commit: e9d6a1e0b883f7766516f48c1c097393ce8230ad
Author: Anthony G. Basile <blueness <AT> gentoo <DOT> org>
AuthorDate: Thu Sep 3 21:58:22 2015 +0000
Commit: Anthony G. Basile <blueness <AT> gentoo <DOT> org>
CommitDate: Thu Sep 3 21:58:22 2015 +0000
URL: https://gitweb.gentoo.org/proj/musl.git/commit/?id=e9d6a1e0
net-misc/openssh: 6.9 fails on ppc because of __stack_chk_fail_local.
Package-Manager: portage-2.2.20.1
RepoMan-Options: --force
Manifest-Sign-Key: 0x9384FA6EF52D4BBA
net-misc/openssh/Manifest | 20 +-
.../openssh/files/openssh-6.4_p1-x509-glue.patch | 30 --
.../openssh-6.4p1-fix-typo-construct_utmpx.patch | 21 -
.../files/openssh-6.4p1-missing-sys_param_h.patch | 67 ----
.../files/openssh-6.7_p1-sctp-x509-glue.patch | 42 --
.../openssh-6.7_p1-sshd-gssapi-multihomed.patch | 162 --------
.../openssh/files/openssh-6.7_p1-x509-glue.patch | 46 ---
.../openssh/files/openssh-6.7p1-avoid-exit.patch | 441 ---------------------
.../openssh-6.8_p1-ssl-engine-configure.patch | 33 ++
...6.7_p1-r99.ebuild => openssh-6.9_p1-r99.ebuild} | 198 +++++----
10 files changed, 131 insertions(+), 929 deletions(-)
diff --git a/net-misc/openssh/Manifest b/net-misc/openssh/Manifest
index 7ec1e09..93e1dc2 100644
--- a/net-misc/openssh/Manifest
+++ b/net-misc/openssh/Manifest
@@ -1,23 +1,17 @@
AUX openssh-4.7_p1-GSSAPI-dns.patch 4494 SHA256
88a08f349258d4be5b2faa838a89fe1aa0196502990b745ac0e3a70dda30a0d7 SHA512
4d00a9ed79f66b92502c3e5ee580523f63d7b3643fe1bd330ff97994acce527d4d285d38199cef66eddc0ef68afabf7b268abc60cba871bac5d2e99045d4ac11
WHIRLPOOL
2f118fd2f016c529dbc31e8f2b6b418931e6770ab02c28b7feeaba93e84e7fcd1c742f4420a43a9fec0bdfaa4d4bc7cf14fb860c0a56c68a30e7b136fb60bcdb
AUX openssh-6.3_p1-x509-hpn14v2-glue.patch 1451 SHA256
d7179b3c16edd065977aaf56a410e2b9b237206fb619474f312972b430b73c8d SHA512
02577e3f718ff994bb4e962189f17048b4c03104d0a1981683f3c6a1d6d30701db368e132102c8396da2c0f5eb2f6602b26f32f74d19382af34bd9a93fc508f3
WHIRLPOOL
b7d224d71634f380bd31b3a1dd3e588a29582255f717a6a308738ad58b485b693d827a53704479995ec2ebca53c9dc9b2113d8de52a1336b67ce83943f946b77
-AUX openssh-6.4_p1-x509-glue.patch 1445 SHA256
cf18f17b12514692a4e33d5fb995f5ba1bc1ea258c80babb38516d8def7d0bc3 SHA512
e5c51fd639e95ca9c7820974684117861cc58cf5172c7c44deaaca106c1e91a931421720cb210652aef30ffa41bc96efe04dbedf996120b40143080fc6b2b47d
WHIRLPOOL
7c7065a22cc6237a927e6d6c0f7b4bfa7b57e32ffd8b3d70ed9e70b9a882a95ce40478873374460a6173cc5a33c22ddfbbded783568049f1b4fccb5f5253d4bf
-AUX openssh-6.4p1-fix-typo-construct_utmpx.patch 796 SHA256
844bfa729eb63cd4c05c1dc518d34263f4da4e0f1510c39b27b8c15c0a23459c SHA512
d7d5dcee89b1b427098bcd8ff44d99aebb4ab077af450b89aa432796a4398e1516fe4a75fdb2ae6ef71b702ad1af5766af040316e37d3f71bce65de5be59830e
WHIRLPOOL
c01570bdcde7ca2c03df0db62c1c59486cf94380e6ce27104a897407d90c862e6f88ef3584f28c3c59a3744c64ad9405c6daf1053d241354bdc064d77520b03e
-AUX openssh-6.4p1-missing-sys_param_h.patch 2139 SHA256
0be81f4fbcabb1e8a5459f4b41f179498cef5e3411435c16fc9b36e3f619d79e SHA512
c7f997a5351d464b9d86f1b5ae221a9788a0c77ccaf7a4d2a4e266033fc58d0dede9c7fca8cfee36cfad328513d9ba6bb735be0e778a8ce489ad98d81110f579
WHIRLPOOL
1355becb4460a4749145fcc786fd45c260d779176761ae37e27de81072f8c84fdd16f2f1c6ea0d7576ba09e048d8be85a0449987ef2097ed5c5defca8ebb5b26
AUX openssh-6.7_p1-openssl-ignore-status.patch 765 SHA256
b068cc30d4bce5c457cea78233396c9793864ec909f810dd0be87d913673433a SHA512
ab15d6dfdb8d59946684501f6f30ac0eb82676855b7b57f19f2027a7ada072f9062fcb96911111a50cfc3838492faddd282db381ec83d22462644ccddccf0ae7
WHIRLPOOL
c0a4ff69d65eeb40c1ace8d5be6f8e59044a8f16dc6b37e87393e79ab80935abf30a9d2a6babc043aba0477f5f79412e1ae5d373daba580178fd85ca1f60e60b
-AUX openssh-6.7_p1-sctp-x509-glue.patch 1326 SHA256
42eb87eda1685e19add23c1304f17dabd99a1a38a57bfe2bfbb70ab85f6d385e SHA512
7f014e2b1893a5240680e2e14475d61b9b6047d1be3fe404d5971a899c122cc624546e9e5b31bfee5905cf7b4605a0871c3b00ed5c2bd28d84755a49392e1a69
WHIRLPOOL
8d6888163068dbc486bc4eff0dd7d4053f68b9848347eb520dd7d382b0b8c74e3016f7f3ed401c2c2dfd48e73a9077fb9777d39c0f236cc500c53393be426b42
-AUX openssh-6.7_p1-sshd-gssapi-multihomed.patch 5489 SHA256
d2a1735b523709a4b4ceaa57862ecb21a95656678bacc5b7da59dc46187ad997 SHA512
a8b8d2c2ab4520c8c7315f6130ee44fec48935a129ce7c7e51a068a4de2c7528980437246b61e4abc4cff614466f8054c554cdbaad4eb0d1f4afcfb434c30bbc
WHIRLPOOL
e4b97398c324360576a04792357f66be3ed9f17e4113f75275f8422ee0b7ecf28073c7cde01a63e24fa0901b14db822d22d7d2c5936bbee3bd5874a867066967
-AUX openssh-6.7_p1-x509-glue.patch 1633 SHA256
58031e90e0bf220028934ab590af6ccfc45722629b2416df13d84f10c9b94478 SHA512
364ca0280be5cc83d1dedf7727323fd5fc0093c6dbcf9cc8ccaa30ee754b866584be28da1166953f03faf8745d6364e33fad7daad9be9a29681a8674eb9d292b
WHIRLPOOL
b79a6cff897be78793bbf2ca03154103aa1380647b8c53e104155fd68122568a8e7dea23996213b192e4269f980b1035d3ca395dbd2c318fd81a45f44d110c31
-AUX openssh-6.7p1-avoid-exit.patch 9766 SHA256
a2ccd76c5ce0f5761c1cea49a7055c171c2be1cfe6bf20ae60ba6cbfe7c7d1f4 SHA512
524630996012c0cbbcc835519760808a52b68d9180b8d82bd3f596bbd3661bceec9e6163876a2bedf7b7ce0d869800801134f1f465c3e2a932f0d300a23ad172
WHIRLPOOL
0254a83459a480370e89556417e077d9f206bf3b34a1630019db619647c055d1c4e4d8570ba154666bf60b8dea60c3ed97a7ba9b7b81e9680f4a62a1a2d3198a
+AUX openssh-6.8_p1-ssl-engine-configure.patch 936 SHA256
cb3f34ef031aa5360b082468b4afb8b7fd2c778c990c2f20fda250167725ff88 SHA512
4b7840f719ad58c1f196327a52534f0a21264ce47e8df4a335e9f58d9d5eae33dbb9a75a2a714c3bdae6bee04728e66020ed57eb521fc1164521c4c5aa4a9a93
WHIRLPOOL
662d6eedb091021d5da4cdbd6d623e3678e54fb75cb52d8afdc4ef9c31f98d95f8445c2fde834d622b0aabf8b9593244847da574201ed176c350747526a28fe5
AUX sshd.confd 396 SHA256
29c6d57ac3ec6018cadc6ba6cd9b90c9ed46e20049b970fdcc68ee2481a2ee41 SHA512
b9ae816af54a55e134a9307e376f05367b815f1b3fd545c2a2c312d18aedcf907f413e8bad8db980cdd9aad4011a72a79e1e94594f69500939a9cb46287f2f81
WHIRLPOOL
69f43e6192e009a4663d130f7e40ee8b13c6eb9cc7d960b5e0e22f5d477649c88806a9d219efef211f4346582c2bb51e40d230a8191e5953dbe08bfff976ae53
AUX sshd.pam_include.2 156 SHA256
166136e27d653e0bf481a6ca79fecb7d9fa2fc3d597d041f97df595f65a8193c SHA512
d3f7e6ca8c9f2b5060ebccb259316bb59c9a7e158e8ef9466765a20db263a4043a590811f1a3ab072b718dbd70898bc69b77e0b19603d7f394b5ac1bd0a4a56c
WHIRLPOOL
