From f229b49ef2f88bd35e7618863b62e66dd7342aeb Mon Sep 17 00:00:00 2001 From: Michael Marineau Date: Mon, 31 Mar 2014 15:15:28 -0700 Subject: [PATCH] bump(net-misc/openssh): sync with upstream Synced openssl too, not a new version but seemed reasonable to refresh our copy of the ebuilds. Packages updated: dev-libs/openssl net-misc/openssh --- .../portage-stable/dev-libs/openssl/ChangeLog | 24 +- .../portage-stable/dev-libs/openssl/Manifest | 44 +- .../files/openssl-1.0.1e-bad-mac-aes-ni.patch | 35 - .../openssl-1.0.1e-rdrand-explicit.patch | 28 - .../files/openssl-1.0.1e-tls-ver-crash.patch | 34 - .../openssl/files/openssl-1.0.2-ipv6.patch | 659 ++++++++++++++++++ .../files/openssl-1.0.2-parallel-build.patch | 354 ++++++++++ ...ch => openssl-1.0.2_beta1-perl-5.18.patch} | 233 ++++--- .../dev-libs/openssl/metadata.xml | 2 +- .../dev-libs/openssl/openssl-1.0.1e-r1.ebuild | 237 ------- .../dev-libs/openssl/openssl-1.0.1e-r3.ebuild | 241 ------- .../dev-libs/openssl/openssl-1.0.1e.ebuild | 221 ------ ...e-r2.ebuild => openssl-1.0.2_beta1.ebuild} | 22 +- .../portage-stable/net-misc/openssh/ChangeLog | 237 ++++++- .../portage-stable/net-misc/openssh/Manifest | 66 +- .../files/openssh-5.2_p1-autoconf.patch | 15 - .../files/openssh-5.2_p1-gsskex-fix.patch | 16 - .../files/openssh-5.2_p1-x509-hpn-glue.patch | 91 --- .../files/openssh-5.6_p1-x509-hpn-glue.patch | 60 -- .../files/openssh-5.7_p1-x509-hpn-glue.patch | 60 -- .../files/openssh-5.8_p1-selinux.patch | 18 - .../files/openssh-6.2_p2-x509-glue.patch | 16 + .../files/openssh-6.2_p2-x509-hpn-glue.patch | 51 ++ .../openssh-6.2_p2-x509-hpn14v1-glue.patch | 87 +++ .../files/openssh-6.3_p1-aes-gcm.patch | 13 + .../files/openssh-6.3_p1-x509-glue.patch | 16 + .../openssh-6.3_p1-x509-hpn14v2-glue.patch | 51 ++ .../files/openssh-6.4_p1-x509-glue.patch | 30 + .../openssh-6.5_p1-hpn-cipher-align.patch | 114 +++ ...openssh-6.6_p1-openssl-ignore-status.patch | 17 + .../files/openssh-6.6_p1-x509-glue.patch | 16 + .../openssh-6.6_p1-x509-hpn14v4-glue-p2.patch | 26 + .../net-misc/openssh/files/sshd.rc6.4 | 27 +- .../net-misc/openssh/files/sshd.service | 1 + .../net-misc/openssh/metadata.xml | 3 + .../net-misc/openssh/openssh-5.9_p1-r4.ebuild | 279 -------- .../net-misc/openssh/openssh-6.0_p1-r1.ebuild | 294 -------- .../net-misc/openssh/openssh-6.0_p1.ebuild | 294 -------- .../net-misc/openssh/openssh-6.1_p1.ebuild | 294 -------- ..._p1-r1.ebuild => openssh-6.6_p1-r1.ebuild} | 61 +- 40 files changed, 1942 insertions(+), 2445 deletions(-) delete mode 100644 sdk_container/src/third_party/portage-stable/dev-libs/openssl/files/openssl-1.0.1e-bad-mac-aes-ni.patch delete mode 100644 sdk_container/src/third_party/portage-stable/dev-libs/openssl/files/openssl-1.0.1e-rdrand-explicit.patch delete mode 100644 sdk_container/src/third_party/portage-stable/dev-libs/openssl/files/openssl-1.0.1e-tls-ver-crash.patch create mode 100644 sdk_container/src/third_party/portage-stable/dev-libs/openssl/files/openssl-1.0.2-ipv6.patch create mode 100644 sdk_container/src/third_party/portage-stable/dev-libs/openssl/files/openssl-1.0.2-parallel-build.patch rename sdk_container/src/third_party/portage-stable/dev-libs/openssl/files/{openssl-1.0.1e-perl-5.18.patch => openssl-1.0.2_beta1-perl-5.18.patch} (59%) delete mode 100644 sdk_container/src/third_party/portage-stable/dev-libs/openssl/openssl-1.0.1e-r1.ebuild delete mode 100644 sdk_container/src/third_party/portage-stable/dev-libs/openssl/openssl-1.0.1e-r3.ebuild delete mode 100644 sdk_container/src/third_party/portage-stable/dev-libs/openssl/openssl-1.0.1e.ebuild rename sdk_container/src/third_party/portage-stable/dev-libs/openssl/{openssl-1.0.1e-r2.ebuild => openssl-1.0.2_beta1.ebuild} (92%) delete mode 100644 sdk_container/src/third_party/portage-stable/net-misc/openssh/files/openssh-5.2_p1-autoconf.patch delete mode 100644 sdk_container/src/third_party/portage-stable/net-misc/openssh/files/openssh-5.2_p1-gsskex-fix.patch delete mode 100644 sdk_container/src/third_party/portage-stable/net-misc/openssh/files/openssh-5.2_p1-x509-hpn-glue.patch delete mode 100644 sdk_container/src/third_party/portage-stable/net-misc/openssh/files/openssh-5.6_p1-x509-hpn-glue.patch delete mode 100644 sdk_container/src/third_party/portage-stable/net-misc/openssh/files/openssh-5.7_p1-x509-hpn-glue.patch delete mode 100644 sdk_container/src/third_party/portage-stable/net-misc/openssh/files/openssh-5.8_p1-selinux.patch create mode 100644 sdk_container/src/third_party/portage-stable/net-misc/openssh/files/openssh-6.2_p2-x509-glue.patch create mode 100644 sdk_container/src/third_party/portage-stable/net-misc/openssh/files/openssh-6.2_p2-x509-hpn-glue.patch create mode 100644 sdk_container/src/third_party/portage-stable/net-misc/openssh/files/openssh-6.2_p2-x509-hpn14v1-glue.patch create mode 100644 sdk_container/src/third_party/portage-stable/net-misc/openssh/files/openssh-6.3_p1-aes-gcm.patch create mode 100644 sdk_container/src/third_party/portage-stable/net-misc/openssh/files/openssh-6.3_p1-x509-glue.patch create mode 100644 sdk_container/src/third_party/portage-stable/net-misc/openssh/files/openssh-6.3_p1-x509-hpn14v2-glue.patch create mode 100644 sdk_container/src/third_party/portage-stable/net-misc/openssh/files/openssh-6.4_p1-x509-glue.patch create mode 100644 sdk_container/src/third_party/portage-stable/net-misc/openssh/files/openssh-6.5_p1-hpn-cipher-align.patch create mode 100644 sdk_container/src/third_party/portage-stable/net-misc/openssh/files/openssh-6.6_p1-openssl-ignore-status.patch create mode 100644 sdk_container/src/third_party/portage-stable/net-misc/openssh/files/openssh-6.6_p1-x509-glue.patch create mode 100644 sdk_container/src/third_party/portage-stable/net-misc/openssh/files/openssh-6.6_p1-x509-hpn14v4-glue-p2.patch delete mode 100644 sdk_container/src/third_party/portage-stable/net-misc/openssh/openssh-5.9_p1-r4.ebuild delete mode 100644 sdk_container/src/third_party/portage-stable/net-misc/openssh/openssh-6.0_p1-r1.ebuild delete mode 100644 sdk_container/src/third_party/portage-stable/net-misc/openssh/openssh-6.0_p1.ebuild delete mode 100644 sdk_container/src/third_party/portage-stable/net-misc/openssh/openssh-6.1_p1.ebuild rename sdk_container/src/third_party/portage-stable/net-misc/openssh/{openssh-6.1_p1-r1.ebuild => openssh-6.6_p1-r1.ebuild} (80%) diff --git a/sdk_container/src/third_party/portage-stable/dev-libs/openssl/ChangeLog b/sdk_container/src/third_party/portage-stable/dev-libs/openssl/ChangeLog index 9471bc1c09..05e42c0671 100644 --- a/sdk_container/src/third_party/portage-stable/dev-libs/openssl/ChangeLog +++ b/sdk_container/src/third_party/portage-stable/dev-libs/openssl/ChangeLog @@ -1,6 +1,28 @@ # ChangeLog for dev-libs/openssl # Copyright 1999-2014 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/dev-libs/openssl/ChangeLog,v 1.513 2014/01/26 11:59:33 ago Exp $ +# $Header: /var/cvsroot/gentoo-x86/dev-libs/openssl/ChangeLog,v 1.517 2014/03/22 18:56:05 vapier Exp $ + + 22 Mar 2014; Mike Frysinger metadata.xml: + Note that USE=bindist changes ABI. #505306 by Thibaud CANALE. + + 21 Mar 2014; Lars Wendler + openssl-1.0.2_beta1.ebuild, +files/openssl-1.0.2_beta1-perl-5.18.patch: + Fixed installation with perl-5.18 + +*openssl-1.0.2_beta1 (20 Mar 2014) + + 20 Mar 2014; Mike Frysinger + +files/openssl-1.0.2-ipv6.patch, +files/openssl-1.0.2-parallel-build.patch, + +openssl-1.0.2_beta1.ebuild: + Version bump for testing. + + 21 Feb 2014; Lars Wendler -openssl-1.0.1e.ebuild, + -openssl-1.0.1e-r1.ebuild, -openssl-1.0.1e-r2.ebuild, + -openssl-1.0.1e-r3.ebuild, -files/openssl-1.0.1e-bad-mac-aes-ni.patch, + -files/openssl-1.0.1e-perl-5.18.patch, + -files/openssl-1.0.1e-rdrand-explicit.patch, + -files/openssl-1.0.1e-tls-ver-crash.patch: + Removed vulnerable versions (bug #497838). 26 Jan 2014; Agostino Sarubbo openssl-1.0.1f.ebuild: Stable for sparc, wrt bug #497838 diff --git a/sdk_container/src/third_party/portage-stable/dev-libs/openssl/Manifest b/sdk_container/src/third_party/portage-stable/dev-libs/openssl/Manifest index cd3d71a4b5..2191594123 100644 --- a/sdk_container/src/third_party/portage-stable/dev-libs/openssl/Manifest +++ b/sdk_container/src/third_party/portage-stable/dev-libs/openssl/Manifest @@ -15,42 +15,38 @@ AUX openssl-1.0.0e-x32.patch 4113 SHA256 e3c5118541d580d3cac2fe9f8af54059f81518b AUX openssl-1.0.0h-pkg-config.patch 1289 SHA256 542dea12747b1cb667707250e3eb3803cbdd396bd0d8e836e48a8018417dc1b8 SHA512 4d1f66dc8615cdf7c96719c8cc909c7d908089e91b0cfe2dd08ae7a332c525b5384e2eb8eb3922e89cbc035167f581eaa606ba826fca6253f16f89f66a9ef225 WHIRLPOOL cdd63a06205b0237ddef1f56df2accf29e5f43f886aed01f95711b49a3af07d87afd0953cb3c12c7e97d4a3392f7c691257dcb7ad3e97cc6fbf1cf399a8a6394 AUX openssl-1.0.1-parallel-build.patch 10614 SHA256 f3aa674880ffa53a891d3f9054a1ff162c4461b3ec160a365990275907636259 SHA512 439015b3b007adfbab047a1e3e12a9700030779a593bba1a30e9554c7c02eb1cffe9acb089546954e87163847cf86b13130abf9646eb5d00a2ff725b534f84d5 WHIRLPOOL 673f6f045765effb9ded607bf8116a81e7bfeee78ba0e8a34892081c272239a2b75fbb14f4c48b61d93593fac8e1b1e8bef7223f4cc64e8443e19c8f337ab6bc AUX openssl-1.0.1-x32.patch 3273 SHA256 a4f05b8757e225a05a9c5a3ea485159066760d878c9ee54c4eaf61760e33c6cf SHA512 6bed57fe2fbe2d0ced1279b53804d94426a679d5d6b80ad7d0ed18523a7fda397e02038032c08cdd4e6034f9ff6e82cad365ff2a724d49d91467cf2b77f47752 WHIRLPOOL 1366632e7dc1c6e54efc5b9791bf24833d20e7a61ca29aa38d31b5b9629febf926a29742e370b7cd6767c810c0a1676100ca9169f0d836dfd19ff0b2c29e49c1 -AUX openssl-1.0.1e-bad-mac-aes-ni.patch 1220 SHA256 484fe928925965e98bb0fccc14d6a1e2469507e513a4257a1741e725e9fabf8d SHA512 0c3ad477cd4a8e61e6235eda23b5efbf15aef23f3a753f30c35ec170236d9d3a52d11736d25b9995dd60cf534382b9ad7bf36aa6a95aa9fbd12a3019176d04f2 WHIRLPOOL 1e40dd340dc06e1d13447a72dcc6e6acaaab3270b118e37699bccab05ac6f47d196239bdec6be24182e46d57f2f5e3f927e64bb7346e6d4aa19b28155c2918c6 AUX openssl-1.0.1e-ipv6.patch 18596 SHA256 430d15f2f62c2d7b9bbb968d3c1d3cea51c97d549e01683fd6befb20e2b60946 SHA512 15bfcafc8c173d2875954a43db19d15956619528a0fc356b6d36877f7434321071cf707d950767491261adc1e6403e56b3e014e3d0ffb6cef563daca00a128bd WHIRLPOOL d1dd63d00b166efb1ca9e5d8da931a47e571f5784e3b47780355553b4d0cf656885375e3fe7fc1554b6c5eb749371efeb370c7462e4fcc52c0dd85c6e2318ad8 -AUX openssl-1.0.1e-perl-5.18.patch 8211 SHA256 0d2263de7cd1e814cf7583a738d7c439dadb6f195793a29356186b336edc5a98 SHA512 4b56cae218af916c5d7f1006f0a17e34eebc6ee9fb08789db0b18b7e0d6ca7ea0b297efdc712f8951b4db55d15dffea33faa939d2daa42db6be61670e43f0412 WHIRLPOOL 78ced5c41dba502f93f92322516ac8774ff73ce236c7cf793f7e502822c8b0c288f2ed4360d89d2ff2bfaf969f6bd0cc12b28151eda0217197c60bf6a561d8cf -AUX openssl-1.0.1e-rdrand-explicit.patch 936 SHA256 0eb50c82edb24c0ff4b5b2e6c41e4d11e9288b33dca05dd2b5fd613c0bc5b815 SHA512 2b4744dcd200d42a90c7640e3b5d16fa215e042ed4ae675504c20788fdd591cc866313d65be4e72e8992961d2e46f1945b006f4449710e23660c1ef666f17fdd WHIRLPOOL 0257c7919dbb6e82c52d5cd6f3cf909fda64782a1025b1a4f964acb42bd00c0a11b009a9b968250afbd44ccd9578949bb6e73f04d6238514d1b84673602fde87 AUX openssl-1.0.1e-s_client-verify.patch 592 SHA256 6f540fce663eefbe68cee16ad7d8d561d6c898eeb4180c2f4a4caa7e43c6d0c9 SHA512 117b1017e1259667078d3ccdcd9fd46357c6f85cf2702794f49c612b37acdc044fe88f871dbe46fcad9ed4cd8aaaaee800dddb5286203322802efd7549a43b68 WHIRLPOOL 70a4cc36b1dcb24d7e9bcef016684fb2394977f7f20aa332ebd0aa15e3f4c16c74563d2fc0ba8d70669f6cc9a13bf8a30cdb28ebafe2d102cd2859a4e32c38d7 -AUX openssl-1.0.1e-tls-ver-crash.patch 1210 SHA256 720ea2617ad5ba4ab8e16da3fd42858d2daf35a39377c649f408e13012a57e37 SHA512 c0a33d1e7d91d54b4dee2a9392cc1ca31b9038b168eeb471e58620c8e6bf2b86d6bdc6b83a96d47717bb703beee79261a73f607521d3f76d1bfa4563e2db0a3c WHIRLPOOL 758d6877bc6181c1dd354d6737a998e3bd77627789e6f184f1958836f084cbd64b4c6427410fa51f120b5d1b56dc4378180ef90d5b91992629f36917081eb5d1 AUX openssl-1.0.1f-perl-5.18.patch 7820 SHA256 e45c6856ef35b16e150282afa59432e783943e6aee62394f8a0e79ccd469fd84 SHA512 2fcda9f76968e8a193892170b2acc06b246c5a04bda2c501fa223231af0e4b2a38afd1adaf83cce4afd4210cdfd9cae8251aeb9510f24bcb50e7aeaa9fa09364 WHIRLPOOL 38768056d2bc4cd719c88038d201f765420a7d47b5dbd73b6d86347e59b4a1fc62f5f27d6c576fb73184fcfe26917446753d871db22aeac2a205f0bd18d2bbc3 AUX openssl-1.0.1f-revert-alpha-perl-generation.patch 3029 SHA256 3b4b3e40f70330219a139d8562ed5ebc171c5e7ebf1ab2b29e295ccf435fb6eb SHA512 77f45b12211cb790ae362bed9417590f87a1749d6300dde408f00590ed86e7b05d05909f0a2356e5c64711319d2f8759ad452eaccc0f64c7578916b31462251f WHIRLPOOL a2140b00e69b2dc74d290db0c2d12d3d5e5ca7452710c3f3b2fdde8a06aa0f398212bd263d9a37cfea3df407aa1d26a996b852183955ca5eb4e8c061ca8cb68c +AUX openssl-1.0.2-ipv6.patch 18892 SHA256 6b018d3ed7713300e3ccd3ed34e4e2e4503cb631857ca804d42e91ae03280ea4 SHA512 0558864345ab745a986b07bbd58b32886d68410332b918a6635db95c49b47b08527403bcedecb4711f9e36d2597f50ab09249cdc30fad05c39f9b8278ce79165 WHIRLPOOL 4e74f51adabc1e2b2ebb1d9cb0e63482cd70d8e52b489e586409c2e320726e0f8e6c28df647c0a13b2679c4e130d2022bbd781c69bc68b5dd2d6d1a9f38ba7ec +AUX openssl-1.0.2-parallel-build.patch 10639 SHA256 91ff46bb83bbe2367181b6562f2b28cb41649fbf34ef2b5576fb04f902ab48b0 SHA512 4fb496b8e1f098d50c31ee35a2074657786fec852504d8b4072409bd727d7f9774f398ef33c1149bb389dacedff6823dc9954e56f25ce0a45bc7cd0d5212bd4a WHIRLPOOL 5e95c5e4a00ed7d189c4e6687f90ac16b55a9454e5353fe651ccd47ab565f042ae5c122aa4fccb5c707cd0f46dcf20c8ea492560c5ff6d1c50ea1f6d42cd7e21 +AUX openssl-1.0.2_beta1-perl-5.18.patch 9031 SHA256 05b0333dd324f0ffa7ef0e4289917996cdebf29d9ae569ab1fbd2f3bb998f00e SHA512 5b266db72dd134bf4af24f8f8bcd0b4aca593319e17ec998add1d846fbf92422d78c042a6dc17cf6baffeb2a9ec75ac1f80702a346ac1691ad706ab03300fdd3 WHIRLPOOL af16b5c40f9b387e93750ebc62b5303463158875a1c1307679698fff2fdd86e56db377a1b46afeaa7210d0c31f001fd5daaa6163ca7ed06cacd156e278612718 DIST openssl-0.9.8y.tar.gz 3785001 SHA256 bbecf13495e612936e3a9860c29c0701413564b7a964bf771a3575eaa867cee3 SHA512 cdc05067343d6b06a0d0278e90abcea9bf58439c98279ce0ce22673bf6f4a6597babcb276635c3b15cf04ec76cf53320236f5b6bbc46544a61280825f5b7b3cc WHIRLPOOL c8c9cb00f303c2d95a1d2000c74bb146fb069da9471093bf7a2c00db2a5955c2d63908b3314eb9cd12ea1e80c3bac143d3774bc27515f2ab03c5ef4d88b61612 DIST openssl-1.0.0j.tar.gz 4047852 SHA256 626fb8fcb3eb7e966edbe71553ff993d137f6e8a87b05051a3695e621098b8af SHA512 9796c75b4d5de57928708f5f0a8ca01aff5b4974b60006454657ed54c34998bc54d747af03860d319db7e7a57b0cd3c267758ffaac31be2be045c977d5fc33d4 WHIRLPOOL 239f051930d9562e7266edd69cf3a1060d381a95228fd17813dd2dbf469c2cf066786b277c2fd56973b830a6b43f28934f5f15d3b6dfac8f37a6e6a65fcae455 -DIST openssl-1.0.1e.tar.gz 4459777 SHA256 f74f15e8c8ff11aa3d5bb5f276d202ec18d7246e95f961db76054199c69c1ae3 SHA512 c76857e439431b2ef6f2aa123997e53f82b9c3c964d4d765d7cc6c0c20b37a21adf578f9b759b2b65ae3925454c432a01b7de0cd320ece7181dc292e00d3244e WHIRLPOOL e85cca98d9525935977bab00a1309682c0571973a1472cdd75ea1c96a1b12d8b86d1b51a501bc24a6fdbf3257b047a569b5d24d6164a903af689b01d46a7e428 DIST openssl-1.0.1f.tar.gz 4509212 SHA256 6cc2a80b17d64de6b7bac985745fdaba971d54ffd7d38d3556f998d7c0c9cb5a SHA512 8a50892ce0c32707486e248b273631c38e9743371f28f96b635a9e61dac31919e5cf00690d0926c1f425c718cb56c4fe18a87c6e679e0543ad453e42f7a811ef WHIRLPOOL 4489061d7348a53ed23fd01fbaf36b701c5a17968a4811cf0289aa8604752b1e3b3f4ed53ac629db3948d58fab1d9e0efdae5f6cde39a78828dd8b220fdb3900 +DIST openssl-1.0.2-beta1.tar.gz 4901640 SHA256 4dbb1812d8129c9f1d0444e8947666668844137a52b59722f3f847cff006cf9b SHA512 5e5c36fd05710052d3fc791d0bb52494533e817af5cb9f9d3604e67bbc459f22a4e64a901b38f14f3f949069bc6a9f79dee7ecdce7a362f8285ce9a9ea9e22a6 WHIRLPOOL d6a4b38c256aed2cad98d7e978a2ca61b215bdc1b7f5fdaf5759ebb211da3988f3bc403410f6ac68ca801d2b20b459e4a0d916db7eb6126e87b84d93d5433776 DIST openssl-c_rehash.sh.1.7 4167 SHA256 4999ee79892f52bd6a4a7baba9fac62262454d573bbffd72685d3aae9e48cee0 SHA512 55e8c2e827750a4f375cb83c86bfe2d166c01ffa5d7e9b16657b72b38b747c8985dd2c98f854c911dfbbee2ff3e92aff39fdf089d979b2e3534b7685ee8b80da WHIRLPOOL c88f06a3b8651f76b6289552cccceb64e13f6697c5f0ce3ff114c781ce1c218912b8ee308af9d087cd76a9600fdacda1953175bff07d7d3eb21b0c0b7f4f1ce1 EBUILD openssl-0.9.8y.ebuild 4424 SHA256 4250c4201a33cebac72954b5068a335d64ec03b03d4a9c787c90c453c23563f9 SHA512 cb59ccff8f59237b33de7db976201b260f5a28a841bcdf59245261a3d74f05c03fc5c4ff4c49e42c38f29533bfa80c6a753448ae9c3e47842223fe12d8f65fce WHIRLPOOL 5c8c490b9094ef6a1c93275dc39f97e61ae021d2cbbfce362f7deb92f844ced318254b1aa2197230dd42b5874602d5c1d43393547642907cf7c6e00244c05d33 EBUILD openssl-1.0.0j.ebuild 7035 SHA256 8b8cf5082b7eb04abc02fe452a006dad3b2460f65b016f1a1292af79bfef9980 SHA512 e4a4adfa8fda5d514e35f67e55ee50784ae785598b5889cb5d135bb5805b42c77e42246965cfbb4168bf0c6963961dc7e418f979d26574639e8b30730bb2ddea WHIRLPOOL ad2a6e1fcd89e528acce6c0d5a19bfcc82201776bbddb00154fb915792bde6458054d6352abdfa3e1fd17d2f1409de94f9ae6596c25b9e4d87e212901817da99 -EBUILD openssl-1.0.1e-r1.ebuild 8051 SHA256 fc2279e7acad38d658e006d0b6f91a4754927e73266bf19b4e3af6c5b022769e SHA512 39d7f2f233329f2233e27a503fc3b8e1ddc26cb16d196842540bc5f1336272c85d5d2f33445829f68f0e6f7f5bf332bd18637b1ed21e7faa3082493de1ce66f5 WHIRLPOOL c39ea92f3addc5d1de5647be44db7dc88a68f2880633a3601036753792b38727bdd17f52bc3eb2ab8c7ce3f5edfa95a3f40a419cf58abb4bc9128ef1c63f9a80 -EBUILD openssl-1.0.1e-r2.ebuild 8170 SHA256 364b19958f6426e429159dc6de1b59b955f382ad3e85d01235b9835ecee229de SHA512 1fef3a928f7874d868acfe6568fc090b41a288ce05002674d8feefa009b6ff4ad58d9f2db57f3aa45469cabd8fa179375d11b20794f5a0ef85ea7f218a409e66 WHIRLPOOL 28955035911b5867d4daef173de080915a77eee055682e6ac18655e97afca77bdfcfaecdeab4ce02cf97320e6059067eb612f505243d30b79e4b82ae5cb0420c -EBUILD openssl-1.0.1e-r3.ebuild 8276 SHA256 c1d6a6b365db046e8f46d56b09ce9c13351255b036bf4a76ab59772cc8a61a96 SHA512 f96d07e92fc9251cf0687922a76af5c535bdd7bc9ff9035dddc3b70030101dcd81e29d3ad3cb9e45b4981f69932eccabdfa3d83d7b4563f40f65018fb03d5a4c WHIRLPOOL 6e5b9ff9fc09508ec61375031b0bc01148e05ee74496676c86dc60ebc9c30e9391abb5392b5cd574b58bad57c0ce7b1750c26f0f4884ab90d95d55d15fd2d1d9 -EBUILD openssl-1.0.1e.ebuild 7260 SHA256 12cdd7dd88ade561157275f48f1f029b3320a215f503b1ef50704875e98d5635 SHA512 655544f450d0b3306cbbb3e70237e234120386705019ddc03986455591cfa85bcadc4cdb72c0319d6a368e38164956ef1e9027b602d081dab096234b32105e15 WHIRLPOOL 9173764576e15d5351f140bb6d67e47a08f577a818c4d434c5c15d9dec321a512e6f4e7483fa5e5ebee66541313506f4745b4c636392bce7e21455ba7a3bad5e EBUILD openssl-1.0.1f.ebuild 8181 SHA256 444e562daa1950bfbd9c76bb75922ed2ed6bba5fdc229c7b08cf80d370326e1e SHA512 34ebc04c3ea1efade80fa229c9a5e15bfd93c4462d893d410387948ab9760566cc9d84e6414dff96c6d970c85598bac024308e5e0799e0b3b312eefccb579649 WHIRLPOOL d931b949e9cd459eac7d4fb5f32a0c43a00d8083783a393dc4f845e2648f2ff5097a72db5ea450b1f6806336f128776df137af4887ff40d3c29a4b41b360a2ca -MISC ChangeLog 77738 SHA256 ec9b5e0f6b368b1fa2dfdba47c17fa3ef682882c144dc6994ee4c1d8286dd292 SHA512 f98b38834e94dacc6c0db25ac54e64497b3c2a47862a0121537d44935f36b1f4d6aaa2cf08c9aee6fa8a3dba152ad69ebcf5251423797333c945d25e4a2d2830 WHIRLPOOL a4041968d7c06cb2eeb3e0d92f15d6f306d877d39a5010073d591be3b2a5aefb7a0e37810f196085563bd39616d3192e81cabb1b408caf00d695159bdcbdb0a4 -MISC metadata.xml 537 SHA256 dfb61bab6de1d7e943f92be14ed54fb9275d568a11d6ba29e395f23f547603ee SHA512 0417c438c7f9586c7bbe7694707fec94f2ecf6fb59e36bc87d707fab0b24346a6c9fac5e58c69302e767cd8a7e50a508cdb2430b2cdf8fcc88921286e09756e1 WHIRLPOOL 0f21bab1258c7ee675c27cb7d78a90985437dc8d001a232661657549cebd9f2f26802686435bdd3a1346c5a0ff14bfffa740d6ded2288dc211ad0183f5b3f686 +EBUILD openssl-1.0.2_beta1.ebuild 8211 SHA256 1e879cd84aa8bf48d1b3c28f4d5bdb48dac5a31af83fca137a6c53b7495c327b SHA512 a8da2c4343321f0ed28142d29fbecda31b32eb0d38f4091c2376787847a2dfd450bd8f737c738205e8539bd1a0be7751fda80bbf73b4fbafdf4d1e1a31445e9c WHIRLPOOL 2caa79405f23ca11ff2944c31f6304abc4bce31698ed2d7e690975d6cc86cc0d2ccb878799f392e66926ad028f9fb6da8703c5a3dceb9e03b35434a295080809 +MISC ChangeLog 78645 SHA256 220f5c975a020de3939b24b5cc37072ce51a3b5def6be74ac5c4a2bb252083bc SHA512 94be4cc0d063d88e82156067018887e5d98dc8280d63d38c028bd8bdd10e2e4f8626ae4a0469e780967c4bb255d73198f935f34a1508f2543114702ffaaefe7c WHIRLPOOL d22d2c117875a19fdeb69f5389ba41c589ee6a48bb4d23a18520568cc8c4d42b3fdb52f34f2e80c6eec5433db8b344447e9199bce684093c5ed7982c01856a54 +MISC metadata.xml 562 SHA256 5c61e2a07ffdb4ba157e0add7f84ff74458c890092d5e6980fd936dfdb457c34 SHA512 f83769af7ffd223923b72a62db27cbc80ca31925b95b720845b6bedd2a9b52837f70f9da93ee43e272ceb3c8424a8c9f35a31ebd5274bc04c91cd63ace1af844 WHIRLPOOL d98f2af2cf3e13c09ad526a2fe06fe8ef02e1db20fd4e3843f1793a97c9ae6a2897308c84038a9a37d6d68fadc7af6d913b980f4f079dac36ea3860a33aca8c2 -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (GNU/Linux) -iQIcBAEBCAAGBQJS5PimAAoJELp701BxlEWfKWoQAIf0aYS6Ok4lAz4Cbm+MwaEY -URqfYk8Em5aNtjMW72Vnns2a2X0jbaZSlQ9lCF64M5M5vA1gpkCmKdUV1fvtWlli -NtAaH2Rf3D9z2iAxMGkWpe10Lsq0GK0MOC5hosyX0HsCuqxvbUj6sH3Kqtku+Kfe -QIMymUOHNR17J5Bb4sdMTr/3DoTGRyWS8SGhKm//CeaGxKyJfbOew+RHiBG5t/GB -+OCRZAPfwzDBEJXFjNPkh5W/jV+b8o/N+CNFcybpinPqNa4Hlk6A5phSPdgKL94n -54/Ev3YVwAIUQ4D2Tl0zvIGZmid/bGzmLL+JiEkhPoyTFGj9pNHdH39ufOTMxXCK -2yK9Ew7BxmmlGVJZK8Z2yI3pJJJLYGQmLKu2VNN4p10o2NEYaj6varCS9B396+Kp -Zc76QtlqfTNa1wKQ6Ps3asi/aouwwro06tUp3yr1/WN9DNzV1SNFvP7JlC3INaoL -a3GwUIA8UJbz8uxh8ZHz60QA/stRL6N3oPcIGd+BzX58ahAvhUm8lnmZvBF9AtjE -MD641OT/js5Rkzx93mZYZdM4IEYT2UR4MqrqJ9Yk6AsBPd65/qVWMm9Vq9m09YsN -rSPcw0cvPbjXfT50l6S+QMOFfxA01i6xOLrDZCyAOU0XhxMR5lDhNRz2/fpkZoHW -5FtFH4wTTc7AgF91noZr -=H9rM +iQIcBAEBCAAGBQJTLdzJAAoJEPGu1DbS6WIAz4MP/1hoDdHzFt7eyMu9zlZQeN0f +AV7GmsJfeYEyIy3HAfD2jBKjwaTb7kcMZXIC0TrXL7MqGgApUEvWSiB777tk9bPv +qMDe12KT9FGHcl4Zm8RdUlMnZjVSxOeshbhSCfE5JZ7nyeOUEkNTpqZDKk7yf5pU +SnVG06aYitz/zX51O5EsonkfPvQlMUh6QD/+rHPbw2xmvpqkgP05oxkR6xONaquR +9RN/xE1OOQ2kdoTbaQFXHDdYZq/L3URv4katcaLX0zarwebECIH7oXaSayTQxcok +lxfWMunjuw2YENa8OmO2Zk8EpdOkAUquyfjYDH/Pzstkg6T1lNlQ20Z/P5OZ/SLL +lYimrocPBrkPGohxRnm5QgSF05CAiQQP2RjLdQ7BNDMYd+Ap0pUAxUNNZc5ussKQ +LXAIK7XzM4AYEB4WF7NvsWKmeTI0lJcVI63DeV2lQeIwTuqDvorkkHjDvJZbkcA+ +0FaDhbEbYNvkw28zgq+1dekXppJVHEHScoKc6GvC3sGJK/B02AYX+1ukDaNlJj+H +UctWlzrz0sXEHqo2Xt3c5QOdd8eIURTzCoKCkzy+TeacLMFGSq8OMj8wKJcU55dj +ct5ylPcp+BHqpoQKobLo0Z8B954obwD2A8+AvT2X6gYNxiL1vQQ2kpca8hQNEWKx +ifQUus9PEVcSnwHdUqXU +=O3BA -----END PGP SIGNATURE----- diff --git a/sdk_container/src/third_party/portage-stable/dev-libs/openssl/files/openssl-1.0.1e-bad-mac-aes-ni.patch b/sdk_container/src/third_party/portage-stable/dev-libs/openssl/files/openssl-1.0.1e-bad-mac-aes-ni.patch deleted file mode 100644 index 4422a62c42..0000000000 --- a/sdk_container/src/third_party/portage-stable/dev-libs/openssl/files/openssl-1.0.1e-bad-mac-aes-ni.patch +++ /dev/null @@ -1,35 +0,0 @@ -https://bugs.gentoo.org/463444 - -From 9ab3ce124616cb12bd39c6aa1e1bde0f46969b29 Mon Sep 17 00:00:00 2001 -From: Andy Polyakov -Date: Mon, 18 Mar 2013 19:29:41 +0100 -Subject: [PATCH] e_aes_cbc_hmac_sha1.c: fix rare bad record mac on AES-NI - plaforms. - -PR: 3002 -(cherry picked from commit 5c60046553716fcf160718f59160493194f212dc) ---- - crypto/evp/e_aes_cbc_hmac_sha1.c | 5 +++-- - 1 file changed, 3 insertions(+), 2 deletions(-) - -diff --git a/crypto/evp/e_aes_cbc_hmac_sha1.c b/crypto/evp/e_aes_cbc_hmac_sha1.c -index 483e04b..fb2c884 100644 ---- a/crypto/evp/e_aes_cbc_hmac_sha1.c -+++ b/crypto/evp/e_aes_cbc_hmac_sha1.c -@@ -328,10 +328,11 @@ static int aesni_cbc_hmac_sha1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - - if (res!