diff --git a/app-admin/calamares/Manifest b/app-admin/calamares/Manifest deleted file mode 100644 index 5978dea0a..000000000 --- a/app-admin/calamares/Manifest +++ /dev/null @@ -1,2 +0,0 @@ -DIST calamares-3.2.16.tar.gz 3093109 BLAKE2B 1159b28017c3c034afd825ad9a488f110ceefeef916c184d9b245daab7d12c568e0058924c279bf0d40935720690ad19afa6509e8143237df92f2beb34abe617 SHA512 5f838471b2ece56151054b70b01902a74f1cf98b59889f05190fc5509667ee6f4e47909edc5505a38eacdad2c17a19745699c1d63e10e5ce140ecc3d7f6981b9 -DIST calamares-3.2.17.1.tar.gz 3128350 BLAKE2B a6926faaf1d521647cc0037b88686f9ceee1cc8167b888fe3c25228cbca8058572c8786a51f6ce0ccb77b31351d21ac41fa6c86a6577569c118729e1263ccafa SHA512 fa8f1906aa7774b0f6bd65d1dc87ea2e08df92018c162f7e7fe01fe6119e65d6391141bc242623f88040bb18eb8b71003cb7417b27c10b39bc30de0f0bf8deb0 diff --git a/app-admin/calamares/calamares-3.2.16.ebuild b/app-admin/calamares/calamares-3.2.16.ebuild deleted file mode 100644 index ee6d500ad..000000000 --- a/app-admin/calamares/calamares-3.2.16.ebuild +++ /dev/null @@ -1,97 +0,0 @@ -# Copyright 1999-2019 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -EAPI=7 - -PYTHON_COMPAT=( python3_6 python3_7 ) -inherit ecm python-r1 - -DESCRIPTION="Distribution-independent installer framework" -HOMEPAGE="https://calamares.io" -if [[ ${KDE_BUILD_TYPE} == live ]] ; then - EGIT_REPO_URI="https://github.com/${PN}/${PN}" -else - SRC_URI="https://github.com/${PN}/${PN}/releases/download/v${PV}/${P}.tar.gz" - KEYWORDS="~amd64" -fi -SLOT=5 -LICENSE="GPL-3" -IUSE="+networkmanager +upower +fat jfs reiserfs xfs ntfs pythonqt" - -DEPEND="${PYTHON_DEPS} - dev-qt/linguist-tools:5 - dev-qt/qtconcurrent:5 - dev-qt/qtdbus:5 - dev-qt/qtdeclarative:5 - dev-qt/qtgui:5 - dev-qt/qtnetwork:5 - dev-qt/qtsvg:5 - dev-qt/qtwebengine:5[widgets] - dev-qt/qtwidgets:5 - dev-qt/qtxml:5 - kde-frameworks/kconfig:5 - kde-frameworks/kcoreaddons:5 - kde-frameworks/kcrash:5 - kde-frameworks/kpackage:5 - kde-frameworks/kparts:5 - kde-frameworks/kservice:5 - dev-cpp/yaml-cpp:= - >=dev-libs/boost-1.55:=[${PYTHON_USEDEP}] - dev-libs/libpwquality[${PYTHON_USEDEP}] - sys-apps/dbus - sys-apps/dmidecode - sys-auth/polkit-qt - >=sys-libs/kpmcore-4.0.0:5= - pythonqt? ( >=dev-python/PythonQt-3.1:=[${PYTHON_USEDEP}] ) -" - -RDEPEND="${DEPEND} - app-admin/sudo - dev-libs/libatasmart - net-misc/rsync - >=sys-block/parted-3.0 - || ( sys-boot/grub:2 sys-boot/systemd-boot ) - sys-boot/os-prober - sys-fs/squashfs-tools - sys-libs/timezone-data - virtual/udev - networkmanager? ( net-misc/networkmanager ) - upower? ( sys-power/upower ) - fat? ( sys-fs/dosfstools ) - jfs? ( sys-fs/jfsutils ) - reiserfs? ( sys-fs/reiserfsprogs ) - xfs? ( - sys-fs/xfsprogs - sys-fs/xfsdump - ) - ntfs? ( sys-fs/ntfs3g[ntfsprogs] ) -" - -src_prepare() { - ecm_src_prepare - python_setup - export PYTHON_INCLUDE_DIRS="$(python_get_includedir)" \ - PYTHON_INCLUDE_PATH="$(python_get_library_path)" \ - PYTHON_CFLAGS="$(python_get_CFLAGS)" \ - PYTHON_LIBS="$(python_get_LIBS)" - - sed -i -e 's:pkexec /usr/bin/calamares:calamares-pkexec:' \ - calamares.desktop || die - sed -i -e 's:Icon=calamares:Icon=drive-harddisk:' \ - calamares.desktop || die -} - -src_configure() { - local mycmakeargs=( - -DWEBVIEW_FORCE_WEBKIT=OFF - -DCMAKE_DISABLE_FIND_PACKAGE_LIBPARTED=ON - -DWITH_PYTHONQT=$(usex pythonqt) - ) - - ecm_src_configure -} - -src_install() { - ecm_src_install - dobin "${FILESDIR}"/calamares-pkexec -} diff --git a/app-admin/calamares/calamares-3.2.17.1.ebuild b/app-admin/calamares/calamares-3.2.17.1.ebuild deleted file mode 100644 index ee6d500ad..000000000 --- a/app-admin/calamares/calamares-3.2.17.1.ebuild +++ /dev/null @@ -1,97 +0,0 @@ -# Copyright 1999-2019 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -EAPI=7 - -PYTHON_COMPAT=( python3_6 python3_7 ) -inherit ecm python-r1 - -DESCRIPTION="Distribution-independent installer framework" -HOMEPAGE="https://calamares.io" -if [[ ${KDE_BUILD_TYPE} == live ]] ; then - EGIT_REPO_URI="https://github.com/${PN}/${PN}" -else - SRC_URI="https://github.com/${PN}/${PN}/releases/download/v${PV}/${P}.tar.gz" - KEYWORDS="~amd64" -fi -SLOT=5 -LICENSE="GPL-3" -IUSE="+networkmanager +upower +fat jfs reiserfs xfs ntfs pythonqt" - -DEPEND="${PYTHON_DEPS} - dev-qt/linguist-tools:5 - dev-qt/qtconcurrent:5 - dev-qt/qtdbus:5 - dev-qt/qtdeclarative:5 - dev-qt/qtgui:5 - dev-qt/qtnetwork:5 - dev-qt/qtsvg:5 - dev-qt/qtwebengine:5[widgets] - dev-qt/qtwidgets:5 - dev-qt/qtxml:5 - kde-frameworks/kconfig:5 - kde-frameworks/kcoreaddons:5 - kde-frameworks/kcrash:5 - kde-frameworks/kpackage:5 - kde-frameworks/kparts:5 - kde-frameworks/kservice:5 - dev-cpp/yaml-cpp:= - >=dev-libs/boost-1.55:=[${PYTHON_USEDEP}] - dev-libs/libpwquality[${PYTHON_USEDEP}] - sys-apps/dbus - sys-apps/dmidecode - sys-auth/polkit-qt - >=sys-libs/kpmcore-4.0.0:5= - pythonqt? ( >=dev-python/PythonQt-3.1:=[${PYTHON_USEDEP}] ) -" - -RDEPEND="${DEPEND} - app-admin/sudo - dev-libs/libatasmart - net-misc/rsync - >=sys-block/parted-3.0 - || ( sys-boot/grub:2 sys-boot/systemd-boot ) - sys-boot/os-prober - sys-fs/squashfs-tools - sys-libs/timezone-data - virtual/udev - networkmanager? ( net-misc/networkmanager ) - upower? ( sys-power/upower ) - fat? ( sys-fs/dosfstools ) - jfs? ( sys-fs/jfsutils ) - reiserfs? ( sys-fs/reiserfsprogs ) - xfs? ( - sys-fs/xfsprogs - sys-fs/xfsdump - ) - ntfs? ( sys-fs/ntfs3g[ntfsprogs] ) -" - -src_prepare() { - ecm_src_prepare - python_setup - export PYTHON_INCLUDE_DIRS="$(python_get_includedir)" \ - PYTHON_INCLUDE_PATH="$(python_get_library_path)" \ - PYTHON_CFLAGS="$(python_get_CFLAGS)" \ - PYTHON_LIBS="$(python_get_LIBS)" - - sed -i -e 's:pkexec /usr/bin/calamares:calamares-pkexec:' \ - calamares.desktop || die - sed -i -e 's:Icon=calamares:Icon=drive-harddisk:' \ - calamares.desktop || die -} - -src_configure() { - local mycmakeargs=( - -DWEBVIEW_FORCE_WEBKIT=OFF - -DCMAKE_DISABLE_FIND_PACKAGE_LIBPARTED=ON - -DWITH_PYTHONQT=$(usex pythonqt) - ) - - ecm_src_configure -} - -src_install() { - ecm_src_install - dobin "${FILESDIR}"/calamares-pkexec -} diff --git a/app-admin/calamares/files/calamares-pkexec b/app-admin/calamares/files/calamares-pkexec deleted file mode 100644 index 3300d3b70..000000000 --- a/app-admin/calamares/files/calamares-pkexec +++ /dev/null @@ -1,2 +0,0 @@ -#!/bin/sh -pkexec "/usr/bin/calamares" "$@" diff --git a/app-admin/calamares/metadata.xml b/app-admin/calamares/metadata.xml deleted file mode 100644 index bc9aeb329..000000000 --- a/app-admin/calamares/metadata.xml +++ /dev/null @@ -1,27 +0,0 @@ - - - - - johu@gentoo.org - Johannes Huber - - - mudler@gentoo.org - Ettore Di Giacinto - - - Calamares is a distribution-independent system installer, with an - advanced partitioning feature for both manual and automated - partitioning operations. It is the first installer with an automated - “Replace Partition” option, which makes it easy to reuse a partition - over and over for distribution testing. Calamares is designed to be - customizable by distribution maintainers without need for cumbersome - patching, thanks to third party branding and external modules support. - - - calamares/calamares - - - Enable PythonQt-based module interface - - diff --git a/app-benchmarks/interbench/Manifest b/app-benchmarks/interbench/Manifest deleted file mode 100644 index 7233add08..000000000 --- a/app-benchmarks/interbench/Manifest +++ /dev/null @@ -1 +0,0 @@ -DIST interbench-0.31.tar.gz 28332 SHA256 79e10536ebe6fb7879b8d622f7be06e4e261d664db3d1f0edd9e7be712ce1966 diff --git a/app-benchmarks/interbench/interbench-0.31.ebuild b/app-benchmarks/interbench/interbench-0.31.ebuild deleted file mode 100644 index 868b08b85..000000000 --- a/app-benchmarks/interbench/interbench-0.31.ebuild +++ /dev/null @@ -1,39 +0,0 @@ -# Copyright 1999-2006 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 - -inherit flag-o-matic - -DESCRIPTION="Con Kolivas' Benchmarking Suite -- Successor to Contest" -HOMEPAGE="http://members.optusnet.com.au/ckolivas/interbench/" -SRC_URI="mirror://kernel/linux/kernel/people/ck/apps/interbench/${PF}.tar.gz" - -LICENSE="GPL-2" -SLOT="0" -KEYWORDS="~x86 ~amd64" - -DEPEND="" -RDEPEND="" - -src_unpack() { - unpack ${A} - cd ${S} - sed -i -e 's/CFLAGS/#CFLAGS/' \ - -e 's/CC/#CC/' Makefile || die "Can't sed Makefile!" -} - -src_compile() { - make CC="$(tc-getCC)" CFLAGS="${CFLAGS}" || die "Make Error!" -} - -src_install() { - dobin interbench - dodoc readme* - doman interbench.8 -} - -pkg_postinst() { - einfo "${PN} has been installed to /usr/bin." - einfo "For best and consistent results, it is recommended to" - einfo "boot to init level 1 or use telinit 1." - einfo "See documentation or ${HOMEPAGE} for more info." -} diff --git a/app-pda/ideviceinstaller/Manifest b/app-pda/ideviceinstaller/Manifest deleted file mode 100644 index 35a97c6a8..000000000 --- a/app-pda/ideviceinstaller/Manifest +++ /dev/null @@ -1 +0,0 @@ -DIST ideviceinstaller-1.1.0.tar.bz2 272210 SHA256 0821b8d3ca6153d9bf82ceba2706f7bd0e3f07b90a138d79c2448e42362e2f53 SHA512 8bf5dc30b8fa2f0c171ec3705db8d8d143d2520b2875fc05d9d325bd4f1ffdf29230557e57f3e824654ab3bb71bbaf9019aa573d4b1cce29a9c75bf15024d623 WHIRLPOOL ae6b166c81f32cbce14f3fd9a54d21cce3a380fbe1219a7b4db02566d5605f894f760f5674df338dd239dec553234c9d25bd806f36309939fefd4641ab910d8d diff --git a/app-pda/ideviceinstaller/ideviceinstaller-1.1.0.ebuild b/app-pda/ideviceinstaller/ideviceinstaller-1.1.0.ebuild deleted file mode 100644 index effa48881..000000000 --- a/app-pda/ideviceinstaller/ideviceinstaller-1.1.0.ebuild +++ /dev/null @@ -1,25 +0,0 @@ -# Copyright 1999-2016 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 - -EAPI=5 - -DESCRIPTION="A tool to interact with the installation_proxy of an Apple's iDevice" -HOMEPAGE="http://www.libimobiledevice.org/" -SRC_URI="http://www.libimobiledevice.org/downloads/${P}.tar.bz2" - -LICENSE="GPL-2" -SLOT="0" -KEYWORDS="amd64 x86" -IUSE="" - -RDEPEND=">=app-pda/libimobiledevice-1.1.4:= - >=app-pda/libplist-1.8:= - >=dev-libs/libzip-0.8" -DEPEND="${RDEPEND} - virtual/pkgconfig" - -DOCS="AUTHORS NEWS README" - -src_prepare() { - sed -i -e 's:-Werror -g::' configure || die -} diff --git a/app-pda/ideviceinstaller/metadata.xml b/app-pda/ideviceinstaller/metadata.xml deleted file mode 100644 index 097975e3a..000000000 --- a/app-pda/ideviceinstaller/metadata.xml +++ /dev/null @@ -1,4 +0,0 @@ - - - - diff --git a/dev-cpp/ETL/ETL-0.04.17.ebuild b/dev-cpp/ETL/ETL-0.04.17.ebuild deleted file mode 100644 index 8702ce12e..000000000 --- a/dev-cpp/ETL/ETL-0.04.17.ebuild +++ /dev/null @@ -1,26 +0,0 @@ -# Copyright 1999-2013 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 - -EAPI=4 - -inherit autotools - -DESCRIPTION="ETL is a multi-platform class and template library" -HOMEPAGE="http://synfig.org" -SRC_URI="mirror://sourceforge/synfig/releases/0.64.1/source/${P}.tar.gz" - -LICENSE="GPL-2" -SLOT="0" -KEYWORDS="~amd64 ~x86" -IUSE="" - -DEPEND="" -RDEPEND="${DEPEND}" - -src_prepare() { - sed -i -e 's/CXXFLAGS="`echo $CXXFLAGS | sed s:-g::` $debug_flags"//' \ - -e 's/CFLAGS="`echo $CFLAGS | sed s:-g::` $debug_flags"//' \ - m4/subs.m4 - - eautoreconf -} diff --git a/dev-cpp/ETL/Manifest b/dev-cpp/ETL/Manifest deleted file mode 100644 index 454b903c7..000000000 --- a/dev-cpp/ETL/Manifest +++ /dev/null @@ -1 +0,0 @@ -DIST ETL-0.04.17.tar.gz 357667 SHA256 3e222c1ad8fd0e3b77b49281342cde0aab0208c8985ec65d72515ff6b88e778e SHA512 e2e79f2fb4b139fbbb78ffdeb43b5a59b083b3484fec071108b83e5d905376616c1a6364bb22eccf45ef8455af692329fecdd127e0354006f771cad18e2b77de WHIRLPOOL d789d3819d6777cc75e407484bb762c69811ce9291d084defeab2bd46471fa57978c88cbc592b99b99e3feff22ab970203042a09a8435b5ed4280df80154713f diff --git a/dev-libs/crossguid/Manifest b/dev-libs/crossguid/Manifest deleted file mode 100644 index 5e62e42dc..000000000 --- a/dev-libs/crossguid/Manifest +++ /dev/null @@ -1 +0,0 @@ -DIST crossguid-0_pre20150817.tar.gz 46569 SHA256 022c9f02cc36e865cd8fd0111a597ff2bd91988deeb348dbe2aba64aed1abd99 SHA512 823ca301f1d3b78a778649cd9169194d98dd33c65cadd5bfb9f86429e82049c99c17e09f093b92675981d2aac2aac25b60cbb157fad57a3e1bada826edd8ba0a WHIRLPOOL 16cb99af3d52a71c63bab1c266623dfd02a65e9d2a94851878358a822bd6a456fb41703c3268ea4393e0068589a7894c96a2ce1ee69135da947e206e2c43f8ce diff --git a/dev-libs/crossguid/crossguid-0_pre20150817.ebuild b/dev-libs/crossguid/crossguid-0_pre20150817.ebuild deleted file mode 100644 index 905ab2c29..000000000 --- a/dev-libs/crossguid/crossguid-0_pre20150817.ebuild +++ /dev/null @@ -1,48 +0,0 @@ -# Copyright 1999-2015 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 - -EAPI="5" - -inherit toolchain-funcs - -if [[ ${PV} == "9999" ]] ; then - EGIT_REPO_URI="git://github.com/graeme-hill/crossguid.git" - inherit git-r3 -else - EGIT_COMMIT="8f399e8bd4252be9952f3dfa8199924cc8487ca4" - SRC_URI="https://github.com/graeme-hill/crossguid/archive/${EGIT_COMMIT}.tar.gz -> ${P}.tar.gz" - S="${WORKDIR}/${PN}-${EGIT_COMMIT}" -fi - -DESCRIPTION="Lightweight cross platform C++ GUID/UUID library" -HOMEPAGE="https://github.com/graeme-hill/crossguid" - -LICENSE="MIT" -SLOT="0" -KEYWORDS="~amd64 ~x86 ~arm" -IUSE="" - -# We use libuuid from util-linux. -DEPEND="sys-apps/util-linux" -RDEPEND="${DEPEND}" - -RESTRICT="test" #575544 - -e() { echo "$@"; "$@"; } - -src_compile() { - e $(tc-getCXX) \ - ${CXXFLAGS} ${CPPFLAGS} ${LDFLAGS} \ - -std=c++11 \ - -c guid.cpp -o guid.o \ - -DGUID_LIBUUID \ - || die - - e $(tc-getAR) rs libcrossguid.a guid.o || die -} - -src_install() { - insinto /usr/include - doins guid.h - dolib.a libcrossguid.a -} diff --git a/dev-python/pymdown-extensions/Manifest b/dev-python/pymdown-extensions/Manifest deleted file mode 100644 index 845d8bd53..000000000 --- a/dev-python/pymdown-extensions/Manifest +++ /dev/null @@ -1,3 +0,0 @@ -DIST pymdown-extensions-6.1.0.tar.gz 556422 BLAKE2B cdfde606932eae938072d90319b21e2a21f798f7479011d80b041d8f5a6f32d6851dfb0ddfc1bec9af162e6710552d6da4629dd92fecf2c2d9c135c329627a9f SHA512 c972e3a0bfb97ac9d04275fa066091a118aa7d259dd2d9102af046aaac162b03ce6dfd0ba33ad18e0e57daf24941bfb2bc6e9445b6c6e83ce1ff0a54dd89abfd -DIST pymdown-extensions-6.2.0.tar.gz 544158 BLAKE2B b9df2050348089b5959fc0be0b1e0f90729559c595e72aa211bf65a08948c4794b8d78d22eb4a1240ded81fa6db78e811aab8142eb5cba5a0f6981d98336de8c SHA512 b3ff1359e49372d95d5d515fad86bae19229bc957261c51ac34659a046db28599aad15f98f92758f50212cef3a68dbdad744a2791b24e49eb0cb92b5de772313 -DIST pymdown-extensions-6.2.1.tar.gz 550663 BLAKE2B b64240c4c996c3bcfd185dcf0eed4dd065af4c860308e5262ba0fb1b9958f1ae6e7390662729facf0c5da9d26218e237be8401feb21cacd903093beebd1e46fa SHA512 2e8df596cad063b0a5447174ec603d7a49bc8d7ed3ea20c178f2c7f9ae7cadddbf9f7f62af6b58524bf81270a4015e6342ae933266b5fef5bd0388b20d573873 diff --git a/dev-python/pymdown-extensions/metadata.xml b/dev-python/pymdown-extensions/metadata.xml deleted file mode 100644 index 9f9a251df..000000000 --- a/dev-python/pymdown-extensions/metadata.xml +++ /dev/null @@ -1,8 +0,0 @@ - - - - - geaaru@sabayonlinux.org - Daniele Rondina - - diff --git a/dev-python/pymdown-extensions/pymdown-extensions-6.1.0.ebuild b/dev-python/pymdown-extensions/pymdown-extensions-6.1.0.ebuild deleted file mode 100644 index 3833521d6..000000000 --- a/dev-python/pymdown-extensions/pymdown-extensions-6.1.0.ebuild +++ /dev/null @@ -1,28 +0,0 @@ -# Copyright 1999-2019 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -EAPI=7 - -PYTHON_COMPAT=( python2_7 python{3_6,3_7} ) -inherit distutils-r1 - -DESCRIPTION="Extensions for Python Markdown." -HOMEPAGE="https://github.com/facelessuser/pymdown-extensions" -SRC_URI="https://github.com/facelessuser/${PN}/archive/${PV}.tar.gz -> ${P}.tar.gz" - -LICENSE="MIT" -SLOT="0" -KEYWORDS="~amd64 ~x86" -IUSE="" - -RDEPEND=">=dev-python/mkdocs-1.0.1[${PYTHON_USEDEP}]" -DEPEND="${RDEPEND} - dev-python/setuptools[${PYTHON_USEDEP}]" - -src_prepare() { - # remove tests directory - rm -rf ${S}/tests || die - sed -i -e "s:, 'tests'::g" ${S}/setup.py - - distutils-r1_src_prepare -} diff --git a/dev-python/pymdown-extensions/pymdown-extensions-6.2.0.ebuild b/dev-python/pymdown-extensions/pymdown-extensions-6.2.0.ebuild deleted file mode 100644 index 3833521d6..000000000 --- a/dev-python/pymdown-extensions/pymdown-extensions-6.2.0.ebuild +++ /dev/null @@ -1,28 +0,0 @@ -# Copyright 1999-2019 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -EAPI=7 - -PYTHON_COMPAT=( python2_7 python{3_6,3_7} ) -inherit distutils-r1 - -DESCRIPTION="Extensions for Python Markdown." -HOMEPAGE="https://github.com/facelessuser/pymdown-extensions" -SRC_URI="https://github.com/facelessuser/${PN}/archive/${PV}.tar.gz -> ${P}.tar.gz" - -LICENSE="MIT" -SLOT="0" -KEYWORDS="~amd64 ~x86" -IUSE="" - -RDEPEND=">=dev-python/mkdocs-1.0.1[${PYTHON_USEDEP}]" -DEPEND="${RDEPEND} - dev-python/setuptools[${PYTHON_USEDEP}]" - -src_prepare() { - # remove tests directory - rm -rf ${S}/tests || die - sed -i -e "s:, 'tests'::g" ${S}/setup.py - - distutils-r1_src_prepare -} diff --git a/dev-python/pymdown-extensions/pymdown-extensions-6.2.1.ebuild b/dev-python/pymdown-extensions/pymdown-extensions-6.2.1.ebuild deleted file mode 100644 index 3833521d6..000000000 --- a/dev-python/pymdown-extensions/pymdown-extensions-6.2.1.ebuild +++ /dev/null @@ -1,28 +0,0 @@ -# Copyright 1999-2019 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -EAPI=7 - -PYTHON_COMPAT=( python2_7 python{3_6,3_7} ) -inherit distutils-r1 - -DESCRIPTION="Extensions for Python Markdown." -HOMEPAGE="https://github.com/facelessuser/pymdown-extensions" -SRC_URI="https://github.com/facelessuser/${PN}/archive/${PV}.tar.gz -> ${P}.tar.gz" - -LICENSE="MIT" -SLOT="0" -KEYWORDS="~amd64 ~x86" -IUSE="" - -RDEPEND=">=dev-python/mkdocs-1.0.1[${PYTHON_USEDEP}]" -DEPEND="${RDEPEND} - dev-python/setuptools[${PYTHON_USEDEP}]" - -src_prepare() { - # remove tests directory - rm -rf ${S}/tests || die - sed -i -e "s:, 'tests'::g" ${S}/setup.py - - distutils-r1_src_prepare -} diff --git a/games-misc/cowsay/Manifest b/games-misc/cowsay/Manifest deleted file mode 100644 index d9324add2..000000000 --- a/games-misc/cowsay/Manifest +++ /dev/null @@ -1 +0,0 @@ -DIST cowsay-3.03.tar.gz 15189 SHA256 0b8672a7ac2b51183780db72618b42af8ec1ce02f6c05fe612510b650540b2af SHA512 8e91d0c929c2e0743106c08643029a943d0684343ff44ad8ff172636a8f47fd25ee8bc4d108ccfe308c756d2871b956cceef0c406800615ed0dc1e1e24648219 WHIRLPOOL 08b1f7818c073390dd4061e955888d5344b8d091b1a7ec12eeeb9d584b084e3a3e630fa03a6da3c80721f59e5d8ba10cffc677b892304fc900136fed110e7e87 diff --git a/games-misc/cowsay/cowsay-3.03-r2.ebuild b/games-misc/cowsay/cowsay-3.03-r2.ebuild deleted file mode 100644 index f3391314e..000000000 --- a/games-misc/cowsay/cowsay-3.03-r2.ebuild +++ /dev/null @@ -1,41 +0,0 @@ -# Copyright 1999-2015 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 - -EAPI=5 -inherit eutils - -DESCRIPTION="configurable talking ASCII cow (and other characters)" -HOMEPAGE="http://www.nog.net/~tony/warez/cowsay.shtml" -SRC_URI="http://www.nog.net/~tony/warez/${P}.tar.gz" - -LICENSE="GPL-2" -SLOT="0" -KEYWORDS="alpha amd64 ~arm hppa ~ia64 ~mips ppc ppc64 sparc x86 ~x86-fbsd ~x64-solaris" -IUSE="" - -RDEPEND=">=dev-lang/perl-5" - -src_prepare() { - sed -i \ - -e "1 c\#!${EPREFIX}/usr/bin/perl"\ - -e 's/\$version/\$VERSION/g'\ - -e "s:%PREFIX%/share/cows:${EPREFIX}/usr/share/${P}/cows:" \ - -e '/getopts/ i\$Getopt::Std::STANDARD_HELP_VERSION=1;' cowsay \ - || die "sed cowsay failed" - sed -i \ - -e "s|%PREFIX%/share/cows|${EPREFIX}/usr/share/${P}/cows|" cowsay.1 \ - || die "sed cowsay.1 failed" - epatch \ - "${FILESDIR}/${P}"-tongue.patch \ - "${FILESDIR}/${P}"-mech.patch \ - "${FILESDIR}/${P}"-utf8.patch -} - -src_install() { - dobin cowsay - doman cowsay.1 - dosym cowsay /usr/bin/cowthink - dosym cowsay.1 /usr/share/man/man1/cowthink.1 - dodir /usr/share/${P}/cows - cp -r cows "${ED}"/usr/share/${P}/ || die "cp failed" -} diff --git a/games-misc/cowsay/files/cowsay-3.03-mech.patch b/games-misc/cowsay/files/cowsay-3.03-mech.patch deleted file mode 100644 index 10478ed66..000000000 --- a/games-misc/cowsay/files/cowsay-3.03-mech.patch +++ /dev/null @@ -1,18 +0,0 @@ ---- cows/mech-and-cow 2009-06-21 03:09:36.000000000 +0300 -+++ cows/mech-and-cow.cow 2010-08-22 01:04:02.670000262 +0300 -@@ -1,3 +1,5 @@ -+$the_cow = <= 1.0.0, major,minor,status must match and library - * fix version must be equal to or newer than the header. - */ -- mask = 0xfff0000fL; /* major,minor,status */ -+ mask = 0xfff00000L; /* major,minor,status */ - hfix = (headerver & 0x000ff000) >> 12; - lfix = (libver & 0x000ff000) >> 12; - if ( (headerver & mask) == (libver & mask) && lfix >= hfix) diff --git a/net-misc/openssh/files/openssh-7.5_p1-GSSAPI-dns.patch b/net-misc/openssh/files/openssh-7.5_p1-GSSAPI-dns.patch deleted file mode 100644 index 6b1e6dd35..000000000 --- a/net-misc/openssh/files/openssh-7.5_p1-GSSAPI-dns.patch +++ /dev/null @@ -1,351 +0,0 @@ -http://bugs.gentoo.org/165444 -https://bugzilla.mindrot.org/show_bug.cgi?id=1008 - ---- a/readconf.c -+++ b/readconf.c -@@ -148,6 +148,7 @@ - oClearAllForwardings, oNoHostAuthenticationForLocalhost, - oEnableSSHKeysign, oRekeyLimit, oVerifyHostKeyDNS, oConnectTimeout, - oAddressFamily, oGssAuthentication, oGssDelegateCreds, -+ oGssTrustDns, - oServerAliveInterval, oServerAliveCountMax, oIdentitiesOnly, - oSendEnv, oControlPath, oControlMaster, oControlPersist, - oHashKnownHosts, -@@ -194,9 +195,11 @@ - #if defined(GSSAPI) - { "gssapiauthentication", oGssAuthentication }, - { "gssapidelegatecredentials", oGssDelegateCreds }, -+ { "gssapitrustdns", oGssTrustDns }, - # else - { "gssapiauthentication", oUnsupported }, - { "gssapidelegatecredentials", oUnsupported }, -+ { "gssapitrustdns", oUnsupported }, - #endif - #ifdef ENABLE_PKCS11 - { "smartcarddevice", oPKCS11Provider }, -@@ -930,6 +933,10 @@ - intptr = &options->gss_deleg_creds; - goto parse_flag; - -+ case oGssTrustDns: -+ intptr = &options->gss_trust_dns; -+ goto parse_flag; -+ - case oBatchMode: - intptr = &options->batch_mode; - goto parse_flag; -@@ -1649,6 +1656,7 @@ - options->challenge_response_authentication = -1; - options->gss_authentication = -1; - options->gss_deleg_creds = -1; -+ options->gss_trust_dns = -1; - options->password_authentication = -1; - options->kbd_interactive_authentication = -1; - options->kbd_interactive_devices = NULL; -@@ -1779,6 +1787,8 @@ - options->gss_authentication = 0; - if (options->gss_deleg_creds == -1) - options->gss_deleg_creds = 0; -+ if (options->gss_trust_dns == -1) -+ options->gss_trust_dns = 0; - if (options->password_authentication == -1) - options->password_authentication = 1; - if (options->kbd_interactive_authentication == -1) ---- a/readconf.h -+++ b/readconf.h -@@ -46,6 +46,7 @@ - /* Try S/Key or TIS, authentication. */ - int gss_authentication; /* Try GSS authentication */ - int gss_deleg_creds; /* Delegate GSS credentials */ -+ int gss_trust_dns; /* Trust DNS for GSS canonicalization */ - int password_authentication; /* Try password - * authentication. */ - int kbd_interactive_authentication; /* Try keyboard-interactive auth. */ ---- a/ssh_config.5 -+++ b/ssh_config.5 -@@ -830,6 +830,16 @@ - Forward (delegate) credentials to the server. - The default is - .Cm no . -+Note that this option applies to protocol version 2 connections using GSSAPI. -+.It Cm GSSAPITrustDns -+Set to -+.Dq yes to indicate that the DNS is trusted to securely canonicalize -+the name of the host being connected to. If -+.Dq no, the hostname entered on the -+command line will be passed untouched to the GSSAPI library. -+The default is -+.Dq no . -+This option only applies to protocol version 2 connections using GSSAPI. - .It Cm HashKnownHosts - Indicates that - .Xr ssh 1 ---- a/sshconnect2.c -+++ b/sshconnect2.c -@@ -656,6 +656,13 @@ - static u_int mech = 0; - OM_uint32 min; - int ok = 0; -+ const char *gss_host; -+ -+ if (options.gss_trust_dns) { -+ extern const char *auth_get_canonical_hostname(struct ssh *ssh, int use_dns); -+ gss_host = auth_get_canonical_hostname(active_state, 1); -+ } else -+ gss_host = authctxt->host; - - /* Try one GSSAPI method at a time, rather than sending them all at - * once. */ -@@ -668,7 +674,7 @@ - /* My DER encoding requires length<128 */ - if (gss_supported->elements[mech].length < 128 && - ssh_gssapi_check_mechanism(&gssctxt, -- &gss_supported->elements[mech], authctxt->host)) { -+ &gss_supported->elements[mech], gss_host)) { - ok = 1; /* Mechanism works */ - } else { - mech++; - -need to move these two funcs back to canohost so they're available to clients -and the server. auth.c is only used in the server. - ---- a/auth.c -+++ b/auth.c -@@ -784,117 +784,3 @@ fakepw(void) - - return (&fake); - } -- --/* -- * Returns the remote DNS hostname as a string. The returned string must not -- * be freed. NB. this will usually trigger a DNS query the first time it is -- * called. -- * This function does additional checks on the hostname to mitigate some -- * attacks on legacy rhosts-style authentication. -- * XXX is RhostsRSAAuthentication vulnerable to these? -- * XXX Can we remove these checks? (or if not, remove RhostsRSAAuthentication?) -- */ -- --static char * --remote_hostname(struct ssh *ssh) --{ -- struct sockaddr_storage from; -- socklen_t fromlen; -- struct addrinfo hints, *ai, *aitop; -- char name[NI_MAXHOST], ntop2[NI_MAXHOST]; -- const char *ntop = ssh_remote_ipaddr(ssh); -- -- /* Get IP address of client. */ -- fromlen = sizeof(from); -- memset(&from, 0, sizeof(from)); -- if (getpeername(ssh_packet_get_connection_in(ssh), -- (struct sockaddr *)&from, &fromlen) < 0) { -- debug("getpeername failed: %.100s", strerror(errno)); -- return strdup(ntop); -- } -- -- ipv64_normalise_mapped(&from, &fromlen); -- if (from.ss_family == AF_INET6) -- fromlen = sizeof(struct sockaddr_in6); -- -- debug3("Trying to reverse map address %.100s.", ntop); -- /* Map the IP address to a host name. */ -- if (getnameinfo((struct sockaddr *)&from, fromlen, name, sizeof(name), -- NULL, 0, NI_NAMEREQD) != 0) { -- /* Host name not found. Use ip address. */ -- return strdup(ntop); -- } -- -- /* -- * if reverse lookup result looks like a numeric hostname, -- * someone is trying to trick us by PTR record like following: -- * 1.1.1.10.in-addr.arpa. IN PTR 2.3.4.5 -- */ -- memset(&hints, 0, sizeof(hints)); -- hints.ai_socktype = SOCK_DGRAM; /*dummy*/ -- hints.ai_flags = AI_NUMERICHOST; -- if (getaddrinfo(name, NULL, &hints, &ai) == 0) { -- logit("Nasty PTR record \"%s\" is set up for %s, ignoring", -- name, ntop); -- freeaddrinfo(ai); -- return strdup(ntop); -- } -- -- /* Names are stored in lowercase. */ -- lowercase(name); -- -- /* -- * Map it back to an IP address and check that the given -- * address actually is an address of this host. This is -- * necessary because anyone with access to a name server can -- * define arbitrary names for an IP address. Mapping from -- * name to IP address can be trusted better (but can still be -- * fooled if the intruder has access to the name server of -- * the domain). -- */ -- memset(&hints, 0, sizeof(hints)); -- hints.ai_family = from.ss_family; -- hints.ai_socktype = SOCK_STREAM; -- if (getaddrinfo(name, NULL, &hints, &aitop) != 0) { -- logit("reverse mapping checking getaddrinfo for %.700s " -- "[%s] failed.", name, ntop); -- return strdup(ntop); -- } -- /* Look for the address from the list of addresses. */ -- for (ai = aitop; ai; ai = ai->ai_next) { -- if (getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop2, -- sizeof(ntop2), NULL, 0, NI_NUMERICHOST) == 0 && -- (strcmp(ntop, ntop2) == 0)) -- break; -- } -- freeaddrinfo(aitop); -- /* If we reached the end of the list, the address was not there. */ -- if (ai == NULL) { -- /* Address not found for the host name. */ -- logit("Address %.100s maps to %.600s, but this does not " -- "map back to the address.", ntop, name); -- return strdup(ntop); -- } -- return strdup(name); --} -- --/* -- * Return the canonical name of the host in the other side of the current -- * connection. The host name is cached, so it is efficient to call this -- * several times. -- */ -- --const char * --auth_get_canonical_hostname(struct ssh *ssh, int use_dns) --{ -- static char *dnsname; -- -- if (!use_dns) -- return ssh_remote_ipaddr(ssh); -- else if (dnsname != NULL) -- return dnsname; -- else { -- dnsname = remote_hostname(ssh); -- return dnsname; -- } --} ---- a/canohost.c -+++ b/canohost.c -@@ -202,3 +202,117 @@ get_local_port(int sock) - { - return get_sock_port(sock, 1); - } -+ -+/* -+ * Returns the remote DNS hostname as a string. The returned string must not -+ * be freed. NB. this will usually trigger a DNS query the first time it is -+ * called. -+ * This function does additional checks on the hostname to mitigate some -+ * attacks on legacy rhosts-style authentication. -+ * XXX is RhostsRSAAuthentication vulnerable to these? -+ * XXX Can we remove these checks? (or if not, remove RhostsRSAAuthentication?) -+ */ -+ -+static char * -+remote_hostname(struct ssh *ssh) -+{ -+ struct sockaddr_storage from; -+ socklen_t fromlen; -+ struct addrinfo hints, *ai, *aitop; -+ char name[NI_MAXHOST], ntop2[NI_MAXHOST]; -+ const char *ntop = ssh_remote_ipaddr(ssh); -+ -+ /* Get IP address of client. */ -+ fromlen = sizeof(from); -+ memset(&from, 0, sizeof(from)); -+ if (getpeername(ssh_packet_get_connection_in(ssh), -+ (struct sockaddr *)&from, &fromlen) < 0) { -+ debug("getpeername failed: %.100s", strerror(errno)); -+ return strdup(ntop); -+ } -+ -+ ipv64_normalise_mapped(&from, &fromlen); -+ if (from.ss_family == AF_INET6) -+ fromlen = sizeof(struct sockaddr_in6); -+ -+ debug3("Trying to reverse map address %.100s.", ntop); -+ /* Map the IP address to a host name. */ -+ if (getnameinfo((struct sockaddr *)&from, fromlen, name, sizeof(name), -+ NULL, 0, NI_NAMEREQD) != 0) { -+ /* Host name not found. Use ip address. */ -+ return strdup(ntop); -+ } -+ -+ /* -+ * if reverse lookup result looks like a numeric hostname, -+ * someone is trying to trick us by PTR record like following: -+ * 1.1.1.10.in-addr.arpa. IN PTR 2.3.4.5 -+ */ -+ memset(&hints, 0, sizeof(hints)); -+ hints.ai_socktype = SOCK_DGRAM; /*dummy*/ -+ hints.ai_flags = AI_NUMERICHOST; -+ if (getaddrinfo(name, NULL, &hints, &ai) == 0) { -+ logit("Nasty PTR record \"%s\" is set up for %s, ignoring", -+ name, ntop); -+ freeaddrinfo(ai); -+ return strdup(ntop); -+ } -+ -+ /* Names are stored in lowercase. */ -+ lowercase(name); -+ -+ /* -+ * Map it back to an IP address and check that the given -+ * address actually is an address of this host. This is -+ * necessary because anyone with access to a name server can -+ * define arbitrary names for an IP address. Mapping from -+ * name to IP address can be trusted better (but can still be -+ * fooled if the intruder has access to the name server of -+ * the domain). -+ */ -+ memset(&hints, 0, sizeof(hints)); -+ hints.ai_family = from.ss_family; -+ hints.ai_socktype = SOCK_STREAM; -+ if (getaddrinfo(name, NULL, &hints, &aitop) != 0) { -+ logit("reverse mapping checking getaddrinfo for %.700s " -+ "[%s] failed.", name, ntop); -+ return strdup(ntop); -+ } -+ /* Look for the address from the list of addresses. */ -+ for (ai = aitop; ai; ai = ai->ai_next) { -+ if (getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop2, -+ sizeof(ntop2), NULL, 0, NI_NUMERICHOST) == 0 && -+ (strcmp(ntop, ntop2) == 0)) -+ break; -+ } -+ freeaddrinfo(aitop); -+ /* If we reached the end of the list, the address was not there. */ -+ if (ai == NULL) { -+ /* Address not found for the host name. */ -+ logit("Address %.100s maps to %.600s, but this does not " -+ "map back to the address.", ntop, name); -+ return strdup(ntop); -+ } -+ return strdup(name); -+} -+ -+/* -+ * Return the canonical name of the host in the other side of the current -+ * connection. The host name is cached, so it is efficient to call this -+ * several times. -+ */ -+ -+const char * -+auth_get_canonical_hostname(struct ssh *ssh, int use_dns) -+{ -+ static char *dnsname; -+ -+ if (!use_dns) -+ return ssh_remote_ipaddr(ssh); -+ else if (dnsname != NULL) -+ return dnsname; -+ else { -+ dnsname = remote_hostname(ssh); -+ return dnsname; -+ } -+} diff --git a/net-misc/openssh/files/openssh-7.5_p1-disable-conch-interop-tests.patch b/net-misc/openssh/files/openssh-7.5_p1-disable-conch-interop-tests.patch deleted file mode 100644 index a5647ce9d..000000000 --- a/net-misc/openssh/files/openssh-7.5_p1-disable-conch-interop-tests.patch +++ /dev/null @@ -1,20 +0,0 @@ -Disable conch interop tests which are failing when called -via portage for yet unknown reason and because using conch -seems to be flaky (test is failing when using Python2 but -passing when using Python3). - -Bug: https://bugs.gentoo.org/605446 - ---- a/regress/conch-ciphers.sh -+++ b/regress/conch-ciphers.sh -@@ -3,6 +3,10 @@ - - tid="conch ciphers" - -+# https://bugs.gentoo.org/605446 -+echo "conch interop tests skipped due to Gentoo bug #605446" -+exit 0 -+ - if test "x$REGRESS_INTEROP_CONCH" != "xyes" ; then - echo "conch interop tests not enabled" - exit 0 diff --git a/net-misc/openssh/files/openssh-7.5_p1-hpn-x509-10.2-glue.patch b/net-misc/openssh/files/openssh-7.5_p1-hpn-x509-10.2-glue.patch deleted file mode 100644 index 11a5b364b..000000000 --- a/net-misc/openssh/files/openssh-7.5_p1-hpn-x509-10.2-glue.patch +++ /dev/null @@ -1,67 +0,0 @@ -diff -ur a/0003-Add-support-for-the-multi-threaded-AES-CTR-cipher.patch b/0003-Add-support-for-the-multi-threaded-AES-CTR-cipher.patch ---- a/0003-Add-support-for-the-multi-threaded-AES-CTR-cipher.patch 2017-03-27 13:31:01.816551100 -0700 -+++ b/0003-Add-support-for-the-multi-threaded-AES-CTR-cipher.patch 2017-03-27 13:51:03.894805846 -0700 -@@ -40,7 +40,7 @@ - @@ -44,7 +44,7 @@ CC=@CC@ - LD=@LD@ - CFLAGS=@CFLAGS@ -- CPPFLAGS=-I. -I$(srcdir) @CPPFLAGS@ $(PATHS) @DEFS@ -+ CPPFLAGS=-I. -I$(srcdir) @CPPFLAGS@ @LDAP_CPPFLAGS@ $(PATHS) @DEFS@ - -LIBS=@LIBS@ - +LIBS=@LIBS@ -lpthread - K5LIBS=@K5LIBS@ -@@ -1023,6 +1023,3 @@ - do_authenticated(authctxt); - - /* The connection has been terminated. */ ---- --2.12.0 -- -diff -ur a/0004-support-dynamically-sized-receive-buffers.patch b/0004-support-dynamically-sized-receive-buffers.patch ---- a/0004-support-dynamically-sized-receive-buffers.patch 2017-03-27 13:31:01.816551100 -0700 -+++ b/0004-support-dynamically-sized-receive-buffers.patch 2017-03-27 13:49:44.513498976 -0700 -@@ -926,9 +926,9 @@ - @@ -526,10 +553,10 @@ send_client_banner(int connection_out, int minor1) - /* Send our own protocol version identification. */ - if (compat20) { -- xasprintf(&client_version_string, "SSH-%d.