[gentoo-commits] repo/gentoo:master commit in: net-misc/openssh/, net-misc/openssh/files/

[Sam James]

commit: 752ca84030b7d7572d95527395e91e711fe561bb
Author: Jordan R Abrahams-Whitehead  google  com>
AuthorDate: Tue Jan  2 23:03:40 2024 +
Commit: Sam James  gentoo  org>
CommitDate: Sat Jan 20 12:43:18 2024 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=752ca840

net-misc/openssh: Allow MAP_NORESERVE in sandbox seccomp filter maps

MAP_NORESERVE is used in certain memory patterns in Scudo
where we want to mmap chunks of memory without reserving swap space.
We use this to avoid hitting address space limits.

However, OpenSSH's client sandbox is quite restrictive on which MMAP
flags are allowed (understandably so), and it currently does not
allow MAP_NORESERVE to be used.

This commit allows us to call MAP_NORESERVE from the client sandbox
process.

Upstream patch submission:
https://lists.mindrot.org/pipermail/openssh-unix-dev/2023-December/041095.html

Signed-off-by: Jordan R Abrahams-Whitehead  google.com>
Closes: https://github.com/gentoo/gentoo/pull/34610
Signed-off-by: Sam James  gentoo.org>

 ..._NORESERVE-in-sandbox-seccomp-filter-maps.patch |  44 +++
 net-misc/openssh/openssh-9.6_p1-r2.ebuild  | 397 +
 2 files changed, 441 insertions(+)

diff --git 
a/net-misc/openssh/files/openssh-9.4_p1-Allow-MAP_NORESERVE-in-sandbox-seccomp-filter-maps.patch
 
b/net-misc/openssh/files/openssh-9.4_p1-Allow-MAP_NORESERVE-in-sandbox-seccomp-filter-maps.patch
new file mode 100644
index ..379a3981d7ea
--- /dev/null
+++ 
b/net-misc/openssh/files/openssh-9.4_p1-Allow-MAP_NORESERVE-in-sandbox-seccomp-filter-maps.patch
@@ -0,0 +1,44 @@
+From 45b491ce13fcf7dbc0b3bd6df986c9cf59190721 Mon Sep 17 00:00:00 2001
+From: Jordan R Abrahams-Whitehead 
+Date: Tue, 12 Dec 2023 22:54:02 +
+Subject: [PATCH] Allow MAP_NORESERVE in sandbox seccomp filter maps
+
+While debugging Scudo on ChromeOS, we found that the no reserve mode
+immediately crashed `sshd`. We tracked it down to the
+sandbox-seccomp-filter.
+
+Being able to mmap with MAP_NORESERVE is useful (if not necessary) for
+some overcommitting allocators.
+
+During mmap calls, the flag MAP_NORESERVE is used by some allocators
+such as LLVM's Scudo for layout optimisation. This causes the sandbox
+seccomp filter for the client subprocess to die with some Scudo
+configurations.
+
+Upstream patch submission:
+https://lists.mindrot.org/pipermail/openssh-unix-dev/2023-December/041095.html
+---
+ sandbox-seccomp-filter.c | 6 --
+ 1 file changed, 4 insertions(+), 2 deletions(-)
+
+diff --git a/sandbox-seccomp-filter.c b/sandbox-seccomp-filter.c
+index 23b40b643..a49c5ca99 100644
+--- a/sandbox-seccomp-filter.c
 b/sandbox-seccomp-filter.c
+@@ -190,9 +190,11 @@
+ 
+ #if defined(__NR_mmap) || defined(__NR_mmap2)
+ # ifdef MAP_FIXED_NOREPLACE
+-#  define SC_MMAP_FLAGS 
MAP_PRIVATE|MAP_ANONYMOUS|MAP_FIXED|MAP_FIXED_NOREPLACE
++#  define SC_MMAP_FLAGS MAP_PRIVATE|MAP_ANONYMOUS|MAP_FIXED \
++  |MAP_NORESERVE|MAP_FIXED_NOREPLACE
+ # else
+-#  define SC_MMAP_FLAGS MAP_PRIVATE|MAP_ANONYMOUS|MAP_FIXED
++#  define SC_MMAP_FLAGS MAP_PRIVATE|MAP_ANONYMOUS|MAP_FIXED \
++  |MAP_NORESERVE
+ # endif /* MAP_FIXED_NOREPLACE */
+ /* Use this for both __NR_mmap and __NR_mmap2 variants */
+ # define SC_MMAP(_nr) \
+-- 
+2.43.0.472.g3155946c3a-goog
+

diff --git a/net-misc/openssh/openssh-9.6_p1-r2.ebuild 
b/net-misc/openssh/openssh-9.6_p1-r2.ebuild
new file mode 100644
index ..dbbcd778f79e
--- /dev/null
+++ b/net-misc/openssh/openssh-9.6_p1-r2.ebuild
@@ -0,0 +1,397 @@
+# Copyright 1999-2024 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+VERIFY_SIG_OPENPGP_KEY_PATH=/usr/share/openpgp-keys/openssh.org.asc
+inherit user-info flag-o-matic autotools pam systemd toolchain-funcs verify-sig
+
+# Make it more portable between straight releases
+# and _p? releases.
+PARCH=${P/_}
+
+DESCRIPTION="Port of OpenBSD's free SSH release"
+HOMEPAGE="https://www.openssh.com/;
+SRC_URI="
+   mirror://openbsd/OpenSSH/portable/${PARCH}.tar.gz
+   verify-sig? ( mirror://openbsd/OpenSSH/portable/${PARCH}.tar.gz.asc )
+"
+S="${WORKDIR}/${PARCH}"
+
+LICENSE="BSD GPL-2"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 
~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~arm64-macos ~ppc-macos 
~x64-macos ~x64-solaris"
+# Probably want to drop ssl defaulting to on in a future version.
+IUSE="abi_mips_n32 audit debug kerberos ldns libedit livecd pam +pie 
security-key selinux +ssl static test X xmss"
+
+RESTRICT="!test? ( test )"
+
+REQUIRED_USE="
+   ldns? ( ssl )
+   pie? ( !static )
+   static? ( !kerberos !pam )
+   xmss? ( ssl  )
+   test? ( ssl )
+"
+
+# tests currently fail with XMSS
+REQUIRED_USE+="test? ( !xmss )"
+
+LIB_DEPEND="
+   audit? ( sys-process/audit[static-libs(+)] )
+   ldns? (
+   net-libs/ldns[static-libs(+)]
+   net-libs/ldns[ecdsa(+),ssl(+)]

[gentoo-commits] repo/gentoo:master commit in: net-misc/openssh/, net-misc/openssh/files/

[David Seifert]

commit: c0d5daf5c2e4b927127c6e92a78e870fa6ef5d61
Author: David Seifert  gentoo  org>
AuthorDate: Wed Jan  3 09:22:16 2024 +
Commit: David Seifert  gentoo  org>
CommitDate: Wed Jan  3 09:22:16 2024 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c0d5daf5

net-misc/openssh: drop 9.4_p1-r1, 9.5_p1-r2

Signed-off-by: David Seifert  gentoo.org>

 net-misc/openssh/Manifest  |   4 -
 .../openssh/files/openssh-9.3_p1-GSSAPI-dns.patch  | 345 ---
 .../openssh/files/openssh-9.3_p2-zlib-1.3.patch|  21 --
 net-misc/openssh/openssh-9.4_p1-r1.ebuild  | 380 -
 net-misc/openssh/openssh-9.5_p1-r2.ebuild  | 378 
 5 files changed, 1128 deletions(-)

diff --git a/net-misc/openssh/Manifest b/net-misc/openssh/Manifest
index a3404a654075..bbc5cf33ad57 100644
--- a/net-misc/openssh/Manifest
+++ b/net-misc/openssh/Manifest
@@ -1,6 +1,2 @@
-DIST openssh-9.4p1.tar.gz 1845094 BLAKE2B 
d13d758129cce947d3f12edb6e88406aad10de6887b19ffa3ebd8e382b742a05f2a692a8824aec99939f6c7e13fbccc3bb14e5ee112f9a9255d4882eb87dcf53
 SHA512 
0aaedeced7dbc70419c7245eb0e9db4ef570e0e7739b890ebae04d56da5fe8d147e8e150f3c943f60730976569e3ac6cc8da62ec7e2a78e2ef47d295ca0b1d25
-DIST openssh-9.4p1.tar.gz.asc 833 BLAKE2B 
95eedd9356766e5d0ea1261da3dc4c7869f054b418c626fb35815a0aa655b1ddbf54436b437d98c4344b05c9196c8fa1f592eac07b3ccf08bd3e980f8b6955af
 SHA512 
983b4ebaa3b98e70831ce686cb503270926c065163a2510eef0c5102ef50b6e665b889ee15ea8c0bd7c4bbddb19270f036e1d554a8212ef2c292f9c682c8631a
-DIST openssh-9.5p1.tar.gz 1843001 BLAKE2B 
55dbb0a2792b0046c943a19ca090e6e378e77856e94823a1bbbafaa0da94357403765c4c028aebf6543049a0f9bbe0019629be3f92cdadfac1be56def796
 SHA512 
e183fdf7477fd986215b889eea4a945d71385e35305746ccb164e757ecc28166f429c70890a237d8ef4cdcae5132935ba2ecb3b2a658eb73a6afcf6f42277b9c
-DIST openssh-9.5p1.tar.gz.asc 833 BLAKE2B 
abec3d14d9a880008db202be00ed446ccc0a98ce77c16a9e6d6492feac07c8f3284f9cd24f6ee1d904a55f9f23d5cce8a716916975c179a38ef6bde1d36e0acf
 SHA512 
2b6de653420ba02eb99c7e6fba09af3bacfe9c701f3dfc3c94f41a3539c0414954fc5c64cce63c488c5ccd5d4ddb42d3f2184ff7f323342c885c47bf7d426ca1
 DIST openssh-9.6p1.tar.gz 1857862 BLAKE2B 
dd7f6747fe89f7b386be4faaf7fc43398a9bf439e45608ae61c2126cf8743c64ef7b5af45c75e9007b0bda525f8809261ca0f2fc47ce60177ba769a5324719dd
 SHA512 
0ebf81e39914c3a90da001ec7376a94b37e6024baf3e972c58f0982b7ddef942315f5e01d56c00ff95603b4a20ee561ab918ecc55511df007ac138160509
 DIST openssh-9.6p1.tar.gz.asc 833 BLAKE2B 
9363d02f85457aa90069020827306a2f49d8406e32f5ee1d231844648dd2ffa02fa9b7325b8677a11e46a0ba0d9ffc86d9c989435d691a02f5354a956c49f9f9
 SHA512 
aec5a5bd6ce480a8e5b5879dc55f8186aec90fe61f085aa92ad7d07f324574aa781be09c83b7443a32848d091fd44fb12c1842d49cee77afc351e550ffcc096d

diff --git a/net-misc/openssh/files/openssh-9.3_p1-GSSAPI-dns.patch 
b/net-misc/openssh/files/openssh-9.3_p1-GSSAPI-dns.patch
deleted file mode 100644
index cbc0ec2d9c2d..
--- a/net-misc/openssh/files/openssh-9.3_p1-GSSAPI-dns.patch
+++ /dev/null
@@ -1,345 +0,0 @@
 a/auth.c
-+++ b/auth.c
-@@ -637,118 +637,6 @@
-   return ();
- }
- 
--/*
-- * Returns the remote DNS hostname as a string. The returned string must not
-- * be freed. NB. this will usually trigger a DNS query the first time it is
-- * called.
-- * This function does additional checks on the hostname to mitigate some
-- * attacks on based on conflation of hostnames and IP addresses.
-- */
--
--static char *
--remote_hostname(struct ssh *ssh)
--{
--  struct sockaddr_storage from;
--  socklen_t fromlen;
--  struct addrinfo hints, *ai, *aitop;
--  char name[NI_MAXHOST], ntop2[NI_MAXHOST];
--  const char *ntop = ssh_remote_ipaddr(ssh);
--
--  /* Get IP address of client. */
--  fromlen = sizeof(from);
--  memset(, 0, sizeof(from));
--  if (getpeername(ssh_packet_get_connection_in(ssh),
--  (struct sockaddr *), ) == -1) {
--  debug("getpeername failed: %.100s", strerror(errno));
--  return xstrdup(ntop);
--  }
--
--  ipv64_normalise_mapped(, );
--  if (from.ss_family == AF_INET6)
--  fromlen = sizeof(struct sockaddr_in6);
--
--  debug3("Trying to reverse map address %.100s.", ntop);
--  /* Map the IP address to a host name. */
--  if (getnameinfo((struct sockaddr *), fromlen, name, sizeof(name),
--  NULL, 0, NI_NAMEREQD) != 0) {
--  /* Host name not found.  Use ip address. */
--  return xstrdup(ntop);
--  }
--
--  /*
--   * if reverse lookup result looks like a numeric hostname,
--   * someone is trying to trick us by PTR record like following:
--   *  1.1.1.10.in-addr.arpa.  IN PTR  2.3.4.5
--   */
--  memset(, 0, sizeof(hints));
--  hints.ai_socktype = SOCK_DGRAM; /*dummy*/
--  hints.ai_flags = AI_NUMERICHOST;
--  if (getaddrinfo(name, NULL, , ) == 0) {
--  

[gentoo-commits] repo/gentoo:master commit in: net-misc/openssh/, net-misc/openssh/files/

[David Seifert]

commit: 825665409b7873b60a8766f929c412225196c319
Author: David Seifert  gentoo  org>
AuthorDate: Fri May 12 11:54:21 2023 +
Commit: David Seifert  gentoo  org>
CommitDate: Fri May 12 11:54:21 2023 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=82566540

net-misc/openssh: remove redundant patch

* All the patches files already include stdlib.h

Signed-off-by: David Seifert  gentoo.org>

 .../files/openssh-9.3_p1-include-stdlib.patch  | 40 --
 net-misc/openssh/openssh-9.3_p1-r1.ebuild  |  1 -
 2 files changed, 41 deletions(-)

diff --git a/net-misc/openssh/files/openssh-9.3_p1-include-stdlib.patch 
b/net-misc/openssh/files/openssh-9.3_p1-include-stdlib.patch
deleted file mode 100644
index 7925234621e2..
--- a/net-misc/openssh/files/openssh-9.3_p1-include-stdlib.patch
+++ /dev/null
@@ -1,40 +0,0 @@
 a/auth-options.c
-+++ b/auth-options.c
-@@ -27,6 +27,7 @@
- #include 
- #include 
- #include 
-+#include 
- 
- #include "openbsd-compat/sys-queue.h"
- 
 a/hmac.c
-+++ b/hmac.c
-@@ -21,6 +21,7 @@
- 
- #include 
- #include 
-+#include 
- 
- #include "sshbuf.h"
- #include "digest.h"
 a/krl.c
-+++ b/krl.c
-@@ -29,6 +29,7 @@
- #include 
- #include 
- #include 
-+#include 
- 
- #include "sshbuf.h"
- #include "ssherr.h"
 a/mac.c
-+++ b/mac.c
-@@ -30,6 +30,7 @@
- #include 
- #include 
- #include 
-+#include 
- 
- #include "digest.h"
- #include "hmac.h"

diff --git a/net-misc/openssh/openssh-9.3_p1-r1.ebuild 
b/net-misc/openssh/openssh-9.3_p1-r1.ebuild
index a7481ca4a40d..35401b2679a7 100644
--- a/net-misc/openssh/openssh-9.3_p1-r1.ebuild
+++ b/net-misc/openssh/openssh-9.3_p1-r1.ebuild
@@ -81,7 +81,6 @@ BDEPEND="
 "
 
 PATCHES=(
-   "${FILESDIR}/${PN}-9.3_p1-include-stdlib.patch"
"${FILESDIR}/${PN}-9.3_p1-GSSAPI-dns.patch" #165444 integrated into 
gsskex
"${FILESDIR}/${PN}-9.3_p1-openssl-ignore-status.patch"
"${FILESDIR}/${PN}-9.3_p1-disable-conch-interop-tests.patch"

[gentoo-commits] repo/gentoo:master commit in: net-misc/openssh/, net-misc/openssh/files/

[David Seifert]

commit: ccfc91d36287732d0e7534c2f5e99000616fbb11
Author: David Seifert  gentoo  org>
AuthorDate: Fri May 12 11:00:35 2023 +
Commit: David Seifert  gentoo  org>
CommitDate: Fri May 12 11:00:35 2023 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=ccfc91d3

net-misc/openssh: rebase patches

Signed-off-by: David Seifert  gentoo.org>

 .../files/openssh-8.9_p1-allow-ppoll_time64.patch  | 14 -
 ...I-dns.patch => openssh-9.3_p1-GSSAPI-dns.patch} | 34 +++---
 ...mget-shmat-shmdt-in-preauth-privsep-child.patch |  2 --
 ...enssh-9.3_p1-disable-conch-interop-tests.patch} |  0
 patch => openssh-9.3_p1-fix-putty-tests.patch} |  8 ++---
 ... => openssh-9.3_p1-gss-use-HOST_NAME_MAX.patch} |  2 --
 ...b.patch => openssh-9.3_p1-include-stdlib.patch} | 20 -
 ... => openssh-9.3_p1-openssl-ignore-status.patch} |  0
 net-misc/openssh/openssh-9.3_p1-r1.ebuild  | 13 -
 9 files changed, 27 insertions(+), 66 deletions(-)

diff --git a/net-misc/openssh/files/openssh-8.9_p1-allow-ppoll_time64.patch 
b/net-misc/openssh/files/openssh-8.9_p1-allow-ppoll_time64.patch
deleted file mode 100644
index 8c46625aa29c..
--- a/net-misc/openssh/files/openssh-8.9_p1-allow-ppoll_time64.patch
+++ /dev/null
@@ -1,14 +0,0 @@
-diff --git a/sandbox-seccomp-filter.c b/sandbox-seccomp-filter.c
-index 2e065ba3..4ce80cb2 100644
 a/sandbox-seccomp-filter.c
-+++ b/sandbox-seccomp-filter.c
-@@ -276,6 +276,9 @@ static const struct sock_filter preauth_insns[] = {
- #ifdef __NR_ppoll
-   SC_ALLOW(__NR_ppoll),
- #endif
-+#ifdef __NR_ppoll_time64
-+  SC_ALLOW(__NR_ppoll_time64),
-+#endif
- #ifdef __NR_poll
-   SC_ALLOW(__NR_poll),
- #endif

diff --git a/net-misc/openssh/files/openssh-8.7_p1-GSSAPI-dns.patch 
b/net-misc/openssh/files/openssh-9.3_p1-GSSAPI-dns.patch
similarity index 92%
rename from net-misc/openssh/files/openssh-8.7_p1-GSSAPI-dns.patch
rename to net-misc/openssh/files/openssh-9.3_p1-GSSAPI-dns.patch
index ffc40b70ae3d..cbc0ec2d9c2d 100644
--- a/net-misc/openssh/files/openssh-8.7_p1-GSSAPI-dns.patch
+++ b/net-misc/openssh/files/openssh-9.3_p1-GSSAPI-dns.patch
@@ -1,8 +1,6 @@
-diff --git a/auth.c b/auth.c
-index 00b168b4..8ee93581 100644
 --- a/auth.c
 +++ b/auth.c
-@@ -729,118 +729,6 @@ fakepw(void)
+@@ -637,118 +637,6 @@
return ();
  }
  
@@ -121,11 +119,9 @@ index 00b168b4..8ee93581 100644
  /* These functions link key/cert options to the auth framework */
  
  /* Log sshauthopt options locally and (optionally) for remote transmission */
-diff --git a/canohost.c b/canohost.c
-index a810da0e..18e9d8d4 100644
 --- a/canohost.c
 +++ b/canohost.c
-@@ -202,3 +202,117 @@ get_local_port(int sock)
+@@ -205,3 +205,117 @@
  {
return get_sock_port(sock, 1);
  }
@@ -243,11 +239,9 @@ index a810da0e..18e9d8d4 100644
 +  return dnsname;
 +  }
 +}
-diff --git a/readconf.c b/readconf.c
-index 03369a08..b45898ce 100644
 --- a/readconf.c
 +++ b/readconf.c
-@@ -161,6 +161,7 @@ typedef enum {
+@@ -160,6 +160,7 @@
oClearAllForwardings, oNoHostAuthenticationForLocalhost,
oEnableSSHKeysign, oRekeyLimit, oVerifyHostKeyDNS, oConnectTimeout,
oAddressFamily, oGssAuthentication, oGssDelegateCreds,
@@ -255,7 +249,7 @@ index 03369a08..b45898ce 100644
oServerAliveInterval, oServerAliveCountMax, oIdentitiesOnly,
oSendEnv, oSetEnv, oControlPath, oControlMaster, oControlPersist,
oHashKnownHosts,
-@@ -207,9 +208,11 @@ static struct {
+@@ -207,9 +208,11 @@
  #if defined(GSSAPI)
{ "gssapiauthentication", oGssAuthentication },
{ "gssapidelegatecredentials", oGssDelegateCreds },
@@ -267,7 +261,7 @@ index 03369a08..b45898ce 100644
  #endif
  #ifdef ENABLE_PKCS11
{ "pkcs11provider", oPKCS11Provider },
-@@ -1117,6 +1120,10 @@ parse_time:
+@@ -1125,6 +1128,10 @@
intptr = >gss_deleg_creds;
goto parse_flag;
  
@@ -278,7 +272,7 @@ index 03369a08..b45898ce 100644
case oBatchMode:
intptr = >batch_mode;
goto parse_flag;
-@@ -2307,6 +2314,7 @@ initialize_options(Options * options)
+@@ -2341,6 +2348,7 @@
options->pubkey_authentication = -1;
options->gss_authentication = -1;
options->gss_deleg_creds = -1;
@@ -286,7 +280,7 @@ index 03369a08..b45898ce 100644
options->password_authentication = -1;
options->kbd_interactive_authentication = -1;
options->kbd_interactive_devices = NULL;
-@@ -2465,6 +2473,8 @@ fill_default_options(Options * options)
+@@ -2501,6 +2509,8 @@
options->gss_authentication = 0;
if (options->gss_deleg_creds == -1)
options->gss_deleg_creds = 0;
@@ -295,11 +289,9 @@ index 03369a08..b45898ce 100644
if (options->password_authentication == -1)
options->password_authentication = 1;
if (options->kbd_interactive_authentication == -1)
-diff --git a/readconf.h b/readconf.h
-index 

[gentoo-commits] repo/gentoo:master commit in: net-misc/openssh/, net-misc/openssh/files/

[Sam James]

commit: d98d3e95b9bd0a5d29463710ece356005e70cb93
Author: Sam James  gentoo  org>
AuthorDate: Thu Mar 23 05:59:32 2023 +
Commit: Sam James  gentoo  org>
CommitDate: Thu Mar 23 05:59:59 2023 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d98d3e95

net-misc/openssh: drop 9.1_p1-r3, 9.2_p1-r3

Bug: https://bugs.gentoo.org/892936
Signed-off-by: Sam James  gentoo.org>

 net-misc/openssh/Manifest  |   9 -
 ...enssh-9.1_p2-openssl-version-compat-check.patch |  42 --
 net-misc/openssh/openssh-9.1_p1-r3.ebuild  | 523 -
 net-misc/openssh/openssh-9.2_p1-r3.ebuild  | 518 
 4 files changed, 1092 deletions(-)

diff --git a/net-misc/openssh/Manifest b/net-misc/openssh/Manifest
index 1feba2f14167..5bde55aac9be 100644
--- a/net-misc/openssh/Manifest
+++ b/net-misc/openssh/Manifest
@@ -1,15 +1,6 @@
 DIST openssh-8_5_P1-hpn-AES-CTR-15.2.diff 30096 BLAKE2B 
f0c020dd2403806c79d4c37a019996d275655b04997301e247f5c4dd7fad35d12b3b7c25afb1b078d915ef2a4ae02f736f0aec9ba2a8c56a405d7ca303bcadf7
 SHA512 
4c2dbf99a9b5953fdb955f700272bbaeaa025f108a8860d2190197962b849f8385327af82c4d6a3a130a7fba35a74a8ec9437d642867601acb29817c49632a8f
 DIST openssh-8_5_P1-hpn-DynWinNoneSwitch-15.2.diff 51428 BLAKE2B 
370b88a7da7f148bf5a4d445f05cf593b486e9df53bba027e2e179726f534b68cf9d94edd6e53024e0b6ff5f20e568727bc9d26c94d0d415603602a80d3ad241
 SHA512 
2d8d887901164b33b2799ff3ec72e86a39ae4a1696e52bcee0872dbae7772fcc534351e6e7f87126ee71b164c74e9091350f14b782f4b242a09f09b4f50d047a
 DIST openssh-8_5_P1-hpn-PeakTput-15.2.diff 2429 BLAKE2B 
849bf3c313719ab7a25c75e82d5dc5ac98365a038b2a66fe58d01eae5b20c258b94b5830e799d6909e75c69753cda05a910f3bdab9606fb7d5efa68e05f1
 SHA512 
c4a56fab55fabd1d902d45f235b603708d43f969920e45c9a57e557dccfa9cade2ec61f26d1ace938f6f73e79f17b12f119b5aea9166cbda8e3435b910500914
-DIST openssh-9.1_p1-X509-glue-14.0.1.patch.xz 1096 BLAKE2B 
cf5568982c9b2b69ee9f99f3e80459aed7b89f1350362e550ae8db3e5eee4a6d2e07879f962262a05c9745d39f34a3ae83792595c61f0ac287226ee9e0ec2a1b
 SHA512 
18c65c97cc8c436fa8e28c0ad9f0a3874f1fb745d75e0bfb76c180bc148ae14a5f6cc5c2b2fa7261d76a8e1234f28fe869bd7f64ed282bf39c88cc3f20932be5
-DIST openssh-9.1_p1-getentropy.patch 2818 BLAKE2B 
883cd035ec4aee7df9951d7da11bec5a8b9645c7e9225495bb8c86e7e07e89d7c989d32d4db7c46118e20a045e1a07c1bbf98726a69a41351968ce4b04b6779e
 SHA512 
5153a97116e0eed9d7d238478304991737ebb837e7253dd931390bfe287398760ef5134a801825e66d95dd9daf95ed9145a260e23b459b721bc27e628da1a6c0
-DIST openssh-9.1_p1-hpn-15.2-X509-14.0.1-glue.patch.xz 5536 BLAKE2B 
4629e62287f2bc36fe1eb830e4c47c5482e36650c1e725978e150e4f2a233d58b5bd1286024bdbef4d05586bb3e5d13c51fbd191dfe7429fdb06a278c564a777
 SHA512 
03467605b57ab3fb7ef2a9be175cf3708fa92234f3f0abfa74ea371c9ee90f2c01a3311022e282823c7bb67249d65aabf89f1574b917dc798c51847e57b0e33f
-DIST openssh-9.1_p1-hpn-15.2-glue.patch.xz 3840 BLAKE2B 
06fb14d8c6f52f1c6fae7971fc4da810c814d7b52063f8cc7e83356baa7ed70c84476c1d1cc896eba6d0d51813dc994e3c82278e66c04998431c8123a09fe7df
 SHA512 
99c88c08fb384336a9680629bc04a89121780d64ee8b03ac164c4e446cc30b865004292e98516b6f857bd75e1b4393291427c046ffcabc1578629e6075636cbf
-DIST openssh-9.1_p1-sandbox-writev.patch 819 BLAKE2B 
c2e4d507540e704b241ab9fb2c63774a2a5031879a746fcb65405f91ff8434ca1877509a5e87484dffc4b9d52da9d7f3b8e177cbbd75d9c632785ba269c3f86a
 SHA512 
ce491ad3ee02a9f455fdd7ab5cbf16d286f439205d557deb4ef3b9d7e092ef5e9b98e682bdc0e65804ee557581133353116d508c60b0ba4a18e2cdcd3aed6bf1
-DIST openssh-9.1p1+x509-14.0.1.diff.gz 1236304 BLAKE2B 
389e652a7cca4d7322d784e516a9454b0c6cb540a64aa47c0b14ac80bd9ad5aa7aa72a00dbc9024aa7c1186b19f2c62f179b8a6463085dd1bdde15fd44e451e5
 SHA512 
da754497f3f7d173b273f710dab2e7dbc5bf5257c95e661687ff4dd6b5e1c696ac031785850d9a9eb5669f728cbe4fe26d256a7cbd6f137ecadaf38f153770d1
-DIST openssh-9.1p1-sctp-1.2.patch.xz 6772 BLAKE2B 
8393c1ca5f0df7e4d490cef5c38d50d45da83a9c3f650e9af15d95825f9e682a6aaf6a0e85fc1704d41d6567aec8f0b34e43b20652e0141008ccdbe91426dfac
 SHA512 
6750394d0fb7b7f93a0e4f94204e53277cc341c5b2427130559e443557dbb95f2e85a71cfe8d40cfa17dd015b0f3880f79a1f868374e60e94e8385c9b45acec5
-DIST openssh-9.1p1.tar.gz 1838747 BLAKE2B 
287b6b1cc4858b27af88f4a4674670afff1fb5b99461892083393c53ef3747c5a0fcd90cba95d2c27465a919e00f7f42732c93af4f306665ba0393bbb7a534f5
 SHA512 
a1f02c407f6b621b1d0817d1a0c9a6839b67e416c84f3b76c63003b119035b24c19a1564b22691d1152e1d2d55f4dc7eb1af2d2318751e431a99c4efa77edc70
-DIST openssh-9.1p1.tar.gz.asc 833 BLAKE2B 
83efe3c705f6a02c25a9fc9bac2a4efd77470598d9e0fcb86dff2d265c58cffec1afecad3621769b2bd78ac25884f0ee20ae9b311e895db93e3bb552dffd6e74
 SHA512 
47dc7295f9694250bcbb86d7ca0830a47da4f3df7795bb05ebaf1590284ccce5317022c536bea1b09bd2fa4d8013295cc0de287ebe3f9dc605582077e9f11ddd
 DIST openssh-9.2_p1-X509-glue-14.1.patch.xz 900 BLAKE2B 
1cfde24cdd636390bcd9b546da182b0848d637c366ff387f045e8d9158e94ff9577c0dff9d87a552208a56aac4ae8319bb17fd772719a7aa2cbc8baf2bfe59fc
 SHA512 

[gentoo-commits] repo/gentoo:master commit in: net-misc/openssh/, net-misc/openssh/files/

[Mike Gilbert]

commit: f0469c1f161335aad3997e34f9cef0af0436a502
Author: Matt Jolly  footclan  ninja>
AuthorDate: Thu Feb  2 05:44:07 2023 +
Commit: Mike Gilbert  gentoo  org>
CommitDate: Sun Feb  5 00:10:07 2023 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=f0469c1f

net-misc/openssh: update systemd units

- Systemd unit file now sets:
  + OOMPolicy=continue
  + Restart=on-failure
  + RestartSec=42s
- Removed `After=syslog.target` from sshd unit files
- Remove obsolete substitutions

Closes: https://bugs.gentoo.org/892784
Closes: https://github.com/gentoo/gentoo/pull/29386
Signed-off-by: Matt Jolly  footclan.ninja>
Signed-off-by: Mike Gilbert  gentoo.org>

 net-misc/openssh/files/sshd.service.1   | 15 +++
 net-misc/openssh/files/sshd_at.service.1|  8 
 ...enssh-9.2_p1.ebuild => openssh-9.2_p1-r1.ebuild} | 21 -
 3 files changed, 35 insertions(+), 9 deletions(-)

diff --git a/net-misc/openssh/files/sshd.service.1 
b/net-misc/openssh/files/sshd.service.1
new file mode 100644
index ..a541164cd7f2
--- /dev/null
+++ b/net-misc/openssh/files/sshd.service.1
@@ -0,0 +1,15 @@
+[Unit]
+Description=OpenSSH server daemon
+After=network.target auditd.service
+
+[Service]
+ExecStartPre=/usr/bin/ssh-keygen -A
+ExecStart=/usr/sbin/sshd -D -e
+ExecReload=/bin/kill -HUP $MAINPID
+KillMode=process
+OOMPolicy=continue
+Restart=on-failure
+RestartSec=42s
+
+[Install]
+WantedBy=multi-user.target

diff --git a/net-misc/openssh/files/sshd_at.service.1 
b/net-misc/openssh/files/sshd_at.service.1
new file mode 100644
index ..e43a457994f4
--- /dev/null
+++ b/net-misc/openssh/files/sshd_at.service.1
@@ -0,0 +1,8 @@
+[Unit]
+Description=OpenSSH per-connection server daemon
+After=auditd.service
+
+[Service]
+ExecStart=-/usr/sbin/sshd -i -e
+StandardInput=socket
+StandardError=journal

diff --git a/net-misc/openssh/openssh-9.2_p1.ebuild 
b/net-misc/openssh/openssh-9.2_p1-r1.ebuild
similarity index 95%
rename from net-misc/openssh/openssh-9.2_p1.ebuild
rename to net-misc/openssh/openssh-9.2_p1-r1.ebuild
index 9fa1599bd620..8a348bd91862 100644
--- a/net-misc/openssh/openssh-9.2_p1.ebuild
+++ b/net-misc/openssh/openssh-9.2_p1-r1.ebuild
@@ -1,7 +1,7 @@
 # Copyright 1999-2023 Gentoo Authors
 # Distributed under the terms of the GNU General Public License v2
 
-EAPI=7
+EAPI=8
 
 inherit user-info flag-o-matic autotools pam systemd toolchain-funcs verify-sig
 
@@ -269,10 +269,6 @@ src_prepare() {
"${S}"/version.h || die "Failed to patch SSH_RELEASE 
(version.h)"
fi
 
-   sed -i \
-   -e "/#UseLogin no/d" \
-   "${S}"/sshd_config || die "Failed to remove removed UseLogin 
option (sshd_config)"
-
eapply_user #473004
 
# These tests are currently incompatible with PORTAGE_TMPDIR/sandbox
@@ -282,8 +278,6 @@ src_prepare() {
tc-export PKG_CONFIG
local sed_args=(
-e "s:-lcrypto:$(${PKG_CONFIG} --libs openssl):"
-   # Disable PATH reset, trust what portage gives us #254615
-   -e 's:^PATH=/:#PATH=/:'
# Disable fortify flags ... our gcc does this for us
-e 's:-D_FORTIFY_SOURCE=2::'
)
@@ -443,8 +437,9 @@ src_install() {
dodir /etc/skel/.ssh
rmdir "${ED}"/var/empty || die
 
-   systemd_dounit "${FILESDIR}"/sshd.{service,socket}
-   systemd_newunit "${FILESDIR}"/sshd_at.service 'sshd@.service'
+   systemd_dounit "${FILESDIR}"/sshd.socket
+   systemd_newunit "${FILESDIR}"/sshd.service.1 sshd.service
+   systemd_newunit "${FILESDIR}"/sshd_at.service.1 'sshd@.service'
 }
 
 pkg_preinst() {
@@ -492,6 +487,14 @@ pkg_postinst() {
ewarn "will not be able to establish new sessions. 
Restarting sshd over a ssh"
ewarn "connection is generally safe."
fi
+   if ver_test "${old_ver}" -lt "9.2_p1-r1" && systemd_is_booted; 
then
+   ewarn "From openssh-9.2_p1-r1 the supplied systemd unit 
file defaults to"
+   ewarn "'Restart=on-failure', which causes the service 
to automatically restart if it"
+   ewarn "terminates with an unclean exit code or signal. 
This feature is useful for most users,"
+   ewarn "but it can increase the vulnerability of the 
system in the event of a future exploit."
+   ewarn "If you have a web-facing setup or are concerned 
about security, it is recommended to"
+   ewarn "set 'Restart=no' in your sshd unit file."
+   fi
done
 
if [[ -n ${show_ssl_warning} ]]; then

[gentoo-commits] repo/gentoo:master commit in: net-misc/openssh/, net-misc/openssh/files/

[Sam James]

commit: 73082f16971e673dbb742df81524d8036a1ba7d0
Author: Sam James  gentoo  org>
AuthorDate: Thu Sep  8 01:54:40 2022 +
Commit: Sam James  gentoo  org>
CommitDate: Thu Sep  8 01:54:50 2022 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=73082f16

net-misc/openssh: fix implicit function declarations

Unlike normal missing includes, implicit function declaration
fixes require a revbump as they can affect code generation.

Signed-off-by: Sam James  gentoo.org>

 ...enssh-9.0_p1-implicit-func-decl-vsnprintf.patch |  32 ++
 net-misc/openssh/openssh-9.0_p1-r3.ebuild  | 486 +
 2 files changed, 518 insertions(+)

diff --git 
a/net-misc/openssh/files/openssh-9.0_p1-implicit-func-decl-vsnprintf.patch 
b/net-misc/openssh/files/openssh-9.0_p1-implicit-func-decl-vsnprintf.patch
new file mode 100644
index ..c3a464eb3fe8
--- /dev/null
+++ b/net-misc/openssh/files/openssh-9.0_p1-implicit-func-decl-vsnprintf.patch
@@ -0,0 +1,32 @@
+https://github.com/openssh/openssh-portable/pull/339
+
+From a15d08a25f1ccc3ee803dfe790cc1f608651464c Mon Sep 17 00:00:00 2001
+From: Sam James 
+Date: Thu, 8 Sep 2022 02:49:29 +0100
+Subject: [PATCH] openbsd-compat/bsd-asprintf: add  include for
+ vsnprintf
+
+Fixes the following build failure with Clang 15 on musl:
+```
+bsd-asprintf.c:51:8: error: call to undeclared library function 'vsnprintf' 
with type 'int (char *, unsigned long, const char *, struct __va_list_tag *)'; 
ISO C99 and laterclang -O2 -pipe -fdiagnostics-color=always 
-frecord-gcc-switches -pipe -Wunknown-warning-option -Qunused-arguments -Wall 
-Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security 
-Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result 
-Wmisleading-indentation -Wbitwise-instead-of-logical -fno-strict-aliasing 
-mretpoline  -ftrapv -fzero-call-used-regs=all -fno-builtin-memset 
-fstack-protector-strong -fPIE   -I. -I.  -D_XOPEN_SOURCE=600 -D_BSD_SOURCE 
-D_DEFAULT_SOURCE -DSSHDIR=\"/etc/ssh\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" 
-D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/lib/misc/ssh-askpass\" 
-D_PATH_SFTP_SERVER=\"/usr/lib/misc/sftp-server\" 
-D_PATH_SSH_KEY_SIGN=\"/usr/lib/misc/ssh-keysign\" 
-D_PATH_SSH_PKCS11_HELPER=\"/usr/lib/misc/ssh-pkcs11-helper\" 
-D_PATH_SSH_SK_HELPER=\"/usr/lib/misc/ssh-sk-helper\" -D_PA
 TH_SSH_PIDDIR=\"/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" 
-DHAVE_CONFIG_H -c cipher-aes.c -o cipher-aes.o
+ do not support
+  implicit function declarations [-Wimplicit-function-declaration]
+ret = vsnprintf(string, INIT_SZ, fmt, ap2);
+  ^
+bsd-asprintf.c:51:8: note: include the header  or explicitly provide 
a declaration for 'vsnprintf'
+1 error generated.
+```
+
+See also: 
https://lists.mindrot.org/pipermail/openssh-unix-dev/2019-June/037811.html
+See also: 73eb6cef41daba0359c1888e4756108d41b4e819
+--- a/openbsd-compat/bsd-asprintf.c
 b/openbsd-compat/bsd-asprintf.c
+@@ -32,6 +32,7 @@
+ 
+ #include 
+ #include 
++#include 
+ #include 
+ 
+ #define INIT_SZ   128
+

diff --git a/net-misc/openssh/openssh-9.0_p1-r3.ebuild 
b/net-misc/openssh/openssh-9.0_p1-r3.ebuild
new file mode 100644
index ..fb65bd3d8b54
--- /dev/null
+++ b/net-misc/openssh/openssh-9.0_p1-r3.ebuild
@@ -0,0 +1,486 @@
+# Copyright 1999-2022 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+
+inherit user-info flag-o-matic autotools pam systemd toolchain-funcs verify-sig
+
+# Make it more portable between straight releases
+# and _p? releases.
+PARCH=${P/_}
+
+# PV to USE for HPN patches
+#HPN_PV="${PV^^}"
+HPN_PV="8.5_P1"
+
+HPN_VER="15.2"
+HPN_PATCHES=(
+   ${PN}-${HPN_PV/./_}-hpn-DynWinNoneSwitch-${HPN_VER}.diff
+   ${PN}-${HPN_PV/./_}-hpn-AES-CTR-${HPN_VER}.diff
+   ${PN}-${HPN_PV/./_}-hpn-PeakTput-${HPN_VER}.diff
+)
+
+SCTP_VER="1.2"
+SCTP_PATCH="${PARCH}-sctp-${SCTP_VER}.patch.xz"
+X509_VER="13.4.1"
+X509_PATCH="${PARCH}+x509-${X509_VER}.diff.gz"
+
+DESCRIPTION="Port of OpenBSD's free SSH release"
+HOMEPAGE="https://www.openssh.com/;
+SRC_URI="mirror://openbsd/OpenSSH/portable/${PARCH}.tar.gz
+   ${SCTP_PATCH:+sctp? ( 
https://dev.gentoo.org/~chutzpah/dist/openssh/${SCTP_PATCH} )}
+   ${HPN_VER:+hpn? ( $(printf 
"mirror://sourceforge/project/hpnssh/Patches/HPN-SSH%%20${HPN_VER/./v}%%20${HPN_PV/_P/p}/%s\n"
 "${HPN_PATCHES[@]}") )}
+   ${X509_PATCH:+X509? ( 
https://roumenpetrov.info/openssh/x509-${X509_VER}/${X509_PATCH} )}
+   verify-sig? ( mirror://openbsd/OpenSSH/portable/${PARCH}.tar.gz.asc )
+"
+VERIFY_SIG_OPENPGP_KEY_PATH=${BROOT}/usr/share/openpgp-keys/openssh.org.asc
+S="${WORKDIR}/${PARCH}"
+
+LICENSE="BSD GPL-2"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 
~riscv ~s390 ~sparc ~x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos 
~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
+# Probably want to drop ssl defaulting to on in a future 

[gentoo-commits] repo/gentoo:master commit in: net-misc/openssh/, net-misc/openssh/files/

