summaryrefslogtreecommitdiff
path: root/net-misc/openssh-x
diff options
context:
space:
mode:
Diffstat (limited to 'net-misc/openssh-x')
-rw-r--r--net-misc/openssh-x/ChangeLog1929
-rw-r--r--net-misc/openssh-x/Manifest96
-rw-r--r--net-misc/openssh-x/files/openssh-4.7_p1-GSSAPI-dns.patch127
-rw-r--r--net-misc/openssh-x/files/openssh-5.2_p1-autoconf.patch15
-rw-r--r--net-misc/openssh-x/files/openssh-5.2_p1-gsskex-fix.patch16
-rw-r--r--net-misc/openssh-x/files/openssh-5.2_p1-x509-hpn-glue.patch91
-rw-r--r--net-misc/openssh-x/files/openssh-5.2p1-ldap-stdargs.diff10
-rw-r--r--net-misc/openssh-x/files/openssh-5.4_p1-openssl.patch12
-rw-r--r--net-misc/openssh-x/files/openssh-5.6_p1-hpn-progressmeter.patch15
-rw-r--r--net-misc/openssh-x/files/openssh-5.6_p1-x509-hpn-glue.patch60
-rw-r--r--net-misc/openssh-x/files/openssh-5.7_p1-x509-hpn-glue.patch60
-rw-r--r--net-misc/openssh-x/files/openssh-5.8_p1-selinux.patch18
-rw-r--r--net-misc/openssh-x/files/openssh-5.8_p1-x509-hpn-glue.patch61
-rw-r--r--net-misc/openssh-x/files/openssh-5.9_p1-drop-openssl-check.patch25
-rw-r--r--net-misc/openssh-x/files/openssh-5.9_p1-sshd-gssapi-multihomed.patch184
-rw-r--r--net-misc/openssh-x/files/openssh-5.9_p1-x509-glue.patch15
-rw-r--r--net-misc/openssh-x/files/openssh-6.0_p1-fix-freebsd-compilation.patch15
-rw-r--r--net-misc/openssh-x/files/openssh-6.0_p1-hpn-progressmeter.patch15
-rw-r--r--net-misc/openssh-x/files/openssh-6.0_p1-test.patch19
-rw-r--r--net-misc/openssh-x/files/openssh-6.0_p1-x509-glue.patch15
-rw-r--r--net-misc/openssh-x/files/openssh-6.0_p1-x509-hpn-glue.patch57
-rw-r--r--net-misc/openssh-x/files/openssh-6.1_p1-x509-glue.patch15
-rw-r--r--net-misc/openssh-x/files/openssh-6.1_p1-x509-hpn-glue.patch49
-rw-r--r--net-misc/openssh-x/files/sshd.confd21
-rw-r--r--net-misc/openssh-x/files/sshd.pam9
-rw-r--r--net-misc/openssh-x/files/sshd.pam_include.24
-rw-r--r--net-misc/openssh-x/files/sshd.rc682
-rw-r--r--net-misc/openssh-x/files/sshd.rc6.183
-rw-r--r--net-misc/openssh-x/files/sshd.rc6.285
-rwxr-xr-xnet-misc/openssh-x/files/sshd.rc6.385
-rw-r--r--net-misc/openssh-x/files/sshd.service10
-rw-r--r--net-misc/openssh-x/files/sshd.socket10
-rw-r--r--net-misc/openssh-x/files/sshd_at.service8
-rw-r--r--net-misc/openssh-x/metadata.xml28
-rw-r--r--net-misc/openssh-x/openssh-x-6.0_p1-r1.ebuild294
-rw-r--r--net-misc/openssh-x/openssh-x-6.0_p1.ebuild294
-rw-r--r--net-misc/openssh-x/openssh-x-6.1_p1.ebuild295
37 files changed, 4227 insertions, 0 deletions
diff --git a/net-misc/openssh-x/ChangeLog b/net-misc/openssh-x/ChangeLog
new file mode 100644
index 00000000..93dd285c
--- /dev/null
+++ b/net-misc/openssh-x/ChangeLog
@@ -0,0 +1,1929 @@
+# ChangeLog for net-misc/openssh
+# Copyright 1999-2012 Gentoo Foundation; Distributed under the GPL v2
+# $Header: /var/cvsroot/gentoo-x86/net-misc/openssh/ChangeLog,v 1.451 2012/09/08 18:38:11 vapier Exp $
+
+*openssh-6.1_p1 (08 Sep 2012)
+
+ 08 Sep 2012; Mike Frysinger <vapier@gentoo.org>
+ +files/openssh-6.1_p1-x509-glue.patch,
+ +files/openssh-6.1_p1-x509-hpn-glue.patch, +openssh-6.1_p1.ebuild:
+ Version bump #434278 by Phr33d0m.
+
+*openssh-6.0_p1-r1 (08 Jun 2012)
+
+ 08 Jun 2012; Mike Frysinger <vapier@gentoo.org> +openssh-6.0_p1-r1.ebuild:
+ Back hpn patch back down to v11 as v12 does not want to work for us #414401 by
+ Sean McGovern.
+
+ 02 Jun 2012; Mike Frysinger <vapier@gentoo.org> openssh-5.9_p1-r4.ebuild:
+ Mark alpha/ia64/s390/sh/sparc stable #396075.
+
+ 29 May 2012; Alexis Ballier <aballier@gentoo.org> openssh-6.0_p1.ebuild:
+ keyword ~amd64-fbsd
+
+ 29 May 2012; Richard Yao <ryao@gentoo.org>
+ +files/openssh-6.0_p1-fix-freebsd-compilation.patch, openssh-6.0_p1.ebuild:
+ Fix build failure on Gentoo FreeBSD 9, written by naota, reviewed by
+ xarthisius, approved by Chainsaw, bug #391011
+
+ 23 May 2012; Mike Frysinger <vapier@gentoo.org> openssh-5.5_p1-r2.ebuild,
+ openssh-5.6_p1-r2.ebuild, openssh-5.7_p1-r1.ebuild, openssh-5.8_p1-r1.ebuild,
+ openssh-5.8_p2-r1.ebuild, openssh-5.8_p2.ebuild, openssh-5.9_p1-r3.ebuild,
+ openssh-5.9_p1-r4.ebuild, openssh-6.0_p1.ebuild:
+ Inherit user eclass for enewuser/etc...
+
+ 17 May 2012; Mike Frysinger <vapier@gentoo.org>
+ +files/openssh-6.0_p1-test.patch, openssh-6.0_p1.ebuild:
+ Add fix for POSIX test compat #391011.
+
+ 08 May 2012; Brent Baude <ranger@gentoo.org> openssh-5.9_p1-r4.ebuild:
+ Marking openssh-5.9_p1-r4 ppc64 for bug 396075
+
+ 05 May 2012; Jeff Horelick <jdhore@gentoo.org> openssh-5.5_p1-r2.ebuild,
+ openssh-5.6_p1-r2.ebuild, openssh-5.7_p1-r1.ebuild, openssh-5.8_p1-r1.ebuild,
+ openssh-5.8_p2.ebuild, openssh-5.8_p2-r1.ebuild, openssh-5.9_p1-r3.ebuild,
+ openssh-5.9_p1-r4.ebuild, openssh-6.0_p1.ebuild:
+ dev-util/pkgconfig -> virtual/pkgconfig
+
+ 03 May 2012; Mike Frysinger <vapier@gentoo.org> openssh-6.0_p1.ebuild:
+ Enable locale env var passing by default #367017 by Michael.
+
+*openssh-6.0_p1 (30 Apr 2012)
+
+ 30 Apr 2012; Mike Frysinger <vapier@gentoo.org>
+ +files/openssh-6.0_p1-hpn-progressmeter.patch,
+ +files/openssh-6.0_p1-x509-glue.patch,
+ +files/openssh-6.0_p1-x509-hpn-glue.patch, +openssh-6.0_p1.ebuild:
+ Version bump with work from Robin #414071 by Michael Weber.
+
+ 16 Apr 2012; Markus Meier <maekke@gentoo.org> openssh-5.9_p1-r4.ebuild:
+ arm stable, bug #396075
+
+ 16 Apr 2012; Brent Baude <ranger@gentoo.org> openssh-5.9_p1-r4.ebuild:
+ Marking openssh-5.9_p1-r4 ppc for bug 396075
+
+ 10 Apr 2012; Jeroen Roovers <jer@gentoo.org> openssh-5.9_p1-r4.ebuild:
+ Stable for HPPA (bug #396075).
+
+ 09 Apr 2012; Jeff Horelick <jdhore@gentoo.org> openssh-5.9_p1-r4.ebuild:
+ marked x86 per bug 396075
+
+ 09 Apr 2012; Agostino Sarubbo <ago@gentoo.org> openssh-5.9_p1-r4.ebuild:
+ Stable for amd64, wrt bug #396075
+
+*openssh-5.9_p1-r4 (15 Mar 2012)
+
+ 15 Mar 2012; Mike Frysinger <vapier@gentoo.org> +openssh-5.9_p1-r4.ebuild,
+ +files/openssh-5.9_p1-drop-openssl-check.patch:
+ Drop openssl version checking.
+
+ 13 Mar 2012; Pawel Hajdan jr <phajdan.jr@gentoo.org>
+ openssh-5.5_p1-r2.ebuild, openssh-5.6_p1-r2.ebuild, openssh-5.7_p1-r1.ebuild,
+ openssh-5.8_p1-r1.ebuild, openssh-5.8_p2.ebuild, openssh-5.8_p2-r1.ebuild,
+ openssh-5.9_p1-r3.ebuild:
+ Switch to virtual/shadow.
+
+ 13 Feb 2012; Robin H. Johnson <robbat2@gentoo.org> openssh-5.9_p1-r3.ebuild:
+ Bug #352083: install LPK schema.
+
+ 06 Feb 2012; Jeremy Olexa <darkside@gentoo.org> openssh-5.9_p1-r3.ebuild:
+ [Bug 402441] net-misc/openssh: Add output to say that ECDSA will not work
+ when openssl[bindist] is present
+
+ 14 Dec 2011; Michał Górny <mgorny@gentoo.org> openssh-5.9_p1-r3.ebuild,
+ +files/sshd.service, +files/sshd.socket, +files/sshd_at.service:
+ Install systemd unit files.
+
+ 04 Dec 2011; Sven Wegener <swegener@gentoo.org> files/sshd.rc6,
+ files/sshd.rc6.1, files/sshd.rc6.2:
+ move reload to extra_started_commands
+
+ 26 Nov 2011; Mike Frysinger <vapier@gentoo.org> openssh-5.9_p1-r3.ebuild:
+ Move enew{user,group} to pkg_preinst so `die` works.
+
+ 03 Nov 2011; Mike Frysinger <vapier@gentoo.org> openssh-5.5_p1-r2.ebuild,
+ openssh-5.6_p1-r2.ebuild, openssh-5.7_p1-r1.ebuild, openssh-5.8_p1-r1.ebuild,
+ openssh-5.8_p2.ebuild, openssh-5.8_p2-r1.ebuild, openssh-5.9_p1-r3.ebuild:
+ Use new egetshell helper rather than calling getent directly.
+
+ 02 Nov 2011; Mike Frysinger <vapier@gentoo.org> openssh-5.5_p1-r2.ebuild,
+ openssh-5.6_p1-r2.ebuild, openssh-5.7_p1-r1.ebuild, openssh-5.8_p1-r1.ebuild,
+ openssh-5.8_p2.ebuild, openssh-5.8_p2-r1.ebuild, openssh-5.9_p1-r3.ebuild:
+ Use egetent rather than getent.
+
+*openssh-5.9_p1-r3 (26 Sep 2011)
+
+ 26 Sep 2011; Mike Frysinger <vapier@gentoo.org> -openssh-5.9_p1.ebuild,
+ -openssh-5.9_p1-r2.ebuild, +openssh-5.9_p1-r3.ebuild,
+ +files/openssh-5.9_p1-x509-glue.patch:
+ Add x509 patch and release.
+
+*openssh-5.9_p1-r2 (14 Sep 2011)
+*openssh-5.8_p2-r1 (14 Sep 2011)
+
+ 14 Sep 2011; Lars Wendler <polynomial-c@gentoo.org>
+ +openssh-5.8_p2-r1.ebuild, -openssh-5.9_p1-r1.ebuild,
+ +openssh-5.9_p1-r2.ebuild, files/sshd.rc6.3:
+ non-maintainer commit: Replaced deprecated opts variable (bug #382227) and
+ removed --stop option from reload function (bug #382975). Bot changes and
+ revbumps were done with kind permission from vapier.
+
+ 12 Sep 2011; Mike Frysinger <vapier@gentoo.org> openssh-5.9_p1-r1.ebuild:
+ Simplify test homedir logic a bit, and fix quoting.
+
+*openssh-5.9_p1-r1 (07 Sep 2011)
+
+ 07 Sep 2011; Robin H. Johnson <robbat2@gentoo.org> +openssh-5.9_p1-r1.ebuild:
+ Add complete port of HPN+LPK patches, also adjust the HOMEDIR setting for
+ src_test to complete in more cases.
+
+ 07 Sep 2011; Mike Frysinger <vapier@gentoo.org> openssh-5.9_p1.ebuild:
+ Retain default AuthorizedKeysFile behavior.
+
+*openssh-5.9_p1 (07 Sep 2011)
+
+ 07 Sep 2011; Mike Frysinger <vapier@gentoo.org> +openssh-5.9_p1.ebuild,
+ +files/openssh-5.9_p1-sshd-gssapi-multihomed.patch, +files/sshd.rc6.3:
+ Version bump. Drop --oknodo in init.d #377771 by Michael Mair-Keimberger. Add
+ GSSAPI/Kerberos fix #378361 by Kevan Carstensen.
+
+ 28 May 2011; Mike Frysinger <vapier@gentoo.org> files/sshd.rc6.2:
+ Move custom opts to checkconfig and include those when verifying config
+ sanity #367303 by Horst Prote.
+
+ 16 May 2011; Robin H. Johnson <robbat2@gentoo.org> openssh-5.8_p2.ebuild:
+ Bug #366643: rediff the LPK patch for LDAP usage. Also merge the Mozilla uid
+ customization LPK change.
+
+*openssh-5.8_p2 (09 May 2011)
+
+ 09 May 2011; Mike Frysinger <vapier@gentoo.org> +openssh-5.8_p2.ebuild:
+ Version bump.
+
+ 16 Apr 2011; Ulrich Mueller <ulm@gentoo.org> openssh-5.5_p1-r2.ebuild,
+ openssh-5.6_p1-r2.ebuild, openssh-5.7_p1-r1.ebuild, openssh-5.8_p1-r1.ebuild:
+ Don't PROVIDE virtual/ssh, bug 361121.
+
+ 19 Feb 2011; Mike Frysinger <vapier@gentoo.org> openssh-5.8_p1-r1.ebuild:
+ Encourage people to update their stored ssh key lists #355223 by Pacho Ramos.
+
+ 19 Feb 2011; Mike Frysinger <vapier@gentoo.org> -openssh-5.8_p1.ebuild,
+ openssh-5.8_p1-r1.ebuild:
+ We want openssh-5.8_p1-r1 going stable.
+
+ 13 Feb 2011; Raúl Porcel <armin76@gentoo.org> openssh-5.8_p1.ebuild:
+ arm/ia64/m68k/s390/sh/sparc stable wrt #353673
+
+ 11 Feb 2011; Pawel Hajdan jr <phajdan.jr@gentoo.org>
+ openssh-5.8_p1.ebuild:
+ x86 stable wrt security bug #353673
+
+ 11 Feb 2011; Kacper Kowalik <xarthisius@gentoo.org> openssh-5.8_p1.ebuild:
+ ppc stable wrt 353673
+
+ 10 Feb 2011; Markos Chandras <hwoarang@gentoo.org> openssh-5.8_p1.ebuild:
+ Stable on amd64 wrt bug #353673
+
+ 10 Feb 2011; Robin H. Johnson <robbat2@gentoo.org> openssh-5.5_p1-r2.ebuild,
+ openssh-5.6_p1-r2.ebuild, openssh-5.7_p1-r1.ebuild, openssh-5.8_p1.ebuild,
+ openssh-5.8_p1-r1.ebuild:
+ Revamp AES-CTR-MT disable comment, with explicit reference to upstream
+ documentation and testcase reference (bug #354113, comment 6).
+
+ 10 Feb 2011; Mike Frysinger <vapier@gentoo.org> openssh-5.8_p1-r1.ebuild,
+ +files/openssh-5.8_p1-selinux.patch:
+ Drop openssl build patch since it doesn't seem to be needed anymore, and
+ apply simple build fix for selinux from upstream #354247 by MarisN.
+
+ 10 Feb 2011; Robin H. Johnson <robbat2@gentoo.org> openssh-5.8_p1.ebuild:
+ Also add AES-CTR fix to 5.8_p1 presently under stabilization.
+ alpha/hppa/ppc64 are the only stable arches with the broken HPN version at
+ present.
+
+*openssh-5.8_p1-r1 (10 Feb 2011)
+
+ 10 Feb 2011; Robin H. Johnson <robbat2@gentoo.org> openssh-5.6_p1-r2.ebuild,
+ openssh-5.7_p1-r1.ebuild, +openssh-5.8_p1-r1.ebuild:
+ Bug #354113: AES-CTR workaround was dropped from 5.7 and 5.8 when it is still
+ required.
+
+ 08 Feb 2011; Kacper Kowalik <xarthisius@gentoo.org> openssh-5.8_p1.ebuild:
+ ppc64 stable wrt #353673
+
+ 08 Feb 2011; Tobias Klausmann <klausman@gentoo.org> openssh-5.8_p1.ebuild:
+ Stable on alpha, bug #353673
+
+ 08 Feb 2011; Jeroen Roovers <jer@gentoo.org> openssh-5.8_p1.ebuild:
+ Stable for HPPA (bug #353673).
+
+*openssh-5.8_p1 (05 Feb 2011)
+
+ 05 Feb 2011; Mike Frysinger <vapier@gentoo.org> +openssh-5.8_p1.ebuild,
+ +files/openssh-5.8_p1-x509-hpn-glue.patch:
+ Version bump #353673. Default HPN to on when available #347193 by Jeremy
+ Olexa.
+
+*openssh-5.7_p1-r1 (25 Jan 2011)
+
+ 25 Jan 2011; Mike Frysinger <vapier@gentoo.org> +openssh-5.7_p1-r1.ebuild,
+ +files/openssh-5.7_p1-x509-hpn-glue.patch:
+ Add x509/ldap/hpn support back in. Auto-remove ecdsa support from init.d if
+ openssl lacks support #352645 by William Throwe.
+
+*openssh-5.7_p1 (24 Jan 2011)
+
+ 24 Jan 2011; Mike Frysinger <vapier@gentoo.org> +openssh-5.7_p1.ebuild,
+ +files/sshd.rc6.2:
+ Version bump.
+
+ 10 Dec 2010; Robin H. Johnson <robbat2@gentoo.org> metadata.xml:
+ Update restrict in metadata per mgorny's request to use DEPEND syntax.
+
+ 04 Dec 2010; Raúl Porcel <armin76@gentoo.org> openssh-5.6_p1-r2.ebuild:
+ alpha/ia64/m68k/s390/sh stable wrt #346395
+
+ 29 Nov 2010; Brent Baude <ranger@gentoo.org> openssh-5.6_p1-r2.ebuild:
+ stable ppc64, bug 346395
+
+ 27 Nov 2010; Michael Weber <xmw@gentoo.org> openssh-5.6_p1-r2.ebuild:
+ arm/sparc stable (bug 346395)
+
+ 24 Nov 2010; Jeroen Roovers <jer@gentoo.org> openssh-5.6_p1-r2.ebuild:
+ Stable for HPPA PPC (bug #346395).
+
+ 22 Nov 2010; Markos Chandras <hwoarang@gentoo.org> openssh-5.6_p1-r2.ebuild:
+ Stable on amd64 wrt bug #346395
+
+ 22 Nov 2010; Thomas Kahle <tomka@gentoo.org> openssh-5.6_p1-r2.ebuild:
+ x86 stable per bug 346395
+
+ 11 Oct 2010; Diego E. Pettenò <flameeyes@gentoo.org>
+ openssh-5.6_p1-r2.ebuild, +files/sshd.rc6.1:
+ Update init script to not regenerate the RSA1 host key (for SSH Protocol
+ 1) unless Protocol 1 is enabled. Modern OpenSSH versions disable Protocol
+ 1 in the daemon by default.
+
+*openssh-5.6_p1-r2 (30 Sep 2010)
+
+ 30 Sep 2010; Mike Frysinger <vapier@gentoo.org> +openssh-5.6_p1-r2.ebuild,
+ +files/openssh-5.6_p1-hpn-progressmeter.patch:
+ Switch to latest upstream hpn patch, and fix a pointer error in it.
+
+ 24 Sep 2010; Raúl Porcel <armin76@gentoo.org> openssh-5.5_p1-r2.ebuild:
+ alpha/ia64/m68k/s390/sh/sparc stable wrt #334165
+
+ 23 Sep 2010; Markus Meier <maekke@gentoo.org> openssh-5.5_p1-r2.ebuild:
+ arm stable, bug #334165
+
+ 06 Sep 2010; Brent Baude <ranger@gentoo.org> openssh-5.5_p1-r2.ebuild:
+ Marking openssh-5.5_p1-r2 ppc64 for bug 334165
+
+ 28 Aug 2010; Markos Chandras <hwoarang@gentoo.org>
+ openssh-5.5_p1-r2.ebuild:
+ Stable on amd64 wrt bug #334165
+
+ 28 Aug 2010; Jeroen Roovers <jer@gentoo.org> openssh-5.5_p1-r2.ebuild:
+ Stable for HPPA PPC (bug #334165).
+
+*openssh-5.6_p1-r1 (26 Aug 2010)
+
+ 26 Aug 2010; Mike Frysinger <vapier@gentoo.org> +openssh-5.6_p1-r1.ebuild,
+ +files/openssh-5.6_p1-x509-hpn-glue.patch:
+ Update hpn/ldap/x509 patches to new release.
+
+ 25 Aug 2010; Robin H. Johnson <robbat2@gentoo.org> openssh-5.6_p1.ebuild:
+ Update HPN and LPK patches for 5.6p1 series.
+
+ 24 Aug 2010; Pawel Hajdan jr <phajdan.jr@gentoo.org>
+ openssh-5.5_p1-r2.ebuild:
+ x86 stable wrt bug #334165
+
+*openssh-5.6_p1 (23 Aug 2010)
+
+ 23 Aug 2010; Mike Frysinger <vapier@gentoo.org> +openssh-5.6_p1.ebuild:
+ Version bump.
+
+*openssh-5.5_p1-r2 (20 Jun 2010)
+*openssh-5.4_p1-r3 (20 Jun 2010)
+
+ 20 Jun 2010; Mike Frysinger <vapier@gentoo.org> +openssh-5.4_p1-r3.ebuild,
+ +openssh-5.5_p1-r2.ebuild:
+ Switch to the official hpn patches.
+
+*openssh-5.5_p1-r1 (20 Apr 2010)
+
+ 20 Apr 2010; Robin H. Johnson <robbat2@gentoo.org>
+ +openssh-5.5_p1-r1.ebuild:
+ The 5.4 patchsets for HPN and LPK apply and work perfectly with 5.5.
+
+*openssh-5.5_p1 (16 Apr 2010)
+
+ 16 Apr 2010; Mike Frysinger <vapier@gentoo.org> +openssh-5.5_p1.ebuild:
+ Version bump.
+
+*openssh-5.4_p1-r2 (29 Mar 2010)
+
+ 29 Mar 2010; Robin H. Johnson <robbat2@gentoo.org>
+ +openssh-5.4_p1-r2.ebuild:
+ Revbump with HPN and LPK patches available again now. Ported and submitted
+ to upstream authors. X509 now has more conflicts with HPN, future
+ revisions may require selection of: x509 XOR (hpn OR lpk).
+
+*openssh-5.4_p1-r1 (29 Mar 2010)
+
+ 29 Mar 2010; Mike Frysinger <vapier@gentoo.org> +openssh-5.4_p1-r1.ebuild,
+ +files/openssh-5.4_p1-pkcs11.patch,
+ +files/openssh-5.4_p1-relative-AuthorizedKeysFile.patch:
+ Fixes from upstream for pkcs build problems #310929 by Alan Hourihane and
+ for relative AuthorizedKeysFile handling #308939 by Eric Vander Weele.
+
+ 20 Mar 2010; Mike Frysinger <vapier@gentoo.org> openssh-5.3_p1-r1.ebuild,
+ openssh-5.4_p1.ebuild:
+ Fix warning with USE="X509 ldap" #310287 by Nico Baggus.
+
+ 19 Mar 2010; Raúl Porcel <armin76@gentoo.org> openssh-5.3_p1-r1.ebuild:
+ sparc stable wrt #308555
+
+ 19 Mar 2010; Mike Frysinger <vapier@gentoo.org> openssh-5.3_p1-r1.ebuild:
+ Mark alpha/arm/ia64/s390/sh stable #308555.
+
+ 18 Mar 2010; Christian Faulhammer <fauli@gentoo.org>
+ openssh-5.3_p1-r1.ebuild:
+ stable x86, bug 308555
+
+ 13 Mar 2010; Mike Frysinger <vapier@gentoo.org> openssh-5.4_p1.ebuild:
+ Drop USE=pkcs11 per Alon Bar-Lev #308431.
+
+ 12 Mar 2010; Jeroen Roovers <jer@gentoo.org> openssh-5.3_p1-r1.ebuild:
+ Stable for HPPA (bug #308555).
+
+ 12 Mar 2010; Markos Chandras <hwoarang@gentoo.org>
+ openssh-5.3_p1-r1.ebuild:
+ Stable on amd64 wrt bug #308555
+
+ 10 Mar 2010; Joseph Jezak <josejx@gentoo.org> openssh-5.3_p1-r1.ebuild:
+ Marked ppc/ppc64 stable for bug #308555.
+
+*openssh-5.4_p1 (09 Mar 2010)
+
+ 09 Mar 2010; Mike Frysinger <vapier@gentoo.org> +openssh-5.4_p1.ebuild,
+ +files/openssh-5.4_p1-openssl.patch:
+ Version bump #308431 by Dirkjan Ochtman.
+
+ 27 Oct 2009; Raúl Porcel <armin76@gentoo.org> openssh-5.2_p1-r3.ebuild:
+ ia64/m68k/s390/sh/sparc stable wrt #287292
+
+ 11 Oct 2009; nixnut <nixnut@gentoo.org> openssh-5.2_p1-r3.ebuild:
+ ppc stable #287292
+
+ 11 Oct 2009; Tobias Klausmann <klausman@gentoo.org>
+ openssh-5.2_p1-r3.ebuild:
+ Stable on alpha, bug #287292
+
+ 11 Oct 2009; Robin H. Johnson <robbat2@gentoo.org>
+ openssh-5.3_p1-r1.ebuild, +files/openssh-5.3_p1-pkcs11-hpn-glue.patch:
+ Bug #288498: Now we need a glue patch for pkcs11 and HPN together. Really
+ some of these patchsets need to go to upstream.
+
+*openssh-5.3_p1-r1 (10 Oct 2009)
+
+ 10 Oct 2009; Robin H. Johnson <robbat2@gentoo.org>
+ +openssh-5.3_p1-r1.ebuild:
+ Ported the HPN and LPK patches to 5.3p1, mailed upstream as well.
+
+ 07 Oct 2009; Mike Frysinger <vapier@gentoo.org> openssh-5.2_p1-r2.ebuild,
+ openssh-5.2_p1-r3.ebuild, openssh-5.3_p1.ebuild:
+ Fix static_use_with handling when there is one option #287292 by Jaak
+ Ristioja.
+
+ 03 Oct 2009; Jeroen Roovers <jer@gentoo.org> openssh-5.2_p1-r3.ebuild:
+ Stable for HPPA (bug #287292).
+
+ 03 Oct 2009; Brent Baude <ranger@gentoo.org> openssh-5.2_p1-r3.ebuild:
+ Marking openssh-5.2_p1-r3 ppc64 for bug 287292
+
+ 03 Oct 2009; Markus Meier <maekke@gentoo.org> openssh-5.2_p1-r3.ebuild:
+ amd64/arm/x86 stable, bug #287292
+
+*openssh-5.3_p1 (03 Oct 2009)
+
+ 03 Oct 2009; Mike Frysinger <vapier@gentoo.org> +openssh-5.3_p1.ebuild:
+ Version bump.
+
+*openssh-5.2_p1-r3 (23 Aug 2009)
+
+ 23 Aug 2009; Mike Frysinger <vapier@gentoo.org> +openssh-5.2_p1-r3.ebuild,
+ +files/openssh-5.2_p1-gsskex-fix.patch,
+ +files/openssh-5.2_p1-x509-hpn-glue.patch:
+ Update x509 patch, update gsskex patch #279488 by Harald Barth, and update
+ x509/hpn glue #270508 by BedOS_Gui.
+
+ 13 Aug 2009; Mike Frysinger <vapier@gentoo.org> openssh-5.0_p1-r2.ebuild,
+ openssh-5.1_p1-r2.ebuild, openssh-5.1_p1-r3.ebuild,
+ openssh-5.2_p1-r1.ebuild, openssh-5.2_p1-r2.ebuild:
+ Suggest people reload the sshd server rather than restart it.
+
+ 12 Aug 2009; Christian Ruppert <idl0r@gentoo.org> files/sshd.rc6:
+ Removed "-b 1024" to use ServerKeyBits option instead.
+
+ 19 Jul 2009; Mike Frysinger <vapier@gentoo.org> files/sshd.rc6:
+ Add checkconfig to reload() #277007 by Michał Górny.
+
+ 10 Jul 2009; Robin H. Johnson <robbat2@gentoo.org> files/sshd.rc6:
+ Allow public calls to checkconfig and gen_keys, for helping automation and
+ sanity checks.
+
+ 23 Jun 2009; Mike Frysinger <vapier@gentoo.org> openssh-5.2_p1-r2.ebuild,
+ +files/openssh-5.2_p1-autoconf.patch:
+ Workaround autoconf-2.63 issues with empty else statements.
+
+ 18 May 2009; Robin H. Johnson <robbat2@gentoo.org>
+ openssh-5.2_p1-r1.ebuild, openssh-5.2_p1-r2.ebuild,
+ +files/openssh-5.2p1-ldap-stdargs.diff:
+ Bug #266654: Fix LPK compile under uclibc due to missing include statement
+ thanks to Bertrand Jacquin <beber@meleeweb.net>.
+
+ 18 May 2009; Robin H. Johnson <robbat2@gentoo.org>
+ openssh-5.2_p1-r2.ebuild:
+ New release of the HPN patch that makes it mostly usable now. The
+ multithreaded AES-CTR portion is disabled to avoid hangs however.
+
+ 20 Apr 2009; Mike Frysinger <vapier@gentoo.org> openssh-5.2_p1-r2.ebuild:
+ Skip pkcs11/kerberos support when USE=static by Alon Bar-Lev #266404 by
+ Jan Paesmans.
+
+ 12 Apr 2009; Robin H. Johnson <robbat2@gentoo.org>
+ openssh-5.2_p1-r2.ebuild:
+ Switch to UID instead of hardcoded portage per bug #264841 comment.
+
+ 12 Apr 2009; Robin H. Johnson <robbat2@gentoo.org> files/sshd.rc6:
+ Bug #265491, fix opts with baselayout1.
+
+ 12 Apr 2009; Robin H. Johnson <robbat2@gentoo.org>
+ openssh-5.2_p1-r1.ebuild, openssh-5.2_p1-r2.ebuild:
+ Bug #264841, the ssh testsuite needs a real shell to run, so run a subset
+ of tests otherwise.
+
+ 04 Apr 2009; Raúl Porcel <armin76@gentoo.org> openssh-5.2_p1-r1.ebuild:
+ alpha/arm/ia64/m68k/s390/sh/sparc stable wrt #247466
+
+ 02 Apr 2009; Markus Meier <maekke@gentoo.org> openssh-5.2_p1-r1.ebuild:
+ amd64/x86 stable, bug #247466
+
+ 02 Apr 2009; Brent Baude <ranger@gentoo.org> openssh-5.2_p1-r1.ebuild:
+ Marking openssh-5.2_p1-r1 ppc64 and ppc for bug 247466
+
+ 02 Apr 2009; Jeroen Roovers <jer@gentoo.org> openssh-5.2_p1-r1.ebuild:
+ Stable for HPPA (bug #247466).
+
+ 11 Mar 2009; Robin H. Johnson <robbat2@gentoo.org>
+ openssh-5.2_p1-r1.ebuild, openssh-5.2_p1-r2.ebuild:
+ Add the SSH testsuite, because I think the latest HPN patch has a breakage
+ that was missed.
+
+*openssh-5.2_p1-r2 (09 Mar 2009)
+
+ 09 Mar 2009; Robin H. Johnson <robbat2@gentoo.org>
+ +openssh-5.2_p1-r2.ebuild:
+ Added my own unofficial port of the HPN patch, because performance sucks
+ without it.
+
+ 25 Feb 2009; Mike Frysinger <vapier@gentoo.org> openssh-5.2_p1-r1.ebuild:
+ Update pkcs11 patch #152170.
+
+*openssh-5.2_p1-r1 (24 Feb 2009)
+
+ 24 Feb 2009; Robin H. Johnson <robbat2@gentoo.org>
+ +openssh-5.2_p1-r1.ebuild:
+ LPK patch updated for new OpenSSH release.
+
+ 24 Feb 2009; Mike Frysinger <vapier@gentoo.org> openssh-5.2_p1.ebuild:
+ Fix X509 patching #260163 by Daniel J.
