summaryrefslogtreecommitdiff
path: root/net-misc/openssh
diff options
context:
space:
mode:
Diffstat (limited to 'net-misc/openssh')
-rw-r--r--net-misc/openssh/Manifest4
-rw-r--r--net-misc/openssh/openssh-9.9_p1.ebuild95
-rw-r--r--net-misc/openssh/openssh-9.9_p2.ebuild95
3 files changed, 94 insertions, 100 deletions
diff --git a/net-misc/openssh/Manifest b/net-misc/openssh/Manifest
index 412338c3e53d..4a036130a59f 100644
--- a/net-misc/openssh/Manifest
+++ b/net-misc/openssh/Manifest
@@ -32,6 +32,6 @@ DIST openssh-9.9p2.tar.gz.asc 833 BLAKE2B 21d9ef3da2b54be47420327f1c724e38eef951
EBUILD openssh-9.7_p1-r6.ebuild 14116 BLAKE2B 423d6ab5e9af91f0996bb74e70984fbdc41f276e3364f35d9e1db39d2cd72582b8ca5192c67d07e57a6322289061e9e1ddcfc2cddcee9137cd7e79486157178a SHA512 fe3ceb2912f342fbd0ac9bd6229ddb4c00c0d7c0c0225763d68dfcd2dc69c128ae2cd5101bdac91a4baa179544b273708770dc63c686b2b9751d3391b2799239
EBUILD openssh-9.8_p1-r2.ebuild 15271 BLAKE2B d8d4f794f7e9b7f9e9d74acc813bb4860ccdf660c38a629cd4c3553e0ddcc2eabbd1dab7603ae06e4bbe031421083e0a4813c25ca38625989f0a74fb06620e24 SHA512 3b36919fce944984eeb9c21d6df80e3dd9a7c34846165a31e8c48652fb0c3428599b505147092e14aee3e6f5ac6b4ef37aabcb3a7300d3b04da6f32eb47e18a6
EBUILD openssh-9.8_p1-r3.ebuild 15365 BLAKE2B 51da05b6b53b1326871328aa14387f10794de1e643f18a14b9ecc51830d3ebbfa772d1402bd86d3a118d5be1fb0760e7f608ddd7cd93b960617ad86f5a66beb7 SHA512 f3e294a30591621c96acf1ab054b2f84801b8ad9eb0932597a6eeda7b3b0cc01560c21944954dc6d9da6f4eaafa34592def5a2a80c27c113e48fe194a986f83d
-EBUILD openssh-9.9_p1.ebuild 15558 BLAKE2B bbaa08a96610c07d3b2997207ef3a2798eb506e28817033ac1cbe737b9ef3c714fd3c715e59e6f53f2a1b3d7603d41f494affcfb6a6984ede7b0ca1acd5ff8bf SHA512 7616ecaba31634b42b4db0c1596d50035ca5b01839dd5fcda624390e34d53f01792fadae04cbd2112e69cbdecde5e99425b4110783b9187a0a4c3e32d049d2f8
-EBUILD openssh-9.9_p2.ebuild 15569 BLAKE2B 0406bd7e78d46c8c5dbcee2032ba30cc49aeee0c969b454ab45e2f015774424baf0314d663c574f7ff7d45fae71057f5e58745c6975a3661a966f77d67050595 SHA512 b83d2b6bc19a43debcd7271a5f4b41819871dd5d1047f037ff7029a409c248491fe767085bb57a21189a4e8dd39185d167c7b80dd24e2fcf53a7e998d4c81322
+EBUILD openssh-9.9_p1.ebuild 15405 BLAKE2B bfea4b4b5370bcd9b898624982a9950107163b3a2f1deca4182aaa3f31d02ca6bca89956f93887e503a25db3d5a58a960d4a6b68ec2a742943b5810808d8476d SHA512 ec64e2ef14a82fc94a99c33f5da19f2a3b255841b7ed982a936dc1dfd980fceaa8f3711d47a962e7dea1a6eb2fe8b1692159ad16786bc752c66cfa0749b9fbd9
+EBUILD openssh-9.9_p2.ebuild 15416 BLAKE2B 3794f42a0e21dbe1a84cfdd7fbe12ef6ab1d278a15d64add81ff892b488e077451abff41f8c8233d0ae1b9ea58c11a5b04fd451933b57e45e7b9eb435280d282 SHA512 d33d7ad4786cb7b2173775070ff70b2326b9ffb274d1037d015c7aeeabed3189d076693954a45af366d139e4d9202c8fe68697befb4859743fac1b4302277a60
MISC metadata.xml 1967 BLAKE2B 9e586a4c515035bc31be950c3872c379e01dae2cc460239cde37b83d6ca8494d36d1e1f858195b34af76074a966278c323ab24ba5e78adfa70be297c1f21336f SHA512 83563c27789a4c12149f037d9318b66d6caf383a82f0f6f7025378bd2a3017d41ff96b5aea3d08e4407d85f3d1a089a51ae6c7fa3970c20b2d8d721962ddbf69
