From f660c6de84558324d784218831d8f0782ee41e2e Mon Sep 17 00:00:00 2001 From: V3n3RiX Date: Wed, 27 Oct 2021 22:41:01 +0100 Subject: gentoo resync : 27.10.2021 --- net-misc/Manifest.gz | Bin 55897 -> 55893 bytes net-misc/freerdp/Manifest | 2 +- net-misc/freerdp/freerdp-2.4.1-r1.ebuild | 2 +- net-misc/ndisc6/Manifest | 4 +- net-misc/ndisc6/ndisc6-1.0.3.ebuild | 31 -- net-misc/ndisc6/ndisc6-1.0.5.ebuild | 2 +- net-misc/ntpsec/Manifest | 2 +- net-misc/ntpsec/metadata.xml | 4 - net-misc/openssh/Manifest | 4 +- .../files/openssh-8.8_p1-X509-glue-13.2.3.patch | 43 ++ net-misc/openssh/openssh-8.8_p1-r1.ebuild | 513 +++++++++++++++++++++ net-misc/openssh/openssh-8.8_p1.ebuild | 513 --------------------- net-misc/s3cmd/Manifest | 4 +- net-misc/s3cmd/metadata.xml | 1 + net-misc/s3cmd/s3cmd-2.2.0.ebuild | 9 +- net-misc/seafile/Manifest | 2 +- net-misc/seafile/seafile-8.0.3-r3.ebuild | 5 +- net-misc/zssh/Manifest | 4 +- net-misc/zssh/files/zssh-1.5a-gentoo-include.diff | 4 +- net-misc/zssh/zssh-1.5c-r1.ebuild | 8 +- 20 files changed, 581 insertions(+), 576 deletions(-) delete mode 100644 net-misc/ndisc6/ndisc6-1.0.3.ebuild create mode 100644 net-misc/openssh/files/openssh-8.8_p1-X509-glue-13.2.3.patch create mode 100644 net-misc/openssh/openssh-8.8_p1-r1.ebuild delete mode 100644 net-misc/openssh/openssh-8.8_p1.ebuild (limited to 'net-misc') diff --git a/net-misc/Manifest.gz b/net-misc/Manifest.gz index 88f95165cdcc..05bdd8cc3c4b 100644 Binary files a/net-misc/Manifest.gz and b/net-misc/Manifest.gz differ diff --git a/net-misc/freerdp/Manifest b/net-misc/freerdp/Manifest index 55908fb5f3eb..cfb714c4b5da 100644 --- a/net-misc/freerdp/Manifest +++ b/net-misc/freerdp/Manifest @@ -4,7 +4,7 @@ AUX freerdp-2.4.1-rdpei-free.patch 859 BLAKE2B 2bf990acf4b4294bedb11acd824637b16 DIST freerdp-2.3.2.tar.gz 7284490 BLAKE2B f6017752993fcd9213117016825344953872b3ad6b6717039ba78555bbeeb276eb548c2c097c5df46d25d19678b8e275ac25a4c62e212c087e1b52d9ce672de9 SHA512 b8502d34c73113a42bf2dc240431967829064d68f507cc42ff06432a784213eee4a2c001b174f1b970545aec75b3caf21ba5f4ee1ca8c07c7ef834131413204b DIST freerdp-2.4.1.tar.gz 7300797 BLAKE2B cd14cadfbad9f30ab6ee6ba80c3a3bfb191b68dc0cf576082044a20489f558e222e618ed314a7fefdefcb480f201f384df5d77db8699d2e4530559fd3d5b4398 SHA512 9bacd6a7219690ed62d6a646616a54770293ff45b59211aff73dc8d67300a79ba22e72cbe56803d301b60964e4acccea9b7c6d7e2d698b91eafcf6ba561cd66a EBUILD freerdp-2.3.2.ebuild 2929 BLAKE2B 47576d816fcb596e2e02d8b38cb3075a494975f59c076a5f7ae313c5f780d73e2f5d6e1374e6b11186e25c68ac5a84c2412404c39b1ed8af3c64517c468dd88d SHA512 fc46e1cb5462847fcc0c469c18a4c58983854af89f553ad8bc7ad798250c0dd5e1a1afca1d53b8f41f211500db578d71382ea6b1fa1ef19774fd1f751ace2d87 -EBUILD freerdp-2.4.1-r1.ebuild 2877 BLAKE2B 6715b2b48d87ca94c6501b20317f2c0be9b3fdeb6bcf5f0915b7c953a346332bc63733f7b4809cb4483eb1b6e90f24a1a08030fa81b5aa191c7d7c924d1a675c SHA512 2233ad029c8b5d4b93e92c1d64477cca8d78082e66ee7adab68189f492c51bd69154209afa03cb46aa11e906a464b19922e5f382670eaa7cca3a90ef5c68cd50 +EBUILD freerdp-2.4.1-r1.ebuild 2873 BLAKE2B dfa10f0b548096c60c471653aa866548b0cf2b9713ff739738e289eae78745d58c1bfbecf823069dad02324cd7a221f5fa69339fc5533950c5d4eb9d1e0ae88b SHA512 12a782686f2f500f7502535a84115d347ef1200549d12de1bae14a28cadaedcb5d90e6969c67b0d7d67e6a837f24a333eabaa800868ebfbac251dc61b174be80 EBUILD freerdp-2.9999.ebuild 2811 BLAKE2B 71ecfc100f2dc04e368e8561fb06c0799e1aa68d9ec64144958d4ba60af70961e66c3f6ac46da48ebd07ffc9e02869d8bb0699bec778b68600332c181aa1ccc3 SHA512 4312971f4594c7c5f966bdc505e5d3483392a1e0289fb84790550d7f270e1a84502c1a89cc3c779675eddf593eda0b6fa15a72280db6442e1cfd286af651c3ff EBUILD freerdp-9999.ebuild 2811 BLAKE2B 71ecfc100f2dc04e368e8561fb06c0799e1aa68d9ec64144958d4ba60af70961e66c3f6ac46da48ebd07ffc9e02869d8bb0699bec778b68600332c181aa1ccc3 SHA512 4312971f4594c7c5f966bdc505e5d3483392a1e0289fb84790550d7f270e1a84502c1a89cc3c779675eddf593eda0b6fa15a72280db6442e1cfd286af651c3ff MISC metadata.xml 482 BLAKE2B 9961a7b8e99468833978be3722ffcfa1fe38ed2b9c0de0ec7237fbbdd1484b674df65995e4802abe961e70df37e8a7d11c8d1e26f25779e5419b4439cd336ed3 SHA512 3dd28b1ac648b19794970f306d811ebcb860146da9dd4e0dc1ca72c493f78ddf63e95c8232c583a71bee7e6ad90bbad24ece5fca4e6f561a9c019767a4755b72 diff --git a/net-misc/freerdp/freerdp-2.4.1-r1.ebuild b/net-misc/freerdp/freerdp-2.4.1-r1.ebuild index 79d2f82e8349..26c4295ee577 100644 --- a/net-misc/freerdp/freerdp-2.4.1-r1.ebuild +++ b/net-misc/freerdp/freerdp-2.4.1-r1.ebuild @@ -15,7 +15,7 @@ else MY_P=${P/_/-} S="${WORKDIR}/${MY_P}" SRC_URI="https://pub.freerdp.com/releases/${MY_P}.tar.gz" - KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~ppc ~ppc64 ~riscv ~x86" + KEYWORDS="~alpha amd64 arm arm64 ~ppc ~ppc64 ~riscv x86" fi DESCRIPTION="Free implementation of the Remote Desktop Protocol" diff --git a/net-misc/ndisc6/Manifest b/net-misc/ndisc6/Manifest index 400a44176732..38cbe8193975 100644 --- a/net-misc/ndisc6/Manifest +++ b/net-misc/ndisc6/Manifest @@ -3,8 +3,6 @@ AUX rdnssd.rc 498 BLAKE2B 816d955e40052a1db7903f9382439264efd88e02cc227471606cf6 AUX rdnssd.rc-1 502 BLAKE2B 39875eee2e81627e0e603bc01e552622e219af3bb18fede1d6b86364c501bd1e5eaccaf682f93ef38a4e18de4b2e955a98604bc5854054da5a31ef97cebde602 SHA512 0582ed315756d3e3c17d789252b3c68d1a7dfc6e74e600c0ea186775c976af447923cdc8182be23dd1418323503a91f8f82bc5068148a92bb40f9888a7c5cec2 AUX resolvconf 148 BLAKE2B 7e11d5f6d87fdf2e60ebb2b308663c51d4683cc389ba9640cd026da5ac99dcdd196c9e7dc4733b77da58285fe3fd6a0eab9d0a6b9695eeb8b7cf54aa17c560c8 SHA512 ba04b2ae327a1136122bf68929fee7946bc2938ce335cfe3c982ccb5bc4d53a66154dad65d79eeb47fd3b306cf203e69aa0197f6751ae5b0e021aff6d7f01ecf AUX resolvconf-1 152 BLAKE2B 1219e02e170a1cf279a1497e12269061659af7c61d662adb9beab39e772068d597a5f63b6c1f39efa5001c5f8d1014cd2f265cb3e49c3163ff38d9205126dbcd SHA512 cdba5bbfa69a8288696f14d1f7798445769bf37c6363cf0bdeb2aa162ff5c83728f513917c7649e3f6493bfc9cf437e0c08e460a87b80604fa31dd599441ef83 -DIST ndisc6-1.0.3.tar.bz2 260294 BLAKE2B cb9f302bd4d4f15effc8165dfdc686b2eda7543dd745cae43a24fea49086e3b5c58cc5b4eb14bc1a46657a15f6bd11322d5629570461f68743619deb9cd10004 SHA512 11dc9833edfc76650b46977d653686ed800dc1cc1dd069051410570f522d538ea9297b013a8d16b94aac3ebf33043cafdaee9fdccb5c02cc08b4c29ceaa96a54 DIST ndisc6-1.0.5.tar.bz2 263243 BLAKE2B 638e47e2bb1671a0bdd53edafd65acc774f068442dd6ade398e8bcae5630353f64b753b04237443aa6a6ea27de36206359e93e308fe5e610a4133ed730d71dd1 SHA512 d2742fee8202da988fd6d2b4b811125a4ab786b645b96b3a1fcfe248a3d9a39706055cf499c6cc742decfa5c3dbcbaac28ae01a50b9ad3ec10906dd468fec47e -EBUILD ndisc6-1.0.3.ebuild 714 BLAKE2B 36f429d37af7fec788201473ddd22f2c2f038223f0c47e33a1413b9b43b5e5b08c27176183e64583bb92d8052f3f04a9ba8bc764271b98a24f5991b880bf16a3 SHA512 064d54c64e2a29c6f6385e828612eca5f1cee2d68df4b68b132852d1644638ad8197116ce1f6554cdd2dd00e6e547e7014b5fc019567a2707195858bcff94965 -EBUILD ndisc6-1.0.5.ebuild 739 BLAKE2B a1243a983629cea9c98843dbd2b3aabe0bca3ddbaa549ecf49ca420d1f0029d587d63bc5f3285ba6ac57b7c775689ff175c5470d0f247ea21bc447ae155ee5b6 SHA512 45de76d5d49a1a1f296e45476e2587d8a47b414b08b725b9ea7414c202cdec8b915f0a60f084cba7bd4d8a581cfff7fe78134165550abb683e3fbbe713f0c425 +EBUILD ndisc6-1.0.5.ebuild 735 BLAKE2B 8e3e5cb0be4d48d55321010007466b239c30b213a274efd709c930b65578f3b467d6eed4874153f5e1b7797073aac157c32588e3b2ec3ed8f76dbf3df9ef6e9a SHA512 1448484d7aab71f9cbae22e5e58d215e8eb8453cc399c713e290f2de4b6a614045e4a57d249aa44f85569a42e3f496e9d5b9d90cada9183efd51150d0dedf1ee MISC metadata.xml 167 BLAKE2B 868e3b584722eaacf68273db062bb773d8c7e5d7ab2b81ca7e8397643bf7cc106c3a1033594401c99c54f667bb45d6b73f9048fc335580bbd44b4589ad26a832 SHA512 30caadd1496c3b9969136038239a1d8e01f236726b4022c2d7e19ca7575f25f735e556835e581afbf44fbd3e4104c40f2b5ef5fa70118d75c881fdf871962d0a diff --git a/net-misc/ndisc6/ndisc6-1.0.3.ebuild b/net-misc/ndisc6/ndisc6-1.0.3.ebuild deleted file mode 100644 index 3ff6ac986a70..000000000000 --- a/net-misc/ndisc6/ndisc6-1.0.3.ebuild +++ /dev/null @@ -1,31 +0,0 @@ -# Copyright 1999-2021 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -EAPI=5 - -DESCRIPTION="Recursive DNS Servers discovery Daemon (rdnssd) for IPv6" -HOMEPAGE="https://www.remlab.net/ndisc6/" -SRC_URI="https://www.remlab.net/files/${PN}/${P}.tar.bz2" - -LICENSE="GPL-2" -SLOT="0" -KEYWORDS="amd64 arm arm64 x86 ~x64-macos" -IUSE="debug" - -DEPEND="dev-lang/perl - sys-devel/gettext" -RDEPEND="" - -src_configure() { - econf $(use_enable debug assert) -} - -src_install() { - emake DESTDIR="${D}" install - newinitd "${FILESDIR}"/rdnssd.rc-1 rdnssd - newconfd "${FILESDIR}"/rdnssd.conf rdnssd - - exeinto /etc/rdnssd - newexe "${FILESDIR}"/resolvconf-1 resolvconf - dodoc AUTHORS ChangeLog NEWS README -} diff --git a/net-misc/ndisc6/ndisc6-1.0.5.ebuild b/net-misc/ndisc6/ndisc6-1.0.5.ebuild index 8304f55956c5..19faf911e8ef 100644 --- a/net-misc/ndisc6/ndisc6-1.0.5.ebuild +++ b/net-misc/ndisc6/ndisc6-1.0.5.ebuild @@ -9,7 +9,7 @@ SRC_URI="https://www.remlab.net/files/${PN}/${P}.tar.bz2" LICENSE="GPL-2" SLOT="0" -KEYWORDS="~amd64 ~arm ~arm64 ~x86 ~x64-macos" +KEYWORDS="amd64 arm arm64 x86 ~x64-macos" IUSE="debug" BDEPEND="dev-lang/perl diff --git a/net-misc/ntpsec/Manifest b/net-misc/ntpsec/Manifest index c4990b2cadc0..7ad89709d73d 100644 --- a/net-misc/ntpsec/Manifest +++ b/net-misc/ntpsec/Manifest @@ -12,4 +12,4 @@ DIST ntpsec-1.2.1.tar.gz 2681237 BLAKE2B bfb2674131718dcf9f393e93d1148cfb6631591 EBUILD ntpsec-1.2.0-r3.ebuild 4484 BLAKE2B 1f32519192c92760de2eecf1b8b4d72f1514da7ca196840d41ad6dc237a903eecce9a33a232c22ae0203be0a41c58e1d298a2177cac909713aaff073b39f77c6 SHA512 5d29ff40f10a9afe490c5f3c2d317eecb8615aff89bf733776a8f702fdc25cf5cf1b7b7510ce3fa149a903d904f1be97e2acd350f43afcc1da6a6c1de7582b9a EBUILD ntpsec-1.2.1.ebuild 4485 BLAKE2B d38aa4111729b1364b73441f4f4a5aceef9c3dc3c8db7f2e02dece5293970b9b5fc1936c0fd5cdae7013e5a0cde8d28bba7a9a175da0b0792fa5e94b7271d95d SHA512 6dc6f484ba209bd94b7367d5bb5d02bdc36ff9f7417d7347ab32787cd90a86948237e156cccf3be014284bc6b4fd0e883bd3dd14f73c760882d4cd207216a485 EBUILD ntpsec-9999.ebuild 4063 BLAKE2B 46d4c35ff1b73d2af63182f38ea3d3c4b3ab28b53b31764f9e8615922239857df7cbe7397d32202402b91507547e0d6d9834184f13c249bd95e32e39ed4c1cd2 SHA512 55278b3d172de7de1eff6a9269049bbb40270ce16cd6063c550ae0c9a642300899ba22d3953b24e4abe7fb7391cd453a035892915d15d44d0cf7e7f89cc1606b -MISC metadata.xml 2079 BLAKE2B 3ce3b2eeef626233de55951839220a5374a72a38c9822523a23e3d11298954cd6bc8c2638951e5c2305c0c1b90158251d727459ce974055a622825cde311da31 SHA512 0892e1b38ec36b312ed9c00912726c333ce51bd9afa0b2ab7543d12d87c2d87416d9595ce7083ed20d3a582f7bb7f5f5f9b6b2a7e92a04f130c1b08d0e24ecc6 +MISC metadata.xml 1968 BLAKE2B 7322d8ae32025477e68bee19ef813b5bd8011f750cd9dde23437a7519491db477e85178f3be69356c2cccd2a3519b60fa264988c9cd3fb8d6f8700a1392199d6 SHA512 c4d698ea3cf83e8b624281a3f841742f318f5d52768361debad2aaa7413e8447fd4f62d6b11fc3b25981da6b7f73efbd87d904c9688cdc1e7b54fbb3d88b2154 diff --git a/net-misc/ntpsec/metadata.xml b/net-misc/ntpsec/metadata.xml index 8eaf794d0015..9d4b63729b27 100644 --- a/net-misc/ntpsec/metadata.xml +++ b/net-misc/ntpsec/metadata.xml @@ -1,10 +1,6 @@ - - nerdboy@gentoo.org - Stephen L Arnold - blueness@gentoo.org Anthony G. Basile diff --git a/net-misc/openssh/Manifest b/net-misc/openssh/Manifest index 2b86174975e2..f49d84212a98 100644 --- a/net-misc/openssh/Manifest +++ b/net-misc/openssh/Manifest @@ -18,6 +18,7 @@ AUX openssh-8.7_p1-GSSAPI-dns.patch 11576 BLAKE2B 84aa0128ddeccf67e14c20f9d2acb6 AUX openssh-8.7_p1-X509-glue-13.2.1.patch 1679 BLAKE2B 2f79c3bc5b3fd93cce0aea23cd16b98fd8031b2ebed21a5360ec84e43ec02565e464fa47db99421f8b94994073823e4dfe590bd5374bf803c8065f1a8c065d6b SHA512 05796a8c6e01456d4e6ad0cc66490b7a9479f8f36854532b392b49c20d3a62e77e13f067b77460b2b3098a6ada3944f821220aa663d6a766cb9d9e1f9bcc6b9d AUX openssh-8.7_p1-hpn-15.2-X509-glue.patch 16283 BLAKE2B 7181c63f43398bda89f663c6de4a688e302d382519b0030ece980777d110ec56077dc6e5ca357f67c8a7a932f2df850ddc4ff7db1ea91c59d136767857c8b24e SHA512 525b68bcd9c891ab6be104d30cf4b9cc9214c257bc41a7e9c306dcfe3fb12109f7422118d9fad58698fe9a6d501b27309e675c857d00c04c46acff27eec60154 AUX openssh-8.7_p1-hpn-15.2-glue.patch 7354 BLAKE2B 1b5afc662d39db3ab137b2a389b3a5cebf55e0c6741c12ade4977d8d5d8cb4f4cf2d8e8978150808c6570cba7b8080ace971d20913df9a740c1e03adc7134726 SHA512 ea57ea2c6138a275bce8cb7d62ea8771bf51db4d8dca4ea33f46539b33ab5a17c7c1749fa7b10c90e167846fd087f4084dcf5604017ad5c2821c2c74793ca9c2 +AUX openssh-8.8_p1-X509-glue-13.2.3.patch 1723 BLAKE2B 791b1a043ca7b18cc0b4b0d292ee466363853ca13d55be951a23f7442f9a49fd2c84e8225e97d37e5bfa1e2ca5f6fa2ff7e3b9d5a3fe9f29d2f0120e13f7d401 SHA512 baf166bd32823186093d42993df6a412f733255d0d0c0c7484dc98e4e9a671a77b9826d9eaee094b415871561cba71cb795d73e8fea556f3ea7e3cb9a548062e AUX sshd-r1.confd 774 BLAKE2B df3f3f28cb4d35b49851399b52408c42e242ae3168ff3fc79add211903567da370cfe86a267932ca9cf13c3afbc38a8f1b53e753a31670ee61bf8ba8747832f8 SHA512 3a69752592126024319a95f1c1747af508fd639c86eca472106c5d6c23d5eeaa441ca74740d4b1aafaa0db759d38879e3c1cee742b08d6166ebc58cddac1e2fe AUX sshd-r1.initd 2675 BLAKE2B 47e87cec2d15b90aae362ce0c8e8ba08dada9ebc244e28be1fe67d24deb00675d3d9b8fef40def8a9224a3e2d15ab717574a3d837e099133c1cf013079588b55 SHA512 257d6437162b76c4a3a648ecc5d4739ca7eaa60b192fde91422c6c05d0de6adfa9635adc24d57dc3da6beb92b1b354ffe8fddad3db453efb610195d5509a4e27 AUX sshd-r2.initd 3197 BLAKE2B b992cc2353f23c0f343bd914e6745d0e2b82364450f2baedc5c96b00e181ad7decef609ca41c1dbc57d53894492e98975a00329207a4696a278978ece66f7acb SHA512 bdd908a604f1ae460cb225c0753325381e638d68eeaea4a30e789192ee7d08d690ddf6ae0db5cc8bfbacf35151cfce975b97ccb6e81d22b2d01555f117342d34 @@ -34,6 +35,7 @@ DIST openssh-8.6p1.tar.gz 1786328 BLAKE2B 261a0f1a6235275894d487cce37537755c8683 DIST openssh-8.7p1+x509-13.2.1.diff.gz 1073420 BLAKE2B f9de9f797f1ec83cd56a983f5b9694b0297a60e586898a8c94b4aaa60e5f561bb3b7730590fc8f898c3de2340780d6a77d31bfcc50df0a55a0480051f37806fd SHA512 dd7afd351ddf33e8e74bceba56e5593a0546360efb34f3b954e1816751b5678da5d1bc3a9f2eaa4a745d86d96ae9b643bd549d39b59b22c8cf1a219b076c1db5 DIST openssh-8.7p1-sctp-1.2.patch.xz 6740 BLAKE2B 468a455018ffddf4fa64d63acb732ad3e1fb722ae8b24d06cf3a683167a4580626b477bbc286f296c83d39dd36c101ac58597a21daa63de83ad55af00aa3a6be SHA512 aa9067c9025b6e4edfad5e45ec92da43db14edb11aae02cbbc296e66b48377cbbf62cdafcdd5edfd1fd4bf69420ee017223ab52e50a42b1976002d767984777c DIST openssh-8.7p1.tar.gz 1814595 BLAKE2B 9fdb8898485053d08c9eca419c15d0d03b7a60152cf6a9d7f1beed3a21c9e6ac3bd9f854580e6e474fb0c871f3d4be9ef4b49bee8c355d9e5769a5505f4e6ea9 SHA512 08c81024d9e1248abfda6cc874886ff5ae916669b93cd6aff640e0614ee8cbcbc3fe87a9ce47136b6443ddbb1168b114367c74e117551905994e1a7e3fa2c0c2 +DIST openssh-8.8p1+x509-13.2.3.diff.gz 1071138 BLAKE2B dfbe53ccfdfe0a3da9bac927c5bb0ccfeb20f1ba69cef2ffb52999e6f6b0a3282e28a888aab40096fe9eed819f4c9b27592a8771d786580b8fa4f507f6b02557 SHA512 e55e9cdcde1b02b2799600083db8c3b85d207b251b99b4efabe8614bedf1daae28e5ed10cbe1f6a2e5ba766fe1eaf41be9e90fefdaae1352808c504fc0f4e7e6 DIST openssh-8.8p1-sctp-1.2.patch.xz 6744 BLAKE2B 9f99e0abfbfbda2cc1c7c2a465d044c900da862e5a38f01260f388ac089b2e66c5ea7664d71d18b924552ae177e5893cdcbfbccc20eeb3aaeae00b3d552379e3 SHA512 5290c5ef08a418dcc9260812d8e75ce266e22e2258514f11da6fb178e0ae2ef16046523f72a50f74ae7b98e7eb52d16143befc8ce2919041382d314aa05adda0 DIST openssh-8.8p1.tar.gz 1815060 BLAKE2B 3a054ce19781aceca5ab1a0839d7435d88aff4481e8c74b91ffd2046dc8b6f03d6bf584ecda066c0496acf43cea9ab4085f26a29e34e20736e752f204b8c76c3 SHA512 d44cd04445f9c8963513b0d5a7e8348985114ff2471e119a6e344498719ef40f09c61c354888a3be9dabcb5870e5cbe5d3aafbb861dfa1d82a4952f3d233a8df DIST openssh-8_5_P1-hpn-AES-CTR-15.2.diff 30096 BLAKE2B f0c020dd2403806c79d4c37a019996d275655b04997301e247f5c4dd7fad35d12b3b7c25afb1b078d915ef2a4ae02f736f0aec9ba2a8c56a405d7ca303bcadf7 SHA512 4c2dbf99a9b5953fdb955f700272bbaeaa025f108a8860d2190197962b849f8385327af82c4d6a3a130a7fba35a74a8ec9437d642867601acb29817c49632a8f @@ -42,5 +44,5 @@ DIST openssh-8_5_P1-hpn-PeakTput-15.2.diff 2429 BLAKE2B 849bf3c313719ab7a25c75e8 EBUILD openssh-8.5_p1-r2.ebuild 17581 BLAKE2B a971d17ec56d3a6217174c14cec3b273ce0a2d1835cf1ea7e7ef32f8769bd69b7fddc77ec59158744fe8d1463464d33813e4c361cfeafc3935afd4260df136f3 SHA512 07bee99c1b3c40d3b82a640960494b2f92ae1f47f7af3acb04507f5a5e3db35aaaea5d530d59723256b9952cedb8836a0157dd9f7101b2f94aafdcc7c1765944 EBUILD openssh-8.6_p1-r2.ebuild 17655 BLAKE2B 51c2e441eebfab62ebb34eb83ab11ca024ff50a8a3444db82014e554c7d89de10757a45b0f81f4d704977cc7c75a55bae46dbd32bb88132950b72c8cb583073e SHA512 5014bbcde62554e03814906c13521a2db2dcb8df1107d1b2825a9296c85fa76a68c70f07317e57145b46f28b0d5a772aaa03b9e3f6b42db2b3fc0f3be416e527 EBUILD openssh-8.7_p1-r2.ebuild 17549 BLAKE2B 00b3970d5724d32f81935906c8d63be1bae00a2dc5e753c039cba60ed0f1fba13c6de4a34202c34581ddb4ffe04e9a63f1268880ba2528b8f184db50276a3dd8 SHA512 ef26ff570235d2f0557ac98471f8d9eb9645d925e45d426f89981d8ace599257e5e479d920280a7bdb35ef74918fb629f6a3e5bbb6a26a265cbc667687875bdb -EBUILD openssh-8.8_p1.ebuild 17559 BLAKE2B c5e01c7d13587d4e910516a3733fb017c311f2cd3c2860920c2e71b20a1d2517995e45e5354ebfd625ba8459d78ba0a00aea1780211c91f02f0b4c67bcebf76e SHA512 33abeb62266bc1f59c8a6eaba4c57d8104ecc443abb32e0aedc534e424601f7a26bbbd100b0c04be4956894fafb4ca21a89afe20f4eb88f6364585b31eac68d8 +EBUILD openssh-8.8_p1-r1.ebuild 17558 BLAKE2B 78f4c6fbdc8d7bceaca1840bc69142a104dd6bfc4a2f271b8800f9b54860d1771737af98c332d7458812a70cdfba7aa4641978553c98528e6b64f1fa8474a6b1 SHA512 4e8d407fc5399b85406620f00a39f61b59f05c0fd2beedde0b038a73242f121de7bd520a071b35c38ed73c61a562e9e08a07988630c830d8683bc198d4687295 MISC metadata.xml 2102 BLAKE2B 4b1464bbe657cd70e0787f1030354bf5cd87d43f4e19fbaf3686ffdf4c001449511d93d2549a29b4f11faa7901476d85ea7e2555b31f94a97bf73b7912230439 SHA512 ee3fd9db64eced5ef136dec87e5fe965381d2b83247af6e65c9f205adc8758b7bf90a3e45c0fe15dfe82e9aa0f6f25411b58183b8a56ef0ad51026cacbcd89a1 diff --git a/net-misc/openssh/files/openssh-8.8_p1-X509-glue-13.2.3.patch b/net-misc/openssh/files/openssh-8.8_p1-X509-glue-13.2.3.patch new file mode 100644 index 000000000000..74f8a842e6b2 --- /dev/null +++ b/net-misc/openssh/files/openssh-8.8_p1-X509-glue-13.2.3.patch @@ -0,0 +1,43 @@ +diff -ur '--exclude=.*.un~' a/openssh-8.8p1+x509-13.2.3.diff b/openssh-8.8p1+x509-13.2.3.diff +--- a/openssh-8.8p1+x509-13.2.3.diff 2021-10-25 10:23:20.264186260 -0700 ++++ b/openssh-8.8p1+x509-13.2.3.diff 2021-10-25 10:24:35.924443287 -0700 +@@ -51859,12 +51859,11 @@ + + install-files: + $(MKDIR_P) $(DESTDIR)$(bindir) +-@@ -391,6 +372,8 @@ ++@@ -391,6 +372,7 @@ + $(MKDIR_P) $(DESTDIR)$(mandir)/$(mansubdir)5 + $(MKDIR_P) $(DESTDIR)$(mandir)/$(mansubdir)8 + $(MKDIR_P) $(DESTDIR)$(libexecdir) + + $(MKDIR_P) $(DESTDIR)$(sshcadir) +-+ $(MKDIR_P) $(DESTDIR)$(piddir) + $(MKDIR_P) -m 0755 $(DESTDIR)$(PRIVSEP_PATH) + $(INSTALL) -m 0755 $(STRIP_OPT) ssh$(EXEEXT) $(DESTDIR)$(bindir)/ssh$(EXEEXT) + $(INSTALL) -m 0755 $(STRIP_OPT) scp$(EXEEXT) $(DESTDIR)$(bindir)/scp$(EXEEXT) +@@ -71985,7 +71984,7 @@ + +if test "$sshd_type" = "pkix" ; then + + unset_arg='' + +else +-+ unset_arg=none +++ unset_arg= + +fi + + + cat > $OBJ/sshd_config.i << _EOF +@@ -132360,16 +132359,6 @@ + +int asnmprintf(char **, size_t, int *, const char *, ...) + __attribute__((format(printf, 4, 5))); + void msetlocale(void); +-diff -ruN openssh-8.8p1/version.h openssh-8.8p1+x509-13.2.3/version.h +---- openssh-8.8p1/version.h 2021-09-26 17:03:19.000000000 +0300 +-+++ openssh-8.8p1+x509-13.2.3/version.h 2021-10-23 16:27:00.000000000 +0300 +-@@ -2,5 +2,4 @@ +- +- #define SSH_VERSION "OpenSSH_8.8" +- +--#define SSH_PORTABLE "p1" +--#define SSH_RELEASE SSH_VERSION SSH_PORTABLE +-+#define SSH_RELEASE PACKAGE_STRING ", " SSH_VERSION "p1" + diff -ruN openssh-8.8p1/version.m4 openssh-8.8p1+x509-13.2.3/version.m4 + --- openssh-8.8p1/version.m4 1970-01-01 02:00:00.000000000 +0200 + +++ openssh-8.8p1+x509-13.2.3/version.m4 2021-10-23 16:27:00.000000000 +0300 diff --git a/net-misc/openssh/openssh-8.8_p1-r1.ebuild b/net-misc/openssh/openssh-8.8_p1-r1.ebuild new file mode 100644 index 000000000000..b41b2579d815 --- /dev/null +++ b/net-misc/openssh/openssh-8.8_p1-r1.ebuild @@ -0,0 +1,513 @@ +# Copyright 1999-2021 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=7 + +inherit user-info flag-o-matic autotools pam systemd toolchain-funcs + +# Make it more portable between straight releases +# and _p? releases. +PARCH=${P/_} + +# PV to USE for HPN patches +#HPN_PV="${PV^^}" +HPN_PV="8.5_P1" + +HPN_VER="15.2" +HPN_PATCHES=( + ${PN}-${HPN_PV/./_}-hpn-DynWinNoneSwitch-${HPN_VER}.diff + ${PN}-${HPN_PV/./_}-hpn-AES-CTR-${HPN_VER}.diff + ${PN}-${HPN_PV/./_}-hpn-PeakTput-${HPN_VER}.diff +) + +SCTP_VER="1.2" SCTP_PATCH="${PARCH}-sctp-${SCTP_VER}.patch.xz" +X509_VER="13.2.3" X509_PATCH="${PARCH}+x509-${X509_VER}.diff.gz" + +DESCRIPTION="Port of OpenBSD's free SSH release" +HOMEPAGE="https://www.openssh.com/" +SRC_URI="mirror://openbsd/OpenSSH/portable/${PARCH}.tar.gz + ${SCTP_PATCH:+sctp? ( https://dev.gentoo.org/~chutzpah/dist/openssh/${SCTP_PATCH} )} + ${HPN_VER:+hpn? ( $(printf "mirror://sourceforge/project/hpnssh/Patches/HPN-SSH%%20${HPN_VER/./v}%%20${HPN_PV/_P/p}/%s\n" "${HPN_PATCHES[@]}") )} + ${X509_PATCH:+X509? ( https://roumenpetrov.info/openssh/x509-${X509_VER}/${X509_PATCH} )} +" +S="${WORKDIR}/${PARCH}" + +LICENSE="BSD GPL-2" +SLOT="0" +KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris" +# Probably want to drop ssl defaulting to on in a future version. +IUSE="abi_mips_n32 audit bindist debug hpn kerberos kernel_linux ldns libedit livecd pam +pie +scp sctp security-key selinux +ssl static test X X509 xmss" + +RESTRICT="!test? ( test )" + +REQUIRED_USE=" + hpn? ( ssl ) + ldns? ( ssl ) + pie? ( !static ) + static? ( !kerberos !pam ) + X509? ( !sctp ssl !xmss ) + xmss? ( ssl ) + test? ( ssl ) +" + +# tests currently fail with XMSS +REQUIRED_USE+="test? ( !xmss )" + +LIB_DEPEND=" + audit? ( sys-process/audit[static-libs(+)] ) + ldns? ( + net-libs/ldns[static-libs(+)] + !bindist? ( net-libs/ldns[ecdsa,ssl(+)] ) + bindist? ( net-libs/ldns[-ecdsa,ssl(+)] ) + ) + libedit? ( dev-libs/libedit:=[static-libs(+)] ) + sctp? ( net-misc/lksctp-tools[static-libs(+)] ) + security-key? ( >=dev-libs/libfido2-1.5.0:=[static-libs(+)] ) + selinux? ( >=sys-libs/libselinux-1.28[static-libs(+)] ) + ssl? ( + || ( + ( + >=dev-libs/openssl-1.0.1:0[bindist(-)=] + =dev-libs/openssl-1.1.0g:0[bindist(-)=] + ) + dev-libs/openssl:0=[static-libs(+)] + ) + virtual/libcrypt:=[static-libs(+)] + >=sys-libs/zlib-1.2.3:=[static-libs(+)] +" +RDEPEND=" + acct-group/sshd + acct-user/sshd + !static? ( ${LIB_DEPEND//\[static-libs(+)]} ) + pam? ( sys-libs/pam ) + kerberos? ( virtual/krb5 ) +" +DEPEND="${RDEPEND} + virtual/os-headers + kernel_linux? ( !prefix-guest? ( >=sys-kernel/linux-headers-5.1 ) ) + static? ( ${LIB_DEPEND} ) +" +RDEPEND="${RDEPEND} + pam? ( >=sys-auth/pambase-20081028 ) + userland_GNU? ( !prefix? ( sys-apps/shadow ) ) + X? ( x11-apps/xauth ) +" +BDEPEND=" + virtual/pkgconfig + sys-devel/autoconf +" + +pkg_pretend() { + # this sucks, but i'd rather have people unable to `emerge -u openssh` + # than not be able to log in to their server any more + maybe_fail() { [[ -z ${!2} ]] && echo "$1" ; } + local fail=" + $(use hpn && maybe_fail hpn HPN_VER) + $(use sctp && maybe_fail sctp SCTP_PATCH) + $(use X509 && maybe_fail X509 X509_PATCH) + " + fail=$(echo ${fail}) + if [[ -n ${fail} ]] ; then + eerror "Sorry, but this version does not yet support features" + eerror "that you requested: ${fail}" + eerror "Please mask ${PF} for now and check back later:" + eerror " # echo '=${CATEGORY}/${PF}' >> /etc/portage/package.mask" + die "Missing requested third party patch." + fi + + # Make sure people who are using tcp wrappers are notified of its removal. #531156 + if grep -qs '^ *sshd *:' "${EROOT}"/etc/hosts.