commit: 10c887587f0221a5ecd59b10fdc37f717629da74
Author: Anthony G. Basile <blueness <AT> gentoo <DOT> org>
AuthorDate: Wed Dec 31 18:23:51 2014 +0000
Commit: Anthony G. Basile <blueness <AT> gentoo <DOT> org>
CommitDate: Wed Dec 31 18:23:51 2014 +0000
URL:
http://sources.gentoo.org/gitweb/?p=proj/hardened-dev.git;a=commit;h=10c88758
net-misc/openssh: makre 6.7_p1 stable on all arches
Package-Manager: portage-2.2.14
Manifest-Sign-Key: 0xF52D4BBA
---
.../openssh-5.9_p1-sshd-gssapi-multihomed.patch | 184 --------
.../openssh/files/openssh-6.4p1-avoid-exit.patch | 499 ---------------------
.../files/openssh-6.5_p1-hpn-cipher-align.patch | 114 -----
.../openssh-6.6.1_p1-x509-hpn14v4-glue-p2.patch | 26 --
net-misc/openssh/files/openssh-6.6.1_p1.patch | 167 -------
.../openssh-6.6_p1-openssl-ignore-status.patch | 17 -
.../openssh/files/openssh-6.6_p1-x509-glue.patch | 16 -
.../openssh-6.6_p1-x509-hpn14v4-glue-p2.patch | 26 --
net-misc/openssh/metadata.xml | 1 +
net-misc/openssh/openssh-6.6.1_p1-r99.ebuild | 323 -------------
net-misc/openssh/openssh-6.6_p1-r99.ebuild | 320 -------------
net-misc/openssh/openssh-6.7_p1-r99.ebuild | 2 +-
12 files changed, 2 insertions(+), 1693 deletions(-)
diff --git a/net-misc/openssh/files/openssh-5.9_p1-sshd-gssapi-multihomed.patch
b/net-misc/openssh/files/openssh-5.9_p1-sshd-gssapi-multihomed.patch
deleted file mode 100644
index 6377d03..0000000
--- a/net-misc/openssh/files/openssh-5.9_p1-sshd-gssapi-multihomed.patch
+++ /dev/null
@@ -1,184 +0,0 @@
-Index: gss-serv.c
-===================================================================
-RCS file: /cvs/src/usr.bin/ssh/gss-serv.c,v
-retrieving revision 1.22
-diff -u -p -r1.22 gss-serv.c
---- gss-serv.c 8 May 2008 12:02:23 -0000 1.22
-+++ gss-serv.c 11 Jan 2010 05:38:29 -0000
-@@ -41,9 +41,12 @@
- #include "channels.h"
- #include "session.h"
- #include "misc.h"
-+#include "servconf.h"
-
- #include "ssh-gss.h"
-
-+extern ServerOptions options;
-+
- static ssh_gssapi_client gssapi_client =
- { GSS_C_EMPTY_BUFFER, GSS_C_EMPTY_BUFFER,
- GSS_C_NO_CREDENTIAL, NULL, {NULL, NULL, NULL}};
-@@ -77,25 +80,32 @@ ssh_gssapi_acquire_cred(Gssctxt *ctx)
- char lname[MAXHOSTNAMELEN];
- gss_OID_set oidset;
-
-- gss_create_empty_oid_set(&status, &oidset);
-- gss_add_oid_set_member(&status, ctx->oid, &oidset);
--
-- if (gethostname(lname, MAXHOSTNAMELEN)) {
-- gss_release_oid_set(&status, &oidset);
-- return (-1);
-- }
-+ if (options.gss_strict_acceptor) {
-+ gss_create_empty_oid_set(&status, &oidset);
-+ gss_add_oid_set_member(&status, ctx->oid, &oidset);
-+
-+ if (gethostname(lname, MAXHOSTNAMELEN)) {
-+ gss_release_oid_set(&status, &oidset);
-+ return (-1);
-+ }
-+
-+ if (GSS_ERROR(ssh_gssapi_import_name(ctx, lname))) {
-+ gss_release_oid_set(&status, &oidset);
-+ return (ctx->major);
-+ }
-+
-+ if ((ctx->major = gss_acquire_cred(&ctx->minor,
-+ ctx->name, 0, oidset, GSS_C_ACCEPT, &ctx->creds,
-+ NULL, NULL)))
-+ ssh_gssapi_error(ctx);
-
-- if (GSS_ERROR(ssh_gssapi_import_name(ctx, lname))) {
- gss_release_oid_set(&status, &oidset);
- return (ctx->major);
-+ } else {
-+ ctx->name = GSS_C_NO_NAME;
-+ ctx->creds = GSS_C_NO_CREDENTIAL;
- }
--
-- if ((ctx->major = gss_acquire_cred(&ctx->minor,
-- ctx->name, 0, oidset, GSS_C_ACCEPT, &ctx->creds, NULL, NULL)))
-- ssh_gssapi_error(ctx);
--
-- gss_release_oid_set(&status, &oidset);
-- return (ctx->major);
-+ return GSS_S_COMPLETE;
- }
-
- /* Privileged */
-Index: servconf.c
-===================================================================
-RCS file: /cvs/src/usr.bin/ssh/servconf.c,v
-retrieving revision 1.201
-diff -u -p -r1.201 servconf.c
---- servconf.c 10 Jan 2010 03:51:17 -0000 1.201
-+++ servconf.c 11 Jan 2010 05:34:56 -0000
-@@ -86,6 +86,7 @@ initialize_server_options(ServerOptions
- options->kerberos_get_afs_token = -1;
- options->gss_authentication=-1;
- options->gss_cleanup_creds = -1;
-+ options->gss_strict_acceptor = -1;
- options->password_authentication = -1;
- options->kbd_interactive_authentication = -1;
- options->challenge_response_authentication = -1;
-@@ -200,6 +201,8 @@ fill_default_server_options(ServerOption
- options->gss_authentication = 0;
- if (options->gss_cleanup_creds == -1)
- options->gss_cleanup_creds = 1;
-+ if (options->gss_strict_acceptor == -1)
-+ options->gss_strict_acceptor = 0;
- if (options->password_authentication == -1)
- options->password_authentication = 1;
- if (options->kbd_interactive_authentication == -1)
-@@ -277,7 +280,8 @@ typedef enum {
- sBanner, sUseDNS, sHostbasedAuthentication,
- sHostbasedUsesNameFromPacketOnly, sClientAliveInterval,
- sClientAliveCountMax, sAuthorizedKeysFile,
-- sGssAuthentication, sGssCleanupCreds, sAcceptEnv, sPermitTunnel,
-+ sGssAuthentication, sGssCleanupCreds, sGssStrictAcceptor,
-+ sAcceptEnv, sPermitTunnel,
- sMatch, sPermitOpen, sForceCommand, sChrootDirectory,
- sUsePrivilegeSeparation, sAllowAgentForwarding,
- sZeroKnowledgePasswordAuthentication, sHostCertificate,
-@@ -327,9 +331,11 @@ static struct {
- #ifdef GSSAPI
- { "gssapiauthentication", sGssAuthentication, SSHCFG_ALL },
- { "gssapicleanupcredentials", sGssCleanupCreds, SSHCFG_GLOBAL },
-+ { "gssapistrictacceptorcheck", sGssStrictAcceptor, SSHCFG_GLOBAL },
- #else
- { "gssapiauthentication", sUnsupported, SSHCFG_ALL },
- { "gssapicleanupcredentials", sUnsupported, SSHCFG_GLOBAL },
-+ { "gssapistrictacceptorcheck", sUnsupported, SSHCFG_GLOBAL },
- #endif
- { "passwordauthentication", sPasswordAuthentication, SSHCFG_ALL },
- { "kbdinteractiveauthentication", sKbdInteractiveAuthentication,
SSHCFG_ALL },
-@@ -850,6 +856,10 @@ process_server_config_line(ServerOptions
-
- case sGssCleanupCreds:
- intptr = &options->gss_cleanup_creds;
-+ goto parse_flag;
-+
-+ case sGssStrictAcceptor:
-+ intptr = &options->gss_strict_acceptor;
- goto parse_flag;
-
- case sPasswordAuthentication:
-Index: servconf.h
-===================================================================
-RCS file: /cvs/src/usr.bin/ssh/servconf.h,v
-retrieving revision 1.89
-diff -u -p -r1.89 servconf.h
---- servconf.h 9 Jan 2010 23:04:13 -0000 1.89
-+++ servconf.h 11 Jan 2010 05:32:28 -0000
-@@ -92,6 +92,7 @@ typedef struct {
- * authenticated with Kerberos.
*/
- int gss_authentication; /* If true, permit GSSAPI
authentication */
- int gss_cleanup_creds; /* If true, destroy cred cache on
logout */
-+ int gss_strict_acceptor; /* If true, restrict the GSSAPI
acceptor name */
- int password_authentication; /* If true, permit password
- * authentication. */
- int kbd_interactive_authentication; /* If true, permit */
-Index: sshd_config
-===================================================================
-RCS file: /cvs/src/usr.bin/ssh/sshd_config,v
-retrieving revision 1.81
-diff -u -p -r1.81 sshd_config
---- sshd_config 8 Oct 2009 14:03:41 -0000 1.81
-+++ sshd_config 11 Jan 2010 05:32:28 -0000
-@@ -69,6 +69,7 @@
- # GSSAPI options
- #GSSAPIAuthentication no
- #GSSAPICleanupCredentials yes
-+#GSSAPIStrictAcceptorCheck yes
-
- # Set this to 'yes' to enable PAM authentication, account processing,
- # and session processing. If this is enabled, PAM authentication will
-Index: sshd_config.5
-===================================================================
-RCS file: /cvs/src/usr.bin/ssh/sshd_config.5,v
-retrieving revision 1.116
-diff -u -p -r1.116 sshd_config.5
---- sshd_config.5 9 Jan 2010 23:04:13 -0000 1.116
-+++ sshd_config.5 11 Jan 2010 05:37:20 -0000
-@@ -386,6 +386,21 @@ on logout.
