diff options
| author |   Stuart Shelton <stuart@shelton.me> | 2018-06-14 23:04:14 +0100 |
|---|---|---|
| committer | Stuart Shelton <stuart@shelton.me> | 2018-06-14 23:04:14 +0100 |
| commit | 821fe71cc9c6a775359db3f955d964433c985d9f (patch) | |
| tree | 0685dad2004792ff97133bef088ca472df80a90a | |
| parent | Add net-fs/samba-4.5.16 (diff) | |
| download | srcshelton-821fe71cc9c6a775359db3f955d964433c985d9f.tar.gz srcshelton-821fe71cc9c6a775359db3f955d964433c985d9f.tar.bz2 srcshelton-821fe71cc9c6a775359db3f955d964433c985d9f.zip | |
Remove obsolete openssh ebuilds with no remaining upstream downloads, update net-misc/openssh-7.5_p1-r4
17 files changed, 78 insertions, 2495 deletions
diff --git a/net-misc/openssh/Manifest b/net-misc/openssh/Manifest index 1a7757ef..97077bc9 100644 --- a/net-misc/openssh/Manifest +++ b/net-misc/openssh/Manifest @@ -1,86 +1,57 @@ -AUX openssh-4.7_p1-GSSAPI-dns.patch 4494 SHA256 88a08f349258d4be5b2faa838a89fe1aa0196502990b745ac0e3a70dda30a0d7 SHA512 4d00a9ed79f66b92502c3e5ee580523f63d7b3643fe1bd330ff97994acce527d4d285d38199cef66eddc0ef68afabf7b268abc60cba871bac5d2e99045d4ac11 WHIRLPOOL 2f118fd2f016c529dbc31e8f2b6b418931e6770ab02c28b7feeaba93e84e7fcd1c742f4420a43a9fec0bdfaa4d4bc7cf14fb860c0a56c68a30e7b136fb60bcdb -AUX openssh-5.9_p1-sshd-gssapi-multihomed.patch 6622 SHA256 f5ae8419023d9e5f64c4273e43d60664d0079b5888ed999496038f295852e0ae SHA512 ffa45e97e585c8624792e039e7571b2bb5f38e4554de8bfc1d532f3348fa4a712ea1b6ca054e6a59ed1321a15cf1a9d3bdf3f399cec315346db89bae77abf57d WHIRLPOOL cc4871e3fb91a8075a13b5e49d7d3e0e83106bae0820ae3cf19d3427aad3d701b8f25b2cc2cc881a6315f8e5114fb82da9ca335acccb24afe221d66574fb7685 -AUX openssh-6.3_p1-x509-hpn14v2-glue.patch 1451 SHA256 d7179b3c16edd065977aaf56a410e2b9b237206fb619474f312972b430b73c8d SHA512 02577e3f718ff994bb4e962189f17048b4c03104d0a1981683f3c6a1d6d30701db368e132102c8396da2c0f5eb2f6602b26f32f74d19382af34bd9a93fc508f3 WHIRLPOOL b7d224d71634f380bd31b3a1dd3e588a29582255f717a6a308738ad58b485b693d827a53704479995ec2ebca53c9dc9b2113d8de52a1336b67ce83943f946b77 -AUX openssh-6.5_p1-hpn-cipher-align.patch 3024 SHA256 c79e3a201b2150e2fbc1e869233bac6acc27b2b126d4539cc09aa651fb2e60af SHA512 6efc2fa5f0e9b508e162bf20ab21d2c639888250387fa58ec0d812c7b1db125d8c654a0286a8ffc0d5530e5f0ec0ed723f3a5c0b7bd593b356aee2e811a1f4ec WHIRLPOOL 729c14b8d6f55d789ae2ea0e9cb2e0a4caba62dffced273de5c7254732e94673c1dc2d9e260d56e3a641e03ebab55d61c8ab7541fbf75957855b811def115677 -AUX openssh-6.6_p1-openssl-ignore-status.patch 741 SHA256 604b0a5365c1b01c9ab26bf1a60acfe43246e1e44e2f0e78d7ec1e47856599e4 SHA512 578afe9ddb836d16d90eb8b0cf10e9282d9c5c5e639962034490cec0aab1bf98cae9b46fe7850446d0cdd93e848d98ca7ed0bdf2bfec6aad418f4c962d4ea08d WHIRLPOOL d30c079eee59281aa87935ad948c59a4c01f858b88d701575d58737cfe555a5229a5f921bfebe34a69dcd15d2dc5efc062050d183ad5a90180aed4e5b3cdadf4 -AUX openssh-6.6_p1-x509-glue.patch 556 SHA256 b37b83b058ff9fb25742d202e0169afc204f135012624bb2811dcacfa9fb346b SHA512 e9535477fe4b0232d2a06edb9f73d8c50baa77ddcffd166624ea8352f298ad119622347c62c1d1e555318e9e6c7d981d2e9b03c388281b6347943861e8813aea WHIRLPOOL 4f01d975e598ce0fe2160e52dbd8251fd5cdf95880d1ef09b730457620f48038156d4bf21c0810978bfc65c9feb90cdfed97aa20018bc175759096dcd3a044d0 -AUX openssh-6.6_p1-x509-hpn14v4-glue-p2.patch 999 SHA256 748f7caa953028da111d6f18ba91652a4821bc9bca60f5d4a90a6501c0098853 SHA512 d1b3790fc164c803e81c803b9e19e0bc351d2b9f353edb1d3531139898b372731b46fab5974a084830b2bab889b06fa33ce23b7d941f7d61da073c1bbfc5ff51 WHIRLPOOL c1d674b8e1cdc48dd0d8b2e7c8bf8e68cec757578f1217555e37eda8723e83e93b2ce183462499ad2165723eca2350544f810a1d6ec95ce4537a527f7918f117 -AUX openssh-6.7_p1-openssl-ignore-status.patch 765 SHA256 b068cc30d4bce5c457cea78233396c9793864ec909f810dd0be87d913673433a SHA512 ab15d6dfdb8d59946684501f6f30ac0eb82676855b7b57f19f2027a7ada072f9062fcb96911111a50cfc3838492faddd282db381ec83d22462644ccddccf0ae7 WHIRLPOOL c0a4ff69d65eeb40c1ace8d5be6f8e59044a8f16dc6b37e87393e79ab80935abf30a9d2a6babc043aba0477f5f79412e1ae5d373daba580178fd85ca1f60e60b -AUX openssh-6.8_p1-sctp-x509-glue.patch 2937 SHA256 fe79e3e828f8599e7bad787c6e35bce5f6781a0875c56b250f0d7fde83e2f841 SHA512 776a4eab916ff64d255fb19dca26f0cb1cebb0a5d0c2dbcb40ecbf97b122fb20123532897fb962b27fae375c059ef0dc00c771bf47b67bd092a5ebb3f2252216 WHIRLPOOL c8126624b4be260f8fe40a4a9d7142b6f77ee15504e2d280c6429360ebbf53103974746d5746fe4b27edec6246f01afa1d921d1b5a2d46ae808e4bb41afbb181 -AUX openssh-6.8_p1-ssl-engine-configure.patch 936 SHA256 cb3f34ef031aa5360b082468b4afb8b7fd2c778c990c2f20fda250167725ff88 SHA512 4b7840f719ad58c1f196327a52534f0a21264ce47e8df4a335e9f58d9d5eae33dbb9a75a2a714c3bdae6bee04728e66020ed57eb521fc1164521c4c5aa4a9a93 WHIRLPOOL 662d6eedb091021d5da4cdbd6d623e3678e54fb75cb52d8afdc4ef9c31f98d95f8445c2fde834d622b0aabf8b9593244847da574201ed176c350747526a28fe5 -AUX openssh-6.9_p1-libseccomp.patch 7876 SHA256 5b2456aa88c2f077605b13e70aadc435a9b4383836538a866343a3e707f4654f SHA512 9158a7754e6e70523168fb2d30979ca007cb5d9c4247e4da8aaf6ecca84d0b677e2794d68d9927e5b31ab778d5c1a0a5be4a92f61cee2ab79bc4c55eddf09c25 WHIRLPOOL b3eeea3652b238db26d89695c3709425da20ffe199d2b9f31a52b13c1afb89314334ccb8e4d311692f5d16f8185b7600d39bb1dca8aa9d30476fde47e8ee7183 -AUX openssh-6.9_p1-x509-warnings.patch 904 SHA256 6a52292b024704c7793188a0fc066336ec5cc7c8297071b2993618a332292c00 SHA512 11ea56ce2a7b87d046d1458e30947dd7f09c8959197e7fbadb57aec46fbd6a0694a2bd05b69978b1f719da2560f19e14d9ea10f6eca6f5b211f335505edd8c2b WHIRLPOOL 22dc4e2144534e180075e90ffe240a07bbd915b27a150e07f0d75889ad7a9103f8d1e5d477320df2b0f40e18d8c33fd99ad3cde7695557b69014318f219dc8dd -AUX openssh-7.0_p1-sctp-x509-glue.patch 2655 SHA256 f01218be5cc344797d6a1db034e6916b0383ea7188d0341ec1e4a3281c5917a6 SHA512 b53aaca05e671be9d8456e7d1aea3ed32afd333922f39c58aa3f9c2539a2d40bdf02ec23c438602e9a590702bcdf96901fb09dfaad93f4ab3fc735d7d189752d WHIRLPOOL 1d6a1947accb77fbd5b578d9e57a51f6ffc9d0d30c806beabea9b2a672ce1af17a283422fb58c835edd8370a5dbe4500ef515ec59af8a3948af5fc15a58a6da0 -AUX openssh-7.1_p1-hpn-x509-glue.patch 535 SHA256 28fabcb503632c57f4f4dfdbdd3e5f2eea97a1f1f216e19125d382820db484b5 SHA512 7f81586e8f755a2451bee962da6a76285fa1609cf761e1ed335e14b07dc28dd0dd9741654a26039d1029e34a45950cdf869132a137461118d9fd1ca142675010 WHIRLPOOL 4e55dd712f7e24f03d7a72017e7238c7bbda53aa54e4068a37a7dadc0f73f4777f9a8c58fefe4d671755ab24c747108dc57af6a08918f70e3425abe7faadc96a -AUX openssh-7.1_p2-x509-hpn14v10-glue.patch 1451 SHA256 13eb0540a6cd951f2a1c59ea979201fd15ea22ed1c73d153b329f0c8eb9e306e SHA512 e649981c553275baafb34b4d7d05c733cf9a3a829b68dbee206bfde969fb827c54244e67650626915d3403f9d6df9d633eec9a4eebe67face492fa2b16dcb392 WHIRLPOOL 701f4ded357ac8497e60c39d78ef64cb7052f90a0c66748e3fb85713605acd00843f607993b6dc9ccec3af12623cfc9365eeddc274b5eadaaaca9db56a2cfa90 -AUX openssh-7.2_p1-GSSAPI-dns.patch 3555 SHA256 619c9f98b92ad1b4fb5fdb05129f100d2d99baaecda7c4c5199d260aa93dbf3d SHA512 de6728531ccafb3b66c8251ac3f9179478bf876ad2bad7274c1935e9e925a738a8569175b4cd4b3a8d9fd7b2ff4b854921f4b0df5abf743e30e3892f8762c975 WHIRLPOOL 4ab0a75577a50c244595b0130011819492e3772a551719cb92d7de5d8e9e20b76bc5334157ae34c79deb4f3cba5abf38f954f94434327b2dd458d71288b9acd5 -AUX openssh-7.2_p1-sctp-x509-glue.patch 2604 SHA256 7fc07af817ace057fbd4b7f0c5c4784a0156d834e73ea066f3f61aaaccc02469 SHA512 7de8a1a9720d091c45a4a4c1475e973901904475916de3dbade21580e747a23a475ec1b5789fec981dfeb8a706ecbd3df4ede27796e43f65852ca1de0abe93e4 WHIRLPOOL 39fce545d5d5e87738d1f0ae92585a252167f56d44d041440131c86f74b03a1fe4defea05dd368f88de9c8d8811073de2d6d50524a42bb8569c8f53f4ca7ea2b -AUX openssh-7.2_p1-x509-warnings.patch 712 SHA256 506b0770e33540f6f6f79a506f403caeeee3cfe8e66830ed8226c9e649dbd95c SHA512 831b3765e1770ef1759ed70f17dbe6e36b67c77c70eaf045e9ce3815355a0fab925be9379ff78b1398f46fe9889bd9acaaa0aadf45c7d71c39096d1d697c0732 WHIRLPOOL d81e52b755d2b45393f3ef948b86990b0cd1bf64b3c9cdbd40c094fc7021579d38f4fa2a47d8224f7a70b8fa60b7718288d9527e401750e840bd7d67936fc294 -AUX openssh-7.3-mips-seccomp-n32.patch 634 SHA256 a3d63f394e9ea692a5a515983f1ce85d2ba79ea6e6b0fd5659e05a18b753316a SHA512 eba3e843d3714501a1df3161d02134c54c8ce584db3af698b87d303fc17c16635bd06db4d7c2d9bb47f461c3b211d870b480fd927f4563207e11c9ed2c446770 WHIRLPOOL d1f87fbfd24694617ef1a03a55ba8f32ac6ac8c62541208f754df41bb30065a9f1bba640a645d9ef184aae2f7b35759b84d2564f38f9ab130cc2d282be203f75 -AUX openssh-7.3_p1-GSSAPI-dns.patch 11137 SHA256 081c1cee62b43aae1d84ee67e3b510f0775081c9901c971a6f60a35bb92046f1 SHA512 70db76a409d5a11513f57c67671131b95c83164af2ecafa423986def42a1a2a31c4653d06f510b8c440a974e03f0acad8cbe20d5a17cfb2ed4598a9b8ae60b91 WHIRLPOOL bd3f32d7b795d9d5948d1a2d38a3e9fc6380369378988da095e096a54bf8c41209bfa7955c04b68b3966a30ca10fd522778d76a0621d0858639f3e09f075b708 -AUX openssh-7.3_p1-NEWKEYS_null_deref.patch 857 SHA256 0d612c16c7b1b3b45fbe1c1507c4e80cfe001ab4fd7fbcfc80fb9cecc893d94a SHA512 2230ddd7473feaa22544eae5c1074981e5ade322a22016f245ec3a6b3bf260104909021497a728fbfaf5dbd6e81269b9b815a3a3de2bf8104f7b3d1bdacbcc06 WHIRLPOOL b927971ec7c07a8d350690280d9766f71ebeb03fc6ffefa2457801abf160ee331ec3bafca02acc3697899d9e2a56ce7b01e68b745cb6f5b491d8b30aea0b9366 -AUX openssh-7.3_p1-Unregister-the-KEXINIT-handler-after-receive.patch 953 SHA256 76059e75ba5f5d00c6ac74aa12017e98d1b401efb9f1c6073fa8013e5fc4204a SHA512 c705b08fa269d21da261cc9fce2ebcc409e252064d789b63ba14685495e46cb472a81fa563a74c80e4bf76e4982fba98ff5329a037f1fa4f28c75b4db18e7691 WHIRLPOOL 826f2e520742f65e0e7a2f183917483f4dd96c2fc52360d3307c41cc307eddb434e8205c7665a65eadde2e20a7a4b71020d2925ea59518234da2cbda6afb2b3b -AUX openssh-7.3_p1-fix-ssh1-with-no-ssh1-host-key.patch 1088 SHA256 5841cc4a42238202d6fa3ee5fbccacbfad7156eb9d9b361d251f693443a0b672 SHA512 967da12f9d15e8347d9832a7fc90e378e42a49c6fb63c8ff3a28e66601c9dab64d5d43c8da34aa3fb08466088eb725abebb4efcef95b1aa0ada86cab27584106 WHIRLPOOL 50bb4bd2ff23d9aff94fa12755aebd91d0088691fb9899169e3018d91679f014f012d3b2d9c5b87a8c3edcaa2b8a19f9ec49c6803d95731f8020442840d26bbf -AUX openssh-7.3_p1-hpn-12-x509-9.2-glue.patch 1608 SHA256 9a85d7cd56be8276e6407fe70ea22554323143d57209e0881f6ec0cc16705765 SHA512 bbbeca5d683427347e9db8cdaa5c96bfdbae901245e508dec8927110e199798127b7c4df8ef2455c1fec53263d600c7957d5b55e1b78263776a45808b4c0b86a WHIRLPOOL 928a2603737c36a23d76145b0e11108645d13263ad955ad30de5a8ee7a008774cdb63ad144d141f7ed6f16f885ee427a7827ba7397a1cec465db3a32fd0ac215 -AUX openssh-7.3_p1-hpn-cipher-ctr-mt-no-deadlocks.patch 7005 SHA256 44ae73966a98e0d7cf36f35b64472b62128040c86720a915b6e72ca269b72f13 SHA512 35cb90a5ebf85b31db902155a8d48a65d2734943cf46e2ac1fcbcb8a19e31d9bf6057ec3c0001a4cb14eac572e5d400087c3218c81df40146731472e406499d8 WHIRLPOOL ba47e8f157ecf448becef9f1c9dfb5bea9f6bd39b461c13cb265a7dc9fde31634a583db3849429ed27129e8c5e797eebe7141c310674126a9a0e2f232c92d8e1 -AUX openssh-7.3_p1-hpn-x509-9.2-glue.patch 1611 SHA256 7d04d19e62e688c9c12c25fd479933dd2c707f838ac810263dd1dc79a5ff55f1 SHA512 3604f0f1ea6c74b8418ac158df47910dfb2d54c7ce77f78f1a6c072acd20dc5751e24156acd9dda02aecaac250f43c8d968382f2f4b15b4706e4c4bde8ebde9a WHIRLPOOL b327a94c5b37da296caaa925bf13adf81ab3a53dffe691b33010b89b07366445613e553b4f486bacab658e2dcec143971001b4158f493e9b7e5bd427f0e072fb -AUX openssh-7.3_p1-libseccomp.patch 7374 SHA256 93205015ef8b28feb7379e94e5d46912224d4e341513f5a5b39de4a6d00699be SHA512 f86299cf3b24e88618dc0202a5d246a682a7f9e7647fa47b4f765641c2797ecf4a14a4ef6c9ea4a87bd98533db271af46d2d88e87dca553c0dbfe8729d0c2923 WHIRLPOOL 44c2d0098cd83e0c058b9c8fcaea33b793fca92cae7ce0af84760a4aef391b08d7f28a969fe544a9b6dbea47a91e88c44ab683110170d0b31a318cf5d1764e4c -AUX openssh-7.3_p1-sctp-x509-glue.patch 2447 SHA256 a6758b9bff99022b1aa1bc729fcdcc8e4e91d0a617c903d72964cc1fca1ea061 SHA512 f48c2bba7707542741e52f5d794aaafe4468d088e28bc02878c0eb9aa76d31b57dca69b85705f7a9a2d745272df3fdc39a1d13ba337cab34dd0e9d545cee7d41 WHIRLPOOL 77e2574065a78a0f7014213f5e5d64651d41f24c7652542589f1106a6a114cf27d9922ef2cddee9e62c0f0f118691d91ebe9dc4a0ae04654843f18bdd20e2cef -AUX openssh-7.3_p1-x509-9.2-warnings.patch 3060 SHA256 e7963f4946db01390831ee07a49c3a2291518b06144e95cfc47326c7209fa2e3 SHA512 f029d6f922e1632b32ac6e7b627378854f78c9d9b828dde37273b1b1a09167273fc6934bcb0653209b9e5ffd06c95d564d1bf5f1ea745993e19b062a4532f1c0 WHIRLPOOL cd4eb68bf861a50e9452c453c903946b8d067fd00171d39c6bad797d20c07631cda2379d9e41246bc93b22252a8d1bd55186e13ba492c7b8cf94048910f3a8a9 -AUX openssh-7.5_p1-CVE-2017-15906.patch 1180 SHA256 5780648a3d24bb9b6e333d0d5e6278ace43a53d05cfd8b5b0c56e05ad17ba1a6 SHA512 dfba25e9962e4398688d5e6f9311de44931ea5292d7d50c69d8056838ceb41ce099c44f849c204f7b421515c3aa40bde6e9b98b80b9e99aa113c222841daecd4 WHIRLPOOL 85b2e553803c4fb82de6849dfbf3e153d11411723d6cb707199f18ee3fb9ab37eef35b612f10df7b672e0213d3a3bc149dbb1cc96bcfa4ac6de320c9f415018c -AUX openssh-7.5_p1-GSSAPI-dns.patch 11137 SHA256 e0b256646651edd7a4bf60ebe4cf2021d85a5f8f3d30393bd499655c0b0c64c1 SHA512 f84e1d3fdda7a534d9351884caaefc136be7599e735200f0393db0acad03a57abe6585f9402018b50e3454e6842c3281d630120d479ff819f591c4693252dd0e WHIRLPOOL 000276fe1e0cc9ac33da8974cc6e24803a69b3d63c20096a92d6d10206c6e27110bdcaa26c0dbd2e0d0feb501681a738d5adb9d57ae21c7c55f67396f8b26c0e -AUX openssh-7.5_p1-cross-cache.patch 1220 SHA256 693c6e28d4c1da71c67b64ef25d286f0d5128f9aebb3450283fa9ce6887186a7 SHA512 03cf3b5556fcf43c7053d1550c8aa35189759a0a2274a67427b28176ba7938b8d0019992de25fb614dc556c5f45a67649bb5d2d82889ac2c37edd986fc632550 WHIRLPOOL f7a04e19816cadce138a0beec4f1ad5f975773a1802fd1db245846ce8d5d6ec5ddfdcfa099e391172457a29eedb30c416dfa7bf4a56e99cfe507be00d2e1e718 -AUX openssh-7.5_p1-hpn-x509-10.1-glue.patch 2741 SHA256 77901da67a2bfdffbe426074bbb0416c82e99a8693103cd0e7738ed8e46c6aed SHA512 940dd448f6768bb3e94987eb86b6002d17d918310ad5c1f38f1b3fd9df263439e0fecb9c8f09c05649bfd03cb507c31ef9320522e946850e954ffdd44fdd4b73 WHIRLPOOL fcd828f9f8b1dee78308b663bbacf17ca4741c94df5e469cdd529dddc3ba266713413e035bb81c8a49d6df4ab67a865634e466b0b4e1fbad766833dbf2776e80 -AUX openssh-7.5_p1-hpn-x509-10.2-glue.patch 2847 SHA256 bddb645e4ffe6f710c10fae9bbebad33fab3bf3533d401ec54d7b8a26113f6a5 SHA512 bc23fdf5995ae38ff166f12f64082f79a2135ca28f2240e89bee42b1e3ba39ce94467ece9ddea99173f1829b09b069dbf56a0bce7dfd1ae5f63c12f73b5ffba7 WHIRLPOOL e80f6ece056cb77768e24585549a601076e57d8c143afb0c6fecd31176bccbdcc552fb98a28c6b2f68180c26c4855f2e99dd48b38d6753071b6b868d071b5e96 -AUX openssh-7.5_p1-s390-seccomp.patch 624 SHA256 cc55b36d14fccccddbb09e045e83198a14f8a54aafbb3918826ad1aa62a63dac SHA512 058dc269eb032151e88e0ac79a0b0fd6fcd56d489e90e299ee431b1475a8f8080e8f4649244864af33e743820b081c9f90b32a1a93b8b60feeb491c0201a4d61 WHIRLPOOL 78233e1c9711c71688db6f4b9ba08b9f454b9362585eb17d21f9b2254e2ab73661a0c31c08340b1c3cc919128dda943c69ffa5392b3f76f6026af618dfe6a60c -AUX openssh-7.5_p1-x32-typo.patch 772 SHA256 17f2baad36e5b6d270d7377db4ebdf157f2eb3bc99d596c32a47d584a1040307 SHA512 20d19301873d4b8e908527f462f40c2f4a513d0bb89d4c7b885f9fc7eb5d483eea544eb108d87ff6aaa3d988d360c2029910c18f7125c96e8367485553f59a5e WHIRLPOOL 5141fd3a19575593f84890aaa84123373ffb81aa3e860cda2468c7578754acf0a5d8ce0ea9c5ab25a83574ad5b272b9240cdcb29724c3b7cbdc059518da8c609 -AUX openssh-7.5p1-x509-libressl.patch 7027 SHA256 8e9a7f0c891ae2324d756dc4fb93943eb39f3799d2dedccdcfdff0ad1c0067d6 SHA512 0b5fcb58ee55de7ce61bf2bcad23e4a5cdc941d81121bbf8f0dadf5e1e158c055f45a2ef1aebe8fcb1856a33e079282f4c9f21d9da6892808d7e3c172dca3365 WHIRLPOOL f5d43a4de22c70f75607f2d22251072f88d4715d207e74052f2009e6073706da2978ecb183e6c4c10cebd328ac924f33cc8cd149c7072cda3c2f084ec8ef9948 -AUX sshd.confd 389 SHA256 761146acca3bc9914f118416d5c40903169fec0e2cc0695543e88c850a50dc17 SHA512 b17f915b17401a8f8f53e098d29baf729df6635ef10945f125bbd1d0fff2a334be4d778c430aaa84e7c188da74e39b47a85703b2c91b1a51410b0f1f57ebc4fd WHIRLPOOL 0e3b88adbc09ca015463412ef71f17b762b6e16eed77b5e55d32fc296a7305533ce27d50ceb84f3531a3566f3c4251ee14cdcc63978a4df02c554db685ac9008 -AUX sshd.pam_include.2 156 SHA256 166136e27d653e0bf481a6ca79fecb7d9fa2fc3d597d041f97df595f65a8193c SHA512 d3f7e6ca8c9f2b5060ebccb259316bb59c9a7e158e8ef9466765a20db263a4043a590811f1a3ab072b718dbd70898bc69b77e0b19603d7f394b5ac1bd0a4a56c WHIRLPOOL ba7a0a8c3bb39c5fda69de34b822a19696398e0a8789211ac1faae787ee34f9639eb35efe29c67f874b5f9fe674742503e570f441c005974f4a0c93468b8970b -AUX sshd.rc6.4 2131 SHA256 60ec4328366a020db0d61538b9b173771e7e4761160b4c47a9e32f7925e8e551 SHA512 21e14851fd76d2ad281dc3a7ee36f4dca6895ca92e13ea189f97213dc9160c37e0b9af64b9238da7b03b0cddf299e7d7fe0d5e4db71dbae7cc0d14f460985bec WHIRLPOOL 6ccbe4f5d235a066a98373849c2d4dc8ce02811c64abc6c0c93a82f38f12fe9e4c420454b986a7e70a3fb570ef4c636de6b0d9313f8687f830898fb1e80c10b4 -AUX sshd.service 242 SHA256 1351c43fe8287f61255ace9fa20790f770d69296b4dd31b0c583983d4cc59843 SHA512 77f50c85a2c944995a39819916eb860cfdc1aff90986e93282e669a0de73c287ecb92d550fd118cfcc8ab538eab677e0d103b23cd959b7e8d9801bc37250c39c WHIRLPOOL 0f5c48d709274c526ceee4f26e35dcb00816ffa9d6661acc1e4e462acb38c3c6108b0e87783eff9da1b1868127c5550c57a5a0a9d7270b927ac4b92191876989 -AUX sshd.socket 136 SHA256 c055abcd10c5d372119cbc3708661ddffccdee7a1de1282559c54d03e2f109d9 SHA512 4d31d373b7bdae917dc0cf05418c71d4743e98e354aefcf055f88f55c9c644a5a0e0e605dbb8372c1b98d17c0ea1c8c0fee27d38ab8dbe23c7e420a6a78c6d42 WHIRLPOOL 102d87b708c31e5994e8005437c78b1aa756c6def4ee9ae2fa9be1438f328fc28c9152a4ff2528941be18f1311594490ecd98b66716ec74e970aa3725a98e2e5 -AUX sshd_at.service 176 SHA256 332f5ffc30456fe2494095c2aabd1e6e02075ce224e2d49708ac7ccf6d341998 SHA512 662a9c2668902633e6dbcb9435ac35bec3e224afdb2ab6a1df908618536ae9fc1958ba1d611e146c01fddb0c8f41eefdc26de78f45b7f165b1d6b2ee2f23be2a WHIRLPOOL aeb32351380dd674ef7a2e7b537f43116c189f7fddb8bdb8b2c109e9f62b0a73cc0f29f2d46270e658ab6409b8d3671ce9e0d0ba7c0d3674c2f85291a73e6df1 -DIST openssh-6.6p1+x509-7.9.diff.gz 224691 SHA256 463473f75c1dc250ea4eda21f2c79df6f0b479ea499d044cb51d73073881ca34 SHA512 dc9ee7f0589aa0ba8d3c1c40c505f99a811845d8952bf6bf6b8bd3a00ef4813f3b71db32aadf252d7a320a8bf9cdcdf30b71292869d7830cc42f15ce3d1f3c49 WHIRLPOOL 61158e0dac934d375758904382882e7cd276d076a95ba2be32d03f4a7c7969943bd8d63c269ff16ab78928d7c97465f6e417730be14b5efacf64a029e2f950d7 -DIST openssh-6.6p1-hpnssh14v4.diff.xz 20932 SHA256 16dcc68c399990ec0c801d421d022ceeae0e3aec1e6ffd3fecc5e2f4768cc91b SHA512 7900ccf5ba5fcef5e6f3ed1b3263ad348a4bf63879905bbf9ce5212af64c7f4dae396989c67361ef1b5dfaf97a2d340b3bf75bf37f206b9a18ebee5d84044e2d WHIRLPOOL 163ce9e319cef4dcaf6f38f42afc3b75c6e89c38b43c04189c64c72b4b58bc3f9d7042c7b67243879c87cbe410a607296917e94ff042df2c0a29f2ef82792774 -DIST openssh-6.6p1.tar.gz 1282502 SHA256 48c1f0664b4534875038004cc4f3555b8329c2a81c1df48db5c517800de203bb SHA512 3d3566ed87649882702cad52db1adefebfb3ef788c9f77a493f99db7e9ca2e8edcde793dd426df7df0aed72a42a31c20a63ef51506111369d3a7c49e0bf6c82b WHIRLPOOL 8630c81481a813a92da9c302d22135fe519fcc4826a892080e5a15368d13a6b47947ef47d53aad0a34e6ea49ce4caccc8f06e8afc2c90db0402fbcc2184efe89 -DIST openssh-6.8_p1-sctp.patch.xz 7388 SHA256 2c74dd00aaae9f4de908d8e5685ae982779a5069996b98d55e8408eada739a19 SHA512 f93a1d27bc3e57a6d4fa717c9d5ece4f28196f8539cb2f2efc4285dce9a2e94a3f5a59d18fc01ea73a94e90630cee7621240455fce146f781cf7091a828f2db0 WHIRLPOOL 7fb3346c3444654988303ff2a941345c00412a8012d6d419c9e4f870ef4c3362f92a4020d7bff2dc5d1ff9e42cf7287c4346909f8db07154783d5359a73a7476 -DIST openssh-6.9p1+x509-8.4.diff.gz 425687 SHA256 0ed8bfff0d2ecd9f3791ae1f168ca3270bb66d7ab7bc0a8ff2d61d2ab829c3fb SHA512 596cb65408db06fb299b92160147685b001dc23929ecf5c4bd11a8b0475d79695c7b4dbe8a878d7fbcd944155935fd62a14e35c79204b39e413f5eaa961ef76c WHIRLPOOL 771fa0f4f6a20ed49ba201605fcdcbfc41a0f094ef4a89ca2433ee51b7c8bf99cc266f26bd7877c61ff92e9a50c7d65119ba75ba64eaa029bd567bab3ee243c2 -DIST openssh-6.9p1-r1-hpnssh14v5.tar.xz 21396 SHA256 84e9e28a1488ccf66e29a7c90442b3bc4833a6fa186260fb6853b5a1b19c0beb SHA512 476064dbdb3d82b86ad7c481a4a301ff0d46bd281fe7ca0c29f34ae50b0034028760997ae2c934a265499c154f4534d35ead647aa63d1a4545ed503a5364eada WHIRLPOOL 74eaf2fe0a6ecd0e2fa5078034628d4c76c75b121f3c813ff8a098ab28363daa3800d03936046aa3aebbfdab3afd31ef30a207399f5e305d7f71e5f3c7e4f4a7 -DIST openssh-6.9p1.tar.gz 1487617 SHA256 6e074df538f357d440be6cf93dc581a21f22d39e236f217fcd8eacbb6c896cfe SHA512 68fec9b4e512fe126a5d35b01e2cc656d810b75052ed8a36bc85cd0a05de7318b15ed287bc95cf9bcb3fa2f385029151d85aced55e07fbcc79e6c779bee6751d WHIRLPOOL 1dcb291383c9f934b512f61ce9f6e0319f22e112ce3f6eace2a868ca0f99c709c65bae14a9815e2ef237f8132fe72c583cffb7ea20bdfa2aaa77cf347967be7f -DIST openssh-7.1p1+x509-8.6.diff.gz 413931 SHA256 cbf661a1fec080dc9ed335a290414154326c2a13f124985db050b86a91073d52 SHA512 c91d0f1b69b6d34984e94b391ad022271e73d0634cef2df355ba555366bc38d30649b478f245b6c51ce79d71adf1b693bc97826e6c6013a78e7ccfb7023b4bcc WHIRLPOOL 4ed4427e80026996c43a188d7d45f2c53fa6a7fd842a248b1225b27f3e9037e761f0ed172d79b53ada81c24d958a2193e94d918f6ca1320e45d5e68379845981 -DIST openssh-7.1p1-hpnssh14v9.tar.xz 21580 SHA256 a795c2f2621f537b3fd98172cbd1f7c71869e4da78cd280d123fa19ae4262b97 SHA512 6ce151949bf81b5518b95092a2f18d2f24581954e2c629deaf3c1d10136f32f830567aafb9b4045547e95e3ab63cf750e240eac40e2b9caa6d71cb2b132821ec WHIRLPOOL 8e3c9a1d79112092a6cb42c6766ccdf61e5d8fcd366ea5c7d3bab94cf309bcc12f3761476a288158638a340023aa24519d888caac19fb0ef25fa56bdab06412c -DIST openssh-7.1p1.tar.gz 1493170 SHA256 fc0a6d2d1d063d5c66dffd952493d0cda256cad204f681de0f84ef85b2ad8428 SHA512 f1491ca5a0a733eb27ede966590642a412cb7be7178dcb7b9e5844bbdc8383032f4b00435192b95fc0365b6fe74d6c5ac8d6facbe9d51e1532d049e2f784e8f7 WHIRLPOOL a650a93657f930d20dc3fa24ab720857f63f7cd0a82d1906cf1e58145e866129207851d5e587d678655e5731fa73221ab9b6ea0754533100c25fe2acaa442e05 -DIST openssh-7.1p2+x509-8.6.diff.xz 283964 SHA256 0848ceb42fa15f6197d5d81f9da6dea9cc3a7fda2fdb424447fa0f995a5197d1 SHA512 276f5738498ce9a559a5066cfeb670c48f275c2cbf7b007f213405b71349f1f77cc2c7bee6af5ee548b9443f0e44ede0e3d232a31b52ac834cf81cac855bfa87 WHIRLPOOL 024b9f0d9dda3ec2ae7da156f801c3735e5ff7198010fbc021ccde8adada28e45f076264c9f09fc34586adc52d8ad93689b4bdbecaaad7761bb9e26a8c4af231 -DIST openssh-7.1p2-hpnssh14v10.tar.xz 22388 SHA256 729e20a2627ca403da6cfff8ef251c03421022123a21c68003181b4e5409bcc5 SHA512 b8e88ac5891ed632416db8da6377512614f19f5f7a7c093b55ecfe3e3f50979c61c0674e9381c316632d8daed90f8cce958c9b77bd00084a4ee1b0297cf321ba WHIRLPOOL c466cc33dc4a40e9466148beb154c539e095ac1b9cdcc5b3d235cbcf12ca10255d63da2f0e1da10d1afa1a0d2ebd436ca0d9e542c732df6ef67fb8f4d2d0192c -DIST openssh-7.1p2.tar.gz 1475829 SHA256 dd75f024dcf21e06a0d6421d582690bf987a1f6323e32ad6619392f3bfde6bbd SHA512 d5be60f3645ec238b21e1f2dfd801b2136146674bbc086ebdb14be516c613819bc87c84b5089f3a45fe6e137a7458404f79f42572c69d91571e45ebed9d5e3af WHIRLPOOL 9f48952b82db3983c20e84bcff5b6761f5b284174072c828698dced3a53ca8bbc2e1f89d2e82b62a68f4606b52c980fcf097250f86c1a67ad343d20e3ec9d1f4 -DIST openssh-7.2_p1-sctp.patch.xz 8088 SHA256 b9cc21336e23d44548e87964da9ff85ac83ce84693162abb172afb46be4a666e SHA512 b287684337a101a26ab8df6894b679b063cdaa7dfc7b78fcc0ce8350c27526f150a6463c515019beb0af2ff005cc109d2913998f95f828e553b835a4df8b64df WHIRLPOOL 16646a896f746946af84961974be08418b951c80249dce2fd4ae533a4d66e79d4372fd979aeda9c51aff51b86edf4178af18379e948195696a6fa114e2757306 -DIST openssh-7.2p2+x509-8.9.diff.gz 449308 SHA256 bd77fcd285d10a86fb2934e90776fe39e4cd2da043384ec2ca45296a60669589 SHA512 c7ed07aae72fd4f967ab5717831c51ad639ca59633c3768f6930bab0947f5429391e3911a7570288a1c688c8c21747f3cb722538ae96de6b50a021010e1506fa WHIRLPOOL 7c1328e471b0e5e9576117ec563b66fea142886b0666b6d51ac9b8ec09286ba7a965b62796c32206e855e484180797a2c31d500c27289f3bc8c7db2d3af95e6f -DIST openssh-7.2p2.tar.gz 1499808 SHA256 a72781d1a043876a224ff1b0032daa4094d87565a68528759c1c2cab5482548c SHA512 44f62b3a7bc50a0735d496a5aedeefb71550d8c10ad8f22b94e29fcc8084842db96e8c4ca41fced17af69e1aab09ed1182a12ad8650d9a46fd8743a0344df95b WHIRLPOOL 95e16af6d1d82f4a660b56854b8e9da947b89e47775c06fe277a612cd1a7cabe7454087eb45034aedfb9b08096ce4aa427b9a37f43f70ccf1073664bdec13386 -DIST openssh-7.3_p1-hpn-14.10-r1.patch.xz 20584 SHA256 0bbbfeb1f9f975ad591ed4ec74927172c5299ec1a76210197c14575204efa85d SHA512 f0a1c84af85f7cfc7cb58b5117b3d0f57fc25ae0dd608e38b48ef42da43780fd5cf243d26ff9b3fbd6f4cb1567852b87bcb75f98791cf3ad1892e8579a7834d3 WHIRLPOOL b1a8bae14c8189745056c15c9ed45207aa06af1f4c598a1af7dc3cc56e47bd0211a63989a920727e20311a148bbcf3202c202eae94cd1512c7d87816a9f44bcb -DIST openssh-7.3_p1-sctp.patch.xz 9968 SHA256 18c3db45ed1e5495db29626938d8432aee509e88057494f052cfc09d40824c7f SHA512 f249b76898af0c6f1f65f2a1cfb422648aa712818d0dc051b85a171f26bdddf7980fff5de7761161aa41c309e528b3801b4234f5cdd9f79f8eef173ae83f1e3c WHIRLPOOL 1d92b969154b77d8ce9e3a6d0302aa17ec95e2d5ea4de72c0fb5680a8ee12f518ee5b1c47f22ad5d1a923a74c43829ed36cf478fe75fe400de967ab48d93dc99 -DIST openssh-7.3p1+x509-9.2.diff.gz 588078 SHA256 45f054cbb2b77ac8cc7ab01439e34083382137d47b840ca274555b7e2cf7098b SHA512 fab0da148b0833a651e8a7c36f344aacecef6fa92f8f1cb6302272d98c1ab018831f5850dcaa8f54a39f9ada9b7d5b0a0ea01defc3c6f603bbe211f6bff6a841 WHIRLPOOL 53f63d879f563909c57d23ced273e23eda1eace2a2ddfd54edf5f2ef15218cc7e5d927e54714b6850db541f361c459de50d79b0a4516b43ce4cba8eb66b49485 -DIST openssh-7.3p1-hpnssh14v12.tar.xz 23448 SHA256 45b8e10f731f160ea44126bf64314d850048d98059dc22f89b3f14f46f0dcc67 SHA512 f1ee37dfd1b717963ae519b725d481de2486c9c94fd80ccd12da2ac00d13be7b6e0284a1e9239a4704014810c086eaaa81cd02344372c65d0122a3eb1c2be83c WHIRLPOOL 1fdb4e99f9d6450af73a1202c2f80d4be454fbeab723a1cf833a37fc040dc8ede592129d4e4087cf247095dbf5fa782286ab0338fe8a55675efb4ea9bfaf651c -DIST openssh-7.3p1.tar.gz 1522617 SHA256 3ffb989a6dcaa69594c3b550d4855a5a2e1718ccdde7f5e36387b424220fbecc SHA512 7ba2d6140f38bd359ebf32ef17626e0ae1c00c3a38c01877b7c6b0317d030f10a8f82a0a51fc3b6273619de9ed73e24b8cf107b1e968f927053a3bedf97ff801 WHIRLPOOL f852026638d173d455f74e3fce16673fc4b10f32d954d5bb8c7c65df8d1ca7efd0938177dd9fb6e1f7354383f21c7bca8a2f01e89793e32f8ca68c30456a611c -DIST openssh-7.4_p1-sctp.patch.xz 8220 SHA256 18fa77f79ccae8b9a76bc877e9602113d91953bd487b6cc8284bfd1217438a23 SHA512 0c199e3b26949482125aeaa88216b2458292589e3eac8908d9134d13a1cae891094fcb0f752ed3009b3126cc72277b460205f39140c251792eb1b545271c3bd4 WHIRLPOOL 0f0ea1d36523b35d3be33d22fb84daa05fd14c464d69c19695235f81d26326bc53d6804bf34d0cc0c2584f412bfdac361d2b018032447d1033a4ff4fd9458a09 -DIST openssh-7.5p1+x509-10.1.diff.gz 460721 SHA256 e7abe401e7f651779c680491cfefbfcf4f26743202641b2bda934f80bb4464d2 SHA512 d3b5a8f5e3a88eda7989b002236811867b7e2c39bf7cd29a6dbbce277fca3fbedbfdbeaf1fba7d8c19f3dea32a17790e90604765f18576bcc5627a9c1d39109c WHIRLPOOL 2d4f96b47bcde9eabd19cad2fdc4da01a3d207f6ad5f4f1ea5a7dbd708d61783ae6a53e4cb622feed838106f57dbe6a7ecd1b41426325870378caf44803ff9ef -DIST openssh-7.5p1+x509-10.2.diff.gz 467040 SHA256 24d5c1949d245b432abf2db6c28554a09bcffdcb4f4247826c0a33bdbee8b92c SHA512 ec760d38771749d09afc8d720120ea2aa065c1c7983898b45dba74a4411f7e61e7705da226864e1e8e62e2261eecc3a4ab654b528c71512a07798824d9fb1a9a WHIRLPOOL 3291a3e39b1a47efe149cdf805de11217fd55c4260477f2a6c6cc0bfa376b98a5dc7f56a49ae184fb57bae6226c73d1794db7b2285e3ea26a8fea4bc9304655b -DIST openssh-7.5p1-hpnssh14v12.tar.xz 23068 SHA256 8a1ed99c121a4ad21d7a26cd32627a8dd51595fd3ee9f95dc70e6b50fe779ce2 SHA512 45c42090a212b9ce898fbaa8284ddf0f0d17236af13c4a780e00bf265b0c7a4286027e90a7ce9ad70066309db722709dd2f0a7914f57e5364ffbaf7c4859cdf9 WHIRLPOOL 6089ad8ae16c112a6f15d168c092e7f057b9e6d815724346b5a6a1cd0de932f779d5f410d48c904d935fcb3bad3f597fa4de075ab1f49cadc9842ce7bd8fdf42 -DIST openssh-7.5p1.tar.gz 1510857 SHA256 9846e3c5fab9f0547400b4d2c017992f914222b3fd1f8eee6c7dc6bc5e59f9f0 SHA512 58c542e8a110fb4316a68db94abb663fa1c810becd0638d45281df8aeca62c1f705090437a80e788e6c29121769b72a505feced537d3118c933fde01b5285c81 WHIRLPOOL 1a42c68d8e350bc4790dd4c1a98dd6571bfa353ad6871b1462c53b6412f752719daabd1a13bb4434d294de966a00428ac66334bab45f371420029b5e34a6914c -DIST openssh-lpk-6.8p1-0.3.14.patch.xz 16940 SHA256 d5f048dc7e9d3fca085c152fc31306f1d8fa793e524c538295915b075ec085b0 SHA512 2470b6b46f8c7ac985f82d14b788a3eb81a468a1d5013cb7f89257d9dd78b6037e24bf54ac57b757db8ed1df24332d659cf918c11ea73592fd24a69c25a54081 WHIRLPOOL b041ee9e0efdf370686f11df4131ab5e5ffb2f11cc66c386a8223bf563c5b78ab9443f06e4adc2e506e440cdec9dc5b20f5972cd8d691d786d2f903bb49b947b -DIST openssh-lpk-7.1p2-0.3.14.patch.xz 17704 SHA256 fbf2e1560cac707f819a539999c758a444ba6bfe140ef80d1af7ef1c9a95f0df SHA512 95851baa699da16720358249d54d2f6a3c57b0ae082375bef228b97697c501c626ab860916c5b17e3c649b44f14f4009ff369962597438dfd60480a0e4882471 WHIRLPOOL 4629b3a7d1f373a678935e889a6cd0d66d70b420e93e40ae0ad19aa7f91be7dcf2169fb797d89df93005a885d54ebaa0d46c2e5418bd2d0a77ad64e65897b518 -DIST openssh-lpk-7.2p2-0.3.14.patch.xz 17692 SHA256 2cd4108d60112bd97402f9c27aac2c24d334a37afe0933ad9c6377a257a68aee SHA512 e6a25f8f0106fadcb799300452d6f22034d3fc69bd1c95a3365884873861f41b1e9d49f2c5223dde6fcd00562c652ba466bc8c48833ce5ab353af3a041f75b15 WHIRLPOOL 237343b320772a1588b64c4135758af840199214129d7e8cfa9798f976c32902ca5493ee0c33b16003854fea243556997bc688640a9872b82c06f72c86f2586d -DIST openssh-lpk-7.3p1-0.3.14.patch.xz 17800 SHA256 cf1f60235cb8b0e561cd36cbf9e4f437e16fd748c2616d3f511c128c02deb76c SHA512 e9a73c5f13e41f6e11c744fdbcdb2e399c394479f79249e901cb3c101efb06f23d51d3ba4869db872184fa034a5910fc93a730fe906266c8d7409e39ad5b1ecd WHIRLPOOL bbdeadbed8f901148713bd9e4a082a4be2992c3151f995febd8be89bbb85d91185e1f0413b5a94a9340f2f404d18c9cee2aa6e032adaee0306aa1c624f6cc09c -DIST openssh-lpk-7.5p1-0.3.14.patch.xz 17040 SHA256 11060be996b291b8d78de698c68a92428430e4ff440553f5045c6de5c0e1dab3 SHA512 9ce5d7e5d831c972f0f866b686bf93a048a03979ab38627973f5491eeeaa45f9faab0520b3a7ed90a13a67213fdc9cd4cf11e423acad441ea91b71037c8b435b WHIRLPOOL 58526777475786bb5efa193f3a3ec0500c4d48b18fef67698f8b1999cb07f04fbca7b7d3ece469f3a1e1ceca5152cdd08d3dbe7cfa4e7494740dc2c233101b93 -EBUILD openssh-6.6_p1-r1.ebuild 9904 SHA256 7cf5ad6aa05c239df6d18dafb3a2f8467190c7f592f458d0afd6c884f5eff24d SHA512 7f9028a2ee883c571c0b1b8aad7e869888bf0adcc690ff922204bdb1dee25c19b78b2ae61e0ca07ab3b8e91093fa9a6c03338293ee04647768574c39d0dde621 WHIRLPOOL 77d18b1602963b7044b7f504bb498b6c38c7d8bb6dbb65d04d025f079ffc9c61a41706d01d2902e1c4151aa70cc3d47091fbb4f7204ef42ff73192c3508c5790 -EBUILD openssh-6.9_p1-r2.ebuild 10513 SHA256 4e9ca0a1ea7dbed3185450ee4ab15318b03a6b12e7bce1c152e5413c37a780c1 SHA512 3f611a10e7853dcc3a3a0e2d922f6be8f693a6823f457fecf031e7f5c16e74ce3e3a5ce8ae1cd3d02acb338376830123505dc1b9bc5d12ed4bee4faa456983fd WHIRLPOOL ed9335e67ecd188b082c86ea5c6438a4d2038ace2f423d46ab7b82161deab4f1c05b45d8c960e01ec3b42b8fbf1ce3ce3487f83a96f0a9297a1779bf23cd9fc4 -EBUILD openssh-7.1_p1-r2.ebuild 11377 SHA256 a87cfdb70f33bcc82167fdda5204378f949c935b01473d2889011e5422c3ce28 SHA512 ff43a853ea10b096240e6c70dd6a95e865ca0f7e7131f14b19accbb794b56c7b807df80ffbdf4e2f36e259c34994322f9393390473f5b1ee96782eb2d01059df WHIRLPOOL 132bb75d8d845936b4dbbd0c34ec3317ab4fec72dd0c0ed896a01bae93505ea8b069dfe9b557774ca105c1958df27b9bd4f6fcf616937790d9596f05490ec2bb -EBUILD openssh-7.1_p2.ebuild 11234 SHA256 7b6988caa6bd87d1db71f4d05926e45b2adfeeaf7b5c50212139519374cd995c SHA512 3465c27f3b22b42a81b000c40ed1d392587a127aead4699947dd451119c3ccfb0b34ea166917227c1a7dc700e9f380059b06de6c3d28756b179a587a2e32840a WHIRLPOOL 89a0a5df12b99d1ac3cd5d26f66d95a2bb2b49c6ee7a228181f7ab4145f6af61ea7f6f7fa5dcf527773b78be1a9e9021131e2fcbe88ccd7b862dd9ace19505aa -EBUILD openssh-7.2_p2-r1.ebuild 11491 SHA256 49043465fcdadd915ff3c508266d77fae9e71e23d44a2fa23b9e8780e5e21cda SHA512 c3692f44162618b7ca6d268e8f8c5ed6a3976a1897f149690dea41a491d75c10316d7f686d893795798b9eb3f5e55ac1d795067aba19e99482eaa803ff64a29a WHIRLPOOL 2de3d82fc8703f2651ff5e8ec47fe125c89df36e32ea1a4905edfdf6c0371c849a757b1dd34ef4ae7eb0cca637ac6382f652cbec6d77ae853041c5a4fed76a07 -EBUILD openssh-7.2_p2.ebuild 11375 SHA256 e12b05c4f68064e1aa7a156052ba793205d90f4760bb5769e6cf251ff2fedb7d SHA512 1b41950cb0e3323e0a3a6386249289b201c89fb3898a413f71737de393d4781cd9ae956304cc807f1c7ca5a4eb00d99c91a5d0d984bcb87cf218a0d93a035569 WHIRLPOOL d881cad5492c042539b78e9640ef4ca6de6ca20ab8877fec25ad81058a36929d60c3b8ee2828121a036855542983fee5c3b49153ea8dfcae9f1e0b5bef3d65f5 -EBUILD openssh-7.3_p1-r6.ebuild 12351 SHA256 3936337de83df759ffe6f272f93dd5f7b040d473a1de77c95c39093ad4e7b683 SHA512 5e73f4480ec3fe71cda2dd22a9e84e85000d45fc4da09948d07a731ffb1c849b4bb8f2cf415e5aede12c6f6d8b8dac10c17f6b05f8b333a0d566a8fc517dab6b WHIRLPOOL 8ab8cb061408dbfb8703a96c673f7364583ab97ae592dc5a522d2e7fa37b9922c9f2ee99a4a9231dd6b2c1f5e28492f820e3676500e4477e9ac457ba76914db0 -EBUILD openssh-7.3_p1-r7.ebuild 12318 SHA256 341436884a5f5f882fa9fea41f0709266edd7c1a0f3668facc09030f76aea85d SHA512 150242d9245f183e2d5e957c37248f50afbccb1c1df45ecb6b03ea2603b47d9c5e25e80e42f0106945a196a6d1e02f76cd07ed19e02c78a15377d3567faa6cc0 WHIRLPOOL 2c86de2c41d6e20e891cf9a1f95ab7585dc45d1180982d002c80d5f082052feb7490f50ffdfb29c8cc91afb98efe2aebb78a971629bf227565ce3775f5624dbe -EBUILD openssh-7.3_p1-r8.ebuild 12049 SHA256 bfb052aac5ea11c0d0d0f17a44415d1c6cae3711f72821d67843d726760f93f1 SHA512 0524386c7c4e607680b56b7416e2f27ce151ef55e3597896896e2df698776f4a0568201b273cfc858dd96906891243571d6ef19ff0a6e947514b1773ad281390 WHIRLPOOL 865ebf7490472a219cd2f26610104d925be32cd1e4b1e76d81c6ae6d8147a80a7849b8d13b8aa5f8d3a26385b211167f53122efbdfa33df5d330dc1173abddf4 -EBUILD openssh-7.5_p1-r1.ebuild 11845 SHA256 e22c8bab744ad76cc78f6b1a9e0cb50704d1dd79764ac359fe02778ff7c5463a SHA512 2a1db0d8c34d8833a8822110656b42f2024c5c3832ea882b42b325bb1061fc6383fef6e64d1eda78f96adb5dbec331d589ab09cbd9e9d151a30a1d908e617e4e WHIRLPOOL 93051fe260da5d8e59c5136022456eab1fd60c4c1dbc5ba669401f5612bbb2681b6655420a7681ad408bef4c751a52e8774e9f5cf714fb27f539ac1bca8cd257 -EBUILD openssh-7.5_p1-r3.ebuild 11934 SHA256 10f3f65dbe5d5c5f6b51f24fa85ad1f98afa4d3f41b2d16224ef8ddedd9dcb83 SHA512 559bd7ca53849fefa9a54b306eef38a8952a1aad0c1f11883bd4a88c1cb29786d5f6f04a173a40995096aa7b93680b1c1917dee3eb7509187bb497a2fe89063e WHIRLPOOL cad8f1ea253c1a5de29391a63f45f3bcc9c6964d6c7153a106f40131065c1a678a76077fa91c9df1848eb5c47d699ca8effa38cd1a16a46a1230cdd888e99900 -EBUILD openssh-7.5_p1-r4.ebuild 11934 SHA256 10f3f65dbe5d5c5f6b51f24fa85ad1f98afa4d3f41b2d16224ef8ddedd9dcb83 SHA512 559bd7ca53849fefa9a54b306eef38a8952a1aad0c1f11883bd4a88c1cb29786d5f6f04a173a40995096aa7b93680b1c1917dee3eb7509187bb497a2fe89063e WHIRLPOOL cad8f1ea253c1a5de29391a63f45f3bcc9c6964d6c7153a106f40131065c1a678a76077fa91c9df1848eb5c47d699ca8effa38cd1a16a46a1230cdd888e99900 +AUX openssh-4.7_p1-GSSAPI-dns.patch 4494 BLAKE2B 62f82339a7f9a9e6aa1dac06a312e6df5615f295e1b33db2f236b35161504974a785914d17559f9577e555819ca0002a8790c6fd6ca94da51cabf5351d4743c9 