Chakra_Linux/core
1
0
Fork 0
mirror of https://gitdl.cn/https://github.com/chakralinux/core.git synced 2025-01-23 18:14:54 +08:00
Code Issues Actions Packages Projects Releases Wiki Activity

git & openssh updates, openssl stack

Browse Source
This commit is contained in:
abveritas 2012-12-15 01:22:06 +00:00
parent 9ab336f7ba
commit dc752d2c8b
7 changed files with 38 additions and 289 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
git/PKGBUILD
View File

@ -1,17 +1,16 @@
# #
# Core Packages for Chakra, part of chakra-project.org # Core Packages for Chakra, part of chakra-project.org
# #
# maintainer (i686): Phil Miller <philm[at]chakra-project[dog]org> # maintainer abveritas[at]chakra-project[dot]org>
# maintainer (x86_64): Manuel Tortosa <manutortosa[at]chakra-project[dot]org>
pkgname=git pkgname=git
pkgver=1.8.0 pkgver=1.8.0.2
pkgrel=2 pkgrel=2
pkgdesc="Git is a free and open source distributed version control system designed to handle everything from small to very large projects with speed and efficiency." pkgdesc="Git is a free and open source distributed version control system designed to handle everything from small to very large projects with speed and efficiency."
arch=('i686' 'x86_64') arch=('x86_64')
url="http://git-scm.com/" url="http://git-scm.com/"
license=('GPL2') license=('GPL2')
depends=('curl' 'expat>=2.0' 'perl-error' 'perl') depends=('curl' 'expat>=2.0' 'perl-error' 'perl' 'pcre')
makedepends=('python2' 'emacs') makedepends=('python2' 'emacs')
optdepends=('tk: gitk and git gui' optdepends=('tk: gitk and git gui'
'perl-libwww: git svn' 'perl-libwww: git svn'
@ -26,16 +25,14 @@ backup=('etc/conf.d/git-daemon.conf')
install="git.install" install="git.install"
source=("http://git-core.googlecode.com/files/git-${pkgver}.tar.gz" source=("http://git-core.googlecode.com/files/git-${pkgver}.tar.gz"
"http://git-core.googlecode.com/files/git-manpages-${pkgver}.tar.gz" "http://git-core.googlecode.com/files/git-manpages-${pkgver}.tar.gz"
'git-daemon'
'git-daemon.conf' 'git-daemon.conf'
'git-daemon@.service' 'git-daemon@.service'
'git-daemon.socket') 'git-daemon.socket')
sha1sums=('a03afc33f8f0723ad12649d79f1e8968526b4bf7' md5sums=('1aca109d4a719fe5bc43d25927fbc7d9'
'a6fa49be36f265e85b7252d36364d4c7f38530ea' 'ab83283a5b3c73ab711a9f02896ca12e'
'f2b41828bd912b72e2cb3e14677739c4f370de66' '2e42bf97779a1c6411d89043334c9e78'
'149e2da1ecb48872ddb31c0945afeaad1f9653d7' '042524f942785772d7bd52a1f02fe5ae'
'5b37353dc72ba60e1cfac2d2fccf1270f7277b6c' 'f67869315c2cc112e076f0c73f248002')
'df1a5a04c3ab756d36a3409146763d95a1761c95')
build() { build() {
export PYTHON_PATH='/usr/bin/python2' export PYTHON_PATH='/usr/bin/python2'

