diff options
| author |   Patrick McLean <chutzpah@gentoo.org> | 2014-11-24 19:13:30 +0000 |
|---|---|---|
| committer | Patrick McLean <chutzpah@gentoo.org> | 2014-11-24 19:13:30 +0000 |
| commit | 9f8402bfffb88e9729939dc901e155216f7f5ba3 (patch) | |
| tree | 8e0a80e90a7268f5acc03a0873beff078a83f1ca /net-misc/openssh | |
| parent | Introduce handbook USE flag wrt bug #486670. (diff) | |
| download | historical-9f8402bfffb88e9729939dc901e155216f7f5ba3.tar.gz historical-9f8402bfffb88e9729939dc901e155216f7f5ba3.tar.bz2 historical-9f8402bfffb88e9729939dc901e155216f7f5ba3.zip | |
Revision bump, add the X509 version 8.2 patch.
Package-Manager: portage-2.2.14/cvs/Linux x86_64
Manifest-Sign-Key: 0xE3F69979BB4B8928DA78E3D17CBF44EF
Diffstat (limited to 'net-misc/openssh')
| -rw-r--r-- | net-misc/openssh/ChangeLog | 9 | ||||
| -rw-r--r-- | net-misc/openssh/Manifest | 22 | ||||
| -rw-r--r-- | net-misc/openssh/files/openssh-6.7_p1-sctp-x509-glue.patch | 42 | ||||
| -rw-r--r-- | net-misc/openssh/files/openssh-6.7_p1-x509-glue.patch | 46 | ||||
| -rw-r--r-- | net-misc/openssh/openssh-6.7_p1-r1.ebuild | 322 |
5 files changed, 436 insertions, 5 deletions
diff --git a/net-misc/openssh/ChangeLog b/net-misc/openssh/ChangeLog index 4c90ec24db4a..4ec21b3b8948 100644 --- a/net-misc/openssh/ChangeLog +++ b/net-misc/openssh/ChangeLog @@ -1,6 +1,13 @@ # ChangeLog for net-misc/openssh # Copyright 1999-2014 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/net-misc/openssh/ChangeLog,v 1.529 2014/11/24 11:29:41 jer Exp $ +# $Header: /var/cvsroot/gentoo-x86/net-misc/openssh/ChangeLog,v 1.530 2014/11/24 19:13:23 chutzpah Exp $ + +*openssh-6.7_p1-r1 (24 Nov 2014) + + 24 Nov 2014; Patrick McLean <chutzpah@gentoo.org> +openssh-6.7_p1-r1.ebuild, + +files/openssh-6.7_p1-sctp-x509-glue.patch, + +files/openssh-6.7_p1-x509-glue.patch: + Revision bump, add the X509 version 8.2 patch. 24 Nov 2014; Jeroen Roovers <jer@gentoo.org> openssh-6.7_p1.ebuild: Stable for HPPA (bug #505942). diff --git a/net-misc/openssh/Manifest b/net-misc/openssh/Manifest index 8982dd6d7ac0..cb9156758259 100644 --- a/net-misc/openssh/Manifest +++ b/net-misc/openssh/Manifest @@ -13,7 +13,9 @@ AUX openssh-6.6_p1-openssl-ignore-status.patch 741 SHA256 604b0a5365c1b01c9ab26b AUX openssh-6.6_p1-x509-glue.patch 556 SHA256 b37b83b058ff9fb25742d202e0169afc204f135012624bb2811dcacfa9fb346b SHA512 e9535477fe4b0232d2a06edb9f73d8c50baa77ddcffd166624ea8352f298ad119622347c62c1d1e555318e9e6c7d981d2e9b03c388281b6347943861e8813aea WHIRLPOOL 4f01d975e598ce0fe2160e52dbd8251fd5cdf95880d1ef09b730457620f48038156d4bf21c0810978bfc65c9feb90cdfed97aa20018bc175759096dcd3a044d0 AUX openssh-6.6_p1-x509-hpn14v4-glue-p2.patch 999 SHA256 748f7caa953028da111d6f18ba91652a4821bc9bca60f5d4a90a6501c0098853 SHA512 d1b3790fc164c803e81c803b9e19e0bc351d2b9f353edb1d3531139898b372731b46fab5974a084830b2bab889b06fa33ce23b7d941f7d61da073c1bbfc5ff51 WHIRLPOOL c1d674b8e1cdc48dd0d8b2e7c8bf8e68cec757578f1217555e37eda8723e83e93b2ce183462499ad2165723eca2350544f810a1d6ec95ce4537a527f7918f117 AUX openssh-6.7_p1-openssl-ignore-status.patch 765 SHA256 b068cc30d4bce5c457cea78233396c9793864ec909f810dd0be87d913673433a SHA512 ab15d6dfdb8d59946684501f6f30ac0eb82676855b7b57f19f2027a7ada072f9062fcb96911111a50cfc3838492faddd282db381ec83d22462644ccddccf0ae7 