diff options
28 files changed, 387 insertions, 167 deletions
diff --git a/net-misc/openssh/files/digest-openssh-3.8.1_p1-r1 b/net-misc/openssh/files/digest-openssh-3.8.1_p1-r1 deleted file mode 100644 index e799b8d05c6a..000000000000 --- a/net-misc/openssh/files/digest-openssh-3.8.1_p1-r1 +++ /dev/null @@ -1,3 +0,0 @@ -MD5 1dbfd40ae683f822ae917eebf171ca42 openssh-3.8.1p1.tar.gz 817932 -MD5 48db8e4857a32aa93506be8abd84b6b4 openssh-lpk-3.8.1p1-0.3.4.patch 44245 -MD5 c1cad487473e826dd8de554ac9856bc6 openssh-3.8.1p1+x509-5.1.diff.gz 161552 diff --git a/net-misc/openssh/files/openssh-3.7.1_p1-selinux.diff.bz2 b/net-misc/openssh/files/openssh-3.7.1_p1-selinux.diff.bz2 Binary files differdeleted file mode 100644 index 0d3075b14786..000000000000 --- a/net-misc/openssh/files/openssh-3.7.1_p1-selinux.diff.bz2 +++ /dev/null diff --git a/net-misc/openssh/files/openssh-3.8.1_p1-chroot.patch.bz2 b/net-misc/openssh/files/openssh-3.8.1_p1-chroot.patch.bz2 Binary files differdeleted file mode 100644 index f1a759d5c205..000000000000 --- a/net-misc/openssh/files/openssh-3.8.1_p1-chroot.patch.bz2 +++ /dev/null diff --git a/net-misc/openssh/files/openssh-3.8.1_p1-kerberos.patch.bz2 b/net-misc/openssh/files/openssh-3.8.1_p1-kerberos.patch.bz2 Binary files differdeleted file mode 100644 index 8f04e301049f..000000000000 --- a/net-misc/openssh/files/openssh-3.8.1_p1-kerberos.patch.bz2 +++ /dev/null diff --git a/net-misc/openssh/files/openssh-3.8.1_p1-largekey.patch.bz2 b/net-misc/openssh/files/openssh-3.8.1_p1-largekey.patch.bz2 Binary files differdeleted file mode 100644 index 29a4bc57ea0b..000000000000 --- a/net-misc/openssh/files/openssh-3.8.1_p1-largekey.patch.bz2 +++ /dev/null diff --git a/net-misc/openssh/files/openssh-3.8.1_p1-opensc.patch.bz2 b/net-misc/openssh/files/openssh-3.8.1_p1-opensc.patch.bz2 Binary files differdeleted file mode 100644 index 7415c6ee1c30..000000000000 --- a/net-misc/openssh/files/openssh-3.8.1_p1-opensc.patch.bz2 +++ /dev/null diff --git a/net-misc/openssh/files/openssh-3.8.1_p1-resolv_functions.patch.bz2 b/net-misc/openssh/files/openssh-3.8.1_p1-resolv_functions.patch.bz2 Binary files differdeleted file mode 100644 index af4b3ac7537a..000000000000 --- a/net-misc/openssh/files/openssh-3.8.1_p1-resolv_functions.patch.bz2 +++ /dev/null diff --git a/net-misc/openssh/files/openssh-3.8.1_p1-skey.patch.bz2 b/net-misc/openssh/files/openssh-3.8.1_p1-skey.patch.bz2 Binary files differdeleted file mode 100644 index 2c403f8dc079..000000000000 --- a/net-misc/openssh/files/openssh-3.8.1_p1-skey.patch.bz2 +++ /dev/null diff --git a/net-misc/openssh/files/openssh-3.8_p1-chroot.patch.bz2 b/net-misc/openssh/files/openssh-3.8_p1-chroot.patch.bz2 Binary files differdeleted file mode 100644 index f1a759d5c205..000000000000 --- a/net-misc/openssh/files/openssh-3.8_p1-chroot.patch.bz2 +++ /dev/null diff --git a/net-misc/openssh/files/openssh-3.8_p1-kerberos.patch.bz2 b/net-misc/openssh/files/openssh-3.8_p1-kerberos.patch.bz2 Binary files differdeleted file mode 100644 index 8f04e301049f..000000000000 --- a/net-misc/openssh/files/openssh-3.8_p1-kerberos.patch.bz2 +++ /dev/null diff --git a/net-misc/openssh/files/openssh-3.8_p1-resolv_functions.patch.bz2 b/net-misc/openssh/files/openssh-3.8_p1-resolv_functions.patch.bz2 Binary files differdeleted file mode 100644 index af4b3ac7537a..000000000000 --- a/net-misc/openssh/files/openssh-3.8_p1-resolv_functions.patch.bz2 +++ /dev/null diff --git a/net-misc/openssh/files/openssh-3.8_p1-skey.patch.bz2 b/net-misc/openssh/files/openssh-3.8_p1-skey.patch.bz2 Binary files differdeleted file mode 100644 index 2c403f8dc079..000000000000 --- a/net-misc/openssh/files/openssh-3.8_p1-skey.patch.bz2 +++ /dev/null diff --git a/net-misc/openssh/files/openssh-3.9_p1-largekey.patch.bz2 b/net-misc/openssh/files/openssh-3.9_p1-largekey.patch.bz2 Binary files differdeleted file mode 100644 index cd3006158bfd..000000000000 --- a/net-misc/openssh/files/openssh-3.9_p1-largekey.patch.bz2 +++ /dev/null diff --git a/net-misc/openssh/files/openssh-3.9_p1-opensc.patch b/net-misc/openssh/files/openssh-3.9_p1-opensc.patch new file mode 100644 index 000000000000..48ba1b25e302 --- /dev/null +++ b/net-misc/openssh/files/openssh-3.9_p1-opensc.patch @@ -0,0 +1,127 @@ +Index: scard-opensc.c +=================================================================== +RCS file: /cvs/openssh/scard-opensc.c,v +retrieving revision 1.12 +--- scard-opensc.c ++++ scard-opensc.c +@@ -38,6 +38,8 @@ + #include "readpass.h" + #include "scard.h" + ++int ask_for_pin=0; ++ + #if OPENSSL_VERSION_NUMBER < 0x00907000L && defined(CRYPTO_LOCK_ENGINE) + #define USE_ENGINE + #define RSA_get_default_method RSA_get_default_openssl_method +@@ -119,6 +121,7 @@ + struct sc_pkcs15_prkey_info *key; + struct sc_pkcs15_object *pin_obj; + struct sc_pkcs15_pin_info *pin; ++ char *passphrase = NULL; + + priv = (struct sc_priv_data *) RSA_get_app_data(rsa); + if (priv == NULL) +@@ -156,24 +159,47 @@ + goto err; + } + pin = pin_obj->data; ++ ++ if (sc_pin) ++ passphrase = sc_pin; ++ else if (ask_for_pin) { ++ /* we need a pin but don't have one => ask for the pin */ ++ char prompt[64]; ++ ++ snprintf(prompt, sizeof(prompt), "Enter PIN for %s: ", ++ key_obj->label ? key_obj->label : "smartcard key"); ++ passphrase = read_passphrase(prompt, 0); ++ if (!passphrase || !strcmp(passphrase, "")) ++ goto err; ++ } else ++ /* no pin => error */ ++ goto err; ++ + r = sc_lock(card); + if (r) { + error("Unable to lock smartcard: %s", sc_strerror(r)); + goto err; + } +- if (sc_pin != NULL) { +- r = sc_pkcs15_verify_pin(p15card, pin, sc_pin, +- strlen(sc_pin)); +- if (r) { +- sc_unlock(card); +- error("PIN code verification failed: %s", +- sc_strerror(r)); +- goto err; +- } ++ r = sc_pkcs15_verify_pin(p15card, pin, passphrase, ++ strlen(passphrase)); ++ if (r) { ++ sc_unlock(card); ++ error("PIN code verification failed: %s", ++ sc_strerror(r)); ++ goto err; + } ++ + *key_obj_out = key_obj; ++ if (!sc_pin) { ++ memset(passphrase, 0, strlen(passphrase)); ++ xfree(passphrase); ++ } + return 0; + err: ++ if (!sc_pin && passphrase) { ++ memset(passphrase, 0, strlen(passphrase)); ++ xfree(passphrase); ++ } + sc_close(); + return -1; + } +Index: scard.c +=================================================================== +RCS file: /cvs/openssh/scard.c,v +retrieving revision 1.27 +--- scard.c ++++ scard.c +@@ -35,6 +35,9 @@ + #include "readpass.h" + #include "scard.h" + ++/* currently unused */ ++int ask_for_pin = 0; ++ + #if OPENSSL_VERSION_NUMBER < 0x00907000L + #define USE_ENGINE + #define RSA_get_default_method RSA_get_default_openssl_method +Index: scard.h +=================================================================== +RCS file: /cvs/openssh/scard.h,v +retrieving revision 1.10 +--- scard.h ++++ scard.h +@@ -33,6 +33,8 @@ + #define SCARD_ERROR_NOCARD -2 + #define SCARD_ERROR_APPLET -3 + ++extern int ask_for_pin; ++ + Key **sc_get_keys(const char *, const char *); + void sc_close(void); + int sc_put_key(Key *, const char *); +Index: ssh.c +=================================================================== +RCS file: /cvs/openssh/ssh.c,v +retrieving revision 1.180 +--- ssh.c ++++ ssh.c +@@ -1155,6 +1155,9 @@ + #ifdef SMARTCARD + Key **keys; + ++ if (!options.batch_mode) ++ ask_for_pin = 1; ++ + if (options.smartcard_device != NULL && + options.num_identity_files < SSH_MAX_IDENTITY_FILES && + (keys = sc_get_keys(options.smartcard_device, NULL)) != NULL ) { diff --git a/net-misc/openssh/files/openssh-3.9_p1-opensc.patch.bz2 b/net-misc/openssh/files/openssh-3.9_p1-opensc.patch.bz2 Binary files differdeleted file mode 100644 index 7415c6ee1c30..000000000000 --- a/net-misc/openssh/files/openssh-3.9_p1-opensc.patch.bz2 +++ /dev/null diff --git a/net-misc/openssh/files/openssh-3.9_p1-pamfix.patch b/net-misc/openssh/files/openssh-3.9_p1-pamfix.patch new file mode 100644 index 000000000000..c1f060fd4083 --- /dev/null +++ b/net-misc/openssh/files/openssh-3.9_p1-pamfix.patch @@ -0,0 +1,97 @@ +Index: auth-chall.c +=================================================================== +RCS file: /usr/local/src/security/openssh/cvs/openssh_cvs/auth-chall.c,v +retrieving revision 1.14 +--- auth-chall.c ++++ auth-chall.c +@@ -28,11 +28,13 @@ RCSID("$OpenBSD: auth-chall.c,v 1.9 2003 + #include "auth.h" + #include "log.h" + #include "xmalloc.h" ++#include "servconf.h" + + /* limited protocol v1 interface to kbd-interactive authentication */ + + extern KbdintDevice *devices[]; + static KbdintDevice *device; ++extern ServerOptions options; + + char * + get_challenge(Authctxt *authctxt) +@@ -40,6 +42,11 @@ get_challenge(Authctxt *authctxt) + char *challenge, *name, *info, **prompts; + u_int i, numprompts; + u_int *echo_on; ++ ++#ifdef USE_PAM ++ if (!options.use_pam) ++ remove_kbdint_device("pam"); ++#endif + + device = devices[0]; /* we always use the 1st device for protocol 1 */ + if (device == NULL) +Index: auth.h +=================================================================== +RCS file: /usr/local/src/security/openssh/cvs/openssh_cvs/auth.h,v +retrieving revision 1.63 +--- auth.h ++++ auth.h +@@ -130,6 +130,8 @@ int auth_shadow_pwexpired(Authctxt *); + #endif + + #include "auth-pam.h" ++void remove_kbdint_device(const char *); ++ + void disable_forwarding(void); + + void do_authentication(Authctxt *); +Index: auth2-chall.c +=================================================================== +RCS file: /usr/local/src/security/openssh/cvs/openssh_cvs/auth2-chall.c,v +retrieving revision 1.23 +--- auth2-chall.c ++++ auth2-chall.c +@@ -32,6 +32,10 @@ RCSID("$OpenBSD: auth2-chall.c,v 1.21 20 + #include "xmalloc.h" + #include "dispatch.h" + #include "log.h" ++#include "servconf.h" ++ ++/* import */ ++extern ServerOptions options; + + static int auth2_challenge_start(Authctxt *); + static int send_userauth_info_request(Authctxt *); +@@ -71,12 +75,32 @@ struct KbdintAuthctxt + u_int nreq; + }; + ++#ifdef USE_PAM ++void ++remove_kbdint_device(const char *devname) ++{ ++ int i, j; ++ ++ for (i = 0; devices[i] != NULL; i++) ++ if (strcmp(devices[i]->name, devname) == 0) { ++ for (j = i; devices[j] != NULL; j++) ++ devices[j] = devices[j+1]; ++ i--; ++ } ++} ++#endif ++ + static KbdintAuthctxt * + kbdint_alloc(const char *devs) + { + KbdintAuthctxt *kbdintctxt; + Buffer b; + int i; ++ ++#ifdef USE_PAM ++ if (!options.use_pam) ++ remove_kbdint_device("pam"); ++#endif + + kbdintctxt = xmalloc(sizeof(KbdintAuthctxt)); + if (strcmp(devs, "") == 0) { diff --git a/net-misc/openssh/files/openssh-3.9_p1-pamfix.patch.bz2 b/net-misc/openssh/files/openssh-3.9_p1-pamfix.patch.bz2 Binary files differdeleted file mode 100644 index 47fffb2f08f6..000000000000 --- a/net-misc/openssh/files/openssh-3.9_p1-pamfix.patch.bz2 +++ /dev/null diff --git a/net-misc/openssh/files/openssh-3.9_p1-selinux.diff b/net-misc/openssh/files/openssh-3.9_p1-selinux.diff new file mode 100644 index 000000000000..ae57ba3c461c --- /dev/null +++ b/net-misc/openssh/files/openssh-3.9_p1-selinux.diff @@ -0,0 +1,107 @@ +--- openssh-3.7.1p1/Makefile.in ++++ openssh-3.7.1p1/Makefile.in +@@ -40,7 +40,7 @@ + + CC=@CC@ + LD=@LD@ +-CFLAGS=@CFLAGS@ ++CFLAGS=@CFLAGS@ -DWITH_SELINUX + CPPFLAGS=-I. -I$(srcdir) @CPPFLAGS@ $(PATHS) @DEFS@ + LIBS=@LIBS@ + LIBPAM=@LIBPAM@ +@@ -53,7 +53,7 @@ + SED=@SED@ + ENT=@ENT@ + XAUTH_PATH=@XAUTH_PATH@ +-LDFLAGS=-L. -Lopenbsd-compat/ @LDFLAGS@ ++LDFLAGS=-L. -Lopenbsd-compat/ @LDFLAGS@ -lselinux + EXEEXT=@EXEEXT@ + + INSTALL_SSH_PRNG_CMDS=@INSTALL_SSH_PRNG_CMDS@ +--- openssh-3.7.1p1/session.c ++++ openssh-3.7.1p1/session.c +@@ -66,6 +66,11 @@ + #include "ssh-gss.h" + #endif + ++#ifdef WITH_SELINUX ++#include <selinux/get_context_list.h> ++#include <selinux/selinux.h> ++#endif ++ + /* func */ + + Session *session_new(void); +@@ -1304,6 +1309,19 @@ + #endif + if (getuid() != pw->pw_uid || geteuid() != pw->pw_uid) + fatal("Failed to set uids to %u.", (u_int) pw->pw_uid); ++#ifdef WITH_SELINUX ++ if (is_selinux_enabled()) ++ { ++ security_context_t scontext; ++ if (get_default_context(pw->pw_name,NULL,&scontext)) ++ fatal("Failed to get default security context for %s.", pw->pw_name); ++ if (setexeccon(scontext)) { ++ freecon(scontext); ++ fatal("Failed to set exec security context %s for %s.", scontext, pw->pw_name); ++ } ++ freecon(scontext); ++ } ++#endif + } + + static void +--- openssh-3.7.1p1/sshpty.c ++++ openssh-3.7.1p1/sshpty.c +@@ -30,6 +30,12 @@ + #define O_NOCTTY 0 + #endif + ++#ifdef WITH_SELINUX ++#include <selinux/flask.h> ++#include <selinux/get_context_list.h> ++#include <selinux/selinux.h> ++#endif ++ + /* + * Allocates and opens a pty. Returns 0 if no pty could be allocated, or + * nonzero if a pty was successfully allocated. On success, open file +@@ -196,6 +202,37 @@ + * Warn but continue if filesystem is read-only and the uids match/ + * tty is owned by root. + */ ++#ifdef WITH_SELINUX ++ if (is_selinux_enabled()) { ++ security_context_t new_tty_context=NULL, ++ user_context=NULL, old_tty_context=NULL; ++ ++ if (get_default_context(pw->pw_name,NULL,&user_context)) ++ fatal("Failed to get default security context for %s.", pw->pw_name); ++ ++ if (getfilecon(tty, &old_tty_context)<0) { ++ error("getfilecon(%.100s) failed: %.100s", tty, ++ strerror(errno)); ++ } ++ else ++ { ++ if ( security_compute_relabel(user_context,old_tty_context,SECCLASS_CHR_FILE,&new_tty_context)!