From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) by finch.gentoo.org (Postfix) with ESMTP id 4FB8B1399CE for ; Thu, 3 Sep 2015 21:54:19 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 57984142BA; Thu, 3 Sep 2015 21:54:17 +0000 (UTC) Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id BC775142BA for ; Thu, 3 Sep 2015 21:54:16 +0000 (UTC) Received: from oystercatcher.gentoo.org (oystercatcher.gentoo.org [148.251.78.52]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by smtp.gentoo.org (Postfix) with ESMTPS id 83DB43409B7 for ; Thu, 3 Sep 2015 21:54:15 +0000 (UTC) Received: from localhost.localdomain (localhost [127.0.0.1]) by oystercatcher.gentoo.org (Postfix) with ESMTP id 0402D170 for ; Thu, 3 Sep 2015 21:54:11 +0000 (UTC) From: "Anthony G. Basile" To: gentoo-commits@lists.gentoo.org Content-Transfer-Encoding: 8bit Content-type: text/plain; charset=UTF-8 Reply-To: gentoo-dev@lists.gentoo.org, "Anthony G. Basile" Message-ID: <1441317502.e9d6a1e0b883f7766516f48c1c097393ce8230ad.blueness@gentoo> Subject: [gentoo-commits] proj/musl:master commit in: net-misc/openssh/, net-misc/openssh/files/ X-VCS-Repository: proj/musl X-VCS-Files: net-misc/openssh/Manifest net-misc/openssh/files/openssh-6.4_p1-x509-glue.patch net-misc/openssh/files/openssh-6.4p1-fix-typo-construct_utmpx.patch net-misc/openssh/files/openssh-6.4p1-missing-sys_param_h.patch net-misc/openssh/files/openssh-6.7_p1-sctp-x509-glue.patch net-misc/openssh/files/openssh-6.7_p1-sshd-gssapi-multihomed.patch net-misc/openssh/files/openssh-6.7_p1-x509-glue.patch net-misc/openssh/files/openssh-6.7p1-avoid-exit.patch net-misc/openssh/files/openssh-6.8_p1-ssl-engine-configure.patch net-misc/openssh/openssh-6.7_p1-r99.ebuild net-misc/openssh/openssh-6.9_p1-r99.ebuild X-VCS-Directories: net-misc/openssh/ net-misc/openssh/files/ X-VCS-Committer: blueness X-VCS-Committer-Name: Anthony G. Basile X-VCS-Revision: e9d6a1e0b883f7766516f48c1c097393ce8230ad X-VCS-Branch: master Date: Thu, 3 Sep 2015 21:54:11 +0000 (UTC) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-commits@lists.gentoo.org X-Archives-Salt: a566cd38-1a7f-4e62-8a61-e3103b610c8e X-Archives-Hash: fb26269e124e5e03c1ffccd4f22cde0f commit: e9d6a1e0b883f7766516f48c1c097393ce8230ad Author: Anthony G. Basile gentoo org> AuthorDate: Thu Sep 3 21:58:22 2015 +0000 Commit: Anthony G. Basile gentoo org> CommitDate: Thu Sep 3 21:58:22 2015 +0000 URL: https://gitweb.gentoo.org/proj/musl.git/commit/?id=e9d6a1e0 net-misc/openssh: 6.9 fails on ppc because of __stack_chk_fail_local. Package-Manager: portage-2.2.20.1 RepoMan-Options: --force Manifest-Sign-Key: 0x9384FA6EF52D4BBA net-misc/openssh/Manifest | 20 +- .../openssh/files/openssh-6.4_p1-x509-glue.patch | 30 -- .../openssh-6.4p1-fix-typo-construct_utmpx.patch | 21 - .../files/openssh-6.4p1-missing-sys_param_h.patch | 67 ---- .../files/openssh-6.7_p1-sctp-x509-glue.patch | 42 -- .../openssh-6.7_p1-sshd-gssapi-multihomed.patch | 162 -------- .../openssh/files/openssh-6.7_p1-x509-glue.patch | 46 --- .../openssh/files/openssh-6.7p1-avoid-exit.patch | 441 --------------------- .../openssh-6.8_p1-ssl-engine-configure.patch | 33 ++ ...6.7_p1-r99.ebuild => openssh-6.9_p1-r99.ebuild} | 198 +++++---- 10 files changed, 131 insertions(+), 929 deletions(-) diff --git a/net-misc/openssh/Manifest b/net-misc/openssh/Manifest index 7ec1e09..93e1dc2 100644 --- a/net-misc/openssh/Manifest +++ b/net-misc/openssh/Manifest @@ -1,23 +1,17 @@ AUX openssh-4.7_p1-GSSAPI-dns.patch 4494 SHA256 88a08f349258d4be5b2faa838a89fe1aa0196502990b745ac0e3a70dda30a0d7 SHA512 4d00a9ed79f66b92502c3e5ee580523f63d7b3643fe1bd330ff97994acce527d4d285d38199cef66eddc0ef68afabf7b268abc60cba871bac5d2e99045d4ac11 WHIRLPOOL 2f118fd2f016c529dbc31e8f2b6b418931e6770ab02c28b7feeaba93e84e7fcd1c742f4420a43a9fec0bdfaa4d4bc7cf14fb860c0a56c68a30e7b136fb60bcdb AUX openssh-6.3_p1-x509-hpn14v2-glue.patch 1451 SHA256 d7179b3c16edd065977aaf56a410e2b9b237206fb619474f312972b430b73c8d SHA512 02577e3f718ff994bb4e962189f17048b4c03104d0a1981683f3c6a1d6d30701db368e132102c8396da2c0f5eb2f6602b26f32f74d19382af34bd9a93fc508f3 WHIRLPOOL b7d224d71634f380bd31b3a1dd3e588a29582255f717a6a308738ad58b485b693d827a53704479995ec2ebca53c9dc9b2113d8de52a1336b67ce83943f946b77 -AUX openssh-6.4_p1-x509-glue.patch 1445 SHA256 cf18f17b12514692a4e33d5fb995f5ba1bc1ea258c80babb38516d8def7d0bc3 SHA512 e5c51fd639e95ca9c7820974684117861cc58cf5172c7c44deaaca106c1e91a931421720cb210652aef30ffa41bc96efe04dbedf996120b40143080fc6b2b47d WHIRLPOOL 7c7065a22cc6237a927e6d6c0f7b4bfa7b57e32ffd8b3d70ed9e70b9a882a95ce40478873374460a6173cc5a33c22ddfbbded783568049f1b4fccb5f5253d4bf -AUX openssh-6.4p1-fix-typo-construct_utmpx.patch 796 SHA256 844bfa729eb63cd4c05c1dc518d34263f4da4e0f1510c39b27b8c15c0a23459c SHA512 d7d5dcee89b1b427098bcd8ff44d99aebb4ab077af450b89aa432796a4398e1516fe4a75fdb2ae6ef71b702ad1af5766af040316e37d3f71bce65de5be59830e WHIRLPOOL c01570bdcde7ca2c03df0db62c1c59486cf94380e6ce27104a897407d90c862e6f88ef3584f28c3c59a3744c64ad9405c6daf1053d241354bdc064d77520b03e -AUX openssh-6.4p1-missing-sys_param_h.patch 2139 SHA256 0be81f4fbcabb1e8a5459f4b41f179498cef5e3411435c16fc9b36e3f619d79e SHA512 c7f997a5351d464b9d86f1b5ae221a9788a0c77ccaf7a4d2a4e266033fc58d0dede9c7fca8cfee36cfad328513d9ba6bb735be0e778a8ce489ad98d81110f579 WHIRLPOOL 1355becb4460a4749145fcc786fd45c260d779176761ae37e27de81072f8c84fdd16f2f1c6ea0d7576ba09e048d8be85a0449987ef2097ed5c5defca8ebb5b26 AUX openssh-6.7_p1-openssl-ignore-status.patch 765 SHA256 b068cc30d4bce5c457cea78233396c9793864ec909f810dd0be87d913673433a SHA512 ab15d6dfdb8d59946684501f6f30ac0eb82676855b7b57f19f2027a7ada072f9062fcb96911111a50cfc3838492faddd282db381ec83d22462644ccddccf0ae7 WHIRLPOOL c0a4ff69d65eeb40c1ace8d5be6f8e59044a8f16dc6b37e87393e79ab80935abf30a9d2a6babc043aba0477f5f79412e1ae5d373daba580178fd85ca1f60e60b -AUX openssh-6.7_p1-sctp-x509-glue.patch 1326 SHA256 42eb87eda1685e19add23c1304f17dabd99a1a38a57bfe2bfbb70ab85f6d385e SHA512 7f014e2b1893a5240680e2e14475d61b9b6047d1be3fe404d5971a899c122cc624546e9e5b31bfee5905cf7b4605a0871c3b00ed5c2bd28d84755a49392e1a69 WHIRLPOOL 8d6888163068dbc486bc4eff0dd7d4053f68b9848347eb520dd7d382b0b8c74e3016f7f3ed401c2c2dfd48e73a9077fb9777d39c0f236cc500c53393be426b42 -AUX openssh-6.7_p1-sshd-gssapi-multihomed.patch 5489 SHA256 d2a1735b523709a4b4ceaa57862ecb21a95656678bacc5b7da59dc46187ad997 SHA512 