+
+*openssh-5.2_p1 (24 Feb 2009)
+
+ 24 Feb 2009; Mike Frysinger <vapier@gentoo.org> +openssh-5.2_p1.ebuild:
+ Version bump #247466.
+
+ 20 Feb 2009; Raúl Porcel <armin76@gentoo.org> openssh-5.1_p1-r2.ebuild:
+ ia64/sparc stable wrt #258940
+
+ 16 Feb 2009; Brent Baude <ranger@gentoo.org> openssh-5.1_p1-r2.ebuild:
+ stable ppc64, bug 258940
+
+ 15 Feb 2009; Markus Meier <maekke@gentoo.org> openssh-5.1_p1-r2.ebuild:
+ amd64/x86 stable, bug #258940
+
+ 14 Feb 2009; Brent Baude <ranger@gentoo.org> openssh-5.1_p1-r2.ebuild:
+ stable ppc, bug 258940
+
+ 14 Feb 2009; Jeroen Roovers <jer@gentoo.org> openssh-5.1_p1-r2.ebuild:
+ Stable for HPPA (bug #258940).
+
+ 14 Feb 2009; Tobias Klausmann <klausman@gentoo.org>
+ openssh-5.1_p1-r2.ebuild:
+ Stable on alpha, bug #258940
+
+ 14 Feb 2009; Mike Frysinger <vapier@gentoo.org>
+ +files/openssh-5.1_p1-x509-headers.patch, openssh-5.1_p1-r2.ebuild,
+ openssh-5.1_p1-r3.ebuild:
+ Fix implicit strsep() prototype in x509 code #258795 by orlin.
+
+ 08 Feb 2009; Mike Frysinger <vapier@gentoo.org> openssh-4.4_p1-r6.ebuild,
+ openssh-4.5_p1-r2.ebuild, openssh-4.6_p1-r4.ebuild,
+ openssh-4.7_p1-r6.ebuild, openssh-4.7_p1-r20.ebuild,
+ openssh-5.0_p1-r1.ebuild, openssh-5.0_p1-r2.ebuild, openssh-5.1_p1.ebuild,
+ openssh-5.1_p1-r1.ebuild, openssh-5.1_p1-r2.ebuild,
+ openssh-5.1_p1-r3.ebuild:
+ Drop unused ccc eclass inherit.
+
+ 21 Jan 2009; Jeremy Olexa <darkside@gentoo.org> openssh-5.1_p1-r3.ebuild:
+ Disable PATH reset in configure script, bug 254615
+
+ 15 Jan 2009; Robin H. Johnson <robbat2@gentoo.org> metadata.xml:
+ Re-add my <description> tag for metadata.xml, because it's a full
+ description, not just a restrict based on USE flags. And spanky didn't
+ have a changelog entry either.
+
+ 13 Jan 2009; Mike Frysinger <vapier@gentoo.org>
+ files/openssh-5.1_p1-better-ssp-check.patch:
+ Fixup ssp detection patch #254365 by Felix Riemann.
+
+*openssh-5.1_p1-r3 (09 Jan 2009)
+
+ 09 Jan 2009; Diego E. Pettenò <flameeyes@gentoo.org>
+ +openssh-5.1_p1-r3.ebuild:
+ Let PAM print motd and last login data to close bug #244816.
+
+ 17 Nov 2008; Mike Frysinger <vapier@gentoo.org>
+ +files/openssh-5.1_p1-better-ssp-check.patch, openssh-5.1_p1-r1.ebuild,
+ openssh-5.1_p1-r2.ebuild:
+ Fix ssp detection on uClibc hosts.
+
+*openssh-5.1_p1-r2 (03 Nov 2008)
+
+ 03 Nov 2008; Mike Frysinger <vapier@gentoo.org>
+ +files/openssh-5.1_p1-escaped-banner.patch,
+ +files/openssh-5.1_p1-null-banner.patch, +openssh-5.1_p1-r2.ebuild:
+ Fix some issues with printing of banners #244222 by Michał Górny.
+
+ 01 Nov 2008; Robin H. Johnson <robbat2@gentoo.org> openssh-5.1_p1.ebuild,
+ openssh-5.1_p1-r1.ebuild:
+ Bug #244760, we need to pass --with-ldap, not try to execute it.
+
+ 30 Oct 2008; Brent Baude <ranger@gentoo.org> openssh-5.1_p1-r1.ebuild:
+ Marking openssh-5.1_p1-r1 ppc for bug 231292
+
+ 30 Oct 2008; Raúl Porcel <armin76@gentoo.org> openssh-5.1_p1-r1.ebuild:
+ alpha/ia64/sparc stable #231292
+
+ 27 Oct 2008; Brent Baude <ranger@gentoo.org> openssh-5.1_p1-r1.ebuild:
+ Marking openssh-5.1_p1-r1 ppc64 for bug 231292
+
+ 26 Oct 2008; Jeroen Roovers <jer@gentoo.org> openssh-5.1_p1-r1.ebuild:
+ Stable for HPPA (bug #231292).
+
+ 26 Oct 2008; Markus Meier <maekke@gentoo.org> openssh-5.1_p1-r1.ebuild:
+ amd64/x86 stable, bug #231292
+
+ 29 Aug 2008; Mike Frysinger <vapier@gentoo.org> openssh-5.1_p1.ebuild,
+ openssh-5.1_p1-r1.ebuild:
+ Tweak --with-ldap catch #235594 by BedOS_Gui.
+
+*openssh-5.1_p1-r1 (23 Aug 2008)
+
+ 23 Aug 2008; Robin H. Johnson <robbat2@gentoo.org>
+ +files/openssh-5.1_p1-ldap-hpn-glue.patch, metadata.xml,
+ +openssh-5.1_p1-r1.ebuild:
+ Update the LDAP patches, also mailed to upstream.
+
+ 23 Aug 2008; Robin H. Johnson <robbat2@gentoo.org>
+ +files/openssh-5.1_p1-x509-hpn-glue.patch, openssh-5.1_p1.ebuild:
+ Forward-port the X509/hpn glue patch per bug #235086.
+
+*openssh-5.1_p1 (17 Aug 2008)
+
+ 17 Aug 2008; Mike Frysinger <vapier@gentoo.org> +openssh-5.1_p1.ebuild:
+ Version bump #232891 by Krzysztof Oledzki.
+
+*openssh-5.0_p1-r2 (23 Jul 2008)
+
+ 23 Jul 2008; Diego Pettenò <flameeyes@gentoo.org>
+ +openssh-5.0_p1-r2.ebuild:
+ Add new revision that use pambase now that it's fully keyworded. Closes
+ bug #225141 by Davide Pesavento.
+
+ 17 May 2008; nixnut <nixnut@gentoo.org> openssh-4.7_p1-r20.ebuild:
+ Added ~ppc wrt bug 210777
+
+ 11 May 2008; Ulrich Mueller <ulm@gentoo.org> openssh-4.4_p1-r6.ebuild,
+ openssh-4.5_p1-r2.ebuild, openssh-4.6_p1-r4.ebuild,
+ openssh-4.7_p1-r6.ebuild, openssh-4.7_p1-r20.ebuild,
+ openssh-5.0_p1-r1.ebuild:
+ Fix dependency: app-admin/skey moved to sys-auth/skey.
+
+*openssh-5.0_p1-r1 (10 Apr 2008)
+
+ 10 Apr 2008; Mike Frysinger <vapier@gentoo.org> +openssh-5.0_p1-r1.ebuild:
+ Update HPN and gsskex patch #216932 by Kamil Kisiel.
+
+ 06 Apr 2008; Mike Frysinger <vapier@gentoo.org> openssh-5.0_p1.ebuild:
+ Remove accidental pkcs11-helper inclusion from DEPEND.
+
+*openssh-5.0_p1 (05 Apr 2008)
+
+ 05 Apr 2008; Mike Frysinger <vapier@gentoo.org> +openssh-5.0_p1.ebuild:
+ Version bump.
+
+ 03 Apr 2008; Tobias Scherbaum <dertobi123@gentoo.org>
+ openssh-4.7_p1-r6.ebuild:
+ ppc stable, bug #215702
+
+ 02 Apr 2008; Mike Frysinger <vapier@gentoo.org> openssh-4.9_p1-r1.ebuild:
+ Drop unnecessary USE=chroot #215820 by Cybertinus.
+
+ 02 Apr 2008; Jeroen Roovers <jer@gentoo.org> openssh-4.7_p1-r6.ebuild:
+ Stable for HPPA (bug #215702).
+
+ 02 Apr 2008; Markus Rothe <corsair@gentoo.org> openssh-4.7_p1-r6.ebuild:
+ Stable on ppc64; bug #215702
+
+*openssh-4.9_p1-r1 (02 Apr 2008)
+
+ 02 Apr 2008; Mike Frysinger <vapier@gentoo.org>
+ +files/openssh-4.9_p1-x509-hpn-glue.patch, -openssh-4.9_p1.ebuild,
+ +openssh-4.9_p1-r1.ebuild:
+ Add updated X509/hpn patches.
+
+ 02 Apr 2008; Raúl Porcel <armin76@gentoo.org> openssh-4.7_p1-r6.ebuild:
+ alpha/ia64/sparc stable wrt security #215702
+
+ 02 Apr 2008; Richard Freeman <rich0@gentoo.org> openssh-4.7_p1-r6.ebuild:
+ amd64 stable - 215702
+
+ 01 Apr 2008; Christian Faulhammer <opfer@gentoo.org>
+ openssh-4.7_p1-r6.ebuild:
+ stable x86, security bug 215702
+
+*openssh-4.7_p1-r6 (01 Apr 2008)
+
+ 01 Apr 2008; Mike Frysinger <vapier@gentoo.org>
+ +files/openssh-4.7_p1-ForceCommand.patch, +openssh-4.7_p1-r6.ebuild:
+ Fix for ForceCommand bypass #215702.
+
+*openssh-4.9_p1 (01 Apr 2008)
+
+ 01 Apr 2008; Mike Frysinger <vapier@gentoo.org> +openssh-4.9_p1.ebuild:
+ Version bump.
+
+ 01 Apr 2008; Chris PeBenito <pebenito@gentoo.org>
+ +files/openssh-4.7p1-selinux.diff, openssh-4.7_p1-r5.ebuild,
+ openssh-4.7_p1-r20.ebuild:
+ fix bug #191665, in selinux portion of configure script.
+
+ 30 Mar 2008; Raúl Porcel <armin76@gentoo.org> openssh-4.7_p1-r5.ebuild:
+ alpha/ia64/sparc stable wrt security #214985
+
+ 29 Mar 2008; Richard Freeman <rich0@gentoo.org> openssh-4.7_p1-r5.ebuild:
+ amd64 stable - 214985
+
+ 29 Mar 2008; Christian Faulhammer <opfer@gentoo.org>
+ openssh-4.7_p1-r5.ebuild:
+ stable x86, security bug 214985
+
+ 29 Mar 2008; Jeroen Roovers <jer@gentoo.org> openssh-4.7_p1-r5.ebuild:
+ Stable for HPPA (bug #214985).
+
+ 29 Mar 2008; Brent Baude <ranger@gentoo.org> openssh-4.7_p1-r5.ebuild:
+ Marking openssh-4.7_p1-r5 ppc64 and ppc for bug 214985
+
+*openssh-4.7_p1-r5 (29 Mar 2008)
+
+ 29 Mar 2008; Mike Frysinger <vapier@gentoo.org>
+ +files/openssh-4.7_p1-CVE-2008-1483.patch,
+ +files/openssh-4.7_p1-lpk-64bit.patch,
+ +files/openssh-4.7_p1-packet-size.patch, +openssh-4.7_p1-r5.ebuild:
+ Fix CVE-2008-1483 #214985. Fix from upstream for scp/packet problems #212433
+ by Steven Parkes. Fix from Piotr Stolc for some LPK configs under 64bit
+ systems #210110. Add gsskex patch (for now) #115553.
+
+ 17 Mar 2008; Santiago M. Mola <coldwind@gentoo.org>
+ openssh-4.7_p1-r20.ebuild:
+ ~amd64 added wrt bug #210777
+
+ 14 Mar 2008; Diego Pettenò <flameeyes@gentoo.org>
+ openssh-4.7_p1-r20.ebuild:
+ Disable printing of motd and lastlog when enabling PAM, on the
+ pambase-dependent ebuild, as system-login takes care of that. Closes bug
+ #213234.
+
+ 06 Mar 2008; Raúl Porcel <armin76@gentoo.org> openssh-4.7_p1-r20.ebuild:
+ Add ~alpha/~ia64 wrt #210777
+
+ 05 Mar 2008; Ferris McCormick <fmccor@gentoo.org>
+ openssh-4.7_p1-r20.ebuild:
+ Add back ~sparc, Bug #210777, verified as still working with USE=pam.
+
+ 05 Mar 2008; Brent Baude <ranger@gentoo.org> openssh-4.7_p1-r20.ebuild:
+ keyworded ~arch for ppc64, bug 210777
+
+ 04 Mar 2008; <cla@gentoo.org> openssh-4.7_p1-r20.ebuild:
+ Marked ~x86 (bug #210777). Thanks to Michał Wołonkiewicz <volon@vp.pl> for
+ testing.
+
+ 03 Mar 2008; Jeroen Roovers <jer@gentoo.org> openssh-4.7_p1-r20.ebuild:
+ Marked ~hppa (bug #210777).
+
+ 23 Feb 2008; Robin H. Johnson <robbat2@gentoo.org>
+ openssh-4.4_p1-r6.ebuild, openssh-4.5_p1-r2.ebuild,
+ openssh-4.6_p1-r3.ebuild, openssh-4.7_p1-r1.ebuild:
+ Drop mips to ~mips because app-admin/skey has dropped the stable mips keyword.
+
+ 23 Feb 2008; Robin H. Johnson <robbat2@gentoo.org> metadata.xml:
+ Add myself as the contact point for LPK issues. I am on base-system for
+ everything else.
+
+ 20 Feb 2008; Diego Pettenò <flameeyes@gentoo.org>
+ openssh-4.7_p1-r20.ebuild:
+ Fix dependencies for pambase/pam.
+
+*openssh-4.7_p1-r20 (19 Feb 2008)
+
+ 19 Feb 2008; Diego Pettenò <flameeyes@gentoo.org>
+ +files/sshd.pam_include.2, +openssh-4.7_p1-r20.ebuild:
+ Add a new revision with pambase's system-remote-login as base stack. Now
+ also prints motd when using PAM.
+
+ 12 Feb 2008; Santiago M. Mola <coldwind@gentoo.org>
+ openssh-4.7_p1-r3.ebuild:
+ amd64 stable wrt bug #193401
+
+ 10 Feb 2008; Mike Frysinger <vapier@gentoo.org>
+ +files/openssh-4.7_p1-x509-hpn-glue.patch, openssh-4.7_p1-r4.ebuild:
+ Fix building with USE='X509 hpn' #209479 by Jose daLuz.
+
+ 10 Feb 2008; Tobias Scherbaum <dertobi123@gentoo.org>
+ openssh-4.7_p1-r3.ebuild:
+ ppc stable, bug #193401
+
+ 09 Feb 2008; Brent Baude <ranger@gentoo.org> openssh-4.7_p1-r3.ebuild:
+ stable ppc64, bug 193401
+
+*openssh-4.7_p1-r4 (09 Feb 2008)
+
+ 09 Feb 2008; Mike Frysinger <vapier@gentoo.org> +openssh-4.7_p1-r4.ebuild:
+ Update HPN patch.
+
+ 28 Jan 2008; Jeroen Roovers <jer@gentoo.org> openssh-4.7_p1-r3.ebuild:
+ Stable for HPPA too.
+
+ 24 Jan 2008; Raúl Porcel <armin76@gentoo.org> openssh-4.7_p1-r3.ebuild:
+ alpha/ia64/sparc/x86 stable
+
+*openssh-4.7_p1-r3 (21 Nov 2007)
+
+ 21 Nov 2007; Mike Frysinger <vapier@gentoo.org> +openssh-4.7_p1-r3.ebuild:
+ Update x509/hpn patches.
+
+ 08 Oct 2007; Mike Frysinger <vapier@gentoo.org> openssh-4.7_p1-r1.ebuild,
+ openssh-4.7_p1-r2.ebuild:
+ Mirrors have had long enough to update; drop restriction.
+
+*openssh-4.7_p1-r2 (29 Sep 2007)
+
+ 29 Sep 2007; Mike Frysinger <vapier@gentoo.org>
+ +files/openssh-4.7_p1-GSSAPI-dns.patch, +openssh-4.7_p1-r2.ebuild:
+ Enable ssl-engine support #194163 by Nikhil Sethi and add GSSAPI/DNS patch
+ #165444 by Alex Iribarren.
+
+ 27 Sep 2007; Joshua Kinard <kumba@gentoo.org> openssh-4.7_p1-r1.ebuild:
+ Stable on mips, per #191321.
+
+ 25 Sep 2007; Mike Frysinger <vapier@gentoo.org> openssh-4.7_p1-r1.ebuild:
+ Force u+x perms on /etc/skel/.ssh for a while to help with older broken
+ installs.
+
+ 22 Sep 2007; Mike Frysinger <vapier@gentoo.org> openssh-4.7_p1-r1.ebuild:
+ Upstream changed openssh-4.7p1-hpn12v18.diff.gz slightly so rebuild manifest
+ and prevent hitting Gentoo mirrors for a little while #193401 by Timothy
+ Redaelli.
+
+ 20 Sep 2007; Mike Frysinger <vapier@gentoo.org> files/sshd.rc6:
+ If restarting, check the config first #192825 by Hans-Werner Hilse.
+
+ 08 Sep 2007; Markus Rothe <corsair@gentoo.org> openssh-4.7_p1-r1.ebuild:
+ Stable on ppc64; bug #191321
+
+*openssh-4.7_p1-r1 (07 Sep 2007)
+
+ 07 Sep 2007; Mike Frysinger <vapier@gentoo.org> +openssh-4.7_p1-r1.ebuild:
+ Add X509 and hpn patches.
+
+ 07 Sep 2007; Tobias Scherbaum <dertobi123@gentoo.org>
+ openssh-4.7_p1.ebuild:
+ ppc stable, bug #191321
+
+ 07 Sep 2007; Jeroen Roovers <jer@gentoo.org> openssh-4.7_p1.ebuild:
+ Stable for HPPA (bug #191321).
+
+ 07 Sep 2007; Chris Gianelloni <wolf31o2@gentoo.org> openssh-4.7_p1.ebuild:
+ Stable on amd64 wrt bug #191321.
+
+ 06 Sep 2007; Jose Luis Rivero <yoswink@gentoo.org> openssh-4.7_p1.ebuild:
+ Stable on sparc wrt security bug #191321
+
+ 06 Sep 2007; Raúl Porcel <armin76@gentoo.org> openssh-4.7_p1.ebuild:
+ alpha/ia64 stable wrt security #191321
+
+ 06 Sep 2007; Andrej Kacian <ticho@gentoo.org> openssh-4.7_p1.ebuild:
+ Stable on x86, security bug #191321.
+
+*openssh-4.7_p1 (05 Sep 2007)
+
+ 05 Sep 2007; Mike Frysinger <vapier@gentoo.org> +openssh-4.7_p1.ebuild:
+ Version bump #191321 by Rajiv Aaron Manglani.
+
+ 25 Aug 2007; Mike Frysinger <vapier@gentoo.org> openssh-4.6_p1-r4.ebuild:
+ Punt securid stuff as upstream is not fast enough to update.
+
+*openssh-4.6_p1-r4 (06 Aug 2007)
+
+ 06 Aug 2007; Mike Frysinger <vapier@gentoo.org>
+ +files/openssh-4.6_p1-chan-read-failed.patch, +openssh-4.6_p1-r4.ebuild:
+ Fix from upstream for spurious chan_read_failed errors #181407.
+
+*openssh-4.6_p1-r3 (06 Aug 2007)
+
+ 06 Aug 2007; Mike Frysinger <vapier@gentoo.org> +openssh-4.6_p1-r3.ebuild:
+ Add updated ldap patch #187594.
+
+ 04 Aug 2007; <metalgod@gentoo.org> openssh-4.0_p1-r2.ebuild,
+ openssh-4.1_p1-r1.ebuild, openssh-4.5_p1-r2.ebuild,
+ openssh-4.6_p1-r2.ebuild:
+ Stable on amd64. See security bug #183958.
+
+ 02 Aug 2007; Raúl Porcel <armin76@gentoo.org> openssh-4.5_p1-r2.ebuild,
+ openssh-4.6_p1-r2.ebuild:
+ x86 stable, no idea why i didn't stabilize them
+
+ 23 Jul 2007; Mike Frysinger <vapier@gentoo.org> openssh-4.2_p1-r1.ebuild,
+ openssh-4.3_p2-r5.ebuild, openssh-4.4_p1-r6.ebuild, openssh-4.5_p1.ebuild,
+ openssh-4.5_p1-r1.ebuild, openssh-4.5_p1-r2.ebuild:
+ Punt bindnow-flags usage.
+
+ 22 Jul 2007; Donnie Berkholz <dberkholz@gentoo.org>;
+ openssh-4.3_p2-r5.ebuild:
+ Drop virtual/x11 references.
+
+ 21 Jul 2007; Joseph Jezak <josejx@gentoo.org> openssh-4.0_p1-r2.ebuild,
+ openssh-4.1_p1-r1.ebuild, openssh-4.5_p1-r2.ebuild,
+ openssh-4.6_p1-r2.ebuild:
+ Marked ppc/ppc64 stable for bug #183958.
+
+ 10 Jul 2007; Gustavo Zacarias <gustavoz@gentoo.org>
+ openssh-4.0_p1-r2.ebuild, openssh-4.1_p1-r1.ebuild:
+ Stable on sparc wrt #183958
+
+ 07 Jul 2007; Raúl Porcel <armin76@gentoo.org> openssh-4.0_p1-r2.ebuild,
+ openssh-4.1_p1-r1.ebuild:
+ alpha/ia64/x86 stable wrt #183958
+
+ 07 Jul 2007; Joshua Kinard <kumba@gentoo.org> openssh-4.0_p1-r2.ebuild,
+ openssh-4.1_p1-r1.ebuild, openssh-4.5_p1-r2.ebuild,
+ openssh-4.6_p1-r2.ebuild:
+ Stable on mips, per #183958.
+
+ 05 Jul 2007; Raúl Porcel <armin76@gentoo.org> openssh-4.5_p1-r2.ebuild,
+ openssh-4.6_p1-r2.ebuild:
+ alpha/ia64 stable wrt #183958
+
+ 04 Jul 2007; Jeroen Roovers <jer@gentoo.org> openssh-4.6_p1-r2.ebuild:
+ Stable for HPPA (bug #183958).
+
+ 04 Jul 2007; Gustavo Zacarias <gustavoz@gentoo.org>
+ openssh-4.5_p1-r2.ebuild, openssh-4.6_p1-r2.ebuild:
+ Stable on sparc wrt #183958
+
+ 04 Jul 2007; Jeroen Roovers <jer@gentoo.org> openssh-4.5_p1-r2.ebuild:
+ Stable for HPPA (bug #183958).
+
+ 04 Jul 2007; Jeroen Roovers <jer@gentoo.org> openssh-4.1_p1-r1.ebuild:
+ Stable for HPPA (bug #183958).
+
+ 04 Jul 2007; Jeroen Roovers <jer@gentoo.org> openssh-4.0_p1-r2.ebuild:
+ Stable for HPPA (bug #183958).
+
+*openssh-4.6_p1-r2 (02 Jul 2007)
+
+ 02 Jul 2007; Diego Pettenò <flameeyes@gentoo.org>
+ +files/sshd.pam_include.1, +openssh-4.6_p1-r2.ebuild:
+ Revision bump to fix the pam.d file.
+
+ 24 Apr 2007; Alexander Færøy <eroyf@gentoo.org>
+ openssh-4.5_p1-r1.ebuild:
+ Stable on MIPS.
+
+ 18 Mar 2007; Robin H. Johnson <robbat2@gentoo.org>
+ openssh-4.5_p1-r2.ebuild:
+ Bug #169665, use slightly modified LPK patch to avoid conflict on configure
+ with SecurID patch.
+
+*openssh-4.6_p1-r1 (13 Mar 2007)
+
+ 13 Mar 2007; Mike Frysinger <vapier@gentoo.org>
+ +files/openssh-4.6_p1-ChallengeResponseAuthentication.patch,
+ +openssh-4.6_p1-r1.ebuild:
+ Grab fix from upstream for ChallengeResponseAuthentication (to fix USE=pam
+ defaults) #170670 and add new hpn support.
+
+*openssh-4.6_p1 (11 Mar 2007)
+
+ 11 Mar 2007; Mike Frysinger <vapier@gentoo.org>
+ +files/openssh-4.6_p1-include-string-header.patch, +openssh-4.6_p1.ebuild:
+ Version bump #170385 by Wolfram Schlich.
+
+*openssh-4.5_p1-r2 (05 Mar 2007)
+
+ 05 Mar 2007; Robin H. Johnson <robbat2@gentoo.org>
+ +openssh-4.5_p1-r2.ebuild:
+ Bug #168681. Bump for new versions of HPN (compile fix for strict compilers)
+ and LPK (Addition of LpkFilter as an LDAP filter).
+
+*openssh-4.5_p1-r1 (23 Feb 2007)
+
+ 23 Feb 2007; Roy Marples <uberlord@gentoo.org> files/sshd.rc6,
+ +openssh-4.5_p1-r1.ebuild:
+ Bump for a non bash init script.
+
+ 08 Jan 2007; Michael Cummings <mcummings@gentoo.org>
+ openssh-4.5_p1.ebuild:
+ Stable on amd64 wrt security bug 154389
+
+ 08 Jan 2007; Bryan Østergaard <kloeri@gentoo.org> openssh-4.5_p1.ebuild:
+ Stable on Alpha, bug 154389.
+
+ 08 Jan 2007; Gustavo Zacarias <gustavoz@gentoo.org> openssh-4.5_p1.ebuild:
+ Stable on sparc wrt security #154389
+
+ 07 Jan 2007; Tobias Scherbaum <dertobi123@gentoo.org>
+ openssh-4.5_p1.ebuild:
+ Stable on ppc wrt bug #154389.
+
+ 07 Jan 2007; Markus Rothe <corsair@gentoo.org> openssh-4.5_p1.ebuild:
+ Stable on ppc64; bug #154389
+
+ 06 Jan 2007; Jeroen Roovers <jer@gentoo.org> openssh-4.5_p1.ebuild:
+ Stable for HPPA (bug #154389).
+
+ 06 Jan 2007; Christian Faulhammer <opfer@gentoo.org>
+ openssh-4.5_p1.ebuild:
+ stable x86, security bug #154389
+
+ 07 Dec 2006; Diego Pettenò <flameeyes@gentoo.org>
+ openssh-4.3_p2-r1.ebuild, openssh-4.3_p2-r5.ebuild,
+ openssh-4.4_p1-r6.ebuild, openssh-4.5_p1.ebuild:
+ Require dev-libs/libedit for libedit support, as it's going to be removed
+ from freebsd-lib in favour of a merged dev-libs/libedit ebuild.
+
+ 08 Nov 2006; Ilya A. Volynets-Evenbakh <iluxa@gentoo.org>
+ openssh-4.4_p1-r6.ebuild:
+ Stable on mips (#149502)
+
+*openssh-4.5_p1 (07 Nov 2006)
+
+ 07 Nov 2006; Mike Frysinger <vapier@gentoo.org> +openssh-4.5_p1.ebuild:
+ Version bump #154389.
+
+ 05 Nov 2006; Brent Baude <ranger@gentoo.org> openssh-4.4_p1-r6.ebuild:
+ Marking openssh-4.4_p1-r6 ppc64 stable for 149502
+
+ 03 Nov 2006; Fernando J. Pereda <ferdy@gentoo.org>
+ openssh-4.4_p1-r6.ebuild:
+ Stable on alpha as per bug #149502
+
+*openssh-4.4_p1-r6 (03 Nov 2006)
+
+ 03 Nov 2006; Mike Frysinger <vapier@gentoo.org>
+ +files/openssh-4.4_p1-ldap-hpn-glue.patch, +openssh-4.4_p1-r6.ebuild:
+ Grab updated HPN patch to fix -C issues #153854.
+
+ 01 Nov 2006; Tobias Scherbaum <dertobi123@gentoo.org>
+ openssh-4.4_p1-r5.ebuild:
+ ppc stable, bug #149502
+
+ 01 Nov 2006; Gustavo Zacarias <gustavoz@gentoo.org>
+ openssh-4.4_p1-r5.ebuild:
+ Stable on sparc wrt security #149502
+
+ 01 Nov 2006; Mike Frysinger <vapier@gentoo.org>
+ +files/openssh-4.4_p1-x509-hpn-glue.patch, openssh-4.4_p1-r5.ebuild:
+ Tweak X509 a little so HPN can apply at the sametime #151527 by Bob Reveley.
+
+ 31 Oct 2006; Danny van Dyk <kugelfang@gentoo.org>
+ openssh-4.4_p1-r5.ebuild:
+ Marked stable on amd64.
+
+ 31 Oct 2006; Andrej Kacian <ticho@gentoo.org> openssh-4.4_p1-r5.ebuild:
+ Stable on x86, security bug #152594.
+
+ 31 Oct 2006; Jeroen Roovers <jer@gentoo.org> openssh-4.4_p1-r5.ebuild:
+ Stable for HPPA (bug #149502).
+
+*openssh-4.4_p1-r5 (25 Oct 2006)
+
+ 25 Oct 2006; Mike Frysinger <vapier@gentoo.org> +openssh-4.4_p1-r5.ebuild:
+ Add updated securid support.
+
+ 17 Oct 2006; Roy Marples <uberlord@gentoo.org> openssh-4.4_p1-r4.ebuild:
+ Added ~sparc-fbsd keyword.
+
+ 14 Oct 2006; Roy Marples <uberlord@gentoo.org> files/sshd.rc6:
+ Init script now interacts fully with start-stop-daemon.
+
+*openssh-4.4_p1-r4 (13 Oct 2006)
+
+ 13 Oct 2006; Mike Frysinger <vapier@gentoo.org> +openssh-4.4_p1-r4.ebuild:
+ Add updated hpn support.
+
+*openssh-4.4_p1-r3 (04 Oct 2006)
+
+ 04 Oct 2006; Chris PeBenito <pebenito@gentoo.org>
+ +files/openssh-4.4p1-selinux-ac.diff, +openssh-4.4_p1-r3.ebuild:
+ Fix configure to properly detect SELinux functions.
+
+*openssh-4.4_p1-r2 (02 Oct 2006)
+
+ 02 Oct 2006; Mike Frysinger <vapier@gentoo.org> +openssh-4.4_p1-r2.ebuild:
+ Add support for new X509.
+
+ 02 Oct 2006; Andrea Barisani <lcars@gentoo.org>
+ files/digest-openssh-4.4_p1-r1, Manifest:
+ Fixing digest wrt bug #149571
+
+ 30 Sep 2006; Diego Pettenò <flameeyes@gentoo.org>
+ openssh-4.4_p1-r1.ebuild:
+ Make sure pam is the latest eclass called.
+
+ 29 Sep 2006; Markus Rothe <corsair@gentoo.org> openssh-4.3_p2-r5.ebuild:
+ Stable on ppc64
+
+*openssh-4.4_p1-r1 (29 Sep 2006)
+
+ 29 Sep 2006; Andrea Barisani <lcars@gentoo.org> +openssh-4.4_p1-r1.ebuild:
+ Revision bump for new ldap patch.
+
+*openssh-4.4_p1 (28 Sep 2006)
+
+ 28 Sep 2006; Mike Frysinger <vapier@gentoo.org> +openssh-4.4_p1.ebuild:
+ Version bump.
+
+ 27 Sep 2006; Fernando J. Pereda <ferdy@gentoo.org>
+ openssh-4.3_p2-r5.ebuild:
+ Stable on alpha wrt bug #148228
+
+ 26 Sep 2006; Gustavo Zacarias <gustavoz@gentoo.org>
+ openssh-4.3_p2-r5.ebuild:
+ Stable on hppa wrt security #148228
+
+ 26 Sep 2006; Simon Stelling <blubb@gentoo.org> openssh-4.3_p2-r5.ebuild:
+ stable on amd64; bug 148228
+
+ 26 Sep 2006; Tobias Scherbaum <dertobi123@gentoo.org>
+ openssh-4.3_p2-r5.ebuild:
+ ppc stable, bug #148228
+
+ 25 Sep 2006; Jason Wever <weeve@gentoo.org> openssh-4.3_p2-r5.ebuild:
+ Stable on SPARC wrt security bug #148228.
+
+ 25 Sep 2006; Paul Varner <fuzzyray@gentoo.org> openssh-4.3_p2-r5.ebuild:
+ Stable on x86. Bug #148228
+
+*openssh-4.3_p2-r5 (25 Sep 2006)
+
+ 25 Sep 2006; Tavis Ormandy <taviso@gentoo.org> +openssh-4.3_p2-r5.ebuild,
+ +files/openssh-4.3_p2-identical-simple-dos-2.patch:
+ Tweak DOS patch #148228.
+
+ 23 Sep 2006; Mike Frysinger <vapier@gentoo.org>
+ +files/openssh-4.3_p2-opensc-libs.patch, openssh-4.3_p2-r4.ebuild:
+ Fix building with --as-needed #148538 by Mart Raudsepp.
+
+ 23 Sep 2006; Mike Frysinger <vapier@gentoo.org>
+ +files/openssh-4.3_p2-ldap-updates.patch, openssh-4.3_p2-r4.ebuild:
+ Fixup ldap configure code #148723 by sfp-a7x.
