git & openssh updates, openssl stack

2025-01-23 17:33:26 +08:00 · 2012-12-15 01:22:06 +00:00 · 2012-12-15 01:22:06 +00:00 · dc752d2c8b
commit dc752d2c8b
parent 9ab336f7ba
7 changed files with 38 additions and 289 deletions
--- a/git/PKGBUILD
+++ b/git/PKGBUILD
@ -1,17 +1,16 @@
 #
 # Core Packages for Chakra, part of chakra-project.org
 #
-# maintainer (i686): Phil Miller <philm[at]chakra-project[dog]org>
-# maintainer (x86_64): Manuel Tortosa <manutortosa[at]chakra-project[dot]org>
+# maintainer abveritas[at]chakra-project[dot]org>

 pkgname=git
-pkgver=1.8.0
+pkgver=1.8.0.2
 pkgrel=2
 pkgdesc="Git is a free and open source distributed version control system designed to handle everything from small to very large projects with speed and efficiency."
-arch=('i686' 'x86_64')
+arch=('x86_64')
 url="http://git-scm.com/"
 license=('GPL2')
-depends=('curl' 'expat>=2.0' 'perl-error' 'perl')
+depends=('curl' 'expat>=2.0' 'perl-error' 'perl' 'pcre')
 makedepends=('python2' 'emacs')
 optdepends=('tk: gitk and git gui'
            'perl-libwww: git svn'
@ -26,16 +25,14 @@ backup=('etc/conf.d/git-daemon.conf')
 install="git.install"
 source=("http://git-core.googlecode.com/files/git-${pkgver}.tar.gz"
        "http://git-core.googlecode.com/files/git-manpages-${pkgver}.tar.gz"
-        'git-daemon'
        'git-daemon.conf'
        'git-daemon@.service'
        'git-daemon.socket')
-sha1sums=('a03afc33f8f0723ad12649d79f1e8968526b4bf7'
-          'a6fa49be36f265e85b7252d36364d4c7f38530ea'
-          'f2b41828bd912b72e2cb3e14677739c4f370de66'
-          '149e2da1ecb48872ddb31c0945afeaad1f9653d7'
-          '5b37353dc72ba60e1cfac2d2fccf1270f7277b6c'
-          'df1a5a04c3ab756d36a3409146763d95a1761c95')
+md5sums=('1aca109d4a719fe5bc43d25927fbc7d9'
+         'ab83283a5b3c73ab711a9f02896ca12e'
+         '2e42bf97779a1c6411d89043334c9e78'
+         '042524f942785772d7bd52a1f02fe5ae'
+         'f67869315c2cc112e076f0c73f248002')

 build() {
  export PYTHON_PATH='/usr/bin/python2'
--- a/openssh/PKGBUILD
+++ b/openssh/PKGBUILD
@ -1,36 +1,31 @@
 #
 # Chakra Packages for Chakra, part of chakra-project.org
 #
-# maintainer (i686): Phil Miller <philm[at]chakra-project[dog]org>
-# maintainer (x86_64): Manuel Tortosa <manutortosa[at]chakra-project[dot]org>
+# maintainer abveritas[at]chakra-project[dot]org>

 pkgname=openssh
-pkgver=5.9p1
-pkgrel=2
+pkgver=6.1p1
+pkgrel=1
 pkgdesc='Free version of the SSH connectivity tools'
-arch=('i686' 'x86_64')
+arch=('x86_64')
 license=('custom:BSD')
 url='http://www.openssh.org/portable.html'
-backup=('etc/ssh/ssh_config' 'etc/ssh/sshd_config' 'etc/pam.d/sshd' 'etc/conf.d/sshd')
+backup=('etc/ssh/ssh_config' 'etc/ssh/sshd_config' 'etc/pam.d/sshd')
 depends=('krb5' 'openssl' 'libedit')
 source=("ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/${pkgname}-${pkgver}.tar.gz"
        'sshd.confd'
        'sshd.pam'
-        'sshd'
 	'sshdgenkeys.service'
 	'sshd.service'
 	'sshd@.service'
-	'sshd.socket'
-	'tmpfiles.d')
-sha1sums=('ac4e0055421e9543f0af5da607a72cf5922dcc56'
-          'ec102deb69cad7d14f406289d2fc11fee6eddbdd'
-          '07fecd5880b1c4fdd8c94ddb2e89ddce88effdc1'
-          '6b7f8ebf0c1cc37137a7d9a53447ac8a0ee6a2b5'
-          '6c71de2c2ca9622aa8e863acd94b135555e11125'
-          '83a257b8f6a62237383262cb0e2583e5609ddac0'
-          'bd6eae36c7ef9efb7147778baad7858b81f2d660'
-          'a30fb5fda6d0143345bae47684edaffb8d0a92a7'
-          'b5cf44205e8f4365c00bfbee110d7c0e563627aa')
+	'sshd.socket')
+md5sums=('3345cbf4efe90ffb06a78670ab2d05d5'
+         'e2cea70ac13af7e63d40eb04415eacd5'
+         '2fd20d311d2afbfc6e576883224d8c97'
+         'bc3e6736086598ebb648c4d960c59d44'
+         '4bbc5818d93a2ad336d7191ed35c69f7'
+         'fdc4a47b4b8d0f0e2c395c9edcee8c14'
+         '76f52c66fb3193f301fe0a666e047ab1')

