From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id C28C4139085 for ; Mon, 9 Jan 2017 21:09:36 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 5C53BE0CB8; Mon, 9 Jan 2017 21:09:35 +0000 (UTC) Received: from smtp.gentoo.org (woodpecker.gentoo.org [IPv6:2001:470:ea4a:1:5054:ff:fec7:86e4]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 295F3E0CB8 for ; Mon, 9 Jan 2017 21:09:35 +0000 (UTC) Received: from oystercatcher.gentoo.org (unknown [IPv6:2a01:4f8:202:4333:225:90ff:fed9:fc84]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.gentoo.org (Postfix) with ESMTPS id E1F413415D2 for ; Mon, 9 Jan 2017 21:09:33 +0000 (UTC) Received: from localhost.localdomain (localhost [127.0.0.1]) by oystercatcher.gentoo.org (Postfix) with ESMTP id 57F792627 for ; Mon, 9 Jan 2017 21:09:32 +0000 (UTC) From: "Lars Wendler" To: gentoo-commits@lists.gentoo.org Content-Transfer-Encoding: 8bit Content-type: text/plain; charset=UTF-8 Reply-To: gentoo-dev@lists.gentoo.org, "Lars Wendler" Message-ID: <1483996168.23ef4c426436c6db690893a6291e6cd40e3b5d50.polynomial-c@gentoo> Subject: [gentoo-commits] repo/gentoo:master commit in: net-misc/openssh/files/ X-VCS-Repository: repo/gentoo X-VCS-Files: net-misc/openssh/files/openssh-7.1_p1-hpn-x509-glue.patch net-misc/openssh/files/openssh-7.2_p1-GSSAPI-dns.patch net-misc/openssh/files/openssh-7.2_p1-sctp-x509-glue.patch net-misc/openssh/files/openssh-7.3_p1-hpn-x509-glue.patch X-VCS-Directories: net-misc/openssh/files/ X-VCS-Committer: polynomial-c X-VCS-Committer-Name: Lars Wendler X-VCS-Revision: 23ef4c426436c6db690893a6291e6cd40e3b5d50 X-VCS-Branch: master Date: Mon, 9 Jan 2017 21:09:32 +0000 (UTC) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-commits@lists.gentoo.org X-Archives-Salt: ed27e5d8-0a47-4299-9002-8999271507dd X-Archives-Hash: 864ef637188c04807e05be4a6e566535 commit: 23ef4c426436c6db690893a6291e6cd40e3b5d50 Author: Lars Wendler gentoo org> AuthorDate: Mon Jan 9 21:06:23 2017 +0000 Commit: Lars Wendler gentoo org> CommitDate: Mon Jan 9 21:09:28 2017 +0000 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=23ef4c42 net-misc/openssh: Removed unused patches. Package-Manager: Portage-2.3.3, Repoman-2.3.1 .../files/openssh-7.1_p1-hpn-x509-glue.patch | 11 --- .../openssh/files/openssh-7.2_p1-GSSAPI-dns.patch | 106 --------------------- .../files/openssh-7.2_p1-sctp-x509-glue.patch | 74 -------------- .../files/openssh-7.3_p1-hpn-x509-glue.patch | 33 ------- 4 files changed, 224 deletions(-) diff --git a/net-misc/openssh/files/openssh-7.1_p1-hpn-x509-glue.patch b/net-misc/openssh/files/openssh-7.1_p1-hpn-x509-glue.patch deleted file mode 100644 index 393ea99..00000000 --- a/net-misc/openssh/files/openssh-7.1_p1-hpn-x509-glue.patch +++ /dev/null @@ -1,11 +0,0 @@ ---- openssh-7.0p1-hpnssh14v5/0002-add-support-for-the-NONE-cipher.patch.orig 2015-08-24 11:17:05.379280954 -0700 -+++ openssh-7.0p1-hpnssh14v5/0002-add-support-for-the-NONE-cipher.patch 2015-08-24 11:19:30.788424050 -0700 -@@ -80,7 +80,7 @@ - + else - + fatal("Pre-authentication none cipher requests are not allowed."); - + } -- debug("kex: %s %s %s %s", -+ debug("kex: %s cipher: %s MAC: %s compression: %s", - ctos ? "client->server" : "server->client", - newkeys->enc.name, - diff --git a/myproposal.h b/myproposal.h diff --git a/net-misc/openssh/files/openssh-7.2_p1-GSSAPI-dns.patch b/net-misc/openssh/files/openssh-7.2_p1-GSSAPI-dns.patch deleted file mode 100644 index 29e94e4..00000000 --- a/net-misc/openssh/files/openssh-7.2_p1-GSSAPI-dns.patch +++ /dev/null @@ -1,106 +0,0 @@ -http://bugs.gentoo.org/165444 -https://bugzilla.mindrot.org/show_bug.cgi?id=1008 - ---- openssh-7.2p1/readconf.c -+++ openssh-7.2p1/readconf.c -@@ -148,6 +148,7 @@ - oClearAllForwardings, oNoHostAuthenticationForLocalhost, - oEnableSSHKeysign, oRekeyLimit, oVerifyHostKeyDNS, oConnectTimeout, - oAddressFamily, oGssAuthentication, oGssDelegateCreds, -+ oGssTrustDns, - oServerAliveInterval, oServerAliveCountMax, oIdentitiesOnly, - oSendEnv, oControlPath, oControlMaster, oControlPersist, - oHashKnownHosts, -@@ -194,9 +195,11 @@ - #if defined(GSSAPI) - { "gssapiauthentication", oGssAuthentication }, - { "gssapidelegatecredentials", oGssDelegateCreds }, -+ { "gssapitrustdns", oGssTrustDns }, - #else - { "gssapiauthentication", oUnsupported }, - { "gssapidelegatecredentials", oUnsupported }, -+ { "gssapitrustdns", oUnsupported }, - #endif - { "fallbacktorsh", oDeprecated }, - { "usersh", oDeprecated }, -@@ -930,6 +933,10 @@ - intptr = &options->gss_deleg_creds; - goto parse_flag; - -+ case oGssTrustDns: -+ intptr = &options->gss_trust_dns; -+ goto parse_flag; -+ - case oBatchMode: - intptr = &options->batch_mode; - goto parse_flag; -@@ -1649,6 +1656,7 @@ - options->challenge_response_authentication = -1; - options->gss_authentication = -1; - options->gss_deleg_creds = -1; -+ options->gss_trust_dns = -1; - options->password_authentication = -1; - options->kbd_interactive_authentication = -1; - options->kbd_interactive_devices = NULL; -@@ -1779,6 +1787,8 @@ - options->gss_authentication = 0; - if (options->gss_deleg_creds == -1) - options->gss_deleg_creds = 0; -+ if (options->gss_trust_dns == -1) -+ options->gss_trust_dns = 0; - if (options->password_authentication == -1) - options->password_authentication = 1; - if (options->kbd_interactive_authentication == -1) ---- openssh-7.2p1/readconf.h -+++ openssh-7.2p1/readconf.h -@@ -46,6 +46,7 @@ - /* Try S/Key or TIS, authentication. */ - int gss_authentication; /* Try GSS authentication */ - int gss_deleg_creds; /* Delegate GSS credentials */ -+ int gss_trust_dns; /* Trust DNS for GSS canonicalization */ - int password_authentication; /* Try password - * authentication. */ - int kbd_interactive_authentication; /* Try keyboard-interactive