mirrors/flatcar-scripts
1
0
Fork 0
mirror of https://github.com/flatcar/scripts.git synced 2025-08-18 02:16:59 +02:00
Code Issues Packages Projects Releases Wiki Activity

bump(net-misc/openssh): sync with upstream

Browse Source 
Synced openssl too, not a new version but seemed reasonable to refresh
our copy of the ebuilds.

Packages updated:
  dev-libs/openssl
  net-misc/openssh
This commit is contained in:
Michael Marineau 2014-03-31 15:15:28 -07:00
parent dde0d66418
commit f229b49ef2
40 changed files with 1942 additions and 2445 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
sdk_container/src/third_party/portage-stable/dev-libs/openssl/ChangeLog vendored
View File

@ -1,6 +1,28 @@
# ChangeLog for dev-libs/openssl
# Copyright 1999-2014 Gentoo Foundation; Distributed under the GPL v2
# $Header: /var/cvsroot/gentoo-x86/dev-libs/openssl/ChangeLog,v 1.513 2014/01/26 11:59:33 ago Exp $
# $Header: /var/cvsroot/gentoo-x86/dev-libs/openssl/ChangeLog,v 1.517 2014/03/22 18:56:05 vapier Exp $
22 Mar 2014; Mike Frysinger <vapier@gentoo.org> metadata.xml:
Note that USE=bindist changes ABI. #505306 by Thibaud CANALE.
21 Mar 2014; Lars Wendler <polynomial-c@gentoo.org>
openssl-1.0.2_beta1.ebuild, +files/openssl-1.0.2_beta1-perl-5.18.patch:
Fixed installation with perl-5.18
*openssl-1.0.2_beta1 (20 Mar 2014)
20 Mar 2014; Mike Frysinger <vapier@gentoo.org>
+files/openssl-1.0.2-ipv6.patch, +files/openssl-1.0.2-parallel-build.patch,
+openssl-1.0.2_beta1.ebuild:
Version bump for testing.
21 Feb 2014; Lars Wendler <polynomial-c@gentoo.org> -openssl-1.0.1e.ebuild,
-openssl-1.0.1e-r1.ebuild, -openssl-1.0.1e-r2.ebuild,
-openssl-1.0.1e-r3.ebuild, -files/openssl-1.0.1e-bad-mac-aes-ni.patch,
-files/openssl-1.0.1e-perl-5.18.patch,
-files/openssl-1.0.1e-rdrand-explicit.patch,
-files/openssl-1.0.1e-tls-ver-crash.patch:
Removed vulnerable versions (bug #497838).
26 Jan 2014; Agostino Sarubbo <ago@gentoo.org> openssl-1.0.1f.ebuild:
Stable for sparc, wrt bug #497838

44
sdk_container/src/third_party/portage-stable/dev-libs/openssl/Manifest vendored
View File

@ -15,42 +15,38 @@ AUX openssl-1.0.0e-x32.patch 4113 SHA256 e3c5118541d580d3cac2fe9f8af54059f81518b
AUX openssl-1.0.0h-pkg-config.patch 1289 SHA256 542dea12747b1cb667707250e3eb3803cbdd396bd0d8e836e48a8018417dc1b8 SHA512 4d1f66dc8615cdf7c96719c8cc909c7d908089e91b0cfe2dd08ae7a332c525b5384e2eb8eb3922e89cbc035167f581eaa606ba826fca6253f16f89f66a9ef225 WHIRLPOOL cdd63a06205b0237ddef1f56df2accf29e5f43f886aed01f95711b49a3af07d87afd0953cb3c12c7e97d4a3392f7c691257dcb7ad3e97cc6fbf1cf399a8a6394
AUX openssl-1.0.1-parallel-build.patch 10614 SHA256 f3aa674880ffa53a891d3f9054a1ff162c4461b3ec160a365990275907636259 SHA512 439015b3b007adfbab047a1e3e12a9700030779a593bba1a30e9554c7c02eb1cffe9acb089546954e87163847cf86b13130abf9646eb5d00a2ff725b534f84d5 WHIRLPOOL 673f6f045765effb9ded607bf8116a81e7bfeee78ba0e8a34892081c272239a2b75fbb14f4c48b61d93593fac8e1b1e8bef7223f4cc64e8443e19c8f337ab6bc
AUX openssl-1.0.1-x32.patch 3273 SHA256 a4f05b8757e225a05a9c5a3ea485159066760d878c9ee54c4eaf61760e33c6cf SHA512 6bed57fe2fbe2d0ced1279b53804d94426a679d5d6b80ad7d0ed18523a7fda397e02038032c08cdd4e6034f9ff6e82cad365ff2a724d49d91467cf2b77f47752 WHIRLPOOL 1366632e7dc1c6e54efc5b9791bf24833d20e7a61ca29aa38d31b5b9629febf926a29742e370b7cd6767c810c0a1676100ca9169f0d836dfd19ff0b2c29e49c1
AUX openssl-1.0.1e-bad-mac-aes-ni.patch 1220 SHA256 484fe928925965e98bb0fccc14d6a1e2469507e513a4257a1741e725e9fabf8d SHA512 0c3ad477cd4a8e61e6235eda23b5efbf15aef23f3a753f30c35ec170236d9d3a52d11736d25b9995dd60cf534382b9ad7bf36aa6a95aa9fbd12a3019176d04f2 WHIRLPOOL 1e40dd340dc06e1d13447a72dcc6e6acaaab3270b118e37699bccab05ac6f47d196239bdec6be24182e46d57f2f5e3f927e64bb7346e6d4aa19b28155c2918c6
AUX openssl-1.0.1e-ipv6.patch 18596 SHA256 430d15f2f62c2d7b9bbb968d3c1d3cea51c97d549e01683fd6befb20e2b60946 SHA512 15bfcafc8c173d2875954a43db19d15956619528a0fc356b6d36877f7434321071cf707d950767491261adc1e6403e56b3e014e3d0ffb6cef563daca00a128bd WHIRLPOOL d1dd63d00b166efb1ca9e5d8da931a47e571f5784e3b47780355553b4d0cf656885375e3fe7fc1554b6c5eb749371efeb370c7462e4fcc52c0dd85c6e2318ad8
AUX openssl-1.0.1e-perl-5.18.patch 8211 SHA256 0d2263de7cd1e814cf7583a738d7c439dadb6f195793a29356186b336edc5a98 SHA512 4b56cae218af916c5d7f1006f0a17e34eebc6ee9fb08789db0b18b7e0d6ca7ea0b297efdc712f8951b4db55d15dffea33faa939d2daa42db6be61670e43f0412 WHIRLPOOL 78ced5c41dba502f93f92322516ac8774ff73ce236c7cf793f7e502822c8b0c288f2ed4360d89d2ff2bfaf969f6bd0cc12b28151eda0217197c60bf6a561d8cf
AUX openssl-1.0.1e-rdrand-explicit.patch 936 SHA256 0eb50c82edb24c0ff4b5b2e6c41e4d11e9288b33dca05dd2b5fd613c0bc5b815 SHA512 2b4744dcd200d42a90c7640e3b5d16fa215e042ed4ae675504c20788fdd591cc866313d65be4e72e8992961d2e46f1945b006f4449710e23660c1ef666f17fdd WHIRLPOOL 0257c7919dbb6e82c52d5cd6f3cf909fda64782a1025b1a4f964acb42bd00c0a11b009a9b968250afbd44ccd9578949bb6e73f04d6238514d1b84673602fde87
AUX openssl-1.0.1e-s_client-verify.patch 592 SHA256 6f540fce663eefbe68cee16ad7d8d561d6c898eeb4180c2f4a4caa7e43c6d0c9 SHA512 117b1017e1259667078d3ccdcd9fd46357c6f85cf2702794f49c612b37acdc044fe88f871dbe46fcad9ed4cd8aaaaee800dddb5286203322802efd7549a43b68 WHIRLPOOL 70a4cc36b1dcb24d7e9bcef016684fb2394977f7f20aa332ebd0aa15e3f4c16c74563d2fc0ba8d70669f6cc9a13bf8a30cdb28ebafe2d102cd2859a4e32c38d7
AUX openssl-1.0.1e-tls-ver-crash.patch 1210 SHA256 720ea2617ad5ba4ab8e16da3fd42858d2daf35a39377c649f408e13012a57e37 SHA512 c0a33d1e7d91d54b4dee2a9392cc1ca31b9038b168eeb471e58620c8e6bf2b86d6bdc6b83a96d47717bb703beee79261a73f607521d3f76d1bfa4563e2db0a3c WHIRLPOOL 758d6877bc6181c1dd354d6737a998e3bd77627789e6f184f1958836f084cbd64b4c6427410fa51f120b5d1b56dc4378180ef90d5b91992629f36917081eb5d1
AUX openssl-1.0.1f-perl-5.18.patch 7820 SHA256 e45c6856ef35b16e150282afa59432e783943e6aee62394f8a0e79ccd469fd84 SHA512 2fcda9f76968e8a193892170b2acc06b246c5a04bda2c501fa223231af0e4b2a38afd1adaf83cce4afd4210cdfd9cae8251aeb9510f24bcb50e7aeaa9fa09364 WHIRLPOOL 38768056d2bc4cd719c88038d201f765420a7d47b5dbd73b6d86347e59b4a1fc62f5f27d6c576fb73184fcfe26917446753d871db22aeac2a205f0bd18d2bbc3
AUX openssl-1.0.1f-revert-alpha-perl-generation.patch 3029 SHA256 3b4b3e40f70330219a139d8562ed5ebc171c5e7ebf1ab2b29e295ccf435fb6eb SHA512 77f45b12211cb790ae362bed9417590f87a1749d6300dde408f00590ed86e7b05d05909f0a2356e5c64711319d2f8759ad452eaccc0f64c7578916b31462251f WHIRLPOOL a2140b00e69b2dc74d290db0c2d12d3d5e5ca7452710c3f3b2fdde8a06aa0f398212bd263d9a37cfea3df407aa1d26a996b852183955ca5eb4e8c061ca8cb68c
AUX openssl-1.0.2-ipv6.patch 18892 SHA256 6b018d3ed7713300e3ccd3ed34e4e2e4503cb631857ca804d42e91ae03280ea4 SHA512 0558864345ab745a986b07bbd58b32886d68410332b918a6635db95c49b47b08527403bcedecb4711f9e36d2597f50ab09249cdc30fad05c39f9b8278ce79165 WHIRLPOOL 4e74f51adabc1e2b2ebb1d9cb0e63482cd70d8e52b489e586409c2e320726e0f8e6c28df647c0a13b2679c4e130d2022bbd781c69bc68b5dd2d6d1a9f38ba7ec
AUX openssl-1.0.2-parallel-build.patch 10639 SHA256 91ff46bb83bbe2367181b6562f2b28cb41649fbf34ef2b5576fb04f902ab48b0 SHA512 4fb496b8e1f098d50c31ee35a2074657786fec852504d8b4072409bd727d7f9774f398ef33c1149bb389dacedff6823dc9954e56f25ce0a45bc7cd0d5212bd4a WHIRLPOOL 5e95c5e4a00ed7d189c4e6687f90ac16b55a9454e5353fe651ccd47ab565f042ae5c122aa4fccb5c707cd0f46dcf20c8ea492560c5ff6d1c50ea1f6d42cd7e21
AUX openssl-1.0.2_beta1-perl-5.18.patch 9031 SHA256 05b0333dd324f0ffa7ef0e4289917996cdebf29d9ae569ab1fbd2f3bb998f00e SHA512 5b266db72dd134bf4af24f8f8bcd0b4aca593319e17ec998add1d846fbf92422d78c042a6dc17cf6baffeb2a9ec75ac1f80702a346ac1691ad706ab03300fdd3 WHIRLPOOL af16b5c40f9b387e93750ebc62b5303463158875a1c1307679698fff2fdd86e56db377a1b46afeaa7210d0c31f001fd5daaa6163ca7ed06cacd156e278612718
DIST openssl-0.9.8y.tar.gz 3785001 SHA256 bbecf13495e612936e3a9860c29c0701413564b7a964bf771a3575eaa867cee3 SHA512 cdc05067343d6b06a0d0278e90abcea9bf58439c98279ce0ce22673bf6f4a6597babcb276635c3b15cf04ec76cf53320236f5b6bbc46544a61280825f5b7b3cc WHIRLPOOL c8c9cb00f303c2d95a1d2000c74bb146fb069da9471093bf7a2c00db2a5955c2d63908b3314eb9cd12ea1e80c3bac143d3774bc27515f2ab03c5ef4d88b61612
DIST openssl-1.0.0j.tar.gz 4047852 SHA256 626fb8fcb3eb7e966edbe71553ff993d137f6e8a87b05051a3695e621098b8af SHA512 9796c75b4d5de57928708f5f0a8ca01aff5b4974b60006454657ed54c34998bc54d747af03860d319db7e7a57b0cd3c267758ffaac31be2be045c977d5fc33d4 WHIRLPOOL 239f051930d9562e7266edd69cf3a1060d381a95228fd17813dd2dbf469c2cf066786b277c2fd56973b830a6b43f28934f5f15d3b6dfac8f37a6e6a65fcae455
DIST openssl-1.0.1e.tar.gz 4459777 SHA256 f74f15e8c8ff11aa3d5bb5f276d202ec18d7246e95f961db76054199c69c1ae3 SHA512 c76857e439431b2ef6f2aa123997e53f82b9c3c964d4d765d7cc6c0c20b37a21adf578f9b759b2b65ae3925454c432a01b7de0cd320ece7181dc292e00d3244e WHIRLPOOL e85cca98d9525935977bab00a1309682c0571973a1472cdd75ea1c96a1b12d8b86d1b51a501bc24a6fdbf3257b047a569b5d24d6164a903af689b01d46a7e428
DIST openssl-1.0.1f.tar.gz 4509212 SHA256 6cc2a80b17d64de6b7bac985745fdaba971d54ffd7d38d3556f998d7c0c9cb5a SHA512 8a50892ce0c32707486e248b273631c38e9743371f28f96b635a9e61dac31919e5cf00690d0926c1f425c718cb56c4fe18a87c6e679e0543ad453e42f7a811ef WHIRLPOOL 4489061d7348a53ed23fd01fbaf36b701c5a17968a4811cf0289aa8604752b1e3b3f4ed53ac629db3948d58fab1d9e0efdae5f6cde39a78828dd8b220fdb3900
DIST openssl-1.0.2-beta1.tar.gz 4901640 SHA256 4dbb1812d8129c9f1d0444e8947666668844137a52b59722f3f847cff006cf9b SHA512 5e5c36fd05710052d3fc791d0bb52494533e817af5cb9f9d3604e67bbc459f22a4e64a901b38f14f3f949069bc6a9f79dee7ecdce7a362f8285ce9a9ea9e22a6 WHIRLPOOL d6a4b38c256aed2cad98d7e978a2ca61b215bdc1b7f5fdaf5759ebb211da3988f3bc403410f6ac68ca801d2b20b459e4a0d916db7eb6126e87b84d93d5433776
DIST openssl-c_rehash.sh.1.7 4167 SHA256 4999ee79892f52bd6a4a7baba9fac62262454d573bbffd72685d3aae9e48cee0 SHA512 55e8c2e827750a4f375cb83c86bfe2d166c01ffa5d7e9b16657b72b38b747c8985dd2c98f854c911dfbbee2ff3e92aff39fdf089d979b2e3534b7685ee8b80da WHIRLPOOL c88f06a3b8651f76b6289552cccceb64e13f6697c5f0ce3ff114c781ce1c218912b8ee308af9d087cd76a9600fdacda1953175bff07d7d3eb21b0c0b7f4f1ce1
EBUILD openssl-0.9.8y.ebuild 4424 SHA256 4250c4201a33cebac72954b5068a335d64ec03b03d4a9c787c90c453c23563f9 SHA512 cb59ccff8f59237b33de7db976201b260f5a28a841bcdf59245261a3d74f05c03fc5c4ff4c49e42c38f29533bfa80c6a753448ae9c3e47842223fe12d8f65fce WHIRLPOOL 5c8c490b9094ef6a1c93275dc39f97e61ae021d2cbbfce362f7deb92f844ced318254b1aa2197230dd42b5874602d5c1d43393547642907cf7c6e00244c05d33
EBUILD openssl-1.0.0j.ebuild 7035 SHA256 8b8cf5082b7eb04abc02fe452a006dad3b2460f65b016f1a1292af79bfef9980 SHA512 e4a4adfa8fda5d514e35f67e55ee50784ae785598b5889cb5d135bb5805b42c77e42246965cfbb4168bf0c6963961dc7e418f979d26574639e8b30730bb2ddea WHIRLPOOL ad2a6e1fcd89e528acce6c0d5a19bfcc82201776bbddb00154fb915792bde6458054d6352abdfa3e1fd17d2f1409de94f9ae6596c25b9e4d87e212901817da99
EBUILD openssl-1.0.1e-r1.ebuild 8051 SHA256 fc2279e7acad38d658e006d0b6f91a4754927e73266bf19b4e3af6c5b022769e SHA512 39d7f2f233329f2233e27a503fc3b8e1ddc26cb16d196842540bc5f1336272c85d5d2f33445829f68f0e6f7f5bf332bd18637b1ed21e7faa3082493de1ce66f5 WHIRLPOOL c39ea92f3addc5d1de5647be44db7dc88a68f2880633a3601036753792b38727bdd17f52bc3eb2ab8c7ce3f5edfa95a3f40a419cf58abb4bc9128ef1c63f9a80
EBUILD openssl-1.0.1e-r2.ebuild 8170 SHA256 364b19958f6426e429159dc6de1b59b955f382ad3e85d01235b9835ecee229de SHA512 1fef3a928f7874d868acfe6568fc090b41a288ce05002674d8feefa009b6ff4ad58d9f2db57f3aa45469cabd8fa179375d11b20794f5a0ef85ea7f218a409e66 WHIRLPOOL 28955035911b5867d4daef173de080915a77eee055682e6ac18655e97afca77bdfcfaecdeab4ce02cf97320e6059067eb612f505243d30b79e4b82ae5cb0420c
EBUILD openssl-1.0.1e-r3.ebuild 8276 SHA256 c1d6a6b365db046e8f46d56b09ce9c13351255b036bf4a76ab59772cc8a61a96 SHA512 f96d07e92fc9251cf0687922a76af5c535bdd7bc9ff9035dddc3b70030101dcd81e29d3ad3cb9e45b4981f69932eccabdfa3d83d7b4563f40f65018fb03d5a4c WHIRLPOOL 6e5b9ff9fc09508ec61375031b0bc01148e05ee74496676c86dc60ebc9c30e9391abb5392b5cd574b58bad57c0ce7b1750c26f0f4884ab90d95d55d15fd2d1d9
EBUILD openssl-1.0.1e.ebuild 7260 SHA256 12cdd7dd88ade561157275f48f1f029b3320a215f503b1ef50704875e98d5635 SHA512 655544f450d0b3306cbbb3e70237e234120386705019ddc03986455591cfa85bcadc4cdb72c0319d6a368e38164956ef1e9027b602d081dab096234b32105e15 WHIRLPOOL 9173764576e15d5351f140bb6d67e47a08f577a818c4d434c5c15d9dec321a512e6f4e7483fa5e5ebee66541313506f4745b4c636392bce7e21455ba7a3bad5e
EBUILD openssl-1.0.1f.ebuild 8181 SHA256 444e562daa1950bfbd9c76bb75922ed2ed6bba5fdc229c7b08cf80d370326e1e SHA512 34ebc04c3ea1efade80fa229c9a5e15bfd93c4462d893d410387948ab9760566cc9d84e6414dff96c6d970c85598bac024308e5e0799e0b3b312eefccb579649 WHIRLPOOL d931b949e9cd459eac7d4fb5f32a0c43a00d8083783a393dc4f845e2648f2ff5097a72db5ea450b1f6806336f128776df137af4887ff40d3c29a4b41b360a2ca
MISC ChangeLog 77738 SHA256 ec9b5e0f6b368b1fa2dfdba47c17fa3ef682882c144dc6994ee4c1d8286dd292 SHA512 f98b38834e94dacc6c0db25ac54e64497b3c2a47862a0121537d44935f36b1f4d6aaa2cf08c9aee6fa8a3dba152ad69ebcf5251423797333c945d25e4a2d2830 WHIRLPOOL a4041968d7c06cb2eeb3e0d92f15d6f306d877d39a5010073d591be3b2a5aefb7a0e37810f196085563bd39616d3192e81cabb1b408caf00d695159bdcbdb0a4
MISC metadata.xml 537 SHA256 dfb61bab6de1d7e943f92be14ed54fb9275d568a11d6ba29e395f23f547603ee SHA512 0417c438c7f9586c7bbe7694707fec94f2ecf6fb59e36bc87d707fab0b24346a6c9fac5e58c69302e767cd8a7e50a508cdb2430b2cdf8fcc88921286e09756e1 WHIRLPOOL 0f21bab1258c7ee675c27cb7d78a90985437dc8d001a232661657549cebd9f2f26802686435bdd3a1346c5a0ff14bfffa740d6ded2288dc211ad0183f5b3f686
EBUILD openssl-1.0.2_beta1.ebuild 8211 SHA256 1e879cd84aa8bf48d1b3c28f4d5bdb48dac5a31af83fca137a6c53b7495c327b SHA512 a8da2c4343321f0ed28142d29fbecda31b32eb0d38f4091c2376787847a2dfd450bd8f737c738205e8539bd1a0be7751fda80bbf73b4fbafdf4d1e1a31445e9c WHIRLPOOL 2caa79405f23ca11ff2944c31f6304abc4bce31698ed2d7e690975d6cc86cc0d2ccb878799f392e66926ad028f9fb6da8703c5a3dceb9e03b35434a295080809
MISC ChangeLog 78645 SHA256 220f5c975a020de3939b24b5cc37072ce51a3b5def6be74ac5c4a2bb252083bc SHA512 94be4cc0d063d88e82156067018887e5d98dc8280d63d38c028bd8bdd10e2e4f8626ae4a0469e780967c4bb255d73198f935f34a1508f2543114702ffaaefe7c WHIRLPOOL d22d2c117875a19fdeb69f5389ba41c589ee6a48bb4d23a18520568cc8c4d42b3fdb52f34f2e80c6eec5433db8b344447e9199bce684093c5ed7982c01856a54
MISC metadata.xml 562 SHA256 5c61e2a07ffdb4ba157e0add7f84ff74458c890092d5e6980fd936dfdb457c34 SHA512 f83769af7ffd223923b72a62db27cbc80ca31925b95b720845b6bedd2a9b52837f70f9da93ee43e272ceb3c8424a8c9f35a31ebd5274bc04c91cd63ace1af844 WHIRLPOOL d98f2af2cf3e13c09ad526a2fe06fe8ef02e1db20fd4e3843f1793a97c9ae6a2897308c84038a9a37d6d68fadc7af6d913b980f4f079dac36ea3860a33aca8c2
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (GNU/Linux)
iQIcBAEBCAAGBQJS5PimAAoJELp701BxlEWfKWoQAIf0aYS6Ok4lAz4Cbm+MwaEY
URqfYk8Em5aNtjMW72Vnns2a2X0jbaZSlQ9lCF64M5M5vA1gpkCmKdUV1fvtWlli
NtAaH2Rf3D9z2iAxMGkWpe10Lsq0GK0MOC5hosyX0HsCuqxvbUj6sH3Kqtku+Kfe
QIMymUOHNR17J5Bb4sdMTr/3DoTGRyWS8SGhKm//CeaGxKyJfbOew+RHiBG5t/GB
+OCRZAPfwzDBEJXFjNPkh5W/jV+b8o/N+CNFcybpinPqNa4Hlk6A5phSPdgKL94n
54/Ev3YVwAIUQ4D2Tl0zvIGZmid/bGzmLL+JiEkhPoyTFGj9pNHdH39ufOTMxXCK
2yK9Ew7BxmmlGVJZK8Z2yI3pJJJLYGQmLKu2VNN4p10o2NEYaj6varCS9B396+Kp
Zc76QtlqfTNa1wKQ6Ps3asi/aouwwro06tUp3yr1/WN9DNzV1SNFvP7JlC3INaoL
a3GwUIA8UJbz8uxh8ZHz60QA/stRL6N3oPcIGd+BzX58ahAvhUm8lnmZvBF9AtjE
MD641OT/js5Rkzx93mZYZdM4IEYT2UR4MqrqJ9Yk6AsBPd65/qVWMm9Vq9m09YsN
rSPcw0cvPbjXfT50l6S+QMOFfxA01i6xOLrDZCyAOU0XhxMR5lDhNRz2/fpkZoHW
5FtFH4wTTc7AgF91noZr
=H9rM
iQIcBAEBCAAGBQJTLdzJAAoJEPGu1DbS6WIAz4MP/1hoDdHzFt7eyMu9zlZQeN0f
AV7GmsJfeYEyIy3HAfD2jBKjwaTb7kcMZXIC0TrXL7MqGgApUEvWSiB777tk9bPv
qMDe12KT9FGHcl4Zm8RdUlMnZjVSxOeshbhSCfE5JZ7nyeOUEkNTpqZDKk7yf5pU
SnVG06aYitz/zX51O5EsonkfPvQlMUh6QD/+rHPbw2xmvpqkgP05oxkR6xONaquR
9RN/xE1OOQ2kdoTbaQFXHDdYZq/L3URv4katcaLX0zarwebECIH7oXaSayTQxcok
lxfWMunjuw2YENa8OmO2Zk8EpdOkAUquyfjYDH/Pzstkg6T1lNlQ20Z/P5OZ/SLL
lYimrocPBrkPGohxRnm5QgSF05CAiQQP2RjLdQ7BNDMYd+Ap0pUAxUNNZc5ussKQ
LXAIK7XzM4AYEB4WF7NvsWKmeTI0lJcVI63DeV2lQeIwTuqDvorkkHjDvJZbkcA+
0FaDhbEbYNvkw28zgq+1dekXppJVHEHScoKc6GvC3sGJK/B02AYX+1ukDaNlJj+H
UctWlzrz0sXEHqo2Xt3c5QOdd8eIURTzCoKCkzy+TeacLMFGSq8OMj8wKJcU55dj
ct5ylPcp+BHqpoQKobLo0Z8B954obwD2A8+AvT2X6gYNxiL1vQQ2kpca8hQNEWKx
ifQUus9PEVcSnwHdUqXU
=O3BA
-----END PGP SIGNATURE-----

35
sdk_container/src/third_party/portage-stable/dev-libs/openssl/files/openssl-1.0.1e-bad-mac-aes-ni.patch vendored
View File

@ -1,35 +0,0 @@
https://bugs.gentoo.org/463444
From 9ab3ce124616cb12bd39c6aa1e1bde0f46969b29 Mon Sep 17 00:00:00 2001
From: Andy Polyakov <appro@openssl.org>
Date: Mon, 18 Mar 2013 19:29:41 +0100
Subject: [PATCH] e_aes_cbc_hmac_sha1.c: fix rare bad record mac on AES-NI
plaforms.
PR: 3002
(cherry picked from commit 5c60046553716fcf160718f59160493194f212dc)
---
crypto/evp/e_aes_cbc_hmac_sha1.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/crypto/evp/e_aes_cbc_hmac_sha1.c b/crypto/evp/e_aes_cbc_hmac_sha1.c
index 483e04b..fb2c884 100644
--- a/crypto/evp/e_aes_cbc_hmac_sha1.c
+++ b/crypto/evp/e_aes_cbc_hmac_sha1.c
@@ -328,10 +328,11 @@ static int aesni_cbc_hmac_sha1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
if (res!=SHA_CBLOCK) continue;
- mask = 0-((inp_len+8-j)>>(sizeof(j)*8-1));
+ /* j is not incremented yet */
+ mask = 0-((inp_len+7-j)>>(sizeof(j)*8-1));
data->u[SHA_LBLOCK-1] |= bitlen&mask;
sha1_block_data_order(&key->md,data,1);
- mask &= 0-((j-inp_len-73)>>(sizeof(j)*8-1));
+ mask &= 0-((j-inp_len-72)>>(sizeof(j)*8-1));
pmac->u[0] |= key->md.h0 & mask;
pmac->u[1] |= key->md.h1 & mask;
pmac->u[2] |= key->md.h2 & mask;
--
1.8.2.1

28
sdk_container/src/third_party/portage-stable/dev-libs/openssl/files/openssl-1.0.1e-rdrand-explicit.patch vendored
View File

@ -1,28 +0,0 @@
https://chromium-review.googlesource.com/181001
From 8a1956f3eac8b164f8c741ff1a259008bab3bac1 Mon Sep 17 00:00:00 2001
From: "Dr. Stephen Henson" <steve@openssl.org>
Date: Wed, 11 Dec 2013 14:45:12 +0000
Subject: [PATCH] Don't use rdrand engine as default unless explicitly
requested. (cherry picked from commit
16898401bd47a153fbf799127ff57fdcfcbd324f)
---
crypto/engine/eng_rdrand.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/crypto/engine/eng_rdrand.c b/crypto/engine/eng_rdrand.c
index a9ba5ae..4e9e91d 100644
--- a/crypto/engine/eng_rdrand.c
+++ b/crypto/engine/eng_rdrand.c
@@ -104,6 +104,7 @@ static int bind_helper(ENGINE *e)
{
if (!ENGINE_set_id(e, engine_e_rdrand_id) ||
!ENGINE_set_name(e, engine_e_rdrand_name) ||
+ !ENGINE_set_flags(e, ENGINE_FLAGS_NO_REGISTER_ALL) ||
!ENGINE_set_init_function(e, rdrand_init) ||
!ENGINE_set_RAND(e, &rdrand_meth) )
return 0;
--
1.8.4.3

34
sdk_container/src/third_party/portage-stable/dev-libs/openssl/files/openssl-1.0.1e-tls-ver-crash.patch vendored
View File

@ -1,34 +0,0 @@
https://bugs.gentoo.org/494816
https://bugzilla.redhat.com/show_bug.cgi?id=1045363
http://rt.openssl.org/Ticket/Display.html?id=3200&user=guest&pass=guest
From ca989269a2876bae79393bd54c3e72d49975fc75 Mon Sep 17 00:00:00 2001
From: "Dr. Stephen Henson" <steve@openssl.org>
Date: Thu, 19 Dec 2013 14:37:39 +0000
Subject: [PATCH] Use version in SSL_METHOD not SSL structure.
When deciding whether to use TLS 1.2 PRF and record hash algorithms
use the version number in the corresponding SSL_METHOD structure
instead of the SSL structure. The SSL structure version is sometimes
inaccurate. Note: OpenSSL 1.0.2 and later effectively do this already.
(CVE-2013-6449)
---
ssl/s3_lib.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c
index bf832bb..c4ef273 100644
--- a/ssl/s3_lib.c
+++ b/ssl/s3_lib.c
@@ -4286,7 +4286,7 @@ need to go to SSL_ST_ACCEPT.
long ssl_get_algorithm2(SSL *s)
{
long alg2 = s->s3->tmp.new_cipher->algorithm2;
- if (TLS1_get_version(s) >= TLS1_2_VERSION &&
+ if (s->method->version == TLS1_2_VERSION &&
alg2 == (SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF))
return SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256;
return alg2;
--
1.8.4.3

659
sdk_container/src/third_party/portage-stable/dev-libs/openssl/files/openssl-1.0.2-ipv6.patch vendored Normal file
View File

