir)/misc \ --datadir="${EPREFIX}"/usr/share/openssh \ @@ -195,14 +197,15 @@ src_configure() { --with-md5-passwords \ --with-ssl-engine \ $(static_use_with pam) \ - $(static_use_with kerberos kerberos5 /usr) \ + $(static_use_with kerberos kerberos5 "${EPREFIX}"/usr) \ ${LDAP_PATCH:+$(use X509 || ( use ldap && use_with ldap ))} \ $(use_with ldns) \ $(use_with libedit) \ + $(use_with pie) \ + $(use_with sctp) \ $(use_with selinux) \ $(use_with skey) \ - $(use_with tcpd tcp-wrappers) \ - ${myconf} + "${myconf[@]}" } src_install() { @@ -312,8 +315,9 @@ pkg_postinst() { # This instruction is from the HPN webpage, # Used for the server logging functionality if [[ -n ${HPN_PATCH} ]] && use hpn ; then - echo einfo "For the HPN server logging patch, you must ensure that" einfo "your syslog application also listens at /var/empty/dev/log." fi + elog "Note: openssh-6.7 versions no longer support USE=tcpd as upstream has" + elog " dropped it. Make sure to update any configs that you might have." } diff --git a/sdk_container/src/third_party/portage-stable/net-misc/openssh/openssh-6.7_p1-r4.ebuild b/sdk_container/src/third_party/portage-stable/net-misc/openssh/openssh-6.7_p1-r4.ebuild new file mode 100644 index 0000000000..2ed2a2648c --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/net-misc/openssh/openssh-6.7_p1-r4.ebuild @@ -0,0 +1,324 @@ +# Copyright 1999-2015 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/net-misc/openssh/openssh-6.7_p1-r4.ebuild,v 1.1 2015/02/27 22:06:53 chutzpah Exp $ + +EAPI="4" +inherit eutils user flag-o-matic multilib autotools pam systemd versionator + +# Make it more portable between straight releases +# and _p? releases. +PARCH=${P/_} + +HPN_PATCH="${PN}-6.7p1-hpnssh14v5.tar.xz" +LDAP_PATCH="${PN}-lpk-6.7p1-0.3.14.patch.xz" +X509_VER="8.2" X509_PATCH="${PARCH}+x509-${X509_VER}.diff.gz" + +DESCRIPTION="Port of OpenBSD's free SSH release" +HOMEPAGE="http://www.openssh.org/" +SRC_URI="mirror://openbsd/OpenSSH/portable/${PARCH}.tar.gz + mirror://gentoo/${P}-sctp.patch.xz + ${HPN_PATCH:+hpn? ( + mirror://gentoo/${HPN_PATCH} + http://dev.gentoo.org/~vapier/dist/${HPN_PATCH} + mirror://sourceforge/hpnssh/${HPN_PATCH} + )} + ${LDAP_PATCH:+ldap? ( mirror://gentoo/${LDAP_PATCH} )} + ${X509_PATCH:+X509? ( http://roumenpetrov.info/openssh/x509-${X509_VER}/${X509_PATCH} )} + " + +LICENSE="BSD GPL-2" +SLOT="0" +KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~arm-linux ~x86-linux" +IUSE="bindist ${HPN_PATCH:++}hpn kerberos kernel_linux ldap ldns libedit pam +pie sctp selinux skey static X X509" +REQUIRED_USE="pie? ( !static )" + +LIB_DEPEND="sctp? ( net-misc/lksctp-tools[static-libs(+)] ) + selinux? ( >=sys-libs/libselinux-1.28[static-libs(+)] ) + skey? ( >=sys-auth/skey-1.1.5-r1[static-libs(+)] ) + libedit? ( dev-libs/libedit[static-libs(+)] ) + >=dev-libs/openssl-0.9.6d:0[bindist=] + dev-libs/openssl[static-libs(+)] + >=sys-libs/zlib-1.2.3[static-libs(+)]" +RDEPEND=" + !static? ( + ${LIB_DEPEND//\[static-libs(+)]} + ldns? ( + !bindist? ( net-libs/ldns[ecdsa,ssl] ) + bindist? ( net-libs/ldns[-ecdsa,ssl] ) + ) + ) + pam? ( virtual/pam ) + kerberos? ( virtual/krb5 ) + ldap? ( net-nds/openldap )" +DEPEND="${RDEPEND} + static? ( + ${LIB_DEPEND} + ldns? ( + !bindist? ( net-libs/ldns[ecdsa,ssl,static-libs(+)] ) + bindist? ( net-libs/ldns[-ecdsa,ssl,static-libs(+)] ) + ) + ) + virtual/pkgconfig + virtual/os-headers + sys-devel/autoconf" +RDEPEND="${RDEPEND} + pam? ( >=sys-auth/pambase-20081028 ) + userland_GNU? ( virtual/shadow ) + X? ( x11-apps/xauth )" + +S=${WORKDIR}/${PARCH} + +pkg_setup() { + # this sucks, but i'd rather have people unable to `emerge -u openssh` + # than not be able to log in to their server any more + maybe_fail() { [[ -z ${!2} ]] && echo "$1" ; } + local fail=" + $(use X509 && maybe_fail X509 X509_PATCH) + $(use ldap && maybe_fail ldap LDAP_PATCH) + $(use hpn && maybe_fail hpn HPN_PATCH) + " + fail=$(echo ${fail}) + if [[ -n ${fail} ]] ; then + eerror "Sorry, but this version does not yet support features" + eerror "that you requested: ${fail}" + eerror "Please mask ${PF} for now and check back later:" + eerror " # echo '=${CATEGORY}/${PF}' >> /etc/portage/package.mask" + die "booooo" + fi +} + +save_version() { + # version.h patch conflict avoidence + mv version.h version.h.$1 + cp -f version.h.pristine version.h +} + +src_prepare() { + sed -i \ + -e "/_PATH_XAUTH/s:/usr/X11R6/bin/xauth:${EPREFIX}/usr/bin/xauth:" \ + pathnames.h || die + # keep this as we need it to avoid the conflict between LPK and HPN changing + # this file. + cp version.h version.h.pristine + + # don't break .ssh/authorized_keys2 for fun + sed -i '/^AuthorizedKeysFile/s:^:#:' sshd_config || die + + epatch "${FILESDIR}"/${PN}-6.7_p1-sshd-gssapi-multihomed.patch #378361 + if use X509 ; then + pushd .. >/dev/null + epatch "${FILESDIR}"/${P}-x509-glue.patch + epatch "${FILESDIR}"/${P}-sctp-x509-glue.patch + popd >/dev/null + epatch "${WORKDIR}"/${X509_PATCH%.*} + epatch "${FILESDIR}"/${PN}-6.3_p1-x509-hpn14v2-glue.patch + epatch "${FILESDIR}"/${PN}-6.7_p1-xmalloc-include.patch + save_version X509 + fi + if ! use X509 ; then + if [[ -n ${LDAP_PATCH} ]] && use ldap ; then + epatch "${WORKDIR}"/${LDAP_PATCH%.*} + save_version LPK + fi + else + use ldap && ewarn "Sorry, X509 and LDAP conflict internally, disabling LDAP" + fi + epatch "${FILESDIR}"/${PN}-4.7_p1-GSSAPI-dns.patch #165444 integrated into gsskex + epatch "${FILESDIR}"/${PN}-6.7_p1-openssl-ignore-status.patch + epatch "${WORKDIR}"/${PN}-6.7_p1-sctp.patch + if [[ -n ${HPN_PATCH} ]] && use hpn; then + epatch "${WORKDIR}"/${HPN_PATCH%.*}/* + save_version HPN + fi + + tc-export PKG_CONFIG + local sed_args=( + -e "s:-lcrypto:$(${PKG_CONFIG} --libs openssl):" + # Disable PATH reset, trust what portage gives us #254615 + -e 's:^PATH=/:#PATH=/:' + # Disable fortify flags ... our gcc does this for us + -e 's:-D_FORTIFY_SOURCE=2::' + ) + # The -ftrapv flag ICEs on hppa #505182 + use hppa && sed_args+=( + -e '/CFLAGS/s:-ftrapv:-fdisable-this-test:' + -e '/OSSH_CHECK_CFLAG_LINK.*-ftrapv/d' + ) + sed -i "${sed_args[@]}" configure{.ac,} || die + + epatch_user #473004 + + # Now we can build a sane merged version.h + ( + sed '/^#define SSH_RELEASE/d' version.h.* | sort -u + macros=() + for p in HPN LPK X509 ; do [ -e version.h.${p} ] && macros+=( SSH_${p} ) ; done + printf '#define SSH_RELEASE SSH_VERSION SSH_PORTABLE %s\n' "${macros}" + ) > version.h + + eautoreconf +} + +static_use_with() { + local flag=$1 + if use static && use ${flag} ; then + ewarn "Disabling '${flag}' support because of USE='static'" + # rebuild args so that we invert the first one (USE flag) + # but otherwise leave everything else working so we can + # just leverage use_with + shift + [[ -z $1 ]] && flag="${flag} ${flag}" + set -- !