summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDaniel Ahlberg <aliz@gentoo.org>2004-04-21 11:46:05 +0000
committerDaniel Ahlberg <aliz@gentoo.org>2004-04-21 11:46:05 +0000
commit2b513ae1e3131cdf385eb147c1046b283529dd9d (patch)
treebb25b01bf761325ae2d5a474ce83aa617da69f02 /net-misc/openssh
parent~amd64 (Manifest recommit) (diff)
downloadgentoo-2-2b513ae1e3131cdf385eb147c1046b283529dd9d.tar.gz
gentoo-2-2b513ae1e3131cdf385eb147c1046b283529dd9d.tar.bz2
gentoo-2-2b513ae1e3131cdf385eb147c1046b283529dd9d.zip
Closing #48465.
Diffstat (limited to 'net-misc/openssh')
-rw-r--r--net-misc/openssh/ChangeLog7
-rw-r--r--net-misc/openssh/Manifest2
-rw-r--r--net-misc/openssh/files/digest-openssh-3.8.1_p12
-rw-r--r--net-misc/openssh/files/openssh-3.8.1_p1-chroot.patch74
-rw-r--r--net-misc/openssh/files/openssh-3.8.1_p1-kerberos.patch19
-rw-r--r--net-misc/openssh/files/openssh-3.8.1_p1-resolv_functions.patch12
-rw-r--r--net-misc/openssh/files/openssh-3.8.1_p1-skey.patch11
-rw-r--r--net-misc/openssh/openssh-3.8.1_p1.ebuild130
8 files changed, 256 insertions, 1 deletions
diff --git a/net-misc/openssh/ChangeLog b/net-misc/openssh/ChangeLog
index 099fa3c875be..2abb75864c72 100644
--- a/net-misc/openssh/ChangeLog
+++ b/net-misc/openssh/ChangeLog
@@ -1,6 +1,11 @@
# ChangeLog for net-misc/openssh
# Copyright 2002-2004 Gentoo Technologies, Inc.; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/net-misc/openssh/ChangeLog,v 1.77 2004/04/13 12:39:42 aliz Exp $
+# $Header: /var/cvsroot/gentoo-x86/net-misc/openssh/ChangeLog,v 1.78 2004/04/21 11:46:05 aliz Exp $
+
+*openssh-3.8.1_p1 (21 Apr 2004)
+
+ 21 Apr 2004; Daniel Ahlberg <aliz@gentoo.org> openssh-3.8.1_p1.ebuild:
+ Version bump. Found by Daniel Webert <daniel_webert@web.de> in #48465.
13 Apr 2004; Daniel Ahlberg <aliz@gentoo.org> openssh-3.7.1_p2-r2.ebuild,
openssh-3.8_p1.ebuild:
diff --git a/net-misc/openssh/Manifest b/net-misc/openssh/Manifest
index 21e2e3fd5ca2..f292d22d7281 100644
--- a/net-misc/openssh/Manifest
+++ b/net-misc/openssh/Manifest
@@ -1,4 +1,5 @@
MD5 390005dbb08f77ebbacd2371466609db openssh-3.7.1_p2-r1.ebuild 4108
+MD5 14a1d898442c82de87c6740bb396a4d0 openssh-3.8.1_p1.ebuild 4218
MD5 2ad4dcf698a176e6ff1f94c9e5816882 openssh-3.7.1_p2-r2.ebuild 4618
MD5 1acfc14089fb63782fb38965af6ee2c0 ChangeLog 12043
MD5 0feff9b09e482567359625301bddce1c metadata.xml 1329
@@ -9,6 +10,7 @@ MD5 2cb187d8f60994c5e1b5fef2bcb6e85d files/openssh-3.5_p1-gentoo-sshd-gcc3.patch
MD5 e62c6cfae268e95fb406080c91713c1a files/digest-openssh-3.8_p1 138
MD5 9e179b1c0e3a139a5a9067c6e5bd6595 files/openssh-3.7.1_p1-selinux.diff 3389
MD5 8f72054fc8c55107b5bf7ce13a8ad083 files/openssh-3.8_p1-chroot.patch 2884
+MD5 ee5b02cd561b09529e452aaf55ddbad7 files/digest-openssh-3.8.1_p1 140
MD5 8f72054fc8c55107b5bf7ce13a8ad083 files/openssh-3.7.1_p2-chroot.patch 2884
MD5 b31110303673214476c57e1bed28e1ce files/openssh-skeychallenge-args.diff 925