ba7a0a8c3bb39c5fda69de34b822a19696398e0a8789211ac1faae787ee34f9639eb35efe29c67f874b5f9fe674742503e570f441c005974f4a0c93468b8970b
AUX sshd.rc6.4 2313 SHA256
97221a017d8ee9de996277c5a794d973a0b5e8180c29c97b3652bd1984a7b5d0 SHA512
88826bc9923299ac4c1502e7076483d6c197fd5a0e693bc2e1690f82bcd7d1bbd144aae2ffd92acb28d6fe912233aa93346e00c72917de65c22811ce9cd5bff7
WHIRLPOOL
a77bad5891eb74770ae12e79131a99e5645a83841d14f1d60e39581a23b9d86e66b2e5fb7d0c989afac410eb5c6a627b83389d54085d1b78c89fc07852f8eb66
AUX sshd.service 242 SHA256
1351c43fe8287f61255ace9fa20790f770d69296b4dd31b0c583983d4cc59843 SHA512
77f50c85a2c944995a39819916eb860cfdc1aff90986e93282e669a0de73c287ecb92d550fd118cfcc8ab538eab677e0d103b23cd959b7e8d9801bc37250c39c
WHIRLPOOL
0f5c48d709274c526ceee4f26e35dcb00816ffa9d6661acc1e4e462acb38c3c6108b0e87783eff9da1b1868127c5550c57a5a0a9d7270b927ac4b92191876989
AUX sshd.socket 136 SHA256
c055abcd10c5d372119cbc3708661ddffccdee7a1de1282559c54d03e2f109d9 SHA512
4d31d373b7bdae917dc0cf05418c71d4743e98e354aefcf055f88f55c9c644a5a0e0e605dbb8372c1b98d17c0ea1c8c0fee27d38ab8dbe23c7e420a6a78c6d42
WHIRLPOOL
102d87b708c31e5994e8005437c78b1aa756c6def4ee9ae2fa9be1438f328fc28c9152a4ff2528941be18f1311594490ecd98b66716ec74e970aa3725a98e2e5
AUX sshd_at.service 176 SHA256
332f5ffc30456fe2494095c2aabd1e6e02075ce224e2d49708ac7ccf6d341998 SHA512
662a9c2668902633e6dbcb9435ac35bec3e224afdb2ab6a1df908618536ae9fc1958ba1d611e146c01fddb0c8f41eefdc26de78f45b7f165b1d6b2ee2f23be2a
WHIRLPOOL
aeb32351380dd674ef7a2e7b537f43116c189f7fddb8bdb8b2c109e9f62b0a73cc0f29f2d46270e658ab6409b8d3671ce9e0d0ba7c0d3674c2f85291a73e6df1
-DIST openssh-6.7_p1-sctp.patch.xz 7408 SHA256
b33e82309195f2a3f21a9fb14e6da2080b096dcf0d6f1c36c93cdeac683fdd59 SHA512
35da5e58f857e8b24e63b4058e946b71fdf0fecc637cb7af0ba8913869e5aadf8317805838936c84dc24421f03c5c91e1670761bed152fdf325c5a509f1b5d04
WHIRLPOOL
cc7bace4aa60d720914e3a6a4ff650b7543d9e4963deab12c19cb5d798547b4fe547690946ff8955e121339e9a3d0ebe06f3ff758cca4bb81a09ac43fc877f58
-DIST openssh-6.7p1+x509-8.2.diff.gz 241798 SHA256
85acfcd560b40d4533b82a4e3f443b7137b377868bab424dacdf00581c83240f SHA512
d33ece7ddf382235b032875cf961845b308dc5e4cd1888cb68fee11c95066bb90938f9043cb9410f372efb578b61dfd5d50341da95a92fab5a4c209ac54e1f5e
WHIRLPOOL
b1fe2b88f0e77312099171f5c83dc670abc4c40d215fdff1e43161e44f806de9e0537cfa3a0001e1c7bbc0d0aed555079455f88b8ff313b00d8e9a19dabcb7d8
-DIST openssh-6.7p1-hpnssh14v5.tar.xz 25652 SHA256
7284db65548b6b04142930da86972f96b1f5aa8ad3fc125134412f904f369d7e SHA512
21929805f40c79684ee3ecdb2b495d3204dca90b932aa633c4e0f6a093a417259cdeee10b3e49f3dff426febc6792f45ee23cc0688f05bf047630f3016e0926a
WHIRLPOOL
5515cd4c745b061a3e92ac03e8121fb3ffc4b2ff116140625ca7ab2c0211c673b6345e5b08134df8b1743e03f9964017e789e1f0b9da99a0fd5970e14665e681
-DIST openssh-6.7p1.tar.gz 1351367 SHA256
b2f8394eae858dabbdef7dac10b99aec00c95462753e80342e530bbb6f725507 SHA512
2469dfcd289948374843311dd9e5f7e144ce1cebd4bfce0d387d0b75cb59f3e1af1b9ebf96bd4ab6407dfa77a013c5d25742971053e61cae2541054aeaca559d
WHIRLPOOL
ac8ce86d0f6c78c4cb3624b480f189f951d508db38b22d7a5550b7302d5277c1c7d18eaa713d52139abc0f77edacfdb03ced2603125e3ddf9bc09c69e6b70518
-DIST openssh-lpk-6.7p1-0.3.14.patch.xz 16920 SHA256
0203e6e44e41d58ec46d1611d7efc985134e662bbee51632c29f43ae809003f0 SHA512
344ccde4a04aeb1500400f779e64b2d8a5ad2970de3c4c343ca9605758e22d3812ef5453cd3221b18ad74a9762583c62417879107e4e1dda1398a6a65bcd04b2
WHIRLPOOL
5b6beeb743d04deea70c8b471a328b5f056fd4651e1370c7882e5d12f54fa2170486dcd6f97aa8c58e80af9a2d4012e2dfbcf53185317976d309783ca8d6cf73
-EBUILD openssh-6.7_p1-r99.ebuild 10109 SHA256
3f94d0374656b23805d4d211bc6bf882814082a2d71a7f505e043550dedf029e SHA512
e311b8c49059904226b78bc4184e9e85c9c3e331f50937e20a8db8e337baa9ac8e6d12ab63642aa4247913ff5402fc532fa70192fdaef3072f790db2609a9297
WHIRLPOOL
6fb85a46881a1e226ac8a50fc8bd848d67f21689ff117f457882ae72faff424266816cbd078fea89464a55d3b33cf46bb49f8eaa80f252713d6b8b0ba06da246
+DIST openssh-6.8_p1-sctp.patch.xz 7388 SHA256
2c74dd00aaae9f4de908d8e5685ae982779a5069996b98d55e8408eada739a19 SHA512
f93a1d27bc3e57a6d4fa717c9d5ece4f28196f8539cb2f2efc4285dce9a2e94a3f5a59d18fc01ea73a94e90630cee7621240455fce146f781cf7091a828f2db0
WHIRLPOOL
7fb3346c3444654988303ff2a941345c00412a8012d6d419c9e4f870ef4c3362f92a4020d7bff2dc5d1ff9e42cf7287c4346909f8db07154783d5359a73a7476
+DIST openssh-6.9p1+x509-8.4.diff.gz 425687 SHA256
0ed8bfff0d2ecd9f3791ae1f168ca3270bb66d7ab7bc0a8ff2d61d2ab829c3fb SHA512
596cb65408db06fb299b92160147685b001dc23929ecf5c4bd11a8b0475d79695c7b4dbe8a878d7fbcd944155935fd62a14e35c79204b39e413f5eaa961ef76c
WHIRLPOOL
771fa0f4f6a20ed49ba201605fcdcbfc41a0f094ef4a89ca2433ee51b7c8bf99cc266f26bd7877c61ff92e9a50c7d65119ba75ba64eaa029bd567bab3ee243c2
+DIST openssh-6.9p1-r1-hpnssh14v5.tar.xz 21396 SHA256
84e9e28a1488ccf66e29a7c90442b3bc4833a6fa186260fb6853b5a1b19c0beb SHA512
476064dbdb3d82b86ad7c481a4a301ff0d46bd281fe7ca0c29f34ae50b0034028760997ae2c934a265499c154f4534d35ead647aa63d1a4545ed503a5364eada
WHIRLPOOL
74eaf2fe0a6ecd0e2fa5078034628d4c76c75b121f3c813ff8a098ab28363daa3800d03936046aa3aebbfdab3afd31ef30a207399f5e305d7f71e5f3c7e4f4a7
+DIST openssh-6.9p1.tar.gz 1487617 SHA256
6e074df538f357d440be6cf93dc581a21f22d39e236f217fcd8eacbb6c896cfe SHA512
68fec9b4e512fe126a5d35b01e2cc656d810b75052ed8a36bc85cd0a05de7318b15ed287bc95cf9bcb3fa2f385029151d85aced55e07fbcc79e6c779bee6751d
WHIRLPOOL
1dcb291383c9f934b512f61ce9f6e0319f22e112ce3f6eace2a868ca0f99c709c65bae14a9815e2ef237f8132fe72c583cffb7ea20bdfa2aaa77cf347967be7f
+DIST openssh-lpk-6.8p1-0.3.14.patch.xz 16940 SHA256
d5f048dc7e9d3fca085c152fc31306f1d8fa793e524c538295915b075ec085b0 SHA512
2470b6b46f8c7ac985f82d14b788a3eb81a468a1d5013cb7f89257d9dd78b6037e24bf54ac57b757db8ed1df24332d659cf918c11ea73592fd24a69c25a54081
WHIRLPOOL
b041ee9e0efdf370686f11df4131ab5e5ffb2f11cc66c386a8223bf563c5b78ab9443f06e4adc2e506e440cdec9dc5b20f5972cd8d691d786d2f903bb49b947b
+EBUILD openssh-6.9_p1-r99.ebuild 9784 SHA256
41579ef5715c5a7a6b96b290830cf52189d26ddd73c932763e5078a9b27286e1 SHA512
3c6885e8f6ff5b43dfcf99c8dfc303fb01c31d383c51439a9bfd731a7111d4c79393f1df8567c028e6bd553958d381d6d0d2585b3f88273083e20a3e05fc941a
WHIRLPOOL
b669a92baf88cc26c024db804240a7f5bca2feef1bb634674837d6c83d78436e01008072e6d18682e2526e4b1427a753e46821495b768df2c49adef28addfd28
MISC metadata.xml 1912 SHA256
7b838285f09ad395f237a0d0b9963eee86d0e85b58e6e5b4d5edb093fa888a0a SHA512
