summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorBertrand Jacquin <beber@meleeweb.net>2007-10-11 15:27:38 +0200
committerBertrand Jacquin <beber@meleeweb.net>2007-10-11 15:27:38 +0200
commitf077c65490e4dd852ddcd932983e76d571a57a83 (patch)
tree5d273e8ba5a45d1f3c26b7df22edaf5801562b89
parentadd jabberd14 from http://bugs.gentoo.org/show_bug.cgi?id=164374 with bump (diff)
downloadportage-f077c65490e4dd852ddcd932983e76d571a57a83.tar.xz
New openssh padlock (http://bugs.gentoo.org/show_bug.cgi?id=162967)
-rw-r--r--net-misc/openssh/Manifest44
-rw-r--r--net-misc/openssh/files/digest-openssh-4.5_p1-r112
-rw-r--r--net-misc/openssh/files/digest-openssh-4.7_p1-r112
-rw-r--r--net-misc/openssh/files/digest-openssh-4.7_p1-r212
-rw-r--r--net-misc/openssh/files/openssh-4.4_p1-ldap-hpn-glue.patch54
-rw-r--r--net-misc/openssh/files/openssh-4.5_p1-padlock.diff35
-rw-r--r--net-misc/openssh/files/openssh-4.7_p1-GSSAPI-dns.patch127
-rw-r--r--net-misc/openssh/files/openssh-4.7_p1-engines.patch140
-rw-r--r--net-misc/openssh/files/sshd.pam_include.18
-rw-r--r--net-misc/openssh/openssh-4.7_p1-r1.ebuild165
-rw-r--r--net-misc/openssh/openssh-4.7_p1-r2.ebuild165
11 files changed, 771 insertions, 3 deletions
diff --git a/net-misc/openssh/Manifest b/net-misc/openssh/Manifest
index 52af5014..859d7dfe 100644
--- a/net-misc/openssh/Manifest
+++ b/net-misc/openssh/Manifest
@@ -1,3 +1,19 @@
+AUX openssh-4.4_p1-ldap-hpn-glue.patch 1538 RMD160 eba0400a328f23b9329429d2da65b80ead546d4d SHA1 7190e861e8be4f03ae42ad43ba1770fdca95d46a SHA256 63e9f729fbb40babdf5cd2b4d87f4d1cb5a9aaed60bf7a8c072c22f9a6fb36ab
+MD5 92fc9d4dc7c7dbc67eabe2e98bde325f files/openssh-4.4_p1-ldap-hpn-glue.patch 1538
+RMD160 eba0400a328f23b9329429d2da65b80ead546d4d files/openssh-4.4_p1-ldap-hpn-glue.patch 1538
+SHA256 63e9f729fbb40babdf5cd2b4d87f4d1cb5a9aaed60bf7a8c072c22f9a6fb36ab files/openssh-4.4_p1-ldap-hpn-glue.patch 1538
+AUX openssh-4.5_p1-padlock.diff 1671 RMD160 39ba64e4395e26f6fa9a32ebd89e7524f3bda2a1 SHA1 ee46ce71be4a0a925a6c01889988bc6b014fc46f SHA256 ce6c2150522de13ba9f044810d80b4076eecced629182b893798d66a7dc68dc5
+MD5 fe7c4aaea0b0a416f17b636ee9afed5b files/openssh-4.5_p1-padlock.diff 1671
+RMD160 39ba64e4395e26f6fa9a32ebd89e7524f3bda2a1 files/openssh-4.5_p1-padlock.diff 1671
+SHA256 ce6c2150522de13ba9f044810d80b4076eecced629182b893798d66a7dc68dc5 files/openssh-4.5_p1-padlock.diff 1671
+AUX openssh-4.7_p1-GSSAPI-dns.patch 4494 RMD160 4e02e0a85c0e33c917ec8c22b4e1c173a9d7d79e SHA1 d8a81eb92a49763106cfa5b319c22c6f188508ef SHA256 88a08f349258d4be5b2faa838a89fe1aa0196502990b745ac0e3a70dda30a0d7
+MD5 a1b7493d01ea45e160530ca3268901fe files/openssh-4.7_p1-GSSAPI-dns.patch 4494
+RMD160 4e02e0a85c0e33c917ec8c22b4e1c173a9d7d79e files/openssh-4.7_p1-GSSAPI-dns.patch 4494
+SHA256 88a08f349258d4be5b2faa838a89fe1aa0196502990b745ac0e3a70dda30a0d7 files/openssh-4.7_p1-GSSAPI-dns.patch 4494
+AUX openssh-4.7_p1-engines.patch 4202 RMD160 33648508fc66d422eaea17ff5ed756ceb641083e SHA1 9b63b26544c13655ee60148f90e86b26085d61fd SHA256 0258978c9093a266d7db96c3203b7ed8b68437d0a5ce3378d6a1144f8a1e36d9
+MD5 42811aa5a84e29497b3c4c5ebe4e75ae files/openssh-4.7_p1-engines.patch 4202
+RMD160 33648508fc66d422eaea17ff5ed756ceb641083e files/openssh-4.7_p1-engines.patch 4202
+SHA256 0258978c9093a266d7db96c3203b7ed8b68437d0a5ce3378d6a1144f8a1e36d9 files/openssh-4.7_p1-engines.patch 4202
AUX sshd.confd 396 RMD160 029680b2281961130a815ef599750c4fc4e84987 SHA1 23c283d0967944b6125be26ed4628f49abf586b2 SHA256 29c6d57ac3ec6018cadc6ba6cd9b90c9ed46e20049b970fdcc68ee2481a2ee41
MD5 b35e9f3829f4cfca07168fcba98749c7 files/sshd.confd 396
RMD160 029680b2281961130a815ef599750c4fc4e84987 files/sshd.confd 396
@@ -6,6 +22,10 @@ AUX sshd.pam_include 205 RMD160 6b20ea83c69ef613d75daf43515aaec88d4cd815 SHA1 12
MD5 2b66f75047edfac5d5e6cdbffa35383e files/sshd.pam_include 205
RMD160 6b20ea83c69ef613d75daf43515aaec88d4cd815 files/sshd.pam_include 205
SHA256 8d59135e96f4eff6b80c143b82cced7beb0bbca19ff91b479f1ba92916243d5e files/sshd.pam_include 205
+AUX sshd.pam_include.1 205 RMD160 3051b92836a496c7c431f41585de688f7c9f51a7 SHA1 b9eca146fcea016b7146f1ac11cf3d072d887b27 SHA256 3185075821bb1f76cdc584c28f690a7338f8db5489d5fce73fe4bcbbfd3dfbfa
+MD5 480ed3c58a7cfbb8d1f3bca057af1eb9 files/sshd.pam_include.1 205
+RMD160 3051b92836a496c7c431f41585de688f7c9f51a7 files/sshd.pam_include.1 205
+SHA256 3185075821bb1f76cdc584c28f690a7338f8db5489d5fce73fe4bcbbfd3dfbfa files/sshd.pam_include.1 205
