diff options
| author |   Tim Harder <radhermit@gentoo.org> | 2013-08-15 04:56:42 +0000 |
|---|---|---|
| committer | Tim Harder <radhermit@gentoo.org> | 2013-08-15 04:56:42 +0000 |
| commit | 3e86c997a03e734ddd9196569a87de0e0e201e6b (patch) | |
| tree | 4e322b043884664855da40dc2c7cf0695ef436ae /net-misc/openssh | |
| parent | Ref bug number. (diff) | |
| download | historical-3e86c997a03e734ddd9196569a87de0e0e201e6b.tar.gz historical-3e86c997a03e734ddd9196569a87de0e0e201e6b.tar.bz2 historical-3e86c997a03e734ddd9196569a87de0e0e201e6b.zip | |
Update to hpn14v1 patch that fixes the multi-threaded AES-CTR cipher when the process forks to the background or when using the rlimit sandbox.
Package-Manager: portage-2.2.0_alpha196/cvs/Linux x86_64
Manifest-Sign-Key: 0x4AB3E85B4F064CA3
Diffstat (limited to 'net-misc/openssh')
| -rw-r--r-- | net-misc/openssh/ChangeLog | 9 | ||||
| -rw-r--r-- | net-misc/openssh/Manifest | 19 | ||||
| -rw-r--r-- | net-misc/openssh/files/openssh-6.2_p2-x509-hpn14v1-glue.patch | 87 | ||||
| -rw-r--r-- | net-misc/openssh/openssh-6.2_p2-r4.ebuild | 307 |
4 files changed, 413 insertions, 9 deletions
diff --git a/net-misc/openssh/ChangeLog b/net-misc/openssh/ChangeLog index 13adad1c4578..eb22234136cc 100644 --- a/net-misc/openssh/ChangeLog +++ b/net-misc/openssh/ChangeLog @@ -1,6 +1,13 @@ # ChangeLog for net-misc/openssh # Copyright 1999-2013 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/net-misc/openssh/ChangeLog,v 1.479 2013/07/21 10:02:17 radhermit Exp $ +# $Header: /var/cvsroot/gentoo-x86/net-misc/openssh/ChangeLog,v 1.480 2013/08/15 04:56:36 radhermit Exp $ + +*openssh-6.2_p2-r4 (15 Aug 2013) + + 15 Aug 2013; Tim Harder <radhermit@gentoo.org> +openssh-6.2_p2-r4.ebuild, + +files/openssh-6.2_p2-x509-hpn14v1-glue.patch: + Update to hpn14v1 patch that fixes the multi-threaded AES-CTR cipher when the + process forks to the background or when using the rlimit sandbox. *openssh-6.2_p2-r3 (21 Jul 2013) diff --git a/net-misc/openssh/Manifest b/net-misc/openssh/Manifest index e6cce9d686f4..b9d653fd76d2 100644 --- a/net-misc/openssh/Manifest +++ b/net-misc/openssh/Manifest @@ -18,6 +18,7 @@ AUX openssh-6.1_p1-x509-glue.patch 573 SHA256 e51aa53e9e0336606fc36af237d5033834 AUX openssh-6.1_p1-x509-hpn-glue.patch 1491 SHA256 28c5000f7c8b23afc363d066cf96d39c00882274f227b7743b1e376df8b61a2e SHA512 0d6bab08cc400b81d936883bf39f5a461799874f6ea3dcf55c083372ed379bc0066b913646f7a0e32167079ba85409c272b258de179d55660739df4bbbf30e5b WHIRLPOOL dbfbf8eb0312ae119421e45efd8243b089ab2d3c2bc1f7b7cbd5b56f86844dfe42b27952e4ed88653679ec036f70b8edd3e00f17ae097241fbc88567bab38505 AUX openssh-6.2_p2-x509-glue.patch 555 SHA256 e0aa2310ffd1c4e1bd6663d1e9420e42ce9fce0096ca263b63d6a8fe34de91c7 SHA512 002d67109b116abb465c06c0f6ca6e431654bfc924864ffe4563afe91fba723dc3c0c484032205cadd6da4dcbe6a79ad31c83d0d2018adb22d0940ba35f531d4 WHIRLPOOL 8484c826e7c9aad0bd6a2f1779fff798573786c5b264c4a98e1c88db5b8b107ca9b5f573d3f240b8ecfa7fdf2a87e41cd174263804d29007093ae246ce034237 