net-misc/openssh-contrib: new package, add 9.3_p1

This package will include the three big third-party patch series for
HPN/SCTP/X509 functionality in OpenSSH. Historically, these patches
have caused numerous issues for users in the OpenSSH package and they
are of questionable quality. By maintaining these patches in a
separate package, we can minimize the effect of them on the garden
path, which should be to provide our users with a minimally patched
OpenSSH experience. Furthermore, since vanilla OpenSSH package will
not require a large chunk of rebasing for these patches, we can more
easily bump OpenSSH for new releases.

Signed-off-by: David Seifert <soap@gentoo.org>
Signed-off-by: Sam James <sam@gentoo.org>

1 files changed, 59 insertions, 0 deletions

diff --git a/net-misc/openssh-contrib/metadata.xml b/net-misc/openssh-contrib/metadata.xml
new file mode 100644
index 000000000000..2982a0304511
--- /dev/null
+++ b/net-misc/openssh-contrib/metadata.xml
@@ -0,0 +1,59 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE pkgmetadata SYSTEM "https://www.gentoo.org/dtd/metadata.dtd">
+<pkgmetadata>
+	<maintainer type="person">
+		<email>chutzpah@gentoo.org</email>
+		<name>Patrick McLean</name>
+	</maintainer>
+	<maintainer type="person">
+		<email>robbat2@gentoo.org</email>
+		<name>Robin H. Johnson</name>
+	</maintainer>
+	<longdescription>
+		OpenSSH is a FREE version of the SSH protocol suite of network connectivity tools that
+		increasing numbers of people on the Internet are coming to rely on. Many users of telnet,
+		rlogin, ftp, and other such programs might not realize that their password is transmitted
+		across the Internet unencrypted, but it is. OpenSSH encrypts all traffic (including passwords)
+		to effectively eliminate eavesdropping, connection hijacking, and other network-level attacks.
+		Additionally, OpenSSH provides a myriad of secure tunneling capabilities, as well as a variety
+		of authentication methods.
+
+		The OpenSSH suite includes the ssh program which replaces rlogin and telnet, scp which
+		replaces rcp, and sftp which replaces ftp. Also included is sshd which is the server side of
+		the package, and the other basic utilities like ssh-add, ssh-agent, ssh-keysign, ssh-keyscan,
+		ssh-keygen and sftp-server. OpenSSH supports SSH protocol versions 1.3, 1.5, and 2.0.
+
+		This package represents an effort to extend upstream OpenSSH with three big patchsets.
+
+		WARNING: These patches are of lower quality than vanilla upstream OpenSSH and often have
+		correctness issues.
+
+		The patches are:
+
+		* HPN (High performance SSH/SCP) adds custom ciphers that allow for more aggressive
+		buffering and/or multithreading, leading to better network throughput. Many of these
+		optimizations are not relevant anymore due to AEAD ciphers changing MAC nesting or
+		because more CPU performant ciphers are being used in this day and age (ChaCha20).
+
+		WARNING: HPN's multi-threaded AES CTR cipher is known to be broken and should not be relied upon.
+
+		* SCTP patches by Patrick McLean. These enable SSH over SCTP.
+
+		* X509 patches by Roumen Petrov. OpenSSH upstream will never support standard PKIs for
+		authenticating users. This patch series adds support for X509 certificates.
+	</longdescription>
+	<use>
+		<flag name="hpn">Enable high performance ssh</flag>
+		<flag name="ldns">Use LDNS for DNSSEC/SSHFP validation.</flag>
+		<flag name="livecd">Enable root password logins for live-cd environment.</flag>
+		<flag name="security-key">Include builtin U2F/FIDO support</flag>
+		<flag name="ssl">Enable additional crypto algorithms via OpenSSL</flag>
+		<flag name="X509">Adds support for X.509 certificate authentication</flag>
+		<flag name="xmss">Enable XMSS post-quantum authentication algorithm</flag>
+	</use>
+	<upstream>
+		<remote-id type="cpe">cpe:/a:openbsd:openssh</remote-id>
+		<remote-id type="github">openssh/openssh-portable</remote-id>
+		<remote-id type="sourceforge">hpnssh</remote-id>
+	</upstream>
+</pkgmetadata>