e55c10ffd12488720c3da19e55942cfedec63fe767fc1608439b5a3932eeb5488086ad7ef4e1f858c89381e737426f035845ea5e8bede4ed8a0ccabdc656d9b5
WHIRLPOOL
5c07b3dd4a4002cff5df62133ecf570bf79f58e9477d0ad25d60f185ee029183d11118147e3adfec373542659d921e99e787054cfe9284031c974d694de6e9ed
diff --git a/net-misc/openssh/files/openssh-6.4_p1-x509-glue.patch
b/net-misc/openssh/files/openssh-6.4_p1-x509-glue.patch
deleted file mode 100644
index 6aed19b..0000000
--- a/net-misc/openssh/files/openssh-6.4_p1-x509-glue.patch
+++ /dev/null
@@ -1,30 +0,0 @@
-Make x509 apply after openssh-5.9_p1-sshd-gssapi-multihomed.patch and remove
-redundant README.x509v3 directory.
-
---- openssh-6.4p1+x509-7.7.diff.orig 2013-11-09 14:51:13.400696545 -0800
-+++ openssh-6.4p1+x509-7.7.diff 2013-11-09 14:51:05.798786189 -0800
-@@ -6809,9 +6809,9 @@
-
- -$OpenBSD: README.dns,v 1.2 2003/10/14 19:43:23 jakob Exp $
- +$OpenBSD$
--diff -ruN openssh-6.4p1/README.x509v3/README.x509v3
openssh-6.4p1+x509-7.7/README.x509v3/README.x509v3
----- openssh-6.4p1/README.x509v3/README.x509v3 1970-01-01 02:00:00.000000000
+0200
--+++ openssh-6.4p1+x509-7.7/README.x509v3/README.x509v3 2013-05-17
18:50:02.156263192 +0300
-+diff -ruN openssh-6.4p1/README.x509v3 openssh-6.4p1+x509-7.7/README.x509v3
-+--- openssh-6.4p1/README.x509v3 1970-01-01 02:00:00.000000000 +0200
-++++ openssh-6.4p1+x509-7.7/README.x509v3 2013-05-17 18:50:02.156263192
+0300
- @@ -0,0 +1,615 @@
- + Roumen Petrov
- + Sofia, Bulgaria
-@@ -14793,10 +14793,9 @@
- .It Cm ChallengeResponseAuthentication
- Specifies whether challenge-response authentication is allowed (e.g. via
- PAM or though authentication styles supported in
--@@ -490,6 +567,16 @@
-+@@ -490,5 +567,15 @@
- The default is
- .Dq yes .
-- Note that this option applies to protocol version 2 only.
- +.It Cm HostbasedAlgorithms
- +Specifies the protocol version 2 algorithms used in
- +.Dq hostbased
diff --git
a/net-misc/openssh/files/openssh-6.4p1-fix-typo-construct_utmpx.patch
b/net-misc/openssh/files/openssh-6.4p1-fix-typo-construct_utmpx.patch
deleted file mode 100644
index a3361ca..0000000
--- a/net-misc/openssh/files/openssh-6.4p1-fix-typo-construct_utmpx.patch
+++ /dev/null
@@ -1,21 +0,0 @@
-diff -Naur openssh-6.4p1.orig/loginrec.c openssh-6.4p1/loginrec.c
---- openssh-6.4p1.orig/loginrec.c 2014-01-22 17:33:12.380676129 +0000
-+++ openssh-6.4p1/loginrec.c 2014-01-22 17:55:40.957751536 +0000
-@@ -785,12 +785,12 @@
- /* this is just a 128-bit IPv6 address */
- if (li->hostaddr.sa.sa_family == AF_INET6) {
- sa6 = ((struct sockaddr_in6 *)&li->hostaddr.sa);
-- memcpy(ut->ut_addr_v6, sa6->sin6_addr.s6_addr, 16);
-+ memcpy(utx->ut_addr_v6, sa6->sin6_addr.s6_addr, 16);
- if (IN6_IS_ADDR_V4MAPPED(&sa6->sin6_addr)) {
-- ut->ut_addr_v6[0] = ut->ut_addr_v6[3];
-- ut->ut_addr_v6[1] = 0;
-- ut->ut_addr_v6[2] = 0;
-- ut->ut_addr_v6[3] = 0;
-+ utx->ut_addr_v6[0] = utx->ut_addr_v6[3];
-+ utx->ut_addr_v6[1] = 0;
-+ utx->ut_addr_v6[2] = 0;
-+ utx->ut_addr_v6[3] = 0;
- }
- }
- # endif
diff --git a/net-misc/openssh/files/openssh-6.4p1-missing-sys_param_h.patch
b/net-misc/openssh/files/openssh-6.4p1-missing-sys_param_h.patch
deleted file mode 100644
index 22b6ffa..0000000
--- a/net-misc/openssh/files/openssh-6.4p1-missing-sys_param_h.patch
+++ /dev/null
@@ -1,67 +0,0 @@
-diff -Naur openssh-6.4p1.orig/channels.c openssh-6.4p1/channels.c
---- openssh-6.4p1.orig/channels.c 2014-01-22 17:14:19.508612783 +0000
-+++ openssh-6.4p1/channels.c 2014-01-22 17:18:18.176626129 +0000
-@@ -61,6 +61,7 @@
- #include <termios.h>
- #include <unistd.h>
- #include <stdarg.h>
-+#include <sys/param.h>
-
- #include "openbsd-compat/sys-queue.h"
- #include "xmalloc.h"
-diff -Naur openssh-6.4p1.orig/loginrec.c openssh-6.4p1/loginrec.c
---- openssh-6.4p1.orig/loginrec.c 2013-06-01 22:07:32.000000000 +0000
-+++ openssh-6.4p1/loginrec.c 2014-01-22 17:30:57.322668577 +0000
-@@ -162,6 +162,7 @@
- #include <stdarg.h>
- #include <string.h>
- #include <time.h>
-+#include <sys/time.h>
- #include <unistd.h>
-
- #include "xmalloc.h"
-diff -Naur openssh-6.4p1.orig/sshconnect.c openssh-6.4p1/sshconnect.c
---- openssh-6.4p1.orig/sshconnect.c 2014-01-22 17:16:53.809621411 +0000
-+++ openssh-6.4p1/sshconnect.c 2014-01-22 17:17:19.535622850 +0000
-@@ -40,6 +40,7 @@
- #include <stdlib.h>
- #include <string.h>
- #include <unistd.h>
-+#include <sys/param.h>
-
- #include "xmalloc.h"
- #include "key.h"
-diff -Naur openssh-6.4p1.orig/sshd.c openssh-6.4p1/sshd.c
---- openssh-6.4p1.orig/sshd.c 2014-01-22 17:14:19.517612784 +0000
-+++ openssh-6.4p1/sshd.c 2014-01-22 17:18:54.560628163 +0000
-@@ -83,6 +83,8 @@
- #include <prot.h>
- #endif
-
-+#include <sys/param.h>
-+
- #include "xmalloc.h"
- #include "ssh.h"
- #include "ssh1.h"
-diff -Naur openssh-6.4p1.orig/ssh-keyscan.c openssh-6.4p1/ssh-keyscan.c
---- openssh-6.4p1.orig/ssh-keyscan.c 2013-06-01 21:31:19.000000000 +0000
-+++ openssh-6.4p1/ssh-keyscan.c 2014-01-22 17:59:37.756764777 +0000
-@@ -29,6 +29,7 @@
- #include <signal.h>
- #include <string.h>
- #include <unistd.h>
-+#include <sys/param.h>
-
- #include "xmalloc.h"
- #include "ssh.h"
-diff -Naur openssh-6.4p1.orig/ssh-pkcs11-helper.c
openssh-6.4p1/ssh-pkcs11-helper.c
---- openssh-6.4p1.orig/ssh-pkcs11-helper.c 2013-06-01 21:31:19.000000000
+0000
-+++ openssh-6.4p1/ssh-pkcs11-helper.c 2014-01-22 18:00:04.653766281 +0000
-@@ -28,6 +28,7 @@
- #include <string.h>
- #include <unistd.h>
- #include <errno.h>
-+#include <sys/param.h>
-
- #include "xmalloc.h"
- #include "buffer.h"
diff --git a/net-misc/openssh/files/openssh-6.7_p1-sctp-x509-glue.patch
b/net-misc/openssh/files/openssh-6.7_p1-sctp-x509-glue.patch
deleted file mode 100644
index bd0b7ce..0000000
--- a/net-misc/openssh/files/openssh-6.7_p1-sctp-x509-glue.patch
+++ /dev/null
@@ -1,42 +0,0 @@
---- openssh-6.7_p1-sctp.patch.orig 2014-11-24 10:34:31.817538707 -0800
-+++ openssh-6.7_p1-sctp.patch 2014-11-24 10:38:52.744990154 -0800
-@@ -195,14 +195,6 @@
- .Op Fl c Ar cipher
- .Op Fl F Ar ssh_config
- .Op Fl i Ar identity_file
--@@ -178,6 +178,7 @@ For full details of the options listed b
-- .It ServerAliveCountMax
-- .It StrictHostKeyChecking
-- .It TCPKeepAlive
--+.It Transport
-- .It UsePrivilegedPort
-- .It User
-- .It UserKnownHostsFile
- @@ -218,6 +219,8 @@ and
- to print debugging messages about their progress.
