diff options
author | V3n3RiX <venerix@redcorelinux.org> | 2020-02-05 18:44:56 +0000 |
---|---|---|
committer | V3n3RiX <venerix@redcorelinux.org> | 2020-02-05 18:44:56 +0000 |
commit | 29aabba0ea759c6a2864ff5631735b67ee38e5e0 (patch) | |
tree | ab466b4dfa7abecb401b2f8039d08af4689306bb /net-misc/openssh | |
parent | d42200bec37eef2a7478d88988ff00addd0a9202 (diff) |
gentoo resync : 05.02.2020
Diffstat (limited to 'net-misc/openssh')
-rw-r--r-- | net-misc/openssh/Manifest | 18 | ||||
-rw-r--r-- | net-misc/openssh/files/openssh-8.0_p1-hpn-14.20-X509-glue.patch | 111 | ||||
-rw-r--r-- | net-misc/openssh/files/openssh-8.1_p1-hpn-14.20-glue.patch | 105 | ||||
-rw-r--r-- | net-misc/openssh/files/openssh-8.1_p1-hpn-14.20-sctp-glue.patch | 19 | ||||
-rw-r--r-- | net-misc/openssh/files/openssh-8.1_p1-tests-2020.patch | 26 | ||||
-rw-r--r-- | net-misc/openssh/openssh-7.5_p1-r4.ebuild | 2 | ||||
-rw-r--r-- | net-misc/openssh/openssh-7.7_p1-r9.ebuild | 2 | ||||
-rw-r--r-- | net-misc/openssh/openssh-7.9_p1-r4.ebuild | 2 | ||||
-rw-r--r-- | net-misc/openssh/openssh-8.0_p1-r4.ebuild | 14 | ||||
-rw-r--r-- | net-misc/openssh/openssh-8.1_p1-r2.ebuild (renamed from net-misc/openssh/openssh-8.1_p1-r1.ebuild) | 90 |
10 files changed, 330 insertions, 59 deletions
diff --git a/net-misc/openssh/Manifest b/net-misc/openssh/Manifest index 240d82c54116..d2924d77238a 100644 --- a/net-misc/openssh/Manifest +++ b/net-misc/openssh/Manifest @@ -25,6 +25,7 @@ AUX openssh-8.0_p1-deny-shmget-shmat-shmdt-in-preauth-privsep-child.patch 977 BL AUX openssh-8.0_p1-fix-an-unreachable-integer-overflow-similar-to-the-XMSS-case.patch 2696 BLAKE2B 86bac20233102c5beefb3a79e2da8c5421d47d1c175e9e602f14c127e1bf7ec67e193620461ebd7a835bae556dbf9db904c3f63bbd3283a04dac444f34a3eab8 SHA512 f951cdc664088a124754fe963bb6abc659264183a3c773d61243bb12ca87f7554422d9acabb86c6390fe0e088fee60cc3129ad85e336ebf84f5c126d61d1fa3f AUX openssh-8.0_p1-fix-integer-overflow-in-XMSS-private-key-parsing.patch 506 BLAKE2B d4e88cc9553c6e2708447edd3ceeeea4f6c967893f34cad6c5fc980ee46895b64b58c5b8d271b7363e7144d34e05fd1e9519e01a9bb05d7c2cc5a9613b2b096c SHA512 cae5a9f5c46a2c70be4284bc050b69dab347181397a9e34c0c2ee5a470992070a2b8359ade42ce6840b5ff6311d3b0026bf6d548e944662c481a74456737a095 AUX openssh-8.0_p1-fix-putty-tests.patch 1760 BLAKE2B a1127e8f2275c1e23c956b5041dbc84dbdb2cd6b788fc69bfc1f6b030afe86a827483602ce76577b4101ee2e790b1cfa8c1d2db09da59b89fe7df8083bf4695f SHA512 f544d818bdde628131f1819bf2ffb4007802ee5bf12c5cd5bd398efe0f0f430ed6b3efa7969cb2c4fa49a2bbd773d8fa09f4c927cf998a564b7611443437c310 +AUX openssh-8.0_p1-hpn-14.20-X509-glue.patch 4063 BLAKE2B 30a9b4df889a2ae46b7b0a4f5ab963b9258ed918756e4b05f465af2664b5ec9d149ab496b05ee2a221ffc28c84ce26ff6c3e0bb8da4c59338616c992e1412fb0 SHA512 ed2102af78a4f10dc7ae56edeb3dd94690ba4df5803ec7d68fff76226f54eca5c023d6d87735ed7f33131a0fd0c382a5503d767e91e812bfc1f5f590cf213f34 AUX openssh-8.0_p1-hpn-X509-glue.patch 3814 BLAKE2B 9a0071d13bb602f9b0660dd74d0ae59611a0d8b8c13fab7def2ea840d1ea42bb4c0999ef44e86db2e8246c6e803797a70f9b18016da491598991052854659c03 SHA512 a986c012aa58a4764d3c4c4a5bf5d1e69edb156adf18d7e9ccae0508879da8b3e92a884d6dcfa80ec5b02d41e7784d8eb500128925ae5cee0ca948cf6bf50ba2 AUX openssh-8.0_p1-hpn-glue.patch 7029 BLAKE2B cf6fb2c59b768aecf846f0d037ae6d48f750e742f93cdd00a62caf04dfafd993e05921f5d227014e9437d3cdfff4e1b9baa832997904bf398ba06e8f874f7ceb SHA512 63eb0b12763ab53946a9f6b9db44c428d9da8b781a6e1d3f5c4b0edfca85d986cf932461205cee84f9a9db7725c9e05eb1d366b357c787a95c561bdc6514d3d7 AUX openssh-8.0_p1-hpn-version.patch 590 BLAKE2B 1ff20ab17e7e1a20f7a96ded56ff7c059fd509d7773d9abaeac83743102385d9713284c630dc932d40672a9bfc8a894b57c6b073e93a7b024de7490ea54a589c SHA512 37250881f17a44e4a4b0ac164d06961e0731528847d5cbbb263e3f9a286a192c8dae92250b85db3f2e1f280a464c7b3bfc8a7c9e85552375c013e16a6fcf28ed @@ -32,7 +33,10 @@ AUX openssh-8.0_p1-tests.patch 1493 BLAKE2B 2e28d9f27d6d9f7e1716cf5f85bbb92af96f AUX openssh-8.1_p1-GSSAPI-dns.patch 11639 BLAKE2B 2bc9e618c0acbf6b85496a33055894471235d01f20b76c9b75302dce58c7d6033984c8471789d2f8095d6231f5f271a4eb2f6099936b1631ec261464bc7a3ada SHA512 722a769da482876f0629e110109f02065e47848ff79395e9e64de39ae066d8c5a207f849c59d95b72e70b874f4bedf4e52a2f7ad1752d9c84b99ccdbfa19c73d AUX openssh-8.1_p1-X509-12.3-tests.patch 405 BLAKE2B 1a1c29fea98c4ce277c943709576b5130a573e9786a33c957229d74d0e572ca6e5d0dce68b5b515b5c3f44862f1f4dafe2dad1cd3d3710ca415137f8a4013b86 SHA512 0e80b79d3aa8b7e89cf250b31e6bbc2471990b9a2c0ab8b54e6af4c3de77adff3dc6db83f4f14524f830455b5ce4d586f630d33b4ac4b134d1028e325ab351b3 AUX openssh-8.1_p1-X509-glue-12.3.patch 1613 BLAKE2B