SHA512 4d00a9ed79f66b92502c3e5ee580523f63d7b3643fe1bd330ff97994acce527d4d285d38199cef66eddc0ef68afabf7b268abc60cba871bac5d2e99045d4ac11 +AUX openssh-5.9_p1-sshd-gssapi-multihomed.patch 6622 BLAKE2B 33637f108a1538681e0df1d025e95fb015277b74178adcc13d271ea0cfee4bc379b2ba0118ef8c5c5a2937435d01ec51189646d6fbda0997101c90d3679a8203 SHA512 ffa45e97e585c8624792e039e7571b2bb5f38e4554de8bfc1d532f3348fa4a712ea1b6ca054e6a59ed1321a15cf1a9d3bdf3f399cec315346db89bae77abf57d +AUX openssh-6.3_p1-x509-hpn14v2-glue.patch 1451 BLAKE2B d3cd90336e2f3eb2a93a562267dfb879007b0525db402584d05838bc80dda4be1237638923734b62dbf25a8f407c448f094d21acc1ec8a0198a4d707a0559d31 SHA512 02577e3f718ff994bb4e962189f17048b4c03104d0a1981683f3c6a1d6d30701db368e132102c8396da2c0f5eb2f6602b26f32f74d19382af34bd9a93fc508f3 +AUX openssh-6.5_p1-hpn-cipher-align.patch 3024 BLAKE2B 073cd93ba4bb3f497901d2926d508742f0b01871415b4e17e0455a0c2fb884c56a7c1a389bae6c113ad4b31b8e8a7ba10ebd355a2c43e8c361aa24d1f546839e SHA512 6efc2fa5f0e9b508e162bf20ab21d2c639888250387fa58ec0d812c7b1db125d8c654a0286a8ffc0d5530e5f0ec0ed723f3a5c0b7bd593b356aee2e811a1f4ec +AUX openssh-6.6_p1-openssl-ignore-status.patch 741 BLAKE2B 299f6309cdb18f89922da70e2bd40bb4410f630769821dbcf3b8518000f5f78c3db6a302ffb45c1b3bdfc7a96450c0d3d51d8caff785628edaaa4a984970433f SHA512 578afe9ddb836d16d90eb8b0cf10e9282d9c5c5e639962034490cec0aab1bf98cae9b46fe7850446d0cdd93e848d98ca7ed0bdf2bfec6aad418f4c962d4ea08d +AUX openssh-6.6_p1-x509-glue.patch 556 BLAKE2B 887560a10a9fe57754a6596a60da1342e5e91de1f9517a8313834b50e9c0e7db92de0a6574c840fd3ede2bcd0263875de608f0522fa1cf4e8779ca31fdd8c438 SHA512 e9535477fe4b0232d2a06edb9f73d8c50baa77ddcffd166624ea8352f298ad119622347c62c1d1e555318e9e6c7d981d2e9b03c388281b6347943861e8813aea +AUX openssh-6.6_p1-x509-hpn14v4-glue-p2.patch 999 BLAKE2B 2c1df72e9c153e5870502f6e2bdbfb109e3fdaacf1516d701ed4ab890b31e935b27824556c3f8542e9bd52100e2a68be0e3694e7f8e98e7696484c926383bac0 SHA512 d1b3790fc164c803e81c803b9e19e0bc351d2b9f353edb1d3531139898b372731b46fab5974a084830b2bab889b06fa33ce23b7d941f7d61da073c1bbfc5ff51 +AUX openssh-6.7_p1-openssl-ignore-status.patch 765 BLAKE2B 6ddc498cef115a38054eb8f1fddac34048b94592e54f8e31dc11717fe872f3d66a7e6877d2449102fbe18a0ee2a35732991abe946b1fe10abfa48bbec6871b26 SHA512 ab15d6dfdb8d59946684501f6f30ac0eb82676855b7b57f19f2027a7ada072f9062fcb96911111a50cfc3838492faddd282db381ec83d22462644ccddccf0ae7 +AUX openssh-7.1_p1-hpn-x509-glue.patch 535 BLAKE2B 25512c87690fa68589eb7d3b8ff838e631dbf571428efc485099757f316f816940b3cf23ec55da823995d0fad85e4fa8dfafa4e59fcd09da3d7d4f0687c3fc6d SHA512 7f81586e8f755a2451bee962da6a76285fa1609cf761e1ed335e14b07dc28dd0dd9741654a26039d1029e34a45950cdf869132a137461118d9fd1ca142675010 +AUX openssh-7.3-mips-seccomp-n32.patch 634 BLAKE2B 12e931e6c2364d4cdd3f0d9ef8cf72665b65fedc7e8211a75250abe1bf359460afdf9707fdd7f9be8b8f8fd8fe40fdaddcd842da741c4b63fef94c364738cd26 SHA512 eba3e843d3714501a1df3161d02134c54c8ce584db3af698b87d303fc17c16635bd06db4d7c2d9bb47f461c3b211d870b480fd927f4563207e11c9ed2c446770 +AUX openssh-7.3_p1-GSSAPI-dns.patch 11137 BLAKE2B 63f06b41e922a55208fb263ec4cfe2b2ba7af2590ea123ed4821efe3758b69180f5e45d96adac56d717f57439ccc1a5b6d9b03db608236d57a7b4429514c16c0 SHA512 70db76a409d5a11513f57c67671131b95c83164af2ecafa423986def42a1a2a31c4653d06f510b8c440a974e03f0acad8cbe20d5a17cfb2ed4598a9b8ae60b91 +AUX openssh-7.3_p1-NEWKEYS_null_deref.patch 857 BLAKE2B bbbaadd8ba49181c6dd556ae01951b88de8b45699b876a450a05ad1601f1343eac6a6b847b477b02ce4bdab8eab857be0dfe0227e9da4f118025e487377b3a0f SHA512 2230ddd7473feaa22544eae5c1074981e5ade322a22016f245ec3a6b3bf260104909021497a728fbfaf5dbd6e81269b9b815a3a3de2bf8104f7b3d1bdacbcc06 +AUX openssh-7.3_p1-Unregister-the-KEXINIT-handler-after-receive.patch 953 BLAKE2B 0db98ab1a35dfae9065d80b51556b5171112a4de8b94d746a5379773670c646eb922c7bc41b1684459853b7c3139828c26c5092306bf1facdf9d2c5a95901bd0 SHA512 c705b08fa269d21da261cc9fce2ebcc409e252064d789b63ba14685495e46cb472a81fa563a74c80e4bf76e4982fba98ff5329a037f1fa4f28c75b4db18e7691 +AUX openssh-7.3_p1-fix-ssh1-with-no-ssh1-host-key.patch 1088 BLAKE2B 8c1842be7120a16b5f4e6a28d3fdb19f0714ef83c78ddd034668246617c79db42bfcb0f723dbf6526a6687e83d942b235bc4f873f6d38803a0363b7730fdcbc2 SHA512 967da12f9d15e8347d9832a7fc90e378e42a49c6fb63c8ff3a28e66601c9dab64d5d43c8da34aa3fb08466088eb725abebb4efcef95b1aa0ada86cab27584106 +AUX openssh-7.3_p1-hpn-12-x509-9.2-glue.patch 1608 BLAKE2B ee744a8b7b01ef6170d8ace16694182c89ff70af429f4123fb54478a167ae12c54f08abc77b065719cdd4320437aca44ba390d204e1215442cb3be90c7ea4e15 SHA512 bbbeca5d683427347e9db8cdaa5c96bfdbae901245e508dec8927110e199798127b7c4df8ef2455c1fec53263d600c7957d5b55e1b78263776a45808b4c0b86a +AUX openssh-7.3_p1-hpn-cipher-ctr-mt-no-deadlocks.patch 7005 BLAKE2B 5a39b45b1b26488be6f69adddf46a410f1cb5ec45d8f0ed7869da8a04b409500a6b59ef5408643f9db8e6a890a1727aa3d5687266a2a69eae9b91fe0e48943ca SHA512 35cb90a5ebf85b31db902155a8d48a65d2734943cf46e2ac1fcbcb8a19e31d9bf6057ec3c0001a4cb14eac572e5d400087c3218c81df40146731472e406499d8 +AUX openssh-7.3_p1-hpn-x509-9.2-glue.patch 1611 BLAKE2B c0daaefd15bba3ea25f1a737dd8d6396a292b0686fcc0bf653bab987bb0d4eef01bf1d164927f8347c7465c9c700f94ca53843a77b2b17cb512e3fb9505fe576 SHA512 3604f0f1ea6c74b8418ac158df47910dfb2d54c7ce77f78f1a6c072acd20dc5751e24156acd9dda02aecaac250f43c8d968382f2f4b15b4706e4c4bde8ebde9a +AUX openssh-7.3_p1-libseccomp.patch 7374 BLAKE2B e605f9f2148d7cbd1ad2722e47239dfd54fbcc3c90220ee75d630d738f10cd81d703931d6d76922ee4bfbed543277244761ef1c599ee8b164115ccb251beabfc SHA512 f86299cf3b24e88618dc0202a5d246a682a7f9e7647fa47b4f765641c2797ecf4a14a4ef6c9ea4a87bd98533db271af46d2d88e87dca553c0dbfe8729d0c2923 +AUX openssh-7.3_p1-sctp-x509-glue.patch 2447 BLAKE2B 89c0e85e10bb90932ba87338e16d63b269b1fa698e20576b67ad929fabf42f4447136fe879104a33b9f353e5ed781c61f3cd2861db3137aff7367cd793417906 SHA512 f48c2bba7707542741e52f5d794aaafe4468d088e28bc02878c0eb9aa76d31b57dca69b85705f7a9a2d745272df3fdc39a1d13ba337cab34dd0e9d545cee7d41 +AUX openssh-7.3_p1-x509-9.2-warnings.patch 3060 BLAKE2B 3a799b9e511665e0504cc633eded939da32ed3a727440af267ccc1e187bdcfb3a6fb73b6ca7d52ba3cc747c56040e56d1e6c770f662d6d1426a1ef40fc79be77 SHA512 f029d6f922e1632b32ac6e7b627378854f78c9d9b828dde37273b1b1a09167273fc6934bcb0653209b9e5ffd06c95d564d1bf5f1ea745993e19b062a4532f1c0 +AUX openssh-7.5_p1-CVE-2017-15906.patch 1180 BLAKE2B 37fca347fc1fa969f410d514a76b3d7133914aa14c7ef577e6eb0b2f96b936313b20635c6cc23b5e91e3643e26c899e992b82769a5df6568d058eb4f7a43fab8 SHA512 dfba25e9962e4398688d5e6f9311de44931ea5292d7d50c69d8056838ceb41ce099c44f849c204f7b421515c3aa40bde6e9b98b80b9e99aa113c222841daecd4 +AUX openssh-7.5_p1-GSSAPI-dns.patch 11137 BLAKE2B a54ed4d6f81632ae03523b7b61f750402d178d3213ec310bc0e57c0705ed67607a89a786d429599395722eaf40b2fb591c5b8de87ffc4f1dd7f6713b543c31c2 SHA512 f84e1d3fdda7a534d9351884caaefc136be7599e735200f0393db0acad03a57abe6585f9402018b50e3454e6842c3281d630120d479ff819f591c4693252dd0e +AUX openssh-7.5_p1-cross-cache.patch 1220 BLAKE2B 7176b86024b072ff601421143f8567e4e47de3d89b1d865bc92405da75bf7c64fa50b9f746d9c494dbf64bc09e04afc1960f673e68ea1d072a5381027afea63d SHA512 03cf3b5556fcf43c7053d1550c8aa35189759a0a2274a67427b28176ba7938b8d0019992de25fb614dc556c5f45a67649bb5d2d82889ac2c37edd986fc632550 +AUX openssh-7.5_p1-disable-conch-interop-tests.patch 554 BLAKE2B f5f45c000ec26c1f783669c3447ea3c80c5c0f9b971b86ca1e79e99e906a90a519abb6b14db462f5766572e9759180719ea44f048ef5aa8efc37efb61d2b6ef7 SHA512 f35b15f1e8d0eb276d748ee14c71004c6599ddb124c33e2f84623bc9eb02bb4fd4680d25d0ba0289d6a723a526c95c9a56b30496bdaa565bae853bf3d1bab61f +AUX openssh-7.5_p1-hpn-x509-10.1-glue.patch 2741 BLAKE2B 832a176c8c696981a4668a9c63786d09b6adf89bc82c2a3019d77f8550504c62c86e9ed2aae51d7a4b3054d7d368f79f8af6ac0c234736827872b9ce1ceb04d7 SHA512 940dd448f6768bb3e94987eb86b6002d17d918310ad5c1f38f1b3fd9df263439e0fecb9c8f09c05649bfd03cb507c31ef9320522e946850e954ffdd44fdd4b73 +AUX openssh-7.5_p1-hpn-x509-10.2-glue.patch 2847 BLAKE2B 8a6151ab121871e4f2d93ace0e07dce1106c6841031cacfb197e00cc76fc1d0cf153aae52757dcf98a5fb89971125493d0572bd4964d0e59cb3f391fd1256aef SHA512 bc23fdf5995ae38ff166f12f64082f79a2135ca28f2240e89bee42b1e3ba39ce94467ece9ddea99173f1829b09b069dbf56a0bce7dfd1ae5f63c12f73b5ffba7 +AUX openssh-7.5_p1-s390-seccomp.patch 624 BLAKE2B 0bf595d72cd65993dde4e5aae0a3e091bb48021ef8affa84c988d55d9fe6a823b0329b6d9707c88e1556d45c304b6630ade7008f63fd649975594a75f570bb33 SHA512 058dc269eb032151e88e0ac79a0b0fd6fcd56d489e90e299ee431b1475a8f8080e8f4649244864af33e743820b081c9f90b32a1a93b8b60feeb491c0201a4d61 +AUX openssh-7.5_p1-x32-typo.patch 772 BLAKE2B 3f27d669ee76e191f2f6f7c7d86b1d9cb7297cecf17b2d88d86ef498c9ca35231adb0edc9fb811698ec86fd65527cc3fe9f2ce514836aebe5dc27bca2a3a55dc SHA512 20d19301873d4b8e908527f462f40c2f4a513d0bb89d4c7b885f9fc7eb5d483eea544eb108d87ff6aaa3d988d360c2029910c18f7125c96e8367485553f59a5e +AUX openssh-7.5p1-x509-libressl.patch 7027 BLAKE2B 28c51fb88259f7fce097e72dbbafb9623935cb8aaa5d9cf13432051971bf78e792c81c6b4ec7c3a90a6dc287dbfd95e13d682f100e2a0d8f13613ec87d728509 SHA512 0b5fcb58ee55de7ce61bf2bcad23e4a5cdc941d81121bbf8f0dadf5e1e158c055f45a2ef1aebe8fcb1856a33e079282f4c9f21d9da6892808d7e3c172dca3365 +AUX sshd.confd 389 BLAKE2B 7ebd5f15889151c476fee9b933554efaa005ee5ede477c6bbc909972c0c85b8ff87517288554ed991818dff8625654485f51302080f283515bf4e0699dc5958c SHA512 b17f915b17401a8f8f53e098d29baf729df6635ef10945f125bbd1d0fff2a334be4d778c430aaa84e7c188da74e39b47a85703b2c91b1a51410b0f1f57ebc4fd +AUX sshd.pam_include.2 156 BLAKE2B 91ebefbb1264fe3fe98df0a72ac22a4cd8a787b3b391af5769798e0b0185f0a588bc089d229c76138fd2db39fbe6bd33924f0d53e0513074d9c2d7abf88dcb78 SHA512 d3f7e6ca8c9f2b5060ebccb259316bb59c9a7e158e8ef9466765a20db263a4043a590811f1a3ab072b718dbd70898bc69b77e0b19603d7f394b5ac1bd0a4a56c +AUX sshd.rc6.4 2131 BLAKE2B 83bf9010c5416abe7b40245aa8362e863f6ec11c2a203237cfddb72f32b3c9348d7bffb4dbbf3ab122cb1a8ad29cd2eb95f0b3449e259aad784c12c47dd9463f SHA512 21e14851fd76d2ad281dc3a7ee36f4dca6895ca92e13ea189f97213dc9160c37e0b9af64b9238da7b03b0cddf299e7d7fe0d5e4db71dbae7cc0d14f460985bec +AUX sshd.service 242 BLAKE2B e77eb1e0adad0641b60a59d243e911e0a6286a87acda25f3e478582068d8a7a2a12ec88e14bf2c01c7f4c2025ce2d2ce1b1273a93c096bc96da47a69878a823e SHA512 77f50c85a2c944995a39819916eb860cfdc1aff90986e93282e669a0de73c287ecb92d550fd118cfcc8ab538eab677e0d103b23cd959b7e8d9801bc37250c39c +AUX sshd.socket 136 BLAKE2B 22e218c831fc384a3151ef97c391253738fa9002e20cf4628c6fe3d52d4b0ac3b957da58f816950669d0a6f8f2786251c6dfc31bbb863f837a3f52631341dc2e SHA512 4d31d373b7bdae917dc0cf05418c71d4743e98e354aefcf055f88f55c9c644a5a0e0e605dbb8372c1b98d17c0ea1c8c0fee27d38ab8dbe23c7e420a6a78c6d42 +AUX sshd_at.service 176 BLAKE2B 316c2de6af05e97ad2271dfda9fc3276b5c049aa1e56ea7c4acc20d5dd6f4444b0ed3122db90959dc8c009e36f59dbe8e8b969f21eaca98c513ac46b4f80f46e SHA512 662a9c2668902633e6dbcb9435ac35bec3e224afdb2ab6a1df908618536ae9fc1958ba1d611e146c01fddb0c8f41eefdc26de78f45b7f165b1d6b2ee2f23be2a +DIST openssh-6.6p1+x509-7.9.diff.gz 224691 BLAKE2B 6d96428406f04ec1592dbd4a072aa180c2c4612af28d696eb21ecd4324ec7e18d0691ded580df06eb4b42f925df90e4f0893ef41c64a16b58f140c64f0aaa27b SHA512 dc9ee7f0589aa0ba8d3c1c40c505f99a811845d8952bf6bf6b8bd3a00ef4813f3b71db32aadf252d7a320a8bf9cdcdf30b71292869d7830cc42f15ce3d1f3c49 +DIST openssh-6.6p1-hpnssh14v4.diff.xz 20932 BLAKE2B 718a1dab1741f32d2c1e408b192421e77299675a426cb787f056d2801f83805067e944c7fd8302d2cec6b945b0df497c3912629d53ab52893f03ccc91100e1c9 SHA512 7900ccf5ba5fcef5e6f3ed1b3263ad348a4bf63879905bbf9ce5212af64c7f4dae396989c67361ef1b5dfaf97a2d340b3bf75bf37f206b9a18ebee5d84044e2d +DIST openssh-6.6p1.tar.gz 1282502 BLAKE2B 8a61191d768ee80eab1c11d5a20de47348b1d5e7dc12bc35a083dd0df30e2c4265042cd66b918a9a582b2ac4c49d533625d773f8bd2d442d6070d72572393415 SHA512 3d3566ed87649882702cad52db1adefebfb3ef788c9f77a493f99db7e9ca2e8edcde793dd426df7df0aed72a42a31c20a63ef51506111369d3a7c49e0bf6c82b +DIST openssh-7.3_p1-hpn-14.10-r1.patch.xz 20584 BLAKE2B f7530317b1d6cd9aae980b479dcf81e0546337f7c294c2edef5932bd2023ab9e30c7fa9f6fcbdbb1e5d59c0326858a64e59bef726cd8b135e7b8ce5ccf2b2800 SHA512 f0a1c84af85f7cfc7cb58b5117b3d0f57fc25ae0dd608e38b48ef42da43780fd5cf243d26ff9b3fbd6f4cb1567852b87bcb75f98791cf3ad1892e8579a7834d3 +DIST openssh-7.3_p1-sctp.patch.xz 9968 BLAKE2B 28c831cbe0cda4dbb83d58154c4bb7b5d4f430846fcf09f947c42e8ab2594893b7ce5b4d580902e85d0744dca1cbc2405a742546f3282fc73bf8642eebdeac84 SHA512 f249b76898af0c6f1f65f2a1cfb422648aa712818d0dc051b85a171f26bdddf7980fff5de7761161aa41c309e528b3801b4234f5cdd9f79f8eef173ae83f1e3c +DIST openssh-7.3p1+x509-9.2.diff.gz 588078 BLAKE2B 7c48e102bc98415b9a6eb1aa83a2c1d3ce47ec3f439a48bfa3abd6c06289ce3772535648d1de5be7cee4614edd9e61849c12479f62b376d8bd6481c807ae3846 SHA512 fab0da148b0833a651e8a7c36f344aacecef6fa92f8f1cb6302272d98c1ab018831f5850dcaa8f54a39f9ada9b7d5b0a0ea01defc3c6f603bbe211f6bff6a841 +DIST openssh-7.3p1-hpnssh14v12.tar.xz 23448 BLAKE2B bc839aaabfad6d246d540220bcfc52860831c492be95e1ed541db5cc15874f127d5e0cf27d640efcfc7329a5dccb3ee867a6e3a9275455fe079ae75aff745dc0 SHA512 f1ee37dfd1b717963ae519b725d481de2486c9c94fd80ccd12da2ac00d13be7b6e0284a1e9239a4704014810c086eaaa81cd02344372c65d0122a3eb1c2be83c +DIST openssh-7.3p1.tar.gz 1522617 BLAKE2B 495e37af7a2ba7ae4082fb9d4c0a1380d4f7c71cbb699370e8e4c1ffa7a67ce5e92a9f37bfedfff7719a7b20b6b3c0b3e36c80fc9f6224ec6819d76f9c9b11d6 SHA512 7ba2d6140f38bd359ebf32ef17626e0ae1c00c3a38c01877b7c6b0317d030f10a8f82a0a51fc3b6273619de9ed73e24b8cf107b1e968f927053a3bedf97ff801 +DIST openssh-7.4_p1-sctp.patch.xz 8220 BLAKE2B 2d571cacaab342b7950b42ec826bd896edf78780e9ee73fcd441cbc9764eb59e408e295062862db986918824d10498383bf34ae7c93df0da2c056eaec4d2c031 SHA512 0c199e3b26949482125aeaa88216b2458292589e3eac8908d9134d13a1cae891094fcb0f752ed3009b3126cc72277b460205f39140c251792eb1b545271c3bd4 +DIST openssh-7.5p1+x509-10.1.diff.gz 460721 BLAKE2B e3bd5f6539647327d35c90bf0ebf86559a00bf426f49dca4d7d0580d02e0727fe78177974ccddb6103c0e75752165cf51a96f721203dd9c23dce6648431c501e SHA512 d3b5a8f5e3a88eda7989b002236811867b7e2c39bf7cd29a6dbbce277fca3fbedbfdbeaf1fba7d8c19f3dea32a17790e90604765f18576bcc5627a9c1d39109c +DIST openssh-7.5p1+x509-10.2.diff.gz 467040 BLAKE2B 4048b0f016bf7d43276f88117fc266d1a450d298563bfc6ce705ec2829b8f9d91af5c5232941d55004b5aea2d3e0fb682a9d4acd9510c9761ba7ede2f2f0e37f SHA512 ec760d38771749d09afc8d720120ea2aa065c1c7983898b45dba74a4411f7e61e7705da226864e1e8e62e2261eecc3a4ab654b528c71512a07798824d9fb1a9a +DIST openssh-7.5p1-hpnssh14v12.tar.xz 23068 BLAKE2B 15702338877e50c2143b33b93bfc87d0aa0fa55915db1f0cab9c22e55f8aa0c6eeb5a56f438d849544d1650bdc574384b851292d621b79f673b78bc37617aa0b SHA512 45c42090a212b9ce898fbaa8284ddf0f0d17236af13c4a780e00bf265b0c7a4286027e90a7ce9ad70066309db722709dd2f0a7914f57e5364ffbaf7c4859cdf9 +DIST openssh-7.5p1.tar.gz 1510857 BLAKE2B 505764a210018136456c0f5dd40ad9f1383551c3ae037593d4296305df189e0a6f1383adc89b1970d58b8dcfff391878b7a29b848cc244a99705a164bec5d734 SHA512 58c542e8a110fb4316a68db94abb663fa1c810becd0638d45281df8aeca62c1f705090437a80e788e6c29121769b72a505feced537d3118c933fde01b5285c81 +DIST openssh-lpk-7.3p1-0.3.14.patch.xz 17800 BLAKE2B 1803611337d53442f51ac4fb1851a9f96ed2b6ccc03567ea52fd5829ee1e85a9e5eb44a7fc4d413d5aa1897d3735b342cd9642c88156fa174e470013322a8aa9 SHA512 e9a73c5f13e41f6e11c744fdbcdb2e399c394479f79249e901cb3c101efb06f23d51d3ba4869db872184fa034a5910fc93a730fe906266c8d7409e39ad5b1ecd +DIST openssh-lpk-7.5p1-0.3.14.patch.xz 17040 BLAKE2B 5b2204316dd244bb8dd11db50d5bc3a194e2cc4b64964a2d3df68bbe54c53588f15fc5176dbc3811e929573fa3e41cf91f412aa2513bb9a4b6ed02c2523c1e24 SHA512 9ce5d7e5d831c972f0f866b686bf93a048a03979ab38627973f5491eeeaa45f9faab0520b3a7ed90a13a67213fdc9cd4cf11e423acad441ea91b71037c8b435b +EBUILD openssh-6.6_p1-r1.ebuild 9904 BLAKE2B 80701f1b0d3b1015949e88e0ca85ee6312959909a0f77685b0a9cfc2b1edf6b06d0ce20f18111fc0dc7c032c9300556e898d26b4580393e8151b5eb8d64a8c38 SHA512 7f9028a2ee883c571c0b1b8aad7e869888bf0adcc690ff922204bdb1dee25c19b78b2ae61e0ca07ab3b8e91093fa9a6c03338293ee04647768574c39d0dde621 +EBUILD openssh-7.3_p1-r6.ebuild 12351 BLAKE2B 3d6ce055d165d3336888d0f0377e84d7f0c1e1aa5d49d459f7d8f21a348c358024d448757e8c5335297e5a4dba9a8cc150fd71483728ec8db06f19d2c18e7295 SHA512 5e73f4480ec3fe71cda2dd22a9e84e85000d45fc4da09948d07a731ffb1c849b4bb8f2cf415e5aede12c6f6d8b8dac10c17f6b05f8b333a0d566a8fc517dab6b +EBUILD openssh-7.3_p1-r7.ebuild 12318 BLAKE2B c4f393ca68606e0a7a3ab1595e1af7e88cecd1f5e1fbe02ed4c042c68294e9a4cfc2ecbfc8ba0e641039abbb845b167282056c8a22b444dd78cdc3cfa293bf23 SHA512 150242d9245f183e2d5e957c37248f50afbccb1c1df45ecb6b03ea2603b47d9c5e25e80e42f0106945a196a6d1e02f76cd07ed19e02c78a15377d3567faa6cc0 +EBUILD openssh-7.3_p1-r8.ebuild 12049 BLAKE2B 3c2f4c7bc4077255e49ffc40053d341358ad84e9f6410aea2ed15fc886b07bd0b674d9503b530b8033a8612f6fd026630bcb5d5bae264bd3b6b3ede81b48e66e SHA512 0524386c7c4e607680b56b7416e2f27ce151ef55e3597896896e2df698776f4a0568201b273cfc858dd96906891243571d6ef19ff0a6e947514b1773ad281390 +EBUILD openssh-7.5_p1-r1.ebuild 11845 BLAKE2B c8c4abccf8557cf2928474590453588d6ec254dd784c20ca61fd9ad08129544ecc127ed752879ffba2fcd3eb5b68f5b1b416cf13da0b9a9b13890f1997586051 SHA512 2a1db0d8c34d8833a8822110656b42f2024c5c3832ea882b42b325bb1061fc6383fef6e64d1eda78f96adb5dbec331d589ab09cbd9e9d151a30a1d908e617e4e +EBUILD