AUX sshd.rc6 2046 RMD160 68df8ff7933b7a232882b2a6140fe1a2637609b6 SHA1 c3f74dbd764d570f69e60f18a081f19e3cefb037 SHA256 6569cb934cb1d5b9016c2828ff8c79b5c8477dd27b7078c609445cfc16692e9e
MD5 c3acc27dddafb1e8c6d437e668e08c25 files/sshd.rc6 2046
RMD160 68df8ff7933b7a232882b2a6140fe1a2637609b6 files/sshd.rc6 2046
@@ -15,11 +35,29 @@ DIST openssh-4.5p1+x509-5.5.2.diff.gz 137561 RMD160 2e7597bc97d634ecc3d434cc714c
DIST openssh-4.5p1-engines.diff 4190 RMD160 f20464e72d6138df287c694e0dc7c47c3a601b88 SHA1 ba47f2557b08c68464f1ed09cfd2767967e38670 SHA256 48e1dd6e218f9583fb896b19c7632b8b023e511dc9fc697e5834c8e7181592f6
DIST openssh-4.5p1-hpn12v14.diff.gz 15791 RMD160 1f937174d5418d578da5d9dfab16b5cc8960efc5 SHA1 8bea17b13e7e91135785f4222252c28d08c9c887 SHA256 5cc6cd882cbb94498483b44722b3e81c8e6d7854dc2b2c57e1d56040bfdc23bd
DIST openssh-4.5p1.tar.gz 965925 RMD160 3f70b6f4228e84c7b9b8b3bee7fd3875f3e3bad3 SHA1 2eefcbbeb9e4fa16fa4500dec107d1a09d3d02d7 SHA256 7046b9d372f9e31ca654a66492310c188470480ddab300eb715dbf5e2177ae55
+DIST openssh-4.7p1+x509-6.0.1.diff.gz 147459 RMD160 4ac66d2422f7137dd0af3aae697308266a0ce0cb SHA1 b3b2d163f4505877d9ec58267edd7ee9dd46793c SHA256 2a5524161ac01e44980d74765f6f843d77aa96643879e9ce16120f1a4eb3ebd0
+DIST openssh-4.7p1-hpn12v18.diff.gz 16094 RMD160 7b35eb1a3f6f3b703ac7f155f620bff63a900a0e SHA1 8ab61d12b5bcf70d0ffe9cb1d157136d20ebb22c SHA256 45e6ea24e2722cab9b4e143952bf6539024aa8cc93353b88807c910330bb735b
+DIST openssh-4.7p1.tar.gz 991119 RMD160 b828e79d3d1a931cb77651ec7d7276cf3ba22d90 SHA1 58357db9e64ba6382bef3d73d1d386fcdc0508f4 SHA256 d47133f0c6737d2889bf8da7bdf389fc2268d1c7fa3cd11a52451501eab548bc
DIST openssh-lpk-4.4p1-0.3.7.patch 61187 RMD160 90b0bbe07a3617f6eecb9f77c1a38c5f4dd4dcaf SHA1 b1854a4391c5d11f1a5ab09059643bbaf2278009 SHA256 c74aa642b4b2eeceb0c3f554752d172f8d5a7cd30f2aae517e93ef3bf1bd24e7
+DIST openssh-lpk-4.6p1-0.3.9.patch 61605 RMD160 1bf1830192c3eba43c66c3c6469740724cb1ecf2 SHA1 2d0d41f6913d6e899e58a4b569afa30aadf82092 SHA256 e12335e8bf020508ea3866db07b306f4c965e3f9de262c06f62fad494e93107e
EBUILD openssh-4.5_p1-r1.ebuild 5573 RMD160 f0f1336dffb2eb92af883b18c850f2f9bb201d0c SHA1 2cd9ca7bbd9b25a7f97645e9f453b324e5494c9a SHA256 7c95b14eb03eb2f4d150ce43744a384a10bbed67d10b66db914d354aace86201
MD5 52ca8a17777a04b98d06be2221abca6b openssh-4.5_p1-r1.ebuild 5573
RMD160 f0f1336dffb2eb92af883b18c850f2f9bb201d0c openssh-4.5_p1-r1.ebuild 5573
SHA256 7c95b14eb03eb2f4d150ce43744a384a10bbed67d10b66db914d354aace86201 openssh-4.5_p1-r1.ebuild 5573
-MD5 aba975f88f0adfab72938ca76c488b61 files/digest-openssh-4.5_p1-r1 1584
-RMD160 ff35f63baac9cb01986718a9e171da1d2d3a1c5d files/digest-openssh-4.5_p1-r1 1584
-SHA256 d2234f3b58e6ce9fc342ad82e0be4aa8bec6c63355e05638f481dd5cdecbb0ea files/digest-openssh-4.5_p1-r1 1584
+EBUILD openssh-4.7_p1-r1.ebuild 5050 RMD160 903d72bae274e223771cbbec71ad95d8a485cf22 SHA1 a89a06c1d11e7a36f6eb7f9a5c7e833de997c2b0 SHA256 c872ee9c8d6ee86ce8f6c636bf44fe34e6fe910de4a9fe673855248ee353f0a7
+MD5 b25f13c6bb303ba308d26af059a5f5ae openssh-4.7_p1-r1.ebuild 5050
+RMD160 903d72bae274e223771cbbec71ad95d8a485cf22 openssh-4.7_p1-r1.ebuild 5050
+SHA256 c872ee9c8d6ee86ce8f6c636bf44fe34e6fe910de4a9fe673855248ee353f0a7 openssh-4.7_p1-r1.ebuild 5050
+EBUILD openssh-4.7_p1-r2.ebuild 5051 RMD160 6eb00af7bd7bbc5ef2fdd2c9061acd350b2c5682 SHA1 be630dd4cfe9a865a7fbd1d54908744df11ad46e SHA256 5c2edf5778a89f89324254e033c8d8c9ba28f8335e815fbb3146cba2e5396275
+MD5 c41ce1b397fd24e2010e7054aac8aa05 openssh-4.7_p1-r2.ebuild 5051
+RMD160 6eb00af7bd7bbc5ef2fdd2c9061acd350b2c5682 openssh-4.7_p1-r2.ebuild 5051
+SHA256 5c2edf5778a89f89324254e033c8d8c9ba28f8335e815fbb3146cba2e5396275 openssh-4.7_p1-r2.ebuild 5051
+MD5 5f3a88ce93eeb8274dfc77b135cc1ffc files/digest-openssh-4.5_p1-r1 1148
+RMD160 daaca9774698b71aea25b6ccc048503ce36de05d files/digest-openssh-4.5_p1-r1 1148
+SHA256 79caddaa0398aea86ac42f7d9cc99434e54ca87b28ccfacb34ebb72284ae5a80 files/digest-openssh-4.5_p1-r1 1148
+MD5 6c07bd07ea68282f47cae4179a40a21b files/digest-openssh-4.7_p1-r1 1051
+RMD160 1f82940b0b46562f4071c859d8203ae9c958804b files/digest-openssh-4.7_p1-r1 1051
+SHA256 c8d141315a8420711012ab9fca4936ee8c480d10ee3e00f8bca530c0a1437cb1 files/digest-openssh-4.7_p1-r1 1051
+MD5 6c07bd07ea68282f47cae4179a40a21b files/digest-openssh-4.7_p1-r2 1051
+RMD160 1f82940b0b46562f4071c859d8203ae9c958804b files/digest-openssh-4.7_p1-r2 1051
+SHA256 c8d141315a8420711012ab9fca4936ee8c480d10ee3e00f8bca530c0a1437cb1 files/digest-openssh-4.7_p1-r2 1051
diff --git a/net-misc/openssh/files/digest-openssh-4.5_p1-r1 b/net-misc/openssh/files/digest-openssh-4.5_p1-r1