WHIRLPOOL c0a4ff69d65eeb40c1ace8d5be6f8e59044a8f16dc6b37e87393e79ab80935abf30a9d2a6babc043aba0477f5f79412e1ae5d373daba580178fd85ca1f60e60b +AUX openssh-6.7_p1-sctp-x509-glue.patch 1326 SHA256 42eb87eda1685e19add23c1304f17dabd99a1a38a57bfe2bfbb70ab85f6d385e SHA512 7f014e2b1893a5240680e2e14475d61b9b6047d1be3fe404d5971a899c122cc624546e9e5b31bfee5905cf7b4605a0871c3b00ed5c2bd28d84755a49392e1a69 WHIRLPOOL 8d6888163068dbc486bc4eff0dd7d4053f68b9848347eb520dd7d382b0b8c74e3016f7f3ed401c2c2dfd48e73a9077fb9777d39c0f236cc500c53393be426b42 AUX openssh-6.7_p1-sshd-gssapi-multihomed.patch 5489 SHA256 d2a1735b523709a4b4ceaa57862ecb21a95656678bacc5b7da59dc46187ad997 SHA512 a8b8d2c2ab4520c8c7315f6130ee44fec48935a129ce7c7e51a068a4de2c7528980437246b61e4abc4cff614466f8054c554cdbaad4eb0d1f4afcfb434c30bbc WHIRLPOOL e4b97398c324360576a04792357f66be3ed9f17e4113f75275f8422ee0b7ecf28073c7cde01a63e24fa0901b14db822d22d7d2c5936bbee3bd5874a867066967 +AUX openssh-6.7_p1-x509-glue.patch 1633 SHA256 58031e90e0bf220028934ab590af6ccfc45722629b2416df13d84f10c9b94478 SHA512 364ca0280be5cc83d1dedf7727323fd5fc0093c6dbcf9cc8ccaa30ee754b866584be28da1166953f03faf8745d6364e33fad7daad9be9a29681a8674eb9d292b WHIRLPOOL b79a6cff897be78793bbf2ca03154103aa1380647b8c53e104155fd68122568a8e7dea23996213b192e4269f980b1035d3ca395dbd2c318fd81a45f44d110c31 AUX sshd.confd 396 SHA256 29c6d57ac3ec6018cadc6ba6cd9b90c9ed46e20049b970fdcc68ee2481a2ee41 SHA512 b9ae816af54a55e134a9307e376f05367b815f1b3fd545c2a2c312d18aedcf907f413e8bad8db980cdd9aad4011a72a79e1e94594f69500939a9cb46287f2f81 WHIRLPOOL 69f43e6192e009a4663d130f7e40ee8b13c6eb9cc7d960b5e0e22f5d477649c88806a9d219efef211f4346582c2bb51e40d230a8191e5953dbe08bfff976ae53 AUX sshd.pam_include.2 156 SHA256 166136e27d653e0bf481a6ca79fecb7d9fa2fc3d597d041f97df595f65a8193c SHA512 d3f7e6ca8c9f2b5060ebccb259316bb59c9a7e158e8ef9466765a20db263a4043a590811f1a3ab072b718dbd70898bc69b77e0b19603d7f394b5ac1bd0a4a56c WHIRLPOOL ba7a0a8c3bb39c5fda69de34b822a19696398e0a8789211ac1faae787ee34f9639eb35efe29c67f874b5f9fe674742503e570f441c005974f4a0c93468b8970b AUX sshd.rc6.4 2313 SHA256 97221a017d8ee9de996277c5a794d973a0b5e8180c29c97b3652bd1984a7b5d0 SHA512 88826bc9923299ac4c1502e7076483d6c197fd5a0e693bc2e1690f82bcd7d1bbd144aae2ffd92acb28d6fe912233aa93346e00c72917de65c22811ce9cd5bff7 WHIRLPOOL a77bad5891eb74770ae12e79131a99e5645a83841d14f1d60e39581a23b9d86e66b2e5fb7d0c989afac410eb5c6a627b83389d54085d1b78c89fc07852f8eb66 @@ -26,19 +28,31 @@ DIST openssh-6.6p1+x509-8.0.diff.gz 235994 SHA256 bcacf522dd649e45b6f7bac7ef8bcc DIST openssh-6.6p1-hpnssh14v4.diff.xz 20932 SHA256 16dcc68c399990ec0c801d421d022ceeae0e3aec1e6ffd3fecc5e2f4768cc91b SHA512 7900ccf5ba5fcef5e6f3ed1b3263ad348a4bf63879905bbf9ce5212af64c7f4dae396989c67361ef1b5dfaf97a2d340b3bf75bf37f206b9a18ebee5d84044e2d WHIRLPOOL 163ce9e319cef4dcaf6f38f42afc3b75c6e89c38b43c04189c64c72b4b58bc3f9d7042c7b67243879c87cbe410a607296917e94ff042df2c0a29f2ef82792774 DIST openssh-6.6p1.tar.gz 1282502 SHA256 48c1f0664b4534875038004cc4f3555b8329c2a81c1df48db5c517800de203bb SHA512 3d3566ed87649882702cad52db1adefebfb3ef788c9f77a493f99db7e9ca2e8edcde793dd426df7df0aed72a42a31c20a63ef51506111369d3a7c49e0bf6c82b WHIRLPOOL 8630c81481a813a92da9c302d22135fe519fcc4826a892080e5a15368d13a6b47947ef47d53aad0a34e6ea49ce4caccc8f06e8afc2c90db0402fbcc2184efe89 