- This is helpful in
-@@ -482,14 +474,6 @@
- .Op Fl b Ar bind_address
- .Op Fl c Ar cipher_spec
- .Op Fl D Oo Ar bind_address : Oc Ns Ar port
--@@ -473,6 +473,7 @@ For full details of the options listed b
-- .It StreamLocalBindUnlink
-- .It StrictHostKeyChecking
-- .It TCPKeepAlive
--+.It Transport
-- .It Tunnel
-- .It TunnelDevice
-- .It UsePrivilegedPort
- @@ -665,6 +666,8 @@ Trusted X11 forwardings are not subjecte
- controls.
- .It Fl y
-@@ -527,7 +511,7 @@
-- again:
-+
- - while ((opt = getopt(ac, av, "1246ab:c:e:fgi:kl:m:no:p:qstvx"
- + while ((opt = getopt(ac, av, "1246ab:c:e:fgi:kl:m:no:p:qstvx" SCTP_OPT
-- "ACD:E:F:I:KL:MNO:PQ:R:S:TVw:W:XYy")) != -1) {
-+ "ACD:E:F:" ENGCONFIG "I:KL:MNO:PQ:R:S:TVw:W:XYy")) != -1) {
- switch (opt) {
- case '1':
- @@ -732,6 +738,11 @@ main(int ac, char **av)
diff --git a/net-misc/openssh/files/openssh-6.7_p1-sshd-gssapi-multihomed.patch
b/net-misc/openssh/files/openssh-6.7_p1-sshd-gssapi-multihomed.patch
deleted file mode 100644
index 96818e4..0000000
--- a/net-misc/openssh/files/openssh-6.7_p1-sshd-gssapi-multihomed.patch
+++ /dev/null
@@ -1,162 +0,0 @@
-https://bugs.gentoo.org/378361
-https://bugzilla.mindrot.org/show_bug.cgi?id=928
-
---- a/gss-serv.c
-+++ b/gss-serv.c
-@@ -41,9 +41,12 @@
- #include "channels.h"
- #include "session.h"
- #include "misc.h"
-+#include "servconf.h"
-
- #include "ssh-gss.h"
-
-+extern ServerOptions options;
-+
- static ssh_gssapi_client gssapi_client =
- { GSS_C_EMPTY_BUFFER, GSS_C_EMPTY_BUFFER,
- GSS_C_NO_CREDENTIAL, NULL, {NULL, NULL, NULL}};
-@@ -77,25 +80,32 @@ ssh_gssapi_acquire_cred(Gssctxt *ctx)
- char lname[NI_MAXHOST];
- gss_OID_set oidset;
-
-- gss_create_empty_oid_set(&status, &oidset);
-- gss_add_oid_set_member(&status, ctx->oid, &oidset);
--
-- if (gethostname(lname, sizeof(lname))) {
-- gss_release_oid_set(&status, &oidset);
-- return (-1);
-- }
-+ if (options.gss_strict_acceptor) {
-+ gss_create_empty_oid_set(&status, &oidset);
-+ gss_add_oid_set_member(&status, ctx->oid, &oidset);
-+
-+ if (gethostname(lname, MAXHOSTNAMELEN)) {
-+ gss_release_oid_set(&status, &oidset);
-+ return (-1);
-+ }
-+
-+ if (GSS_ERROR(ssh_gssapi_import_name(ctx, lname))) {
-+ gss_release_oid_set(&status, &oidset);
-+ return (ctx->major);
-+ }
-+
-+ if ((ctx->major = gss_acquire_cred(&ctx->minor,
-+ ctx->name, 0, oidset, GSS_C_ACCEPT, &ctx->creds,
-+ NULL, NULL)))
-+ ssh_gssapi_error(ctx);
-
-- if (GSS_ERROR(ssh_gssapi_import_name(ctx, lname))) {
- gss_release_oid_set(&status, &oidset);
- return (ctx->major);
-+ } else {
-+ ctx->name = GSS_C_NO_NAME;
-+ ctx->creds = GSS_C_NO_CREDENTIAL;
- }
--
-- if ((ctx->major = gss_acquire_cred(&ctx->minor,
-- ctx->name, 0, oidset, GSS_C_ACCEPT, &ctx->creds, NULL, NULL)))
-- ssh_gssapi_error(ctx);
--
-- gss_release_oid_set(&status, &oidset);
-- return (ctx->major);
-+ return GSS_S_COMPLETE;
- }
-
- /* Privileged */
---- a/servconf.c
-+++ b/servconf.c
-@@ -86,6 +86,7 @@ initialize_server_options(ServerOptions
- options->kerberos_get_afs_token = -1;
- options->gss_authentication=-1;
- options->gss_cleanup_creds = -1;
-+ options->gss_strict_acceptor = -1;
- options->password_authentication = -1;
- options->kbd_interactive_authentication = -1;
- options->challenge_response_authentication = -1;
-@@ -200,6 +201,8 @@ fill_default_server_options(ServerOption
- options->gss_authentication = 0;
- if (options->gss_cleanup_creds == -1)
- options->gss_cleanup_creds = 1;
-+ if (options->gss_strict_acceptor == -1)
-+ options->gss_strict_acceptor = 0;
- if (options->password_authentication == -1)
- options->password_authentication = 1;
- if (options->kbd_interactive_authentication == -1)
-@@ -277,7 +280,8 @@ typedef enum {
- sBanner, sUseDNS, sHostbasedAuthentication,
- sHostbasedUsesNameFromPacketOnly, sClientAliveInterval,
- sClientAliveCountMax, sAuthorizedKeysFile,
-- sGssAuthentication, sGssCleanupCreds, sAcceptEnv, sPermitTunnel,
-+ sGssAuthentication, sGssCleanupCreds, sGssStrictAcceptor,
-+ sAcceptEnv, sPermitTunnel,
- sMatch, sPermitOpen, sForceCommand, sChrootDirectory,
- sUsePrivilegeSeparation, sAllowAgentForwarding,
- sZeroKnowledgePasswordAuthentication, sHostCertificate,
-@@ -327,9 +331,11 @@ static struct {
- #ifdef GSSAPI
- { "gssapiauthentication", sGssAuthentication, SSHCFG_ALL },
- { "gssapicleanupcredentials", sGssCleanupCreds, SSHCFG_GLOBAL },
-+ { "gssapistrictacceptorcheck", sGssStrictAcceptor, SSHCFG_GLOBAL },
- #else
- { "gssapiauthentication", sUnsupported, SSHCFG_ALL },
- { "gssapicleanupcredentials", sUnsupported, SSHCFG_GLOBAL },
-+ { "gssapistrictacceptorcheck", sUnsupported, SSHCFG_GLOBAL },
- #endif
- { "passwordauthentication", sPasswordAuthentication, SSHCFG_ALL },
- { "kbdinteractiveauthentication", sKbdInteractiveAuthentication,
SSHCFG_ALL },
-@@ -850,6 +856,10 @@ process_server_config_line(ServerOptions
-
- case sGssCleanupCreds:
- intptr = &options->gss_cleanup_creds;
-+ goto parse_flag;
-+
-+ case sGssStrictAcceptor:
-+ intptr = &options->gss_strict_acceptor;
- goto parse_flag;
-
- case sPasswordAuthentication:
---- a/servconf.h
-+++ b/servconf.h
-@@ -92,6 +92,7 @@ typedef struct {
- * authenticated with Kerberos.
