gentoo auto-resync : 24:10:2024 - 04:04:24

4 files changed, 266 insertions, 2 deletions

diff --git a/net-misc/dropbear/Manifest b/net-misc/dropbear/Manifest
index 835a93993064..5579558081ca 100644
--- a/net-misc/dropbear/Manifest
+++ b/net-misc/dropbear/Manifest
@@ -7,13 +7,17 @@ AUX dropbear-2024.84-non-interactive-tests-no-syslog.patch 294 BLAKE2B 66658bb83
 AUX dropbear-2024.84-non-interactive-tests.patch 300 BLAKE2B 5055d8abee9234cd9a5325bc6fcd4cea2794a8ebe7660afb30727ca893f8caedf3c73e8d0f9a90f0348d58f6569e0f68d18887c2f6b2ab5b3fcde9566c47f16d SHA512 68949b92339e2421e518595aada28ca4c7eec8f7734087e4753da4f7794a038f1fceae61b505ee8f7ac22890ef0ffebac8b773c7e53a5704d584a89670886127
 AUX dropbear-2024.84-test-bg-sleep.patch 530 BLAKE2B 96836fae965d463eab7fba7f5cf3a358e7fac0281739f9911441d5afdb986495caa0ebb7f6e05978fa1740ae6aa6a009f674e8c071718a64e4cb305b4532ddba SHA512 b5758b3f21b1ddf127d2d95363708c67bbe2b584850c7b693a825093222046ffb6682b700a2ef71245d28d147d1ee4fe6dbc96a0e8132aa85fcbc4229d54db4b
 AUX dropbear-2024.84-tests.patch 2296 BLAKE2B c00997667892049c14e877f503843628f9074bb7b99488eb4b6ce98b9b42d20cde375a8158c8a25104c04a6e6404cc0053491780d7c933ad69987ac380647c7b SHA512 1ff5b8dd16fc7f6918b7413bd1b1881d254a0c79340658eef2cd3ab32d95c6a8869cc12d156de54dc9834ebc021c845a90f7a5b19914d21de7c88598f6b72877
+AUX dropbear-2024.86-tests.patch 2438 BLAKE2B 70a1d1067255d38ec13920998310638a237dcc6cdb8af56f91439b327d687dee039cde626d6f3a17a676d8f700aed5e4c4a9294dbac4cb2d146e684574b05a29 SHA512 2d6e3b4aa78ce8fbcdbb74adc83d87f81ffb1d1bcce5fe12c9a4b3115f7ede3095823c59f6b5bac0fa7f393d8482a85c14012038bab02831bdbaa8191e077303
 AUX dropbear.conf.d 190 BLAKE2B b89e59ae84f23f00162d78cb900e4fef05fe01123a6ee7533ed3d39625f43580012591b2cf8dcc9ea5f093a64d3ed81fa590c44389bacb369b9123929ca2bb69 SHA512 83f2c1eaf7687917a4b2bae7d599d4378c4bd64f9126ba42fc5d235f2b3c9a474d1b3168d70ed64bb4101cc251d30bc9ae20604da9b5d819fcd635ee4d0ebb0f
 AUX dropbear.init.d 735 BLAKE2B e3d3c388033934da2e8ea684b9f380cb92147ae359434fd9a03523f683ab553a50dbb8cb879f4bdd12d59b40ddc8d8bede19be7fe9904298a1e273a14a4603ca SHA512 5b8dd52125360967c43d0a3a4ae8748eb33be2fe23b4d54d81cddfb0ef7e6a78b011e3028f41adab7706f83a292bbc8f07711a02c29e6a89488db72aa3ff259d
 DIST dropbear-2022.83.tar.bz2 2322904 BLAKE2B 4e26667458fb068a8c997b44dfd3c4f15146f051713a3ea90980db04c6345174d34214269665d74c863c1c1947d6837034aa4c264101b11971c8a3e97f491393 SHA512 c63afa615d64b0c8c5e739c758eb8ae277ecc36a4223b766bf562702de69910904cbc3ea98d22989df478ae419e1f81057fe1ee09616c80cb859f58f44175422