new file mode 100644
index 00000000..098158cf
--- /dev/null
+++ b/net-misc/openssh/files/digest-openssh-4.5_p1-r1
@@ -0,0 +1,12 @@
+RMD160 45d5734f7e65709cce581f1f85c06f60a73b825b openssh-4.4p1+SecurID_v1.3.2.patch 48240
+SHA256 189ad59139d86e5c808650add131af20ade00439713c3abcfac9a4e53580a196 openssh-4.4p1+SecurID_v1.3.2.patch 48240
+RMD160 2e7597bc97d634ecc3d434cc714cc5b1d4076fec openssh-4.5p1+x509-5.5.2.diff.gz 137561
+SHA256 580b9b2be2a5224852f9979180fa9570059c1aa398b908dc1907d2a5a5e1f4a2 openssh-4.5p1+x509-5.5.2.diff.gz 137561
+RMD160 f20464e72d6138df287c694e0dc7c47c3a601b88 openssh-4.5p1-engines.diff 4190
+SHA256 48e1dd6e218f9583fb896b19c7632b8b023e511dc9fc697e5834c8e7181592f6 openssh-4.5p1-engines.diff 4190
+RMD160 1f937174d5418d578da5d9dfab16b5cc8960efc5 openssh-4.5p1-hpn12v14.diff.gz 15791
+SHA256 5cc6cd882cbb94498483b44722b3e81c8e6d7854dc2b2c57e1d56040bfdc23bd openssh-4.5p1-hpn12v14.diff.gz 15791
+RMD160 3f70b6f4228e84c7b9b8b3bee7fd3875f3e3bad3 openssh-4.5p1.tar.gz 965925
+SHA256 7046b9d372f9e31ca654a66492310c188470480ddab300eb715dbf5e2177ae55 openssh-4.5p1.tar.gz 965925
+RMD160 90b0bbe07a3617f6eecb9f77c1a38c5f4dd4dcaf openssh-lpk-4.4p1-0.3.7.patch 61187
+SHA256 c74aa642b4b2eeceb0c3f554752d172f8d5a7cd30f2aae517e93ef3bf1bd24e7 openssh-lpk-4.4p1-0.3.7.patch 61187
diff --git a/net-misc/openssh/files/digest-openssh-4.7_p1-r1 b/net-misc/openssh/files/digest-openssh-4.7_p1-r1
new file mode 100644
index 00000000..f3462cb6
--- /dev/null
+++ b/net-misc/openssh/files/digest-openssh-4.7_p1-r1
@@ -0,0 +1,12 @@
+MD5 4a1b1e35074a17f08077e19af665d516 openssh-4.7p1+x509-6.0.1.diff.gz 147459
+RMD160 4ac66d2422f7137dd0af3aae697308266a0ce0cb openssh-4.7p1+x509-6.0.1.diff.gz 147459
+SHA256 2a5524161ac01e44980d74765f6f843d77aa96643879e9ce16120f1a4eb3ebd0 openssh-4.7p1+x509-6.0.1.diff.gz 147459
+MD5 5b536701ee999a29bb622c2f41745ef8 openssh-4.7p1-hpn12v18.diff.gz 16094
+RMD160 7b35eb1a3f6f3b703ac7f155f620bff63a900a0e openssh-4.7p1-hpn12v18.diff.gz 16094
+SHA256 45e6ea24e2722cab9b4e143952bf6539024aa8cc93353b88807c910330bb735b openssh-4.7p1-hpn12v18.diff.gz 16094
+MD5 50a800fd2c6def9e9a53068837e87b91 openssh-4.7p1.tar.gz 991119
+RMD160 b828e79d3d1a931cb77651ec7d7276cf3ba22d90 openssh-4.7p1.tar.gz 991119
+SHA256 d47133f0c6737d2889bf8da7bdf389fc2268d1c7fa3cd11a52451501eab548bc openssh-4.7p1.tar.gz 991119
+MD5 f43a8aae7d69e72f0ec07bc96e46b328 openssh-lpk-4.6p1-0.3.9.patch 61605
+RMD160 1bf1830192c3eba43c66c3c6469740724cb1ecf2 openssh-lpk-4.6p1-0.3.9.patch 61605
+SHA256 e12335e8bf020508ea3866db07b306f4c965e3f9de262c06f62fad494e93107e openssh-lpk-4.6p1-0.3.9.patch 61605
diff --git a/net-misc/openssh/files/digest-openssh-4.7_p1-r2 b/net-misc/openssh/files/digest-openssh-4.7_p1-r2
new file mode 100644
index 00000000..f3462cb6
--- /dev/null
+++ b/net-misc/openssh/files/digest-openssh-4.7_p1-r2
@@ -0,0 +1,12 @@
+MD5 4a1b1e35074a17f08077e19af665d516 openssh-4.7p1+x509-6.0.1.diff.gz 147459
+RMD160 4ac66d2422f7137dd0af3aae697308266a0ce0cb openssh-4.7p1+x509-6.0.1.diff.gz 147459
+SHA256 2a5524161ac01e44980d74765f6f843d77aa96643879e9ce16120f1a4eb3ebd0 openssh-4.7p1+x509-6.0.1.diff.gz 147459
+MD5 5b536701ee999a29bb622c2f41745ef8 openssh-4.7p1-hpn12v18.diff.gz 16094
+RMD160 7b35eb1a3f6f3b703ac7f155f620bff63a900a0e openssh-4.7p1-hpn12v18.diff.gz 16094
+SHA256 45e6ea24e2722cab9b4e143952bf6539024aa8cc93353b88807c910330bb735b openssh-4.7p1-hpn12v18.diff.gz 16094
+MD5 50a800fd2c6def9e9a53068837e87b91 openssh-4.7p1.tar.gz 991119
+RMD160 b828e79d3d1a931cb77651ec7d7276cf3ba22d90 openssh-4.7p1.tar.gz 991119
+SHA256 d47133f0c6737d2889bf8da7bdf389fc2268d1c7fa3cd11a52451501eab548bc openssh-4.7p1.tar.gz 991119
+MD5 f43a8aae7d69e72f0ec07bc96e46b328 openssh-lpk-4.6p1-0.3.9.patch 61605
+RMD160 1bf1830192c3eba43c66c3c6469740724cb1ecf2 openssh-lpk-4.6p1-0.3.9.patch 61605
+SHA256 e12335e8bf020508ea3866db07b306f4c965e3f9de262c06f62fad494e93107e openssh-lpk-4.6p1-0.3.9.patch 61605
diff --git a/net-misc/openssh/files/openssh-4.4_p1-ldap-hpn-glue.patch b/net-misc/openssh/files/openssh-4.4_p1-ldap-hpn-glue.patch
new file mode 100644
index 00000000..20e796b5
--- /dev/null
+++ b/net-misc/openssh/files/openssh-4.4_p1-ldap-hpn-glue.patch
@@ -0,0 +1,54 @@
+allow ldap and hpn patches to play nice
+
+--- servconf.c
++++ servconf.c
+@@ -116,24 +116,6 @@
+ options->num_allow_groups = 0;
+ options->num_deny_groups = 0;
+ options->ciphers = NULL;
+- options->macs = NULL;
+- options->protocol = SSH_PROTO_UNKNOWN;