- The default is
- .Dq yes .
- Note that this option applies to protocol version 2 only.
-+.It Cm GSSAPIStrictAcceptorCheck
-+Determines whether to be strict about the identity of the GSSAPI acceptor
-+a client authenticates against.
-+If set to
-+.Dq yes
-+then the client must authenticate against the
-+.Pa host
-+service on the current hostname.
-+If set to
-+.Dq no
-+then the client may authenticate against any service key stored in the
-+machine's default store.
-+This facility is provided to assist with operation on multi homed machines.
-+The default is
-+.Dq yes .
- .It Cm HostbasedAuthentication
- Specifies whether rhosts or /etc/hosts.equiv authentication together
- with successful public key client host authentication is allowed
diff --git a/net-misc/openssh/files/openssh-6.4p1-avoid-exit.patch
b/net-misc/openssh/files/openssh-6.4p1-avoid-exit.patch
deleted file mode 100644
index 4c02aeb..0000000
--- a/net-misc/openssh/files/openssh-6.4p1-avoid-exit.patch
+++ /dev/null
@@ -1,499 +0,0 @@
-diff -Nuar openssh-6.4p1.orig/configure.ac openssh-6.4p1/configure.ac
---- openssh-6.4p1.orig/configure.ac 2014-01-22 17:05:13.463582250 +0000
-+++ openssh-6.4p1/configure.ac 2014-01-22 17:13:08.102608790 +0000
-@@ -223,7 +223,7 @@
- [AC_LANG_PROGRAM([[
- #include <stdlib.h>
- __attribute__((__unused__)) static void foo(void){return;}]],
-- [[ exit(0); ]])],
-+ [[ return 0; ]])],
- [ AC_MSG_RESULT([yes]) ],
- [ AC_MSG_RESULT([no])
- AC_DEFINE(NO_ATTRIBUTE_ON_RETURN_TYPE, 1,
-@@ -410,7 +410,7 @@
- [AC_LANG_PROGRAM([[
- #define testmacro foo
- #define testmacro bar]],
-- [[ exit(0); ]])],
-+ [[ return 0; ]])],
- [ AC_MSG_RESULT([yes]) ],
- [ AC_MSG_RESULT([no])
- CC="`echo $CC | sed 's/-qlanglvl\=ansi//g'`"
-@@ -526,9 +526,9 @@
- AC_MSG_CHECKING([if we have working getaddrinfo])
- AC_RUN_IFELSE([AC_LANG_SOURCE([[ #include <mach-o/dyld.h>
- main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16))
-- exit(0);
-+ return 0;
- else
-- exit(1);
-+ return 1;
- }
- ]])],
- [AC_MSG_RESULT([working])],
-@@ -1016,7 +1016,7 @@
- esac
-
- AC_MSG_CHECKING([compiler and flags for sanity])
--AC_RUN_IFELSE([AC_LANG_PROGRAM([[ #include <stdio.h> ]], [[ exit(0); ]])],
-+AC_RUN_IFELSE([AC_LANG_PROGRAM([[ #include <stdio.h> ]], [[ return 0; ]])],
- [ AC_MSG_RESULT([yes]) ],
- [
- AC_MSG_RESULT([no])
-@@ -1048,9 +1048,9 @@
- strncpy(buf,"/etc", 32);
- s = dirname(buf);
- if (!s || strncmp(s, "/", 32) != 0) {
-- exit(1);
-+ return 1;
- } else {
-- exit(0);
-+ return 0;
- }
- }
- ]])],
-@@ -1140,19 +1140,19 @@
- int a=0, b=0, c=0, d=0, n, v;
- n = sscanf(ZLIB_VERSION, "%d.%d.%d.%d", &a, &b, &c, &d);
- if (n != 3 && n != 4)
-- exit(1);
-+ return 1;
- v = a*1000000 + b*10000 + c*100 + d;
- fprintf(stderr, "found zlib version %s (%d)\n", ZLIB_VERSION, v);
-
- /* 1.1.4 is OK */
- if (a == 1 && b == 1 && c >= 4)
-- exit(0);
-+ return 0;
-
- /* 1.2.3 and up are OK */
- if (v >= 1020300)
-- exit(0);
-+ return 0;
-
-- exit(2);
-+ return 2;
- ]])],
- AC_MSG_RESULT([no]),
- [ AC_MSG_RESULT([yes])
-@@ -1254,7 +1254,7 @@
- #include <dirent.h>]],
- [[
- struct dirent d;
-- exit(sizeof(d.d_name)<=sizeof(char));
-+ return (sizeof(d.d_name)<=sizeof(char));
- ]])],
- [AC_MSG_RESULT([yes])],
- [
-@@ -1300,7 +1300,7 @@
- #include <skey.h>
- ]], [[
- char *ff = skey_keyinfo(""); ff="";
-- exit(0);
-+ return 0;
- ]])],
- [AC_MSG_RESULT([yes])],
- [
-@@ -1405,7 +1405,7 @@
- #include <stdlib.h>
- #include <stdint.h>
- #include <ldns/ldns.h>
--int main() { ldns_status status = ldns_verify_trusted(NULL, NULL, NULL,
NULL); status=LDNS_STATUS_OK; exit(0); }
-+int main() { ldns_status status = ldns_verify_trusted(NULL, NULL, NULL,
NULL); status=LDNS_STATUS_OK; return 0; }
- ]])
- ],
- [AC_MSG_RESULT(yes)],
-@@ -1462,7 +1462,7 @@
- [[
- int i = H_SETSIZE;
- el_init("", NULL, NULL, NULL);
-- exit(0);
-+ return 0;
- ]])],
- [ AC_MSG_RESULT([yes]) ],
- [ AC_MSG_RESULT([no])
-@@ -1757,9 +1757,9 @@
- errno=0;
- setresuid(0,0,0);
- if (errno==ENOSYS)
-- exit(1);
-+ return 1;
- else
-- exit(0);
-+ return 0;
- ]])],
- [AC_MSG_RESULT([yes])],
- [AC_DEFINE([BROKEN_SETRESUID], [1],
-@@ -1780,9 +1780,9 @@
- errno=0;
- setresgid(0,0,0);
- if (errno==ENOSYS)
-- exit(1);
-+ return 1;
- else
-- exit(0);
-+ return 0;
- ]])],
- [AC_MSG_RESULT([yes])],
- [AC_DEFINE([BROKEN_SETRESGID], [1],
-@@ -1824,7 +1824,7 @@
- [[
- char b[5];
- snprintf(b,5,"123456789");
-- exit(b[4]!='\0');
-+ return (b[4]!='\0');
- ]])],
- [AC_MSG_RESULT([yes])],
- [
-@@ -1857,7 +1857,7 @@
- }
- ]], [[
- char x[1];
-- exit(x_snprintf(x, 1, "%s %d", "hello", 12345) == 11 ? 0 : 1);
-+ return (x_snprintf(x, 1, "%s %d", "hello", 12345) == 11 ? 0 : 1);
- ]])],
- [AC_MSG_RESULT([yes])],
- [
-@@ -1909,9 +1909,9 @@
- ]], [[
- char template[]="conftest.mkstemp-test";
- if (mkstemp(template) == -1)
-- exit(1);
-+ return 1;
- unlink(template);
-- exit(0);
-+ return 0;
- ]])],
- [
- AC_MSG_RESULT([no])
-@@ -1942,22 +1942,22 @@
-
- pid = fork();
- if (pid < 0) { /* failed */
-- exit(1);
-+ return 1;
- } else if (pid > 0) { /* parent */
- waitpid(pid, &status, 0);
- if (WIFEXITED(status))
-- exit(WEXITSTATUS(status));
-+ return (WEXITSTATUS(status));
- else
-- exit(2);
-+ return 2;
- } else { /* child */
- close(0); close(1); close(2);
- setsid();
- openpty(&ptyfd, &ttyfd, NULL, NULL, NULL);
- fd = open("/dev/tty", O_RDWR | O_NOCTTY);
- if (fd >= 0)
-- exit(3); /* Acquired ctty: broken */
-+ return 3; /* Acquired ctty: broken */
- else
-- exit(0); /* Did not acquire ctty: OK */
-+ return 0; /* Did not acquire ctty: OK */
- }
- ]])],
- [
-@@ -1998,7 +1998,7 @@
- err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai);
- if (err != 0) {
- fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err));
-- exit(1);
-+ return 1;
- }
-
- for (ai = gai_ai; ai != NULL; ai = ai->ai_next) {
-@@ -2015,7 +2015,7 @@
- else
- fprintf(stderr, "getnameinfo failed: %s\n",
- gai_strerror(err));
-- exit(2);
-+ return 2;
- }
-
- sock = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol);
-@@ -2023,10 +2023,10 @@
- perror("socket");
- if (bind(sock, ai->ai_addr, ai->ai_addrlen) < 0) {
- if (errno == EBADF)
-- exit(3);
-+ return 3;
- }
- }
-- exit(0);
-+ return 0;
- ]])],
- [
- AC_MSG_RESULT([yes])
-@@ -2066,7 +2066,7 @@
- err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai);
- if (err != 0) {
- fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err));
-- exit(1);