 DIST dropbear-2022.83.tar.bz2.asc 833 BLAKE2B 7dfcf13804738aed3136c264412f8c2f96cd3ff71482815af736346c9441c8f00adef26f4e8f89082cbbb4033249501adbc545c08f678e1cac4afc88a8fc9ed0 SHA512 e5cbd01dcbaeabb04dc473bd11933a422fda03ceb5bc02fb5c99abafd0841e3ac1f436cc1798500b33fbbc81923fa03c2a28c971fa26794ed5888d496fb7e2ad
 DIST dropbear-2024.85.tar.bz2 2304594 BLAKE2B 631b71733437a256267057a1c4846afa4d520fa9e29d9c14dfa7df09109c30cc2d649ada990a15c615567f7a1d6ff02340799216b7fa41327d72cb43dd9096e0 SHA512 09619e9874172658b7fc284823e0a619b6a4346a5db41487d1628768b46c1f8eac962bfd8ef73e2a59e466fc4022395f7a194b4309195c954b0d7e0d13254f67
 DIST dropbear-2024.85.tar.bz2.asc 833 BLAKE2B 1d0cc37fb1c528c6f7f6e064d3ec3d7c63617b568d8889592ca162171a325a46e84a23f24c16069b5396c806b2270434552833138ba95c7f34c8b5e6e425fcc7 SHA512 d2ad10b60f53d8d598a7a57337fe890c26c60bea115fb919f6135a01fe3f8f7e5863b0a7ed6c7eacbd5a3b810169b600c0004251a8d748d4b40584933c2c7383
+DIST dropbear-2024.86.tar.bz2 2306244 BLAKE2B 988e2cc03c123685c93ab8b1148b1844cecc78aa12ad00d48f737e74fdae24f8c0397b91dc343b7fb996ffcf986804f32ffd1b886edf13d158b6f914545c883a SHA512 6be3d2efd79e49e1f9fe13654c26b9c14d1504c9543720e59600f6d689aafae7365b4a0bbfa309f7bf692995672adbbd9e660b2c907ea3d68d9f71023d05f54e
+DIST dropbear-2024.86.tar.bz2.asc 833 BLAKE2B 5fc35fb4135f099c2204972d3fc365b01b2622eeadf4cf6093496176e5a4010c1fbe36056036fe370e1a1ffb05d86293e212d935a3b4c5d8b0005eae09423edc SHA512 b7dbae281b21d5d1dfbb311f6a94a2c1acd3ab44a3293baffa885194d24721ec8067e907b414ebc0b5d77bb32c511fcd5c31008b6622b946e8d253621012836f
 EBUILD dropbear-2022.83-r1.ebuild 4433 BLAKE2B 6cd0edb8789dcabbfaaed58db535ee6bca645ea687eb2e2d5f15d0fd16b370cdd1075d99960315492182065219b11823101db489233b8ea26392f0c4e9e41776 SHA512 61ab7e9ea1856586e8e15e4089be296a2d2730fe236ea3d07ddf2652ec3cf123d07ec782d0d7bb51e96ef537c09b4421f83a6ef04fa5253e4536740aa66f3854
 EBUILD dropbear-2024.85-r1.ebuild 5062 BLAKE2B d6c63a168ef0e040794cca2cdbc4b77ad386bf34f3c6d3073d5d7fd30ebec8af213f709958e0832fc626e2c18bd38f5fcf1bca4b7573ffe28fa2c79555720af5 SHA512 033e4d740310b0ab6efd00ab1df08239058b613f31843aa679015755c25c75c8dfa248efe46ced583eb52fbe6f9c9d817936a9f4cbfb2f4de4e1ad6cfbd49ab3
-EBUILD dropbear-2024.85-r2.ebuild 5408 BLAKE2B 3eedb9e3f8b436fc7d132d263f4aa7e92466c8b7a4899b4ef7fb045bda7819306ec3284399336d71daccf9b5f11884bb24849d45a2660ad0c165ec5dab4202c1 SHA512 100994259d94fc1d47a514aa475988aabb45a2a528daa7684e4b044ff1b7b16baf57d60443f74c063e51d57cdc6687fe3c847593f42a80a534d11dade7529c49
