Date: Wednesday, September 7, 2011 @ 22:26:19 Author: bisson Revision: 137502
db-move: moved openssh from [testing] to [core] (x86_64) Added: openssh/repos/core-x86_64/PKGBUILD (from rev 137500, openssh/repos/testing-x86_64/PKGBUILD) openssh/repos/core-x86_64/sshd (from rev 137500, openssh/repos/testing-x86_64/sshd) openssh/repos/core-x86_64/sshd.confd (from rev 137500, openssh/repos/testing-x86_64/sshd.confd) openssh/repos/core-x86_64/sshd.pam (from rev 137500, openssh/repos/testing-x86_64/sshd.pam) Deleted: openssh/repos/core-x86_64/PKGBUILD openssh/repos/core-x86_64/authfile.c.patch openssh/repos/core-x86_64/sshd openssh/repos/core-x86_64/sshd.confd openssh/repos/core-x86_64/sshd.pam openssh/repos/testing-x86_64/ ------------------+ PKGBUILD | 136 +++++++++++++++++------------------- authfile.c.patch | 198 ----------------------------------------------------- sshd | 93 ++++++++++++------------ sshd.confd | 8 +- sshd.pam | 22 ++--- 5 files changed, 126 insertions(+), 331 deletions(-) Deleted: core-x86_64/PKGBUILD =================================================================== --- core-x86_64/PKGBUILD 2011-09-08 02:26:18 UTC (rev 137501) +++ core-x86_64/PKGBUILD 2011-09-08 02:26:19 UTC (rev 137502) @@ -1,70 +0,0 @@ -# $Id$ -# Maintainer: Gaetan Bisson <bis...@archlinux.org> -# Contributor: Aaron Griffin <aa...@archlinux.org> -# Contributor: judd <jvi...@zeroflux.org> - -pkgname=openssh -pkgver=5.8p2 -pkgrel=9 -pkgdesc='Free version of the SSH connectivity tools' -arch=('i686' 'x86_64') -license=('custom:BSD') -url='http://www.openssh.org/portable.html' -backup=('etc/ssh/ssh_config' 'etc/ssh/sshd_config' 'etc/pam.d/sshd' 'etc/conf.d/sshd') -depends=('krb5' 'openssl' 'libedit') -source=("ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/${pkgname}-${pkgver}.tar.gz" - 'authfile.c.patch' - 'sshd.confd' - 'sshd.pam' - 'sshd') -sha1sums=('64798328d310e4f06c9f01228107520adbc8b3e5' - '3669cb5ca6149f69015df5ce8e60b82c540eb0a4' - 'ec102deb69cad7d14f406289d2fc11fee6eddbdd' - '07fecd5880b1c4fdd8c94ddb2e89ddce88effdc1' - '6b7f8ebf0c1cc37137a7d9a53447ac8a0ee6a2b5') - -build() { - cd "${srcdir}/${pkgname}-${pkgver}" - - patch -p1 -i ../authfile.c.patch # fix FS#24693 using http://anoncvs.mindrot.org/index.cgi/openssh/authfile.c?revision=1.95 - - ./configure \ - --prefix=/usr \ - --libexecdir=/usr/lib/ssh \ - --sysconfdir=/etc/ssh \ - --with-privsep-user=nobody \ - --with-md5-passwords \ - --with-pam \ - --with-mantype=man \ - --mandir=/usr/share/man \ - --with-xauth=/usr/bin/xauth \ - --with-kerberos5=/usr \ - --with-ssl-engine \ - --with-libedit=/usr/lib \ - --disable-strip # stripping is done by makepkg - - make -} - -package() { - cd "${srcdir}/${pkgname}-${pkgver}" - make DESTDIR="${pkgdir}" install - - install -Dm755 ../sshd "${pkgdir}"/etc/rc.d/sshd - install -Dm644 ../sshd.pam "${pkgdir}"/etc/pam.d/sshd - install -Dm644 ../sshd.confd "${pkgdir}"/etc/conf.d/sshd - install -Dm644 LICENCE "${pkgdir}/usr/share/licenses/${pkgname}/LICENCE" - - rm "${pkgdir}"/usr/share/man/man1/slogin.1 - ln -sf ssh.1.gz "${pkgdir}"/usr/share/man/man1/slogin.1.gz - - # additional contrib scripts that we like - install -Dm755 contrib/findssl.sh "${pkgdir}"/usr/bin/findssl.sh - install -Dm755 contrib/ssh-copy-id "${pkgdir}"/usr/bin/ssh-copy-id - install -Dm644 contrib/ssh-copy-id.1 "${pkgdir}"/usr/share/man/man1/ssh-copy-id.1 - - # PAM is a common, standard feature to have - sed -i -e '/^#ChallengeResponseAuthentication yes$/c ChallengeResponseAuthentication no' \ - -e '/^#UsePAM no$/c UsePAM yes' \ - "${pkgdir}"/etc/ssh/sshd_config -} Copied: openssh/repos/core-x86_64/PKGBUILD (from rev 137500, openssh/repos/testing-x86_64/PKGBUILD) =================================================================== --- core-x86_64/PKGBUILD (rev 0) +++ core-x86_64/PKGBUILD 2011-09-08 02:26:19 UTC (rev 137502) @@ -0,0 +1,66 @@ +# $Id$ +# Maintainer: Gaetan Bisson <bis...@archlinux.org> +# Contributor: Aaron Griffin <aa...@archlinux.org> +# Contributor: judd <jvi...@zeroflux.org> + +pkgname=openssh +pkgver=5.9p1 +pkgrel=3 +pkgdesc='Free version of the SSH connectivity tools' +arch=('i686' 'x86_64') +license=('custom:BSD') +url='http://www.openssh.org/portable.html' +backup=('etc/ssh/ssh_config' 'etc/ssh/sshd_config' 'etc/pam.d/sshd' 'etc/conf.d/sshd') +depends=('krb5' 'openssl' 'libedit') +source=("ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/${pkgname}-${pkgver}.tar.gz" + 'sshd.confd' + 'sshd.pam' + 'sshd') +sha1sums=('ac4e0055421e9543f0af5da607a72cf5922dcc56' + 'ec102deb69cad7d14f406289d2fc11fee6eddbdd' + '07fecd5880b1c4fdd8c94ddb2e89ddce88effdc1' + '21fa88de6cc1c7912e71655f50896ba17991a1c2') + +build() { + cd "${srcdir}/${pkgname}-${pkgver}" + + ./configure \ + --prefix=/usr \ + --libexecdir=/usr/lib/ssh \ + --sysconfdir=/etc/ssh \ + --with-privsep-user=nobody \ + --with-md5-passwords \ + --with-pam \ + --with-mantype=man \ + --with-xauth=/usr/bin/xauth \ + --with-kerberos5=/usr \ + --with-ssl-engine \ + --with-libedit=/usr/lib \ + --disable-strip # stripping is done by makepkg + + make +} + +package() { + cd "${srcdir}/${pkgname}-${pkgver}" + make DESTDIR="${pkgdir}" install + + install -Dm755 ../sshd "${pkgdir}"/etc/rc.d/sshd + install -Dm644 ../sshd.pam "${pkgdir}"/etc/pam.d/sshd + install -Dm644 ../sshd.confd "${pkgdir}"/etc/conf.d/sshd + install -Dm644 LICENCE "${pkgdir}/usr/share/licenses/${pkgname}/LICENCE" + + rm "${pkgdir}"/usr/share/man/man1/slogin.1 + ln -sf ssh.1.gz "${pkgdir}"/usr/share/man/man1/slogin.1.gz + + # additional contrib scripts that we like + install -Dm755 contrib/findssl.sh "${pkgdir}"/usr/bin/findssl.sh + install -Dm755 contrib/ssh-copy-id "${pkgdir}"/usr/bin/ssh-copy-id + install -Dm644 contrib/ssh-copy-id.1 "${pkgdir}"/usr/share/man/man1/ssh-copy-id.1 + + # PAM is a common, standard feature to have + sed \ + -e '/^#ChallengeResponseAuthentication yes$/c ChallengeResponseAuthentication no' \ + -e '/^#UsePAM no$/c UsePAM yes' \ + -i "${pkgdir}"/etc/ssh/sshd_config +} Deleted: core-x86_64/authfile.c.patch =================================================================== --- core-x86_64/authfile.c.patch 2011-09-08 02:26:18 UTC (rev 137501) +++ core-x86_64/authfile.c.patch 2011-09-08 02:26:19 UTC (rev 137502) @@ -1,198 +0,0 @@ -diff -aur old/authfile.c new/authfile.c ---- old/authfile.c 2011-06-12 02:21:52.262338254 +0200 -+++ new/authfile.c 2011-06-12 02:13:43.051467269 +0200 -@@ -1,4 +1,4 @@ --/* $OpenBSD: authfile.c,v 1.87 2010/11/29 18:57:04 markus Exp $ */ -+/* $OpenBSD: authfile.c,v 1.95 2011/05/29 11:42:08 djm Exp $ */ - /* - * Author: Tatu Ylonen <y...