From ae995a5a5fdccbc4340570f6f68dfbaa6a3c11a0 Mon Sep 17 00:00:00 2001 From: Steven Barth Date: Mon, 16 Jun 2014 15:11:01 +0000 Subject: [PATCH] openssh: moved to github SVN-Revision: 41204 --- net/openssh/Makefile | 265 ------------------ net/openssh/files/sshd.init | 44 --- net/openssh/files/sshd.pam | 41 --- net/openssh/files/sshd.pam-access | 4 - net/openssh/patches/100-no_cast_fix.patch | 13 - .../130-implicit_memset_decl_fix.patch | 12 - .../patches/140-pam_uclibc_pthreads_fix.patch | 84 ------ net/openssh/patches/200-dscp-qos.patch | 21 -- 8 files changed, 484 deletions(-) delete mode 100644 net/openssh/Makefile delete mode 100644 net/openssh/files/sshd.init delete mode 100644 net/openssh/files/sshd.pam delete mode 100644 net/openssh/files/sshd.pam-access delete mode 100644 net/openssh/patches/100-no_cast_fix.patch delete mode 100644 net/openssh/patches/130-implicit_memset_decl_fix.patch delete mode 100644 net/openssh/patches/140-pam_uclibc_pthreads_fix.patch delete mode 100644 net/openssh/patches/200-dscp-qos.patch diff --git a/net/openssh/Makefile b/net/openssh/Makefile deleted file mode 100644 index 459b7d7a5..000000000 --- a/net/openssh/Makefile +++ /dev/null @@ -1,265 +0,0 @@ -# -# Copyright (C) 2006-2011 OpenWrt.org -# -# This is free software, licensed under the GNU General Public License v2. -# See /LICENSE for more information. -# - -include $(TOPDIR)/rules.mk - -PKG_NAME:=openssh -PKG_VERSION:=6.6p1 -PKG_RELEASE:=1 - -PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz -PKG_SOURCE_URL:=ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/ \ - ftp://openbsd.wiretapped.net/pub/OpenBSD/OpenSSH/portable/ \ - ftp://ftp.belnet.be/packages/openbsd/OpenSSH/portable/ \ - ftp://ftp.de.openbsd.org/pub/unix/OpenBSD/OpenSSH/portable/ -PKG_MD5SUM:=3e9800e6bca1fbac0eea4d41baa7f239 - - -PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-$(BUILD_VARIANT)/$(PKG_NAME)-$(PKG_VERSION) - -PKG_BUILD_DEPENDS:=libopenssl - -include $(INCLUDE_DIR)/package.mk - -define Package/openssh/Default - SECTION:=net - CATEGORY:=Network - DEPENDS:=+libopenssl +zlib +SSP_SUPPORT:libssp - TITLE:=OpenSSH - MAINTAINER:=Peter Wagner - URL:=http://www.openssh.com/ - SUBMENU:=SSH - VARIANT:=without-pam -endef - -define Package/openssh-moduli - $(call Package/openssh/Default) - DEPENDS+= +openssh-keygen - TITLE+= moduli file -endef - -define Package/openssh-moduli/description -OpenSSH server moduli file. -endef - -define Package/openssh-client - $(call Package/openssh/Default) - TITLE+= client -endef - -define Package/openssh-client/description -OpenSSH client. -endef - -define Package/openssh-client/conffiles -/etc/ssh/ssh_config -endef - -define Package/openssh-client-utils - $(call Package/openssh/Default) - DEPENDS+= +openssh-client +openssh-keygen - TITLE+= client utilities -endef - -define Package/openssh-client-utils/description -OpenSSH client utilities. -endef - -define Package/openssh-keygen - $(call Package/openssh/Default) - TITLE+= keygen -endef - -define Package/openssh-keygen/description -OpenSSH keygen. -endef - -define Package/openssh-server - $(call Package/openssh/Default) - DEPENDS+= +openssh-keygen - TITLE+= server -endef - -define Package/openssh-server/description -OpenSSH server. -endef - -define Package/openssh-server/conffiles -/etc/ssh/sshd_config -endef - -define Package/openssh-server-pam - $(call Package/openssh/Default) - DEPENDS+= +libpthread +openssh-keygen +libpam - TITLE+= server (with PAM support) - VARIANT:=with-pam -endef - -define Package/openssh-server-pam/description -OpenSSH server (with PAM support). -endef - -define Package/openssh-server-pam/conffiles -/etc/pam.d/sshd -/etc/security/access-sshd-local.conf -/etc/ssh/sshd_config -endef - -define Package/openssh-sftp-client - $(call Package/openssh/Default) - TITLE+= SFTP client -endef - -define Package/openssh-sftp-client/description -OpenSSH SFTP client. -endef - -define Package/openssh-sftp-server - $(call Package/openssh/Default) - TITLE+= SFTP server -endef - -define Package/openssh-sftp-server/description -OpenSSH SFTP server. -endef - -CONFIGURE_ARGS+= \ - $(DISABLE_NLS) \ - --sysconfdir=/etc/ssh \ - --with-privsep-user=sshd \ - --with-privsep-path=/var/empty \ - --enable-shared \ - --disable-static \ - --disable-debug \ - --disable-strip \ - --disable-etc-default-login \ - --disable-lastlog \ - --disable-utmp \ - --disable-utmpx \ - --disable-wtmp \ - --disable-wtmpx \ - --without-bsd-auth \ - --without-kerberos5 \ - --without-x - -ifeq ($(BUILD_VARIANT),with-pam) -CONFIGURE_ARGS += \ - --with-pam -else -CONFIGURE_ARGS += \ - --without-pam -endif - -ifeq ($(CONFIG_OPENSSL_ENGINE),y) -CONFIGURE_ARGS+= \ - --with-ssl-engine -endif - -ifneq ($(CONFIG_SSP_SUPPORT),y) -CONFIGURE_ARGS += \ - --without-stackprotect -endif - -CONFIGURE_VARS += LD="$(TARGET_CC)" - -ifeq ($(BUILD_VARIANT),with-pam) -TARGET_LDFLAGS += -lpthread -endif - -define Build/Compile - $(MAKE) -C $(PKG_BUILD_DIR) \ - DESTDIR="$(PKG_INSTALL_DIR)" \ - LIBS="" \ - sftp-server - $(MAKE) -C $(PKG_BUILD_DIR) \ - DESTDIR="$(PKG_INSTALL_DIR)" \ - STRIP_OPT="" \ - all install -endef - -define Package/openssh-client/preinst -#!/bin/sh -if [ -L $${IPKG_INSTROOT}/usr/bin/ssh ] && [ -L $${IPKG_INSTROOT}/usr/bin/scp ]; then - rm -f $${IPKG_INSTROOT}/usr/bin/ssh $${IPKG_INSTROOT}/usr/bin/scp; -fi -exit 0 -endef - -define Package/openssh-client/postrm -#!/bin/sh -rm -f $${IPKG_INSTROOT}/usr/bin/ssh $${IPKG_INSTROOT}/usr/bin/scp; -if [ -x $${IPKG_INSTROOT}/usr/sbin/dropbear ] ; then - ln -s /usr/sbin/dropbear $${IPKG_INSTROOT}/usr/bin/ssh; - ln -s /usr/sbin/dropbear $${IPKG_INSTROOT}/usr/bin/scp; -fi -exit 0 -endef - -define Package/openssh-moduli/install - $(INSTALL_DIR) $(1)/etc/ssh - $(INSTALL_DATA) $(PKG_INSTALL_DIR)/etc/ssh/moduli $(1)/etc/ssh/ -endef - -define Package/openssh-client/install - $(INSTALL_DIR) $(1)/etc/ssh - chmod 0700 $(1)/etc/ssh - $(CP) $(PKG_INSTALL_DIR)/etc/ssh/ssh_config $(1)/etc/ssh/ - $(INSTALL_DIR) $(1)/usr/bin - $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/ssh $(1)/usr/bin/ - $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/scp $(1)/usr/bin/ -endef - -define Package/openssh-client-utils/install - $(INSTALL_DIR) $(1)/usr/bin - $(INSTALL_BIN) $(foreach bin,add agent keyscan keysign,$(PKG_BUILD_DIR)/ssh-$(bin)) $(1)/usr/bin/ -endef - -define Package/openssh-keygen/install - $(INSTALL_DIR) $(1)/usr/bin - $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/ssh-keygen $(1)/usr/bin/ -endef - -define Package/openssh-server/install - $(INSTALL_DIR) $(1)/etc/ssh - chmod 0700 $(1)/etc/ssh - $(INSTALL_DATA) $(PKG_INSTALL_DIR)/etc/ssh/sshd_config $(1)/etc/ssh/ - $(INSTALL_DIR) $(1)/etc/init.d - $(INSTALL_BIN) ./files/sshd.init $(1)/etc/init.d/sshd - $(INSTALL_DIR) $(1)/usr/sbin - $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/sbin/sshd $(1)/usr/sbin/ -endef - -define Package/openssh-server-pam/install - $(call Package/openssh-server/install,$(1)) - sed -i 's,#PasswordAuthentication yes,PasswordAuthentication no,g' $(1)/etc/ssh/sshd_config - sed -i 's,#UsePAM no,UsePAM yes,g' $(1)/etc/ssh/sshd_config - $(INSTALL_DIR) $(1)/etc/pam.d - $(INSTALL_DATA) ./files/sshd.pam $(1)/etc/pam.d/sshd - $(INSTALL_DIR) $(1)/etc/security - $(INSTALL_DATA) ./files/sshd.pam-access $(1)/etc/security/access-sshd-local.conf -endef - -define Package/openssh-sftp-client/install - $(INSTALL_DIR) $(1)/usr/bin - $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/sftp $(1)/usr/bin/ -endef - -define Package/openssh-sftp-server/install - $(INSTALL_DIR) $(1)/usr/lib - $(CP) $(PKG_INSTALL_DIR)/usr/lib/sftp-server $(1)/usr/lib/ - $(INSTALL_DIR) $(1)/usr/libexec - ln -sf ../lib/sftp-server $(1)/usr/libexec/sftp-server -endef - -$(eval $(call BuildPackage,openssh-client)) -$(eval $(call BuildPackage,openssh-moduli)) -$(eval $(call BuildPackage,openssh-client-utils)) -$(eval $(call BuildPackage,openssh-keygen)) -$(eval $(call BuildPackage,openssh-server)) -$(eval $(call BuildPackage,openssh-server-pam)) -$(eval $(call BuildPackage,openssh-sftp-client)) -$(eval $(call BuildPackage,openssh-sftp-server)) diff --git a/net/openssh/files/sshd.init b/net/openssh/files/sshd.init deleted file mode 100644 index 879df12cd..000000000 --- a/net/openssh/files/sshd.init +++ /dev/null @@ -1,44 +0,0 @@ -#!/bin/sh /etc/rc.common -# Copyright (C) 2006-2011 OpenWrt.org - -START=50 -STOP=50 - -USE_PROCD=1 -PROG=/usr/sbin/sshd - -start_service() { - for type in rsa dsa; do { - # check for keys - key=/etc/ssh/ssh_host_${type}_key - [ ! -f $key ] && { - # generate missing keys - [ -x /usr/bin/ssh-keygen ] && { - /usr/bin/ssh-keygen -N '' -t $type -f $key 2>&- >&- - } - } - }; done - user_exists sshd 22 || user_add sshd 22 22 sshd /var/empty - group_exists sshd 22 || group_add sshd 22 - mkdir -m 0700 -p /var/empty - - procd_open_instance - procd_set_param command $PROG -D - procd_close_instance -} - -shutdown() { - local pid - local pids - local pid_mine - - stop - - # kill active clients - pid_mine="$$" - pids="$(pidof sshd)" - for pid in $pids; do - [ "$pid" = "$pid_mine" ] && continue - [ -e "/proc/$pid/stat" ] && kill $pid - done -} diff --git a/net/openssh/files/sshd.pam b/net/openssh/files/sshd.pam deleted file mode 100644 index 387ff2e08..000000000 --- a/net/openssh/files/sshd.pam +++ /dev/null @@ -1,41 +0,0 @@ -# PAM configuration for the Secure Shell service - -# Read environment variables from /etc/environment and -# /etc/security/pam_env.conf. -auth