AUX openssh-6.2_p2-x509-hpn-glue.patch 1451 SHA256 4e61991619cef00a09951ceea68fdd5c3e9d947031d5dfef2e054d0254ef606c SHA512 37d15f3014c45804436b804489b8a7473189867c71e5d6cce8d666b1556cfd5b89ef8ed143b7d81ca5d61ff03e6485dd1a096e9571a49ac9ad2d3ca5a1963d20 WHIRLPOOL 8b79e621fc9dd28e40c8544235e5ca44eb98f5987bd8024e8ae25f99fbfe468c7995814bae7ca207cae83dbfd5cccfa37a19f07049e5555b65fd9cdf9f30bd8b +AUX openssh-6.2_p2-x509-hpn14v1-glue.patch 2613 SHA256 83c8d03cfd0f81cd2f7018ec85659d14e0c50f2de1da490e45699d1328eee5f2 SHA512 2f69a97334d3af4488e1e1a3e3d8d03cda38260595ddce0eee6b01d3cb818b513f21955d83636f0d5a0cb295be4ef303a941186d8a818c75d6cd2f0a08429ab9 WHIRLPOOL 7465382738c859007018f362acf0a3f771e2aca5207f0f55c9e4ee053d303f08d7d29a79da286f9f19891c88e490eaba24a23027605922dba3b53b9d7034f5f5 AUX sshd.confd 396 SHA256 29c6d57ac3ec6018cadc6ba6cd9b90c9ed46e20049b970fdcc68ee2481a2ee41 SHA512 b9ae816af54a55e134a9307e376f05367b815f1b3fd545c2a2c312d18aedcf907f413e8bad8db980cdd9aad4011a72a79e1e94594f69500939a9cb46287f2f81 WHIRLPOOL 69f43e6192e009a4663d130f7e40ee8b13c6eb9cc7d960b5e0e22f5d477649c88806a9d219efef211f4346582c2bb51e40d230a8191e5953dbe08bfff976ae53 AUX sshd.pam 294 SHA256 f01cc51c624b21a815fb6c0be35edc590e2e6f8a5ffbdcabc220a9630517972f SHA512 3268dc826978fbb205968744d83c6f1c838c9c73bf9c4ceee709c5b4168b4aaf06bcde47a32808571fa71cbc5a6bfdb98406995b2b28c9e633ce392a53932d64 WHIRLPOOL fff8966d66d75cd4d70607585b5de063f225a776b73b8b0f8146c5eed6c8ffd2ca38c46f86fa4e2ca8caafcde7797a3f0b177e60baa6fa0642064080883fa68a AUX sshd.pam_include.2 156 SHA256 166136e27d653e0bf481a6ca79fecb7d9fa2fc3d597d041f97df595f65a8193c SHA512 d3f7e6ca8c9f2b5060ebccb259316bb59c9a7e158e8ef9466765a20db263a4043a590811f1a3ab072b718dbd70898bc69b77e0b19603d7f394b5ac1bd0a4a56c WHIRLPOOL ba7a0a8c3bb39c5fda69de34b822a19696398e0a8789211ac1faae787ee34f9639eb35efe29c67f874b5f9fe674742503e570f441c005974f4a0c93468b8970b @@ -40,6 +41,7 @@ DIST openssh-6.1p1-hpn13v11.diff.bz2 19999 SHA256 08bfc1f3c582f23b3ce386e78baf37 DIST openssh-6.1p1.tar.gz 1134820 SHA256 d1c157f6c0852e90c191cc7c9018a583b51e3db4035489cb262639d337a1c411 SHA512 1cd58f18b047fa92a3155fa215d69c04e1f03914488a21bcda5434899df6055567e59f77063f0080b0cb437bb2396d3bf4050ed0c5ea2d1dc20d6fd928d5a76c WHIRLPOOL a1ecf33e8c4048c59e55d38cc8bb3f89357ac8fb74fdbb57e24e111e1749620fe6f7e329a744e3cfc9ced3e445539ce85926c7877a0f12475ccf14f124f9234b DIST openssh-6.2p2+x509-7.5.diff.gz 218099 SHA256 bde2471a22f3ddee86a2c176fe30321b73d68a0097aaaa554f59c96fc58e9019 SHA512 a48c4b3563de94b5ce86b8f6b5c0bf7ee5f4ab43e917fd37fdbe75aa21901073dfa4e96f158449d7ea47916d70cface8215f369f5fe3c700008d2c72d91afdc6 WHIRLPOOL 2acc67c150657cda93c4a982f35a7ed88a5e268e9b980e3f9e9aee8333899f88cc63a24e3a463dd3d2c95d35a5d3a8f8fdad087ae2f16b295c42a566524554b2 DIST openssh-6.2p2-hpn13v14-r1.diff.bz2 19937 SHA256 10c5213601f6bb48834b8ba8d0a31282f969138505b19303b831d3c0e1695d13 SHA512 801999ea5a19002b500273a5bdab568605c99688c2a96e15143b9e76b7928f4a35b47cee6a94a2ecfa2f0c979011555a062be19d145a947965ec3d59374a9af0 