aef1de72da18a2af0fae1793eed5baa1be2af9f26a522e6772f43f1053d263f154db76cf0ebe3ddebbfd9798ffb334100ce5eb3894ad3095b1cd48d1ef5b9839 SHA512 e533175bcabd1ddbb50c6cc605cba0190d2cde24149d5451a807cdc05847fa95a2b72188bc23866876e8ec88073df8039e0e85e703560e90f53a92df6f616572 +AUX openssh-8.1_p1-hpn-14.20-glue.patch 3534 BLAKE2B 13206d78b0e344d4d90aad3f9aa4396cbe270f1004108f52e1b23fc4b106e01f94bdc6e198a42c0bfc9d885408caea890e72f2bd58df893f94dea4452ab11c00 SHA512 ab589f6d9eada3313b87e8e35aa4e3946cd057412336914c90f6266dafb997062f7b8be4ac475e66a8df896f9fb3004f0df6a4f69dc85c468bcb1f4778326f96 +AUX openssh-8.1_p1-hpn-14.20-sctp-glue.patch 737 BLAKE2B b8f93cb197206eb4315c66350ce3e943cd5f1280b5294099320cbc4a611de2a23f5a5c04ed71a394e1bd23a0928df50d754f549d652e53389ceadda2ac9f1636 SHA512 96fa9a317d9cc0a77bf5a8d82d8fa0498fff04309bc4ae546b34939580c4ed945d075f26d8ea16e787d7bf631ea5067543f380ab08167993d713ec1591a346b9 AUX openssh-8.1_p1-hpn-glue.patch 7830 BLAKE2B 81c239f57d252b3a9bb1c7aed56ac67196ad11a316163db0cf6d4c75d73db1cbae038707ec788c5101f40ebf455257fa2cd1b9d7facab1081b5b856317543dd7 SHA512 2cf4e5da60e30932619c6915295b1659f53db3e784e87fcbbd25b8d167df8e29a1712235413bb2d485956494111aa682d086f9b5a36c3f55a286d40599df8b8c +AUX openssh-8.1_p1-tests-2020.patch 1332 BLAKE2B a400f6859a5d096729c9cb6047dce8612da7fe5f8d06cc891cfb6a4c88b568be3dfc7872d5be78ef349798f501828e1505bbd5ebd49d548dbbdc6bbf987dc843 SHA512 8f4c535d3ab15e4c761f6f5d4efe762ec2bc9b5de49ee369ce9186fe40095d2065418249c89161a8ef53e893079264fd9c95b73cd74937b08fa9f563a4f00290 AUX sshd-r1.confd 774 BLAKE2B df3f3f28cb4d35b49851399b52408c42e242ae3168ff3fc79add211903567da370cfe86a267932ca9cf13c3afbc38a8f1b53e753a31670ee61bf8ba8747832f8 SHA512 3a69752592126024319a95f1c1747af508fd639c86eca472106c5d6c23d5eeaa441ca74740d4b1aafaa0db759d38879e3c1cee742b08d6166ebc58cddac1e2fe AUX sshd-r1.initd 2675 BLAKE2B 47e87cec2d15b90aae362ce0c8e8ba08dada9ebc244e28be1fe67d24deb00675d3d9b8fef40def8a9224a3e2d15ab717574a3d837e099133c1cf013079588b55 SHA512 257d6437162b76c4a3a648ecc5d4739ca7eaa60b192fde91422c6c05d0de6adfa9635adc24d57dc3da6beb92b1b354ffe8fddad3db453efb610195d5509a4e27 AUX sshd.confd 396 BLAKE2B 2fc146e83512d729e120cfe331441e8fe27eba804906cc0c463b938ddaf052e7392efbcda6699467afde22652c599e7d55b0ce18a344137263cd78647fea255f SHA512 b9ae816af54a55e134a9307e376f05367b815f1b3fd545c2a2c312d18aedcf907f413e8bad8db980cdd9aad4011a72a79e1e94594f69500939a9cb46287f2f81 @@ -60,13 +64,17 @@ DIST openssh-7_8_P1-hpn-DynWinNoneSwitch-14.16.diff 43356 BLAKE2B 776fa140d64a16 DIST openssh-8.0p1+x509-12.1-gentoo.diff.gz 680853 BLAKE2B b24ee61d6328bf2de8384d6ecbfc5ae0be4719a3c7a2d714be3a144d327bba5038e7e36ffcc313af2a8a94960ce1f56387654d2d21920af51826af61957aa4cc SHA512 178728139473b277fe50a03f37be50b3f8e539cea8f5937ddfe710082944e799d845cdb5994f585c13564c4a89b80ccf75e87753102aebacdb4c590f0b8a1482 DIST openssh-8.0p1-sctp-1.2.patch.xz 7348 BLAKE2B bc3d3815f1ef5dbab605b93182a00c2fec258f49d56684defb6564d2b60886429c615a7ab076cc071a590f9df0908b1862ceb0961b7e6f6d1090237fec9035d3 SHA512 2f9f774286db75d0240e6fb01655a8a193fb2a5dc4596ad68ed22d64f97c9c46dad61a06478f2e972fd37cbad4d9aca5829bb91097cc56638601ff94a972b24f DIST openssh-8.0p1.tar.gz 1597697 BLAKE2B 5ba79872eabb3b3964d95a8cdd690bfe0323f018d7f944d4e1acb52576c9f6d7a1ddac15e88dc42eac6ecbfabfad1c228e303a2262588769e307c38107a4cd54 SHA512 e280fa2d56f550efd37c5d2477670326261aa8b94d991f9eb17aad90e0c6c9c939efa90fe87d33260d0f709485cb05c379f0fd1bd44fc0d5190298b6398c9982 +DIST openssh-8.1_p1-glibc-2.31-patches.tar.xz 1752 BLAKE2B ccab53069c0058be7ba787281f5a1775d169a9dcda6f78742eb8cb3cce4ebe3a4c506c75a8ac142700669cf04b7475e35f6a06a4499d3d076e4e88e4fc59f3e6 SHA512 270d532fc7f4ec10c5ee56677f8280dec47a96e73f8032713b212cfad64a58ef142a7f49b7981dca80cbf0dd99753ef7a93b6af164cad9492fa224d546c27f14 DIST openssh-8.1p1+x509-12.3.diff.gz 689934 BLAKE2B 57a302a25bec1d630b9c36f74ab490e11c97f9bcbaf8f527e46ae7fd5bade19feb3d8853079870b5c08b70a55e289cf4bf7981c11983973fa588841aeb21e650 SHA512 8d7c321423940f5a78a51a25ad5373f5db17a4a8ca7e85041e503998e0823ad22068bc652e907e9f5787858d45ce438a4bba18240fa72e088eb10b903e96b192 DIST openssh-8.1p1-sctp-1.2.patch.xz 7672 BLAKE2B f1aa0713fcb114d8774bd8d524d106401a9d7c2c73a05fbde200ccbdd2562b3636ddd2d0bc3eae9f04b4d7c729c3dafd814ae8c530a76c4a0190fae71d1edcd2 SHA512 2bffab0bbae5a4c1875e0cc229bfd83d8565bd831309158cd489d8b877556c69b936243888a181bd9ff302e19f2c174156781574294d260b6384c464d003d566 DIST openssh-8.1p1.tar.gz 1625894 BLAKE2B d525be921a6f49420a58df5ac434d43a0c85e0f6bf8428ecebf04117c50f473185933e6e4485e506ac614f71887a513b9962d7b47969ba785da8e3a38f767322 SHA512 