+
+*openssh-4.3_p2-r4 (22 Sep 2006)
+
+ 22 Sep 2006; Mike Frysinger <vapier@gentoo.org>
+ +files/openssh-4.3_p2-securid-updates.patch, +openssh-4.3_p2-r4.ebuild:
+ Force rebuilding of all autotools instead of just cheating with autoconf
+ #148639 by Alex K.
+
+ 22 Sep 2006; Tobias Scherbaum <dertobi123@gentoo.org>
+ openssh-4.3_p2-r3.ebuild:
+ hppa stable, bug #148228
+
+ 21 Sep 2006; Tobias Scherbaum <dertobi123@gentoo.org>
+ openssh-4.3_p2-r3.ebuild:
+ ppc stable, bug #148228
+
+ 21 Sep 2006; Mike Doty <kingtaco@gentoo.org> openssh-4.3_p2-r3.ebuild:
+ amd64 stable, bug 148228
+
+ 21 Sep 2006; Gustavo Zacarias <gustavoz@gentoo.org>
+ openssh-4.3_p2-r3.ebuild:
+ Stable on sparc wrt #148228
+
+ 21 Sep 2006; <ticho@gentoo.org> openssh-4.3_p2-r3.ebuild:
+ Stable on x86, security bug #148228.
+
+ 21 Sep 2006; Markus Rothe <corsair@gentoo.org> openssh-4.3_p2-r3.ebuild:
+ Stable on ppc64; bug #148228
+
+*openssh-4.3_p2-r3 (20 Sep 2006)
+
+ 20 Sep 2006; Mike Frysinger <vapier@gentoo.org>
+ +files/openssh-4.3_p1-chroot.patch,
+ +files/openssh-4.3_p2-identical-simple-dos.patch, files/sshd.confd,
+ files/sshd.rc6, +openssh-4.3_p2-r3.ebuild:
+ Fixes from upstream for minor DOS #148228.
+
+ 08 Sep 2006; Mike Frysinger <vapier@gentoo.org> openssh-4.3_p2-r2.ebuild:
+ Remove ugly flag mangling and fix building with USE=static #146654 by
+ Alexander Skwar.
+
+ 05 Jul 2006; Andrea Barisani <lcars@gentoo.org> metadata.xml:
+ Making my metadata entry a bit more clear.
+
+ 04 Jul 2006; Mike Frysinger <vapier@gentoo.org> openssh-4.3_p2-r2.ebuild:
+ Add x11-apps/xauth to RDEPEND for USE=X #139235 by Ian Stakenvicius.
+
+ 02 Jul 2006; Robin H. Johnson <robbat2@gentoo.org>
+ files/digest-openssh-3.9_p1-r3, files/digest-openssh-4.0_p1-r2,
+ files/digest-openssh-4.1_p1-r1, files/digest-openssh-4.2_p1-r1,
+ files/digest-openssh-4.3_p1, files/digest-openssh-4.3_p2-r1,
+ files/digest-openssh-4.3_p2-r2, Manifest:
+ Fix digest weirdness.
+
+ 30 Jun 2006; Robin H. Johnson <robbat2@gentoo.org>
+ files/digest-openssh-4.3_p1, files/digest-openssh-4.3_p2-r1,
+ files/digest-openssh-4.3_p2-r2, Manifest:
+ Upstream changed the openssh-lpk-4.3p1-0.3.7.patch file, and didn't alter
+ the filename! Re-digest as needed.
+
+ 27 Jun 2006; Mike Frysinger <vapier@gentoo.org>
+ +files/openssh-4.3_p2-configure.patch, openssh-4.3_p1.ebuild,
+ openssh-4.3_p2-r1.ebuild, openssh-4.3_p2-r2.ebuild:
+ Fix broken configure script #137921 by Adam Potter.
+
+ 24 Jun 2006; Diego Pettenò <flameeyes@gentoo.org>
+ openssh-4.3_p2-r1.ebuild:
+ Remove x86-fbsd keyword from an older rev, just to be safe.
+
+ 24 Jun 2006; Diego Pettenò <flameeyes@gentoo.org>
+ openssh-4.3_p2-r2.ebuild:
+ Put shadow under conditional userland_GNU, unbreak non-GNU userlands.
+
+ 24 Jun 2006; Joshua Kinard <kumba@gentoo.org> openssh-4.3_p2-r2.ebuild:
+ Eh, shadow belongs in RDEPEND instead, duh.
+
+ 24 Jun 2006; Joshua Kinard <kumba@gentoo.org> openssh-4.3_p2-r2.ebuild:
+ Added shadow as a DEPEND so that groupadd is available.
+
+*openssh-4.3_p2-r2 (08 Jun 2006)
+
+ 08 Jun 2006; Mike Frysinger <vapier@gentoo.org>
+ +files/openssh-4.3_p2-securid-hpn-glue.patch,
+ +files/openssh-4.3_p2-x509-hpn-glue.patch, openssh-4.2_p1-r1.ebuild,
+ +openssh-4.3_p2-r2.ebuild:
+ Update hpn and x509 patches #135691 by Scott Jones.
+
+ 07 Jun 2006; Joshua Kinard <kumba@gentoo.org> openssh-4.3_p2-r1.ebuild:
+ Add sys-apps/shadow to RDEPEND/DEPEND so group/useradd is available. Fixes
+ Bug #135966.
+
+ 29 Apr 2006; Joshua Kinard <kumba@gentoo.org> openssh-4.3_p2-r1.ebuild:
+ Marked stable on mips.
+
+ 19 Apr 2006; Andrea Barisani <lcars@gentoo.org> openssh-4.3_p1.ebuild,
+ openssh-4.3_p2-r1.ebuild:
+ Ok that last commit was stupid, going back and waiting for updated mirrors.
+
+ 19 Apr 2006; <lcars@gentoo.org> openssh-4.3_p1.ebuild,
+ openssh-4.3_p2-r1.ebuild:
+ Moving ldap patch to dev.gentoo.org waiting for mirror to get the updated version
+ and fixing digest issues. bug #130354
+
+ 17 Apr 2006; Markus Rothe <corsair@gentoo.org> openssh-4.3_p2-r1.ebuild:
+ Stable on ppc64; bug #130027
+
+ 17 Apr 2006; Chris Gianelloni <wolf31o2@gentoo.org>
+ openssh-4.3_p2-r1.ebuild:
+ Stable on x86 wrt bug #130027.
+
+ 16 Apr 2006; Bryan Østergaard <kloeri@gentoo.org
+ openssh-4.3_p2-r1.ebuild:
+ Stable on alpha, bug 130027.
+
+ 15 Apr 2006; Jason Wever <weeve@gentoo.org> openssh-4.3_p2-r1.ebuild:
+ Stable on SPARC wrt bug #130027.
+
+ 15 Apr 2006; <nixnut@gentoo.org> openssh-4.3_p2-r1.ebuild:
+ Stable on ppc. Bug #130027
+
+ 15 Apr 2006; Marcus D. Hanwell <cryos@gentoo.org>
+ openssh-4.3_p2-r1.ebuild:
+ Marked stable on amd64, bug 130027.
+
+ 04 Apr 2006; Diego Pettenò <flameeyes@gentoo.org>
+ openssh-4.3_p2-r1.ebuild:
+ Allow using freebsd-lib's libedit with libedit useflag.
+
+ 30 Mar 2006; Diego Pettenò <flameeyes@gentoo.org>
+ openssh-4.3_p2-r1.ebuild:
+ Add ~x86-fbsd keyword.
+
+ 05 Mar 2006; Mike Frysinger <vapier@gentoo.org>
+ +files/openssh-4.3_p2-selinux.patch.glue, openssh-4.3_p2-r1.ebuild:
+ Glue selinux and X509 support #125108 by Alon Bar-Lev.
+
+ 05 Mar 2006; Andrea Barisani <lcars@gentoo.org> openssh-4.3_p1.ebuild,
+ openssh-4.3_p2.ebuild, openssh-4.3_p2-r1.ebuild:
+ Restored ldap support in 4.3 versions.
+
+*openssh-4.3_p2-r1 (05 Mar 2006)
+
+ 05 Mar 2006; Chris PeBenito <pebenito@gentoo.org>
+ +files/openssh-4.3_p2-selinux.patch, +openssh-4.3_p2-r1.ebuild:
+ Bump to update SELinux patch.
+
+*openssh-4.3_p2 (04 Mar 2006)
+
+ 04 Mar 2006; Mike Frysinger <vapier@gentoo.org>
+ +files/openssh-4.3_p1-krb5-typos.patch, +openssh-4.3_p2.ebuild:
+ Version bump and add patch from upstream #124494 by RiverRat.
+
+ 28 Feb 2006; Mike Frysinger <vapier@gentoo.org> files/sshd.rc6:
+ Add restart function by Michal Fojtik to init.d script #124271.
+
+ 19 Feb 2006; Joshua Kinard <kumba@gentoo.org> openssh-4.2_p1-r1.ebuild:
+ Marked stable on mips.
+
+*openssh-4.3_p1 (08 Feb 2006)
+
+ 08 Feb 2006; Mike Frysinger <vapier@gentoo.org> +openssh-4.3_p1.ebuild:
+ Version bump #121191 by Wolfram Schlich.
+
+ 04 Feb 2006; Mike Frysinger <vapier@gentoo.org> +files/sshd.confd,
+ files/sshd.rc6, openssh-3.9_p1-r3.ebuild, openssh-4.0_p1-r2.ebuild,
+ openssh-4.1_p1-r1.ebuild, openssh-4.2_p1.ebuild, openssh-4.2_p1-r1.ebuild:
+ Pass sshd_config to sshd when starting to better help running multiple
+ instances of ssh #121530 by ph.
+
+ 03 Feb 2006; Tobias Scherbaum <dertobi123@gentoo.org>
+ openssh-4.2_p1-r1.ebuild:
+ ppc stable, bug #119232
+
+ 03 Feb 2006; Markus Rothe <corsair@gentoo.org> openssh-4.2_p1-r1.ebuild:
+ Stable on ppc64: bug #119232
+
+ 03 Feb 2006; Jose Luis Rivero <yoswink@gentoo.org>
+ openssh-4.2_p1-r1.ebuild:
+ Stable on alpha wrt sec bug #119232
+
+ 02 Feb 2006; Rene Nussbaumer <killerfox@gentoo.org>
+ openssh-4.2_p1-r1.ebuild:
+ Stable on hppa. See bug #119232.
+
+ 02 Feb 2006; Mark Loeser <halcy0n@gentoo.org> openssh-4.2_p1-r1.ebuild:
+ Stable on x86; bug #119232
+
+ 02 Feb 2006; Gustavo Zacarias <gustavoz@gentoo.org>
+ openssh-4.2_p1-r1.ebuild:
+ Stable on sparc wrt security #119232
+
+ 02 Feb 2006; Simon Stelling <blubb@gentoo.org> openssh-4.2_p1-r1.ebuild:
+ stable on amd64 wrt bug 119232
+
+*openssh-4.2_p1-r1 (01 Feb 2006)
+
+ 01 Feb 2006; Mike Frysinger <vapier@gentoo.org>
+ +files/openssh-4.2_p1-CVE-2006-0225.patch, +openssh-4.2_p1-r1.ebuild:
+ Version bump for security #119232.
+
+ 29 Jan 2006; Mike Frysinger <vapier@gentoo.org>
+ +files/openssh-4.2_p1-cross-compile.patch, openssh-4.0_p1-r2.ebuild,
+ openssh-4.1_p1-r1.ebuild, openssh-4.2_p1.ebuild:
+ Fix cross-compiling #120567 by Raphael Burnes.
+
+ 25 Dec 2005; Diego Pettenò <flameeyes@gentoo.org> openssh-4.2_p1.ebuild:
+ Use bindnow-flags function instead of -Wl,-z,now.
+
+ 10 Dec 2005; Mike Frysinger <vapier@gentoo.org> files/sshd.rc6:
+ Update init.d script to allow for multiple instances by Marius Mauch #114996.
+
+ 22 Oct 2005; MATSUU Takuto <matsuu@gentoo.org> openssh-4.2_p1.ebuild:
+ Stable on sh for #109678.
+
+ 22 Oct 2005; Mike Frysinger <vapier@gentoo.org>
+ +files/openssh-4.2_p1-selinux.patch, openssh-4.2_p1.ebuild:
+ Fix selinux support #110039 and add back in securid/hpn patches.
+
+ 21 Oct 2005; Bryan Østergaard <kloeri@gentoo.org> openssh-4.2_p1.ebuild:
+ Stable on alpha + ia64, bug 109678.
+
+ 21 Oct 2005; Jason Wever <weeve@gentoo.org> openssh-4.2_p1.ebuild:
+ Stable on SPARC wrt security bug #109678.
+
+ 21 Oct 2005; Seemant Kulleen <seemant@gentoo.org> openssh-4.2_p1.ebuild:
+ stable amd64 for bug #109678
+
+ 21 Oct 2005; Aaron Walker <ka0ttic@gentoo.org> openssh-4.2_p1.ebuild:
+ Stable on mips for bug #109678.
+
+ 20 Oct 2005; Michael Hanselmann <hansmi@gentoo.org> openssh-4.2_p1.ebuild:
+ Stable on hppa, ppc.
+
+ 20 Oct 2005; <mkay@gentoo.org> openssh-4.2_p1.ebuild:
+ Marking stable on x86
+
+ 20 Oct 2005; Brent Baude <ranger@gentoo.org> openssh-4.2_p1.ebuild:
+ Marking openssh-4.2_p1 ppc64 for bug 109678
+
+ 19 Oct 2005; Mike Frysinger <vapier@gentoo.org>
+ openssh-3.8.1_p1-r1.ebuild, openssh-3.9_p1-r3.ebuild,
+ openssh-4.0_p1-r2.ebuild, openssh-4.1_p1-r1.ebuild, openssh-4.2_p1.ebuild:
+ Move default xauth location to /usr/bin/xauth.
+
+*openssh-4.2_p1 (06 Sep 2005)
+
+ 06 Sep 2005; Mike Frysinger <vapier@gentoo.org>
+ +files/openssh-4.2_p1-kerberos-detection.patch,
+ +files/openssh-4.2_p1-sftplogging-1.4-gentoo.patch.bz2,
+ +openssh-4.2_p1.ebuild:
+ Version bump #104948 by Saurabh Singhvi.
+
+ 05 Sep 2005; Mike Frysinger <vapier@gentoo.org>
+ +files/openssh-3.9_p1-fix_suid.patch,
+ -files/openssh-3.9_p1-fix_suid.patch.bz2,
+ +files/openssh-3.9_p1-fix_suid-x509.patch, openssh-3.8.1_p1-r1.ebuild,
+ openssh-3.9_p1-r3.ebuild, openssh-4.0_p1-r2.ebuild,
+ openssh-4.1_p1-r1.ebuild:
+ Update the x509 patches.
+
+ 05 Sep 2005; Mike Frysinger <vapier@gentoo.org> openssh-4.1_p1-r1.ebuild:
+ Re-enable smartcard support.
+
+ 20 Aug 2005; Mike Frysinger <vapier@gentoo.org> files/sshd.rc6:
+ Before starting sshd, sanity check the config file #101893 by Eric Brown.
+
+*openssh-4.1_p1-r1 (15 Jul 2005)
+*openssh-4.0_p1-r2 (15 Jul 2005)
+*openssh-3.9_p1-r3 (15 Jul 2005)
+
+ 15 Jul 2005; Andrea Barisani <lcars@gentoo.org> metadata.xml,
+ +openssh-3.9_p1-r3.ebuild, +openssh-4.0_p1-r2.ebuild,
+ +openssh-4.1_p1-r1.ebuild:
+ Updating openssh-lpk ldap patches to version 0.3.6.
+
+ 26 Jun 2005; Mike Frysinger <vapier@gentoo.org> openssh-3.9_p1-r2.ebuild,
+ openssh-4.0_p1-r1.ebuild, openssh-4.1_p1.ebuild:
+ Add support for the High Performance patch #96717 by Frank Benkstein.
+
+ 29 May 2005; Mike Frysinger <vapier@gentoo.org> openssh-4.0_p1-r1.ebuild,
+ openssh-4.1_p1.ebuild:
+ Add USE=libedit support #94410 by Joe Wells.
+
+*openssh-4.1_p1 (29 May 2005)
+
+ 29 May 2005; Mike Frysinger <vapier@gentoo.org> +openssh-4.1_p1.ebuild:
+ Version bump #94261 by Tobias Sager.
+
+ 28 May 2005; Mike Frysinger <vapier@gentoo.org>
+ +files/openssh-4.0_p1-smartcard-ldap-happy.patch,
+ openssh-3.8.1_p1-r1.ebuild, openssh-3.9_p1-r2.ebuild,
+ openssh-4.0_p1-r1.ebuild:
+ Add support for LDAP and make it mutually exclusive from x509 since they
+ conflict #58579.
+
+ 22 May 2005; Mike Frysinger <vapier@gentoo.org> openssh-4.0_p1-r1.ebuild:
+ Add support for RSA SecurID tokens #92233 by Antti Mäkelä.
+
+ 20 May 2005; Diego Pettenò <flameeyes@gentoo.org>
+ openssh-3.9_p1-r2.ebuild, openssh-4.0_p1.ebuild, openssh-4.0_p1-r1.ebuild:
+ Inherit pam eclass for newpamd.
+
+*openssh-4.0_p1-r1 (29 Apr 2005)
+
+ 29 Apr 2005; Diego Pettenò <flameeyes@gentoo.org>
+ +files/sshd.pam_include, +openssh-4.0_p1-r1.ebuild:
+ Added a new revision depending on virtual/pam (>=pam-0.78) and uses the
+ include syntax instead of pam_stack.so.
+
+*openssh-3.9_p1-r2 (17 Mar 2005)
+
+ 17 Mar 2005; Mike Frysinger <vapier@gentoo.org>
+ files/openssh-3.9_p1-sftplogging-1.2-gentoo.patch.bz2,
+ +openssh-3.9_p1-r2.ebuild:
+ Fix bad sftplogging code #82372 by Andrej Kacian.
+
+*openssh-4.0_p1 (15 Mar 2005)
+
+ 15 Mar 2005; Mike Frysinger <vapier@gentoo.org>
+ +files/openssh-4.0_p1-sftplogging-1.2-gentoo.patch.bz2,
+ +openssh-4.0_p1.ebuild:
+ Version bump #84717 by Michail A.Baikov.
+
+ 13 Mar 2005; Mike Frysinger <vapier@gentoo.org>
+ +files/openssh-3.9_p1-kerberos-detection.patch, openssh-3.9_p1-r1.ebuild:
+ Add patch to fix kerberos detection #80811 by Aron Griffis.
+
+ 13 Mar 2005; Mike Frysinger <vapier@gentoo.org>
+ +files/openssh-3.9_p1-configure-openct.patch, openssh-3.9_p1-r1.ebuild:
+ Fix USE=-opensc logic with patch by Stian Skjelstad #78730.
+
+ 19 Feb 2005; Mike Frysinger <vapier@gentoo.org>
+ files/openssh-3.9_p1-largekey.patch.bz2:
+ Make sure that the largekey properly passes the size of the buffer along
+ #82463 by David Cuthbert.
+
+ 22 Jan 2005; Daniel Ahlberg <aliz@gentoo.org>
+ +files/openssh-3.9_p1-pamfix.patch.bz2, openssh-3.9_p1-r1.ebuild:
+ Added pamfix patch from upstream, closing #65343.
+
+ 07 Jan 2005; Daniel Ahlberg <aliz@gentoo.org>
+ +files/openssh-3.9_p1-terminal_restore.patch.bz2,
+ openssh-3.9_p1-r1.ebuild:
+ Fix terminal restoration after breaking out from sftp and scp, closing #63544.
+
+ 30 Dec 2004; Bryan Østergaard <kloeri@gentoo.org>
+ openssh-3.9_p1-r1.ebuild:
+ Stable on alpha, bug 59361.
+
+ 29 Dec 2004; Hardave Riar <hardave@gentoo.org> openssh-3.9_p1-r1.ebuild:
+ Stable on mips, bug #59361.
+
+ 29 Dec 2004; Ciaran McCreesh <ciaranm@gentoo.org> :
+ Change encoding to UTF-8 for GLEP 31 compliance
+
+ 29 Dec 2004; Gustavo Zacarias <gustavoz@gentoo.org>
+ openssh-3.9_p1-r1.ebuild:
+ Stable on sparc wrt #59361
+
+ 29 Dec 2004; Markus Rothe <corsair@gentoo.org> openssh-3.9_p1-r1.ebuild:
+ Stable for security; bug #59361
+
+ 29 Dec 2004; <SeJo@gentoo.org> openssh-3.9_p1-r1.ebuild:
+ stable on ppc glsa: 59361
+
+*openssh-3.9_p1-r1 (28 Dec 2004)
+
+ 28 Dec 2004; Mike Frysinger <vapier@gentoo.org>
+ files/openssh-3.9_p1-chroot.patch, +openssh-3.9_p1-r1.ebuild,
+ +files/openssh-3.9_p1-infoleak.patch:
+ Add infoleak fix #59361 and allow the chroot patch to support PAM auth #72987.
+
+ 16 Nov 2004; Mike Frysinger <vapier@gentoo.org> openssh-3.9_p1.ebuild:
+ If USE=pam, then disable PasswordAuthentication since PAM overrides it #71233.
+
+ 14 Sep 2004; Daniel Ahlberg <aliz@gentoo.org> openssh-3.9_p1.ebuild,
+ files/openssh-3.9_p1-fix_suid.patch.bz2:
+ Fixed suid binary.
+
+ 14 Sep 2004; Daniel Ahlberg <aliz@gentoo.org> openssh-3.7.1_p2-r1.ebuild,
+ openssh-3.7.1_p2-r2.ebuild, openssh-3.8.1_p1-r1.ebuild,
+ openssh-3.8.1_p1-r2.ebuild, openssh-3.8.1_p1.ebuild, openssh-3.8_p1.ebuild,
+ openssh-3.9_p1.ebuild, files/openssh-3.5_p1-gentoo-sshd-gcc3.patch,
+ files/openssh-3.5_p1-gentoo-sshd-gcc3.patch.bz2,
+ files/openssh-3.7.1_p1-selinux.diff,
+ files/openssh-3.7.1_p1-selinux.diff.bz2,
+ files/openssh-3.7.1_p2-chroot.patch,
+ files/openssh-3.7.1_p2-chroot.patch.bz2,
+ files/openssh-3.7.1_p2-kerberos.patch,
+ files/openssh-3.7.1_p2-kerberos.patch.bz2,
+ files/openssh-3.7.1_p2-skey.patch, files/openssh-3.7.1_p2-skey.patch.bz2,
+ files/openssh-3.8.1_p1-chroot.patch,
+ files/openssh-3.8.1_p1-chroot.patch.bz2,
+ files/openssh-3.8.1_p1-kerberos.patch,
+ files/openssh-3.8.1_p1-kerberos.patch.bz2,
+ files/openssh-3.8.1_p1-largekey.patch,
+ files/openssh-3.8.1_p1-largekey.patch.bz2,
+ files/openssh-3.8.1_p1-opensc.patch,
+ files/openssh-3.8.1_p1-opensc.patch.bz2,
+ files/openssh-3.8.1_p1-resolv_functions.patch,
+ files/openssh-3.8.1_p1-resolv_functions.patch.bz2,
+ files/openssh-3.8.1_p1-skey.patch,
+ files/openssh-3.8_p1-resolv_functions.patch.bz2,
+ files/openssh-3.8_p1-skey.patch, files/openssh-3.8_p1-skey.patch.bz2,
+ files/openssh-3.9_p1-chroot.patch, files/openssh-3.9_p1-chroot.patch.bz2,
+ files/openssh-3.9_p1-largekey.patch,
+ files/openssh-3.9_p1-largekey.patch.bz2, files/openssh-3.9_p1-opensc.patch,
+ files/openssh-3.9_p1-opensc.patch.bz2, files/openssh-3.9_p1-selinux.diff,
+ files/openssh-3.9_p1-selinux.diff.bz2,
+ files/openssh-3.9_p1-sftplogging-1.2-gentoo.patch,
+ files/openssh-3.9_p1-sftplogging-1.2-gentoo.patch.bz2,
+ files/openssh-3.9_p1-skey.patch, files/openssh-3.9_p1-skey.patch.bz2,
+ files/openssh-skeychallenge-args.diff,
+ files/openssh-skeychallenge-args.diff.bz2:
+ Compressed patches.
+
+ 20 Aug 2004; Gustavo Zacarias <gustavoz@gentoo.org>
+ openssh-3.8.1_p1-r1.ebuild:
+ Stable on sparc
+
+ 20 Aug 2004; Daniel Ahlberg <aliz@gentoo.org> openssh-3.9_p1.ebuild,
+ files/openssh-3.9_p1-sftplogging-1.2-gentoo.patch:
+ Enable X509 now that a updated patch is available, closing #60905.
+ Fix skey support by running autoconf, closing #60849.
+ Disable pam if static is in USE, closing #60864.
+
+ 19 Aug 2004; Chris PeBenito <pebenito@gentoo.org>
+ +files/openssh-3.9_p1-selinux.diff, openssh-3.9_p1.ebuild:
+ Update SELinux patch
+
+ 18 Aug 2004; Daniel Ahlberg <aliz@gentoo.org> openssh-3.8.1_p1-r2.ebuild:
+ Fixed sftplogging patch, closing #60417 again.
+
+*openssh-3.9_p1 (18 Aug 2004)
+
+ 18 Aug 2004; Daniel Ahlberg <aliz@gentoo.org> openssh-3.8.1_p1-r2.ebuild,
+ openssh-3.9_p1.ebuild:
+ Version bump, closing #60758.
+
+ 16 Aug 2004; Daniel Ahlberg <aliz@gentoo.org>
+ files/openssh-3.8.1_p1-largekey.patch:
+ Fixed largekey patch. Closing #60417.
+
+*openssh-3.8.1_p1-r2 (15 Aug 2004)
+
+ 15 Aug 2004; Daniel Ahlberg <aliz@gentoo.org> openssh-3.8.1_p1-r2.ebuild:
+ + Added sftp-logging patch, closing #52168.
+ + Added patch for large keys, closing #55013.
+
+ 08 Jul 2004; Bryan Østergaard <kloeri@gentoo.org>
+ openssh-3.8.1_p1-r1.ebuild:
+ Stable on alpha.
+
+ 07 Jul 2004; Travis Tilley <lv@gentoo.org> openssh-3.8.1_p1-r1.ebuild:
+ stable on amd64
+
+ 03 Jul 2004; Joshua Kinard <kumba@gentoo.org> openssh-3.8.1_p1-r1.ebuild:
+ Marked stable on mips.
+
+ 01 Jul 2004; Jon Hood <squinky86@gentoo.org> openssh-3.7.1_p2-r1.ebuild,
+ openssh-3.7.1_p2-r2.ebuild, openssh-3.8.1_p1-r1.ebuild,
+ openssh-3.8.1_p1.ebuild, openssh-3.8_p1.ebuild:
+ change virtual/glibc to virtual/libc
+
+ 28 Jun 2004; Brandon Hale <tseng@gentoo.org> openssh-3.8.1_p1-r1.ebuild:
+ Stable on x86.
+
+ 15 Jun 2004; <solar@gentoo.org> openssh-3.8.1_p1-r1.ebuild:
+ pam & uclibc updates
+
+ 07 Jun 2004; Bryan Østergaard <kloeri@gentoo.org> openssh-3.8.1_p1.ebuild:
+ Stable on alpha.
+
+ 05 Jun 2004; Hanselmann Michael <hansmi@gentoo.org>
+ openssh-3.8.1_p1.ebuild:
+ Replaced ~ppc with ppc in KEYWORDS.
+
+*openssh-3.8.1_p1-r1 (30 May 2004)
+
+ 30 May 2004; Mike Frysinger <vapier@gentoo.org>
+ +files/openssh-3.8.1_p1-opensc.patch, +openssh-3.8.1_p1-r1.ebuild:
+ Add optional support for smartcard stuff #43593 by Andreas Jellinghaus.
+
+ 01 May 2004; Ciaran McCreesh <ciaranm@gentoo.org> openssh-3.8_p1.ebuild:
+ Stable on sparc, mips
+
+ 28 Apr 2004; Daniel Ahlberg <aliz@gentoo.org> openssh-3.8.1_p1.ebuild:
+ Readded X509 patch now that it has been updated upstream.
+
+ 27 Apr 2004; Michael McCabe <randy@gentoo.org> openssh-3.8.1_p1.ebuild:
+ Stable on s390
+
+ 22 Apr 2004; Guy Martin <gmsoft@gentoo.org> openssh-3.8_p1.ebuild:
+ Marked stable on hppa.
+
+ 22 Apr 2004; Daniel Ahlberg <aliz@gentoo.org> openssh-3.7.1_p2-r2.ebuild,
+ openssh-3.8.1_p1.ebuild, openssh-3.8_p1.ebuild:
+ Fixed IUSE flags.
+
+ 21 Apr 2004; Daniel Ahlberg <aliz@gentoo.org> openssh-3.8_p1.ebuild:
+ Stable on x86 and amd64.
+
+*openssh-3.8.1_p1 (21 Apr 2004)
+
+ 21 Apr 2004; Daniel Ahlberg <aliz@gentoo.org> openssh-3.8.1_p1.ebuild:
+ Version bump. Found by Daniel Webert <daniel_webert@web.de> in #48465.
+
+ 13 Apr 2004; Daniel Ahlberg <aliz@gentoo.org> openssh-3.7.1_p2-r2.ebuild,
+ openssh-3.8_p1.ebuild:
+ Updated SRC_URI.
+
+ 23 Mar 2004; Daniel Ahlberg <aliz@gentoo.org> openssh-3.7.1_p2-r1.ebuild,
+ openssh-3.7.1_p2-r2.ebuild, openssh-3.8_p1.ebuild:
+ Change download URI for X509 patches temporarily.
+
+ 18 Mar 2004; Daniel Ahlberg <aliz@gentoo.org> files/sshd.rc6, openssh-3.8_p1.ebuild:
+ Add mkdir -p /var/empty to initscript. Closing #42936.
+
+ 09 Mar 2004; <agriffis@gentoo.org> openssh-3.7.1_p2-r2.ebuild:
+ stable on alpha and ia64
+
+ 09 Mar 2004; Daniel Ahlberg <aliz@gentoo.org> openssh-3.8_p1.ebuild:
+ + Add X509 patch back in, bumped to g4.
+ + Fix static compile by Sascha Silbe <sascha-gentoo-bugzilla@silbe.org> in #44077.
+
+ 07 Mar 2004; Joshua Kinard <kumba@gentoo.org> openssh-3.7.1_p2-r2.ebuild:
+ Marked stable on mips.
+
+ 02 Mar 2004; Brian Jackson <iggy@gentoo.org> openssh-3.8_p1.ebuild:
+ adding initial s390 support
+
+ 27 Feb 2004; Sven Blumenstein <bazik@gentoo.org> openssh-3.7.1_p2-r2.ebuild:
+ Stable on sparc. Remember to mkdir /var/empty if it doesnt exist before you
+ restart sshd...
+
+ 25 Feb 2004; Guy Martin <gmsoft@gentoo.org> openssh-3.7.1_p2-r2.ebuild:
+ Marked stable on hppa.
+
+ 25 Feb 2004; Daniel Ahlberg <aliz@gentoo.org> openssh-3.7.1_p2-r2.ebuild:
+ Backport skey configure.ac patch.
+
+ 24 Feb 2004; Daniel Ahlberg <aliz@gentoo.org> openssh-3.7.1_p2-r2.ebuild:
+ Unmask for x86 and amd64.
+
+*openssh-3.8_p1 (24 Feb 2004)
+
+ 24 Feb 2004; Daniel Ahlberg <aliz@gentoo.org> openssh-3.8_p1.ebuild:
+ Version bump.
+
+ 21 Feb 2004; Daniel Ahlberg <aliz@gentoo.org> openssh-3.7.1_p2-r2.ebuild:
+ Fix openssh to work with multipe kerbers5 libs. Closing #30310.
+
+ 20 Feb 2004; Daniel Ahlberg <aliz@gentoo.org> openssh-3.7.1_p2-r2.ebuild:
+ Filter flag if using ldap. Closing #41727.
+
+ 12 Feb 2004; Mike Frysinger <vapier@gentoo.org> :
+ Set Protocol to only allow ssh2 by default #41215 and enable pam if in USE.
+
+ 10 Jan 2004; Brad House <brad_mssw@gentoo.org> openssh-3.7.1_p2-r2.ebuild:
+ install doesn't seem to be creating /var/empty
+
+ 08 Jan 2004; <solar@gentoo.org> openssh-3.5_p1-r1.ebuild,
+ openssh-3.6.1_p2.ebuild, openssh-3.7.1_p2-r1.ebuild,
+ openssh-3.7.1_p2-r2.ebuild:
+ ppc64/mips nightmare.. had to remove tcpd and skey support for various arches
+ due to other things not being marked stable on those arches
+
+*openssh-3.7.1_p2-r2 (08 Jan 2004)
+
+ 08 Jan 2004; <solar@gentoo.org> openssh-3.7.1_p2-r2.ebuild:
+ added feature request for chrooting via sshd bug #26615
+
+ 04 Jan 2004; Daniel Ahlberg <aliz@gentoo.org> openssh-3.7.1_p2-r1.ebuild:
+ Changeing sshd user shell. Closing #35063.
+
+ 03 Jan 2003; Daniel Ahlberg <aliz@gentoo.org> openssh-3.7.1_p2-r1.ebuild:
+ Change adding sshd user and group to user enewuser and enewgroup. Should
+ fix #35369.