47
openssh/PKGBUILD
View File

@ -1,36 +1,31 @@
# #
# Chakra Packages for Chakra, part of chakra-project.org # Chakra Packages for Chakra, part of chakra-project.org
# #
# maintainer (i686): Phil Miller <philm[at]chakra-project[dog]org> # maintainer abveritas[at]chakra-project[dot]org>
# maintainer (x86_64): Manuel Tortosa <manutortosa[at]chakra-project[dot]org>
pkgname=openssh pkgname=openssh
pkgver=5.9p1 pkgver=6.1p1
pkgrel=2 pkgrel=1
pkgdesc='Free version of the SSH connectivity tools' pkgdesc='Free version of the SSH connectivity tools'
arch=('i686' 'x86_64') arch=('x86_64')
license=('custom:BSD') license=('custom:BSD')
url='http://www.openssh.org/portable.html' url='http://www.openssh.org/portable.html'
backup=('etc/ssh/ssh_config' 'etc/ssh/sshd_config' 'etc/pam.d/sshd' 'etc/conf.d/sshd') backup=('etc/ssh/ssh_config' 'etc/ssh/sshd_config' 'etc/pam.d/sshd')
depends=('krb5' 'openssl' 'libedit') depends=('krb5' 'openssl' 'libedit')
source=("ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/${pkgname}-${pkgver}.tar.gz" source=("ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/${pkgname}-${pkgver}.tar.gz"
'sshd.confd' 'sshd.confd'
'sshd.pam' 'sshd.pam'
'sshd'
'sshdgenkeys.service' 'sshdgenkeys.service'
'sshd.service' 'sshd.service'
'sshd@.service' 'sshd@.service'
'sshd.socket' 'sshd.socket')
'tmpfiles.d') md5sums=('3345cbf4efe90ffb06a78670ab2d05d5'
sha1sums=('ac4e0055421e9543f0af5da607a72cf5922dcc56' 'e2cea70ac13af7e63d40eb04415eacd5'
'ec102deb69cad7d14f406289d2fc11fee6eddbdd' '2fd20d311d2afbfc6e576883224d8c97'
'07fecd5880b1c4fdd8c94ddb2e89ddce88effdc1' 'bc3e6736086598ebb648c4d960c59d44'
'6b7f8ebf0c1cc37137a7d9a53447ac8a0ee6a2b5' '4bbc5818d93a2ad336d7191ed35c69f7'
'6c71de2c2ca9622aa8e863acd94b135555e11125' 'fdc4a47b4b8d0f0e2c395c9edcee8c14'
'83a257b8f6a62237383262cb0e2583e5609ddac0' '76f52c66fb3193f301fe0a666e047ab1')
'bd6eae36c7ef9efb7147778baad7858b81f2d660'
'a30fb5fda6d0143345bae47684edaffb8d0a92a7'
'b5cf44205e8f4365c00bfbee110d7c0e563627aa')
build() { build() {
cd "${srcdir}/${pkgname}-${pkgver}" cd "${srcdir}/${pkgname}-${pkgver}"
@ -43,23 +38,28 @@ build() {
--with-md5-passwords \ --with-md5-passwords \
--with-pam \ --with-pam \
--with-mantype=man \ --with-mantype=man \
--mandir=/usr/share/man \
--with-xauth=/usr/bin/xauth \ --with-xauth=/usr/bin/xauth \
--with-kerberos5=/usr \ --with-kerberos5=/usr \
--with-ssl-engine \ --with-ssl-engine \
--with-libedit=/usr/lib \ --with-libedit \
--disable-strip # stripping is done by makepkg --with-pid-dir=/run \
make make
} }
check() {
cd "${srcdir}/${pkgname}-${pkgver}"
make tests ||
grep $USER /etc/passwd | grep -q /bin/false
}
package() { package() {
cd "${srcdir}/${pkgname}-${pkgver}" cd "${srcdir}/${pkgname}-${pkgver}"
make DESTDIR="${pkgdir}" install make DESTDIR="${pkgdir}" install
install -Dm755 ../sshd "${pkgdir}"/etc/rc.d/sshd
install -Dm644 ../sshd.pam "${pkgdir}"/etc/pam.d/sshd install -Dm644 ../sshd.pam "${pkgdir}"/etc/pam.d/sshd
install -Dm644 ../sshd.confd "${pkgdir}"/etc/conf.d/sshd
install -Dm644 LICENCE "${pkgdir}/usr/share/licenses/${pkgname}/LICENCE" install -Dm644 LICENCE "${pkgdir}/usr/share/licenses/${pkgname}/LICENCE"
rm "${pkgdir}"/usr/share/man/man1/slogin.1 rm "${pkgdir}"/usr/share/man/man1/slogin.1
@ -78,5 +78,4 @@ package() {
# install systemd units # install systemd units
install -dm755 "$pkgdir/usr/lib/systemd/system/" install -dm755 "$pkgdir/usr/lib/systemd/system/"
install -m644 "$srcdir"/sshd{{,@,genkeys}.service,.socket} "$pkgdir/usr/lib/systemd/system/" install -m644 "$srcdir"/sshd{{,@,genkeys}.service,.socket} "$pkgdir/usr/lib/systemd/system/"
install -Dm644 "$srcdir"/tmpfiles.d "$pkgdir"/usr/lib/tmpfiles.d/openssh.conf
} }