{allow,deny} ; then + ewarn "Sorry, but openssh no longer supports tcp-wrappers, and it seems like" + ewarn "you're trying to use it. Update your ${EROOT}/etc/hosts.{allow,deny} please." + fi +} + +src_prepare() { + sed -i \ + -e "/_PATH_XAUTH/s:/usr/X11R6/bin/xauth:${EPREFIX}/usr/bin/xauth:" \ + pathnames.h || die + + # don't break .ssh/authorized_keys2 for fun + sed -i '/^AuthorizedKeysFile/s:^:#:' sshd_config || die + + eapply "${FILESDIR}"/${PN}-7.9_p1-include-stdlib.patch + eapply "${FILESDIR}"/${PN}-8.7_p1-GSSAPI-dns.patch #165444 integrated into gsskex + eapply "${FILESDIR}"/${PN}-6.7_p1-openssl-ignore-status.patch + eapply "${FILESDIR}"/${PN}-7.5_p1-disable-conch-interop-tests.patch + eapply "${FILESDIR}"/${PN}-8.0_p1-fix-putty-tests.patch + eapply "${FILESDIR}"/${PN}-8.0_p1-deny-shmget-shmat-shmdt-in-preauth-privsep-child.patch + + [[ -d ${WORKDIR}/patches ]] && eapply "${WORKDIR}"/patches + + local PATCHSET_VERSION_MACROS=() + + if use X509 ; then + pushd "${WORKDIR}" &>/dev/null || die + eapply "${FILESDIR}/${P}-X509-glue-"${X509_VER}".patch" + popd &>/dev/null || die + + eapply "${WORKDIR}"/${X509_PATCH%.*} + + # We need to patch package version or any X.509 sshd will reject our ssh client + # with "userauth_pubkey: could not parse key: string is too large [preauth]" + # error + einfo "Patching package version for X.509 patch set ..." + sed -i \ + -e "s/^AC_INIT(\[OpenSSH\], \[Portable\]/AC_INIT([OpenSSH], [${X509_VER}]/" \ + "${S}"/configure.ac || die "Failed to patch package version for X.509 patch" + + einfo "Patching version.h to expose X.509 patch set ..." + sed -i \ + -e "/^#define SSH_PORTABLE.*/a #define SSH_X509 \"-PKIXSSH-${X509_VER}\"" \ + "${S}"/version.h || die "Failed to sed-in X.509 patch version" + PATCHSET_VERSION_MACROS+=( 'SSH_X509' ) + fi + + if use sctp ; then + eapply "${WORKDIR}"/${SCTP_PATCH%.*} + + einfo "Patching version.h to expose SCTP patch set ..." + sed -i \ + -e "/^#define SSH_PORTABLE/a #define SSH_SCTP \"-sctp-${SCTP_VER}\"" \ + "${S}"/version.h || die "Failed to sed-in SCTP patch version" + PATCHSET_VERSION_MACROS+=( 'SSH_SCTP' ) + + einfo "Disabling known failing test (cfgparse) caused by SCTP patch ..." + sed -i \ + -e "/\t\tcfgparse \\\/d" \ + "${S}"/regress/Makefile || die "Failed to disable known failing test (cfgparse) caused by SCTP patch" + fi + + if use hpn ; then + local hpn_patchdir="${T}/${P}-hpn${HPN_VER}" + mkdir "${hpn_patchdir}" || die + cp $(printf -- "${DISTDIR}/%s\n" "${HPN_PATCHES[@]}") "${hpn_patchdir}" || die + pushd "${hpn_patchdir}" &>/dev/null || die + eapply "${FILESDIR}"/${PN}-8.7_p1-hpn-${HPN_VER}-glue.patch + use X509 && eapply "${FILESDIR}"/${PN}-8.7_p1-hpn-${HPN_VER}-X509-glue.patch + use sctp && eapply "${FILESDIR}"/${PN}-8.5_p1-hpn-${HPN_VER}-sctp-glue.patch + popd &>/dev/null || die + + eapply "${hpn_patchdir}" + + use X509 || eapply "${FILESDIR}/openssh-8.6_p1-hpn-version.patch" + + einfo "Patching Makefile.in for HPN patch set ..." + sed -i \ + -e "/^LIBS=/ s/\$/ -lpthread/" \ + "${S}"/Makefile.in || die "Failed to patch Makefile.in" + + einfo "Patching version.h to expose HPN patch set ..." + sed -i \ + -e "/^#define SSH_PORTABLE/a #define SSH_HPN \"-hpn${HPN_VER//./v}\"" \ + "${S}"/version.h || die "Failed to sed-in HPN patch version" + PATCHSET_VERSION_MACROS+=( 'SSH_HPN' ) + + if [[ -n "${HPN_DISABLE_MTAES}" ]] ; then + einfo "Disabling known non-working MT AES cipher per default ..." + + cat > "${T}"/disable_mtaes.conf <<- EOF + + # HPN's Multi-Threaded AES CTR cipher is currently known to be broken + # and therefore disabled per default. + DisableMTAES yes + EOF + sed -i \ + -e "/^#HPNDisabled.*/r ${T}/disable_mtaes.conf" \ + "${S}"/sshd_config || die "Failed to disabled MT AES ciphers in sshd_config" + + sed -i \ + -e "/AcceptEnv.*_XXX_TEST$/a \\\tDisableMTAES\t\tyes" \ + "${S}"/regress/test-exec.sh || die "Failed to disable MT AES ciphers in test config" + fi + fi + + if use X509 || use sctp || use hpn ; then + einfo "Patching sshconnect.c to use SSH_RELEASE in send_client_banner() ..." + sed -i \ + -e "s/PROTOCOL_MAJOR_2, PROTOCOL_MINOR_2, SSH_VERSION/PROTOCOL_MAJOR_2, PROTOCOL_MINOR_2, SSH_RELEASE/" \ + "${S}"/sshconnect.c || die "Failed to patch send_client_banner() to use SSH_RELEASE (sshconnect.c)" + + einfo "Patching sshd.c to use SSH_RELEASE in sshd_exchange_identification() ..." + sed -i \ + -e "s/PROTOCOL_MAJOR_2, PROTOCOL_MINOR_2, SSH_VERSION/PROTOCOL_MAJOR_2, PROTOCOL_MINOR_2, SSH_RELEASE/" \ + "${S}"/sshd.c || die "Failed to patch sshd_exchange_identification() to use SSH_RELEASE (sshd.c)" + + einfo "Patching version.h to add our patch sets to SSH_RELEASE ..." + sed -i \ + -e "s/^#define SSH_RELEASE.*/#define SSH_RELEASE SSH_VERSION SSH_PORTABLE ${PATCHSET_VERSION_MACROS[*]}/" \ + "${S}"/version.h || die "Failed to patch SSH_RELEASE (version.h)" + fi + + sed -i \ + -e "/#UseLogin no/d" \ + "${S}"/sshd_config || die "Failed to remove removed UseLogin option (sshd_config)" + + eapply_user #473004 + + # These tests are currently incompatible with PORTAGE_TMPDIR/sandbox + sed -e '/\t\tpercent \\/ d' \ + -i regress/Makefile || die + + tc-export PKG_CONFIG + local sed_args=( + -e "s:-lcrypto:$(${PKG_CONFIG} --libs openssl):" + # Disable PATH reset, trust what portage gives us #254615 + -e 's:^PATH=/:#PATH=/:' + # Disable fortify flags ... our gcc does this for us + -e 's:-D_FORTIFY_SOURCE=2::' + ) + + # The -ftrapv flag ICEs on hppa #505182 + use hppa && sed_args+=( + -e '/CFLAGS/s:-ftrapv:-fdisable-this-test:' + -e '/OSSH_CHECK_CFLAG_LINK.*-ftrapv/d' + ) + # _XOPEN_SOURCE causes header conflicts on Solaris + [[ ${CHOST} == *-solaris* ]] && sed_args+=( + -e 's/-D_XOPEN_SOURCE//' + ) + sed -i "${sed_args[@]}" configure{.ac,} || die + + eautoreconf +} + +src_configure() { + addwrite /dev/ptmx + + use debug && append-cppflags -DSANDBOX_SECCOMP_FILTER_DEBUG + use static && append-ldflags -static + use xmss && append-cflags -DWITH_XMSS + + if [[ ${CHOST} == *-solaris* ]] ; then + # Solaris' glob.h doesn't have things like GLOB_TILDE, configure + # doesn't check for this, so force the replacement to be put in + # place + append-cppflags -DBROKEN_GLOB + fi + + # use replacement, RPF_ECHO_ON doesn't exist here + [[ ${CHOST} == *-darwin* ]] && export ac_cv_func_readpassphrase=no + + local myconf=( + --with-ldflags="${LDFLAGS}" + --disable-strip + --with-pid-dir="${EPREFIX}"$(usex kernel_linux '' '/var')/run + --sysconfdir="${EPREFIX}"/etc/ssh + --libexecdir="${EPREFIX}"/usr/$(get_libdir)/misc + --datadir="${EPREFIX}"/usr/share/openssh + --with-privsep-path="${EPREFIX}"/var/empty + --with-privsep-user=sshd + $(use_with audit audit linux) + $(use_with kerberos kerberos5 "${EPREFIX}"/usr) + # We apply the sctp patch conditionally, so can't pass --without-sctp + # unconditionally else we get unknown flag warnings. + $(use sctp && use_with sctp) + $(use_with ldns ldns "${EPREFIX}"/usr) + $(use_with libedit) + $(use_with pam) + $(use_with pie) + $(use_with selinux) + $(usex X509 '' "$(use_with security-key security-key-builtin)") + $(use_with ssl openssl) + $(use_with ssl md5-passwords) + $(use_with ssl ssl-engine) + $(use_with !elibc_Cygwin hardening) #659210 + ) + + if use elibc_musl; then + # stackprotect is broken on musl x86 and ppc + if use x86 || use ppc; then + myconf+=( --without-stackprotect ) + fi + + # musl defines bogus values for UTMP_FILE and WTMP_FILE + # https://bugs.gentoo.org/753230 + myconf+=( --disable-utmp --disable-wtmp ) + fi + + # The seccomp sandbox is broken on x32, so use the older method for now. #553748 + use amd64 && [[ ${ABI} == "x32" ]] && myconf+=( --with-sandbox=rlimit ) + + econf "${myconf[@]}" +} + +src_test() { + local t skipped=() failed=() passed=() + local tests=( interop-tests compat-tests ) + + local shell=$(egetshell "${UID}") + if [[ ${shell} == */nologin ]] || [[ ${shell} == */false ]] ; then + elog "Running the full OpenSSH testsuite requires a usable shell for the 'portage'" + elog "user, so we will run a subset only." + skipped+=( tests ) + else + tests+=( tests ) + fi + + # It will also attempt to write to the homedir .ssh. + local sshhome=${T}/homedir + mkdir -p "${sshhome}"/.ssh + for t in "${tests[@]}" ; do + # Some tests read from stdin ... + HOMEDIR="${sshhome}" HOME="${sshhome}" TMPDIR="${T}" \ + SUDO="" SSH_SK_PROVIDER="" \ + TEST_SSH_UNSAFE_PERMISSIONS=1 \ + emake -k -j1 ${t} > "${ED}"/etc/ssh/sshd_config + + # Allow client to pass locale environment variables. #367017 + AcceptEnv ${locale_vars[*]} + + # Allow client to pass COLORTERM to match TERM. #658540 + AcceptEnv COLORTERM + EOF + + # Then the client config. + cat <<-EOF >> "${ED}"/etc/ssh/ssh_config + + # Send locale environment variables. #367017 + SendEnv ${locale_vars[*]} + + # Send COLORTERM to match TERM. #658540 + SendEnv COLORTERM + EOF + + if use pam ; then + sed -i \ + -e "/^#UsePAM /s:.