@cs.hut.fi> - * Copyright (c) 1995 Tatu Ylonen <y...@cs.hut.fi>, Espoo, Finland -@@ -69,6 +69,8 @@ - #include "misc.h" - #include "atomicio.h" - -+#define MAX_KEY_FILE_SIZE (1024 * 1024) -+ - /* Version identification string for SSH v1 identity files. */ - static const char authfile_id_string[] = - "SSH PRIVATE KEY FILE FORMAT 1.1\n"; -@@ -312,12 +314,12 @@ - return pub; - } - --/* Load the contents of a key file into a buffer */ --static int -+/* Load a key from a fd into a buffer */ -+int - key_load_file(int fd, const char *filename, Buffer *blob) - { -+ u_char buf[1024]; - size_t len; -- u_char *cp; - struct stat st; - - if (fstat(fd, &st) < 0) { -@@ -325,30 +327,45 @@ - filename == NULL ? "" : filename, - filename == NULL ? "" : " ", - strerror(errno)); -- close(fd); - return 0; - } -- if (st.st_size > 1*1024*1024) { -+ if ((st.st_mode & (S_IFSOCK|S_IFCHR|S_IFIFO)) == 0 && -+ st.st_size > MAX_KEY_FILE_SIZE) { -+ toobig: - error("%s: key file %.200s%stoo large", __func__, - filename == NULL ? "" : filename, - filename == NULL ? "" : " "); -- close(fd); - return 0; - } -- len = (size_t)st.st_size; /* truncated */ -- - buffer_init(blob); -- cp = buffer_append_space(blob, len); -- -- if (atomicio(read, fd, cp, len) != len) { -- debug("%s: read from key file %.200s%sfailed: %.100s", __func__, -- filename == NULL ? "" : filename, -- filename == NULL ? "" : " ", -- strerror(errno)); -+ for (;;) { -+ if ((len = atomicio(read, fd, buf, sizeof(buf))) == 0) { -+ if (errno == EPIPE) -+ break; -+ debug("%s: read from key file %.200s%sfailed: %.100s", -+ __func__, filename == NULL ? "" : filename, -+ filename == NULL ? "" : " ", strerror(errno)); -+ buffer_clear(blob); -+ bzero(buf, sizeof(buf)); -+ return 0; -+ } -+ buffer_append(blob, buf, len); -+ if (buffer_len(blob) > MAX_KEY_FILE_SIZE) { -+ buffer_clear(blob); -+ bzero(buf, sizeof(buf)); -+ goto toobig; -+ } -+ } -+ bzero(buf, sizeof(buf)); -+ if ((st.st_mode & (S_IFSOCK|S_IFCHR|S_IFIFO)) == 0 && -+ st.st_size != buffer_len(blob)) { -+ debug("%s: key file %.200s%schanged size while reading", -+ __func__, filename == NULL ? "" : filename, -+ filename == NULL ? "" : " "); - buffer_clear(blob); -- close(fd); - return 0; - } -+ - return 1; - } - -@@ -606,7 +623,7 @@ - error("@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@"); - error("Permissions 0%3.3o for '%s' are too open.", - (u_int)st.st_mode & 0777, filename); -- error("It is recommended that your private key files are NOT accessible by others."); -+ error("It is required that your private key files are NOT accessible by others."); - error("This private key will be ignored."); - return 0; - } -@@ -626,6 +643,7 @@ - case KEY_UNSPEC: - return key_parse_private_pem(blob, type, passphrase, commentp); - default: -+ error("%s: cannot parse key type %d", __func__, type); - break; - } - return NULL; -@@ -670,11 +688,38 @@ - } - - Key * -+key_parse_private(Buffer *buffer, const char *filename, -+ const char *passphrase, char **commentp) -+{ -+ Key *pub, *prv; -+ Buffer pubcopy; -+ -+ buffer_init(&pubcopy); -+ buffer_append(&pubcopy, buffer_ptr(buffer), buffer_len(buffer)); -+ /* it's a SSH v1 key if the public key part is readable */ -+ pub = key_parse_public_rsa1(&pubcopy, commentp); -+ buffer_free(&pubcopy); -+ if (pub == NULL) { -+ prv = key_parse_private_type(buffer, KEY_UNSPEC, -+ passphrase, NULL); -+ /* use the filename as a comment for PEM */ -+ if (commentp && prv) -+ *commentp = xstrdup(filename); -+ } else { -+ key_free(pub); -+ /* key_parse_public_rsa1() has already loaded the comment */ -+ prv = key_parse_private_type(buffer, KEY_RSA1, passphrase, -+ NULL); -+ } -+ return prv; -+} -+ -+Key * - key_load_private(const char *filename, const char *passphrase, - char **commentp) - { -- Key *pub, *prv; -- Buffer buffer, pubcopy; -+ Key *prv; -+ Buffer buffer; - int fd; - - fd = open(filename, O_RDONLY); -@@ -697,23 +742,7 @@ - } - close(fd); - -- buffer_init(&pubcopy); -- buffer_append(&pubcopy, buffer_ptr(&buffer), buffer_len(&buffer)); -- /* it's a SSH v1 key if the public key part is readable */ -- pub = key_parse_public_rsa1(&pubcopy, commentp); -- buffer_free(&pubcopy); -- if (pub == NULL) { -- prv = key_parse_private_type(&buffer, KEY_UNSPEC, -- passphrase, NULL); -- /* use the filename as a comment for PEM */ -- if (commentp && prv) -- *commentp = xstrdup(filename); -- } else { -- key_free(pub); -- /* key_parse_public_rsa1() has already loaded the comment */ -- prv = key_parse_private_type(&buffer, KEY_RSA1, passphrase, -- NULL); -- } -+ prv = key_parse_private(&buffer, filename, passphrase, commentp); - buffer_free(&buffer); - return prv; - } -@@ -737,13 +766,19 @@ - case '\0': - continue; - } -+ /* Abort loading if this looks like a private key */ -+ if (strncmp(cp, "-----BEGIN", 10) == 0) -+ break; - /* Skip leading whitespace. */ - for (; *cp && (*cp == ' ' || *cp == '\t'); cp++) - ; - if (*cp) { - if (key_read(k, &cp) == 1) { -- if (commentp) -- *commentp=xstrdup(filename); -+ cp[strcspn(cp, "\r\n")] = '\0'; -+ if (commentp) { -+ *commentp = xstrdup(*cp ? -+ cp : filename); -+ } - fclose(f); - return 1; - } Deleted: core-x86_64/sshd =================================================================== --- core-x86_64/sshd 2011-09-08 02:26:18 UTC (rev 137501) +++ core-x86_64/sshd 2011-09-08 02:26:19 UTC (rev 137502) @@ -1,48 +0,0 @@ -#!/bin/bash - -. /etc/rc.conf -. /etc/rc.d/functions -. /etc/conf.d/sshd - -PIDFILE=/var/run/sshd.pid -PID=$(cat $PIDFILE 2>/dev/null) -if ! readlink -q /proc/$PID/exe | grep -q '^/usr/sbin/sshd'; then - PID= - rm $PIDFILE 2>/dev/null -fi - -case "$1" in - start) - stat_busy "Starting Secure Shell Daemon" - [ -f /etc/ssh/ssh_host_key ] || { /usr/bin/ssh-keygen -t rsa1 -N "" -f /etc/ssh/ssh_host_key >/dev/null; } - [ -f /etc/ssh/ssh_host_rsa_key ] || { /usr/bin/ssh-keygen -t rsa -N "" -f /etc/ssh/ssh_host_rsa_key >/dev/null; } - [ -f /etc/ssh/ssh_host_dsa_key ] || { /usr/bin/ssh-keygen -t dsa -N "" -f /etc/ssh/ssh_host_dsa_key >/dev/null; } - [ -f /etc/ssh/ssh_host_ecdsa_key ] || { /usr/bin/ssh-keygen -t ecdsa -N "" -f /etc/ssh/ssh_host_ecdsa_key >/dev/null; } - [ -d /var/empty ] || mkdir -p /var/empty - [ -z "$PID" ] && /usr/sbin/sshd $SSHD_ARGS - if [ $? -gt 0 ]; then - stat_fail - else - add_daemon sshd - stat_done - fi - ;; - stop) - stat_busy "Stopping Secure Shell Daemon" - [ ! -z "$PID" ] && kill $PID &> /dev/null - if [ $? -gt 0 ]; then - stat_fail - else - rm_daemon sshd - stat_done - fi - ;; - restart) - $0 stop - sleep 1 - $0 start - ;; - *) - echo "usage: $0 {start|stop|restart}" -esac -exit 0 Copied: openssh/repos/core-x86_64/sshd (from rev 137500, openssh/repos/testing-x86_64/sshd) =================================================================== --- core-x86_64/sshd (rev 0) +++ core-x86_64/sshd 2011-09-08 02:26:19 UTC (rev 137502) @@ -0,0 +1,45 @@ +#!/bin/bash + +. /etc/rc.conf +. /etc/rc.d/functions +. /etc/conf.d/sshd + +PIDFILE=/var/run/sshd.pid +PID=$(cat $PIDFILE 2>/dev/null) +if ! readlink -q /proc/$PID/exe | grep -q '^/usr/sbin/sshd'; then + PID= + rm $PIDFILE 2>/dev/null +fi + +case "$1" in + start) + stat_busy 'Starting Secure Shell Daemon' + /usr/bin/ssh-keygen -A + [[ -d /var/empty ]] || mkdir -p /var/empty + [[ -z $PID ]] && /usr/sbin/sshd $SSHD_ARGS + if [[ $? -gt 0 ]]; then + stat_fail + else + add_daemon sshd + stat_done + fi + ;; + stop) + stat_busy 'Stopping Secure Shell Daemon' + [[ ! -z $PID ]] && kill $PID &> /dev/null + if [[ $? -gt 0 ]]; then + stat_fail + else + rm_daemon sshd + stat_done + fi + ;; + restart) + $0 stop + sleep 1 + $0 start + ;; + *) + echo "usage: $0 {start|stop|restart}" +esac +exit 0 Deleted: core-x86_64/sshd.confd =================================================================== --- core-x86_64/sshd.confd 2011-09-08 02:26:18 UTC (rev 137501) +++ core-x86_64/sshd.confd 2011-09-08 02:26:19 UTC (rev 137502) @@ -1,4 +0,0 @@ -# -# Parameters to be passed to sshd -# -SSHD_ARGS="" Copied: openssh/repos/core-x86_64/sshd.confd (from rev 137500, openssh/repos/testing-x86_64/sshd.confd) =================================================================== --- core-x86_64/sshd.confd (rev 0) +++ core-x86_64/sshd.confd 2011-09-08 02:26:19 UTC (rev 137502) @@ -0,0 +1,4 @@ +# +# Parameters to be passed to sshd +# +SSHD_ARGS="" Deleted: core-x86_64/sshd.pam =================================================================== --- core-x86_64/sshd.pam 2011-09-08 02:26:18 UTC (rev 137501) +++ core-x86_64/sshd.pam 2011-09-08 02:26:19 UTC (rev 137502) @@ -1,11 +0,0 @@ -#%PAM-1.0 -#auth required pam_securetty.so #Disable remote root -auth required pam_unix.so -auth required pam_env.so -account required pam_nologin.so -account required pam_unix.so -account required pam_time.so -password required pam_unix.so -session required pam_unix_session.so -session required pam_limits.so --session optional pam_ck_connector.so nox11 Copied: openssh/repos/core-x86_64/sshd.pam (from rev 137500, openssh/repos/testing-x86_64/sshd.pam) =================================================================== --- core-x86_64/sshd.pam (rev 0) +++ core-x86_64/sshd.pam 2011-09-08 02:26:19 UTC (rev 137502) @@ -0,0 +1,11 @@ +#%PAM-1.0 +#auth required pam_securetty.so #Disable remote root +auth required pam_unix.so +auth required pam_env.so +account required pam_nologin.so +account required pam_unix.so +account required pam_time.so +password required pam_unix.so +session required pam_unix_session.so +session required pam_limits.so +-session optional pam_ck_connector.so nox11