diff options
Diffstat (limited to 'net-misc/openssh-x/files')
31 files changed, 0 insertions, 1291 deletions
diff --git a/net-misc/openssh-x/files/openssh-4.7_p1-GSSAPI-dns.patch b/net-misc/openssh-x/files/openssh-4.7_p1-GSSAPI-dns.patch deleted file mode 100644 index c81ae5cb..00000000 --- a/net-misc/openssh-x/files/openssh-4.7_p1-GSSAPI-dns.patch +++ /dev/null @@ -1,127 +0,0 @@ -http://bugs.gentoo.org/165444 -https://bugzilla.mindrot.org/show_bug.cgi?id=1008 - -Index: readconf.c -=================================================================== -RCS file: /cvs/openssh/readconf.c,v -retrieving revision 1.135 -diff -u -r1.135 readconf.c ---- readconf.c 5 Aug 2006 02:39:40 -0000 1.135 -+++ readconf.c 19 Aug 2006 11:59:52 -0000 -@@ -126,6 +126,7 @@ - oClearAllForwardings, oNoHostAuthenticationForLocalhost, - oEnableSSHKeysign, oRekeyLimit, oVerifyHostKeyDNS, oConnectTimeout, - oAddressFamily, oGssAuthentication, oGssDelegateCreds, -+ oGssTrustDns, - oServerAliveInterval, oServerAliveCountMax, oIdentitiesOnly, - oSendEnv, oControlPath, oControlMaster, oHashKnownHosts, - oTunnel, oTunnelDevice, oLocalCommand, oPermitLocalCommand, -@@ -163,9 +164,11 @@ - #if defined(GSSAPI) - { "gssapiauthentication", oGssAuthentication }, - { "gssapidelegatecredentials", oGssDelegateCreds }, -+ { "gssapitrustdns", oGssTrustDns }, - #else - { "gssapiauthentication", oUnsupported }, - { "gssapidelegatecredentials", oUnsupported }, -+ { "gssapitrustdns", oUnsupported }, - #endif - { "fallbacktorsh", oDeprecated }, - { "usersh", oDeprecated }, -@@ -444,6 +447,10 @@ - intptr = &options->gss_deleg_creds; - goto parse_flag; - -+ case oGssTrustDns: -+ intptr = &options->gss_trust_dns; -+ goto parse_flag; -+ - case oBatchMode: - intptr = &options->batch_mode; - goto parse_flag; -@@ -1010,6 +1017,7 @@ - options->challenge_response_authentication = -1; - options->gss_authentication = -1; - options->gss_deleg_creds = -1; -+ options->gss_trust_dns = -1; - options->password_authentication = -1; - options->kbd_interactive_authentication = -1; - options->kbd_interactive_devices = NULL; -@@ -1100,6 +1108,8 @@ - options->gss_authentication = 0; - if (options->gss_deleg_creds == -1) - options->gss_deleg_creds = 0; -+ if (options->gss_trust_dns == -1) -+ options->gss_trust_dns = 0; - if (options->password_authentication == -1) - options->password_authentication = 1; - if (options->kbd_interactive_authentication == -1) -Index: readconf.h -=================================================================== -RCS file: /cvs/openssh/readconf.h,v -retrieving revision 1.63 -diff -u -r1.63 readconf.h ---- readconf.h 5 Aug 2006 02:39:40 -0000 1.63 -+++ readconf.h 19 Aug 2006 11:59:52 -0000 -@@ -45,6 +45,7 @@ - /* Try S/Key or TIS, authentication. */ - int gss_authentication; /* Try GSS authentication */ - int gss_deleg_creds; /* Delegate GSS credentials */ -+ int gss_trust_dns; /* Trust DNS for GSS canonicalization */ - int password_authentication; /* Try password - * authentication. */ - int kbd_interactive_authentication; /* Try keyboard-interactive auth. */ -Index: ssh_config.5 -=================================================================== -RCS file: /cvs/openssh/ssh_config.5,v -retrieving revision 1.97 -diff -u -r1.97 ssh_config.5 ---- ssh_config.5 5 Aug 2006 01:34:51 -0000 1.97 -+++ ssh_config.5 19 Aug 2006 11:59:53 -0000 -@@ -483,7 +483,16 @@ - Forward (delegate) credentials to the server. - The default is - .Dq no . --Note that this option applies to protocol version 2 only. -+Note that this option applies to protocol version 2 connections using GSSAPI. -+.It Cm GSSAPITrustDns -+Set to -+.Dq yes to indicate that the DNS is trusted to securely canonicalize -+the name of the host being connected to. If -+.Dq no, the hostname entered on the -+command line will be passed untouched to the GSSAPI library. -+The default is -+.Dq no . -+This option only applies to protocol version 2 connections using GSSAPI. - .It Cm HashKnownHosts - Indicates that - .Xr ssh 1 -Index: sshconnect2.c -=================================================================== -RCS file: /cvs/openssh/sshconnect2.c,v -retrieving revision 1.151 -diff -u -r1.151 sshconnect2.c ---- sshconnect2.c 18 Aug 2006 14:33:34 -0000 1.151 -+++ sshconnect2.c 19 Aug 2006 11:59:53 -0000 -@@ -499,6 +499,12 @@ - static u_int mech = 0; - OM_uint32 min; - int ok = 0; -+ const char *gss_host; -+ -+ if (options.gss_trust_dns) -+ gss_host = get_canonical_hostname(1); -+ else -+ gss_host = authctxt->host; - - /* Try one GSSAPI method at a time, rather than sending them all at - * once. */ -@@ -511,7 +517,7 @@ - /* My DER encoding requires length<128 */ - if (gss_supported->elements[mech].length < 128 && - ssh_gssapi_check_mechanism(&gssctxt, -- &gss_supported->elements[mech], authctxt->host)) { -+ &gss_supported->elements[mech], gss_host)) { - ok = 1; /* Mechanism works */ - } else { - mech++; diff --git a/net-misc/openssh-x/files/openssh-5.2_p1-autoconf.patch b/net-misc/openssh-x/files/openssh-5.2_p1-autoconf.patch deleted file mode 100644 index 24ad7a9c..00000000 --- a/net-misc/openssh-x/files/openssh-5.2_p1-autoconf.patch +++ /dev/null @@ -1,15 +0,0 @@ -workaround problems with autoconf-2.63 - -http://lists.gnu.org/archive/html/autoconf/2009-04/msg00007.html - ---- a/configure.ac -+++ b/configure.ac -@@ -3603,7 +3603,7 @@ - #include <shadow.h> - struct spwd sp; - ],[ sp.sp_expire = sp.sp_lstchg = sp.sp_inact = 0; ], -- [ sp_expire_available=yes ], [] -+ [ sp_expire_available=yes ], [:] - ) - - if test "x$sp_expire_available" = "xyes" ; then diff --git a/net-misc/openssh-x/files/openssh-5.2_p1-gsskex-fix.patch b/net-misc/openssh-x/files/openssh-5.2_p1-gsskex-fix.patch deleted file mode 100644 index 8112d625..00000000 --- a/net-misc/openssh-x/files/openssh-5.2_p1-gsskex-fix.patch +++ /dev/null @@ -1,16 +0,0 @@ ---- clientloop.c -+++ clientloop.c -@@ -1434,11 +1434,13 @@ - if (!rekeying) { - channel_after_select(readset, writeset); - -+#ifdef