DIST openssh-6.7_p1-sctp.patch.xz 7408 SHA256 b33e82309195f2a3f21a9fb14e6da2080b096dcf0d6f1c36c93cdeac683fdd59 SHA512 35da5e58f857e8b24e63b4058e946b71fdf0fecc637cb7af0ba8913869e5aadf8317805838936c84dc24421f03c5c91e1670761bed152fdf325c5a509f1b5d04 WHIRLPOOL cc7bace4aa60d720914e3a6a4ff650b7543d9e4963deab12c19cb5d798547b4fe547690946ff8955e121339e9a3d0ebe06f3ff758cca4bb81a09ac43fc877f58 +DIST openssh-6.7p1+x509-8.2.diff.gz 241798 SHA256 85acfcd560b40d4533b82a4e3f443b7137b377868bab424dacdf00581c83240f SHA512 d33ece7ddf382235b032875cf961845b308dc5e4cd1888cb68fee11c95066bb90938f9043cb9410f372efb578b61dfd5d50341da95a92fab5a4c209ac54e1f5e WHIRLPOOL b1fe2b88f0e77312099171f5c83dc670abc4c40d215fdff1e43161e44f806de9e0537cfa3a0001e1c7bbc0d0aed555079455f88b8ff313b00d8e9a19dabcb7d8 DIST openssh-6.7p1-hpnssh14v5.tar.xz 25652 SHA256 7284db65548b6b04142930da86972f96b1f5aa8ad3fc125134412f904f369d7e SHA512 21929805f40c79684ee3ecdb2b495d3204dca90b932aa633c4e0f6a093a417259cdeee10b3e49f3dff426febc6792f45ee23cc0688f05bf047630f3016e0926a WHIRLPOOL 5515cd4c745b061a3e92ac03e8121fb3ffc4b2ff116140625ca7ab2c0211c673b6345e5b08134df8b1743e03f9964017e789e1f0b9da99a0fd5970e14665e681 DIST openssh-6.7p1.tar.gz 1351367 SHA256 b2f8394eae858dabbdef7dac10b99aec00c95462753e80342e530bbb6f725507 SHA512 2469dfcd289948374843311dd9e5f7e144ce1cebd4bfce0d387d0b75cb59f3e1af1b9ebf96bd4ab6407dfa77a013c5d25742971053e61cae2541054aeaca559d WHIRLPOOL ac8ce86d0f6c78c4cb3624b480f189f951d508db38b22d7a5550b7302d5277c1c7d18eaa713d52139abc0f77edacfdb03ced2603125e3ddf9bc09c69e6b70518 DIST openssh-lpk-6.5p1-0.3.14.patch.gz 18217 SHA256 ad678f366dd7ef63ee164e29b59a4a4d264de9ddf9ad2c1d59178779e83539f3 SHA512 16f0053663ffc9a0670dbf8956dc070e6891e1e47cb1fbbea9567a6a4368c5500bf7e2ff7a2eb7208e651a0121088c271fb0a6ece62b98d103b3337866374610 WHIRLPOOL 34ee5a67e4cb0eb5d8126fde5469b73e0c81d4a7795cd9849c671922227eb8a6767cecf3097acbff338a47c3a7930b285fa4ecf2ebe74cb2e9186f93ec70c40c DIST openssh-lpk-6.7p1-0.3.14.patch.xz 16920 SHA256 0203e6e44e41d58ec46d1611d7efc985134e662bbee51632c29f43ae809003f0 SHA512 344ccde4a04aeb1500400f779e64b2d8a5ad2970de3c4c343ca9605758e22d3812ef5453cd3221b18ad74a9762583c62417879107e4e1dda1398a6a65bcd04b2 WHIRLPOOL 5b6beeb743d04deea70c8b471a328b5f056fd4651e1370c7882e5d12f54fa2170486dcd6f97aa8c58e80af9a2d4012e2dfbcf53185317976d309783ca8d6cf73 EBUILD openssh-6.6.1_p1-r4.ebuild 9995 SHA256 51403706d20087030b45e1cdaa63e450939bb36be790be7dadd9fb971dcada57 SHA512 1c0b2e3774601391d04c101a2faed7bce67c4aea962d730d2c3037a7dd5d60a620a4fdf7b833897b3b1fc9d7a124752b09247f3839acfa68fe572be6fe0ee2af WHIRLPOOL 47c20ccb64e8d417468ed21c42a7b3d8ec042d600a299ffe4fd1496f7da8d58d543427c0fc7674664fad4243a4d6987c58fa60b6c051af8482956b302ffb9924 EBUILD openssh-6.6_p1-r1.ebuild 9874 SHA256 223b5e4c5d0d3152e8ffadd20e8bcc391620c779749cf6ff235f0d3a857f7409 SHA512 3104586dedfb189adc780bf56cb030f3a9c2427fe07ce340424ea4e279b6335653b2eb38f9d86a8f6ac76360cd94b87d858863fd79b2054763f72ccb83f1a0ed WHIRLPOOL 1bef688d59baf3cf10ce3ab60f3eeb6e6cf875989ffcf711628f56b34a1344838c3a46ae548399c49f11459e5dd2045fcef810691421e69ef02eb92489c22824 +EBUILD openssh-6.7_p1-r1.ebuild 9890 SHA256 64608df2cff77259d7884ec8995bc3d05ec45b6da1db995899adffb4866de052 SHA512 