From 7224c1253228e5c29c78cb3f0f26ce34770f2356 Mon Sep 17 00:00:00 2001 From: BlackNoxis Date: Sat, 15 Feb 2014 23:24:26 +0200 Subject: Added ebuilds for kogaion desktop --- net-misc/openssh-x/ChangeLog | 1929 ++++++++++++++++++++ net-misc/openssh-x/Manifest | 96 + .../files/openssh-4.7_p1-GSSAPI-dns.patch | 127 ++ .../openssh-x/files/openssh-5.2_p1-autoconf.patch | 15 + .../files/openssh-5.2_p1-gsskex-fix.patch | 16 + .../files/openssh-5.2_p1-x509-hpn-glue.patch | 91 + .../files/openssh-5.2p1-ldap-stdargs.diff | 10 + .../openssh-x/files/openssh-5.4_p1-openssl.patch | 12 + .../files/openssh-5.6_p1-hpn-progressmeter.patch | 15 + .../files/openssh-5.6_p1-x509-hpn-glue.patch | 60 + .../files/openssh-5.7_p1-x509-hpn-glue.patch | 60 + .../openssh-x/files/openssh-5.8_p1-selinux.patch | 18 + .../files/openssh-5.8_p1-x509-hpn-glue.patch | 61 + .../files/openssh-5.9_p1-drop-openssl-check.patch | 25 + .../openssh-5.9_p1-sshd-gssapi-multihomed.patch | 184 ++ .../openssh-x/files/openssh-5.9_p1-x509-glue.patch | 15 + .../openssh-6.0_p1-fix-freebsd-compilation.patch | 15 + .../files/openssh-6.0_p1-hpn-progressmeter.patch | 15 + net-misc/openssh-x/files/openssh-6.0_p1-test.patch | 19 + .../openssh-x/files/openssh-6.0_p1-x509-glue.patch | 15 + .../files/openssh-6.0_p1-x509-hpn-glue.patch | 57 + .../openssh-x/files/openssh-6.1_p1-x509-glue.patch | 15 + .../files/openssh-6.1_p1-x509-hpn-glue.patch | 49 + net-misc/openssh-x/files/sshd.confd | 21 + net-misc/openssh-x/files/sshd.pam | 9 + net-misc/openssh-x/files/sshd.pam_include.2 | 4 + net-misc/openssh-x/files/sshd.rc6 | 82 + net-misc/openssh-x/files/sshd.rc6.1 | 83 + net-misc/openssh-x/files/sshd.rc6.2 | 85 + net-misc/openssh-x/files/sshd.rc6.3 | 85 + net-misc/openssh-x/files/sshd.service | 10 + net-misc/openssh-x/files/sshd.socket | 10 + net-misc/openssh-x/files/sshd_at.service | 8 + net-misc/openssh-x/metadata.xml | 28 + net-misc/openssh-x/openssh-x-6.0_p1-r1.ebuild | 294 +++ net-misc/openssh-x/openssh-x-6.0_p1.ebuild | 294 +++ net-misc/openssh-x/openssh-x-6.1_p1.ebuild | 295 +++ 37 files changed, 4227 insertions(+) create mode 100644 net-misc/openssh-x/ChangeLog create mode 100644 net-misc/openssh-x/Manifest create mode 100644 net-misc/openssh-x/files/openssh-4.7_p1-GSSAPI-dns.patch create mode 100644 net-misc/openssh-x/files/openssh-5.2_p1-autoconf.patch create mode 100644 net-misc/openssh-x/files/openssh-5.2_p1-gsskex-fix.patch create mode 100644 net-misc/openssh-x/files/openssh-5.2_p1-x509-hpn-glue.patch create mode 100644 net-misc/openssh-x/files/openssh-5.2p1-ldap-stdargs.diff create mode 100644 net-misc/openssh-x/files/openssh-5.4_p1-openssl.patch create mode 100644 net-misc/openssh-x/files/openssh-5.6_p1-hpn-progressmeter.patch create mode 100644 net-misc/openssh-x/files/openssh-5.6_p1-x509-hpn-glue.patch create mode 100644 net-misc/openssh-x/files/openssh-5.7_p1-x509-hpn-glue.patch create mode 100644 net-misc/openssh-x/files/openssh-5.8_p1-selinux.patch create mode 100644 net-misc/openssh-x/files/openssh-5.8_p1-x509-hpn-glue.patch create mode 100644 net-misc/openssh-x/files/openssh-5.9_p1-drop-openssl-check.patch create mode 100644 net-misc/openssh-x/files/openssh-5.9_p1-sshd-gssapi-multihomed.patch create mode 100644 net-misc/openssh-x/files/openssh-5.9_p1-x509-glue.patch create mode 100644 net-misc/openssh-x/files/openssh-6.0_p1-fix-freebsd-compilation.patch create mode 100644 net-misc/openssh-x/files/openssh-6.0_p1-hpn-progressmeter.patch create mode 100644 net-misc/openssh-x/files/openssh-6.0_p1-test.patch create mode 100644 net-misc/openssh-x/files/openssh-6.0_p1-x509-glue.patch create mode 100644 net-misc/openssh-x/files/openssh-6.0_p1-x509-hpn-glue.patch create mode 100644 net-misc/openssh-x/files/openssh-6.1_p1-x509-glue.patch create mode 100644 net-misc/openssh-x/files/openssh-6.1_p1-x509-hpn-glue.patch create mode 100644 net-misc/openssh-x/files/sshd.confd create mode 100644 net-misc/openssh-x/files/sshd.pam create mode 100644 net-misc/openssh-x/files/sshd.pam_include.2 create mode 100644 net-misc/openssh-x/files/sshd.rc6 create mode 100644 net-misc/openssh-x/files/sshd.rc6.1 create mode 100644 net-misc/openssh-x/files/sshd.rc6.2 create mode 100755 net-misc/openssh-x/files/sshd.rc6.3 create mode 100644 net-misc/openssh-x/files/sshd.service create mode 100644 net-misc/openssh-x/files/sshd.socket create mode 100644 net-misc/openssh-x/files/sshd_at.service create mode 100644 net-misc/openssh-x/metadata.xml create mode 100644 net-misc/openssh-x/openssh-x-6.0_p1-r1.ebuild create mode 100644 net-misc/openssh-x/openssh-x-6.0_p1.ebuild create mode 100644 net-misc/openssh-x/openssh-x-6.1_p1.ebuild (limited to 'net-misc/openssh-x') diff --git a/net-misc/openssh-x/ChangeLog b/net-misc/openssh-x/ChangeLog new file mode 100644 index 00000000..93dd285c --- /dev/null +++ b/net-misc/openssh-x/ChangeLog @@ -0,0 +1,1929 @@ +# ChangeLog for net-misc/openssh +# Copyright 1999-2012 Gentoo Foundation; Distributed under the GPL v2 +# $Header: /var/cvsroot/gentoo-x86/net-misc/openssh/ChangeLog,v 1.451 2012/09/08 18:38:11 vapier Exp $ + +*openssh-6.1_p1 (08 Sep 2012) + + 08 Sep 2012; Mike Frysinger + +files/openssh-6.1_p1-x509-glue.patch, + +files/openssh-6.1_p1-x509-hpn-glue.patch, +openssh-6.1_p1.ebuild: + Version bump #434278 by Phr33d0m. + +*openssh-6.0_p1-r1 (08 Jun 2012) + + 08 Jun 2012; Mike Frysinger +openssh-6.0_p1-r1.ebuild: + Back hpn patch back down to v11 as v12 does not want to work for us #414401 by + Sean McGovern. + + 02 Jun 2012; Mike Frysinger openssh-5.9_p1-r4.ebuild: + Mark alpha/ia64/s390/sh/sparc stable #396075. + + 29 May 2012; Alexis Ballier openssh-6.0_p1.ebuild: + keyword ~amd64-fbsd + + 29 May 2012; Richard Yao + +files/openssh-6.0_p1-fix-freebsd-compilation.patch, openssh-6.0_p1.ebuild: + Fix build failure on Gentoo FreeBSD 9, written by naota, reviewed by + xarthisius, approved by Chainsaw, bug #391011 + + 23 May 2012; Mike Frysinger openssh-5.5_p1-r2.ebuild, + openssh-5.6_p1-r2.ebuild, openssh-5.7_p1-r1.ebuild, openssh-5.8_p1-r1.ebuild, + openssh-5.8_p2-r1.ebuild, openssh-5.8_p2.ebuild, openssh-5.9_p1-r3.ebuild, + openssh-5.9_p1-r4.ebuild, openssh-6.0_p1.ebuild: + Inherit user eclass for enewuser/etc... + + 17 May 2012; Mike Frysinger + +files/openssh-6.0_p1-test.patch, openssh-6.0_p1.ebuild: + Add fix for POSIX test compat #391011. + + 08 May 2012; Brent Baude openssh-5.9_p1-r4.ebuild: + Marking openssh-5.9_p1-r4 ppc64 for bug 396075 + + 05 May 2012; Jeff Horelick openssh-5.5_p1-r2.ebuild, + openssh-5.6_p1-r2.ebuild, openssh-5.7_p1-r1.ebuild, openssh-5.8_p1-r1.ebuild, + openssh-5.8_p2.ebuild, openssh-5.8_p2-r1.ebuild, openssh-5.9_p1-r3.ebuild, + openssh-5.9_p1-r4.ebuild, openssh-6.0_p1.ebuild: + dev-util/pkgconfig -> virtual/pkgconfig + + 03 May 2012; Mike Frysinger openssh-6.0_p1.ebuild: + Enable locale env var passing by default #367017 by Michael. + +*openssh-6.0_p1 (30 Apr 2012) + + 30 Apr 2012; Mike Frysinger + +files/openssh-6.0_p1-hpn-progressmeter.patch, + +files/openssh-6.0_p1-x509-glue.patch, + +files/openssh-6.0_p1-x509-hpn-glue.patch, +openssh-6.0_p1.ebuild: + Version bump with work from Robin #414071 by Michael Weber. + + 16 Apr 2012; Markus Meier openssh-5.9_p1-r4.ebuild: + arm stable, bug #396075 + + 16 Apr 2012; Brent Baude openssh-5.9_p1-r4.ebuild: + Marking openssh-5.9_p1-r4 ppc for bug 396075 + + 10 Apr 2012; Jeroen Roovers openssh-5.9_p1-r4.ebuild: + Stable for HPPA (bug #396075). + + 09 Apr 2012; Jeff Horelick openssh-5.9_p1-r4.ebuild: + marked x86 per bug 396075 + + 09 Apr 2012; Agostino Sarubbo openssh-5.9_p1-r4.ebuild: + Stable for amd64, wrt bug #396075 + +*openssh-5.9_p1-r4 (15 Mar 2012) + + 15 Mar 2012; Mike Frysinger +openssh-5.9_p1-r4.ebuild, + +files/openssh-5.9_p1-drop-openssl-check.patch: + Drop openssl version checking. + + 13 Mar 2012; Pawel Hajdan jr + openssh-5.5_p1-r2.ebuild, openssh-5.6_p1-r2.ebuild, openssh-5.7_p1-r1.ebuild, + openssh-5.8_p1-r1.ebuild, openssh-5.8_p2.ebuild, openssh-5.8_p2-r1.ebuild, + openssh-5.9_p1-r3.ebuild: + Switch to virtual/shadow. + + 13 Feb 2012; Robin H. Johnson openssh-5.9_p1-r3.ebuild: + Bug #352083: install LPK schema. + + 06 Feb 2012; Jeremy Olexa openssh-5.9_p1-r3.ebuild: + [Bug 402441] net-misc/openssh: Add output to say that ECDSA will not work + when openssl[bindist] is present + + 14 Dec 2011; Michał Górny openssh-5.9_p1-r3.ebuild, + +files/sshd.service, +files/sshd.socket, +files/sshd_at.service: + Install systemd unit files. + + 04 Dec 2011; Sven Wegener files/sshd.rc6, + files/sshd.rc6.1, files/sshd.rc6.2: + move reload to extra_started_commands + + 26 Nov 2011; Mike Frysinger openssh-5.9_p1-r3.ebuild: + Move enew{user,group} to pkg_preinst so `die` works. + + 03 Nov 2011; Mike Frysinger openssh-5.5_p1-r2.ebuild, + openssh-5.6_p1-r2.ebuild, openssh-5.7_p1-r1.ebuild, openssh-5.8_p1-r1.ebuild, + openssh-5.8_p2.ebuild, openssh-5.8_p2-r1.ebuild, openssh-5.9_p1-r3.ebuild: + Use new egetshell helper rather than calling getent directly. + + 02 Nov 2011; Mike Frysinger openssh-5.5_p1-r2.ebuild, + openssh-5.6_p1-r2.ebuild, openssh-5.7_p1-r1.ebuild, openssh-5.8_p1-r1.ebuild, + openssh-5.8_p2.ebuild, openssh-5.8_p2-r1.ebuild, openssh-5.9_p1-r3.ebuild: + Use egetent rather than getent. + +*openssh-5.9_p1-r3 (26 Sep 2011) + + 26 Sep 2011; Mike Frysinger -openssh-5.9_p1.ebuild, + -openssh-5.9_p1-r2.ebuild, +openssh-5.9_p1-r3.ebuild, + +files/openssh-5.9_p1-x509-glue.patch: + Add x509 patch and release. + +*openssh-5.9_p1-r2 (14 Sep 2011) +*openssh-5.8_p2-r1 (14 Sep 2011) + + 14 Sep 2011; Lars Wendler + +openssh-5.8_p2-r1.ebuild, -openssh-5.9_p1-r1.ebuild, + +openssh-5.9_p1-r2.ebuild, files/sshd.rc6.3: + non-maintainer commit: Replaced deprecated opts variable (bug #382227) and + removed --stop option from reload function (bug #382975). Bot changes and + revbumps were done with kind permission from vapier. + + 12 Sep 2011; Mike Frysinger openssh-5.9_p1-r1.ebuild: + Simplify test homedir logic a bit, and fix quoting. + +*openssh-5.9_p1-r1 (07 Sep 2011) + + 07 Sep 2011; Robin H. Johnson +openssh-5.9_p1-r1.ebuild: + Add complete port of HPN+LPK patches, also adjust the HOMEDIR setting for + src_test to complete in more cases. + + 07 Sep 2011; Mike Frysinger openssh-5.9_p1.ebuild: + Retain default AuthorizedKeysFile behavior. + +*openssh-5.9_p1 (07 Sep 2011) + + 07 Sep 2011; Mike Frysinger +openssh-5.9_p1.ebuild, + +files/openssh-5.9_p1-sshd-gssapi-multihomed.patch, +files/sshd.rc6.3: + Version bump. Drop --oknodo in init.d #377771 by Michael Mair-Keimberger. Add + GSSAPI/Kerberos fix #378361 by Kevan Carstensen. + + 28 May 2011; Mike Frysinger files/sshd.rc6.2: + Move custom opts to checkconfig and include those when verifying config + sanity #367303 by Horst Prote. + + 16 May 2011; Robin H. Johnson openssh-5.8_p2.ebuild: + Bug #366643: rediff the LPK patch for LDAP usage. Also merge the Mozilla uid + customization LPK change. + +*openssh-5.8_p2 (09 May 2011) + + 09 May 2011; Mike Frysinger +openssh-5.8_p2.ebuild: + Version bump. + + 16 Apr 2011; Ulrich Mueller openssh-5.5_p1-r2.ebuild, + openssh-5.6_p1-r2.ebuild, openssh-5.7_p1-r1.ebuild, openssh-5.8_p1-r1.ebuild: + Don't PROVIDE virtual/ssh, bug 361121. + + 19 Feb 2011; Mike Frysinger openssh-5.8_p1-r1.ebuild: + Encourage people to update their stored ssh key lists #355223 by Pacho Ramos. + + 19 Feb 2011; Mike Frysinger -openssh-5.8_p1.ebuild, + openssh-5.8_p1-r1.ebuild: + We want openssh-5.8_p1-r1 going stable. + + 13 Feb 2011; Raúl Porcel openssh-5.8_p1.ebuild: + arm/ia64/m68k/s390/sh/sparc stable wrt #353673 + + 11 Feb 2011; Pawel Hajdan jr + openssh-5.8_p1.ebuild: + x86 stable wrt security bug #353673 + + 11 Feb 2011; Kacper Kowalik openssh-5.8_p1.ebuild: + ppc stable wrt 353673 + + 10 Feb 2011; Markos Chandras openssh-5.8_p1.ebuild: + Stable on amd64 wrt bug #353673 + + 10 Feb 2011; Robin H. Johnson openssh-5.5_p1-r2.ebuild, + openssh-5.6_p1-r2.ebuild, openssh-5.7_p1-r1.ebuild, openssh-5.8_p1.ebuild, + openssh-5.8_p1-r1.ebuild: + Revamp AES-CTR-MT disable comment, with explicit reference to upstream + documentation and testcase reference (bug #354113, comment 6). + + 10 Feb 2011; Mike Frysinger openssh-5.8_p1-r1.ebuild, + +files/openssh-5.8_p1-selinux.patch: + Drop openssl build patch since it doesn't seem to be needed anymore, and + apply simple build fix for selinux from upstream #354247 by MarisN. + + 10 Feb 2011; Robin H. Johnson openssh-5.8_p1.ebuild: + Also add AES-CTR fix to 5.8_p1 presently under stabilization. + alpha/hppa/ppc64 are the only stable arches with the broken HPN version at + present. + +*openssh-5.8_p1-r1 (10 Feb 2011) + + 10 Feb 2011; Robin H. Johnson openssh-5.6_p1-r2.ebuild, + openssh-5.7_p1-r1.ebuild, +openssh-5.8_p1-r1.ebuild: + Bug #354113: AES-CTR workaround was dropped from 5.7 and 5.8 when it is still + required. + + 08 Feb 2011; Kacper Kowalik openssh-5.8_p1.ebuild: + ppc64 stable wrt #353673 + + 08 Feb 2011; Tobias Klausmann openssh-5.8_p1.ebuild: + Stable on alpha, bug #353673 + + 08 Feb 2011; Jeroen Roovers openssh-5.8_p1.ebuild: + Stable for HPPA (bug #353673). + +*openssh-5.8_p1 (05 Feb 2011) + + 05 Feb 2011; Mike Frysinger +openssh-5.8_p1.ebuild, + +files/openssh-5.8_p1-x509-hpn-glue.patch: + Version bump #353673. Default HPN to on when available #347193 by Jeremy + Olexa. + +*openssh-5.7_p1-r1 (25 Jan 2011) + + 25 Jan 2011; Mike Frysinger +openssh-5.7_p1-r1.ebuild, + +files/openssh-5.7_p1-x509-hpn-glue.patch: + Add x509/ldap/hpn support back in. Auto-remove ecdsa support from init.d if + openssl lacks support #352645 by William Throwe. + +*openssh-5.7_p1 (24 Jan 2011) + + 24 Jan 2011; Mike Frysinger +openssh-5.7_p1.ebuild, + +files/sshd.rc6.2: + Version bump. + + 10 Dec 2010; Robin H. Johnson metadata.xml: + Update restrict in metadata per mgorny's request to use DEPEND syntax. + + 04 Dec 2010; Raúl Porcel openssh-5.6_p1-r2.ebuild: + alpha/ia64/m68k/s390/sh stable wrt #346395 + + 29 Nov 2010; Brent Baude openssh-5.6_p1-r2.ebuild: + stable ppc64, bug 346395 + + 27 Nov 2010; Michael Weber openssh-5.6_p1-r2.ebuild: + arm/sparc stable (bug 346395) + + 24 Nov 2010; Jeroen Roovers openssh-5.6_p1-r2.ebuild: + Stable for HPPA PPC (bug #346395). + + 22 Nov 2010; Markos Chandras openssh-5.6_p1-r2.ebuild: + Stable on amd64 wrt bug #346395 + + 22 Nov 2010; Thomas Kahle openssh-5.6_p1-r2.ebuild: + x86 stable per bug 346395 + + 11 Oct 2010; Diego E. Pettenò + openssh-5.6_p1-r2.ebuild, +files/sshd.rc6.1: + Update init script to not regenerate the RSA1 host key (for SSH Protocol + 1) unless Protocol 1 is enabled. Modern OpenSSH versions disable Protocol + 1 in the daemon by default. + +*openssh-5.6_p1-r2 (30 Sep 2010) + + 30 Sep 2010; Mike Frysinger +openssh-5.6_p1-r2.ebuild, + +files/openssh-5.6_p1-hpn-progressmeter.patch: + Switch to latest upstream hpn patch, and fix a pointer error in it. + + 24 Sep 2010; Raúl Porcel openssh-5.5_p1-r2.ebuild: + alpha/ia64/m68k/s390/sh/sparc stable wrt #334165 + + 23 Sep 2010; Markus Meier openssh-5.5_p1-r2.ebuild: + arm stable, bug #334165 + + 06 Sep 2010; Brent Baude openssh-5.5_p1-r2.ebuild: + Marking openssh-5.5_p1-r2 ppc64 for bug 334165 + + 28 Aug 2010; Markos Chandras + openssh-5.5_p1-r2.ebuild: + Stable on amd64 wrt bug #334165 + + 28 Aug 2010; Jeroen Roovers openssh-5.5_p1-r2.ebuild: + Stable for HPPA PPC (bug #334165). + +*openssh-5.6_p1-r1 (26 Aug 2010) + + 26 Aug 2010; Mike Frysinger +openssh-5.6_p1-r1.ebuild, + +files/openssh-5.6_p1-x509-hpn-glue.patch: + Update hpn/ldap/x509 patches to new release. + + 25 Aug 2010; Robin H. Johnson openssh-5.6_p1.ebuild: + Update HPN and LPK patches for 5.6p1 series. + + 24 Aug 2010; Pawel Hajdan jr + openssh-5.5_p1-r2.ebuild: + x86 stable wrt bug #334165 + +*openssh-5.6_p1 (23 Aug 2010) + + 23 Aug 2010; Mike Frysinger +openssh-5.6_p1.ebuild: + Version bump. + +*openssh-5.5_p1-r2 (20 Jun 2010) +*openssh-5.4_p1-r3 (20 Jun 2010) + + 20 Jun 2010; Mike Frysinger +openssh-5.4_p1-r3.ebuild, + +openssh-5.5_p1-r2.ebuild: + Switch to the official hpn patches. + +*openssh-5.5_p1-r1 (20 Apr 2010) + + 20 Apr 2010; Robin H. Johnson + +openssh-5.5_p1-r1.ebuild: + The 5.4 patchsets for HPN and LPK apply and work perfectly with 5.5. + +*openssh-5.5_p1 (16 Apr 2010) + + 16 Apr 2010; Mike Frysinger +openssh-5.5_p1.ebuild: + Version bump. + +*openssh-5.4_p1-r2 (29 Mar 2010) + + 29 Mar 2010; Robin H. Johnson + +openssh-5.4_p1-r2.ebuild: + Revbump with HPN and LPK patches available again now. Ported and submitted + to upstream authors. X509 now has more conflicts with HPN, future + revisions may require selection of: x509 XOR (hpn OR lpk). + +*openssh-5.4_p1-r1 (29 Mar 2010) + + 29 Mar 2010; Mike Frysinger +openssh-5.4_p1-r1.ebuild, + +files/openssh-5.4_p1-pkcs11.patch, + +files/openssh-5.4_p1-relative-AuthorizedKeysFile.patch: + Fixes from upstream for pkcs build problems #310929 by Alan Hourihane and + for relative AuthorizedKeysFile handling #308939 by Eric Vander Weele. + + 20 Mar 2010; Mike Frysinger openssh-5.3_p1-r1.ebuild, + openssh-5.4_p1.ebuild: + Fix warning with USE="X509 ldap" #310287 by Nico Baggus. + + 19 Mar 2010; Raúl Porcel openssh-5.3_p1-r1.ebuild: + sparc stable wrt #308555 + + 19 Mar 2010; Mike Frysinger openssh-5.3_p1-r1.ebuild: + Mark alpha/arm/ia64/s390/sh stable #308555. + + 18 Mar 2010; Christian Faulhammer + openssh-5.3_p1-r1.ebuild: + stable x86, bug 308555 + + 13 Mar 2010; Mike Frysinger openssh-5.4_p1.ebuild: + Drop USE=pkcs11 per Alon Bar-Lev #308431. + + 12 Mar 2010; Jeroen Roovers openssh-5.3_p1-r1.ebuild: + Stable for HPPA (bug #308555). + + 12 Mar 2010; Markos Chandras + openssh-5.3_p1-r1.ebuild: + Stable on amd64 wrt bug #308555 + + 10 Mar 2010; Joseph Jezak openssh-5.3_p1-r1.ebuild: + Marked ppc/ppc64 stable for bug #308555. + +*openssh-5.4_p1 (09 Mar 2010) + + 09 Mar 2010; Mike Frysinger +openssh-5.4_p1.ebuild, + +files/openssh-5.4_p1-openssl.patch: + Version bump #308431 by Dirkjan Ochtman. + + 27 Oct 2009; Raúl Porcel openssh-5.2_p1-r3.ebuild: + ia64/m68k/s390/sh/sparc stable wrt #287292 + + 11 Oct 2009; nixnut openssh-5.2_p1-r3.ebuild: + ppc stable #287292 + + 11 Oct 2009; Tobias Klausmann + openssh-5.2_p1-r3.ebuild: + Stable on alpha, bug #287292 + + 11 Oct 2009; Robin H. Johnson + openssh-5.3_p1-r1.ebuild, +files/openssh-5.3_p1-pkcs11-hpn-glue.patch: + Bug #288498: Now we need a glue patch for pkcs11 and HPN together. Really + some of these patchsets need to go to upstream. + +*openssh-5.3_p1-r1 (10 Oct 2009) + + 10 Oct 2009; Robin H. Johnson + +openssh-5.3_p1-r1.ebuild: + Ported the HPN and LPK patches to 5.3p1, mailed upstream as well. + + 07 Oct 2009; Mike Frysinger openssh-5.2_p1-r2.ebuild, + openssh-5.2_p1-r3.ebuild, openssh-5.3_p1.ebuild: + Fix static_use_with handling when there is one option #287292 by Jaak + Ristioja. + + 03 Oct 2009; Jeroen Roovers openssh-5.2_p1-r3.ebuild: + Stable for HPPA (bug #287292). + + 03 Oct 2009; Brent Baude openssh-5.2_p1-r3.ebuild: + Marking openssh-5.2_p1-r3 ppc64 for bug 287292 + + 03 Oct 2009; Markus Meier openssh-5.2_p1-r3.ebuild: + amd64/arm/x86 stable, bug #287292 + +*openssh-5.3_p1 (03 Oct 2009) + + 03 Oct 2009; Mike Frysinger +openssh-5.3_p1.ebuild: + Version bump. + +*openssh-5.2_p1-r3 (23 Aug 2009) + + 23 Aug 2009; Mike Frysinger +openssh-5.2_p1-r3.ebuild, + +files/openssh-5.2_p1-gsskex-fix.patch, + +files/openssh-5.2_p1-x509-hpn-glue.patch: + Update x509 patch, update gsskex patch #279488 by Harald Barth, and update + x509/hpn glue #270508 by BedOS_Gui. + + 13 Aug 2009; Mike Frysinger openssh-5.0_p1-r2.ebuild, + openssh-5.1_p1-r2.ebuild, openssh-5.1_p1-r3.ebuild, + openssh-5.2_p1-r1.ebuild, openssh-5.2_p1-r2.ebuild: + Suggest people reload the sshd server rather than restart it. + + 12 Aug 2009; Christian Ruppert files/sshd.rc6: + Removed "-b 1024" to use ServerKeyBits option instead. + + 19 Jul 2009; Mike Frysinger files/sshd.rc6: + Add checkconfig to reload() #277007 by Michał Górny. + + 10 Jul 2009; Robin H. Johnson files/sshd.rc6: + Allow public calls to checkconfig and gen_keys, for helping automation and + sanity checks. + + 23 Jun 2009; Mike Frysinger openssh-5.2_p1-r2.ebuild, + +files/openssh-5.2_p1-autoconf.patch: + Workaround autoconf-2.63 issues with empty else statements. + + 18 May 2009; Robin H. Johnson + openssh-5.2_p1-r1.ebuild, openssh-5.2_p1-r2.ebuild, + +files/openssh-5.2p1-ldap-stdargs.diff: + Bug #266654: Fix LPK compile under uclibc due to missing include statement + thanks to Bertrand Jacquin . + + 18 May 2009; Robin H. Johnson + openssh-5.2_p1-r2.ebuild: + New release of the HPN patch that makes it mostly usable now. The + multithreaded AES-CTR portion is disabled to avoid hangs however. + + 20 Apr 2009; Mike Frysinger openssh-5.2_p1-r2.ebuild: + Skip pkcs11/kerberos support when USE=static by Alon Bar-Lev #266404 by + Jan Paesmans. + + 12 Apr 2009; Robin H. Johnson + openssh-5.2_p1-r2.ebuild: + Switch to UID instead of hardcoded portage per bug #264841 comment. + + 12 Apr 2009; Robin H. Johnson files/sshd.rc6: + Bug #265491, fix opts with baselayout1. + + 12 Apr 2009; Robin H. Johnson + openssh-5.2_p1-r1.ebuild, openssh-5.2_p1-r2.ebuild: + Bug #264841, the ssh testsuite needs a real shell to run, so run a subset + of tests otherwise. + + 04 Apr 2009; Raúl Porcel openssh-5.2_p1-r1.ebuild: + alpha/arm/ia64/m68k/s390/sh/sparc stable wrt #247466 + + 02 Apr 2009; Markus Meier openssh-5.2_p1-r1.ebuild: + amd64/x86 stable, bug #247466 + + 02 Apr 2009; Brent Baude openssh-5.2_p1-r1.ebuild: + Marking openssh-5.2_p1-r1 ppc64 and ppc for bug 247466 + + 02 Apr 2009; Jeroen Roovers openssh-5.2_p1-r1.ebuild: + Stable for HPPA (bug #247466). + + 11 Mar 2009; Robin H. Johnson + openssh-5.2_p1-r1.ebuild, openssh-5.2_p1-r2.ebuild: + Add the SSH testsuite, because I think the latest HPN patch has a breakage + that was missed. + +*openssh-5.2_p1-r2 (09 Mar 2009) + + 09 Mar 2009; Robin H. Johnson + +openssh-5.2_p1-r2.ebuild: + Added my own unofficial port of the HPN patch, because performance sucks + without it. + + 25 Feb 2009; Mike Frysinger openssh-5.2_p1-r1.ebuild: + Update pkcs11 patch #152170. + +*openssh-5.2_p1-r1 (24 Feb 2009) + + 24 Feb 2009; Robin H. Johnson + +openssh-5.2_p1-r1.ebuild: + LPK patch updated for new OpenSSH release. + + 24 Feb 2009; Mike Frysinger openssh-5.2_p1.ebuild: + Fix X509 patching #260163 by Daniel J. + +*openssh-5.2_p1 (24 Feb 2009) + + 24 Feb 2009; Mike Frysinger +openssh-5.2_p1.ebuild: + Version bump #247466. + + 20 Feb 2009; Raúl Porcel openssh-5.1_p1-r2.ebuild: + ia64/sparc stable wrt #258940 + + 16 Feb 2009; Brent Baude openssh-5.1_p1-r2.ebuild: + stable ppc64, bug 258940 + + 15 Feb 2009; Markus Meier openssh-5.1_p1-r2.ebuild: + amd64/x86 stable, bug #258940 + + 14 Feb 2009; Brent Baude openssh-5.1_p1-r2.ebuild: + stable ppc, bug 258940 + + 14 Feb 2009; Jeroen Roovers openssh-5.1_p1-r2.ebuild: + Stable for HPPA (bug #258940). + + 14 Feb 2009; Tobias Klausmann + openssh-5.1_p1-r2.ebuild: + Stable on alpha, bug #258940 + + 14 Feb 2009; Mike Frysinger + +files/openssh-5.1_p1-x509-headers.patch, openssh-5.1_p1-r2.ebuild, + openssh-5.1_p1-r3.ebuild: + Fix implicit strsep() prototype in x509 code #258795 by orlin. + + 08 Feb 2009; Mike Frysinger openssh-4.4_p1-r6.ebuild, + openssh-4.5_p1-r2.ebuild, openssh-4.6_p1-r4.ebuild, + openssh-4.7_p1-r6.ebuild, openssh-4.7_p1-r20.ebuild, + openssh-5.0_p1-r1.ebuild, openssh-5.0_p1-r2.ebuild, openssh-5.1_p1.ebuild, + openssh-5.1_p1-r1.ebuild, openssh-5.1_p1-r2.ebuild, + openssh-5.1_p1-r3.ebuild: + Drop unused ccc eclass inherit. + + 21 Jan 2009; Jeremy Olexa openssh-5.1_p1-r3.ebuild: + Disable PATH reset in configure script, bug 254615 + + 15 Jan 2009; Robin H. Johnson metadata.xml: + Re-add my tag for metadata.xml, because it's a full + description, not just a restrict based on USE flags. And spanky didn't + have a changelog entry either. + + 13 Jan 2009; Mike Frysinger + files/openssh-5.1_p1-better-ssp-check.patch: + Fixup ssp detection patch #254365 by Felix Riemann. + +*openssh-5.1_p1-r3 (09 Jan 2009) + + 09 Jan 2009; Diego E. Pettenò + +openssh-5.1_p1-r3.ebuild: + Let PAM print motd and last login data to close bug #244816. + + 17 Nov 2008; Mike Frysinger + +files/openssh-5.1_p1-better-ssp-check.patch, openssh-5.1_p1-r1.ebuild, + openssh-5.1_p1-r2.ebuild: + Fix ssp detection on uClibc hosts. + +*openssh-5.1_p1-r2 (03 Nov 2008) + + 03 Nov 2008; Mike Frysinger + +files/openssh-5.1_p1-escaped-banner.patch, + +files/openssh-5.1_p1-null-banner.patch, +openssh-5.1_p1-r2.ebuild: + Fix some issues with printing of banners #244222 by Michał Górny. + + 01 Nov 2008; Robin H. Johnson openssh-5.1_p1.ebuild, + openssh-5.1_p1-r1.ebuild: + Bug #244760, we need to pass --with-ldap, not try to execute it. + + 30 Oct 2008; Brent Baude openssh-5.1_p1-r1.ebuild: + Marking openssh-5.1_p1-r1 ppc for bug 231292 + + 30 Oct 2008; Raúl Porcel openssh-5.1_p1-r1.ebuild: + alpha/ia64/sparc stable #231292 + + 27 Oct 2008; Brent Baude openssh-5.1_p1-r1.ebuild: + Marking openssh-5.1_p1-r1 ppc64 for bug 231292 + + 26 Oct 2008; Jeroen Roovers openssh-5.1_p1-r1.ebuild: + Stable for HPPA (bug #231292). + + 26 Oct 2008; Markus Meier openssh-5.1_p1-r1.ebuild: + amd64/x86 stable, bug #231292 + + 29 Aug 2008; Mike Frysinger openssh-5.1_p1.ebuild, + openssh-5.1_p1-r1.ebuild: + Tweak --with-ldap catch #235594 by BedOS_Gui. + +*openssh-5.1_p1-r1 (23 Aug 2008) + + 23 Aug 2008; Robin H. Johnson + +files/openssh-5.1_p1-ldap-hpn-glue.patch, metadata.xml, + +openssh-5.1_p1-r1.ebuild: + Update the LDAP patches, also mailed to upstream. + + 23 Aug 2008; Robin H. Johnson + +files/openssh-5.1_p1-x509-hpn-glue.patch, openssh-5.1_p1.ebuild: + Forward-port the X509/hpn glue patch per bug #235086. + +*openssh-5.1_p1 (17 Aug 2008) + + 17 Aug 2008; Mike Frysinger +openssh-5.1_p1.ebuild: + Version bump #232891 by Krzysztof Oledzki. + +*openssh-5.0_p1-r2 (23 Jul 2008) + + 23 Jul 2008; Diego Pettenò + +openssh-5.0_p1-r2.ebuild: + Add new revision that use pambase now that it's fully keyworded. Closes + bug #225141 by Davide Pesavento. + + 17 May 2008; nixnut openssh-4.7_p1-r20.ebuild: + Added ~ppc wrt bug 210777 + + 11 May 2008; Ulrich Mueller openssh-4.4_p1-r6.ebuild, + openssh-4.5_p1-r2.ebuild, openssh-4.6_p1-r4.ebuild, + openssh-4.7_p1-r6.ebuild, openssh-4.7_p1-r20.ebuild, + openssh-5.0_p1-r1.ebuild: + Fix dependency: app-admin/skey moved to sys-auth/skey. + +*openssh-5.0_p1-r1 (10 Apr 2008) + + 10 Apr 2008; Mike Frysinger +openssh-5.0_p1-r1.ebuild: + Update HPN and gsskex patch #216932 by Kamil Kisiel. + + 06 Apr 2008; Mike Frysinger openssh-5.0_p1.ebuild: + Remove accidental pkcs11-helper inclusion from DEPEND. + +*openssh-5.0_p1 (05 Apr 2008) + + 05 Apr 2008; Mike Frysinger +openssh-5.0_p1.ebuild: + Version bump. + + 03 Apr 2008; Tobias Scherbaum + openssh-4.7_p1-r6.ebuild: + ppc stable, bug #215702 + + 02 Apr 2008; Mike Frysinger openssh-4.9_p1-r1.ebuild: + Drop unnecessary USE=chroot #215820 by Cybertinus. + + 02 Apr 2008; Jeroen Roovers openssh-4.7_p1-r6.ebuild: + Stable for HPPA (bug #215702). + + 02 Apr 2008; Markus Rothe openssh-4.7_p1-r6.ebuild: + Stable on ppc64; bug #215702 + +*openssh-4.9_p1-r1 (02 Apr 2008) + + 02 Apr 2008; Mike Frysinger + +files/openssh-4.9_p1-x509-hpn-glue.patch, -openssh-4.9_p1.ebuild, + +openssh-4.9_p1-r1.ebuild: + Add updated X509/hpn patches. + + 02 Apr 2008; Raúl Porcel openssh-4.7_p1-r6.ebuild: + alpha/ia64/sparc stable wrt security #215702 + + 02 Apr 2008; Richard Freeman openssh-4.7_p1-r6.ebuild: + amd64 stable - 215702 + + 01 Apr 2008; Christian Faulhammer + openssh-4.7_p1-r6.ebuild: + stable x86, security bug 215702 + +*openssh-4.7_p1-r6 (01 Apr 2008) + + 01 Apr 2008; Mike Frysinger + +files/openssh-4.7_p1-ForceCommand.patch, +openssh-4.7_p1-r6.ebuild: + Fix for ForceCommand bypass #215702. + +*openssh-4.9_p1 (01 Apr 2008) + + 01 Apr 2008; Mike Frysinger +openssh-4.9_p1.ebuild: + Version bump. + + 01 Apr 2008; Chris PeBenito + +files/openssh-4.7p1-selinux.diff, openssh-4.7_p1-r5.ebuild, + openssh-4.7_p1-r20.ebuild: + fix bug #191665, in selinux portion of configure script. + + 30 Mar 2008; Raúl Porcel openssh-4.7_p1-r5.ebuild: + alpha/ia64/sparc stable wrt security #214985 + + 29 Mar 2008; Richard Freeman openssh-4.7_p1-r5.ebuild: + amd64 stable - 214985 + + 29 Mar 2008; Christian Faulhammer + openssh-4.7_p1-r5.ebuild: + stable x86, security bug 214985 + + 29 Mar 2008; Jeroen Roovers openssh-4.7_p1-r5.ebuild: + Stable for HPPA (bug #214985). + + 29 Mar 2008; Brent Baude openssh-4.7_p1-r5.ebuild: + Marking openssh-4.7_p1-r5 ppc64 and ppc for bug 214985 + +*openssh-4.7_p1-r5 (29 Mar 2008) + + 29 Mar 2008; Mike Frysinger + +files/openssh-4.7_p1-CVE-2008-1483.patch, + +files/openssh-4.7_p1-lpk-64bit.patch, + +files/openssh-4.7_p1-packet-size.patch, +openssh-4.7_p1-r5.ebuild: + Fix CVE-2008-1483 #214985. Fix from upstream for scp/packet problems #212433 + by Steven Parkes. Fix from Piotr Stolc for some LPK configs under 64bit + systems #210110. Add gsskex patch (for now) #115553. + + 17 Mar 2008; Santiago M. Mola + openssh-4.7_p1-r20.ebuild: + ~amd64 added wrt bug #210777 + + 14 Mar 2008; Diego Pettenò + openssh-4.7_p1-r20.ebuild: + Disable printing of motd and lastlog when enabling PAM, on the + pambase-dependent ebuild, as system-login takes care of that. Closes bug + #213234. + + 06 Mar 2008; Raúl Porcel openssh-4.7_p1-r20.ebuild: + Add ~alpha/~ia64 wrt #210777 + + 05 Mar 2008; Ferris McCormick + openssh-4.7_p1-r20.ebuild: + Add back ~sparc, Bug #210777, verified as still working with USE=pam. + + 05 Mar 2008; Brent Baude openssh-4.7_p1-r20.ebuild: + keyworded ~arch for ppc64, bug 210777 + + 04 Mar 2008; openssh-4.7_p1-r20.ebuild: + Marked ~x86 (bug #210777). Thanks to Michał Wołonkiewicz for + testing. + + 03 Mar 2008; Jeroen Roovers openssh-4.7_p1-r20.ebuild: + Marked ~hppa (bug #210777). + + 23 Feb 2008; Robin H. Johnson + openssh-4.4_p1-r6.ebuild, openssh-4.5_p1-r2.ebuild, + openssh-4.6_p1-r3.ebuild, openssh-4.7_p1-r1.ebuild: + Drop mips to ~mips because app-admin/skey has dropped the stable mips keyword. + + 23 Feb 2008; Robin H. Johnson metadata.xml: + Add myself as the contact point for LPK issues. I am on base-system for + everything else. + + 20 Feb 2008; Diego Pettenò + openssh-4.7_p1-r20.ebuild: + Fix dependencies for pambase/pam. + +*openssh-4.7_p1-r20 (19 Feb 2008) + + 19 Feb 2008; Diego Pettenò + +files/sshd.pam_include.2, +openssh-4.7_p1-r20.ebuild: + Add a new revision with pambase's system-remote-login as base stack. Now + also prints motd when using PAM. + + 12 Feb 2008; Santiago M. Mola + openssh-4.7_p1-r3.ebuild: + amd64 stable wrt bug #193401 + + 10 Feb 2008; Mike Frysinger + +files/openssh-4.7_p1-x509-hpn-glue.patch, openssh-4.7_p1-r4.ebuild: + Fix building with USE='X509 hpn' #209479 by Jose daLuz. + + 10 Feb 2008; Tobias Scherbaum + openssh-4.7_p1-r3.ebuild: + ppc stable, bug #193401 + + 09 Feb 2008; Brent Baude openssh-4.7_p1-r3.ebuild: + stable ppc64, bug 193401 + +*openssh-4.7_p1-r4 (09 Feb 2008) + + 09 Feb 2008; Mike Frysinger +openssh-4.7_p1-r4.ebuild: + Update HPN patch. + + 28 Jan 2008; Jeroen Roovers openssh-4.7_p1-r3.ebuild: + Stable for HPPA too. + + 24 Jan 2008; Raúl Porcel openssh-4.7_p1-r3.ebuild: + alpha/ia64/sparc/x86 stable + +*openssh-4.7_p1-r3 (21 Nov 2007) + + 21 Nov 2007; Mike Frysinger +openssh-4.7_p1-r3.ebuild: + Update x509/hpn patches. + + 08 Oct 2007; Mike Frysinger openssh-4.7_p1-r1.ebuild, + openssh-4.7_p1-r2.ebuild: + Mirrors have had long enough to update; drop restriction. + +*openssh-4.7_p1-r2 (29 Sep 2007) + + 29 Sep 2007; Mike Frysinger + +files/openssh-4.7_p1-GSSAPI-dns.patch, +openssh-4.7_p1-r2.ebuild: + Enable ssl-engine support #194163 by Nikhil Sethi and add GSSAPI/DNS patch + #165444 by Alex Iribarren. + + 27 Sep 2007; Joshua Kinard openssh-4.7_p1-r1.ebuild: + Stable on mips, per #191321. + + 25 Sep 2007; Mike Frysinger openssh-4.7_p1-r1.ebuild: + Force u+x perms on /etc/skel/.ssh for a while to help with older broken + installs. + + 22 Sep 2007; Mike Frysinger openssh-4.7_p1-r1.ebuild: + Upstream changed openssh-4.7p1-hpn12v18.diff.gz slightly so rebuild manifest + and prevent hitting Gentoo mirrors for a little while #193401 by Timothy + Redaelli. + + 20 Sep 2007; Mike Frysinger files/sshd.rc6: + If restarting, check the config first #192825 by Hans-Werner Hilse. + + 08 Sep 2007; Markus Rothe openssh-4.7_p1-r1.ebuild: + Stable on ppc64; bug #191321 + +*openssh-4.7_p1-r1 (07 Sep 2007) + + 07 Sep 2007; Mike Frysinger +openssh-4.7_p1-r1.ebuild: + Add X509 and hpn patches. + + 07 Sep 2007; Tobias Scherbaum + openssh-4.7_p1.ebuild: + ppc stable, bug #191321 + + 07 Sep 2007; Jeroen Roovers openssh-4.7_p1.ebuild: + Stable for HPPA (bug #191321). + + 07 Sep 2007; Chris Gianelloni openssh-4.7_p1.ebuild: + Stable on amd64 wrt bug #191321. + + 06 Sep 2007; Jose Luis Rivero openssh-4.7_p1.ebuild: + Stable on sparc wrt security bug #191321 + + 06 Sep 2007; Raúl Porcel openssh-4.7_p1.ebuild: + alpha/ia64 stable wrt security #191321 + + 06 Sep 2007; Andrej Kacian openssh-4.7_p1.ebuild: + Stable on x86, security bug #191321. + +*openssh-4.7_p1 (05 Sep 2007) + + 05 Sep 2007; Mike Frysinger +openssh-4.7_p1.ebuild: + Version bump #191321 by Rajiv Aaron Manglani. + + 25 Aug 2007; Mike Frysinger openssh-4.6_p1-r4.ebuild: + Punt securid stuff as upstream is not fast enough to update. + +*openssh-4.6_p1-r4 (06 Aug 2007) + + 06 Aug 2007; Mike Frysinger + +files/openssh-4.6_p1-chan-read-failed.patch, +openssh-4.6_p1-r4.ebuild: + Fix from upstream for spurious chan_read_failed errors #181407. + +*openssh-4.6_p1-r3 (06 Aug 2007) + + 06 Aug 2007; Mike Frysinger +openssh-4.6_p1-r3.ebuild: + Add updated ldap patch #187594. + + 04 Aug 2007; openssh-4.0_p1-r2.ebuild, + openssh-4.1_p1-r1.ebuild, openssh-4.5_p1-r2.ebuild, + openssh-4.6_p1-r2.ebuild: + Stable on amd64. See security bug #183958. + + 02 Aug 2007; Raúl Porcel openssh-4.5_p1-r2.ebuild, + openssh-4.6_p1-r2.ebuild: + x86 stable, no idea why i didn't stabilize them + + 23 Jul 2007; Mike Frysinger openssh-4.2_p1-r1.ebuild, + openssh-4.3_p2-r5.ebuild, openssh-4.4_p1-r6.ebuild, openssh-4.5_p1.ebuild, + openssh-4.5_p1-r1.ebuild, openssh-4.5_p1-r2.ebuild: + Punt bindnow-flags usage. + + 22 Jul 2007; Donnie Berkholz ; + openssh-4.3_p2-r5.ebuild: + Drop virtual/x11 references. + + 21 Jul 2007; Joseph Jezak openssh-4.0_p1-r2.ebuild, + openssh-4.1_p1-r1.ebuild, openssh-4.5_p1-r2.ebuild, + openssh-4.6_p1-r2.ebuild: + Marked ppc/ppc64 stable for bug #183958. + + 10 Jul 2007; Gustavo Zacarias + openssh-4.0_p1-r2.ebuild, openssh-4.1_p1-r1.ebuild: + Stable on sparc wrt #183958 + + 07 Jul 2007; Raúl Porcel openssh-4.0_p1-r2.ebuild, + openssh-4.1_p1-r1.ebuild: + alpha/ia64/x86 stable wrt #183958 + + 07 Jul 2007; Joshua Kinard openssh-4.0_p1-r2.ebuild, + openssh-4.1_p1-r1.ebuild, openssh-4.5_p1-r2.ebuild, + openssh-4.6_p1-r2.ebuild: + Stable on mips, per #183958. + + 05 Jul 2007; Raúl Porcel openssh-4.5_p1-r2.ebuild, + openssh-4.6_p1-r2.ebuild: + alpha/ia64 stable wrt #183958 + + 04 Jul 2007; Jeroen Roovers openssh-4.6_p1-r2.ebuild: + Stable for HPPA (bug #183958). + + 04 Jul 2007; Gustavo Zacarias + openssh-4.5_p1-r2.ebuild, openssh-4.6_p1-r2.ebuild: + Stable on sparc wrt #183958 + + 04 Jul 2007; Jeroen Roovers openssh-4.5_p1-r2.ebuild: + Stable for HPPA (bug #183958). + + 04 Jul 2007; Jeroen Roovers openssh-4.1_p1-r1.ebuild: + Stable for HPPA (bug #183958). + + 04 Jul 2007; Jeroen Roovers openssh-4.0_p1-r2.ebuild: + Stable for HPPA (bug #183958). + +*openssh-4.6_p1-r2 (02 Jul 2007) + + 02 Jul 2007; Diego Pettenò + +files/sshd.pam_include.1, +openssh-4.6_p1-r2.ebuild: + Revision bump to fix the pam.d file. + + 24 Apr 2007; Alexander Færøy + openssh-4.5_p1-r1.ebuild: + Stable on MIPS. + + 18 Mar 2007; Robin H. Johnson + openssh-4.5_p1-r2.ebuild: + Bug #169665, use slightly modified LPK patch to avoid conflict on configure + with SecurID patch. + +*openssh-4.6_p1-r1 (13 Mar 2007) + + 13 Mar 2007; Mike Frysinger + +files/openssh-4.6_p1-ChallengeResponseAuthentication.patch, + +openssh-4.6_p1-r1.ebuild: + Grab fix from upstream for ChallengeResponseAuthentication (to fix USE=pam + defaults) #170670 and add new hpn support. + +*openssh-4.6_p1 (11 Mar 2007) + + 11 Mar 2007; Mike Frysinger + +files/openssh-4.6_p1-include-string-header.patch, +openssh-4.6_p1.ebuild: + Version bump #170385 by Wolfram Schlich. + +*openssh-4.5_p1-r2 (05 Mar 2007) + + 05 Mar 2007; Robin H. Johnson + +openssh-4.5_p1-r2.ebuild: + Bug #168681. Bump for new versions of HPN (compile fix for strict compilers) + and LPK (Addition of LpkFilter as an LDAP filter). + +*openssh-4.5_p1-r1 (23 Feb 2007) + + 23 Feb 2007; Roy Marples files/sshd.rc6, + +openssh-4.5_p1-r1.ebuild: + Bump for a non bash init script. + + 08 Jan 2007; Michael Cummings + openssh-4.5_p1.ebuild: + Stable on amd64 wrt security bug 154389 + + 08 Jan 2007; Bryan Østergaard openssh-4.5_p1.ebuild: + Stable on Alpha, bug 154389. + + 08 Jan 2007; Gustavo Zacarias openssh-4.5_p1.ebuild: + Stable on sparc wrt security #154389 + + 07 Jan 2007; Tobias Scherbaum + openssh-4.5_p1.ebuild: + Stable on ppc wrt bug #154389. + + 07 Jan 2007; Markus Rothe openssh-4.5_p1.ebuild: + Stable on ppc64; bug #154389 + + 06 Jan 2007; Jeroen Roovers openssh-4.5_p1.ebuild: + Stable for HPPA (bug #154389). + + 06 Jan 2007; Christian Faulhammer + openssh-4.5_p1.ebuild: + stable x86, security bug #154389 + + 07 Dec 2006; Diego Pettenò + openssh-4.3_p2-r1.ebuild, openssh-4.3_p2-r5.ebuild, + openssh-4.4_p1-r6.ebuild, openssh-4.5_p1.ebuild: + Require dev-libs/libedit for libedit support, as it's going to be removed + from freebsd-lib in favour of a merged dev-libs/libedit ebuild. + + 08 Nov 2006; Ilya A. Volynets-Evenbakh + openssh-4.4_p1-r6.ebuild: + Stable on mips (#149502) + +*openssh-4.5_p1 (07 Nov 2006) + + 07 Nov 2006; Mike Frysinger +openssh-4.5_p1.ebuild: + Version bump #154389. + + 05 Nov 2006; Brent Baude openssh-4.4_p1-r6.ebuild: + Marking openssh-4.4_p1-r6 ppc64 stable for 149502 + + 03 Nov 2006; Fernando J. Pereda + openssh-4.4_p1-r6.ebuild: + Stable on alpha as per bug #149502 + +*openssh-4.4_p1-r6 (03 Nov 2006) + + 03 Nov 2006; Mike Frysinger + +files/openssh-4.4_p1-ldap-hpn-glue.patch, +openssh-4.4_p1-r6.ebuild: + Grab updated HPN patch to fix -C issues #153854. + + 01 Nov 2006; Tobias Scherbaum + openssh-4.4_p1-r5.ebuild: + ppc stable, bug #149502 + + 01 Nov 2006; Gustavo Zacarias + openssh-4.4_p1-r5.ebuild: + Stable on sparc wrt security #149502 + + 01 Nov 2006; Mike Frysinger + +files/openssh-4.4_p1-x509-hpn-glue.patch, openssh-4.4_p1-r5.ebuild: + Tweak X509 a little so HPN can apply at the sametime #151527 by Bob Reveley. + + 31 Oct 2006; Danny van Dyk + openssh-4.4_p1-r5.ebuild: + Marked stable on amd64. + + 31 Oct 2006; Andrej Kacian openssh-4.4_p1-r5.ebuild: + Stable on x86, security bug #152594. + + 31 Oct 2006; Jeroen Roovers openssh-4.4_p1-r5.ebuild: + Stable for HPPA (bug #149502). + +*openssh-4.4_p1-r5 (25 Oct 2006) + + 25 Oct 2006; Mike Frysinger +openssh-4.4_p1-r5.ebuild: + Add updated securid support. + + 17 Oct 2006; Roy Marples openssh-4.4_p1-r4.ebuild: + Added ~sparc-fbsd keyword. + + 14 Oct 2006; Roy Marples files/sshd.rc6: + Init script now interacts fully with start-stop-daemon. + +*openssh-4.4_p1-r4 (13 Oct 2006) + + 13 Oct 2006; Mike Frysinger +openssh-4.4_p1-r4.ebuild: + Add updated hpn support. + +*openssh-4.4_p1-r3 (04 Oct 2006) + + 04 Oct 2006; Chris PeBenito + +files/openssh-4.4p1-selinux-ac.diff, +openssh-4.4_p1-r3.ebuild: + Fix configure to properly detect SELinux functions. + +*openssh-4.4_p1-r2 (02 Oct 2006) + + 02 Oct 2006; Mike Frysinger +openssh-4.4_p1-r2.ebuild: + Add support for new X509. + + 02 Oct 2006; Andrea Barisani + files/digest-openssh-4.4_p1-r1, Manifest: + Fixing digest wrt bug #149571 + + 30 Sep 2006; Diego Pettenò + openssh-4.4_p1-r1.ebuild: + Make sure pam is the latest eclass called. + + 29 Sep 2006; Markus Rothe openssh-4.3_p2-r5.ebuild: + Stable on ppc64 + +*openssh-4.4_p1-r1 (29 Sep 2006) + + 29 Sep 2006; Andrea Barisani +openssh-4.4_p1-r1.ebuild: + Revision bump for new ldap patch. + +*openssh-4.4_p1 (28 Sep 2006) + + 28 Sep 2006; Mike Frysinger +openssh-4.4_p1.ebuild: + Version bump. + + 27 Sep 2006; Fernando J. Pereda + openssh-4.3_p2-r5.ebuild: + Stable on alpha wrt bug #148228 + + 26 Sep 2006; Gustavo Zacarias + openssh-4.3_p2-r5.ebuild: + Stable on hppa wrt security #148228 + + 26 Sep 2006; Simon Stelling openssh-4.3_p2-r5.ebuild: + stable on amd64; bug 148228 + + 26 Sep 2006; Tobias Scherbaum + openssh-4.3_p2-r5.ebuild: + ppc stable, bug #148228 + + 25 Sep 2006; Jason Wever openssh-4.3_p2-r5.ebuild: + Stable on SPARC wrt security bug #148228. + + 25 Sep 2006; Paul Varner openssh-4.3_p2-r5.ebuild: + Stable on x86. Bug #148228 + +*openssh-4.3_p2-r5 (25 Sep 2006) + + 25 Sep 2006; Tavis Ormandy +openssh-4.3_p2-r5.ebuild, + +files/openssh-4.3_p2-identical-simple-dos-2.patch: + Tweak DOS patch #148228. + + 23 Sep 2006; Mike Frysinger + +files/openssh-4.3_p2-opensc-libs.patch, openssh-4.3_p2-r4.ebuild: + Fix building with --as-needed #148538 by Mart Raudsepp. + + 23 Sep 2006; Mike Frysinger + +files/openssh-4.3_p2-ldap-updates.patch, openssh-4.3_p2-r4.ebuild: + Fixup ldap configure code #148723 by sfp-a7x. + +*openssh-4.3_p2-r4 (22 Sep 2006) + + 22 Sep 2006; Mike Frysinger + +files/openssh-4.3_p2-securid-updates.patch, +openssh-4.3_p2-r4.ebuild: + Force rebuilding of all autotools instead of just cheating with autoconf + #148639 by Alex K. + + 22 Sep 2006; Tobias Scherbaum + openssh-4.3_p2-r3.ebuild: + hppa stable, bug #148228 + + 21 Sep 2006; Tobias Scherbaum + openssh-4.3_p2-r3.ebuild: + ppc stable, bug #148228 + + 21 Sep 2006; Mike Doty openssh-4.3_p2-r3.ebuild: + amd64 stable, bug 148228 + + 21 Sep 2006; Gustavo Zacarias + openssh-4.3_p2-r3.ebuild: + Stable on sparc wrt #148228 + + 21 Sep 2006; openssh-4.3_p2-r3.ebuild: + Stable on x86, security bug #148228. + + 21 Sep 2006; Markus Rothe openssh-4.3_p2-r3.ebuild: + Stable on ppc64; bug #148228 + +*openssh-4.3_p2-r3 (20 Sep 2006) + + 20 Sep 2006; Mike Frysinger + +files/openssh-4.3_p1-chroot.patch, + +files/openssh-4.3_p2-identical-simple-dos.patch, files/sshd.confd, + files/sshd.rc6, +openssh-4.3_p2-r3.ebuild: + Fixes from upstream for minor DOS #148228. + + 08 Sep 2006; Mike Frysinger openssh-4.3_p2-r2.ebuild: + Remove ugly flag mangling and fix building with USE=static #146654 by + Alexander Skwar. + + 05 Jul 2006; Andrea Barisani metadata.xml: + Making my metadata entry a bit more clear. + + 04 Jul 2006; Mike Frysinger openssh-4.3_p2-r2.ebuild: + Add x11-apps/xauth to RDEPEND for USE=X #139235 by Ian Stakenvicius. + + 02 Jul 2006; Robin H. Johnson + files/digest-openssh-3.9_p1-r3, files/digest-openssh-4.0_p1-r2, + files/digest-openssh-4.1_p1-r1, files/digest-openssh-4.2_p1-r1, + files/digest-openssh-4.3_p1, files/digest-openssh-4.3_p2-r1, + files/digest-openssh-4.3_p2-r2, Manifest: + Fix digest weirdness. + + 30 Jun 2006; Robin H. Johnson + files/digest-openssh-4.3_p1, files/digest-openssh-4.3_p2-r1, + files/digest-openssh-4.3_p2-r2, Manifest: + Upstream changed the openssh-lpk-4.3p1-0.3.7.patch file, and didn't alter + the filename! Re-digest as needed. + + 27 Jun 2006; Mike Frysinger + +files/openssh-4.3_p2-configure.patch, openssh-4.3_p1.ebuild, + openssh-4.3_p2-r1.ebuild, openssh-4.3_p2-r2.ebuild: + Fix broken configure script #137921 by Adam Potter. + + 24 Jun 2006; Diego Pettenò + openssh-4.3_p2-r1.ebuild: + Remove x86-fbsd keyword from an older rev, just to be safe. + + 24 Jun 2006; Diego Pettenò + openssh-4.3_p2-r2.ebuild: + Put shadow under conditional userland_GNU, unbreak non-GNU userlands. + + 24 Jun 2006; Joshua Kinard openssh-4.3_p2-r2.ebuild: + Eh, shadow belongs in RDEPEND instead, duh. + + 24 Jun 2006; Joshua Kinard openssh-4.3_p2-r2.ebuild: + Added shadow as a DEPEND so that groupadd is available. + +*openssh-4.3_p2-r2 (08 Jun 2006) + + 08 Jun 2006; Mike Frysinger + +files/openssh-4.3_p2-securid-hpn-glue.patch, + +files/openssh-4.3_p2-x509-hpn-glue.patch, openssh-4.2_p1-r1.ebuild, + +openssh-4.3_p2-r2.ebuild: + Update hpn and x509 patches #135691 by Scott Jones. + + 07 Jun 2006; Joshua Kinard openssh-4.3_p2-r1.ebuild: + Add sys-apps/shadow to RDEPEND/DEPEND so group/useradd is available. Fixes + Bug #135966. + + 29 Apr 2006; Joshua Kinard openssh-4.3_p2-r1.ebuild: + Marked stable on mips. + + 19 Apr 2006; Andrea Barisani openssh-4.3_p1.ebuild, + openssh-4.3_p2-r1.ebuild: + Ok that last commit was stupid, going back and waiting for updated mirrors. + + 19 Apr 2006; openssh-4.3_p1.ebuild, + openssh-4.3_p2-r1.ebuild: + Moving ldap patch to dev.gentoo.org waiting for mirror to get the updated version + and fixing digest issues. bug #130354 + + 17 Apr 2006; Markus Rothe openssh-4.3_p2-r1.ebuild: + Stable on ppc64; bug #130027 + + 17 Apr 2006; Chris Gianelloni + openssh-4.3_p2-r1.ebuild: + Stable on x86 wrt bug #130027. + + 16 Apr 2006; Bryan Østergaard openssh-4.3_p2-r1.ebuild: + Stable on SPARC wrt bug #130027. + + 15 Apr 2006; openssh-4.3_p2-r1.ebuild: + Stable on ppc. Bug #130027 + + 15 Apr 2006; Marcus D. Hanwell + openssh-4.3_p2-r1.ebuild: + Marked stable on amd64, bug 130027. + + 04 Apr 2006; Diego Pettenò + openssh-4.3_p2-r1.ebuild: + Allow using freebsd-lib's libedit with libedit useflag. + + 30 Mar 2006; Diego Pettenò + openssh-4.3_p2-r1.ebuild: + Add ~x86-fbsd keyword. + + 05 Mar 2006; Mike Frysinger + +files/openssh-4.3_p2-selinux.patch.glue, openssh-4.3_p2-r1.ebuild: + Glue selinux and X509 support #125108 by Alon Bar-Lev. + + 05 Mar 2006; Andrea Barisani openssh-4.3_p1.ebuild, + openssh-4.3_p2.ebuild, openssh-4.3_p2-r1.ebuild: + Restored ldap support in 4.3 versions. + +*openssh-4.3_p2-r1 (05 Mar 2006) + + 05 Mar 2006; Chris PeBenito + +files/openssh-4.3_p2-selinux.patch, +openssh-4.3_p2-r1.ebuild: + Bump to update SELinux patch. + +*openssh-4.3_p2 (04 Mar 2006) + + 04 Mar 2006; Mike Frysinger + +files/openssh-4.3_p1-krb5-typos.patch, +openssh-4.3_p2.ebuild: + Version bump and add patch from upstream #124494 by RiverRat. + + 28 Feb 2006; Mike Frysinger files/sshd.rc6: + Add restart function by Michal Fojtik to init.d script #124271. + + 19 Feb 2006; Joshua Kinard openssh-4.2_p1-r1.ebuild: + Marked stable on mips. + +*openssh-4.3_p1 (08 Feb 2006) + + 08 Feb 2006; Mike Frysinger +openssh-4.3_p1.ebuild: + Version bump #121191 by Wolfram Schlich. + + 04 Feb 2006; Mike Frysinger +files/sshd.confd, + files/sshd.rc6, openssh-3.9_p1-r3.ebuild, openssh-4.0_p1-r2.ebuild, + openssh-4.1_p1-r1.ebuild, openssh-4.2_p1.ebuild, openssh-4.2_p1-r1.ebuild: + Pass sshd_config to sshd when starting to better help running multiple + instances of ssh #121530 by ph. + + 03 Feb 2006; Tobias Scherbaum + openssh-4.2_p1-r1.ebuild: + ppc stable, bug #119232 + + 03 Feb 2006; Markus Rothe openssh-4.2_p1-r1.ebuild: + Stable on ppc64: bug #119232 + + 03 Feb 2006; Jose Luis Rivero + openssh-4.2_p1-r1.ebuild: + Stable on alpha wrt sec bug #119232 + + 02 Feb 2006; Rene Nussbaumer + openssh-4.2_p1-r1.ebuild: + Stable on hppa. See bug #119232. + + 02 Feb 2006; Mark Loeser openssh-4.2_p1-r1.ebuild: + Stable on x86; bug #119232 + + 02 Feb 2006; Gustavo Zacarias + openssh-4.2_p1-r1.ebuild: + Stable on sparc wrt security #119232 + + 02 Feb 2006; Simon Stelling openssh-4.2_p1-r1.ebuild: + stable on amd64 wrt bug 119232 + +*openssh-4.2_p1-r1 (01 Feb 2006) + + 01 Feb 2006; Mike Frysinger + +files/openssh-4.2_p1-CVE-2006-0225.patch, +openssh-4.2_p1-r1.ebuild: + Version bump for security #119232. + + 29 Jan 2006; Mike Frysinger + +files/openssh-4.2_p1-cross-compile.patch, openssh-4.0_p1-r2.ebuild, + openssh-4.1_p1-r1.ebuild, openssh-4.2_p1.ebuild: + Fix cross-compiling #120567 by Raphael Burnes. + + 25 Dec 2005; Diego Pettenò openssh-4.2_p1.ebuild: + Use bindnow-flags function instead of -Wl,-z,now. + + 10 Dec 2005; Mike Frysinger files/sshd.rc6: + Update init.d script to allow for multiple instances by Marius Mauch #114996. + + 22 Oct 2005; MATSUU Takuto openssh-4.2_p1.ebuild: + Stable on sh for #109678. + + 22 Oct 2005; Mike Frysinger + +files/openssh-4.2_p1-selinux.patch, openssh-4.2_p1.ebuild: + Fix selinux support #110039 and add back in securid/hpn patches. + + 21 Oct 2005; Bryan Østergaard openssh-4.2_p1.ebuild: + Stable on alpha + ia64, bug 109678. + + 21 Oct 2005; Jason Wever openssh-4.2_p1.ebuild: + Stable on SPARC wrt security bug #109678. + + 21 Oct 2005; Seemant Kulleen openssh-4.2_p1.ebuild: + stable amd64 for bug #109678 + + 21 Oct 2005; Aaron Walker openssh-4.2_p1.ebuild: + Stable on mips for bug #109678. + + 20 Oct 2005; Michael Hanselmann openssh-4.2_p1.ebuild: + Stable on hppa, ppc. + + 20 Oct 2005; openssh-4.2_p1.ebuild: + Marking stable on x86 + + 20 Oct 2005; Brent Baude openssh-4.2_p1.ebuild: + Marking openssh-4.2_p1 ppc64 for bug 109678 + + 19 Oct 2005; Mike Frysinger + openssh-3.8.1_p1-r1.ebuild, openssh-3.9_p1-r3.ebuild, + openssh-4.0_p1-r2.ebuild, openssh-4.1_p1-r1.ebuild, openssh-4.2_p1.ebuild: + Move default xauth location to /usr/bin/xauth. + +*openssh-4.2_p1 (06 Sep 2005) + + 06 Sep 2005; Mike Frysinger + +files/openssh-4.2_p1-kerberos-detection.patch, + +files/openssh-4.2_p1-sftplogging-1.4-gentoo.patch.bz2, + +openssh-4.2_p1.ebuild: + Version bump #104948 by Saurabh Singhvi. + + 05 Sep 2005; Mike Frysinger + +files/openssh-3.9_p1-fix_suid.patch, + -files/openssh-3.9_p1-fix_suid.patch.bz2, + +files/openssh-3.9_p1-fix_suid-x509.patch, openssh-3.8.1_p1-r1.ebuild, + openssh-3.9_p1-r3.ebuild, openssh-4.0_p1-r2.ebuild, + openssh-4.1_p1-r1.ebuild: + Update the x509 patches. + + 05 Sep 2005; Mike Frysinger openssh-4.1_p1-r1.ebuild: + Re-enable smartcard support. + + 20 Aug 2005; Mike Frysinger files/sshd.rc6: + Before starting sshd, sanity check the config file #101893 by Eric Brown. + +*openssh-4.1_p1-r1 (15 Jul 2005) +*openssh-4.0_p1-r2 (15 Jul 2005) +*openssh-3.9_p1-r3 (15 Jul 2005) + + 15 Jul 2005; Andrea Barisani metadata.xml, + +openssh-3.9_p1-r3.ebuild, +openssh-4.0_p1-r2.ebuild, + +openssh-4.1_p1-r1.ebuild: + Updating openssh-lpk ldap patches to version 0.3.6. + + 26 Jun 2005; Mike Frysinger openssh-3.9_p1-r2.ebuild, + openssh-4.0_p1-r1.ebuild, openssh-4.1_p1.ebuild: + Add support for the High Performance patch #96717 by Frank Benkstein. + + 29 May 2005; Mike Frysinger openssh-4.0_p1-r1.ebuild, + openssh-4.1_p1.ebuild: + Add USE=libedit support #94410 by Joe Wells. + +*openssh-4.1_p1 (29 May 2005) + + 29 May 2005; Mike Frysinger +openssh-4.1_p1.ebuild: + Version bump #94261 by Tobias Sager. + + 28 May 2005; Mike Frysinger + +files/openssh-4.0_p1-smartcard-ldap-happy.patch, + openssh-3.8.1_p1-r1.ebuild, openssh-3.9_p1-r2.ebuild, + openssh-4.0_p1-r1.ebuild: + Add support for LDAP and make it mutually exclusive from x509 since they + conflict #58579. + + 22 May 2005; Mike Frysinger openssh-4.0_p1-r1.ebuild: + Add support for RSA SecurID tokens #92233 by Antti Mäkelä. + + 20 May 2005; Diego Pettenò + openssh-3.9_p1-r2.ebuild, openssh-4.0_p1.ebuild, openssh-4.0_p1-r1.ebuild: + Inherit pam eclass for newpamd. + +*openssh-4.0_p1-r1 (29 Apr 2005) + + 29 Apr 2005; Diego Pettenò + +files/sshd.pam_include, +openssh-4.0_p1-r1.ebuild: + Added a new revision depending on virtual/pam (>=pam-0.78) and uses the + include syntax instead of pam_stack.so. + +*openssh-3.9_p1-r2 (17 Mar 2005) + + 17 Mar 2005; Mike Frysinger + files/openssh-3.9_p1-sftplogging-1.2-gentoo.patch.bz2, + +openssh-3.9_p1-r2.ebuild: + Fix bad sftplogging code #82372 by Andrej Kacian. + +*openssh-4.0_p1 (15 Mar 2005) + + 15 Mar 2005; Mike Frysinger + +files/openssh-4.0_p1-sftplogging-1.2-gentoo.patch.bz2, + +openssh-4.0_p1.ebuild: + Version bump #84717 by Michail A.Baikov. + + 13 Mar 2005; Mike Frysinger + +files/openssh-3.9_p1-kerberos-detection.patch, openssh-3.9_p1-r1.ebuild: + Add patch to fix kerberos detection #80811 by Aron Griffis. + + 13 Mar 2005; Mike Frysinger + +files/openssh-3.9_p1-configure-openct.patch, openssh-3.9_p1-r1.ebuild: + Fix USE=-opensc logic with patch by Stian Skjelstad #78730. + + 19 Feb 2005; Mike Frysinger + files/openssh-3.9_p1-largekey.patch.bz2: + Make sure that the largekey properly passes the size of the buffer along + #82463 by David Cuthbert. + + 22 Jan 2005; Daniel Ahlberg + +files/openssh-3.9_p1-pamfix.patch.bz2, openssh-3.9_p1-r1.ebuild: + Added pamfix patch from upstream, closing #65343. + + 07 Jan 2005; Daniel Ahlberg + +files/openssh-3.9_p1-terminal_restore.patch.bz2, + openssh-3.9_p1-r1.ebuild: + Fix terminal restoration after breaking out from sftp and scp, closing #63544. + + 30 Dec 2004; Bryan Østergaard + openssh-3.9_p1-r1.ebuild: + Stable on alpha, bug 59361. + + 29 Dec 2004; Hardave Riar openssh-3.9_p1-r1.ebuild: + Stable on mips, bug #59361. + + 29 Dec 2004; Ciaran McCreesh : + Change encoding to UTF-8 for GLEP 31 compliance + + 29 Dec 2004; Gustavo Zacarias + openssh-3.9_p1-r1.ebuild: + Stable on sparc wrt #59361 + + 29 Dec 2004; Markus Rothe openssh-3.9_p1-r1.ebuild: + Stable for security; bug #59361 + + 29 Dec 2004; openssh-3.9_p1-r1.ebuild: + stable on ppc glsa: 59361 + +*openssh-3.9_p1-r1 (28 Dec 2004) + + 28 Dec 2004; Mike Frysinger + files/openssh-3.9_p1-chroot.patch, +openssh-3.9_p1-r1.ebuild, + +files/openssh-3.9_p1-infoleak.patch: + Add infoleak fix #59361 and allow the chroot patch to support PAM auth #72987. + + 16 Nov 2004; Mike Frysinger openssh-3.9_p1.ebuild: + If USE=pam, then disable PasswordAuthentication since PAM overrides it #71233. + + 14 Sep 2004; Daniel Ahlberg openssh-3.9_p1.ebuild, + files/openssh-3.9_p1-fix_suid.patch.bz2: + Fixed suid binary. + + 14 Sep 2004; Daniel Ahlberg openssh-3.7.1_p2-r1.ebuild, + openssh-3.7.1_p2-r2.ebuild, openssh-3.8.1_p1-r1.ebuild, + openssh-3.8.1_p1-r2.ebuild, openssh-3.8.1_p1.ebuild, openssh-3.8_p1.ebuild, + openssh-3.9_p1.ebuild, files/openssh-3.5_p1-gentoo-sshd-gcc3.patch, + files/openssh-3.5_p1-gentoo-sshd-gcc3.patch.bz2, + files/openssh-3.7.1_p1-selinux.diff, + files/openssh-3.7.1_p1-selinux.diff.bz2, + files/openssh-3.7.1_p2-chroot.patch, + files/openssh-3.7.1_p2-chroot.patch.bz2, + files/openssh-3.7.1_p2-kerberos.patch, + files/openssh-3.7.1_p2-kerberos.patch.bz2, + files/openssh-3.7.1_p2-skey.patch, files/openssh-3.7.1_p2-skey.patch.bz2, + files/openssh-3.8.1_p1-chroot.patch, + files/openssh-3.8.1_p1-chroot.patch.bz2, + files/openssh-3.8.1_p1-kerberos.patch, + files/openssh-3.8.1_p1-kerberos.patch.bz2, + files/openssh-3.8.1_p1-largekey.patch, + files/openssh-3.8.1_p1-largekey.patch.bz2, + files/openssh-3.8.1_p1-opensc.patch, + files/openssh-3.8.1_p1-opensc.patch.bz2, + files/openssh-3.8.1_p1-resolv_functions.patch, + files/openssh-3.8.1_p1-resolv_functions.patch.bz2, + files/openssh-3.8.1_p1-skey.patch, + files/openssh-3.8_p1-resolv_functions.patch.bz2, + files/openssh-3.8_p1-skey.patch, files/openssh-3.8_p1-skey.patch.bz2, + files/openssh-3.9_p1-chroot.patch, files/openssh-3.9_p1-chroot.patch.bz2, + files/openssh-3.9_p1-largekey.patch, + files/openssh-3.9_p1-largekey.patch.bz2, files/openssh-3.9_p1-opensc.patch, + files/openssh-3.9_p1-opensc.patch.bz2, files/openssh-3.9_p1-selinux.diff, + files/openssh-3.9_p1-selinux.diff.bz2, + files/openssh-3.9_p1-sftplogging-1.2-gentoo.patch, + files/openssh-3.9_p1-sftplogging-1.2-gentoo.patch.bz2, + files/openssh-3.9_p1-skey.patch, files/openssh-3.9_p1-skey.patch.bz2, + files/openssh-skeychallenge-args.diff, + files/openssh-skeychallenge-args.diff.bz2: + Compressed patches. + + 20 Aug 2004; Gustavo Zacarias + openssh-3.8.1_p1-r1.ebuild: + Stable on sparc + + 20 Aug 2004; Daniel Ahlberg openssh-3.9_p1.ebuild, + files/openssh-3.9_p1-sftplogging-1.2-gentoo.patch: + Enable X509 now that a updated patch is available, closing #60905. + Fix skey support by running autoconf, closing #60849. + Disable pam if static is in USE, closing #60864. + + 19 Aug 2004; Chris PeBenito + +files/openssh-3.9_p1-selinux.diff, openssh-3.9_p1.ebuild: + Update SELinux patch + + 18 Aug 2004; Daniel Ahlberg openssh-3.8.1_p1-r2.ebuild: + Fixed sftplogging patch, closing #60417 again. + +*openssh-3.9_p1 (18 Aug 2004) + + 18 Aug 2004; Daniel Ahlberg openssh-3.8.1_p1-r2.ebuild, + openssh-3.9_p1.ebuild: + Version bump, closing #60758. + + 16 Aug 2004; Daniel Ahlberg + files/openssh-3.8.1_p1-largekey.patch: + Fixed largekey patch. Closing #60417. + +*openssh-3.8.1_p1-r2 (15 Aug 2004) + + 15 Aug 2004; Daniel Ahlberg openssh-3.8.1_p1-r2.ebuild: + + Added sftp-logging patch, closing #52168. + + Added patch for large keys, closing #55013. + + 08 Jul 2004; Bryan Østergaard + openssh-3.8.1_p1-r1.ebuild: + Stable on alpha. + + 07 Jul 2004; Travis Tilley openssh-3.8.1_p1-r1.ebuild: + stable on amd64 + + 03 Jul 2004; Joshua Kinard openssh-3.8.1_p1-r1.ebuild: + Marked stable on mips. + + 01 Jul 2004; Jon Hood openssh-3.7.1_p2-r1.ebuild, + openssh-3.7.1_p2-r2.ebuild, openssh-3.8.1_p1-r1.ebuild, + openssh-3.8.1_p1.ebuild, openssh-3.8_p1.ebuild: + change virtual/glibc to virtual/libc + + 28 Jun 2004; Brandon Hale openssh-3.8.1_p1-r1.ebuild: + Stable on x86. + + 15 Jun 2004; openssh-3.8.1_p1-r1.ebuild: + pam & uclibc updates + + 07 Jun 2004; Bryan Østergaard openssh-3.8.1_p1.ebuild: + Stable on alpha. + + 05 Jun 2004; Hanselmann Michael + openssh-3.8.1_p1.ebuild: + Replaced ~ppc with ppc in KEYWORDS. + +*openssh-3.8.1_p1-r1 (30 May 2004) + + 30 May 2004; Mike Frysinger + +files/openssh-3.8.1_p1-opensc.patch, +openssh-3.8.1_p1-r1.ebuild: + Add optional support for smartcard stuff #43593 by Andreas Jellinghaus. + + 01 May 2004; Ciaran McCreesh openssh-3.8_p1.ebuild: + Stable on sparc, mips + + 28 Apr 2004; Daniel Ahlberg openssh-3.8.1_p1.ebuild: + Readded X509 patch now that it has been updated upstream. + + 27 Apr 2004; Michael McCabe openssh-3.8.1_p1.ebuild: + Stable on s390 + + 22 Apr 2004; Guy Martin openssh-3.8_p1.ebuild: + Marked stable on hppa. + + 22 Apr 2004; Daniel Ahlberg openssh-3.7.1_p2-r2.ebuild, + openssh-3.8.1_p1.ebuild, openssh-3.8_p1.ebuild: + Fixed IUSE flags. + + 21 Apr 2004; Daniel Ahlberg openssh-3.8_p1.ebuild: + Stable on x86 and amd64. + +*openssh-3.8.1_p1 (21 Apr 2004) + + 21 Apr 2004; Daniel Ahlberg openssh-3.8.1_p1.ebuild: + Version bump. Found by Daniel Webert in #48465. + + 13 Apr 2004; Daniel Ahlberg openssh-3.7.1_p2-r2.ebuild, + openssh-3.8_p1.ebuild: + Updated SRC_URI. + + 23 Mar 2004; Daniel Ahlberg openssh-3.7.1_p2-r1.ebuild, + openssh-3.7.1_p2-r2.ebuild, openssh-3.8_p1.ebuild: + Change download URI for X509 patches temporarily. + + 18 Mar 2004; Daniel Ahlberg files/sshd.rc6, openssh-3.8_p1.ebuild: + Add mkdir -p /var/empty to initscript. Closing #42936. + + 09 Mar 2004; openssh-3.7.1_p2-r2.ebuild: + stable on alpha and ia64 + + 09 Mar 2004; Daniel Ahlberg openssh-3.8_p1.ebuild: + + Add X509 patch back in, bumped to g4. + + Fix static compile by Sascha Silbe in #44077. + + 07 Mar 2004; Joshua Kinard openssh-3.7.1_p2-r2.ebuild: + Marked stable on mips. + + 02 Mar 2004; Brian Jackson openssh-3.8_p1.ebuild: + adding initial s390 support + + 27 Feb 2004; Sven Blumenstein openssh-3.7.1_p2-r2.ebuild: + Stable on sparc. Remember to mkdir /var/empty if it doesnt exist before you + restart sshd... + + 25 Feb 2004; Guy Martin openssh-3.7.1_p2-r2.ebuild: + Marked stable on hppa. + + 25 Feb 2004; Daniel Ahlberg openssh-3.7.1_p2-r2.ebuild: + Backport skey configure.ac patch. + + 24 Feb 2004; Daniel Ahlberg openssh-3.7.1_p2-r2.ebuild: + Unmask for x86 and amd64. + +*openssh-3.8_p1 (24 Feb 2004) + + 24 Feb 2004; Daniel Ahlberg openssh-3.8_p1.ebuild: + Version bump. + + 21 Feb 2004; Daniel Ahlberg openssh-3.7.1_p2-r2.ebuild: + Fix openssh to work with multipe kerbers5 libs. Closing #30310. + + 20 Feb 2004; Daniel Ahlberg openssh-3.7.1_p2-r2.ebuild: + Filter flag if using ldap. Closing #41727. + + 12 Feb 2004; Mike Frysinger : + Set Protocol to only allow ssh2 by default #41215 and enable pam if in USE. + + 10 Jan 2004; Brad House openssh-3.7.1_p2-r2.ebuild: + install doesn't seem to be creating /var/empty + + 08 Jan 2004; openssh-3.5_p1-r1.ebuild, + openssh-3.6.1_p2.ebuild, openssh-3.7.1_p2-r1.ebuild, + openssh-3.7.1_p2-r2.ebuild: + ppc64/mips nightmare.. had to remove tcpd and skey support for various arches + due to other things not being marked stable on those arches + +*openssh-3.7.1_p2-r2 (08 Jan 2004) + + 08 Jan 2004; openssh-3.7.1_p2-r2.ebuild: + added feature request for chrooting via sshd bug #26615 + + 04 Jan 2004; Daniel Ahlberg openssh-3.7.1_p2-r1.ebuild: + Changeing sshd user shell. Closing #35063. + + 03 Jan 2003; Daniel Ahlberg openssh-3.7.1_p2-r1.ebuild: + Change adding sshd user and group to user enewuser and enewgroup. Should + fix #35369. + +*openssh-3.7.1_p2-r1 (05 Nov 2003) + + 17 Nov 2003; Joshua Kinard openssh-3.7.1_p2-r1.ebuild: + Added a gnuconfig_update call for mips systems + + 05 Nov 2003; Tavis Ormandy openssh-3.7.1_p2-r1.ebuild, + files/openssh-skeychallenge-args.diff: + patch needed for compatability with new skey. + + 28 Oct 2003; Chris PeBenito openssh-3.5_p1-r1.ebuild, + openssh-3.6.1_p2.ebuild, openssh-3.7.1_p2.ebuild, + files/openssh-3.7.1_p1-selinux.diff: + Switch SELinux patch from old API to new API. + + 30 Sep 2003; Daniel Ahlberg openssh-3.7.1_p2.ebuild : + Add X509 patch back in, closes #29664. + + 23 Sep 2003; openssh-3.7.1_p2.ebuild: + according to the ChangeLog for openssh =zlib-1.1.4 is a must now. Note: + openssh needs a X509 patch made upstream for p2 + +*openssh-3.7.1_p2 (23 Sep 2003) + + 23 Sep 2003; openssh-3.7.1_p2.ebuild: + security update. http://www.openssh.com/txt/sshpam.adv + + 19 Sep 2003; Chris PeBenito + openssh-3.7.1_p1-r1.ebuild, openssh-3.7.1_p1.ebuild: + Fix SELinux patch for 3.7.1_p1 + + 19 Sep 2003; Daniel Ahlberg openssh-3.7.1_p1-r1.ebuild : + Disabled selinux patch until a new can be made. + Fixed some of the patches to allow the X509 patch to apply. Closing #29105. + +*openssh-3.7.1_p1-r1 (18 Sep 2003) + + 18 Sep 2003; Daniel Ahlberg openssh-3.7.1_p1-r1.ebuild : + Removed krb4 and afs support since they are removed according to the Announcment. + Ebuild cleanups. + Added a bunch of patches from CVS. Among them a fix for CAN-2003-0682. + + 18 Sep 2003; Daniel Ahlberg openssh-3.7.1_p1.ebuild : + Readd X509 patch. Closing #28992. + +*openssh-3.7.1_p1 (16 Sep 2003) + + 16 Sep 2003; Rajiv Aaron Manglani openssh-3.7.1_p1.ebuild: + added warning about restarting sshd. + + 16 Sep 2003; Mike Frysinger : + Another version bump ! :D #28927. This fixes 'more malloc bugs'. + +*openssh-3.7_p1 (16 Sep 2003) + + 16 Sep 2003; Rajiv Aaron Manglani openssh-3.7_p1.ebuild: + added warning about restarting sshd. + + 16 Sep 2003; Mike Frysinger : + Version bump to fix #28873 ... selinux needs to be caught up though :(. + Marked stable due to nature of release (security). + +*openssh-3.6.1_p2-r3 (05 Sep 2003) + + 05 Sep 2003; Tavis Ormandy openssh-3.6.1_p2-r3.ebuild: + adding optional s/key authentication support, using new local USE flag + `skey`, currently ~arch only. #11478 + +*openssh-3.6.1_p2-r1 (06 Aug 2003) + + 06 Aug 2003; Donny Davies openssh-3.6.1_p2-r1.ebuild: + Added new local USE=X509 variable which includes Roumen Petrov's patch + providing support for authentication with X.509 certificates. + + 31 May 2003; Brandon Low files/sshd.rc6: + Add 'use dns logger' to the rcscript + +*openssh-3.6.1_p2 (30 Apr 2003) + + 30 Apr 2003; Daniel Ahlberg openssh-3.6.1_p2.ebuild : + Security update. + +*openssh-3.6.1_p1 (02 Apr 2003) + + 02 Apr 2003; Brandon Low openssh-3.6.1_p1.ebuild: + Bump + +*openssh-3.6_p1 (02 Apr 2003) + + 02 Apr 2003; Brandon Low openssh-3.6_p1.ebuild: + Bump, required some modifications to the selinux patch, test thoroughly + + 09 Feb 2003; Guy Martin : + Added hppa to keywords. + +*openssh-3.5_p1-r1 (20 Jan 2003) + + 30 Mar 2003; Joshua Brindle openssh-3.5_p1-r1.ebuild: + fixed compile options for selinux support + + 20 Mar 2003; Joshua Brindle openssh-3.5_p1-r1.ebuild: + added selinux support + + 15 Mar 2003; Jan Seidel : + Added mips to KEYWORDS + + 13 Mar 2003; Zach Welch openssh-3.5_p1-r1.ebuild: + add arm keyword + + 09 Mar 2003; Aron Griffis openssh-3.5_p1-r1.ebuild: + Mark stable on alpha + + 01 Mar 2003; Brandon Low openssh-3.5_p1-r1.ebuild: + make -> emake + + 21 Jan 2003; Nick Hadaway openssh-3.5_p1-r1.ebuild : + Changed USE="kerberos" to depend on app-crypt/krb5 as heimdal is not + compatible currently. Install app-crypt/kth-krb and set KTH_KRB="yes" + to enable Kerberos IV support. + + 20 Jan 2003; Nick Hadaway openssh-3.5_p1-r1.ebuild, + files/digest-openssh-3.5_p1-r1 : + Added kerberos use flag support. + + 09 Dec 2002; Donny Davies openssh-3.5_p1.ebuild, + openssh-3.4_p1-r2.ebuild, openssh-3.4_p1-r3.ebuild : Add a shells reminder. + + 06 Dec 2002; Rodney Rees : changed sparc ~sparc keywords + + 01 Dec 2002; Jack Morgan openssh-3.5_p1.ebuild : + Removed ~ from sparc/sparc64 keywords. + + 29 Nov 2002; Daniel Ahlberg openssh-3.5_p1.ebuild : + Rewrote patch applying code. + + 22 Nov 2002; Will Woods openssh-3.5_p1.ebuild: + Added patch to fix compile problem on alpha. + + 23 Oct 2002; Maik Schreiber openssh-3.5_p1.ebuild: Changed + "~x86" to "x86" in KEYWORDS. + +*openssh-3.5_p1 (18 Oct 2002) + + 19 Jan 2003; Jan Seidel : + Added mips to keywords + + 18 Oct 2002; Daniel Ahlberg openssh-3.5_p1.ebuild: + Version bump, found by fluxbox in bug #9262. + +*openssh-3.4_p1-r3 (04 July 2002) + + 25 Jul 2002; Nicholas Jones openssh-3.4_p1-r3.ebuild: + + Bopped Brandon on the head. Added -passwords to the end of --with-md5 + No version bump as this doesn't affect most people, and those who need it + can just rsync and emerge. + + 09 Jul 2002; Brandon Low openssh-3.4_p1-r3.ebuild: + + New revision enables md5 passwords, please test and let me know how it + goes so I can unmask. Thanks. + +*openssh-3.4_p1-r2 (04 July 2002) + + 09 Jul 2002; phoen][x openssh-3.4_p1-r2.ebuild: + Added KEYWORDS. + + 04 July 2002; Brandon Low openssh-3.4_p1-r2.ebuild: + Fixes problem of /var/empty being removed if immediately do emerge openssh + emerge openssh. Not an urgent upgrade, but recommended. + +*openssh-3.4_p1-r1 (02 July 2002) + + 02 July 2002; Brandon Low openssh-3.4_p1-r1.ebuild: + This closes bugs 4169, 4170, and 4193. This new ebuild changes the sshd + user from whatever it may be to UID 22, this shouldn't mean anything to most + people because no scripts, nor programs use the sshd UID directly (for that + matter it is only referenced during authentication of new logins via ssh). + However if for some reason your system does have things that were owned by + user sshd, you will need to change their UID. + +*openssh-3.4_p1 (26 June 2002) + + 26 June 2002; Brandon Low : + New version closes soon to be released security hole, PLEASE upgrade + immediately according to the changelogs, this new version closes several + possible holes found during a massive audit of the code. + +*openssh-3.3_p1 (22 June 2002) + + 22 June 2002; Donny Davies : + Chase latest release. Starting with this version sshd uses a new privelaged + process separation scheme. See the docs for more info. + +*openssh-3.2.3_p1-1 (5 June 2002) + + 5 June 2002; Gabriele Giorgetti : + New revision. Changes submitted by Alson van der Meulen gentoo@alm.xs4all.nl + within bug #3391 were added. Bug closed/fixed. + +*openssh-3.2.3_p1 (30 May 2002) + + 30 May 2002; Arcady Genkin : + Update to 3.2.3. + +*openssh-3.2.2_p1 (18 May 2002) + + 18 May 2002; Donny Davies : + Chase latest release + update openssl dependency. + +*openssh-3.1_p1-r2 (03 Apr 2002) + + 03 Apr 2002; Daniel Robbins files/sshd.pam: new pam + sshd file to use pam_stack, pam_nologin and pam_shells, as well as use + pam_unix instead of pam_pwdb. Added updated shadow dependency if pam is + enabled (to depend upon our new shadow with the pam_pwdb to pam_unix + conversion). + +*openssh-3.1_p1 (7 Mar 2002) + + 15 Mar 2002; Bruce A. Locke files/sshd.rc6, files/sshd.rc5: + ssh1 keygen requires a new option in the initscripts + + 13 Mar 2002; M.Schlemmer openssh-3.1_p1-r1.ebuild: + Update rc-script not to fail on restart if there is open sessions. + + 7 Mar 2002; F.Meyndert openssh-3.1_p1.ebuild: + Updated openssh to version 3.1 that fixes a nasty off by one bug in all + previous version. That caused a local root hole. + +*openssh-3.0.2_p1-r1 (01 Feb 2002) + + 01 Feb 2002; G.Bevin ChangeLog: + Added initial ChangeLog which should be updated whenever the package is + updated in any way. This changelog is targetted to users. This means that the + comments should well explained and written in clean English. The details about + writing correct changelogs are explained in the skel.ChangeLog file which you + can find in the root directory of the portage repository. diff --git a/net-misc/openssh-x/Manifest b/net-misc/openssh-x/Manifest new file mode 100644 index 00000000..2967b1d5 --- /dev/null +++ b/net-misc/openssh-x/Manifest @@ -0,0 +1,96 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA256 + +AUX openssh-4.7_p1-GSSAPI-dns.patch 4494 SHA256 88a08f349258d4be5b2faa838a89fe1aa0196502990b745ac0e3a70dda30a0d7 SHA512 4d00a9ed79f66b92502c3e5ee580523f63d7b3643fe1bd330ff97994acce527d4d285d38199cef66eddc0ef68afabf7b268abc60cba871bac5d2e99045d4ac11 WHIRLPOOL 2f118fd2f016c529dbc31e8f2b6b418931e6770ab02c28b7feeaba93e84e7fcd1c742f4420a43a9fec0bdfaa4d4bc7cf14fb860c0a56c68a30e7b136fb60bcdb +AUX openssh-5.2_p1-autoconf.patch 386 SHA256 42bb5f23f02241186abd6158ac15cd1fba0fadb4bd79e6b051fbd05605419ebb SHA512 80a2244e243492d3933646a32fa673078efd72d0e87939b326c2210f23d72675839cfefa2f31617279d51834cc34daf2c3c189c9d92b08875b6b4f68fa7f3844 WHIRLPOOL d4ca3dd8554863d074054489a2dbe5aca3d07fcc5858e908caa5d76dcf8beb661cc3ca6d22a02ab2ca9f504160a6a1acc7f45a4fa775d879b02ee1ae3d113926 +AUX openssh-5.2_p1-gsskex-fix.patch 408 SHA256 8190db31ed2e8dc6ce79030e5c648d04610b06dd8366df5948ef6e990314ee96 SHA512 2022cd25b3e07430752569e07165db313e49a0902ef251df3e50ca96197849be6efbdee360a3a435cae0b5d2dda55acc8676b232d3584f87e204c2fc04b92801 WHIRLPOOL 65da9f3450493ca9a25741e66b2ecf97d7a5576c15485ff3a7c08fc57b06a17b3b6e73b14d2962bf958d9326a6d54c2940f56eb42de4bd5011324bba84c67cca +AUX openssh-5.2_p1-x509-hpn-glue.patch 2851 SHA256 a21336a892b61e29a556d16e9f0a67ee08ad04dd61e3963a201fdf032ce55f75 SHA512 417617acba409539cd2edd59e7640fe732f90265f70d7f4cd91c8b059d44c9c1be63cf336ee3a39a45f1a066bc577e261836b8113296535b9320d77fed3a05bf WHIRLPOOL 901fd8e0ceafd27bd5fdca9007b82842dce2b5aee11c069d0f0229c4568886f0df861c80eb5b3a754a0af795ebb9c78a78a3e76002f17bdbf8349923439deecf +AUX openssh-5.2p1-ldap-stdargs.diff 252 SHA256 97281375efa33e9ce70a55bfa95b6b426208175e7e3ff493012bc25d9b012f45 SHA512 2577b1476211f563bf8a7e62c2341e35cff7208a04b7a3fb1d331721e58f395cdef1ce2ac735b95c31781e06e16ec27c6692df09928393248c971837a1e03079 WHIRLPOOL df65dd54dd12be39fb4b830536f86aef97c086b227de1d87d56788bf8bce39a345da0ed814dd53abdaa5d158c99f0b87cb8510812d10c353a3b8a82493b210af +AUX openssh-5.4_p1-openssl.patch 255 SHA256 f83627039491e9969f1ed5d77fe816465ce75809e8c2f2bfb07012bc21384347 SHA512 8cfd757dbe79ee502c10c5d518730f4e790bd61753120bb168d545dfc702a7a55c274fd9c81d2798ec78cba30f173aaf0bee1f15bb23f9f465c3524a5c81ca2d WHIRLPOOL 852f3e9dc6cd05934b52effa03961a0d989734a28649eb199e1f260d4e8129dffed378d8efdbd40a5f520362fe8fa404a744724135caa39f48e876849cf2350b +AUX openssh-5.6_p1-hpn-progressmeter.patch 334 SHA256 eaa98f954934364a1994111f5a422d0730b6e224822cef03efe6d6fc0c7f056f SHA512 46eb5253549ddca045e67841daa092a8a33a6ae4411e75c301589f0a88159c6d2ccfe45c2f0502314465b93ac6f1965264a9b92b13e0e88d4ff15ced5f4ebfeb WHIRLPOOL 72b05e4243e746fc315468ac1dc8988b92919dbd147470855b8753e0ae37ad3696de6c9ec29346596aee2d60acbbcce79cea5735b9a91b3452a4b4f3f69d3012 +AUX openssh-5.6_p1-x509-hpn-glue.patch 1974 SHA256 164db7af08e0565821d6d609b1beadab39777521bfff143a83acc1e097ad60f1 SHA512 a764d8411f0b7c49d6f51b25153c18648d58dfbc82897903bad826293f3497010ab0343e4a4cc81b37e51c3a28ec04cd5be7c8882126295ba2b38e734e262995 WHIRLPOOL 4a8151dde306eace1404b8e83dc2514cb8f073acb6c759b9a2a9e619181951873afad785f565861f6d1031d9314f8d450faef63629dfd5f1b0074cb78b059578 +AUX openssh-5.7_p1-x509-hpn-glue.patch 1888 SHA256 30f63dea0e810d92790ddaf9813f0b8dec1e827a39e1752faff6bb41382f3c1b SHA512 db839f3cf3c67ef28290551810dc5c8937d1ef401f48ed937165b57191e75944adb25ab36cbf30289f7fc0076ec192c030e40fb5a744c63932b414e49b99946a WHIRLPOOL 2e539c49ef613e2a9912011ac289036381f8fd8d8ff5f2e0088dd3443a1c7fd86c3efe2b2041736bf67b73c8b4b298208de183945dc68c73ad6f35c41fb8a619 +AUX openssh-5.8_p1-selinux.patch 433 SHA256 0de250c75f4dae78406e5151f563bd104b8e7792a825515510e095fb47462cfd SHA512 e6c89eb26b4bc651503ab81d346e780fdec3056302c5e2d8a6be5892fa514f83093370c463aae88091dc20d30013fd32250e040649147797bcca69ddc7d05ae3 WHIRLPOOL f72ccd773b9ff7a897940afddcb38ba9512e0830c33a2381886d2698e0ae0c6a7db9678326945bdf6769acc21d3e4bf8a196161114805d4570af2819e610df84 +AUX openssh-5.8_p1-x509-hpn-glue.patch 1907 SHA256 7ab452c02b141645b764d404aa3de0754ab240a64601a6bb587919673f957682 SHA512 317c04fab93aaf82685e54335c876b2399623ef69428297c2e5934d45f69f0e78a89c79ad7bb186ef12a779ebf0f088ca142d6a426baeb32b166ceca8098572d WHIRLPOOL 34fdef826750070d112dc6c1bf84de11ebfa646fb5cbfb9f76d13dab925cff94996ed51cfdcba4e0b536915883bb4728756b79db157c019ba951ee1a32c18fe3 +AUX openssh-5.9_p1-drop-openssl-check.patch 848 SHA256 89b011e27548b9922deed63ed57a6c94ea8013bb3bfb4d6590ba43d284a2ab86 SHA512 bbcbb61b6fea194e7ee3862a5b462d48ce4cf4fec12cc8a8564fc5fc8f840dca2b4ddf301bf9d12bcbfd3922948023320ea660a8c194d57bf2b1e9d095fc8eb2 WHIRLPOOL dc8e140d2bfe59546b944236ebcc702cd4a19ed5c6ee24d590bb0d50221069666b3797cf1717e6090d12525b3310cd963537e4c2c413bb2692ec85dcb2d33b43 +AUX openssh-5.9_p1-sshd-gssapi-multihomed.patch 6622 SHA256 f5ae8419023d9e5f64c4273e43d60664d0079b5888ed999496038f295852e0ae SHA512 ffa45e97e585c8624792e039e7571b2bb5f38e4554de8bfc1d532f3348fa4a712ea1b6ca054e6a59ed1321a15cf1a9d3bdf3f399cec315346db89bae77abf57d WHIRLPOOL cc4871e3fb91a8075a13b5e49d7d3e0e83106bae0820ae3cf19d3427aad3d701b8f25b2cc2cc881a6315f8e5114fb82da9ca335acccb24afe221d66574fb7685 +AUX openssh-5.9_p1-x509-glue.patch 569 SHA256 579ef6409878cea36828057a82a37232ba230af0acb58438f020c284f06a6510 SHA512 534697c03837c8a6084348245722b8730b2547d0e2adca274077fcac295e13e8f2d8ae4cd788fc1c58824fc7b591e731e02d43873fdbe5f20ca1a87fa3060886 WHIRLPOOL 9dd0de494ba2c4a2dc1577e48ae8a63d95c794981ce1aa8d8f0d7fe464e489763f9af042ebecb6428c70cce56ae0b5ca93904669403bd9cc0e61e34989b82462 +AUX openssh-6.0_p1-fix-freebsd-compilation.patch 546 SHA256 4cee4d0b68a847b7686309ddc92f86fc36254d6e864682225143a28fc91e6187 SHA512 f9b783f76212ded27181b0a5ab8b4efc999a9960a020de54f109dad01a3e49b126a9c59da2286e565717f9e68991d2275e0872d54406f2c56a37d4dd439d92e4 WHIRLPOOL d0307e8e2a464914c9f4b2c790d72ff94eddc776986f0a847e04abede59feb6339bd256fe3dc831b362cb8e7f4e3cdb763a5c3c834f1fd7c32e4325cfb91ce63 +AUX openssh-6.0_p1-hpn-progressmeter.patch 379 SHA256 fb38d9d16132fcc16fb2648bce21e2260fb5cadf0ae2e2a7849638aeb79d3dc7 SHA512 4885f49f38c8a3afdef2ba63f324601214810aef8bbac89c926edca9edc8998f49f5060f1070ee0278ef7cdcdd7329a9b9fa37d1466e32cd2dc81edcdee50f51 WHIRLPOOL f73843d69f9aacea93a965eafecd16a037dae996d879d4b755831413321e3ed1e3e3167eff716a4ae836698b4e51c740bbfcca48033cb1dd4353f8599296272e +AUX openssh-6.0_p1-test.patch 780 SHA256 c5893911cec3eecf84dc13bddbefbe1e1053db11e65a909b5f28eacbdd88a29c SHA512 733ee29c64f2469678ca0a4056332d43179cfe73d7efdd0c3c4b24da75baa74b7661e5039bd6fdbb0a375ae5ad5b60353c715946bb59d477ea0c5efaf70b1697 WHIRLPOOL a98055e2634eea3421dc2117a19e0548dae9b4705f7681e45bd4f33e3782f2ec22097de7f7ed4507d1ba5ed983d10499b786347688fadb6e803d20ea86bd7a02 +AUX openssh-6.0_p1-x509-glue.patch 569 SHA256 8c9048a33036a93f56e254cfd53b18313682d466deadfdcd8937a46793617900 SHA512 ad0c0cc7745a80dcc59e671f98608c0bdadf276449352615e738fe7f2e740e0f68713320c48b88b3b4565fd7e1f1a5653a0965e247bec68011c4eff72a9ffece WHIRLPOOL dde2aa90d6a19aeae8b6ad9586a10ac6b9c0e7b9e30f3e1d511bf7b938a299c75cc5771c8bc22ce6b6582ca7ea4804e545c463546580eacbcd38fa664841add1 +AUX openssh-6.0_p1-x509-hpn-glue.patch 1774 SHA256 b2dcff21652eea92d2ff2640a568070a944e7bfb2bd3217c433e6383a64b0970 SHA512 82793502b8c943f0bd69019ea1cf1172f9579dc6a8f6c91f6aba9a9d743384d5ac84f7a49df07165e252b4ef4fc06b745463bdc58d06da2aca3c7acbb3dd8623 WHIRLPOOL ffd01827dbf8162359cf7a278020f2bfa7ed1ee1051774522623bcf448ffc8a3e28ecff2de5733b352beef5722a9dec2e9bb25fabc7edca615a774f65f756246 +AUX openssh-6.1_p1-x509-glue.patch 573 SHA256 e51aa53e9e0336606fc36af237d50338347b845ee56a66d01f86829c4b46feb6 SHA512 bac2971b6435433d6ac88fb127c178e678fe805f51260454d9d0b631ef52dbafc08343fb307a74a116691545a82f5369dc014e71a7c8c65ba41699b31e1dfb6f WHIRLPOOL dd514ce502f7c7968e8fa526b1b2f7d7945f2d5b5f1f013e54f7513a7c7bf6025dbdeabe566958018db8f7442c9611f7efd435501b4b965b0fe7594e24ee20fc +AUX openssh-6.1_p1-x509-hpn-glue.patch 1491 SHA256 28c5000f7c8b23afc363d066cf96d39c00882274f227b7743b1e376df8b61a2e SHA512 0d6bab08cc400b81d936883bf39f5a461799874f6ea3dcf55c083372ed379bc0066b913646f7a0e32167079ba85409c272b258de179d55660739df4bbbf30e5b WHIRLPOOL dbfbf8eb0312ae119421e45efd8243b089ab2d3c2bc1f7b7cbd5b56f86844dfe42b27952e4ed88653679ec036f70b8edd3e00f17ae097241fbc88567bab38505 +AUX sshd.confd 396 SHA256 29c6d57ac3ec6018cadc6ba6cd9b90c9ed46e20049b970fdcc68ee2481a2ee41 SHA512 b9ae816af54a55e134a9307e376f05367b815f1b3fd545c2a2c312d18aedcf907f413e8bad8db980cdd9aad4011a72a79e1e94594f69500939a9cb46287f2f81 WHIRLPOOL 69f43e6192e009a4663d130f7e40ee8b13c6eb9cc7d960b5e0e22f5d477649c88806a9d219efef211f4346582c2bb51e40d230a8191e5953dbe08bfff976ae53 +AUX sshd.pam 294 SHA256 f01cc51c624b21a815fb6c0be35edc590e2e6f8a5ffbdcabc220a9630517972f SHA512 3268dc826978fbb205968744d83c6f1c838c9c73bf9c4ceee709c5b4168b4aaf06bcde47a32808571fa71cbc5a6bfdb98406995b2b28c9e633ce392a53932d64 WHIRLPOOL fff8966d66d75cd4d70607585b5de063f225a776b73b8b0f8146c5eed6c8ffd2ca38c46f86fa4e2ca8caafcde7797a3f0b177e60baa6fa0642064080883fa68a +AUX sshd.pam_include.2 156 SHA256 166136e27d653e0bf481a6ca79fecb7d9fa2fc3d597d041f97df595f65a8193c SHA512 d3f7e6ca8c9f2b5060ebccb259316bb59c9a7e158e8ef9466765a20db263a4043a590811f1a3ab072b718dbd70898bc69b77e0b19603d7f394b5ac1bd0a4a56c WHIRLPOOL ba7a0a8c3bb39c5fda69de34b822a19696398e0a8789211ac1faae787ee34f9639eb35efe29c67f874b5f9fe674742503e570f441c005974f4a0c93468b8970b +AUX sshd.rc6 2189 SHA256 627125378ccfdd81289531f527346980da249d35499cb71518f88f1452f4c098 SHA512 b2981a6dd9b83a21c718bb4dbfe88a0f1157bc764d1795291a381e380b40141719e5e5cf0cbd89845e81a7e9b0b4fdf938a55ff80ae4b5cac1969189aefa2b1d WHIRLPOOL 136497f366686ae25d78b11c17d4f9235d8980a8a147b380c00c281adaa91940f82a709b7da312736608e3b3ce3a2dbca465a2010f27e9562389de98be5885cf +AUX sshd.rc6.1 2270 SHA256 153119116208d328c496d29b7cb9f85991df93020cc50c83b05ed498b10a2126 SHA512 80f0e460ad7ffd9a6fb279ce2d307cbda1f7352745ffaca381867f636ae64df336a03de0da15aca39619acdbebf41e2ccbd2bb233433f93625754965aaaab780 WHIRLPOOL 6b7a4519282fe99fc36cd0f89f6163ad9c8c9d998b15e84d3758af607627db48cf58ffee1bc4291ac0e7f75455f8f8873cd5d996f3c75f1ea3bef0b249abdffe +AUX sshd.rc6.2 2069 SHA256 94b1fc0d608464fd4a6c7ed23f0b9c44aada3404982d8fd25b8bfe202baffaa6 SHA512 f75f95e6cf912b8c45f7ccf81e764805a56057368b18425abe699b29c3c66d32ea5b2d1c9f6fadf97487430e703e01dc2d965e41b8511f31a3e06d3bcbbc1006 WHIRLPOOL b9082ba3854e1842e057717b9a1571ba5ac6bf69c5facb391b7a3d890b13f879d7ae1484eafbbffc17746c3a8184f23e4c3fa831f678eabdea7d23e2c0d1bf63 +AUX sshd.rc6.3 2057 SHA256 43d95b495440ed6b3c1eb82b81712d7f6e58246527605c11d733cb5eb5523254 SHA512 3ddcdeae6c7f4755df1f8fe77d9d1af8c728f8cc18da0feaeccc4b8147f86b4db1ab1bf4ad362c31fac986270b21fe2c80e0414d64f70bfdac2370e22c2c9db2 WHIRLPOOL 57a18d85ab77abe64eddf852975481d974bd68b0b058d854a31158aed14b1706743ad563aa013c770aa124533fb5344bc64d0c06b564e1b53e28e1b0ebe463e8 +AUX sshd.service 206 SHA256 093d4f526e740cbec46ad6a69207407daf01e74da44599d75b979f294c9b0a7b SHA512 67d96a63a6bc874bacc2f43b51c003f2209a4d2283f8435ba3495266e4823d73962fd995f46eab0e8b260107b9a8c416709b2f19e8e94ecea30ddd8280444cfe WHIRLPOOL b48005444104583bd230e68f870a1d0c4a8709f5e8f7fafa45becf259df64052b1938853e8e232b32aae882dbad83d5c78d7796eafb6c02bd0196f7a6a44075f +AUX sshd.socket 136 SHA256 c055abcd10c5d372119cbc3708661ddffccdee7a1de1282559c54d03e2f109d9 SHA512 4d31d373b7bdae917dc0cf05418c71d4743e98e354aefcf055f88f55c9c644a5a0e0e605dbb8372c1b98d17c0ea1c8c0fee27d38ab8dbe23c7e420a6a78c6d42 WHIRLPOOL 102d87b708c31e5994e8005437c78b1aa756c6def4ee9ae2fa9be1438f328fc28c9152a4ff2528941be18f1311594490ecd98b66716ec74e970aa3725a98e2e5 +AUX sshd_at.service 176 SHA256 332f5ffc30456fe2494095c2aabd1e6e02075ce224e2d49708ac7ccf6d341998 SHA512 662a9c2668902633e6dbcb9435ac35bec3e224afdb2ab6a1df908618536ae9fc1958ba1d611e146c01fddb0c8f41eefdc26de78f45b7f165b1d6b2ee2f23be2a WHIRLPOOL aeb32351380dd674ef7a2e7b537f43116c189f7fddb8bdb8b2c109e9f62b0a73cc0f29f2d46270e658ab6409b8d3671ce9e0d0ba7c0d3674c2f85291a73e6df1 +DIST openssh-5.4p1-hpn13v7-x509variant.diff.gz 22941 SHA256 c2b1a81c6952ae73cc4dfd1528d560588c45cf1242ea8b0e6eadb0cc83b50377 SHA512 12410d69c8c2484aeabd8598604c26c7ba3a594f85feeebda2290b9091b058840613c791e4eabcf8605682ff78c7cc03cb8ac7294156c2f8ed64f34dc10e4271 WHIRLPOOL 5a2a1bb540ca390f6e75cfb8e24f043e1f18c9b48b03c2c9429f5e75606c39dd596e63dc31821e4b6a4559a7f782024113365c1647a611eb3395ecf723461a5f +DIST openssh-5.5p1+x509-6.2.3.diff.gz 156737 SHA256 a2fdf904c21036fe6ee89da7572a37f4763ef414348f9a953c7c7e0fb3562a7f SHA512 9b1e327f298b44064ca212e3dd051a6631126719dbe34af3fa7e42026bc00a747f6476a6bd8c90fa54e08e8d6958f163e8403945bc3c51225555e6ab549297f9 WHIRLPOOL c9a8b04fd01d0487b031d4864cd3da16feafa39d103f21cafe838c1f70dedca00c01f0184bbead230a1875fbbfe8e4bac2ec3d03d01ea58cbf413cd6ea5e6548 +DIST openssh-5.5p1-hpn13v9.diff.gz 22657 SHA256 0556ad75cbd29cba71263a5b7ddc44c03d17c09297a6c41a16d39d3549e5079c SHA512 14c98066a5d822d61b4beadecd6ed097e66aa725933748c324450752c50e834f1b48a4e44be6e74aab58a12c80596fae4299e455094751684e540b86620c451a WHIRLPOOL 38bc75f094f3f8f45b81a707d4ee06a3a0e2e0647ba1e87508765867c4bb50e5b9e88a1e41a48a89ee79d3e390874a2d6fab96f310dbad736c98604c4bc0805c +DIST openssh-5.5p1.tar.gz 1097574 SHA256 36eedd6efe6663186ed23573488670f9b02e34744694e94a9f869b6f25e47e8a SHA512 548c0c552c63498c4d424940161cb504b88c6872d2d8514c09100856656ce1f5d59adc378307a306bb86254032a24ad69bc9794695893c453fee625062ba615c WHIRLPOOL fef34167b71ff2c8cf67506cfe8d9caf63c830933ca77674fd6b244b96da6221d14838d6e67884020c627cdc01cc913965b1ba9ec0ce415e76131fc1edde62db +DIST openssh-5.6p1+x509-6.2.3.diff.gz 168109 SHA256 90977eded2ae5e71bc3b84aad8597442074742d78d471087d020e58dd58342ad SHA512 029b3e1ae8d7e01b17cbbb4d01c0798e5857dc2f144b4e7a5c70f65fe8de605d29a9ac29f4a26d0495f1abbfed24bafd7ac211bc550f558a0adf64a64415bca9 WHIRLPOOL 53a8b66857e45358a0d973dd1f9884ead1f41d3b2794e0bc6f78bdda33507ae2da3cf6f51d53470159e00992042b2ef3d67a8fb71ceef658c386732e3e88f709 +DIST openssh-5.6p1-hpn13v10.diff.gz 22988 SHA256 6a9ee815e8ffcc9068c3dce4ad4f2898fc0db6b768a3152280aceb8c06c8b450 SHA512 d752f6fc924c8b390a58bffea877f4e8a98eb93dac07ba749d3ccef1de4ee75f5116c186ab18d093ef0ae0d63e4f435cf41a1c1a9bd85cd1d0e8be90e060ebc2 WHIRLPOOL b7f4e8f35698510c7fdbd01d7d656e75bba715d3c2cc31eb7fc54d4158b4a346e17be3d1e2f6b7642c7e0a12d8996ccdf217a1856062c88d43a4e4f62f25f412 +DIST openssh-5.6p1.tar.gz 1117952 SHA256 538af53b2b8162c21a293bb004ae2bdb141abd250f61b4cea55244749f3c6c2b SHA512 81bcb84244524c8046f977f35d1dba40b29324033db7590e3439494812038d1e2c1f7082c64488f0f7838f80b7fbbe133b95675ee23aa66a5d036a28a7882c97 WHIRLPOOL d6c8126b08d4287d2b846a7669cb7b7cb361ce5cab9719df30f243ecc04de5657572165bf2165a8d65d79c0464e91385ffa45ef30cba3bf4047dc6ce3580a317 +DIST openssh-5.7p1+x509-6.2.4.diff.gz 170001 SHA256 86af445d27be112318e95c4a188593b171a34b100e2187ef12a116c95e36c51d SHA512 a60e9c13829fbf8e2c3cf805d6de6c12fe7d3e77b0e889f56f08d0edc2e89b911ddd763f6660c193465dfb220c8f48d29257a068b69a0659b7e177739a0bd8c6 WHIRLPOOL d4b9012905117d034d2dbdf16342fc17c0e5f8326b2fa49244aa341746c382925608527d75ad6dbaaafc9a0d0083a9742b422d897363ab9f7a91a4269d6b4c1c +DIST openssh-5.7p1-hpn13v10.diff.bz2 20132 SHA256 fc6518ea065841cec96a503207bd6f927c65234862ec13a44c3c13cb978bfa57 SHA512 20fde13375f123ca17d8faa5ed384cfd241695d606beba26f68ae966d6db6e551376d29e54b8221e918668e01995829c9217d3c835d005ebd5723000c2e54cb8 WHIRLPOOL 