*:UsePAM yes:" \ + -e "/^#PasswordAuthentication /s:.*:PasswordAuthentication no:" \ + -e "/^#PrintMotd /s:.*:PrintMotd no:" \ + -e "/^#PrintLastLog /s:.*:PrintLastLog no:" \ + "${ED}"/etc/ssh/sshd_config || die + fi + + if use livecd ; then + sed -i \ + -e '/^#PermitRootLogin/c# Allow root login with password on livecds.\nPermitRootLogin Yes' \ + "${ED}"/etc/ssh/sshd_config || die + fi +} + +src_install() { + emake install-nokeys DESTDIR="${D}" + fperms 600 /etc/ssh/sshd_config + dobin contrib/ssh-copy-id + newinitd "${FILESDIR}"/sshd-r1.initd sshd + newconfd "${FILESDIR}"/sshd-r1.confd sshd + + if use pam; then + newpamd "${FILESDIR}"/sshd.pam_include.2 sshd + fi + + tweak_ssh_configs + + doman contrib/ssh-copy-id.1 + dodoc CREDITS OVERVIEW README* TODO sshd_config + use hpn && dodoc HPN-README + use X509 || dodoc ChangeLog + + diropts -m 0700 + dodir /etc/skel/.ssh + + # https://bugs.gentoo.org/733802 + if ! use scp; then + rm -f "${ED}"/usr/{bin/scp,share/man/man1/scp.1} \ + || die "failed to remove scp" + fi + + rmdir "${ED}"/var/empty || die + + systemd_dounit "${FILESDIR}"/sshd.{service,socket} + systemd_newunit "${FILESDIR}"/sshd_at.service 'sshd@.service' +} + +pkg_preinst() { + if ! use ssl && has_version "${CATEGORY}/${PN}[ssl]"; then + show_ssl_warning=1 + fi +} + +pkg_postinst() { + local old_ver + for old_ver in ${REPLACING_VERSIONS}; do + if ver_test "${old_ver}" -lt "5.8_p1"; then + elog "Starting with openssh-5.8p1, the server will default to a newer key" + elog "algorithm (ECDSA). You are encouraged to manually update your stored" + elog "keys list as servers update theirs. See ssh-keyscan(1) for more info." + fi + if ver_test "${old_ver}" -lt "7.0_p1"; then + elog "Starting with openssh-6.7, support for USE=tcpd has been dropped by upstream." + elog "Make sure to update any configs that you might have. Note that xinetd might" + elog "be an alternative for you as it supports USE=tcpd." + fi + if ver_test "${old_ver}" -lt "7.1_p1"; then #557388 #555518 + elog "Starting with openssh-7.0, support for ssh-dss keys were disabled due to their" + elog "weak sizes. If you rely on these key types, you can re-enable the key types by" + elog "adding to your sshd_config or ~/.ssh/config files:" + elog " PubkeyAcceptedKeyTypes=+ssh-dss" + elog "You should however generate new keys using rsa or ed25519." + + elog "Starting with openssh-7.0, the default for PermitRootLogin changed from 'yes'" + elog "to 'prohibit-password'. That means password auth for root users no longer works" + elog "out of the box. If you need this, please update your sshd_config explicitly." + fi + if ver_test "${old_ver}" -lt "7.6_p1"; then + elog "Starting with openssh-7.6p1, openssh upstream has removed ssh1 support entirely." + elog "Furthermore, rsa keys with less than 1024 bits will be refused." + fi + if ver_test "${old_ver}" -lt "7.7_p1"; then + elog "Starting with openssh-7.7p1, we no longer patch openssh to provide LDAP functionality." + elog "Install sys-auth/ssh-ldap-pubkey and use OpenSSH's \"AuthorizedKeysCommand\" option" + elog "if you need to authenticate against LDAP." + elog "See https://wiki.gentoo.org/wiki/SSH/LDAP_migration for more details." + fi + if ver_test "${old_ver}" -lt "8.2_p1"; then + ewarn "After upgrading to openssh-8.2p1 please restart sshd, otherwise you" + ewarn "will not be able to establish new sessions. Restarting sshd over a ssh" + ewarn "connection is generally safe." + fi + done + + if [[ -n ${show_ssl_warning} ]]; then + elog "Be aware that by disabling openssl support in openssh, the server and clients" + elog "no longer support dss/rsa/ecdsa keys. You will need to generate ed25519 keys" + elog "and update all clients/servers that utilize them." + fi + + if use hpn && [[ -n "${HPN_DISABLE_MTAES}" ]] ; then + elog "" + elog "HPN's multi-threaded AES CTR cipher is currently known to be broken" + elog "and therefore disabled at runtime per default." + elog "Make sure your sshd_config is up to date and contains" + elog "" + elog " DisableMTAES yes" + elog "" + elog "Otherwise you maybe unable to connect to this sshd using any AES CTR cipher." + elog "" + fi +} diff --git a/net-misc/openssh/openssh-8.8_p1.ebuild b/net-misc/openssh/openssh-8.8_p1.ebuild deleted file mode 100644 index adc52d405c7b..000000000000 --- a/net-misc/openssh/openssh-8.8_p1.ebuild +++ /dev/null @@ -1,513 +0,0 @@ -# Copyright 1999-2021 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -EAPI=7 - -inherit user-info flag-o-matic autotools pam systemd toolchain-funcs - -# Make it more portable between straight releases -# and _p? releases. -PARCH=${P/_} - -# PV to USE for HPN patches -#HPN_PV="${PV^^}" -HPN_PV="8.5_P1" - -HPN_VER="15.2" -HPN_PATCHES=( - ${PN}-${HPN_PV/./_}-hpn-DynWinNoneSwitch-${HPN_VER}.diff - ${PN}-${HPN_PV/./_}-hpn-AES-CTR-${HPN_VER}.diff - ${PN}-${HPN_PV/./_}-hpn-PeakTput-${HPN_VER}.diff -) - -SCTP_VER="1.2" SCTP_PATCH="${PARCH}-sctp-${SCTP_VER}.patch.xz" -#X509_VER="13.2.1" X509_PATCH="${PARCH}+x509-${X509_VER}.diff.gz" - -DESCRIPTION="Port of OpenBSD's free SSH release" -HOMEPAGE="https://www.openssh.com/" -SRC_URI="mirror://openbsd/OpenSSH/portable/${PARCH}.tar.gz - ${SCTP_PATCH:+sctp? ( https://dev.gentoo.org/~chutzpah/dist/openssh/${SCTP_PATCH} )} - ${HPN_VER:+hpn? ( $(printf "mirror://sourceforge/project/hpnssh/Patches/HPN-SSH%%20${HPN_VER/./v}%%20${HPN_PV/_P/p}/%s\n" "${HPN_PATCHES[@]}") )} - ${X509_PATCH:+X509? ( https://roumenpetrov.info/openssh/x509-${X509_VER}/${X509_PATCH} )} -" -S="${WORKDIR}/${PARCH}" - -LICENSE="BSD GPL-2" -SLOT="0" -KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris" -# Probably want to drop ssl defaulting to on in a future version. -IUSE="abi_mips_n32 audit bindist debug hpn kerberos kernel_linux ldns libedit livecd pam +pie +scp sctp security-key selinux +ssl static test X X509 xmss" - -RESTRICT="!test? ( test )" - -REQUIRED_USE=" - hpn? ( ssl ) - ldns? ( ssl ) - pie? ( !static ) - static? ( !kerberos !pam ) - X509? ( !sctp ssl !xmss ) - xmss? ( ssl ) - test? ( ssl ) -" - -# tests currently fail with XMSS -REQUIRED_USE+="test? ( !xmss )" - -LIB_DEPEND=" - audit? ( sys-process/audit[static-libs(+)] ) - ldns? ( - net-libs/ldns[static-libs(+)] - !bindist? ( net-libs/ldns[ecdsa,ssl(+)] ) - bindist? ( net-libs/ldns[-ecdsa,ssl(+)] ) - ) - libedit? ( dev-libs/libedit:=[static-libs(+)] ) - sctp? ( net-misc/lksctp-tools[static-libs(+)] ) - security-key? ( >=dev-libs/libfido2-1.5.0:=[static-libs(+)] ) - selinux? ( >=sys-libs/libselinux-1.28[static-libs(+)] ) - ssl? ( - || ( - ( - >=dev-libs/openssl-1.0.1:0[bindist(-)=] - =dev-libs/openssl-1.1.0g:0[bindist(-)=] - ) - dev-libs/openssl:0=[static-libs(+)] - ) - virtual/libcrypt:=[static-libs(+)] - >=sys-libs/zlib-1.2.3:=[static-libs(+)] -" -RDEPEND=" - acct-group/sshd - acct-user/sshd - !static? ( ${LIB_DEPEND//\[static-libs(+)]} ) - pam? ( sys-libs/pam ) - kerberos? ( virtual/krb5 ) -" -DEPEND="${RDEPEND} - virtual/os-headers - kernel_linux? ( !prefix-guest? ( >=sys-kernel/linux-headers-5.1 ) ) - static? ( ${LIB_DEPEND} ) -" -RDEPEND="${RDEPEND} - pam? ( >=sys-auth/pambase-20081028 ) - userland_GNU? ( !prefix? ( sys-apps/shadow ) ) - X? ( x11-apps/xauth ) -" -BDEPEND=" - virtual/pkgconfig - sys-devel/autoconf -" - -pkg_pretend() { - # this sucks, but i'd rather have people unable to `emerge -u openssh` - # than not be able to log in to their server any more - maybe_fail() { [[ -z ${!2} ]] && echo "$1" ; } - local fail=" - $(use hpn && maybe_fail hpn HPN_VER) - $(use sctp && maybe_fail sctp SCTP_PATCH) - $(use X509 && maybe_fail X509 X509_PATCH) - " - fail=$(echo ${fail}) - if [[ -n ${fail} ]] ; then - eerror "Sorry, but this version does not yet support features" - eerror "that you requested: ${fail}" - eerror "Please mask ${PF} for now and check back later:" - eerror " # echo '=${CATEGORY}/${PF}' >> /etc/portage/package.mask" - die "Missing requested third party patch." - fi - - # Make sure people who are using tcp wrappers are notified of its removal. #531156 - if grep -qs '^ *sshd *:' "${EROOT}"/etc/hosts.