-+ return 1;
- }
-
- for (ai = gai_ai; ai != NULL; ai = ai->ai_next) {
-@@ -2079,10 +2079,10 @@
-
- if (ai->ai_family == AF_INET && err != 0) {
- perror("getnameinfo");
-- exit(2);
-+ return 2;
- }
- }
-- exit(0);
-+ return 0;
- ]])],
- [
- AC_MSG_RESULT([yes])
-@@ -2103,7 +2103,7 @@
- if test "x$check_for_conflicting_getspnam" = "x1"; then
- AC_MSG_CHECKING([for conflicting getspnam in shadow.h])
- AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <shadow.h> ]],
-- [[ exit(0); ]])],
-+ [[ return 0; ]])],
- [
- AC_MSG_RESULT([no])
- ],
-@@ -2191,12 +2191,12 @@
-
- fd = fopen(DATA,"w");
- if(fd == NULL)
-- exit(1);
-+ return 1;
-
- if ((rc = fprintf(fd ,"%x (%s)\n", OPENSSL_VERSION_NUMBER,
OPENSSL_VERSION_TEXT)) <0)
-- exit(1);
-+ return 1;
-
-- exit(0);
-+ return 0;
- ]])],
- [
- ssl_header_ver=`cat conftest.sslincver`
-@@ -2226,12 +2226,12 @@
-
- fd = fopen(DATA,"w");
- if(fd == NULL)
-- exit(1);
-+ return 1;
-
- if ((rc = fprintf(fd ,"%x (%s)\n", SSLeay(),
SSLeay_version(SSLEAY_VERSION))) <0)
-- exit(1);
-+ return 1;
-
-- exit(0);
-+ return 0;
- ]])],
- [
- ssl_library_ver=`cat conftest.ssllibver`
-@@ -2261,7 +2261,7 @@
- #include <string.h>
- #include <openssl/opensslv.h>
- ]], [[
-- exit(SSLeay() == OPENSSL_VERSION_NUMBER ? 0 : 1);
-+ return (SSLeay() == OPENSSL_VERSION_NUMBER ? 0 : 1);
- ]])],
- [
- AC_MSG_RESULT([yes])
-@@ -2339,7 +2339,7 @@
- #include <string.h>
- #include <openssl/evp.h>
- ]], [[
-- exit(EVP_aes_192_cbc() == NULL || EVP_aes_256_cbc() == NULL);
-+ return (EVP_aes_192_cbc() == NULL || EVP_aes_256_cbc() == NULL);
- ]])],
- [
- AC_MSG_RESULT([no])
-@@ -2358,7 +2358,7 @@
- #include <string.h>
- #include <openssl/evp.h>
- ]], [[
-- exit(EVP_aes_128_ctr() == NULL ||
-+ return (EVP_aes_128_ctr() == NULL ||
- EVP_aes_192_cbc() == NULL ||
- EVP_aes_256_cbc() == NULL);
- ]])],
-@@ -2379,7 +2379,7 @@
- #include <string.h>
- #include <openssl/evp.h>
- ]], [[
-- exit(EVP_aes_128_gcm() == NULL ||
-+ return (EVP_aes_128_gcm() == NULL ||
- EVP_aes_256_gcm() == NULL ||
- EVP_CTRL_GCM_SET_IV_FIXED == 0 ||
- EVP_CTRL_GCM_IV_GEN == 0 ||
-@@ -2410,7 +2410,7 @@
- #include <openssl/evp.h>
- ]], [[
- if(EVP_DigestUpdate(NULL, NULL,0))
-- exit(0);
-+ return 0;
- ]])],
- [
- AC_MSG_RESULT([yes])
-@@ -2505,7 +2505,7 @@
- #include <string.h>
- #include <openssl/rand.h>
- ]], [[
-- exit(RAND_status() == 1 ? 0 : 1);
-+ return (RAND_status() == 1 ? 0 : 1);
- ]])],
- [
- OPENSSL_SEEDS_ITSELF=yes
-@@ -2702,7 +2702,7 @@
- [[ int i = $seccomp_audit_arch;
- errno = 0;
- prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER, NULL, 0, 0);
-- exit(errno == EFAULT ? 0 : 1); ]])],
-+ return (errno == EFAULT ? 0 : 1); ]])],
- [ AC_MSG_RESULT([yes]) ], [
- AC_MSG_RESULT([no])
- # Disable seccomp filter as a target
-@@ -2756,7 +2756,7 @@
- tv.tv_sec = 1;
- tv.tv_usec = 0;
- r = select(fd+1, &fds, NULL, NULL, &tv);
-- exit (r == -1 ? 1 : 0);
-+ return (r == -1 ? 1 : 0);
- ]])],
- [AC_MSG_RESULT([yes])
- select_works_with_rlimit=yes],
-@@ -2782,7 +2782,7 @@
-
- rl_zero.rlim_cur = rl_zero.rlim_max = 0;
- r = setrlimit(RLIMIT_NOFILE, &rl_zero);
-- exit (r == -1 ? 1 : 0);
-+ return (r == -1 ? 1 : 0);
- ]])],
- [AC_MSG_RESULT([yes])
- rlimit_nofile_zero_works=yes],
-@@ -2801,7 +2801,7 @@
- struct rlimit rl_zero;
-
- rl_zero.rlim_cur = rl_zero.rlim_max = 0;
-- exit(setrlimit(RLIMIT_FSIZE, &rl_zero) != 0);
-+ return (setrlimit(RLIMIT_FSIZE, &rl_zero) != 0);
- ]])],
- [AC_MSG_RESULT([yes])],
- [AC_MSG_RESULT([no])
-@@ -2925,7 +2925,7 @@
- long long i, llmin, llmax = 0;
-
- if((f = fopen(DATA,"w")) == NULL)
-- exit(1);
-+ return 1;
-
- #if defined(LLONG_MIN) && defined(LLONG_MAX)
- fprintf(stderr, "Using system header for LLONG_MIN and LLONG_MAX\n");
-@@ -2944,16 +2944,16 @@
- || llmax - 1 > llmax || llmin == llmax || llmin == 0
- || llmax == 0 || llmax < LONG_MAX || llmin > LONG_MIN) {
- fprintf(f, "unknown unknown\n");
-- exit(2);
-+ return 2;
- }
-
- if (fprint_ll(f, llmin) < 0)
-- exit(3);
-+ return 3;
- if (fprint_ll(f, llmax) < 0)
-- exit(4);
-+ return 4;
- if (fclose(f) < 0)
-- exit(5);
-- exit(0);
-+ return 5;
-+ return 0;
- ]])],
- [
- llong_min=`$AWK '{print $1}' conftest.llminmax`
-@@ -3337,11 +3337,11 @@
- strcpy(expected_out, "9223372036854775807");
- snprintf(buf, mazsize, "%lld", num);
- if(strcmp(buf, expected_out) != 0)
-- exit(1);
-- exit(0);
-+ return 1;
-+ return 0;
- }
- #else
--main() { exit(0); }
-+main() { return 0; }
- #endif
- ]])], [ true ], [ AC_DEFINE([BROKEN_SNPRINTF]) ],
- AC_MSG_WARN([cross compiling: Assuming working snprintf()])
-@@ -3425,11 +3425,11 @@
- ]], [[
- #ifdef msg_accrights
- #error "msg_accrights is a macro"
--exit(1);
-+return 1;
- #endif
- struct msghdr m;
- m.msg_accrights = 0;
--exit(0);
-+return 0;
- ]])],
- [ ac_cv_have_accrights_in_msghdr="yes" ],
- [ ac_cv_have_accrights_in_msghdr="no" ]
-@@ -3486,11 +3486,11 @@
- ]], [[
- #ifdef msg_control
- #error "msg_control is a macro"
--exit(1);
-+return 1;
- #endif
- struct msghdr m;
- m.msg_control = 0;
--exit(0);
-+return 0;
- ]])],
- [ ac_cv_have_control_in_msghdr="yes" ],
- [ ac_cv_have_control_in_msghdr="no" ]
-@@ -3912,22 +3912,22 @@
-
- fd = fopen(DATA,"w");
- if(fd == NULL)
-- exit(1);
-+ return 1;
-
- #if defined (_PATH_MAILDIR)
- if ((rc = fprintf(fd ,"_PATH_MAILDIR:%s\n", _PATH_MAILDIR)) <0)
-- exit(1);
-+ return 1;
- #elif defined (MAILDIR)
- if ((rc = fprintf(fd ,"MAILDIR:%s\n", MAILDIR)) <0)
-- exit(1);
-+ return 1;
- #elif defined (_PATH_MAIL)
- if ((rc = fprintf(fd ,"_PATH_MAIL:%s\n", _PATH_MAIL)) <0)
-- exit(1);
-+ return 1;
- #else
-- exit (2);
-+ return 2;
- #endif
-
-- exit(0);
-+ return 0;
- ]])],
- [
- maildir_what=`awk -F: '{print $1}' conftest.maildir`
-@@ -4162,12 +4162,12 @@
-
- fd = fopen(DATA,"w");
- if(fd == NULL)
-- exit(1);
-+ return 1;
-
- if ((rc = fprintf(fd,"%s", _PATH_STDPATH)) < 0)
-- exit(1);
-+ return 1;
-
-- exit(0);
-+ return 0;
- ]])],
- [ user_path=`cat conftest.stdpath` ],
- [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ],
diff --git a/net-misc/openssh/files/openssh-6.5_p1-hpn-cipher-align.patch
b/net-misc/openssh/files/openssh-6.5_p1-hpn-cipher-align.patch
deleted file mode 100644
index cfb060f..0000000
--- a/net-misc/openssh/files/openssh-6.5_p1-hpn-cipher-align.patch
+++ /dev/null
@@ -1,114 +0,0 @@
-https://bugs.gentoo.org/498632
-
-make sure we do not use unaligned loads/stores as some arches really hate that.
