| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
| |
Link: https://bugzilla.mindrot.org/show_bug.cgi?id=3689
Closes: https://bugs.gentoo.org/919685
Signed-off-by: Gabi Falk <gabifalk@gmx.com>
Closes: https://github.com/gentoo/gentoo/pull/36623
Signed-off-by: Sam James <sam@gentoo.org>
|
|
|
|
|
|
|
|
| |
Patch has long been upstreamed:
- https://github.com/openssh/openssh-portable/pull/148
- https://github.com/openssh/openssh-portable/commit/3ef92a657444f172b61f92d5da66d94fa8265602
Signed-off-by: David Seifert <soap@gentoo.org>
|
|
|
|
| |
Signed-off-by: Sam James <sam@gentoo.org>
|
|
|
|
|
| |
Signed-off-by: Matoro Mahri <matoro_gentoo@matoro.tk>
Signed-off-by: Arthur Zamarin <arthurzam@gentoo.org>
|
|
|
|
| |
Signed-off-by: Mike Gilbert <floppym@gentoo.org>
|
|
|
|
| |
Signed-off-by: Mike Gilbert <floppym@gentoo.org>
|
|
|
|
| |
Signed-off-by: Mike Gilbert <floppym@gentoo.org>
|
|
|
|
|
|
| |
Portage refuses to install empty directories.
Signed-off-by: Mike Gilbert <floppym@gentoo.org>
|
|
|
|
|
|
| |
Closes: https://bugs.gentoo.org/906639
Closes: https://bugs.gentoo.org/915840
Signed-off-by: Mike Gilbert <floppym@gentoo.org>
|
|
|
|
|
| |
Signed-off-by: Rolf Eike Beer <eike@sf-mail.de>
Signed-off-by: Sam James <sam@gentoo.org>
|
|
|
|
| |
Signed-off-by: Sam James <sam@gentoo.org>
|
|
|
|
| |
Signed-off-by: Sam James <sam@gentoo.org>
|
|
|
|
| |
Signed-off-by: Sam James <sam@gentoo.org>
|
|
|
|
| |
Signed-off-by: Sam James <sam@gentoo.org>
|
|
|
|
| |
Signed-off-by: Sam James <sam@gentoo.org>
|
|
|
|
| |
Signed-off-by: Sam James <sam@gentoo.org>
|
|
|
|
| |
Signed-off-by: Sam James <sam@gentoo.org>
|
|
|
|
|
|
|
| |
This shouldn't be needed anymore since 0b22d07f89b16ac3400e45077702ac4c4492e5a4 anyway.
Bug: https://bugs.gentoo.org/872416
Signed-off-by: Sam James <sam@gentoo.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Instead of patching out a header file, use the ./configure option
dedicated for this purpose. It has the side effect of correctly sed'ing
out config files / manpages with the updated location.
When not explicitly passed, the builtin default is used as a fallback,
but when USE=X, portage as an implementation detail guarantees that
xauth will be installed before openssh is compiled.
... as long as you don't use --buildpkg.
So, "probably" if you used USE=X the paths were correct, but:
- this is overall a poor approach to reliability
- it misses the point of also overriding the path when USE="-X"
- we just removed the USE flag and the RDEPEND
Signed-off-by: Eli Schwartz <eschwartz93@gmail.com>
Signed-off-by: Sam James <sam@gentoo.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
It was originally added in 2006 with the following rationale:
> Since with our new stable modular X, all we need to do X11-forwarding
> via SSH is to have x11-apps/xauth (and dependencies) installed, it would
> be handy to have this as an RDEPEND in the ebuilds. In order to keep
> most entirely-non-X servers happy, it should probably be turned on only
> with a USE flag, say 'X'.
> This is entirely unnecessary for the building of openssh, but would
> provide a straight-foward way of letting users know what to do if they
> want to enable x11-forwarding w/o having xorg-x11 installed, and without
> having to debug their ssh -X session or delve deeply into documentation.
It is the textbook rationale for optfeature. However, in 2006,
optfeature didn't exist -- it was added in 2014 through bug 498988.
(And of course the real solution is GLEP 62 "IUSE_RUNTIME".)
It is now 2024 and enabling/disabling USE=X still causes openssh to
pointlessly recompile and rebuild itself, invalidating binhosts in the
process.
Bug: https://bugs.gentoo.org/139235
Signed-off-by: Eli Schwartz <eschwartz93@gmail.com>
Signed-off-by: Sam James <sam@gentoo.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
MAP_NORESERVE is used in certain memory patterns in Scudo
where we want to mmap chunks of memory without reserving swap space.
We use this to avoid hitting address space limits.
However, OpenSSH's client sandbox is quite restrictive on which MMAP
flags are allowed (understandably so), and it currently does not
allow MAP_NORESERVE to be used.
This commit allows us to call MAP_NORESERVE from the client sandbox
process.
