commit: 15b76ad7d7924c0d21c1aa002ed8a89138732d4f
Author: Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
AuthorDate: Thu Jan 14 15:46:22 2016 +0000
Commit: Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
CommitDate: Thu Jan 14 15:49:05 2016 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=15b76ad7
net-misc/openssh: Removed old.
Package-Manager: portage-2.2.26
Signed-off-by: Lars Wendler <polynomial-c <AT> gentoo.org>
net-misc/openssh/Manifest | 16 -
.../openssh/files/openssh-6.6.1_p1-x509-glue.patch | 17 --
.../files/openssh-6.6.1_p1-x509-hpn14v5-glue.patch | 26 --
.../files/openssh-6.7_p1-sctp-x509-glue.patch | 42 ---
.../openssh-6.7_p1-sshd-gssapi-multihomed.patch | 162 ----------
.../openssh/files/openssh-6.7_p1-x509-glue.patch | 46 ---
.../files/openssh-6.7_p1-xmalloc-include.patch | 11 -
.../files/openssh-6.8_p1-sctp-x509-glue.patch | 90 ------
.../files/openssh-6.8_p1-ssh-keygen-no-ssh1.patch | 40 ---
.../openssh-6.8_p1-sshd-gssapi-multihomed.patch | 162 ----------
.../files/openssh-6.8_p1-teraterm-hpn-glue.patch | 15 -
.../openssh/files/openssh-6.8_p1-teraterm.patch | 69 -----
net-misc/openssh/openssh-6.7_p1-r4.ebuild | 323 --------------------
net-misc/openssh/openssh-6.7_p1.ebuild | 322 --------------------
net-misc/openssh/openssh-6.8_p1-r5.ebuild | 331 ---------------------
net-misc/openssh/openssh-6.9_p1-r1.ebuild | 322 --------------------
net-misc/openssh/openssh-6.9_p1-r2.ebuild | 310 -------------------
net-misc/openssh/openssh-7.0_p1.ebuild | 323 --------------------
net-misc/openssh/openssh-7.1_p1-r1.ebuild | 328 --------------------
net-misc/openssh/openssh-7.1_p1.ebuild | 325 --------------------
20 files changed, 3280 deletions(-)
diff --git a/net-misc/openssh/Manifest b/net-misc/openssh/Manifest
index cf1e7a0..c7e4e9d 100644
--- a/net-misc/openssh/Manifest
+++ b/net-misc/openssh/Manifest
@@ -1,21 +1,5 @@
-DIST openssh-6.7_p1-sctp.patch.xz 7408 SHA256
b33e82309195f2a3f21a9fb14e6da2080b096dcf0d6f1c36c93cdeac683fdd59 SHA512
35da5e58f857e8b24e63b4058e946b71fdf0fecc637cb7af0ba8913869e5aadf8317805838936c84dc24421f03c5c91e1670761bed152fdf325c5a509f1b5d04
WHIRLPOOL
cc7bace4aa60d720914e3a6a4ff650b7543d9e4963deab12c19cb5d798547b4fe547690946ff8955e121339e9a3d0ebe06f3ff758cca4bb81a09ac43fc877f58
-DIST openssh-6.7p1+x509-8.2.diff.gz 241798 SHA256
85acfcd560b40d4533b82a4e3f443b7137b377868bab424dacdf00581c83240f SHA512
d33ece7ddf382235b032875cf961845b308dc5e4cd1888cb68fee11c95066bb90938f9043cb9410f372efb578b61dfd5d50341da95a92fab5a4c209ac54e1f5e
WHIRLPOOL
b1fe2b88f0e77312099171f5c83dc670abc4c40d215fdff1e43161e44f806de9e0537cfa3a0001e1c7bbc0d0aed555079455f88b8ff313b00d8e9a19dabcb7d8
-DIST openssh-6.7p1-hpnssh14v5.tar.xz 25652 SHA256
7284db65548b6b04142930da86972f96b1f5aa8ad3fc125134412f904f369d7e SHA512
21929805f40c79684ee3ecdb2b495d3204dca90b932aa633c4e0f6a093a417259cdeee10b3e49f3dff426febc6792f45ee23cc0688f05bf047630f3016e0926a
WHIRLPOOL
5515cd4c745b061a3e92ac03e8121fb3ffc4b2ff116140625ca7ab2c0211c673b6345e5b08134df8b1743e03f9964017e789e1f0b9da99a0fd5970e14665e681
-DIST openssh-6.7p1.tar.gz 1351367 SHA256
b2f8394eae858dabbdef7dac10b99aec00c95462753e80342e530bbb6f725507 SHA512
2469dfcd289948374843311dd9e5f7e144ce1cebd4bfce0d387d0b75cb59f3e1af1b9ebf96bd4ab6407dfa77a013c5d25742971053e61cae2541054aeaca559d
WHIRLPOOL
ac8ce86d0f6c78c4cb3624b480f189f951d508db38b22d7a5550b7302d5277c1c7d18eaa713d52139abc0f77edacfdb03ced2603125e3ddf9bc09c69e6b70518
DIST openssh-6.8_p1-sctp.patch.xz 7388 SHA256
2c74dd00aaae9f4de908d8e5685ae982779a5069996b98d55e8408eada739a19 SHA512
f93a1d27bc3e57a6d4fa717c9d5ece4f28196f8539cb2f2efc4285dce9a2e94a3f5a59d18fc01ea73a94e90630cee7621240455fce146f781cf7091a828f2db0
WHIRLPOOL
7fb3346c3444654988303ff2a941345c00412a8012d6d419c9e4f870ef4c3362f92a4020d7bff2dc5d1ff9e42cf7287c4346909f8db07154783d5359a73a7476
-DIST openssh-6.8_p1-x509-8.3.1-glue.patch.xz 141096 SHA256
1e8c911b1403e47a37c24d0ebbfa36d46204c06b38d93ed9ae6d2a0953d3bba6 SHA512
942f09f20d898b4865707b5b48012545d7f8171353427ddb773cffaf1b8c664f48375cb85292592ccba63da695e99def42d17c52a61bb93b89827f53cf3ad918
WHIRLPOOL
66ace7a191a562485ee144516912dee52c84fcfbe8b710b3429211cd9d849dc24d4419c5fa6fd3968f9ab250cf474a692db326c2ac3ef930081b8a5777875a73
-DIST openssh-6.8p1+x509-8.3.1.diff.gz 351502 SHA256
64d0b7cd428352a2d77d9decb02ec744eca4433bcb35288745859eb19ccf4fcf SHA512
6525b7ddae13752f145bda42fe6d65ec40a8c9d44766b749cf49ff904d6b1941e088e560c2a532a3dc0003ac1e29d56a28ea3ed1533ee5abcd696cd80ae88d8e
WHIRLPOOL
32f45411d250b7c46f2408bfca6b12223e901fa15c27db449c06cd5b1ab7a0e853fffed5971ca635c5080d1796196a8661b8d1503bdcdb28d61e0d082f28590b
-DIST openssh-6.8p1-r5-hpnssh14v5.tar.xz 27240 SHA256
4fe25701ea8717e88bf2355a76fb5370819f927af99efba3e4f06fe3264fbf58 SHA512
29a2086c6bf868bb1c8d2601e1ac83a82de48ed9f9cf6a3762b3f899112d939507b563d0117b4bec87008dd0434e0735e4a4f8c779a64d719d3873224918d16c
WHIRLPOOL
a4f3e841530d08363c94dfb55911e79f130668e459dc2e1ebb477c14dcf7d3bd71ad63c55e0ff2ba80684e67a8f40867b0a9fd01aabe3fe1533ef604f84a76b3
-DIST openssh-6.8p1.tar.gz 1475953 SHA256
3ff64ce73ee124480b5bf767b9830d7d3c03bbcb6abe716b78f0192c37ce160e SHA512
7c4457e4525a56cdabb1164ffaf6bed1c094294ae7d06dd3484dcffcd87738fcffe7019b6cae0032c254b0389832644522d5a9f2603b50637ffeb9999b5fcede
WHIRLPOOL
3ac9cc4fe0b11ca66c0220618d0ef0c5925e5605d4d3d55c9579b708c478cf8613b7575fe213aba57054d97d3290baac4eba26b7a630d22477ec947f22327a5a
-DIST openssh-6.9p1+x509-8.4.diff.gz 425687 SHA256
0ed8bfff0d2ecd9f3791ae1f168ca3270bb66d7ab7bc0a8ff2d61d2ab829c3fb SHA512
596cb65408db06fb299b92160147685b001dc23929ecf5c4bd11a8b0475d79695c7b4dbe8a878d7fbcd944155935fd62a14e35c79204b39e413f5eaa961ef76c
WHIRLPOOL
771fa0f4f6a20ed49ba201605fcdcbfc41a0f094ef4a89ca2433ee51b7c8bf99cc266f26bd7877c61ff92e9a50c7d65119ba75ba64eaa029bd567bab3ee243c2
-DIST openssh-6.9p1-hpnssh14v5.tar.xz 25164 SHA256
67c0b043525c838522d17ba8ed3ffa81aa212ae0f43c3d989a3e649fd0a2ca48 SHA512
bef32f6dd97e949e0973d30248401b86233ca66ace750c5050158a748fe279db46c8ee59b6f3de2193f52bab3a1c19372296b86136d7d65a312769008d0acf3a
WHIRLPOOL
65241de2409bfe452b0bcf6282f0571a2bbf6d02d4d5cb97db78bd42e8be439c47da8a54d33272a85d50d648e2e4af56b574bc8add56c65e2ff9ccd59b90f65c
-DIST openssh-6.9p1-r1-hpnssh14v5.tar.xz 21396 SHA256
84e9e28a1488ccf66e29a7c90442b3bc4833a6fa186260fb6853b5a1b19c0beb SHA512
476064dbdb3d82b86ad7c481a4a301ff0d46bd281fe7ca0c29f34ae50b0034028760997ae2c934a265499c154f4534d35ead647aa63d1a4545ed503a5364eada
WHIRLPOOL
74eaf2fe0a6ecd0e2fa5078034628d4c76c75b121f3c813ff8a098ab28363daa3800d03936046aa3aebbfdab3afd31ef30a207399f5e305d7f71e5f3c7e4f4a7
-DIST openssh-6.9p1.tar.gz 1487617 SHA256
6e074df538f357d440be6cf93dc581a21f22d39e236f217fcd8eacbb6c896cfe SHA512
68fec9b4e512fe126a5d35b01e2cc656d810b75052ed8a36bc85cd0a05de7318b15ed287bc95cf9bcb3fa2f385029151d85aced55e07fbcc79e6c779bee6751d
WHIRLPOOL
1dcb291383c9f934b512f61ce9f6e0319f22e112ce3f6eace2a868ca0f99c709c65bae14a9815e2ef237f8132fe72c583cffb7ea20bdfa2aaa77cf347967be7f
-DIST openssh-7.0p1+x509-8.5.diff.gz 411960 SHA256
6000557f1ddae06aff8837d440d93342a923fada571fec59fc5dedf388fb5f9e SHA512
1241419ea32a21b0ef15fb3845344c9b1126ecee94265b074e60af794eacdb39a98983040a61b9f169e0a6d5a0a248e1bbf9d9b3e56df50cb382441a26dddafd
WHIRLPOOL
117e8c9bb05ded7fdf261e9aca709540e0a3817bc5b3e70472e8c802063e37ee24feae4c1b3a909177ab163e53c2d614b4f0fc75aad1ca44c0e0584eeff55a81
-DIST openssh-7.0p1-hpnssh14v5.tar.xz 21428 SHA256
6032c4547c9f83a6f648ac7c39cdad2bd6fd725e5f3ab2411c5b30298aae1451 SHA512
d4cf4a628c11515bfe8c3a91b4b7039fca28c2f89ad1dde062c4cb433b984b10dec2d37b1f338f18aa7813e60d8608b65ca95b930edc33086710b82780875942
WHIRLPOOL
7b686f243c98017453b3da3e98b7524650b4a0a75fda6add80c7c233d468194d1d1333ffa4445c20856d807548aaa356c87a03ca87d8995a4b7ba350c7714d1e
-DIST openssh-7.0p1.tar.gz 1493376 SHA256
fd5932493a19f4c81153d812ee4e042b49bbd3b759ab3d9344abecc2bc1485e5 SHA512
d82aa8e85630c3e2102e69da477185e0d30d84211d7d4ee0a1d9822bd234d649fe369bf91ce3d2b5ef0caee687d383cb761b682d3bf24bccbd2ce9a1fe9d9f50
WHIRLPOOL
bb8007450ffee580df5a73e3d6ab9b54b7151c46c3b996516e5cb776034be21cbef1281a520279655137e218a757d8092cba3f66e216c6b4c6828876540cb5df
DIST openssh-7.1p1+x509-8.6.diff.gz 413931 SHA256
cbf661a1fec080dc9ed335a290414154326c2a13f124985db050b86a91073d52 SHA512
c91d0f1b69b6d34984e94b391ad022271e73d0634cef2df355ba555366bc38d30649b478f245b6c51ce79d71adf1b693bc97826e6c6013a78e7ccfb7023b4bcc
WHIRLPOOL
4ed4427e80026996c43a188d7d45f2c53fa6a7fd842a248b1225b27f3e9037e761f0ed172d79b53ada81c24d958a2193e94d918f6ca1320e45d5e68379845981
DIST openssh-7.1p1-hpnssh14v9.tar.xz 21580 SHA256
a795c2f2621f537b3fd98172cbd1f7c71869e4da78cd280d123fa19ae4262b97 SHA512
6ce151949bf81b5518b95092a2f18d2f24581954e2c629deaf3c1d10136f32f830567aafb9b4045547e95e3ab63cf750e240eac40e2b9caa6d71cb2b132821ec
WHIRLPOOL
8e3c9a1d79112092a6cb42c6766ccdf61e5d8fcd366ea5c7d3bab94cf309bcc12f3761476a288158638a340023aa24519d888caac19fb0ef25fa56bdab06412c
DIST openssh-7.1p1.tar.gz 1493170 SHA256
fc0a6d2d1d063d5c66dffd952493d0cda256cad204f681de0f84ef85b2ad8428 SHA512
f1491ca5a0a733eb27ede966590642a412cb7be7178dcb7b9e5844bbdc8383032f4b00435192b95fc0365b6fe74d6c5ac8d6facbe9d51e1532d049e2f784e8f7
WHIRLPOOL
a650a93657f930d20dc3fa24ab720857f63f7cd0a82d1906cf1e58145e866129207851d5e587d678655e5731fa73221ab9b6ea0754533100c25fe2acaa442e05
-DIST openssh-lpk-6.7p1-0.3.14.patch.xz 16920 SHA256
0203e6e44e41d58ec46d1611d7efc985134e662bbee51632c29f43ae809003f0 SHA512
344ccde4a04aeb1500400f779e64b2d8a5ad2970de3c4c343ca9605758e22d3812ef5453cd3221b18ad74a9762583c62417879107e4e1dda1398a6a65bcd04b2
WHIRLPOOL
5b6beeb743d04deea70c8b471a328b5f056fd4651e1370c7882e5d12f54fa2170486dcd6f97aa8c58e80af9a2d4012e2dfbcf53185317976d309783ca8d6cf73
DIST openssh-lpk-6.8p1-0.3.14.patch.xz 16940 SHA256
d5f048dc7e9d3fca085c152fc31306f1d8fa793e524c538295915b075ec085b0 SHA512
2470b6b46f8c7ac985f82d14b788a3eb81a468a1d5013cb7f89257d9dd78b6037e24bf54ac57b757db8ed1df24332d659cf918c11ea73592fd24a69c25a54081
WHIRLPOOL
b041ee9e0efdf370686f11df4131ab5e5ffb2f11cc66c386a8223bf563c5b78ab9443f06e4adc2e506e440cdec9dc5b20f5972cd8d691d786d2f903bb49b947b
diff --git a/net-misc/openssh/files/openssh-6.6.1_p1-x509-glue.patch
b/net-misc/openssh/files/openssh-6.6.1_p1-x509-glue.patch
deleted file mode 100644
index 2a34ee9..0000000
--- a/net-misc/openssh/files/openssh-6.6.1_p1-x509-glue.patch
+++ /dev/null
@@ -1,17 +0,0 @@
-Make x509 apply after openssh-5.9_p1-sshd-gssapi-multihomed.patch.
-
---- openssh-6.6p1+x509-8.0.diff
-+++ openssh-6.6p1+x509-8.0.diff
-@@ -16337,10 +16337,10 @@
- .It Cm ChallengeResponseAuthentication
- Specifies whether challenge-response authentication is allowed (e.g. via
- PAM or though authentication styles supported in
--@@ -499,6 +576,16 @@
-+@@ -514,6 +591,16 @@
-+ This facility is provided to assist with operation on multi homed machines.
- The default is
- .Dq yes .
-- Note that this option applies to protocol version 2 only.
- +.It Cm HostbasedAlgorithms
- +Specifies the protocol version 2 algorithms used in
- +.Dq hostbased
diff --git a/net-misc/openssh/files/openssh-6.6.1_p1-x509-hpn14v5-glue.patch
b/net-misc/openssh/files/openssh-6.6.1_p1-x509-hpn14v5-glue.patch
deleted file mode 100644
index beb2292..0000000
--- a/net-misc/openssh/files/openssh-6.6.1_p1-x509-hpn14v5-glue.patch
+++ /dev/null
@@ -1,26 +0,0 @@
-make the hpn patch apply when the x509 patch has also been applied
-
---- openssh-6.6.1p1-hpnssh14v5.diff
-+++ openssh-6.6.1p1-hpnssh14v5.diff
-@@ -1742,18 +1742,14 @@
- if (options->ip_qos_interactive == -1)
- options->ip_qos_interactive = IPTOS_LOWDELAY;
- if (options->ip_qos_bulk == -1)
--@@ -345,9 +392,10 @@
-+@@ -345,6 +392,7 @@
- sUsePrivilegeSeparation, sAllowAgentForwarding,
- sHostCertificate,
- sRevokedKeys, sTrustedUserCAKeys, sAuthorizedPrincipalsFile,
--+ sTcpRcvBufPoll, sHPNDisabled, sHPNBufferSize,
-++ sTcpRcvBufPoll, sHPNDisabled, sHPNBufferSize, sNoneEnabled,
- sKexAlgorithms, sIPQoS, sVersionAddendum,
- sAuthorizedKeysCommand, sAuthorizedKeysCommandUser,
--- sAuthenticationMethods, sHostKeyAgent,
--+ sAuthenticationMethods, sNoneEnabled, sHostKeyAgent,
-- sDeprecated, sUnsupported
-- } ServerOpCodes;
--
-+ sAuthenticationMethods, sHostKeyAgent,
- @@ -468,6 +516,10 @@
- { "revokedkeys", sRevokedKeys, SSHCFG_ALL },
- { "trustedusercakeys", sTrustedUserCAKeys, SSHCFG_ALL },
diff --git a/net-misc/openssh/files/openssh-6.7_p1-sctp-x509-glue.patch
b/net-misc/openssh/files/openssh-6.7_p1-sctp-x509-glue.patch
deleted file mode 100644
index bd0b7ce..0000000
--- a/net-misc/openssh/files/openssh-6.7_p1-sctp-x509-glue.patch
+++ /dev/null
@@ -1,42 +0,0 @@
---- openssh-6.7_p1-sctp.patch.orig 2014-11-24 10:34:31.817538707 -0800
-+++ openssh-6.7_p1-sctp.patch 2014-11-24 10:38:52.744990154 -0800
-@@ -195,14 +195,6 @@
- .Op Fl c Ar cipher
- .Op Fl F Ar ssh_config
- .Op Fl i Ar identity_file
--@@ -178,6 +178,7 @@ For full details of the options listed b
-- .It ServerAliveCountMax
-- .It StrictHostKeyChecking
-- .It TCPKeepAlive
--+.It Transport
-- .It UsePrivilegedPort
-- .It User
-- .It UserKnownHostsFile
- @@ -218,6 +219,8 @@ and
- to print debugging messages about their progress.
- This is helpful in
-@@ -482,14 +474,6 @@
- .Op Fl b Ar bind_address
- .Op Fl c Ar cipher_spec
- .Op Fl D Oo Ar bind_address : Oc Ns Ar port
--@@ -473,6 +473,7 @@ For full details of the options listed b
-- .It StreamLocalBindUnlink
-- .It StrictHostKeyChecking
-- .It TCPKeepAlive
--+.It Transport
-- .It Tunnel
-- .It TunnelDevice
-- .It UsePrivilegedPort
- @@ -665,6 +666,8 @@ Trusted X11 forwardings are not subjecte
- controls.