-
---- a/cipher-ctr-mt.c
-+++ b/cipher-ctr-mt.c
-@@ -58,8 +58,16 @@
- /* Collect thread stats and print at cancellation when in debug mode */
- /* #define CIPHER_THREAD_STATS */
-
--/* Use single-byte XOR instead of 8-byte XOR */
--/* #define CIPHER_BYTE_XOR */
-+/* Can the system do unaligned loads natively? */
-+#if defined(__aarch64__) || \
-+ defined(__i386__) || \
-+ defined(__powerpc__) || \
-+ defined(__x86_64__)
-+# define CIPHER_UNALIGNED_OK
-+#endif
-+#if defined(__SIZEOF_INT128__)
-+# define CIPHER_INT128_OK
-+#endif
- /*-------------------- END TUNABLES --------------------*/
-
-
-@@ -285,8 +293,20 @@ thread_loop(void *x)
-
- static int
- ssh_aes_ctr(EVP_CIPHER_CTX *ctx, u_char *dest, const u_char *src,
-- u_int len)
-+ size_t len)
- {
-+ typedef union {
-+#ifdef CIPHER_INT128_OK
-+ __uint128_t *u128;
-+#endif
-+ uint64_t *u64;
-+ uint32_t *u32;
-+ uint8_t *u8;
-+ const uint8_t *cu8;
-+ uintptr_t u;
-+ } ptrs_t;
-+ ptrs_t destp, srcp, bufp;
-+ uintptr_t align;
- struct ssh_aes_ctr_ctx *c;
- struct kq *q, *oldq;
- int ridx;
-@@ -301,35 +321,41 @@ ssh_aes_ctr(EVP_CIPHER_CTX *ctx, u_char *dest, const
u_char *src,
- ridx = c->ridx;
-
- /* src already padded to block multiple */
-+ srcp.cu8 = src;
-+ destp.u8 = dest;
- while (len > 0) {
- buf = q->keys[ridx];
-+ bufp.u8 = buf;
-
--#ifdef CIPHER_BYTE_XOR
-- dest[0] = src[0] ^ buf[0];
-- dest[1] = src[1] ^ buf[1];
-- dest[2] = src[2] ^ buf[2];
-- dest[3] = src[3] ^ buf[3];
-- dest[4] = src[4] ^ buf[4];
-- dest[5] = src[5] ^ buf[5];
-- dest[6] = src[6] ^ buf[6];
-- dest[7] = src[7] ^ buf[7];
-- dest[8] = src[8] ^ buf[8];
-- dest[9] = src[9] ^ buf[9];
-- dest[10] = src[10] ^ buf[10];
-- dest[11] = src[11] ^ buf[11];
-- dest[12] = src[12] ^ buf[12];
-- dest[13] = src[13] ^ buf[13];
-- dest[14] = src[14] ^ buf[14];
-- dest[15] = src[15] ^ buf[15];
--#else
-- *(uint64_t *)dest = *(uint64_t *)src ^ *(uint64_t *)buf;
-- *(uint64_t *)(dest + 8) = *(uint64_t *)(src + 8) ^
-- *(uint64_t *)(buf + 8);
--#endif
-+ /* figure out the alignment on the fly */
-+#ifdef CIPHER_UNALIGNED_OK
-+ align = 0;
-+#else
-+ align = destp.u | srcp.u | bufp.u;
-+#endif
-+
-+#ifdef CIPHER_INT128_OK
-+ if ((align & 0xf) == 0) {
-+ destp.u128[0] = srcp.u128[0] ^ bufp.u128[0];
-+ } else
-+#endif
-+ if ((align & 0x7) == 0) {
-+ destp.u64[0] = srcp.u64[0] ^ bufp.u64[0];
-+ destp.u64[1] = srcp.u64[1] ^ bufp.u64[1];
-+ } else if ((align & 0x3) == 0) {
-+ destp.u32[0] = srcp.u32[0] ^ bufp.u32[0];
-+ destp.u32[1] = srcp.u32[1] ^ bufp.u32[1];
-+ destp.u32[2] = srcp.u32[2] ^ bufp.u32[2];
-+ destp.u32[3] = srcp.u32[3] ^ bufp.u32[3];
-+ } else {
-+ size_t i;
-+ for (i = 0; i < AES_BLOCK_SIZE; ++i)
-+ dest[i] = src[i] ^ buf[i];
-+ }
-
-- dest += 16;
-- src += 16;
-- len -= 16;
-+ destp.u += AES_BLOCK_SIZE;
-+ srcp.u += AES_BLOCK_SIZE;
-+ len -= AES_BLOCK_SIZE;
- ssh_ctr_inc(ctx->iv, AES_BLOCK_SIZE);
-
- /* Increment read index, switch queues on rollover */
diff --git a/net-misc/openssh/files/openssh-6.6.1_p1-x509-hpn14v4-glue-p2.patch
b/net-misc/openssh/files/openssh-6.6.1_p1-x509-hpn14v4-glue-p2.patch
deleted file mode 100644
index c76015d..0000000
--- a/net-misc/openssh/files/openssh-6.6.1_p1-x509-hpn14v4-glue-p2.patch
+++ /dev/null
@@ -1,26 +0,0 @@
-make the hpn patch apply when the x509 patch has also been applied
-
---- openssh-6.6.1p1-hpnssh14v4.diff
-+++ openssh-6.6.1p1-hpnssh14v4.diff
-@@ -1742,18 +1742,14 @@
- if (options->ip_qos_interactive == -1)
- options->ip_qos_interactive = IPTOS_LOWDELAY;
- if (options->ip_qos_bulk == -1)
--@@ -345,9 +393,10 @@
-+@@ -345,6 +393,7 @@
- sUsePrivilegeSeparation, sAllowAgentForwarding,
- sHostCertificate,
- sRevokedKeys, sTrustedUserCAKeys, sAuthorizedPrincipalsFile,
--+ sTcpRcvBufPoll, sHPNDisabled, sHPNBufferSize,
-++ sTcpRcvBufPoll, sHPNDisabled, sHPNBufferSize, sNoneEnabled,
- sKexAlgorithms, sIPQoS, sVersionAddendum,
- sAuthorizedKeysCommand, sAuthorizedKeysCommandUser,
--- sAuthenticationMethods, sHostKeyAgent,
--+ sAuthenticationMethods, sNoneEnabled, sHostKeyAgent,
-- sDeprecated, sUnsupported
-- } ServerOpCodes;
--
-+ sAuthenticationMethods, sHostKeyAgent,
- @@ -468,6 +517,10 @@
- { "revokedkeys", sRevokedKeys, SSHCFG_ALL },
- { "trustedusercakeys", sTrustedUserCAKeys, SSHCFG_ALL },
diff --git a/net-misc/openssh/files/openssh-6.6.1_p1.patch
b/net-misc/openssh/files/openssh-6.6.1_p1.patch
deleted file mode 100644
index b11f6fb..0000000
--- a/net-misc/openssh/files/openssh-6.6.1_p1.patch
+++ /dev/null
@@ -1,167 +0,0 @@
-Hi,
-
-So I screwed up when writing the support for the curve25519 KEX method
-that doesn't depend on OpenSSL's BIGNUM type - a bug in my code left
-leading zero bytes where they should have been skipped. The impact of
-this is that OpenSSH 6.5 and 6.6 will fail during key exchange with a
-peer that implements curve25519-sha256 at libssh.org properly about 0.2%
-of the time (one in every 512ish connections).
-
-We've fixed this for OpenSSH 6.7 by avoiding the curve25519-sha256
-key exchange for previous versions, but I'd recommend distributors
-of OpenSSH apply this patch so the affected code doesn't become
-too entrenched in LTS releases.
-
-The patch fixes the bug and makes OpenSSH identify itself as 6.6.1 so as
-to distinguish itself from the incorrect versions so the compatibility
-code to disable the affected KEX isn't activated.
-
-I've committed this on the 6.6 branch too.
-
-Apologies for the hassle.
