mirror of
https://github.com/flatcar/scripts.git
synced 2025-08-24 16:01:09 +02:00
Merge pull request #173 from crawford/ssh
bump(net-misc/openssh): sync with upstream
This commit is contained in:
commit
e811f263fa
@ -1,13 +0,0 @@
|
|||||||
DEFINED_PHASES=configure install postinst preinst prepare setup test
|
|
||||||
DEPEND=!static? ( selinux? ( >=sys-libs/libselinux-1.28 ) skey? ( >=sys-auth/skey-1.1.5-r1 ) libedit? ( dev-libs/libedit ) >=dev-libs/openssl-0.9.6d:0[bindist=] dev-libs/openssl >=sys-libs/zlib-1.2.3 tcpd? ( >=sys-apps/tcp-wrappers-7.6 ) ldns? ( !bindist? ( net-libs/ldns[ecdsa,ssl] ) bindist? ( net-libs/ldns[-ecdsa,ssl] ) ) ) pam? ( virtual/pam ) kerberos? ( virtual/krb5 ) ldap? ( net-nds/openldap ) static? ( selinux? ( >=sys-libs/libselinux-1.28[static-libs(+)] ) skey? ( >=sys-auth/skey-1.1.5-r1[static-libs(+)] ) libedit? ( dev-libs/libedit[static-libs(+)] ) >=dev-libs/openssl-0.9.6d:0[bindist=] dev-libs/openssl[static-libs(+)] >=sys-libs/zlib-1.2.3[static-libs(+)] tcpd? ( >=sys-apps/tcp-wrappers-7.6[static-libs(+)] ) ldns? ( !bindist? ( net-libs/ldns[ecdsa,ssl,static-libs(+)] ) bindist? ( net-libs/ldns[-ecdsa,ssl,static-libs(+)] ) ) ) virtual/pkgconfig virtual/os-headers sys-devel/autoconf !<sys-devel/gettext-0.18.1.1-r3 || ( >=sys-devel/automake-1.13:1.13 >=sys-devel/automake-1.14:1.14 ) >=sys-devel/autoconf-2.69 >=sys-devel/libtool-2.4 virtual/pkgconfig
|
|
||||||
DESCRIPTION=Port of OpenBSD's free SSH release
|
|
||||||
EAPI=4
|
|
||||||
HOMEPAGE=http://www.openssh.org/
|
|
||||||
IUSE=bindist +hpn kerberos ldap ldns libedit pam selinux skey static tcpd X X509
|
|
||||||
KEYWORDS=~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~arm-linux ~x86-linux
|
|
||||||
LICENSE=BSD GPL-2
|
|
||||||
RDEPEND=!static? ( selinux? ( >=sys-libs/libselinux-1.28 ) skey? ( >=sys-auth/skey-1.1.5-r1 ) libedit? ( dev-libs/libedit ) >=dev-libs/openssl-0.9.6d:0[bindist=] dev-libs/openssl >=sys-libs/zlib-1.2.3 tcpd? ( >=sys-apps/tcp-wrappers-7.6 ) ldns? ( !bindist? ( net-libs/ldns[ecdsa,ssl] ) bindist? ( net-libs/ldns[-ecdsa,ssl] ) ) ) pam? ( virtual/pam ) kerberos? ( virtual/krb5 ) ldap? ( net-nds/openldap ) pam? ( >=sys-auth/pambase-20081028 ) userland_GNU? ( virtual/shadow ) X? ( x11-apps/xauth )
|
|
||||||
SLOT=0
|
|
||||||
SRC_URI=mirror://openbsd/OpenSSH/portable/openssh-6.6p1.tar.gz hpn? ( http://dev.gentoo.org/~polynomial-c/openssh-6.6.1p1-hpnssh14v4.diff.xz ) ldap? ( mirror://gentoo/openssh-lpk-6.5p1-0.3.14.patch.gz ) X509? ( http://roumenpetrov.info/openssh/x509-7.9/openssh-6.6p1+x509-7.9.diff.gz )
|
|
||||||
_eclasses_=autotools c118b9a8e93bfef124f2d7a2fe56a95e eutils 6faef4c127028ccbba3a11400d24ae34 flag-o-matic eda1c0b5ba85b3eeb555a071d69eb819 libtool 52d0e17251d04645ffaa61bfdd858944 multilib 3bf24e6abb9b76d9f6c20600f0b716bf pam aa1ebb3ab720ea04dbbdd6eaaf9554ed systemd 090342761f573a8280dd5aa6b0345f3b toolchain-funcs 0dfbfa13f57c6184f4728d12ac002aac user f54e098dd38ba1c0847a13e685b87747 versionator cd0bcdb170807e4a1984115e9d53a26f
|
|
||||||
_md5_=adacc649501da615168ff21c1ca1e739
|
|
@ -1,13 +0,0 @@
|
|||||||
DEFINED_PHASES=configure install postinst preinst prepare setup test
|
|
||||||
DEPEND=!static? ( selinux? ( >=sys-libs/libselinux-1.28 ) skey? ( >=sys-auth/skey-1.1.5-r1 ) libedit? ( dev-libs/libedit ) >=dev-libs/openssl-0.9.6d:0[bindist=] dev-libs/openssl >=sys-libs/zlib-1.2.3 tcpd? ( >=sys-apps/tcp-wrappers-7.6 ) ldns? ( !bindist? ( net-libs/ldns[ecdsa,ssl] ) bindist? ( net-libs/ldns[-ecdsa,ssl] ) ) ) pam? ( virtual/pam ) kerberos? ( virtual/krb5 ) ldap? ( net-nds/openldap ) static? ( selinux? ( >=sys-libs/libselinux-1.28[static-libs(+)] ) skey? ( >=sys-auth/skey-1.1.5-r1[static-libs(+)] ) libedit? ( dev-libs/libedit[static-libs(+)] ) >=dev-libs/openssl-0.9.6d:0[bindist=] dev-libs/openssl[static-libs(+)] >=sys-libs/zlib-1.2.3[static-libs(+)] tcpd? ( >=sys-apps/tcp-wrappers-7.6[static-libs(+)] ) ldns? ( !bindist? ( net-libs/ldns[ecdsa,ssl,static-libs(+)] ) bindist? ( net-libs/ldns[-ecdsa,ssl,static-libs(+)] ) ) ) virtual/pkgconfig virtual/os-headers sys-devel/autoconf !<sys-devel/gettext-0.18.1.1-r3 || ( >=sys-devel/automake-1.13:1.13 >=sys-devel/automake-1.14:1.14 ) >=sys-devel/autoconf-2.69 >=sys-devel/libtool-2.4 virtual/pkgconfig
|
|
||||||
DESCRIPTION=Port of OpenBSD's free SSH release
|
|
||||||
EAPI=4
|
|
||||||
HOMEPAGE=http://www.openssh.org/
|
|
||||||
IUSE=bindist +hpn kerberos ldap ldns libedit pam selinux skey static tcpd X X509
|
|
||||||
KEYWORDS=alpha amd64 arm arm64 hppa ia64 m68k ~mips ppc ppc64 s390 sh sparc x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~arm-linux ~x86-linux
|
|
||||||
LICENSE=BSD GPL-2
|
|
||||||
RDEPEND=!static? ( selinux? ( >=sys-libs/libselinux-1.28 ) skey? ( >=sys-auth/skey-1.1.5-r1 ) libedit? ( dev-libs/libedit ) >=dev-libs/openssl-0.9.6d:0[bindist=] dev-libs/openssl >=sys-libs/zlib-1.2.3 tcpd? ( >=sys-apps/tcp-wrappers-7.6 ) ldns? ( !bindist? ( net-libs/ldns[ecdsa,ssl] ) bindist? ( net-libs/ldns[-ecdsa,ssl] ) ) ) pam? ( virtual/pam ) kerberos? ( virtual/krb5 ) ldap? ( net-nds/openldap ) pam? ( >=sys-auth/pambase-20081028 ) userland_GNU? ( virtual/shadow ) X? ( x11-apps/xauth )
|
|
||||||
SLOT=0
|
|
||||||
SRC_URI=mirror://openbsd/OpenSSH/portable/openssh-6.6p1.tar.gz hpn? ( http://dev.gentoo.org/~polynomial-c/openssh-6.6p1-hpnssh14v4.diff.xz ) ldap? ( mirror://gentoo/openssh-lpk-6.5p1-0.3.14.patch.gz ) X509? ( http://roumenpetrov.info/openssh/x509-7.9/openssh-6.6p1+x509-7.9.diff.gz )
|
|
||||||
_eclasses_=autotools c118b9a8e93bfef124f2d7a2fe56a95e eutils 6faef4c127028ccbba3a11400d24ae34 flag-o-matic eda1c0b5ba85b3eeb555a071d69eb819 libtool 52d0e17251d04645ffaa61bfdd858944 multilib 3bf24e6abb9b76d9f6c20600f0b716bf pam aa1ebb3ab720ea04dbbdd6eaaf9554ed systemd 090342761f573a8280dd5aa6b0345f3b toolchain-funcs 0dfbfa13f57c6184f4728d12ac002aac user f54e098dd38ba1c0847a13e685b87747 versionator cd0bcdb170807e4a1984115e9d53a26f
|
|
||||||
_md5_=179c120a4e2844fd997c311c17b95b4e
|
|
14
sdk_container/src/third_party/portage-stable/metadata/md5-cache/net-misc/openssh-6.7_p1
vendored
Normal file
14
sdk_container/src/third_party/portage-stable/metadata/md5-cache/net-misc/openssh-6.7_p1
vendored
Normal file
@ -0,0 +1,14 @@
|
|||||||
|
DEFINED_PHASES=configure install postinst preinst prepare setup test
|
||||||
|
DEPEND=!static? ( sctp? ( net-misc/lksctp-tools ) selinux? ( >=sys-libs/libselinux-1.28 ) skey? ( >=sys-auth/skey-1.1.5-r1 ) libedit? ( dev-libs/libedit ) >=dev-libs/openssl-0.9.6d:0[bindist=] dev-libs/openssl >=sys-libs/zlib-1.2.3 ldns? ( !bindist? ( net-libs/ldns[ecdsa,ssl] ) bindist? ( net-libs/ldns[-ecdsa,ssl] ) ) ) pam? ( virtual/pam ) kerberos? ( virtual/krb5 ) ldap? ( net-nds/openldap ) static? ( sctp? ( net-misc/lksctp-tools[static-libs(+)] ) selinux? ( >=sys-libs/libselinux-1.28[static-libs(+)] ) skey? ( >=sys-auth/skey-1.1.5-r1[static-libs(+)] ) libedit? ( dev-libs/libedit[static-libs(+)] ) >=dev-libs/openssl-0.9.6d:0[bindist=] dev-libs/openssl[static-libs(+)] >=sys-libs/zlib-1.2.3[static-libs(+)] ldns? ( !bindist? ( net-libs/ldns[ecdsa,ssl,static-libs(+)] ) bindist? ( net-libs/ldns[-ecdsa,ssl,static-libs(+)] ) ) ) virtual/pkgconfig virtual/os-headers sys-devel/autoconf !<sys-devel/gettext-0.18.1.1-r3 || ( >=sys-devel/automake-1.13:1.13 >=sys-devel/automake-1.14:1.14 ) >=sys-devel/autoconf-2.69 >=sys-devel/libtool-2.4 virtual/pkgconfig
|
||||||
|
DESCRIPTION=Port of OpenBSD's free SSH release
|
||||||
|
EAPI=4
|
||||||
|
HOMEPAGE=http://www.openssh.org/
|
||||||
|
IUSE=bindist +hpn kerberos ldap ldns libedit pam +pie sctp selinux skey static X X509
|
||||||
|
KEYWORDS=alpha amd64 arm arm64 hppa ia64 m68k ~mips ppc ppc64 s390 sh sparc x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~arm-linux ~x86-linux
|
||||||
|
LICENSE=BSD GPL-2
|
||||||
|
RDEPEND=!static? ( sctp? ( net-misc/lksctp-tools ) selinux? ( >=sys-libs/libselinux-1.28 ) skey? ( >=sys-auth/skey-1.1.5-r1 ) libedit? ( dev-libs/libedit ) >=dev-libs/openssl-0.9.6d:0[bindist=] dev-libs/openssl >=sys-libs/zlib-1.2.3 ldns? ( !bindist? ( net-libs/ldns[ecdsa,ssl] ) bindist? ( net-libs/ldns[-ecdsa,ssl] ) ) ) pam? ( virtual/pam ) kerberos? ( virtual/krb5 ) ldap? ( net-nds/openldap ) pam? ( >=sys-auth/pambase-20081028 ) userland_GNU? ( virtual/shadow ) X? ( x11-apps/xauth )
|
||||||
|
REQUIRED_USE=pie? ( !static )
|
||||||
|
SLOT=0
|
||||||
|
SRC_URI=mirror://openbsd/OpenSSH/portable/openssh-6.7p1.tar.gz mirror://gentoo/openssh-6.7_p1-sctp.patch.xz hpn? ( mirror://gentoo/openssh-6.7p1-hpnssh14v5.tar.xz http://dev.gentoo.org/~vapier/dist/openssh-6.7p1-hpnssh14v5.tar.xz mirror://sourceforge/hpnssh/openssh-6.7p1-hpnssh14v5.tar.xz ) ldap? ( mirror://gentoo/openssh-lpk-6.7p1-0.3.14.patch.xz )
|
||||||
|
_eclasses_=autotools c118b9a8e93bfef124f2d7a2fe56a95e eutils 6faef4c127028ccbba3a11400d24ae34 flag-o-matic eda1c0b5ba85b3eeb555a071d69eb819 libtool 52d0e17251d04645ffaa61bfdd858944 multilib 3bf24e6abb9b76d9f6c20600f0b716bf pam aa1ebb3ab720ea04dbbdd6eaaf9554ed systemd 090342761f573a8280dd5aa6b0345f3b toolchain-funcs 0dfbfa13f57c6184f4728d12ac002aac user f54e098dd38ba1c0847a13e685b87747 versionator cd0bcdb170807e4a1984115e9d53a26f
|
||||||
|
_md5_=99cf0d8b634db4e1f271aa7512b7bf8b
|
14
sdk_container/src/third_party/portage-stable/metadata/md5-cache/net-misc/openssh-6.7_p1-r3
vendored
Normal file
14
sdk_container/src/third_party/portage-stable/metadata/md5-cache/net-misc/openssh-6.7_p1-r3
vendored
Normal file
@ -0,0 +1,14 @@
|
|||||||
|
DEFINED_PHASES=configure install postinst preinst prepare setup test
|
||||||
|
DEPEND=!static? ( sctp? ( net-misc/lksctp-tools ) selinux? ( >=sys-libs/libselinux-1.28 ) skey? ( >=sys-auth/skey-1.1.5-r1 ) libedit? ( dev-libs/libedit ) >=dev-libs/openssl-0.9.6d:0[bindist=] dev-libs/openssl >=sys-libs/zlib-1.2.3 ldns? ( !bindist? ( net-libs/ldns[ecdsa,ssl] ) bindist? ( net-libs/ldns[-ecdsa,ssl] ) ) ) pam? ( virtual/pam ) kerberos? ( virtual/krb5 ) ldap? ( net-nds/openldap ) static? ( sctp? ( net-misc/lksctp-tools[static-libs(+)] ) selinux? ( >=sys-libs/libselinux-1.28[static-libs(+)] ) skey? ( >=sys-auth/skey-1.1.5-r1[static-libs(+)] ) libedit? ( dev-libs/libedit[static-libs(+)] ) >=dev-libs/openssl-0.9.6d:0[bindist=] dev-libs/openssl[static-libs(+)] >=sys-libs/zlib-1.2.3[static-libs(+)] ldns? ( !bindist? ( net-libs/ldns[ecdsa,ssl,static-libs(+)] ) bindist? ( net-libs/ldns[-ecdsa,ssl,static-libs(+)] ) ) ) virtual/pkgconfig virtual/os-headers sys-devel/autoconf !<sys-devel/gettext-0.18.1.1-r3 || ( >=sys-devel/automake-1.13:1.13 >=sys-devel/automake-1.14:1.14 ) >=sys-devel/autoconf-2.69 >=sys-devel/libtool-2.4 virtual/pkgconfig
|
||||||
|
DESCRIPTION=Port of OpenBSD's free SSH release
|
||||||
|
EAPI=4
|
||||||
|
HOMEPAGE=http://www.openssh.org/
|
||||||
|
IUSE=bindist +hpn kerberos kernel_linux ldap ldns libedit pam +pie sctp selinux skey static X X509
|
||||||
|
KEYWORDS=~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~arm-linux ~x86-linux
|
||||||
|
LICENSE=BSD GPL-2
|
||||||
|
RDEPEND=!static? ( sctp? ( net-misc/lksctp-tools ) selinux? ( >=sys-libs/libselinux-1.28 ) skey? ( >=sys-auth/skey-1.1.5-r1 ) libedit? ( dev-libs/libedit ) >=dev-libs/openssl-0.9.6d:0[bindist=] dev-libs/openssl >=sys-libs/zlib-1.2.3 ldns? ( !bindist? ( net-libs/ldns[ecdsa,ssl] ) bindist? ( net-libs/ldns[-ecdsa,ssl] ) ) ) pam? ( virtual/pam ) kerberos? ( virtual/krb5 ) ldap? ( net-nds/openldap ) pam? ( >=sys-auth/pambase-20081028 ) userland_GNU? ( virtual/shadow ) X? ( x11-apps/xauth )
|
||||||
|
REQUIRED_USE=pie? ( !static )
|
||||||
|
SLOT=0
|
||||||
|
SRC_URI=mirror://openbsd/OpenSSH/portable/openssh-6.7p1.tar.gz mirror://gentoo/openssh-6.7_p1-sctp.patch.xz hpn? ( mirror://gentoo/openssh-6.7p1-hpnssh14v5.tar.xz http://dev.gentoo.org/~vapier/dist/openssh-6.7p1-hpnssh14v5.tar.xz mirror://sourceforge/hpnssh/openssh-6.7p1-hpnssh14v5.tar.xz ) ldap? ( mirror://gentoo/openssh-lpk-6.7p1-0.3.14.patch.xz ) X509? ( http://roumenpetrov.info/openssh/x509-8.2/openssh-6.7p1+x509-8.2.diff.gz )
|
||||||
|
_eclasses_=autotools c118b9a8e93bfef124f2d7a2fe56a95e eutils 6faef4c127028ccbba3a11400d24ae34 flag-o-matic eda1c0b5ba85b3eeb555a071d69eb819 libtool 52d0e17251d04645ffaa61bfdd858944 multilib 3bf24e6abb9b76d9f6c20600f0b716bf pam aa1ebb3ab720ea04dbbdd6eaaf9554ed systemd 090342761f573a8280dd5aa6b0345f3b toolchain-funcs 0dfbfa13f57c6184f4728d12ac002aac user f54e098dd38ba1c0847a13e685b87747 versionator cd0bcdb170807e4a1984115e9d53a26f
|
||||||
|
_md5_=cce2c1d88bb21956b474c1f2c057ff08
|
14
sdk_container/src/third_party/portage-stable/metadata/md5-cache/net-misc/openssh-6.7_p1-r4
vendored
Normal file
14
sdk_container/src/third_party/portage-stable/metadata/md5-cache/net-misc/openssh-6.7_p1-r4
vendored
Normal file
@ -0,0 +1,14 @@
|
|||||||
|
DEFINED_PHASES=configure install postinst preinst prepare setup test
|
||||||
|
DEPEND=!static? ( sctp? ( net-misc/lksctp-tools ) selinux? ( >=sys-libs/libselinux-1.28 ) skey? ( >=sys-auth/skey-1.1.5-r1 ) libedit? ( dev-libs/libedit ) >=dev-libs/openssl-0.9.6d:0[bindist=] dev-libs/openssl >=sys-libs/zlib-1.2.3 ldns? ( !bindist? ( net-libs/ldns[ecdsa,ssl] ) bindist? ( net-libs/ldns[-ecdsa,ssl] ) ) ) pam? ( virtual/pam ) kerberos? ( virtual/krb5 ) ldap? ( net-nds/openldap ) static? ( sctp? ( net-misc/lksctp-tools[static-libs(+)] ) selinux? ( >=sys-libs/libselinux-1.28[static-libs(+)] ) skey? ( >=sys-auth/skey-1.1.5-r1[static-libs(+)] ) libedit? ( dev-libs/libedit[static-libs(+)] ) >=dev-libs/openssl-0.9.6d:0[bindist=] dev-libs/openssl[static-libs(+)] >=sys-libs/zlib-1.2.3[static-libs(+)] ldns? ( !bindist? ( net-libs/ldns[ecdsa,ssl,static-libs(+)] ) bindist? ( net-libs/ldns[-ecdsa,ssl,static-libs(+)] ) ) ) virtual/pkgconfig virtual/os-headers sys-devel/autoconf !<sys-devel/gettext-0.18.1.1-r3 || ( >=sys-devel/automake-1.13:1.13 >=sys-devel/automake-1.14:1.14 ) >=sys-devel/autoconf-2.69 >=sys-devel/libtool-2.4 virtual/pkgconfig
|
||||||
|
DESCRIPTION=Port of OpenBSD's free SSH release
|
||||||
|
EAPI=4
|
||||||
|
HOMEPAGE=http://www.openssh.org/
|
||||||
|
IUSE=bindist +hpn kerberos kernel_linux ldap ldns libedit pam +pie sctp selinux skey static X X509
|
||||||
|
KEYWORDS=~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~arm-linux ~x86-linux
|
||||||
|
LICENSE=BSD GPL-2
|
||||||
|
RDEPEND=!static? ( sctp? ( net-misc/lksctp-tools ) selinux? ( >=sys-libs/libselinux-1.28 ) skey? ( >=sys-auth/skey-1.1.5-r1 ) libedit? ( dev-libs/libedit ) >=dev-libs/openssl-0.9.6d:0[bindist=] dev-libs/openssl >=sys-libs/zlib-1.2.3 ldns? ( !bindist? ( net-libs/ldns[ecdsa,ssl] ) bindist? ( net-libs/ldns[-ecdsa,ssl] ) ) ) pam? ( virtual/pam ) kerberos? ( virtual/krb5 ) ldap? ( net-nds/openldap ) pam? ( >=sys-auth/pambase-20081028 ) userland_GNU? ( virtual/shadow ) X? ( x11-apps/xauth )
|
||||||
|
REQUIRED_USE=pie? ( !static )
|
||||||
|
SLOT=0
|
||||||
|
SRC_URI=mirror://openbsd/OpenSSH/portable/openssh-6.7p1.tar.gz mirror://gentoo/openssh-6.7_p1-sctp.patch.xz hpn? ( mirror://gentoo/openssh-6.7p1-hpnssh14v5.tar.xz http://dev.gentoo.org/~vapier/dist/openssh-6.7p1-hpnssh14v5.tar.xz mirror://sourceforge/hpnssh/openssh-6.7p1-hpnssh14v5.tar.xz ) ldap? ( mirror://gentoo/openssh-lpk-6.7p1-0.3.14.patch.xz ) X509? ( http://roumenpetrov.info/openssh/x509-8.2/openssh-6.7p1+x509-8.2.diff.gz )
|
||||||
|
_eclasses_=autotools c118b9a8e93bfef124f2d7a2fe56a95e eutils 6faef4c127028ccbba3a11400d24ae34 flag-o-matic eda1c0b5ba85b3eeb555a071d69eb819 libtool 52d0e17251d04645ffaa61bfdd858944 multilib 3bf24e6abb9b76d9f6c20600f0b716bf pam aa1ebb3ab720ea04dbbdd6eaaf9554ed systemd 090342761f573a8280dd5aa6b0345f3b toolchain-funcs 0dfbfa13f57c6184f4728d12ac002aac user f54e098dd38ba1c0847a13e685b87747 versionator cd0bcdb170807e4a1984115e9d53a26f
|
||||||
|
_md5_=5772ef3fca88f8e864f3b29e1a57d2dd
|
@ -1,6 +1,122 @@
|
|||||||
# ChangeLog for net-misc/openssh
|
# ChangeLog for net-misc/openssh
|
||||||
# Copyright 1999-2014 Gentoo Foundation; Distributed under the GPL v2
|
# Copyright 1999-2015 Gentoo Foundation; Distributed under the GPL v2
|
||||||
# $Header: /var/cvsroot/gentoo-x86/net-misc/openssh/ChangeLog,v 1.521 2014/04/25 07:11:59 polynomial-c Exp $
|
# $Header: /var/cvsroot/gentoo-x86/net-misc/openssh/ChangeLog,v 1.544 2015/02/27 22:06:53 chutzpah Exp $
|
||||||
|
|
||||||
|
*openssh-6.7_p1-r4 (27 Feb 2015)
|
||||||
|
|
||||||
|
27 Feb 2015; Patrick McLean <chutzpah@gentoo.org>
|
||||||
|
+files/openssh-6.7_p1-xmalloc-include.patch, +openssh-6.7_p1-r4.ebuild:
|
||||||
|
Add patch to fix crasher bug triggered on hardened x86_64 machines with
|
||||||
|
USE=X509 and ancient clients.