GSSAPI - if (options.gss_renewal_rekey && - ssh_gssapi_credentials_updated(GSS_C_NO_CONTEXT)) { - debug("credentials updated - forcing rekey"); - need_rekeying = 1; - } -+#endif - - if (need_rekeying || packet_need_rekeying()) { - debug("need rekeying"); diff --git a/net-misc/openssh-x/files/openssh-5.2_p1-x509-hpn-glue.patch b/net-misc/openssh-x/files/openssh-5.2_p1-x509-hpn-glue.patch deleted file mode 100644 index 9428b74f..00000000 --- a/net-misc/openssh-x/files/openssh-5.2_p1-x509-hpn-glue.patch +++ /dev/null @@ -1,91 +0,0 @@ -Move things around so hpn applies cleanly when using X509. - ---- openssh-5.2p1+x509/Makefile.in -+++ openssh-5.2p1+x509/Makefile.in -@@ -44,11 +44,12 @@ - CC=@CC@ - LD=@LD@ - CFLAGS=@CFLAGS@ --CPPFLAGS=-I. -I$(srcdir) @CPPFLAGS@ @LDAP_CPPFLAGS@ $(PATHS) @DEFS@ -+CPPFLAGS=-I. -I$(srcdir) @CPPFLAGS@ $(PATHS) @DEFS@ - LIBS=@LIBS@ - SSHDLIBS=@SSHDLIBS@ - LIBEDIT=@LIBEDIT@ - LIBLDAP=@LDAP_LDFLAGS@ @LDAP_LIBS@ -+CPPFLAGS += @LDAP_CPPFLAGS@ - AR=@AR@ - AWK=@AWK@ - RANLIB=@RANLIB@ ---- openssh-5.2p1+x509/servconf.c -+++ openssh-5.2p1+x509/servconf.c -@@ -108,6 +108,17 @@ - options->log_level = SYSLOG_LEVEL_NOT_SET; - options->rhosts_rsa_authentication = -1; - options->hostbased_authentication = -1; -+ options->hostbased_algorithms = NULL; -+ options->pubkey_algorithms = NULL; -+ ssh_x509flags_initialize(&options->x509flags, 1); -+#ifndef SSH_X509STORE_DISABLED -+ ssh_x509store_initialize(&options->ca); -+#endif /*ndef SSH_X509STORE_DISABLED*/ -+#ifdef SSH_OCSP_ENABLED -+ options->va.type = -1; -+ options->va.certificate_file = NULL; -+ options->va.responder_url = NULL; -+#endif /*def SSH_OCSP_ENABLED*/ - options->hostbased_uses_name_from_packet_only = -1; - options->rsa_authentication = -1; - options->pubkey_authentication = -1; -@@ -152,18 +163,6 @@ - options->adm_forced_command = NULL; - options->chroot_directory = NULL; - options->zero_knowledge_password_authentication = -1; -- -- options->hostbased_algorithms = NULL; -- options->pubkey_algorithms = NULL; -- ssh_x509flags_initialize(&options->x509flags, 1); --#ifndef SSH_X509STORE_DISABLED -- ssh_x509store_initialize(&options->ca); --#endif /*ndef SSH_X509STORE_DISABLED*/ --#ifdef SSH_OCSP_ENABLED -- options->va.type = -1; -- options->va.certificate_file = NULL; -- options->va.responder_url = NULL; --#endif /*def SSH_OCSP_ENABLED*/ - } - - void -@@ -341,6 +340,16 @@ - /* Portable-specific options */ - sUsePAM, - /* Standard Options */ -+ sHostbasedAlgorithms, -+ sPubkeyAlgorithms, -+ sX509KeyAlgorithm, -+ sAllowedClientCertPurpose, -+ sKeyAllowSelfIssued, sMandatoryCRL, -+ sCACertificateFile, sCACertificatePath, -+ sCARevocationFile, sCARevocationPath, -+ sCAldapVersion, sCAldapURL, -+ sVAType, sVACertificateFile, -+ sVAOCSPResponderURL, - sPort, sHostKeyFile, sServerKeyBits, sLoginGraceTime, sKeyRegenerationTime, - sPermitRootLogin, sLogFacility, sLogLevel, - sRhostsRSAAuthentication, sRSAAuthentication, -@@ -364,16 +373,6 @@ - sMatch, sPermitOpen, sForceCommand, sChrootDirectory, - sUsePrivilegeSeparation, sAllowAgentForwarding, - sZeroKnowledgePasswordAuthentication, -- sHostbasedAlgorithms, -- sPubkeyAlgorithms, -- sX509KeyAlgorithm, -- sAllowedClientCertPurpose, -- sKeyAllowSelfIssued, sMandatoryCRL, -- sCACertificateFile, sCACertificatePath, -- sCARevocationFile, sCARevocationPath, -- sCAldapVersion, sCAldapURL, -- sVAType, sVACertificateFile, -- sVAOCSPResponderURL, - sDeprecated, sUnsupported - } ServerOpCodes; - diff --git a/net-misc/openssh-x/files/openssh-5.2p1-ldap-stdargs.diff b/net-misc/openssh-x/files/openssh-5.2p1-ldap-stdargs.diff deleted file mode 100644 index 346d5271..00000000 --- a/net-misc/openssh-x/files/openssh-5.2p1-ldap-stdargs.diff +++ /dev/null @@ -1,10 +0,0 @@ ---- ldapauth.c.orig 2009-04-18 18:06:38.000000000 +0200 -+++ ldapauth.c 2009-04-18 18:06:11.000000000 +0200 -@@ -31,6 +31,7 @@ - #include <stdlib.h> - #include <unistd.h> - #include <string.h> -+#include <stdarg.h> - - #include "ldapauth.h" - #include "log.h" diff --git a/net-misc/openssh-x/files/openssh-5.4_p1-openssl.patch b/net-misc/openssh-x/files/openssh-5.4_p1-openssl.patch deleted file mode 100644 index e4cdb63a..00000000 --- a/net-misc/openssh-x/files/openssh-5.4_p1-openssl.patch +++ /dev/null @@ -1,12 +0,0 @@ -pull in openssl/conf.h for OPENSSL_config() prototype - ---- openbsd-compat/openssl-compat.c -+++ openbsd-compat/openssl-compat.c -@@ -59,6 +59,7 @@ - #endif - - #ifdef USE_OPENSSL_ENGINE -+#include <openssl/conf.h> - void - ssh_SSLeay_add_all_algorithms(void) - { diff --git a/net-misc/openssh-x/files/openssh-5.6_p1-hpn-progressmeter.patch b/net-misc/openssh-x/files/openssh-5.6_p1-hpn-progressmeter.patch deleted file mode 100644 index 5fe18dfc..00000000 --- a/net-misc/openssh-x/files/openssh-5.6_p1-hpn-progressmeter.patch +++ /dev/null @@ -1,15 +0,0 @@ -don't go reading random stack values - -already e-mailed to upstream hpn devs - ---- progressmeter.c -+++ progressmeter.c -@@ -183,7 +183,7 @@ - else - percent = 100; - -- snprintf(buf + strlen(buf), win_size - strlen(buf-8), -+ snprintf(buf + strlen(buf), win_size - strlen(buf) - 8, - " %3d%% ", percent); - - /* amount transferred */ diff --git a/net-misc/openssh-x/files/openssh-5.6_p1-x509-hpn-glue.patch b/net-misc/openssh-x/files/openssh-5.6_p1-x509-hpn-glue.patch deleted file mode 100644 index e793311f..00000000 --- a/net-misc/openssh-x/files/openssh-5.6_p1-x509-hpn-glue.patch +++ /dev/null @@ -1,60 +0,0 @@ -Move things around so hpn applies cleanly when using X509. - ---- a/Makefile.in -+++ b/Makefile.in -@@ -46,11 +46,12 @@ - CC=@CC@ - LD=@LD@ - CFLAGS=@CFLAGS@ --CPPFLAGS=-I. -I$(srcdir) @CPPFLAGS@ @LDAP_CPPFLAGS@ $(PATHS) @DEFS@ -+CPPFLAGS=-I. -I$(srcdir) @CPPFLAGS@ $(PATHS) @DEFS@ - LIBS=@LIBS@ - SSHDLIBS=@SSHDLIBS@ - LIBEDIT=@LIBEDIT@ - LIBLDAP=@LDAP_LDFLAGS@ @LDAP_LIBS@ -+CPPFLAGS+=@LDAP_CPPFLAGS@ - AR=@AR@ - AWK=@AWK@ - RANLIB=@RANLIB@ ---- a/servconf.c -+++ b/servconf.c -@@ -153,9 +153,6 @@ initialize_server_options(ServerOptions *options) - options->adm_forced_command = NULL; - options->chroot_directory = NULL; - options->zero_knowledge_password_authentication = -1; -- options->revoked_keys_file = NULL; -- options->trusted_user_ca_keys = NULL; -- options->authorized_principals_file = NULL; - - options->hostbased_algorithms = NULL; - options->pubkey_algorithms = NULL; -@@ -168,6 +165,9 @@ initialize_server_options(ServerOptions *options) - options->va.certificate_file = NULL; - options->va.responder_url = NULL; - #endif /*def SSH_OCSP_ENABLED*/ -+ options->revoked_keys_file = NULL; -+ options->trusted_user_ca_keys = NULL; -+ options->authorized_principals_file = NULL; - } - - void -@@ -367,9 +367,6 @@ typedef enum { - sClientAliveCountMax, sAuthorizedKeysFile, sAuthorizedKeysFile2, - sGssAuthentication, sGssCleanupCreds, sAcceptEnv, sPermitTunnel, - sMatch, sPermitOpen, sForceCommand, sChrootDirectory, -- sUsePrivilegeSeparation, sAllowAgentForwarding, -- sZeroKnowledgePasswordAuthentication, sHostCertificate, -- sRevokedKeys, sTrustedUserCAKeys, sAuthorizedPrincipalsFile, - sHostbasedAlgorithms, - sPubkeyAlgorithms, - sX509KeyAlgorithm, -@@ -380,6 +377,9 @@ typedef enum { - sCAldapVersion, sCAldapURL, - sVAType, sVACertificateFile, - sVAOCSPResponderURL, -+ sUsePrivilegeSeparation, sAllowAgentForwarding, -+ sZeroKnowledgePasswordAuthentication, sHostCertificate, -+ sRevokedKeys, sTrustedUserCAKeys, sAuthorizedPrincipalsFile, - sDeprecated, sUnsupported - } ServerOpCodes; - diff --git a/net-misc/openssh-x/files/openssh-5.7_p1-x509-hpn-glue.patch b/net-misc/openssh-x/files/openssh-5.7_p1-x509-hpn-glue.patch deleted file mode 100644 index ee3e7574..00000000 --- a/net-misc/openssh-x/files/openssh-5.7_p1-x509-hpn-glue.patch +++ /dev/null @@ -1,60 +0,0 @@ -Move things around so hpn applies cleanly when using X509. - ---- a/Makefile.in -+++ b/Makefile.in -@@ -46,11 +46,12 @@ - CC=@CC@ - LD=@LD@ - CFLAGS=@CFLAGS@ --CPPFLAGS=-I. -I$(srcdir) @CPPFLAGS@ @LDAP_CPPFLAGS@ $(PATHS) @DEFS@ -+CPPFLAGS=-I. -I$(srcdir) @CPPFLAGS@ $(PATHS) @DEFS@ - LIBS=@LIBS@ - SSHDLIBS=@SSHDLIBS@ - LIBEDIT=@LIBEDIT@ - LIBLDAP=@LDAP_LDFLAGS@ @LDAP_LIBS@ -+CPPFLAGS+=@LDAP_CPPFLAGS@ - AR=@AR@ - AWK=@AWK@ - RANLIB=@RANLIB@ ---- a/servconf.c -+++ b/servconf.c -@@ -153,9 +153,6 @@ initialize_server_options(ServerOptions *options) - options->zero_knowledge_password_authentication = -1; - options->revoked_keys_file = NULL; - options->trusted_user_ca_keys = NULL; -- options->authorized_principals_file = NULL; -- options->ip_qos_interactive = -1; -- options->ip_qos_bulk = -1; - - options->hostbased_algorithms = NULL; - options->pubkey_algorithms = NULL; -@@ -168,6 +165,9 @@ initialize_server_options(ServerOptions *options) - options->va.certificate_file = NULL; - options->va.responder_url = NULL; - #endif /*def SSH_OCSP_ENABLED*/ -+ options->authorized_principals_file = NULL; -+ options->ip_qos_interactive = -1; -+ options->ip_qos_bulk = -1; - } - - void -@@ -367,9 +367,6 @@ typedef enum { - sGssAuthentication, sGssCleanupCreds, sAcceptEnv, sPermitTunnel, - sMatch, sPermitOpen, sForceCommand, sChrootDirectory, - sUsePrivilegeSeparation, sAllowAgentForwarding, -- sZeroKnowledgePasswordAuthentication, sHostCertificate, -- sRevokedKeys, sTrustedUserCAKeys, sAuthorizedPrincipalsFile, -- sKexAlgorithms, sIPQoS, - sHostbasedAlgorithms, - sPubkeyAlgorithms, - sX509KeyAlgorithm, -@@ -380,6 +377,9 @@ typedef enum { - sCAldapVersion, sCAldapURL, - sVAType, sVACertificateFile, - sVAOCSPResponderURL, -+ sZeroKnowledgePasswordAuthentication, sHostCertificate, -+ sRevokedKeys, sTrustedUserCAKeys, sAuthorizedPrincipalsFile, -+ sKexAlgorithms, sIPQoS, - sDeprecated, sUnsupported - } ServerOpCodes; - diff --git a/net-misc/openssh-x/files/openssh-5.8_p1-selinux.patch b/net-misc/openssh-x/files/openssh-5.8_p1-selinux.patch deleted file mode 100644 index 7be2879f..00000000 --- a/net-misc/openssh-x/files/openssh-5.8_p1-selinux.patch +++ /dev/null @@ -1,18 +0,0 @@ -http://bugs.gentoo.org/354247 - -[openbsd-compat/port-linux.c] Bug #1851: fix syntax error in - selinux code. Patch from Leonardo Chiquitto. - -/* $Id: openssh-5.8_p1-selinux.patch,v 1.1 2011/02/10 02:44:53 vapier Exp $ */ - ---- a/openbsd-compat/port-linux.c -+++ b/openbsd-compat/port-linux.c -@@ -213,7 +213,7 @@ - - if (!ssh_selinux_enabled()) - return; -- if (path == NULL) -+ if (path == NULL) { - setfscreatecon(NULL); - return; - } diff --git a/net-misc/openssh-x/files/openssh-5.8_p1-x509-hpn-glue.patch b/net-misc/openssh-x/files/openssh-5.8_p1-x509-hpn-glue.patch deleted file mode 100644 index 74d06c79..00000000 --- a/net-misc/openssh-x/files/openssh-5.8_p1-x509-hpn-glue.patch +++ /dev/null @@ -1,61 +0,0 @@ -Move things around so hpn applies cleanly when using X509. - ---- a/Makefile.in -+++ b/Makefile.in -@@ -46,12 +46,13 @@ - CC=@CC@ - LD=@LD@ - CFLAGS=@CFLAGS@ --CPPFLAGS=-I. -I$(srcdir) @CPPFLAGS@ @LDAP_CPPFLAGS@ $(PATHS) @DEFS@ -+CPPFLAGS=-I. -I$(srcdir) @CPPFLAGS@ $(PATHS) @DEFS@ - LIBS=@LIBS@ - SSHLIBS=@SSHLIBS@ - SSHDLIBS=@SSHDLIBS@ - LIBEDIT=@LIBEDIT@ - LIBLDAP=@LDAP_LDFLAGS@ @LDAP_LIBS@ -+CPPFLAGS+=@LDAP_CPPFLAGS@ - AR=@AR@ - AWK=@AWK@ - RANLIB=@RANLIB@ ---- a/servconf.c -+++ b/servconf.c -@@ -153,9 +153,6 @@ initialize_server_options(ServerOptions *options) - options->zero_knowledge_password_authentication = -1; - options->revoked_keys_file = NULL; - options->trusted_user_ca_keys = NULL; -- options->authorized_principals_file = NULL; -- options->ip_qos_interactive = -1; -- options->ip_qos_bulk = -1; - - options->hostbased_algorithms = NULL; - options->pubkey_algorithms = NULL; -@@ -168,6 +165,9 @@ initialize_server_options(ServerOptions *options) - options->va.certificate_file = NULL; - options->va.responder_url = NULL; - #endif /*def SSH_OCSP_ENABLED*/ -+ options->authorized_principals_file = NULL; -+ options->ip_qos_interactive = -1; -+ options->ip_qos_bulk = -1; - } - - void -@@ -367,9 +367,6 @@ typedef enum { - sGssAuthentication, sGssCleanupCreds, sAcceptEnv, sPermitTunnel, - sMatch, sPermitOpen, sForceCommand, sChrootDirectory, - sUsePrivilegeSeparation, sAllowAgentForwarding, -- sZeroKnowledgePasswordAuthentication, sHostCertificate, -- sRevokedKeys, sTrustedUserCAKeys, sAuthorizedPrincipalsFile, -- sKexAlgorithms, sIPQoS, - sHostbasedAlgorithms, - sPubkeyAlgorithms, - sX509KeyAlgorithm, -@@ -380,6 +377,9 @@ typedef enum { - sCAldapVersion, sCAldapURL, - sVAType, sVACertificateFile, - sVAOCSPResponderURL, -+ sZeroKnowledgePasswordAuthentication, sHostCertificate, -+ sRevokedKeys, sTrustedUserCAKeys, sAuthorizedPrincipalsFile, -+ sKexAlgorithms, sIPQoS, - sDeprecated, sUnsupported - } ServerOpCodes; - diff --git a/net-misc/openssh-x/files/openssh-5.9_p1-drop-openssl-check.patch b/net-misc/openssh-x/files/openssh-5.9_p1-drop-openssl-check.patch deleted file mode 100644 index eb621abb..00000000 --- a/net-misc/openssh-x/files/openssh-5.9_p1-drop-openssl-check.patch +++ /dev/null @@ -1,25 +0,0 @@ -newer versions of openssl have started to be compatible across minor versions -too, so this sanity check fails. since we already handle compatibility with -openssl via SONAME checks, we don't need this openssh check at all. - -http://marc.info/?l=openssl-dev&m=133176786215023&w=2 - ---- a/entropy.c -+++ b/entropy.c -@@ -208,16 +208,7 @@ seed_rng(void) - { - #ifndef OPENSSL_PRNG_ONLY - unsigned char buf[RANDOM_SEED_SIZE]; --#endif -- /* -- * OpenSSL version numbers: MNNFFPPS: major minor fix patch status -- * We match major, minor, fix and status (not patch) -- */ -- if ((SSLeay() ^ OPENSSL_VERSION_NUMBER) & ~0xff0L) -- fatal("OpenSSL version mismatch. Built against %lx, you " -- "have %lx", (u_long)OPENSSL_VERSION_NUMBER, SSLeay()); - --#ifndef OPENSSL_PRNG_ONLY - if (RAND_status() == 1) { - debug3("RNG is ready, skipping seeding"); - return; diff --git a/net-misc/openssh-x/files/openssh-5.9_p1-sshd-gssapi-multihomed.patch b/net-misc/openssh-x/files/openssh-5.9_p1-sshd-gssapi-multihomed.patch deleted file mode 100644 index 6377d036..00000000 --- a/net-misc/openssh-x/files/openssh-5.9_p1-sshd-gssapi-multihomed.patch +++ /dev/null @@ -1,184 +0,0 @@ -Index: gss-serv.c -=================================================================== -RCS file: /cvs/src/usr.bin/ssh/gss-serv.c,v -retrieving revision 1.22 -diff -u -p -r1.22 gss-serv.c ---- gss-serv.c 8 May 2008 12:02:23 -0000 1.22 -+++ gss-serv.c 11 Jan 2010 05:38:29 -0000 -@@ -41,9 +41,12 @@ - #include "channels.h" - #include "session.h" - #include "misc.h" -+#include "servconf.h" - - #include "ssh-gss.h" - -+extern ServerOptions options; -+ - static ssh_gssapi_client gssapi_client = - { GSS_C_EMPTY_BUFFER, GSS_C_EMPTY_BUFFER, - GSS_C_NO_CREDENTIAL, NULL, {NULL, NULL, NULL}}; -@@ -77,25 +80,32 @@ ssh_gssapi_acquire_cred(Gssctxt *ctx) - char lname[MAXHOSTNAMELEN]; - gss_OID_set oidset; - -- gss_create_empty_oid_set(&status, &oidset); -- gss_add_oid_set_member(&status, ctx->oid, &oidset); -- -- if (gethostname(lname, MAXHOSTNAMELEN)) { -- gss_release_oid_set(&status, &oidset); -- return (-1); -- } -+ if (options.gss_strict_acceptor) { -+ gss_create_empty_oid_set(&status, &oidset); -+ gss_add_oid_set_member(&status, ctx->oid, &oidset); -+ -+ if (gethostname(lname, MAXHOSTNAMELEN)) { -+ gss_release_oid_set(&status, &oidset); -+ return (-1); -+ } -+ -+ if (GSS_ERROR(ssh_gssapi_import_name(ctx, lname))) { -+ gss_release_oid_set(&status, &oidset); -+ return (ctx->major); -+ } -+ -+ if ((ctx->major = gss_acquire_cred(&ctx->minor, -+ ctx->name, 0, oidset, GSS_C_ACCEPT, &ctx->creds, -+ NULL, NULL))) -+ ssh_gssapi_error(ctx); - -- if (GSS_ERROR(ssh_gssapi_import_name(ctx, lname))) { - gss_release_oid_set(&status, &oidset); - return (ctx->major); -+ } else { -+ ctx->name = GSS_C_NO_NAME; -+ ctx->creds = GSS_C_NO_CREDENTIAL; - } -- -- if ((ctx->major = gss_acquire_cred(&ctx->minor, -- ctx->name, 0, oidset, GSS_C_ACCEPT, &ctx->creds, NULL, NULL))) -- ssh_gssapi_error(ctx); -- -- gss_release_oid_set(&status, &oidset); -- return (ctx->major); -+ return GSS_S_COMPLETE; - } - - /* Privileged */ -Index: servconf.c -=================================================================== -RCS file: /cvs/src/usr.bin/ssh/servconf.c,v -retrieving revision 1.201 -diff -u -p -r1.201 servconf.c ---- servconf.c 10 Jan 2010 03:51:17 -0000 1.201 -+++ servconf.c 11 Jan 2010 05:34:56 -0000 -@@ -86,6 +86,7 @@ initialize_server_options(ServerOptions - options->kerberos_get_afs_token = -1; - options->gss_authentication=-1; - options->gss_cleanup_creds = -1; -+ options->gss_strict_acceptor = -1; - options->password_authentication = -1; - options->kbd_interactive_authentication = -1; - options->challenge_response_authentication = -1; -@@ -200,6 +201,8 @@ fill_default_server_options(ServerOption - options->gss_authentication = 0; - if (options->gss_cleanup_creds == -1) - options->gss_cleanup_creds = 1; -+ if (options->gss_strict_acceptor == -1) -+ options->gss_strict_acceptor = 0; - if (options->password_authentication == -1) - options->password_authentication = 1; - if (options->kbd_interactive_authentication == -1) -@@ -277,7 +280,8 @@ typedef enum { - sBanner, sUseDNS, sHostbasedAuthentication, - sHostbasedUsesNameFromPacketOnly, sClientAliveInterval, - sClientAliveCountMax, sAuthorizedKeysFile, -- sGssAuthentication, sGssCleanupCreds, sAcceptEnv, sPermitTunnel, -+ sGssAuthentication, sGssCleanupCreds, sGssStrictAcceptor, -+ sAcceptEnv, sPermitTunnel, - sMatch, sPermitOpen, sForceCommand, sChrootDirectory, - sUsePrivilegeSeparation, sAllowAgentForwarding, - sZeroKnowledgePasswordAuthentication, sHostCertificate, -@@ -327,9 +331,11 @@ static struct { - #ifdef GSSAPI - { "gssapiauthentication", sGssAuthentication, SSHCFG_ALL }, - { "gssapicleanupcredentials", sGssCleanupCreds, SSHCFG_GLOBAL }, -+ { "gssapistrictacceptorcheck", sGssStrictAcceptor, SSHCFG_GLOBAL }, - #else - { "gssapiauthentication", sUnsupported, SSHCFG_ALL }, - { "gssapicleanupcredentials", sUnsupported, SSHCFG_GLOBAL }, -+ { "gssapistrictacceptorcheck", sUnsupported, SSHCFG_GLOBAL }, - #endif - { "passwordauthentication", sPasswordAuthentication, SSHCFG_ALL }, - { "kbdinteractiveauthentication", sKbdInteractiveAuthentication, SSHCFG_ALL }, -@@ -850,6 +856,10 @@ process_server_config_line(ServerOptions - - case sGssCleanupCreds: - intptr = &options->gss_cleanup_creds; -+ goto parse_flag; -+ -+ case sGssStrictAcceptor: -+ intptr = &options->gss_strict_acceptor; - goto parse_flag; - - case sPasswordAuthentication: -Index: servconf.h -=================================================================== -RCS file: /cvs/src/usr.bin/ssh/servconf.h,v -retrieving revision 1.89 -diff -u -p -r1.89 servconf.h ---- servconf.h 9 Jan 2010 23:04:13 -0000 1.89 -+++ servconf.h 11 Jan 2010 05:32:28 -0000 -@@ -92,6 +92,7 @@ typedef struct { - * authenticated with Kerberos. */ - int gss_authentication; /* If true, permit GSSAPI authentication */ - int gss_cleanup_creds; /* If true, destroy cred cache on logout */ -+ int gss_strict_acceptor; /* If true, restrict the GSSAPI acceptor name */ - int password_authentication; /* If true, permit password - * authentication. */ - int kbd_interactive_authentication; /* If true, permit */ -Index: sshd_config -=================================================================== -RCS file: /cvs/src/usr.bin/ssh/sshd_config,v -retrieving revision 1.81 -diff -u -p -r1.81 sshd_config ---- sshd_config 8 Oct 2009 14:03:41 -0000 1.81 -+++ sshd_config 11 Jan 2010 05:32:28 -0000 -@@ -69,6 +69,7 @@ - # GSSAPI options - #GSSAPIAuthentication no - #GSSAPICleanupCredentials yes -+#GSSAPIStrictAcceptorCheck yes - - # Set this to 'yes' to enable PAM authentication, account processing, - # and session processing. If this is enabled, PAM authentication will -Index: sshd_config.5 -=================================================================== -RCS file: /cvs/src/usr.bin/ssh/sshd_config.5,v -retrieving revision 1.116 -diff -u -p -r1.116 sshd_config.5 ---- sshd_config.5 9 Jan 2010 23:04:13 -0000 1.116 -+++ sshd_config.5 11 Jan 2010 05:37:20 -0000 -@@ -386,6 +386,21 @@ on logout. - The default is - .Dq yes . - Note that this option applies to protocol version 2 only. -+.It Cm GSSAPIStrictAcceptorCheck -+Determines whether to be strict about the identity of the GSSAPI acceptor -+a client authenticates against. -+If set to -+.Dq yes -+then the client must authenticate against the -+.Pa host -+service on the current hostname. -+If set to -+.Dq no -+then the client may authenticate against any service key stored in the -+machine's default store. -+This facility is provided to assist with operation on multi homed machines. -+The default is -+.Dq yes . - .It Cm HostbasedAuthentication - Specifies whether rhosts or /etc/hosts.equiv authentication together - with successful public key client host authentication is allowed diff --git a/net-misc/openssh-x/files/openssh-5.9_p1-x509-glue.patch b/net-misc/openssh-x/files/openssh-5.9_p1-x509-glue.patch deleted file mode 100644 index 6fbb88b6..00000000 --- a/net-misc/openssh-x/files/openssh-5.9_p1-x509-glue.patch +++ /dev/null @@ -1,15 +0,0 @@ -make x509 apply after openssh-5.9_p1-sshd-gssapi-multihomed.patch - ---- openssh-5.9p1+x509-7.0.diff -+++ openssh-5.9p1+x509-7.0.diff -@@ -11995,9 +11995,9 @@ - Specifies whether challenge-response authentication is allowed (e.g. via - PAM or though authentication styles supported in - @@ -430,6 +507,16 @@ -+ This facility is provided to assist with operation on multi homed machines. - The default is - .Dq yes . -- Note that this option applies to protocol version 2 only. - +.It Cm HostbasedAlgorithms - +Specifies the protocol version 2 algorithms used in - +.Dq hostbased diff --git a/net-misc/openssh-x/files/openssh-6.0_p1-fix-freebsd-compilation.patch b/net-misc/openssh-x/files/openssh-6.0_p1-fix-freebsd-compilation.patch deleted file mode 100644 index 3b34cd2e..00000000 --- a/net-misc/openssh-x/files/openssh-6.0_p1-fix-freebsd-compilation.patch +++ /dev/null @@ -1,15 +0,0 @@ -diff --git a/configure.ac b/configure.ac -index 2b60300..21b6112 100644 ---- a/configure.ac -+++ b/configure.ac -@@ -725,6 +725,10 @@ mips-sony-bsd|mips-sony-newsos4) - AC_CHECK_HEADER([net/if_tap.h], , - AC_DEFINE([SSH_TUN_NO_L2], [1], [No layer 2 tunnel support])) - AC_DEFINE([BROKEN_GLOB], [1], [FreeBSD glob does not do what we need]) -+ AC_DEFINE([DISABLE_UTMP], [1], -+ [Define if you don't want to use utmp]) -+ AC_DEFINE([DISABLE_WTMP], [1], -+ [Define if you don't want to use wtmp]) - ;; - *-*-bsdi*) - AC_DEFINE([SETEUID_BREAKS_SETUID]) diff --git a/net-misc/openssh-x/files/openssh-6.0_p1-hpn-progressmeter.patch b/net-misc/openssh-x/files/openssh-6.0_p1-hpn-progressmeter.patch deleted file mode 100644 index 56805d12..00000000 --- a/net-misc/openssh-x/files/openssh-6.0_p1-hpn-progressmeter.patch +++ /dev/null @@ -1,15 +0,0 @@ -don't go reading random stack values - -already e-mailed to upstream hpn devs - ---- progressmeter.c -+++ progressmeter.c -@@ -183,7 +183,7 @@ - percent = ((float)cur_pos / end_pos) * 100; - else - percent = 100; -- snprintf(buf + strlen(buf), win_size - strlen(buf-8), -+ snprintf(buf + strlen(buf), win_size - strlen(buf) - 8, - " %3d%% ", percent); - - /* amount transferred */ diff --git a/net-misc/openssh-x/files/openssh-6.0_p1-test.patch b/net-misc/openssh-x/files/openssh-6.0_p1-test.patch deleted file mode 100644 index 8b988aed..00000000 --- a/net-misc/openssh-x/files/openssh-6.0_p1-test.patch +++ /dev/null @@ -1,19 +0,0 @@ -changeset: 10701:b159befd3104 -tag: tip -user: Mike Frysinger <vapier@gentoo.org> -date: Sun Apr 29 00:26:33 2012 -0400 -summary: use = with `test`, not == - -diff -r d8a3ea854288 -r b159befd3104 configure.ac ---- a/configure.ac Fri Apr 27 00:55:42 2012 +0000 -+++ b/configure.ac Sun Apr 29 00:26:33 2012 -0400 -@@ -2591,7 +2591,7 @@ - AC_DEFINE([SANDBOX_DARWIN], [1], [Sandbox using Darwin sandbox_init(3)]) - elif test "x$sandbox_arg" = "xseccomp_filter" || \ - ( test -z "$sandbox_arg" && \ -- test "x$have_seccomp_filter" == "x1" && \ -+ test "x$have_seccomp_filter" = "x1" && \ - test "x$ac_cv_header_linux_audit_h" = "xyes" && \ - test "x$have_seccomp_audit_arch" = "x1" && \ - test "x$have_linux_no_new_privs" = "x1" && \ - diff --git a/net-misc/openssh-x/files/openssh-6.0_p1-x509-glue.patch b/net-misc/openssh-x/files/openssh-6.0_p1-x509-glue.patch deleted file mode 100644 index 3633a2af..00000000 --- a/net-misc/openssh-x/files/openssh-6.0_p1-x509-glue.patch +++ /dev/null @@ -1,15 +0,0 @@ -make x509 apply after openssh-5.9_p1-sshd-gssapi-multihomed.patch - ---- openssh-6.0p1+x509-7.1.diff -+++ openssh-6.0p1+x509-7.1.diff -@@ -13502,9 +13502,9 @@ - Specifies whether challenge-response authentication is allowed (e.g. via - PAM or though authentication styles supported in - @@ -430,6 +507,16 @@ -+ This facility is provided to assist with operation on multi homed machines. - The default is - .Dq yes . -- Note that this option applies to protocol version 2 only. - +.It Cm HostbasedAlgorithms - +Specifies the protocol version 2 algorithms used in - +.Dq hostbased diff --git a/net-misc/openssh-x/files/openssh-6.0_p1-x509-hpn-glue.patch b/net-misc/openssh-x/files/openssh-6.0_p1-x509-hpn-glue.patch deleted file mode 100644 index 9e3dfdbe..00000000 --- a/net-misc/openssh-x/files/openssh-6.0_p1-x509-hpn-glue.patch +++ /dev/null @@ -1,57 +0,0 @@ -diff --git a/Makefile.in b/Makefile.in -index ecb45cd..7834fb1 100644 ---- a/Makefile.in -+++ b/Makefile.in -@@ -45,12 +45,13 @@ FIPSLD_CC=@FIPSLD_CC@ - CC=@CC@ - LD=@LD@ - CFLAGS=@CFLAGS@ --CPPFLAGS=-I. -I$(srcdir) @CPPFLAGS@ @LDAP_CPPFLAGS@ $(PATHS) @DEFS@ -+CPPFLAGS=-I. -I$(srcdir) @CPPFLAGS@ $(PATHS) @DEFS@ - LIBS=@LIBS@ - SSHLIBS=@SSHLIBS@ - SSHDLIBS=@SSHDLIBS@ - LIBEDIT=@LIBEDIT@ - LIBLDAP=@LDAP_LDFLAGS@ @LDAP_LIBS@ -+CPPFLAGS+=@LDAP_CPPFLAGS@ - AR=@AR@ - AWK=@AWK@ - RANLIB=@RANLIB@ -diff --git a/sshconnect.c b/sshconnect.c -index 19a2b06..dd75f78 100644 ---- a/sshconnect.c -+++ b/sshconnect.c -@@ -580,7 +580,7 @@ ssh_exchange_identification(int timeout_ms) - snprintf(buf, sizeof buf, "SSH-%d.%d-%.100s%s", - compat20 ? PROTOCOL_MAJOR_2 : PROTOCOL_MAJOR_1, - compat20 ? PROTOCOL_MINOR_2 : minor1, -- SSH_VERSION, compat20 ? " PKIX\r\n" : "\n"); -+ SSH_VERSION, compat20 ? "\r\n" : "\n"); - if (roaming_atomicio(vwrite, connection_out, buf, strlen(buf)) - != strlen(buf)) - fatal("write: %.100s", strerror(errno)); -diff --git a/sshd.c b/sshd.c -index a5c437d..a1105a0 100644 ---- a/sshd.c -+++ b/sshd.c -@@ -428,8 +428,8 @@ sshd_exchange_identification(int sock_in, int sock_out) - minor = PROTOCOL_MINOR_1; - comment = ""; - } -- snprintf(buf, sizeof buf, "SSH-%d.%d-%.100s%s%s", major, minor, -- SSH_VERSION, comment, newline); -+ snprintf(buf, sizeof buf, "SSH-%d.%d-%.100s%s", major, minor, -+ SSH_VERSION, newline); - server_version_string = xstrdup(buf); - - /* Send our protocol version identification. */ -diff --git a/version.h b/version.h -index 78983d9..ec1746d 100644 ---- a/version.h -+++ b/version.h -@@ -3,4 +3,5 @@ - #define SSH_VERSION "OpenSSH_6.0" - - #define SSH_PORTABLE "p1" -+#define SSH_X509 " PKIX" - #define SSH_RELEASE SSH_VERSION SSH_PORTABLE diff --git a/net-misc/openssh-x/files/openssh-6.1_p1-x509-glue.patch b/net-misc/openssh-x/files/openssh-6.1_p1-x509-glue.patch deleted file mode 100644 index e6db835d..00000000 --- a/net-misc/openssh-x/files/openssh-6.1_p1-x509-glue.patch +++ /dev/null @@ -1,15 +0,0 @@ -make x509 apply after openssh-5.9_p1-sshd-gssapi-multihomed.patch - ---- openssh-6.1p1+x509-7.2.1.diff -+++ openssh-6.1p1+x509-7.2.1.diff -@@ -13502,9 +13502,9 @@ - Specifies whether challenge-response authentication is allowed (e.g. via - PAM or though authentication styles supported in - @@ -432,6 +509,16 @@ -+ This facility is provided to assist with operation on multi homed machines. - The default is - .Dq yes . -- Note that this option applies to protocol version 2 only. - +.It Cm HostbasedAlgorithms - +Specifies the protocol version 2 algorithms used in - +.Dq hostbased diff --git a/net-misc/openssh-x/files/openssh-6.1_p1-x509-hpn-glue.patch b/net-misc/openssh-x/files/openssh-6.1_p1-x509-hpn-glue.patch deleted file mode 100644 index 5d69a50b..00000000 --- a/net-misc/openssh-x/files/openssh-6.1_p1-x509-hpn-glue.patch +++ /dev/null @@ -1,49 +0,0 @@ ---- a/Makefile.in -+++ b/Makefile.in -@@ -45,12 +45,13 @@ FIPSLD_CC=@FIPSLD_CC@ - CC=@CC@ - LD=@LD@ - CFLAGS=@CFLAGS@ --CPPFLAGS=-I. -I$(srcdir) @CPPFLAGS@ @LDAP_CPPFLAGS@ $(PATHS) @DEFS@ -+CPPFLAGS=-I. -I$(srcdir) @CPPFLAGS@ $(PATHS) @DEFS@ - LIBS=@LIBS@ - SSHLIBS=@SSHLIBS@ - SSHDLIBS=@SSHDLIBS@ - LIBEDIT=@LIBEDIT@ - LIBLDAP=@LDAP_LDFLAGS@ @LDAP_LIBS@ -+CPPFLAGS+=@LDAP_CPPFLAGS@ - AR=@AR@ - AWK=@AWK@ - RANLIB=@RANLIB@ ---- a/sshconnect.c -+++ b/sshconnect.c -@@ -580,7 +580,7 @@ ssh_exchange_identification(int timeout_ms) - snprintf(buf, sizeof buf, "SSH-%d.%d-%.100s%s", - compat20 ? PROTOCOL_MAJOR_2 : PROTOCOL_MAJOR_1, - compat20 ? PROTOCOL_MINOR_2 : minor1, -- SSH_VERSION, compat20 ? " PKIX\r\n" : "\n"); -+ SSH_VERSION, compat20 ? "\r\n" : "\n"); - if (roaming_atomicio(vwrite, connection_out, buf, strlen(buf)) - != strlen(buf)) - fatal("write: %.100s", strerror(errno)); ---- a/sshd.c -+++ b/sshd.c -@@ -428,8 +428,8 @@ sshd_exchange_identification(int sock_in, int sock_out) - comment = ""; - } - -- xasprintf(&server_version_string, "SSH-%d.%d-%.100s%s%s%s%s", -+ xasprintf(&server_version_string, "SSH-%d.