Add updated X509/hpn patches.

(Portage version: 2.2_pre5)

3 files changed, 104 insertions, 6 deletions

diff --git a/net-misc/openssh/ChangeLog b/net-misc/openssh/ChangeLog
index 59ad22d057d5..6c7436bd6143 100644
--- a/net-misc/openssh/ChangeLog
+++ b/net-misc/openssh/ChangeLog
@@ -1,6 +1,13 @@
 # ChangeLog for net-misc/openssh
 # Copyright 1999-2008 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/net-misc/openssh/ChangeLog,v 1.300 2008/04/02 11:44:20 armin76 Exp $
+# $Header: /var/cvsroot/gentoo-x86/net-misc/openssh/ChangeLog,v 1.301 2008/04/02 15:42:29 vapier Exp $
+
+*openssh-4.9_p1-r1 (02 Apr 2008)
+
+  02 Apr 2008; Mike Frysinger <vapier@gentoo.org>
+  +files/openssh-4.9_p1-x509-hpn-glue.patch, -openssh-4.9_p1.ebuild,
+  +openssh-4.9_p1-r1.ebuild:
+  Add updated X509/hpn patches.
 
   02 Apr 2008; Raúl Porcel <armin76@gentoo.org> openssh-4.7_p1-r6.ebuild:
   alpha/ia64/sparc stable wrt security #215702
diff --git a/net-misc/openssh/files/openssh-4.9_p1-x509-hpn-glue.patch b/net-misc/openssh/files/openssh-4.9_p1-x509-hpn-glue.patch
new file mode 100644
index 000000000000..a024b7140080
--- /dev/null
+++ b/net-misc/openssh/files/openssh-4.9_p1-x509-hpn-glue.patch
@@ -0,0 +1,91 @@
+move things around so hpn applies cleanly when using X509
+
+--- servconf.c
++++ servconf.c
+@@ -106,6 +106,17 @@
+ 	options->log_level = SYSLOG_LEVEL_NOT_SET;
+ 	options->rhosts_rsa_authentication = -1;
+ 	options->hostbased_authentication = -1;
++	options->hostbased_algorithms = NULL;
++	options->pubkey_algorithms = NULL;
++	ssh_x509flags_initialize(&options->x509flags, 1);
++#ifndef SSH_X509STORE_DISABLED
++	ssh_x509store_initialize(&options->ca);
++#endif /*ndef SSH_X509STORE_DISABLED*/
++#ifdef SSH_OCSP_ENABLED
++	options->va.type = -1;
++	options->va.certificate_file = NULL;
++	options->va.responder_url = NULL;
++#endif /*def SSH_OCSP_ENABLED*/
+ 	options->hostbased_uses_name_from_packet_only = -1;
+ 	options->rsa_authentication = -1;
+ 	options->pubkey_authentication = -1;
+@@ -147,18 +158,6 @@
+ 	options->num_permitted_opens = -1;
+ 	options->adm_forced_command = NULL;
+ 	options->chroot_directory = NULL;
+-
+-	options->hostbased_algorithms = NULL;
+-	options->pubkey_algorithms = NULL;
+-	ssh_x509flags_initialize(&options->x509flags, 1);
+-#ifndef SSH_X509STORE_DISABLED
+-	ssh_x509store_initialize(&options->ca);
+-#endif /*ndef SSH_X509STORE_DISABLED*/
+-#ifdef SSH_OCSP_ENABLED
+-	options->va.type = -1;
+-	options->va.certificate_file = NULL;
+-	options->va.responder_url = NULL;
+-#endif /*def SSH_OCSP_ENABLED*/
+ }
+ 
+ void
+@@ -329,6 +329,16 @@
+ 	/* Portable-specific options */
+ 	sUsePAM,
+ 	/* Standard Options */
++	sHostbasedAlgorithms,
++	sPubkeyAlgorithms,
++	sX509KeyAlgorithm,
++	sAllowedClientCertPurpose,
++	sKeyAllowSelfIssued, sMandatoryCRL,
++	sCACertificateFile, sCACertificatePath,
++	sCARevocationFile, sCARevocationPath,
++	sCAldapVersion, sCAldapURL,
++	sVAType, sVACertificateFile,
++	sVAOCSPResponderURL,
+ 	sPort, sHostKeyFile, sServerKeyBits, sLoginGraceTime, sKeyRegenerationTime,
+ 	sPermitRootLogin, sLogFacility, sLogLevel,
+ 	sRhostsRSAAuthentication, sRSAAuthentication,
+@@ -351,16 +361,6 @@
+ 	sGssAuthentication, sGssCleanupCreds, sAcceptEnv, sPermitTunnel,
+ 	sMatch, sPermitOpen, sForceCommand,
+ 	sUsePrivilegeSeparation,
+-	sHostbasedAlgorithms,
+-	sPubkeyAlgorithms,
+-	sX509KeyAlgorithm,
+-	sAllowedClientCertPurpose,
+-	sKeyAllowSelfIssued, sMandatoryCRL,
+-	sCACertificateFile, sCACertificatePath,
+-	sCARevocationFile, sCARevocationPath,
+-	sCAldapVersion, sCAldapURL,
+-	sVAType, sVACertificateFile,
+-	sVAOCSPResponderURL,
+ 	sDeprecated, sUnsupported
+ } ServerOpCodes;
+ 
+--- Makefile.in
++++ Makefile.in
+@@ -44,11 +44,12 @@
+ CC=@CC@
+ LD=@LD@
+ CFLAGS=@CFLAGS@
+-CPPFLAGS=-I. -I$(srcdir) @CPPFLAGS@ @LDAP_CPPFLAGS@ $(PATHS) @DEFS@
++CPPFLAGS=-I. -I$(srcdir) @CPPFLAGS@ $(PATHS) @DEFS@
+ LIBS=@LIBS@
+ SSHDLIBS=@SSHDLIBS@
+ LIBEDIT=@LIBEDIT@
+ LIBLDAP=@LDAP_LDFLAGS@ @LDAP_LIBS@
++CPPFLAGS += @LDAP_CPPFLAGS@
+ AR=@AR@
+ AWK=@AWK@
+ RANLIB=@RANLIB@
diff --git a/net-misc/openssh/openssh-4.9_p1.ebuild b/net-misc/openssh/openssh-4.9_p1-r1.ebuild
index b1488f5e0b50..f99e9874f5f9 100644
--- a/net-misc/openssh/openssh-4.9_p1.ebuild
+++ b/net-misc/openssh/openssh-4.9_p1-r1.ebuild
@@ -1,6 +1,6 @@
 # Copyright 1999-2008 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/net-misc/openssh/openssh-4.9_p1.ebuild,v 1.1 2008/04/01 15:51:43 vapier Exp $
+# $Header: /var/cvsroot/gentoo-x86/net-misc/openssh/openssh-4.9_p1-r1.ebuild,v 1.1 2008/04/02 15:42:29 vapier Exp $
 