openssh-7.5_p1-r3.ebuild 11934 BLAKE2B c35d57d923c8b334c596bc6eb046f51436c88065e126d4891a861dd9c14c7faeecb5213230ae673412fbf5be0f9dce81ed63d2e08e8418ff1c06a60520332c4f SHA512 559bd7ca53849fefa9a54b306eef38a8952a1aad0c1f11883bd4a88c1cb29786d5f6f04a173a40995096aa7b93680b1c1917dee3eb7509187bb497a2fe89063e +EBUILD openssh-7.5_p1-r4.ebuild 12003 BLAKE2B 961e3e4371adf867930b47308551a6f14761a119d488d11c7625792a646c5929121be424cf3a7a07ce1042fcfeb8f1f690259bbb9244b30ef2dd3d1df59f2b3b SHA512 2b0b440cc90549610c9bce787510902f314c2d8171dee82873db049f679e2e8ed7792274fd512003c4446fca3ba0016bfb03c851862e0e992de05917d52e6c06 diff --git a/net-misc/openssh/files/openssh-6.8_p1-sctp-x509-glue.patch b/net-misc/openssh/files/openssh-6.8_p1-sctp-x509-glue.patch deleted file mode 100644 index 7b12e9a6..00000000 --- a/net-misc/openssh/files/openssh-6.8_p1-sctp-x509-glue.patch +++ /dev/null @@ -1,90 +0,0 @@ ---- openssh-6.8_p1-sctp.patch.orig 2015-03-18 17:52:40.563506822 -0700 -+++ openssh-6.8_p1-sctp.patch 2015-03-18 18:14:30.919753194 -0700 -@@ -184,34 +184,6 @@ - int port; /* Port to connect. */ - int address_family; - int connection_attempts; /* Max attempts (seconds) before ----- a/scp.1 --+++ b/scp.1 --@@ -19,7 +19,7 @@ -- .Sh SYNOPSIS -- .Nm scp -- .Bk -words ---.Op Fl 12346BCpqrv --+.Op Fl 12346BCpqrvz -- .Op Fl c Ar cipher -- .Op Fl F Ar ssh_config -- .Op Fl i Ar identity_file --@@ -178,6 +178,7 @@ For full details of the options listed b -- .It ServerAliveCountMax -- .It StrictHostKeyChecking -- .It TCPKeepAlive --+.It Transport -- .It UpdateHostKeys -- .It UsePrivilegedPort -- .It User --@@ -218,6 +219,8 @@ and -- to print debugging messages about their progress. -- This is helpful in -- debugging connection, authentication, and configuration problems. --+.It Fl z --+Use the SCTP protocol for connection instead of TCP which is the default. -- .El -- .Sh EXIT STATUS -- .Ex -std scp - --- a/scp.c - +++ b/scp.c - @@ -395,7 +395,11 @@ main(int argc, char **argv) -@@ -471,34 +443,6 @@ - int protocol; /* Supported protocol versions. */ - struct ForwardOptions fwd_opts; /* forwarding options */ - SyslogFacility log_facility; /* Facility for system logging. */ ----- a/ssh.1 --+++ b/ssh.1 --@@ -43,7 +43,7 @@ -- .Sh SYNOPSIS -- .Nm ssh -- .Bk -words ---.Op Fl 1246AaCfGgKkMNnqsTtVvXxYy --+.Op Fl 1246AaCfGgKkMNnqsTtVvXxYyz -- .Op Fl b Ar bind_address -- .Op Fl c Ar cipher_spec -- .Op Fl D Oo Ar bind_address : Oc Ns Ar port --@@ -473,6 +473,7 @@ For full details of the options listed b -- .It StreamLocalBindUnlink -- .It StrictHostKeyChecking -- .It TCPKeepAlive --+.It Transport -- .It Tunnel -- .It TunnelDevice -- .It UsePrivilegedPort --@@ -665,6 +666,8 @@ Trusted X11 forwardings are not subjecte -- controls. -- .It Fl y -- Send log information using the --+.It Fl z --+Use the SCTP protocol for connection instead of TCP which is the default. -- .Xr syslog 3 -- system module. -- By default this information is sent to stderr. - --- a/ssh.c - +++ b/ssh.c - @@ -194,12 +194,17 @@ extern int muxserver_sock; -@@ -520,13 +464,11 @@ - " [-D [bind_address:]port] [-E log_file] [-e escape_char]\n" - " [-F configfile] [-I pkcs11] [-i identity_file]\n" - " [-L [bind_address:]port:host:hostport] [-l login_name] [-m mac_spec]\n" --@@ -506,7 +512,7 @@ main(int ac, char **av) -- argv0 = av[0]; -+@@ -506,4 +512,4 @@ main(int ac, char **av) - -- again: --- while ((opt = getopt(ac, av, "1246ab:c:e:fgi:kl:m:no:p:qstvx" --+ while ((opt = getopt(ac, av, "1246ab:c:e:fgi:kl:m:no:p:qstvx" SCTP_OPT -- "ACD:E:F:GI:KL:MNO:PQ:R:S:TVw:W:XYy")) != -1) { -+- while ((opt = getopt(ac, av, "1246ab:c:de:fgi:kl:m:no:p:qstvx" -++ while ((opt = getopt(ac, av, "1246ab:c:de:fgi:kl:m:no:p:qstvx" SCTP_OPT -+ "ACD:E:F:" ENGCONFIG "I:KL:MNO:PQ:R:S:TVw:W:XYy")) != -1) { - switch (opt) { - case '1': - @@ -732,6 +738,11 @@ main(int ac, char **av) diff --git a/net-misc/openssh/files/openssh-6.8_p1-ssl-engine-configure.patch b/net-misc/openssh/files/openssh-6.8_p1-ssl-engine-configure.patch deleted file mode 100644 index a355e2c9..00000000 --- a/net-misc/openssh/files/openssh-6.8_p1-ssl-engine-configure.patch +++ /dev/null @@ -1,33 +0,0 @@ -https://github.com/openssh/openssh-portable/pull/29 - -From 003ed46d1bd94bac29c53b26ae70f6321ea11c80 Mon Sep 17 00:00:00 2001 -From: Mike Frysinger <vapier@gentoo.org> -Date: Wed, 18 Mar 2015 12:37:24 -0400 -Subject: [PATCH] do not abort when --without-ssl-engine --without-openssl is - set - ---- - configure.ac | 6 +++--- - 1 file changed, 3 insertions(+), 3 deletions(-) - -diff --git a/configure.ac b/configure.ac -index b4d6598..7806d20 100644 ---- a/configure.ac -+++ b/configure.ac -@@ -2276,10 +2276,10 @@ openssl_engine=no - AC_ARG_WITH([ssl-engine], - [ --with-ssl-engine Enable OpenSSL (hardware) ENGINE support ], - [ -- if test "x$openssl" = "xno" ; then -- AC_MSG_ERROR([cannot use --with-ssl-engine when OpenSSL disabled]) -- fi - if test "x$withval" != "xno" ; then -+ if test "x$openssl" = "xno" ; then -+ AC_MSG_ERROR([cannot use --with-ssl-engine when OpenSSL disabled]) -+ fi - openssl_engine=yes - fi - ] --- -2.3.2 - diff --git a/net-misc/openssh/files/openssh-6.9_p1-libseccomp.patch b/net-misc/openssh/files/openssh-6.9_p1-libseccomp.patch deleted file mode 100644 index 2993c0e3..00000000 --- a/net-misc/openssh/files/openssh-6.9_p1-libseccomp.patch +++ /dev/null @@ -1,244 +0,0 @@ -diff --git a/Makefile.in b/Makefile.in -index 06be3d5..b1f0931 100644 ---- a/Makefile.in -+++ b/Makefile.in -@@ -106,7 +106,7 @@ SSHDOBJS=sshd.o auth-rhosts.o auth-passwd.o auth-rsa.o auth-rh-rsa.o \ - sftp-server.o sftp-common.o \ - roaming_common.o roaming_serv.o \ - sandbox-null.o sandbox-rlimit.o sandbox-systrace.o sandbox-darwin.o \ -- sandbox-seccomp-filter.o sandbox-capsicum.o -+ sandbox-seccomp-filter.o sandbox-libseccomp-filter.o sandbox-capsicum.o - - MANPAGES = moduli.5.out scp.1.out ssh-add.1.out ssh-agent.1.out ssh-keygen.1.out ssh-keyscan.1.out ssh.1.out sshd.8.out sftp-server.8.out sftp.1.out ssh-keysign.8.out ssh-pkcs11-helper.8.out sshd_config.5.out ssh_config.5.out - MANPAGES_IN = moduli.5 scp.1 ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh-keyscan.1 ssh.1 sshd.8 sftp-server.8 sftp.1 ssh-keysign.8 ssh-pkcs11-helper.8 sshd_config.5 ssh_config.5 -diff --git a/configure.ac b/configure.ac -index 67c4486..ddaf7c0 100644 ---- a/configure.ac -+++ b/configure.ac -@@ -2867,11 +2867,22 @@ else - fi - AC_SUBST([SSH_PRIVSEP_USER]) - -+AC_CHECK_DECL([SCMP_ARCH_NATIVE], [have_libseccomp_filter=1], , [ -+ #include <sys/types.h> -+ #include <seccomp.h> -+]) -+if test "x$have_libseccomp_filter" = "x1" ; then -+ AC_CHECK_LIB([seccomp], [seccomp_init], -+ [LIBS="$LIBS -lseccomp"], -+ [have_libseccomp_filter=0]) -+fi -+ - if test "x$have_linux_no_new_privs" = "x1" ; then - AC_CHECK_DECL([SECCOMP_MODE_FILTER], [have_seccomp_filter=1], , [ - #include <sys/types.h> - #include <linux/seccomp.h> - ]) -+ - fi - if test "x$have_seccomp_filter" = "x1" ; then - AC_MSG_CHECKING([kernel for seccomp_filter support]) -@@ -2898,7 +2909,7 @@ fi - # Decide which sandbox style to use - sandbox_arg="" - AC_ARG_WITH([sandbox], -- [ --with-sandbox=style Specify privilege separation sandbox (no, darwin, rlimit, systrace, seccomp_filter, capsicum)], -+ [ --with-sandbox=style Specify privilege separation sandbox (no, darwin, rlimit, systrace, seccomp_filter, libseccomp_filter, capsicum)], - [ - if test "x$withval" = "xyes" ; then - sandbox_arg="" -@@ -3008,6 +3019,13 @@ elif test "x$sandbox_arg" = "xdarwin" || \ - AC_MSG_ERROR([Darwin seatbelt sandbox requires sandbox.h and sandbox_init function]) - SANDBOX_STYLE="darwin" - AC_DEFINE([SANDBOX_DARWIN], [1], [Sandbox using Darwin sandbox_init(3)]) -+elif test "x$sandbox_arg" = "xlibseccomp_filter" || \ -+ ( test -z "$sandbox_arg" && \ -+ test "x$have_libseccomp_filter" = "x1" ) ; then -+ test "x$have_libseccomp_filter" != "x1" && \ -+ AC_MSG_ERROR([libseccomp_filter sandbox not supported on $host]) -+ SANDBOX_STYLE="libseccomp_filter" -+ AC_DEFINE([SANDBOX_LIBSECCOMP_FILTER], [1], [Sandbox using libseccomp filter]) - elif test "x$sandbox_arg" = "xseccomp_filter" || \ - ( test -z "$sandbox_arg" && \ - test "x$have_seccomp_filter" = "x1" && \ -diff --git a/sandbox-libseccomp-filter.c b/sandbox-libseccomp-filter.c -new file mode 100644 -index 0000000..d03856b ---- /dev/null -+++ b/sandbox-libseccomp-filter.c -@@ -0,0 +1,175 @@ -+/* -+ * Copyright (c) 2012 Will Drewry <wad@dataspill.org> -+ * -+ * Permission to use, copy, modify, and distribute this software for any -+ * purpose with or without fee is hereby granted, provided that the above -+ * copyright notice and this permission notice appear in all copies. -+ * -+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES -+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF -+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR -+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES -+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN -+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF -+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -+ */ -+ -+#include "includes.h" -+ -+#ifdef SANDBOX_LIBSECCOMP_FILTER -+ -+#include <sys/types.h> -+#include <sys/resource.h> -+#include <seccomp.h> -+ -+#include <errno.h> -+#include <signal.h> -+#include <stdarg.h> -+#include <stddef.h> /* for offsetof */ -+#include <stdio.h> -+#include <stdlib.h> -+#include <string.h> -+#include <unistd.h> -+ -+#include "log.h" -+#include "ssh-sandbox.h" -+#include "xmalloc.h" -+ -+struct ssh_sandbox { -+ pid_t child_pid; -+}; -+ -+struct ssh_sandbox * -+ssh_sandbox_init(struct monitor *monitor) -+{ -+ struct ssh_sandbox *box; -+ -+ /* -+ * Strictly, we don't need to maintain any state here but we need -+ * to return non-NULL to satisfy the API. -+ */ -+ debug3("%s: preparing libseccomp filter sandbox", __func__); -+ box = xcalloc(1, sizeof(*box)); -+ box->child_pid = 0; -+ -+ return box; -+} -+ -+static int -+seccomp_add_secondary_archs(scmp_filter_ctx *c) -+{ -+#if defined(__i386__) || defined(__x86_64__) -+ int r; -+ r = seccomp_arch_add(c, SCMP_ARCH_X86); -+ if (r < 0 && r != -EEXIST) -+ return r; -+ r = seccomp_arch_add(c, SCMP_ARCH_X86_64); -+ if (r < 0 && r != -EEXIST) -+ return r; -+ r = seccomp_arch_add(c, SCMP_ARCH_X32); -+ if (r < 0 && r != -EEXIST) -+ return r; -+#endif -+ return 0; -+} -+ -+struct scmp_action_def { -+ uint32_t action; -+ int syscall; -+}; -+ -+static const struct scmp_action_def preauth_insns[] = { -+ {SCMP_ACT_ERRNO(EACCES), SCMP_SYS(open)}, -+ {SCMP_ACT_ERRNO(EACCES), SCMP_SYS(stat)}, -+ {SCMP_ACT_ALLOW, SCMP_SYS(getpid)}, -+ {SCMP_ACT_ALLOW, SCMP_SYS(getpid)}, -+ {SCMP_ACT_ALLOW, SCMP_SYS(gettimeofday)}, -+ {SCMP_ACT_ALLOW, SCMP_SYS(clock_gettime)}, -+#ifdef __NR_time /* not defined on EABI ARM */ -+ {SCMP_ACT_ALLOW, SCMP_SYS(time)}, -+#endif -+ {SCMP_ACT_ALLOW, SCMP_SYS(read)}, -+ {SCMP_ACT_ALLOW, SCMP_SYS(write)}, -+ {SCMP_ACT_ALLOW, SCMP_SYS(close)}, -+#ifdef __NR_shutdown /* not defined on archs that go via socketcall(2) */ -+ {SCMP_ACT_ALLOW, SCMP_SYS(shutdown)}, -+#endif -+ {SCMP_ACT_ALLOW, SCMP_SYS(brk)}, -+ {SCMP_ACT_ALLOW, SCMP_SYS(poll)}, -+#ifdef __NR__newselect -+ {SCMP_ACT_ALLOW, SCMP_SYS(_newselect)}, -+#endif -+ {SCMP_ACT_ALLOW, SCMP_SYS(select)}, -+ {SCMP_ACT_ALLOW, SCMP_SYS(madvise)}, -+#ifdef __NR_mmap2 /* EABI ARM only has mmap2() */ -+ {SCMP_ACT_ALLOW, SCMP_SYS(mmap2)}, -+#endif -+#ifdef __NR_mmap -+ {SCMP_ACT_ALLOW, SCMP_SYS(mmap)}, -+#endif -+#ifdef __dietlibc__ -+ {SCMP_ACT_ALLOW, SCMP_SYS(mremap)}, -+ {SCMP_ACT_ALLOW, SCMP_SYS(exit)}, -+#endif -+ {SCMP_ACT_ALLOW, SCMP_SYS(munmap)}, -+ {SCMP_ACT_ALLOW, SCMP_SYS(exit_group)}, -+#ifdef __NR_rt_sigprocmask -+ {SCMP_ACT_ALLOW, SCMP_SYS(rt_sigprocmask)}, -+#else -+ {SCMP_ACT_ALLOW, SCMP_SYS(sigprocmask)}, -+#endif -+ {0, 0} -+}; -+ -+ -+void -+ssh_sandbox_child(struct ssh_sandbox *box) -+{ -+ scmp_filter_ctx *seccomp; -+ struct rlimit rl_zero; -+ const struct scmp_action_def *insn; -+ int r; -+ -+ /* Set rlimits for completeness if possible. */ -+ rl_zero.rlim_cur = rl_zero.rlim_max = 0; -+ if (setrlimit(RLIMIT_FSIZE, &rl_zero) == -1) -+ fatal("%s: setrlimit(RLIMIT_FSIZE, { 0, 0 }): %s", -+ __func__, strerror(errno)); -+ if (setrlimit(RLIMIT_NOFILE, &rl_zero) == -1) -+ fatal("%s: setrlimit(RLIMIT_NOFILE, { 0, 0 }): %s", -+ __func__, strerror(errno)); -+ if (setrlimit(RLIMIT_NPROC, &rl_zero) == -1) -+ fatal("%s: setrlimit(RLIMIT_NPROC, { 0, 0 }): %s", -+ __func__, strerror(errno)); -+ -+ seccomp = seccomp_init(SCMP_ACT_KILL); -+ if (!seccomp) -+ fatal("%s:libseccomp activation failed", __func__); -+ if (seccomp_add_secondary_archs(seccomp)) -+ fatal("%s:libseccomp secondary arch setup failed", __func__); -+ -+ for (insn = preauth_insns; insn->action; insn++) { -+ if (seccomp_rule_add(seccomp, insn->action, insn->syscall, 0) < 0) -+ fatal("%s:libseccomp rule failed", __func__); -+ } -+ -+ if ((r = seccomp_load(seccomp)) < 0) -+ fatal("%s:libseccomp unable to load filter %d", __func__, r); -+ -+ seccomp_release(seccomp); -+} -+ -+void -+ssh_sandbox_parent_finish(struct ssh_sandbox *box) -+{ -+ free(box); -+ debug3("%s: finished", __func__); -+} -+ -+void -+ssh_sandbox_parent_preauth(struct ssh_sandbox *box, pid_t child_pid) -+{ -+ box->child_pid = child_pid; -+} -+ -+#endif /* SANDBOX_LIBSECCOMP_FILTER */ diff --git a/net-misc/openssh/files/openssh-6.9_p1-x509-warnings.patch b/net-misc/openssh/files/openssh-6.9_p1-x509-warnings.patch deleted file mode 100644 index 9ce2967a..00000000 --- a/net-misc/openssh/files/openssh-6.9_p1-x509-warnings.patch +++ /dev/null @@ -1,24 +0,0 @@ -diff -ur openssh-6.9p1.orig/sshconnect2.c openssh-6.9p1/sshconnect2.c ---- openssh-6.9p1.orig/sshconnect2.c 2015-07-01 14:56:26.766316866 -0700 -+++ openssh-6.9p1/sshconnect2.c 2015-07-01 14:59:22.828692366 -0700 -@@ -1404,7 +1404,7 @@ - static int - get_allowed_keytype(Key *k) { - char *pattern; -- char *alg; -+ const char *alg; - - if (k->type == KEY_RSA1 || k->type == KEY_UNSPEC) - return KEY_UNSPEC; -diff -ur openssh-6.9p1.orig/x509_nm_cmp.c openssh-6.9p1/x509_nm_cmp.c ---- openssh-6.9p1.orig/x509_nm_cmp.c 2015-07-01 14:56:26.129311890 -0700 -+++ openssh-6.9p1/x509_nm_cmp.c 2015-07-01 14:59:14.086624068 -0700 -@@ -133,7 +133,7 @@ - tag = M_ASN1_STRING_type(in); - if (tag != V_ASN1_UTF8STRING) { - /*OpenSSL method surprisingly require non-const(!?) ASN1_STRING!*/ -- return(ASN1_STRING_to_UTF8(out, in)); -+ return(ASN1_STRING_to_UTF8(out, (ASN1_STRING *) in)); - } - - l = M_ASN1_STRING_length(in); diff --git a/net-misc/openssh/files/openssh-7.0_p1-sctp-x509-glue.patch b/net-misc/openssh/files/openssh-7.0_p1-sctp-x509-glue.patch deleted file mode 100644 index d793f908..00000000 --- a/net-misc/openssh/files/openssh-7.0_p1-sctp-x509-glue.patch +++ /dev/null @@ -1,74 +0,0 @@ ---- openssh-6.8_p1-sctp.patch.1 2015-08-12 16:01:13.854769013 -0700 -+++ openssh-6.8_p1-sctp.patch 2015-08-12 16:00:38.208488789 -0700 -@@ -195,14 +195,6 @@ - .Op Fl c Ar cipher - .Op Fl F Ar ssh_config - .Op Fl i Ar identity_file --@@ -178,6 +178,7 @@ For full details of the options listed b -- .It ServerAliveCountMax -- .It StrictHostKeyChecking -- .It TCPKeepAlive --+.It Transport -- .It UpdateHostKeys -- .It UsePrivilegedPort -- .It User - @@ -218,6 +219,8 @@ and - to print debugging messages about their progress. - This is helpful in -@@ -477,19 +469,11 @@ - .Sh SYNOPSIS - .Nm ssh - .Bk -words ---.Op Fl 1246AaCfGgKkMNnqsTtVvXxYy --+.Op Fl 1246AaCfGgKkMNnqsTtVvXxYyz -+-.Op Fl 1246AaCdfgKkMNnqsTtVvXxYy -++.Op Fl 1246AaCdfgKkMNnqsTtVvXxYyz - .Op Fl b Ar bind_address - .Op Fl c Ar cipher_spec - .Op Fl D Oo Ar bind_address : Oc Ns Ar port --@@ -473,6 +473,7 @@ For full details of the options listed b -- .It StreamLocalBindUnlink -- .It StrictHostKeyChecking -- .It TCPKeepAlive --+.It Transport -- .It Tunnel -- .It TunnelDevice -- .It UsePrivilegedPort - @@ -665,6 +666,8 @@ Trusted X11 forwardings are not subjecte - controls. - .It Fl y -@@ -501,7 +485,7 @@ - By default this information is sent to stderr. - --- a/ssh.c - +++ b/ssh.c --@@ -194,12 +194,17 @@ extern int muxserver_sock; -+@@ -194,11 +194,16 @@ extern int muxserver_sock; - extern u_int muxclient_command; - - /* Prints a help message to the user. This function never returns. */ -@@ -515,18 +499,17 @@ - usage(void) - { - fprintf(stderr, ---"usage: ssh [-1246AaCfGgKkMNnqsTtVvXxYy] [-b bind_address] [-c cipher_spec]\n" --+"usage: ssh [-1246AaCfGgKkMNnqsTtVvXxYy" SCTP_OPT "] [-b bind_address] [-c cipher_spec]\n" -+-"usage: ssh [-1246AaCdfgKkMNnqsTtVvXxYy] [-b bind_address] [-c cipher_spec]\n" -++"usage: ssh [-1246AaCdfgKkMNnqsTtVvXxYy" SCTP_OPT "] [-b bind_address] [-c cipher_spec]\n" - " [-D [bind_address:]port] [-E log_file] [-e escape_char]\n" - " [-F configfile] [-I pkcs11] [-i identity_file]\n" -- " [-L [bind_address:]port:host:hostport] [-l login_name] [-m mac_spec]\n" - @@ -506,7 +512,7 @@ main(int ac, char **av) -- argv0 = av[0]; -+ # define ENGCONFIG "" -+ #endif - -- again: --- while ((opt = getopt(ac, av, "1246ab:c:e:fgi:kl:m:no:p:qstvx" --+ while ((opt = getopt(ac, av, "1246ab:c:e:fgi:kl:m:no:p:qstvx" SCTP_OPT -- "ACD:E:F:GI:KL:MNO:PQ:R:S:TVw:W:XYy")) != -1) { -+- while ((opt = getopt(ac, av, "1246ab:c:de:fgi:kl:m:no:p:qstvx" -++ while ((opt = getopt(ac, av, "1246ab:c:de:fgi:kl:m:no:p:qstvx" SCTP_OPT -+ "ACD:E:F:" ENGCONFIG "I:KL:MNO:PQ:R:S:TVw:W:XYy")) != -1) { - switch (opt) { - case '1': - @@ -732,6 +738,11 @@ main(int ac, char **av) diff --git a/net-misc/openssh/files/openssh-7.1_p2-x509-hpn14v10-glue.patch b/net-misc/openssh/files/openssh-7.1_p2-x509-hpn14v10-glue.patch deleted file mode 100644 index 51245697..00000000 --- a/net-misc/openssh/files/openssh-7.1_p2-x509-hpn14v10-glue.patch +++ /dev/null @@ -1,51 +0,0 @@ ---- openssh-7.1p2/Makefile.in -+++ openssh-7.1p2/Makefile.in -@@ -45,7 +45,7 @@ - CC=@CC@ - LD=@LD@ - CFLAGS=@CFLAGS@ --CPPFLAGS=-I. -I$(srcdir) @CPPFLAGS@ @LDAP_CPPFLAGS@ $(PATHS) @DEFS@ -+CPPFLAGS=-I. -I$(srcdir) @CPPFLAGS@ $(PATHS) @DEFS@ - LIBS=@LIBS@ - K5LIBS=@K5LIBS@ - GSSLIBS=@GSSLIBS@ -@@ -53,6 +53,7 @@ - SSHDLIBS=@SSHDLIBS@ - LIBEDIT=@LIBEDIT@ - LIBLDAP=@LDAP_LDFLAGS@ @LDAP_LIBS@ -+CPPFLAGS+=@LDAP_CPPFLAGS@ - AR=@AR@ - AWK=@AWK@ - RANLIB=@RANLIB@ ---- openssh-7.1p2/sshconnect.c -+++ openssh-7.1p2/sshconnect.c -@@ -465,7 +465,7 @@ - { - /* Send our own protocol version identification. */ - if (compat20) { -- xasprintf(&client_version_string, "SSH-%d.