diff options
| author |   Mike Hammill <mike@kth.se> | 2010-12-04 00:04:52 +0100 |
|---|---|---|
| committer | Mike Hammill <mike@kth.se> | 2010-12-04 00:04:52 +0100 |
| commit | f675ff3ec64625a7413f80c6de5ac95d58c249cd (patch) | |
| tree | b0ee29e692938c9d3564a3b998036f9bbb4c35d5 | |
| parent | Initialize repository with overlay basic files. (diff) | |
| download | mhammill-f675ff3ec64625a7413f80c6de5ac95d58c249cd.tar.gz mhammill-f675ff3ec64625a7413f80c6de5ac95d58c249cd.tar.bz2 mhammill-f675ff3ec64625a7413f80c6de5ac95d58c249cd.zip | |
Add all Gentoo standard openssh ebuild files.
This are an exact copy of /usr/portage/net-misc/openssh/ as of
2010-12-04.
27 files changed, 4130 insertions, 0 deletions
diff --git a/net-misc/openssh/ChangeLog b/net-misc/openssh/ChangeLog new file mode 100644 index 0000000..dc3c17c --- /dev/null +++ b/net-misc/openssh/ChangeLog @@ -0,0 +1,1689 @@ +# ChangeLog for net-misc/openssh +# Copyright 1999-2010 Gentoo Foundation; Distributed under the GPL v2 +# $Header: /var/cvsroot/gentoo-x86/net-misc/openssh/ChangeLog,v 1.398 2010/11/29 23:07:41 ranger Exp $ + + 29 Nov 2010; Brent Baude <ranger@gentoo.org> openssh-5.6_p1-r2.ebuild: + stable ppc64, bug 346395 + + 27 Nov 2010; Michael Weber <xmw@gentoo.org> openssh-5.6_p1-r2.ebuild: + arm/sparc stable (bug 346395) + + 24 Nov 2010; Jeroen Roovers <jer@gentoo.org> openssh-5.6_p1-r2.ebuild: + Stable for HPPA PPC (bug #346395). + + 22 Nov 2010; Markos Chandras <hwoarang@gentoo.org> openssh-5.6_p1-r2.ebuild: + Stable on amd64 wrt bug #346395 + + 22 Nov 2010; Thomas Kahle <tomka@gentoo.org> openssh-5.6_p1-r2.ebuild: + x86 stable per bug 346395 + + 11 Oct 2010; Diego E. Pettenò <flameeyes@gentoo.org> + openssh-5.6_p1-r2.ebuild, +files/sshd.rc6.1: + Update init script to not regenerate the RSA1 host key (for SSH Protocol + 1) unless Protocol 1 is enabled. Modern OpenSSH versions disable Protocol + 1 in the daemon by default. + +*openssh-5.6_p1-r2 (30 Sep 2010) + + 30 Sep 2010; Mike Frysinger <vapier@gentoo.org> +openssh-5.6_p1-r2.ebuild, + +files/openssh-5.6_p1-hpn-progressmeter.patch: + Switch to latest upstream hpn patch, and fix a pointer error in it. + + 24 Sep 2010; Raúl Porcel <armin76@gentoo.org> openssh-5.5_p1-r2.ebuild: + alpha/ia64/m68k/s390/sh/sparc stable wrt #334165 + + 23 Sep 2010; Markus Meier <maekke@gentoo.org> openssh-5.5_p1-r2.ebuild: + arm stable, bug #334165 + + 06 Sep 2010; Brent Baude <ranger@gentoo.org> openssh-5.5_p1-r2.ebuild: + Marking openssh-5.5_p1-r2 ppc64 for bug 334165 + + 28 Aug 2010; Markos Chandras <hwoarang@gentoo.org> + openssh-5.5_p1-r2.ebuild: + Stable on amd64 wrt bug #334165 + + 28 Aug 2010; Jeroen Roovers <jer@gentoo.org> openssh-5.5_p1-r2.ebuild: + Stable for HPPA PPC (bug #334165). + +*openssh-5.6_p1-r1 (26 Aug 2010) + + 26 Aug 2010; Mike Frysinger <vapier@gentoo.org> +openssh-5.6_p1-r1.ebuild, + +files/openssh-5.6_p1-x509-hpn-glue.patch: + Update hpn/ldap/x509 patches to new release. + + 25 Aug 2010; Robin H. Johnson <robbat2@gentoo.org> openssh-5.6_p1.ebuild: + Update HPN and LPK patches for 5.6p1 series. + + 24 Aug 2010; Pawel Hajdan jr <phajdan.jr@gentoo.org> + openssh-5.5_p1-r2.ebuild: + x86 stable wrt bug #334165 + +*openssh-5.6_p1 (23 Aug 2010) + + 23 Aug 2010; Mike Frysinger <vapier@gentoo.org> +openssh-5.6_p1.ebuild: + Version bump. + +*openssh-5.5_p1-r2 (20 Jun 2010) +*openssh-5.4_p1-r3 (20 Jun 2010) + + 20 Jun 2010; Mike Frysinger <vapier@gentoo.org> +openssh-5.4_p1-r3.ebuild, + +openssh-5.5_p1-r2.ebuild: + Switch to the official hpn patches. + +*openssh-5.5_p1-r1 (20 Apr 2010) + + 20 Apr 2010; Robin H. Johnson <robbat2@gentoo.org> + +openssh-5.5_p1-r1.ebuild: + The 5.4 patchsets for HPN and LPK apply and work perfectly with 5.5. + +*openssh-5.5_p1 (16 Apr 2010) + + 16 Apr 2010; Mike Frysinger <vapier@gentoo.org> +openssh-5.5_p1.ebuild: + Version bump. + +*openssh-5.4_p1-r2 (29 Mar 2010) + + 29 Mar 2010; Robin H. Johnson <robbat2@gentoo.org> + +openssh-5.4_p1-r2.ebuild: + Revbump with HPN and LPK patches available again now. Ported and submitted + to upstream authors. X509 now has more conflicts with HPN, future + revisions may require selection of: x509 XOR (hpn OR lpk). + +*openssh-5.4_p1-r1 (29 Mar 2010) + + 29 Mar 2010; Mike Frysinger <vapier@gentoo.org> +openssh-5.4_p1-r1.ebuild, + +files/openssh-5.4_p1-pkcs11.patch, + +files/openssh-5.4_p1-relative-AuthorizedKeysFile.patch: + Fixes from upstream for pkcs build problems #310929 by Alan Hourihane and + for relative AuthorizedKeysFile handling #308939 by Eric Vander Weele. + + 20 Mar 2010; Mike Frysinger <vapier@gentoo.org> openssh-5.3_p1-r1.ebuild, + openssh-5.4_p1.ebuild: + Fix warning with USE="X509 ldap" #310287 by Nico Baggus. + + 19 Mar 2010; Raúl Porcel <armin76@gentoo.org> openssh-5.3_p1-r1.ebuild: + sparc stable wrt #308555 + + 19 Mar 2010; Mike Frysinger <vapier@gentoo.org> openssh-5.3_p1-r1.ebuild: + Mark alpha/arm/ia64/s390/sh stable #308555. + + 18 Mar 2010; Christian Faulhammer <fauli@gentoo.org> + openssh-5.3_p1-r1.ebuild: + stable x86, bug 308555 + + 13 Mar 2010; Mike Frysinger <vapier@gentoo.org> openssh-5.4_p1.ebuild: + Drop USE=pkcs11 per Alon Bar-Lev #308431. + + 12 Mar 2010; Jeroen Roovers <jer@gentoo.org> openssh-5.3_p1-r1.ebuild: + Stable for HPPA (bug #308555). + + 12 Mar 2010; Markos Chandras <hwoarang@gentoo.org> + openssh-5.3_p1-r1.ebuild: + Stable on amd64 wrt bug #308555 + + 10 Mar 2010; Joseph Jezak <josejx@gentoo.org> openssh-5.3_p1-r1.ebuild: + Marked ppc/ppc64 stable for bug #308555. + +*openssh-5.4_p1 (09 Mar 2010) + + 09 Mar 2010; Mike Frysinger <vapier@gentoo.org> +openssh-5.4_p1.ebuild, + +files/openssh-5.4_p1-openssl.patch: + Version bump #308431 by Dirkjan Ochtman. + + 27 Oct 2009; Raúl Porcel <armin76@gentoo.org> openssh-5.2_p1-r3.ebuild: + ia64/m68k/s390/sh/sparc stable wrt #287292 + + 11 Oct 2009; nixnut <nixnut@gentoo.org> openssh-5.2_p1-r3.ebuild: + ppc stable #287292 + + 11 Oct 2009; Tobias Klausmann <klausman@gentoo.org> + openssh-5.2_p1-r3.ebuild: + Stable on alpha, bug #287292 + + 11 Oct 2009; Robin H. Johnson <robbat2@gentoo.org> + openssh-5.3_p1-r1.ebuild, +files/openssh-5.3_p1-pkcs11-hpn-glue.patch: + Bug #288498: Now we need a glue patch for pkcs11 and HPN together. Really + some of these patchsets need to go to upstream. + +*openssh-5.3_p1-r1 (10 Oct 2009) + + 10 Oct 2009; Robin H. Johnson <robbat2@gentoo.org> + +openssh-5.3_p1-r1.ebuild: + Ported the HPN and LPK patches to 5.3p1, mailed upstream as well. + + 07 Oct 2009; Mike Frysinger <vapier@gentoo.org> openssh-5.2_p1-r2.ebuild, + openssh-5.2_p1-r3.ebuild, openssh-5.3_p1.ebuild: + Fix static_use_with handling when there is one option #287292 by Jaak + Ristioja. + + 03 Oct 2009; Jeroen Roovers <jer@gentoo.org> openssh-5.2_p1-r3.ebuild: + Stable for HPPA (bug #287292). + + 03 Oct 2009; Brent Baude <ranger@gentoo.org> openssh-5.2_p1-r3.ebuild: + Marking openssh-5.2_p1-r3 ppc64 for bug 287292 + + 03 Oct 2009; Markus Meier <maekke@gentoo.org> openssh-5.2_p1-r3.ebuild: + amd64/arm/x86 stable, bug #287292 + +*openssh-5.3_p1 (03 Oct 2009) + + 03 Oct 2009; Mike Frysinger <vapier@gentoo.org> +openssh-5.3_p1.ebuild: + Version bump. + +*openssh-5.2_p1-r3 (23 Aug 2009) + + 23 Aug 2009; Mike Frysinger <vapier@gentoo.org> +openssh-5.2_p1-r3.ebuild, + +files/openssh-5.2_p1-gsskex-fix.patch, + +files/openssh-5.2_p1-x509-hpn-glue.patch: + Update x509 patch, update gsskex patch #279488 by Harald Barth, and update + x509/hpn glue #270508 by BedOS_Gui. + + 13 Aug 2009; Mike Frysinger <vapier@gentoo.org> openssh-5.0_p1-r2.ebuild, + openssh-5.1_p1-r2.ebuild, openssh-5.1_p1-r3.ebuild, + openssh-5.2_p1-r1.ebuild, openssh-5.2_p1-r2.ebuild: + Suggest people reload the sshd server rather than restart it. + + 12 Aug 2009; Christian Ruppert <idl0r@gentoo.org> files/sshd.rc6: + Removed "-b 1024" to use ServerKeyBits option instead. + + 19 Jul 2009; Mike Frysinger <vapier@gentoo.org> files/sshd.rc6: + Add checkconfig to reload() #277007 by Michał Górny. + + 10 Jul 2009; Robin H. Johnson <robbat2@gentoo.org> files/sshd.rc6: + Allow public calls to checkconfig and gen_keys, for helping automation and + sanity checks. + + 23 Jun 2009; Mike Frysinger <vapier@gentoo.org> openssh-5.2_p1-r2.ebuild, + +files/openssh-5.2_p1-autoconf.patch: + Workaround autoconf-2.63 issues with empty else statements. + + 18 May 2009; Robin H. Johnson <robbat2@gentoo.org> + openssh-5.2_p1-r1.ebuild, openssh-5.2_p1-r2.ebuild, + +files/openssh-5.2p1-ldap-stdargs.diff: + Bug #266654: Fix LPK compile under uclibc due to missing include statement + thanks to Bertrand Jacquin <beber@meleeweb.net>. + + 18 May 2009; Robin H. Johnson <robbat2@gentoo.org> + openssh-5.2_p1-r2.ebuild: + New release of the HPN patch that makes it mostly usable now. The + multithreaded AES-CTR portion is disabled to avoid hangs however. + + 20 Apr 2009; Mike Frysinger <vapier@gentoo.org> openssh-5.2_p1-r2.ebuild: + Skip pkcs11/kerberos support when USE=static by Alon Bar-Lev #266404 by + Jan Paesmans. + + 12 Apr 2009; Robin H. Johnson <robbat2@gentoo.org> + openssh-5.2_p1-r2.ebuild: + Switch to UID instead of hardcoded portage per bug #264841 comment. + + 12 Apr 2009; Robin H. Johnson <robbat2@gentoo.org> files/sshd.rc6: + Bug #265491, fix opts with baselayout1. + + 12 Apr 2009; Robin H. Johnson <robbat2@gentoo.org> + openssh-5.2_p1-r1.ebuild, openssh-5.2_p1-r2.ebuild: + Bug #264841, the ssh testsuite needs a real shell to run, so run a subset + of tests otherwise. + + 04 Apr 2009; Raúl Porcel <armin76@gentoo.org> openssh-5.2_p1-r1.ebuild: + alpha/arm/ia64/m68k/s390/sh/sparc stable wrt #247466 + + 02 Apr 2009; Markus Meier <maekke@gentoo.org> openssh-5.2_p1-r1.ebuild: + amd64/x86 stable, bug #247466 + + 02 Apr 2009; Brent Baude <ranger@gentoo.org> openssh-5.2_p1-r1.ebuild: + Marking openssh-5.2_p1-r1 ppc64 and ppc for bug 247466 + + 02 Apr 2009; Jeroen Roovers <jer@gentoo.org> openssh-5.2_p1-r1.ebuild: + Stable for HPPA (bug #247466). + + 11 Mar 2009; Robin H. Johnson <robbat2@gentoo.org> + openssh-5.2_p1-r1.ebuild, openssh-5.2_p1-r2.ebuild: + Add the SSH testsuite, because I think the latest HPN patch has a breakage + that was missed. + +*openssh-5.2_p1-r2 (09 Mar 2009) + + 09 Mar 2009; Robin H. Johnson <robbat2@gentoo.org> + +openssh-5.2_p1-r2.ebuild: + Added my own unofficial port of the HPN patch, because performance sucks + without it. + + 25 Feb 2009; Mike Frysinger <vapier@gentoo.org> openssh-5.2_p1-r1.ebuild: + Update pkcs11 patch #152170. + +*openssh-5.2_p1-r1 (24 Feb 2009) + + 24 Feb 2009; Robin H. Johnson <robbat2@gentoo.org> + +openssh-5.2_p1-r1.ebuild: + LPK patch updated for new OpenSSH release. + + 24 Feb 2009; Mike Frysinger <vapier@gentoo.org> openssh-5.2_p1.ebuild: + Fix X509 patching #260163 by Daniel J. + +*openssh-5.2_p1 (24 Feb 2009) + + 24 Feb 2009; Mike Frysinger <vapier@gentoo.org> +openssh-5.2_p1.ebuild: + Version bump #247466. + + 20 Feb 2009; Raúl Porcel <armin76@gentoo.org> openssh-5.1_p1-r2.ebuild: + ia64/sparc stable wrt #258940 + + 16 Feb 2009; Brent Baude <ranger@gentoo.org> openssh-5.1_p1-r2.ebuild: + stable ppc64, bug 258940 + + 15 Feb 2009; Markus Meier <maekke@gentoo.org> openssh-5.1_p1-r2.ebuild: + amd64/x86 stable, bug #258940 + + 14 Feb 2009; Brent Baude <ranger@gentoo.org> openssh-5.1_p1-r2.ebuild: + stable ppc, bug 258940 + + 14 Feb 2009; Jeroen Roovers <jer@gentoo.org> openssh-5.1_p1-r2.ebuild: + Stable for HPPA (bug #258940). + + 14 Feb 2009; Tobias Klausmann <klausman@gentoo.org> + openssh-5.1_p1-r2.ebuild: + Stable on alpha, bug #258940 + + 14 Feb 2009; Mike Frysinger <vapier@gentoo.org> + +files/openssh-5.1_p1-x509-headers.patch, openssh-5.1_p1-r2.ebuild, + openssh-5.1_p1-r3.ebuild: + Fix implicit strsep() prototype in x509 code #258795 by orlin. + + 08 Feb 2009; Mike Frysinger <vapier@gentoo.org> openssh-4.4_p1-r6.ebuild, + openssh-4.5_p1-r2.ebuild, openssh-4.6_p1-r4.ebuild, + openssh-4.7_p1-r6.ebuild, openssh-4.7_p1-r20.ebuild, + openssh-5.0_p1-r1.ebuild, openssh-5.0_p1-r2.ebuild, openssh-5.1_p1.ebuild, + openssh-5.1_p1-r1.ebuild, openssh-5.1_p1-r2.ebuild, + openssh-5.1_p1-r3.ebuild: + Drop unused ccc eclass inherit. + + 21 Jan 2009; Jeremy Olexa <darkside@gentoo.org> openssh-5.1_p1-r3.ebuild: + Disable PATH reset in configure script, bug 254615 + + 15 Jan 2009; Robin H. Johnson <robbat2@gentoo.org> metadata.xml: + Re-add my <description> tag for metadata.xml, because it's a full + description, not just a restrict based on USE flags. And spanky didn't + have a changelog entry either. + + 13 Jan 2009; Mike Frysinger <vapier@gentoo.org> + files/openssh-5.1_p1-better-ssp-check.patch: + Fixup ssp detection patch #254365 by Felix Riemann. + +*openssh-5.1_p1-r3 (09 Jan 2009) + + 09 Jan 2009; Diego E. Pettenò <flameeyes@gentoo.org> + +openssh-5.1_p1-r3.ebuild: + Let PAM print motd and last login data to close bug #244816. + + 17 Nov 2008; Mike Frysinger <vapier@gentoo.org> + +files/openssh-5.1_p1-better-ssp-check.patch, openssh-5.1_p1-r1.ebuild, + openssh-5.1_p1-r2.ebuild: + Fix ssp detection on uClibc hosts. + +*openssh-5.1_p1-r2 (03 Nov 2008) + + 03 Nov 2008; Mike Frysinger <vapier@gentoo.org> + +files/openssh-5.1_p1-escaped-banner.patch, + +files/openssh-5.1_p1-null-banner.patch, +openssh-5.1_p1-r2.ebuild: + Fix some issues with printing of banners #244222 by Michał Górny. + + 01 Nov 2008; Robin H. Johnson <robbat2@gentoo.org> openssh-5.1_p1.ebuild, + openssh-5.1_p1-r1.ebuild: + Bug #244760, we need to pass --with-ldap, not try to execute it. + + 30 Oct 2008; Brent Baude <ranger@gentoo.org> openssh-5.1_p1-r1.ebuild: + Marking openssh-5.1_p1-r1 ppc for bug 231292 + + 30 Oct 2008; Raúl Porcel <armin76@gentoo.org> openssh-5.1_p1-r1.ebuild: + alpha/ia64/sparc stable #231292 + + 27 Oct 2008; Brent Baude <ranger@gentoo.org> openssh-5.1_p1-r1.ebuild: + Marking openssh-5.1_p1-r1 ppc64 for bug 231292 + + 26 Oct 2008; Jeroen Roovers <jer@gentoo.org> openssh-5.1_p1-r1.ebuild: + Stable for HPPA (bug #231292). + + 26 Oct 2008; Markus Meier <maekke@gentoo.org> openssh-5.1_p1-r1.ebuild: + amd64/x86 stable, bug #231292 + + 29 Aug 2008; Mike Frysinger <vapier@gentoo.org> openssh-5.1_p1.ebuild, + openssh-5.1_p1-r1.ebuild: + Tweak --with-ldap catch #235594 by BedOS_Gui. + +*openssh-5.1_p1-r1 (23 Aug 2008) + + 23 Aug 2008; Robin H. Johnson <robbat2@gentoo.org> + +files/openssh-5.1_p1-ldap-hpn-glue.patch, metadata.xml, + +openssh-5.1_p1-r1.ebuild: + Update the LDAP patches, also mailed to upstream. + + 23 Aug 2008; Robin H. Johnson <robbat2@gentoo.org> + +files/openssh-5.1_p1-x509-hpn-glue.patch, openssh-5.1_p1.ebuild: + Forward-port the X509/hpn glue patch per bug #235086. + +*openssh-5.1_p1 (17 Aug 2008) + + 17 Aug 2008; Mike Frysinger <vapier@gentoo.org> +openssh-5.1_p1.ebuild: + Version bump #232891 by Krzysztof Oledzki. + +*openssh-5.0_p1-r2 (23 Jul 2008) + + 23 Jul 2008; Diego Pettenò <flameeyes@gentoo.org> + +openssh-5.0_p1-r2.ebuild: + Add new revision that use pambase now that it's fully keyworded. Closes + bug #225141 by Davide Pesavento. + + 17 May 2008; nixnut <nixnut@gentoo.org> openssh-4.7_p1-r20.ebuild: + Added ~ppc wrt bug 210777 + + 11 May 2008; Ulrich Mueller <ulm@gentoo.org> openssh-4.4_p1-r6.ebuild, + openssh-4.5_p1-r2.ebuild, openssh-4.6_p1-r4.ebuild, + openssh-4.7_p1-r6.ebuild, openssh-4.7_p1-r20.ebuild, + openssh-5.0_p1-r1.ebuild: + Fix dependency: app-admin/skey moved to sys-auth/skey. + +*openssh-5.0_p1-r1 (10 Apr 2008) + + 10 Apr 2008; Mike Frysinger <vapier@gentoo.org> +openssh-5.0_p1-r1.ebuild: + Update HPN and gsskex patch #216932 by Kamil Kisiel. + + 06 Apr 2008; Mike Frysinger <vapier@gentoo.org> openssh-5.0_p1.ebuild: + Remove accidental pkcs11-helper inclusion from DEPEND. + +*openssh-5.0_p1 (05 Apr 2008) + + 05 Apr 2008; Mike Frysinger <vapier@gentoo.org> +openssh-5.0_p1.ebuild: + Version bump. + + 03 Apr 2008; Tobias Scherbaum <dertobi123@gentoo.org> + openssh-4.7_p1-r6.ebuild: + ppc stable, bug #215702 + + 02 Apr 2008; Mike Frysinger <vapier@gentoo.org> openssh-4.9_p1-r1.ebuild: + Drop unnecessary USE=chroot #215820 by Cybertinus. + + 02 Apr 2008; Jeroen Roovers <jer@gentoo.org> openssh-4.7_p1-r6.ebuild: + Stable for HPPA (bug #215702). + + 02 Apr 2008; Markus Rothe <corsair@gentoo.org> openssh-4.7_p1-r6.ebuild: + Stable on ppc64; bug #215702 + +*openssh-4.9_p1-r1 (02 Apr 2008) + + 02 Apr 2008; Mike Frysinger <vapier@gentoo.org> + +files/openssh-4.9_p1-x509-hpn-glue.patch, -openssh-4.9_p1.ebuild, + +openssh-4.9_p1-r1.ebuild: + Add updated X509/hpn patches. + + 02 Apr 2008; Raúl Porcel <armin76@gentoo.org> openssh-4.7_p1-r6.ebuild: + alpha/ia64/sparc stable wrt security #215702 + + 02 Apr 2008; Richard Freeman <rich0@gentoo.org> openssh-4.7_p1-r6.ebuild: + amd64 stable - 215702 + + 01 Apr 2008; Christian Faulhammer <opfer@gentoo.org> + openssh-4.7_p1-r6.ebuild: + stable x86, security bug 215702 + +*openssh-4.7_p1-r6 (01 Apr 2008) + + 01 Apr 2008; Mike Frysinger <vapier@gentoo.org> + +files/openssh-4.7_p1-ForceCommand.patch, +openssh-4.7_p1-r6.ebuild: + Fix for ForceCommand bypass #215702. + +*openssh-4.9_p1 (01 Apr 2008) + + 01 Apr 2008; Mike Frysinger <vapier@gentoo.org> +openssh-4.9_p1.ebuild: + Version bump. + + 01 Apr 2008; Chris PeBenito <pebenito@gentoo.org> + +files/openssh-4.7p1-selinux.diff, openssh-4.7_p1-r5.ebuild, + openssh-4.7_p1-r20.ebuild: + fix bug #191665, in selinux portion of configure script. + + 30 Mar 2008; Raúl Porcel <armin76@gentoo.org> openssh-4.7_p1-r5.ebuild: + alpha/ia64/sparc stable wrt security #214985 + + 29 Mar 2008; Richard Freeman <rich0@gentoo.org> openssh-4.7_p1-r5.ebuild: + amd64 stable - 214985 + + 29 Mar 2008; Christian Faulhammer <opfer@gentoo.org> + openssh-4.7_p1-r5.ebuild: + stable x86, security bug 214985 + + 29 Mar 2008; Jeroen Roovers <jer@gentoo.org> openssh-4.7_p1-r5.ebuild: + Stable for HPPA (bug #214985). + + 29 Mar 2008; Brent Baude <ranger@gentoo.org> openssh-4.7_p1-r5.ebuild: + Marking openssh-4.7_p1-r5 ppc64 and ppc for bug 214985 + +*openssh-4.7_p1-r5 (29 Mar 2008) + + 29 Mar 2008; Mike Frysinger <vapier@gentoo.org> + +files/openssh-4.7_p1-CVE-2008-1483.patch, + +files/openssh-4.7_p1-lpk-64bit.patch, + +files/openssh-4.7_p1-packet-size.patch, +openssh-4.7_p1-r5.ebuild: + Fix CVE-2008-1483 #214985. Fix from upstream for scp/packet problems #212433 + by Steven Parkes. Fix from Piotr Stolc for some LPK configs under 64bit + systems #210110. Add gsskex patch (for now) #115553. + + 17 Mar 2008; Santiago M. Mola <coldwind@gentoo.org> + openssh-4.7_p1-r20.ebuild: + ~amd64 added wrt bug #210777 + + 14 Mar 2008; Diego Pettenò <flameeyes@gentoo.org> + openssh-4.7_p1-r20.ebuild: + Disable printing of motd and lastlog when enabling PAM, on the + pambase-dependent ebuild, as system-login takes care of that. Closes bug + #213234. + + 06 Mar 2008; Raúl Porcel <armin76@gentoo.org> openssh-4.7_p1-r20.ebuild: + Add ~alpha/~ia64 wrt #210777 + + 05 Mar 2008; Ferris McCormick <fmccor@gentoo.org> + openssh-4.7_p1-r20.ebuild: + Add back ~sparc, Bug #210777, verified as still working with USE=pam. + + 05 Mar 2008; Brent Baude <ranger@gentoo.org> openssh-4.7_p1-r20.ebuild: + keyworded ~arch for ppc64, bug 210777 + + 04 Mar 2008; <cla@gentoo.org> openssh-4.7_p1-r20.ebuild: + Marked ~x86 (bug #210777). Thanks to Michał Wołonkiewicz <volon@vp.pl> for + testing. + + 03 Mar 2008; Jeroen Roovers <jer@gentoo.org> openssh-4.7_p1-r20.ebuild: + Marked ~hppa (bug #210777). + + 23 Feb 2008; Robin H. Johnson <robbat2@gentoo.org> + openssh-4.4_p1-r6.ebuild, openssh-4.5_p1-r2.ebuild, + openssh-4.6_p1-r3.ebuild, openssh-4.7_p1-r1.ebuild: + Drop mips to ~mips because app-admin/skey has dropped the stable mips keyword. + + 23 Feb 2008; Robin H. Johnson <robbat2@gentoo.org> metadata.xml: + Add myself as the contact point for LPK issues. I am on base-system for + everything else. + + 20 Feb 2008; Diego Pettenò <flameeyes@gentoo.org> + openssh-4.7_p1-r20.ebuild: + Fix dependencies for pambase/pam. + +*openssh-4.7_p1-r20 (19 Feb 2008) + + 19 Feb 2008; Diego Pettenò <flameeyes@gentoo.org> + +files/sshd.pam_include.2, +openssh-4.7_p1-r20.ebuild: + Add a new revision with pambase's system-remote-login as base stack. Now + also prints motd when using PAM. + + 12 Feb 2008; Santiago M. Mola <coldwind@gentoo.org> + openssh-4.7_p1-r3.ebuild: + amd64 stable wrt bug #193401 + + 10 Feb 2008; Mike Frysinger <vapier@gentoo.org> + +files/openssh-4.7_p1-x509-hpn-glue.patch, openssh-4.7_p1-r4.ebuild: + Fix building with USE='X509 hpn' #209479 by Jose daLuz. + + 10 Feb 2008; Tobias Scherbaum <dertobi123@gentoo.org> + openssh-4.7_p1-r3.ebuild: + ppc stable, bug #193401 + + 09 Feb 2008; Brent Baude <ranger@gentoo.org> openssh-4.7_p1-r3.ebuild: + stable ppc64, bug 193401 + +*openssh-4.7_p1-r4 (09 Feb 2008) + + 09 Feb 2008; Mike Frysinger <vapier@gentoo.org> +openssh-4.7_p1-r4.ebuild: + Update HPN patch. + + 28 Jan 2008; Jeroen Roovers <jer@gentoo.org> openssh-4.7_p1-r3.ebuild: + Stable for HPPA too. + + 24 Jan 2008; Raúl Porcel <armin76@gentoo.org> openssh-4.7_p1-r3.ebuild: + alpha/ia64/sparc/x86 stable + +*openssh-4.7_p1-r3 (21 Nov 2007) + + 21 Nov 2007; Mike Frysinger <vapier@gentoo.org> +openssh-4.7_p1-r3.ebuild: + Update x509/hpn patches. + + 08 Oct 2007; Mike Frysinger <vapier@gentoo.org> openssh-4.7_p1-r1.ebuild, + openssh-4.7_p1-r2.ebuild: + Mirrors have had long enough to update; drop restriction. + +*openssh-4.7_p1-r2 (29 Sep 2007) + + 29 Sep 2007; Mike Frysinger <vapier@gentoo.org> + +files/openssh-4.7_p1-GSSAPI-dns.patch, +openssh-4.7_p1-r2.ebuild: + Enable ssl-engine support #194163 by Nikhil Sethi and add GSSAPI/DNS patch + #165444 by Alex Iribarren. + + 27 Sep 2007; Joshua Kinard <kumba@gentoo.org> openssh-4.7_p1-r1.ebuild: + Stable on mips, per #191321. + + 25 Sep 2007; Mike Frysinger <vapier@gentoo.org> openssh-4.7_p1-r1.ebuild: + Force u+x perms on /etc/skel/.ssh for a while to help with older broken + installs. + + 22 Sep 2007; Mike Frysinger <vapier@gentoo.org> openssh-4.7_p1-r1.ebuild: + Upstream changed openssh-4.7p1-hpn12v18.diff.gz slightly so rebuild manifest + and prevent hitting Gentoo mirrors for a little while #193401 by Timothy + Redaelli. + + 20 Sep 2007; Mike Frysinger <vapier@gentoo.org> files/sshd.rc6: + If restarting, check the config first #192825 by Hans-Werner Hilse. + + 08 Sep 2007; Markus Rothe <corsair@gentoo.org> openssh-4.7_p1-r1.ebuild: + Stable on ppc64; bug #191321 + +*openssh-4.7_p1-r1 (07 Sep 2007) + + 07 Sep 2007; Mike Frysinger <vapier@gentoo.org> +openssh-4.7_p1-r1.ebuild: + Add X509 and hpn patches. + + 07 Sep 2007; Tobias Scherbaum <dertobi123@gentoo.org> + openssh-4.7_p1.ebuild: + ppc stable, bug #191321 + + 07 Sep 2007; Jeroen Roovers <jer@gentoo.org> openssh-4.7_p1.ebuild: + Stable for HPPA (bug #191321). + + 07 Sep 2007; Chris Gianelloni <wolf31o2@gentoo.org> openssh-4.7_p1.ebuild: + Stable on amd64 wrt bug #191321. + + 06 Sep 2007; Jose Luis Rivero <yoswink@gentoo.org> openssh-4.7_p1.ebuild: + Stable on sparc wrt security bug #191321 + + 06 Sep 2007; Raúl Porcel <armin76@gentoo.org> openssh-4.7_p1.ebuild: + alpha/ia64 stable wrt security #191321 + + 06 Sep 2007; Andrej Kacian <ticho@gentoo.org> openssh-4.7_p1.ebuild: + Stable on x86, security bug #191321. + +*openssh-4.7_p1 (05 Sep 2007) + + 05 Sep 2007; Mike Frysinger <vapier@gentoo.org> +openssh-4.7_p1.ebuild: + Version bump #191321 by Rajiv Aaron Manglani. + + 25 Aug 2007; Mike Frysinger <vapier@gentoo.org> openssh-4.6_p1-r4.ebuild: + Punt securid stuff as upstream is not fast enough to update. + +*openssh-4.6_p1-r4 (06 Aug 2007) + + 06 Aug 2007; Mike Frysinger <vapier@gentoo.org> + +files/openssh-4.6_p1-chan-read-failed.patch, +openssh-4.6_p1-r4.ebuild: + Fix from upstream for spurious chan_read_failed errors #181407. + +*openssh-4.6_p1-r3 (06 Aug 2007) + + 06 Aug 2007; Mike Frysinger <vapier@gentoo.org> +openssh-4.6_p1-r3.ebuild: + Add updated ldap patch #187594. + + 04 Aug 2007; <metalgod@gentoo.org> openssh-4.0_p1-r2.ebuild, + openssh-4.1_p1-r1.ebuild, openssh-4.5_p1-r2.ebuild, + openssh-4.6_p1-r2.ebuild: + Stable on amd64. See security bug #183958. + + 02 Aug 2007; Raúl Porcel <armin76@gentoo.org> openssh-4.5_p1-r2.ebuild, + openssh-4.6_p1-r2.ebuild: + x86 stable, no idea why i didn't stabilize them + + 23 Jul 2007; Mike Frysinger <vapier@gentoo.org> openssh-4.2_p1-r1.ebuild, + openssh-4.3_p2-r5.ebuild, openssh-4.4_p1-r6.ebuild, openssh-4.5_p1.ebuild, + openssh-4.5_p1-r1.ebuild, openssh-4.5_p1-r2.ebuild: + Punt bindnow-flags usage. + + 22 Jul 2007; Donnie Berkholz <dberkholz@gentoo.org>; + openssh-4.3_p2-r5.ebuild: + Drop virtual/x11 references. + + 21 Jul 2007; Joseph Jezak <josejx@gentoo.org> openssh-4.0_p1-r2.ebuild, + openssh-4.1_p1-r1.ebuild, openssh-4.5_p1-r2.ebuild, + openssh-4.6_p1-r2.ebuild: + Marked ppc/ppc64 stable for bug #183958. + + 10 Jul 2007; Gustavo Zacarias <gustavoz@gentoo.org> + openssh-4.0_p1-r2.ebuild, openssh-4.1_p1-r1.ebuild: + Stable on sparc wrt #183958 + + 07 Jul 2007; Raúl Porcel <armin76@gentoo.org> openssh-4.0_p1-r2.ebuild, + openssh-4.1_p1-r1.ebuild: + alpha/ia64/x86 stable wrt #183958 + + 07 Jul 2007; Joshua Kinard <kumba@gentoo.org> openssh-4.0_p1-r2.ebuild, + openssh-4.1_p1-r1.ebuild, openssh-4.5_p1-r2.ebuild, + openssh-4.6_p1-r2.ebuild: + Stable on mips, per #183958. + + 05 Jul 2007; Raúl Porcel <armin76@gentoo.org> openssh-4.5_p1-r2.ebuild, + openssh-4.6_p1-r2.ebuild: + alpha/ia64 stable wrt #183958 + + 04 Jul 2007; Jeroen Roovers <jer@gentoo.org> openssh-4.6_p1-r2.ebuild: + Stable for HPPA (bug #183958). + + 04 Jul 2007; Gustavo Zacarias <gustavoz@gentoo.org> + openssh-4.5_p1-r2.ebuild, openssh-4.6_p1-r2.ebuild: + Stable on sparc wrt #183958 + + 04 Jul 2007; Jeroen Roovers <jer@gentoo.org> openssh-4.5_p1-r2.ebuild: + Stable for HPPA (bug #183958). + + 04 Jul 2007; Jeroen Roovers <jer@gentoo.org> openssh-4.1_p1-r1.ebuild: + Stable for HPPA (bug #183958). + + 04 Jul 2007; Jeroen Roovers <jer@gentoo.org> openssh-4.0_p1-r2.ebuild: + Stable for HPPA (bug #183958). + +*openssh-4.6_p1-r2 (02 Jul 2007) + + 02 Jul 2007; Diego Pettenò <flameeyes@gentoo.org> + +files/sshd.pam_include.1, +openssh-4.6_p1-r2.ebuild: + Revision bump to fix the pam.d file. + + 24 Apr 2007; Alexander Færøy <eroyf@gentoo.org> + openssh-4.5_p1-r1.ebuild: + Stable on MIPS. + + 18 Mar 2007; Robin H. Johnson <robbat2@gentoo.org> + openssh-4.5_p1-r2.ebuild: + Bug #169665, use slightly modified LPK patch to avoid conflict on configure + with SecurID patch. + +*openssh-4.6_p1-r1 (13 Mar 2007) + + 13 Mar 2007; Mike Frysinger <vapier@gentoo.org> + +files/openssh-4.6_p1-ChallengeResponseAuthentication.patch, + +openssh-4.6_p1-r1.ebuild: + Grab fix from upstream for ChallengeResponseAuthentication (to fix USE=pam + defaults) #170670 and add new hpn support. + +*openssh-4.6_p1 (11 Mar 2007) + + 11 Mar 2007; Mike Frysinger <vapier@gentoo.org> + +files/openssh-4.6_p1-include-string-header.patch, +openssh-4.6_p1.ebuild: + Version bump #170385 by Wolfram Schlich. + +*openssh-4.5_p1-r2 (05 Mar 2007) + + 05 Mar 2007; Robin H. Johnson <robbat2@gentoo.org> + +openssh-4.5_p1-r2.ebuild: + Bug #168681. Bump for new versions of HPN (compile fix for strict compilers) + and LPK (Addition of LpkFilter as an LDAP filter). + +*openssh-4.5_p1-r1 (23 Feb 2007) + + 23 Feb 2007; Roy Marples <uberlord@gentoo.org> files/sshd.rc6, + +openssh-4.5_p1-r1.ebuild: + Bump for a non bash init script. + + 08 Jan 2007; Michael Cummings <mcummings@gentoo.org> + openssh-4.5_p1.ebuild: + Stable on amd64 wrt security bug 154389 + + 08 Jan 2007; Bryan Østergaard <kloeri@gentoo.org> openssh-4.5_p1.ebuild: + Stable on Alpha, bug 154389. + + 08 Jan 2007; Gustavo Zacarias <gustavoz@gentoo.org> openssh-4.5_p1.ebuild: + Stable on sparc wrt security #154389 + + 07 Jan 2007; Tobias Scherbaum <dertobi123@gentoo.org> + openssh-4.5_p1.ebuild: + Stable on ppc wrt bug #154389. + + 07 Jan 2007; Markus Rothe <corsair@gentoo.org> openssh-4.5_p1.ebuild: + Stable on ppc64; bug #154389 + + 06 Jan 2007; Jeroen Roovers <jer@gentoo.org> openssh-4.5_p1.ebuild: + Stable for HPPA (bug #154389). + + 06 Jan 2007; Christian Faulhammer <opfer@gentoo.org> + openssh-4.5_p1.ebuild: + stable x86, security bug #154389 + + 07 Dec 2006; Diego Pettenò <flameeyes@gentoo.org> + openssh-4.3_p2-r1.ebuild, openssh-4.3_p2-r5.ebuild, + openssh-4.4_p1-r6.ebuild, openssh-4.5_p1.ebuild: + Require dev-libs/libedit for libedit support, as it's going to be removed + from freebsd-lib in favour of a merged dev-libs/libedit ebuild. + + 08 Nov 2006; Ilya A. Volynets-Evenbakh <iluxa@gentoo.org> + openssh-4.4_p1-r6.ebuild: + Stable on mips (#149502) + +*openssh-4.5_p1 (07 Nov 2006) + + 07 Nov 2006; Mike Frysinger <vapier@gentoo.org> +openssh-4.5_p1.ebuild: + Version bump #154389. + + 05 Nov 2006; Brent Baude <ranger@gentoo.org> openssh-4.4_p1-r6.ebuild: + Marking openssh-4.4_p1-r6 ppc64 stable for 149502 + + 03 Nov 2006; Fernando J. Pereda <ferdy@gentoo.org> + openssh-4.4_p1-r6.ebuild: + Stable on alpha as per bug #149502 + +*openssh-4.4_p1-r6 (03 Nov 2006) + + 03 Nov 2006; Mike Frysinger <vapier@gentoo.org> + +files/openssh-4.4_p1-ldap-hpn-glue.patch, +openssh-4.4_p1-r6.ebuild: + Grab updated HPN patch to fix -C issues #153854. + + 01 Nov 2006; Tobias Scherbaum <dertobi123@gentoo.org> + openssh-4.4_p1-r5.ebuild: + ppc stable, bug #149502 + + 01 Nov 2006; Gustavo Zacarias <gustavoz@gentoo.org> + openssh-4.4_p1-r5.ebuild: + Stable on sparc wrt security #149502 + + 01 Nov 2006; Mike Frysinger <vapier@gentoo.org> + +files/openssh-4.4_p1-x509-hpn-glue.patch, openssh-4.4_p1-r5.ebuild: + Tweak X509 a little so HPN can apply at the sametime #151527 by Bob Reveley. + + 31 Oct 2006; Danny van Dyk <kugelfang@gentoo.org> + openssh-4.4_p1-r5.ebuild: + Marked stable on amd64. + + 31 Oct 2006; Andrej Kacian <ticho@gentoo.org> openssh-4.4_p1-r5.ebuild: + Stable on x86, security bug #152594. + + 31 Oct 2006; Jeroen Roovers <jer@gentoo.org> openssh-4.4_p1-r5.ebuild: + Stable for HPPA (bug #149502). + +*openssh-4.4_p1-r5 (25 Oct 2006) + + 25 Oct 2006; Mike Frysinger <vapier@gentoo.org> +openssh-4.4_p1-r5.ebuild: + Add updated securid support. + + 17 Oct 2006; Roy Marples <uberlord@gentoo.org> openssh-4.4_p1-r4.ebuild: + Added ~sparc-fbsd keyword. + + 14 Oct 2006; Roy Marples <uberlord@gentoo.org> files/sshd.rc6: + Init script now interacts fully with start-stop-daemon. + +*openssh-4.4_p1-r4 (13 Oct 2006) + + 13 Oct 2006; Mike Frysinger <vapier@gentoo.org> +openssh-4.4_p1-r4.ebuild: + Add updated hpn support. + +*openssh-4.4_p1-r3 (04 Oct 2006) + + 04 Oct 2006; Chris PeBenito <pebenito@gentoo.org> + +files/openssh-4.4p1-selinux-ac.diff, +openssh-4.4_p1-r3.ebuild: + Fix configure to properly detect SELinux functions. + +*openssh-4.4_p1-r2 (02 Oct 2006) + + 02 Oct 2006; Mike Frysinger <vapier@gentoo.org> +openssh-4.4_p1-r2.ebuild: + Add support for new X509. + + 02 Oct 2006; Andrea Barisani <lcars@gentoo.org> + files/digest-openssh-4.4_p1-r1, Manifest: + Fixing digest wrt bug #149571 + + 30 Sep 2006; Diego Pettenò <flameeyes@gentoo.org> + openssh-4.4_p1-r1.ebuild: + Make sure pam is the latest eclass called. + + 29 Sep 2006; Markus Rothe <corsair@gentoo.org> openssh-4.3_p2-r5.ebuild: + Stable on ppc64 + +*openssh-4.4_p1-r1 (29 Sep 2006) + + 29 Sep 2006; Andrea Barisani <lcars@gentoo.org> +openssh-4.4_p1-r1.ebuild: + Revision bump for new ldap patch. + +*openssh-4.4_p1 (28 Sep 2006) + + 28 Sep 2006; Mike Frysinger <vapier@gentoo.org> +openssh-4.4_p1.ebuild: + Version bump. + + 27 Sep 2006; Fernando J. Pereda <ferdy@gentoo.org> + openssh-4.3_p2-r5.ebuild: + Stable on alpha wrt bug #148228 + + 26 Sep 2006; Gustavo Zacarias <gustavoz@gentoo.org> + openssh-4.3_p2-r5.ebuild: + Stable on hppa wrt security #148228 + + 26 Sep 2006; Simon Stelling <blubb@gentoo.org> openssh-4.3_p2-r5.ebuild: + stable on amd64; bug 148228 + + 26 Sep 2006; Tobias Scherbaum <dertobi123@gentoo.org> + openssh-4.3_p2-r5.ebuild: + ppc stable, bug #148228 + + 25 Sep 2006; Jason Wever <weeve@gentoo.org> openssh-4.3_p2-r5.ebuild: + Stable on SPARC wrt security bug #148228. + + 25 Sep 2006; Paul Varner <fuzzyray@gentoo.org> openssh-4.3_p2-r5.ebuild: + Stable on x86. Bug #148228 + +*openssh-4.3_p2-r5 (25 Sep 2006) + + 25 Sep 2006; Tavis Ormandy <taviso@gentoo.org> +openssh-4.3_p2-r5.ebuild, + +files/openssh-4.3_p2-identical-simple-dos-2.patch: + Tweak DOS patch #148228. + + 23 Sep 2006; Mike Frysinger <vapier@gentoo.org> + +files/openssh-4.3_p2-opensc-libs.patch, openssh-4.3_p2-r4.ebuild: + Fix building with --as-needed #148538 by Mart Raudsepp. + + 23 Sep 2006; Mike Frysinger <vapier@gentoo.org> + +files/openssh-4.3_p2-ldap-updates.patch, openssh-4.3_p2-r4.ebuild: + Fixup ldap configure code #148723 by sfp-a7x. + +*openssh-4.3_p2-r4 (22 Sep 2006) + + 22 Sep 2006; Mike Frysinger <vapier@gentoo.org> + +files/openssh-4.3_p2-securid-updates.patch, +openssh-4.3_p2-r4.ebuild: + Force rebuilding of all autotools instead of just cheating with autoconf + #148639 by Alex K. + + 22 Sep 2006; Tobias Scherbaum <dertobi123@gentoo.org> + openssh-4.3_p2-r3.ebuild: + hppa stable, bug #148228 + + 21 Sep 2006; Tobias Scherbaum <dertobi123@gentoo.org> + openssh-4.3_p2-r3.ebuild: + ppc stable, bug #148228 + + 21 Sep 2006; Mike Doty <kingtaco@gentoo.org> openssh-4.3_p2-r3.ebuild: + amd64 stable, bug 148228 + + 21 Sep 2006; Gustavo Zacarias <gustavoz@gentoo.org> + openssh-4.3_p2-r3.ebuild: + Stable on sparc wrt #148228 + + 21 Sep 2006; <ticho@gentoo.org> openssh-4.3_p2-r3.ebuild: + Stable on x86, security bug #148228. + + 21 Sep 2006; Markus Rothe <corsair@gentoo.org> openssh-4.3_p2-r3.ebuild: + Stable on ppc64; bug #148228 + +*openssh-4.3_p2-r3 (20 Sep 2006) + + 20 Sep 2006; Mike Frysinger <vapier@gentoo.org> + +files/openssh-4.3_p1-chroot.patch, + +files/openssh-4.3_p2-identical-simple-dos.patch, files/sshd.confd, + files/sshd.rc6, +openssh-4.3_p2-r3.ebuild: + Fixes from upstream for minor DOS #148228. + + 08 Sep 2006; Mike Frysinger <vapier@gentoo.org> openssh-4.3_p2-r2.ebuild: + Remove ugly flag mangling and fix building with USE=static #146654 by + Alexander Skwar. + + 05 Jul 2006; Andrea Barisani <lcars@gentoo.org> metadata.xml: + Making my metadata entry a bit more clear. + + 04 Jul 2006; Mike Frysinger <vapier@gentoo.org> openssh-4.3_p2-r2.ebuild: + Add x11-apps/xauth to RDEPEND for USE=X #139235 by Ian Stakenvicius. + + 02 Jul 2006; Robin H. Johnson <robbat2@gentoo.org> + files/digest-openssh-3.9_p1-r3, files/digest-openssh-4.0_p1-r2, + files/digest-openssh-4.1_p1-r1, files/digest-openssh-4.2_p1-r1, + files/digest-openssh-4.3_p1, files/digest-openssh-4.3_p2-r1, + files/digest-openssh-4.3_p2-r2, Manifest: + Fix digest weirdness. + + 30 Jun 2006; Robin H. Johnson <robbat2@gentoo.org> + files/digest-openssh-4.3_p1, files/digest-openssh-4.3_p2-r1, + files/digest-openssh-4.3_p2-r2, Manifest: + Upstream changed the openssh-lpk-4.3p1-0.3.7.patch file, and didn't alter + the filename! Re-digest as needed. + + 27 Jun 2006; Mike Frysinger <vapier@gentoo.org> + +files/openssh-4.3_p2-configure.patch, openssh-4.3_p1.ebuild, + openssh-4.3_p2-r1.ebuild, openssh-4.3_p2-r2.ebuild: + Fix broken configure script #137921 by Adam Potter. + + 24 Jun 2006; Diego Pettenò <flameeyes@gentoo.org> + openssh-4.3_p2-r1.ebuild: + Remove x86-fbsd keyword from an older rev, just to be safe. + + 24 Jun 2006; Diego Pettenò <flameeyes@gentoo.org> + openssh-4.3_p2-r2.ebuild: + Put shadow under conditional userland_GNU, unbreak non-GNU userlands. + + 24 Jun 2006; Joshua Kinard <kumba@gentoo.org> openssh-4.3_p2-r2.ebuild: + Eh, shadow belongs in RDEPEND instead, duh. + + 24 Jun 2006; Joshua Kinard <kumba@gentoo.org> openssh-4.3_p2-r2.ebuild: + Added shadow as a DEPEND so that groupadd is available. + +*openssh-4.3_p2-r2 (08 Jun 2006) + + 08 Jun 2006; Mike Frysinger <vapier@gentoo.org> + +files/openssh-4.3_p2-securid-hpn-glue.patch, + +files/openssh-4.3_p2-x509-hpn-glue.patch, openssh-4.2_p1-r1.ebuild, + +openssh-4.3_p2-r2.ebuild: + Update hpn and x509 patches #135691 by Scott Jones. + + 07 Jun 2006; Joshua Kinard <kumba@gentoo.org> openssh-4.3_p2-r1.ebuild: + Add sys-apps/shadow to RDEPEND/DEPEND so group/useradd is available. Fixes + Bug #135966. + + 29 Apr 2006; Joshua Kinard <kumba@gentoo.org> openssh-4.3_p2-r1.ebuild: + Marked stable on mips. + + 19 Apr 2006; Andrea Barisani <lcars@gentoo.org> openssh-4.3_p1.ebuild, + openssh-4.3_p2-r1.ebuild: + Ok that last commit was stupid, going back and waiting for updated mirrors. + + 19 Apr 2006; <lcars@gentoo.org> openssh-4.3_p1.ebuild, + openssh-4.3_p2-r1.ebuild: + Moving ldap patch to dev.gentoo.org waiting for mirror to get the updated version + and fixing digest issues. bug #130354 + + 17 Apr 2006; Markus Rothe <corsair@gentoo.org> openssh-4.3_p2-r1.ebuild: + Stable on ppc64; bug #130027 + + 17 Apr 2006; Chris Gianelloni <wolf31o2@gentoo.org> + openssh-4.3_p2-r1.ebuild: + Stable on x86 wrt bug #130027. + + 16 Apr 2006; Bryan Østergaard <kloeri@gentoo.org + openssh-4.3_p2-r1.ebuild: + Stable on alpha, bug 130027. + + 15 Apr 2006; Jason Wever <weeve@gentoo.org> openssh-4.3_p2-r1.ebuild: + Stable on SPARC wrt bug #130027. + + 15 Apr 2006; <nixnut@gentoo.org> openssh-4.3_p2-r1.ebuild: + Stable on ppc. Bug #130027 + + 15 Apr 2006; Marcus D. Hanwell <cryos@gentoo.org> + openssh-4.3_p2-r1.ebuild: + Marked stable on amd64, bug 130027. + + 04 Apr 2006; Diego Pettenò <flameeyes@gentoo.org> + openssh-4.3_p2-r1.ebuild: + Allow using freebsd-lib's libedit with libedit useflag. + + 30 Mar 2006; Diego Pettenò <flameeyes@gentoo.org> + openssh-4.3_p2-r1.ebuild: + Add ~x86-fbsd keyword. + + 05 Mar 2006; Mike Frysinger <vapier@gentoo.org> + +files/openssh-4.3_p2-selinux.patch.glue, openssh-4.3_p2-r1.ebuild: + Glue selinux and X509 support #125108 by Alon Bar-Lev. + + 05 Mar 2006; Andrea Barisani <lcars@gentoo.org> openssh-4.3_p1.ebuild, + openssh-4.3_p2.ebuild, openssh-4.3_p2-r1.ebuild: + Restored ldap support in 4.3 versions. + +*openssh-4.3_p2-r1 (05 Mar 2006) + + 05 Mar 2006; Chris PeBenito <pebenito@gentoo.org> + +files/openssh-4.3_p2-selinux.patch, +openssh-4.3_p2-r1.ebuild: + Bump to update SELinux patch. + +*openssh-4.3_p2 (04 Mar 2006) + + 04 Mar 2006; Mike Frysinger <vapier@gentoo.org> + +files/openssh-4.3_p1-krb5-typos.patch, +openssh-4.3_p2.ebuild: + Version bump and add patch from upstream #124494 by RiverRat. + + 28 Feb 2006; Mike Frysinger <vapier@gentoo.org> files/sshd.rc6: + Add restart function by Michal Fojtik to init.d script #124271. + + 19 Feb 2006; Joshua Kinard <kumba@gentoo.org> openssh-4.2_p1-r1.ebuild: + Marked stable on mips. + +*openssh-4.3_p1 (08 Feb 2006) + + 08 Feb 2006; Mike Frysinger <vapier@gentoo.org> +openssh-4.3_p1.ebuild: + Version bump #121191 by Wolfram Schlich. + + 04 Feb 2006; Mike Frysinger <vapier@gentoo.org> +files/sshd.confd, + files/sshd.rc6, openssh-3.9_p1-r3.ebuild, openssh-4.0_p1-r2.ebuild, + openssh-4.1_p1-r1.ebuild, openssh-4.2_p1.ebuild, openssh-4.2_p1-r1.ebuild: + Pass sshd_config to sshd when starting to better help running multiple + instances of ssh #121530 by ph. + + 03 Feb 2006; Tobias Scherbaum <dertobi123@gentoo.org> + openssh-4.2_p1-r1.ebuild: + ppc stable, bug #119232 + + 03 Feb 2006; Markus Rothe <corsair@gentoo.org> openssh-4.2_p1-r1.ebuild: + Stable on ppc64: bug #119232 + + 03 Feb 2006; Jose Luis Rivero <yoswink@gentoo.org> + openssh-4.2_p1-r1.ebuild: + Stable on alpha wrt sec bug #119232 + + 02 Feb 2006; Rene Nussbaumer <killerfox@gentoo.org> + openssh-4.2_p1-r1.ebuild: + Stable on hppa. See bug #119232. + + 02 Feb 2006; Mark Loeser <halcy0n@gentoo.org> openssh-4.2_p1-r1.ebuild: + Stable on x86; bug #119232 + + 02 Feb 2006; Gustavo Zacarias <gustavoz@gentoo.org> + openssh-4.2_p1-r1.ebuild: + Stable on sparc wrt security #119232 + + 02 Feb 2006; Simon Stelling <blubb@gentoo.org> openssh-4.2_p1-r1.ebuild: + stable on amd64 wrt bug 119232 + +*openssh-4.2_p1-r1 (01 Feb 2006) + + 01 Feb 2006; Mike Frysinger <vapier@gentoo.org> + +files/openssh-4.2_p1-CVE-2006-0225.patch, +openssh-4.2_p1-r1.ebuild: + Version bump for security #119232. + + 29 Jan 2006; Mike Frysinger <vapier@gentoo.org> + +files/openssh-4.2_p1-cross-compile.patch, openssh-4.0_p1-r2.ebuild, + openssh-4.1_p1-r1.ebuild, openssh-4.2_p1.ebuild: + Fix cross-compiling #120567 by Raphael Burnes. + + 25 Dec 2005; Diego Pettenò <flameeyes@gentoo.org> openssh-4.2_p1.ebuild: + Use bindnow-flags function instead of -Wl,-z,now. + + 10 Dec 2005; Mike Frysinger <vapier@gentoo.org> files/sshd.rc6: + Update init.d script to allow for multiple instances by Marius Mauch #114996. + + 22 Oct 2005; MATSUU Takuto <matsuu@gentoo.org> openssh-4.2_p1.ebuild: + Stable on sh for #109678. + + 22 Oct 2005; Mike Frysinger <vapier@gentoo.org> + +files/openssh-4.2_p1-selinux.patch, openssh-4.2_p1.ebuild: + Fix selinux support #110039 and add back in securid/hpn patches. + + 21 Oct 2005; Bryan Østergaard <kloeri@gentoo.org> openssh-4.2_p1.ebuild: + Stable on alpha + ia64, bug 109678. + + 21 Oct 2005; Jason Wever <weeve@gentoo.org> openssh-4.2_p1.ebuild: + Stable on SPARC wrt security bug #109678. + + 21 Oct 2005; Seemant Kulleen <seemant@gentoo.org> openssh-4.2_p1.ebuild: + stable amd64 for bug #109678 + + 21 Oct 2005; Aaron Walker <ka0ttic@gentoo.org> openssh-4.2_p1.ebuild: + Stable on mips for bug #109678. + + 20 Oct 2005; Michael Hanselmann <hansmi@gentoo.org> openssh-4.2_p1.ebuild: + Stable on hppa, ppc. + + 20 Oct 2005; <mkay@gentoo.org> openssh-4.2_p1.ebuild: + Marking stable on x86 + + 20 Oct 2005; Brent Baude <ranger@gentoo.org> openssh-4.2_p1.ebuild: + Marking openssh-4.2_p1 ppc64 for bug 109678 + + 19 Oct 2005; Mike Frysinger <vapier@gentoo.org> + openssh-3.8.1_p1-r1.ebuild, openssh-3.9_p1-r3.ebuild, + openssh-4.0_p1-r2.ebuild, openssh-4.1_p1-r1.ebuild, openssh-4.2_p1.ebuild: + Move default xauth location to /usr/bin/xauth. + +*openssh-4.2_p1 (06 Sep 2005) + + 06 Sep 2005; Mike Frysinger <vapier@gentoo.org> + +files/openssh-4.2_p1-kerberos-detection.patch, + +files/openssh-4.2_p1-sftplogging-1.4-gentoo.patch.bz2, + +openssh-4.2_p1.ebuild: + Version bump #104948 by Saurabh Singhvi. + + 05 Sep 2005; Mike Frysinger <vapier@gentoo.org> + +files/openssh-3.9_p1-fix_suid.patch, + -files/openssh-3.9_p1-fix_suid.patch.bz2, + +files/openssh-3.9_p1-fix_suid-x509.patch, openssh-3.8.1_p1-r1.ebuild, + openssh-3.9_p1-r3.ebuild, openssh-4.0_p1-r2.ebuild, + openssh-4.1_p1-r1.ebuild: + Update the x509 patches. + + 05 Sep 2005; Mike Frysinger <vapier@gentoo.org> openssh-4.1_p1-r1.ebuild: + Re-enable smartcard support. + + 20 Aug 2005; Mike Frysinger <vapier@gentoo.org> files/sshd.rc6: + Before starting sshd, sanity check the config file #101893 by Eric Brown. + +*openssh-4.1_p1-r1 (15 Jul 2005) +*openssh-4.0_p1-r2 (15 Jul 2005) +*openssh-3.9_p1-r3 (15 Jul 2005) + + 15 Jul 2005; Andrea Barisani <lcars@gentoo.org> metadata.xml, + +openssh-3.9_p1-r3.ebuild, +openssh-4.0_p1-r2.ebuild, + +openssh-4.1_p1-r1.ebuild: + Updating openssh-lpk ldap patches to version 0.3.6. + + 26 Jun 2005; Mike Frysinger <vapier@gentoo.org> openssh-3.9_p1-r2.ebuild, + openssh-4.0_p1-r1.ebuild, openssh-4.1_p1.ebuild: + Add support for the High Performance patch #96717 by Frank Benkstein. + + 29 May 2005; Mike Frysinger <vapier@gentoo.org> openssh-4.0_p1-r1.ebuild, + openssh-4.1_p1.ebuild: + Add USE=libedit support #94410 by Joe Wells. + +*openssh-4.1_p1 (29 May 2005) + + 29 May 2005; Mike Frysinger <vapier@gentoo.org> +openssh-4.1_p1.ebuild: + Version bump #94261 by Tobias Sager. + + 28 May 2005; Mike Frysinger <vapier@gentoo.org> + +files/openssh-4.0_p1-smartcard-ldap-happy.patch, + openssh-3.8.1_p1-r1.ebuild, openssh-3.9_p1-r2.ebuild, + openssh-4.0_p1-r1.ebuild: + Add support for LDAP and make it mutually exclusive from x509 since they + conflict #58579. + + 22 May 2005; Mike Frysinger <vapier@gentoo.org> openssh-4.0_p1-r1.ebuild: + Add support for RSA SecurID tokens #92233 by Antti Mäkelä. + + 20 May 2005; Diego Pettenò <flameeyes@gentoo.org> + openssh-3.9_p1-r2.ebuild, openssh-4.0_p1.ebuild, openssh-4.0_p1-r1.ebuild: + Inherit pam eclass for newpamd. + +*openssh-4.0_p1-r1 (29 Apr 2005) + + 29 Apr 2005; Diego Pettenò <flameeyes@gentoo.org> + +files/sshd.pam_include, +openssh-4.0_p1-r1.ebuild: + Added a new revision depending on virtual/pam (>=pam-0.78) and uses the + include syntax instead of pam_stack.so. + +*openssh-3.9_p1-r2 (17 Mar 2005) + + 17 Mar 2005; Mike Frysinger <vapier@gentoo.org> + files/openssh-3.9_p1-sftplogging-1.2-gentoo.patch.bz2, + +openssh-3.9_p1-r2.ebuild: + Fix bad sftplogging code #82372 by Andrej Kacian. + +*openssh-4.0_p1 (15 Mar 2005) + + 15 Mar 2005; Mike Frysinger <vapier@gentoo.org> + +files/openssh-4.0_p1-sftplogging-1.2-gentoo.patch.bz2, + +openssh-4.0_p1.ebuild: + Version bump #84717 by Michail A.Baikov. + + 13 Mar 2005; Mike Frysinger <vapier@gentoo.org> + +files/openssh-3.9_p1-kerberos-detection.patch, openssh-3.9_p1-r1.ebuild: + Add patch to fix kerberos detection #80811 by Aron Griffis. + + 13 Mar 2005; Mike Frysinger <vapier@gentoo.org> + +files/openssh-3.9_p1-configure-openct.patch, openssh-3.9_p1-r1.ebuild: + Fix USE=-opensc logic with patch by Stian Skjelstad #78730. + + 19 Feb 2005; Mike Frysinger <vapier@gentoo.org> + files/openssh-3.9_p1-largekey.patch.bz2: + Make sure that the largekey properly passes the size of the buffer along + #82463 by David Cuthbert. + + 22 Jan 2005; Daniel Ahlberg <aliz@gentoo.org> + +files/openssh-3.9_p1-pamfix.patch.bz2, openssh-3.9_p1-r1.ebuild: + Added pamfix patch from upstream, closing #65343. + + 07 Jan 2005; Daniel Ahlberg <aliz@gentoo.org> + +files/openssh-3.9_p1-terminal_restore.patch.bz2, + openssh-3.9_p1-r1.ebuild: + Fix terminal restoration after breaking out from sftp and scp, closing #63544. + + 30 Dec 2004; Bryan Østergaard <kloeri@gentoo.org> + openssh-3.9_p1-r1.ebuild: + Stable on alpha, bug 59361. + + 29 Dec 2004; Hardave Riar <hardave@gentoo.org> openssh-3.9_p1-r1.ebuild: + Stable on mips, bug #59361. + + 29 Dec 2004; Ciaran McCreesh <ciaranm@gentoo.org> : + Change encoding to UTF-8 for GLEP 31 compliance + + 29 Dec 2004; Gustavo Zacarias <gustavoz@gentoo.org> + openssh-3.9_p1-r1.ebuild: + Stable on sparc wrt #59361 + + 29 Dec 2004; Markus Rothe <corsair@gentoo.org> openssh-3.9_p1-r1.ebuild: + Stable for security; bug #59361 + + 29 Dec 2004; <SeJo@gentoo.org> openssh-3.9_p1-r1.ebuild: + stable on ppc glsa: 59361 + +*openssh-3.9_p1-r1 (28 Dec 2004) + + 28 Dec 2004; Mike Frysinger <vapier@gentoo.org> + files/openssh-3.9_p1-chroot.patch, +openssh-3.9_p1-r1.ebuild, + +files/openssh-3.9_p1-infoleak.patch: + Add infoleak fix #59361 and allow the chroot patch to support PAM auth #72987. + + 16 Nov 2004; Mike Frysinger <vapier@gentoo.org> openssh-3.9_p1.ebuild: + If USE=pam, then disable PasswordAuthentication since PAM overrides it #71233. + + 14 Sep 2004; Daniel Ahlberg <aliz@gentoo.org> openssh-3.9_p1.ebuild, + files/openssh-3.9_p1-fix_suid.patch.bz2: + Fixed suid binary. + + 14 Sep 2004; Daniel Ahlberg <aliz@gentoo.org> openssh-3.7.1_p2-r1.ebuild, + openssh-3.7.1_p2-r2.ebuild, openssh-3.8.1_p1-r1.ebuild, + openssh-3.8.1_p1-r2.ebuild, openssh-3.8.1_p1.ebuild, openssh-3.8_p1.ebuild, + openssh-3.9_p1.ebuild, files/openssh-3.5_p1-gentoo-sshd-gcc3.patch, + files/openssh-3.5_p1-gentoo-sshd-gcc3.patch.bz2, + files/openssh-3.7.1_p1-selinux.diff, + files/openssh-3.7.1_p1-selinux.diff.bz2, + files/openssh-3.7.1_p2-chroot.patch, + files/openssh-3.7.1_p2-chroot.patch.bz2, + files/openssh-3.7.1_p2-kerberos.patch, + files/openssh-3.7.1_p2-kerberos.patch.bz2, + files/openssh-3.7.1_p2-skey.patch, files/openssh-3.7.1_p2-skey.patch.bz2, + files/openssh-3.8.1_p1-chroot.patch, + files/openssh-3.8.1_p1-chroot.patch.bz2, + files/openssh-3.8.1_p1-kerberos.patch, + files/openssh-3.8.1_p1-kerberos.patch.bz2, + files/openssh-3.8.1_p1-largekey.patch, + files/openssh-3.8.1_p1-largekey.patch.bz2, + files/openssh-3.8.1_p1-opensc.patch, + files/openssh-3.8.1_p1-opensc.patch.bz2, + files/openssh-3.8.1_p1-resolv_functions.patch, + files/openssh-3.8.1_p1-resolv_functions.patch.bz2, + files/openssh-3.8.1_p1-skey.patch, + files/openssh-3.8_p1-resolv_functions.patch.bz2, + files/openssh-3.8_p1-skey.patch, files/openssh-3.8_p1-skey.patch.bz2, + files/openssh-3.9_p1-chroot.patch, files/openssh-3.9_p1-chroot.patch.bz2, + files/openssh-3.9_p1-largekey.patch, + files/openssh-3.9_p1-largekey.patch.bz2, files/openssh-3.9_p1-opensc.patch, + files/openssh-3.9_p1-opensc.patch.bz2, files/openssh-3.9_p1-selinux.diff, + files/openssh-3.9_p1-selinux.diff.bz2, + files/openssh-3.9_p1-sftplogging-1.2-gentoo.patch, + files/openssh-3.9_p1-sftplogging-1.2-gentoo.patch.bz2, + files/openssh-3.9_p1-skey.patch, files/openssh-3.9_p1-skey.patch.bz2, + files/openssh-skeychallenge-args.diff, + files/openssh-skeychallenge-args.diff.bz2: + Compressed patches. + + 20 Aug 2004; Gustavo Zacarias <gustavoz@gentoo.org> + openssh-3.8.1_p1-r1.ebuild: + Stable on sparc + + 20 Aug 2004; Daniel Ahlberg <aliz@gentoo.org> openssh-3.9_p1.ebuild, + files/openssh-3.9_p1-sftplogging-1.2-gentoo.patch: + Enable X509 now that a updated patch is available, closing #60905. + Fix skey support by running autoconf, closing #60849. + Disable pam if static is in USE, closing #60864. + + 19 Aug 2004; Chris PeBenito <pebenito@gentoo.org> + +files/openssh-3.9_p1-selinux.diff, openssh-3.9_p1.ebuild: + Update SELinux patch + + 18 Aug 2004; Daniel Ahlberg <aliz@gentoo.org> openssh-3.8.1_p1-r2.ebuild: + Fixed sftplogging patch, closing #60417 again. + +*openssh-3.9_p1 (18 Aug 2004) + + 18 Aug 2004; Daniel Ahlberg <aliz@gentoo.org> openssh-3.8.1_p1-r2.ebuild, + openssh-3.9_p1.ebuild: + Version bump, closing #60758. + + 16 Aug 2004; Daniel Ahlberg <aliz@gentoo.org> + files/openssh-3.8.1_p1-largekey.patch: + Fixed largekey patch. Closing #60417. + +*openssh-3.8.1_p1-r2 (15 Aug 2004) + + 15 Aug 2004; Daniel Ahlberg <aliz@gentoo.org> openssh-3.8.1_p1-r2.ebuild: + + Added sftp-logging patch, closing #52168. + + Added patch for large keys, closing #55013. + + 08 Jul 2004; Bryan Østergaard <kloeri@gentoo.org> + openssh-3.8.1_p1-r1.ebuild: + Stable on alpha. + + 07 Jul 2004; Travis Tilley <lv@gentoo.org> openssh-3.8.1_p1-r1.ebuild: + stable on amd64 + + 03 Jul 2004; Joshua Kinard <kumba@gentoo.org> openssh-3.8.1_p1-r1.ebuild: + Marked stable on mips. + + 01 Jul 2004; Jon Hood <squinky86@gentoo.org> openssh-3.7.1_p2-r1.ebuild, + openssh-3.7.1_p2-r2.ebuild, openssh-3.8.1_p1-r1.ebuild, + openssh-3.8.1_p1.ebuild, openssh-3.8_p1.ebuild: + change virtual/glibc to virtual/libc + + 28 Jun 2004; Brandon Hale <tseng@gentoo.org> openssh-3.8.1_p1-r1.ebuild: + Stable on x86. + + 15 Jun 2004; <solar@gentoo.org> openssh-3.8.1_p1-r1.ebuild: + pam & uclibc updates + + 07 Jun 2004; Bryan Østergaard <kloeri@gentoo.org> openssh-3.8.1_p1.ebuild: + Stable on alpha. + + 05 Jun 2004; Hanselmann Michael <hansmi@gentoo.org> + openssh-3.8.1_p1.ebuild: + Replaced ~ppc with ppc in KEYWORDS. + +*openssh-3.8.1_p1-r1 (30 May 2004) + + 30 May 2004; Mike Frysinger <vapier@gentoo.org> + +files/openssh-3.8.1_p1-opensc.patch, +openssh-3.8.1_p1-r1.ebuild: + Add optional support for smartcard stuff #43593 by Andreas Jellinghaus. + + 01 May 2004; Ciaran McCreesh <ciaranm@gentoo.org> openssh-3.8_p1.ebuild: + Stable on sparc, mips + + 28 Apr 2004; Daniel Ahlberg <aliz@gentoo.org> openssh-3.8.1_p1.ebuild: + Readded X509 patch now that it has been updated upstream. + + 27 Apr 2004; Michael McCabe <randy@gentoo.org> openssh-3.8.1_p1.ebuild: + Stable on s390 + + 22 Apr 2004; Guy Martin <gmsoft@gentoo.org> openssh-3.8_p1.ebuild: + Marked stable on hppa. + + 22 Apr 2004; Daniel Ahlberg <aliz@gentoo.org> openssh-3.7.1_p2-r2.ebuild, + openssh-3.8.1_p1.ebuild, openssh-3.8_p1.ebuild: + Fixed IUSE flags. + + 21 Apr 2004; Daniel Ahlberg <aliz@gentoo.org> openssh-3.8_p1.ebuild: + Stable on x86 and amd64. + +*openssh-3.8.1_p1 (21 Apr 2004) + + 21 Apr 2004; Daniel Ahlberg <aliz@gentoo.org> openssh-3.8.1_p1.ebuild: + Version bump. Found by Daniel Webert <daniel_webert@web.de> in #48465. + + 13 Apr 2004; Daniel Ahlberg <aliz@gentoo.org> openssh-3.7.1_p2-r2.ebuild, + openssh-3.8_p1.ebuild: + Updated SRC_URI. + + 23 Mar 2004; Daniel Ahlberg <aliz@gentoo.org> openssh-3.7.1_p2-r1.ebuild, + openssh-3.7.1_p2-r2.ebuild, openssh-3.8_p1.ebuild: + Change download URI for X509 patches temporarily. + + 18 Mar 2004; Daniel Ahlberg <aliz@gentoo.org> files/sshd.rc6, openssh-3.8_p1.ebuild: + Add mkdir -p /var/empty to initscript. Closing #42936. + + 09 Mar 2004; <agriffis@gentoo.org> openssh-3.7.1_p2-r2.ebuild: + stable on alpha and ia64 + + 09 Mar 2004; Daniel Ahlberg <aliz@gentoo.org> openssh-3.8_p1.ebuild: + + Add X509 patch back in, bumped to g4. + + Fix static compile by Sascha Silbe <sascha-gentoo-bugzilla@silbe.org> in #44077. + + 07 Mar 2004; Joshua Kinard <kumba@gentoo.org> openssh-3.7.1_p2-r2.ebuild: + Marked stable on mips. + + 02 Mar 2004; Brian Jackson <iggy@gentoo.org> openssh-3.8_p1.ebuild: + adding initial s390 support + + 27 Feb 2004; Sven Blumenstein <bazik@gentoo.org> openssh-3.7.1_p2-r2.ebuild: + Stable on sparc. Remember to mkdir /var/empty if it doesnt exist before you + restart sshd... + + 25 Feb 2004; Guy Martin <gmsoft@gentoo.org> openssh-3.7.1_p2-r2.ebuild: + Marked stable on hppa. + + 25 Feb 2004; Daniel Ahlberg <aliz@gentoo.org> openssh-3.7.1_p2-r2.ebuild: + Backport skey configure.ac patch. + + 24 Feb 2004; Daniel Ahlberg <aliz@gentoo.org> openssh-3.7.1_p2-r2.ebuild: + Unmask for x86 and amd64. + +*openssh-3.8_p1 (24 Feb 2004) + + 24 Feb 2004; Daniel Ahlberg <aliz@gentoo.org> openssh-3.8_p1.ebuild: + Version bump. + + 21 Feb 2004; Daniel Ahlberg <aliz@gentoo.org> openssh-3.7.1_p2-r2.ebuild: + Fix openssh to work with multipe kerbers5 libs. Closing #30310. + + 20 Feb 2004; Daniel Ahlberg <aliz@gentoo.org> openssh-3.7.1_p2-r2.ebuild: + Filter flag if using ldap. Closing #41727. + + 12 Feb 2004; Mike Frysinger <vapier@gentoo.org> : + Set Protocol to only allow ssh2 by default #41215 and enable pam if in USE. + + 10 Jan 2004; Brad House <brad_mssw@gentoo.org> openssh-3.7.1_p2-r2.ebuild: + install doesn't seem to be creating /var/empty + + 08 Jan 2004; <solar@gentoo.org> openssh-3.5_p1-r1.ebuild, + openssh-3.6.1_p2.ebuild, openssh-3.7.1_p2-r1.ebuild, + openssh-3.7.1_p2-r2.ebuild: + ppc64/mips nightmare.. had to remove tcpd and skey support for various arches + due to other things not being marked stable on those arches + +*openssh-3.7.1_p2-r2 (08 Jan 2004) + + 08 Jan 2004; <solar@gentoo.org> openssh-3.7.1_p2-r2.ebuild: + added feature request for chrooting via sshd bug #26615 + + 04 Jan 2004; Daniel Ahlberg <aliz@gentoo.org> openssh-3.7.1_p2-r1.ebuild: + Changeing sshd user shell. Closing #35063. + + 03 Jan 2003; Daniel Ahlberg <aliz@gentoo.org> openssh-3.7.1_p2-r1.ebuild: + Change adding sshd user and group to user enewuser and enewgroup. Should + fix #35369. + +*openssh-3.7.1_p2-r1 (05 Nov 2003) + + 17 Nov 2003; Joshua Kinard <kumba@gentoo.org> openssh-3.7.1_p2-r1.ebuild: + Added a gnuconfig_update call for mips systems + + 05 Nov 2003; Tavis Ormandy <taviso@gentoo.org> openssh-3.7.1_p2-r1.ebuild, + files/openssh-skeychallenge-args.diff: + patch needed for compatability with new skey. + + 28 Oct 2003; Chris PeBenito <pebenito@gentoo.org> openssh-3.5_p1-r1.ebuild, + openssh-3.6.1_p2.ebuild, openssh-3.7.1_p2.ebuild, + files/openssh-3.7.1_p1-selinux.diff: + Switch SELinux patch from old API to new API. + + 30 Sep 2003; Daniel Ahlberg <aliz@gentoo.org> openssh-3.7.1_p2.ebuild : + Add X509 patch back in, closes #29664. + + 23 Sep 2003; <solar@gentoo.org> openssh-3.7.1_p2.ebuild: + according to the ChangeLog for openssh =zlib-1.1.4 is a must now. Note: + openssh needs a X509 patch made upstream for p2 + +*openssh-3.7.1_p2 (23 Sep 2003) + + 23 Sep 2003; <solar@gentoo.org> openssh-3.7.1_p2.ebuild: + security update. http://www.openssh.com/txt/sshpam.adv + + 19 Sep 2003; Chris PeBenito <pebenito@gentoo.org> + openssh-3.7.1_p1-r1.ebuild, openssh-3.7.1_p1.ebuild: + Fix SELinux patch for 3.7.1_p1 + + 19 Sep 2003; Daniel Ahlberg <aliz@gentoo.org> openssh-3.7.1_p1-r1.ebuild : + Disabled selinux patch until a new can be made. + Fixed some of the patches to allow the X509 patch to apply. Closing #29105. + +*openssh-3.7.1_p1-r1 (18 Sep 2003) + + 18 Sep 2003; Daniel Ahlberg <aliz@gentoo.org> openssh-3.7.1_p1-r1.ebuild : + Removed krb4 and afs support since they are removed according to the Announcment. + Ebuild cleanups. + Added a bunch of patches from CVS. Among them a fix for CAN-2003-0682. + + 18 Sep 2003; Daniel Ahlberg <aliz@gentoo.org> openssh-3.7.1_p1.ebuild : + Readd X509 patch. Closing #28992. + +*openssh-3.7.1_p1 (16 Sep 2003) + + 16 Sep 2003; Rajiv Aaron Manglani <rajiv@gentoo.org> openssh-3.7.1_p1.ebuild: + added warning about restarting sshd. + + 16 Sep 2003; Mike Frysinger <vapier@gentoo.org> : + Another version bump ! :D #28927. This fixes 'more malloc bugs'. + +*openssh-3.7_p1 (16 Sep 2003) + + 16 Sep 2003; Rajiv Aaron Manglani <rajiv@gentoo.org> openssh-3.7_p1.ebuild: + added warning about restarting sshd. + + 16 Sep 2003; Mike Frysinger <vapier@gentoo.org> : + Version bump to fix #28873 ... selinux needs to be caught up though :(. + Marked stable due to nature of release (security). + +*openssh-3.6.1_p2-r3 (05 Sep 2003) + + 05 Sep 2003; Tavis Ormandy <taviso@gentoo.org> openssh-3.6.1_p2-r3.ebuild: + adding optional s/key authentication support, using new local USE flag + `skey`, currently ~arch only. #11478 + +*openssh-3.6.1_p2-r1 (06 Aug 2003) + + 06 Aug 2003; Donny Davies <woodchip@gentoo.org> openssh-3.6.1_p2-r1.ebuild: + Added new local USE=X509 variable which includes Roumen Petrov's patch + providing support for authentication with X.509 certificates. + + 31 May 2003; Brandon Low <lostlogic@gentoo.org> files/sshd.rc6: + Add 'use dns logger' to the rcscript + +*openssh-3.6.1_p2 (30 Apr 2003) + + 30 Apr 2003; Daniel Ahlberg <aliz@gentoo.org> openssh-3.6.1_p2.ebuild : + Security update. + +*openssh-3.6.1_p1 (02 Apr 2003) + + 02 Apr 2003; Brandon Low <lostlogic@gentoo.org> openssh-3.6.1_p1.ebuild: + Bump + +*openssh-3.6_p1 (02 Apr 2003) + + 02 Apr 2003; Brandon