diff options
| author |   Mike Frysinger <vapier@gentoo.org> | 2015-04-28 04:39:37 +0000 |
|---|---|---|
| committer | Mike Frysinger <vapier@gentoo.org> | 2015-04-28 04:39:37 +0000 |
| commit | 5574c9d5d2139a0c8e861db5c42a2a8e33f5596f (patch) | |
| tree | e3dfe25be248efd2b2a0440cb100a8affa1edee1 /net-misc/openssh | |
| parent | Stable for HPPA PPC64 (bug #547766). (diff) | |
| download | historical-5574c9d5d2139a0c8e861db5c42a2a8e33f5596f.tar.gz historical-5574c9d5d2139a0c8e861db5c42a2a8e33f5596f.tar.bz2 historical-5574c9d5d2139a0c8e861db5c42a2a8e33f5596f.zip | |
Add fix from upstream for old TeraTerm clients #547944 by William Hubbs. Pull in some upstream hpn updates.
Package-Manager: portage-2.2.18/cvs/Linux x86_64
Manifest-Sign-Key: 0xD2E96200
Diffstat (limited to 'net-misc/openssh')
| -rw-r--r-- | net-misc/openssh/ChangeLog | 10 | ||||
| -rw-r--r-- | net-misc/openssh/Manifest | 32 | ||||
| -rw-r--r-- | net-misc/openssh/files/openssh-6.8_p1-teraterm-hpn-glue.patch | 15 | ||||
| -rw-r--r-- | net-misc/openssh/files/openssh-6.8_p1-teraterm.patch | 69 | ||||
| -rw-r--r-- | net-misc/openssh/openssh-6.8_p1-r5.ebuild | 332 |
5 files changed, 443 insertions, 15 deletions
diff --git a/net-misc/openssh/ChangeLog b/net-misc/openssh/ChangeLog index 68c061ff5eee..ce5e27e47fe1 100644 --- a/net-misc/openssh/ChangeLog +++ b/net-misc/openssh/ChangeLog @@ -1,6 +1,14 @@ # ChangeLog for net-misc/openssh # Copyright 1999-2015 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/net-misc/openssh/ChangeLog,v 1.559 2015/04/13 05:12:11 vapier Exp $ +# $Header: /var/cvsroot/gentoo-x86/net-misc/openssh/ChangeLog,v 1.560 2015/04/28 04:39:35 vapier Exp $ + +*openssh-6.8_p1-r5 (28 Apr 2015) + + 28 Apr 2015; Mike Frysinger <vapier@gentoo.org> + +files/openssh-6.8_p1-teraterm-hpn-glue.patch, + +files/openssh-6.8_p1-teraterm.patch, +openssh-6.8_p1-r5.ebuild: + Add fix from upstream for old TeraTerm clients #547944 by William Hubbs. Pull + in some upstream hpn updates. 13 Apr 2015; Mike Frysinger <vapier@gentoo.org> files/sshd.rc6.4: Use SSHD_CONFIG everywhere #546008 by Alexander Sulfrian. diff --git a/net-misc/openssh/Manifest b/net-misc/openssh/Manifest index c5aada022996..b795555e82ff 100644 --- a/net-misc/openssh/Manifest +++ b/net-misc/openssh/Manifest @@ -14,6 +14,8 @@ AUX openssh-6.8_p1-sctp-x509-glue.patch 2937 SHA256 fe79e3e828f8599e7bad787c6e35 AUX openssh-6.8_p1-ssh-keygen-no-ssh1.patch 1209 SHA256 2ef08a14aab7d5c761670321ed6c66fb8e66c467625ce22448b2d1c020686b66 SHA512 1fae1c0b36b5e792861e83868d55de9e3df85270fda4aaf465c83e2deaf47045429f94c84d1abd270be4fc7519a42e3676839edda588322273e6ebd3ff37a570 WHIRLPOOL 93619f61208f86cc3857a5d2283343645614d7285b56f4585e073405e16c396272cb590e96225f09046de8fe918de5e1a81504385dda2ca3a0d467d0fdfde76f AUX openssh-6.8_p1-sshd-gssapi-multihomed.patch 5464 SHA256 5f3506f0d45c22de85cf170c7dfeff134a144ec94f9fc1c57c5b3b797ee82756 SHA512 7bfbf720af2728abb55f73b67609967f34da27fea9a9dd6e0293e486a03d7d1167f506623771792d782707bfe58b46c69675bb3c5ad83332b7a50ee748176fbc WHIRLPOOL 81432c4ba7e34d216d73f63945f3c8d52d9113c07fb1f7c3dd5b39ac96223d38d2321a6d6de21b58b29767576c2a779a5703fa2e5727cd3fe4981581e822155d AUX openssh-6.8_p1-ssl-engine-configure.patch 883 SHA256 c25d219d8baea01bde40dce34378d4f185b83968debded0b2d4e2035f6467530 SHA512 