%d-%.100s PKIX\r\n", -+ xasprintf(&client_version_string, "SSH-%d.%d-%.100s\r\n", - PROTOCOL_MAJOR_2, PROTOCOL_MINOR_2, SSH_VERSION); - } else { - xasprintf(&client_version_string, "SSH-%d.%d-%.100s\n", ---- openssh-7.1p2/sshd.c -+++ openssh-7.1p2/sshd.c -@@ -472,8 +472,8 @@ - comment = ""; - } - -- xasprintf(&server_version_string, "SSH-%d.%d-%.100s%s%s%s%s", -- major, minor, SSH_VERSION, comment, -+ xasprintf(&server_version_string, "SSH-%d.%d-%.100s%s%s%s", -+ major, minor, SSH_VERSION, - *options.version_addendum == '\0' ? "" : " ", - options.version_addendum, newline); - ---- openssh-7.1p2/version.h -+++ openssh-7.1p2/version.h -@@ -3,4 +3,5 @@ - #define SSH_VERSION "OpenSSH_7.1" - - #define SSH_PORTABLE "p2" -+#define SSH_X509 " PKIX" - #define SSH_RELEASE SSH_VERSION SSH_PORTABLE diff --git a/net-misc/openssh/files/openssh-7.2_p1-GSSAPI-dns.patch b/net-misc/openssh/files/openssh-7.2_p1-GSSAPI-dns.patch deleted file mode 100644 index 29e94e43..00000000 --- a/net-misc/openssh/files/openssh-7.2_p1-GSSAPI-dns.patch +++ /dev/null @@ -1,106 +0,0 @@ -http://bugs.gentoo.org/165444 -https://bugzilla.mindrot.org/show_bug.cgi?id=1008 - ---- openssh-7.2p1/readconf.c -+++ openssh-7.2p1/readconf.c -@@ -148,6 +148,7 @@ - oClearAllForwardings, oNoHostAuthenticationForLocalhost, - oEnableSSHKeysign, oRekeyLimit, oVerifyHostKeyDNS, oConnectTimeout, - oAddressFamily, oGssAuthentication, oGssDelegateCreds, -+ oGssTrustDns, - oServerAliveInterval, oServerAliveCountMax, oIdentitiesOnly, - oSendEnv, oControlPath, oControlMaster, oControlPersist, - oHashKnownHosts, -@@ -194,9 +195,11 @@ - #if defined(GSSAPI) - { "gssapiauthentication", oGssAuthentication }, - { "gssapidelegatecredentials", oGssDelegateCreds }, -+ { "gssapitrustdns", oGssTrustDns }, - #else - { "gssapiauthentication", oUnsupported }, - { "gssapidelegatecredentials", oUnsupported }, -+ { "gssapitrustdns", oUnsupported }, - #endif - { "fallbacktorsh", oDeprecated }, - { "usersh", oDeprecated }, -@@ -930,6 +933,10 @@ - intptr = &options->gss_deleg_creds; - goto parse_flag; - -+ case oGssTrustDns: -+ intptr = &options->gss_trust_dns; -+ goto parse_flag; -+ - case oBatchMode: - intptr = &options->batch_mode; - goto parse_flag; -@@ -1649,6 +1656,7 @@ - options->challenge_response_authentication = -1; - options->gss_authentication = -1; - options->gss_deleg_creds = -1; -+ options->gss_trust_dns = -1; - options->password_authentication = -1; - options->kbd_interactive_authentication = -1; - options->kbd_interactive_devices = NULL; -@@ -1779,6 +1787,8 @@ - options->gss_authentication = 0; - if (options->gss_deleg_creds == -1) - options->gss_deleg_creds = 0; -+ if (options->gss_trust_dns == -1) -+ options->gss_trust_dns = 0; - if (options->password_authentication == -1) - options->password_authentication = 1; - if (options->kbd_interactive_authentication == -1) ---- openssh-7.2p1/readconf.h -+++ openssh-7.2p1/readconf.h -@@ -46,6 +46,7 @@ - /* Try S/Key or TIS, authentication. */ - int gss_authentication; /* Try GSS authentication */ - int gss_deleg_creds; /* Delegate GSS credentials */ -+ int gss_trust_dns; /* Trust DNS for GSS canonicalization */ - int password_authentication; /* Try password - * authentication. */ - int kbd_interactive_authentication; /* Try keyboard-interactive auth. */ ---- openssh-7.2p1/ssh_config.5 -+++ openssh-7.2p1/ssh_config.5 -@@ -830,6 +830,16 @@ - Forward (delegate) credentials to the server. - The default is - .Dq no . -+Note that this option applies to protocol version 2 connections using GSSAPI. -+.It Cm GSSAPITrustDns -+Set to -+.Dq yes to indicate that the DNS is trusted to securely canonicalize -+the name of the host being connected to. If -+.Dq no, the hostname entered on the -+command line will be passed untouched to the GSSAPI library. -+The default is -+.Dq no . -+This option only applies to protocol version 2 connections using GSSAPI. - .It Cm HashKnownHosts - Indicates that - .Xr ssh 1 ---- openssh-7.2p1/sshconnect2.c -+++ openssh-7.2p1/sshconnect2.c -@@ -656,6 +656,12 @@ - static u_int mech = 0; - OM_uint32 min; - int ok = 0; -+ const char *gss_host; -+ -+ if (options.gss_trust_dns) -+ gss_host = get_canonical_hostname(1); -+ else -+ gss_host = authctxt->host; - - /* Try one GSSAPI method at a time, rather than sending them all at - * once. */ -@@ -668,7 +674,7 @@ - /* My DER encoding requires length<128 */ - if (gss_supported->elements[mech].length < 128 && - ssh_gssapi_check_mechanism(&gssctxt, -- &gss_supported->elements[mech], authctxt->host)) { -+ &gss_supported->elements[mech], gss_host)) { - ok = 1; /* Mechanism works */ - } else { - mech++; diff --git a/net-misc/openssh/files/openssh-7.2_p1-sctp-x509-glue.patch b/net-misc/openssh/files/openssh-7.2_p1-sctp-x509-glue.patch deleted file mode 100644 index 2884ee92..00000000 --- a/net-misc/openssh/files/openssh-7.2_p1-sctp-x509-glue.patch +++ /dev/null @@ -1,74 +0,0 @@ ---- openssh-7.2_p1-sctp.patch -+++ openssh-7.2_p1-sctp.patch -@@ -195,14 +195,6 @@ - .Op Fl c Ar cipher - .Op Fl F Ar ssh_config - .Op Fl i Ar identity_file --@@ -181,6 +181,7 @@ For full details of the options listed below, and their possible values, see -- .It ServerAliveCountMax -- .It StrictHostKeyChecking -- .It TCPKeepAlive --+.It Transport -- .It UpdateHostKeys -- .It UsePrivilegedPort -- .It User - @@ -222,6 +223,8 @@ and - to print debugging messages about their progress. - This is helpful in -@@ -477,19 +469,11 @@ - .Sh SYNOPSIS - .Nm ssh - .Bk -words ---.Op Fl 1246AaCfGgKkMNnqsTtVvXxYy --+.Op Fl 1246AaCfGgKkMNnqsTtVvXxYyz -+-.Op Fl 1246AaCdfgKkMNnqsTtVvXxYy -++.Op Fl 1246AaCdfgKkMNnqsTtVvXxYyz - .Op Fl b Ar bind_address - .Op Fl c Ar cipher_spec - .Op Fl D Oo Ar bind_address : Oc Ns Ar port --@@ -536,6 +536,7 @@ For full details of the options listed below, and their possible values, see -- .It StreamLocalBindUnlink -- .It StrictHostKeyChecking -- .It TCPKeepAlive --+.It Transport -- .It Tunnel -- .It TunnelDevice -- .It UpdateHostKeys - @@ -770,6 +771,8 @@ controls. - .Pp - .It Fl y -@@ -501,7 +485,7 @@ - index f9ff91f..d0d92ce 100644 - --- a/ssh.c - +++ b/ssh.c --@@ -195,12 +195,17 @@ extern int muxserver_sock; -+@@ -195,11 +195,16 @@ extern int muxserver_sock; - extern u_int muxclient_command; - - /* Prints a help message to the user. This function never returns. */ -@@ -515,18 +499,17 @@ - usage(void) - { - fprintf(stderr, ---"usage: ssh [-1246AaCfGgKkMNnqsTtVvXxYy] [-b bind_address] [-c cipher_spec]\n" --+"usage: ssh [-1246AaCfGgKkMNnqsTtVvXxYy" SCTP_OPT "] [-b bind_address] [-c cipher_spec]\n" -+-"usage: ssh [-1246AaCdfgKkMNnqsTtVvXxYy] [-b bind_address] [-c cipher_spec]\n" -++"usage: ssh [-1246AaCdfgKkMNnqsTtVvXxYy" SCTP_OPT "] [-b bind_address] [-c cipher_spec]\n" - " [-D [bind_address:]port] [-E log_file] [-e escape_char]\n" - " [-F configfile] [-I pkcs11] [-i identity_file] [-L address]\n" -- " [-l login_name] [-m mac_spec] [-O ctl_cmd] [-o option] [-p port]\n" - @@ -605,7 +610,7 @@ main(int ac, char **av) -- argv0 = av[0]; -+ # define ENGCONFIG "" -+ #endif - -- again: --- while ((opt = getopt(ac, av, "1246ab:c:e:fgi:kl:m:no:p:qstvx" --+ while ((opt = getopt(ac, av, "1246ab:c:e:fgi:kl:m:no:p:qstvx" SCTP_OPT -- "ACD:E:F:GI:KL:MNO:PQ:R:S:TVw:W:XYy")) != -1) { -+- while ((opt = getopt(ac, av, "1246ab:c:de:fgi:kl:m:no:p:qstvx" -++ while ((opt = getopt(ac, av, "1246ab:c:de:fgi:kl:m:no:p:qstvx" SCTP_OPT -+ "ACD:E:F:" ENGCONFIG "I:KL:MNO:PQ:R:S:TVw:W:XYy")) != -1) { - switch (opt) { - case '1': - @@ -845,6 +850,11 @@ main(int ac, char **av) diff --git a/net-misc/openssh/files/openssh-7.2_p1-x509-warnings.patch b/net-misc/openssh/files/openssh-7.2_p1-x509-warnings.patch deleted file mode 100644 index 9e51f6cd..00000000 --- a/net-misc/openssh/files/openssh-7.2_p1-x509-warnings.patch +++ /dev/null @@ -1,22 +0,0 @@ ---- sshconnect2.c.dist 2016-07-16 12:24:22.784369522 +0100 -+++ sshconnect2.c 2016-07-16 12:29:42.459637342 +0100 -@@ -1456,7 +1456,7 @@ pubkey_cleanup(Authctxt *authctxt) - static int - get_allowed_keytype(Key *k) { - char *pattern; -- char *alg; -+ const char *alg; - - if (k->type == KEY_RSA1 || k->type == KEY_UNSPEC) - return KEY_UNSPEC; ---- x509_nm_cmp.c.dist 2016-07-16 12:27:40.188114003 +0100 -+++ x509_nm_cmp.c 2016-07-16 12:27:43.298067968 +0100 -@@ -166,7 +166,7 @@ ssh_ASN1_STRING_to_UTF8(unsigned char ** - - tag = ASN1_STRING_type(in); - if (tag != V_ASN1_UTF8STRING) { -- return(ASN1_STRING_to_UTF8(out, in)); -+ return(ASN1_STRING_to_UTF8(out, (ASN1_STRING *) in)); - } - - l = ASN1_STRING_length(in); diff --git a/net-misc/openssh/files/openssh-7.5_p1-disable-conch-interop-tests.patch b/net-misc/openssh/files/openssh-7.5_p1-disable-conch-interop-tests.patch new file mode 100644 index 00000000..a5647ce9 --- /dev/null +++ b/net-misc/openssh/files/openssh-7.5_p1-disable-conch-interop-tests.patch @@ -0,0 +1,20 @@ +Disable conch interop tests which are failing when called +via portage for yet unknown reason and because using conch +seems to be flaky (test is failing when using Python2 but +passing when using Python3). + +Bug: https://bugs.gentoo.org/605446 + +--- a/regress/conch-ciphers.sh ++++ b/regress/conch-ciphers.sh +@@ -3,6 +3,10 @@ + + tid="conch ciphers" + ++# https://bugs.gentoo.org/605446 ++echo "conch interop tests skipped due to Gentoo bug #605446" ++exit 0 ++ + if test "x$REGRESS_INTEROP_CONCH" != "xyes" ; then + echo "conch interop tests not enabled" + exit 0 diff --git a/net-misc/openssh/openssh-6.9_p1-r2.ebuild b/net-misc/openssh/openssh-6.9_p1-r2.ebuild deleted file mode 100644 index 471894af..00000000 --- a/net-misc/openssh/openssh-6.9_p1-r2.ebuild +++ /dev/null @@ -1,322 +0,0 @@ -# Copyright 1999-2015 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 -# $Id: 40ad0d2d4e4735f9cbac13ea37d98cd589f98e86 $ - -EAPI="4" -inherit eutils user flag-o-matic multilib autotools pam systemd versionator - -# Make it more portable between straight releases -# and _p? releases. -PARCH=${P/_} - -HPN_PATCH="${PN}-6.9p1-r1-hpnssh14v5.tar.xz" -LDAP_PATCH="${PN}-lpk-6.8p1-0.3.14.patch.xz" -X509_VER="8.4" X509_PATCH="${PN}-6.9p1+x509-${X509_VER}.diff.gz" - -DESCRIPTION="Port of OpenBSD's free SSH release" -HOMEPAGE="http://www.openssh.org/" -SRC_URI="mirror://openbsd/OpenSSH/portable/${PARCH}.tar.gz - mirror://gentoo/${PN}-6.8_p1-sctp.patch.xz - ${HPN_PATCH:+hpn? ( - mirror://gentoo/${HPN_PATCH} - https://dev.gentoo.org/~polynomial-c/${HPN_PATCH} - mirror://sourceforge/hpnssh/${HPN_PATCH} - )} - ${LDAP_PATCH:+ldap? ( mirror://gentoo/${LDAP_PATCH} )} - ${X509_PATCH:+X509? ( http://roumenpetrov.info/openssh/x509-${X509_VER}/${X509_PATCH} )} - " - -LICENSE="BSD GPL-2" -SLOT="0" -KEYWORDS="alpha amd64 arm arm64 hppa ia64 m68k ~mips ppc ppc64 s390 sh sparc x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~arm-linux ~x86-linux" -# Probably want to drop ssl defaulting to on in a future version. -IUSE="bindist debug ${HPN_PATCH:++}hpn kerberos ldap ldns libedit -libseccomp pam +pie sctp selinux skey ssh1 +ssl static X X509 abi_x86_x32" -REQUIRED_USE="ldns? ( ssl ) - pie? ( !static ) - ssh1? ( ssl ) - static? ( !kerberos !pam ) - X509? ( !ldap ssl )" - -LIB_DEPEND=" - ldns? ( - net-libs/ldns[static-libs(+)] - !bindist? ( net-libs/ldns[ecdsa,ssl] ) - bindist? ( net-libs/ldns[-ecdsa,ssl] ) - ) - libedit? ( dev-libs/libedit[static-libs(+)] ) - libseccomp? ( sys-libs/libseccomp ) - sctp? ( net-misc/lksctp-tools[static-libs(+)] ) - selinux? ( >=sys-libs/libselinux-1.28[static-libs(+)] ) - skey? ( >=sys-auth/skey-1.1.5-r1[static-libs(+)] ) - ssl? ( - >=dev-libs/openssl-0.9.8f:0[bindist=] - dev-libs/openssl:0[static-libs(+)] - ) - >=sys-libs/zlib-1.2.3[static-libs(+)]" -RDEPEND=" - !static? ( ${LIB_DEPEND//\[static-libs(+)]} ) - pam? ( virtual/pam ) - kerberos? ( virtual/krb5 ) - ldap? ( net-nds/openldap )" -DEPEND="${RDEPEND} - static? ( ${LIB_DEPEND} ) - virtual/pkgconfig - virtual/os-headers - sys-devel/autoconf" -RDEPEND="${RDEPEND} - pam? ( >=sys-auth/pambase-20081028 ) - userland_GNU? ( virtual/shadow ) - X? ( x11-apps/xauth )" - -S=${WORKDIR}/${PARCH} - -pkg_setup() { - # this sucks, but i'd rather have people unable to `emerge -u openssh` - # than not be able to log in to their server any more - maybe_fail() { [[ -z ${!2} ]] && echo "$1" ; } - local fail=" - $(use X509 && maybe_fail X509 X509_PATCH) - $(use ldap && maybe_fail ldap LDAP_PATCH) - $(use hpn && maybe_fail hpn HPN_PATCH) - " - fail=$(echo ${fail}) - if [[ -n ${fail} ]] ; then - eerror "Sorry, but this version does not yet support features" - eerror "that you requested: ${fail}" - eerror "Please mask ${PF} for now and check back later:" - eerror " # echo '=${CATEGORY}/${PF}' >> /etc/portage/package.mask" - die "booooo" - fi - - # Make sure people who are using tcp wrappers are notified of its removal. #531156 - if grep -qs '^ *sshd *:' "${EROOT}"/etc/hosts.{allow,deny} ; then - ewarn "Sorry, but openssh no longer supports tcp-wrappers, and it seems like" - ewarn "you're trying to use it. Update your ${EROOT}etc/hosts.{allow,deny} please." - fi -} - -save_version() { - # version.h patch conflict avoidence - mv version.h version.h.$1 - cp -f version.h.pristine version.h -} - -src_prepare() { - sed -i \ - -e "/_PATH_XAUTH/s:/usr/X11R6/bin/xauth:${EPREFIX}/usr/bin/xauth:" \ - pathnames.h || die - # keep this as we need it to avoid the conflict between LPK and HPN changing - # this file. - cp version.h version.h.pristine - - # don't break .ssh/authorized_keys2 for fun - sed -i '/^AuthorizedKeysFile/s:^:#:' sshd_config || die - - if use libseccomp; then - epatch "${FILESDIR}"/${PN}-6.9_p1-libseccomp.patch - fi - if use X509 ; then - pushd .. >/dev/null - #epatch "${WORKDIR}"/${PN}-6.8_p1-x509-${X509_VER}-glue.patch - epatch "${FILESDIR}"/${PN}-6.8_p1-sctp-x509-glue.patch - popd >/dev/null - epatch "${WORKDIR}"/${X509_PATCH%.*} - epatch "${FILESDIR}"/${PN}-6.3_p1-x509-hpn14v2-glue.patch - epatch "${FILESDIR}"/${PN}-6.9_p1-x509-warnings.patch - save_version X509 - fi - if use ldap ; then - epatch "${WORKDIR}"/${LDAP_PATCH%.*} - save_version LPK - fi - epatch "${FILESDIR}"/${PN}-4.7_p1-GSSAPI-dns.patch #165444 integrated into gsskex - epatch "${FILESDIR}"/${PN}-6.7_p1-openssl-ignore-status.patch - # The X509 patchset fixes this independently. - use X509 || epatch "${FILESDIR}"/${PN}-6.8_p1-ssl-engine-configure.patch - epatch "${WORKDIR}"/${PN}-6.8_p1-sctp.patch - if use hpn ; then - EPATCH_FORCE="yes" EPATCH_SUFFIX="patch" \ - EPATCH_MULTI_MSG="Applying HPN patchset ..." \ - epatch "${WORKDIR}"/${HPN_PATCH%.*.*} - save_version HPN - fi - - tc-export PKG_CONFIG - local sed_args=( - -e "s:-lcrypto:$(${PKG_CONFIG} --libs openssl):" - # Disable PATH reset, trust what portage gives us #254615 - -e 's:^PATH=/:#PATH=/:' - # Disable fortify flags ... our gcc does this for us - -e 's:-D_FORTIFY_SOURCE=2::' - ) - # The -ftrapv flag ICEs on hppa #505182 - use hppa && sed_args+=( - -e '/CFLAGS/s:-ftrapv:-fdisable-this-test:' - -e '/OSSH_CHECK_CFLAG_LINK.*-ftrapv/d' - ) - sed -i "${sed_args[@]}" configure{.ac,} || die - - epatch_user #473004 - - # Now we can build a sane merged version.h - ( - sed '/^#define SSH_RELEASE/d' version.h.* | sort -u - macros=() - for p in HPN LPK X509 ; do [ -e version.h.${p} ] && macros+=( SSH_${p} ) ; done - printf '#define SSH_RELEASE SSH_VERSION SSH_PORTABLE %s\n' "${macros}" - ) > version.h - - eautoreconf -} - -src_configure() { - addwrite /dev/ptmx - addpredict /etc/skey/skeykeys # skey configure code triggers this - - use debug && append-cppflags -DSANDBOX_SECCOMP_FILTER_DEBUG - use static && append-ldflags -static - - local myconf=( - --with-ldflags="${LDFLAGS}" - --disable-strip - --with-pid-dir="${EPREFIX}"/var/run - --sysconfdir="${EPREFIX}"/etc/ssh - --libexecdir="${EPREFIX}"/usr/$(get_libdir)/misc - --datadir="${EPREFIX}"/usr/share/openssh - --with-privsep-path="${EPREFIX}"/var/empty - --with-privsep-user=sshd - $(use_with kerberos kerberos5 "${EPREFIX}"/usr) - # We apply the ldap patch conditionally, so can't pass --without-ldap # ' # <-- Syntax highlight fail - # unconditionally else we get unknown flag warnings. - $(use ldap && use_with ldap) - $(use_with ldns) - $(use_with libedit) - $(use_with pam) - $(use_with pie) - $(use_with sctp) - $(use_with selinux) - $(use_with skey) - $(use_with ssh1) - # The X509 patch deletes this option entirely. - $(use X509 || use_with ssl openssl) - $(use_with ssl md5-passwords) - $(use_with ssl ssl-engine) - $(use_with libseccomp sandbox libseccomp_filter) - ) - if use abi_x86_x32 && ! use libseccomp; then - ewarn "The default 'seccomp' sandbox does not work correctly on x32, and so - without" - ewarn "experimental libseccomp support at least - it is required that this build" - ewarn "fallback to the basic 'rlimit' sandbox, where a child process is prevented from" - ewarn "forking or opening new network connections by having setrlimit() called to reset" - ewarn "its hard-limit of file descriptors and processes to zero. As such, this is a" - ewarn "very basic fallback choice where no better alternative is available." - myconf+=( --with-sandbox=rlimit ) - fi - - # Special settings for Gentoo/FreeBSD 9.0 or later (see bug #391011) - if use elibc_FreeBSD && version_is_at_least 9.0 "$(uname -r|sed 's/\(.