diff options
author | V3n3RiX <venerix@koprulu.sector> | 2024-02-07 03:59:02 +0000 |
---|---|---|
committer | V3n3RiX <venerix@koprulu.sector> | 2024-02-07 03:59:02 +0000 |
commit | 632aa90c53a31517c5d2259537aadc192434a332 (patch) | |
tree | d466e8c0d3bf25eda998e2f04dc4872de416d117 /net-misc/openssh-contrib | |
parent | 6bdf113f9fe24f179ee150bada14098e20e87476 (diff) |
gentoo auto-resync : 07:02:2024 - 03:59:02
Diffstat (limited to 'net-misc/openssh-contrib')
-rw-r--r-- | net-misc/openssh-contrib/Manifest | 28 | ||||
-rw-r--r-- | net-misc/openssh-contrib/files/openssh-9.6_p1-hpn-version.patch | 13 | ||||
-rw-r--r-- | net-misc/openssh-contrib/openssh-contrib-9.3_p1.ebuild | 532 | ||||
-rw-r--r-- | net-misc/openssh-contrib/openssh-contrib-9.3_p2.ebuild | 507 | ||||
-rw-r--r-- | net-misc/openssh-contrib/openssh-contrib-9.6_p1.ebuild (renamed from net-misc/openssh-contrib/openssh-contrib-9.4_p1-r1.ebuild) | 10 |
5 files changed, 25 insertions, 1065 deletions
diff --git a/net-misc/openssh-contrib/Manifest b/net-misc/openssh-contrib/Manifest index 876b46d13bfb..1d38222208e5 100644 --- a/net-misc/openssh-contrib/Manifest +++ b/net-misc/openssh-contrib/Manifest @@ -11,39 +11,27 @@ AUX openssh-9.0_p1-X509-uninitialized-delay.patch 321 BLAKE2B 19bff0fc7ecdc6350f AUX openssh-9.3_p1-deny-shmget-shmat-shmdt-in-preauth-privsep-child.patch 514 BLAKE2B d0dadfc57736cd4d2b04e46f5c0f6d5a1db1cfc7ee70d32afaa0f65269b82e66a72c46d33c9cbf7237f541a0485b25669cd2f4b34393e3a3ef0c9b4334092fe5 SHA512 f8badde54501340bde275951bc1cf653919bec02c760bf771308f10697b9ad2a483e30ae74ad124a737341f5c64657ab193a4d7fdf2baf24029b9447099da04b AUX openssh-9.3_p1-openssl-version-compat-check.patch 2588 BLAKE2B 635e9d4e0ca515d4da190075371b85b5c1885fd7d9b621d6f21399be0faf0be96e5e31875611392386b897f74087d75a00203a74c9f9ecf0be447bf354fcf4a2 SHA512 a27afa1b07a47f0ecf74d30ca85e7b4f8c79857c8019d274aeaed88b81149ce6241fd16f1023f14dbdc701e8c9d8671f6aadda2e21d620a47af8778b8531b991 AUX openssh-9.3_p2-zlib-1.3.patch 671 BLAKE2B 44a974e83faaee7336898227bc6f14ff4ab6e8e91e2d8f61d22f45b4d73e57a79b505143620d3a910c6e7cea91ab406e10ffcf23a802f447843f5c2836e37c34 SHA512 d2e5992c783b46b4859501aa32aa7b0acc5ec9e512589e18faebfa8660c52a3ad9ffa3d5a4cd5ba9a5fadb7ab86e51c32714dd23325054b05fa07194bd86f7d7 +AUX openssh-9.6_p1-hpn-version.patch 552 BLAKE2B 4fccbb5239b9e856b01c796216ef73aaeeee0676cafc9274d225047b0196d26601073d06c8bb443361cdf89229fb052b6760273facec3e505d2bf80135f15235 SHA512 46dc0cf3bf94237d582f1c363723f22e0bbf6c435f649776766690d2595f07012e2e65a3e73f1c18dbe564885e690ce1449c3e6bf63778fe4220b4c897928f9c AUX sshd-r1.confd 774 BLAKE2B df3f3f28cb4d35b49851399b52408c42e242ae3168ff3fc79add211903567da370cfe86a267932ca9cf13c3afbc38a8f1b53e753a31670ee61bf8ba8747832f8 SHA512 3a69752592126024319a95f1c1747af508fd639c86eca472106c5d6c23d5eeaa441ca74740d4b1aafaa0db759d38879e3c1cee742b08d6166ebc58cddac1e2fe AUX sshd-r1.initd 2675 BLAKE2B 47e87cec2d15b90aae362ce0c8e8ba08dada9ebc244e28be1fe67d24deb00675d3d9b8fef40def8a9224a3e2d15ab717574a3d837e099133c1cf013079588b55 SHA512 257d6437162b76c4a3a648ecc5d4739ca7eaa60b192fde91422c6c05d0de6adfa9635adc24d57dc3da6beb92b1b354ffe8fddad3db453efb610195d5509a4e27 AUX sshd.pam_include.2 156 BLAKE2B 91ebefbb1264fe3fe98df0a72ac22a4cd8a787b3b391af5769798e0b0185f0a588bc089d229c76138fd2db39fbe6bd33924f0d53e0513074d9c2d7abf88dcb78 SHA512 d3f7e6ca8c9f2b5060ebccb259316bb59c9a7e158e8ef9466765a20db263a4043a590811f1a3ab072b718dbd70898bc69b77e0b19603d7f394b5ac1bd0a4a56c AUX sshd.service.1 298 BLAKE2B 7a4f2e2656096b09a8b435d393ea9b0a7bd10a2a9f0e9d9cf49b9ae9600cccfb19a64e09f4cf718e8054fc997f21656f609eb3af15ee2e3576531a88b5709842 SHA512 efc936ca412999e3b1acabe6cf4e87c033fe468cede1c3c499499e252cf7cdeca0841e5e1862ebe316ff3f4bf758fba674f08d081b403713e154b6bbc37da365 AUX sshd.socket 136 BLAKE2B 22e218c831fc384a3151ef97c391253738fa9002e20cf4628c6fe3d52d4b0ac3b957da58f816950669d0a6f8f2786251c6dfc31bbb863f837a3f52631341dc2e SHA512 4d31d373b7bdae917dc0cf05418c71d4743e98e354aefcf055f88f55c9c644a5a0e0e605dbb8372c1b98d17c0ea1c8c0fee27d38ab8dbe23c7e420a6a78c6d42 AUX sshd_at.service.1 163 BLAKE2B b5c77d69e3860d365ba96a5b2fe14514bda9425e170fc7f324dcaf95fb02756ef9c5c2658904e812232f40fac9a3c2f4abf61b9129038bde66bb7d3a992d2606 SHA512 fbfe0aed3a5e99f15dc68838975cc49a206d697fb3549d8b31db25617dc7b7b8dd2397d865d89f305d5da391cd56a69277c2215c4335fccb4dd6a9b95ba34e2f -DIST openssh-8_5_P1-hpn-AES-CTR-15.2.diff 30096 BLAKE2B f0c020dd2403806c79d4c37a019996d275655b04997301e247f5c4dd7fad35d12b3b7c25afb1b078d915ef2a4ae02f736f0aec9ba2a8c56a405d7ca303bcadf7 SHA512 4c2dbf99a9b5953fdb955f700272bbaeaa025f108a8860d2190197962b849f8385327af82c4d6a3a130a7fba35a74a8ec9437d642867601acb29817c49632a8f DIST openssh-8_5_P1-hpn-DynWinNoneSwitch-15.2.diff 51428 BLAKE2B 370b88a7da7f148bf5a4d445f05cf593b486e9df53bba027e2e179726f534b68cf9d94edd6e53024e0b6ff5f20e568727bc9d26c94d0d415603602a80d3ad241 SHA512 2d8d887901164b33b2799ff3ec72e86a39ae4a1696e52bcee0872dbae7772fcc534351e6e7f87126ee71b164c74e9091350f14b782f4b242a09f09b4f50d047a DIST openssh-8_5_P1-hpn-PeakTput-15.2.diff 2429 BLAKE2B 849bf3c313719ab7a25c75e82d5dc5ac98365a038b2a66fe58d01eae5b20c7777258b94b5830e799d6909e75c69753cda05a910f3bdab9606fb7d5efa68e05f1 SHA512 c4a56fab55fabd1d902d45f235b603708d43f969920e45c9a57e557dccfa9cade2ec61f26d1ace938f6f73e79f17b12f119b5aea9166cbda8e3435b910500914 -DIST openssh-9.3_p1-X509-glue-14.1.1.patch.xz 936 BLAKE2B f1716ff7801a27aa2aad06f1cca2ca6988eef65fb0ddcbde483e5c9205506ca40b658f5c8c40b2625afb38ff9b56e40831eadcf751c8ee1c11f69ec559f3c147 SHA512 dace01bcf22b625cd00e18ce019b0be31b6f47f714845f3ebb98ebee41b4db0a769fa09cab63ea17536a7106ec90f2b15f87696ae49fa6f6e31bad94ae09719d -DIST openssh-9.3_p1-hpn-15.2-X509-14.1.1-glue.patch.xz 6224 BLAKE2B 47c7054648e8d795b0d9e563d8313242c917df8a3620a60cff2d77f9ae8482cec861244e0f1433f711922f0704b775b7183284960a3baa48a27b99979ad7ffa3 SHA512 728cf2586bcc9480afe71b5106e2286b925857a9e04dce79f744b36cbe3ec2844ac5b4a6bd4b64117f32ad1b04c0943b9d6f935eee826202871588ed9a167387 -DIST openssh-9.3_p1-hpn-15.2-glue.patch.xz 5044 BLAKE2B 73205bd8f702612df7cb6f29e8b353df854428974dc20d5938033157da64418317f326ab8118893dc47173cd871dc7654a3e3ed601289744560becc98729cd3f SHA512 343b77109158b9af5d8d57f4ac7968bce8277fa3b4dcaa19b76593620fbddbfa832bd76c0da52e12179fe5f391f9fef67e7af51b138ab8cc69a8a6471b6a3909 -DIST openssh-9.3_p2-X509-glue-14.1.1.patch.xz 116132 BLAKE2B 7e2b5aa4569a27943cb701dccbca8224e64130a4bce46ce8ba7978a93d3a410fe46957694475fafd51177dbbefa28fc613d9bf69aa436541b03e83dc9b9497ba SHA512 df67a40f27c8af029c3d84e44bd74115e16bfe98efc039bd1f5661c22c5ab1213c2970a80c017775e828f6c5b4e2e815eff28c745888b0dba1ef6c259943ba20 -DIST openssh-9.3_p2-hpn-15.2-X509-14.1.1-glue.patch.xz 5056 BLAKE2B aea1d9dd10abb5dd85d304fb4a415c5fb8b237dd82d8f39c092622d85b51751336f18bff5feb80e9a165e171b92eeeef471272210d926327a649961eb640cb8b SHA512 6d384ad9b3bebc4b90550e089b6c3c8d2959880a2510bea5bd7d723dd831815929dbf67a882105f22b3dd2eef6ed82dea89343175499a57d8e0f6b56ec6abfd6 DIST openssh-9.3_p2-hpn-15.2-glue.patch.xz 4728 BLAKE2B 