|
||||||
|
|
||||||
|
31 Jan 2015; Lars Wendler <polynomial-c@gentoo.org>
|
||||||
|
-openssh-6.6_p1-r1.ebuild, -openssh-6.6.1_p1-r4.ebuild,
|
||||||
|
-openssh-6.7_p1-r1.ebuild, -openssh-6.7_p1-r2.ebuild,
|
||||||
|
-files/openssh-5.9_p1-sshd-gssapi-multihomed.patch,
|
||||||
|
-files/openssh-6.3_p1-x509-glue.patch,
|
||||||
|
-files/openssh-6.5_p1-hpn-cipher-align.patch,
|
||||||
|
-files/openssh-6.6_p1-openssl-ignore-status.patch,
|
||||||
|
-files/openssh-6.6.1_p1.patch, -files/openssh-6.6_p1-x509-glue.patch,
|
||||||
|
-files/openssh-6.6_p1-x509-hpn14v4-glue-p2.patch:
|
||||||
|
Removed old (and vulnerable) versions.
|
||||||
|
|
||||||
|
31 Dec 2014; Mike Frysinger <vapier@gentoo.org> openssh-6.7_p1.ebuild:
|
||||||
|
Mark arm64/m68k/s390/sh stable.
|
||||||
|
|
||||||
|
31 Dec 2014; Mike Frysinger <vapier@gentoo.org> openssh-6.7_p1-r3.ebuild,
|
||||||
|
openssh-6.7_p1.ebuild:
|
||||||
|
Note the removal of USE=tcpd support due to upstream #533462 by Martin
|
||||||
|
Mokrejš.
|
||||||
|
|
||||||
|
06 Dec 2014; Agostino Sarubbo <ago@gentoo.org> openssh-6.7_p1.ebuild:
|
||||||
|
Stable for ia64, wrt bug #505942
|
||||||
|
|
||||||
|
04 Dec 2014; Agostino Sarubbo <ago@gentoo.org> openssh-6.7_p1.ebuild:
|
||||||
|
Stable for ppc64, wrt bug #505942
|
||||||
|
|
||||||
|
03 Dec 2014; Agostino Sarubbo <ago@gentoo.org> openssh-6.7_p1.ebuild:
|
||||||
|
Stable for ppc, wrt bug #505942
|
||||||
|
|
||||||
|
02 Dec 2014; Agostino Sarubbo <ago@gentoo.org> openssh-6.7_p1.ebuild:
|
||||||
|
Stable for alpha, wrt bug #505942
|
||||||
|
|
||||||
|
01 Dec 2014; Agostino Sarubbo <ago@gentoo.org> openssh-6.7_p1.ebuild:
|
||||||
|
Stable for sparc, wrt bug #505942
|
||||||
|
|
||||||
|
29 Nov 2014; Markus Meier <maekke@gentoo.org> openssh-6.7_p1.ebuild:
|
||||||
|
arm stable, bug #505942
|
||||||
|
|
||||||
|
29 Nov 2014; Agostino Sarubbo <ago@gentoo.org> openssh-6.7_p1.ebuild:
|
||||||
|
Stable for x86, wrt bug #505942
|
||||||
|
|
||||||
|
29 Nov 2014; Agostino Sarubbo <ago@gentoo.org> openssh-6.7_p1.ebuild:
|
||||||
|
Stable for amd64, wrt bug #505942
|
||||||
|
|
||||||
|
*openssh-6.7_p1-r3 (25 Nov 2014)
|
||||||
|
|
||||||
|
25 Nov 2014; Patrick McLean <chutzpah@gentoo.org> +openssh-6.7_p1-r3.ebuild:
|
||||||
|
Revision bump, make the /var/run -> /run move only apply when kernel_linux is
|
||||||
|
on, /run is a Linux-ism.
|
||||||
|
|
||||||
|
*openssh-6.7_p1-r2 (24 Nov 2014)
|
||||||
|
|
||||||
|
24 Nov 2014; Patrick McLean <chutzpah@gentoo.org> +openssh-6.7_p1-r2.ebuild:
|
||||||
|
Revision bump, migrate /var/run to /run.
|
||||||
|
|
||||||
|
*openssh-6.7_p1-r1 (24 Nov 2014)
|
||||||
|
|
||||||
|
24 Nov 2014; Patrick McLean <chutzpah@gentoo.org> +openssh-6.7_p1-r1.ebuild,
|
||||||
|
+files/openssh-6.7_p1-sctp-x509-glue.patch,
|
||||||
|
+files/openssh-6.7_p1-x509-glue.patch:
|
||||||
|
Revision bump, add the X509 version 8.2 patch.
|
||||||
|
|
||||||
|
24 Nov 2014; Jeroen Roovers <jer@gentoo.org> openssh-6.7_p1.ebuild:
|
||||||
|
Stable for HPPA (bug #505942).
|
||||||
|
|
||||||
|
16 Nov 2014; Mike Frysinger <vapier@gentoo.org> openssh-6.7_p1.ebuild:
|
||||||
|
Pull in lksctp-tools for USE=sctp #529436 by Michał Górny.
|
||||||
|
|
||||||
|
*openssh-6.7_p1 (15 Nov 2014)
|
||||||
|
|
||||||
|
15 Nov 2014; Mike Frysinger <vapier@gentoo.org>
|
||||||
|
+files/openssh-6.7_p1-openssl-ignore-status.patch,
|
||||||
|
+files/openssh-6.7_p1-sshd-gssapi-multihomed.patch, +openssh-6.7_p1.ebuild,
|
||||||
|
metadata.xml:
|
||||||
|
Version bump #524662 by Lars Wendler.
|
||||||
|
|
||||||
|
15 Nov 2014; Mike Frysinger <vapier@gentoo.org> openssh-6.6.1_p1-r4.ebuild:
|
||||||
|
Add USE=pie to control building sshd as a PIE #504764 by David Kredba. Reject
|
||||||
|
pie/static USE combos #507434 by Alexander Hof.
|
||||||
|
|
||||||
|
*openssh-6.6.1_p1-r4 (28 Sep 2014)
|
||||||
|
|
||||||
|
28 Sep 2014; Lars Wendler <polynomial-c@gentoo.org>
|
||||||
|
-openssh-6.6.1_p1-r2.ebuild, -openssh-6.6.1_p1-r3.ebuild,
|
||||||
|
+openssh-6.6.1_p1-r4.ebuild,
|
||||||
|
-files/openssh-6.6.1_p1-x509-hpn14v4-glue-p2.patch:
|
||||||
|
Fixed bug value assigned for SSH_BUG_LARGEWINDOW with
|
||||||
|
openssh-6.6.1p1-hpnssh14v5 patch (bug #523962).
|
||||||
|
|
||||||
|
*openssh-6.6.1_p1-r3 (08 Sep 2014)
|
||||||
|
|
||||||
|
08 Sep 2014; Lars Wendler <polynomial-c@gentoo.org>
|
||||||
|
+openssh-6.6.1_p1-r3.ebuild, +files/openssh-6.6.1_p1-x509-glue.patch,
|
||||||
|
+files/openssh-6.6.1_p1-x509-hpn14v5-glue.patch:
|
||||||
|
Bumped hpn patch to 14v5 and X509 patch to version 8.0.
|
||||||
|
|
||||||
|
*openssh-6.6.1_p1-r2 (04 Aug 2014)
|
||||||
|
|
||||||
|
04 Aug 2014; Lars Wendler <polynomial-c@gentoo.org>
|
||||||
|
-openssh-6.6.1_p1-r1.ebuild, +openssh-6.6.1_p1-r2.ebuild:
|
||||||
|
Fixed version number reported by openssh. Thanks to Luis Ressel for reporting
|
||||||
|
this in bug #519078.
|
||||||
|
|
||||||
|
*openssh-6.6.1_p1-r1 (04 Aug 2014)
|
||||||
|
|
||||||
|
04 Aug 2014; Lars Wendler <polynomial-c@gentoo.org> -openssh-6.6.1_p1.ebuild,
|
||||||
|
+openssh-6.6.1_p1-r1.ebuild, files/openssh-6.6.1_p1.patch:
|
||||||
|
Fixed mistakenly replaced @ char. Thanks to Luis Ressel for reporting this in
|
||||||
|
bug #519076.