a8b8d2c2ab4520c8c7315f6130ee44fec48935a129ce7c7e51a068a4de2c7528980437246b61e4abc4cff614466f8054c554cdbaad4eb0d1f4afcfb434c30bbc WHIRLPOOL e4b97398c324360576a04792357f66be3ed9f17e4113f75275f8422ee0b7ecf28073c7cde01a63e24fa0901b14db822d22d7d2c5936bbee3bd5874a867066967 -AUX openssh-6.7_p1-x509-glue.patch 1633 SHA256 58031e90e0bf220028934ab590af6ccfc45722629b2416df13d84f10c9b94478 SHA512 364ca0280be5cc83d1dedf7727323fd5fc0093c6dbcf9cc8ccaa30ee754b866584be28da1166953f03faf8745d6364e33fad7daad9be9a29681a8674eb9d292b WHIRLPOOL b79a6cff897be78793bbf2ca03154103aa1380647b8c53e104155fd68122568a8e7dea23996213b192e4269f980b1035d3ca395dbd2c318fd81a45f44d110c31 -AUX openssh-6.7p1-avoid-exit.patch 9766 SHA256 a2ccd76c5ce0f5761c1cea49a7055c171c2be1cfe6bf20ae60ba6cbfe7c7d1f4 SHA512 524630996012c0cbbcc835519760808a52b68d9180b8d82bd3f596bbd3661bceec9e6163876a2bedf7b7ce0d869800801134f1f465c3e2a932f0d300a23ad172 WHIRLPOOL 0254a83459a480370e89556417e077d9f206bf3b34a1630019db619647c055d1c4e4d8570ba154666bf60b8dea60c3ed97a7ba9b7b81e9680f4a62a1a2d3198a +AUX openssh-6.8_p1-ssl-engine-configure.patch 936 SHA256 cb3f34ef031aa5360b082468b4afb8b7fd2c778c990c2f20fda250167725ff88 SHA512 4b7840f719ad58c1f196327a52534f0a21264ce47e8df4a335e9f58d9d5eae33dbb9a75a2a714c3bdae6bee04728e66020ed57eb521fc1164521c4c5aa4a9a93 WHIRLPOOL 662d6eedb091021d5da4cdbd6d623e3678e54fb75cb52d8afdc4ef9c31f98d95f8445c2fde834d622b0aabf8b9593244847da574201ed176c350747526a28fe5 AUX sshd.confd 396 SHA256 29c6d57ac3ec6018cadc6ba6cd9b90c9ed46e20049b970fdcc68ee2481a2ee41 SHA512 b9ae816af54a55e134a9307e376f05367b815f1b3fd545c2a2c312d18aedcf907f413e8bad8db980cdd9aad4011a72a79e1e94594f69500939a9cb46287f2f81 WHIRLPOOL 69f43e6192e009a4663d130f7e40ee8b13c6eb9cc7d960b5e0e22f5d477649c88806a9d219efef211f4346582c2bb51e40d230a8191e5953dbe08bfff976ae53 AUX sshd.pam_include.2 156 SHA256 166136e27d653e0bf481a6ca79fecb7d9fa2fc3d597d041f97df595f65a8193c SHA512 d3f7e6ca8c9f2b5060ebccb259316bb59c9a7e158e8ef9466765a20db263a4043a590811f1a3ab072b718dbd70898bc69b77e0b19603d7f394b5ac1bd0a4a56c WHIRLPOOL ba7a0a8c3bb39c5fda69de34b822a19696398e0a8789211ac1faae787ee34f9639eb35efe29c67f874b5f9fe674742503e570f441c005974f4a0c93468b8970b AUX sshd.rc6.4 2313 SHA256 97221a017d8ee9de996277c5a794d973a0b5e8180c29c97b3652bd1984a7b5d0 SHA512 88826bc9923299ac4c1502e7076483d6c197fd5a0e693bc2e1690f82bcd7d1bbd144aae2ffd92acb28d6fe912233aa93346e00c72917de65c22811ce9cd5bff7 WHIRLPOOL a77bad5891eb74770ae12e79131a99e5645a83841d14f1d60e39581a23b9d86e66b2e5fb7d0c989afac410eb5c6a627b83389d54085d1b78c89fc07852f8eb66 AUX sshd.service 242 SHA256 1351c43fe8287f61255ace9fa20790f770d69296b4dd31b0c583983d4cc59843 SHA512 77f50c85a2c944995a39819916eb860cfdc1aff90986e93282e669a0de73c287ecb92d550fd118cfcc8ab538eab677e0d103b23cd959b7e8d9801bc37250c39c WHIRLPOOL 0f5c48d709274c526ceee4f26e35dcb00816ffa9d6661acc1e4e462acb38c3c6108b0e87783eff9da1b1868127c5550c57a5a0a9d7270b927ac4b92191876989 AUX sshd.socket 136 SHA256 c055abcd10c5d372119cbc3708661ddffccdee7a1de1282559c54d03e2f109d9 SHA512 4d31d373b7bdae917dc0cf05418c71d4743e98e354aefcf055f88f55c9c644a5a0e0e605dbb8372c1b98d17c0ea1c8c0fee27d38ab8dbe23c7e420a6a78c6d42 WHIRLPOOL 102d87b708c31e5994e8005437c78b1aa756c6def4ee9ae2fa9be1438f328fc28c9152a4ff2528941be18f1311594490ecd98b66716ec74e970aa3725a98e2e5 AUX sshd_at.service 176 SHA256 332f5ffc30456fe2494095c2aabd1e6e02075ce224e2d49708ac7ccf6d341998 SHA512 662a9c2668902633e6dbcb9435ac35bec3e224afdb2ab6a1df908618536ae9fc1958ba1d611e146c01fddb0c8f41eefdc26de78f45b7f165b1d6b2ee2f23be2a WHIRLPOOL aeb32351380dd674ef7a2e7b537f43116c189f7fddb8bdb8b2c109e9f62b0a73cc0f29f2d46270e658ab6409b8d3671ce9e0d0ba7c0d3674c2f85291a73e6df1 -DIST openssh-6.7_p1-sctp.patch.xz 7408 SHA256 b33e82309195f2a3f21a9fb14e6da2080b096dcf0d6f1c36c93cdeac683fdd59 SHA512 35da5e58f857e8b24e63b4058e946b71fdf0fecc637cb7af0ba8913869e5aadf8317805838936c84dc24421f03c5c91e1670761bed152fdf325c5a509f1b5d04 WHIRLPOOL cc7bace4aa60d720914e3a6a4ff650b7543d9e4963deab12c19cb5d798547b4fe547690946ff8955e121339e9a3d0ebe06f3ff758cca4bb81a09ac43fc877f58 -DIST openssh-6.7p1+x509-8.2.diff.gz 241798 SHA256 85acfcd560b40d4533b82a4e3f443b7137b377868bab424dacdf00581c83240f SHA512 d33ece7ddf382235b032875cf961845b308dc5e4cd1888cb68fee11c95066bb90938f9043cb9410f372efb578b61dfd5d50341da95a92fab5a4c209ac54e1f5e WHIRLPOOL b1fe2b88f0e77312099171f5c83dc670abc4c40d215fdff1e43161e44f806de9e0537cfa3a0001e1c7bbc0d0aed555079455f88b8ff313b00d8e9a19dabcb7d8 -DIST openssh-6.7p1-hpnssh14v5.tar.xz 25652 SHA256 7284db65548b6b04142930da86972f96b1f5aa8ad3fc125134412f904f369d7e SHA512 21929805f40c79684ee3ecdb2b495d3204dca90b932aa633c4e0f6a093a417259cdeee10b3e49f3dff426febc6792f45ee23cc0688f05bf047630f3016e0926a WHIRLPOOL 5515cd4c745b061a3e92ac03e8121fb3ffc4b2ff116140625ca7ab2c0211c673b6345e5b08134df8b1743e03f9964017e789e1f0b9da99a0fd5970e14665e681 -DIST openssh-6.7p1.tar.gz 1351367 SHA256 b2f8394eae858dabbdef7dac10b99aec00c95462753e80342e530bbb6f725507 SHA512 2469dfcd289948374843311dd9e5f7e144ce1cebd4bfce0d387d0b75cb59f3e1af1b9ebf96bd4ab6407dfa77a013c5d25742971053e61cae2541054aeaca559d WHIRLPOOL ac8ce86d0f6c78c4cb3624b480f189f951d508db38b22d7a5550b7302d5277c1c7d18eaa713d52139abc0f77edacfdb03ced2603125e3ddf9bc09c69e6b70518 -DIST openssh-lpk-6.7p1-0.3.14.patch.xz 16920 SHA256 0203e6e44e41d58ec46d1611d7efc985134e662bbee51632c29f43ae809003f0 SHA512 344ccde4a04aeb1500400f779e64b2d8a5ad2970de3c4c343ca9605758e22d3812ef5453cd3221b18ad74a9762583c62417879107e4e1dda1398a6a65bcd04b2 WHIRLPOOL 5b6beeb743d04deea70c8b471a328b5f056fd4651e1370c7882e5d12f54fa2170486dcd6f97aa8c58e80af9a2d4012e2dfbcf53185317976d309783ca8d6cf73 -EBUILD openssh-6.7_p1-r99.ebuild 10109 SHA256 3f94d0374656b23805d4d211bc6bf882814082a2d71a7f505e043550dedf029e SHA512 e311b8c49059904226b78bc4184e9e85c9c3e331f50937e20a8db8e337baa9ac8e6d12ab63642aa4247913ff5402fc532fa70192fdaef3072f790db2609a9297 WHIRLPOOL 6fb85a46881a1e226ac8a50fc8bd848d67f21689ff117f457882ae72faff424266816cbd078fea89464a55d3b33cf46bb49f8eaa80f252713d6b8b0ba06da246 +DIST openssh-6.8_p1-sctp.patch.xz 7388 SHA256 2c74dd00aaae9f4de908d8e5685ae982779a5069996b98d55e8408eada739a19 SHA512 f93a1d27bc3e57a6d4fa717c9d5ece4f28196f8539cb2f2efc4285dce9a2e94a3f5a59d18fc01ea73a94e90630cee7621240455fce146f781cf7091a828f2db0 WHIRLPOOL 7fb3346c3444654988303ff2a941345c00412a8012d6d419c9e4f870ef4c3362f92a4020d7bff2dc5d1ff9e42cf7287c4346909f8db07154783d5359a73a7476 +DIST openssh-6.9p1+x509-8.4.diff.gz 