required pam_env.so - -# Skip Google Authenticator if logging in from the local network. -# auth [success=1 default=ignore] pam_access.so accessfile=/etc/security/access-sshd-local.conf -# Google Authenticator 2-step verification. -# auth requisite pam_google_authenticator.so - -# Standard Un*x authentication. -auth include common-auth - -# Disallow non-root logins when /etc/nologin exists. -account required pam_nologin.so - -# Uncomment and edit /etc/security/access.conf if you need to set complex -# access limits that are hard to express in sshd_config. -# account required pam_access.so - -# Standard Un*x authorization. -account include common-account - -# Standard Un*x session setup and teardown. -session include common-session - -# Print the message of the day upon successful login. -session optional pam_motd.so - -# Print the status of the user's mailbox upon successful login. -session optional pam_mail.so standard noenv - -# Set up user limits from /etc/security/limits.conf. -session required pam_limits.so - -# Set up SELinux capabilities (need modified pam) -# session required pam_selinux.so multiple - -# Standard Un*x password updating. -password include common-password diff --git a/net/openssh/files/sshd.pam-access b/net/openssh/files/sshd.pam-access deleted file mode 100644 index 425ff1194..000000000 --- a/net/openssh/files/sshd.pam-access +++ /dev/null @@ -1,4 +0,0 @@ -# Skip Google Authenticator for local network -#+ : ALL : 192.168.1.0/24 -+ : ALL : LOCAL -- : ALL : ALL diff --git a/net/openssh/patches/100-no_cast_fix.patch b/net/openssh/patches/100-no_cast_fix.patch deleted file mode 100644 index 751e5896f..000000000 --- a/net/openssh/patches/100-no_cast_fix.patch +++ /dev/null @@ -1,13 +0,0 @@ ---- a/cipher.c -+++ b/cipher.c -@@ -80,8 +80,10 @@ static const struct Cipher ciphers[] = { - { "3des-cbc", SSH_CIPHER_SSH2, 8, 24, 0, 0, 0, 1, EVP_des_ede3_cbc }, - { "blowfish-cbc", - SSH_CIPHER_SSH2, 8, 16, 0, 0, 0, 1, EVP_bf_cbc }, -+#ifndef OPENSSL_NO_CAST - { "cast128-cbc", - SSH_CIPHER_SSH2, 8, 16, 0, 0, 0, 1, EVP_cast5_cbc }, -+#endif - { "arcfour", SSH_CIPHER_SSH2, 8, 16, 0, 0, 0, 0, EVP_rc4 }, - { "arcfour128", SSH_CIPHER_SSH2, 8, 16, 0, 0, 1536, 0, EVP_rc4 }, - { "arcfour256", SSH_CIPHER_SSH2, 8, 32, 0, 0, 1536, 0, EVP_rc4 }, diff --git a/net/openssh/patches/130-implicit_memset_decl_fix.patch b/net/openssh/patches/130-implicit_memset_decl_fix.patch deleted file mode 100644 index be8bbcf9c..000000000 --- a/net/openssh/patches/130-implicit_memset_decl_fix.patch +++ /dev/null @@ -1,12 +0,0 @@ ---- a/includes.h -+++ b/includes.h -@@ -59,6 +59,9 @@ - /* - *-*-nto-qnx needs these headers for strcasecmp and LASTLOG_FILE respectively - */ -+#ifdef HAVE_STRING_H -+# include -+#endif - #ifdef HAVE_STRINGS_H - # include - #endif diff --git a/net/openssh/patches/140-pam_uclibc_pthreads_fix.patch b/net/openssh/patches/140-pam_uclibc_pthreads_fix.patch deleted file mode 100644 index 1319b524a..000000000 --- a/net/openssh/patches/140-pam_uclibc_pthreads_fix.patch +++ /dev/null @@ -1,84 +0,0 @@ ---- a/auth-pam.c -+++ b/auth-pam.c -@@ -159,7 +159,7 @@ sshpam_sigchld_handler(int