diff options
| author |   Ned Ludd <solar@gentoo.org> | 2003-09-23 16:11:58 +0000 |
|---|---|---|
| committer | Ned Ludd <solar@gentoo.org> | 2003-09-23 16:11:58 +0000 |
| commit | 3eb31fea98df97958fc6cbaaf4b8518295150147 (patch) | |
| tree | de85e7197fb1f0d161ff0b776da371b583b73855 /net-misc | |
| parent | security update. http://www.openssh.com/txt/sshpam.adv (diff) | |
| download | gentoo-2-3eb31fea98df97958fc6cbaaf4b8518295150147.tar.gz gentoo-2-3eb31fea98df97958fc6cbaaf4b8518295150147.tar.bz2 gentoo-2-3eb31fea98df97958fc6cbaaf4b8518295150147.zip | |
security update. http://www.openssh.com/txt/sshpam.adv
Diffstat (limited to 'net-misc')
| -rw-r--r-- | net-misc/openssh/ChangeLog | 7 | ||||
| -rw-r--r-- | net-misc/openssh/Manifest | 4 | ||||
| -rw-r--r-- | net-misc/openssh/files/digest-openssh-3.7.1_p2 | 2 | ||||
| -rw-r--r-- | net-misc/openssh/openssh-3.7.1_p2.ebuild | 144 |
4 files changed, 154 insertions, 3 deletions
diff --git a/net-misc/openssh/ChangeLog b/net-misc/openssh/ChangeLog index e53c361cb696..c903c4f71df9 100644 --- a/net-misc/openssh/ChangeLog +++ b/net-misc/openssh/ChangeLog @@ -1,6 +1,11 @@ # ChangeLog for net-misc/openssh # Copyright 2002-2003 Gentoo Technologies, Inc.; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/net-misc/openssh/ChangeLog,v 1.51 2003/09/20 01:02:37 pebenito Exp $ +# $Header: /var/cvsroot/gentoo-x86/net-misc/openssh/ChangeLog,v 1.52 2003/09/23 16:11:55 solar Exp $ + +*openssh-3.7.1_p2 (23 Sep 2003) + + 23 Sep 2003; <solar@gentoo.org> openssh-3.7.1_p2.ebuild: + security update. http://www.openssh.com/txt/sshpam.adv 19 Sep 2003; Chris PeBenito <pebenito@gentoo.org> openssh-3.7.1_p1-r1.ebuild, openssh-3.7.1_p1.ebuild: diff --git a/net-misc/openssh/Manifest b/net-misc/openssh/Manifest index b109db23209b..c476245b19f1 100644 --- a/net-misc/openssh/Manifest +++ b/net-misc/openssh/Manifest @@ -2,12 +2,12 @@ MD5 bf8c9e2ff963deb77f7dd8adf7ad2037 openssh-3.5_p1-r1.ebuild 3932 MD5 3c2bbd03a745c1e0b2a5e4a6e600b030 openssh-3.6.1_p2-r1.ebuild 4148 MD5 564d864226cf89ea6396748305042fd9 openssh-3.6.1_p2-r2.ebuild 4204 MD5 9da5e02603f79633fe36e2337d4ae626 openssh-3.6.1_p2-r3.ebuild 4488 -MD5 61921ee33a727dfebc980b9691ef74dc ChangeLog 8238 +MD5 ca41d40ed4232add12ba8dcdcc9607ba ChangeLog 8385 MD5 a50daec66d75cc8248da65d91269b359 openssh-3.6.1_p2.ebuild 3948 MD5 6f9d1a7a3d8d84a099f9e8ae724cd750 openssh-3.7.1_p1.ebuild 4665 MD5 baa93c0bb81792f293041775106cda3d openssh-3.7.1_p1-r1.ebuild 4279 MD5 b95ca58a06be4f68640911f9e64a8c95 openssh-3.7_p1.ebuild 4479 -MD5 c1da53d1cd9eee45e2f7172410612037 openssh-3.7.1_p2.ebuild 4282 +MD5 6eeb6807efa782e519055078cc397682 openssh-3.7.1_p2.ebuild 4289 MD5 f2472f97f00f203eee538d04a25acac5 files/digest-openssh-3.5_p1-r1 136 MD5 2cb187d8f60994c5e1b5fef2bcb6e85d files/openssh-3.5_p1-gentoo-sshd-gcc3.patch 315 MD5 b86ae0c43a704c4ee2abd2ce5c955f8f files/sshd.pam 294 diff --git a/net-misc/openssh/files/digest-openssh-3.7.1_p2 b/net-misc/openssh/files/digest-openssh-3.7.1_p2 new file mode 100644 index 000000000000..cd0c131742d5 --- /dev/null +++ b/net-misc/openssh/files/digest-openssh-3.7.1_p2 @@ -0,0 +1,2 @@ +MD5 61cf5b059938718308836d00f6764a94 openssh-3.7.1p2.tar.gz 792280 +MD5 d8f4c22cec973d2e22551455fe5bc28c openssh-3.7.1_p1-selinux.diff.bz2 7677 diff --git a/net-misc/openssh/openssh-3.7.1_p2.ebuild b/net-misc/openssh/openssh-3.7.1_p2.ebuild new file mode 100644 index 000000000000..c91c14c41b1d --- /dev/null +++ b/net-misc/openssh/openssh-3.7.1_p2.ebuild @@ -0,0 +1,144 @@ +# Copyright 1999-2003 Gentoo Technologies, Inc. +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/net-misc/openssh/openssh-3.7.1_p2.ebuild,v 1.1 2003/09/23 16:11:55 solar Exp $ + +inherit eutils flag-o-matic ccc +[ `use kerberos` ] && append-flags -I/usr/include/gssapi + +# Make it more portable between straight releases +# and _p? releases. +PARCH=${P/_/} + +#X509_PATCH=${PARCH}+x509g2.diff.gz +SELINUX_PATCH=openssh-3.7.1_p1-selinux.diff.bz2 + +S=${WORKDIR}/${PARCH} +DESCRIPTION="Port of OpenBSD's free SSH release" +HOMEPAGE="http://www.openssh.com/" +IUSE="ipv6 static pam tcpd kerberos skey selinux" ; # X509" +SRC_URI="ftp://ftp.openbsd.org/pub/unix/OpenBSD/OpenSSH/portable/${PARCH}.tar.gz + selinux? ( http://dev.gentoo.org/~pebenito/${SELINUX_PATCH} )" +# X509? ( http://roumenpetrov.info/openssh/x509g2/${X509_PATCH} )" + +# openssh recognizes when openssl has been slightly upgraded and refuses to run. +# This new rev will use the new openssl. +RDEPEND="virtual/glibc + pam? ( >=sys-libs/pam-0.73 + >=sys-apps/shadow-4.0.2-r2 ) + kerberos? ( app-crypt/mit-krb5 ) + selinux? ( sys-apps/selinux-small ) + skey? ( app-admin/skey ) + >=dev-libs/openssl-0.9.6d + sys-libs/zlib + >=sys-apps/sed-4" + +DEPEND="${RDEPEND} + dev-lang/perl + sys-apps/groff + tcpd? ( >=sys-apps/tcp-wrappers-7.6 )" + +SLOT="0" +LICENSE="as-is" +KEYWORDS="~x86 ~ppc ~sparc ~alpha ~mips ~hppa ~arm ~amd64 ~ia64" + +src_unpack() { + unpack ${PARCH}.tar.gz ; cd ${S} + + use selinux && epatch ${DISTDIR}/${SELINUX_PATCH} + use alpha && epatch ${FILESDIR}/${PN}-3.5_p1-gentoo-sshd-gcc3.patch + use X509 && epatch ${DISTDIR}/${X509_PATCH} + + # epatch ${FILESDIR}/${P}-connect-timeout.patch + # epatch ${FILESDIR}/${P}-double-free.patch + # epatch ${FILESDIR}/${P}-memory-leak.patch + # epatch ${FILESDIR}/${P}-memory-bugs.patch + + use skey && { + # prevent the conftest from violating the sandbox + sed -i 's#skey_keyinfo("")#"true"#g' configure + } +} + +src_compile() { + local myconf + + myconf="\ + $( use_with tcpd tcp-wrappers ) \ + $( use_with kerberos kerberos5 ) \ + $( use_with pam ) \ + $( use_with skey )" + + use ipv6 || myconf="${myconf} --with-ipv4-default" + + use skey && { + # make sure .sbss is large enough + use alpha && append-ldflags -mlarge-data + } + + use selinux && append-flags "-DWITH_SELINUX" + + ./configure \ + --prefix=/usr \ + --sysconfdir=/etc/ssh \ + --mandir=/usr/share/man \ + --libexecdir=/usr/lib/misc \ + --datadir=/usr/share/openssh \ + --disable-suid-ssh \ + --with-privsep-path=/var/empty \ + --with-privsep-user=sshd \ + --with-md5-passwords \ + --host=${CHOST} ${myconf} || die "bad configure" + + use static && { + # statically link to libcrypto -- good for the boot cd + sed -i "s:-lcrypto:/usr/lib/libcrypto.a:g" Makefile + } + + use selinux && { + #add -lsecure + sed -i "s:LIBS=\(.*\):LIBS=\1 -lsecure:" Makefile + } + + emake || die "compile problem" +} + +src_install() { + make install-files DESTDIR=${D} || die + chmod 600 ${D}/etc/ssh/sshd_config + dodoc ChangeLog CREDITS OVERVIEW README* TODO sshd_config + insinto /etc/pam.d ; newins ${FILESDIR}/sshd.pam sshd + exeinto /etc/init.d ; newexe ${FILESDIR}/sshd.rc6 sshd + keepdir /var/empty/.keep +} + +pkg_preinst() { + userdel sshd 2> /dev/null + if ! groupmod sshd; then + groupadd -g 90 sshd 2> /dev/null || \ + die "Failed to create sshd group" + fi + useradd -u 22 -g sshd -s /dev/null -d /var/empty -c "sshd" sshd || \ + die "Failed to create sshd user" +} + +pkg_postinst() { + # empty dir for the new priv separation auth chroot.. + install -d -m0755 -o root -g root ${ROOT}/var/empty + + ewarn "Remember to merge your config files in /etc/ssh/ and then" + ewarn "restart sshd: '/etc/init.d/sshd restart'." + ewarn + einfo "As of version 3.4 the default is to enable the UsePrivelegeSeparation" + einfo "functionality, but please ensure that you do not explicitly disable" + einfo "this in your configuration as disabling it opens security holes" + einfo + einfo "This revision has removed your sshd user id and replaced it with a" + einfo "new one with UID 22. If you have any scripts or programs that" + einfo "that referenced the old UID directly, you will need to update them." + einfo + use pam >/dev/null 2>&1 && { + einfo "Please be aware users need a valid shell in /etc/passwd" + einfo "in order to be allowed to login." + einfo + } +} |