summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--net-misc/openssh/files/digest-openssh-3.8.1_p1-r13
-rw-r--r--net-misc/openssh/files/openssh-3.7.1_p1-selinux.diff.bz2bin1353 -> 0 bytes
-rw-r--r--net-misc/openssh/files/openssh-3.8.1_p1-chroot.patch.bz2bin1119 -> 0 bytes
-rw-r--r--net-misc/openssh/files/openssh-3.8.1_p1-kerberos.patch.bz2bin465 -> 0 bytes
-rw-r--r--net-misc/openssh/files/openssh-3.8.1_p1-largekey.patch.bz2bin1304 -> 0 bytes
-rw-r--r--net-misc/openssh/files/openssh-3.8.1_p1-opensc.patch.bz2bin1381 -> 0 bytes
-rw-r--r--net-misc/openssh/files/openssh-3.8.1_p1-resolv_functions.patch.bz2bin315 -> 0 bytes
-rw-r--r--net-misc/openssh/files/openssh-3.8.1_p1-skey.patch.bz2bin270 -> 0 bytes
-rw-r--r--net-misc/openssh/files/openssh-3.8_p1-chroot.patch.bz2bin1119 -> 0 bytes
-rw-r--r--net-misc/openssh/files/openssh-3.8_p1-kerberos.patch.bz2bin465 -> 0 bytes
-rw-r--r--net-misc/openssh/files/openssh-3.8_p1-resolv_functions.patch.bz2bin315 -> 0 bytes
-rw-r--r--net-misc/openssh/files/openssh-3.8_p1-skey.patch.bz2bin270 -> 0 bytes
-rw-r--r--net-misc/openssh/files/openssh-3.9_p1-largekey.patch.bz2bin1262 -> 0 bytes
-rw-r--r--net-misc/openssh/files/openssh-3.9_p1-opensc.patch127
-rw-r--r--net-misc/openssh/files/openssh-3.9_p1-opensc.patch.bz2bin1381 -> 0 bytes
-rw-r--r--net-misc/openssh/files/openssh-3.9_p1-pamfix.patch97
-rw-r--r--net-misc/openssh/files/openssh-3.9_p1-pamfix.patch.bz2bin1125 -> 0 bytes
-rw-r--r--net-misc/openssh/files/openssh-3.9_p1-selinux.diff107
-rw-r--r--net-misc/openssh/files/openssh-3.9_p1-selinux.diff.bz2bin1307 -> 0 bytes
-rw-r--r--net-misc/openssh/files/openssh-3.9_p1-skey.patch11
-rw-r--r--net-misc/openssh/files/openssh-3.9_p1-skey.patch.bz2bin270 -> 0 bytes
-rw-r--r--net-misc/openssh/files/openssh-3.9_p1-terminal_restore.patch29
-rw-r--r--net-misc/openssh/files/openssh-3.9_p1-terminal_restore.patch.bz2bin332 -> 0 bytes
-rw-r--r--net-misc/openssh/openssh-3.8.1_p1-r1.ebuild144
-rw-r--r--net-misc/openssh/openssh-3.9_p1-r3.ebuild13
-rw-r--r--net-misc/openssh/openssh-4.0_p1-r2.ebuild9
-rw-r--r--net-misc/openssh/openssh-4.1_p1-r1.ebuild9
-rw-r--r--net-misc/openssh/openssh-4.2_p1.ebuild5
28 files changed, 387 insertions, 167 deletions
diff --git a/net-misc/openssh/files/digest-openssh-3.8.1_p1-r1 b/net-misc/openssh/files/digest-openssh-3.8.1_p1-r1
deleted file mode 100644
index e799b8d05c6a..000000000000
--- a/net-misc/openssh/files/digest-openssh-3.8.1_p1-r1
+++ /dev/null
@@ -1,3 +0,0 @@
-MD5 1dbfd40ae683f822ae917eebf171ca42 openssh-3.8.1p1.tar.gz 817932
-MD5 48db8e4857a32aa93506be8abd84b6b4 openssh-lpk-3.8.1p1-0.3.4.patch 44245
-MD5 c1cad487473e826dd8de554ac9856bc6 openssh-3.8.1p1+x509-5.1.diff.gz 161552
diff --git a/net-misc/openssh/files/openssh-3.7.1_p1-selinux.diff.bz2 b/net-misc/openssh/files/openssh-3.7.1_p1-selinux.diff.bz2
deleted file mode 100644
index 0d3075b14786..000000000000
--- a/net-misc/openssh/files/openssh-3.7.1_p1-selinux.diff.bz2
+++ /dev/null
Binary files differ
diff --git a/net-misc/openssh/files/openssh-3.8.1_p1-chroot.patch.bz2 b/net-misc/openssh/files/openssh-3.8.1_p1-chroot.patch.bz2
deleted file mode 100644
index f1a759d5c205..000000000000
--- a/net-misc/openssh/files/openssh-3.8.1_p1-chroot.patch.bz2
+++ /dev/null
Binary files differ
diff --git a/net-misc/openssh/files/openssh-3.8.1_p1-kerberos.patch.bz2 b/net-misc/openssh/files/openssh-3.8.1_p1-kerberos.patch.bz2
deleted file mode 100644
index 8f04e301049f..000000000000
--- a/net-misc/openssh/files/openssh-3.8.1_p1-kerberos.patch.bz2
+++ /dev/null
Binary files differ
diff --git a/net-misc/openssh/files/openssh-3.8.1_p1-largekey.patch.bz2 b/net-misc/openssh/files/openssh-3.8.1_p1-largekey.patch.bz2
deleted file mode 100644
index 29a4bc57ea0b..000000000000