=SHA_CBLOCK) continue; - -- mask = 0-((inp_len+8-j)>>(sizeof(j)*8-1)); -+ /* j is not incremented yet */ -+ mask = 0-((inp_len+7-j)>>(sizeof(j)*8-1)); - data->u[SHA_LBLOCK-1] |= bitlen&mask; - sha1_block_data_order(&key->md,data,1); -- mask &= 0-((j-inp_len-73)>>(sizeof(j)*8-1)); -+ mask &= 0-((j-inp_len-72)>>(sizeof(j)*8-1)); - pmac->u[0] |= key->md.h0 & mask; - pmac->u[1] |= key->md.h1 & mask; - pmac->u[2] |= key->md.h2 & mask; --- -1.8.2.1 - diff --git a/sdk_container/src/third_party/portage-stable/dev-libs/openssl/files/openssl-1.0.1e-rdrand-explicit.patch b/sdk_container/src/third_party/portage-stable/dev-libs/openssl/files/openssl-1.0.1e-rdrand-explicit.patch deleted file mode 100644 index 8c414a42ee..0000000000 --- a/sdk_container/src/third_party/portage-stable/dev-libs/openssl/files/openssl-1.0.1e-rdrand-explicit.patch +++ /dev/null @@ -1,28 +0,0 @@ -https://chromium-review.googlesource.com/181001 - -From 8a1956f3eac8b164f8c741ff1a259008bab3bac1 Mon Sep 17 00:00:00 2001 -From: "Dr. Stephen Henson" -Date: Wed, 11 Dec 2013 14:45:12 +0000 -Subject: [PATCH] Don't use rdrand engine as default unless explicitly - requested. (cherry picked from commit - 16898401bd47a153fbf799127ff57fdcfcbd324f) - ---- - crypto/engine/eng_rdrand.c | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/crypto/engine/eng_rdrand.c b/crypto/engine/eng_rdrand.c -index a9ba5ae..4e9e91d 100644 ---- a/crypto/engine/eng_rdrand.c -+++ b/crypto/engine/eng_rdrand.c -@@ -104,6 +104,7 @@ static int bind_helper(ENGINE *e) - { - if (!ENGINE_set_id(e, engine_e_rdrand_id) || - !ENGINE_set_name(e, engine_e_rdrand_name) || -+ !ENGINE_set_flags(e, ENGINE_FLAGS_NO_REGISTER_ALL) || - !ENGINE_set_init_function(e, rdrand_init) || - !ENGINE_set_RAND(e, &rdrand_meth) ) - return 0; --- -1.8.4.3 - diff --git a/sdk_container/src/third_party/portage-stable/dev-libs/openssl/files/openssl-1.0.1e-tls-ver-crash.patch b/sdk_container/src/third_party/portage-stable/dev-libs/openssl/files/openssl-1.0.1e-tls-ver-crash.patch deleted file mode 100644 index 034da7d414..0000000000 --- a/sdk_container/src/third_party/portage-stable/dev-libs/openssl/files/openssl-1.0.1e-tls-ver-crash.patch +++ /dev/null @@ -1,34 +0,0 @@ -https://bugs.gentoo.org/494816 -https://bugzilla.redhat.com/show_bug.cgi?id=1045363 -http://rt.openssl.org/Ticket/Display.html?id=3200&user=guest&pass=guest - -From ca989269a2876bae79393bd54c3e72d49975fc75 Mon Sep 17 00:00:00 2001 -From: "Dr. Stephen Henson" -Date: Thu, 19 Dec 2013 14:37:39 +0000 -Subject: [PATCH] Use version in SSL_METHOD not SSL structure. - -When deciding whether to use TLS 1.2 PRF and record hash algorithms -use the version number in the corresponding SSL_METHOD structure -instead of the SSL structure. The SSL structure version is sometimes -inaccurate. Note: OpenSSL 1.0.2 and later effectively do this already. -(CVE-2013-6449) ---- - ssl/s3_lib.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c -index bf832bb..c4ef273 100644 ---- a/ssl/s3_lib.c -+++ b/ssl/s3_lib.c -@@ -4286,7 +4286,7 @@ need to go to SSL_ST_ACCEPT. - long ssl_get_algorithm2(SSL *s) - { - long alg2 = s->s3->tmp.new_cipher->algorithm2; -- if (TLS1_get_version(s) >= TLS1_2_VERSION && -+ if (s->method->version == TLS1_2_VERSION && - alg2 == (SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF)) - return SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256; - return alg2; --- -1.8.4.3 - diff --git a/sdk_container/src/third_party/portage-stable/dev-libs/openssl/files/openssl-1.0.2-ipv6.patch b/sdk_container/src/third_party/portage-stable/dev-libs/openssl/files/openssl-1.0.2-ipv6.patch new file mode 100644 index 0000000000..e5d863fc03 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/dev-libs/openssl/files/openssl-1.0.2-ipv6.patch @@ -0,0 +1,659 @@ +http://rt.openssl.org/Ticket/Display.html?id=2051 +user/pass: guest/guest + +Index: apps/s_apps.h +=================================================================== +RCS file: /v/openssl/cvs/openssl/apps/s_apps.h,v +retrieving revision 1.21.2.1 +diff -u -r1.21.2.1 s_apps.h +--- apps/s_apps.h 4 Sep 2009 17:42:04 -0000 1.21.2.1 ++++ apps/s_apps.h 28 Dec 2011 00:28:14 -0000 +@@ -148,7 +148,7 @@ + #define PORT_STR "4433" + #define PROTOCOL "tcp" + +-int do_server(int port, int type, int *ret, int (*cb) (char *hostname, int s, int stype, unsigned char *context), unsigned char *context, int naccept); ++int do_server(int port, int type, int *ret, int (*cb) (char *hostname, int s, int stype, unsigned char *context), unsigned char *context, int naccept, int use_ipv4, int use_ipv6); + #ifdef HEADER_X509_H + int MS_CALLBACK verify_callback(int ok, X509_STORE_CTX *ctx); + #endif +@@ -156,7 +156,7 @@ + int ssl_print_curves(BIO *out, SSL *s, int noshared); + #endif + int ssl_print_tmp_key(BIO *out, SSL *s); +-int init_client(int *sock, char *server, int port, int type); ++int init_client(int *sock, char *server, int port, int type, int use_ipv4, int use_ipv6); + int should_retry(int i); + int extract_port(char *str, short *port_ptr); + int extract_host_port(char *str,char **host_ptr,unsigned char *ip,short *p); +Index: apps/s_client.c +=================================================================== +RCS file: /v/openssl/cvs/openssl/apps/s_client.c,v +retrieving revision 1.123.2.6.2.10 +diff -u -r1.123.2.6.2.10 s_client.c +--- apps/s_client.c 14 Dec 2011 22:18:02 -0000 1.123.2.6.2.10 ++++ apps/s_client.c 28 Dec 2011 00:28:14 -0000 +@@ -285,6 +285,10 @@ + { + BIO_printf(bio_err,"usage: s_client args\n"); + BIO_printf(bio_err,"\n"); ++ BIO_printf(bio_err," -4 - use IPv4 only\n"); ++#if OPENSSL_USE_IPV6 ++ BIO_printf(bio_err," -6 - use IPv6 only\n"); ++#endif + BIO_printf(bio_err," -host host - use -connect instead\n"); + BIO_printf(bio_err," -port port - use -connect instead\n"); + BIO_printf(bio_err," -connect host:port - who to connect to (default is %s:%s)\n",SSL_HOST_NAME,PORT_STR); +@@ -564,6 +567,7 @@ + int sbuf_len,sbuf_off; + fd_set readfds,writefds; + short port=PORT; ++ int use_ipv4, use_ipv6; + int full_log=1; + char *host=SSL_HOST_NAME; + char *cert_file=NULL,*key_file=NULL; +@@ -609,7 +613,11 @@ + #endif + char *sess_in = NULL; + char *sess_out = NULL; +- struct sockaddr peer; ++#if OPENSSL_USE_IPV6 ++ struct sockaddr_storage peer; ++#else ++ struct sockaddr_in peer; ++#endif + int peerlen = sizeof(peer); + int enable_timeouts = 0 ; + long socket_mtu = 0; +@@ -630,6 +638,12 @@ + meth=SSLv2_client_method(); + #endif + ++ use_ipv4 = 1; ++#if OPENSSL_USE_IPV6 ++ use_ipv6 = 1; ++#else ++ use_ipv6 = 0; ++#endif + apps_startup(); + c_Pause=0; + c_quiet=0; +@@ -951,6 +961,18 @@ + jpake_secret = *++argv; + } + #endif ++ else if (strcmp(*argv,"-4") == 0) ++ { ++ use_ipv4 = 1; ++ use_ipv6 = 0; ++ } ++#if OPENSSL_USE_IPV6 ++ else if (strcmp(*argv,"-6") == 0) ++ { ++ use_ipv4 = 0; ++ use_ipv6 = 1; ++ } ++#endif + else if (strcmp(*argv,"-use_srtp") == 0) + { + if (--argc < 1) goto bad; +@@ -1259,7 +1276,7 @@ + + re_start: + +- if (init_client(&s,host,port,socket_type) == 0) ++ if (init_client(&s,host,port,socket_type,use_ipv4,use_ipv6) == 0) + { + BIO_printf(bio_err,"connect:errno=%d\n",get_last_socket_error()); + SHUTDOWN(s); +@@ -1285,7 +1302,7 @@ + { + + sbio=BIO_new_dgram(s,BIO_NOCLOSE); +- if (getsockname(s, &peer, (void *)&peerlen) < 0) ++ if (getsockname(s, (struct sockaddr *)&peer, (void *)&peerlen) < 0) + { + BIO_printf(bio_err, "getsockname:errno=%d\n", + get_last_socket_error()); +=================================================================== +RCS file: /v/openssl/cvs/openssl/apps/s_server.c,v +retrieving revision 1.136.2.15.2.13 +diff -u -r1.136.2.15.2.13 s_server.c +--- apps/s_server.c 27 Dec 2011 14:23:22 -0000 1.136.2.15.2.13 ++++ apps/s_server.c 28 Dec 2011 00:28:14 -0000 +@@ -558,6 +558,10 @@ + # endif + BIO_printf(bio_err," -use_srtp profiles - Offer SRTP key management with a colon-separated profile list"); + #endif ++ BIO_printf(bio_err," -4 - use IPv4 only\n"); ++#if OPENSSL_USE_IPV6 ++ BIO_printf(bio_err," -6 - use IPv6 only\n"); ++#endif + BIO_printf(bio_err," -keymatexport label - Export keying material using label\n"); + BIO_printf(bio_err," -keymatexportlen len - Export len bytes of keying material (default 20)\n"); + } +@@ -943,6 +947,7 @@ + int state=0; + const SSL_METHOD *meth=NULL; + int socket_type=SOCK_STREAM; ++ int use_ipv4, use_ipv6; + ENGINE *e=NULL; + char *inrand=NULL; + int s_cert_format = FORMAT_PEM, s_key_format = FORMAT_PEM; +@@ -981,6 +986,12 @@ + /* #error no SSL version enabled */ + #endif + ++ use_ipv4 = 1; ++#if OPENSSL_USE_IPV6 ++ use_ipv6 = 1; ++#else ++ use_ipv6 = 0; ++#endif + local_argc=argc; + local_argv=argv; + +@@ -1329,6 +1340,18 @@ + jpake_secret = *(++argv); + } + #endif ++ else if (strcmp(*argv,"-4") == 0) ++ { ++ use_ipv4 = 1; ++ use_ipv6 = 0; ++ } ++#if OPENSSL_USE_IPV6 ++ else if (strcmp(*argv,"-6") == 0) ++ { ++ use_ipv4 = 0; ++ use_ipv6 = 1; ++ } ++#endif + else if (strcmp(*argv,"-use_srtp") == 0) + { + if (--argc < 1) goto bad; +@@ -2104,11 +2104,11 @@ bad: + BIO_printf(bio_s_out,"ACCEPT\n"); + (void)BIO_flush(bio_s_out); + if (rev) +- do_server(port,socket_type,&accept_socket,rev_body, context, naccept); ++ do_server(port,socket_type,&accept_socket,rev_body, context, naccept, use_ipv4, use_ipv6); + else if (www) +- do_server(port,socket_type,&accept_socket,www_body, context, naccept); ++ do_server(port,socket_type,&accept_socket,www_body, context, naccept, use_ipv4, use_ipv6); + else +- do_server(port,socket_type,&accept_socket,sv_body, context, naccept); ++ do_server(port,socket_type,&accept_socket,sv_body, context, naccept, use_ipv4, use_ipv6); + print_stats(bio_s_out,ctx); + ret=0; + end: +Index: apps/s_socket.c +=================================================================== +RCS file: /v/openssl/cvs/openssl/apps/s_socket.c,v +retrieving revision 1.43.2.3.2.2 +diff -u -r1.43.2.3.2.2 s_socket.c +--- apps/s_socket.c 2 Dec 2011 14:39:40 -0000 1.43.2.3.2.2 ++++ apps/s_socket.c 28 Dec 2011 00:28:14 -0000 +@@ -97,16 +97,16 @@ + #include "netdb.h" + #endif + +-static struct hostent *GetHostByName(char *name); ++static struct hostent *GetHostByName(char *name, int domain); + #if defined(OPENSSL_SYS_WINDOWS) || (defined(OPENSSL_SYS_NETWARE) && !defined(NETWARE_BSDSOCK)) + static void ssl_sock_cleanup(void); + #endif + static int ssl_sock_init(void); +-static int init_client_ip(int *sock,unsigned char ip[4], int port, int type); +-static int init_server(int *sock, int port, int type); +-static int init_server_long(int *sock, int port,char *ip, int type); ++static int init_client_ip(int *sock,unsigned char *ip, int port, int type, int domain); ++static int init_server(int *sock, int port, int type, int use_ipv4, int use_ipv6); ++static int init_server_long(int *sock, int port,char *ip, int type, int use_ipv4, int use_ipv6); + static int do_accept(int acc_sock, int *sock, char **host); +-static int host_ip(char *str, unsigned char ip[4]); ++static int host_ip(char *str, unsigned char *ip, int domain); + + #ifdef OPENSSL_SYS_WIN16 + #define SOCKET_PROTOCOL 0 /* more microsoft stupidity */ +@@ -234,38 +234,68 @@ + return(1); + } + +-int init_client(int *sock, char *host, int port, int type) ++int init_client(int *sock, char *host, int port, int type, int use_ipv4, int use_ipv6) + { ++#if OPENSSL_USE_IPV6 ++ unsigned char ip[16]; ++#else + unsigned char ip[4]; ++#endif + +- memset(ip, '\0', sizeof ip); +- if (!host_ip(host,&(ip[0]))) +- return 0; +- return init_client_ip(sock,ip,port,type); +- } +- +-static int init_client_ip(int *sock, unsigned char ip[4], int port, int type) +- { +- unsigned long addr; ++ if (use_ipv4) ++ if (host_ip(host,ip,AF_INET)) ++ return(init_client_ip(sock,ip,port,type,AF_INET)); ++#if OPENSSL_USE_IPV6 ++ if (use_ipv6) ++ if (host_ip(host,ip,AF_INET6)) ++ return(init_client_ip(sock,ip,port,type,AF_INET6)); ++#endif ++ return 0; ++ } ++ ++static int init_client_ip(int *sock, unsigned char ip[4], int port, int type, int domain) ++ { ++#if OPENSSL_USE_IPV6 ++ struct sockaddr_storage them; ++ struct sockaddr_in *them_in = (struct sockaddr_in *)&them; ++ struct sockaddr_in6 *them_in6 = (struct sockaddr_in6 *)&them; ++#else + struct sockaddr_in them; ++ struct sockaddr_in *them_in = &them; ++#endif ++ socklen_t addr_len; + int s,i; + + if (!ssl_sock_init()) return(0); + + memset((char *)&them,0,sizeof(them)); +- them.sin_family=AF_INET; +- them.sin_port=htons((unsigned short)port); +- addr=(unsigned long) +- ((unsigned long)ip[0]<<24L)| +- ((unsigned long)ip[1]<<16L)| +- ((unsigned long)ip[2]<< 8L)| +- ((unsigned long)ip[3]); +- them.sin_addr.s_addr=htonl(addr); ++ if (domain == AF_INET) ++ { ++ addr_len = (socklen_t)sizeof(struct sockaddr_in); ++ them_in->sin_family=AF_INET; ++ them_in->sin_port=htons((unsigned short)port); ++#ifndef BIT_FIELD_LIMITS ++ memcpy(&them_in->sin_addr.s_addr, ip, 4); ++#else ++ memcpy(&them_in->sin_addr, ip, 4); ++#endif ++ } ++ else ++#if OPENSSL_USE_IPV6 ++ { ++ addr_len = (socklen_t)sizeof(struct sockaddr_in6); ++ them_in6->sin6_family=AF_INET6; ++ them_in6->sin6_port=htons((unsigned short)port); ++ memcpy(&(them_in6->sin6_addr), ip, sizeof(struct in6_addr)); ++ } ++#else ++ return(0); ++#endif + + if (type == SOCK_STREAM) +- s=socket(AF_INET,SOCK_STREAM,SOCKET_PROTOCOL); ++ s=socket(domain,SOCK_STREAM,SOCKET_PROTOCOL); + else /* ( type == SOCK_DGRAM) */ +- s=socket(AF_INET,SOCK_DGRAM,IPPROTO_UDP); ++ s=socket(domain,SOCK_DGRAM,IPPROTO_UDP); + + if (s == INVALID_SOCKET) { perror("socket"); return(0); } + +@@ -277,29 +315,27 @@ + if (i < 0) { perror("keepalive"); return(0); } + } + #endif +- +- if (connect(s,(struct sockaddr *)&them,sizeof(them)) == -1) ++ if (connect(s,(struct sockaddr *)&them,addr_len) == -1) + { closesocket(s); perror("connect"); return(0); } + *sock=s; + return(1); + } + +-int do_server(int port, int type, int *ret, int (*cb)(char *hostname, int s, int stype, unsigned char *context), unsigned char *context, int naccept) ++int do_server(int port, int type, int *ret, int (*cb)(char *hostname, int s, int stype, unsigned char *context), unsigned char *context, int naccept, int use_ipv4, int use_ipv6) + { + int sock; + char *name = NULL; + int accept_socket = 0; + int i; + +- if (!init_server(&accept_socket,port,type)) return(0); +- ++ if (!init_server(&accept_socket,port,type, use_ipv4, use_ipv6)) return(0); + if (ret != NULL) + { + *ret=accept_socket; + /* return(1);*/ + } +- for (;;) +- { ++ for (;;) ++ { + if (type==SOCK_STREAM) + { + if (do_accept(accept_socket,&sock,&name) == 0) +@@ -322,41 +358,88 @@ + } + } + +-static int init_server_long(int *sock, int port, char *ip, int type) ++static int init_server_long(int *sock, int port, char *ip, int type, int use_ipv4, int use_ipv6) + { + int ret=0; ++ int domain; ++#if OPENSSL_USE_IPV6 ++ struct sockaddr_storage server; ++ struct sockaddr_in *server_in = (struct sockaddr_in *)&server; ++ struct sockaddr_in6 *server_in6 = (struct sockaddr_in6 *)&server; ++#else + struct sockaddr_in server; ++ struct sockaddr_in *server_in = &server; ++#endif ++ socklen_t addr_len; + int s= -1; + ++ if (!use_ipv4 && !use_ipv6) ++ goto err; ++#if OPENSSL_USE_IPV6 ++ /* we are fine here */ ++#else ++ if (use_ipv6) ++ goto err; ++#endif + if (!ssl_sock_init()) return(0); + +- memset((char *)&server,0,sizeof(server)); +- server.sin_family=AF_INET; +- server.sin_port=htons((unsigned short)port); +- if (ip == NULL) +- server.sin_addr.s_addr=INADDR_ANY; +- else +-/* Added for T3E, address-of fails on bit field (beckman@acl.lanl.gov) */ +-#ifndef BIT_FIELD_LIMITS +- memcpy(&server.sin_addr.s_addr,ip,4); ++#if OPENSSL_USE_IPV6 ++ domain = use_ipv6 ? AF_INET6 : AF_INET; + #else +- memcpy(&server.sin_addr,ip,4); ++ domain = AF_INET; + #endif +- +- if (type == SOCK_STREAM) +- s=socket(AF_INET,SOCK_STREAM,SOCKET_PROTOCOL); +- else /* type == SOCK_DGRAM */ +- s=socket(AF_INET, SOCK_DGRAM,IPPROTO_UDP); ++ if (type == SOCK_STREAM) ++ s=socket(domain,SOCK_STREAM,SOCKET_PROTOCOL); ++ else /* type == SOCK_DGRAM */ ++ s=socket(domain, SOCK_DGRAM,IPPROTO_UDP); + + if (s == INVALID_SOCKET) goto err; + #if defined SOL_SOCKET && defined SO_REUSEADDR ++ { ++ int j = 1; ++ setsockopt(s, SOL_SOCKET, SO_REUSEADDR, ++ (void *) &j, sizeof j); ++ } ++#endif ++#if OPENSSL_USE_IPV6 ++ if ((use_ipv4 == 0) && (use_ipv6 == 1)) + { +- int j = 1; +- setsockopt(s, SOL_SOCKET, SO_REUSEADDR, +- (void *) &j, sizeof j); ++ const int on = 1; ++ ++ setsockopt(s, IPPROTO_IPV6, IPV6_V6ONLY, ++ (const void *) &on, sizeof(int)); + } + #endif +- if (bind(s,(struct sockaddr *)&server,sizeof(server)) == -1) ++ if (domain == AF_INET) ++ { ++ addr_len = (socklen_t)sizeof(struct sockaddr_in); ++ memset(server_in, 0, sizeof(struct sockaddr_in)); ++ server_in->sin_family=AF_INET; ++ server_in->sin_port = htons((unsigned short)port); ++ if (ip == NULL) ++ server_in->sin_addr.s_addr = htonl(INADDR_ANY); ++ else ++/* Added for T3E, address-of fails on bit field (beckman@acl.lanl.gov) */ ++#ifndef BIT_FIELD_LIMITS ++ memcpy(&server_in->sin_addr.s_addr, ip, 4); ++#else ++ memcpy(&server_in->sin_addr, ip, 4); ++#endif ++ } ++#if OPENSSL_USE_IPV6 ++ else ++ { ++ addr_len = (socklen_t)sizeof(struct sockaddr_in6); ++ memset(server_in6, 0, sizeof(struct sockaddr_in6)); ++ server_in6->sin6_family = AF_INET6; ++ server_in6->sin6_port = htons((unsigned short)port); ++ if (ip == NULL) ++ server_in6->sin6_addr = in6addr_any; ++ else ++ memcpy(&server_in6->sin6_addr, ip, sizeof(struct in6_addr)); ++ } ++#endif ++ if (bind(s, (struct sockaddr *)&server, addr_len) == -1) + { + #ifndef OPENSSL_SYS_WINDOWS + perror("bind"); +@@ -375,16 +458,23 @@ + return(ret); + } + +-static int init_server(int *sock, int port, int type) ++static int init_server(int *sock, int port, int type, int use_ipv4, int use_ipv6) + { +- return(init_server_long(sock, port, NULL, type)); ++ return(init_server_long(sock, port, NULL, type, use_ipv4, use_ipv6)); + } + + static int do_accept(int acc_sock, int *sock, char **host) + { + int ret; + struct hostent *h1,*h2; +- static struct sockaddr_in from; ++#if OPENSSL_USE_IPV6 ++ struct sockaddr_storage from; ++ struct sockaddr_in *from_in = (struct sockaddr_in *)&from; ++ struct sockaddr_in6 *from_in6 = (struct sockaddr_in6 *)&from; ++#else ++ struct sockaddr_in from; ++ struct sockaddr_in *from_in = &from; ++#endif + int len; + /* struct linger ling; */ + +@@ -431,13 +521,23 @@ + */ + + if (host == NULL) goto end; ++#if OPENSSL_USE_IPV6 ++ if (from.ss_family == AF_INET) ++#else ++ if (from.sin_family == AF_INET) ++#endif + #ifndef BIT_FIELD_LIMITS +- /* I should use WSAAsyncGetHostByName() under windows */ +- h1=gethostbyaddr((char *)&from.sin_addr.s_addr, +- sizeof(from.sin_addr.s_addr),AF_INET); ++ /* I should use WSAAsyncGetHostByName() under windows */ ++ h1=gethostbyaddr((char *)&from_in->sin_addr.s_addr, ++ sizeof(from_in->sin_addr.s_addr), AF_INET); + #else +- h1=gethostbyaddr((char *)&from.sin_addr, +- sizeof(struct in_addr),AF_INET); ++ h1=gethostbyaddr((char *)&from_in->sin_addr, ++ sizeof(struct in_addr), AF_INET); ++#endif ++#if OPENSSL_USE_IPV6 ++ else ++ h1=gethostbyaddr((char *)&from_in6->sin6_addr, ++ sizeof(struct in6_addr), AF_INET6); + #endif + if (h1 == NULL) + { +@@ -454,15 +554,23 @@ + } + BUF_strlcpy(*host,h1->h_name,strlen(h1->h_name)+1); + +- h2=GetHostByName(*host); ++#if OPENSSL_USE_IPV6 ++ h2=GetHostByName(*host, from.ss_family); ++#else ++ h2=GetHostByName(*host, from.sin_family); ++#endif + if (h2 == NULL) + { + BIO_printf(bio_err,"gethostbyname failure\n"); + return(0); + } +- if (h2->h_addrtype != AF_INET) ++#if OPENSSL_USE_IPV6 ++ if (h2->h_addrtype != from.ss_family) ++#else ++ if (h2->h_addrtype != from.sin_family) ++#endif + { +- BIO_printf(bio_err,"gethostbyname addr is not AF_INET\n"); ++ BIO_printf(bio_err,"gethostbyname addr address is not correct\n"); + return(0); + } + } +@@ -477,7 +585,7 @@ + char *h,*p; + + h=str; +- p=strchr(str,':'); ++ p=strrchr(str,':'); + if (p == NULL) + { + BIO_printf(bio_err,"no port defined\n"); +@@ -485,7 +593,7 @@ + } + *(p++)='\0'; + +- if ((ip != NULL) && !host_ip(str,ip)) ++ if ((ip != NULL) && !host_ip(str,ip,AF_INET)) + goto err; + if (host_ptr != NULL) *host_ptr=h; + +@@ -496,48 +604,58 @@ + return(0); + } + +-static int host_ip(char *str, unsigned char ip[4]) ++static int host_ip(char *str, unsigned char *ip, int domain) + { +- unsigned int in[4]; ++ unsigned int in[4]; ++ unsigned long l; + int i; + +- if (sscanf(str,"%u.%u.%u.%u",&(in[0]),&(in[1]),&(in[2]),&(in[3])) == 4) ++ if ((domain == AF_INET) && ++ (sscanf(str,"%u.%u.%u.%u",&(in[0]),&(in[1]),&(in[2]),&(in[3])) == 4)) + { ++ + for (i=0; i<4; i++) + if (in[i] > 255) + { + BIO_printf(bio_err,"invalid IP address\n"); + goto err; + } +- ip[0]=in[0]; +- ip[1]=in[1]; +- ip[2]=in[2]; +- ip[3]=in[3]; +- } ++ l=htonl((in[0]<<24L)|(in[1]<<16L)|(in[2]<<8L)|in[3]); ++ memcpy(ip, &l, 4); ++ return 1; ++ } ++#if OPENSSL_USE_IPV6 ++ else if ((domain == AF_INET6) && ++ (inet_pton(AF_INET6, str, ip) == 1)) ++ return 1; ++#endif + else + { /* do a gethostbyname */ + struct hostent *he; + + if (!ssl_sock_init()) return(0); + +- he=GetHostByName(str); ++ he=GetHostByName(str,domain); + if (he == NULL) + { + BIO_printf(bio_err,"gethostbyname failure\n"); + goto err; + } + /* cast to short because of win16 winsock definition */ +- if ((short)he->h_addrtype != AF_INET) ++ if ((short)he->h_addrtype != domain) + { +- BIO_printf(bio_err,"gethostbyname addr is not AF_INET\n"); ++ BIO_printf(bio_err,"gethostbyname addr family is not correct\n"); + return(0); + } +- ip[0]=he->h_addr_list[0][0]; +- ip[1]=he->h_addr_list[0][1]; +- ip[2]=he->h_addr_list[0][2]; +- ip[3]=he->h_addr_list[0][3]; ++ if (domain == AF_INET) ++ memset(ip, 0, 4); ++#if OPENSSL_USE_IPV6 ++ else ++ memset(ip, 0, 16); ++#endif ++ memcpy(ip, he->h_addr_list[0], he->h_length); ++ return 1; + } +- return(1); + err: + return(0); + } +@@ -574,7 +692,7 @@ + static unsigned long ghbn_hits=0L; + static unsigned long ghbn_miss=0L; + +-static struct hostent *GetHostByName(char *name) ++static struct hostent *GetHostByName(char *name, int domain) + { + struct hostent *ret; + int i,lowi=0; +@@ -589,14 +707,20 @@ + } + if (ghbn_cache[i].order > 0) + { +- if (strncmp(name,ghbn_cache[i].name,128) == 0) ++ if ((strncmp(name,ghbn_cache[i].name,128) == 0) && ++ (ghbn_cache[i].ent.h_addrtype == domain)) + break; + } + } + if (i == GHBN_NUM) /* no hit*/ + { + ghbn_miss++; +- ret=gethostbyname(name); ++ if (domain == AF_INET) ++ ret=gethostbyname(name); ++#if OPENSSL_USE_IPV6 ++ else ++ ret=gethostbyname2(name, AF_INET6); ++#endif + if (ret == NULL) return(NULL); + /* else add to cache */ + if(strlen(name) < sizeof ghbn_cache[0].name) diff --git a/sdk_container/src/third_party/portage-stable/dev-libs/openssl/files/openssl-1.0.2-parallel-build.patch b/sdk_container/src/third_party/portage-stable/dev-libs/openssl/files/openssl-1.0.2-parallel-build.patch new file mode 100644 index 0000000000..966112aed8 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/dev-libs/openssl/files/openssl-1.0.2-parallel-build.patch @@ -0,0 +1,354 @@ +http://rt.openssl.org/Ticket/Display.html?id=2084 + +--- a/Makefile.org ++++ b/Makefile.org +@@ -247,17 +247,17 @@ + build_libs: build_crypto build_ssl build_engines + + build_crypto: +- @dir=crypto; target=all; $(BUILD_ONE_CMD) ++ +@dir=crypto; target=all; $(BUILD_ONE_CMD) +-build_ssl: ++build_ssl: build_crypto +- @dir=ssl; target=all; $(BUILD_ONE_CMD) ++ +@dir=ssl; target=all; $(BUILD_ONE_CMD) +-build_engines: ++build_engines: build_crypto +- @dir=engines; target=all; $(BUILD_ONE_CMD) ++ +@dir=engines; target=all; $(BUILD_ONE_CMD) +-build_apps: ++build_apps: build_libs +- @dir=apps; target=all; $(BUILD_ONE_CMD) ++ +@dir=apps; target=all; $(BUILD_ONE_CMD) +-build_tests: ++build_tests: build_libs +- @dir=test; target=all; $(BUILD_ONE_CMD) ++ +@dir=test; target=all; $(BUILD_ONE_CMD) +-build_tools: ++build_tools: build_libs +- @dir=tools; target=all; $(BUILD_ONE_CMD) ++ +@dir=tools; target=all; $(BUILD_ONE_CMD) + + all_testapps: build_libs build_testapps + build_testapps: +@@ -497,9 +497,9 @@ + dist_pem_h: + (cd crypto/pem; $(MAKE) -e $(BUILDENV) pem.h; $(MAKE) clean) + +-install: all install_docs install_sw ++install: install_docs install_sw + +-install_sw: ++install_dirs: + @$(PERL) $(TOP)/util/mkdir-p.pl $(INSTALL_PREFIX)$(INSTALLTOP)/bin \ + $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR) \ + $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines \ +@@ -508,6 +508,13 @@ + $(INSTALL_PREFIX)$(OPENSSLDIR)/misc \ + $(INSTALL_PREFIX)$(OPENSSLDIR)/certs \ + $(INSTALL_PREFIX)$(OPENSSLDIR)/private ++ @$(PERL) $(TOP)/util/mkdir-p.pl \ ++ $(INSTALL_PREFIX)$(MANDIR)/man1 \ ++ $(INSTALL_PREFIX)$(MANDIR)/man3 \ ++ $(INSTALL_PREFIX)$(MANDIR)/man5 \ ++ $(INSTALL_PREFIX)$(MANDIR)/man7 ++ ++install_sw: install_dirs + @set -e; headerlist="$(EXHEADER)"; for i in $$headerlist;\ + do \ + (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \ +@@ -511,7 +511,7 @@ + (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \ + chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \ + done; +- @set -e; target=install; $(RECURSIVE_BUILD_CMD) ++ +@set -e; target=install; $(RECURSIVE_BUILD_CMD) + @set -e; liblist="$(LIBS)"; for i in $$liblist ;\ + do \ + if [ -f "$$i" ]; then \ +@@ -593,12 +600,7 @@ + done; \ + done + +-install_docs: +- @$(PERL) $(TOP)/util/mkdir-p.pl \ +- $(INSTALL_PREFIX)$(MANDIR)/man1 \ +- $(INSTALL_PREFIX)$(MANDIR)/man3 \ +- $(INSTALL_PREFIX)$(MANDIR)/man5 \ +- $(INSTALL_PREFIX)$(MANDIR)/man7 ++install_docs: install_dirs + @pod2man="`cd ./util; ./pod2mantest $(PERL)`"; \ + here="`pwd`"; \ + filecase=; \ +--- a/Makefile.shared ++++ b/Makefile.shared +@@ -105,6 +105,7 @@ LINK_SO= \ + SHAREDFLAGS="$${SHAREDFLAGS:-$(CFLAGS) $(SHARED_LDFLAGS)}"; \ + LIBPATH=`for x in $$LIBDEPS; do echo $$x; done | sed -e 's/^ *-L//;t' -e d | uniq`; \ + LIBPATH=`echo $$LIBPATH | sed -e 's/ /:/g'`; \ ++ [ -e $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX ] && exit 0; \ + LD_LIBRARY_PATH=$$LIBPATH:$$LD_LIBRARY_PATH \ + $${SHAREDCMD} $${SHAREDFLAGS} \ + -o $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX \ +@@ -122,6 +124,7 @@ SYMLINK_SO= \ + done; \ + fi; \ + if [ -n "$$SHLIB_SOVER" ]; then \ ++ [ -e "$$SHLIB$$SHLIB_SUFFIX" ] || \ + ( $(SET_X); rm -f $$SHLIB$$SHLIB_SUFFIX; \ + ln -s $$prev $$SHLIB$$SHLIB_SUFFIX ); \ + fi; \ +--- a/crypto/Makefile ++++ b/crypto/Makefile +@@ -85,11 +85,11 @@ + @if [ -z "$(THIS)" ]; then $(MAKE) -f $(TOP)/Makefile reflect THIS=$@; fi + + subdirs: +- @target=all; $(RECURSIVE_MAKE) ++ +@target=all; $(RECURSIVE_MAKE) + + files: + $(PERL) $(TOP)/util/files.pl "CPUID_OBJ=$(CPUID_OBJ)" Makefile >> $(TOP)/MINFO +- @target=files; $(RECURSIVE_MAKE) ++ +@target=files; $(RECURSIVE_MAKE) + + links: + @$(PERL) $(TOP)/util/mklink.pl ../include/openssl $(EXHEADER) +@@ -100,7 +100,7 @@ + # lib: $(LIB): are splitted to avoid end-less loop + lib: $(LIB) + @touch lib +-$(LIB): $(LIBOBJ) ++$(LIB): $(LIBOBJ) | subdirs + $(AR) $(LIB) $(LIBOBJ) + $(RANLIB) $(LIB) || echo Never mind. + +@@ -110,7 +110,7 @@ + fi + + libs: +- @target=lib; $(RECURSIVE_MAKE) ++ +@target=lib; $(RECURSIVE_MAKE) + + install: + @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile... +@@ -119,7 +119,7 @@ + (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \ + chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \ + done; +- @target=install; $(RECURSIVE_MAKE) ++ +@target=install; $(RECURSIVE_MAKE) + + lint: + @target=lint; $(RECURSIVE_MAKE) +--- a/engines/Makefile ++++ b/engines/Makefile +@@ -72,7 +72,7 @@ + + all: lib subdirs + +-lib: $(LIBOBJ) ++lib: $(LIBOBJ) | subdirs + @if [ -n "$(SHARED_LIBS)" ]; then \ + set -e; \ + for l in $(LIBNAMES); do \ +@@ -89,7 +89,7 @@ + + subdirs: + echo $(EDIRS) +- @target=all; $(RECURSIVE_MAKE) ++ +@target=all; $(RECURSIVE_MAKE) + + files: + $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO +@@ -128,7 +128,7 @@ + mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx ); \ + done; \ + fi +- @target=install; $(RECURSIVE_MAKE) ++ +@target=install; $(RECURSIVE_MAKE) + + tags: + ctags $(SRC) +--- a/test/Makefile ++++ b/test/Makefile +@@ -123,7 +123,7 @@ + tags: + ctags $(SRC) + +-tests: exe apps $(TESTS) ++tests: exe $(TESTS) + + apps: + @(cd ..; $(MAKE) DIRS=apps all) +@@ -365,109 +365,109 @@ + link_app.