From fc68863e718441fe15bb0dea2ca03ea06a6f558d Mon Sep 17 00:00:00 2001 From: V3n3RiX Date: Mon, 25 Mar 2024 19:01:08 +0000 Subject: gentoo auto-resync : 25:03:2024 - 19:01:08 --- net-misc/Manifest.gz | Bin 54968 -> 54960 bytes net-misc/openssh/Manifest | 2 +- net-misc/openssh/openssh-9.7_p1-r2.ebuild | 404 +++++++++++++++++++++++++ net-misc/openssh/openssh-9.7_p1.ebuild | 388 ------------------------ net-misc/proxytunnel/Manifest | 6 +- net-misc/proxytunnel/proxytunnel-1.12.0.ebuild | 45 --- net-misc/proxytunnel/proxytunnel-1.12.1.ebuild | 45 --- net-misc/proxytunnel/proxytunnel-1.12.2.ebuild | 45 +++ net-misc/sslh/Manifest | 4 +- net-misc/sslh/sslh-2.1.0.ebuild | 84 ----- net-misc/sslh/sslh-2.1.1.ebuild | 84 +++++ 11 files changed, 538 insertions(+), 569 deletions(-) create mode 100644 net-misc/openssh/openssh-9.7_p1-r2.ebuild delete mode 100644 net-misc/openssh/openssh-9.7_p1.ebuild delete mode 100644 net-misc/proxytunnel/proxytunnel-1.12.0.ebuild delete mode 100644 net-misc/proxytunnel/proxytunnel-1.12.1.ebuild create mode 100644 net-misc/proxytunnel/proxytunnel-1.12.2.ebuild delete mode 100644 net-misc/sslh/sslh-2.1.0.ebuild create mode 100644 net-misc/sslh/sslh-2.1.1.ebuild (limited to 'net-misc') diff --git a/net-misc/Manifest.gz b/net-misc/Manifest.gz index 9dce984ec9f1..c7357007a4c1 100644 Binary files a/net-misc/Manifest.gz and b/net-misc/Manifest.gz differ diff --git a/net-misc/openssh/Manifest b/net-misc/openssh/Manifest index 56935ca511a3..c88aa091efa5 100644 --- a/net-misc/openssh/Manifest +++ b/net-misc/openssh/Manifest @@ -15,5 +15,5 @@ DIST openssh-9.7p1.tar.gz.asc 833 BLAKE2B a95e952be48bd55a07d0a95a49dc06c326816c EBUILD openssh-9.6_p1-r1.ebuild 14012 BLAKE2B 879504585f4ad5de7e93d54535ebd7a3f82a7b1d7cee1661386f0883d32dc0aa56304b5f2c587f6c21569312736d8408ce91eda7e5c55a0f845197f4cf048e25 SHA512 67a580e5c3888a7253216238147fb51bea2b5bffca75bfa69188b5f6d35ae2bbc18afcc621adfae724e08e992488446268e4e0a07b3c34efa33453f3befb2967 EBUILD openssh-9.6_p1-r2.ebuild 14105 BLAKE2B 0dc5ac19fd1edbf1114ce98c576245302fb74b97b2f45a501b14c2dd206d4db9a453195ee50d2d9e8edb91766f6ed3c92965c828b9cd8f60f7a42f519f9cf319 SHA512 794e8ca280500f61e7df99e0a1273cfbfe25b0736b0bcb8f4aa4b5486bb915bece9bc6831559755ef8af9af88ff66ad17201ec7f51db22dda99413642235a142 EBUILD openssh-9.6_p1-r3.ebuild 13891 BLAKE2B 98bc143f607c06d5d8c705b563cad80e1a29ad1d18506e0d5c2b1f13581db2ee09d04f78dcbfb8366d1b0a93c59fad9e0f4cf6b5d7243bae0d973c4b44b3e9b0 SHA512 908304266b8d9329c3ed582a3d2da507f889654f72754da2fe5f1655099517721c786ece314ae8f9802fea8e6e2eeae96c3c0cf8517d4503f5b8c2b6961ac176 -EBUILD openssh-9.7_p1.ebuild 13786 BLAKE2B bfbff35850e942f8e9d50f8f08cec61e78427b4bdbfa3664c69f2455742403c66f36a4f715fee1c29f3938bbfc03121896f37b9681f012662454df29302edaed SHA512 04829d73fdf1374fe6ddeaa892d05d2c03611b7142fbf4c615d8e38264005b37e67711f0219441dd9ab896e28e7a100312fb5362b1d707749edaee7b9757e0f8 +EBUILD openssh-9.7_p1-r2.ebuild 14066 BLAKE2B ada1b60519d235b78468cd5a0ab142e2bc4c897faa14b222025ce376dc4c7e5d6ebff8ac54ee2e8b8628b0a5ea6b5894908b1ae45aac7de11e40d780f009373b SHA512 76da8edc2524f830ffb5abc5a50fc8806f3907e3e197055b472e3c6f27bb3d7166c636616b3863b978a750d393d444559f6c6f690326ca809e6042cf753860f9 MISC metadata.xml 1788 BLAKE2B d04d3030f70f3615522672fa56e684acaa67ddce8d16cce86ba8911fb8fc11ed152be012ecf560427d271868c4841a7422aaa644305947302d3ebab62bdb577d SHA512 bd328e3a33ce04b989149333db5f774f1b52540f12ef83b08b7fcf136ae2a3a9c83bef42c28991d3536249098ca0b9ffd21e583d93599580510d8619e9fd01ca diff --git a/net-misc/openssh/openssh-9.7_p1-r2.ebuild b/net-misc/openssh/openssh-9.7_p1-r2.ebuild new file mode 100644 index 000000000000..3b0c7f2125a0 --- /dev/null +++ b/net-misc/openssh/openssh-9.7_p1-r2.ebuild @@ -0,0 +1,404 @@ +# Copyright 1999-2024 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 + +VERIFY_SIG_OPENPGP_KEY_PATH=/usr/share/openpgp-keys/openssh.org.asc +inherit user-info flag-o-matic autotools optfeature pam systemd toolchain-funcs verify-sig + +# Make it more portable between straight releases +# and _p? releases. +PARCH=${P/_} + +DESCRIPTION="Port of OpenBSD's free SSH release" +HOMEPAGE="https://www.openssh.com/" +SRC_URI=" + mirror://openbsd/OpenSSH/portable/${PARCH}.tar.gz + verify-sig? ( mirror://openbsd/OpenSSH/portable/${PARCH}.tar.gz.asc ) +" +S="${WORKDIR}/${PARCH}" + +LICENSE="BSD GPL-2" +SLOT="0" +KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris" +# Probably want to drop ssl defaulting to on in a future version. +IUSE="abi_mips_n32 audit debug kerberos ldns libedit livecd pam +pie security-key selinux +ssl static test xmss" + +RESTRICT="!test? ( test )" + +REQUIRED_USE=" + ldns? ( ssl ) + pie? ( !static ) + static? ( !kerberos !pam ) + xmss? ( ssl ) + test? ( ssl ) +" + +# tests currently fail with XMSS +REQUIRED_USE+="test? ( !xmss )" + +LIB_DEPEND=" + audit? ( sys-process/audit[static-libs(+)] ) + ldns? ( + net-libs/ldns[static-libs(+)] + net-libs/ldns[ecdsa(+),ssl(+)] + ) + libedit? ( dev-libs/libedit:=[static-libs(+)] ) + security-key? ( >=dev-libs/libfido2-1.5.0:=[static-libs(+)] ) + selinux? ( >=sys-libs/libselinux-1.28[static-libs(+)] ) + ssl? ( >=dev-libs/openssl-1.1.1l-r1:0=[static-libs(+)] ) + virtual/libcrypt:=[static-libs(+)] + >=sys-libs/zlib-1.2.3:=[static-libs(+)] +" +RDEPEND=" + acct-group/sshd + acct-user/sshd + !static? ( ${LIB_DEPEND//\[static-libs(+)]} ) + pam? ( sys-libs/pam ) + kerberos? ( virtual/krb5 ) +" +DEPEND=" + ${RDEPEND} + virtual/os-headers + kernel_linux? ( !prefix-guest? ( >=sys-kernel/linux-headers-5.1 ) ) + static? ( ${LIB_DEPEND} ) +" +RDEPEND=" + ${RDEPEND} + !net-misc/openssh-contrib + pam? ( >=sys-auth/pambase-20081028 ) + !prefix? ( sys-apps/shadow ) +" +BDEPEND=" + dev-build/autoconf + virtual/pkgconfig + verify-sig? ( sec-keys/openpgp-keys-openssh ) +" + +PATCHES=( + "${FILESDIR}/${PN}-9.3_p1-deny-shmget-shmat-shmdt-in-preauth-privsep-child.patch" + "${FILESDIR}/${PN}-9.4_p1-Allow-MAP_NORESERVE-in-sandbox-seccomp-filter-maps.patch" +) + +pkg_pretend() { + local i enabled_eol_flags disabled_eol_flags + for i in hpn sctp X509; do + if has_version "net-misc/openssh[${i}]"; then + enabled_eol_flags+="${i}," + disabled_eol_flags+="-${i}," + fi + done + + if [[ -n ${enabled_eol_flags} && ${OPENSSH_EOL_USE_FLAGS_I_KNOW_WHAT_I_AM_DOING} != yes ]]; then + # Skip for binary packages entirely because of environment saving, bug #907892 + [[ ${MERGE_TYPE} == binary ]] && return + + ewarn "net-misc/openssh does not support USE='${enabled_eol_flags%,}' anymore." + ewarn "The Base system team *STRONGLY* recommends you not rely on this functionality," + ewarn "since these USE flags required third-party patches that often trigger bugs" + ewarn "and are of questionable provenance." + ewarn + ewarn "If you must continue relying on this functionality, switch to" + ewarn "net-misc/openssh-contrib. You will have to remove net-misc/openssh from your" + ewarn "world file first: 'emerge --deselect net-misc/openssh'" + ewarn + ewarn "In order to prevent loss of SSH remote login access, we will abort the build." + ewarn "Whether you proceed with disabling the USE flags or switch to the -contrib" + ewarn "variant, when re-emerging you will have to set" + ewarn + ewarn " OPENSSH_EOL_USE_FLAGS_I_KNOW_WHAT_I_AM_DOING=yes" + + die "Building net-misc/openssh[${disabled_eol_flags%,}] without OPENSSH_EOL_USE_FLAGS_I_KNOW_WHAT_I_AM_DOING=yes" + fi + + # Make sure people who are using tcp wrappers are notified of its removal. #531156 + if grep -qs '^ *sshd *:' "${EROOT}"/etc/hosts.{allow,deny} ; then + ewarn "Sorry, but openssh no longer supports tcp-wrappers, and it seems like" + ewarn "you're trying to use it. Update your ${EROOT}/etc/hosts.{allow,deny} please." + fi +} + +src_prepare() { + # don't break .ssh/authorized_keys2 for fun + sed -i '/^AuthorizedKeysFile/s:^:#:' sshd_config || die + + [[ -d ${WORKDIR}/patches ]] && PATCHES+=( "${WORKDIR}"/patches ) + + default + + # These tests are currently incompatible with PORTAGE_TMPDIR/sandbox + sed -e '/\t\tpercent \\/ d' \ + -i regress/Makefile || die + + tc-export PKG_CONFIG + local sed_args=( + -e "s:-lcrypto:$(${PKG_CONFIG} --libs openssl):" + # Disable fortify flags ... our gcc does this for us + -e 's:-D_FORTIFY_SOURCE=2::' + ) + + # _XOPEN_SOURCE causes header conflicts on Solaris + [[ ${CHOST} == *-solaris* ]] && sed_args+=( + -e 's/-D_XOPEN_SOURCE//' + ) + sed -i "${sed_args[@]}" configure{.ac,} || die + + eautoreconf +} + +src_configure() { + addwrite /dev/ptmx + + use