[gentoo-commits] repo/gentoo:master commit in: net-misc/openssh/, net-misc/openssh/files/

["Patrick McLean" <chutzpah@gentoo.org>]

commit:     3991e69a8144f7b2459ae7a666ec74c868ae7d2d
Author:     Patrick McLean <patrick.mclean <AT> sony <DOT> com>
AuthorDate: Mon Oct  5 19:05:12 2020 +0000
Commit:     Patrick McLean <chutzpah <AT> gentoo <DOT> org>
CommitDate: Mon Oct  5 19:05:36 2020 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=3991e69a

net-misc/openssh-8.4_p1-r1: Revbump, enable the X509 USE flag

Copyright: Sony Interactive Entertainment Inc.
Package-Manager: Portage-3.0.8, Repoman-3.0.1
Signed-off-by: Patrick McLean <chutzpah <AT> gentoo.org>

 net-misc/openssh/Manifest                          |   1 +
 .../files/openssh-8.4_p1-X509-glue-12.6.patch      |  34 ++++++
 .../files/openssh-8.4_p1-hpn-14.22-X509-glue.patch | 129 +++++++++++++++++++++
 ...nssh-8.4_p1.ebuild => openssh-8.4_p1-r1.ebuild} |  12 +-
 4 files changed, 167 insertions(+), 9 deletions(-)

diff --git a/net-misc/openssh/Manifest b/net-misc/openssh/Manifest
index 8683815ce7d..173d930cac0 100644
--- a/net-misc/openssh/Manifest
+++ b/net-misc/openssh/Manifest
@@ -8,6 +8,7 @@ DIST openssh-8.2p1.tar.gz 1701197 BLAKE2B 8b95cdebc87e8d14f655ed13c12b91b122adf4
 DIST openssh-8.3p1+x509-12.5.1.diff.gz 803054 BLAKE2B ec88959b4e3328e70d6f136f3d5bebced2e555de3ea40f55c535ca8a30a0eed84d177ad966e5bda46e1fc61d42141b13e96d068f5abfd069ae81b131dfb5a66c SHA512 28166a1a1aeff0c65f36263c0009e82cda81fc8f4efe3d11fabd0312d199a4f935476cf7074fbce68787d2fec0fd42f00fef383bf856a5767ce9d0ca6bbc8ef0
 DIST openssh-8.3p1-sctp-1.2.patch.xz 7668 BLAKE2B abbc65253d842c09a04811bdbafc175c5226996cdd190812b47ce9646853cd5c1b21d733e719b481cce9c7f4dc00894b6d6be732e311850963df23b9dc55a0e6 SHA512 4e0cc1707663f902dfbf331a431325da78759cc757a4aaae33e0c7f64f21830ec805168d8ae4d47a65a20c235fa534679e288f922df2b24655b7d1ee9a3bf014
 DIST openssh-8.3p1.tar.gz 1706358 BLAKE2B 0b53d92caa4a0f4cb40eee671ac889753d320b7c8e44df159a81dd8163c3663f07fa648f5dc506fb27d31893acf9701b997598c50bf204acf54172d72825a4d8 SHA512 b5232f7c85bf59ae2ff9d17b030117012e257e3b8c0d5ac60bb139a85b1fbf298b40f2e04203a2e13ca7273053ed668b9dedd54d3a67a7cb8e8e58c0228c5f40
+DIST openssh-8.4p1+x509-12.6.diff.gz 857479 BLAKE2B ac8c3e8c1087ca571e5459c9826903410ff2d45de60151d9bd8e59da15805b75752f8f3ffc231c9f8aaa8f2b2c07a97a8296684f885e0d14b54ff5d7bc585588 SHA512 e56516b376ecc3e5464895744ce0616cf4446a891fbd3cbcb090d5f61ebc349d74f9c01e855ccd22e574dbfeec0cb2ba7daf582983010ff991243a6371cc5fe3
 DIST openssh-8.4p1-sctp-1.2.patch.xz 7668 BLAKE2B 2e22d2a90723cea9ef958bd989b8c431fcb08b4dc5bfd3ebbf463ca9546dc37acdc185c35ddf3adbb90bde9b3902bf36524a456061a9bcbdef7a76ece79e2ff4 SHA512 90da34b7b86e52df9e0191c99c9d645a4d4671958adebeed46e1149102d4ba8c729eadb79d84fad9feac64aafa0541d2f1f4db8cdfe0af5ba893aac072ef2380
 DIST openssh-8.4p1.tar.gz 1742201 BLAKE2B 4b1e60d4962095df045c3a31bbf8af725b1c07324c4aa1f6b9a3ddb7e695c98e9aa01655b268f6fd6a400f511b23be91f6b89d07b14a6a2d92f873efb4d9c146 SHA512 d65275b082c46c5efe7cf3264fa6794d6e99a36d4a54b50554fc56979d6c0837381587fd5399195e1db680d2a5ad1ef0b99a180eac2b4de5637906cb7a89e9ce
 DIST openssh-8_1_P1-hpn-AES-CTR-14.20.diff 29935 BLAKE2B 79101c43601e41306c957481c0680a63357d93bededdf12a32229d50acd9c1f46a386cbb91282e9e7d7bb26a9f276f5a675fd2de7662b7cbd073322b172d3bca SHA512 94f011b7e654630e968a378375aa54fa1fde087b4426d0f2225813262e6667a1073814d6a83e9005f97b371c536e462e614bfe726b092ffed8229791592ca221

