diff options
| author |   Patrick McLean <chutzpah@gentoo.org> | 2017-10-11 15:51:05 -0700 |
|---|---|---|
| committer | Patrick McLean <chutzpah@gentoo.org> | 2017-10-11 17:41:40 -0700 |
| commit | 457856fd81528d41551c5fed457e1bd627498093 (patch) | |
| tree | 353728d836f3c65f21b4fb0ce7b6a9e8a490c7cc /net-misc/openssh | |
| parent | sys-apps/init-system-helpers: initial ebuild (diff) | |
| download | gentoo-457856fd81528d41551c5fed457e1bd627498093.tar.gz gentoo-457856fd81528d41551c5fed457e1bd627498093.tar.bz2 gentoo-457856fd81528d41551c5fed457e1bd627498093.zip | |
net-misc/openssh: Add updated X509 patchset to 7.6_p1
Had to drop the multithreaded aes-ctr cipher as it seems to cause
test failures with OpenSSH 7.6p1. We can re-add in the future if
a fix is found.
Package-Manager: Portage-2.3.11, Repoman-2.3.3
Diffstat (limited to 'net-misc/openssh')
| -rw-r--r-- | net-misc/openssh/Manifest | 1 | ||||
| -rw-r--r-- | net-misc/openssh/files/openssh-7.6_p1-hpn-x509-11.0-glue.patch | 50 | ||||
| -rw-r--r-- | net-misc/openssh/files/openssh-7.6_p1-warnings.patch | 12 | ||||
| -rw-r--r-- | net-misc/openssh/openssh-7.6_p1.ebuild | 12 |
4 files changed, 73 insertions, 2 deletions
diff --git a/net-misc/openssh/Manifest b/net-misc/openssh/Manifest index df01594ce28f..c9efd08b4214 100644 --- a/net-misc/openssh/Manifest +++ b/net-misc/openssh/Manifest @@ -5,6 +5,7 @@ DIST openssh-7.5p1-hpnssh14v12.tar.xz 23068 SHA256 8a1ed99c121a4ad21d7a26cd32627 DIST openssh-7.5p1.tar.gz 1510857 SHA256 9846e3c5fab9f0547400b4d2c017992f914222b3fd1f8eee6c7dc6bc5e59f9f0 SHA512 58c542e8a110fb4316a68db94abb663fa1c810becd0638d45281df8aeca62c1f705090437a80e788e6c29121769b72a505feced537d3118c933fde01b5285c81 WHIRLPOOL 1a42c68d8e350bc4790dd4c1a98dd6571bfa353ad6871b1462c53b6412f752719daabd1a13bb4434d294de966a00428ac66334bab45f371420029b5e34a6914c DIST openssh-7.6_p1-sctp.patch.xz 6996 SHA256 ca61f0b015d2f7131620a2a4901800b70026755a52a7b882d437cd9813c2652d SHA512 8445a9a8ae8e8baa67c8f386117877ba3f39f33c9cdaff341c8d5fb4ce9dfe22f26d5aedc2b0d4aab67864994ec5a6a487d18b728bd5d5c6efe14175eb9c8151 WHIRLPOOL 27125d4a7d45f0bc67f424598542cf97e123824bce7911732891531b6a0aa37b7598f636e1643a6114626c2ccc622a50928ffcdb4357c7dc3d9c3d8c161d9626 DIST openssh-7.6p1+x509-11.0.diff.gz 440219 SHA256 bc4175ed8efce14579f10e242b25a23c959b1ff0e63b7c15493503eb654a960e SHA512 add86ecdaa696d997f869e6878aaaef285590cc5eddf301be651944bbc6c80af6a891bad6f6aaa4b6e9919ad865a27dc6f45a6e0b923ca52c04f06523fa3197a WHIRLPOOL 1b324f72a6cb0c895b3994d59f3505ff2a4a0529829cea07344a33a68ee4d43c22ba534a55454792618cd9f766cd40fa5af73cc054ee3a08bccdb6e8d0073b29 +DIST openssh-7.6p1-hpnssh14v12.tar.xz 15392 SHA256 4ccb05096556233d81b68b330463ef2bd84384734ff3a8693ad28ac2d4681227 SHA512 0e2c62cdec360090b359edfd5bbe894fb25d22e387677e8a5d6cf6a0807b0572fda30b90c30390d5b68e359e9958cb1c65abae4afd9af5892c3f64f6f8001956 