diff options
authorTavis Ormandy <>2003-11-05 16:05:20 +0000
committerTavis Ormandy <>2003-11-05 16:05:20 +0000
commitf459650020fc590578e735a20c0a565fa88fea21 (patch)
parentskey patch required for latest version. (diff)
skey patch required for latest version.
4 files changed, 168 insertions, 2 deletions
diff --git a/net-misc/openssh/Manifest b/net-misc/openssh/Manifest
index 334245729191..14fdc46e10f8 100644
--- a/net-misc/openssh/Manifest
+++ b/net-misc/openssh/Manifest
@@ -1,8 +1,8 @@
MD5 dd18c67f333d21115a68c7f028a8879a openssh-3.5_p1-r1.ebuild 3574
-MD5 f34bfb15c23932b1cc8e70f74069245d openssh-3.7.1_p2-r1.ebuild 4128
+MD5 a06d63cad0f884ee35b87ac847218c3b openssh-3.7.1_p2-r1.ebuild 4127
MD5 137be01859a55aee00b52284b6905f34 openssh-3.6.1_p2.ebuild 3595
MD5 d6e7d6966badc556772e2a9462eae053 openssh-3.7.1_p2.ebuild 4018
-MD5 f06870a4ed8746032e81561c4e59ecb5 ChangeLog 8906
+MD5 ac26223c2068ceaf24cca1bc97e66c19 ChangeLog 9107
MD5 0feff9b09e482567359625301bddce1c metadata.xml 1329
MD5 2cb187d8f60994c5e1b5fef2bcb6e85d files/openssh-3.5_p1-gentoo-sshd-gcc3.patch 315
MD5 49cc9062ff27ad7d4e8f94b136ed76a2 files/openssh-3.7.1_p1-selinux.diff 3394
diff --git a/net-misc/openssh/files/digest-openssh-3.7.1_p2-r1 b/net-misc/openssh/files/digest-openssh-3.7.1_p2-r1
new file mode 100644
index 000000000000..920c333856ca
--- /dev/null
+++ b/net-misc/openssh/files/digest-openssh-3.7.1_p2-r1
@@ -0,0 +1,2 @@
+MD5 61cf5b059938718308836d00f6764a94 openssh-3.7.1p2.tar.gz 792280
+MD5 83e000a867eba10ef7f18c169d979360 openssh-3.7.1p2+x509g2.diff.gz 125455
diff --git a/net-misc/openssh/files/openssh-skeychallenge-args.diff b/net-misc/openssh/files/openssh-skeychallenge-args.diff
new file mode 100644
index 000000000000..86d6e5d91e0b
--- /dev/null
+++ b/net-misc/openssh/files/openssh-skeychallenge-args.diff
@@ -0,0 +1,24 @@
+diff -ruN openssh-3.7.1p2.orig/auth-skey.c openssh-3.7.1p2/auth-skey.c
+--- openssh-3.7.1p2.orig/auth-skey.c 2002-07-04 01:14:18.000000000 +0100
++++ openssh-3.7.1p2/auth-skey.c 2003-11-05 12:35:23.000000000 +0000
+@@ -47,7 +47,7 @@
+ int len;
+ struct skey skey;
+- if (skeychallenge(&skey, authctxt->user, challenge) == -1)
++ if (skeychallenge(&skey, authctxt->user, challenge, sizeof challenge) == -1)
+ return -1;
+ *name = xstrdup("");
+diff -ruN openssh-3.7.1p2.orig/monitor.c openssh-3.7.1p2/monitor.c
+--- openssh-3.7.1p2.orig/monitor.c 2003-09-02 22:32:46.000000000 +0100
++++ openssh-3.7.1p2/monitor.c 2003-11-05 12:36:03.000000000 +0000
+@@ -736,7 +736,7 @@
+ char challenge[1024];
+ u_int success;
+- success = skeychallenge(&skey, authctxt->user, challenge) < 0 ? 0 : 1;
++ success = skeychallenge(&skey, authctxt->user, challenge, sizeof challenge) < 0 ? 0 : 1;
+ buffer_clear(m);
+ buffer_put_int(m, success);
diff --git a/net-misc/openssh/openssh-3.7.1_p2-r1.ebuild b/net-misc/openssh/openssh-3.7.1_p2-r1.ebuild
new file mode 100644
index 000000000000..d215154f11b7
--- /dev/null
+++ b/net-misc/openssh/openssh-3.7.1_p2-r1.ebuild
@@ -0,0 +1,140 @@
+# Copyright 1999-2003 Gentoo Technologies, Inc.
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/net-misc/openssh/openssh-3.7.1_p2-r1.ebuild,v 1.1 2003/11/05 16:05:05 taviso Exp $
+inherit eutils flag-o-matic ccc
+[ `use kerberos` ] && append-flags -I/usr/include/gssapi
+# Make it more portable between straight releases
+# and _p? releases.