- .It Fl y
-@@ -527,7 +511,7 @@
-- again:
-+
- - while ((opt = getopt(ac, av, "1246ab:c:e:fgi:kl:m:no:p:qstvx"
- + while ((opt = getopt(ac, av, "1246ab:c:e:fgi:kl:m:no:p:qstvx" SCTP_OPT
-- "ACD:E:F:I:KL:MNO:PQ:R:S:TVw:W:XYy")) != -1) {
-+ "ACD:E:F:" ENGCONFIG "I:KL:MNO:PQ:R:S:TVw:W:XYy")) != -1) {
- switch (opt) {
- case '1':
- @@ -732,6 +738,11 @@ main(int ac, char **av)
diff --git a/net-misc/openssh/files/openssh-6.7_p1-sshd-gssapi-multihomed.patch
b/net-misc/openssh/files/openssh-6.7_p1-sshd-gssapi-multihomed.patch
deleted file mode 100644
index 96818e4..0000000
--- a/net-misc/openssh/files/openssh-6.7_p1-sshd-gssapi-multihomed.patch
+++ /dev/null
@@ -1,162 +0,0 @@
-https://bugs.gentoo.org/378361
-https://bugzilla.mindrot.org/show_bug.cgi?id=928
-
---- a/gss-serv.c
-+++ b/gss-serv.c
-@@ -41,9 +41,12 @@
- #include "channels.h"
- #include "session.h"
- #include "misc.h"
-+#include "servconf.h"
-
- #include "ssh-gss.h"
-
-+extern ServerOptions options;
-+
- static ssh_gssapi_client gssapi_client =
- { GSS_C_EMPTY_BUFFER, GSS_C_EMPTY_BUFFER,
- GSS_C_NO_CREDENTIAL, NULL, {NULL, NULL, NULL}};
-@@ -77,25 +80,32 @@ ssh_gssapi_acquire_cred(Gssctxt *ctx)
- char lname[NI_MAXHOST];
- gss_OID_set oidset;
-
-- gss_create_empty_oid_set(&status, &oidset);
-- gss_add_oid_set_member(&status, ctx->oid, &oidset);
--
-- if (gethostname(lname, sizeof(lname))) {
-- gss_release_oid_set(&status, &oidset);
-- return (-1);
-- }
-+ if (options.gss_strict_acceptor) {
-+ gss_create_empty_oid_set(&status, &oidset);
-+ gss_add_oid_set_member(&status, ctx->oid, &oidset);
-+
-+ if (gethostname(lname, MAXHOSTNAMELEN)) {
-+ gss_release_oid_set(&status, &oidset);
-+ return (-1);
-+ }
-+
-+ if (GSS_ERROR(ssh_gssapi_import_name(ctx, lname))) {
-+ gss_release_oid_set(&status, &oidset);
-+ return (ctx->major);
-+ }
-+
-+ if ((ctx->major = gss_acquire_cred(&ctx->minor,
-+ ctx->name, 0, oidset, GSS_C_ACCEPT, &ctx->creds,
-+ NULL, NULL)))
-+ ssh_gssapi_error(ctx);
-
-- if (GSS_ERROR(ssh_gssapi_import_name(ctx, lname))) {
- gss_release_oid_set(&status, &oidset);
- return (ctx->major);
-+ } else {
-+ ctx->name = GSS_C_NO_NAME;
-+ ctx->creds = GSS_C_NO_CREDENTIAL;
- }
--
-- if ((ctx->major = gss_acquire_cred(&ctx->minor,
-- ctx->name, 0, oidset, GSS_C_ACCEPT, &ctx->creds, NULL, NULL)))
-- ssh_gssapi_error(ctx);
--
-- gss_release_oid_set(&status, &oidset);
-- return (ctx->major);
-+ return GSS_S_COMPLETE;
- }
-
- /* Privileged */
---- a/servconf.c
-+++ b/servconf.c
-@@ -86,6 +86,7 @@ initialize_server_options(ServerOptions
- options->kerberos_get_afs_token = -1;
- options->gss_authentication=-1;
- options->gss_cleanup_creds = -1;
-+ options->gss_strict_acceptor = -1;
- options->password_authentication = -1;
- options->kbd_interactive_authentication = -1;
- options->challenge_response_authentication = -1;
-@@ -200,6 +201,8 @@ fill_default_server_options(ServerOption
- options->gss_authentication = 0;
- if (options->gss_cleanup_creds == -1)
- options->gss_cleanup_creds = 1;
-+ if (options->gss_strict_acceptor == -1)
-+ options->gss_strict_acceptor = 0;
- if (options->password_authentication == -1)
- options->password_authentication = 1;
- if (options->kbd_interactive_authentication == -1)
-@@ -277,7 +280,8 @@ typedef enum {
- sBanner, sUseDNS, sHostbasedAuthentication,
- sHostbasedUsesNameFromPacketOnly, sClientAliveInterval,
- sClientAliveCountMax, sAuthorizedKeysFile,
-- sGssAuthentication, sGssCleanupCreds, sAcceptEnv, sPermitTunnel,
-+ sGssAuthentication, sGssCleanupCreds, sGssStrictAcceptor,
-+ sAcceptEnv, sPermitTunnel,
- sMatch, sPermitOpen, sForceCommand, sChrootDirectory,
- sUsePrivilegeSeparation, sAllowAgentForwarding,
- sZeroKnowledgePasswordAuthentication, sHostCertificate,
-@@ -327,9 +331,11 @@ static struct {
- #ifdef GSSAPI
- { "gssapiauthentication", sGssAuthentication, SSHCFG_ALL },
- { "gssapicleanupcredentials", sGssCleanupCreds, SSHCFG_GLOBAL },
-+ { "gssapistrictacceptorcheck", sGssStrictAcceptor, SSHCFG_GLOBAL },
- #else
- { "gssapiauthentication", sUnsupported, SSHCFG_ALL },
- { "gssapicleanupcredentials", sUnsupported, SSHCFG_GLOBAL },
-+ { "gssapistrictacceptorcheck", sUnsupported, SSHCFG_GLOBAL },
- #endif
- { "passwordauthentication", sPasswordAuthentication, SSHCFG_ALL },
- { "kbdinteractiveauthentication", sKbdInteractiveAuthentication,
SSHCFG_ALL },
-@@ -850,6 +856,10 @@ process_server_config_line(ServerOptions
-
- case sGssCleanupCreds:
- intptr = &options->gss_cleanup_creds;
-+ goto parse_flag;
-+
-+ case sGssStrictAcceptor:
-+ intptr = &options->gss_strict_acceptor;
- goto parse_flag;
-
- case sPasswordAuthentication:
---- a/servconf.h
-+++ b/servconf.h
-@@ -92,6 +92,7 @@ typedef struct {
- * authenticated with Kerberos.
*/
- int gss_authentication; /* If true, permit GSSAPI
authentication */
- int gss_cleanup_creds; /* If true, destroy cred cache on
logout */
-+ int gss_strict_acceptor; /* If true, restrict the GSSAPI
acceptor name */
- int password_authentication; /* If true, permit password
- * authentication. */
- int kbd_interactive_authentication; /* If true, permit */
---- a/sshd_config
-+++ b/sshd_config
-@@ -69,6 +69,7 @@
- # GSSAPI options
- #GSSAPIAuthentication no
- #GSSAPICleanupCredentials yes
-+#GSSAPIStrictAcceptorCheck yes
-
- # Set this to 'yes' to enable PAM authentication, account processing,
- # and session processing. If this is enabled, PAM authentication will
---- a/sshd_config.5
-+++ b/sshd_config.5
-@@ -386,6 +386,21 @@ on logout.
- The default is
- .Dq yes .
- Note that this option applies to protocol version 2 only.
-+.It Cm GSSAPIStrictAcceptorCheck
-+Determines whether to be strict about the identity of the GSSAPI acceptor
-+a client authenticates against.
-+If set to
-+.Dq yes
-+then the client must authenticate against the
-+.Pa host
-+service on the current hostname.
-+If set to
-+.Dq no
-+then the client may authenticate against any service key stored in the
-+machine's default store.
-+This facility is provided to assist with operation on multi homed machines.
-+The default is
-+.Dq yes .
- .It Cm HostbasedAuthentication
- Specifies whether rhosts or /etc/hosts.equiv authentication together
- with successful public key client host authentication is allowed
diff --git a/net-misc/openssh/files/openssh-6.7_p1-x509-glue.patch
b/net-misc/openssh/files/openssh-6.7_p1-x509-glue.patch
deleted file mode 100644
index 71b9c51..0000000
--- a/net-misc/openssh/files/openssh-6.7_p1-x509-glue.patch
+++ /dev/null
@@ -1,46 +0,0 @@
---- openssh-6.7p1.orig/sshd_config.5 2014-11-24 10:24:29.356244415 -0800
-+++ openssh-6.7p1/sshd_config.5 2014-11-24 10:23:49.415029039 -0800
-@@ -610,21 +610,6 @@
- The default is
- .Dq yes .
- Note that this option applies to protocol version 2 only.
--.It Cm GSSAPIStrictAcceptorCheck
--Determines whether to be strict about the identity of the GSSAPI acceptor
--a client authenticates against.
--If set to
--.Dq yes
--then the client must authenticate against the
--.Pa host
--service on the current hostname.
--If set to
--.Dq no
--then the client may authenticate against any service key stored in the
--machine's default store.
--This facility is provided to assist with operation on multi homed machines.
--The default is
--.Dq yes .
- .It Cm HostbasedAuthentication
- Specifies whether rhosts or /etc/hosts.equiv authentication together
- with successful public key client host authentication is allowed
-@@ -651,6 +636,21 @@
- attempting to resolve the name from the TCP connection itself.
- The default is
- .Dq no .
-+.It Cm GSSAPIStrictAcceptorCheck
-+Determines whether to be strict about the identity of the GSSAPI acceptor
-+a client authenticates against.
-+If set to
-+.Dq yes
-+then the client must authenticate against the
-+.Pa host
-+service on the current hostname.
-+If set to
-+.Dq no
-+then the client may authenticate against any service key stored in the
-+machine's default store.
-+This facility is provided to assist with operation on multi homed machines.
-+The default is
-+.Dq yes .
- .It Cm HostCertificate
- Specifies a file containing a public host certificate.
- The certificate's public key must match a private host key already specified
diff --git a/net-misc/openssh/files/openssh-6.7_p1-xmalloc-include.patch
b/net-misc/openssh/files/openssh-6.7_p1-xmalloc-include.patch
deleted file mode 100644
index 170031d..0000000
--- a/net-misc/openssh/files/openssh-6.7_p1-xmalloc-include.patch
+++ /dev/null
@@ -1,11 +0,0 @@
-diff -ur openssh-6.7p1.orig/ssh-rsa.c openssh-6.7p1/ssh-rsa.c
---- openssh-6.7p1.orig/ssh-rsa.c 2015-02-24 14:52:54.512197868 -0800
-+++ openssh-6.7p1/ssh-rsa.c 2015-02-27 11:48:54.173951646 -0800
-@@ -34,6 +34,7 @@
- #include "sshkey.h"
- #include "digest.h"
- #include "evp-compat.h"
-+#include "xmalloc.h"
-
- /*NOTE: Do not define USE_LEGACY_RSA_... if build
- is with FIPS capable OpenSSL */
diff --git a/net-misc/openssh/files/openssh-6.8_p1-sctp-x509-glue.patch
b/net-misc/openssh/files/openssh-6.8_p1-sctp-x509-glue.patch
deleted file mode 100644
index 7b12e9a..0000000
--- a/net-misc/openssh/files/openssh-6.8_p1-sctp-x509-glue.patch
+++ /dev/null
@@ -1,90 +0,0 @@
---- openssh-6.8_p1-sctp.patch.orig 2015-03-18 17:52:40.563506822 -0700
-+++ openssh-6.8_p1-sctp.patch 2015-03-18 18:14:30.919753194 -0700
-@@ -184,34 +184,6 @@
- int port; /* Port to connect. */
- int address_family;
- int connection_attempts; /* Max attempts (seconds) before
----- a/scp.1
--+++ b/scp.1
--@@ -19,7 +19,7 @@
-- .Sh SYNOPSIS
-- .Nm scp
-- .Bk -words
---.Op Fl 12346BCpqrv
--+.Op Fl 12346BCpqrvz
-- .Op Fl c Ar cipher
-- .Op Fl F Ar ssh_config
-- .Op Fl i Ar identity_file
--@@ -178,6 +178,7 @@ For full details of the options listed b
-- .It ServerAliveCountMax
-- .It StrictHostKeyChecking
-- .It TCPKeepAlive
--+.It Transport
-- .It UpdateHostKeys
-- .It UsePrivilegedPort
-- .It User
--@@ -218,6 +219,8 @@ and
-- to print debugging messages about their progress.
-- This is helpful in
-- debugging connection, authentication, and configuration problems.
--+.It Fl z
--+Use the SCTP protocol for connection instead of TCP which is the default.
-- .El
-- .Sh EXIT STATUS
-- .Ex -std scp
- --- a/scp.c
- +++ b/scp.c
- @@ -395,7 +395,11 @@ main(int argc, char **argv)
-@@ -471,34 +443,6 @@
- int protocol; /* Supported protocol versions. */
- struct ForwardOptions fwd_opts; /* forwarding options */
- SyslogFacility log_facility; /* Facility for system logging. */
----- a/ssh.1
--+++ b/ssh.1
--@@ -43,7 +43,7 @@
-- .Sh SYNOPSIS
-- .Nm ssh
-- .Bk -words
---.Op Fl 1246AaCfGgKkMNnqsTtVvXxYy
--+.Op Fl 1246AaCfGgKkMNnqsTtVvXxYyz
-- .Op Fl b Ar bind_address
-- .Op Fl c Ar cipher_spec
-- .Op Fl D Oo Ar bind_address : Oc Ns Ar port
--@@ -473,6 +473,7 @@ For full details of the options listed b
-- .It StreamLocalBindUnlink
-- .It StrictHostKeyChecking
-- .It TCPKeepAlive
--+.It Transport
-- .It Tunnel
-- .It TunnelDevice
-- .It UsePrivilegedPort
--@@ -665,6 +666,8 @@ Trusted X11 forwardings are not subjecte
-- controls.
-- .It Fl y
-- Send log information using the
--+.It Fl z
--+Use the SCTP protocol for connection instead of TCP which is the default.
-- .Xr syslog 3
-- system module.
-- By default this information is sent to stderr.
- --- a/ssh.c
- +++ b/ssh.c
- @@ -194,12 +194,17 @@ extern int muxserver_sock;
-@@ -520,13 +464,11 @@
- " [-D [bind_address:]port] [-E log_file] [-e escape_char]\n"
- " [-F configfile] [-I pkcs11] [-i identity_file]\n"
- " [-L [bind_address:]port:host:hostport] [-l login_name] [-m
mac_spec]\n"
--@@ -506,7 +512,7 @@ main(int ac, char **av)
-- argv0 = av[0];
-+@@ -506,4 +512,4 @@ main(int ac, char **av)
-
-- again:
--- while ((opt = getopt(ac, av, "1246ab:c:e:fgi:kl:m:no:p:qstvx"
--+ while ((opt = getopt(ac, av, "1246ab:c:e:fgi:kl:m:no:p:qstvx" SCTP_OPT
-- "ACD:E:F:GI:KL:MNO:PQ:R:S:TVw:W:XYy")) != -1) {
-+- while ((opt = getopt(ac, av, "1246ab:c:de:fgi:kl:m:no:p:qstvx"
-++ while ((opt = getopt(ac, av, "1246ab:c:de:fgi:kl:m:no:p:qstvx" SCTP_OPT
-+ "ACD:E:F:" ENGCONFIG "I:KL:MNO:PQ:R:S:TVw:W:XYy")) != -1) {
- switch (opt) {
- case '1':
- @@ -732,6 +738,11 @@ main(int ac, char **av)
diff --git a/net-misc/openssh/files/openssh-6.8_p1-ssh-keygen-no-ssh1.patch
b/net-misc/openssh/files/openssh-6.8_p1-ssh-keygen-no-ssh1.patch
deleted file mode 100644
index e14a728..0000000
--- a/net-misc/openssh/files/openssh-6.8_p1-ssh-keygen-no-ssh1.patch
+++ /dev/null
@@ -1,40 +0,0 @@
-https://bugs.gentoo.org/544078
-https://bugzilla.mindrot.org/show_bug.cgi?id=2369
-
-From 117c961c8d1f0537973df5a6a937389b4b7b61b4 Mon Sep 17 00:00:00 2001
-From: "d...@openbsd.org" <d...@openbsd.org>
-Date: Mon, 23 Mar 2015 06:06:38 +0000
-Subject: [PATCH] upstream commit
-
-for ssh-keygen -A, don't try (and fail) to generate ssh
- v.1 keys when compiled without SSH1 support RSA/DSA/ECDSA keys when compiled
- without OpenSSL based on patch by Mike Frysinger; bz#2369
----
- ssh-keygen.c | 8 ++++++--
- 1 file changed, 6 insertions(+), 2 deletions(-)
-
-diff --git a/ssh-keygen.c b/ssh-keygen.c
-index a3c2362..96dd8b4 100644
---- a/ssh-keygen.c
-+++ b/ssh-keygen.c
-@@ -948,12 +948,16 @@ do_gen_all_hostkeys(struct passwd *pw)
- char *key_type_display;
- char *path;
- } key_types[] = {
-+#ifdef WITH_OPENSSL
-+#ifdef WITH_SSH1
- { "rsa1", "RSA1", _PATH_HOST_KEY_FILE },
-+#endif /* WITH_SSH1 */
- { "rsa", "RSA" ,_PATH_HOST_RSA_KEY_FILE },
- { "dsa", "DSA", _PATH_HOST_DSA_KEY_FILE },
- #ifdef OPENSSL_HAS_ECC
- { "ecdsa", "ECDSA",_PATH_HOST_ECDSA_KEY_FILE },
--#endif
-+#endif /* OPENSSL_HAS_ECC */
-+#endif /* WITH_OPENSSL */
- { "ed25519", "ED25519",_PATH_HOST_ED25519_KEY_FILE },
- { NULL, NULL, NULL }
- };
---
-2.3.3
-
diff --git a/net-misc/openssh/files/openssh-6.8_p1-sshd-gssapi-multihomed.patch
b/net-misc/openssh/files/openssh-6.8_p1-sshd-gssapi-multihomed.patch
deleted file mode 100644
index 48fce1e..0000000
--- a/net-misc/openssh/files/openssh-6.8_p1-sshd-gssapi-multihomed.patch
+++ /dev/null
@@ -1,162 +0,0 @@
-https://bugs.gentoo.org/378361
-https://bugzilla.mindrot.org/show_bug.cgi?id=928
-
---- a/gss-serv.c
-+++ b/gss-serv.c
-@@ -41,9 +41,12 @@
- #include "channels.h"
- #include "session.h"
- #include "misc.h"
-+#include "servconf.h"
-
- #include "ssh-gss.h"
-
-+extern ServerOptions options;
-+
- static ssh_gssapi_client gssapi_client =
- { GSS_C_EMPTY_BUFFER, GSS_C_EMPTY_BUFFER,
- GSS_C_NO_CREDENTIAL, NULL, {NULL, NULL, NULL, NULL}};
-@@ -77,25 +80,32 @@ ssh_gssapi_acquire_cred(Gssctxt *ctx)
- char lname[NI_MAXHOST];
- gss_OID_set oidset;
-
-- gss_create_empty_oid_set(&status, &oidset);
-- gss_add_oid_set_member(&status, ctx->oid, &oidset);
--
-- if (gethostname(lname, sizeof(lname))) {
-- gss_release_oid_set(&status, &oidset);
-- return (-1);
-- }
-+ if (options.gss_strict_acceptor) {
-+ gss_create_empty_oid_set(&status, &oidset);
-+ gss_add_oid_set_member(&status, ctx->oid, &oidset);
-+
-+ if (gethostname(lname, MAXHOSTNAMELEN)) {
-+ gss_release_oid_set(&status, &oidset);
-+ return (-1);
-+ }
-+
-+ if (GSS_ERROR(ssh_gssapi_import_name(ctx, lname))) {
-+ gss_release_oid_set(&status, &oidset);
-+ return (ctx->major);
-+ }
-+
-+ if ((ctx->major = gss_acquire_cred(&ctx->minor,
-+ ctx->name, 0, oidset, GSS_C_ACCEPT, &ctx->creds,
-+ NULL, NULL)))
-+ ssh_gssapi_error(ctx);
-
-- if (GSS_ERROR(ssh_gssapi_import_name(ctx, lname))) {
- gss_release_oid_set(&status, &oidset);
- return (ctx->major);
-+ } else {
-+ ctx->name = GSS_C_NO_NAME;
-+ ctx->creds = GSS_C_NO_CREDENTIAL;
- }
--
-- if ((ctx->major = gss_acquire_cred(&ctx->minor,
-- ctx->name, 0, oidset, GSS_C_ACCEPT, &ctx->creds, NULL, NULL)))
-- ssh_gssapi_error(ctx);
--
-- gss_release_oid_set(&status, &oidset);
-- return (ctx->major);
-+ return GSS_S_COMPLETE;
- }
-
- /* Privileged */
---- a/servconf.c
-+++ b/servconf.c
-@@ -86,6 +86,7 @@ initialize_server_options(ServerOptions
- options->kerberos_get_afs_token = -1;
- options->gss_authentication=-1;
- options->gss_cleanup_creds = -1;
-+ options->gss_strict_acceptor = -1;
- options->password_authentication = -1;
- options->kbd_interactive_authentication = -1;
- options->challenge_response_authentication = -1;
-@@ -200,6 +201,8 @@ fill_default_server_options(ServerOption
- options->gss_authentication = 0;
- if (options->gss_cleanup_creds == -1)
- options->gss_cleanup_creds = 1;
-+ if (options->gss_strict_acceptor == -1)
-+ options->gss_strict_acceptor = 0;
- if (options->password_authentication == -1)
- options->password_authentication = 1;
- if (options->kbd_interactive_authentication == -1)
-@@ -277,7 +280,8 @@ typedef enum {
- sBanner, sUseDNS, sHostbasedAuthentication,
- sHostbasedUsesNameFromPacketOnly, sHostbasedAcceptedKeyTypes,
- sClientAliveInterval, sClientAliveCountMax, sAuthorizedKeysFile,
-- sGssAuthentication, sGssCleanupCreds, sAcceptEnv, sPermitTunnel,
-+ sGssAuthentication, sGssCleanupCreds, sGssStrictAcceptor,
-+ sAcceptEnv, sPermitTunnel,
- sMatch, sPermitOpen, sForceCommand, sChrootDirectory,
- sUsePrivilegeSeparation, sAllowAgentForwarding,
- sHostCertificate,
-@@ -327,9 +331,11 @@ static struct {
- #ifdef GSSAPI
- { "gssapiauthentication", sGssAuthentication, SSHCFG_ALL },
- { "gssapicleanupcredentials", sGssCleanupCreds, SSHCFG_GLOBAL },
-+ { "gssapistrictacceptorcheck", sGssStrictAcceptor, SSHCFG_GLOBAL },
- #else
- { "gssapiauthentication", sUnsupported, SSHCFG_ALL },
- { "gssapicleanupcredentials", sUnsupported, SSHCFG_GLOBAL },
-+ { "gssapistrictacceptorcheck", sUnsupported, SSHCFG_GLOBAL },
- #endif
- { "passwordauthentication", sPasswordAuthentication, SSHCFG_ALL },
- { "kbdinteractiveauthentication", sKbdInteractiveAuthentication,
SSHCFG_ALL },
-@@ -850,6 +856,10 @@ process_server_config_line(ServerOptions
-
- case sGssCleanupCreds:
- intptr = &options->gss_cleanup_creds;
-+ goto parse_flag;
-+
-+ case sGssStrictAcceptor:
-+ intptr = &options->gss_strict_acceptor;
- goto parse_flag;
-
- case sPasswordAuthentication:
---- a/servconf.h
-+++ b/servconf.h
-@@ -92,6 +92,7 @@ typedef struct {
- * authenticated with Kerberos.