Low <lostlogic@gentoo.org> openssh-3.6_p1.ebuild: + Bump, required some modifications to the selinux patch, test thoroughly + + 09 Feb 2003; Guy Martin <gmsoft@gentoo.org> : + Added hppa to keywords. + +*openssh-3.5_p1-r1 (20 Jan 2003) + + 30 Mar 2003; Joshua Brindle <method@gentoo.org> openssh-3.5_p1-r1.ebuild: + fixed compile options for selinux support + + 20 Mar 2003; Joshua Brindle <method@gentoo.org> openssh-3.5_p1-r1.ebuild: + added selinux support + + 15 Mar 2003; Jan Seidel <tuxus@gentoo.org> : + Added mips to KEYWORDS + + 13 Mar 2003; Zach Welch <zwelch@gentoo.org> openssh-3.5_p1-r1.ebuild: + add arm keyword + + 09 Mar 2003; Aron Griffis <agriffis@gentoo.org> openssh-3.5_p1-r1.ebuild: + Mark stable on alpha + + 01 Mar 2003; Brandon Low <lostlogic@gentoo.org> openssh-3.5_p1-r1.ebuild: + make -> emake + + 21 Jan 2003; Nick Hadaway <raker@gentoo.org> openssh-3.5_p1-r1.ebuild : + Changed USE="kerberos" to depend on app-crypt/krb5 as heimdal is not + compatible currently. Install app-crypt/kth-krb and set KTH_KRB="yes" + to enable Kerberos IV support. + + 20 Jan 2003; Nick Hadaway <raker@gentoo.org> openssh-3.5_p1-r1.ebuild, + files/digest-openssh-3.5_p1-r1 : + Added kerberos use flag support. + + 09 Dec 2002; Donny Davies <woodchip@gentoo.org> openssh-3.5_p1.ebuild, + openssh-3.4_p1-r2.ebuild, openssh-3.4_p1-r3.ebuild : Add a shells reminder. + + 06 Dec 2002; Rodney Rees <manson@gentoo.org> : changed sparc ~sparc keywords + + 01 Dec 2002; Jack Morgan <jmorgan@gentoo.org> openssh-3.5_p1.ebuild : + Removed ~ from sparc/sparc64 keywords. + + 29 Nov 2002; Daniel Ahlberg <aliz@gentoo.org> openssh-3.5_p1.ebuild : + Rewrote patch applying code. + + 22 Nov 2002; Will Woods <wwoods@gentoo.org> openssh-3.5_p1.ebuild: + Added patch to fix compile problem on alpha. + + 23 Oct 2002; Maik Schreiber <blizzy@gentoo.org> openssh-3.5_p1.ebuild: Changed + "~x86" to "x86" in KEYWORDS. + +*openssh-3.5_p1 (18 Oct 2002) + + 19 Jan 2003; Jan Seidel <tuxus@gentoo.org> : + Added mips to keywords + + 18 Oct 2002; Daniel Ahlberg <aliz@gentoo.org> openssh-3.5_p1.ebuild: + Version bump, found by fluxbox <fluxbox@cox.net> in bug #9262. + +*openssh-3.4_p1-r3 (04 July 2002) + + 25 Jul 2002; Nicholas Jones <carpaski@gentoo.org> openssh-3.4_p1-r3.ebuild: + + Bopped Brandon on the head. Added -passwords to the end of --with-md5 + No version bump as this doesn't affect most people, and those who need it + can just rsync and emerge. + + 09 Jul 2002; Brandon Low <lostlogic@gentoo.org> openssh-3.4_p1-r3.ebuild: + + New revision enables md5 passwords, please test and let me know how it + goes so I can unmask. Thanks. + +*openssh-3.4_p1-r2 (04 July 2002) + + 09 Jul 2002; phoen][x <phoenix@gentoo.org> openssh-3.4_p1-r2.ebuild: + Added KEYWORDS. + + 04 July 2002; Brandon Low <lostlogic@gentoo.org> openssh-3.4_p1-r2.ebuild: + Fixes problem of /var/empty being removed if immediately do emerge openssh + emerge openssh. Not an urgent upgrade, but recommended. + +*openssh-3.4_p1-r1 (02 July 2002) + + 02 July 2002; Brandon Low <lostlogic@gentoo.org> openssh-3.4_p1-r1.ebuild: + This closes bugs 4169, 4170, and 4193. This new ebuild changes the sshd + user from whatever it may be to UID 22, this shouldn't mean anything to most + people because no scripts, nor programs use the sshd UID directly (for that + matter it is only referenced during authentication of new logins via ssh). + However if for some reason your system does have things that were owned by + user sshd, you will need to change their UID. + +*openssh-3.4_p1 (26 June 2002) + + 26 June 2002; Brandon Low <lostlogic@gentoo.org> : + New version closes soon to be released security hole, PLEASE upgrade + immediately according to the changelogs, this new version closes several + possible holes found during a massive audit of the code. + +*openssh-3.3_p1 (22 June 2002) + + 22 June 2002; Donny Davies <woodchip@gentoo.org> : + Chase latest release. Starting with this version sshd uses a new privelaged + process separation scheme. See the docs for more info. + +*openssh-3.2.3_p1-1 (5 June 2002) + + 5 June 2002; Gabriele Giorgetti <stroke@gentoo.org> : + New revision. Changes submitted by Alson van der Meulen gentoo@alm.xs4all.nl + within bug #3391 were added. Bug closed/fixed. + +*openssh-3.2.3_p1 (30 May 2002) + + 30 May 2002; Arcady Genkin <agenkin@thpoon.com> : + Update to 3.2.3. + +*openssh-3.2.2_p1 (18 May 2002) + + 18 May 2002; Donny Davies <woodchip@gentoo.org> : + Chase latest release + update openssl dependency. + +*openssh-3.1_p1-r2 (03 Apr 2002) + + 03 Apr 2002; Daniel Robbins <drobbins@gentoo.org> files/sshd.pam: new pam + sshd file to use pam_stack, pam_nologin and pam_shells, as well as use + pam_unix instead of pam_pwdb. Added updated shadow dependency if pam is + enabled (to depend upon our new shadow with the pam_pwdb to pam_unix + conversion). + +*openssh-3.1_p1 (7 Mar 2002) + + 15 Mar 2002; Bruce A. Locke <blocke@shivan.org> files/sshd.rc6, files/sshd.rc5: + ssh1 keygen requires a new option in the initscripts + + 13 Mar 2002; M.Schlemmer <azarah@gentoo.org> openssh-3.1_p1-r1.ebuild: + Update rc-script not to fail on restart if there is open sessions. + + 7 Mar 2002; F.Meyndert <m0rpheus@gentoo.org> openssh-3.1_p1.ebuild: + Updated openssh to version 3.1 that fixes a nasty off by one bug in all + previous version. That caused a local root hole. + +*openssh-3.0.2_p1-r1 (01 Feb 2002) + + 01 Feb 2002; G.Bevin <gbevin@gentoo.org> ChangeLog: + Added initial ChangeLog which should be updated whenever the package is + updated in any way. This changelog is targetted to users. This means that the + comments should well explained and written in clean English. The details about + writing correct changelogs are explained in the skel.ChangeLog file which you + can find in the root directory of the portage repository. diff --git a/net-misc/openssh/Manifest b/net-misc/openssh/Manifest new file mode 100644 index 0000000..74a0f23 --- /dev/null +++ b/net-misc/openssh/Manifest @@ -0,0 +1,49 @@ +AUX openssh-3.9_p1-opensc.patch 3242 RMD160 9c382109f0a64c30d6404f6c6ecdd274b8114fd3 SHA1 1020a213c5acb479003bebe6e4bed0f5b1e56a9f SHA256 36f27a6cd277cf08fadbc23cd4d019def69f40a601d75e63ead7bdc7cdf0539b +AUX openssh-4.7_p1-GSSAPI-dns.patch 4494 RMD160 4e02e0a85c0e33c917ec8c22b4e1c173a9d7d79e SHA1 d8a81eb92a49763106cfa5b319c22c6f188508ef SHA256 88a08f349258d4be5b2faa838a89fe1aa0196502990b745ac0e3a70dda30a0d7 +AUX openssh-4.7p1-selinux.diff 541 RMD160 bcb8f1fef2ae8378e7000732223c6116e06e0d6f SHA1 395b4dcff3eb7b92582a4364e612fff87278e7bc SHA256 ef8d71c46059bdcc8487cad06914639a8237197561cc030d8eed3baf418cc810 +AUX openssh-5.2_p1-autoconf.patch 386 RMD160 8e57ae97df0b2483f826a7aba00bc0622b9a28f8 SHA1 22c4e40f54f97f866b460fe8987eb16363410caf SHA256 42bb5f23f02241186abd6158ac15cd1fba0fadb4bd79e6b051fbd05605419ebb +AUX openssh-5.2_p1-gsskex-fix.patch 408 RMD160 6a6296cd1c8acc52af4e0d8b6238b326d5d41e77 SHA1 b31e5294c68e6af9a75987a1c3ece5e52f56e9a5 SHA256 8190db31ed2e8dc6ce79030e5c648d04610b06dd8366df5948ef6e990314ee96 +AUX openssh-5.2_p1-x509-hpn-glue.patch 2851 RMD160 2c3fbb549976f9004e89bcfb58dadf2186f64517 SHA1 ff666fb2a0ef3fc7d703f99438ca4c39ee2eafdf SHA256 a21336a892b61e29a556d16e9f0a67ee08ad04dd61e3963a201fdf032ce55f75 +AUX openssh-5.2p1-ldap-stdargs.diff 252 RMD160 7bf89a0946446b43ce3026b7b01a9a4c637f388a SHA1 7b62038dc3060b1e77df213c85874ba80acd8f64 SHA256 97281375efa33e9ce70a55bfa95b6b426208175e7e3ff493012bc25d9b012f45 +AUX openssh-5.3_p1-pkcs11-hpn-glue.patch 765 RMD160 9c865591eed26cadb34b0a4f35b574cda13a7da1 SHA1 4203cc42e801b5c598a4d7fd021bf965d64c1391 SHA256 0f85b457061fee06f053945ed1a37a962e41cd1c49c616fb9d5e4ad776fda6a4 +AUX openssh-5.4_p1-openssl.patch 255 RMD160 6d495664c5d94058cb4aa8a0011a070cb27a8fb9 SHA1 9e78702afc936a478f64c73bada9e85f7dbd8081 SHA256 f83627039491e9969f1ed5d77fe816465ce75809e8c2f2bfb07012bc21384347 +AUX openssh-5.4_p1-pkcs11.patch 1099 RMD160 d94041f2448ecc6e9d6add0301979abeaf47fd4c SHA1 371b2cd92ff915a8efc4377de60c7626e0371453 SHA256 5603b9f4cb99990404f7953d2524190ef50e6b0f5434a2465c6dea21720be4b6 +AUX openssh-5.4_p1-relative-AuthorizedKeysFile.patch 1501 RMD160 5f73b12112e52278561923e72d706a575d68d9f1 SHA1 9be8ba4a6d0b748d69596e111eddaa70a69fd645 SHA256 9c06be753927eaecec8eaae401f6890c4ab7a8cf91dc7a35bb95228ed1c0d362 +AUX openssh-5.6_p1-hpn-progressmeter.patch 334 RMD160 024480c0f7ccac80905ae4b4ae6adfa21428cf97 SHA1 446cfaa4be26fefbabd8f8933d91b5d5783f196c SHA256 eaa98f954934364a1994111f5a422d0730b6e224822cef03efe6d6fc0c7f056f +AUX openssh-5.6_p1-x509-hpn-glue.patch 1974 RMD160 bccefdc9ee8e923968c6dac5d470466b1b7e78b9 SHA1 8f882f22d2c85967d3d54c250a11077b67f9a1a9 SHA256 164db7af08e0565821d6d609b1beadab39777521bfff143a83acc1e097ad60f1 +AUX sshd.confd 396 RMD160 029680b2281961130a815ef599750c4fc4e84987 SHA1 23c283d0967944b6125be26ed4628f49abf586b2 SHA256 29c6d57ac3ec6018cadc6ba6cd9b90c9ed46e20049b970fdcc68ee2481a2ee41 +AUX sshd.pam 294 RMD160 1d4499a7de54188e51e87a240ec7a1b3b1af583d SHA1 4cd17fb40793fa9ca77ac93698129f2c8cafd7b8 SHA256 f01cc51c624b21a815fb6c0be35edc590e2e6f8a5ffbdcabc220a9630517972f +AUX sshd.pam_include.2 156 RMD160 c4f6ba6e3a705eef63e571189e28de71e7d61178 SHA1 1223f7a43a5e124521d48852b2d23bb8ba0a788f SHA256 166136e27d653e0bf481a6ca79fecb7d9fa2fc3d597d041f97df595f65a8193c +AUX sshd.rc6 2159 RMD160 961c7222fe809d81dc04c1f62e14c8292c0e3452 SHA1 d9853a50ff89d4359cc813a0f5ec936659941646 SHA256 83b94fed859ab3a00861969f97c166bd3b2fdd217f26468153e17005dfd55828 +AUX sshd.rc6.1 2244 RMD160 112f62244a4654d706fa3892da514df8130dabf3 SHA1 4a561034f7376bf10dc4601f2b847f247b83bf53 SHA256 09b7f29890fd0c28e364637236518c7ee4fea018af94dd72b8682a548678cd73 +DIST openssh-5.2p1+x509-6.2.1.diff.gz 153887 RMD160 3642946adfc122f28fb80518719040dddacf84ea SHA1 e48447e4335c543f4b702b3e3d0e41d6d9f7f6aa SHA256 9a745634eaf450fb2c0f9dcc31f3021dcd70d6bbdba0ae5b6952f2dfcb21ee55 +DIST openssh-5.2p1-gsskex-all-20090726.patch 90959 RMD160 45763e73aa65181d56aafed9ab7dd217150769f2 SHA1 64058c69fb866a8ab0233d454f3bb8e94a0b9db7 SHA256 6eb297d6fa74be3323c5e4f53df5b6e1f4edf6bf394e3e707c075846886e18e7 +DIST openssh-5.2p1-hpn13v6.diff.gz 33540 RMD160 d647d3b0547e4d698c616f5ed6643b3ddbcced95 SHA1 9683d5feb3f7e302ef836901af5366df6c425815 SHA256 90a395037a826a8ebcff68be8e46ddce1f89fd776c312c0e10e73cb703ed21bd +DIST openssh-5.2p1.tar.gz 1016612 RMD160 7c53f342034b16e9faa9f5a09ef46390420722eb SHA1 8273a0237db98179fbdc412207ff8eb14ff3d6de SHA256 4023710c37d0b3d79e6299cb79b6de2a31db7d581fe59e775a5351784034ecae +DIST openssh-5.2pkcs11-0.26.tar.bz2 18642 RMD160 07093fb2ad47247b2f028fae4fe1b80edf4ddaf8 SHA1 755793398e1b04ee6c15458a69ce4ad68d2abee0 SHA256 9655f118c614f76cfdd3164b5c0e3e430f20a4ce16c65df0dc1b594648cf1c07 +DIST openssh-5.3p1+x509-6.2.1.diff.gz 154130 RMD160 d16e9d4fd7f6e64091c7b421df7bbd7c21b40c4e SHA1 52182f3a3f84b5ce5e9fada5669776abb851a3fd SHA256 e7e122e74498a0db4253e4a2a43b55688685381066fbad69ad1beafd27b62523 +DIST openssh-5.3p1-hpn13v6-gentoo.diff.gz 23262 RMD160 f4a99017f658d5b803b966cb3711f246be6344f9 SHA1 a30568339458976933e770900a933f013e8ce2c2 SHA256 3f3861ca5e58134dc3f3f7a042d53b9d652b7e4232fcadd45c7fba2d98f5bf63 +DIST openssh-5.3p1.tar.gz 1027130 RMD160 f8c98b4b91b7e0e02b33837ef6978e8b7570cf9e SHA1 d411fde2584ef6022187f565360b2c63a05602b5 SHA256 d0c917462896974480b14454a8e1cb8b809291f67e5b9779c9b4dc4156c5ef12 +DIST openssh-5.4p1+x509-6.2.3.diff.gz 156621 RMD160 20be6252837563c299dfc8d32ac8823f21efbba4 SHA1 fe77afbe1a2884ee9545b027c311b9e7d4b84115 SHA256 90a21d282b846c28d8c8123dbc6f9bf9e1ec21d818ffe4260027875667164b0b +DIST openssh-5.4p1-hpn13v7-x509variant.diff.gz 22941 RMD160 383b3883984ee0e6068363fdd645d2dd24c7964c SHA1 d3f04c938ab6e5e10587d0ffb717af37360a8dd6 SHA256 c2b1a81c6952ae73cc4dfd1528d560588c45cf1242ea8b0e6eadb0cc83b50377 +DIST openssh-5.4p1-hpn13v8.diff.gz 22937 RMD160 40ce779b379c299d8079edbd0538c0927f11f238 SHA1 816ee2a3d0943aa7ccdaad3e0c516c22de000827 SHA256 03a5322a47f7c2011ec2cc5aee64e69b3ead08bde3eb64a20afd2c5ca1fe2529 +DIST openssh-5.4p1.tar.gz 1094604 RMD160 2382307f19edc727a108da262e531ecf3671cf09 SHA1 2a3042372f08afb1415ceaec8178213276a36302 SHA256 ae96e70d04104824ab10f0d7aaef4584ac96b2a870adfcd8b457d836c8c5404e +DIST openssh-5.5p1+x509-6.2.3.diff.gz 156737 RMD160 cf6d9e5f51512b3e22a3561ff7e1c6daad80d016 SHA1 5f163b03b3086605d9759b76565e6f3a5fa8cb85 SHA256 a2fdf904c21036fe6ee89da7572a37f4763ef414348f9a953c7c7e0fb3562a7f +DIST openssh-5.5p1-hpn13v9.diff.gz 22657 RMD160 bb9d44589018030fa3102898f85f4dfd7032d2f0 SHA1 8601fabf0067ff9c59501dc0006ad3853dbb3de0 SHA256 0556ad75cbd29cba71263a5b7ddc44c03d17c09297a6c41a16d39d3549e5079c +DIST openssh-5.5p1.tar.gz 1097574 RMD160 7cee614112b691da5daac9f2579becba2409b727 SHA1 361c6335e74809b26ea096b34062ba8ff6c97cd6 SHA256 36eedd6efe6663186ed23573488670f9b02e34744694e94a9f869b6f25e47e8a +DIST openssh-5.6p1+x509-6.2.3.diff.gz 168109 RMD160 d2a0bb07ede384a7fd752d0a1a2b7750101c5fe3 SHA1 319992226b8109c3f6ce9bbe5884635edb2349cf SHA256 90977eded2ae5e71bc3b84aad8597442074742d78d471087d020e58dd58342ad +DIST openssh-5.6p1-hpn13v10.diff.gz 22988 RMD160 9c62cd1520a69f10b85496450130a9fd0a5f5954 SHA1 71f5a346b297330c50b324cdc19e361070a31776 SHA256 6a9ee815e8ffcc9068c3dce4ad4f2898fc0db6b768a3152280aceb8c06c8b450 +DIST openssh-5.6p1-hpn13v9-gentoo.diff.gz 23106 RMD160 0f8538a81005ab8c45b53267757aabf8eb15de63 SHA1 a9897d1df3d917f612f92b6a67356ab8be56c4da SHA256 820d7b242e0421a168593e14dd3db5425cd81719caed7a9dfac8d32bd13aad2a +DIST openssh-5.6p1.tar.gz 1117952 RMD160 e3e1229cc0efa7cb534c83e61fade8371fc24a23 SHA1 347dd39c91c3529f41dae63714d452fb95efea1e SHA256 538af53b2b8162c21a293bb004ae2bdb141abd250f61b4cea55244749f3c6c2b +DIST openssh-lpk-5.2p1-0.3.11.patch.gz 18116 RMD160 2ff9bdff19e0854a96063be1e0589fa3f85da0d7 SHA1 33b36cf94f68a80fca497da110529ce69d62fbb0 SHA256 450b56a989767aa65a974213e8f7e9d0ee9d08522247db7b787730e53685bebd +DIST openssh-lpk-5.3p1-0.3.11.patch.gz 18137 RMD160 3e316722d521e163a82d661465abef7f128d736b SHA1 870a703e2cafa744681733766e48faf3229e3b7e SHA256 34d8dbccde3b1fedb6b75d7a725ade8b37389c46f5b13a2e5a80d8cd8e6ffaaa +DIST openssh-lpk-5.4p1-0.3.13.patch.gz 18105 RMD160 734b2c3ea740b6de610e3bfa91c93a2540b79acc SHA1 4c73f21b16db41c16e096db834380ec53f15c723 SHA256 4e5dbe769e487c914ecc5b104866f6d4412cbe35c3f2bed897d06f7d824878be +DIST openssh-lpk-5.6p1-0.3.13.patch.gz 18376 RMD160 c928a22d890de17c43ac8a71ac0a551fbe38a831 SHA1 477ef82043278ba9e314e14e7a487f1541fbc48b SHA256 42a76b67c390c3ed28efd6e1734ca5a7edfefc635c35086dbd610999130678e9 +EBUILD openssh-5.2_p1-r3.ebuild 8150 RMD160 b9049bb12151086a4261cfc70aad4ba0def0d4a7 SHA1 a9f0ec39435444e2ca4ca2e0ca99d3a10ded6bd8 SHA256 ba524fd8817de5ece224ba2fca841964020069bd580ae644c99ad9ff3587af1d +EBUILD openssh-5.3_p1-r1.ebuild 8321 RMD160 c632f38bae4c60e4836c96ca7e35dd103b598159 SHA1 1a7f59e8144586def7d83b6c6721d6da5c9e8d40 SHA256 1fa0285b909c4bd834bf495d3140aa8c7e6586ca1f85ec0c46aa0e0b4ee8df5d +EBUILD openssh-5.4_p1-r3.ebuild 8268 RMD160 0116016c792b5f56411dddf5a5f037dc4126361e SHA1 55e4e4e09ad214d3bb82304d1a1848ae45101099 SHA256 cbe163e47210ca42bf24545375aec9f9757af200eab68b9d539c7b2c39926f03 +EBUILD openssh-5.5_p1-r2.ebuild 8180 RMD160 e2bcad59293157b59d2b92fbb841fd8c4e2e6c40 SHA1 962947647c14a4a473921842375b9a7bf4bd308c SHA256 3f26e1d3d6cd6fdfef8107bbcb217899857ed12f9d7b805d93333d08ee58a90f +EBUILD openssh-5.6_p1-r1.ebuild 7889 RMD160 5136804037e2b8dc2202014aec6ed877583234e6 SHA1 3abb985a3b875d3f9554e111ed676edc6879297f SHA256 d5549c197592a412130803c7e25bf94b55e607f0a239f6570b269e9713df68a6 +EBUILD openssh-5.6_p1-r2.ebuild 7930 RMD160 4a22057ea694abefe151c91a784bc4b5a22f18ca SHA1 e44973cae830ed9ebb1059bbda3ff58dfe4f4c8f SHA256 9dca5967d6160848acf4ca0c994d46ce24fc4b91ce75251e8835831b8178be0b +MISC ChangeLog 62274 RMD160 ed44cebf98d1fb4f83e9e83cdf555c9e46df3da9 SHA1 47ad52d88052c7c6dbf012cfe420821f66895ddd SHA256 e4a7d9becca316afa5bf2673933f378828465c1366848413a4c453fb95fe0257 +MISC metadata.xml 1641 RMD160 b5ae0d7b86c8dcb36414bc31da6fd22a807ced0b SHA1 31923a9db53fcad2b9cca72c39e733376bf6c501 SHA256 d34bb27c9f775ce973246c2a6b32ccd17d300de562920afbdd47312056cd8946 diff --git a/net-misc/openssh/files/openssh-3.9_p1-opensc.patch b/net-misc/openssh/files/openssh-3.9_p1-opensc.patch new file mode 100644 index 0000000..c81dcc9 --- /dev/null +++ b/net-misc/openssh/files/openssh-3.9_p1-opensc.patch @@ -0,0 +1,130 @@ +http://bugs.gentoo.org/43593 +http://bugzilla.mindrot.org/show_bug.cgi?id=608 + +Index: scard-opensc.c +=================================================================== +RCS file: /cvs/openssh/scard-opensc.c,v +retrieving revision 1.12 +--- scard-opensc.c ++++ scard-opensc.c +@@ -38,6 +38,8 @@ + #include "readpass.h" + #include "scard.h" + ++int ask_for_pin=0; ++ + #if OPENSSL_VERSION_NUMBER < 0x00907000L && defined(CRYPTO_LOCK_ENGINE) + #define USE_ENGINE + #define RSA_get_default_method RSA_get_default_openssl_method +@@ -119,6 +121,7 @@ + struct sc_pkcs15_prkey_info *key; + struct sc_pkcs15_object *pin_obj; + struct sc_pkcs15_pin_info *pin; ++ char *passphrase = NULL; + + priv = (struct sc_priv_data *) RSA_get_app_data(rsa); + if (priv == NULL) +@@ -156,24 +159,47 @@ + goto err; + } + pin = pin_obj->data; ++ ++ if (sc_pin) ++ passphrase = sc_pin; ++ else if (ask_for_pin) { ++ /* we need a pin but don't have one => ask for the pin */ ++ char prompt[64]; ++ ++ snprintf(prompt, sizeof(prompt), "Enter PIN for %s: ", ++ key_obj->label ? key_obj->label : "smartcard key"); ++ passphrase = read_passphrase(prompt, 0); ++ if (!passphrase || !strcmp(passphrase, "")) ++ goto err; ++ } else ++ /* no pin => error */ ++ goto err; ++ + r = sc_lock(card); + if (r) { + error("Unable to lock smartcard: %s", sc_strerror(r)); + goto err; + } +- if (sc_pin != NULL) { +- r = sc_pkcs15_verify_pin(p15card, pin, sc_pin, +- strlen(sc_pin)); +- if (r) { +- sc_unlock(card); +- error("PIN code verification failed: %s", +- sc_strerror(r)); +- goto err; +- } ++ r = sc_pkcs15_verify_pin(p15card, pin, passphrase, ++ strlen(passphrase)); ++ if (r) { ++ sc_unlock(card); ++ error("PIN code verification failed: %s", ++ sc_strerror(r)); ++ goto err; + } ++ + *key_obj_out = key_obj; ++ if (!sc_pin) { ++ memset(passphrase, 0, strlen(passphrase)); ++ xfree(passphrase); ++ } + return 0; + err: ++ if (!sc_pin && passphrase) { ++ memset(passphrase, 0, strlen(passphrase)); ++ xfree(passphrase); ++ } + sc_close(); + return -1; + } +Index: scard.c +=================================================================== +RCS file: /cvs/openssh/scard.c,v +retrieving revision 1.27 +--- scard.c ++++ scard.c +@@ -35,6 +35,9 @@ + #include "readpass.h" + #include "scard.h" + ++/* currently unused */ ++int ask_for_pin = 0; ++ + #if OPENSSL_VERSION_NUMBER < 0x00907000L + #define USE_ENGINE + #define RSA_get_default_method RSA_get_default_openssl_method +Index: scard.h +=================================================================== +RCS file: /cvs/openssh/scard.h,v +retrieving revision 1.10 +--- scard.h ++++ scard.h +@@ -33,6 +33,8 @@ + #define SCARD_ERROR_NOCARD -2 + #define SCARD_ERROR_APPLET -3 + ++extern int ask_for_pin; ++ + Key **sc_get_keys(const char *, const char *); + void sc_close(void); + int sc_put_key(Key *, const char *); +Index: ssh.c +=================================================================== +RCS file: /cvs/openssh/ssh.c,v +retrieving revision 1.180 +--- ssh.c ++++ ssh.c +@@ -1155,6 +1155,9 @@ + #ifdef SMARTCARD + Key **keys; + ++ if (!options.batch_mode) ++ ask_for_pin = 1; ++ + if (options.smartcard_device != NULL && + options.num_identity_files < SSH_MAX_IDENTITY_FILES && + (keys = sc_get_keys(options.smartcard_device, NULL)) != NULL ) { diff --git a/net-misc/openssh/files/openssh-4.7_p1-GSSAPI-dns.patch b/net-misc/openssh/files/openssh-4.7_p1-GSSAPI-dns.patch new file mode 100644 index 0000000..c81ae5c --- /dev/null +++ b/net-misc/openssh/files/openssh-4.7_p1-GSSAPI-dns.patch @@ -0,0 +1,127 @@ +http://bugs.gentoo.org/165444 +https://bugzilla.mindrot.org/show_bug.cgi?id=1008 + +Index: readconf.c +=================================================================== +RCS file: /cvs/openssh/readconf.c,v +retrieving revision 1.135 +diff -u -r1.135 readconf.c +--- readconf.c 5 Aug 2006 02:39:40 -0000 1.135 ++++ readconf.c 19 Aug 2006 11:59:52 -0000 +@@ -126,6 +126,7 @@ + oClearAllForwardings, oNoHostAuthenticationForLocalhost, + oEnableSSHKeysign, oRekeyLimit, oVerifyHostKeyDNS, oConnectTimeout, + oAddressFamily, oGssAuthentication, oGssDelegateCreds, ++ oGssTrustDns, + oServerAliveInterval, oServerAliveCountMax, oIdentitiesOnly, + oSendEnv, oControlPath, oControlMaster, oHashKnownHosts, + oTunnel, oTunnelDevice, oLocalCommand, oPermitLocalCommand, +@@ -163,9 +164,11 @@ + #if defined(GSSAPI) + { "gssapiauthentication", oGssAuthentication }, + { "gssapidelegatecredentials", oGssDelegateCreds }, ++ { "gssapitrustdns", oGssTrustDns }, + #else + { "gssapiauthentication", oUnsupported }, + { "gssapidelegatecredentials", oUnsupported }, ++ { "gssapitrustdns", oUnsupported }, + #endif + { "fallbacktorsh", oDeprecated }, + { "usersh", oDeprecated }, +@@ -444,6 +447,10 @@ + intptr = &options->gss_deleg_creds; + goto parse_flag; + ++ case oGssTrustDns: ++ intptr = &options->gss_trust_dns; ++ goto parse_flag; ++ + case oBatchMode: + intptr = &options->batch_mode; + goto parse_flag; +@@ -1010,6 +1017,7 @@ + options->challenge_response_authentication = -1; + options->gss_authentication = -1; + options->gss_deleg_creds = -1; ++ options->gss_trust_dns = -1; + options->password_authentication = -1; + options->kbd_interactive_authentication = -1; + options->kbd_interactive_devices = NULL; +@@ -1100,6 +1108,8 @@ + options->gss_authentication = 0; + if (options->gss_deleg_creds == -1) + options->gss_deleg_creds = 0; ++ if (options->gss_trust_dns == -1) ++ options->gss_trust_dns = 0; + if (options->password_authentication == -1) + options->password_authentication = 1; + if (options->kbd_interactive_authentication == -1) +Index: readconf.h +=================================================================== +RCS file: /cvs/openssh/readconf.h,v +retrieving revision 1.63 +diff -u -r1.63 readconf.h +--- readconf.h 5 Aug 2006 02:39:40 -0000 1.63 ++++ readconf.h 19 Aug 2006 11:59:52 -0000 +@@ -45,6 +45,7 @@ + /* Try S/Key or TIS, authentication. */ + int gss_authentication; /* Try GSS authentication */ + int gss_deleg_creds; /* Delegate GSS credentials */ ++ int gss_trust_dns; /* Trust DNS for GSS canonicalization */ + int password_authentication; /* Try password + * authentication. */ + int kbd_interactive_authentication; /* Try keyboard-interactive auth. */ +Index: ssh_config.5 +=================================================================== +RCS file: /cvs/openssh/ssh_config.5,v +retrieving revision 1.97 +diff -u -r1.97 ssh_config.5 +--- ssh_config.5 5 Aug 2006 01:34:51 -0000 1.97 ++++ ssh_config.5 19 Aug 2006 11:59:53 -0000 +@@ -483,7 +483,16 @@ + Forward (delegate) credentials to the server. + The default is + .Dq no . +-Note that this option applies to protocol version 2 only. ++Note that this option applies to protocol version 2 connections using GSSAPI. ++.It Cm GSSAPITrustDns ++Set to ++.Dq yes to indicate that the DNS is trusted to securely canonicalize ++the name of the host being connected to. If ++.Dq no, the hostname entered on the ++command line will be passed untouched to the GSSAPI library. ++The default is ++.Dq no . ++This option only applies to protocol version 2 connections using GSSAPI. + .It Cm HashKnownHosts + Indicates that + .Xr ssh 1 +Index: sshconnect2.c +=================================================================== +RCS file: /cvs/openssh/sshconnect2.c,v +retrieving revision 1.151 +diff -u -r1.151 sshconnect2.c +--- sshconnect2.c 18 Aug 2006 14:33:34 -0000 1.151 ++++ sshconnect2.c 19 Aug 2006 11:59:53 -0000 +@@ -499,6 +499,12 @@ + static u_int mech = 0; + OM_uint32 min; + int ok = 0; ++ const char *gss_host; ++ ++ if (options.gss_trust_dns) ++ gss_host = get_canonical_hostname(1); ++ else ++ gss_host = authctxt->host; + + /* Try one GSSAPI method at a time, rather than sending them all at + * once. */ +@@ -511,7 +517,7 @@ + /* My DER encoding requires length<128 */ + if (gss_supported->elements[mech].length < 128 && + ssh_gssapi_check_mechanism(&gssctxt, +- &gss_supported->elements[mech], authctxt->host)) { ++ &gss_supported->elements[mech], gss_host)) { + ok = 1; /* Mechanism works */ + } else { + mech++; diff --git a/net-misc/openssh/files/openssh-4.7p1-selinux.diff b/net-misc/openssh/files/openssh-4.7p1-selinux.diff new file mode 100644 index 0000000..f1c5c87 --- /dev/null +++ b/net-misc/openssh/files/openssh-4.7p1-selinux.diff @@ -0,0 +1,11 @@ +diff -purN openssh-4.7p1.orig/configure.ac openssh-4.7p1/configure.ac +--- openssh-4.7p1.orig/configure.ac 2007-08-10 00:36:12.000000000 -0400 ++++ openssh-4.7p1/configure.ac 2008-03-31 19:38:54.548935620 -0400 +@@ -3211,6 +3211,7 @@ AC_ARG_WITH(selinux, + AC_CHECK_LIB(selinux, setexeccon, [ LIBSELINUX="-lselinux" ], + AC_MSG_ERROR(SELinux support requires libselinux library)) + SSHDLIBS="$SSHDLIBS $LIBSELINUX" ++ LIBS="$LIBS $LIBSELINUX" + AC_CHECK_FUNCS(getseuserbyname get_default_context_with_level) + LIBS="$save_LIBS" + fi ] diff --git a/net-misc/openssh/files/openssh-5.2_p1-autoconf.patch b/net-misc/openssh/files/openssh-5.2_p1-autoconf.patch new file mode 100644 index 0000000..24ad7a9 --- /dev/null +++ b/net-misc/openssh/files/openssh-5.2_p1-autoconf.patch @@ -0,0 +1,15 @@ +workaround problems with autoconf-2.63 + +http://lists.gnu.org/archive/html/autoconf/2009-04/msg00007.html + +--- a/configure.ac ++++ b/configure.ac +@@ -3603,7 +3603,7 @@ + #include <shadow.h> + struct spwd sp; + ],[ sp.sp_expire = sp.sp_lstchg = sp.sp_inact = 0; ], +- [ sp_expire_available=yes ], [] ++ [ sp_expire_available=yes ], [:] + ) + + if test "x$sp_expire_available" = "xyes" ; then diff --git a/net-misc/openssh/files/openssh-5.2_p1-gsskex-fix.patch b/net-misc/openssh/files/openssh-5.2_p1-gsskex-fix.patch new file mode 100644 index 0000000..8112d62 --- /dev/null +++ b/net-misc/openssh/files/openssh-5.2_p1-gsskex-fix.patch @@ -0,0 +1,16 @@ +--- clientloop.c ++++ clientloop.c +@@ -1434,11 +1434,13 @@ + if (!rekeying) { + channel_after_select(readset, writeset); + ++#ifdef GSSAPI + if (options.gss_renewal_rekey && + ssh_gssapi_credentials_updated(GSS_C_NO_CONTEXT)) { + debug("credentials updated - forcing rekey"); + need_rekeying = 1; + } ++#endif + + if (need_rekeying || packet_need_rekeying()) { + debug("need rekeying"); diff --git a/net-misc/openssh/files/openssh-5.2_p1-x509-hpn-glue.patch b/net-misc/openssh/files/openssh-5.2_p1-x509-hpn-glue.patch new file mode 100644 index 0000000..9428b74 --- /dev/null +++ b/net-misc/openssh/files/openssh-5.2_p1-x509-hpn-glue.patch @@ -0,0 +1,91 @@ +Move things around so hpn applies cleanly when using X509. + +--- openssh-5.2p1+x509/Makefile.in ++++ openssh-5.2p1+x509/Makefile.in +@@ -44,11 +44,12 @@ + CC=@CC@ + LD=@LD@ + CFLAGS=@CFLAGS@ +-CPPFLAGS=-I. -I$(srcdir) @CPPFLAGS@ @LDAP_CPPFLAGS@ $(PATHS) @DEFS@ ++CPPFLAGS=-I. -I$(srcdir) @CPPFLAGS@ $(PATHS) @DEFS@ + LIBS=@LIBS@ + SSHDLIBS=@SSHDLIBS@ + LIBEDIT=@LIBEDIT@ + LIBLDAP=@LDAP_LDFLAGS@ @LDAP_LIBS@ ++CPPFLAGS += @LDAP_CPPFLAGS@ + AR=@AR@ + AWK=@AWK@ + RANLIB=@RANLIB@ +--- openssh-5.2p1+x509/servconf.c ++++ openssh-5.2p1+x509/servconf.c +@@ -108,6 +108,17 @@ + options->log_level = SYSLOG_LEVEL_NOT_SET; + options->rhosts_rsa_authentication = -1; + options->hostbased_authentication = -1; ++ options->hostbased_algorithms = NULL; ++ options->pubkey_algorithms = NULL; ++ ssh_x509flags_initialize(&options->x509flags, 1); ++#ifndef SSH_X509STORE_DISABLED ++ ssh_x509store_initialize(&options->ca); ++#endif /*ndef SSH_X509STORE_DISABLED*/ ++#ifdef SSH_OCSP_ENABLED ++ options->va.type = -1; ++ options->va.certificate_file = NULL; ++ options->va.responder_url = NULL; ++#endif /*def SSH_OCSP_ENABLED*/ + options->hostbased_uses_name_from_packet_only = -1; + options->rsa_authentication = -1; + options->pubkey_authentication = -1; +@@ -152,18 +163,6 @@ + options->adm_forced_command = NULL; + options->chroot_directory = NULL; + options->zero_knowledge_password_authentication = -1; +- +- options->hostbased_algorithms = NULL; +- options->pubkey_algorithms = NULL; +- ssh_x509flags_initialize(&options->x509flags, 1); +-#ifndef SSH_X509STORE_DISABLED +- ssh_x509store_initialize(&options->ca); +-#endif /*ndef SSH_X509STORE_DISABLED*/ +-#ifdef SSH_OCSP_ENABLED +- options->va.type = -1; +- options->va.certificate_file = NULL; +- options->va.responder_url = NULL; +-#endif /*def SSH_OCSP_ENABLED*/ + } + + void +@@ -341,6 +340,16 @@ + /* Portable-specific options */ + sUsePAM, + /* Standard Options */ ++ sHostbasedAlgorithms, ++ sPubkeyAlgorithms, ++ sX509KeyAlgorithm, ++ sAllowedClientCertPurpose, ++ sKeyAllowSelfIssued, sMandatoryCRL, ++ sCACertificateFile, sCACertificatePath, ++ sCARevocationFile, sCARevocationPath, ++ sCAldapVersion, sCAldapURL, ++ sVAType, sVACertificateFile, ++ sVAOCSPResponderURL, + sPort, sHostKeyFile, sServerKeyBits, sLoginGraceTime, sKeyRegenerationTime, + sPermitRootLogin, sLogFacility, sLogLevel, + sRhostsRSAAuthentication, sRSAAuthentication, +@@ -364,16 +373,6 @@ + sMatch, sPermitOpen, sForceCommand, sChrootDirectory, + sUsePrivilegeSeparation, sAllowAgentForwarding, + sZeroKnowledgePasswordAuthentication, +- sHostbasedAlgorithms, +- sPubkeyAlgorithms, +- sX509KeyAlgorithm, +- sAllowedClientCertPurpose, +- sKeyAllowSelfIssued, sMandatoryCRL, +- sCACertificateFile, sCACertificatePath, +- sCARevocationFile, sCARevocationPath, +- sCAldapVersion, sCAldapURL, +- sVAType, sVACertificateFile, +- sVAOCSPResponderURL, + sDeprecated, sUnsupported + } ServerOpCodes; + diff --git a/net-misc/openssh/files/openssh-5.2p1-ldap-stdargs.diff b/net-misc/openssh/files/openssh-5.2p1-ldap-stdargs.diff new file mode 100644 index 0000000..346d527 --- /dev/null +++ b/net-misc/openssh/files/openssh-5.2p1-ldap-stdargs.diff @@ -0,0 +1,10 @@ +--- ldapauth.c.orig 2009-04-18 18:06:38.000000000 +0200 ++++ ldapauth.c 2009-04-18 18:06:11.000000000 +0200 +@@ -31,6 +31,7 @@ + #include <stdlib.h> + #include <unistd.h> + #include <string.h> ++#include <stdarg.h> + + #include "ldapauth.h" + #include "log.h" diff --git a/net-misc/openssh/files/openssh-5.3_p1-pkcs11-hpn-glue.patch b/net-misc/openssh/files/openssh-5.3_p1-pkcs11-hpn-glue.patch new file mode 100644 index 0000000..0aee2e8 --- /dev/null +++ b/net-misc/openssh/files/openssh-5.3_p1-pkcs11-hpn-glue.patch @@ -0,0 +1,15 @@ +diff -Nuar openssh-5.3p1/Makefile.in openssh-5.3p1.pkcs-hpn-glue/Makefile.in +--- openssh-5.3p1/Makefile.in 2009-10-10 22:52:10.081356354 -0700 ++++ openssh-5.3p1.pkcs-hpn-glue/Makefile.in 2009-10-10 22:55:47.158418049 -0700 +@@ -64,10 +64,10 @@ + + LIBSSH_OBJS=acss.o authfd.o authfile.o bufaux.o bufbn.o buffer.o \ + canohost.o channels.o cipher.o cipher-acss.o cipher-aes.o \ +- pkcs11.o \ + cipher-bf1.o cipher-ctr.o cipher-3des1.o cleanup.o \ + compat.o compress.o crc32.o deattack.o fatal.o hostfile.o \ + log.o match.o md-sha256.o moduli.o nchan.o packet.o \ ++ pkcs11.o \ + readpass.o rsa.o ttymodes.o xmalloc.o addrmatch.o \ + atomicio.o key.o dispatch.o kex.o mac.o uidswap.o uuencode.o misc.o \ + monitor_fdpass.o rijndael.o ssh-dss.o ssh-rsa.o dh.o kexdh.o \ diff --git a/net-misc/openssh/files/openssh-5.4_p1-openssl.patch b/net-misc/openssh/files/openssh-5.4_p1-openssl.patch new file mode 100644 index 0000000..e4cdb63 --- /dev/null +++ b/net-misc/openssh/files/openssh-5.4_p1-openssl.patch @@ -0,0 +1,12 @@ +pull in openssl/conf.h for OPENSSL_config() prototype + +--- openbsd-compat/openssl-compat.c ++++ openbsd-compat/openssl-compat.c +@@ -59,6 +59,7 @@ + #endif + + #ifdef USE_OPENSSL_ENGINE ++#include <openssl/conf.h> + void + ssh_SSLeay_add_all_algorithms(void) + { diff --git a/net-misc/openssh/files/openssh-5.4_p1-pkcs11.patch b/net-misc/openssh/files/openssh-5.4_p1-pkcs11.patch new file mode 100644 index 0000000..08fad07 --- /dev/null +++ b/net-misc/openssh/files/openssh-5.4_p1-pkcs11.patch @@ -0,0 +1,39 @@ +fixes from upstream + +https://bugzilla.mindrot.org/show_bug.cgi?id=1737 +https://bugzilla.mindrot.org/show_bug.cgi?id=1738 + +http://bugs.gentoo.org/310929 + +--- ssh-pkcs11-helper.c ++++ ssh-pkcs11-helper.c +@@ -17,8 +17,6 @@ + + #include "includes.h" + +-#ifdef ENABLE_PKCS11 +- + #include <sys/types.h> + #ifdef HAVE_SYS_TIME_H + # include <sys/time.h> +@@ -39,6 +37,8 @@ + #include "authfd.h" + #include "ssh-pkcs11.h" + ++#ifdef ENABLE_PKCS11 ++ + /* borrows code from sftp-server and ssh-agent */ + + struct pkcs11_keyinfo { +--- Makefile.in ++++ Makefile.in +@@ -160,7 +160,7 @@ + $(LD) -o $@ ssh-keysign.o readconf.o roaming_dummy.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS) + + ssh-pkcs11-helper$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-pkcs11-helper.o ssh-pkcs11.o +- $(LD) -o $@ ssh-pkcs11-helper.o ssh-pkcs11.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS) ++ $(LD) -o $@ ssh-pkcs11-helper.o ssh-pkcs11.o $(LDFLAGS) -lssh -lopenbsd-compat -lssh $(LIBS) + + ssh-keyscan$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-keyscan.o roaming_dummy.o + $(LD) -o $@ ssh-keyscan.o roaming_dummy.o $(LDFLAGS) -lssh -lopenbsd-compat -lssh $(LIBS) + diff --git a/net-misc/openssh/files/openssh-5.4_p1-relative-AuthorizedKeysFile.patch b/net-misc/openssh/files/openssh-5.4_p1-relative-AuthorizedKeysFile.patch new file mode 100644 index 0000000..cc992ab --- /dev/null +++ b/net-misc/openssh/files/openssh-5.4_p1-relative-AuthorizedKeysFile.patch @@ -0,0 +1,47 @@ +grab fixes from upstream for relative AuthorizedKeysFile handling + +https://bugs.gentoo.org/308939 + +Author: djm <djm> +Date: Sun Mar 21 18:53:04 2010 +0000 + + - markus@cvs.openbsd.org 2010/03/12 11:37:40 + [servconf.c] + do not prepend AuthorizedKeysFile with getcwd(), unbreaks relative paths + +Author: djm <djm> +Date: Sun Mar 21 18:52:26 2010 +0000 + + - djm@cvs.openbsd.org 2010/03/12 01:06:25 + [servconf.c] + unbreak AuthorizedKeys option with a $HOME-relative path; reported by + vinschen AT redhat.com, ok dtucker@ + + +Index: servconf.c +=================================================================== +RCS file: /cvs/src/usr.bin/ssh/servconf.c,v +retrieving revision 1.204 +retrieving revision 1.206 +diff -N -u -p -r1.204 -r1.206 +--- servconf.c 4 Mar 2010 10:36:03 -0000 1.204 ++++ servconf.c 12 Mar 2010 11:37:40 -0000 1.206 +@@ -1180,7 +1180,17 @@ process_server_config_line(ServerOptions *options, cha + charptr = (opcode == sAuthorizedKeysFile) ? + &options->authorized_keys_file : + &options->authorized_keys_file2; +- goto parse_filename; ++ arg = strdelim(&cp); ++ if (!arg || *arg == '\0') ++ fatal("%s line %d: missing file name.", ++ filename, linenum); ++ if (*activep && *charptr == NULL) { ++ *charptr = tilde_expand_filename(arg, getuid()); ++ /* increase optional counter */ ++ if (intptr != NULL) ++ *intptr = *intptr + 1; ++ } ++ break; + + case sClientAliveInterval: + intptr = &options->client_alive_interval; diff --git a/net-misc/openssh/files/openssh-5.6_p1-hpn-progressmeter.patch b/net-misc/openssh/files/openssh-5.6_p1-hpn-progressmeter.patch new file mode 100644 index 0000000..5fe18df --- /dev/null +++ b/net-misc/openssh/files/openssh-5.6_p1-hpn-progressmeter.patch @@ -0,0 +1,15 @@ +don't go reading random stack values + +already e-mailed to upstream hpn devs + +--- progressmeter.c ++++ progressmeter.c +@@ -183,7 +183,7 @@ + else + percent = 100; + +- snprintf(buf + strlen(buf), win_size - strlen(buf-8), ++ snprintf(buf + strlen(buf), win_size - strlen(buf) - 8, + " %3d%% ", percent); + + /* amount transferred */ diff --git a/net-misc/openssh/files/openssh-5.6_p1-x509-hpn-glue.patch b/net-misc/openssh/files/openssh-5.6_p1-x509-hpn-glue.patch new file mode 100644 index 0000000..e793311 --- /dev/null +++ b/net-misc/openssh/files/openssh-5.6_p1-x509-hpn-glue.patch @@ -0,0 +1,60 @@ +Move things around so hpn applies cleanly when using X509. + +--- a/Makefile.in ++++ b/Makefile.in +@@ -46,11 +46,12 @@ + CC=@CC@ + LD=@LD@ + CFLAGS=@CFLAGS@ +-CPPFLAGS=-I. -I$(srcdir) @CPPFLAGS@ @LDAP_CPPFLAGS@ $(PATHS) @DEFS@ ++CPPFLAGS=-I. -I$(srcdir) @CPPFLAGS@ $(PATHS) @DEFS@ + LIBS=@LIBS@ + SSHDLIBS=@SSHDLIBS@ + LIBEDIT=@LIBEDIT@ + LIBLDAP=@LDAP_LDFLAGS@ @LDAP_LIBS@ ++CPPFLAGS+=@LDAP_CPPFLAGS@ + AR=@AR@ + AWK=@AWK@ + RANLIB=@RANLIB@ +--- a/servconf.c ++++ b/servconf.c +@@ -153,9 +153,6 @@ initialize_server_options(ServerOptions *options) + options->adm_forced_command = NULL; + options->chroot_directory = NULL; + options->zero_knowledge_password_authentication = -1; +- options->revoked_keys_file = NULL; +- options->trusted_user_ca_keys = NULL; +- options->authorized_principals_file = NULL; + + options->hostbased_algorithms = NULL; + options->pubkey_algorithms = NULL; +@@ -168,6 +165,9 @@ initialize_server_options(ServerOptions *options) + options->va.certificate_file = NULL; + options->va.responder_url = NULL; + #endif /*def SSH_OCSP_ENABLED*/ ++ options->revoked_keys_file = NULL; ++ options->trusted_user_ca_keys = NULL; ++ options->authorized_principals_file = NULL; + } + + void +@@ -367,9 +367,6 @@ typedef enum { + sClientAliveCountMax, sAuthorizedKeysFile, sAuthorizedKeysFile2, + sGssAuthentication, sGssCleanupCreds, sAcceptEnv, sPermitTunnel, + sMatch, sPermitOpen, sForceCommand, sChrootDirectory, +- sUsePrivilegeSeparation, sAllowAgentForwarding, +- sZeroKnowledgePasswordAuthentication, sHostCertificate, +- sRevokedKeys, sTrustedUserCAKeys, sAuthorizedPrincipalsFile, + sHostbasedAlgorithms, + sPubkeyAlgorithms, + sX509KeyAlgorithm, +@@ -380,6 +377,9 @@ typedef enum { + sCAldapVersion, sCAldapURL, + sVAType, sVACertificateFile, + sVAOCSPResponderURL, ++ sUsePrivilegeSeparation, sAllowAgentForwarding, ++ sZeroKnowledgePasswordAuthentication, sHostCertificate, ++ sRevokedKeys, sTrustedUserCAKeys, sAuthorizedPrincipalsFile, + sDeprecated, sUnsupported + } ServerOpCodes; + diff --git a/net-misc/openssh/files/sshd.confd b/net-misc/openssh/files/sshd.confd new file mode 100644 index 0000000..28952b4 --- /dev/null +++ b/net-misc/openssh/files/sshd.confd @@ -0,0 +1,21 @@ +# /etc/conf.d/sshd: config file for /etc/init.d/sshd + +# Where is your sshd_config file stored? + +SSHD_CONFDIR="/etc/ssh" + + +# Any random options you want to pass to sshd. +# See the sshd(8) manpage for more info. + +SSHD_OPTS="" + + +# Pid file to use (needs to be absolute path). + +#SSHD_PIDFILE="/var/run/sshd.pid" + + +# Path to the sshd binary (needs to be absolute path). + +#SSHD_BINARY="/usr/sbin/sshd" diff --git a/net-misc/openssh/files/sshd.pam b/net-misc/openssh/files/sshd.pam new file mode 100644 index 0000000..5114940 --- /dev/null +++ b/net-misc/openssh/files/sshd.pam @@ -0,0 +1,9 @@ +#%PAM-1.0 + +auth required pam_stack.so service=system-auth +auth required pam_shells.so +auth required pam_nologin.so +account required pam_stack.so service=system-auth +password required pam_stack.so service=system-auth +session required pam_stack.so service=system-auth + diff --git a/net-misc/openssh/files/sshd.pam_include.2 b/net-misc/openssh/files/sshd.pam_include.2 new file mode 100644 index 0000000..b801aaa --- /dev/null +++ b/net-misc/openssh/files/sshd.pam_include.2 @@ -0,0 +1,4 @@ +auth include system-remote-login +account include system-remote-login +password include system-remote-login +session include system-remote-login diff --git a/net-misc/openssh/files/sshd.rc6 b/net-misc/openssh/files/sshd.rc6 new file mode 100644 index 0000000..2e0b442 --- /dev/null +++ b/net-misc/openssh/files/sshd.rc6 @@ -0,0 +1,81 @@ +#!