From 219a6dab8995aad9ac4860cc1a84d6f3509a03a4 Mon Sep 17 00:00:00 2001 From: wbx Date: Sun, 17 May 2009 14:41:34 +0200 Subject: Initial import --- package/openssh/Config.in | 140 +++++++++++++++++++++ package/openssh/Makefile | 83 ++++++++++++ package/openssh/files/sshd.init | 47 +++++++ package/openssh/files/sshd_config | 113 +++++++++++++++++ package/openssh/ipkg/openssh-client-utils.control | 5 + package/openssh/ipkg/openssh-client.conffiles | 1 + package/openssh/ipkg/openssh-client.control | 5 + package/openssh/ipkg/openssh-server.conffiles | 1 + package/openssh/ipkg/openssh-server.control | 4 + package/openssh/ipkg/openssh-server.postinst | 5 + package/openssh/ipkg/openssh-sftp-client.control | 5 + package/openssh/ipkg/openssh-sftp-server.control | 5 + package/openssh/patches/patch-cipher_c | 35 ++++++ package/openssh/patches/patch-configure | 12 ++ package/openssh/patches/patch-mac_c | 14 +++ package/openssh/patches/patch-myproposal_h | 45 +++++++ .../patches/patch-openbsd-compat_port-tun_c | 12 ++ 17 files changed, 532 insertions(+) create mode 100644 package/openssh/Config.in create mode 100644 package/openssh/Makefile create mode 100644 package/openssh/files/sshd.init create mode 100644 package/openssh/files/sshd_config create mode 100644 package/openssh/ipkg/openssh-client-utils.control create mode 100644 package/openssh/ipkg/openssh-client.conffiles create mode 100644 package/openssh/ipkg/openssh-client.control create mode 100644 package/openssh/ipkg/openssh-server.conffiles create mode 100644 package/openssh/ipkg/openssh-server.control create mode 100644 package/openssh/ipkg/openssh-server.postinst create mode 100644 package/openssh/ipkg/openssh-sftp-client.control create mode 100644 package/openssh/ipkg/openssh-sftp-server.control create mode 100644 package/openssh/patches/patch-cipher_c create mode 100644 package/openssh/patches/patch-configure create mode 100644 package/openssh/patches/patch-mac_c create mode 100644 package/openssh/patches/patch-myproposal_h create mode 100644 package/openssh/patches/patch-openbsd-compat_port-tun_c (limited to 'package/openssh') diff --git a/package/openssh/Config.in b/package/openssh/Config.in new file mode 100644 index 000000000..136333826 --- /dev/null +++ b/package/openssh/Config.in @@ -0,0 +1,140 @@ +config ADK_COMPILE_OPENSSH + prompt "openssh........................... OpenSSH software" + bool + default n + +config ADK_COMPILE_OPENSSH_WITH_KERBEROS + prompt "Enable Kerberos support" + bool + depends on ADK_COMPILE_OPENSSH + +choice +prompt "Kerberos implementation" +depends on ADK_COMPILE_OPENSSH_WITH_KERBEROS +config ADK_COMPILE_OPENSSH_WITH_KRB5 + prompt "MIT" + bool + select ADK_PACKAGE_KRB5_LIBS + help + Use MIT kerberos libraries. + +config ADK_COMPILE_OPENSSH_WITH_HEIMDAL + prompt "Heimdal" + bool + select ADK_COMPILE_HEIMDAL + select ADK_PACKAGE_HEIMDAL_LIBS + help + Use heimdal kerberos libraries. + +endchoice + +config ADK_PACKAGE_OPENSSH_CLIENT + prompt "openssh-client.................... OpenSSH clients" + tristate + default n + select ADK_PACKAGE_LIBOPENSSL + select ADK_PACKAGE_ZLIB + depends on ADK_COMPILE_OPENSSH + help + OpenSSH is a FREE version of the SSH protocol suite of network + connectivity tools that increasing numbers of people on the Internet + are coming to rely on. Many users of telnet, rlogin, ftp, and other + such programs might not realize that their password is transmitted + across the Internet unencrypted, but it is. OpenSSH encrypts all + traffic (including passwords) to effectively eliminate eavesdropping, + connection hijacking, and other network-level attacks. Additionally, + OpenSSH provides a myriad of secure tunneling capabilities, as well + as a variety of authentication methods. + + This package contains the ssh(1) client and the scp(1) client/server. + + http://www.openssh.com/ + +config ADK_PACKAGE_OPENSSH_CLIENT_UTILS + prompt "openssh-client-utils............ OpenSSH client utilities" + tristate + default n + depends on ADK_PACKAGE_OPENSSH_CLIENT + depends on ADK_COMPILE_OPENSSH + help + OpenSSH is a FREE version of the SSH protocol suite of network + connectivity tools that increasing numbers of people on the Internet + are coming to rely on. Many users of telnet, rlogin, ftp, and other + such programs might not realize that their password is transmitted + across the Internet unencrypted, but it is. OpenSSH encrypts all + traffic (including passwords) to effectively eliminate eavesdropping, + connection hijacking, and other network-level attacks. Additionally, + OpenSSH provides a myriad of secure tunneling capabilities, as well + as a variety of authentication methods. + + This package contains ssh-agent and ssh-add as well as ssh-keyscan. + + http://www.openssh.com/ + +config ADK_PACKAGE_OPENSSH_SERVER + prompt "openssh-server.................... OpenSSH server" + tristate + default n + select ADK_PACKAGE_LIBOPENSSL + select ADK_PACKAGE_ZLIB + depends on ADK_COMPILE_OPENSSH + help + OpenSSH is a FREE version of the SSH protocol suite of network + connectivity tools that increasing numbers of people on the Internet + are coming to rely on. Many users of telnet, rlogin, ftp, and other + such programs might not realize that their password is transmitted + across the Internet unencrypted, but it is. OpenSSH encrypts all + traffic (including passwords) to effectively eliminate eavesdropping, + connection hijacking, and other network-level attacks. Additionally, + OpenSSH provides a myriad of secure tunneling capabilities, as well + as a variety of authentication methods. + + This package contains sshd(8) and ssh-keygen(8), but not scp(1), + which is needed for SCP server support. + + http://www.openssh.com/ + + +config ADK_PACKAGE_OPENSSH_SFTP_CLIENT + prompt "openssh-sftp-client............... OpenSSH SFTP client" + tristate + default n + select ADK_PACKAGE_LIBOPENSSL + select ADK_PACKAGE_ZLIB + depends on ADK_COMPILE_OPENSSH + help + OpenSSH is a FREE version of the SSH protocol suite of network + connectivity tools that increasing numbers of people