MD5 9b53f18685eeb54c381c9bd11b9b80cc files/openssh-3.7.1_p2-skey.patch 326
diff --git a/net-misc/openssh/files/digest-openssh-3.8.1_p1 b/net-misc/openssh/files/digest-openssh-3.8.1_p1
new file mode 100644
index 000000000000..cd617bdc86c0
--- /dev/null
+++ b/net-misc/openssh/files/digest-openssh-3.8.1_p1
@@ -0,0 +1,2 @@
+MD5 1dbfd40ae683f822ae917eebf171ca42 openssh-3.8.1p1.tar.gz 817932
+MD5 de6735cdee8a0aa1eeba0960d58d0130 openssh-3.8p1+x509g4.diff.gz 130727
diff --git a/net-misc/openssh/files/openssh-3.8.1_p1-chroot.patch b/net-misc/openssh/files/openssh-3.8.1_p1-chroot.patch
new file mode 100644
index 000000000000..13625995a88e
--- /dev/null
+++ b/net-misc/openssh/files/openssh-3.8.1_p1-chroot.patch
@@ -0,0 +1,74 @@
+################################################################################
+################################################################################
+# #
+# Original patch by Ricardo Cerqueira <rmcc@clix.pt> #
+# #
+# Updated by James Dennis <james@firstaidmusic.com> for openssh-3.7.1p2 #
+# #
+# A patch to cause sshd to chroot when it encounters the magic token #
+# '/./' in a users home directory. The directory portion before the #
+# token is the directory to chroot() to, the portion after the #
+# token is the user's home directory relative to the new root. #
+# #
+# Patch source using: patch -p0 < /path/to/patch #
+# #
+# Systems with a bad diff (doesn't understand -u or -N) should use gnu diff. #
+# Solaris may store this as gdiff under /opt/sfw/bin. I can't say much about #
+# other systems (unless you email me your experiences!). #
+# #
+################################################################################
+################################################################################
+
+diff -uNr openssh-3.7.1p2/session.c openssh-3.7.1p2-chroot/session.c
+--- openssh-3.7.1p2/session.c Tue Sep 23 04:59:08 2003
++++ openssh-3.7.1p2-chroot/session.c Fri Sep 26 13:42:52 2003
+@@ -58,6 +58,8 @@
+ #include "session.h"
+ #include "monitor_wrap.h"
+
++#define CHROOT
++
+ #ifdef GSSAPI
+ #include "ssh-gss.h"
+ #endif
+@@ -1231,6 +1233,12 @@
+ void
+ do_setusercontext(struct passwd *pw)
+ {
++
++#ifdef CHROOT
++ char *user_dir;
++ char *new_root;
++#endif /* CHROOT */
++
+ #ifndef HAVE_CYGWIN
+ if (getuid() == 0 || geteuid() == 0)
+ #endif /* HAVE_CYGWIN */
+@@ -1268,6 +1276,27 @@
+ exit(1);
+ }
+ endgrent();
++
++#ifdef CHROOT
++ user_dir = xstrdup(pw->pw_dir);
++ new_root = user_dir + 1;
++
++ while((new_root = strchr(new_root, '.')) != NULL) {
++ new_root--;
++ if(strncmp(new_root, "/./", 3) == 0) {
++ *new_root = '\0';
++ new_root += 2;
++
++ if(chroot(user_dir) != 0)
++ fatal("Couldn't chroot to user directory % s", user_dir);
++ pw->pw_dir = new_root;
++ break;
++ }
++ new_root += 2;
++ }
++#endif /* CHROOT */
++
++
+ # ifdef USE_PAM
+ /*
+ * PAM credentials may take the form of supplementary groups.