|
||||||
|
|
||||||
*openssh-6.6.1_p1 (25 Apr 2014)
|
*openssh-6.6.1_p1 (25 Apr 2014)
|
||||||
|
|
||||||
|
@ -2,44 +2,44 @@
|
|||||||
Hash: SHA256
|
Hash: SHA256
|
||||||
|
|
||||||
AUX openssh-4.7_p1-GSSAPI-dns.patch 4494 SHA256 88a08f349258d4be5b2faa838a89fe1aa0196502990b745ac0e3a70dda30a0d7 SHA512 4d00a9ed79f66b92502c3e5ee580523f63d7b3643fe1bd330ff97994acce527d4d285d38199cef66eddc0ef68afabf7b268abc60cba871bac5d2e99045d4ac11 WHIRLPOOL 2f118fd2f016c529dbc31e8f2b6b418931e6770ab02c28b7feeaba93e84e7fcd1c742f4420a43a9fec0bdfaa4d4bc7cf14fb860c0a56c68a30e7b136fb60bcdb
|
AUX openssh-4.7_p1-GSSAPI-dns.patch 4494 SHA256 88a08f349258d4be5b2faa838a89fe1aa0196502990b745ac0e3a70dda30a0d7 SHA512 4d00a9ed79f66b92502c3e5ee580523f63d7b3643fe1bd330ff97994acce527d4d285d38199cef66eddc0ef68afabf7b268abc60cba871bac5d2e99045d4ac11 WHIRLPOOL 2f118fd2f016c529dbc31e8f2b6b418931e6770ab02c28b7feeaba93e84e7fcd1c742f4420a43a9fec0bdfaa4d4bc7cf14fb860c0a56c68a30e7b136fb60bcdb
|
||||||
AUX openssh-5.9_p1-sshd-gssapi-multihomed.patch 6622 SHA256 f5ae8419023d9e5f64c4273e43d60664d0079b5888ed999496038f295852e0ae SHA512 ffa45e97e585c8624792e039e7571b2bb5f38e4554de8bfc1d532f3348fa4a712ea1b6ca054e6a59ed1321a15cf1a9d3bdf3f399cec315346db89bae77abf57d WHIRLPOOL cc4871e3fb91a8075a13b5e49d7d3e0e83106bae0820ae3cf19d3427aad3d701b8f25b2cc2cc881a6315f8e5114fb82da9ca335acccb24afe221d66574fb7685
|
|
||||||
AUX openssh-6.3_p1-x509-glue.patch 555 SHA256 1166dba2fe590dfee70119ce6dd79f535d7146d0afb8d36bf7a28505ba93a273 SHA512 1a3c2467215dde959fecdd563069d605f29632a7ffc385039a6fc90b2317ca56d463d0abb91a8bb594d321f64456f75a973bb62625deebe92f8787439416b82d WHIRLPOOL f894d19843a3c018efbe3ed365c8abbee52b1d7a3afea11b292a085996fef8d3cc9889a0e6ae596d4db876ed96efcb73d1823a677eac6779f8793c2fb3677cda
|
|
||||||
AUX openssh-6.3_p1-x509-hpn14v2-glue.patch 1451 SHA256 d7179b3c16edd065977aaf56a410e2b9b237206fb619474f312972b430b73c8d SHA512 02577e3f718ff994bb4e962189f17048b4c03104d0a1981683f3c6a1d6d30701db368e132102c8396da2c0f5eb2f6602b26f32f74d19382af34bd9a93fc508f3 WHIRLPOOL b7d224d71634f380bd31b3a1dd3e588a29582255f717a6a308738ad58b485b693d827a53704479995ec2ebca53c9dc9b2113d8de52a1336b67ce83943f946b77
|
AUX openssh-6.3_p1-x509-hpn14v2-glue.patch 1451 SHA256 d7179b3c16edd065977aaf56a410e2b9b237206fb619474f312972b430b73c8d SHA512 02577e3f718ff994bb4e962189f17048b4c03104d0a1981683f3c6a1d6d30701db368e132102c8396da2c0f5eb2f6602b26f32f74d19382af34bd9a93fc508f3 WHIRLPOOL b7d224d71634f380bd31b3a1dd3e588a29582255f717a6a308738ad58b485b693d827a53704479995ec2ebca53c9dc9b2113d8de52a1336b67ce83943f946b77
|
||||||
AUX openssh-6.5_p1-hpn-cipher-align.patch 3024 SHA256 c79e3a201b2150e2fbc1e869233bac6acc27b2b126d4539cc09aa651fb2e60af SHA512 6efc2fa5f0e9b508e162bf20ab21d2c639888250387fa58ec0d812c7b1db125d8c654a0286a8ffc0d5530e5f0ec0ed723f3a5c0b7bd593b356aee2e811a1f4ec WHIRLPOOL 729c14b8d6f55d789ae2ea0e9cb2e0a4caba62dffced273de5c7254732e94673c1dc2d9e260d56e3a641e03ebab55d61c8ab7541fbf75957855b811def115677
|
AUX openssh-6.6.1_p1-x509-glue.patch 635 SHA256 381794bdfc4880da4411041ab1f795cba303644b0a35e88f0f452fca8c2bfbb8 SHA512 6d3adefc5449f812052221b69c588f9948e6116dd5c5644db4e0426264f06fd9a15f04364c2484ce03267f4a84b8806de7d7a7c9140538d73be9e7b50f4eeb47 WHIRLPOOL 823249e96f7175eef09f86dbcc67f6158c23f453eaa940a33c18a838389204cd3a43f5dccd39b6004e05cb05ea327d33be91c2ee1eb4525f13dc29e6943ea6b6
|
||||||
AUX openssh-6.6.1_p1-x509-hpn14v4-glue-p2.patch 1003 SHA256 e22812a235d2d9ad5bfe0e92dce104429031c8c7d3cfd1bef271e68dd30545c7 SHA512 16dacf6caa5bd622274b08d643a55fbb47f234481a72e4de6989355fd8580cde3d55e2039fab925e72c9f5a7fcf8de7c2f1c5281454df1cb190c966bc1a06ced WHIRLPOOL 093386515423ef78ea39de1657b2b8688e51147172457ea3253fd469b3b3d9f364565a21f979cf99876a3de75cdc5e9a97f743fdedca429e4181f021a7dac224
|
AUX openssh-6.6.1_p1-x509-hpn14v5-glue.patch 1003 SHA256 a8506f57fb67be25fcba9ee462abc083876f3524b442428a07cf0bbe78735bf5 SHA512 d63eba36ea8488de8bd77fd0b2d005a208f8cf77ae6cf161a063d7efb049b66c7d9f8a12e8fb2f85b73276ba07e52d766bbae26dfd5f2a8537cdd7d991ba94aa WHIRLPOOL a52b2ddbd65bbee865b9fee8dcac6d29cf3a7af61431550bc2f32f9b147bc03fb448cf65e56531c11ec6bb2361515b47a6d9c13db62723e631ea0ef3fc937f6c
|
||||||
AUX openssh-6.6.1_p1.patch 5817 SHA256 94304e311d7e290d97ba017d07fc89ba7de46af9f9918b5594bcaf8f25567661 SHA512 0cd29a21beb038d1f4093d0872ad477942113e9c991153d3c80ee8aa02c1e7c7108c6c8f85bb097bc0f9f46ef6e05f7ce4c6ee1a55cda1ee39886a5d0304f606 WHIRLPOOL b464f6e93b4036ec87652e3489b45fc15a821264a7458177091637fd0195ffbe36abff4da3afc84927dd73773402a0e7b1c2c4af2532b1d710d820247526c635
|
AUX openssh-6.7_p1-openssl-ignore-status.patch 765 SHA256 b068cc30d4bce5c457cea78233396c9793864ec909f810dd0be87d913673433a SHA512 ab15d6dfdb8d59946684501f6f30ac0eb82676855b7b57f19f2027a7ada072f9062fcb96911111a50cfc3838492faddd282db381ec83d22462644ccddccf0ae7 WHIRLPOOL c0a4ff69d65eeb40c1ace8d5be6f8e59044a8f16dc6b37e87393e79ab80935abf30a9d2a6babc043aba0477f5f79412e1ae5d373daba580178fd85ca1f60e60b
|
||||||
AUX openssh-6.6_p1-openssl-ignore-status.patch 741 SHA256 604b0a5365c1b01c9ab26bf1a60acfe43246e1e44e2f0e78d7ec1e47856599e4 SHA512 578afe9ddb836d16d90eb8b0cf10e9282d9c5c5e639962034490cec0aab1bf98cae9b46fe7850446d0cdd93e848d98ca7ed0bdf2bfec6aad418f4c962d4ea08d WHIRLPOOL d30c079eee59281aa87935ad948c59a4c01f858b88d701575d58737cfe555a5229a5f921bfebe34a69dcd15d2dc5efc062050d183ad5a90180aed4e5b3cdadf4
|
AUX openssh-6.7_p1-sctp-x509-glue.patch 1326 SHA256 42eb87eda1685e19add23c1304f17dabd99a1a38a57bfe2bfbb70ab85f6d385e SHA512 7f014e2b1893a5240680e2e14475d61b9b6047d1be3fe404d5971a899c122cc624546e9e5b31bfee5905cf7b4605a0871c3b00ed5c2bd28d84755a49392e1a69 WHIRLPOOL 8d6888163068dbc486bc4eff0dd7d4053f68b9848347eb520dd7d382b0b8c74e3016f7f3ed401c2c2dfd48e73a9077fb9777d39c0f236cc500c53393be426b42
|
||||||
AUX openssh-6.6_p1-x509-glue.patch 556 SHA256 b37b83b058ff9fb25742d202e0169afc204f135012624bb2811dcacfa9fb346b SHA512 e9535477fe4b0232d2a06edb9f73d8c50baa77ddcffd166624ea8352f298ad119622347c62c1d1e555318e9e6c7d981d2e9b03c388281b6347943861e8813aea WHIRLPOOL 4f01d975e598ce0fe2160e52dbd8251fd5cdf95880d1ef09b730457620f48038156d4bf21c0810978bfc65c9feb90cdfed97aa20018bc175759096dcd3a044d0
|
AUX openssh-6.7_p1-sshd-gssapi-multihomed.patch 5489 SHA256 d2a1735b523709a4b4ceaa57862ecb21a95656678bacc5b7da59dc46187ad997 SHA512 a8b8d2c2ab4520c8c7315f6130ee44fec48935a129ce7c7e51a068a4de2c7528980437246b61e4abc4cff614466f8054c554cdbaad4eb0d1f4afcfb434c30bbc WHIRLPOOL e4b97398c324360576a04792357f66be3ed9f17e4113f75275f8422ee0b7ecf28073c7cde01a63e24fa0901b14db822d22d7d2c5936bbee3bd5874a867066967
|
||||||
AUX openssh-6.6_p1-x509-hpn14v4-glue-p2.patch 999 SHA256 748f7caa953028da111d6f18ba91652a4821bc9bca60f5d4a90a6501c0098853 SHA512 d1b3790fc164c803e81c803b9e19e0bc351d2b9f353edb1d3531139898b372731b46fab5974a084830b2bab889b06fa33ce23b7d941f7d61da073c1bbfc5ff51 WHIRLPOOL c1d674b8e1cdc48dd0d8b2e7c8bf8e68cec757578f1217555e37eda8723e83e93b2ce183462499ad2165723eca2350544f810a1d6ec95ce4537a527f7918f117
|
AUX openssh-6.7_p1-x509-glue.patch 1633 SHA256 58031e90e0bf220028934ab590af6ccfc45722629b2416df13d84f10c9b94478 SHA512 364ca0280be5cc83d1dedf7727323fd5fc0093c6dbcf9cc8ccaa30ee754b866584be28da1166953f03faf8745d6364e33fad7daad9be9a29681a8674eb9d292b WHIRLPOOL b79a6cff897be78793bbf2ca03154103aa1380647b8c53e104155fd68122568a8e7dea23996213b192e4269f980b1035d3ca395dbd2c318fd81a45f44d110c31
|
||||||
|
AUX openssh-6.7_p1-xmalloc-include.patch 390 SHA256 ea43a6a211d8cae4a078b748736f43d4a9d11804ace65886dec826b878dec28e SHA512 b51d9149418217828bdc53c234e248f8be1703b480ccf808814d37cd2589bccdbecff0046d2f2d0e4626420d0d4c2e02d25a9cc07ae31b365cd0b848ccc02035 WHIRLPOOL 04b298eb481fef585b055eb3d706cca55ad6efed6168246f0031e5f614085ae5e70cbb77717047d6c70d7d13a6846657e4a0089d4b8cdf5d9d05652ee22f7209
|
||||||
AUX sshd.confd 396 SHA256 29c6d57ac3ec6018cadc6ba6cd9b90c9ed46e20049b970fdcc68ee2481a2ee41 SHA512 b9ae816af54a55e134a9307e376f05367b815f1b3fd545c2a2c312d18aedcf907f413e8bad8db980cdd9aad4011a72a79e1e94594f69500939a9cb46287f2f81 WHIRLPOOL 69f43e6192e009a4663d130f7e40ee8b13c6eb9cc7d960b5e0e22f5d477649c88806a9d219efef211f4346582c2bb51e40d230a8191e5953dbe08bfff976ae53
|
AUX sshd.confd 396 SHA256 29c6d57ac3ec6018cadc6ba6cd9b90c9ed46e20049b970fdcc68ee2481a2ee41 SHA512 b9ae816af54a55e134a9307e376f05367b815f1b3fd545c2a2c312d18aedcf907f413e8bad8db980cdd9aad4011a72a79e1e94594f69500939a9cb46287f2f81 WHIRLPOOL 69f43e6192e009a4663d130f7e40ee8b13c6eb9cc7d960b5e0e22f5d477649c88806a9d219efef211f4346582c2bb51e40d230a8191e5953dbe08bfff976ae53
|
||||||
AUX sshd.pam_include.2 156 SHA256 166136e27d653e0bf481a6ca79fecb7d9fa2fc3d597d041f97df595f65a8193c SHA512 d3f7e6ca8c9f2b5060ebccb259316bb59c9a7e158e8ef9466765a20db263a4043a590811f1a3ab072b718dbd70898bc69b77e0b19603d7f394b5ac1bd0a4a56c WHIRLPOOL ba7a0a8c3bb39c5fda69de34b822a19696398e0a8789211ac1faae787ee34f9639eb35efe29c67f874b5f9fe674742503e570f441c005974f4a0c93468b8970b
|
AUX sshd.pam_include.2 156 SHA256 166136e27d653e0bf481a6ca79fecb7d9fa2fc3d597d041f97df595f65a8193c SHA512 d3f7e6ca8c9f2b5060ebccb259316bb59c9a7e158e8ef9466765a20db263a4043a590811f1a3ab072b718dbd70898bc69b77e0b19603d7f394b5ac1bd0a4a56c WHIRLPOOL ba7a0a8c3bb39c5fda69de34b822a19696398e0a8789211ac1faae787ee34f9639eb35efe29c67f874b5f9fe674742503e570f441c005974f4a0c93468b8970b
|
||||||
AUX sshd.rc6.4 2313 SHA256 97221a017d8ee9de996277c5a794d973a0b5e8180c29c97b3652bd1984a7b5d0 SHA512 88826bc9923299ac4c1502e7076483d6c197fd5a0e693bc2e1690f82bcd7d1bbd144aae2ffd92acb28d6fe912233aa93346e00c72917de65c22811ce9cd5bff7 WHIRLPOOL a77bad5891eb74770ae12e79131a99e5645a83841d14f1d60e39581a23b9d86e66b2e5fb7d0c989afac410eb5c6a627b83389d54085d1b78c89fc07852f8eb66
|
AUX sshd.rc6.4 2313 SHA256 97221a017d8ee9de996277c5a794d973a0b5e8180c29c97b3652bd1984a7b5d0 SHA512 88826bc9923299ac4c1502e7076483d6c197fd5a0e693bc2e1690f82bcd7d1bbd144aae2ffd92acb28d6fe912233aa93346e00c72917de65c22811ce9cd5bff7 WHIRLPOOL a77bad5891eb74770ae12e79131a99e5645a83841d14f1d60e39581a23b9d86e66b2e5fb7d0c989afac410eb5c6a627b83389d54085d1b78c89fc07852f8eb66
|
||||||
AUX sshd.service 242 SHA256 1351c43fe8287f61255ace9fa20790f770d69296b4dd31b0c583983d4cc59843 SHA512 77f50c85a2c944995a39819916eb860cfdc1aff90986e93282e669a0de73c287ecb92d550fd118cfcc8ab538eab677e0d103b23cd959b7e8d9801bc37250c39c WHIRLPOOL 0f5c48d709274c526ceee4f26e35dcb00816ffa9d6661acc1e4e462acb38c3c6108b0e87783eff9da1b1868127c5550c57a5a0a9d7270b927ac4b92191876989
|
AUX sshd.service 242 SHA256 1351c43fe8287f61255ace9fa20790f770d69296b4dd31b0c583983d4cc59843 SHA512 77f50c85a2c944995a39819916eb860cfdc1aff90986e93282e669a0de73c287ecb92d550fd118cfcc8ab538eab677e0d103b23cd959b7e8d9801bc37250c39c WHIRLPOOL 0f5c48d709274c526ceee4f26e35dcb00816ffa9d6661acc1e4e462acb38c3c6108b0e87783eff9da1b1868127c5550c57a5a0a9d7270b927ac4b92191876989
|
||||||
AUX sshd.socket 136 SHA256 c055abcd10c5d372119cbc3708661ddffccdee7a1de1282559c54d03e2f109d9 SHA512 4d31d373b7bdae917dc0cf05418c71d4743e98e354aefcf055f88f55c9c644a5a0e0e605dbb8372c1b98d17c0ea1c8c0fee27d38ab8dbe23c7e420a6a78c6d42 WHIRLPOOL 102d87b708c31e5994e8005437c78b1aa756c6def4ee9ae2fa9be1438f328fc28c9152a4ff2528941be18f1311594490ecd98b66716ec74e970aa3725a98e2e5
|
AUX sshd.socket 136 SHA256 c055abcd10c5d372119cbc3708661ddffccdee7a1de1282559c54d03e2f109d9 SHA512 4d31d373b7bdae917dc0cf05418c71d4743e98e354aefcf055f88f55c9c644a5a0e0e605dbb8372c1b98d17c0ea1c8c0fee27d38ab8dbe23c7e420a6a78c6d42 WHIRLPOOL 102d87b708c31e5994e8005437c78b1aa756c6def4ee9ae2fa9be1438f328fc28c9152a4ff2528941be18f1311594490ecd98b66716ec74e970aa3725a98e2e5
|
||||||
AUX sshd_at.service 176 SHA256 332f5ffc30456fe2494095c2aabd1e6e02075ce224e2d49708ac7ccf6d341998 SHA512 662a9c2668902633e6dbcb9435ac35bec3e224afdb2ab6a1df908618536ae9fc1958ba1d611e146c01fddb0c8f41eefdc26de78f45b7f165b1d6b2ee2f23be2a WHIRLPOOL aeb32351380dd674ef7a2e7b537f43116c189f7fddb8bdb8b2c109e9f62b0a73cc0f29f2d46270e658ab6409b8d3671ce9e0d0ba7c0d3674c2f85291a73e6df1
|
AUX sshd_at.service 176 SHA256 332f5ffc30456fe2494095c2aabd1e6e02075ce224e2d49708ac7ccf6d341998 SHA512 662a9c2668902633e6dbcb9435ac35bec3e224afdb2ab6a1df908618536ae9fc1958ba1d611e146c01fddb0c8f41eefdc26de78f45b7f165b1d6b2ee2f23be2a WHIRLPOOL aeb32351380dd674ef7a2e7b537f43116c189f7fddb8bdb8b2c109e9f62b0a73cc0f29f2d46270e658ab6409b8d3671ce9e0d0ba7c0d3674c2f85291a73e6df1
|
||||||
DIST openssh-6.6.1p1-hpnssh14v4.diff.xz 20952 SHA256 cd65166bbc5d0790d4e60fcac592c2b1861171bdaaf31f56ac2a30e8cdf2b4bc SHA512 0867a935f88bd4d34616658d965ed9a6947b0653e455c7398297be1958bad970de76aa47563f0d44244d006c039e040498ce922e904b8d9ca9a5f1ef7704616c WHIRLPOOL 8a84968ceb062a13ad58b95b5e0bf9b0efdedd8c0e81d3231aceda3df33e504e39676bc7d2310027ba103f8f04778664bacce09b9e3e1ef76d359f2372329267
|
DIST openssh-6.7_p1-sctp.patch.xz 7408 SHA256 b33e82309195f2a3f21a9fb14e6da2080b096dcf0d6f1c36c93cdeac683fdd59 SHA512 35da5e58f857e8b24e63b4058e946b71fdf0fecc637cb7af0ba8913869e5aadf8317805838936c84dc24421f03c5c91e1670761bed152fdf325c5a509f1b5d04 WHIRLPOOL cc7bace4aa60d720914e3a6a4ff650b7543d9e4963deab12c19cb5d798547b4fe547690946ff8955e121339e9a3d0ebe06f3ff758cca4bb81a09ac43fc877f58
|
||||||
DIST openssh-6.6p1+x509-7.9.diff.gz 224691 SHA256 463473f75c1dc250ea4eda21f2c79df6f0b479ea499d044cb51d73073881ca34 SHA512 dc9ee7f0589aa0ba8d3c1c40c505f99a811845d8952bf6bf6b8bd3a00ef4813f3b71db32aadf252d7a320a8bf9cdcdf30b71292869d7830cc42f15ce3d1f3c49 WHIRLPOOL 61158e0dac934d375758904382882e7cd276d076a95ba2be32d03f4a7c7969943bd8d63c269ff16ab78928d7c97465f6e417730be14b5efacf64a029e2f950d7
|
DIST openssh-6.7p1+x509-8.2.diff.gz 241798 SHA256 85acfcd560b40d4533b82a4e3f443b7137b377868bab424dacdf00581c83240f SHA512 d33ece7ddf382235b032875cf961845b308dc5e4cd1888cb68fee11c95066bb90938f9043cb9410f372efb578b61dfd5d50341da95a92fab5a4c209ac54e1f5e WHIRLPOOL b1fe2b88f0e77312099171f5c83dc670abc4c40d215fdff1e43161e44f806de9e0537cfa3a0001e1c7bbc0d0aed555079455f88b8ff313b00d8e9a19dabcb7d8