[Patrick McLean]

commit: 278ae0bb7097451190515c02794b96f7d253fcc0
Author: Patrick McLean  gentoo  org>
AuthorDate: Fri Feb 25 05:57:55 2022 +
Commit: Patrick McLean  gentoo  org>
CommitDate: Fri Feb 25 05:58:21 2022 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=278ae0bb

net-misc/openssh: Version bump to 8.9_p1

Package-Manager: Portage-3.0.30, Repoman-3.0.3
Signed-off-by: Patrick McLean  gentoo.org>

 net-misc/openssh/Manifest  |   3 +
 .../files/openssh-8.9_p1-X509-glue-13.3.patch  |  63 +++
 .../files/openssh-8.9_p1-hpn-15.2-X509-glue.patch  | 431 ++
 .../files/openssh-8.9_p1-hpn-15.2-glue.patch   | 238 ++
 net-misc/openssh/openssh-8.9_p1.ebuild | 480 +
 5 files changed, 1215 insertions(+)

diff --git a/net-misc/openssh/Manifest b/net-misc/openssh/Manifest
index 883f7ee765bf..799f15e8b2a8 100644
--- a/net-misc/openssh/Manifest
+++ b/net-misc/openssh/Manifest
@@ -1,6 +1,9 @@
 DIST openssh-8.8p1+x509-13.2.3.diff.gz 1071138 BLAKE2B 
dfbe53ccfdfe0a3da9bac927c5bb0ccfeb20f1ba69cef2ffb52999e6f6b0a3282e28a888aab40096fe9eed819f4c9b27592a8771d786580b8fa4f507f6b02557
 SHA512 
e55e9cdcde1b02b2799600083db8c3b85d207b251b99b4efabe8614bedf1daae28e5ed10cbe1f6a2e5ba766fe1eaf41be9e90fefdaae1352808c504fc0f4e7e6
 DIST openssh-8.8p1-sctp-1.2.patch.xz 6744 BLAKE2B 
9f99e0abfbfbda2cc1c7c2a465d044c900da862e5a38f01260f388ac089b2e66c5ea7664d71d18b924552ae177e5893cdcbfbccc20eeb3aaeae00b3d552379e3
 SHA512 
5290c5ef08a418dcc9260812d8e75ce266e22e2258514f11da6fb178e0ae2ef16046523f72a50f74ae7b98e7eb52d16143befc8ce2919041382d314aa05adda0
 DIST openssh-8.8p1.tar.gz 1815060 BLAKE2B 
3a054ce19781aceca5ab1a0839d7435d88aff4481e8c74b91ffd2046dc8b6f03d6bf584ecda066c0496acf43cea9ab4085f26a29e34e20736e752f204b8c76c3
 SHA512 
d44cd04445f9c8963513b0d5a7e8348985114ff2471e119a6e344498719ef40f09c61c354888a3be9dabcb5870e5cbe5d3aafbb861dfa1d82a4952f3d233a8df
+DIST openssh-8.9p1+x509-13.3.diff.gz 1109839 BLAKE2B 
64bbb5afcffe11ae31fa9cb21a8668e50a08012079108cbb712eb05a0fbfd10fce82b347bfd9a68b765fffaa09eb30dd7d70801f723d79f45a3b5858fef9
 SHA512 
fb54ed71eb0c37236ea3fe6e5be77aba56d511d6d087e374059ddc21f42aa9b75d832b8a927d082b71ac41de8bc9760f3e6f6335a88af023d5618c74872f9611
+DIST openssh-8.9p1-sctp-1.2.patch.xz 6752 BLAKE2B 
8f87a4e604ce412f45432ae29b6ccb5a10f6bd6ddc3c688b85d75c2126387dc5d4ed2b2396691db016cc0dee3e71a557611bcf34066dee075d62c9e69e887f14
 SHA512 
88a36e2d87bb8b6136885094729d001953e15799e06885ff1c489300458b6e412520f7a78c48dfd24df46e58f2561051212d7948f8af63082edcb85c33b4d32b
+DIST openssh-8.9p1.tar.gz 1820282 BLAKE2B 
02934da7f7a2954141888e63e81e38fad4fb8558ddd1032de44f69684802c62771fdd7e9e470e0715059635999c8f9d2ab95f6351217e236573ead83a867f59b
 SHA512 
04bd38ea6fe4be31acc8c4e83de7d3dda66fb7207be2e4ba25d3b8118d13d098a283769da9e8ce1fc4fba7edf739c14efcc6c9137132919261a7f882314b0f6b
 DIST openssh-8_5_P1-hpn-AES-CTR-15.2.diff 30096 BLAKE2B 
f0c020dd2403806c79d4c37a019996d275655b04997301e247f5c4dd7fad35d12b3b7c25afb1b078d915ef2a4ae02f736f0aec9ba2a8c56a405d7ca303bcadf7
 SHA512 
4c2dbf99a9b5953fdb955f700272bbaeaa025f108a8860d2190197962b849f8385327af82c4d6a3a130a7fba35a74a8ec9437d642867601acb29817c49632a8f
 DIST openssh-8_5_P1-hpn-DynWinNoneSwitch-15.2.diff 51428 BLAKE2B 
370b88a7da7f148bf5a4d445f05cf593b486e9df53bba027e2e179726f534b68cf9d94edd6e53024e0b6ff5f20e568727bc9d26c94d0d415603602a80d3ad241
 SHA512 
2d8d887901164b33b2799ff3ec72e86a39ae4a1696e52bcee0872dbae7772fcc534351e6e7f87126ee71b164c74e9091350f14b782f4b242a09f09b4f50d047a
 DIST openssh-8_5_P1-hpn-PeakTput-15.2.diff 2429 BLAKE2B 
849bf3c313719ab7a25c75e82d5dc5ac98365a038b2a66fe58d01eae5b20c258b94b5830e799d6909e75c69753cda05a910f3bdab9606fb7d5efa68e05f1
 SHA512 
c4a56fab55fabd1d902d45f235b603708d43f969920e45c9a57e557dccfa9cade2ec61f26d1ace938f6f73e79f17b12f119b5aea9166cbda8e3435b910500914

diff --git a/net-misc/openssh/files/openssh-8.9_p1-X509-glue-13.3.patch 
b/net-misc/openssh/files/openssh-8.9_p1-X509-glue-13.3.patch
new file mode 100644
index ..91da09971acc
--- /dev/null
+++ b/net-misc/openssh/files/openssh-8.9_p1-X509-glue-13.3.patch
@@ -0,0 +1,63 @@
+diff -ur '--exclude=.*.un~' a/openssh-8.9p1+x509-13.3.diff 
b/openssh-8.9p1+x509-13.3.diff
+--- a/openssh-8.9p1+x509-13.3.diff 2022-02-24 17:19:30.830285922 -0800
 b/openssh-8.9p1+x509-13.3.diff 2022-02-24 17:22:12.374625809 -0800
+@@ -993,15 +993,16 @@
+   char b[512];
+ - size_t len = ssh_digest_bytes(SSH_DIGEST_SHA512);
+ - u_char *hash = xmalloc(len);
++- double delay;
+ + int digest_alg;
+ + size_t len;
+ + u_char *hash;
+-  double delay;
+- 
+++ double delay = 0;
+++
+ + digest_alg = ssh_digest_maxbytes();
+ + len = ssh_digest_bytes(digest_alg);
+ + hash = xmalloc(len);
+-+
++
+   (void)snprintf(b, sizeof b, "%llu%s",
+   (unsigned long long)options.timing_secret, user);
+ - if (ssh_digest_memory(SSH_DIGEST_SHA512, b, strlen(b), 

[gentoo-commits] repo/gentoo:master commit in: net-misc/openssh/, net-misc/openssh/files/

[Patrick McLean]

commit: e63d106c6300869b5926856c1e50097ffdb8c7b9
Author: Patrick McLean  gentoo  org>
AuthorDate: Mon Oct 25 23:38:02 2021 +
Commit: Patrick McLean  gentoo  org>
CommitDate: Mon Oct 25 23:38:02 2021 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=e63d106c

net-misc/openssh-8.8_p1-r1: Revbump, enable X509 USE flag

Package-Manager: Portage-3.0.28, Repoman-3.0.3
Signed-off-by: Patrick McLean  gentoo.org>

 net-misc/openssh/Manifest  |  1 +
 .../files/openssh-8.8_p1-X509-glue-13.2.3.patch| 43 ++
 ...nssh-8.8_p1.ebuild => openssh-8.8_p1-r1.ebuild} |  2 +-
 3 files changed, 45 insertions(+), 1 deletion(-)

diff --git a/net-misc/openssh/Manifest b/net-misc/openssh/Manifest
index 1378008f277..e3a9ef1d4eb 100644
--- a/net-misc/openssh/Manifest
+++ b/net-misc/openssh/Manifest
@@ -7,6 +7,7 @@ DIST openssh-8.6p1.tar.gz 1786328 BLAKE2B 
261a0f1a6235275894d487cce37537755c8683
 DIST openssh-8.7p1+x509-13.2.1.diff.gz 1073420 BLAKE2B 
f9de9f797f1ec83cd56a983f5b9694b0297a60e586898a8c94b4aaa60e5f561bb3b7730590fc8f898c3de2340780d6a77d31bfcc50df0a55a0480051f37806fd
 SHA512 
dd7afd351ddf33e8e74bceba56e5593a0546360efb34f3b954e1816751b5678da5d1bc3a9f2eaa4a745d86d96ae9b643bd549d39b59b22c8cf1a219b076c1db5
 DIST openssh-8.7p1-sctp-1.2.patch.xz 6740 BLAKE2B 
468a455018ffddf4fa64d63acb732ad3e1fb722ae8b24d06cf3a683167a4580626b477bbc286f296c83d39dd36c101ac58597a21daa63de83ad55af00aa3a6be
 SHA512 
aa9067c9025b6e4edfad5e45ec92da43db14edb11aae02cbbc296e66b48377cbbf62cdafcdd5edfd1fd4bf69420ee017223ab52e50a42b1976002d767984777c
 DIST openssh-8.7p1.tar.gz 1814595 BLAKE2B 
9fdb8898485053d08c9eca419c15d0d03b7a60152cf6a9d7f1beed3a21c9e6ac3bd9f854580e6e474fb0c871f3d4be9ef4b49bee8c355d9e5769a5505f4e6ea9
 SHA512 
08c81024d9e1248abfda6cc874886ff5ae916669b93cd6aff640e0614ee8cbcbc3fe87a9ce47136b6443ddbb1168b114367c74e117551905994e1a7e3fa2c0c2
+DIST openssh-8.8p1+x509-13.2.3.diff.gz 1071138 BLAKE2B 
dfbe53ccfdfe0a3da9bac927c5bb0ccfeb20f1ba69cef2ffb52999e6f6b0a3282e28a888aab40096fe9eed819f4c9b27592a8771d786580b8fa4f507f6b02557
 SHA512 
e55e9cdcde1b02b2799600083db8c3b85d207b251b99b4efabe8614bedf1daae28e5ed10cbe1f6a2e5ba766fe1eaf41be9e90fefdaae1352808c504fc0f4e7e6
 DIST openssh-8.8p1-sctp-1.2.patch.xz 6744 BLAKE2B 
9f99e0abfbfbda2cc1c7c2a465d044c900da862e5a38f01260f388ac089b2e66c5ea7664d71d18b924552ae177e5893cdcbfbccc20eeb3aaeae00b3d552379e3
 SHA512 
5290c5ef08a418dcc9260812d8e75ce266e22e2258514f11da6fb178e0ae2ef16046523f72a50f74ae7b98e7eb52d16143befc8ce2919041382d314aa05adda0
 DIST openssh-8.8p1.tar.gz 1815060 BLAKE2B 
3a054ce19781aceca5ab1a0839d7435d88aff4481e8c74b91ffd2046dc8b6f03d6bf584ecda066c0496acf43cea9ab4085f26a29e34e20736e752f204b8c76c3
 SHA512 
d44cd04445f9c8963513b0d5a7e8348985114ff2471e119a6e344498719ef40f09c61c354888a3be9dabcb5870e5cbe5d3aafbb861dfa1d82a4952f3d233a8df
 DIST openssh-8_5_P1-hpn-AES-CTR-15.2.diff 30096 BLAKE2B 
f0c020dd2403806c79d4c37a019996d275655b04997301e247f5c4dd7fad35d12b3b7c25afb1b078d915ef2a4ae02f736f0aec9ba2a8c56a405d7ca303bcadf7
 SHA512 
4c2dbf99a9b5953fdb955f700272bbaeaa025f108a8860d2190197962b849f8385327af82c4d6a3a130a7fba35a74a8ec9437d642867601acb29817c49632a8f

diff --git a/net-misc/openssh/files/openssh-8.8_p1-X509-glue-13.2.3.patch 
b/net-misc/openssh/files/openssh-8.8_p1-X509-glue-13.2.3.patch
new file mode 100644
index 000..74f8a842e6b
--- /dev/null
+++ b/net-misc/openssh/files/openssh-8.8_p1-X509-glue-13.2.3.patch
@@ -0,0 +1,43 @@
+diff -ur '--exclude=.*.un~' a/openssh-8.8p1+x509-13.2.3.diff 
b/openssh-8.8p1+x509-13.2.3.diff
+--- a/openssh-8.8p1+x509-13.2.3.diff   2021-10-25 10:23:20.264186260 -0700
 b/openssh-8.8p1+x509-13.2.3.diff   2021-10-25 10:24:35.924443287 -0700
+@@ -51859,12 +51859,11 @@
+  
+  install-files:
+   $(MKDIR_P) $(DESTDIR)$(bindir)
+-@@ -391,6 +372,8 @@
++@@ -391,6 +372,7 @@
+   $(MKDIR_P) $(DESTDIR)$(mandir)/$(mansubdir)5
+   $(MKDIR_P) $(DESTDIR)$(mandir)/$(mansubdir)8
+   $(MKDIR_P) $(DESTDIR)$(libexecdir)
+ + $(MKDIR_P) $(DESTDIR)$(sshcadir)
+-+ $(MKDIR_P) $(DESTDIR)$(piddir)
+   $(MKDIR_P) -m 0755 $(DESTDIR)$(PRIVSEP_PATH)
+   $(INSTALL) -m 0755 $(STRIP_OPT) ssh$(EXEEXT) 
$(DESTDIR)$(bindir)/ssh$(EXEEXT)
+   $(INSTALL) -m 0755 $(STRIP_OPT) scp$(EXEEXT) 
$(DESTDIR)$(bindir)/scp$(EXEEXT)
+@@ -71985,7 +71984,7 @@
+ +if test "$sshd_type" = "pkix" ; then
+ +  unset_arg=''
+ +else
+-+  unset_arg=none
+++  unset_arg=
+ +fi
+ +
+  cat > $OBJ/sshd_config.i << _EOF
+@@ -132360,16 +132359,6 @@
+ +int   asnmprintf(char **, size_t, int *, const char *, ...)
+   __attribute__((format(printf, 4, 5)));
+  void  msetlocale(void);
+-diff -ruN openssh-8.8p1/version.h openssh-8.8p1+x509-13.2.3/version.h
+ openssh-8.8p1/version.h   2021-09-26 17:03:19.0 +0300
+-+++ openssh-8.8p1+x509-13.2.3/version.h   2021-10-23 16:27:00.0 
+0300
+-@@ -2,5 +2,4 @@
+- 
+- #define SSH_VERSION  "OpenSSH_8.8"
+- 
+--#define SSH_PORTABLE "p1"
+--#define 

[gentoo-commits] repo/gentoo:master commit in: net-misc/openssh/, net-misc/openssh/files/

[Sam James]

commit: f4217196ea99da29cd884994f054cc0960719661
Author: Sam James  gentoo  org>
AuthorDate: Wed Oct  6 01:22:00 2021 +
Commit: Sam James  gentoo  org>
CommitDate: Wed Oct  6 01:22:48 2021 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=f4217196

net-misc/openssh: don't symlink patch for 8.8_p1

This breaks at rsync(?):
```
A file listed in the Manifest could not be found: 
/usr/portage/net-misc/openssh/files/openssh-8.8_p1-hpn-15.2-glue.patch
```

Possibly some other things don't handle this well either.

Signed-off-by: Sam James  gentoo.org>

 net-misc/openssh/files/openssh-8.8_p1-hpn-15.2-glue.patch | 1 -
 net-misc/openssh/openssh-8.8_p1.ebuild| 2 +-
 2 files changed, 1 insertion(+), 2 deletions(-)

diff --git a/net-misc/openssh/files/openssh-8.8_p1-hpn-15.2-glue.patch 
b/net-misc/openssh/files/openssh-8.8_p1-hpn-15.2-glue.patch
deleted file mode 12
index 7037b34b4e5..000
--- a/net-misc/openssh/files/openssh-8.8_p1-hpn-15.2-glue.patch
+++ /dev/null
@@ -1 +0,0 @@
-openssh-8.7_p1-hpn-15.2-glue.patch
\ No newline at end of file

diff --git a/net-misc/openssh/openssh-8.8_p1.ebuild 
b/net-misc/openssh/openssh-8.8_p1.ebuild
index 064bb4adcd3..adc52d405c7 100644
--- a/net-misc/openssh/openssh-8.8_p1.ebuild
+++ b/net-misc/openssh/openssh-8.8_p1.ebuild
@@ -185,7 +185,7 @@ src_prepare() {
mkdir "${hpn_patchdir}" || die
cp $(printf -- "${DISTDIR}/%s\n" "${HPN_PATCHES[@]}") 
"${hpn_patchdir}" || die
pushd "${hpn_patchdir}" &>/dev/null || die
-   eapply "${FILESDIR}"/${P}-hpn-${HPN_VER}-glue.patch
+   eapply "${FILESDIR}"/${PN}-8.7_p1-hpn-${HPN_VER}-glue.patch
use X509 && eapply 
"${FILESDIR}"/${PN}-8.7_p1-hpn-${HPN_VER}-X509-glue.patch
use sctp && eapply 
"${FILESDIR}"/${PN}-8.5_p1-hpn-${HPN_VER}-sctp-glue.patch
popd &>/dev/null || die

[gentoo-commits] repo/gentoo:master commit in: net-misc/openssh/, net-misc/openssh/files/

[Patrick McLean]

commit: 11d6f23704e7ab84191e28e034816bfdb151d406
Author: Patrick McLean  gentoo  org>
AuthorDate: Wed Sep  1 18:23:13 2021 +
Commit: Patrick McLean  gentoo  org>
CommitDate: Wed Sep  1 18:23:13 2021 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=11d6f237

net-misc/openssh-8.7_p1-r1: Revbump, add X509 patch

Package-Manager: Portage-3.0.22, Repoman-3.0.3
Signed-off-by: Patrick McLean  gentoo.org>

 net-misc/openssh/Manifest  |   1 +
 .../files/openssh-8.7_p1-X509-glue-13.2.patch  |  73 
 .../files/openssh-8.7_p1-hpn-15.2-X509-glue.patch  | 447 +
 ...nssh-8.7_p1.ebuild => openssh-8.7_p1-r1.ebuild} |   4 +-
 4 files changed, 523 insertions(+), 2 deletions(-)

diff --git a/net-misc/openssh/Manifest b/net-misc/openssh/Manifest
index b6ea0efce2b..ba9efbc35e8 100644
--- a/net-misc/openssh/Manifest
+++ b/net-misc/openssh/Manifest
@@ -4,6 +4,7 @@ DIST openssh-8.5p1.tar.gz 1779733 BLAKE2B 
f4e4bd39e2dd275d4811e06ca994f2239ad27c
 DIST openssh-8.6p1+x509-13.1.diff.gz 1011666 BLAKE2B 
0ac0cf2ff962b8ef677c49de0bb586f375f14d8964e077c10f6a88ec15734807940ab6c0277e44ebdfde0e50c2c80103cff614a6cde4d66e9986152032eeaa90
 SHA512 
ae4986dd079678c7b0cfd805136ff7ac940d1049fdddeb5a7c4ea2141bfcca70463b951485fb2b113bc930f519b1b41562900ced0269f5673dbdad867f464251
 DIST openssh-8.6p1-sctp-1.2.patch.xz 7696 BLAKE2B 
37f9e943a1881af05d9cf2234433711dc45ca30c60af4c0ea38a1d361df02abb491fa114f3698285f582b40b838414c1a048c4f09aa4f7ae9499adb09201d2ac
 SHA512 
ba8c4d38a3d90854e79dc18918fffde246d7609a3f1c3a35e06c0fbe33d3688ed29b0ec33556ae37d1654e1dc2133d892613ad8d1ecbdce9aaa5b9eb10dcbb7a
 DIST openssh-8.6p1.tar.gz 1786328 BLAKE2B 
261a0f1a6235275894d487cce37537755c86835e3a34871462fe29bfe72b49cd9a6b6a547aea4bd554f0957e110c84458cc75a5f2560717fb04804d62228562a
 SHA512 
9854eda0b773c64c9f1f74844ce466b2b42ee8845f58ad062b73141d617af944fa4ebafdf72069f400106d2c2bd0a69c92fe805ec1fc26d4f0faadf06c3fbbe6
+DIST openssh-8.7p1+x509-13.2.diff.gz 1068695 BLAKE2B 
e542e5444f8360e0e28288d6a58d66995ff90e9f6bb1490b04a205162036e371a20d612655ca1bd479b8a04d5ccbfd9b7189b090d50ccbb019848e28571b036b
 SHA512 
342e1ee050258c99f8f206664ef756e1be2c82e5faa5f966b80385aa2c6c601974681459ddba32c1ca5c33eda530af681e753471706c71902c1045a2913cd540
 DIST openssh-8.7p1-sctp-1.2.patch.xz 6740 BLAKE2B 
468a455018ffddf4fa64d63acb732ad3e1fb722ae8b24d06cf3a683167a4580626b477bbc286f296c83d39dd36c101ac58597a21daa63de83ad55af00aa3a6be
 SHA512 
aa9067c9025b6e4edfad5e45ec92da43db14edb11aae02cbbc296e66b48377cbbf62cdafcdd5edfd1fd4bf69420ee017223ab52e50a42b1976002d767984777c
 DIST openssh-8.7p1.tar.gz 1814595 BLAKE2B 
9fdb8898485053d08c9eca419c15d0d03b7a60152cf6a9d7f1beed3a21c9e6ac3bd9f854580e6e474fb0c871f3d4be9ef4b49bee8c355d9e5769a5505f4e6ea9
 SHA512 
08c81024d9e1248abfda6cc874886ff5ae916669b93cd6aff640e0614ee8cbcbc3fe87a9ce47136b6443ddbb1168b114367c74e117551905994e1a7e3fa2c0c2
 DIST openssh-8_5_P1-hpn-AES-CTR-15.2.diff 30096 BLAKE2B 
f0c020dd2403806c79d4c37a019996d275655b04997301e247f5c4dd7fad35d12b3b7c25afb1b078d915ef2a4ae02f736f0aec9ba2a8c56a405d7ca303bcadf7
 SHA512 
4c2dbf99a9b5953fdb955f700272bbaeaa025f108a8860d2190197962b849f8385327af82c4d6a3a130a7fba35a74a8ec9437d642867601acb29817c49632a8f

diff --git a/net-misc/openssh/files/openssh-8.7_p1-X509-glue-13.2.patch 
b/net-misc/openssh/files/openssh-8.7_p1-X509-glue-13.2.patch
new file mode 100644
index 000..d6f5e42027d
--- /dev/null
+++ b/net-misc/openssh/files/openssh-8.7_p1-X509-glue-13.2.patch
@@ -0,0 +1,73 @@
+diff -ur '--exclude=.*.un~' a/openssh-8.7p1+x509-13.2.diff 
b/openssh-8.7p1+x509-13.2.diff
+--- a/openssh-8.7p1+x509-13.2.diff 2021-08-30 17:47:40.415668320 -0700
 b/openssh-8.7p1+x509-13.2.diff 2021-08-30 17:49:14.916114987 -0700
+@@ -51082,12 +51082,11 @@
+  
+  install-files:
+   $(MKDIR_P) $(DESTDIR)$(bindir)
+-@@ -391,6 +368,8 @@
++@@ -391,6 +368,7 @@
+   $(MKDIR_P) $(DESTDIR)$(mandir)/$(mansubdir)5
+   $(MKDIR_P) $(DESTDIR)$(mandir)/$(mansubdir)8
+   $(MKDIR_P) $(DESTDIR)$(libexecdir)
+ + $(MKDIR_P) $(DESTDIR)$(sshcadir)
+-+ $(MKDIR_P) $(DESTDIR)$(piddir)
+   $(MKDIR_P) -m 0755 $(DESTDIR)$(PRIVSEP_PATH)
+   $(INSTALL) -m 0755 $(STRIP_OPT) ssh$(EXEEXT) 
$(DESTDIR)$(bindir)/ssh$(EXEEXT)
+   $(INSTALL) -m 0755 $(STRIP_OPT) scp$(EXEEXT) 
$(DESTDIR)$(bindir)/scp$(EXEEXT)
+@@ -69793,7 +69792,7 @@
+ - echo "putty interop tests not enabled"
+ - exit 0
+ -fi
+-+$REGRESS_INTEROP_PUTTY || { echo "putty interop tests are not enabled" >&1;  
exit 1; }
+++$REGRESS_INTEROP_PUTTY || { echo "putty interop tests are not enabled" >&1;  
exit 0; }
+  
+  for c in aes 3des aes128-ctr aes192-ctr aes256-ctr chacha20 ; do
+   verbose "$tid: cipher $c"
+@@ -69808,7 +69807,7 @@
+ - echo "putty interop tests not enabled"
+ - exit 0
+ -fi
+-+$REGRESS_INTEROP_PUTTY || { echo "putty interop tests are not enabled" >&1;  
exit 1; }
+++$REGRESS_INTEROP_PUTTY || { echo "putty interop tests are not 

[gentoo-commits] repo/gentoo:master commit in: net-misc/openssh/, net-misc/openssh/files/

[Thomas Deutschmann]

commit: 08ab771b7280edd7adfc6ae3b2289bc0f4fc09b1
Author: Thomas Deutschmann  gentoo  org>
AuthorDate: Thu Jun 17 20:08:15 2021 +
Commit: Thomas Deutschmann  gentoo  org>
CommitDate: Thu Jun 17 20:32:00 2021 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=08ab771b

net-misc/openssh: Fix MissingUseDepDefault for dev-libs/openssl[bindist]

Package-Manager: Portage-3.0.20, Repoman-3.0.3
Signed-off-by: Thomas Deutschmann  gentoo.org>

 net-misc/openssh/files/sshd-r2.initd  | 100 ++
 net-misc/openssh/openssh-8.5_p1-r1.ebuild |   6 +-
 net-misc/openssh/openssh-8.6_p1-r1.ebuild |   6 +-
 3 files changed, 106 insertions(+), 6 deletions(-)

diff --git a/net-misc/openssh/files/sshd-r2.initd 
b/net-misc/openssh/files/sshd-r2.initd
new file mode 100644
index 000..3381fb965dd
--- /dev/null
+++ b/net-misc/openssh/files/sshd-r2.initd
@@ -0,0 +1,100 @@
+#!/sbin/openrc-run
+# Copyright 1999-2021 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+extra_commands="checkconfig"
+extra_started_commands="reload"
+
+: ${SSHD_CONFDIR:=${RC_PREFIX%/}/etc/ssh}
+: ${SSHD_CONFIG:=${SSHD_CONFDIR}/sshd_config}
+: ${SSHD_PIDFILE:=${RC_PREFIX%/}/run/${SVCNAME}.pid}
+: ${SSHD_BINARY:=${RC_PREFIX%/}/usr/sbin/sshd}
+: ${SSHD_KEYGEN_BINARY:=${RC_PREFIX%/}/usr/bin/ssh-keygen}
+
+command="${SSHD_BINARY}"
+pidfile="${SSHD_PIDFILE}"
+command_args="${SSHD_OPTS} -o PidFile=${pidfile} -f ${SSHD_CONFIG}"
+
+# Wait one second (length chosen arbitrarily) to see if sshd actually
+# creates a PID file, or if it crashes for some reason like not being
+# able to bind to the address in ListenAddress (bug 617596).
+: ${SSHD_SSD_OPTS:=--wait 1000}
+start_stop_daemon_args="${SSHD_SSD_OPTS}"
+
+depend() {
+   # Entropy can be used by ssh-keygen, among other things, but
+   # is not strictly required (bug 470020).
+   use logger dns entropy
+   if [ "${rc_need+set}" = "set" ] ; then
+   : # Do nothing, the user has explicitly set rc_need
+   else
+   local x warn_addr
+   for x in $(awk '/^ListenAddress/{ print $2 }' "$SSHD_CONFIG" 
2>/dev/null) ; do
+   case "${x}" in
+   0.0.0.0|0.0.0.0:*) ;;
+   ::|\[::\]*) ;;
+   *) warn_addr="${warn_addr} ${x}" ;;
+   esac
+   done
+   if [ -n "${warn_addr}" ] ; then
+   need net
+   ewarn "You are binding an interface in ListenAddress 
statement in your sshd_config!"
+   ewarn "You must add rc_need=\"net.FOO\" to your 
${RC_PREFIX%/}/etc/conf.d/sshd"
+   ewarn "where FOO is the interface(s) providing the 
following address(es):"
+   ewarn "${warn_addr}"
+   fi
+   fi
+}
+
+checkconfig() {
+   checkpath --mode 0755 --directory "${RC_PREFIX%/}/var/empty"
+
+   if [ ! -e "${SSHD_CONFIG}" ] ; then
+   eerror "You need an ${SSHD_CONFIG} file to run sshd"
+   eerror "There is a sample file in /usr/share/doc/openssh"
+   return 1
+   fi
+
+   ${SSHD_KEYGEN_BINARY} -A || return 2
+
+   "${command}" -t ${command_args} || return 3
+}
+
+start_pre() {
+   # Make sure that the user's config isn't busted before we try
+   # to start the daemon (this will produce better error messages
+   # than if we just try to start it blindly).
+   #
+   # We always need to call checkconfig because this function will
+   # also generate any missing host key and you can start a
+   # non-running service with "restart" argument.
+   checkconfig || return $?
+}
+
+stop_pre() {
+   if [ "${RC_CMD}" = "restart" ] ; then
+   # If this is a restart, check to make sure the user's config
+   # isn't busted before we stop the running daemon.
+   checkconfig || return $?
+   elif yesno "${RC_GOINGDOWN}" && [ -s "${pidfile}" ] && hash pgrep 
2>/dev/null ; then
+   # Disconnect any clients before killing the master process
+   local pid=$(cat "${pidfile}" 2>/dev/null)
+   if [ -n "${pid}" ] ; then
+   local ssh_session_pattern='sshd: \S.*@pts/[0-9]+'
+
+   IFS="${IFS}@"
+   local daemon pid pty user
+   pgrep -a -P ${pid} -f "$ssh_session_pattern" | while 
read pid daemon user pty ; do
+   ewarn "Found ${daemon%:} session ${pid} on 
${pty}; sending SIGTERM ..."
+   kill "${pid}" || true
+   done
+   fi
+   fi
+}
+
+reload() {
+   checkconfig || return $?
+   ebegin "Reloading ${SVCNAME}"
+   start-stop-daemon --signal HUP --pidfile "${pidfile}"
+   eend $?
+}

diff --git 

[gentoo-commits] repo/gentoo:master commit in: net-misc/openssh/, net-misc/openssh/files/

[Lars Wendler]

commit: e18b31ea8dd0024175e6e3367ff147fbdb908343
Author: Lars Wendler  gentoo  org>
AuthorDate: Sun May 23 13:02:21 2021 +
Commit: Lars Wendler  gentoo  org>
CommitDate: Sun May 23 13:05:22 2021 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=e18b31ea

net-misc/openssh: Removed old

Signed-off-by: Lars Wendler  gentoo.org>

 net-misc/openssh/Manifest  |  10 -
 .../openssh/files/openssh-8.2_p1-GSSAPI-dns.patch  | 359 --
 .../files/openssh-8.4_p1-X509-glue-12.6.patch  |  34 --
 .../files/openssh-8.4_p1-fix-ssh-copy-id.patch |  30 --
 .../files/openssh-8.4_p1-hpn-14.22-X509-glue.patch | 129 --
 .../files/openssh-8.4_p1-hpn-14.22-glue.patch  |  94 
 .../files/openssh-8.4_p1-hpn-14.22-sctp-glue.patch |  18 -
 net-misc/openssh/openssh-8.4_p1-r3.ebuild  | 515 -
 net-misc/openssh/openssh-8.5_p1.ebuild | 512 
 9 files changed, 1701 deletions(-)

diff --git a/net-misc/openssh/Manifest b/net-misc/openssh/Manifest
index 51b6a2c9d3f..7e7889daada 100644
--- a/net-misc/openssh/Manifest
+++ b/net-misc/openssh/Manifest
@@ -1,19 +1,9 @@
-DIST openssh-8.4p1+x509-12.6.diff.gz 857479 BLAKE2B 
ac8c3e8c1087ca571e5459c9826903410ff2d45de60151d9bd8e59da15805b75752f8f3ffc231c9f8aaa8f2b2c07a97a8296684f885e0d14b54ff5d7bc585588
 SHA512 
e56516b376ecc3e5464895744ce0616cf4446a891fbd3cbcb090d5f61ebc349d74f9c01e855ccd22e574dbfeec0cb2ba7daf582983010ff991243a6371cc5fe3
-DIST openssh-8.4p1-sctp-1.2.patch.xz 7668 BLAKE2B 
2e22d2a90723cea9ef958bd989b8c431fcb08b4dc5bfd3ebbf463ca9546dc37acdc185c35ddf3adbb90bde9b3902bf36524a456061a9bcbdef7a76ece79e2ff4
 SHA512 
90da34b7b86e52df9e0191c99c9d645a4d4671958adebeed46e1149102d4ba8c729eadb79d84fad9feac64aafa0541d2f1f4db8cdfe0af5ba893aac072ef2380
-DIST openssh-8.4p1.tar.gz 1742201 BLAKE2B 
4b1e60d4962095df045c3a31bbf8af725b1c07324c4aa1f6b9a3ddb7e695c98e9aa01655b268f6fd6a400f511b23be91f6b89d07b14a6a2d92f873efb4d9c146
 SHA512 
d65275b082c46c5efe7cf3264fa6794d6e99a36d4a54b50554fc56979d6c0837381587fd5399195e1db680d2a5ad1ef0b99a180eac2b4de5637906cb7a89e9ce
 DIST openssh-8.5p1+x509-13.0.1.diff.gz 997005 BLAKE2B 
b6cdc9ba12dc642c7073463fb8b153a32019e8bc4c1778c2371d89cdc8d9b43e86523d0c03ebeeafa7004a16ad46dfbc18b338bf95f46101d8865709d45aa6b0
 SHA512 
b0247885d3a0718eb4df123c552f9e95ad9ffd55f96189aca35006c23d76ec76b28420cac4d7b2167c07f2e0a0652edfa20c2ce60aea3f7607a1e747f836ff91
-DIST openssh-8.5p1+x509-13.0.diff.gz 996872 BLAKE2B 
136937e4e65e5e73d1d1b596ae6188f359daa8e95aafd57fab8cf947b59fde573ff4e6259781d1a0fd89718d14469ca4aed01bae6f37cc16df109c673fa2c73c
 SHA512 
2276b0ac577162f7f6a56115637636a6eaaa8b3cc06e5ef053ec06e00a7c3459efe8de8dbc5f55c9f6a192534e2f7c8c7064fcdbf56d28b628bb301c5072802c
 DIST openssh-8.5p1-sctp-1.2.patch.xz 7692 BLAKE2B 
298bf5e2004fd864bdbb6d6f354d1fbcb7052a9caaf8e39863b840a7af8e31f87790f6aa10ae84df177d450bb34a43c4a3aa87d7472e2505d727757c016ce92b
 SHA512 
84990f95e22c90dbc4d04d47ea88b761ff1d0101018661ff2376ac2a726b5fca43f1b5f5d926ccbe1c8d0143ac36b104616bd1a6b5dcdba4addf48a5dd196e2b
 DIST openssh-8.5p1.tar.gz 1779733 BLAKE2B 
f4e4bd39e2dd275d4811e06ca994f2239ad27c804b003c74cc26f9dffae28f1b4006fc618580f0dc9c45f0b7361c24728c23688b45f41cb8a15cf6206c3f15c3
 SHA512 
af9c34d89170a30fc92a63973e32c766ed4a6d254bb210e317c000d46913e78d0c60c7befe62d993d659be000b828b9d4d3832fc40df1c3d33850aaa6293846f
 DIST openssh-8.6p1+x509-13.1.diff.gz 1011666 BLAKE2B 
0ac0cf2ff962b8ef677c49de0bb586f375f14d8964e077c10f6a88ec15734807940ab6c0277e44ebdfde0e50c2c80103cff614a6cde4d66e9986152032eeaa90
 SHA512 
ae4986dd079678c7b0cfd805136ff7ac940d1049fdddeb5a7c4ea2141bfcca70463b951485fb2b113bc930f519b1b41562900ced0269f5673dbdad867f464251
 DIST openssh-8.6p1-sctp-1.2.patch.xz 7696 BLAKE2B 
37f9e943a1881af05d9cf2234433711dc45ca30c60af4c0ea38a1d361df02abb491fa114f3698285f582b40b838414c1a048c4f09aa4f7ae9499adb09201d2ac
 SHA512 
ba8c4d38a3d90854e79dc18918fffde246d7609a3f1c3a35e06c0fbe33d3688ed29b0ec33556ae37d1654e1dc2133d892613ad8d1ecbdce9aaa5b9eb10dcbb7a
 DIST openssh-8.6p1.tar.gz 1786328 BLAKE2B 
261a0f1a6235275894d487cce37537755c86835e3a34871462fe29bfe72b49cd9a6b6a547aea4bd554f0957e110c84458cc75a5f2560717fb04804d62228562a
 SHA512 
9854eda0b773c64c9f1f74844ce466b2b42ee8845f58ad062b73141d617af944fa4ebafdf72069f400106d2c2bd0a69c92fe805ec1fc26d4f0faadf06c3fbbe6
-DIST openssh-8_3_P1-hpn-AES-CTR-14.22.diff 29963 BLAKE2B 
19b82f4ff820f52dafaa5b3f09f8a0a67f318771c1c7276b9d37e4a6412052c9c53347f880f2d78981af3830432704b9ad74b375241965326530ae23ec8d74a2
 SHA512 
49f2778831dc768850870a1755da9cdd7d3bc83fa87069070f5a1d357ce9bdadeb2506c8ff3c6b055708da12a70e9ede7ed0e8a29fcab441abb55c9d483663be
-DIST openssh-8_3_P1-hpn-DynWinNoneSwitch-14.22.diff 42783 BLAKE2B 
10940c35ae6bdc33e58bc9abd9cd7a551d4ca76a175400acb872906805bd04d384f57e81049b183d7d892ce1b5f7a138e197366369fe12e5c9dc1349850b0582
 SHA512 

[gentoo-commits] repo/gentoo:master commit in: net-misc/openssh/, net-misc/openssh/files/

[Patrick McLean]

commit: dd069ebac8b0f15edc1dee19bb77f9611b5a812a
Author: Patrick McLean  gentoo  org>
AuthorDate: Fri Apr 23 23:14:10 2021 +
Commit: Patrick McLean  gentoo  org>
CommitDate: Fri Apr 23 23:14:16 2021 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=dd069eba

net-misc/openssh-8.6_p1: revbump, add X509 patch

Bug: https://bugs.gentoo.org/785034
Bug: https://bugs.gentoo.org/784896
Package-Manager: Portage-3.0.18, Repoman-3.0.3
Signed-off-by: Patrick McLean  gentoo.org>

 net-misc/openssh/Manifest  |   1 +
 .../files/openssh-8.6_p1-X509-glue-13.1.patch  |  72 +
 .../files/openssh-8.6_p1-hpn-15.2-X509-glue.patch  | 357 +
 ...nssh-8.6_p1.ebuild => openssh-8.6_p1-r1.ebuild} |   4 +-
 4 files changed, 432 insertions(+), 2 deletions(-)

diff --git a/net-misc/openssh/Manifest b/net-misc/openssh/Manifest
index 9068cf8..51b6a2c9d3f 100644
--- a/net-misc/openssh/Manifest
+++ b/net-misc/openssh/Manifest
@@ -5,6 +5,7 @@ DIST openssh-8.5p1+x509-13.0.1.diff.gz 997005 BLAKE2B 
b6cdc9ba12dc642c7073463fb8
 DIST openssh-8.5p1+x509-13.0.diff.gz 996872 BLAKE2B 
136937e4e65e5e73d1d1b596ae6188f359daa8e95aafd57fab8cf947b59fde573ff4e6259781d1a0fd89718d14469ca4aed01bae6f37cc16df109c673fa2c73c
 SHA512 
2276b0ac577162f7f6a56115637636a6eaaa8b3cc06e5ef053ec06e00a7c3459efe8de8dbc5f55c9f6a192534e2f7c8c7064fcdbf56d28b628bb301c5072802c
 DIST openssh-8.5p1-sctp-1.2.patch.xz 7692 BLAKE2B 
298bf5e2004fd864bdbb6d6f354d1fbcb7052a9caaf8e39863b840a7af8e31f87790f6aa10ae84df177d450bb34a43c4a3aa87d7472e2505d727757c016ce92b
 SHA512 
84990f95e22c90dbc4d04d47ea88b761ff1d0101018661ff2376ac2a726b5fca43f1b5f5d926ccbe1c8d0143ac36b104616bd1a6b5dcdba4addf48a5dd196e2b
 DIST openssh-8.5p1.tar.gz 1779733 BLAKE2B 
f4e4bd39e2dd275d4811e06ca994f2239ad27c804b003c74cc26f9dffae28f1b4006fc618580f0dc9c45f0b7361c24728c23688b45f41cb8a15cf6206c3f15c3
 SHA512 
af9c34d89170a30fc92a63973e32c766ed4a6d254bb210e317c000d46913e78d0c60c7befe62d993d659be000b828b9d4d3832fc40df1c3d33850aaa6293846f
+DIST openssh-8.6p1+x509-13.1.diff.gz 1011666 BLAKE2B 
0ac0cf2ff962b8ef677c49de0bb586f375f14d8964e077c10f6a88ec15734807940ab6c0277e44ebdfde0e50c2c80103cff614a6cde4d66e9986152032eeaa90
 SHA512 
ae4986dd079678c7b0cfd805136ff7ac940d1049fdddeb5a7c4ea2141bfcca70463b951485fb2b113bc930f519b1b41562900ced0269f5673dbdad867f464251
 DIST openssh-8.6p1-sctp-1.2.patch.xz 7696 BLAKE2B 
37f9e943a1881af05d9cf2234433711dc45ca30c60af4c0ea38a1d361df02abb491fa114f3698285f582b40b838414c1a048c4f09aa4f7ae9499adb09201d2ac
 SHA512 
ba8c4d38a3d90854e79dc18918fffde246d7609a3f1c3a35e06c0fbe33d3688ed29b0ec33556ae37d1654e1dc2133d892613ad8d1ecbdce9aaa5b9eb10dcbb7a
 DIST openssh-8.6p1.tar.gz 1786328 BLAKE2B 
261a0f1a6235275894d487cce37537755c86835e3a34871462fe29bfe72b49cd9a6b6a547aea4bd554f0957e110c84458cc75a5f2560717fb04804d62228562a
 SHA512 
9854eda0b773c64c9f1f74844ce466b2b42ee8845f58ad062b73141d617af944fa4ebafdf72069f400106d2c2bd0a69c92fe805ec1fc26d4f0faadf06c3fbbe6
 DIST openssh-8_3_P1-hpn-AES-CTR-14.22.diff 29963 BLAKE2B 
19b82f4ff820f52dafaa5b3f09f8a0a67f318771c1c7276b9d37e4a6412052c9c53347f880f2d78981af3830432704b9ad74b375241965326530ae23ec8d74a2
 SHA512 
49f2778831dc768850870a1755da9cdd7d3bc83fa87069070f5a1d357ce9bdadeb2506c8ff3c6b055708da12a70e9ede7ed0e8a29fcab441abb55c9d483663be

diff --git a/net-misc/openssh/files/openssh-8.6_p1-X509-glue-13.1.patch 
b/net-misc/openssh/files/openssh-8.6_p1-X509-glue-13.1.patch
new file mode 100644
index 000..e23063b5db2
--- /dev/null
+++ b/net-misc/openssh/files/openssh-8.6_p1-X509-glue-13.1.patch
@@ -0,0 +1,72 @@
+--- a/openssh-8.6p1+x509-13.1.diff 2021-04-23 14:46:58.184683047 -0700
 b/openssh-8.6p1+x509-13.1.diff 2021-04-23 15:00:08.455087549 -0700
+@@ -47728,12 +47728,11 @@
+  
+  install-files:
+   $(MKDIR_P) $(DESTDIR)$(bindir)
+-@@ -389,6 +366,8 @@
++@@ -389,6 +366,7 @@
+   $(MKDIR_P) $(DESTDIR)$(mandir)/$(mansubdir)5
+   $(MKDIR_P) $(DESTDIR)$(mandir)/$(mansubdir)8
+   $(MKDIR_P) $(DESTDIR)$(libexecdir)
+ + $(MKDIR_P) $(DESTDIR)$(sshcadir)
+-+ $(MKDIR_P) $(DESTDIR)$(piddir)
+   $(MKDIR_P) -m 0755 $(DESTDIR)$(PRIVSEP_PATH)
+   $(INSTALL) -m 0755 $(STRIP_OPT) ssh$(EXEEXT) 
$(DESTDIR)$(bindir)/ssh$(EXEEXT)
+   $(INSTALL) -m 0755 $(STRIP_OPT) scp$(EXEEXT) 
$(DESTDIR)$(bindir)/scp$(EXEEXT)
+@@ -65001,7 +65000,7 @@
+ - echo "putty interop tests not enabled"
+ - exit 0
+ -fi
+-+$REGRESS_INTEROP_PUTTY || { echo "putty interop tests are not enabled" >&1;  
exit 1; }
+++$REGRESS_INTEROP_PUTTY || { echo "putty interop tests are not enabled" >&1;  
exit 0; }
+  
+  for c in aes 3des aes128-ctr aes192-ctr aes256-ctr chacha20 ; do
+   verbose "$tid: cipher $c"
+@@ -65016,7 +65015,7 @@
+ - echo "putty interop tests not enabled"
+ - exit 0
+ -fi
+-+$REGRESS_INTEROP_PUTTY || { echo "putty interop tests are not enabled" >&1;  
exit 1; }
+++$REGRESS_INTEROP_PUTTY || { echo "putty interop tests are not enabled" >&1;  
exit 

[gentoo-commits] repo/gentoo:master commit in: net-misc/openssh/, net-misc/openssh/files/