debug && append-cppflags -DSANDBOX_SECCOMP_FILTER_DEBUG + use static && append-ldflags -static + use xmss && append-cflags -DWITH_XMSS + + if [[ ${CHOST} == *-solaris* ]] ; then + # Solaris' glob.h doesn't have things like GLOB_TILDE, configure + # doesn't check for this, so force the replacement to be put in + # place + append-cppflags -DBROKEN_GLOB + fi + + # use replacement, RPF_ECHO_ON doesn't exist here + [[ ${CHOST} == *-darwin* ]] && export ac_cv_func_readpassphrase=no + + local myconf=( + --with-ldflags="${LDFLAGS}" + --disable-strip + --with-pid-dir="${EPREFIX}"$(usex kernel_linux '' '/var')/run + --sysconfdir="${EPREFIX}"/etc/ssh + --libexecdir="${EPREFIX}"/usr/$(get_libdir)/misc + --datadir="${EPREFIX}"/usr/share/openssh + --with-privsep-path="${EPREFIX}"/var/empty + --with-privsep-user=sshd + # optional at runtime; guarantee a known path + --with-xauth="${EPREFIX}"/usr/bin/xauth + + # --with-hardening adds the following in addition to flags we + # already set in our toolchain: + # * -ftrapv (which is broken with GCC anyway), + # * -ftrivial-auto-var-init=zero (which is nice, but not the end of + # the world to not have) + # * -fzero-call-used-regs=used (history of miscompilations with + # Clang (bug #872548), ICEs on m68k (bug #920350, gcc PR113086, + # gcc PR104820, gcc PR104817, gcc PR110934)). + # + # Furthermore, OSSH_CHECK_CFLAG_COMPILE does not use AC_CACHE_CHECK, + # so we cannot just disable -fzero-call-used-regs=used. + # + # Therefore, just pass --without-hardening, given it doesn't negate + # our already hardened toolchain defaults, and avoids adding flags + # which are known-broken in both Clang and GCC and haven't been + # proven reliable. + --without-hardening + + $(use_with audit audit linux) + $(use_with kerberos kerberos5 "${EPREFIX}"/usr) + $(use_with ldns) + $(use_with libedit) + $(use_with pam) + $(use_with pie) + $(use_with selinux) + $(use_with security-key security-key-builtin) + $(use_with ssl openssl) + $(use_with ssl ssl-engine) + ) + + if use elibc_musl; then + # musl defines bogus values for UTMP_FILE and WTMP_FILE (bug #753230) + myconf+=( --disable-utmp --disable-wtmp ) + fi + + # Workaround for Clang 15 miscompilation with -fzero-call-used-regs=all + # bug #869839 (https://github.com/llvm/llvm-project/issues/57692) + tc-is-clang && myconf+=( --without-hardening ) + + econf "${myconf[@]}" +} + +tweak_ssh_configs() { + cat <<-EOF >> ssh_config.out || die + + Include "${EPREFIX}/etc/ssh/ssh_config.d/*.conf" + EOF + cat <<-EOF >> sshd_config.out || die + + Include "${EPREFIX}/etc/ssh/sshd_config.d/*.conf" + EOF +} + +create_config_dropins() { + local locale_vars=( + # These are language variables that POSIX defines. + # http://pubs.opengroup.org/onlinepubs/9699919799/basedefs/V1_chap08.html#tag_08_02 + LANG LC_ALL LC_COLLATE LC_CTYPE LC_MESSAGES LC_MONETARY LC_NUMERIC LC_TIME + + # These are the GNU extensions. + # https://www.gnu.org/software/autoconf/manual/html_node/Special-Shell-Variables.html + LANGUAGE LC_ADDRESS LC_IDENTIFICATION LC_MEASUREMENT LC_NAME LC_PAPER LC_TELEPHONE + ) + + mkdir -p "${WORKDIR}"/etc/ssh/ssh{,d}_config.d || die + + cat <<-EOF > "${WORKDIR}"/etc/ssh/ssh_config.d/9999999gentoo.conf || die + # Send locale environment variables (bug #367017) + SendEnv ${locale_vars[*]} + + # Send COLORTERM to match TERM (bug #658540) + SendEnv COLORTERM + EOF + + cat <<-EOF > "${WORKDIR}"/etc/ssh/ssh_config.d/9999999gentoo-security.conf || die + RevokedHostKeys "${EPREFIX}/etc/ssh/ssh_revoked_hosts" + EOF + + cat <<-EOF > "${WORKDIR}"/etc/ssh/ssh_revoked_hosts || die + # https://github.blog/2023-03-23-we-updated-our-rsa-ssh-host-key/ + ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGmdnm9tUDbO9IDSwBK6TbQa+PXYPCPy6rbTrTtw7PHkccKrpp0yVhp5HdEIcKr6pLlVDBfOLX9QUsyCOV0wzfjIJNlGEYsdlLJizHhbn2mUjvSAHQqZETYP81eFzLQNnPHt4EVVUh7VfDESU84KezmD5QlWpXLmvU31/yMf+Se8xhHTvKSCZIFImWwoG6mbUoWf9nzpIoaSjB+weqqUUmpaaasXVal72J+UX2B+2RPW3RcT0eOzQgqlJL3RKrTJvdsjE3JEAvGq3lGHSZXy28G3skua2SmVi/w4yCE6gbODqnTWlg7+wC604ydGXA8VJiS5ap43JXiUFFAaQ== + EOF + + cat <<-EOF > "${WORKDIR}"/etc/ssh/sshd_config.d/9999999gentoo.conf || die + # Allow client to pass locale environment variables (bug #367017) + AcceptEnv ${locale_vars[*]} + + # Allow client