[packages_10.03.2] openssh: merge r28264, r28287, r28288, r28312, r28321, r28899...
authorJo-Philipp Wich <jow@openwrt.org>
Sun, 5 Feb 2012 15:48:18 +0000 (15:48 +0000)
committerJo-Philipp Wich <jow@openwrt.org>
Sun, 5 Feb 2012 15:48:18 +0000 (15:48 +0000)
SVN-Revision: 30233

net/openssh/Makefile
net/openssh/files/sshd.init
net/openssh/patches/140-pam_uclibc_pthreads_fix.patch [new file with mode: 0644]

index a39eb1876e971bb2879fed7976b1caaf894aeab3..3f4bc37168f6ac5ef2435d72a4a109e5b4f32095 100644 (file)
@@ -1,5 +1,5 @@
 #
-# Copyright (C) 2006,2008-2011 OpenWrt.org
+# Copyright (C) 2006-2011 OpenWrt.org
 #
 # This is free software, licensed under the GNU General Public License v2.
 # See /LICENSE for more information.
@@ -8,15 +8,15 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=openssh
-PKG_VERSION:=5.8p2
-PKG_RELEASE:=2
+PKG_VERSION:=5.9p1
+PKG_RELEASE:=4
 
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
 PKG_SOURCE_URL:=ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/ \
                ftp://openbsd.wiretapped.net/pub/OpenBSD/OpenSSH/portable/ \
                ftp://ftp.belnet.be/packages/openbsd/OpenSSH/portable/ \
                ftp://ftp.de.openbsd.org/pub/unix/OpenBSD/OpenSSH/portable/
-PKG_MD5SUM:=0541579adf9d55abb15ef927048d372e
+PKG_MD5SUM:=afe17eee7e98d3b8550cc349834a85d0
 
 PKG_BUILD_DEPENDS:=libopenssl
 
@@ -25,13 +25,24 @@ include $(INCLUDE_DIR)/package.mk
 define Package/openssh/Default
   SECTION:=net
   CATEGORY:=Network
-  DEPENDS:=+libopenssl +zlib +libgcc
+  DEPENDS:=+libopenssl +zlib
   TITLE:=OpenSSH
   MAINTAINER:=Peter Wagner <tripolar@gmx.at>
   URL:=http://www.openssh.com/
   SUBMENU:=SSH
 endef
 
+define Package/openssh-moduli
+  $(call Package/openssh/Default)
+  DEPENDS+= +openssh-server
+  TITLE+= moduli file
+endef
+
+define Package/openssh-moduli/description
+OpenSSH server moduli file.
+endef
+
+
 define Package/openssh-client
   $(call Package/openssh/Default)
   TITLE+= client
@@ -89,7 +100,6 @@ endef
 
 define Package/openssh-sftp-server
   $(call Package/openssh/Default)
-  DEPENDS:=+libgcc
   TITLE+= SFTP server
 endef
 
@@ -100,6 +110,8 @@ endef
 CONFIGURE_ARGS+= \
        $(DISABLE_NLS) \
        --sysconfdir=/etc/ssh \
+       --with-privsep-user=sshd \
+       --with-privsep-path=/var/empty \
        --enable-shared \
        --disable-static \
        --disable-debug \
@@ -115,6 +127,11 @@ CONFIGURE_ARGS+= \
        --without-pam \
        --without-x
 
+ifeq ($(CONFIG_OPENSSL_ENGINE),y)
+CONFIGURE_ARGS+= \
+       --with-ssl-engine
+endif
+
 ifneq ($(CONFIG_SSP_SUPPORT),y)
 CONFIGURE_ARGS += \
        --without-stackprotect
@@ -133,6 +150,11 @@ define Build/Compile
                all install
 endef
 
+define Package/openssh-moduli/install
+       $(INSTALL_DIR) $(1)/etc/ssh
+       $(CP) $(PKG_INSTALL_DIR)/etc/ssh/moduli $(1)/etc/ssh/
+endef
+
 define Package/openssh-client/install
        $(INSTALL_DIR) $(1)/etc/ssh
        chmod 0700 $(1)/etc/ssh
@@ -157,30 +179,12 @@ define Package/openssh-server/install
        $(INSTALL_DIR) $(1)/etc/ssh
        chmod 0700 $(1)/etc/ssh
        $(CP) $(PKG_INSTALL_DIR)/etc/ssh/sshd_config $(1)/etc/ssh/
-       $(CP) $(PKG_INSTALL_DIR)/etc/ssh/moduli $(1)/etc/ssh/
        $(INSTALL_DIR) $(1)/etc/init.d
        $(INSTALL_BIN) ./files/sshd.init $(1)/etc/init.d/sshd
        $(INSTALL_DIR) $(1)/usr/sbin
        $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/sbin/sshd $(1)/usr/sbin/
 endef
 
-define Package/openssh-server/postinst
-#!/bin/sh
-
-name=sshd
-id=22
-
-if [ -z "$$(grep ^\\$${name}: $${IPKG_INSTROOT}/etc/group)" ]; then
-       echo "adding group $$name to /etc/group"
-       echo "$${name}:x:$${id}:" >> $${IPKG_INSTROOT}/etc/group
-fi
-
-if [ -z "$$(grep ^\\$${name}: $${IPKG_INSTROOT}/etc/passwd)" ]; then
-       echo "adding user $$name to /etc/passwd"
-       echo "$${name}:x:$${id}:$${id}:$${name}:/var/empty/.$${name}:/bin/false" >> $${IPKG_INSTROOT}/etc/passwd
-fi
-endef
-
 define Package/openssh-sftp-client/install
        $(INSTALL_DIR) $(1)/usr/bin
        $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/sftp $(1)/usr/bin/
@@ -194,6 +198,7 @@ define Package/openssh-sftp-server/install
 endef
 