198
openssh/authfile.c.patch
View File

@ -1,198 +0,0 @@
diff -aur old/authfile.c new/authfile.c
--- old/authfile.c 2011-06-12 02:21:52.262338254 +0200
+++ new/authfile.c 2011-06-12 02:13:43.051467269 +0200
@@ -1,4 +1,4 @@
-/* $OpenBSD: authfile.c,v 1.87 2010/11/29 18:57:04 markus Exp $ */
+/* $OpenBSD: authfile.c,v 1.95 2011/05/29 11:42:08 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -69,6 +69,8 @@
#include "misc.h"
#include "atomicio.h"
+#define MAX_KEY_FILE_SIZE (1024 * 1024)
+
/* Version identification string for SSH v1 identity files. */
static const char authfile_id_string[] =
"SSH PRIVATE KEY FILE FORMAT 1.1\n";
@@ -312,12 +314,12 @@
return pub;
}
-/* Load the contents of a key file into a buffer */
-static int
+/* Load a key from a fd into a buffer */
+int
key_load_file(int fd, const char *filename, Buffer *blob)
{
+ u_char buf[1024];
size_t len;
- u_char *cp;
struct stat st;
if (fstat(fd, &st) < 0) {
@@ -325,30 +327,45 @@
filename == NULL ? "" : filename,
filename == NULL ? "" : " ",
strerror(errno));
- close(fd);
return 0;
}
- if (st.st_size > 1*1024*1024) {
+ if ((st.st_mode & (S_IFSOCK|S_IFCHR|S_IFIFO)) == 0 &&
+ st.st_size > MAX_KEY_FILE_SIZE) {
+ toobig:
error("%s: key file %.200s%stoo large", __func__,
filename == NULL ? "" : filename,
filename == NULL ? "" : " ");
- close(fd);
return 0;
}
- len = (size_t)st.st_size; /* truncated */
-
buffer_init(blob);
- cp = buffer_append_space(blob, len);
-
- if (atomicio(read, fd, cp, len) != len) {
- debug("%s: read from key file %.200s%sfailed: %.100s", __func__,
- filename == NULL ? "" : filename,
- filename == NULL ? "" : " ",
- strerror(errno));
+ for (;;) {
+ if ((len = atomicio(read, fd, buf, sizeof(buf))) == 0) {
+ if (errno == EPIPE)
+ break;
+ debug("%s: read from key file %.200s%sfailed: %.100s",
+ __func__, filename == NULL ? "" : filename,
+ filename == NULL ? "" : " ", strerror(errno));
+ buffer_clear(blob);
+ bzero(buf, sizeof(buf));
+ return 0;
+ }
+ buffer_append(blob, buf, len);
+ if (buffer_len(blob) > MAX_KEY_FILE_SIZE) {
+ buffer_clear(blob);
+ bzero(buf, sizeof(buf));
+ goto toobig;
+ }
+ }
+ bzero(buf, sizeof(buf));
+ if ((st.st_mode & (S_IFSOCK|S_IFCHR|S_IFIFO)) == 0 &&
+ st.st_size != buffer_len(blob)) {
+ debug("%s: key file %.200s%schanged size while reading",
+ __func__, filename == NULL ? "" : filename,
+ filename == NULL ? "" : " ");
buffer_clear(blob);
- close(fd);
return 0;
}
+
return 1;
}
@@ -606,7 +623,7 @@
error("@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@");
error("Permissions 0%3.3o for '%s' are too open.",
(u_int)st.st_mode & 0777, filename);
- error("It is recommended that your private key files are NOT accessible by others.");
+ error("It is required that your private key files are NOT accessible by others.");
error("This private key will be ignored.");
return 0;
}
@@ -626,6 +643,7 @@
case KEY_UNSPEC:
return key_parse_private_pem(blob, type, passphrase, commentp);
default:
+ error("%s: cannot parse key type %d", __func__, type);
break;
}
return NULL;
@@ -670,11 +688,38 @@
}
Key *
+key_parse_private(Buffer *buffer, const char *filename,
+ const char *passphrase, char **commentp)
+{
+ Key *pub, *prv;
+ Buffer pubcopy;
+
+ buffer_init(&pubcopy);
+ buffer_append(&pubcopy, buffer_ptr(buffer), buffer_len(buffer));
+ /* it's a SSH v1 key if the public key part is readable */
+ pub = key_parse_public_rsa1(&pubcopy, commentp);
+ buffer_free(&pubcopy);
+ if (pub == NULL) {
+ prv = key_parse_private_type(buffer, KEY_UNSPEC,
+ passphrase, NULL);
+ /* use the filename as a comment for PEM */
+ if (commentp && prv)
+ *commentp = xstrdup(filename);
+ } else {
+ key_free(pub);
+ /* key_parse_public_rsa1() has already loaded the comment */
+ prv = key_parse_private_type(buffer, KEY_RSA1, passphrase,
+ NULL);
+ }
+ return prv;
+}
+
+Key *
key_load_private(const char *filename, const char *passphrase,
char **commentp)
{
- Key *pub, *prv;
- Buffer buffer, pubcopy;
+ Key *prv;
+ Buffer buffer;
int fd;
fd = open(filename, O_RDONLY);
@@ -697,23 +742,7 @@
}
close(fd);
- buffer_init(&pubcopy);
- buffer_append(&pubcopy, buffer_ptr(&buffer), buffer_len(&buffer));
- /* it's a SSH v1 key if the public key part is readable */
- pub = key_parse_public_rsa1(&pubcopy, commentp);
- buffer_free(&pubcopy);
- if (pub == NULL) {
- prv = key_parse_private_type(&buffer, KEY_UNSPEC,
- passphrase, NULL);
- /* use the filename as a comment for PEM */
- if (commentp && prv)
- *commentp = xstrdup(filename);
- } else {
- key_free(pub);
- /* key_parse_public_rsa1() has already loaded the comment */
- prv = key_parse_private_type(&buffer, KEY_RSA1, passphrase,
- NULL);
- }
+ prv = key_parse_private(&buffer, filename, passphrase, commentp);
buffer_free(&buffer);
return prv;
}
@@ -737,13 +766,19 @@
case '\0':
continue;
}
+ /* Abort loading if this looks like a private key */
+ if (strncmp(cp, "-----BEGIN", 10) == 0)
+ break;
/* Skip leading whitespace. */
for (; *cp && (*cp == ' ' || *cp == '\t'); cp++)
;
if (*cp) {
if (key_read(k, &cp) == 1) {
- if (commentp)
- *commentp=xstrdup(filename);
+ cp[strcspn(cp, "\r\n")] = '\0';
+ if (commentp) {
+ *commentp = xstrdup(*cp ?
+ cp : filename);
+ }
fclose(f);
return 1;
}

