Update the LDAP patches, also mailed to upstream.

Package-Manager: portage-2.2_rc8/cvs/Linux 2.6.27-rc1-10246-gca5de40 x86_64
author: Robin H. Johnson <robbat2@gentoo.org> 2008-08-23 22:14:17 +0000
committer: Robin H. Johnson <robbat2@gentoo.org> 2008-08-23 22:14:17 +0000
commit: b67dbea674b302117febac5a6ec14270f5db0e73 (patch)
tree: ed06fc5c0595b376ab6eca674cd99d27f34cf246 /net-misc
parent: Forward-port the X509/hpn glue patch per bug #235086. (diff)
download: historical-b67dbea674b302117febac5a6ec14270f5db0e73.tar.gz
historical-b67dbea674b302117febac5a6ec14270f5db0e73.tar.bz2
historical-b67dbea674b302117febac5a6ec14270f5db0e73.zip
5 files changed, 237 insertions, 3 deletions
diff --git a/net-misc/openssh/ChangeLog b/net-misc/openssh/ChangeLog
index 8ea1e6ff0654..aa91636c1800 100644
--- a/net-misc/openssh/ChangeLog
+++ b/net-misc/openssh/ChangeLog
@@ -1,6 +1,13 @@
 # ChangeLog for net-misc/openssh
 # Copyright 1999-2008 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/net-misc/openssh/ChangeLog,v 1.313 2008/08/23 21:33:05 robbat2 Exp $
+# $Header: /var/cvsroot/gentoo-x86/net-misc/openssh/ChangeLog,v 1.314 2008/08/23 22:14:16 robbat2 Exp $
+
+*openssh-5.1_p1-r1 (23 Aug 2008)
+
+  23 Aug 2008; Robin H. Johnson <robbat2@gentoo.org>
+  +files/openssh-5.1_p1-ldap-hpn-glue.patch, metadata.xml,
+  +openssh-5.1_p1-r1.ebuild:
+  Update the LDAP patches, also mailed to upstream.
 
   23 Aug 2008; Robin H. Johnson <robbat2@gentoo.org>
   +files/openssh-5.1_p1-x509-hpn-glue.patch, openssh-5.1_p1.ebuild:
diff --git a/net-misc/openssh/Manifest b/net-misc/openssh/Manifest
index 3e942b7b021a..1ca2df476d6c 100644
--- a/net-misc/openssh/Manifest
+++ b/net-misc/openssh/Manifest
@@ -17,6 +17,7 @@ AUX openssh-4.7_p1-packet-size.patch 1130 RMD160 b604b500747f5b53c9ddc3950adfaca
 AUX openssh-4.7_p1-x509-hpn-glue.patch 2734 RMD160 ff6961d2b5b018121c6c40af91b485d47eec1d29 SHA1 a081eaac28e6f761dbe2345263f8eaf810f0fa59 SHA256 6e27def1aaf61da6d4c8bb64d1068d255ffad86453cbc8ff6c42dd9e823bff9b
 AUX openssh-4.7p1-selinux.diff 541 RMD160 bcb8f1fef2ae8378e7000732223c6116e06e0d6f SHA1 395b4dcff3eb7b92582a4364e612fff87278e7bc SHA256 ef8d71c46059bdcc8487cad06914639a8237197561cc030d8eed3baf418cc810
 AUX openssh-4.9_p1-x509-hpn-glue.patch 2741 RMD160 54c645340e491dc915d5b8c7f02e089d2663e1ad SHA1 c3ba982038b2bf31e23c747afcbab540933caf0c SHA256 d0da5449d3226baf3bd25080a74550af75946d87c686a79841c41178aecb8c83