${flag} "$@" + fi + use_with "$@" +} + +src_configure() { + local myconf=() + addwrite /dev/ptmx + addpredict /etc/skey/skeykeys #skey configure code triggers this + + use static && append-ldflags -static + + # Special settings for Gentoo/FreeBSD 9.0 or later (see bug #391011) + if use elibc_FreeBSD && version_is_at_least 9.0 "$(uname -r|sed 's/\(.\..\).*/\1/')" ; then + myconf+=( --disable-utmp --disable-wtmp --disable-wtmpx ) + append-ldflags -lutil + fi + + econf \ + --with-ldflags="${LDFLAGS}" \ + --disable-strip \ + --with-pid-dir="${EPREFIX}"$(usex kernel_linux '' '/var')/run \ + --sysconfdir="${EPREFIX}"/etc/ssh \ + --libexecdir="${EPREFIX}"/usr/$(get_libdir)/misc \ + --datadir="${EPREFIX}"/usr/share/openssh \ + --with-privsep-path="${EPREFIX}"/var/empty \ + --with-privsep-user=sshd \ + --with-md5-passwords \ + --with-ssl-engine \ + $(static_use_with pam) \ + $(static_use_with kerberos kerberos5 "${EPREFIX}"/usr) \ + ${LDAP_PATCH:+$(use X509 || ( use ldap && use_with ldap ))} \ + $(use_with ldns) \ + $(use_with libedit) \ + $(use_with pie) \ + $(use_with sctp) \ + $(use_with selinux) \ + $(use_with skey) \ + "${myconf[@]}" +} + +src_install() { + emake install-nokeys DESTDIR="${D}" + fperms 600 /etc/ssh/sshd_config + dobin contrib/ssh-copy-id + newinitd "${FILESDIR}"/sshd.rc6.4 sshd + newconfd "${FILESDIR}"/sshd.confd sshd + keepdir /var/empty + + # not all openssl installs support ecc, or are functional #352645 + if ! grep -q '#define OPENSSL_HAS_ECC 1' config.h ; then + elog "dev-libs/openssl was built with 'bindist' - disabling ecdsa support" + sed -i 's:&& gen_key ecdsa::' "${ED}"/etc/init.d/sshd || die + fi + + newpamd "${FILESDIR}"/sshd.pam_include.2 sshd + if use pam ; then + sed -i \ + -e "/^#UsePAM /s:.*:UsePAM yes:" \ + -e "/^#PasswordAuthentication /s:.*:PasswordAuthentication no:" \ + -e "/^#PrintMotd /s:.*:PrintMotd no:" \ + -e "/^#PrintLastLog /s:.*:PrintLastLog no:" \ + "${ED}"/etc/ssh/sshd_config || die "sed of configuration file failed" + fi + + # Gentoo tweaks to default config files + cat <<-EOF >> "${ED}"/etc/ssh/sshd_config + + # Allow client to pass locale environment variables #367017 + AcceptEnv LANG LC_* + EOF + cat <<-EOF >> "${ED}"/etc/ssh/ssh_config + + # Send locale environment variables #367017 + SendEnv LANG LC_* + EOF + + # This instruction is from the HPN webpage, + # Used for the server logging functionality + if [[ -n ${HPN_PATCH} ]] && use hpn ; then + keepdir /var/empty/dev + fi + + if ! use X509 && [[ -n ${LDAP_PATCH} ]] && use ldap ; then + insinto /etc/openldap/schema/ + newins openssh-lpk_openldap.schema openssh-lpk.schema + fi + + doman contrib/ssh-copy-id.1 + dodoc ChangeLog CREDITS OVERVIEW README* TODO sshd_config + + diropts -m 0700 + dodir /etc/skel/.ssh + + systemd_dounit "${FILESDIR}"/sshd.