Merge pull request #173 from crawford/ssh

bump(net-misc/openssh): sync with upstream
This commit is contained in:
Alex Crawford 2015-03-18 10:43:46 -07:00
commit e811f263fa
23 changed files with 717 additions and 495 deletions

View File

@ -1,13 +0,0 @@
DEFINED_PHASES=configure install postinst preinst prepare setup test
DEPEND=!static? ( selinux? ( >=sys-libs/libselinux-1.28 ) skey? ( >=sys-auth/skey-1.1.5-r1 ) libedit? ( dev-libs/libedit ) >=dev-libs/openssl-0.9.6d:0[bindist=] dev-libs/openssl >=sys-libs/zlib-1.2.3 tcpd? ( >=sys-apps/tcp-wrappers-7.6 ) ldns? ( !bindist? ( net-libs/ldns[ecdsa,ssl] ) bindist? ( net-libs/ldns[-ecdsa,ssl] ) ) ) pam? ( virtual/pam ) kerberos? ( virtual/krb5 ) ldap? ( net-nds/openldap ) static? ( selinux? ( >=sys-libs/libselinux-1.28[static-libs(+)] ) skey? ( >=sys-auth/skey-1.1.5-r1[static-libs(+)] ) libedit? ( dev-libs/libedit[static-libs(+)] ) >=dev-libs/openssl-0.9.6d:0[bindist=] dev-libs/openssl[static-libs(+)] >=sys-libs/zlib-1.2.3[static-libs(+)] tcpd? ( >=sys-apps/tcp-wrappers-7.6[static-libs(+)] ) ldns? ( !bindist? ( net-libs/ldns[ecdsa,ssl,static-libs(+)] ) bindist? ( net-libs/ldns[-ecdsa,ssl,static-libs(+)] ) ) ) virtual/pkgconfig virtual/os-headers sys-devel/autoconf !<sys-devel/gettext-0.18.1.1-r3 || ( >=sys-devel/automake-1.13:1.13 >=sys-devel/automake-1.14:1.14 ) >=sys-devel/autoconf-2.69 >=sys-devel/libtool-2.4 virtual/pkgconfig
DESCRIPTION=Port of OpenBSD's free SSH release
EAPI=4
HOMEPAGE=http://www.openssh.org/
IUSE=bindist +hpn kerberos ldap ldns libedit pam selinux skey static tcpd X X509
KEYWORDS=~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~arm-linux ~x86-linux
LICENSE=BSD GPL-2
RDEPEND=!static? ( selinux? ( >=sys-libs/libselinux-1.28 ) skey? ( >=sys-auth/skey-1.1.5-r1 ) libedit? ( dev-libs/libedit ) >=dev-libs/openssl-0.9.6d:0[bindist=] dev-libs/openssl >=sys-libs/zlib-1.2.3 tcpd? ( >=sys-apps/tcp-wrappers-7.6 ) ldns? ( !bindist? ( net-libs/ldns[ecdsa,ssl] ) bindist? ( net-libs/ldns[-ecdsa,ssl] ) ) ) pam? ( virtual/pam ) kerberos? ( virtual/krb5 ) ldap? ( net-nds/openldap ) pam? ( >=sys-auth/pambase-20081028 ) userland_GNU? ( virtual/shadow ) X? ( x11-apps/xauth )
SLOT=0
SRC_URI=mirror://openbsd/OpenSSH/portable/openssh-6.6p1.tar.gz hpn? ( http://dev.gentoo.org/~polynomial-c/openssh-6.6.1p1-hpnssh14v4.diff.xz ) ldap? ( mirror://gentoo/openssh-lpk-6.5p1-0.3.14.patch.gz ) X509? ( http://roumenpetrov.info/openssh/x509-7.9/openssh-6.6p1+x509-7.9.diff.gz )
_eclasses_=autotools c118b9a8e93bfef124f2d7a2fe56a95e eutils 6faef4c127028ccbba3a11400d24ae34 flag-o-matic eda1c0b5ba85b3eeb555a071d69eb819 libtool 52d0e17251d04645ffaa61bfdd858944 multilib 3bf24e6abb9b76d9f6c20600f0b716bf pam aa1ebb3ab720ea04dbbdd6eaaf9554ed systemd 090342761f573a8280dd5aa6b0345f3b toolchain-funcs 0dfbfa13f57c6184f4728d12ac002aac user f54e098dd38ba1c0847a13e685b87747 versionator cd0bcdb170807e4a1984115e9d53a26f
_md5_=adacc649501da615168ff21c1ca1e739

View File

@ -1,13 +0,0 @@
DEFINED_PHASES=configure install postinst preinst prepare setup test
DEPEND=!static? ( selinux? ( >=sys-libs/libselinux-1.28 ) skey? ( >=sys-auth/skey-1.1.5-r1 ) libedit? ( dev-libs/libedit ) >=dev-libs/openssl-0.9.6d:0[bindist=] dev-libs/openssl >=sys-libs/zlib-1.2.3 tcpd? ( >=sys-apps/tcp-wrappers-7.6 ) ldns? ( !bindist? ( net-libs/ldns[ecdsa,ssl] ) bindist? ( net-libs/ldns[-ecdsa,ssl] ) ) ) pam? ( virtual/pam ) kerberos? ( virtual/krb5 ) ldap? ( net-nds/openldap ) static? ( selinux? ( >=sys-libs/libselinux-1.28[static-libs(+)] ) skey? ( >=sys-auth/skey-1.1.5-r1[static-libs(+)] ) libedit? ( dev-libs/libedit[static-libs(+)] ) >=dev-libs/openssl-0.9.6d:0[bindist=] dev-libs/openssl[static-libs(+)] >=sys-libs/zlib-1.2.3[static-libs(+)] tcpd? ( >=sys-apps/tcp-wrappers-7.6[static-libs(+)] ) ldns? ( !bindist? ( net-libs/ldns[ecdsa,ssl,static-libs(+)] ) bindist? ( net-libs/ldns[-ecdsa,ssl,static-libs(+)] ) ) ) virtual/pkgconfig virtual/os-headers sys-devel/autoconf !<sys-devel/gettext-0.18.1.1-r3 || ( >=sys-devel/automake-1.13:1.13 >=sys-devel/automake-1.14:1.14 ) >=sys-devel/autoconf-2.69 >=sys-devel/libtool-2.4 virtual/pkgconfig
DESCRIPTION=Port of OpenBSD's free SSH release
EAPI=4
HOMEPAGE=http://www.openssh.org/
IUSE=bindist +hpn kerberos ldap ldns libedit pam selinux skey static tcpd X X509
KEYWORDS=alpha amd64 arm arm64 hppa ia64 m68k ~mips ppc ppc64 s390 sh sparc x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~arm-linux ~x86-linux
LICENSE=BSD GPL-2
RDEPEND=!static? ( selinux? ( >=sys-libs/libselinux-1.28 ) skey? ( >=sys-auth/skey-1.1.5-r1 ) libedit? ( dev-libs/libedit ) >=dev-libs/openssl-0.9.6d:0[bindist=] dev-libs/openssl >=sys-libs/zlib-1.2.3 tcpd? ( >=sys-apps/tcp-wrappers-7.6 ) ldns? ( !bindist? ( net-libs/ldns[ecdsa,ssl] ) bindist? ( net-libs/ldns[-ecdsa,ssl] ) ) ) pam? ( virtual/pam ) kerberos? ( virtual/krb5 ) ldap? ( net-nds/openldap ) pam? ( >=sys-auth/pambase-20081028 ) userland_GNU? ( virtual/shadow ) X? ( x11-apps/xauth )
SLOT=0
SRC_URI=mirror://openbsd/OpenSSH/portable/openssh-6.6p1.tar.gz hpn? ( http://dev.gentoo.org/~polynomial-c/openssh-6.6p1-hpnssh14v4.diff.xz ) ldap? ( mirror://gentoo/openssh-lpk-6.5p1-0.3.14.patch.gz ) X509? ( http://roumenpetrov.info/openssh/x509-7.9/openssh-6.6p1+x509-7.9.diff.gz )
_eclasses_=autotools c118b9a8e93bfef124f2d7a2fe56a95e eutils 6faef4c127028ccbba3a11400d24ae34 flag-o-matic eda1c0b5ba85b3eeb555a071d69eb819 libtool 52d0e17251d04645ffaa61bfdd858944 multilib 3bf24e6abb9b76d9f6c20600f0b716bf pam aa1ebb3ab720ea04dbbdd6eaaf9554ed systemd 090342761f573a8280dd5aa6b0345f3b toolchain-funcs 0dfbfa13f57c6184f4728d12ac002aac user f54e098dd38ba1c0847a13e685b87747 versionator cd0bcdb170807e4a1984115e9d53a26f
_md5_=179c120a4e2844fd997c311c17b95b4e

View File

@ -0,0 +1,14 @@
DEFINED_PHASES=configure install postinst preinst prepare setup test
DEPEND=!static? ( sctp? ( net-misc/lksctp-tools ) selinux? ( >=sys-libs/libselinux-1.28 ) skey? ( >=sys-auth/skey-1.1.5-r1 ) libedit? ( dev-libs/libedit ) >=dev-libs/openssl-0.9.6d:0[bindist=] dev-libs/openssl >=sys-libs/zlib-1.2.3 ldns? ( !bindist? ( net-libs/ldns[ecdsa,ssl] ) bindist? ( net-libs/ldns[-ecdsa,ssl] ) ) ) pam? ( virtual/pam ) kerberos? ( virtual/krb5 ) ldap? ( net-nds/openldap ) static? ( sctp? ( net-misc/lksctp-tools[static-libs(+)] ) selinux? ( >=sys-libs/libselinux-1.28[static-libs(+)] ) skey? ( >=sys-auth/skey-1.1.5-r1[static-libs(+)] ) libedit? ( dev-libs/libedit[static-libs(+)] ) >=dev-libs/openssl-0.9.6d:0[bindist=] dev-libs/openssl[static-libs(+)] >=sys-libs/zlib-1.2.3[static-libs(+)] ldns? ( !bindist? ( net-libs/ldns[ecdsa,ssl,static-libs(+)] ) bindist? ( net-libs/ldns[-ecdsa,ssl,static-libs(+)] ) ) ) virtual/pkgconfig virtual/os-headers sys-devel/autoconf !<sys-devel/gettext-0.18.1.1-r3 || ( >=sys-devel/automake-1.13:1.13 >=sys-devel/automake-1.14:1.14 ) >=sys-devel/autoconf-2.69 >=sys-devel/libtool-2.4 virtual/pkgconfig
DESCRIPTION=Port of OpenBSD's free SSH release
EAPI=4
HOMEPAGE=http://www.openssh.org/
IUSE=bindist +hpn kerberos ldap ldns libedit pam +pie sctp selinux skey static X X509
KEYWORDS=alpha amd64 arm arm64 hppa ia64 m68k ~mips ppc ppc64 s390 sh sparc x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~arm-linux ~x86-linux
LICENSE=BSD GPL-2
RDEPEND=!static? ( sctp? ( net-misc/lksctp-tools ) selinux? ( >=sys-libs/libselinux-1.28 ) skey? ( >=sys-auth/skey-1.1.5-r1 ) libedit? ( dev-libs/libedit ) >=dev-libs/openssl-0.9.6d:0[bindist=] dev-libs/openssl >=sys-libs/zlib-1.2.3 ldns? ( !bindist? ( net-libs/ldns[ecdsa,ssl] ) bindist? ( net-libs/ldns[-ecdsa,ssl] ) ) ) pam? ( virtual/pam ) kerberos? ( virtual/krb5 ) ldap? ( net-nds/openldap ) pam? ( >=sys-auth/pambase-20081028 ) userland_GNU? ( virtual/shadow ) X? ( x11-apps/xauth )
REQUIRED_USE=pie? ( !static )
SLOT=0
SRC_URI=mirror://openbsd/OpenSSH/portable/openssh-6.7p1.tar.gz mirror://gentoo/openssh-6.7_p1-sctp.patch.xz hpn? ( mirror://gentoo/openssh-6.7p1-hpnssh14v5.tar.xz http://dev.gentoo.org/~vapier/dist/openssh-6.7p1-hpnssh14v5.tar.xz mirror://sourceforge/hpnssh/openssh-6.7p1-hpnssh14v5.tar.xz ) ldap? ( mirror://gentoo/openssh-lpk-6.7p1-0.3.14.patch.xz )
_eclasses_=autotools c118b9a8e93bfef124f2d7a2fe56a95e eutils 6faef4c127028ccbba3a11400d24ae34 flag-o-matic eda1c0b5ba85b3eeb555a071d69eb819 libtool 52d0e17251d04645ffaa61bfdd858944 multilib 3bf24e6abb9b76d9f6c20600f0b716bf pam aa1ebb3ab720ea04dbbdd6eaaf9554ed systemd 090342761f573a8280dd5aa6b0345f3b toolchain-funcs 0dfbfa13f57c6184f4728d12ac002aac user f54e098dd38ba1c0847a13e685b87747 versionator cd0bcdb170807e4a1984115e9d53a26f
_md5_=99cf0d8b634db4e1f271aa7512b7bf8b

View File

@ -0,0 +1,14 @@
DEFINED_PHASES=configure install postinst preinst prepare setup test
DEPEND=!static? ( sctp? ( net-misc/lksctp-tools ) selinux? ( >=sys-libs/libselinux-1.28 ) skey? ( >=sys-auth/skey-1.1.5-r1 ) libedit? ( dev-libs/libedit ) >=dev-libs/openssl-0.9.6d:0[bindist=] dev-libs/openssl >=sys-libs/zlib-1.2.3 ldns? ( !bindist? ( net-libs/ldns[ecdsa,ssl] ) bindist? ( net-libs/ldns[-ecdsa,ssl] ) ) ) pam? ( virtual/pam ) kerberos? ( virtual/krb5 ) ldap? ( net-nds/openldap ) static? ( sctp? ( net-misc/lksctp-tools[static-libs(+)] ) selinux? ( >=sys-libs/libselinux-1.28[static-libs(+)] ) skey? ( >=sys-auth/skey-1.1.5-r1[static-libs(+)] ) libedit? ( dev-libs/libedit[static-libs(+)] ) >=dev-libs/openssl-0.9.6d:0[bindist=] dev-libs/openssl[static-libs(+)] >=sys-libs/zlib-1.2.3[static-libs(+)] ldns? ( !bindist? ( net-libs/ldns[ecdsa,ssl,static-libs(+)] ) bindist? ( net-libs/ldns[-ecdsa,ssl,static-libs(+)] ) ) ) virtual/pkgconfig virtual/os-headers sys-devel/autoconf !<sys-devel/gettext-0.18.1.1-r3 || ( >=sys-devel/automake-1.13:1.13 >=sys-devel/automake-1.14:1.14 ) >=sys-devel/autoconf-2.69 >=sys-devel/libtool-2.4 virtual/pkgconfig
DESCRIPTION=Port of OpenBSD's free SSH release
EAPI=4
HOMEPAGE=http://www.openssh.org/
IUSE=bindist +hpn kerberos kernel_linux ldap ldns libedit pam +pie sctp selinux skey static X X509
KEYWORDS=~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~arm-linux ~x86-linux
LICENSE=BSD GPL-2
RDEPEND=!static? ( sctp? ( net-misc/lksctp-tools ) selinux? ( >=sys-libs/libselinux-1.28 ) skey? ( >=sys-auth/skey-1.1.5-r1 ) libedit? ( dev-libs/libedit ) >=dev-libs/openssl-0.9.6d:0[bindist=] dev-libs/openssl >=sys-libs/zlib-1.2.3 ldns? ( !bindist? ( net-libs/ldns[ecdsa,ssl] ) bindist? ( net-libs/ldns[-ecdsa,ssl] ) ) ) pam? ( virtual/pam ) kerberos? ( virtual/krb5 ) ldap? ( net-nds/openldap ) pam? ( >=sys-auth/pambase-20081028 ) userland_GNU? ( virtual/shadow ) X? ( x11-apps/xauth )
REQUIRED_USE=pie? ( !static )
SLOT=0
SRC_URI=mirror://openbsd/OpenSSH/portable/openssh-6.7p1.tar.gz mirror://gentoo/openssh-6.7_p1-sctp.patch.xz hpn? ( mirror://gentoo/openssh-6.7p1-hpnssh14v5.tar.xz http://dev.gentoo.org/~vapier/dist/openssh-6.7p1-hpnssh14v5.tar.xz mirror://sourceforge/hpnssh/openssh-6.7p1-hpnssh14v5.tar.xz ) ldap? ( mirror://gentoo/openssh-lpk-6.7p1-0.3.14.patch.xz ) X509? ( http://roumenpetrov.info/openssh/x509-8.2/openssh-6.7p1+x509-8.2.diff.gz )
_eclasses_=autotools c118b9a8e93bfef124f2d7a2fe56a95e eutils 6faef4c127028ccbba3a11400d24ae34 flag-o-matic eda1c0b5ba85b3eeb555a071d69eb819 libtool 52d0e17251d04645ffaa61bfdd858944 multilib 3bf24e6abb9b76d9f6c20600f0b716bf pam aa1ebb3ab720ea04dbbdd6eaaf9554ed systemd 090342761f573a8280dd5aa6b0345f3b toolchain-funcs 0dfbfa13f57c6184f4728d12ac002aac user f54e098dd38ba1c0847a13e685b87747 versionator cd0bcdb170807e4a1984115e9d53a26f
_md5_=cce2c1d88bb21956b474c1f2c057ff08