+AUX openssh-5.1_p1-ldap-hpn-glue.patch 1666 RMD160 5fbcc5c60f9a8f44967c258749e2379295015ae2 SHA1 dfdf6fd489a1a2db4cc25d7fc49d31769d48c07d SHA256 f92037859510902f7bc7b97c92dc989614e0d2c07e5812b4d787b38892f3a6a3
 AUX openssh-5.1_p1-x509-hpn-glue.patch 3373 RMD160 024d7f17972907a591a067bfd0883ba0c0b297d0 SHA1 1b2ad74448c695bedee22a48d0bca879605c23d0 SHA256 0d9b10881a9207e5feec7429693b34fa56464e2c9e4fea1540d258ee2000e37a
 AUX openssh-securid-1.3.1-updates.patch 445 RMD160 b1db3dfa75f7e03d0dff41e85e285f8b749f27f0 SHA1 757a8b0c1586fdcbff0762b39a52f1b315d4b110 SHA256 11c95cc508d20c8eb1e8faa0d2b5e68346cbb93db8fb560cfa8b4d2c0d1104b3
 AUX sshd.confd 396 RMD160 029680b2281961130a815ef599750c4fc4e84987 SHA1 23c283d0967944b6125be26ed4628f49abf586b2 SHA256 29c6d57ac3ec6018cadc6ba6cd9b90c9ed46e20049b970fdcc68ee2481a2ee41
@@ -49,6 +50,7 @@ DIST openssh-5.1p1.tar.gz 1040041 RMD160 24293ad89633cfd4791f08eb3442becb7e5788c
 DIST openssh-lpk-4.4p1-0.3.7.patch 61187 RMD160 90b0bbe07a3617f6eecb9f77c1a38c5f4dd4dcaf SHA1 b1854a4391c5d11f1a5ab09059643bbaf2278009 SHA256 c74aa642b4b2eeceb0c3f554752d172f8d5a7cd30f2aae517e93ef3bf1bd24e7
 DIST openssh-lpk-4.5p1-0.3.8-no-configure.patch 58327 RMD160 464eb3e29f77d2d1e9785ea7cbae5c6d6bb0aff5 SHA1 5020b325b845de131236a489f2bbf19da64aff6e SHA256 ffbd706fb543709d1be0d37af50de561ed9a4271508f0df3b951d6a1db5eb1eb
 DIST openssh-lpk-4.6p1-0.3.9.patch 61605 RMD160 1bf1830192c3eba43c66c3c6469740724cb1ecf2 SHA1 2d0d41f6913d6e899e58a4b569afa30aadf82092 SHA256 e12335e8bf020508ea3866db07b306f4c965e3f9de262c06f62fad494e93107e
+DIST openssh-lpk-5.1p1-0.3.10.patch.gz 17922 RMD160 b569ea5ab867294796f8db698016e656fcc31cd3 SHA1 510a1bad95d7b3c0d52a3bd6202b0495e6388369 SHA256 90cce711526c9caed6af32539c00cb51c922df14c2f1d0106c4eb593cf62321e
 EBUILD openssh-4.4_p1-r6.ebuild 5334 RMD160 26865cfe4204858d1ed2f63e48d6b6ec5f580526 SHA1 a4f4acc964cf18fdcf465450c3857a216f7060cd SHA256 1bb9d7bdba7e9eb908812795486d90b9fd3f43eeb137bb6ebb178769540eb580
 EBUILD openssh-4.5_p1-r2.ebuild 5348 RMD160 88bc9d6be2994636c10c30c64039bdd521a8f09a SHA1 dd6f0cfd2628b70e2c2ddf9aa411021d9d7dc637 SHA256 415caf47b52426dea64bc0ca64148d3e54abc43299e6d0ac58f7af2f5e99f97d
 EBUILD openssh-4.6_p1-r4.ebuild 4937 RMD160 f838478ca926cdf55c819b6cd1c88145b0b51568 SHA1 ad6616420e30d57dd74651b5eb441e06ad25b480 SHA256 ba750007cc8ffca96d3669f80fcd50c41850f735a191ced808cf5e850fef95cc
@@ -56,6 +58,7 @@ EBUILD openssh-4.7_p1-r20.ebuild 5364 RMD160 7e9a66b5d54b49f83ae8c85dc6cef9aa431