*/
- int gss_authentication; /* If true, permit GSSAPI
authentication */
- int gss_cleanup_creds; /* If true, destroy cred cache on
logout */
-+ int gss_strict_acceptor; /* If true, restrict the GSSAPI
acceptor name */
- int password_authentication; /* If true, permit password
- * authentication. */
- int kbd_interactive_authentication; /* If true, permit */
---- a/sshd_config
-+++ b/sshd_config
-@@ -69,6 +69,7 @@
- # GSSAPI options
- #GSSAPIAuthentication no
- #GSSAPICleanupCredentials yes
-+#GSSAPIStrictAcceptorCheck yes
-
- # Set this to 'yes' to enable PAM authentication, account processing,
- # and session processing. If this is enabled, PAM authentication will
---- a/sshd_config.5
-+++ b/sshd_config.5
-@@ -386,6 +386,21 @@ on logout.
- The default is
- .Dq yes .
- Note that this option applies to protocol version 2 only.
-+.It Cm GSSAPIStrictAcceptorCheck
-+Determines whether to be strict about the identity of the GSSAPI acceptor
-+a client authenticates against.
-+If set to
-+.Dq yes
-+then the client must authenticate against the
-+.Pa host
-+service on the current hostname.
-+If set to
-+.Dq no
-+then the client may authenticate against any service key stored in the
-+machine's default store.
-+This facility is provided to assist with operation on multi homed machines.
-+The default is
-+.Dq yes .
- .It Cm HostbasedAuthentication
- Specifies whether rhosts or /etc/hosts.equiv authentication together
- with successful public key client host authentication is allowed
diff --git a/net-misc/openssh/files/openssh-6.7_p1-x509-glue.patch
b/net-misc/openssh/files/openssh-6.7_p1-x509-glue.patch
deleted file mode 100644
index 71b9c51..0000000
--- a/net-misc/openssh/files/openssh-6.7_p1-x509-glue.patch
+++ /dev/null
@@ -1,46 +0,0 @@
---- openssh-6.7p1.orig/sshd_config.5 2014-11-24 10:24:29.356244415 -0800
-+++ openssh-6.7p1/sshd_config.5 2014-11-24 10:23:49.415029039 -0800
-@@ -610,21 +610,6 @@
- The default is
- .Dq yes .
- Note that this option applies to protocol version 2 only.
--.It Cm GSSAPIStrictAcceptorCheck
--Determines whether to be strict about the identity of the GSSAPI acceptor
--a client authenticates against.
--If set to
--.Dq yes
--then the client must authenticate against the
--.Pa host
--service on the current hostname.
--If set to
--.Dq no
--then the client may authenticate against any service key stored in the
--machine's default store.
--This facility is provided to assist with operation on multi homed machines.
--The default is
--.Dq yes .
- .It Cm HostbasedAuthentication
- Specifies whether rhosts or /etc/hosts.equiv authentication together
- with successful public key client host authentication is allowed
-@@ -651,6 +636,21 @@
- attempting to resolve the name from the TCP connection itself.
- The default is
- .Dq no .
-+.It Cm GSSAPIStrictAcceptorCheck
-+Determines whether to be strict about the identity of the GSSAPI acceptor
-+a client authenticates against.
-+If set to
-+.Dq yes
-+then the client must authenticate against the
-+.Pa host
-+service on the current hostname.
-+If set to
-+.Dq no
-+then the client may authenticate against any service key stored in the
-+machine's default store.
-+This facility is provided to assist with operation on multi homed machines.
-+The default is
-+.Dq yes .
- .It Cm HostCertificate
- Specifies a file containing a public host certificate.
- The certificate's public key must match a private host key already specified
diff --git a/net-misc/openssh/files/openssh-6.7p1-avoid-exit.patch
b/net-misc/openssh/files/openssh-6.7p1-avoid-exit.patch
deleted file mode 100644
index 4998a94..0000000
--- a/net-misc/openssh/files/openssh-6.7p1-avoid-exit.patch
+++ /dev/null
@@ -1,441 +0,0 @@
-diff -ur a/openssh-6.7p1/configure.ac b/openssh-6.7p1/configure.ac
---- a/openssh-6.7p1/configure.ac 2014-08-26 21:32:01.000000000 -0100
-+++ b/openssh-6.7p1/configure.ac 2014-12-08 20:55:47.281836604 -0100
-@@ -252,7 +252,7 @@
- [AC_LANG_PROGRAM([[
- #include <stdlib.h>
- __attribute__((__unused__)) static void foo(void){return;}]],
-- [[ exit(0); ]])],
-+ [[ return 0; ]])],
- [ AC_MSG_RESULT([yes]) ],
- [ AC_MSG_RESULT([no])
- AC_DEFINE(NO_ATTRIBUTE_ON_RETURN_TYPE, 1,
-@@ -442,7 +442,7 @@
- [AC_LANG_PROGRAM([[
- #define testmacro foo
- #define testmacro bar]],
-- [[ exit(0); ]])],
-+ [[ return 0; ]])],
- [ AC_MSG_RESULT([yes]) ],
- [ AC_MSG_RESULT([no])
- CC="`echo $CC | sed 's/-qlanglvl\=ansi//g'`"
-@@ -562,9 +562,9 @@
- AC_MSG_CHECKING([if we have working getaddrinfo])
- AC_RUN_IFELSE([AC_LANG_SOURCE([[ #include <mach-o/dyld.h>
- main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16))
-- exit(0);
-+ return 0;
- else
-- exit(1);
-+ return 1;
- }
- ]])],
- [AC_MSG_RESULT([working])],
-@@ -1067,7 +1067,7 @@
- esac
-
- AC_MSG_CHECKING([compiler and flags for sanity])
--AC_RUN_IFELSE([AC_LANG_PROGRAM([[ #include <stdio.h> ]], [[ exit(0); ]])],
-+AC_RUN_IFELSE([AC_LANG_PROGRAM([[ #include <stdio.h> ]], [[ return 0; ]])],
- [ AC_MSG_RESULT([yes]) ],
- [
- AC_MSG_RESULT([no])
-@@ -1099,9 +1099,9 @@
- strncpy(buf,"/etc", 32);
- s = dirname(buf);
- if (!s || strncmp(s, "/", 32) != 0) {
-- exit(1);
-+ return 1;
- } else {
-- exit(0);
-+ return 0;
- }
- }
- ]])],
-@@ -1191,19 +1191,19 @@
- int a=0, b=0, c=0, d=0, n, v;
- n = sscanf(ZLIB_VERSION, "%d.%d.%d.%d", &a, &b, &c, &d);
- if (n != 3 && n != 4)
-- exit(1);
-+ return 1;
- v = a*1000000 + b*10000 + c*100 + d;
- fprintf(stderr, "found zlib version %s (%d)\n", ZLIB_VERSION, v);
-
- /* 1.1.4 is OK */
- if (a == 1 && b == 1 && c >= 4)
-- exit(0);
-+ return 0;
-
- /* 1.2.3 and up are OK */
- if (v >= 1020300)
-- exit(0);
-+ return 0;
-
-- exit(2);
-+ return 2;
- ]])],
- AC_MSG_RESULT([no]),
- [ AC_MSG_RESULT([yes])
-@@ -1308,7 +1308,7 @@
- #include <dirent.h>]],
- [[
- struct dirent d;
-- exit(sizeof(d.d_name)<=sizeof(char));
-+ return sizeof(d.d_name)<=sizeof(char);
- ]])],
- [AC_MSG_RESULT([yes])],
- [
-@@ -1354,7 +1354,7 @@
- #include <skey.h>
- ]], [[
- char *ff = skey_keyinfo(""); ff="";
-- exit(0);
-+ return 0;
- ]])],
- [AC_MSG_RESULT([yes])],
- [
-@@ -1403,7 +1403,7 @@
- #include <stdlib.h>
- #include <stdint.h>
- #include <ldns/ldns.h>