+EBUILD dropbear-2024.85-r2.ebuild 5406 BLAKE2B a818f64c8f8cef6e88634b7bfcd32a044941cc75e096f1f59a6dcdb0ba84ce1b789f847413dcb18ad07f2a48d93ec876c488e1a9a25bbfeffb01bfed27608cb7 SHA512 be7e426b3b49a1d8af7a81212564caff0390beb9a30e056cfd12931808ec4f66b72d3377e4970f7e7a2673f26ba8cfa3ae5ff8e020323dd6fe79325bf3c66054
+EBUILD dropbear-2024.86.ebuild 5558 BLAKE2B bab3a449dbdecc68138de6e0c40e0b1b4becdcfd9a805ce9cd2fcc42aef8970afb282147480b58f9eb11156dbfe09be02de7563238c2c53bd7ce52644145cd00 SHA512 b3a560c5f3d5edf7c63739940e058e9da37df3e5509bd38f0cc59977688b8007bed87773fa61d1fb27a90849ab27a46a6f7e0f9371b2776e4f6c4fa208fc3693
 MISC metadata.xml 1866 BLAKE2B 820902b27de934f6d7f0edc5d9f8c7bccf5c5f51d0e81ebd13fb53d6ba9e385c924d4fd0a191096fb191c253800227ff6b30f7bd44edfb532307e7076f39df8f SHA512 8e073a34877f230207ef391084b99014db9482aec680a1b292ac95e3bade426ecf362092337b7fcb19091f273085a06ae81cfd7d5e69a46a28067ae68f615cd4
diff --git a/net-misc/dropbear/dropbear-2024.85-r2.ebuild b/net-misc/dropbear/dropbear-2024.85-r2.ebuild
index 609bbb453aa4..e5e747699863 100644
--- a/net-misc/dropbear/dropbear-2024.85-r2.ebuild
+++ b/net-misc/dropbear/dropbear-2024.85-r2.ebuild
@@ -18,7 +18,7 @@ SRC_URI+=" verify-sig? (
 
 LICENSE="MIT GPL-2" # (init script is GPL-2 #426056)
 SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~m68k ~mips ~ppc ~ppc64 ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~x64-macos"
+KEYWORDS="~alpha amd64 ~arm ~arm64 ~hppa ~m68k ~mips ~ppc ~ppc64 ~s390 ~sparc x86 ~amd64-linux ~x86-linux ~x64-macos"
 IUSE="bsdpty minimal multicall pam +shadow static +syslog test zlib"
 RESTRICT="!test? ( test )"
 
diff --git a/net-misc/dropbear/dropbear-2024.86.ebuild b/net-misc/dropbear/dropbear-2024.86.ebuild
new file mode 100644
index 000000000000..7e1d6f159e8b
--- /dev/null
+++ b/net-misc/dropbear/dropbear-2024.86.ebuild
@@ -0,0 +1,201 @@
+# Copyright 1999-2024 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+PYTHON_COMPAT=( python3_{10..13} )
+VERIFY_SIG_OPENPGP_KEY_PATH=/usr/share/openpgp-keys/dropbear.asc
+inherit pam python-any-r1 savedconfig verify-sig
+
+DESCRIPTION="Small SSH 2 client/server designed for small memory environments"
+HOMEPAGE="https://matt.ucc.asn.au/dropbear/dropbear.html"
+SRC_URI="https://matt.ucc.asn.au/dropbear/releases/${P}.tar.bz2
+	https://matt.ucc.asn.au/dropbear/testing/${P}.tar.bz2"
+SRC_URI+=" verify-sig? (
+		https://matt.ucc.asn.au/dropbear/releases/${P}.tar.bz2.asc
+		https://matt.ucc.asn.au/dropbear/testing/${P}.tar.bz2.asc
+	)"
+
+LICENSE="MIT GPL-2" # (init script is GPL-2 #426056)
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~m68k ~mips ~ppc ~ppc64 ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~x64-macos"