diff --git a/net-misc/openssh/openssh-9.9_p1.ebuild b/net-misc/openssh/openssh-9.9_p1.ebuild
index 53c02164c5aa..a3eebf352d63 100644
--- a/net-misc/openssh/openssh-9.9_p1.ebuild
+++ b/net-misc/openssh/openssh-9.9_p1.ebuild
@@ -7,7 +7,7 @@ EAPI=8
# to backport! See https://marc.info/?l=openssh-unix-dev&m=172723798122122&w=2.
VERIFY_SIG_OPENPGP_KEY_PATH=/usr/share/openpgp-keys/openssh.org.asc
-inherit user-info flag-o-matic autotools optfeature pam systemd toolchain-funcs verify-sig
+inherit user-info flag-o-matic autotools optfeature pam systemd toolchain-funcs verify-sig eapi9-ver
# Make it more portable between straight releases
# and _p? releases.
@@ -23,7 +23,7 @@ S="${WORKDIR}/${PARCH}"
LICENSE="BSD GPL-2"
SLOT="0"
-KEYWORDS="~alpha amd64 arm arm64 ~hppa ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 ~sparc x86 ~amd64-linux ~x86-linux ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris"
+KEYWORDS="~alpha amd64 arm arm64 ~hppa ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86 ~amd64-linux ~x86-linux ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris"
# Probably want to drop ssl defaulting to on in a future version.
IUSE="abi_mips_n32 audit debug kerberos ldns legacy-ciphers libedit livecd pam +pie security-key selinux +ssl static test xmss"
@@ -350,53 +350,50 @@ pkg_postinst() {
# bug #139235
optfeature "x11 forwarding" x11-apps/xauth
- local old_ver
- for old_ver in ${REPLACING_VERSIONS}; do
- if ver_test "${old_ver}" -lt "5.8_p1"; then
- elog "Starting with openssh-5.8p1, the server will default to a newer key"
- elog "algorithm (ECDSA). You are encouraged to manually update your stored"
- elog "keys list as servers update theirs. See ssh-keyscan(1) for more info."
- fi
- if ver_test "${old_ver}" -lt "7.0_p1"; then
- elog "Starting with openssh-6.7, support for USE=tcpd has been dropped by upstream."
- elog "Make sure to update any configs that you might have. Note that xinetd might"
- elog "be an alternative for you as it supports USE=tcpd."
- fi
- if ver_test "${old_ver}" -lt "7.1_p1"; then #557388 #555518
- elog "Starting with openssh-7.0, support for ssh-dss keys were disabled due to their"
- elog "weak sizes. If you rely on these key types, you can re-enable the key types by"
- elog "adding to your sshd_config or ~/.ssh/config files:"
- elog " PubkeyAcceptedKeyTypes=+ssh-dss"
- elog "You should however generate new keys using rsa or ed25519."
-
- elog "Starting with openssh-7.0, the default for PermitRootLogin changed from 'yes'"
- elog "to 'prohibit-password'. That means password auth for root users no longer works"
- elog "out of the box. If you need this, please update your sshd_config explicitly."
- fi
- if ver_test "${old_ver}" -lt "7.6_p1"; then
- elog "Starting with openssh-7.6p1, openssh upstream has removed ssh1 support entirely."