*/
- int gss_authentication; /* If true, permit GSSAPI
authentication */
- int gss_cleanup_creds; /* If true, destroy cred cache on
logout */
-+ int gss_strict_acceptor; /* If true, restrict the GSSAPI
acceptor name */
- int password_authentication; /* If true, permit password
- * authentication. */
- int kbd_interactive_authentication; /* If true, permit */
---- a/sshd_config
-+++ b/sshd_config
-@@ -69,6 +69,7 @@
- # GSSAPI options
- #GSSAPIAuthentication no
- #GSSAPICleanupCredentials yes
-+#GSSAPIStrictAcceptorCheck yes
-
- # Set this to 'yes' to enable PAM authentication, account processing,
- # and session processing. If this is enabled, PAM authentication will
---- a/sshd_config.5
-+++ b/sshd_config.5
-@@ -386,6 +386,21 @@ on logout.
- The default is
- .Dq yes .
- Note that this option applies to protocol version 2 only.
-+.It Cm GSSAPIStrictAcceptorCheck
-+Determines whether to be strict about the identity of the GSSAPI acceptor
-+a client authenticates against.
-+If set to
-+.Dq yes
-+then the client must authenticate against the
-+.Pa host
-+service on the current hostname.
-+If set to
-+.Dq no
-+then the client may authenticate against any service key stored in the
-+machine's default store.
-+This facility is provided to assist with operation on multi homed machines.
-+The default is
-+.Dq yes .
- .It Cm HostbasedAcceptedKeyTypes
- Specifies the key types that will be accepted for hostbased authentication
- as a comma-separated pattern list.
diff --git a/net-misc/openssh/files/openssh-6.8_p1-teraterm-hpn-glue.patch
b/net-misc/openssh/files/openssh-6.8_p1-teraterm-hpn-glue.patch
deleted file mode 100644
index e72b1e6..0000000
--- a/net-misc/openssh/files/openssh-6.8_p1-teraterm-hpn-glue.patch
+++ /dev/null
@@ -1,15 +0,0 @@
---- a/0005-support-dynamically-sized-receive-buffers.patch
-+++ b/0005-support-dynamically-sized-receive-buffers.patch
-@@ -411,10 +411,10 @@ index af2f007..41b782b 100644
- --- a/compat.h
- +++ b/compat.h
- @@ -60,6 +60,7 @@
-- #define SSH_NEW_OPENSSH 0x04000000
- #define SSH_BUG_DYNAMIC_RPORT 0x08000000
- #define SSH_BUG_CURVE25519PAD 0x10000000
--+#define SSH_BUG_LARGEWINDOW 0x20000000
-+ #define SSH_BUG_HOSTKEYS 0x20000000
-++#define SSH_BUG_LARGEWINDOW 0x40000000
-
- void enable_compat13(void);
- void enable_compat20(void);
diff --git a/net-misc/openssh/files/openssh-6.8_p1-teraterm.patch
b/net-misc/openssh/files/openssh-6.8_p1-teraterm.patch
deleted file mode 100644
index f99e92f..0000000
--- a/net-misc/openssh/files/openssh-6.8_p1-teraterm.patch
+++ /dev/null
@@ -1,69 +0,0 @@
-https://bugs.gentoo.org/547944
-
-From d8f391caef62378463a0e6b36f940170dadfe605 Mon Sep 17 00:00:00 2001
-From: "dtuc...@openbsd.org" <dtuc...@openbsd.org>
-Date: Fri, 10 Apr 2015 05:16:50 +0000
-Subject: [PATCH] upstream commit
-
-Don't send hostkey advertisments
- (hostkeys...@openssh.com) to current versions of Tera Term as they can't
- handle them. Newer versions should be OK. Patch from Bryan Drewery and
- IWAMOTO Kouichi, ok djm@
----
- compat.c | 13 ++++++++++++-
- compat.h | 3 ++-
- sshd.c | 6 +++++-
- 3 files changed, 19 insertions(+), 3 deletions(-)
-
-diff --git a/compat.c b/compat.c
-index 2498168..0934de9 100644
---- a/compat.c
-+++ b/compat.c
-@@ -167,6 +167,17 @@ compat_datafellows(const char *version)
- SSH_BUG_SCANNER },
- { "Probe-*",
- SSH_BUG_PROBE },
-+ { "TeraTerm SSH*,"
-+ "TTSSH/1.5.*,"
-+ "TTSSH/2.1*,"
-+ "TTSSH/2.2*,"
-+ "TTSSH/2.3*,"
-+ "TTSSH/2.4*,"
-+ "TTSSH/2.5*,"
-+ "TTSSH/2.6*,"
-+ "TTSSH/2.70*,"
-+ "TTSSH/2.71*,"
-+ "TTSSH/2.72*", SSH_BUG_HOSTKEYS },
- { NULL, 0 }
- };
-
-diff --git a/compat.h b/compat.h
-index af2f007..83507f0 100644
---- a/compat.h
-+++ b/compat.h
-@@ -60,6 +60,7 @@
- #define SSH_NEW_OPENSSH 0x04000000
- #define SSH_BUG_DYNAMIC_RPORT 0x08000000
- #define SSH_BUG_CURVE25519PAD 0x10000000
-+#define SSH_BUG_HOSTKEYS 0x20000000
-
- void enable_compat13(void);
- void enable_compat20(void);
-diff --git a/sshd.c b/sshd.c
-index 6aa17fa..60b0cd4 100644
---- a/sshd.c
-+++ b/sshd.c
-@@ -928,6 +928,10 @@ notify_hostkeys(struct ssh *ssh)
- int i, nkeys, r;
- char *fp;
-
-+ /* Some clients cannot cope with the hostkeys message, skip those. */
-+ if (datafellows & SSH_BUG_HOSTKEYS)
-+ return;
-+
- if ((buf = sshbuf_new()) == NULL)
- fatal("%s: sshbuf_new", __func__);
- for (i = nkeys = 0; i < options.num_host_key_files; i++) {
---
-2.3.6
-
diff --git a/net-misc/openssh/openssh-6.7_p1-r4.ebuild
b/net-misc/openssh/openssh-6.7_p1-r4.ebuild
deleted file mode 100644
index 3398875..0000000
--- a/net-misc/openssh/openssh-6.7_p1-r4.ebuild
+++ /dev/null
@@ -1,323 +0,0 @@
-# Copyright 1999-2015 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Id$
-
-EAPI="4"
-inherit eutils user flag-o-matic multilib autotools pam systemd versionator
-
-# Make it more portable between straight releases
-# and _p? releases.
-PARCH=${P/_}
-
-HPN_PATCH="${PN}-6.7p1-hpnssh14v5.tar.xz"
-LDAP_PATCH="${PN}-lpk-6.7p1-0.3.14.patch.xz"
-X509_VER="8.2" X509_PATCH="${PARCH}+x509-${X509_VER}.diff.gz"
-
-DESCRIPTION="Port of OpenBSD's free SSH release"
-HOMEPAGE="http://www.openssh.org/";
-SRC_URI="mirror://openbsd/OpenSSH/portable/${PARCH}.tar.gz
- mirror://gentoo/${P}-sctp.patch.xz
- ${HPN_PATCH:+hpn? (
- mirror://gentoo/${HPN_PATCH}
- https://dev.gentoo.org/~vapier/dist/${HPN_PATCH}
- mirror://sourceforge/hpnssh/${HPN_PATCH}
- )}
- ${LDAP_PATCH:+ldap? ( mirror://gentoo/${LDAP_PATCH} )}
- ${X509_PATCH:+X509? (
http://roumenpetrov.info/openssh/x509-${X509_VER}/${X509_PATCH} )}
- "
-
-LICENSE="BSD GPL-2"
-SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390
~sh ~sparc ~x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~arm-linux ~x86-linux"
-IUSE="bindist ${HPN_PATCH:++}hpn kerberos kernel_linux ldap ldns libedit pam
+pie sctp selinux skey static X X509"
-REQUIRED_USE="pie? ( !static )"
-
-LIB_DEPEND="sctp? ( net-misc/lksctp-tools[static-libs(+)] )
- selinux? ( >=sys-libs/libselinux-1.28[static-libs(+)] )
- skey? ( >=sys-auth/skey-1.1.5-r1[static-libs(+)] )
- libedit? ( dev-libs/libedit[static-libs(+)] )
- >=dev-libs/openssl-0.9.6d:0[bindist=]
- dev-libs/openssl[static-libs(+)]
- >=sys-libs/zlib-1.2.3[static-libs(+)]"
-RDEPEND="
- !static? (
- ${LIB_DEPEND//\[static-libs(+)]}
- ldns? (
- !bindist? ( net-libs/ldns[ecdsa,ssl] )
- bindist? ( net-libs/ldns[-ecdsa,ssl] )
- )
- )
- pam? ( virtual/pam )
- kerberos? ( virtual/krb5 )
- ldap? ( net-nds/openldap )"
-DEPEND="${RDEPEND}
- static? (
- ${LIB_DEPEND}
- ldns? (
- !bindist? ( net-libs/ldns[ecdsa,ssl,static-libs(+)] )
- bindist? ( net-libs/ldns[-ecdsa,ssl,static-libs(+)] )
- )
- )
- virtual/pkgconfig
- virtual/os-headers
- sys-devel/autoconf"
-RDEPEND="${RDEPEND}
- pam? ( >=sys-auth/pambase-20081028 )
- userland_GNU? ( virtual/shadow )
- X? ( x11-apps/xauth )"
-
-S=${WORKDIR}/${PARCH}
-
-pkg_setup() {
- # this sucks, but i'd rather have people unable to `emerge -u openssh`
- # than not be able to log in to their server any more
- maybe_fail() { [[ -z ${!2} ]] && echo "$1" ; }
- local fail="
- $(use X509 && maybe_fail X509 X509_PATCH)
- $(use ldap && maybe_fail ldap LDAP_PATCH)
- $(use hpn && maybe_fail hpn HPN_PATCH)
- "
- fail=$(echo ${fail})
- if [[ -n ${fail} ]] ; then
- eerror "Sorry, but this version does not yet support features"
- eerror "that you requested: ${fail}"
- eerror "Please mask ${PF} for now and check back later:"
- eerror " # echo '=${CATEGORY}/${PF}' >>
/etc/portage/package.mask"
- die "booooo"
- fi
-}
-
-save_version() {
- # version.h patch conflict avoidence
- mv version.h version.h.$1
- cp -f version.h.pristine version.h
-}
-
-src_prepare() {
- sed -i \
- -e
"/_PATH_XAUTH/s:/usr/X11R6/bin/xauth:${EPREFIX}/usr/bin/xauth:" \
- pathnames.h || die
- # keep this as we need it to avoid the conflict between LPK and HPN
changing
- # this file.
- cp version.h version.h.pristine
-
- # don't break .ssh/authorized_keys2 for fun
- sed -i '/^AuthorizedKeysFile/s:^:#:' sshd_config || die
-
- epatch "${FILESDIR}"/${PN}-6.7_p1-sshd-gssapi-multihomed.patch #378361
- if use X509 ; then
- pushd .. >/dev/null
- epatch "${FILESDIR}"/${P}-x509-glue.patch
- epatch "${FILESDIR}"/${P}-sctp-x509-glue.patch
- popd >/dev/null
- epatch "${WORKDIR}"/${X509_PATCH%.*}
- epatch "${FILESDIR}"/${PN}-6.3_p1-x509-hpn14v2-glue.patch
- epatch "${FILESDIR}"/${PN}-6.7_p1-xmalloc-include.patch
- save_version X509
- fi
- if ! use X509 ; then
- if [[ -n ${LDAP_PATCH} ]] && use ldap ; then
- epatch "${WORKDIR}"/${LDAP_PATCH%.*}
- save_version LPK
- fi
- else
- use ldap && ewarn "Sorry, X509 and LDAP conflict internally,
disabling LDAP"
- fi
- epatch "${FILESDIR}"/${PN}-4.7_p1-GSSAPI-dns.patch #165444 integrated
into gsskex
- epatch "${FILESDIR}"/${PN}-6.7_p1-openssl-ignore-status.patch
- epatch "${WORKDIR}"/${PN}-6.7_p1-sctp.patch
- if [[ -n ${HPN_PATCH} ]] && use hpn; then
- epatch "${WORKDIR}"/${HPN_PATCH%.*}/*
- save_version HPN
- fi
-
- tc-export PKG_CONFIG
- local sed_args=(
- -e "s:-lcrypto:$(${PKG_CONFIG} --libs openssl):"
- # Disable PATH reset, trust what portage gives us #254615
- -e 's:^PATH=/:#PATH=/:'
- # Disable fortify flags ... our gcc does this for us
- -e 's:-D_FORTIFY_SOURCE=2::'
- )
- # The -ftrapv flag ICEs on hppa #505182
- use hppa && sed_args+=(
- -e '/CFLAGS/s:-ftrapv:-fdisable-this-test:'
- -e '/OSSH_CHECK_CFLAG_LINK.*-ftrapv/d'
- )
- sed -i "${sed_args[@]}" configure{.ac,} || die
-
- epatch_user #473004
-
- # Now we can build a sane merged version.h
- (
- sed '/^#define SSH_RELEASE/d' version.h.* | sort -u
- macros=()
- for p in HPN LPK X509 ; do [ -e version.h.${p} ] && macros+=(
SSH_${p} ) ; done
- printf '#define SSH_RELEASE SSH_VERSION SSH_PORTABLE %s\n'
"${macros}"
- ) > version.h
-
- eautoreconf
-}
-
-static_use_with() {
- local flag=$1
- if use static && use ${flag} ; then
- ewarn "Disabling '${flag}' support because of USE='static'"
- # rebuild args so that we invert the first one (USE flag)
- # but otherwise leave everything else working so we can
- # just leverage use_with
- shift
- [[ -z $1 ]] && flag="${flag} ${flag}"
- set -- !${flag} "$@"
- fi
- use_with "$@"
-}
-
-src_configure() {
- local myconf=()
- addwrite /dev/ptmx
-
- use static && append-ldflags -static
-
- # Special settings for Gentoo/FreeBSD 9.0 or later (see bug #391011)
- if use elibc_FreeBSD && version_is_at_least 9.0 "$(uname -r|sed
's/\(.\..\).*/\1/')" ; then
- myconf+=( --disable-utmp --disable-wtmp --disable-wtmpx )
- append-ldflags -lutil
- fi
-
- econf \
- --with-ldflags="${LDFLAGS}" \
- --disable-strip \
- --with-pid-dir="${EPREFIX}"$(usex kernel_linux '' '/var')/run \
- --sysconfdir="${EPREFIX}"/etc/ssh \
- --libexecdir="${EPREFIX}"/usr/$(get_libdir)/misc \
- --datadir="${EPREFIX}"/usr/share/openssh \
- --with-privsep-path="${EPREFIX}"/var/empty \
- --with-privsep-user=sshd \
- --with-md5-passwords \
- --with-ssl-engine \
- $(static_use_with pam) \
- $(static_use_with kerberos kerberos5 "${EPREFIX}"/usr) \
- ${LDAP_PATCH:+$(use X509 || ( use ldap && use_with ldap ))} \
- $(use_with ldns) \
- $(use_with libedit) \
- $(use_with pie) \
- $(use_with sctp) \
- $(use_with selinux) \
- $(use_with skey) \
- "${myconf[@]}"
-}
-
-src_install() {
- emake install-nokeys DESTDIR="${D}"
- fperms 600 /etc/ssh/sshd_config
- dobin contrib/ssh-copy-id
- newinitd "${FILESDIR}"/sshd.rc6.4 sshd
- newconfd "${FILESDIR}"/sshd.confd sshd
- keepdir /var/empty
-
- # not all openssl installs support ecc, or are functional #352645
- if ! grep -q '#define OPENSSL_HAS_ECC 1' config.h ; then
- elog "dev-libs/openssl was built with 'bindist' - disabling
ecdsa support"
- sed -i 's:&& gen_key ecdsa::' "${ED}"/etc/init.d/sshd || die
- fi
-
- newpamd "${FILESDIR}"/sshd.pam_include.2 sshd
- if use pam ; then
- sed -i \
- -e "/^#UsePAM /s:.*:UsePAM yes:" \
- -e "/^#PasswordAuthentication
/s:.*:PasswordAuthentication no:" \
- -e "/^#PrintMotd /s:.*:PrintMotd no:" \
- -e "/^#PrintLastLog /s:.*:PrintLastLog no:" \
- "${ED}"/etc/ssh/sshd_config || die "sed of
configuration file failed"
- fi
-
- # Gentoo tweaks to default config files
- cat <<-EOF >> "${ED}"/etc/ssh/sshd_config
-
- # Allow client to pass locale environment variables #367017
- AcceptEnv LANG LC_*
- EOF
- cat <<-EOF >> "${ED}"/etc/ssh/ssh_config
-
- # Send locale environment variables #367017
- SendEnv LANG LC_*
- EOF
-
- # This instruction is from the HPN webpage,
- # Used for the server logging functionality
- if [[ -n ${HPN_PATCH} ]] && use hpn ; then
- keepdir /var/empty/dev
- fi
-
- if ! use X509 && [[ -n ${LDAP_PATCH} ]] && use ldap ; then
- insinto /etc/openldap/schema/
- newins openssh-lpk_openldap.schema openssh-lpk.schema
- fi
-
- doman contrib/ssh-copy-id.1
- dodoc ChangeLog CREDITS OVERVIEW README* TODO sshd_config
-
- diropts -m 0700
- dodir /etc/skel/.ssh
-
- systemd_dounit "${FILESDIR}"/sshd.{service,socket}
- systemd_newunit "${FILESDIR}"/sshd_at.service 'sshd@.service'
-}
-
-src_test() {
- local t tests skipped failed passed shell
- tests="interop-tests compat-tests"
- skipped=""
- shell=$(egetshell ${UID})
- if [[ ${shell} == */nologin ]] || [[ ${shell} == */false ]] ; then
- elog "Running the full OpenSSH testsuite"
- elog "requires a usable shell for the 'portage'"
- elog "user, so we will run a subset only."