 EBUILD openssh-4.7_p1-r6.ebuild 5351 RMD160 a2e3b8435e17ec0697a49a2da195f95cdaeab947 SHA1 3b9a1137874658af134c462b3de434182d4c2330 SHA256 f21dd1253baa4de4994798afc25a1f2a656705787083d3f619856656b966f059
 EBUILD openssh-5.0_p1-r1.ebuild 5185 RMD160 7a6f156064ad1fe10b0147dd3d90727139b5c895 SHA1 520a472607295a03a60cb6a7f3ce46e155123f40 SHA256 87a98ecf1a680b78098bbd2cb11a231f986ec6d0ec7b467e1e5be88e1a67fc96
 EBUILD openssh-5.0_p1-r2.ebuild 5239 RMD160 6ccb10bacc5e8d21ab9f44d043f606dd50bea1dc SHA1 26ec517a579b65d9d916746bc1c0acc918c0edf1 SHA256 3763ef177f53a9bccbf449aa3bde6568a1dce1fb7429fd95721e0b45423ceb69
+EBUILD openssh-5.1_p1-r1.ebuild 5299 RMD160 154ceada3be53c4e2689890c56fff1e258c0b189 SHA1 9a6866262121bda5d287d4702a0efa6683a11f66 SHA256 41aa73614f453f5db6465311ba84f36be5b8d7c3980447bebbe8d0c6f873259c
 EBUILD openssh-5.1_p1.ebuild 5226 RMD160 710cfec6f73453180c5b9a7fea91edf1ffd2e95c SHA1 a2d8d632c93e28893cfafce5516db3bb9cb6ad69 SHA256 47e242e1ea13ff70b908aebcf2158c0b842937466772a25eb0d71490db895de2
-MISC ChangeLog 49096 RMD160 9fa877dcb1c93a1762eb8c5933406abe4f6a2309 SHA1 2ef8d66b066948bdb5d2e1cd27b620ce11f435d6 SHA256 f2c7da9d1334e4ec5eaa209b5506d414e9b05301e252600ee4888c45bab0c7be
-MISC metadata.xml 1554 RMD160 9914cb690917ebe26ef74ffbb9cc7ddf7ae99b08 SHA1 3bf7fbc28cee4450ecd12cdd83ff85f9e4388fa9 SHA256 cc148ff9ad461dbc5977a867cfdc1e2254f48b3bdf59f24e054b654f29b5b8ae
+MISC ChangeLog 49324 RMD160 e9d3e26ba0fbc17a422b32d9840f645798b56293 SHA1 fe57fb7d4f1ad3ac26a96985db9cea9df604e8e8 SHA256 9c01296b60f2ad042b62d59bbb30347437b37238f4ee9e654561ecc11e175ae7
+MISC metadata.xml 1628 RMD160 aca326c3a7d35beb72e509128e234f15af33b04e SHA1 44a5909d6b04fd53b68a534d23b93927f3843b95 SHA256 6e0604824c21b1d064beffe9ab2aebb1c6752d7116fa4ce7c29ab749a837720d
diff --git a/net-misc/openssh/files/openssh-5.1_p1-ldap-hpn-glue.patch b/net-misc/openssh/files/openssh-5.1_p1-ldap-hpn-glue.patch
new file mode 100644
index 000000000000..e6e22e865da6
--- /dev/null
+++ b/net-misc/openssh/files/openssh-5.1_p1-ldap-hpn-glue.patch
@@ -0,0 +1,55 @@
+diff -Nuar --exclude '*.rej' --exclude '*.orig' openssh-5.1p1+lpk/servconf.c openssh-5.1p1+lpk+glue/servconf.c
+--- openssh-5.1p1+lpk/servconf.c	2008-08-23 14:37:18.000000000 -0700
++++ openssh-5.1p1+lpk+glue/servconf.c	2008-08-23 14:52:19.000000000 -0700
+@@ -111,6 +111,25 @@
+ 	options->num_allow_groups = 0;
+ 	options->num_deny_groups = 0;
+ 	options->ciphers = NULL;