View File

@ -0,0 +1,14 @@
DEFINED_PHASES=configure install postinst preinst prepare setup test
DEPEND=!static? ( sctp? ( net-misc/lksctp-tools ) selinux? ( >=sys-libs/libselinux-1.28 ) skey? ( >=sys-auth/skey-1.1.5-r1 ) libedit? ( dev-libs/libedit ) >=dev-libs/openssl-0.9.6d:0[bindist=] dev-libs/openssl >=sys-libs/zlib-1.2.3 ldns? ( !bindist? ( net-libs/ldns[ecdsa,ssl] ) bindist? ( net-libs/ldns[-ecdsa,ssl] ) ) ) pam? ( virtual/pam ) kerberos? ( virtual/krb5 ) ldap? ( net-nds/openldap ) static? ( sctp? ( net-misc/lksctp-tools[static-libs(+)] ) selinux? ( >=sys-libs/libselinux-1.28[static-libs(+)] ) skey? ( >=sys-auth/skey-1.1.5-r1[static-libs(+)] ) libedit? ( dev-libs/libedit[static-libs(+)] ) >=dev-libs/openssl-0.9.6d:0[bindist=] dev-libs/openssl[static-libs(+)] >=sys-libs/zlib-1.2.3[static-libs(+)] ldns? ( !bindist? ( net-libs/ldns[ecdsa,ssl,static-libs(+)] ) bindist? ( net-libs/ldns[-ecdsa,ssl,static-libs(+)] ) ) ) virtual/pkgconfig virtual/os-headers sys-devel/autoconf !<sys-devel/gettext-0.18.1.1-r3 || ( >=sys-devel/automake-1.13:1.13 >=sys-devel/automake-1.14:1.14 ) >=sys-devel/autoconf-2.69 >=sys-devel/libtool-2.4 virtual/pkgconfig
DESCRIPTION=Port of OpenBSD's free SSH release
EAPI=4
HOMEPAGE=http://www.openssh.org/
IUSE=bindist +hpn kerberos kernel_linux ldap ldns libedit pam +pie sctp selinux skey static X X509
KEYWORDS=~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~arm-linux ~x86-linux
LICENSE=BSD GPL-2
RDEPEND=!static? ( sctp? ( net-misc/lksctp-tools ) selinux? ( >=sys-libs/libselinux-1.28 ) skey? ( >=sys-auth/skey-1.1.5-r1 ) libedit? ( dev-libs/libedit ) >=dev-libs/openssl-0.9.6d:0[bindist=] dev-libs/openssl >=sys-libs/zlib-1.2.3 ldns? ( !bindist? ( net-libs/ldns[ecdsa,ssl] ) bindist? ( net-libs/ldns[-ecdsa,ssl] ) ) ) pam? ( virtual/pam ) kerberos? ( virtual/krb5 ) ldap? ( net-nds/openldap ) pam? ( >=sys-auth/pambase-20081028 ) userland_GNU? ( virtual/shadow ) X? ( x11-apps/xauth )
REQUIRED_USE=pie? ( !static )
SLOT=0
SRC_URI=mirror://openbsd/OpenSSH/portable/openssh-6.7p1.tar.gz mirror://gentoo/openssh-6.7_p1-sctp.patch.xz hpn? ( mirror://gentoo/openssh-6.7p1-hpnssh14v5.tar.xz http://dev.gentoo.org/~vapier/dist/openssh-6.7p1-hpnssh14v5.tar.xz mirror://sourceforge/hpnssh/openssh-6.7p1-hpnssh14v5.tar.xz ) ldap? ( mirror://gentoo/openssh-lpk-6.7p1-0.3.14.patch.xz ) X509? ( http://roumenpetrov.info/openssh/x509-8.2/openssh-6.7p1+x509-8.2.diff.gz )
_eclasses_=autotools c118b9a8e93bfef124f2d7a2fe56a95e eutils 6faef4c127028ccbba3a11400d24ae34 flag-o-matic eda1c0b5ba85b3eeb555a071d69eb819 libtool 52d0e17251d04645ffaa61bfdd858944 multilib 3bf24e6abb9b76d9f6c20600f0b716bf pam aa1ebb3ab720ea04dbbdd6eaaf9554ed systemd 090342761f573a8280dd5aa6b0345f3b toolchain-funcs 0dfbfa13f57c6184f4728d12ac002aac user f54e098dd38ba1c0847a13e685b87747 versionator cd0bcdb170807e4a1984115e9d53a26f
_md5_=5772ef3fca88f8e864f3b29e1a57d2dd

View File

@ -1,6 +1,122 @@
# ChangeLog for net-misc/openssh # ChangeLog for net-misc/openssh
# Copyright 1999-2014 Gentoo Foundation; Distributed under the GPL v2 # Copyright 1999-2015 Gentoo Foundation; Distributed under the GPL v2
# $Header: /var/cvsroot/gentoo-x86/net-misc/openssh/ChangeLog,v 1.521 2014/04/25 07:11:59 polynomial-c Exp $ # $Header: /var/cvsroot/gentoo-x86/net-misc/openssh/ChangeLog,v 1.544 2015/02/27 22:06:53 chutzpah Exp $
*openssh-6.7_p1-r4 (27 Feb 2015)
27 Feb 2015; Patrick McLean <chutzpah@gentoo.org>
+files/openssh-6.7_p1-xmalloc-include.patch, +openssh-6.7_p1-r4.ebuild:
Add patch to fix crasher bug triggered on hardened x86_64 machines with
USE=X509 and ancient clients.
31 Jan 2015; Lars Wendler <polynomial-c@gentoo.org>
-openssh-6.6_p1-r1.ebuild, -openssh-6.6.1_p1-r4.ebuild,
-openssh-6.7_p1-r1.ebuild, -openssh-6.7_p1-r2.ebuild,
-files/openssh-5.9_p1-sshd-gssapi-multihomed.patch,
-files/openssh-6.3_p1-x509-glue.patch,
-files/openssh-6.5_p1-hpn-cipher-align.patch,
-files/openssh-6.6_p1-openssl-ignore-status.patch,
-files/openssh-6.6.1_p1.patch, -files/openssh-6.6_p1-x509-glue.patch,
-files/openssh-6.6_p1-x509-hpn14v4-glue-p2.patch:
Removed old (and vulnerable) versions.
31 Dec 2014; Mike Frysinger <vapier@gentoo.org> openssh-6.7_p1.ebuild:
Mark arm64/m68k/s390/sh stable.
31 Dec 2014; Mike Frysinger <vapier@gentoo.org> openssh-6.7_p1-r3.ebuild,
openssh-6.7_p1.ebuild:
Note the removal of USE=tcpd support due to upstream #533462 by Martin
Mokrejš.
06 Dec 2014; Agostino Sarubbo <ago@gentoo.org> openssh-6.7_p1.ebuild:
Stable for ia64, wrt bug #505942
04 Dec 2014; Agostino Sarubbo <ago@gentoo.org> openssh-6.7_p1.ebuild:
Stable for ppc64, wrt bug #505942
03 Dec 2014; Agostino Sarubbo <ago@gentoo.org> openssh-6.7_p1.ebuild:
Stable for ppc, wrt bug #505942
02 Dec 2014; Agostino Sarubbo <ago@gentoo.org> openssh-6.7_p1.ebuild:
Stable for alpha, wrt bug #505942
01 Dec 2014; Agostino Sarubbo <ago@gentoo.org> openssh-6.7_p1.ebuild:
Stable for sparc, wrt bug #505942
29 Nov 2014; Markus Meier <maekke@gentoo.org> openssh-6.7_p1.ebuild:
arm stable, bug #505942
29 Nov 2014; Agostino Sarubbo <ago@gentoo.org> openssh-6.7_p1.ebuild:
Stable for x86, wrt bug #505942
29 Nov 2014; Agostino Sarubbo <ago@gentoo.org> openssh-6.7_p1.ebuild:
Stable for amd64, wrt bug #505942
*openssh-6.7_p1-r3 (25 Nov 2014)
25 Nov 2014; Patrick McLean <chutzpah@gentoo.org> +openssh-6.7_p1-r3.ebuild:
Revision bump, make the /var/run -> /run move only apply when kernel_linux is
on, /run is a Linux-ism.
*openssh-6.7_p1-r2 (24 Nov 2014)
24 Nov 2014; Patrick McLean <chutzpah@gentoo.org> +openssh-6.7_p1-r2.ebuild:
Revision bump, migrate /var/run to /run.
*openssh-6.7_p1-r1 (24 Nov 2014)
24 Nov 2014; Patrick McLean <chutzpah@gentoo.org> +openssh-6.7_p1-r1.ebuild,
+files/openssh-6.7_p1-sctp-x509-glue.patch,
+files/openssh-6.7_p1-x509-glue.patch:
Revision bump, add the X509 version 8.2 patch.
24 Nov 2014; Jeroen Roovers <jer@gentoo.org> openssh-6.7_p1.ebuild:
Stable for HPPA (bug #505942).
16 Nov 2014; Mike Frysinger <vapier@gentoo.org> openssh-6.7_p1.ebuild:
Pull in lksctp-tools for USE=sctp #529436 by Michał Górny.
*openssh-6.7_p1 (15 Nov 2014)
15 Nov 2014; Mike Frysinger <vapier@gentoo.org>
+files/openssh-6.7_p1-openssl-ignore-status.patch,
+files/openssh-6.7_p1-sshd-gssapi-multihomed.patch, +openssh-6.7_p1.ebuild,
metadata.xml:
Version bump #524662 by Lars Wendler.
15 Nov 2014; Mike Frysinger <vapier@gentoo.org> openssh-6.6.1_p1-r4.ebuild:
Add USE=pie to control building sshd as a PIE #504764 by David Kredba. Reject
pie/static USE combos #507434 by Alexander Hof.
*openssh-6.6.1_p1-r4 (28 Sep 2014)
28 Sep 2014; Lars Wendler <polynomial-c@gentoo.org>
-openssh-6.6.1_p1-r2.ebuild, -openssh-6.6.1_p1-r3.ebuild,
+openssh-6.6.1_p1-r4.ebuild,
-files/openssh-6.6.1_p1-x509-hpn14v4-glue-p2.patch:
Fixed bug value assigned for SSH_BUG_LARGEWINDOW with
openssh-6.6.1p1-hpnssh14v5 patch (bug #523962).
*openssh-6.6.1_p1-r3 (08 Sep 2014)
08 Sep 2014; Lars Wendler <polynomial-c@gentoo.org>
+openssh-6.6.1_p1-r3.ebuild, +files/openssh-6.6.1_p1-x509-glue.patch,
+files/openssh-6.6.1_p1-x509-hpn14v5-glue.patch:
Bumped hpn patch to 14v5 and X509 patch to version 8.0.
*openssh-6.6.1_p1-r2 (04 Aug 2014)
04 Aug 2014; Lars Wendler <polynomial-c@gentoo.org>
-openssh-6.6.1_p1-r1.ebuild, +openssh-6.6.1_p1-r2.ebuild:
Fixed version number reported by openssh. Thanks to Luis Ressel for reporting
this in bug #519078.
*openssh-6.6.1_p1-r1 (04 Aug 2014)
04 Aug 2014; Lars Wendler <polynomial-c@gentoo.org> -openssh-6.6.1_p1.ebuild,
+openssh-6.6.1_p1-r1.ebuild, files/openssh-6.6.1_p1.patch:
Fixed mistakenly replaced @ char. Thanks to Luis Ressel for reporting this in
bug #519076.
*openssh-6.6.1_p1 (25 Apr 2014) *openssh-6.6.1_p1 (25 Apr 2014)