to pass COLORTERM to match TERM (bug #658540) + AcceptEnv COLORTERM + EOF + + if use pam ; then + cat <<-EOF > "${WORKDIR}"/etc/ssh/sshd_config.d/9999999gentoo-pam.conf || die + UsePAM yes + # This interferes with PAM. + PasswordAuthentication no + # PAM can do its own handling of MOTD. + PrintMotd no + PrintLastLog no + EOF + fi + + if use livecd ; then + cat <<-EOF > "${WORKDIR}"/etc/ssh/sshd_config.d/9999999gentoo-livecd.conf || die + # Allow root login with password on livecds. + PermitRootLogin Yes + EOF + fi +} + +src_compile() { + default + tweak_ssh_configs + create_config_dropins +} + +src_test() { + local tests=( compat-tests ) + local shell=$(egetshell "${UID}") + if [[ ${shell} == */nologin ]] || [[ ${shell} == */false ]] ; then + ewarn "Running the full OpenSSH testsuite requires a usable shell for the 'portage'" + ewarn "user, so we will run a subset only." + tests+=( interop-tests ) + else + tests+=( tests ) + fi + + local -x SUDO= SSH_SK_PROVIDER= TEST_SSH_UNSAFE_PERMISSIONS=1 + mkdir -p "${HOME}"/.ssh || die + emake -j1 "${tests[@]}" > "${ED}"/etc/ssh/ssh_config || die - Include "${EPREFIX}/etc/ssh/ssh_config.d/*.conf" - EOF - cat <<-EOF >> "${ED}"/etc/ssh/sshd_config || die - Include "${EPREFIX}/etc/ssh/sshd_config.d/*.conf" - EOF - - cat <<-EOF >> "${ED}"/etc/ssh/ssh_config.d/9999999gentoo.conf || die - # Send locale environment variables (bug #367017) - SendEnv ${locale_vars[*]} - - # Send COLORTERM to match TERM (bug #658540) - SendEnv COLORTERM - EOF - - cat <<-EOF >> "${ED}"/etc/ssh/ssh_config.d/9999999gentoo-security.conf || die - RevokedHostKeys "${EPREFIX}/etc/ssh/ssh_revoked_hosts" - EOF - - cat <<-EOF >> "${ED}"/etc/ssh/ssh_revoked_hosts || die - # https://github.blog/2023-03-23-we-updated-our-rsa-ssh-host-key/ - ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGmdnm9tUDbO9IDSwBK6TbQa+PXYPCPy6rbTrTtw7PHkccKrpp0yVhp5HdEIcKr6pLlVDBfOLX9QUsyCOV0wzfjIJNlGEYsdlLJizHhbn2mUjvSAHQqZETYP81eFzLQNnPHt4EVVUh7VfDESU84KezmD5QlWpXLmvU31/yMf+Se8xhHTvKSCZIFImWwoG6mbUoWf9nzpIoaSjB+weqqUUmpaaasXVal72J+UX2B+2RPW3RcT0eOzQgqlJL3RKrTJvdsjE3JEAvGq3lGHSZXy28G3skua2SmVi/w4yCE6gbODqnTWlg7+wC604ydGXA8VJiS5ap43JXiUFFAaQ== - EOF - - cat <<-EOF >> "${ED}"/etc/ssh/sshd_config.d/9999999gentoo.conf || die - # Allow client to pass locale environment variables (bug #367017) - AcceptEnv ${locale_vars[*]} - - # Allow client to pass COLORTERM to match TERM (bug #658540) - AcceptEnv COLORTERM - EOF - - if use pam ; then - cat <<-EOF >> "${ED}"/etc/ssh/sshd_config.d/9999999gentoo-pam.conf || die - UsePAM yes - # This interferes with PAM. - PasswordAuthentication no - # PAM can do its own handling of MOTD. - PrintMotd no - PrintLastLog no - EOF - fi - - if use livecd ; then - cat <<-EOF >> "${ED}"/etc/ssh/sshd_config.d/9999999gentoo-livecd.conf || die - # Allow root login with password on livecds. - PermitRootLogin Yes - EOF - fi -} - -src_install() { - emake install-nokeys DESTDIR="${D}" - fperms 600 /etc/ssh/sshd_config - dobin contrib/ssh-copy-id - newinitd "${FILESDIR}"/sshd-r1.initd sshd - newconfd "${FILESDIR}"/sshd-r1.confd sshd - - if use pam; then - newpamd "${FILESDIR}"/sshd.pam_include.2 sshd - fi - - tweak_ssh_configs - - doman contrib/ssh-copy-id.1 - dodoc ChangeLog CREDITS OVERVIEW README* TODO sshd_config - - diropts -m 0700 - dodir /etc/skel/.ssh - rmdir "${ED}"/var/empty || die - - systemd_dounit "${FILESDIR}"/sshd.socket - systemd_newunit "${FILESDIR}"/sshd.service.1 sshd.service - systemd_newunit "${FILESDIR}"/sshd_at.service.1 'sshd@.service' -} - -pkg_preinst() { - if ! use ssl && has_version "${CATEGORY}/${PN}[ssl]"; then - show_ssl_warning=1 - fi -} - -pkg_postinst() { - # bug #139235 - optfeature "x11 forwarding" x11-apps/xauth - - local old_ver - for old_ver in ${REPLACING_VERSIONS}; do - if ver_test "${old_ver}" -lt "5.8_p1"; then - elog "Starting with openssh-5.8p1, the server will default to a newer key" - elog "algorithm (ECDSA). You are encouraged to manually update your stored" - elog "keys list as servers update theirs. See ssh-keyscan(1) for more info." - fi - if ver_test "${old_ver}" -lt "7.0_p1"; then - elog "Starting with openssh-6.7, support for USE=tcpd has been dropped by upstream." - elog "Make sure to update any configs that you might