+DESCRIPTION="Port of OpenBSD's free SSH release"
+ X509? (${X509_PATCH} )"
+KEYWORDS="~x86 ~ppc ~sparc ~alpha ~mips ~hppa ~arm ~amd64 ~ia64"
+IUSE="ipv6 static pam tcpd kerberos skey selinux X509"
+# openssh recognizes when openssl has been slightly upgraded and refuses to run.
+# This new rev will use the new openssl.
+ pam? ( >=sys-libs/pam-0.73
+ >=sys-apps/shadow-4.0.2-r2 )
+ kerberos? ( app-crypt/mit-krb5 )
+ selinux? ( sys-libs/libselinux )
+ skey? ( >=app-admin/skey-1.1.5-r1 )
+ >=dev-libs/openssl-0.9.6d
+ >=sys-libs/zlib-1.1.4
+ >=sys-apps/sed-4"
+ dev-lang/perl
+ sys-apps/groff
+ tcpd? ( >=sys-apps/tcp-wrappers-7.6 )"
+src_unpack() {
+ unpack ${PARCH}.tar.gz ; cd ${S}
+ use selinux && epatch ${FILESDIR}/${SELINUX_PATCH}
+ use alpha && epatch ${FILESDIR}/${PN}-3.5_p1-gentoo-sshd-gcc3.patch
+ use X509 && epatch ${DISTDIR}/${X509_PATCH}
+ # looks like this one was rewriten somewhat.
+ # epatch ${FILESDIR}/${P}-memory-bugs.patch
+ use skey && {
+ # prevent the conftest from violating the sandbox
+ sed -i 's#skey_keyinfo("")#"true"#g' configure
+ # updates to skey implementation.
+ epatch ${FILESDIR}/${PN}-skeychallenge-args.diff
+ }
+src_compile() {
+ local myconf
+ myconf="\
+ $( use_with tcpd tcp-wrappers ) \
+ $( use_with kerberos kerberos5 ) \
+ $( use_with pam ) \
+ $( use_with skey )"
+ use ipv6 || myconf="${myconf} --with-ipv4-default"
+ use skey && {
+ # make sure .sbss is large enough
+ use alpha && append-ldflags -mlarge-data
+ }
+ use selinux && append-flags "-DWITH_SELINUX"
+ ./configure \
+ --prefix=/usr \
+ --sysconfdir=/etc/ssh \
+ --mandir=/usr/share/man \
+ --libexecdir=/usr/lib/misc \
+ --datadir=/usr/share/openssh \
+ --disable-suid-ssh \
+ --with-privsep-path=/var/empty \
+ --with-privsep-user=sshd \
+ --with-md5-passwords \
+ --host=${CHOST} ${myconf} || die "bad configure"
+ use static && {
+ # statically link to libcrypto -- good for the boot cd
+ sed -i "s:-lcrypto:/usr/lib/libcrypto.a:g" Makefile
+ }
+ emake || die "compile problem"
+src_install() {
+ make install-files DESTDIR=${D} || die
+ chmod 600 ${D}/etc/ssh/sshd_config
+ dodoc ChangeLog CREDITS OVERVIEW README* TODO sshd_config
+ insinto /etc/pam.d ; newins ${FILESDIR}/sshd.pam sshd
+ exeinto /etc/init.d ; newexe ${FILESDIR}/sshd.rc6 sshd
+ keepdir /var/empty/.keep
+pkg_preinst() {
+ userdel sshd 2> /dev/null
+ if ! groupmod sshd; then
+ groupadd -g 90 sshd 2> /dev/null || \
+ die "Failed to create sshd group"
+ fi
+ useradd -u 22 -g sshd -s /dev/null -d /var/empty -c "sshd" sshd || \
+ die "Failed to create sshd user"
+pkg_postinst() {
+ # empty dir for the new priv separation auth chroot..
+ install -d -m0755 -o root -g root ${ROOT}/var/empty
+ ewarn "Remember to merge your config files in /etc/ssh/ and then"
+ ewarn "restart sshd: '/etc/init.d/sshd restart'."
+ ewarn
+ einfo "As of version 3.4 the default is to enable the UsePrivelegeSeparation"
+ einfo "functionality, but please ensure that you do not explicitly disable"
+ einfo "this in your configuration as disabling it opens security holes"
+ einfo
+ einfo "This revision has removed your sshd user id and replaced it with a"
+ einfo "new one with UID 22. If you have any scripts or programs that"
+ einfo "that referenced the old UID directly, you will need to update them."
+ einfo
+ use pam >/dev/null 2>&1 && {
+ einfo "Please be aware users need a valid shell in /etc/passwd"
+ einfo "in order to be allowed to login."
+ einfo
+ }