mirrors/flatcar-scripts
1
0
Fork 0
mirror of https://github.com/flatcar/scripts.git synced 2025-10-02 19:11:20 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #514 from flatcar-linux/kai/package-updates-openssl

Browse Source 
Update packages for openssl update
This commit is contained in:
Kai Lüke 2020-08-12 18:16:34 +02:00 committed by GitHub
commit fc4f849bc2
106 changed files with 3166 additions and 5166 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

73
sdk_container/src/third_party/coreos-overlay/app-crypt/trousers/ChangeLog vendored
View File

@ -1,73 +0,0 @@
# ChangeLog for app-crypt/trousers
# Copyright 1999-2015 Gentoo Foundation; Distributed under the GPL v2
# (auto-generated from git log)
*trousers-0.3.13 (09 Aug 2015)
*trousers-0.3.10-r1 (09 Aug 2015)
09 Aug 2015; Robin H. Johnson <robbat2@gentoo.org> +files/61-trousers.rules,
+files/tcsd.confd, +files/tcsd.initd, +files/tcsd.service,
+files/trousers-0.3.13-nouseradd.patch,
+files/trousers-0.3.5-nouseradd.patch, +metadata.xml,
+trousers-0.3.10-r1.ebuild, +trousers-0.3.13.ebuild:
proj/gentoo: Initial commit
This commit represents a new era for Gentoo:
Storing the gentoo-x86 tree in Git, as converted from CVS.
This commit is the start of the NEW history.
Any historical data is intended to be grafted onto this point.
Creation process:
1. Take final CVS checkout snapshot
2. Remove ALL ChangeLog* files
3. Transform all Manifests to thin
4. Remove empty Manifests
5. Convert all stale $Header$/$Id$ CVS keywords to non-expanded Git $Id$
5.1. Do not touch files with -kb/-ko keyword flags.
Signed-off-by: Robin H. Johnson <robbat2@gentoo.org>
X-Thanks: Alec Warner <antarus@gentoo.org> - did the GSoC 2006 migration
tests
X-Thanks: Robin H. Johnson <robbat2@gentoo.org> - infra guy, herding this
project
X-Thanks: Nguyen Thai Ngoc Duy <pclouds@gentoo.org> - Former Gentoo
developer, wrote Git features for the migration
X-Thanks: Brian Harring <ferringb@gentoo.org> - wrote much python to improve
cvs2svn
X-Thanks: Rich Freeman <rich0@gentoo.org> - validation scripts
X-Thanks: Patrick Lauer <patrick@gentoo.org> - Gentoo dev, running new 2014
work in migration
X-Thanks: Michał Górny <mgorny@gentoo.org> - scripts, QA, nagging
X-Thanks: All of other Gentoo developers - many ideas and lots of paint on
the bikeshed
24 Aug 2015; Justin Lecher <jlec@gentoo.org> metadata.xml:
Use https by default
Convert all URLs for sites supporting encrypted connections from http to
https
Signed-off-by: Justin Lecher <jlec@gentoo.org>
24 Aug 2015; Mike Gilbert <floppym@gentoo.org> metadata.xml:
Revert DOCTYPE SYSTEM https changes in metadata.xml
repoman does not yet accept the https version.
This partially reverts eaaface92ee81f30a6ac66fe7acbcc42c00dc450.
Bug: https://bugs.gentoo.org/552720
12 Sep 2015; Alon Bar-Lev <alonbl@gentoo.org>
+files/trousers-0.3.13-build.patch, trousers-0.3.13.ebuild:
fix gcc5 issue
Bug: 560202
Package-Manager: portage-2.2.20.1
*trousers-0.3.13-r1 (05 Oct 2015)
05 Oct 2015; Julian Ospald <hasufell@gentoo.org> +trousers-0.3.13-r1.ebuild:
add libressl support

270
sdk_container/src/third_party/coreos-overlay/app-crypt/trousers/ChangeLog-2015 vendored
View File

@ -1,270 +0,0 @@
# ChangeLog for app-crypt/trousers
# Copyright 1999-2015 Gentoo Foundation; Distributed under the GPL v2
# $Header: /var/cvsroot/gentoo-x86/app-crypt/trousers/ChangeLog,v 1.58 2015/06/09 09:35:46 jlec Exp $
09 Jun 2015; Justin Lecher <jlec@gentoo.org> metadata.xml:
Updating remote-id in metadata.xml
27 Apr 2015; Alon Bar-Lev <alonbl@gentoo.org> trousers-0.3.13.ebuild:
autoreconf, bug#547654, thanks to Martin Dummer
*trousers-0.3.13 (08 Apr 2015)
08 Apr 2015; Alon Bar-Lev <alonbl@gentoo.org>
+files/trousers-0.3.13-nouseradd.patch, +trousers-0.3.13.ebuild:
Version bump, bug#545882, thanks to Kristian
12 Nov 2014; Anthony G. Basile <blueness@gentoo.org>
trousers-0.3.10-r1.ebuild:
Keyworded on ~ppc ~ppc64, bug #458196
02 Nov 2014; Sven Vermeulen <swift@gentoo.org> trousers-0.3.10-r1.ebuild:
Remove sec-policy/selinux-* dependency from DEPEND but keep in RDEPEND (bug
#527698)
03 Aug 2014; <tgall@gentoo.org> trousers-0.3.10-r1.ebuild:
arm64, stable
28 Jul 2014; Alon Bar-Lev <alonbl@gentoo.org> -trousers-0.3.10.ebuild:
Cleanup
27 Jul 2014; Mikle Kolyada <zlogene@gentoo.org> trousers-0.3.10-r1.ebuild:
amd64 stable wrt bug #516844
27 Jul 2014; Markus Meier <maekke@gentoo.org> trousers-0.3.10-r1.ebuild:
arm stable, bug #516844
26 Jul 2014; Pawel Hajdan jr <phajdan.jr@gentoo.org>
trousers-0.3.10-r1.ebuild:
x86 stable wrt bug #516844
15 Jul 2014; Alon Bar-Lev <alonbl@gentoo.org> -trousers-0.3.6-r1.ebuild,
-trousers-0.3.6.ebuild:
cleanup
04 Jul 2014; Sven Vermeulen <swift@gentoo.org> trousers-0.3.10-r1.ebuild,
trousers-0.3.10.ebuild, trousers-0.3.6-r1.ebuild, trousers-0.3.6.ebuild:
Adding USE=selinux dependency to selinux-tcsd on trousers package
10 Jun 2014; Mike Frysinger <vapier@gentoo.org> trousers-0.3.10-r1.ebuild,
trousers-0.3.10.ebuild:
Add arm64/m68k/s390/sh love.
*trousers-0.3.10-r1 (24 May 2014)
24 May 2014; Pacho Ramos <pacho@gentoo.org> +files/tcsd.service,
+trousers-0.3.10-r1.ebuild:
Add unit file (#510822 by Salah Coronya), fix license (#425894 by Ian
Stakenvicius), use readme.gentoo.eclass.
09 Jun 2013; Mike Frysinger <vapier@gentoo.org> metadata.xml:
Add upstream CPE tag (security info) from ChromiumOS.
13 Jan 2013; Markus Meier <maekke@gentoo.org> trousers-0.3.10.ebuild:
arm stable, bug #450184
13 Jan 2013; Agostino Sarubbo <ago@gentoo.org> trousers-0.3.10.ebuild:
Stable for x86, wrt bug #450184
13 Jan 2013; Agostino Sarubbo <ago@gentoo.org> trousers-0.3.10.ebuild:
Stable for amd64, wrt bug #450184
11 Dec 2012; Ian Stakenvicius <axs@gentoo.org> trousers-0.3.6-r1.ebuild,
trousers-0.3.10.ebuild:
converted rules installations to use udev.eclass for recent ebuilds
11 Dec 2012; Ian Stakenvicius <axs@gentoo.org> trousers-0.3.6-r1.ebuild:
virtualized references to sys-fs/udev
16 Nov 2012; Samuli Suominen <ssuominen@gentoo.org> trousers-0.3.10.ebuild:
Use udev.eclass and remove unnecessary file libtspi.la to avoid
dependency_libs content leading to overlinking without -Wl,--as-needed (or
the new gold linker in binutils)
*trousers-0.3.10 (16 Nov 2012)
16 Nov 2012; Patrick Lauer <patrick@gentoo.org> +trousers-0.3.10.ebuild:
Bump
10 Sep 2012; Mike Frysinger <vapier@gentoo.org> trousers-0.3.6-r1.ebuild:
Drop -m64 hardcode.
08 Sep 2012; Tim Harder <radhermit@gentoo.org> metadata.xml:
Remove redundant maintainer from metadata.
*trousers-0.3.6-r1 (11 Aug 2012)
11 Aug 2012; Samuli Suominen <ssuominen@gentoo.org>
+trousers-0.3.6-r1.ebuild:
Query udevdir value from udev.pc pkg-config file instead of using /etc/udev
which is reserved for user defined rules.
31 May 2012; Zac Medico <zmedico@gentoo.org> trousers-0.3.6.ebuild:
inherit user for enewgroup and enewuser
14 May 2012; Mike Frysinger <vapier@gentoo.org> trousers-0.3.6.ebuild:
Add arm love for ChromiumOS.
03 May 2012; Jeff Horelick <jdhore@gentoo.org> trousers-0.3.6.ebuild:
dev-util/pkgconfig -> virtual/pkgconfig
20 Aug 2011; Sven Wegener <swegener@gentoo.org> files/tcsd.initd:
Switch from --chuid to --user.
22 Mar 2011; Arfrever Frehtes Taifersar Arahesis <arfrever@gentoo.org>
-trousers-0.3.5.ebuild:
Delete.
21 Mar 2011; Thomas Kahle <tomka@gentoo.org> trousers-0.3.6.ebuild:
x86 stable per bug 357181
04 Mar 2011; Markos Chandras <hwoarang@gentoo.org> trousers-0.3.6.ebuild:
Stable on amd64 wrt bug #357181
*trousers-0.3.6 (06 Aug 2010)
06 Aug 2010; Robin H. Johnson <robbat2@gentoo.org>
+files/61-trousers.rules, -files/trousers-0.2.3-nouseradd.patch,
-trousers-0.3.2.1-r1.ebuild, trousers-0.3.5.ebuild,
+trousers-0.3.6.ebuild:
Bug #329451: version bump. Bug #330287: setup for USE=gtk, but disable for
now as USE=gtk does not even build for me, due to missing support.h. Bug
#232190: include udev rules.
*trousers-0.3.5 (27 Jun 2010)
27 Jun 2010; Arfrever Frehtes Taifersar Arahesis <arfrever@gentoo.org>
-trousers-0.3.1.ebuild, -files/trousers-0.3.1-gcc43.patch,
-files/trousers-0.3.1-qa.patch, -trousers-0.3.2.ebuild,
-trousers-0.3.2.1.ebuild, +trousers-0.3.5.ebuild,
+files/trousers-0.3.5-nouseradd.patch:
Version bump (bug #325533). Fix building with >=sys-devel/autoconf-2.64
(bug #282345).
*trousers-0.3.2.1-r1 (06 Sep 2009)
06 Sep 2009; Mike Auty <ikelos@gentoo.org> +trousers-0.3.2.1-r1.ebuild:
Add in kernel config existence checks (bug 283320).
*trousers-0.3.2.1 (06 Sep 2009)
06 Sep 2009; Arfrever Frehtes Taifersar Arahesis <arfrever@gentoo.org>
+trousers-0.3.2.1.ebuild:
Version bump (bug #283081).
*trousers-0.3.2 (22 Aug 2009)
22 Aug 2009; Arfrever Frehtes Taifersar Arahesis <arfrever@gentoo.org>
+trousers-0.3.2.ebuild:
Version bump (bug #280788).
29 Mar 2009; Arfrever Frehtes Taifersar Arahesis <arfrever@gentoo.org>
trousers-0.3.1.ebuild:
Add ~amd64 keyword.
22 Mar 2009; Arfrever Frehtes Taifersar Arahesis <arfrever@gentoo.org>
trousers-0.3.1.ebuild:
Don't use -Werror (bug #260873).
20 Feb 2009; Daniel Black <dragonheart@gentoo.org> trousers-0.3.1.ebuild:
app-crypt/tpm-module being purged
23 Jul 2008; Peter Alfredsen <loki_val@gentoo.org>
files/trousers-0.2.3-nouseradd.patch, +files/trousers-0.3.1-gcc43.patch,
trousers-0.3.1.ebuild:
Fix for gcc-4.3, tidy up ebuild. Bug #232521. Thanks to Shvetsov Alexey
<alexxyum@gmail.com>
07 Jun 2008; Diego Pettenò <flameeyes@gentoo.org> trousers-0.3.1.ebuild:
Remove unused inherits that were used to patch and re-autotools before.
24 Nov 2007; Alon Bar-Lev <alonbl@gentoo.org>
+files/trousers-0.3.1-qa.patch, trousers-0.3.1.ebuild:
Fix 64bit issue, bug#200218, thanks to dev-zero
*trousers-0.3.1 (10 Nov 2007)
10 Nov 2007; Alon Bar-Lev <alonbl@gentoo.org>
-files/trousers-0.2.1-nouseradd.patch, -files/trousers-0.2.3-ldadd.patch,
-files/trousers-0.2.6-as-needed.patch, -trousers-0.2.1.ebuild,
-trousers-0.2.3.ebuild, -trousers-0.2.5.ebuild, -trousers-0.2.6.ebuild,
-trousers-0.2.8.ebuild, +trousers-0.3.1.ebuild:
Version bump, cleanup
24 Jan 2007; Marius Mauch <genone@gentoo.org> trousers-0.2.1.ebuild,
trousers-0.2.3.ebuild, trousers-0.2.5.ebuild, trousers-0.2.6.ebuild,
trousers-0.2.8.ebuild:
Replacing einfo with elog
12 Jan 2007; Alon Bar-Lev <alonbl@gentoo.org> trousers-0.2.8.ebuild:
Remove WANT_AUTO*
*trousers-0.2.8 (06 Jan 2007)
06 Jan 2007; Alon Bar-Lev <alonbl@gentoo.org> +trousers-0.2.8.ebuild:
Version bump
*trousers-0.2.6 (06 May 2006)
06 May 2006; Daniel Black <dragonheart@gentoo.org>
+files/trousers-0.2.6-as-needed.patch, +trousers-0.2.6.ebuild:
version bump
27 Apr 2006; Alec Warner <antarus@gentoo.org> files/digest-trousers-0.2.1,
files/digest-trousers-0.2.3, Manifest:
Fixing duff SHA256 digests: Bug # 131293
*trousers-0.2.5 (02 Feb 2006)
02 Feb 2006; Daniel Black <dragonheart@gentoo.org> +trousers-0.2.5.ebuild:
version bump
*trousers-0.2.3 (17 Sep 2005)
17 Sep 2005; Daniel Black <dragonheart@gentoo.org>
-files/trousers-0.2.0-nouseradd.patch, +files/trousers-0.2.3-ldadd.patch,
+files/trousers-0.2.3-nouseradd.patch, -trousers-0.1.11-r1.ebuild,
-trousers-0.2.0.ebuild, +trousers-0.2.3.ebuild:
version bump. remove old versions - inspiried by bug #105799 thanks to Felix
Dorner
23 Aug 2005; Daniel Black <dragonheart@gentoo.org>
trousers-0.1.11-r1.ebuild, trousers-0.2.0.ebuild, trousers-0.2.1.ebuild:
QA fix removing /bin/false from enewuser - bug #103421
*trousers-0.2.1 (30 Jul 2005)
30 Jul 2005; Daniel Black <dragonheart@gentoo.org>
+files/trousers-0.2.1-nouseradd.patch, +trousers-0.2.1.ebuild:
version bump
*trousers-0.2.0 (06 Jul 2005)
06 Jul 2005; Daniel Black <dragonheart@gentoo.org>
+files/trousers-0.2.0-nouseradd.patch, +trousers-0.2.0.ebuild:
version bump. tpm udev is now part of udev-060
23 Jun 2005; Daniel Black <dragonheart@gentoo.org>
trousers-0.1.11-r1.ebuild:
udev fix thanks to latexer
*trousers-0.1.11-r1 (23 Jun 2005)
23 Jun 2005; Daniel Black <dragonheart@gentoo.org>
-files/0.1.7-makefile-statedir.patch, files/tcsd.initd,
-trousers-0.1.7.ebuild, -trousers-0.1.11.ebuild,
+trousers-0.1.11-r1.ebuild:
added udev permissions. Added tpm-emulator as optional dependancy. script
file fixes and old version cleanout
*trousers-0.1.11 (19 Jun 2005)
19 Jun 2005; Daniel Black <dragonheart@gentoo.org> +files/tcsd.confd,
+files/tcsd.initd, +trousers-0.1.11.ebuild:
Version bump as per bug #95764. Thankyou TGL
*trousers-0.1.7 (06 Feb 2005)
06 Feb 2005; Daniel Black <dragonheart@gentoo.org> +metadata.xml,
+files/0.1.7-makefile-statedir.patch, +trousers-0.1.7.ebuild:
Initial import

16
sdk_container/src/third_party/coreos-overlay/app-crypt/trousers/Manifest vendored
View File

@ -1,15 +1 @@
AUX 61-trousers.rules 96 SHA256 8f25b51dca45b75caa85a00ef476fb40c09d6cc82e2351cb7af24ebc805dd949 SHA512 83fa5b8666bcb0111f69456e6b9ea73eca2e1933e44bf7b705ff4d3c7b63a63ae4d0a1c30b0a00ebe6a8b4206ed7df80abca8503ace1c795119213f3546e9307 WHIRLPOOL a6ff89249a9ea7d5a7d308f0446e304b4429992bd51953e4dbe1a87731c7b8c824b1d158fc1f734965c082508b1ed334ff4303bf610228228c858e29cfe71664
AUX tcsd.confd 372 SHA256 5a1f9150ce0d8cc3e9e80971e073ee0b1db018ec3af6809087a7c626b9ffa327 SHA512 1e33f521156d55ff450907e01a7c60750e2880520700de1e8fb42ed03d5a16a20332f6f437f2cc7ed155f65b9306bf2d670f46c4b7055d4c9248beaeb06f8a75 WHIRLPOOL d94c3719b438c2758d97f00dab463b9b76b0fc2d9329dcc9cd8867150a7f5351379254868165df8e19ef33ae0e9d6ab333706952dcabaf0da18833750c35f42e
AUX tcsd.initd 849 SHA256 29c36bdcedb580a878fbc599f12dea559438abea2b033d8e1664d7accf863dfb SHA512 f2a389f3e59a6e455aca8555cf022479fc5212f08c67901ce2db86f42ef34be3564c6b209eddc4f29869a72cefcdbae431b63a7c669d57f1a26ed21a60ef5e43 WHIRLPOOL 4acbfa2278553b97e4ce180eb903bce64334aea487515487f5c358ff8f0fb38c723aa3c8ed7b16497bdb3dc0d838c60529b70292a2db92444753dbdefc3aa8ff
AUX tcsd.service 131 SHA256 704dbb2b06a3e357fe2363d2cc88632ccd18dcdf14dc7640cd67272df5a52ade SHA512 e516bde8ce45fe4ad687aaaabae475da9c20a9fbd8ebee736d09ceb6efa597efb6f3bb99840a4c0d2c9eb77c2824df6ee45985b46dc8cf924b4eed67eeec1468 WHIRLPOOL 851f6ef31d93a7fd119cc4bc70c28410539fb572158e8238b72ea177e5a75e2a48382807ac14203eb48a21e5432c5c0c35cf25619557d9ba741328f3f79ebfc0
AUX trousers-0.3.13-build.patch 2019 SHA256 0217b7f1178f880df4a3493a758b0a4b2462a7420d882b6634e531dec17081d7 SHA512 6877f7298ae03d3a3214da37591f889a382a380c39f36e287a9a2edbec78d44ff5032ef75b3c6b114c6755f0f924c8e1a1a4a3b0577e7168ac42dc8c1cc8983a WHIRLPOOL bd722f960f61efcb834232c5b746dc94f94971f1c1f220c6685faea662c1f07f34e12dfb46ba534d55b2530add31dd1b90b1a10b7c407a0e6633c1c8004802ca
AUX trousers-0.3.13-nouseradd.patch 606 SHA256 af43a38991c10db8a817faaa4ff244f3600c90a10e26a0232e7668f15f84e911 SHA512 a6c9074e535429f09ce5e850d943378348b54bed479b7fef0fff7bb18ab2547421407900aa35533749a764275a241ddbd083c4e2f3d6a9ad6f9b1d40d090f783 WHIRLPOOL 2ca8c22aa11aee2f06ce0dfc7c2d035b10724999302818461e72ed9fc29d813112dd52ac80ac7c1027b301f7bdcffe085537dfbf05affebf3ca96992026ae11b
AUX trousers-0.3.5-nouseradd.patch 439 SHA256 927040d4ef30657717a75318320330f12364a624e0ce6f0d2e6a25c53e5ba11b SHA512 d5f218fb2cd50e81eed2fc3fb48c613f33e17be9be39368e6d0aef5cd2237ef4505736bebc00b30e3133cab81ac2551edbdb8d83aaab0614cbc1747b34bff806 WHIRLPOOL eb01c789159dab0b662065ce155e27f7dbbb5bf5a41c470598be08dcb41fafd77c242c77618f2c118d943b716dea95934bed19c7fd5634442a9b17bd74a943dd
DIST trousers-0.3.10.tar.gz 1658652 SHA256 eb9569de5c66d9698f6c3303de03777b95ec72827f68b7744454bfa9227bc530 SHA512 1835246f846d20bc1b2731d68440a9ca45865fcd52ad847d95485e4b126fae8bec09feaad559c27d83e243d92b8adc3a67934bff2034b318df075842fe9df4f0 WHIRLPOOL 7a27ef57b0038178cbf384c9fdec2d2e3e58dbeb5e5bc1503d2a7058a8312df54fa72b87968554631e4b5e483ae5e8c5e0a2367346bf3ae001b523a507ceff40
DIST trousers-0.3.13.tar.gz 1371901 SHA256 bb908e4a3c88a17b247a4fc8e0fff3419d8a13170fe7bdfbe0e2c5c082a276d3 SHA512 c54407e538712f738b593707ffc6d617348d73de91dfddd9057273c2fcec26e5738e89db005d36d52596630a9d583f7fcb8cc388f597da6212891e2d79dce699 WHIRLPOOL 8099d2f01b1c64b2e92c78130c9f66766f9054a1ab557f0d6da149ca4869c9fed7ee3a26454ab50bd67069d30c758ccabb450dead1d9100ffacac9f596f6d46b
EBUILD trousers-0.3.10-r1.ebuild 3013 SHA256 73c0a2afc4805c780cd0731245d598845d442bc1a97698256b64a4fbc12f61df SHA512 f931504f773f87e5a0c04da8ad448bdcd8b1e96b0e14e89f64a7a24eb1cdbcbc3d193ea2fcb30d087f52d960082499a1c6c0ebeb49ce417f8f2b40f6d1a4c308 WHIRLPOOL a57cc01db3c3a83786eb0d090fbb0dae89d6ab02f92536ec63ac6e5334ec08bd31b0a81a8a8afb9be79feccdc032ff7d989617f340bdeab45e319d91cf86895a
EBUILD trousers-0.3.13-r1.ebuild 3072 SHA256 5afead3b02b9d82a013c707b1bc291eecafff21aa21f5ea37d44b6ff53158d20 SHA512 a5c7c6aaf4fc314c759c4d9f41fb4306afb5fe4b81f15b1c4365fc20c06b56924dda58530755af41e9f00e44c1ee0c862a7dfcabfab1befcd799e72b59a9c55b WHIRLPOOL d9bb612fcd59740044246536514b05cdddb531a5956cf5fb1a539d792c6b64c6d68270c0ccc1a637d7e1bf36670ffef6fa3f2cee28fd7054989ebcbf87342a64
EBUILD trousers-0.3.13.ebuild 3014 SHA256 bcc9bc1a88a921aadd99ceff2faa1bcf546ea0f6d0975a861ace608c50cb6466 SHA512 aa1a2df2870ee4f97dc4c7ae7be5d6fd251b64ee3953de0666bb0352b5737e2131e9d1136abc765a464b61f39116af605e05036f4fab2195c42579737a902389 WHIRLPOOL a3b9be24f7b35545f53622e1febf8ad95512389396cdef93434399b10685242dc48a6ded3146fa1b14bddcefd515149642365912eb337daa4b4cfbc5848980c6
MISC ChangeLog 2606 SHA256 8d69ebaf89dbfaa941f7dcf3d978118d638902c3f5fa35e245bbe4a74f391e26 SHA512 f2db096cca06d241f8bdbd34e8439e5787e30e2761ea494270156ac8287b4d93267060f9b793a6f5ab5a9c1fa9ae0435c19e40b4b7b930df9f8dbc381912c4be WHIRLPOOL 279dc5ea5b5a298403538274f5eb1d767e339693f530655647615981a6a8363a4329b491f4f8ad2d67bcdc4e80f34ed0b30515213ad42c358bb912cfe0a45046
MISC ChangeLog-2015 9637 SHA256 08e62c19dc835915e45e8fa120f7945bbaa3dbeb464ef8dba9b106cc3a9d2e15 SHA512 415e7e6bb7d24c1da939867b751187f96eec3fe10d47c8003d2160644815dd72f07cc278dba6807f7403c2edff166f8db5e6e3c4b5d23153f060210063fa07d8 WHIRLPOOL c5f9422ed04064397d28ac87fe9eb93cc3f669a6384170d95015492b07614e61222e03f064acc36aae0fa4f63741107743f942277fb9743ed9a4dfcd49d54daf
MISC metadata.xml 304 SHA256 98852de410f67541dd320cd2feadb413638dd95470141127fc00c6a538bdf36e SHA512 54c86a65d6d04953bbe3f47e9d5d32a7304e792f8211335b1065c3bb2618be5762ff38d34515af483c634572a7c48e7bc1f0200785c6924b46afd9b6d9abbb45 WHIRLPOOL f50232e16a0368f3bfa79a724310df879b329a6bbe54ed969039bc221b1d76b250811ebc1cc612f4425c3a665e2d50da895fc99e946226ee6d65b31ed8130719
DIST trousers-0.3.14.tar.gz 1378438 BLAKE2B 3dc2824fa2ca1b1f1181f98d59e85276e7d38af4bfc07ee8246431d9ccb300a8e0820b318643d4cf5d757d2a49492c8686e2fe9de03484263d2189d4bbaa32d0 SHA512 bf87f00329cf1d76a12cf6b6181fa22f90e76af3c5786e6e2db98438d2d3f0c0e05364374664173f45e3a2f6c0e2364948d0b958a7845cb23fcb340150cd9b21

BIN
sdk_container/src/third_party/coreos-overlay/app-crypt/trousers/files/system.data vendored
View File

Binary file not shown.

9
sdk_container/src/third_party/coreos-overlay/app-crypt/trousers/files/tcsd.confd vendored Normal file
View File

@ -0,0 +1,9 @@
# /etc/conf.d/tscd
# Configuration file for the TrouSerS' TCS daemon (tcsd) init script
# Have a look on /etc/tcsd.conf too, there is more to configure there.
# TPM_MODULES: name of the module(s) that should be loaded. You only need to
# set this if your driver is not compiled in kernel and is not already loaded
# on boot. (default: unset)
#TPM_MODULES="tpm_atmel"

38
sdk_container/src/third_party/coreos-overlay/app-crypt/trousers/files/tcsd.initd vendored Normal file
View File

@ -0,0 +1,38 @@
#!/sbin/openrc-run
# Copyright 1999-2018 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
depend() {
use logger
need net
}
checkconfig() {
local mod
if [ -n "${TPM_MODULES}" ] ; then
for mod in ${TPM_MODULES} ; do
lsmod | grep -q "^${mod}\b" \
|| modprobe ${mod} &>/dev/null \
|| ewarn "Failed to load module ${mod}"
done
# Should we sleep or something to wait for device creation?
fi
if [ ! -c /dev/tpm ] && [ ! -c /dev/tpm0 ] ; then
eerror "No TPM device found!"
return 1
fi
return 0
}
start() {
ebegin "Starting TrouSerS' TCS daemon (tcsd)"
checkconfig || eend $?
start-stop-daemon --start --user tss --exec /usr/sbin/tcsd
eend $?
}
stop() {
ebegin "Stopping TrouSerS' TCS daemon (tcsd)"
start-stop-daemon --stop --quiet --exec /usr/sbin/tcsd --user tss
eend $?
}

2
sdk_container/src/third_party/coreos-overlay/app-crypt/trousers/files/tmpfiles.d/trousers.conf vendored
View File

@ -1,3 +1,3 @@
d /var/lib/tpm 0755 tss tss - -
C /etc/tcsd.conf 0600 tss tss - /usr/share/trousers/tcsd.conf
C /var/lib/tpm/system.data 0600 tss tss - /usr/share/trousers/system.data
C /var/lib/tpm/system.data 0600 tss tss - /usr/share/trousers/system.data

77
sdk_container/src/third_party/coreos-overlay/app-crypt/trousers/files/trousers-0.3.13-build.patch vendored
View File

@ -1,77 +0,0 @@
--- a/src/include/tcsps.h
+++ b/src/include/tcsps.h
@@ -23,13 +23,8 @@ int get_file();
int put_file(int);
void close_file(int);
void ps_destroy();
-#ifdef SOLARIS
-TSS_RESULT read_data(int, void *, UINT32);
-TSS_RESULT write_data(int, void *, UINT32);
-#else
-inline TSS_RESULT read_data(int, void *, UINT32);
-inline TSS_RESULT write_data(int, void *, UINT32);
-#endif
+TSS_RESULT read_data(int, void *, UINT32);
+TSS_RESULT write_data(int, void *, UINT32);
int write_key_init(int, UINT32, UINT32, UINT32);
TSS_RESULT cache_key(UINT32, UINT16, TSS_UUID *, TSS_UUID *, UINT16, UINT32, UINT32);
TSS_RESULT UnloadBlob_KEY_PS(UINT16 *, BYTE *, TSS_KEY *);
--- a/src/include/tspps.h
+++ b/src/include/tspps.h
@@ -18,8 +18,8 @@
TSS_RESULT get_file(int *);
int put_file(int);
-inline TSS_RESULT read_data(int, void *, UINT32);
-inline TSS_RESULT write_data(int, void *, UINT32);
+TSS_RESULT read_data(int, void *, UINT32);
+TSS_RESULT write_data(int, void *, UINT32);
UINT32 psfile_get_num_keys(int);
TSS_RESULT psfile_get_parent_uuid_by_uuid(int, TSS_UUID *, TSS_UUID *);
TSS_RESULT psfile_remove_key_by_uuid(int, TSS_UUID *);
--- a/src/tcs/ps/ps_utils.c
+++ b/src/tcs/ps/ps_utils.c
@@ -42,11 +42,7 @@
struct key_disk_cache *key_disk_cache_head = NULL;
-#ifdef SOLARIS
TSS_RESULT
-#else
-inline TSS_RESULT
-#endif
read_data(int fd, void *data, UINT32 size)
{
int rc;
@@ -64,11 +60,7 @@ read_data(int fd, void *data, UINT32 size)
}
-#ifdef SOLARIS
TSS_RESULT
-#else
-inline TSS_RESULT
-#endif
write_data(int fd, void *data, UINT32 size)
{
int rc;
--- a/src/tspi/ps/ps_utils.c
+++ b/src/tspi/ps/ps_utils.c
@@ -22,7 +22,7 @@
#include "tspps.h"
#include "tsplog.h"
-inline TSS_RESULT
+TSS_RESULT
read_data(int fd, void *data, UINT32 size)
{
int rc;
@@ -39,7 +39,7 @@ read_data(int fd, void *data, UINT32 size)
return TSS_SUCCESS;
}
-inline TSS_RESULT
+TSS_RESULT
write_data(int fd, void *data, UINT32 size)
{
int rc;

25
sdk_container/src/third_party/coreos-overlay/app-crypt/trousers/files/trousers-0.3.14-Makefile.am-Mark-tddl.a-nodist.patch vendored Normal file
View File

@ -0,0 +1,25 @@
From 5b1dbb5f8eada9002ec10f4ebc0bc418272e58b2 Mon Sep 17 00:00:00 2001
From: Salah Coronya <salah.coronya@gmail.com>
Date: Sun, 7 Jun 2020 12:34:03 -0500
Subject: [PATCH] src/tddl/Makefile.am: Mark tddl.a nodist
This makes tddl.a nodist like the others, so it is not installed
Signed-off-by: Salah Coronya <salah.coronya@gmail.com>
---
src/tddl/Makefile.am | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/tddl/Makefile.am b/src/tddl/Makefile.am
index 607eb8e..2cd599b 100644
--- a/src/tddl/Makefile.am
+++ b/src/tddl/Makefile.am
@@ -1,4 +1,4 @@
-lib_LIBRARIES=libtddl.a
+noinst_LIBRARIES=libtddl.a
libtddl_a_SOURCES=tddl.c
libtddl_a_CFLAGS=-DAPPID=\"TCSD\ TDDL\" -I${top_srcdir}/src/include -fPIE -DPIE
--
2.26.2

15
sdk_container/src/third_party/coreos-overlay/app-crypt/trousers/files/trousers-0.3.14-fno-common.patch vendored Normal file
View File

@ -0,0 +1,15 @@
diff --git a/src/include/tcsd.h b/src/include/tcsd.h
index 5b9462b..05bae97 100644
--- a/src/include/tcsd.h
+++ b/src/include/tcsd.h
@@ -166,8 +166,8 @@ void thread_signal_init();
/* signal handling */
#ifndef __APPLE__
-struct sigaction tcsd_sa_int;
-struct sigaction tcsd_sa_chld;
+extern struct sigaction tcsd_sa_int;
+extern struct sigaction tcsd_sa_chld;
#endif
#endif

28
sdk_container/src/third_party/coreos-overlay/app-crypt/trousers/files/trousers-0.3.14-libressl.patch vendored Normal file
View File

@ -0,0 +1,28 @@
From b8b1cda430270f03dc556cf9cf7d2fd478101525 Mon Sep 17 00:00:00 2001
From: Alon Bar-Lev <alon.barlev@gmail.com>
Date: Wed, 7 Dec 2016 09:36:34 +0200
Subject: [PATCH] tspi: support libressl
Bug: https://sourceforge.net/p/trousers/bugs/222/
Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com>
---
src/trspi/crypto/openssl/rsa.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/trspi/crypto/openssl/rsa.c b/src/trspi/crypto/openssl/rsa.c
index 2b1205f..3e56015 100644
--- a/src/trspi/crypto/openssl/rsa.c
+++ b/src/trspi/crypto/openssl/rsa.c
@@ -38,7 +38,7 @@
#define DEBUG_print_openssl_errors()
#endif
-#if OPENSSL_VERSION_NUMBER < 0x10100001L
+#if OPENSSL_VERSION_NUMBER < 0x10100001L || (defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x20700000L)
static int
RSA_set0_key(RSA *r, BIGNUM *n, BIGNUM *e, BIGNUM *d)
{
--
2.7.3

11
sdk_container/src/third_party/coreos-overlay/app-crypt/trousers/files/trousers-0.3.5-nouseradd.patch vendored
View File

@ -1,11 +0,0 @@
--- dist/Makefile.am
+++ dist/Makefile.am
@@ -6,8 +6,6 @@
/bin/chmod 0600 ${DESTDIR}/@sysconfdir@/tcsd.conf
install-exec-hook:
- /usr/sbin/groupadd tss || true
- /usr/sbin/useradd -r tss -g tss || true
/bin/sh -c 'if [ ! -e ${DESTDIR}/@localstatedir@/lib/tpm ];then mkdir -p ${DESTDIR}/@localstatedir@/lib/tpm; fi'
/bin/chown tss:tss ${DESTDIR}/@localstatedir@/lib/tpm || true
/bin/chmod 0700 ${DESTDIR}/@localstatedir@/lib/tpm

17
sdk_container/src/third_party/coreos-overlay/app-crypt/trousers/metadata.xml vendored
View File

@ -1,9 +1,16 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
<pkgmetadata>
<herd>crypto</herd>
<upstream>
<remote-id type="cpe">cpe:/a:debian:trousers</remote-id>
<remote-id type="sourceforge">trousers</remote-id>
</upstream>
<maintainer type="person">
<email>salah.coronya@gmail.com</email>
<name>Salah Coronya</name>
</maintainer>
<maintainer type="project">
<email>proxy-maint@gentoo.org</email>
<name>Proxy Maintainers</name>
</maintainer>
<upstream>
<remote-id type="cpe">cpe:/a:debian:trousers</remote-id>
<remote-id type="sourceforge">trousers</remote-id>
</upstream>
</pkgmetadata>

111
sdk_container/src/third_party/coreos-overlay/app-crypt/trousers/trousers-0.3.13-r2.ebuild vendored
View File

@ -1,111 +0,0 @@
# Copyright 1999-2015 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
# $Id$
EAPI=5
inherit autotools eutils linux-info readme.gentoo systemd user udev
#MY_P="${PN}-${PV%.*}-${PV##*.}"
DESCRIPTION="An open-source TCG Software Stack (TSS) v1.1 implementation"
HOMEPAGE="http://trousers.sf.net"
SRC_URI="mirror://sourceforge/trousers/${P}.tar.gz"
LICENSE="CPL-1.0 GPL-2"
SLOT="0"
KEYWORDS="amd64 arm arm64 ~m68k ~ppc ~ppc64 ~s390 ~sh ~x86"
IUSE="doc libressl selinux" # gtk
# gtk support presently does NOT compile.
# gtk? ( >=x11-libs/gtk+-2 )
CDEPEND=">=dev-libs/glib-2
!libressl? ( >=dev-libs/openssl-0.9.7:0 )
libressl? ( dev-libs/libressl )
"
DEPEND="${CDEPEND}
virtual/pkgconfig"
RDEPEND="${CDEPEND}
selinux? ( sec-policy/selinux-tcsd )"
# S="${WORKDIR}/${P}git"
DOCS="AUTHORS ChangeLog NICETOHAVES README TODO"
DOC_CONTENTS="
If you have problems starting tcsd, please check permissions and
ownership on /dev/tpm* and ~tss/system.data
"
pkg_setup() {
# Check for driver (not sure it can be an rdep, because ot depends on the
# version of virtual/linux-sources... Is that supported by portage?)
linux-info_pkg_setup
local tpm_kernel_version tpm_kernel_present tpm_module
kernel_is ge 2 6 12 && tpm_kernel_version="yes"
if linux_config_exists; then
linux_chkconfig_present TCG_TPM && tpm_kernel_present="yes"
else
ewarn "No kernel configuration could be found."
fi
has_version app-crypt/tpm-emulator && tpm_module="yes"
if [[ -n "${tpm_kernel_present}" ]]; then
einfo "Good, you seem to have in-kernel TPM support."
elif [[ -n "${tpm_module}" ]]; then
einfo "Good, you seem to have TPM support with the external module."
if [[ -n "${tpm_kernel_version}" ]]; then
elog
elog "Note that since you have a >=2.6.12 kernel, you could use"
elog "the in-kernel driver instead of (CONFIG_TCG_TPM)."
fi
elif [[ -n "${tpm_kernel_version}" ]]; then
eerror
eerror "To use this package, you will have to activate TPM support"
eerror "in your kernel configuration. That's at least CONFIG_TCG_TPM,"
eerror "plus probably a chip specific driver (like CONFIG_TCG_ATMEL)."
eerror
else
eerror
eerror "To use this package, you should install a TPM driver."
eerror "You can have the following options:"
eerror " - install app-crypt/tpm-emulator"
eerror " - switch to a >=2.6.12 kernel and compile the kernel module"
eerror
fi
# New user/group for the daemon
enewgroup tss
enewuser tss -1 -1 /var/lib/tpm tss
}
src_prepare() {
epatch "${FILESDIR}"/${P}-nouseradd.patch
epatch "${FILESDIR}"/${P}-build.patch
mv configure.in configure.ac || die
eautoreconf
}
src_configure() {
# econf --with-gui=$(usex gtk gtk openssl)
econf --with-gui=openssl
}
src_install() {
keepdir /var/lib/tpm
default
use doc && dodoc doc/*
fowners tss:tss /etc/tcsd.conf
systemd_dounit "${FILESDIR}"/tcsd.service
systemd_enable_service multi-user.target tcsd.service
udev_dorules "${FILESDIR}"/61-trousers.rules
fowners tss:tss /var/lib/tpm
prune_libtool_files
readme.gentoo_create_doc
insinto /usr/share/trousers/
doins "${FILESDIR}"/system.data
# stash a copy of the config so we can restore it from tmpfiles
doins "${D}"/etc/tcsd.conf
fowners tss:tss /usr/share/trousers/system.data
fowners tss:tss /usr/share/trousers/tcsd.conf
systemd_dotmpfilesd "${FILESDIR}"/tmpfiles.d/trousers.conf
}

88
sdk_container/src/third_party/coreos-overlay/app-crypt/trousers/trousers-0.3.14-r2.ebuild vendored Normal file
View File

@ -0,0 +1,88 @@
# Flatcar modifications:
# - added "Flatcar:" customizations
# - added condition to files/tcsd.service
# - created files/tmpfiles.d/trousers.conf
# - created files/system.data
# Copyright 1999-2020 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
EAPI=7
inherit autotools linux-info readme.gentoo-r1 systemd udev
DESCRIPTION="An open-source TCG Software Stack (TSS) v1.1 implementation"
HOMEPAGE="http://trousers.sf.net"
SRC_URI="mirror://sourceforge/trousers/${PN}/${P}.tar.gz"
LICENSE="CPL-1.0 GPL-2"
SLOT="0"
KEYWORDS="amd64 arm arm64 ~m68k ~ppc ppc64 ~s390 x86"
IUSE="doc libressl selinux" # gtk
# gtk support presently does NOT compile.
# gtk? ( >=x11-libs/gtk+-2 )
DEPEND="acct-group/tss
acct-user/tss
>=dev-libs/glib-2
!libressl? ( >=dev-libs/openssl-0.9.7:0= )
libressl? ( dev-libs/libressl:0= )"
RDEPEND="${DEPEND}
selinux? ( sec-policy/selinux-tcsd )"
BDEPEND="virtual/pkgconfig"
PATCHES=(
"${FILESDIR}/${PN}-0.3.13-nouseradd.patch"
"${FILESDIR}/${P}-libressl.patch"
"${FILESDIR}/${P}-fno-common.patch"
"${FILESDIR}/${P}-Makefile.am-Mark-tddl.a-nodist.patch"
)
DOCS="AUTHORS ChangeLog NICETOHAVES README TODO"
DOC_CONTENTS="
If you have problems starting tcsd, please check permissions and
ownership on /dev/tpm* and ~tss/system.data
"
S="${WORKDIR}"
CONFIG_CHECK="~TCG_TPM"
src_prepare() {
default
eautoreconf
}
src_configure() {
# econf --with-gui=$(usex gtk gtk openssl)
econf --with-gui=openssl
}
src_install() {
default
find "${D}" -name '*.la' -delete || die
keepdir /var/lib/tpm
use doc && dodoc doc/*
# Flatcar:
# (removed newinitd and newconfd)
fowners tss:tss /etc/tcsd.conf
systemd_dounit "${FILESDIR}"/tcsd.service
# Flatcar:
systemd_enable_service multi-user.target tcsd.service
udev_dorules "${FILESDIR}"/61-trousers.rules
fowners tss:tss /var/lib/tpm
readme.gentoo_create_doc
# Flatcar:
insinto /usr/share/trousers/
doins "${FILESDIR}"/system.data
# stash a copy of the config so we can restore it from tmpfiles
doins "${D}"/etc/tcsd.conf
fowners tss:tss /usr/share/trousers/system.data
fowners tss:tss /usr/share/trousers/tcsd.conf
systemd_dotmpfilesd "${FILESDIR}"/tmpfiles.d/trousers.conf
}

117
sdk_container/src/third_party/coreos-overlay/dev-libs/cyrus-sasl/ChangeLog vendored
View File

@ -1,117 +0,0 @@
# ChangeLog for dev-libs/cyrus-sasl
# Copyright 1999-2016 Gentoo Foundation; Distributed under the GPL v2
# (auto-generated from git log)
*cyrus-sasl-2.1.26-r9 (09 Aug 2015)
09 Aug 2015; Robin H. Johnson <robbat2@gentoo.org>
+cyrus-sasl-2.1.26-r9.ebuild,
+files/cyrus-sasl-0001_versioned_symbols.patch,
+files/cyrus-sasl-0002_testsuite.patch,
+files/cyrus-sasl-0006_library_mutexes.patch,
+files/cyrus-sasl-0008_one_time_sasl_set_alloc.patch,
+files/cyrus-sasl-0010_maintainer_mode.patch,
+files/cyrus-sasl-0011_saslauthd_ac_prog_libtool.patch,
+files/cyrus-sasl-0012_xopen_crypt_prototype.patch,
+files/cyrus-sasl-0014_avoid_pic_overwrite.patch,
+files/cyrus-sasl-0016_pid_file_lock_creation_mask.patch,
+files/cyrus-sasl-0026_drop_krb5support_dependency.patch,
+files/cyrus-sasl-2.1.17-pgsql-include.patch,
+files/cyrus-sasl-2.1.19-checkpw.c.patch,
+files/cyrus-sasl-2.1.21-keytab.patch,
+files/cyrus-sasl-2.1.22-as-needed.patch,
+files/cyrus-sasl-2.1.22-crypt.patch, +files/cyrus-sasl-2.1.22-gcc44.patch,
+files/cyrus-sasl-2.1.22-qa.patch, +files/cyrus-sasl-2.1.23+db-5.0.patch,
+files/cyrus-sasl-2.1.23-CVE-2013-4122.patch,
+files/cyrus-sasl-2.1.23-authd-fix.patch,
+files/cyrus-sasl-2.1.23-gss_c_nt_hostbased_service.patch,
+files/cyrus-sasl-2.1.23-rimap-loop.patch,
+files/cyrus-sasl-2.1.25-as_needed.patch,
+files/cyrus-sasl-2.1.25-autotools_fixes.patch,
+files/cyrus-sasl-2.1.25-auxprop.patch,
+files/cyrus-sasl-2.1.25-avoid_pic_overwrite.patch,
+files/cyrus-sasl-2.1.25-fix_heimdal.patch,
+files/cyrus-sasl-2.1.25-missing_header.patch,
+files/cyrus-sasl-2.1.25-saslauthd_libtool.patch,
+files/cyrus-sasl-2.1.25-sasldb_al.patch,
+files/cyrus-sasl-2.1.25-service_keytabs.patch,
+files/cyrus-sasl-2.1.26-CVE-2013-4122.patch,
+files/cyrus-sasl-2.1.26-canonuser-ldapdb-garbage-in-out-buffer.patch,
+files/cyrus-sasl-2.1.26-fix_dovecot_authentication.patch,
+files/cyrus-sasl-2.1.26-missing-size_t.patch,
+files/cyrus-sasl-2.1.26-send-imap-logout.patch, +files/cyrus-sasl.conf,
+files/java.README.gentoo, +files/pwcheck.rc6, +files/pwcheck.service,
+files/saslauthd-2.1.21.conf, +files/saslauthd-2.1.26.conf,
+files/saslauthd.pam-include, +files/saslauthd.service,
+files/saslauthd2.rc6, +files/saslauthd2.rc7, +metadata.xml:
proj/gentoo: Initial commit
This commit represents a new era for Gentoo:
Storing the gentoo-x86 tree in Git, as converted from CVS.
This commit is the start of the NEW history.
Any historical data is intended to be grafted onto this point.
Creation process:
1. Take final CVS checkout snapshot
2. Remove ALL ChangeLog* files
3. Transform all Manifests to thin
4. Remove empty Manifests
5. Convert all stale $Header$/$Id$ CVS keywords to non-expanded Git $Id$
5.1. Do not touch files with -kb/-ko keyword flags.
Signed-off-by: Robin H. Johnson <robbat2@gentoo.org>
X-Thanks: Alec Warner <antarus@gentoo.org> - did the GSoC 2006 migration
tests
X-Thanks: Robin H. Johnson <robbat2@gentoo.org> - infra guy, herding this
project
X-Thanks: Nguyen Thai Ngoc Duy <pclouds@gentoo.org> - Former Gentoo
developer, wrote Git features for the migration
X-Thanks: Brian Harring <ferringb@gentoo.org> - wrote much python to improve
cvs2svn
X-Thanks: Rich Freeman <rich0@gentoo.org> - validation scripts
X-Thanks: Patrick Lauer <patrick@gentoo.org> - Gentoo dev, running new 2014
work in migration
X-Thanks: Michał Górny <mgorny@gentoo.org> - scripts, QA, nagging
X-Thanks: All of other Gentoo developers - many ideas and lots of paint on
the bikeshed
24 Aug 2015; Justin Lecher <jlec@gentoo.org> metadata.xml:
Use https by default
Convert all URLs for sites supporting encrypted connections from http to
https
Signed-off-by: Justin Lecher <jlec@gentoo.org>
24 Aug 2015; Mike Gilbert <floppym@gentoo.org> metadata.xml:
Revert DOCTYPE SYSTEM https changes in metadata.xml
repoman does not yet accept the https version.
This partially reverts eaaface92ee81f30a6ac66fe7acbcc42c00dc450.
Bug: https://bugs.gentoo.org/552720
*cyrus-sasl-2.1.26-r10 (20 Sep 2015)
20 Sep 2015; Julian Ospald <hasufell@gentoo.org>
+cyrus-sasl-2.1.26-r10.ebuild:
add libressl support
24 Jan 2016; Michał Górny <mgorny@gentoo.org> metadata.xml:
Unify quoting in metadata.xml files for machine processing
Force unified quoting in all metadata.xml files since lxml does not
preserve original use of single and double quotes. Ensuring unified
quoting before the process allows distinguishing the GLEP 67-related
metadata.xml changes from unrelated quoting changes.
24 Jan 2016; Michał Górny <mgorny@gentoo.org> metadata.xml:
Replace all herds with appropriate projects (GLEP 67)
Replace all uses of herd with appropriate project maintainers, or no
maintainers in case of herds requested to be disbanded.
24 Jan 2016; Michał Górny <mgorny@gentoo.org> metadata.xml:
Set appropriate maintainer types in metadata.xml (GLEP 67)