6a4fba0f711297b06c44449461797f3c0604de093b2a079aecaf59a2aa9cecdfdeb3c6bdec13138fdc4ffb5e7f64114e2669af89756d54a225730ad4415eb1f2 +DIST openssh-5.7p1.tar.gz 1113345 SHA256 59057d727d902d8b04b2ce0ba8f288c6e02cb65aca183cc8d559a4a66426581b SHA512 9a4b8a96b96d9593159d3ee8fc2a2a0ede60efb795c9c92b3110ec193b1fdcab2a63eef546efb1e4a3045c9095f6de9e40fee669d2e1b30d562acb840dd069f4 WHIRLPOOL 3384ddfc34b36299d379e24f6c1e238b88d2599f820e8b14baa9d24e5ddd2883caf0c1a43650844511de4c790e4d439d763d2b26b9c622b168016a5b02c801e8 +DIST openssh-5.8p1+x509-6.2.4.diff.gz 170014 SHA256 029fce2cabb1a387b9f5784631dec0ee866e4e44ce34c819e1055c7c4a184744 SHA512 b648fcf55933adc73ac5efa0292e68cc74a491d1c7988ede9e07c882b024ac366330aca67766f4812e4ed49c7f79ff9bdcf32ff950ac3467d181657bbb9c1443 WHIRLPOOL 62641d0d0a745993a5f70082a4d682a3e82b274b2deb9ae1295397dda95296bd5a2033f5830060803430f17ded7bca6f7ab4930633ddeb92523a4b10c3721e81 +DIST openssh-5.8p1-hpn13v10.diff.bz2 20120 SHA256 24b4c0372f96262d0b162dff056d21212befe6a8fd8dddde88206aecdd85e11e SHA512 f83e43a581dec02804f5b900c956b301daa426687017e27a466b7ef6e38cfa02b1a1babeef79d891f437cc2ca032c07bb0c06c16d28115c88bf82af86815fbc1 WHIRLPOOL c31e28c348e58bedb180c1660545e6fcd2ada50c237c7178049912239ff04b2526478a869c255da8a16d5b824a1a5a7d313e2a1fb670d794102b55d1356d8e8d +DIST openssh-5.8p1-hpn13v11.diff.gz 22993 SHA256 62b500d29d8889ce76c8b596eb65731d8ac3469d89d9c6eb29fec2a845159df7 SHA512 6e3ff1d0758881fb72ac05673161288fa81757d6126c8fcaefe43994bd176240bec64945dee39d23b6b2d0d0fcd78aea4de4cff395570d3acd9a6171825e00ba WHIRLPOOL 4ed3e2605c9ab4c7b83af615c65b984ba03904ff1140901bbe4a79fa19039b090b0e847093a50c8274aebd2f96b2309aa123c4ac6637b3ed1b65007dff9bf430 +DIST openssh-5.8p1.tar.gz 1113798 SHA256 e1c77a8f3562a5e779c59d64ab14a336c160a56db924eaf82b124ac0b6b1323b SHA512 efa2b27c9a59852e2ef17c54c85305432bc0ee444da4918ded0b7811d06ebd701f89c07598bce6c4bb6287bfe451dd67e2d86ff53769b9014c34fddd6e254f41 WHIRLPOOL 167d25f0519dd51ba912107e922f5e668bf5d2a82db7b2171732851de5fe077ce9290d23361ec0c085c651cb60c8aa4e23abfc10289a2fc87f622a5a3e3bf98d +DIST openssh-5.8p2.tar.gz 1115475 SHA256 5c35ec7c966ce05cc4497ac59c0b54a556e55ae7368165cc8c4129694654f314 SHA512 cad3b92e2e5494d1cff25753913f8fd27041cb1083e2cb8d14faaed7e4d818a98a6c3038d48aa38c6b09caeec90589f12742549ca84d3355c316eed6642b5180 WHIRLPOOL 2515b6d0ca9c126a4ec9f12e280d458ff83d42acf9eef77791863d4d9d219a84a66cdb6546afc6c8cbb3f5a761d6c43f93d7757d10e12e5f67a143c4f04793f8 +DIST openssh-5.9p1+x509-7.0.diff.gz 181263 SHA256 a28e2535ecbf95deeef682682e7551459cc494bbc1c4ccb89be93cfe826d76ca SHA512 5f6e2be10ce8cf26fffcb782824f59c1f1ca0fa271800e162685ce74d1aac6d9035cfdacc87d3f859d3538bc0b22438a701dfc3c8108a130e6e4b7fdd36e6b16 WHIRLPOOL 00f92e2e235da11a87b30dc49e1a469a781482ea53ddf99fb892ec3796b9a68f62234c0ed72f2a3330f7af90f3afcdc90e2574b6ab5955ec6e64c13b75ab5e89 +DIST openssh-5.9p1-hpn13v11.diff.gz 21971 SHA256 6a47a9e57f87385cac9a380b0b1649b73532afaf40c15f62e9236427c84e7aae SHA512 6f7ae144ff61b4ec7913dc94c7ed9550cfcd30336e3bbfafc6c875c99cf0c90cd7f8ce89d530f2861b9bda95433d591673136ba5a31310226207f787257da3be WHIRLPOOL fe4d9f515e5c51b159b0aa51b01840003de443c2f3e8eca90b657d54f490273d1ba98dbabe2cf3a104edaa0971cae5f5f8c739691310822493f8f2705c01465d +DIST openssh-5.9p1.tar.gz 1110014 SHA256 8d3e8b6b6ff04b525a6dfa6fdeb6a99043ccf6c3310cc32eba84c939b07777d5 SHA512 ccf13e3cb11489f9f7e4788f93ffae1f2c39d48819f0e9cd9197842abc922173d2c3c1ad1a87a2acf4497d67cb9edd48416098388fa33fc0b8e09456b1be7e2f WHIRLPOOL 2e8bd89fd14954a232602a912845ed29a08ca40637f8863fed675b19d18944125ecdbf292c45cf5c297584df6c3131ae4fd3c6bc62595dfebb3831120ea21cd1 +DIST openssh-6.0p1+x509-7.1.diff.gz 200986 SHA256 c11e3837704a24393353fe264d61ffea8c1f23c0cb5b8261866c25677930768b SHA512 f45e16a21955546829c70bbad67a6af2cdf60fc6019d34c8563c3c328ffc477d1b31c3443ce032e7ff29d027979ecade476679d33c40961ac4ba65f96dac4b7f WHIRLPOOL 120063e566d721c233ea02cdf2ea114b7f707248962c126dd9def5377188283bb9da58a32a2d49453f4c37ad7a975e03bcdf106a28a0cb7e655eacc7c3f965c1 +DIST openssh-6.0p1-hpn13v11.diff.bz2 19979 SHA256 a096f6ee6dfddb3996b5e7b806ece2a7709c8cce6560eb026c28d3fb56f71ee9 SHA512 2805ddac19a5c4962e6a57d9a6efd3f17ebac82ee2b6a7eed60521a4fd23468d4be7f67e59562120fb21e1efa7ab9213be5d8ab8e3ff6fb9c2ccd6d6989f460f WHIRLPOOL a588288d0b3a64a8414bf1061055dbf41b8370e59fd89ab6cdc2fc7b93046b467aefb9f9196a65f96bda395db38e3841e1ad781341919829de0d9d8d2a220df1 +DIST openssh-6.0p1-hpn13v12.diff.gz 20223 SHA256 b6158c10fac153dd2a9f5d9b29df1e4db17a91f84f100b99526655317d9bf4c0 SHA512 d5decf82bfdbdcdcea974b3a8d990929908077851a3a8c122bda37e439e19e69973a371ac46683840263ec3c85fb2393a70183786f94b2afaff6577209f202c2 WHIRLPOOL 9347431c34737294f98aa07d1c4468ab0357e766c1ff55ad2e39af10041d9fa0e0253d36c5dde354513c97cf7ccb19ac1db7214c25797d57d917d4ee5a1199da +DIST openssh-6.0p1.tar.gz 1126034 SHA256 589d48e952d6c017e667873486b5df63222f9133d417d0002bd6429d9bd882de SHA512 4fe1f7e0d5e572575b11253916354b333a7eca558720885d5dceb7c89dc5da81cd57feaa4be756dfa4f3e9ef508e5f460e5fda221765191b1c02ae37431a444e WHIRLPOOL 7853155dfd35962ae31958600b6d4f94a3a916dac942f5f533cde3d85c8ea64066b887d66d7722bd647196f57df7ed27f62d5ec4588868754b6cdf999a404001 +DIST openssh-6.1p1+x509-7.2.1.diff.gz 208071 SHA256 02d3703d419fc72be819a4e7fc8cbbb269182862465b6a99cc7b2af32d75a181 SHA512 6c1786c2c32d884e7b8f15e39912ca1d8fb54b1132ffae6d8d4f262356a16267a8e549a822911d0f40eabe49015080ae35fdec521f90e0ef4d05554339f35fa0 WHIRLPOOL 7f260caebdc58fe415b3cb93b08600942a6b171b45df8ff1279d4280930a7103cbefac63ec7f32fdbf9bdcf64278c39bfd55c2dcb41ea5c4934574930494df67 +DIST openssh-6.1p1-hpn13v11.diff.bz2 19999 SHA256 08bfc1f3c582f23b3ce386e78baf37be4af03645fc6eef87f1ef819cc273ecc7 SHA512 4e21384ef4d0b7539c9b7aecb158748b959db7ec84fa023f7969c2db50794e1f68bab375cdea9c2ae8fe16b759650e250aa21d6b8772a1c671d2e1e59adef08a WHIRLPOOL 3918c2c118908e67de4523c8d1f142ca4b2d2d7c045c2337b2f7914096108cf1a138009a838519d292e53fec454ced3a9590bbddf93096bd377196bd7d73ed55 +DIST openssh-6.1p1.tar.gz 1134820 SHA256 d1c157f6c0852e90c191cc7c9018a583b51e3db4035489cb262639d337a1c411 SHA512 1cd58f18b047fa92a3155fa215d69c04e1f03914488a21bcda5434899df6055567e59f77063f0080b0cb437bb2396d3bf4050ed0c5ea2d1dc20d6fd928d5a76c WHIRLPOOL a1ecf33e8c4048c59e55d38cc8bb3f89357ac8fb74fdbb57e24e111e1749620fe6f7e329a744e3cfc9ced3e445539ce85926c7877a0f12475ccf14f124f9234b +DIST openssh-lpk-5.4p1-0.3.13.patch.gz 18105 SHA256 4e5dbe769e487c914ecc5b104866f6d4412cbe35c3f2bed897d06f7d824878be SHA512 b79f7e6836162e65a13ca05813af80e6464a5880282da49232ee5b0d4b81c484d5ada37bef30daf2bc57c9b17be44cae4f3905d014b409cd3e380a6e4aaa5416 WHIRLPOOL 4b869ac914be2e9c1e297ba13c928bbf296d669fdd7f0f6d8a8c99fceed58fcc89c6f43f38511f023f9ca4a0051498c1a1abc5baeba8d63ed039c3953fcf71b3 +DIST openssh-lpk-5.6p1-0.3.13.patch.gz 18376 SHA256 42a76b67c390c3ed28efd6e1734ca5a7edfefc635c35086dbd610999130678e9 SHA512 b492fdae831fd93d34075d8656d85fb032993686e3341cb880c47c48e2b9b72c82b92f4e78d5ae649c536b4806a916236de3b158f7f43a1de816bd05de8bbb44 WHIRLPOOL cc02e5e0831bafab354fe7e3e63f51aefc2e1f81aefd5e5f0ba90dbd45e7fad979e04c6b3dce63899e0cdabcd65839c2e2f214b39a17c425a113dccd8af308a1 +DIST openssh-lpk-5.7p1-0.3.13.patch.gz 18392 SHA256 739fa32e267f2c30362bb953d597bcbb55b58d76e13f644004fa63ded81522f7 SHA512 8ff9e0561275bcfa6bdda203bde9be7b7512d3ecc8040157da3709878d4a64496ce60a6e2cd24179713a9cb84a27251229f7beddc81be5734c9444894298ab17 WHIRLPOOL bb4977e0d629e781e1b2838590579329865d503e7f36d2dadeab99dbf5232771c375b91f14115bcdc25160988a983b30b7a378edf16121493ace7ec167cd3f6f +DIST openssh-lpk-5.8p2-0.3.14.patch.gz 18656 SHA256 adac5e13a4918e14e4d349f4360d9c740ae6f69de4e64520e8d51e8d39f969ad +DIST openssh-lpk-5.9p1-0.3.14.patch.gz 18335 SHA256 1a922d57a2e7020bf597135437a57080d7d046c9f41a7a53559945ddddbe0892 +DIST openssh-lpk-6.0p1-0.3.14.patch.gz 18401 SHA256 d0f3d55fd92ecc45aa6120d6ea919c903e4828ce0c2b07612c742a2aa7648beb SHA512 ebf680b90bc289c0d69c22fd6fd666032cdcf4c3850ecdf03e264200d60c50a12f4a5254907c6ab850727216e7837176be5564ae22b68d9b80a67c62f372a9dd WHIRLPOOL 4f8b32c77fc2a9205d283109ccd787a3f37757c18060da39c63147ff09f6b922f4a57ca1ba8d0cdc692f3f1eaba3e5e88eb4287f728ddaaf544d2d425c0cca91 +DIST openssh-lpk-6.1p1-0.3.14.patch.gz 18458 SHA256 2d0e40116e021913668519a42743f89b8fb77f8d5beed863d620cc79999b0b79 SHA512 9cfd83e650cedbc3950b8cf80d0b36fbb7dff8fbe7d017378f9a2ae18189fa6e459e323dae6cd1fa1d82ff948f628563892d0a0f30113b3a8ba5269fe051e784 WHIRLPOOL c1ee5570f0bfb3191c602d575e0e05cabe7d42183bd78c07cac19a2743a59f110728e309fcee6f0b6abc7b141ae8c701d92d010d2b7737739b4cac92406552fa +EBUILD openssh-5.5_p1-r2.ebuild 8625 SHA256 cda98fbb72c562d94bac4bc6b321c48e09e96e95951310baca8897c93ef4ac84 SHA512 f7474e9d8e715811deafafa005f0e334817842c23a471768ecfa7b39c191f814fb2036185fb75e215560d3dde981e88aae817cabd39c6cc9fd742a67abbaa1d6 WHIRLPOOL bf410ac43d256054cc2fc07df3da35ced52639614ce7baffad28810b855935a409a1d7ec5b234bcfed7757b57111738bac831c41393582e081e2b8e31725d09a +EBUILD openssh-5.6_p1-r2.ebuild 8370 SHA256 5ecec16d7abc9eba39d2975e03c35cb1612228d8b1594c1d505d3635aae9def9 SHA512 a3651bea199fd0ecee659c224c71c61a272d6e50f3629b90be96b1791bd59d7e63359d5a086578ef1f939e4c4dc094d172d47687462f0aeca8297bdacfb0e6ba WHIRLPOOL 02b3b7ba353876208db93eee9dd1d24d2036b35e92bd28e77ca8e5385344bdd76982570c8531aa2fc434248cee00f0e9fcf0c8aa6d55b2dc208deaefc3b2b2e0 +EBUILD openssh-5.7_p1-r1.ebuild 8219 SHA256 64fa29443d86b501c498c169772c88d8876d170b994514c65cf894c72cf63589 SHA512 c9c17ad24fcea4a4b0e609599641adfde6c53d339ba499b35d27773ee82baa87c62bf4ce9317001e20ad0e5b3cb39f5fc3a8d379d670d57ce9edc56b992fe816 WHIRLPOOL 5a97c94fdfc3f8dff27dc219a6da2123544aa443a96dc13bedb1be22e5ebb03a89615d7990baf8b8fcb13405c2de3526258775c3c2f86d660818026da041a8ec +EBUILD openssh-5.8_p1-r1.ebuild 8435 SHA256 a72a0f4112035018de06cd763e05493ea063ad7d116ec6e905d691c518fde827 SHA512 e31cc67ec7f5f2509d7d1805fe03041c6eaa654bcd3e4432e4f716a58f606e9e564f3b1f8d95efa4af12bc84cf56a7c4654211b6b315bad93898068864710781 WHIRLPOOL 0ad2c9a5e3a4be7cf21f68df686d0a8ee98f57402efd4824a7ed5ab4b16d593a3d763d2875f7e63da3745948265c933a1a5f1f346df9d7c0d1353acd3fe1b9fa +EBUILD openssh-5.8_p2-r1.ebuild 8467 SHA256 7eda66c78adbf9cb0d7691d2f2c4be21f8539ca7a55046f37ab03bab7501af73 SHA512 43b9ed6ac1902cfcc825602fbc78f8ae55717b907428391be38f25317beed0ffdc272e98ac46b337af7a68c46b7e4fc542bdcb8d0fb1ad6e1562e114fb4bfb26 WHIRLPOOL 59c42c5a72594f229bb5a5c462f6c5d2c6fca8bd212e2d026af2bc4b20ee744524218f45bd4b06646d9486e8c840f83255956a57d0b7eeedeb894ea5251f08a0 +EBUILD openssh-5.8_p2.ebuild 8464 SHA256 005a6dfb61c7fe46c08535f0c30b62a5547591cce2685e80af1a8cec74f93fdf SHA512 8a7bad27d2fe68e24479dbaa86142da85463bd553c2e53cb755c671548315d09e04625df1328d9e31000ee7b5439bfb851b540597e9f8f1b787de07dcb14b587 WHIRLPOOL 647099c01574377c641e76f5fdd284b69e9e982d557ffccf7351a0649918b119d4b5cd74f785f20e9b9b5b37d05a43f6292c8a29b9a037dc1e1e18ea5be3afba +EBUILD openssh-5.9_p1-r3.ebuild 9137 SHA256 d4e2eb9e518f104c5cc7913c0d7dfea959807eea3bb8063bc8efd7aefe5fcd85 SHA512 535d1c1d1586c59361a2050d6949aacf169ffac3ed787f0f44fc1bb2ab503af6967029e0f992e22d4a060acb3df6a6b104132a129c18c75231b1c37f19489a75 WHIRLPOOL 262f0ca3ef564b2a1f9adcea142978de80f0bdf9dd1fc94df720ce1f4a9848de8f18d48d81d3599f62293b3b725a98771c3fe036764421e46efa96a42029e28f +EBUILD openssh-5.9_p1-r4.ebuild 9185 SHA256 d3c4541fd8edd84d2988b4705581ae6fa9f958978b85812bd3d1d996bdcd5cb2 SHA512 ec10770ffd4cff5720fc8d93df9f3f7055181a2a9007e1ee58ea2126bba2a99794de1c6f575e99408861f26c29dc7a813ed2081f8ce157770350a90396bcb5b5 WHIRLPOOL fb4bb9364649721063182227a63362e3af87f5a37191709a6c00f8ddf18b3635c62790a68ba60d96547247d2e89a4a4e04452287b45baa00b0eccae78b4bd4ff +EBUILD openssh-6.0_p1-r1.ebuild 9463 SHA256 b1658b58445e9a5b2ae1881d8a8077a6da87414846f5b7aae10f56a763545bea SHA512 e346b7852c5e14bf4da2daed960df123088dc2fcadb00a611c557cf55187c8e45314b47e07cd41e9f09370383c6d3800b7dc61079d6d345811d4ee99aff2cdf4 WHIRLPOOL 0ff7c3832e352c2963d5529c0a060573ab386bb340295c0ef12559053a9d27e2e16514030c51ec9fb984eb02ef662bfd758860daa032df03309a8473f5c3b46f +EBUILD openssh-6.0_p1.ebuild 9461 SHA256 1b34a9871749300d97de8fc920f1376c50118cea1f2d80a87a1011bb093d1d96 SHA512 087e1ffd699bdd7bd3e9032e46dc1cbbc5c5b94e460bf54a869757d68151bc06227f1a6fd5c486c04f7372e60f7d0ea18d50513956588d80538da965c32b5371 WHIRLPOOL dd5cc1d7b617886355e2f1e6ce28acd7afad05f3d99bfd515fa59c8b5d9fc461403913b8b68260dacf2a1bb6a33f4bf696680b5e27019d57f196d9dca6f1a24b +EBUILD openssh-6.1_p1.ebuild 9408 SHA256 9ba2984e3adb5895117ada5a7f8ff5a3e0fb06abe7d067d5db4afac174ce0592 SHA512 8f0729a18e5ea9d939fddc62aaac7dd2b29e290c8025b0adda792676201fba4aee64e3a6130f7250d9c847fa0fbcf860c69df4eaf558e94bd2920b9300c92ff9 WHIRLPOOL a86aa71dcc60b2139d03e7dcd854305d6aecb00e5fa01fce54f4d517af08bb18f6187df497ba7acc493299158db0874158bc04c72163f61f7df416fdba3c9ec6 +MISC ChangeLog 72084 SHA256 a0b9b309b0d8b19bb72e00abd8c28396308fe55bff7ca4e52f40216441161b1c SHA512 8681c487eba5a6be09791735c124d9f1cadea7f79e14eb1746f50acdd53833cae66837d39ac0e4cd447156d1505e65c98054527c8c43b25c026c1bf031839370 WHIRLPOOL 00c69fd667d02c5563dd43e27fd8904c8619ad37ba4223b830bc81c0b5382024d13f7d52ca161e9e6f4ec6f8e7c5d45d8df003365dbaa7d2a3345c0e0dc777eb +MISC metadata.xml 1599 SHA256 fddc51b98b6831f5bc0f1f5fdeb78c064f9c40fc5c9a9f31ec816890e6aade86 SHA512 62ff3ab2fc84f7612799080285cba1f26c0b299d4159b15812a4b4349bfa450ac5f4e038b187201a8cba4c169c47dc4c5d9c4dfe881ef15cef82deadb8d63852 WHIRLPOOL f0b8153f49fb357cc8f90dbcb7397b6be3b31987e9bdde375c172ef2f2464a91080bef04f0e050b97852cad0a26ac9b2f634188f7b910e7dfbf738dd06a80223 +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v2.0.19 (GNU/Linux) + +iQIcBAEBCAAGBQJQS5EMAAoJELEHsLL7fEFWiRMP/122iJHPCbQnNkZVZ2AMGG8V +s8kOTftlxn0otHbWx/CGITdnaEObNAXlGaiSh9QUNR8jISlagpaqVN0q0w8y6um7 +OptqOWwYDnliKmsSufOEi8W6/8pJzUbAanw6v4zMssib6kVlcEp6OuTx/5vX5jZw +C+sodbRgWdNFOFcjwIoEvG3Y4Q9HdxjHbZ36r/GNZ4F/kLQA3kQZdIDvUIUP4q1I +hbKkILcOa546ltmvACSLYLcgKlHi9qE6SvC+MoXkRqGiklffVIQVNnDdOVy4xCEU +5WZIfZ3DcDg+qBMgFbwgr9OqcAtKjWEQf4HF0hdHvvEHo+QGv0l3Xaj84MnGK3GD +Wd6LNGfu4OM9PcifvBfw6SmH1OaHApJP0kGiPix4a8znMm5Q3nLQAV58A4TlRGyd +i4wxJ5noWTz6wcoTR2TncpY3rCrO5gEyMdYdR6SPVrjooCBMaXHM5o0XBtRobzuh +PeeYp8b7Esw6x6dopLuVmcwznB7NrZWyjgaMOTqADfnYUY3Mt8huJc74t0e7+bgt +U4slQRQDfKg2uLbh88Oaun7jFhdHuAsuKWjs3/vvKYVDF5V29iesteftzCLcnp8u +blB2qvPNFrMBDHz9OmhZI9420YgSdJkY9Bn9f74Tc68K2xE08PpL4KHUND/YnUsq +DgKKMKpQ6UdZlfLXBarl +=NaLj +-----END PGP SIGNATURE----- diff --git a/net-misc/openssh-x/files/openssh-4.7_p1-GSSAPI-dns.patch b/net-misc/openssh-x/files/openssh-4.7_p1-GSSAPI-dns.patch new file mode 100644 index 00000000..c81ae5cb --- /dev/null +++ b/net-misc/openssh-x/files/openssh-4.7_p1-GSSAPI-dns.patch @@ -0,0 +1,127 @@ +http://bugs.gentoo.org/165444 +https://bugzilla.mindrot.org/show_bug.cgi?id=1008 + +Index: readconf.c +=================================================================== +RCS file: /cvs/openssh/readconf.c,v +retrieving revision 1.135 +diff -u -r1.135 readconf.c +--- readconf.c 5 Aug 2006 02:39:40 -0000 1.135 ++++ readconf.c 19 Aug 2006 11:59:52 -0000 +@@ -126,6 +126,7 @@ + oClearAllForwardings, oNoHostAuthenticationForLocalhost, + oEnableSSHKeysign, oRekeyLimit, oVerifyHostKeyDNS, oConnectTimeout, + oAddressFamily, oGssAuthentication, oGssDelegateCreds, ++ oGssTrustDns, + oServerAliveInterval, oServerAliveCountMax, oIdentitiesOnly, + oSendEnv, oControlPath, oControlMaster, oHashKnownHosts, + oTunnel, oTunnelDevice, oLocalCommand, oPermitLocalCommand, +@@ -163,9 +164,11 @@ + #if defined(GSSAPI) + { "gssapiauthentication", oGssAuthentication }, + { "gssapidelegatecredentials", oGssDelegateCreds }, ++ { "gssapitrustdns", oGssTrustDns }, + #else + { "gssapiauthentication", oUnsupported }, + { "gssapidelegatecredentials", oUnsupported }, ++ { "gssapitrustdns", oUnsupported }, + #endif + { "fallbacktorsh", oDeprecated }, + { "usersh", oDeprecated }, +@@ -444,6 +447,10 @@ + intptr = &options->gss_deleg_creds; + goto parse_flag; + ++ case oGssTrustDns: ++ intptr = &options->gss_trust_dns; ++ goto parse_flag; ++ + case oBatchMode: + intptr = &options->batch_mode; + goto parse_flag; +@@ -1010,6 +1017,7 @@ + options->challenge_response_authentication = -1; + options->gss_authentication = -1; + options->gss_deleg_creds = -1; ++ options->gss_trust_dns = -1; + options->password_authentication = -1; + options->kbd_interactive_authentication = -1; + options->kbd_interactive_devices = NULL; +@@ -1100,6 +1108,8 @@ + options->gss_authentication = 0; + if (options->gss_deleg_creds == -1) + options->gss_deleg_creds = 0; ++ if (options->gss_trust_dns == -1) ++ options->gss_trust_dns = 0; + if (options->password_authentication == -1) + options->password_authentication = 1; + if (options->kbd_interactive_authentication == -1) +Index: readconf.h +=================================================================== +RCS file: /cvs/openssh/readconf.h,v +retrieving revision 1.63 +diff -u -r1.63 readconf.h +--- readconf.h 5 Aug 2006 02:39:40 -0000 1.63 ++++ readconf.h 19 Aug 2006 11:59:52 -0000 +@@ -45,6 +45,7 @@ + /* Try S/Key or TIS, authentication. */ + int gss_authentication; /* Try GSS authentication */ + int gss_deleg_creds; /* Delegate GSS credentials */ ++ int gss_trust_dns; /* Trust DNS for GSS canonicalization */ + int password_authentication; /* Try password + * authentication. */ + int kbd_interactive_authentication; /* Try keyboard-interactive auth. */ +Index: ssh_config.5 +=================================================================== +RCS file: /cvs/openssh/ssh_config.5,v +retrieving revision 1.97 +diff -u -r1.97 ssh_config.5 +--- ssh_config.5 5 Aug 2006 01:34:51 -0000 1.97 ++++ ssh_config.5 19 Aug 2006 11:59:53 -0000 +@@ -483,7 +483,16 @@ + Forward (delegate) credentials to the server. + The default is + .Dq no . +-Note that this option applies to protocol version 2 only. ++Note that this option applies to protocol version 2 connections using GSSAPI. ++.It Cm GSSAPITrustDns ++Set to ++.Dq yes to indicate that the DNS is trusted to securely canonicalize ++the name of the host being connected to. If ++.Dq no, the hostname entered on the ++command line will be passed untouched to the GSSAPI library. ++The default is ++.Dq no . ++This option only applies to protocol version 2 connections using GSSAPI. + .It Cm HashKnownHosts + Indicates that + .Xr ssh 1 +Index: sshconnect2.c +=================================================================== +RCS file: /cvs/openssh/sshconnect2.c,v +retrieving revision 1.151 +diff -u -r1.151 sshconnect2.c +--- sshconnect2.c 18 Aug 2006 14:33:34 -0000 1.151 ++++ sshconnect2.c 19 Aug 2006 11:59:53 -0000 +@@ -499,6 +499,12 @@ + static u_int mech = 0; + OM_uint32 min; + int ok = 0; ++ const char *gss_host; ++ ++ if (options.gss_trust_dns) ++ gss_host = get_canonical_hostname(1); ++ else ++ gss_host = authctxt->host; + + /* Try one GSSAPI method at a time, rather than sending them all at + * once. */ +@@ -511,7 +517,7 @@ + /* My DER encoding requires length<128 */ + if (gss_supported->elements[mech].length < 128 && + ssh_gssapi_check_mechanism(&gssctxt, +- &gss_supported->elements[mech], authctxt->host)) { ++ &gss_supported->elements[mech], gss_host)) { + ok = 1; /* Mechanism works */ + } else { + mech++; diff --git a/net-misc/openssh-x/files/openssh-5.2_p1-autoconf.patch b/net-misc/openssh-x/files/openssh-5.2_p1-autoconf.patch new file mode 100644 index 00000000..24ad7a9c --- /dev/null +++ b/net-misc/openssh-x/files/openssh-5.2_p1-autoconf.patch @@ -0,0 +1,15 @@ +workaround problems with autoconf-2.63 + +http://lists.gnu.org/archive/html/autoconf/2009-04/msg00007.html + +--- a/configure.ac ++++ b/configure.ac +@@ -3603,7 +3603,7 @@ + #include + struct spwd sp; + ],[ sp.sp_expire = sp.sp_lstchg = sp.sp_inact = 0; ], +- [ sp_expire_available=yes ], [] ++ [ sp_expire_available=yes ], [:] + ) + + if test "x$sp_expire_available" = "xyes" ; then diff --git a/net-misc/openssh-x/files/openssh-5.2_p1-gsskex-fix.patch b/net-misc/openssh-x/files/openssh-5.2_p1-gsskex-fix.patch new file mode 100644 index 00000000..8112d625 --- /dev/null +++ b/net-misc/openssh-x/files/openssh-5.2_p1-gsskex-fix.patch @@ -0,0 +1,16 @@ +--- clientloop.c ++++ clientloop.c +@@ -1434,11 +1434,13 @@ + if (!rekeying) { + channel_after_select(readset, writeset); + ++#ifdef GSSAPI + if (options.gss_renewal_rekey && + ssh_gssapi_credentials_updated(GSS_C_NO_CONTEXT)) { + debug("credentials updated - forcing rekey"); + need_rekeying = 1; + } ++#endif + + if (need_rekeying || packet_need_rekeying()) { + debug("need rekeying"); diff --git a/net-misc/openssh-x/files/openssh-5.2_p1-x509-hpn-glue.patch b/net-misc/openssh-x/files/openssh-5.2_p1-x509-hpn-glue.patch new file mode 100644 index 00000000..9428b74f --- /dev/null +++ b/net-misc/openssh-x/files/openssh-5.2_p1-x509-hpn-glue.patch @@ -0,0 +1,91 @@ +Move things around so hpn applies cleanly when using X509. + +--- openssh-5.2p1+x509/Makefile.in ++++ openssh-5.2p1+x509/Makefile.in +@@ -44,11 +44,12 @@ + CC=@CC@ + LD=@LD@ + CFLAGS=@CFLAGS@ +-CPPFLAGS=-I. -I$(srcdir) @CPPFLAGS@ @LDAP_CPPFLAGS@ $(PATHS) @DEFS@ ++CPPFLAGS=-I. -I$(srcdir) @CPPFLAGS@ $(PATHS) @DEFS@ + LIBS=@LIBS@ + SSHDLIBS=@SSHDLIBS@ + LIBEDIT=@LIBEDIT@ + LIBLDAP=@LDAP_LDFLAGS@ @LDAP_LIBS@ ++CPPFLAGS += @LDAP_CPPFLAGS@ + AR=@AR@ + AWK=@AWK@ + RANLIB=@RANLIB@ +--- openssh-5.2p1+x509/servconf.c ++++ openssh-5.2p1+x509/servconf.c +@@ -108,6 +108,17 @@ + options->log_level = SYSLOG_LEVEL_NOT_SET; + options->rhosts_rsa_authentication = -1; + options->hostbased_authentication = -1; ++ options->hostbased_algorithms = NULL; ++ options->pubkey_algorithms = NULL; ++ ssh_x509flags_initialize(&options->x509flags, 1); ++#ifndef SSH_X509STORE_DISABLED ++ ssh_x509store_initialize(&options->ca); ++#endif /*ndef SSH_X509STORE_DISABLED*/ ++#ifdef SSH_OCSP_ENABLED ++ options->va.type = -1; ++ options->va.certificate_file = NULL; ++ options->va.responder_url = NULL; ++#endif /*def SSH_OCSP_ENABLED*/ + options->hostbased_uses_name_from_packet_only = -1; + options->rsa_authentication = -1; + options->pubkey_authentication = -1; +@@ -152,18 +163,6 @@ + options->adm_forced_command = NULL; + options->chroot_directory = NULL; + options->zero_knowledge_password_authentication = -1; +- +- options->hostbased_algorithms = NULL; +- options->pubkey_algorithms = NULL; +- ssh_x509flags_initialize(&options->x509flags, 1); +-#ifndef SSH_X509STORE_DISABLED +- ssh_x509store_initialize(&options->ca); +-#endif /*ndef SSH_X509STORE_DISABLED*/ +-#ifdef SSH_OCSP_ENABLED +- options->va.type = -1; +- options->va.certificate_file = NULL; +- options->va.responder_url = NULL; +-#endif /*def SSH_OCSP_ENABLED*/ + } + + void +@@ -341,6 +340,16 @@ + /* Portable-specific options */ + sUsePAM, + /* Standard Options */ ++ sHostbasedAlgorithms, ++ sPubkeyAlgorithms, ++ sX509KeyAlgorithm, ++ sAllowedClientCertPurpose, ++ sKeyAllowSelfIssued, sMandatoryCRL, ++ sCACertificateFile, sCACertificatePath, ++ sCARevocationFile, sCARevocationPath, ++ sCAldapVersion, sCAldapURL, ++ sVAType, sVACertificateFile, ++ sVAOCSPResponderURL, + sPort, sHostKeyFile, sServerKeyBits, sLoginGraceTime, sKeyRegenerationTime, + sPermitRootLogin, sLogFacility, sLogLevel, + sRhostsRSAAuthentication, sRSAAuthentication, +@@ -364,16 +373,6 @@ + sMatch, sPermitOpen, sForceCommand, sChrootDirectory, + sUsePrivilegeSeparation, sAllowAgentForwarding, + sZeroKnowledgePasswordAuthentication, +- sHostbasedAlgorithms, +- sPubkeyAlgorithms, +- sX509KeyAlgorithm, +- sAllowedClientCertPurpose, +- sKeyAllowSelfIssued, sMandatoryCRL, +- sCACertificateFile, sCACertificatePath, +- sCARevocationFile, sCARevocationPath, +- sCAldapVersion, sCAldapURL, +- sVAType, sVACertificateFile, +- sVAOCSPResponderURL, + sDeprecated, sUnsupported + } ServerOpCodes; + diff --git a/net-misc/openssh-x/files/openssh-5.2p1-ldap-stdargs.diff b/net-misc/openssh-x/files/openssh-5.2p1-ldap-stdargs.diff new file mode 100644 index 00000000..346d5271 --- /dev/null +++ b/net-misc/openssh-x/files/openssh-5.2p1-ldap-stdargs.diff @@ -0,0 +1,10 @@ +--- ldapauth.c.orig 2009-04-18 18:06:38.000000000 +0200 ++++ ldapauth.c 2009-04-18 18:06:11.000000000 +0200 +@@ -31,6 +31,7 @@ + #include + #include + #include ++#include + + #include "ldapauth.h" + #include "log.h" diff --git a/net-misc/openssh-x/files/openssh-5.4_p1-openssl.patch b/net-misc/openssh-x/files/openssh-5.4_p1-openssl.patch new file mode 100644 index 00000000..e4cdb63a --- /dev/null +++ b/net-misc/openssh-x/files/openssh-5.4_p1-openssl.patch @@ -0,0 +1,12 @@ +pull in openssl/conf.h for OPENSSL_config() prototype + +--- openbsd-compat/openssl-compat.c ++++ openbsd-compat/openssl-compat.c +@@ -59,6 +59,7 @@ + #endif + + #ifdef USE_OPENSSL_ENGINE ++#include + void + ssh_SSLeay_add_all_algorithms(void) + { diff --git a/net-misc/openssh-x/files/openssh-5.6_p1-hpn-progressmeter.patch b/net-misc/openssh-x/files/openssh-5.6_p1-hpn-progressmeter.patch new file mode 100644 index 00000000..5fe18dfc --- /dev/null +++ b/net-misc/openssh-x/files/openssh-5.6_p1-hpn-progressmeter.patch @@ -0,0 +1,15 @@ +don't go reading random stack values + +already e-mailed to upstream hpn devs + +--- progressmeter.c ++++ progressmeter.c +@@ -183,7 +183,7 @@ + else + percent = 100; + +- snprintf(buf + strlen(buf), win_size - strlen(buf-8), ++ snprintf(buf + strlen(buf), win_size - strlen(buf) - 8, + " %3d%% ", percent); + + /* amount transferred */ diff --git a/net-misc/openssh-x/files/openssh-5.6_p1-x509-hpn-glue.patch b/net-misc/openssh-x/files/openssh-5.6_p1-x509-hpn-glue.patch new file mode 100644 index 00000000..e793311f --- /dev/null +++ b/net-misc/openssh-x/files/openssh-5.6_p1-x509-hpn-glue.patch @@ -0,0 +1,60 @@ +Move things around so hpn applies cleanly when using X509. + +--- a/Makefile.in ++++ b/Makefile.in +@@ -46,11 +46,12 @@ + CC=@CC@ + LD=@LD@ + CFLAGS=@CFLAGS@ +-CPPFLAGS=-I. -I$(srcdir) @CPPFLAGS@ @LDAP_CPPFLAGS@ $(PATHS) @DEFS@ ++CPPFLAGS=-I. -I$(srcdir) @CPPFLAGS@ $(PATHS) @DEFS@ + LIBS=@LIBS@ + SSHDLIBS=@SSHDLIBS@ + LIBEDIT=@LIBEDIT@ + LIBLDAP=@LDAP_LDFLAGS@ @LDAP_LIBS@ ++CPPFLAGS+=@LDAP_CPPFLAGS@ + AR=@AR@ + AWK=@AWK@ + RANLIB=@RANLIB@ +--- a/servconf.c ++++ b/servconf.c +@@ -153,9 +153,6 @@ initialize_server_options(ServerOptions *options) + options->adm_forced_command = NULL; + options->chroot_directory = NULL; + options->zero_knowledge_password_authentication = -1; +- options->revoked_keys_file = NULL; +- options->trusted_user_ca_keys = NULL; +- options->authorized_principals_file = NULL; + + options->hostbased_algorithms = NULL; + options->pubkey_algorithms = NULL; +@@ -168,6 +165,9 @@ initialize_server_options(ServerOptions *options) + options->va.certificate_file = NULL; + options->va.responder_url = NULL; + #endif /*def SSH_OCSP_ENABLED*/ ++ options->revoked_keys_file = NULL; ++ options->trusted_user_ca_keys = NULL; ++ options->authorized_principals_file = NULL; + } + + void +@@ -367,9 +367,6 @@ typedef enum { + sClientAliveCountMax, sAuthorizedKeysFile, sAuthorizedKeysFile2, + sGssAuthentication, sGssCleanupCreds, sAcceptEnv, sPermitTunnel, + sMatch, sPermitOpen, sForceCommand, sChrootDirectory, +- sUsePrivilegeSeparation, sAllowAgentForwarding, +- sZeroKnowledgePasswordAuthentication, sHostCertificate, +- sRevokedKeys, sTrustedUserCAKeys, sAuthorizedPrincipalsFile, + sHostbasedAlgorithms, + sPubkeyAlgorithms, + sX509KeyAlgorithm, +@@ -380,6 +377,9 @@ typedef enum { + sCAldapVersion, sCAldapURL, + sVAType, sVACertificateFile, + sVAOCSPResponderURL, ++ sUsePrivilegeSeparation, sAllowAgentForwarding, ++ sZeroKnowledgePasswordAuthentication, sHostCertificate, ++ sRevokedKeys, sTrustedUserCAKeys, sAuthorizedPrincipalsFile, + sDeprecated, sUnsupported + } ServerOpCodes; + diff --git a/net-misc/openssh-x/files/openssh-5.7_p1-x509-hpn-glue.patch b/net-misc/openssh-x/files/openssh-5.7_p1-x509-hpn-glue.patch new file mode 100644 index 00000000..ee3e7574 --- /dev/null +++ b/net-misc/openssh-x/files/openssh-5.7_p1-x509-hpn-glue.patch @@ -0,0 +1,60 @@ +Move things around so hpn applies cleanly when using X509. + +--- a/Makefile.in ++++ b/Makefile.in +@@ -46,11 +46,12 @@ + CC=@CC@ + LD=@LD@ + CFLAGS=@CFLAGS@ +-CPPFLAGS=-I. -I$(srcdir) @CPPFLAGS@ @LDAP_CPPFLAGS@ $(PATHS) @DEFS@ ++CPPFLAGS=-I. -I$(srcdir) @CPPFLAGS@ $(PATHS) @DEFS@ + LIBS=@LIBS@ + SSHDLIBS=@SSHDLIBS@ + LIBEDIT=@LIBEDIT@ + LIBLDAP=@LDAP_LDFLAGS@ @LDAP_LIBS@ ++CPPFLAGS+=@LDAP_CPPFLAGS@ + AR=@AR@ + AWK=@AWK@ + RANLIB=@RANLIB@ +--- a/servconf.c ++++ b/servconf.c +@@ -153,9 +153,6 @@ initialize_server_options(ServerOptions *options) + options->zero_knowledge_password_authentication = -1; + options->revoked_keys_file = NULL; + options->trusted_user_ca_keys = NULL; +- options->authorized_principals_file = NULL; +- options->ip_qos_interactive = -1; +- options->ip_qos_bulk = -1; + + options->hostbased_algorithms = NULL; + options->pubkey_algorithms = NULL; +@@ -168,6 +165,9 @@ initialize_server_options(ServerOptions *options) + options->va.certificate_file = NULL; + options->va.responder_url = NULL; + #endif /*def SSH_OCSP_ENABLED*/ ++ options->authorized_principals_file = NULL; ++ options->ip_qos_interactive = -1; ++ options->ip_qos_bulk = -1; + } + + void +@@ -367,9 +367,6 @@ typedef enum { + sGssAuthentication, sGssCleanupCreds, sAcceptEnv, sPermitTunnel, + sMatch, sPermitOpen, sForceCommand, sChrootDirectory, + sUsePrivilegeSeparation, sAllowAgentForwarding, +- sZeroKnowledgePasswordAuthentication, sHostCertificate, +- sRevokedKeys, sTrustedUserCAKeys, sAuthorizedPrincipalsFile, +- sKexAlgorithms, sIPQoS, + sHostbasedAlgorithms, + sPubkeyAlgorithms, + sX509KeyAlgorithm, +@@ -380,6 +377,9 @@ typedef enum { + sCAldapVersion, sCAldapURL, + sVAType, sVACertificateFile, + sVAOCSPResponderURL, ++ sZeroKnowledgePasswordAuthentication, sHostCertificate, ++ sRevokedKeys, sTrustedUserCAKeys, sAuthorizedPrincipalsFile, ++ sKexAlgorithms, sIPQoS, + sDeprecated, sUnsupported + } ServerOpCodes; + diff --git a/net-misc/openssh-x/files/openssh-5.8_p1-selinux.patch b/net-misc/openssh-x/files/openssh-5.8_p1-selinux.patch new file mode 100644 index 00000000..7be2879f --- /dev/null +++ b/net-misc/openssh-x/files/openssh-5.8_p1-selinux.patch @@ -0,0 +1,18 @@ +http://bugs.gentoo.org/354247 + +[openbsd-compat/port-linux.c] Bug #1851: fix syntax error in + selinux code. Patch from Leonardo Chiquitto. + +/* $Id: openssh-5.8_p1-selinux.patch,v 1.1 2011/02/10 02:44:53 vapier Exp $ */ + +--- a/openbsd-compat/port-linux.c ++++ b/openbsd-compat/port-linux.c +@@ -213,7 +213,7 @@ + + if (!ssh_selinux_enabled()) + return; +- if (path == NULL) ++ if (path == NULL) { + setfscreatecon(NULL); + return; + } diff --git a/net-misc/openssh-x/files/openssh-5.8_p1-x509-hpn-glue.patch b/net-misc/openssh-x/files/openssh-5.8_p1-x509-hpn-glue.patch new file mode 100644 index 00000000..74d06c79 --- /dev/null +++ b/net-misc/openssh-x/files/openssh-5.8_p1-x509-hpn-glue.patch @@ -0,0 +1,61 @@ +Move things around so hpn applies cleanly when using X509. + +--- a/Makefile.in ++++ b/Makefile.in +@@ -46,12 +46,13 @@ + CC=@CC@ + LD=@LD@ + CFLAGS=@CFLAGS@ +-CPPFLAGS=-I. -I$(srcdir) @CPPFLAGS@ @LDAP_CPPFLAGS@ $(PATHS) @DEFS@ ++CPPFLAGS=-I. -I$(srcdir) @CPPFLAGS@ $(PATHS) @DEFS@ + LIBS=@LIBS@ + SSHLIBS=@SSHLIBS@ + SSHDLIBS=@SSHDLIBS@ + LIBEDIT=@LIBEDIT@ + LIBLDAP=@LDAP_LDFLAGS@ @LDAP_LIBS@ ++CPPFLAGS+=@LDAP_CPPFLAGS@ + AR=@AR@ + AWK=@AWK@ + RANLIB=@RANLIB@ +--- a/servconf.c ++++ b/servconf.c +@@ -153,9 +153,6 @@ initialize_server_options(ServerOptions *options) + options->zero_knowledge_password_authentication = -1; + options->revoked_keys_file = NULL; + options->trusted_user_ca_keys = NULL; +- options->authorized_principals_file = NULL; +- options->ip_qos_interactive = -1; +- options->ip_qos_bulk = -1; + + options->hostbased_algorithms = NULL; + options->pubkey_algorithms = NULL; +@@ -168,6 +165,9 @@ initialize_server_options(ServerOptions *options) + options->va.certificate_file = NULL; + options->va.responder_url = NULL; + #endif /*def SSH_OCSP_ENABLED*/ ++ options->authorized_principals_file = NULL; ++ options->ip_qos_interactive = -1; ++ options->ip_qos_bulk = -1; + } + + void +@@ -367,9 +367,6 @@ typedef enum { + sGssAuthentication, sGssCleanupCreds, sAcceptEnv, sPermitTunnel, + sMatch, sPermitOpen, sForceCommand, sChrootDirectory, + sUsePrivilegeSeparation, sAllowAgentForwarding, +- sZeroKnowledgePasswordAuthentication, sHostCertificate, +- sRevokedKeys, sTrustedUserCAKeys, sAuthorizedPrincipalsFile, +- sKexAlgorithms, sIPQoS, + sHostbasedAlgorithms, + sPubkeyAlgorithms, + sX509KeyAlgorithm, +@@ -380,6 +377,9 @@ typedef enum { + sCAldapVersion, sCAldapURL, + sVAType, sVACertificateFile, + sVAOCSPResponderURL, ++ sZeroKnowledgePasswordAuthentication, sHostCertificate, ++ sRevokedKeys, sTrustedUserCAKeys, sAuthorizedPrincipalsFile, ++ sKexAlgorithms, sIPQoS, + sDeprecated, sUnsupported + } ServerOpCodes; + diff --git a/net-misc/openssh-x/files/openssh-5.9_p1-drop-openssl-check.patch b/net-misc/openssh-x/files/openssh-5.9_p1-drop-openssl-check.patch new file mode 100644 index 00000000..eb621abb --- /dev/null +++ b/net-misc/openssh-x/files/openssh-5.9_p1-drop-openssl-check.patch @@ -0,0 +1,25 @@ +newer versions of openssl have started to be compatible across minor versions +too, so this sanity check fails. since we already handle compatibility with +openssl via SONAME checks, we don't need this openssh check at all. + +http://marc.info/?l=openssl-dev&m=133176786215023&w=2 + +--- a/entropy.c ++++ b/entropy.c +@@ -208,16 +208,7 @@ seed_rng(void) + { + #ifndef OPENSSL_PRNG_ONLY + unsigned char buf[RANDOM_SEED_SIZE]; +-#endif +- /* +- * OpenSSL version numbers: MNNFFPPS: major minor fix patch status +- * We match major, minor, fix and status (not patch) +- */ +- if ((SSLeay() ^ OPENSSL_VERSION_NUMBER) & ~0xff0L) +- fatal("OpenSSL version mismatch. Built against %lx, you " +- "have %lx", (u_long)OPENSSL_VERSION_NUMBER, SSLeay()); + +-#ifndef OPENSSL_PRNG_ONLY + if (RAND_status() == 1) { + debug3("RNG is ready, skipping seeding"); + return; diff --git a/net-misc/openssh-x/files/openssh-5.9_p1-sshd-gssapi-multihomed.patch b/net-misc/openssh-x/files/openssh-5.9_p1-sshd-gssapi-multihomed.patch new file mode 100644 index 00000000..6377d036 --- /dev/null +++ b/net-misc/openssh-x/files/openssh-5.9_p1-sshd-gssapi-multihomed.patch @@ -0,0 +1,184 @@ +Index: gss-serv.c +=================================================================== +RCS file: /cvs/src/usr.bin/ssh/gss-serv.c,v +retrieving revision 1.22 +diff -u -p -r1.22 gss-serv.c +--- gss-serv.c 8 May 2008 12:02:23 -0000 1.22 ++++ gss-serv.c 11 Jan 2010 05:38:29 -0000 +@@ -41,9 +41,12 @@ + #include "channels.h" + #include "session.h" + #include "misc.h" ++#include "servconf.h" + + #include "ssh-gss.h" + ++extern ServerOptions options; ++ + static ssh_gssapi_client gssapi_client = + { GSS_C_EMPTY_BUFFER, GSS_C_EMPTY_BUFFER, + GSS_C_NO_CREDENTIAL, NULL, {NULL, NULL, NULL}}; +@@ -77,25 +80,32 @@ ssh_gssapi_acquire_cred(Gssctxt *ctx) + char lname[MAXHOSTNAMELEN]; + gss_OID_set oidset; + +- gss_create_empty_oid_set(&status, &oidset); +- gss_add_oid_set_member(&status, ctx->oid, &oidset); +- +- if (gethostname(lname, MAXHOSTNAMELEN)) { +- gss_release_oid_set(&status, &oidset); +- return (-1); +- } ++ if (options.gss_strict_acceptor) { ++ gss_create_empty_oid_set(&status, &oidset); ++ gss_add_oid_set_member(&status, ctx->oid, &oidset); ++ ++ if (gethostname(lname, MAXHOSTNAMELEN)) { ++ gss_release_oid_set(&status, &oidset); ++ return (-1); ++ } ++ ++ if (GSS_ERROR(ssh_gssapi_import_name(ctx, lname))) { ++ gss_release_oid_set(&status, &oidset); ++ return (ctx->major); ++ } ++ ++ if ((ctx->major = gss_acquire_cred(&ctx->minor, ++ ctx->name, 0, oidset, GSS_C_ACCEPT, &ctx->creds, ++ NULL, NULL))) ++ ssh_gssapi_error(ctx); + +- if (GSS_ERROR(ssh_gssapi_import_name(ctx, lname))) { + gss_release_oid_set(&status, &oidset); + return (ctx->major); ++ } else { ++ ctx->name = GSS_C_NO_NAME; ++ ctx->creds = GSS_C_NO_CREDENTIAL; + } +- +- if ((ctx->major = gss_acquire_cred(&ctx->minor, +- ctx->name, 0, oidset, GSS_C_ACCEPT, &ctx->creds, NULL, NULL))) +- ssh_gssapi_error(ctx); +- +- gss_release_oid_set(&status, &oidset); +- return (ctx->major); ++ return GSS_S_COMPLETE; + } + + /* Privileged */ +Index: servconf.c +=================================================================== +RCS file: /cvs/src/usr.bin/ssh/servconf.c,v +retrieving revision 1.201 +diff -u -p -r1.201 servconf.c +--- servconf.c 10 Jan 2010 03:51:17 -0000 1.201 ++++ servconf.c 11 Jan 2010 05:34:56 -0000 +@@ -86,6 +86,7 @@ initialize_server_options(ServerOptions + options->kerberos_get_afs_token = -1; + options->gss_authentication=-1; + options->gss_cleanup_creds = -1; ++ options->gss_strict_acceptor = -1; + options->password_authentication = -1; + options->kbd_interactive_authentication = -1; + options->challenge_response_authentication = -1; +@@ -200,6 +201,8 @@ fill_default_server_options(ServerOption + options->gss_authentication = 0; + if (options->gss_cleanup_creds == -1) + options->gss_cleanup_creds = 1; ++ if (options->gss_strict_acceptor == -1) ++ options->gss_strict_acceptor = 0; + if (options->password_authentication == -1) + options->password_authentication = 1; + if (options->kbd_interactive_authentication == -1) +@@ -277,7 +280,8 @@ typedef enum { + sBanner, sUseDNS, sHostbasedAuthentication, + sHostbasedUsesNameFromPacketOnly, sClientAliveInterval, + sClientAliveCountMax, sAuthorizedKeysFile, +- sGssAuthentication, sGssCleanupCreds, sAcceptEnv, sPermitTunnel, ++ sGssAuthentication, sGssCleanupCreds, sGssStrictAcceptor, ++ sAcceptEnv, sPermitTunnel, + sMatch, sPermitOpen, sForceCommand, sChrootDirectory, + sUsePrivilegeSeparation, sAllowAgentForwarding, + sZeroKnowledgePasswordAuthentication, sHostCertificate, +@@ -327,9 +331,11 @@ static struct { + #ifdef GSSAPI + { "gssapiauthentication", sGssAuthentication, SSHCFG_ALL }, + { "gssapicleanupcredentials", sGssCleanupCreds, SSHCFG_GLOBAL }, ++ { "gssapistrictacceptorcheck", sGssStrictAcceptor, SSHCFG_GLOBAL }, + #else + { "gssapiauthentication", sUnsupported, SSHCFG_ALL }, + { "gssapicleanupcredentials", sUnsupported, SSHCFG_GLOBAL }, ++ { "gssapistrictacceptorcheck", sUnsupported, SSHCFG_GLOBAL }, + #endif + { "passwordauthentication", sPasswordAuthentication, SSHCFG_ALL }, + { "kbdinteractiveauthentication", sKbdInteractiveAuthentication, SSHCFG_ALL }, +@@ -850,6 +856,10 @@ process_server_config_line(ServerOptions + + case sGssCleanupCreds: + intptr = &options->gss_cleanup_creds; ++ goto parse_flag; ++ ++ case sGssStrictAcceptor: ++ intptr = &options->gss_strict_acceptor; + goto parse_flag; + + case sPasswordAuthentication: +Index: servconf.h +=================================================================== +RCS file: /cvs/src/usr.bin/ssh/servconf.h,v +retrieving revision 1.89 +diff -u -p -r1.89 servconf.h +--- servconf.h 9 Jan 2010 23:04:13 -0000 1.89 ++++ servconf.h 11 Jan 2010 05:32:28 -0000 +@@ -92,6 +92,7 @@ typedef struct { + * authenticated with Kerberos. */ + int gss_authentication; /* If true, permit GSSAPI authentication */ + int gss_cleanup_creds; /* If true, destroy cred cache on logout */ ++ int gss_strict_acceptor; /* If true, restrict the GSSAPI acceptor name */ + int password_authentication; /* If true, permit password + * authentication. */ + int kbd_interactive_authentication; /* If true, permit */ +Index: sshd_config +=================================================================== +RCS file: /cvs/src/usr.bin/ssh/sshd_config,v +retrieving revision 1.81 +diff -u -p -r1.81 sshd_config +--- sshd_config 8 Oct 2009 14:03:41 -0000 1.81 ++++ sshd_config 11 Jan 2010 05:32:28 -0000 +@@ -69,6 +69,7 @@ + # GSSAPI options + #GSSAPIAuthentication no + #GSSAPICleanupCredentials yes ++#GSSAPIStrictAcceptorCheck yes + + # Set this to 'yes' to enable PAM authentication, account processing, + # and session processing. If this is enabled, PAM authentication will +Index: sshd_config.5 +=================================================================== +RCS file: /cvs/src/usr.bin/ssh/sshd_config.5,v +retrieving revision 1.116 +diff -u -p -r1.116 sshd_config.5 +--- sshd_config.5 9 Jan 2010 23:04:13 -0000 1.116 ++++ sshd_config.5 11 Jan 2010 05:37:20 -0000 +@@ -386,6 +386,21 @@ on logout. + The default is + .Dq yes . + Note that this option applies to protocol version 2 only. ++.It Cm GSSAPIStrictAcceptorCheck ++Determines whether to be strict about the identity of the GSSAPI acceptor ++a client authenticates against. ++If set to ++.Dq yes ++then the client must authenticate against the ++.Pa host ++service on the current hostname. ++If set to ++.Dq no ++then the client may authenticate against any service key stored in the ++machine's default store. ++This facility is provided to assist with operation on multi homed machines. ++The default is ++.Dq yes . + .It Cm HostbasedAuthentication + Specifies whether rhosts or /etc/hosts.equiv authentication together + with successful public key client host authentication is allowed diff --git a/net-misc/openssh-x/files/openssh-5.9_p1-x509-glue.patch b/net-misc/openssh-x/files/openssh-5.9_p1-x509-glue.patch new file mode 100644 index 00000000..6fbb88b6 --- /dev/null +++ b/net-misc/openssh-x/files/openssh-5.9_p1-x509-glue.patch @@ -0,0 +1,15 @@ +make x509 apply after openssh-5.9_p1-sshd-gssapi-multihomed.patch + +--- openssh-5.9p1+x509-7.0.diff ++++ openssh-5.9p1+x509-7.0.diff +@@ -11995,9 +11995,9 @@ + Specifies whether challenge-response authentication is allowed (e.g. via + PAM or though authentication styles supported in + @@ -430,6 +507,16 @@ ++ This facility is provided to assist with operation on multi homed machines. + The default is + .Dq yes . +- Note that this option applies to protocol version 2 only. + +.It Cm HostbasedAlgorithms + +Specifies the protocol version 2 algorithms used in + +.Dq hostbased diff --git a/net-misc/openssh-x/files/openssh-6.0_p1-fix-freebsd-compilation.patch b/net-misc/openssh-x/files/openssh-6.0_p1-fix-freebsd-compilation.patch new file mode 100644 index 00000000..3b34cd2e --- /dev/null +++ b/net-misc/openssh-x/files/openssh-6.0_p1-fix-freebsd-compilation.patch @@ -0,0 +1,15 @@ +diff --git a/configure.ac b/configure.ac +index 2b60300..21b6112 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -725,6 +725,10 @@ mips-sony-bsd|mips-sony-newsos4) + AC_CHECK_HEADER([net/if_tap.h], , + AC_DEFINE([SSH_TUN_NO_L2], [1], [No layer 2 tunnel support])) + AC_DEFINE([BROKEN_GLOB], [1], [FreeBSD glob does not do what we need]) ++ AC_DEFINE([DISABLE_UTMP], [1], ++ [Define if you don't want to use utmp]) ++ AC_DEFINE([DISABLE_WTMP], [1], ++ [Define if you don't want to use wtmp]) + ;; + *-*-bsdi*) + AC_DEFINE([SETEUID_BREAKS_SETUID]) diff --git a/net-misc/openssh-x/files/openssh-6.0_p1-hpn-progressmeter.patch b/net-misc/openssh-x/files/openssh-6.0_p1-hpn-progressmeter.patch new file mode 100644 index 00000000..56805d12 --- /dev/null +++ b/net-misc/openssh-x/files/openssh-6.0_p1-hpn-progressmeter.patch @@ -0,0 +1,15 @@ +don't go reading random stack values + +already e-mailed to upstream hpn devs + +--- progressmeter.c ++++ progressmeter.c +@@ -183,7 +183,7 @@ + percent = ((float)cur_pos / end_pos) * 100; + else + percent = 100; +- snprintf(buf + strlen(buf), win_size - strlen(buf-8), ++ snprintf(buf + strlen(buf), win_size - strlen(buf) - 8, + " %3d%% ", percent); + + /* amount transferred */ diff --git a/net-misc/openssh-x/files/openssh-6.0_p1-test.patch b/net-misc/openssh-x/files/openssh-6.0_p1-test.patch new file mode 100644 index 00000000..8b988aed --- /dev/null +++ b/net-misc/openssh-x/files/openssh-6.0_p1-test.patch @@ -0,0 +1,19 @@ +changeset: 10701:b159befd3104 +tag: tip +user: Mike Frysinger +date: Sun Apr 29 00:26:33 2012 -0400 +summary: use = with `test`, not == + +diff -r d8a3ea854288 -r b159befd3104 configure.ac +--- a/configure.ac Fri Apr 27 00:55:42 2012 +0000 ++++ b/configure.ac Sun Apr 29 00:26:33 2012 -0400 +@@ -2591,7 +2591,7 @@ + AC_DEFINE([SANDBOX_DARWIN], [1], [Sandbox using Darwin sandbox_init(3)]) + elif test "x$sandbox_arg" = "xseccomp_filter" || \ + ( test -z "$sandbox_arg" && \ +- test "x$have_seccomp_filter" == "x1" && \ ++ test "x$have_seccomp_filter" = "x1" && \ + test "x$ac_cv_header_linux_audit_h" = "xyes" && \ + test "x$have_seccomp_audit_arch" = "x1" && \ + test "x$have_linux_no_new_privs" = "x1" && \ + diff --git a/net-misc/openssh-x/files/openssh-6.0_p1-x509-glue.patch b/net-misc/openssh-x/files/openssh-6.0_p1-x509-glue.patch new file mode 100644 index 00000000..3633a2af --- /dev/null +++ b/net-misc/openssh-x/files/openssh-6.0_p1-x509-glue.patch @@ -0,0 +1,15 @@ +make x509 apply after openssh-5.9_p1-sshd-gssapi-multihomed.patch + +--- openssh-6.0p1+x509-7.1.diff ++++ openssh-6.0p1+x509-7.1.diff +@@ -13502,9 +13502,9 @@ + Specifies whether challenge-response authentication is allowed (e.g. via + PAM or though authentication styles supported in + @@ -430,6 +507,16 @@ ++ This facility is provided to assist with operation on multi homed machines. + The default is + .Dq yes . +- Note that this option applies to protocol version 2 only. + +.It Cm HostbasedAlgorithms + +Specifies the protocol version 2 algorithms used in + +.Dq hostbased diff --git a/net-misc/openssh-x/files/openssh-6.0_p1-x509-hpn-glue.patch b/net-misc/openssh-x/files/openssh-6.0_p1-x509-hpn-glue.patch new file mode 100644 index 00000000..9e3dfdbe --- /dev/null +++ b/net-misc/openssh-x/files/openssh-6.0_p1-x509-hpn-glue.patch @@ -0,0 +1,57 @@ +diff --git a/Makefile.in b/Makefile.in +index ecb45cd..7834fb1 100644 +--- a/Makefile.in ++++ b/Makefile.in +@@ -45,12 +45,13 @@ FIPSLD_CC=@FIPSLD_CC@ + CC=@CC@ + LD=@LD@ + CFLAGS=@CFLAGS@ +-CPPFLAGS=-I. -I$(srcdir) @CPPFLAGS@ @LDAP_CPPFLAGS@ $(PATHS) @DEFS@ ++CPPFLAGS=-I. -I$(srcdir) @CPPFLAGS@ $(PATHS) @DEFS@ + LIBS=@LIBS@ + SSHLIBS=@SSHLIBS@ + SSHDLIBS=@SSHDLIBS@ + LIBEDIT=@LIBEDIT@ + LIBLDAP=@LDAP_LDFLAGS@ @LDAP_LIBS@ ++CPPFLAGS+=@LDAP_CPPFLAGS@ + AR=@AR@ + AWK=@AWK@ + RANLIB=@RANLIB@ +diff --git a/sshconnect.c b/sshconnect.c +index 19a2b06..dd75f78 100644 +--- a/sshconnect.c ++++ b/sshconnect.c +@@ -580,7 +580,7 @@ ssh_exchange_identification(int timeout_ms) + snprintf(buf, sizeof buf, "SSH-%d.%d-%.100s%s", + compat20 ? PROTOCOL_MAJOR_2 : PROTOCOL_MAJOR_1, + compat20 ? PROTOCOL_MINOR_2 : minor1, +- SSH_VERSION, compat20 ? " PKIX\r\n" : "\n"); ++ SSH_VERSION, compat20 ? "\r\n" : "\n"); + if (roaming_atomicio(vwrite, connection_out, buf, strlen(buf)) + != strlen(buf)) + fatal("write: %.100s", strerror(errno)); +diff --git a/sshd.c b/sshd.c +index a5c437d..a1105a0 100644 +--- a/sshd.c ++++ b/sshd.c +@@ -428,8 +428,8 @@ sshd_exchange_identification(int sock_in, int sock_out) + minor = PROTOCOL_MINOR_1; + comment = ""; + } +- snprintf(buf, sizeof buf, "SSH-%d.%d-%.100s%s%s", major, minor, +- SSH_VERSION, comment, newline); ++ snprintf(buf, sizeof buf, "SSH-%d.%d-%.100s%s", major, minor, ++ SSH_VERSION, newline); + server_version_string = xstrdup(buf); + + /* Send our protocol version identification. */ +diff --git a/version.h b/version.h +index 78983d9..ec1746d 100644 +--- a/version.h ++++ b/version.h +@@ -3,4 +3,5 @@ + #define SSH_VERSION "OpenSSH_6.0" + + #define SSH_PORTABLE "p1" ++#define SSH_X509 " PKIX" + #define SSH_RELEASE SSH_VERSION SSH_PORTABLE diff --git a/net-misc/openssh-x/files/openssh-6.1_p1-x509-glue.patch b/net-misc/openssh-x/files/openssh-6.1_p1-x509-glue.patch new file mode 100644 index 00000000..e6db835d --- /dev/null +++ b/net-misc/openssh-x/files/openssh-6.1_p1-x509-glue.patch @@ -0,0 +1,15 @@ +make x509 apply after openssh-5.9_p1-sshd-gssapi-multihomed.patch + +--- openssh-6.1p1+x509-7.2.1.diff ++++ openssh-6.1p1+x509-7.2.1.diff +@@ -13502,9 +13502,9 @@ + Specifies whether challenge-response authentication is allowed (e.g. via + PAM or though authentication styles supported in + @@ -432,6 +509,16 @@ ++ This facility is provided to assist with operation on multi homed machines. + The default is + .Dq yes . +- Note that this option applies to protocol version 2 only. + +.It Cm HostbasedAlgorithms + +Specifies the protocol version 2 algorithms used in + +.Dq hostbased diff --git a/net-misc/openssh-x/files/openssh-6.1_p1-x509-hpn-glue.patch b/net-misc/openssh-x/files/openssh-6.1_p1-x509-hpn-glue.patch new file mode 100644 index 00000000..5d69a50b --- /dev/null +++ b/net-misc/openssh-x/files/openssh-6.1_p1-x509-hpn-glue.patch @@ -0,0 +1,49 @@ +--- a/Makefile.in ++++ b/Makefile.in +@@ -45,12 +45,13 @@ FIPSLD_CC=@FIPSLD_CC@ + CC=@CC@ + LD=@LD@ + CFLAGS=@CFLAGS@ +-CPPFLAGS=-I. -I$(srcdir) @CPPFLAGS@ @LDAP_CPPFLAGS@ $(PATHS) @DEFS@ ++CPPFLAGS=-I. -I$(srcdir) @CPPFLAGS@ $(PATHS) @DEFS@ + LIBS=@LIBS@ + SSHLIBS=@SSHLIBS@ + SSHDLIBS=@SSHDLIBS@ + LIBEDIT=@LIBEDIT@ + LIBLDAP=@LDAP_LDFLAGS@ @LDAP_LIBS@ ++CPPFLAGS+=@LDAP_CPPFLAGS@ + AR=@AR@ + AWK=@AWK@ + RANLIB=@RANLIB@ +--- a/sshconnect.c ++++ b/sshconnect.c +@@ -580,7 +580,7 @@ ssh_exchange_identification(int timeout_ms) + snprintf(buf, sizeof buf, "SSH-%d.%d-%.100s%s", + compat20 ? PROTOCOL_MAJOR_2 : PROTOCOL_MAJOR_1, + compat20 ? PROTOCOL_MINOR_2 : minor1, +- SSH_VERSION, compat20 ? " PKIX\r\n" : "\n"); ++ SSH_VERSION, compat20 ? "\r\n" : "\n"); + if (roaming_atomicio(vwrite, connection_out, buf, strlen(buf)) + != strlen(buf)) + fatal("write: %.100s", strerror(errno)); +--- a/sshd.c ++++ b/sshd.c +@@ -428,8 +428,8 @@ sshd_exchange_identification(int sock_in, int sock_out) + comment = ""; + } + +- xasprintf(&server_version_string, "SSH-%d.%d-%.100s%s%s%s%s", ++ xasprintf(&server_version_string, "SSH-%d.%d-%.100s%s%s%s", +- major, minor, SSH_VERSION, comment, ++ major, minor, SSH_VERSION, + *options.version_addendum == '\0' ? "" : " ", + options.version_addendum, newline); + +--- a/version.h ++++ b/version.h +@@ -3,4 +3,5 @@ + #define SSH_VERSION "OpenSSH_6.0" + + #define SSH_PORTABLE "p1" ++#define SSH_X509 " PKIX" + #define SSH_RELEASE SSH_VERSION SSH_PORTABLE diff --git a/net-misc/openssh-x/files/sshd.confd b/net-misc/openssh-x/files/sshd.confd new file mode 100644 index 00000000..28952b4a --- /dev/null +++ b/net-misc/openssh-x/files/sshd.confd @@ -0,0 +1,21 @@ +# /etc/conf.d/sshd: config file for /etc/init.d/sshd + +# Where is your sshd_config file stored? + +SSHD_CONFDIR="/etc/ssh" + + +# Any random options you want to pass to sshd. +# See the sshd(8) manpage for more info. + +SSHD_OPTS="" + + +# Pid file to use (needs to be absolute path). + +#SSHD_PIDFILE="/var/run/sshd.pid" + + +# Path to the sshd binary (needs to be absolute path). + +#SSHD_BINARY="/usr/sbin/sshd" diff --git a/net-misc/openssh-x/files/sshd.pam b/net-misc/openssh-x/files/sshd.pam new file mode 100644 index 00000000..51149402 --- /dev/null +++ b/net-misc/openssh-x/files/sshd.pam @@ -0,0 +1,9 @@ +#%PAM-1.0 + +auth required pam_stack.so service=system-auth +auth required pam_shells.so +auth required pam_nologin.so +account required pam_stack.so service=system-auth +password required pam_stack.so service=system-auth +session required pam_stack.so service=system-auth + diff --git a/net-misc/openssh-x/files/sshd.pam_include.2 b/net-misc/openssh-x/files/sshd.pam_include.2 new file mode 100644 index 00000000..b801aaaf --- /dev/null +++ b/net-misc/openssh-x/files/sshd.pam_include.2 @@ -0,0 +1,4 @@ +auth include system-remote-login +account include system-remote-login +password include system-remote-login +session include system-remote-login diff --git a/net-misc/openssh-x/files/sshd.rc6 b/net-misc/openssh-x/files/sshd.rc6 new file mode 100644 index 00000000..03160686 --- /dev/null +++ b/net-misc/openssh-x/files/sshd.rc6 @@ -0,0 +1,82 @@ +#!/sbin/runscript +# Copyright 1999-2011 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/net-misc/openssh/files/sshd.rc6,v 1.28 2011/12/04 10:08:19 swegener Exp $ + +extra_commands="checkconfig gen_keys" +extra_started_commands="reload" + +depend() { + use logger dns + need net +} + +SSHD_CONFDIR=${SSHD_CONFDIR:-/etc/ssh} +SSHD_PIDFILE=${SSHD_PIDFILE:-/var/run/${SVCNAME}.pid} +SSHD_BINARY=${SSHD_BINARY:-/usr/sbin/sshd} + +checkconfig() { + if [ ! -d /var/empty ] ; then + mkdir -p /var/empty || return 1 + fi + + if [ ! -e "${SSHD_CONFDIR}"/sshd_config ] ; then + eerror "You need an ${SSHD_CONFDIR}/sshd_config file to run sshd" + eerror "There is a sample file in /usr/share/doc/openssh" + return 1 + fi + + gen_keys || return 1 + + "${SSHD_BINARY}" -t ${myopts} || return 1 +} + +gen_keys() { + if [ ! -e "${SSHD_CONFDIR}"/ssh_host_key ] ; then + einfo "Generating Hostkey..." + /usr/bin/ssh-keygen -t rsa1 -f "${SSHD_CONFDIR}"/ssh_host_key -N '' || return 1 + fi + if [ ! -e "${SSHD_CONFDIR}"/ssh_host_dsa_key ] ; then + einfo "Generating DSA-Hostkey..." + /usr/bin/ssh-keygen -d -f "${SSHD_CONFDIR}"/ssh_host_dsa_key -N '' || return 1 + fi + if [ ! -e "${SSHD_CONFDIR}"/ssh_host_rsa_key ] ; then + einfo "Generating RSA-Hostkey..." + /usr/bin/ssh-keygen -t rsa -f "${SSHD_CONFDIR}"/ssh_host_rsa_key -N '' || return 1 + fi + return 0 +} + +start() { + local myopts="" + [ "${SSHD_PIDFILE}" != "/var/run/sshd.pid" ] \ + && myopts="${myopts} -o PidFile=${SSHD_PIDFILE}" + [ "${SSHD_CONFDIR}" != "/etc/ssh" ] \ + && myopts="${myopts} -f ${SSHD_CONFDIR}/sshd_config" + + checkconfig || return 1 + ebegin "Starting ${SVCNAME}" + start-stop-daemon --start --exec "${SSHD_BINARY}" \ + --pidfile "${SSHD_PIDFILE}" \ + -- ${myopts} ${SSHD_OPTS} + eend $? +} + +stop() { + if [ "${RC_CMD}" = "restart" ] ; then + checkconfig || return 1 + fi + + ebegin "Stopping ${SVCNAME}" + start-stop-daemon --stop --exec "${SSHD_BINARY}" \ + --pidfile "${SSHD_PIDFILE}" --quiet + eend $? +} + +reload() { + checkconfig || return 1 + ebegin "Reloading ${SVCNAME}" + start-stop-daemon --stop --signal HUP --oknodo \ + --exec "${SSHD_BINARY}" --pidfile "${SSHD_PIDFILE}" + eend $? +} diff --git a/net-misc/openssh-x/files/sshd.rc6.1 b/net-misc/openssh-x/files/sshd.rc6.1 new file mode 100644 index 00000000..6524601c --- /dev/null +++ b/net-misc/openssh-x/files/sshd.rc6.1 @@ -0,0 +1,83 @@ +#!/sbin/runscript +# Copyright 1999-2011 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/net-misc/openssh/files/sshd.rc6.1,v 1.2 2011/12/04 10:08:19 swegener Exp $ + +extra_commands="checkconfig gen_keys" +extra_started_commands="reload" + +depend() { + use logger dns + need net +} + +SSHD_CONFDIR=${SSHD_CONFDIR:-/etc/ssh} +SSHD_PIDFILE=${SSHD_PIDFILE:-/var/run/${SVCNAME}.pid} +SSHD_BINARY=${SSHD_BINARY:-/usr/sbin/sshd} + +checkconfig() { + if [ ! -d /var/empty ] ; then + mkdir -p /var/empty || return 1 + fi + + if [ ! -e "${SSHD_CONFDIR}"/sshd_config ] ; then + eerror "You need an ${SSHD_CONFDIR}/sshd_config file to run sshd" + eerror "There is a sample file in /usr/share/doc/openssh" + return 1 + fi + + gen_keys || return 1 + + "${SSHD_BINARY}" -t ${myopts} || return 1 +} + +gen_keys() { + if [ ! -e "${SSHD_CONFDIR}"/ssh_host_key ] && \ + egrep -q '^[ \t]*Protocol[ \t]+.*1' "${SSHD_CONFDIR}"/sshd_config ; then + einfo "Generating RSA1-Hostkey..." + /usr/bin/ssh-keygen -t rsa1 -f "${SSHD_CONFDIR}"/ssh_host_key -N '' || return 1 + fi + if [ ! -e "${SSHD_CONFDIR}"/ssh_host_dsa_key ] ; then + einfo "Generating DSA-Hostkey..." + /usr/bin/ssh-keygen -d -f "${SSHD_CONFDIR}"/ssh_host_dsa_key -N '' || return 1 + fi + if [ ! -e "${SSHD_CONFDIR}"/ssh_host_rsa_key ] ; then + einfo "Generating RSA-Hostkey..." + /usr/bin/ssh-keygen -t rsa -f "${SSHD_CONFDIR}"/ssh_host_rsa_key -N '' || return 1 + fi + return 0 +} + +start() { + local myopts="" + [ "${SSHD_PIDFILE}" != "/var/run/sshd.pid" ] \ + && myopts="${myopts} -o PidFile=${SSHD_PIDFILE}" + [ "${SSHD_CONFDIR}" != "/etc/ssh" ] \ + && myopts="${myopts} -f ${SSHD_CONFDIR}/sshd_config" + + checkconfig || return 1 + ebegin "Starting ${SVCNAME}" + start-stop-daemon --start --exec "${SSHD_BINARY}" \ + --pidfile "${SSHD_PIDFILE}" \ + -- ${myopts} ${SSHD_OPTS} + eend $? +} + +stop() { + if [ "${RC_CMD}" = "restart" ] ; then + checkconfig || return 1 + fi + + ebegin "Stopping ${SVCNAME}" + start-stop-daemon --stop --exec "${SSHD_BINARY}" \ + --pidfile "${SSHD_PIDFILE}" --quiet + eend $? +} + +reload() { + checkconfig || return 1 + ebegin "Reloading ${SVCNAME}" + start-stop-daemon --stop --signal HUP --oknodo \ + --exec "${SSHD_BINARY}" --pidfile "${SSHD_PIDFILE}" + eend $? +} diff --git a/net-misc/openssh-x/files/sshd.rc6.2 b/net-misc/openssh-x/files/sshd.rc6.2 new file mode 100644 index 00000000..22aaaad2 --- /dev/null +++ b/net-misc/openssh-x/files/sshd.rc6.2 @@ -0,0 +1,85 @@ +#!/sbin/runscript +# Copyright 1999-2011 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/net-misc/openssh/files/sshd.rc6.2,v 1.3 2011/12/04 10:08:19 swegener Exp $ + +extra_commands="checkconfig gen_keys" +extra_started_commands="reload" + +depend() { + use logger dns + need net +} + +SSHD_CONFDIR=${SSHD_CONFDIR:-/etc/ssh} +SSHD_PIDFILE=${SSHD_PIDFILE:-/var/run/${SVCNAME}.pid} +SSHD_BINARY=${SSHD_BINARY:-/usr/sbin/sshd} + +checkconfig() { + if [ ! -d /var/empty ] ; then + mkdir -p /var/empty || return 1 + fi + + if [ ! -e "${SSHD_CONFDIR}"/sshd_config ] ; then + eerror "You need an ${SSHD_CONFDIR}/sshd_config file to run sshd" + eerror "There is a sample file in /usr/share/doc/openssh" + return 1 + fi + + gen_keys || return 1 + + [ "${SSHD_PIDFILE}" != "/var/run/sshd.pid" ] \ + && SSHD_OPTS="${SSHD_OPTS} -o PidFile=${SSHD_PIDFILE}" + [ "${SSHD_CONFDIR}" != "/etc/ssh" ] \ + && SSHD_OPTS="${SSHD_OPTS} -f ${SSHD_CONFDIR}/sshd_config" + + "${SSHD_BINARY}" -t ${SSHD_OPTS} || return 1 +} + +gen_key() { + local type=$1 key ks + [ $# -eq 1 ] && ks="${type}_" + key="${SSHD_CONFDIR}/ssh_host_${ks}key" + if [ ! -e "${key}" ] ; then + ebegin "Generating ${type} host key" + ssh-keygen -t ${type} -f "${key}" -N '' + eend $? || return $? + fi +} + +gen_keys() { + if egrep -q '^[[:space:]]*Protocol[[:space:]]+.*1' "${SSHD_CONFDIR}"/sshd_config ; then + gen_key rsa1 "" || return 1 + fi + gen_key dsa && gen_key rsa && gen_key ecdsa + return $? +} + +start() { + checkconfig || return 1 + + ebegin "Starting ${SVCNAME}" + start-stop-daemon --start --exec "${SSHD_BINARY}" \ + --pidfile "${SSHD_PIDFILE}" \ + -- ${SSHD_OPTS} + eend $? +} + +stop() { + if [ "${RC_CMD}" = "restart" ] ; then + checkconfig || return 1 + fi + + ebegin "Stopping ${SVCNAME}" + start-stop-daemon --stop --exec "${SSHD_BINARY}" \ + --pidfile "${SSHD_PIDFILE}" --quiet + eend $? +} + +reload() { + checkconfig || return 1 + ebegin "Reloading ${SVCNAME}" + start-stop-daemon --stop --signal HUP --oknodo \ + --exec "${SSHD_BINARY}" --pidfile "${SSHD_PIDFILE}" + eend $? +} diff --git a/net-misc/openssh-x/files/sshd.rc6.3 b/net-misc/openssh-x/files/sshd.rc6.3 new file mode 100755 index 00000000..c55116e9 --- /dev/null +++ b/net-misc/openssh-x/files/sshd.rc6.3 @@ -0,0 +1,85 @@ +#!/sbin/runscript +# Copyright 1999-2011 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/net-misc/openssh/files/sshd.rc6.3,v 1.2 2011/09/14 21:46:19 polynomial-c Exp $ + +extra_commands="checkconfig gen_keys" +extra_started_commands="reload" + +depend() { + use logger dns + need net +} + +SSHD_CONFDIR=${SSHD_CONFDIR:-/etc/ssh} +SSHD_PIDFILE=${SSHD_PIDFILE:-/var/run/${SVCNAME}.pid} +SSHD_BINARY=${SSHD_BINARY:-/usr/sbin/sshd} + +checkconfig() { + if [ ! -d /var/empty ] ; then + mkdir -p /var/empty || return 1 + fi + + if [ ! -e "${SSHD_CONFDIR}"/sshd_config ] ; then + eerror "You need an ${SSHD_CONFDIR}/sshd_config file to run sshd" + eerror "There is a sample file in /usr/share/doc/openssh" + return 1 + fi + + gen_keys || return 1 + + [ "${SSHD_PIDFILE}" != "/var/run/sshd.pid" ] \ + && SSHD_OPTS="${SSHD_OPTS} -o PidFile=${SSHD_PIDFILE}" + [ "${SSHD_CONFDIR}" != "/etc/ssh" ] \ + && SSHD_OPTS="${SSHD_OPTS} -f ${SSHD_CONFDIR}/sshd_config" + + "${SSHD_BINARY}" -t ${SSHD_OPTS} || return 1 +} + +gen_key() { + local type=$1 key ks + [ $# -eq 1 ] && ks="${type}_" + key="${SSHD_CONFDIR}/ssh_host_${ks}key" + if [ ! -e "${key}" ] ; then + ebegin "Generating ${type} host key" + ssh-keygen -t ${type} -f "${key}" -N '' + eend $? || return $? + fi +} + +gen_keys() { + if egrep -q '^[[:space:]]*Protocol[[:space:]]+.*1' "${SSHD_CONFDIR}"/sshd_config ; then + gen_key rsa1 "" || return 1 + fi + gen_key dsa && gen_key rsa && gen_key ecdsa + return $? +} + +start() { + checkconfig || return 1 + + ebegin "Starting ${SVCNAME}" + start-stop-daemon --start --exec "${SSHD_BINARY}" \ + --pidfile "${SSHD_PIDFILE}" \ + -- ${SSHD_OPTS} + eend $? +} + +stop() { + if [ "${RC_CMD}" = "restart" ] ; then + checkconfig || return 1 + fi + + ebegin "Stopping ${SVCNAME}" + start-stop-daemon --stop --exec "${SSHD_BINARY}" \ + --pidfile "${SSHD_PIDFILE}" --quiet + eend $? +} + +reload() { + checkconfig || return 1 + ebegin "Reloading ${SVCNAME}" + start-stop-daemon --signal HUP \ + --exec "${SSHD_BINARY}" --pidfile "${SSHD_PIDFILE}" + eend $? +} diff --git a/net-misc/openssh-x/files/sshd.service b/net-misc/openssh-x/files/sshd.service new file mode 100644 index 00000000..45f823ac --- /dev/null +++ b/net-misc/openssh-x/files/sshd.service @@ -0,0 +1,10 @@ +[Unit] +Description=OpenSSH server daemon +After=syslog.target network.target auditd.service + +[Service] +ExecStart=/usr/sbin/sshd -D -e +ExecReload=/bin/kill -HUP $MAINPID + +[Install] +WantedBy=multi-user.target diff --git a/net-misc/openssh-x/files/sshd.socket b/net-misc/openssh-x/files/sshd.socket new file mode 100644 index 00000000..94b95331 --- /dev/null +++ b/net-misc/openssh-x/files/sshd.socket @@ -0,0 +1,10 @@ +[Unit] +Description=OpenSSH Server Socket +Conflicts=sshd.service + +[Socket] +ListenStream=22 +Accept=yes + +[Install] +WantedBy=sockets.target diff --git a/net-misc/openssh-x/files/sshd_at.service b/net-misc/openssh-x/files/sshd_at.service new file mode 100644 index 00000000..2645ad04 --- /dev/null +++ b/net-misc/openssh-x/files/sshd_at.service @@ -0,0 +1,8 @@ +[Unit] +Description=OpenSSH per-connection server daemon +After=syslog.target auditd.service + +[Service] +ExecStart=-/usr/sbin/sshd -i -e +StandardInput=socket +StandardError=syslog diff --git a/net-misc/openssh-x/metadata.xml b/net-misc/openssh-x/metadata.xml new file mode 100644 index 00000000..a7517337 --- /dev/null +++ b/net-misc/openssh-x/metadata.xml @@ -0,0 +1,28 @@ + + + + base-system + + robbat2@gentoo.org + LPK issues. Only assign if it's a direct LPK issue. Do not directly assign for anything else. + + +OpenSSH is a FREE version of the SSH protocol suite of network connectivity tools that +increasing numbers of people on the Internet are coming to rely on. Many users of telnet, +rlogin, ftp, and other such programs might not realize that their password is transmitted +across the Internet unencrypted, but it is. OpenSSH encrypts all traffic (including passwords) +to effectively eliminate eavesdropping, connection hijacking, and other network-level attacks. +Additionally, OpenSSH provides a myriad of secure tunneling capabilities, as well as a variety +of authentication methods. + +The OpenSSH suite includes the ssh program which replaces rlogin and telnet, scp which +replaces rcp, and sftp which replaces ftp. Also included is sshd which is the server side of +the package, and the other basic utilities like ssh-add, ssh-agent, ssh-keysign, ssh-keyscan, +ssh-keygen and sftp-server. OpenSSH supports SSH protocol versions 1.3, 1.5, and 2.0. + + + Enable high performance ssh + Add support for storing SSH public keys in LDAP + Adds support for X.509 certificate authentication + + diff --git a/net-misc/openssh-x/openssh-x-6.0_p1-r1.ebuild b/net-misc/openssh-x/openssh-x-6.0_p1-r1.ebuild new file mode 100644 index 00000000..66f79c8b --- /dev/null +++ b/net-misc/openssh-x/openssh-x-6.0_p1-r1.ebuild @@ -0,0 +1,294 @@ +# Copyright 1999-2012 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/net-misc/openssh/openssh-6.0_p1-r1.ebuild,v 1.1 2012/06/08 05:43:01 vapier Exp $ + +EAPI="2" +inherit eutils user flag-o-matic multilib autotools pam systemd + +# Make it more portable between straight releases +# and _p? releases. +PARCH=${P/_} + +HPN_PATCH="${PARCH}-hpn13v11.diff.bz2" +LDAP_PATCH="${PARCH/-/-lpk-}-0.3.14.patch.gz" +X509_VER="7.1" X509_PATCH="${PARCH}+x509-${X509_VER}.diff.gz" + +DESCRIPTION="Port of OpenBSD's free SSH release" +HOMEPAGE="http://www.openssh.org/" +SRC_URI="mirror://openbsd/OpenSSH/portable/${PARCH}.tar.gz + ${HPN_PATCH:+hpn? ( http://www.psc.edu/networking/projects/hpn-ssh/${HPN_PATCH} mirror://gentoo/${HPN_PATCH} )} + ${LDAP_PATCH:+ldap? ( mirror://gentoo/${LDAP_PATCH} )} + ${X509_PATCH:+X509? ( http://roumenpetrov.info/openssh/x509-${X509_VER}/${X509_PATCH} )} + " + +LICENSE="as-is" +SLOT="0" +KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd" +IUSE="${HPN_PATCH:++}hpn kerberos ldap libedit pam selinux skey static tcpd X X509" + +RDEPEND="pam? ( virtual/pam ) + kerberos? ( virtual/krb5 ) + selinux? ( >=sys-libs/libselinux-1.28 ) + skey? ( >=sys-auth/skey-1.1.5-r1 ) + ldap? ( net-nds/openldap ) + libedit? ( dev-libs/libedit ) + >=dev-libs/openssl-0.9.6d + >=sys-libs/zlib-1.2.3 + tcpd? ( >=sys-apps/tcp-wrappers-7.6 ) + X? ( x11-apps/xauth ) + userland_GNU? ( virtual/shadow )" +DEPEND="${RDEPEND} + virtual/pkgconfig + virtual/os-headers + sys-devel/autoconf" +RDEPEND="${RDEPEND} + pam? ( >=sys-auth/pambase-20081028 )" + +S=${WORKDIR}/${PARCH} + +pkg_setup() { + # this sucks, but i'd rather have people unable to `emerge -u openssh` + # than not be able to log in to their server any more + maybe_fail() { [[ -z ${!2} ]] && echo ${1} ; } + local fail=" + $(use X509 && maybe_fail X509 X509_PATCH) + $(use ldap && maybe_fail ldap LDAP_PATCH) + $(use hpn && maybe_fail hpn HPN_PATCH) + " + fail=$(echo ${fail}) + if [[ -n ${fail} ]] ; then + eerror "Sorry, but this version does not yet support features" + eerror "that you requested: ${fail}" + eerror "Please mask ${PF} for now and check back later:" + eerror " # echo '=${CATEGORY}/${PF}' >> /etc/portage/package.mask" + die "booooo" + fi +} + +save_version() { + # version.h patch conflict avoidence + mv version.h version.h.