{allow,deny} ; then - ewarn "Sorry, but openssh no longer supports tcp-wrappers, and it seems like" - ewarn "you're trying to use it. Update your ${EROOT}/etc/hosts.{allow,deny} please." - fi -} - -src_prepare() { - sed -i \ - -e "/_PATH_XAUTH/s:/usr/X11R6/bin/xauth:${EPREFIX}/usr/bin/xauth:" \ - pathnames.h || die - - # don't break .ssh/authorized_keys2 for fun - sed -i '/^AuthorizedKeysFile/s:^:#:' sshd_config || die - - eapply "${FILESDIR}"/${PN}-7.9_p1-include-stdlib.patch - eapply "${FILESDIR}"/${PN}-8.7_p1-GSSAPI-dns.patch #165444 integrated into gsskex - eapply "${FILESDIR}"/${PN}-6.7_p1-openssl-ignore-status.patch - eapply "${FILESDIR}"/${PN}-7.5_p1-disable-conch-interop-tests.patch - eapply "${FILESDIR}"/${PN}-8.0_p1-fix-putty-tests.patch - eapply "${FILESDIR}"/${PN}-8.0_p1-deny-shmget-shmat-shmdt-in-preauth-privsep-child.patch - - [[ -d ${WORKDIR}/patches ]] && eapply "${WORKDIR}"/patches - - local PATCHSET_VERSION_MACROS=() - - if use X509 ; then - pushd "${WORKDIR}" &>/dev/null || die - eapply "${FILESDIR}/${P}-X509-glue-"${X509_VER}".patch" - popd &>/dev/null || die - - eapply "${WORKDIR}"/${X509_PATCH%.*} - - # We need to patch package version or any X.509 sshd will reject our ssh client - # with "userauth_pubkey: could not parse key: string is too large [preauth]" - # error - einfo "Patching package version for X.509 patch set ..." - sed -i \ - -e "s/^AC_INIT(\[OpenSSH\], \[Portable\]/AC_INIT([OpenSSH], [${X509_VER}]/" \ - "${S}"/configure.ac || die "Failed to patch package version for X.509 patch" - - einfo "Patching version.h to expose X.509 patch set ..." - sed -i \ - -e "/^#define SSH_PORTABLE.*/a #define SSH_X509 \"-PKIXSSH-${X509_VER}\"" \ - "${S}"/version.h || die "Failed to sed-in X.509 patch version" - PATCHSET_VERSION_MACROS+=( 'SSH_X509' ) - fi - - if use sctp ; then - eapply "${WORKDIR}"/${SCTP_PATCH%.*} - - einfo "Patching version.h to expose SCTP patch set ..." - sed -i \ - -e "/^#define SSH_PORTABLE/a #define SSH_SCTP \"-sctp-${SCTP_VER}\"" \ - "${S}"/version.h || die "Failed to sed-in SCTP patch version" - PATCHSET_VERSION_MACROS+=( 'SSH_SCTP' ) - - einfo "Disabling known failing test (cfgparse) caused by SCTP patch ..." - sed -i \ - -e "/\t\tcfgparse \\\/d" \ - "${S}"/regress/Makefile || die "Failed to disable known failing test (cfgparse) caused by SCTP patch" - fi - - if use hpn ; then - local hpn_patchdir="${T}/${P}-hpn${HPN_VER}" - mkdir "${hpn_patchdir}" || die - cp $(printf -- "${DISTDIR}/%s\n" "${HPN_PATCHES[@]}") "${hpn_patchdir}" || die - pushd "${hpn_patchdir}" &>/dev/null || die - eapply "${FILESDIR}"/${PN}-8.7_p1-hpn-${HPN_VER}-glue.patch - use X509 && eapply "${FILESDIR}"/${PN}-8.7_p1-hpn-${HPN_VER}-X509-glue.patch - use sctp && eapply "${FILESDIR}"/${PN}-8.5_p1-hpn-${HPN_VER}-sctp-glue.patch - popd &>/dev/null || die - - eapply "${hpn_patchdir}" - - use X509 || eapply "${FILESDIR}/openssh-8.6_p1-hpn-version.patch" - - einfo "Patching Makefile.in for HPN patch set ..." - sed -i \ - -e "/^LIBS=/ s/\$/ -lpthread/" \ - "${S}"/Makefile.in || die "Failed to patch Makefile.in" - - einfo "Patching version.h to expose HPN patch set ..." - sed -i \ - -e "/^#define SSH_PORTABLE/a #define SSH_HPN \"-hpn${HPN_VER//./v}\"" \ - "${S}"/version.h || die "Failed to sed-in HPN patch version" - PATCHSET_VERSION_MACROS+=( 'SSH_HPN' ) - - if [[ -n "${HPN_DISABLE_MTAES}" ]] ; then - einfo "Disabling known non-working MT AES cipher per default ..." - - cat > "${T}"/disable_mtaes.conf <<- EOF - - # HPN's Multi-Threaded AES CTR cipher is currently known to be broken - # and therefore disabled per default. - DisableMTAES yes - EOF - sed -i \ - -e "/^#HPNDisabled.*/r ${T}/disable_mtaes.conf" \ - "${S}"/sshd_config || die "Failed to disabled MT AES ciphers in sshd_config" - - sed -i \ - -e "/AcceptEnv.*_XXX_TEST$/a \\\tDisableMTAES\t\tyes" \ - "${S}"/regress/test-exec.sh || die "Failed to disable MT AES ciphers in test config" - fi - fi - - if use X509 || use sctp || use hpn ; then - einfo "Patching sshconnect.c to use SSH_RELEASE in send_client_banner() ..." - sed -i \ - -e "s/PROTOCOL_MAJOR_2, PROTOCOL_MINOR_2, SSH_VERSION/PROTOCOL_MAJOR_2, PROTOCOL_MINOR_2, SSH_RELEASE/" \ - "${S}"/sshconnect.c || die "Failed to patch send_client_banner() to use SSH_RELEASE (sshconnect.c)" - - einfo "Patching sshd.c to use SSH_RELEASE in sshd_exchange_identification() ..." - sed -i \ - -e "s/PROTOCOL_MAJOR_2, PROTOCOL_MINOR_2, SSH_VERSION/PROTOCOL_MAJOR_2, PROTOCOL_MINOR_2, SSH_RELEASE/" \ - "${S}"/sshd.c || die "Failed to patch sshd_exchange_identification() to use SSH_RELEASE (sshd.c)" - - einfo "Patching version.h to add our patch sets to SSH_RELEASE ..." - sed -i \ - -e "s/^#define SSH_RELEASE.*/#define SSH_RELEASE SSH_VERSION SSH_PORTABLE ${PATCHSET_VERSION_MACROS[*]}/" \ - "${S}"/version.h || die "Failed to patch SSH_RELEASE (version.h)" - fi - - sed -i \ - -e "/#UseLogin no/d" \ - "${S}"/sshd_config || die "Failed to remove removed UseLogin option (sshd_config)" - - eapply_user #473004 - - # These tests are currently incompatible with PORTAGE_TMPDIR/sandbox - sed -e '/\t\tpercent \\/ d' \ - -i regress/Makefile || die - - tc-export PKG_CONFIG - local sed_args=( - -e "s:-lcrypto:$(${PKG_CONFIG} --libs openssl):" - # Disable PATH reset, trust what portage gives us #254615 - -e 's:^PATH=/:#PATH=/:' - # Disable fortify flags ... our gcc does this for us - -e 's:-D_FORTIFY_SOURCE=2::' - ) - - # The -ftrapv flag ICEs on hppa #505182 - use hppa && sed_args+=( - -e '/CFLAGS/s:-ftrapv:-fdisable-this-test:' - -e '/OSSH_CHECK_CFLAG_LINK.*-ftrapv/d' - ) - # _XOPEN_SOURCE causes header conflicts on Solaris - [[ ${CHOST} == *-solaris* ]] && sed_args+=( - -e 's/-D_XOPEN_SOURCE//' - ) - sed -i "${sed_args[@]}" configure{.ac,} || die - - eautoreconf -} - -src_configure() { - addwrite /dev/ptmx - - use debug && append-cppflags -DSANDBOX_SECCOMP_FILTER_DEBUG - use static && append-ldflags -static - use xmss && append-cflags -DWITH_XMSS - - if [[ ${CHOST} == *-solaris* ]] ; then - # Solaris' glob.h doesn't have things like GLOB_TILDE, configure - # doesn't check for this, so force the replacement to be put in - # place - append-cppflags -DBROKEN_GLOB - fi - - # use replacement, RPF_ECHO_ON doesn't exist here - [[ ${CHOST} == *-darwin* ]] && export ac_cv_func_readpassphrase=no - - local myconf=( - --with-ldflags="${LDFLAGS}" - --disable-strip - --with-pid-dir="${EPREFIX}"$(usex kernel_linux '' '/var')/run - --sysconfdir="${EPREFIX}"/etc/ssh - --libexecdir="${EPREFIX}"/usr/$(get_libdir)/misc - --datadir="${EPREFIX}"/usr/share/openssh - --with-privsep-path="${EPREFIX}"/var/empty - --with-privsep-user=sshd - $(use_with audit audit linux) - $(use_with kerberos kerberos5 "${EPREFIX}"/usr) - # We apply the sctp patch conditionally, so can't pass --without-sctp - # unconditionally else we get unknown flag warnings. - $(use sctp && use_with sctp) - $(use_with ldns ldns "${EPREFIX}"/usr) - $(use_with libedit) - $(use_with pam) - $(use_with