- elog "Furthermore, rsa keys with less than 1024 bits will be refused."
- fi
- if ver_test "${old_ver}" -lt "7.7_p1"; then
- elog "Starting with openssh-7.7p1, we no longer patch openssh to provide LDAP functionality."
- elog "Install sys-auth/ssh-ldap-pubkey and use OpenSSH's \"AuthorizedKeysCommand\" option"
- elog "if you need to authenticate against LDAP."
- elog "See https://wiki.gentoo.org/wiki/SSH/LDAP_migration for more details."
- fi
- if ver_test "${old_ver}" -lt "8.2_p1"; then
- ewarn "After upgrading to openssh-8.2p1 please restart sshd, otherwise you"
- ewarn "will not be able to establish new sessions. Restarting sshd over a ssh"
- ewarn "connection is generally safe."
- fi
- if ver_test "${old_ver}" -lt "9.2_p1-r1" && systemd_is_booted; then
- ewarn "From openssh-9.2_p1-r1 the supplied systemd unit file defaults to"
- ewarn "'Restart=on-failure', which causes the service to automatically restart if it"
- ewarn "terminates with an unclean exit code or signal. This feature is useful for most users,"
- ewarn "but it can increase the vulnerability of the system in the event of a future exploit."
- ewarn "If you have a web-facing setup or are concerned about security, it is recommended to"
- ewarn "set 'Restart=no' in your sshd unit file."
- fi
- done
+ if ver_replacing -lt "5.8_p1"; then
+ elog "Starting with openssh-5.8p1, the server will default to a newer key"
+ elog "algorithm (ECDSA). You are encouraged to manually update your stored"
+ elog "keys list as servers update theirs. See ssh-keyscan(1) for more info."
+ fi
+ if ver_replacing -lt "7.0_p1"; then
+ elog "Starting with openssh-6.7, support for USE=tcpd has been dropped by upstream."
+ elog "Make sure to update any configs that you might have. Note that xinetd might"
+ elog "be an alternative for you as it supports USE=tcpd."
+ fi
+ if ver_replacing -lt "7.1_p1"; then #557388 #555518
+ elog "Starting with openssh-7.0, support for ssh-dss keys were disabled due to their"
+ elog "weak sizes. If you rely on these key types, you can re-enable the key types by"
+ elog "adding to your sshd_config or ~/.ssh/config files:"
+ elog " PubkeyAcceptedKeyTypes=+ssh-dss"
+ elog "You should however generate new keys using rsa or ed25519."
+
+ elog "Starting with openssh-7.0, the default for PermitRootLogin changed from 'yes'"
+ elog "to 'prohibit-password'. That means password auth for root users no longer works"
+ elog "out of the box. If you need this, please update your sshd_config explicitly."
+ fi
+ if ver_replacing -lt "7.6_p1"; then
+ elog "Starting with openssh-7.6p1, openssh upstream has removed ssh1 support entirely."
+ elog "Furthermore, rsa keys with less than 1024 bits will be refused."
+ fi
+ if ver_replacing -lt "7.7_p1"; then
+ elog "Starting with openssh-7.7p1, we no longer patch openssh to provide LDAP functionality."
+ elog "Install sys-auth/ssh-ldap-pubkey and use OpenSSH's \"AuthorizedKeysCommand\" option"
+ elog "if you need to authenticate against LDAP."
+ elog "See https://wiki.gentoo.org/wiki/SSH/LDAP_migration for more details."
+ fi
+ if ver_replacing -lt "8.2_p1"; then
+ ewarn "After upgrading to openssh-8.2p1 please restart sshd, otherwise you"
+ ewarn "will not be able to establish new sessions. Restarting sshd over a ssh"
+ ewarn "connection is generally safe."
+ fi
+ if ver_replacing -lt "9.2_p1-r1" && systemd_is_booted; then
+ ewarn "From openssh-9.2_p1-r1 the supplied systemd unit file defaults to"
+ ewarn "'Restart=on-failure', which causes the service to automatically restart if it"
+ ewarn "terminates with an unclean exit code or signal. This feature is useful for most users,"
+ ewarn "but it can increase the vulnerability of the system in the event of a future exploit."