@ -0,0 +1,659 @@
http://rt.openssl.org/Ticket/Display.html?id=2051
user/pass: guest/guest
Index: apps/s_apps.h
===================================================================
RCS file: /v/openssl/cvs/openssl/apps/s_apps.h,v
retrieving revision 1.21.2.1
diff -u -r1.21.2.1 s_apps.h
--- apps/s_apps.h 4 Sep 2009 17:42:04 -0000 1.21.2.1
+++ apps/s_apps.h 28 Dec 2011 00:28:14 -0000
@@ -148,7 +148,7 @@
#define PORT_STR "4433"
#define PROTOCOL "tcp"
-int do_server(int port, int type, int *ret, int (*cb) (char *hostname, int s, int stype, unsigned char *context), unsigned char *context, int naccept);
+int do_server(int port, int type, int *ret, int (*cb) (char *hostname, int s, int stype, unsigned char *context), unsigned char *context, int naccept, int use_ipv4, int use_ipv6);
#ifdef HEADER_X509_H
int MS_CALLBACK verify_callback(int ok, X509_STORE_CTX *ctx);
#endif
@@ -156,7 +156,7 @@
int ssl_print_curves(BIO *out, SSL *s, int noshared);
#endif
int ssl_print_tmp_key(BIO *out, SSL *s);
-int init_client(int *sock, char *server, int port, int type);
+int init_client(int *sock, char *server, int port, int type, int use_ipv4, int use_ipv6);
int should_retry(int i);
int extract_port(char *str, short *port_ptr);
int extract_host_port(char *str,char **host_ptr,unsigned char *ip,short *p);
Index: apps/s_client.c
===================================================================
RCS file: /v/openssl/cvs/openssl/apps/s_client.c,v
retrieving revision 1.123.2.6.2.10
diff -u -r1.123.2.6.2.10 s_client.c
--- apps/s_client.c 14 Dec 2011 22:18:02 -0000 1.123.2.6.2.10
+++ apps/s_client.c 28 Dec 2011 00:28:14 -0000
@@ -285,6 +285,10 @@
{
BIO_printf(bio_err,"usage: s_client args\n");
BIO_printf(bio_err,"\n");
+ BIO_printf(bio_err," -4 - use IPv4 only\n");
+#if OPENSSL_USE_IPV6
+ BIO_printf(bio_err," -6 - use IPv6 only\n");
+#endif
BIO_printf(bio_err," -host host - use -connect instead\n");
BIO_printf(bio_err," -port port - use -connect instead\n");
BIO_printf(bio_err," -connect host:port - who to connect to (default is %s:%s)\n",SSL_HOST_NAME,PORT_STR);
@@ -564,6 +567,7 @@
int sbuf_len,sbuf_off;
fd_set readfds,writefds;
short port=PORT;
+ int use_ipv4, use_ipv6;
int full_log=1;
char *host=SSL_HOST_NAME;
char *cert_file=NULL,*key_file=NULL;
@@ -609,7 +613,11 @@
#endif
char *sess_in = NULL;
char *sess_out = NULL;
- struct sockaddr peer;
+#if OPENSSL_USE_IPV6
+ struct sockaddr_storage peer;
+#else
+ struct sockaddr_in peer;
+#endif
int peerlen = sizeof(peer);
int enable_timeouts = 0 ;
long socket_mtu = 0;
@@ -630,6 +638,12 @@
meth=SSLv2_client_method();
#endif
+ use_ipv4 = 1;
+#if OPENSSL_USE_IPV6
+ use_ipv6 = 1;
+#else
+ use_ipv6 = 0;
+#endif
apps_startup();
c_Pause=0;
c_quiet=0;
@@ -951,6 +961,18 @@
jpake_secret = *++argv;
}
#endif
+ else if (strcmp(*argv,"-4") == 0)
+ {
+ use_ipv4 = 1;
+ use_ipv6 = 0;
+ }
+#if OPENSSL_USE_IPV6
+ else if (strcmp(*argv,"-6") == 0)
+ {
+ use_ipv4 = 0;
+ use_ipv6 = 1;
+ }
+#endif
else if (strcmp(*argv,"-use_srtp") == 0)
{
if (--argc < 1) goto bad;
@@ -1259,7 +1276,7 @@
re_start:
- if (init_client(&s,host,port,socket_type) == 0)
+ if (init_client(&s,host,port,socket_type,use_ipv4,use_ipv6) == 0)
{
BIO_printf(bio_err,"connect:errno=%d\n",get_last_socket_error());
SHUTDOWN(s);
@@ -1285,7 +1302,7 @@
{
sbio=BIO_new_dgram(s,BIO_NOCLOSE);
- if (getsockname(s, &peer, (void *)&peerlen) < 0)
+ if (getsockname(s, (struct sockaddr *)&peer, (void *)&peerlen) < 0)
{
BIO_printf(bio_err, "getsockname:errno=%d\n",
get_last_socket_error());
===================================================================
RCS file: /v/openssl/cvs/openssl/apps/s_server.c,v
retrieving revision 1.136.2.15.2.13
diff -u -r1.136.2.15.2.13 s_server.c
--- apps/s_server.c 27 Dec 2011 14:23:22 -0000 1.136.2.15.2.13
+++ apps/s_server.c 28 Dec 2011 00:28:14 -0000
@@ -558,6 +558,10 @@
# endif
BIO_printf(bio_err," -use_srtp profiles - Offer SRTP key management with a colon-separated profile list");
#endif
+ BIO_printf(bio_err," -4 - use IPv4 only\n");
+#if OPENSSL_USE_IPV6
+ BIO_printf(bio_err," -6 - use IPv6 only\n");
+#endif
BIO_printf(bio_err," -keymatexport label - Export keying material using label\n");
BIO_printf(bio_err," -keymatexportlen len - Export len bytes of keying material (default 20)\n");
}
@@ -943,6 +947,7 @@
int state=0;
const SSL_METHOD *meth=NULL;
int socket_type=SOCK_STREAM;
+ int use_ipv4, use_ipv6;
ENGINE *e=NULL;
char *inrand=NULL;
int s_cert_format = FORMAT_PEM, s_key_format = FORMAT_PEM;
@@ -981,6 +986,12 @@
/* #error no SSL version enabled */
#endif
+ use_ipv4 = 1;
+#if OPENSSL_USE_IPV6
+ use_ipv6 = 1;
+#else
+ use_ipv6 = 0;
+#endif
local_argc=argc;
local_argv=argv;
@@ -1329,6 +1340,18 @@
jpake_secret = *(++argv);
}
#endif
+ else if (strcmp(*argv,"-4") == 0)
+ {
+ use_ipv4 = 1;
+ use_ipv6 = 0;
+ }
+#if OPENSSL_USE_IPV6
+ else if (strcmp(*argv,"-6") == 0)
+ {
+ use_ipv4 = 0;
+ use_ipv6 = 1;
+ }
+#endif
else if (strcmp(*argv,"-use_srtp") == 0)
{
if (--argc < 1) goto bad;
@@ -2104,11 +2104,11 @@ bad:
BIO_printf(bio_s_out,"ACCEPT\n");
(void)BIO_flush(bio_s_out);
if (rev)
- do_server(port,socket_type,&accept_socket,rev_body, context, naccept);
+ do_server(port,socket_type,&accept_socket,rev_body, context, naccept, use_ipv4, use_ipv6);
else if (www)
- do_server(port,socket_type,&accept_socket,www_body, context, naccept);
+ do_server(port,socket_type,&accept_socket,www_body, context, naccept, use_ipv4, use_ipv6);
else
- do_server(port,socket_type,&accept_socket,sv_body, context, naccept);
+ do_server(port,socket_type,&accept_socket,sv_body, context, naccept, use_ipv4, use_ipv6);
print_stats(bio_s_out,ctx);
ret=0;
end:
Index: apps/s_socket.c
===================================================================
RCS file: /v/openssl/cvs/openssl/apps/s_socket.c,v
retrieving revision 1.43.2.3.2.2
diff -u -r1.43.2.3.2.2 s_socket.c
--- apps/s_socket.c 2 Dec 2011 14:39:40 -0000 1.43.2.3.2.2
+++ apps/s_socket.c 28 Dec 2011 00:28:14 -0000
@@ -97,16 +97,16 @@
#include "netdb.h"
#endif
-static struct hostent *GetHostByName(char *name);
+static struct hostent *GetHostByName(char *name, int domain);
#if defined(OPENSSL_SYS_WINDOWS) || (defined(OPENSSL_SYS_NETWARE) && !defined(NETWARE_BSDSOCK))
static void ssl_sock_cleanup(void);
#endif
static int ssl_sock_init(void);
-static int init_client_ip(int *sock,unsigned char ip[4], int port, int type);
-static int init_server(int *sock, int port, int type);
-static int init_server_long(int *sock, int port,char *ip, int type);
+static int init_client_ip(int *sock,unsigned char *ip, int port, int type, int domain);
+static int init_server(int *sock, int port, int type, int use_ipv4, int use_ipv6);
+static int init_server_long(int *sock, int port,char *ip, int type, int use_ipv4, int use_ipv6);
static int do_accept(int acc_sock, int *sock, char **host);
-static int host_ip(char *str, unsigned char ip[4]);
+static int host_ip(char *str, unsigned char *ip, int domain);
#ifdef OPENSSL_SYS_WIN16
#define SOCKET_PROTOCOL 0 /* more microsoft stupidity */
@@ -234,38 +234,68 @@
return(1);
}
-int init_client(int *sock, char *host, int port, int type)
+int init_client(int *sock, char *host, int port, int type, int use_ipv4, int use_ipv6)
{
+#if OPENSSL_USE_IPV6
+ unsigned char ip[16];
+#else
unsigned char ip[4];
+#endif
- memset(ip, '\0', sizeof ip);
- if (!host_ip(host,&(ip[0])))
- return 0;
- return init_client_ip(sock,ip,port,type);
- }
-
-static int init_client_ip(int *sock, unsigned char ip[4], int port, int type)
- {
- unsigned long addr;
+ if (use_ipv4)
+ if (host_ip(host,ip,AF_INET))
+ return(init_client_ip(sock,ip,port,type,AF_INET));
+#if OPENSSL_USE_IPV6
+ if (use_ipv6)
+ if (host_ip(host,ip,AF_INET6))
+ return(init_client_ip(sock,ip,port,type,AF_INET6));
+#endif
+ return 0;
+ }
+
+static int init_client_ip(int *sock, unsigned char ip[4], int port, int type, int domain)
+ {
+#if OPENSSL_USE_IPV6
+ struct sockaddr_storage them;
+ struct sockaddr_in *them_in = (struct sockaddr_in *)&them;
+ struct sockaddr_in6 *them_in6 = (struct sockaddr_in6 *)&them;
+#else
struct sockaddr_in them;
+ struct sockaddr_in *them_in = &them;
+#endif
+ socklen_t addr_len;
int s,i;
if (!ssl_sock_init()) return(0);
memset((char *)&them,0,sizeof(them));
- them.sin_family=AF_INET;
- them.sin_port=htons((unsigned short)port);
- addr=(unsigned long)
- ((unsigned long)ip[0]<<24L)|
- ((unsigned long)ip[1]<<16L)|
- ((unsigned long)ip[2]<< 8L)|
- ((unsigned long)ip[3]);
- them.sin_addr.s_addr=htonl(addr);
+ if (domain == AF_INET)
+ {
+ addr_len = (socklen_t)sizeof(struct sockaddr_in);
+ them_in->sin_family=AF_INET;
+ them_in->sin_port=htons((unsigned short)port);
+#ifndef BIT_FIELD_LIMITS
+ memcpy(&them_in->sin_addr.s_addr, ip, 4);
+#else
+ memcpy(&them_in->sin_addr, ip, 4);
+#endif
+ }
+ else
+#if OPENSSL_USE_IPV6
+ {
+ addr_len = (socklen_t)sizeof(struct sockaddr_in6);
+ them_in6->sin6_family=AF_INET6;
+ them_in6->sin6_port=htons((unsigned short)port);
+ memcpy(&(them_in6->sin6_addr), ip, sizeof(struct in6_addr));
+ }
+#else
+ return(0);
+#endif
if (type == SOCK_STREAM)
- s=socket(AF_INET,SOCK_STREAM,SOCKET_PROTOCOL);
+ s=socket(domain,SOCK_STREAM,SOCKET_PROTOCOL);
else /* ( type == SOCK_DGRAM) */
- s=socket(AF_INET,SOCK_DGRAM,IPPROTO_UDP);
+ s=socket(domain,SOCK_DGRAM,IPPROTO_UDP);
if (s == INVALID_SOCKET) { perror("socket"); return(0); }
@@ -277,29 +315,27 @@
if (i < 0) { perror("keepalive"); return(0); }
}
#endif
-
- if (connect(s,(struct sockaddr *)&them,sizeof(them)) == -1)
+ if (connect(s,(struct sockaddr *)&them,addr_len) == -1)
{ closesocket(s); perror("connect"); return(0); }
*sock=s;
return(1);
}
-int do_server(int port, int type, int *ret, int (*cb)(char *hostname, int s, int stype, unsigned char *context), unsigned char *context, int naccept)
+int do_server(int port, int type, int *ret, int (*cb)(char *hostname, int s, int stype, unsigned char *context), unsigned char *context, int naccept, int use_ipv4, int use_ipv6)
{
int sock;
char *name = NULL;
int accept_socket = 0;
int i;
- if (!init_server(&accept_socket,port,type)) return(0);
-
+ if (!init_server(&accept_socket,port,type, use_ipv4, use_ipv6)) return(0);
if (ret != NULL)
{
*ret=accept_socket;
/* return(1);*/
}
- for (;;)
- {
+ for (;;)
+ {
if (type==SOCK_STREAM)
{
if (do_accept(accept_socket,&sock,&name) == 0)
@@ -322,41 +358,88 @@
}
}
-static int init_server_long(int *sock, int port, char *ip, int type)
+static int init_server_long(int *sock, int port, char *ip, int type, int use_ipv4, int use_ipv6)
{
int ret=0;
+ int domain;
+#if OPENSSL_USE_IPV6
+ struct sockaddr_storage server;
+ struct sockaddr_in *server_in = (struct sockaddr_in *)&server;
+ struct sockaddr_in6 *server_in6 = (struct sockaddr_in6 *)&server;
+#else
struct sockaddr_in server;
+ struct sockaddr_in *server_in = &server;
+#endif
+ socklen_t addr_len;
int s= -1;
+ if (!use_ipv4 && !use_ipv6)
+ goto err;
+#if OPENSSL_USE_IPV6
+ /* we are fine here */
+#else
+ if (use_ipv6)
+ goto err;
+#endif
if (!ssl_sock_init()) return(0);
- memset((char *)&server,0,sizeof(server));
- server.sin_family=AF_INET;
- server.sin_port=htons((unsigned short)port);
- if (ip == NULL)
- server.sin_addr.s_addr=INADDR_ANY;
- else
-/* Added for T3E, address-of fails on bit field (beckman@acl.lanl.gov) */
-#ifndef BIT_FIELD_LIMITS
- memcpy(&server.sin_addr.s_addr,ip,4);
+#if OPENSSL_USE_IPV6
+ domain = use_ipv6 ? AF_INET6 : AF_INET;
#else
- memcpy(&server.sin_addr,ip,4);
+ domain = AF_INET;
#endif
-
- if (type == SOCK_STREAM)
- s=socket(AF_INET,SOCK_STREAM,SOCKET_PROTOCOL);
- else /* type == SOCK_DGRAM */
- s=socket(AF_INET, SOCK_DGRAM,IPPROTO_UDP);
+ if (type == SOCK_STREAM)
+ s=socket(domain,SOCK_STREAM,SOCKET_PROTOCOL);
+ else /* type == SOCK_DGRAM */
+ s=socket(domain, SOCK_DGRAM,IPPROTO_UDP);
if (s == INVALID_SOCKET) goto err;
#if defined SOL_SOCKET && defined SO_REUSEADDR
+ {
+ int j = 1;
+ setsockopt(s, SOL_SOCKET, SO_REUSEADDR,
+ (void *) &j, sizeof j);
+ }
+#endif
+#if OPENSSL_USE_IPV6
+ if ((use_ipv4 == 0) && (use_ipv6 == 1))
{
- int j = 1;
- setsockopt(s, SOL_SOCKET, SO_REUSEADDR,
- (void *) &j, sizeof j);
+ const int on = 1;
+
+ setsockopt(s, IPPROTO_IPV6, IPV6_V6ONLY,
+ (const void *) &on, sizeof(int));
}
#endif
- if (bind(s,(struct sockaddr *)&server,sizeof(server)) == -1)
+ if (domain == AF_INET)
+ {
+ addr_len = (socklen_t)sizeof(struct sockaddr_in);
+ memset(server_in, 0, sizeof(struct sockaddr_in));
+ server_in->sin_family=AF_INET;
+ server_in->sin_port = htons((unsigned short)port);
+ if (ip == NULL)
+ server_in->sin_addr.s_addr = htonl(INADDR_ANY);
+ else
+/* Added for T3E, address-of fails on bit field (beckman@acl.lanl.gov) */
+#ifndef BIT_FIELD_LIMITS
+ memcpy(&server_in->sin_addr.s_addr, ip, 4);
+#else
+ memcpy(&server_in->sin_addr, ip, 4);
+#endif
+ }
+#if OPENSSL_USE_IPV6
+ else
+ {
+ addr_len = (socklen_t)sizeof(struct sockaddr_in6);
+ memset(server_in6, 0, sizeof(struct sockaddr_in6));
+ server_in6->sin6_family = AF_INET6;
+ server_in6->sin6_port = htons((unsigned short)port);
+ if (ip == NULL)
+ server_in6->sin6_addr = in6addr_any;
+ else
+ memcpy(&server_in6->sin6_addr, ip, sizeof(struct in6_addr));
+ }
+#endif
+ if (bind(s, (struct sockaddr *)&server, addr_len) == -1)
{
#ifndef OPENSSL_SYS_WINDOWS
perror("bind");
@@ -375,16 +458,23 @@
return(ret);
}
-static int init_server(int *sock, int port, int type)
+static int init_server(int *sock, int port, int type, int use_ipv4, int use_ipv6)
{
- return(init_server_long(sock, port, NULL, type));
+ return(init_server_long(sock, port, NULL, type, use_ipv4, use_ipv6));
}
static int do_accept(int acc_sock, int *sock, char **host)
{
int ret;
struct hostent *h1,*h2;
- static struct sockaddr_in from;
+#if OPENSSL_USE_IPV6
+ struct sockaddr_storage from;
+ struct sockaddr_in *from_in = (struct sockaddr_in *)&from;
+ struct sockaddr_in6 *from_in6 = (struct sockaddr_in6 *)&from;
+#else
+ struct sockaddr_in from;
+ struct sockaddr_in *from_in = &from;
+#endif
int len;
/* struct linger ling; */
@@ -431,13 +521,23 @@
*/
if (host == NULL) goto end;
+#if OPENSSL_USE_IPV6
+ if (from.ss_family == AF_INET)
+#else
+ if (from.sin_family == AF_INET)
+#endif
#ifndef BIT_FIELD_LIMITS
- /* I should use WSAAsyncGetHostByName() under windows */
- h1=gethostbyaddr((char *)&from.sin_addr.s_addr,
- sizeof(from.sin_addr.s_addr),AF_INET);
+ /* I should use WSAAsyncGetHostByName() under windows */
+ h1=gethostbyaddr((char *)&from_in->sin_addr.s_addr,
+ sizeof(from_in->sin_addr.s_addr), AF_INET);
#else
- h1=gethostbyaddr((char *)&from.sin_addr,
- sizeof(struct in_addr),AF_INET);
+ h1=gethostbyaddr((char *)&from_in->sin_addr,
+ sizeof(struct in_addr), AF_INET);
+#endif
+#if OPENSSL_USE_IPV6
+ else
+ h1=gethostbyaddr((char *)&from_in6->sin6_addr,
+ sizeof(struct in6_addr), AF_INET6);
#endif
if (h1 == NULL)
{
@@ -454,15 +554,23 @@
}
BUF_strlcpy(*host,h1->h_name,strlen(h1->h_name)+1);
- h2=GetHostByName(*host);
+#if OPENSSL_USE_IPV6
+ h2=GetHostByName(*host, from.ss_family);
+#else
+ h2=GetHostByName(*host, from.sin_family);
+#endif
if (h2 == NULL)
{
BIO_printf(bio_err,"gethostbyname failure\n");
return(0);
}
- if (h2->h_addrtype != AF_INET)
+#if OPENSSL_USE_IPV6
+ if (h2->h_addrtype != from.ss_family)
+#else
+ if (h2->h_addrtype != from.sin_family)
+#endif
{
- BIO_printf(bio_err,"gethostbyname addr is not AF_INET\n");
+ BIO_printf(bio_err,"gethostbyname addr address is not correct\n");
return(0);
}
}
@@ -477,7 +585,7 @@
char *h,*p;
h=str;
- p=strchr(str,':');
+ p=strrchr(str,':');
if (p == NULL)
{
BIO_printf(bio_err,"no port defined\n");
@@ -485,7 +593,7 @@
}
*(p++)='\0';
- if ((ip != NULL) && !host_ip(str,ip))
+ if ((ip != NULL) && !host_ip(str,ip,AF_INET))
goto err;
if (host_ptr != NULL) *host_ptr=h;
@@ -496,48 +604,58 @@
return(0);
}
-static int host_ip(char *str, unsigned char ip[4])
+static int host_ip(char *str, unsigned char *ip, int domain)
{
- unsigned int in[4];
+ unsigned int in[4];
+ unsigned long l;
int i;
- if (sscanf(str,"%u.%u.%u.%u",&(in[0]),&(in[1]),&(in[2]),&(in[3])) == 4)
+ if ((domain == AF_INET) &&
+ (sscanf(str,"%u.%u.%u.%u",&(in[0]),&(in[1]),&(in[2]),&(in[3])) == 4))
{
+
for (i=0; i<4; i++)
if (in[i] > 255)
{
BIO_printf(bio_err,"invalid IP address\n");
goto err;
}
- ip[0]=in[0];
- ip[1]=in[1];
- ip[2]=in[2];
- ip[3]=in[3];
- }
+ l=htonl((in[0]<<24L)|(in[1]<<16L)|(in[2]<<8L)|in[3]);
+ memcpy(ip, &l, 4);
+ return 1;
+ }
+#if OPENSSL_USE_IPV6
+ else if ((domain == AF_INET6) &&
+ (inet_pton(AF_INET6, str, ip) == 1))
+ return 1;
+#endif
else
{ /* do a gethostbyname */
struct hostent *he;
if (!ssl_sock_init()) return(0);
- he=GetHostByName(str);
+ he=GetHostByName(str,domain);
if (he == NULL)
{
BIO_printf(bio_err,"gethostbyname failure\n");
goto err;
}
/* cast to short because of win16 winsock definition */
- if ((short)he->h_addrtype != AF_INET)
+ if ((short)he->h_addrtype != domain)
{
- BIO_printf(bio_err,"gethostbyname addr is not AF_INET\n");
+ BIO_printf(bio_err,"gethostbyname addr family is not correct\n");
return(0);
}
- ip[0]=he->h_addr_list[0][0];
- ip[1]=he->h_addr_list[0][1];
- ip[2]=he->h_addr_list[0][2];
- ip[3]=he->h_addr_list[0][3];
+ if (domain == AF_INET)
+ memset(ip, 0, 4);
+#if OPENSSL_USE_IPV6
+ else
+ memset(ip, 0, 16);
+#endif
+ memcpy(ip, he->h_addr_list[0], he->h_length);
+ return 1;
}
- return(1);
err:
return(0);
}
@@ -574,7 +692,7 @@
static unsigned long ghbn_hits=0L;
static unsigned long ghbn_miss=0L;
-static struct hostent *GetHostByName(char *name)
+static struct hostent *GetHostByName(char *name, int domain)
{
struct hostent *ret;
int i,lowi=0;
@@ -589,14 +707,20 @@
}
if (ghbn_cache[i].order > 0)
{
- if (strncmp(name,ghbn_cache[i].name,128) == 0)
+ if ((strncmp(name,ghbn_cache[i].name,128) == 0) &&
+ (ghbn_cache[i].ent.h_addrtype == domain))
break;
}
}
if (i == GHBN_NUM) /* no hit*/
{
ghbn_miss++;
- ret=gethostbyname(name);
+ if (domain == AF_INET)
+ ret=gethostbyname(name);
+#if OPENSSL_USE_IPV6
+ else
+ ret=gethostbyname2(name, AF_INET6);
+#endif
if (ret == NULL) return(NULL);
/* else add to cache */
if(strlen(name) < sizeof ghbn_cache[0].name)

354
sdk_container/src/third_party/portage-stable/dev-libs/openssl/files/openssl-1.0.2-parallel-build.patch vendored Normal file
View File

@ -0,0 +1,354 @@
http://rt.openssl.org/Ticket/Display.html?id=2084
--- a/Makefile.org
+++ b/Makefile.org
@@ -247,17 +247,17 @@
build_libs: build_crypto build_ssl build_engines
build_crypto:
- @dir=crypto; target=all; $(BUILD_ONE_CMD)
+ +@dir=crypto; target=all; $(BUILD_ONE_CMD)
-build_ssl:
+build_ssl: build_crypto
- @dir=ssl; target=all; $(BUILD_ONE_CMD)
+ +@dir=ssl; target=all; $(BUILD_ONE_CMD)
-build_engines:
+build_engines: build_crypto
- @dir=engines; target=all; $(BUILD_ONE_CMD)
+ +@dir=engines; target=all; $(BUILD_ONE_CMD)
-build_apps:
+build_apps: build_libs
- @dir=apps; target=all; $(BUILD_ONE_CMD)
+ +@dir=apps; target=all; $(BUILD_ONE_CMD)
-build_tests:
+build_tests: build_libs
- @dir=test; target=all; $(BUILD_ONE_CMD)
+ +@dir=test; target=all; $(BUILD_ONE_CMD)
-build_tools:
+build_tools: build_libs
- @dir=tools; target=all; $(BUILD_ONE_CMD)
+ +@dir=tools; target=all; $(BUILD_ONE_CMD)
all_testapps: build_libs build_testapps
build_testapps:
@@ -497,9 +497,9 @@
dist_pem_h:
(cd crypto/pem; $(MAKE) -e $(BUILDENV) pem.h; $(MAKE) clean)
-install: all install_docs install_sw
+install: install_docs install_sw
-install_sw:
+install_dirs:
@$(PERL) $(TOP)/util/mkdir-p.pl $(INSTALL_PREFIX)$(INSTALLTOP)/bin \
$(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR) \
$(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines \
@@ -508,6 +508,13 @@
$(INSTALL_PREFIX)$(OPENSSLDIR)/misc \
$(INSTALL_PREFIX)$(OPENSSLDIR)/certs \
$(INSTALL_PREFIX)$(OPENSSLDIR)/private
+ @$(PERL) $(TOP)/util/mkdir-p.pl \
+ $(INSTALL_PREFIX)$(MANDIR)/man1 \
+ $(INSTALL_PREFIX)$(MANDIR)/man3 \
+ $(INSTALL_PREFIX)$(MANDIR)/man5 \
+ $(INSTALL_PREFIX)$(MANDIR)/man7
+
+install_sw: install_dirs
@set -e; headerlist="$(EXHEADER)"; for i in $$headerlist;\
do \
(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
@@ -511,7 +511,7 @@
(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
done;
- @set -e; target=install; $(RECURSIVE_BUILD_CMD)
+ +@set -e; target=install; $(RECURSIVE_BUILD_CMD)
@set -e; liblist="$(LIBS)"; for i in $$liblist ;\
do \
if [ -f "$$i" ]; then \
@@ -593,12 +600,7 @@
done; \
done
-install_docs:
- @$(PERL) $(TOP)/util/mkdir-p.pl \
- $(INSTALL_PREFIX)$(MANDIR)/man1 \
- $(INSTALL_PREFIX)$(MANDIR)/man3 \
- $(INSTALL_PREFIX)$(MANDIR)/man5 \
- $(INSTALL_PREFIX)$(MANDIR)/man7
+install_docs: install_dirs
@pod2man="`cd ./util; ./pod2mantest $(PERL)`"; \
here="`pwd`"; \
filecase=; \
--- a/Makefile.shared
+++ b/Makefile.shared
@@ -105,6 +105,7 @@ LINK_SO= \
SHAREDFLAGS="$${SHAREDFLAGS:-$(CFLAGS) $(SHARED_LDFLAGS)}"; \
LIBPATH=`for x in $$LIBDEPS; do echo $$x; done | sed -e 's/^ *-L//;t' -e d | uniq`; \
LIBPATH=`echo $$LIBPATH | sed -e 's/ /:/g'`; \
+ [ -e $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX ] && exit 0; \
LD_LIBRARY_PATH=$$LIBPATH:$$LD_LIBRARY_PATH \
$${SHAREDCMD} $${SHAREDFLAGS} \
-o $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX \
@@ -122,6 +124,7 @@ SYMLINK_SO= \
done; \
fi; \
if [ -n "$$SHLIB_SOVER" ]; then \
+ [ -e "$$SHLIB$$SHLIB_SUFFIX" ] || \
( $(SET_X); rm -f $$SHLIB$$SHLIB_SUFFIX; \
ln -s $$prev $$SHLIB$$SHLIB_SUFFIX ); \
fi; \
--- a/crypto/Makefile
+++ b/crypto/Makefile
@@ -85,11 +85,11 @@
@if [ -z "$(THIS)" ]; then $(MAKE) -f $(TOP)/Makefile reflect THIS=$@; fi
subdirs:
- @target=all; $(RECURSIVE_MAKE)
+ +@target=all; $(RECURSIVE_MAKE)
files:
$(PERL) $(TOP)/util/files.pl "CPUID_OBJ=$(CPUID_OBJ)" Makefile >> $(TOP)/MINFO
- @target=files; $(RECURSIVE_MAKE)
+ +@target=files; $(RECURSIVE_MAKE)
links:
@$(PERL) $(TOP)/util/mklink.pl ../include/openssl $(EXHEADER)
@@ -100,7 +100,7 @@
# lib: $(LIB): are splitted to avoid end-less loop
lib: $(LIB)
@touch lib
-$(LIB): $(LIBOBJ)
+$(LIB): $(LIBOBJ) | subdirs
$(AR) $(LIB) $(LIBOBJ)
$(RANLIB) $(LIB) || echo Never mind.
@@ -110,7 +110,7 @@
fi
libs:
- @target=lib; $(RECURSIVE_MAKE)
+ +@target=lib; $(RECURSIVE_MAKE)
install:
@[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
@@ -119,7 +119,7 @@
(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
done;
- @target=install; $(RECURSIVE_MAKE)
+ +@target=install; $(RECURSIVE_MAKE)
lint:
@target=lint; $(RECURSIVE_MAKE)
--- a/engines/Makefile
+++ b/engines/Makefile
@@ -72,7 +72,7 @@
all: lib subdirs
-lib: $(LIBOBJ)
+lib: $(LIBOBJ) | subdirs
@if [ -n "$(SHARED_LIBS)" ]; then \
set -e; \
for l in $(LIBNAMES); do \
@@ -89,7 +89,7 @@
subdirs:
echo $(EDIRS)
- @target=all; $(RECURSIVE_MAKE)
+ +@target=all; $(RECURSIVE_MAKE)
files:
$(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
@@ -128,7 +128,7 @@
mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx ); \
done; \
fi
- @target=install; $(RECURSIVE_MAKE)
+ +@target=install; $(RECURSIVE_MAKE)
tags:
ctags $(SRC)
--- a/test/Makefile
+++ b/test/Makefile
@@ -123,7 +123,7 @@
tags:
ctags $(SRC)
-tests: exe apps $(TESTS)
+tests: exe $(TESTS)
apps:
@(cd ..; $(MAKE) DIRS=apps all)
@@ -365,109 +365,109 @@
link_app.$${shlib_target}
$(RSATEST)$(EXE_EXT): $(RSATEST).o $(DLIBCRYPTO)
- @target=$(RSATEST); $(BUILD_CMD)
+ +@target=$(RSATEST); $(BUILD_CMD)
$(BNTEST)$(EXE_EXT): $(BNTEST).o $(DLIBCRYPTO)
- @target=$(BNTEST); $(BUILD_CMD)
+ +@target=$(BNTEST); $(BUILD_CMD)
$(ECTEST)$(EXE_EXT): $(ECTEST).o $(DLIBCRYPTO)
- @target=$(ECTEST); $(BUILD_CMD)
+ +@target=$(ECTEST); $(BUILD_CMD)
$(EXPTEST)$(EXE_EXT): $(EXPTEST).o $(DLIBCRYPTO)
- @target=$(EXPTEST); $(BUILD_CMD)
+ +@target=$(EXPTEST); $(BUILD_CMD)
$(IDEATEST)$(EXE_EXT): $(IDEATEST).o $(DLIBCRYPTO)
- @target=$(IDEATEST); $(BUILD_CMD)
+ +@target=$(IDEATEST); $(BUILD_CMD)
$(MD2TEST)$(EXE_EXT): $(MD2TEST).o $(DLIBCRYPTO)
- @target=$(MD2TEST); $(BUILD_CMD)
+ +@target=$(MD2TEST); $(BUILD_CMD)
$(SHATEST)$(EXE_EXT): $(SHATEST).o $(DLIBCRYPTO)
- @target=$(SHATEST); $(BUILD_CMD)
+ +@target=$(SHATEST); $(BUILD_CMD)
$(SHA1TEST)$(EXE_EXT): $(SHA1TEST).o $(DLIBCRYPTO)
- @target=$(SHA1TEST); $(BUILD_CMD)
+ +@target=$(SHA1TEST); $(BUILD_CMD)
$(SHA256TEST)$(EXE_EXT): $(SHA256TEST).o $(DLIBCRYPTO)
- @target=$(SHA256TEST); $(BUILD_CMD)
+ +@target=$(SHA256TEST); $(BUILD_CMD)
$(SHA512TEST)$(EXE_EXT): $(SHA512TEST).o $(DLIBCRYPTO)
- @target=$(SHA512TEST); $(BUILD_CMD)
+ +@target=$(SHA512TEST); $(BUILD_CMD)
$(RMDTEST)$(EXE_EXT): $(RMDTEST).o $(DLIBCRYPTO)
- @target=$(RMDTEST); $(BUILD_CMD)
+ +@target=$(RMDTEST); $(BUILD_CMD)
$(MDC2TEST)$(EXE_EXT): $(MDC2TEST).o $(DLIBCRYPTO)
- @target=$(MDC2TEST); $(BUILD_CMD)
+ +@target=$(MDC2TEST); $(BUILD_CMD)
$(MD4TEST)$(EXE_EXT): $(MD4TEST).o $(DLIBCRYPTO)
- @target=$(MD4TEST); $(BUILD_CMD)
+ +@target=$(MD4TEST); $(BUILD_CMD)
$(MD5TEST)$(EXE_EXT): $(MD5TEST).o $(DLIBCRYPTO)
- @target=$(MD5TEST); $(BUILD_CMD)
+ +@target=$(MD5TEST); $(BUILD_CMD)
$(HMACTEST)$(EXE_EXT): $(HMACTEST).o $(DLIBCRYPTO)
- @target=$(HMACTEST); $(BUILD_CMD)
+ +@target=$(HMACTEST); $(BUILD_CMD)
$(WPTEST)$(EXE_EXT): $(WPTEST).o $(DLIBCRYPTO)
- @target=$(WPTEST); $(BUILD_CMD)
+ +@target=$(WPTEST); $(BUILD_CMD)
$(RC2TEST)$(EXE_EXT): $(RC2TEST).o $(DLIBCRYPTO)
- @target=$(RC2TEST); $(BUILD_CMD)
+ +@target=$(RC2TEST); $(BUILD_CMD)
$(BFTEST)$(EXE_EXT): $(BFTEST).o $(DLIBCRYPTO)
- @target=$(BFTEST); $(BUILD_CMD)
+ +@target=$(BFTEST); $(BUILD_CMD)
$(CASTTEST)$(EXE_EXT): $(CASTTEST).o $(DLIBCRYPTO)
- @target=$(CASTTEST); $(BUILD_CMD)
+ +@target=$(CASTTEST); $(BUILD_CMD)
$(RC4TEST)$(EXE_EXT): $(RC4TEST).o $(DLIBCRYPTO)
- @target=$(RC4TEST); $(BUILD_CMD)
+ +@target=$(RC4TEST); $(BUILD_CMD)
$(RC5TEST)$(EXE_EXT): $(RC5TEST).o $(DLIBCRYPTO)
- @target=$(RC5TEST); $(BUILD_CMD)
+ +@target=$(RC5TEST); $(BUILD_CMD)
$(DESTEST)$(EXE_EXT): $(DESTEST).o $(DLIBCRYPTO)
- @target=$(DESTEST); $(BUILD_CMD)
+ +@target=$(DESTEST); $(BUILD_CMD)
$(RANDTEST)$(EXE_EXT): $(RANDTEST).o $(DLIBCRYPTO)
- @target=$(RANDTEST); $(BUILD_CMD)
+ +@target=$(RANDTEST); $(BUILD_CMD)
$(DHTEST)$(EXE_EXT): $(DHTEST).o $(DLIBCRYPTO)
- @target=$(DHTEST); $(BUILD_CMD)
+ +@target=$(DHTEST); $(BUILD_CMD)
$(DSATEST)$(EXE_EXT): $(DSATEST).o $(DLIBCRYPTO)
- @target=$(DSATEST); $(BUILD_CMD)
+ +@target=$(DSATEST); $(BUILD_CMD)
$(METHTEST)$(EXE_EXT): $(METHTEST).o $(DLIBCRYPTO)
- @target=$(METHTEST); $(BUILD_CMD)
+ +@target=$(METHTEST); $(BUILD_CMD)
$(SSLTEST)$(EXE_EXT): $(SSLTEST).o $(DLIBSSL) $(DLIBCRYPTO)
- @target=$(SSLTEST); $(FIPS_BUILD_CMD)
+ +@target=$(SSLTEST); $(FIPS_BUILD_CMD)
$(ENGINETEST)$(EXE_EXT): $(ENGINETEST).o $(DLIBCRYPTO)
- @target=$(ENGINETEST); $(BUILD_CMD)
+ +@target=$(ENGINETEST); $(BUILD_CMD)
$(EVPTEST)$(EXE_EXT): $(EVPTEST).o $(DLIBCRYPTO)
- @target=$(EVPTEST); $(BUILD_CMD)
+ +@target=$(EVPTEST); $(BUILD_CMD)
$(ECDSATEST)$(EXE_EXT): $(ECDSATEST).o $(DLIBCRYPTO)
- @target=$(ECDSATEST); $(BUILD_CMD)
+ +@target=$(ECDSATEST); $(BUILD_CMD)
$(ECDHTEST)$(EXE_EXT): $(ECDHTEST).o $(DLIBCRYPTO)
- @target=$(ECDHTEST); $(BUILD_CMD)
+ +@target=$(ECDHTEST); $(BUILD_CMD)
$(IGETEST)$(EXE_EXT): $(IGETEST).o $(DLIBCRYPTO)
- @target=$(IGETEST); $(BUILD_CMD)
+ +@target=$(IGETEST); $(BUILD_CMD)
$(JPAKETEST)$(EXE_EXT): $(JPAKETEST).o $(DLIBCRYPTO)
- @target=$(JPAKETEST); $(BUILD_CMD)
+ +@target=$(JPAKETEST); $(BUILD_CMD)
$(ASN1TEST)$(EXE_EXT): $(ASN1TEST).o $(DLIBCRYPTO)
- @target=$(ASN1TEST); $(BUILD_CMD)
+ +@target=$(ASN1TEST); $(BUILD_CMD)
$(SRPTEST)$(EXE_EXT): $(SRPTEST).o $(DLIBCRYPTO)
- @target=$(SRPTEST); $(BUILD_CMD)
+ +@target=$(SRPTEST); $(BUILD_CMD)
#$(AESTEST).o: $(AESTEST).c
# $(CC) -c $(CFLAGS) -DINTERMEDIATE_VALUE_KAT -DTRACE_KAT_MCT $(AESTEST).c
@@ -480,7 +480,7 @@
# fi
dummytest$(EXE_EXT): dummytest.o $(DLIBCRYPTO)
- @target=dummytest; $(BUILD_CMD)
+ +@target=dummytest; $(BUILD_CMD)
# DO NOT DELETE THIS LINE -- make depend depends on it.
--- a/crypto/objects/Makefile
+++ b/crypto/objects/Makefile
@@ -44,11 +44,11 @@ obj_dat.h: obj_dat.pl obj_mac.h
# objects.pl both reads and writes obj_mac.num
obj_mac.h: objects.pl objects.txt obj_mac.num
$(PERL) objects.pl objects.txt obj_mac.num obj_mac.h
- @sleep 1; touch obj_mac.h; sleep 1
-obj_xref.h: objxref.pl obj_xref.txt obj_mac.num
+# This doesn't really need obj_mac.h, but since that rule reads & writes
+# obj_mac.num, we can't run in parallel with it.
+obj_xref.h: objxref.pl obj_xref.txt obj_mac.num obj_mac.h
$(PERL) objxref.pl obj_mac.num obj_xref.txt > obj_xref.h
- @sleep 1; touch obj_xref.h; sleep 1
files:
$(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO

233
sdk_container/src/third_party/portage-stable/dev-libs/openssl/files/openssl-1.0.1e-perl-5.18.patch → sdk_container/src/third_party/portage-stable/dev-libs/openssl/files/openssl-1.0.2_beta1-perl-5.18.patch vendored
View File

@ -1,15 +1,11 @@
https://bugs.gentoo.org/483820
Forward-ported from openssl-1.0.1f-perl-5.18.patch
Fixes install with perl-5.18.
Submitted By: Martin Ward <macros_the_black at ntlworld dot com>
Date: 2013-06-18
Initial Package Version: 1.0.1e
Upstream Status: Unknown
Origin: self, based on fedora
Description: Fixes install with perl-5.18.
Signed-off-by: Lars Wendler <polynomial-c@gentoo.org>
--- openssl-1.0.1e.orig/doc/apps/cms.pod
+++ openssl-1.0.1e/doc/apps/cms.pod
@@ -450,28 +450,28 @@
--- openssl-1.0.2-beta1/doc/apps/cms.pod
+++ openssl-1.0.2-beta1/doc/apps/cms.pod
@@ -463,28 +463,28 @@
=over 4
@ -44,8 +40,8 @@ Description: Fixes install with perl-5.18.
the message was verified correctly but an error occurred writing out
the signers certificates.
--- openssl-1.0.1e.orig/doc/apps/smime.pod
+++ openssl-1.0.1e/doc/apps/smime.pod
--- openssl-1.0.2-beta1/doc/apps/smime.pod
+++ openssl-1.0.2-beta1/doc/apps/smime.pod
@@ -308,28 +308,28 @@
=over 4
@ -81,36 +77,26 @@ Description: Fixes install with perl-5.18.
the message was verified correctly but an error occurred writing out
the signers certificates.
--- openssl-1.0.1e.orig/doc/crypto/X509_STORE_CTX_get_error.pod
+++ openssl-1.0.1e/doc/crypto/X509_STORE_CTX_get_error.pod
@@ -278,6 +278,8 @@
an application specific error. This will never be returned unless explicitly
set by an application.
+=back
+
=head1 NOTES
The above functions should be used instead of directly referencing the fields
--- openssl-1.0.1e.orig/doc/ssl/SSL_accept.pod
+++ openssl-1.0.1e/doc/ssl/SSL_accept.pod
@@ -44,12 +44,12 @@
--- openssl-1.0.2-beta1/doc/ssl/SSL_accept.pod
+++ openssl-1.0.2-beta1/doc/ssl/SSL_accept.pod
@@ -44,13 +44,13 @@
=over 4
-=item 1
+=item C<1>
The TLS/SSL handshake was successfully completed, a TLS/SSL connection has been
established.
-=item 0
+=item C<0>
The TLS/SSL handshake was not successful but was shut down controlled and
by the specifications of the TLS/SSL protocol. Call SSL_get_error() with the
--- openssl-1.0.1e.orig/doc/ssl/SSL_clear.pod
+++ openssl-1.0.1e/doc/ssl/SSL_clear.pod
return value B<ret> to find out the reason.
-=item 1
+=item C<1>
The TLS/SSL handshake was successfully completed, a TLS/SSL connection has been
established.
--- openssl-1.0.2-beta1/doc/ssl/SSL_clear.pod
+++ openssl-1.0.2-beta1/doc/ssl/SSL_clear.pod
@@ -56,12 +56,12 @@
=over 4
@ -126,8 +112,8 @@ Description: Fixes install with perl-5.18.
The SSL_clear() operation was successful.
--- openssl-1.0.1e.orig/doc/ssl/SSL_COMP_add_compression_method.pod
+++ openssl-1.0.1e/doc/ssl/SSL_COMP_add_compression_method.pod
--- openssl-1.0.2-beta1/doc/ssl/SSL_COMP_add_compression_method.pod
+++ openssl-1.0.2-beta1/doc/ssl/SSL_COMP_add_compression_method.pod
@@ -53,11 +53,11 @@
=over 4
@ -142,25 +128,48 @@ Description: Fixes install with perl-5.18.
The operation failed. Check the error queue to find out the reason.
--- openssl-1.0.1e.orig/doc/ssl/SSL_connect.pod
+++ openssl-1.0.1e/doc/ssl/SSL_connect.pod
@@ -41,12 +41,12 @@
--- openssl-1.0.2-beta1/doc/ssl/SSL_CONF_cmd.pod
+++ openssl-1.0.2-beta1/doc/ssl/SSL_CONF_cmd.pod
@@ -320,6 +320,8 @@
The value is a directory name.
+=back
+
=head1 NOTES
The order of operations is significant. This can be used to set either defaults
--- openssl-1.0.2-beta1/doc/ssl/SSL_connect.pod
+++ openssl-1.0.2-beta1/doc/ssl/SSL_connect.pod
@@ -41,13 +41,13 @@
=over 4
-=item 1
+=item C<1>
The TLS/SSL handshake was successfully completed, a TLS/SSL connection has been
established.
-=item 0
+=item C<0>
The TLS/SSL handshake was not successful but was shut down controlled and
by the specifications of the TLS/SSL protocol. Call SSL_get_error() with the
--- openssl-1.0.1e.orig/doc/ssl/SSL_CTX_add_session.pod
+++ openssl-1.0.1e/doc/ssl/SSL_CTX_add_session.pod
return value B<ret> to find out the reason.
-=item 1
+=item C<1>
The TLS/SSL handshake was successfully completed, a TLS/SSL connection has been
established.
--- openssl-1.0.2-beta1/doc/ssl/SSL_CTX_add1_chain_cert.pod
+++ openssl-1.0.2-beta1/doc/ssl/SSL_CTX_add1_chain_cert.pod
@@ -128,6 +128,8 @@
All other functions return 1 for success and 0 for failure.
+=over
+
=back
=head1 SEE ALSO
--- openssl-1.0.2-beta1/doc/ssl/SSL_CTX_add_session.pod
+++ openssl-1.0.2-beta1/doc/ssl/SSL_CTX_add_session.pod
@@ -52,13 +52,13 @@
=over 4
@ -177,8 +186,8 @@ Description: Fixes install with perl-5.18.
The operation succeeded.
--- openssl-1.0.1e.orig/doc/ssl/SSL_CTX_load_verify_locations.pod
+++ openssl-1.0.1e/doc/ssl/SSL_CTX_load_verify_locations.pod
--- openssl-1.0.2-beta1/doc/ssl/SSL_CTX_load_verify_locations.pod
+++ openssl-1.0.2-beta1/doc/ssl/SSL_CTX_load_verify_locations.pod
@@ -100,13 +100,13 @@
=over 4
@ -195,24 +204,48 @@ Description: Fixes install with perl-5.18.
The operation succeeded.
--- openssl-1.0.1e.orig/doc/ssl/SSL_CTX_set_client_CA_list.pod
+++ openssl-1.0.1e/doc/ssl/SSL_CTX_set_client_CA_list.pod
@@ -66,11 +66,11 @@
--- openssl-1.0.2-beta1/doc/ssl/SSL_CTX_set1_curves.pod
+++ openssl-1.0.2-beta1/doc/ssl/SSL_CTX_set1_curves.pod
@@ -87,6 +87,8 @@
SSL_get1_shared_curve() returns the NID of shared curve B<n> of zero if there
is no shared curve B<n> or the number of shared curves if B<n> is -1.
+=over
+
=back
=head1 SEE ALSO
--- openssl-1.0.2-beta1/doc/ssl/SSL_CTX_set1_verify_cert_store.pod
+++ openssl-1.0.2-beta1/doc/ssl/SSL_CTX_set1_verify_cert_store.pod
@@ -70,6 +70,8 @@
All these functions return 1 for success and 0 for failure.
+=over
+
=back
=head1 SEE ALSO
--- openssl-1.0.2-beta1/doc/ssl/SSL_CTX_set_client_CA_list.pod
+++ openssl-1.0.2-beta1/doc/ssl/SSL_CTX_set_client_CA_list.pod
@@ -66,13 +66,13 @@
=over 4
-=item 1
+=item C<1>
The operation succeeded.
-=item 0
+=item C<0>
A failure while manipulating the STACK_OF(X509_NAME) object occurred or
the X509_NAME could not be extracted from B<cacert>. Check the error stack
--- openssl-1.0.1e.orig/doc/ssl/SSL_CTX_set_session_id_context.pod
+++ openssl-1.0.1e/doc/ssl/SSL_CTX_set_session_id_context.pod
to find out the reason.
-=item 1
+=item C<1>
The operation succeeded.
--- openssl-1.0.2-beta1/doc/ssl/SSL_CTX_set_session_id_context.pod
+++ openssl-1.0.2-beta1/doc/ssl/SSL_CTX_set_session_id_context.pod
@@ -64,13 +64,13 @@
=over 4
@ -229,8 +262,8 @@ Description: Fixes install with perl-5.18.
The operation succeeded.
--- openssl-1.0.1e.orig/doc/ssl/SSL_CTX_set_ssl_version.pod
+++ openssl-1.0.1e/doc/ssl/SSL_CTX_set_ssl_version.pod
--- openssl-1.0.2-beta1/doc/ssl/SSL_CTX_set_ssl_version.pod
+++ openssl-1.0.2-beta1/doc/ssl/SSL_CTX_set_ssl_version.pod
@@ -42,11 +42,11 @@
=over 4
@ -245,18 +278,9 @@ Description: Fixes install with perl-5.18.
The operation succeeded.
--- openssl-1.0.1e.orig/doc/ssl/SSL_CTX_use_psk_identity_hint.pod
+++ openssl-1.0.1e/doc/ssl/SSL_CTX_use_psk_identity_hint.pod
@@ -81,6 +81,8 @@
Return values from the server callback are interpreted as follows:
+=over
+
=item > 0
PSK identity was found and the server callback has provided the PSK
@@ -94,9 +96,11 @@
--- openssl-1.0.2-beta1/doc/ssl/SSL_CTX_use_psk_identity_hint.pod
+++ openssl-1.0.2-beta1/doc/ssl/SSL_CTX_use_psk_identity_hint.pod
@@ -96,7 +96,7 @@
connection will fail with decryption_error before it will be finished
completely.
@ -265,29 +289,26 @@ Description: Fixes install with perl-5.18.
PSK identity was not found. An "unknown_psk_identity" alert message
will be sent and the connection setup fails.
+=back
+
=cut
--- openssl-1.0.1e.orig/doc/ssl/SSL_do_handshake.pod
+++ openssl-1.0.1e/doc/ssl/SSL_do_handshake.pod
@@ -45,12 +45,12 @@
--- openssl-1.0.2-beta1/doc/ssl/SSL_do_handshake.pod
+++ openssl-1.0.2-beta1/doc/ssl/SSL_do_handshake.pod
@@ -45,13 +45,13 @@
=over 4
-=item 1
+=item C<1>
The TLS/SSL handshake was successfully completed, a TLS/SSL connection has been
established.
-=item 0
+=item C<0>
The TLS/SSL handshake was not successful but was shut down controlled and
by the specifications of the TLS/SSL protocol. Call SSL_get_error() with the
--- openssl-1.0.1e.orig/doc/ssl/SSL_read.pod
+++ openssl-1.0.1e/doc/ssl/SSL_read.pod
return value B<ret> to find out the reason.
-=item 1
+=item C<1>
The TLS/SSL handshake was successfully completed, a TLS/SSL connection has been
established.
--- openssl-1.0.2-beta1/doc/ssl/SSL_read.pod
+++ openssl-1.0.2-beta1/doc/ssl/SSL_read.pod
@@ -86,7 +86,7 @@
The read operation was successful; the return value is the number of
bytes actually read from the TLS/SSL connection.
@ -297,8 +318,8 @@ Description: Fixes install with perl-5.18.
The read operation was not successful. The reason may either be a clean
shutdown due to a "close notify" alert sent by the peer (in which case
--- openssl-1.0.1e.orig/doc/ssl/SSL_session_reused.pod
+++ openssl-1.0.1e/doc/ssl/SSL_session_reused.pod
--- openssl-1.0.2-beta1/doc/ssl/SSL_session_reused.pod
+++ openssl-1.0.2-beta1/doc/ssl/SSL_session_reused.pod
@@ -27,11 +27,11 @@
=over 4
@ -313,8 +334,8 @@ Description: Fixes install with perl-5.18.
A session was reused.
--- openssl-1.0.1e.orig/doc/ssl/SSL_set_fd.pod
+++ openssl-1.0.1e/doc/ssl/SSL_set_fd.pod
--- openssl-1.0.2-beta1/doc/ssl/SSL_set_fd.pod
+++ openssl-1.0.2-beta1/doc/ssl/SSL_set_fd.pod
@@ -35,11 +35,11 @@
=over 4
@ -329,8 +350,8 @@ Description: Fixes install with perl-5.18.
The operation succeeded.
--- openssl-1.0.1e.orig/doc/ssl/SSL_set_session.pod
+++ openssl-1.0.1e/doc/ssl/SSL_set_session.pod
--- openssl-1.0.2-beta1/doc/ssl/SSL_set_session.pod
+++ openssl-1.0.2-beta1/doc/ssl/SSL_set_session.pod
@@ -37,11 +37,11 @@
=over 4
@ -345,25 +366,27 @@ Description: Fixes install with perl-5.18.
The operation succeeded.
--- openssl-1.0.1e.orig/doc/ssl/SSL_shutdown.pod
+++ openssl-1.0.1e/doc/ssl/SSL_shutdown.pod
@@ -92,12 +92,12 @@
--- openssl-1.0.2-beta1/doc/ssl/SSL_shutdown.pod
+++ openssl-1.0.2-beta1/doc/ssl/SSL_shutdown.pod
@@ -92,14 +92,14 @@
=over 4
-=item 1
+=item C<1>
The shutdown was successfully completed. The "close notify" alert was sent
and the peer's "close notify" alert was received.
-=item 0
+=item C<0>
The shutdown is not yet finished. Call SSL_shutdown() for a second time,
if a bidirectional shutdown shall be performed.
--- openssl-1.0.1e.orig/doc/ssl/SSL_write.pod
+++ openssl-1.0.1e/doc/ssl/SSL_write.pod
The output of L<SSL_get_error(3)|SSL_get_error(3)> may be misleading, as an
erroneous SSL_ERROR_SYSCALL may be flagged even though no error occurred.
-=item 1
+=item C<1>
The shutdown was successfully completed. The "close notify" alert was sent
and the peer's "close notify" alert was received.
--- openssl-1.0.2-beta1/doc/ssl/SSL_write.pod
+++ openssl-1.0.2-beta1/doc/ssl/SSL_write.pod
@@ -79,7 +79,7 @@
The write operation was successful, the return value is the number of
bytes actually written to the TLS/SSL connection.

2
sdk_container/src/third_party/portage-stable/dev-libs/openssl/metadata.xml vendored
View File

@ -3,7 +3,7 @@
<pkgmetadata>
<herd>base-system</herd>
<use>
<flag name='bindist'>Disable EC/RC5 algorithms (as they seem to be patented)</flag>
<flag name='bindist'>Disable EC/RC5 algorithms (as they seem to be patented) -- note: changes the ABI</flag>
<flag name='rfc3779'>Enable support for RFC 3779 (X.509 Extensions for IP Addresses and AS Identifiers)</flag>
<flag name='tls-heartbeat'>Enable the Heartbeat Extension in TLS and DTLS</flag>
</use>

237
sdk_container/src/third_party/portage-stable/dev-libs/openssl/openssl-1.0.1e-r1.ebuild vendored
View File

@ -1,237 +0,0 @@
# Copyright 1999-2014 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
# $Header: /var/cvsroot/gentoo-x86/dev-libs/openssl/openssl-1.0.1e-r1.ebuild,v 1.17 2014/01/16 17:37:37 vapier Exp $
EAPI="4"
inherit eutils flag-o-matic toolchain-funcs multilib
REV="1.7"
DESCRIPTION="full-strength general purpose cryptography library (including SSL and TLS)"
HOMEPAGE="http://www.openssl.org/"
SRC_URI="mirror://openssl/source/${P}.tar.gz
http://cvs.pld-linux.org/cgi-bin/cvsweb.cgi/packages/${PN}/${PN}-c_rehash.sh?rev=${REV} -> ${PN}-c_rehash.sh.${REV}"
LICENSE="openssl"
SLOT="0"
KEYWORDS="alpha amd64 arm hppa ia64 m68k ~mips ppc -ppc64 s390 sh sparc x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~arm-linux ~x86-linux"
IUSE="bindist gmp kerberos rfc3779 sse2 static-libs test +tls-heartbeat vanilla zlib"
# Have the sub-libs in RDEPEND with [static-libs] since, logically,
# our libssl.a depends on libz.a/etc... at runtime.
LIB_DEPEND="gmp? ( dev-libs/gmp[static-libs(+)] )
zlib? ( sys-libs/zlib[static-libs(+)] )
kerberos? ( app-crypt/mit-krb5 )"
# The blocks are temporary just to make sure people upgrade to a
# version that lack runtime version checking. We'll drop them in
# the future.
RDEPEND="static-libs? ( ${LIB_DEPEND} )
!static-libs? ( ${LIB_DEPEND//\[static-libs(+)]} )
!<net-misc/openssh-5.9_p1-r4
!<net-libs/neon-0.29.6-r1"
DEPEND="${RDEPEND}
sys-apps/diffutils
>=dev-lang/perl-5
test? ( sys-devel/bc )"
PDEPEND="app-misc/ca-certificates"
src_unpack() {
unpack ${P}.tar.gz
SSL_CNF_DIR="/etc/ssl"
sed \
-e "/^DIR=/s:=.*:=${EPREFIX}${SSL_CNF_DIR}:" \
-e "s:SSL_CMD=/usr:SSL_CMD=${EPREFIX}/usr:" \
"${DISTDIR}"/${PN}-c_rehash.sh.${REV} \
> "${WORKDIR}"/c_rehash || die #416717
}
src_prepare() {
# Make sure we only ever touch Makefile.org and avoid patching a file
# that gets blown away anyways by the Configure script in src_configure
rm -f Makefile
if ! use vanilla ; then
epatch "${FILESDIR}"/${PN}-1.0.0a-ldflags.patch #327421
epatch "${FILESDIR}"/${PN}-1.0.0d-windres.patch #373743
epatch "${FILESDIR}"/${PN}-1.0.0h-pkg-config.patch
epatch "${FILESDIR}"/${PN}-1.0.1-parallel-build.patch
epatch "${FILESDIR}"/${PN}-1.0.1-x32.patch
epatch "${FILESDIR}"/${PN}-1.0.1e-ipv6.patch
epatch "${FILESDIR}"/${P}-bad-mac-aes-ni.patch #463444
epatch "${FILESDIR}"/${PN}-1.0.1e-perl-5.18.patch #483820
epatch_user #332661
fi
# disable fips in the build
# make sure the man pages are suffixed #302165
# don't bother building man pages if they're disabled
sed -i \
-e '/DIRS/s: fips : :g' \
-e '/^MANSUFFIX/s:=.*:=ssl:' \
-e '/^MAKEDEPPROG/s:=.*:=$(CC):' \
-e $(has noman FEATURES \
&& echo '/^install:/s:install_docs::' \
|| echo '/^MANDIR=/s:=.*:='${EPREFIX}'/usr/share/man:') \
Makefile.org \
|| die
# show the actual commands in the log
sed -i '/^SET_X/s:=.*:=set -x:' Makefile.shared
# allow openssl to be cross-compiled
cp "${FILESDIR}"/gentoo.config-1.0.1 gentoo.config || die
chmod a+rx gentoo.config
append-flags -fno-strict-aliasing
append-flags $(test-flags-CC -Wa,--noexecstack)
sed -i '1s,^:$,#!'${EPREFIX}'/usr/bin/perl,' Configure #141906
# The config script does stupid stuff to prompt the user. Kill it.
sed -i '/stty -icanon min 0 time 50; read waste/d' config || die
./config --test-sanity || die "I AM NOT SANE"
}
src_configure() {
unset APPS #197996
unset SCRIPTS #312551
unset CROSS_COMPILE #311473
tc-export CC AR RANLIB RC
# Clean out patent-or-otherwise-encumbered code
# Camellia: Royalty Free http://en.wikipedia.org/wiki/Camellia_(cipher)
# IDEA: Expired http://en.wikipedia.org/wiki/International_Data_Encryption_Algorithm
# EC: ????????? ??/??/2015 http://en.wikipedia.org/wiki/Elliptic_Curve_Cryptography
# MDC2: Expired http://en.wikipedia.org/wiki/MDC-2
# RC5: 5,724,428 03/03/2015 http://en.wikipedia.org/wiki/RC5
use_ssl() { usex $1 "enable-${2:-$1}" "no-${2:-$1}" " ${*:3}" ; }
echoit() { echo "$@" ; "$@" ; }
local krb5=$(has_version app-crypt/mit-krb5 && echo "MIT" || echo "Heimdal")
# See if our toolchain supports __uint128_t. If so, it's 64bit
# friendly and can use the nicely optimized code paths. #460790
local ec_nistp_64_gcc_128
if ! use bindist ; then
echo "__uint128_t i;" > "${T}"/128.c
if ${CC} ${CFLAGS} -c "${T}"/128.c -o /dev/null >&/dev/null ; then
ec_nistp_64_gcc_128="enable-ec_nistp_64_gcc_128"
fi
fi
local sslout=$(./gentoo.config)
einfo "Use configuration ${sslout:-(openssl knows best)}"
local config="Configure"
[[ -z ${sslout} ]] && config="config"
echoit \
./${config} \
${sslout} \
$(use sse2 || echo "no-sse2") \
enable-camellia \
$(use_ssl !bindist ec) \
${ec_nistp_64_gcc_128} \
enable-idea \
enable-mdc2 \
$(use_ssl !bindist rc5) \
enable-tlsext \
$(use_ssl gmp gmp -lgmp) \
$(use_ssl kerberos krb5 --with-krb5-flavor=${krb5}) \
$(use_ssl rfc3779) \
$(use_ssl tls-heartbeat heartbeats) \
$(use_ssl zlib) \
--prefix="${EPREFIX}"/usr \
--openssldir="${EPREFIX}"${SSL_CNF_DIR} \
--libdir=$(get_libdir) \
shared threads \
|| die
# Clean out hardcoded flags that openssl uses
local CFLAG=$(grep ^CFLAG= Makefile | LC_ALL=C sed \
-e 's:^CFLAG=::' \
-e 's:-fomit-frame-pointer ::g' \
-e 's:-O[0-9] ::g' \
-e 's:-march=[-a-z0-9]* ::g' \
-e 's:-mcpu=[-a-z0-9]* ::g' \
-e 's:-m[a-z0-9]* ::g' \
)
sed -i \
-e "/^CFLAG/s|=.*|=${CFLAG} ${CFLAGS}|" \
-e "/^SHARED_LDFLAGS=/s|$| ${LDFLAGS}|" \
Makefile || die
}
src_compile() {
# depend is needed to use $confopts; it also doesn't matter
# that it's -j1 as the code itself serializes subdirs
emake -j1 depend
emake all
# rehash is needed to prep the certs/ dir; do this
# separately to avoid parallel build issues.
emake rehash
}
src_test() {
emake -j1 test
}
src_install() {
emake INSTALL_PREFIX="${D}" install
dobin "${WORKDIR}"/c_rehash #333117
dodoc CHANGES* FAQ NEWS README doc/*.txt doc/c-indentation.el
dohtml -r doc/*
use rfc3779 && dodoc engines/ccgost/README.gost
# This is crappy in that the static archives are still built even
# when USE=static-libs. But this is due to a failing in the openssl
# build system: the static archives are built as PIC all the time.
# Only way around this would be to manually configure+compile openssl
# twice; once with shared lib support enabled and once without.
use static-libs || rm -f "${ED}"/usr/lib*/lib*.a
# create the certs directory
dodir ${SSL_CNF_DIR}/certs
cp -RP certs/* "${ED}"${SSL_CNF_DIR}/certs/ || die
rm -r "${ED}"${SSL_CNF_DIR}/certs/{demo,expired}
# Namespace openssl programs to prevent conflicts with other man pages
cd "${ED}"/usr/share/man
local m d s
for m in $(find . -type f | xargs grep -L '#include') ; do
d=${m%/*} ; d=${d#./} ; m=${m##*/}
[[ ${m} == openssl.1* ]] && continue
[[ -n $(find -L ${d} -type l) ]] && die "erp, broken links already!"
mv ${d}/{,ssl-}${m}
# fix up references to renamed man pages
sed -i '/^[.]SH "SEE ALSO"/,/^[.]/s:\([^(, ]*(1)\):ssl-\1:g' ${d}/ssl-${m}
ln -s ssl-${m} ${d}/openssl-${m}
# locate any symlinks that point to this man page ... we assume
# that any broken links are due to the above renaming
for s in $(find -L ${d} -type l) ; do
s=${s##*/}
rm -f ${d}/${s}
ln -s ssl-${m} ${d}/ssl-${s}
ln -s ssl-${s} ${d}/openssl-${s}
done
done
[[ -n $(find -L ${d} -type l) ]] && die "broken manpage links found :("
dodir /etc/sandbox.d #254521
echo 'SANDBOX_PREDICT="/dev/crypto"' > "${ED}"/etc/sandbox.d/10openssl
diropts -m0700
keepdir ${SSL_CNF_DIR}/private
}
pkg_preinst() {
has_version ${CATEGORY}/${PN}:0.9.8 && return 0
preserve_old_lib /usr/$(get_libdir)/lib{crypto,ssl}.so.0.9.8
}
pkg_postinst() {
ebegin "Running 'c_rehash ${EROOT%/}${SSL_CNF_DIR}/certs/' to rebuild hashes #333069"
c_rehash "${EROOT%/}${SSL_CNF_DIR}/certs" >/dev/null
eend $?
has_version ${CATEGORY}/${PN}:0.9.8 && return 0
preserve_old_lib_notify /usr/$(get_libdir)/lib{crypto,ssl}.so.0.9.8
}

241
sdk_container/src/third_party/portage-stable/dev-libs/openssl/openssl-1.0.1e-r3.ebuild vendored
View File