[Patrick McLean]

commit: 779d2265b9a8031318a2ab381048a1c78141edc9
Author: Patrick McLean  gentoo  org>
AuthorDate: Thu Apr 22 03:23:08 2021 +
Commit: Patrick McLean  gentoo  org>
CommitDate: Thu Apr 22 03:23:15 2021 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=779d2265

net-misc/openssh-8.6_p1: Version bump, no X509 patch for now

Package-Manager: Portage-3.0.18, Repoman-3.0.3
Signed-off-by: Patrick McLean  gentoo.org>

 net-misc/openssh/Manifest  |   2 +
 .../files/openssh-8.6_p1-X509-glue-13.0.1.patch|  73 +++
 .../files/openssh-8.6_p1-hpn-15.2-glue.patch   | 132 ++
 .../openssh/files/openssh-8.6_p1-hpn-version.patch |  13 +
 net-misc/openssh/openssh-8.6_p1.ebuild | 518 +
 5 files changed, 738 insertions(+)

diff --git a/net-misc/openssh/Manifest b/net-misc/openssh/Manifest
index 03ef9f4f735..9068cf8 100644
--- a/net-misc/openssh/Manifest
+++ b/net-misc/openssh/Manifest
@@ -5,6 +5,8 @@ DIST openssh-8.5p1+x509-13.0.1.diff.gz 997005 BLAKE2B 
b6cdc9ba12dc642c7073463fb8
 DIST openssh-8.5p1+x509-13.0.diff.gz 996872 BLAKE2B 
136937e4e65e5e73d1d1b596ae6188f359daa8e95aafd57fab8cf947b59fde573ff4e6259781d1a0fd89718d14469ca4aed01bae6f37cc16df109c673fa2c73c
 SHA512 
2276b0ac577162f7f6a56115637636a6eaaa8b3cc06e5ef053ec06e00a7c3459efe8de8dbc5f55c9f6a192534e2f7c8c7064fcdbf56d28b628bb301c5072802c
 DIST openssh-8.5p1-sctp-1.2.patch.xz 7692 BLAKE2B 
298bf5e2004fd864bdbb6d6f354d1fbcb7052a9caaf8e39863b840a7af8e31f87790f6aa10ae84df177d450bb34a43c4a3aa87d7472e2505d727757c016ce92b
 SHA512 
84990f95e22c90dbc4d04d47ea88b761ff1d0101018661ff2376ac2a726b5fca43f1b5f5d926ccbe1c8d0143ac36b104616bd1a6b5dcdba4addf48a5dd196e2b
 DIST openssh-8.5p1.tar.gz 1779733 BLAKE2B 
f4e4bd39e2dd275d4811e06ca994f2239ad27c804b003c74cc26f9dffae28f1b4006fc618580f0dc9c45f0b7361c24728c23688b45f41cb8a15cf6206c3f15c3
 SHA512 
af9c34d89170a30fc92a63973e32c766ed4a6d254bb210e317c000d46913e78d0c60c7befe62d993d659be000b828b9d4d3832fc40df1c3d33850aaa6293846f
+DIST openssh-8.6p1-sctp-1.2.patch.xz 7696 BLAKE2B 
37f9e943a1881af05d9cf2234433711dc45ca30c60af4c0ea38a1d361df02abb491fa114f3698285f582b40b838414c1a048c4f09aa4f7ae9499adb09201d2ac
 SHA512 
ba8c4d38a3d90854e79dc18918fffde246d7609a3f1c3a35e06c0fbe33d3688ed29b0ec33556ae37d1654e1dc2133d892613ad8d1ecbdce9aaa5b9eb10dcbb7a
+DIST openssh-8.6p1.tar.gz 1786328 BLAKE2B 
261a0f1a6235275894d487cce37537755c86835e3a34871462fe29bfe72b49cd9a6b6a547aea4bd554f0957e110c84458cc75a5f2560717fb04804d62228562a
 SHA512 
9854eda0b773c64c9f1f74844ce466b2b42ee8845f58ad062b73141d617af944fa4ebafdf72069f400106d2c2bd0a69c92fe805ec1fc26d4f0faadf06c3fbbe6
 DIST openssh-8_3_P1-hpn-AES-CTR-14.22.diff 29963 BLAKE2B 
19b82f4ff820f52dafaa5b3f09f8a0a67f318771c1c7276b9d37e4a6412052c9c53347f880f2d78981af3830432704b9ad74b375241965326530ae23ec8d74a2
 SHA512 
49f2778831dc768850870a1755da9cdd7d3bc83fa87069070f5a1d357ce9bdadeb2506c8ff3c6b055708da12a70e9ede7ed0e8a29fcab441abb55c9d483663be
 DIST openssh-8_3_P1-hpn-DynWinNoneSwitch-14.22.diff 42783 BLAKE2B 
10940c35ae6bdc33e58bc9abd9cd7a551d4ca76a175400acb872906805bd04d384f57e81049b183d7d892ce1b5f7a138e197366369fe12e5c9dc1349850b0582
 SHA512 
c09162b96e0ffadc59c6076507bc843e6f8f2fb372140b84181f5fb2894225b1e05a831d85ba689c35c322b5a99302b9db77c324f978f1a46a16b185b3cb28dd
 DIST openssh-8_3_P1-hpn-PeakTput-14.22.diff 2012 BLAKE2B 
701f46da022e7ecf35b57f41bf5682a37be453c175928d3ff3df09292275e6021f6108a20c02eec9d636e85ee5a8e05b7233ada180edf1209a3dc4b139d58858
 SHA512 
026f65c62e4c05b69661094d41bf338df608e2a9b23ef95588062e3bd68729733dae32adab783609a6eca810ccdcbddee25e7649a534c9a283a03282f73438bb

diff --git a/net-misc/openssh/files/openssh-8.6_p1-X509-glue-13.0.1.patch 
b/net-misc/openssh/files/openssh-8.6_p1-X509-glue-13.0.1.patch
new file mode 100644
index 000..f9da7bbc345
--- /dev/null
+++ b/net-misc/openssh/files/openssh-8.6_p1-X509-glue-13.0.1.patch
@@ -0,0 +1,73 @@
+diff --exclude '*.un~' -ubr a/openssh-8.5p1+x509-13.0.1.diff 
b/openssh-8.5p1+x509-13.0.1.diff
+--- a/openssh-8.5p1+x509-13.0.1.diff   2021-04-19 14:21:08.076526576 -0700
 b/openssh-8.5p1+x509-13.0.1.diff   2021-04-19 14:21:23.160563489 -0700
+@@ -46675,12 +46675,11 @@
+  
+  install-files:
+   $(MKDIR_P) $(DESTDIR)$(bindir)
+-@@ -380,6 +364,8 @@
++@@ -380,6 +364,7 @@
+   $(MKDIR_P) $(DESTDIR)$(mandir)/$(mansubdir)5
+   $(MKDIR_P) $(DESTDIR)$(mandir)/$(mansubdir)8
+   $(MKDIR_P) $(DESTDIR)$(libexecdir)
+ + $(MKDIR_P) $(DESTDIR)$(sshcadir)
+-+ $(MKDIR_P) $(DESTDIR)$(piddir)
+   $(MKDIR_P) -m 0755 $(DESTDIR)$(PRIVSEP_PATH)
+   $(INSTALL) -m 0755 $(STRIP_OPT) ssh$(EXEEXT) 
$(DESTDIR)$(bindir)/ssh$(EXEEXT)
+   $(INSTALL) -m 0755 $(STRIP_OPT) scp$(EXEEXT) 
$(DESTDIR)$(bindir)/scp$(EXEEXT)
+@@ -63967,7 +63966,7 @@
+ - echo "putty interop tests not enabled"
+ - exit 0
+ -fi
+-+$REGRESS_INTEROP_PUTTY || { echo "putty interop tests are not enabled" >&1;  
exit 1; }
+++$REGRESS_INTEROP_PUTTY || { echo 

[gentoo-commits] repo/gentoo:master commit in: net-misc/openssh/, net-misc/openssh/files/

[Patrick McLean]

commit: 6ab43983d88d999bfb8d6fb2acceba6b20b1bc6b
Author: Patrick McLean  sony  com>
AuthorDate: Tue Mar 16 19:07:48 2021 +
Commit: Patrick McLean  gentoo  org>
CommitDate: Tue Mar 16 19:08:08 2021 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=6ab43983

net-misc/openssh-8.5_p1-r1: Revbump, update X509 and HPN patchesets

Copyright: Sony Interactive Entertainment Inc.
Package-Manager: Portage-3.0.17, Repoman-3.0.2
Signed-off-by: Patrick McLean  gentoo.org>

 net-misc/openssh/Manifest  |   4 +
 .../files/openssh-8.5_p1-X509-glue-13.0.1.patch|  72 +++
 .../openssh-8.5_p1-hpn-15.2-X509-13.0.1-glue.patch | 328 +
 .../files/openssh-8.5_p1-hpn-15.2-glue.patch   | 104 +
 .../files/openssh-8.5_p1-hpn-15.2-sctp-glue.patch  |  18 +
 net-misc/openssh/openssh-8.5_p1-r1.ebuild  | 514 +
 6 files changed, 1040 insertions(+)

diff --git a/net-misc/openssh/Manifest b/net-misc/openssh/Manifest
index 4c9fa8922fa..03ef9f4f735 100644
--- a/net-misc/openssh/Manifest
+++ b/net-misc/openssh/Manifest
@@ -1,6 +1,7 @@
 DIST openssh-8.4p1+x509-12.6.diff.gz 857479 BLAKE2B 
ac8c3e8c1087ca571e5459c9826903410ff2d45de60151d9bd8e59da15805b75752f8f3ffc231c9f8aaa8f2b2c07a97a8296684f885e0d14b54ff5d7bc585588
 SHA512 
e56516b376ecc3e5464895744ce0616cf4446a891fbd3cbcb090d5f61ebc349d74f9c01e855ccd22e574dbfeec0cb2ba7daf582983010ff991243a6371cc5fe3
 DIST openssh-8.4p1-sctp-1.2.patch.xz 7668 BLAKE2B 
2e22d2a90723cea9ef958bd989b8c431fcb08b4dc5bfd3ebbf463ca9546dc37acdc185c35ddf3adbb90bde9b3902bf36524a456061a9bcbdef7a76ece79e2ff4
 SHA512 
90da34b7b86e52df9e0191c99c9d645a4d4671958adebeed46e1149102d4ba8c729eadb79d84fad9feac64aafa0541d2f1f4db8cdfe0af5ba893aac072ef2380
 DIST openssh-8.4p1.tar.gz 1742201 BLAKE2B 
4b1e60d4962095df045c3a31bbf8af725b1c07324c4aa1f6b9a3ddb7e695c98e9aa01655b268f6fd6a400f511b23be91f6b89d07b14a6a2d92f873efb4d9c146
 SHA512 
d65275b082c46c5efe7cf3264fa6794d6e99a36d4a54b50554fc56979d6c0837381587fd5399195e1db680d2a5ad1ef0b99a180eac2b4de5637906cb7a89e9ce
+DIST openssh-8.5p1+x509-13.0.1.diff.gz 997005 BLAKE2B 
b6cdc9ba12dc642c7073463fb8b153a32019e8bc4c1778c2371d89cdc8d9b43e86523d0c03ebeeafa7004a16ad46dfbc18b338bf95f46101d8865709d45aa6b0
 SHA512 
b0247885d3a0718eb4df123c552f9e95ad9ffd55f96189aca35006c23d76ec76b28420cac4d7b2167c07f2e0a0652edfa20c2ce60aea3f7607a1e747f836ff91
 DIST openssh-8.5p1+x509-13.0.diff.gz 996872 BLAKE2B 
136937e4e65e5e73d1d1b596ae6188f359daa8e95aafd57fab8cf947b59fde573ff4e6259781d1a0fd89718d14469ca4aed01bae6f37cc16df109c673fa2c73c
 SHA512 
2276b0ac577162f7f6a56115637636a6eaaa8b3cc06e5ef053ec06e00a7c3459efe8de8dbc5f55c9f6a192534e2f7c8c7064fcdbf56d28b628bb301c5072802c
 DIST openssh-8.5p1-sctp-1.2.patch.xz 7692 BLAKE2B 
298bf5e2004fd864bdbb6d6f354d1fbcb7052a9caaf8e39863b840a7af8e31f87790f6aa10ae84df177d450bb34a43c4a3aa87d7472e2505d727757c016ce92b
 SHA512 
84990f95e22c90dbc4d04d47ea88b761ff1d0101018661ff2376ac2a726b5fca43f1b5f5d926ccbe1c8d0143ac36b104616bd1a6b5dcdba4addf48a5dd196e2b
 DIST openssh-8.5p1.tar.gz 1779733 BLAKE2B 
f4e4bd39e2dd275d4811e06ca994f2239ad27c804b003c74cc26f9dffae28f1b4006fc618580f0dc9c45f0b7361c24728c23688b45f41cb8a15cf6206c3f15c3
 SHA512 
af9c34d89170a30fc92a63973e32c766ed4a6d254bb210e317c000d46913e78d0c60c7befe62d993d659be000b828b9d4d3832fc40df1c3d33850aaa6293846f
@@ -10,3 +11,6 @@ DIST openssh-8_3_P1-hpn-PeakTput-14.22.diff 2012 BLAKE2B 
701f46da022e7ecf35b57f4
 DIST openssh-8_4_P1-hpn-AES-CTR-15.1.diff 29966 BLAKE2B 
79dea4e16ffdda329131eb48a3c3dd40e167e5c6fa4dd2beb6c67e7e4f17a45c6645e84dcdc97baae90215a802cd1d723dfd88c981b1db826f61fca0a4e92ae1
 SHA512 
cdb7aa5737a1527d83ffa747d17ae997a64b7bc16e198d0721b690e5932446d30ba4129c122be2a457f261be7a11d944ef49ba2450ce90f552daab508b0c980b
 DIST openssh-8_4_P1-hpn-DynWinNoneSwitch-15.1.diff 51327 BLAKE2B 
6879df5bfb4c07c44b41620bd49433591711edb08ad6b5c09af8a5f754ca09f3ff6a066ffac3210fdad6dee47710221dca0a3dc47b919498ec6939b42a073418
 SHA512 
1e6471e88783acf764186577a767ea7c2071bcab1b803c18288f70166d87471703b332dae3bdcaf4318039089caebfba46e5b6da218912eff1103bd03d736a60
 DIST openssh-8_4_P1-hpn-PeakTput-15.1.diff 2429 BLAKE2B 
fc2140f4036ef57b7093696680b6e157c78bb431af9bc9e75f223c2b13693f0ec2ad214fbf6b2ba0059cbf3690a93235559f07b46dabd056d65ae1fc9d7418f0
 SHA512 
99801a743da8f108dcf883bc216f2abd3fc3071617566b83eb07b6627ed657cccf0ea93ea2a70eff1050a34a0e635e732665c5583e8aa35968fdeb839f837b63
+DIST openssh-8_5_P1-hpn-AES-CTR-15.2.diff 30096 BLAKE2B 
f0c020dd2403806c79d4c37a019996d275655b04997301e247f5c4dd7fad35d12b3b7c25afb1b078d915ef2a4ae02f736f0aec9ba2a8c56a405d7ca303bcadf7
 SHA512 
4c2dbf99a9b5953fdb955f700272bbaeaa025f108a8860d2190197962b849f8385327af82c4d6a3a130a7fba35a74a8ec9437d642867601acb29817c49632a8f
+DIST openssh-8_5_P1-hpn-DynWinNoneSwitch-15.2.diff 51428 BLAKE2B 
370b88a7da7f148bf5a4d445f05cf593b486e9df53bba027e2e179726f534b68cf9d94edd6e53024e0b6ff5f20e568727bc9d26c94d0d415603602a80d3ad241
 SHA512 

[gentoo-commits] repo/gentoo:master commit in: net-misc/openssh/, net-misc/openssh/files/

[Patrick McLean]

commit: 3991e69a8144f7b2459ae7a666ec74c868ae7d2d
Author: Patrick McLean  sony  com>
AuthorDate: Mon Oct  5 19:05:12 2020 +
Commit: Patrick McLean  gentoo  org>
CommitDate: Mon Oct  5 19:05:36 2020 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=3991e69a

net-misc/openssh-8.4_p1-r1: Revbump, enable the X509 USE flag

Copyright: Sony Interactive Entertainment Inc.
Package-Manager: Portage-3.0.8, Repoman-3.0.1
Signed-off-by: Patrick McLean  gentoo.org>

 net-misc/openssh/Manifest  |   1 +
 .../files/openssh-8.4_p1-X509-glue-12.6.patch  |  34 ++
 .../files/openssh-8.4_p1-hpn-14.22-X509-glue.patch | 129 +
 ...nssh-8.4_p1.ebuild => openssh-8.4_p1-r1.ebuild} |  12 +-
 4 files changed, 167 insertions(+), 9 deletions(-)

diff --git a/net-misc/openssh/Manifest b/net-misc/openssh/Manifest
index 8683815ce7d..173d930cac0 100644
--- a/net-misc/openssh/Manifest
+++ b/net-misc/openssh/Manifest
@@ -8,6 +8,7 @@ DIST openssh-8.2p1.tar.gz 1701197 BLAKE2B 
8b95cdebc87e8d14f655ed13c12b91b122adf4
 DIST openssh-8.3p1+x509-12.5.1.diff.gz 803054 BLAKE2B 
ec88959b4e3328e70d6f136f3d5bebced2e555de3ea40f55c535ca8a30a0eed84d177ad966e5bda46e1fc61d42141b13e96d068f5abfd069ae81b131dfb5a66c
 SHA512 
28166a1a1aeff0c65f36263c0009e82cda81fc8f4efe3d11fabd0312d199a4f935476cf7074fbce68787d2fec0fd42f00fef383bf856a5767ce9d0ca6bbc8ef0
 DIST openssh-8.3p1-sctp-1.2.patch.xz 7668 BLAKE2B 
abbc65253d842c09a04811bdbafc175c5226996cdd190812b47ce9646853cd5c1b21d733e719b481cce9c7f4dc00894b6d6be732e311850963df23b9dc55a0e6
 SHA512 
4e0cc1707663f902dfbf331a431325da78759cc757a4aaae33e0c7f64f21830ec805168d8ae4d47a65a20c235fa534679e288f922df2b24655b7d1ee9a3bf014
 DIST openssh-8.3p1.tar.gz 1706358 BLAKE2B 
0b53d92caa4a0f4cb40eee671ac889753d320b7c8e44df159a81dd8163c3663f07fa648f5dc506fb27d31893acf9701b997598c50bf204acf54172d72825a4d8
 SHA512 
b5232f7c85bf59ae2ff9d17b030117012e257e3b8c0d5ac60bb139a85b1fbf298b40f2e04203a2e13ca7273053ed668b9dedd54d3a67a7cb8e8e58c0228c5f40
+DIST openssh-8.4p1+x509-12.6.diff.gz 857479 BLAKE2B 
ac8c3e8c1087ca571e5459c9826903410ff2d45de60151d9bd8e59da15805b75752f8f3ffc231c9f8aaa8f2b2c07a97a8296684f885e0d14b54ff5d7bc585588
 SHA512 
e56516b376ecc3e5464895744ce0616cf4446a891fbd3cbcb090d5f61ebc349d74f9c01e855ccd22e574dbfeec0cb2ba7daf582983010ff991243a6371cc5fe3
 DIST openssh-8.4p1-sctp-1.2.patch.xz 7668 BLAKE2B 
2e22d2a90723cea9ef958bd989b8c431fcb08b4dc5bfd3ebbf463ca9546dc37acdc185c35ddf3adbb90bde9b3902bf36524a456061a9bcbdef7a76ece79e2ff4
 SHA512 
90da34b7b86e52df9e0191c99c9d645a4d4671958adebeed46e1149102d4ba8c729eadb79d84fad9feac64aafa0541d2f1f4db8cdfe0af5ba893aac072ef2380
 DIST openssh-8.4p1.tar.gz 1742201 BLAKE2B 
4b1e60d4962095df045c3a31bbf8af725b1c07324c4aa1f6b9a3ddb7e695c98e9aa01655b268f6fd6a400f511b23be91f6b89d07b14a6a2d92f873efb4d9c146
 SHA512 
d65275b082c46c5efe7cf3264fa6794d6e99a36d4a54b50554fc56979d6c0837381587fd5399195e1db680d2a5ad1ef0b99a180eac2b4de5637906cb7a89e9ce
 DIST openssh-8_1_P1-hpn-AES-CTR-14.20.diff 29935 BLAKE2B 
79101c43601e41306c957481c0680a63357d93bededdf12a32229d50acd9c1f46a386cbb91282e9e7d7bb26a9f276f5a675fd2de7662b7cbd073322b172d3bca
 SHA512 
94f011b7e654630e968a378375aa54fa1fde087b4426d0f2225813262e6667a1073814d6a83e9005f97b371c536e462e614bfe726b092ffed8229791592ca221

diff --git a/net-misc/openssh/files/openssh-8.4_p1-X509-glue-12.6.patch 
b/net-misc/openssh/files/openssh-8.4_p1-X509-glue-12.6.patch
new file mode 100644
index 000..f12a3096b64
--- /dev/null
+++ b/net-misc/openssh/files/openssh-8.4_p1-X509-glue-12.6.patch
@@ -0,0 +1,34 @@
+diff -u a/openssh-8.4p1+x509-12.6.diff b/openssh-8.4p1+x509-12.6.diff
+--- a/openssh-8.4p1+x509-12.6.diff 2020-10-04 10:58:16.980495330 -0700
 b/openssh-8.4p1+x509-12.6.diff 2020-10-04 11:02:31.951966223 -0700
+@@ -39348,12 +39348,11 @@
+  
+  install-files:
+   $(MKDIR_P) $(DESTDIR)$(bindir)
+-@@ -384,6 +365,8 @@
++@@ -384,6 +365,7 @@
+   $(MKDIR_P) $(DESTDIR)$(mandir)/$(mansubdir)5
+   $(MKDIR_P) $(DESTDIR)$(mandir)/$(mansubdir)8
+   $(MKDIR_P) $(DESTDIR)$(libexecdir)
+ + $(MKDIR_P) $(DESTDIR)$(sshcadir)
+-+ $(MKDIR_P) $(DESTDIR)$(piddir)
+   $(MKDIR_P) -m 0755 $(DESTDIR)$(PRIVSEP_PATH)
+   $(INSTALL) -m 0755 $(STRIP_OPT) ssh$(EXEEXT) 
$(DESTDIR)$(bindir)/ssh$(EXEEXT)
+   $(INSTALL) -m 0755 $(STRIP_OPT) scp$(EXEEXT) 
$(DESTDIR)$(bindir)/scp$(EXEEXT)
+@@ -103950,16 +103949,6 @@
+ +int   asnmprintf(char **, size_t, int *, const char *, ...)
+__attribute__((format(printf, 4, 5)));
+  void  msetlocale(void);
+-diff -ruN openssh-8.4p1/version.h openssh-8.4p1+x509-12.6/version.h
+ openssh-8.4p1/version.h   2020-09-27 10:25:01.0 +0300
+-+++ openssh-8.4p1+x509-12.6/version.h 2020-10-03 10:07:00.0 +0300
+-@@ -2,5 +2,4 @@
+- 
+- #define SSH_VERSION  "OpenSSH_8.4"
+- 
+--#define SSH_PORTABLE "p1"
+--#define SSH_RELEASE  SSH_VERSION SSH_PORTABLE
+-+#define SSH_RELEASE  PACKAGE_STRING ", " SSH_VERSION "p1"
+ diff 

[gentoo-commits] repo/gentoo:master commit in: net-misc/openssh/, net-misc/openssh/files/

[Patrick McLean]

commit: eaf0a3123c2d98d8a7c6f3a46f6565577cf0d11a
Author: Patrick McLean  sony  com>
AuthorDate: Fri Jul 31 18:41:04 2020 +
Commit: Patrick McLean  gentoo  org>
CommitDate: Fri Jul 31 18:41:19 2020 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=eaf0a312

net-misc/openssh-8.3_p1-r4: Add workaround libmd bug 734984

Bug: https://bugs.gentoo.org/734984
Copyright: Sony Interactive Entertainment Inc.
Package-Manager: Portage-3.0.1, Repoman-2.3.23
Signed-off-by: Patrick McLean  gentoo.org>

 net-misc/openssh/files/openssh-8.3_p1-sha2-include.patch | 13 +
 net-misc/openssh/openssh-8.3_p1-r4.ebuild|  3 +++
 2 files changed, 16 insertions(+)

diff --git a/net-misc/openssh/files/openssh-8.3_p1-sha2-include.patch 
b/net-misc/openssh/files/openssh-8.3_p1-sha2-include.patch
new file mode 100644
index 000..6bd71661970
--- /dev/null
+++ b/net-misc/openssh/files/openssh-8.3_p1-sha2-include.patch
@@ -0,0 +1,13 @@
+diff --git a/Makefile.in b/Makefile.in
+index c9e4294d..2dbfac24 100644
+--- a/Makefile.in
 b/Makefile.in
+@@ -44,7 +44,7 @@ CC=@CC@
+ LD=@LD@
+ CFLAGS=@CFLAGS@
+ CFLAGS_NOPIE=@CFLAGS_NOPIE@
+-CPPFLAGS=-I. -I$(srcdir) @CPPFLAGS@ $(PATHS) @DEFS@
++CPPFLAGS=-I. -I$(srcdir) -I$(srcdir)/openbsd-compat @CPPFLAGS@ $(PATHS) @DEFS@
+ PICFLAG=@PICFLAG@
+ LIBS=@LIBS@
+ K5LIBS=@K5LIBS@

diff --git a/net-misc/openssh/openssh-8.3_p1-r4.ebuild 
b/net-misc/openssh/openssh-8.3_p1-r4.ebuild
index a3d261036a7..6e93d57cf89 100644
--- a/net-misc/openssh/openssh-8.3_p1-r4.ebuild
+++ b/net-misc/openssh/openssh-8.3_p1-r4.ebuild
@@ -137,6 +137,9 @@ src_prepare() {
eapply "${FILESDIR}"/${PN}-8.0_p1-fix-putty-tests.patch
eapply 
"${FILESDIR}"/${PN}-8.0_p1-deny-shmget-shmat-shmdt-in-preauth-privsep-child.patch
 
+   # workaround for https://bugs.gentoo.org/734984
+   use X509 || eapply "${FILESDIR}"/${PN}-8.3_p1-sha2-include.patch
+
[[ -d ${WORKDIR}/patches ]] && eapply "${WORKDIR}"/patches
 
local PATCHSET_VERSION_MACROS=()

[gentoo-commits] repo/gentoo:master commit in: net-misc/openssh/, net-misc/openssh/files/

[Patrick McLean]

commit: b11cf9461fbba27c2f87c9b73ff2dd3f043250a5
Author: Patrick McLean  sony  com>
AuthorDate: Thu May 28 22:09:12 2020 +
Commit: Patrick McLean  gentoo  org>
CommitDate: Thu May 28 22:09:20 2020 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b11cf946

net-misc/openssh-8.3_p1: Version bump, no X509 yet

Copyright: Sony Interactive Entertainment Inc.
Package-Manager: Portage-2.3.100, Repoman-2.3.22
Signed-off-by: Patrick McLean  gentoo.org>

 net-misc/openssh/Manifest  |   2 +
 .../files/openssh-8.3_p1-hpn-14.20-glue.patch  | 177 
 net-misc/openssh/openssh-8.3_p1.ebuild | 492 +
 3 files changed, 671 insertions(+)

diff --git a/net-misc/openssh/Manifest b/net-misc/openssh/Manifest
index 9ab471f4d0d..cdd391e5ba2 100644
--- a/net-misc/openssh/Manifest
+++ b/net-misc/openssh/Manifest
@@ -6,6 +6,8 @@ DIST openssh-8.2p1+x509-12.4.2.diff.gz 805574 BLAKE2B 
4df31b634308ce074d820df249
 DIST openssh-8.2p1+x509-12.4.3.diff.gz 806905 BLAKE2B 
8e0f0f3eeb2aafd9fc9e6eca80c0b51ffedbed9dfc46ff73bb1becd28f6ac013407d03107b59da05d9d56edbf283eef20891086867b79efd8aab81c3e9a4a32f
 SHA512 
51117d7e4df2ff78c4fdfd08c2bb8f1739b1db064df65bab3872e1a956c277a4736c511794aa399061058fea666a76ee07bb50d83a0d077b7fa572d02c030b91
 DIST openssh-8.2p1-sctp-1.2.patch.xz 7668 BLAKE2B 
717487cffd235a5dfa2d9d3f2c1983f410d400b0d23f71a9b74406ac3d2f448d76381a3b7a3244942bff4e6bdc3bc78d148b9949c78dc297d99c7330179f8176
 SHA512 
a5fbd827e62e91b762062a29c7bc3bf569a202bdc8c91da7d77566ff8bb958b5b9fb6f8d45df586e0d7ac07a83de6e82996e9c5cdd6b3bf43336c420d3099305
 DIST openssh-8.2p1.tar.gz 1701197 BLAKE2B 
8b95cdebc87e8d14f655ed13c12b91b122adf47161071aa81d0763f81b12fe4bc3d409c260783d995307d4e4ed2d16080fd74b15e4dc6dcc5648d7e66720c3ed
 SHA512 
c4db64e52a3a4c410de9de49f9cb104dd493b10250af3599b92457dd986277b3fd99a6f51cec94892fd1be5bd0369c5757262ea7805f0de464b245c3d34c120a
+DIST openssh-8.3p1-sctp-1.2.patch.xz 7668 BLAKE2B 
abbc65253d842c09a04811bdbafc175c5226996cdd190812b47ce9646853cd5c1b21d733e719b481cce9c7f4dc00894b6d6be732e311850963df23b9dc55a0e6
 SHA512 
4e0cc1707663f902dfbf331a431325da78759cc757a4aaae33e0c7f64f21830ec805168d8ae4d47a65a20c235fa534679e288f922df2b24655b7d1ee9a3bf014
+DIST openssh-8.3p1.tar.gz 1706358 BLAKE2B 
0b53d92caa4a0f4cb40eee671ac889753d320b7c8e44df159a81dd8163c3663f07fa648f5dc506fb27d31893acf9701b997598c50bf204acf54172d72825a4d8
 SHA512 
b5232f7c85bf59ae2ff9d17b030117012e257e3b8c0d5ac60bb139a85b1fbf298b40f2e04203a2e13ca7273053ed668b9dedd54d3a67a7cb8e8e58c0228c5f40
 DIST openssh-8_1_P1-hpn-AES-CTR-14.20.diff 29935 BLAKE2B 
79101c43601e41306c957481c0680a63357d93bededdf12a32229d50acd9c1f46a386cbb91282e9e7d7bb26a9f276f5a675fd2de7662b7cbd073322b172d3bca
 SHA512 
94f011b7e654630e968a378375aa54fa1fde087b4426d0f2225813262e6667a1073814d6a83e9005f97b371c536e462e614bfe726b092ffed8229791592ca221
 DIST openssh-8_1_P1-hpn-DynWinNoneSwitch-14.20.diff 42696 BLAKE2B 
d8ac7fa1a4e4d1877acdedeaee80172da469b5a62d0aaa43d6ed46c578e7893577b9d563835d89ca2044867fc561ad3f562bf504c025cf4c78421cf3d24397e9
 SHA512 
768db7cca8839df4441afcb08457d13d32625b31859da527c3d7f1a92d17a4ec81d6987db00879c394bbe59589e57b10bfd98899a167ffed65ab367b1fd08739
 DIST openssh-8_1_P1-hpn-PeakTput-14.20.diff 2012 BLAKE2B 
e42c43128f1d82b4de1517e6a9219947da03cecb607f1bc45f0728547f17601a6ce2ec819b6434890efd19ceaf4d20cb98183596ab5ee79e104a52cda7db9cdc
 SHA512 
238f9419efd3be80bd700f6ae7e210e522d747c363c4e670364f5191f144ae3aa8d1b1539c0bf87b3de36743aa73e8101c53c0ef1c6472d209569be389e7814d

diff --git a/net-misc/openssh/files/openssh-8.3_p1-hpn-14.20-glue.patch 
b/net-misc/openssh/files/openssh-8.3_p1-hpn-14.20-glue.patch
new file mode 100644
index 000..4414f9be533
--- /dev/null
+++ b/net-misc/openssh/files/openssh-8.3_p1-hpn-14.20-glue.patch
@@ -0,0 +1,177 @@
+Only in b: .openssh-8_1_P1-hpn-DynWinNoneSwitch-14.20.diff.un~
+diff -ur a/openssh-8_1_P1-hpn-AES-CTR-14.20.diff 
b/openssh-8_1_P1-hpn-AES-CTR-14.20.diff
+--- a/openssh-8_1_P1-hpn-AES-CTR-14.20.diff2020-05-27 13:52:27.704108928 
-0700
 b/openssh-8_1_P1-hpn-AES-CTR-14.20.diff2020-05-27 13:52:49.803967500 
-0700
+@@ -3,9 +3,9 @@
+ --- a/Makefile.in
+ +++ b/Makefile.in
+ @@ -42,7 +42,7 @@ CC=@CC@
+- LD=@LD@
+- CFLAGS=@CFLAGS@
++ CFLAGS_NOPIE=@CFLAGS_NOPIE@
+  CPPFLAGS=-I. -I$(srcdir) @CPPFLAGS@ $(PATHS) @DEFS@
++ PICFLAG=@PICFLAG@
+ -LIBS=@LIBS@
+ +LIBS=@LIBS@ -lpthread
+  K5LIBS=@K5LIBS@
+@@ -902,14 +902,14 @@
+  
+  /*
+ @@ -2118,6 +2125,8 @@ fill_default_options(Options * options)
++  options->canonicalize_hostname = SSH_CANONICALISE_NO;
++  if (options->fingerprint_hash == -1)
+   options->fingerprint_hash = SSH_FP_HASH_DEFAULT;
+-  if (options->update_hostkeys == -1)
+-  options->update_hostkeys = 0;
+ + if (options->disable_multithreaded == -1)
+ + options->disable_multithreaded = 0;
+- 
+-  /* Expand KEX name lists */
+-  all_cipher = 

[gentoo-commits] repo/gentoo:master commit in: net-misc/openssh/, net-misc/openssh/files/

[Patrick McLean]

commit: f26b60fe95bc3b08580191e3a62e982770502db4
Author: Patrick McLean  gentoo  org>
AuthorDate: Sat Mar 21 20:54:30 2020 +
Commit: Patrick McLean  gentoo  org>
CommitDate: Sat Mar 21 20:54:59 2020 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=f26b60fe

net-misc/openssh-8.2_p1-r6: revbump, update X509 patch to 12.4.3

Package-Manager: Portage-2.3.94, Repoman-2.3.21
Signed-off-by: Patrick McLean  gentoo.org>

 net-misc/openssh/Manifest  |   1 +
 .../files/openssh-8.2_p1-X509-12.4.3-tests.patch   |  11 +
 .../files/openssh-8.2_p1-X509-glue-12.4.3.patch| 128 ++
 net-misc/openssh/openssh-8.2_p1-r6.ebuild  | 482 +
 4 files changed, 622 insertions(+)

diff --git a/net-misc/openssh/Manifest b/net-misc/openssh/Manifest
index eba88b9ecd9..2dca6d75493 100644
--- a/net-misc/openssh/Manifest
+++ b/net-misc/openssh/Manifest
@@ -21,6 +21,7 @@ DIST openssh-8.1p1+x509-12.3.diff.gz 689934 BLAKE2B 
57a302a25bec1d630b9c36f74ab4
 DIST openssh-8.1p1-sctp-1.2.patch.xz 7672 BLAKE2B 
f1aa0713fcb114d8774bd8d524d106401a9d7c2c73a05fbde200ccbdd2562b3636ddd2d0bc3eae9f04b4d7c729c3dafd814ae8c530a76c4a0190fae71d1edcd2
 SHA512 
2bffab0bbae5a4c1875e0cc229bfd83d8565bd831309158cd489d8b877556c69b936243888a181bd9ff302e19f2c174156781574294d260b6384c464d003d566
 DIST openssh-8.1p1.tar.gz 1625894 BLAKE2B 
d525be921a6f49420a58df5ac434d43a0c85e0f6bf8428ecebf04117c50f473185933e6e4485e506ac614f71887a513b9962d7b47969ba785da8e3a38f767322
 SHA512 
b987ea4ffd4ab0c94110723860273b06ed8ffb4d21cbd99ca144a4722dc55f4bf86f6253d500386b6bee7af50f066e2aa2dd095d50746509a10e11221d39d925
 DIST openssh-8.2p1+x509-12.4.2.diff.gz 805574 BLAKE2B 
4df31b634308ce074d820df24984d44fdde48e115f8c2ac62afb09f28602acf9e4b080a13e5ba2e6033fe92bc4289ef00ed7adbb4af334462fbc9c82c4e7b64f
 SHA512 
770b269929df0b7c9709fa2d07693a3ae9ebaca12fe463f7eabdaab66ee115fc02afa46dc847493d5050bff105740f2c1453fc456271d723c6e5b98d5bf7fd43
+DIST openssh-8.2p1+x509-12.4.3.diff.gz 806905 BLAKE2B 
8e0f0f3eeb2aafd9fc9e6eca80c0b51ffedbed9dfc46ff73bb1becd28f6ac013407d03107b59da05d9d56edbf283eef20891086867b79efd8aab81c3e9a4a32f
 SHA512 
51117d7e4df2ff78c4fdfd08c2bb8f1739b1db064df65bab3872e1a956c277a4736c511794aa399061058fea666a76ee07bb50d83a0d077b7fa572d02c030b91
 DIST openssh-8.2p1-sctp-1.2.patch.xz 7668 BLAKE2B 
717487cffd235a5dfa2d9d3f2c1983f410d400b0d23f71a9b74406ac3d2f448d76381a3b7a3244942bff4e6bdc3bc78d148b9949c78dc297d99c7330179f8176
 SHA512 
a5fbd827e62e91b762062a29c7bc3bf569a202bdc8c91da7d77566ff8bb958b5b9fb6f8d45df586e0d7ac07a83de6e82996e9c5cdd6b3bf43336c420d3099305
 DIST openssh-8.2p1.tar.gz 1701197 BLAKE2B 
8b95cdebc87e8d14f655ed13c12b91b122adf47161071aa81d0763f81b12fe4bc3d409c260783d995307d4e4ed2d16080fd74b15e4dc6dcc5648d7e66720c3ed
 SHA512 
c4db64e52a3a4c410de9de49f9cb104dd493b10250af3599b92457dd986277b3fd99a6f51cec94892fd1be5bd0369c5757262ea7805f0de464b245c3d34c120a
 DIST openssh-8_1_P1-hpn-AES-CTR-14.20.diff 29935 BLAKE2B 
79101c43601e41306c957481c0680a63357d93bededdf12a32229d50acd9c1f46a386cbb91282e9e7d7bb26a9f276f5a675fd2de7662b7cbd073322b172d3bca
 SHA512 
94f011b7e654630e968a378375aa54fa1fde087b4426d0f2225813262e6667a1073814d6a83e9005f97b371c536e462e614bfe726b092ffed8229791592ca221

diff --git a/net-misc/openssh/files/openssh-8.2_p1-X509-12.4.3-tests.patch 
b/net-misc/openssh/files/openssh-8.2_p1-X509-12.4.3-tests.patch
new file mode 100644
index 000..1c58d0d5d82
--- /dev/null
+++ b/net-misc/openssh/files/openssh-8.2_p1-X509-12.4.3-tests.patch
@@ -0,0 +1,11 @@
+--- a/openbsd-compat/regress/Makefile.in   2020-02-15 10:59:01.210601434 
-0700
 b/openbsd-compat/regress/Makefile.in   2020-02-15 10:59:18.753485852 
-0700
+@@ -7,7 +7,7 @@
+ CC=@CC@
+ LD=@LD@
+ CFLAGS=@CFLAGS@
+-CPPFLAGS=-I. -I.. -I$(srcdir) -I$(srcdir)/.. @CPPFLAGS@ @DEFS@
++CPPFLAGS=-I. -I.. -I../.. -I$(srcdir) -I$(srcdir)/.. @CPPFLAGS@ @DEFS@
+ EXEEXT=@EXEEXT@
+ LIBCOMPAT=../libopenbsd-compat.a
+ LIBS=@LIBS@

diff --git a/net-misc/openssh/files/openssh-8.2_p1-X509-glue-12.4.3.patch 
b/net-misc/openssh/files/openssh-8.2_p1-X509-glue-12.4.3.patch
new file mode 100644
index 000..e73c499d5c4
--- /dev/null
+++ b/net-misc/openssh/files/openssh-8.2_p1-X509-glue-12.4.3.patch
@@ -0,0 +1,128 @@
+--- a/openssh-8.2p1+x509-12.4.3.diff   2020-03-21 11:15:05.939809371 -0700
 b/openssh-8.2p1+x509-12.4.3.diff   2020-03-21 11:23:15.424752355 -0700
+@@ -39298,16 +39298,15 @@
+  
+  install: $(CONFIGFILES) $(MANPAGES) $(TARGETS) install-files install-sysconf 
host-key check-config
+  install-nokeys: $(CONFIGFILES) $(MANPAGES) $(TARGETS) install-files 
install-sysconf
+-@@ -378,6 +379,8 @@
++@@ -378,6 +379,7 @@
+   $(MKDIR_P) $(DESTDIR)$(mandir)/$(mansubdir)5
+   $(MKDIR_P) $(DESTDIR)$(mandir)/$(mansubdir)8
+   $(MKDIR_P) $(DESTDIR)$(libexecdir)
+ + $(MKDIR_P) $(DESTDIR)$(sshcadir)
+-+ $(MKDIR_P) $(DESTDIR)$(piddir)
+   $(MKDIR_P) -m 0755 $(DESTDIR)$(PRIVSEP_PATH)
+   $(INSTALL) -m 0755 

[gentoo-commits] repo/gentoo:master commit in: net-misc/openssh/, net-misc/openssh/files/

[Patrick McLean]

commit: 79916211d8e6990c65b1b79dbcd5e2ac07c6c164
Author: Patrick McLean  gentoo  org>
AuthorDate: Sun Feb 23 21:18:45 2020 +
Commit: Patrick McLean  gentoo  org>
CommitDate: Sun Feb 23 21:18:45 2020 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=79916211

net-misc/openssh-8.2_p1-r3: revbump, X509 12.4.2, RQUIRED_USE for bug #710586

- bump X509 patch to 12.4.2
- add `!xmss` to X509? REQUIRED_USE as it causes test failures
- Add `xmss? ( || ( ssl libressl ) )` to REQUIRED_USE for bug #710586.