--int main() { ldns_status status = ldns_verify_trusted(NULL, NULL, NULL,
NULL); status=LDNS_STATUS_OK; exit(0); }
-+int main() { ldns_status status = ldns_verify_trusted(NULL, NULL, NULL,
NULL); status=LDNS_STATUS_OK; return 0; }
- ]])
- ],
- [AC_MSG_RESULT(yes)],
-@@ -1460,7 +1460,7 @@
- [[
- int i = H_SETSIZE;
- el_init("", NULL, NULL, NULL);
-- exit(0);
-+ return 0;
- ]])],
- [ AC_MSG_RESULT([yes]) ],
- [ AC_MSG_RESULT([no])
-@@ -1808,9 +1808,9 @@
- errno=0;
- setresuid(0,0,0);
- if (errno==ENOSYS)
-- exit(1);
-+ return 1;
- else
-- exit(0);
-+ return 0;
- ]])],
- [AC_MSG_RESULT([yes])],
- [AC_DEFINE([BROKEN_SETRESUID], [1],
-@@ -1831,9 +1831,9 @@
- errno=0;
- setresgid(0,0,0);
- if (errno==ENOSYS)
-- exit(1);
-+ return 1;
- else
-- exit(0);
-+ return 0;
- ]])],
- [AC_MSG_RESULT([yes])],
- [AC_DEFINE([BROKEN_SETRESGID], [1],
-@@ -1875,7 +1875,7 @@
- [[
- char b[5];
- snprintf(b,5,"123456789");
-- exit(b[4]!='\0');
-+ return b[4]!='\0';
- ]])],
- [AC_MSG_RESULT([yes])],
- [
-@@ -1966,9 +1966,9 @@
- ]], [[
- char template[]="conftest.mkstemp-test";
- if (mkstemp(template) == -1)
-- exit(1);
-+ return 1;
- unlink(template);
-- exit(0);
-+ return 0;
- ]])],
- [
- AC_MSG_RESULT([no])
-@@ -1999,22 +1999,22 @@
-
- pid = fork();
- if (pid < 0) { /* failed */
-- exit(1);
-+ return 1;
- } else if (pid > 0) { /* parent */
- waitpid(pid, &status, 0);
- if (WIFEXITED(status))
-- exit(WEXITSTATUS(status));
-+ return WEXITSTATUS(status);
- else
-- exit(2);
-+ return 2;
- } else { /* child */
- close(0); close(1); close(2);
- setsid();
- openpty(&ptyfd, &ttyfd, NULL, NULL, NULL);
- fd = open("/dev/tty", O_RDWR | O_NOCTTY);
- if (fd >= 0)
-- exit(3); /* Acquired ctty: broken */
-+ return 3; /* Acquired ctty: broken */
- else
-- exit(0); /* Did not acquire ctty: OK */
-+ return 0; /* Did not acquire ctty: OK */
- }
- ]])],
- [
-@@ -2055,7 +2055,7 @@
- err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai);
- if (err != 0) {
- fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err));
-- exit(1);
-+ return 1;
- }
-
- for (ai = gai_ai; ai != NULL; ai = ai->ai_next) {
-@@ -2072,7 +2072,7 @@
- else
- fprintf(stderr, "getnameinfo failed: %s\n",
- gai_strerror(err));
-- exit(2);
-+ return 2;
- }
-
- sock = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol);
-@@ -2080,10 +2080,10 @@
- perror("socket");
- if (bind(sock, ai->ai_addr, ai->ai_addrlen) < 0) {
- if (errno == EBADF)
-- exit(3);
-+ return 3;
- }
- }
-- exit(0);
-+ return 0;
- ]])],
- [
- AC_MSG_RESULT([yes])
-@@ -2123,7 +2123,7 @@
- err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai);
- if (err != 0) {
- fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err));
-- exit(1);
-+ return 1;
- }
-
- for (ai = gai_ai; ai != NULL; ai = ai->ai_next) {
-@@ -2136,10 +2136,10 @@
-
- if (ai->ai_family == AF_INET && err != 0) {
- perror("getnameinfo");
-- exit(2);
-+ return 2;
- }
- }
-- exit(0);
-+ return 0;
- ]])],
- [
- AC_MSG_RESULT([yes])
-@@ -2248,12 +2248,12 @@
-
- fd = fopen(DATA,"w");
- if(fd == NULL)
-- exit(1);
-+ return 1;
-
- if ((rc = fprintf(fd ,"%08x (%s)\n", OPENSSL_VERSION_NUMBER,
OPENSSL_VERSION_TEXT)) <0)
-- exit(1);
-+ return 1;
-
-- exit(0);
-+ return 0;
- ]])],
- [
- ssl_header_ver=`cat conftest.sslincver`
-@@ -2283,13 +2283,13 @@
-
- fd = fopen(DATA,"w");
- if(fd == NULL)
-- exit(1);
-+ return 1;
-
- if ((rc = fprintf(fd ,"%08x (%s)\n", SSLeay(),
- SSLeay_version(SSLEAY_VERSION))) <0)
-- exit(1);
-+ return 1;
-
-- exit(0);
-+ return 0;
- ]])],
- [
- ssl_library_ver=`cat conftest.ssllibver`
-@@ -2330,7 +2330,7 @@
- #include <string.h>
- #include <openssl/opensslv.h>
- ]], [[
-- exit(SSLeay() == OPENSSL_VERSION_NUMBER ? 0 : 1);
-+ return SSLeay() == OPENSSL_VERSION_NUMBER ? 0 : 1;
- ]])],
- [
- AC_MSG_RESULT([yes])
-@@ -2419,7 +2419,7 @@
- #include <string.h>
- #include <openssl/evp.h>
- ]], [[
-- exit(EVP_aes_192_cbc() == NULL || EVP_aes_256_cbc() == NULL);
-+ return EVP_aes_192_cbc() == NULL || EVP_aes_256_cbc() == NULL;
- ]])],
- [
- AC_MSG_RESULT([no])
-@@ -2490,7 +2490,7 @@
- #include <openssl/evp.h>
- ]], [[
- if(EVP_DigestUpdate(NULL, NULL,0))
-- exit(0);
-+ return 0;
- ]])],
- [
- AC_MSG_RESULT([yes])
-@@ -2604,7 +2604,7 @@
- ]],[[
- EC_KEY *e = EC_KEY_new_by_curve_name(NID_secp521r1);
- const EVP_MD *m = EVP_sha512(); /* We need this too */
-- exit(e == NULL || m == NULL);
-+ return e == NULL || m == NULL;
- ]])],
- [ AC_MSG_RESULT([yes])
- enable_nistp521=1 ],
-@@ -2677,7 +2677,7 @@
- #include <string.h>
- #include <openssl/rand.h>
- ]], [[
-- exit(RAND_status() == 1 ? 0 : 1);
-+ return RAND_status() == 1 ? 0 : 1;
- ]])],
- [
- OPENSSL_SEEDS_ITSELF=yes
-@@ -2985,7 +2985,7 @@
- struct rlimit rl_zero;
-
- rl_zero.rlim_cur = rl_zero.rlim_max = 0;
-- exit(setrlimit(RLIMIT_FSIZE, &rl_zero) != 0);
-+ return setrlimit(RLIMIT_FSIZE, &rl_zero) != 0;
- ]])],
- [AC_MSG_RESULT([yes])],
- [AC_MSG_RESULT([no])
-@@ -3119,7 +3119,7 @@
- long long i, llmin, llmax = 0;
-
- if((f = fopen(DATA,"w")) == NULL)
-- exit(1);
-+ return 1;
-
- #if defined(LLONG_MIN) && defined(LLONG_MAX)
- fprintf(stderr, "Using system header for LLONG_MIN and LLONG_MAX\n");
-@@ -3138,16 +3138,16 @@
- || llmax - 1 > llmax || llmin == llmax || llmin == 0
- || llmax == 0 || llmax < LONG_MAX || llmin > LONG_MIN) {
- fprintf(f, "unknown unknown\n");
-- exit(2);
-+ return 2;
- }
-
- if (fprint_ll(f, llmin) < 0)
-- exit(3);
-+ return 3;
- if (fprint_ll(f, llmax) < 0)
-- exit(4);
-+ return 4;
- if (fclose(f) < 0)
-- exit(5);
-- exit(0);
-+ return 5;
-+ return 0;
- ]])],
- [
- llong_min=`$AWK '{print $1}' conftest.llminmax`
-@@ -3553,8 +3553,8 @@
- strcpy(expected_out, "9223372036854775807");
- snprintf(buf, mazsize, "%lld", num);
- if(strcmp(buf, expected_out) != 0)
-- exit(1);
-- exit(0);
-+ return 1;
-+ return 0;
- }
- #else
- main() { exit(0); }
-@@ -3641,11 +3641,11 @@
- ]], [[
- #ifdef msg_accrights
- #error "msg_accrights is a macro"
--exit(1);
-+return 1;
- #endif
- struct msghdr m;
- m.msg_accrights = 0;
--exit(0);
-+return 0;
- ]])],
- [ ac_cv_have_accrights_in_msghdr="yes" ],
- [ ac_cv_have_accrights_in_msghdr="no" ]
-@@ -3702,11 +3702,11 @@
- ]], [[
- #ifdef msg_control