|
||||||
DIST openssh-6.6p1-hpnssh14v4.diff.xz 20932 SHA256 16dcc68c399990ec0c801d421d022ceeae0e3aec1e6ffd3fecc5e2f4768cc91b SHA512 7900ccf5ba5fcef5e6f3ed1b3263ad348a4bf63879905bbf9ce5212af64c7f4dae396989c67361ef1b5dfaf97a2d340b3bf75bf37f206b9a18ebee5d84044e2d WHIRLPOOL 163ce9e319cef4dcaf6f38f42afc3b75c6e89c38b43c04189c64c72b4b58bc3f9d7042c7b67243879c87cbe410a607296917e94ff042df2c0a29f2ef82792774
|
DIST openssh-6.7p1-hpnssh14v5.tar.xz 25652 SHA256 7284db65548b6b04142930da86972f96b1f5aa8ad3fc125134412f904f369d7e SHA512 21929805f40c79684ee3ecdb2b495d3204dca90b932aa633c4e0f6a093a417259cdeee10b3e49f3dff426febc6792f45ee23cc0688f05bf047630f3016e0926a WHIRLPOOL 5515cd4c745b061a3e92ac03e8121fb3ffc4b2ff116140625ca7ab2c0211c673b6345e5b08134df8b1743e03f9964017e789e1f0b9da99a0fd5970e14665e681
|
||||||
DIST openssh-6.6p1.tar.gz 1282502 SHA256 48c1f0664b4534875038004cc4f3555b8329c2a81c1df48db5c517800de203bb SHA512 3d3566ed87649882702cad52db1adefebfb3ef788c9f77a493f99db7e9ca2e8edcde793dd426df7df0aed72a42a31c20a63ef51506111369d3a7c49e0bf6c82b WHIRLPOOL 8630c81481a813a92da9c302d22135fe519fcc4826a892080e5a15368d13a6b47947ef47d53aad0a34e6ea49ce4caccc8f06e8afc2c90db0402fbcc2184efe89
|
DIST openssh-6.7p1.tar.gz 1351367 SHA256 b2f8394eae858dabbdef7dac10b99aec00c95462753e80342e530bbb6f725507 SHA512 2469dfcd289948374843311dd9e5f7e144ce1cebd4bfce0d387d0b75cb59f3e1af1b9ebf96bd4ab6407dfa77a013c5d25742971053e61cae2541054aeaca559d WHIRLPOOL ac8ce86d0f6c78c4cb3624b480f189f951d508db38b22d7a5550b7302d5277c1c7d18eaa713d52139abc0f77edacfdb03ced2603125e3ddf9bc09c69e6b70518
|
||||||
DIST openssh-lpk-6.5p1-0.3.14.patch.gz 18217 SHA256 ad678f366dd7ef63ee164e29b59a4a4d264de9ddf9ad2c1d59178779e83539f3 SHA512 16f0053663ffc9a0670dbf8956dc070e6891e1e47cb1fbbea9567a6a4368c5500bf7e2ff7a2eb7208e651a0121088c271fb0a6ece62b98d103b3337866374610 WHIRLPOOL 34ee5a67e4cb0eb5d8126fde5469b73e0c81d4a7795cd9849c671922227eb8a6767cecf3097acbff338a47c3a7930b285fa4ecf2ebe74cb2e9186f93ec70c40c
|
DIST openssh-lpk-6.7p1-0.3.14.patch.xz 16920 SHA256 0203e6e44e41d58ec46d1611d7efc985134e662bbee51632c29f43ae809003f0 SHA512 344ccde4a04aeb1500400f779e64b2d8a5ad2970de3c4c343ca9605758e22d3812ef5453cd3221b18ad74a9762583c62417879107e4e1dda1398a6a65bcd04b2 WHIRLPOOL 5b6beeb743d04deea70c8b471a328b5f056fd4651e1370c7882e5d12f54fa2170486dcd6f97aa8c58e80af9a2d4012e2dfbcf53185317976d309783ca8d6cf73
|
||||||
EBUILD openssh-6.6.1_p1.ebuild 9942 SHA256 e22a5d870c7df47061d0afbac2c0c5f11d015a51aad6e7ca6b6f5337e72b97c9 SHA512 1d83572bf34d95687a9c36d2680e3e888d1286762a5300b06d5f81d741802364c056d3b879c79ccb26517d2aec59435a99ba22051aef3e379824b79ee2fe9bcf WHIRLPOOL 29828c94bcdea63fece0a2e7a00ab5594e85cb052cf1177ff9353c5986f494f51b98aae44d1bf9754869a765131b4a74a3f2e2fb20a1e6c93bb293e4d50aa675
|
EBUILD openssh-6.7_p1-r3.ebuild 10078 SHA256 1a58e95c28b5b938f2f15b3fec5688dc9509bb038805b0348b11ac31ed3c57e0 SHA512 add8eaebb3c91983a7bac78011700c110917dea6409bf46e784d7e17b1891facb3baacaa0bda71eb2c9b6017fbf1a21b5846434fba8d588724da871e7824f498 WHIRLPOOL 47e04a0644a592e29aaa9ac00b03a377e81cdb1d886119c21a77a0a351c0cea34018a24406449faa814c2f06e1c03b43ac16a78983bb4a9f57c36834ad7babcb
|
||||||
EBUILD openssh-6.6_p1-r1.ebuild 9874 SHA256 223b5e4c5d0d3152e8ffadd20e8bcc391620c779749cf6ff235f0d3a857f7409 SHA512 3104586dedfb189adc780bf56cb030f3a9c2427fe07ce340424ea4e279b6335653b2eb38f9d86a8f6ac76360cd94b87d858863fd79b2054763f72ccb83f1a0ed WHIRLPOOL 1bef688d59baf3cf10ce3ab60f3eeb6e6cf875989ffcf711628f56b34a1344838c3a46ae548399c49f11459e5dd2045fcef810691421e69ef02eb92489c22824
|
EBUILD openssh-6.7_p1-r4.ebuild 10138 SHA256 e4f6c4e80485352cc75e62c0212670a0d7f4a19bcf1eed9972bbeaff8b7a2743 SHA512 fdcd7759a85412bdf05be5003d20289a862f13f945e1972e56a36602df426641ef3497399e06ff0da9a51cf2bd54831b6208ac399d42d3ce3e3b1493ffa7655c WHIRLPOOL ae24dbcc182627c356961f4ce290cb1b489e29fa13beaf27212bd4847a36f02af53a8508320cf2a76be88741297ac7533faf53c1d3b15d70299cff536ae8502f
|
||||||
MISC ChangeLog 86087 SHA256 d228fa486b75ec96ff621d7092a8985963c513a063013c486d66cd999bdf25f6 SHA512 f5bfd7c52aeb31646d0664179210523f02ea72e976c76b9695b17bd32137380465c5b4dc2e469e17ad5e3f02542555748e4aad42d54a56f57699ee36b3858456 WHIRLPOOL 5932b005760a1f9c4695a7493154e1eb0aeab5c5df423229e735d0513699e6a9d1838f87ca89b74bcbda353534ebe30171c257ee6731ccaa0ccd2cf6b78096c7
|
EBUILD openssh-6.7_p1.ebuild 10067 SHA256 970be3a06c0293262f6c59d068d290cc71935fe91f4295b1352b6c41c46c3bf7 SHA512 f2b689767c8da075f16e9e5d9fe258e22fb4019034539883d63632c1543d3141787883ec7013f87c23d709a554b4f994c4c2f41b1829e5301b55f7a5da3fbf46 WHIRLPOOL 8d70fd99a1f3307b801999a9c80be4bcc603cbc151170160d78a2fa8a50ceb701657cbb0b0eb9ccfe1287bff9299dcffb36f884b860a5ca88ac4a9936b21a574
|
||||||
MISC metadata.xml 1837 SHA256 5f8be0245926a5dc8007dd78594febffc68bbcb45306630d027666872e664050 SHA512 76e044611e16ede9bb9697c0ad448c149131f1f20b84ef1000fb77d6cec954abd48542fd26299a372b4411aa0ecb161ed38396b2c3b5c11c71a4bc247e0b23ed WHIRLPOOL 46c8b0f7911fec3ca086e1601cfab5d03e01a7d8cd2069460975545438f6fa5964f138d19a70ec7db7f1f8c9c0fbb48dcec6ee8269fa9d7b432214e9e3e46806
|
MISC ChangeLog 90520 SHA256 7c454f72794840d7da66364b62442136c3e91daf02055252c4f92b7cd9199c47 SHA512 572532d5c72adeff37a120419dc58e8d56252dafbc5f1bd8cdb8bf0547b81ddc2878a0b1944d9ff6d51fbabbee61f22c0283b38e09a60293c6ea7303cd4f94c2 WHIRLPOOL bc29ceca24b297a1f3cb2739bd0806564f792d1d58c2c781cbec437a75436b775ac2baf8985404a47fdf3129c9157ee35de18e7d8a50de5c66561df58d50e56b
|
||||||
|
MISC metadata.xml 1912 SHA256 7b838285f09ad395f237a0d0b9963eee86d0e85b58e6e5b4d5edb093fa888a0a SHA512 e55c10ffd12488720c3da19e55942cfedec63fe767fc1608439b5a3932eeb5488086ad7ef4e1f858c89381e737426f035845ea5e8bede4ed8a0ccabdc656d9b5 WHIRLPOOL 5c07b3dd4a4002cff5df62133ecf570bf79f58e9477d0ad25d60f185ee029183d11118147e3adfec373542659d921e99e787054cfe9284031c974d694de6e9ed
|
||||||
-----BEGIN PGP SIGNATURE-----
|
-----BEGIN PGP SIGNATURE-----
|
||||||
Version: GnuPG v2.0.22 (GNU/Linux)
|
Version: GnuPG v2
|
||||||
|
|
||||||
iQIcBAEBCAAGBQJTWgrAAAoJEPiazRVxLXTFdIkQAIOF7SLpIDS02wx0TP7zs6rv
|
iQIcBAEBCAAGBQJU8OqIAAoJEHy/RO9cNQiDxxsQAKcwgw0LRAp0fN2tCyitm0sW
|
||||||
GLj+3H3PwTN8CteRmm12jUYWZ5xQE2VRdE+l0lbNFhMS3DXkXJjmYSLe41m7iHY4
|
EQJfzjXV8bzPW1PRIVsru3SR5gkTaeig139jPDswmcxm3EDj+AEvQZW8UU9YnF4P
|
||||||
RrfN9JNXzxOczj2IOOeCU+NYxvCooDVDV59U7zuOGc2jwf/Nfp/DhWETsLXlFnWg
|
o/RXaGkuwquOpvDEoJ4cE1qjIYzUIIsCiaMdBshweD/Gkur+gUOYI892kHuJXPUs
|
||||||
VUE9NmWkVt8e8+RKisHUabBeTKWnQWMSbHx5dFL5C/jTgv4fNqN0132VBYBYc0cO
|
+nTpCMyhcj7mW8Ueu65xvYXxndoJq3z5ULGivex1HEGz2lPLA1TAhIaPoxIjx/dj
|
||||||
a1BufvLt+p6mKHt/Q03Qz0HjrI+IuUupsBVpGukS19A6tMJDJVaBtHclvK5bwsi2
|
9IVLqw8pZiHYY3pgqqdA880xqIXWNmPPGPFFitt3jUrCR6kisiBLdGF1edIH5+4V
|
||||||
CIV73dDFU6VqVN+YalhOhFkf6pBmUpdVjsSSQfnzvrQV/dZDZtZ0Pt+VgHsomCoq
|
3aogwWyvdoziiRN9iPtOetZT/q0KRewHUdYyEeKndtXNzb0naINOcR3IjX1RMg0V
|
||||||
2GPpTcyBZXV/HVxUXblhI0zjYFUtmQonO9tsGEd3VDQxTfZaqJmDcRJCI8ok4FoG
|
3Qcda+RwOnvG2NfsvkcYK59Ar8thQag3+xLEhTHV7K1Sgl7ndXmRA0e/Obj7TH5M
|
||||||
BSM//TUnwMhygdQyF2QacWbxI5ONQM6eUd5/KGwcULzcs5wqYjSZWIwTUq/I7Sqj
|
0Ql7L/kLkNakpZ8GNv0ZjqX2dAsjdUe0eVYKn/I+2PxIR+aw7Hjz1dtfZnXKKQM1
|
||||||
7ZYcd8oAtwpV8OiOrjs6B7znn/rBR8lBRPDJjeAqtlfAk9Lc8RCoWuNaOkaGsSyI
|
LMoVvQHJz4qR7fFu67edz3PybtOS+4BRy1Lw88I3eg1ql9hhsqQtneD2xXp8us03
|
||||||
rgAR1zWjafgokEIKf56b9ZbIgJGO37v6AIdJiPR3OrKGfbx/r3NtgSWPgfHfmzoj
|
SbuKR3GLnW1o6Ax5VDMkkW0oY2VB9FQQ3pJybkFUzjejo8hn5PG6OiM6aP15iI/Z
|
||||||
g2G2OkGu5VKOL1j6MiZeSjxnFgCZCKo9ZYM1SqPaX+P/Py6f9u9iCuAh1wqEVatR
|
0GG7VGKasywc52HEj0hq3FI/sgJDmrqk0vPBfxdsdp5e0z8uMZCBhLV5I0MVBTbK
|
||||||
5apVyMiMls/63DWB9U0a
|
Jdi46gtdvo7eCnXY8+Fk
|
||||||
=szWn
|
=nfVc
|
||||||
-----END PGP SIGNATURE-----
|
-----END PGP SIGNATURE-----
|
||||||
|
@ -1,16 +0,0 @@
|
|||||||
make x509 apply after openssh-5.9_p1-sshd-gssapi-multihomed.patch
|
|
||||||
|
|
||||||
--- openssh-6.3p1+x509-7.6.diff
|
|
||||||
+++ openssh-6.3p1+x509-7.6.diff
|
|
||||||
@@ -14784,10 +14784,9 @@
|
|
||||||
.It Cm ChallengeResponseAuthentication
|
|
||||||
Specifies whether challenge-response authentication is allowed (e.g. via
|
|
||||||
PAM or though authentication styles supported in
|
|
||||||
-@@ -490,6 +567,16 @@
|
|
||||||
+@@ -490,5 +567,15 @@
|
|
||||||
The default is
|
|
||||||
.Dq yes .
|
|
||||||
- Note that this option applies to protocol version 2 only.
|
|
||||||
+.It Cm HostbasedAlgorithms
|
|
||||||
+Specifies the protocol version 2 algorithms used in
|
|
||||||
+.Dq hostbased
|
|
@ -1,114 +0,0 @@
|
|||||||
https://bugs.gentoo.org/498632
|
|
||||||
|
|
||||||
make sure we do not use unaligned loads/stores as some arches really hate that.
|
|
||||||
|
|
||||||
--- a/cipher-ctr-mt.c
|
|
||||||
+++ b/cipher-ctr-mt.c
|
|
||||||
@@ -58,8 +58,16 @@
|
|
||||||
/* Collect thread stats and print at cancellation when in debug mode */
|
|
||||||
/* #define CIPHER_THREAD_STATS */
|
|
||||||
|
|
||||||
-/* Use single-byte XOR instead of 8-byte XOR */
|
|
||||||
-/* #define CIPHER_BYTE_XOR */
|
|
||||||
+/* Can the system do unaligned loads natively? */
|
|
||||||
+#if defined(__aarch64__) || \
|
|
||||||
+ defined(__i386__) || \
|
|
||||||
+ defined(__powerpc__) || \
|
|
||||||
+ defined(__x86_64__)
|
|
||||||
+# define CIPHER_UNALIGNED_OK
|
|
||||||
+#endif
|
|
||||||
+#if defined(__SIZEOF_INT128__)
|
|
||||||
+# define CIPHER_INT128_OK
|
|
||||||
+#endif
|
|
||||||
/*-------------------- END TUNABLES --------------------*/
|
|
||||||
|
|
||||||
|
|
||||||
@@ -285,8 +293,20 @@ thread_loop(void *x)
|
|
||||||
|
|
||||||
static int
|
|
||||||
ssh_aes_ctr(EVP_CIPHER_CTX *ctx, u_char *dest, const u_char *src,
|
|
||||||
- u_int len)
|
|
||||||
+ size_t len)
|
|
||||||
{
|
|
||||||
+ typedef union {
|
|
||||||
+#ifdef CIPHER_INT128_OK
|
|
||||||
+ __uint128_t *u128;
|
|
||||||
+#endif
|
|
||||||
+ uint64_t *u64;
|
|
||||||
+ uint32_t *u32;
|
|
||||||
+ uint8_t *u8;
|
|
||||||
+ const uint8_t *cu8;
|
|
||||||
+ uintptr_t u;
|
|
||||||
+ } ptrs_t;
|
|
||||||
+ ptrs_t destp, srcp, bufp;
|
|
||||||
+ uintptr_t align;
|
|
||||||
struct ssh_aes_ctr_ctx *c;
|
|
||||||
struct kq *q, *oldq;
|
|
||||||
int ridx;
|
|
||||||
@@ -301,35 +321,41 @@ ssh_aes_ctr(EVP_CIPHER_CTX *ctx, u_char *dest, const u_char *src,
|
|
||||||
ridx = c->ridx;
|
|
||||||
|
|
||||||
/* src already padded to block multiple */
|
|
||||||
+ srcp.cu8 = src;
|
|
||||||
+ destp.u8 = dest;
|
|
||||||
while (len > 0) {
|
|
||||||
buf = q->keys[ridx];
|
|
||||||
+ bufp.u8 = buf;
|
|
||||||
|
|
||||||
-#ifdef CIPHER_BYTE_XOR
|
|
||||||
- dest[0] = src[0] ^ buf[0];
|
|
||||||
- dest[1] = src[1] ^ buf[1];
|
|
||||||
- dest[2] = src[2] ^ buf[2];
|
|
||||||
- dest[3] = src[3] ^ buf[3];
|
|
||||||
- dest[4] = src[4] ^ buf[4];
|
|
||||||
- dest[5] = src[5] ^ buf[5];
|
|
||||||
- dest[6] = src[6] ^ buf[6];
|
|
||||||
- dest[7] = src[7] ^ buf[7];
|
|
||||||
- dest[8] = src[8] ^ buf[8];
|
|
||||||
- dest[9] = src[9] ^ buf[9];
|
|
||||||
- dest[10] = src[10] ^ buf[10];
|
|
||||||
- dest[11] = src[11] ^ buf[11];
|
|
||||||
- dest[12] = src[12] ^ buf[12];
|
|
||||||
- dest[13] = src[13] ^ buf[13];
|
|
||||||
- dest[14] = src[14] ^ buf[14];
|
|
||||||
- dest[15] = src[15] ^ buf[15];
|
|
||||||
-#else
|
|
||||||
- *(uint64_t *)dest = *(uint64_t *)src ^ *(uint64_t *)buf;
|
|
||||||
- *(uint64_t *)(dest + 8) = *(uint64_t *)(src + 8) ^
|
|
||||||
- *(uint64_t *)(buf + 8);
|
|
||||||
-#endif
|
|
||||||
+ /* figure out the alignment on the fly */
|
|
||||||
+#ifdef CIPHER_UNALIGNED_OK
|
|
||||||
+ align = 0;
|
|
||||||
+#else
|
|
||||||
+ align = destp.u | srcp.u | bufp.u;
|
|
||||||
+#endif
|
|
||||||
+
|
|
||||||
+#ifdef CIPHER_INT128_OK
|
|
||||||
+ if ((align & 0xf) == 0) {
|
|
||||||
+ destp.u128[0] = srcp.u128[0] ^ bufp.u128[0];
|
|
||||||
+ } else
|
|
||||||
+#endif
|
|
||||||
+ if ((align & 0x7) == 0) {
|
|
||||||
+ destp.u64[0] = srcp.u64[0] ^ bufp.u64[0];
|
|
||||||
+ destp.u64[1] = srcp.u64[1] ^ bufp.u64[1];
|
|
||||||
+ } else if ((align & 0x3) == 0) {
|
|
||||||
+ destp.u32[0] = srcp.u32[0] ^ bufp.u32[0];
|
|
||||||
+ destp.u32[1] = srcp.u32[1] ^ bufp.u32[1];
|
|
||||||
+ destp.u32[2] = srcp.u32[2] ^ bufp.u32[2];
|
|
||||||
+ destp.u32[3] = srcp.u32[3] ^ bufp.u32[3];
|
|
||||||
+ } else {
|
|
||||||
+ size_t i;
|
|
||||||
+ for (i = 0; i < AES_BLOCK_SIZE; ++i)
|
|
||||||
+ dest[i] = src[i] ^ buf[i];
|
|
||||||
+ }
|
|
||||||
|
|
||||||
- dest += 16;
|
|
||||||
- src += 16;
|
|
||||||
- len -= 16;
|
|
||||||
+ destp.u += AES_BLOCK_SIZE;
|
|
||||||
+ srcp.u += AES_BLOCK_SIZE;
|
|
||||||
+ len -= AES_BLOCK_SIZE;
|
|
||||||
ssh_ctr_inc(ctx->iv, AES_BLOCK_SIZE);
|
|
||||||
|
|
||||||
/* Increment read index, switch queues on rollover */
|
|
@ -1,13 +1,14 @@
|
|||||||
Make x509 apply after openssh-5.9_p1-sshd-gssapi-multihomed.patch.
|
Make x509 apply after openssh-5.9_p1-sshd-gssapi-multihomed.patch.
|
||||||
|
|
||||||
--- openssh-6.6p1+x509-7.9.diff
|
--- openssh-6.6p1+x509-8.0.diff
|
||||||
+++ openssh-6.6p1+x509-7.9.diff
|
+++ openssh-6.6p1+x509-8.0.diff
|
||||||
@@ -15473,10 +15473,9 @@
|
@@ -16337,10 +16337,10 @@
|
||||||
.It Cm ChallengeResponseAuthentication
|
.It Cm ChallengeResponseAuthentication
|
||||||
Specifies whether challenge-response authentication is allowed (e.g. via
|
Specifies whether challenge-response authentication is allowed (e.g. via
|
||||||
PAM or though authentication styles supported in
|
PAM or though authentication styles supported in
|
||||||
-@@ -499,6 +576,16 @@
|
-@@ -499,6 +576,16 @@
|
||||||
+@@ -499,5 +576,15 @@
|
+@@ -514,6 +591,16 @@
|
||||||
|
+ This facility is provided to assist with operation on multi homed machines.