1ebd67293028c7093c56d52d714b376a51738a24578943461a057b1ba990da3111640738799a762ab6efafb741e032eb3d3370219e0172a2057c25e15bafeb8e WHIRLPOOL 08ac532869b34992d522a15a94f298a54c64c263f04876747202df4aedddbbc2ca6b7d921d880607550e2eb4c8d7fbe9d81c478188a5874e8934f4c8a30c6efd EBUILD openssh-6.7_p1.ebuild 9924 SHA256 417439221cbd61ea27bdd22e5359945f72209879677eb2e77e0827d88a3c3ccc SHA512 1c4fd7af4d1a57e22693227a9889588d3377a23e37d447fc6e1b99a2017700b1bbd186b81a3b17677c6e2afa73cd7372cf6f2382da83905815c0c8d98d246f0f WHIRLPOOL 7f18987087f3a64c73476f6a68b26411dd3f102434b78b16739c366e292fd5154efff4326c3703a3007b956a56d993ad80d106aec625a170611138553a4572b6 -MISC ChangeLog 87939 SHA256 78b0637aa36cd14f321683872e101a547419d0180421ac35727586624aae5b57 SHA512 5e287abb7811ea0ee762124f55c581be9e199cc51ef89fdc776770b69bf02e260f699bbb4d01493928a5730879a0dc493910a9bb6531f38ff09ebe73d37b70ff WHIRLPOOL b11829a75f6d005b364f0df5a98c52d473bc8b5e12451af03c1ecb0fbd78b8e7fc7c8f0f8d0be763df2e4762cab521120f2eecc78eea9240848257068acfd739 +MISC ChangeLog 88194 SHA256 d846b79f5630e4ffbf13508bea93a2a9fa66ed7bd9a55a842ae49c880516ee29 SHA512 ac09acdf3bc55265370dc5935e504643635bd1a96be92fb26456a6c83486b8807af64dbd3f9c8f417cc60876f3110604f0cb14b194caadbae020505e7e5d5f12 WHIRLPOOL cf9cd829f5ddf0211d35f9bd995bf610cbccc81bc522f4869e8ed8e32a779bc6013906f14b8aa03d3ae4c808f31f37f8bc39fcc172df659ce328c113fee66086 MISC metadata.xml 1912 SHA256 7b838285f09ad395f237a0d0b9963eee86d0e85b58e6e5b4d5edb093fa888a0a SHA512 e55c10ffd12488720c3da19e55942cfedec63fe767fc1608439b5a3932eeb5488086ad7ef4e1f858c89381e737426f035845ea5e8bede4ed8a0ccabdc656d9b5 WHIRLPOOL 5c07b3dd4a4002cff5df62133ecf570bf79f58e9477d0ad25d60f185ee029183d11118147e3adfec373542659d921e99e787054cfe9284031c974d694de6e9ed -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 -iEYEAREIAAYFAlRzFqcACgkQVWmRsqeSphORLACeLXz6jDiYF0T/HAY2u380zDJi -YuMAnA0lNgNx2ZnaO0z7GT2zdeOjXlU0 -=00XP +iQIcBAEBCAAGBQJUc4NVAAoJEHy/RO9cNQiDP4IP/imDUjWSte+cHhA5WZRY3RSA +izsqacOrA3geZJePrT4YvjiN8mQlEEcdwhdTR+bL1HnDu6yxUBMsezmsrcEE2pyR +XcLxfL1bTg3XypPBxciaAillLbciUpffsXaSlMZfmev8frv5iHbPfcCpzZeX5h6i +nODV3eP6RZL5wn2ihLm+VqwUjAhAfulatO48BPFMypLBGg3h6zaO6irqOEgKjRO4 +gRPKu8wkcJXWmftH4eulVRVxA2LOykIpnRNKvoMdKn8CkGyodaOKLD7jsvmzGQ+7 +opxn+yUlXMIcaTwZR+yQht/WikxiUeqQhpV21Fy5FZeA12D5g9C6BpvQiy5bkC7z +4ptcdeZ3psxO/ch4jCWYhdN7wUi9mhF10ZQnrUv5hBsCZAhRrw+eW6CSz4Kr41ol +1IUaNl4cGYR9wrnHhvGZCld3wCTa9v79bCSxbAizhvsgvZ6aiJvLUNNNpcnfVJDj +6N00Y3Fh5yhM6tuHZmFCfyuwlstSrmtyy5ffphsYvD1xZx9EDu5YUWXkLpsdnEJW +UX9Bp9rcKogMX/INEfHSiUJv2Y8YJxYJmvJTHgBCASdlMLd5XLPpxPHLBV9V2Hpi +TwTNyAfb+nRn1HIlyOt7cTGdmDMqsgugvq06bsddjU2roEOcNU0N4Ma2Z01wAguQ +1S3f19PWxhDPp/4AJCRn +=35XG -----END PGP SIGNATURE----- diff --git a/net-misc/openssh/files/openssh-6.7_p1-sctp-x509-glue.patch b/net-misc/openssh/files/openssh-6.7_p1-sctp-x509-glue.patch new file mode 100644 index 000000000000..bd0b7ce12b66 --- /dev/null +++ b/net-misc/openssh/files/openssh-6.7_p1-sctp-x509-glue.patch @@ -0,0 +1,42 @@ +--- openssh-6.7_p1-sctp.patch.orig 2014-11-24 10:34:31.817538707 -0800 ++++ openssh-6.7_p1-sctp.patch 2014-11-24 10:38:52.744990154 -0800 +@@ -195,14 +195,6 @@ + .Op Fl c Ar cipher + .Op Fl F Ar ssh_config + .Op Fl i Ar identity_file +-@@ -178,6 +178,7 @@ For full details of the options listed b +- .It ServerAliveCountMax +- .It