diff options
| author |   Tim Harder <radhermit@gentoo.org> | 2013-11-08 05:20:33 +0000 |
|---|---|---|
| committer | Tim Harder <radhermit@gentoo.org> | 2013-11-08 05:20:33 +0000 |
| commit | f362194053bca153d3362b5c35b305dcf3cd6aef (patch) | |
| tree | 1e2d5e5516cc694e7bceaa4b68053654e2fbfd3f /net-misc | |
| parent | Apply patch to fix a memory corruption vulnerability with the AES-GCM cipher ... (diff) | |
| download | historical-f362194053bca153d3362b5c35b305dcf3cd6aef.tar.gz historical-f362194053bca153d3362b5c35b305dcf3cd6aef.tar.bz2 historical-f362194053bca153d3362b5c35b305dcf3cd6aef.zip | |
Remove insecure version.
Package-Manager: portage-2.2.7/cvs/Linux x86_64
Manifest-Sign-Key: 0x4AB3E85B4F064CA3
Diffstat (limited to 'net-misc')
| -rw-r--r-- | net-misc/openssh/ChangeLog | 5 | ||||
| -rw-r--r-- | net-misc/openssh/Manifest | 17 | ||||
| -rw-r--r-- | net-misc/openssh/openssh-6.3_p1.ebuild | 307 |
3 files changed, 12 insertions, 317 deletions
diff --git a/net-misc/openssh/ChangeLog b/net-misc/openssh/ChangeLog index 7e40b3c81315..d0298d96682b 100644 --- a/net-misc/openssh/ChangeLog +++ b/net-misc/openssh/ChangeLog @@ -1,6 +1,9 @@ # ChangeLog for net-misc/openssh # Copyright 1999-2013 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/net-misc/openssh/ChangeLog,v 1.482 2013/11/08 05:06:04 radhermit Exp $ +# $Header: /var/cvsroot/gentoo-x86/net-misc/openssh/ChangeLog,v 1.483 2013/11/08 05:20:28 radhermit Exp $ + + 08 Nov 2013; Tim Harder <radhermit@gentoo.org> -openssh-6.3_p1.ebuild: + Remove insecure version. *openssh-6.3_p1-r1 (08 Nov 2013) diff --git a/net-misc/openssh/Manifest b/net-misc/openssh/Manifest index e6e344a4145c..56092ccb5217 100644 --- a/net-misc/openssh/Manifest +++ b/net-misc/openssh/Manifest @@ -60,17 +60,16 @@ EBUILD openssh-6.1_p1-r1.ebuild 10257 SHA256 fa9ff7a800f65c5805ec7a59009e2effc1c EBUILD openssh-6.2_p2-r3.ebuild 10238 SHA256 227ee129871454e25fb0db27113fe3b37e19f328a32ecba9be26b0bfce314965 SHA512 fa33b66a46fe601b5f0e19741fe682037256c8c2bc108f93361323c9b6d912894fe1171dacba1bc08bd112e7457521a16213113ee980de11abddf4db37328ea3 WHIRLPOOL 58a0900d00b3502c34a853b80b17de64472bac94702dfae2c1fd335dbe4b4ad0c1f71d780f5490e1c3ef20f7c746949192e2b822b9388c30a88aac2b1f5f2d90 EBUILD openssh-6.2_p2-r4.ebuild 9350 SHA256 8103db5097a5c78db3096fc0b8aa2b977e366511f5dc45ee01c8fbd88447bc9f SHA512 624f16b755791b3aff1c2e1f04075aa874afa53cd4f7853fbb919f5276020855d16e02ddd7bc878110ba9d2a84310809ffb1f056927106ceef7fc6192f460b5b WHIRLPOOL a187a2d94decd79a7a973bbc10ae1171b2e1a22cfdcbddcea9074c2ecfbfcd4b7820652aa180e0058c5fda884d6775f007cab60b7586f9b18369b23972a28c65 EBUILD openssh-6.3_p1-r1.ebuild 9417 SHA256 6547d111a0caed75b70ed9b8d618a826e76402580009e2bd8ae2ba5f2f36e332 SHA512 e3df58433a03b6609bda737028e6a63983da2cec8370b47c0f4d59ed8224e31641e03521197675c728a962b821b3e7714d31e89d01cde5b3968f0d493a375977 WHIRLPOOL 265d6d6c9aa49ad73e7c1911b464614f768c00495abde4b0718d9cc4d605de5d2ad62af11eb8f9bb349381f0fae323c6130812085e8d1c2a2bc6b94c437d48f1 -EBUILD openssh-6.3_p1.ebuild 9350 SHA256 800a4fa17626af06d8cf1d909baa328e2c2dfeb6a35d0608f2325df2df6e014c SHA512 a42aa3d8f7fcc5759a92d3a665d45d0a4c114c9bd21d77d2bda7c63c05af38fd93bb70232425a3958d64a61c8100e4eceecffc21f1c272cd70d4751fc4d29c1f WHIRLPOOL 2e72b300359c031ea10618ca557ad6cb6779dfd912a097e14d9d1fd1f9c4a127579cc11564366f0f27224834970c115d80c1bce09a4285165fb28bf00de91e64 -MISC ChangeLog 79235 SHA256 e3b3095891f3f8e805c5cabb0022b36abacf026ac688d834ca46c17ec4491558 SHA512 b27e8fa41ba83a6af29e56ce53f9a6b535b11fa53daa0488ca2c65b07529bea9d9dd6ce568a3c77ef5549f4f6edca2b17f7d4b468f4280290efcffbb409b9784 WHIRLPOOL 2d223a38a64bf02beb2b995b844cbe03f4612f8f74d2d26df93c6a022e9b88b728f7738b407678d099f0b7c11485320886d33b100fd70b693aa32b6dc7df8dfc +MISC ChangeLog 79336 SHA256 00d24ceb6213255b25dfb198d39651114d334f57e054b0aa404aed4d5a72df68 SHA512 ab7d4dfeae11de386915fbe434ca3bcabdc4259eb2e89d7f41dfe1d526154b3c254cf72987ae4997515d34c3f4ef1a1c28ef958b15f67806ce4fdbf064c89cc0 WHIRLPOOL e3ee8b960168695a7b30a5b9f41ffb99aab0380eeacc0932ad5d17c313e3dc32acf9879e657b103123d9c1aa4486a44312afb8df5516efc39d92fbcbe6841adb MISC metadata.xml 1837 SHA256 5f8be0245926a5dc8007dd78594febffc68bbcb45306630d027666872e664050 SHA512 76e044611e16ede9bb9697c0ad448c149131f1f20b84ef1000fb77d6cec954abd48542fd26299a372b4411aa0ecb161ed38396b2c3b5c11c71a4bc247e0b23ed WHIRLPOOL 46c8b0f7911fec3ca086e1601cfab5d03e01a7d8cd2069460975545438f6fa5964f138d19a70ec7db7f1f8c9c0fbb48dcec6ee8269fa9d7b432214e9e3e46806 -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (GNU/Linux) -iQEcBAEBCAAGBQJSfHFAAAoJEEqz6FtPBkyjr1sH/RV3OmMmdBpaj6Ymaz99sHWU -H39qTbFRvXod4nUBL+ofZvcTCDxVn3H3KliWghVoR4oWngRDKKccn6RmZz3t4gYi -a4KlQ7D7INzbWI2PkZl0V3QqvcM/ep8BuVM1B9h6NZ0rHSqxbX2X2eAUUXLvnVax -4/B/fqRFPCGeSkUz6S1HRMR8WQ2yoAqxwQHJ3TqoKvYb7JUvON/cLydYuFiNV2qu -V0FSMRbnQB/HWwM72e+1D3Odsoo3XbGVuR29KlNhXg4tiafO6NrHioTJUO75FWuF -UnxZy2UeTEncdcXwnb8JW4xK68rkg+VNfZtCGj/iJ6fr0TAopeVE0DLfb8NRqQA= -=dvas +iQEcBAEBCAAGBQJSfHSgAAoJEEqz6FtPBkyjqUMH/2ZaZsRkTQTYGTGk7A05kCm6 +msARj7ukWASH1zvGnyloBC5UuhSxvAS8At2WApRtZm8Q0CPmdmxHGEMekrRaJsV3 +IGtqbCjlQ0FdEvS/yMta3II8jEHutN3vKvVMG3maZtyGLM5gyMpEpNC0uvdc4mUb +sopPGqJw7WUXG16PlJlkO545+SC6sY/huQ7jmlsUZf1VqtPRfnvsN8Y2Re486xY/ +V1zIiZfVANJB4OOZ64327nAqjtejDV9mEDYhJq0wEScjrWdZDdc/sICKivoqJwGI +ExbDFhxzit4yD93EBMwNVY2H7hUj/Y89CuazZCaC2G2JLeEl4ixkMf89UnVfzP0= +=KsA6 -----END PGP SIGNATURE----- diff --git a/net-misc/openssh/openssh-6.3_p1.ebuild b/net-misc/openssh/openssh-6.3_p1.ebuild deleted file mode 100644 index e1265dd67e59..000000000000 --- a/net-misc/openssh/openssh-6.3_p1.ebuild +++ /dev/null @@ -1,307 +0,0 @@ -# Copyright 1999-2013 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/net-misc/openssh/openssh-6.3_p1.ebuild,v 1.1 2013/11/05 06:29:56 radhermit Exp $ - -EAPI="4" -inherit eutils user flag-o-matic multilib autotools pam systemd versionator - -# Make it more portable between straight releases -# and _p? releases. -PARCH=${P/_} - -HPN_PATCH="${PARCH}-hpnssh14v2.diff.gz" -LDAP_PATCH="${PARCH/-/-lpk-}-0.3.14.patch.gz" -X509_VER="7.6" X509_PATCH="${PARCH}+x509-${X509_VER}.diff.gz" - -DESCRIPTION="Port of OpenBSD's free SSH release" -HOMEPAGE="http://www.openssh.org/" -SRC_URI="mirror://openbsd/OpenSSH/portable/${PARCH}.tar.gz - ${HPN_PATCH:+hpn? ( mirror://gentoo/${HPN_PATCH} )} - ${LDAP_PATCH:+ldap? ( mirror://gentoo/${LDAP_PATCH} )} - ${X509_PATCH:+X509? ( http://roumenpetrov.info/openssh/x509-${X509_VER}/${X509_PATCH} )} - " - -LICENSE="BSD GPL-2" -SLOT="0" -KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~arm-linux ~x86-linux" -IUSE="bindist ${HPN_PATCH:++}hpn kerberos ldap ldns libedit pam selinux skey static tcpd X X509" - -LIB_DEPEND="selinux? ( >=sys-libs/libselinux-1.28[static-libs(+)] ) - skey? ( >=sys-auth/skey-1.1.5-r1[static-libs(+)] ) - libedit? ( dev-libs/libedit[static-libs(+)] ) - >=dev-libs/openssl-0.9.6d:0[bindist=] - dev-libs/openssl[static-libs(+)] - >=sys-libs/zlib-1.2.3[static-libs(+)] - tcpd? ( >=sys-apps/tcp-wrappers-7.6[static-libs(+)] )" -RDEPEND=" - !static? ( - ${LIB_DEPEND//\[static-libs(+)]} - ldns? ( - !bindist? ( net-libs/ldns[ecdsa,ssl] ) - bindist? ( net-libs/ldns[-ecdsa,ssl] ) - ) - ) - pam? ( virtual/pam ) - kerberos? ( virtual/krb5 ) - ldap? ( net-nds/openldap )" -DEPEND="${RDEPEND} - static? ( - ${LIB_DEPEND} - ldns? ( - !bindist? ( net-libs/ldns[ecdsa,ssl,static-libs(+)] ) - bindist? ( net-libs/ldns[-ecdsa,ssl,static-libs(+)] ) - ) - ) - virtual/pkgconfig - virtual/os-headers - sys-devel/autoconf" -RDEPEND="${RDEPEND} - pam? ( >=sys-auth/pambase-20081028 ) - userland_GNU? ( virtual/shadow ) - X? ( x11-apps/xauth )" - -S=${WORKDIR}/${PARCH} - -pkg_setup() { - # this sucks, but i'd rather have people unable to `emerge -u openssh` - # than not be able to log in to their server any more - maybe_fail() { [[ -z ${!2} ]] && echo "$1" ; } - local fail=" - $(use X509 && maybe_fail X509 X509_PATCH) - $(use ldap && maybe_fail ldap LDAP_PATCH) - $(use hpn && maybe_fail hpn HPN_PATCH) - " - fail=$(echo ${fail}) - if [[ -n ${fail} ]] ; then - eerror "Sorry, but this version does not yet support features" - eerror "that you requested: ${fail}" - eerror "Please mask ${PF} for now and check back later:" - eerror " # echo '=${CATEGORY}/${PF}' >> /etc/portage/package.mask" - die "booooo" - fi -} - -save_version() { - # version.h patch conflict avoidence - mv version.h version.h.$1 - cp -f version.h.pristine version.h -} - -src_prepare() { - sed -i \ - -e "/_PATH_XAUTH/s:/usr/X11R6/bin/xauth:${EPREFIX}/usr/bin/xauth:" \ - pathnames.h || die - # keep this as we need it to avoid the conflict between LPK and HPN changing - # this file. - cp version.h version.h.pristine - - # don't break .ssh/authorized_keys2 for fun - sed -i '/^AuthorizedKeysFile/s:^:#:' sshd_config || die - - epatch "${FILESDIR}"/${PN}-5.9_p1-sshd-gssapi-multihomed.patch #378361 - if use X509 ; then - pushd .. >/dev/null - epatch "${FILESDIR}"/${PN}-6.3_p1-x509-glue.patch - popd >/dev/null - epatch "${WORKDIR}"/${X509_PATCH%.