WHIRLPOOL 5f037e09645ef2bf1e8d3afbf73ff74aff17fe195e8f43bc81d12d9b67430abc4f3176461f623f05fcd345faa22dca588c6d4e7206116c4dcb2e8540f294519a +DIST openssh-6.2p2-hpn14v1.diff.gz 24612 SHA256 5243c76ceecb2fd0934d87fd9c33604ff0241c00156e456bf5b7e40e407d8c90 SHA512 1febba3007604e30ff7a7c2437df5fd792ee2a743c7a28f8d54f75de45a4275b6d766e7d633274adefde980eda4e03219b1a49f151f85eac78967cbc9f830e6d WHIRLPOOL bed18e41ba8df1365076d95228cd9d4651070863c7c187918db8299214bc793bc4b4ecc311694039a62d7809abb8fb1ce8748f1b1d8095b072fe39e9e7413271 DIST openssh-6.2p2.tar.gz 1182922 SHA256 7f29b9d2ad672ae0f9e1dcbff871fc5c2e60a194e90c766432e32161b842313b SHA512 80c8fb6bb25e86e8261cc7c6671773cdc0d9b0da9c9ebca33b3d5278c44197734fe32e878e1f444b693c4b49b0a525458aa07e57c231cefafc23a9c6975b05df WHIRLPOOL 84cca243e84548cf0cf1880e89c8d41745cde9c58fb7c153a5f0e1670bc6e251b385e44e5d05f9f2043044f81fc2904484320ab24ef142aadd5f696ee7880855 DIST openssh-lpk-5.9p1-0.3.14.patch.gz 18335 SHA256 1a922d57a2e7020bf597135437a57080d7d046c9f41a7a53559945ddddbe0892 SHA512 eb4641d30e221eaa409d22ab423e38c1a31dd9dfeacbf978c94827194cb838cc0f832bf96aa4c494a71a5d5d1b90fc6789e8469e35d82ffcaf54305f07ccdb9b WHIRLPOOL 6748426d6d0cda07729744d8993d96a762134a61acf757afc1618ada5cbd9752d9211a89be831e5a4f1744f70cc4fc643b5f745d1f785b53a4e1dbf9d7c92680 DIST openssh-lpk-6.0p1-0.3.14.patch.gz 18401 SHA256 d0f3d55fd92ecc45aa6120d6ea919c903e4828ce0c2b07612c742a2aa7648beb SHA512 ebf680b90bc289c0d69c22fd6fd666032cdcf4c3850ecdf03e264200d60c50a12f4a5254907c6ab850727216e7837176be5564ae22b68d9b80a67c62f372a9dd WHIRLPOOL 4f8b32c77fc2a9205d283109ccd787a3f37757c18060da39c63147ff09f6b922f4a57ca1ba8d0cdc692f3f1eaba3e5e88eb4287f728ddaaf544d2d425c0cca91 @@ -49,16 +51,17 @@ EBUILD openssh-5.9_p1-r4.ebuild 9231 SHA256 7ea0413a7f640b262017ff6958c5a7ff0080 EBUILD openssh-6.0_p1-r1.ebuild 9509 SHA256 1ba812b3a355e66e528f33217d7b6a7e0fbaff06bfc056aee9cfb61571860b14 SHA512 6cc85ba1e2f945384c84768bcee9114b7169fa55ad73b5c361b74b6fa981125d59bf555132366ed4d4ff2cc1fd05b0289c04940db06a1777d72303414c065482 WHIRLPOOL 0e8e9357134d8e64827c3e8e2cf0e0cdb327813f5436e1b9bcae68a3aeea7826f433f150131cdd08526928bab200ab9b218a7dfc9b1a8f36fa87a5c6c3d56e47 EBUILD openssh-6.1_p1-r1.ebuild 10257 SHA256 fa9ff7a800f65c5805ec7a59009e2effc1c5aff97c0b127d7a6bbd08f6d628c2 SHA512 1401d434f483b724e68f9d1698b2b0db1f15237da1d2f427c8f2c263d74fd50f60904fbf88b7231e212cd95e8d23b10b68c968a4db4296aa2ce198418c1a60e8 WHIRLPOOL e1814e33caa938e0182eaaa5c1863daf90b548fc9ae4179afd8a92a0a5bd2bd4fa773c5b4707c1a7300d8489ed49cdc89d69bdd9446b5e4aa8fbe6f52da2cc48 EBUILD openssh-6.2_p2-r3.ebuild 10238 SHA256 227ee129871454e25fb0db27113fe3b37e19f328a32ecba9be26b0bfce314965 SHA512 fa33b66a46fe601b5f0e19741fe682037256c8c2bc108f93361323c9b6d912894fe1171dacba1bc08bd112e7457521a16213113ee980de11abddf4db37328ea3 WHIRLPOOL 58a0900d00b3502c34a853b80b17de64472bac94702dfae2c1fd335dbe4b4ad0c1f71d780f5490e1c3ef20f7c746949192e2b822b9388c30a88aac2b1f5f2d90 -MISC ChangeLog 