+ ewarn "If you have a web-facing setup or are concerned about security, it is recommended to"
+ ewarn "set 'Restart=no' in your sshd unit file."
+ fi
if [[ -n ${show_ssl_warning} ]]; then
elog "Be aware that by disabling openssl support in openssh, the server and clients"
diff --git a/net-misc/openssh/openssh-9.9_p2.ebuild b/net-misc/openssh/openssh-9.9_p2.ebuild
index 811d22c7ae92..e53838b1ea23 100644
--- a/net-misc/openssh/openssh-9.9_p2.ebuild
+++ b/net-misc/openssh/openssh-9.9_p2.ebuild
@@ -7,7 +7,7 @@ EAPI=8
# to backport! See https://marc.info/?l=openssh-unix-dev&m=172723798122122&w=2.
VERIFY_SIG_OPENPGP_KEY_PATH=/usr/share/openpgp-keys/openssh.org.asc
-inherit user-info flag-o-matic autotools optfeature pam systemd toolchain-funcs verify-sig
+inherit user-info flag-o-matic autotools optfeature pam systemd toolchain-funcs verify-sig eapi9-ver
# Make it more portable between straight releases
# and _p? releases.
@@ -23,7 +23,7 @@ S="${WORKDIR}/${PARCH}"
LICENSE="BSD GPL-2"
SLOT="0"
-KEYWORDS="~alpha amd64 ~arm ~arm64 ~hppa ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 ~sparc x86 ~amd64-linux ~x86-linux ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris"
+KEYWORDS="~alpha amd64 ~arm ~arm64 ~hppa ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86 ~amd64-linux ~x86-linux ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris"
# Probably want to drop ssl defaulting to on in a future version.
IUSE="abi_mips_n32 audit debug kerberos ldns legacy-ciphers libedit livecd pam +pie security-key selinux +ssl static test xmss"
@@ -350,53 +350,50 @@ pkg_postinst() {
# bug #139235
optfeature "x11 forwarding" x11-apps/xauth
- local old_ver
- for old_ver in ${REPLACING_VERSIONS}; do
- if ver_test "${old_ver}" -lt "5.8_p1"; then
- elog "Starting with openssh-5.8p1, the server will default to a newer key"
- elog "algorithm (ECDSA). You are encouraged to manually update your stored"
- elog "keys list as servers update theirs. See ssh-keyscan(1) for more info."
- fi
- if ver_test "${old_ver}" -lt "7.0_p1"; then
- elog "Starting with openssh-6.7, support for USE=tcpd has been dropped by upstream."
- elog "Make sure to update any configs that you might have. Note that xinetd might"
- elog "be an alternative for you as it supports USE=tcpd."
- fi
- if ver_test "${old_ver}" -lt "7.1_p1"; then #557388 #555518
- elog "Starting with openssh-7.0, support for ssh-dss keys were disabled due to their"
- elog "weak sizes. If you rely on these key types, you can re-enable the key types by"
- elog "adding to your sshd_config or ~/.ssh/config files:"
- elog " PubkeyAcceptedKeyTypes=+ssh-dss"
- elog "You should however generate new keys using rsa or ed25519."
-
- elog "Starting with openssh-7.0, the default for PermitRootLogin changed from 'yes'"
- elog "to 'prohibit-password'. That means password auth for root users no longer works"
- elog "out of the box. If you need this, please update your sshd_config explicitly."
- fi
- if ver_test "${old_ver}" -lt "7.6_p1"; then
- elog "Starting with openssh-7.6p1, openssh upstream has removed ssh1 support entirely."
- elog "Furthermore, rsa keys with less than 1024 bits will be refused."
- fi
- if ver_test "${old_ver}" -lt "7.7_p1"; then
- elog "Starting with openssh-7.7p1, we no longer patch openssh to provide LDAP functionality."
- elog "Install sys-auth/ssh-ldap-pubkey and use OpenSSH's \"AuthorizedKeysCommand\" option"
- elog "if you need to authenticate against LDAP."