++#ifdef WITH_LDAP_PUBKEY
++ 	/* XXX dirty */
++ 	options->lpk.ld = NULL;
++ 	options->lpk.on = -1;
++ 	options->lpk.servers = NULL;
++ 	options->lpk.u_basedn = NULL;
++ 	options->lpk.g_basedn = NULL;
++ 	options->lpk.binddn = NULL;
++ 	options->lpk.bindpw = NULL;
++ 	options->lpk.sgroup = NULL;
++ 	options->lpk.filter = NULL;
++ 	options->lpk.fgroup = NULL;
++ 	options->lpk.l_conf = NULL;
++ 	options->lpk.tls = -1;
++ 	options->lpk.b_timeout.tv_sec = -1;
++ 	options->lpk.s_timeout.tv_sec = -1;
++ 	options->lpk.flags = FLAG_EMPTY;
++#endif
++
+ 	options->macs = NULL;
+ 	options->protocol = SSH_PROTO_UNKNOWN;
+ 	options->gateway_ports = -1;
+@@ -131,25 +150,6 @@
+ 	options->num_permitted_opens = -1;
+ 	options->adm_forced_command = NULL;
+ 	options->chroot_directory = NULL;
+-#ifdef WITH_LDAP_PUBKEY
+- 	/* XXX dirty */
+- 	options->lpk.ld = NULL;
+- 	options->lpk.on = -1;
+- 	options->lpk.servers = NULL;
+- 	options->lpk.u_basedn = NULL;
+- 	options->lpk.g_basedn = NULL;
+- 	options->lpk.binddn = NULL;
+- 	options->lpk.bindpw = NULL;
+- 	options->lpk.sgroup = NULL;
+- 	options->lpk.filter = NULL;
+- 	options->lpk.fgroup = NULL;
+- 	options->lpk.l_conf = NULL;
+- 	options->lpk.tls = -1;
+- 	options->lpk.b_timeout.tv_sec = -1;
+- 	options->lpk.s_timeout.tv_sec = -1;
+- 	options->lpk.flags = FLAG_EMPTY;
+-#endif
+-
+ }
+ 
+ void
diff --git a/net-misc/openssh/metadata.xml b/net-misc/openssh/metadata.xml
index 2577af26547e..760807f43b91 100644
--- a/net-misc/openssh/metadata.xml
+++ b/net-misc/openssh/metadata.xml
@@ -24,5 +24,6 @@ ssh-keygen and sftp-server. OpenSSH supports SSH protocol versions 1.3, 1.5, and
     <flag name="chroot">Enable chrooting support</flag>
     <flag name="hpn">Enable high performance ssh</flag>
     <flag name="X509">Adds support for X.509 certificate authentication</flag>
+	<flag name="ldap">Add support for storing SSH public keys in LDAP</flag>
   </use>
 </pkgmetadata>
diff --git a/net-misc/openssh/openssh-5.1_p1-r1.ebuild b/net-misc/openssh/openssh-5.1_p1-r1.ebuild
new file mode 100644
index 000000000000..dd7fb6d12d81
--- /dev/null
+++ b/net-misc/openssh/openssh-5.1_p1-r1.ebuild
@@ -0,0 +1,168 @@
+# Copyright 1999-2008 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/net-misc/openssh/openssh-5.1_p1-r1.ebuild,v 1.1 2008/08/23 22:14:16 robbat2 Exp $
+
+inherit eutils flag-o-matic ccc multilib autotools pam
+
+# Make it more portable between straight releases
+# and _p? releases.