78456 SHA256 c9eb1969330dbcaf6af9380f4a05117d4d795feed66dfd47f66b61397c0cfc70 SHA512 a0c207f19987062aa36d9456734a52cdf636a2cb8b6baead1ddec4e99a1ef42075d1a27598c8e638b7ae0c8d2a0a012df81ddcb843ac6f52d9595652e6e0c586 WHIRLPOOL 475740a86e7ed7463404147ba87ce57ff9f419af9b85374cdfe43e77af17ee7117ceadf3169c9b9914104973ed1fc90df1094755db50b4f89e1fbe1efed75b0d +EBUILD openssh-6.2_p2-r4.ebuild 9350 SHA256 8103db5097a5c78db3096fc0b8aa2b977e366511f5dc45ee01c8fbd88447bc9f SHA512 624f16b755791b3aff1c2e1f04075aa874afa53cd4f7853fbb919f5276020855d16e02ddd7bc878110ba9d2a84310809ffb1f056927106ceef7fc6192f460b5b WHIRLPOOL a187a2d94decd79a7a973bbc10ae1171b2e1a22cfdcbddcea9074c2ecfbfcd4b7820652aa180e0058c5fda884d6775f007cab60b7586f9b18369b23972a28c65 +MISC ChangeLog 78764 SHA256 bba38a494508145fef67f05d70311d3a74c0d2298a809b705e861f295bee25c9 SHA512 6bd0e6358aa01920c95ecb25462be4341ce4d046d2fdf7f00fd6dc30aea41dfbfb26342caf538e9f0eb94b8907c75ca327f3a71e0694336c4f28a5a5bf5f0527 WHIRLPOOL 24fba6c03ffc77a1802d578550fa3be2818fb8c1668555f1f6c0fbcd08500f72e6db958f31a5d816f9f83f990388fa44db2af9fcdf341393acf5c490b138079d MISC metadata.xml 1837 SHA256 5f8be0245926a5dc8007dd78594febffc68bbcb45306630d027666872e664050 SHA512 76e044611e16ede9bb9697c0ad448c149131f1f20b84ef1000fb77d6cec954abd48542fd26299a372b4411aa0ecb161ed38396b2c3b5c11c71a4bc247e0b23ed WHIRLPOOL 46c8b0f7911fec3ca086e1601cfab5d03e01a7d8cd2069460975545438f6fa5964f138d19a70ec7db7f1f8c9c0fbb48dcec6ee8269fa9d7b432214e9e3e46806 -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.20 (GNU/Linux) -iQEcBAEBCAAGBQJR67GtAAoJEEqz6FtPBkyj0DsIAK00X3cuE6cTjPchA9b7JJ3x -m41BUg0avMLU5hB5mBZXFzF8pcdxuyQa+b76nJnU8rlmQ2gt5cVJwCtRqln+6R7H -9Hqt+vfJkYoM+5aV+HjESbxumWwg1RUjKdWYvJHkJ91KA40w0Wv1eqpuIoxfBEEU -kEwMQhg86ivDB+ewyNKvtDW84Zcz5/1hjZT4T1B+4bFbTyqQl7Kc2NGIyAZb5a17 -3NsRRl/AMmu6MN+xHnhr53rxSRviiS8X4Qjl2pGjr6rYql/KjzZCgG6gysP2vk2C -jZriJBb0408UkKP1qVwRjA6aibPJooMGGTFVaEU9U5a0EdO4XTmUtriu7C7hkdw= -=l1UJ +iQEcBAEBCAAGBQJSDF+JAAoJEEqz6FtPBkyj1K0IAIex0+eyzX23fNgnFjbQdHPY +zzMLyAW8714virS1FZg1LkYBoMmE2kCp5tXMEUr2Rp2f8dQvCVuHuWYS5XwyKI0n +frLmDLbiTxeY4NSBupxGBv7m3G7MD5gHH/bVYqDyBnVzWqM4ptEkTgWGNLUB/IZX +TP0MPjXD6tD3ONkemtL6BKvqr3kMdUngihXRqXtDBC/bCz4tVtlw0dYpMGLrN4VM +ICtwoFYkNRr42rnkLNFqbiFQebp9Lbr+rv76dli1rZQ1PEhO8o2A76T/Ym2YfLSD +t8CF1aWoE3gPHckCL2SAME5W2D0JK3Jat8GVWlBOcFxS5MkQ4plaAFGnxs4swgg= +=XYUy -----END PGP SIGNATURE----- diff --git a/net-misc/openssh/files/openssh-6.2_p2-x509-hpn14v1-glue.patch b/net-misc/openssh/files/openssh-6.2_p2-x509-hpn14v1-glue.patch new file mode 100644 index 000000000000..befa44e4f559 --- /dev/null +++ b/net-misc/openssh/files/openssh-6.2_p2-x509-hpn14v1-glue.patch @@ -0,0 +1,87 @@ +--- openssh-6.2p2/Makefile.in ++++ openssh-6.2p2/Makefile.in +@@ -45,7 +45,7 @@ + CC=@CC@ + LD=@LD@ + CFLAGS=@CFLAGS@ +-CPPFLAGS=-I. -I$(srcdir) @CPPFLAGS@ @LDAP_CPPFLAGS@ $(PATHS) @DEFS@ ++CPPFLAGS=-I. -I$(srcdir) @CPPFLAGS@ $(PATHS) @DEFS@ + LIBS=@LIBS@ + K5LIBS=@K5LIBS@ + GSSLIBS=@GSSLIBS@ +@@ -53,6 +53,7 @@ + SSHDLIBS=@SSHDLIBS@ + LIBEDIT=@LIBEDIT@ + LIBLDAP=@LDAP_LDFLAGS@ @LDAP_LIBS@ ++CPPFLAGS+=@LDAP_CPPFLAGS@ + AR=@AR@ + AWK=@AWK@ + RANLIB=@RANLIB@ +--- openssh-6.2p2/servconf.c ++++ openssh-6.2p2/servconf.c +@@ -385,6 +385,16 @@ + sKerberosAuthentication, sKerberosOrLocalPasswd, sKerberosTicketCleanup, + sKerberosGetAFSToken, + sKerberosTgtPassing, sChallengeResponseAuthentication, ++ sHostbasedAlgorithms, ++ sPubkeyAlgorithms, ++ sX509KeyAlgorithm, ++ sAllowedClientCertPurpose, ++ sKeyAllowSelfIssued, sMandatoryCRL, ++ sCACertificateFile, sCACertificatePath, ++ sCARevocationFile, sCARevocationPath, ++ sCAldapVersion, sCAldapURL, ++ sVAType, sVACertificateFile, ++ sVAOCSPResponderURL, + sPasswordAuthentication, sKbdInteractiveAuthentication, + sListenAddress, sAddressFamily, + sPrintMotd, sPrintLastLog, sIgnoreRhosts, +@@ -407,16 +417,6 @@ + sKexAlgorithms, sIPQoS, sVersionAddendum, + sAuthorizedKeysCommand, sAuthorizedKeysCommandUser, + sAuthenticationMethods, +- sHostbasedAlgorithms, +- sPubkeyAlgorithms, +- sX509KeyAlgorithm, +- sAllowedClientCertPurpose, +- sKeyAllowSelfIssued, sMandatoryCRL, +- sCACertificateFile, sCACertificatePath, +- sCARevocationFile, sCARevocationPath, +- sCAldapVersion, sCAldapURL, +- sVAType, sVACertificateFile, +- sVAOCSPResponderURL, + sDeprecated, sUnsupported + } ServerOpCodes; + +--- openssh-6.2p2/sshconnect.c ++++ openssh-6.2p2/sshconnect.c +@@ -465,7 +465,7 @@ + { + /* Send our own protocol version identification. */ + if (compat20) { +- xasprintf(&client_version_string, "SSH-%d.%d-%.100s PKIX\r\n", ++ xasprintf(&client_version_string, "SSH-%d.%d-%.100s\r\n", + PROTOCOL_MAJOR_2, PROTOCOL_MINOR_2, SSH_VERSION); + } else { + xasprintf(&client_version_string, "SSH-%d.%d-%.100s\n", +--- openssh-6.2p2/sshd.c ++++ openssh-6.2p2/sshd.c +@@ -466,8 +466,8 @@ + comment = ""; + } + +- xasprintf(&server_version_string, "SSH-%d.%d-%.100s%s%s%s%s", +- major, minor, SSH_VERSION, comment, ++ xasprintf(&server_version_string, "SSH-%d.%d-%.100s%s%s%s", ++ major, minor, SSH_VERSION, + *options.version_addendum == '\0' ? "" : " ", + options.version_addendum, newline); + +--- openssh-6.2p2/version.h ++++ openssh-6.2p2/version.h +@@ -3,4 +3,5 @@ + #define SSH_VERSION "OpenSSH_6.2" + + #define SSH_PORTABLE "p2" ++#define SSH_X509 " PKIX" + #define SSH_RELEASE SSH_VERSION SSH_PORTABLE diff --git a/net-misc/openssh/openssh-6.2_p2-r4.ebuild b/net-misc/openssh/openssh-6.2_p2-r4.ebuild new file mode 100644 index 000000000000..506d96007736 --- /dev/null +++ b/net-misc/openssh/openssh-6.2_p2-r4.ebuild @@ -0,0 +1,307 @@ +# Copyright 1999-2013 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/net-misc/openssh/openssh-6.2_p2-r4.ebuild,v 1.1 2013/08/15 04:56:36 radhermit Exp $ + +EAPI="4" +inherit eutils user flag-o-matic multilib autotools pam systemd versionator + +# Make it more portable between straight releases +# and _p? releases. +PARCH=${P/_} + +HPN_PATCH="${PARCH}-hpn14v1.diff.gz" +LDAP_PATCH="${PARCH/-/-lpk-}-0.3.14.patch.gz" +X509_VER="7.5" X509_PATCH="${PARCH}+x509-${X509_VER}.diff.gz" + +DESCRIPTION="Port