@ -1,241 +0,0 @@
# Copyright 1999-2013 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
# $Header: /var/cvsroot/gentoo-x86/dev-libs/openssl/openssl-1.0.1e-r3.ebuild,v 1.1 2013/12/20 19:26:59 vapier Exp $
EAPI="4"
inherit eutils flag-o-matic toolchain-funcs multilib
REV="1.7"
DESCRIPTION="full-strength general purpose cryptography library (including SSL and TLS)"
HOMEPAGE="http://www.openssl.org/"
SRC_URI="mirror://openssl/source/${P}.tar.gz
http://cvs.pld-linux.org/cgi-bin/cvsweb.cgi/packages/${PN}/${PN}-c_rehash.sh?rev=${REV} -> ${PN}-c_rehash.sh.${REV}"
LICENSE="openssl"
SLOT="0"
KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~arm-linux ~x86-linux"
IUSE="bindist gmp kerberos rfc3779 sse2 static-libs test +tls-heartbeat vanilla zlib"
# Have the sub-libs in RDEPEND with [static-libs] since, logically,
# our libssl.a depends on libz.a/etc... at runtime.
LIB_DEPEND="gmp? ( dev-libs/gmp[static-libs(+)] )
zlib? ( sys-libs/zlib[static-libs(+)] )
kerberos? ( app-crypt/mit-krb5 )"
# The blocks are temporary just to make sure people upgrade to a
# version that lack runtime version checking. We'll drop them in
# the future.
RDEPEND="static-libs? ( ${LIB_DEPEND} )
!static-libs? ( ${LIB_DEPEND//\[static-libs(+)]} )
!<net-misc/openssh-5.9_p1-r4
!<net-libs/neon-0.29.6-r1"
DEPEND="${RDEPEND}
sys-apps/diffutils
>=dev-lang/perl-5
test? ( sys-devel/bc )"
PDEPEND="app-misc/ca-certificates"
src_unpack() {
unpack ${P}.tar.gz
SSL_CNF_DIR="/etc/ssl"
sed \
-e "/^DIR=/s:=.*:=${EPREFIX}${SSL_CNF_DIR}:" \
-e "s:SSL_CMD=/usr:SSL_CMD=${EPREFIX}/usr:" \
"${DISTDIR}"/${PN}-c_rehash.sh.${REV} \
> "${WORKDIR}"/c_rehash || die #416717
}
src_prepare() {
# Make sure we only ever touch Makefile.org and avoid patching a file
# that gets blown away anyways by the Configure script in src_configure
rm -f Makefile
if ! use vanilla ; then
epatch "${FILESDIR}"/${PN}-1.0.0a-ldflags.patch #327421
epatch "${FILESDIR}"/${PN}-1.0.0d-windres.patch #373743
epatch "${FILESDIR}"/${PN}-1.0.0h-pkg-config.patch
epatch "${FILESDIR}"/${PN}-1.0.1-parallel-build.patch
epatch "${FILESDIR}"/${PN}-1.0.1-x32.patch
epatch "${FILESDIR}"/${PN}-1.0.1e-ipv6.patch
epatch "${FILESDIR}"/${P}-bad-mac-aes-ni.patch #463444
epatch "${FILESDIR}"/${PN}-1.0.1e-perl-5.18.patch #483820
epatch "${FILESDIR}"/${PN}-1.0.1e-s_client-verify.patch #472584
epatch "${FILESDIR}"/${P}-tls-ver-crash.patch #494816
epatch "${FILESDIR}"/${P}-rdrand-explicit.patch
epatch_user #332661
fi
# disable fips in the build
# make sure the man pages are suffixed #302165
# don't bother building man pages if they're disabled
sed -i \
-e '/DIRS/s: fips : :g' \
-e '/^MANSUFFIX/s:=.*:=ssl:' \
-e '/^MAKEDEPPROG/s:=.*:=$(CC):' \
-e $(has noman FEATURES \
&& echo '/^install:/s:install_docs::' \
|| echo '/^MANDIR=/s:=.*:='${EPREFIX}'/usr/share/man:') \
Makefile.org \
|| die
# show the actual commands in the log
sed -i '/^SET_X/s:=.*:=set -x:' Makefile.shared
# allow openssl to be cross-compiled
cp "${FILESDIR}"/gentoo.config-1.0.1 gentoo.config || die
chmod a+rx gentoo.config
append-flags -fno-strict-aliasing
append-flags $(test-flags-CC -Wa,--noexecstack)
sed -i '1s,^:$,#!'${EPREFIX}'/usr/bin/perl,' Configure #141906
# The config script does stupid stuff to prompt the user. Kill it.
sed -i '/stty -icanon min 0 time 50; read waste/d' config || die
./config --test-sanity || die "I AM NOT SANE"
}
src_configure() {
unset APPS #197996
unset SCRIPTS #312551
unset CROSS_COMPILE #311473
tc-export CC AR RANLIB RC
# Clean out patent-or-otherwise-encumbered code
# Camellia: Royalty Free http://en.wikipedia.org/wiki/Camellia_(cipher)
# IDEA: Expired http://en.wikipedia.org/wiki/International_Data_Encryption_Algorithm
# EC: ????????? ??/??/2015 http://en.wikipedia.org/wiki/Elliptic_Curve_Cryptography
# MDC2: Expired http://en.wikipedia.org/wiki/MDC-2
# RC5: 5,724,428 03/03/2015 http://en.wikipedia.org/wiki/RC5
use_ssl() { usex $1 "enable-${2:-$1}" "no-${2:-$1}" " ${*:3}" ; }
echoit() { echo "$@" ; "$@" ; }
local krb5=$(has_version app-crypt/mit-krb5 && echo "MIT" || echo "Heimdal")
# See if our toolchain supports __uint128_t. If so, it's 64bit
# friendly and can use the nicely optimized code paths. #460790
local ec_nistp_64_gcc_128
# Disable it for now though #469976
#if ! use bindist ; then
# echo "__uint128_t i;" > "${T}"/128.c
# if ${CC} ${CFLAGS} -c "${T}"/128.c -o /dev/null >&/dev/null ; then
# ec_nistp_64_gcc_128="enable-ec_nistp_64_gcc_128"
# fi
#fi
local sslout=$(./gentoo.config)
einfo "Use configuration ${sslout:-(openssl knows best)}"
local config="Configure"
[[ -z ${sslout} ]] && config="config"
echoit \
./${config} \
${sslout} \
$(use sse2 || echo "no-sse2") \
enable-camellia \
$(use_ssl !bindist ec) \
${ec_nistp_64_gcc_128} \
enable-idea \
enable-mdc2 \
$(use_ssl !bindist rc5) \
enable-tlsext \
$(use_ssl gmp gmp -lgmp) \
$(use_ssl kerberos krb5 --with-krb5-flavor=${krb5}) \
$(use_ssl rfc3779) \
$(use_ssl tls-heartbeat heartbeats) \
$(use_ssl zlib) \
--prefix="${EPREFIX}"/usr \
--openssldir="${EPREFIX}"${SSL_CNF_DIR} \
--libdir=$(get_libdir) \
shared threads \
|| die
# Clean out hardcoded flags that openssl uses
local CFLAG=$(grep ^CFLAG= Makefile | LC_ALL=C sed \
-e 's:^CFLAG=::' \
-e 's:-fomit-frame-pointer ::g' \
-e 's:-O[0-9] ::g' \
-e 's:-march=[-a-z0-9]* ::g' \
-e 's:-mcpu=[-a-z0-9]* ::g' \
-e 's:-m[a-z0-9]* ::g' \
)
sed -i \
-e "/^CFLAG/s|=.*|=${CFLAG} ${CFLAGS}|" \
-e "/^SHARED_LDFLAGS=/s|$| ${LDFLAGS}|" \
Makefile || die
}
src_compile() {
# depend is needed to use $confopts; it also doesn't matter
# that it's -j1 as the code itself serializes subdirs
emake -j1 depend
emake all
# rehash is needed to prep the certs/ dir; do this
# separately to avoid parallel build issues.
emake rehash
}
src_test() {
emake -j1 test
}
src_install() {
emake INSTALL_PREFIX="${D}" install
dobin "${WORKDIR}"/c_rehash #333117
dodoc CHANGES* FAQ NEWS README doc/*.txt doc/c-indentation.el
dohtml -r doc/*
use rfc3779 && dodoc engines/ccgost/README.gost
# This is crappy in that the static archives are still built even
# when USE=static-libs. But this is due to a failing in the openssl
# build system: the static archives are built as PIC all the time.
# Only way around this would be to manually configure+compile openssl
# twice; once with shared lib support enabled and once without.
use static-libs || rm -f "${ED}"/usr/lib*/lib*.a
# create the certs directory
dodir ${SSL_CNF_DIR}/certs
cp -RP certs/* "${ED}"${SSL_CNF_DIR}/certs/ || die
rm -r "${ED}"${SSL_CNF_DIR}/certs/{demo,expired}
# Namespace openssl programs to prevent conflicts with other man pages
cd "${ED}"/usr/share/man
local m d s
for m in $(find . -type f | xargs grep -L '#include') ; do
d=${m%/*} ; d=${d#./} ; m=${m##*/}
[[ ${m} == openssl.1* ]] && continue
[[ -n $(find -L ${d} -type l) ]] && die "erp, broken links already!"
mv ${d}/{,ssl-}${m}
# fix up references to renamed man pages
sed -i '/^[.]SH "SEE ALSO"/,/^[.]/s:\([^(, ]*(1)\):ssl-\1:g' ${d}/ssl-${m}
ln -s ssl-${m} ${d}/openssl-${m}
# locate any symlinks that point to this man page ... we assume
# that any broken links are due to the above renaming
for s in $(find -L ${d} -type l) ; do
s=${s##*/}
rm -f ${d}/${s}
ln -s ssl-${m} ${d}/ssl-${s}
ln -s ssl-${s} ${d}/openssl-${s}
done
done
[[ -n $(find -L ${d} -type l) ]] && die "broken manpage links found :("
dodir /etc/sandbox.d #254521
echo 'SANDBOX_PREDICT="/dev/crypto"' > "${ED}"/etc/sandbox.d/10openssl
diropts -m0700
keepdir ${SSL_CNF_DIR}/private
}
pkg_preinst() {
has_version ${CATEGORY}/${PN}:0.9.8 && return 0
preserve_old_lib /usr/$(get_libdir)/lib{crypto,ssl}.so.0.9.8
}
pkg_postinst() {
ebegin "Running 'c_rehash ${EROOT%/}${SSL_CNF_DIR}/certs/' to rebuild hashes #333069"
c_rehash "${EROOT%/}${SSL_CNF_DIR}/certs" >/dev/null
eend $?
has_version ${CATEGORY}/${PN}:0.9.8 && return 0
preserve_old_lib_notify /usr/$(get_libdir)/lib{crypto,ssl}.so.0.9.8
}

221
sdk_container/src/third_party/portage-stable/dev-libs/openssl/openssl-1.0.1e.ebuild vendored
View File

@ -1,221 +0,0 @@
# Copyright 1999-2013 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
# $Header: /var/cvsroot/gentoo-x86/dev-libs/openssl/openssl-1.0.1e.ebuild,v 1.4 2013/11/26 07:27:00 polynomial-c Exp $
EAPI="4"
inherit eutils flag-o-matic toolchain-funcs multilib
REV="1.7"
DESCRIPTION="full-strength general purpose cryptography library (including SSL v2/v3 and TLS v1)"
HOMEPAGE="http://www.openssl.org/"
SRC_URI="mirror://openssl/source/${P}.tar.gz
http://cvs.pld-linux.org/cgi-bin/cvsweb.cgi/packages/${PN}/${PN}-c_rehash.sh?rev=${REV} -> ${PN}-c_rehash.sh.${REV}"
LICENSE="openssl"
SLOT="0"
KEYWORDS="ppc64"
IUSE="bindist gmp kerberos rfc3779 sse2 static-libs test vanilla zlib"
# Have the sub-libs in RDEPEND with [static-libs] since, logically,
# our libssl.a depends on libz.a/etc... at runtime.
LIB_DEPEND="gmp? ( dev-libs/gmp[static-libs(+)] )
zlib? ( sys-libs/zlib[static-libs(+)] )
kerberos? ( app-crypt/mit-krb5 )"
# The blocks are temporary just to make sure people upgrade to a
# version that lack runtime version checking. We'll drop them in
# the future.
RDEPEND="static-libs? ( ${LIB_DEPEND} )
!static-libs? ( ${LIB_DEPEND//\[static-libs(+)]} )
!<net-misc/openssh-5.9_p1-r4
!<net-libs/neon-0.29.6-r1"
DEPEND="${RDEPEND}
sys-apps/diffutils
>=dev-lang/perl-5
test? ( sys-devel/bc )"
PDEPEND="app-misc/ca-certificates"
src_unpack() {
unpack ${P}.tar.gz
SSL_CNF_DIR="/etc/ssl"
sed \
-e "/^DIR=/s:=.*:=${EPREFIX}${SSL_CNF_DIR}:" \
-e "s:SSL_CMD=/usr:SSL_CMD=${EPREFIX}/usr:" \
"${DISTDIR}"/${PN}-c_rehash.sh.${REV} \
> "${WORKDIR}"/c_rehash || die #416717
}
src_prepare() {
# Make sure we only ever touch Makefile.org and avoid patching a file
# that gets blown away anyways by the Configure script in src_configure
rm -f Makefile
if ! use vanilla ; then
epatch "${FILESDIR}"/${PN}-1.0.0a-ldflags.patch #327421
epatch "${FILESDIR}"/${PN}-1.0.0d-windres.patch #373743
epatch "${FILESDIR}"/${PN}-1.0.0h-pkg-config.patch
epatch "${FILESDIR}"/${PN}-1.0.1-parallel-build.patch
epatch "${FILESDIR}"/${PN}-1.0.1-x32.patch
epatch "${FILESDIR}"/${PN}-1.0.1e-ipv6.patch
epatch_user #332661
fi
# disable fips in the build
# make sure the man pages are suffixed #302165
# don't bother building man pages if they're disabled
sed -i \
-e '/DIRS/s: fips : :g' \
-e '/^MANSUFFIX/s:=.*:=ssl:' \
-e '/^MAKEDEPPROG/s:=.*:=$(CC):' \
-e $(has noman FEATURES \
&& echo '/^install:/s:install_docs::' \
|| echo '/^MANDIR=/s:=.*:='${EPREFIX}'/usr/share/man:') \
Makefile.org \
|| die
# show the actual commands in the log
sed -i '/^SET_X/s:=.*:=set -x:' Makefile.shared
# allow openssl to be cross-compiled
cp "${FILESDIR}"/gentoo.config-1.0.1 gentoo.config || die
chmod a+rx gentoo.config
append-flags -fno-strict-aliasing
append-flags $(test-flags-CC -Wa,--noexecstack)
sed -i '1s,^:$,#!'${EPREFIX}'/usr/bin/perl,' Configure #141906
./config --test-sanity || die "I AM NOT SANE"
}
src_configure() {
unset APPS #197996
unset SCRIPTS #312551
unset CROSS_COMPILE #311473
tc-export CC AR RANLIB RC
# Clean out patent-or-otherwise-encumbered code
# Camellia: Royalty Free http://en.wikipedia.org/wiki/Camellia_(cipher)
# IDEA: Expired http://en.wikipedia.org/wiki/International_Data_Encryption_Algorithm
# EC: ????????? ??/??/2015 http://en.wikipedia.org/wiki/Elliptic_Curve_Cryptography
# MDC2: Expired http://en.wikipedia.org/wiki/MDC-2
# RC5: 5,724,428 03/03/2015 http://en.wikipedia.org/wiki/RC5
use_ssl() { usex $1 "enable-${2:-$1}" "no-${2:-$1}" " ${*:3}" ; }
echoit() { echo "$@" ; "$@" ; }
local krb5=$(has_version app-crypt/mit-krb5 && echo "MIT" || echo "Heimdal")
local sslout=$(./gentoo.config)
einfo "Use configuration ${sslout:-(openssl knows best)}"
local config="Configure"
[[ -z ${sslout} ]] && config="config"
echoit \
./${config} \
${sslout} \
$(use sse2 || echo "no-sse2") \
enable-camellia \
$(use_ssl !bindist ec) \
enable-idea \
enable-mdc2 \
$(use_ssl !bindist rc5) \
enable-tlsext \
$(use_ssl gmp gmp -lgmp) \
$(use_ssl kerberos krb5 --with-krb5-flavor=${krb5}) \
$(use_ssl rfc3779) \
$(use_ssl zlib) \
--prefix="${EPREFIX}"/usr \
--openssldir="${EPREFIX}"${SSL_CNF_DIR} \
--libdir=$(get_libdir) \
shared threads \
|| die
# Clean out hardcoded flags that openssl uses
local CFLAG=$(grep ^CFLAG= Makefile | LC_ALL=C sed \
-e 's:^CFLAG=::' \
-e 's:-fomit-frame-pointer ::g' \
-e 's:-O[0-9] ::g' \
-e 's:-march=[-a-z0-9]* ::g' \
-e 's:-mcpu=[-a-z0-9]* ::g' \
-e 's:-m[a-z0-9]* ::g' \
)
sed -i \
-e "/^CFLAG/s|=.*|=${CFLAG} ${CFLAGS}|" \
-e "/^SHARED_LDFLAGS=/s|$| ${LDFLAGS}|" \
Makefile || die
}
src_compile() {
# depend is needed to use $confopts; it also doesn't matter
# that it's -j1 as the code itself serializes subdirs
emake -j1 depend
emake all
# rehash is needed to prep the certs/ dir; do this
# separately to avoid parallel build issues.
emake rehash
}
src_test() {
emake -j1 test
}
src_install() {
emake INSTALL_PREFIX="${D}" install
dobin "${WORKDIR}"/c_rehash #333117
dodoc CHANGES* FAQ NEWS README doc/*.txt doc/c-indentation.el
dohtml -r doc/*
use rfc3779 && dodoc engines/ccgost/README.gost
# This is crappy in that the static archives are still built even
# when USE=static-libs. But this is due to a failing in the openssl
# build system: the static archives are built as PIC all the time.
# Only way around this would be to manually configure+compile openssl
# twice; once with shared lib support enabled and once without.
use static-libs || rm -f "${ED}"/usr/lib*/lib*.a
# create the certs directory
dodir ${SSL_CNF_DIR}/certs
cp -RP certs/* "${ED}"${SSL_CNF_DIR}/certs/ || die
rm -r "${ED}"${SSL_CNF_DIR}/certs/{demo,expired}
# Namespace openssl programs to prevent conflicts with other man pages
cd "${ED}"/usr/share/man
local m d s
for m in $(find . -type f | xargs grep -L '#include') ; do
d=${m%/*} ; d=${d#./} ; m=${m##*/}
[[ ${m} == openssl.1* ]] && continue
[[ -n $(find -L ${d} -type l) ]] && die "erp, broken links already!"
mv ${d}/{,ssl-}${m}
# fix up references to renamed man pages
sed -i '/^[.]SH "SEE ALSO"/,/^[.]/s:\([^(, ]*(1)\):ssl-\1:g' ${d}/ssl-${m}
ln -s ssl-${m} ${d}/openssl-${m}
# locate any symlinks that point to this man page ... we assume
# that any broken links are due to the above renaming
for s in $(find -L ${d} -type l) ; do
s=${s##*/}
rm -f ${d}/${s}
ln -s ssl-${m} ${d}/ssl-${s}
ln -s ssl-${s} ${d}/openssl-${s}
done
done
[[ -n $(find -L ${d} -type l) ]] && die "broken manpage links found :("
dodir /etc/sandbox.d #254521
echo 'SANDBOX_PREDICT="/dev/crypto"' > "${ED}"/etc/sandbox.d/10openssl
diropts -m0700
keepdir ${SSL_CNF_DIR}/private
}
pkg_preinst() {
has_version ${CATEGORY}/${PN}:0.9.8 && return 0
preserve_old_lib /usr/$(get_libdir)/lib{crypto,ssl}.so.0.9.8
}
pkg_postinst() {
ebegin "Running 'c_rehash ${EROOT%/}${SSL_CNF_DIR}/certs/' to rebuild hashes #333069"
c_rehash "${EROOT%/}${SSL_CNF_DIR}/certs" >/dev/null
eend $?
has_version ${CATEGORY}/${PN}:0.9.8 && return 0
preserve_old_lib_notify /usr/$(get_libdir)/lib{crypto,ssl}.so.0.9.8
}

22
sdk_container/src/third_party/portage-stable/dev-libs/openssl/openssl-1.0.1e-r2.ebuild → sdk_container/src/third_party/portage-stable/dev-libs/openssl/openssl-1.0.2_beta1.ebuild vendored
View File

@ -1,20 +1,21 @@
# Copyright 1999-2013 Gentoo Foundation
# Copyright 1999-2014 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
# $Header: /var/cvsroot/gentoo-x86/dev-libs/openssl/openssl-1.0.1e-r2.ebuild,v 1.1 2013/10/23 16:10:35 vapier Exp $
# $Header: /var/cvsroot/gentoo-x86/dev-libs/openssl/openssl-1.0.2_beta1.ebuild,v 1.2 2014/03/21 19:12:26 polynomial-c Exp $
EAPI="4"
inherit eutils flag-o-matic toolchain-funcs multilib
REV="1.7"
MY_P=${P/_/-}
DESCRIPTION="full-strength general purpose cryptography library (including SSL and TLS)"
HOMEPAGE="http://www.openssl.org/"
SRC_URI="mirror://openssl/source/${P}.tar.gz
SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
http://cvs.pld-linux.org/cgi-bin/cvsweb.cgi/packages/${PN}/${PN}-c_rehash.sh?rev=${REV} -> ${PN}-c_rehash.sh.${REV}"
LICENSE="openssl"
SLOT="0"
KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~arm-linux ~x86-linux"
#KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~arm-linux ~x86-linux"
IUSE="bindist gmp kerberos rfc3779 sse2 static-libs test +tls-heartbeat vanilla zlib"
# Have the sub-libs in RDEPEND with [static-libs] since, logically,
@ -35,8 +36,10 @@ DEPEND="${RDEPEND}
test? ( sys-devel/bc )"
PDEPEND="app-misc/ca-certificates"
S="${WORKDIR}/${MY_P}"
src_unpack() {
unpack ${P}.tar.gz
unpack ${MY_P}.tar.gz
SSL_CNF_DIR="/etc/ssl"
sed \
-e "/^DIR=/s:=.*:=${EPREFIX}${SSL_CNF_DIR}:" \
@ -54,12 +57,11 @@ src_prepare() {
epatch "${FILESDIR}"/${PN}-1.0.0a-ldflags.patch #327421
epatch "${FILESDIR}"/${PN}-1.0.0d-windres.patch #373743
epatch "${FILESDIR}"/${PN}-1.0.0h-pkg-config.patch
epatch "${FILESDIR}"/${PN}-1.0.1-parallel-build.patch
epatch "${FILESDIR}"/${PN}-1.0.1-x32.patch
epatch "${FILESDIR}"/${PN}-1.0.1e-ipv6.patch
epatch "${FILESDIR}"/${P}-bad-mac-aes-ni.patch #463444
epatch "${FILESDIR}"/${PN}-1.0.1e-perl-5.18.patch #483820
epatch "${FILESDIR}"/${PN}-1.0.2-parallel-build.patch
epatch "${FILESDIR}"/${PN}-1.0.2-ipv6.patch
epatch "${FILESDIR}"/${PN}-1.0.2_beta1-perl-5.18.patch #497286
epatch "${FILESDIR}"/${PN}-1.0.1e-s_client-verify.patch #472584
epatch "${FILESDIR}"/${PN}-1.0.1f-revert-alpha-perl-generation.patch #499086
epatch_user #332661
fi

237
sdk_container/src/third_party/portage-stable/net-misc/openssh/ChangeLog vendored
View File

@ -1,6 +1,239 @@
# ChangeLog for net-misc/openssh
# Copyright 1999-2013 Gentoo Foundation; Distributed under the GPL v2
# $Header: /var/cvsroot/gentoo-x86/net-misc/openssh/ChangeLog,v 1.466 2013/02/21 05:30:13 zmedico Exp $
# Copyright 1999-2014 Gentoo Foundation; Distributed under the GPL v2
# $Header: /var/cvsroot/gentoo-x86/net-misc/openssh/ChangeLog,v 1.519 2014/03/23 09:55:55 ago Exp $
23 Mar 2014; Agostino Sarubbo <ago@gentoo.org> -openssh-5.9_p1-r4.ebuild,
-openssh-6.0_p1-r1.ebuild, -openssh-6.1_p1-r1.ebuild,
-openssh-6.2_p2-r5.ebuild, -openssh-6.3_p1-r1.ebuild,
-openssh-6.4_p1-r1.ebuild:
Remove old
23 Mar 2014; Agostino Sarubbo <ago@gentoo.org> openssh-6.6_p1-r1.ebuild:
Stable for alpha, wrt bug #505066
23 Mar 2014; Agostino Sarubbo <ago@gentoo.org> openssh-6.6_p1-r1.ebuild:
Stable for sparc, wrt bug #505066
23 Mar 2014; Agostino Sarubbo <ago@gentoo.org> openssh-6.6_p1-r1.ebuild:
Stable for ppc64, wrt bug #505066
23 Mar 2014; Agostino Sarubbo <ago@gentoo.org> openssh-6.6_p1-r1.ebuild:
Stable for ppc, wrt bug #505066
22 Mar 2014; Markus Meier <maekke@gentoo.org> openssh-6.6_p1-r1.ebuild:
arm stable, bug #505066
22 Mar 2014; Jeroen Roovers <jer@gentoo.org> openssh-6.6_p1-r1.ebuild:
Stable for HPPA (bug #505066).
21 Mar 2014; Mike Frysinger <vapier@gentoo.org> openssh-6.6_p1-r1.ebuild:
Also disable -ftrapv flag in configure.ac #505182 by Jeroen Roovers.
21 Mar 2014; Mike Frysinger <vapier@gentoo.org> openssh-6.6_p1-r1.ebuild:
Disable -ftrapv flag on hppa until gcc ICEs get sorted out #505182 by Jeroen
Roovers.
20 Mar 2014; Mike Frysinger <vapier@gentoo.org> openssh-6.6_p1-r1.ebuild:
Mark arm64/ia64/m68k/s390/sh stable #505066.
*openssh-6.6_p1-r1 (20 Mar 2014)
20 Mar 2014; Lars Wendler <polynomial-c@gentoo.org> -openssh-6.6_p1.ebuild,
+openssh-6.6_p1-r1.ebuild:
Fixed hpn patch to not add a false patch level to ssh's version string
(6.6p2). Committed straight to stable where -r0 was stable.
20 Mar 2014; Agostino Sarubbo <ago@gentoo.org> openssh-6.6_p1.ebuild:
Stable for x86, wrt bug #505066
20 Mar 2014; Agostino Sarubbo <ago@gentoo.org> openssh-6.6_p1.ebuild:
Stable for amd64, wrt bug #505066
20 Mar 2014; Mike Frysinger <vapier@gentoo.org>
files/openssh-6.6_p1-openssl-ignore-status.patch:
link in upstream bug url
20 Mar 2014; Mike Frysinger <vapier@gentoo.org>
+files/openssh-6.6_p1-openssl-ignore-status.patch, openssh-6.6_p1.ebuild:
Fix openssl version check to accept dev/beta/release versions.
*openssh-6.6_p1 (19 Mar 2014)
19 Mar 2014; Mike Frysinger <vapier@gentoo.org>
+files/openssh-6.6_p1-x509-glue.patch,
+files/openssh-6.6_p1-x509-hpn14v4-glue-p2.patch, +openssh-6.6_p1.ebuild,
-files/openssh-6.5_p1-x509-glue.patch,
-files/openssh-6.5_p1-x509-hpn14v4-glue-p2.patch, -openssh-6.5_p1-r1.ebuild:
Version bump.
14 Mar 2014; Mike Frysinger <vapier@gentoo.org>
files/openssh-6.5_p1-hpn-cipher-align.patch:
Fix build on 32bit systems #504616 by Toralf Förster.
*openssh-6.5_p1-r1 (14 Mar 2014)
14 Mar 2014; Mike Frysinger <vapier@gentoo.org>
+files/openssh-6.5_p1-hpn-cipher-align.patch, +openssh-6.5_p1-r1.ebuild,
-openssh-6.5_p1.ebuild:
Avoid unaligned loads/stores in USE=hpn cipher code #498632 by Bruno.
*openssh-6.5_p1 (14 Mar 2014)
14 Mar 2014; Mike Frysinger <vapier@gentoo.org>
+files/openssh-6.5_p1-x509-glue.patch,
+files/openssh-6.5_p1-x509-hpn14v4-glue-p2.patch, +openssh-6.5_p1.ebuild:
Version bump #499962 by Lars Wendler.
14 Feb 2014; Akinori Hattori <hattya@gentoo.org> openssh-6.4_p1-r1.ebuild:
ia64 stable wrt bug #477894
01 Feb 2014; Raúl Porcel <armin76@gentoo.org> openssh-6.4_p1-r1.ebuild:
Stable on sparc after p.use.masking hpn, bug #499552
31 Jan 2014; Raúl Porcel <armin76@gentoo.org> openssh-6.4_p1-r1.ebuild:
Move to -sparc, bug #499552
26 Jan 2014; Agostino Sarubbo <ago@gentoo.org> openssh-6.4_p1-r1.ebuild:
Stable for sparc, wrt bug #477894
23 Jan 2014; Joseph Jezak <josejx@gentoo.org> openssh-6.4_p1-r1.ebuild:
Marked ppc/ppc64 stable for bug #477894.
18 Jan 2014; Mike Frysinger <vapier@gentoo.org> openssh-6.4_p1-r1.ebuild:
Add arm64 love.
16 Jan 2014; Mike Frysinger <vapier@gentoo.org> openssh-6.4_p1-r1.ebuild:
Mark m68k/s390/sh stable.
02 Jan 2014; Lars Wendler <polynomial-c@gentoo.org> openssh-6.4_p1-r1.ebuild:
amd64 stable (bug #477894).
25 Dec 2013; Markus Meier <maekke@gentoo.org> openssh-6.4_p1-r1.ebuild:
arm stable, bug #477894
24 Dec 2013; Agostino Sarubbo <ago@gentoo.org> openssh-6.4_p1-r1.ebuild:
Stable for x86, wrt bug #477894
11 Dec 2013; Jeroen Roovers <jer@gentoo.org> openssh-6.4_p1-r1.ebuild:
Stable for HPPA (bug #477894).
11 Dec 2013; Tim Harder <radhermit@gentoo.org> openssh-5.9_p1-r4.ebuild,
openssh-6.0_p1-r1.ebuild, openssh-6.1_p1-r1.ebuild, openssh-6.2_p2-r5.ebuild,
openssh-6.3_p1-r1.ebuild, openssh-6.4_p1-r1.ebuild:
Make sure ldap support is truly enabled before installing the openldap
schema.
09 Nov 2013; Tim Harder <radhermit@gentoo.org> -openssh-6.4_p1.ebuild:
Remove insecure version due to improperly using the 6.3_p1 tarball.
*openssh-6.4_p1-r1 (09 Nov 2013)
09 Nov 2013; Tim Harder <radhermit@gentoo.org> +openssh-6.4_p1-r1.ebuild,
+files/openssh-6.4_p1-x509-glue.patch:
Update x509 patch.
*openssh-6.4_p1 (09 Nov 2013)
09 Nov 2013; Robin H. Johnson <robbat2@gentoo.org> +openssh-6.4_p1.ebuild:
Add real OpenSSH-6.4p1 release (nearly identical to 6.3, just with the AES-GCM
fix).
08 Nov 2013; Tim Harder <radhermit@gentoo.org> -openssh-6.2_p2-r3.ebuild,
-openssh-6.2_p2-r4.ebuild:
Remove insecure versions.
*openssh-6.2_p2-r5 (08 Nov 2013)
08 Nov 2013; Tim Harder <radhermit@gentoo.org> +openssh-6.2_p2-r5.ebuild:
Apply AES-GCM cipher patch for the 6.2 series (bug #490728).
08 Nov 2013; Tim Harder <radhermit@gentoo.org> -openssh-6.3_p1.ebuild:
Remove insecure version.
*openssh-6.3_p1-r1 (08 Nov 2013)
08 Nov 2013; Tim Harder <radhermit@gentoo.org> +openssh-6.3_p1-r1.ebuild,
+files/openssh-6.3_p1-aes-gcm.patch:
Apply patch to fix a memory corruption vulnerability with the AES-GCM cipher
(bug #490728).
*openssh-6.3_p1 (05 Nov 2013)
05 Nov 2013; Tim Harder <radhermit@gentoo.org> +openssh-6.3_p1.ebuild,
+files/openssh-6.3_p1-x509-glue.patch,
+files/openssh-6.3_p1-x509-hpn14v2-glue.patch:
Version bump (bug #488482).
*openssh-6.2_p2-r4 (15 Aug 2013)
15 Aug 2013; Tim Harder <radhermit@gentoo.org> +openssh-6.2_p2-r4.ebuild,
+files/openssh-6.2_p2-x509-hpn14v1-glue.patch:
Update to hpn14v1 patch that fixes the multi-threaded AES-CTR cipher when the
process forks to the background or when using the rlimit sandbox.
*openssh-6.2_p2-r3 (21 Jul 2013)
21 Jul 2013; Tim Harder <radhermit@gentoo.org> -openssh-6.2_p2-r2.ebuild,
+openssh-6.2_p2-r3.ebuild:
Fix hpn support when pseudo-tty allocation is disabled (bug #477506).
18 Jul 2013; Tim Harder <radhermit@gentoo.org> -openssh-6.0_p1.ebuild,
-openssh-6.1_p1.ebuild, -openssh-6.2_p2.ebuild, -openssh-6.2_p2-r1.ebuild,
-files/openssh-5.2_p1-autoconf.patch, -files/openssh-5.2_p1-gsskex-fix.patch,
-files/openssh-5.2_p1-x509-hpn-glue.patch,
-files/openssh-5.6_p1-x509-hpn-glue.patch,
-files/openssh-5.7_p1-x509-hpn-glue.patch,
-files/openssh-5.8_p1-selinux.patch:
Remove old.
*openssh-6.2_p2-r2 (18 Jul 2013)
18 Jul 2013; Tim Harder <radhermit@gentoo.org> +openssh-6.2_p2-r2.ebuild:
Fix xauth path (bug #477304 by Tobias Klausmann) and move into ~arch.
27 Jun 2013; Tim Harder <radhermit@gentoo.org> Manifest:
Update ldap patch to fix segfault issue.
*openssh-6.2_p2-r1 (27 Jun 2013)
27 Jun 2013; Tim Harder <radhermit@gentoo.org> +openssh-6.2_p2-r1.ebuild:
Revision bump, add ldap and hpn support.
*openssh-6.2_p2 (24 Jun 2013)
24 Jun 2013; Mike Frysinger <vapier@gentoo.org>
+files/openssh-6.2_p2-x509-glue.patch,
+files/openssh-6.2_p2-x509-hpn-glue.patch, +openssh-6.2_p2.ebuild,
-files/openssh-6.2_p1-x509-glue.patch,
-files/openssh-6.2_p1-x509-hpn-glue.patch, -openssh-6.2_p1.ebuild:
Version bump #470222 by Jason A. Donenfeld.
23 Jun 2013; Mike Frysinger <vapier@gentoo.org> openssh-6.2_p1.ebuild:
Move into ~arch w/hpn disabled as it randomly hangs.
19 Jun 2013; Mike Frysinger <vapier@gentoo.org> openssh-5.9_p1-r4.ebuild,
openssh-6.0_p1-r1.ebuild, openssh-6.1_p1-r1.ebuild, openssh-6.2_p1.ebuild:
Call epatch_user #473004 by Jan Pobrislo.
09 Jun 2013; Mike Frysinger <vapier@gentoo.org> metadata.xml:
Add upstream CPE tag (security info) from ChromiumOS.
24 Apr 2013; Mike Frysinger <vapier@gentoo.org> files/sshd.rc6.4:
Use new -A flag with ssh-keygen to take care of generating all the right keys
#457026 by Mike Gilbert.
04 Apr 2013; Mike Gilbert <floppym@gentoo.org> files/sshd.service:
Add ExecStartPre=/usr/bin/ssh-keygen -A to sshd.service. Bug 457026.
30 Mar 2013; Tim Harder <radhermit@gentoo.org> openssh-6.2_p1.ebuild,
+files/openssh-6.2_p1-x509-glue.patch,
+files/openssh-6.2_p1-x509-hpn-glue.patch:
Update glue patches for X509 support.
*openssh-6.2_p1 (24 Mar 2013)
24 Mar 2013; Mike Frysinger <vapier@gentoo.org> +openssh-6.2_p1.ebuild:
Initial version. Needs ldap, and a little more testing w/custom hpn patch.
21 Feb 2013; Zac Medico <zmedico@gentoo.org> openssh-6.1_p1-r1.ebuild:
Fix for prefix and add ~arm-linux + ~x86-linux keywords.