have. Note that xinetd might" - elog "be an alternative for you as it supports USE=tcpd." - fi - if ver_test "${old_ver}" -lt "7.1_p1"; then #557388 #555518 - elog "Starting with openssh-7.0, support for ssh-dss keys were disabled due to their" - elog "weak sizes. If you rely on these key types, you can re-enable the key types by" - elog "adding to your sshd_config or ~/.ssh/config files:" - elog " PubkeyAcceptedKeyTypes=+ssh-dss" - elog "You should however generate new keys using rsa or ed25519." - - elog "Starting with openssh-7.0, the default for PermitRootLogin changed from 'yes'" - elog "to 'prohibit-password'. That means password auth for root users no longer works" - elog "out of the box. If you need this, please update your sshd_config explicitly." - fi - if ver_test "${old_ver}" -lt "7.6_p1"; then - elog "Starting with openssh-7.6p1, openssh upstream has removed ssh1 support entirely." - elog "Furthermore, rsa keys with less than 1024 bits will be refused." - fi - if ver_test "${old_ver}" -lt "7.7_p1"; then - elog "Starting with openssh-7.7p1, we no longer patch openssh to provide LDAP functionality." - elog "Install sys-auth/ssh-ldap-pubkey and use OpenSSH's \"AuthorizedKeysCommand\" option" - elog "if you need to authenticate against LDAP." - elog "See https://wiki.gentoo.org/wiki/SSH/LDAP_migration for more details." - fi - if ver_test "${old_ver}" -lt "8.2_p1"; then - ewarn "After upgrading to openssh-8.2p1 please restart sshd, otherwise you" - ewarn "will not be able to establish new sessions. Restarting sshd over a ssh" - ewarn "connection is generally safe." - fi - if ver_test "${old_ver}" -lt "9.2_p1-r1" && systemd_is_booted; then - ewarn "From openssh-9.2_p1-r1 the supplied systemd unit file defaults to" - ewarn "'Restart=on-failure', which causes the service to automatically restart if it" - ewarn "terminates with an unclean exit code or signal. This feature is useful for most users," - ewarn "but it can increase the vulnerability of the system in the event of a future exploit." - ewarn "If you have a web-facing setup or are concerned about security, it is recommended to" - ewarn "set 'Restart=no' in your sshd unit file." - fi - done - - if [[ -n ${show_ssl_warning} ]]; then - elog "Be aware that by disabling openssl support in openssh, the server and clients" - elog "no longer support dss/rsa/ecdsa keys. You will need to generate ed25519 keys" - elog "and update all clients/servers that utilize them." - fi -} diff --git a/net-misc/proxytunnel/Manifest b/net-misc/proxytunnel/Manifest index 5bb5f7d4d73e..fde19568aa7d 100644 --- a/net-misc/proxytunnel/Manifest +++ b/net-misc/proxytunnel/Manifest @@ -1,6 +1,4 @@ -DIST proxytunnel-1.12.0.tar.gz 57664 BLAKE2B 3d5090a7f8f38fc928d68222e703913fcaade652c4d3cbf28b68682923c3558a7b3e17f00893a60b0cea4e27af185b50cf1ab52064e5125922c50716d5d9c0b7 SHA512 1a448728f49b34a3c6de2a876bfbd57b0f328f9f901db70cf8e6570eef81d2c26a0e0dbdfd566f683cea2d1b4816c01abc7049e5688b0335078034ec3f102b83 -DIST proxytunnel-1.12.1.tar.gz 58464 BLAKE2B c2aac8c8eaed6003a5bc56cf07a9ccd47536f75069937d35794029abe36c9037e4363401d6208bbdcf1e50fb8cbed295e3d01e6c8afebb9c4bf00cb269746412 SHA512 e39ff2b623f468e885f173e70de2d6c89eb34e39ce951cbc63f306dacf58bae86af21e92bec27c5b5f777ed95e9eff10f07e2f912e2270c6e49c32487f449ede -EBUILD proxytunnel-1.12.0.ebuild 1099 BLAKE2B 306c862080aac63a7bfe19382d3b02b32e619f7acd35e7fe8f535e26ecc377eff3584a6fc5461712281ac816dd1d367a21efe52386c569ad24ab2faf1de4362e SHA512 1a2018ff18e4d69aa58b72d562841427bcb19010a2dd5d0543c0bd0efabe6eb89b6aaf73b5a945f9e73bc88436cd27ca8c8060b587bf63d1f56a6b5b03d3fecc -EBUILD proxytunnel-1.12.1.ebuild 1099 BLAKE2B 31be6554de70b60308ee9d2b82a510cbaaed1f3a1fc85acc0f4d17c253bbf7ce2929954764fdb101eef141ba5e2770be07617220d4015644936b8122a6aa1d47 SHA512 f3835f58a0d1d55d766a01371ddb34bd9f81c9f8ff1fbf79db26df729a4f07aa7d53b1aaf6e2392a2d50bbd822356311a3946f0b8ff0ab783eb863612f5e7b68 +DIST proxytunnel-1.12.2.tar.gz 58973 BLAKE2B ffa518278660c816b27ae6c497d744d6588ba9be29fab2ce254bcbc4695fc8e5339e836da541c6aed7a73c2d1e5207f529ca9b818ddbf02b699856d43bb85a57 SHA512 b336e24e9243900999f7253032d666322404377e62d56e2365c13008f242dcc8f7c7c3075d362a9ee29d424aa698feca7d973f839362a40314caa984ee8ad352 +EBUILD