+
+*openssh-3.7.1_p2-r1 (05 Nov 2003)
+
+ 17 Nov 2003; Joshua Kinard <kumba@gentoo.org> openssh-3.7.1_p2-r1.ebuild:
+ Added a gnuconfig_update call for mips systems
+
+ 05 Nov 2003; Tavis Ormandy <taviso@gentoo.org> openssh-3.7.1_p2-r1.ebuild,
+ files/openssh-skeychallenge-args.diff:
+ patch needed for compatability with new skey.
+
+ 28 Oct 2003; Chris PeBenito <pebenito@gentoo.org> openssh-3.5_p1-r1.ebuild,
+ openssh-3.6.1_p2.ebuild, openssh-3.7.1_p2.ebuild,
+ files/openssh-3.7.1_p1-selinux.diff:
+ Switch SELinux patch from old API to new API.
+
+ 30 Sep 2003; Daniel Ahlberg <aliz@gentoo.org> openssh-3.7.1_p2.ebuild :
+ Add X509 patch back in, closes #29664.
+
+ 23 Sep 2003; <solar@gentoo.org> openssh-3.7.1_p2.ebuild:
+ according to the ChangeLog for openssh =zlib-1.1.4 is a must now. Note:
+ openssh needs a X509 patch made upstream for p2
+
+*openssh-3.7.1_p2 (23 Sep 2003)
+
+ 23 Sep 2003; <solar@gentoo.org> openssh-3.7.1_p2.ebuild:
+ security update. http://www.openssh.com/txt/sshpam.adv
+
+ 19 Sep 2003; Chris PeBenito <pebenito@gentoo.org>
+ openssh-3.7.1_p1-r1.ebuild, openssh-3.7.1_p1.ebuild:
+ Fix SELinux patch for 3.7.1_p1
+
+ 19 Sep 2003; Daniel Ahlberg <aliz@gentoo.org> openssh-3.7.1_p1-r1.ebuild :
+ Disabled selinux patch until a new can be made.
+ Fixed some of the patches to allow the X509 patch to apply. Closing #29105.
+
+*openssh-3.7.1_p1-r1 (18 Sep 2003)
+
+ 18 Sep 2003; Daniel Ahlberg <aliz@gentoo.org> openssh-3.7.1_p1-r1.ebuild :
+ Removed krb4 and afs support since they are removed according to the Announcment.
+ Ebuild cleanups.
+ Added a bunch of patches from CVS. Among them a fix for CAN-2003-0682.
+
+ 18 Sep 2003; Daniel Ahlberg <aliz@gentoo.org> openssh-3.7.1_p1.ebuild :
+ Readd X509 patch. Closing #28992.
+
+*openssh-3.7.1_p1 (16 Sep 2003)
+
+ 16 Sep 2003; Rajiv Aaron Manglani <rajiv@gentoo.org> openssh-3.7.1_p1.ebuild:
+ added warning about restarting sshd.
+
+ 16 Sep 2003; Mike Frysinger <vapier@gentoo.org> :
+ Another version bump ! :D #28927. This fixes 'more malloc bugs'.
+
+*openssh-3.7_p1 (16 Sep 2003)
+
+ 16 Sep 2003; Rajiv Aaron Manglani <rajiv@gentoo.org> openssh-3.7_p1.ebuild:
+ added warning about restarting sshd.
+
+ 16 Sep 2003; Mike Frysinger <vapier@gentoo.org> :
+ Version bump to fix #28873 ... selinux needs to be caught up though :(.
+ Marked stable due to nature of release (security).
+
+*openssh-3.6.1_p2-r3 (05 Sep 2003)
+
+ 05 Sep 2003; Tavis Ormandy <taviso@gentoo.org> openssh-3.6.1_p2-r3.ebuild:
+ adding optional s/key authentication support, using new local USE flag
+ `skey`, currently ~arch only. #11478
+
+*openssh-3.6.1_p2-r1 (06 Aug 2003)
+
+ 06 Aug 2003; Donny Davies <woodchip@gentoo.org> openssh-3.6.1_p2-r1.ebuild:
+ Added new local USE=X509 variable which includes Roumen Petrov's patch
+ providing support for authentication with X.509 certificates.
+
+ 31 May 2003; Brandon Low <lostlogic@gentoo.org> files/sshd.rc6:
+ Add 'use dns logger' to the rcscript
+
+*openssh-3.6.1_p2 (30 Apr 2003)
+
+ 30 Apr 2003; Daniel Ahlberg <aliz@gentoo.org> openssh-3.6.1_p2.ebuild :
+ Security update.
+
+*openssh-3.6.1_p1 (02 Apr 2003)
+
+ 02 Apr 2003; Brandon Low <lostlogic@gentoo.org> openssh-3.6.1_p1.ebuild:
+ Bump
+
+*openssh-3.6_p1 (02 Apr 2003)
+
+ 02 Apr 2003; Brandon Low <lostlogic@gentoo.org> openssh-3.6_p1.ebuild:
+ Bump, required some modifications to the selinux patch, test thoroughly
+
+ 09 Feb 2003; Guy Martin <gmsoft@gentoo.org> :
+ Added hppa to keywords.
+
+*openssh-3.5_p1-r1 (20 Jan 2003)
+
+ 30 Mar 2003; Joshua Brindle <method@gentoo.org> openssh-3.5_p1-r1.ebuild:
+ fixed compile options for selinux support
+
+ 20 Mar 2003; Joshua Brindle <method@gentoo.org> openssh-3.5_p1-r1.ebuild:
+ added selinux support
+
+ 15 Mar 2003; Jan Seidel <tuxus@gentoo.org> :
+ Added mips to KEYWORDS
+
+ 13 Mar 2003; Zach Welch <zwelch@gentoo.org> openssh-3.5_p1-r1.ebuild:
+ add arm keyword
+
+ 09 Mar 2003; Aron Griffis <agriffis@gentoo.org> openssh-3.5_p1-r1.ebuild:
+ Mark stable on alpha
+
+ 01 Mar 2003; Brandon Low <lostlogic@gentoo.org> openssh-3.5_p1-r1.ebuild:
+ make -> emake
+
+ 21 Jan 2003; Nick Hadaway <raker@gentoo.org> openssh-3.5_p1-r1.ebuild :
+ Changed USE="kerberos" to depend on app-crypt/krb5 as heimdal is not
+ compatible currently. Install app-crypt/kth-krb and set KTH_KRB="yes"
+ to enable Kerberos IV support.
+
+ 20 Jan 2003; Nick Hadaway <raker@gentoo.org> openssh-3.5_p1-r1.ebuild,
+ files/digest-openssh-3.5_p1-r1 :
+ Added kerberos use flag support.
+
+ 09 Dec 2002; Donny Davies <woodchip@gentoo.org> openssh-3.5_p1.ebuild,
+ openssh-3.4_p1-r2.ebuild, openssh-3.4_p1-r3.ebuild : Add a shells reminder.
+
+ 06 Dec 2002; Rodney Rees <manson@gentoo.org> : changed sparc ~sparc keywords
+
+ 01 Dec 2002; Jack Morgan <jmorgan@gentoo.org> openssh-3.5_p1.ebuild :
+ Removed ~ from sparc/sparc64 keywords.
+
+ 29 Nov 2002; Daniel Ahlberg <aliz@gentoo.org> openssh-3.5_p1.ebuild :
+ Rewrote patch applying code.
+
+ 22 Nov 2002; Will Woods <wwoods@gentoo.org> openssh-3.5_p1.ebuild:
+ Added patch to fix compile problem on alpha.
+
+ 23 Oct 2002; Maik Schreiber <blizzy@gentoo.org> openssh-3.5_p1.ebuild: Changed
+ "~x86" to "x86" in KEYWORDS.
+
+*openssh-3.5_p1 (18 Oct 2002)
+
+ 19 Jan 2003; Jan Seidel <tuxus@gentoo.org> :
+ Added mips to keywords
+
+ 18 Oct 2002; Daniel Ahlberg <aliz@gentoo.org> openssh-3.5_p1.ebuild:
+ Version bump, found by fluxbox <fluxbox@cox.net> in bug #9262.
+
+*openssh-3.4_p1-r3 (04 July 2002)
+
+ 25 Jul 2002; Nicholas Jones <carpaski@gentoo.org> openssh-3.4_p1-r3.ebuild:
+
+ Bopped Brandon on the head. Added -passwords to the end of --with-md5
+ No version bump as this doesn't affect most people, and those who need it
+ can just rsync and emerge.
+
+ 09 Jul 2002; Brandon Low <lostlogic@gentoo.org> openssh-3.4_p1-r3.ebuild:
+
+ New revision enables md5 passwords, please test and let me know how it
+ goes so I can unmask. Thanks.
+
+*openssh-3.4_p1-r2 (04 July 2002)
+
+ 09 Jul 2002; phoen][x <phoenix@gentoo.org> openssh-3.4_p1-r2.ebuild:
+ Added KEYWORDS.
+
+ 04 July 2002; Brandon Low <lostlogic@gentoo.org> openssh-3.4_p1-r2.ebuild:
+ Fixes problem of /var/empty being removed if immediately do emerge openssh
+ emerge openssh. Not an urgent upgrade, but recommended.
+
+*openssh-3.4_p1-r1 (02 July 2002)
+
+ 02 July 2002; Brandon Low <lostlogic@gentoo.org> openssh-3.4_p1-r1.ebuild:
+ This closes bugs 4169, 4170, and 4193. This new ebuild changes the sshd
+ user from whatever it may be to UID 22, this shouldn't mean anything to most
+ people because no scripts, nor programs use the sshd UID directly (for that
+ matter it is only referenced during authentication of new logins via ssh).
+ However if for some reason your system does have things that were owned by
+ user sshd, you will need to change their UID.
+
+*openssh-3.4_p1 (26 June 2002)
+
+ 26 June 2002; Brandon Low <lostlogic@gentoo.org> :
+ New version closes soon to be released security hole, PLEASE upgrade
+ immediately according to the changelogs, this new version closes several
+ possible holes found during a massive audit of the code.
+
+*openssh-3.3_p1 (22 June 2002)
+
+ 22 June 2002; Donny Davies <woodchip@gentoo.org> :
+ Chase latest release. Starting with this version sshd uses a new privelaged
+ process separation scheme. See the docs for more info.
+
+*openssh-3.2.3_p1-1 (5 June 2002)
+
+ 5 June 2002; Gabriele Giorgetti <stroke@gentoo.org> :
+ New revision. Changes submitted by Alson van der Meulen gentoo@alm.xs4all.nl
+ within bug #3391 were added. Bug closed/fixed.
+
+*openssh-3.2.3_p1 (30 May 2002)
+
+ 30 May 2002; Arcady Genkin <agenkin@thpoon.com> :
+ Update to 3.2.3.
+
+*openssh-3.2.2_p1 (18 May 2002)
+
+ 18 May 2002; Donny Davies <woodchip@gentoo.org> :
+ Chase latest release + update openssl dependency.
+
+*openssh-3.1_p1-r2 (03 Apr 2002)
+
+ 03 Apr 2002; Daniel Robbins <drobbins@gentoo.org> files/sshd.pam: new pam
+ sshd file to use pam_stack, pam_nologin and pam_shells, as well as use
+ pam_unix instead of pam_pwdb. Added updated shadow dependency if pam is
+ enabled (to depend upon our new shadow with the pam_pwdb to pam_unix
+ conversion).
+
+*openssh-3.1_p1 (7 Mar 2002)
+
+ 15 Mar 2002; Bruce A. Locke <blocke@shivan.org> files/sshd.rc6, files/sshd.rc5:
+ ssh1 keygen requires a new option in the initscripts
+
+ 13 Mar 2002; M.Schlemmer <azarah@gentoo.org> openssh-3.1_p1-r1.ebuild:
+ Update rc-script not to fail on restart if there is open sessions.
+
+ 7 Mar 2002; F.Meyndert <m0rpheus@gentoo.org> openssh-3.1_p1.ebuild:
+ Updated openssh to version 3.1 that fixes a nasty off by one bug in all
+ previous version. That caused a local root hole.
+
+*openssh-3.0.2_p1-r1 (01 Feb 2002)
+
+ 01 Feb 2002; G.Bevin <gbevin@gentoo.org> ChangeLog:
+ Added initial ChangeLog which should be updated whenever the package is
+ updated in any way. This changelog is targetted to users. This means that the
+ comments should well explained and written in clean English. The details about
+ writing correct changelogs are explained in the skel.ChangeLog file which you
+ can find in the root directory of the portage repository.
diff --git a/net-misc/openssh-x/Manifest b/net-misc/openssh-x/Manifest
new file mode 100644
index 00000000..2967b1d5
--- /dev/null
+++ b/net-misc/openssh-x/Manifest
@@ -0,0 +1,96 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA256
+
+AUX openssh-4.7_p1-GSSAPI-dns.patch 4494 SHA256 88a08f349258d4be5b2faa838a89fe1aa0196502990b745ac0e3a70dda30a0d7 SHA512 4d00a9ed79f66b92502c3e5ee580523f63d7b3643fe1bd330ff97994acce527d4d285d38199cef66eddc0ef68afabf7b268abc60cba871bac5d2e99045d4ac11 WHIRLPOOL 2f118fd2f016c529dbc31e8f2b6b418931e6770ab02c28b7feeaba93e84e7fcd1c742f4420a43a9fec0bdfaa4d4bc7cf14fb860c0a56c68a30e7b136fb60bcdb
+AUX openssh-5.2_p1-autoconf.patch 386 SHA256 42bb5f23f02241186abd6158ac15cd1fba0fadb4bd79e6b051fbd05605419ebb SHA512 80a2244e243492d3933646a32fa673078efd72d0e87939b326c2210f23d72675839cfefa2f31617279d51834cc34daf2c3c189c9d92b08875b6b4f68fa7f3844 WHIRLPOOL d4ca3dd8554863d074054489a2dbe5aca3d07fcc5858e908caa5d76dcf8beb661cc3ca6d22a02ab2ca9f504160a6a1acc7f45a4fa775d879b02ee1ae3d113926
+AUX openssh-5.2_p1-gsskex-fix.patch 408 SHA256 8190db31ed2e8dc6ce79030e5c648d04610b06dd8366df5948ef6e990314ee96 SHA512 2022cd25b3e07430752569e07165db313e49a0902ef251df3e50ca96197849be6efbdee360a3a435cae0b5d2dda55acc8676b232d3584f87e204c2fc04b92801 WHIRLPOOL 65da9f3450493ca9a25741e66b2ecf97d7a5576c15485ff3a7c08fc57b06a17b3b6e73b14d2962bf958d9326a6d54c2940f56eb42de4bd5011324bba84c67cca
+AUX openssh-5.2_p1-x509-hpn-glue.patch 2851 SHA256 a21336a892b61e29a556d16e9f0a67ee08ad04dd61e3963a201fdf032ce55f75 SHA512 417617acba409539cd2edd59e7640fe732f90265f70d7f4cd91c8b059d44c9c1be63cf336ee3a39a45f1a066bc577e261836b8113296535b9320d77fed3a05bf WHIRLPOOL 901fd8e0ceafd27bd5fdca9007b82842dce2b5aee11c069d0f0229c4568886f0df861c80eb5b3a754a0af795ebb9c78a78a3e76002f17bdbf8349923439deecf
+AUX openssh-5.2p1-ldap-stdargs.diff 252 SHA256 97281375efa33e9ce70a55bfa95b6b426208175e7e3ff493012bc25d9b012f45 SHA512 2577b1476211f563bf8a7e62c2341e35cff7208a04b7a3fb1d331721e58f395cdef1ce2ac735b95c31781e06e16ec27c6692df09928393248c971837a1e03079 WHIRLPOOL df65dd54dd12be39fb4b830536f86aef97c086b227de1d87d56788bf8bce39a345da0ed814dd53abdaa5d158c99f0b87cb8510812d10c353a3b8a82493b210af
+AUX openssh-5.4_p1-openssl.patch 255 SHA256 f83627039491e9969f1ed5d77fe816465ce75809e8c2f2bfb07012bc21384347 SHA512 8cfd757dbe79ee502c10c5d518730f4e790bd61753120bb168d545dfc702a7a55c274fd9c81d2798ec78cba30f173aaf0bee1f15bb23f9f465c3524a5c81ca2d WHIRLPOOL 852f3e9dc6cd05934b52effa03961a0d989734a28649eb199e1f260d4e8129dffed378d8efdbd40a5f520362fe8fa404a744724135caa39f48e876849cf2350b
+AUX openssh-5.6_p1-hpn-progressmeter.patch 334 SHA256 eaa98f954934364a1994111f5a422d0730b6e224822cef03efe6d6fc0c7f056f SHA512 46eb5253549ddca045e67841daa092a8a33a6ae4411e75c301589f0a88159c6d2ccfe45c2f0502314465b93ac6f1965264a9b92b13e0e88d4ff15ced5f4ebfeb WHIRLPOOL 72b05e4243e746fc315468ac1dc8988b92919dbd147470855b8753e0ae37ad3696de6c9ec29346596aee2d60acbbcce79cea5735b9a91b3452a4b4f3f69d3012
+AUX openssh-5.6_p1-x509-hpn-glue.patch 1974 SHA256 164db7af08e0565821d6d609b1beadab39777521bfff143a83acc1e097ad60f1 SHA512 a764d8411f0b7c49d6f51b25153c18648d58dfbc82897903bad826293f3497010ab0343e4a4cc81b37e51c3a28ec04cd5be7c8882126295ba2b38e734e262995 WHIRLPOOL 4a8151dde306eace1404b8e83dc2514cb8f073acb6c759b9a2a9e619181951873afad785f565861f6d1031d9314f8d450faef63629dfd5f1b0074cb78b059578
+AUX openssh-5.7_p1-x509-hpn-glue.patch 1888 SHA256 30f63dea0e810d92790ddaf9813f0b8dec1e827a39e1752faff6bb41382f3c1b SHA512 db839f3cf3c67ef28290551810dc5c8937d1ef401f48ed937165b57191e75944adb25ab36cbf30289f7fc0076ec192c030e40fb5a744c63932b414e49b99946a WHIRLPOOL 2e539c49ef613e2a9912011ac289036381f8fd8d8ff5f2e0088dd3443a1c7fd86c3efe2b2041736bf67b73c8b4b298208de183945dc68c73ad6f35c41fb8a619
+AUX openssh-5.8_p1-selinux.patch 433 SHA256 0de250c75f4dae78406e5151f563bd104b8e7792a825515510e095fb47462cfd SHA512 e6c89eb26b4bc651503ab81d346e780fdec3056302c5e2d8a6be5892fa514f83093370c463aae88091dc20d30013fd32250e040649147797bcca69ddc7d05ae3 WHIRLPOOL f72ccd773b9ff7a897940afddcb38ba9512e0830c33a2381886d2698e0ae0c6a7db9678326945bdf6769acc21d3e4bf8a196161114805d4570af2819e610df84
+AUX openssh-5.8_p1-x509-hpn-glue.patch 1907 SHA256 7ab452c02b141645b764d404aa3de0754ab240a64601a6bb587919673f957682 SHA512 317c04fab93aaf82685e54335c876b2399623ef69428297c2e5934d45f69f0e78a89c79ad7bb186ef12a779ebf0f088ca142d6a426baeb32b166ceca8098572d WHIRLPOOL 34fdef826750070d112dc6c1bf84de11ebfa646fb5cbfb9f76d13dab925cff94996ed51cfdcba4e0b536915883bb4728756b79db157c019ba951ee1a32c18fe3
+AUX openssh-5.9_p1-drop-openssl-check.patch 848 SHA256 89b011e27548b9922deed63ed57a6c94ea8013bb3bfb4d6590ba43d284a2ab86 SHA512 bbcbb61b6fea194e7ee3862a5b462d48ce4cf4fec12cc8a8564fc5fc8f840dca2b4ddf301bf9d12bcbfd3922948023320ea660a8c194d57bf2b1e9d095fc8eb2 WHIRLPOOL dc8e140d2bfe59546b944236ebcc702cd4a19ed5c6ee24d590bb0d50221069666b3797cf1717e6090d12525b3310cd963537e4c2c413bb2692ec85dcb2d33b43
+AUX openssh-5.9_p1-sshd-gssapi-multihomed.patch 6622 SHA256 f5ae8419023d9e5f64c4273e43d60664d0079b5888ed999496038f295852e0ae SHA512 ffa45e97e585c8624792e039e7571b2bb5f38e4554de8bfc1d532f3348fa4a712ea1b6ca054e6a59ed1321a15cf1a9d3bdf3f399cec315346db89bae77abf57d WHIRLPOOL cc4871e3fb91a8075a13b5e49d7d3e0e83106bae0820ae3cf19d3427aad3d701b8f25b2cc2cc881a6315f8e5114fb82da9ca335acccb24afe221d66574fb7685
+AUX openssh-5.9_p1-x509-glue.patch 569 SHA256 579ef6409878cea36828057a82a37232ba230af0acb58438f020c284f06a6510 SHA512 534697c03837c8a6084348245722b8730b2547d0e2adca274077fcac295e13e8f2d8ae4cd788fc1c58824fc7b591e731e02d43873fdbe5f20ca1a87fa3060886 WHIRLPOOL 9dd0de494ba2c4a2dc1577e48ae8a63d95c794981ce1aa8d8f0d7fe464e489763f9af042ebecb6428c70cce56ae0b5ca93904669403bd9cc0e61e34989b82462
+AUX openssh-6.0_p1-fix-freebsd-compilation.patch 546 SHA256 4cee4d0b68a847b7686309ddc92f86fc36254d6e864682225143a28fc91e6187 SHA512 f9b783f76212ded27181b0a5ab8b4efc999a9960a020de54f109dad01a3e49b126a9c59da2286e565717f9e68991d2275e0872d54406f2c56a37d4dd439d92e4 WHIRLPOOL d0307e8e2a464914c9f4b2c790d72ff94eddc776986f0a847e04abede59feb6339bd256fe3dc831b362cb8e7f4e3cdb763a5c3c834f1fd7c32e4325cfb91ce63
+AUX openssh-6.0_p1-hpn-progressmeter.patch 379 SHA256 fb38d9d16132fcc16fb2648bce21e2260fb5cadf0ae2e2a7849638aeb79d3dc7 SHA512 4885f49f38c8a3afdef2ba63f324601214810aef8bbac89c926edca9edc8998f49f5060f1070ee0278ef7cdcdd7329a9b9fa37d1466e32cd2dc81edcdee50f51 WHIRLPOOL f73843d69f9aacea93a965eafecd16a037dae996d879d4b755831413321e3ed1e3e3167eff716a4ae836698b4e51c740bbfcca48033cb1dd4353f8599296272e
+AUX openssh-6.0_p1-test.patch 780 SHA256 c5893911cec3eecf84dc13bddbefbe1e1053db11e65a909b5f28eacbdd88a29c SHA512 733ee29c64f2469678ca0a4056332d43179cfe73d7efdd0c3c4b24da75baa74b7661e5039bd6fdbb0a375ae5ad5b60353c715946bb59d477ea0c5efaf70b1697 WHIRLPOOL a98055e2634eea3421dc2117a19e0548dae9b4705f7681e45bd4f33e3782f2ec22097de7f7ed4507d1ba5ed983d10499b786347688fadb6e803d20ea86bd7a02
+AUX openssh-6.0_p1-x509-glue.patch 569 SHA256 8c9048a33036a93f56e254cfd53b18313682d466deadfdcd8937a46793617900 SHA512 ad0c0cc7745a80dcc59e671f98608c0bdadf276449352615e738fe7f2e740e0f68713320c48b88b3b4565fd7e1f1a5653a0965e247bec68011c4eff72a9ffece WHIRLPOOL dde2aa90d6a19aeae8b6ad9586a10ac6b9c0e7b9e30f3e1d511bf7b938a299c75cc5771c8bc22ce6b6582ca7ea4804e545c463546580eacbcd38fa664841add1
+AUX openssh-6.0_p1-x509-hpn-glue.patch 1774 SHA256 b2dcff21652eea92d2ff2640a568070a944e7bfb2bd3217c433e6383a64b0970 SHA512 82793502b8c943f0bd69019ea1cf1172f9579dc6a8f6c91f6aba9a9d743384d5ac84f7a49df07165e252b4ef4fc06b745463bdc58d06da2aca3c7acbb3dd8623 WHIRLPOOL ffd01827dbf8162359cf7a278020f2bfa7ed1ee1051774522623bcf448ffc8a3e28ecff2de5733b352beef5722a9dec2e9bb25fabc7edca615a774f65f756246
+AUX openssh-6.1_p1-x509-glue.patch 573 SHA256 e51aa53e9e0336606fc36af237d50338347b845ee56a66d01f86829c4b46feb6 SHA512 bac2971b6435433d6ac88fb127c178e678fe805f51260454d9d0b631ef52dbafc08343fb307a74a116691545a82f5369dc014e71a7c8c65ba41699b31e1dfb6f WHIRLPOOL dd514ce502f7c7968e8fa526b1b2f7d7945f2d5b5f1f013e54f7513a7c7bf6025dbdeabe566958018db8f7442c9611f7efd435501b4b965b0fe7594e24ee20fc
+AUX openssh-6.1_p1-x509-hpn-glue.patch 1491 SHA256 28c5000f7c8b23afc363d066cf96d39c00882274f227b7743b1e376df8b61a2e SHA512 0d6bab08cc400b81d936883bf39f5a461799874f6ea3dcf55c083372ed379bc0066b913646f7a0e32167079ba85409c272b258de179d55660739df4bbbf30e5b WHIRLPOOL dbfbf8eb0312ae119421e45efd8243b089ab2d3c2bc1f7b7cbd5b56f86844dfe42b27952e4ed88653679ec036f70b8edd3e00f17ae097241fbc88567bab38505
+AUX sshd.confd 396 SHA256 29c6d57ac3ec6018cadc6ba6cd9b90c9ed46e20049b970fdcc68ee2481a2ee41 SHA512 b9ae816af54a55e134a9307e376f05367b815f1b3fd545c2a2c312d18aedcf907f413e8bad8db980cdd9aad4011a72a79e1e94594f69500939a9cb46287f2f81 WHIRLPOOL 69f43e6192e009a4663d130f7e40ee8b13c6eb9cc7d960b5e0e22f5d477649c88806a9d219efef211f4346582c2bb51e40d230a8191e5953dbe08bfff976ae53
+AUX sshd.pam 294 SHA256 f01cc51c624b21a815fb6c0be35edc590e2e6f8a5ffbdcabc220a9630517972f SHA512 3268dc826978fbb205968744d83c6f1c838c9c73bf9c4ceee709c5b4168b4aaf06bcde47a32808571fa71cbc5a6bfdb98406995b2b28c9e633ce392a53932d64 WHIRLPOOL fff8966d66d75cd4d70607585b5de063f225a776b73b8b0f8146c5eed6c8ffd2ca38c46f86fa4e2ca8caafcde7797a3f0b177e60baa6fa0642064080883fa68a
+AUX sshd.pam_include.2 156 SHA256 166136e27d653e0bf481a6ca79fecb7d9fa2fc3d597d041f97df595f65a8193c SHA512 d3f7e6ca8c9f2b5060ebccb259316bb59c9a7e158e8ef9466765a20db263a4043a590811f1a3ab072b718dbd70898bc69b77e0b19603d7f394b5ac1bd0a4a56c WHIRLPOOL ba7a0a8c3bb39c5fda69de34b822a19696398e0a8789211ac1faae787ee34f9639eb35efe29c67f874b5f9fe674742503e570f441c005974f4a0c93468b8970b
+AUX sshd.rc6 2189 SHA256 627125378ccfdd81289531f527346980da249d35499cb71518f88f1452f4c098 SHA512 b2981a6dd9b83a21c718bb4dbfe88a0f1157bc764d1795291a381e380b40141719e5e5cf0cbd89845e81a7e9b0b4fdf938a55ff80ae4b5cac1969189aefa2b1d WHIRLPOOL 136497f366686ae25d78b11c17d4f9235d8980a8a147b380c00c281adaa91940f82a709b7da312736608e3b3ce3a2dbca465a2010f27e9562389de98be5885cf
+AUX sshd.rc6.1 2270 SHA256 153119116208d328c496d29b7cb9f85991df93020cc50c83b05ed498b10a2126 SHA512 80f0e460ad7ffd9a6fb279ce2d307cbda1f7352745ffaca381867f636ae64df336a03de0da15aca39619acdbebf41e2ccbd2bb233433f93625754965aaaab780 WHIRLPOOL 6b7a4519282fe99fc36cd0f89f6163ad9c8c9d998b15e84d3758af607627db48cf58ffee1bc4291ac0e7f75455f8f8873cd5d996f3c75f1ea3bef0b249abdffe
+AUX sshd.rc6.2 2069 SHA256 94b1fc0d608464fd4a6c7ed23f0b9c44aada3404982d8fd25b8bfe202baffaa6 SHA512 f75f95e6cf912b8c45f7ccf81e764805a56057368b18425abe699b29c3c66d32ea5b2d1c9f6fadf97487430e703e01dc2d965e41b8511f31a3e06d3bcbbc1006 WHIRLPOOL b9082ba3854e1842e057717b9a1571ba5ac6bf69c5facb391b7a3d890b13f879d7ae1484eafbbffc17746c3a8184f23e4c3fa831f678eabdea7d23e2c0d1bf63
+AUX sshd.rc6.3 2057 SHA256 43d95b495440ed6b3c1eb82b81712d7f6e58246527605c11d733cb5eb5523254 SHA512 3ddcdeae6c7f4755df1f8fe77d9d1af8c728f8cc18da0feaeccc4b8147f86b4db1ab1bf4ad362c31fac986270b21fe2c80e0414d64f70bfdac2370e22c2c9db2 WHIRLPOOL 57a18d85ab77abe64eddf852975481d974bd68b0b058d854a31158aed14b1706743ad563aa013c770aa124533fb5344bc64d0c06b564e1b53e28e1b0ebe463e8
+AUX sshd.service 206 SHA256 093d4f526e740cbec46ad6a69207407daf01e74da44599d75b979f294c9b0a7b SHA512 67d96a63a6bc874bacc2f43b51c003f2209a4d2283f8435ba3495266e4823d73962fd995f46eab0e8b260107b9a8c416709b2f19e8e94ecea30ddd8280444cfe WHIRLPOOL b48005444104583bd230e68f870a1d0c4a8709f5e8f7fafa45becf259df64052b1938853e8e232b32aae882dbad83d5c78d7796eafb6c02bd0196f7a6a44075f
+AUX sshd.socket 136 SHA256 c055abcd10c5d372119cbc3708661ddffccdee7a1de1282559c54d03e2f109d9 SHA512 4d31d373b7bdae917dc0cf05418c71d4743e98e354aefcf055f88f55c9c644a5a0e0e605dbb8372c1b98d17c0ea1c8c0fee27d38ab8dbe23c7e420a6a78c6d42 WHIRLPOOL 102d87b708c31e5994e8005437c78b1aa756c6def4ee9ae2fa9be1438f328fc28c9152a4ff2528941be18f1311594490ecd98b66716ec74e970aa3725a98e2e5
+AUX sshd_at.service 176 SHA256 332f5ffc30456fe2494095c2aabd1e6e02075ce224e2d49708ac7ccf6d341998 SHA512 662a9c2668902633e6dbcb9435ac35bec3e224afdb2ab6a1df908618536ae9fc1958ba1d611e146c01fddb0c8f41eefdc26de78f45b7f165b1d6b2ee2f23be2a WHIRLPOOL aeb32351380dd674ef7a2e7b537f43116c189f7fddb8bdb8b2c109e9f62b0a73cc0f29f2d46270e658ab6409b8d3671ce9e0d0ba7c0d3674c2f85291a73e6df1
+DIST openssh-5.4p1-hpn13v7-x509variant.diff.gz 22941 SHA256 c2b1a81c6952ae73cc4dfd1528d560588c45cf1242ea8b0e6eadb0cc83b50377 SHA512 12410d69c8c2484aeabd8598604c26c7ba3a594f85feeebda2290b9091b058840613c791e4eabcf8605682ff78c7cc03cb8ac7294156c2f8ed64f34dc10e4271 WHIRLPOOL 5a2a1bb540ca390f6e75cfb8e24f043e1f18c9b48b03c2c9429f5e75606c39dd596e63dc31821e4b6a4559a7f782024113365c1647a611eb3395ecf723461a5f
+DIST openssh-5.5p1+x509-6.2.3.diff.gz 156737 SHA256 a2fdf904c21036fe6ee89da7572a37f4763ef414348f9a953c7c7e0fb3562a7f SHA512 9b1e327f298b44064ca212e3dd051a6631126719dbe34af3fa7e42026bc00a747f6476a6bd8c90fa54e08e8d6958f163e8403945bc3c51225555e6ab549297f9 WHIRLPOOL c9a8b04fd01d0487b031d4864cd3da16feafa39d103f21cafe838c1f70dedca00c01f0184bbead230a1875fbbfe8e4bac2ec3d03d01ea58cbf413cd6ea5e6548
+DIST openssh-5.5p1-hpn13v9.diff.gz 22657 SHA256 0556ad75cbd29cba71263a5b7ddc44c03d17c09297a6c41a16d39d3549e5079c SHA512 14c98066a5d822d61b4beadecd6ed097e66aa725933748c324450752c50e834f1b48a4e44be6e74aab58a12c80596fae4299e455094751684e540b86620c451a WHIRLPOOL 38bc75f094f3f8f45b81a707d4ee06a3a0e2e0647ba1e87508765867c4bb50e5b9e88a1e41a48a89ee79d3e390874a2d6fab96f310dbad736c98604c4bc0805c
+DIST openssh-5.5p1.tar.gz 1097574 SHA256 36eedd6efe6663186ed23573488670f9b02e34744694e94a9f869b6f25e47e8a SHA512 548c0c552c63498c4d424940161cb504b88c6872d2d8514c09100856656ce1f5d59adc378307a306bb86254032a24ad69bc9794695893c453fee625062ba615c WHIRLPOOL fef34167b71ff2c8cf67506cfe8d9caf63c830933ca77674fd6b244b96da6221d14838d6e67884020c627cdc01cc913965b1ba9ec0ce415e76131fc1edde62db