=0) { ++ error("security_compute_relabel(%.100s) failed: %.100s", tty, ++ strerror(errno)); ++ } ++ else ++ { ++ if (setfilecon (tty, new_tty_context) != 0) { ++ error("setfilecon(%.100s, %s) failed: %.100s", ++ tty, new_tty_context, strerror(errno)); ++ } ++ freecon(new_tty_context); ++ } ++ freecon(old_tty_context); ++ } ++ freecon(user_context); ++ } ++#endif + if (stat(tty, &st)) + fatal("stat(%.100s) failed: %.100s", tty, + strerror(errno)); diff --git a/net-misc/openssh/files/openssh-3.9_p1-selinux.diff.bz2 b/net-misc/openssh/files/openssh-3.9_p1-selinux.diff.bz2 Binary files differdeleted file mode 100644 index b51c746e4921..000000000000 --- a/net-misc/openssh/files/openssh-3.9_p1-selinux.diff.bz2 +++ /dev/null diff --git a/net-misc/openssh/files/openssh-3.9_p1-skey.patch b/net-misc/openssh/files/openssh-3.9_p1-skey.patch new file mode 100644 index 000000000000..2ae24fe726bd --- /dev/null +++ b/net-misc/openssh/files/openssh-3.9_p1-skey.patch @@ -0,0 +1,11 @@ +--- configure.ac ++++ configure.ac +@@ -721,7 +721,7 @@ + [ + #include <stdio.h> + #include <skey.h> +-int main() { char *ff = skey_keyinfo(""); ff=""; exit(0); } ++int main() { char *ff = "true"; ff=""; exit(0); } + ], + [AC_MSG_RESULT(yes)], + [ diff --git a/net-misc/openssh/files/openssh-3.9_p1-skey.patch.bz2 b/net-misc/openssh/files/openssh-3.9_p1-skey.patch.bz2 Binary files differdeleted file mode 100644 index 2c403f8dc079..000000000000 --- a/net-misc/openssh/files/openssh-3.9_p1-skey.patch.bz2 +++ /dev/null diff --git a/net-misc/openssh/files/openssh-3.9_p1-terminal_restore.patch b/net-misc/openssh/files/openssh-3.9_p1-terminal_restore.patch new file mode 100644 index 000000000000..0bbfdd99ef40 --- /dev/null +++ b/net-misc/openssh/files/openssh-3.9_p1-terminal_restore.patch @@ -0,0 +1,29 @@ +--- scp.c ++++ scp.c +@@ -112,8 +112,10 @@ + static void + killchild(int signo) + { +- if (do_cmd_pid > 1) ++ if (do_cmd_pid > 1) { + kill(do_cmd_pid, signo); ++ waitpid(do_cmd_pid, NULL, 0); ++ } + + _exit(1); + } +--- sftp.c ++++ sftp.c +@@ -144,9 +144,10 @@ + static void + killchild(int signo) + { +- if (sshpid > 1) ++ if (sshpid > 1) { + kill(sshpid, SIGTERM); +- ++ waitpid(sshpid, NULL, 0); ++ } + _exit(1); + } + diff --git a/net-misc/openssh/files/openssh-3.9_p1-terminal_restore.patch.bz2 b/net-misc/openssh/files/openssh-3.9_p1-terminal_restore.patch.bz2 Binary files differdeleted file mode 100644 index c847c98b3b7f..000000000000 --- a/net-misc/openssh/files/openssh-3.9_p1-terminal_restore.patch.bz2 +++ /dev/null diff --git a/net-misc/openssh/openssh-3.8.1_p1-r1.ebuild b/net-misc/openssh/openssh-3.8.1_p1-r1.ebuild deleted file mode 100644 index a3080ab8f319..000000000000 --- a/net-misc/openssh/openssh-3.8.1_p1-r1.ebuild +++ /dev/null @@ -1,144 +0,0 @@ -# Copyright 1999-2005 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/net-misc/openssh/openssh-3.8.1_p1-r1.ebuild,v 1.27 2005/10/19 03:32:26 vapier Exp $ - -inherit eutils flag-o-matic ccc - -# Make it more portable between straight releases -# and _p? releases. -PARCH=${P/_/} - -X509_PATCH="${PARCH}+x509-5.1.diff.gz" -SELINUX_PATCH="openssh-3.7.1_p1-selinux.diff" -LDAP_PATCH="${PARCH/-/-lpk-}-0.3.4.patch" - -DESCRIPTION="Port of OpenBSD's free SSH release" -HOMEPAGE="http://www.openssh.com/" -SRC_URI="mirror://openbsd/OpenSSH/portable/${PARCH}.tar.gz - ldap? ( http://www.opendarwin.org/en/projects/openssh-lpk/files/${LDAP_PATCH} ) - X509? ( http://roumenpetrov.info/openssh/x509-5.1/${X509_PATCH} )" - -LICENSE="as-is" -SLOT="0" -KEYWORDS="alpha amd64 arm hppa ia64 mips