- #error "msg_control is a macro"
--exit(1);
-+return 1;
- #endif
- struct msghdr m;
- m.msg_control = 0;
--exit(0);
-+return 0;
- ]])],
- [ ac_cv_have_control_in_msghdr="yes" ],
- [ ac_cv_have_control_in_msghdr="no" ]
-@@ -4128,22 +4128,22 @@
-
- fd = fopen(DATA,"w");
- if(fd == NULL)
-- exit(1);
-+ return 1;
-
- #if defined (_PATH_MAILDIR)
- if ((rc = fprintf(fd ,"_PATH_MAILDIR:%s\n", _PATH_MAILDIR)) <0)
-- exit(1);
-+ return 1;
- #elif defined (MAILDIR)
- if ((rc = fprintf(fd ,"MAILDIR:%s\n", MAILDIR)) <0)
-- exit(1);
-+ return 1;
- #elif defined (_PATH_MAIL)
- if ((rc = fprintf(fd ,"_PATH_MAIL:%s\n", _PATH_MAIL)) <0)
-- exit(1);
-+ return 1;
- #else
- exit (2);
- #endif
-
-- exit(0);
-+ return 0;
- ]])],
- [
- maildir_what=`awk -F: '{print $1}' conftest.maildir`
-@@ -4378,12 +4378,12 @@
-
- fd = fopen(DATA,"w");
- if(fd == NULL)
-- exit(1);
-+ return 1;
-
- if ((rc = fprintf(fd,"%s", _PATH_STDPATH)) < 0)
-- exit(1);
-+ return 1;
-
-- exit(0);
-+ return 0;
- ]])],
- [ user_path=`cat conftest.stdpath` ],
- [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ],
diff --git a/net-misc/openssh/files/openssh-6.8_p1-ssl-engine-configure.patch
b/net-misc/openssh/files/openssh-6.8_p1-ssl-engine-configure.patch
new file mode 100644
index 0000000..a355e2c
--- /dev/null
+++ b/net-misc/openssh/files/openssh-6.8_p1-ssl-engine-configure.patch
@@ -0,0 +1,33 @@
+https://github.com/openssh/openssh-portable/pull/29
+
+From 003ed46d1bd94bac29c53b26ae70f6321ea11c80 Mon Sep 17 00:00:00 2001
+From: Mike Frysinger <[email protected]>
+Date: Wed, 18 Mar 2015 12:37:24 -0400
+Subject: [PATCH] do not abort when --without-ssl-engine --without-openssl is
+ set
+
+---
+ configure.ac | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/configure.ac b/configure.ac
+index b4d6598..7806d20 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -2276,10 +2276,10 @@ openssl_engine=no
+ AC_ARG_WITH([ssl-engine],
+ [ --with-ssl-engine Enable OpenSSL (hardware) ENGINE support ],
+ [
+- if test "x$openssl" = "xno" ; then
+- AC_MSG_ERROR([cannot use --with-ssl-engine when OpenSSL
disabled])
+- fi
+ if test "x$withval" != "xno" ; then
++ if test "x$openssl" = "xno" ; then
++ AC_MSG_ERROR([cannot use --with-ssl-engine when
OpenSSL disabled])
++ fi
+ openssl_engine=yes
+ fi
+ ]
+--
+2.3.2
+
diff --git a/net-misc/openssh/openssh-6.7_p1-r99.ebuild
b/net-misc/openssh/openssh-6.9_p1-r99.ebuild
similarity index 63%
rename from net-misc/openssh/openssh-6.7_p1-r99.ebuild
rename to net-misc/openssh/openssh-6.9_p1-r99.ebuild
index f6ad39c..d763f9b 100644
--- a/net-misc/openssh/openssh-6.7_p1-r99.ebuild
+++ b/net-misc/openssh/openssh-6.9_p1-r99.ebuild
@@ -1,6 +1,6 @@
-# Copyright 1999-2014 Gentoo Foundation
+# Copyright 1999-2015 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/net-misc/openssh/openssh-6.7_p1-r3.ebuild,v
1.1 2014/11/25 22:35:45 chutzpah Exp $
+# $Id$
EAPI="4"
inherit eutils user flag-o-matic multilib autotools pam systemd versionator
@@ -9,17 +9,17 @@ inherit eutils user flag-o-matic multilib autotools pam
systemd versionator
# and _p? releases.
PARCH=${P/_}
-HPN_PATCH="${PN}-6.7p1-hpnssh14v5.tar.xz"
-LDAP_PATCH="${PN}-lpk-6.7p1-0.3.14.patch.xz"
-X509_VER="8.2" X509_PATCH="${PARCH}+x509-${X509_VER}.diff.gz"
+HPN_PATCH="${PN}-6.9p1-r1-hpnssh14v5.tar.xz"
+LDAP_PATCH="${PN}-lpk-6.8p1-0.3.14.patch.xz"
+X509_VER="8.4" X509_PATCH="${PN}-6.9p1+x509-${X509_VER}.diff.gz"
DESCRIPTION="Port of OpenBSD's free SSH release"
HOMEPAGE="http://www.openssh.org/";
SRC_URI="mirror://openbsd/OpenSSH/portable/${PARCH}.tar.gz
- mirror://gentoo/${P}-sctp.patch.xz
+ mirror://gentoo/${PN}-6.8_p1-sctp.patch.xz
${HPN_PATCH:+hpn? (
mirror://gentoo/${HPN_PATCH}
- http://dev.gentoo.org/~vapier/dist/${HPN_PATCH}
+ https://dev.gentoo.org/~polynomial-c/${HPN_PATCH}
mirror://sourceforge/hpnssh/${HPN_PATCH}
)}
${LDAP_PATCH:+ldap? ( mirror://gentoo/${LDAP_PATCH} )}
@@ -28,36 +28,37 @@ SRC_URI="mirror://openbsd/OpenSSH/portable/${PARCH}.tar.gz
LICENSE="BSD GPL-2"
SLOT="0"
-KEYWORDS="amd64 arm ~mips ppc x86"
-IUSE="bindist ${HPN_PATCH:++}hpn kerberos kernel_linux ldap ldns libedit pam
+pie sctp selinux skey static X X509"
-REQUIRED_USE="pie? ( !static )"
-
-LIB_DEPEND="sctp? ( net-misc/lksctp-tools[static-libs(+)] )
+KEYWORDS="ppc"
+# Probably want to drop ssl defaulting to on in a future version.
+IUSE="bindist debug ${HPN_PATCH:++}hpn kerberos kernel_linux ldap ldns libedit
pam +pie sctp selinux skey ssh1 +ssl static X X509"
+REQUIRED_USE="ldns? ( ssl )
+ pie? ( !static )
+ ssh1? ( ssl )
+ static? ( !kerberos !pam )
+ X509? ( !ldap ssl )"
+
+LIB_DEPEND="
+ ldns? (
+ net-libs/ldns[static-libs(+)]
+ !bindist? ( net-libs/ldns[ecdsa,ssl] )
+ bindist? ( net-libs/ldns[-ecdsa,ssl] )
+ )
+ libedit? ( dev-libs/libedit[static-libs(+)] )
+ sctp? ( net-misc/lksctp-tools[static-libs(+)] )
selinux? ( >=sys-libs/libselinux-1.28[static-libs(+)] )
skey? ( >=sys-auth/skey-1.1.5-r1[static-libs(+)] )
- libedit? ( dev-libs/libedit[static-libs(+)] )
- >=dev-libs/openssl-0.9.6d:0[bindist=]
- dev-libs/openssl[static-libs(+)]
+ ssl? (
+ >=dev-libs/openssl-0.9.6d:0[bindist=]
+ dev-libs/openssl[static-libs(+)]
+ )
>=sys-libs/zlib-1.2.3[static-libs(+)]"
RDEPEND="
- !static? (
- ${LIB_DEPEND//\[static-libs(+)]}
- ldns? (
- !bindist? ( net-libs/ldns[ecdsa,ssl] )
- bindist? ( net-libs/ldns[-ecdsa,ssl] )
- )
- )
+ !static? ( ${LIB_DEPEND//\[static-libs(+)]} )
pam? ( virtual/pam )
kerberos? ( virtual/krb5 )
ldap? ( net-nds/openldap )"
DEPEND="${RDEPEND}
- static? (
- ${LIB_DEPEND}
- ldns? (
- !bindist? ( net-libs/ldns[ecdsa,ssl,static-libs(+)] )
- bindist? ( net-libs/ldns[-ecdsa,ssl,static-libs(+)] )
- )
- )
+ static? ( ${LIB_DEPEND} )
virtual/pkgconfig
virtual/os-headers
sys-devel/autoconf"
@@ -85,6 +86,12 @@ pkg_setup() {
eerror " # echo '=${CATEGORY}/${PF}' >>
/etc/portage/package.mask"
die "booooo"
fi
+
+ # Make sure people who are using tcp wrappers are notified of its
removal. #531156
+ if grep -qs '^ *sshd *:' "${EROOT}"/etc/hosts.{allow,deny} ; then
+ ewarn "Sorry, but openssh no longer supports tcp-wrappers, and
it seems like"
+ ewarn "you're trying to use it. Update your
${EROOT}etc/hosts.{allow,deny} please."
