Initial import

17 files changed, 532 insertions, 0 deletions

diff --git a/package/openssh/Config.in b/package/openssh/Config.in
new file mode 100644
index 000000000..136333826
--- /dev/null
+++ b/package/openssh/Config.in
@@ -0,0 +1,140 @@
+config ADK_COMPILE_OPENSSH
+	prompt "openssh........................... OpenSSH software"
+	bool
+	default n
+
+config ADK_COMPILE_OPENSSH_WITH_KERBEROS
+	prompt "Enable Kerberos support"
+	bool
+	depends on ADK_COMPILE_OPENSSH
+
+choice
+prompt "Kerberos implementation"
+depends on ADK_COMPILE_OPENSSH_WITH_KERBEROS
+config ADK_COMPILE_OPENSSH_WITH_KRB5
+	prompt "MIT"
+	bool
+	select ADK_PACKAGE_KRB5_LIBS
+	help
+	  Use MIT kerberos libraries.
+
+config ADK_COMPILE_OPENSSH_WITH_HEIMDAL
+	prompt "Heimdal"
+	bool
+	select ADK_COMPILE_HEIMDAL
+	select ADK_PACKAGE_HEIMDAL_LIBS
+	help 
+	  Use heimdal kerberos libraries.
+
+endchoice
+
+config ADK_PACKAGE_OPENSSH_CLIENT
+	prompt "openssh-client.................... OpenSSH clients"
+	tristate
+	default n
+	select ADK_PACKAGE_LIBOPENSSL
+	select ADK_PACKAGE_ZLIB
+	depends on ADK_COMPILE_OPENSSH
+	help
+	  OpenSSH is a FREE version of the SSH protocol suite of network
+	  connectivity tools that increasing numbers of people on the Internet
+	  are coming to rely on. Many users of telnet, rlogin, ftp, and other
+	  such programs might not realize that their password is transmitted
+	  across the Internet unencrypted, but it is. OpenSSH encrypts all
+	  traffic (including passwords) to effectively eliminate eavesdropping,
+	  connection hijacking, and other network-level attacks. Additionally,
+	  OpenSSH provides a myriad of secure tunneling capabilities, as well
+	  as a variety of authentication methods.
+	  
+	  This package contains the ssh(1) client and the scp(1) client/server.
+	  
+	  http://www.openssh.com/
+
+config ADK_PACKAGE_OPENSSH_CLIENT_UTILS
+	prompt   "openssh-client-utils............ OpenSSH client utilities"
+	tristate
+	default n
+	depends on ADK_PACKAGE_OPENSSH_CLIENT
+	depends on ADK_COMPILE_OPENSSH
+	help
+	  OpenSSH is a FREE version of the SSH protocol suite of network
+	  connectivity tools that increasing numbers of people on the Internet
+	  are coming to rely on. Many users of telnet, rlogin, ftp, and other
+	  such programs might not realize that their password is transmitted
+	  across the Internet unencrypted, but it is. OpenSSH encrypts all
+	  traffic (including passwords) to effectively eliminate eavesdropping,
+	  connection hijacking, and other network-level attacks. Additionally,
+	  OpenSSH provides a myriad of secure tunneling capabilities, as well
+	  as a variety of authentication methods.
+	  
+	  This package contains ssh-agent and ssh-add as well as ssh-keyscan.
+	  
+	  http://www.openssh.com/
+
+config ADK_PACKAGE_OPENSSH_SERVER
+	prompt "openssh-server.................... OpenSSH server"
+	tristate
+	default n
+	select ADK_PACKAGE_LIBOPENSSL
+	select ADK_PACKAGE_ZLIB
+	depends on ADK_COMPILE_OPENSSH
+	help
+	  OpenSSH is a FREE version of the SSH protocol suite of network
+	  connectivity tools that increasing numbers of people on the Internet
+	  are coming to rely on. Many users of telnet, rlogin, ftp, and other
+	  such programs might not realize that their password is transmitted
+	  across the Internet unencrypted, but it is. OpenSSH encrypts all
+	  traffic (including passwords) to effectively eliminate eavesdropping,
+	  connection hijacking, and other network-level attacks. Additionally,
+	  OpenSSH provides a myriad of secure tunneling capabilities, as well
+	  as a variety of authentication methods.