1434
sdk_container/src/third_party/coreos-overlay/dev-libs/cyrus-sasl/ChangeLog-2015 vendored
View File

File diff suppressed because it is too large Load Diff

53
sdk_container/src/third_party/coreos-overlay/dev-libs/cyrus-sasl/Manifest vendored
View File

@ -1,52 +1 @@
AUX cyrus-sasl-0001_versioned_symbols.patch 914 SHA256 d64669070f4d19d884eaeb7d2b3b66987a714c2dda462bbbc4bcf452b705c3e0 SHA512 83329417818f1a33fb013090024e15786dadfc0fc865e2c6f09addbf8ba51519f171f8d583cd558b2ec98c2ece112a5427f8a6b02b74246cc948fe196a38681c WHIRLPOOL acb76440be9cbbb671d686080ec9478c70773c7a84526f2f1ea8bf4b994b51bb8c32830ba12c4e8c8dcfc973e17a00b847e7f67c39f639c1b1ad825612c989bc
AUX cyrus-sasl-0002_testsuite.patch 1055 SHA256 d7fff57482c2a9b148296ec680327d0cbd5254ed0a0bc99f46e2dc73758a6abc SHA512 a7ea09cfb76b4c99ca8b1316c547e6168108e11495368453fbc4e4842306727c2e1aafe9d959d195d6eb5262b5e1f91668fc7ac1d24dc6b15149ae162288994e WHIRLPOOL 5b71f60005aeeea61ad403f8a7c8c8379348f22a16780a2ef35fb092ed265191638e859c9faf576e7e06dafe8357960db0b8ba8ff8d8a940731eb8de41f81a2e
AUX cyrus-sasl-0006_library_mutexes.patch 805 SHA256 c1b955a6e9873284d27a1df62cc8952d5dbca0ea729ba326aa6f8b4ed1a96c6e SHA512 cc1783f97c65a309a11ea91ddb6f4db06590af6a987acd333dbad2da880db36b8401213e8e2cbfdb48bec021ba204f63ac0ffbea7d4dd1fdfe65d1212a062963 WHIRLPOOL 3f9876cc765d5fbce3da495135bf745c6ef6f661088635d7f2f13e60e0f276d52d65bf9ca22cfb640b5bda5d7f93244c13556524056530007aa23e5f4f3a0706
AUX cyrus-sasl-0008_one_time_sasl_set_alloc.patch 2067 SHA256 2489dbd2548fb19c75c511c3b1e86077b4dc9c9218c9d0513fdb37ff06c75dad SHA512 a9d87e0746d6584141252c1c248123cd6372df81ebcfe73d2e305757cd67bb15e1796a699a17b0f8df1504c288b4cbf172d4b604430ff84d6ab59559c3334cb3 WHIRLPOOL cec7893d587caa953fdf13030b0845656a03dbba4244dc24ee820ef555d72cd82f3b26b31c3f3d623aa2d754969ae4fd59f7d96dc598a43a5a73901372a6d49e
AUX cyrus-sasl-0010_maintainer_mode.patch 340 SHA256 dfe0cbaacbe8b6b50d14c9fcd62f0bb5e69ab942bbbfd9fbc5db96c724fadd47 SHA512 dacf72e220aae0e97635415b930c5020c846192b505db7b2aef80e0322514a1bd2ed61a00fc37e24ef034c4cde91d414582a8342a62f7a7acd0cdcfba4d41b2b WHIRLPOOL 6566b5ea1a46921cd011624a7dbf3603b209015628a6e18a9b29de9fbfeca0c4b87de696533ec6f8b9626f81c4f34675b0d639f2948085f4f91a18aa8774d401
AUX cyrus-sasl-0011_saslauthd_ac_prog_libtool.patch 281 SHA256 84458e986e1d83c4ed2c2797f367ae8a36cfe73dfc3b68a3b98e64588d9e1da2 SHA512 13273364b83a10e4d19efccbbeb39a2c00830b62b9e367812ecfd9d8d1662057d6ccfefbb89f94021491d36024d85f92482678a8773476e2aa66587a0d2769d0 WHIRLPOOL 6e6d0fa475386aab9f57bed6acdd46caa6569459e68275571ea89550aec086220e851d03b56eb0945e7882d10f403c2ac763fcdcd1cb8b3d59144cdedea6de07
AUX cyrus-sasl-0012_xopen_crypt_prototype.patch 720 SHA256 1a6d1aa451c18a9ee61a1dc64a1e18a99935b3467f64a2f92e9bb70680039223 SHA512 c0cfa47bb295c7c2463d55ab370e6ed5b6515ce97a7534e68a8f0247add2d54d2593d801b6c4c5e34711f259788da44b57301781f146da5dfb066d4216e3a135 WHIRLPOOL 878688c99f9a26a6ca14147a26f412a19b61a201284f8f709ce62365712ecf39d9b5960d8c93332d4360e09225a0d0edef3a522d52eac9c0f9c30a582ebd6c22
AUX cyrus-sasl-0014_avoid_pic_overwrite.patch 1074 SHA256 b78a3456c964116e8d121e5607b6ea3dd54d7a2696a10a18d41ff08b299ad982 SHA512 44e665021c2793c25ae95e52dbad2f9e685deab808b724b3c803a02a00b7610b7792c656752b93f4627106bb3297b6181bdfde84cce04d29d70d95731da5a83d WHIRLPOOL 783e1142d9ab6f3839d4983ff22ec273cd4b6b1166e2cb8d46871d1e732c18cbb22914599d29dd7881477fca817166abca1bdaeb0e08f9c350f4942e97f5bd8a
AUX cyrus-sasl-0016_pid_file_lock_creation_mask.patch 924 SHA256 4d802c2027e3a537be50305b0648ccdcdef6c1515b07a3d5d7bef3fb8dfbf531 SHA512 dbd61df25f235580d57dc6e09d45cd1f4b444f9a864daab50acbcb8d4e398fcc4e0432c3a21133ea855031d6d525155f5d772bd1f6124ee1e691168952207e46 WHIRLPOOL 8d3cfc094365d6c351042af6575f4421f99a4f5bd9be8191de274c079b14b5d3a158a667996e0ef8048a88f9781e4a4bf1851877a3b8b6772279d11cc2b46baa
AUX cyrus-sasl-0026_drop_krb5support_dependency.patch 1625 SHA256 e0bc73fb5a8858334ff49a2fbada79369867a7d5e90e6f9655c71d30a020656f SHA512 03e80a2ef6bca27e378195f9b3454c698005b63e56c01c0e15aeec120a28cd16f0ef98dcda445a449edf0de809658b9a5f87334b5d80488d47f44c037ca121a7 WHIRLPOOL 11f5ad7437302f8109c124b581b5075836b4cd8d82d7a045ed37374ab2924c6dc39c14c4d7ae7b76d3d62ae09043db9a7a62fd9c8bff37d91e7b8b16f419e67f
AUX cyrus-sasl-2.1.17-pgsql-include.patch 588 SHA256 577b2431bb49ce8fcd9f5f864532e69e84fc6032c56fa564f9e95e25cfdfbc7e SHA512 710b2939c6350fac164f427d870dff83f03e5050ef6258e92875249b972dcd30b99e27bfb226030f59c9202301c66901d7b4d6c62333dbd6704517ae57b7312e WHIRLPOOL bb9b02563271a1b14858df672f5c635e7729c11a7c7d1eac20ba7e9ef6f06a8637e19e42efd560f65cc307148911f2d5e1a695fe5278ba77d82334ba1a2711d6
AUX cyrus-sasl-2.1.19-checkpw.c.patch 4657 SHA256 5bdb8b3525429696a391d95c89faa553c3137c442f71479bc1aa430ee5255495 SHA512 4bc6c34908bed04035f6bf77a980873df24dea51f2a836fa1e421547e230525069046b9994714375c4807b125dbcb1a417b234936db703da6423d1c3eb9dbb8d WHIRLPOOL 70d811766abdf82aa651638265164d295e07550a07a07d9679bde284a41f8032beab462c7e6d5917d48c150c10c811719e12b80cca21ef2aed94d5470607a113
AUX cyrus-sasl-2.1.21-keytab.patch 1460 SHA256 51f0098f1293981cbea57c7c8fdb0ba7622e9b26404fe1a92bdfcdbad1526269 SHA512 d178025761273fd51a3d15fea0a44a2e66b4bd764a904a2b8cde00a77b5a13a9237bab60c0848e971613f26fc394efaf1de31246f4ebcd4990326420945f88a3 WHIRLPOOL c83731aa78604025f5f56339fcbeef56e57d2b92af269facf9beb3e9cf085abb4f1a2c4791612c47e787b7643791e681f45a40d910dd8b513da9e5dc33e7045c
AUX cyrus-sasl-2.1.22-as-needed.patch 463 SHA256 bc26996cbafb59f4daf1d7acc077bae9a60e4746109a9ec4a580eaba5cb9ca78 SHA512 e6abc938ca36435bc1bc9df2b996b4533fcc16bd4ab154aec3f747bb9d383fed23617f097c9c665f53cd35067d0f74e991c867d5029f787479d6b90869ffa8fb WHIRLPOOL c3db46be4a373adcf629f41ca742e0652ab64d32db42de47c9bb9145975f93ee79a7fdd0fb191809f11ca5343e0177d8a2b8d024f2dedc2c2ca499d39405ca79
AUX cyrus-sasl-2.1.22-crypt.patch 2892 SHA256 cad92b50aabbf2bcfdbd8169949a85a75c96e12ad43fcd4aaf89d6d7482210bf SHA512 c3fc240e049e359c00077681dcaf58be1817a01d8588e161f65a5cfa65c132d7f72f5cc58c5d24747f3b7a7ead758dd2c5eb8462b72e1e3cf13f447c1bae8279 WHIRLPOOL c1dd99b303ab41c5d845c2f697222bc9a18a014cdfd8aa4fea66faf04922a8a113f785e597a408eb2b04a66a7fdfc3eb4906244acaf986c798571e78570d0c24
AUX cyrus-sasl-2.1.22-gcc44.patch 540 SHA256 d803266d96bb3b9f46bc2ce4ec280509d769bbf9c1a226e20c13803db398a113 SHA512 ffaf7d469b049a41ca776d61b945a3adaba6eebb0e7836fa913f2d6999fda1e95d6b0ec9bb0dfa8a4809a8f865c8eef64806f43627081be6d30142e96a99724d WHIRLPOOL 78f3b53da149f045a2bc51939c63f28560e8b2926e5ab8e775e4129dff367c016f1efd83d84aa4540303e884f3f32a31306796b84112bd37a14cf1f89bcb9b4f
AUX cyrus-sasl-2.1.22-qa.patch 525 SHA256 56dbdc290871f3a42e507fe0be90431de15a832da7cf99bf3c21fb5aef05c8ac SHA512 228c9e035a29f4cf82b640f0cb16d947a43d1a95445929ea866c1a39763b8eded66dccbbdcf40e9753c7ab4da1b427c5311bcd1df5b13bbd439cd21483add5aa WHIRLPOOL 88319337100ef306b91ac768306cfef4be0eeebd193f3a35c202dc554010dfa2216fb246588b5f7526d0e2ff2551f3149b8158a1bd90592eb4444921a1e62e6f
AUX cyrus-sasl-2.1.23+db-5.0.patch 1009 SHA256 6570d4ff7668a7df47b457ebf38c232bcd9b7034db37d23effa5a18b735dc38e SHA512 da52efef06b3d43c88b1edbc16609e8db3440b39f9f515c5b16e510a83b0b5764b5b79733b68ce98b8da08d0dde43ed058ccd70b6d28593ad4c881a9f223fe36 WHIRLPOOL c2e7ae6a02fde77a562d7b9bf7732829bd6b94a525b0f30c3f7fe72053f22d1fc5d26795323f224bef09d1b3d22ef43f6d3f8d11ae6bdfef5cb1251e7646fa8e
AUX cyrus-sasl-2.1.23-CVE-2013-4122.patch 3418 SHA256 fd604196fd1a51f234445bd78ebda3655175e4fa1dbe9c918f5f093b8581ad29 SHA512 a1749be201997bf8e2a7e0bbc29b60baf8d2e4b398e88698ba59f4c55f857dcaa3fd7a2a9c9d2eb48f9ca0a9ea56f3822b5a7415d07021299bd5ed161b3f4a06 WHIRLPOOL 34b04a407552be8984e83682c2f2b1103926dbaf2304b93cc7d825928406bc02a3d1b54c9f85215ca341c8cac3805e96bb7e4bb68dd5f274716f4b68e554208b
AUX cyrus-sasl-2.1.23-authd-fix.patch 829 SHA256 8732176e4a493b6b1548dc4799bf6866b9c324f5ecaafc9d9beffe0ac423d43d SHA512 0c2a675aac47a42a17caec54ce1f5561a59a7d0dd803e1046c020f5462e49485b475983db49e64b49c24b18678afc2d58fd9937d08e8fd46fc4781e7e9441606 WHIRLPOOL bb2f3e90341d7518af21f7770cbba3e17f5fd7dc186c2eada8d969c7f5961dbfc29bbb44ffdfb68a83eabb10a82f63d32e0f62d42c839cb8039ba0cbaf32719c
AUX cyrus-sasl-2.1.23-gss_c_nt_hostbased_service.patch 782 SHA256 672fce3a1b0a45f7e91e8ed8aaad953b70118f74cf10bfb966aa65d052017b0f SHA512 524b199559b5f8f363f12bd1dd677f3354eacb68e88fa43ab8dd227465121c00841ce48ce01ba7e9e64629d5871418ed424d0c9bdda6895914c07ae7f1035595 WHIRLPOOL bd9aca1b285698ef1dff06df7c3d72f7f09dd1621a81a764ace80bb94977e394f4b3e6dadebaff34bb64e5d031d4f30aef5e7400186a29a3707f3c984e3d0bcb
AUX cyrus-sasl-2.1.23-rimap-loop.patch 783 SHA256 1d07d64b79960f026bbf271222a985bbe39ad465dab157f0cd5fbffde5622a5d SHA512 bda3b0b6cbe21145b134fee58f0cc330159bca7ae59b7d3e557eb6d5e09ea00325eafe07d139b71903626010baaa08d4cfed67257ee9548374efccd516c5579c WHIRLPOOL 284e1a9ff539c6fb028c3c042c7f09703b0a876daebb2a7c5fabd293c4b0fa5dd98ac40ea6c7e37664060284ed2eb67ce013c33ba48f0875163828c64e1063ba
AUX cyrus-sasl-2.1.25-as_needed.patch 1083 SHA256 5143036f20fdc1ff0b44b73b6d245392edc2f786d74730fc0f8f75d7b40ea5c6 SHA512 8fdc7039fda79e95ec310cd63d72871d7b5b35b5a1b6cf30b9693f6a02e265d924e375ddc65158f38de129b5da058ecd26038f988153ff0aacf2665d66f40abb WHIRLPOOL cb83b15e434c4127279a7c51f44d3a592466cbcb1591a390614b170d516be556a779e366d83ca51029626e3de706fe5c187d86491ac1b0728f2d0031ff0b5a25
AUX cyrus-sasl-2.1.25-autotools_fixes.patch 3926 SHA256 390aef512c359ae3eee9d1c781ab9586b71b98e4b8961594de0872b09acfbea2 SHA512 d1e39d856addf6b53a278669df6e87f0fddd9a1ceadc0fadf2bdac239fcec8540c797118be642a58e65e2ec667d3c2a4b604f68f659433e64dbcd5bfe35b9a82 WHIRLPOOL b501636d42de380041acf7edcb4f571fe3f4b9642ce309c78a20fa2617990dd4bede18ed368fd3ebc194c86e2b3614ccf4b1b3cb2912451cdb24d010ebab14bb
AUX cyrus-sasl-2.1.25-auxprop.patch 552 SHA256 d9f63e60aa664f064755151fb5aa442ed52a3053057b5a63f2d88c937906dc7c SHA512 73ae914e684ae698eb56a1579ba9a477a946625a3b079e2b400d88583074f1701d8a6926ed17dea36b923050f21c04fbf746d54284568bd21c14be3d10283b6f WHIRLPOOL 899e41790b71a55983fa99c09e3b9b28667e2e7f457bdc39028ad705883676f4363bbd968c04b35fe2ce84fd08c1b5daad73b988f6e2299f1c129e59bc65f93f
AUX cyrus-sasl-2.1.25-avoid_pic_overwrite.patch 1076 SHA256 80cb9cf22b0507b503ff0cf6c5946a44eb5c3808e0a77e66d56d5a53e5e76fa7 SHA512 033e3634116e1d3b316052dbe0b671cca0fcfb6063fca1a97d990c422c2ce05109a1e424e84ed9928dc0312a325a7248f2d2e3f9547f84453b36331c01f63be5 WHIRLPOOL c5d502cf80f298771331660fd3806685cee47c128be4cdffd603c44b5cc04adccf4f459b354cb30f1e05acf8be76cb1e3b76a22c09f1b3b873cc13b683608607
AUX cyrus-sasl-2.1.25-fix_heimdal.patch 601 SHA256 6285b2a9c0b9ab2590a4225ac1eb8d01678e6b0559141c274d4451def65b5283 SHA512 80a5181a3c324551ae64ead2d6199691ac9994653e4b86de21852d2caf201b5fccde6464af4189351edcad4b87dc60cab5f1c03148db77f90c6c52a16465045a WHIRLPOOL cc1adba84e09ef37ac4102b2da7c45eff9c496ca2cdb680e76b287a104e5ad039bca0b1bf319a6c5bfaa2e57cb6e5c8c4b93a8682ebac01bcb18a3b82cecac16
AUX cyrus-sasl-2.1.25-missing_header.patch 292 SHA256 a83296e782a6137b0f687491314af7a82a37296729af42ca11d1f3667f7320b3 SHA512 b1dc1fa2663c5bd9b051353e6c18ece48460c2de4aff3b6f13672e0aa08e651462af4dae38a2821367728e503ade577218d2645f8c0a96c85e77226ee77ac1a6 WHIRLPOOL 859f6c1f8a864083b163f1c95431c633b9ca6d75a72bae14ce526cca0525ef2c4f0bb2760792baeb228fcb2b64126685d918012574f6a23ebc6b4a580245f77f
AUX cyrus-sasl-2.1.25-saslauthd_libtool.patch 280 SHA256 76ba2532083630a05ed0e3a5f2976eef6ec62e0fc1782bfee6147aee749e2ce8 SHA512 1e79230a3891f1492c7d6f5969f6a4890aaae2f488e9f3942cafeda574bf8810c4fb3e004836f769244db02bae663fa3ac1eeca19658e6fd3c94f2a891ed2653 WHIRLPOOL 0ac53b59da7a22e93c489e3bc62b0db83f14953cacf6c79c806feaeb33186e4b8f747c58faf49c514df2daba2580326db2c59c576bca3ae192fc210915d93aad
AUX cyrus-sasl-2.1.25-sasldb_al.patch 555 SHA256 3885246eda016e7a6d273305b2a011770465e8324d1774ef0d021e3def3008d5 SHA512 2da553298b482ca3115294de7264428925911f8d1b6a15ae1af38ee7e0a3191a0f4ad90bcbaeef599c994842a86eea5157b663cb6944f035d9a377dba91dbbf0 WHIRLPOOL d248eae3c8e0e313c0047d0bfbf6e4dd1341afdd4b525138827148517e8cc3847f4c134cd1639be1734c60c5fde922e8bd759895de55b268c2bc9fd54994bda9
AUX cyrus-sasl-2.1.25-service_keytabs.patch 932 SHA256 6b60574c65fffd802d19b409fe9a4b043614261e59051b7b9cf51380e08cd8f3 SHA512 bd5ceebfe1b8f72d275db487a6f11bbb8e6f20f3b44c05040fd9d0bb5c72e656f2c8f22924fecaa9c268e50d54d272f25f4a5a3b72ca49d1c23ef9f178d00733 WHIRLPOOL 7b3ab47b4af7425ed619c4c6336feb74d45ab9e52d102995d13c6b013cab4c1bf2804ace0b9714066eeec8b105d09e1c267405581ae10361afd7d8762f702a3f
AUX cyrus-sasl-2.1.26-CVE-2013-4122.patch 3838 SHA256 39c3c404d6fc0da79c51157c6a3c05aeb9117cf5df87615d6a8f8086056bf94e SHA512 3df09f16dc2f4efc601339743eb6e66087977fae4e174aa82c4abb7f85a77aa9eb98629837079236446ef3b494fb48931c9dc8850362a49615749e162b4699c8 WHIRLPOOL 68a61bd075006bdde0fc7982694f8a413c4f21522b6a3a38af345c0d94e96294eb31d2f8ce05eb30ca8d228327f69bfc55f91be43f9eb1484989de4ee7aedc53
AUX cyrus-sasl-2.1.26-canonuser-ldapdb-garbage-in-out-buffer.patch 284 SHA256 334c3a2c7f409707026136ef595845f61e971e369035c3b5e3bf284f1e7e6e1d SHA512 f3b789b7dea3f6a51fca6fd1877c81b5f5a3be342fa5c90ddae98a822e0c2a71e8fa582c6cb60c696363aa5cb99db8609cd6b3a91c5d402a0ad1e6124c726f5f WHIRLPOOL 70fb8cbddf81c3dc631c0b9df72d3255590d20ae5d7d1d0ed6ca70548aaef3c48444703821c2a5ccc3b7fec5592584bc843fe5284fa1b0ef40a3446727e0f6eb
AUX cyrus-sasl-2.1.26-fix_dovecot_authentication.patch 2603 SHA256 3edf79a6b1a03c87bef8b41f858ffe32c778288cd22ffc05460c3b8ad2f6393c SHA512 4244015451dfd41443a0cf8b56ae19a1dfb550e374fcdc37dc091a54f73ab36818c25fe96f7837e3ddfe5c7952d309a5b51bedfe0b7c7f1dec8ecf15f067acda WHIRLPOOL da1a5afb7a17e0eb3e7ca7586769a766b994794d3c24a21a88c895b17b0685a06287186b3bba6cce2daf0216ee91c89f79770f205eaa6b7ba844ade263ea134b
AUX cyrus-sasl-2.1.26-missing-size_t.patch 348 SHA256 1821e0f511a3eab2cbefba36b6538a997afad2a4892d1fcbf22847d34e06711e SHA512 026183880caa504af9dda5fb93a6f47a159c7ab6af79463bc512709681dd260489411b8b8da78a9f8cd260b77ae5d1977854a39de80bc48f3a03e3ffa1b09fb2 WHIRLPOOL c71d5e4919577b6c23b1610c3fa695ad035befa9cc1de43867c9e9c17016f681854e734275241dab60271d3bc7198fd633b079ab6f53e6b8bc8ce4c513eff6bd
AUX cyrus-sasl-2.1.26-send-imap-logout.patch 1897 SHA256 021289615c690937dacf7bd0d1f23823255d141ea0c7f81a9f98d4d2b42260d4 SHA512 b30a4faea9fb66d8fab95a27b8ec87371d3650c5d2d4475449b8cebb223631d1afe9cdebd8c9b076e77bc3d2e2f5c32b24fe9292db26523212a72754cbff9995 WHIRLPOOL b7348e5300c7584d9bf18421a703a66c348bbb926c569da618876c500c78385b5580cab98c261fb051684ed45f2fb682ca837a0d4beff789f94134801898f0fa
AUX cyrus-sasl.conf 34 SHA256 1d246914153ca86390e7c39aaa9494ce1175d783d3292a8cc5a2d867b816fb7b SHA512 67b9bb97191d091ffc2b8f450ad88a558df304a29651a9a49407c50df0a316666a96e7d1a2ca3ac8ee5e60a58a5d5b618ce963661f4f45049dc6b3ef2cf8099e WHIRLPOOL 671625830fc9df9b44fff4d7fe16a7d7e76c42e8c1cf75cc7a725586aad3f80b98aa5a07ae5dea848833aed6aa02294c2a7b9969f1e708dd6854370a62c5cd23
AUX java.README.gentoo 934 SHA256 aeb733ab6371c1fe50e413e8469dcd11f0750b5afff489408c45f118857fc3fe SHA512 afcecb94e8e8c427b9491fc21312f4bed2a7d4ecedbbec8fec895cf8ca1e747073979f4415e12d8499eadbc29e8d74c6029f7cdfd7a2cb732454faaa19d52dd4 WHIRLPOOL d32cd2cfc9ffab9f791f48e0450c7eeff1b2203e29af8df8b96c4091ca7195cd579e41f38b857ef646eec28a11ea9e7c80aa6cee3f41a58d354b732a6ea15a92
AUX pwcheck.rc6 415 SHA256 9f711d5c78c93da20ef92350c81abf8768a011efd4dc0f8470d94b3fee1bd86c SHA512 571af3cef1b2984127553cca8987a6638b68d260d5083d373fa28f67614ca972ebdb408da88cfc8f98c3f03cf67d3ee51bcfd4dd540499493ceed8c59d8bb999 WHIRLPOOL bafb9ff5e1bcb0e9e67367b4d05a301c03311230b60f9f7afc54477160b33a5ecb2d396626c6c9a50a539d73db8a22598e29520a37ac307fae7942b6d41c876e
AUX pwcheck.service 129 SHA256 6b4dd0f703dfb4d61f24f3ba42884d83eba4a8cd06eb794cc7cd8bebc6c93da5 SHA512 73e01063bf308cbdc45400d4d0b61f81eade8453acec71b2ac0c0acf1ee458881aab2876cbd47208f87c6a9f298846eb509e14eb01b985c4f9e0ad4db1d8b751 WHIRLPOOL 04ba7e1e7ddf7f5cccfc6ffa0d2bc6b7c47eb0d933409dc85eb1176e374a8a1dc1844221c6fe30a0341487226f1f42ea0473a5cc1c3455a06d071ed7ff625b46
AUX saslauthd-2.1.21.conf 811 SHA256 5220310b313aa826e51dc4a2c1f97b474ded6af14a5e1cd63bcaa9c2b37321db SHA512 413acaceb34d29d9945393b6df6926d51b93e6884cf72d67031e88182f18ca0a5f24c41037a2b3cf3353944acb1eeb78e30de936627c8f8cf1f5df35730b9801 WHIRLPOOL e2e42c9b8747d51650fe27245f1313a3f740f8547cd4f95cb875872d3889dd70d6b60efe119d225b8510b51d713e49e7e575219deb788fd75da676f7fef9d7cc
AUX saslauthd-2.1.26.conf 695 SHA256 645f8991051921fb351645dc73b46bab9eddf3f4599670d189fc13855047e69d SHA512 1fdd046bec05ad1745ee8ad187eaf9fa4a47976b30b58851c46077a5990c30fa9cf658e210ec93001d213b1835c1d7623a5ec9cfb3e5ac5966fb99003806a54a WHIRLPOOL d29416006442136846d4f02ab6d7c4af84ef85db2d649792f520817be9be4835d2723dd42c92dc486888b9fe27ddbf177d1c33ab39b39e4e97b7e26e68dbf6a1
AUX saslauthd.pam-include 160 SHA256 97166de49d227cf5ff305168ea75ca584feda9ab87d1eb1437638861986e70ba SHA512 14fcfc0f69dacd25ac9b298cf44b0b44146d418424ef16e66edf8893353e418ef53beebb7199bd516b828c40954e4875ab5659f50a09af12ef2a371b944b45b1 WHIRLPOOL cc1c48bb92cf89ed9f29df2469823bd7bfa96b97fa8d6d33c7cfedef1e1a2ee12e66a0c34b7a992a631d4f446dfa4e9769d5b2c08dae5039115c00514f8a40e9
AUX saslauthd.service 277 SHA256 a8157a0748269d3534ac6f01bbf61f0215c665b50dbbf94fc2399b6d3287a677 SHA512 fa318aefec6f802badd72a4baf33875bc0021fc4889578877880971470d84bf645ad3c34dd10c582d8cc06ea512e3d56984902efaf09e2806a27feade5fc971c WHIRLPOOL 18f74f1caac60b7bbf58edf41b78c5d670a6892c8c763e05b026c930565dfb2c3ac7b6763e518824fe93c560c5f1f7e42306e950c1a942b38e0ec23824b74e89
AUX saslauthd2.rc6 417 SHA256 cc74cca0202ba8b34afeb340eebb4b05ec46d4218a8b04eb9b075c781af54b53 SHA512 71ab930feebe9dec93b887f39a27219a68edc5b297777fca4e25d483f1f587e63540a867e92ca34664da8baadcaabb9c7c35637ade8301b962b273a39346c86e WHIRLPOOL 75580a6eca1d42b44994af77cf59f3b14b9f0c6a304ac43c8d1f290d0282bc1d32906aedf0df5594a3d005a55e00ce31ac37203785327eaf00454c7aa37678cf
AUX saslauthd2.rc7 417 SHA256 bb6e6867eec37bd194f3f9417bf31515a08d630d47f1ce713ad773f4551244e0 SHA512 4ec33fff39e6e21ba894a77b582a385ad54bd66f7d68733e597ba85f1b7571bf99427aad8b69ccaa5e3fd861537dd9b25fd6a1deac1d56e548f45beada6bf359 WHIRLPOOL e231f5cd8c3cd9bb7d8e51e117590ef603ec75a3f972c53987dfacc0e5f651c0d4448fe90bfd0a84ad9f53517cda5beab81ae669176d3059c8052c031e23a998
DIST cyrus-sasl-2.1.26.tar.gz 5220231 SHA256 8fbc5136512b59bb793657f36fadda6359cae3b08f01fd16b3d406f1345b7bc3 SHA512 78819cb9bb38bea4537d6770d309deeeef09ff44a67526177609d3e1257ff4334d2b5e5131d5a1e4dea7430d8db1918ea9d171f0dee38b5e8337f4b72ed068f0 WHIRLPOOL bcba17705d5d7ef9a03802d6a0c3a887bba0473605a3a48d2672aeac187193f2488f28ab01bdf659d7a68b94b4c74e36428ca4b5be840fbed2968f1592534b33
EBUILD cyrus-sasl-2.1.26-r10.ebuild 7768 SHA256 6f3bb283f5fccf5902533dc396fad6721c7caeb5dd180c11b8728f430250c4a2 SHA512 8662debc01f3d67ae6c229379e2403d17a69545749bbcb31ff18721e82b18c4ce07edcc571dae141d55c2b0fb3041acff46ec98f73cfc831d97fa424b1c5b71d WHIRLPOOL 1f1509525471d063442a7dc6ecb192d8cedd322d85b9cc3d6e72c7a8fa6658eff936cc8df1670c197a3b1ab66f814932b39e41f711fc4583af975691dd837eeb
EBUILD cyrus-sasl-2.1.26-r9.ebuild 7674 SHA256 ff694d2a857df880a545df192f6e4e6b13f52356c9249129af1e47c300ee3694 SHA512 f8871a45e4a99d3289a576f8c2e6c1d19ccd4e0ff3261b480a99b9c258c84d09b7bdce14d1d425773b051f00d2f47f5c40cae4c7758f5de6fe72c0ab9434bfec WHIRLPOOL 6e238ae9c3f7cd835b4fc6dd327f5b1240db1be28fdb707bb2baf49306efa2225c1dc3f4600e8c6734e459aced77eb5927696e196f5f42e3e4fcacbad3bf52c0
MISC ChangeLog 5018 SHA256 8134a6cfc4a34723ddde549b9cd8a8ba2eccbbb5f48d83ba8961de89e0db9886 SHA512 5546ded0ed88df92bcfec6d87650a40c423ed31b42d31cd052fef16b5a87eecf45181e1965427dc7ab92aab0f26bf44f0476860d3fdb227c5bc9bcd928f72198 WHIRLPOOL 5a5556faab64124c9748017f7b98f8be01fbfdfbe3ca8c5fb3c793ecc564404f420220442a09fc04909d0fde5967213b1517944e329ec0e5ee5fb3fb824595a9
MISC ChangeLog-2015 52727 SHA256 cad5e2e4ba64d58e11617abd00f0fb1ef6c7f2edccc3b0c4df31bbd9c53d0d20 SHA512 7ace87d5f7be6e6d50367d79143688b3f0d363444b65a7440d9a5075c8d98c95bc882cd396dde521836cd05d233161727b4281db2184a00854c652e0a2be019f WHIRLPOOL e620fdbfe466b59edbba60af62089dcc9ce6a407917aedb5be3df3acacf0a963628c70cadb1684c908d7ebfc278006906f5d0abb76504ec4bf03ccb07960784f
MISC metadata.xml 706 SHA256 a20b99c5a9e2b9f98988c79cf520b26aeb4dc4fcc5ce64df4dbdf7edda1bae58 SHA512 1e7495deff4727296d29b25b7af535c0b36054b9172763ca8634b40f324dbc33697424a7e5565791c3131def3708c9ffb7e3e2362cbd8b334d650921fc2291ce WHIRLPOOL aa1f700aa5595aa60f2ad7befa95a055ca19aeeb059a3b5bd403f04e6da71d12de38d0dee7b3c4c8eb85cb454149bdbb408b7902fa38348ca0338d2396d21bfb
DIST cyrus-sasl-2.1.27.tar.gz 4111249 BLAKE2B 82c9acce8534521ce5c5806f093e927f1854b4bc4b83ea7db1b32ceaa811adc1a5b6fc16d03233d729194cd603836f6e58de67f915abab2cb74561a80d03f5a8 SHA512 d11549a99b3b06af79fc62d5478dba3305d7e7cc0824f4b91f0d2638daafbe940623eab235f85af9be38dcf5d42fc131db531c177040a85187aee5096b8df63b

245
sdk_container/src/third_party/coreos-overlay/dev-libs/cyrus-sasl/cyrus-sasl-2.1.26-r10.ebuild vendored
View File

@ -1,245 +0,0 @@
# Copyright 1999-2015 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
# $Id$
EAPI=5
inherit eutils flag-o-matic multilib multilib-minimal autotools pam java-pkg-opt-2 db-use systemd
SASLAUTHD_CONF_VER="2.1.26"
DESCRIPTION="The Cyrus SASL (Simple Authentication and Security Layer)"
HOMEPAGE="http://cyrusimap.web.cmu.edu/"
SRC_URI="ftp://ftp.cyrusimap.org/cyrus-sasl/${P}.tar.gz"
LICENSE="BSD-with-attribution"
SLOT="2"
KEYWORDS="alpha amd64 arm arm64 hppa ia64 ~mips ppc ppc64 s390 sh sparc x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd"
IUSE="authdaemond berkdb gdbm kerberos ldapdb openldap mysql pam postgres sample selinux sqlite
srp ssl static-libs urandom"
DEPEND="net-mail/mailbase
authdaemond? ( || ( net-mail/courier-imap mail-mta/courier ) )
berkdb? ( >=sys-libs/db-4.8.30-r1:=[${MULTILIB_USEDEP}] )
gdbm? ( >=sys-libs/gdbm-1.10-r1[${MULTILIB_USEDEP}] )
kerberos? ( >=virtual/krb5-0-r1[${MULTILIB_USEDEP}] )
openldap? ( >=net-nds/openldap-2.4.38-r1[${MULTILIB_USEDEP}] )
mysql? ( virtual/mysql )
pam? ( >=virtual/pam-0-r1[${MULTILIB_USEDEP}] )
postgres? ( dev-db/postgresql:= )
sqlite? ( >=dev-db/sqlite-3.8.2:3[${MULTILIB_USEDEP}] )
ssl? ( >=dev-libs/openssl-1.0.1h-r2[${MULTILIB_USEDEP}] )
java? ( >=virtual/jdk-1.4:= )"
RDEPEND="${DEPEND}
selinux? ( sec-policy/selinux-sasl )"
MULTILIB_WRAPPED_HEADERS=(
/usr/include/sasl/md5global.h
)
pkg_setup() {
java-pkg-opt-2_pkg_setup
}
src_prepare() {
epatch "${FILESDIR}"/${PN}-2.1.25-sasldb_al.patch
epatch "${FILESDIR}"/${PN}-2.1.25-saslauthd_libtool.patch
epatch "${FILESDIR}"/${PN}-2.1.25-avoid_pic_overwrite.patch
epatch "${FILESDIR}"/${PN}-2.1.25-autotools_fixes.patch
epatch "${FILESDIR}"/${PN}-2.1.25-as_needed.patch
epatch "${FILESDIR}"/${PN}-2.1.25-missing_header.patch
epatch "${FILESDIR}"/${PN}-2.1.25-fix_heimdal.patch
epatch "${FILESDIR}"/${PN}-2.1.25-auxprop.patch
epatch "${FILESDIR}"/${PN}-2.1.23-gss_c_nt_hostbased_service.patch
epatch "${FILESDIR}"/${PN}-2.1.25-service_keytabs.patch
epatch "${FILESDIR}"/${PN}-2.1.26-missing-size_t.patch
epatch "${FILESDIR}"/${PN}-2.1.26-CVE-2013-4122.patch
epatch "${FILESDIR}"/${PN}-2.1.26-send-imap-logout.patch
epatch "${FILESDIR}"/${PN}-2.1.26-canonuser-ldapdb-garbage-in-out-buffer.patch
epatch "${FILESDIR}"/${PN}-2.1.26-fix_dovecot_authentication.patch
epatch "${FILESDIR}"/${PN}-2.1.26-fix-cross-compiling.patch
epatch "${FILESDIR}"/${PN}-2.1.26-fix-cross-compiling-again.patch
# Get rid of the -R switch (runpath_switch for Sun)
# >=gcc-4.6 errors out with unknown option
sed -i -e '/LIB_SQLITE.*-R/s/ -R[^"]*//' \
configure.in || die
# Use plugindir for sasldir
sed -i '/^sasldir =/s:=.*:= $(plugindir):' \
"${S}"/plugins/Makefile.{am,in} || die "sed failed"
# #486740 #468556
sed -i -e 's:AM_CONFIG_HEADER:AC_CONFIG_HEADERS:g' \
-e 's:AC_CONFIG_MACRO_DIR:AC_CONFIG_MACRO_DIRS:g' \
configure.in || die
sed -i -e 's:AC_CONFIG_MACRO_DIR:AC_CONFIG_MACRO_DIRS:g' \
saslauthd/configure.in || die
eautoreconf
}
src_configure() {
append-flags -fno-strict-aliasing
append-cppflags -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED -D_BSD_SOURCE -DLDAP_DEPRECATED
multilib-minimal_src_configure
}
multilib_src_configure() {
# Java support.
multilib_is_native_abi && use java && export JAVAC="${JAVAC} ${JAVACFLAGS}"
local myconf=()
# Add authdaemond support (bug #56523).
if use authdaemond ; then
myconf+=( --with-authdaemond=/var/lib/courier/authdaemon/socket )
fi
# Fix for bug #59634.
if ! use ssl ; then
myconf+=( --without-des )
fi
if use sqlite || { multilib_is_native_abi && { use mysql || use postgres; }; } ; then
myconf+=( --enable-sql )
else
myconf+=( --disable-sql )
fi
# Default to GDBM if both 'gdbm' and 'berkdb' are present.
if use gdbm ; then
einfo "Building with GNU DB as database backend for your SASLdb"
myconf+=( --with-dblib=gdbm )
elif use berkdb ; then
einfo "Building with BerkeleyDB as database backend for your SASLdb"
myconf+=(
--with-dblib=berkeley
--with-bdb-incdir="$(db_includedir)"
)
else
einfo "Building without SASLdb support"
myconf+=( --with-dblib=none )
fi
# Use /dev/urandom instead of /dev/random (bug #46038).
if use urandom ; then
myconf+=( --with-devrandom=/dev/urandom )
fi
ECONF_SOURCE=${S} \
econf \
--enable-login \
--enable-ntlm \
--enable-auth-sasldb \
--disable-cmulocal \
--disable-krb4 \
--enable-otp \
--without-sqlite \
--with-saslauthd=/run/saslauthd \
--with-pwcheck=/run/saslauthd \
--with-configdir=/etc/sasl2 \
--with-plugindir=/usr/$(get_libdir)/sasl2 \
--with-dbpath=/etc/sasl2/sasldb2 \
$(use_with ssl openssl) \
$(use_with pam) \
$(use_with openldap ldap) \
$(use_enable ldapdb) \
$(multilib_native_use_enable sample) \
$(use_enable kerberos gssapi) \
$(multilib_native_use_enable java) \
$(multilib_native_use_with java javahome ${JAVA_HOME}) \
$(multilib_native_use_with mysql mysql /usr) \
$(multilib_native_use_with postgres pgsql) \
$(use_with sqlite sqlite3 /usr/$(get_libdir)) \
$(use_enable srp) \
$(use_enable static-libs static) \
"${myconf[@]}"
}
multilib_src_compile() {
emake
# Default location for java classes breaks OpenOffice (bug #60769).
# Thanks to axxo@gentoo.org for the solution.
if multilib_is_native_abi && use java ; then
jar -cvf ${PN}.jar -C java $(find java -name "*.class")
fi
}
multilib_src_install() {
default
if multilib_is_native_abi; then
if use sample ; then
docinto sample
dodoc "${S}"/sample/*.c
exeinto /usr/share/doc/${P}/sample
doexe sample/client sample/server
fi
# Default location for java classes breaks OpenOffice (bug #60769).
if use java ; then
java-pkg_dojar ${PN}.jar
java-pkg_regso "${D}/usr/$(get_libdir)/libjavasasl.so"
# hackish, don't wanna dig through makefile
rm -Rf "${D}/usr/$(get_libdir)/java"
docinto "java"
dodoc "${S}/java/README" "${FILESDIR}/java.README.gentoo" "${S}"/java/doc/*
dodir "/usr/share/doc/${PF}/java/Test"
insinto "/usr/share/doc/${PF}/java/Test"
doins "${S}"/java/Test/*.java
fi
dosbin saslauthd/testsaslauthd
fi
}
multilib_src_install_all() {
keepdir /etc/sasl2
dodoc AUTHORS ChangeLog NEWS README doc/TODO doc/*.txt
newdoc pwcheck/README README.pwcheck
dohtml doc/*.html
docinto "saslauthd"
dodoc saslauthd/{AUTHORS,ChangeLog,LDAP_SASLAUTHD,NEWS,README}
newpamd "${FILESDIR}/saslauthd.pam-include" saslauthd
newinitd "${FILESDIR}/pwcheck.rc6" pwcheck
systemd_dounit "${FILESDIR}/pwcheck.service"
newinitd "${FILESDIR}/saslauthd2.rc7" saslauthd
newconfd "${FILESDIR}/saslauthd-${SASLAUTHD_CONF_VER}.conf" saslauthd
systemd_dounit "${FILESDIR}/saslauthd.service"
systemd_dotmpfilesd "${FILESDIR}/${PN}.conf"
prune_libtool_files --modules
}
pkg_postinst () {
# Generate an empty sasldb2 with correct permissions.
if ( use berkdb || use gdbm ) && [[ ! -f "${ROOT}/etc/sasl2/sasldb2" ]] ; then
einfo "Generating an empty sasldb2 with correct permissions ..."
echo "p" | "${ROOT}/usr/sbin/saslpasswd2" -f "${ROOT}/etc/sasl2/sasldb2" -p login \
|| die "Failed to generate sasldb2"
"${ROOT}/usr/sbin/saslpasswd2" -f "${ROOT}/etc/sasl2/sasldb2" -d login \
|| die "Failed to delete temp user"
chown root:mail "${ROOT}/etc/sasl2/sasldb2" \
|| die "Failed to chown ${ROOT}/etc/sasl2/sasldb2"
chmod 0640 "${ROOT}/etc/sasl2/sasldb2" \
|| die "Failed to chmod ${ROOT}/etc/sasl2/sasldb2"
fi
if use authdaemond ; then
elog "You need to add a user running a service using Courier's"
elog "authdaemon to the 'mail' group. For example, do:"
elog " gpasswd -a postfix mail"
elog "to add the 'postfix' user to the 'mail' group."
fi
elog "pwcheck and saslauthd home directories have moved to:"
elog " /run/saslauthd, using tmpfiles.d"
}

262
sdk_container/src/third_party/coreos-overlay/dev-libs/cyrus-sasl/cyrus-sasl-2.1.27-r3.ebuild vendored Normal file
View File