StrictHostKeyChecking +- .It TCPKeepAlive +-+.It Transport +- .It UsePrivilegedPort +- .It User +- .It UserKnownHostsFile + @@ -218,6 +219,8 @@ and + to print debugging messages about their progress. + This is helpful in +@@ -482,14 +474,6 @@ + .Op Fl b Ar bind_address + .Op Fl c Ar cipher_spec + .Op Fl D Oo Ar bind_address : Oc Ns Ar port +-@@ -473,6 +473,7 @@ For full details of the options listed b +- .It StreamLocalBindUnlink +- .It StrictHostKeyChecking +- .It TCPKeepAlive +-+.It Transport +- .It Tunnel +- .It TunnelDevice +- .It UsePrivilegedPort + @@ -665,6 +666,8 @@ Trusted X11 forwardings are not subjecte + controls. + .It Fl y +@@ -527,7 +511,7 @@ +- again: ++ + - while ((opt = getopt(ac, av, "1246ab:c:e:fgi:kl:m:no:p:qstvx" + + while ((opt = getopt(ac, av, "1246ab:c:e:fgi:kl:m:no:p:qstvx" SCTP_OPT +- "ACD:E:F:I:KL:MNO:PQ:R:S:TVw:W:XYy")) != -1) { ++ "ACD:E:F:" ENGCONFIG "I:KL:MNO:PQ:R:S:TVw:W:XYy")) != -1) { + switch (opt) { + case '1': + @@ -732,6 +738,11 @@ main(int ac, char **av) diff --git a/net-misc/openssh/files/openssh-6.7_p1-x509-glue.patch b/net-misc/openssh/files/openssh-6.7_p1-x509-glue.patch new file mode 100644 index 000000000000..71b9c517311f --- /dev/null +++ b/net-misc/openssh/files/openssh-6.7_p1-x509-glue.patch @@ -0,0 +1,46 @@ +--- openssh-6.7p1.orig/sshd_config.5 2014-11-24 10:24:29.356244415 -0800 ++++ openssh-6.7p1/sshd_config.5 2014-11-24 10:23:49.415029039 -0800 +@@ -610,21 +610,6 @@ + The default is + .Dq yes . + Note that this option applies to protocol version 2 only. +-.It Cm GSSAPIStrictAcceptorCheck +-Determines whether to be strict about the identity of the GSSAPI acceptor +-a client authenticates against. +-If set to +-.Dq yes +-then the client must authenticate against the +-.Pa host +-service on the current hostname. +-If set to +-.Dq no +-then the client may authenticate against any service key stored in the +-machine's default store. +-This facility is provided to assist with operation on multi homed machines. +-The default is +-.Dq yes . + .It Cm HostbasedAuthentication + Specifies whether rhosts or /etc/hosts.equiv authentication together + with successful public key client host authentication is allowed +@@ -651,6 +636,21 @@ + attempting to resolve the name from the TCP connection itself. + The default is + .Dq no . ++.It Cm GSSAPIStrictAcceptorCheck ++Determines whether to be strict about the identity of the GSSAPI acceptor ++a client authenticates against. ++If set to ++.Dq yes ++then the client must authenticate against the ++.Pa host ++service on the current hostname. ++If set to ++.Dq no ++then the client may authenticate against any service key stored in the ++machine's default store. ++This facility is provided to assist with operation on multi homed machines. ++The default is ++.Dq yes . + .It Cm HostCertificate + Specifies a file containing a public host certificate. + The certificate's public key must match a private host key already specified diff --git a/net-misc/openssh/openssh-6.7_p1-r1.ebuild b/net-misc/openssh/openssh-6.7_p1-r1.ebuild new file mode 100644 index 000000000000..95228ae1a4ac --- /dev/null +++ b/net-misc/openssh/openssh-6.7_p1-r1.ebuild @@ -0,0 +1,322 @@ +# Copyright 1999-2014 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/net-misc/openssh/openssh-6.7_p1-r1.ebuild,v 