+	  
+	  This package contains sshd(8) and ssh-keygen(8), but not scp(1),
+	  which is needed for SCP server support.
+	  
+	  http://www.openssh.com/
+
+
+config ADK_PACKAGE_OPENSSH_SFTP_CLIENT
+	prompt "openssh-sftp-client............... OpenSSH SFTP client"
+	tristate
+	default n
+	select ADK_PACKAGE_LIBOPENSSL
+	select ADK_PACKAGE_ZLIB
+	depends on ADK_COMPILE_OPENSSH
+	help
+	  OpenSSH is a FREE version of the SSH protocol suite of network
+	  connectivity tools that increasing numbers of people on the Internet
+	  are coming to rely on. Many users of telnet, rlogin, ftp, and other
+	  such programs might not realize that their password is transmitted
+	  across the Internet unencrypted, but it is. OpenSSH encrypts all
+	  traffic (including passwords) to effectively eliminate eavesdropping,
+	  connection hijacking, and other network-level attacks. Additionally,
+	  OpenSSH provides a myriad of secure tunneling capabilities, as well
+	  as a variety of authentication methods.
+	  
+	  This package contains the /usr/bin/sftp client utility.
+	  
+	  http://www.openssh.com/
+
+config ADK_PACKAGE_OPENSSH_SFTP_SERVER
+	prompt "openssh-sftp-server............... OpenSSH SFTP server"
+	tristate
+	default n
+	select ADK_PACKAGE_LIBOPENSSL
+	select ADK_PACKAGE_ZLIB
+	depends on ADK_COMPILE_OPENSSH
+	help
+	  OpenSSH is a FREE version of the SSH protocol suite of network
+	  connectivity tools that increasing numbers of people on the Internet
+	  are coming to rely on. Many users of telnet, rlogin, ftp, and other
+	  such programs might not realize that their password is transmitted
+	  across the Internet unencrypted, but it is. OpenSSH encrypts all
+	  traffic (including passwords) to effectively eliminate eavesdropping,
+	  connection hijacking, and other network-level attacks. Additionally,
+	  OpenSSH provides a myriad of secure tunneling capabilities, as well
+	  as a variety of authentication methods.
+	  
+	  This package contains the SFTP server helper programme.
+	  
+	  http://www.openssh.com/
diff --git a/package/openssh/Makefile b/package/openssh/Makefile
new file mode 100644
index 000000000..a46d3bbca
--- /dev/null
+++ b/package/openssh/Makefile
@@ -0,0 +1,83 @@
+# $Id$
+#-
+# This file is part of the OpenADK project. OpenADK is copyrighted
+# material, please see the LICENCE file in the top-level directory.