+DIST openssh-5.6p1+x509-6.2.3.diff.gz 168109 SHA256 90977eded2ae5e71bc3b84aad8597442074742d78d471087d020e58dd58342ad SHA512 029b3e1ae8d7e01b17cbbb4d01c0798e5857dc2f144b4e7a5c70f65fe8de605d29a9ac29f4a26d0495f1abbfed24bafd7ac211bc550f558a0adf64a64415bca9 WHIRLPOOL 53a8b66857e45358a0d973dd1f9884ead1f41d3b2794e0bc6f78bdda33507ae2da3cf6f51d53470159e00992042b2ef3d67a8fb71ceef658c386732e3e88f709
+DIST openssh-5.6p1-hpn13v10.diff.gz 22988 SHA256 6a9ee815e8ffcc9068c3dce4ad4f2898fc0db6b768a3152280aceb8c06c8b450 SHA512 d752f6fc924c8b390a58bffea877f4e8a98eb93dac07ba749d3ccef1de4ee75f5116c186ab18d093ef0ae0d63e4f435cf41a1c1a9bd85cd1d0e8be90e060ebc2 WHIRLPOOL b7f4e8f35698510c7fdbd01d7d656e75bba715d3c2cc31eb7fc54d4158b4a346e17be3d1e2f6b7642c7e0a12d8996ccdf217a1856062c88d43a4e4f62f25f412
+DIST openssh-5.6p1.tar.gz 1117952 SHA256 538af53b2b8162c21a293bb004ae2bdb141abd250f61b4cea55244749f3c6c2b SHA512 81bcb84244524c8046f977f35d1dba40b29324033db7590e3439494812038d1e2c1f7082c64488f0f7838f80b7fbbe133b95675ee23aa66a5d036a28a7882c97 WHIRLPOOL d6c8126b08d4287d2b846a7669cb7b7cb361ce5cab9719df30f243ecc04de5657572165bf2165a8d65d79c0464e91385ffa45ef30cba3bf4047dc6ce3580a317
+DIST openssh-5.7p1+x509-6.2.4.diff.gz 170001 SHA256 86af445d27be112318e95c4a188593b171a34b100e2187ef12a116c95e36c51d SHA512 a60e9c13829fbf8e2c3cf805d6de6c12fe7d3e77b0e889f56f08d0edc2e89b911ddd763f6660c193465dfb220c8f48d29257a068b69a0659b7e177739a0bd8c6 WHIRLPOOL d4b9012905117d034d2dbdf16342fc17c0e5f8326b2fa49244aa341746c382925608527d75ad6dbaaafc9a0d0083a9742b422d897363ab9f7a91a4269d6b4c1c
+DIST openssh-5.7p1-hpn13v10.diff.bz2 20132 SHA256 fc6518ea065841cec96a503207bd6f927c65234862ec13a44c3c13cb978bfa57 SHA512 20fde13375f123ca17d8faa5ed384cfd241695d606beba26f68ae966d6db6e551376d29e54b8221e918668e01995829c9217d3c835d005ebd5723000c2e54cb8 WHIRLPOOL 6a4fba0f711297b06c44449461797f3c0604de093b2a079aecaf59a2aa9cecdfdeb3c6bdec13138fdc4ffb5e7f64114e2669af89756d54a225730ad4415eb1f2
+DIST openssh-5.7p1.tar.gz 1113345 SHA256 59057d727d902d8b04b2ce0ba8f288c6e02cb65aca183cc8d559a4a66426581b SHA512 9a4b8a96b96d9593159d3ee8fc2a2a0ede60efb795c9c92b3110ec193b1fdcab2a63eef546efb1e4a3045c9095f6de9e40fee669d2e1b30d562acb840dd069f4 WHIRLPOOL 3384ddfc34b36299d379e24f6c1e238b88d2599f820e8b14baa9d24e5ddd2883caf0c1a43650844511de4c790e4d439d763d2b26b9c622b168016a5b02c801e8
+DIST openssh-5.8p1+x509-6.2.4.diff.gz 170014 SHA256 029fce2cabb1a387b9f5784631dec0ee866e4e44ce34c819e1055c7c4a184744 SHA512 b648fcf55933adc73ac5efa0292e68cc74a491d1c7988ede9e07c882b024ac366330aca67766f4812e4ed49c7f79ff9bdcf32ff950ac3467d181657bbb9c1443 WHIRLPOOL 62641d0d0a745993a5f70082a4d682a3e82b274b2deb9ae1295397dda95296bd5a2033f5830060803430f17ded7bca6f7ab4930633ddeb92523a4b10c3721e81
+DIST openssh-5.8p1-hpn13v10.diff.bz2 20120 SHA256 24b4c0372f96262d0b162dff056d21212befe6a8fd8dddde88206aecdd85e11e SHA512 f83e43a581dec02804f5b900c956b301daa426687017e27a466b7ef6e38cfa02b1a1babeef79d891f437cc2ca032c07bb0c06c16d28115c88bf82af86815fbc1 WHIRLPOOL c31e28c348e58bedb180c1660545e6fcd2ada50c237c7178049912239ff04b2526478a869c255da8a16d5b824a1a5a7d313e2a1fb670d794102b55d1356d8e8d
+DIST openssh-5.8p1-hpn13v11.diff.gz 22993 SHA256 62b500d29d8889ce76c8b596eb65731d8ac3469d89d9c6eb29fec2a845159df7 SHA512 6e3ff1d0758881fb72ac05673161288fa81757d6126c8fcaefe43994bd176240bec64945dee39d23b6b2d0d0fcd78aea4de4cff395570d3acd9a6171825e00ba WHIRLPOOL 4ed3e2605c9ab4c7b83af615c65b984ba03904ff1140901bbe4a79fa19039b090b0e847093a50c8274aebd2f96b2309aa123c4ac6637b3ed1b65007dff9bf430
+DIST openssh-5.8p1.tar.gz 1113798 SHA256 e1c77a8f3562a5e779c59d64ab14a336c160a56db924eaf82b124ac0b6b1323b SHA512 efa2b27c9a59852e2ef17c54c85305432bc0ee444da4918ded0b7811d06ebd701f89c07598bce6c4bb6287bfe451dd67e2d86ff53769b9014c34fddd6e254f41 WHIRLPOOL 167d25f0519dd51ba912107e922f5e668bf5d2a82db7b2171732851de5fe077ce9290d23361ec0c085c651cb60c8aa4e23abfc10289a2fc87f622a5a3e3bf98d
+DIST openssh-5.8p2.tar.gz 1115475 SHA256 5c35ec7c966ce05cc4497ac59c0b54a556e55ae7368165cc8c4129694654f314 SHA512 cad3b92e2e5494d1cff25753913f8fd27041cb1083e2cb8d14faaed7e4d818a98a6c3038d48aa38c6b09caeec90589f12742549ca84d3355c316eed6642b5180 WHIRLPOOL 2515b6d0ca9c126a4ec9f12e280d458ff83d42acf9eef77791863d4d9d219a84a66cdb6546afc6c8cbb3f5a761d6c43f93d7757d10e12e5f67a143c4f04793f8
+DIST openssh-5.9p1+x509-7.0.diff.gz 181263 SHA256 a28e2535ecbf95deeef682682e7551459cc494bbc1c4ccb89be93cfe826d76ca SHA512 5f6e2be10ce8cf26fffcb782824f59c1f1ca0fa271800e162685ce74d1aac6d9035cfdacc87d3f859d3538bc0b22438a701dfc3c8108a130e6e4b7fdd36e6b16 WHIRLPOOL 00f92e2e235da11a87b30dc49e1a469a781482ea53ddf99fb892ec3796b9a68f62234c0ed72f2a3330f7af90f3afcdc90e2574b6ab5955ec6e64c13b75ab5e89
+DIST openssh-5.9p1-hpn13v11.diff.gz 21971 SHA256 6a47a9e57f87385cac9a380b0b1649b73532afaf40c15f62e9236427c84e7aae SHA512 6f7ae144ff61b4ec7913dc94c7ed9550cfcd30336e3bbfafc6c875c99cf0c90cd7f8ce89d530f2861b9bda95433d591673136ba5a31310226207f787257da3be WHIRLPOOL fe4d9f515e5c51b159b0aa51b01840003de443c2f3e8eca90b657d54f490273d1ba98dbabe2cf3a104edaa0971cae5f5f8c739691310822493f8f2705c01465d
+DIST openssh-5.9p1.tar.gz 1110014 SHA256 8d3e8b6b6ff04b525a6dfa6fdeb6a99043ccf6c3310cc32eba84c939b07777d5 SHA512 ccf13e3cb11489f9f7e4788f93ffae1f2c39d48819f0e9cd9197842abc922173d2c3c1ad1a87a2acf4497d67cb9edd48416098388fa33fc0b8e09456b1be7e2f WHIRLPOOL 2e8bd89fd14954a232602a912845ed29a08ca40637f8863fed675b19d18944125ecdbf292c45cf5c297584df6c3131ae4fd3c6bc62595dfebb3831120ea21cd1
+DIST openssh-6.0p1+x509-7.1.diff.gz 200986 SHA256 c11e3837704a24393353fe264d61ffea8c1f23c0cb5b8261866c25677930768b SHA512 f45e16a21955546829c70bbad67a6af2cdf60fc6019d34c8563c3c328ffc477d1b31c3443ce032e7ff29d027979ecade476679d33c40961ac4ba65f96dac4b7f WHIRLPOOL 120063e566d721c233ea02cdf2ea114b7f707248962c126dd9def5377188283bb9da58a32a2d49453f4c37ad7a975e03bcdf106a28a0cb7e655eacc7c3f965c1
+DIST openssh-6.0p1-hpn13v11.diff.bz2 19979 SHA256 a096f6ee6dfddb3996b5e7b806ece2a7709c8cce6560eb026c28d3fb56f71ee9 SHA512 2805ddac19a5c4962e6a57d9a6efd3f17ebac82ee2b6a7eed60521a4fd23468d4be7f67e59562120fb21e1efa7ab9213be5d8ab8e3ff6fb9c2ccd6d6989f460f WHIRLPOOL a588288d0b3a64a8414bf1061055dbf41b8370e59fd89ab6cdc2fc7b93046b467aefb9f9196a65f96bda395db38e3841e1ad781341919829de0d9d8d2a220df1
+DIST openssh-6.0p1-hpn13v12.diff.gz 20223 SHA256 b6158c10fac153dd2a9f5d9b29df1e4db17a91f84f100b99526655317d9bf4c0 SHA512 d5decf82bfdbdcdcea974b3a8d990929908077851a3a8c122bda37e439e19e69973a371ac46683840263ec3c85fb2393a70183786f94b2afaff6577209f202c2 WHIRLPOOL 9347431c34737294f98aa07d1c4468ab0357e766c1ff55ad2e39af10041d9fa0e0253d36c5dde354513c97cf7ccb19ac1db7214c25797d57d917d4ee5a1199da
+DIST openssh-6.0p1.tar.gz 1126034 SHA256 589d48e952d6c017e667873486b5df63222f9133d417d0002bd6429d9bd882de SHA512 4fe1f7e0d5e572575b11253916354b333a7eca558720885d5dceb7c89dc5da81cd57feaa4be756dfa4f3e9ef508e5f460e5fda221765191b1c02ae37431a444e WHIRLPOOL 7853155dfd35962ae31958600b6d4f94a3a916dac942f5f533cde3d85c8ea64066b887d66d7722bd647196f57df7ed27f62d5ec4588868754b6cdf999a404001
+DIST openssh-6.1p1+x509-7.2.1.diff.gz 208071 SHA256 02d3703d419fc72be819a4e7fc8cbbb269182862465b6a99cc7b2af32d75a181 SHA512 6c1786c2c32d884e7b8f15e39912ca1d8fb54b1132ffae6d8d4f262356a16267a8e549a822911d0f40eabe49015080ae35fdec521f90e0ef4d05554339f35fa0 WHIRLPOOL 7f260caebdc58fe415b3cb93b08600942a6b171b45df8ff1279d4280930a7103cbefac63ec7f32fdbf9bdcf64278c39bfd55c2dcb41ea5c4934574930494df67
+DIST openssh-6.1p1-hpn13v11.diff.bz2 19999 SHA256 08bfc1f3c582f23b3ce386e78baf37be4af03645fc6eef87f1ef819cc273ecc7 SHA512 4e21384ef4d0b7539c9b7aecb158748b959db7ec84fa023f7969c2db50794e1f68bab375cdea9c2ae8fe16b759650e250aa21d6b8772a1c671d2e1e59adef08a WHIRLPOOL 3918c2c118908e67de4523c8d1f142ca4b2d2d7c045c2337b2f7914096108cf1a138009a838519d292e53fec454ced3a9590bbddf93096bd377196bd7d73ed55
+DIST openssh-6.1p1.tar.gz 1134820 SHA256 d1c157f6c0852e90c191cc7c9018a583b51e3db4035489cb262639d337a1c411 SHA512 1cd58f18b047fa92a3155fa215d69c04e1f03914488a21bcda5434899df6055567e59f77063f0080b0cb437bb2396d3bf4050ed0c5ea2d1dc20d6fd928d5a76c WHIRLPOOL a1ecf33e8c4048c59e55d38cc8bb3f89357ac8fb74fdbb57e24e111e1749620fe6f7e329a744e3cfc9ced3e445539ce85926c7877a0f12475ccf14f124f9234b
+DIST openssh-lpk-5.4p1-0.3.13.patch.gz 18105 SHA256 4e5dbe769e487c914ecc5b104866f6d4412cbe35c3f2bed897d06f7d824878be SHA512 b79f7e6836162e65a13ca05813af80e6464a5880282da49232ee5b0d4b81c484d5ada37bef30daf2bc57c9b17be44cae4f3905d014b409cd3e380a6e4aaa5416 WHIRLPOOL 4b869ac914be2e9c1e297ba13c928bbf296d669fdd7f0f6d8a8c99fceed58fcc89c6f43f38511f023f9ca4a0051498c1a1abc5baeba8d63ed039c3953fcf71b3
+DIST openssh-lpk-5.6p1-0.3.13.patch.gz 18376 SHA256 42a76b67c390c3ed28efd6e1734ca5a7edfefc635c35086dbd610999130678e9 SHA512 b492fdae831fd93d34075d8656d85fb032993686e3341cb880c47c48e2b9b72c82b92f4e78d5ae649c536b4806a916236de3b158f7f43a1de816bd05de8bbb44 WHIRLPOOL cc02e5e0831bafab354fe7e3e63f51aefc2e1f81aefd5e5f0ba90dbd45e7fad979e04c6b3dce63899e0cdabcd65839c2e2f214b39a17c425a113dccd8af308a1
+DIST openssh-lpk-5.7p1-0.3.13.patch.gz 18392 SHA256 739fa32e267f2c30362bb953d597bcbb55b58d76e13f644004fa63ded81522f7 SHA512 8ff9e0561275bcfa6bdda203bde9be7b7512d3ecc8040157da3709878d4a64496ce60a6e2cd24179713a9cb84a27251229f7beddc81be5734c9444894298ab17 WHIRLPOOL bb4977e0d629e781e1b2838590579329865d503e7f36d2dadeab99dbf5232771c375b91f14115bcdc25160988a983b30b7a378edf16121493ace7ec167cd3f6f
+DIST openssh-lpk-5.8p2-0.3.14.patch.gz 18656 SHA256 adac5e13a4918e14e4d349f4360d9c740ae6f69de4e64520e8d51e8d39f969ad
+DIST openssh-lpk-5.9p1-0.3.14.patch.gz 18335 SHA256 1a922d57a2e7020bf597135437a57080d7d046c9f41a7a53559945ddddbe0892
+DIST openssh-lpk-6.0p1-0.3.14.patch.gz 18401 SHA256 d0f3d55fd92ecc45aa6120d6ea919c903e4828ce0c2b07612c742a2aa7648beb SHA512 ebf680b90bc289c0d69c22fd6fd666032cdcf4c3850ecdf03e264200d60c50a12f4a5254907c6ab850727216e7837176be5564ae22b68d9b80a67c62f372a9dd WHIRLPOOL 4f8b32c77fc2a9205d283109ccd787a3f37757c18060da39c63147ff09f6b922f4a57ca1ba8d0cdc692f3f1eaba3e5e88eb4287f728ddaaf544d2d425c0cca91
+DIST openssh-lpk-6.1p1-0.3.14.patch.gz 18458 SHA256 2d0e40116e021913668519a42743f89b8fb77f8d5beed863d620cc79999b0b79 SHA512 9cfd83e650cedbc3950b8cf80d0b36fbb7dff8fbe7d017378f9a2ae18189fa6e459e323dae6cd1fa1d82ff948f628563892d0a0f30113b3a8ba5269fe051e784 WHIRLPOOL c1ee5570f0bfb3191c602d575e0e05cabe7d42183bd78c07cac19a2743a59f110728e309fcee6f0b6abc7b141ae8c701d92d010d2b7737739b4cac92406552fa
+EBUILD openssh-5.5_p1-r2.ebuild 8625 SHA256 cda98fbb72c562d94bac4bc6b321c48e09e96e95951310baca8897c93ef4ac84 SHA512 f7474e9d8e715811deafafa005f0e334817842c23a471768ecfa7b39c191f814fb2036185fb75e215560d3dde981e88aae817cabd39c6cc9fd742a67abbaa1d6 WHIRLPOOL bf410ac43d256054cc2fc07df3da35ced52639614ce7baffad28810b855935a409a1d7ec5b234bcfed7757b57111738bac831c41393582e081e2b8e31725d09a
+EBUILD openssh-5.6_p1-r2.ebuild 8370 SHA256 5ecec16d7abc9eba39d2975e03c35cb1612228d8b1594c1d505d3635aae9def9 SHA512 a3651bea199fd0ecee659c224c71c61a272d6e50f3629b90be96b1791bd59d7e63359d5a086578ef1f939e4c4dc094d172d47687462f0aeca8297bdacfb0e6ba WHIRLPOOL 02b3b7ba353876208db93eee9dd1d24d2036b35e92bd28e77ca8e5385344bdd76982570c8531aa2fc434248cee00f0e9fcf0c8aa6d55b2dc208deaefc3b2b2e0
+EBUILD openssh-5.7_p1-r1.ebuild 8219 SHA256 64fa29443d86b501c498c169772c88d8876d170b994514c65cf894c72cf63589 SHA512 c9c17ad24fcea4a4b0e609599641adfde6c53d339ba499b35d27773ee82baa87c62bf4ce9317001e20ad0e5b3cb39f5fc3a8d379d670d57ce9edc56b992fe816 WHIRLPOOL 5a97c94fdfc3f8dff27dc219a6da2123544aa443a96dc13bedb1be22e5ebb03a89615d7990baf8b8fcb13405c2de3526258775c3c2f86d660818026da041a8ec
+EBUILD openssh-5.8_p1-r1.ebuild 8435 SHA256 a72a0f4112035018de06cd763e05493ea063ad7d116ec6e905d691c518fde827 SHA512 e31cc67ec7f5f2509d7d1805fe03041c6eaa654bcd3e4432e4f716a58f606e9e564f3b1f8d95efa4af12bc84cf56a7c4654211b6b315bad93898068864710781 WHIRLPOOL 0ad2c9a5e3a4be7cf21f68df686d0a8ee98f57402efd4824a7ed5ab4b16d593a3d763d2875f7e63da3745948265c933a1a5f1f346df9d7c0d1353acd3fe1b9fa
+EBUILD openssh-5.8_p2-r1.ebuild 8467 SHA256 7eda66c78adbf9cb0d7691d2f2c4be21f8539ca7a55046f37ab03bab7501af73 SHA512 43b9ed6ac1902cfcc825602fbc78f8ae55717b907428391be38f25317beed0ffdc272e98ac46b337af7a68c46b7e4fc542bdcb8d0fb1ad6e1562e114fb4bfb26 WHIRLPOOL 59c42c5a72594f229bb5a5c462f6c5d2c6fca8bd212e2d026af2bc4b20ee744524218f45bd4b06646d9486e8c840f83255956a57d0b7eeedeb894ea5251f08a0
+EBUILD openssh-5.8_p2.ebuild 8464 SHA256 005a6dfb61c7fe46c08535f0c30b62a5547591cce2685e80af1a8cec74f93fdf SHA512 8a7bad27d2fe68e24479dbaa86142da85463bd553c2e53cb755c671548315d09e04625df1328d9e31000ee7b5439bfb851b540597e9f8f1b787de07dcb14b587 WHIRLPOOL 647099c01574377c641e76f5fdd284b69e9e982d557ffccf7351a0649918b119d4b5cd74f785f20e9b9b5b37d05a43f6292c8a29b9a037dc1e1e18ea5be3afba
+EBUILD openssh-5.9_p1-r3.ebuild 9137 SHA256 d4e2eb9e518f104c5cc7913c0d7dfea959807eea3bb8063bc8efd7aefe5fcd85 SHA512 535d1c1d1586c59361a2050d6949aacf169ffac3ed787f0f44fc1bb2ab503af6967029e0f992e22d4a060acb3df6a6b104132a129c18c75231b1c37f19489a75 WHIRLPOOL 262f0ca3ef564b2a1f9adcea142978de80f0bdf9dd1fc94df720ce1f4a9848de8f18d48d81d3599f62293b3b725a98771c3fe036764421e46efa96a42029e28f
+EBUILD openssh-5.9_p1-r4.ebuild 9185 SHA256 d3c4541fd8edd84d2988b4705581ae6fa9f958978b85812bd3d1d996bdcd5cb2 SHA512 ec10770ffd4cff5720fc8d93df9f3f7055181a2a9007e1ee58ea2126bba2a99794de1c6f575e99408861f26c29dc7a813ed2081f8ce157770350a90396bcb5b5 WHIRLPOOL fb4bb9364649721063182227a63362e3af87f5a37191709a6c00f8ddf18b3635c62790a68ba60d96547247d2e89a4a4e04452287b45baa00b0eccae78b4bd4ff
+EBUILD openssh-6.0_p1-r1.ebuild 9463 SHA256 b1658b58445e9a5b2ae1881d8a8077a6da87414846f5b7aae10f56a763545bea SHA512 e346b7852c5e14bf4da2daed960df123088dc2fcadb00a611c557cf55187c8e45314b47e07cd41e9f09370383c6d3800b7dc61079d6d345811d4ee99aff2cdf4 WHIRLPOOL 0ff7c3832e352c2963d5529c0a060573ab386bb340295c0ef12559053a9d27e2e16514030c51ec9fb984eb02ef662bfd758860daa032df03309a8473f5c3b46f
+EBUILD openssh-6.0_p1.ebuild 9461 SHA256 1b34a9871749300d97de8fc920f1376c50118cea1f2d80a87a1011bb093d1d96 SHA512 087e1ffd699bdd7bd3e9032e46dc1cbbc5c5b94e460bf54a869757d68151bc06227f1a6fd5c486c04f7372e60f7d0ea18d50513956588d80538da965c32b5371 WHIRLPOOL dd5cc1d7b617886355e2f1e6ce28acd7afad05f3d99bfd515fa59c8b5d9fc461403913b8b68260dacf2a1bb6a33f4bf696680b5e27019d57f196d9dca6f1a24b
+EBUILD openssh-6.1_p1.ebuild 9408 SHA256 9ba2984e3adb5895117ada5a7f8ff5a3e0fb06abe7d067d5db4afac174ce0592 SHA512 8f0729a18e5ea9d939fddc62aaac7dd2b29e290c8025b0adda792676201fba4aee64e3a6130f7250d9c847fa0fbcf860c69df4eaf558e94bd2920b9300c92ff9 WHIRLPOOL a86aa71dcc60b2139d03e7dcd854305d6aecb00e5fa01fce54f4d517af08bb18f6187df497ba7acc493299158db0874158bc04c72163f61f7df416fdba3c9ec6
+MISC ChangeLog 72084 SHA256 a0b9b309b0d8b19bb72e00abd8c28396308fe55bff7ca4e52f40216441161b1c SHA512 8681c487eba5a6be09791735c124d9f1cadea7f79e14eb1746f50acdd53833cae66837d39ac0e4cd447156d1505e65c98054527c8c43b25c026c1bf031839370 WHIRLPOOL 00c69fd667d02c5563dd43e27fd8904c8619ad37ba4223b830bc81c0b5382024d13f7d52ca161e9e6f4ec6f8e7c5d45d8df003365dbaa7d2a3345c0e0dc777eb
+MISC metadata.xml 1599 SHA256 fddc51b98b6831f5bc0f1f5fdeb78c064f9c40fc5c9a9f31ec816890e6aade86 SHA512 62ff3ab2fc84f7612799080285cba1f26c0b299d4159b15812a4b4349bfa450ac5f4e038b187201a8cba4c169c47dc4c5d9c4dfe881ef15cef82deadb8d63852 WHIRLPOOL f0b8153f49fb357cc8f90dbcb7397b6be3b31987e9bdde375c172ef2f2464a91080bef04f0e050b97852cad0a26ac9b2f634188f7b910e7dfbf738dd06a80223
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v2.0.19 (GNU/Linux)
+
+iQIcBAEBCAAGBQJQS5EMAAoJELEHsLL7fEFWiRMP/122iJHPCbQnNkZVZ2AMGG8V
+s8kOTftlxn0otHbWx/CGITdnaEObNAXlGaiSh9QUNR8jISlagpaqVN0q0w8y6um7
+OptqOWwYDnliKmsSufOEi8W6/8pJzUbAanw6v4zMssib6kVlcEp6OuTx/5vX5jZw
+C+sodbRgWdNFOFcjwIoEvG3Y4Q9HdxjHbZ36r/GNZ4F/kLQA3kQZdIDvUIUP4q1I
+hbKkILcOa546ltmvACSLYLcgKlHi9qE6SvC+MoXkRqGiklffVIQVNnDdOVy4xCEU
+5WZIfZ3DcDg+qBMgFbwgr9OqcAtKjWEQf4HF0hdHvvEHo+QGv0l3Xaj84MnGK3GD
+Wd6LNGfu4OM9PcifvBfw6SmH1OaHApJP0kGiPix4a8znMm5Q3nLQAV58A4TlRGyd
+i4wxJ5noWTz6wcoTR2TncpY3rCrO5gEyMdYdR6SPVrjooCBMaXHM5o0XBtRobzuh
+PeeYp8b7Esw6x6dopLuVmcwznB7NrZWyjgaMOTqADfnYUY3Mt8huJc74t0e7+bgt
+U4slQRQDfKg2uLbh88Oaun7jFhdHuAsuKWjs3/vvKYVDF5V29iesteftzCLcnp8u
+blB2qvPNFrMBDHz9OmhZI9420YgSdJkY9Bn9f74Tc68K2xE08PpL4KHUND/YnUsq
+DgKKMKpQ6UdZlfLXBarl
+=NaLj
+-----END PGP SIGNATURE-----
diff --git a/net-misc/openssh-x/files/openssh-4.7_p1-GSSAPI-dns.patch b/net-misc/openssh-x/files/openssh-4.7_p1-GSSAPI-dns.patch
new file mode 100644
index 00000000..c81ae5cb
--- /dev/null
+++ b/net-misc/openssh-x/files/openssh-4.7_p1-GSSAPI-dns.patch
@@ -0,0 +1,127 @@
+http://bugs.gentoo.org/165444
+https://bugzilla.mindrot.org/show_bug.cgi?id=1008
+
+Index: readconf.c
+===================================================================
+RCS file: /cvs/openssh/readconf.c,v
+retrieving revision 1.135
+diff -u -r1.135 readconf.c
+--- readconf.c 5 Aug 2006 02:39:40 -0000 1.135
++++ readconf.c 19 Aug 2006 11:59:52 -0000
+@@ -126,6 +126,7 @@
+ oClearAllForwardings, oNoHostAuthenticationForLocalhost,
+ oEnableSSHKeysign, oRekeyLimit, oVerifyHostKeyDNS, oConnectTimeout,
+ oAddressFamily, oGssAuthentication, oGssDelegateCreds,
++ oGssTrustDns,
+ oServerAliveInterval, oServerAliveCountMax, oIdentitiesOnly,
+ oSendEnv, oControlPath, oControlMaster, oHashKnownHosts,
+ oTunnel, oTunnelDevice, oLocalCommand, oPermitLocalCommand,
+@@ -163,9 +164,11 @@
+ #if defined(GSSAPI)
+ { "gssapiauthentication", oGssAuthentication },
+ { "gssapidelegatecredentials", oGssDelegateCreds },
++ { "gssapitrustdns", oGssTrustDns },
+ #else
+ { "gssapiauthentication", oUnsupported },
+ { "gssapidelegatecredentials", oUnsupported },
++ { "gssapitrustdns", oUnsupported },
+ #endif
+ { "fallbacktorsh", oDeprecated },
+ { "usersh", oDeprecated },
+@@ -444,6 +447,10 @@
+ intptr = &options->gss_deleg_creds;
+ goto parse_flag;
+
++ case oGssTrustDns:
++ intptr = &options->gss_trust_dns;
++ goto parse_flag;
++
+ case oBatchMode:
+ intptr = &options->batch_mode;
+ goto parse_flag;
+@@ -1010,6 +1017,7 @@
+ options->challenge_response_authentication = -1;
+ options->gss_authentication = -1;
+ options->gss_deleg_creds = -1;
++ options->gss_trust_dns = -1;
+ options->password_authentication = -1;
+ options->kbd_interactive_authentication = -1;
+ options->kbd_interactive_devices = NULL;
+@@ -1100,6 +1108,8 @@
+ options->gss_authentication = 0;
+ if (options->gss_deleg_creds == -1)
+ options->gss_deleg_creds = 0;
++ if (options->gss_trust_dns == -1)
++ options->gss_trust_dns = 0;
+ if (options->password_authentication == -1)
+ options->password_authentication = 1;
+ if (options->kbd_interactive_authentication == -1)
+Index: readconf.h
+===================================================================
+RCS file: /cvs/openssh/readconf.h,v
+retrieving revision 1.63
+diff -u -r1.63 readconf.h
+--- readconf.h 5 Aug 2006 02:39:40 -0000 1.63
++++ readconf.h 19 Aug 2006 11:59:52 -0000
+@@ -45,6 +45,7 @@
+ /* Try S/Key or TIS, authentication. */
+ int gss_authentication; /* Try GSS authentication */
+ int gss_deleg_creds; /* Delegate GSS credentials */
++ int gss_trust_dns; /* Trust DNS for GSS canonicalization */
+ int password_authentication; /* Try password
+ * authentication. */
+ int kbd_interactive_authentication; /* Try keyboard-interactive auth. */
+Index: ssh_config.5
+===================================================================
+RCS file: /cvs/openssh/ssh_config.5,v
+retrieving revision 1.97
+diff -u -r1.97 ssh_config.5
+--- ssh_config.5 5 Aug 2006 01:34:51 -0000 1.97
++++ ssh_config.5 19 Aug 2006 11:59:53 -0000
+@@ -483,7 +483,16 @@
+ Forward (delegate) credentials to the server.
+ The default is
+ .Dq no .
+-Note that this option applies to protocol version 2 only.
++Note that this option applies to protocol version 2 connections using GSSAPI.
++.It Cm GSSAPITrustDns
++Set to
++.Dq yes to indicate that the DNS is trusted to securely canonicalize
++the name of the host being connected to. If
++.Dq no, the hostname entered on the
++command line will be passed untouched to the GSSAPI library.
++The default is
++.Dq no .
++This option only applies to protocol version 2 connections using GSSAPI.
+ .It Cm HashKnownHosts
+ Indicates that
+ .Xr ssh 1
+Index: sshconnect2.c
+===================================================================
+RCS file: /cvs/openssh/sshconnect2.c,v
+retrieving revision 1.151
+diff -u -r1.151 sshconnect2.c
+--- sshconnect2.c 18 Aug 2006 14:33:34 -0000 1.151
++++ sshconnect2.c 19 Aug 2006 11:59:53 -0000
+@@ -499,6 +499,12 @@
+ static u_int mech = 0;
+ OM_uint32 min;
+ int ok = 0;
++ const char *gss_host;
++
++ if (options.gss_trust_dns)
++ gss_host = get_canonical_hostname(1);
++ else
++ gss_host = authctxt->host;
+
+ /* Try one GSSAPI method at a time, rather than sending them all at
+ * once. */
+@@ -511,7 +517,7 @@
+ /* My DER encoding requires length<128 */
+ if (gss_supported->elements[mech].length < 128 &&
+ ssh_gssapi_check_mechanism(&gssctxt,
+- &gss_supported->elements[mech], authctxt->host)) {
++ &gss_supported->elements[mech], gss_host)) {
+ ok = 1; /* Mechanism works */
+ } else {
+ mech++;
diff --git a/net-misc/openssh-x/files/openssh-5.2_p1-autoconf.patch b/net-misc/openssh-x/files/openssh-5.2_p1-autoconf.patch
new file mode 100644
index 00000000..24ad7a9c
--- /dev/null
+++ b/net-misc/openssh-x/files/openssh-5.2_p1-autoconf.patch
@@ -0,0 +1,15 @@
+workaround problems with autoconf-2.63
+
+http://lists.gnu.org/archive/html/autoconf/2009-04/msg00007.html
+
+--- a/configure.ac
++++ b/configure.ac
+@@ -3603,7 +3603,7 @@
+ #include <shadow.h>
+ struct spwd sp;
+ ],[ sp.sp_expire = sp.sp_lstchg = sp.sp_inact = 0; ],
+- [ sp_expire_available=yes ], []
++ [ sp_expire_available=yes ], [:]
+ )
+
+ if test "x$sp_expire_available" = "xyes" ; then
diff --git a/net-misc/openssh-x/files/openssh-5.2_p1-gsskex-fix.patch b/net-misc/openssh-x/files/openssh-5.2_p1-gsskex-fix.patch
new file mode 100644
index 00000000..8112d625
--- /dev/null
+++ b/net-misc/openssh-x/files/openssh-5.2_p1-gsskex-fix.patch
@@ -0,0 +1,16 @@
+--- clientloop.c
++++ clientloop.c
+@@ -1434,11 +1434,13 @@
+ if (!rekeying) {
+ channel_after_select(readset, writeset);
+
++#ifdef GSSAPI
+ if (options.gss_renewal_rekey &&
+ ssh_gssapi_credentials_updated(GSS_C_NO_CONTEXT)) {
+ debug("credentials updated - forcing rekey");
+ need_rekeying = 1;
+ }
++#endif
+
+ if (need_rekeying || packet_need_rekeying()) {
+ debug("need rekeying");
diff --git a/net-misc/openssh-x/files/openssh-5.2_p1-x509-hpn-glue.patch b/net-misc/openssh-x/files/openssh-5.2_p1-x509-hpn-glue.patch
new file mode 100644
index 00000000..9428b74f
--- /dev/null
+++ b/net-misc/openssh-x/files/openssh-5.2_p1-x509-hpn-glue.patch
@@ -0,0 +1,91 @@
+Move things around so hpn applies cleanly when using X509.