%d-%.100s%s%s%s", -- major, minor, SSH_VERSION, comment, -+ major, minor, SSH_VERSION, - *options.version_addendum == '\0' ? "" : " ", - options.version_addendum, newline); - ---- a/version.h -+++ b/version.h -@@ -3,4 +3,5 @@ - #define SSH_VERSION "OpenSSH_6.0" - - #define SSH_PORTABLE "p1" -+#define SSH_X509 " PKIX" - #define SSH_RELEASE SSH_VERSION SSH_PORTABLE diff --git a/net-misc/openssh-x/files/sshd.confd b/net-misc/openssh-x/files/sshd.confd deleted file mode 100644 index 28952b4a..00000000 --- a/net-misc/openssh-x/files/sshd.confd +++ /dev/null @@ -1,21 +0,0 @@ -# /etc/conf.d/sshd: config file for /etc/init.d/sshd - -# Where is your sshd_config file stored? - -SSHD_CONFDIR="/etc/ssh" - - -# Any random options you want to pass to sshd. -# See the sshd(8) manpage for more info. - -SSHD_OPTS="" - - -# Pid file to use (needs to be absolute path). - -#SSHD_PIDFILE="/var/run/sshd.pid" - - -# Path to the sshd binary (needs to be absolute path). - -#SSHD_BINARY="/usr/sbin/sshd" diff --git a/net-misc/openssh-x/files/sshd.pam b/net-misc/openssh-x/files/sshd.pam deleted file mode 100644 index 51149402..00000000 --- a/net-misc/openssh-x/files/sshd.pam +++ /dev/null @@ -1,9 +0,0 @@ -#%PAM-1.0 - -auth required pam_stack.so service=system-auth -auth required pam_shells.so -auth required pam_nologin.so -account required pam_stack.so service=system-auth -password required pam_stack.so service=system-auth -session required pam_stack.so service=system-auth - diff --git a/net-misc/openssh-x/files/sshd.pam_include.2 b/net-misc/openssh-x/files/sshd.pam_include.2 deleted file mode 100644 index b801aaaf..00000000 --- a/net-misc/openssh-x/files/sshd.pam_include.2 +++ /dev/null @@ -1,4 +0,0 @@ -auth include system-remote-login -account include system-remote-login -password include system-remote-login -session include system-remote-login diff --git a/net-misc/openssh-x/files/sshd.rc6 b/net-misc/openssh-x/files/sshd.rc6 deleted file mode 100644 index 03160686..00000000 --- a/net-misc/openssh-x/files/sshd.rc6 +++ /dev/null @@ -1,82 +0,0 @@ -#!/sbin/runscript -# Copyright 1999-2011 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/net-misc/openssh/files/sshd.rc6,v 1.28 2011/12/04 10:08:19 swegener Exp $ - -extra_commands="checkconfig gen_keys" -extra_started_commands="reload" - -depend() { - use logger dns - need net -} - -SSHD_CONFDIR=${SSHD_CONFDIR:-/etc/ssh} -SSHD_PIDFILE=${SSHD_PIDFILE:-/var/run/${SVCNAME}.pid} -SSHD_BINARY=${SSHD_BINARY:-/usr/sbin/sshd} - -checkconfig() { - if [ ! -d /var/empty ] ; then - mkdir -p /var/empty || return 1 - fi - - if [ ! -e "${SSHD_CONFDIR}"/sshd_config ] ; then - eerror "You need an ${SSHD_CONFDIR}/sshd_config file to run sshd" - eerror "There is a sample file in /usr/share/doc/openssh" - return 1 - fi - - gen_keys || return 1 - - "${SSHD_BINARY}" -t ${myopts} || return 1 -} - -gen_keys() { - if [ ! -e "${SSHD_CONFDIR}"/ssh_host_key ] ; then - einfo "Generating Hostkey..." - /usr/bin/ssh-keygen -t rsa1 -f "${SSHD_CONFDIR}"/ssh_host_key -N '' || return 1 - fi - if [ ! -e "${SSHD_CONFDIR}"/ssh_host_dsa_key ] ; then - einfo "Generating DSA-Hostkey..." - /usr/bin/ssh-keygen -d -f "${SSHD_CONFDIR}"/ssh_host_dsa_key -N '' || return 1 - fi - if [ ! -e "${SSHD_CONFDIR}"/ssh_host_rsa_key ] ; then - einfo "Generating RSA-Hostkey..." - /usr/bin/ssh-keygen -t rsa -f "${SSHD_CONFDIR}"/ssh_host_rsa_key -N '' || return 1 - fi - return 0 -} - -start() { - local myopts="" - [ "${SSHD_PIDFILE}" != "/var/run/sshd.pid" ] \ - && myopts="${myopts} -o PidFile=${SSHD_PIDFILE}" - [ "${SSHD_CONFDIR}" != "/etc/ssh" ] \ - && myopts="${myopts} -f ${SSHD_CONFDIR}/sshd_config" - - checkconfig || return 1 - ebegin "Starting ${SVCNAME}" - start-stop-daemon --start --exec "${SSHD_BINARY}" \ - --pidfile "${SSHD_PIDFILE}" \ - -- ${myopts} ${SSHD_OPTS} - eend $? -} - -stop() { - if [ "${RC_CMD}" = "restart" ] ; then - checkconfig || return 1 - fi - - ebegin "Stopping ${SVCNAME}" - start-stop-daemon --stop --exec "${SSHD_BINARY}" \ - --pidfile "${SSHD_PIDFILE}" --quiet - eend $? -} - -reload() { - checkconfig || return 1 - ebegin "Reloading ${SVCNAME}" - start-stop-daemon --stop --signal HUP --oknodo \ - --exec "${SSHD_BINARY}" --pidfile "${SSHD_PIDFILE}" - eend $? -} diff --git a/net-misc/openssh-x/files/sshd.rc6.1 b/net-misc/openssh-x/files/sshd.rc6.1 deleted file mode 100644 index 6524601c..00000000 --- a/net-misc/openssh-x/files/sshd.rc6.1 +++ /dev/null @@ -1,83 +0,0 @@ -#!/sbin/runscript -# Copyright 1999-2011 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/net-misc/openssh/files/sshd.rc6.1,v 1.2 2011/12/04 10:08:19 swegener Exp $ - -extra_commands="checkconfig gen_keys" -extra_started_commands="reload" - -depend() { - use logger dns - need net -} - -SSHD_CONFDIR=${SSHD_CONFDIR:-/etc/ssh} -SSHD_PIDFILE=${SSHD_PIDFILE:-/var/run/${SVCNAME}.pid} -SSHD_BINARY=${SSHD_BINARY:-/usr/sbin/sshd} - -checkconfig() { - if [ ! -d /var/empty ] ; then - mkdir -p /var/empty || return 1 - fi - - if [ ! -e "${SSHD_CONFDIR}"/sshd_config ] ; then - eerror "You need an ${SSHD_CONFDIR}/sshd_config file to run sshd" - eerror "There is a sample file in /usr/share/doc/openssh" - return 1 - fi - - gen_keys || return 1 - - "${SSHD_BINARY}" -t ${myopts} || return 1 -} - -gen_keys() { - if [ ! -e "${SSHD_CONFDIR}"/ssh_host_key ] && \ - egrep -q '^[ \t]*Protocol[ \t]+.*1' "${SSHD_CONFDIR}"/sshd_config ; then - einfo "Generating RSA1-Hostkey..." - /usr/bin/ssh-keygen -t rsa1 -f "${SSHD_CONFDIR}"/ssh_host_key -N '' || return 1 - fi - if [ ! -e "${SSHD_CONFDIR}"/ssh_host_dsa_key ] ; then - einfo "Generating DSA-Hostkey..." - /usr/bin/ssh-keygen -d -f "${SSHD_CONFDIR}"/ssh_host_dsa_key -N '' || return 1 - fi - if [ ! -e "${SSHD_CONFDIR}"/ssh_host_rsa_key ] ; then - einfo "Generating RSA-Hostkey..." - /usr/bin/ssh-keygen -t rsa -f "${SSHD_CONFDIR}"/ssh_host_rsa_key -N '' || return 1 - fi - return 0 -} - -start() { - local myopts="" - [ "${SSHD_PIDFILE}" != "/var/run/sshd.pid" ] \ - && myopts="${myopts} -o PidFile=${SSHD_PIDFILE}" - [ "${SSHD_CONFDIR}" != "/etc/ssh" ] \ - && myopts="${myopts} -f ${SSHD_CONFDIR}/sshd_config" - - checkconfig || return 1 - ebegin "Starting ${SVCNAME}" - start-stop-daemon --start --exec "${SSHD_BINARY}" \ - --pidfile "${SSHD_PIDFILE}" \ - -- ${myopts} ${SSHD_OPTS} - eend $? -} - -stop() { - if [ "${RC_CMD}" = "restart" ] ; then - checkconfig || return 1 - fi - - ebegin "Stopping ${SVCNAME}" - start-stop-daemon --stop --exec "${SSHD_BINARY}" \ - --pidfile "${SSHD_PIDFILE}" --quiet - eend $? -} - -reload() { - checkconfig || return 1 - ebegin "Reloading ${SVCNAME}" - start-stop-daemon --stop --signal HUP --oknodo \ - --exec "${SSHD_BINARY}" --pidfile "${SSHD_PIDFILE}" - eend $? -} diff --git a/net-misc/openssh-x/files/sshd.rc6.2 b/net-misc/openssh-x/files/sshd.rc6.2 deleted file mode 100644 index 22aaaad2..00000000 --- a/net-misc/openssh-x/files/sshd.rc6.2 +++ /dev/null @@ -1,85 +0,0 @@ -#!