of OpenBSD's free SSH release" +HOMEPAGE="http://www.openssh.org/" +SRC_URI="mirror://openbsd/OpenSSH/portable/${PARCH}.tar.gz + ${HPN_PATCH:+hpn? ( mirror://gentoo/${HPN_PATCH} )} + ${LDAP_PATCH:+ldap? ( mirror://gentoo/${LDAP_PATCH} )} + ${X509_PATCH:+X509? ( http://roumenpetrov.info/openssh/x509-${X509_VER}/${X509_PATCH} )} + " + +LICENSE="BSD GPL-2" +SLOT="0" +KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~arm-linux ~x86-linux" +IUSE="bindist ${HPN_PATCH:++}hpn kerberos ldap ldns libedit pam selinux skey static tcpd X X509" + +LIB_DEPEND="selinux? ( >=sys-libs/libselinux-1.28[static-libs(+)] ) + skey? ( >=sys-auth/skey-1.1.5-r1[static-libs(+)] ) + libedit? ( dev-libs/libedit[static-libs(+)] ) + >=dev-libs/openssl-0.9.6d:0[bindist=] + dev-libs/openssl[static-libs(+)] + >=sys-libs/zlib-1.2.3[static-libs(+)] + tcpd? ( >=sys-apps/tcp-wrappers-7.6[static-libs(+)] )" +RDEPEND=" + !static? ( + ${LIB_DEPEND//\[static-libs(+)]} + ldns? ( + !bindist? ( net-libs/ldns[ecdsa,ssl] ) + bindist? ( net-libs/ldns[-ecdsa,ssl] ) + ) + ) + pam? ( virtual/pam ) + kerberos? ( virtual/krb5 ) + ldap? ( net-nds/openldap )" +DEPEND="${RDEPEND} + static? ( + ${LIB_DEPEND} + ldns? ( + !bindist? ( net-libs/ldns[ecdsa,ssl,static-libs(+)] ) + bindist? ( net-libs/ldns[-ecdsa,ssl,static-libs(+)] ) + ) + ) + virtual/pkgconfig + virtual/os-headers + sys-devel/autoconf" +RDEPEND="${RDEPEND} + pam? ( >=sys-auth/pambase-20081028 ) + userland_GNU? ( virtual/shadow ) + X? ( x11-apps/xauth )" + +S=${WORKDIR}/${PARCH} + +pkg_setup() { + # this sucks, but i'd rather have people unable to `emerge -u openssh` + # than not be able to log in to their server any more + maybe_fail() { [[ -z ${!2} ]] && echo "$1" ; } + local fail=" + $(use X509 && maybe_fail X509 X509_PATCH) + $(use ldap && maybe_fail ldap LDAP_PATCH) + $(use hpn && maybe_fail hpn HPN_PATCH) + " + fail=$(echo ${fail}) + if [[ -n ${fail} ]] ; then + eerror "Sorry, but this version does not yet support features" + eerror "that you requested: ${fail}" + eerror "Please mask ${PF} for now and check back later:" + eerror " # echo '=${CATEGORY}/${PF}' >> /etc/portage/package.mask" + die "booooo" + fi +} + +save_version() { + # version.h patch conflict avoidence + mv version.h version.h.$1 + cp -f version.h.pristine version.h +} + +src_prepare() { + sed -i \ + -e "/_PATH_XAUTH/s:/usr/X11R6/bin/xauth:${EPREFIX}/usr/bin/xauth:" \ + pathnames.h || die + # keep this as we need it to avoid the conflict between LPK and HPN changing + # this file. + cp version.h version.h.pristine + + # don't break .ssh/authorized_keys2 for fun + sed -i '/^AuthorizedKeysFile/s:^:#:' sshd_config || die + + epatch "${FILESDIR}"/${PN}-5.9_p1-sshd-gssapi-multihomed.patch #378361 + if use X509 ; then + pushd .. >/dev/null + epatch "${FILESDIR}"/${PN}-6.2_p2-x509-glue.patch + popd >/dev/null + epatch "${WORKDIR}"/${X509_PATCH%.