+- options->gateway_ports = -1;
+- options->num_subsystems = 0;
+- options->max_startups_begin = -1;
+- options->max_startups_rate = -1;
+- options->max_startups = -1;
+- options->max_authtries = -1;
+- options->banner = NULL;
+- options->use_dns = -1;
+- options->client_alive_interval = -1;
+- options->client_alive_count_max = -1;
+- options->authorized_keys_file = NULL;
+- options->authorized_keys_file2 = NULL;
+- options->num_accept_env = 0;
+- options->permit_tun = -1;
+- options->num_permitted_opens = -1;
+- options->adm_forced_command = NULL;
+ #ifdef WITH_LDAP_PUBKEY
+ /* XXX dirty */
+ options->lpk.ld = NULL;
+@@ -152,6 +134,24 @@
+ options->lpk.flags = FLAG_EMPTY;
+ #endif
+
++ options->macs = NULL;
++ options->protocol = SSH_PROTO_UNKNOWN;
++ options->gateway_ports = -1;
++ options->num_subsystems = 0;
++ options->max_startups_begin = -1;
++ options->max_startups_rate = -1;
++ options->max_startups = -1;
++ options->max_authtries = -1;
++ options->banner = NULL;
++ options->use_dns = -1;
++ options->client_alive_interval = -1;
++ options->client_alive_count_max = -1;
++ options->authorized_keys_file = NULL;
++ options->authorized_keys_file2 = NULL;
++ options->num_accept_env = 0;
++ options->permit_tun = -1;
++ options->num_permitted_opens = -1;
++ options->adm_forced_command = NULL;
+ }
+
+ void
diff --git a/net-misc/openssh/files/openssh-4.5_p1-padlock.diff b/net-misc/openssh/files/openssh-4.5_p1-padlock.diff
new file mode 100644
index 00000000..6c56bd87
--- /dev/null
+++ b/net-misc/openssh/files/openssh-4.5_p1-padlock.diff
@@ -0,0 +1,35 @@
+--- openssh-4.5_p1.ebuild 2007-01-08 21:06:30.000000000 +0100
++++ openssh-4.5_p1-padlock.ebuild 2007-01-20 19:52:40.000000000 +0100
+@@ -15,6 +15,7 @@
+ SECURID_PATCH="${PARCH/4.5/4.4}+SecurID_v1.3.2.patch"
+ LDAP_PATCH="${PARCH/-4.5p1/-lpk-4.4p1}-0.3.7.patch"
+ HPN_PATCH="${PARCH}-hpn12v14.diff.gz"
++PADLOCK_PATCH="openssh-4.5p1-engines.diff"
+
+ DESCRIPTION="Port of OpenBSD's free SSH release"
+ HOMEPAGE="http://www.openssh.com/"
+@@ -22,12 +23,13 @@
+ X509? ( http://roumenpetrov.info/openssh/x509-5.5.2/${X509_PATCH} )
+ ldap? ( http://dev.inversepath.com/openssh-lpk/${LDAP_PATCH} )
+ hpn? ( http://www.psc.edu/networking/projects/hpn-ssh/${HPN_PATCH} )
+- smartcard? ( http://omniti.com/~jesus/projects/${SECURID_PATCH} )"
++ smartcard? ( http://omniti.com/~jesus/projects/${SECURID_PATCH} )
++ padlock? ( http://www.logix.cz/michal/devel/padlock/contrib/${PADLOCK_PATCH} )"
+
+ LICENSE="as-is"
+ SLOT="0"
+ KEYWORDS="alpha amd64 arm hppa ia64 m68k ~mips ppc ppc64 s390 sh sparc ~sparc-fbsd x86 ~x86-fbsd"
+-IUSE="static pam tcpd kerberos skey selinux chroot X509 ldap smartcard hpn libedit X"
++IUSE="static pam tcpd kerberos skey selinux chroot X509 ldap smartcard hpn libedit X padlock"
+
+ RDEPEND="pam? ( virtual/pam )
+ kerberos? ( virtual/krb5 )
+@@ -75,6 +77,8 @@
+ use X509 && epatch "${DISTDIR}"/${X509_PATCH} "${FILESDIR}"/${PN}-4.4_p1-x509-hpn-glue.patch
+ use chroot && epatch "${FILESDIR}"/openssh-4.3_p1-chroot.patch
+ use smartcard && epatch "${FILESDIR}"/openssh-3.9_p1-opensc.patch
++ use padlock && epatch "${DISTDIR}"/${PADLOCK_PATCH}
++
+ if ! use X509 ; then
+ if [[ -n ${SECURID_PATCH} ]] && use smartcard ; then
+ epatch "${DISTDIR}"/${SECURID_PATCH} \
diff --git a/net-misc/openssh/files/openssh-4.7_p1-GSSAPI-dns.patch b/net-misc/openssh/files/openssh-4.7_p1-GSSAPI-dns.patch
new file mode 100644
index 00000000..c81ae5cb
--- /dev/null
+++ b/net-misc/openssh/files/openssh-4.7_p1-GSSAPI-dns.patch
@@ -0,0 +1,127 @@
+http://bugs.gentoo.org/165444
+https://bugzilla.mindrot.org/show_bug.cgi?id=1008
+
+Index: readconf.c
+===================================================================
+RCS file: /cvs/openssh/readconf.c,v
+retrieving revision 1.135
+diff -u -r1.135 readconf.c
+--- readconf.c 5 Aug 2006 02:39:40 -0000 1.135
++++ readconf.c 19 Aug 2006 11:59:52 -0000
+@@ -126,6 +126,7 @@
+ oClearAllForwardings, oNoHostAuthenticationForLocalhost,
+ oEnableSSHKeysign, oRekeyLimit, oVerifyHostKeyDNS, oConnectTimeout,
+ oAddressFamily, oGssAuthentication, oGssDelegateCreds,
++ oGssTrustDns,
+ oServerAliveInterval, oServerAliveCountMax, oIdentitiesOnly,
+ oSendEnv, oControlPath, oControlMaster, oHashKnownHosts,
+ oTunnel, oTunnelDevice, oLocalCommand, oPermitLocalCommand,
+@@ -163,9 +164,11 @@
+ #if defined(GSSAPI)
+ { "gssapiauthentication", oGssAuthentication },
+ { "gssapidelegatecredentials", oGssDelegateCreds },
++ { "gssapitrustdns", oGssTrustDns },
+ #else