|
||||||
The default is
|
The default is
|
||||||
.Dq yes .
|
.Dq yes .
|
||||||
- Note that this option applies to protocol version 2 only.
|
- Note that this option applies to protocol version 2 only.
|
@ -1,13 +1,13 @@
|
|||||||
make the hpn patch apply when the x509 patch has also been applied
|
make the hpn patch apply when the x509 patch has also been applied
|
||||||
|
|
||||||
--- openssh-6.6.1p1-hpnssh14v4.diff
|
--- openssh-6.6.1p1-hpnssh14v5.diff
|
||||||
+++ openssh-6.6.1p1-hpnssh14v4.diff
|
+++ openssh-6.6.1p1-hpnssh14v5.diff
|
||||||
@@ -1742,18 +1742,14 @@
|
@@ -1742,18 +1742,14 @@
|
||||||
if (options->ip_qos_interactive == -1)
|
if (options->ip_qos_interactive == -1)
|
||||||
options->ip_qos_interactive = IPTOS_LOWDELAY;
|
options->ip_qos_interactive = IPTOS_LOWDELAY;
|
||||||
if (options->ip_qos_bulk == -1)
|
if (options->ip_qos_bulk == -1)
|
||||||
-@@ -345,9 +393,10 @@
|
-@@ -345,9 +392,10 @@
|
||||||
+@@ -345,6 +393,7 @@
|
+@@ -345,6 +392,7 @@
|
||||||
sUsePrivilegeSeparation, sAllowAgentForwarding,
|
sUsePrivilegeSeparation, sAllowAgentForwarding,
|
||||||
sHostCertificate,
|
sHostCertificate,
|
||||||
sRevokedKeys, sTrustedUserCAKeys, sAuthorizedPrincipalsFile,
|
sRevokedKeys, sTrustedUserCAKeys, sAuthorizedPrincipalsFile,
|
||||||
@ -21,6 +21,6 @@ make the hpn patch apply when the x509 patch has also been applied
|
|||||||
- } ServerOpCodes;
|
- } ServerOpCodes;
|
||||||
-
|
-
|
||||||
+ sAuthenticationMethods, sHostKeyAgent,
|
+ sAuthenticationMethods, sHostKeyAgent,
|
||||||
@@ -468,6 +517,10 @@
|
@@ -468,6 +516,10 @@
|
||||||
{ "revokedkeys", sRevokedKeys, SSHCFG_ALL },
|
{ "revokedkeys", sRevokedKeys, SSHCFG_ALL },
|
||||||
{ "trustedusercakeys", sTrustedUserCAKeys, SSHCFG_ALL },
|
{ "trustedusercakeys", sTrustedUserCAKeys, SSHCFG_ALL },
|
@ -1,167 +0,0 @@
|
|||||||
Hi,
|
|
||||||
|
|
||||||
So I screwed up when writing the support for the curve25519 KEX method
|
|
||||||
that doesn't depend on OpenSSL's BIGNUM type - a bug in my code left
|
|
||||||
leading zero bytes where they should have been skipped. The impact of
|
|
||||||
this is that OpenSSH 6.5 and 6.6 will fail during key exchange with a
|
|
||||||
peer that implements curve25519-sha256 at libssh.org properly about 0.2%
|
|
||||||
of the time (one in every 512ish connections).
|
|
||||||
|
|
||||||
We've fixed this for OpenSSH 6.7 by avoiding the curve25519-sha256
|
|
||||||
key exchange for previous versions, but I'd recommend distributors
|
|
||||||
of OpenSSH apply this patch so the affected code doesn't become
|
|
||||||
too entrenched in LTS releases.
|
|
||||||
|
|
||||||
The patch fixes the bug and makes OpenSSH identify itself as 6.6.1 so as
|
|
||||||
to distinguish itself from the incorrect versions so the compatibility
|
|
||||||
code to disable the affected KEX isn't activated.
|
|
||||||
|
|
||||||
I've committed this on the 6.6 branch too.
|
|
||||||
|
|
||||||
Apologies for the hassle.
|
|
||||||
|
|
||||||
-d
|
|
||||||
|
|
||||||
Index: version.h
|
|
||||||
===================================================================
|
|
||||||
RCS file: /var/cvs/openssh/version.h,v
|
|
||||||
retrieving revision 1.82
|
|
||||||
diff -u -p -r1.82 version.h
|
|
||||||
--- version.h 27 Feb 2014 23:01:54 -0000 1.82
|
|
||||||
+++ version.h 20 Apr 2014 03:35:15 -0000
|
|
||||||
@@ -1,6 +1,6 @@
|
|
||||||
/* $OpenBSD: version.h,v 1.70 2014/02/27 22:57:40 djm Exp $ */
|
|
||||||
|
|
||||||
-#define SSH_VERSION "OpenSSH_6.6"
|
|
||||||
+#define SSH_VERSION "OpenSSH_6.6.1"
|
|
||||||
|
|
||||||
#define SSH_PORTABLE "p1"
|
|
||||||
#define SSH_RELEASE SSH_VERSION SSH_PORTABLE
|
|
||||||
Index: compat.c
|
|
||||||
===================================================================
|
|
||||||
RCS file: /var/cvs/openssh/compat.c,v
|
|
||||||
retrieving revision 1.82
|
|
||||||
retrieving revision 1.85
|
|
||||||
diff -u -p -r1.82 -r1.85
|
|
||||||
--- compat.c 31 Dec 2013 01:25:41 -0000 1.82
|
|
||||||
+++ compat.c 20 Apr 2014 03:33:59 -0000 1.85
|
|
||||||
@@ -95,6 +95,9 @@ compat_datafellows(const char *version)
|
|
||||||
{ "Sun_SSH_1.0*", SSH_BUG_NOREKEY|SSH_BUG_EXTEOF},
|
|
||||||
{ "OpenSSH_4*", 0 },
|
|
||||||
{ "OpenSSH_5*", SSH_NEW_OPENSSH|SSH_BUG_DYNAMIC_RPORT},
|
|
||||||
+ { "OpenSSH_6.6.1*", SSH_NEW_OPENSSH},
|
|
||||||
+ { "OpenSSH_6.5*,"
|
|
||||||
+ "OpenSSH_6.6*", SSH_NEW_OPENSSH|SSH_BUG_CURVE25519PAD},
|
|
||||||
{ "OpenSSH*", SSH_NEW_OPENSSH },
|
|
||||||
{ "*MindTerm*", 0 },
|
|
||||||
{ "2.1.0*", SSH_BUG_SIGBLOB|SSH_BUG_HMAC|
|
|
||||||
@@ -251,7 +254,6 @@ compat_cipher_proposal(char *cipher_prop
|
|
||||||
return cipher_prop;
|
|
||||||
}
|
|
||||||
|
|
||||||
-
|
|
||||||
char *
|
|
||||||
compat_pkalg_proposal(char *pkalg_prop)
|
|
||||||
{
|
|
||||||
@@ -263,5 +265,18 @@ compat_pkalg_proposal(char *pkalg_prop)
|
|
||||||
if (*pkalg_prop == '\0')
|
|
||||||
fatal("No supported PK algorithms found");
|
|
||||||
return pkalg_prop;
|
|
||||||
+}
|
|
||||||
+
|
|
||||||
+char *
|
|
||||||
+compat_kex_proposal(char *kex_prop)
|
|
||||||
+{
|
|
||||||
+ if (!(datafellows & SSH_BUG_CURVE25519PAD))
|
|
||||||
+ return kex_prop;
|
|
||||||
+ debug2("%s: original KEX proposal: %s", __func__, kex_prop);
|
|
||||||
+ kex_prop = filter_proposal(kex_prop, "curve25519-sha256 at libssh.org");
|
|
||||||
+ debug2("%s: compat KEX proposal: %s", __func__, kex_prop);
|
|
||||||
+ if (*kex_prop == '\0')
|
|
||||||
+ fatal("No supported key exchange algorithms found");
|
|
||||||
+ return kex_prop;
|
|
||||||
}
|
|
||||||
|
|
||||||
Index: compat.h
|
|
||||||
===================================================================
|
|
||||||
RCS file: /var/cvs/openssh/compat.h,v
|
|
||||||
retrieving revision 1.42
|
|
||||||
retrieving revision 1.43
|
|
||||||
diff -u -p -r1.42 -r1.43
|
|
||||||
--- compat.h 31 Dec 2013 01:25:41 -0000 1.42
|
|
||||||
+++ compat.h 20 Apr 2014 03:25:31 -0000 1.43
|
|
||||||
@@ -59,6 +59,7 @@
|
|
||||||
#define SSH_BUG_RFWD_ADDR 0x02000000
|
|
||||||
#define SSH_NEW_OPENSSH 0x04000000
|
|
||||||
#define SSH_BUG_DYNAMIC_RPORT 0x08000000
|
|
||||||
+#define SSH_BUG_CURVE25519PAD 0x10000000
|
|
||||||
|
|
||||||
void enable_compat13(void);
|
|
||||||
void enable_compat20(void);
|
|
||||||
@@ -66,6 +67,7 @@ void compat_datafellows(const char *
|
|
||||||
int proto_spec(const char *);
|
|
||||||
char *compat_cipher_proposal(char *);
|
|
||||||
char *compat_pkalg_proposal(char *);
|
|
||||||
+char *compat_kex_proposal(char *);
|
|
||||||
|
|
||||||
extern int compat13;
|
|
||||||
extern int compat20;
|
|
||||||
Index: sshd.c
|
|
||||||
===================================================================
|
|
||||||
RCS file: /var/cvs/openssh/sshd.c,v
|
|
||||||
retrieving revision 1.448
|
|
||||||
retrieving revision 1.453
|
|
||||||
diff -u -p -r1.448 -r1.453
|
|
||||||
--- sshd.c 26 Feb 2014 23:20:08 -0000 1.448
|
|
||||||
+++ sshd.c 20 Apr 2014 03:28:41 -0000 1.453
|
|
||||||
@@ -2462,6 +2438,9 @@ do_ssh2_kex(void)
|
|
||||||
if (options.kex_algorithms != NULL)
|
|
||||||
myproposal[PROPOSAL_KEX_ALGS] = options.kex_algorithms;
|
|
||||||
|
|
||||||
+ myproposal[PROPOSAL_KEX_ALGS] = compat_kex_proposal(
|
|
||||||
+ myproposal[PROPOSAL_KEX_ALGS]);
|
|
||||||
+
|
|
||||||
if (options.rekey_limit || options.rekey_interval)
|
|
||||||
packet_set_rekey_limits((u_int32_t)options.rekey_limit,
|
|
||||||
(time_t)options.rekey_interval);
|
|
||||||
Index: sshconnect2.c
|
|
||||||
===================================================================
|
|
||||||
RCS file: /var/cvs/openssh/sshconnect2.c,v
|
|
||||||
retrieving revision 1.197
|
|
||||||
retrieving revision 1.199
|
|
||||||
diff -u -p -r1.197 -r1.199
|
|
||||||
--- sshconnect2.c 4 Feb 2014 00:20:16 -0000 1.197
|
|
||||||
+++ sshconnect2.c 20 Apr 2014 03:25:31 -0000 1.199
|
|
||||||
@@ -195,6 +196,8 @@ ssh_kex2(char *host, struct sockaddr *ho
|
|
||||||
}
|
|
||||||
if (options.kex_algorithms != NULL)
|
|
||||||
myproposal[PROPOSAL_KEX_ALGS] = options.kex_algorithms;
|
|
||||||
+ myproposal[PROPOSAL_KEX_ALGS] = compat_kex_proposal(
|
|
||||||
+ myproposal[PROPOSAL_KEX_ALGS]);
|
|
||||||
|
|
||||||
if (options.rekey_limit || options.rekey_interval)
|
|
||||||
packet_set_rekey_limits((u_int32_t)options.rekey_limit,
|
|
||||||
Index: bufaux.c
|
|
||||||
===================================================================
|
|
||||||
RCS file: /var/cvs/openssh/bufaux.c,v
|
|
||||||
retrieving revision 1.62
|
|
||||||
retrieving revision 1.63
|
|
||||||
diff -u -p -r1.62 -r1.63
|
|
||||||
--- bufaux.c 4 Feb 2014 00:20:15 -0000 1.62
|
|
||||||
+++ bufaux.c 20 Apr 2014 03:24:50 -0000 1.63
|
|
||||||
@@ -1,4 +1,4 @@
|
|
||||||
-/* $OpenBSD: bufaux.c,v 1.56 2014/02/02 03:44:31 djm Exp $ */
|
|
||||||
+/* $OpenBSD: bufaux.c,v 1.57 2014/04/16 23:22:45 djm Exp $ */
|
|
||||||
/*
|
|
||||||
* Author: Tatu Ylonen <ylo at cs.hut.fi>
|
|
||||||
* Copyright (c) 1995 Tatu Ylonen <ylo at cs.hut.fi>, Espoo, Finland
|
|
||||||
@@ -372,6 +372,9 @@ buffer_put_bignum2_from_string(Buffer *b
|
|
||||||
|
|
||||||
if (l > 8 * 1024)
|
|
||||||
fatal("%s: length %u too long", __func__, l);
|
|
||||||
+ /* Skip leading zero bytes */
|
|
||||||
+ for (; l > 0 && *s == 0; l--, s++)
|
|
||||||
+ ;
|
|
||||||
p = buf = xmalloc(l + 1);
|
|
||||||
/*
|
|
||||||
* If most significant bit is set then prepend a zero byte to
|
|
@ -1,17 +0,0 @@
|
|||||||
the last nibble of the openssl version represents the status. that is,
|
|
||||||
whether it is a beta or release. when it comes to version checks in
|
|
||||||
openssh, this component does not matter, so ignore it.
|
|
||||||
|
|
||||||
https://bugzilla.mindrot.org/show_bug.cgi?id=2212
|
|
||||||
|
|
||||||
--- a/entropy.c
|
|
||||||
+++ b/entropy.c
|
|
||||||
@@ -216,7 +216,7 @@ seed_rng(void)
|
|
||||||
* allow 1.0.1 to work with 1.0.0). Going backwards is only allowed
|
|
||||||
* within a patch series.
|
|
||||||
*/
|
|
||||||
- u_long version_mask = SSLeay() >= 0x1000000f ? ~0xffff0L : ~0xff0L;
|
|
||||||
+ u_long version_mask = SSLeay() >= 0x1000000f ? ~0xfffffL : ~0xff0L;
|
|
||||||
if (((SSLeay() ^ OPENSSL_VERSION_NUMBER) & version_mask) ||
|
|
||||||
(SSLeay() >> 12) < (OPENSSL_VERSION_NUMBER >> 12))
|
|
||||||
fatal("OpenSSL version mismatch. Built against %lx, you "
|
|
@ -1,26 +0,0 @@
|
|||||||
make the hpn patch apply when the x509 patch has also been applied
|
|
||||||
|
|
||||||
--- openssh-6.6p1-hpnssh14v4.diff
|
|
||||||
+++ openssh-6.6p1-hpnssh14v4.diff
|
|
||||||
@@ -1742,18 +1742,14 @@
|
|
||||||
if (options->ip_qos_interactive == -1)
|
|
||||||
options->ip_qos_interactive = IPTOS_LOWDELAY;
|
|
||||||
if (options->ip_qos_bulk == -1)
|
|
||||||
-@@ -345,9 +393,10 @@
|
|
||||||
+@@ -345,6 +393,7 @@
|
|
||||||
sUsePrivilegeSeparation, sAllowAgentForwarding,
|
|
||||||
sHostCertificate,
|
|
||||||
sRevokedKeys, sTrustedUserCAKeys, sAuthorizedPrincipalsFile,
|
|
||||||
-+ sTcpRcvBufPoll, sHPNDisabled, sHPNBufferSize,
|
|
||||||
++ sTcpRcvBufPoll, sHPNDisabled, sHPNBufferSize, sNoneEnabled,
|
|
||||||
sKexAlgorithms, sIPQoS, sVersionAddendum,
|
|
||||||
sAuthorizedKeysCommand, sAuthorizedKeysCommandUser,
|
|
||||||
-- sAuthenticationMethods, sHostKeyAgent,
|
|
||||||
-+ sAuthenticationMethods, sNoneEnabled, sHostKeyAgent,
|
|
||||||
- sDeprecated, sUnsupported
|
|
||||||
- } ServerOpCodes;
|
|
||||||
-
|
|
||||||
+ sAuthenticationMethods, sHostKeyAgent,
|
|
||||||
@@ -468,6 +517,10 @@
|
|
||||||
{ "revokedkeys", sRevokedKeys, SSHCFG_ALL },
|
|
||||||
{ "trustedusercakeys", sTrustedUserCAKeys, SSHCFG_ALL },
|
|
@ -0,0 +1,17 @@
|
|||||||
|
the last nibble of the openssl version represents the status. that is,
|
||||||
|
whether it is a beta or release. when it comes to version checks in
|
||||||
|
openssh, this component does not matter, so ignore it.
|
||||||
|
|
||||||
|
https://bugzilla.mindrot.org/show_bug.cgi?id=2212
|
||||||
|
|
||||||
|
--- a/openbsd-compat/openssl-compat.c
|
||||||
|
+++ b/openbsd-compat/openssl-compat.c
|
||||||
|
@@ -58,7 +58,7 @@ ssh_compatible_openssl(long headerver, long libver)
|
||||||
|
* For versions >= 1.0.0, major,minor,status must match and library
|
||||||
|
* fix version must be equal to or newer than the header.
|
||||||
|
*/
|
||||||
|
- mask = 0xfff0000fL; /* major,minor,status */
|
||||||
|
+ mask = 0xfff00000L; /* major,minor,status */
|
||||||
|
hfix = (headerver & 0x000ff000) >> 12;
|
||||||
|
lfix = (libver & 0x000ff000) >> 12;
|
||||||
|
if ( (headerver & mask) == (libver & mask) && lfix >= hfix)
|
@ -0,0 +1,42 @@
|
|||||||
|
--- openssh-6.7_p1-sctp.patch.orig 2014-11-24 10:34:31.817538707 -0800
|
||||||
|
+++ openssh-6.7_p1-sctp.patch 2014-11-24 10:38:52.744990154 -0800
|
||||||
|
@@ -195,14 +195,6 @@
|
||||||
|
.Op Fl c Ar cipher
|
||||||
|
.Op Fl F Ar ssh_config
|
||||||
|
.Op Fl i Ar identity_file
|
||||||
|
-@@ -178,6 +178,7 @@ For full details of the options listed b
|
||||||
|
- .It ServerAliveCountMax
|
||||||
|
- .It StrictHostKeyChecking
|
||||||
|
- .It TCPKeepAlive
|
||||||
|
-+.It Transport
|
||||||
|
- .It UsePrivilegedPort
|
||||||
|
- .It User
|
||||||
|
- .It UserKnownHostsFile
|
||||||
|
@@ -218,6 +219,8 @@ and
|
||||||
|
to print debugging messages about their progress.