- elog "See https://wiki.gentoo.org/wiki/SSH/LDAP_migration for more details."
- fi
- if ver_test "${old_ver}" -lt "8.2_p1"; then
- ewarn "After upgrading to openssh-8.2p1 please restart sshd, otherwise you"
- ewarn "will not be able to establish new sessions. Restarting sshd over a ssh"
- ewarn "connection is generally safe."
- fi
- if ver_test "${old_ver}" -lt "9.2_p1-r1" && systemd_is_booted; then
- ewarn "From openssh-9.2_p1-r1 the supplied systemd unit file defaults to"
- ewarn "'Restart=on-failure', which causes the service to automatically restart if it"
- ewarn "terminates with an unclean exit code or signal. This feature is useful for most users,"
- ewarn "but it can increase the vulnerability of the system in the event of a future exploit."
- ewarn "If you have a web-facing setup or are concerned about security, it is recommended to"
- ewarn "set 'Restart=no' in your sshd unit file."
- fi
- done
+ if ver_replacing -lt "5.8_p1"; then
+ elog "Starting with openssh-5.8p1, the server will default to a newer key"
+ elog "algorithm (ECDSA). You are encouraged to manually update your stored"
+ elog "keys list as servers update theirs. See ssh-keyscan(1) for more info."
+ fi
+ if ver_replacing -lt "7.0_p1"; then
+ elog "Starting with openssh-6.7, support for USE=tcpd has been dropped by upstream."
+ elog "Make sure to update any configs that you might have. Note that xinetd might"
+ elog "be an alternative for you as it supports USE=tcpd."
+ fi
+ if ver_replacing -lt "7.1_p1"; then #557388 #555518
+ elog "Starting with openssh-7.0, support for ssh-dss keys were disabled due to their"
+ elog "weak sizes. If you rely on these key types, you can re-enable the key types by"
+ elog "adding to your sshd_config or ~/.ssh/config files:"
+ elog " PubkeyAcceptedKeyTypes=+ssh-dss"
+ elog "You should however generate new keys using rsa or ed25519."
+
+ elog "Starting with openssh-7.0, the default for PermitRootLogin changed from 'yes'"
+ elog "to 'prohibit-password'. That means password auth for root users no longer works"
+ elog "out of the box. If you need this, please update your sshd_config explicitly."
+ fi
+ if ver_replacing -lt "7.6_p1"; then
+ elog "Starting with openssh-7.6p1, openssh upstream has removed ssh1 support entirely."
+ elog "Furthermore, rsa keys with less than 1024 bits will be refused."
+ fi
+ if ver_replacing -lt "7.7_p1"; then
+ elog "Starting with openssh-7.7p1, we no longer patch openssh to provide LDAP functionality."
+ elog "Install sys-auth/ssh-ldap-pubkey and use OpenSSH's \"AuthorizedKeysCommand\" option"
+ elog "if you need to authenticate against LDAP."
+ elog "See https://wiki.gentoo.org/wiki/SSH/LDAP_migration for more details."
+ fi
+ if ver_replacing -lt "8.2_p1"; then
+ ewarn "After upgrading to openssh-8.2p1 please restart sshd, otherwise you"
+ ewarn "will not be able to establish new sessions. Restarting sshd over a ssh"
+ ewarn "connection is generally safe."
+ fi
+ if ver_replacing -lt "9.2_p1-r1" && systemd_is_booted; then
+ ewarn "From openssh-9.2_p1-r1 the supplied systemd unit file defaults to"
+ ewarn "'Restart=on-failure', which causes the service to automatically restart if it"
+ ewarn "terminates with an unclean exit code or signal. This feature is useful for most users,"
+ ewarn "but it can increase the vulnerability of the system in the event of a future exploit."
+ ewarn "If you have a web-facing setup or are concerned about security, it is recommended to"
+ ewarn "set 'Restart=no' in your sshd unit file."
+ fi
if [[ -n ${show_ssl_warning} ]]; then
elog "Be aware that by disabling openssl support in openssh, the server and clients"
generated by cgit v1.2.3 (git 2.25.1) at 2025-03-05 01:52:49 +0000