$${shlib_target} + + $(RSATEST)$(EXE_EXT): $(RSATEST).o $(DLIBCRYPTO) +- @target=$(RSATEST); $(BUILD_CMD) ++ +@target=$(RSATEST); $(BUILD_CMD) + + $(BNTEST)$(EXE_EXT): $(BNTEST).o $(DLIBCRYPTO) +- @target=$(BNTEST); $(BUILD_CMD) ++ +@target=$(BNTEST); $(BUILD_CMD) + + $(ECTEST)$(EXE_EXT): $(ECTEST).o $(DLIBCRYPTO) +- @target=$(ECTEST); $(BUILD_CMD) ++ +@target=$(ECTEST); $(BUILD_CMD) + + $(EXPTEST)$(EXE_EXT): $(EXPTEST).o $(DLIBCRYPTO) +- @target=$(EXPTEST); $(BUILD_CMD) ++ +@target=$(EXPTEST); $(BUILD_CMD) + + $(IDEATEST)$(EXE_EXT): $(IDEATEST).o $(DLIBCRYPTO) +- @target=$(IDEATEST); $(BUILD_CMD) ++ +@target=$(IDEATEST); $(BUILD_CMD) + + $(MD2TEST)$(EXE_EXT): $(MD2TEST).o $(DLIBCRYPTO) +- @target=$(MD2TEST); $(BUILD_CMD) ++ +@target=$(MD2TEST); $(BUILD_CMD) + + $(SHATEST)$(EXE_EXT): $(SHATEST).o $(DLIBCRYPTO) +- @target=$(SHATEST); $(BUILD_CMD) ++ +@target=$(SHATEST); $(BUILD_CMD) + + $(SHA1TEST)$(EXE_EXT): $(SHA1TEST).o $(DLIBCRYPTO) +- @target=$(SHA1TEST); $(BUILD_CMD) ++ +@target=$(SHA1TEST); $(BUILD_CMD) + + $(SHA256TEST)$(EXE_EXT): $(SHA256TEST).o $(DLIBCRYPTO) +- @target=$(SHA256TEST); $(BUILD_CMD) ++ +@target=$(SHA256TEST); $(BUILD_CMD) + + $(SHA512TEST)$(EXE_EXT): $(SHA512TEST).o $(DLIBCRYPTO) +- @target=$(SHA512TEST); $(BUILD_CMD) ++ +@target=$(SHA512TEST); $(BUILD_CMD) + + $(RMDTEST)$(EXE_EXT): $(RMDTEST).o $(DLIBCRYPTO) +- @target=$(RMDTEST); $(BUILD_CMD) ++ +@target=$(RMDTEST); $(BUILD_CMD) + + $(MDC2TEST)$(EXE_EXT): $(MDC2TEST).o $(DLIBCRYPTO) +- @target=$(MDC2TEST); $(BUILD_CMD) ++ +@target=$(MDC2TEST); $(BUILD_CMD) + + $(MD4TEST)$(EXE_EXT): $(MD4TEST).o $(DLIBCRYPTO) +- @target=$(MD4TEST); $(BUILD_CMD) ++ +@target=$(MD4TEST); $(BUILD_CMD) + + $(MD5TEST)$(EXE_EXT): $(MD5TEST).o $(DLIBCRYPTO) +- @target=$(MD5TEST); $(BUILD_CMD) ++ +@target=$(MD5TEST); $(BUILD_CMD) + + $(HMACTEST)$(EXE_EXT): $(HMACTEST).o $(DLIBCRYPTO) +- @target=$(HMACTEST); $(BUILD_CMD) ++ +@target=$(HMACTEST); $(BUILD_CMD) + + $(WPTEST)$(EXE_EXT): $(WPTEST).o $(DLIBCRYPTO) +- @target=$(WPTEST); $(BUILD_CMD) ++ +@target=$(WPTEST); $(BUILD_CMD) + + $(RC2TEST)$(EXE_EXT): $(RC2TEST).o $(DLIBCRYPTO) +- @target=$(RC2TEST); $(BUILD_CMD) ++ +@target=$(RC2TEST); $(BUILD_CMD) + + $(BFTEST)$(EXE_EXT): $(BFTEST).o $(DLIBCRYPTO) +- @target=$(BFTEST); $(BUILD_CMD) ++ +@target=$(BFTEST); $(BUILD_CMD) + + $(CASTTEST)$(EXE_EXT): $(CASTTEST).o $(DLIBCRYPTO) +- @target=$(CASTTEST); $(BUILD_CMD) ++ +@target=$(CASTTEST); $(BUILD_CMD) + + $(RC4TEST)$(EXE_EXT): $(RC4TEST).o $(DLIBCRYPTO) +- @target=$(RC4TEST); $(BUILD_CMD) ++ +@target=$(RC4TEST); $(BUILD_CMD) + + $(RC5TEST)$(EXE_EXT): $(RC5TEST).o $(DLIBCRYPTO) +- @target=$(RC5TEST); $(BUILD_CMD) ++ +@target=$(RC5TEST); $(BUILD_CMD) + + $(DESTEST)$(EXE_EXT): $(DESTEST).o $(DLIBCRYPTO) +- @target=$(DESTEST); $(BUILD_CMD) ++ +@target=$(DESTEST); $(BUILD_CMD) + + $(RANDTEST)$(EXE_EXT): $(RANDTEST).o $(DLIBCRYPTO) +- @target=$(RANDTEST); $(BUILD_CMD) ++ +@target=$(RANDTEST); $(BUILD_CMD) + + $(DHTEST)$(EXE_EXT): $(DHTEST).o $(DLIBCRYPTO) +- @target=$(DHTEST); $(BUILD_CMD) ++ +@target=$(DHTEST); $(BUILD_CMD) + + $(DSATEST)$(EXE_EXT): $(DSATEST).o $(DLIBCRYPTO) +- @target=$(DSATEST); $(BUILD_CMD) ++ +@target=$(DSATEST); $(BUILD_CMD) + + $(METHTEST)$(EXE_EXT): $(METHTEST).o $(DLIBCRYPTO) +- @target=$(METHTEST); $(BUILD_CMD) ++ +@target=$(METHTEST); $(BUILD_CMD) + + $(SSLTEST)$(EXE_EXT): $(SSLTEST).o $(DLIBSSL) $(DLIBCRYPTO) +- @target=$(SSLTEST); $(FIPS_BUILD_CMD) ++ +@target=$(SSLTEST); $(FIPS_BUILD_CMD) + + $(ENGINETEST)$(EXE_EXT): $(ENGINETEST).o $(DLIBCRYPTO) +- @target=$(ENGINETEST); $(BUILD_CMD) ++ +@target=$(ENGINETEST); $(BUILD_CMD) + + $(EVPTEST)$(EXE_EXT): $(EVPTEST).o $(DLIBCRYPTO) +- @target=$(EVPTEST); $(BUILD_CMD) ++ +@target=$(EVPTEST); $(BUILD_CMD) + + $(ECDSATEST)$(EXE_EXT): $(ECDSATEST).o $(DLIBCRYPTO) +- @target=$(ECDSATEST); $(BUILD_CMD) ++ +@target=$(ECDSATEST); $(BUILD_CMD) + + $(ECDHTEST)$(EXE_EXT): $(ECDHTEST).o $(DLIBCRYPTO) +- @target=$(ECDHTEST); $(BUILD_CMD) ++ +@target=$(ECDHTEST); $(BUILD_CMD) + + $(IGETEST)$(EXE_EXT): $(IGETEST).o $(DLIBCRYPTO) +- @target=$(IGETEST); $(BUILD_CMD) ++ +@target=$(IGETEST); $(BUILD_CMD) + + $(JPAKETEST)$(EXE_EXT): $(JPAKETEST).o $(DLIBCRYPTO) +- @target=$(JPAKETEST); $(BUILD_CMD) ++ +@target=$(JPAKETEST); $(BUILD_CMD) + + $(ASN1TEST)$(EXE_EXT): $(ASN1TEST).o $(DLIBCRYPTO) +- @target=$(ASN1TEST); $(BUILD_CMD) ++ +@target=$(ASN1TEST); $(BUILD_CMD) + + $(SRPTEST)$(EXE_EXT): $(SRPTEST).o $(DLIBCRYPTO) +- @target=$(SRPTEST); $(BUILD_CMD) ++ +@target=$(SRPTEST); $(BUILD_CMD) + + #$(AESTEST).o: $(AESTEST).c + # $(CC) -c $(CFLAGS) -DINTERMEDIATE_VALUE_KAT -DTRACE_KAT_MCT $(AESTEST).c +@@ -480,7 +480,7 @@ + # fi + + dummytest$(EXE_EXT): dummytest.o $(DLIBCRYPTO) +- @target=dummytest; $(BUILD_CMD) ++ +@target=dummytest; $(BUILD_CMD) + + # DO NOT DELETE THIS LINE -- make depend depends on it. + +--- a/crypto/objects/Makefile ++++ b/crypto/objects/Makefile +@@ -44,11 +44,11 @@ obj_dat.h: obj_dat.pl obj_mac.h + # objects.pl both reads and writes obj_mac.num + obj_mac.h: objects.pl objects.txt obj_mac.num + $(PERL) objects.pl objects.txt obj_mac.num obj_mac.h +- @sleep 1; touch obj_mac.h; sleep 1 + +-obj_xref.h: objxref.pl obj_xref.txt obj_mac.num ++# This doesn't really need obj_mac.h, but since that rule reads & writes ++# obj_mac.num, we can't run in parallel with it. ++obj_xref.h: objxref.pl obj_xref.txt obj_mac.num obj_mac.h + $(PERL) objxref.pl obj_mac.num obj_xref.txt > obj_xref.h +- @sleep 1; touch obj_xref.h; sleep 1 + + files: + $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO diff --git a/sdk_container/src/third_party/portage-stable/dev-libs/openssl/files/openssl-1.0.1e-perl-5.18.patch b/sdk_container/src/third_party/portage-stable/dev-libs/openssl/files/openssl-1.0.2_beta1-perl-5.18.patch similarity index 59% rename from sdk_container/src/third_party/portage-stable/dev-libs/openssl/files/openssl-1.0.1e-perl-5.18.patch rename to sdk_container/src/third_party/portage-stable/dev-libs/openssl/files/openssl-1.0.2_beta1-perl-5.18.patch index 6427c53599..cbf9f0c940 100644 --- a/sdk_container/src/third_party/portage-stable/dev-libs/openssl/files/openssl-1.0.1e-perl-5.18.patch +++ b/sdk_container/src/third_party/portage-stable/dev-libs/openssl/files/openssl-1.0.2_beta1-perl-5.18.patch @@ -1,15 +1,11 @@ -https://bugs.gentoo.org/483820 +Forward-ported from openssl-1.0.1f-perl-5.18.patch +Fixes install with perl-5.18. -Submitted By: Martin Ward -Date: 2013-06-18 -Initial Package Version: 1.0.1e -Upstream Status: Unknown -Origin: self, based on fedora -Description: Fixes install with perl-5.18. +Signed-off-by: Lars Wendler ---- openssl-1.0.1e.orig/doc/apps/cms.pod -+++ openssl-1.0.1e/doc/apps/cms.pod -@@ -450,28 +450,28 @@ +--- openssl-1.0.2-beta1/doc/apps/cms.pod ++++ openssl-1.0.2-beta1/doc/apps/cms.pod +@@ -463,28 +463,28 @@ =over 4 @@ -44,8 +40,8 @@ Description: Fixes install with perl-5.18. the message was verified correctly but an error occurred writing out the signers certificates. ---- openssl-1.0.1e.orig/doc/apps/smime.pod -+++ openssl-1.0.1e/doc/apps/smime.pod +--- openssl-1.0.2-beta1/doc/apps/smime.pod ++++ openssl-1.0.2-beta1/doc/apps/smime.pod @@ -308,28 +308,28 @@ =over 4 @@ -81,36 +77,26 @@ Description: Fixes install with perl-5.18. the message was verified correctly but an error occurred writing out the signers certificates. ---- openssl-1.0.1e.orig/doc/crypto/X509_STORE_CTX_get_error.pod -+++ openssl-1.0.1e/doc/crypto/X509_STORE_CTX_get_error.pod -@@ -278,6 +278,8 @@ - an application specific error. This will never be returned unless explicitly - set by an application. - -+=back -+ - =head1 NOTES - - The above functions should be used instead of directly referencing the fields ---- openssl-1.0.1e.orig/doc/ssl/SSL_accept.pod -+++ openssl-1.0.1e/doc/ssl/SSL_accept.pod -@@ -44,12 +44,12 @@ +--- openssl-1.0.2-beta1/doc/ssl/SSL_accept.pod ++++ openssl-1.0.2-beta1/doc/ssl/SSL_accept.pod +@@ -44,13 +44,13 @@ =over 4 --=item 1 -+=item C<1> - - The TLS/SSL handshake was successfully completed, a TLS/SSL connection has been - established. - -=item 0 +=item C<0> The TLS/SSL handshake was not successful but was shut down controlled and by the specifications of the TLS/SSL protocol. Call SSL_get_error() with the ---- openssl-1.0.1e.orig/doc/ssl/SSL_clear.pod -+++ openssl-1.0.1e/doc/ssl/SSL_clear.pod + return value B to find out the reason. + +-=item 1 ++=item C<1> + + The TLS/SSL handshake was successfully completed, a TLS/SSL connection has been + established. +--- openssl-1.0.2-beta1/doc/ssl/SSL_clear.pod ++++ openssl-1.0.2-beta1/doc/ssl/SSL_clear.pod @@ -56,12 +56,12 @@ =over 4 @@ -126,8 +112,8 @@ Description: Fixes install with perl-5.18. The SSL_clear() operation was successful. ---- openssl-1.0.1e.orig/doc/ssl/SSL_COMP_add_compression_method.pod -+++ openssl-1.0.1e/doc/ssl/SSL_COMP_add_compression_method.pod +--- openssl-1.0.2-beta1/doc/ssl/SSL_COMP_add_compression_method.pod ++++ openssl-1.0.2-beta1/doc/ssl/SSL_COMP_add_compression_method.pod @@ -53,11 +53,11 @@ =over 4 @@ -142,25 +128,48 @@ Description: Fixes install with perl-5.18. The operation failed. Check the error queue to find out the reason. ---- openssl-1.0.1e.orig/doc/ssl/SSL_connect.pod -+++ openssl-1.0.1e/doc/ssl/SSL_connect.pod -@@ -41,12 +41,12 @@ +--- openssl-1.0.2-beta1/doc/ssl/SSL_CONF_cmd.pod ++++ openssl-1.0.2-beta1/doc/ssl/SSL_CONF_cmd.pod +@@ -320,6 +320,8 @@ + + The value is a directory name. + ++=back ++ + =head1 NOTES + + The order of operations is significant. This can be used to set either defaults +--- openssl-1.0.2-beta1/doc/ssl/SSL_connect.pod ++++ openssl-1.0.2-beta1/doc/ssl/SSL_connect.pod +@@ -41,13 +41,13 @@ =over 4 --=item 1 -+=item C<1> - - The TLS/SSL handshake was successfully completed, a TLS/SSL connection has been - established. - -=item 0 +=item C<0> The TLS/SSL handshake was not successful but was shut down controlled and by the specifications of the TLS/SSL protocol. Call SSL_get_error() with the ---- openssl-1.0.1e.orig/doc/ssl/SSL_CTX_add_session.pod -+++ openssl-1.0.1e/doc/ssl/SSL_CTX_add_session.pod + return value B to find out the reason. + +-=item 1 ++=item C<1> + + The TLS/SSL handshake was successfully completed, a TLS/SSL connection has been + established. +--- openssl-1.0.2-beta1/doc/ssl/SSL_CTX_add1_chain_cert.pod ++++ openssl-1.0.2-beta1/doc/ssl/SSL_CTX_add1_chain_cert.pod +@@ -128,6 +128,8 @@ + + All other functions return 1 for success and 0 for failure. + ++=over ++ + =back + + =head1 SEE ALSO +--- openssl-1.0.2-beta1/doc/ssl/SSL_CTX_add_session.pod ++++ openssl-1.0.2-beta1/doc/ssl/SSL_CTX_add_session.pod @@ -52,13 +52,13 @@ =over 4 @@ -177,8 +186,8 @@ Description: Fixes install with perl-5.18. The operation succeeded. ---- openssl-1.0.1e.orig/doc/ssl/SSL_CTX_load_verify_locations.pod -+++ openssl-1.0.1e/doc/ssl/SSL_CTX_load_verify_locations.pod +--- openssl-1.0.2-beta1/doc/ssl/SSL_CTX_load_verify_locations.pod ++++ openssl-1.0.2-beta1/doc/ssl/SSL_CTX_load_verify_locations.pod @@ -100,13 +100,13 @@ =over 4 @@ -195,24 +204,48 @@ Description: Fixes install with perl-5.18. The operation succeeded. ---- openssl-1.0.1e.orig/doc/ssl/SSL_CTX_set_client_CA_list.pod -+++ openssl-1.0.1e/doc/ssl/SSL_CTX_set_client_CA_list.pod -@@ -66,11 +66,11 @@ +--- openssl-1.0.2-beta1/doc/ssl/SSL_CTX_set1_curves.pod ++++ openssl-1.0.2-beta1/doc/ssl/SSL_CTX_set1_curves.pod +@@ -87,6 +87,8 @@ + SSL_get1_shared_curve() returns the NID of shared curve B of zero if there + is no shared curve B or the number of shared curves if B is -1. + ++=over ++ + =back + + =head1 SEE ALSO +--- openssl-1.0.2-beta1/doc/ssl/SSL_CTX_set1_verify_cert_store.pod ++++ openssl-1.0.2-beta1/doc/ssl/SSL_CTX_set1_verify_cert_store.pod +@@ -70,6 +70,8 @@ + + All these functions return 1 for success and 0 for failure. + ++=over ++ + =back + + =head1 SEE ALSO +--- openssl-1.0.2-beta1/doc/ssl/SSL_CTX_set_client_CA_list.pod ++++ openssl-1.0.2-beta1/doc/ssl/SSL_CTX_set_client_CA_list.pod +@@ -66,13 +66,13 @@ =over 4 --=item 1 -+=item C<1> - - The operation succeeded. - -=item 0 +=item C<0> A failure while manipulating the STACK_OF(X509_NAME) object occurred or the X509_NAME could not be extracted from B. Check the error stack ---- openssl-1.0.1e.orig/doc/ssl/SSL_CTX_set_session_id_context.pod -+++ openssl-1.0.1e/doc/ssl/SSL_CTX_set_session_id_context.pod + to find out the reason. + +-=item 1 ++=item C<1> + + The operation succeeded. + +--- openssl-1.0.2-beta1/doc/ssl/SSL_CTX_set_session_id_context.pod ++++ openssl-1.0.2-beta1/doc/ssl/SSL_CTX_set_session_id_context.pod @@ -64,13 +64,13 @@ =over 4 @@ -229,8 +262,8 @@ Description: Fixes install with perl-5.18. The operation succeeded. ---- openssl-1.0.1e.orig/doc/ssl/SSL_CTX_set_ssl_version.pod -+++ openssl-1.0.1e/doc/ssl/SSL_CTX_set_ssl_version.pod +--- openssl-1.0.2-beta1/doc/ssl/SSL_CTX_set_ssl_version.pod ++++ openssl-1.0.2-beta1/doc/ssl/SSL_CTX_set_ssl_version.pod @@ -42,11 +42,11 @@ =over 4 @@ -245,18 +278,9 @@ Description: Fixes install with perl-5.18. The operation succeeded. ---- openssl-1.0.1e.orig/doc/ssl/SSL_CTX_use_psk_identity_hint.pod -+++ openssl-1.0.1e/doc/ssl/SSL_CTX_use_psk_identity_hint.pod -@@ -81,6 +81,8 @@ - - Return values from the server callback are interpreted as follows: - -+=over -+ - =item > 0 - - PSK identity was found and the server callback has provided the PSK -@@ -94,9 +96,11 @@ +--- openssl-1.0.2-beta1/doc/ssl/SSL_CTX_use_psk_identity_hint.pod ++++ openssl-1.0.2-beta1/doc/ssl/SSL_CTX_use_psk_identity_hint.pod +@@ -96,7 +96,7 @@ connection will fail with decryption_error before it will be finished completely. @@ -265,29 +289,26 @@ Description: Fixes install with perl-5.18. PSK identity was not found. An "unknown_psk_identity" alert message will be sent and the connection setup fails. - -+=back -+ - =cut ---- openssl-1.0.1e.orig/doc/ssl/SSL_do_handshake.pod -+++ openssl-1.0.1e/doc/ssl/SSL_do_handshake.pod -@@ -45,12 +45,12 @@ +--- openssl-1.0.2-beta1/doc/ssl/SSL_do_handshake.pod ++++ openssl-1.0.2-beta1/doc/ssl/SSL_do_handshake.pod +@@ -45,13 +45,13 @@ =over 4 --=item 1 -+=item C<1> - - The TLS/SSL handshake was successfully completed, a TLS/SSL connection has been - established. - -=item 0 +=item C<0> The TLS/SSL handshake was not successful but was shut down controlled and by the specifications of the TLS/SSL protocol. Call SSL_get_error() with the ---- openssl-1.0.1e.orig/doc/ssl/SSL_read.pod -+++ openssl-1.0.1e/doc/ssl/SSL_read.pod + return value B to find out the reason. + +-=item 1 ++=item C<1> + + The TLS/SSL handshake was successfully completed, a TLS/SSL connection has been + established. +--- openssl-1.0.2-beta1/doc/ssl/SSL_read.pod ++++ openssl-1.0.2-beta1/doc/ssl/SSL_read.pod @@ -86,7 +86,7 @@ The read operation was successful; the return value is the number of bytes actually read from the TLS/SSL connection. @@ -297,8 +318,8 @@ Description: Fixes install with perl-5.18. The read operation was not successful. The reason may either be a clean shutdown due to a "close notify" alert sent by the peer (in which case ---- openssl-1.0.1e.orig/doc/ssl/SSL_session_reused.pod -+++ openssl-1.0.1e/doc/ssl/SSL_session_reused.pod +--- openssl-1.0.2-beta1/doc/ssl/SSL_session_reused.pod ++++ openssl-1.0.2-beta1/doc/ssl/SSL_session_reused.pod @@ -27,11 +27,11 @@ =over 4 @@ -313,8 +334,8 @@ Description: Fixes install with perl-5.18. A session was reused. ---- openssl-1.0.1e.orig/doc/ssl/SSL_set_fd.pod -+++ openssl-1.0.1e/doc/ssl/SSL_set_fd.pod +--- openssl-1.0.2-beta1/doc/ssl/SSL_set_fd.pod ++++ openssl-1.0.2-beta1/doc/ssl/SSL_set_fd.pod @@ -35,11 +35,11 @@ =over 4 @@ -329,8 +350,8 @@ Description: Fixes install with perl-5.18. The operation succeeded. ---- openssl-1.0.1e.orig/doc/ssl/SSL_set_session.pod -+++ openssl-1.0.1e/doc/ssl/SSL_set_session.pod +--- openssl-1.0.2-beta1/doc/ssl/SSL_set_session.pod ++++ openssl-1.0.2-beta1/doc/ssl/SSL_set_session.pod @@ -37,11 +37,11 @@ =over 4 @@ -345,25 +366,27 @@ Description: Fixes install with perl-5.18. The operation succeeded. ---- openssl-1.0.1e.orig/doc/ssl/SSL_shutdown.pod -+++ openssl-1.0.1e/doc/ssl/SSL_shutdown.pod -@@ -92,12 +92,12 @@ +--- openssl-1.0.2-beta1/doc/ssl/SSL_shutdown.pod ++++ openssl-1.0.2-beta1/doc/ssl/SSL_shutdown.pod +@@ -92,14 +92,14 @@ =over 4 --=item 1 -+=item C<1> - - The shutdown was successfully completed. The "close notify" alert was sent - and the peer's "close notify" alert was received. - -=item 0 +=item C<0> The shutdown is not yet finished. Call SSL_shutdown() for a second time, if a bidirectional shutdown shall be performed. ---- openssl-1.0.1e.orig/doc/ssl/SSL_write.pod -+++ openssl-1.0.1e/doc/ssl/SSL_write.pod + The output of L may be misleading, as an + erroneous SSL_ERROR_SYSCALL may be flagged even though no error occurred. + +-=item 1 ++=item C<1> + + The shutdown was successfully completed. The "close notify" alert was sent + and the peer's "close notify" alert was received. +--- openssl-1.0.2-beta1/doc/ssl/SSL_write.pod ++++ openssl-1.0.2-beta1/doc/ssl/SSL_write.pod @@ -79,7 +79,7 @@ The write operation was successful, the return value is the number of bytes actually written to the TLS/SSL connection. diff --git a/sdk_container/src/third_party/portage-stable/dev-libs/openssl/metadata.xml b/sdk_container/src/third_party/portage-stable/dev-libs/openssl/metadata.xml index 84ddb514f8..d6bf0bcf4a 100644 --- a/sdk_container/src/third_party/portage-stable/dev-libs/openssl/metadata.xml +++ b/sdk_container/src/third_party/portage-stable/dev-libs/openssl/metadata.xml @@ -3,7 +3,7 @@ base-system - Disable EC/RC5 algorithms (as they seem to be patented) + Disable EC/RC5 algorithms (as they seem to be patented) -- note: changes the ABI Enable support for RFC 3779 (X.509 Extensions for IP Addresses and AS Identifiers) Enable the Heartbeat Extension in TLS and DTLS diff --git a/sdk_container/src/third_party/portage-stable/dev-libs/openssl/openssl-1.0.1e-r1.ebuild b/sdk_container/src/third_party/portage-stable/dev-libs/openssl/openssl-1.0.1e-r1.ebuild deleted file mode 100644 index 3add312374..0000000000 --- a/sdk_container/src/third_party/portage-stable/dev-libs/openssl/openssl-1.0.1e-r1.ebuild +++ /dev/null @@ -1,237 +0,0 @@ -# Copyright 1999-2014 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/dev-libs/openssl/openssl-1.0.1e-r1.ebuild,v 1.17 2014/01/16 17:37:37 vapier Exp $ - -EAPI="4" - -inherit eutils flag-o-matic toolchain-funcs multilib - -REV="1.7" -DESCRIPTION="full-strength general purpose cryptography library (including SSL and TLS)" -HOMEPAGE="http://www.openssl.org/" -SRC_URI="mirror://openssl/source/${P}.tar.gz - http://cvs.pld-linux.org/cgi-bin/cvsweb.cgi/packages/${PN}/${PN}-c_rehash.sh?rev=${REV} -> ${PN}-c_rehash.sh.${REV}" - -LICENSE="openssl" -SLOT="0" -KEYWORDS="alpha amd64 arm hppa ia64 m68k ~mips ppc -ppc64 s390 sh sparc x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~arm-linux ~x86-linux" -IUSE="bindist gmp kerberos rfc3779 sse2 static-libs test +tls-heartbeat vanilla zlib" - -# Have the sub-libs in RDEPEND with [static-libs] since, logically, -# our libssl.a depends on libz.a/etc... at runtime. -LIB_DEPEND="gmp? ( dev-libs/gmp[static-libs(+)] ) - zlib? ( sys-libs/zlib[static-libs(+)] ) - kerberos? ( app-crypt/mit-krb5 )" -# The blocks are temporary just to make sure people upgrade to a -# version that lack runtime version checking. We'll drop them in -# the future. -RDEPEND="static-libs? ( ${LIB_DEPEND} ) - !static-libs? ( ${LIB_DEPEND//\[static-libs(+)]} ) - ! "${WORKDIR}"/c_rehash || die #416717 -} - -src_prepare() { - # Make sure we only ever touch Makefile.org and avoid patching a file - # that gets blown away anyways by the Configure script in src_configure - rm -f Makefile - - if ! use vanilla ; then - epatch "${FILESDIR}"/${PN}-1.0.0a-ldflags.patch #327421 - epatch "${FILESDIR}"/${PN}-1.0.0d-windres.patch #373743 - epatch "${FILESDIR}"/${PN}-1.0.0h-pkg-config.patch - epatch "${FILESDIR}"/${PN}-1.0.1-parallel-build.patch - epatch "${FILESDIR}"/${PN}-1.0.1-x32.patch - epatch "${FILESDIR}"/${PN}-1.0.1e-ipv6.patch - epatch "${FILESDIR}"/${P}-bad-mac-aes-ni.patch #463444 - epatch "${FILESDIR}"/${PN}-1.0.1e-perl-5.18.patch #483820 - epatch_user #332661 - fi - - # disable fips in the build - # make sure the man pages are suffixed #302165 - # don't bother building man pages if they're disabled - sed -i \ - -e '/DIRS/s: fips : :g' \ - -e '/^MANSUFFIX/s:=.*:=ssl:' \ - -e '/^MAKEDEPPROG/s:=.*:=$(CC):' \ - -e $(has noman FEATURES \ - && echo '/^install:/s:install_docs::' \ - || echo '/^MANDIR=/s:=.*:='${EPREFIX}'/usr/share/man:') \ - Makefile.org \ - || die - # show the actual commands in the log - sed -i '/^SET_X/s:=.*:=set -x:' Makefile.shared - - # allow openssl to be cross-compiled - cp "${FILESDIR}"/gentoo.config-1.0.1 gentoo.config || die - chmod a+rx gentoo.config - - append-flags -fno-strict-aliasing - append-flags $(test-flags-CC -Wa,--noexecstack) - - sed -i '1s,^:$,#!'${EPREFIX}'/usr/bin/perl,' Configure #141906 - # The config script does stupid stuff to prompt the user. Kill it. - sed -i '/stty -icanon min 0 time 50; read waste/d' config || die - ./config --test-sanity || die "I AM NOT SANE" -} - -src_configure() { - unset APPS #197996 - unset SCRIPTS #312551 - unset CROSS_COMPILE #311473 - - tc-export CC AR RANLIB RC - - # Clean out patent-or-otherwise-encumbered code - # Camellia: Royalty Free http://en.wikipedia.org/wiki/Camellia_(cipher) - # IDEA: Expired http://en.wikipedia.org/wiki/International_Data_Encryption_Algorithm - # EC: ????????? ??/??/2015 http://en.wikipedia.org/wiki/Elliptic_Curve_Cryptography - # MDC2: Expired http://en.wikipedia.org/wiki/MDC-2 - # RC5: 5,724,428 03/03/2015 http://en.wikipedia.org/wiki/RC5 - - use_ssl() { usex $1 "enable-${2:-$1}" "no-${2:-$1}" " ${*:3}" ; } - echoit() { echo "$@" ; "$@" ; } - - local krb5=$(has_version app-crypt/mit-krb5 && echo "MIT" || echo "Heimdal") - - # See if our toolchain supports __uint128_t. If so, it's 64bit - # friendly and can use the nicely optimized code paths. #460790 - local ec_nistp_64_gcc_128 - if ! use bindist ; then - echo "__uint128_t i;" > "${T}"/128.c - if ${CC} ${CFLAGS} -c "${T}"/128.c -o /dev/null >&/dev/null ; then - ec_nistp_64_gcc_128="enable-ec_nistp_64_gcc_128" - fi - fi - - local sslout=$(./gentoo.config) - einfo "Use configuration ${sslout:-(openssl knows best)}" - local config="Configure" - [[ -z ${sslout} ]] && config="config" - echoit \ - ./${config} \ - ${sslout} \ - $(use sse2 || echo "no-sse2") \ - enable-camellia \ - $(use_ssl !bindist ec) \ - ${ec_nistp_64_gcc_128} \ - enable-idea \ - enable-mdc2 \ - $(use_ssl !bindist rc5) \ - enable-tlsext \ - $(use_ssl gmp gmp -lgmp) \ - $(use_ssl kerberos krb5 --with-krb5-flavor=${krb5}) \ - $(use_ssl rfc3779) \ - $(use_ssl tls-heartbeat heartbeats) \ - $(use_ssl zlib) \ - --prefix="${EPREFIX}"/usr \ - --openssldir="${EPREFIX}"${SSL_CNF_DIR} \ - --libdir=$(get_libdir) \ - shared threads \ - || die - - # Clean out hardcoded flags that openssl uses - local CFLAG=$(grep ^CFLAG= Makefile | LC_ALL=C sed \ - -e 's:^CFLAG=::' \ - -e 's:-fomit-frame-pointer ::g' \ - -e 's:-O[0-9] ::g' \ - -e 's:-march=[-a-z0-9]* ::g' \ - -e 's:-mcpu=[-a-z0-9]* ::g' \ - -e 's:-m[a-z0-9]* ::g' \ - ) - sed -i \ - -e "/^CFLAG/s|=.*|=${CFLAG} ${CFLAGS}|" \ - -e "/^SHARED_LDFLAGS=/s|$| ${LDFLAGS}|" \ - Makefile || die -} - -src_compile() { - # depend is needed to use $confopts; it also doesn't matter - # that it's -j1 as the code itself serializes subdirs - emake -j1 depend - emake all - # rehash is needed to prep the certs/ dir; do this - # separately to avoid parallel build issues. - emake rehash -} - -src_test() { - emake -j1 test -} - -src_install() { - emake INSTALL_PREFIX="${D}" install - dobin "${WORKDIR}"/c_rehash #333117 - dodoc CHANGES* FAQ NEWS README doc/*.txt doc/c-indentation.el - dohtml -r doc/* - use rfc3779 && dodoc engines/ccgost/README.gost - - # This is crappy in that the static archives are still built even - # when USE=static-libs. But this is due to a failing in the openssl - # build system: the static archives are built as PIC all the time. - # Only way around this would be to manually configure+compile openssl - # twice; once with shared lib support enabled and once without. - use static-libs || rm -f "${ED}"/usr/lib*/lib*.a - - # create the certs directory - dodir ${SSL_CNF_DIR}/certs - cp -RP certs/* "${ED}"${SSL_CNF_DIR}/certs/ || die - rm -r "${ED}"${SSL_CNF_DIR}/certs/{demo,expired} - - # Namespace openssl programs to prevent conflicts with other man pages - cd "${ED}"/usr/share/man - local m d s - for m in $(find . -type f | xargs grep -L '#include') ; do - d=${m%/*} ; d=${d#./} ; m=${m##*/} - [[ ${m} == openssl.1* ]] && continue - [[ -n $(find -L ${d} -type l) ]] && die "erp, broken links already!" - mv ${d}/{,ssl-}${m} - # fix up references to renamed man pages - sed -i '/^[.]SH "SEE ALSO"/,/^[.]/s:\([^(, ]*(1)\):ssl-\1:g' ${d}/ssl-${m} - ln -s ssl-${m} ${d}/openssl-${m} - # locate any symlinks that point to this man page ... we assume - # that any broken links are due to the above renaming - for s in $(find -L ${d} -type l) ; do - s=${s##*/} - rm -f ${d}/${s} - ln -s ssl-${m} ${d}/ssl-${s} - ln -s ssl-${s} ${d}/openssl-${s} - done - done - [[ -n $(find -L ${d} -type l) ]] && die "broken manpage links found :(" - - dodir /etc/sandbox.d #254521 - echo 'SANDBOX_PREDICT="/dev/crypto"' > "${ED}"/etc/sandbox.d/10openssl - - diropts -m0700 - keepdir ${SSL_CNF_DIR}/private -} - -pkg_preinst() { - has_version ${CATEGORY}/${PN}:0.9.8 && return 0 - preserve_old_lib /usr/$(get_libdir)/lib{crypto,ssl}.so.0.9.8 -} - -pkg_postinst() { - ebegin "Running 'c_rehash ${EROOT%/}${SSL_CNF_DIR}/certs/' to rebuild hashes #333069" - c_rehash "${EROOT%/}${SSL_CNF_DIR}/certs" >/dev/null - eend $? - - has_version ${CATEGORY}/${PN}:0.9.8 && return 0 - preserve_old_lib_notify /usr/$(get_libdir)/lib{crypto,ssl}.so.0.9.8 -} diff --git a/sdk_container/src/third_party/portage-stable/dev-libs/openssl/openssl-1.0.1e-r3.ebuild b/sdk_container/src/third_party/portage-stable/dev-libs/openssl/openssl-1.0.1e-r3.ebuild deleted file mode 100644 index f0d1f3e673..0000000000 --- a/sdk_container/src/third_party/portage-stable/dev-libs/openssl/openssl-1.0.1e-r3.ebuild +++ /dev/null @@ -1,241 +0,0 @@ -# Copyright 1999-2013 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/dev-libs/openssl/openssl-1.0.1e-r3.ebuild,v 1.1 2013/12/20 19:26:59 vapier Exp $ - -EAPI="4" - -inherit eutils flag-o-matic toolchain-funcs multilib - -REV="1.7" -DESCRIPTION="full-strength general purpose cryptography library (including SSL and TLS)" -HOMEPAGE="http://www.openssl.org/" -SRC_URI="mirror://openssl/source/${P}.tar.gz - http://cvs.pld-linux.org/cgi-bin/cvsweb.cgi/packages/${PN}/${PN}-c_rehash.sh?rev=${REV} -> ${PN}-c_rehash.sh.${REV}" - -LICENSE="openssl" -SLOT="0" -KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~arm-linux ~x86-linux" -IUSE="bindist gmp kerberos rfc3779 sse2 static-libs test +tls-heartbeat vanilla zlib" - -# Have the sub-libs in RDEPEND with [static-libs] since, logically, -# our libssl.a depends on libz.a/etc... at runtime. -LIB_DEPEND="gmp? ( dev-libs/gmp[static-libs(+)] ) - zlib? ( sys-libs/zlib[static-libs(+)] ) - kerberos? ( app-crypt/mit-krb5 )" -# The blocks are temporary just to make sure people upgrade to a -# version that lack runtime version checking. We'll drop them in -# the future. -RDEPEND="static-libs? ( ${LIB_DEPEND} ) - !static-libs? ( ${LIB_DEPEND//\[static-libs(+)]} ) - ! "${WORKDIR}"/c_rehash || die #416717 -} - -src_prepare() { - # Make sure we only ever touch Makefile.org and avoid patching a file - # that gets blown away anyways by the Configure script in src_configure - rm -f Makefile - - if ! use vanilla ; then - epatch "${FILESDIR}"/${PN}-1.0.0a-ldflags.patch #327421 - epatch "${FILESDIR}"/${PN}-1.0.0d-windres.patch #373743 - epatch "${FILESDIR}"/${PN}-1.0.0h-pkg-config.patch - epatch "${FILESDIR}"/${PN}-1.0.1-parallel-build.patch - epatch "${FILESDIR}"/${PN}-1.0.1-x32.patch - epatch "${FILESDIR}"/${PN}-1.0.1e-ipv6.patch - epatch "${FILESDIR}"/${P}-bad-mac-aes-ni.patch #463444 - epatch "${FILESDIR}"/${PN}-1.0.1e-perl-5.18.patch #483820 - epatch "${FILESDIR}"/${PN}-1.0.1e-s_client-verify.patch #472584 - epatch "${FILESDIR}"/${P}-tls-ver-crash.patch #494816 - epatch "${FILESDIR}"/${P}-rdrand-explicit.patch - epatch_user #332661 - fi - - # disable fips in the build - # make sure the man pages are suffixed #302165 - # don't bother building man pages if they're disabled - sed -i \ - -e '/DIRS/s: fips : :g' \ - -e '/^MANSUFFIX/s:=.*:=ssl:' \ - -e '/^MAKEDEPPROG/s:=.*:=$(CC):' \ - -e $(has noman FEATURES \ - && echo '/^install:/s:install_docs::' \ - || echo '/^MANDIR=/s:=.*:='${EPREFIX}'/usr/share/man:') \ - Makefile.org \ - || die - # show the actual commands in the log - sed -i '/^SET_X/s:=.*:=set -x:' Makefile.shared - - # allow openssl to be cross-compiled - cp "${FILESDIR}"/gentoo.config-1.0.1 gentoo.config || die - chmod a+rx gentoo.config - - append-flags -fno-strict-aliasing - append-flags $(test-flags-CC -Wa,--noexecstack) - - sed -i '1s,^:$,#!'${EPREFIX}'/usr/bin/perl,' Configure #141906 - # The config script does stupid stuff to prompt the user. Kill it. - sed -i '/stty -icanon min 0 time 50; read waste/d' config || die - ./config --test-sanity || die "I AM NOT SANE" -} - -src_configure() { - unset APPS #197996 - unset SCRIPTS #312551 - unset CROSS_COMPILE #311473 - - tc-export CC AR RANLIB RC - - # Clean out patent-or-otherwise-encumbered code - # Camellia: Royalty Free http://en.wikipedia.org/wiki/Camellia_(cipher) - # IDEA: Expired http://en.wikipedia.org/wiki/International_Data_Encryption_Algorithm - # EC: ????????? ??/??/2015 http://en.wikipedia.org/wiki/Elliptic_Curve_Cryptography - # MDC2: Expired http://en.wikipedia.org/wiki/MDC-2 - # RC5: 5,724,428 03/03/2015 http://en.wikipedia.org/wiki/RC5 - - use_ssl() { usex $1 "enable-${2:-$1}" "no-${2:-$1}" " ${*:3}" ; } - echoit() { echo "$@" ; "$@" ; } - - local krb5=$(has_version app-crypt/mit-krb5 && echo "MIT" || echo "Heimdal") - - # See if our toolchain supports __uint128_t. If so, it's 64bit - # friendly and can use the nicely optimized code paths. #460790 - local ec_nistp_64_gcc_128 - # Disable it for now though #469976 - #if ! use bindist ; then - # echo "__uint128_t i;" > "${T}"/128.c - # if ${CC} ${CFLAGS} -c "${T}"/128.c -o /dev/null >&/dev/null ; then - # ec_nistp_64_gcc_128="enable-ec_nistp_64_gcc_128" - # fi - #fi - - local sslout=$(./gentoo.config) - einfo "Use configuration ${sslout:-(openssl knows best)}" - local config="Configure" - [[ -z ${sslout} ]] && config="config" - echoit \ - ./${config} \ - ${sslout} \ - $(use sse2 || echo "no-sse2") \ - enable-camellia \ - $(use_ssl !bindist ec) \ - ${ec_nistp_64_gcc_128} \ - enable-idea \ - enable-mdc2 \ - $(use_ssl !bindist rc5) \ - enable-tlsext \ - $(use_ssl gmp gmp -lgmp) \ - $(use_ssl kerberos krb5 --with-krb5-flavor=${krb5}) \ - $(use_ssl rfc3779) \ - $(use_ssl tls-heartbeat heartbeats) \ - $(use_ssl zlib) \ - --prefix="${EPREFIX}"/usr \ - --openssldir="${EPREFIX}"${SSL_CNF_DIR} \ - --libdir=$(get_libdir) \ - shared threads \ - || die - - # Clean out hardcoded flags that openssl uses - local CFLAG=$(grep ^CFLAG= Makefile | LC_ALL=C sed \ - -e 's:^CFLAG=::' \ - -e 's:-fomit-frame-pointer ::g' \ - -e 's:-O[0-9] ::g' \ - -e 's:-march=[-a-z0-9]* ::g' \ - -e 's:-mcpu=[-a-z0-9]* ::g' \ - -e 's:-m[a-z0-9]* ::g' \ - ) - sed -i \ - -e "/^CFLAG/s|=.*|=${CFLAG} ${CFLAGS}|" \ - -e "/^SHARED_LDFLAGS=/s|$| ${LDFLAGS}|" \ - Makefile || die -} - -src_compile() { - # depend is needed to use $confopts; it also doesn't matter - # that it's -j1 as the code itself serializes subdirs - emake -j1 depend - emake all - # rehash is needed to prep the certs/ dir; do this - # separately to avoid parallel build issues. - emake rehash -} - -src_test() { - emake -j1 test -} - -src_install() { - emake INSTALL_PREFIX="${D}" install - dobin "${WORKDIR}"/c_rehash #333117 - dodoc CHANGES* FAQ NEWS README doc/*.txt doc/c-indentation.el - dohtml -r doc/* - use rfc3779 && dodoc engines/ccgost/README.gost - - # This is crappy in that the static archives are still built even - # when USE=static-libs. But this is due to a failing in the openssl - # build system: the static archives are built as PIC all the time. - # Only way around this would be to manually configure+compile openssl - # twice; once with shared lib support enabled and once without. - use static-libs || rm -f "${ED}"/usr/lib*/lib*.a - - # create the certs directory - dodir ${SSL_CNF_DIR}/certs - cp -RP certs/* "${ED}"${SSL_CNF_DIR}/certs/ || die - rm -r "${ED}"${SSL_CNF_DIR}/certs/{demo,expired} - - # Namespace openssl programs to prevent conflicts with other man pages - cd "${ED}"/usr/share/man - local m d s - for m in $(find . -type f | xargs grep -L '#include') ; do - d=${m%/*} ; d=${d#./} ; m=${m##*/} - [[ ${m} == openssl.1* ]] && continue - [[ -n $(find -L ${d} -type l) ]] && die "erp, broken links already!" - mv ${d}/{,ssl-}${m} - # fix up references to renamed man pages - sed -i '/^[.]SH "SEE ALSO"/,/^[.]/s:\([^(, ]*(1)\):ssl-\1:g' ${d}/ssl-${m} - ln -s ssl-${m} ${d}/openssl-${m} - # locate any symlinks that point to this man page ... we assume - # that any broken links are due to the above renaming - for s in $(find -L ${d} -type l) ; do - s=${s##*/} - rm -f ${d}/${s} - ln -s ssl-${m} ${d}/ssl-${s} - ln -s ssl-${s} ${d}/openssl-${s} - done - done - [[ -n $(find -L ${d} -type l) ]] && die "broken manpage links found :(" - - dodir /etc/sandbox.d #254521 - echo 'SANDBOX_PREDICT="/dev/crypto"' > "${ED}"/etc/sandbox.d/10openssl - - diropts -m0700 - keepdir ${SSL_CNF_DIR}/private -} - -pkg_preinst() { - has_version ${CATEGORY}/${PN}:0.9.8 && return 0 - preserve_old_lib /usr/$(get_libdir)/lib{crypto,ssl}.so.0.9.8 -} - -pkg_postinst() { - ebegin "Running 'c_rehash ${EROOT%/}${SSL_CNF_DIR}/certs/' to rebuild hashes #333069" - c_rehash "${EROOT%/}${SSL_CNF_DIR}/certs" >/dev/null - eend $? - - has_version ${CATEGORY}/${PN}:0.9.8 && return 0 - preserve_old_lib_notify /usr/$(get_libdir)/lib{crypto,ssl}.so.0.9.8 -} diff --git a/sdk_container/src/third_party/portage-stable/dev-libs/openssl/openssl-1.0.1e.ebuild b/sdk_container/src/third_party/portage-stable/dev-libs/openssl/openssl-1.0.1e.ebuild deleted file mode 100644 index 0c4514a7e7..0000000000 --- a/sdk_container/src/third_party/portage-stable/dev-libs/openssl/openssl-1.0.1e.ebuild +++ /dev/null @@ -1,221 +0,0 @@ -# Copyright 1999-2013 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/dev-libs/openssl/openssl-1.0.1e.ebuild,v 1.4 2013/11/26 07:27:00 polynomial-c Exp $ - -EAPI="4" - -inherit eutils flag-o-matic toolchain-funcs multilib - -REV="1.7" -DESCRIPTION="full-strength general purpose cryptography library (including SSL v2/v3 and TLS v1)" -HOMEPAGE="http://www.openssl.org/" -SRC_URI="mirror://openssl/source/${P}.tar.gz - http://cvs.pld-linux.org/cgi-bin/cvsweb.cgi/packages/${PN}/${PN}-c_rehash.sh?rev=${REV} -> ${PN}-c_rehash.sh.${REV}" - -LICENSE="openssl" -SLOT="0" -KEYWORDS="ppc64" -IUSE="bindist gmp kerberos rfc3779 sse2 static-libs test vanilla zlib" - -# Have the sub-libs in RDEPEND with [static-libs] since, logically, -# our libssl.a depends on libz.a/etc... at runtime. -LIB_DEPEND="gmp? ( dev-libs/gmp[static-libs(+)] ) - zlib? ( sys-libs/zlib[static-libs(+)] ) - kerberos? ( app-crypt/mit-krb5 )" -# The blocks are temporary just to make sure people upgrade to a -# version that lack runtime version checking. We'll drop them in -# the future. -RDEPEND="static-libs? ( ${LIB_DEPEND} ) - !static-libs? ( ${LIB_DEPEND//\[static-libs(+)]} ) - ! "${WORKDIR}"/c_rehash || die #416717 -} - -src_prepare() { - # Make sure we only ever touch Makefile.org and avoid patching a file - # that gets blown away anyways by the Configure script in src_configure - rm -f Makefile - - if ! use vanilla ; then - epatch "${FILESDIR}"/${PN}-1.0.0a-ldflags.patch #327421 - epatch "${FILESDIR}"/${PN}-1.0.0d-windres.patch #373743 - epatch "${FILESDIR}"/${PN}-1.0.0h-pkg-config.patch - epatch "${FILESDIR}"/${PN}-1.0.1-parallel-build.patch - epatch "${FILESDIR}"/${PN}-1.0.1-x32.patch - epatch "${FILESDIR}"/${PN}-1.0.1e-ipv6.patch - epatch_user #332661 - fi - - # disable fips in the build - # make sure the man pages are suffixed #302165 - # don't bother building man pages if they're disabled - sed -i \ - -e '/DIRS/s: fips : :g' \ - -e '/^MANSUFFIX/s:=.*:=ssl:' \ - -e '/^MAKEDEPPROG/s:=.*:=$(CC):' \ - -e $(has noman FEATURES \ - && echo '/^install:/s:install_docs::' \ - || echo '/^MANDIR=/s:=.*:='${EPREFIX}'/usr/share/man:') \ - Makefile.org \ - || die - # show the actual commands in the log - sed -i '/^SET_X/s:=.*:=set -x:' Makefile.shared - - # allow openssl to be cross-compiled - cp "${FILESDIR}"/gentoo.config-1.0.1 gentoo.config || die - chmod a+rx gentoo.config - - append-flags -fno-strict-aliasing - append-flags $(test-flags-CC -Wa,--noexecstack) - - sed -i '1s,^:$,#!'${EPREFIX}'/usr/bin/perl,' Configure #141906 - ./config --test-sanity || die "I AM NOT SANE" -} - -src_configure() { - unset APPS #197996 - unset SCRIPTS #312551 - unset CROSS_COMPILE #311473 - - tc-export CC AR RANLIB RC - - # Clean out patent-or-otherwise-encumbered code - # Camellia: Royalty Free http://en.wikipedia.org/wiki/Camellia_(cipher) - # IDEA: Expired http://en.wikipedia.org/wiki/International_Data_Encryption_Algorithm - # EC: ????????? ??/??/2015 http://en.wikipedia.org/wiki/Elliptic_Curve_Cryptography - # MDC2: Expired http://en.wikipedia.org/wiki/MDC-2 - # RC5: 5,724,428 03/03/2015 http://en.wikipedia.org/wiki/RC5 - - use_ssl() { usex $1 "enable-${2:-$1}" "no-${2:-$1}" " ${*:3}" ; } - echoit() { echo "$@" ; "$@" ; } - - local krb5=$(has_version app-crypt/mit-krb5 && echo "MIT" || echo "Heimdal") - - local sslout=$(./gentoo.config) - einfo "Use configuration ${sslout:-(openssl knows best)}" - local config="Configure" - [[ -z ${sslout} ]] && config="config" - echoit \ - ./${config} \ - ${sslout} \ - $(use sse2 || echo "no-sse2") \ - enable-camellia \ - $(use_ssl !bindist ec) \ - enable-idea \ - enable-mdc2 \ - $(use_ssl !bindist rc5) \ - enable-tlsext \ - $(use_ssl gmp gmp -lgmp) \ - $(use_ssl kerberos krb5 --with-krb5-flavor=${krb5}) \ - $(use_ssl rfc3779) \ - $(use_ssl zlib) \ - --prefix="${EPREFIX}"/usr \ - --openssldir="${EPREFIX}"${SSL_CNF_DIR} \ - --libdir=$(get_libdir) \ - shared threads \ - || die - - # Clean out hardcoded flags that openssl uses - local CFLAG=$(grep ^CFLAG= Makefile | LC_ALL=C sed \ - -e 's:^CFLAG=::' \ - -e 's:-fomit-frame-pointer ::g' \ - -e 's:-O[0-9] ::g' \ - -e 's:-march=[-a-z0-9]* ::g' \ - -e 's:-mcpu=[-a-z0-9]* ::g' \ - -e 's:-m[a-z0-9]* ::g' \ - ) - sed -i \ - -e "/^CFLAG/s|=.*|=${CFLAG} ${CFLAGS}|" \ - -e "/^SHARED_LDFLAGS=/s|$| ${LDFLAGS}|" \ - Makefile || die -} - -src_compile() { - # depend is needed to use $confopts; it also doesn't matter - # that it's -j1 as the code itself serializes subdirs - emake -j1 depend - emake all - # rehash is needed to prep the certs/ dir; do this - # separately to avoid parallel build issues. - emake rehash -} - -src_test() { - emake -j1 test -} - -src_install() { - emake INSTALL_PREFIX="${D}" install - dobin "${WORKDIR}"/c_rehash #333117 - dodoc CHANGES* FAQ NEWS README doc/*.txt doc/c-indentation.el - dohtml -r doc/* - use rfc3779 && dodoc engines/ccgost/README.gost - - # This is crappy in that the static archives are still built even - # when USE=static-libs. But this is due to a failing in the openssl - # build system: the static archives are built as PIC all the time. - # Only way around this would be to manually configure+compile openssl - # twice; once with shared lib support enabled and once without. - use static-libs || rm -f "${ED}"/usr/lib*/lib*.a - - # create the certs directory - dodir ${SSL_CNF_DIR}/certs - cp -RP certs/* "${ED}"${SSL_CNF_DIR}/certs/ || die - rm -r "${ED}"${SSL_CNF_DIR}/certs/{demo,expired} - - # Namespace openssl programs to prevent conflicts with other man pages - cd "${ED}"/usr/share/man - local m d s - for m in $(find . -type f | xargs grep -L '#include') ; do - d=${m%/*} ; d=${d#./} ; m=${m##*/} - [[ ${m} == openssl.1* ]] && continue - [[ -n $(find -L ${d} -type l) ]] && die "erp, broken links already!" - mv ${d}/{,ssl-}${m} - # fix up references to renamed man pages - sed -i '/^[.]SH "SEE ALSO"/,/^[.]/s:\([^(, ]*(1)\):ssl-\1:g' ${d}/ssl-${m} - ln -s ssl-${m} ${d}/openssl-${m} - # locate any symlinks that point to this man page ... we assume - # that any broken links are due to the above renaming - for s in $(find -L ${d} -type l) ; do - s=${s##*/} - rm -f ${d}/${s} - ln -s ssl-${m} ${d}/ssl-${s} - ln -s ssl-${s} ${d}/openssl-${s} - done - done - [[ -n $(find -L ${d} -type l) ]] && die "broken manpage links found :(" - - dodir /etc/sandbox.d #254521 - echo 'SANDBOX_PREDICT="/dev/crypto"' > "${ED}"/etc/sandbox.d/10openssl - - diropts -m0700 - keepdir ${SSL_CNF_DIR}/private -} - -pkg_preinst() { - has_version ${CATEGORY}/${PN}:0.9.8 && return 0 - preserve_old_lib /usr/$(get_libdir)/lib{crypto,ssl}.so.0.9.8 -} - -pkg_postinst() { - ebegin "Running 'c_rehash ${EROOT%/}${SSL_CNF_DIR}/certs/' to rebuild hashes #333069" - c_rehash "${EROOT%/}${SSL_CNF_DIR}/certs" >/dev/null - eend $? - - has_version ${CATEGORY}/${PN}:0.9.8 && return 0 - preserve_old_lib_notify /usr/$(get_libdir)/lib{crypto,ssl}.so.0.9.8 -} diff --git a/sdk_container/src/third_party/portage-stable/dev-libs/openssl/openssl-1.0.1e-r2.ebuild b/sdk_container/src/third_party/portage-stable/dev-libs/openssl/openssl-1.0.2_beta1.ebuild similarity index 92% rename from sdk_container/src/third_party/portage-stable/dev-libs/openssl/openssl-1.0.1e-r2.ebuild rename to sdk_container/src/third_party/portage-stable/dev-libs/openssl/openssl-1.0.2_beta1.ebuild index 108b1db0fa..af4b3dc3ce 100644 --- a/sdk_container/src/third_party/portage-stable/dev-libs/openssl/openssl-1.0.1e-r2.ebuild +++ b/sdk_container/src/third_party/portage-stable/dev-libs/openssl/openssl-1.0.2_beta1.ebuild @@ -1,20 +1,21 @@ -# Copyright 1999-2013 Gentoo Foundation +# Copyright 1999-2014 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/dev-libs/openssl/openssl-1.0.1e-r2.ebuild,v 1.1 2013/10/23 16:10:35 vapier Exp $ +# $Header: /var/cvsroot/gentoo-x86/dev-libs/openssl/openssl-1.0.2_beta1.ebuild,v 1.2 2014/03/21 19:12:26 polynomial-c Exp $ EAPI="4" inherit eutils flag-o-matic toolchain-funcs multilib REV="1.7" +MY_P=${P/_/-} DESCRIPTION="full-strength general purpose cryptography library (including SSL and TLS)" HOMEPAGE="http://www.openssl.org/" -SRC_URI="mirror://openssl/source/${P}.tar.gz +SRC_URI="mirror://openssl/source/${MY_P}.tar.gz http://cvs.pld-linux.org/cgi-bin/cvsweb.cgi/packages/${PN}/${PN}-c_rehash.sh?rev=${REV} -> ${PN}-c_rehash.sh.${REV}" LICENSE="openssl" SLOT="0" -KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~arm-linux ~x86-linux" +#KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~arm-linux ~x86-linux" IUSE="bindist gmp kerberos rfc3779 sse2 static-libs test +tls-heartbeat vanilla zlib" # Have the sub-libs in RDEPEND with [static-libs] since, logically, @@ -35,8 +36,10 @@ DEPEND="${RDEPEND} test? ( sys-devel/bc )" PDEPEND="app-misc/ca-certificates" +S="${WORKDIR}/${MY_P}" + src_unpack() { - unpack ${P}.tar.gz + unpack ${MY_P}.tar.gz SSL_CNF_DIR="/etc/ssl" sed \ -e "/^DIR=/s:=.