/sbin/runscript +# Copyright 1999-2006 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/net-misc/openssh/files/sshd.rc6,v 1.27 2009/08/12 08:09:52 idl0r Exp $ + +opts="${opts} reload checkconfig gen_keys" + +depend() { + use logger dns + need net +} + +SSHD_CONFDIR=${SSHD_CONFDIR:-/etc/ssh} +SSHD_PIDFILE=${SSHD_PIDFILE:-/var/run/${SVCNAME}.pid} +SSHD_BINARY=${SSHD_BINARY:-/usr/sbin/sshd} + +checkconfig() { + if [ ! -d /var/empty ] ; then + mkdir -p /var/empty || return 1 + fi + + if [ ! -e "${SSHD_CONFDIR}"/sshd_config ] ; then + eerror "You need an ${SSHD_CONFDIR}/sshd_config file to run sshd" + eerror "There is a sample file in /usr/share/doc/openssh" + return 1 + fi + + gen_keys || return 1 + + "${SSHD_BINARY}" -t ${myopts} || return 1 +} + +gen_keys() { + if [ ! -e "${SSHD_CONFDIR}"/ssh_host_key ] ; then + einfo "Generating Hostkey..." + /usr/bin/ssh-keygen -t rsa1 -f "${SSHD_CONFDIR}"/ssh_host_key -N '' || return 1 + fi + if [ ! -e "${SSHD_CONFDIR}"/ssh_host_dsa_key ] ; then + einfo "Generating DSA-Hostkey..." + /usr/bin/ssh-keygen -d -f "${SSHD_CONFDIR}"/ssh_host_dsa_key -N '' || return 1 + fi + if [ ! -e "${SSHD_CONFDIR}"/ssh_host_rsa_key ] ; then + einfo "Generating RSA-Hostkey..." + /usr/bin/ssh-keygen -t rsa -f "${SSHD_CONFDIR}"/ssh_host_rsa_key -N '' || return 1 + fi + return 0 +} + +start() { + local myopts="" + [ "${SSHD_PIDFILE}" != "/var/run/sshd.pid" ] \ + && myopts="${myopts} -o PidFile=${SSHD_PIDFILE}" + [ "${SSHD_CONFDIR}" != "/etc/ssh" ] \ + && myopts="${myopts} -f ${SSHD_CONFDIR}/sshd_config" + + checkconfig || return 1 + ebegin "Starting ${SVCNAME}" + start-stop-daemon --start --exec "${SSHD_BINARY}" \ + --pidfile "${SSHD_PIDFILE}" \ + -- ${myopts} ${SSHD_OPTS} + eend $? +} + +stop() { + if [ "${RC_CMD}" = "restart" ] ; then + checkconfig || return 1 + fi + + ebegin "Stopping ${SVCNAME}" + start-stop-daemon --stop --exec "${SSHD_BINARY}" \ + --pidfile "${SSHD_PIDFILE}" --quiet + eend $? +} + +reload() { + checkconfig || return 1 + ebegin "Reloading ${SVCNAME}" + start-stop-daemon --stop --signal HUP --oknodo \ + --exec "${SSHD_BINARY}" --pidfile "${SSHD_PIDFILE}" + eend $? +} diff --git a/net-misc/openssh/files/sshd.rc6.1 b/net-misc/openssh/files/sshd.rc6.1 new file mode 100644 index 0000000..0afb948 --- /dev/null +++ b/net-misc/openssh/files/sshd.rc6.1 @@ -0,0 +1,82 @@ +#!/sbin/runscript +# Copyright 1999-2010 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/net-misc/openssh/files/sshd.rc6.1,v 1.1 2010/10/11 22:50:07 flameeyes Exp $ + +opts="${opts} reload checkconfig gen_keys" + +depend() { + use logger dns + need net +} + +SSHD_CONFDIR=${SSHD_CONFDIR:-/etc/ssh} +SSHD_PIDFILE=${SSHD_PIDFILE:-/var/run/${SVCNAME}.pid} +SSHD_BINARY=${SSHD_BINARY:-/usr/sbin/sshd} + +checkconfig() { + if [ ! -d /var/empty ] ; then + mkdir -p /var/empty || return 1 + fi + + if [ ! -e "${SSHD_CONFDIR}"/sshd_config ] ; then + eerror "You need an ${SSHD_CONFDIR}/sshd_config file to run sshd" + eerror "There is a sample file in /usr/share/doc/openssh" + return 1 + fi + + gen_keys || return 1 + + "${SSHD_BINARY}" -t ${myopts} || return 1 +} + +gen_keys() { + if [ ! -e "${SSHD_CONFDIR}"/ssh_host_key ] && \ + egrep -q '^[ \t]*Protocol[ \t]+.*1' "${SSHD_CONFDIR}"/sshd_config ; then + einfo "Generating RSA1-Hostkey..." + /usr/bin/ssh-keygen -t rsa1 -f "${SSHD_CONFDIR}"/ssh_host_key -N '' || return 1 + fi + if [ ! -e "${SSHD_CONFDIR}"/ssh_host_dsa_key ] ; then + einfo "Generating DSA-Hostkey..." + /usr/bin/ssh-keygen -d -f "${SSHD_CONFDIR}"/ssh_host_dsa_key -N '' || return 1 + fi + if [ ! -e "${SSHD_CONFDIR}"/ssh_host_rsa_key ] ; then + einfo "Generating RSA-Hostkey..." + /usr/bin/ssh-keygen -t rsa -f "${SSHD_CONFDIR}"/ssh_host_rsa_key -N '' || return 1 + fi + return 0 +} + +start() { + local myopts="" + [ "${SSHD_PIDFILE}" != "/var/run/sshd.pid" ] \ + && myopts="${myopts} -o PidFile=${SSHD_PIDFILE}" + [ "${SSHD_CONFDIR}" != "/etc/ssh" ] \ + && myopts="${myopts} -f ${SSHD_CONFDIR}/sshd_config" + + checkconfig || return 1 + ebegin "Starting ${SVCNAME}" + start-stop-daemon --start --exec "${SSHD_BINARY}" \ + --pidfile "${SSHD_PIDFILE}" \ + -- ${myopts} ${SSHD_OPTS} + eend $? +} + +stop() { + if [ "${RC_CMD}" = "restart" ] ; then + checkconfig || return 1 + fi + + ebegin "Stopping ${SVCNAME}" + start-stop-daemon --stop --exec "${SSHD_BINARY}" \ + --pidfile "${SSHD_PIDFILE}" --quiet + eend $? +} + +reload() { + checkconfig || return 1 + ebegin "Reloading ${SVCNAME}" + start-stop-daemon --stop --signal HUP --oknodo \ + --exec "${SSHD_BINARY}" --pidfile "${SSHD_PIDFILE}" + eend $? +} diff --git a/net-misc/openssh/metadata.xml b/net-misc/openssh/metadata.xml new file mode 100644 index 0000000..6bf483a --- /dev/null +++ b/net-misc/openssh/metadata.xml @@ -0,0 +1,29 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd"> +<pkgmetadata> + <herd>base-system</herd> + <maintainer restrict="LPK"> + <email>robbat2@gentoo.org</email> + <description>LPK issues. Only assign if it's a direct LPK issue. Do not directly assign for anything else.</description> + </maintainer> + <longdescription> +OpenSSH is a FREE version of the SSH protocol suite of network connectivity tools that +increasing numbers of people on the Internet are coming to rely on. Many users of telnet, +rlogin, ftp, and other such programs might not realize that their password is transmitted +across the Internet unencrypted, but it is. OpenSSH encrypts all traffic (including passwords) +to effectively eliminate eavesdropping, connection hijacking, and other network-level attacks. +Additionally, OpenSSH provides a myriad of secure tunneling capabilities, as well as a variety +of authentication methods. + +The OpenSSH suite includes the ssh program which replaces rlogin and telnet, scp which +replaces rcp, and sftp which replaces ftp. Also included is sshd which is the server side of +the package, and the other basic utilities like ssh-add, ssh-agent, ssh-keysign, ssh-keyscan, +ssh-keygen and sftp-server. OpenSSH supports SSH protocol versions 1.3, 1.5, and 2.0. +</longdescription> + <use> + <flag name="hpn">Enable high performance ssh</flag> + <flag name="ldap">Add support for storing SSH public keys in LDAP</flag> + <flag name="pkcs11">Enable PKCS#11 smartcard support</flag> + <flag name="X509">Adds support for X.509 certificate authentication</flag> + </use> +</pkgmetadata> diff --git a/net-misc/openssh/openssh-5.2_p1-r3.ebuild b/net-misc/openssh/openssh-5.2_p1-r3.ebuild new file mode 100644 index 0000000..5503580 --- /dev/null +++ b/net-misc/openssh/openssh-5.2_p1-r3.ebuild @@ -0,0 +1,255 @@ +# Copyright 1999-2009 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/net-misc/openssh/openssh-5.2_p1-r3.ebuild,v 1.8 2009/10/27 18:31:50 armin76 Exp $ + +inherit eutils flag-o-matic multilib autotools pam + +# Make it more portable between straight releases +# and _p? releases. +PARCH=${P/_/} + +HPN_PATCH="${PARCH}-hpn13v6.diff.gz" +LDAP_PATCH="${PARCH/openssh/openssh-lpk}-0.3.11.patch.gz" +PKCS11_PATCH="${PARCH/p1}pkcs11-0.26.tar.bz2" +X509_VER="6.2.1" X509_PATCH="${PARCH}+x509-${X509_VER}.diff.gz" + +DESCRIPTION="Port of OpenBSD's free SSH release" +HOMEPAGE="http://www.openssh.org/" +# HPN appears twice as sometimes Gentoo has a custom version of it. +SRC_URI="mirror://openbsd/OpenSSH/portable/${PARCH}.tar.gz + http://www.sxw.org.uk/computing/patches/openssh-5.2p1-gsskex-all-20090726.patch + ${HPN_PATCH:+hpn? ( http://www.psc.edu/networking/projects/hpn-ssh/${HPN_PATCH} )} + ${LDAP_PATCH:+ldap? ( mirror://gentoo/${LDAP_PATCH} )} + ${PKCS11_PATCH:+pkcs11? ( http://alon.barlev.googlepages.com/${PKCS11_PATCH} )} + ${X509_PATCH:+X509? ( http://roumenpetrov.info/openssh/x509-${X509_VER}/${X509_PATCH} )}" + +LICENSE="as-is" +SLOT="0" +KEYWORDS="alpha amd64 arm hppa ia64 m68k ~mips ppc ppc64 s390 sh sparc x86 ~sparc-fbsd ~x86-fbsd" +IUSE="hpn kerberos ldap libedit pam pkcs11 selinux skey smartcard static tcpd X X509" + +RDEPEND="pam? ( virtual/pam ) + kerberos? ( virtual/krb5 ) + selinux? ( >=sys-libs/libselinux-1.28 ) + skey? ( >=sys-auth/skey-1.1.5-r1 ) + ldap? ( net-nds/openldap ) + libedit? ( dev-libs/libedit ) + >=dev-libs/openssl-0.9.6d + >=sys-libs/zlib-1.2.3 + smartcard? ( dev-libs/opensc ) + pkcs11? ( dev-libs/pkcs11-helper ) + tcpd? ( >=sys-apps/tcp-wrappers-7.6 ) + X? ( x11-apps/xauth ) + userland_GNU? ( sys-apps/shadow )" +DEPEND="${RDEPEND} + dev-util/pkgconfig + virtual/os-headers + sys-devel/autoconf" +RDEPEND="${RDEPEND} + pam? ( >=sys-auth/pambase-20081028 )" +PROVIDE="virtual/ssh" + +S=${WORKDIR}/${PARCH} + +pkg_setup() { + # this sucks, but i'd rather have people unable to `emerge -u openssh` + # than not be able to log in to their server any more + maybe_fail() { [[ -z ${!2} ]] && use ${1} && echo ${1} ; } + local fail=" + $(maybe_fail ldap LDAP_PATCH) + $(maybe_fail pkcs11 PKCS11_PATCH) + $(maybe_fail X509 X509_PATCH) + " + fail=$(echo ${fail}) + if [[ -n ${fail} ]] ; then + eerror "Sorry, but this version does not yet support features" + eerror "that you requested: ${fail}" + eerror "Please mask ${PF} for now and check back later:" + eerror " # echo '=${CATEGORY}/${PF}' >> /etc/portage/package.mask" + die "booooo" + fi +} + +src_unpack() { + unpack ${PARCH}.tar.gz + cd "${S}" + + sed -i \ + -e '/_PATH_XAUTH/s:/usr/X11R6/bin/xauth:/usr/bin/xauth:' \ + pathnames.h || die + + if use pkcs11 ; then + cd "${WORKDIR}" + unpack "${PKCS11_PATCH}" + cd "${S}" + EPATCH_OPTS="-p1" epatch "${WORKDIR}"/*pkcs11*/{1,2,4}* + use X509 && EPATCH_OPTS="-R" epatch "${WORKDIR}"/*pkcs11*/1000_all_log.patch + fi + use X509 && epatch "${DISTDIR}"/${X509_PATCH} "${FILESDIR}"/${P}-x509-hpn-glue.patch + use smartcard && epatch "${FILESDIR}"/openssh-3.9_p1-opensc.patch + if ! use X509 ; then + if [[ -n ${LDAP_PATCH} ]] && use ldap ; then + # The patch for bug 210110 64-bit stuff is now included. + epatch "${DISTDIR}"/${LDAP_PATCH} + epatch "${FILESDIR}"/${PN}-5.2p1-ldap-stdargs.diff #266654 + fi + epatch "${DISTDIR}"/openssh-5.2p1-gsskex-all-20090726.patch #115553 #216932 #279488 + epatch "${FILESDIR}"/${P}-gsskex-fix.patch + else + use ldap && ewarn "Sorry, X509 and ldap don't get along, disabling ldap" + fi + #epatch "${FILESDIR}"/${PN}-4.7_p1-GSSAPI-dns.patch #165444 integrated into gsskex + [[ -n ${HPN_PATCH} ]] && use hpn && epatch "${DISTDIR}"/${HPN_PATCH} + epatch "${FILESDIR}"/${PN}-4.7p1-selinux.diff #191665 + epatch "${FILESDIR}"/${P}-autoconf.patch + + # in 5.2p1, the AES-CTR multithreaded variant is temporarily broken, and + # causes random hangs when combined with the -f switch of ssh. + # To avoid this, we change the internal table to use the non-multithread + # version for the meantime. + sed -i \ + -e '/aes...-ctr.*SSH_CIPHER_SSH2/s,evp_aes_ctr_mt,evp_aes_128_ctr,' \ + cipher.c || die + + sed -i "s:-lcrypto:$(pkg-config --libs openssl):" configure{,.ac} || die + + # Disable PATH reset, trust what portage gives us. bug 254615 + sed -i -e 's:^PATH=/:#PATH=/:' configure || die + + eautoreconf +} + +static_use_with() { + local flag=$1 + if use static && use ${flag} ; then + ewarn "Disabling '${flag}' support because of USE='static'" + # rebuild args so that we invert the first one (USE flag) + # but otherwise leave everything else working so we can + # just leverage use_with + shift + [[ -z $1 ]] && flag="${flag} ${flag}" + set -- !${flag} "$@" + fi + use_with "$@" +} + +src_compile() { + addwrite /dev/ptmx + addpredict /etc/skey/skeykeys #skey configure code triggers this + + local myconf="" + use static && append-ldflags -static + + econf \ + --with-ldflags="${LDFLAGS}" \ + --disable-strip \ + --sysconfdir=/etc/ssh \ + --libexecdir=/usr/$(get_libdir)/misc \ + --datadir=/usr/share/openssh \ + --with-privsep-path=/var/empty \ + --with-privsep-user=sshd \ + --with-md5-passwords \ + --with-ssl-engine \ + $(static_use_with pam) \ + $(static_use_with kerberos kerberos5 /usr) \ + ${LDAP_PATCH:+$(use ldap && use_with ldap)} \ + $(use_with libedit) \ + ${PKCS11_PATCH:+$(use pkcs11 && static_use_with pkcs11)} \ + $(use_with selinux) \ + $(use_with skey) \ + $(use_with smartcard opensc) \ + $(use_with tcpd tcp-wrappers) \ + ${myconf} \ + || die "bad configure" + emake || die "compile problem" +} + +src_install() { + emake install-nokeys DESTDIR="${D}" || die + fperms 600 /etc/ssh/sshd_config + dobin contrib/ssh-copy-id + newinitd "${FILESDIR}"/sshd.rc6 sshd + newconfd "${FILESDIR}"/sshd.confd sshd + keepdir /var/empty + + newpamd "${FILESDIR}"/sshd.pam_include.2 sshd + if use pam ; then + sed -i \ + -e "/^#UsePAM /s:.*:UsePAM yes:" \ + -e "/^#PasswordAuthentication /s:.*:PasswordAuthentication no:" \ + -e "/^#PrintMotd /s:.*:PrintMotd no:" \ + -e "/^#PrintLastLog /s:.*:PrintLastLog no:" \ + "${D}"/etc/ssh/sshd_config || die "sed of configuration file failed" + fi + + # This instruction is from the HPN webpage, + # Used for the server logging functionality + if [[ -n ${HPN_PATCH} ]] && use hpn; then + keepdir /var/empty/dev + fi + + doman contrib/ssh-copy-id.1 + dodoc ChangeLog CREDITS OVERVIEW README* TODO sshd_config + + diropts -m 0700 + dodir /etc/skel/.ssh +} + +src_test() { + local t tests skipped failed passed shell + tests="interop-tests compat-tests" + skipped="" + shell=$(getent passwd ${UID} | cut -d: -f7) + if [[ ${shell} == */nologin ]] || [[ ${shell} == */false ]] ; then + elog "Running the full OpenSSH testsuite" + elog "requires a usable shell for the 'portage'" + elog "user, so we will run a subset only." + skipped="${skipped} tests" + else + tests="${tests} tests" + fi + for t in ${tests} ; do + # Some tests read from stdin ... + emake -k -j1 ${t} </dev/null \ + && passed="${passed}${t} " \ + || failed="${failed}${t} " + done + einfo "Passed tests: ${passed}" + ewarn "Skipped tests: ${skipped}" + if [[ -n ${failed} ]] ; then + ewarn "Failed tests: ${failed}" + die "Some tests failed: ${failed}" + else + einfo "Failed tests: ${failed}" + return 0 + fi +} + +pkg_postinst() { + enewgroup sshd 22 + enewuser sshd 22 -1 /var/empty sshd + + # help fix broken perms caused by older ebuilds. + # can probably cut this after the next stage release. + chmod u+x "${ROOT}"/etc/skel/.ssh >& /dev/null + + ewarn "Remember to merge your config files in /etc/ssh/ and then" + ewarn "reload sshd: '/etc/init.d/sshd reload'." + if use pam ; then + echo + ewarn "Please be aware users need a valid shell in /etc/passwd" + ewarn "in order to be allowed to login." + fi + if use pkcs11 ; then + echo + einfo "For PKCS#11 you should also emerge one of the askpass softwares" + einfo "Example: net-misc/x11-ssh-askpass" + fi + # This instruction is from the HPN webpage, + # Used for the server logging functionality + if [[ -n ${HPN_PATCH} ]] && use hpn; then + echo + einfo "For the HPN server logging patch, you must ensure that" + einfo "your syslog application also listens at /var/empty/dev/log." + fi +} diff --git a/net-misc/openssh/openssh-5.3_p1-r1.ebuild b/net-misc/openssh/openssh-5.3_p1-r1.ebuild new file mode 100644 index 0000000..ec59ec8 --- /dev/null +++ b/net-misc/openssh/openssh-5.3_p1-r1.ebuild @@ -0,0 +1,263 @@ +# Copyright 1999-2010 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/net-misc/openssh/openssh-5.3_p1-r1.ebuild,v 1.10 2010/03/20 00:17:55 vapier Exp $ + +inherit eutils flag-o-matic multilib autotools pam + +# Make it more portable between straight releases +# and _p? releases. +PARCH=${P/_/} + +HPN_PATCH="${PARCH}-hpn13v6-gentoo.diff.gz" +LDAP_PATCH="${PARCH/openssh/openssh-lpk}-0.3.11.patch.gz" +PKCS11_PATCH="${PARCH/3p1/2}pkcs11-0.26.tar.bz2" +X509_VER="6.2.1" X509_PATCH="${PARCH}+x509-${X509_VER}.diff.gz" + +DESCRIPTION="Port of OpenBSD's free SSH release" +HOMEPAGE="http://www.openssh.org/" +SRC_URI="mirror://openbsd/OpenSSH/portable/${PARCH}.tar.gz + ${HPN_PATCH:+hpn? ( http://www.psc.edu/networking/projects/hpn-ssh/${HPN_PATCH} )} + ${LDAP_PATCH:+ldap? ( mirror://gentoo/${LDAP_PATCH} )} + ${PKCS11_PATCH:+pkcs11? ( http://alon.barlev.googlepages.com/${PKCS11_PATCH} )} + ${X509_PATCH:+X509? ( http://roumenpetrov.info/openssh/x509-${X509_VER}/${X509_PATCH} )}" + +LICENSE="as-is" +SLOT="0" +KEYWORDS="alpha amd64 arm hppa ia64 m68k ~mips ppc ppc64 s390 sh sparc x86 ~sparc-fbsd ~x86-fbsd" +IUSE="hpn kerberos ldap libedit pam pkcs11 selinux skey smartcard static tcpd X X509" + +RDEPEND="pam? ( virtual/pam ) + kerberos? ( virtual/krb5 ) + selinux? ( >=sys-libs/libselinux-1.28 ) + skey? ( >=sys-auth/skey-1.1.5-r1 ) + ldap? ( net-nds/openldap ) + libedit? ( dev-libs/libedit ) + >=dev-libs/openssl-0.9.6d + >=sys-libs/zlib-1.2.3 + smartcard? ( dev-libs/opensc ) + pkcs11? ( dev-libs/pkcs11-helper ) + tcpd? ( >=sys-apps/tcp-wrappers-7.6 ) + X? ( x11-apps/xauth ) + userland_GNU? ( sys-apps/shadow )" +DEPEND="${RDEPEND} + dev-util/pkgconfig + virtual/os-headers + sys-devel/autoconf" +RDEPEND="${RDEPEND} + pam? ( >=sys-auth/pambase-20081028 )" +PROVIDE="virtual/ssh" + +S=${WORKDIR}/${PARCH} + +pkg_setup() { + # this sucks, but i'd rather have people unable to `emerge -u openssh` + # than not be able to log in to their server any more + maybe_fail() { [[ -z ${!2} ]] && use ${1} && echo ${1} ; } + local fail=" + $(maybe_fail ldap LDAP_PATCH) + $(maybe_fail pkcs11 PKCS11_PATCH) + $(maybe_fail X509 X509_PATCH) + " + fail=$(echo ${fail}) + if [[ -n ${fail} ]] ; then + eerror "Sorry, but this version does not yet support features" + eerror "that you requested: ${fail}" + eerror "Please mask ${PF} for now and check back later:" + eerror " # echo '=${CATEGORY}/${PF}' >> /etc/portage/package.mask" + die "booooo" + fi +} + +src_unpack() { + unpack ${PARCH}.tar.gz + cd "${S}" + + sed -i \ + -e '/_PATH_XAUTH/s:/usr/X11R6/bin/xauth:/usr/bin/xauth:' \ + pathnames.h || die + + if use pkcs11 ; then + cd "${WORKDIR}" + unpack "${PKCS11_PATCH}" + cd "${S}" + # This patch is included with X509, so exclude it if X509 is going to be + # applied. + use X509 && mv -f "${WORKDIR}"/*pkcs11*/1000_all_log.patch "${WORKDIR}" + # Now apply pkcs11 + EPATCH_OPTS="-p1" epatch "${WORKDIR}"/*pkcs11*/{1,2,4}* + # And some glue + epatch "${FILESDIR}"/${PN}-5.3_p1-pkcs11-hpn-glue.patch + fi + if use X509 ; then + # Apply X509 patch + epatch "${DISTDIR}"/${X509_PATCH} + # Apply glue so that HPN will still work after X509 + epatch "${FILESDIR}"/${PN}-5.2_p1-x509-hpn-glue.patch + fi + use smartcard && epatch "${FILESDIR}"/openssh-3.9_p1-opensc.patch + if ! use X509 ; then + if [[ -n ${LDAP_PATCH} ]] && use ldap ; then + # The patch for bug 210110 64-bit stuff is now included. + epatch "${DISTDIR}"/${LDAP_PATCH} + epatch "${FILESDIR}"/${PN}-5.2p1-ldap-stdargs.diff #266654 + fi + #epatch "${DISTDIR}"/openssh-5.2p1-gsskex-all-20090726.patch #115553 #216932 #279488 + #epatch "${FILESDIR}"/${P}-gsskex-fix.patch + else + use ldap && ewarn "Sorry, X509 and ldap don't get along, disabling ldap" + fi + epatch "${FILESDIR}"/${PN}-4.7_p1-GSSAPI-dns.patch #165444 integrated into gsskex + [[ -n ${HPN_PATCH} ]] && use hpn && epatch "${DISTDIR}"/${HPN_PATCH} + epatch "${FILESDIR}"/${PN}-4.7p1-selinux.diff #191665 + epatch "${FILESDIR}"/${PN}-5.2_p1-autoconf.patch + + # in 5.2p1, the AES-CTR multithreaded variant is temporarily broken, and + # causes random hangs when combined with the -f switch of ssh. + # To avoid this, we change the internal table to use the non-multithread + # version for the meantime. + sed -i \ + -e '/aes...