425687 SHA256 0ed8bfff0d2ecd9f3791ae1f168ca3270bb66d7ab7bc0a8ff2d61d2ab829c3fb SHA512 596cb65408db06fb299b92160147685b001dc23929ecf5c4bd11a8b0475d79695c7b4dbe8a878d7fbcd944155935fd62a14e35c79204b39e413f5eaa961ef76c WHIRLPOOL 771fa0f4f6a20ed49ba201605fcdcbfc41a0f094ef4a89ca2433ee51b7c8bf99cc266f26bd7877c61ff92e9a50c7d65119ba75ba64eaa029bd567bab3ee243c2 +DIST openssh-6.9p1-r1-hpnssh14v5.tar.xz 21396 SHA256 84e9e28a1488ccf66e29a7c90442b3bc4833a6fa186260fb6853b5a1b19c0beb SHA512 476064dbdb3d82b86ad7c481a4a301ff0d46bd281fe7ca0c29f34ae50b0034028760997ae2c934a265499c154f4534d35ead647aa63d1a4545ed503a5364eada WHIRLPOOL 74eaf2fe0a6ecd0e2fa5078034628d4c76c75b121f3c813ff8a098ab28363daa3800d03936046aa3aebbfdab3afd31ef30a207399f5e305d7f71e5f3c7e4f4a7 +DIST openssh-6.9p1.tar.gz 1487617 SHA256 6e074df538f357d440be6cf93dc581a21f22d39e236f217fcd8eacbb6c896cfe SHA512 68fec9b4e512fe126a5d35b01e2cc656d810b75052ed8a36bc85cd0a05de7318b15ed287bc95cf9bcb3fa2f385029151d85aced55e07fbcc79e6c779bee6751d WHIRLPOOL 1dcb291383c9f934b512f61ce9f6e0319f22e112ce3f6eace2a868ca0f99c709c65bae14a9815e2ef237f8132fe72c583cffb7ea20bdfa2aaa77cf347967be7f +DIST openssh-lpk-6.8p1-0.3.14.patch.xz 16940 SHA256 d5f048dc7e9d3fca085c152fc31306f1d8fa793e524c538295915b075ec085b0 SHA512 2470b6b46f8c7ac985f82d14b788a3eb81a468a1d5013cb7f89257d9dd78b6037e24bf54ac57b757db8ed1df24332d659cf918c11ea73592fd24a69c25a54081 WHIRLPOOL b041ee9e0efdf370686f11df4131ab5e5ffb2f11cc66c386a8223bf563c5b78ab9443f06e4adc2e506e440cdec9dc5b20f5972cd8d691d786d2f903bb49b947b +EBUILD openssh-6.9_p1-r99.ebuild 9784 SHA256 41579ef5715c5a7a6b96b290830cf52189d26ddd73c932763e5078a9b27286e1 SHA512 3c6885e8f6ff5b43dfcf99c8dfc303fb01c31d383c51439a9bfd731a7111d4c79393f1df8567c028e6bd553958d381d6d0d2585b3f88273083e20a3e05fc941a WHIRLPOOL b669a92baf88cc26c024db804240a7f5bca2feef1bb634674837d6c83d78436e01008072e6d18682e2526e4b1427a753e46821495b768df2c49adef28addfd28 MISC metadata.xml 1912 SHA256 7b838285f09ad395f237a0d0b9963eee86d0e85b58e6e5b4d5edb093fa888a0a SHA512 e55c10ffd12488720c3da19e55942cfedec63fe767fc1608439b5a3932eeb5488086ad7ef4e1f858c89381e737426f035845ea5e8bede4ed8a0ccabdc656d9b5 WHIRLPOOL 5c07b3dd4a4002cff5df62133ecf570bf79f58e9477d0ad25d60f185ee029183d11118147e3adfec373542659d921e99e787054cfe9284031c974d694de6e9ed diff --git a/net-misc/openssh/files/openssh-6.4_p1-x509-glue.patch b/net-misc/openssh/files/openssh-6.4_p1-x509-glue.patch deleted file mode 100644 index 6aed19b..0000000 --- a/net-misc/openssh/files/openssh-6.4_p1-x509-glue.patch +++ /dev/null @@ -1,30 +0,0 @@ -Make x509 apply after openssh-5.9_p1-sshd-gssapi-multihomed.patch and remove -redundant README.x509v3 directory. - ---- openssh-6.4p1+x509-7.7.diff.orig 2013-11-09 14:51:13.400696545 -0800 -+++ openssh-6.4p1+x509-7.7.diff 2013-11-09 14:51:05.798786189 -0800 -@@ -6809,9 +6809,9 @@ - - -$OpenBSD: README.dns,v 1.2 2003/10/14 19:43:23 jakob Exp $ - +$OpenBSD$ --diff -ruN openssh-6.4p1/README.x509v3/README.x509v3 openssh-6.4p1+x509-7.7/README.x509v3/README.x509v3 ----- openssh-6.4p1/README.x509v3/README.x509v3 1970-01-01 02:00:00.000000000 +0200 --+++ openssh-6.4p1+x509-7.7/README.x509v3/README.x509v3 2013-05-17 18:50:02.156263192 +0300 -+diff -ruN openssh-6.4p1/README.x509v3 openssh-6.4p1+x509-7.7/README.x509v3 -+--- openssh-6.4p1/README.x509v3 1970-01-01 02:00:00.000000000 +0200 -++++ openssh-6.4p1+x509-7.7/README.x509v3 2013-05-17 18:50:02.156263192 +0300 - @@ -0,0 +1,615 @@ - + Roumen Petrov - + Sofia, Bulgaria -@@ -14793,10 +14793,9 @@ - .It Cm ChallengeResponseAuthentication - Specifies whether challenge-response authentication is allowed (e.g. via - PAM or though authentication styles supported in --@@ -490,6 +567,16 @@ -+@@ -490,5 +567,15 @@ - The default is - .Dq yes . -- Note that this option applies to protocol version 2 only. - +.It Cm HostbasedAlgorithms - +Specifies the protocol version 2 algorithms used in - +.Dq hostbased diff --git a/net-misc/openssh/files/openssh-6.4p1-fix-typo-construct_utmpx.patch b/net-misc/openssh/files/openssh-6.4p1-fix-typo-construct_utmpx.patch deleted file mode 100644 index a3361ca..0000000 --- a/net-misc/openssh/files/openssh-6.4p1-fix-typo-construct_utmpx.patch +++ /dev/null @@ -1,21 +0,0 @@ -diff -Naur openssh-6.4p1.orig/loginrec.c openssh-6.4p1/loginrec.c ---- openssh-6.4p1.orig/loginrec.c 2014-01-22 17:33:12.380676129 +0000 -+++ openssh-6.4p1/loginrec.c 2014-01-22 17:55:40.957751536 +0000 -@@ -785,12 +785,12 @@ - /* this is just a 128-bit IPv6 address */ - if (li->hostaddr.sa.sa_family == AF_INET6) { - sa6 = ((struct sockaddr_in6 *)&li->hostaddr.sa); -- memcpy(ut->ut_addr_v6, sa6->sin6_addr.s6_addr, 16); -+ memcpy(utx->ut_addr_v6, sa6->sin6_addr.s6_addr, 16); - if (IN6_IS_ADDR_V4MAPPED(&sa6->sin6_addr)) { -- ut->ut_addr_v6[0] = ut->ut_addr_v6[3]; -- ut->ut_addr_v6[1] = 0; -- ut->ut_addr_v6[2] = 0; -- ut->ut_addr_v6[3] = 0; -+ utx->ut_addr_v6[0] = utx->ut_addr_v6[3]; -+ utx->ut_addr_v6[1] = 0; -+ utx->ut_addr_v6[2] = 0; -+ utx->ut_addr_v6[3] = 0; - } - } - # endif diff --git a/net-misc/openssh/files/openssh-6.4p1-missing-sys_param_h.patch b/net-misc/openssh/files/openssh-6.4p1-missing-sys_param_h.patch deleted file mode 100644 index 22b6ffa..0000000 --- a/net-misc/openssh/files/openssh-6.4p1-missing-sys_param_h.patch +++ /dev/null @@ -1,67 +0,0 @@ -diff -Naur openssh-6.4p1.orig/channels.c openssh-6.4p1/channels.c ---- openssh-6.4p1.orig/channels.c 2014-01-22 17:14:19.508612783 +0000 -+++ openssh-6.4p1/channels.c 2014-01-22 17:18:18.176626129 +0000 -@@ -61,6 +61,7 @@ - #include - #include - #include -+#include - - #include "openbsd-compat/sys-queue.h" - #include "xmalloc.h" -diff -Naur openssh-6.4p1.orig/loginrec.c openssh-6.4p1/loginrec.c ---- openssh-6.4p1.orig/loginrec.c 2013-06-01 22:07:32.000000000 +0000 -+++ openssh-6.4p1/loginrec.c 2014-01-22 17:30:57.322668577 +0000 -@@ -162,6 +162,7 @@ - #include - #include - #include -+#include - #include - - #include "xmalloc.h" -diff -Naur openssh-6.4p1.orig/sshconnect.c openssh-6.4p1/sshconnect.c ---- openssh-6.4p1.orig/sshconnect.c 2014-01-22 17:16:53.809621411 +0000 -+++ openssh-6.4p1/sshconnect.c 2014-01-22 17:17:19.535622850 +0000 -@@ -40,6 +40,7 @@ - #include - #include - #include -+#include - - #include "xmalloc.h" - #include "key.h" -diff -Naur openssh-6.4p1.orig/sshd.c openssh-6.4p1/sshd.c ---- openssh-6.4p1.orig/sshd.c 2014-01-22 17:14:19.517612784 +0000 -+++ openssh-6.4p1/sshd.c 2014-01-22 17:18:54.560628163 +0000 -@@ -83,6 +83,8 @@ - #include - #endif - -+#include -+ - #include "xmalloc.h" - #include "ssh.h" - #include "ssh1.h" -diff -Naur openssh-6.4p1.orig/ssh-keyscan.c openssh-6.4p1/ssh-keyscan.c ---- openssh-6.4p1.orig/ssh-keyscan.c 2013-06-01 21:31:19.000000000 +0000 -+++ openssh-6.4p1/ssh-keyscan.c 2014-01-22 17:59:37.756764777 +0000 -@@ -29,6 +29,7 @@ - #include - #include - #include -+#include - - #include "xmalloc.h" - #include "ssh.h" -diff -Naur openssh-6.4p1.orig/ssh-pkcs11-helper.c openssh-6.4p1/ssh-pkcs11-helper.c ---- openssh-6.4p1.orig/ssh-pkcs11-helper.c 2013-06-01 21:31:19.000000000 +0000 -+++ openssh-6.4p1/ssh-pkcs11-helper.c 2014-01-22 18:00:04.653766281 +0000 -@@ -28,6 +28,7 @@ - #include - #include - #include -+#include - - #include "xmalloc.h" - #include "buffer.h" diff --git a/net-misc/openssh/files/openssh-6.7_p1-sctp-x509-glue.patch b/net-misc/openssh/files/openssh-6.7_p1-sctp-x509-glue.patch deleted file mode 100644 index bd0b7ce..0000000 --- a/net-misc/openssh/files/openssh-6.7_p1-sctp-x509-glue.patch +++ /dev/null @@ -1,42 +0,0 @@ ---- openssh-6.7_p1-sctp.patch.orig 2014-11-24 10:34:31.817538707 -0800 -+++ openssh-6.7_p1-sctp.patch 2014-11-24 10:38:52.744990154 -0800 -@@ -195,14 +195,6 @@ - .Op Fl c Ar cipher - .Op Fl F Ar ssh_config - .Op Fl i Ar identity_file --@@ -178,6 +178,7 @@ For full details of the options listed b -- .It ServerAliveCountMax -- .It StrictHostKeyChecking -- .It TCPKeepAlive --+.It Transport -- .It UsePrivilegedPort -- .It User -- .It UserKnownHostsFile - @@ -218,6 +219,8 @@ and - to print debugging messages about their progress. - This is helpful in -@@ -482,14 +474,6 @@ - .Op Fl b Ar bind_address - .Op Fl c Ar cipher_spec - .Op Fl D Oo Ar bind_address : Oc Ns Ar port --@@ -473,6 +473,7 @@ For full details of the options listed b -- .It StreamLocalBindUnlink -- .It StrictHostKeyChecking -- .It TCPKeepAlive --+.It Transport -- .It Tunnel -- .It TunnelDevice -- .It UsePrivilegedPort - @@ -665,6 +666,8 @@ Trusted X11 forwardings are not subjecte - controls. - .It Fl y -@@ -527,7 +511,7 @@ -- again: -+ - - while ((opt = getopt(ac, av, "1246ab:c:e:fgi:kl:m:no:p:qstvx" - + while ((opt = getopt(ac, av, "1246ab:c:e:fgi:kl:m:no:p:qstvx" SCTP_OPT -- "ACD:E:F:I:KL:MNO:PQ:R:S:TVw:W:XYy")) != -1) { -+ "ACD:E:F:" ENGCONFIG "I:KL:MNO:PQ:R:S:TVw:W:XYy")) != -1) { - switch (opt) { - case '1': - @@ -732,6 +738,11 @@ main(int ac, char **av) diff --git a/net-misc/openssh/files/openssh-6.7_p1-sshd-gssapi-multihomed.patch b/net-misc/openssh/files/openssh-6.7_p1-sshd-gssapi-multihomed.patch deleted file mode 100644 index 96818e4..0000000 --- a/net-misc/openssh/files/openssh-6.7_p1-sshd-gssapi-multihomed.patch +++ /dev/null @@ -1,162 +0,0 @@ -https://bugs.gentoo.org/378361 -https://bugzilla.mindrot.org/show_bug.cgi?id=928 - ---- a/gss-serv.c -+++ b/gss-serv.c -@@ -41,9 +41,12 @@ - #include "channels.h" - #include "session.h" - #include "misc.h" -+#include "servconf.h" - - #include "ssh-gss.h" - -+extern ServerOptions options; -+ - static ssh_gssapi_client gssapi_client = - { GSS_C_EMPTY_BUFFER, GSS_C_EMPTY_BUFFER, - GSS_C_NO_CREDENTIAL, NULL, {NULL, NULL, NULL}}; -@@ -77,25 +80,32 @@ ssh_gssapi_acquire_cred(Gssctxt *ctx) - char lname[NI_MAXHOST]; - gss_OID_set oidset; - -- gss_create_empty_oid_set(&status, &oidset); -- gss_add_oid_set_member(&status, ctx->oid, &oidset); -- -- if (gethostname(lname, sizeof(lname))) { -- gss_release_oid_set(&status, &oidset); -- return (-1); -- } -+ if (options.gss_strict_acceptor) { -+ gss_create_empty_oid_set(&status, &oidset); -+ gss_add_oid_set_member(&status, ctx->oid, &oidset); -+ -+ if (gethostname(lname, MAXHOSTNAMELEN)) { -+ gss_release_oid_set(&status, &oidset); -+ return (-1); -+ } -+ -+ if (GSS_ERROR(ssh_gssapi_import_name(ctx, lname))) { -+ gss_release_oid_set(&status, &oidset); -+ return (ctx->major); -+ } -+ -+ if ((ctx->major = gss_acquire_cred(&ctx->minor, -+ ctx->name, 0, oidset, GSS_C_ACCEPT, &ctx->creds, -+ NULL, NULL))) -+ ssh_gssapi_error(ctx); - -- if (GSS_ERROR(ssh_gssapi_import_name(ctx, lname))) { - gss_release_oid_set(&status, &oidset); - return (ctx->major); -+ } else { -+ ctx->name = GSS_C_NO_NAME; -+ ctx->creds = GSS_C_NO_CREDENTIAL; - } -- -- if ((ctx->major = gss_acquire_cred(&ctx->minor, -- ctx->name, 0, oidset, GSS_C_ACCEPT, &ctx->creds, NULL, NULL))) -- ssh_gssapi_error(ctx); -- -- gss_release_oid_set(&status, &oidset); -- return (ctx->major); -+ return GSS_S_COMPLETE; - } - - /* Privileged */ ---- a/servconf.c -+++ b/servconf.c -@@ -86,6 +86,7 @@ initialize_server_options(ServerOptions - options->kerberos_get_afs_token = -1; - options->gss_authentication=-1; - options->gss_cleanup_creds = -1; -+ options->gss_strict_acceptor = -1; - options->password_authentication = -1; - options->kbd_interactive_authentication = -1; - options->challenge_response_authentication = -1; -@@ -200,6 +201,8 @@ fill_default_server_options(ServerOption - options->gss_authentication = 0; - if (options->gss_cleanup_creds == -1) - options->gss_cleanup_creds = 1; -+ if (options->gss_strict_acceptor == -1) -+ options->gss_strict_acceptor = 0; - if (options->password_authentication == -1) - options->password_authentication = 1; - if (options->kbd_interactive_authentication == -1) -@@ -277,7 +280,8 @@ typedef enum { - sBanner, sUseDNS, sHostbasedAuthentication, - sHostbasedUsesNameFromPacketOnly, sClientAliveInterval, - sClientAliveCountMax, sAuthorizedKeysFile, -- sGssAuthentication, sGssCleanupCreds, sAcceptEnv, sPermitTunnel, -+ sGssAuthentication, sGssCleanupCreds, sGssStrictAcceptor, -+ sAcceptEnv, sPermitTunnel, - sMatch, sPermitOpen, sForceCommand, sChrootDirectory, - sUsePrivilegeSeparation, sAllowAgentForwarding, - sZeroKnowledgePasswordAuthentication, sHostCertificate, -@@ -327,9 +331,11 @@ static struct { - #ifdef GSSAPI - { "gssapiauthentication", sGssAuthentication, SSHCFG_ALL }, - { "gssapicleanupcredentials", sGssCleanupCreds, SSHCFG_GLOBAL }, -+ { "gssapistrictacceptorcheck", sGssStrictAcceptor, SSHCFG_GLOBAL }, - #else - { "gssapiauthentication", sUnsupported, SSHCFG_ALL }, - { "gssapicleanupcredentials", sUnsupported, SSHCFG_GLOBAL }, -+ { "gssapistrictacceptorcheck", sUnsupported, SSHCFG_GLOBAL }, - #endif - { "passwordauthentication", sPasswordAuthentication, SSHCFG_ALL }, - { "kbdinteractiveauthentication", sKbdInteractiveAuthentication, SSHCFG_ALL }, -@@ -850,6 +856,10 @@ process_server_config_line(ServerOptions - - case sGssCleanupCreds: - intptr = &options->gss_cleanup_creds; -+ goto parse_flag; -+ -+ case sGssStrictAcceptor: -+ intptr = &options->gss_strict_acceptor; - goto parse_flag; - - case sPasswordAuthentication: ---- a/servconf.h -+++ b/servconf.h -@@ -92,6 +92,7 @@ typedef struct { - * authenticated with Kerberos. */ - int gss_authentication; /* If true, permit GSSAPI authentication */ - int gss_cleanup_creds; /* If true, destroy cred cache on logout */ -+ int gss_strict_acceptor; /* If true, restrict the GSSAPI acceptor name */ - int password_authentication; /* If true, permit password - * authentication. */ - int kbd_interactive_authentication; /* If true, permit */ ---- a/sshd_config -+++ b/sshd_config -@@ -69,6 +69,7 @@ - # GSSAPI options - #GSSAPIAuthentication no - #GSSAPICleanupCredentials yes -+#GSSAPIStrictAcceptorCheck yes - - # Set this to 'yes' to enable PAM authentication, account processing, - # and session processing. If this is enabled, PAM authentication will ---- a/sshd_config.5 -+++ b/sshd_config.5 -@@ -386,6 +386,21 @@ on logout. - The default is - .Dq yes . - Note that this option applies to protocol version 2 only. -+.It Cm GSSAPIStrictAcceptorCheck -+Determines whether to be strict about the identity of the GSSAPI acceptor -+a client authenticates against. -+If set to -+.Dq yes -+then the client must authenticate against the -+.Pa host -+service on the current hostname. -+If set to -+.Dq no -+then the client may authenticate against any service key stored in the -+machine's default store. -+This facility is provided to assist with operation on multi homed machines. -+The default is -+.Dq yes . - .It Cm HostbasedAuthentication - Specifies whether rhosts or /etc/hosts.equiv authentication together - with successful public key client host authentication is allowed diff --git a/net-misc/openssh/files/openssh-6.7_p1-x509-glue.patch b/net-misc/openssh/files/openssh-6.7_p1-x509-glue.patch deleted file mode 100644 index 71b9c51..0000000 --- a/net-misc/openssh/files/openssh-6.7_p1-x509-glue.patch +++ /dev/null @@ -1,46 +0,0 @@ ---- openssh-6.7p1.orig/sshd_config.5 2014-11-24 10:24:29.356244415 -0800 -+++ openssh-6.7p1/sshd_config.5 2014-11-24 10:23:49.415029039 -0800 -@@ -610,21 +610,6 @@ - The default is - .Dq yes . - Note that this option applies to protocol version 2 only. --.It Cm GSSAPIStrictAcceptorCheck --Determines whether to be strict about the identity of the GSSAPI acceptor --a client authenticates against. --If set to --.Dq yes --then the client must authenticate against the --.Pa host --service on the current hostname. --If set to --.Dq no --then the client may authenticate against any service key stored in the --machine's default store. --This facility is provided to assist with operation on multi homed machines. --The default is --.Dq yes . - .It Cm HostbasedAuthentication - Specifies whether rhosts or /etc/hosts.equiv authentication together - with successful public key client host authentication is allowed -@@ -651,6 +636,21 @@ - attempting to resolve the name from the TCP connection itself. - The default is - .Dq no . -+.It Cm GSSAPIStrictAcceptorCheck -+Determines whether to be strict about the identity of the GSSAPI acceptor -+a client authenticates against. -+If set to -+.Dq yes -+then the client must authenticate against the -+.Pa host -+service on the current hostname. -+If set to -+.Dq no -+then the client may authenticate against any service key stored in the -+machine's default store. -+This facility is provided to assist with operation on multi homed machines. -+The default is -+.Dq yes . - .It Cm HostCertificate - Specifies a file containing a public host certificate. - The certificate's public key must match a private host key already specified diff --git a/net-misc/openssh/files/openssh-6.7p1-avoid-exit.patch b/net-misc/openssh/files/openssh-6.7p1-avoid-exit.patch deleted file mode 100644 index 4998a94..0000000 --- a/net-misc/openssh/files/openssh-6.7p1-avoid-exit.patch +++ /dev/null @@ -1,441 +0,0 @@ -diff -ur a/openssh-6.7p1/configure.ac b/openssh-6.7p1/configure.ac ---- a/openssh-6.7p1/configure.ac 2014-08-26 21:32:01.000000000 -0100 -+++ b/openssh-6.7p1/configure.ac 2014-12-08 20:55:47.281836604 -0100 -@@ -252,7 +252,7 @@ - [AC_LANG_PROGRAM([[ - #include - __attribute__((__unused__)) static void foo(void){return;}]], -- [[ exit(0); ]])], -+ [[ return 0; ]])], - [ AC_MSG_RESULT([yes]) ], - [ AC_MSG_RESULT([no]) - AC_DEFINE(NO_ATTRIBUTE_ON_RETURN_TYPE, 1, -@@ -442,7 +442,7 @@ - [AC_LANG_PROGRAM([[ - #define testmacro foo - #define testmacro bar]], -- [[ exit(0); ]])], -+ [[ return 0; ]])], - [ AC_MSG_RESULT([yes]) ], - [ AC_MSG_RESULT([no]) - CC="`echo $CC | sed 's/-qlanglvl\=ansi//g'`" -@@ -562,9 +562,9 @@ - AC_MSG_CHECKING([if we have working getaddrinfo]) - AC_RUN_IFELSE([AC_LANG_SOURCE([[ #include - main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16)) -- exit(0); -+ return 0; - else -- exit(1); -+ return 1; - } - ]])], - [AC_MSG_RESULT([working])], -@@ -1067,7 +1067,7 @@ - esac - - AC_MSG_CHECKING([compiler and flags for sanity]) --AC_RUN_IFELSE([AC_LANG_PROGRAM([[ #include ]], [[ exit(0); ]])], -+AC_RUN_IFELSE([AC_LANG_PROGRAM([[ #include ]], [[ return 0; ]])], - [ AC_MSG_RESULT([yes]) ], - [ - AC_MSG_RESULT([no]) -@@ -1099,9 +1099,9 @@ - strncpy(buf,"/etc", 32); - s = dirname(buf); - if (!s || strncmp(s, "/", 32) != 0) { -- exit(1); -+ return 1; - } else { -- exit(0); -+ return 0; - } - } - ]])], -@@ -1191,19 +1191,19 @@ - int a=0, b=0, c=0, d=0, n, v; - n = sscanf(ZLIB_VERSION, "%d.%d.%d.