diff --git a/net-misc/openssh/files/openssh-3.8.1_p1-kerberos.patch b/net-misc/openssh/files/openssh-3.8.1_p1-kerberos.patch
new file mode 100644
index 000000000000..2d0694f0cc7e
--- /dev/null
+++ b/net-misc/openssh/files/openssh-3.8.1_p1-kerberos.patch
@@ -0,0 +1,19 @@
+--- configure.ac 2004-02-24 21:05:46.781403118 +0000
++++ configure.ac 2004-02-24 21:03:30.717786642 +0000
+@@ -2102,14 +2102,14 @@
+ )
+ else
+ AC_MSG_RESULT(no)
+- CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include"
++ CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include -I/usr/include/heimdal -I/usr/include/gssapi"
+ LDFLAGS="$LDFLAGS -L${KRB5ROOT}/lib"
+ AC_MSG_CHECKING(whether we are using Heimdal)
+ AC_TRY_COMPILE([ #include <krb5.h> ],
+ [ char *tmp = heimdal_version; ],
+ [ AC_MSG_RESULT(yes)
+ AC_DEFINE(HEIMDAL)
+- K5LIBS="-lkrb5 -ldes -lcom_err -lasn1 -lroken"
++ K5LIBS="-lkrb5 -lcom_err -lasn1 -lroken -lresolv"
+ ],
+ [ AC_MSG_RESULT(no)
+ K5LIBS="-lkrb5 -lk5crypto -lcom_err"
diff --git a/net-misc/openssh/files/openssh-3.8.1_p1-resolv_functions.patch b/net-misc/openssh/files/openssh-3.8.1_p1-resolv_functions.patch
new file mode 100644
index 000000000000..2de0cca0ed96
--- /dev/null
+++ b/net-misc/openssh/files/openssh-3.8.1_p1-resolv_functions.patch
@@ -0,0 +1,12 @@
+--- configure.ac 2004-02-24 21:03:30.717786642 +0000
++++ configure.ac 2004-02-24 21:33:37.936501897 +0000
+@@ -2055,7 +2055,9 @@
+ [
+ # Needed by our getrrsetbyname()
+ AC_SEARCH_LIBS(res_query, resolv)
++ AC_SEARCH_LIBS(__res_query, resolv)
+ AC_SEARCH_LIBS(dn_expand, resolv)
++ AC_SEARCH_LIBS(__dn_expand, resolv)
+ AC_CHECK_FUNCS(_getshort _getlong)
+ AC_CHECK_MEMBER(HEADER.ad,
+ [AC_DEFINE(HAVE_HEADER_AD)],,
diff --git a/net-misc/openssh/files/openssh-3.8.1_p1-skey.patch b/net-misc/openssh/files/openssh-3.8.1_p1-skey.patch
new file mode 100644
index 000000000000..133635574c8d
--- /dev/null
+++ b/net-misc/openssh/files/openssh-3.8.1_p1-skey.patch
@@ -0,0 +1,11 @@
+--- configure.ac 2004-02-24 21:07:25.510177659 +0000
++++ configure.ac 2004-02-24 21:03:30.717786642 +0000
+@@ -721,7 +721,7 @@
+ [
+ #include <stdio.h>
+ #include <skey.h>
+-int main() { char *ff = skey_keyinfo(""); ff=""; exit(0); }
++int main() { char *ff = "true"; ff=""; exit(0); }
+ ],
+ [AC_MSG_RESULT(yes)],
+ [
diff --git a/net-misc/openssh/openssh-3.8.1_p1.ebuild b/net-misc/openssh/openssh-3.8.1_p1.ebuild
new file mode 100644
index 000000000000..f199b060b473
--- /dev/null
+++ b/net-misc/openssh/openssh-3.8.1_p1.ebuild
@@ -0,0 +1,130 @@
+# Copyright 1999-2004 Gentoo Technologies, Inc.
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/net-misc/openssh/openssh-3.8.1_p1.ebuild,v 1.1 2004/04/21 11:46:05 aliz Exp $
+
+inherit eutils flag-o-matic ccc gnuconfig
+
+# Make it more portable between straight releases
+# and _p? releases.
+PARCH=${P/_/}
+
+X509_PATCH="${PARCH}+x509g4.diff.gz"
+SELINUX_PATCH="openssh-3.7.1_p1-selinux.diff"
+
+S=${WORKDIR}/${PARCH}
+DESCRIPTION="Port of OpenBSD's free SSH release"
+HOMEPAGE="http://www.openssh.com/"
+SRC_URI="mirror://openssh/${PARCH}.tar.gz"
+# X509? ( http://roumenpetrov.info/openssh/x509g4/${X509_PATCH} )"
+
+LICENSE="as-is"
+SLOT="0"
+KEYWORDS="~x86 ~ppc ~sparc ~alpha ~mips ~hppa ~amd64 ~ia64 ~ppc64 ~s390"
+IUSE="ipv6 static pam tcpd kerberos skey selinux chroot X509"
+
+# openssh recognizes when openssl has been slightly upgraded and refuses to run.
+# This new rev will use the new openssl.