+
+include ${TOPDIR}/rules.mk
+
+PKG_NAME:=		openssh
+PKG_VERSION:=		5.2p1
+PKG_RELEASE:=		1
+PKG_MD5SUM:=		ada79c7328a8551bdf55c95e631e7dad
+MASTER_SITES:=		ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/ \
+			ftp://openbsd.wiretapped.net/pub/OpenBSD/OpenSSH/portable/ \
+			ftp://ftp.belnet.be/packages/openbsd/OpenSSH/portable/ \
+			ftp://ftp.de.openbsd.org/pub/unix/OpenBSD/OpenSSH/portable/
+
+include ${TOPDIR}/mk/package.mk
+
+$(eval $(call PKG_template,OPENSSH_CLIENT,openssh-client,${PKG_VERSION}-${PKG_RELEASE},${ARCH}))
+$(eval $(call PKG_template,OPENSSH_CLIENT_UTILS,openssh-client-utils,${PKG_VERSION}-${PKG_RELEASE},${ARCH}))
+$(eval $(call PKG_template,OPENSSH_SERVER,openssh-server,${PKG_VERSION}-${PKG_RELEASE},${ARCH}))
+$(eval $(call PKG_template,OPENSSH_SFTP_CLIENT,openssh-sftp-client,${PKG_VERSION}-${PKG_RELEASE},${ARCH}))
+$(eval $(call PKG_template,OPENSSH_SFTP_SERVER,openssh-sftp-server,${PKG_VERSION}-${PKG_RELEASE},${ARCH}))
+
+PKG_DEPENDS:=		zlib, libopenssl,
+
+ifeq ($(ADK_COMPILE_OPENSSH_WITH_KERBEROS),y)
+CONFIGURE_ARGS+=	--with-kerberos5="${STAGING_DIR}/usr"
+PKG_DEPENDS+=		heimdal-libs
+else
+CONFIGURE_ARGS+=	--without-kerberos5
+endif
+CONFIGURE_STYLE:=	gnu
+CONFIGURE_ENV+=		LD='${TARGET_CC}' \
+			ac_cv_func_setlogin=no
+CONFIGURE_ARGS+=	--disable-strip \
+			--disable-etc-default-login \
+			--disable-lastlog \
+			--disable-utmp \
+			--disable-utmpx \
+			--disable-wtmp \
+			--disable-wtmpx \
+			--without-bsd-auth \
+			--without-pam \
+			--without-x \
+			--without-zlib-version-check \
+			--sysconfdir=/etc/ssh \
+			--with-privsep-user=sshd \
+			--with-privsep-path=/var/run/sshd
+BUILD_STYLE:=		auto
+INSTALL_STYLE:=		auto
+
+post-install:
+	${INSTALL_DIR} ${IDIR_OPENSSH_SERVER}/etc/ssh
+	${INSTALL_DIR} ${IDIR_OPENSSH_SERVER}/etc/init.d
+	${INSTALL_DIR} ${IDIR_OPENSSH_SERVER}/usr/bin
+	${INSTALL_DIR} ${IDIR_OPENSSH_SERVER}/usr/sbin
+	${INSTALL_SCRIPT} files/sshd.init \
+	    ${IDIR_OPENSSH_SERVER}/etc/init.d/sshd
+	${CP} ./files/sshd_config ${IDIR_OPENSSH_SERVER}/etc/ssh
+	${INSTALL_BIN} ${WRKINST}/usr/bin/ssh-keygen \
+		${IDIR_OPENSSH_SERVER}/usr/bin
+	${INSTALL_BIN} ${WRKINST}/usr/sbin/sshd \
+	 	${IDIR_OPENSSH_SERVER}/usr/sbin
+	${INSTALL_DIR} ${IDIR_OPENSSH_CLIENT}/etc/ssh
+	${INSTALL_DIR} ${IDIR_OPENSSH_CLIENT}/usr/bin
+	${INSTALL_DATA} ${WRKINST}/etc/ssh/ssh_config \
+	    ${IDIR_OPENSSH_CLIENT}/etc/ssh
+	${INSTALL_BIN} ${WRKINST}/usr/bin/{ssh,scp} \
+	    ${IDIR_OPENSSH_CLIENT}/usr/bin
+	${INSTALL_DIR} ${IDIR_OPENSSH_CLIENT_UTILS}/usr/bin
+	${INSTALL_BIN} ${WRKINST}/usr/bin/ssh-{add,agent,keyscan} \
+	    ${IDIR_OPENSSH_CLIENT_UTILS}/usr/bin
+	${INSTALL_DIR} ${IDIR_OPENSSH_SFTP_CLIENT}/usr/bin
+	${INSTALL_DIR} ${IDIR_OPENSSH_SFTP_SERVER}/usr/sbin
+	${INSTALL_BIN} ${WRKINST}/usr/bin/sftp \
+		${IDIR_OPENSSH_SFTP_CLIENT}/usr/bin
+	${INSTALL_BIN} ${WRKINST}/usr/sbin/sftp-server \
+		${IDIR_OPENSSH_SFTP_SERVER}/usr/sbin
+	chmod 0700 {${IDIR_OPENSSH_CLIENT},${IDIR_OPENSSH_SERVER}}/etc/ssh
+	echo 'Depends: ${PKG_DEPENDS}' >>${IDIR_OPENSSH_SERVER}/CONTROL/control
+
+include ${TOPDIR}/mk/pkg-bottom.mk
diff --git a/package/openssh/files/sshd.init b/package/openssh/files/sshd.init