\..\).*/\1/')" ; then - myconf+=( --disable-utmp --disable-wtmp --disable-wtmpx ) - append-ldflags -lutil - fi - - econf "${myconf[@]}" -} - -src_install() { - emake install-nokeys DESTDIR="${D}" - fperms 600 /etc/ssh/sshd_config - dobin contrib/ssh-copy-id - newinitd "${FILESDIR}"/sshd.rc6.4 sshd - newconfd "${FILESDIR}"/sshd.confd sshd - keepdir /var/empty - - newpamd "${FILESDIR}"/sshd.pam_include.2 sshd - if use pam ; then - sed -i \ - -e "/^#UsePAM /s:.*:UsePAM yes:" \ - -e "/^#PasswordAuthentication /s:.*:PasswordAuthentication no:" \ - -e "/^#PrintMotd /s:.*:PrintMotd no:" \ - -e "/^#PrintLastLog /s:.*:PrintLastLog no:" \ - "${ED}"/etc/ssh/sshd_config || die - fi - - # Gentoo tweaks to default config files - cat <<-EOF >> "${ED}"/etc/ssh/sshd_config - - # Allow client to pass locale environment variables #367017 - AcceptEnv LANG LC_* - EOF - cat <<-EOF >> "${ED}"/etc/ssh/ssh_config - - # Send locale environment variables #367017 - SendEnv LANG LC_* - EOF - - if ! use X509 && [[ -n ${LDAP_PATCH} ]] && use ldap ; then - insinto /etc/openldap/schema/ - newins openssh-lpk_openldap.schema openssh-lpk.schema - fi - - doman contrib/ssh-copy-id.1 - dodoc ChangeLog CREDITS OVERVIEW README* TODO sshd_config - - diropts -m 0700 - dodir /etc/skel/.ssh - - systemd_dounit "${FILESDIR}"/sshd.{service,socket} - systemd_newunit "${FILESDIR}"/sshd_at.service 'sshd@.service' -} - -src_test() { - local t tests skipped failed passed shell - tests="interop-tests compat-tests" - skipped="" - shell=$(egetshell ${UID}) - if [[ ${shell} == */nologin ]] || [[ ${shell} == */false ]] ; then - elog "Running the full OpenSSH testsuite" - elog "requires a usable shell for the 'portage'" - elog "user, so we will run a subset only." - skipped="${skipped} tests" - else - tests="${tests} tests" - fi - # It will also attempt to write to the homedir .ssh - local sshhome=${T}/homedir - mkdir -p "${sshhome}"/.ssh - for t in ${tests} ; do - # Some tests read from stdin ... - HOMEDIR="${sshhome}" \ - emake -k -j1 ${t} </dev/null \ - && passed="${passed}${t} " \ - || failed="${failed}${t} " - done - einfo "Passed tests: ${passed}" - ewarn "Skipped tests: ${skipped}" - if [[ -n ${failed} ]] ; then - ewarn "Failed tests: ${failed}" - die "Some tests failed: ${failed}" - else - einfo "Failed tests: ${failed}" - return 0 - fi -} - -pkg_preinst() { - enewgroup sshd 22 - enewuser sshd 22 -1 /var/empty sshd -} - -pkg_postinst() { - if has_version "<${CATEGORY}/${PN}-5.8_p1" ; then - elog "Starting with openssh-5.8p1, the server will default to a newer key" - elog "algorithm (ECDSA). You are encouraged to manually update your stored" - elog "keys list as servers update theirs. See ssh-keyscan(1) for more info." - fi - if has_version "<${CATEGORY}/${PN}-6.9_p1" ; then - elog "Starting with openssh-6.9p1, ssh1 support is disabled by default." - fi - ewarn "Remember to merge your config files in /etc/ssh/ and then" - ewarn "reload sshd: '/etc/init.d/sshd reload'." - elog "Note: openssh-6.7 versions no longer support USE=tcpd as upstream has" - elog " dropped it. Make sure to update any configs that you might have." -} diff --git a/net-misc/openssh/openssh-7.1_p1-r2.ebuild b/net-misc/openssh/openssh-7.1_p1-r2.ebuild deleted file mode 100644 index 02e4d1c4..00000000 --- a/net-misc/openssh/openssh-7.1_p1-r2.ebuild +++ /dev/null @@ -1,340 +0,0 @@ -# Copyright 1999-2015 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 -# $Id: 40ee3c8aa5efdc3d0ce3f58700f84b1fecc5c016 $ - -EAPI="4" -inherit eutils user flag-o-matic multilib autotools pam systemd versionator - -# Make it more portable between straight releases -# and _p? releases. -PARCH=${P/_} - -HPN_PATCH="${PARCH}-hpnssh14v9.tar.xz" -LDAP_PATCH="${PN}-lpk-6.8p1-0.3.14.patch.xz" -X509_VER="8.6" X509_PATCH="${PN}-${PV//_/}+x509-${X509_VER}.diff.gz" - -DESCRIPTION="Port of OpenBSD's free SSH release" -HOMEPAGE="http://www.openssh.org/" -SRC_URI="mirror://openbsd/OpenSSH/portable/${PARCH}.tar.gz - mirror://gentoo/${PN}-6.8_p1-sctp.patch.xz - ${HPN_PATCH:+hpn? ( - mirror://gentoo/${HPN_PATCH} - https://dev.gentoo.org/~polynomial-c/${HPN_PATCH} - mirror://sourceforge/hpnssh/${HPN_PATCH} - )} - ${LDAP_PATCH:+ldap? ( mirror://gentoo/${LDAP_PATCH} )} - ${X509_PATCH:+X509? ( http://roumenpetrov.info/openssh/x509-${X509_VER}/${X509_PATCH} )} - " - -LICENSE="BSD GPL-2" -SLOT="0" -KEYWORDS="alpha amd64 arm arm64 hppa ia64 m68k ~mips ppc ppc64 s390 sh sparc x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~arm-linux ~x86-linux" -# Probably want to drop ssl defaulting to on in a future version. -IUSE="bindist debug ${HPN_PATCH:++}hpn kerberos ldap ldns libedit libressl -libseccomp pam +pie sctp selinux skey ssh1 +ssl static X X509 abi_x86_x32" -REQUIRED_USE="ldns? ( ssl ) - pie? ( !static ) - ssh1? ( ssl ) - static? ( !kerberos !pam ) - X509? ( !ldap ssl )" - -LIB_DEPEND=" - ldns? ( - net-libs/ldns[static-libs(+)] - !bindist? ( net-libs/ldns[ecdsa,ssl] ) - bindist? ( net-libs/ldns[-ecdsa,ssl] ) - ) - libedit? ( dev-libs/libedit[static-libs(+)] ) - libseccomp? ( sys-libs/libseccomp ) - sctp? ( net-misc/lksctp-tools[static-libs(+)] ) - selinux? ( >=sys-libs/libselinux-1.28[static-libs(+)] ) - skey? ( >=sys-auth/skey-1.1.5-r1[static-libs(+)] ) - ssl? ( - !libressl? ( - >=dev-libs/openssl-0.9.8f:0[bindist=] - dev-libs/openssl:0[static-libs(+)] - ) - libressl? ( dev-libs/libressl[static-libs(+)] ) - ) - >=sys-libs/zlib-1.2.3[static-libs(+)]" -RDEPEND=" - !static? ( ${LIB_DEPEND//\[static-libs(+)]} ) - pam? ( virtual/pam ) - kerberos? ( virtual/krb5 ) - ldap? ( net-nds/openldap )" -DEPEND="${RDEPEND} - static? ( ${LIB_DEPEND} ) - virtual/pkgconfig - virtual/os-headers - sys-devel/autoconf" -RDEPEND="${RDEPEND} - pam? ( >=sys-auth/pambase-20081028 ) - userland_GNU? ( virtual/shadow ) - X? ( x11-apps/xauth )" - -S=${WORKDIR}/${PARCH} - -pkg_setup() { - # this sucks, but i'd rather have people unable to `emerge -u openssh` - # than not be able to log in to their server any more - maybe_fail() { [[ -z ${!2} ]] && echo "$1" ; } - local fail=" - $(use X509 && maybe_fail X509 X509_PATCH) - $(use ldap && maybe_fail ldap LDAP_PATCH) - $(use hpn && maybe_fail hpn HPN_PATCH) - " - fail=$(echo ${fail}) - if [[ -n ${fail} ]] ; then - eerror "Sorry, but this version does not yet support features" - eerror "that you requested: ${fail}" - eerror "Please mask ${PF} for now and check back later:" - eerror " # echo '=${CATEGORY}/${PF}' >> /etc/portage/package.mask" - die "booooo" - fi - - # Make sure people who are using tcp wrappers are notified of its removal. #531156 - if grep -qs '^ *sshd *:' "${EROOT}"/etc/hosts.{allow,deny} ; then - ewarn "Sorry, but openssh no longer supports tcp-wrappers, and it seems like" - ewarn "you're trying to use it. Update your ${EROOT}etc/hosts.{allow,deny} please." - fi -} - -save_version() { - # version.h patch conflict avoidence - mv version.h version.h.$1 - cp -f version.h.pristine version.h -} - -src_prepare() { - sed -i \ - -e "/_PATH_XAUTH/s:/usr/X11R6/bin/xauth:${EPREFIX}/usr/bin/xauth:" \ - pathnames.h || die - # keep this as we need it to avoid the conflict between LPK and HPN changing - # this file. - cp version.h version.h.pristine - - # don't break .ssh/authorized_keys2 for fun - sed -i '/^AuthorizedKeysFile/s:^:#:' sshd_config || die - - if use libseccomp; then - epatch "${FILESDIR}"/${PN}-6.9_p1-libseccomp.patch - fi - if use X509 ; then - pushd .. >/dev/null - if use hpn ; then - pushd ${HPN_PATCH%.*.*} >/dev/null - epatch "${FILESDIR}"/${PN}-7.1_p1-hpn-x509-glue.patch - popd >/dev/null - fi - epatch "${FILESDIR}"/${PN}-7.0_p1-sctp-x509-glue.patch - popd >/dev/null - epatch "${WORKDIR}"/${X509_PATCH%.*} - epatch "${FILESDIR}"/${PN}-6.3_p1-x509-hpn14v2-glue.patch - epatch "${FILESDIR}"/${PN}-6.9_p1-x509-warnings.patch - save_version X509 - fi - if use ldap ; then - epatch "${WORKDIR}"/${LDAP_PATCH%.*} - save_version LPK - fi - epatch "${FILESDIR}"/${PN}-4.7_p1-GSSAPI-dns.patch #165444 integrated into gsskex - epatch "${FILESDIR}"/${PN}-6.7_p1-openssl-ignore-status.patch - # The X509 patchset fixes this independently. - use X509 || epatch "${FILESDIR}"/${PN}-6.8_p1-ssl-engine-configure.patch - epatch "${WORKDIR}"/${PN}-6.8_p1-sctp.patch - if use hpn ; then - EPATCH_FORCE="yes" EPATCH_SUFFIX="patch" \ - EPATCH_MULTI_MSG="Applying HPN patchset ..." \ - epatch "${WORKDIR}"/${HPN_PATCH%.*.*} - save_version HPN - fi - - tc-export PKG_CONFIG - local sed_args=( - -e "s:-lcrypto:$(${PKG_CONFIG} --libs openssl):" - # Disable PATH reset, trust what portage gives us #254615 - -e 's:^PATH=/:#PATH=/:' - # Disable fortify flags ... our gcc does this for us - -e 's:-D_FORTIFY_SOURCE=2::' - ) - # The -ftrapv flag ICEs on hppa #505182 - use hppa && sed_args+=( - -e '/CFLAGS/s:-ftrapv:-fdisable-this-test:' - -e '/OSSH_CHECK_CFLAG_LINK.*-ftrapv/d' - ) - sed -i "${sed_args[@]}" configure{.ac,} || die - - epatch_user #473004 - - # Now we can build a sane merged version.h - ( - sed '/^#define SSH_RELEASE/d' version.h.* | sort -u - macros=() - for p in HPN LPK X509 ; do [ -e version.h.${p} ] && macros+=( SSH_${p} ) ; done - printf '#define SSH_RELEASE SSH_VERSION SSH_PORTABLE %s\n' "${macros}" - ) > version.h - - eautoreconf -} - -src_configure() { - addwrite /dev/ptmx - addpredict /etc/skey/skeykeys # skey configure code triggers this - - use debug && append-cppflags -DSANDBOX_SECCOMP_FILTER_DEBUG - use static && append-ldflags -static - - local myconf=( - --with-ldflags="${LDFLAGS}" - --disable-strip - --with-pid-dir="${EPREFIX}"/var/run - --sysconfdir="${EPREFIX}"/etc/ssh - --libexecdir="${EPREFIX}"/usr/$(get_libdir)/misc - --datadir="${EPREFIX}"/usr/share/openssh - --with-privsep-path="${EPREFIX}"/var/empty - --with-privsep-user=sshd - $(use_with kerberos kerberos5 "${EPREFIX}"/usr) - # We apply the ldap patch conditionally, so can't pass --without-ldap - # unconditionally else we get unknown flag warnings. - $(use ldap && use_with ldap) - $(use_with ldns) - $(use_with libedit) - $(use_with pam) - $(use_with pie) - $(use_with sctp) - $(use_with selinux) - $(use_with skey) - $(use_with ssh1) - # The X509 patch deletes this option entirely. - $(use X509 || use_with ssl openssl) - $(use_with ssl md5-passwords) - $(use_with ssl ssl-engine) - $(use_with libseccomp sandbox libseccomp_filter) - ) - if use abi_x86_x32 && ! use libseccomp; then - ewarn "The default 'seccomp' sandbox does not work correctly on x32, and so - without" - ewarn "experimental libseccomp support at least - it is required that this build" - ewarn "fallback to the basic 'rlimit' sandbox, where a child process is prevented from" - ewarn "forking or opening new network connections by having setrlimit() called to reset" - ewarn "its hard-limit of file descriptors and processes to zero. As such, this is a" - ewarn "very basic fallback choice where no better alternative is available." - myconf+=( --with-sandbox=rlimit ) - fi - - econf "${myconf[@]}" -} - -src_install() { - emake install-nokeys DESTDIR="${D}" - fperms 600 /etc/ssh/sshd_config - dobin contrib/ssh-copy-id - newinitd "${FILESDIR}"/sshd.rc6.4 sshd - newconfd "${FILESDIR}"/sshd.confd sshd - keepdir /var/empty - - newpamd "${FILESDIR}"/sshd.pam_include.2 sshd - if use pam ; then - sed -i \ - -e "/^#UsePAM /s:.*:UsePAM yes:" \ - -e "/^#PasswordAuthentication /s:.*:PasswordAuthentication no:" \ - -e "/^#PrintMotd /s:.*:PrintMotd no:" \ - -e "/^#PrintLastLog /s:.*:PrintLastLog no:" \ - "${ED}"/etc/ssh/sshd_config || die - fi - - # Gentoo tweaks to default config files - cat <<-EOF >> "${ED}"/etc/ssh/sshd_config - - # Allow client to pass locale environment variables #367017 - AcceptEnv LANG LC_* - EOF - cat <<-EOF >> "${ED}"/etc/ssh/ssh_config - - # Send locale environment variables #367017 - SendEnv LANG LC_* - EOF - - if ! use X509 && [[ -n ${LDAP_PATCH} ]] && use ldap ; then - insinto /etc/openldap/schema/ - newins openssh-lpk_openldap.schema openssh-lpk.schema - fi - - doman contrib/ssh-copy-id.1 - dodoc ChangeLog CREDITS OVERVIEW README* TODO sshd_config - - diropts -m 0700 - dodir /etc/skel/.ssh - - systemd_dounit "${FILESDIR}"/sshd.{service,socket} - systemd_newunit "${FILESDIR}"/sshd_at.service 'sshd@.service' -} - -src_test() { - local t tests skipped failed passed shell - tests="interop-tests compat-tests" - skipped="" - shell=$(egetshell ${UID}) - if [[ ${shell} == */nologin ]] || [[ ${shell} == */false ]] ; then - elog "Running the full OpenSSH testsuite" - elog "requires a usable shell for the 'portage'" - elog "user, so we will run a subset only." - skipped="${skipped} tests" - else - tests="${tests} tests" - fi - # It will also attempt to write to the homedir .ssh - local sshhome=${T}/homedir - mkdir -p "${sshhome}"/.ssh - for t in ${tests} ; do - # Some tests read from stdin ... - HOMEDIR="${sshhome}" \ - emake -k -j1 ${t} </dev/null \ - && passed="${passed}${t} " \ - || failed="${failed}${t} " - done - einfo "Passed tests: ${passed}" - ewarn "Skipped tests: ${skipped}" - if [[ -n ${failed} ]] ; then - ewarn "Failed tests: ${failed}" - die "Some tests failed: ${failed}" - else - einfo "Failed tests: ${failed}" - return 0 - fi -} - -pkg_preinst() { - enewgroup sshd 22 - enewuser sshd 22 -1 /var/empty sshd -} - -pkg_postinst() { - if has_version "<${CATEGORY}/${PN}-5.8_p1" ; then - elog "Starting with openssh-5.8p1, the server will default to a newer key" - elog "algorithm (ECDSA). You are encouraged to manually update your stored" - elog "keys list as servers update theirs. See ssh-keyscan(1) for more info." - fi - if has_version "<${CATEGORY}/${PN}-6.9_p1" ; then - elog "Starting with openssh-6.9p1, ssh1 support is disabled by default." - fi - if has_version "<${CATEGORY}/${PN}-7.0_p1" ; then - elog "Starting with openssh-6.7, support for USE=tcpd has been dropped by upstream." - elog "Make sure to update any configs that you might have. Note that xinetd might" - elog "be an alternative for you as it supports USE=tcpd." - fi - if has_version "<${CATEGORY}/${PN}-7.1_p1" ; then #557388 #555518 - elog "Starting with openssh-7.0, support for ssh-dss keys were disabled due to their" - elog "weak sizes. If you rely on these key types, you can re-enable the key types by" - elog "adding to your sshd_config or ~/.ssh/config files:" - elog " PubkeyAcceptedKeyTypes=+ssh-dss" - elog "You should however generate new keys using rsa or ed25519." - - elog "Starting with openssh-7.0, the default for PermitRootLogin changed from 'yes'" - elog "to 'prohibit-password'. That means password auth for root users no longer works" - elog "out of the box. If you need this, please update your sshd_config explicitly." - fi - if ! use ssl && has_version "${CATEGORY}/${PN}[ssl]" ; then - elog "Be aware that by disabling openssl support in openssh, the server and clients" - elog "no longer support dss/rsa/ecdsa keys. You will need to generate ed25519 keys" - elog "and update all clients/servers that utilize them." - fi -} diff --git a/net-misc/openssh/openssh-7.1_p2.ebuild b/net-misc/openssh/openssh-7.1_p2.ebuild deleted file mode 100644 index 21b33964..00000000 --- a/net-misc/openssh/openssh-7.1_p2.ebuild +++ /dev/null @@ -1,340 +0,0 @@ -# Copyright 1999-2016 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 -# $Id: 762e35d9e2fd6bc06c3f813ddbc18f91ef76d0f8 $ - -EAPI="5" - -inherit eutils user flag-o-matic multilib autotools pam systemd versionator - -# Make it more portable between straight releases -# and _p? releases. -PARCH=${P/_} - -HPN_PATCH="${PARCH}-hpnssh14v10.tar.xz" -LDAP_PATCH="${PN}-lpk-7.1p2-0.3.14.patch.xz" -X509_VER="8.6" X509_PATCH="${PN}-${PV/_}+x509-${X509_VER}.diff.xz" - -DESCRIPTION="Port of OpenBSD's free SSH release" -HOMEPAGE="http://www.openssh.org/" -SRC_URI="mirror://openbsd/OpenSSH/portable/${PARCH}.tar.gz - mirror://gentoo/${PN}-6.8_p1-sctp.patch.xz - ${HPN_PATCH:+hpn? ( - mirror://gentoo/${HPN_PATCH} - mirror://sourceforge/hpnssh/${HPN_PATCH} - )} - ${LDAP_PATCH:+ldap? ( mirror://gentoo/${LDAP_PATCH} )} - ${X509_PATCH:+X509? ( http://roumenpetrov.info/openssh/x509-${X509_VER}/${X509_PATCH} )} - " - -LICENSE="BSD GPL-2" -SLOT="0" -KEYWORDS="alpha amd64 arm arm64 hppa ia64 m68k ~mips ppc ppc64 s390 sh sparc x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~arm-linux ~x86-linux" -# Probably want to drop ssl defaulting to on in a future version. -IUSE="bindist debug ${HPN_PATCH:++}hpn kerberos ldap ldns libedit libressl -libseccomp pam +pie sctp selinux skey ssh1 +ssl static systemd X X509 abi_x86_x32" -REQUIRED_USE="ldns? ( ssl ) - pie? ( !static ) - ssh1? ( ssl ) - static? ( !kerberos !pam ) - X509? ( !ldap ssl )" - -LIB_DEPEND=" - ldns? ( - net-libs/ldns[static-libs(+)] - !bindist? ( net-libs/ldns[ecdsa,ssl] ) - bindist? ( net-libs/ldns[-ecdsa,ssl] ) - ) - libedit? ( dev-libs/libedit[static-libs(+)] ) - libseccomp? ( sys-libs/libseccomp ) - sctp? ( net-misc/lksctp-tools[static-libs(+)] ) - selinux? ( >=sys-libs/libselinux-1.28[static-libs(+)] ) - skey? ( >=sys-auth/skey-1.1.5-r1[static-libs(+)] ) - ssl? ( - !libressl? ( - >=dev-libs/openssl-0.9.8f:0[bindist=] - dev-libs/openssl:0[static-libs(+)] - ) - libressl? ( dev-libs/libressl[static-libs(+)] ) - ) - >=sys-libs/zlib-1.2.3[static-libs(+)]" -RDEPEND=" - !static? ( ${LIB_DEPEND//\[static-libs(+)]} ) - pam? ( virtual/pam ) - kerberos? ( virtual/krb5 ) - ldap? ( net-nds/openldap )" -DEPEND="${RDEPEND} - static? ( ${LIB_DEPEND} ) - virtual/pkgconfig - virtual/os-headers - sys-devel/autoconf" -RDEPEND="${RDEPEND} - pam? ( >=sys-auth/pambase-20081028 ) - userland_GNU? ( virtual/shadow ) - X? ( x11-apps/xauth )" - -S=${WORKDIR}/${PARCH} - -pkg_setup() { - # this sucks, but i'd rather have people unable to `emerge -u openssh` - # than not be able to log in to their server any more - maybe_fail() { [[ -z ${!2} ]] && echo "$1" ; } - local fail=" - $(use X509 && maybe_fail X509 X509_PATCH) - $(use ldap && maybe_fail ldap LDAP_PATCH) - $(use hpn && maybe_fail hpn HPN_PATCH) - " - fail=$(echo ${fail}) - if [[ -n ${fail} ]] ; then - eerror "Sorry, but this version does not yet support features" - eerror "that you requested: ${fail}" - eerror "Please mask ${PF} for now and check back later:" - eerror " # echo '=${CATEGORY}/${PF}' >> /etc/portage/package.mask" - die "booooo" - fi - - # Make sure people who are using tcp wrappers are notified of its removal. #531156 - if grep -qs '^ *sshd *:' "${EROOT}"/etc/hosts.