diff --git a/net-misc/openssh/files/openssh-8.4_p1-X509-glue-12.6.patch b/net-misc/openssh/files/openssh-8.4_p1-X509-glue-12.6.patch
new file mode 100644
index 00000000000..f12a3096b64
--- /dev/null
+++ b/net-misc/openssh/files/openssh-8.4_p1-X509-glue-12.6.patch
@@ -0,0 +1,34 @@
+diff -u a/openssh-8.4p1+x509-12.6.diff b/openssh-8.4p1+x509-12.6.diff
+--- a/openssh-8.4p1+x509-12.6.diff	2020-10-04 10:58:16.980495330 -0700
++++ b/openssh-8.4p1+x509-12.6.diff	2020-10-04 11:02:31.951966223 -0700
+@@ -39348,12 +39348,11 @@
+  
+  install-files:
+  	$(MKDIR_P) $(DESTDIR)$(bindir)
+-@@ -384,6 +365,8 @@
++@@ -384,6 +365,7 @@
+  	$(MKDIR_P) $(DESTDIR)$(mandir)/$(mansubdir)5
+  	$(MKDIR_P) $(DESTDIR)$(mandir)/$(mansubdir)8
+  	$(MKDIR_P) $(DESTDIR)$(libexecdir)
+ +	$(MKDIR_P) $(DESTDIR)$(sshcadir)
+-+	$(MKDIR_P) $(DESTDIR)$(piddir)
+  	$(MKDIR_P) -m 0755 $(DESTDIR)$(PRIVSEP_PATH)
+  	$(INSTALL) -m 0755 $(STRIP_OPT) ssh$(EXEEXT) $(DESTDIR)$(bindir)/ssh$(EXEEXT)
+  	$(INSTALL) -m 0755 $(STRIP_OPT) scp$(EXEEXT) $(DESTDIR)$(bindir)/scp$(EXEEXT)
+@@ -103950,16 +103949,6 @@
+ +int	 asnmprintf(char **, size_t, int *, const char *, ...)
+  	     __attribute__((format(printf, 4, 5)));
+  void	 msetlocale(void);
+-diff -ruN openssh-8.4p1/version.h openssh-8.4p1+x509-12.6/version.h
+---- openssh-8.4p1/version.h	2020-09-27 10:25:01.000000000 +0300
+-+++ openssh-8.4p1+x509-12.6/version.h	2020-10-03 10:07:00.000000000 +0300
+-@@ -2,5 +2,4 @@
+- 
+- #define SSH_VERSION	"OpenSSH_8.4"
+- 
+--#define SSH_PORTABLE	"p1"
+--#define SSH_RELEASE	SSH_VERSION SSH_PORTABLE
+-+#define SSH_RELEASE	PACKAGE_STRING ", " SSH_VERSION "p1"
+ diff -ruN openssh-8.4p1/version.m4 openssh-8.4p1+x509-12.6/version.m4
+ --- openssh-8.4p1/version.m4	1970-01-01 02:00:00.000000000 +0200
+ +++ openssh-8.4p1+x509-12.6/version.m4	2020-10-03 10:07:00.000000000 +0300