+IUSE="bsdpty minimal multicall pam +shadow static +syslog test zlib"
+RESTRICT="!test? ( test )"
+
+LIB_DEPEND="
+	virtual/libcrypt[static-libs(+)]
+	zlib? ( sys-libs/zlib[static-libs(+)] )
+"
+RDEPEND="
+	acct-group/sshd
+	acct-user/sshd
+	!static? (
+		>=dev-libs/libtomcrypt-1.18.2-r2[libtommath]
+		>=dev-libs/libtommath-1.2.0
+		${LIB_DEPEND//\[static-libs(+)]}
+	)
+	pam? ( sys-libs/pam )
+"
+DEPEND="
+	${RDEPEND}
+	static? ( ${LIB_DEPEND} )
+"
+RDEPEND+=" pam? ( >=sys-auth/pambase-20080219.1 )"
+BDEPEND="
+	test? (
+		sys-libs/nss_wrapper
+		$(python_gen_any_dep '
+			dev-python/asyncssh[${PYTHON_USEDEP}]
+			dev-python/attrs[${PYTHON_USEDEP}]
+			dev-python/iniconfig[${PYTHON_USEDEP}]
+			dev-python/packaging[${PYTHON_USEDEP}]
+			dev-python/pluggy[${PYTHON_USEDEP}]
+			dev-python/py[${PYTHON_USEDEP}]
+			dev-python/pyparsing[${PYTHON_USEDEP}]
+			dev-python/pytest[${PYTHON_USEDEP}]
+			dev-python/psutil[${PYTHON_USEDEP}]
+		')
+	)
+	verify-sig? ( sec-keys/openpgp-keys-dropbear )
+"
+
+REQUIRED_USE="pam? ( !static )"
+
+PATCHES=(
+	"${FILESDIR}"/${PN}-2024.84-dbscp.patch
+	"${FILESDIR}"/${PN}-2024.86-tests.patch
+	"${FILESDIR}"/${PN}-2024.84-test-bg-sleep.patch
+)
+
+set_options() {
+	progs=(
+		dropbear dbclient dropbearkey
+		$(usev !minimal "dropbearconvert scp")
+	)
+	makeopts=(
+		MULTI=$(usex multicall 1 0)
+	)
+}
+
+python_check_deps() {
+	python_has_version "dev-python/asyncssh[${PYTHON_USEDEP}]" && \
+		python_has_version "dev-python/attrs[${PYTHON_USEDEP}]" && \
+		python_has_version "dev-python/iniconfig[${PYTHON_USEDEP}]" && \
+		python_has_version "dev-python/packaging[${PYTHON_USEDEP}]" && \
+		python_has_version "dev-python/pluggy[${PYTHON_USEDEP}]" && \
+		python_has_version "dev-python/py[${PYTHON_USEDEP}]" && \
+		python_has_version "dev-python/pyparsing[${PYTHON_USEDEP}]" && \
+		python_has_version "dev-python/pytest[${PYTHON_USEDEP}]" && \
+		python_has_version "dev-python/psutil[${PYTHON_USEDEP}]"
+}
+
+pkg_setup() {
+	use test && python-any-r1_pkg_setup
+
+	if use static ; then
+		ewarn "Using bundled copies of libtommath and libtomcrypt"
+	fi
+}
+
+src_prepare() {
+	default
+
+	# dropbear does not accept -E if built w/o syslog support and fails the tests
+	if use syslog; then
+		eapply "${FILESDIR}"/${PN}-2024.84-non-interactive-tests.patch
+	else
+		eapply "${FILESDIR}"/${PN}-2024.84-non-interactive-tests-no-syslog.patch
+	fi
+
+	sed \
+		-e '/SFTPSERVER_PATH/s:".*":"/usr/lib/misc/sftp-server":' \
+		-e '/DROPBEAR_X11FWD/s:0:1:' \
+		src/default_options.h > localoptions.h || die
+	sed \
+		-e '/pam_start/s:sshd:dropbear:' \