ppc ppc64 s390 sparc x86" -IUSE="ipv6 static pam tcpd kerberos skey selinux chroot X509 ldap smartcard" - -# openssh recognizes when openssl has been slightly upgraded and refuses to run. -# This new rev will use the new openssl. -RDEPEND="pam? ( >=sys-libs/pam-0.73 ) - kerberos? ( virtual/krb5 ) - selinux? ( sys-libs/libselinux ) - skey? ( >=app-admin/skey-1.1.5-r1 ) - ldap? ( net-nds/openldap ) - >=dev-libs/openssl-0.9.6d - >=sys-libs/zlib-1.2.3 - smartcard? ( dev-libs/opensc ) - tcpd? ( >=sys-apps/tcp-wrappers-7.6 )" -DEPEND="${RDEPEND} - virtual/os-headers - sys-devel/autoconf" -PROVIDE="virtual/ssh" - -S=${WORKDIR}/${PARCH} - -src_unpack() { - unpack ${PARCH}.tar.gz - cd "${S}" - - sed -i \ - -e '/_PATH_XAUTH/s:/usr/X11R6/bin/xauth:/usr/bin/xauth:' \ - pathnames.h || die - - epatch "${FILESDIR}"/${P}-resolv_functions.patch.bz2 - - use selinux && epatch "${FILESDIR}"/${SELINUX_PATCH}.bz2 - use skey && epatch "${FILESDIR}"/${P}-skey.patch.bz2 - use chroot && epatch "${FILESDIR}"/${P}-chroot.patch.bz2 - use X509 && epatch "${DISTDIR}"/${X509_PATCH} - use smartcard && epatch "${FILESDIR}"/${P}-opensc.patch.bz2 - if use ldap ; then - if use X509 ; then - ewarn "Sorry, x509 and ldap don't get along" - else - epatch "${DISTDIR}"/${LDAP_PATCH} - fi - fi - - autoconf || die "autoconf failed" -} - -src_compile() { - addwrite /dev/ptmx - - # make sure .sbss is large enough - use skey && use alpha && append-ldflags -mlarge-data - if use ldap ; then - filter-flags -funroll-loops - append-ldflags -lldap - append-flags -DWITH_LDAP_PUBKEY - fi - use selinux && append-flags -DWITH_SELINUX - use static && append-ldflags -static - - local myconf="" - use ipv6 || myconf="${myconf} --with-ipv4-default" - use kerberos && myconf="${myconf} --with-kerberos5=/usr" || \ - myconf="${myconf} --without-kerberos5" - - econf \ - --with-ldflags="${LDFLAGS}" \ - --disable-strip \ - --sysconfdir=/etc/ssh \ - --libexecdir=/usr/lib/misc \ - --datadir=/usr/share/openssh \ - --disable-suid-ssh \ - --with-privsep-path=/var/empty \ - --with-privsep-user=sshd \ - --with-md5-passwords \ - $(use_with tcpd tcp-wrappers) \ - $(use_with pam) \ - $(use_with skey) \ - $(use_with smartcard opensc) \ - ${myconf} \ - || die "bad configure" - -# use static && { -# # statically link to libcrypto -- good for the boot cd -# sed -i "s:-lcrypto:/usr/lib/libcrypto.a:g" Makefile -# } - - emake || die "compile problem" -} - -src_install() { - make install-files DESTDIR="${D}" || die - chmod 600 "${D}"/etc/ssh/sshd_config - dodoc ChangeLog CREDITS OVERVIEW README* TODO sshd_config - use pam && ( insinto /etc/pam.d ; newins "${FILESDIR}"/sshd.pam sshd ) - newinitd "${FILESDIR}"/sshd.rc6 sshd - keepdir /var/empty - dosed "/^#Protocol /s:.*:Protocol 2:" /etc/ssh/sshd_config - use pam && dosed "/^#UsePAM /s:.*:UsePAM yes:" /etc/ssh/sshd_config -} - -pkg_postinst() { - enewgroup sshd 22 - enewuser sshd 22 -1 /var/empty sshd - - ewarn "Remember to merge your config files in /etc/ssh/ and then" - ewarn "restart sshd: '/etc/init.d/sshd restart'." - ewarn - einfo "As of version 3.4 the default is to enable the UsePrivelegeSeparation" - einfo "functionality, but please ensure that you do not explicitly disable" - einfo "this in your configuration as disabling it opens security holes" - einfo - einfo "This revision has removed your sshd user id and replaced it with a" - einfo "new