View File

@ -2,44 +2,44 @@
Hash: SHA256 Hash: SHA256
AUX openssh-4.7_p1-GSSAPI-dns.patch 4494 SHA256 88a08f349258d4be5b2faa838a89fe1aa0196502990b745ac0e3a70dda30a0d7 SHA512 4d00a9ed79f66b92502c3e5ee580523f63d7b3643fe1bd330ff97994acce527d4d285d38199cef66eddc0ef68afabf7b268abc60cba871bac5d2e99045d4ac11 WHIRLPOOL 2f118fd2f016c529dbc31e8f2b6b418931e6770ab02c28b7feeaba93e84e7fcd1c742f4420a43a9fec0bdfaa4d4bc7cf14fb860c0a56c68a30e7b136fb60bcdb AUX openssh-4.7_p1-GSSAPI-dns.patch 4494 SHA256 88a08f349258d4be5b2faa838a89fe1aa0196502990b745ac0e3a70dda30a0d7 SHA512 4d00a9ed79f66b92502c3e5ee580523f63d7b3643fe1bd330ff97994acce527d4d285d38199cef66eddc0ef68afabf7b268abc60cba871bac5d2e99045d4ac11 WHIRLPOOL 2f118fd2f016c529dbc31e8f2b6b418931e6770ab02c28b7feeaba93e84e7fcd1c742f4420a43a9fec0bdfaa4d4bc7cf14fb860c0a56c68a30e7b136fb60bcdb
AUX openssh-5.9_p1-sshd-gssapi-multihomed.patch 6622 SHA256 f5ae8419023d9e5f64c4273e43d60664d0079b5888ed999496038f295852e0ae SHA512 ffa45e97e585c8624792e039e7571b2bb5f38e4554de8bfc1d532f3348fa4a712ea1b6ca054e6a59ed1321a15cf1a9d3bdf3f399cec315346db89bae77abf57d WHIRLPOOL cc4871e3fb91a8075a13b5e49d7d3e0e83106bae0820ae3cf19d3427aad3d701b8f25b2cc2cc881a6315f8e5114fb82da9ca335acccb24afe221d66574fb7685
AUX openssh-6.3_p1-x509-glue.patch 555 SHA256 1166dba2fe590dfee70119ce6dd79f535d7146d0afb8d36bf7a28505ba93a273 SHA512 1a3c2467215dde959fecdd563069d605f29632a7ffc385039a6fc90b2317ca56d463d0abb91a8bb594d321f64456f75a973bb62625deebe92f8787439416b82d WHIRLPOOL f894d19843a3c018efbe3ed365c8abbee52b1d7a3afea11b292a085996fef8d3cc9889a0e6ae596d4db876ed96efcb73d1823a677eac6779f8793c2fb3677cda
AUX openssh-6.3_p1-x509-hpn14v2-glue.patch 1451 SHA256 d7179b3c16edd065977aaf56a410e2b9b237206fb619474f312972b430b73c8d SHA512 02577e3f718ff994bb4e962189f17048b4c03104d0a1981683f3c6a1d6d30701db368e132102c8396da2c0f5eb2f6602b26f32f74d19382af34bd9a93fc508f3 WHIRLPOOL b7d224d71634f380bd31b3a1dd3e588a29582255f717a6a308738ad58b485b693d827a53704479995ec2ebca53c9dc9b2113d8de52a1336b67ce83943f946b77 AUX openssh-6.3_p1-x509-hpn14v2-glue.patch 1451 SHA256 d7179b3c16edd065977aaf56a410e2b9b237206fb619474f312972b430b73c8d SHA512 02577e3f718ff994bb4e962189f17048b4c03104d0a1981683f3c6a1d6d30701db368e132102c8396da2c0f5eb2f6602b26f32f74d19382af34bd9a93fc508f3 WHIRLPOOL b7d224d71634f380bd31b3a1dd3e588a29582255f717a6a308738ad58b485b693d827a53704479995ec2ebca53c9dc9b2113d8de52a1336b67ce83943f946b77
AUX openssh-6.5_p1-hpn-cipher-align.patch 3024 SHA256 c79e3a201b2150e2fbc1e869233bac6acc27b2b126d4539cc09aa651fb2e60af SHA512 6efc2fa5f0e9b508e162bf20ab21d2c639888250387fa58ec0d812c7b1db125d8c654a0286a8ffc0d5530e5f0ec0ed723f3a5c0b7bd593b356aee2e811a1f4ec WHIRLPOOL 729c14b8d6f55d789ae2ea0e9cb2e0a4caba62dffced273de5c7254732e94673c1dc2d9e260d56e3a641e03ebab55d61c8ab7541fbf75957855b811def115677 AUX openssh-6.6.1_p1-x509-glue.patch 635 SHA256 381794bdfc4880da4411041ab1f795cba303644b0a35e88f0f452fca8c2bfbb8 SHA512 6d3adefc5449f812052221b69c588f9948e6116dd5c5644db4e0426264f06fd9a15f04364c2484ce03267f4a84b8806de7d7a7c9140538d73be9e7b50f4eeb47 WHIRLPOOL 823249e96f7175eef09f86dbcc67f6158c23f453eaa940a33c18a838389204cd3a43f5dccd39b6004e05cb05ea327d33be91c2ee1eb4525f13dc29e6943ea6b6
AUX openssh-6.6.1_p1-x509-hpn14v4-glue-p2.patch 1003 SHA256 e22812a235d2d9ad5bfe0e92dce104429031c8c7d3cfd1bef271e68dd30545c7 SHA512 16dacf6caa5bd622274b08d643a55fbb47f234481a72e4de6989355fd8580cde3d55e2039fab925e72c9f5a7fcf8de7c2f1c5281454df1cb190c966bc1a06ced WHIRLPOOL 093386515423ef78ea39de1657b2b8688e51147172457ea3253fd469b3b3d9f364565a21f979cf99876a3de75cdc5e9a97f743fdedca429e4181f021a7dac224 AUX openssh-6.6.1_p1-x509-hpn14v5-glue.patch 1003 SHA256 a8506f57fb67be25fcba9ee462abc083876f3524b442428a07cf0bbe78735bf5 SHA512 d63eba36ea8488de8bd77fd0b2d005a208f8cf77ae6cf161a063d7efb049b66c7d9f8a12e8fb2f85b73276ba07e52d766bbae26dfd5f2a8537cdd7d991ba94aa WHIRLPOOL a52b2ddbd65bbee865b9fee8dcac6d29cf3a7af61431550bc2f32f9b147bc03fb448cf65e56531c11ec6bb2361515b47a6d9c13db62723e631ea0ef3fc937f6c
AUX openssh-6.6.1_p1.patch 5817 SHA256 94304e311d7e290d97ba017d07fc89ba7de46af9f9918b5594bcaf8f25567661 SHA512 0cd29a21beb038d1f4093d0872ad477942113e9c991153d3c80ee8aa02c1e7c7108c6c8f85bb097bc0f9f46ef6e05f7ce4c6ee1a55cda1ee39886a5d0304f606 WHIRLPOOL b464f6e93b4036ec87652e3489b45fc15a821264a7458177091637fd0195ffbe36abff4da3afc84927dd73773402a0e7b1c2c4af2532b1d710d820247526c635 AUX openssh-6.7_p1-openssl-ignore-status.patch 765 SHA256 b068cc30d4bce5c457cea78233396c9793864ec909f810dd0be87d913673433a SHA512 ab15d6dfdb8d59946684501f6f30ac0eb82676855b7b57f19f2027a7ada072f9062fcb96911111a50cfc3838492faddd282db381ec83d22462644ccddccf0ae7 WHIRLPOOL c0a4ff69d65eeb40c1ace8d5be6f8e59044a8f16dc6b37e87393e79ab80935abf30a9d2a6babc043aba0477f5f79412e1ae5d373daba580178fd85ca1f60e60b
AUX openssh-6.6_p1-openssl-ignore-status.patch 741 SHA256 604b0a5365c1b01c9ab26bf1a60acfe43246e1e44e2f0e78d7ec1e47856599e4 SHA512 578afe9ddb836d16d90eb8b0cf10e9282d9c5c5e639962034490cec0aab1bf98cae9b46fe7850446d0cdd93e848d98ca7ed0bdf2bfec6aad418f4c962d4ea08d WHIRLPOOL d30c079eee59281aa87935ad948c59a4c01f858b88d701575d58737cfe555a5229a5f921bfebe34a69dcd15d2dc5efc062050d183ad5a90180aed4e5b3cdadf4 AUX openssh-6.7_p1-sctp-x509-glue.patch 1326 SHA256 42eb87eda1685e19add23c1304f17dabd99a1a38a57bfe2bfbb70ab85f6d385e SHA512 7f014e2b1893a5240680e2e14475d61b9b6047d1be3fe404d5971a899c122cc624546e9e5b31bfee5905cf7b4605a0871c3b00ed5c2bd28d84755a49392e1a69 WHIRLPOOL 8d6888163068dbc486bc4eff0dd7d4053f68b9848347eb520dd7d382b0b8c74e3016f7f3ed401c2c2dfd48e73a9077fb9777d39c0f236cc500c53393be426b42
AUX openssh-6.6_p1-x509-glue.patch 556 SHA256 b37b83b058ff9fb25742d202e0169afc204f135012624bb2811dcacfa9fb346b SHA512 e9535477fe4b0232d2a06edb9f73d8c50baa77ddcffd166624ea8352f298ad119622347c62c1d1e555318e9e6c7d981d2e9b03c388281b6347943861e8813aea WHIRLPOOL 4f01d975e598ce0fe2160e52dbd8251fd5cdf95880d1ef09b730457620f48038156d4bf21c0810978bfc65c9feb90cdfed97aa20018bc175759096dcd3a044d0 AUX openssh-6.7_p1-sshd-gssapi-multihomed.patch 5489 SHA256 d2a1735b523709a4b4ceaa57862ecb21a95656678bacc5b7da59dc46187ad997 SHA512 a8b8d2c2ab4520c8c7315f6130ee44fec48935a129ce7c7e51a068a4de2c7528980437246b61e4abc4cff614466f8054c554cdbaad4eb0d1f4afcfb434c30bbc WHIRLPOOL e4b97398c324360576a04792357f66be3ed9f17e4113f75275f8422ee0b7ecf28073c7cde01a63e24fa0901b14db822d22d7d2c5936bbee3bd5874a867066967
AUX openssh-6.6_p1-x509-hpn14v4-glue-p2.patch 999 SHA256 748f7caa953028da111d6f18ba91652a4821bc9bca60f5d4a90a6501c0098853 SHA512 d1b3790fc164c803e81c803b9e19e0bc351d2b9f353edb1d3531139898b372731b46fab5974a084830b2bab889b06fa33ce23b7d941f7d61da073c1bbfc5ff51 WHIRLPOOL c1d674b8e1cdc48dd0d8b2e7c8bf8e68cec757578f1217555e37eda8723e83e93b2ce183462499ad2165723eca2350544f810a1d6ec95ce4537a527f7918f117 AUX openssh-6.7_p1-x509-glue.patch 1633 SHA256 58031e90e0bf220028934ab590af6ccfc45722629b2416df13d84f10c9b94478 SHA512 364ca0280be5cc83d1dedf7727323fd5fc0093c6dbcf9cc8ccaa30ee754b866584be28da1166953f03faf8745d6364e33fad7daad9be9a29681a8674eb9d292b WHIRLPOOL b79a6cff897be78793bbf2ca03154103aa1380647b8c53e104155fd68122568a8e7dea23996213b192e4269f980b1035d3ca395dbd2c318fd81a45f44d110c31
AUX openssh-6.7_p1-xmalloc-include.patch 390 SHA256 ea43a6a211d8cae4a078b748736f43d4a9d11804ace65886dec826b878dec28e SHA512 b51d9149418217828bdc53c234e248f8be1703b480ccf808814d37cd2589bccdbecff0046d2f2d0e4626420d0d4c2e02d25a9cc07ae31b365cd0b848ccc02035 WHIRLPOOL 04b298eb481fef585b055eb3d706cca55ad6efed6168246f0031e5f614085ae5e70cbb77717047d6c70d7d13a6846657e4a0089d4b8cdf5d9d05652ee22f7209
AUX sshd.confd 396 SHA256 29c6d57ac3ec6018cadc6ba6cd9b90c9ed46e20049b970fdcc68ee2481a2ee41 SHA512 b9ae816af54a55e134a9307e376f05367b815f1b3fd545c2a2c312d18aedcf907f413e8bad8db980cdd9aad4011a72a79e1e94594f69500939a9cb46287f2f81 WHIRLPOOL 69f43e6192e009a4663d130f7e40ee8b13c6eb9cc7d960b5e0e22f5d477649c88806a9d219efef211f4346582c2bb51e40d230a8191e5953dbe08bfff976ae53 AUX sshd.confd 396 SHA256 29c6d57ac3ec6018cadc6ba6cd9b90c9ed46e20049b970fdcc68ee2481a2ee41 SHA512 b9ae816af54a55e134a9307e376f05367b815f1b3fd545c2a2c312d18aedcf907f413e8bad8db980cdd9aad4011a72a79e1e94594f69500939a9cb46287f2f81 WHIRLPOOL 69f43e6192e009a4663d130f7e40ee8b13c6eb9cc7d960b5e0e22f5d477649c88806a9d219efef211f4346582c2bb51e40d230a8191e5953dbe08bfff976ae53
AUX sshd.pam_include.2 156 SHA256 166136e27d653e0bf481a6ca79fecb7d9fa2fc3d597d041f97df595f65a8193c SHA512 d3f7e6ca8c9f2b5060ebccb259316bb59c9a7e158e8ef9466765a20db263a4043a590811f1a3ab072b718dbd70898bc69b77e0b19603d7f394b5ac1bd0a4a56c WHIRLPOOL ba7a0a8c3bb39c5fda69de34b822a19696398e0a8789211ac1faae787ee34f9639eb35efe29c67f874b5f9fe674742503e570f441c005974f4a0c93468b8970b AUX sshd.pam_include.2 156 SHA256 166136e27d653e0bf481a6ca79fecb7d9fa2fc3d597d041f97df595f65a8193c SHA512 d3f7e6ca8c9f2b5060ebccb259316bb59c9a7e158e8ef9466765a20db263a4043a590811f1a3ab072b718dbd70898bc69b77e0b19603d7f394b5ac1bd0a4a56c WHIRLPOOL ba7a0a8c3bb39c5fda69de34b822a19696398e0a8789211ac1faae787ee34f9639eb35efe29c67f874b5f9fe674742503e570f441c005974f4a0c93468b8970b
AUX sshd.rc6.4 2313 SHA256 97221a017d8ee9de996277c5a794d973a0b5e8180c29c97b3652bd1984a7b5d0 SHA512 88826bc9923299ac4c1502e7076483d6c197fd5a0e693bc2e1690f82bcd7d1bbd144aae2ffd92acb28d6fe912233aa93346e00c72917de65c22811ce9cd5bff7 WHIRLPOOL a77bad5891eb74770ae12e79131a99e5645a83841d14f1d60e39581a23b9d86e66b2e5fb7d0c989afac410eb5c6a627b83389d54085d1b78c89fc07852f8eb66 AUX sshd.rc6.4 2313 SHA256 97221a017d8ee9de996277c5a794d973a0b5e8180c29c97b3652bd1984a7b5d0 SHA512 88826bc9923299ac4c1502e7076483d6c197fd5a0e693bc2e1690f82bcd7d1bbd144aae2ffd92acb28d6fe912233aa93346e00c72917de65c22811ce9cd5bff7 WHIRLPOOL a77bad5891eb74770ae12e79131a99e5645a83841d14f1d60e39581a23b9d86e66b2e5fb7d0c989afac410eb5c6a627b83389d54085d1b78c89fc07852f8eb66
AUX sshd.service 242 SHA256 1351c43fe8287f61255ace9fa20790f770d69296b4dd31b0c583983d4cc59843 SHA512 77f50c85a2c944995a39819916eb860cfdc1aff90986e93282e669a0de73c287ecb92d550fd118cfcc8ab538eab677e0d103b23cd959b7e8d9801bc37250c39c WHIRLPOOL 0f5c48d709274c526ceee4f26e35dcb00816ffa9d6661acc1e4e462acb38c3c6108b0e87783eff9da1b1868127c5550c57a5a0a9d7270b927ac4b92191876989 AUX sshd.service 242 SHA256 1351c43fe8287f61255ace9fa20790f770d69296b4dd31b0c583983d4cc59843 SHA512 77f50c85a2c944995a39819916eb860cfdc1aff90986e93282e669a0de73c287ecb92d550fd118cfcc8ab538eab677e0d103b23cd959b7e8d9801bc37250c39c WHIRLPOOL 0f5c48d709274c526ceee4f26e35dcb00816ffa9d6661acc1e4e462acb38c3c6108b0e87783eff9da1b1868127c5550c57a5a0a9d7270b927ac4b92191876989