--- a/net-misc/openssh/files/openssh-3.8.1_p1-largekey.patch.bz2
+++ /dev/null
Binary files differ
diff --git a/net-misc/openssh/files/openssh-3.8.1_p1-opensc.patch.bz2 b/net-misc/openssh/files/openssh-3.8.1_p1-opensc.patch.bz2
deleted file mode 100644
index 7415c6ee1c30..000000000000
--- a/net-misc/openssh/files/openssh-3.8.1_p1-opensc.patch.bz2
+++ /dev/null
Binary files differ
diff --git a/net-misc/openssh/files/openssh-3.8.1_p1-resolv_functions.patch.bz2 b/net-misc/openssh/files/openssh-3.8.1_p1-resolv_functions.patch.bz2
deleted file mode 100644
index af4b3ac7537a..000000000000
--- a/net-misc/openssh/files/openssh-3.8.1_p1-resolv_functions.patch.bz2
+++ /dev/null
Binary files differ
diff --git a/net-misc/openssh/files/openssh-3.8.1_p1-skey.patch.bz2 b/net-misc/openssh/files/openssh-3.8.1_p1-skey.patch.bz2
deleted file mode 100644
index 2c403f8dc079..000000000000
--- a/net-misc/openssh/files/openssh-3.8.1_p1-skey.patch.bz2
+++ /dev/null
Binary files differ
diff --git a/net-misc/openssh/files/openssh-3.8_p1-chroot.patch.bz2 b/net-misc/openssh/files/openssh-3.8_p1-chroot.patch.bz2
deleted file mode 100644
index f1a759d5c205..000000000000
--- a/net-misc/openssh/files/openssh-3.8_p1-chroot.patch.bz2
+++ /dev/null
Binary files differ
diff --git a/net-misc/openssh/files/openssh-3.8_p1-kerberos.patch.bz2 b/net-misc/openssh/files/openssh-3.8_p1-kerberos.patch.bz2
deleted file mode 100644
index 8f04e301049f..000000000000
--- a/net-misc/openssh/files/openssh-3.8_p1-kerberos.patch.bz2
+++ /dev/null
Binary files differ
diff --git a/net-misc/openssh/files/openssh-3.8_p1-resolv_functions.patch.bz2 b/net-misc/openssh/files/openssh-3.8_p1-resolv_functions.patch.bz2
deleted file mode 100644
index af4b3ac7537a..000000000000
--- a/net-misc/openssh/files/openssh-3.8_p1-resolv_functions.patch.bz2
+++ /dev/null
Binary files differ
diff --git a/net-misc/openssh/files/openssh-3.8_p1-skey.patch.bz2 b/net-misc/openssh/files/openssh-3.8_p1-skey.patch.bz2
deleted file mode 100644
index 2c403f8dc079..000000000000
--- a/net-misc/openssh/files/openssh-3.8_p1-skey.patch.bz2
+++ /dev/null
Binary files differ
diff --git a/net-misc/openssh/files/openssh-3.9_p1-largekey.patch.bz2 b/net-misc/openssh/files/openssh-3.9_p1-largekey.patch.bz2
deleted file mode 100644
index cd3006158bfd..000000000000
--- a/net-misc/openssh/files/openssh-3.9_p1-largekey.patch.bz2
+++ /dev/null
Binary files differ
diff --git a/net-misc/openssh/files/openssh-3.9_p1-opensc.patch b/net-misc/openssh/files/openssh-3.9_p1-opensc.patch
new file mode 100644
index 000000000000..48ba1b25e302
--- /dev/null
+++ b/net-misc/openssh/files/openssh-3.9_p1-opensc.patch
@@ -0,0 +1,127 @@
+Index: scard-opensc.c
+===================================================================
+RCS file: /cvs/openssh/scard-opensc.c,v
+retrieving revision 1.12
+--- scard-opensc.c
++++ scard-opensc.c
+@@ -38,6 +38,8 @@
+ #include "readpass.h"
+ #include "scard.h"
+
++int ask_for_pin=0;
++
+ #if OPENSSL_VERSION_NUMBER < 0x00907000L && defined(CRYPTO_LOCK_ENGINE)
+ #define USE_ENGINE
+ #define RSA_get_default_method RSA_get_default_openssl_method
+@@ -119,6 +121,7 @@
+ struct sc_pkcs15_prkey_info *key;
+ struct sc_pkcs15_object *pin_obj;
+ struct sc_pkcs15_pin_info *pin;
++ char *passphrase = NULL;
+
+ priv = (struct sc_priv_data *) RSA_get_app_data(rsa);
+ if (priv == NULL)
+@@ -156,24 +159,47 @@
+ goto err;
+ }
+ pin = pin_obj->data;
++
++ if (sc_pin)
++ passphrase = sc_pin;
++ else if (ask_for_pin) {
++ /* we need a pin but don't have one => ask for the pin */
++ char prompt[64];
++
++ snprintf(prompt, sizeof(prompt), "Enter PIN for %s: ",
++ key_obj->label ? key_obj->label : "smartcard key");
++ passphrase = read_passphrase(prompt, 0);
++ if (!passphrase || !strcmp(passphrase, ""))