diff --git a/net-misc/openssh/files/openssh-8.4_p1-hpn-14.22-X509-glue.patch b/net-misc/openssh/files/openssh-8.4_p1-hpn-14.22-X509-glue.patch
new file mode 100644
index 00000000000..9bd600b6a1c
--- /dev/null
+++ b/net-misc/openssh/files/openssh-8.4_p1-hpn-14.22-X509-glue.patch
@@ -0,0 +1,129 @@
+diff -u a/openssh-8_3_P1-hpn-AES-CTR-14.22.diff b/openssh-8_3_P1-hpn-AES-CTR-14.22.diff
+--- a/openssh-8_3_P1-hpn-AES-CTR-14.22.diff	2020-10-04 11:04:44.495171346 -0700
++++ b/openssh-8_3_P1-hpn-AES-CTR-14.22.diff	2020-10-04 11:48:05.099637206 -0700
+@@ -3,9 +3,9 @@
+ --- a/Makefile.in
+ +++ b/Makefile.in
+ @@ -46,7 +46,7 @@ CFLAGS=@CFLAGS@
+- CFLAGS_NOPIE=@CFLAGS_NOPIE@
+- CPPFLAGS=-I. -I$(srcdir) @CPPFLAGS@ $(PATHS) @DEFS@
+- PICFLAG=@PICFLAG@
++ LD=@LD@
++ CFLAGS=@CFLAGS@ $(CFLAGS_EXTRA)
++ CPPFLAGS=-I. -I$(srcdir) @CPPFLAGS@ @LDAP_CPPFLAGS@ $(PATHS) @DEFS@
+ -LIBS=@LIBS@
+ +LIBS=@LIBS@ -lpthread
+  K5LIBS=@K5LIBS@
+@@ -803,7 +803,7 @@
+  ssh_packet_set_connection(struct ssh *ssh, int fd_in, int fd_out)
+  {
+  	struct session_state *state;
+--	const struct sshcipher *none = cipher_by_name("none");
++-	const struct sshcipher *none = cipher_none();
+ +	struct sshcipher *none = cipher_by_name("none");
+  	int r;
+  
+@@ -901,17 +901,18 @@
+  }
+  
+  /*
+-@@ -2203,6 +2210,10 @@ fill_default_options(Options * options)
++@@ -2203,5 +2210,10 @@ fill_default_options(Options * options)
+  	if (options->sk_provider == NULL)
+  		options->sk_provider = xstrdup("$SSH_SK_PROVIDER");
+- #endif
++ 
+ +	if (options->update_hostkeys == -1)
+ +		options->update_hostkeys = 0;
+ +	if (options->disable_multithreaded == -1)
+ +		options->disable_multithreaded = 0;
+- 
+- 	/* Expand KEX name lists */
+- 	all_cipher = cipher_alg_list(',', 0);
+++
++ 	/* expand KEX and etc. name lists */
++ {	char *all;
++ #define ASSEMBLE(what, defaults, all) \
+ diff --git a/readconf.h b/readconf.h
+ index e143a108..1383a3cd 100644
+ --- a/readconf.h
+@@ -950,9 +951,9 @@
+  	/* Portable-specific options */
+  	sUsePAM,
+ +	sDisableMTAES,
+- 	/* Standard Options */
+- 	sPort, sHostKeyFile, sLoginGraceTime,
+- 	sPermitRootLogin, sLogFacility, sLogLevel,
++ 	/* X.509 Standard Options */
++ 	sHostbasedAlgorithms,
++ 	sPubkeyAlgorithms,
+ @@ -679,6 +683,7 @@ static struct {
+  	{ "authorizedprincipalsfile", sAuthorizedPrincipalsFile, SSHCFG_ALL },
+  	{ "kexalgorithms", sKexAlgorithms, SSHCFG_GLOBAL },
+diff -u a/openssh-8_3_P1-hpn-DynWinNoneSwitch-14.22.diff b/openssh-8_3_P1-hpn-DynWinNoneSwitch-14.22.diff
+--- a/openssh-8_3_P1-hpn-DynWinNoneSwitch-14.22.diff	2020-10-04 11:04:37.441213650 -0700
++++ b/openssh-8_3_P1-hpn-DynWinNoneSwitch-14.22.diff	2020-10-04 11:50:55.865616716 -0700
+@@ -382,7 +382,7 @@
+ @@ -888,6 +888,10 @@ kex_choose_conf(struct ssh *ssh)
+  	int nenc, nmac, ncomp;
+  	u_int mode, ctos, need, dh_need, authlen;
+- 	int r, first_kex_follows;
++ 	int r, first_kex_follows = 0;
+ +	int auth_flag;
+ +
+ +	auth_flag = packet_authentication_state(ssh);
+@@ -1193,14 +1193,3 @@
+  # Example of overriding settings on a per-user basis
+  #Match User anoncvs
+  #	X11Forwarding no
+-diff --git a/version.h b/version.h
+-index a2eca3ec..ff654fc3 100644
+---- a/version.h
+-+++ b/version.h
+-@@ -3,4 +3,5 @@
+- #define SSH_VERSION	"OpenSSH_8.3"
+- 
+- #define SSH_PORTABLE	"p1"
+--#define SSH_RELEASE	SSH_VERSION SSH_PORTABLE
+-+#define SSH_HPN         "-hpn14v22"
+-+#define SSH_RELEASE	SSH_VERSION SSH_PORTABLE SSH_HPN
+diff -u a/openssh-8_3_P1-hpn-PeakTput-14.22.diff b/openssh-8_3_P1-hpn-PeakTput-14.22.diff
+--- a/openssh-8_3_P1-hpn-PeakTput-14.22.diff	2020-10-04 11:51:46.409313155 -0700
++++ b/openssh-8_3_P1-hpn-PeakTput-14.22.diff	2020-10-04 11:56:57.407445258 -0700
+@@ -12,9 +12,9 @@
+  static long stalled;		/* how long we have been stalled */
+  static int bytes_per_second;	/* current speed in bytes per second */
+ @@ -127,6 +129,7 @@ refresh_progress_meter(int force_update)
++ 	off_t bytes_left;
+  	int cur_speed;
+- 	int hours, minutes, seconds;
+- 	int file_len;
++ 	int len;
+ +	off_t delta_pos;
+  
+  	if ((!force_update && !alarm_fired && !win_resized) || !can_output())
+@@ -30,15 +30,17 @@
+  	if (bytes_left > 0)
+  		elapsed = now - last_update;
+  	else {
+-@@ -166,7 +173,7 @@ refresh_progress_meter(int force_update)
++@@ -166,8 +173,8 @@ refresh_progress_meter(int force_update)
++ 	buf[1] = '\0';
+  
+  	/* filename */
+- 	buf[0] = '\0';
+--	file_len = win_size - 36;
+-+	file_len = win_size - 45;
+- 	if (file_len > 0) {
+- 		buf[0] = '\r';
+- 		snmprintf(buf+1, sizeof(buf)-1, &file_len, "%-*s",
++-	if (win_size > 36) {
++-		int file_len = win_size - 36;
+++	if (win_size > 45) {
+++		int file_len = win_size - 45;
++ 		snmprintf(buf+1, sizeof(buf)-1, &file_len, "%-*s ",
++ 		    file_len, file);
++ 	}
+ @@ -191,6 +198,15 @@ refresh_progress_meter(int force_update)
+  	    (off_t)bytes_per_second);
+  	strlcat(buf, "/s ", win_size);

