Fixes from upstream for pkcs build problems #310929 by Alan Hourihane and for relative AuthorizedKeysFile handling #308939 by Eric Vander Weele.

(Portage version: 2.2_rc67/cvs/Linux x86_64)

2 files changed, 86 insertions, 0 deletions

diff --git a/net-misc/openssh/files/openssh-5.4_p1-pkcs11.patch b/net-misc/openssh/files/openssh-5.4_p1-pkcs11.patch
new file mode 100644
index 000000000000..08fad078c436
--- /dev/null
+++ b/net-misc/openssh/files/openssh-5.4_p1-pkcs11.patch
@@ -0,0 +1,39 @@
+fixes from upstream
+
+https://bugzilla.mindrot.org/show_bug.cgi?id=1737
+https://bugzilla.mindrot.org/show_bug.cgi?id=1738
+
+http://bugs.gentoo.org/310929
+
+--- ssh-pkcs11-helper.c
++++ ssh-pkcs11-helper.c
+@@ -17,8 +17,6 @@
+ 
+ #include "includes.h"
+ 
+-#ifdef ENABLE_PKCS11
+-
+ #include <sys/types.h>
+ #ifdef HAVE_SYS_TIME_H
+ # include <sys/time.h>
+@@ -39,6 +37,8 @@
+ #include "authfd.h"
+ #include "ssh-pkcs11.h"
+ 
++#ifdef ENABLE_PKCS11
++
+ /* borrows code from sftp-server and ssh-agent */
+ 
+ struct pkcs11_keyinfo {
+--- Makefile.in
++++ Makefile.in
+@@ -160,7 +160,7 @@
+ 	$(LD) -o $@ ssh-keysign.o readconf.o roaming_dummy.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS)
+ 
+ ssh-pkcs11-helper$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-pkcs11-helper.o ssh-pkcs11.o
+-	$(LD) -o $@ ssh-pkcs11-helper.o ssh-pkcs11.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS)
++	$(LD) -o $@ ssh-pkcs11-helper.o ssh-pkcs11.o $(LDFLAGS) -lssh -lopenbsd-compat -lssh $(LIBS)
+ 
+ ssh-keyscan$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-keyscan.o roaming_dummy.o
+ 	$(LD) -o $@ ssh-keyscan.o roaming_dummy.o $(LDFLAGS) -lssh -lopenbsd-compat -lssh $(LIBS)
+
diff --git a/net-misc/openssh/files/openssh-5.4_p1-relative-AuthorizedKeysFile.patch b/net-misc/openssh/files/openssh-5.4_p1-relative-AuthorizedKeysFile.patch
new file mode 100644
index 000000000000..cc992ab751d6
--- /dev/null
+++ b/net-misc/openssh/files/openssh-5.4_p1-relative-AuthorizedKeysFile.patch
@@ -0,0 +1,47 @@
+grab fixes from upstream for relative AuthorizedKeysFile handling
+
+https://bugs.gentoo.org/308939
+
+Author: djm <djm>
+Date:   Sun Mar 21 18:53:04 2010 +0000
+
+       - markus@cvs.openbsd.org 2010/03/12 11:37:40
+         [servconf.c]
+         do not prepend AuthorizedKeysFile with getcwd(), unbreaks relative paths
+
+Author: djm <djm>
+Date:   Sun Mar 21 18:52:26 2010 +0000
+
+       - djm@cvs.openbsd.org 2010/03/12 01:06:25
+         [servconf.c]
+         unbreak AuthorizedKeys option with a $HOME-relative path; reported by
+         vinschen AT redhat.com, ok dtucker@
+
+
+Index: servconf.c
+===================================================================
+RCS file: /cvs/src/usr.bin/ssh/servconf.c,v
+retrieving revision 1.204
+retrieving revision 1.206
+diff -N -u -p -r1.204 -r1.206
+--- servconf.c	4 Mar 2010 10:36:03 -0000	1.204
++++ servconf.c	12 Mar 2010 11:37:40 -0000	1.206
+@@ -1180,7 +1180,17 @@ process_server_config_line(ServerOptions *options, cha
+ 		charptr = (opcode == sAuthorizedKeysFile) ?
+ 		    &options->authorized_keys_file :
+ 		    &options->authorized_keys_file2;
+-		goto parse_filename;
++		arg = strdelim(&cp);
++		if (!arg || *arg == '\0')
++			fatal("%s line %d: missing file name.",
++			    filename, linenum);
++		if (*activep && *charptr == NULL) {
++			*charptr = tilde_expand_filename(arg, getuid());
++			/* increase optional counter */
++			if (intptr != NULL)
++				*intptr = *intptr + 1;
++		}
++		break;
+ 
+ 	case sClientAliveInterval:
+ 		intptr = &options->client_alive_interval;