commit: 1bcc59a0043c07b7aeaf3bfb3b40503fa55d4a9b Author: Haelwenn (lanodan) Monnier <contact <AT> hacktivis <DOT> me> AuthorDate: Thu Jan 4 01:57:46 2024 +0000 Commit: Yixun Lan <dlan <AT> gentoo <DOT> org> CommitDate: Sun Jan 7 00:34:33 2024 +0000 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=1bcc59a0
net-misc/tinyssh: add 20240101 Adds kex-strict-s-v00 <AT> openssh.com support, required to mitigate CVE-2023-48795 aka Terrapin. Links: https://github.com/advisories/GHSA-45x7-px36-x8w8 Signed-off-by: Haelwenn (lanodan) Monnier <contact <AT> hacktivis.me> Signed-off-by: Yixun Lan <dlan <AT> gentoo.org> net-misc/tinyssh/Manifest | 1 + net-misc/tinyssh/tinyssh-20240101.ebuild | 73 ++++++++++++++++++++++++++++++++ 2 files changed, 74 insertions(+) diff --git a/net-misc/tinyssh/Manifest b/net-misc/tinyssh/Manifest index 4b4495c26cdb..5d54a5ceaa82 100644 --- a/net-misc/tinyssh/Manifest +++ b/net-misc/tinyssh/Manifest @@ -1 +1,2 @@ DIST tinyssh-20230101.tar.gz 249091 BLAKE2B 5efb6eab07c136763ab27588661618763d2ca174dce4b0f4b5fd5dcca56044f8361342de780931070cff8efe43f6efa68eaf912e9ae38febfcff733f79e23018 SHA512 6beaf266058a89a78c710abd1a02feff0641a93d0d92aa07a1ad1ba3f6b3344bc312bb5a4cd5c06c6dcc83d25e48a801f9cfcfbb3de0f73904f36d32d4430482 +DIST tinyssh-20240101.tar.gz 249848 BLAKE2B 228547c6f4acae3b77a338df1ced3a49e0b4c72257ce081b3b50941c29c5a39a0b1623f6aefce2721b9dde9fae03cb8c1c87b6b019658d578ddcca99e0a021f5 SHA512 b48561cfc11bb6d2e9b1c805c9dfc36be5f1bbbf04a455b8db3f02b5b8df15e420fcd93d58fb23526baaf0fd70e9969deca261152a656015f12a433a61092e90 diff --git a/net-misc/tinyssh/tinyssh-20240101.ebuild b/net-misc/tinyssh/tinyssh-20240101.ebuild new file mode 100644 index 000000000000..5164323fe0c6 --- /dev/null +++ b/net-misc/tinyssh/tinyssh-20240101.ebuild @@ -0,0 +1,73 @@ +# Copyright 1999-2024 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=7 + +inherit systemd toolchain-funcs + +DESCRIPTION="A small SSH server with state-of-the-art cryptography" +HOMEPAGE="https://tinyssh.org" +if [[ "${PV}" == "99999999" ]]; then + inherit git-r3 + EGIT_REPO_URI="https://github.com/janmojzis/tinyssh.git" +else + SRC_URI="https://github.com/janmojzis/${PN}/archive/${PV}.tar.gz -> ${P}.tar.gz" + KEYWORDS="~amd64 ~x86" +fi + +LICENSE="CC0-1.0" +SLOT="0" + +IUSE="+sodium" + +DEPEND=" + sodium? ( dev-libs/libsodium:= ) +" +RDEPEND=" + ${DEPEND} + sys-apps/ucspi-tcp +" + +src_prepare() { + # Leave optimization level to user CFLAGS + sed -i 's/-Os -fomit-frame-pointer -funroll-loops//g' ./conf-cc || die + + # Use make-tinysshcc.sh script, which has no tests and doesn't execute + # binaries. See https://github.com/janmojzis/tinyssh/issues/2 + sed -i 's/make-tinyssh\.sh/make-tinysshcc.sh/g' ./Makefile || die + + default +} + +src_compile() { + tc-export PKG_CONFIG + + if use sodium + then + emake \ + CC="$(tc-getCC)" \ + LIBS="$("${PKG_CONFIG}" --libs libsodium)" \ + CFLAGS="${CFLAGS} $("${PKG_CONFIG}" --cflags libsodium)" \ + LDFLAGS="${LDFLAGS}" + else + emake CC="$(tc-getCC)" + fi +} + +src_install() { + dosbin build/bin/tinysshd{,-makekey} + dobin build/bin/tinysshd-printkey + doman man/* + + newinitd "${FILESDIR}/${PN}.initd" "${PN}" + newconfd "${FILESDIR}/${PN}.confd" "${PN}" + + systemd_newunit "${FILESDIR}/${PN}.service" "${PN}@.service" + systemd_newunit "${FILESDIR}/${PN}.socket" "${PN}@.socket" + systemd_dounit "${FILESDIR}/${PN}-makekey.service" +} + +pkg_postinst() { + einfo "TinySSH is in beta stage, and ready for production use." + einfo "See https://tinyssh.org for more information." +}