+		-i src/svr-authpam.c || die
+	restore_config localoptions.h
+
+	use test && python_fix_shebang test/parent_dropbear_map.py
+
+	# dropbearconvert is not built with USE minimal
+	# test_concurrent needs dropbearconvert to convert the key before running
+	if use minimal; then
+		rm test/test_dropbearconvert.py test/test_concurrent.py || die
+	fi
+
+	# bsdpty requires CONFIG_LEGACY_PTYS in kernel; disable tests.
+	# bug #939601
+	if use bsdpty; then
+		rm test/test_channels.py || die
+	fi
+}
+
+src_configure() {
+	# Notes:
+	# 1) We use bundled libtom* when static build is enabled because
+	#    libtomcrypt lacks it and we don't particularly want to add it.
+	# 2) We disable the hardening flags as our compiler already enables them
+	#    by default as is appropriate for the target.
+	local myeconfargs=(
+		--disable-harden
+
+		# bug #836900
+		$(use_enable !elibc_musl lastlog)
+		$(use_enable !elibc_musl wtmp)
+
+		$(use_enable static bundled-libtom)
+		$(use_enable zlib)
+		$(use_enable pam)
+		$(use_enable !bsdpty openpty)
+		$(use_enable shadow)
+		$(use_enable static)
+		$(use_enable syslog)
+	)
+
+	econf "${myeconfargs[@]}"
+}
+
+src_compile() {
+	set_options
+	emake "${makeopts[@]}" PROGRAMS="${progs[*]}"
+
+	# need symlinks for tests
+	if use multicall && use test; then
+		local x
+		for x in "${progs[@]}" ; do
+			ln -sf dropbearmulti ${x} || die "ln -s dropbearmulti to ${x} failed"
+		done
+	fi
+}
+
+src_install() {
+	set_options
+	emake "${makeopts[@]}" PROGRAMS="${progs[*]}" DESTDIR="${D}" install
+	doman manpages/*.8
+	newinitd "${FILESDIR}"/dropbear.init.d dropbear
+	newconfd "${FILESDIR}"/dropbear.conf.d dropbear
+	dodoc CHANGES README.md SMALL.md MULTI.md
+
+	# The multi install target does not install the links right.
+	if use multicall ; then
+		pushd "${ED}"/usr/bin &> /dev/null || die
+		local x
+		for x in "${progs[@]}" ; do
+			ln -sf dropbearmulti ${x} || die "ln -s dropbearmulti to ${x} failed"
+		done
+		rm -f dropbear
+		dodir /usr/sbin
+		dosym -r /usr/bin/dropbearmulti /usr/sbin/dropbear
+		popd &> /dev/null || die
+	fi
+	save_config localoptions.h
+
+	if ! use minimal ; then
+		mv "${ED}"/usr/bin/{,db}scp || die
+	fi
+
+	if use pam; then
+		pamd_mimic system-remote-login dropbear auth account password session
+	fi
+}
diff --git a/net-misc/dropbear/files/dropbear-2024.86-tests.patch b/net-misc/dropbear/files/dropbear-2024.86-tests.patch
new file mode 100644
index 000000000000..18712d2e4f10
--- /dev/null
+++ b/net-misc/dropbear/files/dropbear-2024.86-tests.patch
@@ -0,0 +1,59 @@
+Create all the keys needed for the tests.