*:=${EPREFIX}${SSL_CNF_DIR}:" \ @@ -54,12 +57,11 @@ src_prepare() { epatch "${FILESDIR}"/${PN}-1.0.0a-ldflags.patch #327421 epatch "${FILESDIR}"/${PN}-1.0.0d-windres.patch #373743 epatch "${FILESDIR}"/${PN}-1.0.0h-pkg-config.patch - epatch "${FILESDIR}"/${PN}-1.0.1-parallel-build.patch - epatch "${FILESDIR}"/${PN}-1.0.1-x32.patch - epatch "${FILESDIR}"/${PN}-1.0.1e-ipv6.patch - epatch "${FILESDIR}"/${P}-bad-mac-aes-ni.patch #463444 - epatch "${FILESDIR}"/${PN}-1.0.1e-perl-5.18.patch #483820 + epatch "${FILESDIR}"/${PN}-1.0.2-parallel-build.patch + epatch "${FILESDIR}"/${PN}-1.0.2-ipv6.patch + epatch "${FILESDIR}"/${PN}-1.0.2_beta1-perl-5.18.patch #497286 epatch "${FILESDIR}"/${PN}-1.0.1e-s_client-verify.patch #472584 + epatch "${FILESDIR}"/${PN}-1.0.1f-revert-alpha-perl-generation.patch #499086 epatch_user #332661 fi diff --git a/sdk_container/src/third_party/portage-stable/net-misc/openssh/ChangeLog b/sdk_container/src/third_party/portage-stable/net-misc/openssh/ChangeLog index 4c49194790..2338d820b9 100644 --- a/sdk_container/src/third_party/portage-stable/net-misc/openssh/ChangeLog +++ b/sdk_container/src/third_party/portage-stable/net-misc/openssh/ChangeLog @@ -1,6 +1,239 @@ # ChangeLog for net-misc/openssh -# Copyright 1999-2013 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/net-misc/openssh/ChangeLog,v 1.466 2013/02/21 05:30:13 zmedico Exp $ +# Copyright 1999-2014 Gentoo Foundation; Distributed under the GPL v2 +# $Header: /var/cvsroot/gentoo-x86/net-misc/openssh/ChangeLog,v 1.519 2014/03/23 09:55:55 ago Exp $ + + 23 Mar 2014; Agostino Sarubbo -openssh-5.9_p1-r4.ebuild, + -openssh-6.0_p1-r1.ebuild, -openssh-6.1_p1-r1.ebuild, + -openssh-6.2_p2-r5.ebuild, -openssh-6.3_p1-r1.ebuild, + -openssh-6.4_p1-r1.ebuild: + Remove old + + 23 Mar 2014; Agostino Sarubbo openssh-6.6_p1-r1.ebuild: + Stable for alpha, wrt bug #505066 + + 23 Mar 2014; Agostino Sarubbo openssh-6.6_p1-r1.ebuild: + Stable for sparc, wrt bug #505066 + + 23 Mar 2014; Agostino Sarubbo openssh-6.6_p1-r1.ebuild: + Stable for ppc64, wrt bug #505066 + + 23 Mar 2014; Agostino Sarubbo openssh-6.6_p1-r1.ebuild: + Stable for ppc, wrt bug #505066 + + 22 Mar 2014; Markus Meier openssh-6.6_p1-r1.ebuild: + arm stable, bug #505066 + + 22 Mar 2014; Jeroen Roovers openssh-6.6_p1-r1.ebuild: + Stable for HPPA (bug #505066). + + 21 Mar 2014; Mike Frysinger openssh-6.6_p1-r1.ebuild: + Also disable -ftrapv flag in configure.ac #505182 by Jeroen Roovers. + + 21 Mar 2014; Mike Frysinger openssh-6.6_p1-r1.ebuild: + Disable -ftrapv flag on hppa until gcc ICEs get sorted out #505182 by Jeroen + Roovers. + + 20 Mar 2014; Mike Frysinger openssh-6.6_p1-r1.ebuild: + Mark arm64/ia64/m68k/s390/sh stable #505066. + +*openssh-6.6_p1-r1 (20 Mar 2014) + + 20 Mar 2014; Lars Wendler -openssh-6.6_p1.ebuild, + +openssh-6.6_p1-r1.ebuild: + Fixed hpn patch to not add a false patch level to ssh's version string + (6.6p2). Committed straight to stable where -r0 was stable. + + 20 Mar 2014; Agostino Sarubbo openssh-6.6_p1.ebuild: + Stable for x86, wrt bug #505066 + + 20 Mar 2014; Agostino Sarubbo openssh-6.6_p1.ebuild: + Stable for amd64, wrt bug #505066 + + 20 Mar 2014; Mike Frysinger + files/openssh-6.6_p1-openssl-ignore-status.patch: + link in upstream bug url + + 20 Mar 2014; Mike Frysinger + +files/openssh-6.6_p1-openssl-ignore-status.patch, openssh-6.6_p1.ebuild: + Fix openssl version check to accept dev/beta/release versions. + +*openssh-6.6_p1 (19 Mar 2014) + + 19 Mar 2014; Mike Frysinger + +files/openssh-6.6_p1-x509-glue.patch, + +files/openssh-6.6_p1-x509-hpn14v4-glue-p2.patch, +openssh-6.6_p1.ebuild, + -files/openssh-6.5_p1-x509-glue.patch, + -files/openssh-6.5_p1-x509-hpn14v4-glue-p2.patch, -openssh-6.5_p1-r1.ebuild: + Version bump. + + 14 Mar 2014; Mike Frysinger + files/openssh-6.5_p1-hpn-cipher-align.patch: + Fix build on 32bit systems #504616 by Toralf Förster. + +*openssh-6.5_p1-r1 (14 Mar 2014) + + 14 Mar 2014; Mike Frysinger + +files/openssh-6.5_p1-hpn-cipher-align.patch, +openssh-6.5_p1-r1.ebuild, + -openssh-6.5_p1.ebuild: + Avoid unaligned loads/stores in USE=hpn cipher code #498632 by Bruno. + +*openssh-6.5_p1 (14 Mar 2014) + + 14 Mar 2014; Mike Frysinger + +files/openssh-6.5_p1-x509-glue.patch, + +files/openssh-6.5_p1-x509-hpn14v4-glue-p2.patch, +openssh-6.5_p1.ebuild: + Version bump #499962 by Lars Wendler. + + 14 Feb 2014; Akinori Hattori openssh-6.4_p1-r1.ebuild: + ia64 stable wrt bug #477894 + + 01 Feb 2014; Raúl Porcel openssh-6.4_p1-r1.ebuild: + Stable on sparc after p.use.masking hpn, bug #499552 + + 31 Jan 2014; Raúl Porcel openssh-6.4_p1-r1.ebuild: + Move to -sparc, bug #499552 + + 26 Jan 2014; Agostino Sarubbo openssh-6.4_p1-r1.ebuild: + Stable for sparc, wrt bug #477894 + + 23 Jan 2014; Joseph Jezak openssh-6.4_p1-r1.ebuild: + Marked ppc/ppc64 stable for bug #477894. + + 18 Jan 2014; Mike Frysinger openssh-6.4_p1-r1.ebuild: + Add arm64 love. + + 16 Jan 2014; Mike Frysinger openssh-6.4_p1-r1.ebuild: + Mark m68k/s390/sh stable. + + 02 Jan 2014; Lars Wendler openssh-6.4_p1-r1.ebuild: + amd64 stable (bug #477894). + + 25 Dec 2013; Markus Meier openssh-6.4_p1-r1.ebuild: + arm stable, bug #477894 + + 24 Dec 2013; Agostino Sarubbo openssh-6.4_p1-r1.ebuild: + Stable for x86, wrt bug #477894 + + 11 Dec 2013; Jeroen Roovers openssh-6.4_p1-r1.ebuild: + Stable for HPPA (bug #477894). + + 11 Dec 2013; Tim Harder openssh-5.9_p1-r4.ebuild, + openssh-6.0_p1-r1.ebuild, openssh-6.1_p1-r1.ebuild, openssh-6.2_p2-r5.ebuild, + openssh-6.3_p1-r1.ebuild, openssh-6.4_p1-r1.ebuild: + Make sure ldap support is truly enabled before installing the openldap + schema. + + 09 Nov 2013; Tim Harder -openssh-6.4_p1.ebuild: + Remove insecure version due to improperly using the 6.3_p1 tarball. + +*openssh-6.4_p1-r1 (09 Nov 2013) + + 09 Nov 2013; Tim Harder +openssh-6.4_p1-r1.ebuild, + +files/openssh-6.4_p1-x509-glue.patch: + Update x509 patch. + +*openssh-6.4_p1 (09 Nov 2013) + + 09 Nov 2013; Robin H. Johnson +openssh-6.4_p1.ebuild: + Add real OpenSSH-6.4p1 release (nearly identical to 6.3, just with the AES-GCM + fix). + + 08 Nov 2013; Tim Harder -openssh-6.2_p2-r3.ebuild, + -openssh-6.2_p2-r4.ebuild: + Remove insecure versions. + +*openssh-6.2_p2-r5 (08 Nov 2013) + + 08 Nov 2013; Tim Harder +openssh-6.2_p2-r5.ebuild: + Apply AES-GCM cipher patch for the 6.2 series (bug #490728). + + 08 Nov 2013; Tim Harder -openssh-6.3_p1.ebuild: + Remove insecure version. + +*openssh-6.3_p1-r1 (08 Nov 2013) + + 08 Nov 2013; Tim Harder +openssh-6.3_p1-r1.ebuild, + +files/openssh-6.3_p1-aes-gcm.patch: + Apply patch to fix a memory corruption vulnerability with the AES-GCM cipher + (bug #490728). + +*openssh-6.3_p1 (05 Nov 2013) + + 05 Nov 2013; Tim Harder +openssh-6.3_p1.ebuild, + +files/openssh-6.3_p1-x509-glue.patch, + +files/openssh-6.3_p1-x509-hpn14v2-glue.patch: + Version bump (bug #488482). + +*openssh-6.2_p2-r4 (15 Aug 2013) + + 15 Aug 2013; Tim Harder +openssh-6.2_p2-r4.ebuild, + +files/openssh-6.2_p2-x509-hpn14v1-glue.patch: + Update to hpn14v1 patch that fixes the multi-threaded AES-CTR cipher when the + process forks to the background or when using the rlimit sandbox. + +*openssh-6.2_p2-r3 (21 Jul 2013) + + 21 Jul 2013; Tim Harder -openssh-6.2_p2-r2.ebuild, + +openssh-6.2_p2-r3.ebuild: + Fix hpn support when pseudo-tty allocation is disabled (bug #477506). + + 18 Jul 2013; Tim Harder -openssh-6.0_p1.ebuild, + -openssh-6.1_p1.ebuild, -openssh-6.2_p2.ebuild, -openssh-6.2_p2-r1.ebuild, + -files/openssh-5.2_p1-autoconf.patch, -files/openssh-5.2_p1-gsskex-fix.patch, + -files/openssh-5.2_p1-x509-hpn-glue.patch, + -files/openssh-5.6_p1-x509-hpn-glue.patch, + -files/openssh-5.7_p1-x509-hpn-glue.patch, + -files/openssh-5.8_p1-selinux.patch: + Remove old. + +*openssh-6.2_p2-r2 (18 Jul 2013) + + 18 Jul 2013; Tim Harder +openssh-6.2_p2-r2.ebuild: + Fix xauth path (bug #477304 by Tobias Klausmann) and move into ~arch. + + 27 Jun 2013; Tim Harder Manifest: + Update ldap patch to fix segfault issue. + +*openssh-6.2_p2-r1 (27 Jun 2013) + + 27 Jun 2013; Tim Harder +openssh-6.2_p2-r1.ebuild: + Revision bump, add ldap and hpn support. + +*openssh-6.2_p2 (24 Jun 2013) + + 24 Jun 2013; Mike Frysinger + +files/openssh-6.2_p2-x509-glue.patch, + +files/openssh-6.2_p2-x509-hpn-glue.patch, +openssh-6.2_p2.ebuild, + -files/openssh-6.2_p1-x509-glue.patch, + -files/openssh-6.2_p1-x509-hpn-glue.patch, -openssh-6.2_p1.ebuild: + Version bump #470222 by Jason A. Donenfeld. + + 23 Jun 2013; Mike Frysinger openssh-6.2_p1.ebuild: + Move into ~arch w/hpn disabled as it randomly hangs. + + 19 Jun 2013; Mike Frysinger openssh-5.9_p1-r4.ebuild, + openssh-6.0_p1-r1.ebuild, openssh-6.1_p1-r1.ebuild, openssh-6.2_p1.ebuild: + Call epatch_user #473004 by Jan Pobrislo. + + 09 Jun 2013; Mike Frysinger metadata.xml: + Add upstream CPE tag (security info) from ChromiumOS. + + 24 Apr 2013; Mike Frysinger files/sshd.rc6.4: + Use new -A flag with ssh-keygen to take care of generating all the right keys + #457026 by Mike Gilbert. + + 04 Apr 2013; Mike Gilbert files/sshd.service: + Add ExecStartPre=/usr/bin/ssh-keygen -A to sshd.service. Bug 457026. + + 30 Mar 2013; Tim Harder openssh-6.2_p1.ebuild, + +files/openssh-6.2_p1-x509-glue.patch, + +files/openssh-6.2_p1-x509-hpn-glue.patch: + Update glue patches for X509 support. + +*openssh-6.2_p1 (24 Mar 2013) + + 24 Mar 2013; Mike Frysinger +openssh-6.2_p1.ebuild: + Initial version. Needs ldap, and a little more testing w/custom hpn patch. 21 Feb 2013; Zac Medico openssh-6.1_p1-r1.ebuild: Fix for prefix and add ~arm-linux + ~x86-linux keywords. diff --git a/sdk_container/src/third_party/portage-stable/net-misc/openssh/Manifest b/sdk_container/src/third_party/portage-stable/net-misc/openssh/Manifest index 39406faf12..a777fcc65c 100644 --- a/sdk_container/src/third_party/portage-stable/net-misc/openssh/Manifest +++ b/sdk_container/src/third_party/portage-stable/net-misc/openssh/Manifest @@ -2,15 +2,9 @@ Hash: SHA256 AUX openssh-4.7_p1-GSSAPI-dns.patch 4494 SHA256 88a08f349258d4be5b2faa838a89fe1aa0196502990b745ac0e3a70dda30a0d7 SHA512 4d00a9ed79f66b92502c3e5ee580523f63d7b3643fe1bd330ff97994acce527d4d285d38199cef66eddc0ef68afabf7b268abc60cba871bac5d2e99045d4ac11 WHIRLPOOL 2f118fd2f016c529dbc31e8f2b6b418931e6770ab02c28b7feeaba93e84e7fcd1c742f4420a43a9fec0bdfaa4d4bc7cf14fb860c0a56c68a30e7b136fb60bcdb -AUX openssh-5.2_p1-autoconf.patch 386 SHA256 42bb5f23f02241186abd6158ac15cd1fba0fadb4bd79e6b051fbd05605419ebb SHA512 80a2244e243492d3933646a32fa673078efd72d0e87939b326c2210f23d72675839cfefa2f31617279d51834cc34daf2c3c189c9d92b08875b6b4f68fa7f3844 WHIRLPOOL d4ca3dd8554863d074054489a2dbe5aca3d07fcc5858e908caa5d76dcf8beb661cc3ca6d22a02ab2ca9f504160a6a1acc7f45a4fa775d879b02ee1ae3d113926 -AUX openssh-5.2_p1-gsskex-fix.patch 408 SHA256 8190db31ed2e8dc6ce79030e5c648d04610b06dd8366df5948ef6e990314ee96 SHA512 2022cd25b3e07430752569e07165db313e49a0902ef251df3e50ca96197849be6efbdee360a3a435cae0b5d2dda55acc8676b232d3584f87e204c2fc04b92801 WHIRLPOOL 65da9f3450493ca9a25741e66b2ecf97d7a5576c15485ff3a7c08fc57b06a17b3b6e73b14d2962bf958d9326a6d54c2940f56eb42de4bd5011324bba84c67cca -AUX openssh-5.2_p1-x509-hpn-glue.patch 2851 SHA256 a21336a892b61e29a556d16e9f0a67ee08ad04dd61e3963a201fdf032ce55f75 SHA512 417617acba409539cd2edd59e7640fe732f90265f70d7f4cd91c8b059d44c9c1be63cf336ee3a39a45f1a066bc577e261836b8113296535b9320d77fed3a05bf WHIRLPOOL 901fd8e0ceafd27bd5fdca9007b82842dce2b5aee11c069d0f0229c4568886f0df861c80eb5b3a754a0af795ebb9c78a78a3e76002f17bdbf8349923439deecf AUX openssh-5.2p1-ldap-stdargs.diff 252 SHA256 97281375efa33e9ce70a55bfa95b6b426208175e7e3ff493012bc25d9b012f45 SHA512 2577b1476211f563bf8a7e62c2341e35cff7208a04b7a3fb1d331721e58f395cdef1ce2ac735b95c31781e06e16ec27c6692df09928393248c971837a1e03079 WHIRLPOOL df65dd54dd12be39fb4b830536f86aef97c086b227de1d87d56788bf8bce39a345da0ed814dd53abdaa5d158c99f0b87cb8510812d10c353a3b8a82493b210af AUX openssh-5.4_p1-openssl.patch 255 SHA256 f83627039491e9969f1ed5d77fe816465ce75809e8c2f2bfb07012bc21384347 SHA512 8cfd757dbe79ee502c10c5d518730f4e790bd61753120bb168d545dfc702a7a55c274fd9c81d2798ec78cba30f173aaf0bee1f15bb23f9f465c3524a5c81ca2d WHIRLPOOL 852f3e9dc6cd05934b52effa03961a0d989734a28649eb199e1f260d4e8129dffed378d8efdbd40a5f520362fe8fa404a744724135caa39f48e876849cf2350b AUX openssh-5.6_p1-hpn-progressmeter.patch 334 SHA256 eaa98f954934364a1994111f5a422d0730b6e224822cef03efe6d6fc0c7f056f SHA512 46eb5253549ddca045e67841daa092a8a33a6ae4411e75c301589f0a88159c6d2ccfe45c2f0502314465b93ac6f1965264a9b92b13e0e88d4ff15ced5f4ebfeb WHIRLPOOL 72b05e4243e746fc315468ac1dc8988b92919dbd147470855b8753e0ae37ad3696de6c9ec29346596aee2d60acbbcce79cea5735b9a91b3452a4b4f3f69d3012 -AUX openssh-5.6_p1-x509-hpn-glue.patch 1974 SHA256 164db7af08e0565821d6d609b1beadab39777521bfff143a83acc1e097ad60f1 SHA512 a764d8411f0b7c49d6f51b25153c18648d58dfbc82897903bad826293f3497010ab0343e4a4cc81b37e51c3a28ec04cd5be7c8882126295ba2b38e734e262995 WHIRLPOOL 4a8151dde306eace1404b8e83dc2514cb8f073acb6c759b9a2a9e619181951873afad785f565861f6d1031d9314f8d450faef63629dfd5f1b0074cb78b059578 -AUX openssh-5.7_p1-x509-hpn-glue.patch 1888 SHA256 30f63dea0e810d92790ddaf9813f0b8dec1e827a39e1752faff6bb41382f3c1b SHA512 db839f3cf3c67ef28290551810dc5c8937d1ef401f48ed937165b57191e75944adb25ab36cbf30289f7fc0076ec192c030e40fb5a744c63932b414e49b99946a WHIRLPOOL 2e539c49ef613e2a9912011ac289036381f8fd8d8ff5f2e0088dd3443a1c7fd86c3efe2b2041736bf67b73c8b4b298208de183945dc68c73ad6f35c41fb8a619 -AUX openssh-5.8_p1-selinux.patch 433 SHA256 0de250c75f4dae78406e5151f563bd104b8e7792a825515510e095fb47462cfd SHA512 e6c89eb26b4bc651503ab81d346e780fdec3056302c5e2d8a6be5892fa514f83093370c463aae88091dc20d30013fd32250e040649147797bcca69ddc7d05ae3 WHIRLPOOL f72ccd773b9ff7a897940afddcb38ba9512e0830c33a2381886d2698e0ae0c6a7db9678326945bdf6769acc21d3e4bf8a196161114805d4570af2819e610df84 AUX openssh-5.8_p1-x509-hpn-glue.patch 1907 SHA256 7ab452c02b141645b764d404aa3de0754ab240a64601a6bb587919673f957682 SHA512 317c04fab93aaf82685e54335c876b2399623ef69428297c2e5934d45f69f0e78a89c79ad7bb186ef12a779ebf0f088ca142d6a426baeb32b166ceca8098572d WHIRLPOOL 34fdef826750070d112dc6c1bf84de11ebfa646fb5cbfb9f76d13dab925cff94996ed51cfdcba4e0b536915883bb4728756b79db157c019ba951ee1a32c18fe3 AUX openssh-5.9_p1-drop-openssl-check.patch 848 SHA256 89b011e27548b9922deed63ed57a6c94ea8013bb3bfb4d6590ba43d284a2ab86 SHA512 bbcbb61b6fea194e7ee3862a5b462d48ce4cf4fec12cc8a8564fc5fc8f840dca2b4ddf301bf9d12bcbfd3922948023320ea660a8c194d57bf2b1e9d095fc8eb2 WHIRLPOOL dc8e140d2bfe59546b944236ebcc702cd4a19ed5c6ee24d590bb0d50221069666b3797cf1717e6090d12525b3310cd963537e4c2c413bb2692ec85dcb2d33b43 AUX openssh-5.9_p1-sshd-gssapi-multihomed.patch 6622 SHA256 f5ae8419023d9e5f64c4273e43d60664d0079b5888ed999496038f295852e0ae SHA512 ffa45e97e585c8624792e039e7571b2bb5f38e4554de8bfc1d532f3348fa4a712ea1b6ca054e6a59ed1321a15cf1a9d3bdf3f399cec315346db89bae77abf57d WHIRLPOOL cc4871e3fb91a8075a13b5e49d7d3e0e83106bae0820ae3cf19d3427aad3d701b8f25b2cc2cc881a6315f8e5114fb82da9ca335acccb24afe221d66574fb7685 @@ -22,6 +16,17 @@ AUX openssh-6.0_p1-x509-glue.patch 569 SHA256 8c9048a33036a93f56e254cfd53b183136 AUX openssh-6.0_p1-x509-hpn-glue.patch 1774 SHA256 b2dcff21652eea92d2ff2640a568070a944e7bfb2bd3217c433e6383a64b0970 SHA512 82793502b8c943f0bd69019ea1cf1172f9579dc6a8f6c91f6aba9a9d743384d5ac84f7a49df07165e252b4ef4fc06b745463bdc58d06da2aca3c7acbb3dd8623 WHIRLPOOL ffd01827dbf8162359cf7a278020f2bfa7ed1ee1051774522623bcf448ffc8a3e28ecff2de5733b352beef5722a9dec2e9bb25fabc7edca615a774f65f756246 AUX openssh-6.1_p1-x509-glue.patch 573 SHA256 e51aa53e9e0336606fc36af237d50338347b845ee56a66d01f86829c4b46feb6 SHA512 bac2971b6435433d6ac88fb127c178e678fe805f51260454d9d0b631ef52dbafc08343fb307a74a116691545a82f5369dc014e71a7c8c65ba41699b31e1dfb6f WHIRLPOOL dd514ce502f7c7968e8fa526b1b2f7d7945f2d5b5f1f013e54f7513a7c7bf6025dbdeabe566958018db8f7442c9611f7efd435501b4b965b0fe7594e24ee20fc AUX openssh-6.1_p1-x509-hpn-glue.patch 1491 SHA256 28c5000f7c8b23afc363d066cf96d39c00882274f227b7743b1e376df8b61a2e SHA512 0d6bab08cc400b81d936883bf39f5a461799874f6ea3dcf55c083372ed379bc0066b913646f7a0e32167079ba85409c272b258de179d55660739df4bbbf30e5b WHIRLPOOL dbfbf8eb0312ae119421e45efd8243b089ab2d3c2bc1f7b7cbd5b56f86844dfe42b27952e4ed88653679ec036f70b8edd3e00f17ae097241fbc88567bab38505 +AUX openssh-6.2_p2-x509-glue.patch 555 SHA256 e0aa2310ffd1c4e1bd6663d1e9420e42ce9fce0096ca263b63d6a8fe34de91c7 SHA512 002d67109b116abb465c06c0f6ca6e431654bfc924864ffe4563afe91fba723dc3c0c484032205cadd6da4dcbe6a79ad31c83d0d2018adb22d0940ba35f531d4 WHIRLPOOL 8484c826e7c9aad0bd6a2f1779fff798573786c5b264c4a98e1c88db5b8b107ca9b5f573d3f240b8ecfa7fdf2a87e41cd174263804d29007093ae246ce034237 +AUX openssh-6.2_p2-x509-hpn-glue.patch 1451 SHA256 4e61991619cef00a09951ceea68fdd5c3e9d947031d5dfef2e054d0254ef606c SHA512 37d15f3014c45804436b804489b8a7473189867c71e5d6cce8d666b1556cfd5b89ef8ed143b7d81ca5d61ff03e6485dd1a096e9571a49ac9ad2d3ca5a1963d20 WHIRLPOOL 8b79e621fc9dd28e40c8544235e5ca44eb98f5987bd8024e8ae25f99fbfe468c7995814bae7ca207cae83dbfd5cccfa37a19f07049e5555b65fd9cdf9f30bd8b +AUX openssh-6.2_p2-x509-hpn14v1-glue.patch 2613 SHA256 83c8d03cfd0f81cd2f7018ec85659d14e0c50f2de1da490e45699d1328eee5f2 SHA512 2f69a97334d3af4488e1e1a3e3d8d03cda38260595ddce0eee6b01d3cb818b513f21955d83636f0d5a0cb295be4ef303a941186d8a818c75d6cd2f0a08429ab9 WHIRLPOOL 7465382738c859007018f362acf0a3f771e2aca5207f0f55c9e4ee053d303f08d7d29a79da286f9f19891c88e490eaba24a23027605922dba3b53b9d7034f5f5 +AUX openssh-6.3_p1-aes-gcm.patch 367 SHA256 11e57d0b1e0de81b3bef67a026fb6e278807d9922feee2844482387c22dd6ac3 SHA512 a6e5b4a25db7a5ffc790c66180489ed3fd0926a982a6a1d6b3284ba841b61351b26d5c636163a1b6f551467c363695e4cac884845eecb5734aba2a4ab9a43197 WHIRLPOOL cba8c9a40d85848b2ced73b040e85bc37e52af752589e536ff5eedcb7a983492b7be31ef55791f629ac25777d4fa2a41542c78d800f32475ab44d14d26d15b9d +AUX openssh-6.3_p1-x509-glue.patch 555 SHA256 1166dba2fe590dfee70119ce6dd79f535d7146d0afb8d36bf7a28505ba93a273 SHA512 1a3c2467215dde959fecdd563069d605f29632a7ffc385039a6fc90b2317ca56d463d0abb91a8bb594d321f64456f75a973bb62625deebe92f8787439416b82d WHIRLPOOL f894d19843a3c018efbe3ed365c8abbee52b1d7a3afea11b292a085996fef8d3cc9889a0e6ae596d4db876ed96efcb73d1823a677eac6779f8793c2fb3677cda +AUX openssh-6.3_p1-x509-hpn14v2-glue.patch 1451 SHA256 d7179b3c16edd065977aaf56a410e2b9b237206fb619474f312972b430b73c8d SHA512 02577e3f718ff994bb4e962189f17048b4c03104d0a1981683f3c6a1d6d30701db368e132102c8396da2c0f5eb2f6602b26f32f74d19382af34bd9a93fc508f3 WHIRLPOOL b7d224d71634f380bd31b3a1dd3e588a29582255f717a6a308738ad58b485b693d827a53704479995ec2ebca53c9dc9b2113d8de52a1336b67ce83943f946b77 +AUX openssh-6.4_p1-x509-glue.patch 1445 SHA256 cf18f17b12514692a4e33d5fb995f5ba1bc1ea258c80babb38516d8def7d0bc3 SHA512 e5c51fd639e95ca9c7820974684117861cc58cf5172c7c44deaaca106c1e91a931421720cb210652aef30ffa41bc96efe04dbedf996120b40143080fc6b2b47d WHIRLPOOL 7c7065a22cc6237a927e6d6c0f7b4bfa7b57e32ffd8b3d70ed9e70b9a882a95ce40478873374460a6173cc5a33c22ddfbbded783568049f1b4fccb5f5253d4bf +AUX openssh-6.5_p1-hpn-cipher-align.patch 3024 SHA256 c79e3a201b2150e2fbc1e869233bac6acc27b2b126d4539cc09aa651fb2e60af SHA512 6efc2fa5f0e9b508e162bf20ab21d2c639888250387fa58ec0d812c7b1db125d8c654a0286a8ffc0d5530e5f0ec0ed723f3a5c0b7bd593b356aee2e811a1f4ec WHIRLPOOL 729c14b8d6f55d789ae2ea0e9cb2e0a4caba62dffced273de5c7254732e94673c1dc2d9e260d56e3a641e03ebab55d61c8ab7541fbf75957855b811def115677 +AUX openssh-6.6_p1-openssl-ignore-status.patch 741 SHA256 604b0a5365c1b01c9ab26bf1a60acfe43246e1e44e2f0e78d7ec1e47856599e4 SHA512 578afe9ddb836d16d90eb8b0cf10e9282d9c5c5e639962034490cec0aab1bf98cae9b46fe7850446d0cdd93e848d98ca7ed0bdf2bfec6aad418f4c962d4ea08d WHIRLPOOL d30c079eee59281aa87935ad948c59a4c01f858b88d701575d58737cfe555a5229a5f921bfebe34a69dcd15d2dc5efc062050d183ad5a90180aed4e5b3cdadf4 +AUX openssh-6.6_p1-x509-glue.patch 556 SHA256 b37b83b058ff9fb25742d202e0169afc204f135012624bb2811dcacfa9fb346b SHA512 e9535477fe4b0232d2a06edb9f73d8c50baa77ddcffd166624ea8352f298ad119622347c62c1d1e555318e9e6c7d981d2e9b03c388281b6347943861e8813aea WHIRLPOOL 4f01d975e598ce0fe2160e52dbd8251fd5cdf95880d1ef09b730457620f48038156d4bf21c0810978bfc65c9feb90cdfed97aa20018bc175759096dcd3a044d0 +AUX openssh-6.6_p1-x509-hpn14v4-glue-p2.patch 999 SHA256 748f7caa953028da111d6f18ba91652a4821bc9bca60f5d4a90a6501c0098853 SHA512 d1b3790fc164c803e81c803b9e19e0bc351d2b9f353edb1d3531139898b372731b46fab5974a084830b2bab889b06fa33ce23b7d941f7d61da073c1bbfc5ff51 WHIRLPOOL c1d674b8e1cdc48dd0d8b2e7c8bf8e68cec757578f1217555e37eda8723e83e93b2ce183462499ad2165723eca2350544f810a1d6ec95ce4537a527f7918f117 AUX sshd.confd 396 SHA256 29c6d57ac3ec6018cadc6ba6cd9b90c9ed46e20049b970fdcc68ee2481a2ee41 SHA512 b9ae816af54a55e134a9307e376f05367b815f1b3fd545c2a2c312d18aedcf907f413e8bad8db980cdd9aad4011a72a79e1e94594f69500939a9cb46287f2f81 WHIRLPOOL 69f43e6192e009a4663d130f7e40ee8b13c6eb9cc7d960b5e0e22f5d477649c88806a9d219efef211f4346582c2bb51e40d230a8191e5953dbe08bfff976ae53 AUX sshd.pam 294 SHA256 f01cc51c624b21a815fb6c0be35edc590e2e6f8a5ffbdcabc220a9630517972f SHA512 3268dc826978fbb205968744d83c6f1c838c9c73bf9c4ceee709c5b4168b4aaf06bcde47a32808571fa71cbc5a6bfdb98406995b2b28c9e633ce392a53932d64 WHIRLPOOL fff8966d66d75cd4d70607585b5de063f225a776b73b8b0f8146c5eed6c8ffd2ca38c46f86fa4e2ca8caafcde7797a3f0b177e60baa6fa0642064080883fa68a AUX sshd.pam_include.2 156 SHA256 166136e27d653e0bf481a6ca79fecb7d9fa2fc3d597d041f97df595f65a8193c SHA512 d3f7e6ca8c9f2b5060ebccb259316bb59c9a7e158e8ef9466765a20db263a4043a590811f1a3ab072b718dbd70898bc69b77e0b19603d7f394b5ac1bd0a4a56c WHIRLPOOL ba7a0a8c3bb39c5fda69de34b822a19696398e0a8789211ac1faae787ee34f9639eb35efe29c67f874b5f9fe674742503e570f441c005974f4a0c93468b8970b @@ -29,34 +34,31 @@ AUX sshd.rc6 2189 SHA256 627125378ccfdd81289531f527346980da249d35499cb71518f88f1 AUX sshd.rc6.1 2270 SHA256 153119116208d328c496d29b7cb9f85991df93020cc50c83b05ed498b10a2126 SHA512 80f0e460ad7ffd9a6fb279ce2d307cbda1f7352745ffaca381867f636ae64df336a03de0da15aca39619acdbebf41e2ccbd2bb233433f93625754965aaaab780 WHIRLPOOL 6b7a4519282fe99fc36cd0f89f6163ad9c8c9d998b15e84d3758af607627db48cf58ffee1bc4291ac0e7f75455f8f8873cd5d996f3c75f1ea3bef0b249abdffe AUX sshd.rc6.2 2069 SHA256 94b1fc0d608464fd4a6c7ed23f0b9c44aada3404982d8fd25b8bfe202baffaa6 SHA512 f75f95e6cf912b8c45f7ccf81e764805a56057368b18425abe699b29c3c66d32ea5b2d1c9f6fadf97487430e703e01dc2d965e41b8511f31a3e06d3bcbbc1006 WHIRLPOOL b9082ba3854e1842e057717b9a1571ba5ac6bf69c5facb391b7a3d890b13f879d7ae1484eafbbffc17746c3a8184f23e4c3fa831f678eabdea7d23e2c0d1bf63 AUX sshd.rc6.3 2057 SHA256 43d95b495440ed6b3c1eb82b81712d7f6e58246527605c11d733cb5eb5523254 SHA512 3ddcdeae6c7f4755df1f8fe77d9d1af8c728f8cc18da0feaeccc4b8147f86b4db1ab1bf4ad362c31fac986270b21fe2c80e0414d64f70bfdac2370e22c2c9db2 WHIRLPOOL 57a18d85ab77abe64eddf852975481d974bd68b0b058d854a31158aed14b1706743ad563aa013c770aa124533fb5344bc64d0c06b564e1b53e28e1b0ebe463e8 -AUX sshd.rc6.4 2758 SHA256 7596248118e3d4087a9bbb4d9c7a9a949a472c73e94585084df1d0a744c17e12 SHA512 bfda73dddd8362005b8fc236132e4421e71ee6af4d917fc4956dd37a244b4ed888b10f7b86f90005bdf782e77346fbeb3453f5ffcf39906aee3e06596f84ccec WHIRLPOOL 1881214407406613b62ab86654b757433596f99b481ca80e106937c34b817750813d68a5df48f3004acb4df89c6a48426e3f7cbb4f9c2b6e49a809b50e50260e -AUX sshd.service 206 SHA256 093d4f526e740cbec46ad6a69207407daf01e74da44599d75b979f294c9b0a7b SHA512 67d96a63a6bc874bacc2f43b51c003f2209a4d2283f8435ba3495266e4823d73962fd995f46eab0e8b260107b9a8c416709b2f19e8e94ecea30ddd8280444cfe WHIRLPOOL b48005444104583bd230e68f870a1d0c4a8709f5e8f7fafa45becf259df64052b1938853e8e232b32aae882dbad83d5c78d7796eafb6c02bd0196f7a6a44075f +AUX sshd.rc6.4 2313 SHA256 97221a017d8ee9de996277c5a794d973a0b5e8180c29c97b3652bd1984a7b5d0 SHA512 88826bc9923299ac4c1502e7076483d6c197fd5a0e693bc2e1690f82bcd7d1bbd144aae2ffd92acb28d6fe912233aa93346e00c72917de65c22811ce9cd5bff7 WHIRLPOOL a77bad5891eb74770ae12e79131a99e5645a83841d14f1d60e39581a23b9d86e66b2e5fb7d0c989afac410eb5c6a627b83389d54085d1b78c89fc07852f8eb66 +AUX sshd.service 242 SHA256 1351c43fe8287f61255ace9fa20790f770d69296b4dd31b0c583983d4cc59843 SHA512 77f50c85a2c944995a39819916eb860cfdc1aff90986e93282e669a0de73c287ecb92d550fd118cfcc8ab538eab677e0d103b23cd959b7e8d9801bc37250c39c WHIRLPOOL 0f5c48d709274c526ceee4f26e35dcb00816ffa9d6661acc1e4e462acb38c3c6108b0e87783eff9da1b1868127c5550c57a5a0a9d7270b927ac4b92191876989 AUX sshd.socket 136 SHA256 c055abcd10c5d372119cbc3708661ddffccdee7a1de1282559c54d03e2f109d9 SHA512 4d31d373b7bdae917dc0cf05418c71d4743e98e354aefcf055f88f55c9c644a5a0e0e605dbb8372c1b98d17c0ea1c8c0fee27d38ab8dbe23c7e420a6a78c6d42 WHIRLPOOL 102d87b708c31e5994e8005437c78b1aa756c6def4ee9ae2fa9be1438f328fc28c9152a4ff2528941be18f1311594490ecd98b66716ec74e970aa3725a98e2e5 AUX sshd_at.service 176 SHA256 332f5ffc30456fe2494095c2aabd1e6e02075ce224e2d49708ac7ccf6d341998 SHA512 662a9c2668902633e6dbcb9435ac35bec3e224afdb2ab6a1df908618536ae9fc1958ba1d611e146c01fddb0c8f41eefdc26de78f45b7f165b1d6b2ee2f23be2a WHIRLPOOL aeb32351380dd674ef7a2e7b537f43116c189f7fddb8bdb8b2c109e9f62b0a73cc0f29f2d46270e658ab6409b8d3671ce9e0d0ba7c0d3674c2f85291a73e6df1 -DIST openssh-5.9p1+x509-7.0.diff.gz 181263 SHA256 a28e2535ecbf95deeef682682e7551459cc494bbc1c4ccb89be93cfe826d76ca SHA512 5f6e2be10ce8cf26fffcb782824f59c1f1ca0fa271800e162685ce74d1aac6d9035cfdacc87d3f859d3538bc0b22438a701dfc3c8108a130e6e4b7fdd36e6b16 WHIRLPOOL 00f92e2e235da11a87b30dc49e1a469a781482ea53ddf99fb892ec3796b9a68f62234c0ed72f2a3330f7af90f3afcdc90e2574b6ab5955ec6e64c13b75ab5e89 -DIST openssh-5.9p1-hpn13v11.diff.gz 21971 SHA256 6a47a9e57f87385cac9a380b0b1649b73532afaf40c15f62e9236427c84e7aae SHA512 6f7ae144ff61b4ec7913dc94c7ed9550cfcd30336e3bbfafc6c875c99cf0c90cd7f8ce89d530f2861b9bda95433d591673136ba5a31310226207f787257da3be WHIRLPOOL fe4d9f515e5c51b159b0aa51b01840003de443c2f3e8eca90b657d54f490273d1ba98dbabe2cf3a104edaa0971cae5f5f8c739691310822493f8f2705c01465d -DIST openssh-5.9p1.tar.gz 1110014 SHA256 8d3e8b6b6ff04b525a6dfa6fdeb6a99043ccf6c3310cc32eba84c939b07777d5 SHA512 ccf13e3cb11489f9f7e4788f93ffae1f2c39d48819f0e9cd9197842abc922173d2c3c1ad1a87a2acf4497d67cb9edd48416098388fa33fc0b8e09456b1be7e2f WHIRLPOOL 2e8bd89fd14954a232602a912845ed29a08ca40637f8863fed675b19d18944125ecdbf292c45cf5c297584df6c3131ae4fd3c6bc62595dfebb3831120ea21cd1 -DIST openssh-6.0p1+x509-7.1.diff.gz 200986 SHA256 c11e3837704a24393353fe264d61ffea8c1f23c0cb5b8261866c25677930768b SHA512 f45e16a21955546829c70bbad67a6af2cdf60fc6019d34c8563c3c328ffc477d1b31c3443ce032e7ff29d027979ecade476679d33c40961ac4ba65f96dac4b7f WHIRLPOOL 120063e566d721c233ea02cdf2ea114b7f707248962c126dd9def5377188283bb9da58a32a2d49453f4c37ad7a975e03bcdf106a28a0cb7e655eacc7c3f965c1 -DIST openssh-6.0p1-hpn13v11.diff.bz2 19979 SHA256 a096f6ee6dfddb3996b5e7b806ece2a7709c8cce6560eb026c28d3fb56f71ee9 SHA512 2805ddac19a5c4962e6a57d9a6efd3f17ebac82ee2b6a7eed60521a4fd23468d4be7f67e59562120fb21e1efa7ab9213be5d8ab8e3ff6fb9c2ccd6d6989f460f WHIRLPOOL a588288d0b3a64a8414bf1061055dbf41b8370e59fd89ab6cdc2fc7b93046b467aefb9f9196a65f96bda395db38e3841e1ad781341919829de0d9d8d2a220df1 -DIST openssh-6.0p1-hpn13v12.diff.gz 20223 SHA256 b6158c10fac153dd2a9f5d9b29df1e4db17a91f84f100b99526655317d9bf4c0 SHA512 d5decf82bfdbdcdcea974b3a8d990929908077851a3a8c122bda37e439e19e69973a371ac46683840263ec3c85fb2393a70183786f94b2afaff6577209f202c2 WHIRLPOOL 9347431c34737294f98aa07d1c4468ab0357e766c1ff55ad2e39af10041d9fa0e0253d36c5dde354513c97cf7ccb19ac1db7214c25797d57d917d4ee5a1199da -DIST openssh-6.0p1.tar.gz 1126034 SHA256 589d48e952d6c017e667873486b5df63222f9133d417d0002bd6429d9bd882de SHA512 4fe1f7e0d5e572575b11253916354b333a7eca558720885d5dceb7c89dc5da81cd57feaa4be756dfa4f3e9ef508e5f460e5fda221765191b1c02ae37431a444e WHIRLPOOL 7853155dfd35962ae31958600b6d4f94a3a916dac942f5f533cde3d85c8ea64066b887d66d7722bd647196f57df7ed27f62d5ec4588868754b6cdf999a404001 -DIST openssh-6.1p1+x509-7.2.1.diff.gz 208071 SHA256 02d3703d419fc72be819a4e7fc8cbbb269182862465b6a99cc7b2af32d75a181 SHA512 6c1786c2c32d884e7b8f15e39912ca1d8fb54b1132ffae6d8d4f262356a16267a8e549a822911d0f40eabe49015080ae35fdec521f90e0ef4d05554339f35fa0 WHIRLPOOL 7f260caebdc58fe415b3cb93b08600942a6b171b45df8ff1279d4280930a7103cbefac63ec7f32fdbf9bdcf64278c39bfd55c2dcb41ea5c4934574930494df67 -DIST openssh-6.1p1-hpn13v11.diff.bz2 19999 SHA256 08bfc1f3c582f23b3ce386e78baf37be4af03645fc6eef87f1ef819cc273ecc7 SHA512 4e21384ef4d0b7539c9b7aecb158748b959db7ec84fa023f7969c2db50794e1f68bab375cdea9c2ae8fe16b759650e250aa21d6b8772a1c671d2e1e59adef08a WHIRLPOOL 3918c2c118908e67de4523c8d1f142ca4b2d2d7c045c2337b2f7914096108cf1a138009a838519d292e53fec454ced3a9590bbddf93096bd377196bd7d73ed55 -DIST openssh-6.1p1.tar.gz 1134820 SHA256 d1c157f6c0852e90c191cc7c9018a583b51e3db4035489cb262639d337a1c411 SHA512 1cd58f18b047fa92a3155fa215d69c04e1f03914488a21bcda5434899df6055567e59f77063f0080b0cb437bb2396d3bf4050ed0c5ea2d1dc20d6fd928d5a76c WHIRLPOOL a1ecf33e8c4048c59e55d38cc8bb3f89357ac8fb74fdbb57e24e111e1749620fe6f7e329a744e3cfc9ced3e445539ce85926c7877a0f12475ccf14f124f9234b -DIST openssh-lpk-5.9p1-0.3.14.patch.gz 18335 SHA256 1a922d57a2e7020bf597135437a57080d7d046c9f41a7a53559945ddddbe0892 SHA512 eb4641d30e221eaa409d22ab423e38c1a31dd9dfeacbf978c94827194cb838cc0f832bf96aa4c494a71a5d5d1b90fc6789e8469e35d82ffcaf54305f07ccdb9b WHIRLPOOL 6748426d6d0cda07729744d8993d96a762134a61acf757afc1618ada5cbd9752d9211a89be831e5a4f1744f70cc4fc643b5f745d1f785b53a4e1dbf9d7c92680 -DIST openssh-lpk-6.0p1-0.3.14.patch.gz 18401 SHA256 d0f3d55fd92ecc45aa6120d6ea919c903e4828ce0c2b07612c742a2aa7648beb SHA512 ebf680b90bc289c0d69c22fd6fd666032cdcf4c3850ecdf03e264200d60c50a12f4a5254907c6ab850727216e7837176be5564ae22b68d9b80a67c62f372a9dd WHIRLPOOL 4f8b32c77fc2a9205d283109ccd787a3f37757c18060da39c63147ff09f6b922f4a57ca1ba8d0cdc692f3f1eaba3e5e88eb4287f728ddaaf544d2d425c0cca91 -DIST openssh-lpk-6.1p1-0.3.14.patch.gz 18458 SHA256 2d0e40116e021913668519a42743f89b8fb77f8d5beed863d620cc79999b0b79 SHA512 9cfd83e650cedbc3950b8cf80d0b36fbb7dff8fbe7d017378f9a2ae18189fa6e459e323dae6cd1fa1d82ff948f628563892d0a0f30113b3a8ba5269fe051e784 WHIRLPOOL c1ee5570f0bfb3191c602d575e0e05cabe7d42183bd78c07cac19a2743a59f110728e309fcee6f0b6abc7b141ae8c701d92d010d2b7737739b4cac92406552fa -EBUILD openssh-5.9_p1-r4.ebuild 9210 SHA256 efed8260b1799d44b3d313539c7f88761761e665ab38b2740895d6a99405152c SHA512 e9344b99a24fce4c3f2c186108443079fc66b410373170e57d3be04a74678579fd2dcf136344ca820b8b7f75121ef924c4b36e6a2dfa11dc298dabcd8d91fb98 WHIRLPOOL 9add398de7095604a716a2b76f3bd5ce7cd8035304efaaa1a6a60557804c5714160d582a6f768a2024d8f466db31aca10b4028746d450f09c9b6874e893d6442 -EBUILD openssh-6.0_p1-r1.ebuild 9488 SHA256 f99e6f51f5fc1809cc093e84834699097802d92f8aee712ffcdf1b8548698c08 SHA512 10b19d45b60658e3c61fb74a4c6d4ae1341b4d1129faaa08ec3b655a64f1dc3625ffbe363add33c8e31ac5ebf66cd24415c2324bd5c8d23fad4191e431143be3 WHIRLPOOL 0c35ba4608a5a4fd6c65bfed0f3cde8e8cd7067a94bacf41104c2f0105146a5c79bdec873c2c3a6086637359805ecbb353a2abc9c6e0f2a93a409650aadfff78 -EBUILD openssh-6.0_p1.ebuild 9485 SHA256 32c4280a8babafa169543a919f4cf31231c3d759a7c116b42e3c3981242c0d59 SHA512 bae20dfbea14cfc30f16c7619d63a4a4cb2546d9d5e903e93e3c4d18745c1398d42ab6580a3e10609d81e1020b8f54c35b6413e168775efd3cb8fab064d67f8a WHIRLPOOL 24d16d37714e69a0d4593b745feeb54853e8d7b2de799be8ed76c0e09fe9459da8a3bfbb67b36f120345fc24fdc307a346c4fcb79b95fd8831e8944383f36759 -EBUILD openssh-6.1_p1-r1.ebuild 10236 SHA256 575cedb9ed947517d8c934658bb87e37a9d09b986f76c94b937ef5922d861c17 SHA512 04b8f3b995ece67ae6d2a0f1f8c8fda93e408a7f351884cbe89b91470e5d82fbf469184f66cf2db6e11f6e40cbbae049276995e112428da424dcd8e93ecf9444 WHIRLPOOL efb7dc795f7060407843e266f69150ea44f98d3198941f7d21b9bed7e58f697a9c524fcd9b2851af11e119d1e9594e91845d05684c62bce61ba878230c56d250 -EBUILD openssh-6.1_p1.ebuild 9582 SHA256 e4e060b08be1ae2238889463ad257e6d3b60ccc33c0bd6e5f73e63155795b2cc SHA512 dc3376d4317fe4692b0e3a62acfe7307df0208744dfd35f585eee9768e16493b81dc1ac854f32050dc21470cf1e7681a71c463c4e15a86d8a4b1c99dfdbc83fd WHIRLPOOL d2e7fe4d73ee58318b2b3099d18596db58d2d988e26a1792b9d68dadd3a0fbcda20bf52faf8006913614c995cd7cb7a2e69492c12ede66016639466206fbbc98 -MISC ChangeLog 75887 SHA256 b5781f708e796e2ad7cdb7e369248ea70992db5a251996ed13169aba6e23054b SHA512 86c8f9684e755c7e51cd9982657fccaaf46b7bc914105c84ed1485f23ac9f927901a55b09c5f992f0c210f2216484c5598c267db3ba89acc4ea2499483dd5587 WHIRLPOOL e655cdb5922121f9f3444f4b310f91f232700b924304fb178a54132881086c57894718deeee04898f53b015469ab15705346c54b2b31a97a014955dcfe6fdf05 -MISC metadata.xml 1749 SHA256 efc4abf9bfbc17c1312052e84e77058539851b2e9d0fffb16b2c13bcfda08993 SHA512 18e254f223ddd5bba1b1c4f0ecdd78bffe446a23108bc649d73d8ba626e2940a5a9c5878ab1f8b2689434876e76260fe5a9970649a1287f51033862cf0d5ce36 WHIRLPOOL acb0ce741349f25dbfd58a02a72f5ca45a42ba5441b96766a91b381ed9735efe5105fd6dfaf576bf2dfdd4ef0ed542f81601d74378bc526aac9c0165672dffac +DIST openssh-6.6p1+x509-7.9.diff.gz 224691 SHA256 463473f75c1dc250ea4eda21f2c79df6f0b479ea499d044cb51d73073881ca34 SHA512 dc9ee7f0589aa0ba8d3c1c40c505f99a811845d8952bf6bf6b8bd3a00ef4813f3b71db32aadf252d7a320a8bf9cdcdf30b71292869d7830cc42f15ce3d1f3c49 WHIRLPOOL 61158e0dac934d375758904382882e7cd276d076a95ba2be32d03f4a7c7969943bd8d63c269ff16ab78928d7c97465f6e417730be14b5efacf64a029e2f950d7 +DIST openssh-6.6p1-hpnssh14v4.diff.xz 20932 SHA256 16dcc68c399990ec0c801d421d022ceeae0e3aec1e6ffd3fecc5e2f4768cc91b SHA512 7900ccf5ba5fcef5e6f3ed1b3263ad348a4bf63879905bbf9ce5212af64c7f4dae396989c67361ef1b5dfaf97a2d340b3bf75bf37f206b9a18ebee5d84044e2d WHIRLPOOL 163ce9e319cef4dcaf6f38f42afc3b75c6e89c38b43c04189c64c72b4b58bc3f9d7042c7b67243879c87cbe410a607296917e94ff042df2c0a29f2ef82792774 +DIST openssh-6.6p1.tar.gz 1282502 SHA256 48c1f0664b4534875038004cc4f3555b8329c2a81c1df48db5c517800de203bb SHA512 3d3566ed87649882702cad52db1adefebfb3ef788c9f77a493f99db7e9ca2e8edcde793dd426df7df0aed72a42a31c20a63ef51506111369d3a7c49e0bf6c82b WHIRLPOOL 8630c81481a813a92da9c302d22135fe519fcc4826a892080e5a15368d13a6b47947ef47d53aad0a34e6ea49ce4caccc8f06e8afc2c90db0402fbcc2184efe89 +DIST openssh-lpk-6.5p1-0.3.14.patch.gz 18217 SHA256 ad678f366dd7ef63ee164e29b59a4a4d264de9ddf9ad2c1d59178779e83539f3 SHA512 16f0053663ffc9a0670dbf8956dc070e6891e1e47cb1fbbea9567a6a4368c5500bf7e2ff7a2eb7208e651a0121088c271fb0a6ece62b98d103b3337866374610 WHIRLPOOL 34ee5a67e4cb0eb5d8126fde5469b73e0c81d4a7795cd9849c671922227eb8a6767cecf3097acbff338a47c3a7930b285fa4ecf2ebe74cb2e9186f93ec70c40c +EBUILD openssh-6.6_p1-r1.ebuild 9874 SHA256 223b5e4c5d0d3152e8ffadd20e8bcc391620c779749cf6ff235f0d3a857f7409 SHA512 3104586dedfb189adc780bf56cb030f3a9c2427fe07ce340424ea4e279b6335653b2eb38f9d86a8f6ac76360cd94b87d858863fd79b2054763f72ccb83f1a0ed WHIRLPOOL 1bef688d59baf3cf10ce3ab60f3eeb6e6cf875989ffcf711628f56b34a1344838c3a46ae548399c49f11459e5dd2045fcef810691421e69ef02eb92489c22824 +MISC ChangeLog 84776 SHA256 4b91f71c0bdcd726c351662cc66abeeaf22bf429b840fff91c54d772675ae08a SHA512 9744185805176336c9e574981fed5644995b352d177c9f0746c01ce700f635f59e30ec4615c68e50eb62219b8ac3fa789f18a06fce3ac1039f50c35589b81022 WHIRLPOOL 84a9909b29147bdd568811e6a30a31436386df512061956613cde3d6fafe111932f882a9b4fd71d98ab8a4458502b909c78636ca73dea02b18a83510a2e9e5e2 +MISC metadata.xml 1837 SHA256 5f8be0245926a5dc8007dd78594febffc68bbcb45306630d027666872e664050 SHA512 76e044611e16ede9bb9697c0ad448c149131f1f20b84ef1000fb77d6cec954abd48542fd26299a372b4411aa0ecb161ed38396b2c3b5c11c71a4bc247e0b23ed WHIRLPOOL 46c8b0f7911fec3ca086e1601cfab5d03e01a7d8cd2069460975545438f6fa5964f138d19a70ec7db7f1f8c9c0fbb48dcec6ee8269fa9d7b432214e9e3e46806 -----BEGIN PGP SIGNATURE----- -Version: GnuPG v2.0.19 (GNU/Linux) +Version: GnuPG v2.0.22 (GNU/Linux) -iEYEAREIAAYFAlElsOcACgkQ/ejvha5XGaNpPgCfWa0l571A+CYVXmmJYjM9A4XI -eaUAn37drG7hn008BqgecRO5CDUSD5io -=gm+j +iQIcBAEBCAAGBQJTLq+tAAoJELp701BxlEWfOA0P/0l/UJj4UfJgzM7M5Yk3QKMZ +OZMIrQG4PwnZEUlzWxNr0QUtp9QLwGeXa4qJXwYGXAX+Owd+Ty9mDW07wT8NCMxi +19ejI95X9KUkro18UrTFyhi07uppUse+ez13Vl4L1kCRaGGceAHGsd1bsGIGORPw +l46gMdP3ZKc8X7qidbWXHgV27qyhwRcVRlGlvlnTdHEF9PDD8TGzrjUlx+Ij7HAF +jVEg5vbN8eYJbKWPOOGjW63PAdRfPy33ZDkqRViOvBm9PO69/uail5XSBa7dXMka +oz3HvxV1eAqhWr6kWgeTwMoap+GDQYw4s/pBZr0OSD4SfOvqo6ZrRqSyIFzS/fC4 +4abFHuBdK1mWYp37lEtIgf8Jbame/x90Eo6NUJPAjAASC33+ad89+TfEmMM8voGT +6fI8Dj4cfpxMQt4q0x0Whjjt/yLlMcQwc3kxJKvrtEOA+AH9xmzw7UoDfIQVNkmA +OtNIU6CD5FRijhsNvMaVSVTpWHqworWvmO/IosBmXP6TaU3DQZmOH6yoEixxrmbN +k7KwfnsSZteIfCviHVQw9Eiv5emxM2sABJIlb8srcAigsjHSVgdLkgwbr+ykBdaq +SIIXMnCLw8Xe5VksPOwRnGX6QRJvLaWxl1XdtUEDS7K6EEycuuye4v/Ar847CJHC +QR3yRb5Pss/SPj+Jhhwh +=qF8Z -----END PGP SIGNATURE----- diff --git a/sdk_container/src/third_party/portage-stable/net-misc/openssh/files/openssh-5.2_p1-autoconf.patch b/sdk_container/src/third_party/portage-stable/net-misc/openssh/files/openssh-5.2_p1-autoconf.patch deleted file mode 100644 index 24ad7a9cf4..0000000000 --- a/sdk_container/src/third_party/portage-stable/net-misc/openssh/files/openssh-5.2_p1-autoconf.patch +++ /dev/null @@ -1,15 +0,0 @@ -workaround problems with autoconf-2.63 - -http://lists.gnu.org/archive/html/autoconf/2009-04/msg00007.html - ---- a/configure.ac -+++ b/configure.ac -@@ -3603,7 +3603,7 @@ - #include - struct spwd sp; - ],[ sp.sp_expire = sp.sp_lstchg = sp.sp_inact = 0; ], -- [ sp_expire_available=yes ], [] -+ [ sp_expire_available=yes ], [:] - ) - - if test "x$sp_expire_available" = "xyes" ; then diff --git a/sdk_container/src/third_party/portage-stable/net-misc/openssh/files/openssh-5.2_p1-gsskex-fix.patch b/sdk_container/src/third_party/portage-stable/net-misc/openssh/files/openssh-5.2_p1-gsskex-fix.patch deleted file mode 100644 index 8112d6252f..0000000000 --- a/sdk_container/src/third_party/portage-stable/net-misc/openssh/files/openssh-5.2_p1-gsskex-fix.patch +++ /dev/null @@ -1,16 +0,0 @@ ---- clientloop.c -+++ clientloop.c -@@ -1434,11 +1434,13 @@ - if (!rekeying) { - channel_after_select(readset, writeset); - -+#ifdef GSSAPI - if (options.gss_renewal_rekey && - ssh_gssapi_credentials_updated(GSS_C_NO_CONTEXT)) { - debug("credentials updated - forcing rekey"); - need_rekeying = 1; - } -+#endif - - if (need_rekeying || packet_need_rekeying()) { - debug("need rekeying"); diff --git a/sdk_container/src/third_party/portage-stable/net-misc/openssh/files/openssh-5.2_p1-x509-hpn-glue.patch b/sdk_container/src/third_party/portage-stable/net-misc/openssh/files/openssh-5.2_p1-x509-hpn-glue.patch deleted file mode 100644 index 9428b74f3c..0000000000 --- a/sdk_container/src/third_party/portage-stable/net-misc/openssh/files/openssh-5.2_p1-x509-hpn-glue.patch +++ /dev/null @@ -1,91 +0,0 @@ -Move things around so hpn applies cleanly when using X509. - ---- openssh-5.2p1+x509/Makefile.in -+++ openssh-5.2p1+x509/Makefile.in -@@ -44,11 +44,12 @@ - CC=@CC@ - LD=@LD@ - CFLAGS=@CFLAGS@ --CPPFLAGS=-I. -I$(srcdir) @CPPFLAGS@ @LDAP_CPPFLAGS@ $(PATHS) @DEFS@ -+CPPFLAGS=-I. -I$(srcdir) @CPPFLAGS@ $(PATHS) @DEFS@ - LIBS=@LIBS@ - SSHDLIBS=@SSHDLIBS@ - LIBEDIT=@LIBEDIT@ - LIBLDAP=@LDAP_LDFLAGS@ @LDAP_LIBS@ -+CPPFLAGS += @LDAP_CPPFLAGS@ - AR=@AR@ - AWK=@AWK@ - RANLIB=@RANLIB@ ---- openssh-5.2p1+x509/servconf.c -+++ openssh-5.2p1+x509/servconf.c -@@ -108,6 +108,17 @@ - options->log_level = SYSLOG_LEVEL_NOT_SET; - options->rhosts_rsa_authentication = -1; - options->hostbased_authentication = -1; -+ options->hostbased_algorithms = NULL; -+ options->pubkey_algorithms = NULL; -+ ssh_x509flags_initialize(&options->x509flags, 1); -+#ifndef SSH_X509STORE_DISABLED -+ ssh_x509store_initialize(&options->ca); -+#endif /*ndef SSH_X509STORE_DISABLED*/ -+#ifdef SSH_OCSP_ENABLED -+ options->va.type = -1; -+ options->va.certificate_file = NULL; -+ options->va.responder_url = NULL; -+#endif /*def SSH_OCSP_ENABLED*/ - options->hostbased_uses_name_from_packet_only = -1; - options->rsa_authentication = -1; - options->pubkey_authentication = -1; -@@ -152,18 +163,6 @@ - options->adm_forced_command = NULL; - options->chroot_directory = NULL; - options->zero_knowledge_password_authentication = -1; -- -- options->hostbased_algorithms = NULL; -- options->pubkey_algorithms = NULL; -- ssh_x509flags_initialize(&options->x509flags, 1); --#ifndef SSH_X509STORE_DISABLED -- ssh_x509store_initialize(&options->ca); --#endif /*ndef SSH_X509STORE_DISABLED*/ --#ifdef SSH_OCSP_ENABLED -- options->va.type = -1; -- options->va.certificate_file = NULL; -- options->va.responder_url = NULL; --#endif /*def SSH_OCSP_ENABLED*/ - } - - void -@@ -341,6 +340,16 @@ - /* Portable-specific options */ - sUsePAM, - /* Standard Options */ -+ sHostbasedAlgorithms, -+ sPubkeyAlgorithms, -+ sX509KeyAlgorithm, -+ sAllowedClientCertPurpose, -+ sKeyAllowSelfIssued, sMandatoryCRL, -+ sCACertificateFile, sCACertificatePath, -+ sCARevocationFile, sCARevocationPath, -+ sCAldapVersion, sCAldapURL, -+ sVAType, sVACertificateFile, -+ sVAOCSPResponderURL, - sPort, sHostKeyFile, sServerKeyBits, sLoginGraceTime, sKeyRegenerationTime, - sPermitRootLogin, sLogFacility, sLogLevel, - sRhostsRSAAuthentication, sRSAAuthentication, -@@ -364,16 +373,6 @@ - sMatch, sPermitOpen, sForceCommand, sChrootDirectory, - sUsePrivilegeSeparation, sAllowAgentForwarding, - sZeroKnowledgePasswordAuthentication, -- sHostbasedAlgorithms, -- sPubkeyAlgorithms, -- sX509KeyAlgorithm, -- sAllowedClientCertPurpose, -- sKeyAllowSelfIssued, sMandatoryCRL, -- sCACertificateFile, sCACertificatePath, -- sCARevocationFile, sCARevocationPath, -- sCAldapVersion, sCAldapURL, -- sVAType, sVACertificateFile, -- sVAOCSPResponderURL, - sDeprecated, sUnsupported - } ServerOpCodes; - diff --git a/sdk_container/src/third_party/portage-stable/net-misc/openssh/files/openssh-5.6_p1-x509-hpn-glue.patch b/sdk_container/src/third_party/portage-stable/net-misc/openssh/files/openssh-5.6_p1-x509-hpn-glue.patch deleted file mode 100644 index e793311f5f..0000000000 --- a/sdk_container/src/third_party/portage-stable/net-misc/openssh/files/openssh-5.6_p1-x509-hpn-glue.patch +++ /dev/null @@ -1,60 +0,0 @@ -Move things around so hpn applies cleanly when using X509. - ---- a/Makefile.in -+++ b/Makefile.in -@@ -46,11 +46,12 @@ - CC=@CC@ - LD=@LD@ - CFLAGS=@CFLAGS@ --CPPFLAGS=-I. -I$(srcdir) @CPPFLAGS@ @LDAP_CPPFLAGS@ $(PATHS) @DEFS@ -+CPPFLAGS=-I. -I$(srcdir) @CPPFLAGS@ $(PATHS) @DEFS@ - LIBS=@LIBS@ - SSHDLIBS=@SSHDLIBS@ - LIBEDIT=@LIBEDIT@ - LIBLDAP=@LDAP_LDFLAGS@ @LDAP_LIBS@ -+CPPFLAGS+=@LDAP_CPPFLAGS@ - AR=@AR@ - AWK=@AWK@ - RANLIB=@RANLIB@ ---- a/servconf.c -+++ b/servconf.c -@@ -153,9 +153,6 @@ initialize_server_options(ServerOptions *options) - options->adm_forced_command = NULL; - options->chroot_directory = NULL; - options->zero_knowledge_password_authentication = -1; -- options->revoked_keys_file = NULL; -- options->trusted_user_ca_keys = NULL; -- options->authorized_principals_file = NULL; - - options->hostbased_algorithms = NULL; - options->pubkey_algorithms = NULL; -@@ -168,6 +165,9 @@ initialize_server_options(ServerOptions *options) - options->va.certificate_file = NULL; - options->va.responder_url = NULL; - #endif /*def SSH_OCSP_ENABLED*/ -+ options->revoked_keys_file = NULL; -+ options->trusted_user_ca_keys = NULL; -+ options->authorized_principals_file = NULL; - } - - void -@@ -367,9 +367,6 @@ typedef enum { - sClientAliveCountMax, sAuthorizedKeysFile, sAuthorizedKeysFile2, - sGssAuthentication, sGssCleanupCreds, sAcceptEnv, sPermitTunnel, - sMatch, sPermitOpen, sForceCommand, sChrootDirectory, -- sUsePrivilegeSeparation, sAllowAgentForwarding, -- sZeroKnowledgePasswordAuthentication, sHostCertificate, -- sRevokedKeys, sTrustedUserCAKeys, sAuthorizedPrincipalsFile, - sHostbasedAlgorithms, - sPubkeyAlgorithms, - sX509KeyAlgorithm, -@@ -380,6 +377,9 @@ typedef enum { - sCAldapVersion, sCAldapURL, - sVAType, sVACertificateFile, - sVAOCSPResponderURL, -+ sUsePrivilegeSeparation, sAllowAgentForwarding, -+ sZeroKnowledgePasswordAuthentication, sHostCertificate, -+ sRevokedKeys, sTrustedUserCAKeys, sAuthorizedPrincipalsFile, - sDeprecated, sUnsupported - } ServerOpCodes; - diff --git a/sdk_container/src/third_party/portage-stable/net-misc/openssh/files/openssh-5.7_p1-x509-hpn-glue.patch b/sdk_container/src/third_party/portage-stable/net-misc/openssh/files/openssh-5.7_p1-x509-hpn-glue.patch deleted file mode 100644 index ee3e757476..0000000000 --- a/sdk_container/src/third_party/portage-stable/net-misc/openssh/files/openssh-5.7_p1-x509-hpn-glue.patch +++ /dev/null @@ -1,60 +0,0 @@ -Move things around so hpn applies cleanly when using X509. - ---- a/Makefile.in -+++ b/Makefile.in -@@ -46,11 +46,12 @@ - CC=@CC@ - LD=@LD@ - CFLAGS=@CFLAGS@ --CPPFLAGS=-I. -I$(srcdir) @CPPFLAGS@ @LDAP_CPPFLAGS@ $(PATHS) @DEFS@ -+CPPFLAGS=-I. -I$(srcdir) @CPPFLAGS@ $(PATHS) @DEFS@ - LIBS=@LIBS@ - SSHDLIBS=@SSHDLIBS@ - LIBEDIT=@LIBEDIT@ - LIBLDAP=@LDAP_LDFLAGS@ @LDAP_LIBS@ -+CPPFLAGS+=@LDAP_CPPFLAGS@ - AR=@AR@ - AWK=@AWK@ - RANLIB=@RANLIB@ ---- a/servconf.c -+++ b/servconf.c -@@ -153,9 +153,6 @@ initialize_server_options(ServerOptions *options) - options->zero_knowledge_password_authentication = -1; - options->revoked_keys_file = NULL; - options->trusted_user_ca_keys = NULL; -- options->authorized_principals_file = NULL; -- options->ip_qos_interactive = -1; -- options->ip_qos_bulk = -1; - - options->hostbased_algorithms = NULL; - options->pubkey_algorithms = NULL; -@@ -168,6 +165,9 @@ initialize_server_options(ServerOptions *options) - options->va.certificate_file = NULL; - options->va.responder_url = NULL; - #endif /*def SSH_OCSP_ENABLED*/ -+ options->authorized_principals_file = NULL; -+ options->ip_qos_interactive = -1; -+ options->ip_qos_bulk = -1; - } - - void -@@ -367,9 +367,6 @@ typedef enum { - sGssAuthentication, sGssCleanupCreds, sAcceptEnv, sPermitTunnel, - sMatch, sPermitOpen, sForceCommand, sChrootDirectory, - sUsePrivilegeSeparation, sAllowAgentForwarding, -- sZeroKnowledgePasswordAuthentication, sHostCertificate, -- sRevokedKeys, sTrustedUserCAKeys, sAuthorizedPrincipalsFile, -- sKexAlgorithms, sIPQoS, - sHostbasedAlgorithms, - sPubkeyAlgorithms, - sX509KeyAlgorithm, -@@ -380,6 +377,9 @@ typedef enum { - sCAldapVersion, sCAldapURL, - sVAType, sVACertificateFile, - sVAOCSPResponderURL, -+ sZeroKnowledgePasswordAuthentication, sHostCertificate, -+ sRevokedKeys, sTrustedUserCAKeys, sAuthorizedPrincipalsFile, -+ sKexAlgorithms, sIPQoS, - sDeprecated, sUnsupported - } ServerOpCodes; - diff --git a/sdk_container/src/third_party/portage-stable/net-misc/openssh/files/openssh-5.8_p1-selinux.patch b/sdk_container/src/third_party/portage-stable/net-misc/openssh/files/openssh-5.8_p1-selinux.patch deleted file mode 100644 index 7be2879f9a..0000000000 --- a/sdk_container/src/third_party/portage-stable/net-misc/openssh/files/openssh-5.8_p1-selinux.patch +++ /dev/null @@ -1,18 +0,0 @@ -http://bugs.gentoo.org/354247 - -[openbsd-compat/port-linux.c] Bug #1851: fix syntax error in - selinux code. Patch from Leonardo Chiquitto. - -/* $Id: openssh-5.8_p1-selinux.patch,v 1.1 2011/02/10 02:44:53 vapier Exp $ */ - ---- a/openbsd-compat/port-linux.c -+++ b/openbsd-compat/port-linux.c -@@ -213,7 +213,7 @@ - - if (!ssh_selinux_enabled()) - return; -- if (path == NULL) -+ if (path == NULL) { - setfscreatecon(NULL); - return; - } diff --git a/sdk_container/src/third_party/portage-stable/net-misc/openssh/files/openssh-6.2_p2-x509-glue.patch b/sdk_container/src/third_party/portage-stable/net-misc/openssh/files/openssh-6.2_p2-x509-glue.patch new file mode 100644 index 0000000000..f405d7d1c2 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/net-misc/openssh/files/openssh-6.2_p2-x509-glue.patch @@ -0,0 +1,16 @@ +make x509 apply after openssh-5.9_p1-sshd-gssapi-multihomed.patch + +--- openssh-6.2p2+x509-7.5.diff ++++ openssh-6.2p2+x509-7.5.diff +@@ -14571,10 +14571,9 @@ + .It Cm ChallengeResponseAuthentication + Specifies whether challenge-response authentication is allowed (e.g. via + PAM or though authentication styles supported in +-@@ -487,6 +564,16 @@ ++@@ -487,5 +564,15 @@ + The default is + .Dq yes . +- Note that this option applies to protocol version 2 only. + +.It Cm HostbasedAlgorithms + +Specifies the protocol version 2 algorithms used in + +.Dq hostbased diff --git a/sdk_container/src/third_party/portage-stable/net-misc/openssh/files/openssh-6.2_p2-x509-hpn-glue.patch b/sdk_container/src/third_party/portage-stable/net-misc/openssh/files/openssh-6.2_p2-x509-hpn-glue.patch new file mode 100644 index 0000000000..89d3d66e57 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/net-misc/openssh/files/openssh-6.2_p2-x509-hpn-glue.patch @@ -0,0 +1,51 @@ +--- openssh-6.2p2/Makefile.in ++++ openssh-6.2p2/Makefile.in +@@ -45,7 +45,7 @@ + CC=@CC@ + LD=@LD@ + CFLAGS=@CFLAGS@ +-CPPFLAGS=-I. -I$(srcdir) @CPPFLAGS@ @LDAP_CPPFLAGS@ $(PATHS) @DEFS@ ++CPPFLAGS=-I. -I$(srcdir) @CPPFLAGS@ $(PATHS) @DEFS@ + LIBS=@LIBS@ + K5LIBS=@K5LIBS@ + GSSLIBS=@GSSLIBS@ +@@ -53,6 +53,7 @@ + SSHDLIBS=@SSHDLIBS@ + LIBEDIT=@LIBEDIT@ + LIBLDAP=@LDAP_LDFLAGS@ @LDAP_LIBS@ ++CPPFLAGS+=@LDAP_CPPFLAGS@ + AR=@AR@ + AWK=@AWK@ + RANLIB=@RANLIB@ +--- openssh-6.2p2/sshconnect.c ++++ openssh-6.2p2/sshconnect.c +@@ -458,7 +458,7 @@ + { + /* Send our own protocol version identification. */ + if (compat20) { +- xasprintf(&client_version_string, "SSH-%d.%d-%.100s PKIX\r\n", ++ xasprintf(&client_version_string, "SSH-%d.%d-%.100s\r\n", + PROTOCOL_MAJOR_2, PROTOCOL_MINOR_2, SSH_VERSION); + } else { + xasprintf(&client_version_string, "SSH-%d.%d-%.100s\n", +--- openssh-6.2p2/sshd.c ++++ openssh-6.2p2/sshd.c +@@ -466,8 +466,8 @@ + comment = ""; + } + +- xasprintf(&server_version_string, "SSH-%d.%d-%.100s%s%s%s%s", +- major, minor, SSH_VERSION, comment, ++ xasprintf(&server_version_string, "SSH-%d.