new file mode 100644
index 000000000..19774b891
--- /dev/null
+++ b/package/openssh/files/sshd.init
@@ -0,0 +1,47 @@
+#!/bin/sh
+#FWINIT 50
+. /etc/rc.conf
+
+case $1 in
+autostop) ;;
+autostart)
+	[[ $openssh = NO ]] && exit 0
+	grep dropbear_flags /etc/rc.conf >/dev/null 2>&1 || dropbear_flags=NO
+	if [[ $openssh = AUTO && $dropbear_flags != NO ]]; then
+		echo openssh not starting: set to AUTO and dropbear is enabled
+		exit 0
+	fi
+	exec sh $0 start
+	;;
+start)
+	if [[ ! -s /etc/ssh/ssh_host_rsa_key ]]; then
+		mkdir -p /etc/ssh
+		if [[ ! -x /usr/bin/ssh-keygen ]]; then
+			bothlog openssh not starting: SSH private key missing
+			exit 0
+		fi
+		echo "openssh: generating SSH private key (RSA)"
+		/usr/bin/ssh-keygen -N '' -t rsa -f /etc/ssh/ssh_host_rsa_key
+		rv=$?
+		echo openssh: key generation exited with code $rv
+		[[ $rv = 0 && -s /etc/ssh/ssh_host_rsa_key ]] || exit 1
+	fi
+	mkdir -p /var/run/sshd
+	mkdir -p /var/empty
+	/usr/sbin/sshd
+	;;
+stop)
+	if [ -e /var/run/sshd.pid ]; then
+		kill $(cat /var/run/sshd.pid)
+	fi
+	;;
+restart)
+	sh $0 stop
+	sh $0 start
+	;;
+*)
+	echo "Usage: $0 {start | stop | restart}"
+	exit 1
+	;;
+esac
+exit $?
diff --git a/package/openssh/files/sshd_config b/package/openssh/files/sshd_config
new file mode 100644
index 000000000..19b87bd17
--- /dev/null
+++ b/package/openssh/files/sshd_config
@@ -0,0 +1,113 @@
+#	$OpenBSD: sshd_config,v 1.80 2008/07/02 02:24:18 djm Exp $
+
+# This is the sshd server system-wide configuration file.  See
+# sshd_config(5) for more information.
+
+# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin
+
+# The strategy used for options in the default sshd_config shipped with
+# OpenSSH is to specify options with their default value where
+# possible, but leave them commented.  Uncommented options change a
+# default value.
+
+#Port 22
+#AddressFamily any
+ListenAddress 0.0.0.0
+#ListenAddress ::
+
+# Disable legacy (protocol version 1) support in the server for new
+# installations. In future the default will change to require explicit
+# activation of protocol 1
+Protocol 2
+
+# HostKey for protocol version 1
+#HostKey /etc/ssh/ssh_host_key
+# HostKeys for protocol version 2
+HostKey /etc/ssh/ssh_host_rsa_key
+#HostKey /etc/ssh/ssh_host_dsa_key
+
+# Lifetime and size of ephemeral version 1 server key
+#KeyRegenerationInterval 1h
+#ServerKeyBits 1024
+
+# Logging
+# obsoletes QuietMode and FascistLogging
+#SyslogFacility AUTH
+#LogLevel INFO
+
+# Authentication:
+
+#LoginGraceTime 2m
+PermitRootLogin without-password
+#StrictModes yes
+#MaxAuthTries 6
+#MaxSessions 10
+
+#RSAAuthentication yes
+PubkeyAuthentication yes
+AuthorizedKeysFile	/etc/ssh/authorized_keys
+
+# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
+#RhostsRSAAuthentication no
+# similar for protocol version 2
+#HostbasedAuthentication no
+# Change to yes if you don't trust ~/.ssh/known_hosts for
+# RhostsRSAAuthentication and HostbasedAuthentication
+#IgnoreUserKnownHosts no
+# Don't read the user's ~/.rhosts and ~/.shosts files
+#IgnoreRhosts yes
+
+# To disable tunneled clear text passwords, change to no here!