{allow,deny} ; then - ewarn "Sorry, but openssh no longer supports tcp-wrappers, and it seems like" - ewarn "you're trying to use it. Update your ${EROOT}etc/hosts.{allow,deny} please." - fi -} - -save_version() { - # version.h patch conflict avoidence - mv version.h version.h.$1 - cp -f version.h.pristine version.h -} - -src_prepare() { - sed -i \ - -e "/_PATH_XAUTH/s:/usr/X11R6/bin/xauth:${EPREFIX}/usr/bin/xauth:" \ - pathnames.h || die - # keep this as we need it to avoid the conflict between LPK and HPN changing - # this file. - cp version.h version.h.pristine - - # don't break .ssh/authorized_keys2 for fun - sed -i '/^AuthorizedKeysFile/s:^:#:' sshd_config || die - - if use libseccomp; then - epatch "${FILESDIR}"/${PN}-6.9_p1-libseccomp.patch - fi - if use X509 ; then - pushd .. >/dev/null - if use hpn ; then - pushd ${HPN_PATCH%.*.*} >/dev/null - epatch "${FILESDIR}"/${PN}-7.1_p1-hpn-x509-glue.patch - popd >/dev/null - fi - epatch "${FILESDIR}"/${PN}-7.0_p1-sctp-x509-glue.patch - popd >/dev/null - epatch "${WORKDIR}"/${X509_PATCH%.*} - epatch "${FILESDIR}"/${PN}-7.1_p2-x509-hpn14v10-glue.patch - epatch "${FILESDIR}"/${PN}-6.9_p1-x509-warnings.patch - save_version X509 - fi - if use ldap ; then - epatch "${WORKDIR}"/${LDAP_PATCH%.*} - save_version LPK - fi - epatch "${FILESDIR}"/${PN}-4.7_p1-GSSAPI-dns.patch #165444 integrated into gsskex - epatch "${FILESDIR}"/${PN}-6.7_p1-openssl-ignore-status.patch - # The X509 patchset fixes this independently. - use X509 || epatch "${FILESDIR}"/${PN}-6.8_p1-ssl-engine-configure.patch - epatch "${WORKDIR}"/${PN}-6.8_p1-sctp.patch - if use hpn ; then - EPATCH_FORCE="yes" EPATCH_SUFFIX="patch" \ - EPATCH_MULTI_MSG="Applying HPN patchset ..." \ - epatch "${WORKDIR}"/${HPN_PATCH%.*.*} - save_version HPN - fi - - tc-export PKG_CONFIG - local sed_args=( - -e "s:-lcrypto:$(${PKG_CONFIG} --libs openssl):" - # Disable PATH reset, trust what portage gives us #254615 - -e 's:^PATH=/:#PATH=/:' - # Disable fortify flags ... our gcc does this for us - -e 's:-D_FORTIFY_SOURCE=2::' - ) - # The -ftrapv flag ICEs on hppa #505182 - use hppa && sed_args+=( - -e '/CFLAGS/s:-ftrapv:-fdisable-this-test:' - -e '/OSSH_CHECK_CFLAG_LINK.*-ftrapv/d' - ) - sed -i "${sed_args[@]}" configure{.ac,} || die - - epatch_user #473004 - - # Now we can build a sane merged version.h - ( - sed '/^#define SSH_RELEASE/d' version.h.* | sort -u - macros=() - for p in HPN LPK X509 ; do [ -e version.h.${p} ] && macros+=( SSH_${p} ) ; done - printf '#define SSH_RELEASE SSH_VERSION SSH_PORTABLE %s\n' "${macros}" - ) > version.h - - eautoreconf -} - -src_configure() { - addwrite /dev/ptmx - - use debug && append-cppflags -DSANDBOX_SECCOMP_FILTER_DEBUG - use static && append-ldflags -static - - local myconf=( - --with-ldflags="${LDFLAGS}" - --disable-strip - --with-pid-dir="${EPREFIX}"/var/run - --sysconfdir="${EPREFIX}"/etc/ssh - --libexecdir="${EPREFIX}"/usr/$(get_libdir)/misc - --datadir="${EPREFIX}"/usr/share/openssh - --with-privsep-path="${EPREFIX}"/var/empty - --with-privsep-user=sshd - $(use_with kerberos kerberos5 "${EPREFIX}"/usr) - # We apply the ldap patch conditionally, so can't pass --without-ldap - # unconditionally else we get unknown flag warnings. - $(use ldap && use_with ldap) - $(use_with ldns) - $(use_with libedit) - $(use_with pam) - $(use_with pie) - $(use_with sctp) - $(use_with selinux) - $(use_with skey) - $(use_with ssh1) - $(use_with ssl openssl) - $(use_with ssl md5-passwords) - $(use_with ssl ssl-engine) - $(use_with libseccomp sandbox libseccomp_filter) - ) - if use abi_x86_x32 && ! use libseccomp; then - ewarn "The default 'seccomp' sandbox does not work correctly on x32, and so - without" - ewarn "experimental libseccomp support at least - it is required that this build" - ewarn "fallback to the basic 'rlimit' sandbox, where a child process is prevented from" - ewarn "forking or opening new network connections by having setrlimit() called to reset" - ewarn "its hard-limit of file descriptors and processes to zero. As such, this is a" - ewarn "very basic fallback choice where no better alternative is available." - myconf+=( --with-sandbox=rlimit ) - fi - - econf "${myconf[@]}" -} - -src_install() { - emake install-nokeys DESTDIR="${D}" - fperms 600 /etc/ssh/sshd_config - dobin contrib/ssh-copy-id - newinitd "${FILESDIR}"/sshd.rc6.4 sshd - newconfd "${FILESDIR}"/sshd.confd sshd - keepdir /var/empty - - newpamd "${FILESDIR}"/sshd.pam_include.2 sshd - if use pam ; then - sed -i \ - -e "/^#UsePAM /s:.*:UsePAM yes:" \ - -e "/^#PasswordAuthentication /s:.*:PasswordAuthentication no:" \ - -e "/^#PrintMotd /s:.*:PrintMotd no:" \ - -e "/^#PrintLastLog /s:.*:PrintLastLog no:" \ - "${ED}"/etc/ssh/sshd_config || die - fi - - # Gentoo tweaks to default config files - cat <<-EOF >> "${ED}"/etc/ssh/sshd_config - - # Allow client to pass locale environment variables #367017 - AcceptEnv LANG LC_* - EOF - cat <<-EOF >> "${ED}"/etc/ssh/ssh_config - - # Send locale environment variables #367017 - SendEnv LANG LC_* - EOF - - if ! use X509 && [[ -n ${LDAP_PATCH} ]] && use ldap ; then - insinto /etc/openldap/schema/ - newins openssh-lpk_openldap.schema openssh-lpk.schema - fi - - doman contrib/ssh-copy-id.1 - dodoc ChangeLog CREDITS OVERVIEW README* TODO sshd_config - - diropts -m 0700 - dodir /etc/skel/.ssh - - if use systemd; then - systemd_dounit "${FILESDIR}"/sshd.{service,socket} - systemd_newunit "${FILESDIR}"/sshd_at.service 'sshd@.service' - fi -} - -src_test() { - local t tests skipped failed passed shell - tests="interop-tests compat-tests" - skipped="" - shell=$(egetshell ${UID}) - if [[ ${shell} == */nologin ]] || [[ ${shell} == */false ]] ; then - elog "Running the full OpenSSH testsuite" - elog "requires a usable shell for the 'portage'" - elog "user, so we will run a subset only." - skipped="${skipped} tests" - else - tests="${tests} tests" - fi - # It will also attempt to write to the homedir .ssh - local sshhome=${T}/homedir - mkdir -p "${sshhome}"/.ssh - for t in ${tests} ; do - # Some tests read from stdin ... - HOMEDIR="${sshhome}" \ - emake -k -j1 ${t} </dev/null \ - && passed="${passed}${t} " \ - || failed="${failed}${t} " - done - einfo "Passed tests: ${passed}" - ewarn "Skipped tests: ${skipped}" - if [[ -n ${failed} ]] ; then - ewarn "Failed tests: ${failed}" - die "Some tests failed: ${failed}" - else - einfo "Failed tests: ${failed}" - return 0 - fi -} - -pkg_preinst() { - enewgroup sshd 22 - enewuser sshd 22 -1 /var/empty sshd -} - -pkg_postinst() { - if has_version "<${CATEGORY}/${PN}-5.8_p1" ; then - elog "Starting with openssh-5.8p1, the server will default to a newer key" - elog "algorithm (ECDSA). You are encouraged to manually update your stored" - elog "keys list as servers update theirs. See ssh-keyscan(1) for more info." - fi - if has_version "<${CATEGORY}/${PN}-6.9_p1" ; then - elog "Starting with openssh-6.9p1, ssh1 support is disabled by default." - fi - if has_version "<${CATEGORY}/${PN}-7.0_p1" ; then - elog "Starting with openssh-6.7, support for USE=tcpd has been dropped by upstream." - elog "Make sure to update any configs that you might have. Note that xinetd might" - elog "be an alternative for you as it supports USE=tcpd." - fi - if has_version "<${CATEGORY}/${PN}-7.1_p1" ; then #557388 #555518 - elog "Starting with openssh-7.0, support for ssh-dss keys were disabled due to their" - elog "weak sizes. If you rely on these key types, you can re-enable the key types by" - elog "adding to your sshd_config or ~/.ssh/config files:" - elog " PubkeyAcceptedKeyTypes=+ssh-dss" - elog "You should however generate new keys using rsa or ed25519." - - elog "Starting with openssh-7.0, the default for PermitRootLogin changed from 'yes'" - elog "to 'prohibit-password'. That means password auth for root users no longer works" - elog "out of the box. If you need this, please update your sshd_config explicitly." - fi - if ! use ssl && has_version "${CATEGORY}/${PN}[ssl]" ; then - elog "Be aware that by disabling openssl support in openssh, the server and clients" - elog "no longer support dss/rsa/ecdsa keys. You will need to generate ed25519 keys" - elog "and update all clients/servers that utilize them." - fi -} diff --git a/net-misc/openssh/openssh-7.2_p2-r1.ebuild b/net-misc/openssh/openssh-7.2_p2-r1.ebuild deleted file mode 100644 index 8918f6f9..00000000 --- a/net-misc/openssh/openssh-7.2_p2-r1.ebuild +++ /dev/null @@ -1,348 +0,0 @@ -# Copyright 1999-2016 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 -# $Id: 282823eb3a85723e252eb5abc11543c4d8045f34 $ - -EAPI="5" - -inherit eutils user flag-o-matic multilib autotools pam systemd versionator - -# Make it more portable between straight releases -# and _p? releases. -PARCH=${P/_} - -#HPN_PATCH="${PARCH}-hpnssh14v10.tar.xz" -LDAP_PATCH="${PN}-lpk-7.2p2-0.3.14.patch.xz" -X509_VER="8.9" X509_PATCH="${PN}-${PV/_}+x509-${X509_VER}.diff.gz" - -DESCRIPTION="Port of OpenBSD's free SSH release" -HOMEPAGE="http://www.openssh.org/" -SRC_URI="mirror://openbsd/OpenSSH/portable/${PARCH}.tar.gz - mirror://gentoo/${PN}-7.2_p1-sctp.patch.xz - ${HPN_PATCH:+hpn? ( - mirror://gentoo/${HPN_PATCH} - mirror://sourceforge/hpnssh/${HPN_PATCH} - )} - ${LDAP_PATCH:+ldap? ( mirror://gentoo/${LDAP_PATCH} )} - ${X509_PATCH:+X509? ( http://roumenpetrov.info/openssh/x509-${X509_VER}/${X509_PATCH} )} - " - -LICENSE="BSD GPL-2" -SLOT="0" -KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~arm-linux ~x86-linux" -# Probably want to drop ssl defaulting to on in a future version. -IUSE="bindist debug ${HPN_PATCH:++}hpn kerberos ldap ldns libedit libressl -libseccomp livecd pam +pie sctp selinux skey ssh1 +ssl static X X509 abi_x86_x32" -REQUIRED_USE="ldns? ( ssl ) - pie? ( !static ) - ssh1? ( ssl ) - static? ( !kerberos !pam ) - X509? ( !ldap ssl )" - -LIB_DEPEND=" - ldns? ( - net-libs/ldns[static-libs(+)] - !bindist? ( net-libs/ldns[ecdsa,ssl] ) - bindist? ( net-libs/ldns[-ecdsa,ssl] ) - ) - libedit? ( dev-libs/libedit[static-libs(+)] ) - libseccomp? ( sys-libs/libseccomp ) - sctp? ( net-misc/lksctp-tools[static-libs(+)] ) - selinux? ( >=sys-libs/libselinux-1.28[static-libs(+)] ) - skey? ( >=sys-auth/skey-1.1.5-r1[static-libs(+)] ) - ssl? ( - !libressl? ( - >=dev-libs/openssl-0.9.8f:0[bindist=] - dev-libs/openssl:0[static-libs(+)] - ) - libressl? ( dev-libs/libressl[static-libs(+)] ) - ) - >=sys-libs/zlib-1.2.3[static-libs(+)]" -RDEPEND=" - !static? ( ${LIB_DEPEND//\[static-libs(+)]} ) - pam? ( virtual/pam ) - kerberos? ( virtual/krb5 ) - ldap? ( net-nds/openldap )" -DEPEND="${RDEPEND} - static? ( ${LIB_DEPEND} ) - virtual/pkgconfig - virtual/os-headers - sys-devel/autoconf" -RDEPEND="${RDEPEND} - pam? ( >=sys-auth/pambase-20081028 ) - userland_GNU? ( virtual/shadow ) - X? ( x11-apps/xauth )" - -S=${WORKDIR}/${PARCH} - -pkg_setup() { - # this sucks, but i'd rather have people unable to `emerge -u openssh` - # than not be able to log in to their server any more - maybe_fail() { [[ -z ${!2} ]] && echo "$1" ; } - local fail=" - $(use X509 && maybe_fail X509 X509_PATCH) - $(use ldap && maybe_fail ldap LDAP_PATCH) - $(use hpn && maybe_fail hpn HPN_PATCH) - " - fail=$(echo ${fail}) - if [[ -n ${fail} ]] ; then - eerror "Sorry, but this version does not yet support features" - eerror "that you requested: ${fail}" - eerror "Please mask ${PF} for now and check back later:" - eerror " # echo '=${CATEGORY}/${PF}' >> /etc/portage/package.mask" - die "This version of OpenSSH does not yet have all previous functionality enabled" - fi - - # Make sure people who are using tcp wrappers are notified of its removal. #531156 - if grep -qs '^ *sshd *:' "${EROOT}"/etc/hosts.{allow,deny} ; then - ewarn "Sorry, but openssh no longer supports tcp-wrappers, and it seems like" - ewarn "you're trying to use it. Update your ${EROOT}etc/hosts.{allow,deny} please." - fi -} - -save_version() { - # version.h patch conflict avoidence - mv version.h version.h.$1 - cp -f version.h.pristine version.h -} - -src_prepare() { - sed -i \ - -e "/_PATH_XAUTH/s:/usr/X11R6/bin/xauth:${EPREFIX}/usr/bin/xauth:" \ - pathnames.h || die - # keep this as we need it to avoid the conflict between LPK and HPN changing - # this file. - cp version.h version.h.pristine - - # don't break .ssh/authorized_keys2 for fun - sed -i '/^AuthorizedKeysFile/s:^:#:' sshd_config || die - - if use libseccomp; then - epatch "${FILESDIR}"/${PN}-6.9_p1-libseccomp.patch - fi - if use X509 ; then - pushd .. >/dev/null - if use hpn ; then - pushd ${HPN_PATCH%.*.*} >/dev/null - epatch "${FILESDIR}"/${PN}-7.1_p1-hpn-x509-glue.patch - popd >/dev/null - fi - epatch "${FILESDIR}"/${PN}-7.2_p1-sctp-x509-glue.patch - popd >/dev/null - epatch "${WORKDIR}"/${X509_PATCH%.*} - #epatch "${FILESDIR}"/${PN}-7.1_p2-x509-hpn14v10-glue.patch - epatch "${FILESDIR}"/${PN}-7.2_p1-x509-warnings.patch - #save_version X509 - fi - if use ldap ; then - epatch "${WORKDIR}"/${LDAP_PATCH%.*} - save_version LPK - fi - epatch "${FILESDIR}"/${PN}-7.2_p1-GSSAPI-dns.patch #165444 integrated into gsskex - epatch "${FILESDIR}"/${PN}-6.7_p1-openssl-ignore-status.patch - epatch "${WORKDIR}"/${PN}-7.2_p1-sctp.patch - if use hpn ; then - EPATCH_FORCE="yes" EPATCH_SUFFIX="patch" \ - EPATCH_MULTI_MSG="Applying HPN patchset ..." \ - epatch "${WORKDIR}"/${HPN_PATCH%.*.*} - save_version HPN - fi - - tc-export PKG_CONFIG - local sed_args=( - -e "s:-lcrypto:$(${PKG_CONFIG} --libs openssl):" - # Disable PATH reset, trust what portage gives us #254615 - -e 's:^PATH=/:#PATH=/:' - # Disable fortify flags ... our gcc does this for us - -e 's:-D_FORTIFY_SOURCE=2::' - ) - # The -ftrapv flag ICEs on hppa #505182 - use hppa && sed_args+=( - -e '/CFLAGS/s:-ftrapv:-fdisable-this-test:' - -e '/OSSH_CHECK_CFLAG_LINK.*-ftrapv/d' - ) - sed -i "${sed_args[@]}" configure{.ac,} || die - - epatch_user #473004 - - # Now we can build a sane merged version.h - ( - sed '/^#define SSH_RELEASE/d' version.h.* | sort -u - macros=() - for p in HPN LPK X509 ; do [ -e version.h.${p} ] && macros+=( SSH_${p} ) ; done - printf '#define SSH_RELEASE SSH_VERSION SSH_PORTABLE %s\n' "${macros}" - ) > version.h - - eautoreconf -} - -src_configure() { - addwrite /dev/ptmx - - use debug && append-cppflags -DSANDBOX_SECCOMP_FILTER_DEBUG - use static && append-ldflags -static - - local myconf=( - --with-ldflags="${LDFLAGS}" - --disable-strip - --with-pid-dir="${EPREFIX}"/var/run - --sysconfdir="${EPREFIX}"/etc/ssh - --libexecdir="${EPREFIX}"/usr/$(get_libdir)/misc - --datadir="${EPREFIX}"/usr/share/openssh - --with-privsep-path="${EPREFIX}"/var/empty - --with-privsep-user=sshd - $(use_with kerberos kerberos5 "${EPREFIX}"/usr) - # We apply the ldap patch conditionally, so can't pass --without-ldap - # unconditionally else we get unknown flag warnings. - $(use ldap && use_with ldap) - $(use_with ldns) - $(use_with libedit) - $(use_with pam) - $(use_with pie) - $(use_with sctp) - $(use_with selinux) - $(use_with skey) - $(use_with ssh1) - $(use_with ssl openssl) - $(use_with ssl md5-passwords) - $(use_with ssl ssl-engine) - $(use_with libseccomp sandbox libseccomp_filter) - ) - - # The seccomp sandbox is broken on x32, so use the older method for now. #553748 - if use abi_x86_x32 && ! use libseccomp; then - ewarn "The default 'seccomp' sandbox does not work correctly on x32, and so - without" - ewarn "experimental libseccomp support at least - it is required that this build" - ewarn "fallback to the basic 'rlimit' sandbox, where a child process is prevented from" - ewarn "forking or opening new network connections by having setrlimit() called to reset" - ewarn "its hard-limit of file descriptors and processes to zero. As such, this is a" - ewarn "very basic fallback choice where no better alternative is available." - myconf+=( --with-sandbox=rlimit ) - fi - - econf "${myconf[@]}" -} - -src_install() { - emake install-nokeys DESTDIR="${D}" - fperms 600 /etc/ssh/sshd_config - dobin contrib/ssh-copy-id - newinitd "${FILESDIR}"/sshd.rc6.4 sshd - newconfd "${FILESDIR}"/sshd.confd sshd - keepdir /var/empty - - newpamd "${FILESDIR}"/sshd.pam_include.2 sshd - if use pam ; then - sed -i \ - -e "/^#UsePAM /s:.