-
--d
-
-Index: version.h
-===================================================================
-RCS file: /var/cvs/openssh/version.h,v
-retrieving revision 1.82
-diff -u -p -r1.82 version.h
---- version.h 27 Feb 2014 23:01:54 -0000 1.82
-+++ version.h 20 Apr 2014 03:35:15 -0000
-@@ -1,6 +1,6 @@
- /* $OpenBSD: version.h,v 1.70 2014/02/27 22:57:40 djm Exp $ */
-
--#define SSH_VERSION "OpenSSH_6.6"
-+#define SSH_VERSION "OpenSSH_6.6.1"
-
- #define SSH_PORTABLE "p1"
- #define SSH_RELEASE SSH_VERSION SSH_PORTABLE
-Index: compat.c
-===================================================================
-RCS file: /var/cvs/openssh/compat.c,v
-retrieving revision 1.82
-retrieving revision 1.85
-diff -u -p -r1.82 -r1.85
---- compat.c 31 Dec 2013 01:25:41 -0000 1.82
-+++ compat.c 20 Apr 2014 03:33:59 -0000 1.85
-@@ -95,6 +95,9 @@ compat_datafellows(const char *version)
- { "Sun_SSH_1.0*", SSH_BUG_NOREKEY|SSH_BUG_EXTEOF},
- { "OpenSSH_4*", 0 },
- { "OpenSSH_5*", SSH_NEW_OPENSSH|SSH_BUG_DYNAMIC_RPORT},
-+ { "OpenSSH_6.6.1*", SSH_NEW_OPENSSH},
-+ { "OpenSSH_6.5*,"
-+ "OpenSSH_6.6*", SSH_NEW_OPENSSH|SSH_BUG_CURVE25519PAD},
- { "OpenSSH*", SSH_NEW_OPENSSH },
- { "*MindTerm*", 0 },
- { "2.1.0*", SSH_BUG_SIGBLOB|SSH_BUG_HMAC|
-@@ -251,7 +254,6 @@ compat_cipher_proposal(char *cipher_prop
- return cipher_prop;
- }
-
--
- char *
- compat_pkalg_proposal(char *pkalg_prop)
- {
-@@ -263,5 +265,18 @@ compat_pkalg_proposal(char *pkalg_prop)
- if (*pkalg_prop == '\0')
- fatal("No supported PK algorithms found");
- return pkalg_prop;
-+}
-+
-+char *
-+compat_kex_proposal(char *kex_prop)
-+{
-+ if (!(datafellows & SSH_BUG_CURVE25519PAD))
-+ return kex_prop;
-+ debug2("%s: original KEX proposal: %s", __func__, kex_prop);
-+ kex_prop = filter_proposal(kex_prop, "curve25519-sha256 at libssh.org");
-+ debug2("%s: compat KEX proposal: %s", __func__, kex_prop);
-+ if (*kex_prop == '\0')
-+ fatal("No supported key exchange algorithms found");
-+ return kex_prop;
- }
-
-Index: compat.h
-===================================================================
-RCS file: /var/cvs/openssh/compat.h,v
-retrieving revision 1.42
-retrieving revision 1.43
-diff -u -p -r1.42 -r1.43
---- compat.h 31 Dec 2013 01:25:41 -0000 1.42
-+++ compat.h 20 Apr 2014 03:25:31 -0000 1.43
-@@ -59,6 +59,7 @@
- #define SSH_BUG_RFWD_ADDR 0x02000000
- #define SSH_NEW_OPENSSH 0x04000000
- #define SSH_BUG_DYNAMIC_RPORT 0x08000000
-+#define SSH_BUG_CURVE25519PAD 0x10000000
-
- void enable_compat13(void);
- void enable_compat20(void);
-@@ -66,6 +67,7 @@ void compat_datafellows(const char *
- int proto_spec(const char *);
- char *compat_cipher_proposal(char *);
- char *compat_pkalg_proposal(char *);
-+char *compat_kex_proposal(char *);
-
- extern int compat13;
- extern int compat20;
-Index: sshd.c
-===================================================================
-RCS file: /var/cvs/openssh/sshd.c,v
-retrieving revision 1.448
-retrieving revision 1.453
-diff -u -p -r1.448 -r1.453
---- sshd.c 26 Feb 2014 23:20:08 -0000 1.448
-+++ sshd.c 20 Apr 2014 03:28:41 -0000 1.453
-@@ -2462,6 +2438,9 @@ do_ssh2_kex(void)
- if (options.kex_algorithms != NULL)
- myproposal[PROPOSAL_KEX_ALGS] = options.kex_algorithms;
-
-+ myproposal[PROPOSAL_KEX_ALGS] = compat_kex_proposal(
-+ myproposal[PROPOSAL_KEX_ALGS]);
-+
- if (options.rekey_limit || options.rekey_interval)
- packet_set_rekey_limits((u_int32_t)options.rekey_limit,
- (time_t)options.rekey_interval);
-Index: sshconnect2.c
-===================================================================
-RCS file: /var/cvs/openssh/sshconnect2.c,v
-retrieving revision 1.197
-retrieving revision 1.199
-diff -u -p -r1.197 -r1.199
---- sshconnect2.c 4 Feb 2014 00:20:16 -0000 1.197
-+++ sshconnect2.c 20 Apr 2014 03:25:31 -0000 1.199
-@@ -195,6 +196,8 @@ ssh_kex2(char *host, struct sockaddr *ho
- }
- if (options.kex_algorithms != NULL)
- myproposal[PROPOSAL_KEX_ALGS] = options.kex_algorithms;
-+ myproposal[PROPOSAL_KEX_ALGS] = compat_kex_proposal(
-+ myproposal[PROPOSAL_KEX_ALGS]);
-
- if (options.rekey_limit || options.rekey_interval)
- packet_set_rekey_limits((u_int32_t)options.rekey_limit,
-Index: bufaux.c
-===================================================================
-RCS file: /var/cvs/openssh/bufaux.c,v
-retrieving revision 1.62
-retrieving revision 1.63
-diff -u -p -r1.62 -r1.63
---- bufaux.c 4 Feb 2014 00:20:15 -0000 1.62
-+++ bufaux.c 20 Apr 2014 03:24:50 -0000 1.63
-@@ -1,4 +1,4 @@
--/* $OpenBSD: bufaux.c,v 1.56 2014/02/02 03:44:31 djm Exp $ */
-+/* $OpenBSD: bufaux.c,v 1.57 2014/04/16 23:22:45 djm Exp $ */
- /*
- * Author: Tatu Ylonen <ylo at cs.hut.fi>
- * Copyright (c) 1995 Tatu Ylonen <ylo at cs.hut.fi>, Espoo, Finland
-@@ -372,6 +372,9 @@ buffer_put_bignum2_from_string(Buffer *b
-
- if (l > 8 * 1024)
- fatal("%s: length %u too long", __func__, l);
-+ /* Skip leading zero bytes */
-+ for (; l > 0 && *s == 0; l--, s++)
-+ ;
- p = buf = xmalloc(l + 1);
- /*
- * If most significant bit is set then prepend a zero byte to
diff --git a/net-misc/openssh/files/openssh-6.6_p1-openssl-ignore-status.patch
b/net-misc/openssh/files/openssh-6.6_p1-openssl-ignore-status.patch
deleted file mode 100644
index 6db6b97..0000000
--- a/net-misc/openssh/files/openssh-6.6_p1-openssl-ignore-status.patch
+++ /dev/null
@@ -1,17 +0,0 @@
-the last nibble of the openssl version represents the status. that is,
-whether it is a beta or release. when it comes to version checks in
-openssh, this component does not matter, so ignore it.
-
-https://bugzilla.mindrot.org/show_bug.cgi?id=2212
-
---- a/entropy.c
-+++ b/entropy.c
-@@ -216,7 +216,7 @@ seed_rng(void)
- * allow 1.0.1 to work with 1.0.0). Going backwards is only allowed
- * within a patch series.
- */
-- u_long version_mask = SSLeay() >= 0x1000000f ? ~0xffff0L : ~0xff0L;
-+ u_long version_mask = SSLeay() >= 0x1000000f ? ~0xfffffL : ~0xff0L;
- if (((SSLeay() ^ OPENSSL_VERSION_NUMBER) & version_mask) ||
- (SSLeay() >> 12) < (OPENSSL_VERSION_NUMBER >> 12))
- fatal("OpenSSL version mismatch. Built against %lx, you "
diff --git a/net-misc/openssh/files/openssh-6.6_p1-x509-glue.patch
b/net-misc/openssh/files/openssh-6.6_p1-x509-glue.patch
deleted file mode 100644
index 0ba3e45..0000000
--- a/net-misc/openssh/files/openssh-6.6_p1-x509-glue.patch
+++ /dev/null
@@ -1,16 +0,0 @@
-Make x509 apply after openssh-5.9_p1-sshd-gssapi-multihomed.patch.
-
---- openssh-6.6p1+x509-7.9.diff
-+++ openssh-6.6p1+x509-7.9.diff
-@@ -15473,10 +15473,9 @@
- .It Cm ChallengeResponseAuthentication
- Specifies whether challenge-response authentication is allowed (e.g. via
- PAM or though authentication styles supported in
--@@ -499,6 +576,16 @@
-+@@ -499,5 +576,15 @@
- The default is
- .Dq yes .
-- Note that this option applies to protocol version 2 only.
- +.It Cm HostbasedAlgorithms
- +Specifies the protocol version 2 algorithms used in
- +.Dq hostbased
diff --git a/net-misc/openssh/files/openssh-6.6_p1-x509-hpn14v4-glue-p2.patch
b/net-misc/openssh/files/openssh-6.6_p1-x509-hpn14v4-glue-p2.patch
deleted file mode 100644
index a69830e..0000000
--- a/net-misc/openssh/files/openssh-6.6_p1-x509-hpn14v4-glue-p2.patch
+++ /dev/null
@@ -1,26 +0,0 @@
-make the hpn patch apply when the x509 patch has also been applied
-
---- openssh-6.6p1-hpnssh14v4.diff
-+++ openssh-6.6p1-hpnssh14v4.diff
-@@ -1742,18 +1742,14 @@
- if (options->ip_qos_interactive == -1)
- options->ip_qos_interactive = IPTOS_LOWDELAY;
- if (options->ip_qos_bulk == -1)
--@@ -345,9 +393,10 @@
-+@@ -345,6 +393,7 @@
- sUsePrivilegeSeparation, sAllowAgentForwarding,
- sHostCertificate,
- sRevokedKeys, sTrustedUserCAKeys, sAuthorizedPrincipalsFile,
--+ sTcpRcvBufPoll, sHPNDisabled, sHPNBufferSize,
-++ sTcpRcvBufPoll, sHPNDisabled, sHPNBufferSize, sNoneEnabled,
- sKexAlgorithms, sIPQoS, sVersionAddendum,
- sAuthorizedKeysCommand, sAuthorizedKeysCommandUser,
--- sAuthenticationMethods, sHostKeyAgent,
--+ sAuthenticationMethods, sNoneEnabled, sHostKeyAgent,
-- sDeprecated, sUnsupported
-- } ServerOpCodes;
--
-+ sAuthenticationMethods, sHostKeyAgent,
- @@ -468,6 +517,10 @@
- { "revokedkeys", sRevokedKeys, SSHCFG_ALL },
- { "trustedusercakeys", sTrustedUserCAKeys, SSHCFG_ALL },
diff --git a/net-misc/openssh/metadata.xml b/net-misc/openssh/metadata.xml
index 5765fa2..885648b 100644
--- a/net-misc/openssh/metadata.xml
+++ b/net-misc/openssh/metadata.xml
@@ -25,6 +25,7 @@ ssh-keygen and sftp-server. OpenSSH supports SSH protocol
versions 1.3, 1.5, and
<flag name="hpn">Enable high performance ssh</flag>
<flag name="ldap">Add support for storing SSH public keys in LDAP</flag>
<flag name="ldns">Use LDNS for DNSSEC/SSHFP validation.</flag>
+ <flag name="sctp">Support for Stream Control Transmission
Protocol</flag>
<flag name="X509">Adds support for X.509 certificate
authentication</flag>
</use>
<upstream>
diff --git a/net-misc/openssh/openssh-6.6.1_p1-r99.ebuild
b/net-misc/openssh/openssh-6.6.1_p1-r99.ebuild
deleted file mode 100644
index f12f244..0000000
--- a/net-misc/openssh/openssh-6.6.1_p1-r99.ebuild
+++ /dev/null
@@ -1,323 +0,0 @@
-# Copyright 1999-2014 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Header:
/var/cvsroot/gentoo-x86/net-misc/openssh/openssh-6.6.1_p1-r99.ebuild,v 1.2
2014/03/20 20:58:31 vapier Exp $
-
-EAPI="4"
-inherit eutils user flag-o-matic multilib autotools pam systemd versionator
-
-# Make it more portable between straight releases
-# and _p? releases.