WHIRLPOOL c7bdc79d849bacaf1a6fb262a11b3b6cf905e95c11e9818c4434559fcea3bc5273496bb8d29e3a5edb116420b4dabc3ef17789e66864c488006c660331c18bc4 DIST openssh-7.6p1.tar.gz 1489788 SHA256 a323caeeddfe145baaa0db16e98d784b1fbc7dd436a6bf1f479dfd5cd1d21723 SHA512 de17fdcb8239401f76740c8d689a8761802f6df94e68d953f3c70b9f4f8bdb403617c48c1d01cc8c368d88e9d50aee540bf03d5a36687dfb39dfd28d73029d72 WHIRLPOOL 537b94555c7b36b2f7ef2ecd89e6671028f7cff9be758e631690ecd068510d59d6518077bf951e779e3c8a39706adb1682c6d5305edd6fc611ec19ce7953c751 DIST openssh-lpk-7.5p1-0.3.14.patch.xz 17040 SHA256 11060be996b291b8d78de698c68a92428430e4ff440553f5045c6de5c0e1dab3 SHA512 9ce5d7e5d831c972f0f866b686bf93a048a03979ab38627973f5491eeeaa45f9faab0520b3a7ed90a13a67213fdc9cd4cf11e423acad441ea91b71037c8b435b WHIRLPOOL 58526777475786bb5efa193f3a3ec0500c4d48b18fef67698f8b1999cb07f04fbca7b7d3ece469f3a1e1ceca5152cdd08d3dbe7cfa4e7494740dc2c233101b93 DIST openssh-lpk-7.6p1-0.3.14.patch.xz 17044 SHA256 fd877cf084d4eb682c503b6e5f363b0564da2b50561367558a50ab239adf4017 SHA512 e9a2b18fd6a58354198b6e48199059d055451a5f09c99bf7293d0d54137a59c581a9cb3bd906f31589e03d8450fb017b9015e18c67b7b6ae840e336039436974 WHIRLPOOL 8410dc9dad24d8b3065ba85e7a7a66322b4d37eac0ef68e72143afa3aba2706e91c324798236b9d3e320e6903d27a7e426621bde92ded89ce26a16535e8c3d3c diff --git a/net-misc/openssh/files/openssh-7.6_p1-hpn-x509-11.0-glue.patch b/net-misc/openssh/files/openssh-7.6_p1-hpn-x509-11.0-glue.patch new file mode 100644 index 000000000000..d55656aae974 --- /dev/null +++ b/net-misc/openssh/files/openssh-7.6_p1-hpn-x509-11.0-glue.patch @@ -0,0 +1,50 @@ +--- a/openssh-7.6p1-hpnssh14v12/0004-support-dynamically-sized-receive-buffers.patch 2017-10-11 15:02:11.850912525 -0700 ++++ b/openssh-7.6p1-hpnssh14v12/0004-support-dynamically-sized-receive-buffers.patch 2017-10-11 15:35:06.223424844 -0700 +@@ -907,9 +907,9 @@ + @@ -517,7 +544,7 @@ send_client_banner(int connection_out, int minor1) + { + /* Send our own protocol version identification. */ +- xasprintf(&client_version_string, "SSH-%d.%d-%.100s\r\n", +-- PROTOCOL_MAJOR_2, PROTOCOL_MINOR_2, SSH_VERSION); +-+ PROTOCOL_MAJOR_2, PROTOCOL_MINOR_2, SSH_RELEASE); ++ xasprintf(&client_version_string, "SSH-%d.%d-%.100s PKIX[%s]\r\n", ++- PROTOCOL_MAJOR_2, PROTOCOL_MINOR_2, SSH_VERSION, PACKAGE_VERSION); +++ PROTOCOL_MAJOR_2, PROTOCOL_MINOR_2, SSH_RELEASE, PACKAGE_VERSION); + if (atomicio(vwrite, connection_out, client_version_string, + strlen(client_version_string)) != strlen(client_version_string)) + fatal("write: %.100s", strerror(errno)); +@@ -918,11 +918,11 @@ + --- a/sshd.c + +++ b/sshd.c + @@ -367,7 +367,7 @@ sshd_exchange_identification(struct ssh *ssh, int sock_in, int sock_out) +- char remote_version[256]; /* Must be at least as big as buf. */ ++ } + +- xasprintf(&server_version_string, "SSH-%d.