+RDEPEND="virtual/glibc
+ pam? ( >=sys-libs/pam-0.73
+ >=sys-apps/shadow-4.0.2-r2 )
+ !mips? ( kerberos? ( virtual/krb5 ) )
+ selinux? ( sys-libs/libselinux )
+ !ppc64? ( skey? ( >=app-admin/skey-1.1.5-r1 ) )
+ >=dev-libs/openssl-0.9.6d
+ >=sys-libs/zlib-1.1.4
+ !ppc64? ( tcpd? ( >=sys-apps/tcp-wrappers-7.6 ) )"
+DEPEND="${RDEPEND}
+ virtual/os-headers
+ dev-lang/perl
+ sys-apps/groff
+ >=sys-apps/sed-4
+ sys-devel/autoconf"
+PROVIDE="virtual/ssh"
+
+src_unpack() {
+ unpack ${PARCH}.tar.gz ; cd ${S}
+
+ epatch ${FILESDIR}/${P}-kerberos.patch
+ epatch ${FILESDIR}/${P}-resolv_functions.patch
+
+ use selinux && epatch ${FILESDIR}/${SELINUX_PATCH}
+ use alpha && epatch ${FILESDIR}/${PN}-3.5_p1-gentoo-sshd-gcc3.patch
+ use skey && epatch ${FILESDIR}/${P}-skey.patch
+ use chroot && epatch ${FILESDIR}/${P}-chroot.patch
+# use X509 && epatch ${DISTDIR}/${X509_PATCH}
+}
+
+src_compile() {
+ gnuconfig_update
+
+ # make sure .sbss is large enough
+ use skey && use alpha && append-ldflags -mlarge-data
+ use ldap && filter-flags -funroll-loops
+ use selinux && append-flags "-DWITH_SELINUX"
+ use static && append-ldflags -static
+ export LDFLAGS
+
+ autoconf
+
+ local myconf="\
+ $( use_with tcpd tcp-wrappers ) \
+ $( use_with kerberos kerberos5 ) \
+ $( use_with pam ) \
+ $( use_with skey )"
+
+ use ipv6 || myconf="${myconf} --with-ipv4-default"
+
+ ./configure \
+ --prefix=/usr \
+ --sysconfdir=/etc/ssh \
+ --mandir=/usr/share/man \
+ --libexecdir=/usr/lib/misc \
+ --datadir=/usr/share/openssh \
+ --disable-suid-ssh \
+ --with-privsep-path=/var/empty \
+ --with-privsep-user=sshd \
+ --with-md5-passwords \
+ --host=${CHOST} \
+ ${myconf} \
+ || die "bad configure"
+
+# use static && {
+# # statically link to libcrypto -- good for the boot cd
+# sed -i "s:-lcrypto:/usr/lib/libcrypto.a:g" Makefile
+# }
+
+ emake || die "compile problem"
+}
+
+src_install() {
+ make install-files DESTDIR=${D} || die
+ chmod 600 ${D}/etc/ssh/sshd_config
+ dodoc ChangeLog CREDITS OVERVIEW README* TODO sshd_config
+ insinto /etc/pam.d ; newins ${FILESDIR}/sshd.pam sshd
+ exeinto /etc/init.d ; newexe ${FILESDIR}/sshd.rc6 sshd
+ keepdir /var/empty
+ dosed "/^#Protocol /s:.*:Protocol 2:" /etc/ssh/sshd_config
+ use pam && dosed "/^#UsePAM /s:.*:UsePAM yes:" /etc/ssh/sshd_config
+}
+
+pkg_postinst() {
+ enewgroup sshd 22
+ enewuser sshd 22 /bin/false /var/empty sshd
+
+ ewarn "Remember to merge your config files in /etc/ssh/ and then"
+ ewarn "restart sshd: '/etc/init.d/sshd restart'."
+ ewarn
+ einfo "As of version 3.4 the default is to enable the UsePrivelegeSeparation"
+ einfo "functionality, but please ensure that you do not explicitly disable"
+ einfo "this in your configuration as disabling it opens security holes"
+ einfo
+ einfo "This revision has removed your sshd user id and replaced it with a"
+ einfo "new one with UID 22. If you have any scripts or programs that"
+ einfo "that referenced the old UID directly, you will need to update them."
+ einfo
+ use pam >/dev/null 2>&1 && {
+ einfo "Please be aware users need a valid shell in /etc/passwd"
+ einfo "in order to be allowed to login."
+ einfo
+ }
+}