1.1 2014/11/24 19:13:23 chutzpah Exp $ + +EAPI="4" +inherit eutils user flag-o-matic multilib autotools pam systemd versionator + +# Make it more portable between straight releases +# and _p? releases. +PARCH=${P/_} + +HPN_PATCH="${PN}-6.7p1-hpnssh14v5.tar.xz" +LDAP_PATCH="${PN}-lpk-6.7p1-0.3.14.patch.xz" +X509_VER="8.2" X509_PATCH="${PARCH}+x509-${X509_VER}.diff.gz" + +DESCRIPTION="Port of OpenBSD's free SSH release" +HOMEPAGE="http://www.openssh.org/" +SRC_URI="mirror://openbsd/OpenSSH/portable/${PARCH}.tar.gz + mirror://gentoo/${P}-sctp.patch.xz + ${HPN_PATCH:+hpn? ( + mirror://gentoo/${HPN_PATCH} + http://dev.gentoo.org/~vapier/dist/${HPN_PATCH} + mirror://sourceforge/hpnssh/${HPN_PATCH} + )} + ${LDAP_PATCH:+ldap? ( mirror://gentoo/${LDAP_PATCH} )} + ${X509_PATCH:+X509? ( http://roumenpetrov.info/openssh/x509-${X509_VER}/${X509_PATCH} )} + " + +LICENSE="BSD GPL-2" +SLOT="0" +KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~arm-linux ~x86-linux" +IUSE="bindist ${HPN_PATCH:++}hpn kerberos ldap ldns libedit pam +pie sctp selinux skey static X X509" +REQUIRED_USE="pie? ( !static )" + +LIB_DEPEND="sctp? ( net-misc/lksctp-tools[static-libs(+)] ) + selinux? ( >=sys-libs/libselinux-1.28[static-libs(+)] ) + skey? ( >=sys-auth/skey-1.1.5-r1[static-libs(+)] ) + libedit? ( dev-libs/libedit[static-libs(+)] ) + >=dev-libs/openssl-0.9.6d:0[bindist=] + dev-libs/openssl[static-libs(+)] + >=sys-libs/zlib-1.2.3[static-libs(+)]" +RDEPEND=" + !static? ( + ${LIB_DEPEND//\[static-libs(+)]} + ldns? ( + !bindist? ( net-libs/ldns[ecdsa,ssl] ) + bindist? ( net-libs/ldns[-ecdsa,ssl] ) + ) + ) + pam? ( virtual/pam ) + kerberos? ( virtual/krb5 ) + ldap? ( net-nds/openldap )" +DEPEND="${RDEPEND} + static? ( + ${LIB_DEPEND} + ldns? ( + !bindist? ( net-libs/ldns[ecdsa,ssl,static-libs(+)] ) + bindist? ( net-libs/ldns[-ecdsa,ssl,static-libs(+)] ) + ) + ) + virtual/pkgconfig + virtual/os-headers + sys-devel/autoconf" +RDEPEND="${RDEPEND} + pam? ( >=sys-auth/pambase-20081028 ) + userland_GNU? ( virtual/shadow ) + X? ( x11-apps/xauth )" + +S=${WORKDIR}/${PARCH} + +pkg_setup() { + # this sucks, but i'd rather have people unable to `emerge -u openssh` + # than not be able to log in to their server any more + maybe_fail() { [[ -z ${!2} ]] && echo "$1" ; } + local fail=" + $(use X509 && maybe_fail X509 X509_PATCH) + $(use ldap && maybe_fail ldap LDAP_PATCH) + $(use hpn && maybe_fail hpn HPN_PATCH) + " + fail=$(echo ${fail}) + if [[ -n ${fail} ]] ; then + eerror "Sorry, but this version does not yet support features" + eerror "that you requested: ${fail}" + eerror "Please mask ${PF} for now and check back later:" + eerror " # echo '=${CATEGORY}/${PF}' >> /etc/portage/package.mask" + die "booooo" + fi +} + +save_version() { + # version.h patch conflict avoidence + mv version.h version.h.$1 + cp -f version.h.pristine version.h +} + +src_prepare() { + sed -i \ + -e "/_PATH_XAUTH/s:/usr/X11R6/bin/xauth:${EPREFIX}/usr/bin/xauth:" \ + pathnames.h || die + # keep this as we need it to avoid the conflict between LPK and HPN changing + # this file. + cp version.h version.h.pristine + + # don't break .ssh/authorized_keys2 for fun + sed -i '/^AuthorizedKeysFile/s:^:#:' sshd_config || die + + epatch "${FILESDIR}"/${PN}-6.7_p1-sshd-gssapi-multihomed.patch #378361 + if use X509 ; then + pushd .. >/dev/null + epatch "${FILESDIR}"/${P}-x509-glue.patch + epatch "${FILESDIR}"/${P}-sctp-x509-glue.patch + popd >/dev/null + epatch "${WORKDIR}"/${X509_PATCH%.