b987ea4ffd4ab0c94110723860273b06ed8ffb4d21cbd99ca144a4722dc55f4bf86f6253d500386b6bee7af50f066e2aa2dd095d50746509a10e11221d39d925 +DIST openssh-8_1_P1-hpn-AES-CTR-14.20.diff 29935 BLAKE2B 79101c43601e41306c957481c0680a63357d93bededdf12a32229d50acd9c1f46a386cbb91282e9e7d7bb26a9f276f5a675fd2de7662b7cbd073322b172d3bca SHA512 94f011b7e654630e968a378375aa54fa1fde087b4426d0f2225813262e6667a1073814d6a83e9005f97b371c536e462e614bfe726b092ffed8229791592ca221 +DIST openssh-8_1_P1-hpn-DynWinNoneSwitch-14.20.diff 42696 BLAKE2B d8ac7fa1a4e4d1877acdedeaee80172da469b5a62d0aaa43d6ed46c578e7893577b9d563835d89ca2044867fc561ad3f562bf504c025cf4c78421cf3d24397e9 SHA512 768db7cca8839df4441afcb08457d13d32625b31859da527c3d7f1a92d17a4ec81d6987db00879c394bbe59589e57b10bfd98899a167ffed65ab367b1fd08739 +DIST openssh-8_1_P1-hpn-PeakTput-14.20.diff 2012 BLAKE2B e42c43128f1d82b4de1517e6a9219947da03cecb607f1bc45f0728547f17601a6ce2ec819b6434890efd19ceaf4d20cb98183596ab5ee79e104a52cda7db9cdc SHA512 238f9419efd3be80bd700f6ae7e210e522d747c363c4e670364f5191f144ae3aa8d1b1539c0bf87b3de36743aa73e8101c53c0ef1c6472d209569be389e7814d DIST openssh-lpk-7.5p1-0.3.14.patch.xz 17040 BLAKE2B 5b2204316dd244bb8dd11db50d5bc3a194e2cc4b64964a2d3df68bbe54c53588f15fc5176dbc3811e929573fa3e41cf91f412aa2513bb9a4b6ed02c2523c1e24 SHA512 9ce5d7e5d831c972f0f866b686bf93a048a03979ab38627973f5491eeeaa45f9faab0520b3a7ed90a13a67213fdc9cd4cf11e423acad441ea91b71037c8b435b -EBUILD openssh-7.5_p1-r4.ebuild 11164 BLAKE2B d22a97f92b786ef366c84a631d7c7d99472e0897dabd42ca5125b011b2039baacecabb86747a78c4ce80cea5e19403ba94167ff08104990cf70b2625ffa1ea41 SHA512 274ebe0cf4d6e3b73ad4f62852d862bebff271175086857dacad252093924a7400b969f35fccc4d07ac90de6597e19a112f79f7216371be70bf5f76021109af8 -EBUILD openssh-7.7_p1-r9.ebuild 15919 BLAKE2B be6c6ac296d5332805d9a90c72a23598d17ca02212f2309bbb9dbff5c0374a6ef1c7d346fdd365afc0b0b853c5744c98f2db0d66347313a173aad4942abefc23 SHA512 36357ad30be27388decd08db6ae580984363b4c98c53cb634e5164b2924887cac4d19ea941f686b2290f8ff93db8c4f506fb2f76b24a1790364677ef851f6ce3 -EBUILD openssh-7.9_p1-r4.ebuild 16293 BLAKE2B 1f96b90873bed0b45da2ba26c3b1b9fb170598e6f6bc3090b8edfc7274185291f7e351a0e945e1a04ccb4e2c8fde18ba50f7bf7cd145a98721092a7608991875 SHA512 ee4fc5f36febc96c188d30d2d46b6d14c3d80178c2801802160ffbbce2d019ba6e26f26ae41e752748dc6999e676a4b2dae9e27ab7a42500c3c386f578bc24e7 -EBUILD openssh-8.0_p1-r4.ebuild 16661 BLAKE2B 7b58c80723df0c0c8c7b2a0724b6cb7549211cd618b54bba53e769af0f29c4c887e454a29e06a9e95b30ccc23156e9cfbfc63801df3a224126c296ac43d1f277 SHA512 3d5fe15f2ae2dda9c9b42d153a4fb9efcd553a79b0c136c51f8ee5770679334580ecc062aba8c01119fe4795669b76284f1a051d58797284e0de1c0e1f296c7e -EBUILD openssh-8.1_p1-r1.ebuild 16292 BLAKE2B 08b5a318e7f161e329416e208d9611ad2fdd438e7d0ed5c20997005be346fc59895795a62e9d5c9d6390fc147ba9382c0b8b15b31a6cc26e3d01317cdff55844 SHA512 0da71560098f9747b061f90b0d1536cb2cd420c178eaa3ae26a272fcbb46562ed3ccc58a6922acbf4b201ecb855b7889de9accee9a68d89406edc9d06de2d553 +EBUILD openssh-7.5_p1-r4.ebuild 11165 BLAKE2B a2ec84eee8d85fcde9f1f31dd1093aacbe24fe121ee234067aa196a9e1a9399cf397396cadbc6cbd2e5b004e505ac76a67dfacf8820b4c61fc74af7932b961b3 SHA512 1023740690ecab734bc7671b65a68defccff626b9da0ef0580c45fb6d30de681d05b555bb0d74cb342aa3873f11d2ac5c6a444041f13c80b508412a7b4fcac4c +EBUILD openssh-7.7_p1-r9.ebuild 15920 BLAKE2B 421e98245cc89bb1c482a0ec3c5d35448e222430c0b1b258cfd0a7902543d1307b328e541c5418d533936c948fc67b1ece4ad9f4b48bced7f3c6061abe032f25 SHA512 4ab2bcd5bdf5ae7f5a5561c4964d3173b6f52ad95426c8db7cfbbcf4150bfb6b05e3dd72dcdf62533de0d0ed0506fc040e87fbd4212357d213bc9158d37a9130 +EBUILD openssh-7.9_p1-r4.ebuild 16294 BLAKE2B 3b5d7d2cfd03d6d22996b45cfaa467b71fa779b612e1a304cc10493587e05426d9936ed86898c11de3f1ce8068bdf429a728b63947283293f3d0a2a5ab44d019 SHA512 7a8100d59db2382be08b90e031b0e5691e22f7f66033e7ffc46d4956f1465f3ff76fc08b643799a453817e8fd75d67b550e7c741d2bdad1d7b43f9733667863b +EBUILD openssh-8.0_p1-r4.ebuild 16667 BLAKE2B ba64a43648d8cef989c078019d8a0fb06386b646136adcd08f030771014bf05de142c95eade811b7e493f6e91d520894848174c4cf1508813a8cc32fdd109d22 SHA512 b6daa06fc03f190d82fbf3b762c1a698fa9a803fbcb375c460a38cc2cb42b2a5da5d4f76529db3390554c9af861c637d918095981b8b7cf10dacf886b1051db3 +EBUILD openssh-8.1_p1-r2.ebuild 16367 BLAKE2B 6fc69bfe00c80e45f20f096bc6931d6acc020d2b0ab3b7372cab48aab7576d376adfb8c7c0b79e7ec366a1d7cd89808026d4be6091084e896d53934911631f30 SHA512 022e9673db8e18c786afa06c08ef1f29eb0be1e4f5de0e24ff088142b3be71fcc00f5c6fd5a985065da35a829f168099bbd2dabb04ce54a1132ac36765802e93 MISC metadata.xml 2291 BLAKE2B 9e12fbae3c37a48c3b04876a7247bf38c33d6cc5be210b382e35e45c9318b3c3e7c91a0ef32a9fda96ac7a68a00f9d703aacfc1c1f23e59511ea97d159527488 