Forward-port the X509/hpn glue patch per bug #235086.

(Portage version: 2.2_rc8/cvs/Linux 2.6.27-rc1-10246-gca5de40 x86_64)

3 files changed, 103 insertions, 3 deletions

diff --git a/net-misc/openssh/ChangeLog b/net-misc/openssh/ChangeLog
index c21792f8c914..8ea1e6ff0654 100644
--- a/net-misc/openssh/ChangeLog
+++ b/net-misc/openssh/ChangeLog
@@ -1,6 +1,10 @@
 # ChangeLog for net-misc/openssh
 # Copyright 1999-2008 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/net-misc/openssh/ChangeLog,v 1.312 2008/08/17 17:57:35 vapier Exp $
+# $Header: /var/cvsroot/gentoo-x86/net-misc/openssh/ChangeLog,v 1.313 2008/08/23 21:33:05 robbat2 Exp $
+
+  23 Aug 2008; Robin H. Johnson <robbat2@gentoo.org>
+  +files/openssh-5.1_p1-x509-hpn-glue.patch, openssh-5.1_p1.ebuild:
+  Forward-port the X509/hpn glue patch per bug #235086.
 
 *openssh-5.1_p1 (17 Aug 2008)
 
diff --git a/net-misc/openssh/files/openssh-5.1_p1-x509-hpn-glue.patch b/net-misc/openssh/files/openssh-5.1_p1-x509-hpn-glue.patch
new file mode 100644
index 000000000000..85f87737e44d
--- /dev/null
+++ b/net-misc/openssh/files/openssh-5.1_p1-x509-hpn-glue.patch
@@ -0,0 +1,96 @@
+Move things around so hpn applies cleanly when using X509.
+
+Forward-Ported-from: files/openssh-4.9_p1-x509-hpn-glue.patch
+Signed-off-by: Robin H. Johnson <robbat2@gentoo.org>
+
+diff -Nuar --exclude '*.orig' --exclude '*.rej' openssh-5.1p1+x509/Makefile.in openssh-5.1p1+x509-hpn-glue/Makefile.in
+--- openssh-5.1p1+x509/Makefile.in	2008-08-23 14:12:53.000000000 -0700
++++ openssh-5.1p1+x509-hpn-glue/Makefile.in	2008-08-23 14:13:51.000000000 -0700
+@@ -44,11 +44,12 @@
+ CC=@CC@
+ LD=@LD@
+ CFLAGS=@CFLAGS@
+-CPPFLAGS=-I. -I$(srcdir) @CPPFLAGS@ @LDAP_CPPFLAGS@ $(PATHS) @DEFS@
++CPPFLAGS=-I. -I$(srcdir) @CPPFLAGS@ $(PATHS) @DEFS@
+ LIBS=@LIBS@
+ SSHDLIBS=@SSHDLIBS@
+ LIBEDIT=@LIBEDIT@
+ LIBLDAP=@LDAP_LDFLAGS@ @LDAP_LIBS@
++CPPFLAGS += @LDAP_CPPFLAGS@
+ AR=@AR@
+ AWK=@AWK@
+ RANLIB=@RANLIB@
+diff -Nuar --exclude '*.orig' --exclude '*.rej' openssh-5.1p1+x509/servconf.c openssh-5.1p1+x509-hpn-glue/servconf.c
+--- openssh-5.1p1+x509/servconf.c	2008-08-23 14:12:53.000000000 -0700
++++ openssh-5.1p1+x509-hpn-glue/servconf.c	2008-08-23 14:23:56.000000000 -0700
+@@ -108,6 +108,17 @@
+ 	options->log_level = SYSLOG_LEVEL_NOT_SET;
+ 	options->rhosts_rsa_authentication = -1;
+ 	options->hostbased_authentication = -1;
++	options->hostbased_algorithms = NULL;
++	options->pubkey_algorithms = NULL;
++	ssh_x509flags_initialize(&options->x509flags, 1);
++#ifndef SSH_X509STORE_DISABLED
++	ssh_x509store_initialize(&options->ca);
++#endif /*ndef SSH_X509STORE_DISABLED*/
++#ifdef SSH_OCSP_ENABLED
++	options->va.type = -1;
++	options->va.certificate_file = NULL;
++	options->va.responder_url = NULL;
++#endif /*def SSH_OCSP_ENABLED*/
+ 	options->hostbased_uses_name_from_packet_only = -1;