+#PasswordAuthentication yes
+#PermitEmptyPasswords no
+
+# Change to no to disable s/key passwords
+#ChallengeResponseAuthentication yes
+
+# GSSAPI options for Kerberos 5
+#GSSAPIAuthentication no
+#GSSAPICleanupCredentials yes
+
+# Set this to 'yes' to enable PAM authentication, account processing, 
+# and session processing. If this is enabled, PAM authentication will 
+# be allowed through the ChallengeResponseAuthentication and
+# PasswordAuthentication.  Depending on your PAM configuration,
+# PAM authentication via ChallengeResponseAuthentication may bypass
+# the setting of "PermitRootLogin without-password".
+# If you just want the PAM account and session checks to run without
+# PAM authentication, then enable this but set PasswordAuthentication
+# and ChallengeResponseAuthentication to 'no'.
+#UsePAM no
+
+#AllowAgentForwarding yes
+#AllowTcpForwarding yes
+#GatewayPorts no
+#X11Forwarding no
+#X11DisplayOffset 10
+#X11UseLocalhost yes
+#PrintMotd yes
+#PrintLastLog yes
+#TCPKeepAlive yes
+#UseLogin no
+UsePrivilegeSeparation yes
+#PermitUserEnvironment no
+#Compression delayed
+#ClientAliveInterval 0
+#ClientAliveCountMax 3
+#UseDNS yes
+#PidFile /var/run/sshd.pid
+#MaxStartups 10
+#PermitTunnel no
+#ChrootDirectory none
+
+# no default banner path
+#Banner none
+
+# override default of no subsystems
+Subsystem	sftp	/usr/sbin/sftp-server
+
+# Example of overriding settings on a per-user basis
+#Match User anoncvs
+#	X11Forwarding no
+#	AllowTcpForwarding no
+#	ForceCommand cvs server
diff --git a/package/openssh/ipkg/openssh-client-utils.control b/package/openssh/ipkg/openssh-client-utils.control
new file mode 100644
index 000000000..d34db0ddf
--- /dev/null
+++ b/package/openssh/ipkg/openssh-client-utils.control
@@ -0,0 +1,5 @@
+Package: openssh-client-utils
+Priority: optional
+Section: net
+Depends: zlib, libopenssl
+Description: OpenSSH client utilities
diff --git a/package/openssh/ipkg/openssh-client.conffiles b/package/openssh/ipkg/openssh-client.conffiles
new file mode 100644
index 000000000..489e8267f
--- /dev/null
+++ b/package/openssh/ipkg/openssh-client.conffiles
@@ -0,0 +1 @@
+/etc/ssh/ssh_config
\ No newline at end of file
diff --git a/package/openssh/ipkg/openssh-client.control b/package/openssh/ipkg/openssh-client.control
new file mode 100644
index 000000000..183b7f152
--- /dev/null
+++ b/package/openssh/ipkg/openssh-client.control
@@ -0,0 +1,5 @@
+Package: openssh-client
+Priority: optional
+Section: net
+Depends: zlib, libopenssl
+Description: OpenSSH client