+PARCH=${P/_/}
+
+X509_PATCH="${PARCH}+x509-6.1.1.diff.gz"
+LDAP_PATCH="${PARCH/openssh/openssh-lpk}-0.3.10.patch.gz"
+HPN_PATCH="${PARCH}-hpn13v5.diff.gz"
+
+DESCRIPTION="Port of OpenBSD's free SSH release"
+HOMEPAGE="http://www.openssh.org/"
+SRC_URI="mirror://openbsd/OpenSSH/portable/${PARCH}.tar.gz
+	http://www.sxw.org.uk/computing/patches/openssh-5.0p1-gsskex-20080404.patch
+	${LDAP_PATCH:+ldap? ( mirror://gentoo/${LDAP_PATCH} )}
+	${X509_PATCH:+X509? ( http://roumenpetrov.info/openssh/x509-6.1.1/${X509_PATCH} )}
+	${HPN_PATCH:+hpn? ( http://www.psc.edu/networking/projects/hpn-ssh/${HPN_PATCH} )}"
+	#${LDAP_PATCH:+ldap? ( http://dev.inversepath.com/openssh-lpk/${LDAP_PATCH} )}
+
+LICENSE="as-is"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~sparc-fbsd ~x86 ~x86-fbsd"
+IUSE="static pam tcpd kerberos skey selinux X509 ldap smartcard hpn libedit X"
+
+RDEPEND="pam? ( virtual/pam )
+	kerberos? ( virtual/krb5 )
+	selinux? ( >=sys-libs/libselinux-1.28 )
+	skey? ( >=sys-auth/skey-1.1.5-r1 )
+	ldap? ( net-nds/openldap )
+	libedit? ( dev-libs/libedit )
+	>=dev-libs/openssl-0.9.6d
+	>=sys-libs/zlib-1.2.3
+	smartcard? ( dev-libs/opensc )
+	tcpd? ( >=sys-apps/tcp-wrappers-7.6 )
+	X? ( x11-apps/xauth )
+	userland_GNU? ( sys-apps/shadow )"
+DEPEND="${RDEPEND}
+	dev-util/pkgconfig
+	virtual/os-headers
+	sys-devel/autoconf"
+RDEPEND="${RDEPEND}
+	pam? ( sys-auth/pambase )"
+PROVIDE="virtual/ssh"
+
+S=${WORKDIR}/${PARCH}
+
+pkg_setup() {
+	# this sucks, but i'd rather have people unable to `emerge -u openssh`
+	# than not be able to log in to their server any more
+	maybe_fail() { [[ -z ${!2} ]] && use ${1} && echo ${1} ; }
+	local fail="
+		$(maybe_fail X509 X509_PATCH)
+		$(maybe_fail ldap LDAP_PATCH)
+	"
+	fail=$(echo ${fail})
+	if [[ -n ${fail} ]] ; then
+		eerror "Sorry, but this version does not yet support features"
+		eerror "that you requested:	 ${fail}"
+		eerror "Please mask ${PF} for now and check back later:"
+		eerror " # echo '=${CATEGORY}/${PF}' >> /etc/portage/package.mask"
+		die "booooo"
+	fi
+}
+
+src_unpack() {
+	unpack ${PARCH}.tar.gz
+	cd "${S}"
+
+	sed -i \
+		-e '/_PATH_XAUTH/s:/usr/X11R6/bin/xauth:/usr/bin/xauth:' \
+		pathnames.h || die
+
+	use X509 && epatch "${DISTDIR}"/${X509_PATCH} "${FILESDIR}"/${PN}-5.1_p1-x509-hpn-glue.patch
+	use smartcard && epatch "${FILESDIR}"/openssh-3.9_p1-opensc.patch
+	if ! use X509 ; then
+		if [[ -n ${LDAP_PATCH} ]] && use ldap ; then
+			# The patch for bug 210110 64-bit stuff is now included.