ce8c3362af9dd9d95174b8248b0e9c08463e6fa18d3e83bf01687756c2df77607674a95acd2930ee85994aa186b5229d93e32662e13caae0b45980fddc00e65e WHIRLPOOL d7f285e3317ddd797222a4d584da385a14fa5c7316b8002faa1005ae5129cb580abc9a70189470c0ff5feb0368de4b0b171596d1aa3705556037084c8eff3d34 +AUX openssh-6.8_p1-teraterm-hpn-glue.patch 536 SHA256 846aa1a470e27767103c8c390a3ed9087aeaffc1d2bf8d4f5779af6274dfbbc9 SHA512 26ebfa3e0c39ed62fc9eb81a95e47d2543714f731f0b983d8d79ff2b0c19ab1b0bf8f7ba13f360ec633bd1ee219da9a6b2a0027c72766188beb3a380fd6c3224 WHIRLPOOL 34ac035a9c059d72e94ff3efab763c8a50749b9497c644c7b4685e22295d0c517daaf4bfaace73deeb2d003bea1e53fd84c94bd67c3b89d1c1f085ef845bf486 +AUX openssh-6.8_p1-teraterm.patch 1814 SHA256 e73e938524f15c4dc3368e7ba6b7d74ee2e83a7f0e97ed5460787d7caad04be1 SHA512 f39134d2257d86c5bf128754f8c1024057b9b1882984d5d70b86d2676d761b4a16681e76ae3f47f3abd23a07a75b6ebde6652431d9a86d5c3b9745c36577b8dc WHIRLPOOL c7d4dc5f2843fb6bc462d733a841b52599a9d49b344dc0a6fa71348624060736c02489130ae16692c5e1619200c954278df73a3f1020a77fe8712f99b329faaa AUX sshd.confd 396 SHA256 29c6d57ac3ec6018cadc6ba6cd9b90c9ed46e20049b970fdcc68ee2481a2ee41 SHA512 b9ae816af54a55e134a9307e376f05367b815f1b3fd545c2a2c312d18aedcf907f413e8bad8db980cdd9aad4011a72a79e1e94594f69500939a9cb46287f2f81 WHIRLPOOL 69f43e6192e009a4663d130f7e40ee8b13c6eb9cc7d960b5e0e22f5d477649c88806a9d219efef211f4346582c2bb51e40d230a8191e5953dbe08bfff976ae53 AUX sshd.pam_include.2 156 SHA256 166136e27d653e0bf481a6ca79fecb7d9fa2fc3d597d041f97df595f65a8193c SHA512 d3f7e6ca8c9f2b5060ebccb259316bb59c9a7e158e8ef9466765a20db263a4043a590811f1a3ab072b718dbd70898bc69b77e0b19603d7f394b5ac1bd0a4a56c WHIRLPOOL ba7a0a8c3bb39c5fda69de34b822a19696398e0a8789211ac1faae787ee34f9639eb35efe29c67f874b5f9fe674742503e570f441c005974f4a0c93468b8970b AUX sshd.rc6.4 2242 SHA256 df06a4aa3103e526004465b861eed81640b29e1d4521e5880d09da395873b954 SHA512 78702b9dc12c1ca2f84b66cf87e1b3039419a3a8eca895e0f72f8ed4d725e93e9d7e6b2b4cc684fa1fa09521bfc441b00ab20e57aa963fa6d5ff3fdbf91a28d8 WHIRLPOOL 843a42ba5b47c9d3923da3d2872cba3508c3ed03976297d7311005541732a1f5cd8145fe17050a16e530d00ba8042c855540fba53e2bbc514cdac12c685b2e4d @@ -33,6 +35,7 @@ DIST openssh-6.8p1-hpnssh14v5.tar.xz 24660 SHA256 dea2c5cdfd08d09f832a88aaf9d828 DIST openssh-6.8p1-r1-hpnssh14v5.tar.xz 24648 SHA256 87ab38507c7e4f1855c127f276c7c20e58bcd539dd303a37843d3d24ff72df7e SHA512 5883787b09330ae154f385bbc6bda8c6dbc727df7e9a96ddf4cb4a5162c932937bce8e3aa2b555ff4854df80b738c2ea1cdc4c170a10f9ed6252520edb070edb WHIRLPOOL e508fbfbb148fbd311927c4a88d388d1d15a1ee99e5445df0c774fd23acf7c87962682eab03a0bef6bd12c9d7149b047cbb145e60e6e947bd577e88110b47d52 DIST openssh-6.8p1-r3-hpnssh14v5.tar.xz 25396 SHA256 fc8d075679b659a15df919e1a946fae396b272e7da5de84d993ca0c90a212b43 SHA512 d710aab0f788a56615f951dc1e030d443dd6e14ef2944e41ef82e621b9406542142e095f2ebd4090f16471b08e300665c159edd7567cec17a178586b47aea92d WHIRLPOOL faee05730e96d00c09fb3ca39af39a516b602d841f894cd3b3e8051735eb8bcfb13674aba9b9b139d3407720791232af172a4c935453a525c92726b45fce4df7 DIST openssh-6.8p1-r4-hpnssh14v5.tar.xz 26448 SHA256 5d903a790987df90536c80cf94c9dccb0834bdd223b6bddc5c54bc7d25f9d383 SHA512 f71b8bf3d66c85d1b9e6fcab8f81d3f68c69c9af07fe158182a49438f3876bbe447d404d692ecdaf645af7885c6b10a89466b43e72e816017c925e4e007f2d32 WHIRLPOOL c95b02464ccc497a98ba1e8b3a8dfb5eec38c7214f438028f4d26b79adcf528baa480269063a46a0a8d113cd91f0e65de2e74693da8596143943e38b23afc23d +DIST openssh-6.8p1-r5-hpnssh14v5.tar.xz 27240 SHA256 4fe25701ea8717e88bf2355a76fb5370819f927af99efba3e4f06fe3264fbf58 SHA512 29a2086c6bf868bb1c8d2601e1ac83a82de48ed9f9cf6a3762b3f899112d939507b563d0117b4bec87008dd0434e0735e4a4f8c779a64d719d3873224918d16c WHIRLPOOL a4f3e841530d08363c94dfb55911e79f130668e459dc2e1ebb477c14dcf7d3bd71ad63c55e0ff2ba80684e67a8f40867b0a9fd01aabe3fe1533ef604f84a76b3 DIST openssh-6.8p1.tar.gz 1475953 SHA256 3ff64ce73ee124480b5bf767b9830d7d3c03bbcb6abe716b78f0192c37ce160e SHA512 7c4457e4525a56cdabb1164ffaf6bed1c094294ae7d06dd3484dcffcd87738fcffe7019b6cae0032c254b0389832644522d5a9f2603b50637ffeb9999b5fcede WHIRLPOOL 3ac9cc4fe0b11ca66c0220618d0ef0c5925e5605d4d3d55c9579b708c478cf8613b7575fe213aba57054d97d3290baac4eba26b7a630d22477ec947f22327a5a DIST openssh-lpk-6.7p1-0.3.14.patch.xz 16920 SHA256 0203e6e44e41d58ec46d1611d7efc985134e662bbee51632c29f43ae809003f0 SHA512 344ccde4a04aeb1500400f779e64b2d8a5ad2970de3c4c343ca9605758e22d3812ef5453cd3221b18ad74a9762583c62417879107e4e1dda1398a6a65bcd04b2 WHIRLPOOL 5b6beeb743d04deea70c8b471a328b5f056fd4651e1370c7882e5d12f54fa2170486dcd6f97aa8c58e80af9a2d4012e2dfbcf53185317976d309783ca8d6cf73 DIST openssh-lpk-6.8p1-0.3.14.patch.xz 16940 SHA256 d5f048dc7e9d3fca085c152fc31306f1d8fa793e524c538295915b075ec085b0 SHA512 2470b6b46f8c7ac985f82d14b788a3eb81a468a1d5013cb7f89257d9dd78b6037e24bf54ac57b757db8ed1df24332d659cf918c11ea73592fd24a69c25a54081 WHIRLPOOL b041ee9e0efdf370686f11df4131ab5e5ffb2f11cc66c386a8223bf563c5b78ab9443f06e4adc2e506e440cdec9dc5b20f5972cd8d691d786d2f903bb49b947b @@ -43,23 +46,24 @@ EBUILD openssh-6.8_p1-r1.ebuild 10084 SHA256 c0905c8c9f5a7c6c9ddb00aa61f6ba12164 EBUILD openssh-6.8_p1-r2.ebuild 10152 SHA256 5623f420dbcd5d535390f83d07b0c9c7d07ab7cdfd88fb916c79843f2c3baf0b SHA512 e326f438faf7106fad9c1ce0a8eb240c9da17fe1cbd3436885f17f17723fef8dfadee376775242731f2534b4bdf99dfc1e44c7f103c267938d5d924616991f93 WHIRLPOOL 6d351f4d85912e5978ea3b44edcd4bdbf7906ab993dce5bd13e45f3f77cd2925bcc0ef448beb589c91f059db7c7997d24b403664fa1dde8cc35117feeca277cf EBUILD openssh-6.8_p1-r3.ebuild 10218 SHA256 f5e40e903d70cb9373cd8d908cffc2eb42dfe84a78a5eb912bb1473154fdb52a SHA512 5ad4aa2064a8d6768bc4d9b7a98a727f51b3da5a37851d8c5f6c1c7e604a4bb9c6376483c4b5afe61d4b0bc6653ab76633146b971ab2677f86c7f3ec3312696e WHIRLPOOL 5d38ae9bce4cffba2a15eaedbacdd08889b3a0c9e56f9c159f6986eb0700fc443ea294b4ed89e2e9c6b4ae9cf21601b09298e33e90e80ca97fb4608dfefa8031 EBUILD openssh-6.8_p1-r4.ebuild 10246 SHA256 a4dd9eb1911a2f73b7352a9626134d179dee0c68b12aeaf353df28ad3f444d45 SHA512 9b1835563bf69e6716e375dd6334b989e39ad2184e045ddbeb827f74210126e106b74539ac474e0a8357207dc0c853c1750f3693280859d9aa4ee08696b613db WHIRLPOOL 157639dfccb055ebd61a0f5f9b2b601f2fd49a466cd933fabff758bcb9b73903967c90bdcb8e7deb0595e54e05a913802b4e5c920b4645518cb0f3a49a8fd320 +EBUILD openssh-6.8_p1-r5.ebuild 10577 SHA256 7ad36f2bb01a24c2421e76c240c151c4c3bbcb0e99b5780e3ee4a11a1d9b1b10 SHA512 f301ab241cf9fed3612d6281143376e118f0e75813cf8c4409af4f76eb2a259272f97c072d178c6ae10cca9545ea12d1fec31ac5c4959ddc7b75fcbcfb8dd850 WHIRLPOOL adee554a35cb545c192312f9731e71d23479d89d1b219b945e59b50b94f887e0371d8580688ea5406ed0085a65dd7696a9ebf0ce10423edbaac3466b5509306a EBUILD openssh-6.8_p1.ebuild 10045 SHA256 13378c09cc4ceec7cd1b8c12ad925db87c9d37910edb679eb2404527226ee18d SHA512 