pie) - $(use_with selinux) - $(usex X509 '' "$(use_with security-key security-key-builtin)") - $(use_with ssl openssl) - $(use_with ssl md5-passwords) - $(use_with ssl ssl-engine) - $(use_with !elibc_Cygwin hardening) #659210 - ) - - if use elibc_musl; then - # stackprotect is broken on musl x86 and ppc - if use x86 || use ppc; then - myconf+=( --without-stackprotect ) - fi - - # musl defines bogus values for UTMP_FILE and WTMP_FILE - # https://bugs.gentoo.org/753230 - myconf+=( --disable-utmp --disable-wtmp ) - fi - - # The seccomp sandbox is broken on x32, so use the older method for now. #553748 - use amd64 && [[ ${ABI} == "x32" ]] && myconf+=( --with-sandbox=rlimit ) - - econf "${myconf[@]}" -} - -src_test() { - local t skipped=() failed=() passed=() - local tests=( interop-tests compat-tests ) - - local shell=$(egetshell "${UID}") - if [[ ${shell} == */nologin ]] || [[ ${shell} == */false ]] ; then - elog "Running the full OpenSSH testsuite requires a usable shell for the 'portage'" - elog "user, so we will run a subset only." - skipped+=( tests ) - else - tests+=( tests ) - fi - - # It will also attempt to write to the homedir .ssh. - local sshhome=${T}/homedir - mkdir -p "${sshhome}"/.ssh - for t in "${tests[@]}" ; do - # Some tests read from stdin ... - HOMEDIR="${sshhome}" HOME="${sshhome}" TMPDIR="${T}" \ - SUDO="" SSH_SK_PROVIDER="" \ - TEST_SSH_UNSAFE_PERMISSIONS=1 \ - emake -k -j1 ${t} > "${ED}"/etc/ssh/sshd_config - - # Allow client to pass locale environment variables. #367017 - AcceptEnv ${locale_vars[*]} - - # Allow client to pass COLORTERM to match TERM. #658540 - AcceptEnv COLORTERM - EOF - - # Then the client config. - cat <<-EOF >> "${ED}"/etc/ssh/ssh_config - - # Send locale environment variables. #367017 - SendEnv ${locale_vars[*]} - - # Send COLORTERM to match TERM. #658540 - SendEnv COLORTERM - EOF - - if use pam ; then - sed -i \ - -e "/^#UsePAM /s:.*:UsePAM yes:" \ - -e "/^#PasswordAuthentication /s:.*:PasswordAuthentication no:" \ - -e "/^#PrintMotd /s:.*:PrintMotd no:" \ - -e "/^#PrintLastLog /s:.*:PrintLastLog no:" \ - "${ED}"/etc/ssh/sshd_config || die - fi - - if use livecd ; then - sed -i \ - -e '/^#PermitRootLogin/c# Allow root login with password on livecds.\nPermitRootLogin Yes' \ - "${ED}"/etc/ssh/sshd_config || die - fi -} - -src_install() { - emake install-nokeys DESTDIR="${D}" - fperms 600 /etc/ssh/sshd_config - dobin contrib/ssh-copy-id - newinitd "${FILESDIR}"/sshd-r1.initd sshd - newconfd "${FILESDIR}"/sshd-r1.confd sshd - - if use pam; then - newpamd "${FILESDIR}"/sshd.pam_include.2 sshd - fi - - tweak_ssh_configs - - doman contrib/ssh-copy-id.1 - dodoc CREDITS OVERVIEW README* TODO sshd_config - use hpn && dodoc HPN-README - use X509 || dodoc ChangeLog - - diropts -m 0700 - dodir /etc/skel/.ssh - - # https://bugs.gentoo.org/733802 - if ! use scp; then - rm -f "${ED}"/usr/{bin/scp,share/man/man1/scp.1} \ - || die "failed to remove scp" - fi - - rmdir "${ED}"/var/empty || die - - systemd_dounit "${FILESDIR}"/sshd.{service,socket} - systemd_newunit "${FILESDIR}"/sshd_at.service 'sshd@.service' -} - -pkg_preinst() { - if ! use ssl && has_version "${CATEGORY}/${PN}[ssl]"; then - show_ssl_warning=1 - fi -} - -pkg_postinst() { - local old_ver - for old_ver in ${REPLACING_VERSIONS}; do - if ver_test "${old_ver}" -lt "5.8_p1"; then - elog "Starting with openssh-5.8p1, the server will default to a newer key" - elog "algorithm (ECDSA). You are encouraged to manually update your stored" - elog "keys list as servers update theirs. See ssh-keyscan(1) for more info." - fi - if ver_test "${old_ver}" -lt "7.0_p1"; then - elog "Starting with openssh-6.7, support for USE=tcpd has been dropped by upstream." - elog "Make sure to update any configs that you might have. Note that xinetd might" - elog "be an alternative for you as it supports USE=tcpd." - fi - if ver_test "${old_ver}" -lt "7.1_p1"; then #557388 #555518 - elog "Starting with openssh-7.0, support for ssh-dss keys were disabled due to their" - elog "weak sizes. If you rely on these key types, you can re-enable the key types by" - elog "adding to your sshd_config or ~/.ssh/config files:" - elog " PubkeyAcceptedKeyTypes=+ssh-dss" - elog "You should however generate new keys using rsa or ed25519." - - elog "Starting with openssh-7.0, the default for PermitRootLogin changed from 'yes'" - elog "to 'prohibit-password'. That means password auth for root users no longer works" - elog "out of the box. If you need this, please update your sshd_config explicitly." - fi - if ver_test "${old_ver}" -lt "7.6_p1"; then - elog "Starting with openssh-7.6p1, openssh upstream has removed ssh1 support entirely." - elog "Furthermore, rsa keys with less than 1024 bits will be refused." - fi - if ver_test "${old_ver}" -lt "7.7_p1"; then - elog "Starting with openssh-7.7p1, we no longer patch openssh to provide LDAP functionality." - elog "Install sys-auth/ssh-ldap-pubkey and use OpenSSH's \"AuthorizedKeysCommand\" option" - elog "if you need to authenticate against LDAP." - elog "See https://wiki.gentoo.org/wiki/SSH/LDAP_migration for more details." - fi - if ver_test "${old_ver}" -lt "8.2_p1"; then - ewarn "After upgrading to openssh-8.2p1 please restart sshd, otherwise you" - ewarn "will not be able to establish new sessions. Restarting sshd over a ssh" - ewarn "connection is generally safe." - fi - done - - if [[ -n ${show_ssl_warning} ]]; then - elog "Be aware that by disabling openssl support in openssh, the server and clients" - elog "no longer support dss/rsa/ecdsa keys. You will need to generate ed25519 keys" - elog "and update all clients/servers that utilize them." - fi - - if use hpn && [[ -n "${HPN_DISABLE_MTAES}" ]] ; then - elog "" - elog "HPN's multi-threaded AES CTR cipher is currently known to be broken" - elog "and therefore disabled at runtime per default." - elog "Make sure your sshd_config is up to date and contains" - elog "" - elog " DisableMTAES yes" - elog "" - elog "Otherwise you maybe unable to connect to this sshd using any AES CTR cipher." - elog "" - fi -} diff --git a/net-misc/s3cmd/Manifest b/net-misc/s3cmd/Manifest index e16e3f3fc676..700c6185c9b0 100644 --- a/net-misc/s3cmd/Manifest +++ b/net-misc/s3cmd/Manifest @@ -3,5 +3,5 @@ DIST s3cmd-2.1.0.tar.gz 127120 BLAKE2B 4282f616eb7ca97fa0d529a2c5acc1359f88888d1 DIST s3cmd-2.2.0.tar.gz 134390 BLAKE2B d578aa13a7b8599c70dc6daa5d21950331b0b07278479d1f3947e6be78a9bd108c7f8ea6f198fa518dfa6ad44d907d979a29d5d9f1a15e4f73484fcebb118225 SHA512 07b2410554233b435b3476e09fd14354abaa19374cc1211f861147023470599483c18d213a44b5c9aee32d71b5a4bc5d9ce25721fb077cbadfd208d457e13845 EBUILD s3cmd-2.1.0-r1.ebuild 620 BLAKE2B 9efd86f09d044b2a1f5d272da0a0b2f64084ac9085307f75696d10fee99a09385bdbf02597188fc66f4c75328bff67ee67832cee33d0d1037198cff612d009ae SHA512 15bd3d78cc1b72079c149c09f3f2df30a773e0a6f00c100fadf3f1381217ba08f602d9423bf31da0f70baf861f13762df947da3af511a66ebef89504ee9de419 EBUILD s3cmd-2.1.0.ebuild 548 BLAKE2B e3ed8df8e2c54fa963b625bd9394a89dc326403470eaac824e64d6bd2b912dee1a7bc3bdc46a0a488304a86e2f472abe0ac8e6a1163df128cffc80b16e4d37e5 SHA512 da0b560f6ed2acf6d7cd00c6f8c8bbb825f32e49f25e6f05503928e0bbbec7c6803b39cae35ff17e5a75bc9a6896015a0e5d713eb1ee6c3ebb08ef730d57580b -EBUILD s3cmd-2.2.0.ebuild 700 BLAKE2B a1c71ad076aeb5b0df8545ae94b9f888d621a0113431ae1606aaef744996532c2b3603c22eec323e68de1e4502e73ab19bfd1069f5a03797fe1cd1bb4028ddc9 SHA512 448660d4a96cf58156b7fcd84b139937d6668d8c15a53cf98c939dafdb555d786a62d4bb57d201eaf444870f327be212392a8f8623c1672a4bd3e82b0bc5f314 -MISC metadata.xml 740 BLAKE2B aaef2fbdbec728e8f2bfd822f7d1682d8dddaf2bb18441f2dba6686bf016ba74cee34f2f4869ef9bd6e08a687039aeb144a0803615716104a1286a0e0d744545 SHA512 6c49dba068f4033ce09feaa822254d6d004784ff383ac5de95d0d9054f349db6193d8e197e2ed062f984fde68fd5b087616d108d645e3648f32080754220727b +EBUILD s3cmd-2.2.0.ebuild 678 BLAKE2B 890e35e2507d312073a6e20db0ad41ad04f14241e0dee7660b20ce5468867d9a8d073c1f8007330ccaae78686a760a95f7543485708064b1138fa79d6bea7c73 