proxytunnel-1.12.2.ebuild 1099 BLAKE2B 31be6554de70b60308ee9d2b82a510cbaaed1f3a1fc85acc0f4d17c253bbf7ce2929954764fdb101eef141ba5e2770be07617220d4015644936b8122a6aa1d47 SHA512 f3835f58a0d1d55d766a01371ddb34bd9f81c9f8ff1fbf79db26df729a4f07aa7d53b1aaf6e2392a2d50bbd822356311a3946f0b8ff0ab783eb863612f5e7b68 EBUILD proxytunnel-9999.ebuild 1099 BLAKE2B f0583623d03bd83e41af0154343767de36dcc426789cff6272422c19d703f045ca38608dd4123454517d4253f56c3116940f3a3fd52bcf254d3f28dfab6a2f5a SHA512 44d288b26633cde054f04560c0123e158acc23a76957e1b208e3333b828c15cf801f3a9108f29919c6250aab8a90968d2a23a1b1e5d0b5987d5906d4cceb4acd MISC metadata.xml 718 BLAKE2B 886c8e0a950db2f3ba3d643089ebc02861ff82ae4011ada4bbb61ea5b926bf258d6332f95b13b12885a9a88effb1283c69df7c955d56b5e58742aad92e6a1ab7 SHA512 59d08a8785e6bbe0e2e8bdd48ef78c91e697159da4761d418ba265ab3886796ffdea605595689eb75ead2f96d11ccfd1004051bbcfdef6a94250c5c3db7d1cae diff --git a/net-misc/proxytunnel/proxytunnel-1.12.0.ebuild b/net-misc/proxytunnel/proxytunnel-1.12.0.ebuild deleted file mode 100644 index abdb6f3ed56f..000000000000 --- a/net-misc/proxytunnel/proxytunnel-1.12.0.ebuild +++ /dev/null @@ -1,45 +0,0 @@ -# Copyright 1999-2023 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -EAPI=7 - -inherit flag-o-matic toolchain-funcs - -DESCRIPTION="Connect stdin and stdout to a server via an HTTPS proxy" -HOMEPAGE="https://github.com/proxytunnel/proxytunnel/ https://proxytunnel.sourceforge.net/" - -LICENSE="GPL-2" -SLOT="0" -IUSE="static" - -RDEPEND="dev-libs/openssl:=" -DEPEND="${RDEPEND} - app-text/asciidoc - app-text/xmlto - " -BDEPEND="virtual/pkgconfig" - -DOCS=( CHANGES CREDITS INSTALL.md KNOWN_ISSUES LICENSE.txt README.md RELNOTES TODO ) - -if [[ ${PV} == *9999 ]] ; then - EGIT_REPO_URI="https://github.com/${PN}/${PN}.git" - inherit git-r3 -else - SRC_URI="https://github.com/${PN}/${PN}/archive/v${PV}.tar.gz -> ${P}.tar.gz" - KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sparc ~x86" -fi - -src_prepare() { - default - sed -i -e 's/libssl/libssl libcrypto/' Makefile || die "Sed failed!" -} - -src_compile() { - use static && append-ldflags -static - emake CC="$(tc-getCC)" -} - -src_install() { - emake install prefix="${EPREFIX}"/usr DESTDIR="${D}" - einstalldocs -} diff --git a/net-misc/proxytunnel/proxytunnel-1.12.1.ebuild b/net-misc/proxytunnel/proxytunnel-1.12.1.ebuild deleted file mode 100644 index 3de0355f2f6c..000000000000 --- a/net-misc/proxytunnel/proxytunnel-1.12.1.ebuild +++ /dev/null @@ -1,45 +0,0 @@ -# Copyright 1999-2024 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -EAPI=7 - -inherit flag-o-matic toolchain-funcs - -DESCRIPTION="Connect stdin and stdout to a server via an HTTPS proxy" -HOMEPAGE="https://github.com/proxytunnel/proxytunnel/ https://proxytunnel.sourceforge.net/" - -LICENSE="GPL-2" -SLOT="0" -IUSE="static" - -RDEPEND="dev-libs/openssl:=" -DEPEND="${RDEPEND} - app-text/asciidoc - app-text/xmlto - " -BDEPEND="virtual/pkgconfig" - -DOCS=( CHANGES CREDITS INSTALL.md KNOWN_ISSUES LICENSE.txt README.md RELNOTES TODO ) - -if [[ ${PV} == *9999 ]] ; then - EGIT_REPO_URI="https://github.com/${PN}/${PN}.git" - inherit git-r3 -else - SRC_URI="https://github.com/${PN}/${PN}/archive/v${PV}.tar.gz -> ${P}.tar.gz" - KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sparc ~x86" -fi - -src_prepare() { - default - sed -i -e 's/libssl/libssl libcrypto/' Makefile || die "Sed failed!" -} - -src_compile() { - use static && append-ldflags -static - emake CC="$(tc-getCC)" -} - -src_install() { - emake install prefix="${EPREFIX}"/usr DESTDIR="${D}" - einstalldocs -} diff --git a/net-misc/proxytunnel/proxytunnel-1.12.2.ebuild b/net-misc/proxytunnel/proxytunnel-1.12.2.ebuild new file mode 100644 index 000000000000..3de0355f2f6c --- /dev/null +++ b/net-misc/proxytunnel/proxytunnel-1.12.2.ebuild @@ -0,0 +1,45 @@ +# Copyright 1999-2024 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=7 + +inherit flag-o-matic toolchain-funcs + +DESCRIPTION="Connect stdin and stdout to a server via an HTTPS proxy" +HOMEPAGE="https://github.com/proxytunnel/proxytunnel/ https://proxytunnel.sourceforge.net/" + +LICENSE="GPL-2" +SLOT="0" +IUSE="static" + +RDEPEND="dev-libs/openssl:=" +DEPEND="${RDEPEND} + app-text/asciidoc + app-text/xmlto + " +BDEPEND="virtual/pkgconfig" + +DOCS=( CHANGES CREDITS INSTALL.md KNOWN_ISSUES LICENSE.txt README.md RELNOTES TODO ) + +if [[ ${PV} == *9999 ]] ; then + EGIT_REPO_URI="https://github.com/${PN}/${PN}.git" + inherit git-r3 +else + SRC_URI="https://github.com/${PN}/${PN}/archive/v${PV}.tar.gz -> ${P}.tar.gz" + KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sparc ~x86" +fi + +src_prepare() { + default + sed -i -e 's/libssl/libssl libcrypto/' Makefile || die "Sed failed!" +} + +src_compile() { + use static && append-ldflags -static + emake CC="$(tc-getCC)" +} + +src_install() { + emake install prefix="${EPREFIX}"/usr DESTDIR="${D}" + einstalldocs +} diff --git a/net-misc/sslh/Manifest b/net-misc/sslh/Manifest index cb49fd21975f..50d6fce8b2ad 100644 --- a/net-misc/sslh/Manifest +++ b/net-misc/sslh/Manifest @@ -1,8 +1,8 @@ AUX sslh.conf.d-2 621 BLAKE2B 095522c582be245f1e49018848be738a33eb722cd9be4bd8a0830bbfaa1c2e4018ff480b625349372cc35ec47a1b10069cb5fd6a3c22d7e957e782c888c70b55 SHA512 31d482af0b3626f4b2f669f74a08fa6b6dfc310a40ab332cc3907306bd2fa5321f92e0e76af72c2ea185142f0d485578817e738737917b9c1764079070297e67 AUX sslh.init.d-3 270 BLAKE2B 98cc6c6ccc37a6e8af6d0e84356779e0f304e3d6f45f9fff53c3d1c870ff6b03ac780c04c29e4dce7d6aa3e4cdce365fb54228600e7ce70d9d32691202a5ffb5 SHA512 b919ae318c789ba3e5dd0f5df665a7421be791e89074b07ee00c47b3fe12475562eb5675bbb168c86388902bf50069e0d6f3e804a14666563de07a0a71075ee0 DIST sslh-1.22c.tar.gz 146954 BLAKE2B 1870623634b625bb98787be27444403555262f8a9782573c9ed116e65df9e4518c062ef2e2a40fe7bb550f811518ccc2149a23c36deef6c156911b4c42e27473 SHA512 f13560fbe74b5b08e9b360985d6afd27f2c7e157d220919162e354f3711b90f43bb81f9bda341fb21fef2651acd488f52e9a04dc2da28861540f579e7ca798c4 -DIST sslh-2.1.0.tar.gz 212289 BLAKE2B e85e330e1769cca54deb0dec601402c3d7d578722a2f5addd3ce3d178663d85a5dad9a1fa2e06e11758333f59b96e5cbf4886147ad1497de1f0fcfbe7b71fde2 SHA512 3fe2590c858132c536ce4142097b0c22d37a60f473a2247d2f2fdff5b4f511e1cffb57d8dc5ebddd36ab2a566ac0674172c4e96867b4c738d9ca463aa02ea11d +DIST sslh-2.1.1.tar.gz 212402 BLAKE2B fbde666b49e30950ff4c5c2f6aa563e538fd070ed0edecf2c19a85884379ea8a699488fd23e742c672656cc89b6911bdb764a0989f3b967ecc75aefe5634ea4b SHA512 f689394028ec25e16dd59a5f1aa4c18a760108f0acf23b4eb2ccf000dc09adf1428272c3e93f5b0012f9603076ab1408a3e1aca98adb3e69743d184cb898a9a4 EBUILD sslh-1.22c-r1.ebuild 1902 BLAKE2B e99872913344bd8ded6857a29d3c9f9e182a17ef52876a1e7b239ffe734bc492ef5eb66dc55d49a6c4affd35cb664a9bddc94fcdbc8a8466c59e0d9bb844e79b SHA512 91e768617210ace3354b3a6a9c4da9a4c5a5e20d6d875556dfbe406a72465d8a4e951e73e5c7711a90bdfb79ae82faa724d808be94af16cf204e3b2a40302973 -EBUILD sslh-2.1.0.ebuild 2068 BLAKE2B 6b5024971d2d6af50c2762c3a0decbc926ca4741db4cfa773c699430287d8417950675cfb6f6d6adc958885785578da9eb9e4014696c87283a73cb940e9485c9 SHA512 daefbbc40e2c6c637647800fa2a6213e0c89c08d9d3cdbdf8cc27d3da691f9b55e209e0e06255a12f371a11a16b0b95e6e45834b8faa563bbc2bfa12dffd7c6c +EBUILD sslh-2.1.1.ebuild 2068 BLAKE2B 6b5024971d2d6af50c2762c3a0decbc926ca4741db4cfa773c699430287d8417950675cfb6f6d6adc958885785578da9eb9e4014696c87283a73cb940e9485c9 SHA512 daefbbc40e2c6c637647800fa2a6213e0c89c08d9d3cdbdf8cc27d3da691f9b55e209e0e06255a12f371a11a16b0b95e6e45834b8faa563bbc2bfa12dffd7c6c EBUILD sslh-9999.ebuild 2068 BLAKE2B 6b5024971d2d6af50c2762c3a0decbc926ca4741db4cfa773c699430287d8417950675cfb6f6d6adc958885785578da9eb9e4014696c87283a73cb940e9485c9 SHA512 daefbbc40e2c6c637647800fa2a6213e0c89c08d9d3cdbdf8cc27d3da691f9b55e209e0e06255a12f371a11a16b0b95e6e45834b8faa563bbc2bfa12dffd7c6c MISC metadata.xml 482 BLAKE2B d2c26b25b184b90e3a7d85e81ceb0a0631fca8c267823a87f9302e91d40e80a31c23b184c572af1a32c5b02f86e62ec86efb7a39d5d2c01187e16dd6dc4e2f6c SHA512 3ba2f78c8498d79c318619ddf6e2b3ccd35821ead01dfd65bd2dbae95b1c7d66d7f16751221cceb1439db9629add3bb0538057feeacccc8caea3a0e5041e9184 diff --git a/net-misc/sslh/sslh-2.1.0.ebuild b/net-misc/sslh/sslh-2.1.0.ebuild deleted file mode 100644 index 1a3dc9b9f8e3..000000000000 --- a/net-misc/sslh/sslh-2.1.0.ebuild +++ /dev/null @@ -1,84 +0,0 @@ -# Copyright 1999-2024 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -EAPI="7" - -inherit flag-o-matic systemd toolchain-funcs - -DESCRIPTION="Port multiplexer - accept