*} + epatch "${FILESDIR}"/${PN}-6.3_p1-x509-hpn14v2-glue.patch + save_version X509 + fi + if ! use X509 ; then + if [[ -n ${LDAP_PATCH} ]] && use ldap ; then + epatch "${WORKDIR}"/${LDAP_PATCH%.*} + save_version LPK + fi + else + use ldap && ewarn "Sorry, X509 and LDAP conflict internally, disabling LDAP" + fi + epatch "${FILESDIR}"/${PN}-4.7_p1-GSSAPI-dns.patch #165444 integrated into gsskex + epatch "${FILESDIR}"/${PN}-6.7_p1-openssl-ignore-status.patch + epatch "${WORKDIR}"/${PN}-6.7_p1-sctp.patch + if [[ -n ${HPN_PATCH} ]] && use hpn; then + epatch "${WORKDIR}"/${HPN_PATCH%.*}/* + save_version HPN + fi + + tc-export PKG_CONFIG + local sed_args=( + -e "s:-lcrypto:$(${PKG_CONFIG} --libs openssl):" + # Disable PATH reset, trust what portage gives us #254615 + -e 's:^PATH=/:#PATH=/:' + # Disable fortify flags ... our gcc does this for us + -e 's:-D_FORTIFY_SOURCE=2::' + ) + # The -ftrapv flag ICEs on hppa #505182 + use hppa && sed_args+=( + -e '/CFLAGS/s:-ftrapv:-fdisable-this-test:' + -e '/OSSH_CHECK_CFLAG_LINK.*-ftrapv/d' + ) + sed -i "${sed_args[@]}" configure{.ac,} || die + + epatch_user #473004 + + # Now we can build a sane merged version.h + ( + sed '/^#define SSH_RELEASE/d' version.h.* | sort -u + macros=() + for p in HPN LPK X509 ; do [ -e version.h.${p} ] && macros+=( SSH_${p} ) ; done + printf '#define SSH_RELEASE SSH_VERSION SSH_PORTABLE %s\n' "${macros}" + ) > version.h + + eautoreconf +} + +static_use_with() { + local flag=$1 + if use static && use ${flag} ; then + ewarn "Disabling '${flag}' support because of USE='static'" + # rebuild args so that we invert the first one (USE flag) + # but otherwise leave everything else working so we can + # just leverage use_with + shift + [[ -z $1 ]] && flag="${flag} ${flag}" + set -- !${flag} "$@" + fi + use_with "$@" +} + +src_configure() { + local myconf=() + addwrite /dev/ptmx + addpredict /etc/skey/skeykeys #skey configure code triggers this + + use static && append-ldflags -static + + # Special settings for Gentoo/FreeBSD 9.0 or later (see bug #391011) + if use elibc_FreeBSD && version_is_at_least 9.0 "$(uname -r|sed 's/\(.\..\).*/\1/')" ; then + myconf+=( --disable-utmp --disable-wtmp --disable-wtmpx ) + append-ldflags -lutil + fi + + econf \ + --with-ldflags="${LDFLAGS}" \ + --disable-strip \ + --with-pid-dir="${EPREFIX}"/var/run \ + --sysconfdir="${EPREFIX}"/etc/ssh \ + --libexecdir="${EPREFIX}"/usr/$(get_libdir)/misc \ + --datadir="${EPREFIX}"/usr/share/openssh \ + --with-privsep-path="${EPREFIX}"/var/empty \ + --with-privsep-user=sshd \ + --with-md5-passwords \ + --with-ssl-engine \ + $(static_use_with pam) \ + $(static_use_with kerberos kerberos5 "${EPREFIX}"/usr) \ + ${LDAP_PATCH:+$(use X509 || ( use ldap && use_with ldap ))} \ + $(use_with ldns) \ + $(use_with libedit) \ + $(use_with pie) \ + $(use_with sctp) \ + $(use_with selinux) \ + $(use_with skey) \ + "${myconf[@]}" +} + +src_install() { + emake install-nokeys DESTDIR="${D}" + fperms 600 /etc/ssh/sshd_config + dobin contrib/ssh-copy-id + newinitd "${FILESDIR}"/sshd.rc6.4 sshd + newconfd "${FILESDIR}"/sshd.confd sshd + keepdir /var/empty + + # not all openssl installs support ecc, or are functional #352645 + if ! grep -q '#define OPENSSL_HAS_ECC 1' config.h ; then + elog "dev-libs/openssl was built with 'bindist' - disabling ecdsa support" + sed -i 's:&& gen_key ecdsa::' "${ED}"/etc/init.d/sshd || die + fi + + newpamd "${FILESDIR}"/sshd.pam_include.2 sshd + if use pam ; then + sed -i \ + -e "/^#UsePAM /s:.