one with UID 22. If you have any scripts or programs that" - einfo "that referenced the old UID directly, you will need to update them." - einfo - use pam && { - einfo "Please be aware users need a valid shell in /etc/passwd" - einfo "in order to be allowed to login." - einfo - } -} diff --git a/net-misc/openssh/openssh-3.9_p1-r3.ebuild b/net-misc/openssh/openssh-3.9_p1-r3.ebuild index 3224ab9297b1..c64529c780c1 100644 --- a/net-misc/openssh/openssh-3.9_p1-r3.ebuild +++ b/net-misc/openssh/openssh-3.9_p1-r3.ebuild @@ -1,6 +1,6 @@ # Copyright 1999-2005 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/net-misc/openssh/openssh-3.9_p1-r3.ebuild,v 1.9 2005/10/19 03:32:26 vapier Exp $ +# $Header: /var/cvsroot/gentoo-x86/net-misc/openssh/openssh-3.9_p1-r3.ebuild,v 1.10 2006/01/31 00:11:37 vapier Exp $ inherit eutils flag-o-matic ccc pam @@ -50,20 +50,19 @@ src_unpack() { -e '/_PATH_XAUTH/s:/usr/X11R6/bin/xauth:/usr/bin/xauth:' \ pathnames.h || die - epatch "${FILESDIR}"/${P}-pamfix.patch.bz2 - #epatch "${FILESDIR}"/${P}-largekey.patch.bz2 + epatch "${FILESDIR}"/${P}-pamfix.patch use X509 || epatch "${FILESDIR}"/${P}-fix_suid.patch epatch "${FILESDIR}"/${P}-infoleak.patch #59361 - epatch "${FILESDIR}"/${P}-terminal_restore.patch.bz2 + epatch "${FILESDIR}"/${P}-terminal_restore.patch epatch "${FILESDIR}"/${P}-configure-openct.patch #78730 epatch "${FILESDIR}"/${P}-kerberos-detection.patch #80811 use sftplogging && epatch "${FILESDIR}"/${P}-sftplogging-1.2-gentoo.patch.bz2 - use skey && epatch "${FILESDIR}"/${P}-skey.patch.bz2 + use skey && epatch "${FILESDIR}"/${P}-skey.patch use chroot && epatch "${FILESDIR}"/${P}-chroot.patch use X509 && epatch "${DISTDIR}"/${X509_PATCH} && epatch "${FILESDIR}"/${P}-fix_suid-x509.patch - use selinux && epatch "${FILESDIR}"/${SELINUX_PATCH}.bz2 - use smartcard && epatch "${FILESDIR}"/${P}-opensc.patch.bz2 + use selinux && epatch "${FILESDIR}"/${SELINUX_PATCH} + use smartcard && epatch "${FILESDIR}"/${P}-opensc.patch if use ldap ; then if use X509 || use sftplogging ; then ewarn "Sorry, x509/sftplogging and ldap don't get along" diff --git a/net-misc/openssh/openssh-4.0_p1-r2.ebuild b/net-misc/openssh/openssh-4.0_p1-r2.ebuild index 8703709c56de..d5e451e46b60 100644 --- a/net-misc/openssh/openssh-4.0_p1-r2.ebuild +++ b/net-misc/openssh/openssh-4.0_p1-r2.ebuild @@ -1,6 +1,6 @@ # Copyright 1999-2006 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/net-misc/openssh/openssh-4.0_p1-r2.ebuild,v 1.9 2006/01/29 12:01:10 vapier Exp $ +# $Header: /var/cvsroot/gentoo-x86/net-misc/openssh/openssh-4.0_p1-r2.ebuild,v 1.10 2006/01/31 00:11:37 vapier Exp $ inherit eutils flag-o-matic ccc pam @@ -53,17 +53,16 @@ src_unpack() { -e '/_PATH_XAUTH/s:/usr/X11R6/bin/xauth:/usr/bin/xauth:' \ pathnames.h || die - #epatch "${FILESDIR}"/openssh-3.9_p1-largekey.patch.bz2 epatch "${FILESDIR}"/openssh-3.9_p1-configure-openct.patch #78730 epatch "${FILESDIR}"/openssh-3.9_p1-kerberos-detection.patch #80811 epatch "${FILESDIR}"/openssh-4.2_p1-cross-compile.patch #120567 use X509 && epatch "${DISTDIR}"/${X509_PATCH} use sftplogging && epatch "${FILESDIR}"/openssh-4.0_p1-sftplogging-1.2-gentoo.patch.bz2 - use skey && epatch "${FILESDIR}"/openssh-3.9_p1-skey.patch.bz2 + use skey && epatch "${FILESDIR}"/openssh-3.9_p1-skey.patch use chroot && epatch "${FILESDIR}"/openssh-3.9_p1-chroot.patch - use selinux && epatch "${FILESDIR}"/${SELINUX_PATCH}.bz2 - use smartcard && epatch "${FILESDIR}"/openssh-3.9_p1-opensc.patch.bz2 + use selinux && epatch "${FILESDIR}"/${SELINUX_PATCH} + use smartcard && epatch "${FILESDIR}"/openssh-3.9_p1-opensc.patch if ! use X509 ; then use smartcard && epatch "${DISTDIR}"/${SECURID_PATCH} "${FILESDIR}"/openssh-securid-1.3.1-updates.patch use smartcard && use ldap && epatch "${FILESDIR}"/openssh-4.0_p1-smartcard-ldap-happy.patch diff --git a/net-misc/openssh/openssh-4.1_p1-r1.ebuild b/net-misc/openssh/openssh-4.1_p1-r1.ebuild index 567993ea2a2c..d854926c520d 100644 --- a/net-misc/openssh/openssh-4.1_p1-r1.ebuild +++ b/net-misc/openssh/openssh-4.1_p1-r1.ebuild @@ -1,6 +1,6 @@ # Copyright 1999-2006 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/net-misc/openssh/openssh-4.1_p1-r1.ebuild,v 1.10 2006/01/29 12:01:10 vapier Exp $ +# $Header: /var/cvsroot/gentoo-x86/net-misc/openssh/openssh-4.1_p1-r1.ebuild,v 1.11 2006/01/31 00:11:37 vapier Exp $ inherit eutils flag-o-matic ccc pam @@ -53,16 +53,15 @@ src_unpack() { -e '/_PATH_XAUTH/s:/usr/X11R6/bin/xauth:/usr/bin/xauth:' \ pathnames.h || die - #epatch "${FILESDIR}"/openssh-3.9_p1-largekey.patch.bz2 epatch "${FILESDIR}"/openssh-3.9_p1-kerberos-detection.patch #80811 epatch "${FILESDIR}"/openssh-4.2_p1-cross-compile.patch #120567 use X509 && epatch "${DISTDIR}"/${X509_PATCH} use sftplogging && epatch "${FILESDIR}"/openssh-4.0_p1-sftplogging-1.2-gentoo.patch.bz2 - use skey && epatch "${FILESDIR}"/openssh-3.9_p1-skey.patch.bz2 + use skey && epatch "${FILESDIR}"/openssh-3.9_p1-skey.patch use chroot && epatch "${FILESDIR}"/openssh-3.9_p1-chroot.patch - use selinux && epatch "${FILESDIR}"/${SELINUX_PATCH}.bz2 - use smartcard && epatch "${FILESDIR}"/openssh-3.9_p1-opensc.patch.bz2 + use selinux && epatch "${FILESDIR}"/${SELINUX_PATCH} + use smartcard && epatch "${FILESDIR}"/openssh-3.9_p1-opensc.patch if ! use X509 ; then if [[ -n ${SECURID_PATCH} ]] && use smartcard ; then epatch "${DISTDIR}"/${SECURID_PATCH} "${FILESDIR}"/openssh-securid-1.3.1-updates.patch diff --git a/net-misc/openssh/openssh-4.2_p1.ebuild b/net-misc/openssh/openssh-4.2_p1.ebuild index fa40401dcc85..a2b2abb47936 100644 --- a/net-misc/openssh/openssh-4.2_p1.ebuild +++ b/net-misc/openssh/openssh-4.2_p1.ebuild @@ -1,6 +1,6 @@ # Copyright 1999-2006 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/net-misc/openssh/openssh-4.2_p1.ebuild,v 1.16 2006/01/29 12:01:10 vapier Exp $ +# $Header: /var/cvsroot/gentoo-x86/net-misc/openssh/openssh-4.2_p1.ebuild,v 1.17 2006/01/31 00:11:37 vapier Exp $ inherit eutils flag-o-matic ccc pam @@ -51,7 +51,6 @@ src_unpack() { -e '/_PATH_XAUTH/s:/usr/X11R6/bin/xauth:/usr/bin/xauth:' \ pathnames.h || die - #epatch "${FILESDIR}"/openssh-3.9_p1-largekey.patch.bz2 epatch "${FILESDIR}"/openssh-4.2_p1-kerberos-detection.patch #80811 epatch "${FILESDIR}"/openssh-4.2_p1-cross-compile.patch #120567 @@ -59,7 +58,7 @@ src_unpack() { use sftplogging && epatch "${FILESDIR}"/openssh-4.2_p1-sftplogging-1.4-gentoo.patch.bz2 use chroot && epatch "${FILESDIR}"/openssh-3.9_p1-chroot.patch epatch "${FILESDIR}"/openssh-4.2_p1-selinux.patch - use smartcard && epatch "${FILESDIR}"/openssh-3.9_p1-opensc.patch.bz2 + use smartcard && epatch "${FILESDIR}"/openssh-3.9_p1-opensc.patch if ! use X509 ; then if [[ -n ${SECURID_PATCH} ]] && use smartcard ; then epatch "${DISTDIR}"/${SECURID_PATCH} |