AUX sshd.socket 136 SHA256 c055abcd10c5d372119cbc3708661ddffccdee7a1de1282559c54d03e2f109d9 SHA512 4d31d373b7bdae917dc0cf05418c71d4743e98e354aefcf055f88f55c9c644a5a0e0e605dbb8372c1b98d17c0ea1c8c0fee27d38ab8dbe23c7e420a6a78c6d42 WHIRLPOOL 102d87b708c31e5994e8005437c78b1aa756c6def4ee9ae2fa9be1438f328fc28c9152a4ff2528941be18f1311594490ecd98b66716ec74e970aa3725a98e2e5 AUX sshd.socket 136 SHA256 c055abcd10c5d372119cbc3708661ddffccdee7a1de1282559c54d03e2f109d9 SHA512 4d31d373b7bdae917dc0cf05418c71d4743e98e354aefcf055f88f55c9c644a5a0e0e605dbb8372c1b98d17c0ea1c8c0fee27d38ab8dbe23c7e420a6a78c6d42 WHIRLPOOL 102d87b708c31e5994e8005437c78b1aa756c6def4ee9ae2fa9be1438f328fc28c9152a4ff2528941be18f1311594490ecd98b66716ec74e970aa3725a98e2e5
AUX sshd_at.service 176 SHA256 332f5ffc30456fe2494095c2aabd1e6e02075ce224e2d49708ac7ccf6d341998 SHA512 662a9c2668902633e6dbcb9435ac35bec3e224afdb2ab6a1df908618536ae9fc1958ba1d611e146c01fddb0c8f41eefdc26de78f45b7f165b1d6b2ee2f23be2a WHIRLPOOL aeb32351380dd674ef7a2e7b537f43116c189f7fddb8bdb8b2c109e9f62b0a73cc0f29f2d46270e658ab6409b8d3671ce9e0d0ba7c0d3674c2f85291a73e6df1 AUX sshd_at.service 176 SHA256 332f5ffc30456fe2494095c2aabd1e6e02075ce224e2d49708ac7ccf6d341998 SHA512 662a9c2668902633e6dbcb9435ac35bec3e224afdb2ab6a1df908618536ae9fc1958ba1d611e146c01fddb0c8f41eefdc26de78f45b7f165b1d6b2ee2f23be2a WHIRLPOOL aeb32351380dd674ef7a2e7b537f43116c189f7fddb8bdb8b2c109e9f62b0a73cc0f29f2d46270e658ab6409b8d3671ce9e0d0ba7c0d3674c2f85291a73e6df1
DIST openssh-6.6.1p1-hpnssh14v4.diff.xz 20952 SHA256 cd65166bbc5d0790d4e60fcac592c2b1861171bdaaf31f56ac2a30e8cdf2b4bc SHA512 0867a935f88bd4d34616658d965ed9a6947b0653e455c7398297be1958bad970de76aa47563f0d44244d006c039e040498ce922e904b8d9ca9a5f1ef7704616c WHIRLPOOL 8a84968ceb062a13ad58b95b5e0bf9b0efdedd8c0e81d3231aceda3df33e504e39676bc7d2310027ba103f8f04778664bacce09b9e3e1ef76d359f2372329267 DIST openssh-6.7_p1-sctp.patch.xz 7408 SHA256 b33e82309195f2a3f21a9fb14e6da2080b096dcf0d6f1c36c93cdeac683fdd59 SHA512 35da5e58f857e8b24e63b4058e946b71fdf0fecc637cb7af0ba8913869e5aadf8317805838936c84dc24421f03c5c91e1670761bed152fdf325c5a509f1b5d04 WHIRLPOOL cc7bace4aa60d720914e3a6a4ff650b7543d9e4963deab12c19cb5d798547b4fe547690946ff8955e121339e9a3d0ebe06f3ff758cca4bb81a09ac43fc877f58
DIST openssh-6.6p1+x509-7.9.diff.gz 224691 SHA256 463473f75c1dc250ea4eda21f2c79df6f0b479ea499d044cb51d73073881ca34 SHA512 dc9ee7f0589aa0ba8d3c1c40c505f99a811845d8952bf6bf6b8bd3a00ef4813f3b71db32aadf252d7a320a8bf9cdcdf30b71292869d7830cc42f15ce3d1f3c49 WHIRLPOOL 61158e0dac934d375758904382882e7cd276d076a95ba2be32d03f4a7c7969943bd8d63c269ff16ab78928d7c97465f6e417730be14b5efacf64a029e2f950d7 DIST openssh-6.7p1+x509-8.2.diff.gz 241798 SHA256 85acfcd560b40d4533b82a4e3f443b7137b377868bab424dacdf00581c83240f SHA512 d33ece7ddf382235b032875cf961845b308dc5e4cd1888cb68fee11c95066bb90938f9043cb9410f372efb578b61dfd5d50341da95a92fab5a4c209ac54e1f5e WHIRLPOOL b1fe2b88f0e77312099171f5c83dc670abc4c40d215fdff1e43161e44f806de9e0537cfa3a0001e1c7bbc0d0aed555079455f88b8ff313b00d8e9a19dabcb7d8
DIST openssh-6.6p1-hpnssh14v4.diff.xz 20932 SHA256 16dcc68c399990ec0c801d421d022ceeae0e3aec1e6ffd3fecc5e2f4768cc91b SHA512 7900ccf5ba5fcef5e6f3ed1b3263ad348a4bf63879905bbf9ce5212af64c7f4dae396989c67361ef1b5dfaf97a2d340b3bf75bf37f206b9a18ebee5d84044e2d WHIRLPOOL 163ce9e319cef4dcaf6f38f42afc3b75c6e89c38b43c04189c64c72b4b58bc3f9d7042c7b67243879c87cbe410a607296917e94ff042df2c0a29f2ef82792774 DIST openssh-6.7p1-hpnssh14v5.tar.xz 25652 SHA256 7284db65548b6b04142930da86972f96b1f5aa8ad3fc125134412f904f369d7e SHA512 21929805f40c79684ee3ecdb2b495d3204dca90b932aa633c4e0f6a093a417259cdeee10b3e49f3dff426febc6792f45ee23cc0688f05bf047630f3016e0926a WHIRLPOOL 5515cd4c745b061a3e92ac03e8121fb3ffc4b2ff116140625ca7ab2c0211c673b6345e5b08134df8b1743e03f9964017e789e1f0b9da99a0fd5970e14665e681
DIST openssh-6.6p1.tar.gz 1282502 SHA256 48c1f0664b4534875038004cc4f3555b8329c2a81c1df48db5c517800de203bb SHA512 3d3566ed87649882702cad52db1adefebfb3ef788c9f77a493f99db7e9ca2e8edcde793dd426df7df0aed72a42a31c20a63ef51506111369d3a7c49e0bf6c82b WHIRLPOOL 8630c81481a813a92da9c302d22135fe519fcc4826a892080e5a15368d13a6b47947ef47d53aad0a34e6ea49ce4caccc8f06e8afc2c90db0402fbcc2184efe89 DIST openssh-6.7p1.tar.gz 1351367 SHA256 b2f8394eae858dabbdef7dac10b99aec00c95462753e80342e530bbb6f725507 SHA512 2469dfcd289948374843311dd9e5f7e144ce1cebd4bfce0d387d0b75cb59f3e1af1b9ebf96bd4ab6407dfa77a013c5d25742971053e61cae2541054aeaca559d WHIRLPOOL ac8ce86d0f6c78c4cb3624b480f189f951d508db38b22d7a5550b7302d5277c1c7d18eaa713d52139abc0f77edacfdb03ced2603125e3ddf9bc09c69e6b70518
DIST openssh-lpk-6.5p1-0.3.14.patch.gz 18217 SHA256 ad678f366dd7ef63ee164e29b59a4a4d264de9ddf9ad2c1d59178779e83539f3 SHA512 16f0053663ffc9a0670dbf8956dc070e6891e1e47cb1fbbea9567a6a4368c5500bf7e2ff7a2eb7208e651a0121088c271fb0a6ece62b98d103b3337866374610 WHIRLPOOL 34ee5a67e4cb0eb5d8126fde5469b73e0c81d4a7795cd9849c671922227eb8a6767cecf3097acbff338a47c3a7930b285fa4ecf2ebe74cb2e9186f93ec70c40c DIST openssh-lpk-6.7p1-0.3.14.patch.xz 16920 SHA256 0203e6e44e41d58ec46d1611d7efc985134e662bbee51632c29f43ae809003f0 SHA512 344ccde4a04aeb1500400f779e64b2d8a5ad2970de3c4c343ca9605758e22d3812ef5453cd3221b18ad74a9762583c62417879107e4e1dda1398a6a65bcd04b2 WHIRLPOOL 5b6beeb743d04deea70c8b471a328b5f056fd4651e1370c7882e5d12f54fa2170486dcd6f97aa8c58e80af9a2d4012e2dfbcf53185317976d309783ca8d6cf73
EBUILD openssh-6.6.1_p1.ebuild 9942 SHA256 e22a5d870c7df47061d0afbac2c0c5f11d015a51aad6e7ca6b6f5337e72b97c9 SHA512 1d83572bf34d95687a9c36d2680e3e888d1286762a5300b06d5f81d741802364c056d3b879c79ccb26517d2aec59435a99ba22051aef3e379824b79ee2fe9bcf WHIRLPOOL 29828c94bcdea63fece0a2e7a00ab5594e85cb052cf1177ff9353c5986f494f51b98aae44d1bf9754869a765131b4a74a3f2e2fb20a1e6c93bb293e4d50aa675 EBUILD openssh-6.7_p1-r3.ebuild 10078 SHA256 1a58e95c28b5b938f2f15b3fec5688dc9509bb038805b0348b11ac31ed3c57e0 SHA512 add8eaebb3c91983a7bac78011700c110917dea6409bf46e784d7e17b1891facb3baacaa0bda71eb2c9b6017fbf1a21b5846434fba8d588724da871e7824f498 WHIRLPOOL 47e04a0644a592e29aaa9ac00b03a377e81cdb1d886119c21a77a0a351c0cea34018a24406449faa814c2f06e1c03b43ac16a78983bb4a9f57c36834ad7babcb
EBUILD openssh-6.6_p1-r1.ebuild 9874 SHA256 223b5e4c5d0d3152e8ffadd20e8bcc391620c779749cf6ff235f0d3a857f7409 SHA512 3104586dedfb189adc780bf56cb030f3a9c2427fe07ce340424ea4e279b6335653b2eb38f9d86a8f6ac76360cd94b87d858863fd79b2054763f72ccb83f1a0ed WHIRLPOOL 1bef688d59baf3cf10ce3ab60f3eeb6e6cf875989ffcf711628f56b34a1344838c3a46ae548399c49f11459e5dd2045fcef810691421e69ef02eb92489c22824 EBUILD openssh-6.7_p1-r4.ebuild 10138 SHA256 e4f6c4e80485352cc75e62c0212670a0d7f4a19bcf1eed9972bbeaff8b7a2743 SHA512 fdcd7759a85412bdf05be5003d20289a862f13f945e1972e56a36602df426641ef3497399e06ff0da9a51cf2bd54831b6208ac399d42d3ce3e3b1493ffa7655c WHIRLPOOL ae24dbcc182627c356961f4ce290cb1b489e29fa13beaf27212bd4847a36f02af53a8508320cf2a76be88741297ac7533faf53c1d3b15d70299cff536ae8502f
MISC ChangeLog 86087 SHA256 d228fa486b75ec96ff621d7092a8985963c513a063013c486d66cd999bdf25f6 SHA512 f5bfd7c52aeb31646d0664179210523f02ea72e976c76b9695b17bd32137380465c5b4dc2e469e17ad5e3f02542555748e4aad42d54a56f57699ee36b3858456 WHIRLPOOL 5932b005760a1f9c4695a7493154e1eb0aeab5c5df423229e735d0513699e6a9d1838f87ca89b74bcbda353534ebe30171c257ee6731ccaa0ccd2cf6b78096c7 EBUILD openssh-6.7_p1.ebuild 10067 SHA256 970be3a06c0293262f6c59d068d290cc71935fe91f4295b1352b6c41c46c3bf7 SHA512 f2b689767c8da075f16e9e5d9fe258e22fb4019034539883d63632c1543d3141787883ec7013f87c23d709a554b4f994c4c2f41b1829e5301b55f7a5da3fbf46 WHIRLPOOL 8d70fd99a1f3307b801999a9c80be4bcc603cbc151170160d78a2fa8a50ceb701657cbb0b0eb9ccfe1287bff9299dcffb36f884b860a5ca88ac4a9936b21a574
MISC metadata.xml 1837 SHA256 5f8be0245926a5dc8007dd78594febffc68bbcb45306630d027666872e664050 SHA512 76e044611e16ede9bb9697c0ad448c149131f1f20b84ef1000fb77d6cec954abd48542fd26299a372b4411aa0ecb161ed38396b2c3b5c11c71a4bc247e0b23ed WHIRLPOOL 46c8b0f7911fec3ca086e1601cfab5d03e01a7d8cd2069460975545438f6fa5964f138d19a70ec7db7f1f8c9c0fbb48dcec6ee8269fa9d7b432214e9e3e46806 MISC ChangeLog 90520 SHA256 7c454f72794840d7da66364b62442136c3e91daf02055252c4f92b7cd9199c47 SHA512 572532d5c72adeff37a120419dc58e8d56252dafbc5f1bd8cdb8bf0547b81ddc2878a0b1944d9ff6d51fbabbee61f22c0283b38e09a60293c6ea7303cd4f94c2 WHIRLPOOL bc29ceca24b297a1f3cb2739bd0806564f792d1d58c2c781cbec437a75436b775ac2baf8985404a47fdf3129c9157ee35de18e7d8a50de5c66561df58d50e56b
MISC metadata.xml 1912 SHA256 7b838285f09ad395f237a0d0b9963eee86d0e85b58e6e5b4d5edb093fa888a0a SHA512 e55c10ffd12488720c3da19e55942cfedec63fe767fc1608439b5a3932eeb5488086ad7ef4e1f858c89381e737426f035845ea5e8bede4ed8a0ccabdc656d9b5 WHIRLPOOL 5c07b3dd4a4002cff5df62133ecf570bf79f58e9477d0ad25d60f185ee029183d11118147e3adfec373542659d921e99e787054cfe9284031c974d694de6e9ed
-----BEGIN PGP SIGNATURE----- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (GNU/Linux) Version: GnuPG v2
iQIcBAEBCAAGBQJTWgrAAAoJEPiazRVxLXTFdIkQAIOF7SLpIDS02wx0TP7zs6rv iQIcBAEBCAAGBQJU8OqIAAoJEHy/RO9cNQiDxxsQAKcwgw0LRAp0fN2tCyitm0sW
GLj+3H3PwTN8CteRmm12jUYWZ5xQE2VRdE+l0lbNFhMS3DXkXJjmYSLe41m7iHY4 EQJfzjXV8bzPW1PRIVsru3SR5gkTaeig139jPDswmcxm3EDj+AEvQZW8UU9YnF4P
RrfN9JNXzxOczj2IOOeCU+NYxvCooDVDV59U7zuOGc2jwf/Nfp/DhWETsLXlFnWg o/RXaGkuwquOpvDEoJ4cE1qjIYzUIIsCiaMdBshweD/Gkur+gUOYI892kHuJXPUs
VUE9NmWkVt8e8+RKisHUabBeTKWnQWMSbHx5dFL5C/jTgv4fNqN0132VBYBYc0cO +nTpCMyhcj7mW8Ueu65xvYXxndoJq3z5ULGivex1HEGz2lPLA1TAhIaPoxIjx/dj
a1BufvLt+p6mKHt/Q03Qz0HjrI+IuUupsBVpGukS19A6tMJDJVaBtHclvK5bwsi2 9IVLqw8pZiHYY3pgqqdA880xqIXWNmPPGPFFitt3jUrCR6kisiBLdGF1edIH5+4V
CIV73dDFU6VqVN+YalhOhFkf6pBmUpdVjsSSQfnzvrQV/dZDZtZ0Pt+VgHsomCoq 3aogwWyvdoziiRN9iPtOetZT/q0KRewHUdYyEeKndtXNzb0naINOcR3IjX1RMg0V
2GPpTcyBZXV/HVxUXblhI0zjYFUtmQonO9tsGEd3VDQxTfZaqJmDcRJCI8ok4FoG 3Qcda+RwOnvG2NfsvkcYK59Ar8thQag3+xLEhTHV7K1Sgl7ndXmRA0e/Obj7TH5M
BSM//TUnwMhygdQyF2QacWbxI5ONQM6eUd5/KGwcULzcs5wqYjSZWIwTUq/I7Sqj 0Ql7L/kLkNakpZ8GNv0ZjqX2dAsjdUe0eVYKn/I+2PxIR+aw7Hjz1dtfZnXKKQM1
7ZYcd8oAtwpV8OiOrjs6B7znn/rBR8lBRPDJjeAqtlfAk9Lc8RCoWuNaOkaGsSyI LMoVvQHJz4qR7fFu67edz3PybtOS+4BRy1Lw88I3eg1ql9hhsqQtneD2xXp8us03
rgAR1zWjafgokEIKf56b9ZbIgJGO37v6AIdJiPR3OrKGfbx/r3NtgSWPgfHfmzoj SbuKR3GLnW1o6Ax5VDMkkW0oY2VB9FQQ3pJybkFUzjejo8hn5PG6OiM6aP15iI/Z
g2G2OkGu5VKOL1j6MiZeSjxnFgCZCKo9ZYM1SqPaX+P/Py6f9u9iCuAh1wqEVatR 0GG7VGKasywc52HEj0hq3FI/sgJDmrqk0vPBfxdsdp5e0z8uMZCBhLV5I0MVBTbK
5apVyMiMls/63DWB9U0a Jdi46gtdvo7eCnXY8+Fk
=szWn =nfVc
-----END PGP SIGNATURE----- -----END PGP SIGNATURE-----