*:UsePAM yes:" \ + -e "/^#PasswordAuthentication /s:.*:PasswordAuthentication no:" \ + -e "/^#PrintMotd /s:.*:PrintMotd no:" \ + -e "/^#PrintLastLog /s:.*:PrintLastLog no:" \ + "${ED}"/etc/ssh/sshd_config || die "sed of configuration file failed" + fi + + # Gentoo tweaks to default config files + cat <<-EOF >> "${ED}"/etc/ssh/sshd_config + + # Allow client to pass locale environment variables #367017 + AcceptEnv LANG LC_* + EOF + cat <<-EOF >> "${ED}"/etc/ssh/ssh_config + + # Send locale environment variables #367017 + SendEnv LANG LC_* + EOF + + # This instruction is from the HPN webpage, + # Used for the server logging functionality + if [[ -n ${HPN_PATCH} ]] && use hpn ; then + keepdir /var/empty/dev + fi + + if ! use X509 && [[ -n ${LDAP_PATCH} ]] && use ldap ; then + insinto /etc/openldap/schema/ + newins openssh-lpk_openldap.schema openssh-lpk.schema + fi + + doman contrib/ssh-copy-id.1 + dodoc ChangeLog CREDITS OVERVIEW README* TODO sshd_config + + diropts -m 0700 + dodir /etc/skel/.ssh + + systemd_dounit "${FILESDIR}"/sshd.{service,socket} + systemd_newunit "${FILESDIR}"/sshd_at.service 'sshd@.service' +} + +src_test() { + local t tests skipped failed passed shell + tests="interop-tests compat-tests" + skipped="" + shell=$(egetshell ${UID}) + if [[ ${shell} == */nologin ]] || [[ ${shell} == */false ]] ; then + elog "Running the full OpenSSH testsuite" + elog "requires a usable shell for the 'portage'" + elog "user, so we will run a subset only." + skipped="${skipped} tests" + else + tests="${tests} tests" + fi + # It will also attempt to write to the homedir .ssh + local sshhome=${T}/homedir + mkdir -p "${sshhome}"/.ssh + for t in ${tests} ; do + # Some tests read from stdin ... + HOMEDIR="${sshhome}" \ + emake -k -j1 ${t} </dev/null \ + && passed="${passed}${t} " \ + || failed="${failed}${t} " + done + einfo "Passed tests: ${passed}" + ewarn "Skipped tests: ${skipped}" + if [[ -n ${failed} ]] ; then + ewarn "Failed tests: ${failed}" + die "Some tests failed: ${failed}" + else + einfo "Failed tests: ${failed}" + return 0 + fi +} + +pkg_preinst() { + enewgroup sshd 22 + enewuser sshd 22 -1 /var/empty sshd +} + +pkg_postinst() { + if has_version "<${CATEGORY}/${PN}-5.8_p1" ; then + elog "Starting with openssh-5.8p1, the server will default to a newer key" + elog "algorithm (ECDSA). You are encouraged to manually update your stored" + elog "keys list as servers update theirs. See ssh-keyscan(1) for more info." + fi + ewarn "Remember to merge your config files in /etc/ssh/ and then" + ewarn "reload sshd: '/etc/init.d/sshd reload'." + # This instruction is from the HPN webpage, + # Used for the server logging functionality + if [[ -n ${HPN_PATCH} ]] && use hpn ; then + echo + einfo "For the HPN server logging patch, you must ensure that" + einfo "your syslog application also listens at /var/empty/dev/log." + fi +} |