diff options
| author |   Tim Harder <radhermit@gentoo.org> | 2013-11-09 23:08:06 +0000 |
|---|---|---|
| committer | Tim Harder <radhermit@gentoo.org> | 2013-11-09 23:08:06 +0000 |
| commit | ea52211f20bc39e4faa17872253d407fd9ba763f (patch) | |
| tree | 8a79f65340b43ff0c03a4a9d48c5b42d5534bc4f /net-misc | |
| parent | Update x509 patch. (diff) | |
| download | historical-ea52211f20bc39e4faa17872253d407fd9ba763f.tar.gz historical-ea52211f20bc39e4faa17872253d407fd9ba763f.tar.bz2 historical-ea52211f20bc39e4faa17872253d407fd9ba763f.zip | |
Remove insecure version due to improperly using the 6.3_p1 tarball.
Package-Manager: portage-2.2.7/cvs/Linux x86_64
Manifest-Sign-Key: 0x4AB3E85B4F064CA3
Diffstat (limited to 'net-misc')
| -rw-r--r-- | net-misc/openssh/ChangeLog | 5 | ||||
| -rw-r--r-- | net-misc/openssh/Manifest | 17 | ||||
| -rw-r--r-- | net-misc/openssh/openssh-6.4_p1.ebuild | 311 |
3 files changed, 12 insertions, 321 deletions
diff --git a/net-misc/openssh/ChangeLog b/net-misc/openssh/ChangeLog index 295492caebff..62f4cfa7208e 100644 --- a/net-misc/openssh/ChangeLog +++ b/net-misc/openssh/ChangeLog @@ -1,6 +1,9 @@ # ChangeLog for net-misc/openssh # Copyright 1999-2013 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/net-misc/openssh/ChangeLog,v 1.487 2013/11/09 23:04:08 radhermit Exp $ +# $Header: /var/cvsroot/gentoo-x86/net-misc/openssh/ChangeLog,v 1.488 2013/11/09 23:08:03 radhermit Exp $ + + 09 Nov 2013; Tim Harder <radhermit@gentoo.org> -openssh-6.4_p1.ebuild: + Remove insecure version due to improperly using the 6.3_p1 tarball. *openssh-6.4_p1-r1 (09 Nov 2013) diff --git a/net-misc/openssh/Manifest b/net-misc/openssh/Manifest index 8c7028ebabe5..8915be5564ec 100644 --- a/net-misc/openssh/Manifest +++ b/net-misc/openssh/Manifest @@ -62,17 +62,16 @@ EBUILD openssh-6.1_p1-r1.ebuild 10257 SHA256 fa9ff7a800f65c5805ec7a59009e2effc1c EBUILD openssh-6.2_p2-r5.ebuild 9414 SHA256 16fe0e54854524b5a70b33e7245c27edd0f0e472ef03c41b352c1c90693d2b33 SHA512 5f2ed23937dfd5b9da0b69c19251a0d3a4d82d7ef1d676b222891762454c16c7d586b40dfdc1b5a8a1da098f1a0befbe03ee2ca81a504dd0f83c09bcfc4e3947 WHIRLPOOL 68ab4525a92669716149829ef7b9c9cdc1445b0ec8a0d02a74efc14632555670914110c899148c48885590c4a4ecbaf23bd812497a67f67aec5c46e112cc7836 EBUILD openssh-6.3_p1-r1.ebuild 9417 SHA256 6547d111a0caed75b70ed9b8d618a826e76402580009e2bd8ae2ba5f2f36e332 SHA512 e3df58433a03b6609bda737028e6a63983da2cec8370b47c0f4d59ed8224e31641e03521197675c728a962b821b3e7714d31e89d01cde5b3968f0d493a375977 WHIRLPOOL 265d6d6c9aa49ad73e7c1911b464614f768c00495abde4b0718d9cc4d605de5d2ad62af11eb8f9bb349381f0fae323c6130812085e8d1c2a2bc6b94c437d48f1 EBUILD openssh-6.4_p1-r1.ebuild 9355 SHA256 3f86ff12a66e26b9adcdf3d2f86bcf298649306579ddc42fa72b18ebb173bfb0 SHA512 8fa42a7c786d344bb5ad9148632f44ea63baf2dfa2d7c264755726fa3a1c961409266fea83f1e204dbea82d1c33df1146614b01103333988a06ae1b6289252f4 WHIRLPOOL 085271c17726a589523753fb82f0a7a845060f1d33b9fa7e10fce5d61355fe7dceff897e2b2748bce95511ac0906c15948817dde07c2b997d7fdb2fd8d468d98 -EBUILD