Closes: https://bugs.gentoo.org/710586
Package-Manager: Portage-2.3.89, Repoman-2.3.20
Signed-off-by: Patrick McLean  gentoo.org>

 net-misc/openssh/Manifest  |  2 +-
 ...atch => openssh-8.2_p1-X509-12.4.2-tests.patch} |  0
 ...patch => openssh-8.2_p1-X509-glue-12.4.2.patch} | 38 +++---
 ...h-8.2_p1-r2.ebuild => openssh-8.2_p1-r3.ebuild} |  5 +--
 4 files changed, 23 insertions(+), 22 deletions(-)

diff --git a/net-misc/openssh/Manifest b/net-misc/openssh/Manifest
index 13c4511b28e..eba88b9ecd9 100644
--- a/net-misc/openssh/Manifest
+++ b/net-misc/openssh/Manifest
@@ -20,7 +20,7 @@ DIST openssh-8.1_p1-glibc-2.31-patches.tar.xz 1752 BLAKE2B 
ccab53069c0058be7ba78
 DIST openssh-8.1p1+x509-12.3.diff.gz 689934 BLAKE2B 
57a302a25bec1d630b9c36f74ab490e11c97f9bcbaf8f527e46ae7fd5bade19feb3d8853079870b5c08b70a55e289cf4bf7981c11983973fa588841aeb21e650
 SHA512 
8d7c321423940f5a78a51a25ad5373f5db17a4a8ca7e85041e503998e0823ad22068bc652e907e9f5787858d45ce438a4bba18240fa72e088eb10b903e96b192
 DIST openssh-8.1p1-sctp-1.2.patch.xz 7672 BLAKE2B 
f1aa0713fcb114d8774bd8d524d106401a9d7c2c73a05fbde200ccbdd2562b3636ddd2d0bc3eae9f04b4d7c729c3dafd814ae8c530a76c4a0190fae71d1edcd2
 SHA512 
2bffab0bbae5a4c1875e0cc229bfd83d8565bd831309158cd489d8b877556c69b936243888a181bd9ff302e19f2c174156781574294d260b6384c464d003d566
 DIST openssh-8.1p1.tar.gz 1625894 BLAKE2B 
d525be921a6f49420a58df5ac434d43a0c85e0f6bf8428ecebf04117c50f473185933e6e4485e506ac614f71887a513b9962d7b47969ba785da8e3a38f767322
 SHA512 
b987ea4ffd4ab0c94110723860273b06ed8ffb4d21cbd99ca144a4722dc55f4bf86f6253d500386b6bee7af50f066e2aa2dd095d50746509a10e11221d39d925
-DIST openssh-8.2p1+x509-12.4.1.diff.gz 802693 BLAKE2B 
f4c6b4f0922dda02b726c43c530adb36f884aef03d52c49e7e16d01bc2adae53c1d233c5bb4ae4e434ee982508e256bee826242c0b79a368502e4988155eccb9
 SHA512 
cf0062dd34a034febb7a0e7863527b09b85e94df58bc1370421dbf338a727867810284b85bdcdaf5863a3eadac33fd9927f8e32e70e013ef1c23ca5653e39837
+DIST openssh-8.2p1+x509-12.4.2.diff.gz 805574 BLAKE2B 
4df31b634308ce074d820df24984d44fdde48e115f8c2ac62afb09f28602acf9e4b080a13e5ba2e6033fe92bc4289ef00ed7adbb4af334462fbc9c82c4e7b64f
 SHA512 
770b269929df0b7c9709fa2d07693a3ae9ebaca12fe463f7eabdaab66ee115fc02afa46dc847493d5050bff105740f2c1453fc456271d723c6e5b98d5bf7fd43
 DIST openssh-8.2p1-sctp-1.2.patch.xz 7668 BLAKE2B 
717487cffd235a5dfa2d9d3f2c1983f410d400b0d23f71a9b74406ac3d2f448d76381a3b7a3244942bff4e6bdc3bc78d148b9949c78dc297d99c7330179f8176
 SHA512 
a5fbd827e62e91b762062a29c7bc3bf569a202bdc8c91da7d77566ff8bb958b5b9fb6f8d45df586e0d7ac07a83de6e82996e9c5cdd6b3bf43336c420d3099305
 DIST openssh-8.2p1.tar.gz 1701197 BLAKE2B 
8b95cdebc87e8d14f655ed13c12b91b122adf47161071aa81d0763f81b12fe4bc3d409c260783d995307d4e4ed2d16080fd74b15e4dc6dcc5648d7e66720c3ed
 SHA512 
c4db64e52a3a4c410de9de49f9cb104dd493b10250af3599b92457dd986277b3fd99a6f51cec94892fd1be5bd0369c5757262ea7805f0de464b245c3d34c120a
 DIST openssh-8_1_P1-hpn-AES-CTR-14.20.diff 29935 BLAKE2B 
79101c43601e41306c957481c0680a63357d93bededdf12a32229d50acd9c1f46a386cbb91282e9e7d7bb26a9f276f5a675fd2de7662b7cbd073322b172d3bca
 SHA512 
94f011b7e654630e968a378375aa54fa1fde087b4426d0f2225813262e6667a1073814d6a83e9005f97b371c536e462e614bfe726b092ffed8229791592ca221

diff --git a/net-misc/openssh/files/openssh-8.2_p1-X509-12.4.1-tests.patch 
b/net-misc/openssh/files/openssh-8.2_p1-X509-12.4.2-tests.patch
similarity index 100%
rename from net-misc/openssh/files/openssh-8.2_p1-X509-12.4.1-tests.patch
rename to net-misc/openssh/files/openssh-8.2_p1-X509-12.4.2-tests.patch

diff --git a/net-misc/openssh/files/openssh-8.2_p1-X509-glue-12.4.1.patch 
b/net-misc/openssh/files/openssh-8.2_p1-X509-glue-12.4.2.patch
similarity index 85%
rename from net-misc/openssh/files/openssh-8.2_p1-X509-glue-12.4.1.patch
rename to net-misc/openssh/files/openssh-8.2_p1-X509-glue-12.4.2.patch
index 4e948524167..90a5d5a660f 100644
--- a/net-misc/openssh/files/openssh-8.2_p1-X509-glue-12.4.1.patch
+++ b/net-misc/openssh/files/openssh-8.2_p1-X509-glue-12.4.2.patch
@@ -1,7 +1,7 @@
-diff --exclude '*.un~' -ubr a/openssh-8.2p1+x509-12.4.1.diff 
b/openssh-8.2p1+x509-12.4.1.diff
 a/openssh-8.2p1+x509-12.4.1.diff   2020-02-18 13:58:50.824902609 -0800
-+++ b/openssh-8.2p1+x509-12.4.1.diff   2020-02-18 13:59:57.917485338 -0800
-@@ -39197,16 +39197,15 @@
+diff --exclude '*.un~' -ubr a/openssh-8.2p1+x509-12.4.2.diff 
b/openssh-8.2p1+x509-12.4.2.diff
+--- 

[gentoo-commits] repo/gentoo:master commit in: net-misc/openssh/, net-misc/openssh/files/

[Patrick McLean]

commit: 8de9de744087af9ec0f7582225d39526831302b8
Author: Patrick McLean  sony  com>
AuthorDate: Tue Feb 18 22:33:26 2020 +
Commit: Patrick McLean  gentoo  org>
CommitDate: Tue Feb 18 22:33:26 2020 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=8de9de74

net-misc/openssh-8.2_p1-r2: revbump, update X509 patch to 12.4.1

Copyright: Sony Interactive Entertainment Inc.
Package-Manager: Portage-2.3.89, Repoman-2.3.20
Signed-off-by: Patrick McLean  gentoo.org>

 net-misc/openssh/Manifest  |  2 +-
 ...atch => openssh-8.2_p1-X509-12.4.1-tests.patch} |  0
 ...patch => openssh-8.2_p1-X509-glue-12.4.1.patch} | 41 ++
 ...h-8.2_p1-r1.ebuild => openssh-8.2_p1-r2.ebuild} |  4 +--
 4 files changed, 13 insertions(+), 34 deletions(-)

diff --git a/net-misc/openssh/Manifest b/net-misc/openssh/Manifest
index 3dae8b09853..13c4511b28e 100644
--- a/net-misc/openssh/Manifest
+++ b/net-misc/openssh/Manifest
@@ -20,7 +20,7 @@ DIST openssh-8.1_p1-glibc-2.31-patches.tar.xz 1752 BLAKE2B 
ccab53069c0058be7ba78
 DIST openssh-8.1p1+x509-12.3.diff.gz 689934 BLAKE2B 
57a302a25bec1d630b9c36f74ab490e11c97f9bcbaf8f527e46ae7fd5bade19feb3d8853079870b5c08b70a55e289cf4bf7981c11983973fa588841aeb21e650
 SHA512 
8d7c321423940f5a78a51a25ad5373f5db17a4a8ca7e85041e503998e0823ad22068bc652e907e9f5787858d45ce438a4bba18240fa72e088eb10b903e96b192
 DIST openssh-8.1p1-sctp-1.2.patch.xz 7672 BLAKE2B 
f1aa0713fcb114d8774bd8d524d106401a9d7c2c73a05fbde200ccbdd2562b3636ddd2d0bc3eae9f04b4d7c729c3dafd814ae8c530a76c4a0190fae71d1edcd2
 SHA512 
2bffab0bbae5a4c1875e0cc229bfd83d8565bd831309158cd489d8b877556c69b936243888a181bd9ff302e19f2c174156781574294d260b6384c464d003d566
 DIST openssh-8.1p1.tar.gz 1625894 BLAKE2B 
d525be921a6f49420a58df5ac434d43a0c85e0f6bf8428ecebf04117c50f473185933e6e4485e506ac614f71887a513b9962d7b47969ba785da8e3a38f767322
 SHA512 
b987ea4ffd4ab0c94110723860273b06ed8ffb4d21cbd99ca144a4722dc55f4bf86f6253d500386b6bee7af50f066e2aa2dd095d50746509a10e11221d39d925
-DIST openssh-8.2p1+x509-12.4.diff.gz 802630 BLAKE2B 
1d4c30aa6fb2b90c3213a04adef8fc99b28796e72b067d308d5947a6f697ca2abead2a4658356e01347efaf9eb5100aeb054b56b04d55dd716d3793fad69010e
 SHA512 
0314496ed7466efb90f18143b70d676fbb7990fd9ec6685992f36a031b47c638597ed3773ec3c121d416cbbf8ba2d3d2e8cb9c703bfc77a82ba5aa5c3bdde0de
+DIST openssh-8.2p1+x509-12.4.1.diff.gz 802693 BLAKE2B 
f4c6b4f0922dda02b726c43c530adb36f884aef03d52c49e7e16d01bc2adae53c1d233c5bb4ae4e434ee982508e256bee826242c0b79a368502e4988155eccb9
 SHA512 
cf0062dd34a034febb7a0e7863527b09b85e94df58bc1370421dbf338a727867810284b85bdcdaf5863a3eadac33fd9927f8e32e70e013ef1c23ca5653e39837
 DIST openssh-8.2p1-sctp-1.2.patch.xz 7668 BLAKE2B 
717487cffd235a5dfa2d9d3f2c1983f410d400b0d23f71a9b74406ac3d2f448d76381a3b7a3244942bff4e6bdc3bc78d148b9949c78dc297d99c7330179f8176
 SHA512 
a5fbd827e62e91b762062a29c7bc3bf569a202bdc8c91da7d77566ff8bb958b5b9fb6f8d45df586e0d7ac07a83de6e82996e9c5cdd6b3bf43336c420d3099305
 DIST openssh-8.2p1.tar.gz 1701197 BLAKE2B 
8b95cdebc87e8d14f655ed13c12b91b122adf47161071aa81d0763f81b12fe4bc3d409c260783d995307d4e4ed2d16080fd74b15e4dc6dcc5648d7e66720c3ed
 SHA512 
c4db64e52a3a4c410de9de49f9cb104dd493b10250af3599b92457dd986277b3fd99a6f51cec94892fd1be5bd0369c5757262ea7805f0de464b245c3d34c120a
 DIST openssh-8_1_P1-hpn-AES-CTR-14.20.diff 29935 BLAKE2B 
79101c43601e41306c957481c0680a63357d93bededdf12a32229d50acd9c1f46a386cbb91282e9e7d7bb26a9f276f5a675fd2de7662b7cbd073322b172d3bca
 SHA512 
94f011b7e654630e968a378375aa54fa1fde087b4426d0f2225813262e6667a1073814d6a83e9005f97b371c536e462e614bfe726b092ffed8229791592ca221

diff --git a/net-misc/openssh/files/openssh-8.2_p1-X509-12.4-tests.patch 
b/net-misc/openssh/files/openssh-8.2_p1-X509-12.4.1-tests.patch
similarity index 100%
rename from net-misc/openssh/files/openssh-8.2_p1-X509-12.4-tests.patch
rename to net-misc/openssh/files/openssh-8.2_p1-X509-12.4.1-tests.patch

diff --git a/net-misc/openssh/files/openssh-8.2_p1-X509-glue-12.4.patch 
b/net-misc/openssh/files/openssh-8.2_p1-X509-glue-12.4.1.patch
similarity index 77%
rename from net-misc/openssh/files/openssh-8.2_p1-X509-glue-12.4.patch
rename to net-misc/openssh/files/openssh-8.2_p1-X509-glue-12.4.1.patch
index 6c9d80de9bc..4e948524167 100644
--- a/net-misc/openssh/files/openssh-8.2_p1-X509-glue-12.4.patch
+++ b/net-misc/openssh/files/openssh-8.2_p1-X509-glue-12.4.1.patch
@@ -1,6 +1,6 @@
-diff -ur --exclude '*.un~' a/openssh-8.2p1+x509-12.4.diff 
b/openssh-8.2p1+x509-12.4.diff
 a/openssh-8.2p1+x509-12.4.diff 2020-02-15 10:50:06.441041447 -0800
-+++ b/openssh-8.2p1+x509-12.4.diff 2020-02-15 10:52:52.241790237 -0800
+diff --exclude '*.un~' -ubr a/openssh-8.2p1+x509-12.4.1.diff 
b/openssh-8.2p1+x509-12.4.1.diff
+--- a/openssh-8.2p1+x509-12.4.1.diff   2020-02-18 13:58:50.824902609 -0800
 b/openssh-8.2p1+x509-12.4.1.diff   2020-02-18 13:59:57.917485338 -0800
 @@ -39197,16 +39197,15 @@
   
   install: $(CONFIGFILES) $(MANPAGES) $(TARGETS) 

[gentoo-commits] repo/gentoo:master commit in: net-misc/openssh/, net-misc/openssh/files/

[Patrick McLean]

commit: 66fb7fe3cdb232fe068325200367653e0ebb964f
Author: Patrick McLean  gentoo  org>
AuthorDate: Sat Feb 15 22:31:20 2020 +
Commit: Patrick McLean  gentoo  org>
CommitDate: Sat Feb 15 22:31:20 2020 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=66fb7fe3

net-misc/openssh-8.2_p1: Version bump

Package-Manager: Portage-2.3.89, Repoman-2.3.20
Signed-off-by: Patrick McLean  gentoo.org>

 net-misc/openssh/Manifest  |   3 +
 .../openssh/files/openssh-8.2_p1-GSSAPI-dns.patch  | 359 
 .../files/openssh-8.2_p1-X509-12.4-tests.patch |  11 +
 .../files/openssh-8.2_p1-X509-glue-12.4.patch  | 150 +++
 .../files/openssh-8.2_p1-hpn-14.20-X509-glue.patch | 133 ++
 .../files/openssh-8.2_p1-hpn-14.20-glue.patch  | 151 +++
 .../files/openssh-8.2_p1-hpn-14.20-sctp-glue.patch |  19 +
 net-misc/openssh/openssh-8.2_p1.ebuild | 464 +
 8 files changed, 1290 insertions(+)

diff --git a/net-misc/openssh/Manifest b/net-misc/openssh/Manifest
index 1097bd7a361..3dae8b09853 100644
--- a/net-misc/openssh/Manifest
+++ b/net-misc/openssh/Manifest
@@ -20,6 +20,9 @@ DIST openssh-8.1_p1-glibc-2.31-patches.tar.xz 1752 BLAKE2B 
ccab53069c0058be7ba78
 DIST openssh-8.1p1+x509-12.3.diff.gz 689934 BLAKE2B 
57a302a25bec1d630b9c36f74ab490e11c97f9bcbaf8f527e46ae7fd5bade19feb3d8853079870b5c08b70a55e289cf4bf7981c11983973fa588841aeb21e650
 SHA512 
8d7c321423940f5a78a51a25ad5373f5db17a4a8ca7e85041e503998e0823ad22068bc652e907e9f5787858d45ce438a4bba18240fa72e088eb10b903e96b192
 DIST openssh-8.1p1-sctp-1.2.patch.xz 7672 BLAKE2B 
f1aa0713fcb114d8774bd8d524d106401a9d7c2c73a05fbde200ccbdd2562b3636ddd2d0bc3eae9f04b4d7c729c3dafd814ae8c530a76c4a0190fae71d1edcd2
 SHA512 
2bffab0bbae5a4c1875e0cc229bfd83d8565bd831309158cd489d8b877556c69b936243888a181bd9ff302e19f2c174156781574294d260b6384c464d003d566
 DIST openssh-8.1p1.tar.gz 1625894 BLAKE2B 
d525be921a6f49420a58df5ac434d43a0c85e0f6bf8428ecebf04117c50f473185933e6e4485e506ac614f71887a513b9962d7b47969ba785da8e3a38f767322
 SHA512 
b987ea4ffd4ab0c94110723860273b06ed8ffb4d21cbd99ca144a4722dc55f4bf86f6253d500386b6bee7af50f066e2aa2dd095d50746509a10e11221d39d925
+DIST openssh-8.2p1+x509-12.4.diff.gz 802630 BLAKE2B 
1d4c30aa6fb2b90c3213a04adef8fc99b28796e72b067d308d5947a6f697ca2abead2a4658356e01347efaf9eb5100aeb054b56b04d55dd716d3793fad69010e
 SHA512 
0314496ed7466efb90f18143b70d676fbb7990fd9ec6685992f36a031b47c638597ed3773ec3c121d416cbbf8ba2d3d2e8cb9c703bfc77a82ba5aa5c3bdde0de
+DIST openssh-8.2p1-sctp-1.2.patch.xz 7668 BLAKE2B 
717487cffd235a5dfa2d9d3f2c1983f410d400b0d23f71a9b74406ac3d2f448d76381a3b7a3244942bff4e6bdc3bc78d148b9949c78dc297d99c7330179f8176
 SHA512 
a5fbd827e62e91b762062a29c7bc3bf569a202bdc8c91da7d77566ff8bb958b5b9fb6f8d45df586e0d7ac07a83de6e82996e9c5cdd6b3bf43336c420d3099305
+DIST openssh-8.2p1.tar.gz 1701197 BLAKE2B 
8b95cdebc87e8d14f655ed13c12b91b122adf47161071aa81d0763f81b12fe4bc3d409c260783d995307d4e4ed2d16080fd74b15e4dc6dcc5648d7e66720c3ed
 SHA512 
c4db64e52a3a4c410de9de49f9cb104dd493b10250af3599b92457dd986277b3fd99a6f51cec94892fd1be5bd0369c5757262ea7805f0de464b245c3d34c120a
 DIST openssh-8_1_P1-hpn-AES-CTR-14.20.diff 29935 BLAKE2B 
79101c43601e41306c957481c0680a63357d93bededdf12a32229d50acd9c1f46a386cbb91282e9e7d7bb26a9f276f5a675fd2de7662b7cbd073322b172d3bca
 SHA512 
94f011b7e654630e968a378375aa54fa1fde087b4426d0f2225813262e6667a1073814d6a83e9005f97b371c536e462e614bfe726b092ffed8229791592ca221
 DIST openssh-8_1_P1-hpn-DynWinNoneSwitch-14.20.diff 42696 BLAKE2B 
d8ac7fa1a4e4d1877acdedeaee80172da469b5a62d0aaa43d6ed46c578e7893577b9d563835d89ca2044867fc561ad3f562bf504c025cf4c78421cf3d24397e9
 SHA512 
768db7cca8839df4441afcb08457d13d32625b31859da527c3d7f1a92d17a4ec81d6987db00879c394bbe59589e57b10bfd98899a167ffed65ab367b1fd08739
 DIST openssh-8_1_P1-hpn-PeakTput-14.20.diff 2012 BLAKE2B 
e42c43128f1d82b4de1517e6a9219947da03cecb607f1bc45f0728547f17601a6ce2ec819b6434890efd19ceaf4d20cb98183596ab5ee79e104a52cda7db9cdc
 SHA512 
238f9419efd3be80bd700f6ae7e210e522d747c363c4e670364f5191f144ae3aa8d1b1539c0bf87b3de36743aa73e8101c53c0ef1c6472d209569be389e7814d

diff --git a/net-misc/openssh/files/openssh-8.2_p1-GSSAPI-dns.patch 
b/net-misc/openssh/files/openssh-8.2_p1-GSSAPI-dns.patch
new file mode 100644
index 000..d4db77b9855
--- /dev/null
+++ b/net-misc/openssh/files/openssh-8.2_p1-GSSAPI-dns.patch
@@ -0,0 +1,359 @@
+diff --git a/auth.c b/auth.c
+index 086b8ebb..a267353c 100644
+--- a/auth.c
 b/auth.c
+@@ -724,120 +724,6 @@ fakepw(void)
+   return ();
+ }
+ 
+-/*
+- * Returns the remote DNS hostname as a string. The returned string must not
+- * be freed. NB. this will usually trigger a DNS query the first time it is
+- * called.
+- * This function does additional checks on the hostname to mitigate some
+- * attacks on legacy rhosts-style authentication.
+- * XXX is RhostsRSAAuthentication vulnerable to these?
+- * XXX Can we remove these checks? (or if not, remove 

[gentoo-commits] repo/gentoo:master commit in: net-misc/openssh/, net-misc/openssh/files/

[Patrick McLean]

commit: 1aac6323197fdf15ee5d8ace28d31883a2099c9b
Author: Patrick McLean  sony  com>
AuthorDate: Wed Feb  5 01:44:55 2020 +
Commit: Patrick McLean  gentoo  org>
CommitDate: Wed Feb  5 01:53:58 2020 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=1aac6323

net-misc/openssh-8.1_p1-r2: revbump, patch for glibc-2.31, HPN 14.20

Bug: https://bugs.gentoo.org/703016
Closes: https://bugs.gentoo.org/708224
Copyright: Sony Interactive Entertainment Inc.
Package-Manager: Portage-2.3.87, Repoman-2.3.20
Signed-off-by: Patrick McLean  gentoo.org>

 net-misc/openssh/Manifest  |   4 +
 .../files/openssh-8.0_p1-hpn-14.20-X509-glue.patch | 111 +
 .../files/openssh-8.1_p1-hpn-14.20-glue.patch  | 105 +
 .../files/openssh-8.1_p1-hpn-14.20-sctp-glue.patch |  19 +
 .../openssh/files/openssh-8.1_p1-tests-2020.patch  |  26 ++
 net-misc/openssh/openssh-8.1_p1-r2.ebuild  | 467 +
 6 files changed, 732 insertions(+)

diff --git a/net-misc/openssh/Manifest b/net-misc/openssh/Manifest
index 163f62a3705..1097bd7a361 100644
--- a/net-misc/openssh/Manifest
+++ b/net-misc/openssh/Manifest
@@ -16,7 +16,11 @@ DIST openssh-7_8_P1-hpn-DynWinNoneSwitch-14.16.diff 43356 
BLAKE2B 776fa140d64a16
 DIST openssh-8.0p1+x509-12.1-gentoo.diff.gz 680853 BLAKE2B 
b24ee61d6328bf2de8384d6ecbfc5ae0be4719a3c7a2d714be3a144d327bba5038e7e36ffcc313af2a8a94960ce1f56387654d2d21920af51826af61957aa4cc
 SHA512 
178728139473b277fe50a03f37be50b3f8e539cea8f5937ddfe710082944e799d845cdb5994f585c13564c4a89b80ccf75e87753102aebacdb4c590f0b8a1482
 DIST openssh-8.0p1-sctp-1.2.patch.xz 7348 BLAKE2B 
bc3d3815f1ef5dbab605b93182a00c2fec258f49d56684defb6564d2b60886429c615a7ab076cc071a590f9df0908b1862ceb0961b7e6f6d1090237fec9035d3
 SHA512 
2f9f774286db75d0240e6fb01655a8a193fb2a5dc4596ad68ed22d64f97c9c46dad61a06478f2e972fd37cbad4d9aca5829bb91097cc56638601ff94a972b24f
 DIST openssh-8.0p1.tar.gz 1597697 BLAKE2B 
5ba79872eabb3b3964d95a8cdd690bfe0323f018d7f944d4e1acb52576c9f6d7a1ddac15e88dc42eac6ecbfabfad1c228e303a2262588769e307c38107a4cd54
 SHA512 
e280fa2d56f550efd37c5d2477670326261aa8b94d991f9eb17aad90e0c6c9c939efa90fe87d33260d0f709485cb05c379f0fd1bd44fc0d5190298b6398c9982
+DIST openssh-8.1_p1-glibc-2.31-patches.tar.xz 1752 BLAKE2B 
ccab53069c0058be7ba787281f5a1775d169a9dcda6f78742eb8cb3cce4ebe3a4c506c75a8ac142700669cf04b7475e35f6a06a4499d3d076e4e88e4fc59f3e6
 SHA512 
270d532fc7f4ec10c5ee56677f8280dec47a96e73f8032713b212cfad64a58ef142a7f49b7981dca80cbf0dd99753ef7a93b6af164cad9492fa224d546c27f14
 DIST openssh-8.1p1+x509-12.3.diff.gz 689934 BLAKE2B 
57a302a25bec1d630b9c36f74ab490e11c97f9bcbaf8f527e46ae7fd5bade19feb3d8853079870b5c08b70a55e289cf4bf7981c11983973fa588841aeb21e650
 SHA512 
8d7c321423940f5a78a51a25ad5373f5db17a4a8ca7e85041e503998e0823ad22068bc652e907e9f5787858d45ce438a4bba18240fa72e088eb10b903e96b192
 DIST openssh-8.1p1-sctp-1.2.patch.xz 7672 BLAKE2B 
f1aa0713fcb114d8774bd8d524d106401a9d7c2c73a05fbde200ccbdd2562b3636ddd2d0bc3eae9f04b4d7c729c3dafd814ae8c530a76c4a0190fae71d1edcd2
 SHA512 
2bffab0bbae5a4c1875e0cc229bfd83d8565bd831309158cd489d8b877556c69b936243888a181bd9ff302e19f2c174156781574294d260b6384c464d003d566
 DIST openssh-8.1p1.tar.gz 1625894 BLAKE2B 
d525be921a6f49420a58df5ac434d43a0c85e0f6bf8428ecebf04117c50f473185933e6e4485e506ac614f71887a513b9962d7b47969ba785da8e3a38f767322
 SHA512 
b987ea4ffd4ab0c94110723860273b06ed8ffb4d21cbd99ca144a4722dc55f4bf86f6253d500386b6bee7af50f066e2aa2dd095d50746509a10e11221d39d925
+DIST openssh-8_1_P1-hpn-AES-CTR-14.20.diff 29935 BLAKE2B 
79101c43601e41306c957481c0680a63357d93bededdf12a32229d50acd9c1f46a386cbb91282e9e7d7bb26a9f276f5a675fd2de7662b7cbd073322b172d3bca
 SHA512 
94f011b7e654630e968a378375aa54fa1fde087b4426d0f2225813262e6667a1073814d6a83e9005f97b371c536e462e614bfe726b092ffed8229791592ca221
+DIST openssh-8_1_P1-hpn-DynWinNoneSwitch-14.20.diff 42696 BLAKE2B 
d8ac7fa1a4e4d1877acdedeaee80172da469b5a62d0aaa43d6ed46c578e7893577b9d563835d89ca2044867fc561ad3f562bf504c025cf4c78421cf3d24397e9
 SHA512 
768db7cca8839df4441afcb08457d13d32625b31859da527c3d7f1a92d17a4ec81d6987db00879c394bbe59589e57b10bfd98899a167ffed65ab367b1fd08739
+DIST openssh-8_1_P1-hpn-PeakTput-14.20.diff 2012 BLAKE2B 
e42c43128f1d82b4de1517e6a9219947da03cecb607f1bc45f0728547f17601a6ce2ec819b6434890efd19ceaf4d20cb98183596ab5ee79e104a52cda7db9cdc
 SHA512 
238f9419efd3be80bd700f6ae7e210e522d747c363c4e670364f5191f144ae3aa8d1b1539c0bf87b3de36743aa73e8101c53c0ef1c6472d209569be389e7814d
 DIST openssh-lpk-7.5p1-0.3.14.patch.xz 17040 BLAKE2B 
5b2204316dd244bb8dd11db50d5bc3a194e2cc4b64964a2d3df68bbe54c53588f15fc5176dbc3811e929573fa3e41cf91f412aa2513bb9a4b6ed02c2523c1e24
 SHA512 
9ce5d7e5d831c972f0f866b686bf93a048a03979ab38627973f5491eeeaa45f9faab0520b3a7ed90a13a67213fdc9cd4cf11e423acad441ea91b71037c8b435b

diff --git a/net-misc/openssh/files/openssh-8.0_p1-hpn-14.20-X509-glue.patch 
b/net-misc/openssh/files/openssh-8.0_p1-hpn-14.20-X509-glue.patch
new file mode 100644
index 

[gentoo-commits] repo/gentoo:master commit in: net-misc/openssh/, net-misc/openssh/files/

[Patrick McLean]

commit: 522ad708687a93e936b63662f54a25a75b330db9
Author: Patrick McLean  gentoo  org>
AuthorDate: Mon Oct 14 19:58:15 2019 +
Commit: Patrick McLean  gentoo  org>
CommitDate: Mon Oct 14 19:58:45 2019 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=522ad708

net-misc/openssh: Revbump to 8.1_p1-r1, add X509 12.3 patch

Package-Manager: Portage-2.3.76, Repoman-2.3.17
Signed-off-by: Patrick McLean  gentoo.org>

 net-misc/openssh/Manifest  |  1 +
 .../files/openssh-8.1_p1-X509-12.3-tests.patch | 11 +++
 .../files/openssh-8.1_p1-X509-glue-12.3.patch  | 35 ++
 ...nssh-8.1_p1.ebuild => openssh-8.1_p1-r1.ebuild} |  3 +-
 4 files changed, 48 insertions(+), 2 deletions(-)

diff --git a/net-misc/openssh/Manifest b/net-misc/openssh/Manifest
index b17750ef243..163f62a3705 100644
--- a/net-misc/openssh/Manifest
+++ b/net-misc/openssh/Manifest
@@ -16,6 +16,7 @@ DIST openssh-7_8_P1-hpn-DynWinNoneSwitch-14.16.diff 43356 
BLAKE2B 776fa140d64a16
 DIST openssh-8.0p1+x509-12.1-gentoo.diff.gz 680853 BLAKE2B 
b24ee61d6328bf2de8384d6ecbfc5ae0be4719a3c7a2d714be3a144d327bba5038e7e36ffcc313af2a8a94960ce1f56387654d2d21920af51826af61957aa4cc
 SHA512 
178728139473b277fe50a03f37be50b3f8e539cea8f5937ddfe710082944e799d845cdb5994f585c13564c4a89b80ccf75e87753102aebacdb4c590f0b8a1482
 DIST openssh-8.0p1-sctp-1.2.patch.xz 7348 BLAKE2B 
bc3d3815f1ef5dbab605b93182a00c2fec258f49d56684defb6564d2b60886429c615a7ab076cc071a590f9df0908b1862ceb0961b7e6f6d1090237fec9035d3
 SHA512 
2f9f774286db75d0240e6fb01655a8a193fb2a5dc4596ad68ed22d64f97c9c46dad61a06478f2e972fd37cbad4d9aca5829bb91097cc56638601ff94a972b24f
 DIST openssh-8.0p1.tar.gz 1597697 BLAKE2B 
5ba79872eabb3b3964d95a8cdd690bfe0323f018d7f944d4e1acb52576c9f6d7a1ddac15e88dc42eac6ecbfabfad1c228e303a2262588769e307c38107a4cd54
 SHA512 
e280fa2d56f550efd37c5d2477670326261aa8b94d991f9eb17aad90e0c6c9c939efa90fe87d33260d0f709485cb05c379f0fd1bd44fc0d5190298b6398c9982
+DIST openssh-8.1p1+x509-12.3.diff.gz 689934 BLAKE2B 
57a302a25bec1d630b9c36f74ab490e11c97f9bcbaf8f527e46ae7fd5bade19feb3d8853079870b5c08b70a55e289cf4bf7981c11983973fa588841aeb21e650
 SHA512 
8d7c321423940f5a78a51a25ad5373f5db17a4a8ca7e85041e503998e0823ad22068bc652e907e9f5787858d45ce438a4bba18240fa72e088eb10b903e96b192
 DIST openssh-8.1p1-sctp-1.2.patch.xz 7672 BLAKE2B 
f1aa0713fcb114d8774bd8d524d106401a9d7c2c73a05fbde200ccbdd2562b3636ddd2d0bc3eae9f04b4d7c729c3dafd814ae8c530a76c4a0190fae71d1edcd2
 SHA512 
2bffab0bbae5a4c1875e0cc229bfd83d8565bd831309158cd489d8b877556c69b936243888a181bd9ff302e19f2c174156781574294d260b6384c464d003d566
 DIST openssh-8.1p1.tar.gz 1625894 BLAKE2B 
d525be921a6f49420a58df5ac434d43a0c85e0f6bf8428ecebf04117c50f473185933e6e4485e506ac614f71887a513b9962d7b47969ba785da8e3a38f767322
 SHA512 
b987ea4ffd4ab0c94110723860273b06ed8ffb4d21cbd99ca144a4722dc55f4bf86f6253d500386b6bee7af50f066e2aa2dd095d50746509a10e11221d39d925
 DIST openssh-lpk-7.5p1-0.3.14.patch.xz 17040 BLAKE2B 
5b2204316dd244bb8dd11db50d5bc3a194e2cc4b64964a2d3df68bbe54c53588f15fc5176dbc3811e929573fa3e41cf91f412aa2513bb9a4b6ed02c2523c1e24
 SHA512 
9ce5d7e5d831c972f0f866b686bf93a048a03979ab38627973f5491eeeaa45f9faab0520b3a7ed90a13a67213fdc9cd4cf11e423acad441ea91b71037c8b435b

diff --git a/net-misc/openssh/files/openssh-8.1_p1-X509-12.3-tests.patch 
b/net-misc/openssh/files/openssh-8.1_p1-X509-12.3-tests.patch
new file mode 100644
index 000..67a93fe2a0b
--- /dev/null
+++ b/net-misc/openssh/files/openssh-8.1_p1-X509-12.3-tests.patch
@@ -0,0 +1,11 @@
+--- a/openbsd-compat/regress/Makefile.in   2019-06-17 10:59:01.210601434 
-0700
 b/openbsd-compat/regress/Makefile.in   2019-06-17 10:59:18.753485852 
-0700
+@@ -7,7 +7,7 @@
+ CC=@CC@
+ LD=@LD@
+ CFLAGS=@CFLAGS@
+-CPPFLAGS=-I. -I.. -I$(srcdir) -I$(srcdir)/.. @CPPFLAGS@ @DEFS@
++CPPFLAGS=-I. -I.. -I../.. -I$(srcdir) -I$(srcdir)/.. @CPPFLAGS@ @DEFS@
+ EXEEXT=@EXEEXT@
+ LIBCOMPAT=../libopenbsd-compat.a
+ LIBS=@LIBS@

diff --git a/net-misc/openssh/files/openssh-8.1_p1-X509-glue-12.3.patch 
b/net-misc/openssh/files/openssh-8.1_p1-X509-glue-12.3.patch
new file mode 100644
index 000..48cce797904
--- /dev/null
+++ b/net-misc/openssh/files/openssh-8.1_p1-X509-glue-12.3.patch
@@ -0,0 +1,35 @@
+Only in b: .openssh-8.1p1+x509-12.3.diff.un~
+diff -ur a/openssh-8.1p1+x509-12.3.diff b/openssh-8.1p1+x509-12.3.diff
+--- a/openssh-8.1p1+x509-12.3.diff 2019-10-14 11:33:45.796485604 -0700
 b/openssh-8.1p1+x509-12.3.diff 2019-10-14 11:39:44.960312587 -0700
+@@ -35343,12 +35343,11 @@
+  
+  install: $(CONFIGFILES) $(MANPAGES) $(TARGETS) install-files install-sysconf 
host-key check-config
+  install-nokeys: $(CONFIGFILES) $(MANPAGES) $(TARGETS) install-files 
install-sysconf
+-@@ -339,6 +360,8 @@
++@@ -339,6 +360,7 @@
+   $(MKDIR_P) $(DESTDIR)$(mandir)/$(mansubdir)5
+   $(MKDIR_P) $(DESTDIR)$(mandir)/$(mansubdir)8
+   $(MKDIR_P) $(DESTDIR)$(libexecdir)
+ + $(MKDIR_P) $(DESTDIR)$(sshcadir)
+-+ 

[gentoo-commits] repo/gentoo:master commit in: net-misc/openssh/, net-misc/openssh/files/

[Patrick McLean]

commit: 0fbbcb8a73f7c22017e4602cff072b207a6c2999
Author: Patrick McLean  gentoo  org>
AuthorDate: Fri Oct 11 23:04:51 2019 +
Commit: Patrick McLean  gentoo  org>
CommitDate: Fri Oct 11 23:05:19 2019 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=0fbbcb8a

net-misc/openssh: Version bump to 8.1_p1 (no X509 patch yet)

Package-Manager: Portage-2.3.76, Repoman-2.3.17
Signed-off-by: Patrick McLean  gentoo.org>

 net-misc/openssh/Manifest  |   2 +
 .../openssh/files/openssh-8.1_p1-GSSAPI-dns.patch  | 359 
 .../openssh/files/openssh-8.1_p1-hpn-glue.patch| 216 ++
 net-misc/openssh/openssh-8.1_p1.ebuild | 463 +
 4 files changed, 1040 insertions(+)

diff --git a/net-misc/openssh/Manifest b/net-misc/openssh/Manifest
index fb6e51679b2..b17750ef243 100644
--- a/net-misc/openssh/Manifest
+++ b/net-misc/openssh/Manifest
@@ -16,4 +16,6 @@ DIST openssh-7_8_P1-hpn-DynWinNoneSwitch-14.16.diff 43356 
BLAKE2B 776fa140d64a16
 DIST openssh-8.0p1+x509-12.1-gentoo.diff.gz 680853 BLAKE2B 
b24ee61d6328bf2de8384d6ecbfc5ae0be4719a3c7a2d714be3a144d327bba5038e7e36ffcc313af2a8a94960ce1f56387654d2d21920af51826af61957aa4cc
 SHA512 
178728139473b277fe50a03f37be50b3f8e539cea8f5937ddfe710082944e799d845cdb5994f585c13564c4a89b80ccf75e87753102aebacdb4c590f0b8a1482
 DIST openssh-8.0p1-sctp-1.2.patch.xz 7348 BLAKE2B 
bc3d3815f1ef5dbab605b93182a00c2fec258f49d56684defb6564d2b60886429c615a7ab076cc071a590f9df0908b1862ceb0961b7e6f6d1090237fec9035d3
 SHA512 
2f9f774286db75d0240e6fb01655a8a193fb2a5dc4596ad68ed22d64f97c9c46dad61a06478f2e972fd37cbad4d9aca5829bb91097cc56638601ff94a972b24f
 DIST openssh-8.0p1.tar.gz 1597697 BLAKE2B 
5ba79872eabb3b3964d95a8cdd690bfe0323f018d7f944d4e1acb52576c9f6d7a1ddac15e88dc42eac6ecbfabfad1c228e303a2262588769e307c38107a4cd54
 SHA512 
e280fa2d56f550efd37c5d2477670326261aa8b94d991f9eb17aad90e0c6c9c939efa90fe87d33260d0f709485cb05c379f0fd1bd44fc0d5190298b6398c9982
+DIST openssh-8.1p1-sctp-1.2.patch.xz 7672 BLAKE2B 
f1aa0713fcb114d8774bd8d524d106401a9d7c2c73a05fbde200ccbdd2562b3636ddd2d0bc3eae9f04b4d7c729c3dafd814ae8c530a76c4a0190fae71d1edcd2
 SHA512 
2bffab0bbae5a4c1875e0cc229bfd83d8565bd831309158cd489d8b877556c69b936243888a181bd9ff302e19f2c174156781574294d260b6384c464d003d566
+DIST openssh-8.1p1.tar.gz 1625894 BLAKE2B 
d525be921a6f49420a58df5ac434d43a0c85e0f6bf8428ecebf04117c50f473185933e6e4485e506ac614f71887a513b9962d7b47969ba785da8e3a38f767322
 SHA512 
b987ea4ffd4ab0c94110723860273b06ed8ffb4d21cbd99ca144a4722dc55f4bf86f6253d500386b6bee7af50f066e2aa2dd095d50746509a10e11221d39d925
 DIST openssh-lpk-7.5p1-0.3.14.patch.xz 17040 BLAKE2B 
5b2204316dd244bb8dd11db50d5bc3a194e2cc4b64964a2d3df68bbe54c53588f15fc5176dbc3811e929573fa3e41cf91f412aa2513bb9a4b6ed02c2523c1e24
 SHA512 
9ce5d7e5d831c972f0f866b686bf93a048a03979ab38627973f5491eeeaa45f9faab0520b3a7ed90a13a67213fdc9cd4cf11e423acad441ea91b71037c8b435b

diff --git a/net-misc/openssh/files/openssh-8.1_p1-GSSAPI-dns.patch 
b/net-misc/openssh/files/openssh-8.1_p1-GSSAPI-dns.patch
new file mode 100644
index 000..6aba6f26694
--- /dev/null
+++ b/net-misc/openssh/files/openssh-8.1_p1-GSSAPI-dns.patch
@@ -0,0 +1,359 @@
+diff --git a/auth.c b/auth.c
+index ca450f4e..2994a4e4 100644
+--- a/auth.c
 b/auth.c
+@@ -723,120 +723,6 @@ fakepw(void)
+   return ();
+ }
+ 
+-/*
+- * Returns the remote DNS hostname as a string. The returned string must not
+- * be freed. NB. this will usually trigger a DNS query the first time it is
+- * called.
+- * This function does additional checks on the hostname to mitigate some
+- * attacks on legacy rhosts-style authentication.
+- * XXX is RhostsRSAAuthentication vulnerable to these?
+- * XXX Can we remove these checks? (or if not, remove 
RhostsRSAAuthentication?)
+- */
+-
+-static char *
+-remote_hostname(struct ssh *ssh)
+-{
+-  struct sockaddr_storage from;
+-  socklen_t fromlen;
+-  struct addrinfo hints, *ai, *aitop;
+-  char name[NI_MAXHOST], ntop2[NI_MAXHOST];
+-  const char *ntop = ssh_remote_ipaddr(ssh);
+-
+-  /* Get IP address of client. */
+-  fromlen = sizeof(from);
+-  memset(, 0, sizeof(from));
+-  if (getpeername(ssh_packet_get_connection_in(ssh),
+-  (struct sockaddr *), ) == -1) {
+-  debug("getpeername failed: %.100s", strerror(errno));
+-  return strdup(ntop);
+-  }
+-
+-  ipv64_normalise_mapped(, );
+-  if (from.ss_family == AF_INET6)
+-  fromlen = sizeof(struct sockaddr_in6);
+-
+-  debug3("Trying to reverse map address %.100s.", ntop);
+-  /* Map the IP address to a host name. */
+-  if (getnameinfo((struct sockaddr *), fromlen, name, sizeof(name),
+-  NULL, 0, NI_NAMEREQD) != 0) {
+-  /* Host name not found.  Use ip address. */
+-  return strdup(ntop);
+-  }
+-
+-  /*
+-   * if reverse lookup result looks like a numeric hostname,
+-   * someone is 

[gentoo-commits] repo/gentoo:master commit in: net-misc/openssh/, net-misc/openssh/files/

[Thomas Deutschmann]

commit: 0148cb4b99350b09cc7eaa229ad42d4b6009d0e9
Author: Thomas Deutschmann  gentoo  org>
AuthorDate: Wed Oct  9 16:17:12 2019 +
Commit: Thomas Deutschmann  gentoo  org>
CommitDate: Wed Oct  9 16:17:29 2019 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=0148cb4b

net-misc/openssh: fix integer overflows

- Fix integer overflow in XMSS private key parsing
- Fix an unreachable integer overflow similar to the XMSS case
- Fix putty tests

Closes: https://bugs.gentoo.org/493866
Bug: https://bugs.gentoo.org/697046
Package-Manager: Portage-2.3.76, Repoman-2.3.17
Signed-off-by: Thomas Deutschmann  gentoo.org>

 net-misc/openssh/Manifest  |   1 +
 ...integer-overflow-similar-to-the-XMSS-case.patch |  76 
 ...eger-overflow-in-XMSS-private-key-parsing.patch |  14 +
 .../files/openssh-8.0_p1-fix-putty-tests.patch |  57 +++
 net-misc/openssh/openssh-8.0_p1-r4.ebuild  | 467 +
 5 files changed, 615 insertions(+)

diff --git a/net-misc/openssh/Manifest b/net-misc/openssh/Manifest
index d6d9347cc46..bd50ff4493c 100644
--- a/net-misc/openssh/Manifest
+++ b/net-misc/openssh/Manifest
@@ -13,6 +13,7 @@ DIST openssh-7.9p1-sctp-1.2.patch.xz 7360 BLAKE2B 
60e209371ecac24d0b60e48459d4d4
 DIST openssh-7.9p1.tar.gz 1565384 BLAKE2B 
de15795e03d33d4f9fe4792f6b14500123230b6c00c1e5bd7207bb6d6bf6df0b2e057c1b1de0fee709f58dd159203fdd69fe1473118a6baedebaa0c1c4c55b59
 SHA512 
0412c9c429c9287f0794023951469c8e6ec833cdb55821bfa0300dd90d0879ff60484f620cffd93372641ab69bf0b032c2d700ccc680950892725fb631b7708e
 DIST openssh-7_8_P1-hpn-AES-CTR-14.16.diff 29231 BLAKE2B 
e25877c5e22f674e6db5a0bc107e5daa2509fe762fb14ce7bb2ce9a115e8177a93340c1d19247b6c2c854b7e1f9ae9af9fd932e5fa9c0a6b2ba438cd11a42991
 SHA512 
1867fb94c29a51294a71a3ec6a299757565a7cda5696118b0b346ed9c78f2c81bb1b888cff5e3418776b2fa277a8f070c5eb9327bb005453e2ffd72d35cdafa7
 DIST openssh-7_8_P1-hpn-DynWinNoneSwitch-14.16.diff 43356 BLAKE2B 
776fa140d64a16c339b46a7c773258d2f4fe44e48b16abccad1a8757a51cb6362722fc5f42c39159af12849f5c88cf574de64815085c97157e16653f18d4909b
 SHA512 
53f2752b7aa02719c8dfe0fe0ef16e874101ba2ba87924aa1122cd445ece218ca09c22abaa3377307f25d459579bc28d3854e2402c71b794db65d58cdd1ebc08
+DIST openssh-8.0p1+x509-12.1-gentoo.diff.gz 680853 BLAKE2B 
b24ee61d6328bf2de8384d6ecbfc5ae0be4719a3c7a2d714be3a144d327bba5038e7e36ffcc313af2a8a94960ce1f56387654d2d21920af51826af61957aa4cc
 SHA512 
178728139473b277fe50a03f37be50b3f8e539cea8f5937ddfe710082944e799d845cdb5994f585c13564c4a89b80ccf75e87753102aebacdb4c590f0b8a1482
 DIST openssh-8.0p1+x509-12.1.diff.gz 680389 BLAKE2B 
b1e353c496dd6dbd104c32bc5e9a3f055673a7876944d39c80f185cdb589d09b8d509754f04f2e051ceef2b39a3d810ba00b8894a4b67c7a6a0170a4ed0518a5
 SHA512 
831988d636a19e89a881616e07e38bc6ca44e90443b2bbf290fab3f120877e2eef60f21ad6e0c64098d07e09379f9f73f0ce2e5df975aa1bd43944582f8b8b3e
 DIST openssh-8.0p1-sctp-1.2.patch.xz 7348 BLAKE2B 
bc3d3815f1ef5dbab605b93182a00c2fec258f49d56684defb6564d2b60886429c615a7ab076cc071a590f9df0908b1862ceb0961b7e6f6d1090237fec9035d3
 SHA512 
2f9f774286db75d0240e6fb01655a8a193fb2a5dc4596ad68ed22d64f97c9c46dad61a06478f2e972fd37cbad4d9aca5829bb91097cc56638601ff94a972b24f
 DIST openssh-8.0p1.tar.gz 1597697 BLAKE2B 
5ba79872eabb3b3964d95a8cdd690bfe0323f018d7f944d4e1acb52576c9f6d7a1ddac15e88dc42eac6ecbfabfad1c228e303a2262588769e307c38107a4cd54
 SHA512 
e280fa2d56f550efd37c5d2477670326261aa8b94d991f9eb17aad90e0c6c9c939efa90fe87d33260d0f709485cb05c379f0fd1bd44fc0d5190298b6398c9982

diff --git 
a/net-misc/openssh/files/openssh-8.0_p1-fix-an-unreachable-integer-overflow-similar-to-the-XMSS-case.patch
 
b/net-misc/openssh/files/openssh-8.0_p1-fix-an-unreachable-integer-overflow-similar-to-the-XMSS-case.patch
new file mode 100644
index 000..bffc591ef66
--- /dev/null
+++ 
b/net-misc/openssh/files/openssh-8.0_p1-fix-an-unreachable-integer-overflow-similar-to-the-XMSS-case.patch
@@ -0,0 +1,76 @@
+https://github.com/openssh/openssh-portable/commit/29e0ecd9b4eb3b9f305e2240351f0c59cad9ef81
+
+--- a/sshkey.c
 b/sshkey.c
+@@ -3209,6 +3209,10 @@ sshkey_private_deserialize(struct sshbuf *buf, struct 
sshkey **kp)
+   if ((r = sshkey_froms(buf, )) != 0 ||
+   (r = sshbuf_get_bignum2(buf, _priv_key)) != 0)
+   goto out;
++  if (k->type != type) {
++  r = SSH_ERR_INVALID_FORMAT;
++  goto out;
++  }
+   if (!DSA_set0_key(k->dsa, NULL, dsa_priv_key)) {
+   r = SSH_ERR_LIBCRYPTO_ERROR;
+   goto out;
+@@ -3252,6 +3256,11 @@ sshkey_private_deserialize(struct sshbuf *buf, struct 
sshkey **kp)
+   if ((r = sshkey_froms(buf, )) != 0 ||
+   (r = sshbuf_get_bignum2(buf, )) != 0)
+   goto out;
++  if (k->type != type ||
++  k->ecdsa_nid != sshkey_ecdsa_nid_from_name(tname)) {
++  