|
||||||
|
This is helpful in
|
||||||
|
@@ -482,14 +474,6 @@
|
||||||
|
.Op Fl b Ar bind_address
|
||||||
|
.Op Fl c Ar cipher_spec
|
||||||
|
.Op Fl D Oo Ar bind_address : Oc Ns Ar port
|
||||||
|
-@@ -473,6 +473,7 @@ For full details of the options listed b
|
||||||
|
- .It StreamLocalBindUnlink
|
||||||
|
- .It StrictHostKeyChecking
|
||||||
|
- .It TCPKeepAlive
|
||||||
|
-+.It Transport
|
||||||
|
- .It Tunnel
|
||||||
|
- .It TunnelDevice
|
||||||
|
- .It UsePrivilegedPort
|
||||||
|
@@ -665,6 +666,8 @@ Trusted X11 forwardings are not subjecte
|
||||||
|
controls.
|
||||||
|
.It Fl y
|
||||||
|
@@ -527,7 +511,7 @@
|
||||||
|
- again:
|
||||||
|
+
|
||||||
|
- while ((opt = getopt(ac, av, "1246ab:c:e:fgi:kl:m:no:p:qstvx"
|
||||||
|
+ while ((opt = getopt(ac, av, "1246ab:c:e:fgi:kl:m:no:p:qstvx" SCTP_OPT
|
||||||
|
- "ACD:E:F:I:KL:MNO:PQ:R:S:TVw:W:XYy")) != -1) {
|
||||||
|
+ "ACD:E:F:" ENGCONFIG "I:KL:MNO:PQ:R:S:TVw:W:XYy")) != -1) {
|
||||||
|
switch (opt) {
|
||||||
|
case '1':
|
||||||
|
@@ -732,6 +738,11 @@ main(int ac, char **av)
|
@ -1,10 +1,8 @@
|
|||||||
Index: gss-serv.c
|
https://bugs.gentoo.org/378361
|
||||||
===================================================================
|
https://bugzilla.mindrot.org/show_bug.cgi?id=928
|
||||||
RCS file: /cvs/src/usr.bin/ssh/gss-serv.c,v
|
|
||||||
retrieving revision 1.22
|
--- a/gss-serv.c
|
||||||
diff -u -p -r1.22 gss-serv.c
|
+++ b/gss-serv.c
|
||||||
--- gss-serv.c 8 May 2008 12:02:23 -0000 1.22
|
|
||||||
+++ gss-serv.c 11 Jan 2010 05:38:29 -0000
|
|
||||||
@@ -41,9 +41,12 @@
|
@@ -41,9 +41,12 @@
|
||||||
#include "channels.h"
|
#include "channels.h"
|
||||||
#include "session.h"
|
#include "session.h"
|
||||||
@ -19,13 +17,13 @@ diff -u -p -r1.22 gss-serv.c
|
|||||||
{ GSS_C_EMPTY_BUFFER, GSS_C_EMPTY_BUFFER,
|
{ GSS_C_EMPTY_BUFFER, GSS_C_EMPTY_BUFFER,
|
||||||
GSS_C_NO_CREDENTIAL, NULL, {NULL, NULL, NULL}};
|
GSS_C_NO_CREDENTIAL, NULL, {NULL, NULL, NULL}};
|
||||||
@@ -77,25 +80,32 @@ ssh_gssapi_acquire_cred(Gssctxt *ctx)
|
@@ -77,25 +80,32 @@ ssh_gssapi_acquire_cred(Gssctxt *ctx)
|
||||||
char lname[MAXHOSTNAMELEN];
|
char lname[NI_MAXHOST];
|
||||||
gss_OID_set oidset;
|
gss_OID_set oidset;
|
||||||
|
|
||||||
- gss_create_empty_oid_set(&status, &oidset);
|
- gss_create_empty_oid_set(&status, &oidset);
|
||||||
- gss_add_oid_set_member(&status, ctx->oid, &oidset);
|
- gss_add_oid_set_member(&status, ctx->oid, &oidset);
|
||||||
-
|
-
|
||||||
- if (gethostname(lname, MAXHOSTNAMELEN)) {
|
- if (gethostname(lname, sizeof(lname))) {
|
||||||
- gss_release_oid_set(&status, &oidset);
|
- gss_release_oid_set(&status, &oidset);
|
||||||
- return (-1);
|
- return (-1);
|
||||||
- }
|
- }
|
||||||
@ -66,13 +64,8 @@ diff -u -p -r1.22 gss-serv.c
|
|||||||
}
|
}
|
||||||
|
|
||||||
/* Privileged */
|
/* Privileged */
|
||||||
Index: servconf.c
|
--- a/servconf.c
|
||||||
===================================================================
|
+++ b/servconf.c
|
||||||
RCS file: /cvs/src/usr.bin/ssh/servconf.c,v
|
|
||||||
retrieving revision 1.201
|
|
||||||
diff -u -p -r1.201 servconf.c
|
|
||||||
--- servconf.c 10 Jan 2010 03:51:17 -0000 1.201
|
|
||||||
+++ servconf.c 11 Jan 2010 05:34:56 -0000
|
|
||||||
@@ -86,6 +86,7 @@ initialize_server_options(ServerOptions
|
@@ -86,6 +86,7 @@ initialize_server_options(ServerOptions
|
||||||
options->kerberos_get_afs_token = -1;
|
options->kerberos_get_afs_token = -1;
|
||||||
options->gss_authentication=-1;
|
options->gss_authentication=-1;
|
||||||
@ -123,13 +116,8 @@ diff -u -p -r1.201 servconf.c
|
|||||||
goto parse_flag;
|
goto parse_flag;
|
||||||
|
|
||||||
case sPasswordAuthentication:
|
case sPasswordAuthentication:
|
||||||
Index: servconf.h
|
--- a/servconf.h
|
||||||
===================================================================
|
+++ b/servconf.h
|
||||||
RCS file: /cvs/src/usr.bin/ssh/servconf.h,v
|
|
||||||
retrieving revision 1.89
|
|
||||||
diff -u -p -r1.89 servconf.h
|
|
||||||
--- servconf.h 9 Jan 2010 23:04:13 -0000 1.89
|
|
||||||
+++ servconf.h 11 Jan 2010 05:32:28 -0000
|
|
||||||
@@ -92,6 +92,7 @@ typedef struct {
|
@@ -92,6 +92,7 @@ typedef struct {
|
||||||
* authenticated with Kerberos. */
|
* authenticated with Kerberos. */
|
||||||
int gss_authentication; /* If true, permit GSSAPI authentication */
|
int gss_authentication; /* If true, permit GSSAPI authentication */
|
||||||
@ -138,13 +126,8 @@ diff -u -p -r1.89 servconf.h
|
|||||||
int password_authentication; /* If true, permit password
|
int password_authentication; /* If true, permit password
|
||||||
* authentication. */
|
* authentication. */
|
||||||
int kbd_interactive_authentication; /* If true, permit */
|
int kbd_interactive_authentication; /* If true, permit */
|
||||||
Index: sshd_config
|
--- a/sshd_config
|
||||||
===================================================================
|
+++ b/sshd_config
|
||||||
RCS file: /cvs/src/usr.bin/ssh/sshd_config,v
|
|
||||||
retrieving revision 1.81
|
|
||||||
diff -u -p -r1.81 sshd_config
|
|
||||||
--- sshd_config 8 Oct 2009 14:03:41 -0000 1.81
|
|
||||||
+++ sshd_config 11 Jan 2010 05:32:28 -0000
|
|
||||||
@@ -69,6 +69,7 @@
|
@@ -69,6 +69,7 @@
|
||||||
# GSSAPI options
|
# GSSAPI options
|
||||||
#GSSAPIAuthentication no
|
#GSSAPIAuthentication no
|
||||||
@ -153,13 +136,8 @@ diff -u -p -r1.81 sshd_config
|
|||||||
|
|
||||||
# Set this to 'yes' to enable PAM authentication, account processing,
|
# Set this to 'yes' to enable PAM authentication, account processing,
|
||||||
# and session processing. If this is enabled, PAM authentication will
|
# and session processing. If this is enabled, PAM authentication will
|
||||||
Index: sshd_config.5
|
--- a/sshd_config.5
|
||||||
===================================================================
|
+++ b/sshd_config.5
|
||||||
RCS file: /cvs/src/usr.bin/ssh/sshd_config.5,v
|
|
||||||
retrieving revision 1.116
|
|
||||||
diff -u -p -r1.116 sshd_config.5
|
|
||||||
--- sshd_config.5 9 Jan 2010 23:04:13 -0000 1.116
|
|
||||||
+++ sshd_config.5 11 Jan 2010 05:37:20 -0000
|
|
||||||
@@ -386,6 +386,21 @@ on logout.
|
@@ -386,6 +386,21 @@ on logout.
|
||||||
The default is
|
The default is
|
||||||
.Dq yes .
|
.Dq yes .
|
@ -0,0 +1,46 @@
|
|||||||
|
--- openssh-6.7p1.orig/sshd_config.5 2014-11-24 10:24:29.356244415 -0800
|
||||||
|
+++ openssh-6.7p1/sshd_config.5 2014-11-24 10:23:49.415029039 -0800
|
||||||
|
@@ -610,21 +610,6 @@
|
||||||
|
The default is
|
||||||
|
.Dq yes .
|
||||||
|
Note that this option applies to protocol version 2 only.
|
||||||
|
-.It Cm GSSAPIStrictAcceptorCheck
|
||||||
|
-Determines whether to be strict about the identity of the GSSAPI acceptor
|
||||||
|
-a client authenticates against.
|
||||||
|
-If set to
|
||||||
|
-.Dq yes
|
||||||
|
-then the client must authenticate against the
|
||||||
|
-.Pa host
|
||||||
|
-service on the current hostname.
|
||||||
|
-If set to
|
||||||
|
-.Dq no
|
||||||
|
-then the client may authenticate against any service key stored in the
|
||||||
|
-machine's default store.
|
||||||
|
-This facility is provided to assist with operation on multi homed machines.
|
||||||
|
-The default is
|
||||||
|
-.Dq yes .
|
||||||
|
.It Cm HostbasedAuthentication
|
||||||
|
Specifies whether rhosts or /etc/hosts.equiv authentication together
|
||||||
|
with successful public key client host authentication is allowed
|
||||||
|
@@ -651,6 +636,21 @@
|
||||||
|
attempting to resolve the name from the TCP connection itself.
|
||||||
|
The default is
|
||||||
|
.Dq no .
|
||||||
|
+.It Cm GSSAPIStrictAcceptorCheck
|
||||||
|
+Determines whether to be strict about the identity of the GSSAPI acceptor
|
||||||
|
+a client authenticates against.
|
||||||
|
+If set to
|
||||||
|
+.Dq yes
|
||||||
|
+then the client must authenticate against the
|
||||||
|
+.Pa host
|
||||||
|
+service on the current hostname.
|
||||||
|
+If set to
|
||||||
|
+.Dq no
|
||||||
|
+then the client may authenticate against any service key stored in the
|
||||||
|
+machine's default store.
|
||||||
|
+This facility is provided to assist with operation on multi homed machines.
|
||||||
|
+The default is
|
||||||
|
+.Dq yes .
|
||||||
|
.It Cm HostCertificate
|
||||||
|
Specifies a file containing a public host certificate.
|
||||||
|
The certificate's public key must match a private host key already specified
|
@ -0,0 +1,11 @@
|
|||||||
|
diff -ur openssh-6.7p1.orig/ssh-rsa.c openssh-6.7p1/ssh-rsa.c
|
||||||
|
--- openssh-6.7p1.orig/ssh-rsa.c 2015-02-24 14:52:54.512197868 -0800
|
||||||
|
+++ openssh-6.7p1/ssh-rsa.c 2015-02-27 11:48:54.173951646 -0800
|
||||||
|
@@ -34,6 +34,7 @@
|
||||||
|
#include "sshkey.h"
|
||||||
|
#include "digest.h"
|
||||||
|
#include "evp-compat.h"
|
||||||
|
+#include "xmalloc.h"
|
||||||
|
|
||||||
|
/*NOTE: Do not define USE_LEGACY_RSA_... if build
|
||||||
|
is with FIPS capable OpenSSL */
|
@ -25,6 +25,7 @@ ssh-keygen and sftp-server. OpenSSH supports SSH protocol versions 1.3, 1.5, and
|
|||||||
<flag name="hpn">Enable high performance ssh</flag>
|
<flag name="hpn">Enable high performance ssh</flag>
|
||||||
<flag name="ldap">Add support for storing SSH public keys in LDAP</flag>
|
<flag name="ldap">Add support for storing SSH public keys in LDAP</flag>
|
||||||
<flag name="ldns">Use LDNS for DNSSEC/SSHFP validation.</flag>
|
<flag name="ldns">Use LDNS for DNSSEC/SSHFP validation.</flag>
|
||||||
|
<flag name="sctp">Support for Stream Control Transmission Protocol</flag>
|
||||||
<flag name="X509">Adds support for X.509 certificate authentication</flag>
|
<flag name="X509">Adds support for X.509 certificate authentication</flag>
|
||||||
</use>
|
</use>
|
||||||
<upstream>
|
<upstream>
|
||||||
|
@ -1,40 +1,44 @@
|
|||||||
# Copyright 1999-2014 Gentoo Foundation
|
# Copyright 1999-2014 Gentoo Foundation
|
||||||
# Distributed under the terms of the GNU General Public License v2
|
# Distributed under the terms of the GNU General Public License v2
|
||||||
# $Header: /var/cvsroot/gentoo-x86/net-misc/openssh/openssh-6.6.1_p1.ebuild,v 1.1 2014/04/25 07:11:59 polynomial-c Exp $
|
# $Header: /var/cvsroot/gentoo-x86/net-misc/openssh/openssh-6.7_p1-r3.ebuild,v 1.2 2014/12/31 07:29:47 vapier Exp $
|
||||||
|
|
||||||
EAPI="4"
|
EAPI="4"