@ -0,0 +1,262 @@
# Copyright 1999-2020 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
EAPI=7
inherit eutils flag-o-matic multilib multilib-minimal autotools pam java-pkg-opt-2 db-use systemd
SASLAUTHD_CONF_VER="2.1.26"
DESCRIPTION="The Cyrus SASL (Simple Authentication and Security Layer)"
HOMEPAGE="https://www.cyrusimap.org/sasl/"
#SRC_URI="ftp://ftp.cyrusimap.org/cyrus-sasl/${P}.tar.gz"
SRC_URI="https://github.com/cyrusimap/${PN}/releases/download/${P}/${P}.tar.gz"
LICENSE="BSD-with-attribution"
SLOT="2"
KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~mips ppc ppc64 s390 sparc x86 ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
IUSE="authdaemond berkdb gdbm kerberos ldapdb libressl openldap mysql pam postgres sample selinux sqlite srp ssl static-libs urandom"
CDEPEND="
net-mail/mailbase
virtual/libcrypt:=
authdaemond? ( || ( net-mail/courier-imap mail-mta/courier ) )
berkdb? ( >=sys-libs/db-4.8.30-r1:=[${MULTILIB_USEDEP}] )
gdbm? ( >=sys-libs/gdbm-1.10-r1:=[${MULTILIB_USEDEP}] )
kerberos? ( >=virtual/krb5-0-r1[${MULTILIB_USEDEP}] )
openldap? ( >=net-nds/openldap-2.4.38-r1[${MULTILIB_USEDEP}] )
mysql? ( dev-db/mysql-connector-c:0=[${MULTILIB_USEDEP}] )
pam? ( >=sys-libs/pam-0-r1[${MULTILIB_USEDEP}] )
postgres? ( dev-db/postgresql:* )
sqlite? ( >=dev-db/sqlite-3.8.2:3[${MULTILIB_USEDEP}] )
ssl? (
!libressl? ( >=dev-libs/openssl-1.0.1h-r2:0=[${MULTILIB_USEDEP}] )
libressl? ( dev-libs/libressl:=[${MULTILIB_USEDEP}] )
)
java? ( >=virtual/jdk-1.6:= )"
REQUIRED_USE="ldapdb? ( openldap )"
RDEPEND="
${CDEPEND}
selinux? ( sec-policy/selinux-sasl )"
DEPEND="${CDEPEND}"
MULTILIB_WRAPPED_HEADERS=(
/usr/include/sasl/md5global.h
)
PATCHES=(
"${FILESDIR}/${PN}-2.1.27-avoid_pic_overwrite.patch"
"${FILESDIR}/${PN}-2.1.27-autotools_fixes.patch"
"${FILESDIR}/${PN}-2.1.27-as_needed.patch"
"${FILESDIR}/${PN}-2.1.25-auxprop.patch"
"${FILESDIR}/${PN}-2.1.27-gss_c_nt_hostbased_service.patch"
"${FILESDIR}/${PN}-2.1.26-missing-size_t.patch"
"${FILESDIR}/${PN}-2.1.27-doc_build_fix.patch"
"${FILESDIR}/${PN}-2.1.27-memmem.patch"
"${FILESDIR}/${PN}-2.1.27-CVE-2019-19906.patch"
# Flatcar:
"${FILESDIR}/${PN}-2.1.27-fix-cross-compiling.patch"
)
pkg_setup() {
java-pkg-opt-2_pkg_setup
}
src_prepare() {
default
# Get rid of the -R switch (runpath_switch for Sun)
# >=gcc-4.6 errors out with unknown option
sed -i -e '/LIB_SQLITE.*-R/s/ -R[^"]*//' \
configure.ac || die
# Use plugindir for sasldir
sed -i '/^sasldir =/s:=.*:= $(plugindir):' \
"${S}"/plugins/Makefile.{am,in} || die "sed failed"
# #486740 #468556
sed -i -e 's:AM_CONFIG_HEADER:AC_CONFIG_HEADERS:g' \
-e 's:AC_CONFIG_MACRO_DIR:AC_CONFIG_MACRO_DIRS:g' \
configure.ac || die
eautoreconf
}
src_configure() {
append-flags -fno-strict-aliasing
if [[ ${CHOST} == *-solaris* ]] ; then
# getpassphrase is defined in /usr/include/stdlib.h
append-cppflags -DHAVE_GETPASSPHRASE
else
# this horrendously breaks things on Solaris
append-cppflags -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED -D_BSD_SOURCE -DLDAP_DEPRECATED
fi
multilib-minimal_src_configure
}
multilib_src_configure() {
# Java support.
multilib_is_native_abi && use java && export JAVAC="${JAVAC} ${JAVACFLAGS}"
local myeconfargs=(
--enable-login
--enable-ntlm
--enable-auth-sasldb
--disable-cmulocal
--disable-krb4
--disable-macos-framework
--enable-otp
--without-sqlite
--with-saslauthd="${EPREFIX}"/run/saslauthd
--with-pwcheck="${EPREFIX}"/run/saslauthd
--with-configdir="${EPREFIX}"/etc/sasl2
--with-plugindir="${EPREFIX}"/usr/$(get_libdir)/sasl2
--with-dbpath="${EPREFIX}"/etc/sasl2/sasldb2
--with-sphinx-build=no
$(use_with ssl openssl)
$(use_with pam)
$(use_with openldap ldap)
$(use_enable ldapdb)
$(multilib_native_use_enable sample)
$(use_enable kerberos gssapi)
$(multilib_native_use_enable java)
$(multilib_native_use_with mysql mysql "${EPREFIX}"/usr)
$(multilib_native_use_with postgres pgsql "${EPREFIX}"/usr/$(get_libdir)/postgresql)
$(use_with sqlite sqlite3 "${EPREFIX}"/usr/$(get_libdir))
$(use_enable srp)
$(use_enable static-libs static)
# Add authdaemond support (bug #56523).
$(usex authdaemond --with-authdaemond="${EPREFIX}"/var/lib/courier/authdaemon/socket '')
# Fix for bug #59634.
$(usex ssl '' --without-des)
# Use /dev/urandom instead of /dev/random (bug #46038).
$(usex urandom --with-devrandom=/dev/urandom '')
)
if use sqlite || { multilib_is_native_abi && { use mysql || use postgres; }; } ; then
myeconfargs+=( --enable-sql )
else
myeconfargs+=( --disable-sql )
fi
# Default to GDBM if both 'gdbm' and 'berkdb' are present.
if use gdbm ; then
einfo "Building with GNU DB as database backend for your SASLdb"
myeconfargs+=( --with-dblib=gdbm )
elif use berkdb ; then
einfo "Building with BerkeleyDB as database backend for your SASLdb"
myeconfargs+=(
--with-dblib=berkeley
--with-bdb-incdir="$(db_includedir)"
)
else
einfo "Building without SASLdb support"
myeconfargs+=( --with-dblib=none )
fi
ECONF_SOURCE="${S}" econf "${myeconfargs[@]}"
}
multilib_src_compile() {
emake
# Default location for java classes breaks OpenOffice (bug #60769).
# Thanks to axxo@gentoo.org for the solution.
if multilib_is_native_abi && use java ; then
jar -cvf ${PN}.jar -C java $(find java -name "*.class")
fi
}
multilib_src_install() {
default
if multilib_is_native_abi; then
if use sample ; then
docinto sample
dodoc "${S}"/sample/*.c
exeinto /usr/share/doc/${P}/sample
doexe sample/client sample/server
fi
# Default location for java classes breaks OpenOffice (bug #60769).
if use java; then
java-pkg_dojar ${PN}.jar
java-pkg_regso "${ED}/usr/$(get_libdir)/libjavasasl$(get_libname)"
# hackish, don't wanna dig through makefile
rm -rf "${ED}/usr/$(get_libdir)/java" || die
docinto "java"
dodoc "${S}/java/README" "${FILESDIR}/java.README.gentoo" "${S}"/java/doc/*
dodir "/usr/share/doc/${PF}/java/Test"
insinto "/usr/share/doc/${PF}/java/Test"
doins "${S}"/java/Test/*.java
fi
dosbin saslauthd/testsaslauthd
fi
}
multilib_src_install_all() {
doman man/*
keepdir /etc/sasl2
# Reset docinto to default value (#674296)
docinto
dodoc AUTHORS ChangeLog doc/legacy/TODO
newdoc pwcheck/README README.pwcheck
newdoc docsrc/sasl/release-notes/$(ver_cut 1-2)/index.rst release-notes
edos2unix "${ED}/usr/share/doc/${PF}/release-notes"
docinto html
dodoc doc/html/*.html
newpamd "${FILESDIR}/saslauthd.pam-include" saslauthd
newinitd "${FILESDIR}/pwcheck.rc6" pwcheck
systemd_dounit "${FILESDIR}/pwcheck.service"
newinitd "${FILESDIR}/saslauthd2.rc7" saslauthd
newconfd "${FILESDIR}/saslauthd-${SASLAUTHD_CONF_VER}.conf" saslauthd
systemd_dounit "${FILESDIR}/saslauthd.service"
systemd_dotmpfilesd "${FILESDIR}/${PN}.conf"
# The get_modname bit is important: do not remove the .la files on
# platforms where the lib isn't called .so for cyrus searches the .la to
# figure out what the name is supposed to be instead
if ! use static-libs && [[ $(get_modname) == .so ]] ; then
find "${ED}" -name "*.la" -delete || die
fi
}
pkg_postinst() {
# Generate an empty sasldb2 with correct permissions.
if ( use berkdb || use gdbm ) && [[ ! -f "${EROOT}/etc/sasl2/sasldb2" ]] ; then
einfo "Generating an empty sasldb2 with correct permissions ..."
echo "p" | "${EROOT}/usr/sbin/saslpasswd2" -f "${EROOT}/etc/sasl2/sasldb2" -p login \
|| die "Failed to generate sasldb2"
"${EROOT}/usr/sbin/saslpasswd2" -f "${EROOT}/etc/sasl2/sasldb2" -d login \
|| die "Failed to delete temp user"
chown root:mail "${EROOT}/etc/sasl2/sasldb2" \
|| die "Failed to chown ${EROOT}/etc/sasl2/sasldb2"
chmod 0640 "${EROOT}/etc/sasl2/sasldb2" \
|| die "Failed to chmod ${EROOT}/etc/sasl2/sasldb2"
fi
if use authdaemond ; then
elog "You need to add a user running a service using Courier's"
elog "authdaemon to the 'mail' group. For example, do:"
elog " gpasswd -a postfix mail"
elog "to add the 'postfix' user to the 'mail' group."
fi
elog "pwcheck and saslauthd home directories have moved to:"
elog " /run/saslauthd, using tmpfiles.d"
}

30
sdk_container/src/third_party/coreos-overlay/dev-libs/cyrus-sasl/files/cyrus-sasl-0001_versioned_symbols.patch vendored
View File

@ -1,30 +0,0 @@
Author: Fabian Fagerholm <fabbe@debian.org>
Use versioned symbols for libsasl2.
diff --git a/lib/Makefile.am b/lib/Makefile.am
index e09fe6e..e74c507 100644
--- a/lib/Makefile.am
+++ b/lib/Makefile.am
@@ -61,8 +61,8 @@ LIB_DOOR= @LIB_DOOR@
lib_LTLIBRARIES = libsasl2.la
libsasl2_la_SOURCES = $(common_sources) $(common_headers)
-libsasl2_la_LDFLAGS = -version-info $(sasl_version)
-libsasl2_la_DEPENDENCIES = $(LTLIBOBJS)
+libsasl2_la_LDFLAGS = -version-info $(sasl_version) -Wl,--version-script=$(top_srcdir)/Versions
+libsasl2_la_DEPENDENCIES = $(LTLIBOBJS) $(top_srcdir)/Versions
libsasl2_la_LIBADD = $(LTLIBOBJS) $(SASL_DL_LIB) $(LIB_SOCKET) $(LIB_DOOR) $(LIB_CRYPT)
if MACOSX
new file mode 100644
index 0000000..ff7190d
--- /dev/null
+++ b/Versions
@@ -0,0 +1,6 @@
+SASL2 {
+ global:
+ sasl_*; prop_*; auxprop_plugin_info; _sasl_MD5*;
+};
+
+HIDDEN { local: __*; _rest*; _save*; *; };

26
sdk_container/src/third_party/coreos-overlay/dev-libs/cyrus-sasl/files/cyrus-sasl-0002_testsuite.patch vendored
View File

@ -1,26 +0,0 @@
Author: Fabian Fagerholm <fabbe@debian.org>
Description: Rename the testsuite program to sasltestsuite and use /etc/sasldb2
instead of ./sasldb as default path for the sasldb database file.
--- trunk.orig/utils/testsuite.c
+++ trunk/utils/testsuite.c
@@ -464,9 +464,9 @@
*len = (unsigned) strlen("sasldb");
return SASL_OK;
} else if (!strcmp(option, "sasldb_path")) {
- *result = "./sasldb";
+ *result = "/etc/sasldb2";
if (len)
- *len = (unsigned) strlen("./sasldb");
+ *len = (unsigned) strlen("/etc/sasldb2");
return SASL_OK;
} else if (!strcmp(option, "canon_user_plugin")) {
*result = cu_plugin;
@@ -2925,7 +2925,7 @@
void usage(void)
{
printf("Usage:\n" \
- " testsuite [-g name] [-s seed] [-r tests] -a -M\n" \
+ " sasltestsuite [-g name] [-s seed] [-r tests] -a -M\n" \
" g -- gssapi service name to use (default: host)\n" \
" r -- # of random tests to do (default: 25)\n" \
" a -- do all corruption tests (and ignores random ones unless -r specified)\n" \

25
sdk_container/src/third_party/coreos-overlay/dev-libs/cyrus-sasl/files/cyrus-sasl-0006_library_mutexes.patch vendored
View File

@ -1,25 +0,0 @@
Author: Fabian Fagerholm <fabbe@debian.org>
Description: Exact description unknown; make sure mutex-related code works.
--- trunk.orig/lib/common.c
+++ trunk/lib/common.c
@@ -771,7 +771,7 @@
result = sasl_canonuser_add_plugin("INTERNAL", internal_canonuser_init);
if(result != SASL_OK) return result;
- if (!free_mutex)
+ if (!free_mutex || free_mutex == 0x1)
free_mutex = sasl_MUTEX_ALLOC();
if (!free_mutex) return SASL_FAIL;
@@ -790,6 +790,11 @@
/* serialize disposes. this is necessary because we can't
dispose of conn->mutex if someone else is locked on it */
+
+ if (!free_mutex || free_mutex == 0x1)
+ free_mutex = sasl_MUTEX_ALLOC();
+ if (!free_mutex) return SASL_FAIL;
+
result = sasl_MUTEX_LOCK(free_mutex);
if (result!=SASL_OK) return;

67
sdk_container/src/third_party/coreos-overlay/dev-libs/cyrus-sasl/files/cyrus-sasl-0008_one_time_sasl_set_alloc.patch vendored
View File

@ -1,67 +0,0 @@
Author: Fabian Fagerholm <fabbe@debian.org>
Description: Make sasl_set_alloc a one-time function.
This patch will divert all allocations to whomever called
sasl_set_alloc first, hopefully that will be the application. If
not, we sure *hope* the library doing stupid things has sane
sasl_set_alloc semantics...
It will also deny any futher tries to sasl_set_alloc after one
of the _init functions are called.
This patch was introduced and works fine in SASL 1.5, and no
applications started behaving in insane ways, so chances are it
will also work with SASL 2.1
Reference: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=139568
Reference: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=274087
Reference: https://bugzilla.andrew.cmu.edu/show_bug.cgi?id=2525
--- trunk.orig/lib/client.c
+++ trunk/lib/client.c
@@ -202,6 +202,9 @@
{ NULL, NULL }
};
+ /* lock allocation type */
+ _sasl_allocation_locked++;
+
if(_sasl_client_active) {
/* We're already active, just increase our refcount */
/* xxx do something with the callback structure? */
--- trunk.orig/lib/common.c
+++ trunk/lib/common.c
@@ -107,6 +107,7 @@
(sasl_realloc_t *) &realloc,
(sasl_free_t *) &free
};
+int _sasl_allocation_locked = 0;
#define SASL_ENCODEV_EXTRA 4096
@@ -637,6 +638,8 @@
sasl_realloc_t *r,
sasl_free_t *f)
{
+ if (_sasl_allocation_locked++) return;
+
_sasl_allocation_utils.malloc=m;
_sasl_allocation_utils.calloc=c;
_sasl_allocation_utils.realloc=r;
--- trunk.orig/lib/saslint.h
+++ trunk/lib/saslint.h
@@ -300,6 +300,7 @@
extern sasl_allocation_utils_t _sasl_allocation_utils;
extern sasl_mutex_utils_t _sasl_mutex_utils;
+extern int _sasl_allocation_locked;
/*
* checkpw.c
--- trunk.orig/lib/server.c
+++ trunk/lib/server.c
@@ -698,6 +698,9 @@
{ NULL, NULL }
};
+ /* lock allocation type */
+ _sasl_allocation_locked++;
+
/* we require the appname (if present) to be short enough to be a path */
if (appname != NULL && strlen(appname) >= PATH_MAX)
return SASL_BADPARAM;

13
sdk_container/src/third_party/coreos-overlay/dev-libs/cyrus-sasl/files/cyrus-sasl-0010_maintainer_mode.patch vendored
View File

@ -1,13 +0,0 @@
Author: Fabian Fagerholm <fabbe@debian.org>
Description: Enable maintainer mode to avoid auto* problems.
--- trunk.orig/configure.in
+++ trunk/configure.in
@@ -62,6 +62,8 @@
AM_INIT_AUTOMAKE(cyrus-sasl, 2.1.23)
CMU_INIT_AUTOMAKE
+AM_MAINTAINER_MODE
+
# and include our config dir scripts
ACLOCAL="$ACLOCAL -I \$(top_srcdir)/config"

12
sdk_container/src/third_party/coreos-overlay/dev-libs/cyrus-sasl/files/cyrus-sasl-0011_saslauthd_ac_prog_libtool.patch vendored
View File

@ -1,12 +0,0 @@
Author: Fabian Fagerholm <fabbe@debian.org>
Description: Enable libtool use.
--- trunk.orig/saslauthd/configure.in
+++ trunk/saslauthd/configure.in
@@ -25,6 +25,7 @@
AC_PROG_MAKE_SET
AC_PROG_LN_S
AC_PROG_INSTALL
+AC_PROG_LIBTOOL
dnl Checks for build foo
CMU_C___ATTRIBUTE__

15
sdk_container/src/third_party/coreos-overlay/dev-libs/cyrus-sasl/files/cyrus-sasl-0012_xopen_crypt_prototype.patch vendored
View File

@ -1,15 +0,0 @@
Author: Dann Frazier <dannf@debian.org>
Description: When _XOPEN_SOURCE is defined, the subsequent #include <unistd.h>
will define a correct function prototype for the crypt function. This avoids
segfaults on architectures where the size of a pointer is greater than the size
of an integer (ia64 and amd64 are examples). This may be detected by looking
for build log lines such as the following:
auth_shadow.c:183: warning: implicit declaration of function crypt
auth_shadow.c:183: warning: cast to pointer from integer of different size
--- trunk.orig/saslauthd/auth_shadow.c
+++ trunk/saslauthd/auth_shadow.c
@@ -1,3 +1,4 @@
+#define _XOPEN_SOURCE
#define PWBUFSZ 256 /***SWB***/
/* MODULE: auth_shadow */

24
sdk_container/src/third_party/coreos-overlay/dev-libs/cyrus-sasl/files/cyrus-sasl-0016_pid_file_lock_creation_mask.patch vendored
View File

@ -1,24 +0,0 @@
Author: Sam Hocevar <sam@zoy.org>
Description: pid_file_lock is created with a mask of 644 instead of 0644. This
patch fixes this octal/decimal confusion as well as the (harmless) one in the
previous umask() call.
--- trunk.orig/saslauthd/saslauthd-main.c
+++ trunk/saslauthd/saslauthd-main.c
@@ -276,7 +276,7 @@
exit(1);
}
- umask(077);
+ umask(0077);
pid_file_size = strlen(run_path) + sizeof(PID_FILE_LOCK) + 1;
if ((pid_file_lock = malloc(pid_file_size)) == NULL) {
@@ -287,7 +287,7 @@
strlcpy(pid_file_lock, run_path, pid_file_size);
strlcat(pid_file_lock, PID_FILE_LOCK, pid_file_size);
- if ((pid_file_lock_fd = open(pid_file_lock, O_CREAT|O_TRUNC|O_RDWR, 644)) < 0) {
+ if ((pid_file_lock_fd = open(pid_file_lock, O_CREAT|O_TRUNC|O_RDWR, 0644)) < 0) {
rc = errno;
logger(L_ERR, L_FUNC, "could not open pid lock file: %s", pid_file_lock);
logger(L_ERR, L_FUNC, "open: %s", strerror(rc));

38
sdk_container/src/third_party/coreos-overlay/dev-libs/cyrus-sasl/files/cyrus-sasl-0026_drop_krb5support_dependency.patch vendored
View File

@ -1,38 +0,0 @@
Author: Roberto C. Sanchez <roberto@connexer.com>
Description: Drop gratuitous dependency on krb5support
--- trunk.orig/aclocal.m4
+++ trunk/aclocal.m4
@@ -2924,9 +2924,6 @@
fi
if test "$gss_impl" = "auto" -o "$gss_impl" = "mit"; then
- # check for libkrb5support first
- AC_CHECK_LIB(krb5support,krb5int_getspecific,K5SUP=-lkrb5support K5SUPSTATIC=$gssapi_dir/libkrb5support.a,,${LIB_SOCKET})
-
gss_failed=0
AC_CHECK_LIB(gssapi_krb5,gss_unwrap,gss_impl="mit",gss_failed=1,
${GSSAPIBASE_LIBS} -lgssapi_krb5 -lkrb5 -lk5crypto -lcom_err ${K5SUP} ${LIB_SOCKET})
--- trunk.orig/cmulocal/sasl2.m4
+++ trunk/cmulocal/sasl2.m4
@@ -110,9 +110,6 @@
fi
if test "$gss_impl" = "auto" -o "$gss_impl" = "mit"; then
- # check for libkrb5support first
- AC_CHECK_LIB(krb5support,krb5int_getspecific,K5SUP=-lkrb5support K5SUPSTATIC=$gssapi_dir/libkrb5support.a,,${LIB_SOCKET})
-
gss_failed=0
AC_CHECK_LIB(gssapi_krb5,gss_unwrap,gss_impl="mit",gss_failed=1,
${GSSAPIBASE_LIBS} -lgssapi_krb5 -lkrb5 -lk5crypto -lcom_err ${K5SUP} ${LIB_SOCKET})
--- trunk.orig/saslauthd/aclocal.m4
+++ trunk/saslauthd/aclocal.m4
@@ -1333,9 +1333,6 @@
fi
if test "$gss_impl" = "auto" -o "$gss_impl" = "mit"; then
- # check for libkrb5support first
- AC_CHECK_LIB(krb5support,krb5int_getspecific,K5SUP=-lkrb5support K5SUPSTATIC=$gssapi_dir/libkrb5support.a,,${LIB_SOCKET})
-
gss_failed=0
AC_CHECK_LIB(gssapi_krb5,gss_unwrap,gss_impl="mit",gss_failed=1,
${GSSAPIBASE_LIBS} -lgssapi_krb5 -lkrb5 -lk5crypto -lcom_err ${K5SUP} ${LIB_SOCKET})

15
sdk_container/src/third_party/coreos-overlay/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.17-pgsql-include.patch vendored
View File

@ -1,15 +0,0 @@
Fix include path for newer PostgreSQL versions
--- configure.in
+++ configure.in
@@ -674,7 +674,9 @@
LIB_PGSQL_DIR=$LIB_PGSQL
LIB_PGSQL="$LIB_PGSQL -lpq"
- if test -d ${with_pgsql}/include/pgsql; then
+ if test -d ${with_pgsql}/include/postgresql/pgsql; then
+ CPPFLAGS="${CPPFLAGS} -I${with_pgsql}/include/postgresql/pgsql"
+ elif test -d ${with_pgsql}/include/pgsql; then
CPPFLAGS="${CPPFLAGS} -I${with_pgsql}/include/pgsql"
elif test -d ${with_pgsql}/pgsql/include; then
CPPFLAGS="${CPPFLAGS} -I${with_pgsql}/pgsql/include"

172
sdk_container/src/third_party/coreos-overlay/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.19-checkpw.c.patch vendored
View File

@ -1,172 +0,0 @@
Support for crypted passwords
http://bugs.gentoo.org/45181
--- cyrus-sasl-2.1.19/lib/Makefile.in
+++ cyrus-sasl-2.1.19/lib/Makefile.in
@@ -120,7 +120,7 @@
JAVA_TRUE = @JAVA_TRUE@
LDFLAGS = @LDFLAGS@
LIBOBJS = @LIBOBJS@
-LIBS = @LIBS@
+LIBS = -lcrypt @LIBS@
LIBTOOL = @LIBTOOL@
LIB_CRYPT = @LIB_CRYPT@
LIB_DES = @LIB_DES@
--- cyrus-sasl-2.1.19/lib/checkpw.c
+++ cyrus-sasl-2.1.19/lib/checkpw.c
@@ -94,6 +94,23 @@
# endif
#endif
+/******************************
+ * crypt(3) patch start *
+ ******************************/
+char *crypt(const char *key, const char *salt);
+
+/* cleartext password formats */
+#define PASSWORD_FORMAT_CLEARTEXT 1
+#define PASSWORD_FORMAT_CRYPT 2
+#define PASSWORD_FORMAT_CRYPTTRAD 3
+#define PASSWORD_SALT_BUF_LEN 22
+
+/* weeds out crypt(3) password's salt */
+int _sasl_get_salt (char *dest, char *src, int format);
+
+/******************************
+ * crypt(3) patch stop *
+ ******************************/
/* we store the following secret to check plaintext passwords:
*
@@ -143,7 +160,51 @@
"*cmusaslsecretPLAIN",
NULL };
struct propval auxprop_values[3];
-
+
+ /******************************
+ * crypt(3) patch start *
+ * for password format check *
+ ******************************/
+ sasl_getopt_t *getopt;
+ void *context;
+ const char *p = NULL;
+ /**
+ * MD5: 12 char salt
+ * BLOWFISH: 16 char salt
+ */
+ char salt[PASSWORD_SALT_BUF_LEN];
+ int password_format;
+
+ /* get password format from auxprop configuration */
+ if (_sasl_getcallback(conn, SASL_CB_GETOPT, &getopt, &context) == SASL_OK) {
+ getopt(context, NULL, "password_format", &p, NULL);
+ }
+
+ /* set password format */
+ if (p) {
+ /*
+ memset(pass_format_str, '\0', PASSWORD_FORMAT_STR_LEN);
+ strncpy(pass_format_str, p, (PASSWORD_FORMAT_STR_LEN - 1));
+ */
+ /* modern, modular crypt(3) */
+ if (strncmp(p, "crypt", 11) == 0)
+ password_format = PASSWORD_FORMAT_CRYPT;
+ /* traditional crypt(3) */
+ else if (strncmp(p, "crypt_trad", 11) == 0)
+ password_format = PASSWORD_FORMAT_CRYPTTRAD;
+ /* cleartext password */
+ else
+ password_format = PASSWORD_FORMAT_CLEARTEXT;
+ } else {
+ /* cleartext password */
+ password_format = PASSWORD_FORMAT_CLEARTEXT;
+ }
+
+ /******************************
+ * crypt(3) patch stop *
+ * for password format check *
+ ******************************/
+
if (!conn || !userstr)
return SASL_BADPARAM;
@@ -180,14 +241,31 @@
goto done;
}
- /* At the point this has been called, the username has been canonified
- * and we've done the auxprop lookup. This should be easy. */
- if(auxprop_values[0].name
- && auxprop_values[0].values
- && auxprop_values[0].values[0]
- && !strcmp(auxprop_values[0].values[0], passwd)) {
- /* We have a plaintext version and it matched! */
- return SASL_OK;
+
+ /******************************
+ * crypt(3) patch start *
+ ******************************/
+
+ /* get salt */
+ _sasl_get_salt(salt, (char *) auxprop_values[0].values[0], password_format);
+
+ /* crypt(3)-ed password? */
+ if (password_format != PASSWORD_FORMAT_CLEARTEXT) {
+ /* compare password */
+ if (auxprop_values[0].name && auxprop_values[0].values && auxprop_values[0].values[0] && strcmp(crypt(passwd, salt), auxprop_values[0].values[0]) == 0)
+ return SASL_OK;
+ else
+ ret = SASL_BADAUTH;
+ }
+ else if (password_format == PASSWORD_FORMAT_CLEARTEXT) {
+ /* compare passwords */
+ if (auxprop_values[0].name && auxprop_values[0].values && auxprop_values[0].values[0] && strcmp(auxprop_values[0].values[0], passwd) == 0)
+ return SASL_OK;
+ else
+ ret = SASL_BADAUTH;
+ /******************************
+ * crypt(3) patch stop *
+ ******************************/
} else if(auxprop_values[1].name
&& auxprop_values[1].values
&& auxprop_values[1].values[0]) {
@@ -975,3 +1053,37 @@
#endif
{ NULL, NULL }
};
+
+/* weeds out crypt(3) password's salt */
+int _sasl_get_salt (char *dest, char *src, int format) {
+ int num; /* how many characters is salt long? */
+ switch (format) {
+ case PASSWORD_FORMAT_CRYPT:
+ /* md5 crypt */
+ if (src[1] == '1')
+ num = 12;
+ /* blowfish crypt */
+ else if (src[1] == '2')
+ num = (src[1] == '2' && src[2] == 'a') ? 17 : 16;
+ /* traditional crypt */
+ else
+ num = 2;
+ break;
+
+ case PASSWORD_FORMAT_CRYPTTRAD:
+ num = 2;
+ break;
+
+ default:
+ return 1;
+ }
+
+ /* destroy destination */
+ memset(dest, '\0', (num + 1));
+
+ /* copy salt to destination */
+ strncpy(dest, src, num);
+
+ return 1;
+}
+

39
sdk_container/src/third_party/coreos-overlay/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.21-keytab.patch vendored
View File

@ -1,39 +0,0 @@
diff -u -r cyrus-sasl-2.1.21-orig/cmulocal/sasl2.m4 cyrus-sasl-2.1.21/cmulocal/sasl2.m4
--- cyrus-sasl-2.1.21-orig/cmulocal/sasl2.m4 2006-08-01 08:29:59.000000000 +0200
+++ cyrus-sasl-2.1.21/cmulocal/sasl2.m4 2006-08-01 08:31:32.000000000 +0200
@@ -257,7 +257,21 @@
cmu_save_LIBS="$LIBS"
LIBS="$LIBS $GSSAPIBASE_LIBS"
- AC_CHECK_FUNCS(gsskrb5_register_acceptor_identity)
+ dnl AC_CHECK_FUNCS(gsskrb5_register_acceptor_identity)
+ AC_CHECK_HEADER(gssapi/gssapi_krb5.h, AC_DEFINE(HAVE_GSSAPI_GSSAPI_KRB5_H,,[Define if you have the gssapi/gssapi_krb5.h header file]))
+ AC_LINK_IFELSE([AC_LANG_PROGRAM([[
+#ifdef HAVE_GSSAPI_H
+#include <gssapi.h>
+#else
+#include <gssapi/gssapi.h>
+#endif
+#ifdef HAVE_GSSAPI_GSSAPI_KRB5_H
+#include <gssapi/gssapi_krb5.h>
+#endif
+]],[[gsskrb5_register_acceptor_identity("");]])
+],[AC_DEFINE(HAVE_GSSKRB5_REGISTER_ACCEPTOR_IDENTITY,,
+ [Define if your GSSAPI implimentation defines GSSKRB5_REGISTER_ACCEPTOR_IDENTITY])
+])
LIBS="$cmu_save_LIBS"
else
AC_MSG_RESULT([disabled])
diff -u -r cyrus-sasl-2.1.21-orig/plugins/gssapi.c cyrus-sasl-2.1.21/plugins/gssapi.c
--- cyrus-sasl-2.1.21-orig/plugins/gssapi.c 2004-07-21 16:39:06.000000000 +0200
+++ cyrus-sasl-2.1.21/plugins/gssapi.c 2006-08-01 08:30:26.000000000 +0200
@@ -50,6 +50,9 @@
#else
#include <gssapi/gssapi.h>
#endif
+#ifdef HAVE_GSSAPI_GSSAPI_KRB5_H
+#include <gssapi/gssapi_krb5.h>
+#endif
#ifdef WIN32
# include <winsock2.h>

11
sdk_container/src/third_party/coreos-overlay/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.22-as-needed.patch vendored
View File

@ -1,11 +0,0 @@
--- saslauthd/configure.in.orig 2006-05-23 15:53:17.000000000 -0700
+++ saslauthd/configure.in 2006-05-23 15:53:33.000000000 -0700
@@ -77,7 +77,7 @@
AC_DEFINE(AUTH_SASLDB,[],[Include SASLdb Support])
SASL_DB_PATH_CHECK()
SASL_DB_CHECK()
- SASL_DB_LIB="$SASL_DB_LIB ../sasldb/.libs/libsasldb.al"
+ SASL_DB_LIB="../sasldb/.libs/libsasldb.a $SASL_DB_LIB"
fi
AC_ARG_ENABLE(httpform, [ --enable-httpform enable HTTP form authentication [[no]] ],

71
sdk_container/src/third_party/coreos-overlay/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.22-crypt.patch vendored
View File

@ -1,71 +0,0 @@
http://bugs.gentoo.org/152544
--- cyrus-sasl-2.1.22/lib/Makefile.am
+++ cyrus-sasl-2.1.22/lib/Makefile.am
@@ -45,6 +45,7 @@ sasl_version = 2:22:0
INCLUDES=-I$(top_srcdir)/include -I$(top_srcdir)/plugins -I$(top_builddir)/include -I$(top_srcdir)/sasldb
+AM_CFLAGS = -fPIC
EXTRA_DIST = windlopen.c staticopen.h NTMakefile
EXTRA_LIBRARIES = libsasl2.a
noinst_LIBRARIES = @SASL_STATIC_LIBS@
--- cyrus-sasl-2.1.22/plugins/Makefile.am
+++ cyrus-sasl-2.1.22/plugins/Makefile.am
@@ -63,6 +63,7 @@ srp_version = 2:22:0
INCLUDES=-I$(top_srcdir)/include -I$(top_srcdir)/lib -I$(top_srcdir)/sasldb -I$(top_builddir)/include
AM_LDFLAGS = -module -export-dynamic -rpath $(plugindir)
+AM_CFLAGS = -fPIC
COMPAT_OBJS = @LTGETADDRINFOOBJS@ @LTGETNAMEINFOOBJS@ @LTSNPRINTFOBJS@
--- cyrus-sasl-2.1.22/sasldb/Makefile.am
+++ cyrus-sasl-2.1.22/sasldb/Makefile.am
@@ -48,6 +48,7 @@ INCLUDES=-I$(top_srcdir)/include -I$(top
extra_common_sources = db_none.c db_ndbm.c db_gdbm.c db_berkeley.c
+AM_CFLAGS = -fPIC
EXTRA_DIST = NTMakefile
noinst_LTLIBRARIES = libsasldb.la
--- cyrus-sasl-2.1.22/utils/Makefile.am
+++ cyrus-sasl-2.1.22/utils/Makefile.am
@@ -42,7 +42,7 @@
#
################################################################
-all_sasl_libs = ../lib/libsasl2.la $(SASL_DB_LIB) $(LIB_SOCKET)
+all_sasl_libs = ../lib/libsasl2.la $(SASL_DB_LIB) $(LIB_SOCKET) $(LIB_CRYPT)
all_sasl_static_libs = ../lib/.libs/libsasl2.a $(SASL_DB_LIB) $(LIB_SOCKET) $(GSSAPIBASE_LIBS) $(GSSAPI_LIBS) $(SASL_KRB_LIB) $(LIB_DES) $(PLAIN_LIBS) $(SRP_LIBS) $(LIB_MYSQL) $(LIB_PGSQL) $(LIB_SQLITE)
sbin_PROGRAMS = @SASL_DB_UTILS@ @SMTPTEST_PROGRAM@ pluginviewer
--- cyrus-sasl-2.1.22/sample/Makefile.am
+++ cyrus-sasl-2.1.22/sample/Makefile.am
@@ -54,10 +54,10 @@ sample_server_SOURCES = sample-server.c
server_SOURCES = server.c common.c common.h
client_SOURCES = client.c common.c common.h
-server_LDADD = ../lib/libsasl2.la $(LIB_SOCKET)
-client_LDADD = ../lib/libsasl2.la $(LIB_SOCKET)
+server_LDADD = ../lib/libsasl2.la $(LIB_SOCKET) $(LIB_CRYPT)
+client_LDADD = ../lib/libsasl2.la $(LIB_SOCKET) $(LIB_CRYPT)
-sample_client_LDADD = ../lib/libsasl2.la $(LIB_SOCKET)
-sample_server_LDADD = ../lib/libsasl2.la $(LIB_SOCKET)
+sample_client_LDADD = ../lib/libsasl2.la $(LIB_SOCKET) $(LIB_CRYPT)
+sample_server_LDADD = ../lib/libsasl2.la $(LIB_SOCKET) $(LIB_CRYPT)
EXTRA_DIST = NTMakefile
--- cyrus-sasl-2.1.22/lib/Makefile.am
+++ cyrus-sasl-2.1.22/lib/Makefile.am
@@ -63,7 +63,7 @@ lib_LTLIBRARIES = libsasl2.la
libsasl2_la_SOURCES = $(common_sources) $(common_headers)
libsasl2_la_LDFLAGS = -version-info $(sasl_version)
libsasl2_la_DEPENDENCIES = $(LTLIBOBJS)
-libsasl2_la_LIBADD = $(LTLIBOBJS) $(SASL_DL_LIB) $(LIB_SOCKET) $(LIB_DOOR)
+libsasl2_la_LIBADD = $(LTLIBOBJS) $(SASL_DL_LIB) $(LIB_SOCKET) $(LIB_DOOR) $(LIB_CRYPT)
if MACOSX
framedir = /Library/Frameworks/SASL2.framework

24
sdk_container/src/third_party/coreos-overlay/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.22-gcc44.patch vendored
View File

@ -1,24 +0,0 @@
fix warnings with gcc-4.4
http://bugs.gentoo.org/248738
--- cyrus-sasl-2.1.22/plugins/digestmd5.c
+++ cyrus-sasl-2.1.22/plugins/digestmd5.c
@@ -2715,7 +2715,7 @@ static sasl_server_plug_t digestmd5_serv
"DIGEST-MD5", /* mech_name */
#ifdef WITH_RC4
128, /* max_ssf */
-#elif WITH_DES
+#elif defined(WITH_DES)
112,
#else
1,
@@ -4034,7 +4034,7 @@ static sasl_client_plug_t digestmd5_clie
"DIGEST-MD5",
#ifdef WITH_RC4 /* mech_name */
128, /* max ssf */
-#elif WITH_DES
+#elif defined(WITH_DES)
112,
#else
1,

22
sdk_container/src/third_party/coreos-overlay/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.22-qa.patch vendored
View File

@ -1,22 +0,0 @@
fix missing prototype warnings
--- cyrus-sasl-2.1.22/lib/auxprop.c
+++ cyrus-sasl-2.1.22/lib/auxprop.c
@@ -43,6 +43,7 @@
*/
#include <config.h>
+#include <stdio.h>
#include <sasl.h>
#include <prop.h>
#include <ctype.h>
--- cyrus-sasl-2.1.22/pwcheck/pwcheck_getspnam.c
+++ cyrus-sasl-2.1.22/pwcheck/pwcheck_getspnam.c
@@ -24,6 +24,7 @@ OF OR IN CONNECTION WITH THE USE OR PERF
******************************************************************/
#include <shadow.h>
+#include <string.h>
extern char *crypt();

23
sdk_container/src/third_party/coreos-overlay/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.23+db-5.0.patch vendored
View File

@ -1,23 +0,0 @@
--- sasldb/db_berkeley.c.orig 2010-10-04 21:11:15.044010468 -0400
+++ sasldb/db_berkeley.c 2010-10-04 21:12:18.921998718 -0400
@@ -100,7 +100,7 @@
ret = db_create(mbdb, NULL, 0);
if (ret == 0 && *mbdb != NULL)
{
-#if DB_VERSION_MAJOR == 4 && DB_VERSION_MINOR >= 1
+#if (DB_VERSION_MAJOR == 4 && DB_VERSION_MINOR >= 1) || DB_VERSION_MAJOR >= 5
ret = (*mbdb)->open(*mbdb, NULL, path, NULL, DB_HASH, flags, 0660);
#else
ret = (*mbdb)->open(*mbdb, path, NULL, DB_HASH, flags, 0660);
--- utils/dbconverter-2.c.orig 2010-10-04 21:23:39.778000256 -0400
+++ utils/dbconverter-2.c 2010-10-04 21:24:50.384999893 -0400
@@ -214,7 +214,7 @@
ret = db_create(mbdb, NULL, 0);
if (ret == 0 && *mbdb != NULL)
{
-#if DB_VERSION_MAJOR == 4 && DB_VERSION_MINOR >= 1
+#if (DB_VERSION_MAJOR == 4 && DB_VERSION_MINOR >= 1) || DB_VERSION_MAJOR >= 5
ret = (*mbdb)->open(*mbdb, NULL, path, NULL, DB_HASH, DB_CREATE, 0664);
#else
ret = (*mbdb)->open(*mbdb, path, NULL, DB_HASH, DB_CREATE, 0664);

104
sdk_container/src/third_party/coreos-overlay/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.23-CVE-2013-4122.patch vendored
View File

@ -1,104 +0,0 @@
From 0626e86d2e1d0be63a56918371a15d98cfad19d1 Mon Sep 17 00:00:00 2001
From: mancha <mancha1@hush.com>
Date: Tue, 9 Jul 2013
Subject: Handle NULL returns from glibc 2.17+ crypt().
Starting with glibc 2.17 (eglibc 2.17), crypt() fails with EINVAL
(w/ NULL return) if the salt violates specifications. Additionally,
on FIPS-140 enabled Linux systems, DES/MD5-encrypted passwords
passed to crypt() fail with EPERM (w/ NULL return).
When using glibc's crypt(), check return value to avoid a possible
NULL pointer dereference.
---
pwcheck/pwcheck_getpwnam.c | 3 ++-
pwcheck/pwcheck_getspnam.c | 3 ++-
saslauthd/auth_getpwent.c | 3 ++-
saslauthd/auth_shadow.c | 7 ++-----
4 files changed, 8 insertions(+), 8 deletions(-)
--- a/pwcheck/pwcheck_getpwnam.c
+++ b/pwcheck/pwcheck_getpwnam.c
@@ -32,6 +32,7 @@ extern char *crypt();
char *password;
{
char* r;
+ char* crpt_passwd;
struct passwd *pwd;
pwd = getpwnam(userid);
@@ -41,7 +42,7 @@ char *password;
else if (pwd->pw_passwd[0] == '*') {
r = "Account disabled";
}
- else if (strcmp(pwd->pw_passwd, crypt(password, pwd->pw_passwd)) != 0) {
+ else if (!(crpt_passwd = crypt(password, pwd->pw_passwd)) || strcmp(pwd->pw_passwd, (const char *)crpt_passwd) != 0) {
r = "Incorrect password";
}
else {
--- a/saslauthd/auth_getpwent.c
+++ b/saslauthd/auth_getpwent.c
@@ -70,6 +70,7 @@ auth_getpwent (
{
/* VARIABLES */
struct passwd *pw; /* pointer to passwd file entry */
+ char *crpt_passwd; /* encrypted password */
/* END VARIABLES */
pw = getpwnam(login);
@@ -79,7 +80,7 @@ auth_getpwent (
RETURN("NO");
}
- if (strcmp(pw->pw_passwd, (const char *)crypt(password, pw->pw_passwd))) {
+ if (!(crpt_passwd = crypt(password, pw->pw_passwd)) || strcmp(pw->pw_passwd, (const char *)crpt_passwd)) {
RETURN("NO");
}
--- a/saslauthd/auth_shadow.c
+++ b/saslauthd/auth_shadow.c
@@ -180,16 +180,13 @@ auth_shadow (
* not returning any information about a login until we have validated
* the password.
*/
- cpw = strdup((const char *)crypt(password, sp->sp_pwdp));
- if (strcmp(sp->sp_pwdp, cpw)) {
+ if (!(cpw = crypt(password, sp->sp_pwdp)) || strcmp(sp->sp_pwdp, (const char *)cpw)) {
if (flags & VERBOSE) {
syslog(LOG_DEBUG, "DEBUG: auth_shadow: pw mismatch: '%s' != '%s'",
sp->sp_pwdp, cpw);
}
- free(cpw);
RETURN("NO");
}
- free(cpw);
/*
* The following fields will be set to -1 if:
@@ -251,7 +250,7 @@ auth_shadow (
RETURN("NO");
}
- if (strcmp(upw->upw_passwd, crypt(password, upw->upw_passwd)) != 0) {
+ if (!(cpw = crypt(password, upw->upw_passwd)) || (strcmp(upw->upw_passwd, (const char *)cpw) != 0)) {
if (flags & VERBOSE) {
syslog(LOG_DEBUG, "auth_shadow: pw mismatch: %s != %s",
password, upw->upw_passwd);
--- a/pwcheck/pwcheck_getspnam.c 2013-07-14 08:05:00.000000000 +0000
+++ b/pwcheck/pwcheck_getspnam.c 2013-07-14 08:06:10.958815179 +0000
@@ -32,13 +33,14 @@
char *password;
{
struct spwd *pwd;
+ char *crpt_passwd;
pwd = getspnam(userid);
if (!pwd) {
return "Userid not found";
}
- if (strcmp(pwd->sp_pwdp, crypt(password, pwd->sp_pwdp)) != 0) {
+ if (!(crpt_passwd = crypt(password, pwd->sp_pwdp)) || strcmp(pwd->sp_pwdp, (const char *)crpt_passwd) != 0) {
return "Incorrect password";
}
else {

28
sdk_container/src/third_party/coreos-overlay/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.23-authd-fix.patch vendored
View File

@ -1,28 +0,0 @@
fix warnings:
auth_sasldb.c: In function auth_sasldb:
auth_sasldb.c:144: warning: implicit declaration of function gethostname
auth_sasldb.c:153: warning: passing argument 8 of _sasldb_getdata from incompatible pointer type
../sasldb/sasldb.h:60: note: expected size_t * but argument is of type int *
--- saslauthd/auth_sasldb.c
+++ saslauthd/auth_sasldb.c
@@ -41,6 +41,7 @@
#include <string.h>
#include <stdlib.h>
#include <pwd.h>
+#include <unistd.h>
/* END PUBLIC DEPENDENCIES */
#define RETURN(x) return strdup(x)
@@ -131,7 +132,8 @@
/* VARIABLES */
char pw[1024]; /* pointer to passwd file entry */
sasl_utils_t utils;
- int ret, outsize;
+ int ret;
+ size_t outsize;
const char *use_realm;
char realm_buf[MAXHOSTNAMELEN];
/* END VARIABLES */

28
sdk_container/src/third_party/coreos-overlay/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.23-rimap-loop.patch vendored
View File

@ -1,28 +0,0 @@
--- a/saslauthd/auth_rimap.c 2011-09-01 14:19:54.754622284 +0100
+++ b/saslauthd/auth_rimap.c 2011-09-01 14:19:59.410561033 +0100
@@ -162,6 +162,7 @@
num_quotes = 0;
p1 = s;
while ((p1 = strchr(p1, '"')) != NULL) {
+ p1++;
num_quotes++;
}
@@ -438,7 +439,7 @@
syslog(LOG_WARNING, "auth_rimap: writev: %m");
memset(qlogin, 0, strlen(qlogin));
free(qlogin);
- memset(qpass, 0, strlen(qlogin));
+ memset(qpass, 0, strlen(qpass));
free(qpass);
(void)close(s);
return strdup(RESP_IERROR);
@@ -447,7 +448,7 @@
/* don't need these any longer */
memset(qlogin, 0, strlen(qlogin));
free(qlogin);
- memset(qpass, 0, strlen(qlogin));
+ memset(qpass, 0, strlen(qpass));
free(qpass);
/* read and parse the LOGIN response */

27
sdk_container/src/third_party/coreos-overlay/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.25-as_needed.patch vendored
View File

@ -1,27 +0,0 @@
Author: Matthias Klose <doko@ubuntu.com>
Desription: Fix FTBFS, add $(SASL_DB_LIB) as dependency to libsasldb, and use
it.
--- a/saslauthd/Makefile.am
+++ b/saslauthd/Makefile.am
@@ -16,7 +16,7 @@ EXTRA_saslauthd_sources = getaddrinfo.c
saslauthd_DEPENDENCIES = saslauthd-main.o @LTLIBOBJS@
saslauthd_LDADD = @SASL_KRB_LIB@ \
@GSSAPIBASE_LIBS@ @GSSAPI_LIBS@ @LIB_CRYPT@ @LIB_SIA@ \
- @LIB_SOCKET@ @SASL_DB_LIB@ @LIB_PAM@ @LDAP_LIBS@ @LTLIBOBJS@
+ @LIB_SOCKET@ ../sasldb/libsasldb.la @LIB_PAM@ @LDAP_LIBS@ @LTLIBOBJS@
testsaslauthd_SOURCES = testsaslauthd.c utils.c
testsaslauthd_LDADD = @LIB_SOCKET@
--- a/sasldb/Makefile.am
+++ b/sasldb/Makefile.am
@@ -55,8 +55,8 @@ noinst_LIBRARIES = libsasldb.a
libsasldb_la_SOURCES = allockey.c sasldb.h
EXTRA_libsasldb_la_SOURCES = $(extra_common_sources)
-libsasldb_la_DEPENDENCIES = $(SASL_DB_BACKEND)
-libsasldb_la_LIBADD = $(SASL_DB_BACKEND)
+libsasldb_la_DEPENDENCIES = $(SASL_DB_BACKEND) $(SASL_DB_LIB)
+libsasldb_la_LIBADD = $(SASL_DB_BACKEND) $(SASL_DB_LIB)
# Prevent make dist stupidity
libsasldb_a_SOURCES =