SHA512 8605c7aa2e4594a04006b3abfac3fad359e3e44182be53116e25159b7419d4429176617c10b50354d0d10c2be26af550e9a2b6e4c7085906558a569dddf5c8f3 diff --git a/net-misc/openssh/files/openssh-8.0_p1-hpn-14.20-X509-glue.patch b/net-misc/openssh/files/openssh-8.0_p1-hpn-14.20-X509-glue.patch new file mode 100644 index 000000000000..167adfcaefb8 --- /dev/null +++ b/net-misc/openssh/files/openssh-8.0_p1-hpn-14.20-X509-glue.patch @@ -0,0 +1,111 @@ +diff -ur a/openssh-8_1_P1-hpn-AES-CTR-14.20.diff b/openssh-8_1_P1-hpn-AES-CTR-14.20.diff +--- a/openssh-8_1_P1-hpn-AES-CTR-14.20.diff 2020-02-04 15:49:15.746095444 -0800 ++++ b/openssh-8_1_P1-hpn-AES-CTR-14.20.diff 2020-02-04 15:49:54.181853707 -0800 +@@ -4,8 +4,8 @@ + +++ b/Makefile.in + @@ -42,7 +42,7 @@ CC=@CC@ + LD=@LD@ +- CFLAGS=@CFLAGS@ +- CPPFLAGS=-I. -I$(srcdir) @CPPFLAGS@ $(PATHS) @DEFS@ ++ CFLAGS=@CFLAGS@ $(CFLAGS_EXTRA) ++ CPPFLAGS=-I. -I$(srcdir) @CPPFLAGS@ @LDAP_CPPFLAGS@ $(PATHS) @DEFS@ + -LIBS=@LIBS@ + +LIBS=@LIBS@ -lpthread + K5LIBS=@K5LIBS@ +@@ -803,8 +803,8 @@ + ssh_packet_set_connection(struct ssh *ssh, int fd_in, int fd_out) + { + struct session_state *state; +-- const struct sshcipher *none = cipher_by_name("none"); +-+ struct sshcipher *none = cipher_by_name("none"); ++- const struct sshcipher *none = cipher_none(); +++ struct sshcipher *none = cipher_none(); + int r; + + if (none == NULL) { +@@ -948,9 +948,9 @@ + /* Portable-specific options */ + sUsePAM, + + sDisableMTAES, +- /* Standard Options */ +- sPort, sHostKeyFile, sLoginGraceTime, +- sPermitRootLogin, sLogFacility, sLogLevel, ++ /* X.509 Standard Options */ ++ sHostbasedAlgorithms, ++ sPubkeyAlgorithms, + @@ -643,6 +647,7 @@ static struct { + { "trustedusercakeys", sTrustedUserCAKeys, SSHCFG_ALL }, + { "authorizedprincipalsfile", sAuthorizedPrincipalsFile, SSHCFG_ALL }, +diff -ur a/openssh-8_1_P1-hpn-DynWinNoneSwitch-14.20.diff b/openssh-8_1_P1-hpn-DynWinNoneSwitch-14.20.diff +--- a/openssh-8_1_P1-hpn-DynWinNoneSwitch-14.20.diff 2020-02-04 15:41:42.512910357 -0800 ++++ b/openssh-8_1_P1-hpn-DynWinNoneSwitch-14.20.diff 2020-02-04 15:56:40.323299499 -0800 +@@ -382,7 +382,7 @@ + @@ -884,6 +884,10 @@ kex_choose_conf(struct ssh *ssh) + int nenc, nmac, ncomp; + u_int mode, ctos, need, dh_need, authlen; +- int r, first_kex_follows; ++ int r, first_kex_follows = 0; + + int auth_flag; + + + + auth_flag = packet_authentication_state(ssh); +@@ -391,8 +391,8 @@ + debug2("local %s KEXINIT proposal", kex->server ? "server" : "client"); + if ((r = kex_buf2prop(kex->my, NULL, &my)) != 0) + @@ -954,6 +958,14 @@ kex_choose_conf(struct ssh *ssh) +- peer[ncomp] = NULL; +- goto out; ++ else ++ fatal("Pre-authentication none cipher requests are not allowed."); + } + + debug("REQUESTED ENC.NAME is '%s'", newkeys->enc.name); + + if (strcmp(newkeys->enc.name, "none") == 0) { +@@ -1169,15 +1169,3 @@ + # Example of overriding settings on a per-user basis + #Match User anoncvs + # X11Forwarding no +-diff --git a/version.h b/version.h +-index 6b3fadf8..ec1d2e27 100644 +---- a/version.h +-+++ b/version.h +-@@ -3,4 +3,6 @@ +- #define SSH_VERSION "OpenSSH_8.1" +- +- #define SSH_PORTABLE "p1" +--#define SSH_RELEASE SSH_VERSION SSH_PORTABLE +-+#define SSH_HPN "-hpn14v20" +-+#define SSH_RELEASE SSH_VERSION SSH_PORTABLE SSH_HPN +-+ +diff -ur a/openssh-8_1_P1-hpn-PeakTput-14.20.diff b/openssh-8_1_P1-hpn-PeakTput-14.20.diff +--- a/openssh-8_1_P1-hpn-PeakTput-14.20.diff 2020-02-04 15:41:42.512910357 -0800 ++++ b/openssh-8_1_P1-hpn-PeakTput-14.20.diff 2020-02-04 16:02:42.203023609 -0800 +@@ -12,9 +12,9 @@ + static long stalled; /* how long we have been stalled */ + static int bytes_per_second; /* current speed in bytes per second */ + @@ -127,6 +129,7 @@ refresh_progress_meter(int force_update) ++ off_t bytes_left; + int cur_speed; +- int hours, minutes, seconds; +- int file_len; ++ int len; + + off_t delta_pos; + + if ((!force_update && !alarm_fired && !win_resized) || !can_output()) +@@ -33,12 +33,12 @@ + @@ -166,7 +173,7 @@ refresh_progress_meter(int force_update) + + /* filename */ +- buf[0] = '\0'; +-- file_len = win_size - 36; +-+ file_len = win_size - 45; +- if (file_len > 0) { +- buf[0] = '\r'; +- snmprintf(buf+1, sizeof(buf)-1, &file_len, "%-*s", ++ if (win_size > 36) { ++- int file_len = win_size - 36; +++ int file_len = win_size - 45; ++ snmprintf(buf+1, sizeof(buf)-1, &file_len, "%-*s ", ++ file_len, file); ++ } + @@ -191,6 +198,15 @@ refresh_progress_meter(int force_update) + (off_t)bytes_per_second); + strlcat(buf, "/s ", win_size); diff --git a/net-misc/openssh/files/openssh-8.1_p1-hpn-14.20-glue.patch b/net-misc/openssh/files/openssh-8.1_p1-hpn-14.20-glue.patch