on the Internet + are coming to rely on. Many users of telnet, rlogin, ftp, and other + such programs might not realize that their password is transmitted + across the Internet unencrypted, but it is. OpenSSH encrypts all + traffic (including passwords) to effectively eliminate eavesdropping, + connection hijacking, and other network-level attacks. Additionally, + OpenSSH provides a myriad of secure tunneling capabilities, as well + as a variety of authentication methods. + + This package contains the /usr/bin/sftp client utility. + + http://www.openssh.com/ + +config ADK_PACKAGE_OPENSSH_SFTP_SERVER + prompt "openssh-sftp-server............... OpenSSH SFTP server" + tristate + default n + select ADK_PACKAGE_LIBOPENSSL + select ADK_PACKAGE_ZLIB + depends on ADK_COMPILE_OPENSSH + help + OpenSSH is a FREE version of the SSH protocol suite of network + connectivity tools that increasing numbers of people on the Internet + are coming to rely on. Many users of telnet, rlogin, ftp, and other + such programs might not realize that their password is transmitted + across the Internet unencrypted, but it is. OpenSSH encrypts all + traffic (including passwords) to effectively eliminate eavesdropping, + connection hijacking, and other network-level attacks. Additionally, + OpenSSH provides a myriad of secure tunneling capabilities, as well + as a variety of authentication methods. + + This package contains the SFTP server helper programme. + + http://www.openssh.com/ diff --git a/package/openssh/Makefile b/package/openssh/Makefile new file mode 100644 index 000000000..a46d3bbca --- /dev/null +++ b/package/openssh/Makefile @@ -0,0 +1,83 @@ +# $Id$ +#- +# This file is part of the OpenADK project. OpenADK is copyrighted +# material, please see the LICENCE file in the top-level directory. + +include ${TOPDIR}/rules.mk + +PKG_NAME:= openssh +PKG_VERSION:= 5.2p1 +PKG_RELEASE:= 1 +PKG_MD5SUM:= ada79c7328a8551bdf55c95e631e7dad +MASTER_SITES:= ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/ \ + ftp://openbsd.wiretapped.net/pub/OpenBSD/OpenSSH/portable/ \ + ftp://ftp.belnet.be/packages/openbsd/OpenSSH/portable/ \ + ftp://ftp.de.openbsd.org/pub/unix/OpenBSD/OpenSSH/portable/ + +include ${TOPDIR}/mk/package.mk + +$(eval $(call PKG_template,OPENSSH_CLIENT,openssh-client,${PKG_VERSION}-${PKG_RELEASE},${ARCH})) +$(eval $(call PKG_template,OPENSSH_CLIENT_UTILS,openssh-client-utils,${PKG_VERSION}-${PKG_RELEASE},${ARCH})) +$(eval $(call PKG_template,OPENSSH_SERVER,openssh-server,${PKG_VERSION}-${PKG_RELEASE},${ARCH})) +$(eval $(call PKG_template,OPENSSH_SFTP_CLIENT,openssh-sftp-client,${PKG_VERSION}-${PKG_RELEASE},${ARCH})) +$(eval $(call PKG_template,OPENSSH_SFTP_SERVER,openssh-sftp-server,${PKG_VERSION}-${PKG_RELEASE},${ARCH})) + +PKG_DEPENDS:= zlib, libopenssl, + +ifeq ($(ADK_COMPILE_OPENSSH_WITH_KERBEROS),y) +CONFIGURE_ARGS+= --with-kerberos5="${STAGING_DIR}/usr" +PKG_DEPENDS+= heimdal-libs +else +CONFIGURE_ARGS+= --without-kerberos5 +endif +CONFIGURE_STYLE:= gnu +CONFIGURE_ENV+= LD='${TARGET_CC}' \ + ac_cv_func_setlogin=no +CONFIGURE_ARGS+= --disable-strip \ + --disable-etc-default-login \ + --disable-lastlog \ + --disable-utmp \ + --disable-utmpx \ + --disable-wtmp \ + --disable-wtmpx \ + --without-bsd-auth \ + --without-pam \ + --without-x \ + --without-zlib-version-check \ + --sysconfdir=/etc/ssh \ + --with-privsep-user=sshd \ + --with-privsep-path=/var/run/sshd +BUILD_STYLE:= auto +INSTALL_STYLE:= auto + +post-install: + ${INSTALL_DIR} ${IDIR_OPENSSH_SERVER}/etc/ssh + ${INSTALL_DIR} ${IDIR_OPENSSH_SERVER}/etc/init.d + ${INSTALL_DIR} ${IDIR_OPENSSH_SERVER}/usr/bin + ${INSTALL_DIR} ${IDIR_OPENSSH_SERVER}/usr/sbin + ${INSTALL_SCRIPT} files/sshd.init \ + ${IDIR_OPENSSH_SERVER}/etc/init.d/sshd + ${CP} ./files/sshd_config ${IDIR_OPENSSH_SERVER}/etc/ssh + ${INSTALL_BIN} ${WRKINST}/usr/bin/ssh-keygen \ + ${IDIR_OPENSSH_SERVER}/usr/bin + ${INSTALL_BIN} ${WRKINST}/usr/sbin/sshd \ + ${IDIR_OPENSSH_SERVER}/usr/sbin + ${INSTALL_DIR} ${IDIR_OPENSSH_CLIENT}/etc/ssh + ${INSTALL_DIR} ${IDIR_OPENSSH_CLIENT}/usr/bin + ${INSTALL_DATA} ${WRKINST}/etc/ssh/ssh_config \ + ${IDIR_OPENSSH_CLIENT}/etc/ssh + ${INSTALL_BIN} ${WRKINST}/usr/bin/{ssh,scp} \ + ${IDIR_OPENSSH_CLIENT}/usr/bin + ${INSTALL_DIR} ${IDIR_OPENSSH_CLIENT_UTILS}/usr/bin + ${INSTALL_BIN} ${WRKINST}/usr/bin/ssh-{add,agent,keyscan} \ + ${IDIR_OPENSSH_CLIENT_UTILS}/usr/bin + ${INSTALL_DIR} ${IDIR_OPENSSH_SFTP_CLIENT}/usr/bin + ${INSTALL_DIR} ${IDIR_OPENSSH_SFTP_SERVER}/usr/sbin + ${INSTALL_BIN} ${WRKINST}/usr/bin/sftp \ + ${IDIR_OPENSSH_SFTP_CLIENT}/usr/bin + ${INSTALL_BIN} ${WRKINST}/usr/sbin/sftp-server \ + ${IDIR_OPENSSH_SFTP_SERVER}/usr/sbin + chmod 0700 {${IDIR_OPENSSH_CLIENT},${IDIR_OPENSSH_SERVER}}/etc/ssh + echo 'Depends: ${PKG_DEPENDS}' >>${IDIR_OPENSSH_SERVER}/CONTROL/control + +include ${TOPDIR}/mk/pkg-bottom.mk diff --git a/package/openssh/files/sshd.init b/package/openssh/files/sshd.init new file mode 100644 index 000000000..19774b891 --- /dev/null +++ b/package/openssh/files/sshd.init @@ -0,0 +1,47 @@ +#!/bin/sh +#FWINIT 50 +. /etc/rc.conf + +case $1 in +autostop) ;; +autostart) + [[ $openssh = NO ]] && exit 0 + grep dropbear_flags /etc/rc.conf >/dev/null 2>&1 || dropbear_flags=NO + if [[ $openssh = AUTO && $dropbear_flags != NO ]]; then + echo openssh not starting: set to AUTO and dropbear is enabled + exit 0 + fi + exec sh $0 start + ;; +start) + if [[ ! -s /etc/ssh/ssh_host_rsa_key ]]; then + mkdir -p /etc/ssh + if [[ ! -x /usr/bin/ssh-keygen ]]; then + bothlog openssh not starting: SSH private key missing + exit 0 + fi + echo "openssh: generating SSH private key (RSA)" + /usr/bin/ssh-keygen -N '' -t rsa -f /etc/ssh/ssh_host_rsa_key + rv=$? + echo openssh: key generation exited with code $rv + [[ $rv = 0 && -s /etc/ssh/ssh_host_rsa_key ]] || exit 1 + fi + mkdir -p /var/run/sshd + mkdir -p /var/empty + /usr/sbin/sshd + ;; +stop) + if [ -e /var/run/sshd.pid ]; then + kill $(cat /var/run/sshd.pid) + fi + ;; +restart) + sh $0 stop + sh $0 start + ;; +*) + echo "Usage: $0 {start | stop | restart}" + exit 1 + ;; +esac +exit $? diff --git a/package/openssh/files/sshd_config b/package/openssh/files/sshd_config new file mode 100644 index 000000000..19b87bd17 --- /dev/null +++ b/package/openssh/files/sshd_config @@ -0,0 +1,113 @@ +# $OpenBSD: sshd_config,v 1.80 2008/07/02 02:24:18 djm Exp $ + +# This is the sshd server system-wide configuration file. See +# sshd_config(5) for more information. + +# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin + +# The strategy used for options in the default sshd_config shipped with +# OpenSSH is to specify options with their default value where +# possible, but leave them commented. Uncommented options change a +# default value. + +#Port 22 +#AddressFamily any +ListenAddress 0.0.0.0 +#ListenAddress :: + +# Disable legacy (protocol version 1) support in the server for new +# installations. In future the default will change to require explicit +# activation of protocol 1 +Protocol 2 + +# HostKey for protocol version 1 +#HostKey /etc/ssh/ssh_host_key +# HostKeys for protocol version 2 +HostKey /etc/ssh/ssh_host_rsa_key +#HostKey /etc/ssh/ssh_host_dsa_key + +# Lifetime and size of ephemeral version 1 server key +#KeyRegenerationInterval 1h +#ServerKeyBits 1024 + +# Logging +# obsoletes QuietMode and FascistLogging +#SyslogFacility AUTH +#LogLevel INFO + +# Authentication: + +#LoginGraceTime 2m +PermitRootLogin without-password +#StrictModes yes +#MaxAuthTries 6 +#MaxSessions 10 + +#RSAAuthentication yes +PubkeyAuthentication yes +AuthorizedKeysFile /etc/ssh/authorized_keys + +# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts +#RhostsRSAAuthentication no +# similar for protocol version 2 +#HostbasedAuthentication no +# Change to yes if you don't trust ~/.ssh/known_hosts for +# RhostsRSAAuthentication and HostbasedAuthentication +#IgnoreUserKnownHosts no +# Don't read the user's ~/.rhosts and ~/.shosts files +#IgnoreRhosts yes + +# To disable tunneled clear text passwords, change to no here! +#PasswordAuthentication yes +#PermitEmptyPasswords no + +# Change to no to disable s/key passwords +#ChallengeResponseAuthentication yes + +# GSSAPI options for Kerberos 5 +#GSSAPIAuthentication no +#GSSAPICleanupCredentials yes + +# Set this to 'yes' to enable PAM authentication, account processing, +# and session processing. If this is enabled, PAM authentication will +# be allowed through the ChallengeResponseAuthentication and +# PasswordAuthentication. Depending on your PAM configuration, +# PAM authentication via ChallengeResponseAuthentication may bypass +# the setting of "PermitRootLogin without-password". +# If you just want the PAM account and session checks to run without +# PAM authentication, then enable this but set PasswordAuthentication +# and ChallengeResponseAuthentication to 'no'. +#UsePAM no + +#AllowAgentForwarding yes +#AllowTcpForwarding yes +#GatewayPorts no +#X11Forwarding no +#X11DisplayOffset 10 +#X11UseLocalhost yes +#PrintMotd yes +#PrintLastLog yes +#TCPKeepAlive yes +#UseLogin no +UsePrivilegeSeparation yes +#PermitUserEnvironment