- skipped="${skipped} tests"
- else
- tests="${tests} tests"
- fi
- # It will also attempt to write to the homedir .ssh
- local sshhome=${T}/homedir
- mkdir -p "${sshhome}"/.ssh
- for t in ${tests} ; do
- # Some tests read from stdin ...
- HOMEDIR="${sshhome}" \
- emake -k -j1 ${t} </dev/null \
- && passed="${passed}${t} " \
- || failed="${failed}${t} "
- done
- einfo "Passed tests: ${passed}"
- ewarn "Skipped tests: ${skipped}"
- if [[ -n ${failed} ]] ; then
- ewarn "Failed tests: ${failed}"
- die "Some tests failed: ${failed}"
- else
- einfo "Failed tests: ${failed}"
- return 0
- fi
-}
-
-pkg_preinst() {
- enewgroup sshd 22
- enewuser sshd 22 -1 /var/empty sshd
-}
-
-pkg_postinst() {
- if has_version "<${CATEGORY}/${PN}-5.8_p1" ; then
- elog "Starting with openssh-5.8p1, the server will default to a
newer key"
- elog "algorithm (ECDSA). You are encouraged to manually update
your stored"
- elog "keys list as servers update theirs. See ssh-keyscan(1)
for more info."
- fi
- ewarn "Remember to merge your config files in /etc/ssh/ and then"
- ewarn "reload sshd: '/etc/init.d/sshd reload'."
- # This instruction is from the HPN webpage,
- # Used for the server logging functionality
- if [[ -n ${HPN_PATCH} ]] && use hpn ; then
- einfo "For the HPN server logging patch, you must ensure that"
- einfo "your syslog application also listens at
/var/empty/dev/log."
- fi
- elog "Note: openssh-6.7 versions no longer support USE=tcpd as upstream
has"
- elog " dropped it. Make sure to update any configs that you might
have."
-}
diff --git a/net-misc/openssh/openssh-6.7_p1.ebuild
b/net-misc/openssh/openssh-6.7_p1.ebuild
deleted file mode 100644
index cb06aa7..0000000
--- a/net-misc/openssh/openssh-6.7_p1.ebuild
+++ /dev/null
@@ -1,322 +0,0 @@
-# Copyright 1999-2014 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Id$
-
-EAPI="4"
-inherit eutils user flag-o-matic multilib autotools pam systemd versionator
-
-# Make it more portable between straight releases
-# and _p? releases.
-PARCH=${P/_}
-
-HPN_PATCH="${PN}-6.7p1-hpnssh14v5.tar.xz"
-LDAP_PATCH="${PN}-lpk-6.7p1-0.3.14.patch.xz"
-#X509_VER="8.1" X509_PATCH="${PARCH/6.7/6.6}+x509-${X509_VER}.diff.gz"
-
-DESCRIPTION="Port of OpenBSD's free SSH release"
-HOMEPAGE="http://www.openssh.org/";
-SRC_URI="mirror://openbsd/OpenSSH/portable/${PARCH}.tar.gz
- mirror://gentoo/${P}-sctp.patch.xz
- ${HPN_PATCH:+hpn? (
- mirror://gentoo/${HPN_PATCH}
- https://dev.gentoo.org/~vapier/dist/${HPN_PATCH}
- mirror://sourceforge/hpnssh/${HPN_PATCH}
- )}
- ${LDAP_PATCH:+ldap? ( mirror://gentoo/${LDAP_PATCH} )}
- ${X509_PATCH:+X509? (
http://roumenpetrov.info/openssh/x509-${X509_VER}/${X509_PATCH} )}
- "
-
-LICENSE="BSD GPL-2"
-SLOT="0"
-KEYWORDS="alpha amd64 arm arm64 hppa ia64 m68k ~mips ppc ppc64 s390 sh sparc
x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~arm-linux ~x86-linux"
-IUSE="bindist ${HPN_PATCH:++}hpn kerberos ldap ldns libedit pam +pie sctp
selinux skey static X X509"
-REQUIRED_USE="pie? ( !static )"
-
-LIB_DEPEND="sctp? ( net-misc/lksctp-tools[static-libs(+)] )
- selinux? ( >=sys-libs/libselinux-1.28[static-libs(+)] )
- skey? ( >=sys-auth/skey-1.1.5-r1[static-libs(+)] )
- libedit? ( dev-libs/libedit[static-libs(+)] )
- >=dev-libs/openssl-0.9.6d:0[bindist=]
- dev-libs/openssl[static-libs(+)]
- >=sys-libs/zlib-1.2.3[static-libs(+)]"
-RDEPEND="
- !static? (
- ${LIB_DEPEND//\[static-libs(+)]}
- ldns? (
- !bindist? ( net-libs/ldns[ecdsa,ssl] )
- bindist? ( net-libs/ldns[-ecdsa,ssl] )
- )
- )
- pam? ( virtual/pam )
- kerberos? ( virtual/krb5 )
- ldap? ( net-nds/openldap )"
-DEPEND="${RDEPEND}
- static? (
- ${LIB_DEPEND}
- ldns? (
- !bindist? ( net-libs/ldns[ecdsa,ssl,static-libs(+)] )
- bindist? ( net-libs/ldns[-ecdsa,ssl,static-libs(+)] )
- )
- )
- virtual/pkgconfig
- virtual/os-headers
- sys-devel/autoconf"
-RDEPEND="${RDEPEND}
- pam? ( >=sys-auth/pambase-20081028 )
- userland_GNU? ( virtual/shadow )
- X? ( x11-apps/xauth )"
-
-S=${WORKDIR}/${PARCH}
-
-pkg_setup() {
- # this sucks, but i'd rather have people unable to `emerge -u openssh`
- # than not be able to log in to their server any more
- maybe_fail() { [[ -z ${!2} ]] && echo "$1" ; }
- local fail="
- $(use X509 && maybe_fail X509 X509_PATCH)
- $(use ldap && maybe_fail ldap LDAP_PATCH)
- $(use hpn && maybe_fail hpn HPN_PATCH)
- "
- fail=$(echo ${fail})
- if [[ -n ${fail} ]] ; then
- eerror "Sorry, but this version does not yet support features"
- eerror "that you requested: ${fail}"
- eerror "Please mask ${PF} for now and check back later:"
- eerror " # echo '=${CATEGORY}/${PF}' >>
/etc/portage/package.mask"
- die "booooo"
- fi
-}
-
-save_version() {
- # version.h patch conflict avoidence
- mv version.h version.h.$1
- cp -f version.h.pristine version.h
-}
-
-src_prepare() {
- sed -i \
- -e
"/_PATH_XAUTH/s:/usr/X11R6/bin/xauth:${EPREFIX}/usr/bin/xauth:" \
- pathnames.h || die
- # keep this as we need it to avoid the conflict between LPK and HPN
changing
- # this file.
- cp version.h version.h.pristine
-
- # don't break .ssh/authorized_keys2 for fun
- sed -i '/^AuthorizedKeysFile/s:^:#:' sshd_config || die
-
- epatch "${FILESDIR}"/${PN}-6.7_p1-sshd-gssapi-multihomed.patch #378361
- if use X509 ; then
- pushd .. >/dev/null
- epatch "${FILESDIR}"/${PN}-6.6.1_p1-x509-glue.patch
- use hpn && epatch
"${FILESDIR}"/${PN}-6.6.1_p1-x509-hpn14v5-glue.patch
- popd >/dev/null
- epatch "${WORKDIR}"/${X509_PATCH%.*}
- epatch "${FILESDIR}"/${PN}-6.3_p1-x509-hpn14v2-glue.patch
- save_version X509
- fi
- if ! use X509 ; then
- if [[ -n ${LDAP_PATCH} ]] && use ldap ; then
- epatch "${WORKDIR}"/${LDAP_PATCH%.*}
- save_version LPK
- fi
- else
- use ldap && ewarn "Sorry, X509 and LDAP conflict internally,
disabling LDAP"
- fi
- epatch "${FILESDIR}"/${PN}-4.7_p1-GSSAPI-dns.patch #165444 integrated
into gsskex
- epatch "${FILESDIR}"/${PN}-6.7_p1-openssl-ignore-status.patch
- epatch "${WORKDIR}"/${PN}-6.7_p1-sctp.patch
- if [[ -n ${HPN_PATCH} ]] && use hpn; then
- epatch "${WORKDIR}"/${HPN_PATCH%.*}/*
- save_version HPN
- fi
-
- tc-export PKG_CONFIG
- local sed_args=(
- -e "s:-lcrypto:$(${PKG_CONFIG} --libs openssl):"
- # Disable PATH reset, trust what portage gives us #254615
- -e 's:^PATH=/:#PATH=/:'
- # Disable fortify flags ... our gcc does this for us
- -e 's:-D_FORTIFY_SOURCE=2::'
- )
- # The -ftrapv flag ICEs on hppa #505182
- use hppa && sed_args+=(
- -e '/CFLAGS/s:-ftrapv:-fdisable-this-test:'
- -e '/OSSH_CHECK_CFLAG_LINK.*-ftrapv/d'
- )
- sed -i "${sed_args[@]}" configure{.ac,} || die
-
- epatch_user #473004
-
- # Now we can build a sane merged version.h
- (
- sed '/^#define SSH_RELEASE/d' version.h.* | sort -u
- macros=()
- for p in HPN LPK X509 ; do [ -e version.h.${p} ] && macros+=(
SSH_${p} ) ; done
- printf '#define SSH_RELEASE SSH_VERSION SSH_PORTABLE %s\n'
"${macros}"
- ) > version.h
-
- eautoreconf
-}
-
-static_use_with() {
- local flag=$1
- if use static && use ${flag} ; then
- ewarn "Disabling '${flag}' support because of USE='static'"
- # rebuild args so that we invert the first one (USE flag)
- # but otherwise leave everything else working so we can
- # just leverage use_with
- shift
- [[ -z $1 ]] && flag="${flag} ${flag}"
- set -- !${flag} "$@"
- fi
- use_with "$@"
-}
-
-src_configure() {
- local myconf=()
- addwrite /dev/ptmx
-
- use static && append-ldflags -static
-
- # Special settings for Gentoo/FreeBSD 9.0 or later (see bug #391011)
- if use elibc_FreeBSD && version_is_at_least 9.0 "$(uname -r|sed
's/\(.\..\).*/\1/')" ; then
- myconf+=( --disable-utmp --disable-wtmp --disable-wtmpx )
- append-ldflags -lutil
- fi
-
- econf \
- --with-ldflags="${LDFLAGS}" \
- --disable-strip \
- --with-pid-dir="${EPREFIX}"/var/run \
- --sysconfdir="${EPREFIX}"/etc/ssh \
- --libexecdir="${EPREFIX}"/usr/$(get_libdir)/misc \
- --datadir="${EPREFIX}"/usr/share/openssh \
- --with-privsep-path="${EPREFIX}"/var/empty \
- --with-privsep-user=sshd \
- --with-md5-passwords \
- --with-ssl-engine \
- $(static_use_with pam) \
- $(static_use_with kerberos kerberos5 "${EPREFIX}"/usr) \
- ${LDAP_PATCH:+$(use X509 || ( use ldap && use_with ldap ))} \
- $(use_with ldns) \
- $(use_with libedit) \
- $(use_with pie) \
- $(use_with sctp) \
- $(use_with selinux) \
- $(use_with skey) \
- "${myconf[@]}"
-}
-
-src_install() {
- emake install-nokeys DESTDIR="${D}"
- fperms 600 /etc/ssh/sshd_config
- dobin contrib/ssh-copy-id
- newinitd "${FILESDIR}"/sshd.rc6.4 sshd
- newconfd "${FILESDIR}"/sshd.confd sshd
- keepdir /var/empty
-
- # not all openssl installs support ecc, or are functional #352645
- if ! grep -q '#define OPENSSL_HAS_ECC 1' config.h ; then
- elog "dev-libs/openssl was built with 'bindist' - disabling
ecdsa support"
- sed -i 's:&& gen_key ecdsa::' "${ED}"/etc/init.d/sshd || die
- fi
-
- newpamd "${FILESDIR}"/sshd.pam_include.2 sshd
- if use pam ; then
- sed -i \
- -e "/^#UsePAM /s:.*:UsePAM yes:" \
- -e "/^#PasswordAuthentication
/s:.*:PasswordAuthentication no:" \
- -e "/^#PrintMotd /s:.*:PrintMotd no:" \
- -e "/^#PrintLastLog /s:.*:PrintLastLog no:" \
- "${ED}"/etc/ssh/sshd_config || die "sed of
configuration file failed"
- fi
-
- # Gentoo tweaks to default config files
- cat <<-EOF >> "${ED}"/etc/ssh/sshd_config
-
- # Allow client to pass locale environment variables #367017
- AcceptEnv LANG LC_*
- EOF
- cat <<-EOF >> "${ED}"/etc/ssh/ssh_config
-
- # Send locale environment variables #367017
- SendEnv LANG LC_*
- EOF
-
- # This instruction is from the HPN webpage,
- # Used for the server logging functionality
- if [[ -n ${HPN_PATCH} ]] && use hpn ; then
- keepdir /var/empty/dev
- fi
-
- if ! use X509 && [[ -n ${LDAP_PATCH} ]] && use ldap ; then
- insinto /etc/openldap/schema/
- newins openssh-lpk_openldap.schema openssh-lpk.schema
- fi
-
- doman contrib/ssh-copy-id.1
- dodoc ChangeLog CREDITS OVERVIEW README* TODO sshd_config
-
- diropts -m 0700
- dodir /etc/skel/.ssh
-
- systemd_dounit "${FILESDIR}"/sshd.{service,socket}
- systemd_newunit "${FILESDIR}"/sshd_at.service 'sshd@.service'
-}
-
-src_test() {
- local t tests skipped failed passed shell
- tests="interop-tests compat-tests"
- skipped=""
- shell=$(egetshell ${UID})
- if [[ ${shell} == */nologin ]] || [[ ${shell} == */false ]] ; then
- elog "Running the full OpenSSH testsuite"
- elog "requires a usable shell for the 'portage'"
- elog "user, so we will run a subset only."
- skipped="${skipped} tests"
- else
- tests="${tests} tests"
- fi
- # It will also attempt to write to the homedir .ssh
- local sshhome=${T}/homedir
- mkdir -p "${sshhome}"/.ssh
- for t in ${tests} ; do
- # Some tests read from stdin ...
- HOMEDIR="${sshhome}" \
- emake -k -j1 ${t} </dev/null \
- && passed="${passed}${t} " \
- || failed="${failed}${t} "
- done
- einfo "Passed tests: ${passed}"
- ewarn "Skipped tests: ${skipped}"
- if [[ -n ${failed} ]] ; then
- ewarn "Failed tests: ${failed}"
- die "Some tests failed: ${failed}"
- else
- einfo "Failed tests: ${failed}"
- return 0
- fi
-}
-
-pkg_preinst() {
- enewgroup sshd 22
- enewuser sshd 22 -1 /var/empty sshd
-}
-
-pkg_postinst() {
- if has_version "<${CATEGORY}/${PN}-5.8_p1" ; then
- elog "Starting with openssh-5.8p1, the server will default to a
newer key"
- elog "algorithm (ECDSA). You are encouraged to manually update
your stored"
- elog "keys list as servers update theirs. See ssh-keyscan(1)
for more info."
- fi
- ewarn "Remember to merge your config files in /etc/ssh/ and then"
- ewarn "reload sshd: '/etc/init.d/sshd reload'."
- # This instruction is from the HPN webpage,
- # Used for the server logging functionality
- if [[ -n ${HPN_PATCH} ]] && use hpn ; then
- einfo "For the HPN server logging patch, you must ensure that"
- einfo "your syslog application also listens at
/var/empty/dev/log."
- fi
- elog "Note: openssh-6.7 versions no longer support USE=tcpd as upstream
has"
- elog " dropped it. Make sure to update any configs that you might
have."
-}
diff --git a/net-misc/openssh/openssh-6.8_p1-r5.ebuild
b/net-misc/openssh/openssh-6.8_p1-r5.ebuild
deleted file mode 100644
index ed55efd..0000000
--- a/net-misc/openssh/openssh-6.8_p1-r5.ebuild
+++ /dev/null
@@ -1,331 +0,0 @@
-# Copyright 1999-2015 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Id$
-
-EAPI="4"
-inherit eutils user flag-o-matic multilib autotools pam systemd versionator
-
-# Make it more portable between straight releases
-# and _p? releases.
-PARCH=${P/_}
-
-HPN_PATCH="${PN}-6.8p1-r5-hpnssh14v5.tar.xz"
-LDAP_PATCH="${PN}-lpk-6.8p1-0.3.14.patch.xz"
-X509_VER="8.3.1" X509_PATCH="${PARCH}+x509-${X509_VER}.diff.gz"
-
-DESCRIPTION="Port of OpenBSD's free SSH release"
-HOMEPAGE="http://www.openssh.org/";
-SRC_URI="mirror://openbsd/OpenSSH/portable/${PARCH}.tar.gz
- mirror://gentoo/${P}-sctp.patch.xz
- ${HPN_PATCH:+hpn? (
- mirror://gentoo/${HPN_PATCH}
- https://dev.gentoo.org/~vapier/dist/${HPN_PATCH}
- mirror://sourceforge/hpnssh/${HPN_PATCH}
- )}
- ${LDAP_PATCH:+ldap? ( mirror://gentoo/${LDAP_PATCH} )}
- ${X509_PATCH:+X509? (
- http://roumenpetrov.info/openssh/x509-${X509_VER}/${X509_PATCH}
- mirror://gentoo/${P}-x509-${X509_VER}-glue.patch.xz
- )}
- "
-
-LICENSE="BSD GPL-2"
-SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390
~sh ~sparc ~x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~arm-linux ~x86-linux"
-# Probably want to drop ssh1/ssl defaulting to on in a future version.
-IUSE="bindist debug ${HPN_PATCH:++}hpn kerberos kernel_linux ldap ldns libedit
pam +pie sctp selinux skey +ssh1 +ssl static X X509"
-REQUIRED_USE="pie? ( !static )
- ssh1? ( ssl )
- static? ( !kerberos !pam )
- X509? ( !ldap ssl )"
-
-LIB_DEPEND="sctp? ( net-misc/lksctp-tools[static-libs(+)] )
- selinux? ( >=sys-libs/libselinux-1.28[static-libs(+)] )
- skey? ( >=sys-auth/skey-1.1.5-r1[static-libs(+)] )
- libedit? ( dev-libs/libedit[static-libs(+)] )
- ssl? (
- >=dev-libs/openssl-0.9.6d:0[bindist=]
- dev-libs/openssl[static-libs(+)]
- )
- >=sys-libs/zlib-1.2.3[static-libs(+)]"
-RDEPEND="
- !static? (
- ${LIB_DEPEND//\[static-libs(+)]}
- ldns? (
- !bindist? ( net-libs/ldns[ecdsa,ssl] )
- bindist? ( net-libs/ldns[-ecdsa,ssl] )
- )
- )
- pam? ( virtual/pam )
- kerberos? ( virtual/krb5 )
- ldap? ( net-nds/openldap )"
-DEPEND="${RDEPEND}
- static? (
- ${LIB_DEPEND}
- ldns? (
- !bindist? ( net-libs/ldns[ecdsa,ssl,static-libs(+)] )
- bindist? ( net-libs/ldns[-ecdsa,ssl,static-libs(+)] )
- )
- )
- virtual/pkgconfig
- virtual/os-headers
- sys-devel/autoconf"
-RDEPEND="${RDEPEND}
- pam? ( >=sys-auth/pambase-20081028 )
- userland_GNU? ( virtual/shadow )
- X? ( x11-apps/xauth )"
-
-S=${WORKDIR}/${PARCH}
-
-pkg_setup() {
- # this sucks, but i'd rather have people unable to `emerge -u openssh`
- # than not be able to log in to their server any more
- maybe_fail() { [[ -z ${!2} ]] && echo "$1" ; }
- local fail="
- $(use X509 && maybe_fail X509 X509_PATCH)
- $(use ldap && maybe_fail ldap LDAP_PATCH)
- $(use hpn && maybe_fail hpn HPN_PATCH)
- "
- fail=$(echo ${fail})
- if [[ -n ${fail} ]] ; then
- eerror "Sorry, but this version does not yet support features"
- eerror "that you requested: ${fail}"
- eerror "Please mask ${PF} for now and check back later:"
- eerror " # echo '=${CATEGORY}/${PF}' >>
/etc/portage/package.mask"
- die "booooo"
- fi
-
- # Make sure people who are using tcp wrappers are notified of its
removal. #531156
- if grep -qs '^ *sshd *:' "${EROOT}"/etc/hosts.{allow,deny} ; then
- eerror "Sorry, but openssh no longer supports tcp-wrappers, and
it seems like"
- eerror "you're trying to use it. Update your
${EROOT}etc/hosts.{allow,deny} please."