[gentoo-commits] repo/gentoo:master commit in: net-misc/openssh/, net-misc/openssh/files/

[Thomas Deutschmann]

commit: a8476cc3013b8303167fec09ffe03ed7ca193646
Author: Thomas Deutschmann  gentoo  org>
AuthorDate: Tue Oct  8 15:47:34 2019 +
Commit: Thomas Deutschmann  gentoo  org>
CommitDate: Tue Oct  8 15:47:34 2019 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=a8476cc3

net-misc/openssh: adjust sandbox for >=dev-libs/openssl-1.1.1d

Link: https://github.com/openssh/openssh-portable/pull/149
Bug: https://bugs.gentoo.org/696950
Package-Manager: Portage-2.3.76, Repoman-2.3.17
Signed-off-by: Thomas Deutschmann  gentoo.org>

 ...mget-shmat-shmdt-in-preauth-privsep-child.patch |  31 ++
 net-misc/openssh/openssh-8.0_p1-r3.ebuild  | 463 +
 2 files changed, 494 insertions(+)

diff --git 
a/net-misc/openssh/files/openssh-8.0_p1-deny-shmget-shmat-shmdt-in-preauth-privsep-child.patch
 
b/net-misc/openssh/files/openssh-8.0_p1-deny-shmget-shmat-shmdt-in-preauth-privsep-child.patch
new file mode 100644
index 000..fe3be2409e2
--- /dev/null
+++ 
b/net-misc/openssh/files/openssh-8.0_p1-deny-shmget-shmat-shmdt-in-preauth-privsep-child.patch
@@ -0,0 +1,31 @@
+From 3ef92a657444f172b61f92d5da66d94fa8265602 Mon Sep 17 00:00:00 2001
+From: Lonnie Abelbeck 
+Date: Tue, 1 Oct 2019 09:05:09 -0500
+Subject: [PATCH] Deny (non-fatal) shmget/shmat/shmdt in preauth privsep child.
+
+New wait_random_seeded() function on OpenSSL 1.1.1d uses shmget, shmat, and 
shmdt
+in the preauth codepath, deny (non-fatal) in seccomp_filter sandbox.
+---
+ sandbox-seccomp-filter.c | 9 +
+ 1 file changed, 9 insertions(+)
+
+diff --git a/sandbox-seccomp-filter.c b/sandbox-seccomp-filter.c
+index 840c5232b..39dc289e3 100644
+--- a/sandbox-seccomp-filter.c
 b/sandbox-seccomp-filter.c
+@@ -168,6 +168,15 @@ static const struct sock_filter preauth_insns[] = {
+ #ifdef __NR_stat64
+   SC_DENY(__NR_stat64, EACCES),
+ #endif
++#ifdef __NR_shmget
++  SC_DENY(__NR_shmget, EACCES),
++#endif
++#ifdef __NR_shmat
++  SC_DENY(__NR_shmat, EACCES),
++#endif
++#ifdef __NR_shmdt
++  SC_DENY(__NR_shmdt, EACCES),
++#endif
+ 
+   /* Syscalls to permit */
+ #ifdef __NR_brk

diff --git a/net-misc/openssh/openssh-8.0_p1-r3.ebuild 
b/net-misc/openssh/openssh-8.0_p1-r3.ebuild
new file mode 100644
index 000..a8b2c56c2ee
--- /dev/null
+++ b/net-misc/openssh/openssh-8.0_p1-r3.ebuild
@@ -0,0 +1,463 @@
+# Copyright 1999-2019 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=6
+
+inherit user eapi7-ver flag-o-matic multilib autotools pam systemd
+
+# Make it more portable between straight releases
+# and _p? releases.
+PARCH=${P/_}
+#HPN_PV="${PV^^}"
+HPN_PV="7.8_P1"
+
+HPN_VER="14.16"
+HPN_PATCHES=(
+   ${PN}-${HPN_PV/./_}-hpn-DynWinNoneSwitch-${HPN_VER}.diff
+   ${PN}-${HPN_PV/./_}-hpn-AES-CTR-${HPN_VER}.diff
+)
+
+SCTP_VER="1.2" SCTP_PATCH="${PARCH}-sctp-${SCTP_VER}.patch.xz"
+X509_VER="12.1" X509_PATCH="${PARCH}+x509-${X509_VER}.diff.gz"
+
+PATCH_SET="openssh-7.9p1-patches-1.0"
+
+DESCRIPTION="Port of OpenBSD's free SSH release"
+HOMEPAGE="https://www.openssh.com/;
+SRC_URI="mirror://openbsd/OpenSSH/portable/${PARCH}.tar.gz
+   ${SCTP_PATCH:+sctp? ( 
https://dev.gentoo.org/~whissi/dist/openssh/${SCTP_PATCH} )}
+   ${HPN_VER:+hpn? ( $(printf 
"mirror://sourceforge/hpnssh/HPN-SSH%%20${HPN_VER/./v}%%20${HPN_PV/_P/p}/%s\n" 
"${HPN_PATCHES[@]}") )}
+   ${X509_PATCH:+X509? ( 
https://roumenpetrov.info/openssh/x509-${X509_VER}/${X509_PATCH} )}
+   "
+
+LICENSE="BSD GPL-2"
+SLOT="0"
+KEYWORDS="alpha amd64 ~arm arm64 hppa ia64 ~m68k ~mips ppc ppc64 ~riscv s390 
~sh sparc x86 ~ppc-aix ~x64-cygwin ~amd64-fbsd ~x86-fbsd ~amd64-linux 
~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris 
~sparc64-solaris ~x64-solaris ~x86-solaris"
+# Probably want to drop ssl defaulting to on in a future version.
+IUSE="abi_mips_n32 audit bindist debug hpn kerberos kernel_linux ldns libedit 
libressl livecd pam +pie sctp selinux +ssl static test X X509 xmss"
+RESTRICT="!test? ( test )"
+REQUIRED_USE="ldns? ( ssl )
+   pie? ( !static )
+   static? ( !kerberos !pam )
+   X509? ( !sctp ssl )
+   test? ( ssl )"
+
+LIB_DEPEND="
+   audit? ( sys-process/audit[static-libs(+)] )
+   ldns? (
+   net-libs/ldns[static-libs(+)]
+   !bindist? ( net-libs/ldns[ecdsa,ssl(+)] )
+   bindist? ( net-libs/ldns[-ecdsa,ssl(+)] )
+   )
+   libedit? ( dev-libs/libedit:=[static-libs(+)] )
+   sctp? ( net-misc/lksctp-tools[static-libs(+)] )
+   selinux? ( >=sys-libs/libselinux-1.28[static-libs(+)] )
+   ssl? (
+   !libressl? (
+   || (
+   (
+   >=dev-libs/openssl-1.0.1:0[bindist=]
+   =dev-libs/openssl-1.1.0g:0[bindist=]
+   )
+   dev-libs/openssl:0=[static-libs(+)]
+   )
+   

[gentoo-commits] repo/gentoo:master commit in: net-misc/openssh/, net-misc/openssh/files/

[Patrick McLean]

commit: 700b973aa54039ebeea92b70e09ecce2df151dea
Author: Patrick McLean  sony  com>
AuthorDate: Mon Jun 17 20:14:18 2019 +
Commit: Patrick McLean  gentoo  org>
CommitDate: Mon Jun 17 20:14:18 2019 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=700b973a

net-misc/openssh: Drop old 8.0_p1-r1

Copyright: Sony Interactive Entertainment Inc.
Package-Manager: Portage-2.3.67, Repoman-2.3.14
Signed-off-by: Patrick McLean  gentoo.org>

 net-misc/openssh/Manifest  |   1 -
 ...enssh-8.0_p1-X509-dont-make-piddir-12.0.1.patch |  16 -
 .../files/openssh-8.0_p1-X509-glue-12.0.1.patch|  19 -
 net-misc/openssh/openssh-8.0_p1-r1.ebuild  | 461 -
 4 files changed, 497 deletions(-)

diff --git a/net-misc/openssh/Manifest b/net-misc/openssh/Manifest
index 07293b9d455..748766fdb61 100644
--- a/net-misc/openssh/Manifest
+++ b/net-misc/openssh/Manifest
@@ -13,7 +13,6 @@ DIST openssh-7.9p1-sctp-1.2.patch.xz 7360 BLAKE2B 
60e209371ecac24d0b60e48459d4d4
 DIST openssh-7.9p1.tar.gz 1565384 BLAKE2B 
de15795e03d33d4f9fe4792f6b14500123230b6c00c1e5bd7207bb6d6bf6df0b2e057c1b1de0fee709f58dd159203fdd69fe1473118a6baedebaa0c1c4c55b59
 SHA512 
0412c9c429c9287f0794023951469c8e6ec833cdb55821bfa0300dd90d0879ff60484f620cffd93372641ab69bf0b032c2d700ccc680950892725fb631b7708e
 DIST openssh-7_8_P1-hpn-AES-CTR-14.16.diff 29231 BLAKE2B 
e25877c5e22f674e6db5a0bc107e5daa2509fe762fb14ce7bb2ce9a115e8177a93340c1d19247b6c2c854b7e1f9ae9af9fd932e5fa9c0a6b2ba438cd11a42991
 SHA512 
1867fb94c29a51294a71a3ec6a299757565a7cda5696118b0b346ed9c78f2c81bb1b888cff5e3418776b2fa277a8f070c5eb9327bb005453e2ffd72d35cdafa7
 DIST openssh-7_8_P1-hpn-DynWinNoneSwitch-14.16.diff 43356 BLAKE2B 
776fa140d64a16c339b46a7c773258d2f4fe44e48b16abccad1a8757a51cb6362722fc5f42c39159af12849f5c88cf574de64815085c97157e16653f18d4909b
 SHA512 
53f2752b7aa02719c8dfe0fe0ef16e874101ba2ba87924aa1122cd445ece218ca09c22abaa3377307f25d459579bc28d3854e2402c71b794db65d58cdd1ebc08
-DIST openssh-8.0p1+x509-12.0.1.diff.gz 629849 BLAKE2B 
9366244434c525ddf8f19a476b8b49d13f8c54374986bda8585db1288e7b61c60e26e2a315bec71b52f5e0f5bf4131f0f325039909b91874baab401272418fab
 SHA512 
c6ea243f49674bba64ee372e0532eb9fe6f109d0d5e70f10995d97b5ad5e340275b1b84c3c3bfc7eda1865619dea1370e06e34bbcc3d76af6aa7a00feccaea06
 DIST openssh-8.0p1+x509-12.0.diff.gz 623765 BLAKE2B 
b1c0d533a58c55b0f8451ce5aa8ee9b462afdc1eee44018f30962d3427c73b12a57c2c88bc8656c09c2b39a2ac72755539eeb29e7060ced5d3e8470647f88c0a
 SHA512 
5f678fd303e39df7a2fb23af682c5a02b33f7fdcafe6171b9db2067098a2048677c415c3bee75225eb9fbaf308cfac7f37b0865951cdb6dda0577908499a8295
 DIST openssh-8.0p1+x509-12.1.diff.gz 680389 BLAKE2B 
b1e353c496dd6dbd104c32bc5e9a3f055673a7876944d39c80f185cdb589d09b8d509754f04f2e051ceef2b39a3d810ba00b8894a4b67c7a6a0170a4ed0518a5
 SHA512 
831988d636a19e89a881616e07e38bc6ca44e90443b2bbf290fab3f120877e2eef60f21ad6e0c64098d07e09379f9f73f0ce2e5df975aa1bd43944582f8b8b3e
 DIST openssh-8.0p1-sctp-1.2.patch.xz 7348 BLAKE2B 
bc3d3815f1ef5dbab605b93182a00c2fec258f49d56684defb6564d2b60886429c615a7ab076cc071a590f9df0908b1862ceb0961b7e6f6d1090237fec9035d3
 SHA512 
2f9f774286db75d0240e6fb01655a8a193fb2a5dc4596ad68ed22d64f97c9c46dad61a06478f2e972fd37cbad4d9aca5829bb91097cc56638601ff94a972b24f

diff --git 
a/net-misc/openssh/files/openssh-8.0_p1-X509-dont-make-piddir-12.0.1.patch 
b/net-misc/openssh/files/openssh-8.0_p1-X509-dont-make-piddir-12.0.1.patch
deleted file mode 100644
index e4aca305e00..000
--- a/net-misc/openssh/files/openssh-8.0_p1-X509-dont-make-piddir-12.0.1.patch
+++ /dev/null
@@ -1,16 +0,0 @@
 a/openssh-8.0p1+x509-12.0.1.diff   2019-04-29 14:11:55.210175168 -0700
-+++ b/openssh-8.0p1+x509-12.0.1.diff   2019-04-29 14:12:55.603761971 -0700
-@@ -34176,12 +34176,11 @@
-  
-  install: $(CONFIGFILES) $(MANPAGES) $(TARGETS) install-files install-sysconf 
host-key check-config
-  install-nokeys: $(CONFIGFILES) $(MANPAGES) $(TARGETS) install-files 
install-sysconf
--@@ -334,6 +352,8 @@
-+@@ -334,6 +352,7 @@
-   $(MKDIR_P) $(DESTDIR)$(mandir)/$(mansubdir)5
-   $(MKDIR_P) $(DESTDIR)$(mandir)/$(mansubdir)8
-   $(MKDIR_P) $(DESTDIR)$(libexecdir)
- + $(MKDIR_P) $(DESTDIR)$(sshcadir)
--+ $(MKDIR_P) $(DESTDIR)$(piddir)
-   $(MKDIR_P) -m 0755 $(DESTDIR)$(PRIVSEP_PATH)
-   $(INSTALL) -m 0755 $(STRIP_OPT) ssh$(EXEEXT) 
$(DESTDIR)$(bindir)/ssh$(EXEEXT)
-   $(INSTALL) -m 0755 $(STRIP_OPT) scp$(EXEEXT) 
$(DESTDIR)$(bindir)/scp$(EXEEXT)

diff --git a/net-misc/openssh/files/openssh-8.0_p1-X509-glue-12.0.1.patch 
b/net-misc/openssh/files/openssh-8.0_p1-X509-glue-12.0.1.patch
deleted file mode 100644
index 244aef4c399..000
--- a/net-misc/openssh/files/openssh-8.0_p1-X509-glue-12.0.1.patch
+++ /dev/null
@@ -1,19 +0,0 @@
 a/openssh-8.0p1+x509-12.0.1.diff   2019-04-29 14:07:39.687923384 -0700
-+++ b/openssh-8.0p1+x509-12.0.1.diff   2019-04-29 14:08:11.330706892 -0700
-@@ -76610,16 +76610,6 @@
- + return mbtowc(NULL, s, 

[gentoo-commits] repo/gentoo:master commit in: net-misc/openssh/, net-misc/openssh/files/

[Patrick McLean]

commit: 4c0b9982d08f85a5701b2d0552fe0e38d2a90094
Author: Patrick McLean  sony  com>
AuthorDate: Fri Apr 19 03:55:01 2019 +
Commit: Patrick McLean  gentoo  org>
CommitDate: Fri Apr 19 03:55:55 2019 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=4c0b9982

net-misc/openssh: Version bump to 8.0_p1

- Bump the X509 patchset as well to 12.0
  - No longer apply the AES-CTR-MT with USE=X509 since it hasn't worked
in quite some time

- Forward port the HPN patchset
  - Set the maxium number of threads in AES-CTR-MT to 16, since it
hangs at 20 threads

Copyright: Sony Interactive Entertainment Inc.
Package-Manager: Portage-2.3.63, Repoman-2.3.12
Signed-off-by: Patrick McLean  gentoo.org>

 net-misc/openssh/Manifest  |   3 +
 .../openssh/files/openssh-8.0_p1-GSSAPI-dns.patch  | 359 
 .../files/openssh-8.0_p1-X509-12.0-tests.patch |  12 +
 ...openssh-8.0_p1-X509-dont-make-piddir-12.0.patch |  16 +
 .../files/openssh-8.0_p1-X509-glue-12.0.patch  |  19 +
 .../files/openssh-8.0_p1-hpn-X509-glue.patch   | 114 +
 .../openssh/files/openssh-8.0_p1-hpn-glue.patch| 194 +
 .../openssh/files/openssh-8.0_p1-hpn-version.patch |  13 +
 net-misc/openssh/files/openssh-8.0_p1-tests.patch  |  43 ++
 net-misc/openssh/openssh-8.0_p1.ebuild | 461 +
 10 files changed, 1234 insertions(+)

diff --git a/net-misc/openssh/Manifest b/net-misc/openssh/Manifest
index d019cc5b6fd..c71f5ce7b9f 100644
--- a/net-misc/openssh/Manifest
+++ b/net-misc/openssh/Manifest
@@ -13,4 +13,7 @@ DIST openssh-7.9p1-sctp-1.2.patch.xz 7360 BLAKE2B 
60e209371ecac24d0b60e48459d4d4
 DIST openssh-7.9p1.tar.gz 1565384 BLAKE2B 
de15795e03d33d4f9fe4792f6b14500123230b6c00c1e5bd7207bb6d6bf6df0b2e057c1b1de0fee709f58dd159203fdd69fe1473118a6baedebaa0c1c4c55b59
 SHA512 
0412c9c429c9287f0794023951469c8e6ec833cdb55821bfa0300dd90d0879ff60484f620cffd93372641ab69bf0b032c2d700ccc680950892725fb631b7708e
 DIST openssh-7_8_P1-hpn-AES-CTR-14.16.diff 29231 BLAKE2B 
e25877c5e22f674e6db5a0bc107e5daa2509fe762fb14ce7bb2ce9a115e8177a93340c1d19247b6c2c854b7e1f9ae9af9fd932e5fa9c0a6b2ba438cd11a42991
 SHA512 
1867fb94c29a51294a71a3ec6a299757565a7cda5696118b0b346ed9c78f2c81bb1b888cff5e3418776b2fa277a8f070c5eb9327bb005453e2ffd72d35cdafa7
 DIST openssh-7_8_P1-hpn-DynWinNoneSwitch-14.16.diff 43356 BLAKE2B 
776fa140d64a16c339b46a7c773258d2f4fe44e48b16abccad1a8757a51cb6362722fc5f42c39159af12849f5c88cf574de64815085c97157e16653f18d4909b
 SHA512 
53f2752b7aa02719c8dfe0fe0ef16e874101ba2ba87924aa1122cd445ece218ca09c22abaa3377307f25d459579bc28d3854e2402c71b794db65d58cdd1ebc08
+DIST openssh-8.0p1+x509-12.0.diff.gz 623765 BLAKE2B 
b1c0d533a58c55b0f8451ce5aa8ee9b462afdc1eee44018f30962d3427c73b12a57c2c88bc8656c09c2b39a2ac72755539eeb29e7060ced5d3e8470647f88c0a
 SHA512 
5f678fd303e39df7a2fb23af682c5a02b33f7fdcafe6171b9db2067098a2048677c415c3bee75225eb9fbaf308cfac7f37b0865951cdb6dda0577908499a8295
+DIST openssh-8.0p1-sctp-1.2.patch.xz 7684 BLAKE2B 
5d6af23549a152dabf6a54aab5957fd76f0c78528c58896d4265543b121bc4add483fc465876377554041dc88a290dfd7c42fdcc0b55c5509b403a16f0b63989
 SHA512 
fb0ed1f37b4f26d27e9f09f67a6368b0a277999e514498203bc09483943e5d6b02bca66becc200c7a44eef4d9a9b296b57678fafe390fd7ab3c3b74be380e9bb
+DIST openssh-8.0p1.tar.gz 1597697 BLAKE2B 
5ba79872eabb3b3964d95a8cdd690bfe0323f018d7f944d4e1acb52576c9f6d7a1ddac15e88dc42eac6ecbfabfad1c228e303a2262588769e307c38107a4cd54
 SHA512 
e280fa2d56f550efd37c5d2477670326261aa8b94d991f9eb17aad90e0c6c9c939efa90fe87d33260d0f709485cb05c379f0fd1bd44fc0d5190298b6398c9982
 DIST openssh-lpk-7.5p1-0.3.14.patch.xz 17040 BLAKE2B 
5b2204316dd244bb8dd11db50d5bc3a194e2cc4b64964a2d3df68bbe54c53588f15fc5176dbc3811e929573fa3e41cf91f412aa2513bb9a4b6ed02c2523c1e24
 SHA512 
9ce5d7e5d831c972f0f866b686bf93a048a03979ab38627973f5491eeeaa45f9faab0520b3a7ed90a13a67213fdc9cd4cf11e423acad441ea91b71037c8b435b

diff --git a/net-misc/openssh/files/openssh-8.0_p1-GSSAPI-dns.patch 
b/net-misc/openssh/files/openssh-8.0_p1-GSSAPI-dns.patch
new file mode 100644
index 000..a3bd128aa46
--- /dev/null
+++ b/net-misc/openssh/files/openssh-8.0_p1-GSSAPI-dns.patch
@@ -0,0 +1,359 @@
+diff --git a/auth.c b/auth.c
+index 8696f258..f4cd70a3 100644
+--- a/auth.c
 b/auth.c
+@@ -723,120 +723,6 @@ fakepw(void)
+   return ();
+ }
+ 
+-/*
+- * Returns the remote DNS hostname as a string. The returned string must not
+- * be freed. NB. this will usually trigger a DNS query the first time it is
+- * called.
+- * This function does additional checks on the hostname to mitigate some
+- * attacks on legacy rhosts-style authentication.
+- * XXX is RhostsRSAAuthentication vulnerable to these?
+- * XXX Can we remove these checks? (or if not, remove 
RhostsRSAAuthentication?)
+- */
+-
+-static char *
+-remote_hostname(struct ssh *ssh)
+-{
+-  struct sockaddr_storage from;
+-  socklen_t fromlen;
+-  struct addrinfo hints, *ai, *aitop;
+-  char 

[gentoo-commits] repo/gentoo:master commit in: net-misc/openssh/, net-misc/openssh/files/

[Thomas Deutschmann]

commit: 057cc59d64ede3c1b8a4a42ad003fb5cc7ef1d3b
Author: Thomas Deutschmann  gentoo  org>
AuthorDate: Wed Mar  6 23:55:08 2019 +
Commit: Thomas Deutschmann  gentoo  org>
CommitDate: Wed Mar  6 23:55:56 2019 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=057cc59d

net-misc/openssh: always call checkconfig to trigger key generation

Closes: https://bugs.gentoo.org/675922
Package-Manager: Portage-2.3.62, Repoman-2.3.12
Signed-off-by: Thomas Deutschmann  gentoo.org>

 net-misc/openssh/files/sshd-r1.initd  | 87 +++
 net-misc/openssh/openssh-7.9_p1-r4.ebuild |  2 +-
 2 files changed, 88 insertions(+), 1 deletion(-)

diff --git a/net-misc/openssh/files/sshd-r1.initd 
b/net-misc/openssh/files/sshd-r1.initd
new file mode 100644
index 000..e91cd0116cd
--- /dev/null
+++ b/net-misc/openssh/files/sshd-r1.initd
@@ -0,0 +1,87 @@
+#!/sbin/openrc-run
+# Copyright 1999-2019 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+extra_commands="checkconfig"
+extra_started_commands="reload"
+
+: ${SSHD_CONFDIR:=${RC_PREFIX%/}/etc/ssh}
+: ${SSHD_CONFIG:=${SSHD_CONFDIR}/sshd_config}
+: ${SSHD_PIDFILE:=${RC_PREFIX%/}/run/${SVCNAME}.pid}
+: ${SSHD_BINARY:=${RC_PREFIX%/}/usr/sbin/sshd}
+: ${SSHD_KEYGEN_BINARY:=${RC_PREFIX%/}/usr/bin/ssh-keygen}
+
+command="${SSHD_BINARY}"
+pidfile="${SSHD_PIDFILE}"
+command_args="${SSHD_OPTS} -o PidFile=${pidfile} -f ${SSHD_CONFIG}"
+
+# Wait one second (length chosen arbitrarily) to see if sshd actually
+# creates a PID file, or if it crashes for some reason like not being
+# able to bind to the address in ListenAddress (bug 617596).
+: ${SSHD_SSD_OPTS:=--wait 1000}
+start_stop_daemon_args="${SSHD_SSD_OPTS}"
+
+depend() {
+   # Entropy can be used by ssh-keygen, among other things, but
+   # is not strictly required (bug 470020).
+   use logger dns entropy
+   if [ "${rc_need+set}" = "set" ] ; then
+   : # Do nothing, the user has explicitly set rc_need
+   else
+   local x warn_addr
+   for x in $(awk '/^ListenAddress/{ print $2 }' "$SSHD_CONFIG" 
2>/dev/null) ; do
+   case "${x}" in
+   0.0.0.0|0.0.0.0:*) ;;
+   ::|\[::\]*) ;;
+   *) warn_addr="${warn_addr} ${x}" ;;
+   esac
+   done
+   if [ -n "${warn_addr}" ] ; then
+   need net
+   ewarn "You are binding an interface in ListenAddress 
statement in your sshd_config!"
+   ewarn "You must add rc_need=\"net.FOO\" to your 
${RC_PREFIX%/}/etc/conf.d/sshd"
+   ewarn "where FOO is the interface(s) providing the 
following address(es):"
+   ewarn "${warn_addr}"
+   fi
+   fi
+}
+
+checkconfig() {
+   checkpath --mode 0755 --directory "${RC_PREFIX%/}/var/empty"
+
+   if [ ! -e "${SSHD_CONFIG}" ] ; then
+   eerror "You need an ${SSHD_CONFIG} file to run sshd"
+   eerror "There is a sample file in /usr/share/doc/openssh"
+   return 1
+   fi
+
+   ${SSHD_KEYGEN_BINARY} -A || return 2
+
+   "${command}" -t ${command_args} || return 3
+}
+
+start_pre() {
+   # Make sure that the user's config isn't busted before we try
+   # to start the daemon (this will produce better error messages
+   # than if we just try to start it blindly).
+   #
+   # We always need to call checkconfig because this function will
+   # also generate any missing host key and you can start a
+   # non-running service with "restart" argument.
+   checkconfig || return $?
+}
+
+stop_pre() {
+   # If this is a restart, check to make sure the user's config
+   # isn't busted before we stop the running daemon.
+   if [ "${RC_CMD}" = "restart" ] ; then
+   checkconfig || return $?
+   fi
+}
+
+reload() {
+   checkconfig || return $?
+   ebegin "Reloading ${SVCNAME}"
+   start-stop-daemon --signal HUP --pidfile "${pidfile}"
+   eend $?
+}

diff --git a/net-misc/openssh/openssh-7.9_p1-r4.ebuild 
b/net-misc/openssh/openssh-7.9_p1-r4.ebuild
index 1c475e825c0..deb47d530d3 100644
--- a/net-misc/openssh/openssh-7.9_p1-r4.ebuild
+++ b/net-misc/openssh/openssh-7.9_p1-r4.ebuild
@@ -390,7 +390,7 @@ src_install() {
emake install-nokeys DESTDIR="${D}"
fperms 600 /etc/ssh/sshd_config
dobin contrib/ssh-copy-id
-   newinitd "${FILESDIR}"/sshd.initd sshd
+   newinitd "${FILESDIR}"/sshd-r1.initd sshd
newconfd "${FILESDIR}"/sshd-r1.confd sshd
 
newpamd "${FILESDIR}"/sshd.pam_include.2 sshd

[gentoo-commits] repo/gentoo:master commit in: net-misc/openssh/, net-misc/openssh/files/

[Lars Wendler]

commit: 050d6622eb94afedb98e37aa719e8ca6972cc9fa
Author: Lars Wendler  gentoo  org>
AuthorDate: Thu Jan 31 23:35:14 2019 +
Commit: Lars Wendler  gentoo  org>
CommitDate: Thu Jan 31 23:36:06 2019 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=050d6622

Revert "net-misc/openssh: Removed old."

This reverts commit 500a23230ac217b5dbca87f3cc22deaf1356ec2b.
because some ebuilds still depend on  gentoo.org>

 net-misc/openssh/Manifest  |   9 +
 .../files/openssh-7.3-mips-seccomp-n32.patch   |  21 +
 .../files/openssh-7.5_p1-CVE-2017-15906.patch  |  31 ++
 .../openssh/files/openssh-7.5_p1-GSSAPI-dns.patch  | 351 
 .../openssh/files/openssh-7.5_p1-cross-cache.patch |  39 ++
 .../files/openssh-7.5_p1-hpn-x509-10.2-glue.patch  |  67 +++
 .../files/openssh-7.5_p1-s390-seccomp.patch|  27 ++
 .../openssh/files/openssh-7.5_p1-x32-typo.patch|  25 ++
 .../files/openssh-7.8_p1-X509-no-version.patch |  19 +
 .../files/openssh-7.8_p1-hpn-X509-glue.patch   |  79 
 .../openssh/files/openssh-7.8_p1-hpn-glue.patch| 112 +
 .../files/openssh-7.8_p1-hpn-sctp-glue.patch   |  17 +
 net-misc/openssh/metadata.xml  |   2 +
 net-misc/openssh/openssh-7.5_p1-r4.ebuild  | 334 +++
 net-misc/openssh/openssh-7.8_p1.ebuild | 438 
 net-misc/openssh/openssh-7.9_p1-r1.ebuild  | 450 +
 net-misc/openssh/openssh-7.9_p1.ebuild | 450 +
 17 files changed, 2471 insertions(+)

diff --git a/net-misc/openssh/Manifest b/net-misc/openssh/Manifest
index 2bb83502015..e0c1d3402c2 100644
--- a/net-misc/openssh/Manifest
+++ b/net-misc/openssh/Manifest
@@ -1,10 +1,19 @@
+DIST openssh-7.4_p1-sctp.patch.xz 8220 BLAKE2B 
2d571cacaab342b7950b42ec826bd896edf78780e9ee73fcd441cbc9764eb59e408e295062862db986918824d10498383bf34ae7c93df0da2c056eaec4d2c031
 SHA512 
0c199e3b26949482125aeaa88216b2458292589e3eac8908d9134d13a1cae891094fcb0f752ed3009b3126cc72277b460205f39140c251792eb1b545271c3bd4
+DIST openssh-7.5p1+x509-10.2.diff.gz 467040 BLAKE2B 
4048b0f016bf7d43276f88117fc266d1a450d298563bfc6ce705ec2829b8f9d91af5c5232941d55004b5aea2d3e0fb682a9d4acd9510c9761ba7ede2f2f0e37f
 SHA512 
ec760d38771749d09afc8d720120ea2aa065c1c7983898b45dba74a4411f7e61e7705da226864e1e8e62e2261eecc3a4ab654b528c71512a07798824d9fb1a9a
+DIST openssh-7.5p1-hpnssh14v12.tar.xz 23068 BLAKE2B 
15702338877e50c2143b33b93bfc87d0aa0fa55915db1f0cab9c22e55f8aa0c6eeb5a56f438d849544d1650bdc574384b851292d621b79f673b78bc37617aa0b
 SHA512 
45c42090a212b9ce898fbaa8284ddf0f0d17236af13c4a780e00bf265b0c7a4286027e90a7ce9ad70066309db722709dd2f0a7914f57e5364ffbaf7c4859cdf9
+DIST openssh-7.5p1.tar.gz 1510857 BLAKE2B 
505764a210018136456c0f5dd40ad9f1383551c3ae037593d4296305df189e0a6f1383adc89b1970d58b8dcfff391878b7a29b848cc244a99705a164bec5d734
 SHA512 
58c542e8a110fb4316a68db94abb663fa1c810becd0638d45281df8aeca62c1f705090437a80e788e6c29121769b72a505feced537d3118c933fde01b5285c81
 DIST openssh-7.7p1-hpnssh14v15-gentoo2.patch.xz 22060 BLAKE2B 
9ee654f689d4b90bd0fe4f71d57b4a8d9d957012be3a23ff2baa6c45ae99e2f1e4daf5de24479a6a3eb761ee6847deb3c6c3021d4cbabc9089f605d8d7270efc
 SHA512 
856d28ac89c14d01c40c7d7e93cfaebd74b091188b5b469550eb62aa5445177aec1a5f47c1e2f7173013712e98e5f9f5e46bbb3dbd4ec7c5ee8256ef45cda0f8
 DIST openssh-7.7p1-patches-1.2.tar.xz 17584 BLAKE2B 
192ec01906c911197abec4606cdf136cf26ac4ab4c405267cd98bafaea409d9d596b2b985eaeda6a1425d587d63b6f403b988f280aff989357586bf232d27712
 SHA512 
e646ec3674b5ef38abe823406d33c8a47c5f63fa962c41386709a7ad7115d968b70fbcf7a8f3efc67a3e80e0194e8e22a01c2342c830f99970fe02532cdee51b
 DIST openssh-7.7p1-sctp-1.1.patch.xz 7548 BLAKE2B 
3b960c2377351955007005de560c2a3e8d0d059a0435e5beda14c63e444dad8b4357edaccd1cfe446c6268514f152b2bcfa7fa3612f1ae1324a31fecb0e85ac5
 SHA512 
093605865262a2b972db8c92990a49ed6178ed4567fb2626518c826c8472553d9be99a9e6052a6f5e545d81867b4118e9fd8a2c0c26a2739f1720b0f13282cba
 DIST openssh-7.7p1-x509-11.3.1.patch.xz 362672 BLAKE2B 
55b8b0ef00dc4d962a0db1115406b7b1e84110870c74198e9e4cb081b2ffde8daca67cb281c69d73b4c5cbffde361429d62634be194b57e888a0b434a0f42a37
 SHA512 
f84744f6d2e5a15017bce37bfa65ebb47dbafeac07ea9aab46bdc780b4062ff70687512d9d512cab81e3b9c701adb6ce17c5474f35cb4b49f57db2e2d45ac9ac
 DIST openssh-7.7p1.tar.gz 1536900 BLAKE2B 
7aee360f2cea5bfa3f8426fcbd66fde2568f05f9c8e623326b60f03b7c5f8abf223e178aa1d5958015b51627565bf5b1ace35b57f309638c908f5a7bf5500d21
 SHA512 
597252cb48209a0cb98ca1928a67e8d63e4275252f25bc37269204c108f034baade6ba0634e32ae63422fddd280f73096a6b31ad2f2e7a848dde75ca30e14261
+DIST openssh-7.8p1+x509-11.4.diff.gz 536597 BLAKE2B 
18593135d0d4010f40a6e0c99a6a2e9fb4ca98d00b4940be5cb547fcb647adc9663245274d4e792bcc7c2ec49accaceb7c3c489707bbb7aaeed260dd2e0eb1c3
 SHA512 
b95d46201626797f197c5aa8488b0543d2c7c5719b99fadd94ef2c888a96c6a7b649527b78b6d6014d953ae57e05ecf116192cf498687db8cb7669c3998deecc
+DIST 

[gentoo-commits] repo/gentoo:master commit in: net-misc/openssh/, net-misc/openssh/files/

[Lars Wendler]

commit: 500a23230ac217b5dbca87f3cc22deaf1356ec2b
Author: Lars Wendler  gentoo  org>
AuthorDate: Thu Jan 31 22:54:56 2019 +
Commit: Lars Wendler  gentoo  org>
CommitDate: Thu Jan 31 22:55:10 2019 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=500a2323

net-misc/openssh: Removed old.

Package-Manager: Portage-2.3.59, Repoman-2.3.12
Signed-off-by: Lars Wendler  gentoo.org>

 net-misc/openssh/Manifest  |   9 -
 .../files/openssh-7.3-mips-seccomp-n32.patch   |  21 -
 .../files/openssh-7.5_p1-CVE-2017-15906.patch  |  31 --
 .../openssh/files/openssh-7.5_p1-GSSAPI-dns.patch  | 351 
 .../openssh/files/openssh-7.5_p1-cross-cache.patch |  39 --
 .../files/openssh-7.5_p1-hpn-x509-10.2-glue.patch  |  67 ---
 .../files/openssh-7.5_p1-s390-seccomp.patch|  27 --
 .../openssh/files/openssh-7.5_p1-x32-typo.patch|  25 --
 .../files/openssh-7.8_p1-X509-no-version.patch |  19 -
 .../files/openssh-7.8_p1-hpn-X509-glue.patch   |  79 
 .../openssh/files/openssh-7.8_p1-hpn-glue.patch| 112 -
 .../files/openssh-7.8_p1-hpn-sctp-glue.patch   |  17 -
 net-misc/openssh/metadata.xml  |   2 -
 net-misc/openssh/openssh-7.5_p1-r4.ebuild  | 334 ---
 net-misc/openssh/openssh-7.8_p1.ebuild | 438 
 net-misc/openssh/openssh-7.9_p1-r1.ebuild  | 450 -
 net-misc/openssh/openssh-7.9_p1.ebuild | 450 -
 17 files changed, 2471 deletions(-)

diff --git a/net-misc/openssh/Manifest b/net-misc/openssh/Manifest
index e0c1d3402c2..2bb83502015 100644
--- a/net-misc/openssh/Manifest
+++ b/net-misc/openssh/Manifest
@@ -1,19 +1,10 @@
-DIST openssh-7.4_p1-sctp.patch.xz 8220 BLAKE2B 
2d571cacaab342b7950b42ec826bd896edf78780e9ee73fcd441cbc9764eb59e408e295062862db986918824d10498383bf34ae7c93df0da2c056eaec4d2c031
 SHA512 
0c199e3b26949482125aeaa88216b2458292589e3eac8908d9134d13a1cae891094fcb0f752ed3009b3126cc72277b460205f39140c251792eb1b545271c3bd4
-DIST openssh-7.5p1+x509-10.2.diff.gz 467040 BLAKE2B 
4048b0f016bf7d43276f88117fc266d1a450d298563bfc6ce705ec2829b8f9d91af5c5232941d55004b5aea2d3e0fb682a9d4acd9510c9761ba7ede2f2f0e37f
 SHA512 
ec760d38771749d09afc8d720120ea2aa065c1c7983898b45dba74a4411f7e61e7705da226864e1e8e62e2261eecc3a4ab654b528c71512a07798824d9fb1a9a
-DIST openssh-7.5p1-hpnssh14v12.tar.xz 23068 BLAKE2B 
15702338877e50c2143b33b93bfc87d0aa0fa55915db1f0cab9c22e55f8aa0c6eeb5a56f438d849544d1650bdc574384b851292d621b79f673b78bc37617aa0b
 SHA512 
45c42090a212b9ce898fbaa8284ddf0f0d17236af13c4a780e00bf265b0c7a4286027e90a7ce9ad70066309db722709dd2f0a7914f57e5364ffbaf7c4859cdf9
-DIST openssh-7.5p1.tar.gz 1510857 BLAKE2B 
505764a210018136456c0f5dd40ad9f1383551c3ae037593d4296305df189e0a6f1383adc89b1970d58b8dcfff391878b7a29b848cc244a99705a164bec5d734
 SHA512 
58c542e8a110fb4316a68db94abb663fa1c810becd0638d45281df8aeca62c1f705090437a80e788e6c29121769b72a505feced537d3118c933fde01b5285c81
 DIST openssh-7.7p1-hpnssh14v15-gentoo2.patch.xz 22060 BLAKE2B 
9ee654f689d4b90bd0fe4f71d57b4a8d9d957012be3a23ff2baa6c45ae99e2f1e4daf5de24479a6a3eb761ee6847deb3c6c3021d4cbabc9089f605d8d7270efc
 SHA512 
856d28ac89c14d01c40c7d7e93cfaebd74b091188b5b469550eb62aa5445177aec1a5f47c1e2f7173013712e98e5f9f5e46bbb3dbd4ec7c5ee8256ef45cda0f8
 DIST openssh-7.7p1-patches-1.2.tar.xz 17584 BLAKE2B 
192ec01906c911197abec4606cdf136cf26ac4ab4c405267cd98bafaea409d9d596b2b985eaeda6a1425d587d63b6f403b988f280aff989357586bf232d27712
 SHA512 
e646ec3674b5ef38abe823406d33c8a47c5f63fa962c41386709a7ad7115d968b70fbcf7a8f3efc67a3e80e0194e8e22a01c2342c830f99970fe02532cdee51b
 DIST openssh-7.7p1-sctp-1.1.patch.xz 7548 BLAKE2B 
3b960c2377351955007005de560c2a3e8d0d059a0435e5beda14c63e444dad8b4357edaccd1cfe446c6268514f152b2bcfa7fa3612f1ae1324a31fecb0e85ac5
 SHA512 
093605865262a2b972db8c92990a49ed6178ed4567fb2626518c826c8472553d9be99a9e6052a6f5e545d81867b4118e9fd8a2c0c26a2739f1720b0f13282cba
 DIST openssh-7.7p1-x509-11.3.1.patch.xz 362672 BLAKE2B 
55b8b0ef00dc4d962a0db1115406b7b1e84110870c74198e9e4cb081b2ffde8daca67cb281c69d73b4c5cbffde361429d62634be194b57e888a0b434a0f42a37
 SHA512 
f84744f6d2e5a15017bce37bfa65ebb47dbafeac07ea9aab46bdc780b4062ff70687512d9d512cab81e3b9c701adb6ce17c5474f35cb4b49f57db2e2d45ac9ac
 DIST openssh-7.7p1.tar.gz 1536900 BLAKE2B 
7aee360f2cea5bfa3f8426fcbd66fde2568f05f9c8e623326b60f03b7c5f8abf223e178aa1d5958015b51627565bf5b1ace35b57f309638c908f5a7bf5500d21
 SHA512 
597252cb48209a0cb98ca1928a67e8d63e4275252f25bc37269204c108f034baade6ba0634e32ae63422fddd280f73096a6b31ad2f2e7a848dde75ca30e14261
-DIST openssh-7.8p1+x509-11.4.diff.gz 536597 BLAKE2B 
18593135d0d4010f40a6e0c99a6a2e9fb4ca98d00b4940be5cb547fcb647adc9663245274d4e792bcc7c2ec49accaceb7c3c489707bbb7aaeed260dd2e0eb1c3
 SHA512 
b95d46201626797f197c5aa8488b0543d2c7c5719b99fadd94ef2c888a96c6a7b649527b78b6d6014d953ae57e05ecf116192cf498687db8cb7669c3998deecc
-DIST openssh-7.8p1-sctp-1.1.patch.xz 7548 

[gentoo-commits] repo/gentoo:master commit in: net-misc/openssh/, net-misc/openssh/files/