 build() {
 	cd "${srcdir}/${pkgname}-${pkgver}"
@ -43,23 +38,28 @@ build() {
 		--with-md5-passwords \
 		--with-pam \
 		--with-mantype=man \
-		--mandir=/usr/share/man \
 		--with-xauth=/usr/bin/xauth \
 		--with-kerberos5=/usr \
 		--with-ssl-engine \
-		--with-libedit=/usr/lib \
-		--disable-strip # stripping is done by makepkg
+		--with-libedit \
+		--with-pid-dir=/run \

 	make
 }

+check() {
+	cd "${srcdir}/${pkgname}-${pkgver}"
+
+	make tests ||
+	grep $USER /etc/passwd | grep -q /bin/false
+}
+
 package() {
 	cd "${srcdir}/${pkgname}-${pkgver}"
 	make DESTDIR="${pkgdir}" install

-	install -Dm755 ../sshd "${pkgdir}"/etc/rc.d/sshd
 	install -Dm644 ../sshd.pam "${pkgdir}"/etc/pam.d/sshd
-	install -Dm644 ../sshd.confd "${pkgdir}"/etc/conf.d/sshd
+
 	install -Dm644 LICENCE "${pkgdir}/usr/share/licenses/${pkgname}/LICENCE"

 	rm "${pkgdir}"/usr/share/man/man1/slogin.1
@ -78,5 +78,4 @@ package() {
 	# install systemd units
 	install -dm755 "$pkgdir/usr/lib/systemd/system/"
 	install -m644 "$srcdir"/sshd{{,@,genkeys}.service,.socket} "$pkgdir/usr/lib/systemd/system/"
-	install -Dm644 "$srcdir"/tmpfiles.d "$pkgdir"/usr/lib/tmpfiles.d/openssh.conf
 }
--- a/openssh/authfile.c.patch
+++ b/openssh/authfile.c.patch
@ -1,198 +0,0 @@
-diff -aur old/authfile.c new/authfile.c
--- old/authfile.c	2011-06-12 02:21:52.262338254 +0200
-+++ new/authfile.c	2011-06-12 02:13:43.051467269 +0200
-@@ -1,4 +1,4 @@
-/* $OpenBSD: authfile.c,v 1.87 2010/11/29 18:57:04 markus Exp $ */
-+/* $OpenBSD: authfile.c,v 1.95 2011/05/29 11:42:08 djm Exp $ */
- /*
-  * Author: Tatu Ylonen <ylo@cs.hut.fi>
-  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
-@@ -69,6 +69,8 @@
- #include "misc.h"
- #include "atomicio.h"
- 
-+#define MAX_KEY_FILE_SIZE	(1024 * 1024)
-+
- /* Version identification string for SSH v1 identity files. */
- static const char authfile_id_string[] =
-     "SSH PRIVATE KEY FILE FORMAT 1.1\n";
-@@ -312,12 +314,12 @@
- 	return pub;
- }
- 
-/* Load the contents of a key file into a buffer */
-static int
-+/* Load a key from a fd into a buffer */
-+int
- key_load_file(int fd, const char *filename, Buffer *blob)
- {
-+	u_char buf[1024];
- 	size_t len;
-	u_char *cp;
- 	struct stat st;
- 
- 	if (fstat(fd, &st) < 0) {
-@@ -325,30 +327,45 @@
- 		    filename == NULL ? "" : filename,
- 		    filename == NULL ? "" : " ",
- 		    strerror(errno));
-		close(fd);
- 		return 0;
- 	}
-	if (st.st_size > 1*1024*1024) {
-+	if ((st.st_mode & (S_IFSOCK|S_IFCHR|S_IFIFO)) == 0 &&
-+	    st.st_size > MAX_KEY_FILE_SIZE) {
-+ toobig:
- 		error("%s: key file %.200s%stoo large", __func__,
- 		    filename == NULL ? "" : filename,
- 		    filename == NULL ? "" : " ");
-		close(fd);
- 		return 0;
- 	}
-	len = (size_t)st.st_size;		/* truncated */
-
- 	buffer_init(blob);
-	cp = buffer_append_space(blob, len);
-
-	if (atomicio(read, fd, cp, len) != len) {
-		debug("%s: read from key file %.200s%sfailed: %.100s", __func__,
-		    filename == NULL ? "" : filename,
-		    filename == NULL ? "" : " ",
-		    strerror(errno));
-+	for (;;) {
-+		if ((len = atomicio(read, fd, buf, sizeof(buf))) == 0) {
-+			if (errno == EPIPE)
-+				break;
-+			debug("%s: read from key file %.200s%sfailed: %.100s",