View File

@ -1,16 +0,0 @@
make x509 apply after openssh-5.9_p1-sshd-gssapi-multihomed.patch
--- openssh-6.3p1+x509-7.6.diff
+++ openssh-6.3p1+x509-7.6.diff
@@ -14784,10 +14784,9 @@
.It Cm ChallengeResponseAuthentication
Specifies whether challenge-response authentication is allowed (e.g. via
PAM or though authentication styles supported in
-@@ -490,6 +567,16 @@
+@@ -490,5 +567,15 @@
The default is
.Dq yes .
- Note that this option applies to protocol version 2 only.
+.It Cm HostbasedAlgorithms
+Specifies the protocol version 2 algorithms used in
+.Dq hostbased

View File

@ -1,114 +0,0 @@
https://bugs.gentoo.org/498632
make sure we do not use unaligned loads/stores as some arches really hate that.
--- a/cipher-ctr-mt.c
+++ b/cipher-ctr-mt.c
@@ -58,8 +58,16 @@
/* Collect thread stats and print at cancellation when in debug mode */
/* #define CIPHER_THREAD_STATS */
-/* Use single-byte XOR instead of 8-byte XOR */
-/* #define CIPHER_BYTE_XOR */
+/* Can the system do unaligned loads natively? */
+#if defined(__aarch64__) || \
+ defined(__i386__) || \
+ defined(__powerpc__) || \
+ defined(__x86_64__)
+# define CIPHER_UNALIGNED_OK
+#endif
+#if defined(__SIZEOF_INT128__)
+# define CIPHER_INT128_OK
+#endif
/*-------------------- END TUNABLES --------------------*/
@@ -285,8 +293,20 @@ thread_loop(void *x)
static int
ssh_aes_ctr(EVP_CIPHER_CTX *ctx, u_char *dest, const u_char *src,
- u_int len)
+ size_t len)
{
+ typedef union {
+#ifdef CIPHER_INT128_OK
+ __uint128_t *u128;
+#endif
+ uint64_t *u64;
+ uint32_t *u32;
+ uint8_t *u8;
+ const uint8_t *cu8;
+ uintptr_t u;
+ } ptrs_t;
+ ptrs_t destp, srcp, bufp;
+ uintptr_t align;
struct ssh_aes_ctr_ctx *c;
struct kq *q, *oldq;
int ridx;
@@ -301,35 +321,41 @@ ssh_aes_ctr(EVP_CIPHER_CTX *ctx, u_char *dest, const u_char *src,
ridx = c->ridx;
/* src already padded to block multiple */
+ srcp.cu8 = src;
+ destp.u8 = dest;
while (len > 0) {
buf = q->keys[ridx];
+ bufp.u8 = buf;
-#ifdef CIPHER_BYTE_XOR
- dest[0] = src[0] ^ buf[0];
- dest[1] = src[1] ^ buf[1];
- dest[2] = src[2] ^ buf[2];
- dest[3] = src[3] ^ buf[3];
- dest[4] = src[4] ^ buf[4];
- dest[5] = src[5] ^ buf[5];
- dest[6] = src[6] ^ buf[6];
- dest[7] = src[7] ^ buf[7];
- dest[8] = src[8] ^ buf[8];
- dest[9] = src[9] ^ buf[9];
- dest[10] = src[10] ^ buf[10];
- dest[11] = src[11] ^ buf[11];
- dest[12] = src[12] ^ buf[12];
- dest[13] = src[13] ^ buf[13];
- dest[14] = src[14] ^ buf[14];
- dest[15] = src[15] ^ buf[15];
-#else
- *(uint64_t *)dest = *(uint64_t *)src ^ *(uint64_t *)buf;
- *(uint64_t *)(dest + 8) = *(uint64_t *)(src + 8) ^
- *(uint64_t *)(buf + 8);
-#endif
+ /* figure out the alignment on the fly */
+#ifdef CIPHER_UNALIGNED_OK
+ align = 0;
+#else
+ align = destp.u | srcp.u | bufp.u;
+#endif
+
+#ifdef CIPHER_INT128_OK
+ if ((align & 0xf) == 0) {
+ destp.u128[0] = srcp.u128[0] ^ bufp.u128[0];
+ } else
+#endif
+ if ((align & 0x7) == 0) {
+ destp.u64[0] = srcp.u64[0] ^ bufp.u64[0];
+ destp.u64[1] = srcp.u64[1] ^ bufp.u64[1];
+ } else if ((align & 0x3) == 0) {
+ destp.u32[0] = srcp.u32[0] ^ bufp.u32[0];
+ destp.u32[1] = srcp.u32[1] ^ bufp.u32[1];
+ destp.u32[2] = srcp.u32[2] ^ bufp.u32[2];
+ destp.u32[3] = srcp.u32[3] ^ bufp.u32[3];
+ } else {
+ size_t i;
+ for (i = 0; i < AES_BLOCK_SIZE; ++i)
+ dest[i] = src[i] ^ buf[i];
+ }
- dest += 16;
- src += 16;
- len -= 16;
+ destp.u += AES_BLOCK_SIZE;
+ srcp.u += AES_BLOCK_SIZE;
+ len -= AES_BLOCK_SIZE;
ssh_ctr_inc(ctx->iv, AES_BLOCK_SIZE);
/* Increment read index, switch queues on rollover */

View File

@ -1,13 +1,14 @@
Make x509 apply after openssh-5.9_p1-sshd-gssapi-multihomed.patch. Make x509 apply after openssh-5.9_p1-sshd-gssapi-multihomed.patch.
--- openssh-6.6p1+x509-7.9.diff --- openssh-6.6p1+x509-8.0.diff
+++ openssh-6.6p1+x509-7.9.diff +++ openssh-6.6p1+x509-8.0.diff
@@ -15473,10 +15473,9 @@ @@ -16337,10 +16337,10 @@
.It Cm ChallengeResponseAuthentication .It Cm ChallengeResponseAuthentication
Specifies whether challenge-response authentication is allowed (e.g. via Specifies whether challenge-response authentication is allowed (e.g. via
PAM or though authentication styles supported in PAM or though authentication styles supported in
-@@ -499,6 +576,16 @@ -@@ -499,6 +576,16 @@
+@@ -499,5 +576,15 @@ +@@ -514,6 +591,16 @@
+ This facility is provided to assist with operation on multi homed machines.
The default is The default is
.Dq yes . .Dq yes .
- Note that this option applies to protocol version 2 only. - Note that this option applies to protocol version 2 only.

View File

@ -1,13 +1,13 @@
make the hpn patch apply when the x509 patch has also been applied make the hpn patch apply when the x509 patch has also been applied
--- openssh-6.6.1p1-hpnssh14v4.diff --- openssh-6.6.1p1-hpnssh14v5.diff
+++ openssh-6.6.1p1-hpnssh14v4.diff +++ openssh-6.6.1p1-hpnssh14v5.diff
@@ -1742,18 +1742,14 @@ @@ -1742,18 +1742,14 @@
if (options->ip_qos_interactive == -1) if (options->ip_qos_interactive == -1)
options->ip_qos_interactive = IPTOS_LOWDELAY; options->ip_qos_interactive = IPTOS_LOWDELAY;
if (options->ip_qos_bulk == -1) if (options->ip_qos_bulk == -1)
-@@ -345,9 +393,10 @@ -@@ -345,9 +392,10 @@
+@@ -345,6 +393,7 @@ +@@ -345,6 +392,7 @@
sUsePrivilegeSeparation, sAllowAgentForwarding, sUsePrivilegeSeparation, sAllowAgentForwarding,
sHostCertificate, sHostCertificate,
sRevokedKeys, sTrustedUserCAKeys, sAuthorizedPrincipalsFile, sRevokedKeys, sTrustedUserCAKeys, sAuthorizedPrincipalsFile,
@ -21,6 +21,6 @@ make the hpn patch apply when the x509 patch has also been applied
- } ServerOpCodes; - } ServerOpCodes;
- -
+ sAuthenticationMethods, sHostKeyAgent, + sAuthenticationMethods, sHostKeyAgent,
@@ -468,6 +517,10 @@ @@ -468,6 +516,10 @@
{ "revokedkeys", sRevokedKeys, SSHCFG_ALL }, { "revokedkeys", sRevokedKeys, SSHCFG_ALL },
{ "trustedusercakeys", sTrustedUserCAKeys, SSHCFG_ALL }, { "trustedusercakeys", sTrustedUserCAKeys, SSHCFG_ALL },

View File

@ -1,167 +0,0 @@
Hi,
So I screwed up when writing the support for the curve25519 KEX method
that doesn't depend on OpenSSL's BIGNUM type - a bug in my code left
leading zero bytes where they should have been skipped. The impact of
this is that OpenSSH 6.5 and 6.6 will fail during key exchange with a
peer that implements curve25519-sha256 at libssh.org properly about 0.2%
of the time (one in every 512ish connections).
We've fixed this for OpenSSH 6.7 by avoiding the curve25519-sha256
key exchange for previous versions, but I'd recommend distributors
of OpenSSH apply this patch so the affected code doesn't become
too entrenched in LTS releases.
The patch fixes the bug and makes OpenSSH identify itself as 6.6.1 so as
to distinguish itself from the incorrect versions so the compatibility
code to disable the affected KEX isn't activated.
I've committed this on the 6.6 branch too.
Apologies for the hassle.
-d
Index: version.h
===================================================================
RCS file: /var/cvs/openssh/version.h,v
retrieving revision 1.82
diff -u -p -r1.82 version.h
--- version.h 27 Feb 2014 23:01:54 -0000 1.82
+++ version.h 20 Apr 2014 03:35:15 -0000
@@ -1,6 +1,6 @@
/* $OpenBSD: version.h,v 1.70 2014/02/27 22:57:40 djm Exp $ */
-#define SSH_VERSION "OpenSSH_6.6"
+#define SSH_VERSION "OpenSSH_6.6.1"
#define SSH_PORTABLE "p1"
#define SSH_RELEASE SSH_VERSION SSH_PORTABLE
Index: compat.c
===================================================================
RCS file: /var/cvs/openssh/compat.c,v
retrieving revision 1.82
retrieving revision 1.85
diff -u -p -r1.82 -r1.85
--- compat.c 31 Dec 2013 01:25:41 -0000 1.82
+++ compat.c 20 Apr 2014 03:33:59 -0000 1.85
@@ -95,6 +95,9 @@ compat_datafellows(const char *version)
{ "Sun_SSH_1.0*", SSH_BUG_NOREKEY|SSH_BUG_EXTEOF},
{ "OpenSSH_4*", 0 },
{ "OpenSSH_5*", SSH_NEW_OPENSSH|SSH_BUG_DYNAMIC_RPORT},
+ { "OpenSSH_6.6.1*", SSH_NEW_OPENSSH},
+ { "OpenSSH_6.5*,"
+ "OpenSSH_6.6*", SSH_NEW_OPENSSH|SSH_BUG_CURVE25519PAD},
{ "OpenSSH*", SSH_NEW_OPENSSH },
{ "*MindTerm*", 0 },
{ "2.1.0*", SSH_BUG_SIGBLOB|SSH_BUG_HMAC|
@@ -251,7 +254,6 @@ compat_cipher_proposal(char *cipher_prop
return cipher_prop;
}
-
char *
compat_pkalg_proposal(char *pkalg_prop)
{
@@ -263,5 +265,18 @@ compat_pkalg_proposal(char *pkalg_prop)
if (*pkalg_prop == '\0')
fatal("No supported PK algorithms found");
return pkalg_prop;
+}
+
+char *
+compat_kex_proposal(char *kex_prop)
+{
+ if (!(datafellows & SSH_BUG_CURVE25519PAD))
+ return kex_prop;
+ debug2("%s: original KEX proposal: %s", __func__, kex_prop);
+ kex_prop = filter_proposal(kex_prop, "curve25519-sha256 at libssh.org");
+ debug2("%s: compat KEX proposal: %s", __func__, kex_prop);
+ if (*kex_prop == '\0')
+ fatal("No supported key exchange algorithms found");
+ return kex_prop;
}
Index: compat.h
===================================================================
RCS file: /var/cvs/openssh/compat.h,v
retrieving revision 1.42
retrieving revision 1.43
diff -u -p -r1.42 -r1.43
--- compat.h 31 Dec 2013 01:25:41 -0000 1.42
+++ compat.h 20 Apr 2014 03:25:31 -0000 1.43
@@ -59,6 +59,7 @@
#define SSH_BUG_RFWD_ADDR 0x02000000
#define SSH_NEW_OPENSSH 0x04000000
#define SSH_BUG_DYNAMIC_RPORT 0x08000000
+#define SSH_BUG_CURVE25519PAD 0x10000000
void enable_compat13(void);
void enable_compat20(void);
@@ -66,6 +67,7 @@ void compat_datafellows(const char *
int proto_spec(const char *);
char *compat_cipher_proposal(char *);
char *compat_pkalg_proposal(char *);
+char *compat_kex_proposal(char *);
extern int compat13;
extern int compat20;
Index: sshd.c
===================================================================
RCS file: /var/cvs/openssh/sshd.c,v
retrieving revision 1.448
retrieving revision 1.453
diff -u -p -r1.448 -r1.453
--- sshd.c 26 Feb 2014 23:20:08 -0000 1.448
+++ sshd.c 20 Apr 2014 03:28:41 -0000 1.453
@@ -2462,6 +2438,9 @@ do_ssh2_kex(void)
if (options.kex_algorithms != NULL)
myproposal[PROPOSAL_KEX_ALGS] = options.kex_algorithms;
+ myproposal[PROPOSAL_KEX_ALGS] = compat_kex_proposal(
+ myproposal[PROPOSAL_KEX_ALGS]);
+
if (options.rekey_limit || options.rekey_interval)
packet_set_rekey_limits((u_int32_t)options.rekey_limit,
(time_t)options.rekey_interval);
Index: sshconnect2.c
===================================================================
RCS file: /var/cvs/openssh/sshconnect2.c,v
retrieving revision 1.197
retrieving revision 1.199
diff -u -p -r1.197 -r1.199
--- sshconnect2.c 4 Feb 2014 00:20:16 -0000 1.197
+++ sshconnect2.c 20 Apr 2014 03:25:31 -0000 1.199
@@ -195,6 +196,8 @@ ssh_kex2(char *host, struct sockaddr *ho
}
if (options.kex_algorithms != NULL)
myproposal[PROPOSAL_KEX_ALGS] = options.kex_algorithms;
+ myproposal[PROPOSAL_KEX_ALGS] = compat_kex_proposal(
+ myproposal[PROPOSAL_KEX_ALGS]);
if (options.rekey_limit || options.rekey_interval)
packet_set_rekey_limits((u_int32_t)options.rekey_limit,
Index: bufaux.c
===================================================================
RCS file: /var/cvs/openssh/bufaux.c,v
retrieving revision 1.62
retrieving revision 1.63
diff -u -p -r1.62 -r1.63
--- bufaux.c 4 Feb 2014 00:20:15 -0000 1.62
+++ bufaux.c 20 Apr 2014 03:24:50 -0000 1.63
@@ -1,4 +1,4 @@
-/* $OpenBSD: bufaux.c,v 1.56 2014/02/02 03:44:31 djm Exp $ */
+/* $OpenBSD: bufaux.c,v 1.57 2014/04/16 23:22:45 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo at cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo at cs.hut.fi>, Espoo, Finland
@@ -372,6 +372,9 @@ buffer_put_bignum2_from_string(Buffer *b
if (l > 8 * 1024)
fatal("%s: length %u too long", __func__, l);
+ /* Skip leading zero bytes */
+ for (; l > 0 && *s == 0; l--, s++)
+ ;
p = buf = xmalloc(l + 1);
/*
* If most significant bit is set then prepend a zero byte to