[Thomas Deutschmann]

commit: 45084b9a615f719976434938be717dfde3075133
Author: Thomas Deutschmann  gentoo  org>
AuthorDate: Tue Jan 15 17:41:40 2019 +
Commit: Thomas Deutschmann  gentoo  org>
CommitDate: Tue Jan 15 17:41:58 2019 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=45084b9a

net-misc/openssh: add patch for CVE-2018-20685

Package-Manager: Portage-2.3.55, Repoman-2.3.12
Signed-off-by: Thomas Deutschmann  gentoo.org>

 .../files/openssh-7.9_p1-CVE-2018-20685.patch  |  16 +
 net-misc/openssh/openssh-7.9_p1-r2.ebuild  | 451 +
 2 files changed, 467 insertions(+)

diff --git a/net-misc/openssh/files/openssh-7.9_p1-CVE-2018-20685.patch 
b/net-misc/openssh/files/openssh-7.9_p1-CVE-2018-20685.patch
new file mode 100644
index 000..3fa3e318af5
--- /dev/null
+++ b/net-misc/openssh/files/openssh-7.9_p1-CVE-2018-20685.patch
@@ -0,0 +1,16 @@
+CVE-2018-20685
+
+https://github.com/openssh/openssh-portable/commit/6010c0303a422a9c5fa8860c061bf7105eb7f8b2
+
+--- a/scp.c
 b/scp.c
+@@ -1106,7 +1106,8 @@ sink(int argc, char **argv)
+   SCREWUP("size out of range");
+   size = (off_t)ull;
+ 
+-  if ((strchr(cp, '/') != NULL) || (strcmp(cp, "..") == 0)) {
++  if (*cp == '\0' || strchr(cp, '/') != NULL ||
++  strcmp(cp, ".") == 0 || strcmp(cp, "..") == 0) {
+   run_err("error: unexpected filename: %s", cp);
+   exit(1);
+   }

diff --git a/net-misc/openssh/openssh-7.9_p1-r2.ebuild 
b/net-misc/openssh/openssh-7.9_p1-r2.ebuild
new file mode 100644
index 000..89010a6ace2
--- /dev/null
+++ b/net-misc/openssh/openssh-7.9_p1-r2.ebuild
@@ -0,0 +1,451 @@
+# Copyright 1999-2019 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=6
+
+inherit user flag-o-matic multilib autotools pam systemd
+
+# Make it more portable between straight releases
+# and _p? releases.
+PARCH=${P/_}
+#HPN_PV="${PV^^}"
+HPN_PV="7.8_P1"
+
+HPN_VER="14.16"
+HPN_PATCHES=(
+   ${PN}-${HPN_PV/./_}-hpn-DynWinNoneSwitch-${HPN_VER}.diff
+   ${PN}-${HPN_PV/./_}-hpn-AES-CTR-${HPN_VER}.diff
+)
+HPN_DISABLE_MTAES=1 # unit tests hang on MT-AES-CTR
+SCTP_VER="1.1" SCTP_PATCH="${PARCH}-sctp-${SCTP_VER}.patch.xz"
+X509_VER="11.6" X509_PATCH="${PARCH}+x509-${X509_VER}.diff.gz"
+
+DESCRIPTION="Port of OpenBSD's free SSH release"
+HOMEPAGE="https://www.openssh.com/;
+SRC_URI="mirror://openbsd/OpenSSH/portable/${PARCH}.tar.gz
+   ${SCTP_PATCH:+sctp? ( 
https://dev.gentoo.org/~chutzpah/dist/openssh/${SCTP_PATCH} )}
+   ${HPN_VER:+hpn? ( $(printf 
"mirror://sourceforge/hpnssh/HPN-SSH%%20${HPN_VER/./v}%%20${HPN_PV/_}/%s\n" 
"${HPN_PATCHES[@]}") )}
+   ${X509_PATCH:+X509? ( 
https://roumenpetrov.info/openssh/x509-${X509_VER}/${X509_PATCH} )}
+   "
+
+LICENSE="BSD GPL-2"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 
~sh ~sparc ~x86 ~ppc-aix ~x64-cygwin ~amd64-fbsd ~x86-fbsd ~amd64-linux 
~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris 
~sparc64-solaris ~x64-solaris ~x86-solaris"
+# Probably want to drop ssl defaulting to on in a future version.
+IUSE="abi_mips_n32 audit bindist debug hpn kerberos kernel_linux ldns libedit 
libressl livecd pam +pie sctp selinux +ssl static test X X509"
+RESTRICT="!test? ( test )"
+REQUIRED_USE="ldns? ( ssl )
+   pie? ( !static )
+   static? ( !kerberos !pam )
+   X509? ( !sctp ssl )
+   test? ( ssl )"
+
+LIB_DEPEND="
+   audit? ( sys-process/audit[static-libs(+)] )
+   ldns? (
+   net-libs/ldns[static-libs(+)]
+   !bindist? ( net-libs/ldns[ecdsa,ssl(+)] )
+   bindist? ( net-libs/ldns[-ecdsa,ssl(+)] )
+   )
+   libedit? ( dev-libs/libedit:=[static-libs(+)] )
+   sctp? ( net-misc/lksctp-tools[static-libs(+)] )
+   selinux? ( >=sys-libs/libselinux-1.28[static-libs(+)] )
+   ssl? (
+   !libressl? (
+   || (
+   (
+   >=dev-libs/openssl-1.0.1:0[bindist=]
+   =dev-libs/openssl-1.1.0g:0[bindist=]
+   )
+   dev-libs/openssl:0=[static-libs(+)]
+   )
+   libressl? ( dev-libs/libressl:0=[static-libs(+)] )
+   )
+   >=sys-libs/zlib-1.2.3:=[static-libs(+)]"
+RDEPEND="
+   !static? ( ${LIB_DEPEND//\[static-libs(+)]} )
+   pam? ( virtual/pam )
+   kerberos? ( virtual/krb5 )"
+DEPEND="${RDEPEND}
+   static? ( ${LIB_DEPEND} )
+   virtual/pkgconfig
+   virtual/os-headers
+   sys-devel/autoconf"
+RDEPEND="${RDEPEND}
+   pam? ( >=sys-auth/pambase-20081028 )
+   userland_GNU? ( virtual/shadow )
+   X? ( x11-apps/xauth )"
+
+S="${WORKDIR}/${PARCH}"
+
+pkg_pretend() {
+   # this sucks, but i'd rather have people unable to `emerge 

[gentoo-commits] repo/gentoo:master commit in: net-misc/openssh/, net-misc/openssh/files/

[Patrick McLean]

commit: fe272e74d62b707e8083fecac8ca667760d0dc16
Author: Patrick McLean  sony  com>
AuthorDate: Sat Dec  8 01:27:20 2018 +
Commit: Patrick McLean  gentoo  org>
CommitDate: Sat Dec  8 01:27:20 2018 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=fe272e74

net-misc/openssh: Fix X509+libressl-2.8 and remove /run in 7.9_p1

Copyright: Sony Interactive Entertainment Inc.
Package-Manager: Portage-2.3.52, Repoman-2.3.12
Signed-off-by: Patrick McLean  gentoo.org>

 .../files/openssh-7.9_p1-X509-dont-make-piddir.patch | 16 
 net-misc/openssh/files/openssh-7.9_p1-libressl-2.8.patch | 16 
 net-misc/openssh/openssh-7.9_p1.ebuild   |  3 +++
 3 files changed, 35 insertions(+)

diff --git a/net-misc/openssh/files/openssh-7.9_p1-X509-dont-make-piddir.patch 
b/net-misc/openssh/files/openssh-7.9_p1-X509-dont-make-piddir.patch
new file mode 100644
index 000..c30ca278544
--- /dev/null
+++ b/net-misc/openssh/files/openssh-7.9_p1-X509-dont-make-piddir.patch
@@ -0,0 +1,16 @@
+--- a/openssh-7.9p1+x509-11.5.diff 2018-12-07 17:24:03.211328918 -0800
 b/openssh-7.9p1+x509-11.5.diff 2018-12-07 17:24:13.399262277 -0800
+@@ -40681,12 +40681,11 @@
+
+  install: $(CONFIGFILES) $(MANPAGES) $(TARGETS) install-files install-sysconf 
host-key check-config
+  install-nokeys: $(CONFIGFILES) $(MANPAGES) $(TARGETS) install-files 
install-sysconf
+-@@ -333,6 +351,8 @@
++@@ -333,6 +351,7 @@
+   $(MKDIR_P) $(DESTDIR)$(mandir)/$(mansubdir)5
+   $(MKDIR_P) $(DESTDIR)$(mandir)/$(mansubdir)8
+   $(MKDIR_P) $(DESTDIR)$(libexecdir)
+ + $(MKDIR_P) $(DESTDIR)$(sshcadir)
+-+ $(MKDIR_P) $(DESTDIR)$(piddir)
+   $(MKDIR_P) -m 0755 $(DESTDIR)$(PRIVSEP_PATH)
+   $(INSTALL) -m 0755 $(STRIP_OPT) ssh$(EXEEXT) 
$(DESTDIR)$(bindir)/ssh$(EXEEXT)
+   $(INSTALL) -m 0755 $(STRIP_OPT) scp$(EXEEXT) 
$(DESTDIR)$(bindir)/scp$(EXEEXT)

diff --git a/net-misc/openssh/files/openssh-7.9_p1-libressl-2.8.patch 
b/net-misc/openssh/files/openssh-7.9_p1-libressl-2.8.patch
new file mode 100644
index 000..58f3ce2922e
--- /dev/null
+++ b/net-misc/openssh/files/openssh-7.9_p1-libressl-2.8.patch
@@ -0,0 +1,16 @@
+--- openssh-7.9p1.orig/evp-compat.h2018-12-07 17:07:37.929762570 -0800
 openssh-7.9p1/evp-compat.h 2018-12-07 17:08:03.923592845 -0800
+@@ -100,11 +100,13 @@
+ }
+ 
+ 
++#if LIBRESSL_VERSION_NUMBER < 0x2080L
+ static inline int
+ EVP_CIPHER_CTX_encrypting(const EVP_CIPHER_CTX *ctx)
+ {
+   return(ctx->encrypt);
+ }
++#endif /* LIBRESSL_VERSION_NUMBER < 0x2080L */
+ 
+ 
+ static inline void*

diff --git a/net-misc/openssh/openssh-7.9_p1.ebuild 
b/net-misc/openssh/openssh-7.9_p1.ebuild
index 83ff7a4d299..a8cacd6542e 100644
--- a/net-misc/openssh/openssh-7.9_p1.ebuild
+++ b/net-misc/openssh/openssh-7.9_p1.ebuild
@@ -124,9 +124,11 @@ src_prepare() {
if use X509 ; then
pushd "${WORKDIR}" || die
eapply "${FILESDIR}/${P}-X509-glue.patch"
+   eapply "${FILESDIR}/${P}-X509-dont-make-piddir.patch"
popd || die
 
eapply "${WORKDIR}"/${X509_PATCH%.*}
+   eapply "${FILESDIR}"/${PN}-7.9_p1-libressl-2.8.patch
 
# We need to patch package version or any X.509 sshd will 
reject our ssh client
# with "userauth_pubkey: could not parse key: string is too 
large [preauth]"
@@ -389,6 +391,7 @@ src_install() {
 
systemd_dounit "${FILESDIR}"/sshd.{service,socket}
systemd_newunit "${FILESDIR}"/sshd_at.service 'sshd@.service'
+   ls -la "${D}"/run
 }
 
 pkg_preinst() {

[gentoo-commits] repo/gentoo:master commit in: net-misc/openssh/, net-misc/openssh/files/

[Patrick McLean]

commit: 371794f20c7eb2b88cae2619b6fa352aafb4
Author: Patrick McLean  sony  com>
AuthorDate: Thu Oct 25 00:06:36 2018 +
Commit: Patrick McLean  gentoo  org>
CommitDate: Thu Oct 25 00:06:56 2018 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=371794f2

net-misc/openssh: Fix build with openssl-1.1 and hpn (bug #669506)

Closes: https://bugs.gentoo.org/669506
Signed-off-by: Patrick McLean  gentoo.org>
Package-Manager: Portage-2.3.51, Repoman-2.3.11

 .../files/openssh-7.9_p1-hpn-openssl-1.1.patch | 107 +
 net-misc/openssh/openssh-7.9_p1.ebuild |   1 +
 2 files changed, 108 insertions(+)

diff --git a/net-misc/openssh/files/openssh-7.9_p1-hpn-openssl-1.1.patch 
b/net-misc/openssh/files/openssh-7.9_p1-hpn-openssl-1.1.patch
new file mode 100644
index 000..524d05ad89d
--- /dev/null
+++ b/net-misc/openssh/files/openssh-7.9_p1-hpn-openssl-1.1.patch
@@ -0,0 +1,107 @@
+--- openssh-7.9p1.orig/cipher-ctr-mt.c 2018-10-24 20:48:00.909255466 -
 openssh-7.9p1/cipher-ctr-mt.c  2018-10-24 20:48:17.378155144 -
+@@ -46,7 +46,7 @@
+ 
+ /* TUNABLES */
+ /* maximum number of threads and queues */
+-#define MAX_THREADS  32
++#define MAX_THREADS  32 
+ #define MAX_NUMKQ(MAX_THREADS * 2)
+ 
+ /* Number of pregen threads to use */
+@@ -435,7 +435,7 @@
+   destp.u += AES_BLOCK_SIZE;
+   srcp.u += AES_BLOCK_SIZE;
+   len -= AES_BLOCK_SIZE;
+-  ssh_ctr_inc(ctx->iv, AES_BLOCK_SIZE);
++  ssh_ctr_inc(c->aes_counter, AES_BLOCK_SIZE);
+ 
+   /* Increment read index, switch queues on rollover */
+   if ((ridx = (ridx + 1) % KQLEN) == 0) {
+@@ -481,8 +481,6 @@
+   /* get the number of cores in the system */
+   /* if it's not linux it currently defaults to 2 */
+   /* divide by 2 to get threads for each direction (MODE_IN||MODE_OUT) */
+-  /* NB: assigning a float to an int discards the remainder which is */
+-  /* acceptable (and wanted) in this case */
+ #ifdef __linux__
+   cipher_threads = sysconf(_SC_NPROCESSORS_ONLN) / 2;
+ #endif /*__linux__*/
+@@ -505,11 +503,12 @@
+   if (cipher_threads < 2) 
+   cipher_threads = 2;
+   
+-/* assure that we aren't trying to create more threads than we have 
in the struct */
+-  /* cipher_threads is half the total of allowable threads hence the odd 
looking math here */
++  /* assure that we aren't trying to create more threads */
++  /* than we have in the struct. cipher_threads is half the */
++  /* total of allowable threads hence the odd looking math here */
+   if (cipher_threads * 2 > MAX_THREADS)
+   cipher_threads = MAX_THREADS / 2;
+-  
++
+   /* set the number of keystream queues */
+   numkq = cipher_threads * 2;
+ 
+@@ -551,16 +550,16 @@
+   }
+ 
+   if (iv != NULL) {
+-  memcpy(ctx->iv, iv, AES_BLOCK_SIZE);
++  memcpy(c->aes_counter, iv, AES_BLOCK_SIZE);
+   c->state |= HAVE_IV;
+   }
+ 
+   if (c->state == (HAVE_KEY | HAVE_IV)) {
+   /* Clear queues */
+-  memcpy(c->q[0].ctr, ctx->iv, AES_BLOCK_SIZE);
++  memcpy(c->q[0].ctr, c->aes_counter, AES_BLOCK_SIZE);
+   c->q[0].qstate = KQINIT;
+   for (i = 1; i < numkq; i++) {
+-  memcpy(c->q[i].ctr, ctx->iv, AES_BLOCK_SIZE);
++  memcpy(c->q[i].ctr, c->aes_counter, AES_BLOCK_SIZE);
+   ssh_ctr_add(c->q[i].ctr, i * KQLEN, AES_BLOCK_SIZE);
+   c->q[i].qstate = KQEMPTY;
+   }
+@@ -644,8 +643,22 @@
+ const EVP_CIPHER *
+ evp_aes_ctr_mt(void)
+ {
++# if OPENSSL_VERSION_NUMBER >= 0x1010UL
++  static EVP_CIPHER *aes_ctr;
++  aes_ctr = EVP_CIPHER_meth_new(NID_undef, 16/*block*/, 16/*key*/);
++  EVP_CIPHER_meth_set_iv_length(aes_ctr, AES_BLOCK_SIZE);
++  EVP_CIPHER_meth_set_init(aes_ctr, ssh_aes_ctr_init);
++  EVP_CIPHER_meth_set_cleanup(aes_ctr, ssh_aes_ctr_cleanup);
++  EVP_CIPHER_meth_set_do_cipher(aes_ctr, ssh_aes_ctr);
++#  ifndef SSH_OLD_EVP
++  EVP_CIPHER_meth_set_flags(aes_ctr, EVP_CIPH_CBC_MODE
++| EVP_CIPH_VARIABLE_LENGTH
++| EVP_CIPH_ALWAYS_CALL_INIT
++| EVP_CIPH_CUSTOM_IV);
++#  endif /*SSH_OLD_EVP*/
++  return (aes_ctr);
++# else /*earlier version of openssl*/
+   static EVP_CIPHER aes_ctr;
+-
+   memset(_ctr, 0, sizeof(EVP_CIPHER));
+   aes_ctr.nid = NID_undef;
+   aes_ctr.block_size = AES_BLOCK_SIZE;
+@@ -654,11 +667,12 @@
+   aes_ctr.init = ssh_aes_ctr_init;
+   aes_ctr.cleanup = ssh_aes_ctr_cleanup;
+   aes_ctr.do_cipher = ssh_aes_ctr;
+-#ifndef SSH_OLD_EVP
+-  aes_ctr.flags = EVP_CIPH_CBC_MODE | EVP_CIPH_VARIABLE_LENGTH |
+- 

[gentoo-commits] repo/gentoo:master commit in: net-misc/openssh/, net-misc/openssh/files/

[Thomas Deutschmann]

commit: 4c4d1ad673a50b2ed24b8b8a4242c9de81ea9ce9
Author: Thomas Deutschmann  gentoo  org>
AuthorDate: Wed Aug 22 14:54:12 2018 +
Commit: Thomas Deutschmann  gentoo  org>
CommitDate: Wed Aug 22 15:00:06 2018 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=4c4d1ad6

net-misc/openssh: create /var/empty with correct permission

Closes: https://bugs.gentoo.org/664192
Package-Manager: Portage-2.3.48, Repoman-2.3.10

 net-misc/openssh/files/sshd.initd |  89 ++
 net-misc/openssh/openssh-7.7_p1-r9.ebuild | 444 ++
 2 files changed, 533 insertions(+)

diff --git a/net-misc/openssh/files/sshd.initd 
b/net-misc/openssh/files/sshd.initd
new file mode 100644
index 000..c5df4693dbe
--- /dev/null
+++ b/net-misc/openssh/files/sshd.initd
@@ -0,0 +1,89 @@
+#!/sbin/openrc-run
+# Copyright 1999-2018 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+extra_commands="checkconfig"
+extra_started_commands="reload"
+
+: ${SSHD_CONFDIR:=${RC_PREFIX%/}/etc/ssh}
+: ${SSHD_CONFIG:=${SSHD_CONFDIR}/sshd_config}
+: ${SSHD_PIDFILE:=${RC_PREFIX%/}/run/${SVCNAME}.pid}
+: ${SSHD_BINARY:=${RC_PREFIX%/}/usr/sbin/sshd}
+: ${SSHD_KEYGEN_BINARY:=${RC_PREFIX%/}/usr/bin/ssh-keygen}
+
+command="${SSHD_BINARY}"
+pidfile="${SSHD_PIDFILE}"
+command_args="${SSHD_OPTS} -o PidFile=${pidfile} -f ${SSHD_CONFIG}"
+
+# Wait one second (length chosen arbitrarily) to see if sshd actually
+# creates a PID file, or if it crashes for some reason like not being
+# able to bind to the address in ListenAddress (bug 617596).
+: ${SSHD_SSD_OPTS:=--wait 1000}
+start_stop_daemon_args="${SSHD_SSD_OPTS}"
+
+depend() {
+   # Entropy can be used by ssh-keygen, among other things, but
+   # is not strictly required (bug 470020).
+   use logger dns entropy
+   if [ "${rc_need+set}" = "set" ] ; then
+   : # Do nothing, the user has explicitly set rc_need
+   else
+   local x warn_addr
+   for x in $(awk '/^ListenAddress/{ print $2 }' "$SSHD_CONFIG" 
2>/dev/null) ; do
+   case "${x}" in
+   0.0.0.0|0.0.0.0:*) ;;
+   ::|\[::\]*) ;;
+   *) warn_addr="${warn_addr} ${x}" ;;
+   esac
+   done
+   if [ -n "${warn_addr}" ] ; then
+   need net
+   ewarn "You are binding an interface in ListenAddress 
statement in your sshd_config!"
+   ewarn "You must add rc_need=\"net.FOO\" to your 
${RC_PREFIX%/}/etc/conf.d/sshd"
+   ewarn "where FOO is the interface(s) providing the 
following address(es):"
+   ewarn "${warn_addr}"
+   fi
+   fi
+}
+
+checkconfig() {
+   checkpath --mode 0755 --directory "${RC_PREFIX%/}/var/empty"
+
+   if [ ! -e "${SSHD_CONFIG}" ] ; then
+   eerror "You need an ${SSHD_CONFIG} file to run sshd"
+   eerror "There is a sample file in /usr/share/doc/openssh"
+   return 1
+   fi
+
+   ${SSHD_KEYGEN_BINARY} -A || return 2
+
+   "${command}" -t ${command_args} || return 3
+}
+
+start_pre() {
+   # If this isn't a restart, make sure that the user's config isn't
+   # busted before we try to start the daemon (this will produce
+   # better error messages than if we just try to start it blindly).
+   #
+   # If, on the other hand, this *is* a restart, then the stop_pre
+   # action will have ensured that the config is usable and we don't
+   # need to do that again.
+   if [ "${RC_CMD}" != "restart" ] ; then
+   checkconfig || return $?
+   fi
+}
+
+stop_pre() {
+   # If this is a restart, check to make sure the user's config
+   # isn't busted before we stop the running daemon.
+   if [ "${RC_CMD}" = "restart" ] ; then
+   checkconfig || return $?
+   fi
+}
+
+reload() {
+   checkconfig || return $?
+   ebegin "Reloading ${SVCNAME}"
+   start-stop-daemon --signal HUP --pidfile "${pidfile}"
+   eend $?
+}

diff --git a/net-misc/openssh/openssh-7.7_p1-r9.ebuild 
b/net-misc/openssh/openssh-7.7_p1-r9.ebuild
new file mode 100644
index 000..586cd326821
--- /dev/null
+++ b/net-misc/openssh/openssh-7.7_p1-r9.ebuild
@@ -0,0 +1,444 @@
+# Copyright 1999-2018 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI="6"
+
+inherit user flag-o-matic multilib autotools pam systemd versionator
+
+# Make it more portable between straight releases
+# and _p? releases.
+PARCH=${P/_}
+
+HPN_VER="14v15-gentoo2" HPN_PATCH="${PARCH}-hpnssh${HPN_VER}.patch.xz"
+SCTP_VER="1.1" SCTP_PATCH="${PARCH}-sctp-${SCTP_VER}.patch.xz"
+X509_VER="11.3.1" X509_PATCH="${PARCH}-x509-${X509_VER}.patch.xz"
+
+PATCH_SET="openssh-7.7p1-patches-1.2"
+
+DESCRIPTION="Port of OpenBSD's free SSH 

[gentoo-commits] repo/gentoo:master commit in: net-misc/openssh/, net-misc/openssh/files/

[Lars Wendler]

commit: a3ac5d6f365556d7373a62cc4cfcfbd4a84de7b7
Author: Petr Vaněk  excello  cz>
AuthorDate: Tue Mar  6 13:08:21 2018 +
Commit: Lars Wendler  gentoo  org>
CommitDate: Mon Mar 12 15:50:25 2018 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=a3ac5d6f

net-misc/openssh: apply patch to fix PermitOpen issue

PermitOpen directive ignores arguments beyond the second one.

https://www.spinics.net/lists/openssh-unix-dev/msg04433.html

Patch was applied to upstream and only 7.6_p1 has this issue.
Closes: https://github.com/gentoo/gentoo/pull/7376

 .../openssh/files/openssh-7.6_p1-permitopen.patch  |  49 +++
 net-misc/openssh/openssh-7.6_p1-r5.ebuild  | 336 +
 2 files changed, 385 insertions(+)

diff --git a/net-misc/openssh/files/openssh-7.6_p1-permitopen.patch 
b/net-misc/openssh/files/openssh-7.6_p1-permitopen.patch
new file mode 100644
index 000..5dc96d4d0a3
--- /dev/null
+++ b/net-misc/openssh/files/openssh-7.6_p1-permitopen.patch
@@ -0,0 +1,49 @@
+From 69bda0228861f3dacd4fb3d28b60ce9d103d254b Mon Sep 17 00:00:00 2001
+From: "d...@openbsd.org" 
+Date: Wed, 4 Oct 2017 18:49:30 +
+Subject: [PATCH] upstream commit
+
+fix (another) problem in PermitOpen introduced during the
+channels.c refactor: the third and subsequent arguments to PermitOpen were
+being silently ignored; ok markus@
+
+Upstream-ID: 067c89f1f53cbc381628012ba776d6861e6782fd
+---
+ servconf.c | 8 
+ 1 file changed, 4 insertions(+), 4 deletions(-)
+
+diff --git a/servconf.c b/servconf.c
+index 2c321a4a..95686295 100644
+--- a/servconf.c
 b/servconf.c
+@@ -1,5 +1,5 @@
+ 
+-/* $OpenBSD: servconf.c,v 1.312 2017/10/02 19:33:20 djm Exp $ */
++/* $OpenBSD: servconf.c,v 1.313 2017/10/04 18:49:30 djm Exp $ */
+ /*
+  * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland
+  *All rights reserved
+@@ -1663,9 +1663,9 @@ process_server_config_line(ServerOptions *options, char 
*line,
+   if (!arg || *arg == '\0')
+   fatal("%s line %d: missing PermitOpen specification",
+   filename, linenum);
+-  i = options->num_permitted_opens;   /* modified later */
++  value = options->num_permitted_opens;   /* modified later */
+   if (strcmp(arg, "any") == 0 || strcmp(arg, "none") == 0) {
+-  if (*activep && i == 0) {
++  if (*activep && value == 0) {
+   options->num_permitted_opens = 1;
+   options->permitted_opens = xcalloc(1,
+   sizeof(*options->permitted_opens));
+@@ -1683,7 +1683,7 @@ process_server_config_line(ServerOptions *options, char 
*line,
+   if (arg == NULL || ((port = permitopen_port(arg)) < 0))
+   fatal("%s line %d: bad port number in "
+   "PermitOpen", filename, linenum);
+-  if (*activep && i == 0) {
++  if (*activep && value == 0) {
+   options->permitted_opens = xrecallocarray(
+   options->permitted_opens,
+   options->num_permitted_opens,
+-- 
+2.16.1
+

diff --git a/net-misc/openssh/openssh-7.6_p1-r5.ebuild 
b/net-misc/openssh/openssh-7.6_p1-r5.ebuild
new file mode 100644
index 000..e19d5f0f30b
--- /dev/null
+++ b/net-misc/openssh/openssh-7.6_p1-r5.ebuild
@@ -0,0 +1,336 @@
+# Copyright 1999-2018 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=6
+
+inherit user flag-o-matic multilib autotools pam systemd versionator
+
+# Make it more portable between straight releases
+# and _p? releases.
+PARCH=${P/_}
+
+HPN_PATCH="${PARCH}-hpnssh14v12-r1.tar.xz"
+SCTP_PATCH="${PN}-7.6_p1-sctp.patch.xz"
+LDAP_PATCH="${PN}-lpk-7.6p1-0.3.14.patch.xz"
+X509_VER="11.2" X509_PATCH="${PN}-${PV/_}+x509-${X509_VER}.diff.gz"
+
+DESCRIPTION="Port of OpenBSD's free SSH release"
+HOMEPAGE="http://www.openssh.org/;
+SRC_URI="mirror://openbsd/OpenSSH/portable/${PARCH}.tar.gz
+   ${SCTP_PATCH:+https://dev.gentoo.org/~polynomial-c/${SCTP_PATCH}}
+   ${HPN_PATCH:+hpn? ( https://dev.gentoo.org/~chutzpah/${HPN_PATCH} )}
+   ${LDAP_PATCH:+ldap? ( 
https://dev.gentoo.org/~polynomial-c/${LDAP_PATCH} )}
+   ${X509_PATCH:+X509? ( https://dev.gentoo.org/~chutzpah/${X509_PATCH} )}
+   "
+
+LICENSE="BSD GPL-2"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 
~sh ~sparc ~x86 ~ppc-aix ~x64-cygwin ~amd64-fbsd ~x86-fbsd ~amd64-linux 
~arm-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint 
~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
+# Probably want to drop ssl defaulting to on in a future version.
+IUSE="abi_mips_n32 audit bindist debug hpn kerberos kernel_linux ldap ldns 
libedit 

[gentoo-commits] repo/gentoo:master commit in: net-misc/openssh/, net-misc/openssh/files/

[Patrick McLean]

commit: 08e11f562f255c8485e3f7150d48da825f062ce8
Author: Patrick McLean  gentoo  org>
AuthorDate: Tue Feb 13 01:08:37 2018 +
Commit: Patrick McLean  gentoo  org>
CommitDate: Tue Feb 13 01:09:12 2018 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=08e11f56

net-misc/openssh: Drop libressl patch for new X509 patch

Package-Manager: Portage-2.3.24, Repoman-2.3.6

 .../openssh/files/openssh-7.6_p1-x509-11.2-libressl.patch | 11 ---
 net-misc/openssh/openssh-7.6_p1-r4.ebuild |  1 -
 2 files changed, 12 deletions(-)

diff --git a/net-misc/openssh/files/openssh-7.6_p1-x509-11.2-libressl.patch 
b/net-misc/openssh/files/openssh-7.6_p1-x509-11.2-libressl.patch
deleted file mode 100644
index 17bc41e5a76..000
--- a/net-misc/openssh/files/openssh-7.6_p1-x509-11.2-libressl.patch
+++ /dev/null
@@ -1,11 +0,0 @@
 a/openssh-7.6p1+x509-11.2.diff 2017-11-06 17:16:28.334140140 -0800
-+++ b/openssh-7.6p1+x509-11.2.diff 2017-11-06 17:16:55.338223563 -0800
-@@ -54732,7 +54732,7 @@
- +int/*bool*/ ssh_x509store_addlocations(const X509StoreOptions *locations);
- +
- +typedef char SSHXSTOREPATH;
--+#if OPENSSL_VERSION_NUMBER < 0x1010L
-++#if OPENSSL_VERSION_NUMBER < 0x1010L || defined(LIBRESSL_VERSION_NUMBER)
- +DECLARE_STACK_OF(SSHXSTOREPATH)
- +# define sk_SSHXSTOREPATH_new_null() SKM_sk_new_null(SSHXSTOREPATH)
- +# define sk_SSHXSTOREPATH_num(st)SKM_sk_num(SSHXSTOREPATH, (st))

diff --git a/net-misc/openssh/openssh-7.6_p1-r4.ebuild 
b/net-misc/openssh/openssh-7.6_p1-r4.ebuild
index ae151823f60..01600c378d2 100644
--- a/net-misc/openssh/openssh-7.6_p1-r4.ebuild
+++ b/net-misc/openssh/openssh-7.6_p1-r4.ebuild
@@ -118,7 +118,6 @@ src_prepare() {
if use hpn ; then
pushd "${WORKDIR}" >/dev/null
eapply 
"${FILESDIR}"/${P}-hpn-x509-${X509_VER}-glue.patch
-   eapply 
"${FILESDIR}"/${P}-x509-${X509_VER}-libressl.patch
popd >/dev/null
save_version X509
fi

[gentoo-commits] repo/gentoo:master commit in: net-misc/openssh/, net-misc/openssh/files/

[Patrick McLean]

commit: 324f88fc8ab4826980042078580e0f0fab644ca2
Author: Patrick McLean  gentoo  org>
AuthorDate: Wed Jan 31 18:48:42 2018 +
Commit: Patrick McLean  gentoo  org>
CommitDate: Wed Jan 31 18:48:42 2018 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=324f88fc

net-misc/openssh: Forward port libressl patch to 7.6_p1-r3

Package-Manager: Portage-2.3.20, Repoman-2.3.6

 .../openssh/files/openssh-7.6_p1-x509-11.1-libressl.patch | 11 +++
 net-misc/openssh/openssh-7.6_p1-r3.ebuild |  1 +
 2 files changed, 12 insertions(+)

diff --git a/net-misc/openssh/files/openssh-7.6_p1-x509-11.1-libressl.patch 
b/net-misc/openssh/files/openssh-7.6_p1-x509-11.1-libressl.patch
new file mode 100644
index 000..c3b6b4d61a3
--- /dev/null
+++ b/net-misc/openssh/files/openssh-7.6_p1-x509-11.1-libressl.patch
@@ -0,0 +1,11 @@
+--- a/openssh-7.6p1+x509-11.1.diff 2017-11-06 17:16:28.334140140 -0800
 b/openssh-7.6p1+x509-11.1.diff 2017-11-06 17:16:55.338223563 -0800
+@@ -54732,7 +54732,7 @@
+ +int/*bool*/ ssh_x509store_addlocations(const X509StoreOptions *locations);
+ +
+ +typedef char SSHXSTOREPATH;
+-+#if OPENSSL_VERSION_NUMBER < 0x1010L
+++#if OPENSSL_VERSION_NUMBER < 0x1010L || defined(LIBRESSL_VERSION_NUMBER)
+ +DECLARE_STACK_OF(SSHXSTOREPATH)
+ +# define sk_SSHXSTOREPATH_new_null() SKM_sk_new_null(SSHXSTOREPATH)
+ +# define sk_SSHXSTOREPATH_num(st)SKM_sk_num(SSHXSTOREPATH, (st))

diff --git a/net-misc/openssh/openssh-7.6_p1-r3.ebuild 
b/net-misc/openssh/openssh-7.6_p1-r3.ebuild
index 0fb4aa2b639..131e6e1da0d 100644
--- a/net-misc/openssh/openssh-7.6_p1-r3.ebuild
+++ b/net-misc/openssh/openssh-7.6_p1-r3.ebuild
@@ -118,6 +118,7 @@ src_prepare() {
if use hpn ; then
pushd "${WORKDIR}" >/dev/null
eapply 
"${FILESDIR}"/${P}-hpn-x509-${X509_VER}-glue.patch
+   eapply 
"${FILESDIR}"/${P}-x509-${X509_VER}-libressl.patch
popd >/dev/null
save_version X509
fi

[gentoo-commits] repo/gentoo:master commit in: net-misc/openssh/, net-misc/openssh/files/

[Mike Frysinger]

commit: a5f421f69f9d54cb9f3137ba0bf3e3d4a67bdd68
Author: Mike Frysinger  gentoo  org>
AuthorDate: Wed Jan 10 08:34:05 2018 +
Commit: Mike Frysinger  gentoo  org>
CommitDate: Wed Jan 10 08:34:05 2018 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=a5f421f6

net-misc/openssh: add upstream fix for building on s390

 .../files/openssh-7.5_p1-s390-seccomp.patch| 27 ++
 net-misc/openssh/openssh-7.5_p1-r3.ebuild  |  1 +
 2 files changed, 28 insertions(+)

diff --git a/net-misc/openssh/files/openssh-7.5_p1-s390-seccomp.patch 
b/net-misc/openssh/files/openssh-7.5_p1-s390-seccomp.patch
new file mode 100644
index 000..d7932003f8f
--- /dev/null
+++ b/net-misc/openssh/files/openssh-7.5_p1-s390-seccomp.patch
@@ -0,0 +1,27 @@
+From 58b8cfa2a062b72139d7229ae8de567f55776f24 Mon Sep 17 00:00:00 2001
+From: Damien Miller 
+Date: Wed, 22 Mar 2017 12:43:02 +1100
+Subject: [PATCH] Missing header on Linux/s390
+
+Patch from Jakub Jelen
+---
+ sandbox-seccomp-filter.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/sandbox-seccomp-filter.c b/sandbox-seccomp-filter.c
+index a8d472a63ccb..2831e9d1083c 100644
+--- a/sandbox-seccomp-filter.c
 b/sandbox-seccomp-filter.c
+@@ -50,6 +50,9 @@
+ #include 
+ 
+ #include 
++#ifdef __s390__
++#include 
++#endif
+ 
+ #include 
+ #include 
+-- 
+2.15.1
+

diff --git a/net-misc/openssh/openssh-7.5_p1-r3.ebuild 
b/net-misc/openssh/openssh-7.5_p1-r3.ebuild
index 0dbe3c7fa22..83dcb1db429 100644
--- a/net-misc/openssh/openssh-7.5_p1-r3.ebuild
+++ b/net-misc/openssh/openssh-7.5_p1-r3.ebuild
@@ -132,6 +132,7 @@ src_prepare() {
epatch "${FILESDIR}"/${PN}-6.7_p1-openssl-ignore-status.patch
epatch "${FILESDIR}"/${PN}-7.5_p1-cross-cache.patch
epatch "${FILESDIR}"/${PN}-7.5_p1-CVE-2017-15906.patch
+   epatch "${FILESDIR}"/${PN}-7.5_p1-s390-seccomp.patch
use X509 || epatch "${WORKDIR}"/${SCTP_PATCH%.*}
use X509 || epatch "${FILESDIR}"/${PN}-7.5_p1-x32-typo.patch
use abi_mips_n32 && epatch 
"${FILESDIR}"/${PN}-7.3-mips-seccomp-n32.patch

[gentoo-commits] repo/gentoo:master commit in: net-misc/openssh/, net-misc/openssh/files/

[Patrick McLean]

commit: 7b827f9e68f90cb6b146113c9e33b19783880253
Author: Patrick McLean  gentoo  org>
AuthorDate: Fri Jun  9 21:38:26 2017 +
Commit: Patrick McLean  gentoo  org>
CommitDate: Fri Jun  9 21:38:26 2017 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=7b827f9e

net-misc/openssh: Revision bump to 7.5_p1-r2 to bump X509 patch to version 10.2

This also fixes the version string to include the X509 (PKIX-SSH) version.