daa5ba19f6fbc0ac7104c8c7822b22745736bf864999ade1e205d1b7184e0fd67f997c4635ab2335eafdf2d2917cf677764080d3004b24935f4189fce338010f WHIRLPOOL b8d40e35bf44bf26296c8d87e3b293b31f767920afb288a10deff8a9ceeb1c130b4da2697d7ce970091d0810c5d1e3839640e2ebee2f0d63b8ca5b0f430c0c0c -MISC ChangeLog 93272 SHA256 a9cb61623d710a9acd69fc7dd78fc468536cc5ad2ab9a4b5e2ea7a8b3c598f8c SHA512 6683fded2e4962dae0e76c4fa276af83e19b7dae0f810bb0821c91d7dd5d673ae135f481315575443ab54024c8dab07607175ce90b56af4fbb9c360f0207ac33 WHIRLPOOL 0d9efc84fe0eb5157442b6f2c3fdf8faadb62dd9a3b4c8664802c703c049a442832b5b8f93aa07130678648023dbffec0741f3e0914bad8740890d5c90d6d95c +MISC ChangeLog 93585 SHA256 0577ddbce91086375f1c6c41c0d4cdde4d7b32c0e8956af3e6df83e9be0a7b8d SHA512 0b7bff9e3ccfb30c4948677ca3aff2d192a22cd2d7d2cf9067c26bf5bde2940fe330b405f8743f634ff42583aa2337511ae652c750a36f83bf4a6bd84210426a WHIRLPOOL 3d40f4401edfaddebb3d7325ae523bf0af7e5edbdf368dc2807e0f16b7942a070f221ca7bea220da55363bed85a6f2d7b7858dce23fce364e5962a1ec0b8a8ce MISC metadata.xml 2049 SHA256 db7830f81086b967b8212af7c318bf27d22ac7db58b1a4d9c80cc86453ff03ab SHA512 3641e38203376c78fddc11b9d5861bdb629a1f9faf2768be5dc35f62ef3d37636a2f9f990e3ade1de2cec45d33a5fcdf7bb0dcd5f4376d40753fe29b354da42e WHIRLPOOL 6a7497491a150ede87bf20f5da5ed9003d545c9c376db7b78a6c1db66b1b90213f5f97d9211fb8b1ab204c1814c1a90d7be77a2d83cc045cf0762b4d2708c56a -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 -iQIcBAEBCAAGBQJVK1AsAAoJEPGu1DbS6WIAqhsQAJTp3X+nD37DLjF8KhM2P1Bf -Se4TglrrdwBv6HRr8S7+LVkthW0OnBuN1xH/jRqYsjkDk7Av61UQcgxiJ4pbEsn6 -M98MrFfQWKFknHvsLTcrbeLUbfv61p1N3ZlKRCvlt6/srtHsygpE3zQ862lcEA4K -LoHdE8e8r5gkQbCrVTLNwXO+ePSd+hmxz5g4Kdzpz0/4lUM98EW6o6j4Jd76HuUr -lraPpvVz0IJm+QZVIcJwIV1ZpGaMDM4D5Og8sSQ9zKpwwK6LqE4OLDGARGaD+8NW -kZpTSIgOOCFqp2y1gEvpircl2gkXibxRRbm3rraY/p6fdxxJOUV11y6NePZ6wMer -341XaZtuqeBZhpMAP+SsI9g2ZHrykUOTg8PlE27qUJKxCzxb9Limg7EFrP85+++1 -LAXInlrs+O+tM5SmRM/YRNrSZ2wz8w91bMBvC726BvPXRhPcWEYN5APVptUhjMzC -If1svfq6nl72C8d8daQXK2kgxm9biV9lw7I/3X5sw85ABH2aK8m2r1S2CkM3ir3J -NWkW//uTQLvutAyKTVibdsF+olcQJkgkQHYPcE/wQBDrt3borpW6IRR4L3m6UGJj -SwEPbg9fS0ENTuKWCB0l5q06dQbdNgqiCrN8uW5gY4Y3ervFR9q4uWiSM6doBdau -Y3L5VyM4MMXHSHQDurqn -=i2Zb +iQIcBAEBCAAGBQJVPw8JAAoJEPGu1DbS6WIAGc4P/jtXcoOTD3yW03DeK9o66R/s +4TJpFY5OWSP4D+81G0eQMO6p+1jda+SNU5U1giT3g8T5+M82MZbgT7J4wH6G357/ +z5Gzd12oraC0Nsr6UDjFKQFmB238M8fsyLjaHQDTODc14HubAyba0c3HOWoGVGa1 +jj1K8UWAYdmU2bAa0P8CvFFl/uKZ393fWBrYYwXaZg6WkRfCKV/ZzqJABjg1It1S +zKaqaZEZGSILwCn1sJF8oH8VXmYsD4Mmm/1yW/cU3t+1r4WbkhxRnZnga1tAlQZx +QmiKCNbGj+R6pbSyQdZ4glOAtqptuT7cuZ16qHd2Sv9z72zD6BoqqgtPOI2VX+tL +thvbpBF5gJ1DKPGPuc9ExUngbEeNVmj5Edbctvh9TKY1ize0P83pV0yfoNBDB9zp +jzbZRg+OF+KPlDxbr8hXBcwYOXZ0Wix529sYEEH5PJT5aLSiURVnVJc2tdB442rk +/XEdc6+MBrtCj5F4Xws2AiEv+7CTp7VBlJHI1bDBOtCaJ9Lk48omfVHVCerL1Uyl +eLRPUWmVEy0nqE/NMunpjeXxb359HISqUIHj1TjanhoH+e+buHN3iYnaZFfB7vpK +zhYTaLMjtULYHi9v7kLIDsHPsjhJ/haBbizYFiAdYPom7mOxwuE8rhVvNl/jTTCb +PcQ50Phei1tSpxEmqYxS +=JiAS -----END PGP SIGNATURE----- diff --git a/net-misc/openssh/files/openssh-6.8_p1-teraterm-hpn-glue.patch b/net-misc/openssh/files/openssh-6.8_p1-teraterm-hpn-glue.patch new file mode 100644 index 000000000000..e72b1e6bafaa --- /dev/null +++ b/net-misc/openssh/files/openssh-6.8_p1-teraterm-hpn-glue.patch @@ -0,0 +1,15 @@ +--- a/0005-support-dynamically-sized-receive-buffers.patch ++++ b/0005-support-dynamically-sized-receive-buffers.patch +@@ -411,10 +411,10 @@ index af2f007..41b782b 100644 + --- a/compat.h + +++ b/compat.h + @@ -60,6 +60,7 @@ +- #define SSH_NEW_OPENSSH 0x04000000 + #define SSH_BUG_DYNAMIC_RPORT 0x08000000 + #define SSH_BUG_CURVE25519PAD 0x10000000 +-+#define SSH_BUG_LARGEWINDOW 0x20000000 ++ #define SSH_BUG_HOSTKEYS 0x20000000 +++#define SSH_BUG_LARGEWINDOW 0x40000000 + + void enable_compat13(void); + void enable_compat20(void); diff --git a/net-misc/openssh/files/openssh-6.8_p1-teraterm.patch b/net-misc/openssh/files/openssh-6.8_p1-teraterm.patch new file mode 100644 index 000000000000..f99e92f29e33 --- /dev/null +++ b/net-misc/openssh/files/openssh-6.8_p1-teraterm.patch @@ -0,0 +1,69 @@ +https://bugs.gentoo.org/547944 + +From d8f391caef62378463a0e6b36f940170dadfe605 Mon Sep 17 00:00:00 2001 +From: "dtucker@openbsd.org" <dtucker@openbsd.org> +Date: Fri, 10 Apr 2015 05:16:50 +0000 +Subject: [PATCH] upstream commit + +Don't send hostkey advertisments + (hostkeys-00@openssh.com) to current versions of Tera Term as they can't + handle them. Newer versions should be OK. Patch from Bryan Drewery and + IWAMOTO Kouichi, ok djm@ +--- + compat.c | 13 ++++++++++++- + compat.h | 3 ++- + sshd.c | 6 +++++- + 3 files changed, 19 insertions(+), 3 deletions(-) + +diff --git a/compat.c b/compat.c +index 2498168..0934de9 100644 +--- a/compat.c ++++ b/compat.c +@@ -167,6 +167,17 @@ compat_datafellows(const char *version) + SSH_BUG_SCANNER }, + { "Probe-*", + SSH_BUG_PROBE }, ++ { "TeraTerm SSH*," ++ "TTSSH/1.5.*," ++ "TTSSH/2.1*," ++ "TTSSH/2.2*," ++ "TTSSH/2.3*," ++ "TTSSH/2.4*," ++ "TTSSH/2.5*," ++ "TTSSH/2.6*," ++ "TTSSH/2.70*," ++ "TTSSH/2.71*," ++ "TTSSH/2.72*", SSH_BUG_HOSTKEYS }, + { NULL, 0 } + }; + +diff --git a/compat.h b/compat.h +index af2f007..83507f0 100644 +--- a/compat.h ++++ b/compat.h +@@ -60,6 +60,7 @@ + #define SSH_NEW_OPENSSH 0x04000000 + #define SSH_BUG_DYNAMIC_RPORT 0x08000000 + #define SSH_BUG_CURVE25519PAD 0x10000000 ++#define SSH_BUG_HOSTKEYS 0x20000000 + + void enable_compat13(void); + void enable_compat20(void); +diff --git a/sshd.c b/sshd.c +index 6aa17fa..60b0cd4 100644 +--- a/sshd.c ++++ b/sshd.c +@@ -928,6 +928,10 @@ notify_hostkeys(struct ssh *ssh) + int i, nkeys, r; + char *fp; + ++ /* Some clients cannot cope with the hostkeys message, skip those. */ ++ if (datafellows & SSH_BUG_HOSTKEYS) ++ return; ++ + if ((buf = sshbuf_new()) == NULL) + fatal("%s: sshbuf_new", __func__); + for (i = nkeys = 0; i < options.num_host_key_files; i++) { +-- +2.3.6 + diff --git a/net-misc/openssh/openssh-6.8_p1-r5.ebuild b/net-misc/openssh/openssh-6.8_p1-r5.ebuild new file mode 100644 index 000000000000..5688cf36f53e --- /dev/null +++ b/net-misc/openssh/openssh-6.8_p1-r5.ebuild @@ -0,0 +1,332 @@ +# Copyright 1999-2015 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/net-misc/openssh/openssh-6.8_p1-r5.ebuild,v 1.1 2015/04/28 04:39:35 vapier Exp $ + +EAPI="4" +inherit eutils user flag-o-matic multilib autotools pam systemd versionator + +# Make it more portable between straight releases +# and _p? releases. +PARCH=${P/_} + +HPN_PATCH="${PN}-6.8p1-r5-hpnssh14v5.tar.xz" +LDAP_PATCH="${PN}-lpk-6.8p1-0.3.14.patch.xz" +X509_VER="8.3.1" X509_PATCH="${PARCH}+x509-${X509_VER}.diff.gz" + +DESCRIPTION="Port of OpenBSD's free SSH release" +HOMEPAGE="http://www.openssh.org/" +SRC_URI="mirror://openbsd/OpenSSH/portable/${PARCH}.tar.gz + mirror://gentoo/${P}-sctp.patch.xz + ${HPN_PATCH:+hpn? ( + mirror://gentoo/${HPN_PATCH} + http://dev.gentoo.org/~vapier/dist/${HPN_PATCH} + mirror://sourceforge/hpnssh/${HPN_PATCH} + )} + ${LDAP_PATCH:+ldap? ( mirror://gentoo/${LDAP_PATCH} )} + ${X509_PATCH:+X509? ( + http://roumenpetrov.info/openssh/x509-${X509_VER}/${X509_PATCH} + mirror://gentoo/${P}-x509-${X509_VER}-glue.patch.xz + )} + " + +LICENSE="BSD GPL-2" +SLOT="0" +KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~arm-linux ~x86-linux" +# Probably want to drop ssh1/ssl defaulting to on in a future version. +IUSE="bindist debug ${HPN_PATCH:++}hpn kerberos kernel_linux ldap ldns libedit pam +pie sctp selinux skey +ssh1 +ssl static X X509" +REQUIRED_USE="pie? ( !static ) + ssh1? ( ssl ) + static? ( !kerberos !pam ) + X509? ( !ldap ssl )" + +LIB_DEPEND="sctp? ( net-misc/lksctp-tools[static-libs(+)] ) + selinux? ( >=sys-libs/libselinux-1.28[static-libs(+)] ) + skey? ( >=sys-auth/skey-1.1.5-r1[static-libs(+)] ) + libedit? ( dev-libs/libedit[static-libs(+)] ) + ssl? ( + >=dev-libs/openssl-0.9.6d:0[bindist=] + dev-libs/openssl[static-libs(+)] + ) + >=sys-libs/zlib-1.2.3[static-libs(+)]" +RDEPEND=" + !static? ( + ${LIB_DEPEND//\[static-libs(+)]} + ldns? ( + !bindist? ( net-libs/ldns[ecdsa,ssl] ) + bindist? ( net-libs/ldns[-ecdsa,ssl] ) + ) + ) + pam? ( virtual/pam ) + kerberos? ( virtual/krb5 ) + ldap? ( net-nds/openldap )" +DEPEND="${RDEPEND} + static? ( + ${LIB_DEPEND} + ldns? ( + !bindist? ( net-libs/ldns[ecdsa,ssl,static-libs(+)] ) + bindist? ( net-libs/ldns[-ecdsa,ssl,static-libs(+)] ) + ) + ) + virtual/pkgconfig + virtual/os-headers + sys-devel/autoconf" +RDEPEND="${RDEPEND} + pam? ( >=sys-auth/pambase-20081028 ) + userland_GNU? ( virtual/shadow ) + X? ( x11-apps/xauth )" + +S=${WORKDIR}/${PARCH} + +pkg_setup() { + # this sucks, but i'd rather have people unable to `emerge -u openssh` + # than not be able to log in to their server any more + maybe_fail() { [[ -z ${!2} ]] && echo "$1" ; } + local fail=" + $(use X509 && maybe_fail X509 X509_PATCH) + $(use ldap && maybe_fail ldap LDAP_PATCH) + $(use hpn && maybe_fail hpn HPN_PATCH) + " + fail=$(echo ${fail}) + if [[ -n ${fail} ]] ; then + eerror "Sorry, but this version does not yet support features" + eerror "that you requested: ${fail}" + eerror "Please mask ${PF} for now and check back later:" + eerror " # echo '=${CATEGORY}/${PF}' >> /etc/portage/package.mask" + die "booooo" + fi + + # Make sure people who are using tcp wrappers are notified of its removal. #531156 + if grep -qs '^ *sshd *:' "${EROOT}"/etc/hosts.{allow,deny} ; then + eerror "Sorry, but openssh no longer supports tcp-wrappers, and it seems like" + eerror "you're trying to use it. Update your ${EROOT}etc/hosts.{allow,deny} please." + die "USE=tcpd no longer works" + fi +} + +save_version() { + # version.h patch conflict avoidence + mv version.h version.h.$1 + cp -f version.h.pristine version.h +} + +src_prepare() { + sed -i \ + -e "/_PATH_XAUTH/s:/usr/X11R6/bin/xauth:${EPREFIX}/usr/bin/xauth:" \ + pathnames.h || die + # keep this as we need it to avoid the conflict between LPK and HPN changing + # this file. + cp version.h version.h.pristine + + # don't break .ssh/authorized_keys2 for fun + sed -i '/^AuthorizedKeysFile/s:^:#:' sshd_config || die + + epatch "${FILESDIR}"/${PN}-6.8_p1-sshd-gssapi-multihomed.patch #378361 + if use X509 ; then + pushd .. >/dev/null + epatch "${WORKDIR}"/${P}-x509-${X509_VER}-glue.patch + epatch "${FILESDIR}"/${P}-sctp-x509-glue.patch + popd >/dev/null + epatch "${WORKDIR}"/${X509_PATCH%.