%d-%.100s%s%s%s", ++ major, minor, SSH_VERSION, + *options.version_addendum == '\0' ? "" : " ", + options.version_addendum, newline); + +--- openssh-6.2p2/version.h ++++ openssh-6.2p2/version.h +@@ -3,4 +3,5 @@ + #define SSH_VERSION "OpenSSH_6.2" + + #define SSH_PORTABLE "p2" ++#define SSH_X509 " PKIX" + #define SSH_RELEASE SSH_VERSION SSH_PORTABLE diff --git a/sdk_container/src/third_party/portage-stable/net-misc/openssh/files/openssh-6.2_p2-x509-hpn14v1-glue.patch b/sdk_container/src/third_party/portage-stable/net-misc/openssh/files/openssh-6.2_p2-x509-hpn14v1-glue.patch new file mode 100644 index 0000000000..befa44e4f5 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/net-misc/openssh/files/openssh-6.2_p2-x509-hpn14v1-glue.patch @@ -0,0 +1,87 @@ +--- openssh-6.2p2/Makefile.in ++++ openssh-6.2p2/Makefile.in +@@ -45,7 +45,7 @@ + CC=@CC@ + LD=@LD@ + CFLAGS=@CFLAGS@ +-CPPFLAGS=-I. -I$(srcdir) @CPPFLAGS@ @LDAP_CPPFLAGS@ $(PATHS) @DEFS@ ++CPPFLAGS=-I. -I$(srcdir) @CPPFLAGS@ $(PATHS) @DEFS@ + LIBS=@LIBS@ + K5LIBS=@K5LIBS@ + GSSLIBS=@GSSLIBS@ +@@ -53,6 +53,7 @@ + SSHDLIBS=@SSHDLIBS@ + LIBEDIT=@LIBEDIT@ + LIBLDAP=@LDAP_LDFLAGS@ @LDAP_LIBS@ ++CPPFLAGS+=@LDAP_CPPFLAGS@ + AR=@AR@ + AWK=@AWK@ + RANLIB=@RANLIB@ +--- openssh-6.2p2/servconf.c ++++ openssh-6.2p2/servconf.c +@@ -385,6 +385,16 @@ + sKerberosAuthentication, sKerberosOrLocalPasswd, sKerberosTicketCleanup, + sKerberosGetAFSToken, + sKerberosTgtPassing, sChallengeResponseAuthentication, ++ sHostbasedAlgorithms, ++ sPubkeyAlgorithms, ++ sX509KeyAlgorithm, ++ sAllowedClientCertPurpose, ++ sKeyAllowSelfIssued, sMandatoryCRL, ++ sCACertificateFile, sCACertificatePath, ++ sCARevocationFile, sCARevocationPath, ++ sCAldapVersion, sCAldapURL, ++ sVAType, sVACertificateFile, ++ sVAOCSPResponderURL, + sPasswordAuthentication, sKbdInteractiveAuthentication, + sListenAddress, sAddressFamily, + sPrintMotd, sPrintLastLog, sIgnoreRhosts, +@@ -407,16 +417,6 @@ + sKexAlgorithms, sIPQoS, sVersionAddendum, + sAuthorizedKeysCommand, sAuthorizedKeysCommandUser, + sAuthenticationMethods, +- sHostbasedAlgorithms, +- sPubkeyAlgorithms, +- sX509KeyAlgorithm, +- sAllowedClientCertPurpose, +- sKeyAllowSelfIssued, sMandatoryCRL, +- sCACertificateFile, sCACertificatePath, +- sCARevocationFile, sCARevocationPath, +- sCAldapVersion, sCAldapURL, +- sVAType, sVACertificateFile, +- sVAOCSPResponderURL, + sDeprecated, sUnsupported + } ServerOpCodes; + +--- openssh-6.2p2/sshconnect.c ++++ openssh-6.2p2/sshconnect.c +@@ -465,7 +465,7 @@ + { + /* Send our own protocol version identification. */ + if (compat20) { +- xasprintf(&client_version_string, "SSH-%d.%d-%.100s PKIX\r\n", ++ xasprintf(&client_version_string, "SSH-%d.%d-%.100s\r\n", + PROTOCOL_MAJOR_2, PROTOCOL_MINOR_2, SSH_VERSION); + } else { + xasprintf(&client_version_string, "SSH-%d.%d-%.100s\n", +--- openssh-6.2p2/sshd.c ++++ openssh-6.2p2/sshd.c +@@ -466,8 +466,8 @@ + comment = ""; + } + +- xasprintf(&server_version_string, "SSH-%d.%d-%.100s%s%s%s%s", +- major, minor, SSH_VERSION, comment, ++ xasprintf(&server_version_string, "SSH-%d.%d-%.100s%s%s%s", ++ major, minor, SSH_VERSION, + *options.version_addendum == '\0' ? "" : " ", + options.version_addendum, newline); + +--- openssh-6.2p2/version.h ++++ openssh-6.2p2/version.h +@@ -3,4 +3,5 @@ + #define SSH_VERSION "OpenSSH_6.2" + + #define SSH_PORTABLE "p2" ++#define SSH_X509 " PKIX" + #define SSH_RELEASE SSH_VERSION SSH_PORTABLE diff --git a/sdk_container/src/third_party/portage-stable/net-misc/openssh/files/openssh-6.3_p1-aes-gcm.patch b/sdk_container/src/third_party/portage-stable/net-misc/openssh/files/openssh-6.3_p1-aes-gcm.patch new file mode 100644 index 0000000000..92cd7a192f --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/net-misc/openssh/files/openssh-6.3_p1-aes-gcm.patch @@ -0,0 +1,13 @@ +http://www.openssh.org/txt/gcmrekey.adv + +--- openssh-6.3p1/monitor_wrap.c ++++ openssh-6.3p1/monitor_wrap.c +@@ -482,7 +482,7 @@ mm_newkeys_from_blob(u_char *blob, int b + buffer_init(&b); + buffer_append(&b, blob, blen); + +- newkey = xmalloc(sizeof(*newkey)); ++ newkey = xcalloc(1, sizeof(*newkey)); + enc = &newkey->enc; + mac = &newkey->mac; + comp = &newkey->comp; diff --git a/sdk_container/src/third_party/portage-stable/net-misc/openssh/files/openssh-6.3_p1-x509-glue.patch b/sdk_container/src/third_party/portage-stable/net-misc/openssh/files/openssh-6.3_p1-x509-glue.patch new file mode 100644 index 0000000000..f70d44a127 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/net-misc/openssh/files/openssh-6.3_p1-x509-glue.patch @@ -0,0 +1,16 @@ +make x509 apply after openssh-5.9_p1-sshd-gssapi-multihomed.patch + +--- openssh-6.3p1+x509-7.6.diff ++++ openssh-6.3p1+x509-7.6.diff +@@ -14784,10 +14784,9 @@ + .It Cm ChallengeResponseAuthentication + Specifies whether challenge-response authentication is allowed (e.g. via + PAM or though authentication styles supported in +-@@ -490,6 +567,16 @@ ++@@ -490,5 +567,15 @@ + The default is + .Dq yes . +- Note that this option applies to protocol version 2 only. + +.It Cm HostbasedAlgorithms + +Specifies the protocol version 2 algorithms used in + +.Dq hostbased diff --git a/sdk_container/src/third_party/portage-stable/net-misc/openssh/files/openssh-6.3_p1-x509-hpn14v2-glue.patch b/sdk_container/src/third_party/portage-stable/net-misc/openssh/files/openssh-6.3_p1-x509-hpn14v2-glue.patch new file mode 100644 index 0000000000..c3647d5aa2 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/net-misc/openssh/files/openssh-6.3_p1-x509-hpn14v2-glue.patch @@ -0,0 +1,51 @@ +--- openssh-6.3p1/Makefile.in ++++ openssh-6.3p1/Makefile.in +@@ -45,7 +45,7 @@ + CC=@CC@ + LD=@LD@ + CFLAGS=@CFLAGS@ +-CPPFLAGS=-I. -I$(srcdir) @CPPFLAGS@ @LDAP_CPPFLAGS@ $(PATHS) @DEFS@ ++CPPFLAGS=-I. -I$(srcdir) @CPPFLAGS@ $(PATHS) @DEFS@ + LIBS=@LIBS@ + K5LIBS=@K5LIBS@ + GSSLIBS=@GSSLIBS@ +@@ -53,6 +53,7 @@ + SSHDLIBS=@SSHDLIBS@ + LIBEDIT=@LIBEDIT@ + LIBLDAP=@LDAP_LDFLAGS@ @LDAP_LIBS@ ++CPPFLAGS+=@LDAP_CPPFLAGS@ + AR=@AR@ + AWK=@AWK@ + RANLIB=@RANLIB@ +--- openssh-6.3p1/sshconnect.c ++++ openssh-6.3p1/sshconnect.c +@@ -465,7 +465,7 @@ + { + /* Send our own protocol version identification. */ + if (compat20) { +- xasprintf(&client_version_string, "SSH-%d.%d-%.100s PKIX\r\n", ++ xasprintf(&client_version_string, "SSH-%d.%d-%.100s\r\n", + PROTOCOL_MAJOR_2, PROTOCOL_MINOR_2, SSH_VERSION); + } else { + xasprintf(&client_version_string, "SSH-%d.%d-%.100s\n", +--- openssh-6.3p1/sshd.c ++++ openssh-6.3p1/sshd.c +@@ -472,8 +472,8 @@ + comment = ""; + } + +- xasprintf(&server_version_string, "SSH-%d.%d-%.100s%s%s%s%s", +- major, minor, SSH_VERSION, comment, ++ xasprintf(&server_version_string, "SSH-%d.%d-%.100s%s%s%s", ++ major, minor, SSH_VERSION, + *options.version_addendum == '\0' ? "" : " ", + options.version_addendum, newline); + +--- openssh-6.3p1/version.h ++++ openssh-6.3p1/version.h +@@ -3,4 +3,5 @@ + #define SSH_VERSION "OpenSSH_6.3" + + #define SSH_PORTABLE "p1" ++#define SSH_X509 " PKIX" + #define SSH_RELEASE SSH_VERSION SSH_PORTABLE diff --git a/sdk_container/src/third_party/portage-stable/net-misc/openssh/files/openssh-6.4_p1-x509-glue.patch b/sdk_container/src/third_party/portage-stable/net-misc/openssh/files/openssh-6.4_p1-x509-glue.patch new file mode 100644 index 0000000000..6aed19be7b --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/net-misc/openssh/files/openssh-6.4_p1-x509-glue.patch @@ -0,0 +1,30 @@ +Make x509 apply after openssh-5.9_p1-sshd-gssapi-multihomed.patch and remove +redundant README.x509v3 directory. + +--- openssh-6.4p1+x509-7.7.diff.orig 2013-11-09 14:51:13.400696545 -0800 ++++ openssh-6.4p1+x509-7.7.diff 2013-11-09 14:51:05.798786189 -0800 +@@ -6809,9 +6809,9 @@ + + -$OpenBSD: README.dns,v 1.2 2003/10/14 19:43:23 jakob Exp $ + +$OpenBSD$ +-diff -ruN openssh-6.4p1/README.x509v3/README.x509v3 openssh-6.4p1+x509-7.7/README.x509v3/README.x509v3 +---- openssh-6.4p1/README.x509v3/README.x509v3 1970-01-01 02:00:00.000000000 +0200 +-+++ openssh-6.4p1+x509-7.7/README.x509v3/README.x509v3 2013-05-17 18:50:02.156263192 +0300 ++diff -ruN openssh-6.4p1/README.x509v3 openssh-6.4p1+x509-7.7/README.x509v3 ++--- openssh-6.4p1/README.x509v3 1970-01-01 02:00:00.000000000 +0200 +++++ openssh-6.4p1+x509-7.7/README.x509v3 2013-05-17 18:50:02.156263192 +0300 + @@ -0,0 +1,615 @@ + + Roumen Petrov + + Sofia, Bulgaria +@@ -14793,10 +14793,9 @@ + .It Cm ChallengeResponseAuthentication + Specifies whether challenge-response authentication is allowed (e.g. via + PAM or though authentication styles supported in +-@@ -490,6 +567,16 @@ ++@@ -490,5 +567,15 @@ + The default is + .Dq yes . +- Note that this option applies to protocol version 2 only. + +.It Cm HostbasedAlgorithms + +Specifies the protocol version 2 algorithms used in + +.Dq hostbased diff --git a/sdk_container/src/third_party/portage-stable/net-misc/openssh/files/openssh-6.5_p1-hpn-cipher-align.patch b/sdk_container/src/third_party/portage-stable/net-misc/openssh/files/openssh-6.5_p1-hpn-cipher-align.patch new file mode 100644 index 0000000000..cfb060fdc5 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/net-misc/openssh/files/openssh-6.5_p1-hpn-cipher-align.patch @@ -0,0 +1,114 @@ +https://bugs.gentoo.org/498632 + +make sure we do not use unaligned loads/stores as some arches really hate that. + +--- a/cipher-ctr-mt.c ++++ b/cipher-ctr-mt.c +@@ -58,8 +58,16 @@ + /* Collect thread stats and print at cancellation when in debug mode */ + /* #define CIPHER_THREAD_STATS */ + +-/* Use single-byte XOR instead of 8-byte XOR */ +-/* #define CIPHER_BYTE_XOR */ ++/* Can the system do unaligned loads natively? */ ++#if defined(__aarch64__) || \ ++ defined(__i386__) || \ ++ defined(__powerpc__) || \ ++ defined(__x86_64__) ++# define CIPHER_UNALIGNED_OK ++#endif ++#if defined(__SIZEOF_INT128__) ++# define CIPHER_INT128_OK ++#endif + /*-------------------- END TUNABLES --------------------*/ + + +@@ -285,8 +293,20 @@ thread_loop(void *x) + + static int + ssh_aes_ctr(EVP_CIPHER_CTX *ctx, u_char *dest, const u_char *src, +- u_int len) ++ size_t len) + { ++ typedef union { ++#ifdef CIPHER_INT128_OK ++ __uint128_t *u128; ++#endif ++ uint64_t *u64; ++ uint32_t *u32; ++ uint8_t *u8; ++ const uint8_t *cu8; ++ uintptr_t u; ++ } ptrs_t; ++ ptrs_t destp, srcp, bufp; ++ uintptr_t align; + struct ssh_aes_ctr_ctx *c; + struct kq *q, *oldq; + int ridx; +@@ -301,35 +321,41 @@ ssh_aes_ctr(EVP_CIPHER_CTX *ctx, u_char *dest, const u_char *src, + ridx = c->ridx; + + /* src already padded to block multiple */ ++ srcp.cu8 = src; ++ destp.u8 = dest; + while (len > 0) { + buf = q->keys[ridx]; ++ bufp.u8 = buf; + +-#ifdef CIPHER_BYTE_XOR +- dest[0] = src[0] ^ buf[0]; +- dest[1] = src[1] ^ buf[1]; +- dest[2] = src[2] ^ buf[2]; +- dest[3] = src[3] ^ buf[3]; +- dest[4] = src[4] ^ buf[4]; +- dest[5] = src[5] ^ buf[5]; +- dest[6] = src[6] ^ buf[6]; +- dest[7] = src[7] ^ buf[7]; +- dest[8] = src[8] ^ buf[8]; +- dest[9] = src[9] ^ buf[9]; +- dest[10] = src[10] ^ buf[10]; +- dest[11] = src[11] ^ buf[11]; +- dest[12] = src[12] ^ buf[12]; +- dest[13] = src[13] ^ buf[13]; +- dest[14] = src[14] ^ buf[14]; +- dest[15] = src[15] ^ buf[15]; +-#else +- *(uint64_t *)dest = *(uint64_t *)src ^ *(uint64_t *)buf; +- *(uint64_t *)(dest + 8) = *(uint64_t *)(src + 8) ^ +- *(uint64_t *)(buf + 8); +-#endif ++ /* figure out the alignment on the fly */ ++#ifdef CIPHER_UNALIGNED_OK ++ align = 0; ++#else ++ align = destp.u | srcp.u | bufp.u; ++#endif ++ ++#ifdef CIPHER_INT128_OK ++ if ((align & 0xf) == 0) { ++ destp.u128[0] = srcp.u128[0] ^ bufp.u128[0]; ++ } else ++#endif ++ if ((align & 0x7) == 0) { ++ destp.u64[0] = srcp.u64[0] ^ bufp.u64[0]; ++ destp.u64[1] = srcp.u64[1] ^ bufp.u64[1]; ++ } else if ((align & 0x3) == 0) { ++ destp.u32[0] = srcp.u32[0] ^ bufp.u32[0]; ++ destp.u32[1] = srcp.u32[1] ^ bufp.u32[1]; ++ destp.u32[2] = srcp.u32[2] ^ bufp.u32[2]; ++ destp.u32[3] = srcp.u32[3] ^ bufp.u32[3]; ++ } else { ++ size_t i; ++ for (i = 0; i < AES_BLOCK_SIZE; ++i) ++ dest[i] = src[i] ^ buf[i]; ++ } + +- dest += 16; +- src += 16; +- len -= 16; ++ destp.u += AES_BLOCK_SIZE; ++ srcp.u += AES_BLOCK_SIZE; ++ len -= AES_BLOCK_SIZE; + ssh_ctr_inc(ctx->iv, AES_BLOCK_SIZE); + + /* Increment read index, switch queues on rollover */ diff --git a/sdk_container/src/third_party/portage-stable/net-misc/openssh/files/openssh-6.6_p1-openssl-ignore-status.patch b/sdk_container/src/third_party/portage-stable/net-misc/openssh/files/openssh-6.6_p1-openssl-ignore-status.patch new file mode 100644 index 0000000000..6db6b97dbe --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/net-misc/openssh/files/openssh-6.6_p1-openssl-ignore-status.patch @@ -0,0 +1,17 @@ +the last nibble of the openssl version represents the status. that is, +whether it is a beta or release. when it comes to version checks in +openssh, this component does not matter, so ignore it. + +https://bugzilla.mindrot.org/show_bug.cgi?id=2212 + +--- a/entropy.c ++++ b/entropy.c +@@ -216,7 +216,7 @@ seed_rng(void) + * allow 1.0.1 to work with 1.0.0). Going backwards is only allowed + * within a patch series. + */ +- u_long version_mask = SSLeay() >= 0x1000000f ? ~0xffff0L : ~0xff0L; ++ u_long version_mask = SSLeay() >= 0x1000000f ? ~0xfffffL : ~0xff0L; + if (((SSLeay() ^ OPENSSL_VERSION_NUMBER) & version_mask) || + (SSLeay() >> 12) < (OPENSSL_VERSION_NUMBER >> 12)) + fatal("OpenSSL version mismatch. Built against %lx, you " diff --git a/sdk_container/src/third_party/portage-stable/net-misc/openssh/files/openssh-6.6_p1-x509-glue.patch b/sdk_container/src/third_party/portage-stable/net-misc/openssh/files/openssh-6.6_p1-x509-glue.patch new file mode 100644 index 0000000000..0ba3e456f9 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/net-misc/openssh/files/openssh-6.6_p1-x509-glue.patch @@ -0,0 +1,16 @@ +Make x509 apply after openssh-5.9_p1-sshd-gssapi-multihomed.patch. + +--- openssh-6.6p1+x509-7.9.diff ++++ openssh-6.6p1+x509-7.9.diff +@@ -15473,10 +15473,9 @@ + .It Cm ChallengeResponseAuthentication + Specifies whether challenge-response authentication is allowed (e.g. via + PAM or though authentication styles supported in +-@@ -499,6 +576,16 @@ ++@@ -499,5 +576,15 @@ + The default is + .Dq yes . +- Note that this option applies to protocol version 2 only. + +.It Cm HostbasedAlgorithms + +Specifies the protocol version 2 algorithms used in + +.Dq hostbased diff --git a/sdk_container/src/third_party/portage-stable/net-misc/openssh/files/openssh-6.6_p1-x509-hpn14v4-glue-p2.patch b/sdk_container/src/third_party/portage-stable/net-misc/openssh/files/openssh-6.6_p1-x509-hpn14v4-glue-p2.patch new file mode 100644 index 0000000000..a69830e089 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/net-misc/openssh/files/openssh-6.6_p1-x509-hpn14v4-glue-p2.patch @@ -0,0 +1,26 @@ +make the hpn patch apply when the x509 patch has also been applied + +--- openssh-6.6p1-hpnssh14v4.diff ++++ openssh-6.6p1-hpnssh14v4.diff +@@ -1742,18 +1742,14 @@ + if (options->ip_qos_interactive == -1) + options->ip_qos_interactive = IPTOS_LOWDELAY; + if (options->ip_qos_bulk == -1) +-@@ -345,9 +393,10 @@ ++@@ -345,6 +393,7 @@ + sUsePrivilegeSeparation, sAllowAgentForwarding, + sHostCertificate, + sRevokedKeys, sTrustedUserCAKeys, sAuthorizedPrincipalsFile, +-+ sTcpRcvBufPoll, sHPNDisabled, sHPNBufferSize, +++ sTcpRcvBufPoll, sHPNDisabled, sHPNBufferSize, sNoneEnabled, + sKexAlgorithms, sIPQoS, sVersionAddendum, + sAuthorizedKeysCommand, sAuthorizedKeysCommandUser, +-- sAuthenticationMethods, sHostKeyAgent, +-+ sAuthenticationMethods, sNoneEnabled, sHostKeyAgent, +- sDeprecated, sUnsupported +- } ServerOpCodes; +- ++ sAuthenticationMethods, sHostKeyAgent, + @@ -468,6 +517,10 @@ + { "revokedkeys", sRevokedKeys, SSHCFG_ALL }, + { "trustedusercakeys", sTrustedUserCAKeys, SSHCFG_ALL }, diff --git a/sdk_container/src/third_party/portage-stable/net-misc/openssh/files/sshd.rc6.4 b/sdk_container/src/third_party/portage-stable/net-misc/openssh/files/sshd.rc6.4 index 7a4be21364..1b872bc875 100755 --- a/sdk_container/src/third_party/portage-stable/net-misc/openssh/files/sshd.rc6.4 +++ b/sdk_container/src/third_party/portage-stable/net-misc/openssh/files/sshd.rc6.4 @@ -1,9 +1,9 @@ #!/sbin/runscript -# Copyright 1999-2012 Gentoo Foundation +# Copyright 1999-2013 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/net-misc/openssh/files/sshd.rc6.4,v 1.2 2012/11/28 01:07:04 robbat2 Exp $ +# $Header: /var/cvsroot/gentoo-x86/net-misc/openssh/files/sshd.rc6.4,v 1.3 2013/04/24 03:13:03 vapier Exp $ -extra_commands="checkconfig gen_keys" +extra_commands="checkconfig" extra_started_commands="reload" SSHD_CONFDIR=${SSHD_CONFDIR:-/etc/ssh} @@ -47,7 +47,7 @@ checkconfig() { return 1 fi - gen_keys || return 1 + ssh-keygen -A || return 1 [ "${SSHD_PIDFILE}" != "/var/run/sshd.pid" ] \ && SSHD_OPTS="${SSHD_OPTS} -o PidFile=${SSHD_PIDFILE}" @@ -57,25 +57,6 @@ checkconfig() { "${SSHD_BINARY}" -t ${SSHD_OPTS} || return 1 } -gen_key() { - keytype=$1 - [ $# -eq 1 ] && ks="${keytype}_" - key="${SSHD_CONFDIR}/ssh_host_${ks}key" - if [ ! -e "${key}" ] ; then - ebegin "Generating ${keytype} host key" - ssh-keygen -t ${keytype} -f "${key}" -N '' - eend $? || return $? - fi -} - -gen_keys() { - if egrep -q '^[[:space:]]*Protocol[[:space:]]+.*1' "${SSHD_CONFDIR}"/sshd_config ; then - gen_key rsa1 "" || return 1 - fi - gen_key dsa && gen_key rsa && gen_key ecdsa - return $? -} - start() { checkconfig || return 1 diff --git a/sdk_container/src/third_party/portage-stable/net-misc/openssh/files/sshd.service b/sdk_container/src/third_party/portage-stable/net-misc/openssh/files/sshd.service index 45f823ac1e..b5e96b3a25 100644 --- a/sdk_container/src/third_party/portage-stable/net-misc/openssh/files/sshd.service +++ b/sdk_container/src/third_party/portage-stable/net-misc/openssh/files/sshd.service @@ -3,6 +3,7 @@ Description=OpenSSH server daemon After=syslog.target network.target auditd.service [Service] +ExecStartPre=/usr/bin/ssh-keygen -A ExecStart=/usr/sbin/sshd -D -e ExecReload=/bin/kill -HUP $MAINPID diff --git a/sdk_container/src/third_party/portage-stable/net-misc/openssh/metadata.xml b/sdk_container/src/third_party/portage-stable/net-misc/openssh/metadata.xml index b7a3d5cc1d..5765fa2ac5 100644 --- a/sdk_container/src/third_party/portage-stable/net-misc/openssh/metadata.xml +++ b/sdk_container/src/third_party/portage-stable/net-misc/openssh/metadata.xml @@ -27,4 +27,7 @@ ssh-keygen and sftp-server. OpenSSH supports SSH protocol versions 1.3, 1.5, and Use LDNS for DNSSEC/SSHFP validation. Adds support for X.509 certificate authentication + + cpe:/a:openssh:openssh + diff --git a/sdk_container/src/third_party/portage-stable/net-misc/openssh/openssh-5.9_p1-r4.ebuild b/sdk_container/src/third_party/portage-stable/net-misc/openssh/openssh-5.9_p1-r4.ebuild deleted file mode 100644 index c8718324d8..0000000000 --- a/sdk_container/src/third_party/portage-stable/net-misc/openssh/openssh-5.9_p1-r4.ebuild +++ /dev/null @@ -1,279 +0,0 @@ -# Copyright 1999-2013 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/net-misc/openssh/openssh-5.9_p1-r4.ebuild,v 1.14 2013/01/18 01:14:14 robbat2 Exp $ - -EAPI="2" -inherit eutils user flag-o-matic multilib autotools pam systemd - -# Make it more portable between straight releases -# and _p? releases. -PARCH=${P/_} - -HPN_PATCH="${PARCH}-hpn13v11.diff.gz" -LDAP_PATCH="${PARCH/-/-lpk-}-0.3.14.patch.gz" -X509_VER="7.0" X509_PATCH="${PARCH}+x509-${X509_VER}.diff.gz" - -DESCRIPTION="Port of OpenBSD's free SSH release" -HOMEPAGE="http://www.openssh.org/" -SRC_URI="mirror://openbsd/OpenSSH/portable/${PARCH}.tar.gz - ${HPN_PATCH:+hpn? ( http://www.psc.edu/networking/projects/hpn-ssh/${HPN_PATCH} mirror://gentoo/${HPN_PATCH} )} - ${LDAP_PATCH:+ldap? ( mirror://gentoo/${LDAP_PATCH} )} - ${X509_PATCH:+X509? ( http://roumenpetrov.info/openssh/x509-${X509_VER}/${X509_PATCH} )} - " - -LICENSE="BSD GPL-2" -SLOT="0" -KEYWORDS="alpha amd64 arm hppa ia64 m68k ~mips ppc ppc64 s390 sh sparc x86 ~sparc-fbsd ~x86-fbsd" -IUSE="bindist ${HPN_PATCH:++}hpn kerberos ldap libedit pam selinux skey static tcpd X X509" - -RDEPEND="pam? ( virtual/pam ) - kerberos? ( virtual/krb5 ) - selinux? ( >=sys-libs/libselinux-1.28 ) - skey? ( >=sys-auth/skey-1.1.5-r1 ) - ldap? ( net-nds/openldap ) - libedit? ( dev-libs/libedit ) - >=dev-libs/openssl-0.9.6d:0[bindist=] - >=sys-libs/zlib-1.2.3 - tcpd? ( >=sys-apps/tcp-wrappers-7.6 ) - X? ( x11-apps/xauth ) - userland_GNU? ( virtual/shadow )" -DEPEND="${RDEPEND} - virtual/pkgconfig - virtual/os-headers - sys-devel/autoconf" -RDEPEND="${RDEPEND} - pam? ( >=sys-auth/pambase-20081028 )" - -S=${WORKDIR}/${PARCH} - -pkg_setup() { - # this sucks, but i'd rather have people unable to `emerge -u openssh` - # than not be able to log in to their server any more - maybe_fail() { [[ -z ${!2} ]] && echo ${1} ; } - local fail=" - $(use X509 && maybe_fail X509 X509_PATCH) - $(use ldap && maybe_fail ldap LDAP_PATCH) - $(use hpn && maybe_fail hpn HPN_PATCH) - " - fail=$(echo ${fail}) - if [[ -n ${fail} ]] ; then - eerror "Sorry, but this version does not yet support features" - eerror "that you requested: ${fail}" - eerror "Please mask ${PF} for now and check back later:" - eerror " # echo '=${CATEGORY}/${PF}' >> /etc/portage/package.mask" - die "booooo" - fi -} - -src_prepare() { - sed -i \ - -e '/_PATH_XAUTH/s:/usr/X11R6/bin/xauth:/usr/bin/xauth:' \ - pathnames.h || die - # keep this as we need it to avoid the conflict between LPK and HPN changing - # this file. - cp version.h version.h.pristine - - # don't break .ssh/authorized_keys2 for fun - sed -i '/^AuthorizedKeysFile/s:^:#:' sshd_config || die - - epatch "${FILESDIR}"/${PN}-5.9_p1-drop-openssl-check.patch - epatch "${FILESDIR}"/${PN}-5.9_p1-sshd-gssapi-multihomed.patch #378361 - if use X509 ; then - pushd .. >/dev/null - epatch "${FILESDIR}"/${PN}-5.9_p1-x509-glue.patch - popd >/dev/null - epatch "${WORKDIR}"/${X509_PATCH%.*} - epatch "${FILESDIR}"/${PN}-5.8_p1-x509-hpn-glue.patch - fi - if ! use X509 ; then - if [[ -n ${LDAP_PATCH} ]] && use ldap ; then - epatch "${WORKDIR}"/${LDAP_PATCH%.*} - #epatch "${FILESDIR}"/${PN}-5.2p1-ldap-stdargs.diff #266654 - merged - # version.h patch conflict avoidence - mv version.h version.h.lpk - cp -f version.h.pristine version.h - fi - else - use ldap && ewarn "Sorry, X509 and LDAP conflict internally, disabling LDAP" - fi - epatch "${FILESDIR}"/${PN}-4.7_p1-GSSAPI-dns.patch #165444 integrated into gsskex - if [[ -n ${HPN_PATCH} ]] && use hpn; then - epatch "${WORKDIR}"/${HPN_PATCH%.*} - epatch "${FILESDIR}"/${PN}-5.6_p1-hpn-progressmeter.patch - # version.h patch conflict avoidence - mv version.h version.h.hpn - cp -f version.h.pristine version.h - # The AES-CTR multithreaded variant is broken, and causes random hangs - # when combined background threading and control sockets. To avoid - # this, we change the internal table to use the non-multithread version - # for the meantime. Do NOT remove this in new versions. See bug #354113 - # comment #6 for testcase. - # Upstream reference: http://www.psc.edu/networking/projects/hpn-ssh/ - ## Additionally, the MT-AES-CTR mode cipher replaces the default ST-AES-CTR mode - ## cipher. Be aware that if the client process is forked using the -f command line - ## option the process will hang as the parent thread gets 'divorced' from the key - ## generation threads. This issue will be resolved as soon as possible - sed -i \ - -e '/aes...-ctr.*SSH_CIPHER_SSH2/s,evp_aes_ctr_mt,evp_aes_128_ctr,' \ - cipher.c || die - fi - - sed -i "s:-lcrypto:$(pkg-config --libs openssl):" configure{,.ac} || die - - # Disable PATH reset, trust what portage gives us. bug 254615 - sed -i -e 's:^PATH=/:#PATH=/:' configure || die - - # Now we can build a sane merged version.h - ( - sed '/^#define SSH_RELEASE/d' version.h.* | sort -u - printf '#define SSH_RELEASE SSH_VERSION SSH_PORTABLE %s %s\n' \ - "$([ -e version.h.hpn ] && echo SSH_HPN)" \ - "$([ -e version.h.lpk ] && echo SSH_LPK)" - ) > version.h - - eautoreconf -} - -static_use_with() { - local flag=$1 - if use static && use ${flag} ; then - ewarn "Disabling '${flag}' support because of USE='static'" - # rebuild args so that we invert the first one (USE flag) - # but otherwise leave everything else working so we can - # just leverage use_with - shift - [[ -z $1 ]] && flag="${flag} ${flag}" - set -- !