-+			    __func__, filename == NULL ? "" : filename,
-+			    filename == NULL ? "" : " ", strerror(errno));
-+			buffer_clear(blob);
-+			bzero(buf, sizeof(buf));
-+			return 0;
-+		}
-+		buffer_append(blob, buf, len);
-+		if (buffer_len(blob) > MAX_KEY_FILE_SIZE) {
-+			buffer_clear(blob);
-+			bzero(buf, sizeof(buf));
-+			goto toobig;
-+		}
-+	}
-+	bzero(buf, sizeof(buf));
-+	if ((st.st_mode & (S_IFSOCK|S_IFCHR|S_IFIFO)) == 0 &&
-+	    st.st_size != buffer_len(blob)) {
-+		debug("%s: key file %.200s%schanged size while reading",
-+		    __func__, filename == NULL ? "" : filename,
-+		    filename == NULL ? "" : " ");
- 		buffer_clear(blob);
-		close(fd);
- 		return 0;
- 	}
-+
- 	return 1;
- }
- 
-@@ -606,7 +623,7 @@
- 		error("@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@");
- 		error("Permissions 0%3.3o for '%s' are too open.",
- 		    (u_int)st.st_mode & 0777, filename);
-		error("It is recommended that your private key files are NOT accessible by others.");
-+		error("It is required that your private key files are NOT accessible by others.");
- 		error("This private key will be ignored.");
- 		return 0;
- 	}
-@@ -626,6 +643,7 @@
- 	case KEY_UNSPEC:
- 		return key_parse_private_pem(blob, type, passphrase, commentp);
- 	default:
-+		error("%s: cannot parse key type %d", __func__, type);
- 		break;
- 	}
- 	return NULL;
-@@ -670,11 +688,38 @@
- }
- 
- Key *
-+key_parse_private(Buffer *buffer, const char *filename,
-+    const char *passphrase, char **commentp)
-+{
-+	Key *pub, *prv;
-+	Buffer pubcopy;
-+
-+	buffer_init(&pubcopy);
-+	buffer_append(&pubcopy, buffer_ptr(buffer), buffer_len(buffer));
-+	/* it's a SSH v1 key if the public key part is readable */
-+	pub = key_parse_public_rsa1(&pubcopy, commentp);
-+	buffer_free(&pubcopy);
-+	if (pub == NULL) {
-+		prv = key_parse_private_type(buffer, KEY_UNSPEC,
-+		    passphrase, NULL);
-+		/* use the filename as a comment for PEM */
-+		if (commentp && prv)
-+			*commentp = xstrdup(filename);
-+	} else {
-+		key_free(pub);
-+		/* key_parse_public_rsa1() has already loaded the comment */
-+		prv = key_parse_private_type(buffer, KEY_RSA1, passphrase,
-+		    NULL);
-+	}
-+	return prv;
-+}
-+
-+Key *
- key_load_private(const char *filename, const char *passphrase,
-     char **commentp)
- {
-	Key *pub, *prv;
-	Buffer buffer, pubcopy;
-+	Key *prv;
-+	Buffer buffer;
- 	int fd;
- 
- 	fd = open(filename, O_RDONLY);
-@@ -697,23 +742,7 @@
- 	}
- 	close(fd);
- 
-	buffer_init(&pubcopy);
-	buffer_append(&pubcopy, buffer_ptr(&buffer), buffer_len(&buffer));
-	/* it's a SSH v1 key if the public key part is readable */
-	pub = key_parse_public_rsa1(&pubcopy, commentp);
-	buffer_free(&pubcopy);
-	if (pub == NULL) {
-		prv = key_parse_private_type(&buffer, KEY_UNSPEC,
-		    passphrase, NULL);
-		/* use the filename as a comment for PEM */
-		if (commentp && prv)
-			*commentp = xstrdup(filename);
-	} else {
-		key_free(pub);
-		/* key_parse_public_rsa1() has already loaded the comment */
-		prv = key_parse_private_type(&buffer, KEY_RSA1, passphrase,
-		    NULL);
-	}
-+	prv = key_parse_private(&buffer, filename, passphrase, commentp);
- 	buffer_free(&buffer);
- 	return prv;
- }
-@@ -737,13 +766,19 @@
- 			case '\0':