both HTTPS and SSH connections on the same port" -HOMEPAGE="https://www.rutschle.net/tech/sslh/README.html" -if [[ ${PV} == "9999" ]] ; then - EGIT_REPO_URI="https://github.com/yrutschle/sslh.git" - inherit git-r3 -else - KEYWORDS="amd64 ~arm ~m68k ~mips ~s390 x86" - SRC_URI="https://github.com/yrutschle/sslh/archive/v${PV}.tar.gz -> ${P}.tar.gz" - S=${WORKDIR}/${P} -fi - -LICENSE="GPL-2" -SLOT="0" -IUSE="caps libev systemd tcpd" - -RDEPEND="caps? ( sys-libs/libcap ) - dev-libs/libpcre2:= - systemd? ( sys-apps/systemd:= ) - tcpd? ( sys-apps/tcp-wrappers ) - dev-libs/libconfig:= - libev? ( dev-libs/libev ) - >=dev-libs/libconfig-1.5:=" -DEPEND="${RDEPEND} - dev-lang/perl" - -RESTRICT="test" - -src_prepare() { - sed -i \ - -e '/MAN/s:| gzip -9 - >:>:' \ - -e '/MAN=sslh.8.gz/s:.gz::' \ - Makefile.in || die - default -} - -src_compile() { - append-lfs-flags - - # On older versions of GCC, the default gnu89 variant - # will reject within-for-loop initializers, bug #595426 - # Furthermore, we need to use the gnu variant (gnu99) instead - # of the ISO (c99) variant, as we want the __USE_XOPEN2K macro - # to be defined. - append-cflags -std=gnu99 - - emake \ - CC="$(tc-getCC)" \ - USELIBCAP=$(usev caps) \ - USELIBEV=$(usev libev) \ - USELIBWRAP=$(usev tcpd) \ - USESYSTEMD=$(usev systemd) -} - -src_install() { - dosbin sslh-{fork,select} - if use libev; then - dosbin sslh-ev - dosym sslh-fork /usr/sbin/sslh - else - dosym sslh-fork /usr/sbin/sslh - fi - - doman ${PN}.8 - - dodoc ChangeLog README.md - - newinitd "${FILESDIR}"/sslh.init.d-3 sslh - newconfd "${FILESDIR}"/sslh.conf.d-2 sslh - - if use systemd; then - # Gentoo puts the binaries in /usr/sbin, but upstream puts them in /usr/bin - sed -i -e 's~/usr/bin/~/usr/sbin/~g' scripts/systemd.sslh.service || die - systemd_newunit scripts/systemd.sslh.service sslh.service - exeinto /usr/lib/systemd/system-generators/ - doexe systemd-sslh-generator - fi -} diff --git a/net-misc/sslh/sslh-2.1.1.ebuild b/net-misc/sslh/sslh-2.1.1.ebuild new file mode 100644 index 000000000000..1a3dc9b9f8e3 --- /dev/null +++ b/net-misc/sslh/sslh-2.1.1.ebuild @@ -0,0 +1,84 @@ +# Copyright 1999-2024 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI="7" + +inherit flag-o-matic systemd toolchain-funcs + +DESCRIPTION="Port multiplexer - accept both HTTPS and SSH connections on the same port" +HOMEPAGE="https://www.rutschle.net/tech/sslh/README.html" +if [[ ${PV} == "9999" ]] ; then + EGIT_REPO_URI="https://github.com/yrutschle/sslh.git" + inherit git-r3 +else + KEYWORDS="amd64 ~arm ~m68k ~mips ~s390 x86" + SRC_URI="https://github.com/yrutschle/sslh/archive/v${PV}.tar.gz -> ${P}.tar.gz" + S=${WORKDIR}/${P} +fi + +LICENSE="GPL-2" +SLOT="0" +IUSE="caps libev systemd tcpd" + +RDEPEND="caps? ( sys-libs/libcap ) + dev-libs/libpcre2:= + systemd? ( sys-apps/systemd:= ) + tcpd? ( sys-apps/tcp-wrappers ) + dev-libs/libconfig:= + libev? ( dev-libs/libev ) + >=dev-libs/libconfig-1.5:=" +DEPEND="${RDEPEND} + dev-lang/perl" + +RESTRICT="test" + +src_prepare() { + sed -i \ + -e '/MAN/s:| gzip -9 - >:>:' \ + -e '/MAN=sslh.8.gz/s:.gz::' \ + Makefile.in || die + default +} + +src_compile() { + append-lfs-flags + + # On older versions of GCC, the default gnu89 variant + # will reject within-for-loop initializers, bug #595426 + # Furthermore, we need to use the gnu variant (gnu99) instead + # of the ISO (c99) variant, as we want the __USE_XOPEN2K macro + # to be defined. + append-cflags -std=gnu99 + + emake \ + CC="$(tc-getCC)" \ + USELIBCAP=$(usev caps) \ + USELIBEV=$(usev libev) \ + USELIBWRAP=$(usev tcpd) \ + USESYSTEMD=$(usev systemd) +} + +src_install() { + dosbin sslh-{fork,select} + if use libev; then + dosbin sslh-ev + dosym sslh-fork /usr/sbin/sslh + else + dosym sslh-fork /usr/sbin/sslh + fi + + doman ${PN}.8 + + dodoc ChangeLog README.md + + newinitd "${FILESDIR}"/sslh.init.d-3 sslh + newconfd "${FILESDIR}"/sslh.conf.d-2 sslh + + if use systemd; then + # Gentoo puts the binaries in /usr/sbin, but upstream puts them in /usr/bin + sed -i -e 's~/usr/bin/~/usr/sbin/~g' scripts/systemd.sslh.service || die + systemd_newunit scripts/systemd.sslh.service sslh.service + exeinto /usr/lib/systemd/system-generators/ + doexe systemd-sslh-generator + fi +} -- cgit v1.2.3