diff --git a/net-misc/openssh/openssh-8.4_p1.ebuild b/net-misc/openssh/openssh-8.4_p1-r1.ebuild
similarity index 97%
rename from net-misc/openssh/openssh-8.4_p1.ebuild
rename to net-misc/openssh/openssh-8.4_p1-r1.ebuild
index 6248805da22..34edf4ea761 100644
--- a/net-misc/openssh/openssh-8.4_p1.ebuild
+++ b/net-misc/openssh/openssh-8.4_p1-r1.ebuild
@@ -21,7 +21,7 @@ HPN_PATCHES=(
 )
 
 SCTP_VER="1.2" SCTP_PATCH="${PARCH}-sctp-${SCTP_VER}.patch.xz"
-#X509_VER="12.5.1" X509_PATCH="${PARCH}+x509-${X509_VER}.diff.gz"
+X509_VER="12.6" X509_PATCH="${PARCH}+x509-${X509_VER}.diff.gz"
 
 DESCRIPTION="Port of OpenBSD's free SSH release"
 HOMEPAGE="https://www.openssh.com/"
@@ -189,13 +189,7 @@ src_prepare() {
 		pushd "${hpn_patchdir}" &>/dev/null || die
 		eapply "${FILESDIR}"/${P}-hpn-${HPN_VER}-glue.patch
 		eapply "${FILESDIR}"/${PN}-8.4_p1-hpn-${HPN_VER}-libressl.patch
-		if use X509; then
-		#	einfo "Will disable MT AES cipher due to incompatbility caused by X509 patch set"
-		#	# X509 and AES-CTR-MT don't get along, let's just drop it
-		#	rm openssh-${HPN_PV//./_}-hpn-AES-CTR-${HPN_VER}.diff || die
-
-			eapply "${FILESDIR}"/${PN}-8.2_p1-hpn-${HPN_VER}-X509-glue.patch
-		fi
+		use X509 && eapply "${FILESDIR}"/${PN}-8.4_p1-hpn-${HPN_VER}-X509-glue.patch
 		use sctp && eapply "${FILESDIR}"/${PN}-8.4_p1-hpn-${HPN_VER}-sctp-glue.patch
 		popd &>/dev/null || die
 
@@ -436,7 +430,7 @@ src_install() {
 			|| die "failed to remove scp"
 	fi
 
-	keepdir /var/empty
+	rmdir "${D}"/var/empty || die
 
 	systemd_dounit "${FILESDIR}"/sshd.{service,socket}
 	systemd_newunit "${FILESDIR}"/sshd_at.service 'sshd@.service'