Diff openssh-7.9_p1-r4 with a openssh-8.0_p1-r4

/usr/portage/net-misc/openssh/openssh-8.0_p1-r4.ebuild 2020-02-14 01:10:00.000000000 +0300
3 3

  
4 4
EAPI=6
5 5

  
6
inherit user flag-o-matic multilib autotools pam systemd toolchain-funcs
6
inherit user-info eapi7-ver flag-o-matic multilib autotools pam systemd toolchain-funcs
7 7

  
8 8
# Make it more portable between straight releases
9 9
# and _p? releases.
......
18 18
)
19 19

  
20 20
SCTP_VER="1.2" SCTP_PATCH="${PARCH}-sctp-${SCTP_VER}.patch.xz"
21
X509_VER="11.6" X509_PATCH="${PARCH}+x509-${X509_VER}.diff.gz"
21
X509_VER="12.1-gentoo" X509_PATCH="${PARCH}+x509-${X509_VER}.diff.gz"
22 22

  
23 23
PATCH_SET="openssh-7.9p1-patches-1.0"
24 24

  
25 25
DESCRIPTION="Port of OpenBSD's free SSH release"
26 26
HOMEPAGE="https://www.openssh.com/"
27 27
SRC_URI="mirror://openbsd/OpenSSH/portable/${PARCH}.tar.gz
28
	https://dev.gentoo.org/~whissi/dist/${PN}/${PATCH_SET}.tar.xz
29 28
	${SCTP_PATCH:+sctp? ( https://dev.gentoo.org/~whissi/dist/openssh/${SCTP_PATCH} )}
30 29
	${HPN_VER:+hpn? ( $(printf "mirror://sourceforge/hpnssh/HPN-SSH%%20${HPN_VER/./v}%%20${HPN_PV/_P/p}/%s\n" "${HPN_PATCHES[@]}") )}
31
	${X509_PATCH:+X509? ( https://roumenpetrov.info/openssh/x509-${X509_VER}/${X509_PATCH} )}
30
	${X509_PATCH:+X509? ( https://dev.gentoo.org/~whissi/dist/openssh/${X509_PATCH} )}
32 31
	"
33 32

  
34 33
LICENSE="BSD GPL-2"
35 34
SLOT="0"
36
KEYWORDS="~alpha amd64 arm arm64 hppa ia64 m68k ~mips ppc ppc64 s390 sh sparc x86 ~ppc-aix ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
35
KEYWORDS="~alpha amd64 arm arm64 hppa ia64 m68k ~mips ppc ppc64 ~riscv s390 sh sparc x86 ~ppc-aix ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
37 36
# Probably want to drop ssl defaulting to on in a future version.
38
IUSE="abi_mips_n32 audit bindist debug hpn kerberos kernel_linux ldns libedit libressl livecd pam +pie sctp selinux +ssl static test X X509"
37
IUSE="abi_mips_n32 audit bindist debug hpn kerberos kernel_linux ldns libedit libressl livecd pam +pie sctp selinux +ssl static test X X509 xmss"
39 38
RESTRICT="!test? ( test )"
40 39
REQUIRED_USE="ldns? ( ssl )
41 40
	pie? ( !static )
......
68 67
	)
69 68
	>=sys-libs/zlib-1.2.3:=[static-libs(+)]"
70 69
RDEPEND="
70
	acct-group/sshd
71
	acct-user/sshd
71 72
	!static? ( ${LIB_DEPEND//\[static-libs(+)]} )
72 73
	pam? ( sys-libs/pam )
73 74
	kerberos? ( virtual/krb5 )"
......
116 117
	# don't break .ssh/authorized_keys2 for fun
117 118
	sed -i '/^AuthorizedKeysFile/s:^:#:' sshd_config || die
118 119

  
119
	eapply "${FILESDIR}"/${PN}-7.9_p1-openssl-1.0.2-compat.patch
120 120
	eapply "${FILESDIR}"/${PN}-7.9_p1-include-stdlib.patch
121
	eapply "${FILESDIR}"/${PN}-7.8_p1-GSSAPI-dns.patch #165444 integrated into gsskex
121
	eapply "${FILESDIR}"/${PN}-8.0_p1-GSSAPI-dns.patch #165444 integrated into gsskex
122 122
	eapply "${FILESDIR}"/${PN}-6.7_p1-openssl-ignore-status.patch
123 123
	eapply "${FILESDIR}"/${PN}-7.5_p1-disable-conch-interop-tests.patch
124

  
125
	if use X509 ; then
126
		# patch doesn't apply due to X509 modifications
127
		rm \
128
			"${WORKDIR}"/patches/0001-fix-key-type-check.patch \
129
			"${WORKDIR}"/patches/0002-request-rsa-sha2-cert-signatures.patch \
130
			|| die
131
	else
132
		eapply "${FILESDIR}"/${PN}-7.9_p1-CVE-2018-20685.patch # X509 patch set includes this patch
133
	fi
124
	eapply "${FILESDIR}"/${PN}-8.0_p1-fix-putty-tests.patch
125
	eapply "${FILESDIR}"/${PN}-8.0_p1-deny-shmget-shmat-shmdt-in-preauth-privsep-child.patch
126
	eapply "${FILESDIR}"/${PN}-8.0_p1-fix-integer-overflow-in-XMSS-private-key-parsing.patch
127
	eapply "${FILESDIR}"/${PN}-8.0_p1-fix-an-unreachable-integer-overflow-similar-to-the-XMSS-case.patch
128
	eapply "${FILESDIR}"/${PN}-8.1_p1-tests-2020.patch
129
	use X509 || eapply "${FILESDIR}"/${PN}-8.0_p1-tests.patch
134 130