new file mode 100644 index 000000000000..90fa248fcbac --- /dev/null +++ b/net-misc/openssh/files/openssh-8.1_p1-hpn-14.20-glue.patch @@ -0,0 +1,105 @@ +diff -ur a/openssh-8_1_P1-hpn-DynWinNoneSwitch-14.20.diff b/openssh-8_1_P1-hpn-DynWinNoneSwitch-14.20.diff +--- a/openssh-8_1_P1-hpn-DynWinNoneSwitch-14.20.diff 2020-02-04 14:55:30.408567718 -0800 ++++ b/openssh-8_1_P1-hpn-DynWinNoneSwitch-14.20.diff 2020-02-04 15:16:14.646567224 -0800 +@@ -409,18 +409,10 @@ + index 817da43b..b2bcf78f 100644 + --- a/packet.c + +++ b/packet.c +-@@ -925,6 +925,24 @@ ssh_set_newkeys(struct ssh *ssh, int mode) ++@@ -925,6 +925,16 @@ ssh_set_newkeys(struct ssh *ssh, int mode) + return 0; + } + +-+/* this supports the forced rekeying required for the NONE cipher */ +-+int rekey_requested = 0; +-+void +-+packet_request_rekeying(void) +-+{ +-+ rekey_requested = 1; +-+} +-+ + +/* used to determine if pre or post auth when rekeying for aes-ctr + + * and none cipher switch */ + +int +@@ -434,20 +426,6 @@ + #define MAX_PACKETS (1U<<31) + static int + ssh_packet_need_rekeying(struct ssh *ssh, u_int outbound_packet_len) +-@@ -951,6 +969,13 @@ ssh_packet_need_rekeying(struct ssh *ssh, u_int outbound_packet_len) +- if (state->p_send.packets == 0 && state->p_read.packets == 0) +- return 0; +- +-+ /* used to force rekeying when called for by the none +-+ * cipher switch methods -cjr */ +-+ if (rekey_requested == 1) { +-+ rekey_requested = 0; +-+ return 1; +-+ } +-+ +- /* Time-based rekeying */ +- if (state->rekey_interval != 0 && +- (int64_t)state->rekey_time + state->rekey_interval <= monotime()) + diff --git a/packet.h b/packet.h + index 8ccfd2e0..1ad9bc06 100644 + --- a/packet.h +@@ -476,9 +454,9 @@ + /* Format of the configuration file: + + @@ -167,6 +168,8 @@ typedef enum { +- oHashKnownHosts, + oTunnel, oTunnelDevice, + oLocalCommand, oPermitLocalCommand, oRemoteCommand, ++ oDisableMTAES, + + oTcpRcvBufPoll, oTcpRcvBuf, oHPNDisabled, oHPNBufferSize, + + oNoneEnabled, oNoneSwitch, + oVisualHostKey, +@@ -615,9 +593,9 @@ + int ip_qos_bulk; /* IP ToS/DSCP/class for bulk traffic */ + SyslogFacility log_facility; /* Facility for system logging. */ + @@ -112,7 +116,10 @@ typedef struct { +- + int enable_ssh_keysign; + int64_t rekey_limit; ++ int disable_multithreaded; /*disable multithreaded aes-ctr*/ + + int none_switch; /* Use none cipher */ + + int none_enabled; /* Allow none to be used */ + int rekey_interval; +@@ -700,9 +678,9 @@ + + options->hpn_buffer_size = CHAN_TCP_WINDOW_DEFAULT; + + } + + ++ if (options->disable_multithreaded == -1) ++ options->disable_multithreaded = 0; + if (options->ip_qos_interactive == -1) +- options->ip_qos_interactive = IPTOS_DSCP_AF21; +- if (options->ip_qos_bulk == -1) + @@ -486,6 +532,8 @@ typedef enum { + sPasswordAuthentication, sKbdInteractiveAuthentication, + sListenAddress, sAddressFamily, +@@ -1079,11 +1057,11 @@ + xxx_host = host; + xxx_hostaddr = hostaddr; + +-@@ -422,6 +433,28 @@ ssh_userauth2(struct ssh *ssh, const char *local_user, ++@@ -422,7 +433,28 @@ ssh_userauth2(struct ssh *ssh, const char *local_user, + + if (!authctxt.success) + fatal("Authentication failed."); +-+ ++ + + /* + + * If the user wants to use the none cipher, do it post authentication + + * and only if the right conditions are met -- both of the NONE commands +@@ -1105,9 +1083,9 @@ + + } + + } + + +- debug("Authentication succeeded (%s).", authctxt.method->name); +- } +- ++ #ifdef WITH_OPENSSL ++ if (options.disable_multithreaded == 0) { ++ /* if we are using aes-ctr there can be issues in either a fork or sandbox + diff --git a/sshd.c b/sshd.c + index 11571c01..23a06022 100644 + --- a/sshd.c diff --git a/net-misc/openssh/files/openssh-8.1_p1-hpn-14.20-sctp-glue.patch b/net-misc/openssh/files/openssh-8.1_p1-hpn-14.20-sctp-glue.patch new file mode 100644 index 000000000000..3f5c7a47d9c8 --- /dev/null +++ b/net-misc/openssh/files/openssh-8.1_p1-hpn-14.20-sctp-glue.patch @@ -0,0 +1,19 @@ +diff -ur a/openssh-8_1_P1-hpn-DynWinNoneSwitch-14.20.diff b/openssh-8_1_P1-hpn-DynWinNoneSwitch-14.20.diff +--- a/openssh-8_1_P1-hpn-DynWinNoneSwitch-14.20.diff 2020-02-04 14:55:30.408567718 -0800 ++++ b/openssh-8_1_P1-hpn-DynWinNoneSwitch-14.20.diff 2020-02-04 16:36:51.394069720 -0800 +@@ -1191,15 +1191,3 @@ + # Example of overriding settings on a per-user basis + #Match User anoncvs + # X11Forwarding no +-diff --git a/version.h b/version.h +-index 6b3fadf8..ec1d2e27 100644 +---- a/version.h +-+++ b/version.h +-@@ -3,4 +3,6 @@ +- #define SSH_VERSION "OpenSSH_8.1" +- +- #define SSH_PORTABLE "p1" +--#define SSH_RELEASE SSH_VERSION SSH_PORTABLE +-+#define SSH_HPN "-hpn14v20" +-+#define