Package-Manager: Portage-2.3.6, Repoman-2.3.2

 net-misc/openssh/Manifest  |   1 +
 .../files/openssh-7.5_p1-hpn-x509-10.2-glue.patch  |  67 +
 net-misc/openssh/openssh-7.5_p1-r2.ebuild  | 332 +
 3 files changed, 400 insertions(+)

diff --git a/net-misc/openssh/Manifest b/net-misc/openssh/Manifest
index 0ad70a13030..fea58b79229 100644
--- a/net-misc/openssh/Manifest
+++ b/net-misc/openssh/Manifest
@@ -7,6 +7,7 @@ DIST openssh-7.4_p1-sctp.patch.xz 8220 SHA256 
18fa77f79ccae8b9a76bc877e9602113d9
 DIST openssh-7.4p1+x509-9.3.diff.gz 446572 SHA256 
1d3fd23b3d02a3baad50890bf5498ef01af6dab6375da0aeb00a0d59fd3ac9ee SHA512 
7ebc8d1f6ec36d652bbb6fb13d6d86f7db1abf8710af7b56c52fad9a18d73c9028a3307daabfdda26483a3bd9196120f6d18b6fb2c89b597b0a9ad0554161dfc
 WHIRLPOOL 
f878346a3154b7dbb01de41830d5857064af96d3a709aed40a112fe9aaadbe4801e5c3a22a1d2c8437b74a890596211be37e26d691ff611981d7375d262598c1
 DIST openssh-7.4p1.tar.gz 1511780 SHA256 
1b1fc4a14e2024293181924ed24872e6f2e06293f3e8926a376b8aec481f19d1 SHA512 
4f3256f461f01366c5d5e0e45285eec65016e2643b3284b407f48f53d81087bf2c1caf7d5f7530d307a15c91c64de91446e1cba948e8fc68f82098290fe3b292
 WHIRLPOOL 
4ed9a277287d1f5c2fd371b53394d6dde36b25adf92d4b6b5b486a9d448648f2ecfbb721ae39ba8a129913c1148aa4db1e99f7960a7c69fa215dfa7b3b126029
 DIST openssh-7.5p1+x509-10.1.diff.gz 460721 SHA256 
e7abe401e7f651779c680491cfefbfcf4f26743202641b2bda934f80bb4464d2 SHA512 
d3b5a8f5e3a88eda7989b002236811867b7e2c39bf7cd29a6dbbce277fca3fbedbfdbeaf1fba7d8c19f3dea32a17790e90604765f18576bcc5627a9c1d39109c
 WHIRLPOOL 
2d4f96b47bcde9eabd19cad2fdc4da01a3d207f6ad5f4f1ea5a7dbd708d61783ae6a53e4cb622feed838106f57dbe6a7ecd1b41426325870378caf44803ff9ef
+DIST openssh-7.5p1+x509-10.2.diff.gz 467040 SHA256 
24d5c1949d245b432abf2db6c28554a09bcffdcb4f4247826c0a33bdbee8b92c SHA512 
ec760d38771749d09afc8d720120ea2aa065c1c7983898b45dba74a4411f7e61e7705da226864e1e8e62e2261eecc3a4ab654b528c71512a07798824d9fb1a9a
 WHIRLPOOL 
3291a3e39b1a47efe149cdf805de11217fd55c4260477f2a6c6cc0bfa376b98a5dc7f56a49ae184fb57bae6226c73d1794db7b2285e3ea26a8fea4bc9304655b
 DIST openssh-7.5p1-hpnssh14v12.tar.xz 23068 SHA256 
8a1ed99c121a4ad21d7a26cd32627a8dd51595fd3ee9f95dc70e6b50fe779ce2 SHA512 
45c42090a212b9ce898fbaa8284ddf0f0d17236af13c4a780e00bf265b0c7a4286027e90a7ce9ad70066309db722709dd2f0a7914f57e5364ffbaf7c4859cdf9
 WHIRLPOOL 
6089ad8ae16c112a6f15d168c092e7f057b9e6d815724346b5a6a1cd0de932f779d5f410d48c904d935fcb3bad3f597fa4de075ab1f49cadc9842ce7bd8fdf42
 DIST openssh-7.5p1.tar.gz 1510857 SHA256 
9846e3c5fab9f0547400b4d2c017992f914222b3fd1f8eee6c7dc6bc5e59f9f0 SHA512 
58c542e8a110fb4316a68db94abb663fa1c810becd0638d45281df8aeca62c1f705090437a80e788e6c29121769b72a505feced537d3118c933fde01b5285c81
 WHIRLPOOL 
1a42c68d8e350bc4790dd4c1a98dd6571bfa353ad6871b1462c53b6412f752719daabd1a13bb4434d294de966a00428ac66334bab45f371420029b5e34a6914c
 DIST openssh-lpk-7.3p1-0.3.14.patch.xz 17800 SHA256 
cf1f60235cb8b0e561cd36cbf9e4f437e16fd748c2616d3f511c128c02deb76c SHA512 
e9a73c5f13e41f6e11c744fdbcdb2e399c394479f79249e901cb3c101efb06f23d51d3ba4869db872184fa034a5910fc93a730fe906266c8d7409e39ad5b1ecd
 WHIRLPOOL 
bbdeadbed8f901148713bd9e4a082a4be2992c3151f995febd8be89bbb85d91185e1f0413b5a94a9340f2f404d18c9cee2aa6e032adaee0306aa1c624f6cc09c

diff --git a/net-misc/openssh/files/openssh-7.5_p1-hpn-x509-10.2-glue.patch 
b/net-misc/openssh/files/openssh-7.5_p1-hpn-x509-10.2-glue.patch
new file mode 100644
index 000..11a5b364be4
--- /dev/null
+++ b/net-misc/openssh/files/openssh-7.5_p1-hpn-x509-10.2-glue.patch
@@ -0,0 +1,67 @@
+diff -ur a/0003-Add-support-for-the-multi-threaded-AES-CTR-cipher.patch 
b/0003-Add-support-for-the-multi-threaded-AES-CTR-cipher.patch
+--- a/0003-Add-support-for-the-multi-threaded-AES-CTR-cipher.patch 
2017-03-27 13:31:01.816551100 -0700
 b/0003-Add-support-for-the-multi-threaded-AES-CTR-cipher.patch 
2017-03-27 13:51:03.894805846 -0700
+@@ -40,7 +40,7 @@
+ @@ -44,7 +44,7 @@ CC=@CC@
+  LD=@LD@
+  CFLAGS=@CFLAGS@
+- CPPFLAGS=-I. -I$(srcdir) @CPPFLAGS@ $(PATHS) @DEFS@
++ CPPFLAGS=-I. -I$(srcdir) @CPPFLAGS@ @LDAP_CPPFLAGS@ $(PATHS) @DEFS@
+ -LIBS=@LIBS@
+ +LIBS=@LIBS@ -lpthread
+  K5LIBS=@K5LIBS@
+@@ -1023,6 +1023,3 @@
+   do_authenticated(authctxt);
+  
+   /* The connection has been terminated. */
+--- 
+-2.12.0
+-
+diff -ur a/0004-support-dynamically-sized-receive-buffers.patch 
b/0004-support-dynamically-sized-receive-buffers.patch
+--- a/0004-support-dynamically-sized-receive-buffers.patch 2017-03-27 

[gentoo-commits] repo/gentoo:master commit in: net-misc/openssh/, net-misc/openssh/files/

[Mike Frysinger]

commit: ec46f339c2e155ba04c9ba574f9d488535d5294d
Author: Mike Frysinger  gentoo  org>
AuthorDate: Thu May 25 03:26:28 2017 +
Commit: Mike Frysinger  gentoo  org>
CommitDate: Thu May 25 03:28:33 2017 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=ec46f339

net-misc/openssh: fix some cross-compiling configure tests

 .../openssh/files/openssh-7.5_p1-cross-cache.patch | 39 ++
 net-misc/openssh/openssh-7.5_p1-r1.ebuild  |  1 +
 2 files changed, 40 insertions(+)

diff --git a/net-misc/openssh/files/openssh-7.5_p1-cross-cache.patch 
b/net-misc/openssh/files/openssh-7.5_p1-cross-cache.patch
new file mode 100644
index 000..1c2b7b8a091
--- /dev/null
+++ b/net-misc/openssh/files/openssh-7.5_p1-cross-cache.patch
@@ -0,0 +1,39 @@
+From d588d6f83e9a3d48286929b4a705b43e74414241 Mon Sep 17 00:00:00 2001
+From: Mike Frysinger 
+Date: Wed, 24 May 2017 23:18:41 -0400
+Subject: [PATCH] configure: actually set cache vars when cross-compiling
+
+The cross-compiling fallback message says it's assuming the test
+passed, but it didn't actually set the cache var which causes
+later tests to fail.
+---
+ configure.ac | 6 --
+ 1 file changed, 4 insertions(+), 2 deletions(-)
+
+diff --git a/configure.ac b/configure.ac
+index 5cfea38c0a6c..895c5211ea93 100644
+--- a/configure.ac
 b/configure.ac
+@@ -3162,7 +3162,8 @@ AC_RUN_IFELSE(
+select_works_with_rlimit=yes],
+   [AC_MSG_RESULT([no])
+select_works_with_rlimit=no],
+-  [AC_MSG_WARN([cross compiling: assuming yes])]
++  [AC_MSG_WARN([cross compiling: assuming yes])
++   select_works_with_rlimit=yes]
+ )
+ 
+ AC_MSG_CHECKING([if setrlimit(RLIMIT_NOFILE,{0,0}) works])
+@@ -3188,7 +3189,8 @@ AC_RUN_IFELSE(
+rlimit_nofile_zero_works=yes],
+   [AC_MSG_RESULT([no])
+rlimit_nofile_zero_works=no],
+-  [AC_MSG_WARN([cross compiling: assuming yes])]
++  [AC_MSG_WARN([cross compiling: assuming yes])
++   rlimit_nofile_zero_works=yes]
+ )
+ 
+ AC_MSG_CHECKING([if setrlimit RLIMIT_FSIZE works])
+-- 
+2.12.0
+

diff --git a/net-misc/openssh/openssh-7.5_p1-r1.ebuild 
b/net-misc/openssh/openssh-7.5_p1-r1.ebuild
index 9652d9263d6..d4bbc148686 100644
--- a/net-misc/openssh/openssh-7.5_p1-r1.ebuild
+++ b/net-misc/openssh/openssh-7.5_p1-r1.ebuild
@@ -131,6 +131,7 @@ src_prepare() {
 
epatch "${FILESDIR}"/${PN}-7.5_p1-GSSAPI-dns.patch #165444 integrated 
into gsskex
epatch "${FILESDIR}"/${PN}-6.7_p1-openssl-ignore-status.patch
+   epatch "${FILESDIR}"/${PN}-7.5_p1-cross-cache.patch
use X509 || epatch "${WORKDIR}"/${SCTP_PATCH%.*}
use X509 || epatch "${FILESDIR}"/${PN}-7.5_p1-x32-typo.patch
use abi_mips_n32 && epatch 
"${FILESDIR}"/${PN}-7.3-mips-seccomp-n32.patch

[gentoo-commits] repo/gentoo:master commit in: net-misc/openssh/, net-misc/openssh/files/

[Patrick McLean]

commit: 8629f189a49c71da9868086c4c9da94b1677fa21
Author: Patrick McLean  gentoo  org>
AuthorDate: Mon Mar 27 22:20:02 2017 +
Commit: Patrick McLean  gentoo  org>
CommitDate: Mon Mar 27 22:20:02 2017 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=8629f189

net-misc/openssh: Revision bump to 7.5_p1-r1, re-add X509 support

Package-Manager: Portage-2.3.5, Repoman-2.3.2

 net-misc/openssh/Manifest  |   1 +
 .../files/openssh-7.5_p1-hpn-x509-10.1-glue.patch  |  63 
 net-misc/openssh/openssh-7.5_p1-r1.ebuild  | 330 +
 3 files changed, 394 insertions(+)

diff --git a/net-misc/openssh/Manifest b/net-misc/openssh/Manifest
index 4ad3064b808..0ad70a13030 100644
--- a/net-misc/openssh/Manifest
+++ b/net-misc/openssh/Manifest
@@ -6,6 +6,7 @@ DIST openssh-7.3p1.tar.gz 1522617 SHA256 
3ffb989a6dcaa69594c3b550d4855a5a2e1718c
 DIST openssh-7.4_p1-sctp.patch.xz 8220 SHA256 
18fa77f79ccae8b9a76bc877e9602113d91953bd487b6cc8284bfd1217438a23 SHA512 
0c199e3b26949482125aeaa88216b2458292589e3eac8908d9134d13a1cae891094fcb0f752ed3009b3126cc72277b460205f39140c251792eb1b545271c3bd4
 WHIRLPOOL 
0f0ea1d36523b35d3be33d22fb84daa05fd14c464d69c19695235f81d26326bc53d6804bf34d0cc0c2584f412bfdac361d2b018032447d1033a4ff4fd9458a09
 DIST openssh-7.4p1+x509-9.3.diff.gz 446572 SHA256 
1d3fd23b3d02a3baad50890bf5498ef01af6dab6375da0aeb00a0d59fd3ac9ee SHA512 
7ebc8d1f6ec36d652bbb6fb13d6d86f7db1abf8710af7b56c52fad9a18d73c9028a3307daabfdda26483a3bd9196120f6d18b6fb2c89b597b0a9ad0554161dfc
 WHIRLPOOL 
f878346a3154b7dbb01de41830d5857064af96d3a709aed40a112fe9aaadbe4801e5c3a22a1d2c8437b74a890596211be37e26d691ff611981d7375d262598c1
 DIST openssh-7.4p1.tar.gz 1511780 SHA256 
1b1fc4a14e2024293181924ed24872e6f2e06293f3e8926a376b8aec481f19d1 SHA512 
4f3256f461f01366c5d5e0e45285eec65016e2643b3284b407f48f53d81087bf2c1caf7d5f7530d307a15c91c64de91446e1cba948e8fc68f82098290fe3b292
 WHIRLPOOL 
4ed9a277287d1f5c2fd371b53394d6dde36b25adf92d4b6b5b486a9d448648f2ecfbb721ae39ba8a129913c1148aa4db1e99f7960a7c69fa215dfa7b3b126029
+DIST openssh-7.5p1+x509-10.1.diff.gz 460721 SHA256 
e7abe401e7f651779c680491cfefbfcf4f26743202641b2bda934f80bb4464d2 SHA512 
d3b5a8f5e3a88eda7989b002236811867b7e2c39bf7cd29a6dbbce277fca3fbedbfdbeaf1fba7d8c19f3dea32a17790e90604765f18576bcc5627a9c1d39109c
 WHIRLPOOL 
2d4f96b47bcde9eabd19cad2fdc4da01a3d207f6ad5f4f1ea5a7dbd708d61783ae6a53e4cb622feed838106f57dbe6a7ecd1b41426325870378caf44803ff9ef
 DIST openssh-7.5p1-hpnssh14v12.tar.xz 23068 SHA256 
8a1ed99c121a4ad21d7a26cd32627a8dd51595fd3ee9f95dc70e6b50fe779ce2 SHA512 
45c42090a212b9ce898fbaa8284ddf0f0d17236af13c4a780e00bf265b0c7a4286027e90a7ce9ad70066309db722709dd2f0a7914f57e5364ffbaf7c4859cdf9
 WHIRLPOOL 
6089ad8ae16c112a6f15d168c092e7f057b9e6d815724346b5a6a1cd0de932f779d5f410d48c904d935fcb3bad3f597fa4de075ab1f49cadc9842ce7bd8fdf42
 DIST openssh-7.5p1.tar.gz 1510857 SHA256 
9846e3c5fab9f0547400b4d2c017992f914222b3fd1f8eee6c7dc6bc5e59f9f0 SHA512 
58c542e8a110fb4316a68db94abb663fa1c810becd0638d45281df8aeca62c1f705090437a80e788e6c29121769b72a505feced537d3118c933fde01b5285c81
 WHIRLPOOL 
1a42c68d8e350bc4790dd4c1a98dd6571bfa353ad6871b1462c53b6412f752719daabd1a13bb4434d294de966a00428ac66334bab45f371420029b5e34a6914c
 DIST openssh-lpk-7.3p1-0.3.14.patch.xz 17800 SHA256 
cf1f60235cb8b0e561cd36cbf9e4f437e16fd748c2616d3f511c128c02deb76c SHA512 
e9a73c5f13e41f6e11c744fdbcdb2e399c394479f79249e901cb3c101efb06f23d51d3ba4869db872184fa034a5910fc93a730fe906266c8d7409e39ad5b1ecd
 WHIRLPOOL 
bbdeadbed8f901148713bd9e4a082a4be2992c3151f995febd8be89bbb85d91185e1f0413b5a94a9340f2f404d18c9cee2aa6e032adaee0306aa1c624f6cc09c

diff --git a/net-misc/openssh/files/openssh-7.5_p1-hpn-x509-10.1-glue.patch 
b/net-misc/openssh/files/openssh-7.5_p1-hpn-x509-10.1-glue.patch
new file mode 100644
index 000..e55a8b14c57
--- /dev/null
+++ b/net-misc/openssh/files/openssh-7.5_p1-hpn-x509-10.1-glue.patch
@@ -0,0 +1,63 @@
+diff -ur a/0003-Add-support-for-the-multi-threaded-AES-CTR-cipher.patch 
b/0003-Add-support-for-the-multi-threaded-AES-CTR-cipher.patch
+--- a/0003-Add-support-for-the-multi-threaded-AES-CTR-cipher.patch 
2017-03-27 13:31:01.816551100 -0700
 b/0003-Add-support-for-the-multi-threaded-AES-CTR-cipher.patch 
2017-03-27 13:51:03.894805846 -0700
+@@ -40,7 +40,7 @@
+ @@ -44,7 +44,7 @@ CC=@CC@
+  LD=@LD@
+  CFLAGS=@CFLAGS@
+- CPPFLAGS=-I. -I$(srcdir) @CPPFLAGS@ $(PATHS) @DEFS@
++ CPPFLAGS=-I. -I$(srcdir) @CPPFLAGS@ @LDAP_CPPFLAGS@ $(PATHS) @DEFS@
+ -LIBS=@LIBS@
+ +LIBS=@LIBS@ -lpthread
+  K5LIBS=@K5LIBS@
+@@ -1023,6 +1023,3 @@
+   do_authenticated(authctxt);
+  
+   /* The connection has been terminated. */
+--- 
+-2.12.0
+-
+diff -ur a/0004-support-dynamically-sized-receive-buffers.patch 
b/0004-support-dynamically-sized-receive-buffers.patch
+--- a/0004-support-dynamically-sized-receive-buffers.patch 2017-03-27 
13:31:01.816551100 -0700
 b/0004-support-dynamically-sized-receive-buffers.patch 

[gentoo-commits] repo/gentoo:master commit in: net-misc/openssh/, net-misc/openssh/files/

[Mike Frysinger]

commit: bb34d4ca74bb6d9692113fe52f2cb07c18de0962
Author: Mike Frysinger  gentoo  org>
AuthorDate: Mon Mar 20 19:02:40 2017 +
Commit: Mike Frysinger  gentoo  org>
CommitDate: Mon Mar 20 19:05:05 2017 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=bb34d4ca

net-misc/openssh: version bump to 7.5p1

 net-misc/openssh/Manifest  |   3 +
 .../openssh/files/openssh-7.5_p1-GSSAPI-dns.patch  | 351 +
 .../openssh/files/openssh-7.5_p1-x32-typo.patch|  25 ++
 net-misc/openssh/openssh-7.5_p1.ebuild | 326 +++
 4 files changed, 705 insertions(+)

diff --git a/net-misc/openssh/Manifest b/net-misc/openssh/Manifest
index a1a9c19e28a..4ad3064b808 100644
--- a/net-misc/openssh/Manifest
+++ b/net-misc/openssh/Manifest
@@ -6,5 +6,8 @@ DIST openssh-7.3p1.tar.gz 1522617 SHA256 
3ffb989a6dcaa69594c3b550d4855a5a2e1718c
 DIST openssh-7.4_p1-sctp.patch.xz 8220 SHA256 
18fa77f79ccae8b9a76bc877e9602113d91953bd487b6cc8284bfd1217438a23 SHA512 
0c199e3b26949482125aeaa88216b2458292589e3eac8908d9134d13a1cae891094fcb0f752ed3009b3126cc72277b460205f39140c251792eb1b545271c3bd4
 WHIRLPOOL 
0f0ea1d36523b35d3be33d22fb84daa05fd14c464d69c19695235f81d26326bc53d6804bf34d0cc0c2584f412bfdac361d2b018032447d1033a4ff4fd9458a09
 DIST openssh-7.4p1+x509-9.3.diff.gz 446572 SHA256 
1d3fd23b3d02a3baad50890bf5498ef01af6dab6375da0aeb00a0d59fd3ac9ee SHA512 
7ebc8d1f6ec36d652bbb6fb13d6d86f7db1abf8710af7b56c52fad9a18d73c9028a3307daabfdda26483a3bd9196120f6d18b6fb2c89b597b0a9ad0554161dfc
 WHIRLPOOL 
f878346a3154b7dbb01de41830d5857064af96d3a709aed40a112fe9aaadbe4801e5c3a22a1d2c8437b74a890596211be37e26d691ff611981d7375d262598c1
 DIST openssh-7.4p1.tar.gz 1511780 SHA256 
1b1fc4a14e2024293181924ed24872e6f2e06293f3e8926a376b8aec481f19d1 SHA512 
4f3256f461f01366c5d5e0e45285eec65016e2643b3284b407f48f53d81087bf2c1caf7d5f7530d307a15c91c64de91446e1cba948e8fc68f82098290fe3b292
 WHIRLPOOL 
4ed9a277287d1f5c2fd371b53394d6dde36b25adf92d4b6b5b486a9d448648f2ecfbb721ae39ba8a129913c1148aa4db1e99f7960a7c69fa215dfa7b3b126029
+DIST openssh-7.5p1-hpnssh14v12.tar.xz 23068 SHA256 
8a1ed99c121a4ad21d7a26cd32627a8dd51595fd3ee9f95dc70e6b50fe779ce2 SHA512 
45c42090a212b9ce898fbaa8284ddf0f0d17236af13c4a780e00bf265b0c7a4286027e90a7ce9ad70066309db722709dd2f0a7914f57e5364ffbaf7c4859cdf9
 WHIRLPOOL 
6089ad8ae16c112a6f15d168c092e7f057b9e6d815724346b5a6a1cd0de932f779d5f410d48c904d935fcb3bad3f597fa4de075ab1f49cadc9842ce7bd8fdf42
+DIST openssh-7.5p1.tar.gz 1510857 SHA256 
9846e3c5fab9f0547400b4d2c017992f914222b3fd1f8eee6c7dc6bc5e59f9f0 SHA512 
58c542e8a110fb4316a68db94abb663fa1c810becd0638d45281df8aeca62c1f705090437a80e788e6c29121769b72a505feced537d3118c933fde01b5285c81
 WHIRLPOOL 
1a42c68d8e350bc4790dd4c1a98dd6571bfa353ad6871b1462c53b6412f752719daabd1a13bb4434d294de966a00428ac66334bab45f371420029b5e34a6914c
 DIST openssh-lpk-7.3p1-0.3.14.patch.xz 17800 SHA256 
cf1f60235cb8b0e561cd36cbf9e4f437e16fd748c2616d3f511c128c02deb76c SHA512 
e9a73c5f13e41f6e11c744fdbcdb2e399c394479f79249e901cb3c101efb06f23d51d3ba4869db872184fa034a5910fc93a730fe906266c8d7409e39ad5b1ecd
 WHIRLPOOL 
bbdeadbed8f901148713bd9e4a082a4be2992c3151f995febd8be89bbb85d91185e1f0413b5a94a9340f2f404d18c9cee2aa6e032adaee0306aa1c624f6cc09c
 DIST openssh-lpk-7.4p1-0.3.14.patch.xz 17076 SHA256 
3a5e4104507d259ad15391136322ea5d067d7932199bbafde5cb478daf3595ad SHA512 
1c91de291816ee0bb29ed3a2ffc42fb6fb4ba27a8616f8bd50accdf31d1fecc9b4fb3de6fb1ea6e722b69eb8cab68030ade87e126a4112667d14f3c2ef07d6cd
 WHIRLPOOL 
ea27224da952c6fe46b974a0e73d01e872a963e7e7cc7e9887a423357fb4ff82f4513ce48b6bbf7136afa8447bc6d93daa817cf5b2e24cb39dba15cbcff6d2cc
+DIST openssh-lpk-7.5p1-0.3.14.patch.xz 17040 SHA256 
11060be996b291b8d78de698c68a92428430e4ff440553f5045c6de5c0e1dab3 SHA512 
9ce5d7e5d831c972f0f866b686bf93a048a03979ab38627973f5491eeeaa45f9faab0520b3a7ed90a13a67213fdc9cd4cf11e423acad441ea91b71037c8b435b
 WHIRLPOOL 
58526777475786bb5efa193f3a3ec0500c4d48b18fef67698f8b1999cb07f04fbca7b7d3ece469f3a1e1ceca5152cdd08d3dbe7cfa4e7494740dc2c233101b93

diff --git a/net-misc/openssh/files/openssh-7.5_p1-GSSAPI-dns.patch 
b/net-misc/openssh/files/openssh-7.5_p1-GSSAPI-dns.patch
new file mode 100644
index 000..6b1e6dd35a4
--- /dev/null
+++ b/net-misc/openssh/files/openssh-7.5_p1-GSSAPI-dns.patch
@@ -0,0 +1,351 @@
+http://bugs.gentoo.org/165444
+https://bugzilla.mindrot.org/show_bug.cgi?id=1008
+
+--- a/readconf.c
 b/readconf.c
+@@ -148,6 +148,7 @@
+   oClearAllForwardings, oNoHostAuthenticationForLocalhost,
+   oEnableSSHKeysign, oRekeyLimit, oVerifyHostKeyDNS, oConnectTimeout,
+   oAddressFamily, oGssAuthentication, oGssDelegateCreds,
++  oGssTrustDns,
+   oServerAliveInterval, oServerAliveCountMax, oIdentitiesOnly,
+   oSendEnv, oControlPath, oControlMaster, oControlPersist,
+   oHashKnownHosts,
+@@ -194,9 +195,11 @@
+ #if defined(GSSAPI)
+   { "gssapiauthentication", oGssAuthentication },
+   { 

[gentoo-commits] repo/gentoo:master commit in: net-misc/openssh/, net-misc/openssh/files/

[Lars Wendler]

commit: c938f8ceb36e6791d096ae9df9819f6b3be5315c
Author: Lars Wendler  gentoo  org>
AuthorDate: Wed Sep 28 08:27:46 2016 +
Commit: Lars Wendler  gentoo  org>
CommitDate: Wed Sep 28 08:40:11 2016 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c938f8ce

net-misc/openssh: Sec-revbump to fix remote pre-auth crash (bug #595342).

Package-Manager: portage-2.3.1
Signed-off-by: Lars Wendler  gentoo.org>

 .../files/openssh-7.3_p1-NEWKEYS_null_deref.patch  |  29 ++
 net-misc/openssh/openssh-7.3_p1-r6.ebuild  | 351 +
 2 files changed, 380 insertions(+)

diff --git a/net-misc/openssh/files/openssh-7.3_p1-NEWKEYS_null_deref.patch 
b/net-misc/openssh/files/openssh-7.3_p1-NEWKEYS_null_deref.patch
new file mode 100644
index ..784cd2a
--- /dev/null
+++ b/net-misc/openssh/files/openssh-7.3_p1-NEWKEYS_null_deref.patch
@@ -0,0 +1,29 @@
+https://bugs.gentoo.org/595342
+
+Backport of
+https://anongit.mindrot.org/openssh.git/patch/?id=28652bca29046f62c7045e933e6b931de1d16737
+
+--- openssh-7.3p1/kex.c
 openssh-7.3p1/kex.c
+@@ -419,6 +419,8 @@
+   ssh_dispatch_set(ssh, SSH2_MSG_NEWKEYS, _protocol_error);
+   if ((r = sshpkt_get_end(ssh)) != 0)
+   return r;
++  if ((r = ssh_set_newkeys(ssh, MODE_IN)) != 0)
++  return r;
+   kex->done = 1;
+   sshbuf_reset(kex->peer);
+   /* sshbuf_reset(kex->my); */
+--- openssh-7.3p1/packet.c
 openssh-7.3p1/packet.c
+@@ -1919,9 +1919,7 @@
+   return r;
+   return SSH_ERR_PROTOCOL_ERROR;
+   }
+-  if (*typep == SSH2_MSG_NEWKEYS)
+-  r = ssh_set_newkeys(ssh, MODE_IN);
+-  else if (*typep == SSH2_MSG_USERAUTH_SUCCESS && !state->server_side)
++  if (*typep == SSH2_MSG_USERAUTH_SUCCESS && !state->server_side)
+   r = ssh_packet_enable_delayed_compress(ssh);
+   else
+   r = 0;

diff --git a/net-misc/openssh/openssh-7.3_p1-r6.ebuild 
b/net-misc/openssh/openssh-7.3_p1-r6.ebuild
new file mode 100644
index ..1a8bb12
--- /dev/null
+++ b/net-misc/openssh/openssh-7.3_p1-r6.ebuild
@@ -0,0 +1,351 @@
+# Copyright 1999-2016 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI="5"
+
+inherit eutils user flag-o-matic multilib autotools pam systemd versionator
+
+# Make it more portable between straight releases
+# and _p? releases.
+PARCH=${P/_}
+HPN_PV="${PV}"
+HPN_VER="14.10"
+
+HPN_PATCH="${PN}-${HPN_PV}-hpn-14.10-r1.patch"
+SCTP_PATCH="${PN}-7.3_p1-sctp.patch.xz"
+LDAP_PATCH="${PN}-lpk-7.3p1-0.3.14.patch.xz"
+X509_VER="9.2" X509_PATCH="${PN}-${PV/_}+x509-${X509_VER}.diff.gz"
+
+DESCRIPTION="Port of OpenBSD's free SSH release"
+HOMEPAGE="http://www.openssh.org/;
+SRC_URI="mirror://openbsd/OpenSSH/portable/${PARCH}.tar.gz
+   ${SCTP_PATCH:+mirror://gentoo/${SCTP_PATCH}}
+   ${HPN_PATCH:+hpn? (
+   mirror://gentoo/${HPN_PATCH}.xz
+   http://dev.gentoo.org/~chutzpah/${HPN_PATCH}.xz
+   )}
+   ${LDAP_PATCH:+ldap? ( mirror://gentoo/${LDAP_PATCH} )}
+   ${X509_PATCH:+X509? ( 
http://roumenpetrov.info/openssh/x509-${X509_VER}/${X509_PATCH} )}
+   "
+
+LICENSE="BSD GPL-2"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 
~sh ~sparc ~x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~arm-linux ~x86-linux"
+# Probably want to drop ssl defaulting to on in a future version.
+IUSE="bindist debug ${HPN_PATCH:++}hpn kerberos kernel_linux ldap ldns libedit 
libressl livecd pam +pie sctp selinux skey ssh1 +ssl static test X X509"
+REQUIRED_USE="ldns? ( ssl )
+   pie? ( !static )
+   ssh1? ( ssl )
+   static? ( !kerberos !pam )
+   X509? ( !ldap ssl )
+   test? ( ssl )"
+
+LIB_DEPEND="
+   ldns? (
+   net-libs/ldns[static-libs(+)]
+   !bindist? ( net-libs/ldns[ecdsa,ssl] )
+   bindist? ( net-libs/ldns[-ecdsa,ssl] )
+   )
+   libedit? ( dev-libs/libedit[static-libs(+)] )
+   sctp? ( net-misc/lksctp-tools[static-libs(+)] )
+   selinux? ( >=sys-libs/libselinux-1.28[static-libs(+)] )
+   skey? ( >=sys-auth/skey-1.1.5-r1[static-libs(+)] )
+   ssl? (
+   !libressl? (
+   >=dev-libs/openssl-0.9.8f:0[bindist=]
+   dev-libs/openssl:0[static-libs(+)]
+   )
+   libressl? ( dev-libs/libressl[static-libs(+)] )
+   )
+   >=sys-libs/zlib-1.2.3[static-libs(+)]"
+RDEPEND="
+   !static? ( ${LIB_DEPEND//\[static-libs(+)]} )
+   pam? ( virtual/pam )
+   kerberos? ( virtual/krb5 )
+   ldap? ( net-nds/openldap )"
+DEPEND="${RDEPEND}
+   static? ( ${LIB_DEPEND} )
+   virtual/pkgconfig
+   virtual/os-headers
+   sys-devel/autoconf"
+RDEPEND="${RDEPEND}
+   pam? ( >=sys-auth/pambase-20081028 )
+   userland_GNU? ( virtual/shadow )
+   X? ( x11-apps/xauth )"
+
+S=${WORKDIR}/${PARCH}
+
+pkg_setup() 

[gentoo-commits] repo/gentoo:master commit in: net-misc/openssh/, net-misc/openssh/files/

[Patrick McLean]

commit: d0b7910d4dd05ab0ede0d3872fb68ebfb5bc20c4
Author: Patrick McLean  gentoo  org>
AuthorDate: Tue Sep 13 03:28:04 2016 +
Commit: Patrick McLean  gentoo  org>
CommitDate: Tue Sep 13 03:28:04 2016 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d0b7910d

net-misc/openssh: Revision bump, add a patch to fix a bug in the X509 patch

The X509 patch would segfault when connecting to a server that had a X509
host key and was in the known_hosts file due to an uninitialized variable.
This adds a patch to fix the problem.

Package-Manager: portage-2.3.0

 .../openssh-7.3_p1-fix-segfault-with-x509.patch|  12 +
 net-misc/openssh/openssh-7.3_p1-r4.ebuild  | 339 +
 2 files changed, 351 insertions(+)

diff --git a/net-misc/openssh/files/openssh-7.3_p1-fix-segfault-with-x509.patch 
b/net-misc/openssh/files/openssh-7.3_p1-fix-segfault-with-x509.patch
new file mode 100644
index ..dca4457
--- /dev/null
+++ b/net-misc/openssh/files/openssh-7.3_p1-fix-segfault-with-x509.patch
@@ -0,0 +1,12 @@
+diff --git a/sshkey.c b/sshkey.c
+index c9f04cd..4f00e9a 100644
+--- a/sshkey.c
 b/sshkey.c
+@@ -1237,6 +1237,7 @@ sshkey_read(struct sshkey *ret, char **cpp)
+ #endif /* WITH_SSH1 */
+ 
+   cp = *cpp;
++  ep = cp;
+ 
+   switch (ret->type) {
+   case KEY_RSA1:

diff --git a/net-misc/openssh/openssh-7.3_p1-r4.ebuild 
b/net-misc/openssh/openssh-7.3_p1-r4.ebuild
new file mode 100644
index ..9ba9ac0
--- /dev/null
+++ b/net-misc/openssh/openssh-7.3_p1-r4.ebuild
@@ -0,0 +1,339 @@
+# Copyright 1999-2016 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI="5"
+
+inherit eutils user flag-o-matic multilib autotools pam systemd versionator
+
+# Make it more portable between straight releases
+# and _p? releases.
+PARCH=${P/_}
+HPN_PV="${PV}"
+HPN_VER="14.10"
+
+HPN_PATCH="${PN}-${HPN_PV}-hpn-14.10.patch"
+SCTP_PATCH="${PN}-7.3_p1-sctp.patch.xz"
+LDAP_PATCH="${PN}-lpk-7.3p1-0.3.14.patch.xz"
+X509_VER="9.1" X509_PATCH="${PN}-${PV/_}+x509-${X509_VER}.diff.gz"
+
+DESCRIPTION="Port of OpenBSD's free SSH release"
+HOMEPAGE="http://www.openssh.org/;
+SRC_URI="mirror://openbsd/OpenSSH/portable/${PARCH}.tar.gz
+   ${SCTP_PATCH:+mirror://gentoo/${SCTP_PATCH}}
+   ${HPN_PATCH:+hpn? (
+   mirror://gentoo/${HPN_PATCH}.xz
+   http://dev.gentoo.org/~chutzpah/${HPN_PATCH}.xz
+   )}
+   ${LDAP_PATCH:+ldap? ( mirror://gentoo/${LDAP_PATCH} )}
+   ${X509_PATCH:+X509? ( 
http://roumenpetrov.info/openssh/x509-${X509_VER}/${X509_PATCH} )}
+   "
+
+LICENSE="BSD GPL-2"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 
~sh ~sparc ~x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~arm-linux ~x86-linux"
+# Probably want to drop ssl defaulting to on in a future version.
+IUSE="bindist debug ${HPN_PATCH:++}hpn kerberos kernel_linux ldap ldns libedit 
libressl livecd pam +pie sctp selinux skey ssh1 +ssl static test X X509"
+REQUIRED_USE="ldns? ( ssl )
+   pie? ( !static )
+   ssh1? ( ssl )
+   static? ( !kerberos !pam )
+   X509? ( !ldap ssl )
+   test? ( ssl )"
+
+LIB_DEPEND="
+   ldns? (
+   net-libs/ldns[static-libs(+)]
+   !bindist? ( net-libs/ldns[ecdsa,ssl] )
+   bindist? ( net-libs/ldns[-ecdsa,ssl] )
+   )
+   libedit? ( dev-libs/libedit[static-libs(+)] )
+   sctp? ( net-misc/lksctp-tools[static-libs(+)] )
+   selinux? ( >=sys-libs/libselinux-1.28[static-libs(+)] )
+   skey? ( >=sys-auth/skey-1.1.5-r1[static-libs(+)] )
+   ssl? (
+   !libressl? (
+   >=dev-libs/openssl-0.9.8f:0[bindist=]
+   dev-libs/openssl:0[static-libs(+)]
+   )
+   libressl? ( dev-libs/libressl[static-libs(+)] )
+   )
+   >=sys-libs/zlib-1.2.3[static-libs(+)]"
+RDEPEND="
+   !static? ( ${LIB_DEPEND//\[static-libs(+)]} )
+   pam? ( virtual/pam )
+   kerberos? ( virtual/krb5 )
+   ldap? ( net-nds/openldap )"
+DEPEND="${RDEPEND}
+   static? ( ${LIB_DEPEND} )
+   virtual/pkgconfig
+   virtual/os-headers
+   sys-devel/autoconf"
+RDEPEND="${RDEPEND}
+   pam? ( >=sys-auth/pambase-20081028 )
+   userland_GNU? ( virtual/shadow )
+   X? ( x11-apps/xauth )"
+
+S=${WORKDIR}/${PARCH}
+
+pkg_setup() {
+   # this sucks, but i'd rather have people unable to `emerge -u openssh`
+   # than not be able to log in to their server any more
+   maybe_fail() { [[ -z ${!2} ]] && echo "$1" ; }
+   local fail="
+   $(use X509 && maybe_fail X509 X509_PATCH)
+   $(use ldap && maybe_fail ldap LDAP_PATCH)
+   $(use hpn && maybe_fail hpn HPN_PATCH)
+   "
+   fail=$(echo ${fail})
+   if [[ -n ${fail} ]] ; then
+   eerror "Sorry, but this version does not yet support features"
+   eerror "that you 

[gentoo-commits] repo/gentoo:master commit in: net-misc/openssh/, net-misc/openssh/files/

[Patrick McLean]

commit: 31f5deb488712534fee522f663ca6bd6b50a888d
Author: Patrick McLean  gentoo  org>
AuthorDate: Fri Sep  9 01:36:46 2016 +
Commit: Patrick McLean  gentoo  org>
CommitDate: Fri Sep  9 01:37:33 2016 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=31f5deb4

net-misc/openssh: Refactor new HPN patch to be it's own patch

Make my own patch rather than going with the patches on patches approach

Package-Manager: portage-2.3.0

 net-misc/openssh/Manifest  |   2 +-
 ...ssh-7.3_p1-hpn-cipher-ctr-mt-no-deadlocks.patch | 213 +
 .../openssh/files/openssh-7.3_p1-hpn-update.patch  | 490 -
 .../files/openssh-7.3_p1-hpn-x509-glue.patch   |   4 +-
 net-misc/openssh/openssh-7.3_p1-r3.ebuild  |  22 +-
 5 files changed, 224 insertions(+), 507 deletions(-)

diff --git a/net-misc/openssh/Manifest b/net-misc/openssh/Manifest
index c6667a5..81eba75 100644
--- a/net-misc/openssh/Manifest
+++ b/net-misc/openssh/Manifest
@@ -5,11 +5,11 @@ DIST openssh-7.1p2.tar.gz 1475829 SHA256 
dd75f024dcf21e06a0d6421d582690bf987a1f6
 DIST openssh-7.2_p1-sctp.patch.xz 8088 SHA256 
b9cc21336e23d44548e87964da9ff85ac83ce84693162abb172afb46be4a666e SHA512 
b287684337a101a26ab8df6894b679b063cdaa7dfc7b78fcc0ce8350c27526f150a6463c515019beb0af2ff005cc109d2913998f95f828e553b835a4df8b64df
 WHIRLPOOL 
16646a896f746946af84961974be08418b951c80249dce2fd4ae533a4d66e79d4372fd979aeda9c51aff51b86edf4178af18379e948195696a6fa114e2757306
 DIST openssh-7.2p2+x509-8.9.diff.gz 449308 SHA256 
bd77fcd285d10a86fb2934e90776fe39e4cd2da043384ec2ca45296a60669589 SHA512 
c7ed07aae72fd4f967ab5717831c51ad639ca59633c3768f6930bab0947f5429391e3911a7570288a1c688c8c21747f3cb722538ae96de6b50a021010e1506fa
 WHIRLPOOL 
7c1328e471b0e5e9576117ec563b66fea142886b0666b6d51ac9b8ec09286ba7a965b62796c32206e855e484180797a2c31d500c27289f3bc8c7db2d3af95e6f
 DIST openssh-7.2p2.tar.gz 1499808 SHA256 
a72781d1a043876a224ff1b0032daa4094d87565a68528759c1c2cab5482548c SHA512 
44f62b3a7bc50a0735d496a5aedeefb71550d8c10ad8f22b94e29fcc8084842db96e8c4ca41fced17af69e1aab09ed1182a12ad8650d9a46fd8743a0344df95b
 WHIRLPOOL 
95e16af6d1d82f4a660b56854b8e9da947b89e47775c06fe277a612cd1a7cabe7454087eb45034aedfb9b08096ce4aa427b9a37f43f70ccf1073664bdec13386
+DIST openssh-7.3_p1-hpn-14.10.patch.xz 20764 SHA256 
1c3799d83b52fc5d9370a0d7ccc11f45db0cf089ece7b7b2f5f24943df16f918 SHA512 
95e7dfbd3246678f997cb7818add9910136004b9e2e575122981f50b4eadd2517eb38a8de16bfe3a387e6cc65dbd15dae116649d55768767fc13f796a6d15a09
 WHIRLPOOL 
4167970087e17c8d9c2184109e85226f9a77d040868bd8b9ccab6ebc3d94f81b0d93489c3ad15b028e3fa842786cd2898dce54822b2e870470113634884285b4
 DIST openssh-7.3_p1-sctp.patch.xz 9968 SHA256 
18c3db45ed1e5495db29626938d8432aee509e88057494f052cfc09d40824c7f SHA512 
f249b76898af0c6f1f65f2a1cfb422648aa712818d0dc051b85a171f26bdddf7980fff5de7761161aa41c309e528b3801b4234f5cdd9f79f8eef173ae83f1e3c
 WHIRLPOOL 
1d92b969154b77d8ce9e3a6d0302aa17ec95e2d5ea4de72c0fb5680a8ee12f518ee5b1c47f22ad5d1a923a74c43829ed36cf478fe75fe400de967ab48d93dc99
 DIST openssh-7.3p1+x509-9.0.diff.gz 571918 SHA256 
ed468fe2e6220065b2bf3e2ed9eb0c7c8183f32f50fa50d64505d5feaef2d900 SHA512 
b6183f4441eb036a6e70e35290454faa67da411b60315f6d51779c187abdef377895d5ecfc4fbebac08d5a7a49ce16378b2ed208aee701337f256fd66f779dcd
 WHIRLPOOL 
91107f0040a7d9e09340a1c67547df34c9ed2e7a61d0ca59161574d9e9db90d2a99b1f2a7fa1edf0f820db5712695287c5731cc46cc9264297b5d348d4ce53c4
 DIST openssh-7.3p1+x509-9.1.diff.gz 584945 SHA256 
1ce361813d585fb543f632d19f73a583e257a404c013587a2ee7a1c57710ae95 SHA512 
11165544513eaff2b2e1f6dd11b9fb2870e59eb7e16377cf8fc1bf7e459cf8d09a91cf52f0d252df1bf618423ea8fb93099b96670cebc42aa2523dd439e59a89
 WHIRLPOOL 
8732cc52ef851a35c0dc8b35e8bd347f40ee60792aa23bae8e193ec6fa24928b67e6d8ebfc2c52090e78c525e908596020071495452965fa6244df1e459e
 DIST openssh-7.3p1.tar.gz 1522617 SHA256 
3ffb989a6dcaa69594c3b550d4855a5a2e1718ccdde7f5e36387b424220fbecc SHA512 
7ba2d6140f38bd359ebf32ef17626e0ae1c00c3a38c01877b7c6b0317d030f10a8f82a0a51fc3b6273619de9ed73e24b8cf107b1e968f927053a3bedf97ff801
 WHIRLPOOL 
f852026638d173d455f74e3fce16673fc4b10f32d954d5bb8c7c65df8d1ca7efd0938177dd9fb6e1f7354383f21c7bca8a2f01e89793e32f8ca68c30456a611c
-DIST openssh-7_2_P2-hpn-14.10.diff 78587 SHA256 
f083d4c4a2054808386e974accda385542ce150f0c0f079ec1a0d4fa7b17 SHA512 
49d772c6a071fe1883d5d2844aba1d327c40938af368ba349b44c643e10f4e2d02e5c889810f8914c61324fbf90e53547aa346fdbd47b22b2f8da6afc174692c
 WHIRLPOOL 
516621cdbccae3ecc900fde1b1edd2bac807b628d631289e3002747901d7663f5a2545f6b0396415a850f9695dd57e2ab5dbc548584f2c973726b38ca4d57bac
 DIST openssh-lpk-7.1p2-0.3.14.patch.xz 17704 SHA256 
fbf2e1560cac707f819a53c758a444ba6bfe140ef80d1af7ef1c9a95f0df SHA512 
95851baa699da16720358249d54d2f6a3c57b0ae082375bef228b97697c501c626ab860916c5b17e3c649b44f14f4009ff369962597438dfd60480a0e4882471
 WHIRLPOOL 

[gentoo-commits] repo/gentoo:master commit in: net-misc/openssh/, net-misc/openssh/files/

[Patrick McLean]

commit: 771040f0b9111b4125ec068b6fd1fe7d70fb319e
Author: Patrick McLean  gentoo  org>
AuthorDate: Fri Sep  2 20:49:43 2016 +
Commit: Patrick McLean  gentoo  org>
CommitDate: Fri Sep  2 20:49:58 2016 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=771040f0

net-misc/openssh: Revision bump, re-enable the hpn USE flag

This is hard masked for now for further testing, see bug #577768, All
the tests pass on all of my machines with USE="hpn" and USE="hpn X509".

Since there does not appear to be a tarball for the upstream hpn for
openssh-7.2+, this ebuild downloads the kitchensink diff, then patches
it to apply against openssh-7.3p1 and remove the server logging stuff
that get dropped from other hpn patchsets.

We can unmask this once more people test it and sign off that is looks good.