|
||||||
inherit eutils user flag-o-matic multilib autotools pam systemd versionator
|
inherit eutils user flag-o-matic multilib autotools pam systemd versionator
|
||||||
|
|
||||||
# Make it more portable between straight releases
|
# Make it more portable between straight releases
|
||||||
# and _p? releases.
|
# and _p? releases.
|
||||||
PARCH=${P/.1_}
|
PARCH=${P/_}
|
||||||
|
|
||||||
#HPN_PATCH="${PN}-6.6p1-hpnssh14v4.diff.gz"
|
HPN_PATCH="${PN}-6.7p1-hpnssh14v5.tar.xz"
|
||||||
HPN_PATCH="${PN}-6.6.1p1-hpnssh14v4.diff.xz"
|
LDAP_PATCH="${PN}-lpk-6.7p1-0.3.14.patch.xz"
|
||||||
LDAP_PATCH="${PN}-lpk-6.5p1-0.3.14.patch.gz"
|
X509_VER="8.2" X509_PATCH="${PARCH}+x509-${X509_VER}.diff.gz"
|
||||||
X509_VER="7.9" X509_PATCH="${PARCH}+x509-${X509_VER}.diff.gz"
|
|
||||||
|
|
||||||
DESCRIPTION="Port of OpenBSD's free SSH release"
|
DESCRIPTION="Port of OpenBSD's free SSH release"
|
||||||
HOMEPAGE="http://www.openssh.org/"
|
HOMEPAGE="http://www.openssh.org/"
|
||||||
SRC_URI="mirror://openbsd/OpenSSH/portable/${PARCH}.tar.gz
|
SRC_URI="mirror://openbsd/OpenSSH/portable/${PARCH}.tar.gz
|
||||||
${HPN_PATCH:+hpn? ( http://dev.gentoo.org/~polynomial-c/${HPN_PATCH} )}
|
mirror://gentoo/${P}-sctp.patch.xz
|
||||||
|
${HPN_PATCH:+hpn? (
|
||||||
|
mirror://gentoo/${HPN_PATCH}
|
||||||
|
http://dev.gentoo.org/~vapier/dist/${HPN_PATCH}
|
||||||
|
mirror://sourceforge/hpnssh/${HPN_PATCH}
|
||||||
|
)}
|
||||||
${LDAP_PATCH:+ldap? ( mirror://gentoo/${LDAP_PATCH} )}
|
${LDAP_PATCH:+ldap? ( mirror://gentoo/${LDAP_PATCH} )}
|
||||||
${X509_PATCH:+X509? ( http://roumenpetrov.info/openssh/x509-${X509_VER}/${X509_PATCH} )}
|
${X509_PATCH:+X509? ( http://roumenpetrov.info/openssh/x509-${X509_VER}/${X509_PATCH} )}
|
||||||
"
|
"
|
||||||
#${HPN_PATCH:+hpn? ( mirror://sourceforge/hpnssh/${HPN_PATCH} )}
|
|
||||||
|
|
||||||
LICENSE="BSD GPL-2"
|
LICENSE="BSD GPL-2"
|
||||||
SLOT="0"
|
SLOT="0"
|
||||||
KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~arm-linux ~x86-linux"
|
KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~arm-linux ~x86-linux"
|
||||||
IUSE="bindist ${HPN_PATCH:++}hpn kerberos ldap ldns libedit pam selinux skey static tcpd X X509"
|
IUSE="bindist ${HPN_PATCH:++}hpn kerberos kernel_linux ldap ldns libedit pam +pie sctp selinux skey static X X509"
|
||||||
|
REQUIRED_USE="pie? ( !static )"
|
||||||
|
|
||||||
LIB_DEPEND="selinux? ( >=sys-libs/libselinux-1.28[static-libs(+)] )
|
LIB_DEPEND="sctp? ( net-misc/lksctp-tools[static-libs(+)] )
|
||||||
|
selinux? ( >=sys-libs/libselinux-1.28[static-libs(+)] )
|
||||||
skey? ( >=sys-auth/skey-1.1.5-r1[static-libs(+)] )
|
skey? ( >=sys-auth/skey-1.1.5-r1[static-libs(+)] )
|
||||||
libedit? ( dev-libs/libedit[static-libs(+)] )
|
libedit? ( dev-libs/libedit[static-libs(+)] )
|
||||||
>=dev-libs/openssl-0.9.6d:0[bindist=]
|
>=dev-libs/openssl-0.9.6d:0[bindist=]
|
||||||
dev-libs/openssl[static-libs(+)]
|
dev-libs/openssl[static-libs(+)]
|
||||||
>=sys-libs/zlib-1.2.3[static-libs(+)]
|
>=sys-libs/zlib-1.2.3[static-libs(+)]"
|
||||||
tcpd? ( >=sys-apps/tcp-wrappers-7.6[static-libs(+)] )"
|
|
||||||
RDEPEND="
|
RDEPEND="
|
||||||
!static? (
|
!static? (
|
||||||
${LIB_DEPEND//\[static-libs(+)]}
|
${LIB_DEPEND//\[static-libs(+)]}
|
||||||
@ -100,13 +104,11 @@ src_prepare() {
|
|||||||
# don't break .ssh/authorized_keys2 for fun
|
# don't break .ssh/authorized_keys2 for fun
|
||||||
sed -i '/^AuthorizedKeysFile/s:^:#:' sshd_config || die
|
sed -i '/^AuthorizedKeysFile/s:^:#:' sshd_config || die
|
||||||
|
|
||||||
epatch "${FILESDIR}"/${P}.patch #508604
|
epatch "${FILESDIR}"/${PN}-6.7_p1-sshd-gssapi-multihomed.patch #378361
|
||||||
|
|
||||||
epatch "${FILESDIR}"/${PN}-5.9_p1-sshd-gssapi-multihomed.patch #378361
|
|
||||||
if use X509 ; then
|
if use X509 ; then
|
||||||
pushd .. >/dev/null
|
pushd .. >/dev/null
|
||||||
epatch "${FILESDIR}"/${PN}-6.6_p1-x509-glue.patch
|
epatch "${FILESDIR}"/${P}-x509-glue.patch
|
||||||
use hpn && epatch "${FILESDIR}"/${PN}-6.6.1_p1-x509-hpn14v4-glue-p2.patch
|
epatch "${FILESDIR}"/${P}-sctp-x509-glue.patch
|
||||||
popd >/dev/null
|
popd >/dev/null
|
||||||
epatch "${WORKDIR}"/${X509_PATCH%.*}
|
epatch "${WORKDIR}"/${X509_PATCH%.*}
|
||||||
epatch "${FILESDIR}"/${PN}-6.3_p1-x509-hpn14v2-glue.patch
|
epatch "${FILESDIR}"/${PN}-6.3_p1-x509-hpn14v2-glue.patch
|
||||||
@ -121,10 +123,10 @@ src_prepare() {
|
|||||||
use ldap && ewarn "Sorry, X509 and LDAP conflict internally, disabling LDAP"
|
use ldap && ewarn "Sorry, X509 and LDAP conflict internally, disabling LDAP"
|
||||||
fi
|
fi
|
||||||
epatch "${FILESDIR}"/${PN}-4.7_p1-GSSAPI-dns.patch #165444 integrated into gsskex
|
epatch "${FILESDIR}"/${PN}-4.7_p1-GSSAPI-dns.patch #165444 integrated into gsskex
|
||||||
epatch "${FILESDIR}"/${PN}-6.6_p1-openssl-ignore-status.patch
|
epatch "${FILESDIR}"/${PN}-6.7_p1-openssl-ignore-status.patch
|
||||||
|
epatch "${WORKDIR}"/${PN}-6.7_p1-sctp.patch
|
||||||
if [[ -n ${HPN_PATCH} ]] && use hpn; then
|
if [[ -n ${HPN_PATCH} ]] && use hpn; then
|
||||||
epatch "${WORKDIR}"/${HPN_PATCH%.*}
|
epatch "${WORKDIR}"/${HPN_PATCH%.*}/*
|
||||||
epatch "${FILESDIR}"/${PN}-6.5_p1-hpn-cipher-align.patch #498632
|
|
||||||
save_version HPN
|
save_version HPN
|
||||||
fi
|
fi
|
||||||
|
|
||||||
@ -171,7 +173,7 @@ static_use_with() {
|
|||||||
}
|
}
|
||||||
|
|
||||||
src_configure() {
|
src_configure() {
|
||||||
local myconf
|
local myconf=()
|
||||||
addwrite /dev/ptmx
|
addwrite /dev/ptmx
|
||||||
addpredict /etc/skey/skeykeys #skey configure code triggers this
|
addpredict /etc/skey/skeykeys #skey configure code triggers this
|
||||||
|
|
||||||
@ -179,14 +181,14 @@ src_configure() {
|
|||||||
|
|
||||||
# Special settings for Gentoo/FreeBSD 9.0 or later (see bug #391011)
|
# Special settings for Gentoo/FreeBSD 9.0 or later (see bug #391011)
|
||||||
if use elibc_FreeBSD && version_is_at_least 9.0 "$(uname -r|sed 's/\(.\..\).*/\1/')" ; then
|
if use elibc_FreeBSD && version_is_at_least 9.0 "$(uname -r|sed 's/\(.\..\).*/\1/')" ; then
|
||||||
myconf="${myconf} --disable-utmp --disable-wtmp --disable-wtmpx"
|
myconf+=( --disable-utmp --disable-wtmp --disable-wtmpx )
|
||||||
append-ldflags -lutil
|
append-ldflags -lutil
|
||||||
fi
|
fi
|
||||||
|
|
||||||
econf \
|
econf \
|
||||||
--with-ldflags="${LDFLAGS}" \
|
--with-ldflags="${LDFLAGS}" \
|
||||||
--disable-strip \
|
--disable-strip \
|
||||||
--with-pid-dir="${EPREFIX}"/var/run \
|
--with-pid-dir="${EPREFIX}"$(usex kernel_linux '' '/var')/run \
|
||||||
--sysconfdir="${EPREFIX}"/etc/ssh \
|
--sysconfdir="${EPREFIX}"/etc/ssh \
|
||||||
--libexecdir="${EPREFIX}"/usr/$(get_libdir)/misc \
|
--libexecdir="${EPREFIX}"/usr/$(get_libdir)/misc \
|
||||||
--datadir="${EPREFIX}"/usr/share/openssh \
|
--datadir="${EPREFIX}"/usr/share/openssh \
|
||||||
@ -195,14 +197,15 @@ src_configure() {
|
|||||||
--with-md5-passwords \
|
--with-md5-passwords \
|
||||||
--with-ssl-engine \
|
--with-ssl-engine \
|
||||||
$(static_use_with pam) \
|
$(static_use_with pam) \
|
||||||
$(static_use_with kerberos kerberos5 /usr) \
|
$(static_use_with kerberos kerberos5 "${EPREFIX}"/usr) \
|
||||||
${LDAP_PATCH:+$(use X509 || ( use ldap && use_with ldap ))} \
|
${LDAP_PATCH:+$(use X509 || ( use ldap && use_with ldap ))} \
|
||||||
$(use_with ldns) \
|
$(use_with ldns) \
|
||||||
$(use_with libedit) \
|
$(use_with libedit) \
|
||||||
|
$(use_with pie) \
|
||||||
|
$(use_with sctp) \
|
||||||
$(use_with selinux) \
|
$(use_with selinux) \
|
||||||
$(use_with skey) \
|
$(use_with skey) \
|
||||||
$(use_with tcpd tcp-wrappers) \
|
"${myconf[@]}"
|
||||||
${myconf}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
src_install() {
|
src_install() {
|
||||||
@ -312,8 +315,9 @@ pkg_postinst() {
|
|||||||
# This instruction is from the HPN webpage,
|
# This instruction is from the HPN webpage,
|
||||||
# Used for the server logging functionality
|
# Used for the server logging functionality
|
||||||
if [[ -n ${HPN_PATCH} ]] && use hpn ; then
|
if [[ -n ${HPN_PATCH} ]] && use hpn ; then
|
||||||
echo
|
|
||||||
einfo "For the HPN server logging patch, you must ensure that"
|
einfo "For the HPN server logging patch, you must ensure that"
|
||||||
einfo "your syslog application also listens at /var/empty/dev/log."
|
einfo "your syslog application also listens at /var/empty/dev/log."
|
||||||
fi
|
fi
|
||||||
|
elog "Note: openssh-6.7 versions no longer support USE=tcpd as upstream has"
|
||||||
|
elog " dropped it. Make sure to update any configs that you might have."
|
||||||
}
|
}
|
324
sdk_container/src/third_party/portage-stable/net-misc/openssh/openssh-6.7_p1-r4.ebuild
vendored
Normal file
324
sdk_container/src/third_party/portage-stable/net-misc/openssh/openssh-6.7_p1-r4.ebuild
vendored
Normal file
@ -0,0 +1,324 @@
|
|||||||
|
# Copyright 1999-2015 Gentoo Foundation
|
||||||
|
# Distributed under the terms of the GNU General Public License v2
|
||||||
|
# $Header: /var/cvsroot/gentoo-x86/net-misc/openssh/openssh-6.7_p1-r4.ebuild,v 1.1 2015/02/27 22:06:53 chutzpah Exp $
|
||||||
|
|
||||||
|
EAPI="4"
|
||||||
|
inherit eutils user flag-o-matic multilib autotools pam systemd versionator
|
||||||
|
|
||||||
|
# Make it more portable between straight releases
|
||||||
|
# and _p? releases.
|
||||||
|
PARCH=${P/_}
|
||||||
|
|
||||||
|
HPN_PATCH="${PN}-6.7p1-hpnssh14v5.tar.xz"
|
||||||
|
LDAP_PATCH="${PN}-lpk-6.7p1-0.3.14.patch.xz"
|
||||||
|
X509_VER="8.2" X509_PATCH="${PARCH}+x509-${X509_VER}.diff.gz"
|
||||||
|
|
||||||
|
DESCRIPTION="Port of OpenBSD's free SSH release"
|
||||||
|
HOMEPAGE="http://www.openssh.org/"
|
||||||
|
SRC_URI="mirror://openbsd/OpenSSH/portable/${PARCH}.tar.gz
|
||||||
|
mirror://gentoo/${P}-sctp.patch.xz
|
||||||
|
${HPN_PATCH:+hpn? (
|
||||||
|
mirror://gentoo/${HPN_PATCH}
|
||||||
|
http://dev.gentoo.org/~vapier/dist/${HPN_PATCH}
|
||||||
|
mirror://sourceforge/hpnssh/${HPN_PATCH}
|
||||||
|
)}
|
||||||
|
${LDAP_PATCH:+ldap? ( mirror://gentoo/${LDAP_PATCH} )}
|
||||||
|
${X509_PATCH:+X509? ( http://roumenpetrov.info/openssh/x509-${X509_VER}/${X509_PATCH} )}
|
||||||
|
"
|
||||||
|
|
||||||
|
LICENSE="BSD GPL-2"
|
||||||
|
SLOT="0"
|
||||||
|
KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~arm-linux ~x86-linux"
|
||||||
|
IUSE="bindist ${HPN_PATCH:++}hpn kerberos kernel_linux ldap ldns libedit pam +pie sctp selinux skey static X X509"
|
||||||
|
REQUIRED_USE="pie? ( !static )"
|
||||||
|
|
||||||
|
LIB_DEPEND="sctp? ( net-misc/lksctp-tools[static-libs(+)] )
|
||||||
|
selinux? ( >=sys-libs/libselinux-1.28[static-libs(+)] )
|
||||||
|
skey? ( >=sys-auth/skey-1.1.5-r1[static-libs(+)] )
|
||||||
|
libedit? ( dev-libs/libedit[static-libs(+)] )
|
||||||
|
>=dev-libs/openssl-0.9.6d:0[bindist=]
|
||||||
|
dev-libs/openssl[static-libs(+)]
|
||||||
|
>=sys-libs/zlib-1.2.3[static-libs(+)]"
|
||||||
|
RDEPEND="
|
||||||
|
!static? (
|
||||||
|
${LIB_DEPEND//\[static-libs(+)]}
|
||||||
|
ldns? (
|
||||||
|
!bindist? ( net-libs/ldns[ecdsa,ssl] )
|
||||||
|
bindist? ( net-libs/ldns[-ecdsa,ssl] )
|
||||||
|
)
|
||||||
|
)
|
||||||
|
pam? ( virtual/pam )
|
||||||
|
kerberos? ( virtual/krb5 )
|
||||||
|
ldap? ( net-nds/openldap )"
|
||||||
|
DEPEND="${RDEPEND}
|
||||||
|
static? (
|
||||||
|
${LIB_DEPEND}
|
||||||
|
ldns? (
|
||||||
|
!bindist? ( net-libs/ldns[ecdsa,ssl,static-libs(+)] )
|
||||||
|
bindist? ( net-libs/ldns[-ecdsa,ssl,static-libs(+)] )
|
||||||
|
)
|
||||||
|
)
|
||||||
|
virtual/pkgconfig
|
||||||
|
virtual/os-headers
|
||||||
|
sys-devel/autoconf"
|
||||||
|
RDEPEND="${RDEPEND}
|
||||||
|
pam? ( >=sys-auth/pambase-20081028 )
|
||||||
|
userland_GNU? ( virtual/shadow )
|
||||||
|
X? ( x11-apps/xauth )"
|
||||||
|
|
||||||
|
S=${WORKDIR}/${PARCH}
|
||||||
|
|
||||||
|
pkg_setup() {
|
||||||
|
# this sucks, but i'd rather have people unable to `emerge -u openssh`
|
||||||
|
# than not be able to log in to their server any more
|
||||||
|
maybe_fail() { [[ -z ${!2} ]] && echo "$1" ; }
|
||||||
|
local fail="
|
||||||
|
$(use X509 && maybe_fail X509 X509_PATCH)
|
||||||
|
$(use ldap && maybe_fail ldap LDAP_PATCH)
|
||||||
|
$(use hpn && maybe_fail hpn HPN_PATCH)
|
||||||
|
"
|
||||||
|
fail=$(echo ${fail})
|
||||||
|
if [[ -n ${fail} ]] ; then
|
||||||
|
eerror "Sorry, but this version does not yet support features"
|
||||||
|
eerror "that you requested: ${fail}"
|
||||||
|
eerror "Please mask ${PF} for now and check back later:"
|
||||||
|
eerror " # echo '=${CATEGORY}/${PF}' >> /etc/portage/package.mask"
|
||||||
|
die "booooo"
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
|
save_version() {
|
||||||
|
# version.h patch conflict avoidence
|
||||||
|
mv version.h version.h.$1
|
||||||
|
cp -f version.h.pristine version.h
|
||||||
|
}
|
||||||
|
|
||||||
|
src_prepare() {
|
||||||
|
sed -i \
|
||||||
|
-e "/_PATH_XAUTH/s:/usr/X11R6/bin/xauth:${EPREFIX}/usr/bin/xauth:" \
|
||||||
|
pathnames.h || die
|
||||||
|
# keep this as we need it to avoid the conflict between LPK and HPN changing
|
||||||
|
# this file.
|
||||||
|
cp version.h version.h.pristine
|
||||||
|
|
||||||
|
# don't break .ssh/authorized_keys2 for fun
|
||||||
|
sed -i '/^AuthorizedKeysFile/s:^:#:' sshd_config || die
|
||||||
|
|
||||||
|
epatch "${FILESDIR}"/${PN}-6.7_p1-sshd-gssapi-multihomed.patch #378361
|
||||||
|
if use X509 ; then
|
||||||
|
pushd .. >/dev/null
|
||||||
|
epatch "${FILESDIR}"/${P}-x509-glue.patch
|
||||||
|
epatch "${FILESDIR}"/${P}-sctp-x509-glue.patch
|
||||||
|
popd >/dev/null
|
||||||
|
epatch "${WORKDIR}"/${X509_PATCH%.*}
|
||||||
|
epatch "${FILESDIR}"/${PN}-6.3_p1-x509-hpn14v2-glue.patch
|
||||||
|
epatch "${FILESDIR}"/${PN}-6.7_p1-xmalloc-include.patch
|
||||||
|
save_version X509
|
||||||
|
fi
|
||||||
|
if ! use X509 ; then
|
||||||
|
if [[ -n ${LDAP_PATCH} ]] && use ldap ; then
|
||||||
|
epatch "${WORKDIR}"/${LDAP_PATCH%.*}
|
||||||
|
save_version LPK
|
||||||
|
fi
|
||||||
|
else
|
||||||
|
use ldap && ewarn "Sorry, X509 and LDAP conflict internally, disabling LDAP"
|
||||||
|
fi
|
||||||
|
epatch "${FILESDIR}"/${PN}-4.7_p1-GSSAPI-dns.patch #165444 integrated into gsskex
|
||||||
|
epatch "${FILESDIR}"/${PN}-6.7_p1-openssl-ignore-status.patch
|
||||||
|
epatch "${WORKDIR}"/${PN}-6.7_p1-sctp.patch
|
||||||
|
if [[ -n ${HPN_PATCH} ]] && use hpn; then
|
||||||
|
epatch "${WORKDIR}"/${HPN_PATCH%.*}/*
|
||||||
|
save_version HPN
|
||||||
|
fi
|
||||||
|
|
||||||
|
tc-export PKG_CONFIG
|
||||||
|
local sed_args=(
|
||||||
|
-e "s:-lcrypto:$(${PKG_CONFIG} --libs openssl):"
|
||||||
|
# Disable PATH reset, trust what portage gives us #254615
|
||||||
|
-e 's:^PATH=/:#PATH=/:'
|
||||||
|
# Disable fortify flags ... our gcc does this for us
|
||||||
|
-e 's:-D_FORTIFY_SOURCE=2::'
|
||||||
|
)
|
||||||
|
# The -ftrapv flag ICEs on hppa #505182
|
||||||
|
use hppa && sed_args+=(
|
||||||
|
-e '/CFLAGS/s:-ftrapv:-fdisable-this-test:'
|
||||||
|
-e '/OSSH_CHECK_CFLAG_LINK.*-ftrapv/d'
|
||||||
|
)
|
||||||
|
sed -i "${sed_args[@]}" configure{.ac,} || die
|
||||||
|
|
||||||
|
epatch_user #473004
|
||||||
|
|
||||||
|
# Now we can build a sane merged version.h
|
||||||
|
(
|
||||||
|
sed '/^#define SSH_RELEASE/d' version.h.* | sort -u
|
||||||
|
macros=()
|
||||||
|
for p in HPN LPK X509 ; do [ -e version.h.${p} ] && macros+=( SSH_${p} ) ; done
|
||||||
|
printf '#define SSH_RELEASE SSH_VERSION SSH_PORTABLE %s\n' "${macros}"
|
||||||
|
) > version.h
|
||||||
|
|
||||||
|
eautoreconf
|
||||||
|
}
|
||||||
|
|
||||||
|
static_use_with() {
|
||||||
|
local flag=$1
|
||||||
|
if use static && use ${flag} ; then
|
||||||
|
ewarn "Disabling '${flag}' support because of USE='static'"
|
||||||
|
# rebuild args so that we invert the first one (USE flag)
|
||||||
|
# but otherwise leave everything else working so we can
|
||||||
|
# just leverage use_with
|
||||||
|
shift
|
||||||
|
[[ -z $1 ]] && flag="${flag} ${flag}"
|
||||||
|
set -- !${flag} "$@"
|
||||||
|
fi
|
||||||
|
use_with "$@"
|
||||||
|
}
|
||||||
|
|
||||||
|
src_configure() {
|
||||||
|
local myconf=()
|
||||||
|
addwrite /dev/ptmx
|
||||||
|
addpredict /etc/skey/skeykeys #skey configure code triggers this
|
||||||
|
|
||||||
|
use static && append-ldflags -static
|
||||||
|
|
||||||
|
# Special settings for Gentoo/FreeBSD 9.0 or later (see bug #391011)
|
||||||
|
if use elibc_FreeBSD && version_is_at_least 9.0 "$(uname -r|sed 's/\(.\..\).*/\1/')" ; then
|
||||||
|
myconf+=( --disable-utmp --disable-wtmp --disable-wtmpx )
|
||||||
|
append-ldflags -lutil
|
||||||
|
fi
|
||||||
|
|
||||||
|
econf \
|
||||||
|
--with-ldflags="${LDFLAGS}" \
|
||||||
|
--disable-strip \
|
||||||
|
--with-pid-dir="${EPREFIX}"$(usex kernel_linux '' '/var')/run \
|
||||||
|
--sysconfdir="${EPREFIX}"/etc/ssh \
|
||||||
|
--libexecdir="${EPREFIX}"/usr/$(get_libdir)/misc \
|
||||||
|
--datadir="${EPREFIX}"/usr/share/openssh \
|
||||||
|
--with-privsep-path="${EPREFIX}"/var/empty \
|
||||||
|
--with-privsep-user=sshd \
|
||||||
|
--with-md5-passwords \
|
||||||
|
--with-ssl-engine \
|
||||||
|
$(static_use_with pam) \
|
||||||
|
$(static_use_with kerberos kerberos5 "${EPREFIX}"/usr) \
|
||||||
|
${LDAP_PATCH:+$(use X509 || ( use ldap && use_with ldap ))} \
|
||||||
|
$(use_with ldns) \
|
||||||
|
$(use_with libedit) \
|
||||||
|
$(use_with pie) \
|
||||||
|
$(use_with sctp) \
|
||||||
|
$(use_with selinux) \
|
||||||
|
$(use_with skey) \
|
||||||
|
"${myconf[@]}"
|
||||||
|
}
|
||||||
|
|
||||||
|
src_install() {
|
||||||
|
emake install-nokeys DESTDIR="${D}"
|
||||||
|
fperms 600 /etc/ssh/sshd_config
|
||||||
|
dobin contrib/ssh-copy-id
|
||||||
|
newinitd "${FILESDIR}"/sshd.rc6.4 sshd
|
||||||
|
newconfd "${FILESDIR}"/sshd.confd sshd
|
||||||
|
keepdir /var/empty
|
||||||
|
|
||||||
|
# not all openssl installs support ecc, or are functional #352645
|
||||||
|
if ! grep -q '#define OPENSSL_HAS_ECC 1' config.h ; then
|
||||||
|
elog "dev-libs/openssl was built with 'bindist' - disabling ecdsa support"
|
||||||
|
sed -i 's:&& gen_key ecdsa::' "${ED}"/etc/init.d/sshd || die
|
||||||
|
fi
|
||||||
|
|
||||||
|
newpamd "${FILESDIR}"/sshd.pam_include.2 sshd
|
||||||
|
if use pam ; then
|
||||||
|
sed -i \
|
||||||
|
-e "/^#UsePAM /s:.*:UsePAM yes:" \
|
||||||
|
-e "/^#PasswordAuthentication /s:.*:PasswordAuthentication no:" \
|
||||||
|
-e "/^#PrintMotd /s:.*:PrintMotd no:" \
|
||||||
|
-e "/^#PrintLastLog /s:.*:PrintLastLog no:" \
|
||||||
|
"${ED}"/etc/ssh/sshd_config || die "sed of configuration file failed"
|
||||||
|
fi
|
||||||
|
|
||||||
|
# Gentoo tweaks to default config files
|
||||||
|
cat <<-EOF >> "${ED}"/etc/ssh/sshd_config
|
||||||
|
|
||||||
|
# Allow client to pass locale environment variables #367017
|
||||||
|
AcceptEnv LANG LC_*
|
||||||
|
EOF
|
||||||
|
cat <<-EOF >> "${ED}"/etc/ssh/ssh_config
|
||||||
|
|
||||||
|
# Send locale environment variables #367017
|
||||||
|
SendEnv LANG LC_*
|
||||||
|
EOF
|
||||||
|
|
||||||
|
# This instruction is from the HPN webpage,
|
||||||
|
# Used for the server logging functionality
|
||||||
|
if [[ -n ${HPN_PATCH} ]] && use hpn ; then
|
||||||
|
keepdir /var/empty/dev
|
||||||
|
fi
|
||||||
|
|
||||||
|
if ! use X509 && [[ -n ${LDAP_PATCH} ]] && use ldap ; then
|
||||||
|
insinto /etc/openldap/schema/
|
||||||
|
newins openssh-lpk_openldap.schema openssh-lpk.schema
|
||||||
|
fi
|
||||||
|
|
||||||
|
doman contrib/ssh-copy-id.1
|
||||||
|
dodoc ChangeLog CREDITS OVERVIEW README* TODO sshd_config
|
||||||
|
|
||||||
|
diropts -m 0700
|
||||||
|
dodir /etc/skel/.ssh
|
||||||
|
|
||||||
|
systemd_dounit "${FILESDIR}"/sshd.{service,socket}
|
||||||
|
systemd_newunit "${FILESDIR}"/sshd_at.service 'sshd@.service'
|
||||||
|
}
|
||||||
|
|
||||||
|
src_test() {
|
||||||
|
local t tests skipped failed passed shell
|
||||||
|
tests="interop-tests compat-tests"
|
||||||
|
skipped=""
|
||||||
|
shell=$(egetshell ${UID})
|
||||||
|
if [[ ${shell} == */nologin ]] || [[ ${shell} == */false ]] ; then
|
||||||
|
elog "Running the full OpenSSH testsuite"
|
||||||
|
elog "requires a usable shell for the 'portage'"
|
||||||
|
elog "user, so we will run a subset only."