+ fi
}
save_version() {
@@ -104,29 +111,29 @@ src_prepare() {
# don't break .ssh/authorized_keys2 for fun
sed -i '/^AuthorizedKeysFile/s:^:#:' sshd_config || die
- epatch "${FILESDIR}"/${PN}-6.7_p1-sshd-gssapi-multihomed.patch #378361
if use X509 ; then
pushd .. >/dev/null
- epatch "${FILESDIR}"/${P}-x509-glue.patch
- epatch "${FILESDIR}"/${P}-sctp-x509-glue.patch
+ #epatch "${WORKDIR}"/${PN}-6.8_p1-x509-${X509_VER}-glue.patch
+ epatch "${FILESDIR}"/${PN}-6.8_p1-sctp-x509-glue.patch
popd >/dev/null
epatch "${WORKDIR}"/${X509_PATCH%.*}
epatch "${FILESDIR}"/${PN}-6.3_p1-x509-hpn14v2-glue.patch
+ epatch "${FILESDIR}"/${PN}-6.9_p1-x509-warnings.patch
save_version X509
fi
- if ! use X509 ; then
- if [[ -n ${LDAP_PATCH} ]] && use ldap ; then
- epatch "${WORKDIR}"/${LDAP_PATCH%.*}
- save_version LPK
- fi
- else
- use ldap && ewarn "Sorry, X509 and LDAP conflict internally,
disabling LDAP"
+ if use ldap ; then
+ epatch "${WORKDIR}"/${LDAP_PATCH%.*}
+ save_version LPK
fi
epatch "${FILESDIR}"/${PN}-4.7_p1-GSSAPI-dns.patch #165444 integrated
into gsskex
epatch "${FILESDIR}"/${PN}-6.7_p1-openssl-ignore-status.patch
- epatch "${WORKDIR}"/${PN}-6.7_p1-sctp.patch
- if [[ -n ${HPN_PATCH} ]] && use hpn; then
- epatch "${WORKDIR}"/${HPN_PATCH%.*}/*
+ # The X509 patchset fixes this independently.
+ use X509 || epatch "${FILESDIR}"/${PN}-6.8_p1-ssl-engine-configure.patch
+ epatch "${WORKDIR}"/${PN}-6.8_p1-sctp.patch
+ if use hpn ; then
+ EPATCH_FORCE="yes" EPATCH_SUFFIX="patch" \
+ EPATCH_MULTI_MSG="Applying HPN patchset ..." \
+ epatch "${WORKDIR}"/${HPN_PATCH%.*.*}
save_version HPN
fi
@@ -145,10 +152,6 @@ src_prepare() {
)
sed -i "${sed_args[@]}" configure{.ac,} || die
- epatch "${FILESDIR}"/${PN}-6.7p1-avoid-exit.patch
- epatch "${FILESDIR}"/${PN}-6.4p1-missing-sys_param_h.patch
- epatch "${FILESDIR}"/${PN}-6.4p1-fix-typo-construct_utmpx.patch
-
epatch_user #473004
# Now we can build a sane merged version.h
@@ -162,58 +165,53 @@ src_prepare() {
eautoreconf
}
-static_use_with() {
- local flag=$1
- if use static && use ${flag} ; then
- ewarn "Disabling '${flag}' support because of USE='static'"
- # rebuild args so that we invert the first one (USE flag)
- # but otherwise leave everything else working so we can
- # just leverage use_with
- shift
- [[ -z $1 ]] && flag="${flag} ${flag}"
- set -- !${flag} "$@"
- fi
- use_with "$@"
-}
-
src_configure() {
- local myconf=()
addwrite /dev/ptmx
- addpredict /etc/skey/skeykeys #skey configure code triggers this
+ addpredict /etc/skey/skeykeys # skey configure code triggers this
+ use debug && append-cppflags -DSANDBOX_SECCOMP_FILTER_DEBUG
use static && append-ldflags -static
+ local myconf=(
+ --with-ldflags="${LDFLAGS}"
+ --disable-strip
+ --with-pid-dir="${EPREFIX}"$(usex kernel_linux '' '/var')/run
+ --sysconfdir="${EPREFIX}"/etc/ssh
+ --libexecdir="${EPREFIX}"/usr/$(get_libdir)/misc
+ --datadir="${EPREFIX}"/usr/share/openssh
+ --with-privsep-path="${EPREFIX}"/var/empty
+ --with-privsep-user=sshd
+ $(use_with kerberos kerberos5 "${EPREFIX}"/usr)
+ # We apply the ldap patch conditionally, so can't pass
--without-ldap
+ # unconditionally else we get unknown flag warnings.
+ $(use ldap && use_with ldap)
+ $(use_with ldns)
+ $(use_with libedit)
+ $(use_with pam)
+ $(use_with pie)
+ $(use_with sctp)
+ $(use_with selinux)
+ $(use_with skey)
+ $(use_with ssh1)
+ # The X509 patch deletes this option entirely.
+ $(use X509 || use_with ssl openssl)
+ $(use_with ssl md5-passwords)
+ $(use_with ssl ssl-engine)
+ )
+
+ # The seccomp sandbox is broken on x32, so use the older method for
now. #553748
+ use amd64 && [[ ${ABI} == "x32" ]] && myconf+=( --with-sandbox=rlimit )
+
+ # ppc musl lacks __stack_chk_fail_local()
+ myconf+=( --without-hardening )
+
# Special settings for Gentoo/FreeBSD 9.0 or later (see bug #391011)
if use elibc_FreeBSD && version_is_at_least 9.0 "$(uname -r|sed
's/\(.\..\).*/\1/')" ; then
myconf+=( --disable-utmp --disable-wtmp --disable-wtmpx )
append-ldflags -lutil
fi
- # __stack_chk_fail_local
- use x86 && myconf+=( --without-stackprotect)
- use ppc && myconf+=( --without-stackprotect)
-
- econf \
- --with-ldflags="${LDFLAGS}" \
- --disable-strip \
- --with-pid-dir="${EPREFIX}"$(usex kernel_linux '' '/var')/run \
- --sysconfdir="${EPREFIX}"/etc/ssh \
- --libexecdir="${EPREFIX}"/usr/$(get_libdir)/misc \
- --datadir="${EPREFIX}"/usr/share/openssh \
- --with-privsep-path="${EPREFIX}"/var/empty \
- --with-privsep-user=sshd \
- --with-md5-passwords \
- --with-ssl-engine \
- $(static_use_with pam) \
- $(static_use_with kerberos kerberos5 "${EPREFIX}"/usr) \
- ${LDAP_PATCH:+$(use X509 || ( use ldap && use_with ldap ))} \
- $(use_with ldns) \
- $(use_with libedit) \
- $(use_with pie) \
- $(use_with sctp) \
- $(use_with selinux) \
- $(use_with skey) \
- "${myconf[@]}"
+ econf "${myconf[@]}"
}
src_install() {
@@ -224,12 +222,6 @@ src_install() {
newconfd "${FILESDIR}"/sshd.confd sshd
keepdir /var/empty
- # not all openssl installs support ecc, or are functional #352645
- if ! grep -q '#define OPENSSL_HAS_ECC 1' config.h ; then
- elog "dev-libs/openssl was built with 'bindist' - disabling
ecdsa support"
- sed -i 's:&& gen_key ecdsa::' "${ED}"/etc/init.d/sshd || die
- fi
-
newpamd "${FILESDIR}"/sshd.pam_include.2 sshd
if use pam ; then
sed -i \
@@ -237,7 +229,7 @@ src_install() {
-e "/^#PasswordAuthentication
/s:.*:PasswordAuthentication no:" \
-e "/^#PrintMotd /s:.*:PrintMotd no:" \
-e "/^#PrintLastLog /s:.*:PrintLastLog no:" \
- "${ED}"/etc/ssh/sshd_config || die "sed of
configuration file failed"
+ "${ED}"/etc/ssh/sshd_config || die
fi
# Gentoo tweaks to default config files
@@ -252,12 +244,6 @@ src_install() {
SendEnv LANG LC_*
EOF
- # This instruction is from the HPN webpage,
- # Used for the server logging functionality
- if [[ -n ${HPN_PATCH} ]] && use hpn ; then
- keepdir /var/empty/dev
- fi
-
if ! use X509 && [[ -n ${LDAP_PATCH} ]] && use ldap ; then
insinto /etc/openldap/schema/
newins openssh-lpk_openldap.schema openssh-lpk.schema
@@ -318,13 +304,11 @@ pkg_postinst() {
elog "algorithm (ECDSA). You are encouraged to manually update
your stored"
elog "keys list as servers update theirs. See ssh-keyscan(1)
for more info."
fi
+ if has_version "<${CATEGORY}/${PN}-6.9_p1" ; then
+ elog "Starting with openssh-6.9p1, ssh1 support is disabled by
default."
+ fi
ewarn "Remember to merge your config files in /etc/ssh/ and then"
ewarn "reload sshd: '/etc/init.d/sshd reload'."
- # This instruction is from the HPN webpage,
- # Used for the server logging functionality
- if [[ -n ${HPN_PATCH} ]] && use hpn ; then
- echo
- einfo "For the HPN server logging patch, you must ensure that"
- einfo "your syslog application also listens at
/var/empty/dev/log."
- fi
+ elog "Note: openssh-6.7 versions no longer support USE=tcpd as upstream
has"
+ elog " dropped it. Make sure to update any configs that you might
have."
}