Package-Manager: portage-2.3.0

 net-misc/openssh/Manifest  |   1 +
 .../openssh/files/openssh-7.3_p1-hpn-update.patch  | 277 +
 .../files/openssh-7.3_p1-hpn-x509-glue.patch   |  33 ++
 net-misc/openssh/openssh-7.3_p1-r3.ebuild  | 343 +
 4 files changed, 654 insertions(+)

diff --git a/net-misc/openssh/Manifest b/net-misc/openssh/Manifest
index 7e2535f..c6667a5 100644
--- a/net-misc/openssh/Manifest
+++ b/net-misc/openssh/Manifest
@@ -9,6 +9,7 @@ DIST openssh-7.3_p1-sctp.patch.xz 9968 SHA256 
18c3db45ed1e5495db29626938d8432aee
 DIST openssh-7.3p1+x509-9.0.diff.gz 571918 SHA256 
ed468fe2e6220065b2bf3e2ed9eb0c7c8183f32f50fa50d64505d5feaef2d900 SHA512 
b6183f4441eb036a6e70e35290454faa67da411b60315f6d51779c187abdef377895d5ecfc4fbebac08d5a7a49ce16378b2ed208aee701337f256fd66f779dcd
 WHIRLPOOL 
91107f0040a7d9e09340a1c67547df34c9ed2e7a61d0ca59161574d9e9db90d2a99b1f2a7fa1edf0f820db5712695287c5731cc46cc9264297b5d348d4ce53c4
 DIST openssh-7.3p1+x509-9.1.diff.gz 584945 SHA256 
1ce361813d585fb543f632d19f73a583e257a404c013587a2ee7a1c57710ae95 SHA512 
11165544513eaff2b2e1f6dd11b9fb2870e59eb7e16377cf8fc1bf7e459cf8d09a91cf52f0d252df1bf618423ea8fb93099b96670cebc42aa2523dd439e59a89
 WHIRLPOOL 
8732cc52ef851a35c0dc8b35e8bd347f40ee60792aa23bae8e193ec6fa24928b67e6d8ebfc2c52090e78c525e908596020071495452965fa6244df1e459e
 DIST openssh-7.3p1.tar.gz 1522617 SHA256 
3ffb989a6dcaa69594c3b550d4855a5a2e1718ccdde7f5e36387b424220fbecc SHA512 
7ba2d6140f38bd359ebf32ef17626e0ae1c00c3a38c01877b7c6b0317d030f10a8f82a0a51fc3b6273619de9ed73e24b8cf107b1e968f927053a3bedf97ff801
 WHIRLPOOL 
f852026638d173d455f74e3fce16673fc4b10f32d954d5bb8c7c65df8d1ca7efd0938177dd9fb6e1f7354383f21c7bca8a2f01e89793e32f8ca68c30456a611c
+DIST openssh-7_2_P2-hpn-14.10.diff 78587 SHA256 
f083d4c4a2054808386e974accda385542ce150f0c0f079ec1a0d4fa7b17 SHA512 
49d772c6a071fe1883d5d2844aba1d327c40938af368ba349b44c643e10f4e2d02e5c889810f8914c61324fbf90e53547aa346fdbd47b22b2f8da6afc174692c
 WHIRLPOOL 
516621cdbccae3ecc900fde1b1edd2bac807b628d631289e3002747901d7663f5a2545f6b0396415a850f9695dd57e2ab5dbc548584f2c973726b38ca4d57bac
 DIST openssh-lpk-7.1p2-0.3.14.patch.xz 17704 SHA256 
fbf2e1560cac707f819a53c758a444ba6bfe140ef80d1af7ef1c9a95f0df SHA512 
95851baa699da16720358249d54d2f6a3c57b0ae082375bef228b97697c501c626ab860916c5b17e3c649b44f14f4009ff369962597438dfd60480a0e4882471
 WHIRLPOOL 
4629b3a7d1f373a678935e889a6cd0d66d70b420e93e40ae0ad19aa7f91be7dcf2169fb797d89df93005a885d54ebaa0d46c2e5418bd2d0a77ad64e65897b518
 DIST openssh-lpk-7.2p2-0.3.14.patch.xz 17692 SHA256 
2cd4108d60112bd97402f9c27aac2c24d334a37afe0933ad9c6377a257a68aee SHA512 
e6a25f8f0106fadcb799300452d6f22034d3fc69bd1c95a3365884873861f41b1e9d49f2c5223dde6fcd00562c652ba466bc8c48833ce5ab353af3a041f75b15
 WHIRLPOOL 
237343b320772a1588b64c4135758af840199214129d7e8cfa9798f976c32902ca5493ee0c33b16003854fea243556997bc688640a9872b82c06f72c86f2586d
 DIST openssh-lpk-7.3p1-0.3.14.patch.xz 17800 SHA256 
cf1f60235cb8b0e561cd36cbf9e4f437e16fd748c2616d3f511c128c02deb76c SHA512 
e9a73c5f13e41f6e11c744fdbcdb2e399c394479f79249e901cb3c101efb06f23d51d3ba4869db872184fa034a5910fc93a730fe906266c8d7409e39ad5b1ecd
 WHIRLPOOL 
bbdeadbed8f901148713bd9e4a082a4be2992c3151f995febd8be89bbb85d91185e1f0413b5a94a9340f2f404d18c9cee2aa6e032adaee0306aa1c624f6cc09c

diff --git a/net-misc/openssh/files/openssh-7.3_p1-hpn-update.patch 
b/net-misc/openssh/files/openssh-7.3_p1-hpn-update.patch
new file mode 100644
index ..2c4cc50
--- /dev/null
+++ b/net-misc/openssh/files/openssh-7.3_p1-hpn-update.patch
@@ -0,0 +1,277 @@
+--- openssh-7_2_P2-hpn-14.10.diff.orig 2016-09-01 10:34:05.905112131 -0700
 openssh-7_2_P2-hpn-14.10.diff  2016-09-01 11:33:19.106664802 -0700
+@@ -156,145 +156,6 @@
+   compat.o crc32.o deattack.o fatal.o hostfile.o \
+   log.o match.o md-sha256.o moduli.o nchan.o packet.o opacket.o \
+   readpass.o rsa.o ttymodes.o xmalloc.o addrmatch.o \
+-diff --git a/auth2.c b/auth2.c
+-index 7177962..4af53f0 100644
+ a/auth2.c
+-+++ b/auth2.c
+-@@ -50,6 +50,7 @@
+- #include "dispatch.h"
+- #include "pathnames.h"
+- 

[gentoo-commits] repo/gentoo:master commit in: net-misc/openssh/, net-misc/openssh/files/

[Mike Frysinger]

commit: dc520c7f9c8b814fe4a8e982ec9b31611aef1ced
Author: Mike Frysinger  gentoo  org>
AuthorDate: Thu Aug  4 00:26:49 2016 +
Commit: Mike Frysinger  gentoo  org>
CommitDate: Thu Aug  4 00:26:49 2016 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=dc520c7f

net-misc/openssh: fix USE=kerberos build #590382

 .../openssh/files/openssh-7.3_p1-GSSAPI-dns.patch  | 350 +
 net-misc/openssh/openssh-7.3_p1-r1.ebuild  |   2 +-
 2 files changed, 351 insertions(+), 1 deletion(-)

diff --git a/net-misc/openssh/files/openssh-7.3_p1-GSSAPI-dns.patch 
b/net-misc/openssh/files/openssh-7.3_p1-GSSAPI-dns.patch
new file mode 100644
index 000..d6798e2
--- /dev/null
+++ b/net-misc/openssh/files/openssh-7.3_p1-GSSAPI-dns.patch
@@ -0,0 +1,350 @@
+http://bugs.gentoo.org/165444
+https://bugzilla.mindrot.org/show_bug.cgi?id=1008
+
+--- a/readconf.c
 b/readconf.c
+@@ -148,6 +148,7 @@
+   oClearAllForwardings, oNoHostAuthenticationForLocalhost,
+   oEnableSSHKeysign, oRekeyLimit, oVerifyHostKeyDNS, oConnectTimeout,
+   oAddressFamily, oGssAuthentication, oGssDelegateCreds,
++  oGssTrustDns,
+   oServerAliveInterval, oServerAliveCountMax, oIdentitiesOnly,
+   oSendEnv, oControlPath, oControlMaster, oControlPersist,
+   oHashKnownHosts,
+@@ -194,9 +195,11 @@
+ #if defined(GSSAPI)
+   { "gssapiauthentication", oGssAuthentication },
+   { "gssapidelegatecredentials", oGssDelegateCreds },
++  { "gssapitrustdns", oGssTrustDns },
+ #else
+   { "gssapiauthentication", oUnsupported },
+   { "gssapidelegatecredentials", oUnsupported },
++  { "gssapitrustdns", oUnsupported },
+ #endif
+   { "fallbacktorsh", oDeprecated },
+   { "usersh", oDeprecated },
+@@ -930,6 +933,10 @@
+   intptr = >gss_deleg_creds;
+   goto parse_flag;
+ 
++  case oGssTrustDns:
++  intptr = >gss_trust_dns;
++  goto parse_flag;
++
+   case oBatchMode:
+   intptr = >batch_mode;
+   goto parse_flag;
+@@ -1649,6 +1656,7 @@
+   options->challenge_response_authentication = -1;
+   options->gss_authentication = -1;
+   options->gss_deleg_creds = -1;
++  options->gss_trust_dns = -1;
+   options->password_authentication = -1;
+   options->kbd_interactive_authentication = -1;
+   options->kbd_interactive_devices = NULL;
+@@ -1779,6 +1787,8 @@
+   options->gss_authentication = 0;
+   if (options->gss_deleg_creds == -1)
+   options->gss_deleg_creds = 0;
++  if (options->gss_trust_dns == -1)
++  options->gss_trust_dns = 0;
+   if (options->password_authentication == -1)
+   options->password_authentication = 1;
+   if (options->kbd_interactive_authentication == -1)
+--- a/readconf.h
 b/readconf.h
+@@ -46,6 +46,7 @@
+   /* Try S/Key or TIS, authentication. */
+   int gss_authentication; /* Try GSS authentication */
+   int gss_deleg_creds;/* Delegate GSS credentials */
++  int gss_trust_dns;  /* Trust DNS for GSS canonicalization */
+   int password_authentication;/* Try password
+* authentication. */
+   int kbd_interactive_authentication; /* Try keyboard-interactive 
auth. */
+--- a/ssh_config.5
 b/ssh_config.5
+@@ -830,6 +830,16 @@
+ Forward (delegate) credentials to the server.
+ The default is
+ .Dq no .
++Note that this option applies to protocol version 2 connections using GSSAPI.
++.It Cm GSSAPITrustDns
++Set to
++.Dq yes to indicate that the DNS is trusted to securely canonicalize
++the name of the host being connected to. If
++.Dq no, the hostname entered on the
++command line will be passed untouched to the GSSAPI library.
++The default is
++.Dq no .
++This option only applies to protocol version 2 connections using GSSAPI.
+ .It Cm HashKnownHosts
+ Indicates that
+ .Xr ssh 1
+--- a/sshconnect2.c
 b/sshconnect2.c
+@@ -656,6 +656,12 @@
+   static u_int mech = 0;
+   OM_uint32 min;
+   int ok = 0;
++  const char *gss_host;
++
++  if (options.gss_trust_dns)
++  gss_host = auth_get_canonical_hostname(active_state, 1);
++  else
++  gss_host = authctxt->host;
+ 
+   /* Try one GSSAPI method at a time, rather than sending them all at
+* once. */
+@@ -668,7 +674,7 @@
+   /* My DER encoding requires length<128 */
+   if (gss_supported->elements[mech].length < 128 &&
+   ssh_gssapi_check_mechanism(, 
+-  _supported->elements[mech], authctxt->host)) {
++  _supported->elements[mech], gss_host)) {
+   ok = 1; /* Mechanism works */
+   } else {
+   mech++;
+
+need to move these two funcs back to canohost so they're available to clients
+and the 

[gentoo-commits] repo/gentoo:master commit in: net-misc/openssh/, net-misc/openssh/files/

[Lars Wendler]

commit: 0a6f7c3566cca467497f37ff9ea82c4767f14a2b
Author: Lars Wendler  gentoo  org>
AuthorDate: Sat Jun 11 12:29:14 2016 +
Commit: Lars Wendler  gentoo  org>
CommitDate: Sat Jun 11 12:29:30 2016 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=0a6f7c35

net-misc/openssh: Security cleanup (bug #571892).

Kept latest ebuild with hpn USE flag as it's ~arch anyway and gets superseded
by the latest "secure" version anyway.

Package-Manager: portage-2.2.28
Signed-off-by: Lars Wendler  gentoo.org>

 net-misc/openssh/Manifest  |   8 -
 .../files/openssh-6.3_p1-x509-hpn14v2-glue.patch   |  51 
 .../files/openssh-6.9_p1-x509-warnings.patch   |  24 --
 .../files/openssh-7.1_p1-CVE-2016-0777.patch   |  33 ---
 net-misc/openssh/openssh-7.1_p1-r2.ebuild  | 328 
 net-misc/openssh/openssh-7.1_p1-r3.ebuild  | 329 -
 net-misc/openssh/openssh-7.1_p2.ebuild | 327 
 net-misc/openssh/openssh-7.2_p1.ebuild | 324 
 8 files changed, 1424 deletions(-)

diff --git a/net-misc/openssh/Manifest b/net-misc/openssh/Manifest
index ff03350..ea15d13 100644
--- a/net-misc/openssh/Manifest
+++ b/net-misc/openssh/Manifest
@@ -1,17 +1,9 @@
 DIST openssh-6.8_p1-sctp.patch.xz 7388 SHA256 
2c74dd00aaae9f4de908d8e5685ae982779a5069996b98d55e8408eada739a19 SHA512 
f93a1d27bc3e57a6d4fa717c9d5ece4f28196f8539cb2f2efc4285dce9a2e94a3f5a59d18fc01ea73a94e90630cee7621240455fce146f781cf7091a828f2db0
 WHIRLPOOL 
7fb3346c3444654988303ff2a941345c00412a8012d6d419c9e4f870ef4c3362f92a4020d7bff2dc5d1ff9e42cf7287c4346909f8db07154783d5359a73a7476
-DIST openssh-7.1p1+x509-8.6.diff.gz 413931 SHA256 
cbf661a1fec080dc9ed335a290414154326c2a13f124985db050b86a91073d52 SHA512 
c91d0f1b69b6d34984e94b391ad022271e73d0634cef2df355ba555366bc38d30649b478f245b6c51ce79d71adf1b693bc97826e6c6013a78e7ccfb7023b4bcc
 WHIRLPOOL 
4ed4427e80026996c43a188d7d45f2c53fa6a7fd842a248b1225b27f3e9037e761f0ed172d79b53ada81c24d958a2193e94d918f6ca1320e45d5e68379845981
-DIST openssh-7.1p1-hpnssh14v9.tar.xz 21580 SHA256 
a795c2f2621f537b3fd98172cbd1f7c71869e4da78cd280d123fa19ae4262b97 SHA512 
6ce151949bf81b5518b95092a2f18d2f24581954e2c629deaf3c1d10136f32f830567aafb9b4045547e95e3ab63cf750e240eac40e2b9caa6d71cb2b132821ec
 WHIRLPOOL 
8e3c9a1d79112092a6cb42c6766ccdf61e5d8fcd366ea5c7d3bab94cf309bcc12f3761476a288158638a340023aa24519d888caac19fb0ef25fa56bdab06412c
-DIST openssh-7.1p1.tar.gz 1493170 SHA256 
fc0a6d2d1d063d5c66dffd952493d0cda256cad204f681de0f84ef85b2ad8428 SHA512 
f1491ca5a0a733eb27ede966590642a412cb7be7178dcb7b9e5844bbdc8383032f4b00435192b95fc0365b6fe74d6c5ac8d6facbe9d51e1532d049e2f784e8f7
 WHIRLPOOL 
a650a93657f930d20dc3fa24ab720857f63f7cd0a82d1906cf1e58145e866129207851d5e587d678655e5731fa73221ab9b6ea0754533100c25fe2acaa442e05
-DIST openssh-7.1p2+x509-8.6.diff.xz 283964 SHA256 
0848ceb42fa15f6197d5d81f9da6dea9cc3a7fda2fdb424447fa0f995a5197d1 SHA512 
276f5738498ce9a559a5066cfeb670c48f275c2cbf7b007f213405b71349f1f77cc2c7bee6af5ee548b9443f0e44ede0e3d232a31b52ac834cf81cac855bfa87
 WHIRLPOOL 
024b9f0d9dda3ec2ae7da156f801c3735e5ff7198010fbc021ccde8adada28e45f076264c9f09fc34586adc52d8ad93689b4bdbecaaad7761bb9e26a8c4af231
 DIST openssh-7.1p2+x509-8.7.diff.gz 438584 SHA256 
23030dff924a78718686fad6442b1083293b0c2a057714291bd0af9ed8ef5868 SHA512 
d9aa43f5fc06b88b442285a9f9a15d01b52796c36f0cb228c756edca473a89eadb296c45503a14514fdb156d3bc9d90ff33271ccfa9461a9bb2b798a581cc007
 WHIRLPOOL 
ef3f4486fff0addad1a6bdcde3ba606d55d6e3ea5d2cd6e79bfe2494d660c38f0e9f1c157af72c3b6ad5e6eb3731168f975b26c94f8357154e54c08e5d876652
 DIST openssh-7.1p2-hpnssh14v10.tar.xz 22388 SHA256 
729e20a2627ca403da6cfff8ef251c03421022123a21c68003181b4e5409bcc5 SHA512 
b8e88ac5891ed632416db8da6377512614f19f5f7a7c093b55ecfe3e3f50979c61c0674e9381c316632d8daed90f8cce958c9b77bd00084a4ee1b0297cf321ba
 WHIRLPOOL 
c466cc33dc4a40e9466148beb154c539e095ac1b9cdcc5b3d235cbcf12ca10255d63da2f0e1da10d1afa1a0d2ebd436ca0d9e542c732df6ef67fb8f4d2d0192c
 DIST openssh-7.1p2.tar.gz 1475829 SHA256 
dd75f024dcf21e06a0d6421d582690bf987a1f6323e32ad6619392f3bfde6bbd SHA512 
d5be60f3645ec238b21e1f2dfd801b2136146674bbc086ebdb14be516c613819bc87c84b5089f3a45fe6e137a7458404f79f42572c69d91571e45ebed9d5e3af
 WHIRLPOOL 
9f48952b82db3983c20e84bcff5b6761f5b284174072c828698dced3a53ca8bbc2e1f89d2e82b62a68f4606b52c980fcf097250f86c1a67ad343d20e3ec9d1f4
 DIST openssh-7.2_p1-sctp.patch.xz 8088 SHA256 
b9cc21336e23d44548e87964da9ff85ac83ce84693162abb172afb46be4a666e SHA512 
b287684337a101a26ab8df6894b679b063cdaa7dfc7b78fcc0ce8350c27526f150a6463c515019beb0af2ff005cc109d2913998f95f828e553b835a4df8b64df
 WHIRLPOOL 
16646a896f746946af84961974be08418b951c80249dce2fd4ae533a4d66e79d4372fd979aeda9c51aff51b86edf4178af18379e948195696a6fa114e2757306
-DIST openssh-7.2p1+x509-8.8.diff.gz 446930 SHA256 
a6a4bc0fb63d8117718d2ddb975ff09e99d8788913b396f9b7af22a7630e5d8f SHA512 

[gentoo-commits] repo/gentoo:master commit in: net-misc/openssh/, net-misc/openssh/files/

[Mike Frysinger]

commit: 16c23496b905c9e4e26d887efbf909133a75856a
Author: Mike Frysinger  gentoo  org>
AuthorDate: Wed Mar  2 20:26:43 2016 +
Commit: Mike Frysinger  gentoo  org>
CommitDate: Wed Mar  2 20:28:18 2016 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=16c23496

net-misc/openssh: version bump to 7.2_p1

 net-misc/openssh/Manifest  |   4 +
 .../openssh/files/openssh-7.2_p1-GSSAPI-dns.patch  | 106 +++
 .../files/openssh-7.2_p1-sctp-x509-glue.patch  |  74 +
 net-misc/openssh/openssh-7.2_p1.ebuild | 324 +
 4 files changed, 508 insertions(+)

diff --git a/net-misc/openssh/Manifest b/net-misc/openssh/Manifest
index 61ef955..aeb1b97 100644
--- a/net-misc/openssh/Manifest
+++ b/net-misc/openssh/Manifest
@@ -6,5 +6,9 @@ DIST openssh-7.1p2+x509-8.6.diff.xz 283964 SHA256 
0848ceb42fa15f6197d5d81f9da6de
 DIST openssh-7.1p2+x509-8.7.diff.gz 438584 SHA256 
23030dff924a78718686fad6442b1083293b0c2a057714291bd0af9ed8ef5868 SHA512 
d9aa43f5fc06b88b442285a9f9a15d01b52796c36f0cb228c756edca473a89eadb296c45503a14514fdb156d3bc9d90ff33271ccfa9461a9bb2b798a581cc007
 WHIRLPOOL 
ef3f4486fff0addad1a6bdcde3ba606d55d6e3ea5d2cd6e79bfe2494d660c38f0e9f1c157af72c3b6ad5e6eb3731168f975b26c94f8357154e54c08e5d876652
 DIST openssh-7.1p2-hpnssh14v10.tar.xz 22388 SHA256 
729e20a2627ca403da6cfff8ef251c03421022123a21c68003181b4e5409bcc5 SHA512 
b8e88ac5891ed632416db8da6377512614f19f5f7a7c093b55ecfe3e3f50979c61c0674e9381c316632d8daed90f8cce958c9b77bd00084a4ee1b0297cf321ba
 WHIRLPOOL 
c466cc33dc4a40e9466148beb154c539e095ac1b9cdcc5b3d235cbcf12ca10255d63da2f0e1da10d1afa1a0d2ebd436ca0d9e542c732df6ef67fb8f4d2d0192c
 DIST openssh-7.1p2.tar.gz 1475829 SHA256 
dd75f024dcf21e06a0d6421d582690bf987a1f6323e32ad6619392f3bfde6bbd SHA512 
d5be60f3645ec238b21e1f2dfd801b2136146674bbc086ebdb14be516c613819bc87c84b5089f3a45fe6e137a7458404f79f42572c69d91571e45ebed9d5e3af
 WHIRLPOOL 
9f48952b82db3983c20e84bcff5b6761f5b284174072c828698dced3a53ca8bbc2e1f89d2e82b62a68f4606b52c980fcf097250f86c1a67ad343d20e3ec9d1f4
+DIST openssh-7.2_p1-sctp.patch.xz 8088 SHA256 
b9cc21336e23d44548e87964da9ff85ac83ce84693162abb172afb46be4a666e SHA512 
b287684337a101a26ab8df6894b679b063cdaa7dfc7b78fcc0ce8350c27526f150a6463c515019beb0af2ff005cc109d2913998f95f828e553b835a4df8b64df
 WHIRLPOOL 
16646a896f746946af84961974be08418b951c80249dce2fd4ae533a4d66e79d4372fd979aeda9c51aff51b86edf4178af18379e948195696a6fa114e2757306
+DIST openssh-7.2p1+x509-8.8.diff.gz 446930 SHA256 
a6a4bc0fb63d8117718d2ddb975ff09e99d8788913b396f9b7af22a7630e5d8f SHA512 
28ace1c1972b8a77f0574b578054bb0224ec3861f6549c193351b1c8395ed335c9cf1070f8cc9b28c9b4188ead264d84bcd4477d4ce8b6143e0122ac9e7eb304
 WHIRLPOOL 
c5dd0f4be77f69a0cd435b1a4f85496ec5da3a162f0858a006acb0bedfb613959f74031ccf24fb4f86f7244a20066a89191d068a4890d165315586d5574f7155
+DIST openssh-7.2p1.tar.gz 1499707 SHA256 
973cc37b2f3597e4cf599b09e604e79c0fe5d9b6f595a24e91ed0662860b4ac3 SHA512 
e6a1a6fbc420c5af76892f05ac5d7601533629a595869c6143edc3a21322faa72c5638ccb2e346d25af5703d77c1e1bebf2ace488d755b3d5a65a53bdb54
 WHIRLPOOL 
d284999b325b5ef1c4e33ea14a51d74a22c7b52d9642dee70490fa71b4473dd08c0b76c4faa4575932c579b931608f575f3366881dd6438150b71333239e189c
 DIST openssh-lpk-6.8p1-0.3.14.patch.xz 16940 SHA256 
d5f048dc7e9d3fca085c152fc31306f1d8fa793e524c538295915b075ec085b0 SHA512 
2470b6b46f8c7ac985f82d14b788a3eb81a468a1d5013cb7f89257d9dd78b6037e24bf54ac57b757db8ed1df24332d659cf918c11ea73592fd24a69c25a54081
 WHIRLPOOL 
b041ee9e0efdf370686f11df4131ab5e5ffb2f11cc66c386a8223bf563c5b78ab9443f06e4adc2e506e440cdec9dc5b20f5972cd8d691d786d2f903bb49b947b
 DIST openssh-lpk-7.1p2-0.3.14.patch.xz 17704 SHA256 
fbf2e1560cac707f819a53c758a444ba6bfe140ef80d1af7ef1c9a95f0df SHA512 
95851baa699da16720358249d54d2f6a3c57b0ae082375bef228b97697c501c626ab860916c5b17e3c649b44f14f4009ff369962597438dfd60480a0e4882471
 WHIRLPOOL 
4629b3a7d1f373a678935e889a6cd0d66d70b420e93e40ae0ad19aa7f91be7dcf2169fb797d89df93005a885d54ebaa0d46c2e5418bd2d0a77ad64e65897b518
+DIST openssh-lpk-7.2p1-0.3.14.patch.xz 17700 SHA256 
4fdec61e082acedd33cf9199ff8a99780b8b1690e2236a05d1a57035dde70a5b SHA512 
4da7ab88c42df4580dccadf43c72c9a19806172dd219356b740dd9877db5ba2842d481ffaac3f87427ca2b7fa2bc4f076edf1890517d13f641122bbf6728d8c7
 WHIRLPOOL 
dcb4c800c5b54b512907dd00f6aab7f0c7ee87cb66240eb346cdd4937ed62983e21fb1777a4c74d7b6db492683ed4c68de13a21dbcba39abd879a16c6b4dd2da

diff --git a/net-misc/openssh/files/openssh-7.2_p1-GSSAPI-dns.patch 
b/net-misc/openssh/files/openssh-7.2_p1-GSSAPI-dns.patch
new file mode 100644
index 000..29e94e4
--- /dev/null
+++ b/net-misc/openssh/files/openssh-7.2_p1-GSSAPI-dns.patch
@@ -0,0 +1,106 @@
+http://bugs.gentoo.org/165444
+https://bugzilla.mindrot.org/show_bug.cgi?id=1008
+
+--- openssh-7.2p1/readconf.c
 openssh-7.2p1/readconf.c
+@@ -148,6 +148,7 @@
+   oClearAllForwardings, oNoHostAuthenticationForLocalhost,
+   oEnableSSHKeysign, oRekeyLimit, oVerifyHostKeyDNS, 

[gentoo-commits] repo/gentoo:master commit in: net-misc/openssh/, net-misc/openssh/files/

[Lars Wendler]

commit: ad9f88e38be8085905214a94bc48913b095bd85a
Author: Lars Wendler  gentoo  org>
AuthorDate: Thu Jan 14 15:30:58 2016 +
Commit: Lars Wendler  gentoo  org>
CommitDate: Thu Jan 14 15:31:15 2016 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=ad9f88e3

net-misc/openssh: Security bump for CVE-2016-0777 (bug #571892).

Package-Manager: portage-2.2.26
Signed-off-by: Lars Wendler  gentoo.org>

 .../files/openssh-7.1_p1-CVE-2016-0777.patch   |  33 +++
 net-misc/openssh/openssh-7.1_p1-r3.ebuild  | 327 +
 2 files changed, 360 insertions(+)

diff --git a/net-misc/openssh/files/openssh-7.1_p1-CVE-2016-0777.patch 
b/net-misc/openssh/files/openssh-7.1_p1-CVE-2016-0777.patch
new file mode 100644
index 000..90125dd
--- /dev/null
+++ b/net-misc/openssh/files/openssh-7.1_p1-CVE-2016-0777.patch
@@ -0,0 +1,33 @@
+--- openssh-7.1p1/readconf.c
 openssh-7.1p1/readconf.c
+@@ -1660,7 +1660,7 @@
+   options->tun_remote = -1;
+   options->local_command = NULL;
+   options->permit_local_command = -1;
+-  options->use_roaming = -1;
++  options->use_roaming = 0;
+   options->visual_host_key = -1;
+   options->ip_qos_interactive = -1;
+   options->ip_qos_bulk = -1;
+@@ -1833,8 +1833,7 @@
+   options->tun_remote = SSH_TUNID_ANY;
+   if (options->permit_local_command == -1)
+   options->permit_local_command = 0;
+-  if (options->use_roaming == -1)
+-  options->use_roaming = 1;
++  options->use_roaming = 0;
+   if (options->visual_host_key == -1)
+   options->visual_host_key = 0;
+   if (options->ip_qos_interactive == -1)
+--- openssh-7.1p1/ssh.c
 openssh-7.1p1/ssh.c
+@@ -1932,9 +1932,6 @@
+   fork_postauth();
+   }
+ 
+-  if (options.use_roaming)
+-  request_roaming();
+-
+   return client_loop(tty_flag, tty_flag ?
+   options.escape_char : SSH_ESCAPECHAR_NONE, id);
+ }

diff --git a/net-misc/openssh/openssh-7.1_p1-r3.ebuild 
b/net-misc/openssh/openssh-7.1_p1-r3.ebuild
new file mode 100644
index 000..f8aac3e
--- /dev/null
+++ b/net-misc/openssh/openssh-7.1_p1-r3.ebuild
@@ -0,0 +1,327 @@
+# Copyright 1999-2016 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI=5
+inherit eutils user flag-o-matic multilib autotools pam systemd versionator
+
+# Make it more portable between straight releases
+# and _p? releases.
+PARCH=${P/_}
+
+HPN_PATCH="${PARCH}-hpnssh14v9.tar.xz"
+LDAP_PATCH="${PN}-lpk-6.8p1-0.3.14.patch.xz"
+X509_VER="8.6" X509_PATCH="${PN}-${PV//_}+x509-${X509_VER}.diff.gz"
+
+DESCRIPTION="Port of OpenBSD's free SSH release"
+HOMEPAGE="http://www.openssh.org/;
+SRC_URI="mirror://openbsd/OpenSSH/portable/${PARCH}.tar.gz
+   mirror://gentoo/${PN}-6.8_p1-sctp.patch.xz
+   ${HPN_PATCH:+hpn? (
+   mirror://gentoo/${HPN_PATCH}
+   mirror://sourceforge/hpnssh/${HPN_PATCH}
+   )}
+   ${LDAP_PATCH:+ldap? ( mirror://gentoo/${LDAP_PATCH} )}
+   ${X509_PATCH:+X509? ( 
http://roumenpetrov.info/openssh/x509-${X509_VER}/${X509_PATCH} )}
+   "
+
+LICENSE="BSD GPL-2"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 
~sh ~sparc ~x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~arm-linux ~x86-linux"
+# Probably want to drop ssl defaulting to on in a future version.
+IUSE="bindist debug ${HPN_PATCH:++}hpn kerberos kernel_linux ldap ldns libedit 
libressl pam +pie sctp selinux skey ssh1 +ssl static X X509"
+REQUIRED_USE="ldns? ( ssl )
+   pie? ( !static )
+   ssh1? ( ssl )
+   static? ( !kerberos !pam )
+   X509? ( !ldap ssl )"
+
+LIB_DEPEND="
+   ldns? (
+   net-libs/ldns[static-libs(+)]
+   !bindist? ( net-libs/ldns[ecdsa,ssl] )
+   bindist? ( net-libs/ldns[-ecdsa,ssl] )
+   )
+   libedit? ( dev-libs/libedit[static-libs(+)] )
+   sctp? ( net-misc/lksctp-tools[static-libs(+)] )
+   selinux? ( >=sys-libs/libselinux-1.28[static-libs(+)] )
+   skey? ( >=sys-auth/skey-1.1.5-r1[static-libs(+)] )
+   ssl? (
+   !libressl? (
+   >=dev-libs/openssl-0.9.8f:0[bindist=]
+   dev-libs/openssl:0[static-libs(+)]
+   )
+   libressl? ( dev-libs/libressl[static-libs(+)] )
+   )
+   >=sys-libs/zlib-1.2.3[static-libs(+)]"
+RDEPEND="
+   !static? ( ${LIB_DEPEND//\[static-libs(+)]} )
+   pam? ( virtual/pam )
+   kerberos? ( virtual/krb5 )
+   ldap? ( net-nds/openldap )"
+DEPEND="${RDEPEND}
+   static? ( ${LIB_DEPEND} )
+   virtual/pkgconfig
+   virtual/os-headers
+   sys-devel/autoconf"
+RDEPEND="${RDEPEND}
+   pam? ( >=sys-auth/pambase-20081028 )
+   userland_GNU? ( virtual/shadow )
+   X? ( x11-apps/xauth )"
+
+S=${WORKDIR}/${PARCH}
+
+pkg_setup() {
+   # this sucks, but i'd rather have people unable 

[gentoo-commits] repo/gentoo:master commit in: net-misc/openssh/, net-misc/openssh/files/

[Mike Frysinger]

commit: 1239749ed4047fa2c7c8e41b315d2fb85d6bb2b9
Author: Mike Frysinger  gentoo  org>
AuthorDate: Thu Jan 14 20:54:48 2016 +
Commit: Mike Frysinger  gentoo  org>
CommitDate: Thu Jan 14 20:59:31 2016 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=1239749e

net-misc/openssh: version bump to 7.1_p2 #571892

 net-misc/openssh/Manifest  |   4 +
 .../files/openssh-7.1_p2-x509-hpn14v10-glue.patch  |  51 
 net-misc/openssh/openssh-7.1_p2.ebuild | 327 +
 3 files changed, 382 insertions(+)

diff --git a/net-misc/openssh/Manifest b/net-misc/openssh/Manifest
index c7e4e9d..775ee66 100644
--- a/net-misc/openssh/Manifest
+++ b/net-misc/openssh/Manifest
@@ -2,4 +2,8 @@ DIST openssh-6.8_p1-sctp.patch.xz 7388 SHA256 
2c74dd00aaae9f4de908d8e5685ae98277
 DIST openssh-7.1p1+x509-8.6.diff.gz 413931 SHA256 
cbf661a1fec080dc9ed335a290414154326c2a13f124985db050b86a91073d52 SHA512 
c91d0f1b69b6d34984e94b391ad022271e73d0634cef2df355ba555366bc38d30649b478f245b6c51ce79d71adf1b693bc97826e6c6013a78e7ccfb7023b4bcc
 WHIRLPOOL 
4ed4427e80026996c43a188d7d45f2c53fa6a7fd842a248b1225b27f3e9037e761f0ed172d79b53ada81c24d958a2193e94d918f6ca1320e45d5e68379845981
 DIST openssh-7.1p1-hpnssh14v9.tar.xz 21580 SHA256 
a795c2f2621f537b3fd98172cbd1f7c71869e4da78cd280d123fa19ae4262b97 SHA512 
6ce151949bf81b5518b95092a2f18d2f24581954e2c629deaf3c1d10136f32f830567aafb9b4045547e95e3ab63cf750e240eac40e2b9caa6d71cb2b132821ec
 WHIRLPOOL 
8e3c9a1d79112092a6cb42c6766ccdf61e5d8fcd366ea5c7d3bab94cf309bcc12f3761476a288158638a340023aa24519d888caac19fb0ef25fa56bdab06412c
 DIST openssh-7.1p1.tar.gz 1493170 SHA256 
fc0a6d2d1d063d5c66dffd952493d0cda256cad204f681de0f84ef85b2ad8428 SHA512 
f1491ca5a0a733eb27ede966590642a412cb7be7178dcb7b9e5844bbdc8383032f4b00435192b95fc0365b6fe74d6c5ac8d6facbe9d51e1532d049e2f784e8f7
 WHIRLPOOL 
a650a93657f930d20dc3fa24ab720857f63f7cd0a82d1906cf1e58145e866129207851d5e587d678655e5731fa73221ab9b6ea0754533100c25fe2acaa442e05
+DIST openssh-7.1p2+x509-8.6.diff.xz 283964 SHA256 
0848ceb42fa15f6197d5d81f9da6dea9cc3a7fda2fdb424447fa0f995a5197d1 SHA512 
276f5738498ce9a559a5066cfeb670c48f275c2cbf7b007f213405b71349f1f77cc2c7bee6af5ee548b9443f0e44ede0e3d232a31b52ac834cf81cac855bfa87
 WHIRLPOOL 
024b9f0d9dda3ec2ae7da156f801c3735e5ff7198010fbc021ccde8adada28e45f076264c9f09fc34586adc52d8ad93689b4bdbecaaad7761bb9e26a8c4af231
+DIST openssh-7.1p2-hpnssh14v10.tar.xz 22388 SHA256 
729e20a2627ca403da6cfff8ef251c03421022123a21c68003181b4e5409bcc5 SHA512 
b8e88ac5891ed632416db8da6377512614f19f5f7a7c093b55ecfe3e3f50979c61c0674e9381c316632d8daed90f8cce958c9b77bd00084a4ee1b0297cf321ba
 WHIRLPOOL 
c466cc33dc4a40e9466148beb154c539e095ac1b9cdcc5b3d235cbcf12ca10255d63da2f0e1da10d1afa1a0d2ebd436ca0d9e542c732df6ef67fb8f4d2d0192c
+DIST openssh-7.1p2.tar.gz 1475829 SHA256 
dd75f024dcf21e06a0d6421d582690bf987a1f6323e32ad6619392f3bfde6bbd SHA512 
d5be60f3645ec238b21e1f2dfd801b2136146674bbc086ebdb14be516c613819bc87c84b5089f3a45fe6e137a7458404f79f42572c69d91571e45ebed9d5e3af
 WHIRLPOOL 
9f48952b82db3983c20e84bcff5b6761f5b284174072c828698dced3a53ca8bbc2e1f89d2e82b62a68f4606b52c980fcf097250f86c1a67ad343d20e3ec9d1f4
 DIST openssh-lpk-6.8p1-0.3.14.patch.xz 16940 SHA256 
d5f048dc7e9d3fca085c152fc31306f1d8fa793e524c538295915b075ec085b0 SHA512 
2470b6b46f8c7ac985f82d14b788a3eb81a468a1d5013cb7f89257d9dd78b6037e24bf54ac57b757db8ed1df24332d659cf918c11ea73592fd24a69c25a54081
 WHIRLPOOL 
b041ee9e0efdf370686f11df4131ab5e5ffb2f11cc66c386a8223bf563c5b78ab9443f06e4adc2e506e440cdec9dc5b20f5972cd8d691d786d2f903bb49b947b
+DIST openssh-lpk-7.1p2-0.3.14.patch.xz 17704 SHA256 
fbf2e1560cac707f819a53c758a444ba6bfe140ef80d1af7ef1c9a95f0df SHA512 
95851baa699da16720358249d54d2f6a3c57b0ae082375bef228b97697c501c626ab860916c5b17e3c649b44f14f4009ff369962597438dfd60480a0e4882471
 WHIRLPOOL 
4629b3a7d1f373a678935e889a6cd0d66d70b420e93e40ae0ad19aa7f91be7dcf2169fb797d89df93005a885d54ebaa0d46c2e5418bd2d0a77ad64e65897b518

diff --git a/net-misc/openssh/files/openssh-7.1_p2-x509-hpn14v10-glue.patch 
b/net-misc/openssh/files/openssh-7.1_p2-x509-hpn14v10-glue.patch
new file mode 100644
index 000..5124569
--- /dev/null
+++ b/net-misc/openssh/files/openssh-7.1_p2-x509-hpn14v10-glue.patch
@@ -0,0 +1,51 @@
+--- openssh-7.1p2/Makefile.in
 openssh-7.1p2/Makefile.in
+@@ -45,7 +45,7 @@
+ CC=@CC@
+ LD=@LD@
+ CFLAGS=@CFLAGS@
+-CPPFLAGS=-I. -I$(srcdir) @CPPFLAGS@ @LDAP_CPPFLAGS@ $(PATHS) @DEFS@
++CPPFLAGS=-I. -I$(srcdir) @CPPFLAGS@ $(PATHS) @DEFS@
+ LIBS=@LIBS@
+ K5LIBS=@K5LIBS@
+ GSSLIBS=@GSSLIBS@
+@@ -53,6 +53,7 @@
+ SSHDLIBS=@SSHDLIBS@
+ LIBEDIT=@LIBEDIT@
+ LIBLDAP=@LDAP_LDFLAGS@ @LDAP_LIBS@
++CPPFLAGS+=@LDAP_CPPFLAGS@
+ AR=@AR@
+ AWK=@AWK@
+ RANLIB=@RANLIB@
+--- openssh-7.1p2/sshconnect.c
 openssh-7.1p2/sshconnect.c
+@@ -465,7 +465,7 @@
+ {
+   /* Send our own protocol version identification. */
+   if (compat20) {
+-  xasprintf(_version_string, "SSH-%d.%d-%.100s PKIX\r\n",
++

[gentoo-commits] repo/gentoo:master commit in: net-misc/openssh/, net-misc/openssh/files/

[Patrick McLean]

commit: 019ed27f297c44d1a851545975353fc99fe6ab05
Author: Patrick McLean chutzpah AT gentoo DOT org
AuthorDate: Wed Aug 12 23:26:46 2015 +
Commit: Patrick McLean chutzpah AT gentoo DOT org
CommitDate: Wed Aug 12 23:26:46 2015 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=019ed27f

net-misc/openssh: Update X509 patch to version 8.5 and re-enable USE flag

Package-Manager: portage-2.2.20.1

 net-misc/openssh/Manifest  |  1 +
 .../files/openssh-7.0_p1-sctp-x509-glue.patch  | 74 ++
 net-misc/openssh/openssh-7.0_p1.ebuild |  4 +-
 3 files changed, 77 insertions(+), 2 deletions(-)

diff --git a/net-misc/openssh/Manifest b/net-misc/openssh/Manifest
index d767086..131a217 100644
--- a/net-misc/openssh/Manifest
+++ b/net-misc/openssh/Manifest
@@ -11,6 +11,7 @@ DIST openssh-6.9p1+x509-8.4.diff.gz 425687 SHA256 
0ed8bfff0d2ecd9f3791ae1f168ca3
 DIST openssh-6.9p1-hpnssh14v5.tar.xz 25164 SHA256 
67c0b043525c838522d17ba8ed3ffa81aa212ae0f43c3d989a3e649fd0a2ca48 SHA512 
bef32f6dd97e949e0973d30248401b86233ca66ace750c5050158a748fe279db46c8ee59b6f3de2193f52bab3a1c19372296b86136d7d65a312769008d0acf3a
 WHIRLPOOL 
65241de2409bfe452b0bcf6282f0571a2bbf6d02d4d5cb97db78bd42e8be439c47da8a54d33272a85d50d648e2e4af56b574bc8add56c65e2ff9ccd59b90f65c
 DIST openssh-6.9p1-r1-hpnssh14v5.tar.xz 21396 SHA256 
84e9e28a1488ccf66e29a7c90442b3bc4833a6fa186260fb6853b5a1b19c0beb SHA512 
476064dbdb3d82b86ad7c481a4a301ff0d46bd281fe7ca0c29f34ae50b0034028760997ae2c934a265499c154f4534d35ead647aa63d1a4545ed503a5364eada
 WHIRLPOOL 
74eaf2fe0a6ecd0e2fa5078034628d4c76c75b121f3c813ff8a098ab28363daa3800d03936046aa3aebbfdab3afd31ef30a207399f5e305d7f71e5f3c7e4f4a7
 DIST openssh-6.9p1.tar.gz 1487617 SHA256 
6e074df538f357d440be6cf93dc581a21f22d39e236f217fcd8eacbb6c896cfe SHA512 
68fec9b4e512fe126a5d35b01e2cc656d810b75052ed8a36bc85cd0a05de7318b15ed287bc95cf9bcb3fa2f385029151d85aced55e07fbcc79e6c779bee6751d
 WHIRLPOOL 
1dcb291383c9f934b512f61ce9f6e0319f22e112ce3f6eace2a868ca0f99c709c65bae14a9815e2ef237f8132fe72c583cffb7ea20bdfa2aaa77cf347967be7f
+DIST openssh-7.0p1+x509-8.5.diff.gz 411960 SHA256 
6000557f1ddae06aff8837d440d93342a923fada571fec59fc5dedf388fb5f9e SHA512 
1241419ea32a21b0ef15fb3845344c9b1126ecee94265b074e60af794eacdb39a98983040a61b9f169e0a6d5a0a248e1bbf9d9b3e56df50cb382441a26dddafd
 WHIRLPOOL 
117e8c9bb05ded7fdf261e9aca709540e0a3817bc5b3e70472e8c802063e37ee24feae4c1b3a909177ab163e53c2d614b4f0fc75aad1ca44c0e0584eeff55a81
 DIST openssh-7.0p1-hpnssh14v5.tar.xz 21428 SHA256 
6032c4547c9f83a6f648ac7c39cdad2bd6fd725e5f3ab2411c5b30298aae1451 SHA512 
d4cf4a628c11515bfe8c3a91b4b7039fca28c2f89ad1dde062c4cb433b984b10dec2d37b1f338f18aa7813e60d8608b65ca95b930edc33086710b82780875942
 WHIRLPOOL 
7b686f243c98017453b3da3e98b7524650b4a0a75fda6add80c7c233d468194d1d1333ffa4445c20856d807548aaa356c87a03ca87d8995a4b7ba350c7714d1e
 DIST openssh-7.0p1.tar.gz 1493376 SHA256 
fd5932493a19f4c81153d812ee4e042b49bbd3b759ab3d9344abecc2bc1485e5 SHA512 
d82aa8e85630c3e2102e69da477185e0d30d84211d7d4ee0a1d9822bd234d649fe369bf91ce3d2b5ef0caee687d383cb761b682d3bf24bccbd2ce9a1fe9d9f50
 WHIRLPOOL 
bb8007450ffee580df5a73e3d6ab9b54b7151c46c3b996516e5cb776034be21cbef1281a520279655137e218a757d8092cba3f66e216c6b4c6828876540cb5df
 DIST openssh-lpk-6.7p1-0.3.14.patch.xz 16920 SHA256 
0203e6e44e41d58ec46d1611d7efc985134e662bbee51632c29f43ae809003f0 SHA512 
344ccde4a04aeb1500400f779e64b2d8a5ad2970de3c4c343ca9605758e22d3812ef5453cd3221b18ad74a9762583c62417879107e4e1dda1398a6a65bcd04b2
 WHIRLPOOL 
5b6beeb743d04deea70c8b471a328b5f056fd4651e1370c7882e5d12f54fa2170486dcd6f97aa8c58e80af9a2d4012e2dfbcf53185317976d309783ca8d6cf73

diff --git a/net-misc/openssh/files/openssh-7.0_p1-sctp-x509-glue.patch 
b/net-misc/openssh/files/openssh-7.0_p1-sctp-x509-glue.patch
new file mode 100644
index 000..d793f90
--- /dev/null
+++ b/net-misc/openssh/files/openssh-7.0_p1-sctp-x509-glue.patch
@@ -0,0 +1,74 @@
+--- openssh-6.8_p1-sctp.patch.12015-08-12 16:01:13.854769013 -0700
 openssh-6.8_p1-sctp.patch  2015-08-12 16:00:38.208488789 -0700
+@@ -195,14 +195,6 @@
+  .Op Fl c Ar cipher
+  .Op Fl F Ar ssh_config
+  .Op Fl i Ar identity_file
+-@@ -178,6 +178,7 @@ For full details of the options listed b
+- .It ServerAliveCountMax
+- .It StrictHostKeyChecking
+- .It TCPKeepAlive
+-+.It Transport
+- .It UpdateHostKeys
+- .It UsePrivilegedPort
+- .It User
+ @@ -218,6 +219,8 @@ and
+  to print debugging messages about their progress.
+  This is helpful in
+@@ -477,19 +469,11 @@
+  .Sh SYNOPSIS
+  .Nm ssh
+  .Bk -words
+--.Op Fl 1246AaCfGgKkMNnqsTtVvXxYy
+-+.Op Fl 1246AaCfGgKkMNnqsTtVvXxYyz
++-.Op Fl 1246AaCdfgKkMNnqsTtVvXxYy
+++.Op Fl 1246AaCdfgKkMNnqsTtVvXxYyz
+  .Op Fl b Ar bind_address
+  .Op Fl c Ar cipher_spec
+  .Op Fl D Oo Ar bind_address : Oc Ns Ar port
+-@@ -473,6 +473,7 @@ For full details of the options listed b
+- .It StreamLocalBindUnlink
+- .It StrictHostKeyChecking
+- .It TCPKeepAlive
+-+.It