114
sdk_container/src/third_party/coreos-overlay/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.25-autotools_fixes.patch vendored
View File

@ -1,114 +0,0 @@
--- a/configure.in
+++ b/configure.in
@@ -44,6 +44,8 @@ dnl
AC_INIT(lib/saslint.h)
AC_PREREQ([2.54])
+AC_CONFIG_MACRO_DIR([cmulocal] [config])
+
dnl use ./config.cache as the default cache file.
dnl we require a cache file to successfully configure our build.
if test $cache_file = "/dev/null"; then
--- a/Makefile.am
+++ b/Makefile.am
@@ -43,6 +43,8 @@ AUTOMAKE_OPTIONS = 1.7
#
################################################################
+ACLOCAL_AMFLAGS = -I cmulocal -I config
+
if SASLAUTHD
SAD = saslauthd
else
--- a/saslauthd/configure.in
+++ b/saslauthd/configure.in
@@ -1,7 +1,8 @@
AC_INIT(mechanisms.h)
AC_PREREQ([2.54])
-AC_CONFIG_AUX_DIR(config)
+AC_CONFIG_MACRO_DIR([../cmulocal] [../config])
+AC_CONFIG_AUX_DIR([config])
AC_CANONICAL_HOST
dnl Should we enable SASLAUTHd at all?
@@ -164,30 +165,30 @@ AC_SUBST(LTLIBOBJS)
dnl Checks for which function macros exist
AC_MSG_CHECKING(whether $CC implements __func__)
-AC_CACHE_VAL(have_func,
+AC_CACHE_VAL(_cv_have_func,
[AC_TRY_LINK([#include <stdio.h>],[printf("%s", __func__);],
-have_func=yes,
-have_func=no)])
-AC_MSG_RESULT($have_func)
-if test "$have_func" = yes; then
+_cv_have_func=yes,
+_cv_have_func=no)])
+AC_MSG_RESULT($_cv_have_func)
+if test "$_cv_have_func" = yes; then
AC_DEFINE(HAVE_FUNC,[],[Does the compiler understand __func__])
else
AC_MSG_CHECKING(whether $CC implements __PRETTY_FUNCTION__)
- AC_CACHE_VAL(have_pretty_function,
+ AC_CACHE_VAL(_cv_have_pretty_function,
[AC_TRY_LINK([#include <stdio.h>],[printf("%s", __PRETTY_FUNCTION__);],
- have_pretty_function=yes,
- have_pretty_function=no)])
- AC_MSG_RESULT($have_pretty_function)
- if test "$have_pretty_function" = yes; then
+ _cv_have_pretty_function=yes,
+ _cv_have_pretty_function=no)])
+ AC_MSG_RESULT($_cv_have_pretty_function)
+ if test "$_cv_have_pretty_function" = yes; then
AC_DEFINE(HAVE_PRETTY_FUNCTION,[],[Does compiler understand __PRETTY_FUNCTION__])
else
AC_MSG_CHECKING(whether $CC implements __FUNCTION__)
- AC_CACHE_VAL(have_function,
+ AC_CACHE_VAL(_cv_have_function,
[AC_TRY_LINK([#include <stdio.h>],[printf("%s", __FUNCTION__);],
- have_function=yes,
- have_function=no)])
- AC_MSG_RESULT($have_function)
- if test "$have_function" = yes; then
+ _cv_have_function=yes,
+ _cv_have_function=no)])
+ AC_MSG_RESULT($_cv_have_function)
+ if test "$_cv_have_function" = yes; then
AC_DEFINE(HAVE_FUNCTION,[],[Does compiler understand __FUNCTION__])
fi
fi
--- a/saslauthd/Makefile.am
+++ b/saslauthd/Makefile.am
@@ -1,4 +1,6 @@
AUTOMAKE_OPTIONS = 1.7
+ACLOCAL_AMFLAGS = -I ../cmulocal -I ../config
+
sbin_PROGRAMS = saslauthd testsaslauthd
EXTRA_PROGRAMS = saslcache
--- a/config/kerberos_v4.m4
+++ b/config/kerberos_v4.m4
@@ -89,18 +89,18 @@ AC_DEFUN([SASL_KERBEROS_V4_CHK], [
dnl if we were ambitious, we would look more aggressively for the
dnl krb4 install
if test -d ${krb4}; then
- AC_CACHE_CHECK(for Kerberos includes, cyrus_krbinclude, [
+ AC_CACHE_CHECK(for Kerberos includes, cyrus_cv_krbinclude, [
for krbhloc in include/kerberosIV include/kerberos include
do
if test -f ${krb4}/${krbhloc}/krb.h ; then
- cyrus_krbinclude=${krb4}/${krbhloc}
+ cyrus_cv_krbinclude=${krb4}/${krbhloc}
break
fi
done
])
- if test -n "${cyrus_krbinclude}"; then
- CPPFLAGS="$CPPFLAGS -I${cyrus_krbinclude}"
+ if test -n "${cyrus_cv_krbinclude}"; then
+ CPPFLAGS="$CPPFLAGS -I${cyrus_cv_krbinclude}"
fi
LDFLAGS="$LDFLAGS -L$krb4/lib"
fi

27
sdk_container/src/third_party/coreos-overlay/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.25-avoid_pic_overwrite.patch vendored
View File

@ -1,27 +0,0 @@
Author: Fabian Fagerholm <fabbe@debian.org>
Description: This patch makes sure the non-PIC version of libsasldb.a, which
is created out of non-PIC objects, is not going to overwrite the PIC version,
which is created out of PIC objects. The PIC version is placed in .libs, and
the non-PIC version in the current directory. This ensures that both non-PIC
and PIC versions are available in the correct locations.
--- a/lib/Makefile.am
+++ b/lib/Makefile.am
@@ -78,7 +78,7 @@ endif
libsasl2.a: libsasl2.la $(SASL_STATIC_OBJS)
@echo adding static plugins and dependencies
- $(AR) cru .libs/$@ $(SASL_STATIC_OBJS)
+ $(AR) cru $@ $(SASL_STATIC_OBJS)
@for i in ./libsasl2.la ../sasldb/libsasldb.la ../plugins/lib*.la; do \
if test ! -f $$i; then continue; fi; . $$i; \
for j in $$dependency_libs foo; do \
--- a/sasldb/Makefile.am
+++ b/sasldb/Makefile.am
@@ -63,6 +63,6 @@ libsasldb_a_SOURCES =
EXTRA_libsasldb_a_SOURCES =
libsasldb.a: libsasldb.la $(SASL_DB_BACKEND_STATIC)
- $(AR) cru .libs/$@ $(SASL_DB_BACKEND_STATIC)
+ $(AR) cru $@ $(SASL_DB_BACKEND_STATIC)

27
sdk_container/src/third_party/coreos-overlay/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.25-fix_heimdal.patch vendored
View File

@ -1,27 +0,0 @@
Fix compiling against heimdal
--- sample/server.c 2010-12-01 14:52:55.000000000 +0000
+++ sample/server.c 2011-11-30 14:54:42.000000000 +0000
@@ -85,8 +85,10 @@
#ifdef HAVE_GSS_GET_NAME_ATTRIBUTE
#include <gssapi/gssapi.h>
+#ifndef KRB5_HEIMDAL
#include <gssapi/gssapi_ext.h>
#endif
+#endif
#include "common.h"
--- plugins/gssapi.c 2011-05-11 19:25:55.000000000 +0000
+++ plugins/gssapi.c 2011-11-30 14:54:33.000000000 +0000
@@ -50,6 +50,9 @@
#else
#include <gssapi/gssapi.h>
#endif
+#ifdef KRB5_HEIMDAL
+#include <gssapi/gssapi_krb5.h>
+#endif
#ifdef WIN32
# include <winsock2.h>

10
sdk_container/src/third_party/coreos-overlay/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.25-missing_header.patch vendored
View File

@ -1,10 +0,0 @@
--- pwcheck/pwcheck_getspnam.c 1999-08-26 19:22:44.000000000 +0300
+++ pwcheck/pwcheck_getspnam.c 2011-11-30 13:22:24.601023316 +0200
@@ -24,6 +24,7 @@
******************************************************************/
#include <shadow.h>
+#include <string.h>
extern char *crypt();

12
sdk_container/src/third_party/coreos-overlay/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.25-saslauthd_libtool.patch vendored
View File

@ -1,12 +0,0 @@
Author: Fabian Fagerholm <fabbe@debian.org>
Description: Enable libtool use.
--- a/saslauthd/configure.in
+++ b/saslauthd/configure.in
@@ -25,6 +25,7 @@ AC_PROG_AWK
AC_PROG_MAKE_SET
AC_PROG_LN_S
AC_PROG_INSTALL
+AC_PROG_LIBTOOL
dnl Checks for build foo
CMU_C___ATTRIBUTE__

14
sdk_container/src/third_party/coreos-overlay/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.25-sasldb_al.patch vendored
View File

@ -1,14 +0,0 @@
Author: Fabian Fagerholm <fabbe@debian.org>
Description: Fix linking with libsasldb.a when saslauthd is built with sasldb
support.
--- a/saslauthd/configure.in
+++ b/saslauthd/configure.in
@@ -77,7 +77,7 @@ if test "$authsasldb" != no; then
AC_DEFINE(AUTH_SASLDB,[],[Include SASLdb Support])
SASL_DB_PATH_CHECK()
SASL_DB_CHECK()
- SASL_DB_LIB="$SASL_DB_LIB ../sasldb/.libs/libsasldb.al"
+ SASL_DB_LIB="$SASL_DB_LIB ../sasldb/.libs/libsasldb.a"
fi
AC_ARG_ENABLE(httpform, [ --enable-httpform enable HTTP form authentication [[no]] ],

27
sdk_container/src/third_party/coreos-overlay/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.25-service_keytabs.patch vendored
View File

@ -1,27 +0,0 @@
Bug #445932
--- cmulocal/sasl2.m4 2011-09-02 12:58:00.000000000 +0000
+++ cmulocal/sasl2.m4 2012-12-05 08:37:16.425811319 +0000
@@ -268,7 +268,11 @@
cmu_save_LIBS="$LIBS"
LIBS="$LIBS $GSSAPIBASE_LIBS"
- AC_CHECK_FUNCS(gsskrb5_register_acceptor_identity)
+ AC_CHECK_FUNCS([gsskrb5_register_acceptor_identity], [],
+ [AC_CHECK_FUNCS([krb5_gss_register_acceptor_identity],
+ [AC_CHECK_HEADERS([gssapi/gssapi_krb5.h],
+ [AC_DEFINE([HAVE_GSSKRB5_REGISTER_ACCEPTOR_IDENTITY], [1])]
+ )])])
AC_CHECK_FUNCS(gss_decapsulate_token)
AC_CHECK_FUNCS(gss_encapsulate_token)
AC_CHECK_FUNCS(gss_oid_equal)
--- plugins/gssapi.c 2012-12-05 09:03:31.000220161 +0000
+++ plugins/gssapi.c 2012-12-05 09:01:55.043380204 +0000
@@ -50,7 +50,7 @@
#else
#include <gssapi/gssapi.h>
#endif
-#ifdef KRB5_HEIMDAL
+#if defined (KRB5_HEIMDAL) || defined (HAVE_GSSAPI_GSSAPI_KRB5_H)
#include <gssapi/gssapi_krb5.h>
#endif

116
sdk_container/src/third_party/coreos-overlay/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.26-CVE-2013-4122.patch vendored
View File

@ -1,116 +0,0 @@
From dedad73e5e7a75d01a5f3d5a6702ab8ccd2ff40d Mon Sep 17 00:00:00 2001
From: mancha <mancha1@hush.com>
Date: Thu, 11 Jul 2013 09:08:07 +0000
Subject: Handle NULL returns from glibc 2.17+ crypt()
Starting with glibc 2.17 (eglibc 2.17), crypt() fails with EINVAL
(w/ NULL return) if the salt violates specifications. Additionally,
on FIPS-140 enabled Linux systems, DES/MD5-encrypted passwords
passed to crypt() fail with EPERM (w/ NULL return).
When using glibc's crypt(), check return value to avoid a possible
NULL pointer dereference.
Patch by mancha1@hush.com.
---
diff --git a/pwcheck/pwcheck_getpwnam.c b/pwcheck/pwcheck_getpwnam.c
index 4b34222..400289c 100644
--- a/pwcheck/pwcheck_getpwnam.c
+++ b/pwcheck/pwcheck_getpwnam.c
@@ -32,6 +32,7 @@ char *userid;
char *password;
{
char* r;
+ char* crpt_passwd;
struct passwd *pwd;
pwd = getpwnam(userid);
@@ -41,7 +42,7 @@ char *password;
else if (pwd->pw_passwd[0] == '*') {
r = "Account disabled";
}
- else if (strcmp(pwd->pw_passwd, crypt(password, pwd->pw_passwd)) != 0) {
+ else if (!(crpt_passwd = crypt(password, pwd->pw_passwd)) || strcmp(pwd->pw_passwd, (const char *)crpt_passwd) != 0) {
r = "Incorrect password";
}
else {
diff --git a/pwcheck/pwcheck_getspnam.c b/pwcheck/pwcheck_getspnam.c
index 2b11286..6d607bb 100644
--- a/pwcheck/pwcheck_getspnam.c
+++ b/pwcheck/pwcheck_getspnam.c
@@ -32,13 +32,15 @@ char *userid;
char *password;
{
struct spwd *pwd;
+ char *crpt_passwd;
pwd = getspnam(userid);
if (!pwd) {
return "Userid not found";
}
- if (strcmp(pwd->sp_pwdp, crypt(password, pwd->sp_pwdp)) != 0) {
+ crpt_passwd = crypt(password, pwd->sp_pwdp);
+ if (!crpt_passwd || strcmp(pwd->sp_pwdp, (const char *)crpt_passwd) != 0) {
return "Incorrect password";
}
else {
diff --git a/saslauthd/auth_getpwent.c b/saslauthd/auth_getpwent.c
index fc8029d..d4ebe54 100644
--- a/saslauthd/auth_getpwent.c
+++ b/saslauthd/auth_getpwent.c
@@ -77,6 +77,7 @@ auth_getpwent (
{
/* VARIABLES */
struct passwd *pw; /* pointer to passwd file entry */
+ char *crpt_passwd; /* encrypted password */
int errnum;
/* END VARIABLES */
@@ -105,7 +106,8 @@ auth_getpwent (
}
}
- if (strcmp(pw->pw_passwd, (const char *)crypt(password, pw->pw_passwd))) {
+ crpt_passwd = crypt(password, pw->pw_passwd);
+ if (!crpt_passwd || strcmp(pw->pw_passwd, (const char *)crpt_passwd)) {
if (flags & VERBOSE) {
syslog(LOG_DEBUG, "DEBUG: auth_getpwent: %s: invalid password", login);
}
diff --git a/saslauthd/auth_shadow.c b/saslauthd/auth_shadow.c
index 677131b..1988afd 100644
--- a/saslauthd/auth_shadow.c
+++ b/saslauthd/auth_shadow.c
@@ -210,8 +210,8 @@ auth_shadow (
RETURN("NO Insufficient permission to access NIS authentication database (saslauthd)");
}
- cpw = strdup((const char *)crypt(password, sp->sp_pwdp));
- if (strcmp(sp->sp_pwdp, cpw)) {
+ cpw = crypt(password, sp->sp_pwdp);
+ if (!cpw || strcmp(sp->sp_pwdp, (const char *)cpw)) {
if (flags & VERBOSE) {
/*
* This _should_ reveal the SHADOW_PW_LOCKED prefix to an
@@ -221,10 +221,8 @@ auth_shadow (
syslog(LOG_DEBUG, "DEBUG: auth_shadow: pw mismatch: '%s' != '%s'",
sp->sp_pwdp, cpw);
}
- free(cpw);
RETURN("NO Incorrect password");
}
- free(cpw);
/*
* The following fields will be set to -1 if:
@@ -286,7 +284,7 @@ auth_shadow (
RETURN("NO Invalid username");
}
- if (strcmp(upw->upw_passwd, crypt(password, upw->upw_passwd)) != 0) {
+ if (!(cpw = crypt(password, upw->upw_passwd)) || (strcmp(upw->upw_passwd, (const char *)cpw) != 0)) {
if (flags & VERBOSE) {
syslog(LOG_DEBUG, "auth_shadow: pw mismatch: %s != %s",
password, upw->upw_passwd);
--
cgit v0.9.0.2

10
sdk_container/src/third_party/coreos-overlay/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.26-canonuser-ldapdb-garbage-in-out-buffer.patch vendored
View File

@ -1,10 +0,0 @@
--- cyrus-sasl2.orig/plugins/ldapdb.c
+++ cyrus-sasl2/plugins/ldapdb.c
@@ -406,6 +406,7 @@ ldapdb_canon_server(void *glob_context,
if ( len > out_max )
len = out_max;
memcpy(out, bvals[0]->bv_val, len);
+ out[len] = '\0';
*out_ulen = len;
ber_bvecfree(bvals);
}

186
sdk_container/src/third_party/coreos-overlay/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.26-fix-cross-compiling-again.patch vendored
View File

@ -1,186 +0,0 @@
From c34ae6a35909e4ec50b4614628a598ae935c71c4 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Marc-Andr=C3=A9=20Lureau?= <marcandre.lureau@gmail.com>
Date: Thu, 19 Nov 2015 19:40:52 +0100
Subject: [PATCH] Use AX_PROG_CC_FOR_BUILD for build generators
This allows to call makemd5 in cross-compiled environments.
---
configure.ac | 1 +
include/Makefile.am | 15 ++++--
m4/ax_prog_cc_for_build.m4 | 125 +++++++++++++++++++++++++++++++++++++++++++++
3 files changed, 138 insertions(+), 3 deletions(-)
create mode 100644 m4/ax_prog_cc_for_build.m4
diff --git a/configure.ac b/configure.ac
index 429189e..2abcc61 100644
--- a/configure.in
+++ b/configure.in
@@ -93,6 +93,7 @@ AC_ARG_ENABLE(obsolete_cram_attr,
enable_obsolete_cram_attr=yes)
AC_PROG_CC
+AX_PROG_CC_FOR_BUILD
AC_PROG_CPP
AC_PROG_AWK
AC_PROG_LN_S
diff --git a/include/Makefile.am b/include/Makefile.am
index 5ea5be2..c942efa 100644
--- a/include/Makefile.am
+++ b/include/Makefile.am
@@ -51,9 +51,15 @@ noinst_PROGRAMS = makemd5
makemd5_SOURCES = makemd5.c
-md5global.h: makemd5
- -rm -f md5global.h
- ./makemd5 md5global.h
+makemd5$(BUILD_EXEEXT) $(makemd5_OBJECTS): CC=$(CC_FOR_BUILD)
+makemd5$(BUILD_EXEEXT) $(makemd5_OBJECTS): CFLAGS=$(CFLAGS_FOR_BUILD)
+makemd5$(BUILD_EXEEXT): LDFLAGS=$(LDFLAGS_FOR_BUILD)
+
+md5global.h: makemd5$(BUILD_EXEEXT) Makefile
+ -rm -f $@
+ ./$< $@
+
+BUILT_SOURCES = md5global.h
EXTRA_DIST = NTMakefile
DISTCLEANFILES = md5global.h
@@ -63,3 +69,6 @@ framedir = /Library/Frameworks/SASL2.framework
frameheaderdir = $(framedir)/Versions/A/Headers
frameheader_DATA = $(saslinclude_HEADERS)
endif
+
+# TODO: automake, don't build it
+makemd5$(EXEEXT):
diff --git a/m4/ax_prog_cc_for_build.m4 b/m4/ax_prog_cc_for_build.m4
new file mode 100644
index 0000000..77fd346
--- /dev/null
+++ b/m4/ax_prog_cc_for_build.m4
@@ -0,0 +1,125 @@
+# ===========================================================================
+# http://www.gnu.org/software/autoconf-archive/ax_prog_cc_for_build.html
+# ===========================================================================
+#
+# SYNOPSIS
+#
+# AX_PROG_CC_FOR_BUILD
+#
+# DESCRIPTION
+#
+# This macro searches for a C compiler that generates native executables,
+# that is a C compiler that surely is not a cross-compiler. This can be
+# useful if you have to generate source code at compile-time like for
+# example GCC does.
+#
+# The macro sets the CC_FOR_BUILD and CPP_FOR_BUILD macros to anything
+# needed to compile or link (CC_FOR_BUILD) and preprocess (CPP_FOR_BUILD).
+# The value of these variables can be overridden by the user by specifying
+# a compiler with an environment variable (like you do for standard CC).
+#
+# It also sets BUILD_EXEEXT and BUILD_OBJEXT to the executable and object
+# file extensions for the build platform, and GCC_FOR_BUILD to `yes' if
+# the compiler we found is GCC. All these variables but GCC_FOR_BUILD are
+# substituted in the Makefile.
+#
+# LICENSE
+#
+# Copyright (c) 2008 Paolo Bonzini <bonzini@gnu.org>
+#
+# Copying and distribution of this file, with or without modification, are
+# permitted in any medium without royalty provided the copyright notice
+# and this notice are preserved. This file is offered as-is, without any
+# warranty.
+
+#serial 8
+
+AU_ALIAS([AC_PROG_CC_FOR_BUILD], [AX_PROG_CC_FOR_BUILD])
+AC_DEFUN([AX_PROG_CC_FOR_BUILD], [dnl
+AC_REQUIRE([AC_PROG_CC])dnl
+AC_REQUIRE([AC_PROG_CPP])dnl
+AC_REQUIRE([AC_EXEEXT])dnl
+AC_REQUIRE([AC_CANONICAL_HOST])dnl
+
+dnl Use the standard macros, but make them use other variable names
+dnl
+pushdef([ac_cv_prog_CPP], ac_cv_build_prog_CPP)dnl
+pushdef([ac_cv_prog_gcc], ac_cv_build_prog_gcc)dnl
+pushdef([ac_cv_prog_cc_works], ac_cv_build_prog_cc_works)dnl
+pushdef([ac_cv_prog_cc_cross], ac_cv_build_prog_cc_cross)dnl
+pushdef([ac_cv_prog_cc_g], ac_cv_build_prog_cc_g)dnl
+pushdef([ac_cv_exeext], ac_cv_build_exeext)dnl
+pushdef([ac_cv_objext], ac_cv_build_objext)dnl
+pushdef([ac_exeext], ac_build_exeext)dnl
+pushdef([ac_objext], ac_build_objext)dnl
+pushdef([CC], CC_FOR_BUILD)dnl
+pushdef([CPP], CPP_FOR_BUILD)dnl
+pushdef([CFLAGS], CFLAGS_FOR_BUILD)dnl
+pushdef([CPPFLAGS], CPPFLAGS_FOR_BUILD)dnl
+pushdef([LDFLAGS], LDFLAGS_FOR_BUILD)dnl
+pushdef([host], build)dnl
+pushdef([host_alias], build_alias)dnl
+pushdef([host_cpu], build_cpu)dnl
+pushdef([host_vendor], build_vendor)dnl
+pushdef([host_os], build_os)dnl
+pushdef([ac_cv_host], ac_cv_build)dnl
+pushdef([ac_cv_host_alias], ac_cv_build_alias)dnl
+pushdef([ac_cv_host_cpu], ac_cv_build_cpu)dnl
+pushdef([ac_cv_host_vendor], ac_cv_build_vendor)dnl
+pushdef([ac_cv_host_os], ac_cv_build_os)dnl
+pushdef([ac_cpp], ac_build_cpp)dnl
+pushdef([ac_compile], ac_build_compile)dnl
+pushdef([ac_link], ac_build_link)dnl
+
+save_cross_compiling=$cross_compiling
+save_ac_tool_prefix=$ac_tool_prefix
+cross_compiling=no
+ac_tool_prefix=
+
+AC_PROG_CC
+AC_PROG_CPP
+AC_EXEEXT
+
+ac_tool_prefix=$save_ac_tool_prefix
+cross_compiling=$save_cross_compiling
+
+dnl Restore the old definitions
+dnl
+popdef([ac_link])dnl
+popdef([ac_compile])dnl
+popdef([ac_cpp])dnl
+popdef([ac_cv_host_os])dnl
+popdef([ac_cv_host_vendor])dnl
+popdef([ac_cv_host_cpu])dnl
+popdef([ac_cv_host_alias])dnl
+popdef([ac_cv_host])dnl
+popdef([host_os])dnl
+popdef([host_vendor])dnl
+popdef([host_cpu])dnl
+popdef([host_alias])dnl
+popdef([host])dnl
+popdef([LDFLAGS])dnl
+popdef([CPPFLAGS])dnl
+popdef([CFLAGS])dnl
+popdef([CPP])dnl
+popdef([CC])dnl
+popdef([ac_objext])dnl
+popdef([ac_exeext])dnl
+popdef([ac_cv_objext])dnl
+popdef([ac_cv_exeext])dnl
+popdef([ac_cv_prog_cc_g])dnl
+popdef([ac_cv_prog_cc_cross])dnl
+popdef([ac_cv_prog_cc_works])dnl
+popdef([ac_cv_prog_gcc])dnl
+popdef([ac_cv_prog_CPP])dnl
+
+dnl Finally, set Makefile variables
+dnl
+BUILD_EXEEXT=$ac_build_exeext
+BUILD_OBJEXT=$ac_build_objext
+AC_SUBST(BUILD_EXEEXT)dnl
+AC_SUBST(BUILD_OBJEXT)dnl
+AC_SUBST([CFLAGS_FOR_BUILD])dnl
+AC_SUBST([CPPFLAGS_FOR_BUILD])dnl
+AC_SUBST([LDFLAGS_FOR_BUILD])dnl
+])

90
sdk_container/src/third_party/coreos-overlay/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.26-fix_dovecot_authentication.patch vendored
View File

@ -1,90 +0,0 @@
Bug #510320
--- saslauthd/auth_rimap.c 2012-10-12 14:05:48.000000000 +0000
+++ saslauthd/auth_rimap.c 2014-05-15 05:23:02.000000000 +0000
@@ -371,7 +371,7 @@
if ( rc>0 ) {
/* check if there is more to read */
fd_set perm;
- int fds, ret;
+ int fds, ret, loopc;
struct timeval timeout;
FD_ZERO(&perm);
@@ -380,6 +380,7 @@
timeout.tv_sec = 1;
timeout.tv_usec = 0;
+ loopc = 0;
while( select (fds, &perm, NULL, NULL, &timeout ) >0 ) {
if ( FD_ISSET(s, &perm) ) {
ret = read(s, rbuf+rc, sizeof(rbuf)-rc);
@@ -387,6 +388,14 @@
rc = ret;
break;
} else {
+ if (ret == 0) {
+ loopc += 1;
+ } else {
+ loopc = 0;
+ }
+ if (loopc > sizeof(rbuf)) { // arbitrary chosen value
+ break;
+ }
rc += ret;
}
}
@@ -484,7 +493,7 @@
if ( rc>0 ) {
/* check if there is more to read */
fd_set perm;
- int fds, ret;
+ int fds, ret, loopc;
struct timeval timeout;
FD_ZERO(&perm);
@@ -493,6 +502,7 @@
timeout.tv_sec = 1;
timeout.tv_usec = 0;
+ loopc = 0;
while( select (fds, &perm, NULL, NULL, &timeout ) >0 ) {
if ( FD_ISSET(s, &perm) ) {
ret = read(s, rbuf+rc, sizeof(rbuf)-rc);
@@ -500,6 +510,14 @@
rc = ret;
break;
} else {
+ if (ret == 0) {
+ loopc += 1;
+ } else {
+ loopc = 0;
+ }
+ if (loopc > sizeof(rbuf)) { // arbitrary chosen value
+ break;
+ }
rc += ret;
}
}
--- lib/checkpw.c 2012-01-27 23:31:36.000000000 +0000
+++ lib/checkpw.c 2014-05-15 05:19:35.000000000 +0000
@@ -587,16 +587,14 @@
/* Timeout. */
errno = ETIMEDOUT;
return -1;
- case +1:
- if (FD_ISSET(fd, &rfds)) {
- /* Success, file descriptor is readable. */
- return 0;
- }
- return -1;
case -1:
if (errno == EINTR || errno == EAGAIN)
continue;
default:
+ if (FD_ISSET(fd, &rfds)) {
+ /* Success, file descriptor is readable. */
+ return 0;
+ }
/* Error catch-all. */
return -1;
}

4
sdk_container/src/third_party/coreos-overlay/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.26-missing-size_t.patch vendored
View File

@ -1,6 +1,6 @@
Gentoo bug #458790
--- include/sasl.h 2012-10-12 17:05:48.000000000 +0300
+++ include/sasl.h 2013-02-23 16:56:44.648786268 +0200
--- a/include/sasl.h
+++ b/include/sasl.h
@@ -121,6 +121,9 @@
#ifndef SASL_H
#define SASL_H 1

48
sdk_container/src/third_party/coreos-overlay/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.26-send-imap-logout.patch vendored
View File

@ -1,48 +0,0 @@
--- cyrus-sasl2.orig/saslauthd/auth_rimap.c
+++ cyrus-sasl2/saslauthd/auth_rimap.c
@@ -90,6 +90,7 @@ static struct addrinfo *ai = NULL; /* re
service we connect to. */
#define TAG "saslauthd" /* IMAP command tag */
#define LOGIN_CMD (TAG " LOGIN ") /* IMAP login command (with tag) */
+#define LOGOUT_CMD (TAG " LOGOUT ") /* IMAP logout command (with tag)*/
#define NETWORK_IO_TIMEOUT 30 /* network I/O timeout (seconds) */
#define RESP_LEN 1000 /* size of read response buffer */
@@ -307,10 +308,12 @@ auth_rimap (
int s=-1; /* socket to remote auth host */
struct addrinfo *r; /* remote socket address info */
struct iovec iov[5]; /* for sending LOGIN command */
+ struct iovec iov2[2]; /* for sending LOGOUT command */
char *qlogin; /* pointer to "quoted" login */
char *qpass; /* pointer to "quoted" password */
char *c; /* scratch pointer */
int rc; /* return code scratch area */
+ int rcl; /* return code scratch area */
char rbuf[RESP_LEN]; /* response read buffer */
char hbuf[NI_MAXHOST], pbuf[NI_MAXSERV];
int saved_errno;
@@ -505,6 +508,24 @@ auth_rimap (
}
}
}
+
+ /* close remote imap */
+ iov2[0].iov_base = LOGOUT_CMD;
+ iov2[0].iov_len = sizeof(LOGOUT_CMD) - 1;
+ iov2[1].iov_base = "\r\n";
+ iov2[1].iov_len = sizeof("\r\n") - 1;
+
+ if (flags & VERBOSE) {
+ syslog(LOG_DEBUG, "auth_rimap: sending %s%s %s",
+ LOGOUT_CMD, qlogin, qpass);
+ }
+ alarm(NETWORK_IO_TIMEOUT);
+ rcl = retry_writev(s, iov2, 2);
+ alarm(0);
+ if (rcl == -1) {
+ syslog(LOG_WARNING, "auth_rimap: writev logout: %m");
+ }
+
(void) close(s); /* we're done with the remote */
if (rc == -1) {
syslog(LOG_WARNING, "auth_rimap: read (response): %m");

20
sdk_container/src/third_party/coreos-overlay/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.27-CVE-2019-19906.patch vendored Normal file
View File

@ -0,0 +1,20 @@
Description: CVE-2019-19906: Off-by-one in _sasl_add_string function
Origin: vendor
Bug: https://github.com/cyrusimap/cyrus-sasl/issues/587
Bug-Debian: https://bugs.debian.org/947043
Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2019-19906
Author: Stephan Zeisberg <stephan@srlabs.de>
Reviewed-by: Salvatore Bonaccorso <carnil@debian.org>
Last-Update: 2019-12-19
--- a/lib/common.c
+++ b/lib/common.c
@@ -190,7 +190,7 @@ int _sasl_add_string(char **out, size_t
if (add==NULL) add = "(null)";
- addlen=strlen(add); /* only compute once */
+ addlen=strlen(add)+1; /* only compute once */
if (_buf_alloc(out, alloclen, (*outlen)+addlen)!=SASL_OK)
return SASL_NOMEM;

25
sdk_container/src/third_party/coreos-overlay/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.27-as_needed.patch vendored Normal file
View File

@ -0,0 +1,25 @@
Author: Matthias Klose <doko@ubuntu.com>
Desription: Fix FTBFS, add $(SASL_DB_LIB) as dependency to libsasldb, and use
it.
--- cyrus-sasl-2.1.27/saslauthd/Makefile.am
+++ cyrus-sasl-2.1.27/saslauthd/Makefile.am
@@ -25,7 +25,7 @@
saslauthd_DEPENDENCIES = saslauthd-main.o $(LTLIBOBJS_FULL)
saslauthd_LDADD = @SASL_KRB_LIB@ \
@GSSAPIBASE_LIBS@ @LIB_CRYPT@ @LIB_SIA@ \
- @LIB_SOCKET@ @SASL_DB_LIB@ @LIB_PAM@ @LDAP_LIBS@ $(LTLIBOBJS_FULL) $(CRYPTO_COMPAT_OBJS) $(LIBSASLDB_OBJS)
+ @LIB_SOCKET@ ../sasldb/libsasldb.la @LIB_PAM@ @LDAP_LIBS@ $(LTLIBOBJS_FULL) $(CRYPTO_COMPAT_OBJS) $(LIBSASLDB_OBJS)
testsaslauthd_SOURCES = testsaslauthd.c utils.c
testsaslauthd_LDADD = @LIB_SOCKET@
--- cyrus-sasl-2.1.27/sasldb/Makefile.am
+++ cyrus-sasl-2.1.27/sasldb/Makefile.am
@@ -54,6 +54,6 @@
libsasldb_la_SOURCES = allockey.c sasldb.h
EXTRA_libsasldb_la_SOURCES = $(extra_common_sources)
-libsasldb_la_DEPENDENCIES = $(SASL_DB_BACKEND)
-libsasldb_la_LIBADD = $(SASL_DB_BACKEND)
+libsasldb_la_DEPENDENCIES = $(SASL_DB_BACKEND) $(SASL_DB_LIB)
+libsasldb_la_LIBADD = $(SASL_DB_BACKEND) $(SASL_DB_LIB)
libsasldb_la_LDFLAGS = -no-undefined

31
sdk_container/src/third_party/coreos-overlay/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.27-autotools_fixes.patch vendored Normal file
View File

@ -0,0 +1,31 @@
--- cyrus-sasl-2.1.27/configure.ac
+++ cyrus-sasl-2.1.27/configure.ac
@@ -44,6 +44,8 @@
AC_PREREQ(2.63)
+AC_CONFIG_MACRO_DIR([config])
+
dnl
dnl REMINDER: When changing the version number here, please also update
dnl the values in win32/include/config.h and include/sasl.h as well.
--- cyrus-sasl-2.1.27/Makefile.am
+++ cyrus-sasl-2.1.27/Makefile.am
@@ -44,6 +44,8 @@
#
################################################################
+ACLOCAL_AMFLAGS = -I config
+
if SASLAUTHD
SAD = saslauthd
else
--- cyrus-sasl-2.1.27/saslauthd/Makefile.am
+++ cyrus-sasl-2.1.27/saslauthd/Makefile.am
@@ -1,4 +1,6 @@
AUTOMAKE_OPTIONS = 1.7
+ACLOCAL_AMFLAGS = -I ../config
+
sbin_PROGRAMS = saslauthd testsaslauthd
EXTRA_PROGRAMS = saslcache

18
sdk_container/src/third_party/coreos-overlay/dev-libs/cyrus-sasl/files/cyrus-sasl-0014_avoid_pic_overwrite.patch → sdk_container/src/third_party/coreos-overlay/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.27-avoid_pic_overwrite.patch vendored
View File

@ -4,24 +4,14 @@ is created out of non-PIC objects, is not going to overwrite the PIC version,
which is created out of PIC objects. The PIC version is placed in .libs, and
the non-PIC version in the current directory. This ensures that both non-PIC
and PIC versions are available in the correct locations.
--- trunk.orig/lib/Makefile.am
+++ trunk/lib/Makefile.am
@@ -76,7 +76,7 @@
--- cyrus-sasl-2.1.27/lib/Makefile.am
+++ cyrus-sasl-2.1.27/lib/Makefile.am
@@ -98,7 +98,7 @@
libsasl2.a: libsasl2.la $(SASL_STATIC_OBJS)
@echo adding static plugins and dependencies
- $(AR) cru .libs/$@ $(SASL_STATIC_OBJS)
+ $(AR) cru $@ $(SASL_STATIC_OBJS)
@for i in ./libsasl2.la ../sasldb/libsasldb.la ../plugins/lib*.la; do \
@for i in ./libsasl2.la ../common/libplugin_common.la ../sasldb/libsasldb.la ../plugins/lib*.la; do \
if test ! -f $$i; then continue; fi; . $$i; \
for j in $$dependency_libs foo; do \
--- trunk.orig/sasldb/Makefile.am
+++ trunk/sasldb/Makefile.am
@@ -63,6 +63,6 @@
EXTRA_libsasldb_a_SOURCES =
libsasldb.a: libsasldb.la $(SASL_DB_BACKEND_STATIC)
- $(AR) cru .libs/$@ $(SASL_DB_BACKEND_STATIC)
+ $(AR) cru $@ $(SASL_DB_BACKEND_STATIC)

11
sdk_container/src/third_party/coreos-overlay/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.27-doc_build_fix.patch vendored Normal file
View File

@ -0,0 +1,11 @@
--- cyrus-sasl-2.1.27/docsrc/exts/sphinxlocal/writers/manpage.py
+++ cyrus-sasl-2.1.27/docsrc/exts/sphinxlocal/writers/manpage.py
@@ -23,7 +23,7 @@
from sphinx import addnodes
from sphinx.locale import admonitionlabels, _
from sphinx.util.osutil import ustrftime
-from sphinx.util.compat import docutils_version
+#from sphinx.util.compat import docutils_version
class CyrusManualPageWriter(ManualPageWriter):

14
sdk_container/src/third_party/coreos-overlay/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.26-fix-cross-compiling.patch → sdk_container/src/third_party/coreos-overlay/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.27-fix-cross-compiling.patch vendored
View File

@ -1,12 +1,12 @@
diff -ur cyrus-sasl-2.1.26.orig/cmulocal/sasl2.m4 cyrus-sasl-2.1.26/cmulocal/sasl2.m4
--- cyrus-sasl-2.1.26.orig/cmulocal/sasl2.m4 2016-04-05 17:38:41.181743471 -0700
+++ cyrus-sasl-2.1.26/cmulocal/sasl2.m4 2016-04-05 17:48:43.137754169 -0700
@@ -287,35 +287,7 @@
AC_CHECK_FUNCS(gss_get_name_attribute)
LIBS="$cmu_save_LIBS"
--- cyrus-sasl-2.1.27/m4/sasl2.m4
+++ cyrus-sasl-2.1.27/m4/sasl2.m4
@@ -311,36 +311,7 @@ if test "$gssapi" != no; then
[AC_DEFINE(HAVE_GSS_C_SEC_CONTEXT_SASL_SSF,,
[Define if your GSSAPI implementation defines GSS_C_SEC_CONTEXT_SASL_SSF])])
fi
- cmu_save_LIBS="$LIBS"
- LIBS="$LIBS $GSSAPIBASE_LIBS"
-
- AC_MSG_CHECKING([for SPNEGO support in GSSAPI libraries])
- AC_TRY_RUN([
-#ifdef HAVE_GSSAPI_H

8
sdk_container/src/third_party/coreos-overlay/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.23-gss_c_nt_hostbased_service.patch → sdk_container/src/third_party/coreos-overlay/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.27-gss_c_nt_hostbased_service.patch vendored
View File

@ -1,7 +1,7 @@
Gentoo bug #389349
--- cmulocal/sasl2.m4 2009-04-28 17:09:13.000000000 +0200
+++ cmulocal/sasl2.m4 2011-11-02 17:55:24.000000000 +0100
@@ -217,7 +217,11 @@
--- cyrus-sasl-2.1.27/m4/sasl2.m4
+++ cyrus-sasl-2.1.27/m4/sasl2.m4
@@ -220,7 +220,11 @@
[AC_WARN([Cybersafe define not found])])
elif test "$ac_cv_header_gssapi_h" = "yes"; then
@ -12,5 +12,5 @@ Gentoo bug #389349
+ hostbased_service_gss_nt_yes
+ #endif],
[AC_DEFINE(HAVE_GSS_C_NT_HOSTBASED_SERVICE,,
[Define if your GSSAPI implimentation defines GSS_C_NT_HOSTBASED_SERVICE])])
[Define if your GSSAPI implementation defines GSS_C_NT_HOSTBASED_SERVICE])])
elif test "$ac_cv_header_gssapi_gssapi_h"; then

53
sdk_container/src/third_party/coreos-overlay/dev-libs/cyrus-sasl/files/cyrus-sasl-2.1.27-memmem.patch vendored Normal file
View File

@ -0,0 +1,53 @@
auth_rimap: provide naive memmem implementation if missing
read_response uses memmem, which is not available on e.g. Solaris 10
Bug: https://github.com/cyrusimap/cyrus-sasl/pull/551
Signed-off-by: Fabian Groffen <grobian@gentoo.org>
--- a/saslauthd/auth_rimap.c
+++ b/saslauthd/auth_rimap.c
@@ -367,6 +367,32 @@
/* END FUNCTION: process_login_reply */
+#ifndef HAVE_MEMMEM
+static void *memmem(
+ const void *big, size_t big_len,
+ const void *little, size_t little_len)
+{
+ const char *bp = (const char *)big;
+ const char *lp = (const char *)little;
+ size_t l;
+
+ if (big_len < little_len || little_len == 0 || big_len == 0)
+ return NULL;
+
+ while (big_len > 0) {
+ for (l = 0; l < little_len; l++) {
+ if (bp[l] != lp[l])
+ break;
+ }
+ if (l == little_len)
+ return (void *)bp;
+ bp++;
+ }
+
+ return NULL;
+}
+#endif
+
static int read_response(int s, char *rbuf, int buflen, const char *tag)
{
int rc = 0;
--- a/configure.ac
+++ b/configure.ac
@@ -1292,7 +1292,7 @@
#AC_FUNC_MEMCMP
#AC_FUNC_VPRINTF
-AC_CHECK_FUNCS(gethostname getdomainname getpwnam getspnam gettimeofday inet_aton memcpy mkdir select socket strchr strdup strerror strspn strstr strtol jrand48 getpassphrase asprintf strlcat strlcpy)
+AC_CHECK_FUNCS(gethostname getdomainname getpwnam getspnam gettimeofday inet_aton memcpy memmem mkdir select socket strchr strdup strerror strspn strstr strtol jrand48 getpassphrase asprintf strlcat strlcpy)
if test $ac_cv_func_getspnam = yes; then
AC_MSG_CHECKING(if getpwnam_r/getspnam_r take 5 arguments)

3
sdk_container/src/third_party/coreos-overlay/dev-libs/cyrus-sasl/files/pwcheck.rc6 vendored
View File

@ -1,7 +1,6 @@
#!/sbin/runscript
#!/sbin/openrc-run
# Copyright 1999-2011 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
# $Id$
depend() {
need localmount

25
sdk_container/src/third_party/coreos-overlay/dev-libs/cyrus-sasl/files/saslauthd-2.1.21.conf vendored
View File

@ -1,25 +0,0 @@
# $Id$
# Config file for /etc/init.d/saslauthd
# Initial (empty) options.
SASLAUTHD_OPTS=""
# Specify the authentications mechanism.
# **NOTE** For a list see: saslauthd -v
# Since 2.1.19, add "-r" to options for old behavior,
# ie. reassemble user and realm to user@realm form.
#SASLAUTHD_OPTS="${SASLAUTHD_OPTS} -a pam -r"
SASLAUTHD_OPTS="${SASLAUTHD_OPTS} -a pam"
# Specify the hostname for remote IMAP server.
# **NOTE** Only needed if rimap auth mechanism is used.
#SASLAUTHD_OPTS="${SASLAUTHD_OPTS} -O localhost"
# Specify the number of worker processes to create.
#SASLAUTHD_OPTS="${SASLAUTHD_OPTS} -n 5"
# Enable credential cache, set cache size and timeout.
# **NOTE** Size is measured in kilobytes.
# Timeout is measured in seconds.
#SASLAUTHD_OPTS="${SASLAUTHD_OPTS} -c -s 128 -t 30"

2
sdk_container/src/third_party/coreos-overlay/dev-libs/cyrus-sasl/files/saslauthd-2.1.26.conf vendored
View File

@ -1,5 +1,3 @@
# $Id$
# Config file for /etc/init.d/saslauthd and systemd unit
# PLEASE READ THIS IF YOU ARE USING SYSTEMD

21
sdk_container/src/third_party/coreos-overlay/dev-libs/cyrus-sasl/files/saslauthd2.rc6 vendored
View File

@ -1,21 +0,0 @@
#!/sbin/runscript
# Copyright 1999-2007 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
# $Id$
depend() {
need net
}
start() {
ebegin "Starting saslauthd"
start-stop-daemon --start --quiet --exec /usr/sbin/saslauthd \
-- ${SASLAUTHD_OPTS}
eend $?
}
stop() {
ebegin "Stopping saslauthd"
start-stop-daemon --stop --quiet --pidfile /var/lib/sasl2/saslauthd.pid
eend $?
}

3
sdk_container/src/third_party/coreos-overlay/dev-libs/cyrus-sasl/files/saslauthd2.rc7 vendored
View File

@ -1,7 +1,6 @@
#!/sbin/runscript
#!/sbin/openrc-run
# Copyright 1999-2013 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
# $Id$
depend() {
need net

5
sdk_container/src/third_party/coreos-overlay/dev-libs/cyrus-sasl/metadata.xml vendored
View File

@ -1,10 +1,7 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
<pkgmetadata>
<maintainer type="project">
<email>net-mail@gentoo.org</email>
<name>Net-Mail</name>
</maintainer>
<!-- maintainer-needed -->
<use>
<flag name="authdaemond">Add Courier-IMAP authdaemond unix socket
support (<pkg>net-mail/courier-imap</pkg>, <pkg>mail-mta/courier</pkg>)

5
sdk_container/src/third_party/coreos-overlay/dev-libs/openssl/Manifest vendored
View File

@ -1,3 +1,2 @@
DIST openssl-1.0.2-patches-1.5.tar.xz 12404 BLAKE2B 6c1b8c28f339f539b2ab8643379502a24cf62bffde00041dce54d5dd9e8d2620b181362ee5464b0ab32ba4948e209697bfabadbea2944a409a1009100d298f24 SHA512 5725e2d9d1ee8cc074bcef3bed61c71bdab2ff1c114362110c3fb8da11ad5bc8f2ff28e90a293f5f3a5cf96ecda54dffdb7ab3fb3f8b23ef6472250dc3037659
DIST openssl-1.0.2t-bindist-1.0.tar.xz 13872 BLAKE2B b2aade96a6e0ca6209a39e205b1c838de945903fcf959c62cc29ddcd1a0cb360fc5db234df86860a6a4c096f5ecc237611e4c2946b986a5500c24ba93c208ef4 SHA512 a48a7efb9b973b865bcc5009d450b428ed6b4b95e4cefe70c51056e47392c8a7bec58215168d8b07712419dc74646c2bd2fd23bcfbba2031376e292249a6b1b6
DIST openssl-1.0.2u.tar.gz 5355412 BLAKE2B b2ff2a10e5851af5aca4093422a9a072c794e87b997263826c1c35910c040f695fac63decac5856cb49399ed03d410f97701d9fd4e1ebfbcacd8f3a74ce8bf57 SHA512 c455bb309e20e2c2d47fdc5619c734d107d5c8c38c1409903ce979acc120b0d5fa0312917c0aa0d630e402d092a703d4249643f36078e8528a3cafc9dac6ab32
DIST openssl-1.1.1e-bindist-1.0.tar.xz 16948 BLAKE2B 78e034f1d263cbf5e57c92393f72acd07e86e39a5511a8852bad151371430954e07d787fd82cca55b373d1579bb22b9d29c9d677104ed68291a9d2dffe3ffbbb SHA512 0dbfb378b8f2724db82915e17fd4e43977e3e45030db25cdb9241c0ab842e41ef3d597ef71c4db5103635752dc2059ea6022597511a440f55fb56a5a52d3ccea
DIST openssl-1.1.1g.tar.gz 9801502 BLAKE2B 5e3dd4725ff89b959a5436d64b521317c6ffeb377418cc24c6d1927fab923423cb5f5fce2f9c2cdee597041c7be156d09668a5fd13dc6ff06d235a83db94cf19 SHA512 01e3d0b1bceeed8fb066f542ef5480862001556e0f612e017442330bbd7e5faee228b2de3513d7fc347446b7f217e27de1003dc9d7214d5833b97593f3ec25ab