%d", &a, &b, &c, &d); - if (n != 3 && n != 4) -- exit(1); -+ return 1; - v = a*1000000 + b*10000 + c*100 + d; - fprintf(stderr, "found zlib version %s (%d)\n", ZLIB_VERSION, v); - - /* 1.1.4 is OK */ - if (a == 1 && b == 1 && c >= 4) -- exit(0); -+ return 0; - - /* 1.2.3 and up are OK */ - if (v >= 1020300) -- exit(0); -+ return 0; - -- exit(2); -+ return 2; - ]])], - AC_MSG_RESULT([no]), - [ AC_MSG_RESULT([yes]) -@@ -1308,7 +1308,7 @@ - #include ]], - [[ - struct dirent d; -- exit(sizeof(d.d_name)<=sizeof(char)); -+ return sizeof(d.d_name)<=sizeof(char); - ]])], - [AC_MSG_RESULT([yes])], - [ -@@ -1354,7 +1354,7 @@ - #include - ]], [[ - char *ff = skey_keyinfo(""); ff=""; -- exit(0); -+ return 0; - ]])], - [AC_MSG_RESULT([yes])], - [ -@@ -1403,7 +1403,7 @@ - #include - #include - #include --int main() { ldns_status status = ldns_verify_trusted(NULL, NULL, NULL, NULL); status=LDNS_STATUS_OK; exit(0); } -+int main() { ldns_status status = ldns_verify_trusted(NULL, NULL, NULL, NULL); status=LDNS_STATUS_OK; return 0; } - ]]) - ], - [AC_MSG_RESULT(yes)], -@@ -1460,7 +1460,7 @@ - [[ - int i = H_SETSIZE; - el_init("", NULL, NULL, NULL); -- exit(0); -+ return 0; - ]])], - [ AC_MSG_RESULT([yes]) ], - [ AC_MSG_RESULT([no]) -@@ -1808,9 +1808,9 @@ - errno=0; - setresuid(0,0,0); - if (errno==ENOSYS) -- exit(1); -+ return 1; - else -- exit(0); -+ return 0; - ]])], - [AC_MSG_RESULT([yes])], - [AC_DEFINE([BROKEN_SETRESUID], [1], -@@ -1831,9 +1831,9 @@ - errno=0; - setresgid(0,0,0); - if (errno==ENOSYS) -- exit(1); -+ return 1; - else -- exit(0); -+ return 0; - ]])], - [AC_MSG_RESULT([yes])], - [AC_DEFINE([BROKEN_SETRESGID], [1], -@@ -1875,7 +1875,7 @@ - [[ - char b[5]; - snprintf(b,5,"123456789"); -- exit(b[4]!='\0'); -+ return b[4]!='\0'; - ]])], - [AC_MSG_RESULT([yes])], - [ -@@ -1966,9 +1966,9 @@ - ]], [[ - char template[]="conftest.mkstemp-test"; - if (mkstemp(template) == -1) -- exit(1); -+ return 1; - unlink(template); -- exit(0); -+ return 0; - ]])], - [ - AC_MSG_RESULT([no]) -@@ -1999,22 +1999,22 @@ - - pid = fork(); - if (pid < 0) { /* failed */ -- exit(1); -+ return 1; - } else if (pid > 0) { /* parent */ - waitpid(pid, &status, 0); - if (WIFEXITED(status)) -- exit(WEXITSTATUS(status)); -+ return WEXITSTATUS(status); - else -- exit(2); -+ return 2; - } else { /* child */ - close(0); close(1); close(2); - setsid(); - openpty(&ptyfd, &ttyfd, NULL, NULL, NULL); - fd = open("/dev/tty", O_RDWR | O_NOCTTY); - if (fd >= 0) -- exit(3); /* Acquired ctty: broken */ -+ return 3; /* Acquired ctty: broken */ - else -- exit(0); /* Did not acquire ctty: OK */ -+ return 0; /* Did not acquire ctty: OK */ - } - ]])], - [ -@@ -2055,7 +2055,7 @@ - err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai); - if (err != 0) { - fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err)); -- exit(1); -+ return 1; - } - - for (ai = gai_ai; ai != NULL; ai = ai->ai_next) { -@@ -2072,7 +2072,7 @@ - else - fprintf(stderr, "getnameinfo failed: %s\n", - gai_strerror(err)); -- exit(2); -+ return 2; - } - - sock = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol); -@@ -2080,10 +2080,10 @@ - perror("socket"); - if (bind(sock, ai->ai_addr, ai->ai_addrlen) < 0) { - if (errno == EBADF) -- exit(3); -+ return 3; - } - } -- exit(0); -+ return 0; - ]])], - [ - AC_MSG_RESULT([yes]) -@@ -2123,7 +2123,7 @@ - err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai); - if (err != 0) { - fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err)); -- exit(1); -+ return 1; - } - - for (ai = gai_ai; ai != NULL; ai = ai->ai_next) { -@@ -2136,10 +2136,10 @@ - - if (ai->ai_family == AF_INET && err != 0) { - perror("getnameinfo"); -- exit(2); -+ return 2; - } - } -- exit(0); -+ return 0; - ]])], - [ - AC_MSG_RESULT([yes]) -@@ -2248,12 +2248,12 @@ - - fd = fopen(DATA,"w"); - if(fd == NULL) -- exit(1); -+ return 1; - - if ((rc = fprintf(fd ,"%08x (%s)\n", OPENSSL_VERSION_NUMBER, OPENSSL_VERSION_TEXT)) <0) -- exit(1); -+ return 1; - -- exit(0); -+ return 0; - ]])], - [ - ssl_header_ver=`cat conftest.sslincver` -@@ -2283,13 +2283,13 @@ - - fd = fopen(DATA,"w"); - if(fd == NULL) -- exit(1); -+ return 1; - - if ((rc = fprintf(fd ,"%08x (%s)\n", SSLeay(), - SSLeay_version(SSLEAY_VERSION))) <0) -- exit(1); -+ return 1; - -- exit(0); -+ return 0; - ]])], - [ - ssl_library_ver=`cat conftest.ssllibver` -@@ -2330,7 +2330,7 @@ - #include - #include - ]], [[ -- exit(SSLeay() == OPENSSL_VERSION_NUMBER ? 0 : 1); -+ return SSLeay() == OPENSSL_VERSION_NUMBER ? 0 : 1; - ]])], - [ - AC_MSG_RESULT([yes]) -@@ -2419,7 +2419,7 @@ - #include - #include - ]], [[ -- exit(EVP_aes_192_cbc() == NULL || EVP_aes_256_cbc() == NULL); -+ return EVP_aes_192_cbc() == NULL || EVP_aes_256_cbc() == NULL; - ]])], - [ - AC_MSG_RESULT([no]) -@@ -2490,7 +2490,7 @@ - #include - ]], [[ - if(EVP_DigestUpdate(NULL, NULL,0)) -- exit(0); -+ return 0; - ]])], - [ - AC_MSG_RESULT([yes]) -@@ -2604,7 +2604,7 @@ - ]],[[ - EC_KEY *e = EC_KEY_new_by_curve_name(NID_secp521r1); - const EVP_MD *m = EVP_sha512(); /* We need this too */ -- exit(e == NULL || m == NULL); -+ return e == NULL || m == NULL; - ]])], - [ AC_MSG_RESULT([yes]) - enable_nistp521=1 ], -@@ -2677,7 +2677,7 @@ - #include - #include - ]], [[ -- exit(RAND_status() == 1 ? 0 : 1); -+ return RAND_status() == 1 ? 0 : 1; - ]])], - [ - OPENSSL_SEEDS_ITSELF=yes -@@ -2985,7 +2985,7 @@ - struct rlimit rl_zero; - - rl_zero.rlim_cur = rl_zero.rlim_max = 0; -- exit(setrlimit(RLIMIT_FSIZE, &rl_zero) != 0); -+ return setrlimit(RLIMIT_FSIZE, &rl_zero) != 0; - ]])], - [AC_MSG_RESULT([yes])], - [AC_MSG_RESULT([no]) -@@ -3119,7 +3119,7 @@ - long long i, llmin, llmax = 0; - - if((f = fopen(DATA,"w")) == NULL) -- exit(1); -+ return 1; - - #if defined(LLONG_MIN) && defined(LLONG_MAX) - fprintf(stderr, "Using system header for LLONG_MIN and LLONG_MAX\n"); -@@ -3138,16 +3138,16 @@ - || llmax - 1 > llmax || llmin == llmax || llmin == 0 - || llmax == 0 || llmax < LONG_MAX || llmin > LONG_MIN) { - fprintf(f, "unknown unknown\n"); -- exit(2); -+ return 2; - } - - if (fprint_ll(f, llmin) < 0) -- exit(3); -+ return 3; - if (fprint_ll(f, llmax) < 0) -- exit(4); -+ return 4; - if (fclose(f) < 0) -- exit(5); -- exit(0); -+ return 5; -+ return 0; - ]])], - [ - llong_min=`$AWK '{print $1}' conftest.llminmax` -@@ -3553,8 +3553,8 @@ - strcpy(expected_out, "9223372036854775807"); - snprintf(buf, mazsize, "%lld", num); - if(strcmp(buf, expected_out) != 0) -- exit(1); -- exit(0); -+ return 1; -+ return 0; - } - #else - main() { exit(0); } -@@ -3641,11 +3641,11 @@ - ]], [[ - #ifdef msg_accrights - #error "msg_accrights is a macro" --exit(1); -+return 1; - #endif - struct msghdr m; - m.msg_accrights = 0; --exit(0); -+return 0; - ]])], - [ ac_cv_have_accrights_in_msghdr="yes" ], - [ ac_cv_have_accrights_in_msghdr="no" ] -@@ -3702,11 +3702,11 @@ - ]], [[ - #ifdef msg_control - #error "msg_control is a macro" --exit(1); -+return 1; - #endif - struct msghdr m; - m.msg_control = 0; --exit(0); -+return 0; - ]])], - [ ac_cv_have_control_in_msghdr="yes" ], - [ ac_cv_have_control_in_msghdr="no" ] -@@ -4128,22 +4128,22 @@ - - fd = fopen(DATA,"w"); - if(fd == NULL) -- exit(1); -+ return 1; - - #if defined (_PATH_MAILDIR) - if ((rc = fprintf(fd ,"_PATH_MAILDIR:%s\n", _PATH_MAILDIR)) <0) -- exit(1); -+ return 1; - #elif defined (MAILDIR) - if ((rc = fprintf(fd ,"MAILDIR:%s\n", MAILDIR)) <0) -- exit(1); -+ return 1; - #elif defined (_PATH_MAIL) - if ((rc = fprintf(fd ,"_PATH_MAIL:%s\n", _PATH_MAIL)) <0) -- exit(1); -+ return 1; - #else - exit (2); - #endif - -- exit(0); -+ return 0; - ]])], - [ - maildir_what=`awk -F: '{print $1}' conftest.maildir` -@@ -4378,12 +4378,12 @@ - - fd = fopen(DATA,"w"); - if(fd == NULL) -- exit(1); -+ return 1; - - if ((rc = fprintf(fd,"%s", _PATH_STDPATH)) < 0) -- exit(1); -+ return 1; - -- exit(0); -+ return 0; - ]])], - [ user_path=`cat conftest.stdpath` ], - [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ], diff --git a/net-misc/openssh/files/openssh-6.8_p1-ssl-engine-configure.patch b/net-misc/openssh/files/openssh-6.8_p1-ssl-engine-configure.patch new file mode 100644 index 0000000..a355e2c --- /dev/null +++ b/net-misc/openssh/files/openssh-6.8_p1-ssl-engine-configure.patch @@ -0,0 +1,33 @@ +https://github.com/openssh/openssh-portable/pull/29 + +From 003ed46d1bd94bac29c53b26ae70f6321ea11c80 Mon Sep 17 00:00:00 2001 +From: Mike Frysinger +Date: Wed, 18 Mar 2015 12:37:24 -0400 +Subject: [PATCH] do not abort when --without-ssl-engine --without-openssl is + set + +--- + configure.ac | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +diff --git a/configure.ac b/configure.ac +index b4d6598..7806d20 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -2276,10 +2276,10 @@ openssl_engine=no + AC_ARG_WITH([ssl-engine], + [ --with-ssl-engine Enable OpenSSL (hardware) ENGINE support ], + [ +- if test "x$openssl" = "xno" ; then +- AC_MSG_ERROR([cannot use --with-ssl-engine when OpenSSL disabled]) +- fi + if test "x$withval" != "xno" ; then ++ if test "x$openssl" = "xno" ; then ++ AC_MSG_ERROR([cannot use --with-ssl-engine when OpenSSL disabled]) ++ fi + openssl_engine=yes + fi + ] +-- +2.3.2 + diff --git a/net-misc/openssh/openssh-6.7_p1-r99.ebuild b/net-misc/openssh/openssh-6.9_p1-r99.ebuild similarity index 63% rename from net-misc/openssh/openssh-6.7_p1-r99.ebuild rename to net-misc/openssh/openssh-6.9_p1-r99.ebuild index f6ad39c..d763f9b 100644 --- a/net-misc/openssh/openssh-6.7_p1-r99.ebuild +++ b/net-misc/openssh/openssh-6.9_p1-r99.ebuild @@ -1,6 +1,6 @@ -# Copyright 1999-2014 Gentoo Foundation +# Copyright 1999-2015 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/net-misc/openssh/openssh-6.7_p1-r3.ebuild,v 1.1 2014/11/25 22:35:45 chutzpah Exp $ +# $Id$ EAPI="4" inherit eutils user flag-o-matic multilib autotools pam systemd versionator @@ -9,17 +9,17 @@ inherit eutils user flag-o-matic multilib autotools pam systemd versionator # and _p? releases. PARCH=${P/_} -HPN_PATCH="${PN}-6.7p1-hpnssh14v5.tar.xz" -LDAP_PATCH="${PN}-lpk-6.7p1-0.3.14.patch.xz" -X509_VER="8.2" X509_PATCH="${PARCH}+x509-${X509_VER}.diff.gz" +HPN_PATCH="${PN}-6.9p1-r1-hpnssh14v5.tar.xz" +LDAP_PATCH="${PN}-lpk-6.8p1-0.3.14.patch.xz" +X509_VER="8.4" X509_PATCH="${PN}-6.9p1+x509-${X509_VER}.diff.gz" DESCRIPTION="Port of OpenBSD's free SSH release" HOMEPAGE="http://www.openssh.org/" SRC_URI="mirror://openbsd/OpenSSH/portable/${PARCH}.tar.gz - mirror://gentoo/${P}-sctp.patch.xz + mirror://gentoo/${PN}-6.8_p1-sctp.patch.xz ${HPN_PATCH:+hpn? ( mirror://gentoo/${HPN_PATCH} - http://dev.gentoo.org/~vapier/dist/${HPN_PATCH} + https://dev.gentoo.org/~polynomial-c/${HPN_PATCH} mirror://sourceforge/hpnssh/${HPN_PATCH} )} ${LDAP_PATCH:+ldap? ( mirror://gentoo/${LDAP_PATCH} )} @@ -28,36 +28,37 @@ SRC_URI="mirror://openbsd/OpenSSH/portable/${PARCH}.tar.gz LICENSE="BSD GPL-2" SLOT="0" -KEYWORDS="amd64 arm ~mips ppc x86" -IUSE="bindist ${HPN_PATCH:++}hpn kerberos kernel_linux ldap ldns libedit pam +pie sctp selinux skey static X X509" -REQUIRED_USE="pie? ( !static )" - -LIB_DEPEND="sctp? ( net-misc/lksctp-tools[static-libs(+)] ) +KEYWORDS="ppc" +# Probably want to drop ssl defaulting to on in a future version. +IUSE="bindist debug ${HPN_PATCH:++}hpn kerberos kernel_linux ldap ldns libedit pam +pie sctp selinux skey ssh1 +ssl static X X509" +REQUIRED_USE="ldns? ( ssl ) + pie? ( !static ) + ssh1? ( ssl ) + static? ( !kerberos !pam ) + X509? ( !ldap ssl )" + +LIB_DEPEND=" + ldns? ( + net-libs/ldns[static-libs(+)] + !bindist? ( net-libs/ldns[ecdsa,ssl] ) + bindist? ( net-libs/ldns[-ecdsa,ssl] ) + ) + libedit? ( dev-libs/libedit[static-libs(+)] ) + sctp? ( net-misc/lksctp-tools[static-libs(+)] ) selinux? ( >=sys-libs/libselinux-1.28[static-libs(+)] ) skey? ( >=sys-auth/skey-1.1.5-r1[static-libs(+)] ) - libedit? ( dev-libs/libedit[static-libs(+)] ) - >=dev-libs/openssl-0.9.6d:0[bindist=] - dev-libs/openssl[static-libs(+)] + ssl? ( + >=dev-libs/openssl-0.9.6d:0[bindist=] + dev-libs/openssl[static-libs(+)] + ) >=sys-libs/zlib-1.2.3[static-libs(+)]" RDEPEND=" - !static? ( - ${LIB_DEPEND//\[static-libs(+)]} - ldns? ( - !bindist? ( net-libs/ldns[ecdsa,ssl] ) - bindist? ( net-libs/ldns[-ecdsa,ssl] ) - ) - ) + !static? ( ${LIB_DEPEND//\[static-libs(+)]} ) pam? ( virtual/pam ) kerberos? ( virtual/krb5 ) ldap? ( net-nds/openldap )" DEPEND="${RDEPEND} - static? ( - ${LIB_DEPEND} - ldns? ( - !bindist? ( net-libs/ldns[ecdsa,ssl,static-libs(+)] ) - bindist? ( net-libs/ldns[-ecdsa,ssl,static-libs(+)] ) - ) - ) + static? ( ${LIB_DEPEND} ) virtual/pkgconfig virtual/os-headers sys-devel/autoconf" @@ -85,6 +86,12 @@ pkg_setup() { eerror " # echo '=${CATEGORY}/${PF}' >> /etc/portage/package.mask" die "booooo" fi + + # Make sure people who are using tcp wrappers are notified of its removal. #531156 + if grep -qs '^ *sshd *:' "${EROOT}"/etc/hosts.{allow,deny} ; then + ewarn "Sorry, but openssh no longer supports tcp-wrappers, and it seems like" + ewarn "you're trying to use it. Update your ${EROOT}etc/hosts.{allow,deny} please." + fi } save_version() { @@ -104,29 +111,29 @@ src_prepare() { # don't break .ssh/authorized_keys2 for fun sed -i '/^AuthorizedKeysFile/s:^:#:' sshd_config || die - epatch "${FILESDIR}"/${PN}-6.7_p1-sshd-gssapi-multihomed.patch #378361 if use X509 ; then pushd .. >/dev/null - epatch "${FILESDIR}"/${P}-x509-glue.patch - epatch "${FILESDIR}"/${P}-sctp-x509-glue.patch + #epatch "${WORKDIR}"/${PN}-6.8_p1-x509-${X509_VER}-glue.patch + epatch "${FILESDIR}"/${PN}-6.8_p1-sctp-x509-glue.patch popd >/dev/null epatch "${WORKDIR}"/${X509_PATCH%.