auth. */ ---- openssh-7.2p1/ssh_config.5 -+++ openssh-7.2p1/ssh_config.5 -@@ -830,6 +830,16 @@ - Forward (delegate) credentials to the server. - The default is - .Dq no . -+Note that this option applies to protocol version 2 connections using GSSAPI. -+.It Cm GSSAPITrustDns -+Set to -+.Dq yes to indicate that the DNS is trusted to securely canonicalize -+the name of the host being connected to. If -+.Dq no, the hostname entered on the -+command line will be passed untouched to the GSSAPI library. -+The default is -+.Dq no . -+This option only applies to protocol version 2 connections using GSSAPI. - .It Cm HashKnownHosts - Indicates that - .Xr ssh 1 ---- openssh-7.2p1/sshconnect2.c -+++ openssh-7.2p1/sshconnect2.c -@@ -656,6 +656,12 @@ - static u_int mech = 0; - OM_uint32 min; - int ok = 0; -+ const char *gss_host; -+ -+ if (options.gss_trust_dns) -+ gss_host = get_canonical_hostname(1); -+ else -+ gss_host = authctxt->host; - - /* Try one GSSAPI method at a time, rather than sending them all at - * once. */ -@@ -668,7 +674,7 @@ - /* My DER encoding requires length<128 */ - if (gss_supported->elements[mech].length < 128 && - ssh_gssapi_check_mechanism(&gssctxt, -- &gss_supported->elements[mech], authctxt->host)) { -+ &gss_supported->elements[mech], gss_host)) { - ok = 1; /* Mechanism works */ - } else { - mech++; diff --git a/net-misc/openssh/files/openssh-7.2_p1-sctp-x509-glue.patch b/net-misc/openssh/files/openssh-7.2_p1-sctp-x509-glue.patch deleted file mode 100644 index 2884ee9..00000000 --- a/net-misc/openssh/files/openssh-7.2_p1-sctp-x509-glue.patch +++ /dev/null @@ -1,74 +0,0 @@ ---- openssh-7.2_p1-sctp.patch -+++ openssh-7.2_p1-sctp.patch -@@ -195,14 +195,6 @@ - .Op Fl c Ar cipher - .Op Fl F Ar ssh_config - .Op Fl i Ar identity_file --@@ -181,6 +181,7 @@ For full details of the options listed below, and their possible values, see -- .It ServerAliveCountMax -- .It StrictHostKeyChecking -- .It TCPKeepAlive --+.It Transport -- .It UpdateHostKeys -- .It UsePrivilegedPort -- .It User - @@ -222,6 +223,8 @@ and - to print debugging messages about their progress. - This is helpful in -@@ -477,19 +469,11 @@ - .Sh SYNOPSIS - .Nm ssh - .Bk -words ---.Op Fl 1246AaCfGgKkMNnqsTtVvXxYy --+.Op Fl 1246AaCfGgKkMNnqsTtVvXxYyz -+-.Op Fl 1246AaCdfgKkMNnqsTtVvXxYy -++.Op Fl 1246AaCdfgKkMNnqsTtVvXxYyz - .Op Fl b Ar bind_address - .Op Fl c Ar cipher_spec - .Op Fl D Oo Ar bind_address : Oc Ns Ar port --@@ -536,6 +536,7 @@ For full details of the options listed below, and their possible values, see -- .It StreamLocalBindUnlink -- .It StrictHostKeyChecking -- .It TCPKeepAlive --+.It Transport -- .It Tunnel -- .It TunnelDevice -- .It UpdateHostKeys - @@ -770,6 +771,8 @@ controls. - .Pp - .It Fl y -@@ -501,7 +485,7 @@ - index f9ff91f..d0d92ce 100644 - --- a/ssh.c - +++ b/ssh.c --@@ -195,12 +195,17 @@ extern int muxserver_sock; -+@@ -195,11 +195,16 @@ extern int muxserver_sock; - extern u_int muxclient_command; - - /* Prints a help message to the user. This function never returns. */ -@@ -515,18 +499,17 @@ - usage(void) - { - fprintf(stderr, ---"usage: ssh [-1246AaCfGgKkMNnqsTtVvXxYy] [-b bind_address] [-c cipher_spec]\n" --+"usage: ssh [-1246AaCfGgKkMNnqsTtVvXxYy" SCTP_OPT "] [-b bind_address] [-c cipher_spec]\n" -+-"usage: ssh [-1246AaCdfgKkMNnqsTtVvXxYy] [-b bind_address] [-c cipher_spec]\n" -++"usage: ssh [-1246AaCdfgKkMNnqsTtVvXxYy" SCTP_OPT "] [-b bind_address] [-c cipher_spec]\n" - " [-D [bind_address:]port] [-E log_file] [-e escape_char]\n" - " [-F configfile] [-I pkcs11] [-i identity_file] [-L address]\n" -- " [-l login_name] [-m mac_spec] [-O ctl_cmd] [-o option] [-p port]\n" - @@ -605,7 +610,7 @@ main(int ac, char **av) -- argv0 = av[0]; -+ # define ENGCONFIG "" -+ #endif - -- again: --- while ((opt = getopt(ac, av, "1246ab:c:e:fgi:kl:m:no:p:qstvx" --+ while ((opt = getopt(ac, av, "1246ab:c:e:fgi:kl:m:no:p:qstvx" SCTP_OPT -- "ACD:E:F:GI:KL:MNO:PQ:R:S:TVw:W:XYy")) != -1) { -+- while ((opt = getopt(ac, av, "1246ab:c:de:fgi:kl:m:no:p:qstvx" -++ while ((opt = getopt(ac, av, "1246ab:c:de:fgi:kl:m:no:p:qstvx" SCTP_OPT -+ "ACD:E:F:" ENGCONFIG "I:KL:MNO:PQ:R:S:TVw:W:XYy")) != -1) { - switch (opt) { - case '1': - @@ -845,6 +850,11 @@ main(int ac, char **av) diff --git a/net-misc/openssh/files/openssh-7.3_p1-hpn-x509-glue.patch b/net-misc/openssh/files/openssh-7.3_p1-hpn-x509-glue.patch deleted file mode 100644 index d458e9e..00000000 --- a/net-misc/openssh/files/openssh-7.3_p1-hpn-x509-glue.patch +++ /dev/null @@ -1,33 +0,0 @@ ---- a/openssh-7.3_p1-hpn-14.10.patch 12:11:41.120750207 -0700 -+++ b/openssh-7.3_p1-hpn-14.10.patch 14:00:44.311487904 -0700 -@@ -141,7 +141,7 @@ - @@ -44,7 +44,7 @@ CC=@CC@ - LD=@LD@ - CFLAGS=@CFLAGS@ -- CPPFLAGS=-I. -I$(srcdir) @CPPFLAGS@ $(PATHS) @DEFS@ -+ CPPFLAGS=-I. -I$(srcdir) @CPPFLAGS@ @LDAP_CPPFLAGS@ $(PATHS) @DEFS@ - -LIBS=@LIBS@ - +LIBS=@LIBS@ -lpthread - K5LIBS=@K5LIBS@ -@@ -2098,7 +2098,7 @@ - @@ -527,10 +555,10 @@ send_client_banner(int connection_out, int minor1) - /* Send our own protocol version identification. */ - if (compat20) { -- xasprintf(&client_version_string, "SSH-%d.%d-%.100s\r\n", -+ xasprintf(&client_version_string, "SSH-%d.%d-%.100s PKIX\r\n", - - PROTOCOL_MAJOR_2, PROTOCOL_MINOR_2, SSH_VERSION); - + PROTOCOL_MAJOR_2, PROTOCOL_MINOR_2, SSH_RELEASE); - } else { -@@ -2196,9 +2196,9 @@ - @@ -431,7 +431,7 @@ sshd_exchange_identification(int sock_in, int sock_out) - } - -- xasprintf(&server_version_string, "SSH-%d.%d-%.100s%s%s%s", --- major, minor, SSH_VERSION, --+ major, minor, SSH_RELEASE, -+ xasprintf(&server_version_string, "SSH-%d.%d-%.100s%s%s%s%s", -+- major, minor, SSH_VERSION, comment, -++ major, minor, SSH_RELEASE, comment, - *options.version_addendum == '\0' ? "" : " ", - options.version_addendum, newline); -