++ goto err;
++ } else
++ /* no pin => error */
++ goto err;
++
+ r = sc_lock(card);
+ if (r) {
+ error("Unable to lock smartcard: %s", sc_strerror(r));
+ goto err;
+ }
+- if (sc_pin != NULL) {
+- r = sc_pkcs15_verify_pin(p15card, pin, sc_pin,
+- strlen(sc_pin));
+- if (r) {
+- sc_unlock(card);
+- error("PIN code verification failed: %s",
+- sc_strerror(r));
+- goto err;
+- }
++ r = sc_pkcs15_verify_pin(p15card, pin, passphrase,
++ strlen(passphrase));
++ if (r) {
++ sc_unlock(card);
++ error("PIN code verification failed: %s",
++ sc_strerror(r));
++ goto err;
+ }
++
+ *key_obj_out = key_obj;
++ if (!sc_pin) {
++ memset(passphrase, 0, strlen(passphrase));
++ xfree(passphrase);
++ }
+ return 0;
+ err:
++ if (!sc_pin && passphrase) {
++ memset(passphrase, 0, strlen(passphrase));
++ xfree(passphrase);
++ }
+ sc_close();
+ return -1;
+ }
+Index: scard.c
+===================================================================
+RCS file: /cvs/openssh/scard.c,v
+retrieving revision 1.27
+--- scard.c
++++ scard.c
+@@ -35,6 +35,9 @@
+ #include "readpass.h"
+ #include "scard.h"
+
++/* currently unused */
++int ask_for_pin = 0;
++
+ #if OPENSSL_VERSION_NUMBER < 0x00907000L
+ #define USE_ENGINE
+ #define RSA_get_default_method RSA_get_default_openssl_method
+Index: scard.h
+===================================================================
+RCS file: /cvs/openssh/scard.h,v
+retrieving revision 1.10
+--- scard.h
++++ scard.h
+@@ -33,6 +33,8 @@
+ #define SCARD_ERROR_NOCARD -2
+ #define SCARD_ERROR_APPLET -3
+
++extern int ask_for_pin;
++
+ Key **sc_get_keys(const char *, const char *);
+ void sc_close(void);
+ int sc_put_key(Key *, const char *);
+Index: ssh.c
+===================================================================
+RCS file: /cvs/openssh/ssh.c,v
+retrieving revision 1.180
+--- ssh.c
++++ ssh.c
+@@ -1155,6 +1155,9 @@
+ #ifdef SMARTCARD
+ Key **keys;
+
++ if (!options.batch_mode)
++ ask_for_pin = 1;
++
+ if (options.smartcard_device != NULL &&
+ options.num_identity_files < SSH_MAX_IDENTITY_FILES &&
+ (keys = sc_get_keys(options.smartcard_device, NULL)) != NULL ) {
diff --git a/net-misc/openssh/files/openssh-3.9_p1-opensc.patch.bz2 b/net-misc/openssh/files/openssh-3.9_p1-opensc.patch.bz2
deleted file mode 100644
index 7415c6ee1c30..000000000000
--- a/net-misc/openssh/files/openssh-3.9_p1-opensc.patch.bz2
+++ /dev/null
Binary files differ
diff --git a/net-misc/openssh/files/openssh-3.9_p1-pamfix.patch b/net-misc/openssh/files/openssh-3.9_p1-pamfix.patch
new file mode 100644
index 000000000000..c1f060fd4083
--- /dev/null
+++ b/net-misc/openssh/files/openssh-3.9_p1-pamfix.patch
@@ -0,0 +1,97 @@
+Index: auth-chall.c
+===================================================================
+RCS file: /usr/local/src/security/openssh/cvs/openssh_cvs/auth-chall.c,v
+retrieving revision 1.14
+--- auth-chall.c
++++ auth-chall.c
+@@ -28,11 +28,13 @@ RCSID("$OpenBSD: auth-chall.c,v 1.9 2003
+ #include "auth.h"
+ #include "log.h"
+ #include "xmalloc.h"
++#include "servconf.h"
+
+ /* limited protocol v1 interface to kbd-interactive authentication */
+
+ extern KbdintDevice *devices[];
+ static KbdintDevice *device;
++extern ServerOptions options;
+
+ char *
+ get_challenge(Authctxt *authctxt)
+@@ -40,6 +42,11 @@ get_challenge(Authctxt *authctxt)
+ char *challenge, *name, *info, **prompts;
+ u_int i, numprompts;
+ u_int *echo_on;
++
++#ifdef USE_PAM
++ if (!options.use_pam)
++ remove_kbdint_device("pam");
++#endif
+
+ device = devices[0]; /* we always use the 1st device for protocol 1 */
+ if (device == NULL)
+Index: auth.h
+===================================================================
+RCS file: /usr/local/src/security/openssh/cvs/openssh_cvs/auth.h,v
+retrieving revision 1.63