48
openssh/sshd
View File

@ -1,48 +0,0 @@
#!/bin/bash
. /etc/rc.conf
. /etc/rc.d/functions
. /etc/conf.d/sshd
PIDFILE=/var/run/sshd.pid
PID=$(cat $PIDFILE 2>/dev/null)
if ! readlink -q /proc/$PID/exe | grep -q '^/usr/sbin/sshd'; then
PID=
rm $PIDFILE 2>/dev/null
fi
case "$1" in
start)
stat_busy "Starting Secure Shell Daemon"
[ -f /etc/ssh/ssh_host_key ] || { /usr/bin/ssh-keygen -t rsa1 -N "" -f /etc/ssh/ssh_host_key >/dev/null; }
[ -f /etc/ssh/ssh_host_rsa_key ] || { /usr/bin/ssh-keygen -t rsa -N "" -f /etc/ssh/ssh_host_rsa_key >/dev/null; }
[ -f /etc/ssh/ssh_host_dsa_key ] || { /usr/bin/ssh-keygen -t dsa -N "" -f /etc/ssh/ssh_host_dsa_key >/dev/null; }
[ -f /etc/ssh/ssh_host_ecdsa_key ] || { /usr/bin/ssh-keygen -t ecdsa -N "" -f /etc/ssh/ssh_host_ecdsa_key >/dev/null; }
[ -d /var/empty ] || mkdir -p /var/empty
[ -z "$PID" ] && /usr/sbin/sshd $SSHD_ARGS
if [ $? -gt 0 ]; then
stat_fail
else
add_daemon sshd
stat_done
fi
;;
stop)
stat_busy "Stopping Secure Shell Daemon"
[ ! -z "$PID" ] && kill $PID &> /dev/null
if [ $? -gt 0 ]; then
stat_fail
else
rm_daemon sshd
stat_done
fi
;;
restart)
$0 stop
sleep 1
$0 start
;;
*)
echo "usage: $0 {start|stop|restart}"
esac
exit 0

2
openssh/sshd.pam
View File

@ -8,4 +8,6 @@ account required pam_time.so
password required pam_unix.so password required pam_unix.so
session required pam_unix_session.so session required pam_unix_session.so
session required pam_limits.so session required pam_limits.so
session optional pam_loginuid.so
-session optional pam_ck_connector.so nox11 -session optional pam_ck_connector.so nox11
-session optional pam_systemd.so

9
openssh/sshd.service
View File

@ -1,5 +1,6 @@
[Unit] [Unit]
Description=OpenSSH Daemon Description=OpenSSH Daemon
Wants=sshdgenkeys.service
After=sshdgenkeys.service After=sshdgenkeys.service
[Service] [Service]
@ -10,10 +11,6 @@ Restart=always
[Install] [Install]
WantedBy=multi-user.target WantedBy=multi-user.target
Also=sshdgenkeys.service
# Note that this is the service file for running a single SSH server for all # This service file runs an SSH daemon that forks for each incoming connection.
# incoming connections, suitable only for systems with a large amount of SSH # If you prefer to spawn on-demand daemons, use sshd.socket and sshd@.service.
# traffic. In almost all other cases it is a better idea to use sshd.socket +
# sshd@.service (i.e. the on-demand spawning version for one instance per
# connection).

2
openssh/sshd.socket
View File

@ -1,5 +1,6 @@
[Unit] [Unit]
Conflicts=sshd.service Conflicts=sshd.service
Wants=sshdgenkeys.service
[Socket] [Socket]
ListenStream=22 ListenStream=22
@ -7,4 +8,3 @@ Accept=yes
[Install] [Install]
WantedBy=sockets.target WantedBy=sockets.target
Also=sshdgenkeys.service