- die "USE=tcpd no longer works"
- fi
-}
-
-save_version() {
- # version.h patch conflict avoidence
- mv version.h version.h.$1
- cp -f version.h.pristine version.h
-}
-
-src_prepare() {
- sed -i \
- -e
"/_PATH_XAUTH/s:/usr/X11R6/bin/xauth:${EPREFIX}/usr/bin/xauth:" \
- pathnames.h || die
- # keep this as we need it to avoid the conflict between LPK and HPN
changing
- # this file.
- cp version.h version.h.pristine
-
- # don't break .ssh/authorized_keys2 for fun
- sed -i '/^AuthorizedKeysFile/s:^:#:' sshd_config || die
-
- epatch "${FILESDIR}"/${PN}-6.8_p1-sshd-gssapi-multihomed.patch #378361
- if use X509 ; then
- pushd .. >/dev/null
- epatch "${WORKDIR}"/${P}-x509-${X509_VER}-glue.patch
- epatch "${FILESDIR}"/${P}-sctp-x509-glue.patch
- popd >/dev/null
- epatch "${WORKDIR}"/${X509_PATCH%.*}
- epatch "${FILESDIR}"/${PN}-6.3_p1-x509-hpn14v2-glue.patch
- save_version X509
- fi
- if use ldap ; then
- epatch "${WORKDIR}"/${LDAP_PATCH%.*}
- save_version LPK
- fi
- epatch "${FILESDIR}"/${PN}-4.7_p1-GSSAPI-dns.patch #165444 integrated
into gsskex
- epatch "${FILESDIR}"/${PN}-6.7_p1-openssl-ignore-status.patch
- epatch "${FILESDIR}"/${PN}-6.8_p1-ssh-keygen-no-ssh1.patch #544078
- epatch "${FILESDIR}"/${PN}-6.8_p1-teraterm.patch #547944
- # The X509 patchset fixes this independently.
- use X509 || epatch "${FILESDIR}"/${PN}-6.8_p1-ssl-engine-configure.patch
- epatch "${WORKDIR}"/${P}-sctp.patch
- if use hpn ; then
- # The teraterm patch pulled in an upstream update.
- pushd "${WORKDIR}"/${HPN_PATCH%.*.*} >/dev/null
- epatch "${FILESDIR}"/${PN}-6.8_p1-teraterm-hpn-glue.patch
- popd >/dev/null
- EPATCH_FORCE="yes" EPATCH_SUFFIX="patch" \
- EPATCH_MULTI_MSG="Applying HPN patchset ..." \
- epatch "${WORKDIR}"/${HPN_PATCH%.*.*}
- save_version HPN
- fi
-
- tc-export PKG_CONFIG
- local sed_args=(
- -e "s:-lcrypto:$(${PKG_CONFIG} --libs openssl):"
- # Disable PATH reset, trust what portage gives us #254615
- -e 's:^PATH=/:#PATH=/:'
- # Disable fortify flags ... our gcc does this for us
- -e 's:-D_FORTIFY_SOURCE=2::'
- )
- # The -ftrapv flag ICEs on hppa #505182
- use hppa && sed_args+=(
- -e '/CFLAGS/s:-ftrapv:-fdisable-this-test:'
- -e '/OSSH_CHECK_CFLAG_LINK.*-ftrapv/d'
- )
- sed -i "${sed_args[@]}" configure{.ac,} || die
-
- epatch_user #473004
-
- # Now we can build a sane merged version.h
- (
- sed '/^#define SSH_RELEASE/d' version.h.* | sort -u
- macros=()
- for p in HPN LPK X509 ; do [ -e version.h.${p} ] && macros+=(
SSH_${p} ) ; done
- printf '#define SSH_RELEASE SSH_VERSION SSH_PORTABLE %s\n'
"${macros}"
- ) > version.h
-
- eautoreconf
-}
-
-src_configure() {
- addwrite /dev/ptmx
-
- use debug && append-cppflags -DSANDBOX_SECCOMP_FILTER_DEBUG
- use static && append-ldflags -static
-
- local myconf=(
- --with-ldflags="${LDFLAGS}"
- --disable-strip
- --with-pid-dir="${EPREFIX}"$(usex kernel_linux '' '/var')/run
- --sysconfdir="${EPREFIX}"/etc/ssh
- --libexecdir="${EPREFIX}"/usr/$(get_libdir)/misc
- --datadir="${EPREFIX}"/usr/share/openssh
- --with-privsep-path="${EPREFIX}"/var/empty
- --with-privsep-user=sshd
- $(use_with kerberos kerberos5 "${EPREFIX}"/usr)
- # We apply the ldap patch conditionally, so can't pass
--without-ldap
- # unconditionally else we get unknown flag warnings.
- $(use ldap && use_with ldap)
- $(use_with ldns)
- $(use_with libedit)
- $(use_with pam)
- $(use_with pie)
- $(use_with sctp)
- $(use_with selinux)
- $(use_with skey)
- $(use_with ssh1)
- # The X509 patch deletes this option entirely.
- $(use X509 || use_with ssl openssl)
- $(use_with ssl md5-passwords)
- $(use_with ssl ssl-engine)
- )
-
- # Special settings for Gentoo/FreeBSD 9.0 or later (see bug #391011)
- if use elibc_FreeBSD && version_is_at_least 9.0 "$(uname -r|sed
's/\(.\..\).*/\1/')" ; then
- myconf+=( --disable-utmp --disable-wtmp --disable-wtmpx )
- append-ldflags -lutil
- fi
-
- econf "${myconf[@]}"
-}
-
-src_install() {
- emake install-nokeys DESTDIR="${D}"
- fperms 600 /etc/ssh/sshd_config
- dobin contrib/ssh-copy-id
- newinitd "${FILESDIR}"/sshd.rc6.4 sshd
- newconfd "${FILESDIR}"/sshd.confd sshd
- keepdir /var/empty
-
- newpamd "${FILESDIR}"/sshd.pam_include.2 sshd
- if use pam ; then
- sed -i \
- -e "/^#UsePAM /s:.*:UsePAM yes:" \
- -e "/^#PasswordAuthentication
/s:.*:PasswordAuthentication no:" \
- -e "/^#PrintMotd /s:.*:PrintMotd no:" \
- -e "/^#PrintLastLog /s:.*:PrintLastLog no:" \
- "${ED}"/etc/ssh/sshd_config || die
- fi
-
- # Gentoo tweaks to default config files
- cat <<-EOF >> "${ED}"/etc/ssh/sshd_config
-
- # Allow client to pass locale environment variables #367017
- AcceptEnv LANG LC_*
- EOF
- cat <<-EOF >> "${ED}"/etc/ssh/ssh_config
-
- # Send locale environment variables #367017
- SendEnv LANG LC_*
- EOF
-
- # This instruction is from the HPN webpage,
- # Used for the server logging functionality
- if [[ -n ${HPN_PATCH} ]] && use hpn ; then
- keepdir /var/empty/dev
- fi
-
- if ! use X509 && [[ -n ${LDAP_PATCH} ]] && use ldap ; then
- insinto /etc/openldap/schema/
- newins openssh-lpk_openldap.schema openssh-lpk.schema
- fi
-
- doman contrib/ssh-copy-id.1
- dodoc ChangeLog CREDITS OVERVIEW README* TODO sshd_config
-
- diropts -m 0700
- dodir /etc/skel/.ssh
-
- systemd_dounit "${FILESDIR}"/sshd.{service,socket}
- systemd_newunit "${FILESDIR}"/sshd_at.service 'sshd@.service'
-}
-
-src_test() {
- local t tests skipped failed passed shell
- tests="interop-tests compat-tests"
- skipped=""
- shell=$(egetshell ${UID})
- if [[ ${shell} == */nologin ]] || [[ ${shell} == */false ]] ; then
- elog "Running the full OpenSSH testsuite"
- elog "requires a usable shell for the 'portage'"
- elog "user, so we will run a subset only."
- skipped="${skipped} tests"
- else
- tests="${tests} tests"
- fi
- # It will also attempt to write to the homedir .ssh
- local sshhome=${T}/homedir
- mkdir -p "${sshhome}"/.ssh
- for t in ${tests} ; do
- # Some tests read from stdin ...
- HOMEDIR="${sshhome}" \
- emake -k -j1 ${t} </dev/null \
- && passed="${passed}${t} " \
- || failed="${failed}${t} "
- done
- einfo "Passed tests: ${passed}"
- ewarn "Skipped tests: ${skipped}"
- if [[ -n ${failed} ]] ; then
- ewarn "Failed tests: ${failed}"
- die "Some tests failed: ${failed}"
- else
- einfo "Failed tests: ${failed}"
- return 0
- fi
-}
-
-pkg_preinst() {
- enewgroup sshd 22
- enewuser sshd 22 -1 /var/empty sshd
-}
-
-pkg_postinst() {
- if has_version "<${CATEGORY}/${PN}-5.8_p1" ; then
- elog "Starting with openssh-5.8p1, the server will default to a
newer key"
- elog "algorithm (ECDSA). You are encouraged to manually update
your stored"
- elog "keys list as servers update theirs. See ssh-keyscan(1)
for more info."
- fi
- ewarn "Remember to merge your config files in /etc/ssh/ and then"
- ewarn "reload sshd: '/etc/init.d/sshd reload'."
- # This instruction is from the HPN webpage,
- # Used for the server logging functionality
- if [[ -n ${HPN_PATCH} ]] && use hpn ; then
- einfo "For the HPN server logging patch, you must ensure that"
- einfo "your syslog application also listens at
/var/empty/dev/log."
- fi
- elog "Note: openssh-6.7 versions no longer support USE=tcpd as upstream
has"
- elog " dropped it. Make sure to update any configs that you might
have."
-}
diff --git a/net-misc/openssh/openssh-6.9_p1-r1.ebuild
b/net-misc/openssh/openssh-6.9_p1-r1.ebuild
deleted file mode 100644
index a7dc45a..0000000
--- a/net-misc/openssh/openssh-6.9_p1-r1.ebuild
+++ /dev/null
@@ -1,322 +0,0 @@
-# Copyright 1999-2015 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Id$
-
-EAPI="4"
-inherit eutils user flag-o-matic multilib autotools pam systemd versionator
-
-# Make it more portable between straight releases
-# and _p? releases.
-PARCH=${P/_}
-
-HPN_PATCH="${PN}-6.9p1-hpnssh14v5.tar.xz"
-LDAP_PATCH="${PN}-lpk-6.8p1-0.3.14.patch.xz"
-X509_VER="8.4" X509_PATCH="${PN}-6.9p1+x509-${X509_VER}.diff.gz"
-
-DESCRIPTION="Port of OpenBSD's free SSH release"
-HOMEPAGE="http://www.openssh.org/";
-SRC_URI="mirror://openbsd/OpenSSH/portable/${PARCH}.tar.gz
- mirror://gentoo/${PN}-6.8_p1-sctp.patch.xz
- ${HPN_PATCH:+hpn? (
- mirror://gentoo/${HPN_PATCH}
- https://dev.gentoo.org/~polynomial-c/${HPN_PATCH}
- mirror://sourceforge/hpnssh/${HPN_PATCH}
- )}
- ${LDAP_PATCH:+ldap? ( mirror://gentoo/${LDAP_PATCH} )}
- ${X509_PATCH:+X509? (
http://roumenpetrov.info/openssh/x509-${X509_VER}/${X509_PATCH} )}
- "
-
-LICENSE="BSD GPL-2"
-SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390
~sh ~sparc ~x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~arm-linux ~x86-linux"
-# Probably want to drop ssl defaulting to on in a future version.
-IUSE="bindist debug ${HPN_PATCH:++}hpn kerberos kernel_linux ldap ldns libedit
pam +pie sctp selinux skey ssh1 +ssl static X X509"
-REQUIRED_USE="pie? ( !static )
- ssh1? ( ssl )
- static? ( !kerberos !pam )
- X509? ( !ldap ssl )"
-
-LIB_DEPEND="sctp? ( net-misc/lksctp-tools[static-libs(+)] )
- selinux? ( >=sys-libs/libselinux-1.28[static-libs(+)] )
- skey? ( >=sys-auth/skey-1.1.5-r1[static-libs(+)] )
- libedit? ( dev-libs/libedit[static-libs(+)] )
- ssl? (
- >=dev-libs/openssl-0.9.6d:0[bindist=]
- dev-libs/openssl[static-libs(+)]
- )
- >=sys-libs/zlib-1.2.3[static-libs(+)]"
-RDEPEND="
- !static? (
- ${LIB_DEPEND//\[static-libs(+)]}
- ldns? (
- !bindist? ( net-libs/ldns[ecdsa,ssl] )
- bindist? ( net-libs/ldns[-ecdsa,ssl] )
- )
- )
- pam? ( virtual/pam )
- kerberos? ( virtual/krb5 )
- ldap? ( net-nds/openldap )"
-DEPEND="${RDEPEND}
- static? (
- ${LIB_DEPEND}
- ldns? (
- !bindist? ( net-libs/ldns[ecdsa,ssl,static-libs(+)] )
- bindist? ( net-libs/ldns[-ecdsa,ssl,static-libs(+)] )
- )
- )
- virtual/pkgconfig
- virtual/os-headers
- sys-devel/autoconf"
-RDEPEND="${RDEPEND}
- pam? ( >=sys-auth/pambase-20081028 )
- userland_GNU? ( virtual/shadow )
- X? ( x11-apps/xauth )"
-
-S=${WORKDIR}/${PARCH}
-
-pkg_setup() {
- # this sucks, but i'd rather have people unable to `emerge -u openssh`
- # than not be able to log in to their server any more
- maybe_fail() { [[ -z ${!2} ]] && echo "$1" ; }
- local fail="
- $(use X509 && maybe_fail X509 X509_PATCH)
- $(use ldap && maybe_fail ldap LDAP_PATCH)
- $(use hpn && maybe_fail hpn HPN_PATCH)
- "
- fail=$(echo ${fail})
- if [[ -n ${fail} ]] ; then
- eerror "Sorry, but this version does not yet support features"
- eerror "that you requested: ${fail}"
- eerror "Please mask ${PF} for now and check back later:"
- eerror " # echo '=${CATEGORY}/${PF}' >>
/etc/portage/package.mask"
- die "booooo"
- fi
-
- # Make sure people who are using tcp wrappers are notified of its
removal. #531156
- if grep -qs '^ *sshd *:' "${EROOT}"/etc/hosts.{allow,deny} ; then
- eerror "Sorry, but openssh no longer supports tcp-wrappers, and
it seems like"
- eerror "you're trying to use it. Update your
${EROOT}etc/hosts.{allow,deny} please."
- die "USE=tcpd no longer works"
- fi
-}
-
-save_version() {
- # version.h patch conflict avoidence
- mv version.h version.h.$1
- cp -f version.h.pristine version.h
-}
-
-src_prepare() {
- sed -i \
- -e
"/_PATH_XAUTH/s:/usr/X11R6/bin/xauth:${EPREFIX}/usr/bin/xauth:" \
- pathnames.h || die
- # keep this as we need it to avoid the conflict between LPK and HPN
changing
- # this file.
- cp version.h version.h.pristine
-
- # don't break .ssh/authorized_keys2 for fun
- sed -i '/^AuthorizedKeysFile/s:^:#:' sshd_config || die
-
- if use X509 ; then
- pushd .. >/dev/null
- #epatch "${WORKDIR}"/${PN}-6.8_p1-x509-${X509_VER}-glue.patch
- epatch "${FILESDIR}"/${PN}-6.8_p1-sctp-x509-glue.patch
- popd >/dev/null
- epatch "${WORKDIR}"/${X509_PATCH%.*}
- epatch "${FILESDIR}"/${PN}-6.3_p1-x509-hpn14v2-glue.patch
- epatch "${FILESDIR}"/${PN}-6.9_p1-x509-warnings.patch
- save_version X509
- fi
- if use ldap ; then
- epatch "${WORKDIR}"/${LDAP_PATCH%.*}
- save_version LPK
- fi
- epatch "${FILESDIR}"/${PN}-4.7_p1-GSSAPI-dns.patch #165444 integrated
into gsskex
- epatch "${FILESDIR}"/${PN}-6.7_p1-openssl-ignore-status.patch
- # The X509 patchset fixes this independently.
- use X509 || epatch "${FILESDIR}"/${PN}-6.8_p1-ssl-engine-configure.patch
- epatch "${WORKDIR}"/${PN}-6.8_p1-sctp.patch
- if use hpn ; then
- EPATCH_FORCE="yes" EPATCH_SUFFIX="patch" \
- EPATCH_MULTI_MSG="Applying HPN patchset ..." \
- epatch "${WORKDIR}"/${HPN_PATCH%.*.*}
- save_version HPN
- fi
-
- tc-export PKG_CONFIG
- local sed_args=(
- -e "s:-lcrypto:$(${PKG_CONFIG} --libs openssl):"
- # Disable PATH reset, trust what portage gives us #254615
- -e 's:^PATH=/:#PATH=/:'
- # Disable fortify flags ... our gcc does this for us
- -e 's:-D_FORTIFY_SOURCE=2::'
- )
- # The -ftrapv flag ICEs on hppa #505182
- use hppa && sed_args+=(
- -e '/CFLAGS/s:-ftrapv:-fdisable-this-test:'
- -e '/OSSH_CHECK_CFLAG_LINK.*-ftrapv/d'
- )
- sed -i "${sed_args[@]}" configure{.ac,} || die
-
- epatch_user #473004
-
- # Now we can build a sane merged version.h
- (
- sed '/^#define SSH_RELEASE/d' version.h.* | sort -u
- macros=()
- for p in HPN LPK X509 ; do [ -e version.h.${p} ] && macros+=(
SSH_${p} ) ; done
- printf '#define SSH_RELEASE SSH_VERSION SSH_PORTABLE %s\n'
"${macros}"
- ) > version.h
-
- eautoreconf
-}
-
-src_configure() {
- addwrite /dev/ptmx
-
- use debug && append-cppflags -DSANDBOX_SECCOMP_FILTER_DEBUG
- use static && append-ldflags -static
-
- local myconf=(
- --with-ldflags="${LDFLAGS}"
- --disable-strip
- --with-pid-dir="${EPREFIX}"$(usex kernel_linux '' '/var')/run
- --sysconfdir="${EPREFIX}"/etc/ssh
- --libexecdir="${EPREFIX}"/usr/$(get_libdir)/misc
- --datadir="${EPREFIX}"/usr/share/openssh
- --with-privsep-path="${EPREFIX}"/var/empty
- --with-privsep-user=sshd
- $(use_with kerberos kerberos5 "${EPREFIX}"/usr)
- # We apply the ldap patch conditionally, so can't pass
--without-ldap
- # unconditionally else we get unknown flag warnings.
- $(use ldap && use_with ldap)
- $(use_with ldns)
- $(use_with libedit)
- $(use_with pam)
- $(use_with pie)
- $(use_with sctp)
- $(use_with selinux)
- $(use_with skey)
- $(use_with ssh1)
- # The X509 patch deletes this option entirely.