43
sdk_container/src/third_party/coreos-overlay/dev-libs/openssl/files/openssl-1.0.2a-x32-asm.patch vendored
View File

@ -1,43 +0,0 @@
https://rt.openssl.org/Ticket/Display.html?id=3759&user=guest&pass=guest
From 6257d59b3a68d2feb9d64317a1c556dc3813ee61 Mon Sep 17 00:00:00 2001
From: Mike Frysinger <vapier@gentoo.org>
Date: Sat, 21 Mar 2015 06:01:25 -0400
Subject: [PATCH] crypto: use bigint in x86-64 perl
When building on x32 systems where the default type is 32bit, make sure
we can transparently represent 64bit integers. Otherwise we end up with
build errors like:
/usr/bin/perl asm/ghash-x86_64.pl elf > ghash-x86_64.s
Integer overflow in hexadecimal number at asm/../../perlasm/x86_64-xlate.pl line 201, <> line 890.
...
ghash-x86_64.s: Assembler messages:
ghash-x86_64.s:890: Error: junk '.15473355479995e+19' after expression
We don't enable this globally as there are some cases where we'd get
32bit values interpreted as unsigned when we need them as signed.
Reported-by: Bertrand Jacquin <bertrand@jacquin.bzh>
URL: https://bugs.gentoo.org/542618
---
crypto/perlasm/x86_64-xlate.pl | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/crypto/perlasm/x86_64-xlate.pl b/crypto/perlasm/x86_64-xlate.pl
index aae8288..0bf9774 100755
--- a/crypto/perlasm/x86_64-xlate.pl
+++ b/crypto/perlasm/x86_64-xlate.pl
@@ -195,6 +195,10 @@ my %globals;
sub out {
my $self = shift;
+ # When building on x32 ABIs, the expanded hex value might be too
+ # big to fit into 32bits. Enable transparent 64bit support here
+ # so we can safely print it out.
+ use bigint;
if ($gas) {
# Solaris /usr/ccs/bin/as can't handle multiplications
# in $self->{value}
--
2.3.3

283
sdk_container/src/third_party/coreos-overlay/dev-libs/openssl/files/openssl-1.0.2p-hobble-ecc.patch vendored
View File

@ -1,283 +0,0 @@
Port of Fedora's Hobble-EC patches for OpenSSL 1.0 series.
From https://src.fedoraproject.org/git/rpms/openssl.git
Contains parts of the following patches, rediffed. The patches are on various
different branches.
f23 openssl-1.0.2c-ecc-suiteb.patch
f23 openssl-1.0.2a-fips-ec.patch
f28 openssl-1.1.0-ec-curves.patch
Signed-off-By: Robin H. Johnson <robbat2@gentoo.org>
--- a/apps/speed.c
+++ b/apps/speed.c
@@ -989,10 +989,7 @@ int MAIN(int argc, char **argv)
} else
# endif
# ifndef OPENSSL_NO_ECDSA
- if (strcmp(*argv, "ecdsap160") == 0)
- ecdsa_doit[R_EC_P160] = 2;
- else if (strcmp(*argv, "ecdsap192") == 0)
- ecdsa_doit[R_EC_P192] = 2;
+ if (0) {}
else if (strcmp(*argv, "ecdsap224") == 0)
ecdsa_doit[R_EC_P224] = 2;
else if (strcmp(*argv, "ecdsap256") == 0)
@@ -1001,36 +998,13 @@ int MAIN(int argc, char **argv)
ecdsa_doit[R_EC_P384] = 2;
else if (strcmp(*argv, "ecdsap521") == 0)
ecdsa_doit[R_EC_P521] = 2;
- else if (strcmp(*argv, "ecdsak163") == 0)
- ecdsa_doit[R_EC_K163] = 2;
- else if (strcmp(*argv, "ecdsak233") == 0)
- ecdsa_doit[R_EC_K233] = 2;
- else if (strcmp(*argv, "ecdsak283") == 0)
- ecdsa_doit[R_EC_K283] = 2;
- else if (strcmp(*argv, "ecdsak409") == 0)
- ecdsa_doit[R_EC_K409] = 2;
- else if (strcmp(*argv, "ecdsak571") == 0)
- ecdsa_doit[R_EC_K571] = 2;
- else if (strcmp(*argv, "ecdsab163") == 0)
- ecdsa_doit[R_EC_B163] = 2;
- else if (strcmp(*argv, "ecdsab233") == 0)
- ecdsa_doit[R_EC_B233] = 2;
- else if (strcmp(*argv, "ecdsab283") == 0)
- ecdsa_doit[R_EC_B283] = 2;
- else if (strcmp(*argv, "ecdsab409") == 0)
- ecdsa_doit[R_EC_B409] = 2;
- else if (strcmp(*argv, "ecdsab571") == 0)
- ecdsa_doit[R_EC_B571] = 2;
else if (strcmp(*argv, "ecdsa") == 0) {
- for (i = 0; i < EC_NUM; i++)
+ for (i = R_EC_P224; i < R_EC_P521; i++)
ecdsa_doit[i] = 1;
} else
# endif
# ifndef OPENSSL_NO_ECDH
- if (strcmp(*argv, "ecdhp160") == 0)
- ecdh_doit[R_EC_P160] = 2;
- else if (strcmp(*argv, "ecdhp192") == 0)
- ecdh_doit[R_EC_P192] = 2;
+ if (0) {}
else if (strcmp(*argv, "ecdhp224") == 0)
ecdh_doit[R_EC_P224] = 2;
else if (strcmp(*argv, "ecdhp256") == 0)
@@ -1039,28 +1013,8 @@ int MAIN(int argc, char **argv)
ecdh_doit[R_EC_P384] = 2;
else if (strcmp(*argv, "ecdhp521") == 0)
ecdh_doit[R_EC_P521] = 2;
- else if (strcmp(*argv, "ecdhk163") == 0)
- ecdh_doit[R_EC_K163] = 2;
- else if (strcmp(*argv, "ecdhk233") == 0)
- ecdh_doit[R_EC_K233] = 2;
- else if (strcmp(*argv, "ecdhk283") == 0)
- ecdh_doit[R_EC_K283] = 2;
- else if (strcmp(*argv, "ecdhk409") == 0)
- ecdh_doit[R_EC_K409] = 2;
- else if (strcmp(*argv, "ecdhk571") == 0)
- ecdh_doit[R_EC_K571] = 2;
- else if (strcmp(*argv, "ecdhb163") == 0)
- ecdh_doit[R_EC_B163] = 2;
- else if (strcmp(*argv, "ecdhb233") == 0)
- ecdh_doit[R_EC_B233] = 2;
- else if (strcmp(*argv, "ecdhb283") == 0)
- ecdh_doit[R_EC_B283] = 2;
- else if (strcmp(*argv, "ecdhb409") == 0)
- ecdh_doit[R_EC_B409] = 2;
- else if (strcmp(*argv, "ecdhb571") == 0)
- ecdh_doit[R_EC_B571] = 2;
else if (strcmp(*argv, "ecdh") == 0) {
- for (i = 0; i < EC_NUM; i++)
+ for (i = R_EC_P224; i <= R_EC_P521; i++)
ecdh_doit[i] = 1;
} else
# endif
@@ -1149,21 +1103,13 @@ int MAIN(int argc, char **argv)
BIO_printf(bio_err, "dsa512 dsa1024 dsa2048\n");
# endif
# ifndef OPENSSL_NO_ECDSA
- BIO_printf(bio_err, "ecdsap160 ecdsap192 ecdsap224 "
+ BIO_printf(bio_err, "ecdsap224 "
"ecdsap256 ecdsap384 ecdsap521\n");
- BIO_printf(bio_err,
- "ecdsak163 ecdsak233 ecdsak283 ecdsak409 ecdsak571\n");
- BIO_printf(bio_err,
- "ecdsab163 ecdsab233 ecdsab283 ecdsab409 ecdsab571\n");
BIO_printf(bio_err, "ecdsa\n");
# endif
# ifndef OPENSSL_NO_ECDH
- BIO_printf(bio_err, "ecdhp160 ecdhp192 ecdhp224 "
+ BIO_printf(bio_err, "ecdhp224 "
"ecdhp256 ecdhp384 ecdhp521\n");
- BIO_printf(bio_err,
- "ecdhk163 ecdhk233 ecdhk283 ecdhk409 ecdhk571\n");
- BIO_printf(bio_err,
- "ecdhb163 ecdhb233 ecdhb283 ecdhb409 ecdhb571\n");
BIO_printf(bio_err, "ecdh\n");
# endif
@@ -1242,11 +1188,11 @@ int MAIN(int argc, char **argv)
for (i = 0; i < DSA_NUM; i++)
dsa_doit[i] = 1;
# ifndef OPENSSL_NO_ECDSA
- for (i = 0; i < EC_NUM; i++)
+ for (i = R_EC_P224; i <= R_EC_P521; i++)
ecdsa_doit[i] = 1;
# endif
# ifndef OPENSSL_NO_ECDH
- for (i = 0; i < EC_NUM; i++)
+ for (i = R_EC_P224; i <= R_EC_P521; i++)
ecdh_doit[i] = 1;
# endif
}
--- a/crypto/ec/ecp_smpl.c
+++ b/crypto/ec/ecp_smpl.c
@@ -187,6 +187,11 @@ int ec_GFp_simple_group_set_curve(EC_GROUP *group,
return 0;
}
+ if (BN_num_bits(p) < 224) {
+ ECerr(EC_F_EC_GFP_SIMPLE_GROUP_SET_CURVE, EC_R_UNSUPPORTED_FIELD);
+ return 0;
+ }
+
if (ctx == NULL) {
ctx = new_ctx = BN_CTX_new();
if (ctx == NULL)
--- a/crypto/ecdh/ecdhtest.c
+++ b/crypto/ecdh/ecdhtest.c
@@ -501,11 +501,13 @@ int main(int argc, char *argv[])
goto err;
/* NIST PRIME CURVES TESTS */
+# if 0
if (!test_ecdh_curve
(NID_X9_62_prime192v1, "NIST Prime-Curve P-192", ctx, out))
goto err;
if (!test_ecdh_curve(NID_secp224r1, "NIST Prime-Curve P-224", ctx, out))
goto err;
+# endif
if (!test_ecdh_curve
(NID_X9_62_prime256v1, "NIST Prime-Curve P-256", ctx, out))
goto err;
@@ -536,13 +538,14 @@ int main(int argc, char *argv[])
if (!test_ecdh_curve(NID_sect571r1, "NIST Binary-Curve B-571", ctx, out))
goto err;
# endif
+# if 0
if (!test_ecdh_kat(out, "Brainpool Prime-Curve brainpoolP256r1", 256))
goto err;
if (!test_ecdh_kat(out, "Brainpool Prime-Curve brainpoolP384r1", 384))
goto err;
if (!test_ecdh_kat(out, "Brainpool Prime-Curve brainpoolP512r1", 512))
goto err;
-
+# endif
ret = 0;
err:
--- a/crypto/ecdsa/ecdsatest.c
+++ b/crypto/ecdsa/ecdsatest.c
@@ -138,9 +138,12 @@ int restore_rand(void)
}
static int fbytes_counter = 0, use_fake = 0;
-static const char *numbers[8] = {
+static const char *numbers[10] = {
+ "651056770906015076056810763456358567190100156695615665659",
"651056770906015076056810763456358567190100156695615665659",
"6140507067065001063065065565667405560006161556565665656654",
+ "8763001015071075675010661307616710783570106710677817767166"
+ "71676178726717",
"8763001015071075675010661307616710783570106710677817767166"
"71676178726717",
"7000000175690566466555057817571571075705015757757057795755"
@@ -163,7 +166,7 @@ int fbytes(unsigned char *buf, int num)
use_fake = 0;
- if (fbytes_counter >= 8)
+ if (fbytes_counter >= 10)
return 0;
tmp = BN_new();
if (!tmp)
@@ -539,8 +542,10 @@ int main(void)
RAND_seed(rnd_seed, sizeof(rnd_seed));
/* the tests */
+# if 0
if (!x9_62_tests(out))
goto err;
+# endif
if (!test_builtin(out))
goto err;
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -271,10 +271,7 @@ static const unsigned char eccurves_auto[] = {
0, 23, /* secp256r1 (23) */
/* Other >= 256-bit prime curves. */
0, 25, /* secp521r1 (25) */
- 0, 28, /* brainpool512r1 (28) */
- 0, 27, /* brainpoolP384r1 (27) */
0, 24, /* secp384r1 (24) */
- 0, 26, /* brainpoolP256r1 (26) */
0, 22, /* secp256k1 (22) */
# ifndef OPENSSL_NO_EC2M
/* >= 256-bit binary curves. */
@@ -292,10 +289,7 @@ static const unsigned char eccurves_all[] = {
0, 23, /* secp256r1 (23) */
/* Other >= 256-bit prime curves. */
0, 25, /* secp521r1 (25) */
- 0, 28, /* brainpool512r1 (28) */
- 0, 27, /* brainpoolP384r1 (27) */
0, 24, /* secp384r1 (24) */
- 0, 26, /* brainpoolP256r1 (26) */
0, 22, /* secp256k1 (22) */
# ifndef OPENSSL_NO_EC2M
/* >= 256-bit binary curves. */
@@ -310,13 +304,6 @@ static const unsigned char eccurves_all[] = {
* Remaining curves disabled by default but still permitted if set
* via an explicit callback or parameters.
*/
- 0, 20, /* secp224k1 (20) */
- 0, 21, /* secp224r1 (21) */
- 0, 18, /* secp192k1 (18) */
- 0, 19, /* secp192r1 (19) */
- 0, 15, /* secp160k1 (15) */
- 0, 16, /* secp160r1 (16) */
- 0, 17, /* secp160r2 (17) */
# ifndef OPENSSL_NO_EC2M
0, 8, /* sect239k1 (8) */
0, 6, /* sect233k1 (6) */
@@ -351,29 +338,21 @@ static const unsigned char fips_curves_default[] = {
0, 9, /* sect283k1 (9) */
0, 10, /* sect283r1 (10) */
# endif
- 0, 22, /* secp256k1 (22) */
0, 23, /* secp256r1 (23) */
# ifndef OPENSSL_NO_EC2M
0, 8, /* sect239k1 (8) */
0, 6, /* sect233k1 (6) */
0, 7, /* sect233r1 (7) */
# endif
- 0, 20, /* secp224k1 (20) */
- 0, 21, /* secp224r1 (21) */
# ifndef OPENSSL_NO_EC2M
0, 4, /* sect193r1 (4) */
0, 5, /* sect193r2 (5) */
# endif
- 0, 18, /* secp192k1 (18) */
- 0, 19, /* secp192r1 (19) */
# ifndef OPENSSL_NO_EC2M
0, 1, /* sect163k1 (1) */
0, 2, /* sect163r1 (2) */
0, 3, /* sect163r2 (3) */
# endif
- 0, 15, /* secp160k1 (15) */
- 0, 16, /* secp160r1 (16) */
- 0, 17, /* secp160r2 (17) */
};
# endif

21
sdk_container/src/third_party/coreos-overlay/dev-libs/openssl/files/openssl-1.1.0j-parallel_install_fix.patch vendored Normal file
View File

@ -0,0 +1,21 @@
https://github.com/openssl/openssl/issues/7679
--- a/Configurations/unix-Makefile.tmpl
+++ b/Configurations/unix-Makefile.tmpl
@@ -77,8 +77,14 @@
# to. You're welcome.
sub dependmagic {
my $target = shift;
-
- return "$target: build_generated\n\t\$(MAKE) depend && \$(MAKE) _$target\n_$target";
+ my $magic = <<"_____";
+$target: build_generated depend
+ \$(MAKE) _$target
+_$target
+_____
+ # Remove line ending
+ $magic =~ s|\R$||;
+ return $magic;
}
'';
-}

149
sdk_container/src/third_party/coreos-overlay/dev-libs/openssl/openssl-1.0.2u.ebuild → sdk_container/src/third_party/coreos-overlay/dev-libs/openssl/openssl-1.1.1g.ebuild vendored
View File

@ -1,3 +1,6 @@
# Difference to upstream from ./update_ebuilds:
# - Ported changes from 7b591fb2e0ec7a0f9fe43218f9196d825b5f9653
#
# Copyright 1999-2020 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
@ -5,21 +8,16 @@ EAPI="7"
inherit flag-o-matic toolchain-funcs multilib multilib-minimal systemd
# openssl-1.0.2-patches-1.6 contain additional CVE patches
# which got fixed with this release.
# Please use 1.7 version number when rolling a new tarball!
PATCH_SET="openssl-1.0.2-patches-1.5"
MY_P=${P/_/-}
# This patch set is based on the following files from Fedora 25,
# see https://src.fedoraproject.org/rpms/openssl/blob/25/f/openssl.spec
# This patch set is based on the following files from Fedora 31,
# see https://src.fedoraproject.org/rpms/openssl/blob/f31/f/openssl.spec
# for more details:
# - hobble-openssl (SOURCE1)
# - ec_curve.c (SOURCE12) -- MODIFIED
# - ectest.c (SOURCE13)
# - openssl-1.1.1-ec-curves.patch (PATCH37) -- MODIFIED
BINDIST_PATCH_SET="openssl-1.0.2t-bindist-1.0.tar.xz"
BINDIST_PATCH_SET="openssl-1.1.1e-bindist-1.0.tar.xz"
DESCRIPTION="full-strength general purpose cryptography library (including SSL and TLS)"
HOMEPAGE="https://www.openssl.org/"
@ -27,24 +25,17 @@ SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
bindist? (
mirror://gentoo/${BINDIST_PATCH_SET}
https://dev.gentoo.org/~whissi/dist/openssl/${BINDIST_PATCH_SET}
)
!vanilla? (
mirror://gentoo/${PATCH_SET}.tar.xz
https://dev.gentoo.org/~chutzpah/dist/${PN}/${PATCH_SET}.tar.xz
https://dev.gentoo.org/~whissi/dist/${PN}/${PATCH_SET}.tar.xz
https://dev.gentoo.org/~polynomial-c/dist/${PATCH_SET}.tar.xz
)"
LICENSE="openssl"
SLOT="0"
SLOT="0/1.1" # .so version of libssl/libcrypto
[[ "${PV}" = *_pre* ]] || \
KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~m68k ~mips ppc ppc64 ~riscv s390 sparc x86 ~x86-linux"
IUSE="+asm bindist gmp kerberos rfc3779 sctp cpu_flags_x86_sse2 sslv2 +sslv3 static-libs test +tls-heartbeat vanilla zlib"
IUSE="+asm bindist elibc_musl rfc3779 sctp cpu_flags_x86_sse2 sslv3 static-libs test tls-heartbeat vanilla zlib"
RESTRICT="!bindist? ( bindist )
!test? ( test )"
RDEPEND=">=app-misc/c_rehash-1.7-r1
gmp? ( >=dev-libs/gmp-5.1.3-r1[static-libs(+)?,${MULTILIB_USEDEP}] )
kerberos? ( >=app-crypt/mit-krb5-1.11.4[${MULTILIB_USEDEP}] )
zlib? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] )"
DEPEND="${RDEPEND}"
BDEPEND="
@ -53,29 +44,64 @@ BDEPEND="
test? (
sys-apps/diffutils
sys-devel/bc
sys-process/procps
)"
PDEPEND="app-misc/ca-certificates"
PATCHES=(
"${FILESDIR}"/${PN}-1.1.0j-parallel_install_fix.patch #671602
)
S="${WORKDIR}/${MY_P}"
# force upgrade to prevent broken login, bug 696950
RDEPEND+=" !<net-misc/openssh-8.0_p1-r3"
MULTILIB_WRAPPED_HEADERS=(
usr/include/openssl/opensslconf.h
)
pkg_setup() {
[[ ${MERGE_TYPE} == binary ]] && return
# must check in pkg_setup; sysctl don't work with userpriv!
if has test ${FEATURES} && use sctp; then
# test_ssl_new will fail with "Ensure SCTP AUTH chunks are enabled in kernel"
# if sctp.auth_enable is not enabled.
local sctp_auth_status=$(sysctl -n net.sctp.auth_enable 2>/dev/null)
if [[ -z "${sctp_auth_status}" ]] || [[ ${sctp_auth_status} != 1 ]]; then
die "FEATURES=test with USE=sctp requires net.sctp.auth_enable=1!"
fi
fi
}
src_prepare() {
# allow openssl to be cross-compiled
cp "${FILESDIR}"/gentoo.config-1.0.2 gentoo.config || die
chmod a+rx gentoo.config || die
if use bindist; then
mv "${WORKDIR}"/bindist-patches/hobble-openssl "${WORKDIR}" || die
bash "${WORKDIR}"/hobble-openssl || die
cp -f "${WORKDIR}"/bindist-patches/ec_curve.c "${S}"/crypto/ec/ || die
cp -f "${WORKDIR}"/bindist-patches/ectest.c "${S}"/crypto/ec/ || die
cp -f "${WORKDIR}"/bindist-patches/ectest.c "${S}"/test/ || die
eapply "${WORKDIR}"/bindist-patches/ec-curves.patch
local known_failing_test
for known_failing_test in \
30-test_evp_extra.t \
80-test_ssl_new.t \
; do
ebegin "Disabling test '${known_failing_test}' which is known to fail with USE=bindist"
rm test/recipes/${known_failing_test} || die
eend $?
done
# Also see the configure parts below:
# enable-ec \
# $(use_ssl !bindist ec2m) \
# $(use_ssl !bindist srp) \
fi
# keep this in sync with app-misc/c_rehash
@ -86,46 +112,51 @@ src_prepare() {
rm -f Makefile
if ! use vanilla ; then
eapply "${WORKDIR}"/patch/*.patch
if [[ $(declare -p PATCHES 2>/dev/null) == "declare -a"* ]] ; then
[[ ${#PATCHES[@]} -gt 0 ]] && eapply "${PATCHES[@]}"
fi
fi
eapply_user
eapply_user #332661
if has test ${FEATURES} && use sctp && has network-sandbox ${FEATURES}; then
ebegin "Disabling test '80-test_ssl_new.t' which is known to fail with FEATURES=network-sandbox"
rm test/recipes/80-test_ssl_new.t || die
eend $?
fi
# disable fips in the build
# make sure the man pages are suffixed #302165
# don't bother building man pages if they're disabled
# Make DOCDIR Gentoo compliant
sed -i \
-e '/DIRS/s: fips : :g' \
-e '/^MANSUFFIX/s:=.*:=ssl:' \
-e '/^MAKEDEPPROG/s:=.*:=$(CC):' \
-e $(has noman FEATURES \
&& echo '/^install:/s:install_docs::' \
|| echo '/^MANDIR=/s:=.*:='${EPREFIX}'/usr/share/man:') \
Makefile.org \
-e "/^DOCDIR/s@\$(BASENAME)@&-${PVR}@" \
Configurations/unix-Makefile.tmpl \
|| die
# show the actual commands in the log
sed -i '/^SET_X/s:=.*:=set -x:' Makefile.shared
# since we're forcing $(CC) as makedep anyway, just fix
# the conditional as always-on
# helps clang (#417795), and versioned gcc (#499818)
# this breaks build with 1.0.2p, not sure if it is needed anymore
#sed -i 's/expr.*MAKEDEPEND.*;/true;/' util/domd || die
# quiet out unknown driver argument warnings since openssl
# doesn't have well-split CFLAGS and we're making it even worse
# and 'make depend' uses -Werror for added fun (#417795 again)
[[ ${CC} == *clang* ]] && append-flags -Qunused-arguments
# allow openssl to be cross-compiled
cp "${FILESDIR}"/gentoo.config-1.0.2 gentoo.config || die
chmod a+rx gentoo.config || die
append-flags -fno-strict-aliasing
append-flags $(test-flags-CC -Wa,--noexecstack)
append-cppflags -DOPENSSL_NO_BUF_FREELISTS
sed -i '1s,^:$,#!'${EPREFIX}'/usr/bin/perl,' Configure #141906
# Prefixify Configure shebang (#141906)
sed \
-e "1s,/usr/bin/env,${EPREFIX}&," \
-i Configure || die
# Remove test target when FEATURES=test isn't set
if ! use test ; then
sed \
-e '/^$config{dirs}/s@ "test",@@' \
-i Configure || die
fi
# The config script does stupid stuff to prompt the user. Kill it.
sed -i '/stty -icanon min 0 time 50; read waste/d' config || die
./config --test-sanity || die "I AM NOT SANE"
@ -163,18 +194,15 @@ multilib_src_configure() {
# fi
#fi
# https://github.com/openssl/openssl/issues/2286
if use ia64 ; then
replace-flags -g3 -g2
replace-flags -ggdb3 -ggdb2
fi
local sslout=$(./gentoo.config)
einfo "Use configuration ${sslout:-(openssl knows best)}"
local config="Configure"
[[ -z ${sslout} ]] && config="config"
# Fedora hobbled-EC needs 'no-ec2m', 'no-srp'
# Fedora hobbled-EC needs 'no-ec2m'
# 'srp' was restricted until early 2017 as well.
# "disable-deprecated" option breaks too many consumers.
# Don't set it without thorough revdeps testing.
# Make sure user flags don't get added *yet* to avoid duplicated
# flags.
CFLAGS= LDFLAGS= echoit \
@ -184,19 +212,17 @@ multilib_src_configure() {
enable-camellia \
enable-ec \
$(use_ssl !bindist ec2m) \
$(use_ssl !bindist srp) \
enable-srp \
$(use elibc_musl && echo "no-async") \
${ec_nistp_64_gcc_128} \
enable-idea \
enable-mdc2 \
enable-rc5 \
enable-tlsext \
$(use_ssl sslv3 ssl3) \
$(use_ssl sslv3 ssl3-method) \
$(use_ssl asm) \
$(use_ssl gmp gmp -lgmp) \
$(use_ssl kerberos krb5 --with-krb5-flavor=${krb5}) \
$(use_ssl rfc3779) \
$(use_ssl sctp) \
$(use_ssl sslv2 ssl2) \
$(use_ssl sslv3 ssl3) \
$(use_ssl tls-heartbeat heartbeats) \
$(use_ssl zlib) \
--prefix="${EPREFIX}"/usr \
@ -206,8 +232,8 @@ multilib_src_configure() {
|| die
# Clean out hardcoded flags that openssl uses
local DEFAULT_CFLAGS=$(grep ^CFLAG= Makefile | LC_ALL=C sed \
-e 's:^CFLAG=::' \
local DEFAULT_CFLAGS=$(grep ^CFLAGS= Makefile | LC_ALL=C sed \
-e 's:^CFLAGS=::' \
-e 's:\(^\| \)-fomit-frame-pointer::g' \
-e 's:\(^\| \)-O[^ ]*::g' \
-e 's:\(^\| \)-march=[^ ]*::g' \
@ -221,7 +247,7 @@ multilib_src_configure() {
# Now insert clean default flags with user flags
sed -i \
-e "/^CFLAG/s|=.*|=${DEFAULT_CFLAGS} ${CFLAGS}|" \
-e "/^CFLAGS=/s|=.*|=${DEFAULT_CFLAGS} ${CFLAGS}|" \
-e "/^LDFLAGS=/s|=[[:space:]]*$|=${LDFLAGS}|" \
Makefile || die
}
@ -229,11 +255,8 @@ multilib_src_configure() {
multilib_src_compile() {
# depend is needed to use $confopts; it also doesn't matter
# that it's -j1 as the code itself serializes subdirs
emake -j1 V=1 depend
emake -j1 depend
emake all
# rehash is needed to prep the certs/ dir; do this
# separately to avoid parallel build issues.
emake rehash
}
multilib_src_test() {
@ -247,7 +270,7 @@ multilib_src_install() {
mkdir "${ED}"/usr || die
fi
emake INSTALL_PREFIX="${D}" install
emake DESTDIR="${D}" install
}
multilib_src_install_all() {
@ -255,10 +278,7 @@ multilib_src_install_all() {
# we provide a shell version via app-misc/c_rehash
rm "${ED}"/usr/bin/c_rehash || die
local -a DOCS=( CHANGES* FAQ NEWS README doc/*.txt doc/c-indentation.el )
einstalldocs
use rfc3779 && dodoc engines/ccgost/README.gost
dodoc CHANGES* FAQ NEWS README doc/*.txt doc/${PN}-c-indent.el
# This is crappy in that the static archives are still built even
# when USE=static-libs. But this is due to a failing in the openssl
@ -268,7 +288,7 @@ multilib_src_install_all() {
use static-libs || rm -f "${ED}"/usr/lib*/lib*.a
# Namespace openssl programs to prevent conflicts with other man pages
cd "${ED}"/usr/share/man
cd "${ED}"/usr/share/man || die
local m d s
for m in $(find . -type f | xargs grep -L '#include') ; do
d=${m%/*} ; d=${d#./} ; m=${m##*/}
@ -283,6 +303,7 @@ multilib_src_install_all() {
for s in $(find -L ${d} -type l) ; do
s=${s##*/}
rm -f ${d}/${s}
# We don't want to "|| die" here
ln -s ssl-${m} ${d}/ssl-${s}
ln -s ssl-${s} ${d}/openssl-${s}
done

6
sdk_container/src/third_party/coreos-overlay/net-misc/openssh/Manifest vendored
View File

@ -2,6 +2,12 @@ DIST openssh-8.1_p1-glibc-2.31-patches.tar.xz 1752 BLAKE2B ccab53069c0058be7ba78
DIST openssh-8.1p1+x509-12.3.diff.gz 689934 BLAKE2B 57a302a25bec1d630b9c36f74ab490e11c97f9bcbaf8f527e46ae7fd5bade19feb3d8853079870b5c08b70a55e289cf4bf7981c11983973fa588841aeb21e650 SHA512 8d7c321423940f5a78a51a25ad5373f5db17a4a8ca7e85041e503998e0823ad22068bc652e907e9f5787858d45ce438a4bba18240fa72e088eb10b903e96b192
DIST openssh-8.1p1-sctp-1.2.patch.xz 7672 BLAKE2B f1aa0713fcb114d8774bd8d524d106401a9d7c2c73a05fbde200ccbdd2562b3636ddd2d0bc3eae9f04b4d7c729c3dafd814ae8c530a76c4a0190fae71d1edcd2 SHA512 2bffab0bbae5a4c1875e0cc229bfd83d8565bd831309158cd489d8b877556c69b936243888a181bd9ff302e19f2c174156781574294d260b6384c464d003d566
DIST openssh-8.1p1.tar.gz 1625894 BLAKE2B d525be921a6f49420a58df5ac434d43a0c85e0f6bf8428ecebf04117c50f473185933e6e4485e506ac614f71887a513b9962d7b47969ba785da8e3a38f767322 SHA512 b987ea4ffd4ab0c94110723860273b06ed8ffb4d21cbd99ca144a4722dc55f4bf86f6253d500386b6bee7af50f066e2aa2dd095d50746509a10e11221d39d925
DIST openssh-8.2p1+x509-12.4.3.diff.gz 806905 BLAKE2B 8e0f0f3eeb2aafd9fc9e6eca80c0b51ffedbed9dfc46ff73bb1becd28f6ac013407d03107b59da05d9d56edbf283eef20891086867b79efd8aab81c3e9a4a32f SHA512 51117d7e4df2ff78c4fdfd08c2bb8f1739b1db064df65bab3872e1a956c277a4736c511794aa399061058fea666a76ee07bb50d83a0d077b7fa572d02c030b91
DIST openssh-8.2p1-sctp-1.2.patch.xz 7668 BLAKE2B 717487cffd235a5dfa2d9d3f2c1983f410d400b0d23f71a9b74406ac3d2f448d76381a3b7a3244942bff4e6bdc3bc78d148b9949c78dc297d99c7330179f8176 SHA512 a5fbd827e62e91b762062a29c7bc3bf569a202bdc8c91da7d77566ff8bb958b5b9fb6f8d45df586e0d7ac07a83de6e82996e9c5cdd6b3bf43336c420d3099305
DIST openssh-8.2p1.tar.gz 1701197 BLAKE2B 8b95cdebc87e8d14f655ed13c12b91b122adf47161071aa81d0763f81b12fe4bc3d409c260783d995307d4e4ed2d16080fd74b15e4dc6dcc5648d7e66720c3ed SHA512 c4db64e52a3a4c410de9de49f9cb104dd493b10250af3599b92457dd986277b3fd99a6f51cec94892fd1be5bd0369c5757262ea7805f0de464b245c3d34c120a
DIST openssh-8.3p1+x509-12.5.1.diff.gz 803054 BLAKE2B ec88959b4e3328e70d6f136f3d5bebced2e555de3ea40f55c535ca8a30a0eed84d177ad966e5bda46e1fc61d42141b13e96d068f5abfd069ae81b131dfb5a66c SHA512 28166a1a1aeff0c65f36263c0009e82cda81fc8f4efe3d11fabd0312d199a4f935476cf7074fbce68787d2fec0fd42f00fef383bf856a5767ce9d0ca6bbc8ef0
DIST openssh-8.3p1-sctp-1.2.patch.xz 7668 BLAKE2B abbc65253d842c09a04811bdbafc175c5226996cdd190812b47ce9646853cd5c1b21d733e719b481cce9c7f4dc00894b6d6be732e311850963df23b9dc55a0e6 SHA512 4e0cc1707663f902dfbf331a431325da78759cc757a4aaae33e0c7f64f21830ec805168d8ae4d47a65a20c235fa534679e288f922df2b24655b7d1ee9a3bf014
DIST openssh-8.3p1.tar.gz 1706358 BLAKE2B 0b53d92caa4a0f4cb40eee671ac889753d320b7c8e44df159a81dd8163c3663f07fa648f5dc506fb27d31893acf9701b997598c50bf204acf54172d72825a4d8 SHA512 b5232f7c85bf59ae2ff9d17b030117012e257e3b8c0d5ac60bb139a85b1fbf298b40f2e04203a2e13ca7273053ed668b9dedd54d3a67a7cb8e8e58c0228c5f40
DIST openssh-8_1_P1-hpn-AES-CTR-14.20.diff 29935 BLAKE2B 79101c43601e41306c957481c0680a63357d93bededdf12a32229d50acd9c1f46a386cbb91282e9e7d7bb26a9f276f5a675fd2de7662b7cbd073322b172d3bca SHA512 94f011b7e654630e968a378375aa54fa1fde087b4426d0f2225813262e6667a1073814d6a83e9005f97b371c536e462e614bfe726b092ffed8229791592ca221
DIST openssh-8_1_P1-hpn-DynWinNoneSwitch-14.20.diff 42696 BLAKE2B d8ac7fa1a4e4d1877acdedeaee80172da469b5a62d0aaa43d6ed46c578e7893577b9d563835d89ca2044867fc561ad3f562bf504c025cf4c78421cf3d24397e9 SHA512 768db7cca8839df4441afcb08457d13d32625b31859da527c3d7f1a92d17a4ec81d6987db00879c394bbe59589e57b10bfd98899a167ffed65ab367b1fd08739
DIST openssh-8_1_P1-hpn-PeakTput-14.20.diff 2012 BLAKE2B e42c43128f1d82b4de1517e6a9219947da03cecb607f1bc45f0728547f17601a6ce2ec819b6434890efd19ceaf4d20cb98183596ab5ee79e104a52cda7db9cdc SHA512 238f9419efd3be80bd700f6ae7e210e522d747c363c4e670364f5191f144ae3aa8d1b1539c0bf87b3de36743aa73e8101c53c0ef1c6472d209569be389e7814d

111
sdk_container/src/third_party/coreos-overlay/net-misc/openssh/files/openssh-8.0_p1-hpn-14.20-X509-glue.patch vendored Normal file
View File

@ -0,0 +1,111 @@
diff -ur a/openssh-8_1_P1-hpn-AES-CTR-14.20.diff b/openssh-8_1_P1-hpn-AES-CTR-14.20.diff
--- a/openssh-8_1_P1-hpn-AES-CTR-14.20.diff 2020-02-04 15:49:15.746095444 -0800
+++ b/openssh-8_1_P1-hpn-AES-CTR-14.20.diff 2020-02-04 15:49:54.181853707 -0800
@@ -4,8 +4,8 @@
+++ b/Makefile.in
@@ -42,7 +42,7 @@ CC=@CC@
LD=@LD@
- CFLAGS=@CFLAGS@
- CPPFLAGS=-I. -I$(srcdir) @CPPFLAGS@ $(PATHS) @DEFS@
+ CFLAGS=@CFLAGS@ $(CFLAGS_EXTRA)
+ CPPFLAGS=-I. -I$(srcdir) @CPPFLAGS@ @LDAP_CPPFLAGS@ $(PATHS) @DEFS@
-LIBS=@LIBS@
+LIBS=@LIBS@ -lpthread
K5LIBS=@K5LIBS@
@@ -803,8 +803,8 @@
ssh_packet_set_connection(struct ssh *ssh, int fd_in, int fd_out)
{
struct session_state *state;
-- const struct sshcipher *none = cipher_by_name("none");
-+ struct sshcipher *none = cipher_by_name("none");
+- const struct sshcipher *none = cipher_none();
++ struct sshcipher *none = cipher_none();
int r;
if (none == NULL) {
@@ -948,9 +948,9 @@
/* Portable-specific options */
sUsePAM,
+ sDisableMTAES,
- /* Standard Options */
- sPort, sHostKeyFile, sLoginGraceTime,
- sPermitRootLogin, sLogFacility, sLogLevel,
+ /* X.509 Standard Options */
+ sHostbasedAlgorithms,
+ sPubkeyAlgorithms,
@@ -643,6 +647,7 @@ static struct {
{ "trustedusercakeys", sTrustedUserCAKeys, SSHCFG_ALL },
{ "authorizedprincipalsfile", sAuthorizedPrincipalsFile, SSHCFG_ALL },
diff -ur a/openssh-8_1_P1-hpn-DynWinNoneSwitch-14.20.diff b/openssh-8_1_P1-hpn-DynWinNoneSwitch-14.20.diff
--- a/openssh-8_1_P1-hpn-DynWinNoneSwitch-14.20.diff 2020-02-04 15:41:42.512910357 -0800
+++ b/openssh-8_1_P1-hpn-DynWinNoneSwitch-14.20.diff 2020-02-04 15:56:40.323299499 -0800
@@ -382,7 +382,7 @@
@@ -884,6 +884,10 @@ kex_choose_conf(struct ssh *ssh)
int nenc, nmac, ncomp;
u_int mode, ctos, need, dh_need, authlen;
- int r, first_kex_follows;
+ int r, first_kex_follows = 0;
+ int auth_flag;
+
+ auth_flag = packet_authentication_state(ssh);
@@ -391,8 +391,8 @@
debug2("local %s KEXINIT proposal", kex->server ? "server" : "client");
if ((r = kex_buf2prop(kex->my, NULL, &my)) != 0)
@@ -954,6 +958,14 @@ kex_choose_conf(struct ssh *ssh)
- peer[ncomp] = NULL;
- goto out;
+ else
+ fatal("Pre-authentication none cipher requests are not allowed.");
}
+ debug("REQUESTED ENC.NAME is '%s'", newkeys->enc.name);
+ if (strcmp(newkeys->enc.name, "none") == 0) {
@@ -1169,15 +1169,3 @@
# Example of overriding settings on a per-user basis
#Match User anoncvs
# X11Forwarding no
-diff --git a/version.h b/version.h
-index 6b3fadf8..ec1d2e27 100644
---- a/version.h
-+++ b/version.h
-@@ -3,4 +3,6 @@
- #define SSH_VERSION "OpenSSH_8.1"
-
- #define SSH_PORTABLE "p1"
--#define SSH_RELEASE SSH_VERSION SSH_PORTABLE
-+#define SSH_HPN "-hpn14v20"
-+#define SSH_RELEASE SSH_VERSION SSH_PORTABLE SSH_HPN
-+
diff -ur a/openssh-8_1_P1-hpn-PeakTput-14.20.diff b/openssh-8_1_P1-hpn-PeakTput-14.20.diff
--- a/openssh-8_1_P1-hpn-PeakTput-14.20.diff 2020-02-04 15:41:42.512910357 -0800
+++ b/openssh-8_1_P1-hpn-PeakTput-14.20.diff 2020-02-04 16:02:42.203023609 -0800
@@ -12,9 +12,9 @@
static long stalled; /* how long we have been stalled */
static int bytes_per_second; /* current speed in bytes per second */
@@ -127,6 +129,7 @@ refresh_progress_meter(int force_update)
+ off_t bytes_left;
int cur_speed;
- int hours, minutes, seconds;
- int file_len;
+ int len;
+ off_t delta_pos;
if ((!force_update && !alarm_fired && !win_resized) || !can_output())
@@ -33,12 +33,12 @@
@@ -166,7 +173,7 @@ refresh_progress_meter(int force_update)
/* filename */
- buf[0] = '\0';
-- file_len = win_size - 36;
-+ file_len = win_size - 45;
- if (file_len > 0) {
- buf[0] = '\r';
- snmprintf(buf+1, sizeof(buf)-1, &file_len, "%-*s",
+ if (win_size > 36) {
+- int file_len = win_size - 36;
++ int file_len = win_size - 45;
+ snmprintf(buf+1, sizeof(buf)-1, &file_len, "%-*s ",
+ file_len, file);
+ }
@@ -191,6 +198,15 @@ refresh_progress_meter(int force_update)
(off_t)bytes_per_second);
strlcat(buf, "/s ", win_size);

114
sdk_container/src/third_party/coreos-overlay/net-misc/openssh/files/openssh-8.0_p1-hpn-X509-glue.patch vendored
View File

@ -1,114 +0,0 @@
--- a/openssh-7_8_P1-hpn-DynWinNoneSwitch-14.16.diff 2019-04-18 17:07:59.413376785 -0700
+++ b/openssh-7_8_P1-hpn-DynWinNoneSwitch-14.16.diff 2019-04-18 20:05:12.622588051 -0700
@@ -382,7 +382,7 @@
@@ -822,6 +822,10 @@ kex_choose_conf(struct ssh *ssh)
int nenc, nmac, ncomp;
u_int mode, ctos, need, dh_need, authlen;
- int r, first_kex_follows;
+ int r, first_kex_follows = 0;
+ int auth_flag;
+
+ auth_flag = packet_authentication_state(ssh);
@@ -441,6 +441,39 @@
int ssh_packet_get_state(struct ssh *, struct sshbuf *);
int ssh_packet_set_state(struct ssh *, struct sshbuf *);
+diff --git a/packet.c b/packet.c
+index dcf35e6..9433f08 100644
+--- a/packet.c
++++ b/packet.c
+@@ -920,6 +920,14 @@ ssh_set_newkeys(struct ssh *ssh, int mode)
+ return 0;
+ }
+
++/* this supports the forced rekeying required for the NONE cipher */
++int rekey_requested = 0;
++void
++packet_request_rekeying(void)
++{
++ rekey_requested = 1;
++}
++
+ #define MAX_PACKETS (1U<<31)
+ static int
+ ssh_packet_need_rekeying(struct ssh *ssh, u_int outbound_packet_len)
+@@ -946,6 +954,13 @@ ssh_packet_need_rekeying(struct ssh *ssh, u_int outbound_packet_len)
+ if (state->p_send.packets == 0 && state->p_read.packets == 0)
+ return 0;
+
++ /* used to force rekeying when called for by the none
++ * cipher switch and aes-mt-ctr methods -cjr */
++ if (rekey_requested == 1) {
++ rekey_requested = 0;
++ return 1;
++ }
++
+ /* Time-based rekeying */
+ if (state->rekey_interval != 0 &&
+ (int64_t)state->rekey_time + state->rekey_interval <= monotime())
diff --git a/readconf.c b/readconf.c
index db5f2d5..33f18c9 100644
--- a/readconf.c
@@ -453,10 +486,9 @@
/* Format of the configuration file:
-@@ -166,6 +167,8 @@ typedef enum {
+@@ -166,5 +167,7 @@ typedef enum {
oTunnel, oTunnelDevice,
oLocalCommand, oPermitLocalCommand, oRemoteCommand,
- oDisableMTAES,
+ oTcpRcvBufPoll, oTcpRcvBuf, oHPNDisabled, oHPNBufferSize,
+ oNoneEnabled, oNoneSwitch,
oVisualHostKey,
@@ -592,10 +624,9 @@
int ip_qos_interactive; /* IP ToS/DSCP/class for interactive */
int ip_qos_bulk; /* IP ToS/DSCP/class for bulk traffic */
SyslogFacility log_facility; /* Facility for system logging. */
-@@ -111,7 +115,10 @@ typedef struct {
+@@ -111,6 +115,9 @@ typedef struct {
int enable_ssh_keysign;
int64_t rekey_limit;
- int disable_multithreaded; /*disable multithreaded aes-ctr*/
+ int none_switch; /* Use none cipher */
+ int none_enabled; /* Allow none to be used */
int rekey_interval;
@@ -650,10 +681,8 @@
/* Portable-specific options */
if (options->use_pam == -1)
-@@ -391,6 +400,43 @@ fill_default_server_options(ServerOptions *options)
+@@ -391,4 +400,41 @@ fill_default_server_options(ServerOptions *options)
options->permit_tun = SSH_TUNMODE_NO;
- if (options->disable_multithreaded == -1)
- options->disable_multithreaded = 0;
+ if (options->none_enabled == -1)
+ options->none_enabled = 0;
+ if (options->hpn_disabled == -1)
@@ -1095,9 +1124,9 @@
+ fprintf(stderr, "NONE cipher switch disabled when a TTY is allocated\n");
+ }
+ }
+ debug("Authentication succeeded (%s).", authctxt.method->name);
+ }
- #ifdef WITH_OPENSSL
- if (options.disable_multithreaded == 0) {
diff --git a/sshd.c b/sshd.c
index a738c3a..b32dbe0 100644
--- a/sshd.c
@@ -1181,14 +1210,3 @@
# Example of overriding settings on a per-user basis
#Match User anoncvs
# X11Forwarding no
-diff --git a/version.h b/version.h
-index f1bbf00..21a70c2 100644
---- a/version.h
-+++ b/version.h
-@@ -3,4 +3,5 @@
- #define SSH_VERSION "OpenSSH_7.8"
-
- #define SSH_PORTABLE "p1"
--#define SSH_RELEASE SSH_VERSION SSH_PORTABLE
-+#define SSH_RELEASE SSH_VERSION SSH_PORTABLE SSH_HPN
-+

11
sdk_container/src/third_party/coreos-overlay/net-misc/openssh/files/openssh-8.1_p1-X509-12.3-tests.patch vendored Normal file
View File

@ -0,0 +1,11 @@
--- a/openbsd-compat/regress/Makefile.in 2019-06-17 10:59:01.210601434 -0700
+++ b/openbsd-compat/regress/Makefile.in 2019-06-17 10:59:18.753485852 -0700
@@ -7,7 +7,7 @@
CC=@CC@
LD=@LD@
CFLAGS=@CFLAGS@
-CPPFLAGS=-I. -I.. -I$(srcdir) -I$(srcdir)/.. @CPPFLAGS@ @DEFS@
+CPPFLAGS=-I. -I.. -I../.. -I$(srcdir) -I$(srcdir)/.. @CPPFLAGS@ @DEFS@
EXEEXT=@EXEEXT@
LIBCOMPAT=../libopenbsd-compat.a
LIBS=@LIBS@

35
sdk_container/src/third_party/coreos-overlay/net-misc/openssh/files/openssh-8.1_p1-X509-glue-12.3.patch vendored Normal file
View File