|
||||||
|
skipped="${skipped} tests"
|
||||||
|
else
|
||||||
|
tests="${tests} tests"
|
||||||
|
fi
|
||||||
|
# It will also attempt to write to the homedir .ssh
|
||||||
|
local sshhome=${T}/homedir
|
||||||
|
mkdir -p "${sshhome}"/.ssh
|
||||||
|
for t in ${tests} ; do
|
||||||
|
# Some tests read from stdin ...
|
||||||
|
HOMEDIR="${sshhome}" \
|
||||||
|
emake -k -j1 ${t} </dev/null \
|
||||||
|
&& passed="${passed}${t} " \
|
||||||
|
|| failed="${failed}${t} "
|
||||||
|
done
|
||||||
|
einfo "Passed tests: ${passed}"
|
||||||
|
ewarn "Skipped tests: ${skipped}"
|
||||||
|
if [[ -n ${failed} ]] ; then
|
||||||
|
ewarn "Failed tests: ${failed}"
|
||||||
|
die "Some tests failed: ${failed}"
|
||||||
|
else
|
||||||
|
einfo "Failed tests: ${failed}"
|
||||||
|
return 0
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
|
pkg_preinst() {
|
||||||
|
enewgroup sshd 22
|
||||||
|
enewuser sshd 22 -1 /var/empty sshd
|
||||||
|
}
|
||||||
|
|
||||||
|
pkg_postinst() {
|
||||||
|
if has_version "<${CATEGORY}/${PN}-5.8_p1" ; then
|
||||||
|
elog "Starting with openssh-5.8p1, the server will default to a newer key"
|
||||||
|
elog "algorithm (ECDSA). You are encouraged to manually update your stored"
|
||||||
|
elog "keys list as servers update theirs. See ssh-keyscan(1) for more info."
|
||||||
|
fi
|
||||||
|
ewarn "Remember to merge your config files in /etc/ssh/ and then"
|
||||||
|
ewarn "reload sshd: '/etc/init.d/sshd reload'."
|
||||||
|
# This instruction is from the HPN webpage,
|
||||||
|
# Used for the server logging functionality
|
||||||
|
if [[ -n ${HPN_PATCH} ]] && use hpn ; then
|
||||||
|
einfo "For the HPN server logging patch, you must ensure that"
|
||||||
|
einfo "your syslog application also listens at /var/empty/dev/log."
|
||||||
|
fi
|
||||||
|
elog "Note: openssh-6.7 versions no longer support USE=tcpd as upstream has"
|
||||||
|
elog " dropped it. Make sure to update any configs that you might have."
|
||||||
|
}
|
@ -1,6 +1,6 @@
|
|||||||
# Copyright 1999-2014 Gentoo Foundation
|
# Copyright 1999-2014 Gentoo Foundation
|
||||||
# Distributed under the terms of the GNU General Public License v2
|
# Distributed under the terms of the GNU General Public License v2
|
||||||
# $Header: /var/cvsroot/gentoo-x86/net-misc/openssh/openssh-6.6_p1-r1.ebuild,v 1.10 2014/03/23 09:54:17 ago Exp $
|
# $Header: /var/cvsroot/gentoo-x86/net-misc/openssh/openssh-6.7_p1.ebuild,v 1.13 2014/12/31 07:40:01 vapier Exp $
|
||||||
|
|
||||||
EAPI="4"
|
EAPI="4"
|
||||||
inherit eutils user flag-o-matic multilib autotools pam systemd versionator
|
inherit eutils user flag-o-matic multilib autotools pam systemd versionator
|
||||||
@ -9,32 +9,36 @@ inherit eutils user flag-o-matic multilib autotools pam systemd versionator
|
|||||||
# and _p? releases.
|
# and _p? releases.
|
||||||
PARCH=${P/_}
|
PARCH=${P/_}
|
||||||
|
|
||||||
#HPN_PATCH="${PN}-6.6p1-hpnssh14v4.diff.gz"
|
HPN_PATCH="${PN}-6.7p1-hpnssh14v5.tar.xz"
|
||||||
HPN_PATCH="${PN}-6.6p1-hpnssh14v4.diff.xz"
|
LDAP_PATCH="${PN}-lpk-6.7p1-0.3.14.patch.xz"
|
||||||
LDAP_PATCH="${PN}-lpk-6.5p1-0.3.14.patch.gz"
|
#X509_VER="8.1" X509_PATCH="${PARCH/6.7/6.6}+x509-${X509_VER}.diff.gz"
|
||||||
X509_VER="7.9" X509_PATCH="${PARCH}+x509-${X509_VER}.diff.gz"
|
|
||||||
|
|
||||||
DESCRIPTION="Port of OpenBSD's free SSH release"
|
DESCRIPTION="Port of OpenBSD's free SSH release"
|
||||||
HOMEPAGE="http://www.openssh.org/"
|
HOMEPAGE="http://www.openssh.org/"
|
||||||
SRC_URI="mirror://openbsd/OpenSSH/portable/${PARCH}.tar.gz
|
SRC_URI="mirror://openbsd/OpenSSH/portable/${PARCH}.tar.gz
|
||||||
${HPN_PATCH:+hpn? ( http://dev.gentoo.org/~polynomial-c/${HPN_PATCH} )}
|
mirror://gentoo/${P}-sctp.patch.xz
|
||||||
|
${HPN_PATCH:+hpn? (
|
||||||
|
mirror://gentoo/${HPN_PATCH}
|
||||||
|
http://dev.gentoo.org/~vapier/dist/${HPN_PATCH}
|
||||||
|
mirror://sourceforge/hpnssh/${HPN_PATCH}
|
||||||
|
)}
|
||||||
${LDAP_PATCH:+ldap? ( mirror://gentoo/${LDAP_PATCH} )}
|
${LDAP_PATCH:+ldap? ( mirror://gentoo/${LDAP_PATCH} )}
|
||||||
${X509_PATCH:+X509? ( http://roumenpetrov.info/openssh/x509-${X509_VER}/${X509_PATCH} )}
|
${X509_PATCH:+X509? ( http://roumenpetrov.info/openssh/x509-${X509_VER}/${X509_PATCH} )}
|
||||||
"
|
"
|
||||||
#${HPN_PATCH:+hpn? ( mirror://sourceforge/hpnssh/${HPN_PATCH} )}
|
|
||||||
|
|
||||||
LICENSE="BSD GPL-2"
|
LICENSE="BSD GPL-2"
|
||||||
SLOT="0"
|
SLOT="0"
|
||||||
KEYWORDS="alpha amd64 arm arm64 hppa ia64 m68k ~mips ppc ppc64 s390 sh sparc x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~arm-linux ~x86-linux"
|
KEYWORDS="alpha amd64 arm arm64 hppa ia64 m68k ~mips ppc ppc64 s390 sh sparc x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~arm-linux ~x86-linux"
|
||||||
IUSE="bindist ${HPN_PATCH:++}hpn kerberos ldap ldns libedit pam selinux skey static tcpd X X509"
|
IUSE="bindist ${HPN_PATCH:++}hpn kerberos ldap ldns libedit pam +pie sctp selinux skey static X X509"
|
||||||
|
REQUIRED_USE="pie? ( !static )"
|
||||||
|
|
||||||
LIB_DEPEND="selinux? ( >=sys-libs/libselinux-1.28[static-libs(+)] )
|
LIB_DEPEND="sctp? ( net-misc/lksctp-tools[static-libs(+)] )
|
||||||
|
selinux? ( >=sys-libs/libselinux-1.28[static-libs(+)] )
|
||||||
skey? ( >=sys-auth/skey-1.1.5-r1[static-libs(+)] )
|
skey? ( >=sys-auth/skey-1.1.5-r1[static-libs(+)] )
|
||||||
libedit? ( dev-libs/libedit[static-libs(+)] )
|
libedit? ( dev-libs/libedit[static-libs(+)] )
|
||||||
>=dev-libs/openssl-0.9.6d:0[bindist=]
|
>=dev-libs/openssl-0.9.6d:0[bindist=]
|
||||||
dev-libs/openssl[static-libs(+)]
|
dev-libs/openssl[static-libs(+)]
|
||||||
>=sys-libs/zlib-1.2.3[static-libs(+)]
|
>=sys-libs/zlib-1.2.3[static-libs(+)]"
|
||||||
tcpd? ( >=sys-apps/tcp-wrappers-7.6[static-libs(+)] )"
|
|
||||||
RDEPEND="
|
RDEPEND="
|
||||||
!static? (
|
!static? (
|
||||||
${LIB_DEPEND//\[static-libs(+)]}
|
${LIB_DEPEND//\[static-libs(+)]}
|
||||||
@ -100,11 +104,11 @@ src_prepare() {
|
|||||||
# don't break .ssh/authorized_keys2 for fun
|
# don't break .ssh/authorized_keys2 for fun
|
||||||
sed -i '/^AuthorizedKeysFile/s:^:#:' sshd_config || die
|
sed -i '/^AuthorizedKeysFile/s:^:#:' sshd_config || die
|
||||||
|
|
||||||
epatch "${FILESDIR}"/${PN}-5.9_p1-sshd-gssapi-multihomed.patch #378361
|
epatch "${FILESDIR}"/${PN}-6.7_p1-sshd-gssapi-multihomed.patch #378361
|
||||||
if use X509 ; then
|
if use X509 ; then
|
||||||
pushd .. >/dev/null
|
pushd .. >/dev/null
|
||||||
epatch "${FILESDIR}"/${PN}-6.6_p1-x509-glue.patch
|
epatch "${FILESDIR}"/${PN}-6.6.1_p1-x509-glue.patch
|
||||||
use hpn && epatch "${FILESDIR}"/${PN}-6.6_p1-x509-hpn14v4-glue-p2.patch
|
use hpn && epatch "${FILESDIR}"/${PN}-6.6.1_p1-x509-hpn14v5-glue.patch
|
||||||
popd >/dev/null
|
popd >/dev/null
|
||||||
epatch "${WORKDIR}"/${X509_PATCH%.*}
|
epatch "${WORKDIR}"/${X509_PATCH%.*}
|
||||||
epatch "${FILESDIR}"/${PN}-6.3_p1-x509-hpn14v2-glue.patch
|
epatch "${FILESDIR}"/${PN}-6.3_p1-x509-hpn14v2-glue.patch
|
||||||
@ -119,10 +123,10 @@ src_prepare() {
|
|||||||
use ldap && ewarn "Sorry, X509 and LDAP conflict internally, disabling LDAP"
|
use ldap && ewarn "Sorry, X509 and LDAP conflict internally, disabling LDAP"
|
||||||
fi
|
fi
|
||||||
epatch "${FILESDIR}"/${PN}-4.7_p1-GSSAPI-dns.patch #165444 integrated into gsskex
|
epatch "${FILESDIR}"/${PN}-4.7_p1-GSSAPI-dns.patch #165444 integrated into gsskex
|
||||||
epatch "${FILESDIR}"/${PN}-6.6_p1-openssl-ignore-status.patch
|
epatch "${FILESDIR}"/${PN}-6.7_p1-openssl-ignore-status.patch
|
||||||
|
epatch "${WORKDIR}"/${PN}-6.7_p1-sctp.patch
|
||||||
if [[ -n ${HPN_PATCH} ]] && use hpn; then
|
if [[ -n ${HPN_PATCH} ]] && use hpn; then
|
||||||
epatch "${WORKDIR}"/${HPN_PATCH%.*}
|
epatch "${WORKDIR}"/${HPN_PATCH%.*}/*
|
||||||
epatch "${FILESDIR}"/${PN}-6.5_p1-hpn-cipher-align.patch #498632
|
|
||||||
save_version HPN
|
save_version HPN
|
||||||
fi
|
fi
|
||||||
|
|
||||||
@ -169,7 +173,7 @@ static_use_with() {
|
|||||||
}
|
}
|
||||||
|
|
||||||
src_configure() {
|
src_configure() {
|
||||||
local myconf
|
local myconf=()
|
||||||
addwrite /dev/ptmx
|
addwrite /dev/ptmx
|
||||||
addpredict /etc/skey/skeykeys #skey configure code triggers this
|
addpredict /etc/skey/skeykeys #skey configure code triggers this
|
||||||
|
|
||||||
@ -177,7 +181,7 @@ src_configure() {
|
|||||||
|
|
||||||
# Special settings for Gentoo/FreeBSD 9.0 or later (see bug #391011)
|
# Special settings for Gentoo/FreeBSD 9.0 or later (see bug #391011)
|
||||||
if use elibc_FreeBSD && version_is_at_least 9.0 "$(uname -r|sed 's/\(.\..\).*/\1/')" ; then
|
if use elibc_FreeBSD && version_is_at_least 9.0 "$(uname -r|sed 's/\(.\..\).*/\1/')" ; then
|
||||||
myconf="${myconf} --disable-utmp --disable-wtmp --disable-wtmpx"
|
myconf+=( --disable-utmp --disable-wtmp --disable-wtmpx )
|
||||||
append-ldflags -lutil
|
append-ldflags -lutil
|
||||||
fi
|
fi
|
||||||
|
|
||||||
@ -193,14 +197,15 @@ src_configure() {
|
|||||||
--with-md5-passwords \
|
--with-md5-passwords \
|
||||||
--with-ssl-engine \
|
--with-ssl-engine \
|
||||||
$(static_use_with pam) \
|
$(static_use_with pam) \
|
||||||
$(static_use_with kerberos kerberos5 /usr) \
|
$(static_use_with kerberos kerberos5 "${EPREFIX}"/usr) \
|
||||||
${LDAP_PATCH:+$(use X509 || ( use ldap && use_with ldap ))} \
|
${LDAP_PATCH:+$(use X509 || ( use ldap && use_with ldap ))} \
|
||||||
$(use_with ldns) \
|
$(use_with ldns) \
|
||||||
$(use_with libedit) \
|
$(use_with libedit) \
|
||||||
|
$(use_with pie) \
|
||||||
|
$(use_with sctp) \
|
||||||
$(use_with selinux) \
|
$(use_with selinux) \
|
||||||
$(use_with skey) \
|
$(use_with skey) \
|
||||||
$(use_with tcpd tcp-wrappers) \
|
"${myconf[@]}"
|
||||||
${myconf}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
src_install() {
|
src_install() {
|
||||||
@ -310,8 +315,9 @@ pkg_postinst() {
|
|||||||
# This instruction is from the HPN webpage,
|
# This instruction is from the HPN webpage,
|
||||||
# Used for the server logging functionality
|
# Used for the server logging functionality
|
||||||
if [[ -n ${HPN_PATCH} ]] && use hpn ; then
|
if [[ -n ${HPN_PATCH} ]] && use hpn ; then
|
||||||
echo
|
|
||||||
einfo "For the HPN server logging patch, you must ensure that"
|
einfo "For the HPN server logging patch, you must ensure that"
|
||||||
einfo "your syslog application also listens at /var/empty/dev/log."
|
einfo "your syslog application also listens at /var/empty/dev/log."
|
||||||
fi
|
fi
|
||||||
|
elog "Note: openssh-6.7 versions no longer support USE=tcpd as upstream has"
|
||||||
|
elog " dropped it. Make sure to update any configs that you might have."
|
||||||
}
|
}
|
Loading…
x
Reference in New Issue
Block a user