+--- auth.h
++++ auth.h
+@@ -130,6 +130,8 @@ int auth_shadow_pwexpired(Authctxt *);
+ #endif
+
+ #include "auth-pam.h"
++void remove_kbdint_device(const char *);
++
+ void disable_forwarding(void);
+
+ void do_authentication(Authctxt *);
+Index: auth2-chall.c
+===================================================================
+RCS file: /usr/local/src/security/openssh/cvs/openssh_cvs/auth2-chall.c,v
+retrieving revision 1.23
+--- auth2-chall.c
++++ auth2-chall.c
+@@ -32,6 +32,10 @@ RCSID("$OpenBSD: auth2-chall.c,v 1.21 20
+ #include "xmalloc.h"
+ #include "dispatch.h"
+ #include "log.h"
++#include "servconf.h"
++
++/* import */
++extern ServerOptions options;
+
+ static int auth2_challenge_start(Authctxt *);
+ static int send_userauth_info_request(Authctxt *);
+@@ -71,12 +75,32 @@ struct KbdintAuthctxt
+ u_int nreq;
+ };
+
++#ifdef USE_PAM
++void
++remove_kbdint_device(const char *devname)
++{
++ int i, j;
++
++ for (i = 0; devices[i] != NULL; i++)
++ if (strcmp(devices[i]->name, devname) == 0) {
++ for (j = i; devices[j] != NULL; j++)
++ devices[j] = devices[j+1];
++ i--;
++ }
++}
++#endif
++
+ static KbdintAuthctxt *
+ kbdint_alloc(const char *devs)
+ {
+ KbdintAuthctxt *kbdintctxt;
+ Buffer b;
+ int i;
++
++#ifdef USE_PAM
++ if (!options.use_pam)
++ remove_kbdint_device("pam");
++#endif
+
+ kbdintctxt = xmalloc(sizeof(KbdintAuthctxt));
+ if (strcmp(devs, "") == 0) {
diff --git a/net-misc/openssh/files/openssh-3.9_p1-pamfix.patch.bz2 b/net-misc/openssh/files/openssh-3.9_p1-pamfix.patch.bz2
deleted file mode 100644
index 47fffb2f08f6..000000000000
--- a/net-misc/openssh/files/openssh-3.9_p1-pamfix.patch.bz2
+++ /dev/null
Binary files differ
diff --git a/net-misc/openssh/files/openssh-3.9_p1-selinux.diff b/net-misc/openssh/files/openssh-3.9_p1-selinux.diff
new file mode 100644
index 000000000000..ae57ba3c461c
--- /dev/null
+++ b/net-misc/openssh/files/openssh-3.9_p1-selinux.diff
@@ -0,0 +1,107 @@
+--- openssh-3.7.1p1/Makefile.in
++++ openssh-3.7.1p1/Makefile.in
+@@ -40,7 +40,7 @@
+
+ CC=@CC@
+ LD=@LD@
+-CFLAGS=@CFLAGS@
++CFLAGS=@CFLAGS@ -DWITH_SELINUX
+ CPPFLAGS=-I. -I$(srcdir) @CPPFLAGS@ $(PATHS) @DEFS@
+ LIBS=@LIBS@
+ LIBPAM=@LIBPAM@
+@@ -53,7 +53,7 @@
+ SED=@SED@
+ ENT=@ENT@
+ XAUTH_PATH=@XAUTH_PATH@
+-LDFLAGS=-L. -Lopenbsd-compat/ @LDFLAGS@
++LDFLAGS=-L. -Lopenbsd-compat/ @LDFLAGS@ -lselinux
+ EXEEXT=@EXEEXT@
+
+ INSTALL_SSH_PRNG_CMDS=@INSTALL_SSH_PRNG_CMDS@
+--- openssh-3.7.1p1/session.c
++++ openssh-3.7.1p1/session.c
+@@ -66,6 +66,11 @@
+ #include "ssh-gss.h"
+ #endif
+
++#ifdef WITH_SELINUX
++#include <selinux/get_context_list.h>
++#include <selinux/selinux.h>
++#endif
++
+ /* func */
+
+ Session *session_new(void);
+@@ -1304,6 +1309,19 @@
+ #endif
+ if (getuid() != pw->pw_uid || geteuid() != pw->pw_uid)
+ fatal("Failed to set uids to %u.", (u_int) pw->pw_uid);
++#ifdef WITH_SELINUX
++ if (is_selinux_enabled())
++ {
++ security_context_t scontext;
++ if (get_default_context(pw->pw_name,NULL,&scontext))
++ fatal("Failed to get default security context for %s.", pw->pw_name);
++ if (setexeccon(scontext)) {
++ freecon(scontext);
++ fatal("Failed to set exec security context %s for %s.", scontext, pw->pw_name);
++ }
++ freecon(scontext);
++ }
++#endif
+ }
+
+ static void
+--- openssh-3.7.1p1/sshpty.c
++++ openssh-3.7.1p1/sshpty.c
+@@ -30,6 +30,12 @@
+ #define O_NOCTTY 0
+ #endif
+
++#ifdef WITH_SELINUX
++#include <selinux/flask.h>
++#include <selinux/get_context_list.h>
++#include <selinux/selinux.h>
++#endif
++
+ /*
+ * Allocates and opens a pty. Returns 0 if no pty could be allocated, or
+ * nonzero if a pty was successfully allocated. On success, open file
+@@ -196,6 +202,37 @@
+ * Warn but continue if filesystem is read-only and the uids match/
+ * tty is owned by root.