%d-%.100s%s%s\r\n", +-- PROTOCOL_MAJOR_2, PROTOCOL_MINOR_2, SSH_VERSION, +-+ PROTOCOL_MAJOR_2, PROTOCOL_MINOR_2, SSH_RELEASE, ++ xasprintf(&server_version_string, "SSH-%d.%d-%s%s%s%s\r\n", ++- PROTOCOL_MAJOR_2, PROTOCOL_MINOR_2, SSH_VERSION, pkix_comment, +++ PROTOCOL_MAJOR_2, PROTOCOL_MINOR_2, SSH_RELEASE, pkix_comment, + *options.version_addendum == '\0' ? "" : " ", + options.version_addendum); + +@@ -982,13 +982,14 @@ + index e093f623..83f0932d 100644 + --- a/version.h + +++ b/version.h +-@@ -3,4 +3,5 @@ ++@@ -3,3 +3,6 @@ + #define SSH_VERSION "OpenSSH_7.6" + +- #define SSH_PORTABLE "p1" +--#define SSH_RELEASE SSH_VERSION SSH_PORTABLE ++-#define SSH_RELEASE PACKAGE_STRING ", " SSH_VERSION "p1" +++#define SSH_PORTABLE "p1" + +#define SSH_HPN "-hpn14v12" +++#define SSH_X509 "-PKIXSSH-11.0" +-+#define SSH_RELEASE SSH_VERSION SSH_PORTABLE SSH_HPN +++#define SSH_RELEASE PACKAGE_STRING ", " SSH_VERSION "p1" SSH_HPN + -- + 2.14.2 + diff --git a/net-misc/openssh/files/openssh-7.6_p1-warnings.patch b/net-misc/openssh/files/openssh-7.6_p1-warnings.patch new file mode 100644 index 000000000000..5843dd162cd9 --- /dev/null +++ b/net-misc/openssh/files/openssh-7.6_p1-warnings.patch @@ -0,0 +1,12 @@ +diff --git a/openbsd-compat/freezero.c b/openbsd-compat/freezero.c +index 3af8f4a7..7f6bc7fa 100644 +--- a/openbsd-compat/freezero.c ++++ b/openbsd-compat/freezero.c +@@ -14,6 +14,7 @@ + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + ++#include <string.h> + #include "includes.h" + + #ifndef HAVE_FREEZERO diff --git a/net-misc/openssh/openssh-7.6_p1.ebuild b/net-misc/openssh/openssh-7.6_p1.ebuild index 1c315b793a68..a15c07cdc85d 100644 --- a/net-misc/openssh/openssh-7.6_p1.ebuild +++ b/net-misc/openssh/openssh-7.6_p1.ebuild @@ -9,7 +9,7 @@ inherit user flag-o-matic multilib autotools pam systemd versionator # and _p? releases. PARCH=${P/_} -#HPN_PATCH="${PARCH}-hpnssh14v12.tar.xz" +HPN_PATCH="${PARCH}-hpnssh14v12.tar.xz" SCTP_PATCH="${PN}-7.6_p1-sctp.patch.xz" LDAP_PATCH="${PN}-lpk-7.6p1-0.3.14.patch.xz" X509_VER="11.0" X509_PATCH="${PN}-${PV/_}+x509-${X509_VER}.diff.gz" @@ -109,12 +109,14 @@ src_prepare() { # this file. cp version.h version.h.pristine + eapply "${FILESDIR}/${P}-warnings.patch" + # don't break .ssh/authorized_keys2 for fun sed -i '/^AuthorizedKeysFile/s:^:#:' sshd_config || die if use X509 ; then if use hpn ; then - pushd "${WORKDIR}"/${HPN_PATCH%.*.*} >/dev/null + pushd "${WORKDIR}" >/dev/null eapply "${FILESDIR}"/${P}-hpn-x509-${X509_VER}-glue.patch popd >/dev/null fi @@ -324,4 +326,10 @@ pkg_postinst() { elog "no longer support dss/rsa/ecdsa keys. You will need to generate ed25519 keys" elog "and update all clients/servers that utilize them." fi + + # remove this if aes-ctr-mt gets fixed + if use hpn; then + elog "The multithreaded AES-CTR cipher has been temporarily dropped from the HPN patch" + elog "set since it does not (yet) work with >=openssh-7.6p1." + fi } |