9e3c04a289d0a94b03b871027f4f8476e3981602f5a2d9ac8a8602e08d01248a72c48126ff53a174c8dc95f6bd8608ba75bbc74f5eb427e4ecbe7c7794c7c200 SHA512 bb42d001f89b8eb3a5af813d4c526548e13467deeb2811384b473e61c86e6e766aabb9652867953c0f979533ea70111145c424298f11df4faf05e43fb8b1f439 -DIST openssh-9.3p1+x509-14.1.1.diff.gz 1221335 BLAKE2B 9203fbb6955fe44ebd7ed031245a90b8df7e149a6ad3205097ffd5d2d7655a0e6b8cd2e20d7f7216fbc6d3e8bd0a1453f3fc028f04e96c0f244ad0772a0e30ab SHA512 8a1036d680d25f99e1a24ea77a2c303e807c0f5c5323043684da9fcc9ff603f80384688935a654cc97216f84f85f00f590dc35d2ee2b1f0fb169f8b427559b2d -DIST openssh-9.3p1-sctp-1.2.patch.xz 6836 BLAKE2B d12394ecaa7eca6e0b3590cea83b71537edc3230bc5f7b2992a06a67c77247cc4156be0ba151038a5baee1c3f105f76f1917cc5aad08d1aadadfd6e56858781b SHA512 ba5af014e5b825bf4a57368416a15c6e56afd355780e4c5eab44a396c3f4276ac4d813c5c15b83f3b8edf4763855221743796c038433b292fda9417f0b274a71 -DIST openssh-9.3p1.tar.gz 1856839 BLAKE2B 45578edf98bba3d23c7cefe60d8a7d3079e7c6676459f7422ace7a2461ab96943fbcadb478633a80f40bc098f2435722850b563714adb78b14922be53cb5753d SHA512 087ff6fe5f6caab4c6c3001d906399e02beffad7277280f11187420c2939fd4befdcb14643862a657ce4cad2f115b82a0a1a2c99df6ee54dcd76b53647637c19 -DIST openssh-9.3p1.tar.gz.asc 833 BLAKE2B e6533d64b117a400b76b90f71fa856d352dea57d91e4e89fa375429403ac0734cc0a2f075bc58c6bb4f40a8f9776735aa36bdb0bbf3880a2115cea787633e48b SHA512 6222378eb24a445c6c1db255392b405f5369b1af0e92f558d4ba05b0d83ab0d084cb8f4b91d7ae8636f333d970638a6635e2bc7af885135dd34992d87f2ef1f4 -DIST openssh-9.3p2.tar.gz 1835850 BLAKE2B 38f8d4ada263112b318fafccabf0a33a004d8290a867434004eb3d37127c9bdabe6e0225fca9d6d68fb54338fec81dcc9313ca7c91d3a033311db44174dc9f6f SHA512 15b8c57aa120186f1d1c3c2b8dc6ffd26733e12f755a6b0a4255d9ec1815a61506275ff5723b4ac029e44bc2ad22852ac36e1101f292348fbfa79aa1a4cd3f35 -DIST openssh-9.3p2.tar.gz.asc 833 BLAKE2B cfba3867d7f97cb2c904bd3ae111bd63e8a050464b66e3f3f22390839a153d57ef5819182f8ad99a6b520f27881143552dc64fccfc33dcc0483ffe1ef33a5a47 SHA512 759e512a36a3a62264803b517298a65c83e1daebd9867e28ea1ca4999c38539368815ccda86540a4f5d45fa79c539d8242995ba55f2918baf2a7404c105e337a -DIST openssh-9.4_p1-X509-glue-14.2.1.patch.xz 904 BLAKE2B 64dd3f145858d7d6b6625fa565a882f7ab43faf78233a2a78b7b13fc1d417ae67c675bebc09dd1343b3504af0c2c47a1fda6ac77a11238e1d2dabcdd394253e9 SHA512 542263bae6135c0493a16c63526da6b98cc425e01f2a1e332156bca4d3d7c7e91cfe1cd86f32c5f67097275eeb543b356faacad665c2a36c22843e2e00d19e10 -DIST openssh-9.4_p1-hpn-15.2-X509-14.2-glue.patch.xz 5144 BLAKE2B 324dff4cccc027825b8400225cf322a6882caca30aa567a1bea405142ff9f9ed143b837ef8082011342ae6d22033c22e34499f930d0b9ca1e3c241cac7c15e99 SHA512 e63b2187d3f210ce897b6696b02a364f4f212c1290f7b9bbcceeb15325555427254c54366b7da059ce3cf99e595457e69d8edff4fcb7c18021c7530dea1df4bb -DIST openssh-9.4p1+x509-14.2.1.diff.gz 1221969 BLAKE2B 67b06648aafd849fdcb4c54c4a841c46b6a97d53d7ebdefe6110aba7a0877833ebb2a8d22a1e51a748051f889ba08cc1501ea0e9e221fef2f5c0e8caad170983 SHA512 d90dc7bde008ab793d9f85f1b4b0687f1d084fdf2fc6cfd229748424ddcc4664f558be44fee73d72e88bc99e03a5dd1ec57138a82f77b82e0f65d14bd3ef545a -DIST openssh-9.4p1.tar.gz 1845094 BLAKE2B d13d758129cce947d3f12edb6e88406aad10de6887b19ffa3ebd8e382b742a05f2a692a8824aec99939f6c7e13fbccc3bb14e5ee112f9a9255d4882eb87dcf53 SHA512 0aaedeced7dbc70419c7245eb0e9db4ef570e0e7739b890ebae04d56da5fe8d147e8e150f3c943f60730976569e3ac6cc8da62ec7e2a78e2ef47d295ca0b1d25 -DIST openssh-9.4p1.tar.gz.asc 833 BLAKE2B 95eedd9356766e5d0ea1261da3dc4c7869f054b418c626fb35815a0aa655b1ddbf54436b437d98c4344b05c9196c8fa1f592eac07b3ccf08bd3e980f8b6955af SHA512 983b4ebaa3b98e70831ce686cb503270926c065163a2510eef0c5102ef50b6e665b889ee15ea8c0bd7c4bbddb19270f036e1d554a8212ef2c292f9c682c8631a DIST openssh-9.5_p1-X509-glue-14.3.patch.xz 788 BLAKE2B 641c9936639a7629f6ae82d56f48b9dd39e58087024fe04259e2be5aef3b484a3f8ba6c91e603dd4f80d03c92490ee85cbaccff1e40e4f7ee1064c4a1ac9f191 SHA512 8f9255e3f8a682d7c82125a6064cdd8a80616e4b699a4c101515f15af7185a6b0b98efa246e0ed97a278f377ea616daf2dd98d0dc479c24d1ac3a76c12cd97ec DIST openssh-9.5_p1-hpn-15.2-X509-14.3-glue.patch.xz 5132 BLAKE2B 82a30622e67fab233591f6b30c634f2f8383eda77de163b6139ca9892c0485d8f174901e5e6788f6c911e0859e563ac6a9022e99099507f76a59908770474e78 SHA512 697b2ce1b2b0aa1bcf95b76b3bc79de7d8793a3c2975bc3bfb23a64fd3a9133df9fd0831848f9388b21f7f1fd597824b221d45b9380ee26beb60040596386d61 DIST openssh-9.5p1+x509-14.3.diff.gz 1224337 BLAKE2B f695711eeab6b40a8660ac897961068738cb5941c799243888d5a90f56cf4b308803dd88d3d97d7932a72b82ebc269e20c7d142076fb3b03def1245491da0497 SHA512 a7798e2a40a81df882911c485fa240584713135df59c6dab720597b6ef60ecfac85ebd595983d7c5ce8625b758eeb777fe1462845976a2674cad339dadc0719a DIST openssh-9.5p1.tar.gz 1843001 BLAKE2B 55dbb0a2792b0046c943a19ca0966660e6e378e77856e94823a1bbbafaa0da94357403765c4c028aebf6543049a0f9bbe0019629be3f92cdadfac1be56def796 SHA512 e183fdf7477fd986215b889eea4a945d71385e35305746ccb164e757ecc28166f429c70890a237d8ef4cdcae5132935ba2ecb3b2a658eb73a6afcf6f42277b9c DIST openssh-9.5p1.tar.gz.asc 833 BLAKE2B abec3d14d9a880008db202be00ed446ccc0a98ce77c16a9e6d6492feac07c8f3284f9cd24f6ee1d904a55f9f23d5cce8a716916975c179a38ef6bde1d36e0acf SHA512 2b6de653420ba02eb99c7e6fba09af3bacfe9c701f3dfc3c94f41a3539c0414954fc5c64cce63c488c5ccd5d4ddb42d3f2184ff7f323342c885c47bf7d426ca1 -EBUILD openssh-contrib-9.3_p1.ebuild 19039 BLAKE2B 94e389a38544fe3f686118d09c1109b8f1c50b370759dc09546b5b10923c11b00ece2ed15d366f716d354877e836ec6cf4c1ae4e2e0413211a4b436aa486fecd SHA512 97fe43612d979ca2cdffa15227f9ae24baaa23f76956a2077c3a7f8bb2a28fa9fc0602c633bbd949795bd77c8b56b4a3fc39e0ffaf13c5f189b5699334ec8a25 -EBUILD openssh-contrib-9.3_p2.ebuild 17972 BLAKE2B abef8c6237fe9346b1256ce01816632416bf6f1f3e556ccca6ebc2297936254fa6d09e32c22d556e2b356061569ccf3667a09c2f1c184c4816e342c7966a4d0f SHA512 0ef78eec7f698c86c0602695f12cdf85bd7d39517c16a9635fbb9d26062f9e14d2c1375ada78f46a27f217f788286081616912607eab55592a323c9d2ca603bd -EBUILD openssh-contrib-9.4_p1-r1.ebuild 17918 BLAKE2B 3d06e530ffbfe6e8286c2b2b9973a1a55d964f1b8871fc743341c37b998c3d2476a65fd0516f41055c1ff007c05fd3226e56f4a560dfe1e753308d6dc8573ad3 SHA512 27b1351c93f942d154309eb8a52670c1fdcb92bac89c03bd023eca35a2d7833f11878918ea3e3cfb349d576fbe9b1695e9895f33af7a9b4511965ea54900d279 +DIST openssh-9.6_p1-X509-glue-14.4.2.patch.xz 1516 BLAKE2B 49f1d100e1b84f051aee599547562bab17b313d097b9b16b7c3ad94fb76e31b04fc101b1824f011507033e9c5744ee0207cb751865576f92501bc442076afe8b SHA512 a09bd2ed9b9d0edfa691c2f99699261c17c9441e188ba870c1f2ceff28817af979a29a7b5c1bbfe9fbeb343241cc00b232099791cc30d665700fcbebdae07139 +DIST openssh-9.6_p1-hpn-15.2-X509-14.4.2-glue.patch.xz 5472 BLAKE2B a92ca0746cd48b1580e0a73dcae5d6e141988d3239d09a2f07de376833d14ca2434185b5fdb444fb6821da9ff75ce0c63c86404299e977d3c86050d3a116fc47 SHA512 2690f158bf1f5d1512f80c9c8d86006339a461a0bf229e41c62b75d28a9b45cb5392680fbb633415c27c3abfaa1906c170cd1d18679a2be81a1367361fd98afa +DIST openssh-9.6_p1-hpn-15.2-glue.patch.xz 5028 BLAKE2B 74970dc9f244eea2e35270c9abe67bdf0f05a3ddb33ffe6ce54056ade3fbec2abe9cb60e92ea889b01be7429dfd754f2986b175cdb014aab721421e1a4952c87 SHA512 