+ */
++#ifdef WITH_SELINUX
++ if (is_selinux_enabled()) {
++ security_context_t new_tty_context=NULL,
++ user_context=NULL, old_tty_context=NULL;
++
++ if (get_default_context(pw->pw_name,NULL,&user_context))
++ fatal("Failed to get default security context for %s.", pw->pw_name);
++
++ if (getfilecon(tty, &old_tty_context)<0) {
++ error("getfilecon(%.100s) failed: %.100s", tty,
++ strerror(errno));
++ }
++ else
++ {
++ if ( security_compute_relabel(user_context,old_tty_context,SECCLASS_CHR_FILE,&new_tty_context)!=0) {
++ error("security_compute_relabel(%.100s) failed: %.100s", tty,
++ strerror(errno));
++ }
++ else
++ {
++ if (setfilecon (tty, new_tty_context) != 0) {
++ error("setfilecon(%.100s, %s) failed: %.100s",
++ tty, new_tty_context, strerror(errno));
++ }
++ freecon(new_tty_context);
++ }
++ freecon(old_tty_context);
++ }
++ freecon(user_context);
++ }
++#endif
+ if (stat(tty, &st))
+ fatal("stat(%.100s) failed: %.100s", tty,
+ strerror(errno));
diff --git a/net-misc/openssh/files/openssh-3.9_p1-selinux.diff.bz2 b/net-misc/openssh/files/openssh-3.9_p1-selinux.diff.bz2
deleted file mode 100644
index b51c746e4921..000000000000
--- a/net-misc/openssh/files/openssh-3.9_p1-selinux.diff.bz2
+++ /dev/null
Binary files differ
diff --git a/net-misc/openssh/files/openssh-3.9_p1-skey.patch b/net-misc/openssh/files/openssh-3.9_p1-skey.patch
new file mode 100644
index 000000000000..2ae24fe726bd
--- /dev/null
+++ b/net-misc/openssh/files/openssh-3.9_p1-skey.patch
@@ -0,0 +1,11 @@
+--- configure.ac
++++ configure.ac
+@@ -721,7 +721,7 @@
+ [
+ #include <stdio.h>
+ #include <skey.h>
+-int main() { char *ff = skey_keyinfo(""); ff=""; exit(0); }
++int main() { char *ff = "true"; ff=""; exit(0); }
+ ],
+ [AC_MSG_RESULT(yes)],
+ [
diff --git a/net-misc/openssh/files/openssh-3.9_p1-skey.patch.bz2 b/net-misc/openssh/files/openssh-3.9_p1-skey.patch.bz2
deleted file mode 100644
index 2c403f8dc079..000000000000
--- a/net-misc/openssh/files/openssh-3.9_p1-skey.patch.bz2
+++ /dev/null
Binary files differ
diff --git a/net-misc/openssh/files/openssh-3.9_p1-terminal_restore.patch b/net-misc/openssh/files/openssh-3.9_p1-terminal_restore.patch
new file mode 100644
index 000000000000..0bbfdd99ef40
--- /dev/null
+++ b/net-misc/openssh/files/openssh-3.9_p1-terminal_restore.patch
@@ -0,0 +1,29 @@
+--- scp.c
++++ scp.c
+@@ -112,8 +112,10 @@
+ static void
+ killchild(int signo)
+ {
+- if (do_cmd_pid > 1)
++ if (do_cmd_pid > 1) {
+ kill(do_cmd_pid, signo);
++ waitpid(do_cmd_pid, NULL, 0);
++ }
+
+ _exit(1);
+ }
+--- sftp.c
++++ sftp.c
+@@ -144,9 +144,10 @@
+ static void
+ killchild(int signo)
+ {
+- if (sshpid > 1)
++ if (sshpid > 1) {
+ kill(sshpid, SIGTERM);
+-
++ waitpid(sshpid, NULL, 0);
++ }
+ _exit(1);
+ }
+
diff --git a/net-misc/openssh/files/openssh-3.9_p1-terminal_restore.patch.bz2 b/net-misc/openssh/files/openssh-3.9_p1-terminal_restore.patch.bz2
deleted file mode 100644
index c847c98b3b7f..000000000000
--- a/net-misc/openssh/files/openssh-3.9_p1-terminal_restore.patch.bz2
+++ /dev/null
Binary files differ
diff --git a/net-misc/openssh/openssh-3.8.1_p1-r1.ebuild b/net-misc/openssh/openssh-3.8.1_p1-r1.ebuild
deleted file mode 100644
index a3080ab8f319..000000000000
--- a/net-misc/openssh/openssh-3.8.1_p1-r1.ebuild
+++ /dev/null
@@ -1,144 +0,0 @@
-# Copyright 1999-2005 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/net-misc/openssh/openssh-3.8.1_p1-r1.ebuild,v 1.27 2005/10/19 03:32:26 vapier Exp $
-
-inherit eutils flag-o-matic ccc
-
-# Make it more portable between straight releases
-# and _p? releases.