View File

@ -1,17 +0,0 @@
the last nibble of the openssl version represents the status. that is,
whether it is a beta or release. when it comes to version checks in
openssh, this component does not matter, so ignore it.
https://bugzilla.mindrot.org/show_bug.cgi?id=2212
--- a/entropy.c
+++ b/entropy.c
@@ -216,7 +216,7 @@ seed_rng(void)
* allow 1.0.1 to work with 1.0.0). Going backwards is only allowed
* within a patch series.
*/
- u_long version_mask = SSLeay() >= 0x1000000f ? ~0xffff0L : ~0xff0L;
+ u_long version_mask = SSLeay() >= 0x1000000f ? ~0xfffffL : ~0xff0L;
if (((SSLeay() ^ OPENSSL_VERSION_NUMBER) & version_mask) ||
(SSLeay() >> 12) < (OPENSSL_VERSION_NUMBER >> 12))
fatal("OpenSSL version mismatch. Built against %lx, you "

View File

@ -1,26 +0,0 @@
make the hpn patch apply when the x509 patch has also been applied
--- openssh-6.6p1-hpnssh14v4.diff
+++ openssh-6.6p1-hpnssh14v4.diff
@@ -1742,18 +1742,14 @@
if (options->ip_qos_interactive == -1)
options->ip_qos_interactive = IPTOS_LOWDELAY;
if (options->ip_qos_bulk == -1)
-@@ -345,9 +393,10 @@
+@@ -345,6 +393,7 @@
sUsePrivilegeSeparation, sAllowAgentForwarding,
sHostCertificate,
sRevokedKeys, sTrustedUserCAKeys, sAuthorizedPrincipalsFile,
-+ sTcpRcvBufPoll, sHPNDisabled, sHPNBufferSize,
++ sTcpRcvBufPoll, sHPNDisabled, sHPNBufferSize, sNoneEnabled,
sKexAlgorithms, sIPQoS, sVersionAddendum,
sAuthorizedKeysCommand, sAuthorizedKeysCommandUser,
-- sAuthenticationMethods, sHostKeyAgent,
-+ sAuthenticationMethods, sNoneEnabled, sHostKeyAgent,
- sDeprecated, sUnsupported
- } ServerOpCodes;
-
+ sAuthenticationMethods, sHostKeyAgent,
@@ -468,6 +517,10 @@
{ "revokedkeys", sRevokedKeys, SSHCFG_ALL },
{ "trustedusercakeys", sTrustedUserCAKeys, SSHCFG_ALL },

View File

@ -0,0 +1,17 @@
the last nibble of the openssl version represents the status. that is,
whether it is a beta or release. when it comes to version checks in
openssh, this component does not matter, so ignore it.
https://bugzilla.mindrot.org/show_bug.cgi?id=2212
--- a/openbsd-compat/openssl-compat.c
+++ b/openbsd-compat/openssl-compat.c
@@ -58,7 +58,7 @@ ssh_compatible_openssl(long headerver, long libver)
* For versions >= 1.0.0, major,minor,status must match and library
* fix version must be equal to or newer than the header.
*/
- mask = 0xfff0000fL; /* major,minor,status */
+ mask = 0xfff00000L; /* major,minor,status */
hfix = (headerver & 0x000ff000) >> 12;
lfix = (libver & 0x000ff000) >> 12;
if ( (headerver & mask) == (libver & mask) && lfix >= hfix)

View File

@ -0,0 +1,42 @@
--- openssh-6.7_p1-sctp.patch.orig 2014-11-24 10:34:31.817538707 -0800
+++ openssh-6.7_p1-sctp.patch 2014-11-24 10:38:52.744990154 -0800
@@ -195,14 +195,6 @@
.Op Fl c Ar cipher
.Op Fl F Ar ssh_config
.Op Fl i Ar identity_file
-@@ -178,6 +178,7 @@ For full details of the options listed b
- .It ServerAliveCountMax
- .It StrictHostKeyChecking
- .It TCPKeepAlive
-+.It Transport
- .It UsePrivilegedPort
- .It User
- .It UserKnownHostsFile
@@ -218,6 +219,8 @@ and
to print debugging messages about their progress.
This is helpful in
@@ -482,14 +474,6 @@
.Op Fl b Ar bind_address
.Op Fl c Ar cipher_spec
.Op Fl D Oo Ar bind_address : Oc Ns Ar port
-@@ -473,6 +473,7 @@ For full details of the options listed b
- .It StreamLocalBindUnlink
- .It StrictHostKeyChecking
- .It TCPKeepAlive
-+.It Transport
- .It Tunnel
- .It TunnelDevice
- .It UsePrivilegedPort
@@ -665,6 +666,8 @@ Trusted X11 forwardings are not subjecte
controls.
.It Fl y
@@ -527,7 +511,7 @@
- again:
+
- while ((opt = getopt(ac, av, "1246ab:c:e:fgi:kl:m:no:p:qstvx"
+ while ((opt = getopt(ac, av, "1246ab:c:e:fgi:kl:m:no:p:qstvx" SCTP_OPT
- "ACD:E:F:I:KL:MNO:PQ:R:S:TVw:W:XYy")) != -1) {
+ "ACD:E:F:" ENGCONFIG "I:KL:MNO:PQ:R:S:TVw:W:XYy")) != -1) {
switch (opt) {
case '1':
@@ -732,6 +738,11 @@ main(int ac, char **av)

View File

@ -1,10 +1,8 @@
Index: gss-serv.c https://bugs.gentoo.org/378361
=================================================================== https://bugzilla.mindrot.org/show_bug.cgi?id=928
RCS file: /cvs/src/usr.bin/ssh/gss-serv.c,v
retrieving revision 1.22 --- a/gss-serv.c
diff -u -p -r1.22 gss-serv.c +++ b/gss-serv.c
--- gss-serv.c 8 May 2008 12:02:23 -0000 1.22
+++ gss-serv.c 11 Jan 2010 05:38:29 -0000
@@ -41,9 +41,12 @@ @@ -41,9 +41,12 @@
#include "channels.h" #include "channels.h"
#include "session.h" #include "session.h"
@ -19,13 +17,13 @@ diff -u -p -r1.22 gss-serv.c
{ GSS_C_EMPTY_BUFFER, GSS_C_EMPTY_BUFFER, { GSS_C_EMPTY_BUFFER, GSS_C_EMPTY_BUFFER,
GSS_C_NO_CREDENTIAL, NULL, {NULL, NULL, NULL}}; GSS_C_NO_CREDENTIAL, NULL, {NULL, NULL, NULL}};
@@ -77,25 +80,32 @@ ssh_gssapi_acquire_cred(Gssctxt *ctx) @@ -77,25 +80,32 @@ ssh_gssapi_acquire_cred(Gssctxt *ctx)
char lname[MAXHOSTNAMELEN]; char lname[NI_MAXHOST];
gss_OID_set oidset; gss_OID_set oidset;
- gss_create_empty_oid_set(&status, &oidset); - gss_create_empty_oid_set(&status, &oidset);
- gss_add_oid_set_member(&status, ctx->oid, &oidset); - gss_add_oid_set_member(&status, ctx->oid, &oidset);
- -
- if (gethostname(lname, MAXHOSTNAMELEN)) { - if (gethostname(lname, sizeof(lname))) {
- gss_release_oid_set(&status, &oidset); - gss_release_oid_set(&status, &oidset);
- return (-1); - return (-1);
- } - }
@ -66,13 +64,8 @@ diff -u -p -r1.22 gss-serv.c
} }
/* Privileged */ /* Privileged */
Index: servconf.c --- a/servconf.c
=================================================================== +++ b/servconf.c
RCS file: /cvs/src/usr.bin/ssh/servconf.c,v
retrieving revision 1.201
diff -u -p -r1.201 servconf.c
--- servconf.c 10 Jan 2010 03:51:17 -0000 1.201
+++ servconf.c 11 Jan 2010 05:34:56 -0000
@@ -86,6 +86,7 @@ initialize_server_options(ServerOptions @@ -86,6 +86,7 @@ initialize_server_options(ServerOptions
options->kerberos_get_afs_token = -1; options->kerberos_get_afs_token = -1;
options->gss_authentication=-1; options->gss_authentication=-1;
@ -123,13 +116,8 @@ diff -u -p -r1.201 servconf.c
goto parse_flag; goto parse_flag;
case sPasswordAuthentication: case sPasswordAuthentication:
Index: servconf.h --- a/servconf.h
=================================================================== +++ b/servconf.h
RCS file: /cvs/src/usr.bin/ssh/servconf.h,v
retrieving revision 1.89
diff -u -p -r1.89 servconf.h
--- servconf.h 9 Jan 2010 23:04:13 -0000 1.89
+++ servconf.h 11 Jan 2010 05:32:28 -0000
@@ -92,6 +92,7 @@ typedef struct { @@ -92,6 +92,7 @@ typedef struct {
* authenticated with Kerberos. */ * authenticated with Kerberos. */
int gss_authentication; /* If true, permit GSSAPI authentication */ int gss_authentication; /* If true, permit GSSAPI authentication */
@ -138,13 +126,8 @@ diff -u -p -r1.89 servconf.h
int password_authentication; /* If true, permit password int password_authentication; /* If true, permit password
* authentication. */ * authentication. */
int kbd_interactive_authentication; /* If true, permit */ int kbd_interactive_authentication; /* If true, permit */
Index: sshd_config --- a/sshd_config
=================================================================== +++ b/sshd_config
RCS file: /cvs/src/usr.bin/ssh/sshd_config,v
retrieving revision 1.81
diff -u -p -r1.81 sshd_config
--- sshd_config 8 Oct 2009 14:03:41 -0000 1.81
+++ sshd_config 11 Jan 2010 05:32:28 -0000
@@ -69,6 +69,7 @@ @@ -69,6 +69,7 @@
# GSSAPI options # GSSAPI options
#GSSAPIAuthentication no #GSSAPIAuthentication no
@ -153,13 +136,8 @@ diff -u -p -r1.81 sshd_config
# Set this to 'yes' to enable PAM authentication, account processing, # Set this to 'yes' to enable PAM authentication, account processing,
# and session processing. If this is enabled, PAM authentication will # and session processing. If this is enabled, PAM authentication will
Index: sshd_config.5 --- a/sshd_config.5
=================================================================== +++ b/sshd_config.5
RCS file: /cvs/src/usr.bin/ssh/sshd_config.5,v
retrieving revision 1.116
diff -u -p -r1.116 sshd_config.5
--- sshd_config.5 9 Jan 2010 23:04:13 -0000 1.116
+++ sshd_config.5 11 Jan 2010 05:37:20 -0000
@@ -386,6 +386,21 @@ on logout. @@ -386,6 +386,21 @@ on logout.
The default is The default is
.Dq yes . .Dq yes .

View File

@ -0,0 +1,46 @@
--- openssh-6.7p1.orig/sshd_config.5 2014-11-24 10:24:29.356244415 -0800
+++ openssh-6.7p1/sshd_config.5 2014-11-24 10:23:49.415029039 -0800
@@ -610,21 +610,6 @@
The default is
.Dq yes .
Note that this option applies to protocol version 2 only.
-.It Cm GSSAPIStrictAcceptorCheck
-Determines whether to be strict about the identity of the GSSAPI acceptor
-a client authenticates against.
-If set to
-.Dq yes
-then the client must authenticate against the
-.Pa host
-service on the current hostname.
-If set to
-.Dq no
-then the client may authenticate against any service key stored in the
-machine's default store.
-This facility is provided to assist with operation on multi homed machines.
-The default is
-.Dq yes .
.It Cm HostbasedAuthentication
Specifies whether rhosts or /etc/hosts.equiv authentication together
with successful public key client host authentication is allowed
@@ -651,6 +636,21 @@
attempting to resolve the name from the TCP connection itself.
The default is
.Dq no .
+.It Cm GSSAPIStrictAcceptorCheck
+Determines whether to be strict about the identity of the GSSAPI acceptor
+a client authenticates against.
+If set to
+.Dq yes
+then the client must authenticate against the
+.Pa host
+service on the current hostname.
+If set to
+.Dq no
+then the client may authenticate against any service key stored in the
+machine's default store.
+This facility is provided to assist with operation on multi homed machines.
+The default is
+.Dq yes .
.It Cm HostCertificate
Specifies a file containing a public host certificate.
The certificate's public key must match a private host key already specified

View File

@ -0,0 +1,11 @@
diff -ur openssh-6.7p1.orig/ssh-rsa.c openssh-6.7p1/ssh-rsa.c
--- openssh-6.7p1.orig/ssh-rsa.c 2015-02-24 14:52:54.512197868 -0800
+++ openssh-6.7p1/ssh-rsa.c 2015-02-27 11:48:54.173951646 -0800
@@ -34,6 +34,7 @@
#include "sshkey.h"
#include "digest.h"
#include "evp-compat.h"
+#include "xmalloc.h"
/*NOTE: Do not define USE_LEGACY_RSA_... if build
is with FIPS capable OpenSSL */

View File

@ -25,6 +25,7 @@ ssh-keygen and sftp-server. OpenSSH supports SSH protocol versions 1.3, 1.5, and
<flag name="hpn">Enable high performance ssh</flag> <flag name="hpn">Enable high performance ssh</flag>
<flag name="ldap">Add support for storing SSH public keys in LDAP</flag> <flag name="ldap">Add support for storing SSH public keys in LDAP</flag>
<flag name="ldns">Use LDNS for DNSSEC/SSHFP validation.</flag> <flag name="ldns">Use LDNS for DNSSEC/SSHFP validation.</flag>
<flag name="sctp">Support for Stream Control Transmission Protocol</flag>
<flag name="X509">Adds support for X.509 certificate authentication</flag> <flag name="X509">Adds support for X.509 certificate authentication</flag>
</use> </use>
<upstream> <upstream>