+ { "gssapiauthentication", oUnsupported },
+ { "gssapidelegatecredentials", oUnsupported },
++ { "gssapitrustdns", oUnsupported },
+ #endif
+ { "fallbacktorsh", oDeprecated },
+ { "usersh", oDeprecated },
+@@ -444,6 +447,10 @@
+ intptr = &options->gss_deleg_creds;
+ goto parse_flag;
+
++ case oGssTrustDns:
++ intptr = &options->gss_trust_dns;
++ goto parse_flag;
++
+ case oBatchMode:
+ intptr = &options->batch_mode;
+ goto parse_flag;
+@@ -1010,6 +1017,7 @@
+ options->challenge_response_authentication = -1;
+ options->gss_authentication = -1;
+ options->gss_deleg_creds = -1;
++ options->gss_trust_dns = -1;
+ options->password_authentication = -1;
+ options->kbd_interactive_authentication = -1;
+ options->kbd_interactive_devices = NULL;
+@@ -1100,6 +1108,8 @@
+ options->gss_authentication = 0;
+ if (options->gss_deleg_creds == -1)
+ options->gss_deleg_creds = 0;
++ if (options->gss_trust_dns == -1)
++ options->gss_trust_dns = 0;
+ if (options->password_authentication == -1)
+ options->password_authentication = 1;
+ if (options->kbd_interactive_authentication == -1)
+Index: readconf.h
+===================================================================
+RCS file: /cvs/openssh/readconf.h,v
+retrieving revision 1.63
+diff -u -r1.63 readconf.h
+--- readconf.h 5 Aug 2006 02:39:40 -0000 1.63
++++ readconf.h 19 Aug 2006 11:59:52 -0000
+@@ -45,6 +45,7 @@
+ /* Try S/Key or TIS, authentication. */
+ int gss_authentication; /* Try GSS authentication */
+ int gss_deleg_creds; /* Delegate GSS credentials */
++ int gss_trust_dns; /* Trust DNS for GSS canonicalization */
+ int password_authentication; /* Try password
+ * authentication. */
+ int kbd_interactive_authentication; /* Try keyboard-interactive auth. */
+Index: ssh_config.5
+===================================================================
+RCS file: /cvs/openssh/ssh_config.5,v
+retrieving revision 1.97
+diff -u -r1.97 ssh_config.5
+--- ssh_config.5 5 Aug 2006 01:34:51 -0000 1.97
++++ ssh_config.5 19 Aug 2006 11:59:53 -0000
+@@ -483,7 +483,16 @@
+ Forward (delegate) credentials to the server.
+ The default is
+ .Dq no .
+-Note that this option applies to protocol version 2 only.
++Note that this option applies to protocol version 2 connections using GSSAPI.
++.It Cm GSSAPITrustDns
++Set to
++.Dq yes to indicate that the DNS is trusted to securely canonicalize
++the name of the host being connected to. If
++.Dq no, the hostname entered on the
++command line will be passed untouched to the GSSAPI library.
++The default is
++.Dq no .
++This option only applies to protocol version 2 connections using GSSAPI.
+ .It Cm HashKnownHosts
+ Indicates that
+ .Xr ssh 1
+Index: sshconnect2.c
+===================================================================
+RCS file: /cvs/openssh/sshconnect2.c,v
+retrieving revision 1.151
+diff -u -r1.151 sshconnect2.c
+--- sshconnect2.c 18 Aug 2006 14:33:34 -0000 1.151
++++ sshconnect2.c 19 Aug 2006 11:59:53 -0000
+@@ -499,6 +499,12 @@
+ static u_int mech = 0;
+ OM_uint32 min;
+ int ok = 0;
++ const char *gss_host;
++
++ if (options.gss_trust_dns)
++ gss_host = get_canonical_hostname(1);
++ else
++ gss_host = authctxt->host;
+
+ /* Try one GSSAPI method at a time, rather than sending them all at
+ * once. */
+@@ -511,7 +517,7 @@
+ /* My DER encoding requires length<128 */
+ if (gss_supported->elements[mech].length < 128 &&
+ ssh_gssapi_check_mechanism(&gssctxt,
+- &gss_supported->elements[mech], authctxt->host)) {
++ &gss_supported->elements[mech], gss_host)) {
+ ok = 1; /* Mechanism works */
+ } else {
+ mech++;
diff --git a/net-misc/openssh/files/openssh-4.7_p1-engines.patch b/net-misc/openssh/files/openssh-4.7_p1-engines.patch
new file mode 100644
index 00000000..6da355e4
--- /dev/null
+++ b/net-misc/openssh/files/openssh-4.7_p1-engines.patch
@@ -0,0 +1,140 @@
+diff -urN openssh-4.7p1.orig/ssh-add.c openssh-4.7p1/ssh-add.c
+--- openssh-4.7p1.orig/ssh-add.c 2006-09-01 07:38:37.000000000 +0200
++++ openssh-4.7p1/ssh-add.c 2007-05-19 02:52:09.000000000 +0200
+@@ -42,6 +42,7 @@
+ #include <sys/param.h>
+
+ #include <openssl/evp.h>
++#include <openssl/engine.h>
+
+ #include <fcntl.h>
+ #include <pwd.h>
+@@ -343,6 +344,11 @@
+
+ SSLeay_add_all_algorithms();
+
++ /* Init available hardware crypto engines. */
++ ENGINE_load_builtin_engines();
++ ENGINE_register_all_complete();
++ ENGINE_set_default_ciphers(ENGINE_by_id("padlock"));
++
+ /* At first, get a connection to the authentication agent. */
+ ac = ssh_get_authentication_connection();
+ if (ac == NULL) {