sig) - } - if (WIFSIGNALED(sshpam_thread_status) && - WTERMSIG(sshpam_thread_status) == SIGTERM) -- return; /* terminated by pthread_cancel */ -+ return; /* terminated by pthread2_cancel */ - if (!WIFEXITED(sshpam_thread_status)) - sigdie("PAM: authentication thread exited unexpectedly"); - if (WEXITSTATUS(sshpam_thread_status) != 0) -@@ -168,14 +168,14 @@ sshpam_sigchld_handler(int sig) - - /* ARGSUSED */ - static void --pthread_exit(void *value) -+pthread2_exit(void *value) - { - _exit(0); - } - - /* ARGSUSED */ - static int --pthread_create(sp_pthread_t *thread, const void *attr, -+pthread2_create(sp_pthread_t *thread, const void *attr, - void *(*thread_start)(void *), void *arg) - { - pid_t pid; -@@ -201,7 +201,7 @@ pthread_create(sp_pthread_t *thread, con - } - - static int --pthread_cancel(sp_pthread_t thread) -+pthread2_cancel(sp_pthread_t thread) - { - signal(SIGCHLD, sshpam_oldsig); - return (kill(thread, SIGTERM)); -@@ -209,7 +209,7 @@ pthread_cancel(sp_pthread_t thread) - - /* ARGSUSED */ - static int --pthread_join(sp_pthread_t thread, void **value) -+pthread2_join(sp_pthread_t thread, void **value) - { - int status; - -@@ -510,7 +510,7 @@ sshpam_thread(void *ctxtp) - /* XXX - can't do much about an error here */ - ssh_msg_send(ctxt->pam_csock, sshpam_err, &buffer); - buffer_free(&buffer); -- pthread_exit(NULL); -+ pthread2_exit(NULL); - - auth_fail: - buffer_put_cstring(&buffer, -@@ -521,7 +521,7 @@ sshpam_thread(void *ctxtp) - else - ssh_msg_send(ctxt->pam_csock, PAM_AUTH_ERR, &buffer); - buffer_free(&buffer); -- pthread_exit(NULL); -+ pthread2_exit(NULL); - - return (NULL); /* Avoid warning for non-pthread case */ - } -@@ -533,8 +533,8 @@ sshpam_thread_cleanup(void) - - debug3("PAM: %s entering", __func__); - if (ctxt != NULL && ctxt->pam_thread != 0) { -- pthread_cancel(ctxt->pam_thread); -- pthread_join(ctxt->pam_thread, NULL); -+ pthread2_cancel(ctxt->pam_thread); -+ pthread2_join(ctxt->pam_thread, NULL); - close(ctxt->pam_psock); - close(ctxt->pam_csock); - memset(ctxt, 0, sizeof(*ctxt)); -@@ -698,7 +698,7 @@ sshpam_init_ctx(Authctxt *authctxt) - } - ctxt->pam_psock = socks[0]; - ctxt->pam_csock = socks[1]; -- if (pthread_create(&ctxt->pam_thread, NULL, sshpam_thread, ctxt) == -1) { -+ if (pthread2_create(&ctxt->pam_thread, NULL, sshpam_thread, ctxt) == -1) { - error("PAM: failed to start authentication thread: %s", - strerror(errno)); - close(socks[0]); diff --git a/net/openssh/patches/200-dscp-qos.patch b/net/openssh/patches/200-dscp-qos.patch deleted file mode 100644 index 827a6689d..000000000 --- a/net/openssh/patches/200-dscp-qos.patch +++ /dev/null @@ -1,21 +0,0 @@ ---- a/ssh_config -+++ b/ssh_config -@@ -46,3 +46,6 @@ - # VisualHostKey no - # ProxyCommand ssh -q -W %h:%p gateway.example.com - # RekeyLimit 1G 1h -+ -+# enable DSCP QoS values (per RFC-4594) -+#IPQoS AF21 AF11 ---- a/sshd_config -+++ b/sshd_config -@@ -122,6 +122,9 @@ UsePrivilegeSeparation sandbox # Defaul - # no default banner path - #Banner none - -+# enable DSCP QoS values (per RFC-4594) -+#IPQoS AF21 AF11 -+ - # override default of no subsystems - Subsystem sftp /usr/libexec/sftp-server - -- 2.30.2