diff --git a/package/openssh/ipkg/openssh-server.conffiles b/package/openssh/ipkg/openssh-server.conffiles
new file mode 100644
index 000000000..6f0cfbcbe
--- /dev/null
+++ b/package/openssh/ipkg/openssh-server.conffiles
@@ -0,0 +1 @@
+/etc/ssh/sshd_config
\ No newline at end of file
diff --git a/package/openssh/ipkg/openssh-server.control b/package/openssh/ipkg/openssh-server.control
new file mode 100644
index 000000000..5fde84ecd
--- /dev/null
+++ b/package/openssh/ipkg/openssh-server.control
@@ -0,0 +1,4 @@
+Package: openssh-server
+Priority: optional
+Section: net
+Description: OpenSSH server
diff --git a/package/openssh/ipkg/openssh-server.postinst b/package/openssh/ipkg/openssh-server.postinst
new file mode 100644
index 000000000..e14a2b0b9
--- /dev/null
+++ b/package/openssh/ipkg/openssh-server.postinst
@@ -0,0 +1,5 @@
+#!/bin/sh
+. $IPKG_INSTROOT/etc/functions.sh
+add_user sshd $(get_next_uid) $(get_next_gid) /var/run/sshd
+add_group sshd $(get_next_gid)
+add_rcconf 'use "NO" to disable always, "AUTO" if dropbear is on' openssh AUTO
diff --git a/package/openssh/ipkg/openssh-sftp-client.control b/package/openssh/ipkg/openssh-sftp-client.control
new file mode 100644
index 000000000..705a3854a
--- /dev/null
+++ b/package/openssh/ipkg/openssh-sftp-client.control
@@ -0,0 +1,5 @@
+Package: openssh-sftp-client
+Priority: optional
+Section: net
+Depends: zlib, libopenssl
+Description: OpenSSH SFTP client
diff --git a/package/openssh/ipkg/openssh-sftp-server.control b/package/openssh/ipkg/openssh-sftp-server.control
new file mode 100644
index 000000000..8c17fcc5b
--- /dev/null
+++ b/package/openssh/ipkg/openssh-sftp-server.control
@@ -0,0 +1,5 @@
+Package: openssh-sftp-server
+Priority: optional
+Section: net
+Depends: zlib, libopenssl
+Description: OpenSSH SFTP server
diff --git a/package/openssh/patches/patch-cipher_c b/package/openssh/patches/patch-cipher_c
new file mode 100644
index 000000000..9edbd4167
--- /dev/null
+++ b/package/openssh/patches/patch-cipher_c
@@ -0,0 +1,35 @@
+$Id: update-patches 24 2008-08-31 14:56:13Z wbx $
+--- openssh-5.2p1.orig/cipher.c	2009-01-28 06:38:41.000000000 +0100
++++ openssh-5.2p1/cipher.c	2009-05-01 13:39:23.000000000 +0200
+@@ -69,21 +69,30 @@ struct Cipher {
+ 	{ "none",		SSH_CIPHER_NONE, 8, 0, 0, 0, EVP_enc_null },
+ 	{ "des",		SSH_CIPHER_DES, 8, 8, 0, 1, EVP_des_cbc },
+ 	{ "3des",		SSH_CIPHER_3DES, 8, 16, 0, 1, evp_ssh1_3des },
++#ifndef OPENSSL_NO_BF
+ 	{ "blowfish",		SSH_CIPHER_BLOWFISH, 8, 32, 0, 1, evp_ssh1_bf },
+-
++#endif
+ 	{ "3des-cbc",		SSH_CIPHER_SSH2, 8, 24, 0, 1, EVP_des_ede3_cbc },