- $(use X509 || use_with ssl openssl)
- $(use_with ssl md5-passwords)
- $(use_with ssl ssl-engine)
- )
-
- # Special settings for Gentoo/FreeBSD 9.0 or later (see bug #391011)
- if use elibc_FreeBSD && version_is_at_least 9.0 "$(uname -r|sed
's/\(.\..\).*/\1/')" ; then
- myconf+=( --disable-utmp --disable-wtmp --disable-wtmpx )
- append-ldflags -lutil
- fi
-
- econf "${myconf[@]}"
-}
-
-src_install() {
- emake install-nokeys DESTDIR="${D}"
- fperms 600 /etc/ssh/sshd_config
- dobin contrib/ssh-copy-id
- newinitd "${FILESDIR}"/sshd.rc6.4 sshd
- newconfd "${FILESDIR}"/sshd.confd sshd
- keepdir /var/empty
-
- newpamd "${FILESDIR}"/sshd.pam_include.2 sshd
- if use pam ; then
- sed -i \
- -e "/^#UsePAM /s:.*:UsePAM yes:" \
- -e "/^#PasswordAuthentication
/s:.*:PasswordAuthentication no:" \
- -e "/^#PrintMotd /s:.*:PrintMotd no:" \
- -e "/^#PrintLastLog /s:.*:PrintLastLog no:" \
- "${ED}"/etc/ssh/sshd_config || die
- fi
-
- # Gentoo tweaks to default config files
- cat <<-EOF >> "${ED}"/etc/ssh/sshd_config
-
- # Allow client to pass locale environment variables #367017
- AcceptEnv LANG LC_*
- EOF
- cat <<-EOF >> "${ED}"/etc/ssh/ssh_config
-
- # Send locale environment variables #367017
- SendEnv LANG LC_*
- EOF
-
- # This instruction is from the HPN webpage,
- # Used for the server logging functionality
- if [[ -n ${HPN_PATCH} ]] && use hpn ; then
- keepdir /var/empty/dev
- fi
-
- if ! use X509 && [[ -n ${LDAP_PATCH} ]] && use ldap ; then
- insinto /etc/openldap/schema/
- newins openssh-lpk_openldap.schema openssh-lpk.schema
- fi
-
- doman contrib/ssh-copy-id.1
- dodoc ChangeLog CREDITS OVERVIEW README* TODO sshd_config
-
- diropts -m 0700
- dodir /etc/skel/.ssh
-
- systemd_dounit "${FILESDIR}"/sshd.{service,socket}
- systemd_newunit "${FILESDIR}"/sshd_at.service 'sshd@.service'
-}
-
-src_test() {
- local t tests skipped failed passed shell
- tests="interop-tests compat-tests"
- skipped=""
- shell=$(egetshell ${UID})
- if [[ ${shell} == */nologin ]] || [[ ${shell} == */false ]] ; then
- elog "Running the full OpenSSH testsuite"
- elog "requires a usable shell for the 'portage'"
- elog "user, so we will run a subset only."
- skipped="${skipped} tests"
- else
- tests="${tests} tests"
- fi
- # It will also attempt to write to the homedir .ssh
- local sshhome=${T}/homedir
- mkdir -p "${sshhome}"/.ssh
- for t in ${tests} ; do
- # Some tests read from stdin ...
- HOMEDIR="${sshhome}" \
- emake -k -j1 ${t} </dev/null \
- && passed="${passed}${t} " \
- || failed="${failed}${t} "
- done
- einfo "Passed tests: ${passed}"
- ewarn "Skipped tests: ${skipped}"
- if [[ -n ${failed} ]] ; then
- ewarn "Failed tests: ${failed}"
- die "Some tests failed: ${failed}"
- else
- einfo "Failed tests: ${failed}"
- return 0
- fi
-}
-
-pkg_preinst() {
- enewgroup sshd 22
- enewuser sshd 22 -1 /var/empty sshd
-}
-
-pkg_postinst() {
- if has_version "<${CATEGORY}/${PN}-5.8_p1" ; then
- elog "Starting with openssh-5.8p1, the server will default to a
newer key"
- elog "algorithm (ECDSA). You are encouraged to manually update
your stored"
- elog "keys list as servers update theirs. See ssh-keyscan(1)
for more info."
- fi
- ewarn "Remember to merge your config files in /etc/ssh/ and then"
- ewarn "reload sshd: '/etc/init.d/sshd reload'."
- # This instruction is from the HPN webpage,
- # Used for the server logging functionality
- if [[ -n ${HPN_PATCH} ]] && use hpn ; then
- einfo "For the HPN server logging patch, you must ensure that"
- einfo "your syslog application also listens at
/var/empty/dev/log."
- fi
- elog "Note: openssh-6.7 versions no longer support USE=tcpd as upstream
has"
- elog " dropped it. Make sure to update any configs that you might
have."
-}
diff --git a/net-misc/openssh/openssh-6.9_p1-r2.ebuild
b/net-misc/openssh/openssh-6.9_p1-r2.ebuild
deleted file mode 100644
index 40ad0d2..0000000
--- a/net-misc/openssh/openssh-6.9_p1-r2.ebuild
+++ /dev/null
@@ -1,310 +0,0 @@
-# Copyright 1999-2015 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Id$
-
-EAPI="4"
-inherit eutils user flag-o-matic multilib autotools pam systemd versionator
-
-# Make it more portable between straight releases
-# and _p? releases.
-PARCH=${P/_}
-
-HPN_PATCH="${PN}-6.9p1-r1-hpnssh14v5.tar.xz"
-LDAP_PATCH="${PN}-lpk-6.8p1-0.3.14.patch.xz"
-X509_VER="8.4" X509_PATCH="${PN}-6.9p1+x509-${X509_VER}.diff.gz"
-
-DESCRIPTION="Port of OpenBSD's free SSH release"
-HOMEPAGE="http://www.openssh.org/";
-SRC_URI="mirror://openbsd/OpenSSH/portable/${PARCH}.tar.gz
- mirror://gentoo/${PN}-6.8_p1-sctp.patch.xz
- ${HPN_PATCH:+hpn? (
- mirror://gentoo/${HPN_PATCH}
- https://dev.gentoo.org/~polynomial-c/${HPN_PATCH}
- mirror://sourceforge/hpnssh/${HPN_PATCH}
- )}
- ${LDAP_PATCH:+ldap? ( mirror://gentoo/${LDAP_PATCH} )}
- ${X509_PATCH:+X509? (
http://roumenpetrov.info/openssh/x509-${X509_VER}/${X509_PATCH} )}
- "
-
-LICENSE="BSD GPL-2"
-SLOT="0"
-KEYWORDS="alpha amd64 arm arm64 hppa ia64 m68k ~mips ppc ppc64 s390 sh sparc
x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~arm-linux ~x86-linux"
-# Probably want to drop ssl defaulting to on in a future version.
-IUSE="bindist debug ${HPN_PATCH:++}hpn kerberos kernel_linux ldap ldns libedit
pam +pie sctp selinux skey ssh1 +ssl static X X509"
-REQUIRED_USE="ldns? ( ssl )
- pie? ( !static )
- ssh1? ( ssl )
- static? ( !kerberos !pam )
- X509? ( !ldap ssl )"
-
-LIB_DEPEND="
- ldns? (
- net-libs/ldns[static-libs(+)]
- !bindist? ( net-libs/ldns[ecdsa,ssl] )
- bindist? ( net-libs/ldns[-ecdsa,ssl] )
- )
- libedit? ( dev-libs/libedit[static-libs(+)] )
- sctp? ( net-misc/lksctp-tools[static-libs(+)] )
- selinux? ( >=sys-libs/libselinux-1.28[static-libs(+)] )
- skey? ( >=sys-auth/skey-1.1.5-r1[static-libs(+)] )
- ssl? (
- >=dev-libs/openssl-0.9.8f:0[bindist=]
- dev-libs/openssl:0[static-libs(+)]
- )
- >=sys-libs/zlib-1.2.3[static-libs(+)]"
-RDEPEND="
- !static? ( ${LIB_DEPEND//\[static-libs(+)]} )
- pam? ( virtual/pam )
- kerberos? ( virtual/krb5 )
- ldap? ( net-nds/openldap )"
-DEPEND="${RDEPEND}
- static? ( ${LIB_DEPEND} )
- virtual/pkgconfig
- virtual/os-headers
- sys-devel/autoconf"
-RDEPEND="${RDEPEND}
- pam? ( >=sys-auth/pambase-20081028 )
- userland_GNU? ( virtual/shadow )
- X? ( x11-apps/xauth )"
-
-S=${WORKDIR}/${PARCH}
-
-pkg_setup() {
- # this sucks, but i'd rather have people unable to `emerge -u openssh`
- # than not be able to log in to their server any more
- maybe_fail() { [[ -z ${!2} ]] && echo "$1" ; }
- local fail="
- $(use X509 && maybe_fail X509 X509_PATCH)
- $(use ldap && maybe_fail ldap LDAP_PATCH)
- $(use hpn && maybe_fail hpn HPN_PATCH)
- "
- fail=$(echo ${fail})
- if [[ -n ${fail} ]] ; then
- eerror "Sorry, but this version does not yet support features"
- eerror "that you requested: ${fail}"
- eerror "Please mask ${PF} for now and check back later:"
- eerror " # echo '=${CATEGORY}/${PF}' >>
/etc/portage/package.mask"
- die "booooo"
- fi
-
- # Make sure people who are using tcp wrappers are notified of its
removal. #531156
- if grep -qs '^ *sshd *:' "${EROOT}"/etc/hosts.{allow,deny} ; then
- ewarn "Sorry, but openssh no longer supports tcp-wrappers, and
it seems like"
- ewarn "you're trying to use it. Update your
${EROOT}etc/hosts.{allow,deny} please."
- fi
-}
-
-save_version() {
- # version.h patch conflict avoidence
- mv version.h version.h.$1
- cp -f version.h.pristine version.h
-}
-
-src_prepare() {
- sed -i \
- -e
"/_PATH_XAUTH/s:/usr/X11R6/bin/xauth:${EPREFIX}/usr/bin/xauth:" \
- pathnames.h || die
- # keep this as we need it to avoid the conflict between LPK and HPN
changing
- # this file.
- cp version.h version.h.pristine
-
- # don't break .ssh/authorized_keys2 for fun
- sed -i '/^AuthorizedKeysFile/s:^:#:' sshd_config || die
-
- if use X509 ; then
- pushd .. >/dev/null
- #epatch "${WORKDIR}"/${PN}-6.8_p1-x509-${X509_VER}-glue.patch
- epatch "${FILESDIR}"/${PN}-6.8_p1-sctp-x509-glue.patch
- popd >/dev/null
- epatch "${WORKDIR}"/${X509_PATCH%.*}
- epatch "${FILESDIR}"/${PN}-6.3_p1-x509-hpn14v2-glue.patch
- epatch "${FILESDIR}"/${PN}-6.9_p1-x509-warnings.patch
- save_version X509
- fi
- if use ldap ; then
- epatch "${WORKDIR}"/${LDAP_PATCH%.*}
- save_version LPK
- fi
- epatch "${FILESDIR}"/${PN}-4.7_p1-GSSAPI-dns.patch #165444 integrated
into gsskex
- epatch "${FILESDIR}"/${PN}-6.7_p1-openssl-ignore-status.patch
- # The X509 patchset fixes this independently.
- use X509 || epatch "${FILESDIR}"/${PN}-6.8_p1-ssl-engine-configure.patch
- epatch "${WORKDIR}"/${PN}-6.8_p1-sctp.patch
- if use hpn ; then
- EPATCH_FORCE="yes" EPATCH_SUFFIX="patch" \
- EPATCH_MULTI_MSG="Applying HPN patchset ..." \
- epatch "${WORKDIR}"/${HPN_PATCH%.*.*}
- save_version HPN
- fi
-
- tc-export PKG_CONFIG
- local sed_args=(
- -e "s:-lcrypto:$(${PKG_CONFIG} --libs openssl):"
- # Disable PATH reset, trust what portage gives us #254615
- -e 's:^PATH=/:#PATH=/:'
- # Disable fortify flags ... our gcc does this for us
- -e 's:-D_FORTIFY_SOURCE=2::'
- )
- # The -ftrapv flag ICEs on hppa #505182
- use hppa && sed_args+=(
- -e '/CFLAGS/s:-ftrapv:-fdisable-this-test:'
- -e '/OSSH_CHECK_CFLAG_LINK.*-ftrapv/d'
- )
- sed -i "${sed_args[@]}" configure{.ac,} || die
-
- epatch_user #473004
-
- # Now we can build a sane merged version.h
- (
- sed '/^#define SSH_RELEASE/d' version.h.* | sort -u
- macros=()
- for p in HPN LPK X509 ; do [ -e version.h.${p} ] && macros+=(
SSH_${p} ) ; done
- printf '#define SSH_RELEASE SSH_VERSION SSH_PORTABLE %s\n'
"${macros}"
- ) > version.h
-
- eautoreconf
-}
-
-src_configure() {
- addwrite /dev/ptmx
-
- use debug && append-cppflags -DSANDBOX_SECCOMP_FILTER_DEBUG
- use static && append-ldflags -static
-
- local myconf=(
- --with-ldflags="${LDFLAGS}"
- --disable-strip
- --with-pid-dir="${EPREFIX}"$(usex kernel_linux '' '/var')/run
- --sysconfdir="${EPREFIX}"/etc/ssh
- --libexecdir="${EPREFIX}"/usr/$(get_libdir)/misc
- --datadir="${EPREFIX}"/usr/share/openssh
- --with-privsep-path="${EPREFIX}"/var/empty
- --with-privsep-user=sshd
- $(use_with kerberos kerberos5 "${EPREFIX}"/usr)
- # We apply the ldap patch conditionally, so can't pass
--without-ldap
- # unconditionally else we get unknown flag warnings.
- $(use ldap && use_with ldap)
- $(use_with ldns)
- $(use_with libedit)
- $(use_with pam)
- $(use_with pie)
- $(use_with sctp)
- $(use_with selinux)
- $(use_with skey)
- $(use_with ssh1)
- # The X509 patch deletes this option entirely.
- $(use X509 || use_with ssl openssl)
- $(use_with ssl md5-passwords)
- $(use_with ssl ssl-engine)
- )
-
- # The seccomp sandbox is broken on x32, so use the older method for
now. #553748
- use amd64 && [[ ${ABI} == "x32" ]] && myconf+=( --with-sandbox=rlimit )
-
- # Special settings for Gentoo/FreeBSD 9.0 or later (see bug #391011)
- if use elibc_FreeBSD && version_is_at_least 9.0 "$(uname -r|sed
's/\(.\..\).*/\1/')" ; then
- myconf+=( --disable-utmp --disable-wtmp --disable-wtmpx )
- append-ldflags -lutil
- fi
-
- econf "${myconf[@]}"
-}
-
-src_install() {
- emake install-nokeys DESTDIR="${D}"
- fperms 600 /etc/ssh/sshd_config
- dobin contrib/ssh-copy-id
- newinitd "${FILESDIR}"/sshd.rc6.4 sshd
- newconfd "${FILESDIR}"/sshd.confd sshd
- keepdir /var/empty
-
- newpamd "${FILESDIR}"/sshd.pam_include.2 sshd
- if use pam ; then
- sed -i \
- -e "/^#UsePAM /s:.*:UsePAM yes:" \
- -e "/^#PasswordAuthentication
/s:.*:PasswordAuthentication no:" \
- -e "/^#PrintMotd /s:.*:PrintMotd no:" \
- -e "/^#PrintLastLog /s:.*:PrintLastLog no:" \
- "${ED}"/etc/ssh/sshd_config || die
- fi
-
- # Gentoo tweaks to default config files
- cat <<-EOF >> "${ED}"/etc/ssh/sshd_config
-
- # Allow client to pass locale environment variables #367017
- AcceptEnv LANG LC_*
- EOF
- cat <<-EOF >> "${ED}"/etc/ssh/ssh_config
-
- # Send locale environment variables #367017
- SendEnv LANG LC_*
- EOF
-
- if ! use X509 && [[ -n ${LDAP_PATCH} ]] && use ldap ; then
- insinto /etc/openldap/schema/
- newins openssh-lpk_openldap.schema openssh-lpk.schema
- fi
-
- doman contrib/ssh-copy-id.1
- dodoc ChangeLog CREDITS OVERVIEW README* TODO sshd_config
-
- diropts -m 0700
- dodir /etc/skel/.ssh
-
- systemd_dounit "${FILESDIR}"/sshd.{service,socket}
- systemd_newunit "${FILESDIR}"/sshd_at.service 'sshd@.service'
-}
-
-src_test() {
- local t tests skipped failed passed shell
- tests="interop-tests compat-tests"
- skipped=""
- shell=$(egetshell ${UID})
- if [[ ${shell} == */nologin ]] || [[ ${shell} == */false ]] ; then
- elog "Running the full OpenSSH testsuite"
- elog "requires a usable shell for the 'portage'"
- elog "user, so we will run a subset only."
- skipped="${skipped} tests"
- else
- tests="${tests} tests"
- fi
- # It will also attempt to write to the homedir .ssh
- local sshhome=${T}/homedir
- mkdir -p "${sshhome}"/.ssh
- for t in ${tests} ; do
- # Some tests read from stdin ...
- HOMEDIR="${sshhome}" \
- emake -k -j1 ${t} </dev/null \
- && passed="${passed}${t} " \
- || failed="${failed}${t} "
- done
- einfo "Passed tests: ${passed}"
- ewarn "Skipped tests: ${skipped}"
- if [[ -n ${failed} ]] ; then
- ewarn "Failed tests: ${failed}"
- die "Some tests failed: ${failed}"
- else
- einfo "Failed tests: ${failed}"
- return 0
- fi
-}
-
-pkg_preinst() {
- enewgroup sshd 22
- enewuser sshd 22 -1 /var/empty sshd
-}
-
-pkg_postinst() {
- if has_version "<${CATEGORY}/${PN}-5.8_p1" ; then
- elog "Starting with openssh-5.8p1, the server will default to a
newer key"
- elog "algorithm (ECDSA). You are encouraged to manually update
your stored"
- elog "keys list as servers update theirs. See ssh-keyscan(1)
for more info."
- fi
- if has_version "<${CATEGORY}/${PN}-6.9_p1" ; then
- elog "Starting with openssh-6.9p1, ssh1 support is disabled by
default."
- fi
- ewarn "Remember to merge your config files in /etc/ssh/ and then"
- ewarn "reload sshd: '/etc/init.d/sshd reload'."
- elog "Note: openssh-6.7 versions no longer support USE=tcpd as upstream
has"
- elog " dropped it. Make sure to update any configs that you might
have."
-}
diff --git a/net-misc/openssh/openssh-7.0_p1.ebuild
b/net-misc/openssh/openssh-7.0_p1.ebuild
deleted file mode 100644
index 9f3ff39..0000000
--- a/net-misc/openssh/openssh-7.0_p1.ebuild
+++ /dev/null
@@ -1,323 +0,0 @@
-# Copyright 1999-2015 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Id$
-
-EAPI="4"
-inherit eutils user flag-o-matic multilib autotools pam systemd versionator
-
-# Make it more portable between straight releases
-# and _p? releases.
-PARCH=${P/_}
-
-HPN_PATCH="${PN}-7.0p1-hpnssh14v5.tar.xz"
-LDAP_PATCH="${PN}-lpk-6.8p1-0.3.14.patch.xz"
-X509_VER="8.5" X509_PATCH="${PN}-${PV//_/}+x509-${X509_VER}.diff.gz"
-
-DESCRIPTION="Port of OpenBSD's free SSH release"
-HOMEPAGE="http://www.openssh.org/";
-SRC_URI="mirror://openbsd/OpenSSH/portable/${PARCH}.tar.gz
- mirror://gentoo/${PN}-6.8_p1-sctp.patch.xz
- ${HPN_PATCH:+hpn? (
- mirror://gentoo/${HPN_PATCH}
- https://dev.gentoo.org/~polynomial-c/${HPN_PATCH}
- mirror://sourceforge/hpnssh/${HPN_PATCH}
- )}
- ${LDAP_PATCH:+ldap? ( mirror://gentoo/${LDAP_PATCH} )}
- ${X509_PATCH:+X509? (
http://roumenpetrov.info/openssh/x509-${X509_VER}/${X509_PATCH} )}
- "
-
-LICENSE="BSD GPL-2"
-SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390
~sh ~sparc ~x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~arm-linux ~x86-linux"
-# Probably want to drop ssl defaulting to on in a future version.