  
135 131
	[[ -d ${WORKDIR}/patches ]] && eapply "${WORKDIR}"/patches
136 132

  
137 133
	local PATCHSET_VERSION_MACROS=()
138 134

  
139 135
	if use X509 ; then
140
		pushd "${WORKDIR}" || die
141
		eapply "${FILESDIR}/${P}-X509-glue-${X509_VER}.patch"
142
		eapply "${FILESDIR}/${P}-X509-dont-make-piddir-${X509_VER}.patch"
143
		popd || die
144

  
145
		if use hpn ; then
146
			einfo "Will disable MT AES cipher due to incompatbility caused by X509 patch set"
147
			HPN_DISABLE_MTAES=1
148
		fi
136
		# X509 12.1-gentoo patch contains the changes from below
137
		#pushd "${WORKDIR}" &>/dev/null || die
138
		#eapply "${FILESDIR}/${P}-X509-glue-"${X509_VER}".patch"
139
		#eapply "${FILESDIR}/${P}-X509-dont-make-piddir-"${X509_VER}".patch"
140
		#popd &>/dev/null || die
149 141

  
150 142
		eapply "${WORKDIR}"/${X509_PATCH%.*}
151
		eapply "${FILESDIR}"/${P}-X509-${X509_VER}-tests.patch
143
		eapply "${FILESDIR}"/${P}-X509-$(ver_cut 1-2 ${X509_VER})-tests.patch
152 144

  
153 145
		# We need to patch package version or any X.509 sshd will reject our ssh client
154 146
		# with "userauth_pubkey: could not parse key: string is too large [preauth]"
......
184 176
		local hpn_patchdir="${T}/${P}-hpn${HPN_VER}"
185 177
		mkdir "${hpn_patchdir}"
186 178
		cp $(printf -- "${DISTDIR}/%s\n" "${HPN_PATCHES[@]}") "${hpn_patchdir}"
187
		pushd "${hpn_patchdir}"
188
		eapply "${FILESDIR}"/${P}-hpn-glue.patch
189
		use X509 && eapply "${FILESDIR}"/${P}-hpn-X509-glue.patch
190
		use sctp && eapply "${FILESDIR}"/${P}-hpn-sctp-glue.patch
191
		popd
179
		pushd "${hpn_patchdir}" &>/dev/null || die
180
		eapply "${FILESDIR}"/${PN}-8.0_p1-hpn-glue.patch
181
		if use X509; then
182
			einfo "Will disable MT AES cipher due to incompatbility caused by X509 patch set"
183
			# X509 and AES-CTR-MT don't get along, let's just drop it
184
			rm openssh-${HPN_PV//./_}-hpn-AES-CTR-${HPN_VER}.diff || die
185
			eapply "${FILESDIR}"/${PN}-8.0_p1-hpn-X509-glue.patch
186
		fi
187
		use sctp && eapply "${FILESDIR}"/${PN}-7.9_p1-hpn-sctp-glue.patch
188
		popd &>/dev/null || die
192 189

  
193 190
		eapply "${hpn_patchdir}"
194
		eapply "${FILESDIR}/openssh-7.9_p1-hpn-openssl-1.1.patch"
191

  
192
		if ! use X509; then
193
			eapply "${FILESDIR}/openssh-7.9_p1-hpn-openssl-1.1.patch"
194
			eapply "${FILESDIR}/openssh-8.0_p1-hpn-version.patch"
195
		fi
195 196

  
196 197
		einfo "Patching Makefile.in for HPN patch set ..."
197 198
		sed -i \
......
274 275

  
275 276
	use debug && append-cppflags -DSANDBOX_SECCOMP_FILTER_DEBUG
276 277
	use static && append-ldflags -static
278
	use xmss && append-cflags -DWITH_XMSS
277 279

  
278 280
	local myconf=(
279 281
		--with-ldflags="${LDFLAGS}"
......
327 329
	mkdir -p "${sshhome}"/.ssh
328 330
	for t in "${tests[@]}" ; do
329 331
		# Some tests read from stdin ...
330
		HOMEDIR="${sshhome}" HOME="${sshhome}" \
332
		HOMEDIR="${sshhome}" HOME="${sshhome}" SUDO="" \
331 333
		emake -k -j1 ${t} </dev/null \
332 334
			&& passed+=( "${t}" ) \
333 335
			|| failed+=( "${t}" )
......
411 413
	systemd_newunit "${FILESDIR}"/sshd_at.service 'sshd@.service'
412 414
}
413 415

  
414
pkg_preinst() {
415
	enewgroup sshd 22
416
	enewuser sshd 22 -1 /var/empty sshd
417
}
418

  
419 416
pkg_postinst() {
420 417
	if has_version "<${CATEGORY}/${PN}-5.8_p1" ; then
421 418
		elog "Starting with openssh-5.8p1, the server will default to a newer key"
Thank you!