+diff -urN openssh-4.7p1.orig/ssh-agent.c openssh-4.7p1/ssh-agent.c
+--- openssh-4.7p1.orig/ssh-agent.c 2007-02-28 11:19:58.000000000 +0100
++++ openssh-4.7p1/ssh-agent.c 2007-05-19 02:52:09.000000000 +0200
+@@ -51,6 +51,7 @@
+
+ #include <openssl/evp.h>
+ #include <openssl/md5.h>
++#include <openssl/engine.h>
+
+ #include <errno.h>
+ #include <fcntl.h>
+@@ -1043,6 +1044,11 @@
+
+ SSLeay_add_all_algorithms();
+
++ /* Init available hardware crypto engines. */
++ ENGINE_load_builtin_engines();
++ ENGINE_register_all_complete();
++ ENGINE_set_default_ciphers(ENGINE_by_id("padlock"));
++
+ __progname = ssh_get_progname(av[0]);
+ init_rng();
+ seed_rng();
+diff -urN openssh-4.7p1.orig/ssh-keygen.c openssh-4.7p1/ssh-keygen.c
+--- openssh-4.7p1.orig/ssh-keygen.c 2007-02-19 12:10:25.000000000 +0100
++++ openssh-4.7p1/ssh-keygen.c 2007-05-19 02:52:09.000000000 +0200
+@@ -21,6 +21,7 @@
+
+ #include <openssl/evp.h>
+ #include <openssl/pem.h>
++#include <openssl/engine.h>
+
+ #include <errno.h>
+ #include <fcntl.h>
+@@ -1073,6 +1074,12 @@
+ __progname = ssh_get_progname(argv[0]);
+
+ SSLeay_add_all_algorithms();
++
++ /* Init available hardware crypto engines. */
++ ENGINE_load_builtin_engines();
++ ENGINE_register_all_complete();
++ ENGINE_set_default_ciphers(ENGINE_by_id("padlock"));
++
+ log_init(argv[0], SYSLOG_LEVEL_INFO, SYSLOG_FACILITY_USER, 1);
+
+ init_rng();
+diff -urN openssh-4.7p1.orig/ssh-keysign.c openssh-4.7p1/ssh-keysign.c
+--- openssh-4.7p1.orig/ssh-keysign.c 2006-09-01 07:38:37.000000000 +0200
++++ openssh-4.7p1/ssh-keysign.c 2007-05-19 02:52:09.000000000 +0200
+@@ -38,6 +38,7 @@
+ #include <openssl/evp.h>
+ #include <openssl/rand.h>
+ #include <openssl/rsa.h>
++#include <openssl/engine.h>
+
+ #include "xmalloc.h"
+ #include "log.h"
+@@ -195,6 +196,12 @@
+ fatal("could not open any host key");
+
+ SSLeay_add_all_algorithms();
++
++ /* Init available hardware crypto engines. */
++ ENGINE_load_builtin_engines();
++ ENGINE_register_all_complete();
++ ENGINE_set_default_ciphers(ENGINE_by_id("padlock"));
++
+ for (i = 0; i < 256; i++)
+ rnd[i] = arc4random();
+ RAND_seed(rnd, sizeof(rnd));
+diff -urN openssh-4.7p1.orig/ssh.c openssh-4.7p1/ssh.c
+--- openssh-4.7p1.orig/ssh.c 2007-01-05 06:30:17.000000000 +0100
++++ openssh-4.7p1/ssh.c 2007-05-19 02:52:09.000000000 +0200
+@@ -72,6 +72,7 @@
+
+ #include <openssl/evp.h>
+ #include <openssl/err.h>
++#include <openssl/engine.h>
+
+ #include "xmalloc.h"
+ #include "ssh.h"
+@@ -556,6 +557,11 @@
+ SSLeay_add_all_algorithms();
+ ERR_load_crypto_strings();
+
++ /* Init available hardware crypto engines. */
++ ENGINE_load_builtin_engines();
++ ENGINE_register_all_complete();
++ ENGINE_set_default_ciphers(ENGINE_by_id("padlock"));
++
+ /* Initialize the command to execute on remote host. */
+ buffer_init(&command);
+
+diff -urN openssh-4.7p1.orig/sshd.c openssh-4.7p1/sshd.c
+--- openssh-4.7p1.orig/sshd.c 2007-02-25 10:37:22.000000000 +0100
++++ openssh-4.7p1/sshd.c 2007-05-19 02:52:09.000000000 +0200
+@@ -75,6 +75,7 @@
+ #include <openssl/bn.h>
+ #include <openssl/md5.h>
+ #include <openssl/rand.h>
++#include <openssl/engine.h>
+ #ifdef HAVE_SECUREWARE
+ #include <sys/security.h>
+ #include <prot.h>
+@@ -1027,6 +1028,11 @@
+ for (i = 0; i < options.max_startups; i++)
+ startup_pipes[i] = -1;
+
++ /* Init available hardware crypto engines. */
++ ENGINE_load_builtin_engines();
++ ENGINE_register_all_complete();
++ ENGINE_set_default_ciphers(ENGINE_by_id("padlock"));
++
+ /*
+ * Stay listening for connections until the system crashes or
+ * the daemon is killed with a signal.
diff --git a/net-misc/openssh/files/sshd.pam_include.1 b/net-misc/openssh/files/sshd.pam_include.1
new file mode 100644
index 00000000..567ba4ac
--- /dev/null
+++ b/net-misc/openssh/files/sshd.pam_include.1
@@ -0,0 +1,8 @@
+#%PAM-1.0
+
+auth required pam_shells.so
+auth required pam_nologin.so
+auth include system-auth
+account include system-auth
+password include system-auth
+session include system-auth
diff --git a/net-misc/openssh/openssh-4.7_p1-r1.ebuild b/net-misc/openssh/openssh-4.7_p1-r1.ebuild
new file mode 100644
index 00000000..299c50f7
--- /dev/null
+++ b/net-misc/openssh/openssh-4.7_p1-r1.ebuild
@@ -0,0 +1,165 @@
+# Copyright 1999-2007 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/net-misc/openssh/openssh-4.7_p1-r2.ebuild,v 1.2 2007/10/08 22:29:37 vapier Exp $
+
+inherit eutils flag-o-matic ccc multilib autotools pam
+
+# Make it more portable between straight releases
+# and _p? releases.