-IUSE="bindist debug ${HPN_PATCH:++}hpn kerberos kernel_linux ldap ldns libedit
pam +pie sctp selinux skey ssh1 +ssl static X X509"
-REQUIRED_USE="ldns? ( ssl )
- pie? ( !static )
- ssh1? ( ssl )
- static? ( !kerberos !pam )
- X509? ( !ldap ssl )"
-
-LIB_DEPEND="
- ldns? (
- net-libs/ldns[static-libs(+)]
- !bindist? ( net-libs/ldns[ecdsa,ssl] )
- bindist? ( net-libs/ldns[-ecdsa,ssl] )
- )
- libedit? ( dev-libs/libedit[static-libs(+)] )
- sctp? ( net-misc/lksctp-tools[static-libs(+)] )
- selinux? ( >=sys-libs/libselinux-1.28[static-libs(+)] )
- skey? ( >=sys-auth/skey-1.1.5-r1[static-libs(+)] )
- ssl? (
- >=dev-libs/openssl-0.9.8f:0[bindist=]
- dev-libs/openssl:0[static-libs(+)]
- )
- >=sys-libs/zlib-1.2.3[static-libs(+)]"
-RDEPEND="
- !static? ( ${LIB_DEPEND//\[static-libs(+)]} )
- pam? ( virtual/pam )
- kerberos? ( virtual/krb5 )
- ldap? ( net-nds/openldap )"
-DEPEND="${RDEPEND}
- static? ( ${LIB_DEPEND} )
- virtual/pkgconfig
- virtual/os-headers
- sys-devel/autoconf"
-RDEPEND="${RDEPEND}
- pam? ( >=sys-auth/pambase-20081028 )
- userland_GNU? ( virtual/shadow )
- X? ( x11-apps/xauth )"
-
-S=${WORKDIR}/${PARCH}
-
-pkg_setup() {
- # this sucks, but i'd rather have people unable to `emerge -u openssh`
- # than not be able to log in to their server any more
- maybe_fail() { [[ -z ${!2} ]] && echo "$1" ; }
- local fail="
- $(use X509 && maybe_fail X509 X509_PATCH)
- $(use ldap && maybe_fail ldap LDAP_PATCH)
- $(use hpn && maybe_fail hpn HPN_PATCH)
- "
- fail=$(echo ${fail})
- if [[ -n ${fail} ]] ; then
- eerror "Sorry, but this version does not yet support features"
- eerror "that you requested: ${fail}"
- eerror "Please mask ${PF} for now and check back later:"
- eerror " # echo '=${CATEGORY}/${PF}' >>
/etc/portage/package.mask"
- die "booooo"
- fi
-
- # Make sure people who are using tcp wrappers are notified of its
removal. #531156
- if grep -qs '^ *sshd *:' "${EROOT}"/etc/hosts.{allow,deny} ; then
- ewarn "Sorry, but openssh no longer supports tcp-wrappers, and
it seems like"
- ewarn "you're trying to use it. Update your
${EROOT}etc/hosts.{allow,deny} please."
- fi
-}
-
-save_version() {
- # version.h patch conflict avoidence
- mv version.h version.h.$1
- cp -f version.h.pristine version.h
-}
-
-src_prepare() {
- sed -i \
- -e
"/_PATH_XAUTH/s:/usr/X11R6/bin/xauth:${EPREFIX}/usr/bin/xauth:" \
- pathnames.h || die
- # keep this as we need it to avoid the conflict between LPK and HPN
changing
- # this file.
- cp version.h version.h.pristine
-
- # don't break .ssh/authorized_keys2 for fun
- sed -i '/^AuthorizedKeysFile/s:^:#:' sshd_config || die
-
- if use X509 ; then
- pushd .. >/dev/null
- #epatch "${WORKDIR}"/${PN}-6.8_p1-x509-${X509_VER}-glue.patch
- epatch "${FILESDIR}"/${PN}-7.0_p1-sctp-x509-glue.patch
- popd >/dev/null
- epatch "${WORKDIR}"/${X509_PATCH%.*}
- epatch "${FILESDIR}"/${PN}-6.3_p1-x509-hpn14v2-glue.patch
- epatch "${FILESDIR}"/${PN}-6.9_p1-x509-warnings.patch
- save_version X509
- fi
- if use ldap ; then
- epatch "${WORKDIR}"/${LDAP_PATCH%.*}
- save_version LPK
- fi
- epatch "${FILESDIR}"/${PN}-4.7_p1-GSSAPI-dns.patch #165444 integrated
into gsskex
- epatch "${FILESDIR}"/${PN}-6.7_p1-openssl-ignore-status.patch
- # The X509 patchset fixes this independently.
- use X509 || epatch "${FILESDIR}"/${PN}-6.8_p1-ssl-engine-configure.patch
- epatch "${WORKDIR}"/${PN}-6.8_p1-sctp.patch
- if use hpn ; then
- EPATCH_FORCE="yes" EPATCH_SUFFIX="patch" \
- EPATCH_MULTI_MSG="Applying HPN patchset ..." \
- epatch "${WORKDIR}"/${HPN_PATCH%.*.*}
- save_version HPN
- fi
-
- tc-export PKG_CONFIG
- local sed_args=(
- -e "s:-lcrypto:$(${PKG_CONFIG} --libs openssl):"
- # Disable PATH reset, trust what portage gives us #254615
- -e 's:^PATH=/:#PATH=/:'
- # Disable fortify flags ... our gcc does this for us
- -e 's:-D_FORTIFY_SOURCE=2::'
- )
- # The -ftrapv flag ICEs on hppa #505182
- use hppa && sed_args+=(
- -e '/CFLAGS/s:-ftrapv:-fdisable-this-test:'
- -e '/OSSH_CHECK_CFLAG_LINK.*-ftrapv/d'
- )
- sed -i "${sed_args[@]}" configure{.ac,} || die
-
- epatch_user #473004
-
- # Now we can build a sane merged version.h
- (
- sed '/^#define SSH_RELEASE/d' version.h.* | sort -u
- macros=()
- for p in HPN LPK X509 ; do [ -e version.h.${p} ] && macros+=(
SSH_${p} ) ; done
- printf '#define SSH_RELEASE SSH_VERSION SSH_PORTABLE %s\n'
"${macros}"
- ) > version.h
-
- eautoreconf
-}
-
-src_configure() {
- addwrite /dev/ptmx
-
- use debug && append-cppflags -DSANDBOX_SECCOMP_FILTER_DEBUG
- use static && append-ldflags -static
-
- local myconf=(
- --with-ldflags="${LDFLAGS}"
- --disable-strip
- --with-pid-dir="${EPREFIX}"$(usex kernel_linux '' '/var')/run
- --sysconfdir="${EPREFIX}"/etc/ssh
- --libexecdir="${EPREFIX}"/usr/$(get_libdir)/misc
- --datadir="${EPREFIX}"/usr/share/openssh
- --with-privsep-path="${EPREFIX}"/var/empty
- --with-privsep-user=sshd
- $(use_with kerberos kerberos5 "${EPREFIX}"/usr)
- # We apply the ldap patch conditionally, so can't pass
--without-ldap
- # unconditionally else we get unknown flag warnings.
- $(use ldap && use_with ldap)
- $(use_with ldns)
- $(use_with libedit)
- $(use_with pam)
- $(use_with pie)
- $(use_with sctp)
- $(use_with selinux)
- $(use_with skey)
- $(use_with ssh1)
- # The X509 patch deletes this option entirely.
- $(use X509 || use_with ssl openssl)
- $(use_with ssl md5-passwords)
- $(use_with ssl ssl-engine)
- )
-
- # The seccomp sandbox is broken on x32, so use the older method for
now. #553748
- use amd64 && [[ ${ABI} == "x32" ]] && myconf+=( --with-sandbox=rlimit )
-
- # Special settings for Gentoo/FreeBSD 9.0 or later (see bug #391011)
- if use elibc_FreeBSD && version_is_at_least 9.0 "$(uname -r|sed
's/\(.\..\).*/\1/')" ; then
- myconf+=( --disable-utmp --disable-wtmp --disable-wtmpx )
- append-ldflags -lutil
- fi
-
- econf "${myconf[@]}"
-}
-
-src_install() {
- emake install-nokeys DESTDIR="${D}"
- fperms 600 /etc/ssh/sshd_config
- dobin contrib/ssh-copy-id
- newinitd "${FILESDIR}"/sshd.rc6.4 sshd
- newconfd "${FILESDIR}"/sshd.confd sshd
- keepdir /var/empty
-
- newpamd "${FILESDIR}"/sshd.pam_include.2 sshd
- if use pam ; then
- sed -i \
- -e "/^#UsePAM /s:.*:UsePAM yes:" \
- -e "/^#PasswordAuthentication
/s:.*:PasswordAuthentication no:" \
- -e "/^#PrintMotd /s:.*:PrintMotd no:" \
- -e "/^#PrintLastLog /s:.*:PrintLastLog no:" \
- "${ED}"/etc/ssh/sshd_config || die
- fi
-
- # Gentoo tweaks to default config files
- cat <<-EOF >> "${ED}"/etc/ssh/sshd_config
-
- # Allow client to pass locale environment variables #367017
- AcceptEnv LANG LC_*
- EOF
- cat <<-EOF >> "${ED}"/etc/ssh/ssh_config
-
- # Send locale environment variables #367017
- SendEnv LANG LC_*
- EOF
-
- if ! use X509 && [[ -n ${LDAP_PATCH} ]] && use ldap ; then
- insinto /etc/openldap/schema/
- newins openssh-lpk_openldap.schema openssh-lpk.schema
- fi
-
- doman contrib/ssh-copy-id.1
- dodoc ChangeLog CREDITS OVERVIEW README* TODO sshd_config
-
- diropts -m 0700
- dodir /etc/skel/.ssh
-
- systemd_dounit "${FILESDIR}"/sshd.{service,socket}
- systemd_newunit "${FILESDIR}"/sshd_at.service 'sshd@.service'
-}
-
-src_test() {
- local t tests skipped failed passed shell
- tests="interop-tests compat-tests"
- skipped=""
- shell=$(egetshell ${UID})
- if [[ ${shell} == */nologin ]] || [[ ${shell} == */false ]] ; then
- elog "Running the full OpenSSH testsuite"
- elog "requires a usable shell for the 'portage'"
- elog "user, so we will run a subset only."
- skipped="${skipped} tests"
- else
- tests="${tests} tests"
- fi
- # It will also attempt to write to the homedir .ssh
- local sshhome=${T}/homedir
- mkdir -p "${sshhome}"/.ssh
- for t in ${tests} ; do
- # Some tests read from stdin ...
- HOMEDIR="${sshhome}" \
- emake -k -j1 ${t} </dev/null \
- && passed="${passed}${t} " \
- || failed="${failed}${t} "
- done
- einfo "Passed tests: ${passed}"
- ewarn "Skipped tests: ${skipped}"
- if [[ -n ${failed} ]] ; then
- ewarn "Failed tests: ${failed}"
- die "Some tests failed: ${failed}"
- else
- einfo "Failed tests: ${failed}"
- return 0
- fi
-}
-
-pkg_preinst() {
- enewgroup sshd 22
- enewuser sshd 22 -1 /var/empty sshd
-}
-
-pkg_postinst() {
- if has_version "<${CATEGORY}/${PN}-5.8_p1" ; then
- elog "Starting with openssh-5.8p1, the server will default to a
newer key"
- elog "algorithm (ECDSA). You are encouraged to manually update
your stored"
- elog "keys list as servers update theirs. See ssh-keyscan(1)
for more info."
- fi
- if has_version "<${CATEGORY}/${PN}-6.9_p1" ; then
- elog "Starting with openssh-6.9p1, ssh1 support is disabled by
default."
- fi
- if has_version "<${CATEGORY}/${PN}-7.0_p1" ; then
- elog "Starting with openssh-6.7, support for USE=tcpd has been
dropped by upstream."
- elog "Make sure to update any configs that you might have.
Note that xinetd might"
- elog "be an alternative for you as it supports USE=tcpd."
- fi
- if has_version "<${CATEGORY}/${PN}-7.1_p1" ; then #557388
- elog "Starting with openssh-7.0, support for ssh-dss keys were
disabled due to their"
- elog "weak sizes. If you rely on these key types, you can
re-enable the key types by"
- elog "adding to your sshd_config:"
- elog " PubkeyAcceptedKeyTypes=+ssh-dss"
- elog "You should however generate new keys using rsa or
ed25519."
- fi
- if ! use ssl && has_version "${CATEGORY}/${PN}[ssl]" ; then
- elog "Be aware that by disabling openssl support in openssh,
the server and clients"
- elog "no longer support dss/rsa/ecdsa keys. You will need to
generate ed25519 keys"
- elog "and update all clients/servers that utilize them."
- fi
-}
diff --git a/net-misc/openssh/openssh-7.1_p1-r1.ebuild
b/net-misc/openssh/openssh-7.1_p1-r1.ebuild
deleted file mode 100644
index 2571fd0..0000000
--- a/net-misc/openssh/openssh-7.1_p1-r1.ebuild
+++ /dev/null
@@ -1,328 +0,0 @@
-# Copyright 1999-2015 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Id$
-
-EAPI="4"
-inherit eutils user flag-o-matic multilib autotools pam systemd versionator
-
-# Make it more portable between straight releases
-# and _p? releases.
-PARCH=${P/_}
-
-HPN_PATCH="${PN}-7.0p1-hpnssh14v5.tar.xz"
-LDAP_PATCH="${PN}-lpk-6.8p1-0.3.14.patch.xz"
-X509_VER="8.6" X509_PATCH="${PN}-${PV//_/}+x509-${X509_VER}.diff.gz"
-
-DESCRIPTION="Port of OpenBSD's free SSH release"
-HOMEPAGE="http://www.openssh.org/";
-SRC_URI="mirror://openbsd/OpenSSH/portable/${PARCH}.tar.gz
- mirror://gentoo/${PN}-6.8_p1-sctp.patch.xz
- ${HPN_PATCH:+hpn? (
- mirror://gentoo/${HPN_PATCH}
- https://dev.gentoo.org/~polynomial-c/${HPN_PATCH}
- mirror://sourceforge/hpnssh/${HPN_PATCH}
- )}
- ${LDAP_PATCH:+ldap? ( mirror://gentoo/${LDAP_PATCH} )}
- ${X509_PATCH:+X509? (
http://roumenpetrov.info/openssh/x509-${X509_VER}/${X509_PATCH} )}
- "
-
-LICENSE="BSD GPL-2"
-SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390
~sh ~sparc ~x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~arm-linux ~x86-linux"
-# Probably want to drop ssl defaulting to on in a future version.
-IUSE="bindist debug ${HPN_PATCH:++}hpn kerberos kernel_linux ldap ldns libedit
libressl pam +pie sctp selinux skey ssh1 +ssl static X X509"
-REQUIRED_USE="ldns? ( ssl )
- pie? ( !static )
- ssh1? ( ssl )
- static? ( !kerberos !pam )
- X509? ( !ldap ssl )"
-
-LIB_DEPEND="
- ldns? (
- net-libs/ldns[static-libs(+)]
- !bindist? ( net-libs/ldns[ecdsa,ssl] )
- bindist? ( net-libs/ldns[-ecdsa,ssl] )
- )
- libedit? ( dev-libs/libedit[static-libs(+)] )
- sctp? ( net-misc/lksctp-tools[static-libs(+)] )
- selinux? ( >=sys-libs/libselinux-1.28[static-libs(+)] )
- skey? ( >=sys-auth/skey-1.1.5-r1[static-libs(+)] )
- ssl? (
- !libressl? (
- >=dev-libs/openssl-0.9.8f:0[bindist=]
- dev-libs/openssl:0[static-libs(+)]
- )
- libressl? ( dev-libs/libressl[static-libs(+)] )
- )
- >=sys-libs/zlib-1.2.3[static-libs(+)]"
-RDEPEND="
- !static? ( ${LIB_DEPEND//\[static-libs(+)]} )
- pam? ( virtual/pam )
- kerberos? ( virtual/krb5 )
- ldap? ( net-nds/openldap )"
-DEPEND="${RDEPEND}
- static? ( ${LIB_DEPEND} )
- virtual/pkgconfig
- virtual/os-headers
- sys-devel/autoconf"
-RDEPEND="${RDEPEND}
- pam? ( >=sys-auth/pambase-20081028 )
- userland_GNU? ( virtual/shadow )
- X? ( x11-apps/xauth )"
-
-S=${WORKDIR}/${PARCH}
-
-pkg_setup() {
- # this sucks, but i'd rather have people unable to `emerge -u openssh`
- # than not be able to log in to their server any more
- maybe_fail() { [[ -z ${!2} ]] && echo "$1" ; }
- local fail="
- $(use X509 && maybe_fail X509 X509_PATCH)
- $(use ldap && maybe_fail ldap LDAP_PATCH)
- $(use hpn && maybe_fail hpn HPN_PATCH)
- "
- fail=$(echo ${fail})
- if [[ -n ${fail} ]] ; then
- eerror "Sorry, but this version does not yet support features"
- eerror "that you requested: ${fail}"
- eerror "Please mask ${PF} for now and check back later:"
- eerror " # echo '=${CATEGORY}/${PF}' >>
/etc/portage/package.mask"
- die "booooo"
- fi
-
- # Make sure people who are using tcp wrappers are notified of its
removal. #531156
- if grep -qs '^ *sshd *:' "${EROOT}"/etc/hosts.{allow,deny} ; then
- ewarn "Sorry, but openssh no longer supports tcp-wrappers, and
it seems like"
- ewarn "you're trying to use it. Update your
${EROOT}etc/hosts.{allow,deny} please."
- fi
-}
-
-save_version() {
- # version.h patch conflict avoidence
- mv version.h version.h.$1
- cp -f version.h.pristine version.h
-}
-
-src_prepare() {
- sed -i \
- -e
"/_PATH_XAUTH/s:/usr/X11R6/bin/xauth:${EPREFIX}/usr/bin/xauth:" \
- pathnames.h || die
- # keep this as we need it to avoid the conflict between LPK and HPN
changing
- # this file.
- cp version.h version.h.pristine
-
- # don't break .ssh/authorized_keys2 for fun
- sed -i '/^AuthorizedKeysFile/s:^:#:' sshd_config || die
-
- if use X509 ; then
- pushd .. >/dev/null
- pushd ${HPN_PATCH%.*.*} >/dev/null
- epatch "${FILESDIR}"/${PN}-7.1_p1-hpn-x509-glue.patch
- popd >/dev/null
- epatch "${FILESDIR}"/${PN}-7.0_p1-sctp-x509-glue.patch
- popd >/dev/null
- epatch "${WORKDIR}"/${X509_PATCH%.*}
- epatch "${FILESDIR}"/${PN}-6.3_p1-x509-hpn14v2-glue.patch
- epatch "${FILESDIR}"/${PN}-6.9_p1-x509-warnings.patch
- save_version X509
- fi
- if use ldap ; then
- epatch "${WORKDIR}"/${LDAP_PATCH%.*}
- save_version LPK
- fi
- epatch "${FILESDIR}"/${PN}-4.7_p1-GSSAPI-dns.patch #165444 integrated
into gsskex
- epatch "${FILESDIR}"/${PN}-6.7_p1-openssl-ignore-status.patch
- # The X509 patchset fixes this independently.
- use X509 || epatch "${FILESDIR}"/${PN}-6.8_p1-ssl-engine-configure.patch
- epatch "${WORKDIR}"/${PN}-6.8_p1-sctp.patch
- if use hpn ; then
- EPATCH_FORCE="yes" EPATCH_SUFFIX="patch" \
- EPATCH_MULTI_MSG="Applying HPN patchset ..." \
- epatch "${WORKDIR}"/${HPN_PATCH%.*.*}
- save_version HPN
- fi
-
- tc-export PKG_CONFIG
- local sed_args=(
- -e "s:-lcrypto:$(${PKG_CONFIG} --libs openssl):"
- # Disable PATH reset, trust what portage gives us #254615
- -e 's:^PATH=/:#PATH=/:'
- # Disable fortify flags ... our gcc does this for us
- -e 's:-D_FORTIFY_SOURCE=2::'
- )
- # The -ftrapv flag ICEs on hppa #505182
- use hppa && sed_args+=(
- -e '/CFLAGS/s:-ftrapv:-fdisable-this-test:'
- -e '/OSSH_CHECK_CFLAG_LINK.*-ftrapv/d'
- )
- sed -i "${sed_args[@]}" configure{.ac,} || die
-
- epatch_user #473004
-
- # Now we can build a sane merged version.h
- (
- sed '/^#define SSH_RELEASE/d' version.h.* | sort -u
- macros=()
- for p in HPN LPK X509 ; do [ -e version.h.${p} ] && macros+=(
SSH_${p} ) ; done
- printf '#define SSH_RELEASE SSH_VERSION SSH_PORTABLE %s\n'
"${macros}"
- ) > version.h
-
- eautoreconf
-}
-
-src_configure() {
- addwrite /dev/ptmx
-
- use debug && append-cppflags -DSANDBOX_SECCOMP_FILTER_DEBUG
- use static && append-ldflags -static
-
- local myconf=(
- --with-ldflags="${LDFLAGS}"
- --disable-strip
- --with-pid-dir="${EPREFIX}"$(usex kernel_linux '' '/var')/run
- --sysconfdir="${EPREFIX}"/etc/ssh
- --libexecdir="${EPREFIX}"/usr/$(get_libdir)/misc
- --datadir="${EPREFIX}"/usr/share/openssh
- --with-privsep-path="${EPREFIX}"/var/empty
- --with-privsep-user=sshd
- $(use_with kerberos kerberos5 "${EPREFIX}"/usr)
- # We apply the ldap patch conditionally, so can't pass
--without-ldap
- # unconditionally else we get unknown flag warnings.