Upstream patch submission:
https://lists.mindrot.org/pipermail/openssh-unix-dev/2023-December/041095.html
Signed-off-by: Jordan R Abrahams-Whitehead <ajordanr@google.com>
Closes: https://github.com/gentoo/gentoo/pull/34610
Signed-off-by: Sam James <sam@gentoo.org>
|
|
|
|
| |
Signed-off-by: Michał Górny <mgorny@gentoo.org>
|
|
|
|
| |
Signed-off-by: David Seifert <soap@gentoo.org>
|
|
|
|
|
|
| |
Signed-off-by: Michael Mair-Keimberger <mmk@levelnine.at>
Closes: https://github.com/gentoo/gentoo/pull/34531
Signed-off-by: Conrad Kostecki <conikost@gentoo.org>
|
|
|
|
| |
Signed-off-by: Sam James <sam@gentoo.org>
|
|
|
|
|
| |
Bug: https://bugs.gentoo.org/910553
Signed-off-by: Sam James <sam@gentoo.org>
|
|
|
|
|
| |
Signed-off-by: Matoro Mahri <matoro_gentoo@matoro.tk>
Signed-off-by: Sam James <sam@gentoo.org>
|
|
|
|
|
| |
Signed-off-by: Matoro Mahri <matoro_gentoo@matoro.tk>
Signed-off-by: Sam James <sam@gentoo.org>
|
|
|
|
|
| |
Signed-off-by: Matoro Mahri <matoro_gentoo@matoro.tk>
Signed-off-by: Sam James <sam@gentoo.org>
|
|
|
|
|
| |
Signed-off-by: Matoro Mahri <matoro_gentoo@matoro.tk>
Signed-off-by: Sam James <sam@gentoo.org>
|
|
|
|
| |
Signed-off-by: Sam James <sam@gentoo.org>
|
|
|
|
| |
Signed-off-by: Sam James <sam@gentoo.org>
|
|
|
|
| |
Signed-off-by: Sam James <sam@gentoo.org>
|
|
|
|
| |
Signed-off-by: Sam James <sam@gentoo.org>
|
|
|
|
| |
Signed-off-by: Arthur Zamarin <arthurzam@gentoo.org>
|
|
|
|
|
| |
Signed-off-by: Matoro Mahri <matoro_gentoo@matoro.tk>
Signed-off-by: Ionen Wolkens <ionen@gentoo.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
--with-hardening adds the following in addition to flags we
already set in our toolchain:
* -ftrapv (which is broken with GCC anyway),
* -ftrivial-auto-var-init=zero (which is nice, but not the end of
the world to not have)
* -fzero-call-used-regs=used (history of miscompilations with
Clang (bug #872548), ICEs on m68k (bug #920350, gcc PR113086,
gcc PR104820, gcc PR104817, gcc PR110934)).
Furthermore, OSSH_CHECK_CFLAG_COMPILE does not use AC_CACHE_CHECK,
so we cannot just disable -fzero-call-used-regs=used.
Therefore, just pass --without-hardening, given it doesn't negate
our already hardened toolchain defaults, and avoids adding flags
which are known-broken in both Clang and GCC and haven't been
proven reliable.
Bug: https://bugs.gentoo.org/872548
Bug: https://bugs.gentoo.org/920350
Bug: https://bugs.gentoo.org/920292
Bug: https://gcc.gnu.org/PR113086
Bug: https://gcc.gnu.org/PR104820
Bug: https://gcc.gnu.org/PR104817
Bug: https://gcc.gnu.org/PR110934
Signed-off-by: Sam James <sam@gentoo.org>
|
|
|
|
|
| |
Bug: https://bugs.gentoo.org/920292
Signed-off-by: Sam James <sam@gentoo.org>
|
|
|
|
| |
Signed-off-by: Arthur Zamarin <arthurzam@gentoo.org>
|
|
|
|
| |
Signed-off-by: Arthur Zamarin <arthurzam@gentoo.org>
|
|
|
|
| |
Signed-off-by: Sam James <sam@gentoo.org>
|
|
|
|
| |
Signed-off-by: Sam James <sam@gentoo.org>
|
|
|
|
| |
Signed-off-by: Sam James <sam@gentoo.org>
|
|
|
|
| |
Signed-off-by: Sam James <sam@gentoo.org>
|
|
|
|
| |
Signed-off-by: Mike Gilbert <floppym@gentoo.org>
|
|
|
|
| |
Signed-off-by: Arthur Zamarin <arthurzam@gentoo.org>
|
|
|
|
| |
Signed-off-by: Arthur Zamarin <arthurzam@gentoo.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* This patch is far too large for Gentoo to carry without any upstream
guidance and this leads to breakage every few releases.
* Every distro has a different patch for this issue. In particular,
the patches carried by Debian and Fedora are more comprehensive.
* Upstream doesn't seem to care about the actual issue, seeing there
hasn't been any progress in the last 10 years or so:
http://bugzilla.mindrot.org/show_bug.cgi?id=1008
Bug: https://bugs.gentoo.org/165444
Signed-off-by: David Seifert <soap@gentoo.org>
|
|
|
|
|
|
|
|
|
| |
This was fixed properly by upstream in 9.4 so the workaround isn't needed;
openssh-9.3_p1-openssl-ignore-status.patch applies with fuzz to >=9.4 and
does the wrong thing there as it touches the non-OpenSSL 3 case (upstream
added a conditional above in >=9.4).
Signed-off-by: Sam James <sam@gentoo.org>
|
|
|
|
| |
Signed-off-by: Sam James <sam@gentoo.org>
|