{service,socket} + systemd_newunit "${FILESDIR}"/sshd_at.service 'sshd@.service' +} + +src_test() { + local t tests skipped failed passed shell + tests="interop-tests compat-tests" + skipped="" + shell=$(egetshell ${UID}) + if [[ ${shell} == */nologin ]] || [[ ${shell} == */false ]] ; then + elog "Running the full OpenSSH testsuite" + elog "requires a usable shell for the 'portage'" + elog "user, so we will run a subset only." + skipped="${skipped} tests" + else + tests="${tests} tests" + fi + # It will also attempt to write to the homedir .ssh + local sshhome=${T}/homedir + mkdir -p "${sshhome}"/.ssh + for t in ${tests} ; do + # Some tests read from stdin ... + HOMEDIR="${sshhome}" \ + emake -k -j1 ${t} =sys-libs/libselinux-1.28[static-libs(+)] ) skey? ( >=sys-auth/skey-1.1.5-r1[static-libs(+)] ) libedit? ( dev-libs/libedit[static-libs(+)] ) >=dev-libs/openssl-0.9.6d:0[bindist=] dev-libs/openssl[static-libs(+)] - >=sys-libs/zlib-1.2.3[static-libs(+)] - tcpd? ( >=sys-apps/tcp-wrappers-7.6[static-libs(+)] )" + >=sys-libs/zlib-1.2.3[static-libs(+)]" RDEPEND=" !static? ( ${LIB_DEPEND//\[static-libs(+)]} @@ -100,11 +104,11 @@ src_prepare() { # don't break .ssh/authorized_keys2 for fun sed -i '/^AuthorizedKeysFile/s:^:#:' sshd_config || die - epatch "${FILESDIR}"/${PN}-5.9_p1-sshd-gssapi-multihomed.patch #378361 + epatch "${FILESDIR}"/${PN}-6.7_p1-sshd-gssapi-multihomed.patch #378361 if use X509 ; then pushd .. >/dev/null - epatch "${FILESDIR}"/${PN}-6.6_p1-x509-glue.patch - use hpn && epatch "${FILESDIR}"/${PN}-6.6_p1-x509-hpn14v4-glue-p2.patch + epatch "${FILESDIR}"/${PN}-6.6.1_p1-x509-glue.patch + use hpn && epatch "${FILESDIR}"/${PN}-6.6.1_p1-x509-hpn14v5-glue.patch popd >/dev/null epatch "${WORKDIR}"/${X509_PATCH%.*} epatch "${FILESDIR}"/${PN}-6.3_p1-x509-hpn14v2-glue.patch @@ -119,10 +123,10 @@ src_prepare() { use ldap && ewarn "Sorry, X509 and LDAP conflict internally, disabling LDAP" fi epatch "${FILESDIR}"/${PN}-4.7_p1-GSSAPI-dns.patch #165444 integrated into gsskex - epatch "${FILESDIR}"/${PN}-6.6_p1-openssl-ignore-status.patch + epatch "${FILESDIR}"/${PN}-6.7_p1-openssl-ignore-status.patch + epatch "${WORKDIR}"/${PN}-6.7_p1-sctp.patch if [[ -n ${HPN_PATCH} ]] && use hpn; then - epatch "${WORKDIR}"/${HPN_PATCH%.*} - epatch "${FILESDIR}"/${PN}-6.5_p1-hpn-cipher-align.patch #498632 + epatch "${WORKDIR}"/${HPN_PATCH%.*}/* save_version HPN fi @@ -169,7 +173,7 @@ static_use_with() { } src_configure() { - local myconf + local myconf=() addwrite /dev/ptmx addpredict /etc/skey/skeykeys #skey configure code triggers this @@ -177,7 +181,7 @@ src_configure() { # Special settings for Gentoo/FreeBSD 9.0 or later (see bug #391011) if use elibc_FreeBSD && version_is_at_least 9.0 "$(uname -r|sed 's/\(.\..\).*/\1/')" ; then - myconf="${myconf} --disable-utmp --disable-wtmp --disable-wtmpx" + myconf+=( --disable-utmp --disable-wtmp --disable-wtmpx ) append-ldflags -lutil fi @@ -193,14 +197,15 @@ src_configure() { --with-md5-passwords \ --with-ssl-engine \ $(static_use_with pam) \ - $(static_use_with kerberos kerberos5 /usr) \ + $(static_use_with kerberos kerberos5 "${EPREFIX}"/usr) \ ${LDAP_PATCH:+$(use X509 || ( use ldap && use_with ldap ))} \ $(use_with ldns) \ $(use_with libedit) \ + $(use_with pie) \ + $(use_with sctp) \ $(use_with selinux) \ $(use_with skey) \ - $(use_with tcpd tcp-wrappers) \ - ${myconf} + "${myconf[@]}" } src_install() { @@ -310,8 +315,9 @@ pkg_postinst() { # This instruction is from the HPN webpage, # Used for the server logging functionality if [[ -n ${HPN_PATCH} ]] && use hpn ; then - echo einfo "For the HPN server logging patch, you must ensure that" einfo "your syslog application also listens at /var/empty/dev/log." fi + elog "Note: openssh-6.7 versions no longer support USE=tcpd as upstream has" + elog " dropped it. Make sure to update any configs that you might have." }