-PARCH=${P/_/}
-
-X509_PATCH="${PARCH}+x509-5.1.diff.gz"
-SELINUX_PATCH="openssh-3.7.1_p1-selinux.diff"
-LDAP_PATCH="${PARCH/-/-lpk-}-0.3.4.patch"
-
-DESCRIPTION="Port of OpenBSD's free SSH release"
-HOMEPAGE="http://www.openssh.com/"
-SRC_URI="mirror://openbsd/OpenSSH/portable/${PARCH}.tar.gz
- ldap? ( http://www.opendarwin.org/en/projects/openssh-lpk/files/${LDAP_PATCH} )
- X509? ( http://roumenpetrov.info/openssh/x509-5.1/${X509_PATCH} )"
-
-LICENSE="as-is"
-SLOT="0"
-KEYWORDS="alpha amd64 arm hppa ia64 mips ppc ppc64 s390 sparc x86"
-IUSE="ipv6 static pam tcpd kerberos skey selinux chroot X509 ldap smartcard"
-
-# openssh recognizes when openssl has been slightly upgraded and refuses to run.
-# This new rev will use the new openssl.
-RDEPEND="pam? ( >=sys-libs/pam-0.73 )
- kerberos? ( virtual/krb5 )
- selinux? ( sys-libs/libselinux )
- skey? ( >=app-admin/skey-1.1.5-r1 )
- ldap? ( net-nds/openldap )
- >=dev-libs/openssl-0.9.6d
- >=sys-libs/zlib-1.2.3
- smartcard? ( dev-libs/opensc )
- tcpd? ( >=sys-apps/tcp-wrappers-7.6 )"
-DEPEND="${RDEPEND}
- virtual/os-headers
- sys-devel/autoconf"
-PROVIDE="virtual/ssh"
-
-S=${WORKDIR}/${PARCH}
-
-src_unpack() {
- unpack ${PARCH}.tar.gz
- cd "${S}"
-
- sed -i \
- -e '/_PATH_XAUTH/s:/usr/X11R6/bin/xauth:/usr/bin/xauth:' \
- pathnames.h || die
-
- epatch "${FILESDIR}"/${P}-resolv_functions.patch.bz2
-
- use selinux && epatch "${FILESDIR}"/${SELINUX_PATCH}.bz2
- use skey && epatch "${FILESDIR}"/${P}-skey.patch.bz2
- use chroot && epatch "${FILESDIR}"/${P}-chroot.patch.bz2
- use X509 && epatch "${DISTDIR}"/${X509_PATCH}
- use smartcard && epatch "${FILESDIR}"/${P}-opensc.patch.bz2
- if use ldap ; then
- if use X509 ; then
- ewarn "Sorry, x509 and ldap don't get along"
- else
- epatch "${DISTDIR}"/${LDAP_PATCH}
- fi
- fi
-
- autoconf || die "autoconf failed"
-}
-
-src_compile() {
- addwrite /dev/ptmx
-
- # make sure .sbss is large enough
- use skey && use alpha && append-ldflags -mlarge-data
- if use ldap ; then
- filter-flags -funroll-loops
- append-ldflags -lldap
- append-flags -DWITH_LDAP_PUBKEY
- fi
- use selinux && append-flags -DWITH_SELINUX
- use static && append-ldflags -static
-
- local myconf=""
- use ipv6 || myconf="${myconf} --with-ipv4-default"
- use kerberos && myconf="${myconf} --with-kerberos5=/usr" || \
- myconf="${myconf} --without-kerberos5"
-
- econf \
- --with-ldflags="${LDFLAGS}" \
- --disable-strip \
- --sysconfdir=/etc/ssh \
- --libexecdir=/usr/lib/misc \
- --datadir=/usr/share/openssh \
- --disable-suid-ssh \
- --with-privsep-path=/var/empty \
- --with-privsep-user=sshd \
- --with-md5-passwords \
- $(use_with tcpd tcp-wrappers) \
- $(use_with pam) \
- $(use_with skey) \
- $(use_with smartcard opensc) \
- ${myconf} \
- || die "bad configure"
-
-# use static && {
-# # statically link to libcrypto -- good for the boot cd
-# sed -i "s:-lcrypto:/usr/lib/libcrypto.a:g" Makefile
-# }
-
- emake || die "compile problem"
-}
-
-src_install() {
- make install-files DESTDIR="${D}" || die
- chmod 600 "${D}"/etc/ssh/sshd_config
- dodoc ChangeLog CREDITS OVERVIEW README* TODO sshd_config
- use pam && ( insinto /etc/pam.d ; newins "${FILESDIR}"/sshd.pam sshd )
- newinitd "${FILESDIR}"/sshd.rc6 sshd
- keepdir /var/empty
- dosed "/^#Protocol /s:.*:Protocol 2:" /etc/ssh/sshd_config
- use pam && dosed "/^#UsePAM /s:.*:UsePAM yes:" /etc/ssh/sshd_config
-}
-
-pkg_postinst() {
- enewgroup sshd 22
- enewuser sshd 22 -1 /var/empty sshd
-
- ewarn "Remember to merge your config files in /etc/ssh/ and then"
- ewarn "restart sshd: '/etc/init.d/sshd restart'."