SSH_RELEASE SSH_VERSION SSH_PORTABLE SSH_HPN +-+ diff --git a/net-misc/openssh/files/openssh-8.1_p1-tests-2020.patch b/net-misc/openssh/files/openssh-8.1_p1-tests-2020.patch new file mode 100644 index 000000000000..505e34db9d20 --- /dev/null +++ b/net-misc/openssh/files/openssh-8.1_p1-tests-2020.patch @@ -0,0 +1,26 @@ +diff --git a/regress/cert-hostkey.sh b/regress/cert-hostkey.sh +index 86ea6250..844adabc 100644 +--- a/regress/cert-hostkey.sh ++++ b/regress/cert-hostkey.sh +@@ -252,7 +252,7 @@ test_one() { + test_one "user-certificate" failure "-n $HOSTS" + test_one "empty principals" success "-h" + test_one "wrong principals" failure "-h -n foo" +-test_one "cert not yet valid" failure "-h -V20200101:20300101" ++test_one "cert not yet valid" failure "-h -V20300101:20320101" + test_one "cert expired" failure "-h -V19800101:19900101" + test_one "cert valid interval" success "-h -V-1w:+2w" + test_one "cert has constraints" failure "-h -Oforce-command=false" +diff --git a/regress/cert-userkey.sh b/regress/cert-userkey.sh +index 38c14a69..5cd02fc3 100644 +--- a/regress/cert-userkey.sh ++++ b/regress/cert-userkey.sh +@@ -338,7 +338,7 @@ test_one() { + test_one "correct principal" success "-n ${USER}" + test_one "host-certificate" failure "-n ${USER} -h" + test_one "wrong principals" failure "-n foo" +-test_one "cert not yet valid" failure "-n ${USER} -V20200101:20300101" ++test_one "cert not yet valid" failure "-n ${USER} -V20300101:20320101" + test_one "cert expired" failure "-n ${USER} -V19800101:19900101" + test_one "cert valid interval" success "-n ${USER} -V-1w:+2w" + test_one "wrong source-address" failure "-n ${USER} -Osource-address=10.0.0.0/8" diff --git a/net-misc/openssh/openssh-7.5_p1-r4.ebuild b/net-misc/openssh/openssh-7.5_p1-r4.ebuild index cebd6ad71ed6..184b30bcbdd7 100644 --- a/net-misc/openssh/openssh-7.5_p1-r4.ebuild +++ b/net-misc/openssh/openssh-7.5_p1-r4.ebuild @@ -25,7 +25,7 @@ SRC_URI="mirror://openbsd/OpenSSH/portable/${PARCH}.tar.gz LICENSE="BSD GPL-2" SLOT="0" -KEYWORDS="alpha amd64 arm arm64 hppa ia64 m68k ~mips ppc ppc64 s390 sh sparc x86 ~ppc-aix ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris" +KEYWORDS="~alpha amd64 arm arm64 hppa ia64 m68k ~mips ppc ppc64 s390 sh sparc x86 ~ppc-aix ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris" # Probably want to drop ssl defaulting to on in a future version. IUSE="abi_mips_n32 audit bindist debug ${HPN_PATCH:++}hpn kerberos kernel_linux ldap ldns libedit libressl livecd pam +pie sctp selinux skey ssh1 +ssl static test X X509" RESTRICT="!test? ( test )" diff --git a/net-misc/openssh/openssh-7.7_p1-r9.ebuild b/net-misc/openssh/openssh-7.7_p1-r9.ebuild index d949654c69e5..7851cc3b95e1 100644 --- a/net-misc/openssh/openssh-7.7_p1-r9.ebuild +++ b/net-misc/openssh/openssh-7.7_p1-r9.ebuild @@ -26,7 +26,7 @@ SRC_URI="mirror://openbsd/OpenSSH/portable/${PARCH}.tar.gz LICENSE="BSD GPL-2" SLOT="0" -KEYWORDS="alpha amd64 arm arm64 hppa ia64 m68k ~mips ppc ppc64 s390 sh sparc x86 ~ppc-aix ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris" +KEYWORDS="~alpha amd64 arm arm64 hppa ia64 m68k ~mips ppc ppc64 s390 sh sparc x86 ~ppc-aix ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris" # Probably want to drop ssl defaulting to on in a future version. IUSE="abi_mips_n32 audit bindist debug hpn kerberos kernel_linux ldns libedit libressl livecd pam +pie sctp selinux skey +ssl static test X X509" RESTRICT="!test? ( test )" diff --git a/net-misc/openssh/openssh-7.9_p1-r4.ebuild b/net-misc/openssh/openssh-7.9_p1-r4.ebuild index 6f95e59ac4ba..9064d66d9fbd 100644 --- a/net-misc/openssh/openssh-7.9_p1-r4.ebuild +++ b/net-misc/openssh/openssh-7.9_p1-r4.ebuild @@ -33,7 +33,7 @@ SRC_URI="mirror://openbsd/OpenSSH/portable/${PARCH}.tar.gz LICENSE="BSD GPL-2" SLOT="0" -KEYWORDS="alpha amd64 arm arm64 hppa ia64 m68k ~mips ppc ppc64 s390 sh sparc x86 ~ppc-aix ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris" +KEYWORDS="~alpha amd64 arm arm64 hppa ia64 m68k ~mips ppc ppc64 s390 sh sparc x86 ~ppc-aix ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris" # Probably want to drop ssl defaulting to on in a future version. IUSE="abi_mips_n32 audit bindist debug hpn kerberos kernel_linux ldns libedit libressl livecd pam +pie sctp selinux +ssl static test X X509" RESTRICT="!test? ( test )" diff --git a/net-misc/openssh/openssh-8.0_p1-r4.ebuild b/net-misc/openssh/openssh-8.0_p1-r4.ebuild index 5393ca2b81d5..2acc872e9ccc 100644 --- a/net-misc/openssh/openssh-8.0_p1-r4.ebuild +++ b/net-misc/openssh/openssh-8.0_p1-r4.ebuild @@ -1,9 +1,9 @@ -# Copyright 1999-2019 Gentoo Authors +# Copyright 1999-2020 