%d-%.100s\r\n", --- PROTOCOL_MAJOR_2, PROTOCOL_MINOR_2, SSH_VERSION); --+ PROTOCOL_MAJOR_2, PROTOCOL_MINOR_2, SSH_RELEASE); -+ xasprintf(&client_version_string, "SSH-%d.%d-%.100s PKIX[%s]\r\n", -+- PROTOCOL_MAJOR_2, PROTOCOL_MINOR_2, SSH_VERSION, PACKAGE_VERSION); -++ PROTOCOL_MAJOR_2, PROTOCOL_MINOR_2, SSH_RELEASE, PACKAGE_VERSION); - } else { - xasprintf(&client_version_string, "SSH-%d.%d-%.100s\n", - - PROTOCOL_MAJOR_1, minor1, SSH_VERSION); -@@ -943,11 +943,11 @@ - @@ -367,7 +367,7 @@ sshd_exchange_identification(struct ssh *ssh, int sock_in, int sock_out) - char remote_version[256]; /* Must be at least as big as buf. */ - -- xasprintf(&server_version_string, "SSH-%d.%d-%.100s%s%s\r\n", --- PROTOCOL_MAJOR_2, PROTOCOL_MINOR_2, SSH_VERSION, --+ PROTOCOL_MAJOR_2, PROTOCOL_MINOR_2, SSH_RELEASE, -+ xasprintf(&server_version_string, "SSH-%d.%d-%s%s%s%s%s", -+- major, minor, SSH_VERSION, pkix_comment, -++ major, minor, SSH_RELEASE, pkix_comment, - *options.version_addendum == '\0' ? "" : " ", -- options.version_addendum); -+ options.version_addendum, newline); - - @@ -1020,6 +1020,8 @@ server_listen(void) - int ret, listen_sock, on = 1; -@@ -1006,12 +1008,9 @@ - --- a/version.h - +++ b/version.h --@@ -3,4 +3,5 @@ -+@@ -3,4 +3,6 @@ - #define SSH_VERSION "OpenSSH_7.5" - -- #define SSH_PORTABLE "p1" ---#define SSH_RELEASE SSH_VERSION SSH_PORTABLE -+-#define SSH_RELEASE PACKAGE_STRING ", " SSH_VERSION "p1" -++#define SSH_X509 ", PKIX-SSH " PACKAGE_VERSION - +#define SSH_HPN "-hpn14v12" - +#define SSH_RELEASE SSH_VERSION SSH_PORTABLE SSH_HPN ---- --2.12.0 -- diff --git a/net-misc/openssh/files/openssh-7.7_p1-GSSAPI-dns.patch b/net-misc/openssh/files/openssh-7.7_p1-GSSAPI-dns.patch deleted file mode 100644 index 2840652a9..000000000 --- a/net-misc/openssh/files/openssh-7.7_p1-GSSAPI-dns.patch +++ /dev/null @@ -1,351 +0,0 @@ -https://bugs.gentoo.org/165444 -https://bugzilla.mindrot.org/show_bug.cgi?id=1008 - ---- a/auth.c -+++ b/auth.c -@@ -728,120 +728,6 @@ fakepw(void) - return (&fake); - } - --/* -- * Returns the remote DNS hostname as a string. The returned string must not -- * be freed. NB. this will usually trigger a DNS query the first time it is -- * called. -- * This function does additional checks on the hostname to mitigate some -- * attacks on legacy rhosts-style authentication. -- * XXX is RhostsRSAAuthentication vulnerable to these? -- * XXX Can we remove these checks? (or if not, remove RhostsRSAAuthentication?) -- */ -- --static char * --remote_hostname(struct ssh *ssh) --{ -- struct sockaddr_storage from; -- socklen_t fromlen; -- struct addrinfo hints, *ai, *aitop; -- char name[NI_MAXHOST], ntop2[NI_MAXHOST]; -- const char *ntop = ssh_remote_ipaddr(ssh); -- -- /* Get IP address of client. */ -- fromlen = sizeof(from); -- memset(&from, 0, sizeof(from)); -- if (getpeername(ssh_packet_get_connection_in(ssh), -- (struct sockaddr *)&from, &fromlen) < 0) { -- debug("getpeername failed: %.100s", strerror(errno)); -- return strdup(ntop); -- } -- -- ipv64_normalise_mapped(&from, &fromlen); -- if (from.ss_family == AF_INET6) -- fromlen = sizeof(struct sockaddr_in6); -- -- debug3("Trying to reverse map address %.100s.", ntop); -- /* Map the IP address to a host name. */ -- if (getnameinfo((struct sockaddr *)&from, fromlen, name, sizeof(name), -- NULL, 0, NI_NAMEREQD) != 0) { -- /* Host name not found. Use ip address. */ -- return strdup(ntop); -- } -- -- /* -- * if reverse lookup result looks like a numeric hostname, -- * someone is trying to trick us by PTR record like following: -- * 1.1.1.10.in-addr.arpa. IN PTR 2.3.4.5 -- */ -- memset(&hints, 0, sizeof(hints)); -- hints.ai_socktype = SOCK_DGRAM; /*dummy*/ -- hints.ai_flags = AI_NUMERICHOST; -- if (getaddrinfo(name, NULL, &hints, &ai) == 0) { -- logit("Nasty PTR record \"%s\" is set up for %s, ignoring", -- name, ntop); -- freeaddrinfo(ai); -- return strdup(ntop); -- } -- -- /* Names are stored in lowercase. */ -- lowercase(name); -- -- /* -- * Map it back to an IP address and check that the given -- * address actually is an address of this host. This is -- * necessary because anyone with access to a name server can -- * define arbitrary names for an IP address. Mapping from -- * name to IP address can be trusted better (but can still be -- * fooled if the intruder has access to the name server of -- * the domain). -- */ -- memset(&hints, 0, sizeof(hints)); -- hints.ai_family = from.ss_family; -- hints.ai_socktype = SOCK_STREAM; -- if (getaddrinfo(name, NULL, &hints, &aitop) != 0) { -- logit("reverse mapping checking getaddrinfo for %.700s " -- "[%s] failed.", name, ntop); -- return strdup(ntop); -- } -- /* Look for the address from the list of addresses. */ -- for (ai = aitop; ai; ai = ai->ai_next) { -- if (getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop2, -- sizeof(ntop2), NULL, 0, NI_NUMERICHOST) == 0 && -- (strcmp(ntop, ntop2) == 0)) -- break; -- } -- freeaddrinfo(aitop); -- /* If we reached the end of the list, the address was not there. */ -- if (ai == NULL) { -- /* Address not found for the host name. */ -- logit("Address %.100s maps to %.600s, but this does not " -- "map back to the address.", ntop, name); -- return strdup(ntop); -- } -- return strdup(name); --} -- --/* -- * Return the canonical name of the host in the other side of the current -- * connection. The host name is cached, so it is efficient to call this -- * several times. -- */ -- --const char * --auth_get_canonical_hostname(struct ssh *ssh, int use_dns) --{ -- static char *dnsname; -- -- if (!use_dns) -- return ssh_remote_ipaddr(ssh); -- else if (dnsname != NULL) -- return dnsname; -- else { -- dnsname = remote_hostname(ssh); -- return dnsname; -- } --} -- - /* - * Runs command in a subprocess wuth a minimal environment. - * Returns pid on success, 0 on failure. ---- a/canohost.c -+++ b/canohost.c -@@ -202,3 +202,117 @@ get_local_port(int sock) - { - return get_sock_port(sock, 1); - } -+ -+/* -+ * Returns the remote DNS hostname as a string. The returned string must not -+ * be freed. NB. this will usually trigger a DNS query the first time it is -+ * called. -+ * This function does additional checks on the hostname to mitigate some -+ * attacks on legacy rhosts-style authentication. -+ * XXX is RhostsRSAAuthentication vulnerable to these? -+ * XXX Can we remove these checks? (or if not, remove RhostsRSAAuthentication?) -+ */ -+ -+static char * -+remote_hostname(struct ssh *ssh) -+{ -+ struct sockaddr_storage from; -+ socklen_t fromlen; -+ struct addrinfo hints, *ai, *aitop; -+ char name[NI_MAXHOST], ntop2[NI_MAXHOST]; -+ const char *ntop = ssh_remote_ipaddr(ssh); -+ -+ /* Get IP address of client. */ -+ fromlen = sizeof(from); -+ memset(&from, 0, sizeof(from)); -+ if (getpeername(ssh_packet_get_connection_in(ssh), -+ (struct sockaddr *)&from, &fromlen) < 0) { -+ debug("getpeername failed: %.100s", strerror(errno)); -+ return strdup(ntop); -+ } -+ -+ ipv64_normalise_mapped(&from, &fromlen); -+ if (from.ss_family == AF_INET6) -+ fromlen = sizeof(struct sockaddr_in6); -+ -+ debug3("Trying to reverse map address %.100s.", ntop); -+ /* Map the IP address to a host name. */ -+ if (getnameinfo((struct sockaddr *)&from, fromlen, name, sizeof(name), -+ NULL, 0, NI_NAMEREQD) != 0) { -+ /* Host name not found. Use ip address. */ -+ return strdup(ntop); -+ } -+ -+ /* -+ * if reverse lookup result looks like a numeric hostname, -+ * someone is trying to trick us by PTR record like following: -+ * 1.1.1.10.in-addr.arpa. IN PTR 2.3.4.5 -+ */ -+ memset(&hints, 0, sizeof(hints)); -+ hints.ai_socktype = SOCK_DGRAM; /*dummy*/ -+ hints.ai_flags = AI_NUMERICHOST; -+ if (getaddrinfo(name, NULL, &hints, &ai) == 0) { -+ logit("Nasty PTR record \"%s\" is set up for %s, ignoring", -+ name, ntop); -+ freeaddrinfo(ai); -+ return strdup(ntop); -+ } -+ -+ /* Names are stored in lowercase. */ -+ lowercase(name); -+ -+ /* -+ * Map it back to an IP address and check that the given -+ * address actually is an address of this host. This is -+ * necessary because anyone with access to a name server can -+ * define arbitrary names for an IP address. Mapping from -+ * name to IP address can be trusted better (but can still be -+ * fooled if the intruder has access to the name server of -+ * the domain). -+ */ -+ memset(&hints, 0, sizeof(hints)); -+ hints.ai_family = from.ss_family; -+ hints.ai_socktype = SOCK_STREAM; -+ if (getaddrinfo(name, NULL, &hints, &aitop) != 0) { -+ logit("reverse mapping checking getaddrinfo for %.700s " -+ "[%s] failed.", name, ntop); -+ return strdup(ntop); -+ } -+ /* Look for the address from the list of addresses. */ -+ for (ai = aitop; ai; ai = ai->ai_next) { -+ if (getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop2, -+ sizeof(ntop2), NULL, 0, NI_NUMERICHOST) == 0 && -+ (strcmp(ntop, ntop2) == 0)) -+ break; -+ } -+ freeaddrinfo(aitop); -+ /* If we reached the end of the list, the address was not there. */ -+ if (ai == NULL) { -+ /* Address not found for the host name. */ -+ logit("Address %.100s maps to %.600s, but this does not " -+ "map back to the address.", ntop, name); -+ return strdup(ntop); -+ } -+ return strdup(name); -+} -+ -+/* -+ * Return the canonical name of the host in the other side of the current -+ * connection. The host name is cached, so it is efficient to call this -+ * several times. -+ */ -+ -+const char * -+auth_get_canonical_hostname(struct ssh *ssh, int use_dns) -+{ -+ static char *dnsname; -+ -+ if (!use_dns) -+ return ssh_remote_ipaddr(ssh); -+ else if (dnsname != NULL) -+ return dnsname; -+ else { -+ dnsname = remote_hostname(ssh); -+ return dnsname; -+ } -+} ---- a/readconf.c -+++ b/readconf.c -@@ -160,6 +160,7 @@ typedef enum { - oClearAllForwardings, oNoHostAuthenticationForLocalhost, - oEnableSSHKeysign, oRekeyLimit, oVerifyHostKeyDNS, oConnectTimeout, - oAddressFamily, oGssAuthentication, oGssDelegateCreds, -+ oGssTrustDns, - oServerAliveInterval, oServerAliveCountMax, oIdentitiesOnly, - oSendEnv, oControlPath, oControlMaster, oControlPersist, - oHashKnownHosts, -@@ -200,9 +201,11 @@ static struct { - #if defined(GSSAPI) - { "gssapiauthentication", oGssAuthentication }, - { "gssapidelegatecredentials", oGssDelegateCreds }, -+ { "gssapitrustdns", oGssTrustDns }, - # else - { "gssapiauthentication", oUnsupported }, - { "gssapidelegatecredentials", oUnsupported }, -+ { "gssapitrustdns", oUnsupported }, - #endif - #ifdef ENABLE_PKCS11 - { "smartcarddevice", oPKCS11Provider }, -@@ -954,6 +957,10 @@ parse_time: - intptr = &options->gss_deleg_creds; - goto parse_flag; - -+ case oGssTrustDns: -+ intptr = &options->gss_trust_dns; -+ goto parse_flag; -+ - case oBatchMode: - intptr = &options->batch_mode; - goto parse_flag; -@@ -1766,6 +1773,7 @@ initialize_options(Options * options) - options->challenge_response_authentication = -1; - options->gss_authentication = -1; - options->gss_deleg_creds = -1; -+ options->gss_trust_dns = -1; - options->password_authentication = -1; - options->kbd_interactive_authentication = -1; - options->kbd_interactive_devices = NULL; -@@ -1908,6 +1916,8 @@ fill_default_options(Options * options) - options->gss_authentication = 0; - if (options->gss_deleg_creds == -1) - options->gss_deleg_creds = 0; -+ if (options->gss_trust_dns == -1) -+ options->gss_trust_dns = 0; - if (options->password_authentication == -1) - options->password_authentication = 1; - if (options->kbd_interactive_authentication == -1) ---- a/readconf.h -+++ b/readconf.h -@@ -43,6 +43,7 @@ typedef struct { - /* Try S/Key or TIS, authentication. */ - int gss_authentication; /* Try GSS authentication */ - int gss_deleg_creds; /* Delegate GSS credentials */ -+ int gss_trust_dns; /* Trust DNS for GSS canonicalization */ - int password_authentication; /* Try password - * authentication. */ - int kbd_interactive_authentication; /* Try keyboard-interactive auth. */ ---- a/ssh_config.5 -+++ b/ssh_config.5 -@@ -731,6 +731,16 @@ The default is - Forward (delegate) credentials to the server. - The default is - .Cm no . -+Note that this option applies to protocol version 2 connections using GSSAPI. -+.It Cm GSSAPITrustDns -+Set to -+.Dq yes to indicate that the DNS is trusted to securely canonicalize -+the name of the host being connected to. If -+.Dq no, the hostname entered on the -+command line will be passed untouched to the GSSAPI library. -+The default is -+.Dq no . -+This option only applies to protocol version 2 connections using GSSAPI. - .It Cm HashKnownHosts - Indicates that - .Xr ssh 1 ---- a/sshconnect2.c -+++ b/sshconnect2.c -@@ -643,6 +643,13 @@ userauth_gssapi(Authctxt *authctxt) - static u_int mech = 0; - OM_uint32 min; - int ok = 0; -+ const char *gss_host; -+ -+ if (options.gss_trust_dns) { -+ extern const char *auth_get_canonical_hostname(struct ssh *ssh, int use_dns); -+ gss_host = auth_get_canonical_hostname(active_state, 1); -+ } else -+ gss_host = authctxt->host; - - /* Try one GSSAPI method at a time, rather than sending them all at - * once. */ -@@ -655,7 +662,7 @@ userauth_gssapi(Authctxt *authctxt) - /* My DER encoding requires length<128 */ - if (gss_supported->elements[mech].length < 128 && - ssh_gssapi_check_mechanism(&gssctxt, -- &gss_supported->elements[mech], authctxt->host)) { -+ &gss_supported->elements[mech], gss_host)) { - ok = 1; /* Mechanism works */ - } else { - mech++; --- diff --git a/net-misc/openssh/files/openssh-7.8_p1-GSSAPI-dns.patch b/net-misc/openssh/files/openssh-7.8_p1-GSSAPI-dns.patch deleted file mode 100644 index 989dc6cee..000000000 --- a/net-misc/openssh/files/openssh-7.8_p1-GSSAPI-dns.patch +++ /dev/null @@ -1,359 +0,0 @@ -diff --git a/auth.c b/auth.c -index 9a3bc96f..fc2c3620 100644 ---- a/auth.c -+++ b/auth.c -@@ -733,120 +733,6 @@ fakepw(void) - return (&fake); - } - --/* -- * Returns the remote DNS hostname as a string. The returned string must not -- * be freed. NB. this will usually trigger a DNS query the first time it is -- * called. -- * This function does additional checks on the hostname to mitigate some -- * attacks on legacy rhosts-style authentication. -- * XXX is RhostsRSAAuthentication vulnerable to these? -- * XXX Can we remove these checks? (or if not, remove RhostsRSAAuthentication?) -- */ -- --static char * --remote_hostname(struct ssh *ssh) --{ -- struct sockaddr_storage from; -- socklen_t fromlen; -- struct addrinfo hints, *ai, *aitop; -- char name[NI_MAXHOST], ntop2[NI_MAXHOST]; -- const char *ntop = ssh_remote_ipaddr(ssh); -- -- /* Get IP address of client. */ -- fromlen = sizeof(from); -- memset(&from, 0, sizeof(from)); -- if (getpeername(ssh_packet_get_connection_in(ssh), -- (struct sockaddr *)&from, &fromlen) < 0) { -- debug("getpeername failed: %.100s", strerror(errno)); -- return strdup(ntop); -- } -- -- ipv64_normalise_mapped(&from, &fromlen); -- if (from.ss_family == AF_INET6) -- fromlen = sizeof(struct sockaddr_in6); -- -- debug3("Trying to reverse map address %.100s.", ntop); -- /* Map the IP address to a host name. */ -- if (getnameinfo((struct sockaddr *)&from, fromlen, name, sizeof(name), -- NULL, 0, NI_NAMEREQD) != 0) { -- /* Host name not found. Use ip address. */ -- return strdup(ntop); -- } -- -- /* -- * if reverse lookup result looks like a numeric hostname, -- * someone is trying to trick us by PTR record like following: -- * 1.1.1.10.in-addr.arpa. IN PTR 2.3.4.5 -- */ -- memset(&hints, 0, sizeof(hints)); -- hints.ai_socktype = SOCK_DGRAM; /*dummy*/ -- hints.ai_flags = AI_NUMERICHOST; -- if (getaddrinfo(name, NULL, &hints, &ai) == 0) { -- logit("Nasty PTR record \"%s\" is set up for %s, ignoring", -- name, ntop); -- freeaddrinfo(ai); -- return strdup(ntop); -- } -- -- /* Names are stored in lowercase. */ -- lowercase(name); -- -- /* -- * Map it back to an IP address and check that the given -- * address actually is an address of this host. This is -- * necessary because anyone with access to a name server can -- * define arbitrary names for an IP address. Mapping from -- * name to IP address can be trusted better (but can still be -- * fooled if the intruder has access to the name server of -- * the domain). -- */ -- memset(&hints, 0, sizeof(hints)); -- hints.ai_family = from.ss_family; -- hints.ai_socktype = SOCK_STREAM; -- if (getaddrinfo(name, NULL, &hints, &aitop) != 0) { -- logit("reverse mapping checking getaddrinfo for %.700s " -- "[%s] failed.", name, ntop); -- return strdup(ntop); -- } -- /* Look for the address from the list of addresses. */ -- for (ai = aitop; ai; ai = ai->ai_next) { -- if (getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop2, -- sizeof(ntop2), NULL, 0, NI_NUMERICHOST) == 0 && -- (strcmp(ntop, ntop2) == 0)) -- break; -- } -- freeaddrinfo(aitop); -- /* If we reached the end of the list, the address was not there. */ -- if (ai == NULL) { -- /* Address not found for the host name. */ -- logit("Address %.100s maps to %.600s, but this does not " -- "map back to the address.", ntop, name); -- return strdup(ntop); -- } -- return strdup(name); --} -- --/* -- * Return the canonical name of the host in the other side of the current -- * connection. The host name is cached, so it is efficient to call this -- * several times. -- */ -- --const char * --auth_get_canonical_hostname(struct ssh *ssh, int use_dns) --{ -- static char *dnsname; -- -- if (!use_dns) -- return ssh_remote_ipaddr(ssh); -- else if (dnsname != NULL) -- return dnsname; -- else { -- dnsname = remote_hostname(ssh); -- return dnsname; -- } --} -- - /* - * Runs command in a subprocess with a minimal environment. - * Returns pid on success, 0 on failure. -diff --git a/canohost.c b/canohost.c -index f71a0856..3e162d8c 100644 ---- a/canohost.c -+++ b/canohost.c -@@ -202,3 +202,117 @@ get_local_port(int sock) - { - return get_sock_port(sock, 1); - } -+ -+/* -+ * Returns the remote DNS hostname as a string. The returned string must not -+ * be freed. NB. this will usually trigger a DNS query the first time it is -+ * called. -+ * This function does additional checks on the hostname to mitigate some -+ * attacks on legacy rhosts-style authentication. -+ * XXX is RhostsRSAAuthentication vulnerable to these? -+ * XXX Can we remove these checks? (or if not, remove RhostsRSAAuthentication?) -+ */ -+ -+static char * -+remote_hostname(struct ssh *ssh) -+{ -+ struct sockaddr_storage from; -+ socklen_t fromlen; -+ struct addrinfo hints, *ai, *aitop; -+ char name[NI_MAXHOST], ntop2[NI_MAXHOST]; -+ const char *ntop = ssh_remote_ipaddr(ssh); -+ -+ /* Get IP address of client. */ -+ fromlen = sizeof(from); -+ memset(&from, 0, sizeof(from)); -+ if (getpeername(ssh_packet_get_connection_in(ssh), -+ (struct sockaddr *)&from, &fromlen) < 0) { -+ debug("getpeername failed: %.100s", strerror(errno)); -+ return strdup(ntop); -+ } -+ -+ ipv64_normalise_mapped(&from, &fromlen); -+ if (from.ss_family == AF_INET6) -+ fromlen = sizeof(struct sockaddr_in6); -+ -+ debug3("Trying to reverse map address %.100s.", ntop); -+ /* Map the IP address to a host name. */ -+ if (getnameinfo((struct sockaddr *)&from, fromlen, name, sizeof(name), -+ NULL, 0, NI_NAMEREQD) != 0) { -+ /* Host name not found. Use ip address. */ -+ return strdup(ntop); -+ } -+ -+ /* -+ * if reverse lookup result looks like a numeric hostname, -+ * someone is trying to trick us by PTR record like following: -+ * 1.1.1.10.in-addr.arpa. IN PTR 2.3.4.5 -+ */ -+ memset(&hints, 0, sizeof(hints)); -+ hints.ai_socktype = SOCK_DGRAM; /*dummy*/ -+ hints.ai_flags = AI_NUMERICHOST; -+ if (getaddrinfo(name, NULL, &hints, &ai) == 0) { -+ logit("Nasty PTR record \"%s\" is set up for %s, ignoring", -+ name, ntop); -+ freeaddrinfo(ai); -+ return strdup(ntop); -+ } -+ -+ /* Names are stored in lowercase. */ -+ lowercase(name); -+ -+ /* -+ * Map it back to an IP address and check that the given -+ * address actually is an address of this host. This is -+ * necessary because anyone with access to a name server can -+ * define arbitrary names for an IP address. Mapping from -+ * name to IP address can be trusted better (but can still be -+ * fooled if the intruder has access to the name server of -+ * the domain). -+ */ -+ memset(&hints, 0, sizeof(hints)); -+ hints.ai_family = from.ss_family; -+ hints.ai_socktype = SOCK_STREAM; -+ if (getaddrinfo(name, NULL, &hints, &aitop) != 0) { -+ logit("reverse mapping checking getaddrinfo for %.700s " -+ "[%s] failed.", name, ntop); -+ return strdup(ntop); -+ } -+ /* Look for the address from the list of addresses. */ -+ for (ai = aitop; ai; ai = ai->ai_next) { -+ if (getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop2, -+ sizeof(ntop2), NULL, 0, NI_NUMERICHOST) == 0 && -+ (strcmp(ntop, ntop2) == 0)) -+ break; -+ } -+ freeaddrinfo(aitop); -+ /* If we reached the end of the list, the address was not there. */ -+ if (ai == NULL) { -+ /* Address not found for the host name. */ -+ logit("Address %.100s maps to %.600s, but this does not " -+ "map back to the address.", ntop, name); -+ return strdup(ntop); -+ } -+ return strdup(name); -+} -+ -+/* -+ * Return the canonical name of the host in the other side of the current -+ * connection. The host name is cached, so it is efficient to call this -+ * several times. -+ */ -+ -+const char * -+auth_get_canonical_hostname(struct ssh *ssh, int use_dns) -+{ -+ static char *dnsname; -+ -+ if (!use_dns) -+ return ssh_remote_ipaddr(ssh); -+ else if (dnsname != NULL) -+ return dnsname; -+ else { -+ dnsname = remote_hostname(ssh); -+ return dnsname; -+ } -+} -diff --git a/readconf.c b/readconf.c -index db5f2d54..67feffa5 100644 ---- a/readconf.c -+++ b/readconf.c -@@ -161,6 +161,7 @@ typedef enum { - oClearAllForwardings, oNoHostAuthenticationForLocalhost, - oEnableSSHKeysign, oRekeyLimit, oVerifyHostKeyDNS, oConnectTimeout, - oAddressFamily, oGssAuthentication, oGssDelegateCreds, -+ oGssTrustDns, - oServerAliveInterval, oServerAliveCountMax, oIdentitiesOnly, - oSendEnv, oSetEnv, oControlPath, oControlMaster, oControlPersist, - oHashKnownHosts, -@@ -202,9 +203,11 @@ static struct { - #if defined(GSSAPI) - { "gssapiauthentication", oGssAuthentication }, - { "gssapidelegatecredentials", oGssDelegateCreds }, -+ { "gssapitrustdns", oGssTrustDns }, - # else - { "gssapiauthentication", oUnsupported }, - { "gssapidelegatecredentials", oUnsupported }, -+ { "gssapitrustdns", oUnsupported }, - #endif - #ifdef ENABLE_PKCS11 - { "smartcarddevice", oPKCS11Provider }, -@@ -977,6 +980,10 @@ parse_time: - intptr = &options->gss_deleg_creds; - goto parse_flag; - -+ case oGssTrustDns: -+ intptr = &options->gss_trust_dns; -+ goto parse_flag; -+ - case oBatchMode: - intptr = &options->batch_mode; - goto parse_flag; -@@ -1818,6 +1825,7 @@ initialize_options(Options * options) - options->challenge_response_authentication = -1; - options->gss_authentication = -1; - options->gss_deleg_creds = -1; -+ options->gss_trust_dns = -1; - options->password_authentication = -1; - options->kbd_interactive_authentication = -1; - options->kbd_interactive_devices = NULL; -@@ -1964,6 +1972,8 @@ fill_default_options(Options * options) - options->gss_authentication = 0; - if (options->gss_deleg_creds == -1) - options->gss_deleg_creds = 0; -+ if (options->gss_trust_dns == -1) -+ options->gss_trust_dns = 0; - if (options->password_authentication == -1) - options->password_authentication = 1; - if (options->kbd_interactive_authentication == -1) -diff --git a/readconf.h b/readconf.h -index c5688781..af809cc8 100644 ---- a/readconf.h -+++ b/readconf.h -@@ -41,6 +41,7 @@ typedef struct { - /* Try S/Key or TIS, authentication. */ - int gss_authentication; /* Try GSS authentication */ - int gss_deleg_creds; /* Delegate GSS credentials */ -+ int gss_trust_dns; /* Trust DNS for GSS canonicalization */ - int password_authentication; /* Try password - * authentication. */ - int kbd_interactive_authentication; /* Try keyboard-interactive auth. */ -diff --git a/ssh_config.5 b/ssh_config.5 -index f499396a..be758544 100644 ---- a/ssh_config.5 -+++ b/ssh_config.5 -@@ -722,6 +722,16 @@ The default is - Forward (delegate) credentials to the server. - The default is - .Cm no . -+Note that this option applies to protocol version 2 connections using GSSAPI. -+.It Cm GSSAPITrustDns -+Set to -+.Dq yes to indicate that the DNS is trusted to securely canonicalize -+the name of the host being connected to. If -+.Dq no, the hostname entered on the -+command line will be passed untouched to the GSSAPI library. -+The default is -+.Dq no . -+This option only applies to protocol version 2 connections using GSSAPI. - .It Cm HashKnownHosts - Indicates that - .Xr ssh 1 -diff --git a/sshconnect2.c b/sshconnect2.c -index 10e4f0a0..4f7d49e3 100644 ---- a/sshconnect2.c -+++ b/sshconnect2.c -@@ -657,6 +657,13 @@ userauth_gssapi(Authctxt *authctxt) - static u_int mech = 0; - OM_uint32 min; - int r, ok = 0; -+ const char *gss_host; -+ -+ if (options.gss_trust_dns) { -+ extern const char *auth_get_canonical_hostname(struct ssh *ssh, int use_dns); -+ gss_host = auth_get_canonical_hostname(active_state, 1); -+ } else -+ gss_host = authctxt->host; - - /* Try one GSSAPI method at a time, rather than sending them all at - * once. */ -@@ -669,7 +676,7 @@ userauth_gssapi(Authctxt *authctxt) - /* My DER encoding requires length<128 */ - if (gss_supported->elements[mech].length < 128 && - ssh_gssapi_check_mechanism(&gssctxt, -- &gss_supported->elements[mech], authctxt->host)) { -+ &gss_supported->elements[mech], gss_host)) { - ok = 1; /* Mechanism works */ - } else { - mech++; diff --git a/net-misc/openssh/files/openssh-7.9_p1-X509-11.6-tests.patch b/net-misc/openssh/files/openssh-7.9_p1-X509-11.6-tests.patch deleted file mode 100644 index 9766b1594..000000000 --- a/net-misc/openssh/files/openssh-7.9_p1-X509-11.6-tests.patch +++ /dev/null @@ -1,12 +0,0 @@ -diff -ur openssh-7.9p1.orig/openbsd-compat/regress/Makefile.in openssh-7.9p1/openbsd-compat/regress/Makefile.in ---- openssh-7.9p1.orig/openbsd-compat/regress/Makefile.in 2018-10-16 17:01:20.000000000 -0700 -+++ openssh-7.9p1/openbsd-compat/regress/Makefile.in 2018-12-19 11:03:14.421028691 -0800 -@@ -7,7 +7,7 @@ - CC=@CC@ - LD=@LD@ - CFLAGS=@CFLAGS@ --CPPFLAGS=-I. -I.. -I$(srcdir) -I$(srcdir)/.. @CPPFLAGS@ @DEFS@ -+CPPFLAGS=-I. -I.. -I$(srcdir) -I../.. @CPPFLAGS@ @DEFS@ - EXEEXT=@EXEEXT@ - LIBCOMPAT=../libopenbsd-compat.a - LIBS=@LIBS@ diff --git a/net-misc/openssh/files/openssh-7.9_p1-X509-dont-make-piddir-11.6.patch b/net-misc/openssh/files/openssh-7.9_p1-X509-dont-make-piddir-11.6.patch deleted file mode 100644 index 487b23963..000000000 --- a/net-misc/openssh/files/openssh-7.9_p1-X509-dont-make-piddir-11.6.patch +++ /dev/null @@ -1,16 +0,0 @@ ---- a/openssh-7.9p1+x509-11.6.diff 2018-12-07 17:24:03.211328918 -0800 -+++ b/openssh-7.9p1+x509-11.6.diff 2018-12-07 17:24:13.399262277 -0800 -@@ -40681,12 +40681,11 @@ - - install: $(CONFIGFILES) $(MANPAGES) $(TARGETS) install-files install-sysconf host-key check-config - install-nokeys: $(CONFIGFILES) $(MANPAGES) $(TARGETS) install-files install-sysconf --@@ -333,6 +351,8 @@ -+@@ -333,6 +351,7 @@ - $(MKDIR_P) $(DESTDIR)$(mandir)/$(mansubdir)5 - $(MKDIR_P) $(DESTDIR)$(mandir)/$(mansubdir)8 - $(MKDIR_P) $(DESTDIR)$(libexecdir) - + $(MKDIR_P) $(DESTDIR)$(sshcadir) --+ $(MKDIR_P) $(DESTDIR)$(piddir) - $(MKDIR_P) -m 0755 $(DESTDIR)$(PRIVSEP_PATH) - $(INSTALL) -m 0755 $(STRIP_OPT) ssh$(EXEEXT) $(DESTDIR)$(bindir)/ssh$(EXEEXT) - $(INSTALL) -m 0755 $(STRIP_OPT) scp$(EXEEXT) $(DESTDIR)$(bindir)/scp$(EXEEXT) diff --git a/net-misc/openssh/files/openssh-7.9_p1-X509-glue-11.6.patch b/net-misc/openssh/files/openssh-7.9_p1-X509-glue-11.6.patch deleted file mode 100644 index b807ac45f..000000000 --- a/net-misc/openssh/files/openssh-7.9_p1-X509-glue-11.6.patch +++ /dev/null @@ -1,28 +0,0 @@ ---- a/openssh-7.9p1+x509-11.6.diff 2018-12-19 10:42:01.241775036 -0800 -+++ b/openssh-7.9p1+x509-11.6.diff 2018-12-19 10:43:33.383140818 -0800 -@@ -45862,7 +45862,7 @@ - ENGINE_register_all_complete(); - +#endif - ---#if OPENSSL_VERSION_NUMBER < 0x10001000L -+-#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) - + /* OPENSSL_config will load buildin engines and engines - + * specified in configuration file, i.e. method call - + * ENGINE_load_builtin_engines. Latter is only for -@@ -81123,16 +81123,6 @@ - setlocale(LC_CTYPE, "POSIX.UTF-8") != NULL)) - return; - setlocale(LC_CTYPE, "C"); --diff -ruN openssh-7.9p1/version.h openssh-7.9p1+x509-11.6/version.h ----- openssh-7.9p1/version.h 2018-10-17 03:01:20.000000000 +0300 --+++ openssh-7.9p1+x509-11.6/version.h 2018-12-18 20:07:00.000000000 +0200 --@@ -2,5 +2,4 @@ -- -- #define SSH_VERSION "OpenSSH_7.9" -- ---#define SSH_PORTABLE "p1" ---#define SSH_RELEASE SSH_VERSION SSH_PORTABLE --+#define SSH_RELEASE PACKAGE_STRING ", " SSH_VERSION "p1" - diff -ruN openssh-7.9p1/version.m4 openssh-7.9p1+x509-11.6/version.m4 - --- openssh-7.9p1/version.m4 1970-01-01 02:00:00.000000000 +0200 - +++ openssh-7.9p1+x509-11.6/version.m4 2018-12-18 20:07:00.000000000 +0200 diff --git a/net-misc/openssh/files/openssh-7.9_p1-hpn-X509-glue.patch b/net-misc/openssh/files/openssh-7.9_p1-hpn-X509-glue.patch deleted file mode 100644 index c76d454c9..000000000 --- a/net-misc/openssh/files/openssh-7.9_p1-hpn-X509-glue.patch +++ /dev/null @@ -1,79 +0,0 @@ ---- temp/openssh-7_8_P1-hpn-AES-CTR-14.16.diff.orig 2018-09-12 15:58:57.377986085 -0700 -+++ temp/openssh-7_8_P1-hpn-AES-CTR-14.16.diff 2018-09-12 16:07:15.376711327 -0700 -@@ -4,8 +4,8 @@ - +++ b/Makefile.in - @@ -42,7 +42,7 @@ CC=@CC@ - LD=@LD@ -- CFLAGS=@CFLAGS@ -- CPPFLAGS=-I. -I$(srcdir) @CPPFLAGS@ $(PATHS) @DEFS@ -+ CFLAGS=@CFLAGS@ $(CFLAGS_EXTRA) -+ CPPFLAGS=-I. -I$(srcdir) @CPPFLAGS@ @LDAP_CPPFLAGS@ $(PATHS) @DEFS@ - -LIBS=@LIBS@ - +LIBS=@LIBS@ -lpthread - K5LIBS=@K5LIBS@ -@@ -788,8 +788,8 @@ - ssh_packet_set_connection(struct ssh *ssh, int fd_in, int fd_out) - { - struct session_state *state; --- const struct sshcipher *none = cipher_by_name("none"); --+ struct sshcipher *none = cipher_by_name("none"); -+- const struct sshcipher *none = cipher_none(); -++ struct sshcipher *none = cipher_none(); - int r; - - if (none == NULL) { -@@ -933,9 +933,9 @@ - /* Portable-specific options */ - sUsePAM, - + sDisableMTAES, -- /* Standard Options */ -- sPort, sHostKeyFile, sLoginGraceTime, -- sPermitRootLogin, sLogFacility, sLogLevel, -+ /* X.509 Standard Options */ -+ sHostbasedAlgorithms, -+ sPubkeyAlgorithms, - @@ -626,6 +630,7 @@ static struct { - { "trustedusercakeys", sTrustedUserCAKeys, SSHCFG_ALL }, - { "authorizedprincipalsfile", sAuthorizedPrincipalsFile, SSHCFG_ALL }, ---- temp/openssh-7_8_P1-hpn-DynWinNoneSwitch-14.16.diff.orig 2018-09-12 16:38:16.947447218 -0700 -+++ temp/openssh-7_8_P1-hpn-DynWinNoneSwitch-14.16.diff 2018-09-12 16:32:35.479700864 -0700 -@@ -382,7 +382,7 @@ - @@ -822,6 +822,10 @@ kex_choose_conf(struct ssh *ssh) - int nenc, nmac, ncomp; - u_int mode, ctos, need, dh_need, authlen; -- int r, first_kex_follows; -+ int r, first_kex_follows = 0; - + int auth_flag; - + - + auth_flag = packet_authentication_state(ssh); -@@ -1125,15 +1125,6 @@ - index a738c3a..b32dbe0 100644 - --- a/sshd.c - +++ b/sshd.c --@@ -373,7 +373,7 @@ sshd_exchange_identification(struct ssh *ssh, int sock_in, int sock_out) -- char remote_version[256]; /* Must be at least as big as buf. */ -- -- xasprintf(&server_version_string, "SSH-%d.%d-%.100s%s%s\r\n", --- PROTOCOL_MAJOR_2, PROTOCOL_MINOR_2, SSH_VERSION, --+ PROTOCOL_MAJOR_2, PROTOCOL_MINOR_2, SSH_RELEASE, -- *options.version_addendum == '\0' ? "" : " ", -- options.version_addendum); -- - @@ -1037,6 +1037,8 @@ listen_on_addrs(struct listenaddr *la) - int ret, listen_sock; - struct addrinfo *ai; -@@ -1213,14 +1204,3 @@ - # Example of overriding settings on a per-user basis - #Match User anoncvs - # X11Forwarding no --diff --git a/version.h b/version.h --index f1bbf00..21a70c2 100644 ----- a/version.h --+++ b/version.h --@@ -3,4 +3,5 @@ -- #define SSH_VERSION "OpenSSH_7.8" -- -- #define SSH_PORTABLE "p1" ---#define SSH_RELEASE SSH_VERSION SSH_PORTABLE --+#define SSH_RELEASE SSH_VERSION SSH_PORTABLE SSH_HPN --+ diff --git a/net-misc/openssh/files/openssh-7.9_p1-hpn-glue.patch b/net-misc/openssh/files/openssh-7.9_p1-hpn-glue.patch deleted file mode 100644 index 0561e3814..000000000 --- a/net-misc/openssh/files/openssh-7.9_p1-hpn-glue.patch +++ /dev/null @@ -1,112 +0,0 @@ ---- temp/openssh-7_8_P1-hpn-DynWinNoneSwitch-14.16.diff.orig 2018-09-11 17:19:19.968420409 -0700 -+++ temp/openssh-7_8_P1-hpn-DynWinNoneSwitch-14.16.diff 2018-09-11 17:39:19.977535398 -0700 -@@ -409,18 +409,10 @@ - index dcf35e6..da4ced0 100644 - --- a/packet.c - +++ b/packet.c --@@ -920,6 +920,24 @@ ssh_set_newkeys(struct ssh *ssh, int mode) -+@@ -920,6 +920,16 @@ ssh_set_newkeys(struct ssh *ssh, int mode) - return 0; - } - --+/* this supports the forced rekeying required for the NONE cipher */ --+int rekey_requested = 0; --+void --+packet_request_rekeying(void) --+{ --+ rekey_requested = 1; --+} --+ - +/* used to determine if pre or post auth when rekeying for aes-ctr - + * and none cipher switch */ - +int -@@ -434,20 +426,6 @@ - #define MAX_PACKETS (1U<<31) - static int - ssh_packet_need_rekeying(struct ssh *ssh, u_int outbound_packet_len) --@@ -946,6 +964,13 @@ ssh_packet_need_rekeying(struct ssh *ssh, u_int outbound_packet_len) -- if (state->p_send.packets == 0 && state->p_read.packets == 0) -- return 0; -- --+ /* used to force rekeying when called for by the none --+ * cipher switch methods -cjr */ --+ if (rekey_requested == 1) { --+ rekey_requested = 0; --+ return 1; --+ } --+ -- /* Time-based rekeying */ -- if (state->rekey_interval != 0 && -- (int64_t)state->rekey_time + state->rekey_interval <= monotime()) - diff --git a/packet.h b/packet.h - index 170203c..f4d9df2 100644 - --- a/packet.h -@@ -476,9 +454,9 @@ - /* Format of the configuration file: - - @@ -166,6 +167,8 @@ typedef enum { -- oHashKnownHosts, - oTunnel, oTunnelDevice, - oLocalCommand, oPermitLocalCommand, oRemoteCommand, -+ oDisableMTAES, - + oTcpRcvBufPoll, oTcpRcvBuf, oHPNDisabled, oHPNBufferSize, - + oNoneEnabled, oNoneSwitch, - oVisualHostKey, -@@ -615,9 +593,9 @@ - int ip_qos_bulk; /* IP ToS/DSCP/class for bulk traffic */ - SyslogFacility log_facility; /* Facility for system logging. */ - @@ -111,7 +115,10 @@ typedef struct { -- - int enable_ssh_keysign; - int64_t rekey_limit; -+ int disable_multithreaded; /*disable multithreaded aes-ctr*/ - + int none_switch; /* Use none cipher */ - + int none_enabled; /* Allow none to be used */ - int rekey_interval; -@@ -673,9 +651,9 @@ - /* Portable-specific options */ - if (options->use_pam == -1) - @@ -391,6 +400,43 @@ fill_default_server_options(ServerOptions *options) -- } -- if (options->permit_tun == -1) - options->permit_tun = SSH_TUNMODE_NO; -+ if (options->disable_multithreaded == -1) -+ options->disable_multithreaded = 0; - + if (options->none_enabled == -1) - + options->none_enabled = 0; - + if (options->hpn_disabled == -1) -@@ -1092,7 +1070,7 @@ - xxx_host = host; - xxx_hostaddr = hostaddr; - --@@ -412,6 +423,28 @@ ssh_userauth2(const char *local_user, const char *server_user, char *host, -+@@ -412,6 +423,27 @@ ssh_userauth2(const char *local_user, const char *server_user, char *host, - - if (!authctxt.success) - fatal("Authentication failed."); -@@ -1117,10 +1095,9 @@ - + fprintf(stderr, "NONE cipher switch disabled when a TTY is allocated\n"); - + } - + } --+ -- debug("Authentication succeeded (%s).", authctxt.method->name); -- } - -+ #ifdef WITH_OPENSSL -+ if (options.disable_multithreaded == 0) { - diff --git a/sshd.c b/sshd.c - index a738c3a..b32dbe0 100644 - --- a/sshd.c -@@ -1217,11 +1194,10 @@ - index f1bbf00..21a70c2 100644 - --- a/version.h - +++ b/version.h --@@ -3,4 +3,6 @@ -+@@ -3,4 +3,5 @@ - #define SSH_VERSION "OpenSSH_7.8" - - #define SSH_PORTABLE "p1" - -#define SSH_RELEASE SSH_VERSION SSH_PORTABLE --+#define SSH_HPN "-hpn14v16" - +#define SSH_RELEASE SSH_VERSION SSH_PORTABLE SSH_HPN - + diff --git a/net-misc/openssh/files/openssh-7.9_p1-hpn-sctp-glue.patch b/net-misc/openssh/files/openssh-7.9_p1-hpn-sctp-glue.patch deleted file mode 100644 index a7d51ad94..000000000 --- a/net-misc/openssh/files/openssh-7.9_p1-hpn-sctp-glue.patch +++ /dev/null @@ -1,17 +0,0 @@ ---- dd/openssh-7_8_P1-hpn-DynWinNoneSwitch-14.16.diff.orig 2018-09-12 18:18:51.851536374 -0700 -+++ dd/openssh-7_8_P1-hpn-DynWinNoneSwitch-14.16.diff 2018-09-12 18:19:01.116475099 -0700 -@@ -1190,14 +1190,3 @@ - # Example of overriding settings on a per-user basis - #Match User anoncvs - # X11Forwarding no --diff --git a/version.h b/version.h --index f1bbf00..21a70c2 100644 ----- a/version.h --+++ b/version.h --@@ -3,4 +3,5 @@ -- #define SSH_VERSION "OpenSSH_7.8" -- -- #define SSH_PORTABLE "p1" ---#define SSH_RELEASE SSH_VERSION SSH_PORTABLE --+#define SSH_RELEASE SSH_VERSION SSH_PORTABLE SSH_HPN --+ diff --git a/net-misc/openssh/files/openssh-7.9_p1-include-stdlib.patch b/net-misc/openssh/files/openssh-7.9_p1-include-stdlib.patch deleted file mode 100644 index c5697c2b8..000000000 --- a/net-misc/openssh/files/openssh-7.9_p1-include-stdlib.patch +++ /dev/null @@ -1,48 +0,0 @@ -diff --git a/auth-options.c b/auth-options.c -index b05d6d6f..d1f42f04 100644 ---- a/auth-options.c -+++ b/auth-options.c -@@ -26,6 +26,7 @@ - #include - #include - #include -+#include - - #include "openbsd-compat/sys-queue.h" - -diff --git a/hmac.c b/hmac.c -index 1c879640..a29f32c5 100644 ---- a/hmac.c -+++ b/hmac.c -@@ -19,6 +19,7 @@ - - #include - #include -+#include - - #include "sshbuf.h" - #include "digest.h" -diff --git a/krl.c b/krl.c -index 8e2d5d5d..c32e147a 100644 ---- a/krl.c -+++ b/krl.c -@@ -28,6 +28,7 @@ - #include - #include - #include -+#include - - #include "sshbuf.h" - #include "ssherr.h" -diff --git a/mac.c b/mac.c -index 51dc11d7..3d11eba6 100644 ---- a/mac.c -+++ b/mac.c -@@ -29,6 +29,7 @@ - - #include - #include -+#include - - #include "digest.h" - #include "hmac.h" diff --git a/net-misc/openssh/files/openssh-8.0_p1-GSSAPI-dns.patch b/net-misc/openssh/files/openssh-8.0_p1-GSSAPI-dns.patch deleted file mode 100644 index 04d622191..000000000 --- a/net-misc/openssh/files/openssh-8.0_p1-GSSAPI-dns.patch +++ /dev/null @@ -1,359 +0,0 @@ -diff --git a/auth.c b/auth.c -index 8696f258..f4cd70a3 100644 ---- a/auth.c -+++ b/auth.c -@@ -723,120 +723,6 @@ fakepw(void) - return (&fake); - } - --/* -- * Returns the remote DNS hostname as a string. The returned string must not -- * be freed. NB. this will usually trigger a DNS query the first time it is -- * called. -- * This function does additional checks on the hostname to mitigate some -- * attacks on legacy rhosts-style authentication. -- * XXX is RhostsRSAAuthentication vulnerable to these? -- * XXX Can we remove these checks? (or if not, remove RhostsRSAAuthentication?) -- */ -- --static char * --remote_hostname(struct ssh *ssh) --{ -- struct sockaddr_storage from; -- socklen_t fromlen; -- struct addrinfo hints, *ai, *aitop; -- char name[NI_MAXHOST], ntop2[NI_MAXHOST]; -- const char *ntop = ssh_remote_ipaddr(ssh); -- -- /* Get IP address of client. */ -- fromlen = sizeof(from); -- memset(&from, 0, sizeof(from)); -- if (getpeername(ssh_packet_get_connection_in(ssh), -- (struct sockaddr *)&from, &fromlen) < 0) { -- debug("getpeername failed: %.100s", strerror(errno)); -- return strdup(ntop); -- } -- -- ipv64_normalise_mapped(&from, &fromlen); -- if (from.ss_family == AF_INET6) -- fromlen = sizeof(struct sockaddr_in6); -- -- debug3("Trying to reverse map address %.100s.", ntop); -- /* Map the IP address to a host name. */ -- if (getnameinfo((struct sockaddr *)&from, fromlen, name, sizeof(name), -- NULL, 0, NI_NAMEREQD) != 0) { -- /* Host name not found. Use ip address. */ -- return strdup(ntop); -- } -- -- /* -- * if reverse lookup result looks like a numeric hostname, -- * someone is trying to trick us by PTR record like following: -- * 1.1.1.10.in-addr.arpa. IN PTR 2.3.4.5 -- */ -- memset(&hints, 0, sizeof(hints)); -- hints.ai_socktype = SOCK_DGRAM; /*dummy*/ -- hints.ai_flags = AI_NUMERICHOST; -- if (getaddrinfo(name, NULL, &hints, &ai) == 0) { -- logit("Nasty PTR record \"%s\" is set up for %s, ignoring", -- name, ntop); -- freeaddrinfo(ai); -- return strdup(ntop); -- } -- -- /* Names are stored in lowercase. */ -- lowercase(name); -- -- /* -- * Map it back to an IP address and check that the given -- * address actually is an address of this host. This is -- * necessary because anyone with access to a name server can -- * define arbitrary names for an IP address. Mapping from -- * name to IP address can be trusted better (but can still be -- * fooled if the intruder has access to the name server of -- * the domain). -- */ -- memset(&hints, 0, sizeof(hints)); -- hints.ai_family = from.ss_family; -- hints.ai_socktype = SOCK_STREAM; -- if (getaddrinfo(name, NULL, &hints, &aitop) != 0) { -- logit("reverse mapping checking getaddrinfo for %.700s " -- "[%s] failed.", name, ntop); -- return strdup(ntop); -- } -- /* Look for the address from the list of addresses. */ -- for (ai = aitop; ai; ai = ai->ai_next) { -- if (getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop2, -- sizeof(ntop2), NULL, 0, NI_NUMERICHOST) == 0 && -- (strcmp(ntop, ntop2) == 0)) -- break; -- } -- freeaddrinfo(aitop); -- /* If we reached the end of the list, the address was not there. */ -- if (ai == NULL) { -- /* Address not found for the host name. */ -- logit("Address %.100s maps to %.600s, but this does not " -- "map back to the address.", ntop, name); -- return strdup(ntop); -- } -- return strdup(name); --} -- --/* -- * Return the canonical name of the host in the other side of the current -- * connection. The host name is cached, so it is efficient to call this -- * several times. -- */ -- --const char * --auth_get_canonical_hostname(struct ssh *ssh, int use_dns) --{ -- static char *dnsname; -- -- if (!use_dns) -- return ssh_remote_ipaddr(ssh); -- else if (dnsname != NULL) -- return dnsname; -- else { -- dnsname = remote_hostname(ssh); -- return dnsname; -- } --} -- - /* - * Runs command in a subprocess with a minimal environment. - * Returns pid on success, 0 on failure. -diff --git a/canohost.c b/canohost.c -index f71a0856..3e162d8c 100644 ---- a/canohost.c -+++ b/canohost.c -@@ -202,3 +202,117 @@ get_local_port(int sock) - { - return get_sock_port(sock, 1); - } -+ -+/* -+ * Returns the remote DNS hostname as a string. The returned string must not -+ * be freed. NB. this will usually trigger a DNS query the first time it is -+ * called. -+ * This function does additional checks on the hostname to mitigate some -+ * attacks on legacy rhosts-style authentication. -+ * XXX is RhostsRSAAuthentication vulnerable to these? -+ * XXX Can we remove these checks? (or if not, remove RhostsRSAAuthentication?) -+ */ -+ -+static char * -+remote_hostname(struct ssh *ssh) -+{ -+ struct sockaddr_storage from; -+ socklen_t fromlen; -+ struct addrinfo hints, *ai, *aitop; -+ char name[NI_MAXHOST], ntop2[NI_MAXHOST]; -+ const char *ntop = ssh_remote_ipaddr(ssh); -+ -+ /* Get IP address of client. */ -+ fromlen = sizeof(from); -+ memset(&from, 0, sizeof(from)); -+ if (getpeername(ssh_packet_get_connection_in(ssh), -+ (struct sockaddr *)&from, &fromlen) < 0) { -+ debug("getpeername failed: %.100s", strerror(errno)); -+ return strdup(ntop); -+ } -+ -+ ipv64_normalise_mapped(&from, &fromlen); -+ if (from.ss_family == AF_INET6) -+ fromlen = sizeof(struct sockaddr_in6); -+ -+ debug3("Trying to reverse map address %.100s.", ntop); -+ /* Map the IP address to a host name. */ -+ if (getnameinfo((struct sockaddr *)&from, fromlen, name, sizeof(name), -+ NULL, 0, NI_NAMEREQD) != 0) { -+ /* Host name not found. Use ip address. */ -+ return strdup(ntop); -+ } -+ -+ /* -+ * if reverse lookup result looks like a numeric hostname, -+ * someone is trying to trick us by PTR record like following: -+ * 1.1.1.10.in-addr.arpa. IN PTR 2.3.4.5 -+ */ -+ memset(&hints, 0, sizeof(hints)); -+ hints.ai_socktype = SOCK_DGRAM; /*dummy*/ -+ hints.ai_flags = AI_NUMERICHOST; -+ if (getaddrinfo(name, NULL, &hints, &ai) == 0) { -+ logit("Nasty PTR record \"%s\" is set up for %s, ignoring", -+ name, ntop); -+ freeaddrinfo(ai); -+ return strdup(ntop); -+ } -+ -+ /* Names are stored in lowercase. */ -+ lowercase(name); -+ -+ /* -+ * Map it back to an IP address and check that the given -+ * address actually is an address of this host. This is -+ * necessary because anyone with access to a name server can -+ * define arbitrary names for an IP address. Mapping from -+ * name to IP address can be trusted better (but can still be -+ * fooled if the intruder has access to the name server of -+ * the domain). -+ */ -+ memset(&hints, 0, sizeof(hints)); -+ hints.ai_family = from.ss_family; -+ hints.ai_socktype = SOCK_STREAM; -+ if (getaddrinfo(name, NULL, &hints, &aitop) != 0) { -+ logit("reverse mapping checking getaddrinfo for %.700s " -+ "[%s] failed.", name, ntop); -+ return strdup(ntop); -+ } -+ /* Look for the address from the list of addresses. */ -+ for (ai = aitop; ai; ai = ai->ai_next) { -+ if (getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop2, -+ sizeof(ntop2), NULL, 0, NI_NUMERICHOST) == 0 && -+ (strcmp(ntop, ntop2) == 0)) -+ break; -+ } -+ freeaddrinfo(aitop); -+ /* If we reached the end of the list, the address was not there. */ -+ if (ai == NULL) { -+ /* Address not found for the host name. */ -+ logit("Address %.100s maps to %.600s, but this does not " -+ "map back to the address.", ntop, name); -+ return strdup(ntop); -+ } -+ return strdup(name); -+} -+ -+/* -+ * Return the canonical name of the host in the other side of the current -+ * connection. The host name is cached, so it is efficient to call this -+ * several times. -+ */ -+ -+const char * -+auth_get_canonical_hostname(struct ssh *ssh, int use_dns) -+{ -+ static char *dnsname; -+ -+ if (!use_dns) -+ return ssh_remote_ipaddr(ssh); -+ else if (dnsname != NULL) -+ return dnsname; -+ else { -+ dnsname = remote_hostname(ssh); -+ return dnsname; -+ } -+} -diff --git a/readconf.c b/readconf.c -index 71a5c795..2a8c6990 100644 ---- a/readconf.c -+++ b/readconf.c -@@ -163,6 +163,7 @@ typedef enum { - oClearAllForwardings, oNoHostAuthenticationForLocalhost, - oEnableSSHKeysign, oRekeyLimit, oVerifyHostKeyDNS, oConnectTimeout, - oAddressFamily, oGssAuthentication, oGssDelegateCreds, -+ oGssTrustDns, - oServerAliveInterval, oServerAliveCountMax, oIdentitiesOnly, - oSendEnv, oSetEnv, oControlPath, oControlMaster, oControlPersist, - oHashKnownHosts, -@@ -204,9 +205,11 @@ static struct { - #if defined(GSSAPI) - { "gssapiauthentication", oGssAuthentication }, - { "gssapidelegatecredentials", oGssDelegateCreds }, -+ { "gssapitrustdns", oGssTrustDns }, - # else - { "gssapiauthentication", oUnsupported }, - { "gssapidelegatecredentials", oUnsupported }, -+ { "gssapitrustdns", oUnsupported }, - #endif - #ifdef ENABLE_PKCS11 - { "pkcs11provider", oPKCS11Provider }, -@@ -993,6 +996,10 @@ parse_time: - intptr = &options->gss_deleg_creds; - goto parse_flag; - -+ case oGssTrustDns: -+ intptr = &options->gss_trust_dns; -+ goto parse_flag; -+ - case oBatchMode: - intptr = &options->batch_mode; - goto parse_flag; -@@ -1875,6 +1882,7 @@ initialize_options(Options * options) - options->challenge_response_authentication = -1; - options->gss_authentication = -1; - options->gss_deleg_creds = -1; -+ options->gss_trust_dns = -1; - options->password_authentication = -1; - options->kbd_interactive_authentication = -1; - options->kbd_interactive_devices = NULL; -@@ -2023,6 +2031,8 @@ fill_default_options(Options * options) - options->gss_authentication = 0; - if (options->gss_deleg_creds == -1) - options->gss_deleg_creds = 0; -+ if (options->gss_trust_dns == -1) -+ options->gss_trust_dns = 0; - if (options->password_authentication == -1) - options->password_authentication = 1; - if (options->kbd_interactive_authentication == -1) -diff --git a/readconf.h b/readconf.h -index 69c24700..2758b633 100644 ---- a/readconf.h -+++ b/readconf.h -@@ -45,6 +45,7 @@ typedef struct { - /* Try S/Key or TIS, authentication. */ - int gss_authentication; /* Try GSS authentication */ - int gss_deleg_creds; /* Delegate GSS credentials */ -+ int gss_trust_dns; /* Trust DNS for GSS canonicalization */ - int password_authentication; /* Try password - * authentication. */ - int kbd_interactive_authentication; /* Try keyboard-interactive auth. */ -diff --git a/ssh_config.5 b/ssh_config.5 -index b7566782..64897e4e 100644 ---- a/ssh_config.5 -+++ b/ssh_config.5 -@@ -758,6 +758,16 @@ The default is - Forward (delegate) credentials to the server. - The default is - .Cm no . -+Note that this option applies to protocol version 2 connections using GSSAPI. -+.It Cm GSSAPITrustDns -+Set to -+.Dq yes to indicate that the DNS is trusted to securely canonicalize -+the name of the host being connected to. If -+.Dq no, the hostname entered on the -+command line will be passed untouched to the GSSAPI library. -+The default is -+.Dq no . -+This option only applies to protocol version 2 connections using GSSAPI. - .It Cm HashKnownHosts - Indicates that - .Xr ssh 1 -diff --git a/sshconnect2.c b/sshconnect2.c -index dffee90b..a25a32b9 100644 ---- a/sshconnect2.c -+++ b/sshconnect2.c -@@ -698,6 +698,13 @@ userauth_gssapi(struct ssh *ssh) - OM_uint32 min; - int r, ok = 0; - gss_OID mech = NULL; -+ const char *gss_host; -+ -+ if (options.gss_trust_dns) { -+ extern const char *auth_get_canonical_hostname(struct ssh *ssh, int use_dns); -+ gss_host = auth_get_canonical_hostname(ssh, 1); -+ } else -+ gss_host = authctxt->host; - - /* Try one GSSAPI method at a time, rather than sending them all at - * once. */ -@@ -712,7 +719,7 @@ userauth_gssapi(struct ssh *ssh) - elements[authctxt->mech_tried]; - /* My DER encoding requires length<128 */ - if (mech->length < 128 && ssh_gssapi_check_mechanism(&gssctxt, -- mech, authctxt->host)) { -+ mech, gss_host)) { - ok = 1; /* Mechanism works */ - } else { - authctxt->mech_tried++; diff --git a/net-misc/openssh/files/openssh-8.0_p1-X509-12.1-tests.patch b/net-misc/openssh/files/openssh-8.0_p1-X509-12.1-tests.patch deleted file mode 100644 index 67a93fe2a..000000000 --- a/net-misc/openssh/files/openssh-8.0_p1-X509-12.1-tests.patch +++ /dev/null @@ -1,11 +0,0 @@ ---- a/openbsd-compat/regress/Makefile.in 2019-06-17 10:59:01.210601434 -0700 -+++ b/openbsd-compat/regress/Makefile.in 2019-06-17 10:59:18.753485852 -0700 -@@ -7,7 +7,7 @@ - CC=@CC@ - LD=@LD@ - CFLAGS=@CFLAGS@ --CPPFLAGS=-I. -I.. -I$(srcdir) -I$(srcdir)/.. @CPPFLAGS@ @DEFS@ -+CPPFLAGS=-I. -I.. -I../.. -I$(srcdir) -I$(srcdir)/.. @CPPFLAGS@ @DEFS@ - EXEEXT=@EXEEXT@ - LIBCOMPAT=../libopenbsd-compat.a - LIBS=@LIBS@ diff --git a/net-misc/openssh/files/openssh-8.0_p1-deny-shmget-shmat-shmdt-in-preauth-privsep-child.patch b/net-misc/openssh/files/openssh-8.0_p1-deny-shmget-shmat-shmdt-in-preauth-privsep-child.patch deleted file mode 100644 index fe3be2409..000000000 --- a/net-misc/openssh/files/openssh-8.0_p1-deny-shmget-shmat-shmdt-in-preauth-privsep-child.patch +++ /dev/null @@ -1,31 +0,0 @@ -From 3ef92a657444f172b61f92d5da66d94fa8265602 Mon Sep 17 00:00:00 2001 -From: Lonnie Abelbeck -Date: Tue, 1 Oct 2019 09:05:09 -0500 -Subject: [PATCH] Deny (non-fatal) shmget/shmat/shmdt in preauth privsep child. - -New wait_random_seeded() function on OpenSSL 1.1.1d uses shmget, shmat, and shmdt -in the preauth codepath, deny (non-fatal) in seccomp_filter sandbox. ---- - sandbox-seccomp-filter.c | 9 +++++++++ - 1 file changed, 9 insertions(+) - -diff --git a/sandbox-seccomp-filter.c b/sandbox-seccomp-filter.c -index 840c5232b..39dc289e3 100644 ---- a/sandbox-seccomp-filter.c -+++ b/sandbox-seccomp-filter.c -@@ -168,6 +168,15 @@ static const struct sock_filter preauth_insns[] = { - #ifdef __NR_stat64 - SC_DENY(__NR_stat64, EACCES), - #endif -+#ifdef __NR_shmget -+ SC_DENY(__NR_shmget, EACCES), -+#endif -+#ifdef __NR_shmat -+ SC_DENY(__NR_shmat, EACCES), -+#endif -+#ifdef __NR_shmdt -+ SC_DENY(__NR_shmdt, EACCES), -+#endif - - /* Syscalls to permit */ - #ifdef __NR_brk diff --git a/net-misc/openssh/files/openssh-8.0_p1-fix-putty-tests.patch b/net-misc/openssh/files/openssh-8.0_p1-fix-putty-tests.patch deleted file mode 100644 index 4310aa123..000000000 --- a/net-misc/openssh/files/openssh-8.0_p1-fix-putty-tests.patch +++ /dev/null @@ -1,57 +0,0 @@ -Make sure that host keys are already accepted before -running tests. - -https://bugs.gentoo.org/493866 - ---- a/regress/putty-ciphers.sh -+++ b/regress/putty-ciphers.sh -@@ -10,11 +10,17 @@ fi - - for c in aes 3des aes128-ctr aes192-ctr aes256-ctr ; do - verbose "$tid: cipher $c" -+ rm -f ${COPY} - cp ${OBJ}/.putty/sessions/localhost_proxy \ - ${OBJ}/.putty/sessions/cipher_$c - echo "Cipher=$c" >> ${OBJ}/.putty/sessions/cipher_$c - -- rm -f ${COPY} -+ env HOME=$PWD echo "y" | ${PLINK} -load cipher_$c \ -+ -i ${OBJ}/putty.rsa2 "exit" -+ if [ $? -ne 0 ]; then -+ fail "failed to pre-cache host key" -+ fi -+ - env HOME=$PWD ${PLINK} -load cipher_$c -batch -i ${OBJ}/putty.rsa2 \ - cat ${DATA} > ${COPY} - if [ $? -ne 0 ]; then ---- a/regress/putty-kex.sh -+++ b/regress/putty-kex.sh -@@ -14,6 +14,12 @@ for k in dh-gex-sha1 dh-group1-sha1 dh-group14-sha1 ; do - ${OBJ}/.putty/sessions/kex_$k - echo "KEX=$k" >> ${OBJ}/.putty/sessions/kex_$k - -+ env HOME=$PWD echo "y" | ${PLINK} -load kex_$k \ -+ -i ${OBJ}/putty.rsa2 "exit" -+ if [ $? -ne 0 ]; then -+ fail "failed to pre-cache host key" -+ fi -+ - env HOME=$PWD ${PLINK} -load kex_$k -batch -i ${OBJ}/putty.rsa2 true - if [ $? -ne 0 ]; then - fail "KEX $k failed" ---- a/regress/putty-transfer.sh -+++ b/regress/putty-transfer.sh -@@ -14,6 +14,13 @@ for c in 0 1 ; do - cp ${OBJ}/.putty/sessions/localhost_proxy \ - ${OBJ}/.putty/sessions/compression_$c - echo "Compression=$c" >> ${OBJ}/.putty/sessions/kex_$k -+ -+ env HOME=$PWD echo "y" | ${PLINK} -load compression_$c \ -+ -i ${OBJ}/putty.rsa2 "exit" -+ if [ $? -ne 0 ]; then -+ fail "failed to pre-cache host key" -+ fi -+ - env HOME=$PWD ${PLINK} -load compression_$c -batch \ - -i ${OBJ}/putty.rsa2 cat ${DATA} > ${COPY} - if [ $? -ne 0 ]; then diff --git a/net-misc/openssh/files/openssh-8.0_p1-hpn-14.20-X509-glue.patch b/net-misc/openssh/files/openssh-8.0_p1-hpn-14.20-X509-glue.patch deleted file mode 100644 index 167adfcae..000000000 --- a/net-misc/openssh/files/openssh-8.0_p1-hpn-14.20-X509-glue.patch +++ /dev/null @@ -1,111 +0,0 @@ -diff -ur a/openssh-8_1_P1-hpn-AES-CTR-14.20.diff b/openssh-8_1_P1-hpn-AES-CTR-14.20.diff ---- a/openssh-8_1_P1-hpn-AES-CTR-14.20.diff 2020-02-04 15:49:15.746095444 -0800 -+++ b/openssh-8_1_P1-hpn-AES-CTR-14.20.diff 2020-02-04 15:49:54.181853707 -0800 -@@ -4,8 +4,8 @@ - +++ b/Makefile.in - @@ -42,7 +42,7 @@ CC=@CC@ - LD=@LD@ -- CFLAGS=@CFLAGS@ -- CPPFLAGS=-I. -I$(srcdir) @CPPFLAGS@ $(PATHS) @DEFS@ -+ CFLAGS=@CFLAGS@ $(CFLAGS_EXTRA) -+ CPPFLAGS=-I. -I$(srcdir) @CPPFLAGS@ @LDAP_CPPFLAGS@ $(PATHS) @DEFS@ - -LIBS=@LIBS@ - +LIBS=@LIBS@ -lpthread - K5LIBS=@K5LIBS@ -@@ -803,8 +803,8 @@ - ssh_packet_set_connection(struct ssh *ssh, int fd_in, int fd_out) - { - struct session_state *state; --- const struct sshcipher *none = cipher_by_name("none"); --+ struct sshcipher *none = cipher_by_name("none"); -+- const struct sshcipher *none = cipher_none(); -++ struct sshcipher *none = cipher_none(); - int r; - - if (none == NULL) { -@@ -948,9 +948,9 @@ - /* Portable-specific options */ - sUsePAM, - + sDisableMTAES, -- /* Standard Options */ -- sPort, sHostKeyFile, sLoginGraceTime, -- sPermitRootLogin, sLogFacility, sLogLevel, -+ /* X.509 Standard Options */ -+ sHostbasedAlgorithms, -+ sPubkeyAlgorithms, - @@ -643,6 +647,7 @@ static struct { - { "trustedusercakeys", sTrustedUserCAKeys, SSHCFG_ALL }, - { "authorizedprincipalsfile", sAuthorizedPrincipalsFile, SSHCFG_ALL }, -diff -ur a/openssh-8_1_P1-hpn-DynWinNoneSwitch-14.20.diff