-ctr.*SSH_CIPHER_SSH2/s,evp_aes_ctr_mt,evp_aes_128_ctr,' \ + cipher.c || die + + sed -i "s:-lcrypto:$(pkg-config --libs openssl):" configure{,.ac} || die + + # Disable PATH reset, trust what portage gives us. bug 254615 + sed -i -e 's:^PATH=/:#PATH=/:' configure || die + + eautoreconf +} + +static_use_with() { + local flag=$1 + if use static && use ${flag} ; then + ewarn "Disabling '${flag}' support because of USE='static'" + # rebuild args so that we invert the first one (USE flag) + # but otherwise leave everything else working so we can + # just leverage use_with + shift + [[ -z $1 ]] && flag="${flag} ${flag}" + set -- !${flag} "$@" + fi + use_with "$@" +} + +src_compile() { + addwrite /dev/ptmx + addpredict /etc/skey/skeykeys #skey configure code triggers this + + local myconf="" + use static && append-ldflags -static + + econf \ + --with-ldflags="${LDFLAGS}" \ + --disable-strip \ + --sysconfdir=/etc/ssh \ + --libexecdir=/usr/$(get_libdir)/misc \ + --datadir=/usr/share/openssh \ + --with-privsep-path=/var/empty \ + --with-privsep-user=sshd \ + --with-md5-passwords \ + --with-ssl-engine \ + $(static_use_with pam) \ + $(static_use_with kerberos kerberos5 /usr) \ + ${LDAP_PATCH:+$(use X509 || ( use ldap && use_with ldap ))} \ + $(use_with libedit) \ + ${PKCS11_PATCH:+$(use pkcs11 && static_use_with pkcs11)} \ + $(use_with selinux) \ + $(use_with skey) \ + $(use_with smartcard opensc) \ + $(use_with tcpd tcp-wrappers) \ + ${myconf} \ + || die "bad configure" + emake || die "compile problem" +} + +src_install() { + emake install-nokeys DESTDIR="${D}" || die + fperms 600 /etc/ssh/sshd_config + dobin contrib/ssh-copy-id + newinitd "${FILESDIR}"/sshd.rc6 sshd + newconfd "${FILESDIR}"/sshd.confd sshd + keepdir /var/empty + + newpamd "${FILESDIR}"/sshd.pam_include.2 sshd + if use pam ; then + sed -i \ + -e "/^#UsePAM /s:.*:UsePAM yes:" \ + -e "/^#PasswordAuthentication /s:.*:PasswordAuthentication no:" \ + -e "/^#PrintMotd /s:.*:PrintMotd no:" \ + -e "/^#PrintLastLog /s:.*:PrintLastLog no:" \ + "${D}"/etc/ssh/sshd_config || die "sed of configuration file failed" + fi + + # This instruction is from the HPN webpage, + # Used for the server logging functionality + if [[ -n ${HPN_PATCH} ]] && use hpn; then + keepdir /var/empty/dev + fi + + doman contrib/ssh-copy-id.1 + dodoc ChangeLog CREDITS OVERVIEW README* TODO sshd_config + + diropts -m 0700 + dodir /etc/skel/.ssh +} + +src_test() { + local t tests skipped failed passed shell + tests="interop-tests compat-tests" + skipped="" + shell=$(getent passwd ${UID} | cut -d: -f7) + if [[ ${shell} == */nologin ]] || [[ ${shell} == */false ]] ; then + elog "Running the full OpenSSH testsuite" + elog "requires a usable shell for the 'portage'" + elog "user, so we will run a subset only." + skipped="${skipped} tests" + else + tests="${tests} tests" + fi + for t in ${tests} ; do + # Some tests read from stdin ... + emake -k -j1 ${t} </dev/null \ + && passed="${passed}${t} " \ + || failed="${failed}${t} " + done + einfo "Passed tests: ${passed}" + ewarn "Skipped tests: ${skipped}" + if [[ -n ${failed} ]] ; then + ewarn "Failed tests: ${failed}" + die "Some tests failed: ${failed}" + else + einfo "Failed tests: ${failed}" + return 0 + fi +} + +pkg_postinst() { + enewgroup sshd 22 + enewuser sshd 22 -1 /var/empty sshd + + # help fix broken perms caused by older ebuilds. + # can probably cut this after the next stage release. + chmod u+x "${ROOT}"/etc/skel/.ssh >& /dev/null + + ewarn "Remember to merge your config files in /etc/ssh/ and then" + ewarn "reload sshd: '/etc/init.d/sshd reload'." + if use pam ; then + echo + ewarn "Please be aware users need a valid shell in /etc/passwd" + ewarn "in order to be allowed to login." + fi + if use pkcs11 ; then + echo + einfo "For PKCS#11 you should also emerge one of the askpass softwares" + einfo "Example: net-misc/x11-ssh-askpass" + fi + # This instruction is from the HPN webpage, + # Used for the server logging functionality + if [[ -n ${HPN_PATCH} ]] && use hpn; then + echo + einfo "For the HPN server logging patch, you must ensure that" + einfo "your syslog application also listens at /var/empty/dev/log." + fi +} diff --git a/net-misc/openssh/openssh-5.4_p1-r3.ebuild b/net-misc/openssh/openssh-5.4_p1-r3.ebuild new file mode 100644 index 0000000..eeb44a9 --- /dev/null +++ b/net-misc/openssh/openssh-5.4_p1-r3.ebuild @@ -0,0 +1,270 @@ +# Copyright 1999-2010 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/net-misc/openssh/openssh-5.4_p1-r3.ebuild,v 1.1 2010/06/20 22:29:39 vapier Exp $ + +EAPI="2" +inherit eutils flag-o-matic multilib autotools pam + +# Make it more portable between straight releases +# and _p? releases. +PARCH=${P/_/} + +HPN_PATCH="${PARCH}-hpn13v8.diff.gz" +HPN_X509_PATCH="${PARCH}-hpn13v7-x509variant.diff.gz" +LDAP_PATCH="${PARCH/openssh/openssh-lpk}-0.3.13.patch.gz" +X509_VER="6.2.3" X509_PATCH="${PARCH}+x509-${X509_VER}.diff.gz" + +DESCRIPTION="Port of OpenBSD's free SSH release" +HOMEPAGE="http://www.openssh.org/" +SRC_URI="mirror://openbsd/OpenSSH/portable/${PARCH}.tar.gz + ${HPN_PATCH:+hpn? ( http://www.psc.edu/networking/projects/hpn-ssh/${HPN_PATCH} mirror://gentoo/${HPN_PATCH} )} + ${LDAP_PATCH:+ldap? ( mirror://gentoo/${LDAP_PATCH} )} + ${X509_PATCH:+X509? ( http://roumenpetrov.info/openssh/x509-${X509_VER}/${X509_PATCH} )} + ${HPN_X509_PATCH:+hpn? ( X509? ( mirror://gentoo/${HPN_X509_PATCH} ) )} + " + +LICENSE="as-is" +SLOT="0" +KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~sparc-fbsd ~x86-fbsd" +IUSE="hpn kerberos ldap libedit pam selinux skey static tcpd X X509" + +RDEPEND="pam? ( virtual/pam ) + kerberos? ( virtual/krb5 ) + selinux? ( >=sys-libs/libselinux-1.28 ) + skey? ( >=sys-auth/skey-1.1.5-r1 ) + ldap? ( net-nds/openldap ) + libedit? ( dev-libs/libedit ) + >=dev-libs/openssl-0.9.6d + >=sys-libs/zlib-1.2.3 + tcpd? ( >=sys-apps/tcp-wrappers-7.6 ) + X? ( x11-apps/xauth ) + userland_GNU? ( sys-apps/shadow )" +DEPEND="${RDEPEND} + dev-util/pkgconfig + virtual/os-headers + sys-devel/autoconf" +RDEPEND="${RDEPEND} + pam? ( >=sys-auth/pambase-20081028 )" +PROVIDE="virtual/ssh" + +S=${WORKDIR}/${PARCH} + +pkg_setup() { + # this sucks, but i'd rather have people unable to `emerge -u openssh` + # than not be able to log in to their server any more + maybe_fail() { [[ -z ${!2} ]] && echo ${1} ; } + local fail=" + $(use X509 && maybe_fail X509 X509_PATCH) + $(use ldap && maybe_fail ldap LDAP_PATCH) + $(use hpn && maybe_fail hpn HPN_PATCH) + $(use X509 && use hpn && maybe_fail x509+hpn HPN_X509_PATCH) + " + fail=$(echo ${fail}) + if [[ -n ${fail} ]] ; then + eerror "Sorry, but this version does not yet support features" + eerror "that you requested: ${fail}" + eerror "Please mask ${PF} for now and check back later:" + eerror " # echo '=${CATEGORY}/${PF}' >> /etc/portage/package.mask" + die "booooo" + fi +} + +src_prepare() { + sed -i \ + -e '/_PATH_XAUTH/s:/usr/X11R6/bin/xauth:/usr/bin/xauth:' \ + pathnames.h || die + # keep this as we need it to avoid the conflict between LPK and HPN changing + # this file. + cp version.h version.h.pristine + + if use X509 ; then + # Apply X509 patch + epatch "${DISTDIR}"/${X509_PATCH} + # Apply glue so that HPN will still work after X509 + #epatch "${FILESDIR}"/${PN}-5.2_p1-x509-hpn-glue.patch + fi + if ! use X509 ; then + if [[ -n ${LDAP_PATCH} ]] && use ldap ; then + epatch "${DISTDIR}"/${LDAP_PATCH} + epatch "${FILESDIR}"/${PN}-5.2p1-ldap-stdargs.diff #266654 + # version.h patch conflict avoidence + mv version.h version.h.lpk + cp -f version.h.pristine version.h + fi + else + use ldap && ewarn "Sorry, X509 and LDAP conflict internally, disabling LDAP" + fi + epatch "${FILESDIR}"/${P}-openssl.patch + epatch "${FILESDIR}"/${P}-pkcs11.patch #310929 + epatch "${FILESDIR}"/${P}-relative-AuthorizedKeysFile.patch #308939 + epatch "${FILESDIR}"/${PN}-4.7_p1-GSSAPI-dns.patch #165444 integrated into gsskex + if [[ -n ${HPN_PATCH} ]] && use hpn; then + if use X509 ; then + epatch "${DISTDIR}"/${HPN_X509_PATCH} + else + epatch "${DISTDIR}"/${HPN_PATCH} + fi + # version.h patch conflict avoidence + mv version.h version.h.hpn + cp -f version.h.pristine version.h + # The AES-CTR multithreaded variant is temporarily broken, and + # causes random hangs when combined with the -f switch of ssh. + # To avoid this, we change the internal table to use the non-multithread + # version for the meantime. + sed -i \ + -e '/aes...-ctr.*SSH_CIPHER_SSH2/s,evp_aes_ctr_mt,evp_aes_128_ctr,' \ + cipher.c || die + fi + epatch "${FILESDIR}"/${PN}-5.2_p1-autoconf.patch + + sed -i "s:-lcrypto:$(pkg-config --libs openssl):" configure{,.ac} || die + + # Disable PATH reset, trust what portage gives us. bug 254615 + sed -i -e 's:^PATH=/:#PATH=/:' configure || die + + # Now we can build a sane merged version.h + t="${T}"/version.h + m="${t}.merge" f="${t}.final" + cat version.h.{hpn,pristine,lpk} 2>/dev/null \ + | sed '/^#define SSH_RELEASE/d' \ + | sort | uniq >"${m}" + sed -n -r \ + -e '/^\//p' \ + <"${m}" >"${f}" + sed -n -r \ + -e '/SSH_LPK/s,"lpk","-lpk",g' \ + -e '/^#define/p' \ + <"${m}" >>"${f}" + v="SSH_VERSION SSH_PORTABLE" + [[ -f version.h.hpn ]] && v="${v} SSH_HPN" + [[ -f version.h.lpk ]] && v="${v} SSH_LPK" + echo "#define SSH_RELEASE ${v}" >>"${f}" + cp "${f}" version.h + + eautoreconf +} + +static_use_with() { + local flag=$1 + if use static && use ${flag} ; then + ewarn "Disabling '${flag}' support because of USE='static'" + # rebuild args so that we invert the first one (USE flag) + # but otherwise leave everything else working so we can + # just leverage use_with + shift + [[ -z $1 ]] && flag="${flag} ${flag}" + set -- !${flag} "$@" + fi + use_with "$@" +} + +src_configure() { + addwrite /dev/ptmx + addpredict /etc/skey/skeykeys #skey configure code triggers this + + use static && append-ldflags -static + + econf \ + --with-ldflags="${LDFLAGS}" \ + --disable-strip \ + --sysconfdir=/etc/ssh \ + --libexecdir=/usr/$(get_libdir)/misc \ + --datadir=/usr/share/openssh \ + --with-privsep-path=/var/empty \ + --with-privsep-user=sshd \ + --with-md5-passwords \ + --with-ssl-engine \ + $(static_use_with pam) \ + $(static_use_with kerberos kerberos5 /usr) \ + ${LDAP_PATCH:+$(use X509 || ( use ldap && use_with ldap ))} \ + $(use_with libedit) \ + $(use_with selinux) \ + $(use_with skey) \ + $(use_with tcpd tcp-wrappers) \ + || die +} + +src_compile() { + emake || die +} + +src_install() { + emake install-nokeys DESTDIR="${D}" || die + fperms 600 /etc/ssh/sshd_config + dobin contrib/ssh-copy-id + newinitd "${FILESDIR}"/sshd.rc6 sshd + newconfd "${FILESDIR}"/sshd.confd sshd + keepdir /var/empty + + newpamd "${FILESDIR}"/sshd.pam_include.2 sshd + if use pam ; then + sed -i \ + -e "/^#UsePAM /s:.*:UsePAM yes:" \ + -e "/^#PasswordAuthentication /s:.*:PasswordAuthentication no:" \ + -e "/^#PrintMotd /s:.*:PrintMotd no:" \ + -e "/^#PrintLastLog /s:.*:PrintLastLog no:" \ + "${D}"/etc/ssh/sshd_config || die "sed of configuration file failed" + fi + + # This instruction is from the HPN webpage, + # Used for the server logging functionality + if [[ -n ${HPN_PATCH} ]] && use hpn; then + keepdir /var/empty/dev + fi + + doman contrib/ssh-copy-id.1 + dodoc ChangeLog CREDITS OVERVIEW README* TODO sshd_config + + diropts -m 0700 + dodir /etc/skel/.ssh +} + +src_test() { + local t tests skipped failed passed shell + tests="interop-tests compat-tests" + skipped="" + shell=$(getent passwd ${UID} | cut -d: -f7) + if [[ ${shell} == */nologin ]] || [[ ${shell} == */false ]] ; then + elog "Running the full OpenSSH testsuite" + elog "requires a usable shell for the 'portage'" + elog "user, so we will run a subset only." + skipped="${skipped} tests" + else + tests="${tests} tests" + fi + for t in ${tests} ; do + # Some tests read from stdin ... + emake -k -j1 ${t} </dev/null \ + && passed="${passed}${t} " \ + || failed="${failed}${t} " + done + einfo "Passed tests: ${passed}" + ewarn "Skipped tests: ${skipped}" + if [[ -n ${failed} ]] ; then + ewarn "Failed tests: ${failed}" + die "Some tests failed: ${failed}" + else + einfo "Failed tests: ${failed}" + return 0 + fi +} + +pkg_postinst() { + enewgroup sshd 22 + enewuser sshd 22 -1 /var/empty sshd + + ewarn "Remember to merge your config files in /etc/ssh/ and then" + ewarn "reload sshd: '/etc/init.d/sshd reload'." + if use pam ; then + echo + ewarn "Please be aware users need a valid shell in /etc/passwd" + ewarn "in order to be allowed to login." + fi + # This instruction is from the HPN webpage, + # Used for the server logging functionality + if [[ -n ${HPN_PATCH} ]] && use hpn; then + echo + einfo "For the HPN server logging patch, you must ensure that" + einfo "your syslog application also listens at /var/empty/dev/log." + fi +} diff --git a/net-misc/openssh/openssh-5.5_p1-r2.ebuild b/net-misc/openssh/openssh-5.5_p1-r2.ebuild new file mode 100644 index 0000000..f24de43 --- /dev/null +++ b/net-misc/openssh/openssh-5.5_p1-r2.ebuild @@ -0,0 +1,269 @@ +# Copyright 1999-2010 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/net-misc/openssh/openssh-5.5_p1-r2.ebuild,v 1.7 2010/09/24 11:11:23 armin76 Exp $ + +EAPI="2" +inherit eutils flag-o-matic multilib autotools pam + +# Make it more portable between straight releases +# and _p? releases. +PARCH=${P/_/} +PARCH_54=${PARCH/5.5/5.4} + +HPN_PATCH="${PARCH}-hpn13v9.diff.gz" +HPN_X509_PATCH="${PARCH_54}-hpn13v7-x509variant.diff.gz" +LDAP_PATCH="${PARCH_54/openssh/openssh-lpk}-0.3.13.patch.gz" +X509_VER="6.2.3" X509_PATCH="${PARCH}+x509-${X509_VER}.diff.gz" + +DESCRIPTION="Port of OpenBSD's free SSH release" +HOMEPAGE="http://www.openssh.org/" +SRC_URI="mirror://openbsd/OpenSSH/portable/${PARCH}.tar.gz + ${HPN_PATCH:+hpn? ( http://www.psc.edu/networking/projects/hpn-ssh/${HPN_PATCH} mirror://gentoo/${HPN_PATCH} )} + ${LDAP_PATCH:+ldap? ( mirror://gentoo/${LDAP_PATCH} )} + ${X509_PATCH:+X509? ( http://roumenpetrov.info/openssh/x509-${X509_VER}/${X509_PATCH} )} + ${HPN_X509_PATCH:+hpn? ( X509? ( mirror://gentoo/${HPN_X509_PATCH} ) )} + " + +LICENSE="as-is" +SLOT="0" +KEYWORDS="alpha amd64 arm hppa ia64 m68k ~mips ppc ppc64 s390 sh sparc x86 ~sparc-fbsd ~x86-fbsd" +IUSE="hpn kerberos ldap libedit pam selinux skey static tcpd X X509" + +RDEPEND="pam? ( virtual/pam ) + kerberos? ( virtual/krb5 ) + selinux? ( >=sys-libs/libselinux-1.28 ) + skey? ( >=sys-auth/skey-1.1.5-r1 ) + ldap? ( net-nds/openldap ) + libedit? ( dev-libs/libedit ) + >=dev-libs/openssl-0.9.6d + >=sys-libs/zlib-1.2.3 + tcpd? ( >=sys-apps/tcp-wrappers-7.6 ) + X? ( x11-apps/xauth ) + userland_GNU? ( sys-apps/shadow )" +DEPEND="${RDEPEND} + dev-util/pkgconfig + virtual/os-headers + sys-devel/autoconf" +RDEPEND="${RDEPEND} + pam? ( >=sys-auth/pambase-20081028 )" +PROVIDE="virtual/ssh" + +S=${WORKDIR}/${PARCH} + +pkg_setup() { + # this sucks, but i'd rather have people unable to `emerge -u openssh` + # than not be able to log in to their server any more + maybe_fail() { [[ -z ${!2} ]] && echo ${1} ; } + local fail=" + $(use X509 && maybe_fail X509 X509_PATCH) + $(use ldap && maybe_fail ldap LDAP_PATCH) + $(use hpn && maybe_fail hpn HPN_PATCH) + $(use X509 && use hpn && maybe_fail x509+hpn HPN_X509_PATCH) + " + fail=$(echo ${fail}) + if [[ -n ${fail} ]] ; then + eerror "Sorry, but this version does not yet support features" + eerror "that you requested: ${fail}" + eerror "Please mask ${PF} for now and check back later:" + eerror " # echo '=${CATEGORY}/${PF}' >> /etc/portage/package.mask" + die "booooo" + fi +} + +src_prepare() { + sed -i \ + -e '/_PATH_XAUTH/s:/usr/X11R6/bin/xauth:/usr/bin/xauth:' \ + pathnames.h || die + # keep this as we need it to avoid the conflict between LPK and HPN changing + # this file. + cp version.h version.h.pristine + + if use X509 ; then + # Apply X509 patch + epatch "${DISTDIR}"/${X509_PATCH} + # Apply glue so that HPN will still work after X509 + #epatch "${FILESDIR}"/${PN}-5.2_p1-x509-hpn-glue.patch + fi + if ! use X509 ; then + if [[ -n ${LDAP_PATCH} ]] && use ldap ; then + epatch "${DISTDIR}"/${LDAP_PATCH} + epatch "${FILESDIR}"/${PN}-5.2p1-ldap-stdargs.diff #266654 + # version.h patch conflict avoidence + mv version.h version.h.lpk + cp -f version.h.pristine version.h + fi + else + use ldap && ewarn "Sorry, X509 and LDAP conflict internally, disabling LDAP" + fi + epatch "${FILESDIR}"/${PN}-5.4_p1-openssl.patch + epatch "${FILESDIR}"/${PN}-4.7_p1-GSSAPI-dns.patch #165444 integrated into gsskex + if [[ -n ${HPN_PATCH} ]] && use hpn; then + if use X509 ; then + epatch "${DISTDIR}"/${HPN_X509_PATCH} + else + epatch "${DISTDIR}"/${HPN_PATCH} + fi + # version.h patch conflict avoidence + mv version.h version.h.hpn + cp -f version.h.pristine version.h + # The AES-CTR multithreaded variant is temporarily broken, and + # causes random hangs when combined with the -f switch of ssh. + # To avoid this, we change the internal table to use the non-multithread + # version for the meantime. + sed -i \ + -e '/aes...-ctr.*SSH_CIPHER_SSH2/s,evp_aes_ctr_mt,evp_aes_128_ctr,' \ + cipher.c || die + fi + epatch "${FILESDIR}"/${PN}-5.2_p1-autoconf.patch + + sed -i "s:-lcrypto:$(pkg-config --libs openssl):" configure{,.ac} || die + + # Disable PATH reset, trust what portage gives us. bug 254615 + sed -i -e 's:^PATH=/:#PATH=/:' configure || die + + # Now we can build a sane merged version.h + t="${T}"/version.h + m="${t}.merge" f="${t}.final" + cat version.h.{hpn,pristine,lpk} 2>/dev/null \ + | sed '/^#define SSH_RELEASE/d' \ + | sort | uniq >"${m}" + sed -n -r \ + -e '/^\//p' \ + <"${m}" >"${f}" + sed -n -r \ + -e '/SSH_LPK/s,"lpk","-lpk",g' \ + -e '/^#define/p' \ + <"${m}" >>"${f}" + v="SSH_VERSION SSH_PORTABLE" + [[ -f version.h.hpn ]] && v="${v} SSH_HPN" + [[ -f version.h.lpk ]] && v="${v} SSH_LPK" + echo "#define SSH_RELEASE ${v}" >>"${f}" + cp "${f}" version.h + + eautoreconf +} + +static_use_with() { + local flag=$1 + if use static && use ${flag} ; then + ewarn "Disabling '${flag}' support because of USE='static'" + # rebuild args so that we invert the first one (USE flag) + # but otherwise leave everything else working so we can + # just leverage use_with + shift + [[ -z $1 ]] && flag="${flag} ${flag}" + set -- !