@ -0,0 +1,35 @@
Only in b: .openssh-8.1p1+x509-12.3.diff.un~
diff -ur a/openssh-8.1p1+x509-12.3.diff b/openssh-8.1p1+x509-12.3.diff
--- a/openssh-8.1p1+x509-12.3.diff 2019-10-14 11:33:45.796485604 -0700
+++ b/openssh-8.1p1+x509-12.3.diff 2019-10-14 11:39:44.960312587 -0700
@@ -35343,12 +35343,11 @@
install: $(CONFIGFILES) $(MANPAGES) $(TARGETS) install-files install-sysconf host-key check-config
install-nokeys: $(CONFIGFILES) $(MANPAGES) $(TARGETS) install-files install-sysconf
-@@ -339,6 +360,8 @@
+@@ -339,6 +360,7 @@
$(MKDIR_P) $(DESTDIR)$(mandir)/$(mansubdir)5
$(MKDIR_P) $(DESTDIR)$(mandir)/$(mansubdir)8
$(MKDIR_P) $(DESTDIR)$(libexecdir)
+ $(MKDIR_P) $(DESTDIR)$(sshcadir)
-+ $(MKDIR_P) $(DESTDIR)$(piddir)
$(MKDIR_P) -m 0755 $(DESTDIR)$(PRIVSEP_PATH)
$(INSTALL) -m 0755 $(STRIP_OPT) ssh$(EXEEXT) $(DESTDIR)$(bindir)/ssh$(EXEEXT)
$(INSTALL) -m 0755 $(STRIP_OPT) scp$(EXEEXT) $(DESTDIR)$(bindir)/scp$(EXEEXT)
@@ -83536,16 +83535,6 @@
+ return mbtowc(NULL, s, n);
+}
+#endif
-diff -ruN openssh-8.1p1/version.h openssh-8.1p1+x509-12.3/version.h
---- openssh-8.1p1/version.h 2019-10-09 03:31:03.000000000 +0300
-+++ openssh-8.1p1+x509-12.3/version.h 2019-10-13 09:07:00.000000000 +0300
-@@ -2,5 +2,4 @@
-
- #define SSH_VERSION "OpenSSH_8.1"
-
--#define SSH_PORTABLE "p1"
--#define SSH_RELEASE SSH_VERSION SSH_PORTABLE
-+#define SSH_RELEASE PACKAGE_STRING ", " SSH_VERSION "p1"
diff -ruN openssh-8.1p1/version.m4 openssh-8.1p1+x509-12.3/version.m4
--- openssh-8.1p1/version.m4 1970-01-01 02:00:00.000000000 +0200
+++ openssh-8.1p1+x509-12.3/version.m4 2019-10-13 09:07:00.000000000 +0300

359
sdk_container/src/third_party/coreos-overlay/net-misc/openssh/files/openssh-8.2_p1-GSSAPI-dns.patch vendored Normal file
View File

@ -0,0 +1,359 @@
diff --git a/auth.c b/auth.c
index 086b8ebb..a267353c 100644
--- a/auth.c
+++ b/auth.c
@@ -724,120 +724,6 @@ fakepw(void)
return (&fake);
}
-/*
- * Returns the remote DNS hostname as a string. The returned string must not
- * be freed. NB. this will usually trigger a DNS query the first time it is
- * called.
- * This function does additional checks on the hostname to mitigate some
- * attacks on legacy rhosts-style authentication.
- * XXX is RhostsRSAAuthentication vulnerable to these?
- * XXX Can we remove these checks? (or if not, remove RhostsRSAAuthentication?)
- */
-
-static char *
-remote_hostname(struct ssh *ssh)
-{
- struct sockaddr_storage from;
- socklen_t fromlen;
- struct addrinfo hints, *ai, *aitop;
- char name[NI_MAXHOST], ntop2[NI_MAXHOST];
- const char *ntop = ssh_remote_ipaddr(ssh);
-
- /* Get IP address of client. */
- fromlen = sizeof(from);
- memset(&from, 0, sizeof(from));
- if (getpeername(ssh_packet_get_connection_in(ssh),
- (struct sockaddr *)&from, &fromlen) == -1) {
- debug("getpeername failed: %.100s", strerror(errno));
- return xstrdup(ntop);
- }
-
- ipv64_normalise_mapped(&from, &fromlen);
- if (from.ss_family == AF_INET6)
- fromlen = sizeof(struct sockaddr_in6);
-
- debug3("Trying to reverse map address %.100s.", ntop);
- /* Map the IP address to a host name. */
- if (getnameinfo((struct sockaddr *)&from, fromlen, name, sizeof(name),
- NULL, 0, NI_NAMEREQD) != 0) {
- /* Host name not found. Use ip address. */
- return xstrdup(ntop);
- }
-
- /*
- * if reverse lookup result looks like a numeric hostname,
- * someone is trying to trick us by PTR record like following:
- * 1.1.1.10.in-addr.arpa. IN PTR 2.3.4.5
- */
- memset(&hints, 0, sizeof(hints));
- hints.ai_socktype = SOCK_DGRAM; /*dummy*/
- hints.ai_flags = AI_NUMERICHOST;
- if (getaddrinfo(name, NULL, &hints, &ai) == 0) {
- logit("Nasty PTR record \"%s\" is set up for %s, ignoring",
- name, ntop);
- freeaddrinfo(ai);
- return xstrdup(ntop);
- }
-
- /* Names are stored in lowercase. */
- lowercase(name);
-
- /*
- * Map it back to an IP address and check that the given
- * address actually is an address of this host. This is
- * necessary because anyone with access to a name server can
- * define arbitrary names for an IP address. Mapping from
- * name to IP address can be trusted better (but can still be
- * fooled if the intruder has access to the name server of
- * the domain).
- */
- memset(&hints, 0, sizeof(hints));
- hints.ai_family = from.ss_family;
- hints.ai_socktype = SOCK_STREAM;
- if (getaddrinfo(name, NULL, &hints, &aitop) != 0) {
- logit("reverse mapping checking getaddrinfo for %.700s "
- "[%s] failed.", name, ntop);
- return xstrdup(ntop);
- }
- /* Look for the address from the list of addresses. */
- for (ai = aitop; ai; ai = ai->ai_next) {
- if (getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop2,
- sizeof(ntop2), NULL, 0, NI_NUMERICHOST) == 0 &&
- (strcmp(ntop, ntop2) == 0))
- break;
- }
- freeaddrinfo(aitop);
- /* If we reached the end of the list, the address was not there. */
- if (ai == NULL) {
- /* Address not found for the host name. */
- logit("Address %.100s maps to %.600s, but this does not "
- "map back to the address.", ntop, name);
- return xstrdup(ntop);
- }
- return xstrdup(name);
-}
-
-/*
- * Return the canonical name of the host in the other side of the current
- * connection. The host name is cached, so it is efficient to call this
- * several times.
- */
-
-const char *
-auth_get_canonical_hostname(struct ssh *ssh, int use_dns)
-{
- static char *dnsname;
-
- if (!use_dns)
- return ssh_remote_ipaddr(ssh);
- else if (dnsname != NULL)
- return dnsname;
- else {
- dnsname = remote_hostname(ssh);
- return dnsname;
- }
-}
-
/*
* Runs command in a subprocess with a minimal environment.
* Returns pid on success, 0 on failure.
diff --git a/canohost.c b/canohost.c
index abea9c6e..4f4524d2 100644
--- a/canohost.c
+++ b/canohost.c
@@ -202,3 +202,117 @@ get_local_port(int sock)
{
return get_sock_port(sock, 1);
}
+
+/*
+ * Returns the remote DNS hostname as a string. The returned string must not
+ * be freed. NB. this will usually trigger a DNS query the first time it is
+ * called.
+ * This function does additional checks on the hostname to mitigate some
+ * attacks on legacy rhosts-style authentication.
+ * XXX is RhostsRSAAuthentication vulnerable to these?
+ * XXX Can we remove these checks? (or if not, remove RhostsRSAAuthentication?)
+ */
+
+static char *
+remote_hostname(struct ssh *ssh)
+{
+ struct sockaddr_storage from;
+ socklen_t fromlen;
+ struct addrinfo hints, *ai, *aitop;
+ char name[NI_MAXHOST], ntop2[NI_MAXHOST];
+ const char *ntop = ssh_remote_ipaddr(ssh);
+
+ /* Get IP address of client. */
+ fromlen = sizeof(from);
+ memset(&from, 0, sizeof(from));
+ if (getpeername(ssh_packet_get_connection_in(ssh),
+ (struct sockaddr *)&from, &fromlen) < 0) {
+ debug("getpeername failed: %.100s", strerror(errno));
+ return strdup(ntop);
+ }
+
+ ipv64_normalise_mapped(&from, &fromlen);
+ if (from.ss_family == AF_INET6)
+ fromlen = sizeof(struct sockaddr_in6);
+
+ debug3("Trying to reverse map address %.100s.", ntop);
+ /* Map the IP address to a host name. */
+ if (getnameinfo((struct sockaddr *)&from, fromlen, name, sizeof(name),
+ NULL, 0, NI_NAMEREQD) != 0) {
+ /* Host name not found. Use ip address. */
+ return strdup(ntop);
+ }
+
+ /*
+ * if reverse lookup result looks like a numeric hostname,
+ * someone is trying to trick us by PTR record like following:
+ * 1.1.1.10.in-addr.arpa. IN PTR 2.3.4.5
+ */
+ memset(&hints, 0, sizeof(hints));
+ hints.ai_socktype = SOCK_DGRAM; /*dummy*/
+ hints.ai_flags = AI_NUMERICHOST;
+ if (getaddrinfo(name, NULL, &hints, &ai) == 0) {
+ logit("Nasty PTR record \"%s\" is set up for %s, ignoring",
+ name, ntop);
+ freeaddrinfo(ai);
+ return strdup(ntop);
+ }
+
+ /* Names are stored in lowercase. */
+ lowercase(name);
+
+ /*
+ * Map it back to an IP address and check that the given
+ * address actually is an address of this host. This is
+ * necessary because anyone with access to a name server can
+ * define arbitrary names for an IP address. Mapping from
+ * name to IP address can be trusted better (but can still be
+ * fooled if the intruder has access to the name server of
+ * the domain).
+ */
+ memset(&hints, 0, sizeof(hints));
+ hints.ai_family = from.ss_family;
+ hints.ai_socktype = SOCK_STREAM;
+ if (getaddrinfo(name, NULL, &hints, &aitop) != 0) {
+ logit("reverse mapping checking getaddrinfo for %.700s "
+ "[%s] failed.", name, ntop);
+ return strdup(ntop);
+ }
+ /* Look for the address from the list of addresses. */
+ for (ai = aitop; ai; ai = ai->ai_next) {
+ if (getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop2,
+ sizeof(ntop2), NULL, 0, NI_NUMERICHOST) == 0 &&
+ (strcmp(ntop, ntop2) == 0))
+ break;
+ }
+ freeaddrinfo(aitop);
+ /* If we reached the end of the list, the address was not there. */
+ if (ai == NULL) {
+ /* Address not found for the host name. */
+ logit("Address %.100s maps to %.600s, but this does not "
+ "map back to the address.", ntop, name);
+ return strdup(ntop);
+ }
+ return strdup(name);
+}
+
+/*
+ * Return the canonical name of the host in the other side of the current
+ * connection. The host name is cached, so it is efficient to call this
+ * several times.
+ */
+
+const char *
+auth_get_canonical_hostname(struct ssh *ssh, int use_dns)
+{
+ static char *dnsname;
+
+ if (!use_dns)
+ return ssh_remote_ipaddr(ssh);
+ else if (dnsname != NULL)
+ return dnsname;
+ else {
+ dnsname = remote_hostname(ssh);
+ return dnsname;
+ }
+}
diff --git a/readconf.c b/readconf.c
index f3cac6b3..adfd7a4e 100644
--- a/readconf.c
+++ b/readconf.c
@@ -160,6 +160,7 @@ typedef enum {
oClearAllForwardings, oNoHostAuthenticationForLocalhost,
oEnableSSHKeysign, oRekeyLimit, oVerifyHostKeyDNS, oConnectTimeout,
oAddressFamily, oGssAuthentication, oGssDelegateCreds,
+ oGssTrustDns,
oServerAliveInterval, oServerAliveCountMax, oIdentitiesOnly,
oSendEnv, oSetEnv, oControlPath, oControlMaster, oControlPersist,
oHashKnownHosts,
@@ -205,9 +206,11 @@ static struct {
#if defined(GSSAPI)
{ "gssapiauthentication", oGssAuthentication },
{ "gssapidelegatecredentials", oGssDelegateCreds },
+ { "gssapitrustdns", oGssTrustDns },
# else
{ "gssapiauthentication", oUnsupported },
{ "gssapidelegatecredentials", oUnsupported },
+ { "gssapitrustdns", oUnsupported },
#endif
#ifdef ENABLE_PKCS11
{ "pkcs11provider", oPKCS11Provider },
@@ -1033,6 +1036,10 @@ parse_time:
intptr = &options->gss_deleg_creds;
goto parse_flag;
+ case oGssTrustDns:
+ intptr = &options->gss_trust_dns;
+ goto parse_flag;
+
case oBatchMode:
intptr = &options->batch_mode;
goto parse_flag;
@@ -1912,6 +1919,7 @@ initialize_options(Options * options)
options->challenge_response_authentication = -1;
options->gss_authentication = -1;
options->gss_deleg_creds = -1;
+ options->gss_trust_dns = -1;
options->password_authentication = -1;
options->kbd_interactive_authentication = -1;
options->kbd_interactive_devices = NULL;
@@ -2061,6 +2069,8 @@ fill_default_options(Options * options)
options->gss_authentication = 0;
if (options->gss_deleg_creds == -1)
options->gss_deleg_creds = 0;
+ if (options->gss_trust_dns == -1)
+ options->gss_trust_dns = 0;
if (options->password_authentication == -1)
options->password_authentication = 1;
if (options->kbd_interactive_authentication == -1)
diff --git a/readconf.h b/readconf.h
index feedb3d2..c7139c1b 100644
--- a/readconf.h
+++ b/readconf.h
@@ -42,6 +42,7 @@ typedef struct {
/* Try S/Key or TIS, authentication. */
int gss_authentication; /* Try GSS authentication */
int gss_deleg_creds; /* Delegate GSS credentials */
+ int gss_trust_dns; /* Trust DNS for GSS canonicalization */
int password_authentication; /* Try password
* authentication. */
int kbd_interactive_authentication; /* Try keyboard-interactive auth. */
diff --git a/ssh_config.5 b/ssh_config.5
index 06a32d31..6871ff36 100644
--- a/ssh_config.5
+++ b/ssh_config.5
@@ -770,6 +770,16 @@ The default is
Forward (delegate) credentials to the server.
The default is
.Cm no .
+Note that this option applies to protocol version 2 connections using GSSAPI.
+.It Cm GSSAPITrustDns
+Set to
+.Dq yes to indicate that the DNS is trusted to securely canonicalize
+the name of the host being connected to. If
+.Dq no, the hostname entered on the
+command line will be passed untouched to the GSSAPI library.
+The default is
+.Dq no .
+This option only applies to protocol version 2 connections using GSSAPI.
.It Cm HashKnownHosts
Indicates that
.Xr ssh 1
diff --git a/sshconnect2.c b/sshconnect2.c
index af00fb30..652463c5 100644
--- a/sshconnect2.c
+++ b/sshconnect2.c
@@ -716,6 +716,13 @@ userauth_gssapi(struct ssh *ssh)
OM_uint32 min;
int r, ok = 0;
gss_OID mech = NULL;
+ const char *gss_host;
+
+ if (options.gss_trust_dns) {
+ extern const char *auth_get_canonical_hostname(struct ssh *ssh, int use_dns);
+ gss_host = auth_get_canonical_hostname(ssh, 1);
+ } else
+ gss_host = authctxt->host;
/* Try one GSSAPI method at a time, rather than sending them all at
* once. */
@@ -730,7 +737,7 @@ userauth_gssapi(struct ssh *ssh)
elements[authctxt->mech_tried];
/* My DER encoding requires length<128 */
if (mech->length < 128 && ssh_gssapi_check_mechanism(&gssctxt,
- mech, authctxt->host)) {
+ mech, gss_host)) {
ok = 1; /* Mechanism works */
} else {
authctxt->mech_tried++;

11
sdk_container/src/third_party/coreos-overlay/net-misc/openssh/files/openssh-8.2_p1-X509-12.4.3-tests.patch vendored Normal file
View File

@ -0,0 +1,11 @@
--- a/openbsd-compat/regress/Makefile.in 2020-02-15 10:59:01.210601434 -0700
+++ b/openbsd-compat/regress/Makefile.in 2020-02-15 10:59:18.753485852 -0700
@@ -7,7 +7,7 @@
CC=@CC@
LD=@LD@
CFLAGS=@CFLAGS@
-CPPFLAGS=-I. -I.. -I$(srcdir) -I$(srcdir)/.. @CPPFLAGS@ @DEFS@
+CPPFLAGS=-I. -I.. -I../.. -I$(srcdir) -I$(srcdir)/.. @CPPFLAGS@ @DEFS@
EXEEXT=@EXEEXT@
LIBCOMPAT=../libopenbsd-compat.a
LIBS=@LIBS@

128
sdk_container/src/third_party/coreos-overlay/net-misc/openssh/files/openssh-8.2_p1-X509-glue-12.4.3.patch vendored Normal file
View File

@ -0,0 +1,128 @@
--- a/openssh-8.2p1+x509-12.4.3.diff 2020-03-21 11:15:05.939809371 -0700
+++ b/openssh-8.2p1+x509-12.4.3.diff 2020-03-21 11:23:15.424752355 -0700
@@ -39298,16 +39298,15 @@
install: $(CONFIGFILES) $(MANPAGES) $(TARGETS) install-files install-sysconf host-key check-config
install-nokeys: $(CONFIGFILES) $(MANPAGES) $(TARGETS) install-files install-sysconf
-@@ -378,6 +379,8 @@
+@@ -378,6 +379,7 @@
$(MKDIR_P) $(DESTDIR)$(mandir)/$(mansubdir)5
$(MKDIR_P) $(DESTDIR)$(mandir)/$(mansubdir)8
$(MKDIR_P) $(DESTDIR)$(libexecdir)
+ $(MKDIR_P) $(DESTDIR)$(sshcadir)
-+ $(MKDIR_P) $(DESTDIR)$(piddir)
$(MKDIR_P) -m 0755 $(DESTDIR)$(PRIVSEP_PATH)
$(INSTALL) -m 0755 $(STRIP_OPT) ssh$(EXEEXT) $(DESTDIR)$(bindir)/ssh$(EXEEXT)
$(INSTALL) -m 0755 $(STRIP_OPT) scp$(EXEEXT) $(DESTDIR)$(bindir)/scp$(EXEEXT)
-@@ -386,11 +389,14 @@
+@@ -386,11 +388,14 @@
$(INSTALL) -m 0755 $(STRIP_OPT) ssh-keygen$(EXEEXT) $(DESTDIR)$(bindir)/ssh-keygen$(EXEEXT)
$(INSTALL) -m 0755 $(STRIP_OPT) ssh-keyscan$(EXEEXT) $(DESTDIR)$(bindir)/ssh-keyscan$(EXEEXT)
$(INSTALL) -m 0755 $(STRIP_OPT) sshd$(EXEEXT) $(DESTDIR)$(sbindir)/sshd$(EXEEXT)
@@ -39326,7 +39325,7 @@
$(INSTALL) -m 644 ssh.1.out $(DESTDIR)$(mandir)/$(mansubdir)1/ssh.1
$(INSTALL) -m 644 scp.1.out $(DESTDIR)$(mandir)/$(mansubdir)1/scp.1
$(INSTALL) -m 644 ssh-add.1.out $(DESTDIR)$(mandir)/$(mansubdir)1/ssh-add.1
-@@ -400,12 +406,12 @@
+@@ -400,12 +405,12 @@
$(INSTALL) -m 644 moduli.5.out $(DESTDIR)$(mandir)/$(mansubdir)5/moduli.5
$(INSTALL) -m 644 sshd_config.5.out $(DESTDIR)$(mandir)/$(mansubdir)5/sshd_config.5
$(INSTALL) -m 644 ssh_config.5.out $(DESTDIR)$(mandir)/$(mansubdir)5/ssh_config.5
@@ -39340,7 +39339,7 @@
install-sysconf:
$(MKDIR_P) $(DESTDIR)$(sysconfdir)
-@@ -463,10 +469,9 @@
+@@ -463,10 +468,9 @@
-rm -f $(DESTDIR)$(bindir)/ssh-keyscan$(EXEEXT)
-rm -f $(DESTDIR)$(bindir)/sftp$(EXEEXT)
-rm -f $(DESTDIR)$(sbindir)/sshd$(EXEEXT)
@@ -39354,7 +39353,7 @@
-rm -f $(DESTDIR)$(mandir)/$(mansubdir)1/ssh.1
-rm -f $(DESTDIR)$(mandir)/$(mansubdir)1/scp.1
-rm -f $(DESTDIR)$(mandir)/$(mansubdir)1/ssh-add.1
-@@ -478,7 +483,6 @@
+@@ -478,7 +482,6 @@
-rm -f $(DESTDIR)$(mandir)/$(mansubdir)8/sftp-server.8
-rm -f $(DESTDIR)$(mandir)/$(mansubdir)8/ssh-keysign.8
-rm -f $(DESTDIR)$(mandir)/$(mansubdir)8/ssh-pkcs11-helper.8
@@ -39362,7 +39361,7 @@
regress-prep:
$(MKDIR_P) `pwd`/regress/unittests/test_helper
-@@ -491,11 +495,11 @@
+@@ -491,11 +494,11 @@
$(MKDIR_P) `pwd`/regress/unittests/match
$(MKDIR_P) `pwd`/regress/unittests/utf8
$(MKDIR_P) `pwd`/regress/misc/kexfuzz
@@ -39376,7 +39375,7 @@
regress/modpipe$(EXEEXT): $(srcdir)/regress/modpipe.c $(REGRESSLIBS)
$(CC) $(CFLAGS) $(CPPFLAGS) -o $@ $(srcdir)/regress/modpipe.c \
-@@ -546,8 +550,7 @@
+@@ -546,8 +549,7 @@
regress/unittests/sshkey/tests.o \
regress/unittests/sshkey/common.o \
regress/unittests/sshkey/test_file.o \
@@ -39406,7 +39405,7 @@
regress/unittests/hostkeys/test_hostkeys$(EXEEXT): \
${UNITTESTS_TEST_HOSTKEYS_OBJS} \
-@@ -618,35 +619,18 @@
+@@ -618,35 +618,18 @@
-lssh -lopenbsd-compat -lssh -lopenbsd-compat $(LIBS)
MISC_KEX_FUZZ_OBJS=\
@@ -39444,7 +39443,7 @@
regress/unittests/sshbuf/test_sshbuf$(EXEEXT) \
regress/unittests/sshkey/test_sshkey$(EXEEXT) \
regress/unittests/bitmap/test_bitmap$(EXEEXT) \
-@@ -657,36 +641,29 @@
+@@ -657,36 +640,29 @@
regress/unittests/utf8/test_utf8$(EXEEXT) \
regress/misc/kexfuzz/kexfuzz$(EXEEXT)
@@ -39501,7 +39500,7 @@
TEST_SSH_IPV6="@TEST_SSH_IPV6@" ; \
TEST_SSH_UTF8="@TEST_SSH_UTF8@" ; \
TEST_SSH_ECC="@TEST_SSH_ECC@" ; \
-@@ -708,8 +685,6 @@
+@@ -708,8 +684,6 @@
TEST_SSH_SSHPKCS11HELPER="$${TEST_SSH_SSHPKCS11HELPER}" \
TEST_SSH_SSHKEYSCAN="$${TEST_SSH_SSHKEYSCAN}" \
TEST_SSH_SFTP="$${TEST_SSH_SFTP}" \
@@ -39510,7 +39509,7 @@
TEST_SSH_SFTPSERVER="$${TEST_SSH_SFTPSERVER}" \
TEST_SSH_PLINK="$${TEST_SSH_PLINK}" \
TEST_SSH_PUTTYGEN="$${TEST_SSH_PUTTYGEN}" \
-@@ -717,17 +692,35 @@
+@@ -717,17 +691,35 @@
TEST_SSH_IPV6="$${TEST_SSH_IPV6}" \
TEST_SSH_UTF8="$${TEST_SSH_UTF8}" \
TEST_SSH_ECC="$${TEST_SSH_ECC}" \
@@ -39549,7 +39548,7 @@
survey: survey.sh ssh
@$(SHELL) ./survey.sh > survey
-@@ -743,4 +736,8 @@
+@@ -743,4 +735,8 @@
sh buildpkg.sh; \
fi
@@ -98215,16 +98214,6 @@
+ return mbtowc(NULL, s, n);
+}
+#endif
-diff -ruN openssh-8.2p1/version.h openssh-8.2p1+x509-12.4.3/version.h
---- openssh-8.2p1/version.h 2020-02-14 02:40:54.000000000 +0200
-+++ openssh-8.2p1+x509-12.4.3/version.h 2020-03-21 19:07:00.000000000 +0200
-@@ -2,5 +2,4 @@
-
- #define SSH_VERSION "OpenSSH_8.2"
-
--#define SSH_PORTABLE "p1"
--#define SSH_RELEASE SSH_VERSION SSH_PORTABLE
-+#define SSH_RELEASE PACKAGE_STRING ", " SSH_VERSION "p1"
diff -ruN openssh-8.2p1/version.m4 openssh-8.2p1+x509-12.4.3/version.m4
--- openssh-8.2p1/version.m4 1970-01-01 02:00:00.000000000 +0200
+++ openssh-8.2p1+x509-12.4.3/version.m4 2020-03-21 19:07:00.000000000 +0200

133
sdk_container/src/third_party/coreos-overlay/net-misc/openssh/files/openssh-8.2_p1-hpn-14.20-X509-glue.patch vendored Normal file
View File

@ -0,0 +1,133 @@
diff -ur '--exclude=*.un~' a/openssh-8_1_P1-hpn-AES-CTR-14.20.diff b/openssh-8_1_P1-hpn-AES-CTR-14.20.diff
--- a/openssh-8_1_P1-hpn-AES-CTR-14.20.diff 2020-02-15 13:41:56.143193830 -0800
+++ b/openssh-8_1_P1-hpn-AES-CTR-14.20.diff 2020-02-15 13:46:40.060133610 -0800
@@ -3,9 +3,9 @@
--- a/Makefile.in
+++ b/Makefile.in
@@ -42,7 +42,7 @@ CC=@CC@
- CFLAGS_NOPIE=@CFLAGS_NOPIE@
- CPPFLAGS=-I. -I$(srcdir) @CPPFLAGS@ $(PATHS) @DEFS@
- PICFLAG=@PICFLAG@
+ LD=@LD@
+ CFLAGS=@CFLAGS@ $(CFLAGS_EXTRA)
+ CPPFLAGS=-I. -I$(srcdir) @CPPFLAGS@ @LDAP_CPPFLAGS@ $(PATHS) @DEFS@
-LIBS=@LIBS@
+LIBS=@LIBS@ -lpthread
K5LIBS=@K5LIBS@
@@ -803,8 +803,8 @@
ssh_packet_set_connection(struct ssh *ssh, int fd_in, int fd_out)
{
struct session_state *state;
-- const struct sshcipher *none = cipher_by_name("none");
-+ struct sshcipher *none = cipher_by_name("none");
+- const struct sshcipher *none = cipher_none();
++ struct sshcipher *none = cipher_none();
int r;
if (none == NULL) {
@@ -902,14 +902,14 @@
/*
@@ -2118,6 +2125,8 @@ fill_default_options(Options * options)
- options->canonicalize_hostname = SSH_CANONICALISE_NO;
- if (options->fingerprint_hash == -1)
options->fingerprint_hash = SSH_FP_HASH_DEFAULT;
+ if (options->update_hostkeys == -1)
+ options->update_hostkeys = 0;
+ if (options->disable_multithreaded == -1)
+ options->disable_multithreaded = 0;
- #ifdef ENABLE_SK_INTERNAL
if (options->sk_provider == NULL)
- options->sk_provider = xstrdup("internal");
+ options->sk_provider = xstrdup("$SSH_SK_PROVIDER");
+
diff --git a/readconf.h b/readconf.h
index 8e36bf32..c803eca7 100644
--- a/readconf.h
@@ -948,9 +948,9 @@
/* Portable-specific options */
sUsePAM,
+ sDisableMTAES,
- /* Standard Options */
- sPort, sHostKeyFile, sLoginGraceTime,
- sPermitRootLogin, sLogFacility, sLogLevel,
+ /* X.509 Standard Options */
+ sHostbasedAlgorithms,
+ sPubkeyAlgorithms,
@@ -643,6 +647,7 @@ static struct {
{ "authorizedprincipalsfile", sAuthorizedPrincipalsFile, SSHCFG_ALL },
{ "kexalgorithms", sKexAlgorithms, SSHCFG_GLOBAL },
Only in b: openssh-8_1_P1-hpn-AES-CTR-14.20.diff.orig
diff -ur '--exclude=*.un~' a/openssh-8_1_P1-hpn-DynWinNoneSwitch-14.20.diff b/openssh-8_1_P1-hpn-DynWinNoneSwitch-14.20.diff
--- a/openssh-8_1_P1-hpn-DynWinNoneSwitch-14.20.diff 2020-02-15 13:41:56.144193830 -0800
+++ b/openssh-8_1_P1-hpn-DynWinNoneSwitch-14.20.diff 2020-02-15 13:45:36.665147504 -0800
@@ -382,7 +382,7 @@
@@ -884,6 +884,10 @@ kex_choose_conf(struct ssh *ssh)
int nenc, nmac, ncomp;
u_int mode, ctos, need, dh_need, authlen;
- int r, first_kex_follows;
+ int r, first_kex_follows = 0;
+ int auth_flag;
+
+ auth_flag = packet_authentication_state(ssh);
@@ -391,8 +391,8 @@
debug2("local %s KEXINIT proposal", kex->server ? "server" : "client");
if ((r = kex_buf2prop(kex->my, NULL, &my)) != 0)
@@ -954,6 +958,14 @@ kex_choose_conf(struct ssh *ssh)
- peer[ncomp] = NULL;
- goto out;
+ else
+ fatal("Pre-authentication none cipher requests are not allowed.");
}
+ debug("REQUESTED ENC.NAME is '%s'", newkeys->enc.name);
+ if (strcmp(newkeys->enc.name, "none") == 0) {
@@ -1169,15 +1169,3 @@
# Example of overriding settings on a per-user basis
#Match User anoncvs
# X11Forwarding no
-diff --git a/version.h b/version.h
-index 6b3fadf8..ec1d2e27 100644
---- a/version.h
-+++ b/version.h
-@@ -3,4 +3,6 @@
- #define SSH_VERSION "OpenSSH_8.1"
-
- #define SSH_PORTABLE "p1"
--#define SSH_RELEASE SSH_VERSION SSH_PORTABLE
-+#define SSH_HPN "-hpn14v20"
-+#define SSH_RELEASE SSH_VERSION SSH_PORTABLE SSH_HPN
-+
diff -ur '--exclude=*.un~' a/openssh-8_1_P1-hpn-PeakTput-14.20.diff b/openssh-8_1_P1-hpn-PeakTput-14.20.diff
--- a/openssh-8_1_P1-hpn-PeakTput-14.20.diff 2020-02-15 13:41:43.834196317 -0800
+++ b/openssh-8_1_P1-hpn-PeakTput-14.20.diff 2020-02-15 13:45:36.665147504 -0800
@@ -12,9 +12,9 @@
static long stalled; /* how long we have been stalled */
static int bytes_per_second; /* current speed in bytes per second */
@@ -127,6 +129,7 @@ refresh_progress_meter(int force_update)
+ off_t bytes_left;
int cur_speed;
- int hours, minutes, seconds;
- int file_len;
+ int len;
+ off_t delta_pos;
if ((!force_update && !alarm_fired && !win_resized) || !can_output())
@@ -33,12 +33,12 @@
@@ -166,7 +173,7 @@ refresh_progress_meter(int force_update)
/* filename */
- buf[0] = '\0';
-- file_len = win_size - 36;
-+ file_len = win_size - 45;
- if (file_len > 0) {
- buf[0] = '\r';
- snmprintf(buf+1, sizeof(buf)-1, &file_len, "%-*s",
+ if (win_size > 36) {
+- int file_len = win_size - 36;
++ int file_len = win_size - 45;
+ snmprintf(buf+1, sizeof(buf)-1, &file_len, "%-*s ",
+ file_len, file);
+ }
@@ -191,6 +198,15 @@ refresh_progress_meter(int force_update)
(off_t)bytes_per_second);
strlcat(buf, "/s ", win_size);

151
sdk_container/src/third_party/coreos-overlay/net-misc/openssh/files/openssh-8.2_p1-hpn-14.20-glue.patch vendored Normal file
View File

@ -0,0 +1,151 @@
diff -ur '--exclude=*.un~' a/openssh-8_1_P1-hpn-AES-CTR-14.20.diff b/openssh-8_1_P1-hpn-AES-CTR-14.20.diff
--- a/openssh-8_1_P1-hpn-AES-CTR-14.20.diff 2020-02-15 12:50:44.413776914 -0800
+++ b/openssh-8_1_P1-hpn-AES-CTR-14.20.diff 2020-02-15 12:53:06.190742744 -0800
@@ -3,9 +3,9 @@
--- a/Makefile.in
+++ b/Makefile.in
@@ -42,7 +42,7 @@ CC=@CC@
- LD=@LD@
- CFLAGS=@CFLAGS@
+ CFLAGS_NOPIE=@CFLAGS_NOPIE@
CPPFLAGS=-I. -I$(srcdir) @CPPFLAGS@ $(PATHS) @DEFS@
+ PICFLAG=@PICFLAG@
-LIBS=@LIBS@
+LIBS=@LIBS@ -lpthread
K5LIBS=@K5LIBS@
@@ -902,14 +902,14 @@
/*
@@ -2118,6 +2125,8 @@ fill_default_options(Options * options)
+ options->canonicalize_hostname = SSH_CANONICALISE_NO;
+ if (options->fingerprint_hash == -1)
options->fingerprint_hash = SSH_FP_HASH_DEFAULT;
- if (options->update_hostkeys == -1)
- options->update_hostkeys = 0;
+ if (options->disable_multithreaded == -1)
+ options->disable_multithreaded = 0;
-
- /* Expand KEX name lists */
- all_cipher = cipher_alg_list(',', 0);
+ #ifdef ENABLE_SK_INTERNAL
+ if (options->sk_provider == NULL)
+ options->sk_provider = xstrdup("internal");
diff --git a/readconf.h b/readconf.h
index 8e36bf32..c803eca7 100644
--- a/readconf.h
@@ -952,9 +952,9 @@
sPort, sHostKeyFile, sLoginGraceTime,
sPermitRootLogin, sLogFacility, sLogLevel,
@@ -643,6 +647,7 @@ static struct {
- { "trustedusercakeys", sTrustedUserCAKeys, SSHCFG_ALL },
{ "authorizedprincipalsfile", sAuthorizedPrincipalsFile, SSHCFG_ALL },
{ "kexalgorithms", sKexAlgorithms, SSHCFG_GLOBAL },
+ { "include", sInclude, SSHCFG_ALL },
+ { "disableMTAES", sDisableMTAES, SSHCFG_ALL },
{ "ipqos", sIPQoS, SSHCFG_ALL },
{ "authorizedkeyscommand", sAuthorizedKeysCommand, SSHCFG_ALL },
diff -ur '--exclude=*.un~' a/openssh-8_1_P1-hpn-DynWinNoneSwitch-14.20.diff b/openssh-8_1_P1-hpn-DynWinNoneSwitch-14.20.diff
--- a/openssh-8_1_P1-hpn-DynWinNoneSwitch-14.20.diff 2020-02-15 12:50:44.413776914 -0800
+++ b/openssh-8_1_P1-hpn-DynWinNoneSwitch-14.20.diff 2020-02-15 12:51:19.541768656 -0800
@@ -409,18 +409,10 @@
index 817da43b..b2bcf78f 100644
--- a/packet.c
+++ b/packet.c
-@@ -925,6 +925,24 @@ ssh_set_newkeys(struct ssh *ssh, int mode)
+@@ -925,6 +925,16 @@ ssh_set_newkeys(struct ssh *ssh, int mode)
return 0;
}
-+/* this supports the forced rekeying required for the NONE cipher */
-+int rekey_requested = 0;
-+void
-+packet_request_rekeying(void)
-+{
-+ rekey_requested = 1;
-+}
-+
+/* used to determine if pre or post auth when rekeying for aes-ctr
+ * and none cipher switch */
+int
@@ -434,20 +426,6 @@
#define MAX_PACKETS (1U<<31)
static int
ssh_packet_need_rekeying(struct ssh *ssh, u_int outbound_packet_len)
-@@ -951,6 +969,13 @@ ssh_packet_need_rekeying(struct ssh *ssh, u_int outbound_packet_len)
- if (state->p_send.packets == 0 && state->p_read.packets == 0)
- return 0;
-
-+ /* used to force rekeying when called for by the none
-+ * cipher switch methods -cjr */
-+ if (rekey_requested == 1) {
-+ rekey_requested = 0;
-+ return 1;
-+ }
-+
- /* Time-based rekeying */
- if (state->rekey_interval != 0 &&
- (int64_t)state->rekey_time + state->rekey_interval <= monotime())
diff --git a/packet.h b/packet.h
index 8ccfd2e0..1ad9bc06 100644
--- a/packet.h
@@ -476,9 +454,9 @@
/* Format of the configuration file:
@@ -167,6 +168,8 @@ typedef enum {
- oHashKnownHosts,
oTunnel, oTunnelDevice,
oLocalCommand, oPermitLocalCommand, oRemoteCommand,
+ oDisableMTAES,
+ oTcpRcvBufPoll, oTcpRcvBuf, oHPNDisabled, oHPNBufferSize,
+ oNoneEnabled, oNoneSwitch,
oVisualHostKey,
@@ -615,9 +593,9 @@
int ip_qos_bulk; /* IP ToS/DSCP/class for bulk traffic */
SyslogFacility log_facility; /* Facility for system logging. */
@@ -112,7 +116,10 @@ typedef struct {
-
int enable_ssh_keysign;
int64_t rekey_limit;
+ int disable_multithreaded; /*disable multithreaded aes-ctr*/
+ int none_switch; /* Use none cipher */
+ int none_enabled; /* Allow none to be used */
int rekey_interval;
@@ -700,9 +678,9 @@
+ options->hpn_buffer_size = CHAN_TCP_WINDOW_DEFAULT;
+ }
+
+ if (options->disable_multithreaded == -1)
+ options->disable_multithreaded = 0;
if (options->ip_qos_interactive == -1)
- options->ip_qos_interactive = IPTOS_DSCP_AF21;
- if (options->ip_qos_bulk == -1)
@@ -486,6 +532,8 @@ typedef enum {
sPasswordAuthentication, sKbdInteractiveAuthentication,
sListenAddress, sAddressFamily,
@@ -1079,11 +1057,11 @@
xxx_host = host;
xxx_hostaddr = hostaddr;
-@@ -422,6 +433,28 @@ ssh_userauth2(struct ssh *ssh, const char *local_user,
+@@ -422,7 +433,28 @@ ssh_userauth2(struct ssh *ssh, const char *local_user,
if (!authctxt.success)
fatal("Authentication failed.");
-+
+
+ /*
+ * If the user wants to use the none cipher, do it post authentication
+ * and only if the right conditions are met -- both of the NONE commands
@@ -1105,9 +1083,9 @@
+ }
+ }
+
- debug("Authentication succeeded (%s).", authctxt.method->name);
- }
-
+ #ifdef WITH_OPENSSL
+ if (options.disable_multithreaded == 0) {
+ /* if we are using aes-ctr there can be issues in either a fork or sandbox
diff --git a/sshd.c b/sshd.c
index 11571c01..23a06022 100644
--- a/sshd.c

20
sdk_container/src/third_party/coreos-overlay/net-misc/openssh/files/openssh-8.2_p1-hpn-14.20-libressl.patch vendored Normal file
View File

@ -0,0 +1,20 @@
--- a/openssh-8_1_P1-hpn-AES-CTR-14.20.diff 2020-04-17 10:31:37.392120799 -0700
+++ b/openssh-8_1_P1-hpn-AES-CTR-14.20.diff 2020-04-17 10:32:46.143684424 -0700
@@ -672,7 +672,7 @@
+const EVP_CIPHER *
+evp_aes_ctr_mt(void)
+{
-+# if OPENSSL_VERSION_NUMBER >= 0x10100000UL
++# if (OPENSSL_VERSION_NUMBER >= 0x10100000UL || defined(HAVE_OPAQUE_STRUCTS)) && !defined(LIBRESSL_VERSION_NUMBER)
+ static EVP_CIPHER *aes_ctr;
+ aes_ctr = EVP_CIPHER_meth_new(NID_undef, 16/*block*/, 16/*key*/);
+ EVP_CIPHER_meth_set_iv_length(aes_ctr, AES_BLOCK_SIZE);
@@ -701,7 +701,7 @@
+ EVP_CIPH_ALWAYS_CALL_INIT | EVP_CIPH_CUSTOM_IV;
+# endif /*SSH_OLD_EVP*/
+ return &aes_ctr;
-+# endif /*OPENSSH_VERSION_NUMBER*/
++# endif /*OPENSSL_VERSION_NUMBER*/
+}
+
+#endif /* defined(WITH_OPENSSL) */

19
sdk_container/src/third_party/coreos-overlay/net-misc/openssh/files/openssh-8.2_p1-hpn-14.20-sctp-glue.patch vendored Normal file
View File

@ -0,0 +1,19 @@
diff -ur '--exclude=*.un~' a/openssh-8_1_P1-hpn-DynWinNoneSwitch-14.20.diff b/openssh-8_1_P1-hpn-DynWinNoneSwitch-14.20.diff
--- a/openssh-8_1_P1-hpn-DynWinNoneSwitch-14.20.diff 2020-02-15 12:10:00.321998279 -0800
+++ b/openssh-8_1_P1-hpn-DynWinNoneSwitch-14.20.diff 2020-02-15 12:10:21.759980508 -0800
@@ -1169,15 +1169,3 @@
# Example of overriding settings on a per-user basis
#Match User anoncvs
# X11Forwarding no
-diff --git a/version.h b/version.h
-index 6b3fadf8..ec1d2e27 100644
---- a/version.h
-+++ b/version.h
-@@ -3,4 +3,6 @@
- #define SSH_VERSION "OpenSSH_8.1"
-
- #define SSH_PORTABLE "p1"
--#define SSH_RELEASE SSH_VERSION SSH_PORTABLE
-+#define SSH_HPN "-hpn14v20"
-+#define SSH_RELEASE SSH_VERSION SSH_PORTABLE SSH_HPN
-+

35
sdk_container/src/third_party/coreos-overlay/net-misc/openssh/files/openssh-8.3_p1-X509-glue-12.5.1.patch vendored Normal file
View File

@ -0,0 +1,35 @@
Only in b: .openssh-8.3p1+x509-12.5.1.diff.un~
diff -u a/openssh-8.3p1+x509-12.5.1.diff b/openssh-8.3p1+x509-12.5.1.diff
--- a/openssh-8.3p1+x509-12.5.1.diff 2020-06-08 10:13:08.937543708 -0700
+++ b/openssh-8.3p1+x509-12.5.1.diff 2020-06-08 10:16:33.417271984 -0700
@@ -35541,12 +35541,11 @@
install: $(CONFIGFILES) $(MANPAGES) $(TARGETS) install-files install-sysconf host-key check-config
install-nokeys: $(CONFIGFILES) $(MANPAGES) $(TARGETS) install-files install-sysconf
-@@ -382,6 +363,8 @@
+@@ -382,6 +363,7 @@
$(MKDIR_P) $(DESTDIR)$(mandir)/$(mansubdir)5
$(MKDIR_P) $(DESTDIR)$(mandir)/$(mansubdir)8
$(MKDIR_P) $(DESTDIR)$(libexecdir)
+ $(MKDIR_P) $(DESTDIR)$(sshcadir)
-+ $(MKDIR_P) $(DESTDIR)$(piddir)
$(MKDIR_P) -m 0755 $(DESTDIR)$(PRIVSEP_PATH)
$(INSTALL) -m 0755 $(STRIP_OPT) ssh$(EXEEXT) $(DESTDIR)$(bindir)/ssh$(EXEEXT)
$(INSTALL) -m 0755 $(STRIP_OPT) scp$(EXEEXT) $(DESTDIR)$(bindir)/scp$(EXEEXT)
@@ -97028,16 +97027,6 @@
+int asnmprintf(char **, size_t, int *, const char *, ...)
__attribute__((format(printf, 4, 5)));
void msetlocale(void);
-diff -ruN openssh-8.3p1/version.h openssh-8.3p1+x509-12.5.1/version.h
---- openssh-8.3p1/version.h 2020-05-27 03:38:00.000000000 +0300
-+++ openssh-8.3p1+x509-12.5.1/version.h 2020-06-07 11:07:00.000000000 +0300
-@@ -2,5 +2,4 @@
-
- #define SSH_VERSION "OpenSSH_8.3"
-
--#define SSH_PORTABLE "p1"
--#define SSH_RELEASE SSH_VERSION SSH_PORTABLE
-+#define SSH_RELEASE PACKAGE_STRING ", " SSH_VERSION "p1"
diff -ruN openssh-8.3p1/version.m4 openssh-8.3p1+x509-12.5.1/version.m4
--- openssh-8.3p1/version.m4 1970-01-01 02:00:00.000000000 +0200
+++ openssh-8.3p1+x509-12.5.1/version.m4 2020-06-07 11:07:00.000000000 +0300

177
sdk_container/src/third_party/coreos-overlay/net-misc/openssh/files/openssh-8.3_p1-hpn-14.20-glue.patch vendored Normal file
View File