no +#Compression delayed +#ClientAliveInterval 0 +#ClientAliveCountMax 3 +#UseDNS yes +#PidFile /var/run/sshd.pid +#MaxStartups 10 +#PermitTunnel no +#ChrootDirectory none + +# no default banner path +#Banner none + +# override default of no subsystems +Subsystem sftp /usr/sbin/sftp-server + +# Example of overriding settings on a per-user basis +#Match User anoncvs +# X11Forwarding no +# AllowTcpForwarding no +# ForceCommand cvs server diff --git a/package/openssh/ipkg/openssh-client-utils.control b/package/openssh/ipkg/openssh-client-utils.control new file mode 100644 index 000000000..d34db0ddf --- /dev/null +++ b/package/openssh/ipkg/openssh-client-utils.control @@ -0,0 +1,5 @@ +Package: openssh-client-utils +Priority: optional +Section: net +Depends: zlib, libopenssl +Description: OpenSSH client utilities diff --git a/package/openssh/ipkg/openssh-client.conffiles b/package/openssh/ipkg/openssh-client.conffiles new file mode 100644 index 000000000..489e8267f --- /dev/null +++ b/package/openssh/ipkg/openssh-client.conffiles @@ -0,0 +1 @@ +/etc/ssh/ssh_config \ No newline at end of file diff --git a/package/openssh/ipkg/openssh-client.control b/package/openssh/ipkg/openssh-client.control new file mode 100644 index 000000000..183b7f152 --- /dev/null +++ b/package/openssh/ipkg/openssh-client.control @@ -0,0 +1,5 @@ +Package: openssh-client +Priority: optional +Section: net +Depends: zlib, libopenssl +Description: OpenSSH client diff --git a/package/openssh/ipkg/openssh-server.conffiles b/package/openssh/ipkg/openssh-server.conffiles new file mode 100644 index 000000000..6f0cfbcbe --- /dev/null +++ b/package/openssh/ipkg/openssh-server.conffiles @@ -0,0 +1 @@ +/etc/ssh/sshd_config \ No newline at end of file diff --git a/package/openssh/ipkg/openssh-server.control b/package/openssh/ipkg/openssh-server.control new file mode 100644 index 000000000..5fde84ecd --- /dev/null +++ b/package/openssh/ipkg/openssh-server.control @@ -0,0 +1,4 @@ +Package: openssh-server +Priority: optional +Section: net +Description: OpenSSH server diff --git a/package/openssh/ipkg/openssh-server.postinst b/package/openssh/ipkg/openssh-server.postinst new file mode 100644 index 000000000..e14a2b0b9 --- /dev/null +++ b/package/openssh/ipkg/openssh-server.postinst @@ -0,0 +1,5 @@ +#!/bin/sh +. $IPKG_INSTROOT/etc/functions.sh +add_user sshd $(get_next_uid) $(get_next_gid) /var/run/sshd +add_group sshd $(get_next_gid) +add_rcconf 'use "NO" to disable always, "AUTO" if dropbear is on' openssh AUTO diff --git a/package/openssh/ipkg/openssh-sftp-client.control b/package/openssh/ipkg/openssh-sftp-client.control new file mode 100644 index 000000000..705a3854a --- /dev/null +++ b/package/openssh/ipkg/openssh-sftp-client.control @@ -0,0 +1,5 @@ +Package: openssh-sftp-client +Priority: optional +Section: net +Depends: zlib, libopenssl +Description: OpenSSH SFTP client diff --git a/package/openssh/ipkg/openssh-sftp-server.control b/package/openssh/ipkg/openssh-sftp-server.control new file mode 100644 index 