*} - epatch "${FILESDIR}"/${PN}-6.3_p1-x509-hpn14v2-glue.patch - save_version X509 - fi - if ! use X509 ; then - if [[ -n ${LDAP_PATCH} ]] && use ldap ; then - epatch "${WORKDIR}"/${LDAP_PATCH%.*} - save_version LPK - fi - else - use ldap && ewarn "Sorry, X509 and LDAP conflict internally, disabling LDAP" - fi - epatch "${FILESDIR}"/${PN}-4.7_p1-GSSAPI-dns.patch #165444 integrated into gsskex - if [[ -n ${HPN_PATCH} ]] && use hpn; then - epatch "${WORKDIR}"/${HPN_PATCH%.*} - save_version HPN - fi - - tc-export PKG_CONFIG - local sed_args=( - -e "s:-lcrypto:$(${PKG_CONFIG} --libs openssl):" - # Disable PATH reset, trust what portage gives us #254615 - -e 's:^PATH=/:#PATH=/:' - # Disable fortify flags ... our gcc does this for us - -e 's:-D_FORTIFY_SOURCE=2::' - ) - sed -i "${sed_args[@]}" configure{,.ac} || die - - epatch_user #473004 - - # Now we can build a sane merged version.h - ( - sed '/^#define SSH_RELEASE/d' version.h.* | sort -u - macros=() - for p in HPN LPK X509 ; do [ -e version.h.${p} ] && macros+=( SSH_${p} ) ; done - printf '#define SSH_RELEASE SSH_VERSION SSH_PORTABLE %s\n' "${macros}" - ) > version.h - - eautoreconf -} - -static_use_with() { - local flag=$1 - if use static && use ${flag} ; then - ewarn "Disabling '${flag}' support because of USE='static'" - # rebuild args so that we invert the first one (USE flag) - # but otherwise leave everything else working so we can - # just leverage use_with - shift - [[ -z $1 ]] && flag="${flag} ${flag}" - set -- !${flag} "$@" - fi - use_with "$@" -} - -src_configure() { - local myconf - addwrite /dev/ptmx - addpredict /etc/skey/skeykeys #skey configure code triggers this - - use static && append-ldflags -static - - # Special settings for Gentoo/FreeBSD 9.0 or later (see bug #391011) - if use elibc_FreeBSD && version_is_at_least 9.0 "$(uname -r|sed 's/\(.\..\).*/\1/')" ; then - myconf="${myconf} --disable-utmp --disable-wtmp --disable-wtmpx" - append-ldflags -lutil - fi - - econf \ - --with-ldflags="${LDFLAGS}" \ - --disable-strip \ - --with-pid-dir="${EPREFIX}"/var/run \ - --sysconfdir="${EPREFIX}"/etc/ssh \ - --libexecdir="${EPREFIX}"/usr/$(get_libdir)/misc \ - --datadir="${EPREFIX}"/usr/share/openssh \ - --with-privsep-path="${EPREFIX}"/var/empty \ - --with-privsep-user=sshd \ - --with-md5-passwords \ - --with-ssl-engine \ - $(static_use_with pam) \ - $(static_use_with kerberos kerberos5 /usr) \ - ${LDAP_PATCH:+$(use X509 || ( use ldap && use_with ldap ))} \ - $(use_with ldns) \ - $(use_with libedit) \ - $(use_with selinux) \ - $(use_with skey) \ - $(use_with tcpd tcp-wrappers) \ - ${myconf} -} - -src_install() { - emake install-nokeys DESTDIR="${D}" - fperms 600 /etc/ssh/sshd_config - dobin contrib/ssh-copy-id - newinitd "${FILESDIR}"/sshd.rc6.4 sshd - newconfd "${FILESDIR}"/sshd.confd sshd - keepdir /var/empty - - # not all openssl installs support ecc, or are functional #352645 - if ! grep -q '#define OPENSSL_HAS_ECC 1' config.h ; then - elog "dev-libs/openssl was built with 'bindist' - disabling ecdsa support" - sed -i 's:&& gen_key ecdsa::' "${ED}"/etc/init.d/sshd || die - fi - - newpamd "${FILESDIR}"/sshd.pam_include.2 sshd - if use pam ; then - sed -i \ - -e "/^#UsePAM /s:.