@ -0,0 +1,177 @@
Only in b: .openssh-8_1_P1-hpn-DynWinNoneSwitch-14.20.diff.un~
diff -ur a/openssh-8_1_P1-hpn-AES-CTR-14.20.diff b/openssh-8_1_P1-hpn-AES-CTR-14.20.diff
--- a/openssh-8_1_P1-hpn-AES-CTR-14.20.diff 2020-05-27 13:52:27.704108928 -0700
+++ b/openssh-8_1_P1-hpn-AES-CTR-14.20.diff 2020-05-27 13:52:49.803967500 -0700
@@ -3,9 +3,9 @@
--- a/Makefile.in
+++ b/Makefile.in
@@ -42,7 +42,7 @@ CC=@CC@
- LD=@LD@
- CFLAGS=@CFLAGS@
+ CFLAGS_NOPIE=@CFLAGS_NOPIE@
CPPFLAGS=-I. -I$(srcdir) @CPPFLAGS@ $(PATHS) @DEFS@
+ PICFLAG=@PICFLAG@
-LIBS=@LIBS@
+LIBS=@LIBS@ -lpthread
K5LIBS=@K5LIBS@
@@ -902,14 +902,14 @@
/*
@@ -2118,6 +2125,8 @@ fill_default_options(Options * options)
+ options->canonicalize_hostname = SSH_CANONICALISE_NO;
+ if (options->fingerprint_hash == -1)
options->fingerprint_hash = SSH_FP_HASH_DEFAULT;
- if (options->update_hostkeys == -1)
- options->update_hostkeys = 0;
+ if (options->disable_multithreaded == -1)
+ options->disable_multithreaded = 0;
-
- /* Expand KEX name lists */
- all_cipher = cipher_alg_list(',', 0);
+ #ifdef ENABLE_SK_INTERNAL
+ if (options->sk_provider == NULL)
+ options->sk_provider = xstrdup("internal");
diff --git a/readconf.h b/readconf.h
index 8e36bf32..c803eca7 100644
--- a/readconf.h
@@ -952,9 +952,9 @@
sPort, sHostKeyFile, sLoginGraceTime,
sPermitRootLogin, sLogFacility, sLogLevel,
@@ -643,6 +647,7 @@ static struct {
- { "trustedusercakeys", sTrustedUserCAKeys, SSHCFG_ALL },
{ "authorizedprincipalsfile", sAuthorizedPrincipalsFile, SSHCFG_ALL },
{ "kexalgorithms", sKexAlgorithms, SSHCFG_GLOBAL },
+ { "include", sInclude, SSHCFG_ALL },
+ { "disableMTAES", sDisableMTAES, SSHCFG_ALL },
{ "ipqos", sIPQoS, SSHCFG_ALL },
{ "authorizedkeyscommand", sAuthorizedKeysCommand, SSHCFG_ALL },
diff -ur a/openssh-8_1_P1-hpn-DynWinNoneSwitch-14.20.diff b/openssh-8_1_P1-hpn-DynWinNoneSwitch-14.20.diff
--- a/openssh-8_1_P1-hpn-DynWinNoneSwitch-14.20.diff 2020-05-27 13:52:27.705108921 -0700
+++ b/openssh-8_1_P1-hpn-DynWinNoneSwitch-14.20.diff 2020-05-27 14:03:57.888683100 -0700
@@ -409,18 +409,10 @@
index 817da43b..b2bcf78f 100644
--- a/packet.c
+++ b/packet.c
-@@ -925,6 +925,24 @@ ssh_set_newkeys(struct ssh *ssh, int mode)
+@@ -925,6 +925,16 @@ ssh_set_newkeys(struct ssh *ssh, int mode)
return 0;
}
-+/* this supports the forced rekeying required for the NONE cipher */
-+int rekey_requested = 0;
-+void
-+packet_request_rekeying(void)
-+{
-+ rekey_requested = 1;
-+}
-+
+/* used to determine if pre or post auth when rekeying for aes-ctr
+ * and none cipher switch */
+int
@@ -434,20 +426,6 @@
#define MAX_PACKETS (1U<<31)
static int
ssh_packet_need_rekeying(struct ssh *ssh, u_int outbound_packet_len)
-@@ -951,6 +969,13 @@ ssh_packet_need_rekeying(struct ssh *ssh, u_int outbound_packet_len)
- if (state->p_send.packets == 0 && state->p_read.packets == 0)
- return 0;
-
-+ /* used to force rekeying when called for by the none
-+ * cipher switch methods -cjr */
-+ if (rekey_requested == 1) {
-+ rekey_requested = 0;
-+ return 1;
-+ }
-+
- /* Time-based rekeying */
- if (state->rekey_interval != 0 &&
- (int64_t)state->rekey_time + state->rekey_interval <= monotime())
diff --git a/packet.h b/packet.h
index 8ccfd2e0..1ad9bc06 100644
--- a/packet.h
@@ -476,9 +454,9 @@
/* Format of the configuration file:
@@ -167,6 +168,8 @@ typedef enum {
- oHashKnownHosts,
oTunnel, oTunnelDevice,
oLocalCommand, oPermitLocalCommand, oRemoteCommand,
+ oDisableMTAES,
+ oTcpRcvBufPoll, oTcpRcvBuf, oHPNDisabled, oHPNBufferSize,
+ oNoneEnabled, oNoneSwitch,
oVisualHostKey,
@@ -615,9 +593,9 @@
int ip_qos_bulk; /* IP ToS/DSCP/class for bulk traffic */
SyslogFacility log_facility; /* Facility for system logging. */
@@ -112,7 +116,10 @@ typedef struct {
-
int enable_ssh_keysign;
int64_t rekey_limit;
+ int disable_multithreaded; /*disable multithreaded aes-ctr*/
+ int none_switch; /* Use none cipher */
+ int none_enabled; /* Allow none to be used */
int rekey_interval;
@@ -700,9 +678,9 @@
+ options->hpn_buffer_size = CHAN_TCP_WINDOW_DEFAULT;
+ }
+
+ if (options->disable_multithreaded == -1)
+ options->disable_multithreaded = 0;
if (options->ip_qos_interactive == -1)
- options->ip_qos_interactive = IPTOS_DSCP_AF21;
- if (options->ip_qos_bulk == -1)
@@ -486,6 +532,8 @@ typedef enum {
sPasswordAuthentication, sKbdInteractiveAuthentication,
sListenAddress, sAddressFamily,
@@ -731,11 +709,10 @@
*flags = keywords[i].flags;
return keywords[i].opcode;
}
-@@ -1424,10 +1477,27 @@ process_server_config_line(ServerOptions *options, char *line,
- multistate_ptr = multistate_flag;
+@@ -1424,12 +1477,28 @@ process_server_config_line(ServerOptions *options, char *line,
+ multistate_ptr = multistate_ignore_rhosts;
goto parse_multistate;
-+
+ case sTcpRcvBufPoll:
+ intptr = &options->tcp_rcv_buf_poll;
+ goto parse_flag;
@@ -750,7 +727,9 @@
+
case sIgnoreUserKnownHosts:
intptr = &options->ignore_user_known_hosts;
- goto parse_flag;
+ parse_flag:
+ multistate_ptr = multistate_flag;
+ goto parse_multistate;
+ case sNoneEnabled:
+ intptr = &options->none_enabled;
@@ -1079,11 +1058,11 @@
xxx_host = host;
xxx_hostaddr = hostaddr;
-@@ -422,6 +433,28 @@ ssh_userauth2(struct ssh *ssh, const char *local_user,
+@@ -422,7 +433,28 @@ ssh_userauth2(struct ssh *ssh, const char *local_user,
if (!authctxt.success)
fatal("Authentication failed.");
-+
+
+ /*
+ * If the user wants to use the none cipher, do it post authentication
+ * and only if the right conditions are met -- both of the NONE commands
@@ -1105,9 +1084,9 @@
+ }
+ }
+
- debug("Authentication succeeded (%s).", authctxt.method->name);
- }
-
+ #ifdef WITH_OPENSSL
+ if (options.disable_multithreaded == 0) {
+ /* if we are using aes-ctr there can be issues in either a fork or sandbox
diff --git a/sshd.c b/sshd.c
index 11571c01..23a06022 100644
--- a/sshd.c

13
sdk_container/src/third_party/coreos-overlay/net-misc/openssh/files/openssh-8.3_p1-sha2-include.patch vendored Normal file
View File

@ -0,0 +1,13 @@
diff --git a/Makefile.in b/Makefile.in
index c9e4294d..2dbfac24 100644
--- a/Makefile.in
+++ b/Makefile.in
@@ -44,7 +44,7 @@ CC=@CC@
LD=@LD@
CFLAGS=@CFLAGS@
CFLAGS_NOPIE=@CFLAGS_NOPIE@
-CPPFLAGS=-I. -I$(srcdir) @CPPFLAGS@ $(PATHS) @DEFS@
+CPPFLAGS=-I. -I$(srcdir) -I$(srcdir)/openbsd-compat @CPPFLAGS@ $(PATHS) @DEFS@
PICFLAG=@PICFLAG@
LIBS=@LIBS@
K5LIBS=@K5LIBS@

21
sdk_container/src/third_party/coreos-overlay/net-misc/openssh/files/sshd.confd vendored
View File

@ -1,21 +0,0 @@
# /etc/conf.d/sshd: config file for /etc/init.d/sshd
# Where is your sshd_config file stored?
SSHD_CONFDIR="/etc/ssh"
# Any random options you want to pass to sshd.
# See the sshd(8) manpage for more info.
SSHD_OPTS=""
# Pid file to use (needs to be absolute path).
#SSHD_PIDFILE="/var/run/sshd.pid"
# Path to the sshd binary (needs to be absolute path).
#SSHD_BINARY="/usr/sbin/sshd"

89
sdk_container/src/third_party/coreos-overlay/net-misc/openssh/files/sshd.initd vendored
View File

@ -1,89 +0,0 @@
#!/sbin/openrc-run
# Copyright 1999-2018 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
extra_commands="checkconfig"
extra_started_commands="reload"
: ${SSHD_CONFDIR:=${RC_PREFIX%/}/etc/ssh}
: ${SSHD_CONFIG:=${SSHD_CONFDIR}/sshd_config}
: ${SSHD_PIDFILE:=${RC_PREFIX%/}/run/${SVCNAME}.pid}
: ${SSHD_BINARY:=${RC_PREFIX%/}/usr/sbin/sshd}
: ${SSHD_KEYGEN_BINARY:=${RC_PREFIX%/}/usr/bin/ssh-keygen}
command="${SSHD_BINARY}"
pidfile="${SSHD_PIDFILE}"
command_args="${SSHD_OPTS} -o PidFile=${pidfile} -f ${SSHD_CONFIG}"
# Wait one second (length chosen arbitrarily) to see if sshd actually
# creates a PID file, or if it crashes for some reason like not being
# able to bind to the address in ListenAddress (bug 617596).
: ${SSHD_SSD_OPTS:=--wait 1000}
start_stop_daemon_args="${SSHD_SSD_OPTS}"
depend() {
# Entropy can be used by ssh-keygen, among other things, but
# is not strictly required (bug 470020).
use logger dns entropy
if [ "${rc_need+set}" = "set" ] ; then
: # Do nothing, the user has explicitly set rc_need
else
local x warn_addr
for x in $(awk '/^ListenAddress/{ print $2 }' "$SSHD_CONFIG" 2>/dev/null) ; do
case "${x}" in
0.0.0.0|0.0.0.0:*) ;;
::|\[::\]*) ;;
*) warn_addr="${warn_addr} ${x}" ;;
esac
done
if [ -n "${warn_addr}" ] ; then
need net
ewarn "You are binding an interface in ListenAddress statement in your sshd_config!"
ewarn "You must add rc_need=\"net.FOO\" to your ${RC_PREFIX%/}/etc/conf.d/sshd"
ewarn "where FOO is the interface(s) providing the following address(es):"
ewarn "${warn_addr}"
fi
fi
}
checkconfig() {
checkpath --mode 0755 --directory "${RC_PREFIX%/}/var/empty"
if [ ! -e "${SSHD_CONFIG}" ] ; then
eerror "You need an ${SSHD_CONFIG} file to run sshd"
eerror "There is a sample file in /usr/share/doc/openssh"
return 1
fi
${SSHD_KEYGEN_BINARY} -A || return 2
"${command}" -t ${command_args} || return 3
}
start_pre() {
# If this isn't a restart, make sure that the user's config isn't
# busted before we try to start the daemon (this will produce
# better error messages than if we just try to start it blindly).
#
# If, on the other hand, this *is* a restart, then the stop_pre
# action will have ensured that the config is usable and we don't
# need to do that again.
if [ "${RC_CMD}" != "restart" ] ; then
checkconfig || return $?
fi
}
stop_pre() {
# If this is a restart, check to make sure the user's config
# isn't busted before we stop the running daemon.
if [ "${RC_CMD}" = "restart" ] ; then
checkconfig || return $?
fi
}
reload() {
checkconfig || return $?
ebegin "Reloading ${SVCNAME}"
start-stop-daemon --signal HUP --pidfile "${pidfile}"
eend $?
}

9
sdk_container/src/third_party/coreos-overlay/net-misc/openssh/metadata.xml vendored
View File

@ -5,10 +5,6 @@
<email>base-system@gentoo.org</email>
<name>Gentoo Base System</name>
</maintainer>
<maintainer type="person">
<email>robbat2@gentoo.org</email>
<description>LPK issues. Only assign if it's a direct LPK issue. Do not directly assign for anything else.</description>
</maintainer>
<longdescription>
OpenSSH is a FREE version of the SSH protocol suite of network connectivity tools that
increasing numbers of people on the Internet are coming to rely on. Many users of telnet,
@ -25,18 +21,17 @@ ssh-keygen and sftp-server. OpenSSH supports SSH protocol versions 1.3, 1.5, and
</longdescription>
<use>
<flag name="bindist">Disable EC/RC5 algorithms in OpenSSL for patent reasons.</flag>
<flag name="scp">Enable scp command with known security problems. See bug 733802</flag>
<flag name="hpn">Enable high performance ssh</flag>
<flag name="ldap">Add support for storing SSH public keys in LDAP</flag>
<flag name="ldns">Use LDNS for DNSSEC/SSHFP validation.</flag>
<flag name="livecd">Enable root password logins for live-cd environment.</flag>
<flag name="security-key">Include builtin U2F/FIDO support</flag>
<flag name="ssh1">Support the legacy/weak SSH1 protocol</flag>
<flag name="ssl">Enable additional crypto algorithms via OpenSSL</flag>
<flag name="X509">Adds support for X.509 certificate authentication</flag>
<flag name="xmss">Enable XMSS post-quantum authentication algorithm</flag>
</use>
<upstream>
<remote-id type="cpe">cpe:/a:openssh:openssh</remote-id>
<remote-id type="cpe">cpe:/a:openbsd:openssh</remote-id>
<remote-id type="sourceforge">hpnssh</remote-id>
</upstream>
</pkgmetadata>

5
sdk_container/src/third_party/coreos-overlay/net-misc/openssh/openssh-8.1_p1-r3.ebuild vendored
View File

@ -1,3 +1,6 @@
# Difference to upstream from ./update_ebuilds:
# - Ported changes from 775af6c96219eba4bc6294712a36bddc0e6db00f
#
# Copyright 1999-2020 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
@ -34,7 +37,7 @@ S="${WORKDIR}/${PARCH}"
LICENSE="BSD GPL-2"
SLOT="0"
KEYWORDS="~alpha amd64 arm ~arm64 hppa ia64 ~m68k ~mips ppc ppc64 ~riscv s390 sh sparc x86 ~ppc-aix ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~m68k ~mips ppc ppc64 ~riscv s390 sparc x86 ~ppc-aix ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
# Probably want to drop ssl defaulting to on in a future version.
IUSE="abi_mips_n32 audit bindist debug hpn kerberos kernel_linux ldns libedit libressl livecd pam +pie sctp selinux +ssl static test X X509 xmss"

483
sdk_container/src/third_party/coreos-overlay/net-misc/openssh/openssh-8.2_p1-r6.ebuild vendored Normal file
View File

@ -0,0 +1,483 @@
# Copyright 1999-2020 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
EAPI=7
inherit user-info flag-o-matic multilib autotools pam systemd toolchain-funcs
# Make it more portable between straight releases
# and _p? releases.
PARCH=${P/_}
HPN_PV="8.1_P1"
HPN_VER="14.20"
HPN_PATCHES=(
${PN}-${HPN_PV/./_}-hpn-DynWinNoneSwitch-${HPN_VER}.diff
${PN}-${HPN_PV/./_}-hpn-AES-CTR-${HPN_VER}.diff
${PN}-${HPN_PV/./_}-hpn-PeakTput-${HPN_VER}.diff
)
SCTP_VER="1.2" SCTP_PATCH="${PARCH}-sctp-${SCTP_VER}.patch.xz"
X509_VER="12.4.3" X509_PATCH="${PARCH}+x509-${X509_VER}.diff.gz"
DESCRIPTION="Port of OpenBSD's free SSH release"
HOMEPAGE="https://www.openssh.com/"
SRC_URI="mirror://openbsd/OpenSSH/portable/${PARCH}.tar.gz
${SCTP_PATCH:+sctp? ( https://dev.gentoo.org/~chutzpah/dist/openssh/${SCTP_PATCH} )}
${HPN_VER:+hpn? ( $(printf "mirror://sourceforge/hpnssh/HPN-SSH%%20${HPN_VER/./v}%%20${HPN_PV/_P/p}/%s\n" "${HPN_PATCHES[@]}") )}
${X509_PATCH:+X509? ( https://roumenpetrov.info/openssh/x509-${X509_VER}/${X509_PATCH} )}
"
S="${WORKDIR}/${PARCH}"
LICENSE="BSD GPL-2"
SLOT="0"
KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~ppc-aix ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
# Probably want to drop ssl defaulting to on in a future version.
IUSE="abi_mips_n32 audit bindist debug hpn kerberos kernel_linux ldns libedit libressl livecd pam +pie sctp security-key selinux +ssl static test X X509 xmss"
RESTRICT="!test? ( test )"
REQUIRED_USE="
ldns? ( ssl )
pie? ( !static )
static? ( !kerberos !pam )
X509? ( !sctp !security-key ssl !xmss )
xmss? ( || ( ssl libressl ) )
test? ( ssl )
"
LIB_DEPEND="
audit? ( sys-process/audit[static-libs(+)] )
ldns? (
net-libs/ldns[static-libs(+)]
!bindist? ( net-libs/ldns[ecdsa,ssl(+)] )
bindist? ( net-libs/ldns[-ecdsa,ssl(+)] )
)
libedit? ( dev-libs/libedit:=[static-libs(+)] )
sctp? ( net-misc/lksctp-tools[static-libs(+)] )
security-key? ( dev-libs/libfido2:=[static-libs(+)] )
selinux? ( >=sys-libs/libselinux-1.28[static-libs(+)] )
ssl? (
!libressl? (
|| (
(
>=dev-libs/openssl-1.0.1:0[bindist=]
<dev-libs/openssl-1.1.0:0[bindist=]
)
>=dev-libs/openssl-1.1.0g:0[bindist=]
)
dev-libs/openssl:0=[static-libs(+)]
)
libressl? ( dev-libs/libressl:0=[static-libs(+)] )
)
virtual/libcrypt:=[static-libs(+)]
>=sys-libs/zlib-1.2.3:=[static-libs(+)]
"
RDEPEND="
acct-group/sshd
acct-user/sshd
!static? ( ${LIB_DEPEND//\[static-libs(+)]} )
pam? ( sys-libs/pam )
kerberos? ( virtual/krb5 )
"
DEPEND="${RDEPEND}
static? ( ${LIB_DEPEND} )
virtual/os-headers
"
RDEPEND="${RDEPEND}
pam? ( >=sys-auth/pambase-20081028 )
userland_GNU? ( !prefix? ( sys-apps/shadow ) )
X? ( x11-apps/xauth )
"
BDEPEND="
virtual/pkgconfig
sys-devel/autoconf
"
pkg_pretend() {
# this sucks, but i'd rather have people unable to `emerge -u openssh`
# than not be able to log in to their server any more
maybe_fail() { [[ -z ${!2} ]] && echo "$1" ; }
local fail="
$(use hpn && maybe_fail hpn HPN_VER)
$(use sctp && maybe_fail sctp SCTP_PATCH)
$(use X509 && maybe_fail X509 X509_PATCH)
"
fail=$(echo ${fail})
if [[ -n ${fail} ]] ; then
eerror "Sorry, but this version does not yet support features"
eerror "that you requested: ${fail}"
eerror "Please mask ${PF} for now and check back later:"
eerror " # echo '=${CATEGORY}/${PF}' >> /etc/portage/package.mask"
die "booooo"
fi
# Make sure people who are using tcp wrappers are notified of its removal. #531156
if grep -qs '^ *sshd *:' "${EROOT}"/etc/hosts.{allow,deny} ; then
ewarn "Sorry, but openssh no longer supports tcp-wrappers, and it seems like"
ewarn "you're trying to use it. Update your ${EROOT}/etc/hosts.{allow,deny} please."
fi
}
src_prepare() {
sed -i \
-e "/_PATH_XAUTH/s:/usr/X11R6/bin/xauth:${EPREFIX}/usr/bin/xauth:" \
pathnames.h || die
# don't break .ssh/authorized_keys2 for fun
sed -i '/^AuthorizedKeysFile/s:^:#:' sshd_config || die
eapply "${FILESDIR}"/${PN}-7.9_p1-include-stdlib.patch
eapply "${FILESDIR}"/${PN}-8.2_p1-GSSAPI-dns.patch #165444 integrated into gsskex
eapply "${FILESDIR}"/${PN}-6.7_p1-openssl-ignore-status.patch
eapply "${FILESDIR}"/${PN}-7.5_p1-disable-conch-interop-tests.patch
eapply "${FILESDIR}"/${PN}-8.0_p1-fix-putty-tests.patch
eapply "${FILESDIR}"/${PN}-8.0_p1-deny-shmget-shmat-shmdt-in-preauth-privsep-child.patch
[[ -d ${WORKDIR}/patches ]] && eapply "${WORKDIR}"/patches
local PATCHSET_VERSION_MACROS=()
if use X509 ; then
pushd "${WORKDIR}" &>/dev/null || die
eapply "${FILESDIR}/${P}-X509-glue-"${X509_VER}".patch"
popd &>/dev/null || die
eapply "${WORKDIR}"/${X509_PATCH%.*}
eapply "${FILESDIR}"/${P}-X509-${X509_VER}-tests.patch
# We need to patch package version or any X.509 sshd will reject our ssh client
# with "userauth_pubkey: could not parse key: string is too large [preauth]"
# error
einfo "Patching package version for X.509 patch set ..."
sed -i \
-e "s/^AC_INIT(\[OpenSSH\], \[Portable\]/AC_INIT([OpenSSH], [${X509_VER}]/" \
"${S}"/configure.ac || die "Failed to patch package version for X.509 patch"
einfo "Patching version.h to expose X.509 patch set ..."
sed -i \
-e "/^#define SSH_PORTABLE.*/a #define SSH_X509 \"-PKIXSSH-${X509_VER}\"" \
"${S}"/version.h || die "Failed to sed-in X.509 patch version"
PATCHSET_VERSION_MACROS+=( 'SSH_X509' )
fi
if use sctp ; then
eapply "${WORKDIR}"/${SCTP_PATCH%.*}
einfo "Patching version.h to expose SCTP patch set ..."
sed -i \
-e "/^#define SSH_PORTABLE/a #define SSH_SCTP \"-sctp-${SCTP_VER}\"" \
"${S}"/version.h || die "Failed to sed-in SCTP patch version"
PATCHSET_VERSION_MACROS+=( 'SSH_SCTP' )
einfo "Disabling know failing test (cfgparse) caused by SCTP patch ..."
sed -i \
-e "/\t\tcfgparse \\\/d" \
"${S}"/regress/Makefile || die "Failed to disable known failing test (cfgparse) caused by SCTP patch"
fi
if use hpn ; then
local hpn_patchdir="${T}/${P}-hpn${HPN_VER}"
mkdir "${hpn_patchdir}" || die
cp $(printf -- "${DISTDIR}/%s\n" "${HPN_PATCHES[@]}") "${hpn_patchdir}" || die
pushd "${hpn_patchdir}" &>/dev/null || die
eapply "${FILESDIR}"/${P}-hpn-${HPN_VER}-glue.patch
eapply "${FILESDIR}"/${P}-hpn-${HPN_VER}-libressl.patch
if use X509; then
# einfo "Will disable MT AES cipher due to incompatbility caused by X509 patch set"
# # X509 and AES-CTR-MT don't get along, let's just drop it
# rm openssh-${HPN_PV//./_}-hpn-AES-CTR-${HPN_VER}.diff || die
eapply "${FILESDIR}"/${P}-hpn-${HPN_VER}-X509-glue.patch
fi
use sctp && eapply "${FILESDIR}"/${P}-hpn-${HPN_VER}-sctp-glue.patch
popd &>/dev/null || die
eapply "${hpn_patchdir}"
use X509 || eapply "${FILESDIR}/openssh-8.0_p1-hpn-version.patch"
einfo "Patching Makefile.in for HPN patch set ..."
sed -i \
-e "/^LIBS=/ s/\$/ -lpthread/" \
"${S}"/Makefile.in || die "Failed to patch Makefile.in"
einfo "Patching version.h to expose HPN patch set ..."
sed -i \
-e "/^#define SSH_PORTABLE/a #define SSH_HPN \"-hpn${HPN_VER//./v}\"" \
"${S}"/version.h || die "Failed to sed-in HPN patch version"
PATCHSET_VERSION_MACROS+=( 'SSH_HPN' )
if [[ -n "${HPN_DISABLE_MTAES}" ]] ; then
einfo "Disabling known non-working MT AES cipher per default ..."
cat > "${T}"/disable_mtaes.conf <<- EOF
# HPN's Multi-Threaded AES CTR cipher is currently known to be broken
# and therefore disabled per default.
DisableMTAES yes
EOF
sed -i \
-e "/^#HPNDisabled.*/r ${T}/disable_mtaes.conf" \
"${S}"/sshd_config || die "Failed to disabled MT AES ciphers in sshd_config"
sed -i \
-e "/AcceptEnv.*_XXX_TEST$/a \\\tDisableMTAES\t\tyes" \
"${S}"/regress/test-exec.sh || die "Failed to disable MT AES ciphers in test config"
fi
fi
if use X509 || use sctp || use hpn ; then
einfo "Patching sshconnect.c to use SSH_RELEASE in send_client_banner() ..."
sed -i \
-e "s/PROTOCOL_MAJOR_2, PROTOCOL_MINOR_2, SSH_VERSION/PROTOCOL_MAJOR_2, PROTOCOL_MINOR_2, SSH_RELEASE/" \
"${S}"/sshconnect.c || die "Failed to patch send_client_banner() to use SSH_RELEASE (sshconnect.c)"
einfo "Patching sshd.c to use SSH_RELEASE in sshd_exchange_identification() ..."
sed -i \
-e "s/PROTOCOL_MAJOR_2, PROTOCOL_MINOR_2, SSH_VERSION/PROTOCOL_MAJOR_2, PROTOCOL_MINOR_2, SSH_RELEASE/" \
"${S}"/sshd.c || die "Failed to patch sshd_exchange_identification() to use SSH_RELEASE (sshd.c)"
einfo "Patching version.h to add our patch sets to SSH_RELEASE ..."
sed -i \
-e "s/^#define SSH_RELEASE.*/#define SSH_RELEASE SSH_VERSION SSH_PORTABLE ${PATCHSET_VERSION_MACROS[*]}/" \
"${S}"/version.h || die "Failed to patch SSH_RELEASE (version.h)"
fi
sed -i \
-e "/#UseLogin no/d" \
"${S}"/sshd_config || die "Failed to remove removed UseLogin option (sshd_config)"
eapply_user #473004
tc-export PKG_CONFIG
local sed_args=(
-e "s:-lcrypto:$(${PKG_CONFIG} --libs openssl):"
# Disable PATH reset, trust what portage gives us #254615
-e 's:^PATH=/:#PATH=/:'
# Disable fortify flags ... our gcc does this for us
-e 's:-D_FORTIFY_SOURCE=2::'
)
# The -ftrapv flag ICEs on hppa #505182
use hppa && sed_args+=(
-e '/CFLAGS/s:-ftrapv:-fdisable-this-test:'
-e '/OSSH_CHECK_CFLAG_LINK.*-ftrapv/d'
)
# _XOPEN_SOURCE causes header conflicts on Solaris
[[ ${CHOST} == *-solaris* ]] && sed_args+=(
-e 's/-D_XOPEN_SOURCE//'
)
sed -i "${sed_args[@]}" configure{.ac,} || die
eautoreconf
}
src_configure() {
addwrite /dev/ptmx
use debug && append-cppflags -DSANDBOX_SECCOMP_FILTER_DEBUG
use static && append-ldflags -static
use xmss && append-cflags -DWITH_XMSS
local myconf=(
--with-ldflags="${LDFLAGS}"
--disable-strip
--with-pid-dir="${EPREFIX}"$(usex kernel_linux '' '/var')/run
--sysconfdir="${EPREFIX}"/etc/ssh
--libexecdir="${EPREFIX}"/usr/$(get_libdir)/misc
--datadir="${EPREFIX}"/usr/share/openssh
--with-privsep-path="${EPREFIX}"/var/empty
--with-privsep-user=sshd
$(use_with audit audit linux)
$(use_with kerberos kerberos5 "${EPREFIX}"/usr)
# We apply the sctp patch conditionally, so can't pass --without-sctp
# unconditionally else we get unknown flag warnings.
$(use sctp && use_with sctp)
$(use_with ldns ldns "${EPREFIX}"/usr)
$(use_with libedit)
$(use_with pam)
$(use_with pie)
$(use_with selinux)
$(use_with security-key security-key-builtin)
$(use_with ssl openssl)
$(use_with ssl md5-passwords)
$(use_with ssl ssl-engine)
$(use_with !elibc_Cygwin hardening) #659210
)
# stackprotect is broken on musl x86 and ppc
use elibc_musl && ( use x86 || use ppc ) && myconf+=( --without-stackprotect )
# The seccomp sandbox is broken on x32, so use the older method for now. #553748
use amd64 && [[ ${ABI} == "x32" ]] && myconf+=( --with-sandbox=rlimit )
econf "${myconf[@]}"
}
src_test() {
local t skipped=() failed=() passed=()
local tests=( interop-tests compat-tests )
local shell=$(egetshell "${UID}")
if [[ ${shell} == */nologin ]] || [[ ${shell} == */false ]] ; then
elog "Running the full OpenSSH testsuite requires a usable shell for the 'portage'"
elog "user, so we will run a subset only."
skipped+=( tests )
else
tests+=( tests )
fi
# It will also attempt to write to the homedir .ssh.
local sshhome=${T}/homedir
mkdir -p "${sshhome}"/.ssh
for t in "${tests[@]}" ; do
# Some tests read from stdin ...
HOMEDIR="${sshhome}" HOME="${sshhome}" SUDO="" \
emake -k -j1 ${t} </dev/null \
&& passed+=( "${t}" ) \
|| failed+=( "${t}" )
done
einfo "Passed tests: ${passed[*]}"
[[ ${#skipped[@]} -gt 0 ]] && ewarn "Skipped tests: ${skipped[*]}"
[[ ${#failed[@]} -gt 0 ]] && die "Some tests failed: ${failed[*]}"
}
# Gentoo tweaks to default config files.
tweak_ssh_configs() {
local locale_vars=(
# These are language variables that POSIX defines.
# http://pubs.opengroup.org/onlinepubs/9699919799/basedefs/V1_chap08.html#tag_08_02
LANG LC_ALL LC_COLLATE LC_CTYPE LC_MESSAGES LC_MONETARY LC_NUMERIC LC_TIME
# These are the GNU extensions.
# https://www.gnu.org/software/autoconf/manual/html_node/Special-Shell-Variables.html
LANGUAGE LC_ADDRESS LC_IDENTIFICATION LC_MEASUREMENT LC_NAME LC_PAPER LC_TELEPHONE
)
# First the server config.
cat <<-EOF >> "${ED}"/etc/ssh/sshd_config
# Allow client to pass locale environment variables. #367017
AcceptEnv ${locale_vars[*]}
# Allow client to pass COLORTERM to match TERM. #658540
AcceptEnv COLORTERM
EOF
# Then the client config.
cat <<-EOF >> "${ED}"/etc/ssh/ssh_config
# Send locale environment variables. #367017
SendEnv ${locale_vars[*]}
# Send COLORTERM to match TERM. #658540
SendEnv COLORTERM
EOF
if use pam ; then
sed -i \
-e "/^#UsePAM /s:.*:UsePAM yes:" \
-e "/^#PasswordAuthentication /s:.*:PasswordAuthentication no:" \
-e "/^#PrintMotd /s:.*:PrintMotd no:" \
-e "/^#PrintLastLog /s:.*:PrintLastLog no:" \
"${ED}"/etc/ssh/sshd_config || die
fi
if use livecd ; then
sed -i \
-e '/^#PermitRootLogin/c# Allow root login with password on livecds.\nPermitRootLogin Yes' \
"${ED}"/etc/ssh/sshd_config || die
fi
}
src_install() {
emake install-nokeys DESTDIR="${D}"
fperms 600 /etc/ssh/sshd_config
dobin contrib/ssh-copy-id
newinitd "${FILESDIR}"/sshd-r1.initd sshd
newconfd "${FILESDIR}"/sshd-r1.confd sshd
newpamd "${FILESDIR}"/sshd.pam_include.2 sshd
tweak_ssh_configs
doman contrib/ssh-copy-id.1
dodoc CREDITS OVERVIEW README* TODO sshd_config
use hpn && dodoc HPN-README
use X509 || dodoc ChangeLog
diropts -m 0700
dodir /etc/skel/.ssh
keepdir /var/empty
systemd_dounit "${FILESDIR}"/sshd.{service,socket}
systemd_newunit "${FILESDIR}"/sshd_at.service 'sshd@.service'
}
pkg_preinst() {
if ! use ssl && has_version "${CATEGORY}/${PN}[ssl]"; then
show_ssl_warning=1
fi
}
pkg_postinst() {
local old_ver
for old_ver in ${REPLACING_VERSIONS}; do
if ver_test "${old_ver}" -lt "5.8_p1"; then
elog "Starting with openssh-5.8p1, the server will default to a newer key"
elog "algorithm (ECDSA). You are encouraged to manually update your stored"
elog "keys list as servers update theirs. See ssh-keyscan(1) for more info."
fi
if ver_test "${old_ver}" -lt "7.0_p1"; then
elog "Starting with openssh-6.7, support for USE=tcpd has been dropped by upstream."
elog "Make sure to update any configs that you might have. Note that xinetd might"
elog "be an alternative for you as it supports USE=tcpd."
fi
if ver_test "${old_ver}" -lt "7.1_p1"; then #557388 #555518
elog "Starting with openssh-7.0, support for ssh-dss keys were disabled due to their"
elog "weak sizes. If you rely on these key types, you can re-enable the key types by"
elog "adding to your sshd_config or ~/.ssh/config files:"
elog " PubkeyAcceptedKeyTypes=+ssh-dss"
elog "You should however generate new keys using rsa or ed25519."
elog "Starting with openssh-7.0, the default for PermitRootLogin changed from 'yes'"
elog "to 'prohibit-password'. That means password auth for root users no longer works"
elog "out of the box. If you need this, please update your sshd_config explicitly."
fi
if ver_test "${old_ver}" -lt "7.6_p1"; then
elog "Starting with openssh-7.6p1, openssh upstream has removed ssh1 support entirely."
elog "Furthermore, rsa keys with less than 1024 bits will be refused."
fi
if ver_test "${old_ver}" -lt "7.7_p1"; then
elog "Starting with openssh-7.7p1, we no longer patch openssh to provide LDAP functionality."
elog "Install sys-auth/ssh-ldap-pubkey and use OpenSSH's \"AuthorizedKeysCommand\" option"
elog "if you need to authenticate against LDAP."
elog "See https://wiki.gentoo.org/wiki/SSH/LDAP_migration for more details."
fi
if ver_test "${old_ver}" -lt "8.2_p1"; then
ewarn "After upgrading to openssh-8.2p1 please restart sshd, otherwise you"
ewarn "will not be able to establish new sessions. Restarting sshd over a ssh"
ewarn "connection is generally safe."
fi
done
if [[ -n ${show_ssl_warning} ]]; then
elog "Be aware that by disabling openssl support in openssh, the server and clients"
elog "no longer support dss/rsa/ecdsa keys. You will need to generate ed25519 keys"
elog "and update all clients/servers that utilize them."
fi
if use hpn && [[ -n "${HPN_DISABLE_MTAES}" ]] ; then
elog ""
elog "HPN's multi-threaded AES CTR cipher is currently known to be broken"
elog "and therefore disabled at runtime per default."
elog "Make sure your sshd_config is up to date and contains"
elog ""
elog " DisableMTAES yes"
elog ""
elog "Otherwise you maybe unable to connect to this sshd using any AES CTR cipher."
elog ""
fi
}

501
sdk_container/src/third_party/coreos-overlay/net-misc/openssh/openssh-8.3_p1-r4.ebuild vendored Normal file
View File

@ -0,0 +1,501 @@
# Copyright 1999-2020 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
EAPI=7
inherit user-info flag-o-matic multilib autotools pam systemd toolchain-funcs
# Make it more portable between straight releases
# and _p? releases.
PARCH=${P/_}
# PV to USE for HPN patches
#HPN_PV="${PV^^}"
HPN_PV="8.1_P1"
HPN_VER="14.20"
HPN_PATCHES=(
${PN}-${HPN_PV/./_}-hpn-DynWinNoneSwitch-${HPN_VER}.diff
${PN}-${HPN_PV/./_}-hpn-AES-CTR-${HPN_VER}.diff
${PN}-${HPN_PV/./_}-hpn-PeakTput-${HPN_VER}.diff
)
SCTP_VER="1.2" SCTP_PATCH="${PARCH}-sctp-${SCTP_VER}.patch.xz"
X509_VER="12.5.1" X509_PATCH="${PARCH}+x509-${X509_VER}.diff.gz"
DESCRIPTION="Port of OpenBSD's free SSH release"
HOMEPAGE="https://www.openssh.com/"
SRC_URI="mirror://openbsd/OpenSSH/portable/${PARCH}.tar.gz
${SCTP_PATCH:+sctp? ( https://dev.gentoo.org/~chutzpah/dist/openssh/${SCTP_PATCH} )}
${HPN_VER:+hpn? ( $(printf "mirror://sourceforge/hpnssh/HPN-SSH%%20${HPN_VER/./v}%%20${HPN_PV/_P/p}/%s\n" "${HPN_PATCHES[@]}") )}
${X509_PATCH:+X509? ( https://roumenpetrov.info/openssh/x509-${X509_VER}/${X509_PATCH} )}
"
S="${WORKDIR}/${PARCH}"
LICENSE="BSD GPL-2"
SLOT="0"
KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~ppc-aix ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
# Probably want to drop ssl defaulting to on in a future version.
IUSE="abi_mips_n32 audit bindist debug hpn kerberos kernel_linux ldns libedit libressl livecd pam +pie +scp sctp security-key selinux +ssl static test X X509 xmss"
RESTRICT="!test? ( test )"
REQUIRED_USE="
ldns? ( ssl )
pie? ( !static )
static? ( !kerberos !pam )
X509? ( !sctp !security-key ssl !xmss )
xmss? ( || ( ssl libressl ) )
test? ( ssl )
"
LIB_DEPEND="
audit? ( sys-process/audit[static-libs(+)] )
ldns? (
net-libs/ldns[static-libs(+)]
!bindist? ( net-libs/ldns[ecdsa,ssl(+)] )
bindist? ( net-libs/ldns[-ecdsa,ssl(+)] )
)
libedit? ( dev-libs/libedit:=[static-libs(+)] )
sctp? ( net-misc/lksctp-tools[static-libs(+)] )
security-key? ( >=dev-libs/libfido2-1.4.0:=[static-libs(+)] )
selinux? ( >=sys-libs/libselinux-1.28[static-libs(+)] )
ssl? (
!libressl? (
|| (
(
>=dev-libs/openssl-1.0.1:0[bindist=]
<dev-libs/openssl-1.1.0:0[bindist=]
)
>=dev-libs/openssl-1.1.0g:0[bindist=]
)
dev-libs/openssl:0=[static-libs(+)]
)
libressl? ( dev-libs/libressl:0=[static-libs(+)] )
)
virtual/libcrypt:=[static-libs(+)]
>=sys-libs/zlib-1.2.3:=[static-libs(+)]
"
RDEPEND="
acct-group/sshd
acct-user/sshd
!static? ( ${LIB_DEPEND//\[static-libs(+)]} )
pam? ( sys-libs/pam )
kerberos? ( virtual/krb5 )
"
DEPEND="${RDEPEND}
static? ( ${LIB_DEPEND} )
virtual/os-headers
"
RDEPEND="${RDEPEND}
pam? ( >=sys-auth/pambase-20081028 )
userland_GNU? ( !prefix? ( sys-apps/shadow ) )
X? ( x11-apps/xauth )
"
BDEPEND="
virtual/pkgconfig
sys-devel/autoconf
"
pkg_pretend() {
# this sucks, but i'd rather have people unable to `emerge -u openssh`
# than not be able to log in to their server any more
maybe_fail() { [[ -z ${!2} ]] && echo "$1" ; }
local fail="
$(use hpn && maybe_fail hpn HPN_VER)
$(use sctp && maybe_fail sctp SCTP_PATCH)
$(use X509 && maybe_fail X509 X509_PATCH)
"
fail=$(echo ${fail})
if [[ -n ${fail} ]] ; then
eerror "Sorry, but this version does not yet support features"
eerror "that you requested: ${fail}"
eerror "Please mask ${PF} for now and check back later:"
eerror " # echo '=${CATEGORY}/${PF}' >> /etc/portage/package.mask"
die "booooo"
fi
# Make sure people who are using tcp wrappers are notified of its removal. #531156
if grep -qs '^ *sshd *:' "${EROOT}"/etc/hosts.{allow,deny} ; then
ewarn "Sorry, but openssh no longer supports tcp-wrappers, and it seems like"
ewarn "you're trying to use it. Update your ${EROOT}/etc/hosts.{allow,deny} please."
fi
}
src_prepare() {
sed -i \
-e "/_PATH_XAUTH/s:/usr/X11R6/bin/xauth:${EPREFIX}/usr/bin/xauth:" \
pathnames.h || die
# don't break .ssh/authorized_keys2 for fun
sed -i '/^AuthorizedKeysFile/s:^:#:' sshd_config || die
eapply "${FILESDIR}"/${PN}-7.9_p1-include-stdlib.patch
eapply "${FILESDIR}"/${PN}-8.2_p1-GSSAPI-dns.patch #165444 integrated into gsskex
eapply "${FILESDIR}"/${PN}-6.7_p1-openssl-ignore-status.patch
eapply "${FILESDIR}"/${PN}-7.5_p1-disable-conch-interop-tests.patch
eapply "${FILESDIR}"/${PN}-8.0_p1-fix-putty-tests.patch
eapply "${FILESDIR}"/${PN}-8.0_p1-deny-shmget-shmat-shmdt-in-preauth-privsep-child.patch
# workaround for https://bugs.gentoo.org/734984
use X509 || eapply "${FILESDIR}"/${PN}-8.3_p1-sha2-include.patch
[[ -d ${WORKDIR}/patches ]] && eapply "${WORKDIR}"/patches
local PATCHSET_VERSION_MACROS=()
if use X509 ; then
pushd "${WORKDIR}" &>/dev/null || die
eapply "${FILESDIR}/${P}-X509-glue-"${X509_VER}".patch"
popd &>/dev/null || die
eapply "${WORKDIR}"/${X509_PATCH%.*}
# We need to patch package version or any X.509 sshd will reject our ssh client
# with "userauth_pubkey: could not parse key: string is too large [preauth]"
# error
einfo "Patching package version for X.509 patch set ..."
sed -i \
-e "s/^AC_INIT(\[OpenSSH\], \[Portable\]/AC_INIT([OpenSSH], [${X509_VER}]/" \
"${S}"/configure.ac || die "Failed to patch package version for X.509 patch"
einfo "Patching version.h to expose X.509 patch set ..."
sed -i \
-e "/^#define SSH_PORTABLE.*/a #define SSH_X509 \"-PKIXSSH-${X509_VER}\"" \
"${S}"/version.h || die "Failed to sed-in X.509 patch version"
PATCHSET_VERSION_MACROS+=( 'SSH_X509' )
fi
if use sctp ; then
eapply "${WORKDIR}"/${SCTP_PATCH%.*}
einfo "Patching version.h to expose SCTP patch set ..."
sed -i \
-e "/^#define SSH_PORTABLE/a #define SSH_SCTP \"-sctp-${SCTP_VER}\"" \
"${S}"/version.h || die "Failed to sed-in SCTP patch version"
PATCHSET_VERSION_MACROS+=( 'SSH_SCTP' )
einfo "Disabling know failing test (cfgparse) caused by SCTP patch ..."
sed -i \
-e "/\t\tcfgparse \\\/d" \
"${S}"/regress/Makefile || die "Failed to disable known failing test (cfgparse) caused by SCTP patch"
fi
if use hpn ; then
local hpn_patchdir="${T}/${P}-hpn${HPN_VER}"
mkdir "${hpn_patchdir}" || die
cp $(printf -- "${DISTDIR}/%s\n" "${HPN_PATCHES[@]}") "${hpn_patchdir}" || die
pushd "${hpn_patchdir}" &>/dev/null || die
eapply "${FILESDIR}"/${P}-hpn-${HPN_VER}-glue.patch
eapply "${FILESDIR}"/${PN}-8.2_p1-hpn-${HPN_VER}-libressl.patch
if use X509; then
# einfo "Will disable MT AES cipher due to incompatbility caused by X509 patch set"
# # X509 and AES-CTR-MT don't get along, let's just drop it
# rm openssh-${HPN_PV//./_}-hpn-AES-CTR-${HPN_VER}.diff || die
eapply "${FILESDIR}"/${PN}-8.2_p1-hpn-${HPN_VER}-X509-glue.patch
fi
use sctp && eapply "${FILESDIR}"/${PN}-8.2_p1-hpn-${HPN_VER}-sctp-glue.patch
popd &>/dev/null || die
eapply "${hpn_patchdir}"
use X509 || eapply "${FILESDIR}/openssh-8.0_p1-hpn-version.patch"
einfo "Patching Makefile.in for HPN patch set ..."
sed -i \
-e "/^LIBS=/ s/\$/ -lpthread/" \
"${S}"/Makefile.in || die "Failed to patch Makefile.in"
einfo "Patching version.h to expose HPN patch set ..."
sed -i \
-e "/^#define SSH_PORTABLE/a #define SSH_HPN \"-hpn${HPN_VER//./v}\"" \
"${S}"/version.h || die "Failed to sed-in HPN patch version"
PATCHSET_VERSION_MACROS+=( 'SSH_HPN' )
if [[ -n "${HPN_DISABLE_MTAES}" ]] ; then
einfo "Disabling known non-working MT AES cipher per default ..."
cat > "${T}"/disable_mtaes.conf <<- EOF
# HPN's Multi-Threaded AES CTR cipher is currently known to be broken
# and therefore disabled per default.
DisableMTAES yes
EOF
sed -i \
-e "/^#HPNDisabled.*/r ${T}/disable_mtaes.conf" \
"${S}"/sshd_config || die "Failed to disabled MT AES ciphers in sshd_config"
sed -i \
-e "/AcceptEnv.*_XXX_TEST$/a \\\tDisableMTAES\t\tyes" \
"${S}"/regress/test-exec.sh || die "Failed to disable MT AES ciphers in test config"
fi
fi
if use X509 || use sctp || use hpn ; then
einfo "Patching sshconnect.c to use SSH_RELEASE in send_client_banner() ..."
sed -i \
-e "s/PROTOCOL_MAJOR_2, PROTOCOL_MINOR_2, SSH_VERSION/PROTOCOL_MAJOR_2, PROTOCOL_MINOR_2, SSH_RELEASE/" \
"${S}"/sshconnect.c || die "Failed to patch send_client_banner() to use SSH_RELEASE (sshconnect.c)"
einfo "Patching sshd.c to use SSH_RELEASE in sshd_exchange_identification() ..."
sed -i \
-e "s/PROTOCOL_MAJOR_2, PROTOCOL_MINOR_2, SSH_VERSION/PROTOCOL_MAJOR_2, PROTOCOL_MINOR_2, SSH_RELEASE/" \
"${S}"/sshd.c || die "Failed to patch sshd_exchange_identification() to use SSH_RELEASE (sshd.c)"
einfo "Patching version.h to add our patch sets to SSH_RELEASE ..."
sed -i \
-e "s/^#define SSH_RELEASE.*/#define SSH_RELEASE SSH_VERSION SSH_PORTABLE ${PATCHSET_VERSION_MACROS[*]}/" \
"${S}"/version.h || die "Failed to patch SSH_RELEASE (version.h)"
fi
sed -i \
-e "/#UseLogin no/d" \
"${S}"/sshd_config || die "Failed to remove removed UseLogin option (sshd_config)"
eapply_user #473004
# These tests are currently incompatible with PORTAGE_TMPDIR/sandbox
sed -e '/\t\tpercent \\/ d' \
-i regress/Makefile || die
tc-export PKG_CONFIG
local sed_args=(
-e "s:-lcrypto:$(${PKG_CONFIG} --libs openssl):"
# Disable PATH reset, trust what portage gives us #254615
-e 's:^PATH=/:#PATH=/:'
# Disable fortify flags ... our gcc does this for us
-e 's:-D_FORTIFY_SOURCE=2::'
)
# The -ftrapv flag ICEs on hppa #505182
use hppa && sed_args+=(
-e '/CFLAGS/s:-ftrapv:-fdisable-this-test:'
-e '/OSSH_CHECK_CFLAG_LINK.*-ftrapv/d'
)
# _XOPEN_SOURCE causes header conflicts on Solaris
[[ ${CHOST} == *-solaris* ]] && sed_args+=(
-e 's/-D_XOPEN_SOURCE//'
)
sed -i "${sed_args[@]}" configure{.ac,} || die
eautoreconf
}
src_configure() {
addwrite /dev/ptmx
use debug && append-cppflags -DSANDBOX_SECCOMP_FILTER_DEBUG
use static && append-ldflags -static
use xmss && append-cflags -DWITH_XMSS
local myconf=(
--with-ldflags="${LDFLAGS}"
--disable-strip
--with-pid-dir="${EPREFIX}"$(usex kernel_linux '' '/var')/run
--sysconfdir="${EPREFIX}"/etc/ssh
--libexecdir="${EPREFIX}"/usr/$(get_libdir)/misc
--datadir="${EPREFIX}"/usr/share/openssh
--with-privsep-path="${EPREFIX}"/var/empty
--with-privsep-user=sshd
$(use_with audit audit linux)
$(use_with kerberos kerberos5 "${EPREFIX}"/usr)
# We apply the sctp patch conditionally, so can't pass --without-sctp
# unconditionally else we get unknown flag warnings.
$(use sctp && use_with sctp)
$(use_with ldns ldns "${EPREFIX}"/usr)
$(use_with libedit)
$(use_with pam)
$(use_with pie)
$(use_with selinux)
$(usex X509 '' "$(use_with security-key security-key-builtin)")
$(use_with ssl openssl)
$(use_with ssl md5-passwords)
$(use_with ssl ssl-engine)
$(use_with !elibc_Cygwin hardening) #659210
)
# stackprotect is broken on musl x86 and ppc
use elibc_musl && ( use x86 || use ppc ) && myconf+=( --without-stackprotect )
# The seccomp sandbox is broken on x32, so use the older method for now. #553748
use amd64 && [[ ${ABI} == "x32" ]] && myconf+=( --with-sandbox=rlimit )
econf "${myconf[@]}"
}
src_test() {
local t skipped=() failed=() passed=()
local tests=( interop-tests compat-tests )
local shell=$(egetshell "${UID}")
if [[ ${shell} == */nologin ]] || [[ ${shell} == */false ]] ; then
elog "Running the full OpenSSH testsuite requires a usable shell for the 'portage'"
elog "user, so we will run a subset only."
skipped+=( tests )
else
tests+=( tests )
fi
# It will also attempt to write to the homedir .ssh.
local sshhome=${T}/homedir
mkdir -p "${sshhome}"/.ssh
for t in "${tests[@]}" ; do
# Some tests read from stdin ...
HOMEDIR="${sshhome}" HOME="${sshhome}" TMPDIR="${T}" \
SUDO="" SSH_SK_PROVIDER="" \
TEST_SSH_UNSAFE_PERMISSIONS=1 \
emake -k -j1 ${t} </dev/null \
&& passed+=( "${t}" ) \
|| failed+=( "${t}" )
done
einfo "Passed tests: ${passed[*]}"
[[ ${#skipped[@]} -gt 0 ]] && ewarn "Skipped tests: ${skipped[*]}"
[[ ${#failed[@]} -gt 0 ]] && die "Some tests failed: ${failed[*]}"
}
# Gentoo tweaks to default config files.
tweak_ssh_configs() {
local locale_vars=(
# These are language variables that POSIX defines.
# http://pubs.opengroup.org/onlinepubs/9699919799/basedefs/V1_chap08.html#tag_08_02
LANG LC_ALL LC_COLLATE LC_CTYPE LC_MESSAGES LC_MONETARY LC_NUMERIC LC_TIME
# These are the GNU extensions.
# https://www.gnu.org/software/autoconf/manual/html_node/Special-Shell-Variables.html
LANGUAGE LC_ADDRESS LC_IDENTIFICATION LC_MEASUREMENT LC_NAME LC_PAPER LC_TELEPHONE
)
# First the server config.
cat <<-EOF >> "${ED}"/etc/ssh/sshd_config
# Allow client to pass locale environment variables. #367017
AcceptEnv ${locale_vars[*]}
# Allow client to pass COLORTERM to match TERM. #658540
AcceptEnv COLORTERM
EOF
# Then the client config.
cat <<-EOF >> "${ED}"/etc/ssh/ssh_config
# Send locale environment variables. #367017
SendEnv ${locale_vars[*]}
# Send COLORTERM to match TERM. #658540
SendEnv COLORTERM
EOF
if use pam ; then
sed -i \
-e "/^#UsePAM /s:.*:UsePAM yes:" \
-e "/^#PasswordAuthentication /s:.*:PasswordAuthentication no:" \
-e "/^#PrintMotd /s:.*:PrintMotd no:" \
-e "/^#PrintLastLog /s:.*:PrintLastLog no:" \
"${ED}"/etc/ssh/sshd_config || die
fi
if use livecd ; then
sed -i \
-e '/^#PermitRootLogin/c# Allow root login with password on livecds.\nPermitRootLogin Yes' \
"${ED}"/etc/ssh/sshd_config || die
fi
}
src_install() {
emake install-nokeys DESTDIR="${D}"
fperms 600 /etc/ssh/sshd_config
dobin contrib/ssh-copy-id
newinitd "${FILESDIR}"/sshd-r1.initd sshd
newconfd "${FILESDIR}"/sshd-r1.confd sshd
newpamd "${FILESDIR}"/sshd.pam_include.2 sshd
tweak_ssh_configs
doman contrib/ssh-copy-id.1
dodoc CREDITS OVERVIEW README* TODO sshd_config
use hpn && dodoc HPN-README
use X509 || dodoc ChangeLog
diropts -m 0700
dodir /etc/skel/.ssh
# https://bugs.gentoo.org/733802
if ! use scp; then
rm "${ED}"/usr/{bin/scp,share/man/man1/scp.1} \
|| die "failed to remove scp"
fi
keepdir /var/empty
systemd_dounit "${FILESDIR}"/sshd.{service,socket}
systemd_newunit "${FILESDIR}"/sshd_at.service 'sshd@.service'
}
pkg_preinst() {
if ! use ssl && has_version "${CATEGORY}/${PN}[ssl]"; then
show_ssl_warning=1
fi
}
pkg_postinst() {
local old_ver
for old_ver in ${REPLACING_VERSIONS}; do
if ver_test "${old_ver}" -lt "5.8_p1"; then
elog "Starting with openssh-5.8p1, the server will default to a newer key"
elog "algorithm (ECDSA). You are encouraged to manually update your stored"
elog "keys list as servers update theirs. See ssh-keyscan(1) for more info."
fi
if ver_test "${old_ver}" -lt "7.0_p1"; then
elog "Starting with openssh-6.7, support for USE=tcpd has been dropped by upstream."
elog "Make sure to update any configs that you might have. Note that xinetd might"
elog "be an alternative for you as it supports USE=tcpd."
fi
if ver_test "${old_ver}" -lt "7.1_p1"; then #557388 #555518
elog "Starting with openssh-7.0, support for ssh-dss keys were disabled due to their"
elog "weak sizes. If you rely on these key types, you can re-enable the key types by"
elog "adding to your sshd_config or ~/.ssh/config files:"
elog " PubkeyAcceptedKeyTypes=+ssh-dss"
elog "You should however generate new keys using rsa or ed25519."
elog "Starting with openssh-7.0, the default for PermitRootLogin changed from 'yes'"
elog "to 'prohibit-password'. That means password auth for root users no longer works"
elog "out of the box. If you need this, please update your sshd_config explicitly."
fi
if ver_test "${old_ver}" -lt "7.6_p1"; then
elog "Starting with openssh-7.6p1, openssh upstream has removed ssh1 support entirely."
elog "Furthermore, rsa keys with less than 1024 bits will be refused."
fi
if ver_test "${old_ver}" -lt "7.7_p1"; then
elog "Starting with openssh-7.7p1, we no longer patch openssh to provide LDAP functionality."
elog "Install sys-auth/ssh-ldap-pubkey and use OpenSSH's \"AuthorizedKeysCommand\" option"
elog "if you need to authenticate against LDAP."
elog "See https://wiki.gentoo.org/wiki/SSH/LDAP_migration for more details."
fi
if ver_test "${old_ver}" -lt "8.2_p1"; then
ewarn "After upgrading to openssh-8.2p1 please restart sshd, otherwise you"
ewarn "will not be able to establish new sessions. Restarting sshd over a ssh"
ewarn "connection is generally safe."
fi
done
if [[ -n ${show_ssl_warning} ]]; then
elog "Be aware that by disabling openssl support in openssh, the server and clients"
elog "no longer support dss/rsa/ecdsa keys. You will need to generate ed25519 keys"
elog "and update all clients/servers that utilize them."
fi
if use hpn && [[ -n "${HPN_DISABLE_MTAES}" ]] ; then
elog ""
elog "HPN's multi-threaded AES CTR cipher is currently known to be broken"
elog "and therefore disabled at runtime per default."
elog "Make sure your sshd_config is up to date and contains"
elog ""
elog " DisableMTAES yes"
elog ""
elog "Otherwise you maybe unable to connect to this sshd using any AES CTR cipher."
elog ""
fi
}