openssh-6.4_p1.ebuild 9451 SHA256 0a145475ece4bbcf847076e32fcfe0b12e991447ca40fa37a18c67651d6e0b23 SHA512 6eb912a36bddd835de147a4f500e4e203143cdf9b8babc85389546fce94e91e79db8dbddfe45eb709831079bebb285e38d734f823b1194dabe95784f33d34a2b WHIRLPOOL cac19ce429cc501bdd65269dc435fc2f293982335265f09c825594a878632ad5fabb90f1978401f4169e2a1ca160be43a1b1e1fd36a2c1aff25c7790ef94ad8e -MISC ChangeLog 80015 SHA256 7db564e61d1fe3ce187f58df7a59205851957d3d07f3ba9cda21c461f19e0a6b SHA512 ee4ab6b358b0b32cb82ccdf576a6cd965c96bcbc08442a09e5a4f6f6ba9605a511dcd3238a39c913a184bf9fea5b8aedfe3068a51f0b54ede6a5876477757efe WHIRLPOOL 517f4c68a32c3936f847ef5752f26989e1bab5008f1f805efca8ee1b3b67f44dc8e8f23f9a67b82387a09c642249ba2fd7a62b1cac7b3433aa6914b9e0546d51 +MISC ChangeLog 80159 SHA256 e9058a877b6ccd91fd7696a592aec49d9e505d84ce92f3861017ced178284cfd SHA512 34d5eafe39782135d3da5dc920d4385a0290fa046a3a38f4e0cf8beffeedceeedb1bf0ece55755183e9f5dca564fdf41c735c50b968a2547b841b76e49d50449 WHIRLPOOL 008e3fa6875dab145a54bd82b83a7175e829c55740031736748f6c08bd052637617555d4828cc4390dcf2db5f189aa7d7273434baabcc3f6d666a64f0c8b0442 MISC metadata.xml 1837 SHA256 5f8be0245926a5dc8007dd78594febffc68bbcb45306630d027666872e664050 SHA512 76e044611e16ede9bb9697c0ad448c149131f1f20b84ef1000fb77d6cec954abd48542fd26299a372b4411aa0ecb161ed38396b2c3b5c11c71a4bc247e0b23ed WHIRLPOOL 46c8b0f7911fec3ca086e1601cfab5d03e01a7d8cd2069460975545438f6fa5964f138d19a70ec7db7f1f8c9c0fbb48dcec6ee8269fa9d7b432214e9e3e46806 -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (GNU/Linux) -iQEcBAEBCAAGBQJSfr9sAAoJEEqz6FtPBkyj5DkH/3j/eu9D0bDwcmFyoFASr5Ir -7AyvmpxSxuF9F1rBXSCwLnJbRh9QsmI5dpWpJL58BX4qxhWGMIk6nr3WomXORzwS -9SDYiIeFYIRtACbb0LozHb8Nk94RvMRcreS9ccYJWIjEG3fXqdDvZFW8AJq3rsSY -OCpC6WpeCgNXCx/k/7DbxYimM7er/fV7lVItRP/wLy8nJSqzHSZ4M/j+WXf5Kdg5 -TL5DaYX57pfKvE6WqZLQZmKlu0pUS4nQ5CRQIpTj/LOXuR3ddXmMnJ7ZYPhRNFBk -+rdrLl//jNjLaOGMwywMTu9wWIiNlSSA96yKPjqnFieN3/WG7B+gird2ueFaspY= -=J+0L +iQEcBAEBCAAGBQJSfsBVAAoJEEqz6FtPBkyjcLsH/27mq4wVDLczE25JsJHCou0N +uOIMHHGN56epOYBiBIUgxevrDAMhOKgFFopI537ZLwDSNL3GGnLREcOMdKG1Gfc5 +5W4SKB+/CxQn7AnrmOJ8qI994I7CTbAlBT2F+FM0N2lDTwvFjV9GEhiBcrYH/NFe +FaRnQrg9XGlUQ9i1gmuAVEXcJZ0CwRg5JEgmyQHqbBFDjNtV5vdQcuJMIgwdG1wb +1YpZKYEnBEUJWeyzS3wl/ARCjg4e4sJdT2SrMZV1jGY5jVNJgNJhT9CPDUDNFwnE +o5zzFIwNic2lh0WLk6DIK4FggbFWKOquDXg+KPtKAoiS8ebbKz2ebTHMtTcXNKI= +=iewv -----END PGP SIGNATURE----- diff --git a/net-misc/openssh/openssh-6.4_p1.ebuild b/net-misc/openssh/openssh-6.4_p1.ebuild deleted file mode 100644 index ceadc78c9fdc..000000000000 --- a/net-misc/openssh/openssh-6.4_p1.ebuild +++ /dev/null @@ -1,311 +0,0 @@ -# Copyright 1999-2013 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/net-misc/openssh/openssh-6.4_p1.ebuild,v 1.1 2013/11/09 01:26:56 robbat2 Exp $ - -EAPI="4" -inherit eutils user flag-o-matic multilib autotools pam systemd versionator - -# Make it more portable between straight releases -# and _p? releases. -PARCH=${P/_} -PARCH=${PARCH/6.4/6.3} # For 6.4 only - -HPN_PATCH="${PARCH}-hpnssh14v2.diff.gz" -LDAP_PATCH="${PARCH/-/-lpk-}-0.3.14.patch.gz" -X509_VER="7.6" X509_PATCH="${PARCH}+x509-${X509_VER}.diff.gz" - -DESCRIPTION="Port of OpenBSD's free SSH release" -HOMEPAGE="http://www.openssh.org/" -SRC_URI="mirror://openbsd/OpenSSH/portable/${PARCH}.tar.gz - ${HPN_PATCH:+hpn? ( mirror://gentoo/${HPN_PATCH} )} - ${LDAP_PATCH:+ldap? ( mirror://gentoo/${LDAP_PATCH} )} - ${X509_PATCH:+X509? ( http://roumenpetrov.info/openssh/x509-${X509_VER}/${X509_PATCH} )} - " - -LICENSE="BSD GPL-2" -SLOT="0" -KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~arm-linux ~x86-linux" -IUSE="bindist ${HPN_PATCH:++}hpn kerberos ldap ldns libedit pam selinux skey static tcpd X X509" - -LIB_DEPEND="selinux? ( >=sys-libs/libselinux-1.28[static-libs(+)] ) - skey? ( >=sys-auth/skey-1.1.5-r1[static-libs(+)] ) - libedit? ( dev-libs/libedit[static-libs(+)] ) - >=dev-libs/openssl-0.9.6d:0[bindist=] - dev-libs/openssl[static-libs(+)] - >=sys-libs/zlib-1.2.3[static-libs(+)] - tcpd? ( >=sys-apps/tcp-wrappers-7.6[static-libs(+)] )" -RDEPEND=" - !static? ( - ${LIB_DEPEND//\[static-libs(+)]} - ldns? ( - !bindist? ( net-libs/ldns[ecdsa,ssl] ) - bindist? ( net-libs/ldns[-ecdsa,ssl] ) - ) - ) - pam? ( virtual/pam ) - kerberos? ( virtual/krb5 ) - ldap? ( net-nds/openldap )" -DEPEND="${RDEPEND} - static? ( - ${LIB_DEPEND} - ldns? ( - !bindist? ( net-libs/ldns[ecdsa,ssl,static-libs(+)] ) - bindist? ( net-libs/ldns[-ecdsa,ssl,static-libs(+)] ) - ) - ) - virtual/pkgconfig - virtual/os-headers - sys-devel/autoconf" -RDEPEND="${RDEPEND} - pam? ( >=sys-auth/pambase-20081028 ) - userland_GNU? ( virtual/shadow ) - X? ( x11-apps/xauth )" - -S=${WORKDIR}/${PARCH} - -pkg_setup() { - # this sucks, but i'd rather have people unable to `emerge -u openssh` - # than not be able to log in to their server any more - maybe_fail() { [[ -z ${!2} ]] && echo "$1" ; } - local fail=" - $(use X509 && maybe_fail X509 X509_PATCH) - $(use ldap && maybe_fail ldap LDAP_PATCH) - $(use hpn && maybe_fail hpn HPN_PATCH) - " - fail=$(echo ${fail}) - if [[ -n ${fail} ]] ; then - eerror "Sorry, but this version does not yet support features" - eerror "that you requested: ${fail}" - eerror "Please mask ${PF} for now and check back later:" - eerror " # echo '=${CATEGORY}/${PF}' >> /etc/portage/package.mask" - die "booooo" - fi -} - -save_version() { - # version.h patch conflict avoidence - mv version.h version.h.$1 - cp -f version.h.pristine version.h -} - -src_prepare() { - sed -i \ - -e "/_PATH_XAUTH/s:/usr/X11R6/bin/xauth:${EPREFIX}/usr/bin/xauth:" \ - pathnames.h || die - # keep this as we need it to avoid the conflict between LPK and HPN changing - # this file. - cp version.h version.h.pristine - - # don't break .ssh/authorized_keys2 for fun - sed -i '/^AuthorizedKeysFile/s:^:#:' sshd_config || die - - # bug 490728 - #epatch "${FILESDIR}"/${PN}-6.3_p1-aes-gcm.patch - - epatch "${FILESDIR}"/${PN}-5.9_p1-sshd-gssapi-multihomed.patch #378361 - if use X509 ; then - pushd .. >/dev/null - epatch "${FILESDIR}"/${PN}-6.3_p1-x509-glue.patch - popd >/dev/null - epatch "${WORKDIR}"/${X509_PATCH%.