+			epatch "${DISTDIR}"/${LDAP_PATCH} 
+			epatch "${FILESDIR}"/${PN}-5.1_p1-ldap-hpn-glue.patch
+		fi
+		#epatch "${DISTDIR}"/openssh-5.0p1-gsskex-20080404.patch #115553 #216932
+	else
+		use ldap && ewarn "Sorry, X509 and ldap don't get along, disabling ldap"
+	fi
+	epatch "${FILESDIR}"/${PN}-4.7_p1-GSSAPI-dns.patch #165444 integrated into gsskex
+	[[ -n ${HPN_PATCH} ]] && use hpn && epatch "${DISTDIR}"/${HPN_PATCH}
+	epatch "${FILESDIR}"/${PN}-4.7p1-selinux.diff #191665
+
+	sed -i "s:-lcrypto:$(pkg-config --libs openssl):" configure{,.ac} || die
+
+	eautoreconf
+}
+
+src_compile() {
+	addwrite /dev/ptmx
+	addpredict /etc/skey/skeykeys #skey configure code triggers this
+
+	local myconf=""
+	if use static ; then
+		append-ldflags -static
+		use pam && ewarn "Disabling pam support becuse of static flag"
+		myconf="${myconf} --without-pam"
+	else
+		myconf="${myconf} $(use_with pam)"
+	fi
+
+	econf \
+		--with-ldflags="${LDFLAGS}" \
+		--disable-strip \
+		--sysconfdir=/etc/ssh \
+		--libexecdir=/usr/$(get_libdir)/misc \
+		--datadir=/usr/share/openssh \
+		--with-privsep-path=/var/empty \
+		--with-privsep-user=sshd \
+		--with-md5-passwords \
+		--with-ssl-engine \
+		${LDAP_PATCH:+$(use_with ldap)} \
+		$(use_with libedit) \
+		$(use_with kerberos kerberos5 /usr) \
+		$(use_with tcpd tcp-wrappers) \
+		$(use_with selinux) \
+		$(use_with skey) \
+		$(use_with smartcard opensc) \
+		${myconf} \
+		|| die "bad configure"
+	emake || die "compile problem"
+}
+
+src_install() {
+	emake install-nokeys DESTDIR="${D}" || die
+	fperms 600 /etc/ssh/sshd_config
+	dobin contrib/ssh-copy-id
+	newinitd "${FILESDIR}"/sshd.rc6 sshd
+	newconfd "${FILESDIR}"/sshd.confd sshd
+	keepdir /var/empty
+
+	newpamd "${FILESDIR}"/sshd.pam_include.2 sshd
+	use pam \
+		&& dosed "/^#UsePAM /s:.*:UsePAM yes:" /etc/ssh/sshd_config \
+		&& dosed "/^#PasswordAuthentication /s:.*:PasswordAuthentication no:" /etc/ssh/sshd_config
+
+	doman contrib/ssh-copy-id.1
+	dodoc ChangeLog CREDITS OVERVIEW README* TODO sshd_config
+
+	diropts -m 0700
+	dodir /etc/skel/.ssh
+}
+
+pkg_postinst() {
+	enewgroup sshd 22
+	enewuser sshd 22 -1 /var/empty sshd
+
+	# help fix broken perms caused by older ebuilds.
+	# can probably cut this after the next stage release.
+	chmod u+x "${ROOT}"/etc/skel/.ssh >& /dev/null
+
+	ewarn "Remember to merge your config files in /etc/ssh/ and then"
+	ewarn "restart sshd: '/etc/init.d/sshd restart'."
+	if use pam ; then
+		echo
+		ewarn "Please be aware users need a valid shell in /etc/passwd"
+		ewarn "in order to be allowed to login."
+	fi
+}
author	Robin H. Johnson <robbat2@gentoo.org>	2008-08-23 22:14:17 +0000
committer	Robin H. Johnson <robbat2@gentoo.org>	2008-08-23 22:14:17 +0000
commit	b67dbea674b302117febac5a6ec14270f5db0e73 (patch)
tree	ed06fc5c0595b376ab6eca674cd99d27f34cf246 /net-misc
parent	Forward-port the X509/hpn glue patch per bug #235086. (diff)
download	historical-b67dbea674b302117febac5a6ec14270f5db0e73.tar.gz historical-b67dbea674b302117febac5a6ec14270f5db0e73.tar.bz2 historical-b67dbea674b302117febac5a6ec14270f5db0e73.zip