+ 	options->rsa_authentication = -1;
+ 	options->pubkey_authentication = -1;
+@@ -151,18 +162,6 @@
+ 	options->num_permitted_opens = -1;
+ 	options->adm_forced_command = NULL;
+ 	options->chroot_directory = NULL;
+-
+-	options->hostbased_algorithms = NULL;
+-	options->pubkey_algorithms = NULL;
+-	ssh_x509flags_initialize(&options->x509flags, 1);
+-#ifndef SSH_X509STORE_DISABLED
+-	ssh_x509store_initialize(&options->ca);
+-#endif /*ndef SSH_X509STORE_DISABLED*/
+-#ifdef SSH_OCSP_ENABLED
+-	options->va.type = -1;
+-	options->va.certificate_file = NULL;
+-	options->va.responder_url = NULL;
+-#endif /*def SSH_OCSP_ENABLED*/
+ }
+ 
+ void
+@@ -338,6 +337,16 @@
+ 	/* Portable-specific options */
+ 	sUsePAM,
+ 	/* Standard Options */
++	sHostbasedAlgorithms,
++	sPubkeyAlgorithms,
++	sX509KeyAlgorithm,
++	sAllowedClientCertPurpose,
++	sKeyAllowSelfIssued, sMandatoryCRL,
++	sCACertificateFile, sCACertificatePath,
++	sCARevocationFile, sCARevocationPath,
++	sCAldapVersion, sCAldapURL,
++	sVAType, sVACertificateFile,
++	sVAOCSPResponderURL,
+ 	sPort, sHostKeyFile, sServerKeyBits, sLoginGraceTime, sKeyRegenerationTime,
+ 	sPermitRootLogin, sLogFacility, sLogLevel,
+ 	sRhostsRSAAuthentication, sRSAAuthentication,
+@@ -360,16 +369,6 @@
+ 	sGssAuthentication, sGssCleanupCreds, sAcceptEnv, sPermitTunnel,
+ 	sMatch, sPermitOpen, sForceCommand, sChrootDirectory,
+ 	sUsePrivilegeSeparation, sAllowAgentForwarding,
+-	sHostbasedAlgorithms,
+-	sPubkeyAlgorithms,
+-	sX509KeyAlgorithm,
+-	sAllowedClientCertPurpose,
+-	sKeyAllowSelfIssued, sMandatoryCRL,
+-	sCACertificateFile, sCACertificatePath,
+-	sCARevocationFile, sCARevocationPath,
+-	sCAldapVersion, sCAldapURL,
+-	sVAType, sVACertificateFile,
+-	sVAOCSPResponderURL,
+ 	sDeprecated, sUnsupported
+ } ServerOpCodes;
+ 
diff --git a/net-misc/openssh/openssh-5.1_p1.ebuild b/net-misc/openssh/openssh-5.1_p1.ebuild
index 608cb3eeeff5..69f733603e32 100644
--- a/net-misc/openssh/openssh-5.1_p1.ebuild
+++ b/net-misc/openssh/openssh-5.1_p1.ebuild
@@ -1,6 +1,6 @@
 # Copyright 1999-2008 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/net-misc/openssh/openssh-5.1_p1.ebuild,v 1.1 2008/08/17 17:57:35 vapier Exp $
+# $Header: /var/cvsroot/gentoo-x86/net-misc/openssh/openssh-5.1_p1.ebuild,v 1.2 2008/08/23 21:33:05 robbat2 Exp $
 
 inherit eutils flag-o-matic ccc multilib autotools pam
 
@@ -73,7 +73,7 @@ src_unpack() {
 		-e '/_PATH_XAUTH/s:/usr/X11R6/bin/xauth:/usr/bin/xauth:' \
 		pathnames.h || die
 
-	use X509 && epatch "${DISTDIR}"/${X509_PATCH} "${FILESDIR}"/${PN}-4.9_p1-x509-hpn-glue.patch
+	use X509 && epatch "${DISTDIR}"/${X509_PATCH} "${FILESDIR}"/${PN}-5.1_p1-x509-hpn-glue.patch
 	use smartcard && epatch "${FILESDIR}"/openssh-3.9_p1-opensc.patch
 	if ! use X509 ; then
 		if [[ -n ${LDAP_PATCH} ]] && use ldap ; then