${flag} "$@" - fi - use_with "$@" -} - -src_configure() { - addwrite /dev/ptmx - addpredict /etc/skey/skeykeys #skey configure code triggers this - - use static && append-ldflags -static - - econf \ - --with-ldflags="${LDFLAGS}" \ - --disable-strip \ - --sysconfdir=/etc/ssh \ - --libexecdir=/usr/$(get_libdir)/misc \ - --datadir=/usr/share/openssh \ - --with-privsep-path=/var/empty \ - --with-privsep-user=sshd \ - --with-md5-passwords \ - --with-ssl-engine \ - $(static_use_with pam) \ - $(static_use_with kerberos kerberos5 /usr) \ - ${LDAP_PATCH:+$(use X509 || ( use ldap && use_with ldap ))} \ - $(use_with libedit) \ - $(use_with selinux) \ - $(use_with skey) \ - $(use_with tcpd tcp-wrappers) -} - -src_install() { - emake install-nokeys DESTDIR="${D}" || die - fperms 600 /etc/ssh/sshd_config - dobin contrib/ssh-copy-id || die - newinitd "${FILESDIR}"/sshd.rc6.3 sshd - newconfd "${FILESDIR}"/sshd.confd sshd - keepdir /var/empty - - # not all openssl installs support ecc, or are functional #352645 - if ! grep -q '#define OPENSSL_HAS_ECC 1' config.h ; then - elog "dev-libs/openssl was built with 'bindist' - disabling ecdsa support" - dosed 's:&& gen_key ecdsa::' /etc/init.d/sshd || die - fi - - newpamd "${FILESDIR}"/sshd.pam_include.2 sshd - if use pam ; then - sed -i \ - -e "/^#UsePAM /s:.*:UsePAM yes:" \ - -e "/^#PasswordAuthentication /s:.*:PasswordAuthentication no:" \ - -e "/^#PrintMotd /s:.*:PrintMotd no:" \ - -e "/^#PrintLastLog /s:.*:PrintLastLog no:" \ - "${D}"/etc/ssh/sshd_config || die "sed of configuration file failed" - fi - - # This instruction is from the HPN webpage, - # Used for the server logging functionality - if [[ -n ${HPN_PATCH} ]] && use hpn ; then - keepdir /var/empty/dev - fi - - if use ldap ; then - insinto /etc/openldap/schema/ - newins openssh-lpk_openldap.schema openssh-lpk.schema - fi - - doman contrib/ssh-copy-id.1 - dodoc ChangeLog CREDITS OVERVIEW README* TODO sshd_config - - diropts -m 0700 - dodir /etc/skel/.ssh - - systemd_dounit "${FILESDIR}"/sshd.{service,socket} || die - systemd_newunit "${FILESDIR}"/sshd_at.service 'sshd@.service' || die -} - -src_test() { - local t tests skipped failed passed shell - tests="interop-tests compat-tests" - skipped="" - shell=$(egetshell ${UID}) - if [[ ${shell} == */nologin ]] || [[ ${shell} == */false ]] ; then - elog "Running the full OpenSSH testsuite" - elog "requires a usable shell for the 'portage'" - elog "user, so we will run a subset only." - skipped="${skipped} tests" - else - tests="${tests} tests" - fi - # It will also attempt to write to the homedir .ssh - local sshhome=${T}/homedir - mkdir -p "${sshhome}"/.ssh - for t in ${tests} ; do - # Some tests read from stdin ... - HOMEDIR="${sshhome}" \ - emake -k -j1 ${t} > /etc/portage/package.mask" - die "booooo" - fi -} - -save_version() { - # version.h patch conflict avoidence - mv version.h version.h.$1 - cp -f version.h.pristine version.h -} - -src_prepare() { - sed -i \ - -e '/_PATH_XAUTH/s:/usr/X11R6/bin/xauth:/usr/bin/xauth:' \ - pathnames.h || die - # keep this as we need it to avoid the conflict between LPK and HPN changing - # this file. - cp version.h version.h.pristine - - # don't break .ssh/authorized_keys2 for fun - sed -i '/^AuthorizedKeysFile/s:^:#:' sshd_config || die - - epatch "${FILESDIR}"/${PN}-5.9_p1-sshd-gssapi-multihomed.patch #378361 - if use X509 ; then - pushd .. >/dev/null - epatch "${FILESDIR}"/${PN}-6.0_p1-x509-glue.patch - popd >/dev/null - epatch "${WORKDIR}"/${X509_PATCH%.*} - epatch "${FILESDIR}"/${PN}-6.0_p1-x509-hpn-glue.patch - save_version X509 - fi - if ! use X509 ; then - if [[ -n ${LDAP_PATCH} ]] && use ldap ; then - epatch "${WORKDIR}"/${LDAP_PATCH%.*} - save_version LPK - fi - else - use ldap && ewarn "Sorry, X509 and LDAP conflict internally, disabling LDAP" - fi - epatch "${FILESDIR}"/${PN}-6.0_p1-test.patch #391011 - epatch "${FILESDIR}"/${PN}-6.0_p1-fix-freebsd-compilation.patch #391011 - epatch "${FILESDIR}"/${PN}-4.7_p1-GSSAPI-dns.patch #165444 integrated into gsskex - if [[ -n ${HPN_PATCH} ]] && use hpn; then - epatch "${WORKDIR}"/${HPN_PATCH%.*} - epatch "${FILESDIR}"/${PN}-5.6_p1-hpn-progressmeter.patch - save_version HPN - # The AES-CTR multithreaded variant is broken, and causes random hangs - # when combined background threading and control sockets. To avoid - # this, we change the internal table to use the non-multithread version - # for the meantime. Do NOT remove this in new versions. See bug #354113 - # comment #6 for testcase. - # Upstream reference: http://www.psc.edu/networking/projects/hpn-ssh/ - ## Additionally, the MT-AES-CTR mode cipher replaces the default ST-AES-CTR mode - ## cipher. Be aware that if the client process is forked using the -f command line - ## option the process will hang as the parent thread gets 'divorced' from the key - ## generation threads. This issue will be resolved as soon as possible - sed -i \ - -e '/aes...-ctr.*SSH_CIPHER_SSH2/s,evp_aes_ctr_mt,evp_aes_128_ctr,' \ - cipher.c || die - fi - - sed -i "s:-lcrypto:$(pkg-config --libs openssl):" configure{,.ac} || die - - # Disable PATH reset, trust what portage gives us. bug 254615 - sed -i -e 's:^PATH=/:#PATH=/:' configure || die - - # Now we can build a sane merged version.h - ( - sed '/^#define SSH_RELEASE/d' version.h.* | sort -u - macros=() - for p in HPN LPK X509 ; do [ -e version.h.${p} ] && macros+=( SSH_${p} ) ; done - printf '#define SSH_RELEASE SSH_VERSION SSH_PORTABLE %s\n' "${macros}" - ) > version.h - - eautoreconf -} - -static_use_with() { - local flag=$1 - if use static && use ${flag} ; then - ewarn "Disabling '${flag}' support because of USE='static'" - # rebuild args so that we invert the first one (USE flag) - # but otherwise leave everything else working so we can - # just leverage use_with - shift - [[ -z $1 ]] && flag="${flag} ${flag}" - set -- !${flag} "$@" - fi - use_with "$@" -} - -src_configure() { - addwrite /dev/ptmx - addpredict /etc/skey/skeykeys #skey configure code triggers this - - use static && append-ldflags -static - - econf \ - --with-ldflags="${LDFLAGS}" \ - --disable-strip \ - --sysconfdir=/etc/ssh \ - --libexecdir=/usr/$(get_libdir)/misc \ - --datadir=/usr/share/openssh \ - --with-privsep-path=/var/empty \ - --with-privsep-user=sshd \ - --with-md5-passwords \ - --with-ssl-engine \ - $(static_use_with pam) \ - $(static_use_with kerberos kerberos5 /usr) \ - ${LDAP_PATCH:+$(use X509 || ( use ldap && use_with ldap ))} \ - $(use_with libedit) \ - $(use_with selinux) \ - $(use_with skey) \ - $(use_with tcpd tcp-wrappers) -} - -src_install() { - emake install-nokeys DESTDIR="${D}" || die - fperms 600 /etc/ssh/sshd_config - dobin contrib/ssh-copy-id || die - newinitd "${FILESDIR}"/sshd.rc6.3 sshd - newconfd "${FILESDIR}"/sshd.confd sshd - keepdir /var/empty - - # not all openssl installs support ecc, or are functional #352645 - if ! grep -q '#define OPENSSL_HAS_ECC 1' config.h ; then - elog "dev-libs/openssl was built with 'bindist' - disabling ecdsa support" - dosed 's:&& gen_key ecdsa::' /etc/init.d/sshd || die - fi - - newpamd "${FILESDIR}"/sshd.pam_include.2 sshd - if use pam ; then - sed -i \ - -e "/^#UsePAM /s:.*:UsePAM yes:" \ - -e "/^#PasswordAuthentication /s:.*:PasswordAuthentication no:" \ - -e "/^#PrintMotd /s:.*:PrintMotd no:" \ - -e "/^#PrintLastLog /s:.*:PrintLastLog no:" \ - "${D}"/etc/ssh/sshd_config || die "sed of configuration file failed" - fi - - # Gentoo tweaks to default config files - cat <<-EOF >> "${D}"/etc/ssh/sshd_config - - # Allow client to pass locale environment variables #367017 - AcceptEnv LANG LC_* - EOF - cat <<-EOF >> "${D}"/etc/ssh/ssh_config - - # Send locale environment variables #367017 - SendEnv LANG LC_* - EOF - - # This instruction is from the HPN webpage, - # Used for the server logging functionality - if [[ -n ${HPN_PATCH} ]] && use hpn ; then - keepdir /var/empty/dev - fi - - if use ldap ; then - insinto /etc/openldap/schema/ - newins openssh-lpk_openldap.schema openssh-lpk.schema - fi - - doman contrib/ssh-copy-id.1 - dodoc ChangeLog CREDITS OVERVIEW README* TODO sshd_config - - diropts -m 0700 - dodir /etc/skel/.ssh - - systemd_dounit "${FILESDIR}"/sshd.{service,socket} || die - systemd_newunit "${FILESDIR}"/sshd_at.service 'sshd@.service' || die -} - -src_test() { - local t tests skipped failed passed shell - tests="interop-tests compat-tests" - skipped="" - shell=$(egetshell ${UID}) - if [[ ${shell} == */nologin ]] || [[ ${shell} == */false ]] ; then - elog "Running the full OpenSSH testsuite" - elog "requires a usable shell for the 'portage'" - elog "user, so we will run a subset only." - skipped="${skipped} tests" - else - tests="${tests} tests" - fi - # It will also attempt to write to the homedir .ssh - local sshhome=${T}/homedir - mkdir -p "${sshhome}"/.ssh - for t in ${tests} ; do - # Some tests read from stdin ... - HOMEDIR="${sshhome}" \ - emake -k -j1 ${t} > /etc/portage/package.mask" - die "booooo" - fi -} - -save_version() { - # version.h patch conflict avoidence - mv version.h version.h.$1 - cp -f version.h.pristine version.h -} - -src_prepare() { - sed -i \ - -e '/_PATH_XAUTH/s:/usr/X11R6/bin/xauth:/usr/bin/xauth:' \ - pathnames.h || die - # keep this as we need it to avoid the conflict between LPK and HPN changing - # this file. - cp version.h version.h.pristine - - # don't break .ssh/authorized_keys2 for fun - sed -i '/^AuthorizedKeysFile/s:^:#:' sshd_config || die - - epatch "${FILESDIR}"/${PN}-5.9_p1-sshd-gssapi-multihomed.patch #378361 - if use X509 ; then - pushd .. >/dev/null - epatch "${FILESDIR}"/${PN}-6.0_p1-x509-glue.patch - popd >/dev/null - epatch "${WORKDIR}"/${X509_PATCH%.*} - epatch "${FILESDIR}"/${PN}-6.0_p1-x509-hpn-glue.patch - save_version X509 - fi - if ! use X509 ; then - if [[ -n ${LDAP_PATCH} ]] && use ldap ; then - epatch "${WORKDIR}"/${LDAP_PATCH%.*} - save_version LPK - fi - else - use ldap && ewarn "Sorry, X509 and LDAP conflict internally, disabling LDAP" - fi - epatch "${FILESDIR}"/${PN}-6.0_p1-test.patch #391011 - epatch "${FILESDIR}"/${PN}-6.0_p1-fix-freebsd-compilation.patch #391011 - epatch "${FILESDIR}"/${PN}-4.7_p1-GSSAPI-dns.patch #165444 integrated into gsskex - if [[ -n ${HPN_PATCH} ]] && use hpn; then - epatch "${WORKDIR}"/${HPN_PATCH%.*} - epatch "${FILESDIR}"/${PN}-6.0_p1-hpn-progressmeter.patch - save_version HPN - # The AES-CTR multithreaded variant is broken, and causes random hangs - # when combined background threading and control sockets. To avoid - # this, we change the internal table to use the non-multithread version - # for the meantime. Do NOT remove this in new versions. See bug #354113 - # comment #6 for testcase. - # Upstream reference: http://www.psc.edu/networking/projects/hpn-ssh/ - ## Additionally, the MT-AES-CTR mode cipher replaces the default ST-AES-CTR mode - ## cipher. Be aware that if the client process is forked using the -f command line - ## option the process will hang as the parent thread gets 'divorced' from the key - ## generation threads. This issue will be resolved as soon as possible - sed -i \ - -e '/aes...-ctr.*SSH_CIPHER_SSH2/s,evp_aes_ctr_mt,evp_aes_128_ctr,' \ - cipher.c || die - fi - - sed -i "s:-lcrypto:$(pkg-config --libs openssl):" configure{,.ac} || die - - # Disable PATH reset, trust what portage gives us. bug 254615 - sed -i -e 's:^PATH=/:#PATH=/:' configure || die - - # Now we can build a sane merged version.h - ( - sed '/^#define SSH_RELEASE/d' version.h.* | sort -u - macros=() - for p in HPN LPK X509 ; do [ -e version.h.${p} ] && macros+=( SSH_${p} ) ; done - printf '#define SSH_RELEASE SSH_VERSION SSH_PORTABLE %s\n' "${macros}" - ) > version.h - - eautoreconf -} - -static_use_with() { - local flag=$1 - if use static && use ${flag} ; then - ewarn "Disabling '${flag}' support because of USE='static'" - # rebuild args so that we invert the first one (USE flag) - # but otherwise leave everything else working so we can - # just leverage use_with - shift - [[ -z $1 ]] && flag="${flag} ${flag}" - set -- !${flag} "$@" - fi - use_with "$@" -} - -src_configure() { - addwrite /dev/ptmx - addpredict /etc/skey/skeykeys #skey configure code triggers this - - use static && append-ldflags -static - - econf \ - --with-ldflags="${LDFLAGS}" \ - --disable-strip \ - --sysconfdir=/etc/ssh \ - --libexecdir=/usr/$(get_libdir)/misc \ - --datadir=/usr/share/openssh \ - --with-privsep-path=/var/empty \ - --with-privsep-user=sshd \ - --with-md5-passwords \ - --with-ssl-engine \ - $(static_use_with pam) \ - $(static_use_with kerberos kerberos5 /usr) \ - ${LDAP_PATCH:+$(use X509 || ( use ldap && use_with ldap ))} \ - $(use_with libedit) \ - $(use_with selinux) \ - $(use_with skey) \ - $(use_with tcpd tcp-wrappers) -} - -src_install() { - emake install-nokeys DESTDIR="${D}" || die - fperms 600 /etc/ssh/sshd_config - dobin contrib/ssh-copy-id || die - newinitd "${FILESDIR}"/sshd.rc6.3 sshd - newconfd "${FILESDIR}"/sshd.confd sshd - keepdir /var/empty - - # not all openssl installs support ecc, or are functional #352645 - if ! grep -q '#define OPENSSL_HAS_ECC 1' config.h ; then - elog "dev-libs/openssl was built with 'bindist' - disabling ecdsa support" - dosed 's:&& gen_key ecdsa::' /etc/init.d/sshd || die - fi - - newpamd "${FILESDIR}"/sshd.pam_include.2 sshd - if use pam ; then - sed -i \ - -e "/^#UsePAM /s:.*:UsePAM yes:" \ - -e "/^#PasswordAuthentication /s:.*:PasswordAuthentication no:" \ - -e "/^#PrintMotd /s:.*:PrintMotd no:" \ - -e "/^#PrintLastLog /s:.*:PrintLastLog no:" \ - "${D}"/etc/ssh/sshd_config || die "sed of configuration file failed" - fi - - # Gentoo tweaks to default config files - cat <<-EOF >> "${D}"/etc/ssh/sshd_config - - # Allow client to pass locale environment variables #367017 - AcceptEnv LANG LC_* - EOF - cat <<-EOF >> "${D}"/etc/ssh/ssh_config - - # Send locale environment variables #367017 - SendEnv LANG LC_* - EOF - - # This instruction is from the HPN webpage, - # Used for the server logging functionality - if [[ -n ${HPN_PATCH} ]] && use hpn ; then - keepdir /var/empty/dev - fi - - if use ldap ; then - insinto /etc/openldap/schema/ - newins openssh-lpk_openldap.schema openssh-lpk.schema - fi - - doman contrib/ssh-copy-id.1 - dodoc ChangeLog CREDITS OVERVIEW README* TODO sshd_config - - diropts -m 0700 - dodir /etc/skel/.ssh - - systemd_dounit "${FILESDIR}"/sshd.{service,socket} || die - systemd_newunit "${FILESDIR}"/sshd_at.service 'sshd@.service' || die -} - -src_test() { - local t tests skipped failed passed shell - tests="interop-tests compat-tests" - skipped="" - shell=$(egetshell ${UID}) - if [[ ${shell} == */nologin ]] || [[ ${shell} == */false ]] ; then - elog "Running the full OpenSSH testsuite" - elog "requires a usable shell for the 'portage'" - elog "user, so we will run a subset only." - skipped="${skipped} tests" - else - tests="${tests} tests" - fi - # It will also attempt to write to the homedir .ssh - local sshhome=${T}/homedir - mkdir -p "${sshhome}"/.ssh - for t in ${tests} ; do - # Some tests read from stdin ... - HOMEDIR="${sshhome}" \ - emake -k -j1 ${t} > /etc/portage/package.mask" - die "booooo" - fi -} - -save_version() { - # version.h patch conflict avoidence - mv version.h version.h.$1 - cp -f version.h.pristine version.h -} - -src_prepare() { - sed -i \ - -e '/_PATH_XAUTH/s:/usr/X11R6/bin/xauth:/usr/bin/xauth:' \ - pathnames.h || die - # keep this as we need it to avoid the conflict between LPK and HPN changing - # this file. - cp version.h version.h.pristine - - # don't break .ssh/authorized_keys2 for fun - sed -i '/^AuthorizedKeysFile/s:^:#:' sshd_config || die - - epatch "${FILESDIR}"/${PN}-5.9_p1-sshd-gssapi-multihomed.patch #378361 - if use X509 ; then - pushd .. >/dev/null - epatch "${FILESDIR}"/${PN}-6.1_p1-x509-glue.patch - popd >/dev/null - epatch "${WORKDIR}"/${X509_PATCH%.*} - epatch "${FILESDIR}"/${PN}-6.1_p1-x509-hpn-glue.patch - save_version X509 - fi - if ! use X509 ; then - if [[ -n ${LDAP_PATCH} ]] && use ldap ; then - epatch "${WORKDIR}"/${LDAP_PATCH%.*} - save_version LPK - fi - else - use ldap && ewarn "Sorry, X509 and LDAP conflict internally, disabling LDAP" - fi - epatch "${FILESDIR}"/${PN}-6.0_p1-fix-freebsd-compilation.patch #391011 - epatch "${FILESDIR}"/${PN}-4.7_p1-GSSAPI-dns.patch #165444 integrated into gsskex - if [[ -n ${HPN_PATCH} ]] && use hpn; then - epatch "${WORKDIR}"/${HPN_PATCH%.*} - epatch "${FILESDIR}"/${PN}-5.6_p1-hpn-progressmeter.patch - save_version HPN - # The AES-CTR multithreaded variant is broken, and causes random hangs - # when combined background threading and control sockets. To avoid - # this, we change the internal table to use the non-multithread version - # for the meantime. Do NOT remove this in new versions. See bug #354113 - # comment #6 for testcase. - # Upstream reference: http://www.psc.edu/networking/projects/hpn-ssh/ - ## Additionally, the MT-AES-CTR mode cipher replaces the default ST-AES-CTR mode - ## cipher. Be aware that if the client process is forked using the -f command line - ## option the process will hang as the parent thread gets 'divorced' from the key - ## generation threads. This issue will be resolved as soon as possible - sed -i \ - -e '/aes...-ctr.*SSH_CIPHER_SSH2/s,evp_aes_ctr_mt,evp_aes_128_ctr,' \ - cipher.c || die - fi - - tc-export PKG_CONFIG - sed -i "s:-lcrypto:$(${PKG_CONFIG} --libs openssl):" configure{,.ac} || die - - # Disable PATH reset, trust what portage gives us. bug 254615 - sed -i -e 's:^PATH=/:#PATH=/:' configure || die - - # Now we can build a sane merged version.h - ( - sed '/^#define SSH_RELEASE/d' version.h.* | sort -u - macros=() - for p in HPN LPK X509 ; do [ -e version.h.${p} ] && macros+=( SSH_${p} ) ; done - printf '#define SSH_RELEASE SSH_VERSION SSH_PORTABLE %s\n' "${macros}" - ) > version.h - - eautoreconf -} - -static_use_with() { - local flag=$1 - if use static && use ${flag} ; then - ewarn "Disabling '${flag}' support because of USE='static'" - # rebuild args so that we invert the first one (USE flag) - # but otherwise leave everything else working so we can - # just leverage use_with - shift - [[ -z $1 ]] && flag="${flag} ${flag}" - set -- !${flag} "$@" - fi - use_with "$@" -} - -src_configure() { - addwrite /dev/ptmx - addpredict /etc/skey/skeykeys #skey configure code triggers this - - use static && append-ldflags -static - - econf \ - --with-ldflags="${LDFLAGS}" \ - --disable-strip \ - --with-pid-dir=/var/run \ - --sysconfdir=/etc/ssh \ - --libexecdir=/usr/$(get_libdir)/misc \ - --datadir=/usr/share/openssh \ - --with-privsep-path=/var/empty \ - --with-privsep-user=sshd \ - --with-md5-passwords \ - --with-ssl-engine \ - $(static_use_with pam) \ - $(static_use_with kerberos kerberos5 /usr) \ - ${LDAP_PATCH:+$(use X509 || ( use ldap && use_with ldap ))} \ - $(use_with libedit) \ - $(use_with selinux) \ - $(use_with skey) \ - $(use_with tcpd tcp-wrappers) -} - -src_install() { - emake install-nokeys DESTDIR="${D}" - fperms 600 /etc/ssh/sshd_config - dobin contrib/ssh-copy-id - newinitd "${FILESDIR}"/sshd.rc6.3 sshd - newconfd "${FILESDIR}"/sshd.confd sshd - keepdir /var/empty - - # not all openssl installs support ecc, or are functional #352645 - if ! grep -q '#define OPENSSL_HAS_ECC 1' config.h ; then - elog "dev-libs/openssl was built with 'bindist' - disabling ecdsa support" - sed -i 's:&& gen_key ecdsa::' "${ED}"/etc/init.d/sshd || die - fi - - newpamd "${FILESDIR}"/sshd.pam_include.2 sshd - if use pam ; then - sed -i \ - -e "/^#UsePAM /s:.*:UsePAM yes:" \ - -e "/^#PasswordAuthentication /s:.*:PasswordAuthentication no:" \ - -e "/^#PrintMotd /s:.*:PrintMotd no:" \ - -e "/^#PrintLastLog /s:.*:PrintLastLog no:" \ - "${ED}"/etc/ssh/sshd_config || die "sed of configuration file failed" - fi - - # Gentoo tweaks to default config files - cat <<-EOF >> "${ED}"/etc/ssh/sshd_config - - # Allow client to pass locale environment variables #367017 - AcceptEnv LANG LC_* - EOF - cat <<-EOF >> "${ED}"/etc/ssh/ssh_config - - # Send locale environment variables #367017 - SendEnv LANG LC_* - EOF - - # This instruction is from the HPN webpage, - # Used for the server logging functionality - if [[ -n ${HPN_PATCH} ]] && use hpn ; then - keepdir /var/empty/dev - fi - - if use ldap ; then - insinto /etc/openldap/schema/ - newins openssh-lpk_openldap.schema openssh-lpk.schema - fi - - doman contrib/ssh-copy-id.1 - dodoc ChangeLog CREDITS OVERVIEW README* TODO sshd_config - - diropts -m 0700 - dodir /etc/skel/.ssh - - systemd_dounit "${FILESDIR}"/sshd.{service,socket} - systemd_newunit "${FILESDIR}"/sshd_at.service 'sshd@.service' -} - -src_test() { - local t tests skipped failed passed shell - tests="interop-tests compat-tests" - skipped="" - shell=$(egetshell ${UID}) - if [[ ${shell} == */nologin ]] || [[ ${shell} == */false ]] ; then - elog "Running the full OpenSSH testsuite" - elog "requires a usable shell for the 'portage'" - elog "user, so we will run a subset only." - skipped="${skipped} tests" - else - tests="${tests} tests" - fi - # It will also attempt to write to the homedir .ssh - local sshhome=${T}/homedir - mkdir -p "${sshhome}"/.ssh - for t in ${tests} ; do - # Some tests read from stdin ... - HOMEDIR="${sshhome}" \ - emake -k -j1 ${t} /dev/null - epatch "${FILESDIR}"/${PN}-6.1_p1-x509-glue.patch + epatch "${FILESDIR}"/${PN}-6.6_p1-x509-glue.patch + use hpn && epatch "${FILESDIR}"/${PN}-6.6_p1-x509-hpn14v4-glue-p2.patch popd >/dev/null epatch "${WORKDIR}"/${X509_PATCH%.*} - epatch "${FILESDIR}"/${PN}-6.1_p1-x509-hpn-glue.patch + epatch "${FILESDIR}"/${PN}-6.3_p1-x509-hpn14v2-glue.patch save_version X509 fi if ! use X509 ; then @@ -115,32 +118,30 @@ src_prepare() { else use ldap && ewarn "Sorry, X509 and LDAP conflict internally, disabling LDAP" fi - epatch "${FILESDIR}"/${PN}-6.0_p1-fix-freebsd-compilation.patch #391011 epatch "${FILESDIR}"/${PN}-4.7_p1-GSSAPI-dns.patch #165444 integrated into gsskex + epatch "${FILESDIR}"/${PN}-6.6_p1-openssl-ignore-status.patch if [[ -n ${HPN_PATCH} ]] && use hpn; then epatch "${WORKDIR}"/${HPN_PATCH%.*} - epatch "${FILESDIR}"/${PN}-5.6_p1-hpn-progressmeter.patch + epatch "${FILESDIR}"/${PN}-6.5_p1-hpn-cipher-align.patch #498632 save_version HPN - # The AES-CTR multithreaded variant is broken, and causes random hangs - # when combined background threading and control sockets. To avoid - # this, we change the internal table to use the non-multithread version - # for the meantime. Do NOT remove this in new versions. See bug #354113 - # comment #6 for testcase. - # Upstream reference: http://www.psc.edu/networking/projects/hpn-ssh/ - ## Additionally, the MT-AES-CTR mode cipher replaces the default ST-AES-CTR mode - ## cipher. Be aware that if the client process is forked using the -f command line - ## option the process will hang as the parent thread gets 'divorced' from the key - ## generation threads. This issue will be resolved as soon as possible - sed -i \ - -e '/aes...-ctr.*SSH_CIPHER_SSH2/s,evp_aes_ctr_mt,evp_aes_128_ctr,' \ - cipher.c || die fi tc-export PKG_CONFIG - sed -i "s:-lcrypto:$(${PKG_CONFIG} --libs openssl):" configure{,.ac} || die + local sed_args=( + -e "s:-lcrypto:$(${PKG_CONFIG} --libs openssl):" + # Disable PATH reset, trust what portage gives us #254615 + -e 's:^PATH=/:#PATH=/:' + # Disable fortify flags ... our gcc does this for us + -e 's:-D_FORTIFY_SOURCE=2::' + ) + # The -ftrapv flag ICEs on hppa #505182 + use hppa && sed_args+=( + -e '/CFLAGS/s:-ftrapv:-fdisable-this-test:' + -e '/OSSH_CHECK_CFLAG_LINK.*-ftrapv/d' + ) + sed -i "${sed_args[@]}" configure{.ac,} || die - # Disable PATH reset, trust what portage gives us. bug 254615 - sed -i -e 's:^PATH=/:#PATH=/:' configure || die + epatch_user #473004 # Now we can build a sane merged version.h ( @@ -244,7 +245,7 @@ src_install() { keepdir /var/empty/dev fi - if use ldap ; then + if ! use X509 && [[ -n ${LDAP_PATCH} ]] && use ldap ; then insinto /etc/openldap/schema/ newins openssh-lpk_openldap.schema openssh-lpk.schema fi