*} + epatch "${FILESDIR}"/${PN}-6.2_p2-x509-hpn14v1-glue.patch + save_version X509 + fi + if ! use X509 ; then + if [[ -n ${LDAP_PATCH} ]] && use ldap ; then + epatch "${WORKDIR}"/${LDAP_PATCH%.*} + save_version LPK + fi + else + use ldap && ewarn "Sorry, X509 and LDAP conflict internally, disabling LDAP" + fi + epatch "${FILESDIR}"/${PN}-4.7_p1-GSSAPI-dns.patch #165444 integrated into gsskex + if [[ -n ${HPN_PATCH} ]] && use hpn; then + epatch "${WORKDIR}"/${HPN_PATCH%.*} + save_version HPN + fi + + tc-export PKG_CONFIG + local sed_args=( + -e "s:-lcrypto:$(${PKG_CONFIG} --libs openssl):" + # Disable PATH reset, trust what portage gives us #254615 + -e 's:^PATH=/:#PATH=/:' + # Disable fortify flags ... our gcc does this for us + -e 's:-D_FORTIFY_SOURCE=2::' + ) + sed -i "${sed_args[@]}" configure{,.ac} || die + + epatch_user #473004 + + # Now we can build a sane merged version.h + ( + sed '/^#define SSH_RELEASE/d' version.h.* | sort -u + macros=() + for p in HPN LPK X509 ; do [ -e version.h.${p} ] && macros+=( SSH_${p} ) ; done + printf '#define SSH_RELEASE SSH_VERSION SSH_PORTABLE %s\n' "${macros}" + ) > version.h + + eautoreconf +} + +static_use_with() { + local flag=$1 + if use static && use ${flag} ; then + ewarn "Disabling '${flag}' support because of USE='static'" + # rebuild args so that we invert the first one (USE flag) + # but otherwise leave everything else working so we can + # just leverage use_with + shift + [[ -z $1 ]] && flag="${flag} ${flag}" + set -- !${flag} "$@" + fi + use_with "$@" +} + +src_configure() { + local myconf + addwrite /dev/ptmx + addpredict /etc/skey/skeykeys #skey configure code triggers this + + use static && append-ldflags -static + + # Special settings for Gentoo/FreeBSD 9.0 or later (see bug #391011) + if use elibc_FreeBSD && version_is_at_least 9.0 "$(uname -r|sed 's/\(.\..\).*/\1/')" ; then + myconf="${myconf} --disable-utmp --disable-wtmp --disable-wtmpx" + append-ldflags -lutil + fi + + econf \ + --with-ldflags="${LDFLAGS}" \ + --disable-strip \ + --with-pid-dir="${EPREFIX}"/var/run \ + --sysconfdir="${EPREFIX}"/etc/ssh \ + --libexecdir="${EPREFIX}"/usr/$(get_libdir)/misc \ + --datadir="${EPREFIX}"/usr/share/openssh \ + --with-privsep-path="${EPREFIX}"/var/empty \ + --with-privsep-user=sshd \ + --with-md5-passwords \ + --with-ssl-engine \ + $(static_use_with pam) \ + $(static_use_with kerberos kerberos5 /usr) \ + ${LDAP_PATCH:+$(use X509 || ( use ldap && use_with ldap ))} \ + $(use_with ldns) \ + $(use_with libedit) \ + $(use_with selinux) \ + $(use_with skey) \ + $(use_with tcpd tcp-wrappers) \ + ${myconf} +} + +src_install() { + emake install-nokeys DESTDIR="${D}" + fperms 600 /etc/ssh/sshd_config + dobin contrib/ssh-copy-id + newinitd "${FILESDIR}"/sshd.rc6.4 sshd + newconfd "${FILESDIR}"/sshd.confd sshd + keepdir /var/empty + + # not all openssl installs support ecc, or are functional #352645 + if ! grep -q '#define OPENSSL_HAS_ECC 1' config.h ; then + elog "dev-libs/openssl was built with 'bindist' - disabling ecdsa support" + sed -i 's:&& gen_key ecdsa::' "${ED}"/etc/init.d/sshd || die + fi + + newpamd "${FILESDIR}"/sshd.pam_include.2 sshd + if use pam ; then + sed -i \ + -e "/^#UsePAM /s:.