66
sdk_container/src/third_party/portage-stable/net-misc/openssh/Manifest vendored
View File

@ -2,15 +2,9 @@
Hash: SHA256
AUX openssh-4.7_p1-GSSAPI-dns.patch 4494 SHA256 88a08f349258d4be5b2faa838a89fe1aa0196502990b745ac0e3a70dda30a0d7 SHA512 4d00a9ed79f66b92502c3e5ee580523f63d7b3643fe1bd330ff97994acce527d4d285d38199cef66eddc0ef68afabf7b268abc60cba871bac5d2e99045d4ac11 WHIRLPOOL 2f118fd2f016c529dbc31e8f2b6b418931e6770ab02c28b7feeaba93e84e7fcd1c742f4420a43a9fec0bdfaa4d4bc7cf14fb860c0a56c68a30e7b136fb60bcdb
AUX openssh-5.2_p1-autoconf.patch 386 SHA256 42bb5f23f02241186abd6158ac15cd1fba0fadb4bd79e6b051fbd05605419ebb SHA512 80a2244e243492d3933646a32fa673078efd72d0e87939b326c2210f23d72675839cfefa2f31617279d51834cc34daf2c3c189c9d92b08875b6b4f68fa7f3844 WHIRLPOOL d4ca3dd8554863d074054489a2dbe5aca3d07fcc5858e908caa5d76dcf8beb661cc3ca6d22a02ab2ca9f504160a6a1acc7f45a4fa775d879b02ee1ae3d113926
AUX openssh-5.2_p1-gsskex-fix.patch 408 SHA256 8190db31ed2e8dc6ce79030e5c648d04610b06dd8366df5948ef6e990314ee96 SHA512 2022cd25b3e07430752569e07165db313e49a0902ef251df3e50ca96197849be6efbdee360a3a435cae0b5d2dda55acc8676b232d3584f87e204c2fc04b92801 WHIRLPOOL 65da9f3450493ca9a25741e66b2ecf97d7a5576c15485ff3a7c08fc57b06a17b3b6e73b14d2962bf958d9326a6d54c2940f56eb42de4bd5011324bba84c67cca
AUX openssh-5.2_p1-x509-hpn-glue.patch 2851 SHA256 a21336a892b61e29a556d16e9f0a67ee08ad04dd61e3963a201fdf032ce55f75 SHA512 417617acba409539cd2edd59e7640fe732f90265f70d7f4cd91c8b059d44c9c1be63cf336ee3a39a45f1a066bc577e261836b8113296535b9320d77fed3a05bf WHIRLPOOL 901fd8e0ceafd27bd5fdca9007b82842dce2b5aee11c069d0f0229c4568886f0df861c80eb5b3a754a0af795ebb9c78a78a3e76002f17bdbf8349923439deecf
AUX openssh-5.2p1-ldap-stdargs.diff 252 SHA256 97281375efa33e9ce70a55bfa95b6b426208175e7e3ff493012bc25d9b012f45 SHA512 2577b1476211f563bf8a7e62c2341e35cff7208a04b7a3fb1d331721e58f395cdef1ce2ac735b95c31781e06e16ec27c6692df09928393248c971837a1e03079 WHIRLPOOL df65dd54dd12be39fb4b830536f86aef97c086b227de1d87d56788bf8bce39a345da0ed814dd53abdaa5d158c99f0b87cb8510812d10c353a3b8a82493b210af
AUX openssh-5.4_p1-openssl.patch 255 SHA256 f83627039491e9969f1ed5d77fe816465ce75809e8c2f2bfb07012bc21384347 SHA512 8cfd757dbe79ee502c10c5d518730f4e790bd61753120bb168d545dfc702a7a55c274fd9c81d2798ec78cba30f173aaf0bee1f15bb23f9f465c3524a5c81ca2d WHIRLPOOL 852f3e9dc6cd05934b52effa03961a0d989734a28649eb199e1f260d4e8129dffed378d8efdbd40a5f520362fe8fa404a744724135caa39f48e876849cf2350b
AUX openssh-5.6_p1-hpn-progressmeter.patch 334 SHA256 eaa98f954934364a1994111f5a422d0730b6e224822cef03efe6d6fc0c7f056f SHA512 46eb5253549ddca045e67841daa092a8a33a6ae4411e75c301589f0a88159c6d2ccfe45c2f0502314465b93ac6f1965264a9b92b13e0e88d4ff15ced5f4ebfeb WHIRLPOOL 72b05e4243e746fc315468ac1dc8988b92919dbd147470855b8753e0ae37ad3696de6c9ec29346596aee2d60acbbcce79cea5735b9a91b3452a4b4f3f69d3012
AUX openssh-5.6_p1-x509-hpn-glue.patch 1974 SHA256 164db7af08e0565821d6d609b1beadab39777521bfff143a83acc1e097ad60f1 SHA512 a764d8411f0b7c49d6f51b25153c18648d58dfbc82897903bad826293f3497010ab0343e4a4cc81b37e51c3a28ec04cd5be7c8882126295ba2b38e734e262995 WHIRLPOOL 4a8151dde306eace1404b8e83dc2514cb8f073acb6c759b9a2a9e619181951873afad785f565861f6d1031d9314f8d450faef63629dfd5f1b0074cb78b059578
AUX openssh-5.7_p1-x509-hpn-glue.patch 1888 SHA256 30f63dea0e810d92790ddaf9813f0b8dec1e827a39e1752faff6bb41382f3c1b SHA512 db839f3cf3c67ef28290551810dc5c8937d1ef401f48ed937165b57191e75944adb25ab36cbf30289f7fc0076ec192c030e40fb5a744c63932b414e49b99946a WHIRLPOOL 2e539c49ef613e2a9912011ac289036381f8fd8d8ff5f2e0088dd3443a1c7fd86c3efe2b2041736bf67b73c8b4b298208de183945dc68c73ad6f35c41fb8a619
AUX openssh-5.8_p1-selinux.patch 433 SHA256 0de250c75f4dae78406e5151f563bd104b8e7792a825515510e095fb47462cfd SHA512 e6c89eb26b4bc651503ab81d346e780fdec3056302c5e2d8a6be5892fa514f83093370c463aae88091dc20d30013fd32250e040649147797bcca69ddc7d05ae3 WHIRLPOOL f72ccd773b9ff7a897940afddcb38ba9512e0830c33a2381886d2698e0ae0c6a7db9678326945bdf6769acc21d3e4bf8a196161114805d4570af2819e610df84
AUX openssh-5.8_p1-x509-hpn-glue.patch 1907 SHA256 7ab452c02b141645b764d404aa3de0754ab240a64601a6bb587919673f957682 SHA512 317c04fab93aaf82685e54335c876b2399623ef69428297c2e5934d45f69f0e78a89c79ad7bb186ef12a779ebf0f088ca142d6a426baeb32b166ceca8098572d WHIRLPOOL 34fdef826750070d112dc6c1bf84de11ebfa646fb5cbfb9f76d13dab925cff94996ed51cfdcba4e0b536915883bb4728756b79db157c019ba951ee1a32c18fe3
AUX openssh-5.9_p1-drop-openssl-check.patch 848 SHA256 89b011e27548b9922deed63ed57a6c94ea8013bb3bfb4d6590ba43d284a2ab86 SHA512 bbcbb61b6fea194e7ee3862a5b462d48ce4cf4fec12cc8a8564fc5fc8f840dca2b4ddf301bf9d12bcbfd3922948023320ea660a8c194d57bf2b1e9d095fc8eb2 WHIRLPOOL dc8e140d2bfe59546b944236ebcc702cd4a19ed5c6ee24d590bb0d50221069666b3797cf1717e6090d12525b3310cd963537e4c2c413bb2692ec85dcb2d33b43
AUX openssh-5.9_p1-sshd-gssapi-multihomed.patch 6622 SHA256 f5ae8419023d9e5f64c4273e43d60664d0079b5888ed999496038f295852e0ae SHA512 ffa45e97e585c8624792e039e7571b2bb5f38e4554de8bfc1d532f3348fa4a712ea1b6ca054e6a59ed1321a15cf1a9d3bdf3f399cec315346db89bae77abf57d WHIRLPOOL cc4871e3fb91a8075a13b5e49d7d3e0e83106bae0820ae3cf19d3427aad3d701b8f25b2cc2cc881a6315f8e5114fb82da9ca335acccb24afe221d66574fb7685
@ -22,6 +16,17 @@ AUX openssh-6.0_p1-x509-glue.patch 569 SHA256 8c9048a33036a93f56e254cfd53b183136
AUX openssh-6.0_p1-x509-hpn-glue.patch 1774 SHA256 b2dcff21652eea92d2ff2640a568070a944e7bfb2bd3217c433e6383a64b0970 SHA512 82793502b8c943f0bd69019ea1cf1172f9579dc6a8f6c91f6aba9a9d743384d5ac84f7a49df07165e252b4ef4fc06b745463bdc58d06da2aca3c7acbb3dd8623 WHIRLPOOL ffd01827dbf8162359cf7a278020f2bfa7ed1ee1051774522623bcf448ffc8a3e28ecff2de5733b352beef5722a9dec2e9bb25fabc7edca615a774f65f756246
AUX openssh-6.1_p1-x509-glue.patch 573 SHA256 e51aa53e9e0336606fc36af237d50338347b845ee56a66d01f86829c4b46feb6 SHA512 bac2971b6435433d6ac88fb127c178e678fe805f51260454d9d0b631ef52dbafc08343fb307a74a116691545a82f5369dc014e71a7c8c65ba41699b31e1dfb6f WHIRLPOOL dd514ce502f7c7968e8fa526b1b2f7d7945f2d5b5f1f013e54f7513a7c7bf6025dbdeabe566958018db8f7442c9611f7efd435501b4b965b0fe7594e24ee20fc
AUX openssh-6.1_p1-x509-hpn-glue.patch 1491 SHA256 28c5000f7c8b23afc363d066cf96d39c00882274f227b7743b1e376df8b61a2e SHA512 0d6bab08cc400b81d936883bf39f5a461799874f6ea3dcf55c083372ed379bc0066b913646f7a0e32167079ba85409c272b258de179d55660739df4bbbf30e5b WHIRLPOOL dbfbf8eb0312ae119421e45efd8243b089ab2d3c2bc1f7b7cbd5b56f86844dfe42b27952e4ed88653679ec036f70b8edd3e00f17ae097241fbc88567bab38505
AUX openssh-6.2_p2-x509-glue.patch 555 SHA256 e0aa2310ffd1c4e1bd6663d1e9420e42ce9fce0096ca263b63d6a8fe34de91c7 SHA512 002d67109b116abb465c06c0f6ca6e431654bfc924864ffe4563afe91fba723dc3c0c484032205cadd6da4dcbe6a79ad31c83d0d2018adb22d0940ba35f531d4 WHIRLPOOL 8484c826e7c9aad0bd6a2f1779fff798573786c5b264c4a98e1c88db5b8b107ca9b5f573d3f240b8ecfa7fdf2a87e41cd174263804d29007093ae246ce034237
AUX openssh-6.2_p2-x509-hpn-glue.patch 1451 SHA256 4e61991619cef00a09951ceea68fdd5c3e9d947031d5dfef2e054d0254ef606c SHA512 37d15f3014c45804436b804489b8a7473189867c71e5d6cce8d666b1556cfd5b89ef8ed143b7d81ca5d61ff03e6485dd1a096e9571a49ac9ad2d3ca5a1963d20 WHIRLPOOL 8b79e621fc9dd28e40c8544235e5ca44eb98f5987bd8024e8ae25f99fbfe468c7995814bae7ca207cae83dbfd5cccfa37a19f07049e5555b65fd9cdf9f30bd8b
AUX openssh-6.2_p2-x509-hpn14v1-glue.patch 2613 SHA256 83c8d03cfd0f81cd2f7018ec85659d14e0c50f2de1da490e45699d1328eee5f2 SHA512 2f69a97334d3af4488e1e1a3e3d8d03cda38260595ddce0eee6b01d3cb818b513f21955d83636f0d5a0cb295be4ef303a941186d8a818c75d6cd2f0a08429ab9 WHIRLPOOL 7465382738c859007018f362acf0a3f771e2aca5207f0f55c9e4ee053d303f08d7d29a79da286f9f19891c88e490eaba24a23027605922dba3b53b9d7034f5f5
AUX openssh-6.3_p1-aes-gcm.patch 367 SHA256 11e57d0b1e0de81b3bef67a026fb6e278807d9922feee2844482387c22dd6ac3 SHA512 a6e5b4a25db7a5ffc790c66180489ed3fd0926a982a6a1d6b3284ba841b61351b26d5c636163a1b6f551467c363695e4cac884845eecb5734aba2a4ab9a43197 WHIRLPOOL cba8c9a40d85848b2ced73b040e85bc37e52af752589e536ff5eedcb7a983492b7be31ef55791f629ac25777d4fa2a41542c78d800f32475ab44d14d26d15b9d
AUX openssh-6.3_p1-x509-glue.patch 555 SHA256 1166dba2fe590dfee70119ce6dd79f535d7146d0afb8d36bf7a28505ba93a273 SHA512 1a3c2467215dde959fecdd563069d605f29632a7ffc385039a6fc90b2317ca56d463d0abb91a8bb594d321f64456f75a973bb62625deebe92f8787439416b82d WHIRLPOOL f894d19843a3c018efbe3ed365c8abbee52b1d7a3afea11b292a085996fef8d3cc9889a0e6ae596d4db876ed96efcb73d1823a677eac6779f8793c2fb3677cda
AUX openssh-6.3_p1-x509-hpn14v2-glue.patch 1451 SHA256 d7179b3c16edd065977aaf56a410e2b9b237206fb619474f312972b430b73c8d SHA512 02577e3f718ff994bb4e962189f17048b4c03104d0a1981683f3c6a1d6d30701db368e132102c8396da2c0f5eb2f6602b26f32f74d19382af34bd9a93fc508f3 WHIRLPOOL b7d224d71634f380bd31b3a1dd3e588a29582255f717a6a308738ad58b485b693d827a53704479995ec2ebca53c9dc9b2113d8de52a1336b67ce83943f946b77
AUX openssh-6.4_p1-x509-glue.patch 1445 SHA256 cf18f17b12514692a4e33d5fb995f5ba1bc1ea258c80babb38516d8def7d0bc3 SHA512 e5c51fd639e95ca9c7820974684117861cc58cf5172c7c44deaaca106c1e91a931421720cb210652aef30ffa41bc96efe04dbedf996120b40143080fc6b2b47d WHIRLPOOL 7c7065a22cc6237a927e6d6c0f7b4bfa7b57e32ffd8b3d70ed9e70b9a882a95ce40478873374460a6173cc5a33c22ddfbbded783568049f1b4fccb5f5253d4bf
AUX openssh-6.5_p1-hpn-cipher-align.patch 3024 SHA256 c79e3a201b2150e2fbc1e869233bac6acc27b2b126d4539cc09aa651fb2e60af SHA512 6efc2fa5f0e9b508e162bf20ab21d2c639888250387fa58ec0d812c7b1db125d8c654a0286a8ffc0d5530e5f0ec0ed723f3a5c0b7bd593b356aee2e811a1f4ec WHIRLPOOL 729c14b8d6f55d789ae2ea0e9cb2e0a4caba62dffced273de5c7254732e94673c1dc2d9e260d56e3a641e03ebab55d61c8ab7541fbf75957855b811def115677
AUX openssh-6.6_p1-openssl-ignore-status.patch 741 SHA256 604b0a5365c1b01c9ab26bf1a60acfe43246e1e44e2f0e78d7ec1e47856599e4 SHA512 578afe9ddb836d16d90eb8b0cf10e9282d9c5c5e639962034490cec0aab1bf98cae9b46fe7850446d0cdd93e848d98ca7ed0bdf2bfec6aad418f4c962d4ea08d WHIRLPOOL d30c079eee59281aa87935ad948c59a4c01f858b88d701575d58737cfe555a5229a5f921bfebe34a69dcd15d2dc5efc062050d183ad5a90180aed4e5b3cdadf4
AUX openssh-6.6_p1-x509-glue.patch 556 SHA256 b37b83b058ff9fb25742d202e0169afc204f135012624bb2811dcacfa9fb346b SHA512 e9535477fe4b0232d2a06edb9f73d8c50baa77ddcffd166624ea8352f298ad119622347c62c1d1e555318e9e6c7d981d2e9b03c388281b6347943861e8813aea WHIRLPOOL 4f01d975e598ce0fe2160e52dbd8251fd5cdf95880d1ef09b730457620f48038156d4bf21c0810978bfc65c9feb90cdfed97aa20018bc175759096dcd3a044d0
AUX openssh-6.6_p1-x509-hpn14v4-glue-p2.patch 999 SHA256 748f7caa953028da111d6f18ba91652a4821bc9bca60f5d4a90a6501c0098853 SHA512 d1b3790fc164c803e81c803b9e19e0bc351d2b9f353edb1d3531139898b372731b46fab5974a084830b2bab889b06fa33ce23b7d941f7d61da073c1bbfc5ff51 WHIRLPOOL c1d674b8e1cdc48dd0d8b2e7c8bf8e68cec757578f1217555e37eda8723e83e93b2ce183462499ad2165723eca2350544f810a1d6ec95ce4537a527f7918f117
AUX sshd.confd 396 SHA256 29c6d57ac3ec6018cadc6ba6cd9b90c9ed46e20049b970fdcc68ee2481a2ee41 SHA512 b9ae816af54a55e134a9307e376f05367b815f1b3fd545c2a2c312d18aedcf907f413e8bad8db980cdd9aad4011a72a79e1e94594f69500939a9cb46287f2f81 WHIRLPOOL 69f43e6192e009a4663d130f7e40ee8b13c6eb9cc7d960b5e0e22f5d477649c88806a9d219efef211f4346582c2bb51e40d230a8191e5953dbe08bfff976ae53
AUX sshd.pam 294 SHA256 f01cc51c624b21a815fb6c0be35edc590e2e6f8a5ffbdcabc220a9630517972f SHA512 3268dc826978fbb205968744d83c6f1c838c9c73bf9c4ceee709c5b4168b4aaf06bcde47a32808571fa71cbc5a6bfdb98406995b2b28c9e633ce392a53932d64 WHIRLPOOL fff8966d66d75cd4d70607585b5de063f225a776b73b8b0f8146c5eed6c8ffd2ca38c46f86fa4e2ca8caafcde7797a3f0b177e60baa6fa0642064080883fa68a
AUX sshd.pam_include.2 156 SHA256 166136e27d653e0bf481a6ca79fecb7d9fa2fc3d597d041f97df595f65a8193c SHA512 d3f7e6ca8c9f2b5060ebccb259316bb59c9a7e158e8ef9466765a20db263a4043a590811f1a3ab072b718dbd70898bc69b77e0b19603d7f394b5ac1bd0a4a56c WHIRLPOOL ba7a0a8c3bb39c5fda69de34b822a19696398e0a8789211ac1faae787ee34f9639eb35efe29c67f874b5f9fe674742503e570f441c005974f4a0c93468b8970b
@ -29,34 +34,31 @@ AUX sshd.rc6 2189 SHA256 627125378ccfdd81289531f527346980da249d35499cb71518f88f1
AUX sshd.rc6.1 2270 SHA256 153119116208d328c496d29b7cb9f85991df93020cc50c83b05ed498b10a2126 SHA512 80f0e460ad7ffd9a6fb279ce2d307cbda1f7352745ffaca381867f636ae64df336a03de0da15aca39619acdbebf41e2ccbd2bb233433f93625754965aaaab780 WHIRLPOOL 6b7a4519282fe99fc36cd0f89f6163ad9c8c9d998b15e84d3758af607627db48cf58ffee1bc4291ac0e7f75455f8f8873cd5d996f3c75f1ea3bef0b249abdffe
AUX sshd.rc6.2 2069 SHA256 94b1fc0d608464fd4a6c7ed23f0b9c44aada3404982d8fd25b8bfe202baffaa6 SHA512 f75f95e6cf912b8c45f7ccf81e764805a56057368b18425abe699b29c3c66d32ea5b2d1c9f6fadf97487430e703e01dc2d965e41b8511f31a3e06d3bcbbc1006 WHIRLPOOL b9082ba3854e1842e057717b9a1571ba5ac6bf69c5facb391b7a3d890b13f879d7ae1484eafbbffc17746c3a8184f23e4c3fa831f678eabdea7d23e2c0d1bf63
AUX sshd.rc6.3 2057 SHA256 43d95b495440ed6b3c1eb82b81712d7f6e58246527605c11d733cb5eb5523254 SHA512 3ddcdeae6c7f4755df1f8fe77d9d1af8c728f8cc18da0feaeccc4b8147f86b4db1ab1bf4ad362c31fac986270b21fe2c80e0414d64f70bfdac2370e22c2c9db2 WHIRLPOOL 57a18d85ab77abe64eddf852975481d974bd68b0b058d854a31158aed14b1706743ad563aa013c770aa124533fb5344bc64d0c06b564e1b53e28e1b0ebe463e8
AUX sshd.rc6.4 2758 SHA256 7596248118e3d4087a9bbb4d9c7a9a949a472c73e94585084df1d0a744c17e12 SHA512 bfda73dddd8362005b8fc236132e4421e71ee6af4d917fc4956dd37a244b4ed888b10f7b86f90005bdf782e77346fbeb3453f5ffcf39906aee3e06596f84ccec WHIRLPOOL 1881214407406613b62ab86654b757433596f99b481ca80e106937c34b817750813d68a5df48f3004acb4df89c6a48426e3f7cbb4f9c2b6e49a809b50e50260e
AUX sshd.service 206 SHA256 093d4f526e740cbec46ad6a69207407daf01e74da44599d75b979f294c9b0a7b SHA512 67d96a63a6bc874bacc2f43b51c003f2209a4d2283f8435ba3495266e4823d73962fd995f46eab0e8b260107b9a8c416709b2f19e8e94ecea30ddd8280444cfe WHIRLPOOL b48005444104583bd230e68f870a1d0c4a8709f5e8f7fafa45becf259df64052b1938853e8e232b32aae882dbad83d5c78d7796eafb6c02bd0196f7a6a44075f
AUX sshd.rc6.4 2313 SHA256 97221a017d8ee9de996277c5a794d973a0b5e8180c29c97b3652bd1984a7b5d0 SHA512 88826bc9923299ac4c1502e7076483d6c197fd5a0e693bc2e1690f82bcd7d1bbd144aae2ffd92acb28d6fe912233aa93346e00c72917de65c22811ce9cd5bff7 WHIRLPOOL a77bad5891eb74770ae12e79131a99e5645a83841d14f1d60e39581a23b9d86e66b2e5fb7d0c989afac410eb5c6a627b83389d54085d1b78c89fc07852f8eb66
AUX sshd.service 242 SHA256 1351c43fe8287f61255ace9fa20790f770d69296b4dd31b0c583983d4cc59843 SHA512 77f50c85a2c944995a39819916eb860cfdc1aff90986e93282e669a0de73c287ecb92d550fd118cfcc8ab538eab677e0d103b23cd959b7e8d9801bc37250c39c WHIRLPOOL 0f5c48d709274c526ceee4f26e35dcb00816ffa9d6661acc1e4e462acb38c3c6108b0e87783eff9da1b1868127c5550c57a5a0a9d7270b927ac4b92191876989
AUX sshd.socket 136 SHA256 c055abcd10c5d372119cbc3708661ddffccdee7a1de1282559c54d03e2f109d9 SHA512 4d31d373b7bdae917dc0cf05418c71d4743e98e354aefcf055f88f55c9c644a5a0e0e605dbb8372c1b98d17c0ea1c8c0fee27d38ab8dbe23c7e420a6a78c6d42 WHIRLPOOL 102d87b708c31e5994e8005437c78b1aa756c6def4ee9ae2fa9be1438f328fc28c9152a4ff2528941be18f1311594490ecd98b66716ec74e970aa3725a98e2e5
AUX sshd_at.service 176 SHA256 332f5ffc30456fe2494095c2aabd1e6e02075ce224e2d49708ac7ccf6d341998 SHA512 662a9c2668902633e6dbcb9435ac35bec3e224afdb2ab6a1df908618536ae9fc1958ba1d611e146c01fddb0c8f41eefdc26de78f45b7f165b1d6b2ee2f23be2a WHIRLPOOL aeb32351380dd674ef7a2e7b537f43116c189f7fddb8bdb8b2c109e9f62b0a73cc0f29f2d46270e658ab6409b8d3671ce9e0d0ba7c0d3674c2f85291a73e6df1
DIST openssh-5.9p1+x509-7.0.diff.gz 181263 SHA256 a28e2535ecbf95deeef682682e7551459cc494bbc1c4ccb89be93cfe826d76ca SHA512 5f6e2be10ce8cf26fffcb782824f59c1f1ca0fa271800e162685ce74d1aac6d9035cfdacc87d3f859d3538bc0b22438a701dfc3c8108a130e6e4b7fdd36e6b16 WHIRLPOOL 00f92e2e235da11a87b30dc49e1a469a781482ea53ddf99fb892ec3796b9a68f62234c0ed72f2a3330f7af90f3afcdc90e2574b6ab5955ec6e64c13b75ab5e89
DIST openssh-5.9p1-hpn13v11.diff.gz 21971 SHA256 6a47a9e57f87385cac9a380b0b1649b73532afaf40c15f62e9236427c84e7aae SHA512 6f7ae144ff61b4ec7913dc94c7ed9550cfcd30336e3bbfafc6c875c99cf0c90cd7f8ce89d530f2861b9bda95433d591673136ba5a31310226207f787257da3be WHIRLPOOL fe4d9f515e5c51b159b0aa51b01840003de443c2f3e8eca90b657d54f490273d1ba98dbabe2cf3a104edaa0971cae5f5f8c739691310822493f8f2705c01465d
DIST openssh-5.9p1.tar.gz 1110014 SHA256 8d3e8b6b6ff04b525a6dfa6fdeb6a99043ccf6c3310cc32eba84c939b07777d5 SHA512 ccf13e3cb11489f9f7e4788f93ffae1f2c39d48819f0e9cd9197842abc922173d2c3c1ad1a87a2acf4497d67cb9edd48416098388fa33fc0b8e09456b1be7e2f WHIRLPOOL 2e8bd89fd14954a232602a912845ed29a08ca40637f8863fed675b19d18944125ecdbf292c45cf5c297584df6c3131ae4fd3c6bc62595dfebb3831120ea21cd1
DIST openssh-6.0p1+x509-7.1.diff.gz 200986 SHA256 c11e3837704a24393353fe264d61ffea8c1f23c0cb5b8261866c25677930768b SHA512 f45e16a21955546829c70bbad67a6af2cdf60fc6019d34c8563c3c328ffc477d1b31c3443ce032e7ff29d027979ecade476679d33c40961ac4ba65f96dac4b7f WHIRLPOOL 120063e566d721c233ea02cdf2ea114b7f707248962c126dd9def5377188283bb9da58a32a2d49453f4c37ad7a975e03bcdf106a28a0cb7e655eacc7c3f965c1
DIST openssh-6.0p1-hpn13v11.diff.bz2 19979 SHA256 a096f6ee6dfddb3996b5e7b806ece2a7709c8cce6560eb026c28d3fb56f71ee9 SHA512 2805ddac19a5c4962e6a57d9a6efd3f17ebac82ee2b6a7eed60521a4fd23468d4be7f67e59562120fb21e1efa7ab9213be5d8ab8e3ff6fb9c2ccd6d6989f460f WHIRLPOOL a588288d0b3a64a8414bf1061055dbf41b8370e59fd89ab6cdc2fc7b93046b467aefb9f9196a65f96bda395db38e3841e1ad781341919829de0d9d8d2a220df1
DIST openssh-6.0p1-hpn13v12.diff.gz 20223 SHA256 b6158c10fac153dd2a9f5d9b29df1e4db17a91f84f100b99526655317d9bf4c0 SHA512 d5decf82bfdbdcdcea974b3a8d990929908077851a3a8c122bda37e439e19e69973a371ac46683840263ec3c85fb2393a70183786f94b2afaff6577209f202c2 WHIRLPOOL 9347431c34737294f98aa07d1c4468ab0357e766c1ff55ad2e39af10041d9fa0e0253d36c5dde354513c97cf7ccb19ac1db7214c25797d57d917d4ee5a1199da
DIST openssh-6.0p1.tar.gz 1126034 SHA256 589d48e952d6c017e667873486b5df63222f9133d417d0002bd6429d9bd882de SHA512 4fe1f7e0d5e572575b11253916354b333a7eca558720885d5dceb7c89dc5da81cd57feaa4be756dfa4f3e9ef508e5f460e5fda221765191b1c02ae37431a444e WHIRLPOOL 7853155dfd35962ae31958600b6d4f94a3a916dac942f5f533cde3d85c8ea64066b887d66d7722bd647196f57df7ed27f62d5ec4588868754b6cdf999a404001
DIST openssh-6.1p1+x509-7.2.1.diff.gz 208071 SHA256 02d3703d419fc72be819a4e7fc8cbbb269182862465b6a99cc7b2af32d75a181 SHA512 6c1786c2c32d884e7b8f15e39912ca1d8fb54b1132ffae6d8d4f262356a16267a8e549a822911d0f40eabe49015080ae35fdec521f90e0ef4d05554339f35fa0 WHIRLPOOL 7f260caebdc58fe415b3cb93b08600942a6b171b45df8ff1279d4280930a7103cbefac63ec7f32fdbf9bdcf64278c39bfd55c2dcb41ea5c4934574930494df67
DIST openssh-6.1p1-hpn13v11.diff.bz2 19999 SHA256 08bfc1f3c582f23b3ce386e78baf37be4af03645fc6eef87f1ef819cc273ecc7 SHA512 4e21384ef4d0b7539c9b7aecb158748b959db7ec84fa023f7969c2db50794e1f68bab375cdea9c2ae8fe16b759650e250aa21d6b8772a1c671d2e1e59adef08a WHIRLPOOL 3918c2c118908e67de4523c8d1f142ca4b2d2d7c045c2337b2f7914096108cf1a138009a838519d292e53fec454ced3a9590bbddf93096bd377196bd7d73ed55
DIST openssh-6.1p1.tar.gz 1134820 SHA256 d1c157f6c0852e90c191cc7c9018a583b51e3db4035489cb262639d337a1c411 SHA512 1cd58f18b047fa92a3155fa215d69c04e1f03914488a21bcda5434899df6055567e59f77063f0080b0cb437bb2396d3bf4050ed0c5ea2d1dc20d6fd928d5a76c WHIRLPOOL a1ecf33e8c4048c59e55d38cc8bb3f89357ac8fb74fdbb57e24e111e1749620fe6f7e329a744e3cfc9ced3e445539ce85926c7877a0f12475ccf14f124f9234b
DIST openssh-lpk-5.9p1-0.3.14.patch.gz 18335 SHA256 1a922d57a2e7020bf597135437a57080d7d046c9f41a7a53559945ddddbe0892 SHA512 eb4641d30e221eaa409d22ab423e38c1a31dd9dfeacbf978c94827194cb838cc0f832bf96aa4c494a71a5d5d1b90fc6789e8469e35d82ffcaf54305f07ccdb9b WHIRLPOOL 6748426d6d0cda07729744d8993d96a762134a61acf757afc1618ada5cbd9752d9211a89be831e5a4f1744f70cc4fc643b5f745d1f785b53a4e1dbf9d7c92680
DIST openssh-lpk-6.0p1-0.3.14.patch.gz 18401 SHA256 d0f3d55fd92ecc45aa6120d6ea919c903e4828ce0c2b07612c742a2aa7648beb SHA512 ebf680b90bc289c0d69c22fd6fd666032cdcf4c3850ecdf03e264200d60c50a12f4a5254907c6ab850727216e7837176be5564ae22b68d9b80a67c62f372a9dd WHIRLPOOL 4f8b32c77fc2a9205d283109ccd787a3f37757c18060da39c63147ff09f6b922f4a57ca1ba8d0cdc692f3f1eaba3e5e88eb4287f728ddaaf544d2d425c0cca91
DIST openssh-lpk-6.1p1-0.3.14.patch.gz 18458 SHA256 2d0e40116e021913668519a42743f89b8fb77f8d5beed863d620cc79999b0b79 SHA512 9cfd83e650cedbc3950b8cf80d0b36fbb7dff8fbe7d017378f9a2ae18189fa6e459e323dae6cd1fa1d82ff948f628563892d0a0f30113b3a8ba5269fe051e784 WHIRLPOOL c1ee5570f0bfb3191c602d575e0e05cabe7d42183bd78c07cac19a2743a59f110728e309fcee6f0b6abc7b141ae8c701d92d010d2b7737739b4cac92406552fa
EBUILD openssh-5.9_p1-r4.ebuild 9210 SHA256 efed8260b1799d44b3d313539c7f88761761e665ab38b2740895d6a99405152c SHA512 e9344b99a24fce4c3f2c186108443079fc66b410373170e57d3be04a74678579fd2dcf136344ca820b8b7f75121ef924c4b36e6a2dfa11dc298dabcd8d91fb98 WHIRLPOOL 9add398de7095604a716a2b76f3bd5ce7cd8035304efaaa1a6a60557804c5714160d582a6f768a2024d8f466db31aca10b4028746d450f09c9b6874e893d6442
EBUILD openssh-6.0_p1-r1.ebuild 9488 SHA256 f99e6f51f5fc1809cc093e84834699097802d92f8aee712ffcdf1b8548698c08 SHA512 10b19d45b60658e3c61fb74a4c6d4ae1341b4d1129faaa08ec3b655a64f1dc3625ffbe363add33c8e31ac5ebf66cd24415c2324bd5c8d23fad4191e431143be3 WHIRLPOOL 0c35ba4608a5a4fd6c65bfed0f3cde8e8cd7067a94bacf41104c2f0105146a5c79bdec873c2c3a6086637359805ecbb353a2abc9c6e0f2a93a409650aadfff78
EBUILD openssh-6.0_p1.ebuild 9485 SHA256 32c4280a8babafa169543a919f4cf31231c3d759a7c116b42e3c3981242c0d59 SHA512 bae20dfbea14cfc30f16c7619d63a4a4cb2546d9d5e903e93e3c4d18745c1398d42ab6580a3e10609d81e1020b8f54c35b6413e168775efd3cb8fab064d67f8a WHIRLPOOL 24d16d37714e69a0d4593b745feeb54853e8d7b2de799be8ed76c0e09fe9459da8a3bfbb67b36f120345fc24fdc307a346c4fcb79b95fd8831e8944383f36759
EBUILD openssh-6.1_p1-r1.ebuild 10236 SHA256 575cedb9ed947517d8c934658bb87e37a9d09b986f76c94b937ef5922d861c17 SHA512 04b8f3b995ece67ae6d2a0f1f8c8fda93e408a7f351884cbe89b91470e5d82fbf469184f66cf2db6e11f6e40cbbae049276995e112428da424dcd8e93ecf9444 WHIRLPOOL efb7dc795f7060407843e266f69150ea44f98d3198941f7d21b9bed7e58f697a9c524fcd9b2851af11e119d1e9594e91845d05684c62bce61ba878230c56d250
EBUILD openssh-6.1_p1.ebuild 9582 SHA256 e4e060b08be1ae2238889463ad257e6d3b60ccc33c0bd6e5f73e63155795b2cc SHA512 dc3376d4317fe4692b0e3a62acfe7307df0208744dfd35f585eee9768e16493b81dc1ac854f32050dc21470cf1e7681a71c463c4e15a86d8a4b1c99dfdbc83fd WHIRLPOOL d2e7fe4d73ee58318b2b3099d18596db58d2d988e26a1792b9d68dadd3a0fbcda20bf52faf8006913614c995cd7cb7a2e69492c12ede66016639466206fbbc98
MISC ChangeLog 75887 SHA256 b5781f708e796e2ad7cdb7e369248ea70992db5a251996ed13169aba6e23054b SHA512 86c8f9684e755c7e51cd9982657fccaaf46b7bc914105c84ed1485f23ac9f927901a55b09c5f992f0c210f2216484c5598c267db3ba89acc4ea2499483dd5587 WHIRLPOOL e655cdb5922121f9f3444f4b310f91f232700b924304fb178a54132881086c57894718deeee04898f53b015469ab15705346c54b2b31a97a014955dcfe6fdf05
MISC metadata.xml 1749 SHA256 efc4abf9bfbc17c1312052e84e77058539851b2e9d0fffb16b2c13bcfda08993 SHA512 18e254f223ddd5bba1b1c4f0ecdd78bffe446a23108bc649d73d8ba626e2940a5a9c5878ab1f8b2689434876e76260fe5a9970649a1287f51033862cf0d5ce36 WHIRLPOOL acb0ce741349f25dbfd58a02a72f5ca45a42ba5441b96766a91b381ed9735efe5105fd6dfaf576bf2dfdd4ef0ed542f81601d74378bc526aac9c0165672dffac
DIST openssh-6.6p1+x509-7.9.diff.gz 224691 SHA256 463473f75c1dc250ea4eda21f2c79df6f0b479ea499d044cb51d73073881ca34 SHA512 dc9ee7f0589aa0ba8d3c1c40c505f99a811845d8952bf6bf6b8bd3a00ef4813f3b71db32aadf252d7a320a8bf9cdcdf30b71292869d7830cc42f15ce3d1f3c49 WHIRLPOOL 61158e0dac934d375758904382882e7cd276d076a95ba2be32d03f4a7c7969943bd8d63c269ff16ab78928d7c97465f6e417730be14b5efacf64a029e2f950d7
DIST openssh-6.6p1-hpnssh14v4.diff.xz 20932 SHA256 16dcc68c399990ec0c801d421d022ceeae0e3aec1e6ffd3fecc5e2f4768cc91b SHA512 7900ccf5ba5fcef5e6f3ed1b3263ad348a4bf63879905bbf9ce5212af64c7f4dae396989c67361ef1b5dfaf97a2d340b3bf75bf37f206b9a18ebee5d84044e2d WHIRLPOOL 163ce9e319cef4dcaf6f38f42afc3b75c6e89c38b43c04189c64c72b4b58bc3f9d7042c7b67243879c87cbe410a607296917e94ff042df2c0a29f2ef82792774
DIST openssh-6.6p1.tar.gz 1282502 SHA256 48c1f0664b4534875038004cc4f3555b8329c2a81c1df48db5c517800de203bb SHA512 3d3566ed87649882702cad52db1adefebfb3ef788c9f77a493f99db7e9ca2e8edcde793dd426df7df0aed72a42a31c20a63ef51506111369d3a7c49e0bf6c82b WHIRLPOOL 8630c81481a813a92da9c302d22135fe519fcc4826a892080e5a15368d13a6b47947ef47d53aad0a34e6ea49ce4caccc8f06e8afc2c90db0402fbcc2184efe89
DIST openssh-lpk-6.5p1-0.3.14.patch.gz 18217 SHA256 ad678f366dd7ef63ee164e29b59a4a4d264de9ddf9ad2c1d59178779e83539f3 SHA512 16f0053663ffc9a0670dbf8956dc070e6891e1e47cb1fbbea9567a6a4368c5500bf7e2ff7a2eb7208e651a0121088c271fb0a6ece62b98d103b3337866374610 WHIRLPOOL 34ee5a67e4cb0eb5d8126fde5469b73e0c81d4a7795cd9849c671922227eb8a6767cecf3097acbff338a47c3a7930b285fa4ecf2ebe74cb2e9186f93ec70c40c
EBUILD openssh-6.6_p1-r1.ebuild 9874 SHA256 223b5e4c5d0d3152e8ffadd20e8bcc391620c779749cf6ff235f0d3a857f7409 SHA512 3104586dedfb189adc780bf56cb030f3a9c2427fe07ce340424ea4e279b6335653b2eb38f9d86a8f6ac76360cd94b87d858863fd79b2054763f72ccb83f1a0ed WHIRLPOOL 1bef688d59baf3cf10ce3ab60f3eeb6e6cf875989ffcf711628f56b34a1344838c3a46ae548399c49f11459e5dd2045fcef810691421e69ef02eb92489c22824
MISC ChangeLog 84776 SHA256 4b91f71c0bdcd726c351662cc66abeeaf22bf429b840fff91c54d772675ae08a SHA512 9744185805176336c9e574981fed5644995b352d177c9f0746c01ce700f635f59e30ec4615c68e50eb62219b8ac3fa789f18a06fce3ac1039f50c35589b81022 WHIRLPOOL 84a9909b29147bdd568811e6a30a31436386df512061956613cde3d6fafe111932f882a9b4fd71d98ab8a4458502b909c78636ca73dea02b18a83510a2e9e5e2
MISC metadata.xml 1837 SHA256 5f8be0245926a5dc8007dd78594febffc68bbcb45306630d027666872e664050 SHA512 76e044611e16ede9bb9697c0ad448c149131f1f20b84ef1000fb77d6cec954abd48542fd26299a372b4411aa0ecb161ed38396b2c3b5c11c71a4bc247e0b23ed WHIRLPOOL 46c8b0f7911fec3ca086e1601cfab5d03e01a7d8cd2069460975545438f6fa5964f138d19a70ec7db7f1f8c9c0fbb48dcec6ee8269fa9d7b432214e9e3e46806
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.19 (GNU/Linux)
Version: GnuPG v2.0.22 (GNU/Linux)
iEYEAREIAAYFAlElsOcACgkQ/ejvha5XGaNpPgCfWa0l571A+CYVXmmJYjM9A4XI
eaUAn37drG7hn008BqgecRO5CDUSD5io
=gm+j
iQIcBAEBCAAGBQJTLq+tAAoJELp701BxlEWfOA0P/0l/UJj4UfJgzM7M5Yk3QKMZ
OZMIrQG4PwnZEUlzWxNr0QUtp9QLwGeXa4qJXwYGXAX+Owd+Ty9mDW07wT8NCMxi
19ejI95X9KUkro18UrTFyhi07uppUse+ez13Vl4L1kCRaGGceAHGsd1bsGIGORPw
l46gMdP3ZKc8X7qidbWXHgV27qyhwRcVRlGlvlnTdHEF9PDD8TGzrjUlx+Ij7HAF
jVEg5vbN8eYJbKWPOOGjW63PAdRfPy33ZDkqRViOvBm9PO69/uail5XSBa7dXMka
oz3HvxV1eAqhWr6kWgeTwMoap+GDQYw4s/pBZr0OSD4SfOvqo6ZrRqSyIFzS/fC4
4abFHuBdK1mWYp37lEtIgf8Jbame/x90Eo6NUJPAjAASC33+ad89+TfEmMM8voGT
6fI8Dj4cfpxMQt4q0x0Whjjt/yLlMcQwc3kxJKvrtEOA+AH9xmzw7UoDfIQVNkmA
OtNIU6CD5FRijhsNvMaVSVTpWHqworWvmO/IosBmXP6TaU3DQZmOH6yoEixxrmbN
k7KwfnsSZteIfCviHVQw9Eiv5emxM2sABJIlb8srcAigsjHSVgdLkgwbr+ykBdaq
SIIXMnCLw8Xe5VksPOwRnGX6QRJvLaWxl1XdtUEDS7K6EEycuuye4v/Ar847CJHC
QR3yRb5Pss/SPj+Jhhwh
=qF8Z
-----END PGP SIGNATURE-----