1edafed18b1fd5d64844a3d121aacbf38dcde2b90adc9b4533f3192f1335365736e9cfd82f7c847980c9b1c1b72ee39470b38d6758b3a8f5ed59796d5005492b +DIST openssh-9.6p1+x509-14.4.2.diff.gz 1243845 BLAKE2B 19ed0e174d06f4722b0f244e2c41098422fec88372d77e7c64bed2c00f4d4842b8f517d3f49958febd7a640f0582497fcaf64774fd0a04fbdc8c06b7f0ce5311 SHA512 247a088bbe7fe2bced0ec6e7f3d1fc34c3b81ce43ade9312a769c4495c7adf60d8a9ad2afb25e52fdea2f60888330de05375fbe24cd5b86a2f173e160ddb7bb8 +DIST openssh-9.6p1.tar.gz 1857862 BLAKE2B dd7f6747fe89f7b386be4faaf7fc43398a9bf439e45608ae61c2126cf8743c64ef7b5af45c75e9007b0bda525f8809261ca0f2fc47ce60177ba769a5324719dd SHA512 0ebf81e39914c3a90d7777a001ec7376a94b37e6024baf3e972c58f0982b7ddef942315f5e01d56c00ff95603b4a20ee561ab918ecc55511df007ac138160509 +DIST openssh-9.6p1.tar.gz.asc 833 BLAKE2B 9363d02f85457aa90069020827306a2f49d8406e32f5ee1d231844648dd2ffa02fa9b7325b8677a11e46a0ba0d9ffc86d9c989435d691a02f5354a956c49f9f9 SHA512 aec5a5bd6ce480a8e5b5879dc55f8186aec90fe61f085aa92ad7d07f324574aa781be09c83b7443a32848d091fd44fb12c1842d49cee77afc351e550ffcc096d EBUILD openssh-contrib-9.5_p1.ebuild 17863 BLAKE2B 812d2a7f5adbf44f002532c491e3832946b9c79fb639bea59dce09333cc3bb3c277564c34b4d015b8a7ed6c39cd1f84183e9fac976ebf4a631dea053cc81d3c2 SHA512 25ba6ff44cd06a8188e92c8dd7f6c9985f2dd55bd6f9999849f0ece7068602b184cf3a472cd8b8028abfac726818bfdd55cb9c63768937fa65b8a400fcde57a0 +EBUILD openssh-contrib-9.6_p1.ebuild 17817 BLAKE2B 46035746ddbc1d8648f8bebd820bc05546945bb648c451c144caf3a794f8e07e0660223f63c7a7042956201aa895de1192642db1400275fa724fdbbde5d04daf SHA512 d27da5969af231b409acd38b49c60a81316524db41cc8725b7f80c7d8c9c636c498427f1853575c17af2e71f1684614d4d1158bc87bbdecaed9da05b44222003 MISC metadata.xml 2975 BLAKE2B 068d52ba2e5de0b696e7fe995e4c2a041206a59258f24704ca3a72fe1d85323c2aad7899f055b48a4045d6303491822c59f2b86b85fc428a26f8259ea583796a SHA512 83fef701188c00af53382b5099fc2ebf83c903c3edefc3d2cf6deb0a667c0d0d9531c18728eef9b5b703903d31fbdb55a68e5b76890ea090bc1d79fef3ae6b89 diff --git a/net-misc/openssh-contrib/files/openssh-9.6_p1-hpn-version.patch b/net-misc/openssh-contrib/files/openssh-9.6_p1-hpn-version.patch new file mode 100644 index 000000000000..95a69815b822 --- /dev/null +++ b/net-misc/openssh-contrib/files/openssh-9.6_p1-hpn-version.patch @@ -0,0 +1,13 @@ +diff --git a/kex.c b/kex.c +index 34808b5c..88d7ccac 100644 +--- a/kex.c ++++ b/kex.c +@@ -1205,7 +1205,7 @@ kex_exchange_identification(struct ssh *ssh, int timeout_ms, + if (version_addendum != NULL && *version_addendum == '\0') + version_addendum = NULL; + if ((r = sshbuf_putf(our_version, "SSH-%d.%d-%s%s%s\r\n", +- PROTOCOL_MAJOR_2, PROTOCOL_MINOR_2, SSH_VERSION, ++ PROTOCOL_MAJOR_2, PROTOCOL_MINOR_2, SSH_RELEASE, + version_addendum == NULL ? "" : " ", + version_addendum == NULL ? "" : version_addendum)) != 0) { + oerrno = errno; diff --git a/net-misc/openssh-contrib/openssh-contrib-9.3_p1.ebuild b/net-misc/openssh-contrib/openssh-contrib-9.3_p1.ebuild deleted file mode 100644 index 19a0942bb7d5..000000000000 --- a/net-misc/openssh-contrib/openssh-contrib-9.3_p1.ebuild +++ /dev/null @@ -1,532 +0,0 @@ -# Copyright 1999-2024 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -EAPI=8 - -inherit user-info flag-o-matic autotools pam systemd toolchain-funcs verify-sig - -# Make it more portable between straight releases -# and _p? releases. -MY_P=${P/-contrib/} -PARCH=${MY_P/_} - -# PV to USE for HPN patches -#HPN_PV="${PV^^}" -HPN_PV="8.5_P1" - -HPN_VER="15.2" -HPN_PATCHES=( - openssh-${HPN_PV/./_}-hpn-DynWinNoneSwitch-${HPN_VER}.diff - openssh-${HPN_PV/./_}-hpn-AES-CTR-${HPN_VER}.diff - openssh-${HPN_PV/./_}-hpn-PeakTput-${HPN_VER}.diff -) -HPN_GLUE_PATCH="openssh-9.3_p1-hpn-${HPN_VER}-glue.patch" -HPN_PATCH_DIR="HPN-SSH%%20${HPN_VER/./v}%%20${HPN_PV/_P/p}" - -SCTP_VER="1.2" -SCTP_PATCH="${PARCH}-sctp-${SCTP_VER}.patch.xz" - -X509_VER="14.1.1" -X509_PATCH="${PARCH}+x509-${X509_VER}.diff.gz" -X509_GLUE_PATCH="openssh-${PV}-X509-glue-${X509_VER}.patch" -X509_HPN_GLUE_PATCH="openssh-9.3_p1-hpn-${HPN_VER}-X509-${X509_VER}-glue.patch" - -DESCRIPTION="Port of OpenBSD's free SSH release with HPN/SCTP/X509 patches" -HOMEPAGE="https://www.openssh.com/" -SRC_URI="mirror://openbsd/OpenSSH/portable/${PARCH}.tar.gz - ${SCTP_PATCH:+sctp? ( https://dev.gentoo.org/~chutzpah/dist/openssh/${SCTP_PATCH} )} - ${HPN_VER:+hpn? ( - $(printf "mirror://sourceforge/project/hpnssh/Patches/${HPN_PATCH_DIR}/%s\n" "${HPN_PATCHES[@]}") - https://dev.gentoo.org/~chutzpah/dist/openssh/${HPN_GLUE_PATCH}.xz - )} - ${X509_VER:+X509? ( - https://roumenpetrov.info/openssh/x509-${X509_VER}/${X509_PATCH} - https://dev.gentoo.org/~chutzpah/dist/openssh/${X509_GLUE_PATCH}.xz - ${HPN_VER:+hpn? ( https://dev.gentoo.org/~chutzpah/dist/openssh/${X509_HPN_GLUE_PATCH}.xz )} - )} - verify-sig? ( mirror://openbsd/OpenSSH/portable/${PARCH}.tar.gz.asc ) -" -VERIFY_SIG_OPENPGP_KEY_PATH=/usr/share/openpgp-keys/openssh.org.asc -S="${WORKDIR}/${PARCH}" - -LICENSE="BSD GPL-2" -SLOT="0" -#KEYWORDS="~amd64" -# Probably want to drop ssl defaulting to on in a future version. -IUSE="abi_mips_n32 audit debug hpn kerberos ldns libedit livecd pam +pie sctp security-key selinux +ssl static test X X509 xmss" - -RESTRICT="!test? ( test )" - -REQUIRED_USE=" - hpn? ( ssl ) - ldns? ( ssl ) - pie? ( !static ) - static? ( !kerberos !pam ) - X509? ( !sctp ssl !xmss ) - xmss? ( ssl ) - test? ( ssl ) -" - -# tests currently fail with XMSS -REQUIRED_USE+="test? ( !xmss )" - -LIB_DEPEND=" - audit? ( sys-process/audit[static-libs(+)] ) - ldns? ( - net-libs/ldns[static-libs(+)] - net-libs/ldns[ecdsa(+),ssl(+)] - ) - libedit? ( dev-libs/libedit:=[static-libs(+)] ) - sctp? ( net-misc/lksctp-tools[static-libs(+)] ) - security-key? ( >=dev-libs/libfido2-1.5.0:=[static-libs(+)] ) - selinux? ( >=sys-libs/libselinux-1.28[static-libs(+)] ) - ssl? ( >=dev-libs/openssl-1.1.1l-r1:0=[static-libs(+)] ) - virtual/libcrypt:=[static-libs(+)] - >=sys-libs/zlib-1.2.3:=[static-libs(+)] -" -RDEPEND=" - !net-misc/openssh - acct-group/sshd - acct-user/sshd - !static? ( ${LIB_DEPEND//\[static-libs(+)]} ) - pam? ( sys-libs/pam ) - kerberos? ( virtual/krb5 ) -" -DEPEND="${RDEPEND} - virtual/os-headers - kernel_linux? ( !prefix-guest? ( >=sys-kernel/linux-headers-5.1 ) ) - static? ( ${LIB_DEPEND} ) -" -RDEPEND="${RDEPEND} - pam? ( >=sys-auth/pambase-20081028 ) - !prefix? ( sys-apps/shadow ) - X? ( x11-apps/xauth ) -" -# Weird dep construct for newer gcc-config for bug #872416 -BDEPEND=" - dev-build/autoconf - virtual/pkgconfig - || ( - >=sys-devel/gcc-config-2.6 - >=sys-devel/clang-toolchain-symlinks-14-r1:14 - >=sys-devel/clang-toolchain-symlinks-15-r1:15 - >=sys-devel/clang-toolchain-symlinks-16-r1:* - ) - verify-sig? ( sec-keys/openpgp-keys-openssh ) -" - -PATCHES=( - "${FILESDIR}/openssh-7.9_p1-include-stdlib.patch" - "${FILESDIR}/openssh-8.7_p1-GSSAPI-dns.patch" #165444 integrated into gsskex - "${FILESDIR}/openssh-6.7_p1-openssl-ignore-status.patch" - "${FILESDIR}/openssh-7.5_p1-disable-conch-interop-tests.patch" - "${FILESDIR}/openssh-8.0_p1-fix-putty-tests.patch" - "${FILESDIR}/openssh-9.3_p1-deny-shmget-shmat-shmdt-in-preauth-privsep-child.patch" - "${FILESDIR}/openssh-8.9_p1-allow-ppoll_time64.patch" #834019 - "${FILESDIR}/openssh-8.9_p1-gss-use-HOST_NAME_MAX.patch" #834044 - "${FILESDIR}/openssh-9.3_p1-openssl-version-compat-check.patch" - "${FILESDIR}/openssh-9.3_p2-zlib-1.3.patch" #912767 -) - -pkg_pretend() { - # this sucks, but i'd rather have people unable to `emerge -u openssh` - # than not be able to log in to their server any more - local missing=() - check_feature() { use "${1}" && [[ -z ${!2} ]] && missing+=( "${1}" ); } - check_feature hpn HPN_VER - check_feature sctp SCTP_PATCH - check_feature X509 X509_PATCH - if [[ ${#missing[@]} -ne 0 ]] ; then - eerror "Sorry, but this version does not yet support features" - eerror "that you requested: ${missing[*]}" - eerror "Please mask ${PF} for now and check back later:" - eerror " # echo '=${CATEGORY}/${PF}' >> /etc/portage/package.mask" - die "Missing requested third party patch." - fi - - # Make sure people who are using tcp wrappers are notified of its removal. #531156 - if grep -qs '^ *sshd *:' "${EROOT}"/etc/hosts.{allow,deny} ; then - ewarn "Sorry, but openssh no longer supports tcp-wrappers, and it seems like" - ewarn "you're trying to use it. Update your ${EROOT}/etc/hosts.{allow,deny} please." - fi -} - -src_unpack() { - default - - # We don't have signatures for HPN, X509, so we have to write this ourselves - use verify-sig && verify-sig_verify_detached "${DISTDIR}"/${PARCH}.tar.gz{,.asc} -} - -src_prepare() { - sed -i \ - -e "/_PATH_XAUTH/s:/usr/X11R6/bin/xauth:${EPREFIX}/usr/bin/xauth:" \ - pathnames.h || die - - # don't break .ssh/authorized_keys2 for fun - sed -i '/^AuthorizedKeysFile/s:^:#:' sshd_config || die - - eapply -- "${PATCHES[@]}" - - [[ -d ${WORKDIR}/patches ]] && eapply "${WORKDIR}"/patches - - local PATCHSET_VERSION_MACROS=() - - if use X509 ; then - pushd "${WORKDIR}" &>/dev/null || die - eapply "${WORKDIR}/${X509_GLUE_PATCH}" - popd &>/dev/null || die - - eapply "${WORKDIR}"/${X509_PATCH%.*} - eapply "${FILESDIR}/openssh-9.0_p1-X509-uninitialized-delay.patch" - - # We need to patch package version or any X.509 sshd will reject our ssh client - # with "userauth_pubkey: could not parse key: string is too large [preauth]" - # error - einfo "Patching package version for X.509 patch set ..." - sed -i \ - -e "s/^AC_INIT(\[OpenSSH\], \[Portable\]/AC_INIT([OpenSSH], [${X509_VER}]/" \ - "${S}"/configure.ac || die "Failed to patch package version for X.509 patch" - - einfo "Patching version.h to expose X.509 patch set ..." - sed -i \ - -e "/^#define SSH_PORTABLE.*/a #define SSH_X509 \"-PKIXSSH-${X509_VER}\"" \ - "${S}"/version.h || die "Failed to sed-in X.509 patch version" - PATCHSET_VERSION_MACROS+=( 'SSH_X509' ) - fi - - if use sctp ; then - eapply "${WORKDIR}"/${SCTP_PATCH%.*} - - einfo "Patching version.h to expose SCTP patch set ..." - sed -i \ - -e "/^#define SSH_PORTABLE/a #define SSH_SCTP \"-sctp-${SCTP_VER}\"" \ - "${S}"/version.h || die "Failed to sed-in SCTP patch version" - PATCHSET_VERSION_MACROS+=( 'SSH_SCTP' ) - - einfo "Disabling known failing test (cfgparse) caused by SCTP patch ..." - sed -i \ - -e "/\t\tcfgparse \\\/d" \ - "${S}"/regress/Makefile || die "Failed to disable known failing test (cfgparse) caused by SCTP patch" - fi - - if use hpn ; then - local hpn_patchdir="${T}/openssh-${PV}-hpn${HPN_VER}" - mkdir "${hpn_patchdir}" || die - cp $(printf -- "${DISTDIR}/%s\n" "${HPN_PATCHES[@]}") "${hpn_patchdir}" || die - pushd "${hpn_patchdir}" &>/dev/null || die - eapply "${WORKDIR}/${HPN_GLUE_PATCH}" - use X509 && eapply "${WORKDIR}/${X509_HPN_GLUE_PATCH}" - use sctp && eapply "${FILESDIR}"/openssh-8.5_p1-hpn-${HPN_VER}-sctp-glue.patch - popd &>/dev/null || die - - eapply "${hpn_patchdir}" - - use X509 || eapply "${FILESDIR}/openssh-8.6_p1-hpn-version.patch" - - einfo "Patching Makefile.in for HPN patch set ..." - sed -i \ - -e "/^LIBS=/ s/\$/ -lpthread/" \ - "${S}"/Makefile.in || die "Failed to patch Makefile.in" - - einfo "Patching version.h to expose HPN patch set ..." - sed -i \ - -e "/^#define SSH_PORTABLE/a #define SSH_HPN \"-hpn${HPN_VER//./v}\"" \ - "${S}"/version.h || die "Failed to sed-in HPN patch version" - PATCHSET_VERSION_MACROS+=( 'SSH_HPN' ) - - if [[ -n "${HPN_DISABLE_MTAES}" ]] ; then - # Before re-enabling, check https://bugs.gentoo.org/354113#c6 - # and be sure to have tested it. - einfo "Disabling known non-working MT AES cipher per default ..." - - cat > "${T}"/disable_mtaes.conf <<- EOF - - # HPN's Multi-Threaded AES CTR cipher is currently known to be broken - # and therefore disabled per default. - DisableMTAES yes - EOF - sed -i \ - -e "/^#HPNDisabled.*/r ${T}/disable_mtaes.conf" \ - "${S}"/sshd_config || die "Failed to disabled MT AES ciphers in sshd_config" - - sed -i \ - -e "/AcceptEnv.*_XXX_TEST$/a \\\tDisableMTAES\t\tyes" \ - "${S}"/regress/test-exec.sh || die "Failed to disable MT AES ciphers in test config" - fi - fi - - if use X509 || use sctp || use hpn ; then - einfo "Patching sshconnect.c to use SSH_RELEASE in send_client_banner() ..." - sed -i \ - -e "s/PROTOCOL_MAJOR_2, PROTOCOL_MINOR_2, SSH_VERSION/PROTOCOL_MAJOR_2, PROTOCOL_MINOR_2, SSH_RELEASE/" \ - "${S}"/sshconnect.c || die "Failed to patch send_client_banner() to use SSH_RELEASE (sshconnect.c)" - - einfo "Patching sshd.c to use SSH_RELEASE in sshd_exchange_identification() ..." - sed -i \ - -e "s/PROTOCOL_MAJOR_2, PROTOCOL_MINOR_2, SSH_VERSION/PROTOCOL_MAJOR_2, PROTOCOL_MINOR_2, SSH_RELEASE/" \ - "${S}"/sshd.c || die "Failed to patch sshd_exchange_identification() to use SSH_RELEASE (sshd.c)" - - einfo "Patching version.h to add our patch sets to SSH_RELEASE ..." - sed -i \ - -e "s/^#define SSH_RELEASE.*/#define SSH_RELEASE SSH_VERSION SSH_PORTABLE ${PATCHSET_VERSION_MACROS[*]}/" \ - "${S}"/version.h || die "Failed to patch SSH_RELEASE (version.h)" - fi - - eapply_user #473004 - - # These tests are currently incompatible with PORTAGE_TMPDIR/sandbox - sed -e '/\t\tpercent \\/ d' \ - -i regress/Makefile || die - - tc-export PKG_CONFIG - local sed_args=( - -e "s:-lcrypto:$(${PKG_CONFIG} --libs openssl):" - # Disable fortify flags ... our gcc does this for us - -e 's:-D_FORTIFY_SOURCE=2::' - ) - - # _XOPEN_SOURCE causes header conflicts on Solaris - [[ ${CHOST} == *-solaris* ]] && sed_args+=( - -e 's/-D_XOPEN_SOURCE//' - ) - sed -i "${sed_args[@]}" configure{.ac,} || die - - eautoreconf -} - -src_configure() { - addwrite /dev/ptmx - - use debug && append-cppflags -DSANDBOX_SECCOMP_FILTER_DEBUG - use static && append-ldflags -static - use xmss && append-cflags -DWITH_XMSS - - if [[ ${CHOST} == *-solaris* ]] ; then - # Solaris' glob.h doesn't have things like GLOB_TILDE, configure - # doesn't check for this, so force the replacement to be put in - # place - append-cppflags -DBROKEN_GLOB - fi - - # use replacement, RPF_ECHO_ON doesn't exist here - [[ ${CHOST} == *-darwin* ]] && export ac_cv_func_readpassphrase=no - - local myconf=( - --with-ldflags="${LDFLAGS}" - --disable-strip - --with-pid-dir="${EPREFIX}"$(usex kernel_linux '' '/var')/run - --sysconfdir="${EPREFIX}"/etc/ssh - --libexecdir="${EPREFIX}"/usr/$(get_libdir)/misc - --datadir="${EPREFIX}"/usr/share/openssh - --with-privsep-path="${EPREFIX}"/var/empty - --with-privsep-user=sshd - --with-hardening - $(use_with audit audit linux) - $(use_with kerberos kerberos5 "${EPREFIX}"/usr) - # We apply the sctp patch conditionally, so can't pass --without-sctp - # unconditionally else we get unknown flag warnings. - $(use sctp && use_with sctp) - $(use_with ldns) - $(use_with libedit) - $(use_with pam) - $(use_with pie) - $(use_with selinux) - $(usex X509 '' "$(use_with security-key security-key-builtin)") - $(use_with ssl openssl) - $(use_with ssl ssl-engine) - ) - - if use elibc_musl; then - # musl defines bogus values for UTMP_FILE and WTMP_FILE - # https://bugs.gentoo.org/753230 - myconf+=( --disable-utmp --disable-wtmp ) - fi - - # Workaround for Clang 15 miscompilation with -fzero-call-used-regs=all - # bug #869839 (https://github.com/llvm/llvm-project/issues/57692) - tc-is-clang && myconf+=( --without-hardening ) - - econf "${myconf[@]}" -} - -src_test() { - local tests=( compat-tests ) - local shell=$(egetshell "${UID}") - if [[ ${shell} == */nologin ]] || [[ ${shell} == */false ]] ; then - ewarn "Running the full OpenSSH testsuite requires a usable shell for the 'portage'" - ewarn "user, so we will run a subset only." - tests+=( interop-tests ) - else - tests+=( tests ) - fi - - local -x SUDO= SSH_SK_PROVIDER= TEST_SSH_UNSAFE_PERMISSIONS=1 - mkdir -p "${HOME}"/.ssh || die - emake -j1 "${tests[@]}" </dev/null -} - -# Gentoo tweaks to default config files. -tweak_ssh_configs() { - local locale_vars=( - # These are language variables that POSIX defines. - # http://pubs.opengroup.org/onlinepubs/9699919799/basedefs/V1_chap08.html#tag_08_02 - LANG LC_ALL LC_COLLATE LC_CTYPE LC_MESSAGES LC_MONETARY LC_NUMERIC LC_TIME - - # These are the GNU extensions. - # https://www.gnu.org/software/autoconf/manual/html_node/Special-Shell-Variables.html - LANGUAGE LC_ADDRESS LC_IDENTIFICATION LC_MEASUREMENT LC_NAME LC_PAPER LC_TELEPHONE - ) - - dodir /etc/ssh/ssh_config.d /etc/ssh/sshd_config.d - cat <<-EOF >> "${ED}"/etc/ssh/ssh_config || die - Include "${EPREFIX}/etc/ssh/ssh_config.d/*.conf" - EOF - cat <<-EOF >> "${ED}"/etc/ssh/sshd_config || die - Include "${EPREFIX}/etc/ssh/sshd_config.d/*.conf" - EOF - - cat <<-EOF >> "${ED}"/etc/ssh/ssh_config.d/9999999gentoo.conf || die - # Send locale environment variables (bug #367017) - SendEnv ${locale_vars[*]} - - # Send COLORTERM to match TERM (bug #658540) - SendEnv COLORTERM - EOF - - cat <<-EOF >> "${ED}"/etc/ssh/ssh_config.d/9999999gentoo-security.conf || die - RevokedHostKeys "${EPREFIX}/etc/ssh/ssh_revoked_hosts" - EOF - - cat <<-EOF >> "${ED}"/etc/ssh/ssh_revoked_hosts || die - # https://github.blog/2023-03-23-we-updated-our-rsa-ssh-host-key/ - ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGmdnm9tUDbO9IDSwBK6TbQa+PXYPCPy6rbTrTtw7PHkccKrpp0yVhp5HdEIcKr6pLlVDBfOLX9QUsyCOV0wzfjIJNlGEYsdlLJizHhbn2mUjvSAHQqZETYP81eFzLQNnPHt4EVVUh7VfDESU84KezmD5QlWpXLmvU31/yMf+Se8xhHTvKSCZIFImWwoG6mbUoWf9nzpIoaSjB+weqqUUmpaaasXVal72J+UX2B+2RPW3RcT0eOzQgqlJL3RKrTJvdsjE3JEAvGq3lGHSZXy28G3skua2SmVi/w4yCE6gbODqnTWlg7+wC604ydGXA8VJiS5ap43JXiUFFAaQ== - EOF - - cat <<-EOF >> "${ED}"/etc/ssh/sshd_config.d/9999999gentoo.conf || die - # Allow client to pass locale environment variables (bug #367017) - AcceptEnv ${locale_vars[*]} - - # Allow client to pass COLORTERM to match TERM (bug #658540) - AcceptEnv COLORTERM - EOF - - if use pam ; then - cat <<-EOF >> "${ED}"/etc/ssh/sshd_config.d/9999999gentoo-pam.conf || die - UsePAM yes - # This interferes with PAM. - PasswordAuthentication no - # PAM can do its own handling of MOTD. - PrintMotd no - PrintLastLog no - EOF - fi - - if use livecd ; then - cat <<-EOF >> "${ED}"/etc/ssh/sshd_config.d/9999999gentoo-livecd.conf || die - # Allow root login with password on livecds. - PermitRootLogin Yes - EOF - fi -} - -src_install() { - emake install-nokeys DESTDIR="${D}" - fperms 600 /etc/ssh/sshd_config - dobin contrib/ssh-copy-id - newinitd "${FILESDIR}"/sshd-r1.initd sshd - newconfd "${FILESDIR}"/sshd-r1.confd sshd - - if use pam; then - newpamd "${FILESDIR}"/sshd.pam_include.2 sshd - fi - - tweak_ssh_configs - - doman contrib/ssh-copy-id.1 - dodoc CREDITS OVERVIEW README* TODO sshd_config - use hpn && dodoc HPN-README - use X509 || dodoc ChangeLog - - diropts -m 0700 - dodir /etc/skel/.ssh - rmdir "${ED}"/var/empty || die - - systemd_dounit "${FILESDIR}"/sshd.socket - systemd_newunit "${FILESDIR}"/sshd.service.1 sshd.service - systemd_newunit "${FILESDIR}"/sshd_at.service.1 'sshd@.service' -} - -pkg_preinst() { - if ! use ssl && has_version "${CATEGORY}/${PN}[ssl]"; then - show_ssl_warning=1 - fi -} - -pkg_postinst() { - local old_ver - for old_ver in ${REPLACING_VERSIONS}; do - if ver_test "${old_ver}" -lt "5.8_p1"; then - elog "Starting with openssh-5.8p1, the server will default to a newer key" - elog "algorithm (ECDSA). You are encouraged to manually update your stored" - elog "keys list as servers update theirs. See ssh-keyscan(1) for more info." - fi - if ver_test "${old_ver}" -lt "7.0_p1"; then - elog "Starting with openssh-6.7, support for USE=tcpd has been dropped by upstream." - elog "Make sure to update any configs that you might have. Note that xinetd might" - elog "be an alternative for you as it supports USE=tcpd." - fi - if ver_test "${old_ver}" -lt "7.1_p1"; then #557388 #555518 - elog "Starting with openssh-7.0, support for ssh-dss keys were disabled due to their" - elog "weak sizes. If you rely on these key types, you can re-enable the key types by" - elog "adding to your sshd_config or ~/.ssh/config files:" - elog " PubkeyAcceptedKeyTypes=+ssh-dss" - elog "You should however generate new keys using rsa or ed25519." - - elog "Starting with openssh-7.0, the default for PermitRootLogin changed from 'yes'" - elog "to 'prohibit-password'. That means password auth for root users no longer works" - elog "out of the box. If you need this, please update your sshd_config explicitly." - fi - if ver_test "${old_ver}" -lt "7.6_p1"; then - elog "Starting with openssh-7.6p1, openssh upstream has removed ssh1 support entirely." - elog "Furthermore, rsa keys with less than 1024 bits will be refused." - fi - if ver_test "${old_ver}" -lt "7.7_p1"; then - elog "Starting with openssh-7.7p1, we no longer patch openssh to provide LDAP functionality." - elog "Install sys-auth/ssh-ldap-pubkey and use OpenSSH's \"AuthorizedKeysCommand\" option" - elog "if you need to authenticate against LDAP." - elog "See https://wiki.gentoo.org/wiki/SSH/LDAP_migration for more details." - fi - if ver_test "${old_ver}" -lt "8.2_p1"; then - ewarn "After upgrading to openssh-8.2p1 please restart sshd, otherwise you" - ewarn "will not be able to establish new sessions. Restarting sshd over a ssh" - ewarn "connection is generally safe." - fi - if ver_test "${old_ver}" -lt "9.2_p1-r1" && systemd_is_booted; then - ewarn "From openssh-9.2_p1-r1 the supplied systemd unit file defaults to" - ewarn "'Restart=on-failure', which causes the service to automatically restart if it" - ewarn "terminates with an unclean exit code or signal. This feature is useful for most users," - ewarn "but it can increase the vulnerability of the system in the event of a future exploit." - ewarn "If you have a web-facing setup or are concerned about security, it is recommended to" - ewarn "set 'Restart=no' in your sshd unit file." - fi - done - - if [[ -n ${show_ssl_warning} ]]; then - elog "Be aware that by disabling openssl support in openssh, the server and clients" - elog "no longer support dss/rsa/ecdsa keys. You will need to generate ed25519 keys" - elog "and update all clients/servers that utilize them." - fi - - if use hpn && [[ -n "${HPN_DISABLE_MTAES}" ]] ; then - elog "" - elog "HPN's multi-threaded AES CTR cipher is currently known to be broken" - elog "and therefore disabled at runtime per default." - elog "Make sure your sshd_config is up to date and contains" - elog "" - elog " DisableMTAES yes" - elog "" - elog "Otherwise you maybe unable to connect to this sshd using any AES CTR cipher." - elog "" - fi -} diff --git a/net-misc/openssh-contrib/openssh-contrib-9.3_p2.ebuild b/net-misc/openssh-contrib/openssh-contrib-9.3_p2.ebuild deleted file mode 100644 index e85108222e01..000000000000 --- a/net-misc/openssh-contrib/openssh-contrib-9.3_p2.ebuild +++ /dev/null @@ -1,507 +0,0 @@ -# Copyright 1999-2024 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -EAPI=8 - -inherit user-info flag-o-matic autotools pam systemd toolchain-funcs verify-sig - -# Make it more portable between straight releases -# and _p? releases. -MY_P=${P/-contrib/} -PARCH=${MY_P/_} - -# PV to USE for HPN patches -#HPN_PV="${PV^^}" -HPN_PV="8.5_P1" - -HPN_VER="15.2" -HPN_PATCHES=( - openssh-${HPN_PV/./_}-hpn-DynWinNoneSwitch-${HPN_VER}.diff - openssh-${HPN_PV/./_}-hpn-PeakTput-${HPN_VER}.diff -) -HPN_GLUE_PATCH="openssh-9.3_p2-hpn-${HPN_VER}-glue.patch" -HPN_PATCH_DIR="HPN-SSH%%20${HPN_VER/./v}%%20${HPN_PV/_P/p}" - -X509_VER="14.1.1" -X509_PATCH="${PARCH}+x509-${X509_VER}.diff.gz" -X509_PATCH="${X509_PATCH/p2/p1}" -X509_GLUE_PATCH="openssh-${PV}-X509-glue-${X509_VER}.patch" -X509_HPN_GLUE_PATCH="${MY_P}-hpn-${HPN_VER}-X509-${X509_VER}-glue.patch" - -DESCRIPTION="Port of OpenBSD's free SSH release with HPN/X509 patches" -HOMEPAGE="https://www.openssh.com/" -SRC_URI="mirror://openbsd/OpenSSH/portable/${PARCH}.tar.gz - ${HPN_VER:+hpn? ( - $(printf "mirror://sourceforge/project/hpnssh/Patches/${HPN_PATCH_DIR}/%s\n" "${HPN_PATCHES[@]}") - https://dev.gentoo.org/~chutzpah/dist/openssh/${HPN_GLUE_PATCH}.xz - )} - ${X509_VER:+X509? ( - https://roumenpetrov.info/openssh/x509-${X509_VER}/${X509_PATCH} - https://dev.gentoo.org/~chutzpah/dist/openssh/${X509_GLUE_PATCH}.xz - ${HPN_VER:+hpn? ( https://dev.gentoo.org/~chutzpah/dist/openssh/${X509_HPN_GLUE_PATCH}.xz )} - )} - verify-sig? ( mirror://openbsd/OpenSSH/portable/${PARCH}.tar.gz.asc ) -" -VERIFY_SIG_OPENPGP_KEY_PATH=/usr/share/openpgp-keys/openssh.org.asc -S="${WORKDIR}/${PARCH}" - -LICENSE="BSD GPL-2" -SLOT="0" -KEYWORDS="~amd64" -# Probably want to drop ssl defaulting to on in a future version. -IUSE="abi_mips_n32 audit debug hpn kerberos ldns libedit livecd pam +pie security-key selinux +ssl static test X X509 xmss" - -RESTRICT="!test? ( test )" - -REQUIRED_USE=" - hpn? ( ssl ) - ldns? ( ssl ) - pie? ( !static ) - static? ( !kerberos !pam ) - X509? ( ssl !xmss ) - xmss? ( ssl ) - test? ( ssl ) -" - -# tests currently fail with XMSS -REQUIRED_USE+="test? ( !xmss )" - -LIB_DEPEND=" - audit? ( sys-process/audit[static-libs(+)] ) - ldns? ( - net-libs/ldns[static-libs(+)] - net-libs/ldns[ecdsa(+),ssl(+)] - ) - libedit? ( dev-libs/libedit:=[static-libs(+)] ) - security-key? ( >=dev-libs/libfido2-1.5.0:=[static-libs(+)] ) - selinux? ( >=sys-libs/libselinux-1.28[static-libs(+)] ) - ssl? ( >=dev-libs/openssl-1.1.1l-r1:0=[static-libs(+)] ) - virtual/libcrypt:=[static-libs(+)] - >=sys-libs/zlib-1.2.3:=[static-libs(+)] -" -RDEPEND=" - !net-misc/openssh - acct-group/sshd - acct-user/sshd - !static? ( ${LIB_DEPEND//\[static-libs(+)]} ) - pam? ( sys-libs/pam ) - kerberos? ( virtual/krb5 ) -" -DEPEND="${RDEPEND} - virtual/os-headers - kernel_linux? ( !prefix-guest? ( >=sys-kernel/linux-headers-5.1 ) ) - static? ( ${LIB_DEPEND} ) -" -RDEPEND="${RDEPEND} - pam? ( >=sys-auth/pambase-20081028 ) - !prefix? ( sys-apps/shadow ) - X? ( x11-apps/xauth ) -" -# Weird dep construct for newer gcc-config for bug #872416 -BDEPEND=" - dev-build/autoconf - virtual/pkgconfig - || ( - >=sys-devel/gcc-config-2.6 - >=sys-devel/clang-toolchain-symlinks-14-r1:14 - >=sys-devel/clang-toolchain-symlinks-15-r1:15 - >=sys-devel/clang-toolchain-symlinks-16-r1:* - ) - verify-sig? ( sec-keys/openpgp-keys-openssh ) -" - -PATCHES=( - "${FILESDIR}/openssh-7.9_p1-include-stdlib.patch" - "${FILESDIR}/openssh-8.7_p1-GSSAPI-dns.patch" #165444 integrated into gsskex - "${FILESDIR}/openssh-6.7_p1-openssl-ignore-status.patch" - "${FILESDIR}/openssh-7.5_p1-disable-conch-interop-tests.patch" - "${FILESDIR}/openssh-8.0_p1-fix-putty-tests.patch" - "${FILESDIR}/openssh-9.3_p1-deny-shmget-shmat-shmdt-in-preauth-privsep-child.patch" - "${FILESDIR}/openssh-8.9_p1-allow-ppoll_time64.patch" #834019 - "${FILESDIR}/openssh-8.9_p1-gss-use-HOST_NAME_MAX.patch" #834044 - "${FILESDIR}/openssh-9.3_p1-openssl-version-compat-check.patch" - "${FILESDIR}/openssh-9.3_p2-zlib-1.3.patch" #912767 -) - -pkg_pretend() { - # this sucks, but i'd rather have people unable to `emerge -u openssh` - # than not be able to log in to their server any more - local missing=() - check_feature() { use "${1}" && [[ -z ${!2} ]] && missing+=( "${1}" ); } - check_feature hpn HPN_VER - check_feature X509 X509_PATCH - if [[ ${#missing[@]} -ne 0 ]] ; then - eerror "Sorry, but this version does not yet support features" - eerror "that you requested: ${missing[*]}" - eerror "Please mask ${PF} for now and check back later:" - eerror " # echo '=${CATEGORY}/${PF}' >> /etc/portage/package.mask" - die "Missing requested third party patch." - fi - - # Make sure people who are using tcp wrappers are notified of its removal. #531156 - if grep -qs '^ *sshd *:' "${EROOT}"/etc/hosts.{allow,deny} ; then - ewarn "Sorry, but openssh no longer supports tcp-wrappers, and it seems like" - ewarn "you're trying to use it. Update your ${EROOT}/etc/hosts.{allow,deny} please." - fi -} - -src_unpack() { - default - - # We don't have signatures for HPN, X509, so we have to write this ourselves - use verify-sig && verify-sig_verify_detached "${DISTDIR}"/${PARCH}.tar.gz{,.asc} -} - -src_prepare() { - sed -i \ - -e "/_PATH_XAUTH/s:/usr/X11R6/bin/xauth:${EPREFIX}/usr/bin/xauth:" \ - pathnames.h || die - - # don't break .ssh/authorized_keys2 for fun - sed -i '/^AuthorizedKeysFile/s:^:#:' sshd_config || die - - eapply -- "${PATCHES[@]}" - - [[ -d ${WORKDIR}/patches ]] && eapply "${WORKDIR}"/patches - - local PATCHSET_VERSION_MACROS=() - - if use X509 ; then - pushd "${WORKDIR}" &>/dev/null || die - eapply "${WORKDIR}/${X509_GLUE_PATCH}" - popd &>/dev/null || die - - eapply "${WORKDIR}"/${X509_PATCH%.