b/openssh-8_1_P1-hpn-DynWinNoneSwitch-14.20.diff ---- a/openssh-8_1_P1-hpn-DynWinNoneSwitch-14.20.diff 2020-02-04 15:41:42.512910357 -0800 -+++ b/openssh-8_1_P1-hpn-DynWinNoneSwitch-14.20.diff 2020-02-04 15:56:40.323299499 -0800 -@@ -382,7 +382,7 @@ - @@ -884,6 +884,10 @@ kex_choose_conf(struct ssh *ssh) - int nenc, nmac, ncomp; - u_int mode, ctos, need, dh_need, authlen; -- int r, first_kex_follows; -+ int r, first_kex_follows = 0; - + int auth_flag; - + - + auth_flag = packet_authentication_state(ssh); -@@ -391,8 +391,8 @@ - debug2("local %s KEXINIT proposal", kex->server ? "server" : "client"); - if ((r = kex_buf2prop(kex->my, NULL, &my)) != 0) - @@ -954,6 +958,14 @@ kex_choose_conf(struct ssh *ssh) -- peer[ncomp] = NULL; -- goto out; -+ else -+ fatal("Pre-authentication none cipher requests are not allowed."); - } - + debug("REQUESTED ENC.NAME is '%s'", newkeys->enc.name); - + if (strcmp(newkeys->enc.name, "none") == 0) { -@@ -1169,15 +1169,3 @@ - # Example of overriding settings on a per-user basis - #Match User anoncvs - # X11Forwarding no --diff --git a/version.h b/version.h --index 6b3fadf8..ec1d2e27 100644 ----- a/version.h --+++ b/version.h --@@ -3,4 +3,6 @@ -- #define SSH_VERSION "OpenSSH_8.1" -- -- #define SSH_PORTABLE "p1" ---#define SSH_RELEASE SSH_VERSION SSH_PORTABLE --+#define SSH_HPN "-hpn14v20" --+#define SSH_RELEASE SSH_VERSION SSH_PORTABLE SSH_HPN --+ -diff -ur a/openssh-8_1_P1-hpn-PeakTput-14.20.diff b/openssh-8_1_P1-hpn-PeakTput-14.20.diff ---- a/openssh-8_1_P1-hpn-PeakTput-14.20.diff 2020-02-04 15:41:42.512910357 -0800 -+++ b/openssh-8_1_P1-hpn-PeakTput-14.20.diff 2020-02-04 16:02:42.203023609 -0800 -@@ -12,9 +12,9 @@ - static long stalled; /* how long we have been stalled */ - static int bytes_per_second; /* current speed in bytes per second */ - @@ -127,6 +129,7 @@ refresh_progress_meter(int force_update) -+ off_t bytes_left; - int cur_speed; -- int hours, minutes, seconds; -- int file_len; -+ int len; - + off_t delta_pos; - - if ((!force_update && !alarm_fired && !win_resized) || !can_output()) -@@ -33,12 +33,12 @@ - @@ -166,7 +173,7 @@ refresh_progress_meter(int force_update) - - /* filename */ -- buf[0] = '\0'; --- file_len = win_size - 36; --+ file_len = win_size - 45; -- if (file_len > 0) { -- buf[0] = '\r'; -- snmprintf(buf+1, sizeof(buf)-1, &file_len, "%-*s", -+ if (win_size > 36) { -+- int file_len = win_size - 36; -++ int file_len = win_size - 45; -+ snmprintf(buf+1, sizeof(buf)-1, &file_len, "%-*s ", -+ file_len, file); -+ } - @@ -191,6 +198,15 @@ refresh_progress_meter(int force_update) - (off_t)bytes_per_second); - strlcat(buf, "/s ", win_size); diff --git a/net-misc/openssh/files/openssh-8.0_p1-hpn-X509-glue.patch b/net-misc/openssh/files/openssh-8.0_p1-hpn-X509-glue.patch deleted file mode 100644 index 2a9d3bd2f..000000000 --- a/net-misc/openssh/files/openssh-8.0_p1-hpn-X509-glue.patch +++ /dev/null @@ -1,114 +0,0 @@ ---- a/openssh-7_8_P1-hpn-DynWinNoneSwitch-14.16.diff 2019-04-18 17:07:59.413376785 -0700 -+++ b/openssh-7_8_P1-hpn-DynWinNoneSwitch-14.16.diff 2019-04-18 20:05:12.622588051 -0700 -@@ -382,7 +382,7 @@ - @@ -822,6 +822,10 @@ kex_choose_conf(struct ssh *ssh) - int nenc, nmac, ncomp; - u_int mode, ctos, need, dh_need, authlen; -- int r, first_kex_follows; -+ int r, first_kex_follows = 0; - + int auth_flag; - + - + auth_flag = packet_authentication_state(ssh); -@@ -441,6 +441,39 @@ - int ssh_packet_get_state(struct ssh *, struct sshbuf *); - int ssh_packet_set_state(struct ssh *, struct sshbuf *); - -+diff --git a/packet.c b/packet.c -+index dcf35e6..9433f08 100644 -+--- a/packet.c -++++ b/packet.c -+@@ -920,6 +920,14 @@ ssh_set_newkeys(struct ssh *ssh, int mode) -+ return 0; -+ } -+ -++/* this supports the forced rekeying required for the NONE cipher */ -++int rekey_requested = 0; -++void -++packet_request_rekeying(void) -++{ -++ rekey_requested = 1; -++} -++ -+ #define MAX_PACKETS (1U<<31) -+ static int -+ ssh_packet_need_rekeying(struct ssh *ssh, u_int outbound_packet_len) -+@@ -946,6 +954,13 @@ ssh_packet_need_rekeying(struct ssh *ssh, u_int outbound_packet_len) -+ if (state->p_send.packets == 0 && state->p_read.packets == 0) -+ return 0; -+ -++ /* used to force rekeying when called for by the none -++ * cipher switch and aes-mt-ctr methods -cjr */ -++ if (rekey_requested == 1) { -++ rekey_requested = 0; -++ return 1; -++ } -++ -+ /* Time-based rekeying */ -+ if (state->rekey_interval != 0 && -+ (int64_t)state->rekey_time + state->rekey_interval <= monotime()) - diff --git a/readconf.c b/readconf.c - index db5f2d5..33f18c9 100644 - --- a/readconf.c -@@ -453,10 +486,9 @@ - - /* Format of the configuration file: - --@@ -166,6 +167,8 @@ typedef enum { -+@@ -166,5 +167,7 @@ typedef enum { - oTunnel, oTunnelDevice, - oLocalCommand, oPermitLocalCommand, oRemoteCommand, -- oDisableMTAES, - + oTcpRcvBufPoll, oTcpRcvBuf, oHPNDisabled, oHPNBufferSize, - + oNoneEnabled, oNoneSwitch, - oVisualHostKey, -@@ -592,10 +624,9 @@ - int ip_qos_interactive; /* IP ToS/DSCP/class for interactive */ - int ip_qos_bulk; /* IP ToS/DSCP/class for bulk traffic */ - SyslogFacility log_facility; /* Facility for system logging. */ --@@ -111,7 +115,10 @@ typedef struct { -+@@ -111,6 +115,9 @@ typedef struct { - int enable_ssh_keysign; - int64_t rekey_limit; -- int disable_multithreaded; /*disable multithreaded aes-ctr*/ - + int none_switch; /* Use none cipher */ - + int none_enabled; /* Allow none to be used */ - int rekey_interval; -@@ -650,10 +681,8 @@ - - /* Portable-specific options */ - if (options->use_pam == -1) --@@ -391,6 +400,43 @@ fill_default_server_options(ServerOptions *options) -+@@ -391,4 +400,41 @@ fill_default_server_options(ServerOptions *options) - options->permit_tun = SSH_TUNMODE_NO; -- if (options->disable_multithreaded == -1) -- options->disable_multithreaded = 0; - + if (options->none_enabled == -1) - + options->none_enabled = 0; - + if (options->hpn_disabled == -1) -@@ -1095,9 +1124,9 @@ - + fprintf(stderr, "NONE cipher switch disabled when a TTY is allocated\n"); - + } - + } -+ debug("Authentication succeeded (%s).", authctxt.method->name); -+ } - -- #ifdef WITH_OPENSSL -- if (options.disable_multithreaded == 0) { - diff --git a/sshd.c b/sshd.c - index a738c3a..b32dbe0 100644 - --- a/sshd.c -@@ -1181,14 +1210,3 @@ - # Example of overriding settings on a per-user basis - #Match User anoncvs - # X11Forwarding no --diff --git a/version.h b/version.h --index f1bbf00..21a70c2 100644 ----- a/version.h --+++ b/version.h --@@ -3,4 +3,5 @@ -- #define SSH_VERSION "OpenSSH_7.8" -- -- #define SSH_PORTABLE "p1" ---#define SSH_RELEASE SSH_VERSION SSH_PORTABLE --+#define SSH_RELEASE SSH_VERSION SSH_PORTABLE SSH_HPN --+ diff --git a/net-misc/openssh/files/openssh-8.0_p1-hpn-glue.patch b/net-misc/openssh/files/openssh-8.0_p1-hpn-glue.patch deleted file mode 100644 index adbfa87af..000000000 --- a/net-misc/openssh/files/openssh-8.0_p1-hpn-glue.patch +++ /dev/null @@ -1,194 +0,0 @@ -diff -ur --exclude '.*.un*' a/openssh-7_8_P1-hpn-AES-CTR-14.16.diff b/openssh-7_8_P1-hpn-AES-CTR-14.16.diff ---- a/openssh-7_8_P1-hpn-AES-CTR-14.16.diff 2019-04-18 15:07:06.748067368 -0700 -+++ b/openssh-7_8_P1-hpn-AES-CTR-14.16.diff 2019-04-18 19:42:26.689298696 -0700 -@@ -998,7 +998,7 @@ - + * so we repoint the define to the multithreaded evp. To start the threads we - + * then force a rekey - + */ --+ const void *cc = ssh_packet_get_send_context(active_state); -++ const void *cc = ssh_packet_get_send_context(ssh); - + - + /* only do this for the ctr cipher. otherwise gcm mode breaks. Don't know why though */ - + if (strstr(cipher_ctx_name(cc), "ctr")) { -@@ -1028,7 +1028,7 @@ - + * so we repoint the define to the multithreaded evp. To start the threads we - + * then force a rekey - + */ --+ const void *cc = ssh_packet_get_send_context(active_state); -++ const void *cc = ssh_packet_get_send_context(ssh); - + - + /* only rekey if necessary. If we don't do this gcm mode cipher breaks */ - + if (strstr(cipher_ctx_name(cc), "ctr")) { -diff -ur --exclude '.*.un*' a/openssh-7_8_P1-hpn-DynWinNoneSwitch-14.16.diff b/openssh-7_8_P1-hpn-DynWinNoneSwitch-14.16.diff ---- a/openssh-7_8_P1-hpn-DynWinNoneSwitch-14.16.diff 2019-04-18 15:07:11.289035776 -0700 -+++ b/openssh-7_8_P1-hpn-DynWinNoneSwitch-14.16.diff 2019-04-18 17:07:59.413376785 -0700 -@@ -162,24 +162,24 @@ - } - - +static int --+channel_tcpwinsz(void) -++channel_tcpwinsz(struct ssh *ssh) - +{ - + u_int32_t tcpwinsz = 0; - + socklen_t optsz = sizeof(tcpwinsz); - + int ret = -1; - + - + /* if we aren't on a socket return 128KB */ --+ if (!packet_connection_is_on_socket()) -++ if (!ssh_packet_connection_is_on_socket(ssh)) - + return 128 * 1024; - + --+ ret = getsockopt(packet_get_connection_in(), -++ ret = getsockopt(ssh_packet_get_connection_in(ssh), - + SOL_SOCKET, SO_RCVBUF, &tcpwinsz, &optsz); - + /* return no more than SSHBUF_SIZE_MAX (currently 256MB) */ - + if ((ret == 0) && tcpwinsz > SSHBUF_SIZE_MAX) - + tcpwinsz = SSHBUF_SIZE_MAX; - + - + debug2("tcpwinsz: tcp connection %d, Receive window: %d", --+ packet_get_connection_in(), tcpwinsz); -++ ssh_packet_get_connection_in(ssh), tcpwinsz); - + return tcpwinsz; - +} - + -@@ -191,7 +191,7 @@ - c->local_window < c->local_window_max/2) && - c->local_consumed > 0) { - + u_int addition = 0; --+ u_int32_t tcpwinsz = channel_tcpwinsz(); -++ u_int32_t tcpwinsz = channel_tcpwinsz(ssh); - + /* adjust max window size if we are in a dynamic environment */ - + if (c->dynamic_window && (tcpwinsz > c->local_window_max)) { - + /* grow the window somewhat aggressively to maintain pressure */ -@@ -409,18 +409,10 @@ - index dcf35e6..da4ced0 100644 - --- a/packet.c - +++ b/packet.c --@@ -920,6 +920,24 @@ ssh_set_newkeys(struct ssh *ssh, int mode) -+@@ -920,6 +920,16 @@ ssh_set_newkeys(struct ssh *ssh, int mode) - return 0; - } - --+/* this supports the forced rekeying required for the NONE cipher */ --+int rekey_requested = 0; --+void --+packet_request_rekeying(void) --+{ --+ rekey_requested = 1; --+} --+ - +/* used to determine if pre or post auth when rekeying for aes-ctr - + * and none cipher switch */ - +int -@@ -434,20 +426,6 @@ - #define MAX_PACKETS (1U<<31) - static int - ssh_packet_need_rekeying(struct ssh *ssh, u_int outbound_packet_len) --@@ -946,6 +964,13 @@ ssh_packet_need_rekeying(struct ssh *ssh, u_int outbound_packet_len) -- if (state->p_send.packets == 0 && state->p_read.packets == 0) -- return 0; -- --+ /* used to force rekeying when called for by the none --+ * cipher switch methods -cjr */ --+ if (rekey_requested == 1) { --+ rekey_requested = 0; --+ return 1; --+ } --+ -- /* Time-based rekeying */ -- if (state->rekey_interval != 0 && -- (int64_t)state->rekey_time + state->rekey_interval <= monotime()) - diff --git a/packet.h b/packet.h - index 170203c..f4d9df2 100644 - --- a/packet.h -@@ -476,9 +454,9 @@ - /* Format of the configuration file: - - @@ -166,6 +167,8 @@ typedef enum { -- oHashKnownHosts, - oTunnel, oTunnelDevice, - oLocalCommand, oPermitLocalCommand, oRemoteCommand, -+ oDisableMTAES, - + oTcpRcvBufPoll, oTcpRcvBuf, oHPNDisabled, oHPNBufferSize, - + oNoneEnabled, oNoneSwitch, - oVisualHostKey, -@@ -615,9 +593,9 @@ - int ip_qos_bulk; /* IP ToS/DSCP/class for bulk traffic */ - SyslogFacility log_facility; /* Facility for system logging. */ - @@ -111,7 +115,10 @@ typedef struct { -- - int enable_ssh_keysign; - int64_t rekey_limit; -+ int disable_multithreaded; /*disable multithreaded aes-ctr*/ - + int none_switch; /* Use none cipher */ - + int none_enabled; /* Allow none to be used */ - int rekey_interval; -@@ -673,9 +651,9 @@ - /* Portable-specific options */ - if (options->use_pam == -1) - @@ -391,6 +400,43 @@ fill_default_server_options(ServerOptions *options) -- } -- if (options->permit_tun == -1) - options->permit_tun = SSH_TUNMODE_NO; -+ if (options->disable_multithreaded == -1) -+ options->disable_multithreaded = 0; - + if (options->none_enabled == -1) - + options->none_enabled = 0; - + if (options->hpn_disabled == -1) -@@ -1092,7 +1070,7 @@ - xxx_host = host; - xxx_hostaddr = hostaddr; - --@@ -412,6 +423,28 @@ ssh_userauth2(const char *local_user, const char *server_user, char *host, -+@@ -412,6 +423,27 @@ ssh_userauth2(const char *local_user, const char *server_user, char *host, - - if (!authctxt.success) - fatal("Authentication failed."); -@@ -1108,7 +1086,7 @@ - + memcpy(&myproposal, &myproposal_default, sizeof(myproposal)); - + myproposal[PROPOSAL_ENC_ALGS_STOC] = "none"; - + myproposal[PROPOSAL_ENC_ALGS_CTOS] = "none"; --+ kex_prop2buf(active_state->kex->my, myproposal); -++ kex_prop2buf(ssh->kex->my, myproposal); - + packet_request_rekeying(); - + fprintf(stderr, "WARNING: ENABLED NONE CIPHER\n"); - + } else { -@@ -1117,23 +1095,13 @@ - + fprintf(stderr, "NONE cipher switch disabled when a TTY is allocated\n"); - + } - + } --+ -- debug("Authentication succeeded (%s).", authctxt.method->name); -- } - -+ #ifdef WITH_OPENSSL -+ if (options.disable_multithreaded == 0) { - diff --git a/sshd.c b/sshd.c - index a738c3a..b32dbe0 100644 - --- a/sshd.c - +++ b/sshd.c --@@ -373,7 +373,7 @@ sshd_exchange_identification(struct ssh *ssh, int sock_in, int sock_out) -- char remote_version[256]; /* Must be at least as big as buf. */ -- -- xasprintf(&server_version_string, "SSH-%d.%d-%.100s%s%s\r\n", --- PROTOCOL_MAJOR_2, PROTOCOL_MINOR_2, SSH_VERSION, --+ PROTOCOL_MAJOR_2, PROTOCOL_MINOR_2, SSH_RELEASE, -- *options.version_addendum == '\0' ? "" : " ", -- options.version_addendum); -- - @@ -1037,6 +1037,8 @@ listen_on_addrs(struct listenaddr *la) - int ret, listen_sock; - struct addrinfo *ai; -@@ -1217,11 +1185,10 @@ - index f1bbf00..21a70c2 100644 - --- a/version.h - +++ b/version.h --@@ -3,4 +3,6 @@ -+@@ -3,4 +3,5 @@ - #define SSH_VERSION "OpenSSH_7.8" - - #define SSH_PORTABLE "p1" - -#define SSH_RELEASE SSH_VERSION SSH_PORTABLE --+#define SSH_HPN "-hpn14v16" - +#define SSH_RELEASE SSH_VERSION SSH_PORTABLE SSH_HPN - + diff --git a/net-misc/openssh/files/openssh-8.1_p1-GSSAPI-dns.patch b/net-misc/openssh/files/openssh-8.1_p1-GSSAPI-dns.patch deleted file mode 100644 index 6aba6f266..000000000 --- a/net-misc/openssh/files/openssh-8.1_p1-GSSAPI-dns.patch +++ /dev/null @@ -1,359 +0,0 @@ -diff --git a/auth.c b/auth.c -index ca450f4e..2994a4e4 100644 ---- a/auth.c -+++ b/auth.c -@@ -723,120 +723,6 @@ fakepw(void) - return (&fake); - } - --/* -- * Returns the remote DNS hostname as a string. The returned string must not -- * be freed. NB. this will usually trigger a DNS query the first time it is -- * called. -- * This function does additional checks on the hostname to mitigate some -- * attacks on legacy rhosts-style authentication. -- * XXX is RhostsRSAAuthentication vulnerable to these? -- * XXX Can we remove these checks? (or if not, remove RhostsRSAAuthentication?) -- */ -- --static char * --remote_hostname(struct ssh *ssh) --{ -- struct sockaddr_storage from; -- socklen_t fromlen; -- struct addrinfo hints, *ai, *aitop; -- char name[NI_MAXHOST], ntop2[NI_MAXHOST]; -- const char *ntop = ssh_remote_ipaddr(ssh); -- -- /* Get IP address of client. */ -- fromlen = sizeof(from); -- memset(&from, 0, sizeof(from)); -- if (getpeername(ssh_packet_get_connection_in(ssh), -- (struct sockaddr *)&from, &fromlen) == -1) { -- debug("getpeername failed: %.100s", strerror(errno)); -- return strdup(ntop); -- } -- -- ipv64_normalise_mapped(&from, &fromlen); -- if (from.ss_family == AF_INET6) -- fromlen = sizeof(struct sockaddr_in6); -- -- debug3("Trying to reverse map address %.100s.", ntop); -- /* Map the IP address to a host name. */ -- if (getnameinfo((struct sockaddr *)&from, fromlen, name, sizeof(name), -- NULL, 0, NI_NAMEREQD) != 0) { -- /* Host name not found. Use ip address. */ -- return strdup(ntop); -- } -- -- /* -- * if reverse lookup result looks like a numeric hostname, -- * someone is trying to trick us by PTR record like following: -- * 1.1.1.10.in-addr.arpa. IN PTR 2.3.4.5 -- */ -- memset(&hints, 0, sizeof(hints)); -- hints.ai_socktype = SOCK_DGRAM; /*dummy*/ -- hints.ai_flags = AI_NUMERICHOST; -- if (getaddrinfo(name, NULL, &hints, &ai) == 0) { -- logit("Nasty PTR record \"%s\" is set up for %s, ignoring", -- name, ntop); -- freeaddrinfo(ai); -- return strdup(ntop); -- } -- -- /* Names are stored in lowercase. */ -- lowercase(name); -- -- /* -- * Map it back to an IP address and check that the given -- * address actually is an address of this host. This is -- * necessary because anyone with access to a name server can -- * define arbitrary names for an IP address. Mapping from -- * name to IP address can be trusted better (but can still be -- * fooled if the intruder has access to the name server of -- * the domain). -- */ -- memset(&hints, 0, sizeof(hints)); -- hints.ai_family = from.ss_family; -- hints.ai_socktype = SOCK_STREAM; -- if (getaddrinfo(name, NULL, &hints, &aitop) != 0) { -- logit("reverse mapping checking getaddrinfo for %.700s " -- "[%s] failed.", name, ntop); -- return strdup(ntop); -- } -- /* Look for the address from the list of addresses. */ -- for (ai = aitop; ai; ai = ai->ai_next) { -- if (getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop2, -- sizeof(ntop2), NULL, 0, NI_NUMERICHOST) == 0 && -- (strcmp(ntop, ntop2) == 0)) -- break; -- } -- freeaddrinfo(aitop); -- /* If we reached the end of the list, the address was not there. */ -- if (ai == NULL) { -- /* Address not found for the host name. */ -- logit("Address %.100s maps to %.600s, but this does not " -- "map back to the address.", ntop, name); -- return strdup(ntop); -- } -- return strdup(name); --} -- --/* -- * Return the canonical name of the host in the other side of the current -- * connection. The host name is cached, so it is efficient to call this -- * several times. -- */ -- --const char * --auth_get_canonical_hostname(struct ssh *ssh, int use_dns) --{ -- static char *dnsname; -- -- if (!use_dns) -- return ssh_remote_ipaddr(ssh); -- else if (dnsname != NULL) -- return dnsname; -- else { -- dnsname = remote_hostname(ssh); -- return dnsname; -- } --} -- - /* - * Runs command in a subprocess with a minimal environment. - * Returns pid on success, 0 on failure. -diff --git a/canohost.c b/canohost.c -index abea9c6e..4f4524d2 100644 ---- a/canohost.c -+++ b/canohost.c -@@ -202,3 +202,117 @@ get_local_port(int sock) - { - return get_sock_port(sock, 1); - } -+ -+/* -+ * Returns the remote DNS hostname as a string. The returned string must not -+ * be freed. NB. this will usually trigger a DNS query the first time it is -+ * called. -+ * This function does additional checks on the hostname to mitigate some -+ * attacks on legacy rhosts-style authentication. -+ * XXX is RhostsRSAAuthentication vulnerable to these? -+ * XXX Can we remove these checks? (or if not, remove RhostsRSAAuthentication?) -+ */ -+ -+static char * -+remote_hostname(struct ssh *ssh) -+{ -+ struct sockaddr_storage from; -+ socklen_t fromlen; -+ struct addrinfo hints, *ai, *aitop; -+ char name[NI_MAXHOST], ntop2[NI_MAXHOST]; -+ const char *ntop = ssh_remote_ipaddr(ssh); -+ -+ /* Get IP address of client. */ -+ fromlen = sizeof(from); -+ memset(&from, 0, sizeof(from)); -+ if (getpeername(ssh_packet_get_connection_in(ssh), -+ (struct sockaddr *)&from, &fromlen) < 0) { -+ debug("getpeername failed: %.100s", strerror(errno)); -+ return strdup(ntop); -+ } -+ -+ ipv64_normalise_mapped(&from, &fromlen); -+ if (from.ss_family == AF_INET6) -+ fromlen = sizeof(struct sockaddr_in6); -+ -+ debug3("Trying to reverse map address %.100s.", ntop); -+ /* Map the IP address to a host name. */ -+ if (getnameinfo((struct sockaddr *)&from, fromlen, name, sizeof(name), -+ NULL, 0, NI_NAMEREQD) != 0) { -+ /* Host name not found. Use ip address. */ -+ return strdup(ntop); -+ } -+ -+ /* -+ * if reverse lookup result looks like a numeric hostname, -+ * someone is trying to trick us by PTR record like following: -+ * 1.1.1.10.in-addr.arpa. IN PTR 2.3.4.5 -+ */ -+ memset(&hints, 0, sizeof(hints)); -+ hints.ai_socktype = SOCK_DGRAM; /*dummy*/ -+ hints.ai_flags = AI_NUMERICHOST; -+ if (getaddrinfo(name, NULL, &hints, &ai) == 0) { -+ logit("Nasty PTR record \"%s\" is set up for %s, ignoring", -+ name, ntop); -+ freeaddrinfo(ai); -+ return strdup(ntop); -+ } -+ -+ /* Names are stored in lowercase. */ -+ lowercase(name); -+ -+ /* -+ * Map it back to an IP address and check that the given -+ * address actually is an address of this host. This is -+ * necessary because anyone with access to a name server can -+ * define arbitrary names for an IP address. Mapping from -+ * name to IP address can be trusted better (but can still be -+ * fooled if the intruder has access to the name server of -+ * the domain). -+ */ -+ memset(&hints, 0, sizeof(hints)); -+ hints.ai_family = from.ss_family; -+ hints.ai_socktype = SOCK_STREAM; -+ if (getaddrinfo(name, NULL, &hints, &aitop) != 0) { -+ logit("reverse mapping checking getaddrinfo for %.700s " -+ "[%s] failed.", name, ntop); -+ return strdup(ntop); -+ } -+ /* Look for the address from the list of addresses. */ -+ for (ai = aitop; ai; ai = ai->ai_next) { -+ if (getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop2, -+ sizeof(ntop2), NULL, 0, NI_NUMERICHOST) == 0 && -+ (strcmp(ntop, ntop2) == 0)) -+ break; -+ } -+ freeaddrinfo(aitop); -+ /* If we reached the end of the list, the address was not there. */ -+ if (ai == NULL) { -+ /* Address not found for the host name. */ -+ logit("Address %.100s maps to %.600s, but this does not " -+ "map back to the address.", ntop, name); -+ return strdup(ntop); -+ } -+ return strdup(name); -+} -+ -+/* -+ * Return the canonical name of the host in the other side of the current -+ * connection. The host name is cached, so it is efficient to call this -+ * several times. -+ */ -+ -+const char * -+auth_get_canonical_hostname(struct ssh *ssh, int use_dns) -+{ -+ static char *dnsname; -+ -+ if (!use_dns) -+ return ssh_remote_ipaddr(ssh); -+ else if (dnsname != NULL) -+ return dnsname; -+ else { -+ dnsname = remote_hostname(ssh); -+ return dnsname; -+ } -+} -diff --git a/readconf.c b/readconf.c -index f78b4d6f..747287f7 100644 ---- a/readconf.c -+++ b/readconf.c -@@ -162,6 +162,7 @@ typedef enum { - oClearAllForwardings, oNoHostAuthenticationForLocalhost, - oEnableSSHKeysign, oRekeyLimit, oVerifyHostKeyDNS, oConnectTimeout, - oAddressFamily, oGssAuthentication, oGssDelegateCreds, -+ oGssTrustDns, - oServerAliveInterval, oServerAliveCountMax, oIdentitiesOnly, - oSendEnv, oSetEnv, oControlPath, oControlMaster, oControlPersist, - oHashKnownHosts, -@@ -203,9 +204,11 @@ static struct { - #if defined(GSSAPI) - { "gssapiauthentication", oGssAuthentication }, - { "gssapidelegatecredentials", oGssDelegateCreds }, -+ { "gssapitrustdns", oGssTrustDns }, - # else - { "gssapiauthentication", oUnsupported }, - { "gssapidelegatecredentials", oUnsupported }, -+ { "gssapitrustdns", oUnsupported }, - #endif - #ifdef ENABLE_PKCS11 - { "pkcs11provider", oPKCS11Provider }, -@@ -992,6 +995,10 @@ parse_time: - intptr = &options->gss_deleg_creds; - goto parse_flag; - -+ case oGssTrustDns: -+ intptr = &options->gss_trust_dns; -+ goto parse_flag; -+ - case oBatchMode: - intptr = &options->batch_mode; - goto parse_flag; -@@ -1864,6 +1871,7 @@ initialize_options(Options * options) - options->challenge_response_authentication = -1; - options->gss_authentication = -1; - options->gss_deleg_creds = -1; -+ options->gss_trust_dns = -1; - options->password_authentication = -1; - options->kbd_interactive_authentication = -1; - options->kbd_interactive_devices = NULL; -@@ -2011,6 +2019,8 @@ fill_default_options(Options * options) - options->gss_authentication = 0; - if (options->gss_deleg_creds == -1) - options->gss_deleg_creds = 0; -+ if (options->gss_trust_dns == -1) -+ options->gss_trust_dns = 0; - if (options->password_authentication == -1) - options->password_authentication = 1; - if (options->kbd_interactive_authentication == -1) -diff --git a/readconf.h b/readconf.h -index 8e36bf32..c9e4718d 100644 ---- a/readconf.h -+++ b/readconf.h -@@ -41,6 +41,7 @@ typedef struct { - /* Try S/Key or TIS, authentication. */ - int gss_authentication; /* Try GSS authentication */ - int gss_deleg_creds; /* Delegate GSS credentials */ -+ int gss_trust_dns; /* Trust DNS for GSS canonicalization */ - int password_authentication; /* Try password - * authentication. */ - int kbd_interactive_authentication; /* Try keyboard-interactive auth. */ -diff --git a/ssh_config.5 b/ssh_config.5 -index 02a87892..95de538b 100644 ---- a/ssh_config.5 -+++ b/ssh_config.5 -@@ -762,6 +762,16 @@ The default is - Forward (delegate) credentials to the server. - The default is - .Cm no . -+Note that this option applies to protocol version 2 connections using GSSAPI. -+.It Cm GSSAPITrustDns -+Set to -+.Dq yes to indicate that the DNS is trusted to securely canonicalize -+the name of the host being connected to. If -+.Dq no, the hostname entered on the -+command line will be passed untouched to the GSSAPI library. -+The default is -+.Dq no . -+This option only applies to protocol version 2 connections using GSSAPI. - .It Cm HashKnownHosts - Indicates that - .Xr ssh 1 -diff --git a/sshconnect2.c b/sshconnect2.c -index 87fa70a4..a6ffdc96 100644 ---- a/sshconnect2.c -+++ b/sshconnect2.c -@@ -697,6 +697,13 @@ userauth_gssapi(struct ssh *ssh) - OM_uint32 min; - int r, ok = 0; - gss_OID mech = NULL; -+ const char *gss_host; -+ -+ if (options.gss_trust_dns) { -+ extern const char *auth_get_canonical_hostname(struct ssh *ssh, int use_dns); -+ gss_host = auth_get_canonical_hostname(ssh, 1); -+ } else -+ gss_host = authctxt->host; - - /* Try one GSSAPI method at a time, rather than sending them all at - * once. */ -@@ -711,7 +718,7 @@ userauth_gssapi(struct ssh *ssh) - elements[authctxt->mech_tried]; - /* My DER encoding requires length<128 */ - if (mech->length < 128 && ssh_gssapi_check_mechanism(&gssctxt, -- mech, authctxt->host)) { -+ mech, gss_host)) { - ok = 1; /* Mechanism works */ - } else { - authctxt->mech_tried++; diff --git a/net-misc/openssh/files/openssh-8.1_p1-X509-12.3-tests.patch b/net-misc/openssh/files/openssh-8.1_p1-X509-12.3-tests.patch deleted file mode 100644 index 67a93fe2a..000000000 --- a/net-misc/openssh/files/openssh-8.1_p1-X509-12.3-tests.patch +++ /dev/null @@ -1,11 +0,0 @@ ---- a/openbsd-compat/regress/Makefile.in 2019-06-17 10:59:01.210601434 -0700 -+++ b/openbsd-compat/regress/Makefile.in 2019-06-17 10:59:18.753485852 -0700 -@@ -7,7 +7,7 @@ - CC=@CC@ - LD=@LD@ - CFLAGS=@CFLAGS@ --CPPFLAGS=-I. -I.. -I$(srcdir) -I$(srcdir)/.. @CPPFLAGS@ @DEFS@ -+CPPFLAGS=-I. -I.. -I../.. -I$(srcdir) -I$(srcdir)/.. @CPPFLAGS@ @DEFS@ - EXEEXT=@EXEEXT@ - LIBCOMPAT=../libopenbsd-compat.a - LIBS=@LIBS@ diff --git a/net-misc/openssh/files/openssh-8.1_p1-X509-glue-12.3.patch b/net-misc/openssh/files/openssh-8.1_p1-X509-glue-12.3.patch deleted file mode 100644 index 48cce7979..000000000 --- a/net-misc/openssh/files/openssh-8.1_p1-X509-glue-12.3.patch +++ /dev/null @@ -1,35 +0,0 @@ -Only in b: .openssh-8.1p1+x509-12.3.diff.un~ -diff -ur a/openssh-8.1p1+x509-12.3.diff b/openssh-8.1p1+x509-12.3.diff ---- a/openssh-8.1p1+x509-12.3.diff 2019-10-14 11:33:45.796485604 -0700 -+++ b/openssh-8.1p1+x509-12.3.diff 2019-10-14 11:39:44.960312587 -0700 -@@ -35343,12 +35343,11 @@ - - install: $(CONFIGFILES) $(MANPAGES) $(TARGETS) install-files install-sysconf host-key check-config - install-nokeys: $(CONFIGFILES) $(MANPAGES) $(TARGETS) install-files install-sysconf --@@ -339,6 +360,8 @@ -+@@ -339,6 +360,7 @@ - $(MKDIR_P) $(DESTDIR)$(mandir)/$(mansubdir)5 - $(MKDIR_P) $(DESTDIR)$(mandir)/$(mansubdir)8 - $(MKDIR_P) $(DESTDIR)$(libexecdir) - + $(MKDIR_P) $(DESTDIR)$(sshcadir) --+ $(MKDIR_P) $(DESTDIR)$(piddir) - $(MKDIR_P) -m 0755 $(DESTDIR)$(PRIVSEP_PATH) - $(INSTALL) -m 0755 $(STRIP_OPT) ssh$(EXEEXT) $(DESTDIR)$(bindir)/ssh$(EXEEXT) - $(INSTALL) -m 0755 $(STRIP_OPT) scp$(EXEEXT) $(DESTDIR)$(bindir)/scp$(EXEEXT) -@@ -83536,16 +83535,6 @@ - + return mbtowc(NULL, s, n); - +} - +#endif --diff -ruN openssh-8.1p1/version.h openssh-8.1p1+x509-12.3/version.h ----- openssh-8.1p1/version.h 2019-10-09 03:31:03.000000000 +0300 --+++ openssh-8.1p1+x509-12.3/version.h 2019-10-13 09:07:00.000000000 +0300 --@@ -2,5 +2,4 @@ -- -- #define SSH_VERSION "OpenSSH_8.1" -- ---#define SSH_PORTABLE "p1" ---#define SSH_RELEASE SSH_VERSION SSH_PORTABLE --+#define SSH_RELEASE PACKAGE_STRING ", " SSH_VERSION "p1" - diff -ruN openssh-8.1p1/version.m4 openssh-8.1p1+x509-12.3/version.m4 - --- openssh-8.1p1/version.m4 1970-01-01 02:00:00.000000000 +0200 - +++ openssh-8.1p1+x509-12.3/version.m4 2019-10-13 09:07:00.000000000 +0300 diff --git a/net-misc/openssh/files/openssh-8.1_p1-hpn-14.20-glue.patch b/net-misc/openssh/files/openssh-8.1_p1-hpn-14.20-glue.patch deleted file mode 100644 index 90fa248fc..000000000 --- a/net-misc/openssh/files/openssh-8.1_p1-hpn-14.20-glue.patch +++ /dev/null @@ -1,105 +0,0 @@ -diff -ur a/openssh-8_1_P1-hpn-DynWinNoneSwitch-14.20.diff b/openssh-8_1_P1-hpn-DynWinNoneSwitch-14.20.diff ---- a/openssh-8_1_P1-hpn-DynWinNoneSwitch-14.20.diff 2020-02-04 14:55:30.408567718 -0800 -+++ b/openssh-8_1_P1-hpn-DynWinNoneSwitch-14.20.diff 2020-02-04 15:16:14.646567224 -0800 -@@ -409,18 +409,10 @@ - index 817da43b..b2bcf78f 100644 - --- a/packet.c - +++ b/packet.c --@@ -925,6 +925,24 @@ ssh_set_newkeys(struct ssh *ssh, int mode) -+@@ -925,6 +925,16 @@ ssh_set_newkeys(struct ssh *ssh, int mode) - return 0; - } - --+/* this supports the forced rekeying required for the NONE cipher */ --+int rekey_requested = 0; --+void --+packet_request_rekeying(void) --+{ --+ rekey_requested = 1; --+} --+ - +/* used to determine if pre or post auth when rekeying for aes-ctr - + * and none cipher switch */ - +int -@@ -434,20 +426,6 @@ - #define MAX_PACKETS (1U<<31) - static int - ssh_packet_need_rekeying(struct ssh *ssh, u_int outbound_packet_len) --@@ -951,6 +969,13 @@ ssh_packet_need_rekeying(struct ssh *ssh, u_int outbound_packet_len) -- if (state->p_send.packets == 0 && state->p_read.packets == 0) -- return 0; -- --+ /* used to force rekeying when called for by the none --+ * cipher switch methods -cjr */ --+ if (rekey_requested == 1) { --+ rekey_requested = 0; --+ return 1; --+ } --+ -- /* Time-based rekeying */ -- if (state->rekey_interval != 0 && -- (int64_t)state->rekey_time + state->rekey_interval <= monotime()) - diff --git a/packet.h b/packet.h - index 8ccfd2e0..1ad9bc06 100644 - --- a/packet.h -@@ -476,9 +454,9 @@ - /* Format of the configuration file: - - @@ -167,6 +168,8 @@ typedef enum { -- oHashKnownHosts, - oTunnel, oTunnelDevice, - oLocalCommand, oPermitLocalCommand, oRemoteCommand, -+ oDisableMTAES, - + oTcpRcvBufPoll, oTcpRcvBuf, oHPNDisabled, oHPNBufferSize, - + oNoneEnabled, oNoneSwitch, - oVisualHostKey, -@@ -615,9 +593,9 @@ - int ip_qos_bulk; /* IP ToS/DSCP/class for bulk traffic */ - SyslogFacility log_facility; /* Facility for system logging. */ - @@ -112,7 +116,10 @@ typedef struct { -- - int enable_ssh_keysign; - int64_t rekey_limit; -+ int disable_multithreaded; /*disable multithreaded aes-ctr*/ - + int none_switch; /* Use none cipher */ - + int none_enabled; /* Allow none to be used */ - int rekey_interval; -@@ -700,9 +678,9 @@ - + options->hpn_buffer_size = CHAN_TCP_WINDOW_DEFAULT; - + } - + -+ if (options->disable_multithreaded == -1) -+ options->disable_multithreaded = 0; - if (options->ip_qos_interactive == -1) -- options->ip_qos_interactive = IPTOS_DSCP_AF21; -- if (options->ip_qos_bulk == -1) - @@ -486,6 +532,8 @@ typedef enum { - sPasswordAuthentication, sKbdInteractiveAuthentication, - sListenAddress, sAddressFamily, -@@ -1079,11 +1057,11 @@ - xxx_host = host; - xxx_hostaddr = hostaddr; - --@@ -422,6 +433,28 @@ ssh_userauth2(struct ssh *ssh, const char *local_user, -+@@ -422,7 +433,28 @@ ssh_userauth2(struct ssh *ssh, const char *local_user, - - if (!authctxt.success) - fatal("Authentication failed."); --+ -+ - + /* - + * If the user wants to use the none cipher, do it post authentication - + * and only if the right conditions are met -- both of the NONE commands -@@ -1105,9 +1083,9 @@ - + } - + } - + -- debug("Authentication succeeded (%s).", authctxt.method->name); -- } -- -+ #ifdef WITH_OPENSSL -+ if (options.disable_multithreaded == 0) { -+ /* if we are using aes-ctr there can be issues in either a fork or sandbox - diff --git a/sshd.c b/sshd.c - index 11571c01..23a06022 100644 - --- a/sshd.c diff --git a/net-misc/openssh/files/openssh-8.1_p1-hpn-14.20-sctp-glue.patch b/net-misc/openssh/files/openssh-8.1_p1-hpn-14.20-sctp-glue.patch deleted file mode 100644 index 3f5c7a47d..000000000 --- a/net-misc/openssh/files/openssh-8.1_p1-hpn-14.20-sctp-glue.patch +++ /dev/null @@ -1,19 +0,0 @@ -diff -ur a/openssh-8_1_P1-hpn-DynWinNoneSwitch-14.20.diff b/openssh-8_1_P1-hpn-DynWinNoneSwitch-14.20.diff ---- a/openssh-8_1_P1-hpn-DynWinNoneSwitch-14.20.diff 2020-02-04 14:55:30.408567718 -0800 -+++ b/openssh-8_1_P1-hpn-DynWinNoneSwitch-14.20.diff 2020-02-04 16:36:51.394069720 -0800 -@@ -1191,15 +1191,3 @@ - # Example of overriding settings on a per-user basis - #Match User anoncvs - # X11Forwarding no --diff --git a/version.h b/version.h --index 6b3fadf8..ec1d2e27 100644 ----- a/version.h --+++ b/version.h --@@ -3,4 +3,6 @@ -- #define SSH_VERSION "OpenSSH_8.1" -- -- #define SSH_PORTABLE "p1" ---#define SSH_RELEASE SSH_VERSION SSH_PORTABLE --+#define SSH_HPN "-hpn14v20" --+#define SSH_RELEASE SSH_VERSION SSH_PORTABLE SSH_HPN --+ diff --git a/net-misc/openssh/files/openssh-8.1_p1-hpn-glue.patch b/net-misc/openssh/files/openssh-8.1_p1-hpn-glue.patch deleted file mode 100644 index 0ad814f95..000000000 --- a/net-misc/openssh/files/openssh-8.1_p1-hpn-glue.patch +++ /dev/null @@ -1,216 +0,0 @@ -Only in b: .openssh-7_8_P1-hpn-AES-CTR-14.16.diff.un~ -Only in b: .openssh-7_8_P1-hpn-DynWinNoneSwitch-14.16.diff.un~ -diff -ru a/openssh-7_8_P1-hpn-AES-CTR-14.16.diff b/openssh-7_8_P1-hpn-AES-CTR-14.16.diff ---- a/openssh-7_8_P1-hpn-AES-CTR-14.16.diff 2019-10-10 13:48:31.513603947 -0700 -+++ b/openssh-7_8_P1-hpn-AES-CTR-14.16.diff 2019-10-10 13:50:15.012495676 -0700 -@@ -17,8 +17,8 @@ - canohost.o channels.o cipher.o cipher-aes.o cipher-aesctr.o \ - - cipher-ctr.o cleanup.o \ - + cipher-ctr.o cleanup.o cipher-ctr-mt.o \ -- compat.o crc32.o fatal.o hostfile.o \ -- log.o match.o moduli.o nchan.o packet.o opacket.o \ -+ compat.o fatal.o hostfile.o \ -+ log.o match.o moduli.o nchan.o packet.o \ - readpass.o ttymodes.o xmalloc.o addrmatch.o \ - diff --git a/cipher-ctr-mt.c b/cipher-ctr-mt.c - new file mode 100644 -@@ -998,7 +998,7 @@ - + * so we repoint the define to the multithreaded evp. To start the threads we - + * then force a rekey - + */ --+ const void *cc = ssh_packet_get_send_context(active_state); -++ const void *cc = ssh_packet_get_send_context(ssh); - + - + /* only do this for the ctr cipher. otherwise gcm mode breaks. Don't know why though */ - + if (strstr(cipher_ctx_name(cc), "ctr")) { -@@ -1028,7 +1028,7 @@ - + * so we repoint the define to the multithreaded evp. To start the threads we - + * then force a rekey - + */ --+ const void *cc = ssh_packet_get_send_context(active_state); -++ const void *cc = ssh_packet_get_send_context(ssh); - + - + /* only rekey if necessary. If we don't do this gcm mode cipher breaks */ - + if (strstr(cipher_ctx_name(cc), "ctr")) { -diff -ru a/openssh-7_8_P1-hpn-DynWinNoneSwitch-14.16.diff b/openssh-7_8_P1-hpn-DynWinNoneSwitch-14.16.diff ---- a/openssh-7_8_P1-hpn-DynWinNoneSwitch-14.16.diff 2019-10-10 13:47:54.801642144 -0700 -+++ b/openssh-7_8_P1-hpn-DynWinNoneSwitch-14.16.diff 2019-10-10 15:58:05.085803333 -0700 -@@ -162,24 +162,24 @@ - } - - +static int --+channel_tcpwinsz(void) -++channel_tcpwinsz(struct ssh *ssh) - +{ - + u_int32_t tcpwinsz = 0; - + socklen_t optsz = sizeof(tcpwinsz); - + int ret = -1; - + - + /* if we aren't on a socket return 128KB */ --+ if (!packet_connection_is_on_socket()) -++ if (!ssh_packet_connection_is_on_socket(ssh)) - + return 128 * 1024; - + --+ ret = getsockopt(packet_get_connection_in(), -++ ret = getsockopt(ssh_packet_get_connection_in(ssh), - + SOL_SOCKET, SO_RCVBUF, &tcpwinsz, &optsz); - + /* return no more than SSHBUF_SIZE_MAX (currently 256MB) */ - + if ((ret == 0) && tcpwinsz > SSHBUF_SIZE_MAX) - + tcpwinsz = SSHBUF_SIZE_MAX; - + - + debug2("tcpwinsz: tcp connection %d, Receive window: %d", --+ packet_get_connection_in(), tcpwinsz); -++ ssh_packet_get_connection_in(ssh), tcpwinsz); - + return tcpwinsz; - +} - + -@@ -191,7 +191,7 @@ - c->local_window < c->local_window_max/2) && - c->local_consumed > 0) { - + u_int addition = 0; --+ u_int32_t tcpwinsz = channel_tcpwinsz(); -++ u_int32_t tcpwinsz = channel_tcpwinsz(ssh); - + /* adjust max window size if we are in a dynamic environment */ - + if (c->dynamic_window && (tcpwinsz > c->local_window_max)) { - + /* grow the window somewhat aggressively to maintain pressure */ -@@ -409,18 +409,10 @@ - index dcf35e6..da4ced0 100644 - --- a/packet.c - +++ b/packet.c --@@ -920,6 +920,24 @@ ssh_set_newkeys(struct ssh *ssh, int mode) -+@@ -920,6 +920,16 @@ ssh_set_newkeys(struct ssh *ssh, int mode) - return 0; - } - --+/* this supports the forced rekeying required for the NONE cipher */ --+int rekey_requested = 0; --+void --+packet_request_rekeying(void) --+{ --+ rekey_requested = 1; --+} --+ - +/* used to determine if pre or post auth when rekeying for aes-ctr - + * and none cipher switch */ - +int -@@ -434,20 +426,6 @@ - #define MAX_PACKETS (1U<<31) - static int - ssh_packet_need_rekeying(struct ssh *ssh, u_int outbound_packet_len) --@@ -946,6 +964,13 @@ ssh_packet_need_rekeying(struct ssh *ssh, u_int outbound_packet_len) -- if (state->p_send.packets == 0 && state->p_read.packets == 0) -- return 0; -- --+ /* used to force rekeying when called for by the none --+ * cipher switch methods -cjr */ --+ if (rekey_requested == 1) { --+ rekey_requested = 0; --+ return 1; --+ } --+ -- /* Time-based rekeying */ -- if (state->rekey_interval != 0 && -- (int64_t)state->rekey_time + state->rekey_interval <= monotime()) - diff --git a/packet.h b/packet.h - index 170203c..f4d9df2 100644 - --- a/packet.h -@@ -476,9 +454,9 @@ - /* Format of the configuration file: - - @@ -166,6 +167,8 @@ typedef enum { -- oHashKnownHosts, - oTunnel, oTunnelDevice, - oLocalCommand, oPermitLocalCommand, oRemoteCommand, -+ oDisableMTAES, - + oTcpRcvBufPoll, oTcpRcvBuf, oHPNDisabled, oHPNBufferSize, - + oNoneEnabled, oNoneSwitch, - oVisualHostKey, -@@ -615,9 +593,9 @@ - int ip_qos_bulk; /* IP ToS/DSCP/class for bulk traffic */ - SyslogFacility log_facility; /* Facility for system logging. */ - @@ -111,7 +115,10 @@ typedef struct { -- - int enable_ssh_keysign; - int64_t rekey_limit; -+ int disable_multithreaded; /*disable multithreaded aes-ctr*/ - + int none_switch; /* Use none cipher */ - + int none_enabled; /* Allow none to be used */ - int rekey_interval; -@@ -633,7 +611,7 @@ - off_t i, statbytes; - size_t amt, nr; - int fd = -1, haderr, indx; --- char *last, *name, buf[2048], encname[PATH_MAX]; -+- char *last, *name, buf[PATH_MAX + 128], encname[PATH_MAX]; - + char *last, *name, buf[16384], encname[PATH_MAX]; - int len; - -@@ -673,9 +651,9 @@ - /* Portable-specific options */ - if (options->use_pam == -1) - @@ -391,6 +400,43 @@ fill_default_server_options(ServerOptions *options) -- } -- if (options->permit_tun == -1) - options->permit_tun = SSH_TUNMODE_NO; -+ if (options->disable_multithreaded == -1) -+ options->disable_multithreaded = 0; - + if (options->none_enabled == -1) - + options->none_enabled = 0; - + if (options->hpn_disabled == -1) -@@ -1092,7 +1070,7 @@ - xxx_host = host; - xxx_hostaddr = hostaddr; - --@@ -412,6 +423,28 @@ ssh_userauth2(const char *local_user, const char *server_user, char *host, -+@@ -412,6 +423,27 @@ ssh_userauth2(const char *local_user, const char *server_user, char *host, - - if (!authctxt.success) - fatal("Authentication failed."); -@@ -1108,7 +1086,7 @@ - + memcpy(&myproposal, &myproposal_default, sizeof(myproposal)); - + myproposal[PROPOSAL_ENC_ALGS_STOC] = "none"; - + myproposal[PROPOSAL_ENC_ALGS_CTOS] = "none"; --+ kex_prop2buf(active_state->kex->my, myproposal); -++ kex_prop2buf(ssh->kex->my, myproposal); - + packet_request_rekeying(); - + fprintf(stderr, "WARNING: ENABLED NONE CIPHER\n"); - + } else { -@@ -1117,23 +1095,13 @@ - + fprintf(stderr, "NONE cipher switch disabled when a TTY is allocated\n"); - + } - + } --+ -- debug("Authentication succeeded (%s).", authctxt.method->name); -- } - -+ #ifdef WITH_OPENSSL -+ if (options.disable_multithreaded == 0) { - diff --git a/sshd.c b/sshd.c - index a738c3a..b32dbe0 100644 - --- a/sshd.c - +++ b/sshd.c --@@ -373,7 +373,7 @@ sshd_exchange_identification(struct ssh *ssh, int sock_in, int sock_out) -- char remote_version[256]; /* Must be at least as big as buf. */ -- -- xasprintf(&server_version_string, "SSH-%d.%d-%.100s%s%s\r\n", --- PROTOCOL_MAJOR_2, PROTOCOL_MINOR_2, SSH_VERSION, --+ PROTOCOL_MAJOR_2, PROTOCOL_MINOR_2, SSH_RELEASE, -- *options.version_addendum == '\0' ? "" : " ", -- options.version_addendum); -- - @@ -1037,6 +1037,8 @@ listen_on_addrs(struct listenaddr *la) - int ret, listen_sock; - struct addrinfo *ai; -@@ -1217,11 +1185,10 @@ - index f1bbf00..21a70c2 100644 - --- a/version.h - +++ b/version.h --@@ -3,4 +3,6 @@ -+@@ -3,4 +3,5 @@ - #define SSH_VERSION "OpenSSH_7.8" - - #define SSH_PORTABLE "p1" - -#define SSH_RELEASE SSH_VERSION SSH_PORTABLE --+#define SSH_HPN "-hpn14v16" - +#define SSH_RELEASE SSH_VERSION SSH_PORTABLE SSH_HPN - + diff --git a/net-misc/openssh/files/openssh-8.2_p1-GSSAPI-dns.patch b/net-misc/openssh/files/openssh-8.2_p1-GSSAPI-dns.patch deleted file mode 100644 index d4db77b98..000000000 --- a/net-misc/openssh/files/openssh-8.2_p1-GSSAPI-dns.patch +++ /dev/null @@ -1,359 +0,0 @@ -diff --git a/auth.c b/auth.c -index 086b8ebb..a267353c 100644 ---- a/auth.c -+++ b/auth.c -@@ -724,120 +724,6 @@ fakepw(void) - return (&fake); - } - --/* -- * Returns the remote DNS hostname as a string. The returned string must not -- * be freed. NB. this will usually trigger a DNS query the first time it is -- * called. -- * This function does additional checks on the hostname to mitigate some -- * attacks on legacy rhosts-style authentication. -- * XXX is RhostsRSAAuthentication vulnerable to these? -- * XXX Can we remove these checks? (or if not, remove RhostsRSAAuthentication?) -- */ -- --static char * --remote_hostname(struct ssh *ssh) --{ -- struct sockaddr_storage from; -- socklen_t fromlen; -- struct addrinfo hints, *ai, *aitop; -- char name[NI_MAXHOST], ntop2[NI_MAXHOST]; -- const char *ntop = ssh_remote_ipaddr(ssh); -- -- /* Get IP address of client. */ -- fromlen = sizeof(from); -- memset(&from, 0, sizeof(from)); -- if (getpeername(ssh_packet_get_connection_in(ssh), -- (struct sockaddr *)&from, &fromlen) == -1) { -- debug("getpeername failed: %.100s", strerror(errno)); -- return xstrdup(ntop); -- } -- -- ipv64_normalise_mapped(&from, &fromlen); -- if (from.ss_family == AF_INET6) -- fromlen = sizeof(struct sockaddr_in6); -- -- debug3("Trying to reverse map address %.100s.", ntop); -- /* Map the IP address to a host name. */ -- if (getnameinfo((struct sockaddr *)&from, fromlen, name, sizeof(name), -- NULL, 0, NI_NAMEREQD) != 0) { -- /* Host name not found. Use ip address. */ -- return xstrdup(ntop); -- } -- -- /* -- * if reverse lookup result looks like a numeric hostname, -- * someone is trying to trick us by PTR record like following: -- * 1.1.1.10.in-addr.arpa. IN PTR 2.3.4.5 -- */ -- memset(&hints, 0, sizeof(hints)); -- hints.ai_socktype = SOCK_DGRAM; /*dummy*/ -- hints.ai_flags = AI_NUMERICHOST; -- if (getaddrinfo(name, NULL, &hints, &ai) == 0) { -- logit("Nasty PTR record \"%s\" is set up for %s, ignoring", -- name, ntop); -- freeaddrinfo(ai); -- return xstrdup(ntop); -- } -- -- /* Names are stored in lowercase. */ -- lowercase(name); -- -- /* -- * Map it back to an IP address and check that the given -- * address actually is an address of this host. This is -- * necessary because anyone with access to a name server can -- * define arbitrary names for an IP address. Mapping from -- * name to IP address can be trusted better (but can still be -- * fooled if the intruder has access to the name server of -- * the domain). -- */ -- memset(&hints, 0, sizeof(hints)); -- hints.ai_family = from.ss_family; -- hints.ai_socktype = SOCK_STREAM; -- if (getaddrinfo(name, NULL, &hints, &aitop) != 0) { -- logit("reverse mapping checking getaddrinfo for %.700s " -- "[%s] failed.", name, ntop); -- return xstrdup(ntop); -- } -- /* Look for the address from the list of addresses. */ -- for (ai = aitop; ai; ai = ai->ai_next) { -- if (getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop2, -- sizeof(ntop2), NULL, 0, NI_NUMERICHOST) == 0 && -- (strcmp(ntop, ntop2) == 0)) -- break; -- } -- freeaddrinfo(aitop); -- /* If we reached the end of the list, the address was not there. */ -- if (ai == NULL) { -- /* Address not found for the host name. */ -- logit("Address %.100s maps to %.600s, but this does not " -- "map back to the address.", ntop, name); -- return xstrdup(ntop); -- } -- return xstrdup(name); --} -- --/* -- * Return the canonical name of the host in the other side of the current -- * connection. The host name is cached, so it is efficient to call this -- * several times. -- */ -- --const char * --auth_get_canonical_hostname(struct ssh *ssh, int use_dns) --{ -- static char *dnsname; -- -- if (!use_dns) -- return ssh_remote_ipaddr(ssh); -- else if (dnsname != NULL) -- return dnsname; -- else { -- dnsname = remote_hostname(ssh); -- return dnsname; -- } --} -- - /* - * Runs command in a subprocess with a minimal environment. - * Returns pid on success, 0 on failure. -diff --git a/canohost.c b/canohost.c -index abea9c6e..4f4524d2 100644 ---- a/canohost.c -+++ b/canohost.c -@@ -202,3 +202,117 @@ get_local_port(int sock) - { - return get_sock_port(sock, 1); - } -+ -+/* -+ * Returns the remote DNS hostname as a string. The returned string must not -+ * be freed. NB. this will usually trigger a DNS query the first time it is -+ * called. -+ * This function does additional checks on the hostname to mitigate some -+ * attacks on legacy rhosts-style authentication. -+ * XXX is RhostsRSAAuthentication vulnerable to these? -+ * XXX Can we remove these checks? (or if not, remove RhostsRSAAuthentication?) -+ */ -+ -+static char * -+remote_hostname(struct ssh *ssh) -+{ -+ struct sockaddr_storage from; -+ socklen_t fromlen; -+ struct addrinfo hints, *ai, *aitop; -+ char name[NI_MAXHOST], ntop2[NI_MAXHOST]; -+ const char *ntop = ssh_remote_ipaddr(ssh); -+ -+ /* Get IP address of client. */ -+ fromlen = sizeof(from); -+ memset(&from, 0, sizeof(from)); -+ if (getpeername(ssh_packet_get_connection_in(ssh), -+ (struct sockaddr *)&from, &fromlen) < 0) { -+ debug("getpeername failed: %.100s", strerror(errno)); -+ return strdup(ntop); -+ } -+ -+ ipv64_normalise_mapped(&from, &fromlen); -+ if (from.ss_family == AF_INET6) -+ fromlen = sizeof(struct sockaddr_in6); -+ -+ debug3("Trying to reverse map address %.100s.", ntop); -+ /* Map the IP address to a host name. */ -+ if (getnameinfo((struct sockaddr *)&from, fromlen, name, sizeof(name), -+ NULL, 0, NI_NAMEREQD) != 0) { -+ /* Host name not found. Use ip address. */ -+ return strdup(ntop); -+ } -+ -+ /* -+ * if reverse lookup result looks like a numeric hostname, -+ * someone is trying to trick us by PTR record like following: -+ * 1.1.1.10.in-addr.arpa. IN PTR 2.3.4.5 -+ */ -+ memset(&hints, 0, sizeof(hints)); -+ hints.ai_socktype = SOCK_DGRAM; /*dummy*/ -+ hints.ai_flags = AI_NUMERICHOST; -+ if (getaddrinfo(name, NULL, &hints, &ai) == 0) { -+ logit("Nasty PTR record \"%s\" is set up for %s, ignoring", -+ name, ntop); -+ freeaddrinfo(ai); -+ return strdup(ntop); -+ } -+ -+ /* Names are stored in lowercase. */ -+ lowercase(name); -+ -+ /* -+ * Map it back to an IP address and check that the given -+ * address actually is an address of this host. This is -+ * necessary because anyone with access to a name server can -+ * define arbitrary names for an IP address. Mapping from -+ * name to IP address can be trusted better (but can still be -+ * fooled if the intruder has access to the name server of -+ * the domain). -+ */ -+ memset(&hints, 0, sizeof(hints)); -+ hints.ai_family = from.ss_family; -+ hints.ai_socktype = SOCK_STREAM; -+ if (getaddrinfo(name, NULL, &hints, &aitop) != 0) { -+ logit("reverse mapping checking getaddrinfo for %.700s " -+ "[%s] failed.", name, ntop); -+ return strdup(ntop); -+ } -+ /* Look for the address from the list of addresses. */ -+ for (ai = aitop; ai; ai = ai->ai_next) { -+ if (getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop2, -+ sizeof(ntop2), NULL, 0, NI_NUMERICHOST) == 0 && -+ (strcmp(ntop, ntop2) == 0)) -+ break; -+ } -+ freeaddrinfo(aitop); -+ /* If we reached the end of the list, the address was not there. */ -+ if (ai == NULL) { -+ /* Address not found for the host name. */ -+ logit("Address %.100s maps to %.600s, but this does not " -+ "map back to the address.", ntop, name); -+ return strdup(ntop); -+ } -+ return strdup(name); -+} -+ -+/* -+ * Return the canonical name of the host in the other side of the current -+ * connection. The host name is cached, so it is efficient to call this -+ * several times. -+ */ -+ -+const char * -+auth_get_canonical_hostname(struct ssh *ssh, int use_dns) -+{ -+ static char *dnsname; -+ -+ if (!use_dns) -+ return ssh_remote_ipaddr(ssh); -+ else if (dnsname != NULL) -+ return dnsname; -+ else { -+ dnsname = remote_hostname(ssh); -+ return dnsname; -+ } -+} -diff --git a/readconf.c b/readconf.c -index f3cac6b3..adfd7a4e 100644 ---- a/readconf.c -+++ b/readconf.c -@@ -160,6 +160,7 @@ typedef enum { - oClearAllForwardings, oNoHostAuthenticationForLocalhost, - oEnableSSHKeysign, oRekeyLimit, oVerifyHostKeyDNS, oConnectTimeout, - oAddressFamily, oGssAuthentication, oGssDelegateCreds, -+ oGssTrustDns, - oServerAliveInterval, oServerAliveCountMax, oIdentitiesOnly, - oSendEnv, oSetEnv, oControlPath, oControlMaster, oControlPersist, - oHashKnownHosts, -@@ -205,9 +206,11 @@ static struct { - #if defined(GSSAPI) - { "gssapiauthentication", oGssAuthentication }, - { "gssapidelegatecredentials", oGssDelegateCreds }, -+ { "gssapitrustdns", oGssTrustDns }, - # else - { "gssapiauthentication", oUnsupported }, - { "gssapidelegatecredentials", oUnsupported }, -+ { "gssapitrustdns", oUnsupported }, - #endif - #ifdef ENABLE_PKCS11 - { "pkcs11provider", oPKCS11Provider }, -@@ -1033,6 +1036,10 @@ parse_time: - intptr = &options->gss_deleg_creds; - goto parse_flag; - -+ case oGssTrustDns: -+ intptr = &options->gss_trust_dns; -+ goto parse_flag; -+ - case oBatchMode: - intptr = &options->batch_mode; - goto parse_flag; -@@ -1912,6 +1919,7 @@ initialize_options(Options * options) - options->challenge_response_authentication = -1; - options->gss_authentication = -1; - options->gss_deleg_creds = -1; -+ options->gss_trust_dns = -1; - options->password_authentication = -1; - options->kbd_interactive_authentication = -1; - options->kbd_interactive_devices = NULL; -@@ -2061,6 +2069,8 @@ fill_default_options(Options * options) - options->gss_authentication = 0; - if (options->gss_deleg_creds == -1) - options->gss_deleg_creds = 0; -+ if (options->gss_trust_dns == -1) -+ options->gss_trust_dns = 0; - if (options->password_authentication == -1) - options->password_authentication = 1; - if (options->kbd_interactive_authentication == -1) -diff --git a/readconf.h b/readconf.h -index feedb3d2..c7139c1b 100644 ---- a/readconf.h -+++ b/readconf.h -@@ -42,6 +42,7 @@ typedef struct { - /* Try S/Key or TIS, authentication. */ - int gss_authentication; /* Try GSS authentication */ - int gss_deleg_creds; /* Delegate GSS credentials */ -+ int gss_trust_dns; /* Trust DNS for GSS canonicalization */ - int password_authentication; /* Try password - * authentication. */ - int kbd_interactive_authentication; /* Try keyboard-interactive auth. */ -diff --git a/ssh_config.5 b/ssh_config.5 -index 06a32d31..6871ff36 100644 ---- a/ssh_config.5 -+++ b/ssh_config.5 -@@ -770,6 +770,16 @@ The default is - Forward (delegate) credentials to the server. - The default is - .Cm no . -+Note that this option applies to protocol version 2 connections using GSSAPI. -+.It Cm GSSAPITrustDns -+Set to -+.Dq yes to indicate that the DNS is trusted to securely canonicalize -+the name of the host being connected to. If -+.Dq no, the hostname entered on the -+command line will be passed untouched to the GSSAPI library. -+The default is -+.Dq no . -+This option only applies to protocol version 2 connections using GSSAPI. - .It Cm HashKnownHosts - Indicates that - .Xr ssh 1 -diff --git a/sshconnect2.c b/sshconnect2.c -index af00fb30..652463c5 100644 ---- a/sshconnect2.c -+++ b/sshconnect2.c -@@ -716,6 +716,13 @@ userauth_gssapi(struct ssh *ssh) - OM_uint32 min; - int r, ok = 0; - gss_OID mech = NULL; -+ const char *gss_host; -+ -+ if (options.gss_trust_dns) { -+ extern const char *auth_get_canonical_hostname(struct ssh *ssh, int use_dns); -+ gss_host = auth_get_canonical_hostname(ssh, 1); -+ } else -+ gss_host = authctxt->host; - - /* Try one GSSAPI method at a time, rather than sending them all at - * once. */ -@@ -730,7 +737,7 @@ userauth_gssapi(struct ssh *ssh) - elements[authctxt->mech_tried]; - /* My DER encoding requires length<128 */ - if (mech->length < 128 && ssh_gssapi_check_mechanism(&gssctxt, -- mech, authctxt->host)) { -+ mech, gss_host)) { - ok = 1; /* Mechanism works */ - } else { - authctxt->mech_tried++; diff --git a/net-misc/openssh/files/openssh-8.2_p1-X509-12.4.2-tests.patch b/net-misc/openssh/files/openssh-8.2_p1-X509-12.4.2-tests.patch deleted file mode 100644 index 1c58d0d5d..000000000 --- a/net-misc/openssh/files/openssh-8.2_p1-X509-12.4.2-tests.patch +++ /dev/null @@ -1,11 +0,0 @@ ---- a/openbsd-compat/regress/Makefile.in 2020-02-15 10:59:01.210601434 -0700 -+++ b/openbsd-compat/regress/Makefile.in 2020-02-15 10:59:18.753485852 -0700 -@@ -7,7 +7,7 @@ - CC=@CC@ - LD=@LD@ - CFLAGS=@CFLAGS@ --CPPFLAGS=-I. -I.. -I$(srcdir) -I$(srcdir)/.. @CPPFLAGS@ @DEFS@ -+CPPFLAGS=-I. -I.. -I../.. -I$(srcdir) -I$(srcdir)/.. @CPPFLAGS@ @DEFS@ - EXEEXT=@EXEEXT@ - LIBCOMPAT=../libopenbsd-compat.a - LIBS=@LIBS@ diff --git a/net-misc/openssh/files/openssh-8.2_p1-X509-glue-12.4.2.patch b/net-misc/openssh/files/openssh-8.2_p1-X509-glue-12.4.2.patch deleted file mode 100644 index 90a5d5a66..000000000 --- a/net-misc/openssh/files/openssh-8.2_p1-X509-glue-12.4.2.patch +++ /dev/null @@ -1,129 +0,0 @@ -diff --exclude '*.un~' -ubr a/openssh-8.2p1+x509-12.4.2.diff b/openssh-8.2p1+x509-12.4.2.diff ---- a/openssh-8.2p1+x509-12.4.2.diff 2020-02-23 12:25:17.296737805 -0800 -+++ b/openssh-8.2p1+x509-12.4.2.diff 2020-02-23 12:26:25.347779673 -0800 -@@ -39236,16 +39236,15 @@ - - install: $(CONFIGFILES) $(MANPAGES) $(TARGETS) install-files install-sysconf host-key check-config - install-nokeys: $(CONFIGFILES) $(MANPAGES) $(TARGETS) install-files install-sysconf --@@ -378,6 +379,8 @@ -+@@ -378,6 +379,7 @@ - $(MKDIR_P) $(DESTDIR)$(mandir)/$(mansubdir)5 - $(MKDIR_P) $(DESTDIR)$(mandir)/$(mansubdir)8 - $(MKDIR_P) $(DESTDIR)$(libexecdir) - + $(MKDIR_P) $(DESTDIR)$(sshcadir) --+ $(MKDIR_P) $(DESTDIR)$(piddir) - $(MKDIR_P) -m 0755 $(DESTDIR)$(PRIVSEP_PATH) - $(INSTALL) -m 0755 $(STRIP_OPT) ssh$(EXEEXT) $(DESTDIR)$(bindir)/ssh$(EXEEXT) - $(INSTALL) -m 0755 $(STRIP_OPT) scp$(EXEEXT) $(DESTDIR)$(bindir)/scp$(EXEEXT) --@@ -386,11 +389,14 @@ -+@@ -386,11 +388,14 @@ - $(INSTALL) -m 0755 $(STRIP_OPT) ssh-keygen$(EXEEXT) $(DESTDIR)$(bindir)/ssh-keygen$(EXEEXT) - $(INSTALL) -m 0755 $(STRIP_OPT) ssh-keyscan$(EXEEXT) $(DESTDIR)$(bindir)/ssh-keyscan$(EXEEXT) - $(INSTALL) -m 0755 $(STRIP_OPT) sshd$(EXEEXT) $(DESTDIR)$(sbindir)/sshd$(EXEEXT) -@@ -39264,7 +39263,7 @@ - $(INSTALL) -m 644 ssh.1.out $(DESTDIR)$(mandir)/$(mansubdir)1/ssh.1 - $(INSTALL) -m 644 scp.1.out $(DESTDIR)$(mandir)/$(mansubdir)1/scp.1 - $(INSTALL) -m 644 ssh-add.1.out $(DESTDIR)$(mandir)/$(mansubdir)1/ssh-add.1 --@@ -400,12 +406,12 @@ -+@@ -400,12 +405,12 @@ - $(INSTALL) -m 644 moduli.5.out $(DESTDIR)$(mandir)/$(mansubdir)5/moduli.5 - $(INSTALL) -m 644 sshd_config.5.out $(DESTDIR)$(mandir)/$(mansubdir)5/sshd_config.5 - $(INSTALL) -m 644 ssh_config.5.out $(DESTDIR)$(mandir)/$(mansubdir)5/ssh_config.5 -@@ -39278,7 +39277,7 @@ - - install-sysconf: - $(MKDIR_P) $(DESTDIR)$(sysconfdir) --@@ -463,10 +469,9 @@ -+@@ -463,10 +468,9 @@ - -rm -f $(DESTDIR)$(bindir)/ssh-keyscan$(EXEEXT) - -rm -f $(DESTDIR)$(bindir)/sftp$(EXEEXT) - -rm -f $(DESTDIR)$(sbindir)/sshd$(EXEEXT) -@@ -39292,7 +39291,7 @@ - -rm -f $(DESTDIR)$(mandir)/$(mansubdir)1/ssh.1 - -rm -f $(DESTDIR)$(mandir)/$(mansubdir)1/scp.1 - -rm -f $(DESTDIR)$(mandir)/$(mansubdir)1/ssh-add.1 --@@ -478,7 +483,6 @@ -+@@ -478,7 +482,6 @@ - -rm -f $(DESTDIR)$(mandir)/$(mansubdir)8/sftp-server.8 - -rm -f $(DESTDIR)$(mandir)/$(mansubdir)8/ssh-keysign.8 - -rm -f $(DESTDIR)$(mandir)/$(mansubdir)8/ssh-pkcs11-helper.8 -@@ -39300,7 +39299,7 @@ - - regress-prep: - $(MKDIR_P) `pwd`/regress/unittests/test_helper --@@ -491,11 +495,11 @@ -+@@ -491,11 +494,11 @@ - $(MKDIR_P) `pwd`/regress/unittests/match - $(MKDIR_P) `pwd`/regress/unittests/utf8 - $(MKDIR_P) `pwd`/regress/misc/kexfuzz -@@ -39314,7 +39313,7 @@ - - regress/modpipe$(EXEEXT): $(srcdir)/regress/modpipe.c $(REGRESSLIBS) - $(CC) $(CFLAGS) $(CPPFLAGS) -o $@ $(srcdir)/regress/modpipe.c \ --@@ -546,8 +550,7 @@ -+@@ -546,8 +549,7 @@ - regress/unittests/sshkey/tests.o \ - regress/unittests/sshkey/common.o \ - regress/unittests/sshkey/test_file.o \ -@@ -39344,7 +39343,7 @@ - - regress/unittests/hostkeys/test_hostkeys$(EXEEXT): \ - ${UNITTESTS_TEST_HOSTKEYS_OBJS} \ --@@ -618,35 +619,18 @@ -+@@ -618,35 +618,18 @@ - -lssh -lopenbsd-compat -lssh -lopenbsd-compat $(LIBS) - - MISC_KEX_FUZZ_OBJS=\ -@@ -39382,7 +39381,7 @@ - regress/unittests/sshbuf/test_sshbuf$(EXEEXT) \ - regress/unittests/sshkey/test_sshkey$(EXEEXT) \ - regress/unittests/bitmap/test_bitmap$(EXEEXT) \ --@@ -657,36 +641,29 @@ -+@@ -657,36 +640,29 @@ - regress/unittests/utf8/test_utf8$(EXEEXT) \ - regress/misc/kexfuzz/kexfuzz$(EXEEXT) - -@@ -39439,7 +39438,7 @@ - TEST_SSH_IPV6="@TEST_SSH_IPV6@" ; \ - TEST_SSH_UTF8="@TEST_SSH_UTF8@" ; \ - TEST_SSH_ECC="@TEST_SSH_ECC@" ; \ --@@ -708,8 +685,6 @@ -+@@ -708,8 +684,6 @@ - TEST_SSH_SSHPKCS11HELPER="$${TEST_SSH_SSHPKCS11HELPER}" \ - TEST_SSH_SSHKEYSCAN="$${TEST_SSH_SSHKEYSCAN}" \ - TEST_SSH_SFTP="$${TEST_SSH_SFTP}" \ -@@ -39448,7 +39447,7 @@ - TEST_SSH_SFTPSERVER="$${TEST_SSH_SFTPSERVER}" \ - TEST_SSH_PLINK="$${TEST_SSH_PLINK}" \ - TEST_SSH_PUTTYGEN="$${TEST_SSH_PUTTYGEN}" \ --@@ -717,17 +692,35 @@ -+@@ -717,17 +691,35 @@ - TEST_SSH_IPV6="$${TEST_SSH_IPV6}" \ - TEST_SSH_UTF8="$${TEST_SSH_UTF8}" \ - TEST_SSH_ECC="$${TEST_SSH_ECC}" \ -@@ -39487,7 +39486,7 @@ - - survey: survey.sh ssh - @$(SHELL) ./survey.sh > survey --@@ -743,4 +736,8 @@ -+@@ -743,4 +735,8 @@ - sh buildpkg.sh; \ - fi - -@@ -98042,16 +98041,6 @@ - + return mbtowc(NULL, s, n); - +} - +#endif --diff -ruN openssh-8.2p1/version.h openssh-8.2p1+x509-12.4.2/version.h ----- openssh-8.2p1/version.h 2020-02-14 02:40:54.000000000 +0200 --+++ openssh-8.2p1+x509-12.4.2/version.h 2020-02-23 11:07:00.000000000 +0200 --@@ -2,5 +2,4 @@ -- -- #define SSH_VERSION "OpenSSH_8.2" -- ---#define SSH_PORTABLE "p1" ---#define SSH_RELEASE SSH_VERSION SSH_PORTABLE --+#define SSH_RELEASE PACKAGE_STRING ", " SSH_VERSION "p1" - diff -ruN openssh-8.2p1/version.m4 openssh-8.2p1+x509-12.4.2/version.m4 - --- openssh-8.2p1/version.m4 1970-01-01 02:00:00.000000000 +0200 - +++ openssh-8.2p1+x509-12.4.2/version.m4 2020-02-23 11:07:00.000000000 +0200 diff --git a/net-misc/openssh/files/openssh-8.2_p1-hpn-14.20-X509-glue.patch b/net-misc/openssh/files/openssh-8.2_p1-hpn-14.20-X509-glue.patch deleted file mode 100644 index 5af4534ce..000000000 --- a/net-misc/openssh/files/openssh-8.2_p1-hpn-14.20-X509-glue.patch +++ /dev/null @@ -1,133 +0,0 @@ -diff -ur '--exclude=*.un~' a/openssh-8_1_P1-hpn-AES-CTR-14.20.diff b/openssh-8_1_P1-hpn-AES-CTR-14.20.diff ---- a/openssh-8_1_P1-hpn-AES-CTR-14.20.diff 2020-02-15 13:41:56.143193830 -0800 -+++ b/openssh-8_1_P1-hpn-AES-CTR-14.20.diff 2020-02-15 13:46:40.060133610 -0800 -@@ -3,9 +3,9 @@ - --- a/Makefile.in - +++ b/Makefile.in - @@ -42,7 +42,7 @@ CC=@CC@ -- CFLAGS_NOPIE=@CFLAGS_NOPIE@ -- CPPFLAGS=-I. -I$(srcdir) @CPPFLAGS@ $(PATHS) @DEFS@ -- PICFLAG=@PICFLAG@ -+ LD=@LD@ -+ CFLAGS=@CFLAGS@ $(CFLAGS_EXTRA) -+ CPPFLAGS=-I. -I$(srcdir) @CPPFLAGS@ @LDAP_CPPFLAGS@ $(PATHS) @DEFS@ - -LIBS=@LIBS@ - +LIBS=@LIBS@ -lpthread - K5LIBS=@K5LIBS@ -@@ -803,8 +803,8 @@ - ssh_packet_set_connection(struct ssh *ssh, int fd_in, int fd_out) - { - struct session_state *state; --- const struct sshcipher *none = cipher_by_name("none"); --+ struct sshcipher *none = cipher_by_name("none"); -+- const struct sshcipher *none = cipher_none(); -++ struct sshcipher *none = cipher_none(); - int r; - - if (none == NULL) { -@@ -902,14 +902,14 @@ - - /* - @@ -2118,6 +2125,8 @@ fill_default_options(Options * options) -- options->canonicalize_hostname = SSH_CANONICALISE_NO; -- if (options->fingerprint_hash == -1) - options->fingerprint_hash = SSH_FP_HASH_DEFAULT; -+ if (options->update_hostkeys == -1) -+ options->update_hostkeys = 0; - + if (options->disable_multithreaded == -1) - + options->disable_multithreaded = 0; -- #ifdef ENABLE_SK_INTERNAL - if (options->sk_provider == NULL) -- options->sk_provider = xstrdup("internal"); -+ options->sk_provider = xstrdup("$SSH_SK_PROVIDER"); -+ - diff --git a/readconf.h b/readconf.h - index 8e36bf32..c803eca7 100644 - --- a/readconf.h -@@ -948,9 +948,9 @@ - /* Portable-specific options */ - sUsePAM, - + sDisableMTAES, -- /* Standard Options */ -- sPort, sHostKeyFile, sLoginGraceTime, -- sPermitRootLogin, sLogFacility, sLogLevel, -+ /* X.509 Standard Options */ -+ sHostbasedAlgorithms, -+ sPubkeyAlgorithms, - @@ -643,6 +647,7 @@ static struct { - { "authorizedprincipalsfile", sAuthorizedPrincipalsFile, SSHCFG_ALL }, - { "kexalgorithms", sKexAlgorithms, SSHCFG_GLOBAL }, -Only in b: openssh-8_1_P1-hpn-AES-CTR-14.20.diff.orig -diff -ur '--exclude=*.un~' a/openssh-8_1_P1-hpn-DynWinNoneSwitch-14.20.diff b/openssh-8_1_P1-hpn-DynWinNoneSwitch-14.20.diff ---- a/openssh-8_1_P1-hpn-DynWinNoneSwitch-14.20.diff 2020-02-15 13:41:56.144193830 -0800 -+++ b/openssh-8_1_P1-hpn-DynWinNoneSwitch-14.20.diff 2020-02-15 13:45:36.665147504 -0800 -@@ -382,7 +382,7 @@ - @@ -884,6 +884,10 @@ kex_choose_conf(struct ssh *ssh) - int nenc, nmac, ncomp; - u_int mode, ctos, need, dh_need, authlen; -- int r, first_kex_follows; -+ int r, first_kex_follows = 0; - + int auth_flag; - + - + auth_flag = packet_authentication_state(ssh); -@@ -391,8 +391,8 @@ - debug2("local %s KEXINIT proposal", kex->server ? "server" : "client"); - if ((r = kex_buf2prop(kex->my, NULL, &my)) != 0) - @@ -954,6 +958,14 @@ kex_choose_conf(struct ssh *ssh) -- peer[ncomp] = NULL; -- goto out; -+ else -+ fatal("Pre-authentication none cipher requests are not allowed."); - } - + debug("REQUESTED ENC.NAME is '%s'", newkeys->enc.name); - + if (strcmp(newkeys->enc.name, "none") == 0) { -@@ -1169,15 +1169,3 @@ - # Example of overriding settings on a per-user basis - #Match User anoncvs - # X11Forwarding no --diff --git a/version.h b/version.h --index 6b3fadf8..ec1d2e27 100644 ----- a/version.h --+++ b/version.h --@@ -3,4 +3,6 @@ -- #define SSH_VERSION "OpenSSH_8.1" -- -- #define SSH_PORTABLE "p1" ---#define SSH_RELEASE SSH_VERSION SSH_PORTABLE --+#define SSH_HPN "-hpn14v20" --+#define SSH_RELEASE SSH_VERSION SSH_PORTABLE SSH_HPN --+ -diff -ur '--exclude=*.un~' a/openssh-8_1_P1-hpn-PeakTput-14.20.diff b/openssh-8_1_P1-hpn-PeakTput-14.20.diff ---- a/openssh-8_1_P1-hpn-PeakTput-14.20.diff 2020-02-15 13:41:43.834196317 -0800 -+++ b/openssh-8_1_P1-hpn-PeakTput-14.20.diff 2020-02-15 13:45:36.665147504 -0800 -@@ -12,9 +12,9 @@ - static long stalled; /* how long we have been stalled */ - static int bytes_per_second; /* current speed in bytes per second */ - @@ -127,6 +129,7 @@ refresh_progress_meter(int force_update) -+ off_t bytes_left; - int cur_speed; -- int hours, minutes, seconds; -- int file_len; -+ int len; - + off_t delta_pos; - - if ((!force_update && !alarm_fired && !win_resized) || !can_output()) -@@ -33,12 +33,12 @@ - @@ -166,7 +173,7 @@ refresh_progress_meter(int force_update) - - /* filename */ -- buf[0] = '\0'; --- file_len = win_size - 36; --+ file_len = win_size - 45; -- if (file_len > 0) { -- buf[0] = '\r'; -- snmprintf(buf+1, sizeof(buf)-1, &file_len, "%-*s", -+ if (win_size > 36) { -+- int file_len = win_size - 36; -++ int file_len = win_size - 45; -+ snmprintf(buf+1, sizeof(buf)-1, &file_len, "%-*s ", -+ file_len, file); -+ } - @@ -191,6 +198,15 @@ refresh_progress_meter(int force_update) - (off_t)bytes_per_second); - strlcat(buf, "/s ", win_size); diff --git a/net-misc/openssh/files/openssh-8.2_p1-hpn-14.20-glue.patch b/net-misc/openssh/files/openssh-8.2_p1-hpn-14.20-glue.patch deleted file mode 100644 index b2163fe5a..000000000 --- a/net-misc/openssh/files/openssh-8.2_p1-hpn-14.20-glue.patch +++ /dev/null @@ -1,151 +0,0 @@ -diff -ur '--exclude=*.un~' a/openssh-8_1_P1-hpn-AES-CTR-14.20.diff b/openssh-8_1_P1-hpn-AES-CTR-14.20.diff ---- a/openssh-8_1_P1-hpn-AES-CTR-14.20.diff 2020-02-15 12:50:44.413776914 -0800 -+++ b/openssh-8_1_P1-hpn-AES-CTR-14.20.diff 2020-02-15 12:53:06.190742744 -0800 -@@ -3,9 +3,9 @@ - --- a/Makefile.in - +++ b/Makefile.in - @@ -42,7 +42,7 @@ CC=@CC@ -- LD=@LD@ -- CFLAGS=@CFLAGS@ -+ CFLAGS_NOPIE=@CFLAGS_NOPIE@ - CPPFLAGS=-I. -I$(srcdir) @CPPFLAGS@ $(PATHS) @DEFS@ -+ PICFLAG=@PICFLAG@ - -LIBS=@LIBS@ - +LIBS=@LIBS@ -lpthread - K5LIBS=@K5LIBS@ -@@ -902,14 +902,14 @@ - - /* - @@ -2118,6 +2125,8 @@ fill_default_options(Options * options) -+ options->canonicalize_hostname = SSH_CANONICALISE_NO; -+ if (options->fingerprint_hash == -1) - options->fingerprint_hash = SSH_FP_HASH_DEFAULT; -- if (options->update_hostkeys == -1) -- options->update_hostkeys = 0; - + if (options->disable_multithreaded == -1) - + options->disable_multithreaded = 0; -- -- /* Expand KEX name lists */ -- all_cipher = cipher_alg_list(',', 0); -+ #ifdef ENABLE_SK_INTERNAL -+ if (options->sk_provider == NULL) -+ options->sk_provider = xstrdup("internal"); - diff --git a/readconf.h b/readconf.h - index 8e36bf32..c803eca7 100644 - --- a/readconf.h -@@ -952,9 +952,9 @@ - sPort, sHostKeyFile, sLoginGraceTime, - sPermitRootLogin, sLogFacility, sLogLevel, - @@ -643,6 +647,7 @@ static struct { -- { "trustedusercakeys", sTrustedUserCAKeys, SSHCFG_ALL }, - { "authorizedprincipalsfile", sAuthorizedPrincipalsFile, SSHCFG_ALL }, - { "kexalgorithms", sKexAlgorithms, SSHCFG_GLOBAL }, -+ { "include", sInclude, SSHCFG_ALL }, - + { "disableMTAES", sDisableMTAES, SSHCFG_ALL }, - { "ipqos", sIPQoS, SSHCFG_ALL }, - { "authorizedkeyscommand", sAuthorizedKeysCommand, SSHCFG_ALL }, -diff -ur '--exclude=*.un~' a/openssh-8_1_P1-hpn-DynWinNoneSwitch-14.20.diff b/openssh-8_1_P1-hpn-DynWinNoneSwitch-14.20.diff ---- a/openssh-8_1_P1-hpn-DynWinNoneSwitch-14.20.diff 2020-02-15 12:50:44.413776914 -0800 -+++ b/openssh-8_1_P1-hpn-DynWinNoneSwitch-14.20.diff 2020-02-15 12:51:19.541768656 -0800 -@@ -409,18 +409,10 @@ - index 817da43b..b2bcf78f 100644 - --- a/packet.c - +++ b/packet.c --@@ -925,6 +925,24 @@ ssh_set_newkeys(struct ssh *ssh, int mode) -+@@ -925,6 +925,16 @@ ssh_set_newkeys(struct ssh *ssh, int mode) - return 0; - } - --+/* this supports the forced rekeying required for the NONE cipher */ --+int rekey_requested = 0; --+void --+packet_request_rekeying(void) --+{ --+ rekey_requested = 1; --+} --+ - +/* used to determine if pre or post auth when rekeying for aes-ctr - + * and none cipher switch */ - +int -@@ -434,20 +426,6 @@ - #define MAX_PACKETS (1U<<31) - static int - ssh_packet_need_rekeying(struct ssh *ssh, u_int outbound_packet_len) --@@ -951,6 +969,13 @@ ssh_packet_need_rekeying(struct ssh *ssh, u_int outbound_packet_len) -- if (state->p_send.packets == 0 && state->p_read.packets == 0) -- return 0; -- --+ /* used to force rekeying when called for by the none --+ * cipher switch methods -cjr */ --+ if (rekey_requested == 1) { --+ rekey_requested = 0; --+ return 1; --+ } --+ -- /* Time-based rekeying */ -- if (state->rekey_interval != 0 && -- (int64_t)state->rekey_time + state->rekey_interval <= monotime()) - diff --git a/packet.h b/packet.h - index 8ccfd2e0..1ad9bc06 100644 - --- a/packet.h -@@ -476,9 +454,9 @@ - /* Format of the configuration file: - - @@ -167,6 +168,8 @@ typedef enum { -- oHashKnownHosts, - oTunnel, oTunnelDevice, - oLocalCommand, oPermitLocalCommand, oRemoteCommand, -+ oDisableMTAES, - + oTcpRcvBufPoll, oTcpRcvBuf, oHPNDisabled, oHPNBufferSize, - + oNoneEnabled, oNoneSwitch, - oVisualHostKey, -@@ -615,9 +593,9 @@ - int ip_qos_bulk; /* IP ToS/DSCP/class for bulk traffic */ - SyslogFacility log_facility; /* Facility for system logging. */ - @@ -112,7 +116,10 @@ typedef struct { -- - int enable_ssh_keysign; - int64_t rekey_limit; -+ int disable_multithreaded; /*disable multithreaded aes-ctr*/ - + int none_switch; /* Use none cipher */ - + int none_enabled; /* Allow none to be used */ - int rekey_interval; -@@ -700,9 +678,9 @@ - + options->hpn_buffer_size = CHAN_TCP_WINDOW_DEFAULT; - + } - + -+ if (options->disable_multithreaded == -1) -+ options->disable_multithreaded = 0; - if (options->ip_qos_interactive == -1) -- options->ip_qos_interactive = IPTOS_DSCP_AF21; -- if (options->ip_qos_bulk == -1) - @@ -486,6 +532,8 @@ typedef enum { - sPasswordAuthentication, sKbdInteractiveAuthentication, - sListenAddress, sAddressFamily, -@@ -1079,11 +1057,11 @@ - xxx_host = host; - xxx_hostaddr = hostaddr; - --@@ -422,6 +433,28 @@ ssh_userauth2(struct ssh *ssh, const char *local_user, -+@@ -422,7 +433,28 @@ ssh_userauth2(struct ssh *ssh, const char *local_user, - - if (!authctxt.success) - fatal("Authentication failed."); --+ -+ - + /* - + * If the user wants to use the none cipher, do it post authentication - + * and only if the right conditions are met -- both of the NONE commands -@@ -1105,9 +1083,9 @@ - + } - + } - + -- debug("Authentication succeeded (%s).", authctxt.method->name); -- } -- -+ #ifdef WITH_OPENSSL -+ if (options.disable_multithreaded == 0) { -+ /* if we are using aes-ctr there can be issues in either a fork or sandbox - diff --git a/sshd.c b/sshd.c - index 11571c01..23a06022 100644 - --- a/sshd.c diff --git a/net-misc/openssh/files/openssh-8.2_p1-hpn-14.20-sctp-glue.patch b/net-misc/openssh/files/openssh-8.2_p1-hpn-14.20-sctp-glue.patch deleted file mode 100644 index 2397aad96..000000000 --- a/net-misc/openssh/files/openssh-8.2_p1-hpn-14.20-sctp-glue.patch +++ /dev/null @@ -1,19 +0,0 @@ -diff -ur '--exclude=*.un~' a/openssh-8_1_P1-hpn-DynWinNoneSwitch-14.20.diff b/openssh-8_1_P1-hpn-DynWinNoneSwitch-14.20.diff ---- a/openssh-8_1_P1-hpn-DynWinNoneSwitch-14.20.diff 2020-02-15 12:10:00.321998279 -0800 -+++ b/openssh-8_1_P1-hpn-DynWinNoneSwitch-14.20.diff 2020-02-15 12:10:21.759980508 -0800 -@@ -1169,15 +1169,3 @@ - # Example of overriding settings on a per-user basis - #Match User anoncvs - # X11Forwarding no --diff --git a/version.h b/version.h --index 6b3fadf8..ec1d2e27 100644 ----- a/version.h --+++ b/version.h --@@ -3,4 +3,6 @@ -- #define SSH_VERSION "OpenSSH_8.1" -- -- #define SSH_PORTABLE "p1" ---#define SSH_RELEASE SSH_VERSION SSH_PORTABLE --+#define SSH_HPN "-hpn14v20" --+#define SSH_RELEASE SSH_VERSION SSH_PORTABLE SSH_HPN --+ diff --git a/net-misc/openssh/files/sshd-r1.confd b/net-misc/openssh/files/sshd-r1.confd deleted file mode 100644 index cf430371b..000000000 --- a/net-misc/openssh/files/sshd-r1.confd +++ /dev/null @@ -1,33 +0,0 @@ -# /etc/conf.d/sshd: config file for /etc/init.d/sshd - -# Where is your sshd_config file stored? - -SSHD_CONFDIR="${RC_PREFIX%/}/etc/ssh" - - -# Any random options you want to pass to sshd. -# See the sshd(8) manpage for more info. - -SSHD_OPTS="" - - -# Wait one second (length chosen arbitrarily) to see if sshd actually -# creates a PID file, or if it crashes for some reason like not being -# able to bind to the address in ListenAddress. - -#SSHD_SSD_OPTS="--wait 1000" - - -# Pid file to use (needs to be absolute path). - -#SSHD_PIDFILE="${RC_PREFIX%/}/run/sshd.pid" - - -# Path to the sshd binary (needs to be absolute path). - -#SSHD_BINARY="${RC_PREFIX%/}/usr/sbin/sshd" - - -# Path to the ssh-keygen binary (needs to be absolute path). - -#SSHD_KEYGEN_BINARY="${RC_PREFIX%/}/usr/bin/ssh-keygen" diff --git a/net-misc/openssh/files/sshd-r1.initd b/net-misc/openssh/files/sshd-r1.initd deleted file mode 100644 index e91cd0116..000000000 --- a/net-misc/openssh/files/sshd-r1.initd +++ /dev/null @@ -1,87 +0,0 @@ -#!/sbin/openrc-run -# Copyright 1999-2019 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -extra_commands="checkconfig" -extra_started_commands="reload" - -: ${SSHD_CONFDIR:=${RC_PREFIX%/}/etc/ssh} -: ${SSHD_CONFIG:=${SSHD_CONFDIR}/sshd_config} -: ${SSHD_PIDFILE:=${RC_PREFIX%/}/run/${SVCNAME}.pid} -: ${SSHD_BINARY:=${RC_PREFIX%/}/usr/sbin/sshd} -: ${SSHD_KEYGEN_BINARY:=${RC_PREFIX%/}/usr/bin/ssh-keygen} - -command="${SSHD_BINARY}" -pidfile="${SSHD_PIDFILE}" -command_args="${SSHD_OPTS} -o PidFile=${pidfile} -f ${SSHD_CONFIG}" - -# Wait one second (length chosen arbitrarily) to see if sshd actually -# creates a PID file, or if it crashes for some reason like not being -# able to bind to the address in ListenAddress (bug 617596). -: ${SSHD_SSD_OPTS:=--wait 1000} -start_stop_daemon_args="${SSHD_SSD_OPTS}" - -depend() { - # Entropy can be used by ssh-keygen, among other things, but - # is not strictly required (bug 470020). - use logger dns entropy - if [ "${rc_need+set}" = "set" ] ; then - : # Do nothing, the user has explicitly set rc_need - else - local x warn_addr - for x in $(awk '/^ListenAddress/{ print $2 }' "$SSHD_CONFIG" 2>/dev/null) ; do - case "${x}" in - 0.0.0.0|0.0.0.0:*) ;; - ::|\[::\]*) ;; - *) warn_addr="${warn_addr} ${x}" ;; - esac - done - if [ -n "${warn_addr}" ] ; then - need net - ewarn "You are binding an interface in ListenAddress statement in your sshd_config!" - ewarn "You must add rc_need=\"net.FOO\" to your ${RC_PREFIX%/}/etc/conf.d/sshd" - ewarn "where FOO is the interface(s) providing the following address(es):" - ewarn "${warn_addr}" - fi - fi -} - -checkconfig() { - checkpath --mode 0755 --directory "${RC_PREFIX%/}/var/empty" - - if [ ! -e "${SSHD_CONFIG}" ] ; then - eerror "You need an ${SSHD_CONFIG} file to run sshd" - eerror "There is a sample file in /usr/share/doc/openssh" - return 1 - fi - - ${SSHD_KEYGEN_BINARY} -A || return 2 - - "${command}" -t ${command_args} || return 3 -} - -start_pre() { - # Make sure that the user's config isn't busted before we try - # to start the daemon (this will produce better error messages - # than if we just try to start it blindly). - # - # We always need to call checkconfig because this function will - # also generate any missing host key and you can start a - # non-running service with "restart" argument. - checkconfig || return $? -} - -stop_pre() { - # If this is a restart, check to make sure the user's config - # isn't busted before we stop the running daemon. - if [ "${RC_CMD}" = "restart" ] ; then - checkconfig || return $? - fi -} - -reload() { - checkconfig || return $? - ebegin "Reloading ${SVCNAME}" - start-stop-daemon --signal HUP --pidfile "${pidfile}" - eend $? -} diff --git a/net-misc/openssh/files/sshd.pam_include.2 b/net-misc/openssh/files/sshd.pam_include.2 deleted file mode 100644 index b801aaafa..000000000 --- a/net-misc/openssh/files/sshd.pam_include.2 +++ /dev/null @@ -1,4 +0,0 @@ -auth include system-remote-login -account include system-remote-login -password include system-remote-login -session include system-remote-login diff --git a/net-misc/openssh/files/sshd.service b/net-misc/openssh/files/sshd.service deleted file mode 100644 index b5e96b3a2..000000000 --- a/net-misc/openssh/files/sshd.service +++ /dev/null @@ -1,11 +0,0 @@ -[Unit] -Description=OpenSSH server daemon -After=syslog.target network.target auditd.service - -[Service] -ExecStartPre=/usr/bin/ssh-keygen -A -ExecStart=/usr/sbin/sshd -D -e -ExecReload=/bin/kill -HUP $MAINPID - -[Install] -WantedBy=multi-user.target diff --git a/net-misc/openssh/files/sshd.socket b/net-misc/openssh/files/sshd.socket deleted file mode 100644 index 94b953318..000000000 --- a/net-misc/openssh/files/sshd.socket +++ /dev/null @@ -1,10 +0,0 @@ -[Unit] -Description=OpenSSH Server Socket -Conflicts=sshd.service - -[Socket] -ListenStream=22 -Accept=yes - -[Install] -WantedBy=sockets.target diff --git a/net-misc/openssh/files/sshd_at.service b/net-misc/openssh/files/sshd_at.service deleted file mode 100644 index 2645ad047..000000000 --- a/net-misc/openssh/files/sshd_at.service +++ /dev/null @@ -1,8 +0,0 @@ -[Unit] -Description=OpenSSH per-connection server daemon -After=syslog.target auditd.service - -[Service] -ExecStart=-/usr/sbin/sshd -i -e -StandardInput=socket -StandardError=syslog diff --git a/net-misc/openssh/metadata.xml b/net-misc/openssh/metadata.xml deleted file mode 100644 index 6cc1ea784..000000000 --- a/net-misc/openssh/metadata.xml +++ /dev/null @@ -1,42 +0,0 @@ - - - - - base-system@gentoo.org - Gentoo Base System - - - robbat2@gentoo.org - LPK issues. Only assign if it's a direct LPK issue. Do not directly assign for anything else. - - -OpenSSH is a FREE version of the SSH protocol suite of network connectivity tools that -increasing numbers of people on the Internet are coming to rely on. Many users of telnet, -rlogin, ftp, and other such programs might not realize that their password is transmitted -across the Internet unencrypted, but it is. OpenSSH encrypts all traffic (including passwords) -to effectively eliminate eavesdropping, connection hijacking, and other network-level attacks. -Additionally, OpenSSH provides a myriad of secure tunneling capabilities, as well as a variety -of authentication methods. - -The OpenSSH suite includes the ssh program which replaces rlogin and telnet, scp which -replaces rcp, and sftp which replaces ftp. Also included is sshd which is the server side of -the package, and the other basic utilities like ssh-add, ssh-agent, ssh-keysign, ssh-keyscan, -ssh-keygen and sftp-server. OpenSSH supports SSH protocol versions 1.3, 1.5, and 2.0. - - - Disable EC/RC5 algorithms in OpenSSL for patent reasons. - Enable high performance ssh - Add support for storing SSH public keys in LDAP - Use LDNS for DNSSEC/SSHFP validation. - Enable root password logins for live-cd environment. - Include builtin U2F/FIDO support - Support the legacy/weak SSH1 protocol - Enable additional crypto algorithms via OpenSSL - Adds support for X.509 certificate authentication - Enable XMSS post-quantum authentication algorithm - - - cpe:/a:openssh:openssh - hpnssh - - diff --git a/net-misc/openssh/openssh-8.2_p1-r6.ebuild b/net-misc/openssh/openssh-8.2_p1-r6.ebuild deleted file mode 100644 index 1c76f42fe..000000000 --- a/net-misc/openssh/openssh-8.2_p1-r6.ebuild +++ /dev/null @@ -1,494 +0,0 @@ -# Copyright 1999-2020 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -EAPI=7 - -inherit user-info flag-o-matic multilib autotools pam systemd toolchain-funcs - -# Make it more portable between straight releases -# and _p? releases. -PARCH=${P/_} -HPN_PV="8.1_P1" - -HPN_VER="14.20" -HPN_PATCHES=( - ${PN}-${HPN_PV/./_}-hpn-DynWinNoneSwitch-${HPN_VER}.diff - ${PN}-${HPN_PV/./_}-hpn-AES-CTR-${HPN_VER}.diff - ${PN}-${HPN_PV/./_}-hpn-PeakTput-${HPN_VER}.diff -) - -SCTP_VER="1.2" SCTP_PATCH="${PARCH}-sctp-${SCTP_VER}.patch.xz" -X509_VER="12.4.3" X509_PATCH="${PARCH}+x509-${X509_VER}.diff.gz" - -DESCRIPTION="Port of OpenBSD's free SSH release" -HOMEPAGE="https://www.openssh.com/" -SRC_URI="mirror://openbsd/OpenSSH/portable/${PARCH}.tar.gz - ${SCTP_PATCH:+sctp? ( https://dev.gentoo.org/~chutzpah/dist/openssh/${SCTP_PATCH} )} - ${HPN_VER:+hpn? ( $(printf "mirror://sourceforge/hpnssh/HPN-SSH%%20${HPN_VER/./v}%%20${HPN_PV/_P/p}/%s\n" "${HPN_PATCHES[@]}") )} - ${X509_PATCH:+X509? ( https://roumenpetrov.info/openssh/x509-${X509_VER}/${X509_PATCH} )} -" -S="${WORKDIR}/${PARCH}" - -LICENSE="BSD GPL-2" -SLOT="0" -KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~ppc-aix ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris" -# Probably want to drop ssl defaulting to on in a future version. -IUSE="abi_mips_n32 audit bindist debug hpn kerberos kernel_linux ldns libedit libressl livecd pam +pie sctp security-key selinux +ssl static test X X509 xmss" - -RESTRICT="!test? ( test )" - -REQUIRED_USE=" - ldns? ( ssl ) - pie? ( !static ) - static? ( !kerberos !pam ) - X509? ( !sctp !security-key ssl !xmss ) - xmss? ( || ( ssl libressl ) ) - test? ( ssl ) -" - -LIB_DEPEND=" - audit? ( sys-process/audit[static-libs(+)] ) - ldns? ( - net-libs/ldns[static-libs(+)] - !bindist? ( net-libs/ldns[ecdsa,ssl(+)] ) - bindist? ( net-libs/ldns[-ecdsa,ssl(+)] ) - ) - libedit? ( dev-libs/libedit:=[static-libs(+)] ) - sctp? ( net-misc/lksctp-tools[static-libs(+)] ) - security-key? ( dev-libs/libfido2:=[static-libs(+)] ) - selinux? ( >=sys-libs/libselinux-1.28[static-libs(+)] ) - ssl? ( - !libressl? ( - || ( - ( - >=dev-libs/openssl-1.0.1:0[bindist=] - =dev-libs/openssl-1.1.0g:0[bindist=] - ) - dev-libs/openssl:0=[static-libs(+)] - ) - libressl? ( dev-libs/libressl:0=[static-libs(+)] ) - ) - virtual/libcrypt:=[static-libs(+)] - >=sys-libs/zlib-1.2.3:=[static-libs(+)] -" -RDEPEND=" - acct-group/sshd - acct-user/sshd - !static? ( ${LIB_DEPEND//\[static-libs(+)]} ) - pam? ( sys-libs/pam ) - kerberos? ( virtual/krb5 ) -" -DEPEND="${RDEPEND} - static? ( ${LIB_DEPEND} ) - virtual/os-headers -" -RDEPEND="${RDEPEND} - pam? ( >=sys-auth/pambase-20081028 ) - userland_GNU? ( !prefix? ( sys-apps/shadow ) ) - X? ( x11-apps/xauth ) -" -BDEPEND=" - virtual/pkgconfig - sys-devel/autoconf -" - -pkg_pretend() { - # this sucks, but i'd rather have people unable to `emerge -u openssh` - # than not be able to log in to their server any more - maybe_fail() { [[ -z ${!2} ]] && echo "$1" ; } - local fail=" - $(use hpn && maybe_fail hpn HPN_VER) - $(use sctp && maybe_fail sctp SCTP_PATCH) - $(use X509 && maybe_fail X509 X509_PATCH) - " - fail=$(echo ${fail}) - if [[ -n ${fail} ]] ; then - eerror "Sorry, but this version does not yet support features" - eerror "that you requested: ${fail}" - eerror "Please mask ${PF} for now and check back later:" - eerror " # echo '=${CATEGORY}/${PF}' >> /etc/portage/package.mask" - die "booooo" - fi - - # Make sure people who are using tcp wrappers are notified of its removal. #531156 - if grep -qs '^ *sshd *:' "${EROOT}"/etc/hosts.{allow,deny} ; then - ewarn "Sorry, but openssh no longer supports tcp-wrappers, and it seems like" - ewarn "you're trying to use it. Update your ${EROOT}/etc/hosts.{allow,deny} please." - fi -} - -src_prepare() { - sed -i \ - -e "/_PATH_XAUTH/s:/usr/X11R6/bin/xauth:${EPREFIX}/usr/bin/xauth:" \ - pathnames.h || die - - # don't break .ssh/authorized_keys2 for fun - sed -i '/^AuthorizedKeysFile/s:^:#:' sshd_config || die - - eapply "${FILESDIR}"/${PN}-7.9_p1-include-stdlib.patch - eapply "${FILESDIR}"/${PN}-8.2_p1-GSSAPI-dns.patch #165444 integrated into gsskex - eapply "${FILESDIR}"/${PN}-6.7_p1-openssl-ignore-status.patch - eapply "${FILESDIR}"/${PN}-7.5_p1-disable-conch-interop-tests.patch - eapply "${FILESDIR}"/${PN}-8.0_p1-fix-putty-tests.patch - eapply "${FILESDIR}"/${PN}-8.0_p1-deny-shmget-shmat-shmdt-in-preauth-privsep-child.patch - - [[ -d ${WORKDIR}/patches ]] && eapply "${WORKDIR}"/patches - - local PATCHSET_VERSION_MACROS=() - - if use X509 ; then - pushd "${WORKDIR}" &>/dev/null || die - eapply "${FILESDIR}/${P}-X509-glue-"${X509_VER}".patch" - popd &>/dev/null || die - - eapply "${WORKDIR}"/${X509_PATCH%.*} - eapply "${FILESDIR}"/${P}-X509-${X509_VER}-tests.patch - - # We need to patch package version or any X.509 sshd will reject our ssh client - # with "userauth_pubkey: could not parse key: string is too large [preauth]" - # error - einfo "Patching package version for X.509 patch set ..." - sed -i \ - -e "s/^AC_INIT(\[OpenSSH\], \[Portable\]/AC_INIT([OpenSSH], [${X509_VER}]/" \ - "${S}"/configure.ac || die "Failed to patch package version for X.509 patch" - - einfo "Patching version.h to expose X.509 patch set ..." - sed -i \ - -e "/^#define SSH_PORTABLE.*/a #define SSH_X509 \"-PKIXSSH-${X509_VER}\"" \ - "${S}"/version.h || die "Failed to sed-in X.509 patch version" - PATCHSET_VERSION_MACROS+=( 'SSH_X509' ) - fi - - if use sctp ; then - eapply "${WORKDIR}"/${SCTP_PATCH%.*} - - einfo "Patching version.h to expose SCTP patch set ..." - sed -i \ - -e "/^#define SSH_PORTABLE/a #define SSH_SCTP \"-sctp-${SCTP_VER}\"" \ - "${S}"/version.h || die "Failed to sed-in SCTP patch version" - PATCHSET_VERSION_MACROS+=( 'SSH_SCTP' ) - - einfo "Disabling know failing test (cfgparse) caused by SCTP patch ..." - sed -i \ - -e "/\t\tcfgparse \\\/d" \ - "${S}"/regress/Makefile || die "Failed to disable known failing test (cfgparse) caused by SCTP patch" - fi - - if use hpn ; then - local hpn_patchdir="${T}/${P}-hpn${HPN_VER}" - mkdir "${hpn_patchdir}" || die - cp $(printf -- "${DISTDIR}/%s\n" "${HPN_PATCHES[@]}") "${hpn_patchdir}" || die - pushd "${hpn_patchdir}" &>/dev/null || die - eapply "${FILESDIR}"/${P}-hpn-${HPN_VER}-glue.patch - if use X509; then - # einfo "Will disable MT AES cipher due to incompatbility caused by X509 patch set" - # # X509 and AES-CTR-MT don't get along, let's just drop it - # rm openssh-${HPN_PV//./_}-hpn-AES-CTR-${HPN_VER}.diff || die - eapply "${FILESDIR}"/${P}-hpn-${HPN_VER}-X509-glue.patch - fi - use sctp && eapply "${FILESDIR}"/${P}-hpn-${HPN_VER}-sctp-glue.patch - popd &>/dev/null || die - - eapply "${hpn_patchdir}" - - use X509 || eapply "${FILESDIR}/openssh-8.0_p1-hpn-version.patch" - - einfo "Patching Makefile.in for HPN patch set ..." - sed -i \ - -e "/^LIBS=/ s/\$/ -lpthread/" \ - "${S}"/Makefile.in || die "Failed to patch Makefile.in" - - einfo "Patching version.h to expose HPN patch set ..." - sed -i \ - -e "/^#define SSH_PORTABLE/a #define SSH_HPN \"-hpn${HPN_VER//./v}\"" \ - "${S}"/version.h || die "Failed to sed-in HPN patch version" - PATCHSET_VERSION_MACROS+=( 'SSH_HPN' ) - - if [[ -n "${HPN_DISABLE_MTAES}" ]] ; then - einfo "Disabling known non-working MT AES cipher per default ..." - - cat > "${T}"/disable_mtaes.conf <<- EOF - - # HPN's Multi-Threaded AES CTR cipher is currently known to be broken - # and therefore disabled per default. - DisableMTAES yes - EOF - sed -i \ - -e "/^#HPNDisabled.*/r ${T}/disable_mtaes.conf" \ - "${S}"/sshd_config || die "Failed to disabled MT AES ciphers in sshd_config" - - sed -i \ - -e "/AcceptEnv.*_XXX_TEST$/a \\\tDisableMTAES\t\tyes" \ - "${S}"/regress/test-exec.sh || die "Failed to disable MT AES ciphers in test config" - fi - fi - - if use X509 || use sctp || use hpn ; then - einfo "Patching sshconnect.c to use SSH_RELEASE in send_client_banner() ..." - sed -i \ - -e "s/PROTOCOL_MAJOR_2, PROTOCOL_MINOR_2, SSH_VERSION/PROTOCOL_MAJOR_2, PROTOCOL_MINOR_2, SSH_RELEASE/" \ - "${S}"/sshconnect.c || die "Failed to patch send_client_banner() to use SSH_RELEASE (sshconnect.c)" - - einfo "Patching sshd.c to use SSH_RELEASE in sshd_exchange_identification() ..." - sed -i \ - -e "s/PROTOCOL_MAJOR_2, PROTOCOL_MINOR_2, SSH_VERSION/PROTOCOL_MAJOR_2, PROTOCOL_MINOR_2, SSH_RELEASE/" \ - "${S}"/sshd.c || die "Failed to patch sshd_exchange_identification() to use SSH_RELEASE (sshd.c)" - - einfo "Patching version.h to add our patch sets to SSH_RELEASE ..." - sed -i \ - -e "s/^#define SSH_RELEASE.*/#define SSH_RELEASE SSH_VERSION SSH_PORTABLE ${PATCHSET_VERSION_MACROS[*]}/" \ - "${S}"/version.h || die "Failed to patch SSH_RELEASE (version.h)" - fi - - sed -i \ - -e "/#UseLogin no/d" \ - "${S}"/sshd_config || die "Failed to remove removed UseLogin option (sshd_config)" - - eapply_user #473004 - - tc-export PKG_CONFIG - local sed_args=( - -e "s:-lcrypto:$(${PKG_CONFIG} --libs openssl):" - # Disable PATH reset, trust what portage gives us #254615 - -e 's:^PATH=/:#PATH=/:' - # Disable fortify flags ... our gcc does this for us - -e 's:-D_FORTIFY_SOURCE=2::' - ) - - # The -ftrapv flag ICEs on hppa #505182 - use hppa && sed_args+=( - -e '/CFLAGS/s:-ftrapv:-fdisable-this-test:' - -e '/OSSH_CHECK_CFLAG_LINK.*-ftrapv/d' - ) - # _XOPEN_SOURCE causes header conflicts on Solaris - [[ ${CHOST} == *-solaris* ]] && sed_args+=( - -e 's/-D_XOPEN_SOURCE//' - ) - sed -i "${sed_args[@]}" configure{.ac,} || die - - eautoreconf -} - -src_configure() { - addwrite /dev/ptmx - - use debug && append-cppflags -DSANDBOX_SECCOMP_FILTER_DEBUG - use static && append-ldflags -static - use xmss && append-cflags -DWITH_XMSS - - local myconf=( - --with-ldflags="${LDFLAGS}" - --disable-strip - --with-pid-dir="${EPREFIX}"$(usex kernel_linux '' '/var')/run - --sysconfdir="${EPREFIX}"/etc/ssh - --libexecdir="${EPREFIX}"/usr/$(get_libdir)/misc - --datadir="${EPREFIX}"/usr/share/openssh - --with-privsep-path="${EPREFIX}"/var/empty - --with-privsep-user=sshd - $(use_with audit audit linux) - $(use_with kerberos kerberos5 "${EPREFIX}"/usr) - # We apply the sctp patch conditionally, so can't pass --without-sctp - # unconditionally else we get unknown flag warnings. - $(use sctp && use_with sctp) - $(use_with ldns ldns "${EPREFIX}"/usr) - $(use_with libedit) - $(use_with pam) - $(use_with pie) - $(use_with selinux) - $(use_with security-key security-key-builtin) - $(use_with ssl openssl) - $(use_with ssl md5-passwords) - $(use_with ssl ssl-engine) - $(use_with !elibc_Cygwin hardening) #659210 - ) - - # stackprotect is broken on musl x86 and ppc - use elibc_musl && ( use x86 || use ppc ) && myconf+=( --without-stackprotect ) - - # The seccomp sandbox is broken on x32, so use the older method for now. #553748 - use amd64 && [[ ${ABI} == "x32" ]] && myconf+=( --with-sandbox=rlimit ) - - econf "${myconf[@]}" -} - -src_test() { - local t skipped=() failed=() passed=() - local tests=( interop-tests compat-tests ) - - local shell=$(egetshell "${UID}") - if [[ ${shell} == */nologin ]] || [[ ${shell} == */false ]] ; then - elog "Running the full OpenSSH testsuite requires a usable shell for the 'portage'" - elog "user, so we will run a subset only." - skipped+=( tests ) - else - tests+=( tests ) - fi - - # It will also attempt to write to the homedir .ssh. - local sshhome=${T}/homedir - mkdir -p "${sshhome}"/.ssh - for t in "${tests[@]}" ; do - # Some tests read from stdin ... - HOMEDIR="${sshhome}" HOME="${sshhome}" SUDO="" \ - emake -k -j1 ${t} > "${ED}"/etc/ssh/sshd_config - - # Allow client to pass locale environment variables. #367017 - AcceptEnv ${locale_vars[*]} - - # Allow client to pass COLORTERM to match TERM. #658540 - AcceptEnv COLORTERM - EOF - - # Then the client config. - cat <<-EOF >> "${ED}"/etc/ssh/ssh_config - - # Send locale environment variables. #367017 - SendEnv ${locale_vars[*]} - - # Send COLORTERM to match TERM. #658540 - SendEnv COLORTERM - EOF - - if use pam ; then - sed -i \ - -e "/^#UsePAM /s:.