*} + epatch "${FILESDIR}"/${PN}-6.3_p1-x509-hpn14v2-glue.patch + save_version X509 + fi + if use ldap ; then + epatch "${WORKDIR}"/${LDAP_PATCH%.*} + save_version LPK + fi + epatch "${FILESDIR}"/${PN}-4.7_p1-GSSAPI-dns.patch #165444 integrated into gsskex + epatch "${FILESDIR}"/${PN}-6.7_p1-openssl-ignore-status.patch + epatch "${FILESDIR}"/${PN}-6.8_p1-ssh-keygen-no-ssh1.patch #544078 + epatch "${FILESDIR}"/${PN}-6.8_p1-teraterm.patch #547944 + # The X509 patchset fixes this independently. + use X509 || epatch "${FILESDIR}"/${PN}-6.8_p1-ssl-engine-configure.patch + epatch "${WORKDIR}"/${P}-sctp.patch + if use hpn ; then + # The teraterm patch pulled in an upstream update. + pushd "${WORKDIR}"/${HPN_PATCH%.*.*} >/dev/null + epatch "${FILESDIR}"/${PN}-6.8_p1-teraterm-hpn-glue.patch + popd >/dev/null + EPATCH_FORCE="yes" EPATCH_SUFFIX="patch" \ + EPATCH_MULTI_MSG="Applying HPN patchset ..." \ + epatch "${WORKDIR}"/${HPN_PATCH%.*.*} + save_version HPN + fi + + tc-export PKG_CONFIG + local sed_args=( + -e "s:-lcrypto:$(${PKG_CONFIG} --libs openssl):" + # Disable PATH reset, trust what portage gives us #254615 + -e 's:^PATH=/:#PATH=/:' + # Disable fortify flags ... our gcc does this for us + -e 's:-D_FORTIFY_SOURCE=2::' + ) + # The -ftrapv flag ICEs on hppa #505182 + use hppa && sed_args+=( + -e '/CFLAGS/s:-ftrapv:-fdisable-this-test:' + -e '/OSSH_CHECK_CFLAG_LINK.*-ftrapv/d' + ) + sed -i "${sed_args[@]}" configure{.ac,} || die + + epatch_user #473004 + + # Now we can build a sane merged version.h + ( + sed '/^#define SSH_RELEASE/d' version.h.* | sort -u + macros=() + for p in HPN LPK X509 ; do [ -e version.h.${p} ] && macros+=( SSH_${p} ) ; done + printf '#define SSH_RELEASE SSH_VERSION SSH_PORTABLE %s\n' "${macros}" + ) > version.h + + eautoreconf +} + +src_configure() { + addwrite /dev/ptmx + addpredict /etc/skey/skeykeys # skey configure code triggers this + + use debug && append-cppflags -DSANDBOX_SECCOMP_FILTER_DEBUG + use static && append-ldflags -static + + local myconf=( + --with-ldflags="${LDFLAGS}" + --disable-strip + --with-pid-dir="${EPREFIX}"$(usex kernel_linux '' '/var')/run + --sysconfdir="${EPREFIX}"/etc/ssh + --libexecdir="${EPREFIX}"/usr/$(get_libdir)/misc + --datadir="${EPREFIX}"/usr/share/openssh + --with-privsep-path="${EPREFIX}"/var/empty + --with-privsep-user=sshd + $(use_with kerberos kerberos5 "${EPREFIX}"/usr) + # We apply the ldap patch conditionally, so can't pass --without-ldap + # unconditionally else we get unknown flag warnings. + $(use ldap && use_with ldap) + $(use_with ldns) + $(use_with libedit) + $(use_with pam) + $(use_with pie) + $(use_with sctp) + $(use_with selinux) + $(use_with skey) + $(use_with ssh1) + # The X509 patch deletes this option entirely. + $(use X509 || use_with ssl openssl) + $(use_with ssl md5-passwords) + $(use_with ssl ssl-engine) + ) + + # Special settings for Gentoo/FreeBSD 9.0 or later (see bug #391011) + if use elibc_FreeBSD && version_is_at_least 9.0 "$(uname -r|sed 's/\(.\..\).