View File

@ -1,40 +1,44 @@
# Copyright 1999-2014 Gentoo Foundation # Copyright 1999-2014 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2 # Distributed under the terms of the GNU General Public License v2
# $Header: /var/cvsroot/gentoo-x86/net-misc/openssh/openssh-6.6.1_p1.ebuild,v 1.1 2014/04/25 07:11:59 polynomial-c Exp $ # $Header: /var/cvsroot/gentoo-x86/net-misc/openssh/openssh-6.7_p1-r3.ebuild,v 1.2 2014/12/31 07:29:47 vapier Exp $
EAPI="4" EAPI="4"
inherit eutils user flag-o-matic multilib autotools pam systemd versionator inherit eutils user flag-o-matic multilib autotools pam systemd versionator
# Make it more portable between straight releases # Make it more portable between straight releases
# and _p? releases. # and _p? releases.
PARCH=${P/.1_} PARCH=${P/_}
#HPN_PATCH="${PN}-6.6p1-hpnssh14v4.diff.gz" HPN_PATCH="${PN}-6.7p1-hpnssh14v5.tar.xz"
HPN_PATCH="${PN}-6.6.1p1-hpnssh14v4.diff.xz" LDAP_PATCH="${PN}-lpk-6.7p1-0.3.14.patch.xz"
LDAP_PATCH="${PN}-lpk-6.5p1-0.3.14.patch.gz" X509_VER="8.2" X509_PATCH="${PARCH}+x509-${X509_VER}.diff.gz"
X509_VER="7.9" X509_PATCH="${PARCH}+x509-${X509_VER}.diff.gz"
DESCRIPTION="Port of OpenBSD's free SSH release" DESCRIPTION="Port of OpenBSD's free SSH release"
HOMEPAGE="http://www.openssh.org/" HOMEPAGE="http://www.openssh.org/"
SRC_URI="mirror://openbsd/OpenSSH/portable/${PARCH}.tar.gz SRC_URI="mirror://openbsd/OpenSSH/portable/${PARCH}.tar.gz
${HPN_PATCH:+hpn? ( http://dev.gentoo.org/~polynomial-c/${HPN_PATCH} )} mirror://gentoo/${P}-sctp.patch.xz
${HPN_PATCH:+hpn? (
mirror://gentoo/${HPN_PATCH}
http://dev.gentoo.org/~vapier/dist/${HPN_PATCH}
mirror://sourceforge/hpnssh/${HPN_PATCH}
)}
${LDAP_PATCH:+ldap? ( mirror://gentoo/${LDAP_PATCH} )} ${LDAP_PATCH:+ldap? ( mirror://gentoo/${LDAP_PATCH} )}
${X509_PATCH:+X509? ( http://roumenpetrov.info/openssh/x509-${X509_VER}/${X509_PATCH} )} ${X509_PATCH:+X509? ( http://roumenpetrov.info/openssh/x509-${X509_VER}/${X509_PATCH} )}
" "
#${HPN_PATCH:+hpn? ( mirror://sourceforge/hpnssh/${HPN_PATCH} )}
LICENSE="BSD GPL-2" LICENSE="BSD GPL-2"
SLOT="0" SLOT="0"
KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~arm-linux ~x86-linux" KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~arm-linux ~x86-linux"
IUSE="bindist ${HPN_PATCH:++}hpn kerberos ldap ldns libedit pam selinux skey static tcpd X X509" IUSE="bindist ${HPN_PATCH:++}hpn kerberos kernel_linux ldap ldns libedit pam +pie sctp selinux skey static X X509"
REQUIRED_USE="pie? ( !static )"
LIB_DEPEND="selinux? ( >=sys-libs/libselinux-1.28[static-libs(+)] ) LIB_DEPEND="sctp? ( net-misc/lksctp-tools[static-libs(+)] )
selinux? ( >=sys-libs/libselinux-1.28[static-libs(+)] )
skey? ( >=sys-auth/skey-1.1.5-r1[static-libs(+)] ) skey? ( >=sys-auth/skey-1.1.5-r1[static-libs(+)] )
libedit? ( dev-libs/libedit[static-libs(+)] ) libedit? ( dev-libs/libedit[static-libs(+)] )
>=dev-libs/openssl-0.9.6d:0[bindist=] >=dev-libs/openssl-0.9.6d:0[bindist=]
dev-libs/openssl[static-libs(+)] dev-libs/openssl[static-libs(+)]
>=sys-libs/zlib-1.2.3[static-libs(+)] >=sys-libs/zlib-1.2.3[static-libs(+)]"
tcpd? ( >=sys-apps/tcp-wrappers-7.6[static-libs(+)] )"
RDEPEND=" RDEPEND="
!static? ( !static? (
${LIB_DEPEND//\[static-libs(+)]} ${LIB_DEPEND//\[static-libs(+)]}
@ -100,13 +104,11 @@ src_prepare() {
# don't break .ssh/authorized_keys2 for fun # don't break .ssh/authorized_keys2 for fun
sed -i '/^AuthorizedKeysFile/s:^:#:' sshd_config || die sed -i '/^AuthorizedKeysFile/s:^:#:' sshd_config || die
epatch "${FILESDIR}"/${P}.patch #508604 epatch "${FILESDIR}"/${PN}-6.7_p1-sshd-gssapi-multihomed.patch #378361
epatch "${FILESDIR}"/${PN}-5.9_p1-sshd-gssapi-multihomed.patch #378361
if use X509 ; then if use X509 ; then
pushd .. >/dev/null pushd .. >/dev/null
epatch "${FILESDIR}"/${PN}-6.6_p1-x509-glue.patch epatch "${FILESDIR}"/${P}-x509-glue.patch
use hpn && epatch "${FILESDIR}"/${PN}-6.6.1_p1-x509-hpn14v4-glue-p2.patch epatch "${FILESDIR}"/${P}-sctp-x509-glue.patch
popd >/dev/null popd >/dev/null
epatch "${WORKDIR}"/${X509_PATCH%.*} epatch "${WORKDIR}"/${X509_PATCH%.*}
epatch "${FILESDIR}"/${PN}-6.3_p1-x509-hpn14v2-glue.patch epatch "${FILESDIR}"/${PN}-6.3_p1-x509-hpn14v2-glue.patch
@ -121,10 +123,10 @@ src_prepare() {
use ldap && ewarn "Sorry, X509 and LDAP conflict internally, disabling LDAP" use ldap && ewarn "Sorry, X509 and LDAP conflict internally, disabling LDAP"
fi fi
epatch "${FILESDIR}"/${PN}-4.7_p1-GSSAPI-dns.patch #165444 integrated into gsskex epatch "${FILESDIR}"/${PN}-4.7_p1-GSSAPI-dns.patch #165444 integrated into gsskex
epatch "${FILESDIR}"/${PN}-6.6_p1-openssl-ignore-status.patch epatch "${FILESDIR}"/${PN}-6.7_p1-openssl-ignore-status.patch
epatch "${WORKDIR}"/${PN}-6.7_p1-sctp.patch
if [[ -n ${HPN_PATCH} ]] && use hpn; then if [[ -n ${HPN_PATCH} ]] && use hpn; then
epatch "${WORKDIR}"/${HPN_PATCH%.*} epatch "${WORKDIR}"/${HPN_PATCH%.*}/*
epatch "${FILESDIR}"/${PN}-6.5_p1-hpn-cipher-align.patch #498632
save_version HPN save_version HPN
fi fi
@ -171,7 +173,7 @@ static_use_with() {
} }
src_configure() { src_configure() {
local myconf local myconf=()
addwrite /dev/ptmx addwrite /dev/ptmx
addpredict /etc/skey/skeykeys #skey configure code triggers this addpredict /etc/skey/skeykeys #skey configure code triggers this
@ -179,14 +181,14 @@ src_configure() {
# Special settings for Gentoo/FreeBSD 9.0 or later (see bug #391011) # Special settings for Gentoo/FreeBSD 9.0 or later (see bug #391011)
if use elibc_FreeBSD && version_is_at_least 9.0 "$(uname -r|sed 's/\(.\..\).*/\1/')" ; then if use elibc_FreeBSD && version_is_at_least 9.0 "$(uname -r|sed 's/\(.\..\).*/\1/')" ; then
myconf="${myconf} --disable-utmp --disable-wtmp --disable-wtmpx" myconf+=( --disable-utmp --disable-wtmp --disable-wtmpx )
append-ldflags -lutil append-ldflags -lutil
fi fi
econf \ econf \
--with-ldflags="${LDFLAGS}" \ --with-ldflags="${LDFLAGS}" \
--disable-strip \ --disable-strip \
--with-pid-dir="${EPREFIX}"/var/run \ --with-pid-dir="${EPREFIX}"$(usex kernel_linux '' '/var')/run \
--sysconfdir="${EPREFIX}"/etc/ssh \ --sysconfdir="${EPREFIX}"/etc/ssh \
--libexecdir="${EPREFIX}"/usr/$(get_libdir)/misc \ --libexecdir="${EPREFIX}"/usr/$(get_libdir)/misc \
--datadir="${EPREFIX}"/usr/share/openssh \ --datadir="${EPREFIX}"/usr/share/openssh \
@ -195,14 +197,15 @@ src_configure() {
--with-md5-passwords \ --with-md5-passwords \
--with-ssl-engine \ --with-ssl-engine \
$(static_use_with pam) \ $(static_use_with pam) \
$(static_use_with kerberos kerberos5 /usr) \ $(static_use_with kerberos kerberos5 "${EPREFIX}"/usr) \
${LDAP_PATCH:+$(use X509 || ( use ldap && use_with ldap ))} \ ${LDAP_PATCH:+$(use X509 || ( use ldap && use_with ldap ))} \
$(use_with ldns) \ $(use_with ldns) \
$(use_with libedit) \ $(use_with libedit) \
$(use_with pie) \
$(use_with sctp) \
$(use_with selinux) \ $(use_with selinux) \
$(use_with skey) \ $(use_with skey) \
$(use_with tcpd tcp-wrappers) \ "${myconf[@]}"
${myconf}
} }
src_install() { src_install() {
@ -312,8 +315,9 @@ pkg_postinst() {
# This instruction is from the HPN webpage, # This instruction is from the HPN webpage,
# Used for the server logging functionality # Used for the server logging functionality
if [[ -n ${HPN_PATCH} ]] && use hpn ; then if [[ -n ${HPN_PATCH} ]] && use hpn ; then
echo
einfo "For the HPN server logging patch, you must ensure that" einfo "For the HPN server logging patch, you must ensure that"
einfo "your syslog application also listens at /var/empty/dev/log." einfo "your syslog application also listens at /var/empty/dev/log."
fi fi
elog "Note: openssh-6.7 versions no longer support USE=tcpd as upstream has"
elog " dropped it. Make sure to update any configs that you might have."
} }

View File

@ -0,0 +1,324 @@
# Copyright 1999-2015 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
# $Header: /var/cvsroot/gentoo-x86/net-misc/openssh/openssh-6.7_p1-r4.ebuild,v 1.1 2015/02/27 22:06:53 chutzpah Exp $
EAPI="4"
inherit eutils user flag-o-matic multilib autotools pam systemd versionator
# Make it more portable between straight releases
# and _p? releases.
PARCH=${P/_}
HPN_PATCH="${PN}-6.7p1-hpnssh14v5.tar.xz"
LDAP_PATCH="${PN}-lpk-6.7p1-0.3.14.patch.xz"
X509_VER="8.2" X509_PATCH="${PARCH}+x509-${X509_VER}.diff.gz"
DESCRIPTION="Port of OpenBSD's free SSH release"
HOMEPAGE="http://www.openssh.org/"
SRC_URI="mirror://openbsd/OpenSSH/portable/${PARCH}.tar.gz
mirror://gentoo/${P}-sctp.patch.xz
${HPN_PATCH:+hpn? (
mirror://gentoo/${HPN_PATCH}
http://dev.gentoo.org/~vapier/dist/${HPN_PATCH}
mirror://sourceforge/hpnssh/${HPN_PATCH}
)}
${LDAP_PATCH:+ldap? ( mirror://gentoo/${LDAP_PATCH} )}
${X509_PATCH:+X509? ( http://roumenpetrov.info/openssh/x509-${X509_VER}/${X509_PATCH} )}
"
LICENSE="BSD GPL-2"
SLOT="0"
KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~arm-linux ~x86-linux"
IUSE="bindist ${HPN_PATCH:++}hpn kerberos kernel_linux ldap ldns libedit pam +pie sctp selinux skey static X X509"
REQUIRED_USE="pie? ( !static )"
LIB_DEPEND="sctp? ( net-misc/lksctp-tools[static-libs(+)] )
selinux? ( >=sys-libs/libselinux-1.28[static-libs(+)] )
skey? ( >=sys-auth/skey-1.1.5-r1[static-libs(+)] )
libedit? ( dev-libs/libedit[static-libs(+)] )
>=dev-libs/openssl-0.9.6d:0[bindist=]
dev-libs/openssl[static-libs(+)]
>=sys-libs/zlib-1.2.3[static-libs(+)]"
RDEPEND="
!static? (
${LIB_DEPEND//\[static-libs(+)]}
ldns? (
!bindist? ( net-libs/ldns[ecdsa,ssl] )
bindist? ( net-libs/ldns[-ecdsa,ssl] )
)
)
pam? ( virtual/pam )
kerberos? ( virtual/krb5 )
ldap? ( net-nds/openldap )"
DEPEND="${RDEPEND}
static? (
${LIB_DEPEND}
ldns? (
!bindist? ( net-libs/ldns[ecdsa,ssl,static-libs(+)] )
bindist? ( net-libs/ldns[-ecdsa,ssl,static-libs(+)] )
)
)
virtual/pkgconfig
virtual/os-headers
sys-devel/autoconf"
RDEPEND="${RDEPEND}
pam? ( >=sys-auth/pambase-20081028 )
userland_GNU? ( virtual/shadow )
X? ( x11-apps/xauth )"
S=${WORKDIR}/${PARCH}
pkg_setup() {
# this sucks, but i'd rather have people unable to `emerge -u openssh`
# than not be able to log in to their server any more
maybe_fail() { [[ -z ${!2} ]] && echo "$1" ; }
local fail="
$(use X509 && maybe_fail X509 X509_PATCH)
$(use ldap && maybe_fail ldap LDAP_PATCH)
$(use hpn && maybe_fail hpn HPN_PATCH)
"
fail=$(echo ${fail})
if [[ -n ${fail} ]] ; then
eerror "Sorry, but this version does not yet support features"
eerror "that you requested: ${fail}"
eerror "Please mask ${PF} for now and check back later:"
eerror " # echo '=${CATEGORY}/${PF}' >> /etc/portage/package.mask"
die "booooo"
fi
}
save_version() {
# version.h patch conflict avoidence
mv version.h version.h.$1
cp -f version.h.pristine version.h
}
src_prepare() {
sed -i \
-e "/_PATH_XAUTH/s:/usr/X11R6/bin/xauth:${EPREFIX}/usr/bin/xauth:" \
pathnames.h || die
# keep this as we need it to avoid the conflict between LPK and HPN changing
# this file.
cp version.h version.h.pristine
# don't break .ssh/authorized_keys2 for fun
sed -i '/^AuthorizedKeysFile/s:^:#:' sshd_config || die
epatch "${FILESDIR}"/${PN}-6.7_p1-sshd-gssapi-multihomed.patch #378361
if use X509 ; then
pushd .. >/dev/null
epatch "${FILESDIR}"/${P}-x509-glue.patch
epatch "${FILESDIR}"/${P}-sctp-x509-glue.patch
popd >/dev/null
epatch "${WORKDIR}"/${X509_PATCH%.*}
epatch "${FILESDIR}"/${PN}-6.3_p1-x509-hpn14v2-glue.patch
epatch "${FILESDIR}"/${PN}-6.7_p1-xmalloc-include.patch
save_version X509
fi
if ! use X509 ; then
if [[ -n ${LDAP_PATCH} ]] && use ldap ; then
epatch "${WORKDIR}"/${LDAP_PATCH%.*}
save_version LPK
fi
else
use ldap && ewarn "Sorry, X509 and LDAP conflict internally, disabling LDAP"
fi
epatch "${FILESDIR}"/${PN}-4.7_p1-GSSAPI-dns.patch #165444 integrated into gsskex
epatch "${FILESDIR}"/${PN}-6.7_p1-openssl-ignore-status.patch
epatch "${WORKDIR}"/${PN}-6.7_p1-sctp.patch
if [[ -n ${HPN_PATCH} ]] && use hpn; then
epatch "${WORKDIR}"/${HPN_PATCH%.*}/*
save_version HPN
fi
tc-export PKG_CONFIG
local sed_args=(
-e "s:-lcrypto:$(${PKG_CONFIG} --libs openssl):"
# Disable PATH reset, trust what portage gives us #254615
-e 's:^PATH=/:#PATH=/:'
# Disable fortify flags ... our gcc does this for us
-e 's:-D_FORTIFY_SOURCE=2::'
)
# The -ftrapv flag ICEs on hppa #505182
use hppa && sed_args+=(
-e '/CFLAGS/s:-ftrapv:-fdisable-this-test:'
-e '/OSSH_CHECK_CFLAG_LINK.*-ftrapv/d'
)
sed -i "${sed_args[@]}" configure{.ac,} || die
epatch_user #473004
# Now we can build a sane merged version.h
(
sed '/^#define SSH_RELEASE/d' version.h.* | sort -u
macros=()
for p in HPN LPK X509 ; do [ -e version.h.${p} ] && macros+=( SSH_${p} ) ; done
printf '#define SSH_RELEASE SSH_VERSION SSH_PORTABLE %s\n' "${macros}"
) > version.h
eautoreconf
}
static_use_with() {
local flag=$1
if use static && use ${flag} ; then
ewarn "Disabling '${flag}' support because of USE='static'"
# rebuild args so that we invert the first one (USE flag)
# but otherwise leave everything else working so we can
# just leverage use_with
shift
[[ -z $1 ]] && flag="${flag} ${flag}"
set -- !${flag} "$@"
fi
use_with "$@"
}
src_configure() {
local myconf=()
addwrite /dev/ptmx
addpredict /etc/skey/skeykeys #skey configure code triggers this
use static && append-ldflags -static
# Special settings for Gentoo/FreeBSD 9.0 or later (see bug #391011)
if use elibc_FreeBSD && version_is_at_least 9.0 "$(uname -r|sed 's/\(.\..\).*/\1/')" ; then
myconf+=( --disable-utmp --disable-wtmp --disable-wtmpx )
append-ldflags -lutil
fi
econf \
--with-ldflags="${LDFLAGS}" \
--disable-strip \
--with-pid-dir="${EPREFIX}"$(usex kernel_linux '' '/var')/run \
--sysconfdir="${EPREFIX}"/etc/ssh \
--libexecdir="${EPREFIX}"/usr/$(get_libdir)/misc \
--datadir="${EPREFIX}"/usr/share/openssh \
--with-privsep-path="${EPREFIX}"/var/empty \
--with-privsep-user=sshd \
--with-md5-passwords \
--with-ssl-engine \
$(static_use_with pam) \
$(static_use_with kerberos kerberos5 "${EPREFIX}"/usr) \
${LDAP_PATCH:+$(use X509 || ( use ldap && use_with ldap ))} \
$(use_with ldns) \
$(use_with libedit) \
$(use_with pie) \
$(use_with sctp) \
$(use_with selinux) \
$(use_with skey) \
"${myconf[@]}"
}
src_install() {
emake install-nokeys DESTDIR="${D}"
fperms 600 /etc/ssh/sshd_config
dobin contrib/ssh-copy-id
newinitd "${FILESDIR}"/sshd.rc6.4 sshd
newconfd "${FILESDIR}"/sshd.confd sshd
keepdir /var/empty
# not all openssl installs support ecc, or are functional #352645
if ! grep -q '#define OPENSSL_HAS_ECC 1' config.h ; then
elog "dev-libs/openssl was built with 'bindist' - disabling ecdsa support"
sed -i 's:&& gen_key ecdsa::' "${ED}"/etc/init.d/sshd || die
fi
newpamd "${FILESDIR}"/sshd.pam_include.2 sshd
if use pam ; then
sed -i \
-e "/^#UsePAM /s:.*:UsePAM yes:" \
-e "/^#PasswordAuthentication /s:.*:PasswordAuthentication no:" \
-e "/^#PrintMotd /s:.*:PrintMotd no:" \
-e "/^#PrintLastLog /s:.*:PrintLastLog no:" \
"${ED}"/etc/ssh/sshd_config || die "sed of configuration file failed"
fi
# Gentoo tweaks to default config files
cat <<-EOF >> "${ED}"/etc/ssh/sshd_config
# Allow client to pass locale environment variables #367017
AcceptEnv LANG LC_*
EOF
cat <<-EOF >> "${ED}"/etc/ssh/ssh_config
# Send locale environment variables #367017
SendEnv LANG LC_*
EOF
# This instruction is from the HPN webpage,
# Used for the server logging functionality
if [[ -n ${HPN_PATCH} ]] && use hpn ; then
keepdir /var/empty/dev
fi
if ! use X509 && [[ -n ${LDAP_PATCH} ]] && use ldap ; then
insinto /etc/openldap/schema/
newins openssh-lpk_openldap.schema openssh-lpk.schema
fi
doman contrib/ssh-copy-id.1
dodoc ChangeLog CREDITS OVERVIEW README* TODO sshd_config
diropts -m 0700
dodir /etc/skel/.ssh
systemd_dounit "${FILESDIR}"/sshd.{service,socket}
systemd_newunit "${FILESDIR}"/sshd_at.service 'sshd@.service'
}
src_test() {
local t tests skipped failed passed shell
tests="interop-tests compat-tests"
skipped=""
shell=$(egetshell ${UID})
if [[ ${shell} == */nologin ]] || [[ ${shell} == */false ]] ; then
elog "Running the full OpenSSH testsuite"
elog "requires a usable shell for the 'portage'"
elog "user, so we will run a subset only."
skipped="${skipped} tests"
else
tests="${tests} tests"
fi
# It will also attempt to write to the homedir .ssh
local sshhome=${T}/homedir
mkdir -p "${sshhome}"/.ssh
for t in ${tests} ; do
# Some tests read from stdin ...
HOMEDIR="${sshhome}" \
emake -k -j1 ${t} </dev/null \
&& passed="${passed}${t} " \
|| failed="${failed}${t} "
done
einfo "Passed tests: ${passed}"
ewarn "Skipped tests: ${skipped}"
if [[ -n ${failed} ]] ; then
ewarn "Failed tests: ${failed}"
die "Some tests failed: ${failed}"
else
einfo "Failed tests: ${failed}"
return 0
fi
}
pkg_preinst() {
enewgroup sshd 22
enewuser sshd 22 -1 /var/empty sshd
}
pkg_postinst() {
if has_version "<${CATEGORY}/${PN}-5.8_p1" ; then
elog "Starting with openssh-5.8p1, the server will default to a newer key"
elog "algorithm (ECDSA). You are encouraged to manually update your stored"
elog "keys list as servers update theirs. See ssh-keyscan(1) for more info."
fi
ewarn "Remember to merge your config files in /etc/ssh/ and then"
ewarn "reload sshd: '/etc/init.d/sshd reload'."
# This instruction is from the HPN webpage,
# Used for the server logging functionality
if [[ -n ${HPN_PATCH} ]] && use hpn ; then
einfo "For the HPN server logging patch, you must ensure that"
einfo "your syslog application also listens at /var/empty/dev/log."
fi
elog "Note: openssh-6.7 versions no longer support USE=tcpd as upstream has"
elog " dropped it. Make sure to update any configs that you might have."
}