+
+--- openssh-5.2p1+x509/Makefile.in
++++ openssh-5.2p1+x509/Makefile.in
+@@ -44,11 +44,12 @@
+ CC=@CC@
+ LD=@LD@
+ CFLAGS=@CFLAGS@
+-CPPFLAGS=-I. -I$(srcdir) @CPPFLAGS@ @LDAP_CPPFLAGS@ $(PATHS) @DEFS@
++CPPFLAGS=-I. -I$(srcdir) @CPPFLAGS@ $(PATHS) @DEFS@
+ LIBS=@LIBS@
+ SSHDLIBS=@SSHDLIBS@
+ LIBEDIT=@LIBEDIT@
+ LIBLDAP=@LDAP_LDFLAGS@ @LDAP_LIBS@
++CPPFLAGS += @LDAP_CPPFLAGS@
+ AR=@AR@
+ AWK=@AWK@
+ RANLIB=@RANLIB@
+--- openssh-5.2p1+x509/servconf.c
++++ openssh-5.2p1+x509/servconf.c
+@@ -108,6 +108,17 @@
+ options->log_level = SYSLOG_LEVEL_NOT_SET;
+ options->rhosts_rsa_authentication = -1;
+ options->hostbased_authentication = -1;
++ options->hostbased_algorithms = NULL;
++ options->pubkey_algorithms = NULL;
++ ssh_x509flags_initialize(&options->x509flags, 1);
++#ifndef SSH_X509STORE_DISABLED
++ ssh_x509store_initialize(&options->ca);
++#endif /*ndef SSH_X509STORE_DISABLED*/
++#ifdef SSH_OCSP_ENABLED
++ options->va.type = -1;
++ options->va.certificate_file = NULL;
++ options->va.responder_url = NULL;
++#endif /*def SSH_OCSP_ENABLED*/
+ options->hostbased_uses_name_from_packet_only = -1;
+ options->rsa_authentication = -1;
+ options->pubkey_authentication = -1;
+@@ -152,18 +163,6 @@
+ options->adm_forced_command = NULL;
+ options->chroot_directory = NULL;
+ options->zero_knowledge_password_authentication = -1;
+-
+- options->hostbased_algorithms = NULL;
+- options->pubkey_algorithms = NULL;
+- ssh_x509flags_initialize(&options->x509flags, 1);
+-#ifndef SSH_X509STORE_DISABLED
+- ssh_x509store_initialize(&options->ca);
+-#endif /*ndef SSH_X509STORE_DISABLED*/
+-#ifdef SSH_OCSP_ENABLED
+- options->va.type = -1;
+- options->va.certificate_file = NULL;
+- options->va.responder_url = NULL;
+-#endif /*def SSH_OCSP_ENABLED*/
+ }
+
+ void
+@@ -341,6 +340,16 @@
+ /* Portable-specific options */
+ sUsePAM,
+ /* Standard Options */
++ sHostbasedAlgorithms,
++ sPubkeyAlgorithms,
++ sX509KeyAlgorithm,
++ sAllowedClientCertPurpose,
++ sKeyAllowSelfIssued, sMandatoryCRL,
++ sCACertificateFile, sCACertificatePath,
++ sCARevocationFile, sCARevocationPath,
++ sCAldapVersion, sCAldapURL,
++ sVAType, sVACertificateFile,
++ sVAOCSPResponderURL,
+ sPort, sHostKeyFile, sServerKeyBits, sLoginGraceTime, sKeyRegenerationTime,
+ sPermitRootLogin, sLogFacility, sLogLevel,
+ sRhostsRSAAuthentication, sRSAAuthentication,
+@@ -364,16 +373,6 @@
+ sMatch, sPermitOpen, sForceCommand, sChrootDirectory,
+ sUsePrivilegeSeparation, sAllowAgentForwarding,
+ sZeroKnowledgePasswordAuthentication,
+- sHostbasedAlgorithms,
+- sPubkeyAlgorithms,
+- sX509KeyAlgorithm,
+- sAllowedClientCertPurpose,
+- sKeyAllowSelfIssued, sMandatoryCRL,
+- sCACertificateFile, sCACertificatePath,
+- sCARevocationFile, sCARevocationPath,
+- sCAldapVersion, sCAldapURL,
+- sVAType, sVACertificateFile,
+- sVAOCSPResponderURL,
+ sDeprecated, sUnsupported
+ } ServerOpCodes;
+
diff --git a/net-misc/openssh-x/files/openssh-5.2p1-ldap-stdargs.diff b/net-misc/openssh-x/files/openssh-5.2p1-ldap-stdargs.diff
new file mode 100644
index 00000000..346d5271
--- /dev/null
+++ b/net-misc/openssh-x/files/openssh-5.2p1-ldap-stdargs.diff
@@ -0,0 +1,10 @@
+--- ldapauth.c.orig 2009-04-18 18:06:38.000000000 +0200
++++ ldapauth.c 2009-04-18 18:06:11.000000000 +0200
+@@ -31,6 +31,7 @@
+ #include <stdlib.h>
+ #include <unistd.h>
+ #include <string.h>
++#include <stdarg.h>
+
+ #include "ldapauth.h"
+ #include "log.h"
diff --git a/net-misc/openssh-x/files/openssh-5.4_p1-openssl.patch b/net-misc/openssh-x/files/openssh-5.4_p1-openssl.patch
new file mode 100644
index 00000000..e4cdb63a
--- /dev/null
+++ b/net-misc/openssh-x/files/openssh-5.4_p1-openssl.patch
@@ -0,0 +1,12 @@
+pull in openssl/conf.h for OPENSSL_config() prototype
+
+--- openbsd-compat/openssl-compat.c
++++ openbsd-compat/openssl-compat.c
+@@ -59,6 +59,7 @@
+ #endif
+
+ #ifdef USE_OPENSSL_ENGINE
++#include <openssl/conf.h>
+ void
+ ssh_SSLeay_add_all_algorithms(void)
+ {
diff --git a/net-misc/openssh-x/files/openssh-5.6_p1-hpn-progressmeter.patch b/net-misc/openssh-x/files/openssh-5.6_p1-hpn-progressmeter.patch
new file mode 100644
index 00000000..5fe18dfc
--- /dev/null
+++ b/net-misc/openssh-x/files/openssh-5.6_p1-hpn-progressmeter.patch
@@ -0,0 +1,15 @@
+don't go reading random stack values
+
+already e-mailed to upstream hpn devs
+
+--- progressmeter.c
++++ progressmeter.c
+@@ -183,7 +183,7 @@
+ else
+ percent = 100;
+
+- snprintf(buf + strlen(buf), win_size - strlen(buf-8),
++ snprintf(buf + strlen(buf), win_size - strlen(buf) - 8,
+ " %3d%% ", percent);
+
+ /* amount transferred */
diff --git a/net-misc/openssh-x/files/openssh-5.6_p1-x509-hpn-glue.patch b/net-misc/openssh-x/files/openssh-5.6_p1-x509-hpn-glue.patch
new file mode 100644
index 00000000..e793311f
--- /dev/null
+++ b/net-misc/openssh-x/files/openssh-5.6_p1-x509-hpn-glue.patch
@@ -0,0 +1,60 @@
+Move things around so hpn applies cleanly when using X509.
+
+--- a/Makefile.in
++++ b/Makefile.in
+@@ -46,11 +46,12 @@
+ CC=@CC@
+ LD=@LD@
+ CFLAGS=@CFLAGS@
+-CPPFLAGS=-I. -I$(srcdir) @CPPFLAGS@ @LDAP_CPPFLAGS@ $(PATHS) @DEFS@
++CPPFLAGS=-I. -I$(srcdir) @CPPFLAGS@ $(PATHS) @DEFS@
+ LIBS=@LIBS@
+ SSHDLIBS=@SSHDLIBS@
+ LIBEDIT=@LIBEDIT@
+ LIBLDAP=@LDAP_LDFLAGS@ @LDAP_LIBS@
++CPPFLAGS+=@LDAP_CPPFLAGS@
+ AR=@AR@
+ AWK=@AWK@
+ RANLIB=@RANLIB@
+--- a/servconf.c
++++ b/servconf.c
+@@ -153,9 +153,6 @@ initialize_server_options(ServerOptions *options)
+ options->adm_forced_command = NULL;
+ options->chroot_directory = NULL;
+ options->zero_knowledge_password_authentication = -1;
+- options->revoked_keys_file = NULL;
+- options->trusted_user_ca_keys = NULL;
+- options->authorized_principals_file = NULL;
+
+ options->hostbased_algorithms = NULL;
+ options->pubkey_algorithms = NULL;
+@@ -168,6 +165,9 @@ initialize_server_options(ServerOptions *options)
+ options->va.certificate_file = NULL;
+ options->va.responder_url = NULL;
+ #endif /*def SSH_OCSP_ENABLED*/
++ options->revoked_keys_file = NULL;
++ options->trusted_user_ca_keys = NULL;
++ options->authorized_principals_file = NULL;
+ }
+
+ void
+@@ -367,9 +367,6 @@ typedef enum {
+ sClientAliveCountMax, sAuthorizedKeysFile, sAuthorizedKeysFile2,
+ sGssAuthentication, sGssCleanupCreds, sAcceptEnv, sPermitTunnel,
+ sMatch, sPermitOpen, sForceCommand, sChrootDirectory,
+- sUsePrivilegeSeparation, sAllowAgentForwarding,
+- sZeroKnowledgePasswordAuthentication, sHostCertificate,
+- sRevokedKeys, sTrustedUserCAKeys, sAuthorizedPrincipalsFile,
+ sHostbasedAlgorithms,
+ sPubkeyAlgorithms,
+ sX509KeyAlgorithm,
+@@ -380,6 +377,9 @@ typedef enum {
+ sCAldapVersion, sCAldapURL,
+ sVAType, sVACertificateFile,
+ sVAOCSPResponderURL,
++ sUsePrivilegeSeparation, sAllowAgentForwarding,
++ sZeroKnowledgePasswordAuthentication, sHostCertificate,
++ sRevokedKeys, sTrustedUserCAKeys, sAuthorizedPrincipalsFile,
+ sDeprecated, sUnsupported
+ } ServerOpCodes;
+
diff --git a/net-misc/openssh-x/files/openssh-5.7_p1-x509-hpn-glue.patch b/net-misc/openssh-x/files/openssh-5.7_p1-x509-hpn-glue.patch
new file mode 100644
index 00000000..ee3e7574
--- /dev/null
+++ b/net-misc/openssh-x/files/openssh-5.7_p1-x509-hpn-glue.patch
@@ -0,0 +1,60 @@
+Move things around so hpn applies cleanly when using X509.
+
+--- a/Makefile.in
++++ b/Makefile.in
+@@ -46,11 +46,12 @@
+ CC=@CC@
+ LD=@LD@
+ CFLAGS=@CFLAGS@
+-CPPFLAGS=-I. -I$(srcdir) @CPPFLAGS@ @LDAP_CPPFLAGS@ $(PATHS) @DEFS@
++CPPFLAGS=-I. -I$(srcdir) @CPPFLAGS@ $(PATHS) @DEFS@
+ LIBS=@LIBS@
+ SSHDLIBS=@SSHDLIBS@
+ LIBEDIT=@LIBEDIT@
+ LIBLDAP=@LDAP_LDFLAGS@ @LDAP_LIBS@
++CPPFLAGS+=@LDAP_CPPFLAGS@
+ AR=@AR@
+ AWK=@AWK@
+ RANLIB=@RANLIB@
+--- a/servconf.c
++++ b/servconf.c
+@@ -153,9 +153,6 @@ initialize_server_options(ServerOptions *options)
+ options->zero_knowledge_password_authentication = -1;
+ options->revoked_keys_file = NULL;
+ options->trusted_user_ca_keys = NULL;
+- options->authorized_principals_file = NULL;
+- options->ip_qos_interactive = -1;
+- options->ip_qos_bulk = -1;
+
+ options->hostbased_algorithms = NULL;
+ options->pubkey_algorithms = NULL;
+@@ -168,6 +165,9 @@ initialize_server_options(ServerOptions *options)
+ options->va.certificate_file = NULL;
+ options->va.responder_url = NULL;
+ #endif /*def SSH_OCSP_ENABLED*/
++ options->authorized_principals_file = NULL;
++ options->ip_qos_interactive = -1;
++ options->ip_qos_bulk = -1;
+ }
+
+ void
+@@ -367,9 +367,6 @@ typedef enum {
+ sGssAuthentication, sGssCleanupCreds, sAcceptEnv, sPermitTunnel,
+ sMatch, sPermitOpen, sForceCommand, sChrootDirectory,
+ sUsePrivilegeSeparation, sAllowAgentForwarding,
+- sZeroKnowledgePasswordAuthentication, sHostCertificate,
+- sRevokedKeys, sTrustedUserCAKeys, sAuthorizedPrincipalsFile,
+- sKexAlgorithms, sIPQoS,
+ sHostbasedAlgorithms,
+ sPubkeyAlgorithms,
+ sX509KeyAlgorithm,
+@@ -380,6 +377,9 @@ typedef enum {
+ sCAldapVersion, sCAldapURL,
+ sVAType, sVACertificateFile,
+ sVAOCSPResponderURL,
++ sZeroKnowledgePasswordAuthentication, sHostCertificate,
++ sRevokedKeys, sTrustedUserCAKeys, sAuthorizedPrincipalsFile,
++ sKexAlgorithms, sIPQoS,
+ sDeprecated, sUnsupported
+ } ServerOpCodes;
+
diff --git a/net-misc/openssh-x/files/openssh-5.8_p1-selinux.patch b/net-misc/openssh-x/files/openssh-5.8_p1-selinux.patch
new file mode 100644
index 00000000..7be2879f
--- /dev/null
+++ b/net-misc/openssh-x/files/openssh-5.8_p1-selinux.patch
@@ -0,0 +1,18 @@
+http://bugs.gentoo.org/354247
+
+[openbsd-compat/port-linux.c] Bug #1851: fix syntax error in
+ selinux code. Patch from Leonardo Chiquitto.
+
+/* $Id: openssh-5.8_p1-selinux.patch,v 1.1 2011/02/10 02:44:53 vapier Exp $ */
+
+--- a/openbsd-compat/port-linux.c
++++ b/openbsd-compat/port-linux.c
+@@ -213,7 +213,7 @@
+
+ if (!ssh_selinux_enabled())
+ return;
+- if (path == NULL)
++ if (path == NULL) {
+ setfscreatecon(NULL);
+ return;
+ }
diff --git a/net-misc/openssh-x/files/openssh-5.8_p1-x509-hpn-glue.patch b/net-misc/openssh-x/files/openssh-5.8_p1-x509-hpn-glue.patch
new file mode 100644
index 00000000..74d06c79
--- /dev/null
+++ b/net-misc/openssh-x/files/openssh-5.8_p1-x509-hpn-glue.patch
@@ -0,0 +1,61 @@
+Move things around so hpn applies cleanly when using X509.
+
+--- a/Makefile.in
++++ b/Makefile.in
+@@ -46,12 +46,13 @@
+ CC=@CC@
+ LD=@LD@
+ CFLAGS=@CFLAGS@
+-CPPFLAGS=-I. -I$(srcdir) @CPPFLAGS@ @LDAP_CPPFLAGS@ $(PATHS) @DEFS@
++CPPFLAGS=-I. -I$(srcdir) @CPPFLAGS@ $(PATHS) @DEFS@
+ LIBS=@LIBS@
+ SSHLIBS=@SSHLIBS@
+ SSHDLIBS=@SSHDLIBS@
+ LIBEDIT=@LIBEDIT@
+ LIBLDAP=@LDAP_LDFLAGS@ @LDAP_LIBS@
++CPPFLAGS+=@LDAP_CPPFLAGS@
+ AR=@AR@
+ AWK=@AWK@
+ RANLIB=@RANLIB@
+--- a/servconf.c
++++ b/servconf.c
+@@ -153,9 +153,6 @@ initialize_server_options(ServerOptions *options)
+ options->zero_knowledge_password_authentication = -1;
+ options->revoked_keys_file = NULL;
+ options->trusted_user_ca_keys = NULL;
+- options->authorized_principals_file = NULL;
+- options->ip_qos_interactive = -1;
+- options->ip_qos_bulk = -1;
+
+ options->hostbased_algorithms = NULL;
+ options->pubkey_algorithms = NULL;
+@@ -168,6 +165,9 @@ initialize_server_options(ServerOptions *options)
+ options->va.certificate_file = NULL;
+ options->va.responder_url = NULL;
+ #endif /*def SSH_OCSP_ENABLED*/
++ options->authorized_principals_file = NULL;
++ options->ip_qos_interactive = -1;
++ options->ip_qos_bulk = -1;
+ }
+
+ void
+@@ -367,9 +367,6 @@ typedef enum {
+ sGssAuthentication, sGssCleanupCreds, sAcceptEnv, sPermitTunnel,
+ sMatch, sPermitOpen, sForceCommand, sChrootDirectory,
+ sUsePrivilegeSeparation, sAllowAgentForwarding,
+- sZeroKnowledgePasswordAuthentication, sHostCertificate,
+- sRevokedKeys, sTrustedUserCAKeys, sAuthorizedPrincipalsFile,
+- sKexAlgorithms, sIPQoS,
+ sHostbasedAlgorithms,
+ sPubkeyAlgorithms,
+ sX509KeyAlgorithm,
+@@ -380,6 +377,9 @@ typedef enum {
+ sCAldapVersion, sCAldapURL,
+ sVAType, sVACertificateFile,
+ sVAOCSPResponderURL,
++ sZeroKnowledgePasswordAuthentication, sHostCertificate,
++ sRevokedKeys, sTrustedUserCAKeys, sAuthorizedPrincipalsFile,
++ sKexAlgorithms, sIPQoS,
+ sDeprecated, sUnsupported
+ } ServerOpCodes;
+
diff --git a/net-misc/openssh-x/files/openssh-5.9_p1-drop-openssl-check.patch b/net-misc/openssh-x/files/openssh-5.9_p1-drop-openssl-check.patch
new file mode 100644
index 00000000..eb621abb
--- /dev/null
+++ b/net-misc/openssh-x/files/openssh-5.9_p1-drop-openssl-check.patch
@@ -0,0 +1,25 @@
+newer versions of openssl have started to be compatible across minor versions
+too, so this sanity check fails. since we already handle compatibility with
+openssl via SONAME checks, we don't need this openssh check at all.
+
+http://marc.info/?l=openssl-dev&m=133176786215023&w=2
+
+--- a/entropy.c
++++ b/entropy.c
+@@ -208,16 +208,7 @@ seed_rng(void)
+ {
+ #ifndef OPENSSL_PRNG_ONLY
+ unsigned char buf[RANDOM_SEED_SIZE];
+-#endif
+- /*
+- * OpenSSL version numbers: MNNFFPPS: major minor fix patch status
+- * We match major, minor, fix and status (not patch)
+- */
+- if ((SSLeay() ^ OPENSSL_VERSION_NUMBER) & ~0xff0L)
+- fatal("OpenSSL version mismatch. Built against %lx, you "
+- "have %lx", (u_long)OPENSSL_VERSION_NUMBER, SSLeay());
+
+-#ifndef OPENSSL_PRNG_ONLY
+ if (RAND_status() == 1) {
+ debug3("RNG is ready, skipping seeding");
+ return;
diff --git a/net-misc/openssh-x/files/openssh-5.9_p1-sshd-gssapi-multihomed.patch b/net-misc/openssh-x/files/openssh-5.9_p1-sshd-gssapi-multihomed.patch
new file mode 100644
index 00000000..6377d036
--- /dev/null
+++ b/net-misc/openssh-x/files/openssh-5.9_p1-sshd-gssapi-multihomed.patch
@@ -0,0 +1,184 @@
+Index: gss-serv.c
+===================================================================
+RCS file: /cvs/src/usr.bin/ssh/gss-serv.c,v
+retrieving revision 1.22
+diff -u -p -r1.22 gss-serv.c
+--- gss-serv.c 8 May 2008 12:02:23 -0000 1.22
++++ gss-serv.c 11 Jan 2010 05:38:29 -0000
+@@ -41,9 +41,12 @@
+ #include "channels.h"
+ #include "session.h"
+ #include "misc.h"
++#include "servconf.h"
+
+ #include "ssh-gss.h"
+
++extern ServerOptions options;
++
+ static ssh_gssapi_client gssapi_client =
+ { GSS_C_EMPTY_BUFFER, GSS_C_EMPTY_BUFFER,
+ GSS_C_NO_CREDENTIAL, NULL, {NULL, NULL, NULL}};
+@@ -77,25 +80,32 @@ ssh_gssapi_acquire_cred(Gssctxt *ctx)
+ char lname[MAXHOSTNAMELEN];
+ gss_OID_set oidset;
+
+- gss_create_empty_oid_set(&status, &oidset);
+- gss_add_oid_set_member(&status, ctx->oid, &oidset);
+-
+- if (gethostname(lname, MAXHOSTNAMELEN)) {
+- gss_release_oid_set(&status, &oidset);
+- return (-1);
+- }
++ if (options.gss_strict_acceptor) {
++ gss_create_empty_oid_set(&status, &oidset);
++ gss_add_oid_set_member(&status, ctx->oid, &oidset);
++
++ if (gethostname(lname, MAXHOSTNAMELEN)) {
++ gss_release_oid_set(&status, &oidset);
++ return (-1);
++ }
++
++ if (GSS_ERROR(ssh_gssapi_import_name(ctx, lname))) {
++ gss_release_oid_set(&status, &oidset);
++ return (ctx->major);
++ }
++
++ if ((ctx->major = gss_acquire_cred(&ctx->minor,
++ ctx->name, 0, oidset, GSS_C_ACCEPT, &ctx->creds,
++ NULL, NULL)))
++ ssh_gssapi_error(ctx);
+
+- if (GSS_ERROR(ssh_gssapi_import_name(ctx, lname))) {
+ gss_release_oid_set(&status, &oidset);
+ return (ctx->major);
++ } else {
++ ctx->name = GSS_C_NO_NAME;
++ ctx->creds = GSS_C_NO_CREDENTIAL;
+ }
+-
+- if ((ctx->major = gss_acquire_cred(&ctx->minor,
+- ctx->name, 0, oidset, GSS_C_ACCEPT, &ctx->creds, NULL, NULL)))
+- ssh_gssapi_error(ctx);
+-
+- gss_release_oid_set(&status, &oidset);
+- return (ctx->major);
++ return GSS_S_COMPLETE;
+ }
+
+ /* Privileged */
+Index: servconf.c
+===================================================================
+RCS file: /cvs/src/usr.bin/ssh/servconf.c,v
+retrieving revision 1.201
+diff -u -p -r1.201 servconf.c
+--- servconf.c 10 Jan 2010 03:51:17 -0000 1.201
++++ servconf.c 11 Jan 2010 05:34:56 -0000
+@@ -86,6 +86,7 @@ initialize_server_options(ServerOptions
+ options->kerberos_get_afs_token = -1;
+ options->gss_authentication=-1;
+ options->gss_cleanup_creds = -1;
++ options->gss_strict_acceptor = -1;
+ options->password_authentication = -1;
+ options->kbd_interactive_authentication = -1;
+ options->challenge_response_authentication = -1;
+@@ -200,6 +201,8 @@ fill_default_server_options(ServerOption
+ options->gss_authentication = 0;
+ if (options->gss_cleanup_creds == -1)
+ options->gss_cleanup_creds = 1;
++ if (options->gss_strict_acceptor == -1)
++ options->gss_strict_acceptor = 0;
+ if (options->password_authentication == -1)
+ options->password_authentication = 1;
+ if (options->kbd_interactive_authentication == -1)
+@@ -277,7 +280,8 @@ typedef enum {
+ sBanner, sUseDNS, sHostbasedAuthentication,
+ sHostbasedUsesNameFromPacketOnly, sClientAliveInterval,
+ sClientAliveCountMax, sAuthorizedKeysFile,
+- sGssAuthentication, sGssCleanupCreds, sAcceptEnv, sPermitTunnel,
++ sGssAuthentication, sGssCleanupCreds, sGssStrictAcceptor,
++ sAcceptEnv, sPermitTunnel,
+ sMatch, sPermitOpen, sForceCommand, sChrootDirectory,
+ sUsePrivilegeSeparation, sAllowAgentForwarding,
+ sZeroKnowledgePasswordAuthentication, sHostCertificate,
+@@ -327,9 +331,11 @@ static struct {
+ #ifdef GSSAPI
+ { "gssapiauthentication", sGssAuthentication, SSHCFG_ALL },
+ { "gssapicleanupcredentials", sGssCleanupCreds, SSHCFG_GLOBAL },
++ { "gssapistrictacceptorcheck", sGssStrictAcceptor, SSHCFG_GLOBAL },
+ #else
+ { "gssapiauthentication", sUnsupported, SSHCFG_ALL },
+ { "gssapicleanupcredentials", sUnsupported, SSHCFG_GLOBAL },
++ { "gssapistrictacceptorcheck", sUnsupported, SSHCFG_GLOBAL },
+ #endif
+ { "passwordauthentication", sPasswordAuthentication, SSHCFG_ALL },
+ { "kbdinteractiveauthentication", sKbdInteractiveAuthentication, SSHCFG_ALL },
+@@ -850,6 +856,10 @@ process_server_config_line(ServerOptions
+
+ case sGssCleanupCreds:
+ intptr = &options->gss_cleanup_creds;
++ goto parse_flag;
++
++ case sGssStrictAcceptor:
++ intptr = &options->gss_strict_acceptor;
+ goto parse_flag;
+
+ case sPasswordAuthentication:
+Index: servconf.h
+===================================================================
+RCS file: /cvs/src/usr.bin/ssh/servconf.h,v
+retrieving revision 1.89
+diff -u -p -r1.89 servconf.h
+--- servconf.h 9 Jan 2010 23:04:13 -0000 1.89
++++ servconf.h 11 Jan 2010 05:32:28 -0000
+@@ -92,6 +92,7 @@ typedef struct {
+ * authenticated with Kerberos. */
+ int gss_authentication; /* If true, permit GSSAPI authentication */
+ int gss_cleanup_creds; /* If true, destroy cred cache on logout */
++ int gss_strict_acceptor; /* If true, restrict the GSSAPI acceptor name */
+ int password_authentication; /* If true, permit password
+ * authentication. */
+ int kbd_interactive_authentication; /* If true, permit */
+Index: sshd_config
+===================================================================
+RCS file: /cvs/src/usr.bin/ssh/sshd_config,v
+retrieving revision 1.81
+diff -u -p -r1.81 sshd_config
+--- sshd_config 8 Oct 2009 14:03:41 -0000 1.81
++++ sshd_config 11 Jan 2010 05:32:28 -0000
+@@ -69,6 +69,7 @@
+ # GSSAPI options
+ #GSSAPIAuthentication no
+ #GSSAPICleanupCredentials yes
++#GSSAPIStrictAcceptorCheck yes
+
+ # Set this to 'yes' to enable PAM authentication, account processing,
+ # and session processing. If this is enabled, PAM authentication will
+Index: sshd_config.5
+===================================================================
+RCS file: /cvs/src/usr.bin/ssh/sshd_config.5,v
+retrieving revision 1.116
+diff -u -p -r1.116 sshd_config.5
+--- sshd_config.5 9 Jan 2010 23:04:13 -0000 1.116
++++ sshd_config.5 11 Jan 2010 05:37:20 -0000
+@@ -386,6 +386,21 @@ on logout.
+ The default is
+ .Dq yes .
+ Note that this option applies to protocol version 2 only.
++.It Cm GSSAPIStrictAcceptorCheck
++Determines whether to be strict about the identity of the GSSAPI acceptor
++a client authenticates against.
++If set to
++.Dq yes
++then the client must authenticate against the
++.Pa host
++service on the current hostname.
++If set to
++.Dq no
++then the client may authenticate against any service key stored in the
++machine's default store.
++This facility is provided to assist with operation on multi homed machines.
++The default is
++.Dq yes .
+ .It Cm HostbasedAuthentication
+ Specifies whether rhosts or /etc/hosts.equiv authentication together
+ with successful public key client host authentication is allowed
diff --git a/net-misc/openssh-x/files/openssh-5.9_p1-x509-glue.patch b/net-misc/openssh-x/files/openssh-5.9_p1-x509-glue.patch
new file mode 100644
index 00000000..6fbb88b6
--- /dev/null
+++ b/net-misc/openssh-x/files/openssh-5.9_p1-x509-glue.patch
@@ -0,0 +1,15 @@
+make x509 apply after openssh-5.9_p1-sshd-gssapi-multihomed.patch
+
+--- openssh-5.9p1+x509-7.0.diff
++++ openssh-5.9p1+x509-7.0.diff
+@@ -11995,9 +11995,9 @@
+ Specifies whether challenge-response authentication is allowed (e.g. via
+ PAM or though authentication styles supported in
+ @@ -430,6 +507,16 @@
++ This facility is provided to assist with operation on multi homed machines.
+ The default is
+ .Dq yes .
+- Note that this option applies to protocol version 2 only.
+ +.It Cm HostbasedAlgorithms
+ +Specifies the protocol version 2 algorithms used in
+ +.Dq hostbased
diff --git a/net-misc/openssh-x/files/openssh-6.0_p1-fix-freebsd-compilation.patch b/net-misc/openssh-x/files/openssh-6.0_p1-fix-freebsd-compilation.patch
new file mode 100644
index 00000000..3b34cd2e
--- /dev/null
+++ b/net-misc/openssh-x/files/openssh-6.0_p1-fix-freebsd-compilation.patch
@@ -0,0 +1,15 @@
+diff --git a/configure.ac b/configure.ac
+index 2b60300..21b6112 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -725,6 +725,10 @@ mips-sony-bsd|mips-sony-newsos4)
+ AC_CHECK_HEADER([net/if_tap.h], ,
+ AC_DEFINE([SSH_TUN_NO_L2], [1], [No layer 2 tunnel support]))
+ AC_DEFINE([BROKEN_GLOB], [1], [FreeBSD glob does not do what we need])
++ AC_DEFINE([DISABLE_UTMP], [1],
++ [Define if you don't want to use utmp])
++ AC_DEFINE([DISABLE_WTMP], [1],
++ [Define if you don't want to use wtmp])
+ ;;
+ *-*-bsdi*)
+ AC_DEFINE([SETEUID_BREAKS_SETUID])
diff --git a/net-misc/openssh-x/files/openssh-6.0_p1-hpn-progressmeter.patch b/net-misc/openssh-x/files/openssh-6.0_p1-hpn-progressmeter.patch
new file mode 100644
index 00000000..56805d12
--- /dev/null
+++ b/net-misc/openssh-x/files/openssh-6.0_p1-hpn-progressmeter.patch
@@ -0,0 +1,15 @@
+don't go reading random stack values
+
+already e-mailed to upstream hpn devs
+
+--- progressmeter.c
++++ progressmeter.c
+@@ -183,7 +183,7 @@
+ percent = ((float)cur_pos / end_pos) * 100;
+ else
+ percent = 100;
+- snprintf(buf + strlen(buf), win_size - strlen(buf-8),
++ snprintf(buf + strlen(buf), win_size - strlen(buf) - 8,
+ " %3d%% ", percent);
+
+ /* amount transferred */
diff --git a/net-misc/openssh-x/files/openssh-6.0_p1-test.patch b/net-misc/openssh-x/files/openssh-6.0_p1-test.patch
new file mode 100644
index 00000000..8b988aed
--- /dev/null
+++ b/net-misc/openssh-x/files/openssh-6.0_p1-test.patch
@@ -0,0 +1,19 @@
+changeset: 10701:b159befd3104
+tag: tip
+user: Mike Frysinger <vapier@gentoo.org>
+date: Sun Apr 29 00:26:33 2012 -0400
+summary: use = with `test`, not ==
+
+diff -r d8a3ea854288 -r b159befd3104 configure.ac
+--- a/configure.ac Fri Apr 27 00:55:42 2012 +0000
++++ b/configure.ac Sun Apr 29 00:26:33 2012 -0400
+@@ -2591,7 +2591,7 @@
+ AC_DEFINE([SANDBOX_DARWIN], [1], [Sandbox using Darwin sandbox_init(3)])
+ elif test "x$sandbox_arg" = "xseccomp_filter" || \
+ ( test -z "$sandbox_arg" && \
+- test "x$have_seccomp_filter" == "x1" && \
++ test "x$have_seccomp_filter" = "x1" && \
+ test "x$ac_cv_header_linux_audit_h" = "xyes" && \
+ test "x$have_seccomp_audit_arch" = "x1" && \
+ test "x$have_linux_no_new_privs" = "x1" && \
+
diff --git a/net-misc/openssh-x/files/openssh-6.0_p1-x509-glue.patch b/net-misc/openssh-x/files/openssh-6.0_p1-x509-glue.patch
new file mode 100644
index 00000000..3633a2af
--- /dev/null
+++ b/net-misc/openssh-x/files/openssh-6.0_p1-x509-glue.patch
@@ -0,0 +1,15 @@
+make x509 apply after openssh-5.9_p1-sshd-gssapi-multihomed.patch
+
+--- openssh-6.0p1+x509-7.1.diff
++++ openssh-6.0p1+x509-7.1.diff
+@@ -13502,9 +13502,9 @@
+ Specifies whether challenge-response authentication is allowed (e.g. via
+ PAM or though authentication styles supported in
+ @@ -430,6 +507,16 @@
++ This facility is provided to assist with operation on multi homed machines.