*} - epatch "${FILESDIR}"/${PN}-6.3_p1-x509-hpn14v2-glue.patch - save_version X509 - fi - if ! use X509 ; then - if [[ -n ${LDAP_PATCH} ]] && use ldap ; then - epatch "${WORKDIR}"/${LDAP_PATCH%.*} - save_version LPK - fi - else - use ldap && ewarn "Sorry, X509 and LDAP conflict internally, disabling LDAP" - fi - epatch "${FILESDIR}"/${PN}-4.7_p1-GSSAPI-dns.patch #165444 integrated into gsskex - if [[ -n ${HPN_PATCH} ]] && use hpn; then - epatch "${WORKDIR}"/${HPN_PATCH%.*} - save_version HPN - fi - - tc-export PKG_CONFIG - local sed_args=( - -e "s:-lcrypto:$(${PKG_CONFIG} --libs openssl):" - # Disable PATH reset, trust what portage gives us #254615 - -e 's:^PATH=/:#PATH=/:' - # Disable fortify flags ... our gcc does this for us - -e 's:-D_FORTIFY_SOURCE=2::' - ) - sed -i "${sed_args[@]}" configure{,.ac} || die - - epatch_user #473004 - - # Now we can build a sane merged version.h - ( - sed '/^#define SSH_RELEASE/d' version.h.* | sort -u - macros=() - for p in HPN LPK X509 ; do [ -e version.h.${p} ] && macros+=( SSH_${p} ) ; done - printf '#define SSH_RELEASE SSH_VERSION SSH_PORTABLE %s\n' "${macros}" - ) > version.h - - eautoreconf -} - -static_use_with() { - local flag=$1 - if use static && use ${flag} ; then - ewarn "Disabling '${flag}' support because of USE='static'" - # rebuild args so that we invert the first one (USE flag) - # but otherwise leave everything else working so we can - # just leverage use_with - shift - [[ -z $1 ]] && flag="${flag} ${flag}" - set -- !${flag} "$@" - fi - use_with "$@" -} - -src_configure() { - local myconf - addwrite /dev/ptmx - addpredict /etc/skey/skeykeys #skey configure code triggers this - - use static && append-ldflags -static - - # Special settings for Gentoo/FreeBSD 9.0 or later (see bug #391011) - if use elibc_FreeBSD && version_is_at_least 9.0 "$(uname -r|sed 's/\(.\..\).*/\1/')" ; then - myconf="${myconf} --disable-utmp --disable-wtmp --disable-wtmpx" - append-ldflags -lutil - fi - - econf \ - --with-ldflags="${LDFLAGS}" \ - --disable-strip \ - --with-pid-dir="${EPREFIX}"/var/run \ - --sysconfdir="${EPREFIX}"/etc/ssh \ - --libexecdir="${EPREFIX}"/usr/$(get_libdir)/misc \ - --datadir="${EPREFIX}"/usr/share/openssh \ - --with-privsep-path="${EPREFIX}"/var/empty \ - --with-privsep-user=sshd \ - --with-md5-passwords \ - --with-ssl-engine \ - $(static_use_with pam) \ - $(static_use_with kerberos kerberos5 /usr) \ - ${LDAP_PATCH:+$(use X509 || ( use ldap && use_with ldap ))} \ - $(use_with ldns) \ - $(use_with libedit) \ - $(use_with selinux) \ - $(use_with skey) \ - $(use_with tcpd tcp-wrappers) \ - ${myconf} -} - -src_install() { - emake install-nokeys DESTDIR="${D}" - fperms 600 /etc/ssh/sshd_config - dobin contrib/ssh-copy-id - newinitd "${FILESDIR}"/sshd.rc6.4 sshd - newconfd "${FILESDIR}"/sshd.confd sshd - keepdir /var/empty - - # not all openssl installs support ecc, or are functional #352645 - if ! grep -q '#define OPENSSL_HAS_ECC 1' config.h ; then - elog "dev-libs/openssl was built with 'bindist' - disabling ecdsa support" - sed -i 's:&& gen_key ecdsa::' "${ED}"/etc/init.d/sshd || die - fi - - newpamd "${FILESDIR}"/sshd.pam_include.2 sshd - if use pam ; then - sed -i \ - -e "/^#UsePAM /s:.