1
sdk_container/src/third_party/coreos-overlay/profiles/coreos/arm64/package.accept_keywords vendored
View File

@ -36,6 +36,7 @@
=net-firewall/conntrack-tools-1.4.5 ~arm64
=net-firewall/ebtables-2.0.10.4-r1 ~arm64
=net-firewall/ipset-6.29 ~arm64
=net-libs/http-parser-2.6.2 ~arm64
=net-libs/libmicrohttpd-0.9.52 **
=net-libs/libnetfilter_conntrack-1.0.8 ~arm64
=net-libs/libnetfilter_cthelper-1.0.0-r1 ~arm64

2
sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/package.unmask vendored Normal file
View File

@ -0,0 +1,2 @@
# Overwrite outdated portage-stable mask
=dev-libs/openssl-1.1.1g

101
sdk_container/src/third_party/coreos-overlay/sys-auth/sssd/ChangeLog vendored
View File

@ -1,101 +0,0 @@
# ChangeLog for sys-auth/sssd
# Copyright 1999-2016 Gentoo Foundation; Distributed under the GPL v2
# (auto-generated from git log)
*sssd-1.13.0 (09 Aug 2015)
*sssd-1.12.5 (09 Aug 2015)
*sssd-1.12.4 (09 Aug 2015)
*sssd-1.12.1 (09 Aug 2015)
*sssd-1.9.7 (09 Aug 2015)
*sssd-1.9.6-r3 (09 Aug 2015)
09 Aug 2015; Robin H. Johnson <robbat2@gentoo.org>
+files/0001_add_pthread_to_fix_as-needed.patch,
+files/0002_allow_xdm_openrc.patch, +files/0003_new_krb5.patch,
+files/allow_xdm.patch, +files/sssd, +files/sssd-1.13.0-fix-init.patch,
+files/sssd-1.9.6-fix-init.patch, +files/sssd.conf, +files/sssd.service,
+metadata.xml, +sssd-1.9.6-r3.ebuild, +sssd-1.9.7.ebuild,
+sssd-1.12.1.ebuild, +sssd-1.12.4.ebuild, +sssd-1.12.5.ebuild,
+sssd-1.13.0.ebuild:
proj/gentoo: Initial commit
This commit represents a new era for Gentoo:
Storing the gentoo-x86 tree in Git, as converted from CVS.
This commit is the start of the NEW history.
Any historical data is intended to be grafted onto this point.
Creation process:
1. Take final CVS checkout snapshot
2. Remove ALL ChangeLog* files
3. Transform all Manifests to thin
4. Remove empty Manifests
5. Convert all stale $Header$/$Id$ CVS keywords to non-expanded Git $Id$
5.1. Do not touch files with -kb/-ko keyword flags.
Signed-off-by: Robin H. Johnson <robbat2@gentoo.org>
X-Thanks: Alec Warner <antarus@gentoo.org> - did the GSoC 2006 migration
tests
X-Thanks: Robin H. Johnson <robbat2@gentoo.org> - infra guy, herding this
project
X-Thanks: Nguyen Thai Ngoc Duy <pclouds@gentoo.org> - Former Gentoo
developer, wrote Git features for the migration
X-Thanks: Brian Harring <ferringb@gentoo.org> - wrote much python to improve
cvs2svn
X-Thanks: Rich Freeman <rich0@gentoo.org> - validation scripts
X-Thanks: Patrick Lauer <patrick@gentoo.org> - Gentoo dev, running new 2014
work in migration
X-Thanks: Michał Górny <mgorny@gentoo.org> - scripts, QA, nagging
X-Thanks: All of other Gentoo developers - many ideas and lots of paint on
the bikeshed
24 Aug 2015; Justin Lecher <jlec@gentoo.org> metadata.xml:
Use https by default
Convert all URLs for sites supporting encrypted connections from http to
https
Signed-off-by: Justin Lecher <jlec@gentoo.org>
24 Aug 2015; Mike Gilbert <floppym@gentoo.org> metadata.xml:
Revert DOCTYPE SYSTEM https changes in metadata.xml
repoman does not yet accept the https version.
This partially reverts eaaface92ee81f30a6ac66fe7acbcc42c00dc450.
Bug: https://bugs.gentoo.org/552720
28 Aug 2015; Lars Wendler <polynomial-c@gentoo.org> sssd-1.12.1.ebuild,
sssd-1.12.4.ebuild, sssd-1.12.5.ebuild:
Stick to automake-1.13 (bug #557436)
Committed on behalf of Markos Chandras (hwoarang)
Package-Manager: portage-2.2.20.1
Signed-off-by: Lars Wendler <polynomial-c@gentoo.org>
*sssd-1.13.1 (04 Nov 2015)
04 Nov 2015; Markos Chandras <hwoarang@gentoo.org> +sssd-1.13.1.ebuild:
Version bump
Package-Manager: portage-2.2.23
14 Nov 2015; Jeroen Roovers <jer@gentoo.org> sssd-1.9.6-r3.ebuild,
sssd-1.9.7.ebuild, sssd-1.12.1.ebuild, sssd-1.12.4.ebuild,
sssd-1.12.5.ebuild, sssd-1.13.0.ebuild, sssd-1.13.1.ebuild:
Verbose build.
Package-Manager: portage-2.2.24
24 Jan 2016; Michał Górny <mgorny@gentoo.org> metadata.xml:
Unify quoting in metadata.xml files for machine processing
Force unified quoting in all metadata.xml files since lxml does not
preserve original use of single and double quotes. Ensuring unified
quoting before the process allows distinguishing the GLEP 67-related
metadata.xml changes from unrelated quoting changes.
24 Jan 2016; Michał Górny <mgorny@gentoo.org> metadata.xml:
Set appropriate maintainer types in metadata.xml (GLEP 67)

353
sdk_container/src/third_party/coreos-overlay/sys-auth/sssd/ChangeLog-2015 vendored
View File

@ -1,353 +0,0 @@
# ChangeLog for sys-auth/sssd
# Copyright 1999-2015 Gentoo Foundation; Distributed under the GPL v2
# $Header: /var/cvsroot/gentoo-x86/sys-auth/sssd/ChangeLog,v 1.74 2015/07/23 11:48:12 hwoarang Exp $
23 Jul 2015; Markos Chandras <hwoarang@gentoo.org> sssd-1.13.0.ebuild:
Bring back the python-r1 eclass inclusion
22 Jul 2015; Markos Chandras <hwoarang@gentoo.org>
+files/sssd-1.13.0-fix-init.patch, sssd-1.13.0.ebuild:
Fix python support. Bug #554776. Respect SSSD_OPTIONS in init script. Bug
#553678
*sssd-1.13.0 (11 Jul 2015)
11 Jul 2015; Markos Chandras <hwoarang@gentoo.org> +sssd-1.13.0.ebuild:
Version bump
*sssd-1.12.5 (13 Jun 2015)
13 Jun 2015; Markos Chandras <hwoarang@gentoo.org> +sssd-1.12.5.ebuild:
Version bump
18 Apr 2015; Markos Chandras <hwoarang@gentoo.org> sssd-1.12.4.ebuild:
Restore samba4 magic
10 Apr 2015; Anthony G. Basile <blueness@gentoo.org> sssd-1.12.1.ebuild,
sssd-1.12.4.ebuild, sssd-1.9.6-r3.ebuild, sssd-1.9.7.ebuild:
Keyword ~ppc ~ppc64. Bug #540540.
06 Mar 2015; Jeroen Roovers <jer@gentoo.org> sssd-1.12.4.ebuild:
Marked ~hppa (bug #540540).
04 Mar 2015; Markos Chandras <hwoarang@gentoo.org> -sssd-1.12.2-r1.ebuild,
-sssd-1.12.2.ebuild, -sssd-1.12.3.ebuild:
Remove old
03 Mar 2015; Markus Meier <maekke@gentoo.org> sssd-1.12.4.ebuild:
add ~arm, bug #540540
*sssd-1.12.4 (22 Feb 2015)
22 Feb 2015; Markos Chandras <hwoarang@gentoo.org> +sssd-1.12.4.ebuild:
Version bump. Install with -j1 so we can workaround build system issues
*sssd-1.12.3 (09 Jan 2015)
09 Jan 2015; Markos Chandras <hwoarang@gentoo.org> +sssd-1.12.3.ebuild:
Version bump
*sssd-1.9.7 (10 Dec 2014)
10 Dec 2014; Markos Chandras <hwoarang@gentoo.org> +sssd-1.9.7.ebuild:
Version bump for the LTM branch. 1.9.7 is going to be the last one
*sssd-1.12.2-r1 (20 Nov 2014)
20 Nov 2014; Michał Górny <mgorny@gentoo.org> +sssd-1.12.2-r1.ebuild:
Enable multilib support, bug #409701.
*sssd-1.12.2 (15 Nov 2014)
15 Nov 2014; Markos Chandras <hwoarang@gentoo.org> +sssd-1.12.2.ebuild,
-sssd-1.11.6.ebuild, -sssd-1.12.0.ebuild, -sssd-1.8.6-r1.ebuild,
-sssd-1.8.6.ebuild, -sssd-1.9.6-r2.ebuild:
Version bump. Remove some old ebuilds
02 Nov 2014; Sven Vermeulen <swift@gentoo.org> sssd-1.12.1.ebuild:
Remove sec-policy/selinux-* dependency from DEPEND but keep in RDEPEND (bug
#527698)
06 Oct 2014; Agostino Sarubbo <ago@gentoo.org> sssd-1.12.1.ebuild:
Stable for x86, wrt bug #511670
06 Oct 2014; Agostino Sarubbo <ago@gentoo.org> sssd-1.12.1.ebuild:
Stable for amd64, wrt bug #511670
*sssd-1.12.1 (14 Sep 2014)
14 Sep 2014; Markos Chandras <hwoarang@gentoo.org> +sssd-1.12.1.ebuild,
metadata.xml:
Version bump
*sssd-1.12.0 (12 Jul 2014)
12 Jul 2014; Markos Chandras <hwoarang@gentoo.org> +sssd-1.12.0.ebuild,
metadata.xml:
Version bump
*sssd-1.11.6 (14 Jun 2014)
14 Jun 2014; Markos Chandras <hwoarang@gentoo.org> +sssd-1.11.6.ebuild:
Version bump. Bug #477190
27 May 2014; Michał Górny <mgorny@gentoo.org> sssd-1.9.6-r3.ebuild:
Convert to python-single-r1.
*sssd-1.9.6-r3 (26 May 2014)
26 May 2014; Markos Chandras <hwoarang@gentoo.org> +sssd-1.9.6-r3.ebuild:
Revbump for multiple fixes. See bug #511530, #499584 and 511528
26 May 2014; Markos Chandras <hwoarang@gentoo.org> metadata.xml:
Take over maintainership
21 May 2014; Markos Chandras <hwoarang@gentoo.org> -sssd-1.9.4-r3.ebuild,
-sssd-1.9.5-r1.ebuild, -sssd-1.9.6-r1.ebuild:
Clean up old ebuilds per #462496
*sssd-1.9.6-r2 (10 Apr 2014)
10 Apr 2014; Markos Chandras <hwoarang@gentoo.org> +sssd-1.9.6-r2.ebuild,
+files/sssd.service:
Add systemd unit file based on upstream
https://git.fedorahosted.org/cgit/sssd.git/tree/src/sysv/systemd/sssd.service
.in one
07 Dec 2013; Markos Chandras <hwoarang@gentoo.org>
files/sssd-1.9.6-fix-init.patch:
Add upstream commit references for the init script improvements
02 Dec 2013; Markos Chandras <hwoarang@gentoo.org> sssd-1.9.6-r1.ebuild,
files/sssd-1.9.6-fix-init.patch:
Use sbindir instead of exec_prefix. No functional changes
*sssd-1.9.6-r1 (02 Dec 2013)
02 Dec 2013; Markos Chandras <hwoarang@gentoo.org> sssd-1.9.6-r1.ebuild,
files/sssd-1.9.6-fix-init.patch:
More fixes in init script
*sssd-1.9.6 (01 Dec 2013)
01 Dec 2013; Markos Chandras <hwoarang@gentoo.org>
+files/sssd-1.9.6-fix-init.patch, +sssd-1.9.6.ebuild:
Version bump. Remove nscd dependency from the init script. Bug #491608
27 Oct 2013; Michał Górny <mgorny@gentoo.org> sssd-1.8.6-r1.ebuild,
sssd-1.8.6.ebuild, sssd-1.9.4-r3.ebuild, sssd-1.9.5-r1.ebuild:
Replace calls to deprecated remove_libtool_files (and prune_libtool_files)
with AUTOTOOLS_PRUNE_LIBTOOL_FILES var.
03 Jul 2013; Markos Chandras <hwoarang@gentoo.org> metadata.xml,
sssd-1.9.5-r1.ebuild:
Allow ldb versions higher than 1.1.15-r1
*sssd-1.9.5-r1 (03 Jul 2013)
*sssd-1.9.4-r3 (03 Jul 2013)
03 Jul 2013; Markos Chandras <hwoarang@gentoo.org> +sssd-1.9.4-r3.ebuild,
+sssd-1.9.5-r1.ebuild, -sssd-1.9.4-r1.ebuild, -sssd-1.9.4-r2.ebuild,
-sssd-1.9.4.ebuild, -sssd-1.9.5.ebuild, metadata.xml, sssd-1.8.6-r1.ebuild,
sssd-1.8.6.ebuild:
Revbump to fix sys-libs/ldb dependencies and runtime problems against sys-
libs/ldb-1.1.15-r1. Remove old versions
*sssd-1.9.5 (21 May 2013)
21 May 2013; Markos Chandras <hwoarang@gentoo.org> +sssd-1.9.5.ebuild:
Version bump. Bug #470728
12 May 2013; Patrick Lauer <patrick@gentoo.org> metadata.xml:
Drop obsolete use flags from metadata.xml
12 Apr 2013; Maxim Koltsov <maksbotan@gentoo.org> +files/0003_new_krb5.patch,
-files/new_krb5.patch, files/allow_xdm.patch:
Fix new_krb5 patch file name to match 0*.patch glob in ebuilds, thanks to
Night Nord.
05 Apr 2013; Maxim Koltsov <maksbotan@gentoo.org> +files/new_krb5.patch:
Fix build with mit-krb5-1.11.1, bug #463812. Thanks to slepnoga and Andrian
Nord.
*sssd-1.9.4-r2 (05 Apr 2013)
*sssd-1.8.6-r1 (05 Apr 2013)
05 Apr 2013; Maxim Koltsov <maksbotan@gentoo.org> +sssd-1.8.6-r1.ebuild,
+sssd-1.9.4-r2.ebuild:
Fix glibc[nscd] dependency, bug #463832. Thanks to slepnoga.
17 Mar 2013; Markos Chandras <hwoarang@gentoo.org> metadata.xml:
Add proxy-maintainers to metadata.xml
*sssd-1.9.4-r1 (20 Feb 2013)
20 Feb 2013; Maxim Koltsov <maksbotan@gentoo.org> +sssd-1.9.4-r1.ebuild:
Remove samba-4 dep until it's unmasked.
31 Jan 2013; Agostino Sarubbo <ago@gentoo.org> -sssd-1.8.1-r1.ebuild,
-sssd-1.8.2.ebuild, -sssd-1.8.4.ebuild, -sssd-1.8.5.ebuild,
-sssd-1.9.2.ebuild:
Remove old
31 Jan 2013; Agostino Sarubbo <ago@gentoo.org> sssd-1.8.6.ebuild:
Stable for x86, wrt bug #453808
31 Jan 2013; Agostino Sarubbo <ago@gentoo.org> sssd-1.8.6.ebuild:
Stable for amd64, wrt bug #453808
*sssd-1.8.6 (31 Jan 2013)
*sssd-1.9.4 (31 Jan 2013)
31 Jan 2013; Maxim Koltsov <maksbotan@gentoo.org> +sssd-1.8.6.ebuild,
+sssd-1.9.4.ebuild, -sssd-1.9.3.ebuild:
Bump to 1.9.4 and 1.8.6, clean vulnerable 1.9.x versions, fixes security bug
453808
06 Jan 2013; Maxim Koltsov <maksbotan@gentoo.org> sssd-1.9.3.ebuild:
Change 1.9.3 depends to make it build, bug #450226. Thanks to slepnoga.
*sssd-1.9.3 (02 Jan 2013)
02 Jan 2013; Maxim Koltsov <maksbotan@gentoo.org> +sssd-1.9.3.ebuild:
Bump to 1.9.3, thanks to slepnoga
04 Dec 2012; Maxim Koltsov <maksbotan@gentoo.org> sssd-1.9.2.ebuild:
Fix bug #445478, thanks to Reto Gantenbein
21 Nov 2012; Agostino Sarubbo <ago@gentoo.org> sssd-1.8.4.ebuild:
Stable for x86, wrt bug #434352
*sssd-1.9.2 (17 Oct 2012)
17 Oct 2012; Maxim Koltsov <maksbotan@gentoo.org>
+files/0001_add_pthread_to_fix_as-needed.patch,
+files/0002_allow_xdm_openrc.patch, +sssd-1.9.2.ebuild, metadata.xml:
Bump to 1.9.2, thanks to slepnoga
*sssd-1.8.5 (14 Oct 2012)
14 Oct 2012; Sergey Popov <pinkbyte@gentoo.org> +sssd-1.8.5.ebuild:
Version bump
09 Sep 2012; Agostino Sarubbo <ago@gentoo.org> sssd-1.8.4.ebuild:
Stable for amd64, wrt bug #434352
03 Aug 2012; Andreas Schuerch <nativemad@gentoo.org> sssd-1.8.1-r1.ebuild:
x86 stable, see bug 413977. Thanks Myckel
27 Jun 2012; Alexander Vershilov <qnikst@gentoo.org> Manifest:
fixing metadata (due #423701) asked by slepnoga
*sssd-1.8.4 (21 Jun 2012)
21 Jun 2012; Maxim Koltsov <maksbotan@gentoo.org> +sssd-1.8.4.ebuild:
Bump to 1.8.4, thanks to slepnoga
02 Jun 2012; Maxim Koltsov <maksbotan@gentoo.org> -sssd-1.6.4-r1.ebuild,
-sssd-1.6.4.ebuild:
Remove old 1.6.4
05 May 2012; Markos Chandras <hwoarang@gentoo.org> sssd-1.8.1-r1.ebuild:
Stable on amd64 wrt bug #413977
*sssd-1.8.2 (14 Apr 2012)
14 Apr 2012; Maxim Koltsov <maksbotan@gentoo.org> +sssd-1.8.2.ebuild,
-sssd-1.8.1.ebuild:
Bump to 1.8.2, thanks to slepnoga
*sssd-1.6.4-r1 (08 Apr 2012)
*sssd-1.8.1-r1 (08 Apr 2012)
08 Apr 2012; Maxim Koltsov <maksbotan@gentoo.org> +sssd-1.6.4-r1.ebuild,
+sssd-1.8.1-r1.ebuild, -sssd-1.7.0.ebuild, -sssd-1.8.0.ebuild,
sssd-1.6.4.ebuild:
Cleanup old versions, revision-bump the rest adding selinux policy dependency.
Thanks to slepnoga
*sssd-1.8.1 (16 Mar 2012)
16 Mar 2012; Maxim Koltsov <maksbotan@gentoo.org> +sssd-1.8.1.ebuild:
Bump to 1.8.1, thanks to slepnoga
05 Mar 2012; Maxim Koltsov <maksbotan@gentoo.org> sssd-1.6.4.ebuild,
sssd-1.7.0.ebuild, sssd-1.8.0.ebuild:
Block ~net-nds/openldap-2.4.28, bug #405343. Thanks to slepnoga
*sssd-1.8.0 (02 Mar 2012)
02 Mar 2012; Maxim Koltsov <maksbotan@gentoo.org> +sssd-1.8.0.ebuild:
Bump to 1.8.0, drop libunistring depend, make logrotate installation
unconditional. Thanks to slepnoga
02 Mar 2012; Agostino Sarubbo <ago@gentoo.org> sssd-1.6.4.ebuild:
Stable for amd64, wrt bug #406291
*sssd-1.7.0 (24 Feb 2012)
24 Feb 2012; Maxim Koltsov <maksbotan@gentoo.org> +sssd-1.7.0.ebuild,
-sssd-1.6.1-r2.ebuild, -sssd-1.6.2.ebuild:
Bump to 1.7.0, remove old versions. Thanks to slepnoga
04 Feb 2012; Maxim Koltsov <maksbotan@gentoo.org> metadata.xml:
Fix maintainer's email in metadata
*sssd-1.6.4 (19 Dec 2011)
19 Dec 2011; Maxim Koltsov <maksbotan@gentoo.org> +sssd-1.6.4.ebuild,
metadata.xml:
Bump to 1.6.4 and EAPI 4, thanks so slepnoga. Bug 394699
*sssd-1.6.2 (28 Oct 2011)
28 Oct 2011; Maxim Koltsov <maksbotan@gentoo.org> -sssd-1.6.1-r1.ebuild,
+sssd-1.6.2.ebuild:
Bump to 1.6.2, bug #388787. Removed obsolete 1.6.1-r1
*sssd-1.6.1-r2 (23 Oct 2011)
23 Oct 2011; Maxim Koltsov <maksbotan@gentoo.org> +sssd-1.6.1-r2.ebuild,
+files/sssd, +files/sssd.conf:
Fix depends in init script, bug 385157
17 Sep 2011; Maxim Koltsov <maksbotan@gentoo.org> -sssd-1.6.1.ebuild,
sssd-1.6.1-r1.ebuild:
Drop static-libs use flag, finish work on #382703. Thanks to Andreis
Vinogradovs <spamslepnoga@inbox.ru>
*sssd-1.6.1-r1 (16 Sep 2011)
16 Sep 2011; Maxim Koltsov <maksbotan@gentoo.org> -sssd-1.5.13.ebuild,
+sssd-1.6.1-r1.ebuild:
(ChangeLog by Andreis Vinogradovs <spamslepnoga@inbox.ru>)
Fix #382703 - remove useless .la files;
Thanks Samuli Suominen <ssuominen@gentoo.org> for report
31 Aug 2011; Maxim Koltsov <maksbotan@gentoo.org> +files/allow_xdm.patch:
Add forgotten patch
*sssd-1.6.1 (31 Aug 2011)
*sssd-1.5.13 (31 Aug 2011)
31 Aug 2011; Maxim Koltsov <maksbotan@gentoo.org> -sssd-1.5.12-r1.ebuild,
+sssd-1.5.13.ebuild, +sssd-1.6.1.ebuild:
Bumped to 1.5.13 and 1.6.1, removed old 1.5.12-r1
20 Aug 2011; Maxim Koltsov <maksbotan@gentoo.org> sssd-1.5.12-r1.ebuild:
Fix LDB path again
*sssd-1.5.12-r1 (20 Aug 2011)
20 Aug 2011; Maxim Koltsov <maksbotan@gentoo.org> +sssd-1.5.12-r1.ebuild,
-sssd-1.5.12.ebuild:
Revision bump: fixed LDB library path and .la files, thanks to slepnoga. Old
revision dropped cause it can't work due to wrong LDB search path.
*sssd-1.5.12 (14 Aug 2011)
14 Aug 2011; Maxim Koltsov <maksbotan@gentoo.org> +sssd-1.5.12.ebuild, +metadata.xml:
Add sssd-1.5.12, 1.6.0 is not yet considered ready by ebuild author. Thanks
to
slepnoga, bug #321875

27
sdk_container/src/third_party/coreos-overlay/sys-auth/sssd/Manifest vendored
View File

@ -1,26 +1 @@
AUX 0001_add_pthread_to_fix_as-needed.patch 744 SHA256 3d9f822d93555393c19fc9bdbface08092e78e640dd939424700f6403f11ac1f SHA512 fee020fa5f1ef22065c91e93178d99e3a451769cc5fb1ebdceef446a9bea5547727189c65310de2fe68a12f975eb1980af7a5b737882c0c6cdd5129b76659f82 WHIRLPOOL dac4c364fe617d23f0f66675bf98e8dd33c378709c997783df52007e33a89ba871e9f455a705da09e4d213c34707fed864fa5c46c8260c81e83db809a0c7f895
AUX 0002_allow_xdm_openrc.patch 472 SHA256 9d0462096d7eb03489dbb4f5920c767828068cc87d2e41c75c37631f95850368 SHA512 c728b3619746902584d2f75ef57829a249c964139a24bd012530399ce3fb478fd2236efaa6c5313dd8132ea46ecb9a8c899f7a10c5b063da2a03ba9f9ba2650f WHIRLPOOL 93d4fdd206602833104f43eae576fc22bee4975e3ba116dd4caff1067a0394c230726d70d8e74d90288c984b46c3f9d26856bb2ee663dd63ace425ce6acc4d71
AUX 0003_new_krb5.patch 1702 SHA256 5ad16a7c733824dea87dc0df4ac8b1e9ec3edbd94093856bf379875dbbef4602 SHA512 a55285885d076250890765f25b3c2af5e28649de7efcc275d12ba751784182dccdab76b0f72f5e68863581b588cd4ddd615a218ebdd47be4317983f4c919fc9a WHIRLPOOL 55590c98ef738179e4ec0b4f3791d3fe38c7074173569408f32e102df38e1b86f29b729b85b791fd5661fff69f81c72d86402474eee5669fa079a090311fe47b
AUX allow_xdm.patch 472 SHA256 9d0462096d7eb03489dbb4f5920c767828068cc87d2e41c75c37631f95850368 SHA512 c728b3619746902584d2f75ef57829a249c964139a24bd012530399ce3fb478fd2236efaa6c5313dd8132ea46ecb9a8c899f7a10c5b063da2a03ba9f9ba2650f WHIRLPOOL 93d4fdd206602833104f43eae576fc22bee4975e3ba116dd4caff1067a0394c230726d70d8e74d90288c984b46c3f9d26856bb2ee663dd63ace425ce6acc4d71
AUX sssd 488 SHA256 464f6ecb559cbe14dcd1974837aeab338f4ce38686cc464bcddf1db28839caa5 SHA512 274473cf69e62f405c2af2ea94e9964f579140c47623f4d7712f33c9e34525fda6b77c8fe8d180e8b45905ad6c4d581f9ae4f173aafa0660e48f61da0069e65d WHIRLPOOL ceb70b5c0bf11f6620f0c31fab6c7f4fe5c7ff84fc07aa4f63a6a73be05f0bca62d1f9ab0d422ec0c97939569ec3a6ca7ed63b13ede84f6e39c4ac3c12cc0ba4
AUX sssd-1.13.0-fix-init.patch 814 SHA256 edb1d019c8642794700f25a7f6b4adf06748d00a5def81c535415828498c9024 SHA512 6e25c091789fe31ca515de85510a473189b4007c9ad180f20e6c372ea4a78a64f1c881fbf36ac4c648897dcef3d61586bb4d66b7256c7bba3bca83d11f83ecc8 WHIRLPOOL 07cdc90f2c66b22856fee3f46969bc65a4fe2e7e55fe0a617c5d094c1745122bea1692dda5c67d7e74aad66890181653186dbc08e068330aed66f911745f726e
AUX sssd-1.9.6-fix-init.patch 1020 SHA256 d9c1044ed9fca08cc4c104622aea56faa182465f5ce82796963636915de41ab9 SHA512 7718f990265fb1d4a717b3ca3863279b3351625438acea4bb3325ee3db7cdfef332290042856019badf22c1de604095686521c733fb0c725f2eaef0df61e5100 WHIRLPOOL 602bf7f3a4747b28d6af97284edaeadee82b9c1b28239a388b17166c5a0ea8b6b99842b4f3921ea94c40889987dcb3fee782435ce82eef3a0070a6655789f9d3
AUX sssd.conf 124 SHA256 bc5154f0ee2c2e6cffd5b6e371d4302a5952bd04343dd4c56689f43821a5fb94 SHA512 f16908c44b213edbf6b0c6e8d49df92e8c06fc623279037074fe51e49b8aca7dc18f5ed83f71909fc8209df80dfc150583edb1687f88e61588bdf9d1fbf6ed5a WHIRLPOOL 37151473420598bd24d90ef1975ba83c5e9f5301a459b8d73d5df540d5b67686494b9f826b8e985b42765c65861d5f82b6ef705ebe577e68bbf57a893a24f32b
AUX sssd.service 341 SHA256 633a4824ba95524a0d9cf8b42cd1a5dc3f9b40f6aeda9ffc60d56edf72b2015e SHA512 99510d11f390722f56bc164059033fc40299dd4ea29f98cd5f08b2648f31b2e70afeb6b2d90f919bde595546c80b4e6941cf6f48130661ead09c0576043e4cf5 WHIRLPOOL 57963f1251e8f24d2ca67b1c71108171c468077e8ace27347d22e21ce854ab339a4131741397fa39607d8b10621c8fc33420a14bef1fdbd236442ad733299182
DIST sssd-1.12.1.tar.gz 4088341 SHA256 18b2d7e93e77435708feaf3ff65656f89e5a531ae6d48c4bff98168f171ba8ff SHA512 9514586eb51ac7e8d9639f2aba52cfd5cf71c442ee0a6c652e7838a96cf0fcb62ce4ffa9f9b956d984cd5ecfb3d13b8c21a66677e1e3e9e76f13202792ee2a7e WHIRLPOOL 73b34d373b3b557dc1a075eef94c69ff12051ffef04cd607e81bd84366ca233b67a1b815b02f6aa80d14fbc0453cbe301cdee75e4cc1e218aef8160b2a875e8e
DIST sssd-1.12.4.tar.gz 4226841 SHA256 ea3be3a40b20284bd3126481dd0747cd07e39d5ef7ef7026d4902d96fc3e9edf SHA512 817141378d4c535ee1018c4246c77a61b963ab10c026e6983e1be90860fa68698dd60cd27ab7ac77da096057f8c71cba90387cf3329e9d43e98a23163f8bb233 WHIRLPOOL 7ee273fcb2e2311f9239face618be1d2eb88c4b6df177ce61854e3465fe6e484753b55a7e864f3b6e4beb2ebea43ae348a06d3ea29eb2560a2ebe3c8a8d0ffed
DIST sssd-1.12.5.tar.gz 4300869 SHA256 243d8db7c72ecb21aa9db8a09fe9f9b10049dbdb35a1cc2f55e214f21e3ce256 SHA512 573947c58dc53b92b6b60390375a70f3842e0bfd22c696e60dd84b8dd671bc508f30f3a0952135b0c6a1e555d43493f59ce60f780a5130696cada06cc467fa6c WHIRLPOOL 6614d32f0808b97e55b33f996e12207b4960b6f694a7321235e26b7760aa84acad7dd68c2019857ce08d32585f9157e28d2a4be6f944f1eeaaf2f6b84c807638
DIST sssd-1.13.0.tar.gz 4417697 SHA256 bd1dd95165bca02a08fbd0ea8ac6aa296bc339798d6c6566aee823c536718a5a SHA512 c11303557180d6491933f5732ed831d1725d33e7444d92d5a20ba24a35d77845711d8427d869fe526fbdea482944269469f5bbbb779e3006998fbe09403ebf7f WHIRLPOOL 0ef934e4e22d1c5a8d1e5f649de29e162717e421a341839cecc9ac089d022a30f843463966dc572619b959fd4e850d651bf372e2d511dba24994f790f1006a55
DIST sssd-1.13.1.tar.gz 4517171 SHA256 ff6425d455a5cae2359e32c8627832e67b5cc0bbec4081a16d926b6e1b431ae7 SHA512 93d7f9230e6464c3346abad374e7b4a17a148a5d6e37736a4d1aaf9c99dce6065e0b1eed329c8de997c7cf902728077dd31ec4920a8d192fc67cc27f16723346 WHIRLPOOL 1b169a5ada95968508314e0f5f466a3c5655839e106a875ecf0f6001aaafe1c2228a6e79c10d9d23392fa54c375f5514c2f2d52b414d57b089de521b3f3cac77
DIST sssd-1.9.6.tar.gz 3180066 SHA256 ca96e8d98eb4113396b13d9601dbdd20f4b2f2613d0f29a0157ffd05e3748601 SHA512 32d6056db1a17fe348f0b932d4242ce3b3dc615d4d93ebf580f5f9a3e16985324d9955e092803cf9a2bf35724feab0450737f516e9ce003f6812a0debf54ba15 WHIRLPOOL e496d63a042b39dd5d269a7d24b9a535c73a47741a4429e78e2a9d1282515747a83251338d6c94d75b2de06a415bfed18f7223864b1b4e9a824a25d41afa6a59
DIST sssd-1.9.7.tar.gz 3485351 SHA256 ed2b7e9835143404cbc0e3e105607b7c554f568e4af024b5db0f10ca4f809c7e SHA512 1c73078f2127c1359c13601900e39dcb7527c5ca1346dfbb2fdcf07d98d3542f7b79aed8acc9dd289ab1a679f0b5477e08a9f1d58da4847ada53bdb4f3f606e2 WHIRLPOOL 691164b8edbcdc5acba024a00ead18e1769175cf6f9c3e49f065d31c84b55b315e569fbf04a841c9cd67ce76531f26875a97e0c553b462aecee29aa9428493be
EBUILD sssd-1.12.1.ebuild 3438 SHA256 a742120dbf88db2387731323dcd45798767342e2cd19ba27c10d22a7d819be0f SHA512 8aab2f9912a4959645d1ed0fa68c25a4bf5483e33edf9218a81b5f92a568e0094952fb6dc82459daf7d825bea6c3154d562362b83d55a53a18664f4d0c39198b WHIRLPOOL a0dddadf7983e466b9d47edeb11d38e15dc70a113451a1456c7e8402ef9c50b1aed3c8cf5f6ffa4cf9e0819440a903a30137d1746cc33441bb6ff17d8ed0fc98
EBUILD sssd-1.12.4.ebuild 5287 SHA256 d24f2ec4cbc28719fd98e5f7cd230ca4ff959a91f9a7b33fd92a367d6add8dbb SHA512 6a99828a719f7c5224e21d10b818c5076a0707e32ce25c712c253e02aba3611b862d7de8fc174822a7164f3add15399ae8c1838a05a38d3fbb70c8c424fd3b03 WHIRLPOOL d36de690c78e802fe90874dc6e9ee8cd652f6cd139a43c65347531b556b349e9f2bce548b7c4fecca14c464fa644f141dd66d4f87b3f6408c82beae63ed74630
EBUILD sssd-1.12.5.ebuild 5287 SHA256 d24f2ec4cbc28719fd98e5f7cd230ca4ff959a91f9a7b33fd92a367d6add8dbb SHA512 6a99828a719f7c5224e21d10b818c5076a0707e32ce25c712c253e02aba3611b862d7de8fc174822a7164f3add15399ae8c1838a05a38d3fbb70c8c424fd3b03 WHIRLPOOL d36de690c78e802fe90874dc6e9ee8cd652f6cd139a43c65347531b556b349e9f2bce548b7c4fecca14c464fa644f141dd66d4f87b3f6408c82beae63ed74630
EBUILD sssd-1.13.0.ebuild 5494 SHA256 0a3e02ddf9301319cc165a034b3e45bd57a43a7ef392d167377594b639d93bc5 SHA512 864d970f8cf72043167e8a9c6643582906e1286256d657ea249a126cb95a5b66c9dc001e636b5f93b97793cf1939425d19b97dd4a69c6712eeac7f450c2799a4 WHIRLPOOL c809a59252a3204b6274e96cad87e65c790dcb7ee5081d234dfc71a054dc7173c62892a82b89d46f3e74242d1aa2ef59ecd913f433f44d000fdac29438245bde
EBUILD sssd-1.13.1.ebuild 5436 SHA256 d960862b23ef0efd44c5bb9f44286fa73cac1e18523420ed2c09a3bfa65d45bc SHA512 baa89853f0b5813f0cb599f077808c9bf66acdd285e36c4dc002c98995009a41118fcdcf0f70d79df02eb01c2ccf7bcb3d61b0e950b99b212642ae66900e7820 WHIRLPOOL 3f0f3e8c7d840e1e27cacde6992ff70cf75bdb52b72e1867c3b296ddf90c8cc3c233087e018b422ac1543418de90e212277678e0b7105a317d2d809050cd4918
EBUILD sssd-1.9.6-r3.ebuild 3118 SHA256 4d5583207b3bf13db0bfc654439ab76afb95603c402532c37363ecd9464adf56 SHA512 52e897cb939780d505e2ce3e72f6160642253db550124f568f376613564d2719a6e41debc0468e2dc55d83d2a4be0135d0fa3bf677b01e4e3fd37e04160d1ff3 WHIRLPOOL 1a7ba4dbeac0ac399fbf6199672108ae4dc3befb5dddca2b73147e38d7dd9f4710ad7ae84181052b048a37144618431e8d142e11a25b82c0c9da174a2464d976
EBUILD sssd-1.9.7.ebuild 3133 SHA256 7f4e1bba3508a4a4585f130a2ccda8ed8cccc53427fd275d80602d9e642a6015 SHA512 0bbb8bb8e31843f0baddd466345f2849d8f9b2aaef88d947263f3ee50e07b948cc4553951d3a93d3368a1b6d667ff7e995429854bc5efb953b7cee6cc4875fb8 WHIRLPOOL 99c71b4e5b4b94ad058a0f613139f9eee18fd811e25a9a31f945a9d8f0337296ec4fc8d3d8a1f7b47a5902fc17248259079d2e4551d0ea4ba7bc8ea195056a8d
MISC ChangeLog 3773 SHA256 b4f6a0f45702526e37c23d3a5f90fd3a7b0a23f8d0d262a26450272604ff4447 SHA512 58721f69badc3a7880caee75e807c0e3e1ea757b4c1a381e252d4fb872bf0e081f150e7c96bc37b3e455d8607f5f418693ccd624b376dfd1719cd771cba5f756 WHIRLPOOL a10e5be4fc054656cd301d4d372f57886aff5bfca3a330d7837c7a8ecaca99f04fc2a86664415211347ec38a098d1921df3ef1119a873a40eca81fa7afe194dc
MISC ChangeLog-2015 11963 SHA256 154e1613682ee02aa2e786fe88b8d2de96f2a16ee7e88fe253e426d5980f1c44 SHA512 062523e93acd6935c90c3edd1da99310460582a3d4c8ceb0976cb087f2c8d108d485d866d21fd2d6a354b6d0e692f1618647307409f71cac93b9e71a655f010d WHIRLPOOL ce0a1ca173c71a004b3eb4d93d18dda3d239cfae49e18e2a8a49f998918366f5bc1e0e30373bced0685aede13131497db7c6dd8c581519428feea267b00b7f69
MISC metadata.xml 1037 SHA256 9509811fba6f4021d94d02b3e3e1da972bfbc05f6c3ca9c23842a7f4f729d9d3 SHA512 1269a811a3891fa298387667d321da5b8cc67440b4d69865c80ce0ac72a12a05eec6734e3ffeef8f4b7316dbd419a6eed98844ff120d5c3752d6ca0918401731 WHIRLPOOL 84e4351e84a229942a4ad3d7e6cdc2894989455a4bd9ad57983ebe13f65e2bf2d493fd5c9015125238685a65e3e3d57d1899a457e98acf1a12cb59a1899109d3
DIST sssd-1.16.3.tar.gz 6217114 BLAKE2B eefaf8de466d0d76e9a4b60aefef6eb63c17a55b9a1f2e07e973a61d71cbe5432e92357656a1eb353d45bbc2fa92290cef45898d0b315d4a4c4074652ff25a23 SHA512 6165923f652f624bbe3ddc625ae682c4867eb7a20652d0cf74bbb8dda2307c917d3189ede26fd21a4fb5fd5926149271a65fa09f3affe928029ed99e6422b728

2
sdk_container/src/third_party/coreos-overlay/sys-auth/sssd/files/sssd vendored
View File

@ -1,4 +1,4 @@
#!/sbin/runscript
#!/sbin/openrc-run
# Copyright 1999-2011 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2

Some files were not shown because too many files have changed in this diff Show More