View File

@ -1,6 +1,6 @@
# Copyright 1999-2014 Gentoo Foundation # Copyright 1999-2014 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2 # Distributed under the terms of the GNU General Public License v2
# $Header: /var/cvsroot/gentoo-x86/net-misc/openssh/openssh-6.6_p1-r1.ebuild,v 1.10 2014/03/23 09:54:17 ago Exp $ # $Header: /var/cvsroot/gentoo-x86/net-misc/openssh/openssh-6.7_p1.ebuild,v 1.13 2014/12/31 07:40:01 vapier Exp $
EAPI="4" EAPI="4"
inherit eutils user flag-o-matic multilib autotools pam systemd versionator inherit eutils user flag-o-matic multilib autotools pam systemd versionator
@ -9,32 +9,36 @@ inherit eutils user flag-o-matic multilib autotools pam systemd versionator
# and _p? releases. # and _p? releases.
PARCH=${P/_} PARCH=${P/_}
#HPN_PATCH="${PN}-6.6p1-hpnssh14v4.diff.gz" HPN_PATCH="${PN}-6.7p1-hpnssh14v5.tar.xz"
HPN_PATCH="${PN}-6.6p1-hpnssh14v4.diff.xz" LDAP_PATCH="${PN}-lpk-6.7p1-0.3.14.patch.xz"
LDAP_PATCH="${PN}-lpk-6.5p1-0.3.14.patch.gz" #X509_VER="8.1" X509_PATCH="${PARCH/6.7/6.6}+x509-${X509_VER}.diff.gz"
X509_VER="7.9" X509_PATCH="${PARCH}+x509-${X509_VER}.diff.gz"
DESCRIPTION="Port of OpenBSD's free SSH release" DESCRIPTION="Port of OpenBSD's free SSH release"
HOMEPAGE="http://www.openssh.org/" HOMEPAGE="http://www.openssh.org/"
SRC_URI="mirror://openbsd/OpenSSH/portable/${PARCH}.tar.gz SRC_URI="mirror://openbsd/OpenSSH/portable/${PARCH}.tar.gz
${HPN_PATCH:+hpn? ( http://dev.gentoo.org/~polynomial-c/${HPN_PATCH} )} mirror://gentoo/${P}-sctp.patch.xz
${HPN_PATCH:+hpn? (
mirror://gentoo/${HPN_PATCH}
http://dev.gentoo.org/~vapier/dist/${HPN_PATCH}
mirror://sourceforge/hpnssh/${HPN_PATCH}
)}
${LDAP_PATCH:+ldap? ( mirror://gentoo/${LDAP_PATCH} )} ${LDAP_PATCH:+ldap? ( mirror://gentoo/${LDAP_PATCH} )}
${X509_PATCH:+X509? ( http://roumenpetrov.info/openssh/x509-${X509_VER}/${X509_PATCH} )} ${X509_PATCH:+X509? ( http://roumenpetrov.info/openssh/x509-${X509_VER}/${X509_PATCH} )}
" "
#${HPN_PATCH:+hpn? ( mirror://sourceforge/hpnssh/${HPN_PATCH} )}
LICENSE="BSD GPL-2" LICENSE="BSD GPL-2"
SLOT="0" SLOT="0"
KEYWORDS="alpha amd64 arm arm64 hppa ia64 m68k ~mips ppc ppc64 s390 sh sparc x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~arm-linux ~x86-linux" KEYWORDS="alpha amd64 arm arm64 hppa ia64 m68k ~mips ppc ppc64 s390 sh sparc x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~arm-linux ~x86-linux"
IUSE="bindist ${HPN_PATCH:++}hpn kerberos ldap ldns libedit pam selinux skey static tcpd X X509" IUSE="bindist ${HPN_PATCH:++}hpn kerberos ldap ldns libedit pam +pie sctp selinux skey static X X509"
REQUIRED_USE="pie? ( !static )"
LIB_DEPEND="selinux? ( >=sys-libs/libselinux-1.28[static-libs(+)] ) LIB_DEPEND="sctp? ( net-misc/lksctp-tools[static-libs(+)] )
selinux? ( >=sys-libs/libselinux-1.28[static-libs(+)] )
skey? ( >=sys-auth/skey-1.1.5-r1[static-libs(+)] ) skey? ( >=sys-auth/skey-1.1.5-r1[static-libs(+)] )
libedit? ( dev-libs/libedit[static-libs(+)] ) libedit? ( dev-libs/libedit[static-libs(+)] )
>=dev-libs/openssl-0.9.6d:0[bindist=] >=dev-libs/openssl-0.9.6d:0[bindist=]
dev-libs/openssl[static-libs(+)] dev-libs/openssl[static-libs(+)]
>=sys-libs/zlib-1.2.3[static-libs(+)] >=sys-libs/zlib-1.2.3[static-libs(+)]"
tcpd? ( >=sys-apps/tcp-wrappers-7.6[static-libs(+)] )"
RDEPEND=" RDEPEND="
!static? ( !static? (
${LIB_DEPEND//\[static-libs(+)]} ${LIB_DEPEND//\[static-libs(+)]}
@ -100,11 +104,11 @@ src_prepare() {
# don't break .ssh/authorized_keys2 for fun # don't break .ssh/authorized_keys2 for fun
sed -i '/^AuthorizedKeysFile/s:^:#:' sshd_config || die sed -i '/^AuthorizedKeysFile/s:^:#:' sshd_config || die
epatch "${FILESDIR}"/${PN}-5.9_p1-sshd-gssapi-multihomed.patch #378361 epatch "${FILESDIR}"/${PN}-6.7_p1-sshd-gssapi-multihomed.patch #378361
if use X509 ; then if use X509 ; then
pushd .. >/dev/null pushd .. >/dev/null
epatch "${FILESDIR}"/${PN}-6.6_p1-x509-glue.patch epatch "${FILESDIR}"/${PN}-6.6.1_p1-x509-glue.patch
use hpn && epatch "${FILESDIR}"/${PN}-6.6_p1-x509-hpn14v4-glue-p2.patch use hpn && epatch "${FILESDIR}"/${PN}-6.6.1_p1-x509-hpn14v5-glue.patch
popd >/dev/null popd >/dev/null
epatch "${WORKDIR}"/${X509_PATCH%.*} epatch "${WORKDIR}"/${X509_PATCH%.*}
epatch "${FILESDIR}"/${PN}-6.3_p1-x509-hpn14v2-glue.patch epatch "${FILESDIR}"/${PN}-6.3_p1-x509-hpn14v2-glue.patch
@ -119,10 +123,10 @@ src_prepare() {
use ldap && ewarn "Sorry, X509 and LDAP conflict internally, disabling LDAP" use ldap && ewarn "Sorry, X509 and LDAP conflict internally, disabling LDAP"
fi fi
epatch "${FILESDIR}"/${PN}-4.7_p1-GSSAPI-dns.patch #165444 integrated into gsskex epatch "${FILESDIR}"/${PN}-4.7_p1-GSSAPI-dns.patch #165444 integrated into gsskex
epatch "${FILESDIR}"/${PN}-6.6_p1-openssl-ignore-status.patch epatch "${FILESDIR}"/${PN}-6.7_p1-openssl-ignore-status.patch
epatch "${WORKDIR}"/${PN}-6.7_p1-sctp.patch
if [[ -n ${HPN_PATCH} ]] && use hpn; then if [[ -n ${HPN_PATCH} ]] && use hpn; then
epatch "${WORKDIR}"/${HPN_PATCH%.*} epatch "${WORKDIR}"/${HPN_PATCH%.*}/*
epatch "${FILESDIR}"/${PN}-6.5_p1-hpn-cipher-align.patch #498632
save_version HPN save_version HPN
fi fi
@ -169,7 +173,7 @@ static_use_with() {
} }
src_configure() { src_configure() {
local myconf local myconf=()
addwrite /dev/ptmx addwrite /dev/ptmx
addpredict /etc/skey/skeykeys #skey configure code triggers this addpredict /etc/skey/skeykeys #skey configure code triggers this
@ -177,7 +181,7 @@ src_configure() {
# Special settings for Gentoo/FreeBSD 9.0 or later (see bug #391011) # Special settings for Gentoo/FreeBSD 9.0 or later (see bug #391011)
if use elibc_FreeBSD && version_is_at_least 9.0 "$(uname -r|sed 's/\(.\..\).*/\1/')" ; then if use elibc_FreeBSD && version_is_at_least 9.0 "$(uname -r|sed 's/\(.\..\).*/\1/')" ; then
myconf="${myconf} --disable-utmp --disable-wtmp --disable-wtmpx" myconf+=( --disable-utmp --disable-wtmp --disable-wtmpx )
append-ldflags -lutil append-ldflags -lutil
fi fi
@ -193,14 +197,15 @@ src_configure() {
--with-md5-passwords \ --with-md5-passwords \
--with-ssl-engine \ --with-ssl-engine \
$(static_use_with pam) \ $(static_use_with pam) \
$(static_use_with kerberos kerberos5 /usr) \ $(static_use_with kerberos kerberos5 "${EPREFIX}"/usr) \
${LDAP_PATCH:+$(use X509 || ( use ldap && use_with ldap ))} \ ${LDAP_PATCH:+$(use X509 || ( use ldap && use_with ldap ))} \
$(use_with ldns) \ $(use_with ldns) \
$(use_with libedit) \ $(use_with libedit) \
$(use_with pie) \
$(use_with sctp) \
$(use_with selinux) \ $(use_with selinux) \
$(use_with skey) \ $(use_with skey) \
$(use_with tcpd tcp-wrappers) \ "${myconf[@]}"
${myconf}
} }
src_install() { src_install() {
@ -310,8 +315,9 @@ pkg_postinst() {
# This instruction is from the HPN webpage, # This instruction is from the HPN webpage,
# Used for the server logging functionality # Used for the server logging functionality
if [[ -n ${HPN_PATCH} ]] && use hpn ; then if [[ -n ${HPN_PATCH} ]] && use hpn ; then
echo
einfo "For the HPN server logging patch, you must ensure that" einfo "For the HPN server logging patch, you must ensure that"
einfo "your syslog application also listens at /var/empty/dev/log." einfo "your syslog application also listens at /var/empty/dev/log."
fi fi
elog "Note: openssh-6.7 versions no longer support USE=tcpd as upstream has"
elog " dropped it. Make sure to update any configs that you might have."
} }