 $(eval $(call BuildPackage,openssh-client))
+$(eval $(call BuildPackage,openssh-moduli))
 $(eval $(call BuildPackage,openssh-client-utils))
 $(eval $(call BuildPackage,openssh-keygen))
 $(eval $(call BuildPackage,openssh-server))
index 58b5ce72061be370e17ec4a383ee544afe8f7a52..b5dfcd07d0b6475772b0adde02488c2284b1de9d 100644 (file)
@@ -1,8 +1,11 @@
 #!/bin/sh /etc/rc.common
-# Copyright (C) 2006 OpenWrt.org
+# Copyright (C) 2006-2011 OpenWrt.org
+
 START=50
 STOP=50
 
+SERVICE_USE_PID=1
+
 start() {
        for type in rsa dsa; do {
                # check for keys
@@ -15,15 +18,28 @@ start() {
                        exit 0
                }
        }; done
-       mkdir -p /var/empty
-       chmod 0700 /var/empty
-       /usr/sbin/sshd
+       user_exists sshd 22 || user_add sshd 22 22 sshd /var/empty
+       group_exists sshd 22 || group_add sshd 22 
+       mkdir -m 0700 -p /var/empty
+       service_start /usr/sbin/sshd
 }
 
 stop() {
-       kill $(cat /var/run/sshd.pid)
+       service_stop /usr/sbin/sshd
 }
 
 shutdown() {
-       killall sshd
+       local pid
+       local pids
+       local pid_mine
+
+       stop
+
+       # kill active clients
+       pid_mine="$$"
+       pids="$(pidof sshd)"
+       for pid in $pids; do
+               [ "$pid" = "$pid_mine" ] && continue
+               [ -e "/proc/$pid/stat" ] && kill $pid
+       done
 }
diff --git a/net/openssh/patches/140-pam_uclibc_pthreads_fix.patch b/net/openssh/patches/140-pam_uclibc_pthreads_fix.patch
new file mode 100644 (file)
index 0000000..8018de0
--- /dev/null
@@ -0,0 +1,84 @@
+--- a/auth-pam.c
++++ b/auth-pam.c
+@@ -159,7 +159,7 @@ sshpam_sigchld_handler(int sig)
+       }
+       if (WIFSIGNALED(sshpam_thread_status) &&
+           WTERMSIG(sshpam_thread_status) == SIGTERM)
+-              return; /* terminated by pthread_cancel */
++              return; /* terminated by pthread2_cancel */
+       if (!WIFEXITED(sshpam_thread_status))
+               sigdie("PAM: authentication thread exited unexpectedly");
+       if (WEXITSTATUS(sshpam_thread_status) != 0)
+@@ -168,14 +168,14 @@ sshpam_sigchld_handler(int sig)
+ /* ARGSUSED */
+ static void
+-pthread_exit(void *value)
++pthread2_exit(void *value)
+ {
+       _exit(0);
+ }
+ /* ARGSUSED */
+ static int
+-pthread_create(sp_pthread_t *thread, const void *attr,
++pthread2_create(sp_pthread_t *thread, const void *attr,
+     void *(*thread_start)(void *), void *arg)
+ {
+       pid_t pid;
+@@ -201,7 +201,7 @@ pthread_create(sp_pthread_t *thread, con
+ }
+ static int
+-pthread_cancel(sp_pthread_t thread)
++pthread2_cancel(sp_pthread_t thread)
+ {
+       signal(SIGCHLD, sshpam_oldsig);
+       return (kill(thread, SIGTERM));
+@@ -209,7 +209,7 @@ pthread_cancel(sp_pthread_t thread)
+ /* ARGSUSED */
+ static int
+-pthread_join(sp_pthread_t thread, void **value)
++pthread2_join(sp_pthread_t thread, void **value)
+ {
+       int status;
+@@ -509,7 +509,7 @@ sshpam_thread(void *ctxtp)
+       /* XXX - can't do much about an error here */
+       ssh_msg_send(ctxt->pam_csock, sshpam_err, &buffer);
+       buffer_free(&buffer);
+-      pthread_exit(NULL);
++      pthread2_exit(NULL);
+  auth_fail:
+       buffer_put_cstring(&buffer,
+@@ -520,7 +520,7 @@ sshpam_thread(void *ctxtp)
+       else
+               ssh_msg_send(ctxt->pam_csock, PAM_AUTH_ERR, &buffer);
+       buffer_free(&buffer);
+-      pthread_exit(NULL);
++      pthread2_exit(NULL);
+       return (NULL); /* Avoid warning for non-pthread case */
+ }
+@@ -532,8 +532,8 @@ sshpam_thread_cleanup(void)
+       debug3("PAM: %s entering", __func__);
+       if (ctxt != NULL && ctxt->pam_thread != 0) {
+-              pthread_cancel(ctxt->pam_thread);
+-              pthread_join(ctxt->pam_thread, NULL);
++              pthread2_cancel(ctxt->pam_thread);
++              pthread2_join(ctxt->pam_thread, NULL);
+               close(ctxt->pam_psock);
+               close(ctxt->pam_csock);
+               memset(ctxt, 0, sizeof(*ctxt));
+@@ -698,7 +698,7 @@ sshpam_init_ctx(Authctxt *authctxt)
+       }
+       ctxt->pam_psock = socks[0];
+       ctxt->pam_csock = socks[1];
+-      if (pthread_create(&ctxt->pam_thread, NULL, sshpam_thread, ctxt) == -1) {
++      if (pthread2_create(&ctxt->pam_thread, NULL, sshpam_thread, ctxt) == -1) {
+               error("PAM: failed to start authentication thread: %s",
+                   strerror(errno));
+               close(socks[0]);