15
sdk_container/src/third_party/portage-stable/net-misc/openssh/files/openssh-5.2_p1-autoconf.patch vendored
View File

@ -1,15 +0,0 @@
workaround problems with autoconf-2.63
http://lists.gnu.org/archive/html/autoconf/2009-04/msg00007.html
--- a/configure.ac
+++ b/configure.ac
@@ -3603,7 +3603,7 @@
#include <shadow.h>
struct spwd sp;
],[ sp.sp_expire = sp.sp_lstchg = sp.sp_inact = 0; ],
- [ sp_expire_available=yes ], []
+ [ sp_expire_available=yes ], [:]
)
if test "x$sp_expire_available" = "xyes" ; then

16
sdk_container/src/third_party/portage-stable/net-misc/openssh/files/openssh-5.2_p1-gsskex-fix.patch vendored
View File

@ -1,16 +0,0 @@
--- clientloop.c
+++ clientloop.c
@@ -1434,11 +1434,13 @@
if (!rekeying) {
channel_after_select(readset, writeset);
+#ifdef GSSAPI
if (options.gss_renewal_rekey &&
ssh_gssapi_credentials_updated(GSS_C_NO_CONTEXT)) {
debug("credentials updated - forcing rekey");
need_rekeying = 1;
}
+#endif
if (need_rekeying || packet_need_rekeying()) {
debug("need rekeying");

91
sdk_container/src/third_party/portage-stable/net-misc/openssh/files/openssh-5.2_p1-x509-hpn-glue.patch vendored
View File

@ -1,91 +0,0 @@
Move things around so hpn applies cleanly when using X509.
--- openssh-5.2p1+x509/Makefile.in
+++ openssh-5.2p1+x509/Makefile.in
@@ -44,11 +44,12 @@
CC=@CC@
LD=@LD@
CFLAGS=@CFLAGS@
-CPPFLAGS=-I. -I$(srcdir) @CPPFLAGS@ @LDAP_CPPFLAGS@ $(PATHS) @DEFS@
+CPPFLAGS=-I. -I$(srcdir) @CPPFLAGS@ $(PATHS) @DEFS@
LIBS=@LIBS@
SSHDLIBS=@SSHDLIBS@
LIBEDIT=@LIBEDIT@
LIBLDAP=@LDAP_LDFLAGS@ @LDAP_LIBS@
+CPPFLAGS += @LDAP_CPPFLAGS@
AR=@AR@
AWK=@AWK@
RANLIB=@RANLIB@
--- openssh-5.2p1+x509/servconf.c
+++ openssh-5.2p1+x509/servconf.c
@@ -108,6 +108,17 @@
options->log_level = SYSLOG_LEVEL_NOT_SET;
options->rhosts_rsa_authentication = -1;
options->hostbased_authentication = -1;
+ options->hostbased_algorithms = NULL;
+ options->pubkey_algorithms = NULL;
+ ssh_x509flags_initialize(&options->x509flags, 1);
+#ifndef SSH_X509STORE_DISABLED
+ ssh_x509store_initialize(&options->ca);
+#endif /*ndef SSH_X509STORE_DISABLED*/
+#ifdef SSH_OCSP_ENABLED
+ options->va.type = -1;
+ options->va.certificate_file = NULL;
+ options->va.responder_url = NULL;
+#endif /*def SSH_OCSP_ENABLED*/
options->hostbased_uses_name_from_packet_only = -1;
options->rsa_authentication = -1;
options->pubkey_authentication = -1;
@@ -152,18 +163,6 @@
options->adm_forced_command = NULL;
options->chroot_directory = NULL;
options->zero_knowledge_password_authentication = -1;
-
- options->hostbased_algorithms = NULL;
- options->pubkey_algorithms = NULL;
- ssh_x509flags_initialize(&options->x509flags, 1);
-#ifndef SSH_X509STORE_DISABLED
- ssh_x509store_initialize(&options->ca);
-#endif /*ndef SSH_X509STORE_DISABLED*/
-#ifdef SSH_OCSP_ENABLED
- options->va.type = -1;
- options->va.certificate_file = NULL;
- options->va.responder_url = NULL;
-#endif /*def SSH_OCSP_ENABLED*/
}
void
@@ -341,6 +340,16 @@
/* Portable-specific options */
sUsePAM,
/* Standard Options */
+ sHostbasedAlgorithms,
+ sPubkeyAlgorithms,
+ sX509KeyAlgorithm,
+ sAllowedClientCertPurpose,
+ sKeyAllowSelfIssued, sMandatoryCRL,
+ sCACertificateFile, sCACertificatePath,
+ sCARevocationFile, sCARevocationPath,
+ sCAldapVersion, sCAldapURL,
+ sVAType, sVACertificateFile,
+ sVAOCSPResponderURL,
sPort, sHostKeyFile, sServerKeyBits, sLoginGraceTime, sKeyRegenerationTime,
sPermitRootLogin, sLogFacility, sLogLevel,
sRhostsRSAAuthentication, sRSAAuthentication,
@@ -364,16 +373,6 @@
sMatch, sPermitOpen, sForceCommand, sChrootDirectory,
sUsePrivilegeSeparation, sAllowAgentForwarding,
sZeroKnowledgePasswordAuthentication,
- sHostbasedAlgorithms,
- sPubkeyAlgorithms,
- sX509KeyAlgorithm,
- sAllowedClientCertPurpose,
- sKeyAllowSelfIssued, sMandatoryCRL,
- sCACertificateFile, sCACertificatePath,
- sCARevocationFile, sCARevocationPath,
- sCAldapVersion, sCAldapURL,
- sVAType, sVACertificateFile,
- sVAOCSPResponderURL,
sDeprecated, sUnsupported
} ServerOpCodes;

60
sdk_container/src/third_party/portage-stable/net-misc/openssh/files/openssh-5.6_p1-x509-hpn-glue.patch vendored
View File

@ -1,60 +0,0 @@
Move things around so hpn applies cleanly when using X509.
--- a/Makefile.in
+++ b/Makefile.in
@@ -46,11 +46,12 @@
CC=@CC@
LD=@LD@
CFLAGS=@CFLAGS@
-CPPFLAGS=-I. -I$(srcdir) @CPPFLAGS@ @LDAP_CPPFLAGS@ $(PATHS) @DEFS@
+CPPFLAGS=-I. -I$(srcdir) @CPPFLAGS@ $(PATHS) @DEFS@
LIBS=@LIBS@
SSHDLIBS=@SSHDLIBS@
LIBEDIT=@LIBEDIT@
LIBLDAP=@LDAP_LDFLAGS@ @LDAP_LIBS@
+CPPFLAGS+=@LDAP_CPPFLAGS@
AR=@AR@
AWK=@AWK@
RANLIB=@RANLIB@
--- a/servconf.c
+++ b/servconf.c
@@ -153,9 +153,6 @@ initialize_server_options(ServerOptions *options)
options->adm_forced_command = NULL;
options->chroot_directory = NULL;
options->zero_knowledge_password_authentication = -1;
- options->revoked_keys_file = NULL;
- options->trusted_user_ca_keys = NULL;
- options->authorized_principals_file = NULL;
options->hostbased_algorithms = NULL;
options->pubkey_algorithms = NULL;
@@ -168,6 +165,9 @@ initialize_server_options(ServerOptions *options)
options->va.certificate_file = NULL;
options->va.responder_url = NULL;
#endif /*def SSH_OCSP_ENABLED*/
+ options->revoked_keys_file = NULL;
+ options->trusted_user_ca_keys = NULL;
+ options->authorized_principals_file = NULL;
}
void
@@ -367,9 +367,6 @@ typedef enum {
sClientAliveCountMax, sAuthorizedKeysFile, sAuthorizedKeysFile2,
sGssAuthentication, sGssCleanupCreds, sAcceptEnv, sPermitTunnel,
sMatch, sPermitOpen, sForceCommand, sChrootDirectory,
- sUsePrivilegeSeparation, sAllowAgentForwarding,
- sZeroKnowledgePasswordAuthentication, sHostCertificate,
- sRevokedKeys, sTrustedUserCAKeys, sAuthorizedPrincipalsFile,
sHostbasedAlgorithms,
sPubkeyAlgorithms,
sX509KeyAlgorithm,
@@ -380,6 +377,9 @@ typedef enum {
sCAldapVersion, sCAldapURL,
sVAType, sVACertificateFile,
sVAOCSPResponderURL,
+ sUsePrivilegeSeparation, sAllowAgentForwarding,
+ sZeroKnowledgePasswordAuthentication, sHostCertificate,
+ sRevokedKeys, sTrustedUserCAKeys, sAuthorizedPrincipalsFile,
sDeprecated, sUnsupported
} ServerOpCodes;

60
sdk_container/src/third_party/portage-stable/net-misc/openssh/files/openssh-5.7_p1-x509-hpn-glue.patch vendored
View File

@ -1,60 +0,0 @@
Move things around so hpn applies cleanly when using X509.
--- a/Makefile.in
+++ b/Makefile.in
@@ -46,11 +46,12 @@
CC=@CC@
LD=@LD@
CFLAGS=@CFLAGS@
-CPPFLAGS=-I. -I$(srcdir) @CPPFLAGS@ @LDAP_CPPFLAGS@ $(PATHS) @DEFS@
+CPPFLAGS=-I. -I$(srcdir) @CPPFLAGS@ $(PATHS) @DEFS@
LIBS=@LIBS@
SSHDLIBS=@SSHDLIBS@
LIBEDIT=@LIBEDIT@
LIBLDAP=@LDAP_LDFLAGS@ @LDAP_LIBS@
+CPPFLAGS+=@LDAP_CPPFLAGS@
AR=@AR@
AWK=@AWK@
RANLIB=@RANLIB@
--- a/servconf.c
+++ b/servconf.c
@@ -153,9 +153,6 @@ initialize_server_options(ServerOptions *options)
options->zero_knowledge_password_authentication = -1;
options->revoked_keys_file = NULL;
options->trusted_user_ca_keys = NULL;
- options->authorized_principals_file = NULL;
- options->ip_qos_interactive = -1;
- options->ip_qos_bulk = -1;
options->hostbased_algorithms = NULL;
options->pubkey_algorithms = NULL;
@@ -168,6 +165,9 @@ initialize_server_options(ServerOptions *options)
options->va.certificate_file = NULL;
options->va.responder_url = NULL;
#endif /*def SSH_OCSP_ENABLED*/
+ options->authorized_principals_file = NULL;
+ options->ip_qos_interactive = -1;
+ options->ip_qos_bulk = -1;
}
void
@@ -367,9 +367,6 @@ typedef enum {
sGssAuthentication, sGssCleanupCreds, sAcceptEnv, sPermitTunnel,
sMatch, sPermitOpen, sForceCommand, sChrootDirectory,
sUsePrivilegeSeparation, sAllowAgentForwarding,
- sZeroKnowledgePasswordAuthentication, sHostCertificate,
- sRevokedKeys, sTrustedUserCAKeys, sAuthorizedPrincipalsFile,
- sKexAlgorithms, sIPQoS,
sHostbasedAlgorithms,
sPubkeyAlgorithms,
sX509KeyAlgorithm,
@@ -380,6 +377,9 @@ typedef enum {
sCAldapVersion, sCAldapURL,
sVAType, sVACertificateFile,
sVAOCSPResponderURL,
+ sZeroKnowledgePasswordAuthentication, sHostCertificate,
+ sRevokedKeys, sTrustedUserCAKeys, sAuthorizedPrincipalsFile,
+ sKexAlgorithms, sIPQoS,
sDeprecated, sUnsupported
} ServerOpCodes;

18
sdk_container/src/third_party/portage-stable/net-misc/openssh/files/openssh-5.8_p1-selinux.patch vendored
View File

@ -1,18 +0,0 @@
http://bugs.gentoo.org/354247
[openbsd-compat/port-linux.c] Bug #1851: fix syntax error in
selinux code. Patch from Leonardo Chiquitto.
/* $Id: openssh-5.8_p1-selinux.patch,v 1.1 2011/02/10 02:44:53 vapier Exp $ */
--- a/openbsd-compat/port-linux.c
+++ b/openbsd-compat/port-linux.c
@@ -213,7 +213,7 @@
if (!ssh_selinux_enabled())
return;
- if (path == NULL)
+ if (path == NULL) {
setfscreatecon(NULL);
return;
}

16
sdk_container/src/third_party/portage-stable/net-misc/openssh/files/openssh-6.2_p2-x509-glue.patch vendored Normal file
View File

@ -0,0 +1,16 @@
make x509 apply after openssh-5.9_p1-sshd-gssapi-multihomed.patch
--- openssh-6.2p2+x509-7.5.diff
+++ openssh-6.2p2+x509-7.5.diff
@@ -14571,10 +14571,9 @@
.It Cm ChallengeResponseAuthentication
Specifies whether challenge-response authentication is allowed (e.g. via
PAM or though authentication styles supported in
-@@ -487,6 +564,16 @@
+@@ -487,5 +564,15 @@
The default is
.Dq yes .
- Note that this option applies to protocol version 2 only.
+.It Cm HostbasedAlgorithms
+Specifies the protocol version 2 algorithms used in
+.Dq hostbased

51
sdk_container/src/third_party/portage-stable/net-misc/openssh/files/openssh-6.2_p2-x509-hpn-glue.patch vendored Normal file
View File

@ -0,0 +1,51 @@
--- openssh-6.2p2/Makefile.in
+++ openssh-6.2p2/Makefile.in
@@ -45,7 +45,7 @@
CC=@CC@
LD=@LD@
CFLAGS=@CFLAGS@
-CPPFLAGS=-I. -I$(srcdir) @CPPFLAGS@ @LDAP_CPPFLAGS@ $(PATHS) @DEFS@
+CPPFLAGS=-I. -I$(srcdir) @CPPFLAGS@ $(PATHS) @DEFS@
LIBS=@LIBS@
K5LIBS=@K5LIBS@
GSSLIBS=@GSSLIBS@
@@ -53,6 +53,7 @@
SSHDLIBS=@SSHDLIBS@
LIBEDIT=@LIBEDIT@
LIBLDAP=@LDAP_LDFLAGS@ @LDAP_LIBS@
+CPPFLAGS+=@LDAP_CPPFLAGS@
AR=@AR@
AWK=@AWK@
RANLIB=@RANLIB@
--- openssh-6.2p2/sshconnect.c
+++ openssh-6.2p2/sshconnect.c
@@ -458,7 +458,7 @@
{
/* Send our own protocol version identification. */
if (compat20) {
- xasprintf(&client_version_string, "SSH-%d.%d-%.100s PKIX\r\n",
+ xasprintf(&client_version_string, "SSH-%d.%d-%.100s\r\n",
PROTOCOL_MAJOR_2, PROTOCOL_MINOR_2, SSH_VERSION);
} else {
xasprintf(&client_version_string, "SSH-%d.%d-%.100s\n",
--- openssh-6.2p2/sshd.c
+++ openssh-6.2p2/sshd.c
@@ -466,8 +466,8 @@
comment = "";
}
- xasprintf(&server_version_string, "SSH-%d.%d-%.100s%s%s%s%s",
- major, minor, SSH_VERSION, comment,
+ xasprintf(&server_version_string, "SSH-%d.%d-%.100s%s%s%s",
+ major, minor, SSH_VERSION,
*options.version_addendum == '\0' ? "" : " ",
options.version_addendum, newline);
--- openssh-6.2p2/version.h
+++ openssh-6.2p2/version.h
@@ -3,4 +3,5 @@
#define SSH_VERSION "OpenSSH_6.2"
#define SSH_PORTABLE "p2"
+#define SSH_X509 " PKIX"
#define SSH_RELEASE SSH_VERSION SSH_PORTABLE

87
sdk_container/src/third_party/portage-stable/net-misc/openssh/files/openssh-6.2_p2-x509-hpn14v1-glue.patch vendored Normal file
View File

@ -0,0 +1,87 @@
--- openssh-6.2p2/Makefile.in
+++ openssh-6.2p2/Makefile.in
@@ -45,7 +45,7 @@
CC=@CC@
LD=@LD@
CFLAGS=@CFLAGS@
-CPPFLAGS=-I. -I$(srcdir) @CPPFLAGS@ @LDAP_CPPFLAGS@ $(PATHS) @DEFS@
+CPPFLAGS=-I. -I$(srcdir) @CPPFLAGS@ $(PATHS) @DEFS@
LIBS=@LIBS@
K5LIBS=@K5LIBS@
GSSLIBS=@GSSLIBS@
@@ -53,6 +53,7 @@
SSHDLIBS=@SSHDLIBS@
LIBEDIT=@LIBEDIT@
LIBLDAP=@LDAP_LDFLAGS@ @LDAP_LIBS@
+CPPFLAGS+=@LDAP_CPPFLAGS@
AR=@AR@
AWK=@AWK@
RANLIB=@RANLIB@
--- openssh-6.2p2/servconf.c
+++ openssh-6.2p2/servconf.c
@@ -385,6 +385,16 @@
sKerberosAuthentication, sKerberosOrLocalPasswd, sKerberosTicketCleanup,
sKerberosGetAFSToken,
sKerberosTgtPassing, sChallengeResponseAuthentication,
+ sHostbasedAlgorithms,
+ sPubkeyAlgorithms,
+ sX509KeyAlgorithm,
+ sAllowedClientCertPurpose,
+ sKeyAllowSelfIssued, sMandatoryCRL,
+ sCACertificateFile, sCACertificatePath,
+ sCARevocationFile, sCARevocationPath,
+ sCAldapVersion, sCAldapURL,
+ sVAType, sVACertificateFile,
+ sVAOCSPResponderURL,
sPasswordAuthentication, sKbdInteractiveAuthentication,
sListenAddress, sAddressFamily,
sPrintMotd, sPrintLastLog, sIgnoreRhosts,
@@ -407,16 +417,6 @@
sKexAlgorithms, sIPQoS, sVersionAddendum,
sAuthorizedKeysCommand, sAuthorizedKeysCommandUser,
sAuthenticationMethods,
- sHostbasedAlgorithms,
- sPubkeyAlgorithms,
- sX509KeyAlgorithm,
- sAllowedClientCertPurpose,
- sKeyAllowSelfIssued, sMandatoryCRL,
- sCACertificateFile, sCACertificatePath,
- sCARevocationFile, sCARevocationPath,
- sCAldapVersion, sCAldapURL,
- sVAType, sVACertificateFile,
- sVAOCSPResponderURL,
sDeprecated, sUnsupported
} ServerOpCodes;
--- openssh-6.2p2/sshconnect.c
+++ openssh-6.2p2/sshconnect.c
@@ -465,7 +465,7 @@
{
/* Send our own protocol version identification. */
if (compat20) {
- xasprintf(&client_version_string, "SSH-%d.%d-%.100s PKIX\r\n",
+ xasprintf(&client_version_string, "SSH-%d.%d-%.100s\r\n",
PROTOCOL_MAJOR_2, PROTOCOL_MINOR_2, SSH_VERSION);
} else {
xasprintf(&client_version_string, "SSH-%d.%d-%.100s\n",
--- openssh-6.2p2/sshd.c
+++ openssh-6.2p2/sshd.c
@@ -466,8 +466,8 @@
comment = "";
}
- xasprintf(&server_version_string, "SSH-%d.%d-%.100s%s%s%s%s",
- major, minor, SSH_VERSION, comment,
+ xasprintf(&server_version_string, "SSH-%d.%d-%.100s%s%s%s",
+ major, minor, SSH_VERSION,
*options.version_addendum == '\0' ? "" : " ",
options.version_addendum, newline);
--- openssh-6.2p2/version.h
+++ openssh-6.2p2/version.h
@@ -3,4 +3,5 @@
#define SSH_VERSION "OpenSSH_6.2"
#define SSH_PORTABLE "p2"
+#define SSH_X509 " PKIX"
#define SSH_RELEASE SSH_VERSION SSH_PORTABLE

13
sdk_container/src/third_party/portage-stable/net-misc/openssh/files/openssh-6.3_p1-aes-gcm.patch vendored Normal file
View File

@ -0,0 +1,13 @@
http://www.openssh.org/txt/gcmrekey.adv
--- openssh-6.3p1/monitor_wrap.c
+++ openssh-6.3p1/monitor_wrap.c
@@ -482,7 +482,7 @@ mm_newkeys_from_blob(u_char *blob, int b
buffer_init(&b);
buffer_append(&b, blob, blen);
- newkey = xmalloc(sizeof(*newkey));
+ newkey = xcalloc(1, sizeof(*newkey));
enc = &newkey->enc;
mac = &newkey->mac;
comp = &newkey->comp;

16
sdk_container/src/third_party/portage-stable/net-misc/openssh/files/openssh-6.3_p1-x509-glue.patch vendored Normal file
View File

@ -0,0 +1,16 @@
make x509 apply after openssh-5.9_p1-sshd-gssapi-multihomed.patch
--- openssh-6.3p1+x509-7.6.diff
+++ openssh-6.3p1+x509-7.6.diff
@@ -14784,10 +14784,9 @@
.It Cm ChallengeResponseAuthentication
Specifies whether challenge-response authentication is allowed (e.g. via
PAM or though authentication styles supported in
-@@ -490,6 +567,16 @@
+@@ -490,5 +567,15 @@
The default is
.Dq yes .
- Note that this option applies to protocol version 2 only.
+.It Cm HostbasedAlgorithms
+Specifies the protocol version 2 algorithms used in
+.Dq hostbased

51
sdk_container/src/third_party/portage-stable/net-misc/openssh/files/openssh-6.3_p1-x509-hpn14v2-glue.patch vendored Normal file
View File

@ -0,0 +1,51 @@
--- openssh-6.3p1/Makefile.in
+++ openssh-6.3p1/Makefile.in
@@ -45,7 +45,7 @@
CC=@CC@
LD=@LD@
CFLAGS=@CFLAGS@
-CPPFLAGS=-I. -I$(srcdir) @CPPFLAGS@ @LDAP_CPPFLAGS@ $(PATHS) @DEFS@
+CPPFLAGS=-I. -I$(srcdir) @CPPFLAGS@ $(PATHS) @DEFS@
LIBS=@LIBS@
K5LIBS=@K5LIBS@
GSSLIBS=@GSSLIBS@
@@ -53,6 +53,7 @@
SSHDLIBS=@SSHDLIBS@
LIBEDIT=@LIBEDIT@
LIBLDAP=@LDAP_LDFLAGS@ @LDAP_LIBS@
+CPPFLAGS+=@LDAP_CPPFLAGS@
AR=@AR@
AWK=@AWK@
RANLIB=@RANLIB@
--- openssh-6.3p1/sshconnect.c
+++ openssh-6.3p1/sshconnect.c
@@ -465,7 +465,7 @@
{
/* Send our own protocol version identification. */
if (compat20) {
- xasprintf(&client_version_string, "SSH-%d.%d-%.100s PKIX\r\n",
+ xasprintf(&client_version_string, "SSH-%d.%d-%.100s\r\n",
PROTOCOL_MAJOR_2, PROTOCOL_MINOR_2, SSH_VERSION);
} else {
xasprintf(&client_version_string, "SSH-%d.%d-%.100s\n",
--- openssh-6.3p1/sshd.c
+++ openssh-6.3p1/sshd.c
@@ -472,8 +472,8 @@
comment = "";
}
- xasprintf(&server_version_string, "SSH-%d.%d-%.100s%s%s%s%s",
- major, minor, SSH_VERSION, comment,
+ xasprintf(&server_version_string, "SSH-%d.%d-%.100s%s%s%s",
+ major, minor, SSH_VERSION,
*options.version_addendum == '\0' ? "" : " ",
options.version_addendum, newline);
--- openssh-6.3p1/version.h
+++ openssh-6.3p1/version.h
@@ -3,4 +3,5 @@
#define SSH_VERSION "OpenSSH_6.3"
#define SSH_PORTABLE "p1"
+#define SSH_X509 " PKIX"
#define SSH_RELEASE SSH_VERSION SSH_PORTABLE