-PARCH=${P/.1_}
-
-#HPN_PATCH="${PN}-6.6p1-hpnssh14v4.diff.gz"
-HPN_PATCH="${PN}-6.6.1p1-hpnssh14v4.diff.xz"
-LDAP_PATCH="${PN}-lpk-6.5p1-0.3.14.patch.gz"
-X509_VER="7.9" X509_PATCH="${PARCH}+x509-${X509_VER}.diff.gz"
-
-DESCRIPTION="Port of OpenBSD's free SSH release"
-HOMEPAGE="http://www.openssh.org/";
-SRC_URI="mirror://openbsd/OpenSSH/portable/${PARCH}.tar.gz
- ${HPN_PATCH:+hpn? ( http://dev.gentoo.org/~polynomial-c/${HPN_PATCH} )}
- ${LDAP_PATCH:+ldap? ( mirror://gentoo/${LDAP_PATCH} )}
- ${X509_PATCH:+X509? (
http://roumenpetrov.info/openssh/x509-${X509_VER}/${X509_PATCH} )}
- "
- #${HPN_PATCH:+hpn? ( mirror://sourceforge/hpnssh/${HPN_PATCH} )}
-
-LICENSE="BSD GPL-2"
-SLOT="0"
-KEYWORDS="~amd64 ~arm ~mips ~ppc ~x86"
-IUSE="bindist ${HPN_PATCH:++}hpn kerberos ldap ldns libedit pam selinux skey
static tcpd X X509"
-
-LIB_DEPEND="selinux? ( >=sys-libs/libselinux-1.28[static-libs(+)] )
- skey? ( >=sys-auth/skey-1.1.5-r1[static-libs(+)] )
- libedit? ( dev-libs/libedit[static-libs(+)] )
- >=dev-libs/openssl-0.9.6d:0[bindist=]
- dev-libs/openssl[static-libs(+)]
- >=sys-libs/zlib-1.2.3[static-libs(+)]
- tcpd? ( >=sys-apps/tcp-wrappers-7.6[static-libs(+)] )"
-RDEPEND="
- !static? (
- ${LIB_DEPEND//\[static-libs(+)]}
- ldns? (
- !bindist? ( net-libs/ldns[ecdsa,ssl] )
- bindist? ( net-libs/ldns[-ecdsa,ssl] )
- )
- )
- pam? ( virtual/pam )
- kerberos? ( virtual/krb5 )
- ldap? ( net-nds/openldap )"
-DEPEND="${RDEPEND}
- static? (
- ${LIB_DEPEND}
- ldns? (
- !bindist? ( net-libs/ldns[ecdsa,ssl,static-libs(+)] )
- bindist? ( net-libs/ldns[-ecdsa,ssl,static-libs(+)] )
- )
- )
- virtual/pkgconfig
- virtual/os-headers
- sys-devel/autoconf"
-RDEPEND="${RDEPEND}
- pam? ( >=sys-auth/pambase-20081028 )
- userland_GNU? ( virtual/shadow )
- X? ( x11-apps/xauth )"
-
-S=${WORKDIR}/${PARCH}
-
-pkg_setup() {
- # this sucks, but i'd rather have people unable to `emerge -u openssh`
- # than not be able to log in to their server any more
- maybe_fail() { [[ -z ${!2} ]] && echo "$1" ; }
- local fail="
- $(use X509 && maybe_fail X509 X509_PATCH)
- $(use ldap && maybe_fail ldap LDAP_PATCH)
- $(use hpn && maybe_fail hpn HPN_PATCH)
- "
- fail=$(echo ${fail})
- if [[ -n ${fail} ]] ; then
- eerror "Sorry, but this version does not yet support features"
- eerror "that you requested: ${fail}"
- eerror "Please mask ${PF} for now and check back later:"
- eerror " # echo '=${CATEGORY}/${PF}' >>
/etc/portage/package.mask"
- die "booooo"
- fi
-}
-
-save_version() {
- # version.h patch conflict avoidence
- mv version.h version.h.$1
- cp -f version.h.pristine version.h
-}
-
-src_prepare() {
- sed -i \
- -e
"/_PATH_XAUTH/s:/usr/X11R6/bin/xauth:${EPREFIX}/usr/bin/xauth:" \
- pathnames.h || die
- # keep this as we need it to avoid the conflict between LPK and HPN
changing
- # this file.
- cp version.h version.h.pristine
-
- # don't break .ssh/authorized_keys2 for fun
- sed -i '/^AuthorizedKeysFile/s:^:#:' sshd_config || die
-
- epatch "${FILESDIR}"/${P}.patch #508604
-
- epatch "${FILESDIR}"/${PN}-5.9_p1-sshd-gssapi-multihomed.patch #378361
- if use X509 ; then
- pushd .. >/dev/null
- epatch "${FILESDIR}"/${PN}-6.6_p1-x509-glue.patch
- use hpn && epatch
"${FILESDIR}"/${PN}-6.6.1_p1-x509-hpn14v4-glue-p2.patch
- popd >/dev/null
- epatch "${WORKDIR}"/${X509_PATCH%.*}
- epatch "${FILESDIR}"/${PN}-6.3_p1-x509-hpn14v2-glue.patch
- save_version X509
- fi
- if ! use X509 ; then
- if [[ -n ${LDAP_PATCH} ]] && use ldap ; then
- epatch "${WORKDIR}"/${LDAP_PATCH%.*}
- save_version LPK
- fi
- else
- use ldap && ewarn "Sorry, X509 and LDAP conflict internally,
disabling LDAP"
- fi
- epatch "${FILESDIR}"/${PN}-4.7_p1-GSSAPI-dns.patch #165444 integrated
into gsskex
- epatch "${FILESDIR}"/${PN}-6.6_p1-openssl-ignore-status.patch
- if [[ -n ${HPN_PATCH} ]] && use hpn; then
- epatch "${WORKDIR}"/${HPN_PATCH%.*}
- epatch "${FILESDIR}"/${PN}-6.5_p1-hpn-cipher-align.patch #498632
- save_version HPN
- fi
-
- tc-export PKG_CONFIG
- local sed_args=(
- -e "s:-lcrypto:$(${PKG_CONFIG} --libs openssl):"
- # Disable PATH reset, trust what portage gives us #254615
- -e 's:^PATH=/:#PATH=/:'
- # Disable fortify flags ... our gcc does this for us
- -e 's:-D_FORTIFY_SOURCE=2::'
- )
- # The -ftrapv flag ICEs on hppa #505182
- use hppa && sed_args+=(
- -e '/CFLAGS/s:-ftrapv:-fdisable-this-test:'
- -e '/OSSH_CHECK_CFLAG_LINK.*-ftrapv/d'
- )
- sed -i "${sed_args[@]}" configure{.ac,} || die
-
- epatch "${FILESDIR}"/${PN}-6.4p1-avoid-exit.patch
- epatch "${FILESDIR}"/${PN}-6.4p1-missing-sys_param_h.patch
- epatch "${FILESDIR}"/${PN}-6.4p1-fix-typo-construct_utmpx.patch
-
- epatch_user #473004
-
- # Now we can build a sane merged version.h
- (
- sed '/^#define SSH_RELEASE/d' version.h.* | sort -u
- macros=()
- for p in HPN LPK X509 ; do [ -e version.h.${p} ] && macros+=(
SSH_${p} ) ; done
- printf '#define SSH_RELEASE SSH_VERSION SSH_PORTABLE %s\n'
"${macros}"
- ) > version.h
-
- eautoreconf
-}
-
-static_use_with() {
- local flag=$1
- if use static && use ${flag} ; then
- ewarn "Disabling '${flag}' support because of USE='static'"
- # rebuild args so that we invert the first one (USE flag)
- # but otherwise leave everything else working so we can
- # just leverage use_with
- shift
- [[ -z $1 ]] && flag="${flag} ${flag}"
- set -- !${flag} "$@"
- fi
- use_with "$@"
-}
-
-src_configure() {
- local myconf
- addwrite /dev/ptmx
- addpredict /etc/skey/skeykeys #skey configure code triggers this
-
- use static && append-ldflags -static
-
- # Special settings for Gentoo/FreeBSD 9.0 or later (see bug #391011)
- if use elibc_FreeBSD && version_is_at_least 9.0 "$(uname -r|sed
's/\(.\..\).*/\1/')" ; then
- myconf="${myconf} --disable-utmp --disable-wtmp --disable-wtmpx"
- append-ldflags -lutil
- fi
-
- econf \
- --with-ldflags="${LDFLAGS}" \
- --disable-strip \
- --with-pid-dir="${EPREFIX}"/var/run \
- --sysconfdir="${EPREFIX}"/etc/ssh \
- --libexecdir="${EPREFIX}"/usr/$(get_libdir)/misc \
- --datadir="${EPREFIX}"/usr/share/openssh \
- --with-privsep-path="${EPREFIX}"/var/empty \
- --with-privsep-user=sshd \
- --with-md5-passwords \
- --with-ssl-engine \
- $(static_use_with pam) \
- $(static_use_with kerberos kerberos5 /usr) \
- ${LDAP_PATCH:+$(use X509 || ( use ldap && use_with ldap ))} \
- $(use_with ldns) \
- $(use_with libedit) \
- $(use_with selinux) \
- $(use_with skey) \
- $(use_with tcpd tcp-wrappers) \
- ${myconf}
-}
-
-src_install() {
- emake install-nokeys DESTDIR="${D}"
- fperms 600 /etc/ssh/sshd_config
- dobin contrib/ssh-copy-id
- newinitd "${FILESDIR}"/sshd.rc6.4 sshd
- newconfd "${FILESDIR}"/sshd.confd sshd
- keepdir /var/empty
-
- # not all openssl installs support ecc, or are functional #352645
- if ! grep -q '#define OPENSSL_HAS_ECC 1' config.h ; then
- elog "dev-libs/openssl was built with 'bindist' - disabling
ecdsa support"
- sed -i 's:&& gen_key ecdsa::' "${ED}"/etc/init.d/sshd || die
- fi
-
- newpamd "${FILESDIR}"/sshd.pam_include.2 sshd
- if use pam ; then
- sed -i \
- -e "/^#UsePAM /s:.*:UsePAM yes:" \
- -e "/^#PasswordAuthentication
/s:.*:PasswordAuthentication no:" \
- -e "/^#PrintMotd /s:.*:PrintMotd no:" \
- -e "/^#PrintLastLog /s:.*:PrintLastLog no:" \
- "${ED}"/etc/ssh/sshd_config || die "sed of
configuration file failed"
- fi
-
- # Gentoo tweaks to default config files
- cat <<-EOF >> "${ED}"/etc/ssh/sshd_config
-
- # Allow client to pass locale environment variables #367017
- AcceptEnv LANG LC_*
- EOF
- cat <<-EOF >> "${ED}"/etc/ssh/ssh_config
-
- # Send locale environment variables #367017
- SendEnv LANG LC_*
- EOF
-
- # This instruction is from the HPN webpage,
- # Used for the server logging functionality
- if [[ -n ${HPN_PATCH} ]] && use hpn ; then
- keepdir /var/empty/dev
- fi
-
- if ! use X509 && [[ -n ${LDAP_PATCH} ]] && use ldap ; then
- insinto /etc/openldap/schema/
- newins openssh-lpk_openldap.schema openssh-lpk.schema
- fi
-
- doman contrib/ssh-copy-id.1
- dodoc ChangeLog CREDITS OVERVIEW README* TODO sshd_config
-
- diropts -m 0700
- dodir /etc/skel/.ssh
-
- systemd_dounit "${FILESDIR}"/sshd.{service,socket}
- systemd_newunit "${FILESDIR}"/sshd_at.service '[email protected]'
-}
-
-src_test() {
- local t tests skipped failed passed shell
- tests="interop-tests compat-tests"
- skipped=""
- shell=$(egetshell ${UID})
- if [[ ${shell} == */nologin ]] || [[ ${shell} == */false ]] ; then
- elog "Running the full OpenSSH testsuite"
- elog "requires a usable shell for the 'portage'"
- elog "user, so we will run a subset only."