Gentoo Authors # Distributed under the terms of the GNU General Public License v2 EAPI=6 -inherit user eapi7-ver flag-o-matic multilib autotools pam systemd +inherit eapi7-ver flag-o-matic multilib autotools pam systemd # Make it more portable between straight releases # and _p? releases. @@ -32,7 +32,7 @@ SRC_URI="mirror://openbsd/OpenSSH/portable/${PARCH}.tar.gz LICENSE="BSD GPL-2" SLOT="0" -KEYWORDS="alpha amd64 arm arm64 hppa ia64 m68k ~mips ppc ppc64 ~riscv s390 sh sparc x86 ~ppc-aix ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris" +KEYWORDS="~alpha amd64 arm arm64 hppa ia64 m68k ~mips ppc ppc64 ~riscv s390 sh sparc x86 ~ppc-aix ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris" # Probably want to drop ssl defaulting to on in a future version. IUSE="abi_mips_n32 audit bindist debug hpn kerberos kernel_linux ldns libedit libressl livecd pam +pie sctp selinux +ssl static test X X509 xmss" RESTRICT="!test? ( test )" @@ -67,6 +67,8 @@ LIB_DEPEND=" ) >=sys-libs/zlib-1.2.3:=[static-libs(+)]" RDEPEND=" + acct-group/sshd + acct-user/sshd !static? ( ${LIB_DEPEND//\[static-libs(+)]} ) pam? ( sys-libs/pam ) kerberos? ( virtual/krb5 )" @@ -123,6 +125,7 @@ src_prepare() { eapply "${FILESDIR}"/${PN}-8.0_p1-deny-shmget-shmat-shmdt-in-preauth-privsep-child.patch eapply "${FILESDIR}"/${PN}-8.0_p1-fix-integer-overflow-in-XMSS-private-key-parsing.patch eapply "${FILESDIR}"/${PN}-8.0_p1-fix-an-unreachable-integer-overflow-similar-to-the-XMSS-case.patch + eapply "${FILESDIR}"/${PN}-8.1_p1-tests-2020.patch use X509 || eapply "${FILESDIR}"/${PN}-8.0_p1-tests.patch [[ -d ${WORKDIR}/patches ]] && eapply "${WORKDIR}"/patches @@ -410,11 +413,6 @@ src_install() { systemd_newunit "${FILESDIR}"/sshd_at.service 'sshd@.service' } -pkg_preinst() { - enewgroup sshd 22 - enewuser sshd 22 -1 /var/empty sshd -} - pkg_postinst() { if has_version "<${CATEGORY}/${PN}-5.8_p1" ; then elog "Starting with openssh-5.8p1, the server will default to a newer key" diff --git a/net-misc/openssh/openssh-8.1_p1-r1.ebuild b/net-misc/openssh/openssh-8.1_p1-r2.ebuild index 2469a92fb870..fe7b7fb1bb49 100644 --- a/net-misc/openssh/openssh-8.1_p1-r1.ebuild +++ b/net-misc/openssh/openssh-8.1_p1-r2.ebuild @@ -1,20 +1,20 @@ -# Copyright 1999-2019 Gentoo Authors +# Copyright 1999-2020 Gentoo Authors # Distributed under the terms of the GNU General Public License v2 EAPI=7 -inherit user flag-o-matic multilib autotools pam systemd +inherit flag-o-matic multilib autotools pam systemd # Make it more portable between straight releases # and _p? releases. PARCH=${P/_} -#HPN_PV="${PV^^}" -HPN_PV="7.8_P1" +HPN_PV="${PV^^}" -HPN_VER="14.16" +HPN_VER="14.20" HPN_PATCHES=( ${PN}-${HPN_PV/./_}-hpn-DynWinNoneSwitch-${HPN_VER}.diff ${PN}-${HPN_PV/./_}-hpn-AES-CTR-${HPN_VER}.diff + ${PN}-${HPN_PV/./_}-hpn-PeakTput-${HPN_VER}.diff ) SCTP_VER="1.2" SCTP_PATCH="${PARCH}-sctp-${SCTP_VER}.patch.xz" @@ -25,22 +25,28 @@ PATCH_SET="openssh-7.9p1-patches-1.0" DESCRIPTION="Port of OpenBSD's free SSH release" HOMEPAGE="https://www.openssh.com/" SRC_URI="mirror://openbsd/OpenSSH/portable/${PARCH}.tar.gz + https://dev.gentoo.org/~chutzpah/dist/openssh/${P}-glibc-2.31-patches.tar.xz ${SCTP_PATCH:+sctp? ( https://dev.gentoo.org/~chutzpah/dist/openssh/${SCTP_PATCH} )} ${HPN_VER:+hpn? ( $(printf "mirror://sourceforge/hpnssh/HPN-SSH%%20${HPN_VER/./v}%%20${HPN_PV/_P/p}/%s\n" "${HPN_PATCHES[@]}") )} ${X509_PATCH:+X509? ( https://roumenpetrov.info/openssh/x509-${X509_VER}/${X509_PATCH} )} - " +" +S="${WORKDIR}/${PARCH}" LICENSE="BSD GPL-2" SLOT="0" KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sh ~sparc ~x86 ~ppc-aix ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris" # Probably want to drop ssl defaulting to on in a future version. IUSE="abi_mips_n32 audit bindist debug hpn kerberos kernel_linux ldns libedit libressl livecd pam +pie sctp selinux +ssl static test X X509 xmss" + RESTRICT="!test? ( test )" -REQUIRED_USE="ldns? ( ssl ) + +REQUIRED_USE=" + ldns? ( ssl ) pie? ( !static ) static? ( !kerberos !pam ) X509? ( !sctp ssl ) - test? ( ssl )" + test? ( ssl ) +" LIB_DEPEND=" audit? ( sys-process/audit[static-libs(+)] ) @@ -65,23 +71,28 @@ LIB_DEPEND=" ) libressl? ( dev-libs/libressl:0=[static-libs(+)] ) ) - >=sys-libs/zlib-1.2.3:=[static-libs(+)]" + >=sys-libs/zlib-1.2.3:=[static-libs(+)] +" RDEPEND=" + acct-group/sshd + acct-user/sshd !static? ( ${LIB_DEPEND//\[static-libs(+)]} ) pam? ( sys-libs/pam ) - kerberos? ( virtual/krb5 )" + kerberos? ( virtual/krb5 ) +" DEPEND="${RDEPEND} static? ( ${LIB_DEPEND} ) - virtual/os-headers" + virtual/os-headers +" RDEPEND="${RDEPEND} pam? ( >=sys-auth/pambase-20081028 ) userland_GNU? ( virtual/shadow ) - X? ( x11-apps/xauth )" + X? ( x11-apps/xauth ) +" BDEPEND=" virtual/pkgconfig - sys-devel/autoconf" - -S="${WORKDIR}/${PARCH}" + sys-devel/autoconf +" pkg_pretend() { # this sucks, but i'd rather have people unable to `emerge -u openssh` @@ -110,7 +121,7 @@ pkg_pretend() { src_prepare() { sed -i \ - -e "/_PATH_XAUTH/s:/usr/X11R6/bin/xauth:${EPREFIX%/}/usr/bin/xauth:" \ + -e "/_PATH_XAUTH/s:/usr/X11R6/bin/xauth:${EPREFIX}/usr/bin/xauth:" \ pathnames.h || die # don't break .ssh/authorized_keys2 for fun @@ -122,6 +133,7 @@ src_prepare() { eapply "${FILESDIR}"/${PN}-7.5_p1-disable-conch-interop-tests.patch eapply "${FILESDIR}"/${PN}-8.0_p1-fix-putty-tests.patch eapply "${FILESDIR}"/${PN}-8.0_p1-deny-shmget-shmat-shmdt-in-preauth-privsep-child.patch + eapply "${FILESDIR}"/${PN}-8.1_p1-tests-2020.patch [[ -d ${WORKDIR}/patches ]] && eapply "${WORKDIR}"/patches @@ -167,25 +179,22 @@ src_prepare() { if use hpn ; then local hpn_patchdir="${T}/${P}-hpn${HPN_VER}" - mkdir "${hpn_patchdir}" - cp $(printf -- "${DISTDIR}/%s\n" "${HPN_PATCHES[@]}") "${hpn_patchdir}" + mkdir "${hpn_patchdir}" || die + cp $(printf -- "${DISTDIR}/%s\n" "${HPN_PATCHES[@]}") "${hpn_patchdir}" || die pushd "${hpn_patchdir}" &>/dev/null || die - eapply "${FILESDIR}"/${PN}-8.1_p1-hpn-glue.patch + eapply "${FILESDIR}"/${PN}-8.1_p1-hpn-${HPN_VER}-glue.patch if use X509; then - einfo "Will disable MT AES cipher due to incompatbility caused by X509 patch set" - # X509 and AES-CTR-MT don't get along, let's just drop it - rm openssh-${HPN_PV//./_}-hpn-AES-CTR-${HPN_VER}.diff || die - eapply "${FILESDIR}"/${PN}-8.0_p1-hpn-X509-glue.patch + # einfo "Will disable MT AES cipher due to incompatbility caused by X509 patch set" + # # X509 and AES-CTR-MT don't get along, let's just drop it + # rm openssh-${HPN_PV//./_}-hpn-AES-CTR-${HPN_VER}.diff || die + eapply "${FILESDIR}"/${PN}-8.0_p1-hpn-${HPN_VER}-X509-glue.patch fi - use sctp && eapply "${FILESDIR}"/${PN}-7.9_p1-hpn-sctp-glue.patch + use sctp && eapply "${FILESDIR}"/${PN}-8.1_p1-hpn-${HPN_VER}-sctp-glue.patch popd &>/dev/null || die eapply "${hpn_patchdir}" - if ! use X509; then - eapply "${FILESDIR}/openssh-7.9_p1-hpn-openssl-1.1.patch" - eapply "${FILESDIR}/openssh-8.0_p1-hpn-version.patch" - fi + use X509 || eapply "${FILESDIR}/openssh-8.0_p1-hpn-version.patch" einfo "Patching Makefile.in for HPN patch set ..." sed -i \ @@ -274,17 +283,17 @@ src_configure() { --with-ldflags="${LDFLAGS}" --disable-strip --with-pid-dir="${EPREFIX}"$(usex kernel_linux '' '/var')/run - --sysconfdir="${EPREFIX%/}"/etc/ssh - --libexecdir="${EPREFIX%/}"/usr/$(get_libdir)/misc - --datadir="${EPREFIX%/}"/usr/share/openssh - --with-privsep-path="${EPREFIX%/}"/var/empty + --sysconfdir="${EPREFIX}"/etc/ssh + --libexecdir="${EPREFIX}"/usr/$(get_libdir)/misc + --datadir="${EPREFIX}"/usr/share/openssh + --with-privsep-path="${EPREFIX}"/var/empty --with-privsep-user=sshd $(use_with audit audit linux) - $(use_with kerberos kerberos5 "${EPREFIX%/}"/usr) + $(use_with kerberos kerberos5 "${EPREFIX}"/usr) # We apply the sctp patch conditionally, so can't pass --without-sctp # unconditionally else we get unknown flag warnings. $(use sctp && use_with sctp) - $(use_with ldns ldns "${EPREFIX%/}"/usr) + $(use_with ldns ldns "${EPREFIX}"/usr) $(use_with libedit) $(use_with pam) $(use_with pie) @@ -346,7 +355,7 @@ tweak_ssh_configs() { ) # First the server config. - cat <<-EOF >> "${ED%/}"/etc/ssh/sshd_config + cat <<-EOF >> "${ED}"/etc/ssh/sshd_config # Allow client to pass locale environment variables. #367017 AcceptEnv ${locale_vars[*]} @@ -356,7 +365,7 @@ tweak_ssh_configs() { EOF # Then the client config. - cat <<-EOF >> "${ED%/}"/etc/ssh/ssh_config + cat <<-EOF >> "${ED}"/etc/ssh/ssh_config # Send locale environment variables. #367017 SendEnv ${locale_vars[*]} @@ -371,13 +380,13 @@ tweak_ssh_configs() { -e "/^#PasswordAuthentication /s:.*:PasswordAuthentication no:" \ -e "/^#PrintMotd /s:.*:PrintMotd no:" \ -e "/^#PrintLastLog /s:.*:PrintLastLog no:" \ - "${ED%/}"/etc/ssh/sshd_config || die + "${ED}"/etc/ssh/sshd_config || die fi if use livecd ; then sed -i \ -e '/^#PermitRootLogin/c# Allow root login with password on livecds.\nPermitRootLogin Yes' \ - "${ED%/}"/etc/ssh/sshd_config || die + "${ED}"/etc/ssh/sshd_config || die fi } @@ -406,11 +415,6 @@ src_install() { systemd_newunit "${FILESDIR}"/sshd_at.service 'sshd@.service' } -pkg_preinst() { - enewgroup sshd 22 - enewuser sshd 22 -1 /var/empty sshd -} - pkg_postinst() { if has_version "<${CATEGORY}/${PN}-5.8_p1" ; then elog "Starting with openssh-5.8p1, the server will default to a newer key" |