*} - eapply "${FILESDIR}/openssh-9.0_p1-X509-uninitialized-delay.patch" - - # We need to patch package version or any X.509 sshd will reject our ssh client - # with "userauth_pubkey: could not parse key: string is too large [preauth]" - # error - einfo "Patching package version for X.509 patch set ..." - sed -i \ - -e "s/^AC_INIT(\[OpenSSH\], \[Portable\]/AC_INIT([OpenSSH], [${X509_VER}]/" \ - "${S}"/configure.ac || die "Failed to patch package version for X.509 patch" - - einfo "Patching version.h to expose X.509 patch set ..." - sed -i \ - -e "/^#define SSH_PORTABLE.*/a #define SSH_X509 \"-PKIXSSH-${X509_VER}\"" \ - "${S}"/version.h || die "Failed to sed-in X.509 patch version" - PATCHSET_VERSION_MACROS+=( 'SSH_X509' ) - fi - - if use hpn ; then - local hpn_patchdir="${T}/openssh-${PV}-hpn${HPN_VER}" - mkdir "${hpn_patchdir}" || die - cp $(printf -- "${DISTDIR}/%s\n" "${HPN_PATCHES[@]}") "${hpn_patchdir}" || die - pushd "${hpn_patchdir}" &>/dev/null || die - eapply "${WORKDIR}/${HPN_GLUE_PATCH}" - use X509 && eapply "${WORKDIR}/${X509_HPN_GLUE_PATCH}" - popd &>/dev/null || die - - eapply "${hpn_patchdir}" - - use X509 || eapply "${FILESDIR}/openssh-8.6_p1-hpn-version.patch" - - einfo "Patching Makefile.in for HPN patch set ..." - sed -i \ - -e "/^LIBS=/ s/\$/ -lpthread/" \ - "${S}"/Makefile.in || die "Failed to patch Makefile.in" - - einfo "Patching version.h to expose HPN patch set ..." - sed -i \ - -e "/^#define SSH_PORTABLE/a #define SSH_HPN \"-hpn${HPN_VER//./v}\"" \ - "${S}"/version.h || die "Failed to sed-in HPN patch version" - PATCHSET_VERSION_MACROS+=( 'SSH_HPN' ) - - if [[ -n "${HPN_DISABLE_MTAES}" ]] ; then - # Before re-enabling, check https://bugs.gentoo.org/354113#c6 - # and be sure to have tested it. - einfo "Disabling known non-working MT AES cipher per default ..." - - cat > "${T}"/disable_mtaes.conf <<- EOF - - # HPN's Multi-Threaded AES CTR cipher is currently known to be broken - # and therefore disabled per default. - DisableMTAES yes - EOF - sed -i \ - -e "/^#HPNDisabled.*/r ${T}/disable_mtaes.conf" \ - "${S}"/sshd_config || die "Failed to disabled MT AES ciphers in sshd_config" - - sed -i \ - -e "/AcceptEnv.*_XXX_TEST$/a \\\tDisableMTAES\t\tyes" \ - "${S}"/regress/test-exec.sh || die "Failed to disable MT AES ciphers in test config" - fi - fi - - if use X509 || use hpn ; then - einfo "Patching sshconnect.c to use SSH_RELEASE in send_client_banner() ..." - sed -i \ - -e "s/PROTOCOL_MAJOR_2, PROTOCOL_MINOR_2, SSH_VERSION/PROTOCOL_MAJOR_2, PROTOCOL_MINOR_2, SSH_RELEASE/" \ - "${S}"/sshconnect.c || die "Failed to patch send_client_banner() to use SSH_RELEASE (sshconnect.c)" - - einfo "Patching sshd.c to use SSH_RELEASE in sshd_exchange_identification() ..." - sed -i \ - -e "s/PROTOCOL_MAJOR_2, PROTOCOL_MINOR_2, SSH_VERSION/PROTOCOL_MAJOR_2, PROTOCOL_MINOR_2, SSH_RELEASE/" \ - "${S}"/sshd.c || die "Failed to patch sshd_exchange_identification() to use SSH_RELEASE (sshd.c)" - - einfo "Patching version.h to add our patch sets to SSH_RELEASE ..." - sed -i \ - -e "s/^#define SSH_RELEASE.*/#define SSH_RELEASE SSH_VERSION SSH_PORTABLE ${PATCHSET_VERSION_MACROS[*]}/" \ - "${S}"/version.h || die "Failed to patch SSH_RELEASE (version.h)" - fi - - eapply_user #473004 - - # These tests are currently incompatible with PORTAGE_TMPDIR/sandbox - sed -e '/\t\tpercent \\/ d' \ - -i regress/Makefile || die - - tc-export PKG_CONFIG - local sed_args=( - -e "s:-lcrypto:$(${PKG_CONFIG} --libs openssl):" - # Disable fortify flags ... our gcc does this for us - -e 's:-D_FORTIFY_SOURCE=2::' - ) - - # _XOPEN_SOURCE causes header conflicts on Solaris - [[ ${CHOST} == *-solaris* ]] && sed_args+=( - -e 's/-D_XOPEN_SOURCE//' - ) - sed -i "${sed_args[@]}" configure{.ac,} || die - - eautoreconf -} - -src_configure() { - addwrite /dev/ptmx - - use debug && append-cppflags -DSANDBOX_SECCOMP_FILTER_DEBUG - use static && append-ldflags -static - use xmss && append-cflags -DWITH_XMSS - - if [[ ${CHOST} == *-solaris* ]] ; then - # Solaris' glob.h doesn't have things like GLOB_TILDE, configure - # doesn't check for this, so force the replacement to be put in - # place - append-cppflags -DBROKEN_GLOB - fi - - # use replacement, RPF_ECHO_ON doesn't exist here - [[ ${CHOST} == *-darwin* ]] && export ac_cv_func_readpassphrase=no - - local myconf=( - --with-ldflags="${LDFLAGS}" - --disable-strip - --with-pid-dir="${EPREFIX}"$(usex kernel_linux '' '/var')/run - --sysconfdir="${EPREFIX}"/etc/ssh - --libexecdir="${EPREFIX}"/usr/$(get_libdir)/misc - --datadir="${EPREFIX}"/usr/share/openssh - --with-privsep-path="${EPREFIX}"/var/empty - --with-privsep-user=sshd - --with-hardening - $(use_with audit audit linux) - $(use_with kerberos kerberos5 "${EPREFIX}"/usr) - $(use_with ldns) - $(use_with libedit) - $(use_with pam) - $(use_with pie) - $(use_with selinux) - $(usex X509 '' "$(use_with security-key security-key-builtin)") - $(use_with ssl openssl) - $(use_with ssl ssl-engine) - ) - - if use elibc_musl; then - # musl defines bogus values for UTMP_FILE and WTMP_FILE - # https://bugs.gentoo.org/753230 - myconf+=( --disable-utmp --disable-wtmp ) - fi - - # Workaround for Clang 15 miscompilation with -fzero-call-used-regs=all - # bug #869839 (https://github.com/llvm/llvm-project/issues/57692) - tc-is-clang && myconf+=( --without-hardening ) - - econf "${myconf[@]}" -} - -src_test() { - local tests=( compat-tests ) - local shell=$(egetshell "${UID}") - if [[ ${shell} == */nologin ]] || [[ ${shell} == */false ]] ; then - ewarn "Running the full OpenSSH testsuite requires a usable shell for the 'portage'" - ewarn "user, so we will run a subset only." - tests+=( interop-tests ) - else - tests+=( tests ) - fi - - local -x SUDO= SSH_SK_PROVIDER= TEST_SSH_UNSAFE_PERMISSIONS=1 - mkdir -p "${HOME}"/.ssh || die - emake -j1 "${tests[@]}" </dev/null -} - -# Gentoo tweaks to default config files. -tweak_ssh_configs() { - local locale_vars=( - # These are language variables that POSIX defines. - # http://pubs.opengroup.org/onlinepubs/9699919799/basedefs/V1_chap08.html#tag_08_02 - LANG LC_ALL LC_COLLATE LC_CTYPE LC_MESSAGES LC_MONETARY LC_NUMERIC LC_TIME - - # These are the GNU extensions. - # https://www.gnu.org/software/autoconf/manual/html_node/Special-Shell-Variables.html - LANGUAGE LC_ADDRESS LC_IDENTIFICATION LC_MEASUREMENT LC_NAME LC_PAPER LC_TELEPHONE - ) - - dodir /etc/ssh/ssh_config.d /etc/ssh/sshd_config.d - cat <<-EOF >> "${ED}"/etc/ssh/ssh_config || die - Include "${EPREFIX}/etc/ssh/ssh_config.d/*.conf" - EOF - cat <<-EOF >> "${ED}"/etc/ssh/sshd_config || die - Include "${EPREFIX}/etc/ssh/sshd_config.d/*.conf" - EOF - - cat <<-EOF >> "${ED}"/etc/ssh/ssh_config.d/9999999gentoo.conf || die - # Send locale environment variables (bug #367017) - SendEnv ${locale_vars[*]} - - # Send COLORTERM to match TERM (bug #658540) - SendEnv COLORTERM - EOF - - cat <<-EOF >> "${ED}"/etc/ssh/ssh_config.d/9999999gentoo-security.conf || die - RevokedHostKeys "${EPREFIX}/etc/ssh/ssh_revoked_hosts" - EOF - - cat <<-EOF >> "${ED}"/etc/ssh/ssh_revoked_hosts || die - # https://github.blog/2023-03-23-we-updated-our-rsa-ssh-host-key/ - ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGmdnm9tUDbO9IDSwBK6TbQa+PXYPCPy6rbTrTtw7PHkccKrpp0yVhp5HdEIcKr6pLlVDBfOLX9QUsyCOV0wzfjIJNlGEYsdlLJizHhbn2mUjvSAHQqZETYP81eFzLQNnPHt4EVVUh7VfDESU84KezmD5QlWpXLmvU31/yMf+Se8xhHTvKSCZIFImWwoG6mbUoWf9nzpIoaSjB+weqqUUmpaaasXVal72J+UX2B+2RPW3RcT0eOzQgqlJL3RKrTJvdsjE3JEAvGq3lGHSZXy28G3skua2SmVi/w4yCE6gbODqnTWlg7+wC604ydGXA8VJiS5ap43JXiUFFAaQ== - EOF - - cat <<-EOF >> "${ED}"/etc/ssh/sshd_config.d/9999999gentoo.conf || die - # Allow client to pass locale environment variables (bug #367017) - AcceptEnv ${locale_vars[*]} - - # Allow client to pass COLORTERM to match TERM (bug #658540) - AcceptEnv COLORTERM - EOF - - if use pam ; then - cat <<-EOF >> "${ED}"/etc/ssh/sshd_config.d/9999999gentoo-pam.conf || die - UsePAM yes - # This interferes with PAM. - PasswordAuthentication no - # PAM can do its own handling of MOTD. - PrintMotd no - PrintLastLog no - EOF - fi - - if use livecd ; then - cat <<-EOF >> "${ED}"/etc/ssh/sshd_config.d/9999999gentoo-livecd.conf || die - # Allow root login with password on livecds. - PermitRootLogin Yes - EOF - fi -} - -src_install() { - emake install-nokeys DESTDIR="${D}" - fperms 600 /etc/ssh/sshd_config - dobin contrib/ssh-copy-id - newinitd "${FILESDIR}"/sshd-r1.initd sshd - newconfd "${FILESDIR}"/sshd-r1.confd sshd - - if use pam; then - newpamd "${FILESDIR}"/sshd.pam_include.2 sshd - fi - - tweak_ssh_configs - - doman contrib/ssh-copy-id.1 - dodoc CREDITS OVERVIEW README* TODO sshd_config - use hpn && dodoc HPN-README - use X509 || dodoc ChangeLog - - diropts -m 0700 - dodir /etc/skel/.ssh - rmdir "${ED}"/var/empty || die - - systemd_dounit "${FILESDIR}"/sshd.socket - systemd_newunit "${FILESDIR}"/sshd.service.1 sshd.service - systemd_newunit "${FILESDIR}"/sshd_at.service.1 'sshd@.service' -} - -pkg_preinst() { - if ! use ssl && has_version "${CATEGORY}/${PN}[ssl]"; then - show_ssl_warning=1 - fi -} - -pkg_postinst() { - local old_ver - for old_ver in ${REPLACING_VERSIONS}; do - if ver_test "${old_ver}" -lt "5.8_p1"; then - elog "Starting with openssh-5.8p1, the server will default to a newer key" - elog "algorithm (ECDSA). You are encouraged to manually update your stored" - elog "keys list as servers update theirs. See ssh-keyscan(1) for more info." - fi - if ver_test "${old_ver}" -lt "7.0_p1"; then - elog "Starting with openssh-6.7, support for USE=tcpd has been dropped by upstream." - elog "Make sure to update any configs that you might have. Note that xinetd might" - elog "be an alternative for you as it supports USE=tcpd." - fi - if ver_test "${old_ver}" -lt "7.1_p1"; then #557388 #555518 - elog "Starting with openssh-7.0, support for ssh-dss keys were disabled due to their" - elog "weak sizes. If you rely on these key types, you can re-enable the key types by" - elog "adding to your sshd_config or ~/.ssh/config files:" - elog " PubkeyAcceptedKeyTypes=+ssh-dss" - elog "You should however generate new keys using rsa or ed25519." - - elog "Starting with openssh-7.0, the default for PermitRootLogin changed from 'yes'" - elog "to 'prohibit-password'. That means password auth for root users no longer works" - elog "out of the box. If you need this, please update your sshd_config explicitly." - fi - if ver_test "${old_ver}" -lt "7.6_p1"; then - elog "Starting with openssh-7.6p1, openssh upstream has removed ssh1 support entirely." - elog "Furthermore, rsa keys with less than 1024 bits will be refused." - fi - if ver_test "${old_ver}" -lt "7.7_p1"; then - elog "Starting with openssh-7.7p1, we no longer patch openssh to provide LDAP functionality." - elog "Install sys-auth/ssh-ldap-pubkey and use OpenSSH's \"AuthorizedKeysCommand\" option" - elog "if you need to authenticate against LDAP." - elog "See https://wiki.gentoo.org/wiki/SSH/LDAP_migration for more details." - fi - if ver_test "${old_ver}" -lt "8.2_p1"; then - ewarn "After upgrading to openssh-8.2p1 please restart sshd, otherwise you" - ewarn "will not be able to establish new sessions. Restarting sshd over a ssh" - ewarn "connection is generally safe." - fi - if ver_test "${old_ver}" -lt "9.2_p1-r1" && systemd_is_booted; then - ewarn "From openssh-9.2_p1-r1 the supplied systemd unit file defaults to" - ewarn "'Restart=on-failure', which causes the service to automatically restart if it" - ewarn "terminates with an unclean exit code or signal. This feature is useful for most users," - ewarn "but it can increase the vulnerability of the system in the event of a future exploit." - ewarn "If you have a web-facing setup or are concerned about security, it is recommended to" - ewarn "set 'Restart=no' in your sshd unit file." - fi - done - - if [[ -n ${show_ssl_warning} ]]; then - elog "Be aware that by disabling openssl support in openssh, the server and clients" - elog "no longer support dss/rsa/ecdsa keys. You will need to generate ed25519 keys" - elog "and update all clients/servers that utilize them." - fi - - if use hpn && [[ -n "${HPN_DISABLE_MTAES}" ]] ; then - elog "" - elog "HPN's multi-threaded AES CTR cipher is currently known to be broken" - elog "and therefore disabled at runtime per default." - elog "Make sure your sshd_config is up to date and contains" - elog "" - elog " DisableMTAES yes" - elog "" - elog "Otherwise you maybe unable to connect to this sshd using any AES CTR cipher." - elog "" - fi -} diff --git a/net-misc/openssh-contrib/openssh-contrib-9.4_p1-r1.ebuild b/net-misc/openssh-contrib/openssh-contrib-9.6_p1.ebuild index 80175aaaaf80..4f323c2a427c 100644 --- a/net-misc/openssh-contrib/openssh-contrib-9.4_p1-r1.ebuild +++ b/net-misc/openssh-contrib/openssh-contrib-9.6_p1.ebuild @@ -19,10 +19,10 @@ HPN_PATCHES=( openssh-${HPN_PV/./_}-hpn-DynWinNoneSwitch-${HPN_VER}.diff openssh-${HPN_PV/./_}-hpn-PeakTput-${HPN_VER}.diff ) -HPN_GLUE_PATCH="openssh-9.3_p2-hpn-${HPN_VER}-glue.patch" +HPN_GLUE_PATCH="openssh-9.6_p1-hpn-${HPN_VER}-glue.patch" HPN_PATCH_DIR="HPN-SSH%%20${HPN_VER/./v}%%20${HPN_PV/_P/p}" -X509_VER="14.2.1" +X509_VER="14.4.2" X509_PATCH="${PARCH}+x509-${X509_VER}.diff.gz" X509_PATCH="${X509_PATCH/p2/p1}" X509_GLUE_PATCH="openssh-${PV}-X509-glue-${X509_VER}.patch" @@ -104,9 +104,8 @@ BDEPEND=" virtual/pkgconfig || ( >=sys-devel/gcc-config-2.6 - >=sys-devel/clang-toolchain-symlinks-14-r1:14 - >=sys-devel/clang-toolchain-symlinks-15-r1:15 >=sys-devel/clang-toolchain-symlinks-16-r1:* + >=sys-devel/clang-toolchain-symlinks-15-r1:15 ) verify-sig? ( sec-keys/openpgp-keys-openssh ) " @@ -119,7 +118,6 @@ PATCHES=( "${FILESDIR}/openssh-8.0_p1-fix-putty-tests.patch" "${FILESDIR}/openssh-9.3_p1-deny-shmget-shmat-shmdt-in-preauth-privsep-child.patch" "${FILESDIR}/openssh-8.9_p1-allow-ppoll_time64.patch" #834019 - "${FILESDIR}/openssh-9.3_p2-zlib-1.3.patch" #912767 ) pkg_pretend() { @@ -199,7 +197,7 @@ src_prepare() { eapply "${hpn_patchdir}" - use X509 || eapply "${FILESDIR}/openssh-8.6_p1-hpn-version.patch" + use X509 || eapply "${FILESDIR}/openssh-9.6_p1-hpn-version.patch" einfo "Patching Makefile.in for HPN patch set ..." sed -i \ |