- skipped="${skipped} tests"
- else
- tests="${tests} tests"
- fi
- # It will also attempt to write to the homedir .ssh
- local sshhome=${T}/homedir
- mkdir -p "${sshhome}"/.ssh
- for t in ${tests} ; do
- # Some tests read from stdin ...
- HOMEDIR="${sshhome}" \
- emake -k -j1 ${t} </dev/null \
- && passed="${passed}${t} " \
- || failed="${failed}${t} "
- done
- einfo "Passed tests: ${passed}"
- ewarn "Skipped tests: ${skipped}"
- if [[ -n ${failed} ]] ; then
- ewarn "Failed tests: ${failed}"
- die "Some tests failed: ${failed}"
- else
- einfo "Failed tests: ${failed}"
- return 0
- fi
-}
-
-pkg_preinst() {
- enewgroup sshd 22
- enewuser sshd 22 -1 /var/empty sshd
-}
-
-pkg_postinst() {
- if has_version "<${CATEGORY}/${PN}-5.8_p1" ; then
- elog "Starting with openssh-5.8p1, the server will default to a
newer key"
- elog "algorithm (ECDSA). You are encouraged to manually update
your stored"
- elog "keys list as servers update theirs. See ssh-keyscan(1)
for more info."
- fi
- ewarn "Remember to merge your config files in /etc/ssh/ and then"
- ewarn "reload sshd: '/etc/init.d/sshd reload'."
- # This instruction is from the HPN webpage,
- # Used for the server logging functionality
- if [[ -n ${HPN_PATCH} ]] && use hpn ; then
- echo
- einfo "For the HPN server logging patch, you must ensure that"
- einfo "your syslog application also listens at
/var/empty/dev/log."
- fi
-}
diff --git a/net-misc/openssh/openssh-6.6_p1-r99.ebuild
b/net-misc/openssh/openssh-6.6_p1-r99.ebuild
deleted file mode 100644
index 3d51e6e..0000000
--- a/net-misc/openssh/openssh-6.6_p1-r99.ebuild
+++ /dev/null
@@ -1,320 +0,0 @@
-# Copyright 1999-2014 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/net-misc/openssh/openssh-6.6_p1-r1.ebuild,v
1.2 2014/03/20 20:58:31 vapier Exp $
-
-EAPI="4"
-inherit eutils user flag-o-matic multilib autotools pam systemd versionator
-
-# Make it more portable between straight releases
-# and _p? releases.
-PARCH=${P/_}
-
-#HPN_PATCH="${PN}-6.6p1-hpnssh14v4.diff.gz"
-HPN_PATCH="${PN}-6.6p1-hpnssh14v4.diff.xz"
-LDAP_PATCH="${PN}-lpk-6.5p1-0.3.14.patch.gz"
-X509_VER="7.9" X509_PATCH="${PARCH}+x509-${X509_VER}.diff.gz"
-
-DESCRIPTION="Port of OpenBSD's free SSH release"
-HOMEPAGE="http://www.openssh.org/";
-SRC_URI="mirror://openbsd/OpenSSH/portable/${PARCH}.tar.gz
- ${HPN_PATCH:+hpn? ( http://dev.gentoo.org/~polynomial-c/${HPN_PATCH} )}
- ${LDAP_PATCH:+ldap? ( mirror://gentoo/${LDAP_PATCH} )}
- ${X509_PATCH:+X509? (
http://roumenpetrov.info/openssh/x509-${X509_VER}/${X509_PATCH} )}
- "
- #${HPN_PATCH:+hpn? ( mirror://sourceforge/hpnssh/${HPN_PATCH} )}
-
-LICENSE="BSD GPL-2"
-SLOT="0"
-KEYWORDS="amd64 arm ~mips ppc x86"
-IUSE="bindist ${HPN_PATCH:++}hpn kerberos ldap ldns libedit pam selinux skey
static tcpd X X509"
-
-LIB_DEPEND="selinux? ( >=sys-libs/libselinux-1.28[static-libs(+)] )
- skey? ( >=sys-auth/skey-1.1.5-r1[static-libs(+)] )
- libedit? ( dev-libs/libedit[static-libs(+)] )
- >=dev-libs/openssl-0.9.6d:0[bindist=]
- dev-libs/openssl[static-libs(+)]
- >=sys-libs/zlib-1.2.3[static-libs(+)]
- tcpd? ( >=sys-apps/tcp-wrappers-7.6[static-libs(+)] )"
-RDEPEND="
- !static? (
- ${LIB_DEPEND//\[static-libs(+)]}
- ldns? (
- !bindist? ( net-libs/ldns[ecdsa,ssl] )
- bindist? ( net-libs/ldns[-ecdsa,ssl] )
- )
- )
- pam? ( virtual/pam )
- kerberos? ( virtual/krb5 )
- ldap? ( net-nds/openldap )"
-DEPEND="${RDEPEND}
- static? (
- ${LIB_DEPEND}
- ldns? (
- !bindist? ( net-libs/ldns[ecdsa,ssl,static-libs(+)] )
- bindist? ( net-libs/ldns[-ecdsa,ssl,static-libs(+)] )
- )
- )
- virtual/pkgconfig
- virtual/os-headers
- sys-devel/autoconf"
-RDEPEND="${RDEPEND}
- pam? ( >=sys-auth/pambase-20081028 )
- userland_GNU? ( virtual/shadow )
- X? ( x11-apps/xauth )"
-
-S=${WORKDIR}/${PARCH}
-
-pkg_setup() {
- # this sucks, but i'd rather have people unable to `emerge -u openssh`
- # than not be able to log in to their server any more
- maybe_fail() { [[ -z ${!2} ]] && echo "$1" ; }
- local fail="
- $(use X509 && maybe_fail X509 X509_PATCH)
- $(use ldap && maybe_fail ldap LDAP_PATCH)
- $(use hpn && maybe_fail hpn HPN_PATCH)
- "
- fail=$(echo ${fail})
- if [[ -n ${fail} ]] ; then
- eerror "Sorry, but this version does not yet support features"
- eerror "that you requested: ${fail}"
- eerror "Please mask ${PF} for now and check back later:"
- eerror " # echo '=${CATEGORY}/${PF}' >>
/etc/portage/package.mask"
- die "booooo"
- fi
-}
-
-save_version() {
- # version.h patch conflict avoidence
- mv version.h version.h.$1
- cp -f version.h.pristine version.h
-}
-
-src_prepare() {
- sed -i \
- -e
"/_PATH_XAUTH/s:/usr/X11R6/bin/xauth:${EPREFIX}/usr/bin/xauth:" \
- pathnames.h || die
- # keep this as we need it to avoid the conflict between LPK and HPN
changing
- # this file.