${flag} "$@" + fi + use_with "$@" +} + +src_configure() { + addwrite /dev/ptmx + addpredict /etc/skey/skeykeys #skey configure code triggers this + + use static && append-ldflags -static + + econf \ + --with-ldflags="${LDFLAGS}" \ + --disable-strip \ + --sysconfdir=/etc/ssh \ + --libexecdir=/usr/$(get_libdir)/misc \ + --datadir=/usr/share/openssh \ + --with-privsep-path=/var/empty \ + --with-privsep-user=sshd \ + --with-md5-passwords \ + --with-ssl-engine \ + $(static_use_with pam) \ + $(static_use_with kerberos kerberos5 /usr) \ + ${LDAP_PATCH:+$(use X509 || ( use ldap && use_with ldap ))} \ + $(use_with libedit) \ + $(use_with selinux) \ + $(use_with skey) \ + $(use_with tcpd tcp-wrappers) \ + || die +} + +src_compile() { + emake || die +} + +src_install() { + emake install-nokeys DESTDIR="${D}" || die + fperms 600 /etc/ssh/sshd_config + dobin contrib/ssh-copy-id + newinitd "${FILESDIR}"/sshd.rc6 sshd + newconfd "${FILESDIR}"/sshd.confd sshd + keepdir /var/empty + + newpamd "${FILESDIR}"/sshd.pam_include.2 sshd + if use pam ; then + sed -i \ + -e "/^#UsePAM /s:.*:UsePAM yes:" \ + -e "/^#PasswordAuthentication /s:.*:PasswordAuthentication no:" \ + -e "/^#PrintMotd /s:.*:PrintMotd no:" \ + -e "/^#PrintLastLog /s:.*:PrintLastLog no:" \ + "${D}"/etc/ssh/sshd_config || die "sed of configuration file failed" + fi + + # This instruction is from the HPN webpage, + # Used for the server logging functionality + if [[ -n ${HPN_PATCH} ]] && use hpn; then + keepdir /var/empty/dev + fi + + doman contrib/ssh-copy-id.1 + dodoc ChangeLog CREDITS OVERVIEW README* TODO sshd_config + + diropts -m 0700 + dodir /etc/skel/.ssh +} + +src_test() { + local t tests skipped failed passed shell + tests="interop-tests compat-tests" + skipped="" + shell=$(getent passwd ${UID} | cut -d: -f7) + if [[ ${shell} == */nologin ]] || [[ ${shell} == */false ]] ; then + elog "Running the full OpenSSH testsuite" + elog "requires a usable shell for the 'portage'" + elog "user, so we will run a subset only." + skipped="${skipped} tests" + else + tests="${tests} tests" + fi + for t in ${tests} ; do + # Some tests read from stdin ... + emake -k -j1 ${t} </dev/null \ + && passed="${passed}${t} " \ + || failed="${failed}${t} " + done + einfo "Passed tests: ${passed}" + ewarn "Skipped tests: ${skipped}" + if [[ -n ${failed} ]] ; then + ewarn "Failed tests: ${failed}" + die "Some tests failed: ${failed}" + else + einfo "Failed tests: ${failed}" + return 0 + fi +} + +pkg_postinst() { + enewgroup sshd 22 + enewuser sshd 22 -1 /var/empty sshd + + ewarn "Remember to merge your config files in /etc/ssh/ and then" + ewarn "reload sshd: '/etc/init.d/sshd reload'." + if use pam ; then + echo + ewarn "Please be aware users need a valid shell in /etc/passwd" + ewarn "in order to be allowed to login." + fi + # This instruction is from the HPN webpage, + # Used for the server logging functionality + if [[ -n ${HPN_PATCH} ]] && use hpn; then + echo + einfo "For the HPN server logging patch, you must ensure that" + einfo "your syslog application also listens at /var/empty/dev/log." + fi +} diff --git a/net-misc/openssh/openssh-5.6_p1-r1.ebuild b/net-misc/openssh/openssh-5.6_p1-r1.ebuild new file mode 100644 index 0000000..af84372 --- /dev/null +++ b/net-misc/openssh/openssh-5.6_p1-r1.ebuild @@ -0,0 +1,260 @@ +# Copyright 1999-2010 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/net-misc/openssh/openssh-5.6_p1-r1.ebuild,v 1.1 2010/08/26 07:32:44 vapier Exp $ + +EAPI="2" +inherit eutils flag-o-matic multilib autotools pam + +# Make it more portable between straight releases +# and _p? releases. +PARCH=${P/_/} + +HPN_PATCH="${PARCH}-hpn13v9-gentoo.diff.gz" +LDAP_PATCH="${PARCH/openssh/openssh-lpk}-0.3.13.patch.gz" +X509_VER="6.2.3" X509_PATCH="${PARCH}+x509-${X509_VER}.diff.gz" + +DESCRIPTION="Port of OpenBSD's free SSH release" +HOMEPAGE="http://www.openssh.org/" +SRC_URI="mirror://openbsd/OpenSSH/portable/${PARCH}.tar.gz + ${HPN_PATCH:+hpn? ( http://www.psc.edu/networking/projects/hpn-ssh/${HPN_PATCH} mirror://gentoo/${HPN_PATCH} )} + ${LDAP_PATCH:+ldap? ( mirror://gentoo/${LDAP_PATCH} )} + ${X509_PATCH:+X509? ( http://roumenpetrov.info/openssh/x509-${X509_VER}/${X509_PATCH} )} + " + +LICENSE="as-is" +SLOT="0" +KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~sparc-fbsd ~x86-fbsd" +IUSE="hpn kerberos ldap libedit pam selinux skey static tcpd X X509" + +RDEPEND="pam? ( virtual/pam ) + kerberos? ( virtual/krb5 ) + selinux? ( >=sys-libs/libselinux-1.28 ) + skey? ( >=sys-auth/skey-1.1.5-r1 ) + ldap? ( net-nds/openldap ) + libedit? ( dev-libs/libedit ) + >=dev-libs/openssl-0.9.6d + >=sys-libs/zlib-1.2.3 + tcpd? ( >=sys-apps/tcp-wrappers-7.6 ) + X? ( x11-apps/xauth ) + userland_GNU? ( sys-apps/shadow )" +DEPEND="${RDEPEND} + dev-util/pkgconfig + virtual/os-headers + sys-devel/autoconf" +RDEPEND="${RDEPEND} + pam? ( >=sys-auth/pambase-20081028 )" +PROVIDE="virtual/ssh" + +S=${WORKDIR}/${PARCH} + +pkg_setup() { + # this sucks, but i'd rather have people unable to `emerge -u openssh` + # than not be able to log in to their server any more + maybe_fail() { [[ -z ${!2} ]] && echo ${1} ; } + local fail=" + $(use X509 && maybe_fail X509 X509_PATCH) + $(use ldap && maybe_fail ldap LDAP_PATCH) + $(use hpn && maybe_fail hpn HPN_PATCH) + " + fail=$(echo ${fail}) + if [[ -n ${fail} ]] ; then + eerror "Sorry, but this version does not yet support features" + eerror "that you requested: ${fail}" + eerror "Please mask ${PF} for now and check back later:" + eerror " # echo '=${CATEGORY}/${PF}' >> /etc/portage/package.mask" + die "booooo" + fi +} + +src_prepare() { + sed -i \ + -e '/_PATH_XAUTH/s:/usr/X11R6/bin/xauth:/usr/bin/xauth:' \ + pathnames.h || die + # keep this as we need it to avoid the conflict between LPK and HPN changing + # this file. + cp version.h version.h.pristine + + if use X509 ; then + # Apply X509 patch + epatch "${DISTDIR}"/${X509_PATCH} + # Apply glue so that HPN will still work after X509 + epatch "${FILESDIR}"/${PN}-5.6_p1-x509-hpn-glue.patch + fi + if ! use X509 ; then + if [[ -n ${LDAP_PATCH} ]] && use ldap ; then + epatch "${DISTDIR}"/${LDAP_PATCH} + epatch "${FILESDIR}"/${PN}-5.2p1-ldap-stdargs.diff #266654 + # version.h patch conflict avoidence + mv version.h version.h.lpk + cp -f version.h.pristine version.h + fi + else + use ldap && ewarn "Sorry, X509 and LDAP conflict internally, disabling LDAP" + fi + epatch "${FILESDIR}"/${PN}-5.4_p1-openssl.patch + epatch "${FILESDIR}"/${PN}-4.7_p1-GSSAPI-dns.patch #165444 integrated into gsskex + if [[ -n ${HPN_PATCH} ]] && use hpn; then + epatch "${DISTDIR}"/${HPN_PATCH} + # version.h patch conflict avoidence + mv version.h version.h.hpn + cp -f version.h.pristine version.h + # The AES-CTR multithreaded variant is temporarily broken, and + # causes random hangs when combined with the -f switch of ssh. + # To avoid this, we change the internal table to use the non-multithread + # version for the meantime. + sed -i \ + -e '/aes...-ctr.*SSH_CIPHER_SSH2/s,evp_aes_ctr_mt,evp_aes_128_ctr,' \ + cipher.c || die + fi + epatch "${FILESDIR}"/${PN}-5.2_p1-autoconf.patch + + sed -i "s:-lcrypto:$(pkg-config --libs openssl):" configure{,.ac} || die + + # Disable PATH reset, trust what portage gives us. bug 254615 + sed -i -e 's:^PATH=/:#PATH=/:' configure || die + + # Now we can build a sane merged version.h + t="${T}"/version.h + m="${t}.merge" f="${t}.final" + cat version.h.{hpn,pristine,lpk} 2>/dev/null \ + | sed '/^#define SSH_RELEASE/d' \ + | sort | uniq >"${m}" + sed -n -r \ + -e '/^\//p' \ + <"${m}" >"${f}" + sed -n -r \ + -e '/SSH_LPK/s,"lpk","-lpk",g' \ + -e '/^#define/p' \ + <"${m}" >>"${f}" + v="SSH_VERSION SSH_PORTABLE" + [[ -f version.h.hpn ]] && v="${v} SSH_HPN" + [[ -f version.h.lpk ]] && v="${v} SSH_LPK" + echo "#define SSH_RELEASE ${v}" >>"${f}" + cp "${f}" version.h + + eautoreconf +} + +static_use_with() { + local flag=$1 + if use static && use ${flag} ; then + ewarn "Disabling '${flag}' support because of USE='static'" + # rebuild args so that we invert the first one (USE flag) + # but otherwise leave everything else working so we can + # just leverage use_with + shift + [[ -z $1 ]] && flag="${flag} ${flag}" + set -- !${flag} "$@" + fi + use_with "$@" +} + +src_configure() { + addwrite /dev/ptmx + addpredict /etc/skey/skeykeys #skey configure code triggers this + + use static && append-ldflags -static + + econf \ + --with-ldflags="${LDFLAGS}" \ + --disable-strip \ + --sysconfdir=/etc/ssh \ + --libexecdir=/usr/$(get_libdir)/misc \ + --datadir=/usr/share/openssh \ + --with-privsep-path=/var/empty \ + --with-privsep-user=sshd \ + --with-md5-passwords \ + --with-ssl-engine \ + $(static_use_with pam) \ + $(static_use_with kerberos kerberos5 /usr) \ + ${LDAP_PATCH:+$(use X509 || ( use ldap && use_with ldap ))} \ + $(use_with libedit) \ + $(use_with selinux) \ + $(use_with skey) \ + $(use_with tcpd tcp-wrappers) +} + +src_compile() { + emake || die +} + +src_install() { + emake install-nokeys DESTDIR="${D}" || die + fperms 600 /etc/ssh/sshd_config + dobin contrib/ssh-copy-id + newinitd "${FILESDIR}"/sshd.rc6 sshd + newconfd "${FILESDIR}"/sshd.confd sshd + keepdir /var/empty + + newpamd "${FILESDIR}"/sshd.pam_include.2 sshd + if use pam ; then + sed -i \ + -e "/^#UsePAM /s:.*:UsePAM yes:" \ + -e "/^#PasswordAuthentication /s:.*:PasswordAuthentication no:" \ + -e "/^#PrintMotd /s:.*:PrintMotd no:" \ + -e "/^#PrintLastLog /s:.*:PrintLastLog no:" \ + "${D}"/etc/ssh/sshd_config || die "sed of configuration file failed" + fi + + # This instruction is from the HPN webpage, + # Used for the server logging functionality + if [[ -n ${HPN_PATCH} ]] && use hpn; then + keepdir /var/empty/dev + fi + + doman contrib/ssh-copy-id.1 + dodoc ChangeLog CREDITS OVERVIEW README* TODO sshd_config + + diropts -m 0700 + dodir /etc/skel/.ssh +} + +src_test() { + local t tests skipped failed passed shell + tests="interop-tests compat-tests" + skipped="" + shell=$(getent passwd ${UID} | cut -d: -f7) + if [[ ${shell} == */nologin ]] || [[ ${shell} == */false ]] ; then + elog "Running the full OpenSSH testsuite" + elog "requires a usable shell for the 'portage'" + elog "user, so we will run a subset only." + skipped="${skipped} tests" + else + tests="${tests} tests" + fi + for t in ${tests} ; do + # Some tests read from stdin ... + emake -k -j1 ${t} </dev/null \ + && passed="${passed}${t} " \ + || failed="${failed}${t} " + done + einfo "Passed tests: ${passed}" + ewarn "Skipped tests: ${skipped}" + if [[ -n ${failed} ]] ; then + ewarn "Failed tests: ${failed}" + die "Some tests failed: ${failed}" + else + einfo "Failed tests: ${failed}" + return 0 + fi +} + +pkg_postinst() { + enewgroup sshd 22 + enewuser sshd 22 -1 /var/empty sshd + + ewarn "Remember to merge your config files in /etc/ssh/ and then" + ewarn "reload sshd: '/etc/init.d/sshd reload'." + if use pam ; then + echo + ewarn "Please be aware users need a valid shell in /etc/passwd" + ewarn "in order to be allowed to login." + fi + # This instruction is from the HPN webpage, + # Used for the server logging functionality + if [[ -n ${HPN_PATCH} ]] && use hpn; then + echo + einfo "For the HPN server logging patch, you must ensure that" + einfo "your syslog application also listens at /var/empty/dev/log." + fi +} diff --git a/net-misc/openssh/openssh-5.6_p1-r2.ebuild b/net-misc/openssh/openssh-5.6_p1-r2.ebuild new file mode 100644 index 0000000..0e739e9 --- /dev/null +++ b/net-misc/openssh/openssh-5.6_p1-r2.ebuild @@ -0,0 +1,261 @@ +# Copyright 1999-2010 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/net-misc/openssh/openssh-5.6_p1-r2.ebuild,v 1.7 2010/11/29 23:07:42 ranger Exp $ + +EAPI="2" +inherit eutils flag-o-matic multilib autotools pam + +# Make it more portable between straight releases +# and _p? releases. +PARCH=${P/_/} + +HPN_PATCH="${PARCH}-hpn13v10.diff.gz" +LDAP_PATCH="${PARCH/openssh/openssh-lpk}-0.3.13.patch.gz" +X509_VER="6.2.3" X509_PATCH="${PARCH}+x509-${X509_VER}.diff.gz" + +DESCRIPTION="Port of OpenBSD's free SSH release" +HOMEPAGE="http://www.openssh.org/" +SRC_URI="mirror://openbsd/OpenSSH/portable/${PARCH}.tar.gz + ${HPN_PATCH:+hpn? ( http://www.psc.edu/networking/projects/hpn-ssh/${HPN_PATCH} mirror://gentoo/${HPN_PATCH} )} + ${LDAP_PATCH:+ldap? ( mirror://gentoo/${LDAP_PATCH} )} + ${X509_PATCH:+X509? ( http://roumenpetrov.info/openssh/x509-${X509_VER}/${X509_PATCH} )} + " + +LICENSE="as-is" +SLOT="0" +KEYWORDS="~alpha amd64 arm hppa ~ia64 ~m68k ~mips ppc ppc64 ~s390 ~sh sparc x86 ~sparc-fbsd ~x86-fbsd" +IUSE="hpn kerberos ldap libedit pam selinux skey static tcpd X X509" + +RDEPEND="pam? ( virtual/pam ) + kerberos? ( virtual/krb5 ) + selinux? ( >=sys-libs/libselinux-1.28 ) + skey? ( >=sys-auth/skey-1.1.5-r1 ) + ldap? ( net-nds/openldap ) + libedit? ( dev-libs/libedit ) + >=dev-libs/openssl-0.9.6d + >=sys-libs/zlib-1.2.3 + tcpd? ( >=sys-apps/tcp-wrappers-7.6 ) + X? ( x11-apps/xauth ) + userland_GNU? ( sys-apps/shadow )" +DEPEND="${RDEPEND} + dev-util/pkgconfig + virtual/os-headers + sys-devel/autoconf" +RDEPEND="${RDEPEND} + pam? ( >=sys-auth/pambase-20081028 )" +PROVIDE="virtual/ssh" + +S=${WORKDIR}/${PARCH} + +pkg_setup() { + # this sucks, but i'd rather have people unable to `emerge -u openssh` + # than not be able to log in to their server any more + maybe_fail() { [[ -z ${!2} ]] && echo ${1} ; } + local fail=" + $(use X509 && maybe_fail X509 X509_PATCH) + $(use ldap && maybe_fail ldap LDAP_PATCH) + $(use hpn && maybe_fail hpn HPN_PATCH) + " + fail=$(echo ${fail}) + if [[ -n ${fail} ]] ; then + eerror "Sorry, but this version does not yet support features" + eerror "that you requested: ${fail}" + eerror "Please mask ${PF} for now and check back later:" + eerror " # echo '=${CATEGORY}/${PF}' >> /etc/portage/package.mask" + die "booooo" + fi +} + +src_prepare() { + sed -i \ + -e '/_PATH_XAUTH/s:/usr/X11R6/bin/xauth:/usr/bin/xauth:' \ + pathnames.h || die + # keep this as we need it to avoid the conflict between LPK and HPN changing + # this file. + cp version.h version.h.pristine + + if use X509 ; then + # Apply X509 patch + epatch "${DISTDIR}"/${X509_PATCH} + # Apply glue so that HPN will still work after X509 + epatch "${FILESDIR}"/${PN}-5.6_p1-x509-hpn-glue.patch + fi + if ! use X509 ; then + if [[ -n ${LDAP_PATCH} ]] && use ldap ; then + epatch "${DISTDIR}"/${LDAP_PATCH} + epatch "${FILESDIR}"/${PN}-5.2p1-ldap-stdargs.diff #266654 + # version.h patch conflict avoidence + mv version.h version.h.lpk + cp -f version.h.pristine version.h + fi + else + use ldap && ewarn "Sorry, X509 and LDAP conflict internally, disabling LDAP" + fi + epatch "${FILESDIR}"/${PN}-5.4_p1-openssl.patch + epatch "${FILESDIR}"/${PN}-4.7_p1-GSSAPI-dns.patch #165444 integrated into gsskex + if [[ -n ${HPN_PATCH} ]] && use hpn; then + epatch "${DISTDIR}"/${HPN_PATCH} + epatch "${FILESDIR}"/${P}-hpn-progressmeter.patch + # version.h patch conflict avoidence + mv version.h version.h.hpn + cp -f version.h.pristine version.h + # The AES-CTR multithreaded variant is temporarily broken, and + # causes random hangs when combined with the -f switch of ssh. + # To avoid this, we change the internal table to use the non-multithread + # version for the meantime. + sed -i \ + -e '/aes...-ctr.*SSH_CIPHER_SSH2/s,evp_aes_ctr_mt,evp_aes_128_ctr,' \ + cipher.c || die + fi + epatch "${FILESDIR}"/${PN}-5.2_p1-autoconf.patch + + sed -i "s:-lcrypto:$(pkg-config --libs openssl):" configure{,.ac} || die + + # Disable PATH reset, trust what portage gives us. bug 254615 + sed -i -e 's:^PATH=/:#PATH=/:' configure || die + + # Now we can build a sane merged version.h + t="${T}"/version.h + m="${t}.merge" f="${t}.final" + cat version.h.{hpn,pristine,lpk} 2>/dev/null \ + | sed '/^#define SSH_RELEASE/d' \ + | sort | uniq >"${m}" + sed -n -r \ + -e '/^\//p' \ + <"${m}" >"${f}" + sed -n -r \ + -e '/SSH_LPK/s,"lpk","-lpk",g' \ + -e '/^#define/p' \ + <"${m}" >>"${f}" + v="SSH_VERSION SSH_PORTABLE" + [[ -f version.h.hpn ]] && v="${v} SSH_HPN" + [[ -f version.h.lpk ]] && v="${v} SSH_LPK" + echo "#define SSH_RELEASE ${v}" >>"${f}" + cp "${f}" version.h + + eautoreconf +} + +static_use_with() { + local flag=$1 + if use static && use ${flag} ; then + ewarn "Disabling '${flag}' support because of USE='static'" + # rebuild args so that we invert the first one (USE flag) + # but otherwise leave everything else working so we can + # just leverage use_with + shift + [[ -z $1 ]] && flag="${flag} ${flag}" + set -- !${flag} "$@" + fi + use_with "$@" +} + +src_configure() { + addwrite /dev/ptmx + addpredict /etc/skey/skeykeys #skey configure code triggers this + + use static && append-ldflags -static + + econf \ + --with-ldflags="${LDFLAGS}" \ + --disable-strip \ + --sysconfdir=/etc/ssh \ + --libexecdir=/usr/$(get_libdir)/misc \ + --datadir=/usr/share/openssh \ + --with-privsep-path=/var/empty \ + --with-privsep-user=sshd \ + --with-md5-passwords \ + --with-ssl-engine \ + $(static_use_with pam) \ + $(static_use_with kerberos kerberos5 /usr) \ + ${LDAP_PATCH:+$(use X509 || ( use ldap && use_with ldap ))} \ + $(use_with libedit) \ + $(use_with selinux) \ + $(use_with skey) \ + $(use_with tcpd tcp-wrappers) +} + +src_compile() { + emake || die +} + +src_install() { + emake install-nokeys DESTDIR="${D}" || die + fperms 600 /etc/ssh/sshd_config + dobin contrib/ssh-copy-id + newinitd "${FILESDIR}"/sshd.rc6.1 sshd + newconfd "${FILESDIR}"/sshd.confd sshd + keepdir /var/empty + + newpamd "${FILESDIR}"/sshd.pam_include.2 sshd + if use pam ; then + sed -i \ + -e "/^#UsePAM /s:.*:UsePAM yes:" \ + -e "/^#PasswordAuthentication /s:.*:PasswordAuthentication no:" \ + -e "/^#PrintMotd /s:.*:PrintMotd no:" \ + -e "/^#PrintLastLog /s:.*:PrintLastLog no:" \ + "${D}"/etc/ssh/sshd_config || die "sed of configuration file failed" + fi + + # This instruction is from the HPN webpage, + # Used for the server logging functionality + if [[ -n ${HPN_PATCH} ]] && use hpn; then + keepdir /var/empty/dev + fi + + doman contrib/ssh-copy-id.1 + dodoc ChangeLog CREDITS OVERVIEW README* TODO sshd_config + + diropts -m 0700 + dodir /etc/skel/.ssh +} + +src_test() { + local t tests skipped failed passed shell + tests="interop-tests compat-tests" + skipped="" + shell=$(getent passwd ${UID} | cut -d: -f7) + if [[ ${shell} == */nologin ]] || [[ ${shell} == */false ]] ; then + elog "Running the full OpenSSH testsuite" + elog "requires a usable shell for the 'portage'" + elog "user, so we will run a subset only." + skipped="${skipped} tests" + else + tests="${tests} tests" + fi + for t in ${tests} ; do + # Some tests read from stdin ... + emake -k -j1 ${t} </dev/null \ + && passed="${passed}${t} " \ + || failed="${failed}${t} " + done + einfo "Passed tests: ${passed}" + ewarn "Skipped tests: ${skipped}" + if [[ -n ${failed} ]] ; then + ewarn "Failed tests: ${failed}" + die "Some tests failed: ${failed}" + else + einfo "Failed tests: ${failed}" + return 0 + fi +} + +pkg_postinst() { + enewgroup sshd 22 + enewuser sshd 22 -1 /var/empty sshd + + ewarn "Remember to merge your config files in /etc/ssh/ and then" + ewarn "reload sshd: '/etc/init.d/sshd reload'." + if use pam ; then + echo + ewarn "Please be aware users need a valid shell in /etc/passwd" + ewarn "in order to be allowed to login." + fi + # This instruction is from the HPN webpage, + # Used for the server logging functionality + if [[ -n ${HPN_PATCH} ]] && use hpn; then + echo + einfo "For the HPN server logging patch, you must ensure that" + einfo "your syslog application also listens at /var/empty/dev/log." + fi +} |