- ewarn
- einfo "As of version 3.4 the default is to enable the UsePrivelegeSeparation"
- einfo "functionality, but please ensure that you do not explicitly disable"
- einfo "this in your configuration as disabling it opens security holes"
- einfo
- einfo "This revision has removed your sshd user id and replaced it with a"
- einfo "new one with UID 22. If you have any scripts or programs that"
- einfo "that referenced the old UID directly, you will need to update them."
- einfo
- use pam && {
- einfo "Please be aware users need a valid shell in /etc/passwd"
- einfo "in order to be allowed to login."
- einfo
- }
-}
diff --git a/net-misc/openssh/openssh-3.9_p1-r3.ebuild b/net-misc/openssh/openssh-3.9_p1-r3.ebuild
index 3224ab9297b1..c64529c780c1 100644
--- a/net-misc/openssh/openssh-3.9_p1-r3.ebuild
+++ b/net-misc/openssh/openssh-3.9_p1-r3.ebuild
@@ -1,6 +1,6 @@
# Copyright 1999-2005 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/net-misc/openssh/openssh-3.9_p1-r3.ebuild,v 1.9 2005/10/19 03:32:26 vapier Exp $
+# $Header: /var/cvsroot/gentoo-x86/net-misc/openssh/openssh-3.9_p1-r3.ebuild,v 1.10 2006/01/31 00:11:37 vapier Exp $
inherit eutils flag-o-matic ccc pam
@@ -50,20 +50,19 @@ src_unpack() {
-e '/_PATH_XAUTH/s:/usr/X11R6/bin/xauth:/usr/bin/xauth:' \
pathnames.h || die
- epatch "${FILESDIR}"/${P}-pamfix.patch.bz2
- #epatch "${FILESDIR}"/${P}-largekey.patch.bz2
+ epatch "${FILESDIR}"/${P}-pamfix.patch
use X509 || epatch "${FILESDIR}"/${P}-fix_suid.patch
epatch "${FILESDIR}"/${P}-infoleak.patch #59361
- epatch "${FILESDIR}"/${P}-terminal_restore.patch.bz2
+ epatch "${FILESDIR}"/${P}-terminal_restore.patch
epatch "${FILESDIR}"/${P}-configure-openct.patch #78730
epatch "${FILESDIR}"/${P}-kerberos-detection.patch #80811
use sftplogging && epatch "${FILESDIR}"/${P}-sftplogging-1.2-gentoo.patch.bz2
- use skey && epatch "${FILESDIR}"/${P}-skey.patch.bz2
+ use skey && epatch "${FILESDIR}"/${P}-skey.patch
use chroot && epatch "${FILESDIR}"/${P}-chroot.patch
use X509 && epatch "${DISTDIR}"/${X509_PATCH} && epatch "${FILESDIR}"/${P}-fix_suid-x509.patch
- use selinux && epatch "${FILESDIR}"/${SELINUX_PATCH}.bz2
- use smartcard && epatch "${FILESDIR}"/${P}-opensc.patch.bz2
+ use selinux && epatch "${FILESDIR}"/${SELINUX_PATCH}
+ use smartcard && epatch "${FILESDIR}"/${P}-opensc.patch
if use ldap ; then
if use X509 || use sftplogging ; then
ewarn "Sorry, x509/sftplogging and ldap don't get along"
diff --git a/net-misc/openssh/openssh-4.0_p1-r2.ebuild b/net-misc/openssh/openssh-4.0_p1-r2.ebuild
index 8703709c56de..d5e451e46b60 100644
--- a/net-misc/openssh/openssh-4.0_p1-r2.ebuild
+++ b/net-misc/openssh/openssh-4.0_p1-r2.ebuild
@@ -1,6 +1,6 @@
# Copyright 1999-2006 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/net-misc/openssh/openssh-4.0_p1-r2.ebuild,v 1.9 2006/01/29 12:01:10 vapier Exp $
+# $Header: /var/cvsroot/gentoo-x86/net-misc/openssh/openssh-4.0_p1-r2.ebuild,v 1.10 2006/01/31 00:11:37 vapier Exp $
inherit eutils flag-o-matic ccc pam
@@ -53,17 +53,16 @@ src_unpack() {
-e '/_PATH_XAUTH/s:/usr/X11R6/bin/xauth:/usr/bin/xauth:' \
pathnames.h || die
- #epatch "${FILESDIR}"/openssh-3.9_p1-largekey.patch.bz2
epatch "${FILESDIR}"/openssh-3.9_p1-configure-openct.patch #78730
epatch "${FILESDIR}"/openssh-3.9_p1-kerberos-detection.patch #80811
epatch "${FILESDIR}"/openssh-4.2_p1-cross-compile.patch #120567
use X509 && epatch "${DISTDIR}"/${X509_PATCH}
use sftplogging && epatch "${FILESDIR}"/openssh-4.0_p1-sftplogging-1.2-gentoo.patch.bz2
- use skey && epatch "${FILESDIR}"/openssh-3.9_p1-skey.patch.bz2