$1 + cp -f version.h.pristine version.h +} + +src_prepare() { + sed -i \ + -e '/_PATH_XAUTH/s:/usr/X11R6/bin/xauth:/usr/bin/xauth:' \ + pathnames.h || die + # keep this as we need it to avoid the conflict between LPK and HPN changing + # this file. + cp version.h version.h.pristine + + # don't break .ssh/authorized_keys2 for fun + sed -i '/^AuthorizedKeysFile/s:^:#:' sshd_config || die + + epatch "${FILESDIR}"/${PN}-5.9_p1-sshd-gssapi-multihomed.patch #378361 + if use X509 ; then + pushd .. >/dev/null + epatch "${FILESDIR}"/${PN}-6.0_p1-x509-glue.patch + popd >/dev/null + epatch "${WORKDIR}"/${X509_PATCH%.*} + epatch "${FILESDIR}"/${PN}-6.0_p1-x509-hpn-glue.patch + save_version X509 + fi + if ! use X509 ; then + if [[ -n ${LDAP_PATCH} ]] && use ldap ; then + epatch "${WORKDIR}"/${LDAP_PATCH%.*} + save_version LPK + fi + else + use ldap && ewarn "Sorry, X509 and LDAP conflict internally, disabling LDAP" + fi + epatch "${FILESDIR}"/${PN}-6.0_p1-test.patch #391011 + epatch "${FILESDIR}"/${PN}-6.0_p1-fix-freebsd-compilation.patch #391011 + epatch "${FILESDIR}"/${PN}-4.7_p1-GSSAPI-dns.patch #165444 integrated into gsskex + if [[ -n ${HPN_PATCH} ]] && use hpn; then + epatch "${WORKDIR}"/${HPN_PATCH%.*} + epatch "${FILESDIR}"/${PN}-5.6_p1-hpn-progressmeter.patch + save_version HPN + # The AES-CTR multithreaded variant is broken, and causes random hangs + # when combined background threading and control sockets. To avoid + # this, we change the internal table to use the non-multithread version + # for the meantime. Do NOT remove this in new versions. See bug #354113 + # comment #6 for testcase. + # Upstream reference: http://www.psc.edu/networking/projects/hpn-ssh/ + ## Additionally, the MT-AES-CTR mode cipher replaces the default ST-AES-CTR mode + ## cipher. Be aware that if the client process is forked using the -f command line + ## option the process will hang as the parent thread gets 'divorced' from the key + ## generation threads. This issue will be resolved as soon as possible + sed -i \ + -e '/aes...-ctr.*SSH_CIPHER_SSH2/s,evp_aes_ctr_mt,evp_aes_128_ctr,' \ + cipher.c || die + fi + + sed -i "s:-lcrypto:$(pkg-config --libs openssl):" configure{,.ac} || die + + # Disable PATH reset, trust what portage gives us. bug 254615 + sed -i -e 's:^PATH=/:#PATH=/:' configure || die + + # Now we can build a sane merged version.h + ( + sed '/^#define SSH_RELEASE/d' version.h.* | sort -u + macros=() + for p in HPN LPK X509 ; do [ -e version.h.${p} ] && macros+=( SSH_${p} ) ; done + printf '#define SSH_RELEASE SSH_VERSION SSH_PORTABLE %s\n' "${macros}" + ) > version.h + + eautoreconf +} + +static_use_with() { + local flag=$1 + if use static && use ${flag} ; then + ewarn "Disabling '${flag}' support because of USE='static'" + # rebuild args so that we invert the first one (USE flag) + # but otherwise leave everything else working so we can + # just leverage use_with + shift + [[ -z $1 ]] && flag="${flag} ${flag}" + set -- !${flag} "$@" + fi + use_with "$@" +} + +src_configure() { + addwrite /dev/ptmx + addpredict /etc/skey/skeykeys #skey configure code triggers this + + use static && append-ldflags -static + + econf \ + --with-ldflags="${LDFLAGS}" \ + --disable-strip \ + --sysconfdir=/etc/ssh \ + --libexecdir=/usr/$(get_libdir)/misc \ + --datadir=/usr/share/openssh \ + --with-privsep-path=/var/empty \ + --with-privsep-user=sshd \ + --with-md5-passwords \ + --with-ssl-engine \ + $(static_use_with pam) \ + $(static_use_with kerberos kerberos5 /usr) \ + ${LDAP_PATCH:+$(use X509 || ( use ldap && use_with ldap ))} \ + $(use_with libedit) \ + $(use_with selinux) \ + $(use_with skey) \ + $(use_with tcpd tcp-wrappers) +} + +src_install() { + emake install-nokeys DESTDIR="${D}" || die + fperms 600 /etc/ssh/sshd_config + dobin contrib/ssh-copy-id || die + newinitd "${FILESDIR}"/sshd.rc6.3 sshd + newconfd "${FILESDIR}"/sshd.confd sshd + keepdir /var/empty + + # not all openssl installs support ecc, or are functional #352645 + if ! grep -q '#define OPENSSL_HAS_ECC 1' config.h ; then + elog "dev-libs/openssl was built with 'bindist' - disabling ecdsa support" + dosed 's:&& gen_key ecdsa::' /etc/init.d/sshd || die + fi + + newpamd "${FILESDIR}"/sshd.pam_include.2 sshd + if use pam ; then + sed -i \ + -e "/^#UsePAM /s:.*:UsePAM yes:" \ + -e "/^#PasswordAuthentication /s:.*:PasswordAuthentication no:" \ + -e "/^#PrintMotd /s:.*:PrintMotd no:" \ + -e "/^#PrintLastLog /s:.*:PrintLastLog no:" \ + "${D}"/etc/ssh/sshd_config || die "sed of configuration file failed" + fi + + # Gentoo tweaks to default config files + cat <<-EOF >> "${D}"/etc/ssh/sshd_config + + # Allow client to pass locale environment variables #367017 + AcceptEnv LANG LC_* + EOF + cat <<-EOF >> "${D}"/etc/ssh/ssh_config + + # Send locale environment variables #367017 + SendEnv LANG LC_* + EOF + + # This instruction is from the HPN webpage, + # Used for the server logging functionality + if [[ -n ${HPN_PATCH} ]] && use hpn ; then + keepdir /var/empty/dev + fi + + if use ldap ; then + insinto /etc/openldap/schema/ + newins openssh-lpk_openldap.schema openssh-lpk.schema + fi + + doman contrib/ssh-copy-id.1 + dodoc ChangeLog CREDITS OVERVIEW README* TODO sshd_config + + diropts -m 0700 + dodir /etc/skel/.ssh + + systemd_dounit "${FILESDIR}"/sshd.{service,socket} || die + systemd_newunit "${FILESDIR}"/sshd_at.service 'sshd@.service' || die +} + +src_test() { + local t tests skipped failed passed shell + tests="interop-tests compat-tests" + skipped="" + shell=$(egetshell ${UID}) + if [[ ${shell} == */nologin ]] || [[ ${shell} == */false ]] ; then + elog "Running the full OpenSSH testsuite" + elog "requires a usable shell for the 'portage'" + elog "user, so we will run a subset only." + skipped="${skipped} tests" + else + tests="${tests} tests" + fi + # It will also attempt to write to the homedir .ssh + local sshhome=${T}/homedir + mkdir -p "${sshhome}"/.ssh + for t in ${tests} ; do + # Some tests read from stdin ... + HOMEDIR="${sshhome}" \ + emake -k -j1 ${t} > /etc/portage/package.mask" + die "booooo" + fi +} + +save_version() { + # version.h patch conflict avoidence + mv version.h version.h.$1 + cp -f version.h.pristine version.h +} + +src_prepare() { + sed -i \ + -e '/_PATH_XAUTH/s:/usr/X11R6/bin/xauth:/usr/bin/xauth:' \ + pathnames.h || die + # keep this as we need it to avoid the conflict between LPK and HPN changing + # this file. + cp version.h version.h.pristine + + # don't break .ssh/authorized_keys2 for fun + sed -i '/^AuthorizedKeysFile/s:^:#:' sshd_config || die + + epatch "${FILESDIR}"/${PN}-5.9_p1-sshd-gssapi-multihomed.patch #378361 + if use X509 ; then + pushd .. >/dev/null + epatch "${FILESDIR}"/${PN}-6.0_p1-x509-glue.patch + popd >/dev/null + epatch "${WORKDIR}"/${X509_PATCH%.*} + epatch "${FILESDIR}"/${PN}-6.0_p1-x509-hpn-glue.patch + save_version X509 + fi + if ! use X509 ; then + if [[ -n ${LDAP_PATCH} ]] && use ldap ; then + epatch "${WORKDIR}"/${LDAP_PATCH%.*} + save_version LPK + fi + else + use ldap && ewarn "Sorry, X509 and LDAP conflict internally, disabling LDAP" + fi + epatch "${FILESDIR}"/${PN}-6.0_p1-test.patch #391011 + epatch "${FILESDIR}"/${PN}-6.0_p1-fix-freebsd-compilation.patch #391011 + epatch "${FILESDIR}"/${PN}-4.7_p1-GSSAPI-dns.patch #165444 integrated into gsskex + if [[ -n ${HPN_PATCH} ]] && use hpn; then + epatch "${WORKDIR}"/${HPN_PATCH%.*} + epatch "${FILESDIR}"/${PN}-6.0_p1-hpn-progressmeter.patch + save_version HPN + # The AES-CTR multithreaded variant is broken, and causes random hangs + # when combined background threading and control sockets. To avoid + # this, we change the internal table to use the non-multithread version + # for the meantime. Do NOT remove this in new versions. See bug #354113 + # comment #6 for testcase. + # Upstream reference: http://www.psc.edu/networking/projects/hpn-ssh/ + ## Additionally, the MT-AES-CTR mode cipher replaces the default ST-AES-CTR mode + ## cipher. Be aware that if the client process is forked using the -f command line + ## option the process will hang as the parent thread gets 'divorced' from the key + ## generation threads. This issue will be resolved as soon as possible + sed -i \ + -e '/aes...-ctr.*SSH_CIPHER_SSH2/s,evp_aes_ctr_mt,evp_aes_128_ctr,' \ + cipher.c || die + fi + + sed -i "s:-lcrypto:$(pkg-config --libs openssl):" configure{,.ac} || die + + # Disable PATH reset, trust what portage gives us. bug 254615 + sed -i -e 's:^PATH=/:#PATH=/:' configure || die + + # Now we can build a sane merged version.h + ( + sed '/^#define SSH_RELEASE/d' version.h.* | sort -u + macros=() + for p in HPN LPK X509 ; do [ -e version.h.${p} ] && macros+=( SSH_${p} ) ; done + printf '#define SSH_RELEASE SSH_VERSION SSH_PORTABLE %s\n' "${macros}" + ) > version.h + + eautoreconf +} + +static_use_with() { + local flag=$1 + if use static && use ${flag} ; then + ewarn "Disabling '${flag}' support because of USE='static'" + # rebuild args so that we invert the first one (USE flag) + # but otherwise leave everything else working so we can + # just leverage use_with + shift + [[ -z $1 ]] && flag="${flag} ${flag}" + set -- !${flag} "$@" + fi + use_with "$@" +} + +src_configure() { + addwrite /dev/ptmx + addpredict /etc/skey/skeykeys #skey configure code triggers this + + use static && append-ldflags -static + + econf \ + --with-ldflags="${LDFLAGS}" \ + --disable-strip \ + --sysconfdir=/etc/ssh \ + --libexecdir=/usr/$(get_libdir)/misc \ + --datadir=/usr/share/openssh \ + --with-privsep-path=/var/empty \ + --with-privsep-user=sshd \ + --with-md5-passwords \ + --with-ssl-engine \ + $(static_use_with pam) \ + $(static_use_with kerberos kerberos5 /usr) \ + ${LDAP_PATCH:+$(use X509 || ( use ldap && use_with ldap ))} \ + $(use_with libedit) \ + $(use_with selinux) \ + $(use_with skey) \ + $(use_with tcpd tcp-wrappers) +} + +src_install() { + emake install-nokeys DESTDIR="${D}" || die + fperms 600 /etc/ssh/sshd_config + dobin contrib/ssh-copy-id || die + newinitd "${FILESDIR}"/sshd.rc6.3 sshd + newconfd "${FILESDIR}"/sshd.confd sshd + keepdir /var/empty + + # not all openssl installs support ecc, or are functional #352645 + if ! grep -q '#define OPENSSL_HAS_ECC 1' config.h ; then + elog "dev-libs/openssl was built with 'bindist' - disabling ecdsa support" + dosed 's:&& gen_key ecdsa::' /etc/init.d/sshd || die + fi + + newpamd "${FILESDIR}"/sshd.pam_include.2 sshd + if use pam ; then + sed -i \ + -e "/^#UsePAM /s:.*:UsePAM yes:" \ + -e "/^#PasswordAuthentication /s:.*:PasswordAuthentication no:" \ + -e "/^#PrintMotd /s:.*:PrintMotd no:" \ + -e "/^#PrintLastLog /s:.*:PrintLastLog no:" \ + "${D}"/etc/ssh/sshd_config || die "sed of configuration file failed" + fi + + # Gentoo tweaks to default config files + cat <<-EOF >> "${D}"/etc/ssh/sshd_config + + # Allow client to pass locale environment variables #367017 + AcceptEnv LANG LC_* + EOF + cat <<-EOF >> "${D}"/etc/ssh/ssh_config + + # Send locale environment variables #367017 + SendEnv LANG LC_* + EOF + + # This instruction is from the HPN webpage, + # Used for the server logging functionality + if [[ -n ${HPN_PATCH} ]] && use hpn ; then + keepdir /var/empty/dev + fi + + if use ldap ; then + insinto /etc/openldap/schema/ + newins openssh-lpk_openldap.schema openssh-lpk.schema + fi + + doman contrib/ssh-copy-id.1 + dodoc ChangeLog CREDITS OVERVIEW README* TODO sshd_config + + diropts -m 0700 + dodir /etc/skel/.ssh + + systemd_dounit "${FILESDIR}"/sshd.{service,socket} || die + systemd_newunit "${FILESDIR}"/sshd_at.service 'sshd@.service' || die +} + +src_test() { + local t tests skipped failed passed shell + tests="interop-tests compat-tests" + skipped="" + shell=$(egetshell ${UID}) + if [[ ${shell} == */nologin ]] || [[ ${shell} == */false ]] ; then + elog "Running the full OpenSSH testsuite" + elog "requires a usable shell for the 'portage'" + elog "user, so we will run a subset only." + skipped="${skipped} tests" + else + tests="${tests} tests" + fi + # It will also attempt to write to the homedir .ssh + local sshhome=${T}/homedir + mkdir -p "${sshhome}"/.ssh + for t in ${tests} ; do + # Some tests read from stdin ... + HOMEDIR="${sshhome}" \ + emake -k -j1 ${t} > /etc/portage/package.mask" + die "booooo" + fi +} + +save_version() { + # version.h patch conflict avoidence + mv version.h version.h.$1 + cp -f version.h.pristine version.h +} + +src_prepare() { + sed -i \ + -e '/_PATH_XAUTH/s:/usr/X11R6/bin/xauth:/usr/bin/xauth:' \ + pathnames.h || die + # keep this as we need it to avoid the conflict between LPK and HPN changing + # this file. + cp version.h version.h.pristine + + # don't break .ssh/authorized_keys2 for fun + sed -i '/^AuthorizedKeysFile/s:^:#:' sshd_config || die + + epatch "${FILESDIR}"/${MY_PN}-5.9_p1-sshd-gssapi-multihomed.patch #378361 + if use X509 ; then + pushd .. >/dev/null + epatch "${FILESDIR}"/${MY_PN}-6.1_p1-x509-glue.patch + popd >/dev/null + epatch "${WORKDIR}"/${X509_PATCH%.*} + epatch "${FILESDIR}"/${MY_PN}-6.1_p1-x509-hpn-glue.patch + save_version X509 + fi + if ! use X509 ; then + if [[ -n ${LDAP_PATCH} ]] && use ldap ; then + epatch "${WORKDIR}"/${LDAP_PATCH%.*} + save_version LPK + fi + else + use ldap && ewarn "Sorry, X509 and LDAP conflict internally, disabling LDAP" + fi + epatch "${FILESDIR}"/${MY_PN}-6.0_p1-fix-freebsd-compilation.patch #391011 + epatch "${FILESDIR}"/${MY_PN}-4.7_p1-GSSAPI-dns.patch #165444 integrated into gsskex + if [[ -n ${HPN_PATCH} ]] && use hpn; then + epatch "${WORKDIR}"/${HPN_PATCH%.*} + epatch "${FILESDIR}"/${MY_PN}-5.6_p1-hpn-progressmeter.patch + save_version HPN + # The AES-CTR multithreaded variant is broken, and causes random hangs + # when combined background threading and control sockets. To avoid + # this, we change the internal table to use the non-multithread version + # for the meantime. Do NOT remove this in new versions. See bug #354113 + # comment #6 for testcase. + # Upstream reference: http://www.psc.edu/networking/projects/hpn-ssh/ + ## Additionally, the MT-AES-CTR mode cipher replaces the default ST-AES-CTR mode + ## cipher. Be aware that if the client process is forked using the -f command line + ## option the process will hang as the parent thread gets 'divorced' from the key + ## generation threads. This issue will be resolved as soon as possible + sed -i \ + -e '/aes...-ctr.*SSH_CIPHER_SSH2/s,evp_aes_ctr_mt,evp_aes_128_ctr,' \ + cipher.c || die + fi + + sed -i "s:-lcrypto:$(pkg-config --libs openssl):" configure{,.ac} || die + + # Disable PATH reset, trust what portage gives us. bug 254615 + sed -i -e 's:^PATH=/:#PATH=/:' configure || die + + # Now we can build a sane merged version.h + ( + sed '/^#define SSH_RELEASE/d' version.h.* | sort -u + macros=() + for p in HPN LPK X509 ; do [ -e version.h.${p} ] && macros+=( SSH_${p} ) ; done + printf '#define SSH_RELEASE SSH_VERSION SSH_PORTABLE %s\n' "${macros}" + ) > version.h + + eautoreconf +} + +static_use_with() { + local flag=$1 + if use static && use ${flag} ; then + ewarn "Disabling '${flag}' support because of USE='static'" + # rebuild args so that we invert the first one (USE flag) + # but otherwise leave everything else working so we can + # just leverage use_with + shift + [[ -z $1 ]] && flag="${flag} ${flag}" + set -- !${flag} "$@" + fi + use_with "$@" +} + +src_configure() { + addwrite /dev/ptmx + addpredict /etc/skey/skeykeys #skey configure code triggers this + + use static && append-ldflags -static + + econf \ + --with-ldflags="${LDFLAGS}" \ + --disable-strip \ + --sysconfdir=/etc/ssh \ + --libexecdir=/usr/$(get_libdir)/misc \ + --datadir=/usr/share/openssh \ + --with-privsep-path=/var/empty \ + --with-privsep-user=sshd \ + --with-md5-passwords \ + --with-ssl-engine \ + $(static_use_with pam) \ + $(static_use_with kerberos kerberos5 /usr) \ + ${LDAP_PATCH:+$(use X509 || ( use ldap && use_with ldap ))} \ + $(use_with libedit) \ + $(use_with selinux) \ + $(use_with skey) \ + $(use_with tcpd tcp-wrappers) +} + +src_install() { + emake install-nokeys DESTDIR="${D}" || die + fperms 600 /etc/ssh/sshd_config + dobin contrib/ssh-copy-id || die + newinitd "${FILESDIR}"/sshd.rc6.3 sshd + newconfd "${FILESDIR}"/sshd.confd sshd + keepdir /var/empty + + # not all openssl installs support ecc, or are functional #352645 + if ! grep -q '#define OPENSSL_HAS_ECC 1' config.h ; then + elog "dev-libs/openssl was built with 'bindist' - disabling ecdsa support" + dosed 's:&& gen_key ecdsa::' /etc/init.d/sshd || die + fi + + newpamd "${FILESDIR}"/sshd.pam_include.2 sshd + if use pam ; then + sed -i \ + -e "/^#UsePAM /s:.*:UsePAM yes:" \ + -e "/^#PasswordAuthentication /s:.*:PasswordAuthentication no:" \ + -e "/^#PrintMotd /s:.*:PrintMotd no:" \ + -e "/^#PrintLastLog /s:.*:PrintLastLog no:" \ + "${D}"/etc/ssh/sshd_config || die "sed of configuration file failed" + fi + + # Gentoo tweaks to default config files + cat <<-EOF >> "${D}"/etc/ssh/sshd_config + + # Allow client to pass locale environment variables #367017 + AcceptEnv LANG LC_* + EOF + cat <<-EOF >> "${D}"/etc/ssh/ssh_config + + # Send locale environment variables #367017 + SendEnv LANG LC_* + EOF + + # This instruction is from the HPN webpage, + # Used for the server logging functionality + if [[ -n ${HPN_PATCH} ]] && use hpn ; then + keepdir /var/empty/dev + fi + + if use ldap ; then + insinto /etc/openldap/schema/ + newins openssh-lpk_openldap.schema openssh-lpk.schema + fi + + doman contrib/ssh-copy-id.1 + dodoc ChangeLog CREDITS OVERVIEW README* TODO sshd_config + + diropts -m 0700 + dodir /etc/skel/.ssh + + systemd_dounit "${FILESDIR}"/sshd.{service,socket} || die + systemd_newunit "${FILESDIR}"/sshd_at.service 'sshd@.service' || die +} + +src_test() { + local t tests skipped failed passed shell + tests="interop-tests compat-tests" + skipped="" + shell=$(egetshell ${UID}) + if [[ ${shell} == */nologin ]] || [[ ${shell} == */false ]] ; then + elog "Running the full OpenSSH testsuite" + elog "requires a usable shell for the 'portage'" + elog "user, so we will run a subset only." + skipped="${skipped} tests" + else + tests="${tests} tests" + fi + # It will also attempt to write to the homedir .ssh + local sshhome=${T}/homedir + mkdir -p "${sshhome}"/.ssh + for t in ${tests} ; do + # Some tests read from stdin ... + HOMEDIR="${sshhome}" \ + emake -k -j1 ${t}