- 				continue;
- 			}
-+			/* Abort loading if this looks like a private key */
-+			if (strncmp(cp, "-----BEGIN", 10) == 0)
-+				break;
- 			/* Skip leading whitespace. */
- 			for (; *cp && (*cp == ' ' || *cp == '\t'); cp++)
- 				;
- 			if (*cp) {
- 				if (key_read(k, &cp) == 1) {
-					if (commentp)
-						*commentp=xstrdup(filename);
-+					cp[strcspn(cp, "\r\n")] = '\0';
-+					if (commentp) {
-+						*commentp = xstrdup(*cp ?
-+						    cp : filename);
-+					}
- 					fclose(f);
- 					return 1;
- 				}
--- a/openssh/sshd
+++ b/openssh/sshd
@ -1,48 +0,0 @@
-#!/bin/bash
-
-. /etc/rc.conf
-. /etc/rc.d/functions
-. /etc/conf.d/sshd
-
-PIDFILE=/var/run/sshd.pid
-PID=$(cat $PIDFILE 2>/dev/null)
-if ! readlink -q /proc/$PID/exe | grep -q '^/usr/sbin/sshd'; then
-  PID=
-  rm $PIDFILE 2>/dev/null
-fi
-
-case "$1" in
-  start)
-    stat_busy "Starting Secure Shell Daemon"
-    [ -f /etc/ssh/ssh_host_key ] || { /usr/bin/ssh-keygen -t rsa1 -N "" -f /etc/ssh/ssh_host_key >/dev/null; }
-    [ -f /etc/ssh/ssh_host_rsa_key ] || { /usr/bin/ssh-keygen -t rsa -N "" -f /etc/ssh/ssh_host_rsa_key >/dev/null; }
-    [ -f /etc/ssh/ssh_host_dsa_key ] || { /usr/bin/ssh-keygen -t dsa -N "" -f /etc/ssh/ssh_host_dsa_key >/dev/null; }
-    [ -f /etc/ssh/ssh_host_ecdsa_key ] || { /usr/bin/ssh-keygen -t ecdsa -N "" -f /etc/ssh/ssh_host_ecdsa_key >/dev/null; }
-    [ -d /var/empty ] || mkdir -p /var/empty
-    [ -z "$PID" ] && /usr/sbin/sshd $SSHD_ARGS
-    if [ $? -gt 0 ]; then
-      stat_fail
-    else
-      add_daemon sshd
-      stat_done
-    fi
-    ;;
-  stop)
-    stat_busy "Stopping Secure Shell Daemon"
-    [ ! -z "$PID" ]  && kill $PID &> /dev/null
-    if [ $? -gt 0 ]; then
-      stat_fail
-    else
-      rm_daemon sshd
-      stat_done
-    fi
-    ;;
-  restart)
-    $0 stop
-    sleep 1
-    $0 start
-    ;;
-  *)
-    echo "usage: $0 {start|stop|restart}"  
-esac
-exit 0
--- a/openssh/sshd.pam
+++ b/openssh/sshd.pam
@ -8,4 +8,6 @@ account		required	pam_time.so
 password	required	pam_unix.so
 session		required	pam_unix_session.so
 session		required	pam_limits.so
+session         optional        pam_loginuid.so
 -session	optional	pam_ck_connector.so nox11
+-session	optional	pam_systemd.so
--- a/openssh/sshd.service
+++ b/openssh/sshd.service
@ -1,5 +1,6 @@
 [Unit]
 Description=OpenSSH Daemon
+Wants=sshdgenkeys.service
 After=sshdgenkeys.service

 [Service]
@ -10,10 +11,6 @@ Restart=always

 [Install]
 WantedBy=multi-user.target
-Also=sshdgenkeys.service

-# Note that this is the service file for running a single SSH server for all
-# incoming connections, suitable only for systems with a large amount of SSH
-# traffic. In almost all other cases it is a better idea to use sshd.socket +
-# sshd@.service (i.e. the on-demand spawning version for one instance per
-# connection).
+# This service file runs an SSH daemon that forks for each incoming connection.
+# If you prefer to spawn on-demand daemons, use sshd.socket and sshd@.service.
--- a/openssh/sshd.socket
+++ b/openssh/sshd.socket
@ -1,5 +1,6 @@
 [Unit]
 Conflicts=sshd.service
+Wants=sshdgenkeys.service

 [Socket]
 ListenStream=22
@ -7,4 +8,3 @@ Accept=yes

 [Install]
 WantedBy=sockets.target
-Also=sshdgenkeys.service