Diff openssh-7.9_p1-r4 with a openssh-8.0_p1-r4

/usr/portage/net-misc/openssh/openssh-8.0_p1-r4.ebuild 2019-10-12 22:39:00.000000000 +0300
3 3

  
4 4
EAPI=6
5 5

  
6
inherit user flag-o-matic multilib autotools pam systemd
6
inherit user eapi7-ver flag-o-matic multilib autotools pam systemd
7 7

  
8 8
# Make it more portable between straight releases
9 9
# and _p? releases.
......
18 18
)
19 19

  
20 20
SCTP_VER="1.2" SCTP_PATCH="${PARCH}-sctp-${SCTP_VER}.patch.xz"
21
X509_VER="11.6" X509_PATCH="${PARCH}+x509-${X509_VER}.diff.gz"
21
X509_VER="12.1-gentoo" X509_PATCH="${PARCH}+x509-${X509_VER}.diff.gz"
22 22

  
23 23
PATCH_SET="openssh-7.9p1-patches-1.0"
24 24

  
25 25
DESCRIPTION="Port of OpenBSD's free SSH release"
26 26
HOMEPAGE="https://www.openssh.com/"
27 27
SRC_URI="mirror://openbsd/OpenSSH/portable/${PARCH}.tar.gz
28
	https://dev.gentoo.org/~whissi/dist/${PN}/${PATCH_SET}.tar.xz
29 28
	${SCTP_PATCH:+sctp? ( https://dev.gentoo.org/~whissi/dist/openssh/${SCTP_PATCH} )}
30 29
	${HPN_VER:+hpn? ( $(printf "mirror://sourceforge/hpnssh/HPN-SSH%%20${HPN_VER/./v}%%20${HPN_PV/_P/p}/%s\n" "${HPN_PATCHES[@]}") )}
31
	${X509_PATCH:+X509? ( https://roumenpetrov.info/openssh/x509-${X509_VER}/${X509_PATCH} )}
30
	${X509_PATCH:+X509? ( https://dev.gentoo.org/~whissi/dist/openssh/${X509_PATCH} )}
32 31
	"
33 32

  
34 33
LICENSE="BSD GPL-2"
35 34
SLOT="0"
36
KEYWORDS="alpha amd64 arm arm64 hppa ia64 m68k ~mips ppc ppc64 s390 sh sparc x86 ~ppc-aix ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
35
KEYWORDS="alpha amd64 arm arm64 hppa ia64 m68k ~mips ppc ppc64 ~riscv s390 sh sparc x86 ~ppc-aix ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
37 36
# Probably want to drop ssl defaulting to on in a future version.
38
IUSE="abi_mips_n32 audit bindist debug hpn kerberos kernel_linux ldns libedit libressl livecd pam +pie sctp selinux +ssl static test X X509"
37
IUSE="abi_mips_n32 audit bindist debug hpn kerberos kernel_linux ldns libedit libressl livecd pam +pie sctp selinux +ssl static test X X509 xmss"
39 38
RESTRICT="!test? ( test )"
40 39
REQUIRED_USE="ldns? ( ssl )
41 40
	pie? ( !static )
......
116 115
	# don't break .ssh/authorized_keys2 for fun
117 116
	sed -i '/^AuthorizedKeysFile/s:^:#:' sshd_config || die
118 117

  
119
	eapply "${FILESDIR}"/${PN}-7.9_p1-openssl-1.0.2-compat.patch
120 118
	eapply "${FILESDIR}"/${PN}-7.9_p1-include-stdlib.patch
121
	eapply "${FILESDIR}"/${PN}-7.8_p1-GSSAPI-dns.patch #165444 integrated into gsskex
119
	eapply "${FILESDIR}"/${PN}-8.0_p1-GSSAPI-dns.patch #165444 integrated into gsskex
122 120
	eapply "${FILESDIR}"/${PN}-6.7_p1-openssl-ignore-status.patch
123 121
	eapply "${FILESDIR}"/${PN}-7.5_p1-disable-conch-interop-tests.patch
124

  
125
	if use X509 ; then
126
		# patch doesn't apply due to X509 modifications
127
		rm \
128
			"${WORKDIR}"/patches/0001-fix-key-type-check.patch \
129
			"${WORKDIR}"/patches/0002-request-rsa-sha2-cert-signatures.patch \
130
			|| die
131
	else
132
		eapply "${FILESDIR}"/${PN}-7.9_p1-CVE-2018-20685.patch # X509 patch set includes this patch
133
	fi
122
	eapply "${FILESDIR}"/${PN}-8.0_p1-fix-putty-tests.patch
123
	eapply "${FILESDIR}"/${PN}-8.0_p1-deny-shmget-shmat-shmdt-in-preauth-privsep-child.patch
124
	eapply "${FILESDIR}"/${PN}-8.0_p1-fix-integer-overflow-in-XMSS-private-key-parsing.patch
125
	eapply "${FILESDIR}"/${PN}-8.0_p1-fix-an-unreachable-integer-overflow-similar-to-the-XMSS-case.patch
126
	use X509 || eapply "${FILESDIR}"/${PN}-8.0_p1-tests.patch
134 127