/sbin/runscript -# Copyright 1999-2011 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/net-misc/openssh/files/sshd.rc6.2,v 1.3 2011/12/04 10:08:19 swegener Exp $ - -extra_commands="checkconfig gen_keys" -extra_started_commands="reload" - -depend() { - use logger dns - need net -} - -SSHD_CONFDIR=${SSHD_CONFDIR:-/etc/ssh} -SSHD_PIDFILE=${SSHD_PIDFILE:-/var/run/${SVCNAME}.pid} -SSHD_BINARY=${SSHD_BINARY:-/usr/sbin/sshd} - -checkconfig() { - if [ ! -d /var/empty ] ; then - mkdir -p /var/empty || return 1 - fi - - if [ ! -e "${SSHD_CONFDIR}"/sshd_config ] ; then - eerror "You need an ${SSHD_CONFDIR}/sshd_config file to run sshd" - eerror "There is a sample file in /usr/share/doc/openssh" - return 1 - fi - - gen_keys || return 1 - - [ "${SSHD_PIDFILE}" != "/var/run/sshd.pid" ] \ - && SSHD_OPTS="${SSHD_OPTS} -o PidFile=${SSHD_PIDFILE}" - [ "${SSHD_CONFDIR}" != "/etc/ssh" ] \ - && SSHD_OPTS="${SSHD_OPTS} -f ${SSHD_CONFDIR}/sshd_config" - - "${SSHD_BINARY}" -t ${SSHD_OPTS} || return 1 -} - -gen_key() { - local type=$1 key ks - [ $# -eq 1 ] && ks="${type}_" - key="${SSHD_CONFDIR}/ssh_host_${ks}key" - if [ ! -e "${key}" ] ; then - ebegin "Generating ${type} host key" - ssh-keygen -t ${type} -f "${key}" -N '' - eend $? || return $? - fi -} - -gen_keys() { - if egrep -q '^[[:space:]]*Protocol[[:space:]]+.*1' "${SSHD_CONFDIR}"/sshd_config ; then - gen_key rsa1 "" || return 1 - fi - gen_key dsa && gen_key rsa && gen_key ecdsa - return $? -} - -start() { - checkconfig || return 1 - - ebegin "Starting ${SVCNAME}" - start-stop-daemon --start --exec "${SSHD_BINARY}" \ - --pidfile "${SSHD_PIDFILE}" \ - -- ${SSHD_OPTS} - eend $? -} - -stop() { - if [ "${RC_CMD}" = "restart" ] ; then - checkconfig || return 1 - fi - - ebegin "Stopping ${SVCNAME}" - start-stop-daemon --stop --exec "${SSHD_BINARY}" \ - --pidfile "${SSHD_PIDFILE}" --quiet - eend $? -} - -reload() { - checkconfig || return 1 - ebegin "Reloading ${SVCNAME}" - start-stop-daemon --stop --signal HUP --oknodo \ - --exec "${SSHD_BINARY}" --pidfile "${SSHD_PIDFILE}" - eend $? -} diff --git a/net-misc/openssh-x/files/sshd.rc6.3 b/net-misc/openssh-x/files/sshd.rc6.3 deleted file mode 100755 index c55116e9..00000000 --- a/net-misc/openssh-x/files/sshd.rc6.3 +++ /dev/null @@ -1,85 +0,0 @@ -#!/sbin/runscript -# Copyright 1999-2011 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/net-misc/openssh/files/sshd.rc6.3,v 1.2 2011/09/14 21:46:19 polynomial-c Exp $ - -extra_commands="checkconfig gen_keys" -extra_started_commands="reload" - -depend() { - use logger dns - need net -} - -SSHD_CONFDIR=${SSHD_CONFDIR:-/etc/ssh} -SSHD_PIDFILE=${SSHD_PIDFILE:-/var/run/${SVCNAME}.pid} -SSHD_BINARY=${SSHD_BINARY:-/usr/sbin/sshd} - -checkconfig() { - if [ ! -d /var/empty ] ; then - mkdir -p /var/empty || return 1 - fi - - if [ ! -e "${SSHD_CONFDIR}"/sshd_config ] ; then - eerror "You need an ${SSHD_CONFDIR}/sshd_config file to run sshd" - eerror "There is a sample file in /usr/share/doc/openssh" - return 1 - fi - - gen_keys || return 1 - - [ "${SSHD_PIDFILE}" != "/var/run/sshd.pid" ] \ - && SSHD_OPTS="${SSHD_OPTS} -o PidFile=${SSHD_PIDFILE}" - [ "${SSHD_CONFDIR}" != "/etc/ssh" ] \ - && SSHD_OPTS="${SSHD_OPTS} -f ${SSHD_CONFDIR}/sshd_config" - - "${SSHD_BINARY}" -t ${SSHD_OPTS} || return 1 -} - -gen_key() { - local type=$1 key ks - [ $# -eq 1 ] && ks="${type}_" - key="${SSHD_CONFDIR}/ssh_host_${ks}key" - if [ ! -e "${key}" ] ; then - ebegin "Generating ${type} host key" - ssh-keygen -t ${type} -f "${key}" -N '' - eend $? || return $? - fi -} - -gen_keys() { - if egrep -q '^[[:space:]]*Protocol[[:space:]]+.*1' "${SSHD_CONFDIR}"/sshd_config ; then - gen_key rsa1 "" || return 1 - fi - gen_key dsa && gen_key rsa && gen_key ecdsa - return $? -} - -start() { - checkconfig || return 1 - - ebegin "Starting ${SVCNAME}" - start-stop-daemon --start --exec "${SSHD_BINARY}" \ - --pidfile "${SSHD_PIDFILE}" \ - -- ${SSHD_OPTS} - eend $? -} - -stop() { - if [ "${RC_CMD}" = "restart" ] ; then - checkconfig || return 1 - fi - - ebegin "Stopping ${SVCNAME}" - start-stop-daemon --stop --exec "${SSHD_BINARY}" \ - --pidfile "${SSHD_PIDFILE}" --quiet - eend $? -} - -reload() { - checkconfig || return 1 - ebegin "Reloading ${SVCNAME}" - start-stop-daemon --signal HUP \ - --exec "${SSHD_BINARY}" --pidfile "${SSHD_PIDFILE}" - eend $? -} diff --git a/net-misc/openssh-x/files/sshd.service b/net-misc/openssh-x/files/sshd.service deleted file mode 100644 index 45f823ac..00000000 --- a/net-misc/openssh-x/files/sshd.service +++ /dev/null @@ -1,10 +0,0 @@ -[Unit] -Description=OpenSSH server daemon -After=syslog.target network.target auditd.service - -[Service] -ExecStart=/usr/sbin/sshd -D -e -ExecReload=/bin/kill -HUP $MAINPID - -[Install] -WantedBy=multi-user.target diff --git a/net-misc/openssh-x/files/sshd.socket b/net-misc/openssh-x/files/sshd.socket deleted file mode 100644 index 94b95331..00000000 --- a/net-misc/openssh-x/files/sshd.socket +++ /dev/null @@ -1,10 +0,0 @@ -[Unit] -Description=OpenSSH Server Socket -Conflicts=sshd.service - -[Socket] -ListenStream=22 -Accept=yes - -[Install] -WantedBy=sockets.target diff --git a/net-misc/openssh-x/files/sshd_at.service b/net-misc/openssh-x/files/sshd_at.service deleted file mode 100644 index 2645ad04..00000000 --- a/net-misc/openssh-x/files/sshd_at.service +++ /dev/null @@ -1,8 +0,0 @@ -[Unit] -Description=OpenSSH per-connection server daemon -After=syslog.target auditd.service - -[Service] -ExecStart=-/usr/sbin/sshd -i -e -StandardInput=socket -StandardError=syslog |