*:UsePAM yes:" \ - -e "/^#PasswordAuthentication /s:.*:PasswordAuthentication no:" \ - -e "/^#PrintMotd /s:.*:PrintMotd no:" \ - -e "/^#PrintLastLog /s:.*:PrintLastLog no:" \ - "${ED}"/etc/ssh/sshd_config || die "sed of configuration file failed" - fi - - # Gentoo tweaks to default config files - cat <<-EOF >> "${ED}"/etc/ssh/sshd_config - - # Allow client to pass locale environment variables #367017 - AcceptEnv LANG LC_* - EOF - cat <<-EOF >> "${ED}"/etc/ssh/ssh_config - - # Send locale environment variables #367017 - SendEnv LANG LC_* - EOF - - # This instruction is from the HPN webpage, - # Used for the server logging functionality - if [[ -n ${HPN_PATCH} ]] && use hpn ; then - keepdir /var/empty/dev - fi - - if use ldap ; then - insinto /etc/openldap/schema/ - newins openssh-lpk_openldap.schema openssh-lpk.schema - fi - - doman contrib/ssh-copy-id.1 - dodoc ChangeLog CREDITS OVERVIEW README* TODO sshd_config - - diropts -m 0700 - dodir /etc/skel/.ssh - - systemd_dounit "${FILESDIR}"/sshd.{service,socket} - systemd_newunit "${FILESDIR}"/sshd_at.service 'sshd@.service' -} - -src_test() { - local t tests skipped failed passed shell - tests="interop-tests compat-tests" - skipped="" - shell=$(egetshell ${UID}) - if [[ ${shell} == */nologin ]] || [[ ${shell} == */false ]] ; then - elog "Running the full OpenSSH testsuite" - elog "requires a usable shell for the 'portage'" - elog "user, so we will run a subset only." - skipped="${skipped} tests" - else - tests="${tests} tests" - fi - # It will also attempt to write to the homedir .ssh - local sshhome=${T}/homedir - mkdir -p "${sshhome}"/.ssh - for t in ${tests} ; do - # Some tests read from stdin ... - HOMEDIR="${sshhome}" \ - emake -k -j1 ${t} </dev/null \ - && passed="${passed}${t} " \ - || failed="${failed}${t} " - done - einfo "Passed tests: ${passed}" - ewarn "Skipped tests: ${skipped}" - if [[ -n ${failed} ]] ; then - ewarn "Failed tests: ${failed}" - die "Some tests failed: ${failed}" - else - einfo "Failed tests: ${failed}" - return 0 - fi -} - -pkg_preinst() { - enewgroup sshd 22 - enewuser sshd 22 -1 /var/empty sshd -} - -pkg_postinst() { - if has_version "<${CATEGORY}/${PN}-5.8_p1" ; then - elog "Starting with openssh-5.8p1, the server will default to a newer key" - elog "algorithm (ECDSA). You are encouraged to manually update your stored" - elog "keys list as servers update theirs. See ssh-keyscan(1) for more info." - fi - ewarn "Remember to merge your config files in /etc/ssh/ and then" - ewarn "reload sshd: '/etc/init.d/sshd reload'." - # This instruction is from the HPN webpage, - # Used for the server logging functionality - if [[ -n ${HPN_PATCH} ]] && use hpn ; then - echo - einfo "For the HPN server logging patch, you must ensure that" - einfo "your syslog application also listens at /var/empty/dev/log." - fi -} |