*/\1/')" ; then + myconf+=( --disable-utmp --disable-wtmp --disable-wtmpx ) + append-ldflags -lutil + fi + + econf "${myconf[@]}" +} + +src_install() { + emake install-nokeys DESTDIR="${D}" + fperms 600 /etc/ssh/sshd_config + dobin contrib/ssh-copy-id + newinitd "${FILESDIR}"/sshd.rc6.4 sshd + newconfd "${FILESDIR}"/sshd.confd sshd + keepdir /var/empty + + newpamd "${FILESDIR}"/sshd.pam_include.2 sshd + if use pam ; then + sed -i \ + -e "/^#UsePAM /s:.*:UsePAM yes:" \ + -e "/^#PasswordAuthentication /s:.*:PasswordAuthentication no:" \ + -e "/^#PrintMotd /s:.*:PrintMotd no:" \ + -e "/^#PrintLastLog /s:.*:PrintLastLog no:" \ + "${ED}"/etc/ssh/sshd_config || die + fi + + # Gentoo tweaks to default config files + cat <<-EOF >> "${ED}"/etc/ssh/sshd_config + + # Allow client to pass locale environment variables #367017 + AcceptEnv LANG LC_* + EOF + cat <<-EOF >> "${ED}"/etc/ssh/ssh_config + + # Send locale environment variables #367017 + SendEnv LANG LC_* + EOF + + # This instruction is from the HPN webpage, + # Used for the server logging functionality + if [[ -n ${HPN_PATCH} ]] && use hpn ; then + keepdir /var/empty/dev + fi + + if ! use X509 && [[ -n ${LDAP_PATCH} ]] && use ldap ; then + insinto /etc/openldap/schema/ + newins openssh-lpk_openldap.schema openssh-lpk.schema + fi + + doman contrib/ssh-copy-id.1 + dodoc ChangeLog CREDITS OVERVIEW README* TODO sshd_config + + diropts -m 0700 + dodir /etc/skel/.ssh + + systemd_dounit "${FILESDIR}"/sshd.{service,socket} + systemd_newunit "${FILESDIR}"/sshd_at.service 'sshd@.service' +} + +src_test() { + local t tests skipped failed passed shell + tests="interop-tests compat-tests" + skipped="" + shell=$(egetshell ${UID}) + if [[ ${shell} == */nologin ]] || [[ ${shell} == */false ]] ; then + elog "Running the full OpenSSH testsuite" + elog "requires a usable shell for the 'portage'" + elog "user, so we will run a subset only." + skipped="${skipped} tests" + else + tests="${tests} tests" + fi + # It will also attempt to write to the homedir .ssh + local sshhome=${T}/homedir + mkdir -p "${sshhome}"/.ssh + for t in ${tests} ; do + # Some tests read from stdin ... + HOMEDIR="${sshhome}" \ + emake -k -j1 ${t} </dev/null \ + && passed="${passed}${t} " \ + || failed="${failed}${t} " + done + einfo "Passed tests: ${passed}" + ewarn "Skipped tests: ${skipped}" + if [[ -n ${failed} ]] ; then + ewarn "Failed tests: ${failed}" + die "Some tests failed: ${failed}" + else + einfo "Failed tests: ${failed}" + return 0 + fi +} + +pkg_preinst() { + enewgroup sshd 22 + enewuser sshd 22 -1 /var/empty sshd +} + +pkg_postinst() { + if has_version "<${CATEGORY}/${PN}-5.8_p1" ; then + elog "Starting with openssh-5.8p1, the server will default to a newer key" + elog "algorithm (ECDSA). You are encouraged to manually update your stored" + elog "keys list as servers update theirs. See ssh-keyscan(1) for more info." + fi + ewarn "Remember to merge your config files in /etc/ssh/ and then" + ewarn "reload sshd: '/etc/init.d/sshd reload'." + # This instruction is from the HPN webpage, + # Used for the server logging functionality + if [[ -n ${HPN_PATCH} ]] && use hpn ; then + einfo "For the HPN server logging patch, you must ensure that" + einfo "your syslog application also listens at /var/empty/dev/log." + fi + elog "Note: openssh-6.7 versions no longer support USE=tcpd as upstream has" + elog " dropped it. Make sure to update any configs that you might have." +} |