000000000..8c17fcc5b --- /dev/null +++ b/package/openssh/ipkg/openssh-sftp-server.control @@ -0,0 +1,5 @@ +Package: openssh-sftp-server +Priority: optional +Section: net +Depends: zlib, libopenssl +Description: OpenSSH SFTP server diff --git a/package/openssh/patches/patch-cipher_c b/package/openssh/patches/patch-cipher_c new file mode 100644 index 000000000..9edbd4167 --- /dev/null +++ b/package/openssh/patches/patch-cipher_c @@ -0,0 +1,35 @@ +$Id: update-patches 24 2008-08-31 14:56:13Z wbx $ +--- openssh-5.2p1.orig/cipher.c 2009-01-28 06:38:41.000000000 +0100 ++++ openssh-5.2p1/cipher.c 2009-05-01 13:39:23.000000000 +0200 +@@ -69,21 +69,30 @@ struct Cipher { + { "none", SSH_CIPHER_NONE, 8, 0, 0, 0, EVP_enc_null }, + { "des", SSH_CIPHER_DES, 8, 8, 0, 1, EVP_des_cbc }, + { "3des", SSH_CIPHER_3DES, 8, 16, 0, 1, evp_ssh1_3des }, ++#ifndef OPENSSL_NO_BF + { "blowfish", SSH_CIPHER_BLOWFISH, 8, 32, 0, 1, evp_ssh1_bf }, +- ++#endif + { "3des-cbc", SSH_CIPHER_SSH2, 8, 24, 0, 1, EVP_des_ede3_cbc }, ++#ifndef OPENSSL_NO_BF + { "blowfish-cbc", SSH_CIPHER_SSH2, 8, 16, 0, 1, EVP_bf_cbc }, ++#endif ++#ifndef OPENSSL_NO_CAST + { "cast128-cbc", SSH_CIPHER_SSH2, 8, 16, 0, 1, EVP_cast5_cbc }, ++#endif + { "arcfour", SSH_CIPHER_SSH2, 8, 16, 0, 0, EVP_rc4 }, + { "arcfour128", SSH_CIPHER_SSH2, 8, 16, 1536, 0, EVP_rc4 }, + { "arcfour256", SSH_CIPHER_SSH2, 8, 32, 1536, 0, EVP_rc4 }, + { "aes128-cbc", SSH_CIPHER_SSH2, 16, 16, 0, 1, EVP_aes_128_cbc }, ++#ifndef OPENSSL_NO_AES192 + { "aes192-cbc", SSH_CIPHER_SSH2, 16, 24, 0, 1, EVP_aes_192_cbc }, ++#endif + { "aes256-cbc", SSH_CIPHER_SSH2, 16, 32, 0, 1, EVP_aes_256_cbc }, + { "rijndael-cbc@lysator.liu.se", + SSH_CIPHER_SSH2, 16, 32, 0, 1, EVP_aes_256_cbc }, + { "aes128-ctr", SSH_CIPHER_SSH2, 16, 16, 0, 0, evp_aes_128_ctr }, ++#ifndef OPENSSL_NO_AES192 + { "aes192-ctr", SSH_CIPHER_SSH2, 16, 24, 0, 0, evp_aes_128_ctr }, ++#endif + { "aes256-ctr", SSH_CIPHER_SSH2, 16, 32, 0, 0, evp_aes_128_ctr }, + #ifdef USE_CIPHER_ACSS + { "acss@openssh.org", SSH_CIPHER_SSH2, 16, 5, 0, 0, EVP_acss }, diff --git a/package/openssh/patches/patch-configure b/package/openssh/patches/patch-configure new file mode 100644 index 000000000..aa0b7af45 --- /dev/null +++ b/package/openssh/patches/patch-configure @@ -0,0 +1,12 @@ +$Id: update-patches 24 2008-08-31 14:56:13Z wbx $ +--- openssh-5.2p1.orig/configure 2009-02-23 01:18:14.000000000 +0100 ++++ openssh-5.2p1/configure 2009-05-01 12:34:00.000000000 +0200 +@@ -26712,7 +26712,7 @@ echo "${ECHO_T}yes" >&6; } + #define HEIMDAL 1 + _ACEOF + +- K5LIBS="-lkrb5 -ldes" ++ K5LIBS="-lkrb5" + K5LIBS="$K5LIBS -lcom_err -lasn1" + { echo "$as_me:$LINENO: checking for net_write in -lroken" >&5 + echo $ECHO_N "checking for net_write in -lroken... $ECHO_C" >&6; } diff --git a/package/openssh/patches/patch-mac_c b/package/openssh/patches/patch-mac_c new file mode 100644 index 000000000..28e27e186 --- /dev/null +++ b/package/openssh/patches/patch-mac_c @@ -0,0 +1,14 @@ +$Id: update-patches 24 2008-08-31 14:56:13Z wbx $ +--- openssh-5.2p1.orig/mac.c 