++#ifndef OPENSSL_NO_BF
+ 	{ "blowfish-cbc",	SSH_CIPHER_SSH2, 8, 16, 0, 1, EVP_bf_cbc },
++#endif
++#ifndef OPENSSL_NO_CAST
+ 	{ "cast128-cbc",	SSH_CIPHER_SSH2, 8, 16, 0, 1, EVP_cast5_cbc },
++#endif
+ 	{ "arcfour",		SSH_CIPHER_SSH2, 8, 16, 0, 0, EVP_rc4 },
+ 	{ "arcfour128",		SSH_CIPHER_SSH2, 8, 16, 1536, 0, EVP_rc4 },
+ 	{ "arcfour256",		SSH_CIPHER_SSH2, 8, 32, 1536, 0, EVP_rc4 },
+ 	{ "aes128-cbc",		SSH_CIPHER_SSH2, 16, 16, 0, 1, EVP_aes_128_cbc },
++#ifndef OPENSSL_NO_AES192
+ 	{ "aes192-cbc",		SSH_CIPHER_SSH2, 16, 24, 0, 1, EVP_aes_192_cbc },
++#endif
+ 	{ "aes256-cbc",		SSH_CIPHER_SSH2, 16, 32, 0, 1, EVP_aes_256_cbc },
+ 	{ "rijndael-cbc@lysator.liu.se",
+ 				SSH_CIPHER_SSH2, 16, 32, 0, 1, EVP_aes_256_cbc },
+ 	{ "aes128-ctr",		SSH_CIPHER_SSH2, 16, 16, 0, 0, evp_aes_128_ctr },
++#ifndef OPENSSL_NO_AES192
+ 	{ "aes192-ctr",		SSH_CIPHER_SSH2, 16, 24, 0, 0, evp_aes_128_ctr },
++#endif
+ 	{ "aes256-ctr",		SSH_CIPHER_SSH2, 16, 32, 0, 0, evp_aes_128_ctr },
+ #ifdef USE_CIPHER_ACSS
+ 	{ "acss@openssh.org",	SSH_CIPHER_SSH2, 16, 5, 0, 0, EVP_acss },
diff --git a/package/openssh/patches/patch-configure b/package/openssh/patches/patch-configure
new file mode 100644
index 000000000..aa0b7af45
--- /dev/null
+++ b/package/openssh/patches/patch-configure
@@ -0,0 +1,12 @@
+$Id: update-patches 24 2008-08-31 14:56:13Z wbx $
+--- openssh-5.2p1.orig/configure	2009-02-23 01:18:14.000000000 +0100
++++ openssh-5.2p1/configure	2009-05-01 12:34:00.000000000 +0200
+@@ -26712,7 +26712,7 @@ echo "${ECHO_T}yes" >&6; }
+ #define HEIMDAL 1
+ _ACEOF
+ 
+-					 K5LIBS="-lkrb5 -ldes"
++					 K5LIBS="-lkrb5"
+ 					 K5LIBS="$K5LIBS -lcom_err -lasn1"
+ 					 { echo "$as_me:$LINENO: checking for net_write in -lroken" >&5
+ echo $ECHO_N "checking for net_write in -lroken... $ECHO_C" >&6; }
diff --git a/package/openssh/patches/patch-mac_c b/package/openssh/patches/patch-mac_c
new file mode 100644
index 000000000..28e27e186
--- /dev/null
+++ b/package/openssh/patches/patch-mac_c
@@ -0,0 +1,14 @@
+$Id: update-patches 24 2008-08-31 14:56:13Z wbx $
+--- openssh-5.2p1.orig/mac.c	2008-06-13 02:58:50.000000000 +0200
++++ openssh-5.2p1/mac.c	2009-05-01 13:34:59.000000000 +0200
+@@ -59,8 +59,10 @@ struct {
+ 	{ "hmac-sha1-96",		SSH_EVP, EVP_sha1, 96, -1, -1 },
+ 	{ "hmac-md5",			SSH_EVP, EVP_md5, 0, -1, -1 },
+ 	{ "hmac-md5-96",		SSH_EVP, EVP_md5, 96, -1, -1 },
++#ifndef OPENSSL_NO_RIPEMD
+ 	{ "hmac-ripemd160",		SSH_EVP, EVP_ripemd160, 0, -1, -1 },
+ 	{ "hmac-ripemd160@openssh.com",	SSH_EVP, EVP_ripemd160, 0, -1, -1 },
++#endif