- cp version.h version.h.pristine
-
- # don't break .ssh/authorized_keys2 for fun
- sed -i '/^AuthorizedKeysFile/s:^:#:' sshd_config || die
-
- epatch "${FILESDIR}"/${PN}-5.9_p1-sshd-gssapi-multihomed.patch #378361
- if use X509 ; then
- pushd .. >/dev/null
- epatch "${FILESDIR}"/${PN}-6.6_p1-x509-glue.patch
- use hpn && epatch
"${FILESDIR}"/${PN}-6.6_p1-x509-hpn14v4-glue-p2.patch
- popd >/dev/null
- epatch "${WORKDIR}"/${X509_PATCH%.*}
- epatch "${FILESDIR}"/${PN}-6.3_p1-x509-hpn14v2-glue.patch
- save_version X509
- fi
- if ! use X509 ; then
- if [[ -n ${LDAP_PATCH} ]] && use ldap ; then
- epatch "${WORKDIR}"/${LDAP_PATCH%.*}
- save_version LPK
- fi
- else
- use ldap && ewarn "Sorry, X509 and LDAP conflict internally,
disabling LDAP"
- fi
- epatch "${FILESDIR}"/${PN}-4.7_p1-GSSAPI-dns.patch #165444 integrated
into gsskex
- epatch "${FILESDIR}"/${PN}-6.6_p1-openssl-ignore-status.patch
- if [[ -n ${HPN_PATCH} ]] && use hpn; then
- epatch "${WORKDIR}"/${HPN_PATCH%.*}
- epatch "${FILESDIR}"/${PN}-6.5_p1-hpn-cipher-align.patch #498632
- save_version HPN
- fi
-
- tc-export PKG_CONFIG
- local sed_args=(
- -e "s:-lcrypto:$(${PKG_CONFIG} --libs openssl):"
- # Disable PATH reset, trust what portage gives us #254615
- -e 's:^PATH=/:#PATH=/:'
- # Disable fortify flags ... our gcc does this for us
- -e 's:-D_FORTIFY_SOURCE=2::'
- )
- sed -i "${sed_args[@]}" configure{,.ac} || die
-
- epatch "${FILESDIR}"/${PN}-6.4p1-avoid-exit.patch
- epatch "${FILESDIR}"/${PN}-6.4p1-missing-sys_param_h.patch
- epatch "${FILESDIR}"/${PN}-6.4p1-fix-typo-construct_utmpx.patch
-
- epatch_user #473004
-
- # Now we can build a sane merged version.h
- (
- sed '/^#define SSH_RELEASE/d' version.h.* | sort -u
- macros=()
- for p in HPN LPK X509 ; do [ -e version.h.${p} ] && macros+=(
SSH_${p} ) ; done
- printf '#define SSH_RELEASE SSH_VERSION SSH_PORTABLE %s\n'
"${macros}"
- ) > version.h
-
- eautoreconf
-}
-
-static_use_with() {
- local flag=$1
- if use static && use ${flag} ; then
- ewarn "Disabling '${flag}' support because of USE='static'"
- # rebuild args so that we invert the first one (USE flag)
- # but otherwise leave everything else working so we can
- # just leverage use_with
- shift
- [[ -z $1 ]] && flag="${flag} ${flag}"
- set -- !${flag} "$@"
- fi
- use_with "$@"
-}
-
-src_configure() {
- local myconf
- addwrite /dev/ptmx
- addpredict /etc/skey/skeykeys #skey configure code triggers this
-
- use static && append-ldflags -static
-
- # Special settings for Gentoo/FreeBSD 9.0 or later (see bug #391011)
- if use elibc_FreeBSD && version_is_at_least 9.0 "$(uname -r|sed
's/\(.\..\).*/\1/')" ; then
- myconf="${myconf} --disable-utmp --disable-wtmp --disable-wtmpx"
- append-ldflags -lutil
- fi
-
- # __stack_chk_fail_local
- use x86 && myconf="${myconf} --without-stackprotect"
- use ppc && myconf="${myconf} --without-stackprotect"
-
- econf \
- --with-ldflags="${LDFLAGS}" \
- --disable-strip \
- --with-pid-dir="${EPREFIX}"/var/run \
- --sysconfdir="${EPREFIX}"/etc/ssh \
- --libexecdir="${EPREFIX}"/usr/$(get_libdir)/misc \
- --datadir="${EPREFIX}"/usr/share/openssh \
- --with-privsep-path="${EPREFIX}"/var/empty \
- --with-privsep-user=sshd \
- --with-md5-passwords \
- --with-ssl-engine \
- $(static_use_with pam) \
- $(static_use_with kerberos kerberos5 /usr) \
- ${LDAP_PATCH:+$(use X509 || ( use ldap && use_with ldap ))} \
- $(use_with ldns) \
- $(use_with libedit) \
- $(use_with selinux) \
- $(use_with skey) \
- $(use_with tcpd tcp-wrappers) \
- ${myconf}
-}
-
-src_install() {
- emake install-nokeys DESTDIR="${D}"
- fperms 600 /etc/ssh/sshd_config
- dobin contrib/ssh-copy-id
- newinitd "${FILESDIR}"/sshd.rc6.4 sshd
- newconfd "${FILESDIR}"/sshd.confd sshd
- keepdir /var/empty
-
- # not all openssl installs support ecc, or are functional #352645
- if ! grep -q '#define OPENSSL_HAS_ECC 1' config.h ; then
- elog "dev-libs/openssl was built with 'bindist' - disabling
ecdsa support"
- sed -i 's:&& gen_key ecdsa::' "${ED}"/etc/init.d/sshd || die
- fi
-
- newpamd "${FILESDIR}"/sshd.pam_include.2 sshd
- if use pam ; then
- sed -i \
- -e "/^#UsePAM /s:.*:UsePAM yes:" \
- -e "/^#PasswordAuthentication
/s:.*:PasswordAuthentication no:" \
- -e "/^#PrintMotd /s:.*:PrintMotd no:" \
- -e "/^#PrintLastLog /s:.*:PrintLastLog no:" \
- "${ED}"/etc/ssh/sshd_config || die "sed of
configuration file failed"
- fi
-
- # Gentoo tweaks to default config files
- cat <<-EOF >> "${ED}"/etc/ssh/sshd_config
-
- # Allow client to pass locale environment variables #367017
- AcceptEnv LANG LC_*
- EOF
- cat <<-EOF >> "${ED}"/etc/ssh/ssh_config
-
- # Send locale environment variables #367017
- SendEnv LANG LC_*
- EOF
-
- # This instruction is from the HPN webpage,
- # Used for the server logging functionality
- if [[ -n ${HPN_PATCH} ]] && use hpn ; then
- keepdir /var/empty/dev
- fi
-
- if ! use X509 && [[ -n ${LDAP_PATCH} ]] && use ldap ; then
- insinto /etc/openldap/schema/
- newins openssh-lpk_openldap.schema openssh-lpk.schema
- fi
-
- doman contrib/ssh-copy-id.1
- dodoc ChangeLog CREDITS OVERVIEW README* TODO sshd_config
-
- diropts -m 0700
- dodir /etc/skel/.ssh
-
- systemd_dounit "${FILESDIR}"/sshd.{service,socket}
- systemd_newunit "${FILESDIR}"/sshd_at.service '[email protected]'
-}
-
-src_test() {
- local t tests skipped failed passed shell
- tests="interop-tests compat-tests"
- skipped=""
- shell=$(egetshell ${UID})
- if [[ ${shell} == */nologin ]] || [[ ${shell} == */false ]] ; then
- elog "Running the full OpenSSH testsuite"
- elog "requires a usable shell for the 'portage'"
- elog "user, so we will run a subset only."
- skipped="${skipped} tests"
- else
- tests="${tests} tests"
- fi
- # It will also attempt to write to the homedir .ssh
- local sshhome=${T}/homedir
- mkdir -p "${sshhome}"/.ssh
- for t in ${tests} ; do
- # Some tests read from stdin ...
- HOMEDIR="${sshhome}" \
- emake -k -j1 ${t} </dev/null \
- && passed="${passed}${t} " \
- || failed="${failed}${t} "
- done
- einfo "Passed tests: ${passed}"
- ewarn "Skipped tests: ${skipped}"
- if [[ -n ${failed} ]] ; then
- ewarn "Failed tests: ${failed}"
- die "Some tests failed: ${failed}"
- else
- einfo "Failed tests: ${failed}"
- return 0
- fi
-}
-
-pkg_preinst() {
- enewgroup sshd 22
- enewuser sshd 22 -1 /var/empty sshd
-}
-
-pkg_postinst() {
- if has_version "<${CATEGORY}/${PN}-5.8_p1" ; then
- elog "Starting with openssh-5.8p1, the server will default to a
newer key"
- elog "algorithm (ECDSA). You are encouraged to manually update
your stored"
- elog "keys list as servers update theirs. See ssh-keyscan(1)
for more info."
- fi
- ewarn "Remember to merge your config files in /etc/ssh/ and then"
- ewarn "reload sshd: '/etc/init.d/sshd reload'."
- # This instruction is from the HPN webpage,
- # Used for the server logging functionality
- if [[ -n ${HPN_PATCH} ]] && use hpn ; then
- echo
- einfo "For the HPN server logging patch, you must ensure that"
- einfo "your syslog application also listens at
/var/empty/dev/log."
- fi
-}
diff --git a/net-misc/openssh/openssh-6.7_p1-r99.ebuild
b/net-misc/openssh/openssh-6.7_p1-r99.ebuild
index 7a3bfed..7edc50d 100644
--- a/net-misc/openssh/openssh-6.7_p1-r99.ebuild
+++ b/net-misc/openssh/openssh-6.7_p1-r99.ebuild
@@ -28,7 +28,7 @@ SRC_URI="mirror://openbsd/OpenSSH/portable/${PARCH}.tar.gz
LICENSE="BSD GPL-2"
SLOT="0"
-KEYWORDS="amd64 ~arm ~mips ~ppc ~x86"
+KEYWORDS="amd64 arm ~mips ppc x86"
IUSE="bindist ${HPN_PATCH:++}hpn kerberos kernel_linux ldap ldns libedit pam
+pie sctp selinux skey static X X509"
REQUIRED_USE="pie? ( !static )"