30
sdk_container/src/third_party/portage-stable/net-misc/openssh/files/openssh-6.4_p1-x509-glue.patch vendored Normal file
View File

@ -0,0 +1,30 @@
Make x509 apply after openssh-5.9_p1-sshd-gssapi-multihomed.patch and remove
redundant README.x509v3 directory.
--- openssh-6.4p1+x509-7.7.diff.orig 2013-11-09 14:51:13.400696545 -0800
+++ openssh-6.4p1+x509-7.7.diff 2013-11-09 14:51:05.798786189 -0800
@@ -6809,9 +6809,9 @@
-$OpenBSD: README.dns,v 1.2 2003/10/14 19:43:23 jakob Exp $
+$OpenBSD$
-diff -ruN openssh-6.4p1/README.x509v3/README.x509v3 openssh-6.4p1+x509-7.7/README.x509v3/README.x509v3
---- openssh-6.4p1/README.x509v3/README.x509v3 1970-01-01 02:00:00.000000000 +0200
-+++ openssh-6.4p1+x509-7.7/README.x509v3/README.x509v3 2013-05-17 18:50:02.156263192 +0300
+diff -ruN openssh-6.4p1/README.x509v3 openssh-6.4p1+x509-7.7/README.x509v3
+--- openssh-6.4p1/README.x509v3 1970-01-01 02:00:00.000000000 +0200
++++ openssh-6.4p1+x509-7.7/README.x509v3 2013-05-17 18:50:02.156263192 +0300
@@ -0,0 +1,615 @@
+ Roumen Petrov
+ Sofia, Bulgaria
@@ -14793,10 +14793,9 @@
.It Cm ChallengeResponseAuthentication
Specifies whether challenge-response authentication is allowed (e.g. via
PAM or though authentication styles supported in
-@@ -490,6 +567,16 @@
+@@ -490,5 +567,15 @@
The default is
.Dq yes .
- Note that this option applies to protocol version 2 only.
+.It Cm HostbasedAlgorithms
+Specifies the protocol version 2 algorithms used in
+.Dq hostbased

114
sdk_container/src/third_party/portage-stable/net-misc/openssh/files/openssh-6.5_p1-hpn-cipher-align.patch vendored Normal file
View File

@ -0,0 +1,114 @@
https://bugs.gentoo.org/498632
make sure we do not use unaligned loads/stores as some arches really hate that.
--- a/cipher-ctr-mt.c
+++ b/cipher-ctr-mt.c
@@ -58,8 +58,16 @@
/* Collect thread stats and print at cancellation when in debug mode */
/* #define CIPHER_THREAD_STATS */
-/* Use single-byte XOR instead of 8-byte XOR */
-/* #define CIPHER_BYTE_XOR */
+/* Can the system do unaligned loads natively? */
+#if defined(__aarch64__) || \
+ defined(__i386__) || \
+ defined(__powerpc__) || \
+ defined(__x86_64__)
+# define CIPHER_UNALIGNED_OK
+#endif
+#if defined(__SIZEOF_INT128__)
+# define CIPHER_INT128_OK
+#endif
/*-------------------- END TUNABLES --------------------*/
@@ -285,8 +293,20 @@ thread_loop(void *x)
static int
ssh_aes_ctr(EVP_CIPHER_CTX *ctx, u_char *dest, const u_char *src,
- u_int len)
+ size_t len)
{
+ typedef union {
+#ifdef CIPHER_INT128_OK
+ __uint128_t *u128;
+#endif
+ uint64_t *u64;
+ uint32_t *u32;
+ uint8_t *u8;
+ const uint8_t *cu8;
+ uintptr_t u;
+ } ptrs_t;
+ ptrs_t destp, srcp, bufp;
+ uintptr_t align;
struct ssh_aes_ctr_ctx *c;
struct kq *q, *oldq;
int ridx;
@@ -301,35 +321,41 @@ ssh_aes_ctr(EVP_CIPHER_CTX *ctx, u_char *dest, const u_char *src,
ridx = c->ridx;
/* src already padded to block multiple */
+ srcp.cu8 = src;
+ destp.u8 = dest;
while (len > 0) {
buf = q->keys[ridx];
+ bufp.u8 = buf;
-#ifdef CIPHER_BYTE_XOR
- dest[0] = src[0] ^ buf[0];
- dest[1] = src[1] ^ buf[1];
- dest[2] = src[2] ^ buf[2];
- dest[3] = src[3] ^ buf[3];
- dest[4] = src[4] ^ buf[4];
- dest[5] = src[5] ^ buf[5];
- dest[6] = src[6] ^ buf[6];
- dest[7] = src[7] ^ buf[7];
- dest[8] = src[8] ^ buf[8];
- dest[9] = src[9] ^ buf[9];
- dest[10] = src[10] ^ buf[10];
- dest[11] = src[11] ^ buf[11];
- dest[12] = src[12] ^ buf[12];
- dest[13] = src[13] ^ buf[13];
- dest[14] = src[14] ^ buf[14];
- dest[15] = src[15] ^ buf[15];
-#else
- *(uint64_t *)dest = *(uint64_t *)src ^ *(uint64_t *)buf;
- *(uint64_t *)(dest + 8) = *(uint64_t *)(src + 8) ^
- *(uint64_t *)(buf + 8);
-#endif
+ /* figure out the alignment on the fly */
+#ifdef CIPHER_UNALIGNED_OK
+ align = 0;
+#else
+ align = destp.u | srcp.u | bufp.u;
+#endif
+
+#ifdef CIPHER_INT128_OK
+ if ((align & 0xf) == 0) {
+ destp.u128[0] = srcp.u128[0] ^ bufp.u128[0];
+ } else
+#endif
+ if ((align & 0x7) == 0) {
+ destp.u64[0] = srcp.u64[0] ^ bufp.u64[0];
+ destp.u64[1] = srcp.u64[1] ^ bufp.u64[1];
+ } else if ((align & 0x3) == 0) {
+ destp.u32[0] = srcp.u32[0] ^ bufp.u32[0];
+ destp.u32[1] = srcp.u32[1] ^ bufp.u32[1];
+ destp.u32[2] = srcp.u32[2] ^ bufp.u32[2];
+ destp.u32[3] = srcp.u32[3] ^ bufp.u32[3];
+ } else {
+ size_t i;
+ for (i = 0; i < AES_BLOCK_SIZE; ++i)
+ dest[i] = src[i] ^ buf[i];
+ }
- dest += 16;
- src += 16;
- len -= 16;
+ destp.u += AES_BLOCK_SIZE;
+ srcp.u += AES_BLOCK_SIZE;
+ len -= AES_BLOCK_SIZE;
ssh_ctr_inc(ctx->iv, AES_BLOCK_SIZE);
/* Increment read index, switch queues on rollover */

17
sdk_container/src/third_party/portage-stable/net-misc/openssh/files/openssh-6.6_p1-openssl-ignore-status.patch vendored Normal file
View File

@ -0,0 +1,17 @@
the last nibble of the openssl version represents the status. that is,
whether it is a beta or release. when it comes to version checks in
openssh, this component does not matter, so ignore it.
https://bugzilla.mindrot.org/show_bug.cgi?id=2212
--- a/entropy.c
+++ b/entropy.c
@@ -216,7 +216,7 @@ seed_rng(void)
* allow 1.0.1 to work with 1.0.0). Going backwards is only allowed
* within a patch series.
*/
- u_long version_mask = SSLeay() >= 0x1000000f ? ~0xffff0L : ~0xff0L;
+ u_long version_mask = SSLeay() >= 0x1000000f ? ~0xfffffL : ~0xff0L;
if (((SSLeay() ^ OPENSSL_VERSION_NUMBER) & version_mask) ||
(SSLeay() >> 12) < (OPENSSL_VERSION_NUMBER >> 12))
fatal("OpenSSL version mismatch. Built against %lx, you "

16
sdk_container/src/third_party/portage-stable/net-misc/openssh/files/openssh-6.6_p1-x509-glue.patch vendored Normal file
View File

@ -0,0 +1,16 @@
Make x509 apply after openssh-5.9_p1-sshd-gssapi-multihomed.patch.
--- openssh-6.6p1+x509-7.9.diff
+++ openssh-6.6p1+x509-7.9.diff
@@ -15473,10 +15473,9 @@
.It Cm ChallengeResponseAuthentication
Specifies whether challenge-response authentication is allowed (e.g. via
PAM or though authentication styles supported in
-@@ -499,6 +576,16 @@
+@@ -499,5 +576,15 @@
The default is
.Dq yes .
- Note that this option applies to protocol version 2 only.
+.It Cm HostbasedAlgorithms
+Specifies the protocol version 2 algorithms used in
+.Dq hostbased

26
sdk_container/src/third_party/portage-stable/net-misc/openssh/files/openssh-6.6_p1-x509-hpn14v4-glue-p2.patch vendored Normal file
View File

@ -0,0 +1,26 @@
make the hpn patch apply when the x509 patch has also been applied
--- openssh-6.6p1-hpnssh14v4.diff
+++ openssh-6.6p1-hpnssh14v4.diff
@@ -1742,18 +1742,14 @@
if (options->ip_qos_interactive == -1)
options->ip_qos_interactive = IPTOS_LOWDELAY;
if (options->ip_qos_bulk == -1)
-@@ -345,9 +393,10 @@
+@@ -345,6 +393,7 @@
sUsePrivilegeSeparation, sAllowAgentForwarding,
sHostCertificate,
sRevokedKeys, sTrustedUserCAKeys, sAuthorizedPrincipalsFile,
-+ sTcpRcvBufPoll, sHPNDisabled, sHPNBufferSize,
++ sTcpRcvBufPoll, sHPNDisabled, sHPNBufferSize, sNoneEnabled,
sKexAlgorithms, sIPQoS, sVersionAddendum,
sAuthorizedKeysCommand, sAuthorizedKeysCommandUser,
-- sAuthenticationMethods, sHostKeyAgent,
-+ sAuthenticationMethods, sNoneEnabled, sHostKeyAgent,
- sDeprecated, sUnsupported
- } ServerOpCodes;
-
+ sAuthenticationMethods, sHostKeyAgent,
@@ -468,6 +517,10 @@
{ "revokedkeys", sRevokedKeys, SSHCFG_ALL },
{ "trustedusercakeys", sTrustedUserCAKeys, SSHCFG_ALL },

27
sdk_container/src/third_party/portage-stable/net-misc/openssh/files/sshd.rc6.4 vendored
View File

@ -1,9 +1,9 @@
#!/sbin/runscript
# Copyright 1999-2012 Gentoo Foundation
# Copyright 1999-2013 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
# $Header: /var/cvsroot/gentoo-x86/net-misc/openssh/files/sshd.rc6.4,v 1.2 2012/11/28 01:07:04 robbat2 Exp $
# $Header: /var/cvsroot/gentoo-x86/net-misc/openssh/files/sshd.rc6.4,v 1.3 2013/04/24 03:13:03 vapier Exp $
extra_commands="checkconfig gen_keys"
extra_commands="checkconfig"
extra_started_commands="reload"
SSHD_CONFDIR=${SSHD_CONFDIR:-/etc/ssh}
@ -47,7 +47,7 @@ checkconfig() {
return 1
fi
gen_keys || return 1
ssh-keygen -A || return 1
[ "${SSHD_PIDFILE}" != "/var/run/sshd.pid" ] \
&& SSHD_OPTS="${SSHD_OPTS} -o PidFile=${SSHD_PIDFILE}"
@ -57,25 +57,6 @@ checkconfig() {
"${SSHD_BINARY}" -t ${SSHD_OPTS} || return 1
}
gen_key() {
keytype=$1
[ $# -eq 1 ] && ks="${keytype}_"
key="${SSHD_CONFDIR}/ssh_host_${ks}key"
if [ ! -e "${key}" ] ; then
ebegin "Generating ${keytype} host key"
ssh-keygen -t ${keytype} -f "${key}" -N ''
eend $? || return $?
fi
}
gen_keys() {
if egrep -q '^[[:space:]]*Protocol[[:space:]]+.*1' "${SSHD_CONFDIR}"/sshd_config ; then
gen_key rsa1 "" || return 1
fi
gen_key dsa && gen_key rsa && gen_key ecdsa
return $?
}
start() {
checkconfig || return 1

1
sdk_container/src/third_party/portage-stable/net-misc/openssh/files/sshd.service vendored
View File

@ -3,6 +3,7 @@ Description=OpenSSH server daemon
After=syslog.target network.target auditd.service
[Service]
ExecStartPre=/usr/bin/ssh-keygen -A
ExecStart=/usr/sbin/sshd -D -e
ExecReload=/bin/kill -HUP $MAINPID

3
sdk_container/src/third_party/portage-stable/net-misc/openssh/metadata.xml vendored
View File

@ -27,4 +27,7 @@ ssh-keygen and sftp-server. OpenSSH supports SSH protocol versions 1.3, 1.5, and
<flag name="ldns">Use LDNS for DNSSEC/SSHFP validation.</flag>
<flag name="X509">Adds support for X.509 certificate authentication</flag>
</use>
<upstream>
<remote-id type="cpe">cpe:/a:openssh:openssh</remote-id>
</upstream>
</pkgmetadata>

279
sdk_container/src/third_party/portage-stable/net-misc/openssh/openssh-5.9_p1-r4.ebuild vendored
View File

@ -1,279 +0,0 @@
# Copyright 1999-2013 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
# $Header: /var/cvsroot/gentoo-x86/net-misc/openssh/openssh-5.9_p1-r4.ebuild,v 1.14 2013/01/18 01:14:14 robbat2 Exp $
EAPI="2"
inherit eutils user flag-o-matic multilib autotools pam systemd
# Make it more portable between straight releases
# and _p? releases.
PARCH=${P/_}
HPN_PATCH="${PARCH}-hpn13v11.diff.gz"
LDAP_PATCH="${PARCH/-/-lpk-}-0.3.14.patch.gz"
X509_VER="7.0" X509_PATCH="${PARCH}+x509-${X509_VER}.diff.gz"
DESCRIPTION="Port of OpenBSD's free SSH release"
HOMEPAGE="http://www.openssh.org/"
SRC_URI="mirror://openbsd/OpenSSH/portable/${PARCH}.tar.gz
${HPN_PATCH:+hpn? ( http://www.psc.edu/networking/projects/hpn-ssh/${HPN_PATCH} mirror://gentoo/${HPN_PATCH} )}
${LDAP_PATCH:+ldap? ( mirror://gentoo/${LDAP_PATCH} )}
${X509_PATCH:+X509? ( http://roumenpetrov.info/openssh/x509-${X509_VER}/${X509_PATCH} )}
"
LICENSE="BSD GPL-2"
SLOT="0"
KEYWORDS="alpha amd64 arm hppa ia64 m68k ~mips ppc ppc64 s390 sh sparc x86 ~sparc-fbsd ~x86-fbsd"
IUSE="bindist ${HPN_PATCH:++}hpn kerberos ldap libedit pam selinux skey static tcpd X X509"
RDEPEND="pam? ( virtual/pam )
kerberos? ( virtual/krb5 )
selinux? ( >=sys-libs/libselinux-1.28 )
skey? ( >=sys-auth/skey-1.1.5-r1 )
ldap? ( net-nds/openldap )
libedit? ( dev-libs/libedit )
>=dev-libs/openssl-0.9.6d:0[bindist=]
>=sys-libs/zlib-1.2.3
tcpd? ( >=sys-apps/tcp-wrappers-7.6 )
X? ( x11-apps/xauth )
userland_GNU? ( virtual/shadow )"
DEPEND="${RDEPEND}
virtual/pkgconfig
virtual/os-headers
sys-devel/autoconf"
RDEPEND="${RDEPEND}
pam? ( >=sys-auth/pambase-20081028 )"
S=${WORKDIR}/${PARCH}
pkg_setup() {
# this sucks, but i'd rather have people unable to `emerge -u openssh`
# than not be able to log in to their server any more
maybe_fail() { [[ -z ${!2} ]] && echo ${1} ; }
local fail="
$(use X509 && maybe_fail X509 X509_PATCH)
$(use ldap && maybe_fail ldap LDAP_PATCH)
$(use hpn && maybe_fail hpn HPN_PATCH)
"
fail=$(echo ${fail})
if [[ -n ${fail} ]] ; then
eerror "Sorry, but this version does not yet support features"
eerror "that you requested: ${fail}"
eerror "Please mask ${PF} for now and check back later:"
eerror " # echo '=${CATEGORY}/${PF}' >> /etc/portage/package.mask"
die "booooo"
fi
}
src_prepare() {
sed -i \
-e '/_PATH_XAUTH/s:/usr/X11R6/bin/xauth:/usr/bin/xauth:' \
pathnames.h || die
# keep this as we need it to avoid the conflict between LPK and HPN changing
# this file.
cp version.h version.h.pristine
# don't break .ssh/authorized_keys2 for fun
sed -i '/^AuthorizedKeysFile/s:^:#:' sshd_config || die
epatch "${FILESDIR}"/${PN}-5.9_p1-drop-openssl-check.patch
epatch "${FILESDIR}"/${PN}-5.9_p1-sshd-gssapi-multihomed.patch #378361
if use X509 ; then
pushd .. >/dev/null
epatch "${FILESDIR}"/${PN}-5.9_p1-x509-glue.patch
popd >/dev/null
epatch "${WORKDIR}"/${X509_PATCH%.*}
epatch "${FILESDIR}"/${PN}-5.8_p1-x509-hpn-glue.patch
fi
if ! use X509 ; then
if [[ -n ${LDAP_PATCH} ]] && use ldap ; then
epatch "${WORKDIR}"/${LDAP_PATCH%.*}
#epatch "${FILESDIR}"/${PN}-5.2p1-ldap-stdargs.diff #266654 - merged
# version.h patch conflict avoidence
mv version.h version.h.lpk
cp -f version.h.pristine version.h
fi
else
use ldap && ewarn "Sorry, X509 and LDAP conflict internally, disabling LDAP"
fi
epatch "${FILESDIR}"/${PN}-4.7_p1-GSSAPI-dns.patch #165444 integrated into gsskex
if [[ -n ${HPN_PATCH} ]] && use hpn; then
epatch "${WORKDIR}"/${HPN_PATCH%.*}
epatch "${FILESDIR}"/${PN}-5.6_p1-hpn-progressmeter.patch
# version.h patch conflict avoidence
mv version.h version.h.hpn
cp -f version.h.pristine version.h
# The AES-CTR multithreaded variant is broken, and causes random hangs
# when combined background threading and control sockets. To avoid
# this, we change the internal table to use the non-multithread version
# for the meantime. Do NOT remove this in new versions. See bug #354113
# comment #6 for testcase.
# Upstream reference: http://www.psc.edu/networking/projects/hpn-ssh/
## Additionally, the MT-AES-CTR mode cipher replaces the default ST-AES-CTR mode
## cipher. Be aware that if the client process is forked using the -f command line
## option the process will hang as the parent thread gets 'divorced' from the key
## generation threads. This issue will be resolved as soon as possible
sed -i \
-e '/aes...-ctr.*SSH_CIPHER_SSH2/s,evp_aes_ctr_mt,evp_aes_128_ctr,' \
cipher.c || die
fi
sed -i "s:-lcrypto:$(pkg-config --libs openssl):" configure{,.ac} || die
# Disable PATH reset, trust what portage gives us. bug 254615
sed -i -e 's:^PATH=/:#PATH=/:' configure || die
# Now we can build a sane merged version.h
(
sed '/^#define SSH_RELEASE/d' version.h.* | sort -u
printf '#define SSH_RELEASE SSH_VERSION SSH_PORTABLE %s %s\n' \
"$([ -e version.h.hpn ] && echo SSH_HPN)" \
"$([ -e version.h.lpk ] && echo SSH_LPK)"
) > version.h
eautoreconf
}
static_use_with() {
local flag=$1
if use static && use ${flag} ; then
ewarn "Disabling '${flag}' support because of USE='static'"
# rebuild args so that we invert the first one (USE flag)
# but otherwise leave everything else working so we can
# just leverage use_with
shift
[[ -z $1 ]] && flag="${flag} ${flag}"
set -- !${flag} "$@"
fi
use_with "$@"
}
src_configure() {
addwrite /dev/ptmx
addpredict /etc/skey/skeykeys #skey configure code triggers this
use static && append-ldflags -static
econf \
--with-ldflags="${LDFLAGS}" \
--disable-strip \
--sysconfdir=/etc/ssh \
--libexecdir=/usr/$(get_libdir)/misc \
--datadir=/usr/share/openssh \
--with-privsep-path=/var/empty \
--with-privsep-user=sshd \
--with-md5-passwords \
--with-ssl-engine \
$(static_use_with pam) \
$(static_use_with kerberos kerberos5 /usr) \
${LDAP_PATCH:+$(use X509 || ( use ldap && use_with ldap ))} \
$(use_with libedit) \
$(use_with selinux) \
$(use_with skey) \
$(use_with tcpd tcp-wrappers)
}
src_install() {
emake install-nokeys DESTDIR="${D}" || die
fperms 600 /etc/ssh/sshd_config
dobin contrib/ssh-copy-id || die
newinitd "${FILESDIR}"/sshd.rc6.3 sshd
newconfd "${FILESDIR}"/sshd.confd sshd
keepdir /var/empty
# not all openssl installs support ecc, or are functional #352645
if ! grep -q '#define OPENSSL_HAS_ECC 1' config.h ; then
elog "dev-libs/openssl was built with 'bindist' - disabling ecdsa support"
dosed 's:&& gen_key ecdsa::' /etc/init.d/sshd || die
fi
newpamd "${FILESDIR}"/sshd.pam_include.2 sshd
if use pam ; then
sed -i \
-e "/^#UsePAM /s:.*:UsePAM yes:" \
-e "/^#PasswordAuthentication /s:.*:PasswordAuthentication no:" \
-e "/^#PrintMotd /s:.*:PrintMotd no:" \
-e "/^#PrintLastLog /s:.*:PrintLastLog no:" \
"${D}"/etc/ssh/sshd_config || die "sed of configuration file failed"
fi
# This instruction is from the HPN webpage,
# Used for the server logging functionality
if [[ -n ${HPN_PATCH} ]] && use hpn ; then
keepdir /var/empty/dev
fi
if use ldap ; then
insinto /etc/openldap/schema/
newins openssh-lpk_openldap.schema openssh-lpk.schema
fi
doman contrib/ssh-copy-id.1
dodoc ChangeLog CREDITS OVERVIEW README* TODO sshd_config
diropts -m 0700
dodir /etc/skel/.ssh
systemd_dounit "${FILESDIR}"/sshd.{service,socket} || die
systemd_newunit "${FILESDIR}"/sshd_at.service 'sshd@.service' || die
}
src_test() {
local t tests skipped failed passed shell
tests="interop-tests compat-tests"
skipped=""
shell=$(egetshell ${UID})
if [[ ${shell} == */nologin ]] || [[ ${shell} == */false ]] ; then
elog "Running the full OpenSSH testsuite"
elog "requires a usable shell for the 'portage'"
elog "user, so we will run a subset only."
skipped="${skipped} tests"
else
tests="${tests} tests"
fi
# It will also attempt to write to the homedir .ssh
local sshhome=${T}/homedir
mkdir -p "${sshhome}"/.ssh
for t in ${tests} ; do
# Some tests read from stdin ...
HOMEDIR="${sshhome}" \
emake -k -j1 ${t} </dev/null \
&& passed="${passed}${t} " \
|| failed="${failed}${t} "
done
einfo "Passed tests: ${passed}"
ewarn "Skipped tests: ${skipped}"
if [[ -n ${failed} ]] ; then
ewarn "Failed tests: ${failed}"
die "Some tests failed: ${failed}"
else
einfo "Failed tests: ${failed}"
return 0
fi
}
pkg_preinst() {
enewgroup sshd 22
enewuser sshd 22 -1 /var/empty sshd
}
pkg_postinst() {
elog "Starting with openssh-5.8p1, the server will default to a newer key"
elog "algorithm (ECDSA). You are encouraged to manually update your stored"
elog "keys list as servers update theirs. See ssh-keyscan(1) for more info."
echo
ewarn "Remember to merge your config files in /etc/ssh/ and then"
ewarn "reload sshd: '/etc/init.d/sshd reload'."
if use pam ; then
echo
ewarn "Please be aware users need a valid shell in /etc/passwd"
ewarn "in order to be allowed to login."
fi
# This instruction is from the HPN webpage,
# Used for the server logging functionality
if [[ -n ${HPN_PATCH} ]] && use hpn ; then
echo
einfo "For the HPN server logging patch, you must ensure that"
einfo "your syslog application also listens at /var/empty/dev/log."
fi
}

294
sdk_container/src/third_party/portage-stable/net-misc/openssh/openssh-6.0_p1-r1.ebuild vendored
View File

@ -1,294 +0,0 @@
# Copyright 1999-2013 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
# $Header: /var/cvsroot/gentoo-x86/net-misc/openssh/openssh-6.0_p1-r1.ebuild,v 1.5 2013/01/18 01:14:14 robbat2 Exp $
EAPI="2"
inherit eutils user flag-o-matic multilib autotools pam systemd
# Make it more portable between straight releases
# and _p? releases.
PARCH=${P/_}
HPN_PATCH="${PARCH}-hpn13v11.diff.bz2"
LDAP_PATCH="${PARCH/-/-lpk-}-0.3.14.patch.gz"
X509_VER="7.1" X509_PATCH="${PARCH}+x509-${X509_VER}.diff.gz"
DESCRIPTION="Port of OpenBSD's free SSH release"
HOMEPAGE="http://www.openssh.org/"
SRC_URI="mirror://openbsd/OpenSSH/portable/${PARCH}.tar.gz
${HPN_PATCH:+hpn? ( http://www.psc.edu/networking/projects/hpn-ssh/${HPN_PATCH} mirror://gentoo/${HPN_PATCH} )}
${LDAP_PATCH:+ldap? ( mirror://gentoo/${LDAP_PATCH} )}
${X509_PATCH:+X509? ( http://roumenpetrov.info/openssh/x509-${X509_VER}/${X509_PATCH} )}
"
LICENSE="BSD GPL-2"
SLOT="0"
KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd"
IUSE="bindist ${HPN_PATCH:++}hpn kerberos ldap libedit pam selinux skey static tcpd X X509"
RDEPEND="pam? ( virtual/pam )
kerberos? ( virtual/krb5 )
selinux? ( >=sys-libs/libselinux-1.28 )
skey? ( >=sys-auth/skey-1.1.5-r1 )
ldap? ( net-nds/openldap )
libedit? ( dev-libs/libedit )
>=dev-libs/openssl-0.9.6d:0[bindist=]
>=sys-libs/zlib-1.2.3
tcpd? ( >=sys-apps/tcp-wrappers-7.6 )
X? ( x11-apps/xauth )
userland_GNU? ( virtual/shadow )"
DEPEND="${RDEPEND}
virtual/pkgconfig
virtual/os-headers
sys-devel/autoconf"
RDEPEND="${RDEPEND}
pam? ( >=sys-auth/pambase-20081028 )"
S=${WORKDIR}/${PARCH}
pkg_setup() {
# this sucks, but i'd rather have people unable to `emerge -u openssh`
# than not be able to log in to their server any more
maybe_fail() { [[ -z ${!2} ]] && echo ${1} ; }
local fail="
$(use X509 && maybe_fail X509 X509_PATCH)
$(use ldap && maybe_fail ldap LDAP_PATCH)
$(use hpn && maybe_fail hpn HPN_PATCH)
"
fail=$(echo ${fail})
if [[ -n ${fail} ]] ; then
eerror "Sorry, but this version does not yet support features"
eerror "that you requested: ${fail}"
eerror "Please mask ${PF} for now and check back later:"
eerror " # echo '=${CATEGORY}/${PF}' >> /etc/portage/package.mask"
die "booooo"
fi
}
save_version() {
# version.h patch conflict avoidence
mv version.h version.h.$1
cp -f version.h.pristine version.h
}
src_prepare() {
sed -i \
-e '/_PATH_XAUTH/s:/usr/X11R6/bin/xauth:/usr/bin/xauth:' \
pathnames.h || die
# keep this as we need it to avoid the conflict between LPK and HPN changing
# this file.
cp version.h version.h.pristine
# don't break .ssh/authorized_keys2 for fun
sed -i '/^AuthorizedKeysFile/s:^:#:' sshd_config || die
epatch "${FILESDIR}"/${PN}-5.9_p1-sshd-gssapi-multihomed.patch #378361
if use X509 ; then
pushd .. >/dev/null
epatch "${FILESDIR}"/${PN}-6.0_p1-x509-glue.patch
popd >/dev/null
epatch "${WORKDIR}"/${X509_PATCH%.*}
epatch "${FILESDIR}"/${PN}-6.0_p1-x509-hpn-glue.patch
save_version X509
fi
if ! use X509 ; then
if [[ -n ${LDAP_PATCH} ]] && use ldap ; then
epatch "${WORKDIR}"/${LDAP_PATCH%.*}
save_version LPK
fi
else
use ldap && ewarn "Sorry, X509 and LDAP conflict internally, disabling LDAP"
fi
epatch "${FILESDIR}"/${PN}-6.0_p1-test.patch #391011
epatch "${FILESDIR}"/${PN}-6.0_p1-fix-freebsd-compilation.patch #391011
epatch "${FILESDIR}"/${PN}-4.7_p1-GSSAPI-dns.patch #165444 integrated into gsskex
if [[ -n ${HPN_PATCH} ]] && use hpn; then
epatch "${WORKDIR}"/${HPN_PATCH%.*}
epatch "${FILESDIR}"/${PN}-5.6_p1-hpn-progressmeter.patch
save_version HPN
# The AES-CTR multithreaded variant is broken, and causes random hangs
# when combined background threading and control sockets. To avoid
# this, we change the internal table to use the non-multithread version
# for the meantime. Do NOT remove this in new versions. See bug #354113
# comment #6 for testcase.
# Upstream reference: http://www.psc.edu/networking/projects/hpn-ssh/
## Additionally, the MT-AES-CTR mode cipher replaces the default ST-AES-CTR mode
## cipher. Be aware that if the client process is forked using the -f command line
## option the process will hang as the parent thread gets 'divorced' from the key
## generation threads. This issue will be resolved as soon as possible
sed -i \
-e '/aes...-ctr.*SSH_CIPHER_SSH2/s,evp_aes_ctr_mt,evp_aes_128_ctr,' \
cipher.c || die
fi
sed -i "s:-lcrypto:$(pkg-config --libs openssl):" configure{,.ac} || die
# Disable PATH reset, trust what portage gives us. bug 254615
sed -i -e 's:^PATH=/:#PATH=/:' configure || die
# Now we can build a sane merged version.h
(
sed '/^#define SSH_RELEASE/d' version.h.* | sort -u
macros=()
for p in HPN LPK X509 ; do [ -e version.h.${p} ] && macros+=( SSH_${p} ) ; done
printf '#define SSH_RELEASE SSH_VERSION SSH_PORTABLE %s\n' "${macros}"
) > version.h
eautoreconf
}
static_use_with() {
local flag=$1
if use static && use ${flag} ; then
ewarn "Disabling '${flag}' support because of USE='static'"
# rebuild args so that we invert the first one (USE flag)
# but otherwise leave everything else working so we can
# just leverage use_with
shift
[[ -z $1 ]] && flag="${flag} ${flag}"
set -- !${flag} "$@"
fi
use_with "$@"
}
src_configure() {
addwrite /dev/ptmx
addpredict /etc/skey/skeykeys #skey configure code triggers this
use static && append-ldflags -static
econf \
--with-ldflags="${LDFLAGS}" \
--disable-strip \
--sysconfdir=/etc/ssh \
--libexecdir=/usr/$(get_libdir)/misc \
--datadir=/usr/share/openssh \
--with-privsep-path=/var/empty \
--with-privsep-user=sshd \
--with-md5-passwords \
--with-ssl-engine \
$(static_use_with pam) \
$(static_use_with kerberos kerberos5 /usr) \
${LDAP_PATCH:+$(use X509 || ( use ldap && use_with ldap ))} \
$(use_with libedit) \
$(use_with selinux) \
$(use_with skey) \
$(use_with tcpd tcp-wrappers)
}
src_install() {
emake install-nokeys DESTDIR="${D}" || die
fperms 600 /etc/ssh/sshd_config
dobin contrib/ssh-copy-id || die
newinitd "${FILESDIR}"/sshd.rc6.3 sshd
newconfd "${FILESDIR}"/sshd.confd sshd
keepdir /var/empty
# not all openssl installs support ecc, or are functional #352645
if ! grep -q '#define OPENSSL_HAS_ECC 1' config.h ; then
elog "dev-libs/openssl was built with 'bindist' - disabling ecdsa support"
dosed 's:&& gen_key ecdsa::' /etc/init.d/sshd || die
fi
newpamd "${FILESDIR}"/sshd.pam_include.2 sshd
if use pam ; then
sed -i \
-e "/^#UsePAM /s:.*:UsePAM yes:" \
-e "/^#PasswordAuthentication /s:.*:PasswordAuthentication no:" \
-e "/^#PrintMotd /s:.*:PrintMotd no:" \
-e "/^#PrintLastLog /s:.*:PrintLastLog no:" \
"${D}"/etc/ssh/sshd_config || die "sed of configuration file failed"
fi
# Gentoo tweaks to default config files
cat <<-EOF >> "${D}"/etc/ssh/sshd_config
# Allow client to pass locale environment variables #367017
AcceptEnv LANG LC_*
EOF
cat <<-EOF >> "${D}"/etc/ssh/ssh_config
# Send locale environment variables #367017
SendEnv LANG LC_*
EOF
# This instruction is from the HPN webpage,
# Used for the server logging functionality
if [[ -n ${HPN_PATCH} ]] && use hpn ; then
keepdir /var/empty/dev
fi
if use ldap ; then
insinto /etc/openldap/schema/
newins openssh-lpk_openldap.schema openssh-lpk.schema
fi
doman contrib/ssh-copy-id.1
dodoc ChangeLog CREDITS OVERVIEW README* TODO sshd_config
diropts -m 0700
dodir /etc/skel/.ssh
systemd_dounit "${FILESDIR}"/sshd.{service,socket} || die
systemd_newunit "${FILESDIR}"/sshd_at.service 'sshd@.service' || die
}
src_test() {
local t tests skipped failed passed shell
tests="interop-tests compat-tests"
skipped=""
shell=$(egetshell ${UID})
if [[ ${shell} == */nologin ]] || [[ ${shell} == */false ]] ; then
elog "Running the full OpenSSH testsuite"
elog "requires a usable shell for the 'portage'"
elog "user, so we will run a subset only."
skipped="${skipped} tests"
else
tests="${tests} tests"
fi
# It will also attempt to write to the homedir .ssh
local sshhome=${T}/homedir
mkdir -p "${sshhome}"/.ssh
for t in ${tests} ; do
# Some tests read from stdin ...
HOMEDIR="${sshhome}" \
emake -k -j1 ${t} </dev/null \
&& passed="${passed}${t} " \
|| failed="${failed}${t} "
done
einfo "Passed tests: ${passed}"
ewarn "Skipped tests: ${skipped}"
if [[ -n ${failed} ]] ; then
ewarn "Failed tests: ${failed}"
die "Some tests failed: ${failed}"
else
einfo "Failed tests: ${failed}"
return 0
fi
}
pkg_preinst() {
enewgroup sshd 22
enewuser sshd 22 -1 /var/empty sshd
}
pkg_postinst() {
elog "Starting with openssh-5.8p1, the server will default to a newer key"
elog "algorithm (ECDSA). You are encouraged to manually update your stored"
elog "keys list as servers update theirs. See ssh-keyscan(1) for more info."
echo
ewarn "Remember to merge your config files in /etc/ssh/ and then"
ewarn "reload sshd: '/etc/init.d/sshd reload'."
if use pam ; then
echo
ewarn "Please be aware users need a valid shell in /etc/passwd"
ewarn "in order to be allowed to login."
fi
# This instruction is from the HPN webpage,
# Used for the server logging functionality
if [[ -n ${HPN_PATCH} ]] && use hpn ; then
echo
einfo "For the HPN server logging patch, you must ensure that"
einfo "your syslog application also listens at /var/empty/dev/log."
fi
}