+ use skey && epatch "${FILESDIR}"/openssh-3.9_p1-skey.patch
use chroot && epatch "${FILESDIR}"/openssh-3.9_p1-chroot.patch
- use selinux && epatch "${FILESDIR}"/${SELINUX_PATCH}.bz2
- use smartcard && epatch "${FILESDIR}"/openssh-3.9_p1-opensc.patch.bz2
+ use selinux && epatch "${FILESDIR}"/${SELINUX_PATCH}
+ use smartcard && epatch "${FILESDIR}"/openssh-3.9_p1-opensc.patch
if ! use X509 ; then
use smartcard && epatch "${DISTDIR}"/${SECURID_PATCH} "${FILESDIR}"/openssh-securid-1.3.1-updates.patch
use smartcard && use ldap && epatch "${FILESDIR}"/openssh-4.0_p1-smartcard-ldap-happy.patch
diff --git a/net-misc/openssh/openssh-4.1_p1-r1.ebuild b/net-misc/openssh/openssh-4.1_p1-r1.ebuild
index 567993ea2a2c..d854926c520d 100644
--- a/net-misc/openssh/openssh-4.1_p1-r1.ebuild
+++ b/net-misc/openssh/openssh-4.1_p1-r1.ebuild
@@ -1,6 +1,6 @@
# Copyright 1999-2006 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/net-misc/openssh/openssh-4.1_p1-r1.ebuild,v 1.10 2006/01/29 12:01:10 vapier Exp $
+# $Header: /var/cvsroot/gentoo-x86/net-misc/openssh/openssh-4.1_p1-r1.ebuild,v 1.11 2006/01/31 00:11:37 vapier Exp $
inherit eutils flag-o-matic ccc pam
@@ -53,16 +53,15 @@ src_unpack() {
-e '/_PATH_XAUTH/s:/usr/X11R6/bin/xauth:/usr/bin/xauth:' \
pathnames.h || die
- #epatch "${FILESDIR}"/openssh-3.9_p1-largekey.patch.bz2
epatch "${FILESDIR}"/openssh-3.9_p1-kerberos-detection.patch #80811
epatch "${FILESDIR}"/openssh-4.2_p1-cross-compile.patch #120567
use X509 && epatch "${DISTDIR}"/${X509_PATCH}
use sftplogging && epatch "${FILESDIR}"/openssh-4.0_p1-sftplogging-1.2-gentoo.patch.bz2
- use skey && epatch "${FILESDIR}"/openssh-3.9_p1-skey.patch.bz2
+ use skey && epatch "${FILESDIR}"/openssh-3.9_p1-skey.patch
use chroot && epatch "${FILESDIR}"/openssh-3.9_p1-chroot.patch
- use selinux && epatch "${FILESDIR}"/${SELINUX_PATCH}.bz2
- use smartcard && epatch "${FILESDIR}"/openssh-3.9_p1-opensc.patch.bz2
+ use selinux && epatch "${FILESDIR}"/${SELINUX_PATCH}
+ use smartcard && epatch "${FILESDIR}"/openssh-3.9_p1-opensc.patch
if ! use X509 ; then
if [[ -n ${SECURID_PATCH} ]] && use smartcard ; then
epatch "${DISTDIR}"/${SECURID_PATCH} "${FILESDIR}"/openssh-securid-1.3.1-updates.patch
diff --git a/net-misc/openssh/openssh-4.2_p1.ebuild b/net-misc/openssh/openssh-4.2_p1.ebuild
index fa40401dcc85..a2b2abb47936 100644
--- a/net-misc/openssh/openssh-4.2_p1.ebuild
+++ b/net-misc/openssh/openssh-4.2_p1.ebuild
@@ -1,6 +1,6 @@
# Copyright 1999-2006 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/net-misc/openssh/openssh-4.2_p1.ebuild,v 1.16 2006/01/29 12:01:10 vapier Exp $
+# $Header: /var/cvsroot/gentoo-x86/net-misc/openssh/openssh-4.2_p1.ebuild,v 1.17 2006/01/31 00:11:37 vapier Exp $
inherit eutils flag-o-matic ccc pam
@@ -51,7 +51,6 @@ src_unpack() {
-e '/_PATH_XAUTH/s:/usr/X11R6/bin/xauth:/usr/bin/xauth:' \
pathnames.h || die
- #epatch "${FILESDIR}"/openssh-3.9_p1-largekey.patch.bz2
epatch "${FILESDIR}"/openssh-4.2_p1-kerberos-detection.patch #80811
epatch "${FILESDIR}"/openssh-4.2_p1-cross-compile.patch #120567
@@ -59,7 +58,7 @@ src_unpack() {
use sftplogging && epatch "${FILESDIR}"/openssh-4.2_p1-sftplogging-1.4-gentoo.patch.bz2
use chroot && epatch "${FILESDIR}"/openssh-3.9_p1-chroot.patch
epatch "${FILESDIR}"/openssh-4.2_p1-selinux.patch
- use smartcard && epatch "${FILESDIR}"/openssh-3.9_p1-opensc.patch.bz2
+ use smartcard && epatch "${FILESDIR}"/openssh-3.9_p1-opensc.patch
if ! use X509 ; then
if [[ -n ${SECURID_PATCH} ]] && use smartcard ; then
epatch "${DISTDIR}"/${SECURID_PATCH}