+Enable testing server auth.
+
+dbclient obeys $HOME, but dropbear (the server) resolves HOME using getpwnam.
+Use sys-libs/nss_wrapper to fake it during tests.
+
+--- a/test/Makefile.in
++++ b/test/Makefile.in
+@@ -4,18 +4,26 @@
+ 
+ all: test
+ 
+-test: venv/bin/pytest fakekey
+-	(source ./venv/bin/activate; pytest --hostkey=fakekey --dbclient=../dbclient --dropbear=../dropbear $(srcdir) )
++uid:=$(shell id -u)
++gid:=$(shell id -g)
++test: fakekey
++	mkdir -p ~/.ssh
++	../dropbearkey -t ecdsa -f ~/.ssh/id_dropbear
++	../dropbearkey -y -f ~/.ssh/id_dropbear | grep ^ecdsa > ~/.ssh/authorized_keys
++	# Convert to openssh format so that asyncssh can find it in tests
++	-../dropbearconvert dropbear openssh ~/.ssh/id_dropbear ~/.ssh/id_ecdsa
++	../dropbearkey -t ecdsa -f ~/.ssh/id_dropbear_key2 | grep ^ecdsa | sed 's/[^ ]*$$/key2 extra/' >> ~/.ssh/authorized_keys
++	../dropbearkey -t ecdsa -f ~/.ssh/id_dropbear_key3 | grep ^ecdsa | sed 's/[^ ]*$$/key3%char/' >> ~/.ssh/authorized_keys
++	../dropbearkey -t ecdsa -f ~/.ssh/id_dropbear_key4 | grep ^ecdsa | sed 's/[^ ]*$$/key4,char/' >> ~/.ssh/authorized_keys
++	echo "$(LOGNAME)::$(uid):$(gid):$(USER):$(HOME):/bin/bash" >> ~/passwd
++	echo "$(LOGNAME)::$(gid):" >> ~/group
++	chmod 0700 ~ ~/.ssh ~/.ssh/authorized_keys ~/passwd ~/group
++	DBTEST_IN_ACTION=y pytest --hostkey=fakekey --dbclient=../dbclient --dropbear=../dropbear $(srcdir)
+ 
+-one: venv/bin/pytest fakekey
+-	(source ./venv/bin/activate; pytest --hostkey=fakekey --dbclient=../dbclient --dropbear=../dropbear $(srcdir) -k exit)
++one: fakekey
++	pytest --hostkey=fakekey --dbclient=../dbclient --dropbear=../dropbear $(srcdir) -k exit
+ 
+ fakekey:
+ 	../dropbearkey -t ecdsa -f $@
+ 
+-venv/bin/pytest: $(srcdir)/requirements.txt
+-	python3 -m venv init venv
+-	./venv/bin/pip install --upgrade pip
+-	./venv/bin/pip install -r $(srcdir)/requirements.txt
+-
+ .PHONY: test
+--- a/test/test_dropbear.py
++++ b/test/test_dropbear.py
+@@ -27,7 +27,11 @@ def dropbear(request):
+ 		]
+ 	print("subprocess args: ", args)
+ 
+-	p = subprocess.Popen(args, stderr=subprocess.PIPE, text=True)
++	env = os.environ
++	env['LD_PRELOAD'] = 'libnss_wrapper.so'
++	env['NSS_WRAPPER_PASSWD'] = env['HOME'] + '/passwd'
++	env['NSS_WRAPPER_GROUP'] = env['HOME'] + '/group'
++	p = subprocess.Popen(args, stderr=subprocess.PIPE, text=True, env=env)
+ 	# Wait until it has started listening
+ 	for l in p.stderr:
+ 		if "Not backgrounding" in l: