[arch-commits] Commit in openssh/repos (10 files)
Gaetan Bisson
bisson at archlinux.org
Thu Sep 8 02:26:18 UTC 2011
Date: Wednesday, September 7, 2011 @ 22:26:18
Author: bisson
Revision: 137501
db-move: moved openssh from [testing] to [core] (i686)
Added:
openssh/repos/core-i686/PKGBUILD
(from rev 137500, openssh/repos/testing-i686/PKGBUILD)
openssh/repos/core-i686/sshd
(from rev 137500, openssh/repos/testing-i686/sshd)
openssh/repos/core-i686/sshd.confd
(from rev 137500, openssh/repos/testing-i686/sshd.confd)
openssh/repos/core-i686/sshd.pam
(from rev 137500, openssh/repos/testing-i686/sshd.pam)
Deleted:
openssh/repos/core-i686/PKGBUILD
openssh/repos/core-i686/authfile.c.patch
openssh/repos/core-i686/sshd
openssh/repos/core-i686/sshd.confd
openssh/repos/core-i686/sshd.pam
openssh/repos/testing-i686/
------------------+
PKGBUILD | 136 +++++++++++++++++-------------------
authfile.c.patch | 198 -----------------------------------------------------
sshd | 93 ++++++++++++------------
sshd.confd | 8 +-
sshd.pam | 22 ++---
5 files changed, 126 insertions(+), 331 deletions(-)
Deleted: core-i686/PKGBUILD
===================================================================
--- core-i686/PKGBUILD 2011-09-08 00:49:17 UTC (rev 137500)
+++ core-i686/PKGBUILD 2011-09-08 02:26:18 UTC (rev 137501)
@@ -1,70 +0,0 @@
-# $Id$
-# Maintainer: Gaetan Bisson <bisson at archlinux.org>
-# Contributor: Aaron Griffin <aaron at archlinux.org>
-# Contributor: judd <jvinet at zeroflux.org>
-
-pkgname=openssh
-pkgver=5.8p2
-pkgrel=9
-pkgdesc='Free version of the SSH connectivity tools'
-arch=('i686' 'x86_64')
-license=('custom:BSD')
-url='http://www.openssh.org/portable.html'
-backup=('etc/ssh/ssh_config' 'etc/ssh/sshd_config' 'etc/pam.d/sshd' 'etc/conf.d/sshd')
-depends=('krb5' 'openssl' 'libedit')
-source=("ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/${pkgname}-${pkgver}.tar.gz"
- 'authfile.c.patch'
- 'sshd.confd'
- 'sshd.pam'
- 'sshd')
-sha1sums=('64798328d310e4f06c9f01228107520adbc8b3e5'
- '3669cb5ca6149f69015df5ce8e60b82c540eb0a4'
- 'ec102deb69cad7d14f406289d2fc11fee6eddbdd'
- '07fecd5880b1c4fdd8c94ddb2e89ddce88effdc1'
- '6b7f8ebf0c1cc37137a7d9a53447ac8a0ee6a2b5')
-
-build() {
- cd "${srcdir}/${pkgname}-${pkgver}"
-
- patch -p1 -i ../authfile.c.patch # fix FS#24693 using http://anoncvs.mindrot.org/index.cgi/openssh/authfile.c?revision=1.95
-
- ./configure \
- --prefix=/usr \
- --libexecdir=/usr/lib/ssh \
- --sysconfdir=/etc/ssh \
- --with-privsep-user=nobody \
- --with-md5-passwords \
- --with-pam \
- --with-mantype=man \
- --mandir=/usr/share/man \
- --with-xauth=/usr/bin/xauth \
- --with-kerberos5=/usr \
- --with-ssl-engine \
- --with-libedit=/usr/lib \
- --disable-strip # stripping is done by makepkg
-
- make
-}
-
-package() {
- cd "${srcdir}/${pkgname}-${pkgver}"
- make DESTDIR="${pkgdir}" install
-
- install -Dm755 ../sshd "${pkgdir}"/etc/rc.d/sshd
- install -Dm644 ../sshd.pam "${pkgdir}"/etc/pam.d/sshd
- install -Dm644 ../sshd.confd "${pkgdir}"/etc/conf.d/sshd
- install -Dm644 LICENCE "${pkgdir}/usr/share/licenses/${pkgname}/LICENCE"
-
- rm "${pkgdir}"/usr/share/man/man1/slogin.1
- ln -sf ssh.1.gz "${pkgdir}"/usr/share/man/man1/slogin.1.gz
-
- # additional contrib scripts that we like
- install -Dm755 contrib/findssl.sh "${pkgdir}"/usr/bin/findssl.sh
- install -Dm755 contrib/ssh-copy-id "${pkgdir}"/usr/bin/ssh-copy-id
- install -Dm644 contrib/ssh-copy-id.1 "${pkgdir}"/usr/share/man/man1/ssh-copy-id.1
-
- # PAM is a common, standard feature to have
- sed -i -e '/^#ChallengeResponseAuthentication yes$/c ChallengeResponseAuthentication no' \
- -e '/^#UsePAM no$/c UsePAM yes' \
- "${pkgdir}"/etc/ssh/sshd_config
-}
Copied: openssh/repos/core-i686/PKGBUILD (from rev 137500, openssh/repos/testing-i686/PKGBUILD)
===================================================================
--- core-i686/PKGBUILD (rev 0)
+++ core-i686/PKGBUILD 2011-09-08 02:26:18 UTC (rev 137501)
@@ -0,0 +1,66 @@
+# $Id$
+# Maintainer: Gaetan Bisson <bisson at archlinux.org>
+# Contributor: Aaron Griffin <aaron at archlinux.org>
+# Contributor: judd <jvinet at zeroflux.org>
+
+pkgname=openssh
+pkgver=5.9p1
+pkgrel=3
+pkgdesc='Free version of the SSH connectivity tools'
+arch=('i686' 'x86_64')
+license=('custom:BSD')
+url='http://www.openssh.org/portable.html'
+backup=('etc/ssh/ssh_config' 'etc/ssh/sshd_config' 'etc/pam.d/sshd' 'etc/conf.d/sshd')
+depends=('krb5' 'openssl' 'libedit')
+source=("ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/${pkgname}-${pkgver}.tar.gz"
+ 'sshd.confd'
+ 'sshd.pam'
+ 'sshd')
+sha1sums=('ac4e0055421e9543f0af5da607a72cf5922dcc56'
+ 'ec102deb69cad7d14f406289d2fc11fee6eddbdd'
+ '07fecd5880b1c4fdd8c94ddb2e89ddce88effdc1'
+ '21fa88de6cc1c7912e71655f50896ba17991a1c2')
+
+build() {
+ cd "${srcdir}/${pkgname}-${pkgver}"
+
+ ./configure \
+ --prefix=/usr \
+ --libexecdir=/usr/lib/ssh \
+ --sysconfdir=/etc/ssh \
+ --with-privsep-user=nobody \
+ --with-md5-passwords \
+ --with-pam \
+ --with-mantype=man \
+ --with-xauth=/usr/bin/xauth \
+ --with-kerberos5=/usr \
+ --with-ssl-engine \
+ --with-libedit=/usr/lib \
+ --disable-strip # stripping is done by makepkg
+
+ make
+}
+
+package() {
+ cd "${srcdir}/${pkgname}-${pkgver}"
+ make DESTDIR="${pkgdir}" install
+
+ install -Dm755 ../sshd "${pkgdir}"/etc/rc.d/sshd
+ install -Dm644 ../sshd.pam "${pkgdir}"/etc/pam.d/sshd
+ install -Dm644 ../sshd.confd "${pkgdir}"/etc/conf.d/sshd
+ install -Dm644 LICENCE "${pkgdir}/usr/share/licenses/${pkgname}/LICENCE"
+
+ rm "${pkgdir}"/usr/share/man/man1/slogin.1
+ ln -sf ssh.1.gz "${pkgdir}"/usr/share/man/man1/slogin.1.gz
+
+ # additional contrib scripts that we like
+ install -Dm755 contrib/findssl.sh "${pkgdir}"/usr/bin/findssl.sh
+ install -Dm755 contrib/ssh-copy-id "${pkgdir}"/usr/bin/ssh-copy-id
+ install -Dm644 contrib/ssh-copy-id.1 "${pkgdir}"/usr/share/man/man1/ssh-copy-id.1
+
+ # PAM is a common, standard feature to have
+ sed \
+ -e '/^#ChallengeResponseAuthentication yes$/c ChallengeResponseAuthentication no' \
+ -e '/^#UsePAM no$/c UsePAM yes' \
+ -i "${pkgdir}"/etc/ssh/sshd_config
+}
Deleted: core-i686/authfile.c.patch
===================================================================
--- core-i686/authfile.c.patch 2011-09-08 00:49:17 UTC (rev 137500)
+++ core-i686/authfile.c.patch 2011-09-08 02:26:18 UTC (rev 137501)
@@ -1,198 +0,0 @@
-diff -aur old/authfile.c new/authfile.c
---- old/authfile.c 2011-06-12 02:21:52.262338254 +0200
-+++ new/authfile.c 2011-06-12 02:13:43.051467269 +0200
-@@ -1,4 +1,4 @@
--/* $OpenBSD: authfile.c,v 1.87 2010/11/29 18:57:04 markus Exp $ */
-+/* $OpenBSD: authfile.c,v 1.95 2011/05/29 11:42:08 djm Exp $ */
- /*
- * Author: Tatu Ylonen <ylo at cs.hut.fi>
- * Copyright (c) 1995 Tatu Ylonen <ylo at cs.hut.fi>, Espoo, Finland
-@@ -69,6 +69,8 @@
- #include "misc.h"
- #include "atomicio.h"
-
-+#define MAX_KEY_FILE_SIZE (1024 * 1024)
-+
- /* Version identification string for SSH v1 identity files. */
- static const char authfile_id_string[] =
- "SSH PRIVATE KEY FILE FORMAT 1.1\n";
-@@ -312,12 +314,12 @@
- return pub;
- }
-
--/* Load the contents of a key file into a buffer */
--static int
-+/* Load a key from a fd into a buffer */
-+int
- key_load_file(int fd, const char *filename, Buffer *blob)
- {
-+ u_char buf[1024];
- size_t len;
-- u_char *cp;
- struct stat st;
-
- if (fstat(fd, &st) < 0) {
-@@ -325,30 +327,45 @@
- filename == NULL ? "" : filename,
- filename == NULL ? "" : " ",
- strerror(errno));
-- close(fd);
- return 0;
- }
-- if (st.st_size > 1*1024*1024) {
-+ if ((st.st_mode & (S_IFSOCK|S_IFCHR|S_IFIFO)) == 0 &&
-+ st.st_size > MAX_KEY_FILE_SIZE) {
-+ toobig:
- error("%s: key file %.200s%stoo large", __func__,
- filename == NULL ? "" : filename,
- filename == NULL ? "" : " ");
-- close(fd);
- return 0;
- }
-- len = (size_t)st.st_size; /* truncated */
--
- buffer_init(blob);
-- cp = buffer_append_space(blob, len);
--
-- if (atomicio(read, fd, cp, len) != len) {
-- debug("%s: read from key file %.200s%sfailed: %.100s", __func__,
-- filename == NULL ? "" : filename,
-- filename == NULL ? "" : " ",
-- strerror(errno));
-+ for (;;) {
-+ if ((len = atomicio(read, fd, buf, sizeof(buf))) == 0) {
-+ if (errno == EPIPE)
-+ break;
-+ debug("%s: read from key file %.200s%sfailed: %.100s",
-+ __func__, filename == NULL ? "" : filename,
-+ filename == NULL ? "" : " ", strerror(errno));
-+ buffer_clear(blob);
-+ bzero(buf, sizeof(buf));
-+ return 0;
-+ }
-+ buffer_append(blob, buf, len);
-+ if (buffer_len(blob) > MAX_KEY_FILE_SIZE) {
-+ buffer_clear(blob);
-+ bzero(buf, sizeof(buf));
-+ goto toobig;
-+ }
-+ }
-+ bzero(buf, sizeof(buf));
-+ if ((st.st_mode & (S_IFSOCK|S_IFCHR|S_IFIFO)) == 0 &&
-+ st.st_size != buffer_len(blob)) {
-+ debug("%s: key file %.200s%schanged size while reading",
-+ __func__, filename == NULL ? "" : filename,
-+ filename == NULL ? "" : " ");
- buffer_clear(blob);
-- close(fd);
- return 0;
- }
-+
- return 1;
- }
-
-@@ -606,7 +623,7 @@
- error("@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@");
- error("Permissions 0%3.3o for '%s' are too open.",
- (u_int)st.st_mode & 0777, filename);
-- error("It is recommended that your private key files are NOT accessible by others.");
-+ error("It is required that your private key files are NOT accessible by others.");
- error("This private key will be ignored.");
- return 0;
- }
-@@ -626,6 +643,7 @@
- case KEY_UNSPEC:
- return key_parse_private_pem(blob, type, passphrase, commentp);
- default:
-+ error("%s: cannot parse key type %d", __func__, type);
- break;
- }
- return NULL;
-@@ -670,11 +688,38 @@
- }
-
- Key *
-+key_parse_private(Buffer *buffer, const char *filename,
-+ const char *passphrase, char **commentp)
-+{
-+ Key *pub, *prv;
-+ Buffer pubcopy;
-+
-+ buffer_init(&pubcopy);
-+ buffer_append(&pubcopy, buffer_ptr(buffer), buffer_len(buffer));
-+ /* it's a SSH v1 key if the public key part is readable */
-+ pub = key_parse_public_rsa1(&pubcopy, commentp);
-+ buffer_free(&pubcopy);
-+ if (pub == NULL) {
-+ prv = key_parse_private_type(buffer, KEY_UNSPEC,
-+ passphrase, NULL);
-+ /* use the filename as a comment for PEM */
-+ if (commentp && prv)
-+ *commentp = xstrdup(filename);
-+ } else {
-+ key_free(pub);
-+ /* key_parse_public_rsa1() has already loaded the comment */
-+ prv = key_parse_private_type(buffer, KEY_RSA1, passphrase,
-+ NULL);
-+ }
-+ return prv;
-+}
-+
-+Key *
- key_load_private(const char *filename, const char *passphrase,
- char **commentp)
- {
-- Key *pub, *prv;
-- Buffer buffer, pubcopy;
-+ Key *prv;
-+ Buffer buffer;
- int fd;
-
- fd = open(filename, O_RDONLY);
-@@ -697,23 +742,7 @@
- }
- close(fd);
-
-- buffer_init(&pubcopy);
-- buffer_append(&pubcopy, buffer_ptr(&buffer), buffer_len(&buffer));
-- /* it's a SSH v1 key if the public key part is readable */
-- pub = key_parse_public_rsa1(&pubcopy, commentp);
-- buffer_free(&pubcopy);
-- if (pub == NULL) {
-- prv = key_parse_private_type(&buffer, KEY_UNSPEC,
-- passphrase, NULL);
-- /* use the filename as a comment for PEM */
-- if (commentp && prv)
-- *commentp = xstrdup(filename);
-- } else {
-- key_free(pub);
-- /* key_parse_public_rsa1() has already loaded the comment */
-- prv = key_parse_private_type(&buffer, KEY_RSA1, passphrase,
-- NULL);
-- }
-+ prv = key_parse_private(&buffer, filename, passphrase, commentp);
- buffer_free(&buffer);
- return prv;
- }
-@@ -737,13 +766,19 @@
- case '\0':
- continue;
- }
-+ /* Abort loading if this looks like a private key */
-+ if (strncmp(cp, "-----BEGIN", 10) == 0)
-+ break;
- /* Skip leading whitespace. */
- for (; *cp && (*cp == ' ' || *cp == '\t'); cp++)
- ;
- if (*cp) {
- if (key_read(k, &cp) == 1) {
-- if (commentp)
-- *commentp=xstrdup(filename);
-+ cp[strcspn(cp, "\r\n")] = '\0';
-+ if (commentp) {
-+ *commentp = xstrdup(*cp ?
-+ cp : filename);
-+ }
- fclose(f);
- return 1;
- }
Deleted: core-i686/sshd
===================================================================
--- core-i686/sshd 2011-09-08 00:49:17 UTC (rev 137500)
+++ core-i686/sshd 2011-09-08 02:26:18 UTC (rev 137501)
@@ -1,48 +0,0 @@
-#!/bin/bash
-
-. /etc/rc.conf
-. /etc/rc.d/functions
-. /etc/conf.d/sshd
-
-PIDFILE=/var/run/sshd.pid
-PID=$(cat $PIDFILE 2>/dev/null)
-if ! readlink -q /proc/$PID/exe | grep -q '^/usr/sbin/sshd'; then
- PID=
- rm $PIDFILE 2>/dev/null
-fi
-
-case "$1" in
- start)
- stat_busy "Starting Secure Shell Daemon"
- [ -f /etc/ssh/ssh_host_key ] || { /usr/bin/ssh-keygen -t rsa1 -N "" -f /etc/ssh/ssh_host_key >/dev/null; }
- [ -f /etc/ssh/ssh_host_rsa_key ] || { /usr/bin/ssh-keygen -t rsa -N "" -f /etc/ssh/ssh_host_rsa_key >/dev/null; }
- [ -f /etc/ssh/ssh_host_dsa_key ] || { /usr/bin/ssh-keygen -t dsa -N "" -f /etc/ssh/ssh_host_dsa_key >/dev/null; }
- [ -f /etc/ssh/ssh_host_ecdsa_key ] || { /usr/bin/ssh-keygen -t ecdsa -N "" -f /etc/ssh/ssh_host_ecdsa_key >/dev/null; }
- [ -d /var/empty ] || mkdir -p /var/empty
- [ -z "$PID" ] && /usr/sbin/sshd $SSHD_ARGS
- if [ $? -gt 0 ]; then
- stat_fail
- else
- add_daemon sshd
- stat_done
- fi
- ;;
- stop)
- stat_busy "Stopping Secure Shell Daemon"
- [ ! -z "$PID" ] && kill $PID &> /dev/null
- if [ $? -gt 0 ]; then
- stat_fail
- else
- rm_daemon sshd
- stat_done
- fi
- ;;
- restart)
- $0 stop
- sleep 1
- $0 start
- ;;
- *)
- echo "usage: $0 {start|stop|restart}"
-esac
-exit 0
Copied: openssh/repos/core-i686/sshd (from rev 137500, openssh/repos/testing-i686/sshd)
===================================================================
--- core-i686/sshd (rev 0)
+++ core-i686/sshd 2011-09-08 02:26:18 UTC (rev 137501)
@@ -0,0 +1,45 @@
+#!/bin/bash
+
+. /etc/rc.conf
+. /etc/rc.d/functions
+. /etc/conf.d/sshd
+
+PIDFILE=/var/run/sshd.pid
+PID=$(cat $PIDFILE 2>/dev/null)
+if ! readlink -q /proc/$PID/exe | grep -q '^/usr/sbin/sshd'; then
+ PID=
+ rm $PIDFILE 2>/dev/null
+fi
+
+case "$1" in
+ start)
+ stat_busy 'Starting Secure Shell Daemon'
+ /usr/bin/ssh-keygen -A
+ [[ -d /var/empty ]] || mkdir -p /var/empty
+ [[ -z $PID ]] && /usr/sbin/sshd $SSHD_ARGS
+ if [[ $? -gt 0 ]]; then
+ stat_fail
+ else
+ add_daemon sshd
+ stat_done
+ fi
+ ;;
+ stop)
+ stat_busy 'Stopping Secure Shell Daemon'
+ [[ ! -z $PID ]] && kill $PID &> /dev/null
+ if [[ $? -gt 0 ]]; then
+ stat_fail
+ else
+ rm_daemon sshd
+ stat_done
+ fi
+ ;;
+ restart)
+ $0 stop
+ sleep 1
+ $0 start
+ ;;
+ *)
+ echo "usage: $0 {start|stop|restart}"
+esac
+exit 0
Deleted: core-i686/sshd.confd
===================================================================
--- core-i686/sshd.confd 2011-09-08 00:49:17 UTC (rev 137500)
+++ core-i686/sshd.confd 2011-09-08 02:26:18 UTC (rev 137501)
@@ -1,4 +0,0 @@
-#
-# Parameters to be passed to sshd
-#
-SSHD_ARGS=""
Copied: openssh/repos/core-i686/sshd.confd (from rev 137500, openssh/repos/testing-i686/sshd.confd)
===================================================================
--- core-i686/sshd.confd (rev 0)
+++ core-i686/sshd.confd 2011-09-08 02:26:18 UTC (rev 137501)
@@ -0,0 +1,4 @@
+#
+# Parameters to be passed to sshd
+#
+SSHD_ARGS=""
Deleted: core-i686/sshd.pam
===================================================================
--- core-i686/sshd.pam 2011-09-08 00:49:17 UTC (rev 137500)
+++ core-i686/sshd.pam 2011-09-08 02:26:18 UTC (rev 137501)
@@ -1,11 +0,0 @@
-#%PAM-1.0
-#auth required pam_securetty.so #Disable remote root
-auth required pam_unix.so
-auth required pam_env.so
-account required pam_nologin.so
-account required pam_unix.so
-account required pam_time.so
-password required pam_unix.so
-session required pam_unix_session.so
-session required pam_limits.so
--session optional pam_ck_connector.so nox11
Copied: openssh/repos/core-i686/sshd.pam (from rev 137500, openssh/repos/testing-i686/sshd.pam)
===================================================================
--- core-i686/sshd.pam (rev 0)
+++ core-i686/sshd.pam 2011-09-08 02:26:18 UTC (rev 137501)
@@ -0,0 +1,11 @@
+#%PAM-1.0
+#auth required pam_securetty.so #Disable remote root
+auth required pam_unix.so
+auth required pam_env.so
+account required pam_nologin.so
+account required pam_unix.so
+account required pam_time.so
+password required pam_unix.so
+session required pam_unix_session.so
+session required pam_limits.so
+-session optional pam_ck_connector.so nox11
More information about the arch-commits
mailing list