*:UsePAM yes:" \ - -e "/^#PasswordAuthentication /s:.*:PasswordAuthentication no:" \ - -e "/^#PrintMotd /s:.*:PrintMotd no:" \ - -e "/^#PrintLastLog /s:.*:PrintLastLog no:" \ - "${ED}"/etc/ssh/sshd_config || die "sed of configuration file failed" - fi - - # Gentoo tweaks to default config files - cat <<-EOF >> "${ED}"/etc/ssh/sshd_config - - # Allow client to pass locale environment variables #367017 - AcceptEnv LANG LC_* - EOF - cat <<-EOF >> "${ED}"/etc/ssh/ssh_config - - # Send locale environment variables #367017 - SendEnv LANG LC_* - EOF - - # This instruction is from the HPN webpage, - # Used for the server logging functionality - if [[ -n ${HPN_PATCH} ]] && use hpn ; then - keepdir /var/empty/dev - fi - - if use ldap ; then - insinto /etc/openldap/schema/ - newins openssh-lpk_openldap.schema openssh-lpk.schema - fi - - doman contrib/ssh-copy-id.1 - dodoc ChangeLog CREDITS OVERVIEW README* TODO sshd_config - - diropts -m 0700 - dodir /etc/skel/.ssh - - systemd_dounit "${FILESDIR}"/sshd.{service,socket} - systemd_newunit "${FILESDIR}"/sshd_at.service 'sshd@.service' -} - -src_test() { - local t tests skipped failed passed shell - tests="interop-tests compat-tests" - skipped="" - shell=$(egetshell ${UID}) - if [[ ${shell} == */nologin ]] || [[ ${shell} == */false ]] ; then - elog "Running the full OpenSSH testsuite" - elog "requires a usable shell for the 'portage'" - elog "user, so we will run a subset only." - skipped="${skipped} tests" - else - tests="${tests} tests" - fi - # It will also attempt to write to the homedir .ssh - local sshhome=${T}/homedir - mkdir -p "${sshhome}"/.ssh - for t in ${tests} ; do - # Some tests read from stdin ... - HOMEDIR="${sshhome}" \ - emake -k -j1 ${t} </dev/null \ - && passed="${passed}${t} " \ - || failed="${failed}${t} " - done - einfo "Passed tests: ${passed}" - ewarn "Skipped tests: ${skipped}" - if [[ -n ${failed} ]] ; then - ewarn "Failed tests: ${failed}" - die "Some tests failed: ${failed}" - else - einfo "Failed tests: ${failed}" - return 0 - fi -} - -pkg_preinst() { - enewgroup sshd 22 - enewuser sshd 22 -1 /var/empty sshd -} - -pkg_postinst() { - if has_version "<${CATEGORY}/${PN}-5.8_p1" ; then - elog "Starting with openssh-5.8p1, the server will default to a newer key" - elog "algorithm (ECDSA). You are encouraged to manually update your stored" - elog "keys list as servers update theirs. See ssh-keyscan(1) for more info." - fi - ewarn "Remember to merge your config files in /etc/ssh/ and then" - ewarn "reload sshd: '/etc/init.d/sshd reload'." - # This instruction is from the HPN webpage, - # Used for the server logging functionality - if [[ -n ${HPN_PATCH} ]] && use hpn ; then - echo - einfo "For the HPN server logging patch, you must ensure that" - einfo "your syslog application also listens at /var/empty/dev/log." - fi -} |