  
135 128
	[[ -d ${WORKDIR}/patches ]] && eapply "${WORKDIR}"/patches
136 129

  
137 130
	local PATCHSET_VERSION_MACROS=()
138 131

  
139 132
	if use X509 ; then
140
		pushd "${WORKDIR}" || die
141
		eapply "${FILESDIR}/${P}-X509-glue-${X509_VER}.patch"
142
		eapply "${FILESDIR}/${P}-X509-dont-make-piddir-${X509_VER}.patch"
143
		popd || die
144

  
145
		if use hpn ; then
146
			einfo "Will disable MT AES cipher due to incompatbility caused by X509 patch set"
147
			HPN_DISABLE_MTAES=1
148
		fi
133
		# X509 12.1-gentoo patch contains the changes from below
134
		#pushd "${WORKDIR}" &>/dev/null || die
135
		#eapply "${FILESDIR}/${P}-X509-glue-"${X509_VER}".patch"
136
		#eapply "${FILESDIR}/${P}-X509-dont-make-piddir-"${X509_VER}".patch"
137
		#popd &>/dev/null || die
149 138

  
150 139
		eapply "${WORKDIR}"/${X509_PATCH%.*}
151
		eapply "${FILESDIR}"/${P}-X509-${X509_VER}-tests.patch
140
		eapply "${FILESDIR}"/${P}-X509-$(ver_cut 1-2 ${X509_VER})-tests.patch
152 141

  
153 142
		# We need to patch package version or any X.509 sshd will reject our ssh client
154 143
		# with "userauth_pubkey: could not parse key: string is too large [preauth]"
......
184 173
		local hpn_patchdir="${T}/${P}-hpn${HPN_VER}"
185 174
		mkdir "${hpn_patchdir}"
186 175
		cp $(printf -- "${DISTDIR}/%s\n" "${HPN_PATCHES[@]}") "${hpn_patchdir}"
187
		pushd "${hpn_patchdir}"
188
		eapply "${FILESDIR}"/${P}-hpn-glue.patch
189
		use X509 && eapply "${FILESDIR}"/${P}-hpn-X509-glue.patch
190
		use sctp && eapply "${FILESDIR}"/${P}-hpn-sctp-glue.patch
191
		popd
176
		pushd "${hpn_patchdir}" &>/dev/null || die
177
		eapply "${FILESDIR}"/${PN}-8.0_p1-hpn-glue.patch
178
		if use X509; then
179
			einfo "Will disable MT AES cipher due to incompatbility caused by X509 patch set"
180
			# X509 and AES-CTR-MT don't get along, let's just drop it
181
			rm openssh-${HPN_PV//./_}-hpn-AES-CTR-${HPN_VER}.diff || die
182
			eapply "${FILESDIR}"/${PN}-8.0_p1-hpn-X509-glue.patch
183
		fi
184
		use sctp && eapply "${FILESDIR}"/${PN}-7.9_p1-hpn-sctp-glue.patch
185
		popd &>/dev/null || die
192 186

  
193 187
		eapply "${hpn_patchdir}"
194
		eapply "${FILESDIR}/openssh-7.9_p1-hpn-openssl-1.1.patch"
188

  
189
		if ! use X509; then
190
			eapply "${FILESDIR}/openssh-7.9_p1-hpn-openssl-1.1.patch"
191
			eapply "${FILESDIR}/openssh-8.0_p1-hpn-version.patch"
192
		fi
195 193

  
196 194
		einfo "Patching Makefile.in for HPN patch set ..."
197 195
		sed -i \
......
274 272

  
275 273
	use debug && append-cppflags -DSANDBOX_SECCOMP_FILTER_DEBUG
276 274
	use static && append-ldflags -static
275
	use xmss && append-cflags -DWITH_XMSS
277 276

  
278 277
	local myconf=(
279 278
		--with-ldflags="${LDFLAGS}"
......
327 326
	mkdir -p "${sshhome}"/.ssh
328 327
	for t in "${tests[@]}" ; do
329 328
		# Some tests read from stdin ...
330
		HOMEDIR="${sshhome}" HOME="${sshhome}" \
329
		HOMEDIR="${sshhome}" HOME="${sshhome}" SUDO="" \
331 330
		emake -k -j1 ${t} </dev/null \
332 331
			&& passed+=( "${t}" ) \
333 332
			|| failed+=( "${t}" )
Thank you!