294
sdk_container/src/third_party/portage-stable/net-misc/openssh/openssh-6.0_p1.ebuild vendored
View File

@ -1,294 +0,0 @@
# Copyright 1999-2013 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
# $Header: /var/cvsroot/gentoo-x86/net-misc/openssh/openssh-6.0_p1.ebuild,v 1.11 2013/01/18 01:14:14 robbat2 Exp $
EAPI="2"
inherit eutils user flag-o-matic multilib autotools pam systemd
# Make it more portable between straight releases
# and _p? releases.
PARCH=${P/_}
HPN_PATCH="${PARCH}-hpn13v12.diff.gz"
LDAP_PATCH="${PARCH/-/-lpk-}-0.3.14.patch.gz"
X509_VER="7.1" X509_PATCH="${PARCH}+x509-${X509_VER}.diff.gz"
DESCRIPTION="Port of OpenBSD's free SSH release"
HOMEPAGE="http://www.openssh.org/"
SRC_URI="mirror://openbsd/OpenSSH/portable/${PARCH}.tar.gz
${HPN_PATCH:+hpn? ( http://www.psc.edu/networking/projects/hpn-ssh/${HPN_PATCH} mirror://gentoo/${HPN_PATCH} )}
${LDAP_PATCH:+ldap? ( mirror://gentoo/${LDAP_PATCH} )}
${X509_PATCH:+X509? ( http://roumenpetrov.info/openssh/x509-${X509_VER}/${X509_PATCH} )}
"
LICENSE="BSD GPL-2"
SLOT="0"
KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd"
IUSE="bindist ${HPN_PATCH:++}hpn kerberos ldap libedit pam selinux skey static tcpd X X509"
RDEPEND="pam? ( virtual/pam )
kerberos? ( virtual/krb5 )
selinux? ( >=sys-libs/libselinux-1.28 )
skey? ( >=sys-auth/skey-1.1.5-r1 )
ldap? ( net-nds/openldap )
libedit? ( dev-libs/libedit )
>=dev-libs/openssl-0.9.6d:0[bindist=]
>=sys-libs/zlib-1.2.3
tcpd? ( >=sys-apps/tcp-wrappers-7.6 )
X? ( x11-apps/xauth )
userland_GNU? ( virtual/shadow )"
DEPEND="${RDEPEND}
virtual/pkgconfig
virtual/os-headers
sys-devel/autoconf"
RDEPEND="${RDEPEND}
pam? ( >=sys-auth/pambase-20081028 )"
S=${WORKDIR}/${PARCH}
pkg_setup() {
# this sucks, but i'd rather have people unable to `emerge -u openssh`
# than not be able to log in to their server any more
maybe_fail() { [[ -z ${!2} ]] && echo ${1} ; }
local fail="
$(use X509 && maybe_fail X509 X509_PATCH)
$(use ldap && maybe_fail ldap LDAP_PATCH)
$(use hpn && maybe_fail hpn HPN_PATCH)
"
fail=$(echo ${fail})
if [[ -n ${fail} ]] ; then
eerror "Sorry, but this version does not yet support features"
eerror "that you requested: ${fail}"
eerror "Please mask ${PF} for now and check back later:"
eerror " # echo '=${CATEGORY}/${PF}' >> /etc/portage/package.mask"
die "booooo"
fi
}
save_version() {
# version.h patch conflict avoidence
mv version.h version.h.$1
cp -f version.h.pristine version.h
}
src_prepare() {
sed -i \
-e '/_PATH_XAUTH/s:/usr/X11R6/bin/xauth:/usr/bin/xauth:' \
pathnames.h || die
# keep this as we need it to avoid the conflict between LPK and HPN changing
# this file.
cp version.h version.h.pristine
# don't break .ssh/authorized_keys2 for fun
sed -i '/^AuthorizedKeysFile/s:^:#:' sshd_config || die
epatch "${FILESDIR}"/${PN}-5.9_p1-sshd-gssapi-multihomed.patch #378361
if use X509 ; then
pushd .. >/dev/null
epatch "${FILESDIR}"/${PN}-6.0_p1-x509-glue.patch
popd >/dev/null
epatch "${WORKDIR}"/${X509_PATCH%.*}
epatch "${FILESDIR}"/${PN}-6.0_p1-x509-hpn-glue.patch
save_version X509
fi
if ! use X509 ; then
if [[ -n ${LDAP_PATCH} ]] && use ldap ; then
epatch "${WORKDIR}"/${LDAP_PATCH%.*}
save_version LPK
fi
else
use ldap && ewarn "Sorry, X509 and LDAP conflict internally, disabling LDAP"
fi
epatch "${FILESDIR}"/${PN}-6.0_p1-test.patch #391011
epatch "${FILESDIR}"/${PN}-6.0_p1-fix-freebsd-compilation.patch #391011
epatch "${FILESDIR}"/${PN}-4.7_p1-GSSAPI-dns.patch #165444 integrated into gsskex
if [[ -n ${HPN_PATCH} ]] && use hpn; then
epatch "${WORKDIR}"/${HPN_PATCH%.*}
epatch "${FILESDIR}"/${PN}-6.0_p1-hpn-progressmeter.patch
save_version HPN
# The AES-CTR multithreaded variant is broken, and causes random hangs
# when combined background threading and control sockets. To avoid
# this, we change the internal table to use the non-multithread version
# for the meantime. Do NOT remove this in new versions. See bug #354113
# comment #6 for testcase.
# Upstream reference: http://www.psc.edu/networking/projects/hpn-ssh/
## Additionally, the MT-AES-CTR mode cipher replaces the default ST-AES-CTR mode
## cipher. Be aware that if the client process is forked using the -f command line
## option the process will hang as the parent thread gets 'divorced' from the key
## generation threads. This issue will be resolved as soon as possible
sed -i \
-e '/aes...-ctr.*SSH_CIPHER_SSH2/s,evp_aes_ctr_mt,evp_aes_128_ctr,' \
cipher.c || die
fi
sed -i "s:-lcrypto:$(pkg-config --libs openssl):" configure{,.ac} || die
# Disable PATH reset, trust what portage gives us. bug 254615
sed -i -e 's:^PATH=/:#PATH=/:' configure || die
# Now we can build a sane merged version.h
(
sed '/^#define SSH_RELEASE/d' version.h.* | sort -u
macros=()
for p in HPN LPK X509 ; do [ -e version.h.${p} ] && macros+=( SSH_${p} ) ; done
printf '#define SSH_RELEASE SSH_VERSION SSH_PORTABLE %s\n' "${macros}"
) > version.h
eautoreconf
}
static_use_with() {
local flag=$1
if use static && use ${flag} ; then
ewarn "Disabling '${flag}' support because of USE='static'"
# rebuild args so that we invert the first one (USE flag)
# but otherwise leave everything else working so we can
# just leverage use_with
shift
[[ -z $1 ]] && flag="${flag} ${flag}"
set -- !${flag} "$@"
fi
use_with "$@"
}
src_configure() {
addwrite /dev/ptmx
addpredict /etc/skey/skeykeys #skey configure code triggers this
use static && append-ldflags -static
econf \
--with-ldflags="${LDFLAGS}" \
--disable-strip \
--sysconfdir=/etc/ssh \
--libexecdir=/usr/$(get_libdir)/misc \
--datadir=/usr/share/openssh \
--with-privsep-path=/var/empty \
--with-privsep-user=sshd \
--with-md5-passwords \
--with-ssl-engine \
$(static_use_with pam) \
$(static_use_with kerberos kerberos5 /usr) \
${LDAP_PATCH:+$(use X509 || ( use ldap && use_with ldap ))} \
$(use_with libedit) \
$(use_with selinux) \
$(use_with skey) \
$(use_with tcpd tcp-wrappers)
}
src_install() {
emake install-nokeys DESTDIR="${D}" || die
fperms 600 /etc/ssh/sshd_config
dobin contrib/ssh-copy-id || die
newinitd "${FILESDIR}"/sshd.rc6.3 sshd
newconfd "${FILESDIR}"/sshd.confd sshd
keepdir /var/empty
# not all openssl installs support ecc, or are functional #352645
if ! grep -q '#define OPENSSL_HAS_ECC 1' config.h ; then
elog "dev-libs/openssl was built with 'bindist' - disabling ecdsa support"
dosed 's:&& gen_key ecdsa::' /etc/init.d/sshd || die
fi
newpamd "${FILESDIR}"/sshd.pam_include.2 sshd
if use pam ; then
sed -i \
-e "/^#UsePAM /s:.*:UsePAM yes:" \
-e "/^#PasswordAuthentication /s:.*:PasswordAuthentication no:" \
-e "/^#PrintMotd /s:.*:PrintMotd no:" \
-e "/^#PrintLastLog /s:.*:PrintLastLog no:" \
"${D}"/etc/ssh/sshd_config || die "sed of configuration file failed"
fi
# Gentoo tweaks to default config files
cat <<-EOF >> "${D}"/etc/ssh/sshd_config
# Allow client to pass locale environment variables #367017
AcceptEnv LANG LC_*
EOF
cat <<-EOF >> "${D}"/etc/ssh/ssh_config
# Send locale environment variables #367017
SendEnv LANG LC_*
EOF
# This instruction is from the HPN webpage,
# Used for the server logging functionality
if [[ -n ${HPN_PATCH} ]] && use hpn ; then
keepdir /var/empty/dev
fi
if use ldap ; then
insinto /etc/openldap/schema/
newins openssh-lpk_openldap.schema openssh-lpk.schema
fi
doman contrib/ssh-copy-id.1
dodoc ChangeLog CREDITS OVERVIEW README* TODO sshd_config
diropts -m 0700
dodir /etc/skel/.ssh
systemd_dounit "${FILESDIR}"/sshd.{service,socket} || die
systemd_newunit "${FILESDIR}"/sshd_at.service 'sshd@.service' || die
}
src_test() {
local t tests skipped failed passed shell
tests="interop-tests compat-tests"
skipped=""
shell=$(egetshell ${UID})
if [[ ${shell} == */nologin ]] || [[ ${shell} == */false ]] ; then
elog "Running the full OpenSSH testsuite"
elog "requires a usable shell for the 'portage'"
elog "user, so we will run a subset only."
skipped="${skipped} tests"
else
tests="${tests} tests"
fi
# It will also attempt to write to the homedir .ssh
local sshhome=${T}/homedir
mkdir -p "${sshhome}"/.ssh
for t in ${tests} ; do
# Some tests read from stdin ...
HOMEDIR="${sshhome}" \
emake -k -j1 ${t} </dev/null \
&& passed="${passed}${t} " \
|| failed="${failed}${t} "
done
einfo "Passed tests: ${passed}"
ewarn "Skipped tests: ${skipped}"
if [[ -n ${failed} ]] ; then
ewarn "Failed tests: ${failed}"
die "Some tests failed: ${failed}"
else
einfo "Failed tests: ${failed}"
return 0
fi
}
pkg_preinst() {
enewgroup sshd 22
enewuser sshd 22 -1 /var/empty sshd
}
pkg_postinst() {
elog "Starting with openssh-5.8p1, the server will default to a newer key"
elog "algorithm (ECDSA). You are encouraged to manually update your stored"
elog "keys list as servers update theirs. See ssh-keyscan(1) for more info."
echo
ewarn "Remember to merge your config files in /etc/ssh/ and then"
ewarn "reload sshd: '/etc/init.d/sshd reload'."
if use pam ; then
echo
ewarn "Please be aware users need a valid shell in /etc/passwd"
ewarn "in order to be allowed to login."
fi
# This instruction is from the HPN webpage,
# Used for the server logging functionality
if [[ -n ${HPN_PATCH} ]] && use hpn ; then
echo
einfo "For the HPN server logging patch, you must ensure that"
einfo "your syslog application also listens at /var/empty/dev/log."
fi
}

294
sdk_container/src/third_party/portage-stable/net-misc/openssh/openssh-6.1_p1.ebuild vendored
View File

@ -1,294 +0,0 @@
# Copyright 1999-2013 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
# $Header: /var/cvsroot/gentoo-x86/net-misc/openssh/openssh-6.1_p1.ebuild,v 1.9 2013/01/18 01:14:14 robbat2 Exp $
EAPI="4"
inherit eutils user flag-o-matic multilib autotools pam systemd
# Make it more portable between straight releases
# and _p? releases.
PARCH=${P/_}
HPN_PATCH="${PARCH}-hpn13v11.diff.bz2"
LDAP_PATCH="${PARCH/-/-lpk-}-0.3.14.patch.gz"
X509_VER="7.2.1" X509_PATCH="${PARCH}+x509-${X509_VER}.diff.gz"
DESCRIPTION="Port of OpenBSD's free SSH release"
HOMEPAGE="http://www.openssh.org/"
SRC_URI="mirror://openbsd/OpenSSH/portable/${PARCH}.tar.gz
${HPN_PATCH:+hpn? ( http://www.psc.edu/networking/projects/hpn-ssh/${HPN_PATCH} mirror://gentoo/${HPN_PATCH} )}
${LDAP_PATCH:+ldap? ( mirror://gentoo/${LDAP_PATCH} )}
${X509_PATCH:+X509? ( http://roumenpetrov.info/openssh/x509-${X509_VER}/${X509_PATCH} )}
"
LICENSE="BSD GPL-2"
SLOT="0"
KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd"
IUSE="bindist ${HPN_PATCH:++}hpn kerberos ldap libedit pam selinux skey static tcpd X X509"
LIB_DEPEND="selinux? ( >=sys-libs/libselinux-1.28[static-libs(+)] )
skey? ( >=sys-auth/skey-1.1.5-r1[static-libs(+)] )
libedit? ( dev-libs/libedit[static-libs(+)] )
>=dev-libs/openssl-0.9.6d:0[bindist=]
dev-libs/openssl[static-libs(+)]
>=sys-libs/zlib-1.2.3[static-libs(+)]
tcpd? ( >=sys-apps/tcp-wrappers-7.6[static-libs(+)] )"
RDEPEND="!static? ( ${LIB_DEPEND//\[static-libs(+)]} )
pam? ( virtual/pam )
kerberos? ( virtual/krb5 )
ldap? ( net-nds/openldap )"
DEPEND="${RDEPEND}
static? ( ${LIB_DEPEND} )
virtual/pkgconfig
virtual/os-headers
sys-devel/autoconf"
RDEPEND="${RDEPEND}
pam? ( >=sys-auth/pambase-20081028 )
userland_GNU? ( virtual/shadow )
X? ( x11-apps/xauth )"
S=${WORKDIR}/${PARCH}
pkg_setup() {
# this sucks, but i'd rather have people unable to `emerge -u openssh`
# than not be able to log in to their server any more
maybe_fail() { [[ -z ${!2} ]] && echo ${1} ; }
local fail="
$(use X509 && maybe_fail X509 X509_PATCH)
$(use ldap && maybe_fail ldap LDAP_PATCH)
$(use hpn && maybe_fail hpn HPN_PATCH)
"
fail=$(echo ${fail})
if [[ -n ${fail} ]] ; then
eerror "Sorry, but this version does not yet support features"
eerror "that you requested: ${fail}"
eerror "Please mask ${PF} for now and check back later:"
eerror " # echo '=${CATEGORY}/${PF}' >> /etc/portage/package.mask"
die "booooo"
fi
}
save_version() {
# version.h patch conflict avoidence
mv version.h version.h.$1
cp -f version.h.pristine version.h
}
src_prepare() {
sed -i \
-e '/_PATH_XAUTH/s:/usr/X11R6/bin/xauth:/usr/bin/xauth:' \
pathnames.h || die
# keep this as we need it to avoid the conflict between LPK and HPN changing
# this file.
cp version.h version.h.pristine
# don't break .ssh/authorized_keys2 for fun
sed -i '/^AuthorizedKeysFile/s:^:#:' sshd_config || die
epatch "${FILESDIR}"/${PN}-5.9_p1-sshd-gssapi-multihomed.patch #378361
if use X509 ; then
pushd .. >/dev/null
epatch "${FILESDIR}"/${PN}-6.1_p1-x509-glue.patch
popd >/dev/null
epatch "${WORKDIR}"/${X509_PATCH%.*}
epatch "${FILESDIR}"/${PN}-6.1_p1-x509-hpn-glue.patch
save_version X509
fi
if ! use X509 ; then
if [[ -n ${LDAP_PATCH} ]] && use ldap ; then
epatch "${WORKDIR}"/${LDAP_PATCH%.*}
save_version LPK
fi
else
use ldap && ewarn "Sorry, X509 and LDAP conflict internally, disabling LDAP"
fi
epatch "${FILESDIR}"/${PN}-6.0_p1-fix-freebsd-compilation.patch #391011
epatch "${FILESDIR}"/${PN}-4.7_p1-GSSAPI-dns.patch #165444 integrated into gsskex
if [[ -n ${HPN_PATCH} ]] && use hpn; then
epatch "${WORKDIR}"/${HPN_PATCH%.*}
epatch "${FILESDIR}"/${PN}-5.6_p1-hpn-progressmeter.patch
save_version HPN
# The AES-CTR multithreaded variant is broken, and causes random hangs
# when combined background threading and control sockets. To avoid
# this, we change the internal table to use the non-multithread version
# for the meantime. Do NOT remove this in new versions. See bug #354113
# comment #6 for testcase.
# Upstream reference: http://www.psc.edu/networking/projects/hpn-ssh/
## Additionally, the MT-AES-CTR mode cipher replaces the default ST-AES-CTR mode
## cipher. Be aware that if the client process is forked using the -f command line
## option the process will hang as the parent thread gets 'divorced' from the key
## generation threads. This issue will be resolved as soon as possible
sed -i \
-e '/aes...-ctr.*SSH_CIPHER_SSH2/s,evp_aes_ctr_mt,evp_aes_128_ctr,' \
cipher.c || die
fi
tc-export PKG_CONFIG
sed -i "s:-lcrypto:$(${PKG_CONFIG} --libs openssl):" configure{,.ac} || die
# Disable PATH reset, trust what portage gives us. bug 254615
sed -i -e 's:^PATH=/:#PATH=/:' configure || die
# Now we can build a sane merged version.h
(
sed '/^#define SSH_RELEASE/d' version.h.* | sort -u
macros=()
for p in HPN LPK X509 ; do [ -e version.h.${p} ] && macros+=( SSH_${p} ) ; done
printf '#define SSH_RELEASE SSH_VERSION SSH_PORTABLE %s\n' "${macros}"
) > version.h
eautoreconf
}
static_use_with() {
local flag=$1
if use static && use ${flag} ; then
ewarn "Disabling '${flag}' support because of USE='static'"
# rebuild args so that we invert the first one (USE flag)
# but otherwise leave everything else working so we can
# just leverage use_with
shift
[[ -z $1 ]] && flag="${flag} ${flag}"
set -- !${flag} "$@"
fi
use_with "$@"
}
src_configure() {
addwrite /dev/ptmx
addpredict /etc/skey/skeykeys #skey configure code triggers this
use static && append-ldflags -static
econf \
--with-ldflags="${LDFLAGS}" \
--disable-strip \
--with-pid-dir=/var/run \
--sysconfdir=/etc/ssh \
--libexecdir=/usr/$(get_libdir)/misc \
--datadir=/usr/share/openssh \
--with-privsep-path=/var/empty \
--with-privsep-user=sshd \
--with-md5-passwords \
--with-ssl-engine \
$(static_use_with pam) \
$(static_use_with kerberos kerberos5 /usr) \
${LDAP_PATCH:+$(use X509 || ( use ldap && use_with ldap ))} \
$(use_with libedit) \
$(use_with selinux) \
$(use_with skey) \
$(use_with tcpd tcp-wrappers)
}
src_install() {
emake install-nokeys DESTDIR="${D}"
fperms 600 /etc/ssh/sshd_config
dobin contrib/ssh-copy-id
newinitd "${FILESDIR}"/sshd.rc6.3 sshd
newconfd "${FILESDIR}"/sshd.confd sshd
keepdir /var/empty
# not all openssl installs support ecc, or are functional #352645
if ! grep -q '#define OPENSSL_HAS_ECC 1' config.h ; then
elog "dev-libs/openssl was built with 'bindist' - disabling ecdsa support"
sed -i 's:&& gen_key ecdsa::' "${ED}"/etc/init.d/sshd || die
fi
newpamd "${FILESDIR}"/sshd.pam_include.2 sshd
if use pam ; then
sed -i \
-e "/^#UsePAM /s:.*:UsePAM yes:" \
-e "/^#PasswordAuthentication /s:.*:PasswordAuthentication no:" \
-e "/^#PrintMotd /s:.*:PrintMotd no:" \
-e "/^#PrintLastLog /s:.*:PrintLastLog no:" \
"${ED}"/etc/ssh/sshd_config || die "sed of configuration file failed"
fi
# Gentoo tweaks to default config files
cat <<-EOF >> "${ED}"/etc/ssh/sshd_config
# Allow client to pass locale environment variables #367017
AcceptEnv LANG LC_*
EOF
cat <<-EOF >> "${ED}"/etc/ssh/ssh_config
# Send locale environment variables #367017
SendEnv LANG LC_*
EOF
# This instruction is from the HPN webpage,
# Used for the server logging functionality
if [[ -n ${HPN_PATCH} ]] && use hpn ; then
keepdir /var/empty/dev
fi
if use ldap ; then
insinto /etc/openldap/schema/
newins openssh-lpk_openldap.schema openssh-lpk.schema
fi
doman contrib/ssh-copy-id.1
dodoc ChangeLog CREDITS OVERVIEW README* TODO sshd_config
diropts -m 0700
dodir /etc/skel/.ssh
systemd_dounit "${FILESDIR}"/sshd.{service,socket}
systemd_newunit "${FILESDIR}"/sshd_at.service 'sshd@.service'
}
src_test() {
local t tests skipped failed passed shell
tests="interop-tests compat-tests"
skipped=""
shell=$(egetshell ${UID})
if [[ ${shell} == */nologin ]] || [[ ${shell} == */false ]] ; then
elog "Running the full OpenSSH testsuite"
elog "requires a usable shell for the 'portage'"
elog "user, so we will run a subset only."
skipped="${skipped} tests"
else
tests="${tests} tests"
fi
# It will also attempt to write to the homedir .ssh
local sshhome=${T}/homedir
mkdir -p "${sshhome}"/.ssh
for t in ${tests} ; do
# Some tests read from stdin ...
HOMEDIR="${sshhome}" \
emake -k -j1 ${t} </dev/null \
&& passed="${passed}${t} " \
|| failed="${failed}${t} "
done
einfo "Passed tests: ${passed}"
ewarn "Skipped tests: ${skipped}"
if [[ -n ${failed} ]] ; then
ewarn "Failed tests: ${failed}"
die "Some tests failed: ${failed}"
else
einfo "Failed tests: ${failed}"
return 0
fi
}
pkg_preinst() {
enewgroup sshd 22
enewuser sshd 22 -1 /var/empty sshd
}
pkg_postinst() {
if has_version "<${CATEGORY}/${PN}-5.8_p1" ; then
elog "Starting with openssh-5.8p1, the server will default to a newer key"
elog "algorithm (ECDSA). You are encouraged to manually update your stored"
elog "keys list as servers update theirs. See ssh-keyscan(1) for more info."
fi
ewarn "Remember to merge your config files in /etc/ssh/ and then"
ewarn "reload sshd: '/etc/init.d/sshd reload'."
# This instruction is from the HPN webpage,
# Used for the server logging functionality
if [[ -n ${HPN_PATCH} ]] && use hpn ; then
echo
einfo "For the HPN server logging patch, you must ensure that"
einfo "your syslog application also listens at /var/empty/dev/log."
fi
}

61
sdk_container/src/third_party/portage-stable/net-misc/openssh/openssh-6.1_p1-r1.ebuild → sdk_container/src/third_party/portage-stable/net-misc/openssh/openssh-6.6_p1-r1.ebuild vendored
View File

@ -1,6 +1,6 @@
# Copyright 1999-2013 Gentoo Foundation
# Copyright 1999-2014 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
# $Header: /var/cvsroot/gentoo-x86/net-misc/openssh/openssh-6.1_p1-r1.ebuild,v 1.5 2013/02/21 05:30:13 zmedico Exp $
# $Header: /var/cvsroot/gentoo-x86/net-misc/openssh/openssh-6.6_p1-r1.ebuild,v 1.10 2014/03/23 09:54:17 ago Exp $
EAPI="4"
inherit eutils user flag-o-matic multilib autotools pam systemd versionator
@ -9,21 +9,23 @@ inherit eutils user flag-o-matic multilib autotools pam systemd versionator
# and _p? releases.
PARCH=${P/_}
HPN_PATCH="${PARCH}-hpn13v11.diff.bz2"
LDAP_PATCH="${PARCH/-/-lpk-}-0.3.14.patch.gz"
X509_VER="7.2.1" X509_PATCH="${PARCH}+x509-${X509_VER}.diff.gz"
#HPN_PATCH="${PN}-6.6p1-hpnssh14v4.diff.gz"
HPN_PATCH="${PN}-6.6p1-hpnssh14v4.diff.xz"
LDAP_PATCH="${PN}-lpk-6.5p1-0.3.14.patch.gz"
X509_VER="7.9" X509_PATCH="${PARCH}+x509-${X509_VER}.diff.gz"
DESCRIPTION="Port of OpenBSD's free SSH release"
HOMEPAGE="http://www.openssh.org/"
SRC_URI="mirror://openbsd/OpenSSH/portable/${PARCH}.tar.gz
${HPN_PATCH:+hpn? ( http://www.psc.edu/networking/projects/hpn-ssh/${HPN_PATCH} mirror://gentoo/${HPN_PATCH} )}
${HPN_PATCH:+hpn? ( http://dev.gentoo.org/~polynomial-c/${HPN_PATCH} )}
${LDAP_PATCH:+ldap? ( mirror://gentoo/${LDAP_PATCH} )}
${X509_PATCH:+X509? ( http://roumenpetrov.info/openssh/x509-${X509_VER}/${X509_PATCH} )}
"
#${HPN_PATCH:+hpn? ( mirror://sourceforge/hpnssh/${HPN_PATCH} )}
LICENSE="BSD GPL-2"
SLOT="0"
KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~arm-linux ~x86-linux"
KEYWORDS="alpha amd64 arm arm64 hppa ia64 m68k ~mips ppc ppc64 s390 sh sparc x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~arm-linux ~x86-linux"
IUSE="bindist ${HPN_PATCH:++}hpn kerberos ldap ldns libedit pam selinux skey static tcpd X X509"
LIB_DEPEND="selinux? ( >=sys-libs/libselinux-1.28[static-libs(+)] )
@ -65,7 +67,7 @@ S=${WORKDIR}/${PARCH}
pkg_setup() {
# this sucks, but i'd rather have people unable to `emerge -u openssh`
# than not be able to log in to their server any more
maybe_fail() { [[ -z ${!2} ]] && echo ${1} ; }
maybe_fail() { [[ -z ${!2} ]] && echo "$1" ; }
local fail="
$(use X509 && maybe_fail X509 X509_PATCH)
$(use ldap && maybe_fail ldap LDAP_PATCH)
@ -89,7 +91,7 @@ save_version() {
src_prepare() {
sed -i \
-e '/_PATH_XAUTH/s:/usr/X11R6/bin/xauth:${EPREFIX}/usr/bin/xauth:' \
-e "/_PATH_XAUTH/s:/usr/X11R6/bin/xauth:${EPREFIX}/usr/bin/xauth:" \
pathnames.h || die
# keep this as we need it to avoid the conflict between LPK and HPN changing
# this file.
@ -101,10 +103,11 @@ src_prepare() {
epatch "${FILESDIR}"/${PN}-5.9_p1-sshd-gssapi-multihomed.patch #378361
if use X509 ; then
pushd .. >/dev/null
epatch "${FILESDIR}"/${PN}-6.1_p1-x509-glue.patch
epatch "${FILESDIR}"/${PN}-6.6_p1-x509-glue.patch
use hpn && epatch "${FILESDIR}"/${PN}-6.6_p1-x509-hpn14v4-glue-p2.patch
popd >/dev/null
epatch "${WORKDIR}"/${X509_PATCH%.*}
epatch "${FILESDIR}"/${PN}-6.1_p1-x509-hpn-glue.patch
epatch "${FILESDIR}"/${PN}-6.3_p1-x509-hpn14v2-glue.patch
save_version X509
fi
if ! use X509 ; then
@ -115,32 +118,30 @@ src_prepare() {
else
use ldap && ewarn "Sorry, X509 and LDAP conflict internally, disabling LDAP"
fi
epatch "${FILESDIR}"/${PN}-6.0_p1-fix-freebsd-compilation.patch #391011
epatch "${FILESDIR}"/${PN}-4.7_p1-GSSAPI-dns.patch #165444 integrated into gsskex
epatch "${FILESDIR}"/${PN}-6.6_p1-openssl-ignore-status.patch
if [[ -n ${HPN_PATCH} ]] && use hpn; then
epatch "${WORKDIR}"/${HPN_PATCH%.*}
epatch "${FILESDIR}"/${PN}-5.6_p1-hpn-progressmeter.patch
epatch "${FILESDIR}"/${PN}-6.5_p1-hpn-cipher-align.patch #498632
save_version HPN
# The AES-CTR multithreaded variant is broken, and causes random hangs
# when combined background threading and control sockets. To avoid
# this, we change the internal table to use the non-multithread version
# for the meantime. Do NOT remove this in new versions. See bug #354113
# comment #6 for testcase.
# Upstream reference: http://www.psc.edu/networking/projects/hpn-ssh/
## Additionally, the MT-AES-CTR mode cipher replaces the default ST-AES-CTR mode
## cipher. Be aware that if the client process is forked using the -f command line
## option the process will hang as the parent thread gets 'divorced' from the key
## generation threads. This issue will be resolved as soon as possible
sed -i \
-e '/aes...-ctr.*SSH_CIPHER_SSH2/s,evp_aes_ctr_mt,evp_aes_128_ctr,' \
cipher.c || die
fi
tc-export PKG_CONFIG
sed -i "s:-lcrypto:$(${PKG_CONFIG} --libs openssl):" configure{,.ac} || die
local sed_args=(
-e "s:-lcrypto:$(${PKG_CONFIG} --libs openssl):"
# Disable PATH reset, trust what portage gives us #254615
-e 's:^PATH=/:#PATH=/:'
# Disable fortify flags ... our gcc does this for us
-e 's:-D_FORTIFY_SOURCE=2::'
)
# The -ftrapv flag ICEs on hppa #505182
use hppa && sed_args+=(
-e '/CFLAGS/s:-ftrapv:-fdisable-this-test:'
-e '/OSSH_CHECK_CFLAG_LINK.*-ftrapv/d'
)
sed -i "${sed_args[@]}" configure{.ac,} || die
# Disable PATH reset, trust what portage gives us. bug 254615
sed -i -e 's:^PATH=/:#PATH=/:' configure || die
epatch_user #473004
# Now we can build a sane merged version.h
(
@ -244,7 +245,7 @@ src_install() {
keepdir /var/empty/dev
fi
if use ldap ; then
if ! use X509 && [[ -n ${LDAP_PATCH} ]] && use ldap ; then
insinto /etc/openldap/schema/
newins openssh-lpk_openldap.schema openssh-lpk.schema
fi