+PARCH=${P/_/}
+
+X509_PATCH="${PARCH}+x509-6.0.1.diff.gz"
+LDAP_PATCH="${PARCH/openssh-4.7/openssh-lpk-4.6}-0.3.9.patch"
+HPN_PATCH="${PARCH}-hpn12v18.diff.gz"
+
+DESCRIPTION="Port of OpenBSD's free SSH release"
+HOMEPAGE="http://www.openssh.com/"
+SRC_URI="mirror://openbsd/OpenSSH/portable/${PARCH}.tar.gz
+ ldap? ( http://dev.inversepath.com/openssh-lpk/${LDAP_PATCH} )
+ X509? ( http://roumenpetrov.info/openssh/x509-6.0.1/${X509_PATCH} )
+ hpn? ( http://www.psc.edu/networking/projects/hpn-ssh/${HPN_PATCH} )"
+
+LICENSE="as-is"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~sparc-fbsd x86 ~x86-fbsd"
+IUSE="static pam tcpd kerberos skey selinux chroot X509 ldap smartcard hpn libedit X padlock"
+
+RDEPEND="pam? ( virtual/pam )
+ kerberos? ( virtual/krb5 )
+ selinux? ( >=sys-libs/libselinux-1.28 )
+ skey? ( >=app-admin/skey-1.1.5-r1 )
+ ldap? ( net-nds/openldap )
+ libedit? ( dev-libs/libedit )
+ >=dev-libs/openssl-0.9.6d
+ >=sys-libs/zlib-1.2.3
+ smartcard? ( dev-libs/opensc )
+ tcpd? ( >=sys-apps/tcp-wrappers-7.6 )
+ X? ( x11-apps/xauth )
+ userland_GNU? ( sys-apps/shadow )"
+DEPEND="${RDEPEND}
+ dev-util/pkgconfig
+ virtual/os-headers
+ sys-devel/autoconf"
+PROVIDE="virtual/ssh"
+
+S=${WORKDIR}/${PARCH}
+
+pkg_setup() {
+ # this sucks, but i'd rather have people unable to `emerge -u openssh`
+ # than not be able to log in to their server any more
+ maybe_fail() { [[ -z ${!2} ]] && use ${1} && echo ${1} ; }
+ local fail="
+ $(maybe_fail X509 X509_PATCH)
+ $(maybe_fail ldap LDAP_PATCH)
+ "
+ fail=$(echo ${fail})
+ if [[ -n ${fail} ]] ; then
+ eerror "Sorry, but this version does not yet support features"
+ eerror "that you requested: ${fail}"
+ eerror "Please mask ${PF} for now and check back later:"
+ eerror " # echo '=${CATEGORY}/${PF}' >> /etc/portage/package.mask"
+ die "booooo"
+ fi
+}
+
+src_unpack() {
+ unpack ${PARCH}.tar.gz
+ cd "${S}"
+
+ sed -i \
+ -e '/_PATH_XAUTH/s:/usr/X11R6/bin/xauth:/usr/bin/xauth:' \
+ pathnames.h || die
+
+ use X509 && epatch "${DISTDIR}"/${X509_PATCH} "${FILESDIR}"/${PN}-4.4_p1-x509-hpn-glue.patch
+ use chroot && epatch "${FILESDIR}"/openssh-4.3_p1-chroot.patch
+ use smartcard && epatch "${FILESDIR}"/openssh-3.9_p1-opensc.patch
+ if ! use X509 ; then
+ if [[ -n ${LDAP_PATCH} ]] && use ldap ; then
+ epatch "${DISTDIR}"/${LDAP_PATCH} "${FILESDIR}"/${PN}-4.4_p1-ldap-hpn-glue.patch
+ fi
+ elif use ldap ; then
+ ewarn "Sorry, X509 and ldap don't get along, disabling ldap"
+ fi
+ [[ -n ${HPN_PATCH} ]] && use hpn && epatch "${DISTDIR}"/${HPN_PATCH}
+ epatch "${FILESDIR}"/${P}-GSSAPI-dns.patch #165444
+
+ # Use OpenSSL engines - padlock by default if available
+ use padlock && epatch "${FILESDIR}"/${P}-engines.patch
+
+ sed -i "s:-lcrypto:$(pkg-config --libs openssl):" configure{,.ac} || die
+
+ eautoreconf
+}
+
+src_compile() {
+ addwrite /dev/ptmx
+ addpredict /etc/skey/skeykeys #skey configure code triggers this
+
+ local myconf=""
+ if use static ; then
+ append-ldflags -static
+ use pam && ewarn "Disabling pam support becuse of static flag"
+ myconf="${myconf} --without-pam"
+ else
+ myconf="${myconf} $(use_with pam)"
+ fi
+
+ econf \
+ --with-ldflags="${LDFLAGS}" \
+ --disable-strip \
+ --sysconfdir=/etc/ssh \
+ --libexecdir=/usr/$(get_libdir)/misc \
+ --datadir=/usr/share/openssh \
+ --disable-suid-ssh \
+ --with-privsep-path=/var/empty \
+ --with-privsep-user=sshd \
+ --with-md5-passwords \
+ --with-ssl-engine \
+ $(use_with ldap) \
+ $(use_with libedit) \
+ $(use_with kerberos kerberos5 /usr) \
+ $(use_with tcpd tcp-wrappers) \
+ $(use_with selinux) \
+ $(use_with skey) \
+ $(use_with smartcard opensc) \
+ ${myconf} \
+ || die "bad configure"
+ emake || die "compile problem"
+}
+
+src_install() {
+ emake install-nokeys DESTDIR="${D}" || die
+ fperms 600 /etc/ssh/sshd_config
+ dobin contrib/ssh-copy-id
+ newinitd "${FILESDIR}"/sshd.rc6 sshd
+ newconfd "${FILESDIR}"/sshd.confd sshd
+ keepdir /var/empty
+
+ newpamd "${FILESDIR}"/sshd.pam_include.1 sshd
+ use pam \
+ && dosed "/^#UsePAM /s:.*:UsePAM yes:" /etc/ssh/sshd_config \
+ && dosed "/^#PasswordAuthentication /s:.*:PasswordAuthentication no:" /etc/ssh/sshd_config
+
+ doman contrib/ssh-copy-id.1
+ dodoc ChangeLog CREDITS OVERVIEW README* TODO sshd_config
+
+ diropts -m 0700
+ dodir /etc/skel/.ssh
+}
+
+pkg_postinst() {
+ enewgroup sshd 22
+ enewuser sshd 22 -1 /var/empty sshd
+
+ # help fix broken perms caused by older ebuilds.
+ # can probably cut this after the next stage release.
+ chmod u+x "${ROOT}"/etc/skel/.ssh >& /dev/null
+
+ ewarn "Remember to merge your config files in /etc/ssh/ and then"
+ ewarn "restart sshd: '/etc/init.d/sshd restart'."
+ if use pam ; then
+ echo
+ ewarn "Please be aware users need a valid shell in /etc/passwd"
+ ewarn "in order to be allowed to login."
+ fi
+}
diff --git a/net-misc/openssh/openssh-4.7_p1-r2.ebuild b/net-misc/openssh/openssh-4.7_p1-r2.ebuild
new file mode 100644
index 00000000..f48331f8
--- /dev/null
+++ b/net-misc/openssh/openssh-4.7_p1-r2.ebuild
@@ -0,0 +1,165 @@
+# Copyright 1999-2007 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/net-misc/openssh/openssh-4.7_p1-r2.ebuild,v 1.2 2007/10/08 22:29:37 vapier Exp $
+
+inherit eutils flag-o-matic ccc multilib autotools pam
+
+# Make it more portable between straight releases
+# and _p? releases.