 inherit eutils flag-o-matic ccc multilib autotools pam
 
@@ -8,16 +8,16 @@ inherit eutils flag-o-matic ccc multilib autotools pam
 # and _p? releases.
 PARCH=${P/_/}
 
-#X509_PATCH="${PARCH}+x509-6.1.diff.gz"
+X509_PATCH="${PARCH}+x509-6.1.1.diff.gz"
 #LDAP_PATCH="${PARCH/openssh-4.9/openssh-lpk-4.6}-0.3.9.patch"
-#HPN_PATCH="${PARCH}-hpn13v1.diff.gz"
+HPN_PATCH="${PARCH}-hpn13v2.diff.gz"
 
 DESCRIPTION="Port of OpenBSD's free SSH release"
 HOMEPAGE="http://www.openssh.org/"
 SRC_URI="mirror://openbsd/OpenSSH/portable/${PARCH}.tar.gz
 	http://www.sxw.org.uk/computing/patches/openssh-4.7p1-gsskex-20070927.patch
 	${LDAP_PATCH:+ldap? ( http://dev.inversepath.com/openssh-lpk/${LDAP_PATCH} )}
-	${X509_PATCH:+X509? ( http://roumenpetrov.info/openssh/x509-6.1/${X509_PATCH} )}
+	${X509_PATCH:+X509? ( http://roumenpetrov.info/openssh/x509-6.1.1/${X509_PATCH} )}
 	${HPN_PATCH:+hpn? ( http://www.psc.edu/networking/projects/hpn-ssh/${HPN_PATCH} )}"
 
 LICENSE="as-is"
@@ -71,7 +71,7 @@ src_unpack() {
 		-e '/_PATH_XAUTH/s:/usr/X11R6/bin/xauth:/usr/bin/xauth:' \
 		pathnames.h || die
 
-	use X509 && epatch "${DISTDIR}"/${X509_PATCH} "${FILESDIR}"/${PN}-4.7_p1-x509-hpn-glue.patch
+	use X509 && epatch "${DISTDIR}"/${X509_PATCH} "${FILESDIR}"/${PN}-4.9_p1-x509-hpn-glue.patch
 	use chroot && epatch "${FILESDIR}"/openssh-4.3_p1-chroot.patch
 	use smartcard && epatch "${FILESDIR}"/openssh-3.9_p1-opensc.patch
 	if ! use X509 ; then