2008-06-13 02:58:50.000000000 +0200 ++++ openssh-5.2p1/mac.c 2009-05-01 13:34:59.000000000 +0200 +@@ -59,8 +59,10 @@ struct { + { "hmac-sha1-96", SSH_EVP, EVP_sha1, 96, -1, -1 }, + { "hmac-md5", SSH_EVP, EVP_md5, 0, -1, -1 }, + { "hmac-md5-96", SSH_EVP, EVP_md5, 96, -1, -1 }, ++#ifndef OPENSSL_NO_RIPEMD + { "hmac-ripemd160", SSH_EVP, EVP_ripemd160, 0, -1, -1 }, + { "hmac-ripemd160@openssh.com", SSH_EVP, EVP_ripemd160, 0, -1, -1 }, ++#endif + { "umac-64@openssh.com", SSH_UMAC, NULL, 0, 128, 64 }, + { NULL, 0, NULL, 0, -1, -1 } + }; diff --git a/package/openssh/patches/patch-myproposal_h b/package/openssh/patches/patch-myproposal_h new file mode 100644 index 000000000..38345863e --- /dev/null +++ b/package/openssh/patches/patch-myproposal_h @@ -0,0 +1,45 @@ +$Id: update-patches 24 2008-08-31 14:56:13Z wbx $ +--- openssh-5.2p1.orig/myproposal.h 2009-01-28 06:33:31.000000000 +0100 ++++ openssh-5.2p1/myproposal.h 2009-05-01 14:00:47.000000000 +0200 +@@ -42,15 +42,35 @@ + + #define KEX_DEFAULT_PK_ALG "ssh-rsa,ssh-dss" + ++ ++#ifndef OPENSSL_NO_AES192 ++#define KEX_ENCRYPT_AES192 ",aes192-ctr,aes192-cbc" ++#else ++#define KEX_ENCRYPT_AES192 ++#endif ++#ifndef OPENSSL_NO_BF ++#define KEX_ENCRYPT_BF ",blowfish-cbc" ++#else ++#define KEX_ENCRYPT_BF ++#endif ++#ifndef OPENSSL_NO_CAST ++#define KEX_ENCRYPT_CAST ",cast128-cbc" ++#define KEX_MAC_CAST ",hmac-ripemd160,hmac-ripemd160@openssh.com" ++#else ++#define KEX_ENCRYPT_CAST ++#define KEX_MAC_CAST ++#endif ++ + #define KEX_DEFAULT_ENCRYPT \ +- "aes128-ctr,aes192-ctr,aes256-ctr," \ ++ "aes128-ctr,aes256-ctr," \ + "arcfour256,arcfour128," \ +- "aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc," \ +- "aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se" ++ "aes128-cbc,3des-cbc," \ ++ "aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se" \ ++ KEX_ENCRYPT_AES192 KEX_ENCRYPT_BF KEX_ENCRYPT_CAST + #define KEX_DEFAULT_MAC \ +- "hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160," \ +- "hmac-ripemd160@openssh.com," \ +- "hmac-sha1-96,hmac-md5-96" ++ "hmac-md5,hmac-sha1,umac-64@openssh.com," \ ++ "hmac-sha1-96,hmac-md5-96" \ ++ KEX_MAC_CAST + #define KEX_DEFAULT_COMP "none,zlib@openssh.com,zlib" + #define KEX_DEFAULT_LANG "" + diff --git a/package/openssh/patches/patch-openbsd-compat_port-tun_c b/package/openssh/patches/patch-openbsd-compat_port-tun_c new file mode 100644 index 000000000..bc6e0b1b3 --- /dev/null +++ b/package/openssh/patches/patch-openbsd-compat_port-tun_c @@ -0,0 +1,12 @@ +$Id: update-patches 24 2008-08-31 14:56:13Z wbx $ +--- openssh-5.1p1.orig/openbsd-compat/port-tun.c 2008-05-19 07:28:36.000000000 +0200 ++++ openssh-5.1p1/openbsd-compat/port-tun.c 2008-10-14 10:20:42.000000000 +0200 +@@ -213,7 +213,7 @@ sys_tun_infilter(struct Channel *c, char + if (len <= 0 || len > (int)(sizeof(rbuf) - sizeof(*af))) + return (-1); + ptr = (char *)&rbuf[0]; +- bcopy(buf, ptr + sizeof(u_int32_t), len); ++ memcpy(ptr + sizeof(u_int32_t), buf, len); + len += sizeof(u_int32_t); + af = (u_int32_t *)ptr; + -- cgit v1.2.3