+ The default is
+ .Dq yes .
+- Note that this option applies to protocol version 2 only.
+ +.It Cm HostbasedAlgorithms
+ +Specifies the protocol version 2 algorithms used in
+ +.Dq hostbased
diff --git a/net-misc/openssh-x/files/openssh-6.0_p1-x509-hpn-glue.patch b/net-misc/openssh-x/files/openssh-6.0_p1-x509-hpn-glue.patch
new file mode 100644
index 00000000..9e3dfdbe
--- /dev/null
+++ b/net-misc/openssh-x/files/openssh-6.0_p1-x509-hpn-glue.patch
@@ -0,0 +1,57 @@
+diff --git a/Makefile.in b/Makefile.in
+index ecb45cd..7834fb1 100644
+--- a/Makefile.in
++++ b/Makefile.in
+@@ -45,12 +45,13 @@ FIPSLD_CC=@FIPSLD_CC@
+ CC=@CC@
+ LD=@LD@
+ CFLAGS=@CFLAGS@
+-CPPFLAGS=-I. -I$(srcdir) @CPPFLAGS@ @LDAP_CPPFLAGS@ $(PATHS) @DEFS@
++CPPFLAGS=-I. -I$(srcdir) @CPPFLAGS@ $(PATHS) @DEFS@
+ LIBS=@LIBS@
+ SSHLIBS=@SSHLIBS@
+ SSHDLIBS=@SSHDLIBS@
+ LIBEDIT=@LIBEDIT@
+ LIBLDAP=@LDAP_LDFLAGS@ @LDAP_LIBS@
++CPPFLAGS+=@LDAP_CPPFLAGS@
+ AR=@AR@
+ AWK=@AWK@
+ RANLIB=@RANLIB@
+diff --git a/sshconnect.c b/sshconnect.c
+index 19a2b06..dd75f78 100644
+--- a/sshconnect.c
++++ b/sshconnect.c
+@@ -580,7 +580,7 @@ ssh_exchange_identification(int timeout_ms)
+ snprintf(buf, sizeof buf, "SSH-%d.%d-%.100s%s",
+ compat20 ? PROTOCOL_MAJOR_2 : PROTOCOL_MAJOR_1,
+ compat20 ? PROTOCOL_MINOR_2 : minor1,
+- SSH_VERSION, compat20 ? " PKIX\r\n" : "\n");
++ SSH_VERSION, compat20 ? "\r\n" : "\n");
+ if (roaming_atomicio(vwrite, connection_out, buf, strlen(buf))
+ != strlen(buf))
+ fatal("write: %.100s", strerror(errno));
+diff --git a/sshd.c b/sshd.c
+index a5c437d..a1105a0 100644
+--- a/sshd.c
++++ b/sshd.c
+@@ -428,8 +428,8 @@ sshd_exchange_identification(int sock_in, int sock_out)
+ minor = PROTOCOL_MINOR_1;
+ comment = "";
+ }
+- snprintf(buf, sizeof buf, "SSH-%d.%d-%.100s%s%s", major, minor,
+- SSH_VERSION, comment, newline);
++ snprintf(buf, sizeof buf, "SSH-%d.%d-%.100s%s", major, minor,
++ SSH_VERSION, newline);
+ server_version_string = xstrdup(buf);
+
+ /* Send our protocol version identification. */
+diff --git a/version.h b/version.h
+index 78983d9..ec1746d 100644
+--- a/version.h
++++ b/version.h
+@@ -3,4 +3,5 @@
+ #define SSH_VERSION "OpenSSH_6.0"
+
+ #define SSH_PORTABLE "p1"
++#define SSH_X509 " PKIX"
+ #define SSH_RELEASE SSH_VERSION SSH_PORTABLE
diff --git a/net-misc/openssh-x/files/openssh-6.1_p1-x509-glue.patch b/net-misc/openssh-x/files/openssh-6.1_p1-x509-glue.patch
new file mode 100644
index 00000000..e6db835d
--- /dev/null
+++ b/net-misc/openssh-x/files/openssh-6.1_p1-x509-glue.patch
@@ -0,0 +1,15 @@
+make x509 apply after openssh-5.9_p1-sshd-gssapi-multihomed.patch
+
+--- openssh-6.1p1+x509-7.2.1.diff
++++ openssh-6.1p1+x509-7.2.1.diff
+@@ -13502,9 +13502,9 @@
+ Specifies whether challenge-response authentication is allowed (e.g. via
+ PAM or though authentication styles supported in
+ @@ -432,6 +509,16 @@
++ This facility is provided to assist with operation on multi homed machines.
+ The default is
+ .Dq yes .
+- Note that this option applies to protocol version 2 only.
+ +.It Cm HostbasedAlgorithms
+ +Specifies the protocol version 2 algorithms used in
+ +.Dq hostbased
diff --git a/net-misc/openssh-x/files/openssh-6.1_p1-x509-hpn-glue.patch b/net-misc/openssh-x/files/openssh-6.1_p1-x509-hpn-glue.patch
new file mode 100644
index 00000000..5d69a50b
--- /dev/null
+++ b/net-misc/openssh-x/files/openssh-6.1_p1-x509-hpn-glue.patch
@@ -0,0 +1,49 @@
+--- a/Makefile.in
++++ b/Makefile.in
+@@ -45,12 +45,13 @@ FIPSLD_CC=@FIPSLD_CC@
+ CC=@CC@
+ LD=@LD@
+ CFLAGS=@CFLAGS@
+-CPPFLAGS=-I. -I$(srcdir) @CPPFLAGS@ @LDAP_CPPFLAGS@ $(PATHS) @DEFS@
++CPPFLAGS=-I. -I$(srcdir) @CPPFLAGS@ $(PATHS) @DEFS@
+ LIBS=@LIBS@
+ SSHLIBS=@SSHLIBS@
+ SSHDLIBS=@SSHDLIBS@
+ LIBEDIT=@LIBEDIT@
+ LIBLDAP=@LDAP_LDFLAGS@ @LDAP_LIBS@
++CPPFLAGS+=@LDAP_CPPFLAGS@
+ AR=@AR@
+ AWK=@AWK@
+ RANLIB=@RANLIB@
+--- a/sshconnect.c
++++ b/sshconnect.c
+@@ -580,7 +580,7 @@ ssh_exchange_identification(int timeout_ms)
+ snprintf(buf, sizeof buf, "SSH-%d.%d-%.100s%s",
+ compat20 ? PROTOCOL_MAJOR_2 : PROTOCOL_MAJOR_1,
+ compat20 ? PROTOCOL_MINOR_2 : minor1,
+- SSH_VERSION, compat20 ? " PKIX\r\n" : "\n");
++ SSH_VERSION, compat20 ? "\r\n" : "\n");
+ if (roaming_atomicio(vwrite, connection_out, buf, strlen(buf))
+ != strlen(buf))
+ fatal("write: %.100s", strerror(errno));
+--- a/sshd.c
++++ b/sshd.c
+@@ -428,8 +428,8 @@ sshd_exchange_identification(int sock_in, int sock_out)
+ comment = "";
+ }
+
+- xasprintf(&server_version_string, "SSH-%d.%d-%.100s%s%s%s%s",
++ xasprintf(&server_version_string, "SSH-%d.%d-%.100s%s%s%s",
+- major, minor, SSH_VERSION, comment,
++ major, minor, SSH_VERSION,
+ *options.version_addendum == '\0' ? "" : " ",
+ options.version_addendum, newline);
+
+--- a/version.h
++++ b/version.h
+@@ -3,4 +3,5 @@
+ #define SSH_VERSION "OpenSSH_6.0"
+
+ #define SSH_PORTABLE "p1"
++#define SSH_X509 " PKIX"
+ #define SSH_RELEASE SSH_VERSION SSH_PORTABLE
diff --git a/net-misc/openssh-x/files/sshd.confd b/net-misc/openssh-x/files/sshd.confd
new file mode 100644
index 00000000..28952b4a
--- /dev/null
+++ b/net-misc/openssh-x/files/sshd.confd
@@ -0,0 +1,21 @@
+# /etc/conf.d/sshd: config file for /etc/init.d/sshd
+
+# Where is your sshd_config file stored?
+
+SSHD_CONFDIR="/etc/ssh"
+
+
+# Any random options you want to pass to sshd.
+# See the sshd(8) manpage for more info.
+
+SSHD_OPTS=""
+
+
+# Pid file to use (needs to be absolute path).
+
+#SSHD_PIDFILE="/var/run/sshd.pid"
+
+
+# Path to the sshd binary (needs to be absolute path).
+
+#SSHD_BINARY="/usr/sbin/sshd"
diff --git a/net-misc/openssh-x/files/sshd.pam b/net-misc/openssh-x/files/sshd.pam
new file mode 100644
index 00000000..51149402
--- /dev/null
+++ b/net-misc/openssh-x/files/sshd.pam
@@ -0,0 +1,9 @@
+#%PAM-1.0
+
+auth required pam_stack.so service=system-auth
+auth required pam_shells.so
+auth required pam_nologin.so
+account required pam_stack.so service=system-auth
+password required pam_stack.so service=system-auth
+session required pam_stack.so service=system-auth
+
diff --git a/net-misc/openssh-x/files/sshd.pam_include.2 b/net-misc/openssh-x/files/sshd.pam_include.2
new file mode 100644
index 00000000..b801aaaf
--- /dev/null
+++ b/net-misc/openssh-x/files/sshd.pam_include.2
@@ -0,0 +1,4 @@
+auth include system-remote-login
+account include system-remote-login
+password include system-remote-login
+session include system-remote-login
diff --git a/net-misc/openssh-x/files/sshd.rc6 b/net-misc/openssh-x/files/sshd.rc6
new file mode 100644
index 00000000..03160686
--- /dev/null
+++ b/net-misc/openssh-x/files/sshd.rc6
@@ -0,0 +1,82 @@
+#!/sbin/runscript
+# Copyright 1999-2011 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/net-misc/openssh/files/sshd.rc6,v 1.28 2011/12/04 10:08:19 swegener Exp $
+
+extra_commands="checkconfig gen_keys"
+extra_started_commands="reload"
+
+depend() {
+ use logger dns
+ need net
+}
+
+SSHD_CONFDIR=${SSHD_CONFDIR:-/etc/ssh}
+SSHD_PIDFILE=${SSHD_PIDFILE:-/var/run/${SVCNAME}.pid}
+SSHD_BINARY=${SSHD_BINARY:-/usr/sbin/sshd}
+
+checkconfig() {
+ if [ ! -d /var/empty ] ; then
+ mkdir -p /var/empty || return 1
+ fi
+
+ if [ ! -e "${SSHD_CONFDIR}"/sshd_config ] ; then
+ eerror "You need an ${SSHD_CONFDIR}/sshd_config file to run sshd"
+ eerror "There is a sample file in /usr/share/doc/openssh"
+ return 1
+ fi
+
+ gen_keys || return 1
+
+ "${SSHD_BINARY}" -t ${myopts} || return 1
+}
+
+gen_keys() {
+ if [ ! -e "${SSHD_CONFDIR}"/ssh_host_key ] ; then
+ einfo "Generating Hostkey..."
+ /usr/bin/ssh-keygen -t rsa1 -f "${SSHD_CONFDIR}"/ssh_host_key -N '' || return 1
+ fi
+ if [ ! -e "${SSHD_CONFDIR}"/ssh_host_dsa_key ] ; then
+ einfo "Generating DSA-Hostkey..."
+ /usr/bin/ssh-keygen -d -f "${SSHD_CONFDIR}"/ssh_host_dsa_key -N '' || return 1
+ fi
+ if [ ! -e "${SSHD_CONFDIR}"/ssh_host_rsa_key ] ; then
+ einfo "Generating RSA-Hostkey..."
+ /usr/bin/ssh-keygen -t rsa -f "${SSHD_CONFDIR}"/ssh_host_rsa_key -N '' || return 1
+ fi
+ return 0
+}
+
+start() {
+ local myopts=""
+ [ "${SSHD_PIDFILE}" != "/var/run/sshd.pid" ] \
+ && myopts="${myopts} -o PidFile=${SSHD_PIDFILE}"
+ [ "${SSHD_CONFDIR}" != "/etc/ssh" ] \
+ && myopts="${myopts} -f ${SSHD_CONFDIR}/sshd_config"
+
+ checkconfig || return 1
+ ebegin "Starting ${SVCNAME}"
+ start-stop-daemon --start --exec "${SSHD_BINARY}" \
+ --pidfile "${SSHD_PIDFILE}" \
+ -- ${myopts} ${SSHD_OPTS}
+ eend $?
+}
+
+stop() {
+ if [ "${RC_CMD}" = "restart" ] ; then
+ checkconfig || return 1
+ fi
+
+ ebegin "Stopping ${SVCNAME}"
+ start-stop-daemon --stop --exec "${SSHD_BINARY}" \
+ --pidfile "${SSHD_PIDFILE}" --quiet
+ eend $?
+}
+
+reload() {
+ checkconfig || return 1
+ ebegin "Reloading ${SVCNAME}"
+ start-stop-daemon --stop --signal HUP --oknodo \
+ --exec "${SSHD_BINARY}" --pidfile "${SSHD_PIDFILE}"
+ eend $?
+}
diff --git a/net-misc/openssh-x/files/sshd.rc6.1 b/net-misc/openssh-x/files/sshd.rc6.1
new file mode 100644
index 00000000..6524601c
--- /dev/null
+++ b/net-misc/openssh-x/files/sshd.rc6.1
@@ -0,0 +1,83 @@
+#!/sbin/runscript
+# Copyright 1999-2011 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/net-misc/openssh/files/sshd.rc6.1,v 1.2 2011/12/04 10:08:19 swegener Exp $
+
+extra_commands="checkconfig gen_keys"
+extra_started_commands="reload"
+
+depend() {
+ use logger dns
+ need net
+}
+
+SSHD_CONFDIR=${SSHD_CONFDIR:-/etc/ssh}
+SSHD_PIDFILE=${SSHD_PIDFILE:-/var/run/${SVCNAME}.pid}
+SSHD_BINARY=${SSHD_BINARY:-/usr/sbin/sshd}
+
+checkconfig() {
+ if [ ! -d /var/empty ] ; then
+ mkdir -p /var/empty || return 1
+ fi
+
+ if [ ! -e "${SSHD_CONFDIR}"/sshd_config ] ; then
+ eerror "You need an ${SSHD_CONFDIR}/sshd_config file to run sshd"
+ eerror "There is a sample file in /usr/share/doc/openssh"
+ return 1
+ fi
+
+ gen_keys || return 1
+
+ "${SSHD_BINARY}" -t ${myopts} || return 1
+}
+
+gen_keys() {
+ if [ ! -e "${SSHD_CONFDIR}"/ssh_host_key ] && \
+ egrep -q '^[ \t]*Protocol[ \t]+.*1' "${SSHD_CONFDIR}"/sshd_config ; then
+ einfo "Generating RSA1-Hostkey..."
+ /usr/bin/ssh-keygen -t rsa1 -f "${SSHD_CONFDIR}"/ssh_host_key -N '' || return 1
+ fi
+ if [ ! -e "${SSHD_CONFDIR}"/ssh_host_dsa_key ] ; then
+ einfo "Generating DSA-Hostkey..."
+ /usr/bin/ssh-keygen -d -f "${SSHD_CONFDIR}"/ssh_host_dsa_key -N '' || return 1
+ fi
+ if [ ! -e "${SSHD_CONFDIR}"/ssh_host_rsa_key ] ; then
+ einfo "Generating RSA-Hostkey..."
+ /usr/bin/ssh-keygen -t rsa -f "${SSHD_CONFDIR}"/ssh_host_rsa_key -N '' || return 1
+ fi
+ return 0
+}
+
+start() {
+ local myopts=""
+ [ "${SSHD_PIDFILE}" != "/var/run/sshd.pid" ] \
+ && myopts="${myopts} -o PidFile=${SSHD_PIDFILE}"
+ [ "${SSHD_CONFDIR}" != "/etc/ssh" ] \
+ && myopts="${myopts} -f ${SSHD_CONFDIR}/sshd_config"
+
+ checkconfig || return 1
+ ebegin "Starting ${SVCNAME}"
+ start-stop-daemon --start --exec "${SSHD_BINARY}" \
+ --pidfile "${SSHD_PIDFILE}" \
+ -- ${myopts} ${SSHD_OPTS}
+ eend $?
+}
+
+stop() {
+ if [ "${RC_CMD}" = "restart" ] ; then
+ checkconfig || return 1
+ fi
+
+ ebegin "Stopping ${SVCNAME}"
+ start-stop-daemon --stop --exec "${SSHD_BINARY}" \
+ --pidfile "${SSHD_PIDFILE}" --quiet
+ eend $?
+}
+
+reload() {
+ checkconfig || return 1
+ ebegin "Reloading ${SVCNAME}"
+ start-stop-daemon --stop --signal HUP --oknodo \
+ --exec "${SSHD_BINARY}" --pidfile "${SSHD_PIDFILE}"
+ eend $?
+}
diff --git a/net-misc/openssh-x/files/sshd.rc6.2 b/net-misc/openssh-x/files/sshd.rc6.2
new file mode 100644
index 00000000..22aaaad2
--- /dev/null
+++ b/net-misc/openssh-x/files/sshd.rc6.2
@@ -0,0 +1,85 @@
+#!/sbin/runscript
+# Copyright 1999-2011 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/net-misc/openssh/files/sshd.rc6.2,v 1.3 2011/12/04 10:08:19 swegener Exp $
+
+extra_commands="checkconfig gen_keys"
+extra_started_commands="reload"
+
+depend() {
+ use logger dns
+ need net
+}
+
+SSHD_CONFDIR=${SSHD_CONFDIR:-/etc/ssh}
+SSHD_PIDFILE=${SSHD_PIDFILE:-/var/run/${SVCNAME}.pid}
+SSHD_BINARY=${SSHD_BINARY:-/usr/sbin/sshd}
+
+checkconfig() {
+ if [ ! -d /var/empty ] ; then
+ mkdir -p /var/empty || return 1
+ fi
+
+ if [ ! -e "${SSHD_CONFDIR}"/sshd_config ] ; then
+ eerror "You need an ${SSHD_CONFDIR}/sshd_config file to run sshd"
+ eerror "There is a sample file in /usr/share/doc/openssh"
+ return 1
+ fi
+
+ gen_keys || return 1
+
+ [ "${SSHD_PIDFILE}" != "/var/run/sshd.pid" ] \
+ && SSHD_OPTS="${SSHD_OPTS} -o PidFile=${SSHD_PIDFILE}"
+ [ "${SSHD_CONFDIR}" != "/etc/ssh" ] \
+ && SSHD_OPTS="${SSHD_OPTS} -f ${SSHD_CONFDIR}/sshd_config"
+
+ "${SSHD_BINARY}" -t ${SSHD_OPTS} || return 1
+}
+
+gen_key() {
+ local type=$1 key ks
+ [ $# -eq 1 ] && ks="${type}_"
+ key="${SSHD_CONFDIR}/ssh_host_${ks}key"
+ if [ ! -e "${key}" ] ; then
+ ebegin "Generating ${type} host key"
+ ssh-keygen -t ${type} -f "${key}" -N ''
+ eend $? || return $?
+ fi
+}
+
+gen_keys() {
+ if egrep -q '^[[:space:]]*Protocol[[:space:]]+.*1' "${SSHD_CONFDIR}"/sshd_config ; then
+ gen_key rsa1 "" || return 1
+ fi
+ gen_key dsa && gen_key rsa && gen_key ecdsa
+ return $?
+}
+
+start() {
+ checkconfig || return 1
+
+ ebegin "Starting ${SVCNAME}"
+ start-stop-daemon --start --exec "${SSHD_BINARY}" \
+ --pidfile "${SSHD_PIDFILE}" \
+ -- ${SSHD_OPTS}
+ eend $?
+}
+
+stop() {
+ if [ "${RC_CMD}" = "restart" ] ; then
+ checkconfig || return 1
+ fi
+
+ ebegin "Stopping ${SVCNAME}"
+ start-stop-daemon --stop --exec "${SSHD_BINARY}" \
+ --pidfile "${SSHD_PIDFILE}" --quiet
+ eend $?
+}
+
+reload() {
+ checkconfig || return 1
+ ebegin "Reloading ${SVCNAME}"
+ start-stop-daemon --stop --signal HUP --oknodo \
+ --exec "${SSHD_BINARY}" --pidfile "${SSHD_PIDFILE}"
+ eend $?
+}
diff --git a/net-misc/openssh-x/files/sshd.rc6.3 b/net-misc/openssh-x/files/sshd.rc6.3
new file mode 100755
index 00000000..c55116e9
--- /dev/null
+++ b/net-misc/openssh-x/files/sshd.rc6.3
@@ -0,0 +1,85 @@
+#!/sbin/runscript
+# Copyright 1999-2011 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/net-misc/openssh/files/sshd.rc6.3,v 1.2 2011/09/14 21:46:19 polynomial-c Exp $
+
+extra_commands="checkconfig gen_keys"
+extra_started_commands="reload"
+
+depend() {
+ use logger dns
+ need net
+}
+
+SSHD_CONFDIR=${SSHD_CONFDIR:-/etc/ssh}
+SSHD_PIDFILE=${SSHD_PIDFILE:-/var/run/${SVCNAME}.pid}
+SSHD_BINARY=${SSHD_BINARY:-/usr/sbin/sshd}
+
+checkconfig() {
+ if [ ! -d /var/empty ] ; then
+ mkdir -p /var/empty || return 1
+ fi
+
+ if [ ! -e "${SSHD_CONFDIR}"/sshd_config ] ; then
+ eerror "You need an ${SSHD_CONFDIR}/sshd_config file to run sshd"
+ eerror "There is a sample file in /usr/share/doc/openssh"
+ return 1
+ fi
+
+ gen_keys || return 1
+
+ [ "${SSHD_PIDFILE}" != "/var/run/sshd.pid" ] \
+ && SSHD_OPTS="${SSHD_OPTS} -o PidFile=${SSHD_PIDFILE}"
+ [ "${SSHD_CONFDIR}" != "/etc/ssh" ] \
+ && SSHD_OPTS="${SSHD_OPTS} -f ${SSHD_CONFDIR}/sshd_config"
+
+ "${SSHD_BINARY}" -t ${SSHD_OPTS} || return 1
+}
+
+gen_key() {
+ local type=$1 key ks
+ [ $# -eq 1 ] && ks="${type}_"
+ key="${SSHD_CONFDIR}/ssh_host_${ks}key"
+ if [ ! -e "${key}" ] ; then
+ ebegin "Generating ${type} host key"
+ ssh-keygen -t ${type} -f "${key}" -N ''
+ eend $? || return $?
+ fi
+}
+
+gen_keys() {
+ if egrep -q '^[[:space:]]*Protocol[[:space:]]+.*1' "${SSHD_CONFDIR}"/sshd_config ; then
+ gen_key rsa1 "" || return 1
+ fi
+ gen_key dsa && gen_key rsa && gen_key ecdsa
+ return $?
+}
+
+start() {
+ checkconfig || return 1
+
+ ebegin "Starting ${SVCNAME}"
+ start-stop-daemon --start --exec "${SSHD_BINARY}" \
+ --pidfile "${SSHD_PIDFILE}" \
+ -- ${SSHD_OPTS}
+ eend $?
+}
+
+stop() {
+ if [ "${RC_CMD}" = "restart" ] ; then
+ checkconfig || return 1
+ fi
+
+ ebegin "Stopping ${SVCNAME}"
+ start-stop-daemon --stop --exec "${SSHD_BINARY}" \
+ --pidfile "${SSHD_PIDFILE}" --quiet
+ eend $?
+}
+
+reload() {
+ checkconfig || return 1
+ ebegin "Reloading ${SVCNAME}"
+ start-stop-daemon --signal HUP \
+ --exec "${SSHD_BINARY}" --pidfile "${SSHD_PIDFILE}"
+ eend $?
+}
diff --git a/net-misc/openssh-x/files/sshd.service b/net-misc/openssh-x/files/sshd.service
new file mode 100644
index 00000000..45f823ac
--- /dev/null
+++ b/net-misc/openssh-x/files/sshd.service
@@ -0,0 +1,10 @@
+[Unit]
+Description=OpenSSH server daemon
+After=syslog.target network.target auditd.service
+
+[Service]
+ExecStart=/usr/sbin/sshd -D -e
+ExecReload=/bin/kill -HUP $MAINPID
+
+[Install]
+WantedBy=multi-user.target
diff --git a/net-misc/openssh-x/files/sshd.socket b/net-misc/openssh-x/files/sshd.socket
new file mode 100644
index 00000000..94b95331
--- /dev/null
+++ b/net-misc/openssh-x/files/sshd.socket
@@ -0,0 +1,10 @@
+[Unit]
+Description=OpenSSH Server Socket
+Conflicts=sshd.service
+
+[Socket]
+ListenStream=22
+Accept=yes
+
+[Install]
+WantedBy=sockets.target
diff --git a/net-misc/openssh-x/files/sshd_at.service b/net-misc/openssh-x/files/sshd_at.service
new file mode 100644
index 00000000..2645ad04
--- /dev/null
+++ b/net-misc/openssh-x/files/sshd_at.service
@@ -0,0 +1,8 @@
+[Unit]
+Description=OpenSSH per-connection server daemon
+After=syslog.target auditd.service
+
+[Service]
+ExecStart=-/usr/sbin/sshd -i -e
+StandardInput=socket
+StandardError=syslog
diff --git a/net-misc/openssh-x/metadata.xml b/net-misc/openssh-x/metadata.xml
new file mode 100644
index 00000000..a7517337
--- /dev/null
+++ b/net-misc/openssh-x/metadata.xml
@@ -0,0 +1,28 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
+<pkgmetadata>
+ <herd>base-system</herd>
+ <maintainer restrict="net-misc/openssh[ldap]">
+ <email>robbat2@gentoo.org</email>
+ <description>LPK issues. Only assign if it's a direct LPK issue. Do not directly assign for anything else.</description>
+ </maintainer>
+ <longdescription>
+OpenSSH is a FREE version of the SSH protocol suite of network connectivity tools that
+increasing numbers of people on the Internet are coming to rely on. Many users of telnet,
+rlogin, ftp, and other such programs might not realize that their password is transmitted
+across the Internet unencrypted, but it is. OpenSSH encrypts all traffic (including passwords)
+to effectively eliminate eavesdropping, connection hijacking, and other network-level attacks.
+Additionally, OpenSSH provides a myriad of secure tunneling capabilities, as well as a variety
+of authentication methods.
+
+The OpenSSH suite includes the ssh program which replaces rlogin and telnet, scp which
+replaces rcp, and sftp which replaces ftp. Also included is sshd which is the server side of
+the package, and the other basic utilities like ssh-add, ssh-agent, ssh-keysign, ssh-keyscan,
+ssh-keygen and sftp-server. OpenSSH supports SSH protocol versions 1.3, 1.5, and 2.0.
+</longdescription>
+ <use>
+ <flag name="hpn">Enable high performance ssh</flag>
+ <flag name="ldap">Add support for storing SSH public keys in LDAP</flag>
+ <flag name="X509">Adds support for X.509 certificate authentication</flag>
+ </use>
+</pkgmetadata>
diff --git a/net-misc/openssh-x/openssh-x-6.0_p1-r1.ebuild b/net-misc/openssh-x/openssh-x-6.0_p1-r1.ebuild
new file mode 100644
index 00000000..66f79c8b
--- /dev/null
+++ b/net-misc/openssh-x/openssh-x-6.0_p1-r1.ebuild
@@ -0,0 +1,294 @@
+# Copyright 1999-2012 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/net-misc/openssh/openssh-6.0_p1-r1.ebuild,v 1.1 2012/06/08 05:43:01 vapier Exp $
+
+EAPI="2"
+inherit eutils user flag-o-matic multilib autotools pam systemd
+
+# Make it more portable between straight releases
+# and _p? releases.
+PARCH=${P/_}
+
+HPN_PATCH="${PARCH}-hpn13v11.diff.bz2"
+LDAP_PATCH="${PARCH/-/-lpk-}-0.3.14.patch.gz"
+X509_VER="7.1" X509_PATCH="${PARCH}+x509-${X509_VER}.diff.gz"
+
+DESCRIPTION="Port of OpenBSD's free SSH release"
+HOMEPAGE="http://www.openssh.org/"
+SRC_URI="mirror://openbsd/OpenSSH/portable/${PARCH}.tar.gz
+ ${HPN_PATCH:+hpn? ( http://www.psc.edu/networking/projects/hpn-ssh/${HPN_PATCH} mirror://gentoo/${HPN_PATCH} )}
+ ${LDAP_PATCH:+ldap? ( mirror://gentoo/${LDAP_PATCH} )}
+ ${X509_PATCH:+X509? ( http://roumenpetrov.info/openssh/x509-${X509_VER}/${X509_PATCH} )}
+ "
+
+LICENSE="as-is"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd"
+IUSE="${HPN_PATCH:++}hpn kerberos ldap libedit pam selinux skey static tcpd X X509"
+
+RDEPEND="pam? ( virtual/pam )
+ kerberos? ( virtual/krb5 )
+ selinux? ( >=sys-libs/libselinux-1.28 )
+ skey? ( >=sys-auth/skey-1.1.5-r1 )
+ ldap? ( net-nds/openldap )
+ libedit? ( dev-libs/libedit )
+ >=dev-libs/openssl-0.9.6d
+ >=sys-libs/zlib-1.2.3
+ tcpd? ( >=sys-apps/tcp-wrappers-7.6 )
+ X? ( x11-apps/xauth )
+ userland_GNU? ( virtual/shadow )"
+DEPEND="${RDEPEND}
+ virtual/pkgconfig
+ virtual/os-headers
+ sys-devel/autoconf"
+RDEPEND="${RDEPEND}
+ pam? ( >=sys-auth/pambase-20081028 )"
+
+S=${WORKDIR}/${PARCH}
+
+pkg_setup() {
+ # this sucks, but i'd rather have people unable to `emerge -u openssh`
+ # than not be able to log in to their server any more
+ maybe_fail() { [[ -z ${!2} ]] && echo ${1} ; }
+ local fail="
+ $(use X509 && maybe_fail X509 X509_PATCH)
+ $(use ldap && maybe_fail ldap LDAP_PATCH)
+ $(use hpn && maybe_fail hpn HPN_PATCH)
+ "
+ fail=$(echo ${fail})
+ if [[ -n ${fail} ]] ; then
+ eerror "Sorry, but this version does not yet support features"
+ eerror "that you requested: ${fail}"
+ eerror "Please mask ${PF} for now and check back later:"
+ eerror " # echo '=${CATEGORY}/${PF}' >> /etc/portage/package.mask"
+ die "booooo"
+ fi
+}
+
+save_version() {
+ # version.h patch conflict avoidence
+ mv version.h version.h.$1
+ cp -f version.h.pristine version.h
+}
+
+src_prepare() {
+ sed -i \
+ -e '/_PATH_XAUTH/s:/usr/X11R6/bin/xauth:/usr/bin/xauth:' \
+ pathnames.h || die
+ # keep this as we need it to avoid the conflict between LPK and HPN changing
+ # this file.
+ cp version.h version.h.pristine
+
+ # don't break .ssh/authorized_keys2 for fun
+ sed -i '/^AuthorizedKeysFile/s:^:#:' sshd_config || die
+
+ epatch "${FILESDIR}"/${PN}-5.9_p1-sshd-gssapi-multihomed.patch #378361
+ if use X509 ; then
+ pushd .. >/dev/null
+ epatch "${FILESDIR}"/${PN}-6.0_p1-x509-glue.patch
+ popd >/dev/null
+ epatch "${WORKDIR}"/${X509_PATCH%.*}
+ epatch "${FILESDIR}"/${PN}-6.0_p1-x509-hpn-glue.patch
+ save_version X509
+ fi
+ if ! use X509 ; then
+ if [[ -n ${LDAP_PATCH} ]] && use ldap ; then
+ epatch "${WORKDIR}"/${LDAP_PATCH%.*}
+ save_version LPK
+ fi
+ else
+ use ldap && ewarn "Sorry, X509 and LDAP conflict internally, disabling LDAP"
+ fi
+ epatch "${FILESDIR}"/${PN}-6.0_p1-test.patch #391011
+ epatch "${FILESDIR}"/${PN}-6.0_p1-fix-freebsd-compilation.patch #391011
+ epatch "${FILESDIR}"/${PN}-4.7_p1-GSSAPI-dns.patch #165444 integrated into gsskex
+ if [[ -n ${HPN_PATCH} ]] && use hpn; then
+ epatch "${WORKDIR}"/${HPN_PATCH%.*}
+ epatch "${FILESDIR}"/${PN}-5.6_p1-hpn-progressmeter.patch
+ save_version HPN
+ # The AES-CTR multithreaded variant is broken, and causes random hangs
+ # when combined background threading and control sockets. To avoid
+ # this, we change the internal table to use the non-multithread version
+ # for the meantime. Do NOT remove this in new versions. See bug #354113
+ # comment #6 for testcase.