*:UsePAM yes:" \ - -e "/^#PasswordAuthentication /s:.*:PasswordAuthentication no:" \ - -e "/^#PrintMotd /s:.*:PrintMotd no:" \ - -e "/^#PrintLastLog /s:.*:PrintLastLog no:" \ - "${ED}"/etc/ssh/sshd_config || die - fi - - # Gentoo tweaks to default config files - cat <<-EOF >> "${ED}"/etc/ssh/sshd_config - - # Allow client to pass locale environment variables #367017 - AcceptEnv LANG LC_* - EOF - cat <<-EOF >> "${ED}"/etc/ssh/ssh_config - - # Send locale environment variables #367017 - SendEnv LANG LC_* - EOF - - # Allow root password logins for live-cds - if use livecd ; then - sed -i \ - -e "/PermitRootLogin/c\\ -\\ -# By popular demand, we're allowing root login with password on livecds\\ -PermitRootLogin Yes\\ -" "${ED}"/etc/ssh/sshd_config - fi - - if ! use X509 && [[ -n ${LDAP_PATCH} ]] && use ldap ; then - insinto /etc/openldap/schema/ - newins openssh-lpk_openldap.schema openssh-lpk.schema - fi - - doman contrib/ssh-copy-id.1 - dodoc ChangeLog CREDITS OVERVIEW README* TODO sshd_config - - diropts -m 0700 - dodir /etc/skel/.ssh - - systemd_dounit "${FILESDIR}"/sshd.{service,socket} - systemd_newunit "${FILESDIR}"/sshd_at.service 'sshd@.service' -} - -src_test() { - local t tests skipped failed passed shell - tests="interop-tests compat-tests" - skipped="" - shell=$(egetshell ${UID}) - if [[ ${shell} == */nologin ]] || [[ ${shell} == */false ]] ; then - elog "Running the full OpenSSH testsuite" - elog "requires a usable shell for the 'portage'" - elog "user, so we will run a subset only." - skipped="${skipped} tests" - else - tests="${tests} tests" - fi - # It will also attempt to write to the homedir .ssh - local sshhome=${T}/homedir - mkdir -p "${sshhome}"/.ssh - for t in ${tests} ; do - # Some tests read from stdin ... - HOMEDIR="${sshhome}" \ - emake -k -j1 ${t} </dev/null \ - && passed="${passed}${t} " \ - || failed="${failed}${t} " - done - einfo "Passed tests: ${passed}" - ewarn "Skipped tests: ${skipped}" - if [[ -n ${failed} ]] ; then - ewarn "Failed tests: ${failed}" - die "Some tests failed: ${failed}" - else - einfo "Failed tests: ${failed}" - return 0 - fi -} - -pkg_preinst() { - enewgroup sshd 22 - enewuser sshd 22 -1 /var/empty sshd -} - -pkg_postinst() { - if has_version "<${CATEGORY}/${PN}-5.8_p1" ; then - elog "Starting with openssh-5.8p1, the server will default to a newer key" - elog "algorithm (ECDSA). You are encouraged to manually update your stored" - elog "keys list as servers update theirs. See ssh-keyscan(1) for more info." - fi - if has_version "<${CATEGORY}/${PN}-6.9_p1" ; then - elog "Starting with openssh-6.9p1, ssh1 support is disabled by default." - fi - if has_version "<${CATEGORY}/${PN}-7.0_p1" ; then - elog "Starting with openssh-6.7, support for USE=tcpd has been dropped by upstream." - elog "Make sure to update any configs that you might have. Note that xinetd might" - elog "be an alternative for you as it supports USE=tcpd." - fi - if has_version "<${CATEGORY}/${PN}-7.1_p1" ; then #557388 #555518 - elog "Starting with openssh-7.0, support for ssh-dss keys were disabled due to their" - elog "weak sizes. If you rely on these key types, you can re-enable the key types by" - elog "adding to your sshd_config or ~/.ssh/config files:" - elog " PubkeyAcceptedKeyTypes=+ssh-dss" - elog "You should however generate new keys using rsa or ed25519." - - elog "Starting with openssh-7.0, the default for PermitRootLogin changed from 'yes'" - elog "to 'prohibit-password'. That means password auth for root users no longer works" - elog "out of the box. If you need this, please update your sshd_config explicitly." - fi - if ! use ssl && has_version "${CATEGORY}/${PN}[ssl]" ; then - elog "Be aware that by disabling openssl support in openssh, the server and clients" - elog "no longer support dss/rsa/ecdsa keys. You will need to generate ed25519 keys" - elog "and update all clients/servers that utilize them." - fi -} diff --git a/net-misc/openssh/openssh-7.2_p2.ebuild b/net-misc/openssh/openssh-7.2_p2.ebuild deleted file mode 100644 index 56399367..00000000 --- a/net-misc/openssh/openssh-7.2_p2.ebuild +++ /dev/null @@ -1,341 +0,0 @@ -# Copyright 1999-2016 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 -# $Id: 62f1026c91950fdaec3f2989a4650c750d5fee16 $ - -EAPI="5" - -inherit eutils user flag-o-matic multilib autotools pam systemd versionator - -# Make it more portable between straight releases -# and _p? releases. -PARCH=${P/_} - -#HPN_PATCH="${PARCH}-hpnssh14v10.tar.xz" -LDAP_PATCH="${PN}-lpk-7.2p2-0.3.14.patch.xz" -X509_VER="8.9" X509_PATCH="${PN}-${PV/_}+x509-${X509_VER}.diff.gz" - -DESCRIPTION="Port of OpenBSD's free SSH release" -HOMEPAGE="http://www.openssh.org/" -SRC_URI="mirror://openbsd/OpenSSH/portable/${PARCH}.tar.gz - mirror://gentoo/${PN}-7.2_p1-sctp.patch.xz - ${HPN_PATCH:+hpn? ( - mirror://gentoo/${HPN_PATCH} - mirror://sourceforge/hpnssh/${HPN_PATCH} - )} - ${LDAP_PATCH:+ldap? ( mirror://gentoo/${LDAP_PATCH} )} - ${X509_PATCH:+X509? ( http://roumenpetrov.info/openssh/x509-${X509_VER}/${X509_PATCH} )} - " - -LICENSE="BSD GPL-2" -SLOT="0" -KEYWORDS="alpha amd64 arm arm64 hppa ia64 m68k ~mips ppc ppc64 s390 sh sparc x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~arm-linux ~x86-linux" -[[ -z "${HPN_PATCH}" || -z "${LDAP_PATCH}" || -z "${X509_PATCH}" ]] && \ - { KEYWORDS="~${KEYWORDS// / ~}" ; KEYWORDS="${KEYWORDS//~~/~}" ; } - -# Probably want to drop ssl defaulting to on in a future version. -IUSE="bindist debug ${HPN_PATCH:++}hpn kerberos ldap ldns libedit libressl -libseccomp pam +pie sctp selinux skey ssh1 +ssl static X X509 abi_x86_x32" -REQUIRED_USE="ldns? ( ssl ) - pie? ( !static ) - ssh1? ( ssl ) - static? ( !kerberos !pam ) - X509? ( !ldap ssl )" - -LIB_DEPEND=" - ldns? ( - net-libs/ldns[static-libs(+)] - !bindist? ( net-libs/ldns[ecdsa,ssl] ) - bindist? ( net-libs/ldns[-ecdsa,ssl] ) - ) - libedit? ( dev-libs/libedit[static-libs(+)] ) - libseccomp? ( sys-libs/libseccomp ) - sctp? ( net-misc/lksctp-tools[static-libs(+)] ) - selinux? ( >=sys-libs/libselinux-1.28[static-libs(+)] ) - skey? ( >=sys-auth/skey-1.1.5-r1[static-libs(+)] ) - ssl? ( - !libressl? ( - >=dev-libs/openssl-0.9.8f:0[bindist=] - dev-libs/openssl:0[static-libs(+)] - ) - libressl? ( dev-libs/libressl[static-libs(+)] ) - ) - >=sys-libs/zlib-1.2.3[static-libs(+)]" -RDEPEND=" - !static? ( ${LIB_DEPEND//\[static-libs(+)]} ) - pam? ( virtual/pam ) - kerberos? ( virtual/krb5 ) - ldap? ( net-nds/openldap )" -DEPEND="${RDEPEND} - static? ( ${LIB_DEPEND} ) - virtual/pkgconfig - virtual/os-headers - sys-devel/autoconf" -RDEPEND="${RDEPEND} - pam? ( >=sys-auth/pambase-20081028 ) - userland_GNU? ( virtual/shadow ) - X? ( x11-apps/xauth )" - -S=${WORKDIR}/${PARCH} - -pkg_setup() { - # this sucks, but i'd rather have people unable to `emerge -u openssh` - # than not be able to log in to their server any more - maybe_fail() { [[ -z ${!2} ]] && echo "$1" ; } - local fail=" - $(use X509 && maybe_fail X509 X509_PATCH) - $(use ldap && maybe_fail ldap LDAP_PATCH) - $(use hpn && maybe_fail hpn HPN_PATCH) - " - fail=$(echo ${fail}) - if [[ -n ${fail} ]] ; then - eerror "Sorry, but this version does not yet support features" - eerror "that you requested: ${fail}" - eerror "Please mask ${PF} for now and check back later:" - eerror " # echo '=${CATEGORY}/${PF}' >> /etc/portage/package.mask" - die "This version of OpenSSH does not yet have all previous functionality enabled" - fi - - # Make sure people who are using tcp wrappers are notified of its removal. #531156 - if grep -qs '^ *sshd *:' "${EROOT}"/etc/hosts.{allow,deny} ; then - ewarn "Sorry, but openssh no longer supports tcp-wrappers, and it seems like" - ewarn "you're trying to use it. Update your ${EROOT}etc/hosts.{allow,deny} please." - fi -} - -save_version() { - # version.h patch conflict avoidence - mv version.h version.h.$1 - cp -f version.h.pristine version.h -} - -src_prepare() { - sed -i \ - -e "/_PATH_XAUTH/s:/usr/X11R6/bin/xauth:${EPREFIX}/usr/bin/xauth:" \ - pathnames.h || die - # keep this as we need it to avoid the conflict between LPK and HPN changing - # this file. - cp version.h version.h.pristine - - # don't break .ssh/authorized_keys2 for fun - sed -i '/^AuthorizedKeysFile/s:^:#:' sshd_config || die - - if use libseccomp; then - epatch "${FILESDIR}"/${PN}-6.9_p1-libseccomp.patch - fi - if use X509 ; then - pushd .. >/dev/null - if use hpn ; then - pushd ${HPN_PATCH%.*.*} >/dev/null - epatch "${FILESDIR}"/${PN}-7.1_p1-hpn-x509-glue.patch - popd >/dev/null - fi - epatch "${FILESDIR}"/${PN}-7.2_p1-sctp-x509-glue.patch - popd >/dev/null - epatch "${WORKDIR}"/${X509_PATCH%.*} - #epatch "${FILESDIR}"/${PN}-7.1_p2-x509-hpn14v10-glue.patch - epatch "${FILESDIR}"/${PN}-7.2_p1-x509-warnings.patch - #save_version X509 - fi - if use ldap ; then - epatch "${WORKDIR}"/${LDAP_PATCH%.*} - save_version LPK - fi - epatch "${FILESDIR}"/${PN}-7.2_p1-GSSAPI-dns.patch #165444 integrated into gsskex - epatch "${FILESDIR}"/${PN}-6.7_p1-openssl-ignore-status.patch - epatch "${WORKDIR}"/${PN}-7.2_p1-sctp.patch - if use hpn ; then - EPATCH_FORCE="yes" EPATCH_SUFFIX="patch" \ - EPATCH_MULTI_MSG="Applying HPN patchset ..." \ - epatch "${WORKDIR}"/${HPN_PATCH%.*.*} - save_version HPN - fi - - tc-export PKG_CONFIG - local sed_args=( - -e "s:-lcrypto:$(${PKG_CONFIG} --libs openssl):" - # Disable PATH reset, trust what portage gives us #254615 - -e 's:^PATH=/:#PATH=/:' - # Disable fortify flags ... our gcc does this for us - -e 's:-D_FORTIFY_SOURCE=2::' - ) - # The -ftrapv flag ICEs on hppa #505182 - use hppa && sed_args+=( - -e '/CFLAGS/s:-ftrapv:-fdisable-this-test:' - -e '/OSSH_CHECK_CFLAG_LINK.*-ftrapv/d' - ) - sed -i "${sed_args[@]}" configure{.ac,} || die - - epatch_user #473004 - - # Now we can build a sane merged version.h - ( - sed '/^#define SSH_RELEASE/d' version.h.* | sort -u - macros=() - for p in HPN LPK X509 ; do [ -e version.h.${p} ] && macros+=( SSH_${p} ) ; done - printf '#define SSH_RELEASE SSH_VERSION SSH_PORTABLE %s\n' "${macros}" - ) > version.h - - eautoreconf -} - -src_configure() { - addwrite /dev/ptmx - - use debug && append-cppflags -DSANDBOX_SECCOMP_FILTER_DEBUG - use static && append-ldflags -static - - local myconf=( - --with-ldflags="${LDFLAGS}" - --disable-strip - --with-pid-dir="${EPREFIX}"/var/run - --sysconfdir="${EPREFIX}"/etc/ssh - --libexecdir="${EPREFIX}"/usr/$(get_libdir)/misc - --datadir="${EPREFIX}"/usr/share/openssh - --with-privsep-path="${EPREFIX}"/var/empty - --with-privsep-user=sshd - $(use_with kerberos kerberos5 "${EPREFIX}"/usr) - # We apply the ldap patch conditionally, so can't pass --without-ldap - # unconditionally else we get unknown flag warnings. - $(use ldap && use_with ldap) - $(use_with ldns) - $(use_with libedit) - $(use_with pam) - $(use_with pie) - $(use_with sctp) - $(use_with selinux) - $(use_with skey) - $(use_with ssh1) - $(use_with ssl openssl) - $(use_with ssl md5-passwords) - $(use_with ssl ssl-engine) - $(use_with libseccomp sandbox libseccomp_filter) - ) - - # The seccomp sandbox is broken on x32, so use the older method for now. #553748 - if use abi_x86_x32 && ! use libseccomp; then - ewarn "The default 'seccomp' sandbox does not work correctly on x32, and so - without" - ewarn "experimental libseccomp support at least - it is required that this build" - ewarn "fallback to the basic 'rlimit' sandbox, where a child process is prevented from" - ewarn "forking or opening new network connections by having setrlimit() called to reset" - ewarn "its hard-limit of file descriptors and processes to zero. As such, this is a" - ewarn "very basic fallback choice where no better alternative is available." - myconf+=( --with-sandbox=rlimit ) - fi - - econf "${myconf[@]}" -} - -src_install() { - emake install-nokeys DESTDIR="${D}" - fperms 600 /etc/ssh/sshd_config - dobin contrib/ssh-copy-id - newinitd "${FILESDIR}"/sshd.rc6.4 sshd - newconfd "${FILESDIR}"/sshd.confd sshd - keepdir /var/empty - - newpamd "${FILESDIR}"/sshd.pam_include.2 sshd - if use pam ; then - sed -i \ - -e "/^#UsePAM /s:.*:UsePAM yes:" \ - -e "/^#PasswordAuthentication /s:.*:PasswordAuthentication no:" \ - -e "/^#PrintMotd /s:.*:PrintMotd no:" \ - -e "/^#PrintLastLog /s:.*:PrintLastLog no:" \ - "${ED}"/etc/ssh/sshd_config || die - fi - - # Gentoo tweaks to default config files - cat <<-EOF >> "${ED}"/etc/ssh/sshd_config - - # Allow client to pass locale environment variables #367017 - AcceptEnv LANG LC_* - EOF - cat <<-EOF >> "${ED}"/etc/ssh/ssh_config - - # Send locale environment variables #367017 - SendEnv LANG LC_* - EOF - - if ! use X509 && [[ -n ${LDAP_PATCH} ]] && use ldap ; then - insinto /etc/openldap/schema/ - newins openssh-lpk_openldap.schema openssh-lpk.schema - fi - - doman contrib/ssh-copy-id.1 - dodoc ChangeLog CREDITS OVERVIEW README* TODO sshd_config - - diropts -m 0700 - dodir /etc/skel/.ssh - - systemd_dounit "${FILESDIR}"/sshd.{service,socket} - systemd_newunit "${FILESDIR}"/sshd_at.service 'sshd@.service' -} - -src_test() { - local t tests skipped failed passed shell - tests="interop-tests compat-tests" - skipped="" - shell=$(egetshell ${UID}) - if [[ ${shell} == */nologin ]] || [[ ${shell} == */false ]] ; then - elog "Running the full OpenSSH testsuite" - elog "requires a usable shell for the 'portage'" - elog "user, so we will run a subset only." - skipped="${skipped} tests" - else - tests="${tests} tests" - fi - # It will also attempt to write to the homedir .ssh - local sshhome=${T}/homedir - mkdir -p "${sshhome}"/.ssh - for t in ${tests} ; do - # Some tests read from stdin ... - HOMEDIR="${sshhome}" \ - emake -k -j1 ${t} </dev/null \ - && passed="${passed}${t} " \ - || failed="${failed}${t} " - done - einfo "Passed tests: ${passed}" - ewarn "Skipped tests: ${skipped}" - if [[ -n ${failed} ]] ; then - ewarn "Failed tests: ${failed}" - die "Some tests failed: ${failed}" - else - einfo "Failed tests: ${failed}" - return 0 - fi -} - -pkg_preinst() { - enewgroup sshd 22 - enewuser sshd 22 -1 /var/empty sshd -} - -pkg_postinst() { - if has_version "<${CATEGORY}/${PN}-5.8_p1" ; then - elog "Starting with openssh-5.8p1, the server will default to a newer key" - elog "algorithm (ECDSA). You are encouraged to manually update your stored" - elog "keys list as servers update theirs. See ssh-keyscan(1) for more info." - fi - if has_version "<${CATEGORY}/${PN}-6.9_p1" ; then - elog "Starting with openssh-6.9p1, ssh1 support is disabled by default." - fi - if has_version "<${CATEGORY}/${PN}-7.0_p1" ; then - elog "Starting with openssh-6.7, support for USE=tcpd has been dropped by upstream." - elog "Make sure to update any configs that you might have. Note that xinetd might" - elog "be an alternative for you as it supports USE=tcpd." - fi - if has_version "<${CATEGORY}/${PN}-7.1_p1" ; then #557388 #555518 - elog "Starting with openssh-7.0, support for ssh-dss keys were disabled due to their" - elog "weak sizes. If you rely on these key types, you can re-enable the key types by" - elog "adding to your sshd_config or ~/.ssh/config files:" - elog " PubkeyAcceptedKeyTypes=+ssh-dss" - elog "You should however generate new keys using rsa or ed25519." - - elog "Starting with openssh-7.0, the default for PermitRootLogin changed from 'yes'" - elog "to 'prohibit-password'. That means password auth for root users no longer works" - elog "out of the box. If you need this, please update your sshd_config explicitly." - fi - if ! use ssl && has_version "${CATEGORY}/${PN}[ssl]" ; then - elog "Be aware that by disabling openssl support in openssh, the server and clients" - elog "no longer support dss/rsa/ecdsa keys. You will need to generate ed25519 keys" - elog "and update all clients/servers that utilize them." - fi -} diff --git a/net-misc/openssh/openssh-7.5_p1-r4.ebuild b/net-misc/openssh/openssh-7.5_p1-r4.ebuild index a30722e8..377d249c 100644 --- a/net-misc/openssh/openssh-7.5_p1-r4.ebuild +++ b/net-misc/openssh/openssh-7.5_p1-r4.ebuild @@ -131,6 +131,7 @@ src_prepare() { epatch "${FILESDIR}"/${PN}-7.5_p1-GSSAPI-dns.patch #165444 integrated into gsskex epatch "${FILESDIR}"/${PN}-6.7_p1-openssl-ignore-status.patch + epatch "${FILESDIR}"/${PN}-7.5_p1-disable-conch-interop-tests.patch epatch "${FILESDIR}"/${PN}-7.5_p1-cross-cache.patch epatch "${FILESDIR}"/${PN}-7.5_p1-CVE-2017-15906.patch use X509 || epatch "${FILESDIR}"/${PN}-7.5_p1-s390-seccomp.patch # already included in X509 patch set, #644252 |