*:UsePAM yes:" \ + -e "/^#PasswordAuthentication /s:.*:PasswordAuthentication no:" \ + -e "/^#PrintMotd /s:.*:PrintMotd no:" \ + -e "/^#PrintLastLog /s:.*:PrintLastLog no:" \ + "${ED}"/etc/ssh/sshd_config || die "sed of configuration file failed" + fi + + # Gentoo tweaks to default config files + cat <<-EOF >> "${ED}"/etc/ssh/sshd_config + + # Allow client to pass locale environment variables #367017 + AcceptEnv LANG LC_* + EOF + cat <<-EOF >> "${ED}"/etc/ssh/ssh_config + + # Send locale environment variables #367017 + SendEnv LANG LC_* + EOF + + # This instruction is from the HPN webpage, + # Used for the server logging functionality + if [[ -n ${HPN_PATCH} ]] && use hpn ; then + keepdir /var/empty/dev + fi + + if use ldap ; then + insinto /etc/openldap/schema/ + newins openssh-lpk_openldap.schema openssh-lpk.schema + fi + + doman contrib/ssh-copy-id.1 + dodoc ChangeLog CREDITS OVERVIEW README* TODO sshd_config + + diropts -m 0700 + dodir /etc/skel/.ssh + + systemd_dounit "${FILESDIR}"/sshd.{service,socket} + systemd_newunit "${FILESDIR}"/sshd_at.service 'sshd@.service' +} + +src_test() { + local t tests skipped failed passed shell + tests="interop-tests compat-tests" + skipped="" + shell=$(egetshell ${UID}) + if [[ ${shell} == */nologin ]] || [[ ${shell} == */false ]] ; then + elog "Running the full OpenSSH testsuite" + elog "requires a usable shell for the 'portage'" + elog "user, so we will run a subset only." + skipped="${skipped} tests" + else + tests="${tests} tests" + fi + # It will also attempt to write to the homedir .ssh + local sshhome=${T}/homedir + mkdir -p "${sshhome}"/.ssh + for t in ${tests} ; do + # Some tests read from stdin ... + HOMEDIR="${sshhome}" \ + emake -k -j1 ${t} </dev/null \ + && passed="${passed}${t} " \ + || failed="${failed}${t} " + done + einfo "Passed tests: ${passed}" + ewarn "Skipped tests: ${skipped}" + if [[ -n ${failed} ]] ; then + ewarn "Failed tests: ${failed}" + die "Some tests failed: ${failed}" + else + einfo "Failed tests: ${failed}" + return 0 + fi +} + +pkg_preinst() { + enewgroup sshd 22 + enewuser sshd 22 -1 /var/empty sshd +} + +pkg_postinst() { + if has_version "<${CATEGORY}/${PN}-5.8_p1" ; then + elog "Starting with openssh-5.8p1, the server will default to a newer key" + elog "algorithm (ECDSA). You are encouraged to manually update your stored" + elog "keys list as servers update theirs. See ssh-keyscan(1) for more info." + fi + ewarn "Remember to merge your config files in /etc/ssh/ and then" + ewarn "reload sshd: '/etc/init.d/sshd reload'." + # This instruction is from the HPN webpage, + # Used for the server logging functionality + if [[ -n ${HPN_PATCH} ]] && use hpn ; then + echo + einfo "For the HPN server logging patch, you must ensure that" + einfo "your syslog application also listens at /var/empty/dev/log." + fi +} |