+ # Upstream reference: http://www.psc.edu/networking/projects/hpn-ssh/
+ ## Additionally, the MT-AES-CTR mode cipher replaces the default ST-AES-CTR mode
+ ## cipher. Be aware that if the client process is forked using the -f command line
+ ## option the process will hang as the parent thread gets 'divorced' from the key
+ ## generation threads. This issue will be resolved as soon as possible
+ sed -i \
+ -e '/aes...-ctr.*SSH_CIPHER_SSH2/s,evp_aes_ctr_mt,evp_aes_128_ctr,' \
+ cipher.c || die
+ fi
+
+ sed -i "s:-lcrypto:$(pkg-config --libs openssl):" configure{,.ac} || die
+
+ # Disable PATH reset, trust what portage gives us. bug 254615
+ sed -i -e 's:^PATH=/:#PATH=/:' configure || die
+
+ # Now we can build a sane merged version.h
+ (
+ sed '/^#define SSH_RELEASE/d' version.h.* | sort -u
+ macros=()
+ for p in HPN LPK X509 ; do [ -e version.h.${p} ] && macros+=( SSH_${p} ) ; done
+ printf '#define SSH_RELEASE SSH_VERSION SSH_PORTABLE %s\n' "${macros}"
+ ) > version.h
+
+ eautoreconf
+}
+
+static_use_with() {
+ local flag=$1
+ if use static && use ${flag} ; then
+ ewarn "Disabling '${flag}' support because of USE='static'"
+ # rebuild args so that we invert the first one (USE flag)
+ # but otherwise leave everything else working so we can
+ # just leverage use_with
+ shift
+ [[ -z $1 ]] && flag="${flag} ${flag}"
+ set -- !${flag} "$@"
+ fi
+ use_with "$@"
+}
+
+src_configure() {
+ addwrite /dev/ptmx
+ addpredict /etc/skey/skeykeys #skey configure code triggers this
+
+ use static && append-ldflags -static
+
+ econf \
+ --with-ldflags="${LDFLAGS}" \
+ --disable-strip \
+ --sysconfdir=/etc/ssh \
+ --libexecdir=/usr/$(get_libdir)/misc \
+ --datadir=/usr/share/openssh \
+ --with-privsep-path=/var/empty \
+ --with-privsep-user=sshd \
+ --with-md5-passwords \
+ --with-ssl-engine \
+ $(static_use_with pam) \
+ $(static_use_with kerberos kerberos5 /usr) \
+ ${LDAP_PATCH:+$(use X509 || ( use ldap && use_with ldap ))} \
+ $(use_with libedit) \
+ $(use_with selinux) \
+ $(use_with skey) \
+ $(use_with tcpd tcp-wrappers)
+}
+
+src_install() {
+ emake install-nokeys DESTDIR="${D}" || die
+ fperms 600 /etc/ssh/sshd_config
+ dobin contrib/ssh-copy-id || die
+ newinitd "${FILESDIR}"/sshd.rc6.3 sshd
+ newconfd "${FILESDIR}"/sshd.confd sshd
+ keepdir /var/empty
+
+ # not all openssl installs support ecc, or are functional #352645
+ if ! grep -q '#define OPENSSL_HAS_ECC 1' config.h ; then
+ elog "dev-libs/openssl was built with 'bindist' - disabling ecdsa support"
+ dosed 's:&& gen_key ecdsa::' /etc/init.d/sshd || die
+ fi
+
+ newpamd "${FILESDIR}"/sshd.pam_include.2 sshd
+ if use pam ; then
+ sed -i \
+ -e "/^#UsePAM /s:.*:UsePAM yes:" \
+ -e "/^#PasswordAuthentication /s:.*:PasswordAuthentication no:" \
+ -e "/^#PrintMotd /s:.*:PrintMotd no:" \
+ -e "/^#PrintLastLog /s:.*:PrintLastLog no:" \
+ "${D}"/etc/ssh/sshd_config || die "sed of configuration file failed"
+ fi
+
+ # Gentoo tweaks to default config files
+ cat <<-EOF >> "${D}"/etc/ssh/sshd_config
+
+ # Allow client to pass locale environment variables #367017
+ AcceptEnv LANG LC_*
+ EOF
+ cat <<-EOF >> "${D}"/etc/ssh/ssh_config
+
+ # Send locale environment variables #367017
+ SendEnv LANG LC_*
+ EOF
+
+ # This instruction is from the HPN webpage,
+ # Used for the server logging functionality
+ if [[ -n ${HPN_PATCH} ]] && use hpn ; then
+ keepdir /var/empty/dev
+ fi
+
+ if use ldap ; then
+ insinto /etc/openldap/schema/
+ newins openssh-lpk_openldap.schema openssh-lpk.schema
+ fi
+
+ doman contrib/ssh-copy-id.1
+ dodoc ChangeLog CREDITS OVERVIEW README* TODO sshd_config
+
+ diropts -m 0700
+ dodir /etc/skel/.ssh
+
+ systemd_dounit "${FILESDIR}"/sshd.{service,socket} || die
+ systemd_newunit "${FILESDIR}"/sshd_at.service 'sshd@.service' || die
+}
+
+src_test() {
+ local t tests skipped failed passed shell
+ tests="interop-tests compat-tests"
+ skipped=""
+ shell=$(egetshell ${UID})
+ if [[ ${shell} == */nologin ]] || [[ ${shell} == */false ]] ; then
+ elog "Running the full OpenSSH testsuite"
+ elog "requires a usable shell for the 'portage'"
+ elog "user, so we will run a subset only."
+ skipped="${skipped} tests"
+ else
+ tests="${tests} tests"
+ fi
+ # It will also attempt to write to the homedir .ssh
+ local sshhome=${T}/homedir
+ mkdir -p "${sshhome}"/.ssh
+ for t in ${tests} ; do
+ # Some tests read from stdin ...
+ HOMEDIR="${sshhome}" \
+ emake -k -j1 ${t} </dev/null \
+ && passed="${passed}${t} " \
+ || failed="${failed}${t} "
+ done
+ einfo "Passed tests: ${passed}"
+ ewarn "Skipped tests: ${skipped}"
+ if [[ -n ${failed} ]] ; then
+ ewarn "Failed tests: ${failed}"
+ die "Some tests failed: ${failed}"
+ else
+ einfo "Failed tests: ${failed}"
+ return 0
+ fi
+}
+
+pkg_preinst() {
+ enewgroup sshd 22
+ enewuser sshd 22 -1 /var/empty sshd
+}
+
+pkg_postinst() {
+ elog "Starting with openssh-5.8p1, the server will default to a newer key"
+ elog "algorithm (ECDSA). You are encouraged to manually update your stored"
+ elog "keys list as servers update theirs. See ssh-keyscan(1) for more info."
+ echo
+ ewarn "Remember to merge your config files in /etc/ssh/ and then"
+ ewarn "reload sshd: '/etc/init.d/sshd reload'."
+ if use pam ; then
+ echo
+ ewarn "Please be aware users need a valid shell in /etc/passwd"
+ ewarn "in order to be allowed to login."
+ fi
+ # This instruction is from the HPN webpage,
+ # Used for the server logging functionality
+ if [[ -n ${HPN_PATCH} ]] && use hpn ; then
+ echo
+ einfo "For the HPN server logging patch, you must ensure that"
+ einfo "your syslog application also listens at /var/empty/dev/log."
+ fi
+}
diff --git a/net-misc/openssh-x/openssh-x-6.0_p1.ebuild b/net-misc/openssh-x/openssh-x-6.0_p1.ebuild
new file mode 100644
index 00000000..745baa3f
--- /dev/null
+++ b/net-misc/openssh-x/openssh-x-6.0_p1.ebuild
@@ -0,0 +1,294 @@
+# Copyright 1999-2012 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/net-misc/openssh/openssh-6.0_p1.ebuild,v 1.7 2012/05/29 12:37:53 aballier Exp $
+
+EAPI="2"
+inherit eutils user flag-o-matic multilib autotools pam systemd
+
+# Make it more portable between straight releases
+# and _p? releases.
+PARCH=${P/_}
+
+HPN_PATCH="${PARCH}-hpn13v12.diff.gz"
+LDAP_PATCH="${PARCH/-/-lpk-}-0.3.14.patch.gz"
+X509_VER="7.1" X509_PATCH="${PARCH}+x509-${X509_VER}.diff.gz"
+
+DESCRIPTION="Port of OpenBSD's free SSH release"
+HOMEPAGE="http://www.openssh.org/"
+SRC_URI="mirror://openbsd/OpenSSH/portable/${PARCH}.tar.gz
+ ${HPN_PATCH:+hpn? ( http://www.psc.edu/networking/projects/hpn-ssh/${HPN_PATCH} mirror://gentoo/${HPN_PATCH} )}
+ ${LDAP_PATCH:+ldap? ( mirror://gentoo/${LDAP_PATCH} )}
+ ${X509_PATCH:+X509? ( http://roumenpetrov.info/openssh/x509-${X509_VER}/${X509_PATCH} )}
+ "
+
+LICENSE="as-is"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd"
+IUSE="${HPN_PATCH:++}hpn kerberos ldap libedit pam selinux skey static tcpd X X509"
+
+RDEPEND="pam? ( virtual/pam )
+ kerberos? ( virtual/krb5 )
+ selinux? ( >=sys-libs/libselinux-1.28 )
+ skey? ( >=sys-auth/skey-1.1.5-r1 )
+ ldap? ( net-nds/openldap )
+ libedit? ( dev-libs/libedit )
+ >=dev-libs/openssl-0.9.6d
+ >=sys-libs/zlib-1.2.3
+ tcpd? ( >=sys-apps/tcp-wrappers-7.6 )
+ X? ( x11-apps/xauth )
+ userland_GNU? ( virtual/shadow )"
+DEPEND="${RDEPEND}
+ virtual/pkgconfig
+ virtual/os-headers
+ sys-devel/autoconf"
+RDEPEND="${RDEPEND}
+ pam? ( >=sys-auth/pambase-20081028 )"
+
+S=${WORKDIR}/${PARCH}
+
+pkg_setup() {
+ # this sucks, but i'd rather have people unable to `emerge -u openssh`
+ # than not be able to log in to their server any more
+ maybe_fail() { [[ -z ${!2} ]] && echo ${1} ; }
+ local fail="
+ $(use X509 && maybe_fail X509 X509_PATCH)
+ $(use ldap && maybe_fail ldap LDAP_PATCH)
+ $(use hpn && maybe_fail hpn HPN_PATCH)
+ "
+ fail=$(echo ${fail})
+ if [[ -n ${fail} ]] ; then
+ eerror "Sorry, but this version does not yet support features"
+ eerror "that you requested: ${fail}"
+ eerror "Please mask ${PF} for now and check back later:"
+ eerror " # echo '=${CATEGORY}/${PF}' >> /etc/portage/package.mask"
+ die "booooo"
+ fi
+}
+
+save_version() {
+ # version.h patch conflict avoidence
+ mv version.h version.h.$1
+ cp -f version.h.pristine version.h
+}
+
+src_prepare() {
+ sed -i \
+ -e '/_PATH_XAUTH/s:/usr/X11R6/bin/xauth:/usr/bin/xauth:' \
+ pathnames.h || die
+ # keep this as we need it to avoid the conflict between LPK and HPN changing
+ # this file.
+ cp version.h version.h.pristine
+
+ # don't break .ssh/authorized_keys2 for fun
+ sed -i '/^AuthorizedKeysFile/s:^:#:' sshd_config || die
+
+ epatch "${FILESDIR}"/${PN}-5.9_p1-sshd-gssapi-multihomed.patch #378361
+ if use X509 ; then
+ pushd .. >/dev/null
+ epatch "${FILESDIR}"/${PN}-6.0_p1-x509-glue.patch
+ popd >/dev/null
+ epatch "${WORKDIR}"/${X509_PATCH%.*}
+ epatch "${FILESDIR}"/${PN}-6.0_p1-x509-hpn-glue.patch
+ save_version X509
+ fi
+ if ! use X509 ; then
+ if [[ -n ${LDAP_PATCH} ]] && use ldap ; then
+ epatch "${WORKDIR}"/${LDAP_PATCH%.*}
+ save_version LPK
+ fi
+ else
+ use ldap && ewarn "Sorry, X509 and LDAP conflict internally, disabling LDAP"
+ fi
+ epatch "${FILESDIR}"/${PN}-6.0_p1-test.patch #391011
+ epatch "${FILESDIR}"/${PN}-6.0_p1-fix-freebsd-compilation.patch #391011
+ epatch "${FILESDIR}"/${PN}-4.7_p1-GSSAPI-dns.patch #165444 integrated into gsskex
+ if [[ -n ${HPN_PATCH} ]] && use hpn; then
+ epatch "${WORKDIR}"/${HPN_PATCH%.*}
+ epatch "${FILESDIR}"/${PN}-6.0_p1-hpn-progressmeter.patch
+ save_version HPN
+ # The AES-CTR multithreaded variant is broken, and causes random hangs
+ # when combined background threading and control sockets. To avoid
+ # this, we change the internal table to use the non-multithread version
+ # for the meantime. Do NOT remove this in new versions. See bug #354113
+ # comment #6 for testcase.
+ # Upstream reference: http://www.psc.edu/networking/projects/hpn-ssh/
+ ## Additionally, the MT-AES-CTR mode cipher replaces the default ST-AES-CTR mode
+ ## cipher. Be aware that if the client process is forked using the -f command line
+ ## option the process will hang as the parent thread gets 'divorced' from the key
+ ## generation threads. This issue will be resolved as soon as possible
+ sed -i \
+ -e '/aes...-ctr.*SSH_CIPHER_SSH2/s,evp_aes_ctr_mt,evp_aes_128_ctr,' \
+ cipher.c || die
+ fi
+
+ sed -i "s:-lcrypto:$(pkg-config --libs openssl):" configure{,.ac} || die
+
+ # Disable PATH reset, trust what portage gives us. bug 254615
+ sed -i -e 's:^PATH=/:#PATH=/:' configure || die
+
+ # Now we can build a sane merged version.h
+ (
+ sed '/^#define SSH_RELEASE/d' version.h.* | sort -u
+ macros=()
+ for p in HPN LPK X509 ; do [ -e version.h.${p} ] && macros+=( SSH_${p} ) ; done
+ printf '#define SSH_RELEASE SSH_VERSION SSH_PORTABLE %s\n' "${macros}"
+ ) > version.h
+
+ eautoreconf
+}
+
+static_use_with() {
+ local flag=$1
+ if use static && use ${flag} ; then
+ ewarn "Disabling '${flag}' support because of USE='static'"
+ # rebuild args so that we invert the first one (USE flag)
+ # but otherwise leave everything else working so we can
+ # just leverage use_with
+ shift
+ [[ -z $1 ]] && flag="${flag} ${flag}"
+ set -- !${flag} "$@"
+ fi
+ use_with "$@"
+}
+
+src_configure() {
+ addwrite /dev/ptmx
+ addpredict /etc/skey/skeykeys #skey configure code triggers this
+
+ use static && append-ldflags -static
+
+ econf \
+ --with-ldflags="${LDFLAGS}" \
+ --disable-strip \
+ --sysconfdir=/etc/ssh \
+ --libexecdir=/usr/$(get_libdir)/misc \
+ --datadir=/usr/share/openssh \
+ --with-privsep-path=/var/empty \
+ --with-privsep-user=sshd \
+ --with-md5-passwords \
+ --with-ssl-engine \
+ $(static_use_with pam) \
+ $(static_use_with kerberos kerberos5 /usr) \
+ ${LDAP_PATCH:+$(use X509 || ( use ldap && use_with ldap ))} \
+ $(use_with libedit) \
+ $(use_with selinux) \
+ $(use_with skey) \
+ $(use_with tcpd tcp-wrappers)
+}
+
+src_install() {
+ emake install-nokeys DESTDIR="${D}" || die
+ fperms 600 /etc/ssh/sshd_config
+ dobin contrib/ssh-copy-id || die
+ newinitd "${FILESDIR}"/sshd.rc6.3 sshd
+ newconfd "${FILESDIR}"/sshd.confd sshd
+ keepdir /var/empty
+
+ # not all openssl installs support ecc, or are functional #352645
+ if ! grep -q '#define OPENSSL_HAS_ECC 1' config.h ; then
+ elog "dev-libs/openssl was built with 'bindist' - disabling ecdsa support"
+ dosed 's:&& gen_key ecdsa::' /etc/init.d/sshd || die
+ fi
+
+ newpamd "${FILESDIR}"/sshd.pam_include.2 sshd
+ if use pam ; then
+ sed -i \
+ -e "/^#UsePAM /s:.*:UsePAM yes:" \
+ -e "/^#PasswordAuthentication /s:.*:PasswordAuthentication no:" \
+ -e "/^#PrintMotd /s:.*:PrintMotd no:" \
+ -e "/^#PrintLastLog /s:.*:PrintLastLog no:" \
+ "${D}"/etc/ssh/sshd_config || die "sed of configuration file failed"
+ fi
+
+ # Gentoo tweaks to default config files
+ cat <<-EOF >> "${D}"/etc/ssh/sshd_config
+
+ # Allow client to pass locale environment variables #367017
+ AcceptEnv LANG LC_*
+ EOF
+ cat <<-EOF >> "${D}"/etc/ssh/ssh_config
+
+ # Send locale environment variables #367017
+ SendEnv LANG LC_*
+ EOF
+
+ # This instruction is from the HPN webpage,
+ # Used for the server logging functionality
+ if [[ -n ${HPN_PATCH} ]] && use hpn ; then
+ keepdir /var/empty/dev
+ fi
+
+ if use ldap ; then
+ insinto /etc/openldap/schema/
+ newins openssh-lpk_openldap.schema openssh-lpk.schema
+ fi
+
+ doman contrib/ssh-copy-id.1
+ dodoc ChangeLog CREDITS OVERVIEW README* TODO sshd_config
+
+ diropts -m 0700
+ dodir /etc/skel/.ssh
+
+ systemd_dounit "${FILESDIR}"/sshd.{service,socket} || die
+ systemd_newunit "${FILESDIR}"/sshd_at.service 'sshd@.service' || die
+}
+
+src_test() {
+ local t tests skipped failed passed shell
+ tests="interop-tests compat-tests"
+ skipped=""
+ shell=$(egetshell ${UID})
+ if [[ ${shell} == */nologin ]] || [[ ${shell} == */false ]] ; then
+ elog "Running the full OpenSSH testsuite"
+ elog "requires a usable shell for the 'portage'"
+ elog "user, so we will run a subset only."
+ skipped="${skipped} tests"
+ else
+ tests="${tests} tests"
+ fi
+ # It will also attempt to write to the homedir .ssh
+ local sshhome=${T}/homedir
+ mkdir -p "${sshhome}"/.ssh
+ for t in ${tests} ; do
+ # Some tests read from stdin ...
+ HOMEDIR="${sshhome}" \
+ emake -k -j1 ${t} </dev/null \
+ && passed="${passed}${t} " \
+ || failed="${failed}${t} "
+ done
+ einfo "Passed tests: ${passed}"
+ ewarn "Skipped tests: ${skipped}"
+ if [[ -n ${failed} ]] ; then
+ ewarn "Failed tests: ${failed}"
+ die "Some tests failed: ${failed}"
+ else
+ einfo "Failed tests: ${failed}"
+ return 0
+ fi
+}
+
+pkg_preinst() {
+ enewgroup sshd 22
+ enewuser sshd 22 -1 /var/empty sshd
+}
+
+pkg_postinst() {
+ elog "Starting with openssh-5.8p1, the server will default to a newer key"
+ elog "algorithm (ECDSA). You are encouraged to manually update your stored"
+ elog "keys list as servers update theirs. See ssh-keyscan(1) for more info."
+ echo
+ ewarn "Remember to merge your config files in /etc/ssh/ and then"
+ ewarn "reload sshd: '/etc/init.d/sshd reload'."
+ if use pam ; then
+ echo
+ ewarn "Please be aware users need a valid shell in /etc/passwd"
+ ewarn "in order to be allowed to login."
+ fi
+ # This instruction is from the HPN webpage,
+ # Used for the server logging functionality
+ if [[ -n ${HPN_PATCH} ]] && use hpn ; then
+ echo
+ einfo "For the HPN server logging patch, you must ensure that"
+ einfo "your syslog application also listens at /var/empty/dev/log."
+ fi
+}
diff --git a/net-misc/openssh-x/openssh-x-6.1_p1.ebuild b/net-misc/openssh-x/openssh-x-6.1_p1.ebuild
new file mode 100644
index 00000000..ffdd35c4
--- /dev/null
+++ b/net-misc/openssh-x/openssh-x-6.1_p1.ebuild
@@ -0,0 +1,295 @@
+# Copyright 1999-2012 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/net-misc/openssh/openssh-6.1_p1.ebuild,v 1.1 2012/09/08 18:38:11 vapier Exp $
+
+EAPI="2"
+inherit eutils user flag-o-matic multilib autotools pam systemd
+
+# Make it more portable between straight releases
+# and _p? releases.
+MY_P=openssh-x
+PARCH=${P/_}
+MY_PN=openssh
+
+HPN_PATCH="${PARCH}-hpn13v11.diff.bz2"
+LDAP_PATCH="${PARCH/-/-lpk-}-0.3.14.patch.gz"
+X509_VER="7.2.1" X509_PATCH="${PARCH}+x509-${X509_VER}.diff.gz"
+
+DESCRIPTION="Port of OpenBSD's free SSH release"
+HOMEPAGE="http://www.openssh.org/"
+SRC_URI="mirror://openbsd/OpenSSH/portable/${PARCH}.tar.gz
+ ${HPN_PATCH:+hpn? ( http://www.psc.edu/networking/projects/hpn-ssh/${HPN_PATCH} mirror://gentoo/${HPN_PATCH} )}
+ ${LDAP_PATCH:+ldap? ( mirror://gentoo/${LDAP_PATCH} )}
+ ${X509_PATCH:+X509? ( http://roumenpetrov.info/openssh/x509-${X509_VER}/${X509_PATCH} )}
+ "
+
+LICENSE="as-is"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd"
+IUSE="${HPN_PATCH:++}hpn kerberos ldap libedit pam selinux skey static tcpd X X509"
+
+RDEPEND="pam? ( virtual/pam )
+ kerberos? ( virtual/krb5 )
+ selinux? ( >=sys-libs/libselinux-1.28 )
+ skey? ( >=sys-auth/skey-1.1.5-r1 )
+ ldap? ( net-nds/openldap )
+ libedit? ( dev-libs/libedit )
+ >=dev-libs/openssl-0.9.6d
+ >=sys-libs/zlib-1.2.3
+ tcpd? ( >=sys-apps/tcp-wrappers-7.6 )
+ X? ( x11-apps/xauth )
+ userland_GNU? ( virtual/shadow )"
+DEPEND="${RDEPEND}
+ virtual/pkgconfig
+ virtual/os-headers
+ sys-devel/autoconf"
+RDEPEND="${RDEPEND}
+ pam? ( >=sys-auth/pambase-20081028 )"
+
+S=${WORKDIR}/${PARCH}
+
+pkg_setup() {
+ # this sucks, but i'd rather have people unable to `emerge -u openssh`
+ # than not be able to log in to their server any more
+ maybe_fail() { [[ -z ${!2} ]] && echo ${1} ; }
+ local fail="
+ $(use X509 && maybe_fail X509 X509_PATCH)
+ $(use ldap && maybe_fail ldap LDAP_PATCH)
+ $(use hpn && maybe_fail hpn HPN_PATCH)
+ "
+ fail=$(echo ${fail})
+ if [[ -n ${fail} ]] ; then
+ eerror "Sorry, but this version does not yet support features"
+ eerror "that you requested: ${fail}"
+ eerror "Please mask ${PF} for now and check back later:"
+ eerror " # echo '=${CATEGORY}/${PF}' >> /etc/portage/package.mask"
+ die "booooo"
+ fi
+}
+
+save_version() {
+ # version.h patch conflict avoidence
+ mv version.h version.h.$1
+ cp -f version.h.pristine version.h
+}
+
+src_prepare() {
+ sed -i \
+ -e '/_PATH_XAUTH/s:/usr/X11R6/bin/xauth:/usr/bin/xauth:' \
+ pathnames.h || die
+ # keep this as we need it to avoid the conflict between LPK and HPN changing
+ # this file.
+ cp version.h version.h.pristine
+
+ # don't break .ssh/authorized_keys2 for fun
+ sed -i '/^AuthorizedKeysFile/s:^:#:' sshd_config || die
+
+ epatch "${FILESDIR}"/${MY_PN}-5.9_p1-sshd-gssapi-multihomed.patch #378361
+ if use X509 ; then
+ pushd .. >/dev/null
+ epatch "${FILESDIR}"/${MY_PN}-6.1_p1-x509-glue.patch
+ popd >/dev/null
+ epatch "${WORKDIR}"/${X509_PATCH%.*}
+ epatch "${FILESDIR}"/${MY_PN}-6.1_p1-x509-hpn-glue.patch
+ save_version X509
+ fi
+ if ! use X509 ; then
+ if [[ -n ${LDAP_PATCH} ]] && use ldap ; then
+ epatch "${WORKDIR}"/${LDAP_PATCH%.*}
+ save_version LPK
+ fi
+ else
+ use ldap && ewarn "Sorry, X509 and LDAP conflict internally, disabling LDAP"
+ fi
+ epatch "${FILESDIR}"/${MY_PN}-6.0_p1-fix-freebsd-compilation.patch #391011
+ epatch "${FILESDIR}"/${MY_PN}-4.7_p1-GSSAPI-dns.patch #165444 integrated into gsskex
+ if [[ -n ${HPN_PATCH} ]] && use hpn; then
+ epatch "${WORKDIR}"/${HPN_PATCH%.*}
+ epatch "${FILESDIR}"/${MY_PN}-5.6_p1-hpn-progressmeter.patch
+ save_version HPN
+ # The AES-CTR multithreaded variant is broken, and causes random hangs
+ # when combined background threading and control sockets. To avoid
+ # this, we change the internal table to use the non-multithread version
+ # for the meantime. Do NOT remove this in new versions. See bug #354113
+ # comment #6 for testcase.
+ # Upstream reference: http://www.psc.edu/networking/projects/hpn-ssh/
+ ## Additionally, the MT-AES-CTR mode cipher replaces the default ST-AES-CTR mode
+ ## cipher. Be aware that if the client process is forked using the -f command line
+ ## option the process will hang as the parent thread gets 'divorced' from the key
+ ## generation threads. This issue will be resolved as soon as possible
+ sed -i \
+ -e '/aes...-ctr.*SSH_CIPHER_SSH2/s,evp_aes_ctr_mt,evp_aes_128_ctr,' \
+ cipher.c || die
+ fi
+
+ sed -i "s:-lcrypto:$(pkg-config --libs openssl):" configure{,.ac} || die
+
+ # Disable PATH reset, trust what portage gives us. bug 254615
+ sed -i -e 's:^PATH=/:#PATH=/:' configure || die
+
+ # Now we can build a sane merged version.h
+ (
+ sed '/^#define SSH_RELEASE/d' version.h.* | sort -u
+ macros=()
+ for p in HPN LPK X509 ; do [ -e version.h.${p} ] && macros+=( SSH_${p} ) ; done
+ printf '#define SSH_RELEASE SSH_VERSION SSH_PORTABLE %s\n' "${macros}"
+ ) > version.h
+
+ eautoreconf
+}
+
+static_use_with() {
+ local flag=$1
+ if use static && use ${flag} ; then
+ ewarn "Disabling '${flag}' support because of USE='static'"
+ # rebuild args so that we invert the first one (USE flag)
+ # but otherwise leave everything else working so we can
+ # just leverage use_with
+ shift
+ [[ -z $1 ]] && flag="${flag} ${flag}"
+ set -- !${flag} "$@"
+ fi
+ use_with "$@"
+}
+
+src_configure() {
+ addwrite /dev/ptmx
+ addpredict /etc/skey/skeykeys #skey configure code triggers this
+
+ use static && append-ldflags -static
+
+ econf \
+ --with-ldflags="${LDFLAGS}" \
+ --disable-strip \
+ --sysconfdir=/etc/ssh \
+ --libexecdir=/usr/$(get_libdir)/misc \
+ --datadir=/usr/share/openssh \
+ --with-privsep-path=/var/empty \
+ --with-privsep-user=sshd \
+ --with-md5-passwords \
+ --with-ssl-engine \
+ $(static_use_with pam) \
+ $(static_use_with kerberos kerberos5 /usr) \
+ ${LDAP_PATCH:+$(use X509 || ( use ldap && use_with ldap ))} \
+ $(use_with libedit) \
+ $(use_with selinux) \
+ $(use_with skey) \
+ $(use_with tcpd tcp-wrappers)
+}
+
+src_install() {
+ emake install-nokeys DESTDIR="${D}" || die
+ fperms 600 /etc/ssh/sshd_config
+ dobin contrib/ssh-copy-id || die
+ newinitd "${FILESDIR}"/sshd.rc6.3 sshd
+ newconfd "${FILESDIR}"/sshd.confd sshd
+ keepdir /var/empty
+
+ # not all openssl installs support ecc, or are functional #352645
+ if ! grep -q '#define OPENSSL_HAS_ECC 1' config.h ; then
+ elog "dev-libs/openssl was built with 'bindist' - disabling ecdsa support"
+ dosed 's:&& gen_key ecdsa::' /etc/init.d/sshd || die
+ fi
+
+ newpamd "${FILESDIR}"/sshd.pam_include.2 sshd
+ if use pam ; then
+ sed -i \
+ -e "/^#UsePAM /s:.*:UsePAM yes:" \
+ -e "/^#PasswordAuthentication /s:.*:PasswordAuthentication no:" \
+ -e "/^#PrintMotd /s:.*:PrintMotd no:" \
+ -e "/^#PrintLastLog /s:.*:PrintLastLog no:" \
+ "${D}"/etc/ssh/sshd_config || die "sed of configuration file failed"
+ fi
+
+ # Gentoo tweaks to default config files
+ cat <<-EOF >> "${D}"/etc/ssh/sshd_config
+
+ # Allow client to pass locale environment variables #367017
+ AcceptEnv LANG LC_*
+ EOF
+ cat <<-EOF >> "${D}"/etc/ssh/ssh_config
+
+ # Send locale environment variables #367017
+ SendEnv LANG LC_*
+ EOF
+
+ # This instruction is from the HPN webpage,
+ # Used for the server logging functionality
+ if [[ -n ${HPN_PATCH} ]] && use hpn ; then
+ keepdir /var/empty/dev
+ fi
+
+ if use ldap ; then
+ insinto /etc/openldap/schema/
+ newins openssh-lpk_openldap.schema openssh-lpk.schema
+ fi
+
+ doman contrib/ssh-copy-id.1
+ dodoc ChangeLog CREDITS OVERVIEW README* TODO sshd_config
+
+ diropts -m 0700
+ dodir /etc/skel/.ssh
+
+ systemd_dounit "${FILESDIR}"/sshd.{service,socket} || die
+ systemd_newunit "${FILESDIR}"/sshd_at.service 'sshd@.service' || die
+}
+
+src_test() {
+ local t tests skipped failed passed shell
+ tests="interop-tests compat-tests"
+ skipped=""
+ shell=$(egetshell ${UID})
+ if [[ ${shell} == */nologin ]] || [[ ${shell} == */false ]] ; then
+ elog "Running the full OpenSSH testsuite"
+ elog "requires a usable shell for the 'portage'"
+ elog "user, so we will run a subset only."
+ skipped="${skipped} tests"
+ else
+ tests="${tests} tests"
+ fi
+ # It will also attempt to write to the homedir .ssh
+ local sshhome=${T}/homedir
+ mkdir -p "${sshhome}"/.ssh
+ for t in ${tests} ; do
+ # Some tests read from stdin ...
+ HOMEDIR="${sshhome}" \
+ emake -k -j1 ${t} </dev/null \
+ && passed="${passed}${t} " \
+ || failed="${failed}${t} "
+ done
+ einfo "Passed tests: ${passed}"
+ ewarn "Skipped tests: ${skipped}"
+ if [[ -n ${failed} ]] ; then
+ ewarn "Failed tests: ${failed}"
+ die "Some tests failed: ${failed}"
+ else
+ einfo "Failed tests: ${failed}"
+ return 0
+ fi
+}
+
+pkg_preinst() {
+ enewgroup sshd 22
+ enewuser sshd 22 -1 /var/empty sshd
+}
+
+pkg_postinst() {
+ elog "Starting with openssh-5.8p1, the server will default to a newer key"
+ elog "algorithm (ECDSA). You are encouraged to manually update your stored"
+ elog "keys list as servers update theirs. See ssh-keyscan(1) for more info."
+ echo
+ ewarn "Remember to merge your config files in /etc/ssh/ and then"
+ ewarn "reload sshd: '/etc/init.d/sshd reload'."
+ if use pam ; then
+ echo
+ ewarn "Please be aware users need a valid shell in /etc/passwd"
+ ewarn "in order to be allowed to login."
+ fi
+ # This instruction is from the HPN webpage,
+ # Used for the server logging functionality
+ if [[ -n ${HPN_PATCH} ]] && use hpn ; then
+ echo
+ einfo "For the HPN server logging patch, you must ensure that"
+ einfo "your syslog application also listens at /var/empty/dev/log."
+ fi
+}