+PARCH=${P/_/}
+
+X509_PATCH="${PARCH}+x509-6.0.1.diff.gz"
+LDAP_PATCH="${PARCH/openssh-4.7/openssh-lpk-4.6}-0.3.9.patch"
+HPN_PATCH="${PARCH}-hpn12v18.diff.gz"
+
+DESCRIPTION="Port of OpenBSD's free SSH release"
+HOMEPAGE="http://www.openssh.com/"
+SRC_URI="mirror://openbsd/OpenSSH/portable/${PARCH}.tar.gz
+ ldap? ( http://dev.inversepath.com/openssh-lpk/${LDAP_PATCH} )
+ X509? ( http://roumenpetrov.info/openssh/x509-6.0.1/${X509_PATCH} )
+ hpn? ( http://www.psc.edu/networking/projects/hpn-ssh/${HPN_PATCH} )"
+
+LICENSE="as-is"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~sparc-fbsd ~x86 ~x86-fbsd"
+IUSE="static pam tcpd kerberos skey selinux chroot X509 ldap smartcard hpn libedit X padlock"
+
+RDEPEND="pam? ( virtual/pam )
+ kerberos? ( virtual/krb5 )
+ selinux? ( >=sys-libs/libselinux-1.28 )
+ skey? ( >=app-admin/skey-1.1.5-r1 )
+ ldap? ( net-nds/openldap )
+ libedit? ( dev-libs/libedit )
+ >=dev-libs/openssl-0.9.6d
+ >=sys-libs/zlib-1.2.3
+ smartcard? ( dev-libs/opensc )
+ tcpd? ( >=sys-apps/tcp-wrappers-7.6 )
+ X? ( x11-apps/xauth )
+ userland_GNU? ( sys-apps/shadow )"
+DEPEND="${RDEPEND}
+ dev-util/pkgconfig
+ virtual/os-headers
+ sys-devel/autoconf"
+PROVIDE="virtual/ssh"
+
+S=${WORKDIR}/${PARCH}
+
+pkg_setup() {
+ # this sucks, but i'd rather have people unable to `emerge -u openssh`
+ # than not be able to log in to their server any more
+ maybe_fail() { [[ -z ${!2} ]] && use ${1} && echo ${1} ; }
+ local fail="
+ $(maybe_fail X509 X509_PATCH)
+ $(maybe_fail ldap LDAP_PATCH)
+ "
+ fail=$(echo ${fail})
+ if [[ -n ${fail} ]] ; then
+ eerror "Sorry, but this version does not yet support features"
+ eerror "that you requested: ${fail}"
+ eerror "Please mask ${PF} for now and check back later:"
+ eerror " # echo '=${CATEGORY}/${PF}' >> /etc/portage/package.mask"
+ die "booooo"
+ fi
+}
+
+src_unpack() {
+ unpack ${PARCH}.tar.gz
+ cd "${S}"
+
+ sed -i \
+ -e '/_PATH_XAUTH/s:/usr/X11R6/bin/xauth:/usr/bin/xauth:' \
+ pathnames.h || die
+
+ use X509 && epatch "${DISTDIR}"/${X509_PATCH} "${FILESDIR}"/${PN}-4.4_p1-x509-hpn-glue.patch
+ use chroot && epatch "${FILESDIR}"/openssh-4.3_p1-chroot.patch
+ use smartcard && epatch "${FILESDIR}"/openssh-3.9_p1-opensc.patch
+ if ! use X509 ; then
+ if [[ -n ${LDAP_PATCH} ]] && use ldap ; then
+ epatch "${DISTDIR}"/${LDAP_PATCH} "${FILESDIR}"/${PN}-4.4_p1-ldap-hpn-glue.patch
+ fi
+ elif use ldap ; then
+ ewarn "Sorry, X509 and ldap don't get along, disabling ldap"
+ fi
+ [[ -n ${HPN_PATCH} ]] && use hpn && epatch "${DISTDIR}"/${HPN_PATCH}
+ epatch "${FILESDIR}"/${P}-GSSAPI-dns.patch #165444
+
+ # Use OpenSSL engines - padlock by default if available
+ use padlock && epatch "${FILESDIR}"/${P}-engines.patch
+
+ sed -i "s:-lcrypto:$(pkg-config --libs openssl):" configure{,.ac} || die
+
+ eautoreconf
+}
+
+src_compile() {
+ addwrite /dev/ptmx
+ addpredict /etc/skey/skeykeys #skey configure code triggers this
+
+ local myconf=""
+ if use static ; then
+ append-ldflags -static
+ use pam && ewarn "Disabling pam support becuse of static flag"
+ myconf="${myconf} --without-pam"
+ else
+ myconf="${myconf} $(use_with pam)"
+ fi
+
+ econf \
+ --with-ldflags="${LDFLAGS}" \
+ --disable-strip \
+ --sysconfdir=/etc/ssh \
+ --libexecdir=/usr/$(get_libdir)/misc \
+ --datadir=/usr/share/openssh \
+ --disable-suid-ssh \
+ --with-privsep-path=/var/empty \
+ --with-privsep-user=sshd \
+ --with-md5-passwords \
+ --with-ssl-engine \
+ $(use_with ldap) \
+ $(use_with libedit) \
+ $(use_with kerberos kerberos5 /usr) \
+ $(use_with tcpd tcp-wrappers) \
+ $(use_with selinux) \
+ $(use_with skey) \
+ $(use_with smartcard opensc) \
+ ${myconf} \
+ || die "bad configure"
+ emake || die "compile problem"
+}
+
+src_install() {
+ emake install-nokeys DESTDIR="${D}" || die
+ fperms 600 /etc/ssh/sshd_config
+ dobin contrib/ssh-copy-id
+ newinitd "${FILESDIR}"/sshd.rc6 sshd
+ newconfd "${FILESDIR}"/sshd.confd sshd
+ keepdir /var/empty
+
+ newpamd "${FILESDIR}"/sshd.pam_include.1 sshd
+ use pam \
+ && dosed "/^#UsePAM /s:.*:UsePAM yes:" /etc/ssh/sshd_config \
+ && dosed "/^#PasswordAuthentication /s:.*:PasswordAuthentication no:" /etc/ssh/sshd_config
+
+ doman contrib/ssh-copy-id.1
+ dodoc ChangeLog CREDITS OVERVIEW README* TODO sshd_config
+
+ diropts -m 0700
+ dodir /etc/skel/.ssh
+}
+
+pkg_postinst() {
+ enewgroup sshd 22
+ enewuser sshd 22 -1 /var/empty sshd
+
+ # help fix broken perms caused by older ebuilds.
+ # can probably cut this after the next stage release.
+ chmod u+x "${ROOT}"/etc/skel/.ssh >& /dev/null
+
+ ewarn "Remember to merge your config files in /etc/ssh/ and then"
+ ewarn "restart sshd: '/etc/init.d/sshd restart'."
+ if use pam ; then
+ echo
+ ewarn "Please be aware users need a valid shell in /etc/passwd"
+ ewarn "in order to be allowed to login."
+ fi
+}