SHA512 2d43d5691e51c2221b407d2347dc851e3f2bebbaa25b1c61fa751623c2bcec4c00d48b95df9f3293afb164bf53c27d8f2b168b6dfdc06d85051d4802c9528ad2 +MISC metadata.xml 795 BLAKE2B f1d85ae68ca459fbf61bc0cfb20da9e3d5380f33f8ebbac3335ed7432e50a44612238331ceb725c6e6ec116a19a6cf6d41bfc4895f9a892e698dc2ccad185d51 SHA512 01531459d573097f668c7c584732f17bdff1dde9d49b2e9c424134e346f0b430957a64bfb4075ef41b08ca1f86d5b6a6b5285de81f9f1f9d3d52bb081ded06eb diff --git a/net-misc/s3cmd/metadata.xml b/net-misc/s3cmd/metadata.xml index b42921466a5b..9b2db9ea9700 100644 --- a/net-misc/s3cmd/metadata.xml +++ b/net-misc/s3cmd/metadata.xml @@ -19,6 +19,7 @@ s3tools + s3tools/s3cmd diff --git a/net-misc/s3cmd/s3cmd-2.2.0.ebuild b/net-misc/s3cmd/s3cmd-2.2.0.ebuild index e69e258d6648..8929a783c3fb 100644 --- a/net-misc/s3cmd/s3cmd-2.2.0.ebuild +++ b/net-misc/s3cmd/s3cmd-2.2.0.ebuild @@ -3,7 +3,7 @@ EAPI=7 -PYTHON_COMPAT=( python3_7 python3_8 python3_9 ) +PYTHON_COMPAT=( python3_{8..10} ) PYTHON_REQ_USE="xml" inherit distutils-r1 @@ -11,6 +11,7 @@ inherit distutils-r1 DESCRIPTION="Command line client for Amazon S3" HOMEPAGE="https://s3tools.org/s3cmd" SRC_URI="mirror://sourceforge/s3tools/${P/_/-}.tar.gz" +S="${WORKDIR}/${P/_/-}" LICENSE="GPL-2" SLOT="0" @@ -24,11 +25,7 @@ RDEPEND=" dev-python/python-dateutil[${PYTHON_USEDEP}] " -S="${WORKDIR}/${P/_/-}" - -PATCHES=( ) - src_install() { distutils-r1_src_install - rm -rf "${ED}/usr/share/doc/packages" + rm -r "${ED}/usr/share/doc/packages" || die } diff --git a/net-misc/seafile/Manifest b/net-misc/seafile/Manifest index fd029001a9c8..53051ca5b77d 100644 --- a/net-misc/seafile/Manifest +++ b/net-misc/seafile/Manifest @@ -3,5 +3,5 @@ DIST seafile-8.0.2.tar.gz 732341 BLAKE2B 29bf3187a37c0f01261d3afba996e1165ddebe0 DIST seafile-8.0.3.tar.gz 738066 BLAKE2B 302de3b5a4f465429955d2819c7b43ddb305cccc76cc7cf67885a75747ec5dcad85d17f94975abdd3b3d54d49a5d9ea05ab7947c3a2b84764b50fe5fb10e7636 SHA512 c51edfc094aa509c730b1b3f4ceb911461081689c8cc2564fb866cddaa54c445d9ad12ca9e4e90e98b771eafc6b6e1496e052538a2475a03642cdceb9212115a EBUILD seafile-8.0.1-r1.ebuild 1103 BLAKE2B d42714f2b4909223f994678edfe2cb9ec032f50592575d5a22247a38cb1b02094f3650595f04d75afdbfe8300c2af9ec26975427c98b90516994eccdceb9f803 SHA512 7521111e276a83f550f3e379988c04a70510d4ed339afab5c066f166d8cbc236809edd49d6f24e10e0aa63958c6627fce977433bcb034c81dd83df6444bb67f4 EBUILD seafile-8.0.2-r2.ebuild 1213 BLAKE2B 5614d818e2cf23103c5a1db6b0733da04a1abd7498debf42b3ec94111f24897dba5dfda293afacea167f5c5392ddf5af2de40886bac66c0ea7cb8bf49f175582 SHA512 d44eda5ac83330359c3d0156bc5b10001a28be620d213df701ab66679da7bb039e6685d2ea1486f4338583a10da935cab4ff074a04f7afcf8e38979ae4550956 -EBUILD seafile-8.0.3-r3.ebuild 1267 BLAKE2B 36e73ad7e54f736245ffbb1236eb06d5aa186c1c0ed3e81bbc484132d9700c874d6bff4b26e250b432b02fb4c766946fc10bb9a2b812ce784da0482590d03eae SHA512 056cff3ba8bc18c7be70c199e29e2a8f3cfb2c32d690d11daaf13e2a2303754dfb8680fb16b8b19a42a0813bb0f72ddd6d7f134fa97296d8ba0d7d32f68f0f2e +EBUILD seafile-8.0.3-r3.ebuild 1267 BLAKE2B 60775a827c4b7aacc32377f2700e2710a9be3916610926776b9786d8268e30c3d089b09e7701e1db3dbbe0126504d036adc96cf1405ad292f1b39e6ed5bb402a SHA512 f97a40f09f5aca49d353563d65ecb418c5f920f544f0153ce25d10712a85af86427abb29c44bf6a39b31b5e067bf25d78d500649b3a041eada50e99d5fc17736 MISC metadata.xml 478 BLAKE2B 2c1506537c1d19f3aa9f731cecf2f53181bdfb92c33d3100e8338e778e222b396ebfd5c7f5745e133583615ca61be625787792d39d3772cede50f8b923ab1a4f SHA512 20620dd548eec869bb219011b157d821cc3fd939602d2662c26e1148582c2a593375b36085fae939880e01d76a251e91f35b9ad657cbad0a1e27bdfdc46b932c diff --git a/net-misc/seafile/seafile-8.0.3-r3.ebuild b/net-misc/seafile/seafile-8.0.3-r3.ebuild index a73082ad7ff6..296b36c5b240 100644 --- a/net-misc/seafile/seafile-8.0.3-r3.ebuild +++ b/net-misc/seafile/seafile-8.0.3-r3.ebuild @@ -3,7 +3,7 @@ EAPI=7 -PYTHON_COMPAT=( python3_{8..9} ) +PYTHON_COMPAT=( python3_{8..10} ) RELEASE_COMMIT="303080b54859d0fc55ce693902c95f9620876c1b" @@ -12,6 +12,7 @@ inherit autotools python-single-r1 vala DESCRIPTION="File syncing and sharing software with file encryption and group sharing" HOMEPAGE="https://www.seafile.com/ https://github.com/haiwen/seafile/" SRC_URI="https://github.com/haiwen/${PN}/archive/${RELEASE_COMMIT}.tar.gz -> ${P}.tar.gz" +S="${WORKDIR}/${PN}-${RELEASE_COMMIT}" LICENSE="GPL-2+-with-openssl-exception" SLOT="0" @@ -34,8 +35,6 @@ DEPEND="${RDEPEND}" BDEPEND="${PYTHON_DEPS} $(vala_depend)" -S="${WORKDIR}/${PN}-${RELEASE_COMMIT}" - src_prepare() { default eautoreconf diff --git a/net-misc/zssh/Manifest b/net-misc/zssh/Manifest index b1db6472881e..00d455e01489 100644 --- a/net-misc/zssh/Manifest +++ b/net-misc/zssh/Manifest @@ -1,4 +1,4 @@ -AUX zssh-1.5a-gentoo-include.diff 321 BLAKE2B 3daa9a3da6a58f90d176d0d68c054055f349530618179215ed5bfa49fc4262b0bc4d7d72608ca3b3050ec9ce870f23b8665c8f9e36fc18459044ab0ddb27e3e8 SHA512 e26c32832f537311f6804936a2ca88daf403ec5e8d263f3a84f29fadae68b0d35a514c97348867bbab584cbc845b1dfc5fb83fda7edad0714091e11165b965a2 +AUX zssh-1.5a-gentoo-include.diff 320 BLAKE2B b5ba88091ba1804f22f735ef3d2229a70f24bdddb11a02c128d2c31cccf44a79b532e2455b4f03fc5e273889716e293c3dac2c7a33cf838b8350eed68e752f1d SHA512 447a1aeb095907473ef18a6b2bc6a1a4bfc9baf7ed532382a636ea044667c2f7cbd86c8d0e20ffea7c9751cb9c50249d3085bf65aee7ab7fab5362aae27d8ba5 DIST zssh-1.5c.tgz 344964 BLAKE2B 35b41125ec7a49cae741666516b17e3f0b22b159d0fc2b490565e8eaef366bb4b418895ad028822647a4b946577b2ef9dc588e9dbfe657ce7c1c8300207ca603 SHA512 799ce3bbea5e94a800f61e6c38879746a579992396304861b7584b6bad967214b811b6bf9aecb36d9d60a15857377cb2fee80b495ad69778903fc45593efeebd -EBUILD zssh-1.5c-r1.ebuild 890 BLAKE2B ff027f975af25894c6257e51eaad9f34650252f4bced649e144d850df72ee4964b61ec4a6201eb92e95a83314cfe66cc7de19b0fc318f954b180c62c790081ec SHA512 121537bf3389b34b337a9e49363fbb8912d5d21d63a9d156f4c967b17d9b2a96e19ac74f841115cebae27cf6c2fc1840b518dff57b059bf40a6bae286c6d46fa +EBUILD zssh-1.5c-r1.ebuild 883 BLAKE2B 6eab2383d905334dd55dad805b95112622fef574bf83833c74c29eb1ea5838446ae4e21044aa0e9d2057075b8ab51a0a8a0af5d79d71590418a1cbe7d381d50c SHA512 4804b107c67ae6e8584c9ae44048509bef2fe8d4f72e6c84d8aa724bdf2069a129e37d7e0bc51f1979f9265565a3d589972a2dbcf588833f0d900d694f9b0b35 MISC metadata.xml 430 BLAKE2B a537a0f688131c7a1ccfe1360eea435153846ec4fb24a347c5a9998c189b921a3118df57b62c752b6d84b118d8034460040fd4b43d0606f4558deedca71ec448 SHA512 8b1dcb64cd75cd11e5fcca54dfd46093808970c319ec5b548d68f6dbe4536fa18d82a588bfe7289a8da1e17013cb825a095aff6ecd894424e0db81e15f9dbca4 diff --git a/net-misc/zssh/files/zssh-1.5a-gentoo-include.diff b/net-misc/zssh/files/zssh-1.5a-gentoo-include.diff index 4fc670ac8055..d4a6639002a9 100644 --- a/net-misc/zssh/files/zssh-1.5a-gentoo-include.diff +++ b/net-misc/zssh/files/zssh-1.5a-gentoo-include.diff @@ -1,5 +1,5 @@ ---- Makefile.in.orig Fri Sep 20 10:34:40 2002 -+++ Makefile.in Fri Sep 20 10:34:56 2002 +--- a/Makefile.in Fri Sep 20 10:34:40 2002 ++++ b/Makefile.in Fri Sep 20 10:34:56 2002 @@ -19,7 +19,7 @@ AR = @AR@ RANLIB = @RANLIB@ diff --git a/net-misc/zssh/zssh-1.5c-r1.ebuild b/net-misc/zssh/zssh-1.5c-r1.ebuild index c17f7e9ef792..352fa1c3cebc 100644 --- a/net-misc/zssh/zssh-1.5c-r1.ebuild +++ b/net-misc/zssh/zssh-1.5c-r1.ebuild @@ -1,9 +1,9 @@ # Copyright 1999-2021 Gentoo Authors # Distributed under the terms of the GNU General Public License v2 -EAPI=5 +EAPI=8 -inherit epatch toolchain-funcs +inherit toolchain-funcs DESCRIPTION="An ssh wrapper enabling zmodem up/download in ssh" HOMEPAGE="http://zssh.sourceforge.net/" @@ -23,12 +23,12 @@ RDEPEND="${DEPEND} net-dialup/lrzsz" src_prepare() { - epatch "${FILESDIR}/${PN}-1.5a-gentoo-include.diff" + eapply "${FILESDIR}/${PN}-1.5a-gentoo-include.diff" # Fix linking with sys-libs/ncurses[tinfo], bug #527036 sed -i -e 's/-ltermcap/-ltinfo/g' configure || die - epatch_user + eapply_user } src_configure() { -- cgit v1.2.3