- $(use ldap && use_with ldap)
- $(use_with ldns)
- $(use_with libedit)
- $(use_with pam)
- $(use_with pie)
- $(use_with sctp)
- $(use_with selinux)
- $(use_with skey)
- $(use_with ssh1)
- # The X509 patch deletes this option entirely.
- $(use X509 || use_with ssl openssl)
- $(use_with ssl md5-passwords)
- $(use_with ssl ssl-engine)
- )
-
- # The seccomp sandbox is broken on x32, so use the older method for
now. #553748
- use amd64 && [[ ${ABI} == "x32" ]] && myconf+=( --with-sandbox=rlimit )
-
- # Special settings for Gentoo/FreeBSD 9.0 or later (see bug #391011)
- if use elibc_FreeBSD && version_is_at_least 9.0 "$(uname -r|sed
's/\(.\..\).*/\1/')" ; then
- myconf+=( --disable-utmp --disable-wtmp --disable-wtmpx )
- append-ldflags -lutil
- fi
-
- econf "${myconf[@]}"
-}
-
-src_install() {
- emake install-nokeys DESTDIR="${D}"
- fperms 600 /etc/ssh/sshd_config
- dobin contrib/ssh-copy-id
- newinitd "${FILESDIR}"/sshd.rc6.4 sshd
- newconfd "${FILESDIR}"/sshd.confd sshd
- keepdir /var/empty
-
- newpamd "${FILESDIR}"/sshd.pam_include.2 sshd
- if use pam ; then
- sed -i \
- -e "/^#UsePAM /s:.*:UsePAM yes:" \
- -e "/^#PasswordAuthentication
/s:.*:PasswordAuthentication no:" \
- -e "/^#PrintMotd /s:.*:PrintMotd no:" \
- -e "/^#PrintLastLog /s:.*:PrintLastLog no:" \
- "${ED}"/etc/ssh/sshd_config || die
- fi
-
- # Gentoo tweaks to default config files
- cat <<-EOF >> "${ED}"/etc/ssh/sshd_config
-
- # Allow client to pass locale environment variables #367017
- AcceptEnv LANG LC_*
- EOF
- cat <<-EOF >> "${ED}"/etc/ssh/ssh_config
-
- # Send locale environment variables #367017
- SendEnv LANG LC_*
- EOF
-
- if ! use X509 && [[ -n ${LDAP_PATCH} ]] && use ldap ; then
- insinto /etc/openldap/schema/
- newins openssh-lpk_openldap.schema openssh-lpk.schema
- fi
-
- doman contrib/ssh-copy-id.1
- dodoc ChangeLog CREDITS OVERVIEW README* TODO sshd_config
-
- diropts -m 0700
- dodir /etc/skel/.ssh
-
- systemd_dounit "${FILESDIR}"/sshd.{service,socket}
- systemd_newunit "${FILESDIR}"/sshd_at.service 'sshd@.service'
-}
-
-src_test() {
- local t tests skipped failed passed shell
- tests="interop-tests compat-tests"
- skipped=""
- shell=$(egetshell ${UID})
- if [[ ${shell} == */nologin ]] || [[ ${shell} == */false ]] ; then
- elog "Running the full OpenSSH testsuite"
- elog "requires a usable shell for the 'portage'"
- elog "user, so we will run a subset only."
- skipped="${skipped} tests"
- else
- tests="${tests} tests"
- fi
- # It will also attempt to write to the homedir .ssh
- local sshhome=${T}/homedir
- mkdir -p "${sshhome}"/.ssh
- for t in ${tests} ; do
- # Some tests read from stdin ...
- HOMEDIR="${sshhome}" \
- emake -k -j1 ${t} </dev/null \
- && passed="${passed}${t} " \
- || failed="${failed}${t} "
- done
- einfo "Passed tests: ${passed}"
- ewarn "Skipped tests: ${skipped}"
- if [[ -n ${failed} ]] ; then
- ewarn "Failed tests: ${failed}"
- die "Some tests failed: ${failed}"
- else
- einfo "Failed tests: ${failed}"
- return 0
- fi
-}
-
-pkg_preinst() {
- enewgroup sshd 22
- enewuser sshd 22 -1 /var/empty sshd
-}
-
-pkg_postinst() {
- if has_version "<${CATEGORY}/${PN}-5.8_p1" ; then
- elog "Starting with openssh-5.8p1, the server will default to a
newer key"
- elog "algorithm (ECDSA). You are encouraged to manually update
your stored"
- elog "keys list as servers update theirs. See ssh-keyscan(1)
for more info."
- fi
- if has_version "<${CATEGORY}/${PN}-6.9_p1" ; then
- elog "Starting with openssh-6.9p1, ssh1 support is disabled by
default."
- fi
- if has_version "<${CATEGORY}/${PN}-7.0_p1" ; then
- elog "Starting with openssh-6.7, support for USE=tcpd has been
dropped by upstream."
- elog "Make sure to update any configs that you might have.
Note that xinetd might"
- elog "be an alternative for you as it supports USE=tcpd."
- fi
- if has_version "<${CATEGORY}/${PN}-7.1_p1" ; then #557388
- elog "Starting with openssh-7.0, support for ssh-dss keys were
disabled due to their"
- elog "weak sizes. If you rely on these key types, you can
re-enable the key types by"
- elog "adding to your sshd_config or ~/.ssh/config files:"
- elog " PubkeyAcceptedKeyTypes=+ssh-dss"
- elog "You should however generate new keys using rsa or
ed25519."
- fi
- if ! use ssl && has_version "${CATEGORY}/${PN}[ssl]" ; then
- elog "Be aware that by disabling openssl support in openssh,
the server and clients"
- elog "no longer support dss/rsa/ecdsa keys. You will need to
generate ed25519 keys"
- elog "and update all clients/servers that utilize them."
- fi
-}
diff --git a/net-misc/openssh/openssh-7.1_p1.ebuild
b/net-misc/openssh/openssh-7.1_p1.ebuild
deleted file mode 100644
index 895dc7f..0000000
--- a/net-misc/openssh/openssh-7.1_p1.ebuild
+++ /dev/null
@@ -1,325 +0,0 @@
-# Copyright 1999-2015 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Id$
-
-EAPI="4"
-inherit eutils user flag-o-matic multilib autotools pam systemd versionator
-
-# Make it more portable between straight releases
-# and _p? releases.
-PARCH=${P/_}
-
-HPN_PATCH="${PN}-7.0p1-hpnssh14v5.tar.xz"
-LDAP_PATCH="${PN}-lpk-6.8p1-0.3.14.patch.xz"
-X509_VER="8.6" X509_PATCH="${PN}-${PV//_/}+x509-${X509_VER}.diff.gz"
-
-DESCRIPTION="Port of OpenBSD's free SSH release"
-HOMEPAGE="http://www.openssh.org/";
-SRC_URI="mirror://openbsd/OpenSSH/portable/${PARCH}.tar.gz
- mirror://gentoo/${PN}-6.8_p1-sctp.patch.xz
- ${HPN_PATCH:+hpn? (
- mirror://gentoo/${HPN_PATCH}
- https://dev.gentoo.org/~polynomial-c/${HPN_PATCH}
- mirror://sourceforge/hpnssh/${HPN_PATCH}
- )}
- ${LDAP_PATCH:+ldap? ( mirror://gentoo/${LDAP_PATCH} )}
- ${X509_PATCH:+X509? (
http://roumenpetrov.info/openssh/x509-${X509_VER}/${X509_PATCH} )}
- "
-
-LICENSE="BSD GPL-2"
-SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390
~sh ~sparc ~x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~arm-linux ~x86-linux"
-# Probably want to drop ssl defaulting to on in a future version.
-IUSE="bindist debug ${HPN_PATCH:++}hpn kerberos kernel_linux ldap ldns libedit
pam +pie sctp selinux skey ssh1 +ssl static X X509"
-REQUIRED_USE="ldns? ( ssl )
- pie? ( !static )
- ssh1? ( ssl )
- static? ( !kerberos !pam )
- X509? ( !ldap ssl )"
-
-LIB_DEPEND="
- ldns? (
- net-libs/ldns[static-libs(+)]
- !bindist? ( net-libs/ldns[ecdsa,ssl] )
- bindist? ( net-libs/ldns[-ecdsa,ssl] )
- )
- libedit? ( dev-libs/libedit[static-libs(+)] )
- sctp? ( net-misc/lksctp-tools[static-libs(+)] )
- selinux? ( >=sys-libs/libselinux-1.28[static-libs(+)] )
- skey? ( >=sys-auth/skey-1.1.5-r1[static-libs(+)] )
- ssl? (
- >=dev-libs/openssl-0.9.8f:0[bindist=]
- dev-libs/openssl:0[static-libs(+)]
- )
- >=sys-libs/zlib-1.2.3[static-libs(+)]"
-RDEPEND="
- !static? ( ${LIB_DEPEND//\[static-libs(+)]} )
- pam? ( virtual/pam )
- kerberos? ( virtual/krb5 )
- ldap? ( net-nds/openldap )"
-DEPEND="${RDEPEND}
- static? ( ${LIB_DEPEND} )
- virtual/pkgconfig
- virtual/os-headers
- sys-devel/autoconf"
-RDEPEND="${RDEPEND}
- pam? ( >=sys-auth/pambase-20081028 )
- userland_GNU? ( virtual/shadow )
- X? ( x11-apps/xauth )"
-
-S=${WORKDIR}/${PARCH}
-
-pkg_setup() {
- # this sucks, but i'd rather have people unable to `emerge -u openssh`
- # than not be able to log in to their server any more
- maybe_fail() { [[ -z ${!2} ]] && echo "$1" ; }
- local fail="
- $(use X509 && maybe_fail X509 X509_PATCH)
- $(use ldap && maybe_fail ldap LDAP_PATCH)
- $(use hpn && maybe_fail hpn HPN_PATCH)
- "
- fail=$(echo ${fail})
- if [[ -n ${fail} ]] ; then
- eerror "Sorry, but this version does not yet support features"
- eerror "that you requested: ${fail}"
- eerror "Please mask ${PF} for now and check back later:"
- eerror " # echo '=${CATEGORY}/${PF}' >>
/etc/portage/package.mask"
- die "booooo"
- fi
-
- # Make sure people who are using tcp wrappers are notified of its
removal. #531156
- if grep -qs '^ *sshd *:' "${EROOT}"/etc/hosts.{allow,deny} ; then
- ewarn "Sorry, but openssh no longer supports tcp-wrappers, and
it seems like"
- ewarn "you're trying to use it. Update your
${EROOT}etc/hosts.{allow,deny} please."
- fi
-}
-
-save_version() {
- # version.h patch conflict avoidence
- mv version.h version.h.$1
- cp -f version.h.pristine version.h
-}
-
-src_prepare() {
- sed -i \
- -e
"/_PATH_XAUTH/s:/usr/X11R6/bin/xauth:${EPREFIX}/usr/bin/xauth:" \
- pathnames.h || die
- # keep this as we need it to avoid the conflict between LPK and HPN
changing
- # this file.
- cp version.h version.h.pristine
-
- # don't break .ssh/authorized_keys2 for fun
- sed -i '/^AuthorizedKeysFile/s:^:#:' sshd_config || die
-
- if use X509 ; then
- pushd .. >/dev/null
- pushd ${HPN_PATCH%.*.*} >/dev/null
- epatch "${FILESDIR}"/${PN}-7.1_p1-hpn-x509-glue.patch
- popd >/dev/null
- epatch "${FILESDIR}"/${PN}-7.0_p1-sctp-x509-glue.patch
- popd >/dev/null
- epatch "${WORKDIR}"/${X509_PATCH%.*}
- epatch "${FILESDIR}"/${PN}-6.3_p1-x509-hpn14v2-glue.patch
- epatch "${FILESDIR}"/${PN}-6.9_p1-x509-warnings.patch
- save_version X509
- fi
- if use ldap ; then
- epatch "${WORKDIR}"/${LDAP_PATCH%.*}
- save_version LPK
- fi
- epatch "${FILESDIR}"/${PN}-4.7_p1-GSSAPI-dns.patch #165444 integrated
into gsskex
- epatch "${FILESDIR}"/${PN}-6.7_p1-openssl-ignore-status.patch
- # The X509 patchset fixes this independently.
- use X509 || epatch "${FILESDIR}"/${PN}-6.8_p1-ssl-engine-configure.patch
- epatch "${WORKDIR}"/${PN}-6.8_p1-sctp.patch
- if use hpn ; then
- EPATCH_FORCE="yes" EPATCH_SUFFIX="patch" \
- EPATCH_MULTI_MSG="Applying HPN patchset ..." \
- epatch "${WORKDIR}"/${HPN_PATCH%.*.*}
- save_version HPN
- fi
-
- tc-export PKG_CONFIG
- local sed_args=(
- -e "s:-lcrypto:$(${PKG_CONFIG} --libs openssl):"
- # Disable PATH reset, trust what portage gives us #254615
- -e 's:^PATH=/:#PATH=/:'
- # Disable fortify flags ... our gcc does this for us
- -e 's:-D_FORTIFY_SOURCE=2::'
- )
- # The -ftrapv flag ICEs on hppa #505182
- use hppa && sed_args+=(
- -e '/CFLAGS/s:-ftrapv:-fdisable-this-test:'
- -e '/OSSH_CHECK_CFLAG_LINK.*-ftrapv/d'
- )
- sed -i "${sed_args[@]}" configure{.ac,} || die
-
- epatch_user #473004
-
- # Now we can build a sane merged version.h
- (
- sed '/^#define SSH_RELEASE/d' version.h.* | sort -u
- macros=()
- for p in HPN LPK X509 ; do [ -e version.h.${p} ] && macros+=(
SSH_${p} ) ; done
- printf '#define SSH_RELEASE SSH_VERSION SSH_PORTABLE %s\n'
"${macros}"
- ) > version.h
-
- eautoreconf
-}
-
-src_configure() {
- addwrite /dev/ptmx
-
- use debug && append-cppflags -DSANDBOX_SECCOMP_FILTER_DEBUG
- use static && append-ldflags -static
-
- local myconf=(
- --with-ldflags="${LDFLAGS}"
- --disable-strip
- --with-pid-dir="${EPREFIX}"$(usex kernel_linux '' '/var')/run
- --sysconfdir="${EPREFIX}"/etc/ssh
- --libexecdir="${EPREFIX}"/usr/$(get_libdir)/misc
- --datadir="${EPREFIX}"/usr/share/openssh
- --with-privsep-path="${EPREFIX}"/var/empty
- --with-privsep-user=sshd
- $(use_with kerberos kerberos5 "${EPREFIX}"/usr)
- # We apply the ldap patch conditionally, so can't pass
--without-ldap
- # unconditionally else we get unknown flag warnings.
- $(use ldap && use_with ldap)
- $(use_with ldns)
- $(use_with libedit)
- $(use_with pam)
- $(use_with pie)
- $(use_with sctp)
- $(use_with selinux)
- $(use_with skey)
- $(use_with ssh1)
- # The X509 patch deletes this option entirely.
- $(use X509 || use_with ssl openssl)
- $(use_with ssl md5-passwords)
- $(use_with ssl ssl-engine)
- )
-
- # The seccomp sandbox is broken on x32, so use the older method for
now. #553748
- use amd64 && [[ ${ABI} == "x32" ]] && myconf+=( --with-sandbox=rlimit )
-
- # Special settings for Gentoo/FreeBSD 9.0 or later (see bug #391011)
- if use elibc_FreeBSD && version_is_at_least 9.0 "$(uname -r|sed
's/\(.\..\).*/\1/')" ; then
- myconf+=( --disable-utmp --disable-wtmp --disable-wtmpx )
- append-ldflags -lutil
- fi
-
- econf "${myconf[@]}"
-}
-
-src_install() {
- emake install-nokeys DESTDIR="${D}"
- fperms 600 /etc/ssh/sshd_config
- dobin contrib/ssh-copy-id
- newinitd "${FILESDIR}"/sshd.rc6.4 sshd
- newconfd "${FILESDIR}"/sshd.confd sshd
- keepdir /var/empty
-
- newpamd "${FILESDIR}"/sshd.pam_include.2 sshd
- if use pam ; then
- sed -i \
- -e "/^#UsePAM /s:.*:UsePAM yes:" \
- -e "/^#PasswordAuthentication
/s:.*:PasswordAuthentication no:" \
- -e "/^#PrintMotd /s:.*:PrintMotd no:" \
- -e "/^#PrintLastLog /s:.*:PrintLastLog no:" \
- "${ED}"/etc/ssh/sshd_config || die
- fi
-
- # Gentoo tweaks to default config files
- cat <<-EOF >> "${ED}"/etc/ssh/sshd_config
-
- # Allow client to pass locale environment variables #367017
- AcceptEnv LANG LC_*
- EOF
- cat <<-EOF >> "${ED}"/etc/ssh/ssh_config
-
- # Send locale environment variables #367017
- SendEnv LANG LC_*
- EOF
-
- if ! use X509 && [[ -n ${LDAP_PATCH} ]] && use ldap ; then
- insinto /etc/openldap/schema/
- newins openssh-lpk_openldap.schema openssh-lpk.schema
- fi
-
- doman contrib/ssh-copy-id.1
- dodoc ChangeLog CREDITS OVERVIEW README* TODO sshd_config
-
- diropts -m 0700
- dodir /etc/skel/.ssh
-
- systemd_dounit "${FILESDIR}"/sshd.{service,socket}
- systemd_newunit "${FILESDIR}"/sshd_at.service 'sshd@.service'
-}
-
-src_test() {
- local t tests skipped failed passed shell
- tests="interop-tests compat-tests"
- skipped=""
- shell=$(egetshell ${UID})
- if [[ ${shell} == */nologin ]] || [[ ${shell} == */false ]] ; then
- elog "Running the full OpenSSH testsuite"
- elog "requires a usable shell for the 'portage'"
- elog "user, so we will run a subset only."
- skipped="${skipped} tests"
- else
- tests="${tests} tests"
- fi
- # It will also attempt to write to the homedir .ssh
- local sshhome=${T}/homedir
- mkdir -p "${sshhome}"/.ssh
- for t in ${tests} ; do
- # Some tests read from stdin ...
- HOMEDIR="${sshhome}" \
- emake -k -j1 ${t} </dev/null \
- && passed="${passed}${t} " \
- || failed="${failed}${t} "
- done
- einfo "Passed tests: ${passed}"
- ewarn "Skipped tests: ${skipped}"
- if [[ -n ${failed} ]] ; then
- ewarn "Failed tests: ${failed}"
- die "Some tests failed: ${failed}"
- else
- einfo "Failed tests: ${failed}"
- return 0
- fi
-}
-
-pkg_preinst() {
- enewgroup sshd 22
- enewuser sshd 22 -1 /var/empty sshd
-}
-
-pkg_postinst() {
- if has_version "<${CATEGORY}/${PN}-5.8_p1" ; then
- elog "Starting with openssh-5.8p1, the server will default to a
newer key"
- elog "algorithm (ECDSA). You are encouraged to manually update
your stored"
- elog "keys list as servers update theirs. See ssh-keyscan(1)
for more info."
- fi
- if has_version "<${CATEGORY}/${PN}-6.9_p1" ; then
- elog "Starting with openssh-6.9p1, ssh1 support is disabled by
default."
- fi
- if has_version "<${CATEGORY}/${PN}-7.0_p1" ; then
- elog "Starting with openssh-6.7, support for USE=tcpd has been
dropped by upstream."
- elog "Make sure to update any configs that you might have.
Note that xinetd might"
- elog "be an alternative for you as it supports USE=tcpd."
- fi
- if has_version "<${CATEGORY}/${PN}-7.1_p1" ; then #557388
- elog "Starting with openssh-7.0, support for ssh-dss keys were
disabled due to their"
- elog "weak sizes. If you rely on these key types, you can
re-enable the key types by"
- elog "adding to your sshd_config:"
- elog " PubkeyAcceptedKeyTypes=+ssh-dss"
- elog "You should however generate new keys using rsa or
ed25519."
- fi
- if ! use ssl && has_version "${CATEGORY}/${PN}[ssl]" ; then
- elog "Be aware that by disabling openssl support in openssh,
the server and clients"
- elog "no longer support dss/rsa/ecdsa keys. You will need to
generate ed25519 keys"
- elog "and update all clients/servers that utilize them."
- fi
-}