*} epatch "${FILESDIR}"/${PN}-6.3_p1-x509-hpn14v2-glue.patch + epatch "${FILESDIR}"/${PN}-6.9_p1-x509-warnings.patch save_version X509 fi - if ! use X509 ; then - if [[ -n ${LDAP_PATCH} ]] && use ldap ; then - epatch "${WORKDIR}"/${LDAP_PATCH%.*} - save_version LPK - fi - else - use ldap && ewarn "Sorry, X509 and LDAP conflict internally, disabling LDAP" + if use ldap ; then + epatch "${WORKDIR}"/${LDAP_PATCH%.*} + save_version LPK fi epatch "${FILESDIR}"/${PN}-4.7_p1-GSSAPI-dns.patch #165444 integrated into gsskex epatch "${FILESDIR}"/${PN}-6.7_p1-openssl-ignore-status.patch - epatch "${WORKDIR}"/${PN}-6.7_p1-sctp.patch - if [[ -n ${HPN_PATCH} ]] && use hpn; then - epatch "${WORKDIR}"/${HPN_PATCH%.*}/* + # The X509 patchset fixes this independently. + use X509 || epatch "${FILESDIR}"/${PN}-6.8_p1-ssl-engine-configure.patch + epatch "${WORKDIR}"/${PN}-6.8_p1-sctp.patch + if use hpn ; then + EPATCH_FORCE="yes" EPATCH_SUFFIX="patch" \ + EPATCH_MULTI_MSG="Applying HPN patchset ..." \ + epatch "${WORKDIR}"/${HPN_PATCH%.*.*} save_version HPN fi @@ -145,10 +152,6 @@ src_prepare() { ) sed -i "${sed_args[@]}" configure{.ac,} || die - epatch "${FILESDIR}"/${PN}-6.7p1-avoid-exit.patch - epatch "${FILESDIR}"/${PN}-6.4p1-missing-sys_param_h.patch - epatch "${FILESDIR}"/${PN}-6.4p1-fix-typo-construct_utmpx.patch - epatch_user #473004 # Now we can build a sane merged version.h @@ -162,58 +165,53 @@ src_prepare() { eautoreconf } -static_use_with() { - local flag=$1 - if use static && use ${flag} ; then - ewarn "Disabling '${flag}' support because of USE='static'" - # rebuild args so that we invert the first one (USE flag) - # but otherwise leave everything else working so we can - # just leverage use_with - shift - [[ -z $1 ]] && flag="${flag} ${flag}" - set -- !${flag} "$@" - fi - use_with "$@" -} - src_configure() { - local myconf=() addwrite /dev/ptmx - addpredict /etc/skey/skeykeys #skey configure code triggers this + addpredict /etc/skey/skeykeys # skey configure code triggers this + use debug && append-cppflags -DSANDBOX_SECCOMP_FILTER_DEBUG use static && append-ldflags -static + local myconf=( + --with-ldflags="${LDFLAGS}" + --disable-strip + --with-pid-dir="${EPREFIX}"$(usex kernel_linux '' '/var')/run + --sysconfdir="${EPREFIX}"/etc/ssh + --libexecdir="${EPREFIX}"/usr/$(get_libdir)/misc + --datadir="${EPREFIX}"/usr/share/openssh + --with-privsep-path="${EPREFIX}"/var/empty + --with-privsep-user=sshd + $(use_with kerberos kerberos5 "${EPREFIX}"/usr) + # We apply the ldap patch conditionally, so can't pass --without-ldap + # unconditionally else we get unknown flag warnings. + $(use ldap && use_with ldap) + $(use_with ldns) + $(use_with libedit) + $(use_with pam) + $(use_with pie) + $(use_with sctp) + $(use_with selinux) + $(use_with skey) + $(use_with ssh1) + # The X509 patch deletes this option entirely. + $(use X509 || use_with ssl openssl) + $(use_with ssl md5-passwords) + $(use_with ssl ssl-engine) + ) + + # The seccomp sandbox is broken on x32, so use the older method for now. #553748 + use amd64 && [[ ${ABI} == "x32" ]] && myconf+=( --with-sandbox=rlimit ) + + # ppc musl lacks __stack_chk_fail_local() + myconf+=( --without-hardening ) + # Special settings for Gentoo/FreeBSD 9.0 or later (see bug #391011) if use elibc_FreeBSD && version_is_at_least 9.0 "$(uname -r|sed 's/\(.\..\).*/\1/')" ; then myconf+=( --disable-utmp --disable-wtmp --disable-wtmpx ) append-ldflags -lutil fi - # __stack_chk_fail_local - use x86 && myconf+=( --without-stackprotect) - use ppc && myconf+=( --without-stackprotect) - - econf \ - --with-ldflags="${LDFLAGS}" \ - --disable-strip \ - --with-pid-dir="${EPREFIX}"$(usex kernel_linux '' '/var')/run \ - --sysconfdir="${EPREFIX}"/etc/ssh \ - --libexecdir="${EPREFIX}"/usr/$(get_libdir)/misc \ - --datadir="${EPREFIX}"/usr/share/openssh \ - --with-privsep-path="${EPREFIX}"/var/empty \ - --with-privsep-user=sshd \ - --with-md5-passwords \ - --with-ssl-engine \ - $(static_use_with pam) \ - $(static_use_with kerberos kerberos5 "${EPREFIX}"/usr) \ - ${LDAP_PATCH:+$(use X509 || ( use ldap && use_with ldap ))} \ - $(use_with ldns) \ - $(use_with libedit) \ - $(use_with pie) \ - $(use_with sctp) \ - $(use_with selinux) \ - $(use_with skey) \ - "${myconf[@]}" + econf "${myconf[@]}" } src_install() { @@ -224,12 +222,6 @@ src_install() { newconfd "${FILESDIR}"/sshd.confd sshd keepdir /var/empty - # not all openssl installs support ecc, or are functional #352645 - if ! grep -q '#define OPENSSL_HAS_ECC 1' config.h ; then - elog "dev-libs/openssl was built with 'bindist' - disabling ecdsa support" - sed -i 's:&& gen_key ecdsa::' "${ED}"/etc/init.d/sshd || die - fi - newpamd "${FILESDIR}"/sshd.pam_include.2 sshd if use pam ; then sed -i \ @@ -237,7 +229,7 @@ src_install() { -e "/^#PasswordAuthentication /s:.*:PasswordAuthentication no:" \ -e "/^#PrintMotd /s:.*:PrintMotd no:" \ -e "/^#PrintLastLog /s:.*:PrintLastLog no:" \ - "${ED}"/etc/ssh/sshd_config || die "sed of configuration file failed" + "${ED}"/etc/ssh/sshd_config || die fi # Gentoo tweaks to default config files @@ -252,12 +244,6 @@ src_install() { SendEnv LANG LC_* EOF - # This instruction is from the HPN webpage, - # Used for the server logging functionality - if [[ -n ${HPN_PATCH} ]] && use hpn ; then - keepdir /var/empty/dev - fi - if ! use X509 && [[ -n ${LDAP_PATCH} ]] && use ldap ; then insinto /etc/openldap/schema/ newins openssh-lpk_openldap.schema openssh-lpk.schema @@ -318,13 +304,11 @@ pkg_postinst() { elog "algorithm (ECDSA). You are encouraged to manually update your stored" elog "keys list as servers update theirs. See ssh-keyscan(1) for more info." fi + if has_version "<${CATEGORY}/${PN}-6.9_p1" ; then + elog "Starting with openssh-6.9p1, ssh1 support is disabled by default." + fi ewarn "Remember to merge your config files in /etc/ssh/ and then" ewarn "reload sshd: '/etc/init.d/sshd reload'." - # This instruction is from the HPN webpage, - # Used for the server logging functionality - if [[ -n ${HPN_PATCH} ]] && use hpn ; then - echo - einfo "For the HPN server logging patch, you must ensure that" - einfo "your syslog application also listens at /var/empty/dev/log." - fi + elog "Note: openssh-6.7 versions no longer support USE=tcpd as upstream has" + elog " dropped it. Make sure to update any configs that you might have." }