+ 	{ "umac-64@openssh.com",	SSH_UMAC, NULL, 0, 128, 64 },
+ 	{ NULL,				0, NULL, 0, -1, -1 }
+ };
diff --git a/package/openssh/patches/patch-myproposal_h b/package/openssh/patches/patch-myproposal_h
new file mode 100644
index 000000000..38345863e
--- /dev/null
+++ b/package/openssh/patches/patch-myproposal_h
@@ -0,0 +1,45 @@
+$Id: update-patches 24 2008-08-31 14:56:13Z wbx $
+--- openssh-5.2p1.orig/myproposal.h	2009-01-28 06:33:31.000000000 +0100
++++ openssh-5.2p1/myproposal.h	2009-05-01 14:00:47.000000000 +0200
+@@ -42,15 +42,35 @@
+ 
+ #define	KEX_DEFAULT_PK_ALG	"ssh-rsa,ssh-dss"
+ 
++
++#ifndef OPENSSL_NO_AES192
++#define KEX_ENCRYPT_AES192	",aes192-ctr,aes192-cbc"
++#else
++#define KEX_ENCRYPT_AES192
++#endif
++#ifndef OPENSSL_NO_BF
++#define KEX_ENCRYPT_BF		",blowfish-cbc"
++#else
++#define KEX_ENCRYPT_BF
++#endif
++#ifndef OPENSSL_NO_CAST 
++#define KEX_ENCRYPT_CAST	",cast128-cbc"
++#define KEX_MAC_CAST		",hmac-ripemd160,hmac-ripemd160@openssh.com"
++#else
++#define KEX_ENCRYPT_CAST
++#define KEX_MAC_CAST
++#endif
++
+ #define	KEX_DEFAULT_ENCRYPT \
+-	"aes128-ctr,aes192-ctr,aes256-ctr," \
++	"aes128-ctr,aes256-ctr," \
+ 	"arcfour256,arcfour128," \
+-	"aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc," \
+-	"aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se"
++	"aes128-cbc,3des-cbc," \
++	"aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se" \
++	 KEX_ENCRYPT_AES192 KEX_ENCRYPT_BF KEX_ENCRYPT_CAST
+ #define	KEX_DEFAULT_MAC \
+-	"hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160," \
+-	"hmac-ripemd160@openssh.com," \
+-	"hmac-sha1-96,hmac-md5-96"
++	"hmac-md5,hmac-sha1,umac-64@openssh.com," \
++	"hmac-sha1-96,hmac-md5-96" \
++	KEX_MAC_CAST
+ #define	KEX_DEFAULT_COMP	"none,zlib@openssh.com,zlib"
+ #define	KEX_DEFAULT_LANG	""
+ 
diff --git a/package/openssh/patches/patch-openbsd-compat_port-tun_c b/package/openssh/patches/patch-openbsd-compat_port-tun_c
new file mode 100644
index 000000000..bc6e0b1b3
--- /dev/null
+++ b/package/openssh/patches/patch-openbsd-compat_port-tun_c
@@ -0,0 +1,12 @@
+$Id: update-patches 24 2008-08-31 14:56:13Z wbx $
+--- openssh-5.1p1.orig/openbsd-compat/port-tun.c	2008-05-19 07:28:36.000000000 +0200
++++ openssh-5.1p1/openbsd-compat/port-tun.c	2008-10-14 10:20:42.000000000 +0200
+@@ -213,7 +213,7 @@ sys_tun_infilter(struct Channel *c, char
+ 	if (len <= 0 || len > (int)(sizeof(rbuf) - sizeof(*af)))
+ 		return (-1);
+ 	ptr = (char *)&rbuf[0];
+-	bcopy(buf, ptr + sizeof(u_int32_t), len);
++	memcpy(ptr + sizeof(u_int32_t), buf, len);
+ 	len += sizeof(u_int32_t);
+ 	af = (u_int32_t *)ptr;
+