*:UsePAM yes:" \ - -e "/^#PasswordAuthentication /s:.*:PasswordAuthentication no:" \ - -e "/^#PrintMotd /s:.*:PrintMotd no:" \ - -e "/^#PrintLastLog /s:.*:PrintLastLog no:" \ - "${ED}"/etc/ssh/sshd_config || die - fi - - if use livecd ; then - sed -i \ - -e '/^#PermitRootLogin/c# Allow root login with password on livecds.\nPermitRootLogin Yes' \ - "${ED}"/etc/ssh/sshd_config || die - fi -} - -src_install() { - emake install-nokeys DESTDIR="${D}" - fperms 600 /etc/ssh/sshd_config - dobin contrib/ssh-copy-id - newinitd "${FILESDIR}"/sshd-r1.initd sshd - newconfd "${FILESDIR}"/sshd-r1.confd sshd - - newpamd "${FILESDIR}"/sshd.pam_include.2 sshd - - tweak_ssh_configs - - doman contrib/ssh-copy-id.1 - dodoc CREDITS OVERVIEW README* TODO sshd_config - use hpn && dodoc HPN-README - use X509 || dodoc ChangeLog - - diropts -m 0700 - dodir /etc/skel/.ssh - - keepdir /var/empty - - systemd_dounit "${FILESDIR}"/sshd.{service,socket} - systemd_newunit "${FILESDIR}"/sshd_at.service 'sshd@.service' -} - -pkg_preinst() { - if ! use ssl && has_version "${CATEGORY}/${PN}[ssl]"; then - show_ssl_warning=1 - fi -} - -pkg_postinst() { - local old_ver - for old_ver in ${REPLACING_VERSIONS}; do - if ver_test "${old_ver}" -lt "5.8_p1"; then - elog "Starting with openssh-5.8p1, the server will default to a newer key" - elog "algorithm (ECDSA). You are encouraged to manually update your stored" - elog "keys list as servers update theirs. See ssh-keyscan(1) for more info." - fi - if ver_test "${old_ver}" -lt "7.0_p1"; then - elog "Starting with openssh-6.7, support for USE=tcpd has been dropped by upstream." - elog "Make sure to update any configs that you might have. Note that xinetd might" - elog "be an alternative for you as it supports USE=tcpd." - fi - if ver_test "${old_ver}" -lt "7.1_p1"; then #557388 #555518 - elog "Starting with openssh-7.0, support for ssh-dss keys were disabled due to their" - elog "weak sizes. If you rely on these key types, you can re-enable the key types by" - elog "adding to your sshd_config or ~/.ssh/config files:" - elog " PubkeyAcceptedKeyTypes=+ssh-dss" - elog "You should however generate new keys using rsa or ed25519." - - elog "Starting with openssh-7.0, the default for PermitRootLogin changed from 'yes'" - elog "to 'prohibit-password'. That means password auth for root users no longer works" - elog "out of the box. If you need this, please update your sshd_config explicitly." - fi - if ver_test "${old_ver}" -lt "7.6_p1"; then - elog "Starting with openssh-7.6p1, openssh upstream has removed ssh1 support entirely." - elog "Furthermore, rsa keys with less than 1024 bits will be refused." - fi - if ver_test "${old_ver}" -lt "7.7_p1"; then - elog "Starting with openssh-7.7p1, we no longer patch openssh to provide LDAP functionality." - elog "Install sys-auth/ssh-ldap-pubkey and use OpenSSH's \"AuthorizedKeysCommand\" option" - elog "if you need to authenticate against LDAP." - elog "See https://wiki.gentoo.org/wiki/SSH/LDAP_migration for more details." - fi - if ver_test "${old_ver}" -lt "8.2_p1"; then - ewarn "After upgrading to openssh-8.2p1 please restart sshd, otherwise you" - ewarn "will not be able to establish new sessions. Restarting sshd over a ssh" - ewarn "connection is generally safe." - fi - done - - if [[ -n ${show_ssl_warning} ]]; then - elog "Be aware that by disabling openssl support in openssh, the server and clients" - elog "no longer support dss/rsa/ecdsa keys. You will need to generate ed25519 keys" - elog "and update all clients/servers that utilize them." - fi - - if use hpn && [[ -n "${HPN_DISABLE_MTAES}" ]] ; then - elog "" - elog "HPN's multi-threaded AES CTR cipher is currently known to be broken" - elog "and therefore disabled at runtime per default." - elog "Make sure your sshd_config is up to date and contains" - elog "" - elog " DisableMTAES yes" - elog "" - elog "Otherwise you maybe unable to connect to this sshd using any AES CTR cipher." - elog "" - fi - - # Sabayon - for old_ver in ${REPLACING_VERSIONS}; do - if ver_test "${old_ver}" -lt "8.2"; then - if systemctl is-active sshd.service > /dev/null; then - ewarn - ewarn "Sabayon modification: restarting sshd" - ewarn "due to bug https://bugs.gentoo.org/709748" - systemctl restart sshd.service - fi - fi - done -} diff --git a/net-wireless/broadcom-sta/Manifest b/net-wireless/broadcom-sta/Manifest deleted file mode 100644 index 58d156ff2..000000000 --- a/net-wireless/broadcom-sta/Manifest +++ /dev/null @@ -1,3 +0,0 @@ -DIST README-broadcom-sta-6.30.223.271.txt 17216 BLAKE2B af6db6e129911d1589d7d6cb7166bee32ce1ca98a4e5c9b3515a44e48681d8a7a7a6b697419b2bcd9c46f0f4ca1f7ece632b63531b4a4ecd91df4f9dddf043c9 SHA512 672ecc5afcd8535a9f8beb4baea5a40c584b7682844e9ff0e4f66b7406b42118a99dce1fcd580118187fdc506781334b8243082def2b78dce916d90c55ab3663 -DIST hybrid-v35-nodebug-pcoem-6_30_223_271.tar.gz 2869247 BLAKE2B 2e3189c468cec50b1a980452a4b2bd0f9657d9adf6fae2a95a8b1c2d1df2f5f6beb4cb903f72f444eddf823fe4375299864cd62191c9d59c4f77598b5d3aa246 SHA512 0361ba30d97bcb1dedf46c11ef1b9a16f09cde3faa6be87b3ccc28679f34183c2fdf511e7c3b5c26b304f6961da454ccf71844b92bbb2f25aa876249496a2f1b -DIST hybrid-v35_64-nodebug-pcoem-6_30_223_271.tar.gz 2928541 BLAKE2B e9d01c1a1a63c07f720e3ee53ee3ef634ab12694135300cb0ce47ade0e9e0084967a0b6df64d983e8184240eb3defb128f650bddb7727e901d50315307f3398a SHA512 6855781f7c69a9aecb9461932423688964879d5a4df571f01ae7adaa7bf21a410bef839605d555afb6c8f4eec92fe8510af6cb120930095617ff6cdcccedaf17 diff --git a/net-wireless/broadcom-sta/broadcom-sta-6.30.223.271-r5.ebuild b/net-wireless/broadcom-sta/broadcom-sta-6.30.223.271-r5.ebuild deleted file mode 100644 index 9cee093d7..000000000 --- a/net-wireless/broadcom-sta/broadcom-sta-6.30.223.271-r5.ebuild +++ /dev/null @@ -1,94 +0,0 @@ -# Copyright 1999-2018 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 - -EAPI=5 -inherit eutils linux-info linux-mod - -DESCRIPTION="Broadcom's IEEE 802.11a/b/g/n hybrid Linux device driver" -HOMEPAGE="https://www.broadcom.com/support/802.11" -SRC_BASE="https://docs.broadcom.com/docs-and-downloads/docs/linux_sta/hybrid-v35" -SRC_URI="x86? ( ${SRC_BASE}-nodebug-pcoem-${PV//\./_}.tar.gz ) - amd64? ( ${SRC_BASE}_64-nodebug-pcoem-${PV//\./_}.tar.gz ) - https://docs.broadcom.com/docs-and-downloads/docs/linux_sta/README_${PV}.txt -> README-${P}.txt" - -LICENSE="Broadcom" -KEYWORDS="-* ~amd64 ~x86" - -RESTRICT="mirror" - -DEPEND="virtual/linux-sources" -RDEPEND="" - -S="${WORKDIR}" - -MODULE_NAMES="wl(net/wireless)" -MODULESD_WL_ALIASES=("wlan0 wl") - -pkg_pretend() { - ewarn - ewarn "If you are stuck using this unmaintained driver (likely in a MacBook)," - ewarn "you may be interested to know that a newer compatible wireless card" - ewarn "is supported by the in-tree brcmfmac driver. It has a model number " - ewarn "BCM943602CS and is for sale on the second hand market for less than " - ewarn "20 USD." - ewarn - ewarn "See https://wikidevi.com/wiki/Broadcom_Wireless_Adapters and" - ewarn " https://wikidevi.com/wiki/Broadcom_BCM943602CS" - ewarn "for more information." - ewarn -} - -pkg_setup() { - # bug #300570 - # NOTE: module builds correctly anyway with b43 and SSB enabled - # make checks non-fatal. The correct fix is blackisting ssb and, perhaps - # b43 via udev rules. Moreover, previous fix broke binpkgs support. - CONFIG_CHECK="~!B43 ~!BCMA ~!SSB" - CONFIG_CHECK2="LIB80211 ~!MAC80211 ~LIB80211_CRYPT_TKIP" - ERROR_B43="B43: If you insist on building this, you must blacklist it!" - ERROR_BCMA="BCMA: If you insist on building this, you must blacklist it!" - ERROR_SSB="SSB: If you insist on building this, you must blacklist it!" - ERROR_LIB80211="LIB80211: Please enable it. If you can't find it: enabling the driver for \"Intel PRO/Wireless 2100\" or \"Intel PRO/Wireless 2200BG\" (IPW2100 or IPW2200) should suffice." - ERROR_MAC80211="MAC80211: If you insist on building this, you must blacklist it!" - ERROR_PREEMPT_RCU="PREEMPT_RCU: Please do not set the Preemption Model to \"Preemptible Kernel\"; choose something else." - ERROR_LIB80211_CRYPT_TKIP="LIB80211_CRYPT_TKIP: You will need this for WPA." - if kernel_is ge 3 8 8; then - CONFIG_CHECK="${CONFIG_CHECK} ${CONFIG_CHECK2} CFG80211 ~!PREEMPT_RCU ~!PREEMPT" - elif kernel_is ge 2 6 32; then - CONFIG_CHECK="${CONFIG_CHECK} ${CONFIG_CHECK2} CFG80211" - elif kernel_is ge 2 6 31; then - CONFIG_CHECK="${CONFIG_CHECK} ${CONFIG_CHECK2} WIRELESS_EXT ~!MAC80211" - elif kernel_is ge 2 6 29; then - CONFIG_CHECK="${CONFIG_CHECK} ${CONFIG_CHECK2} WIRELESS_EXT COMPAT_NET_DEV_OPS" - else - CONFIG_CHECK="${CONFIG_CHECK} IEEE80211 IEEE80211_CRYPT_TKIP" - fi - - linux-mod_pkg_setup - - BUILD_PARAMS="-C ${KV_DIR} M=${S}" - BUILD_TARGETS="wl.ko" -} - -src_prepare() { - epatch \ - "${FILESDIR}/${PN}-6.30.223.141-makefile.patch" \ - "${FILESDIR}/${PN}-6.30.223.141-eth-to-wlan.patch" \ - "${FILESDIR}/${PN}-6.30.223.141-gcc.patch" \ - "${FILESDIR}/${PN}-6.30.223.248-r3-Wno-date-time.patch" \ - "${FILESDIR}/${PN}-6.30.223.271-r1-linux-3.18.patch" \ - "${FILESDIR}/${PN}-6.30.223.271-r2-linux-4.3-v2.patch" \ - "${FILESDIR}/${PN}-6.30.223.271-r4-linux-4.7.patch" \ - "${FILESDIR}/${PN}-6.30.223.271-r4-linux-4.8.patch" \ - "${FILESDIR}/${PN}-6.30.223.271-r4-linux-4.11.patch" \ - "${FILESDIR}/${PN}-6.30.223.271-r4-linux-4.12.patch" \ - "${FILESDIR}/${PN}-6.30.223.271-r5-linux-4.15.patch" - - epatch_user -} - -src_install() { - linux-mod_src_install - - dodoc "${DISTDIR}/README-${P}.txt" -} diff --git a/net-wireless/broadcom-sta/broadcom-sta-6.30.223.271-r6.ebuild b/net-wireless/broadcom-sta/broadcom-sta-6.30.223.271-r6.ebuild deleted file mode 100644 index 15636b4fc..000000000 --- a/net-wireless/broadcom-sta/broadcom-sta-6.30.223.271-r6.ebuild +++ /dev/null @@ -1,91 +0,0 @@ -# Copyright 1999-2018 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 - -EAPI=6 -inherit eutils linux-info linux-mod - -DESCRIPTION="Broadcom's IEEE 802.11a/b/g/n hybrid Linux device driver" -HOMEPAGE="https://www.broadcom.com/support/802.11" -SRC_BASE="https://docs.broadcom.com/docs-and-downloads/docs/linux_sta/hybrid-v35" -SRC_URI="x86? ( ${SRC_BASE}-nodebug-pcoem-${PV//\./_}.tar.gz ) - amd64? ( ${SRC_BASE}_64-nodebug-pcoem-${PV//\./_}.tar.gz ) - https://docs.broadcom.com/docs-and-downloads/docs/linux_sta/README_${PV}.txt -> README-${P}.txt" - -LICENSE="Broadcom" -KEYWORDS="-* ~amd64 ~x86" - -RESTRICT="mirror" - -DEPEND="virtual/linux-sources" -RDEPEND="" - -S="${WORKDIR}" - -MODULE_NAMES="wl(net/wireless)" -MODULESD_WL_ALIASES=("wlan0 wl") - -PATCHES=( - "${FILESDIR}/${PN}-6.30.223.141-eth-to-wlan.patch" - "${FILESDIR}/${PN}-6.30.223.141-gcc.patch" - "${FILESDIR}/${PN}-6.30.223.248-r3-Wno-date-time.patch" - "${FILESDIR}/${PN}-6.30.223.271-r1-linux-3.18.patch" - "${FILESDIR}/${PN}-6.30.223.271-r2-linux-4.3-v2.patch" - "${FILESDIR}/${PN}-6.30.223.271-r4-linux-4.7.patch" - "${FILESDIR}/${PN}-6.30.223.271-r4-linux-4.8.patch" - "${FILESDIR}/${PN}-6.30.223.271-r4-linux-4.11.patch" - "${FILESDIR}/${PN}-6.30.223.271-r4-linux-4.12.patch" - "${FILESDIR}/${PN}-6.30.223.271-r5-linux-4.15.patch" - "${FILESDIR}/${PN}-6.30.223.271-r6-linux-5.1.patch" -) - -pkg_pretend() { - ewarn - ewarn "If you are stuck using this unmaintained driver (likely in a MacBook)," - ewarn "you may be interested to know that a newer compatible wireless card" - ewarn "is supported by the in-tree brcmfmac driver. It has a model number " - ewarn "BCM943602CS and is for sale on the second hand market for less than " - ewarn "20 USD." - ewarn - ewarn "See https://wikidevi.com/wiki/Broadcom_Wireless_Adapters and" - ewarn " https://wikidevi.com/wiki/Broadcom_BCM943602CS" - ewarn "for more information." - ewarn -} - -pkg_setup() { - # bug #300570 - # NOTE: module builds correctly anyway with b43 and SSB enabled - # make checks non-fatal. The correct fix is blackisting ssb and, perhaps - # b43 via udev rules. Moreover, previous fix broke binpkgs support. - CONFIG_CHECK="~!B43 ~!BCMA ~!SSB" - CONFIG_CHECK2="LIB80211 ~!MAC80211 ~LIB80211_CRYPT_TKIP" - ERROR_B43="B43: If you insist on building this, you must blacklist it!" - ERROR_BCMA="BCMA: If you insist on building this, you must blacklist it!" - ERROR_SSB="SSB: If you insist on building this, you must blacklist it!" - ERROR_LIB80211="LIB80211: Please enable it. If you can't find it: enabling the driver for \"Intel PRO/Wireless 2100\" or \"Intel PRO/Wireless 2200BG\" (IPW2100 or IPW2200) should suffice." - ERROR_MAC80211="MAC80211: If you insist on building this, you must blacklist it!" - ERROR_PREEMPT_RCU="PREEMPT_RCU: Please do not set the Preemption Model to \"Preemptible Kernel\"; choose something else." - ERROR_LIB80211_CRYPT_TKIP="LIB80211_CRYPT_TKIP: You will need this for WPA." - if kernel_is ge 3 8 8; then - CONFIG_CHECK="${CONFIG_CHECK} ${CONFIG_CHECK2} CFG80211 ~!PREEMPT_RCU ~!PREEMPT" - elif kernel_is ge 2 6 32; then - CONFIG_CHECK="${CONFIG_CHECK} ${CONFIG_CHECK2} CFG80211" - elif kernel_is ge 2 6 31; then - CONFIG_CHECK="${CONFIG_CHECK} ${CONFIG_CHECK2} WIRELESS_EXT ~!MAC80211" - elif kernel_is ge 2 6 29; then - CONFIG_CHECK="${CONFIG_CHECK} ${CONFIG_CHECK2} WIRELESS_EXT COMPAT_NET_DEV_OPS" - else - CONFIG_CHECK="${CONFIG_CHECK} IEEE80211 IEEE80211_CRYPT_TKIP" - fi - - linux-mod_pkg_setup - - BUILD_PARAMS="-C ${KV_DIR} M=${S}" - BUILD_TARGETS="wl.ko" -} - -src_install() { - linux-mod_src_install - - dodoc "${DISTDIR}/README-${P}.txt" -} diff --git a/net-wireless/broadcom-sta/files/broadcom-sta-6.30.223.141-eth-to-wlan.patch b/net-wireless/broadcom-sta/files/broadcom-sta-6.30.223.141-eth-to-wlan.patch deleted file mode 100644 index b23914a0b..000000000 --- a/net-wireless/broadcom-sta/files/broadcom-sta-6.30.223.141-eth-to-wlan.patch +++ /dev/null @@ -1,12 +0,0 @@ -diff -urN a/src/wl/sys/wl_linux.c b/src/wl/sys/wl_linux.c ---- a/src/wl/sys/wl_linux.c 2013-08-01 09:52:22.000000000 +0300 -+++ b/src/wl/sys/wl_linux.c 2013-09-27 09:20:11.495023471 +0300 -@@ -235,7 +235,7 @@ - #define to_str(s) #s - #define quote_str(s) to_str(s) - --#define BRCM_WLAN_IFNAME eth%d -+#define BRCM_WLAN_IFNAME wlan%d - - static char intf_name[IFNAMSIZ] = quote_str(BRCM_WLAN_IFNAME); - diff --git a/net-wireless/broadcom-sta/files/broadcom-sta-6.30.223.141-gcc.patch b/net-wireless/broadcom-sta/files/broadcom-sta-6.30.223.141-gcc.patch deleted file mode 100644 index b5d7e858d..000000000 --- a/net-wireless/broadcom-sta/files/broadcom-sta-6.30.223.141-gcc.patch +++ /dev/null @@ -1,11 +0,0 @@ -diff -urN a/src/wl/sys/wl_iw.h b/src/wl/sys/wl_iw.h ---- a/src/wl/sys/wl_iw.h 2013-08-01 09:52:22.000000000 +0300 -+++ b/src/wl/sys/wl_iw.h 2013-09-27 09:36:07.808067913 +0300 -@@ -21,6 +21,7 @@ - #ifndef _wl_iw_h_ - #define _wl_iw_h_ - -+#include - #include - - #include diff --git a/net-wireless/broadcom-sta/files/broadcom-sta-6.30.223.141-makefile.patch b/net-wireless/broadcom-sta/files/broadcom-sta-6.30.223.141-makefile.patch deleted file mode 100644 index 09c495d2a..000000000 --- a/net-wireless/broadcom-sta/files/broadcom-sta-6.30.223.141-makefile.patch +++ /dev/null @@ -1,14 +0,0 @@ ---- Makefile.old 2013-04-28 22:42:59.000000000 +0200 -+++ Makefile 2013-04-28 22:45:53.000000000 +0200 -@@ -128,9 +128,9 @@ - - EXTRA_LDFLAGS := $(src)/lib/wlc_hybrid.o_shipped - --KBASE ?= /lib/modules/`uname -r` -+KBASE ?= /lib/modules/${KV_FULL} - KBUILD_DIR ?= $(KBASE)/build --MDEST_DIR ?= $(KBASE)/kernel/drivers/net/wireless -+MDEST_DIR ?= ${D}$(KBASE)/kernel/drivers/net/wireless - - all: - KBUILD_NOPEDANTIC=1 make -C $(KBUILD_DIR) M=`pwd` diff --git a/net-wireless/broadcom-sta/files/broadcom-sta-6.30.223.248-r3-Wno-date-time.patch b/net-wireless/broadcom-sta/files/broadcom-sta-6.30.223.248-r3-Wno-date-time.patch deleted file mode 100644 index f93e3f1d3..000000000 --- a/net-wireless/broadcom-sta/files/broadcom-sta-6.30.223.248-r3-Wno-date-time.patch +++ /dev/null @@ -1,11 +0,0 @@ ---- a/Makefile 2014-06-26 10:42:08.000000000 +0000 -+++ b/Makefile 2014-07-17 22:44:01.662297228 +0000 -@@ -126,6 +126,8 @@ - EXTRA_CFLAGS += -I$(src)/src/shared/bcmwifi/include - #EXTRA_CFLAGS += -DBCMDBG_ASSERT -DBCMDBG_ERR - -+EXTRA_CFLAGS += -Wno-date-time -+ - EXTRA_LDFLAGS := $(src)/lib/wlc_hybrid.o_shipped - - KBASE ?= /lib/modules/`uname -r` diff --git a/net-wireless/broadcom-sta/files/broadcom-sta-6.30.223.271-r1-linux-3.18.patch b/net-wireless/broadcom-sta/files/broadcom-sta-6.30.223.271-r1-linux-3.18.patch deleted file mode 100644 index 9a0e7136c..000000000 --- a/net-wireless/broadcom-sta/files/broadcom-sta-6.30.223.271-r1-linux-3.18.patch +++ /dev/null @@ -1,12 +0,0 @@ ---- a/src/wl/sys/wl_linux.c 2014-06-26 12:42:08.000000000 +0200 -+++ b/src/wl/sys/wl_linux.c 2015-01-22 01:44:58.580453805 +0100 -@@ -2157,8 +2159,8 @@ - wlif = WL_DEV_IF(dev); - wl = WL_INFO(dev); - -+ skb->prev = NULL; - if (WL_ALL_PASSIVE_ENAB(wl) || (WL_RTR() && WL_CONFIG_SMP())) { -- skb->prev = NULL; - - TXQ_LOCK(wl); - diff --git a/net-wireless/broadcom-sta/files/broadcom-sta-6.30.223.271-r2-linux-4.3-v2.patch b/net-wireless/broadcom-sta/files/broadcom-sta-6.30.223.271-r2-linux-4.3-v2.patch deleted file mode 100644 index 588f77ad1..000000000 --- a/net-wireless/broadcom-sta/files/broadcom-sta-6.30.223.271-r2-linux-4.3-v2.patch +++ /dev/null @@ -1,16 +0,0 @@ -diff -ruN a/src/shared/linux_osl.c b/src/shared/linux_osl.c ---- a/src/shared/linux_osl.c 2015-11-26 12:16:23.343091098 -0800 -+++ b/src/shared/linux_osl.c 2015-11-26 12:17:08.657092739 -0800 -@@ -932,7 +932,11 @@ - uint cycles; - - #if defined(__i386__) -- rdtscl(cycles); -+#if LINUX_VERSION_CODE >= KERNEL_VERSION(4, 3, 0) -+ cycles = (u32)rdtsc(); -+#else -+ rdtscl(cycles); -+#endif - #else - cycles = 0; - #endif diff --git a/net-wireless/broadcom-sta/files/broadcom-sta-6.30.223.271-r4-linux-4.11.patch b/net-wireless/broadcom-sta/files/broadcom-sta-6.30.223.271-r4-linux-4.11.patch deleted file mode 100644 index a779f8c84..000000000 --- a/net-wireless/broadcom-sta/files/broadcom-sta-6.30.223.271-r4-linux-4.11.patch +++ /dev/null @@ -1,52 +0,0 @@ -diff --git a/src/wl/sys/wl_cfg80211_hybrid.c b/src/wl/sys/wl_cfg80211_hybrid.c -index a9671e2..da36405 100644 ---- a/src/wl/sys/wl_cfg80211_hybrid.c -+++ b/src/wl/sys/wl_cfg80211_hybrid.c -@@ -30,6 +30,9 @@ - #include - #include - #include -+#if LINUX_VERSION_CODE >= KERNEL_VERSION(4, 11, 0) -+#include -+#endif - #include - #include - #include -diff --git a/src/wl/sys/wl_linux.c b/src/wl/sys/wl_linux.c -index 489c9f5..f8278ad 100644 ---- a/src/wl/sys/wl_linux.c -+++ b/src/wl/sys/wl_linux.c -@@ -117,6 +117,9 @@ int wl_found = 0; - - typedef struct priv_link { - wl_if_t *wlif; -+#if LINUX_VERSION_CODE >= KERNEL_VERSION(4, 11, 0) -+ unsigned long last_rx; -+#endif - } priv_link_t; - - #define WL_DEV_IF(dev) ((wl_if_t*)((priv_link_t*)DEV_PRIV(dev))->wlif) -@@ -2450,6 +2453,9 @@ wl_monitor(wl_info_t *wl, wl_rxsts_t *rxsts, void *p) - { - struct sk_buff *oskb = (struct sk_buff *)p; - struct sk_buff *skb; -+#if LINUX_VERSION_CODE >= KERNEL_VERSION(4, 11, 0) -+ priv_link_t *priv_link; -+#endif - uchar *pdata; - uint len; - -@@ -2916,7 +2922,13 @@ wl_monitor(wl_info_t *wl, wl_rxsts_t *rxsts, void *p) - if (skb == NULL) return; - - skb->dev = wl->monitor_dev; -+#if LINUX_VERSION_CODE >= KERNEL_VERSION(4, 11, 0) -+ priv_link = MALLOC(wl->osh, sizeof(priv_link_t)); -+ priv_link = netdev_priv(skb->dev); -+ priv_link->last_rx = jiffies; -+#else - skb->dev->last_rx = jiffies; -+#endif - #if LINUX_VERSION_CODE >= KERNEL_VERSION(2, 6, 22) - skb_reset_mac_header(skb); - #else diff --git a/net-wireless/broadcom-sta/files/broadcom-sta-6.30.223.271-r4-linux-4.12.patch b/net-wireless/broadcom-sta/files/broadcom-sta-6.30.223.271-r4-linux-4.12.patch deleted file mode 100644 index 94c6253f8..000000000 --- a/net-wireless/broadcom-sta/files/broadcom-sta-6.30.223.271-r4-linux-4.12.patch +++ /dev/null @@ -1,64 +0,0 @@ -diff -ru work.orig/src/wl/sys/wl_cfg80211_hybrid.c work.patched/src/wl/sys/wl_cfg80211_hybrid.c ---- work.orig/src/wl/sys/wl_cfg80211_hybrid.c 2017-06-10 15:50:27.328823384 -0700 -+++ work.patched/src/wl/sys/wl_cfg80211_hybrid.c 2017-06-10 15:52:40.540809187 -0700 -@@ -52,8 +52,13 @@ - u32 wl_dbg_level = WL_DBG_ERR; - #endif - -+#if LINUX_VERSION_CODE >= KERNEL_VERSION(4, 12, 0) -+static s32 wl_cfg80211_change_iface(struct wiphy *wiphy, struct net_device *ndev, -+ enum nl80211_iftype type, struct vif_params *params); -+#else - static s32 wl_cfg80211_change_iface(struct wiphy *wiphy, struct net_device *ndev, - enum nl80211_iftype type, u32 *flags, struct vif_params *params); -+#endif - #if LINUX_VERSION_CODE >= KERNEL_VERSION(3, 6, 0) - static s32 - wl_cfg80211_scan(struct wiphy *wiphy, -@@ -466,7 +471,11 @@ - - static s32 - wl_cfg80211_change_iface(struct wiphy *wiphy, struct net_device *ndev, -+#if LINUX_VERSION_CODE >= KERNEL_VERSION(4, 12, 0) -+ enum nl80211_iftype type, -+#else - enum nl80211_iftype type, u32 *flags, -+#endif - struct vif_params *params) - { - struct wl_cfg80211_priv *wl = wiphy_to_wl(wiphy); -@@ -2361,12 +2370,26 @@ - const wl_event_msg_t *e, void *data) - { - struct wl_cfg80211_connect_info *conn_info = wl_to_conn(wl); -+#if LINUX_VERSION_CODE >= KERNEL_VERSION(4, 12, 0) -+ struct cfg80211_roam_info roam_info = {}; -+#endif - s32 err = 0; - - wl_get_assoc_ies(wl); - memcpy(wl->profile->bssid, &e->addr, ETHER_ADDR_LEN); - memcpy(&wl->bssid, &e->addr, ETHER_ADDR_LEN); - wl_update_bss_info(wl); -+ -+#if LINUX_VERSION_CODE >= KERNEL_VERSION(4, 12, 0) -+ roam_info.channel = &wl->conf->channel, -+ roam_info.bssid = (u8 *)&wl->bssid, -+ roam_info.req_ie = conn_info->req_ie, -+ roam_info.req_ie_len = conn_info->req_ie_len, -+ roam_info.resp_ie = conn_info->resp_ie, -+ roam_info.resp_ie_len = conn_info->resp_ie_len, -+ -+ cfg80211_roamed(ndev, &roam_info, GFP_KERNEL); -+#else - cfg80211_roamed(ndev, - #if LINUX_VERSION_CODE > KERNEL_VERSION(2, 6, 39) - &wl->conf->channel, -@@ -2374,6 +2397,7 @@ - (u8 *)&wl->bssid, - conn_info->req_ie, conn_info->req_ie_len, - conn_info->resp_ie, conn_info->resp_ie_len, GFP_KERNEL); -+#endif - WL_DBG(("Report roaming result\n")); - - set_bit(WL_STATUS_CONNECTED, &wl->status); diff --git a/net-wireless/broadcom-sta/files/broadcom-sta-6.30.223.271-r4-linux-4.7.patch b/net-wireless/broadcom-sta/files/broadcom-sta-6.30.223.271-r4-linux-4.7.patch deleted file mode 100644 index 566680a09..000000000 --- a/net-wireless/broadcom-sta/files/broadcom-sta-6.30.223.271-r4-linux-4.7.patch +++ /dev/null @@ -1,109 +0,0 @@ -Since Linux 4.7, the enum ieee80211_band is no longer used - -This shall cause no problem's since both enums ieee80211_band -and nl80211_band were added in the same commit: -https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit?id=13ae75b103e07304a34ab40c9136e9f53e06475c - -This patch refactors the references of IEEE80211_BAND_* to NL80211_BAND_* - -Reference: -https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit?id=57fbcce37be7c1d2622b56587c10ade00e96afa3 - ---- a/src/wl/sys/wl_cfg80211_hybrid.c 2016-06-13 11:57:36.159340297 -0500 -+++ b/src/wl/sys/wl_cfg80211_hybrid.c 2016-06-13 11:58:18.442323435 -0500 -@@ -236,7 +236,7 @@ - #endif - - #define CHAN2G(_channel, _freq, _flags) { \ -- .band = IEEE80211_BAND_2GHZ, \ -+ .band = NL80211_BAND_2GHZ, \ - .center_freq = (_freq), \ - .hw_value = (_channel), \ - .flags = (_flags), \ -@@ -245,7 +245,7 @@ - } - - #define CHAN5G(_channel, _flags) { \ -- .band = IEEE80211_BAND_5GHZ, \ -+ .band = NL80211_BAND_5GHZ, \ - .center_freq = 5000 + (5 * (_channel)), \ - .hw_value = (_channel), \ - .flags = (_flags), \ -@@ -379,7 +379,7 @@ - }; - - static struct ieee80211_supported_band __wl_band_2ghz = { -- .band = IEEE80211_BAND_2GHZ, -+ .band = NL80211_BAND_2GHZ, - .channels = __wl_2ghz_channels, - .n_channels = ARRAY_SIZE(__wl_2ghz_channels), - .bitrates = wl_g_rates, -@@ -387,7 +387,7 @@ - }; - - static struct ieee80211_supported_band __wl_band_5ghz_a = { -- .band = IEEE80211_BAND_5GHZ, -+ .band = NL80211_BAND_5GHZ, - .channels = __wl_5ghz_a_channels, - .n_channels = ARRAY_SIZE(__wl_5ghz_a_channels), - .bitrates = wl_a_rates, -@@ -395,7 +395,7 @@ - }; - - static struct ieee80211_supported_band __wl_band_5ghz_n = { -- .band = IEEE80211_BAND_5GHZ, -+ .band = NL80211_BAND_5GHZ, - .channels = __wl_5ghz_n_channels, - .n_channels = ARRAY_SIZE(__wl_5ghz_n_channels), - .bitrates = wl_a_rates, -@@ -1876,8 +1876,8 @@ - wdev->wiphy->max_num_pmkids = WL_NUM_PMKIDS_MAX; - #endif - wdev->wiphy->interface_modes = BIT(NL80211_IFTYPE_STATION) | BIT(NL80211_IFTYPE_ADHOC); -- wdev->wiphy->bands[IEEE80211_BAND_2GHZ] = &__wl_band_2ghz; -- wdev->wiphy->bands[IEEE80211_BAND_5GHZ] = &__wl_band_5ghz_a; -+ wdev->wiphy->bands[NL80211_BAND_2GHZ] = &__wl_band_2ghz; -+ wdev->wiphy->bands[NL80211_BAND_5GHZ] = &__wl_band_5ghz_a; - wdev->wiphy->signal_type = CFG80211_SIGNAL_TYPE_MBM; - wdev->wiphy->cipher_suites = __wl_cipher_suites; - wdev->wiphy->n_cipher_suites = ARRAY_SIZE(__wl_cipher_suites); -@@ -2000,7 +2000,7 @@ - #if LINUX_VERSION_CODE >= KERNEL_VERSION(2, 6, 39) - freq = ieee80211_channel_to_frequency(notif_bss_info->channel, - (notif_bss_info->channel <= CH_MAX_2G_CHANNEL) ? -- IEEE80211_BAND_2GHZ : IEEE80211_BAND_5GHZ); -+ NL80211_BAND_2GHZ : NL80211_BAND_5GHZ); - #else - freq = ieee80211_channel_to_frequency(notif_bss_info->channel); - #endif -@@ -2116,7 +2116,7 @@ - return err; - } - chan = wf_chspec_ctlchan(chanspec); -- band = (chan <= CH_MAX_2G_CHANNEL) ? IEEE80211_BAND_2GHZ : IEEE80211_BAND_5GHZ; -+ band = (chan <= CH_MAX_2G_CHANNEL) ? NL80211_BAND_2GHZ : NL80211_BAND_5GHZ; - freq = ieee80211_channel_to_frequency(chan, band); - channel = ieee80211_get_channel(wiphy, freq); - cfg80211_ibss_joined(ndev, (u8 *)&wl->bssid, channel, GFP_KERNEL); -@@ -2250,10 +2250,10 @@ - join_params->params.chanspec_list[0] = - ieee80211_frequency_to_channel(chan->center_freq); - -- if (chan->band == IEEE80211_BAND_2GHZ) { -+ if (chan->band == NL80211_BAND_2GHZ) { - chanspec |= WL_CHANSPEC_BAND_2G; - } -- else if (chan->band == IEEE80211_BAND_5GHZ) { -+ else if (chan->band == NL80211_BAND_5GHZ) { - chanspec |= WL_CHANSPEC_BAND_5G; - } - else { -@@ -2885,7 +2885,7 @@ - - if (phy == 'n' || phy == 'a' || phy == 'v') { - wiphy = wl_to_wiphy(wl); -- wiphy->bands[IEEE80211_BAND_5GHZ] = &__wl_band_5ghz_n; -+ wiphy->bands[NL80211_BAND_5GHZ] = &__wl_band_5ghz_n; - } - - return err; diff --git a/net-wireless/broadcom-sta/files/broadcom-sta-6.30.223.271-r4-linux-4.8.patch b/net-wireless/broadcom-sta/files/broadcom-sta-6.30.223.271-r4-linux-4.8.patch deleted file mode 100644 index 20e8a9ae4..000000000 --- a/net-wireless/broadcom-sta/files/broadcom-sta-6.30.223.271-r4-linux-4.8.patch +++ /dev/null @@ -1,64 +0,0 @@ -From d3f93542326a06d920c6eb89b703384290d37b8b Mon Sep 17 00:00:00 2001 -From: Alberto Milone -Date: Fri, 2 Sep 2016 17:35:34 +0200 -Subject: [PATCH 1/1] Add support for Linux 4.8 - -Orginal author: Krzysztof Kolasa ---- - src/wl/sys/wl_cfg80211_hybrid.c | 22 ++++++++++++++++++++++ - 1 file changed, 22 insertions(+) - -diff --git a/src/wl/sys/wl_cfg80211_hybrid.c b/src/wl/sys/wl_cfg80211_hybrid.c -index 2fc71fe..ec5e472 100644 ---- a/src/wl/sys/wl_cfg80211_hybrid.c -+++ b/src/wl/sys/wl_cfg80211_hybrid.c -@@ -2388,8 +2388,16 @@ wl_bss_connect_done(struct wl_cfg80211_priv *wl, struct net_device *ndev, - s32 err = 0; - - if (wl->scan_request) { -+#if LINUX_VERSION_CODE >= KERNEL_VERSION(4, 8, 0) -+ struct cfg80211_scan_info info = { -+ .aborted = true, -+ }; -+ WL_DBG(("%s: Aborting scan\n", __FUNCTION__)); -+ cfg80211_scan_done(wl->scan_request, &info); -+#else - WL_DBG(("%s: Aborting scan\n", __FUNCTION__)); - cfg80211_scan_done(wl->scan_request, true); -+#endif - wl->scan_request = NULL; - } - -@@ -2490,7 +2498,14 @@ wl_notify_scan_status(struct wl_cfg80211_priv *wl, struct net_device *ndev, - - scan_done_out: - if (wl->scan_request) { -+#if LINUX_VERSION_CODE >= KERNEL_VERSION(4, 8, 0) -+ struct cfg80211_scan_info info = { -+ .aborted = false, -+ }; -+ cfg80211_scan_done(wl->scan_request, &info); -+#else - cfg80211_scan_done(wl->scan_request, false); -+#endif - wl->scan_request = NULL; - } - rtnl_unlock(); -@@ -2909,7 +2924,14 @@ s32 wl_cfg80211_down(struct net_device *ndev) - s32 err = 0; - - if (wl->scan_request) { -+#if LINUX_VERSION_CODE >= KERNEL_VERSION(4, 8, 0) -+ struct cfg80211_scan_info info = { -+ .aborted = true, -+ }; -+ cfg80211_scan_done(wl->scan_request, &info); -+#else - cfg80211_scan_done(wl->scan_request, true); -+#endif - wl->scan_request = NULL; - } - --- -2.7.4 - diff --git a/net-wireless/broadcom-sta/files/broadcom-sta-6.30.223.271-r5-linux-4.15.patch b/net-wireless/broadcom-sta/files/broadcom-sta-6.30.223.271-r5-linux-4.15.patch deleted file mode 100644 index 91c4d8951..000000000 --- a/net-wireless/broadcom-sta/files/broadcom-sta-6.30.223.271-r5-linux-4.15.patch +++ /dev/null @@ -1,63 +0,0 @@ -diff --git a/src/wl/sys/wl_linux.c b/src/wl/sys/wl_linux.c -index 489c9f5..f8278ad 100644 ---- a/src/wl/sys/wl_linux.c -+++ b/src/wl/sys/wl_linux.c -@@ -93,7 +93,11 @@ - - #include - -+#ifdef HAVE_TIMER_SETUP -+static void wl_timer(struct timer_list *list); -+#else - static void wl_timer(ulong data); -+#endif - static void _wl_timer(wl_timer_t *t); - static struct net_device *wl_alloc_linux_if(wl_if_t *wlif); - -@@ -2296,12 +2300,17 @@ - - atomic_dec(&t->wl->callbacks); - } -- -+#ifdef HAVE_TIMER_SETUP -+static void -+wl_timer(struct timer_list *list) -+{ -+ wl_timer_t *t = from_timer(t,list,timer); -+#else - static void - wl_timer(ulong data) - { - wl_timer_t *t = (wl_timer_t *)data; -- -+#endif - if (!WL_ALL_PASSIVE_ENAB(t->wl)) - _wl_timer(t); - else -@@ -2351,10 +2360,13 @@ - } - - bzero(t, sizeof(wl_timer_t)); -- -+#ifdef HAVE_TIMER_SETUP -+ timer_setup(&t->timer, wl_timer,0); -+#else - init_timer(&t->timer); - t->timer.data = (ulong) t; - t->timer.function = wl_timer; -+#endif - t->wl = wl; - t->fn = fn; - t->arg = arg; -diff --git a/src/wl/sys/wl_linux.h b/src/wl/sys/wl_linux.h -index 489c9f5..f8278ad 100644 ---- a/src/wl/sys/wl_linux.h -+++ b/src/wl/sys/wl_linux.h -@@ -190,3 +190,7 @@ - extern struct net_device * wl_netdev_get(wl_info_t *wl); - - #endif -+ -+#if defined(timer_setup) && defined(from_timer) -+#define HAVE_TIMER_SETUP -+#endif diff --git a/net-wireless/broadcom-sta/files/broadcom-sta-6.30.223.271-r6-kernel-ds.patch b/net-wireless/broadcom-sta/files/broadcom-sta-6.30.223.271-r6-kernel-ds.patch deleted file mode 100644 index 0dec5dae2..000000000 --- a/net-wireless/broadcom-sta/files/broadcom-sta-6.30.223.271-r6-kernel-ds.patch +++ /dev/null @@ -1,22 +0,0 @@ ---- src/wl/sys/wl_iw.c.old 2019-05-12 19:20:14.980551538 +1000 -+++ src/wl/sys/wl_iw.c 2019-05-12 19:19:19.815976398 +1000 -@@ -117,7 +117,7 @@ - ifr.ifr_data = (caddr_t) &ioc; - - fs = get_fs(); -- set_fs(get_ds()); -+ set_fs(KERNEL_DS); - #if defined(WL_USE_NETDEV_OPS) - ret = dev->netdev_ops->ndo_do_ioctl(dev, &ifr, SIOCDEVPRIVATE); - #else ---- src/wl/sys/wl_cfg80211_hybrid.c.old 2019-05-12 19:20:56.394980347 +1000 -+++ src/wl/sys/wl_cfg80211_hybrid.c 2019-05-12 19:18:21.852575023 +1000 -@@ -458,7 +458,7 @@ - ifr.ifr_data = (caddr_t)&ioc; - - fs = get_fs(); -- set_fs(get_ds()); -+ set_fs(KERNEL_DS); - #if defined(WL_USE_NETDEV_OPS) - err = dev->netdev_ops->ndo_do_ioctl(dev, &ifr, SIOCDEVPRIVATE); - #else diff --git a/net-wireless/broadcom-sta/files/broadcom-sta-6.30.223.271-r6-linux-5.1.patch b/net-wireless/broadcom-sta/files/broadcom-sta-6.30.223.271-r6-linux-5.1.patch deleted file mode 100644 index 6be2c4f52..000000000 --- a/net-wireless/broadcom-sta/files/broadcom-sta-6.30.223.271-r6-linux-5.1.patch +++ /dev/null @@ -1,15 +0,0 @@ -diff --git a/src/wl/sys/wl_cfg80211_hybrid.c b/src/wl/sys/wl_cfg80211_hybrid.c -index cdf8c01..63b5650 100644 ---- a/src/wl/sys/wl_cfg80211_hybrid.c -+++ b/src/wl/sys/wl_cfg80211_hybrid.c -@@ -52,6 +52,10 @@ u32 wl_dbg_level = WL_DBG_ERR | WL_DBG_INFO; - u32 wl_dbg_level = WL_DBG_ERR; - #endif - -+#if LINUX_VERSION_CODE >= KERNEL_VERSION(5, 1, 0) -+#define get_ds() ((mm_segment_t) { (-1UL) }) -+#endif -+ - #if LINUX_VERSION_CODE >= KERNEL_VERSION(4, 12, 0) - static s32 wl_cfg80211_change_iface(struct wiphy *wiphy, struct net_device *ndev, - enum nl80211_iftype type, struct vif_params *params); diff --git a/net-wireless/broadcom-sta/metadata.xml b/net-wireless/broadcom-sta/metadata.xml deleted file mode 100644 index 29b7c78b1..000000000 --- a/net-wireless/broadcom-sta/metadata.xml +++ /dev/null @@ -1,11 +0,0 @@ - - - - - tomboy64@sina.cn - M.B. - - - ~albertomilone - - diff --git a/net-wireless/gnuradio/Manifest b/net-wireless/gnuradio/Manifest deleted file mode 100644 index e3c7c6657..000000000 --- a/net-wireless/gnuradio/Manifest +++ /dev/null @@ -1 +0,0 @@ -DIST gnuradio-3.8.1.0-rc1.tar.xz 2434744 BLAKE2B d85c72ca06e7e80eb59d82faf8f86f3ec182a14ac8add699619dcf8f0dd97562765c1759d0ee302d2f3bec027d1c2bf48af6631bd6441a0df3ad3bf00d76c79d SHA512 0fbe47b8df62214e4b4095445962ec9874121c4af5a364b292ac3db09cfc762253f35f402f50cf9ff408a3263bf0e635d5674b1867d980bde36063acedfeeffa diff --git a/net-wireless/gnuradio/gnuradio-3.8.1.0_rc1.ebuild b/net-wireless/gnuradio/gnuradio-3.8.1.0_rc1.ebuild deleted file mode 100644 index 29146972a..000000000 --- a/net-wireless/gnuradio/gnuradio-3.8.1.0_rc1.ebuild +++ /dev/null @@ -1,222 +0,0 @@ -# Copyright 1999-2019 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -EAPI=6 -PYTHON_COMPAT=( python2_7 python3_{6,7} ) - -CMAKE_BUILD_TYPE="None" -inherit cmake-utils python-single-r1 virtualx xdg-utils - -DESCRIPTION="Toolkit that provides signal processing blocks to implement software radios" -HOMEPAGE="https://www.gnuradio.org/" -LICENSE="GPL-3" -SLOT="0/${PV}" - -MY_PV=${PV/_rc/-rc} -MY_P=${PN}-${MY_PV} - -if [[ ${PV} =~ "9999" ]]; then - EGIT_REPO_URI="https://www.gnuradio.org/cgit/gnuradio.git" - inherit git-r3 - KEYWORDS="" -else - SRC_URI="https://github.com/gnuradio/gnuradio/releases/download/v${MY_PV}/${MY_P}.tar.xz" - KEYWORDS="amd64 ~x86" -fi - -S="${WORKDIR}/${P/_rc*/}" - -IUSE="+audio +alsa +analog +digital channels doc dtv examples fec +filter grc jack modtool oss performance-counters portaudio +qt5 sdl test trellis -uhd vocoder +utils wavelet zeromq" - -RESTRICT="!test? ( test )" - -REQUIRED_USE="${PYTHON_REQUIRED_USE} - audio? ( || ( alsa oss jack portaudio ) ) - alsa? ( audio ) - jack? ( audio ) - oss? ( audio ) - portaudio? ( audio ) - analog? ( filter ) - channels? ( filter analog qt5 ) - digital? ( filter analog ) - dtv? ( filter analog fec ) - modtool? ( utils ) - qt5? ( filter ) - trellis? ( analog digital ) - uhd? ( filter analog ) - vocoder? ( filter analog ) - wavelet? ( analog ) -" - -RDEPEND="${PYTHON_DEPS} - $(python_gen_cond_dep ' - >=dev-libs/boost-1.53[python,${PYTHON_MULTI_USEDEP}] - dev-python/six[${PYTHON_MULTI_USEDEP}] - ') - >=dev-lang/orc-0.4.12 - dev-libs/log4cpp - sci-libs/fftw:3.0 - >=sci-libs/mpir-3.0.0 - alsa? ( media-libs/alsa-lib ) - fec? ( - >=sci-libs/gsl-1.10 - $(python_gen_cond_dep 'sci-libs/scipy[${PYTHON_MULTI_USEDEP}]') - ) - filter? ( - $(python_gen_cond_dep 'sci-libs/scipy[${PYTHON_MULTI_USEDEP}]') - ) - grc? ( - $(python_gen_cond_dep ' - >=dev-python/mako-0.4.2[${PYTHON_MULTI_USEDEP}] - dev-python/numpy[${PYTHON_MULTI_USEDEP}] - dev-python/pygobject:3[${PYTHON_MULTI_USEDEP}] - dev-python/pyyaml[${PYTHON_MULTI_USEDEP}] - ') - x11-libs/gtk+:3[introspection] - x11-libs/pango[introspection] - ) - jack? ( media-sound/jack-audio-connection-kit ) - portaudio? ( >=media-libs/portaudio-19_pre ) - qt5? ( - $(python_gen_cond_dep 'dev-python/PyQt5[opengl,${PYTHON_MULTI_USEDEP}]') - dev-qt/qtcore:5 - dev-qt/qtgui:5 - x11-libs/qwt:6[qt5(+)] - dev-qt/qtwidgets:5 - ) - sdl? ( >=media-libs/libsdl-1.2.0 ) - trellis? ( - $(python_gen_cond_dep 'sci-libs/scipy[${PYTHON_MULTI_USEDEP}]') - ) - uhd? ( - $(python_gen_cond_dep '>=net-wireless/uhd-3.9.6:=[${PYTHON_SINGLE_USEDEP}]') - ) - utils? ( - $(python_gen_cond_dep ' - dev-python/click[${PYTHON_MULTI_USEDEP}] - dev-python/click-plugins[${PYTHON_MULTI_USEDEP}] - dev-python/mako[${PYTHON_MULTI_USEDEP}] - dev-python/matplotlib[${PYTHON_MULTI_USEDEP}] - ') - ) - vocoder? ( - media-sound/gsm - >=media-libs/codec2-0.8.1 - ) - wavelet? ( sci-libs/gsl ) - zeromq? ( >=net-libs/zeromq-2.1.11 ) -" - -DEPEND="${RDEPEND} - app-text/docbook-xml-dtd:4.2 - >=dev-lang/swig-3.0.8 - virtual/pkgconfig - doc? ( - >=app-doc/doxygen-1.5.7.1 - dev-python/sphinx[${PYTHON_SINGLE_USEDEP}] - ) - grc? ( x11-misc/xdg-utils ) - oss? ( virtual/os-headers ) - test? ( >=dev-util/cppunit-1.9.14 ) - zeromq? ( net-libs/cppzmq ) -" - -src_prepare() { - xdg_environment_reset #534582 - - use !alsa && sed -i 's#version.h#version-nonexistent.h#' cmake/Modules/FindALSA.cmake - use !jack && sed -i 's#jack.h#jack-nonexistent.h#' cmake/Modules/FindJACK.cmake - use !oss && sed -i 's#soundcard.h#oss-nonexistent.h#g' cmake/Modules/FindOSS.cmake - use !portaudio && sed -i 's#portaudio.h#portaudio-nonexistent.h#g' cmake/Modules/FindPORTAUDIO.cmake - - cmake-utils_src_prepare -} - -src_configure() { - #zeromq missing deps isn't fatal - python_export PYTHON_SITEDIR - mycmakeargs=( - -DENABLE_DEFAULT=OFF - -DENABLE_GNURADIO_RUNTIME=ON - -DENABLE_VOLK=ON - -DENABLE_PYTHON=ON - -DENABLE_GR_BLOCKS=ON - -DENABLE_GR_CTRLPORT=ON - -DENABLE_GR_FFT=ON - -DENABLE_GR_AUDIO="$(usex audio)" - -DENABLE_GR_ANALOG="$(usex analog)" - -DENABLE_GR_CHANNELS="$(usex channels)" - -DENABLE_GR_DIGITAL="$(usex digital)" - -DENABLE_DOXYGEN="$(usex doc)" - -DENABLE_SPHINX="$(usex doc)" - -DENABLE_GR_DTV="$(usex dtv)" - -DENABLE_GR_FEC="$(usex fec)" - -DENABLE_GR_FILTER="$(usex filter)" - -DENABLE_GRC="$(usex grc)" - -DENABLE_GR_MODTOOL="$(usex modtool)" - -DENABLE_PERFORMANCE_COUNTERS="$(usex performance-counters)" - -DENABLE_TESTING="$(usex test)" - -DENABLE_GR_TRELLIS="$(usex trellis)" - -DENABLE_GR_UHD="$(usex uhd)" - -DENABLE_GR_UTILS="$(usex utils)" - -DENABLE_GR_VOCODER="$(usex vocoder)" - -DENABLE_GR_WAVELET="$(usex wavelet)" - -DENABLE_GR_QTGUI="$(usex qt5)" - -DENABLE_GR_VIDEO_SDL="$(usex sdl)" - -DENABLE_GR_ZEROMQ="$(usex zeromq)" - -DSYSCONFDIR="${EPREFIX}"/etc - -DPYTHON_EXECUTABLE="${PYTHON}" - -DGR_PYTHON_DIR="${PYTHON_SITEDIR}" - -DGR_PKG_DOC_DIR="${EPREFIX}/usr/share/doc/${PF}" - ) - cmake-utils_src_configure -} - -src_install() { - cmake-utils_src_install - - if use examples ; then - dodir /usr/share/doc/${PF}/ - mv "${ED}"/usr/share/${PN}/examples "${ED}"/usr/share/doc/${PF}/ || die - docompress -x /usr/share/doc/${PF}/examples - else - # It seems that the examples are always installed - rm -rf "${ED}"/usr/share/${PN}/examples || die - fi - - if use doc || use examples; then - # This doesn't appear useful - rm -rf "${ED}"/usr/share/doc/${PF}/xml || die - fi - - # Remove duplicated icons, MIME and desktop files and installation script - rm -rf "${ED}"/usr/share/${PN}/grc/freedesktop || die - rm -f "${ED}"/usr/libexec/${PN}/grc_setup_freedesktop || die - - # Remove incorrectly byte-compiled Python files and replace - find "${ED}"/usr/$(get_libdir) -name "*.py[co]" -exec rm {} \; || die - python_optimize -} - -src_test() -{ - virtx cmake-utils_src_test -} - -pkg_postinst() -{ - if use grc ; then - xdg_desktop_database_update - xdg_icon_cache_update - xdg_mimeinfo_database_update - fi -} - -pkg_postrm() -{ - if use grc ; then - xdg_desktop_database_update - xdg_icon_cache_update - xdg_mimeinfo_database_update - fi -} diff --git a/sys-boot/os-prober/Manifest b/sys-boot/os-prober/Manifest deleted file mode 100644 index cd5fa277d..000000000 --- a/sys-boot/os-prober/Manifest +++ /dev/null @@ -1,2 +0,0 @@ -DIST os-prober_1.71.tar.xz 25540 BLAKE2B 8b55b763fd859cc0a62f10d919a7188eeadfedcbfa45738b25f74a1d4651d0e656ecadbc84b8fd7aad97e75179b64a51e58382f2c8c0bb36acf309fea724470c SHA512 adb7b8cf54c6169510c7ce2bf40e4b659c97eecfb7c1dd149269520ef13cdc2b6587f221fcfcb95c18caf9dba8144bbba561abb158e986ab02f4e0d338317d04 -DIST os-prober_1.77.tar.xz 26660 BLAKE2B cff8d96927cf251e9d8ee95561289e9c49a89fbcf9045e7c7169f73b1eeb151797db7b075ebc14dbbdd96996d007b07001e2843cf835defd675f63595614297b SHA512 4d9c22ccc4d950644a06a17ec4424aca5ff82aeb20052dc389dd451b6b9a1799c5a9438644a29093153730af42066abbbbb78f593f2564314c9adbd43f60e39b diff --git a/sys-boot/os-prober/files/os-prober-1.76-exherbo.patch b/sys-boot/os-prober/files/os-prober-1.76-exherbo.patch deleted file mode 100644 index 6ef83dca2..000000000 --- a/sys-boot/os-prober/files/os-prober-1.76-exherbo.patch +++ /dev/null @@ -1,26 +0,0 @@ -From 09fefdb360b69c2de03a2f1c881db87f924d3c76 Mon Sep 17 00:00:00 2001 -From: Timo Gurr -Date: Mon, 20 Feb 2017 17:33:14 +0100 -Subject: [PATCH] Add Exherbo Linux detection - ---- - os-probes/mounted/common/90linux-distro | 3 +++ - 1 file changed, 3 insertions(+) - -diff --git a/os-probes/mounted/common/90linux-distro b/os-probes/mounted/common/90linux-distro -index badfbb1..41a5553 100755 ---- a/os-probes/mounted/common/90linux-distro -+++ b/os-probes/mounted/common/90linux-distro -@@ -137,6 +137,9 @@ if (ls "$dir"/lib*/ld*.so* && [ -d "$dir/boot" ] || ls "$dir"/usr/lib*/ld*.so*) - elif [ -e "$dir/etc/devuan_version" ]; then - short="Devuan" - long="$(printf "Devuan GNU/Linux (%s)\n" "$(cat "$dir/etc/devuan_version")")" -+ elif [ -e "$dir/etc/exherbo-release" ]; then -+ short="Exherbo" -+ long="Exherbo Linux" - else - short="Linux" - long="unknown Linux distribution" --- -2.11.1 - diff --git a/sys-boot/os-prober/os-prober-1.71.ebuild b/sys-boot/os-prober/os-prober-1.71.ebuild deleted file mode 100644 index 83b93c9e5..000000000 --- a/sys-boot/os-prober/os-prober-1.71.ebuild +++ /dev/null @@ -1,77 +0,0 @@ -# Copyright 1999-2016 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 -# $Id$ - -EAPI=5 - -#inherit eutils multilib toolchain-funcs -inherit toolchain-funcs - -DESCRIPTION="Utility to detect other OSs on a set of drives" -HOMEPAGE="http://packages.debian.org/source/sid/os-prober" -SRC_URI="mirror://debian/pool/main/${PN::1}/${PN}/${PN}_${PV}.tar.xz" - -LICENSE="GPL-3" -SLOT="0" -KEYWORDS="~amd64 ~x86" -IUSE="" - -src_prepare() { - # use default GNU rules - rm Makefile || die 'rm Makefile failed' - # Fix references to grub-mount - sed -i -e 's:grub-mount:grub2-mount:g' \ - common.sh \ - linux-boot-probes/common/50mounted-tests \ - os-probes/common/50mounted-tests || die -} - -src_compile() { - tc-export CC - emake newns -} - -src_install() { - dobin os-prober linux-boot-prober - - # Note: as no shared libraries are installed, /usr/lib is correct - exeinto /usr/lib/os-prober - doexe newns - - insinto /usr/share/os-prober - doins common.sh - - keepdir /var/lib/os-prober - - local debarch=${ARCH%-*} dir - - case ${debarch} in - amd64) debarch=x86 ;; - ppc|ppc64) debarch=powerpc ;; - esac - - for dir in os-probes{,/mounted,/init} linux-boot-probes{,/mounted}; do - exeinto /usr/lib/$dir - doexe $dir/common/* - if [[ -d $dir/$debarch ]]; then - doexe $dir/$debarch/* - fi - if [[ -d $dir/$debarch/efi ]]; then - exeinto /usr/lib/$dir/efi - doexe $dir/$debarch/efi/* - fi - done - - if use amd64 || use x86; then - exeinto /usr/lib/os-probes/mounted - doexe os-probes/mounted/powerpc/20macosx - fi - - dodoc README TODO debian/changelog -} - -pkg_postinst() { - elog "If you intend for os-prober to detect versions of Windows installed on" - elog "NTFS-formatted partitions, your system must be capable of reading the" - elog "NTFS filesystem. One way to do this is by installing sys-fs/ntfs3g" -} diff --git a/sys-boot/os-prober/os-prober-1.77.ebuild b/sys-boot/os-prober/os-prober-1.77.ebuild deleted file mode 100644 index d13fb583d..000000000 --- a/sys-boot/os-prober/os-prober-1.77.ebuild +++ /dev/null @@ -1,92 +0,0 @@ -# Copyright 1999-2020 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 -# $Id$ - -EAPI=7 -inherit readme.gentoo-r1 toolchain-funcs - -DESCRIPTION="Utility to detect other OSs on a set of drives" -HOMEPAGE="http://packages.debian.org/source/sid/os-prober" -SRC_URI="mirror://debian/pool/main/${PN::1}/${PN}/${PN}_${PV}.tar.xz" - -LICENSE="GPL-3" -SLOT="0" -KEYWORDS="~amd64 ~x86" -IUSE="" - -# grub-mount needed per bug #607518 -RDEPEND="sys-boot/grub:2[mount]" -DEPEND="" - -# bug 594250 -QA_MULTILIB_PATHS="usr/lib/os-prober/.*" - -PATCHES=( "${FILESDIR}"/${PN}-1.76-exherbo.patch ) - -DOC_CONTENTS=" - If you intend for os-prober to detect versions of Windows installed on - NTFS-formatted partitions, your system must be capable of reading the - NTFS filesystem. One way to do this is by installing sys-fs/ntfs3g -" - -src_prepare() { - default - # use default GNU rules - rm Makefile || die 'rm Makefile failed' - # Fix references to grub-mount - sed -i -e 's:grub-mount:grub2-mount:g' \ - common.sh \ - linux-boot-probes/common/50mounted-tests \ - os-probes/common/50mounted-tests || die -} - -src_compile() { - tc-export CC - emake newns -} - -src_install() { - dobin os-prober linux-boot-prober - - # Note: as no shared libraries are installed, /usr/lib is correct - exeinto /usr/lib/os-prober - doexe newns - - insinto /usr/share/os-prober - doins common.sh - - keepdir /var/lib/os-prober - - local debarch=${ARCH%-*} dir - - case ${debarch} in - amd64) debarch=x86 ;; - ppc|ppc64) debarch=powerpc ;; - esac - - for dir in os-probes{,/mounted,/init} linux-boot-probes{,/mounted}; do - exeinto /usr/lib/${dir} - doexe ${dir}/common/* - if [[ -d ${dir}/${debarch} ]]; then - doexe ${dir}/${debarch}/* - fi - if [[ -d ${dir}/${debarch}/efi ]]; then - exeinto /usr/lib/${dir}/efi - doexe ${dir}/${debarch}/efi/* - fi - done - - if use amd64 || use x86; then - exeinto /usr/lib/os-probes/mounted - doexe os-probes/mounted/powerpc/20macosx - fi - - einstalldocs - dodoc debian/changelog - - readme.gentoo_create_doc -} - -pkg_postinst() { - readme.gentoo_print_elog -} diff --git a/sys-fs/multipath-tools/Manifest b/sys-fs/multipath-tools/Manifest deleted file mode 100644 index 23af9e77a..000000000 --- a/sys-fs/multipath-tools/Manifest +++ /dev/null @@ -1 +0,0 @@ -DIST multipath-tools-0.5.0.tar.bz2 184024 SHA256 f13cf1eb84e94e83b2019e68f7965526903c13e94246db43965d181668a0a6f9 SHA512 dfad21c45d0f69e39041d30d203a582c8ee8329bf390c51cde10155b3de379e7ad8fead2ac4beb268a924fd7e7dc8e1cf538ea3c70d41479fd8786fa30ba22a9 WHIRLPOOL bc8a365d66d1c5f584de04304125949926d4a1576cba4a00acca0f1333eb13d83318da36d9d88c5dc92691a331d427ad6b99eb1f2983fbc387303dbfdbae11ff diff --git a/sys-fs/multipath-tools/REASONS b/sys-fs/multipath-tools/REASONS deleted file mode 100644 index 40cc893d0..000000000 --- a/sys-fs/multipath-tools/REASONS +++ /dev/null @@ -1 +0,0 @@ -Anaconda 22 requires the mpathconf binary to start. diff --git a/sys-fs/multipath-tools/files/fedora/0001-RH-dont_start_with_no_config.patch b/sys-fs/multipath-tools/files/fedora/0001-RH-dont_start_with_no_config.patch deleted file mode 100644 index e894632ef..000000000 --- a/sys-fs/multipath-tools/files/fedora/0001-RH-dont_start_with_no_config.patch +++ /dev/null @@ -1,16 +0,0 @@ ---- - multipathd/multipathd.service | 1 + - 1 file changed, 1 insertion(+) - -Index: multipath-tools-130222/multipathd/multipathd.service -=================================================================== ---- multipath-tools-130222.orig/multipathd/multipathd.service -+++ multipath-tools-130222/multipathd/multipathd.service -@@ -2,6 +2,7 @@ - Description=Device-Mapper Multipath Device Controller - Before=iscsi.service iscsid.service lvm2-activation-early.service - After=syslog.target -+ConditionPathExists=/etc/multipath.conf - DefaultDependencies=no - Conflicts=shutdown.target - diff --git a/sys-fs/multipath-tools/files/fedora/0002-RH-multipath.rules.patch b/sys-fs/multipath-tools/files/fedora/0002-RH-multipath.rules.patch deleted file mode 100644 index 93940c358..000000000 --- a/sys-fs/multipath-tools/files/fedora/0002-RH-multipath.rules.patch +++ /dev/null @@ -1,52 +0,0 @@ ---- - multipath/Makefile | 3 +++ - multipath/multipath.rules | 24 ++++++++++++++++++++++++ - 2 files changed, 27 insertions(+) - -Index: multipath-tools-130222/multipath/multipath.rules -=================================================================== ---- a/multipath/Makefile -+++ b/multipath/Makefile -@@ -19,12 +19,15 @@ $(EXEC): $(OBJS) - install: - $(INSTALL_PROGRAM) -d $(DESTDIR)$(bindir) - $(INSTALL_PROGRAM) -m 755 $(EXEC) $(DESTDIR)$(bindir)/ -+ $(INSTALL_PROGRAM) -d $(DESTDIR)/lib/udev/rules.d -+ $(INSTALL_PROGRAM) -m 644 multipath.rules $(DESTDIR)/lib/udev/rules.d/62-multipath.rules - $(INSTALL_PROGRAM) -d $(DESTDIR)$(mandir) - $(INSTALL_PROGRAM) -m 644 $(EXEC).8 $(DESTDIR)$(mandir) - $(INSTALL_PROGRAM) -d $(DESTDIR)$(man5dir) - $(INSTALL_PROGRAM) -m 644 $(EXEC).conf.5 $(DESTDIR)$(man5dir) - - uninstall: -+ rm $(DESTDIR)/lib/udev/rules.d/62-multipath.rules - rm $(DESTDIR)$(bindir)/$(EXEC) - rm $(DESTDIR)$(mandir)/$(EXEC).8 - rm $(DESTDIR)$(man5dir)/$(EXEC).conf.5 ---- /dev/null -+++ b/multipath/multipath.rules -@@ -0,0 +1,24 @@ -+# multipath wants the devmaps presented as meaninglful device names -+# so name them after their devmap name -+SUBSYSTEM!="block", GOTO="end_mpath" -+ -+ENV{MPATH_SBIN_PATH}="/sbin" -+TEST!="$env{MPATH_SBIN_PATH}/multipath", ENV{MPATH_SBIN_PATH}="/usr/sbin" -+ -+ACTION=="add", ENV{DEVTYPE}!="partition", \ -+ ENV{DM_MULTIPATH_DEVICE_PATH}!="1", \ -+ TEST=="/etc/multipath.conf", \ -+ PROGRAM=="$env{MPATH_SBIN_PATH}/multipath -c $tempnode", \ -+ ENV{DM_MULTIPATH_DEVICE_PATH}="1" -+ -+ENV{DM_MULTIPATH_DEVICE_PATH}=="1", ENV{DEVTYPE}!="partition", \ -+ RUN+="/sbin/partx -d --nr 1-1024 $env{DEVNAME}" -+ -+KERNEL!="dm-*", GOTO="end_mpath" -+ENV{DM_UUID}=="mpath-?*|part[0-9]*-mpath-?*", OPTIONS+="link_priority=10" -+ACTION!="change", GOTO="end_mpath" -+ENV{DM_UUID}!="mpath-?*", GOTO="end_mpath" -+ENV{DM_SUSPENDED}=="1", GOTO="end_mpath" -+ENV{DM_ACTION}=="PATH_FAILED", GOTO="end_mpath" -+RUN+="$env{MPATH_SBIN_PATH}/kpartx -a $tempnode" -+LABEL="end_mpath" diff --git a/sys-fs/multipath-tools/files/fedora/0004-RH-multipathd-blacklist-all-by-default.patch b/sys-fs/multipath-tools/files/fedora/0004-RH-multipathd-blacklist-all-by-default.patch deleted file mode 100644 index 2dda63c73..000000000 --- a/sys-fs/multipath-tools/files/fedora/0004-RH-multipathd-blacklist-all-by-default.patch +++ /dev/null @@ -1,64 +0,0 @@ -From 61b2002c6b2752c15b431e400cd614edc8c5b039 Mon Sep 17 00:00:00 2001 -From: Fabio M. Di Nitto -Date: Mon, 19 Oct 2009 07:05:45 +0200 -Subject: [PATCH 09/12] RH: multipathd blacklist all by default - -If there is no configuration installed on the system, blacklist -everything by default. - -BZ#528059 - -Signed-off-by: Fabio M. Di Nitto ---- -:100644 100644 e7e962e... 5aa1ab0... M libmultipath/config.c -:100644 100644 86b1320... 7e90e75... M libmultipath/config.h - libmultipath/config.c | 16 ++++++++++++++++ - libmultipath/config.h | 1 + - 2 files changed, 17 insertions(+) - -Index: multipath-tools-130222/libmultipath/config.c -=================================================================== ---- multipath-tools-130222.orig/libmultipath/config.c -+++ multipath-tools-130222/libmultipath/config.c -@@ -21,6 +21,7 @@ - #include "defaults.h" - #include "prio.h" - #include "devmapper.h" -+#include "version.h" - - static int - hwe_strmatch (struct hwentry *hwe1, struct hwentry *hwe2) -@@ -585,6 +586,21 @@ load_config (char * file) - - } else { - init_keywords(); -+ condlog(0, "/etc/multipath.conf does not exist, blacklisting all devices."); -+ condlog(0, "A default multipath.conf file is located at"); -+ condlog(0, "/usr/share/doc/device-mapper-multipath-%d.%d.%d/multipath.conf", MULTIPATH_VERSION(VERSION_CODE)); -+ if (conf->blist_devnode == NULL) { -+ conf->blist_devnode = vector_alloc(); -+ if (!conf->blist_devnode) { -+ condlog(0, "cannot allocate blacklist\n"); -+ goto out; -+ } -+ } -+ if (store_ble(conf->blist_devnode, strdup(".*"), -+ ORIGIN_NO_CONFIG)) { -+ condlog(0, "cannot store default no-config blacklist\n"); -+ goto out; -+ } - } - - /* -Index: multipath-tools-130222/libmultipath/config.h -=================================================================== ---- multipath-tools-130222.orig/libmultipath/config.h -+++ multipath-tools-130222/libmultipath/config.h -@@ -6,6 +6,7 @@ - - #define ORIGIN_DEFAULT 0 - #define ORIGIN_CONFIG 1 -+#define ORIGIN_NO_CONFIG 2 - - /* - * In kernel, fast_io_fail == 0 means immediate failure on rport delete. diff --git a/sys-fs/multipath-tools/files/fedora/0005-RH-add-mpathconf.patch b/sys-fs/multipath-tools/files/fedora/0005-RH-add-mpathconf.patch deleted file mode 100644 index da1454f43..000000000 --- a/sys-fs/multipath-tools/files/fedora/0005-RH-add-mpathconf.patch +++ /dev/null @@ -1,452 +0,0 @@ ---- multipath-tools-0.5.0.orig/libmultipath/config.c -+++ multipath-tools-0.5.0/libmultipath/config.c -@@ -601,6 +601,7 @@ load_config (char * file, struct udev *u - condlog(0, "/etc/multipath.conf does not exist, blacklisting all devices."); - condlog(0, "A default multipath.conf file is located at"); - condlog(0, "/usr/share/doc/device-mapper-multipath-%d.%d.%d/multipath.conf", MULTIPATH_VERSION(VERSION_CODE)); -+ condlog(0, "You can run /sbin/mpathconf to create or modify /etc/multipath.conf"); - if (conf->blist_devnode == NULL) { - conf->blist_devnode = vector_alloc(); - if (!conf->blist_devnode) { ---- multipath-tools-0.5.0.orig/multipath/Makefile -+++ multipath-tools-0.5.0/multipath/Makefile -@@ -19,6 +19,7 @@ $(EXEC): $(OBJS) - install: - $(INSTALL_PROGRAM) -d $(DESTDIR)$(bindir) - $(INSTALL_PROGRAM) -m 755 $(EXEC) $(DESTDIR)$(bindir)/ -+ $(INSTALL_PROGRAM) -m 755 mpathconf $(DESTDIR)$(bindir)/ - $(INSTALL_PROGRAM) -d $(DESTDIR)/lib/udev/rules.d - $(INSTALL_PROGRAM) -m 644 multipath.rules $(DESTDIR)/lib/udev/rules.d/62-multipath.rules - $(INSTALL_PROGRAM) -d $(DESTDIR)$(mandir) -@@ -29,8 +30,10 @@ install: - uninstall: - rm $(DESTDIR)/lib/udev/rules.d/62-multipath.rules - rm $(DESTDIR)$(bindir)/$(EXEC) -+ rm $(DESTDIR)$(bindir)/mpathconf - rm $(DESTDIR)$(mandir)/$(EXEC).8 - rm $(DESTDIR)$(man5dir)/$(EXEC).conf.5 -+ rm $(DESTDIR)$(mandir)/mpathconf.8.gz - - clean: - rm -f core *.o $(EXEC) ---- multipath-tools-0.5.0.orig/multipath/mpathconf -+++ multipath-tools-0.5.0/multipath/mpathconf -@@ -0,0 +1,312 @@ -+#!/bin/sh -+# -+# Copyright (C) 2010 Red Hat, Inc. All rights reserved. -+# -+# This file is part of the device-mapper-multipath package. -+# -+# This copyrighted material is made available to anyone wishing to use, -+# modify, copy, or redistribute it subject to the terms and conditions -+# of the GNU General Public License v.2. -+# -+# You should have received a copy of the GNU General Public License -+# along with this program; if not, write to the Free Software Foundation, -+# Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA -+ -+# -+# Simple editting of /etc/multipath.conf -+# This program was largely ripped off from lvmconf -+# -+ -+unset ENABLE FIND FRIENDLY MODULE MULTIPATHD HAVE_DISABLE HAVE_FIND HAVE_BLACKLIST HAVE_DEFAULTS HAVE_FRIENDLY HAVE_MULTIPATHD HAVE_MODULE SHOW_STATUS CHANGED_CONFIG -+ -+DEFAULT_CONFIGFILE="/usr/share/doc/device-mapper-multipath-0.4.9/multipath.conf" -+CONFIGFILE="/etc/multipath.conf" -+MULTIPATHDIR="/etc/multipath" -+TMPFILE=/etc/multipath/.multipath.conf.tmp -+ -+function usage -+{ -+ echo "usage: $0 " -+ echo "" -+ echo "Commands:" -+ echo "Enable: --enable " -+ echo "Disable: --disable" -+ echo "Set user_friendly_names (Default n): --user_friendly_names " -+ echo "Set find_multipaths (Default n): --find_multipaths " -+ echo "Load the dm-multipath modules on enable (Default y): --with_module " -+ echo "start/stop/reload multipathd (Default n): --with_multipathd " -+ echo "" -+} -+ -+function parse_args -+{ -+ while [ -n "$1" ]; do -+ case $1 in -+ --enable) -+ ENABLE=1 -+ shift -+ ;; -+ --disable) -+ ENABLE=0 -+ shift -+ ;; -+ --user_friendly_names) -+ if [ -n "$2" ]; then -+ FRIENDLY=$2 -+ shift 2 -+ else -+ usage -+ exit 1 -+ fi -+ ;; -+ --find_multipaths) -+ if [ -n "$2" ]; then -+ FIND=$2 -+ shift 2 -+ else -+ usage -+ exit 1 -+ fi -+ ;; -+ --with_module) -+ if [ -n "$2" ]; then -+ MODULE=$2 -+ shift 2 -+ else -+ usage -+ exit 1 -+ fi -+ ;; -+ --with_multipathd) -+ if [ -n "$2" ]; then -+ MULTIPATHD=$2 -+ shift 2 -+ else -+ usage -+ exit 1 -+ fi -+ ;; -+ *) -+ usage -+ exit -+ esac -+ done -+} -+ -+function validate_args -+{ -+ if [ "$ENABLE" = "0" ] && [ -n "$FRIENDLY" -o -n "$FIND" -o -n "$MODULE" ]; then -+ echo "ignoring extra parameters on disable" -+ FRIENDLY="" -+ FIND="" -+ MODULE="" -+ fi -+ if [ -n "$FRIENDLY" ] && [ "$FRIENDLY" != "y" -a "$FRIENDLY" != "n" ]; then -+ echo "--user_friendly_names must be either 'y' or 'n'" -+ exit 1 -+ fi -+ if [ -n "$FIND" ] && [ "$FIND" != "y" -a "$FIND" != "n" ]; then -+ echo "--find_multipaths must be either 'y' or 'n'" -+ exit 1 -+ fi -+ if [ -z "$ENABLE" -a -z "$FIND" -a -z "$FRIENDLY" ]; then -+ SHOW_STATUS=1 -+ fi -+ if [ -n "$MODULE" ] && [ "$MODULE" != "y" -a "$MODULE" != "n" ]; then -+ echo "--with_module must be either 'y' or 'n'" -+ exit 1 -+ fi -+ if [ -n "$MULTIPATHD" ] && [ "$MULTIPATHD" != "y" -a "$MULTIPATHD" != "n" ]; then -+ echo "--with_multipathd must be either 'y' or 'n'" -+ exit 1 -+ fi -+} -+ -+umask 0077 -+ -+parse_args "$@" -+ -+validate_args -+ -+if [ ! -d "$MULTIPATHDIR" ]; then -+ echo "/etc/multipath/ does not exist. failing" -+ exit 1 -+fi -+ -+rm $TMPFILE 2> /dev/null -+if [ -f "$CONFIGFILE" ]; then -+ cp $CONFIGFILE $TMPFILE -+elif [ -f "$DEFAULT_CONFIGFILE" ]; then -+ cp $DEFAULT_CONFIGFILE $TMPFILE -+else -+ touch $TMPFILE -+fi -+ -+if grep -q "^blacklist[[:space:]]*{" $TMPFILE ; then -+ HAVE_BLACKLIST=1 -+fi -+ -+if grep -q "^defaults[[:space:]]*{" $TMPFILE ; then -+ HAVE_DEFAULTS=1 -+fi -+ -+if [ -z "$MODULE" -o "$MODULE" = "y" ]; then -+ if lsmod | grep -q "dm_multipath" ; then -+ HAVE_MODULE=1 -+ else -+ HAVE_MODULE=0 -+ fi -+fi -+ -+if [ "$MULTIPATHD" = "y" ]; then -+ if service multipathd status > /dev/null ; then -+ HAVE_MULTIPATHD=1 -+ else -+ HAVE_MULTIPATHD=0 -+ fi -+fi -+ -+if [ "$HAVE_BLACKLIST" = "1" ]; then -+ if sed -n '/^blacklist[[:space:]]*{/,/^}/ p' $TMPFILE | grep -q "^[[:space:]]*devnode \"\.\?\*\"" ; then -+ HAVE_DISABLE=1 -+ elif sed -n '/^blacklist[[:space:]]*{/,/^}/ p' $TMPFILE | grep -q "^[[:space:]]*#[#[:space:]]*devnode \"\.\?\*\"" ; then -+ HAVE_DISABLE=0 -+ fi -+fi -+ -+if [ "$HAVE_DEFAULTS" = "1" ]; then -+ if sed -n '/^defaults[[:space:]]*{/,/^}/ p' $TMPFILE | grep -q "^[[:space:]]*find_multipaths[[:space:]]*\(yes\|1\)" ; then -+ HAVE_FIND=1 -+ elif sed -n '/^defaults[[:space:]]*{/,/^}/ p' $TMPFILE | grep -q "^[[:space:]]*find_multipaths[[:space:]]*\(no\|0\)" ; then -+ HAVE_FIND=0 -+ fi -+ if sed -n '/^defaults[[:space:]]*{/,/^}/ p' $TMPFILE | grep -q "^[[:space:]]*user_friendly_names[[:space:]]*\(yes\|1\)" ; then -+ HAVE_FRIENDLY=1 -+ elif sed -n '/^defaults[[:space:]]*{/,/^}/ p' $TMPFILE | grep -q "^[[:space:]]*user_friendly_names[[:space:]]*\(no\|0\)" ; then -+ HAVE_FRIENDLY=0 -+ fi -+fi -+ -+if [ -n "$SHOW_STATUS" ]; then -+ if [ -z "$HAVE_DISABLE" -o "$HAVE_DISABLE" = 0 ]; then -+ echo "multipath is enabled" -+ else -+ echo "multipath is disabled" -+ fi -+ if [ -z "$HAVE_FIND" -o "$HAVE_FIND" = 0 ]; then -+ echo "find_multipaths is disabled" -+ else -+ echo "find_multipaths is enabled" -+ fi -+ if [ -z "$HAVE_FRIENDLY" -o "$HAVE_FRIENDLY" = 0 ]; then -+ echo "user_friendly_names is disabled" -+ else -+ echo "user_friendly_names is enabled" -+ fi -+ if [ -n "$HAVE_MODULE" ]; then -+ if [ "$HAVE_MODULE" = 1 ]; then -+ echo "dm_multipath module is loaded" -+ else -+ echo "dm_multipath module is not loaded" -+ fi -+ fi -+ if [ -n "$HAVE_MULTIPATHD" ]; then -+ service multipathd status -+ fi -+ exit 0 -+fi -+ -+if [ -z "$HAVE_BLACKLIST" ]; then -+ cat >> $TMPFILE <<- _EOF_ -+ -+blacklist { -+} -+_EOF_ -+fi -+ -+if [ -z "$HAVE_DEFAULTS" ]; then -+ cat >> $TMPFILE <<- _EOF_ -+ -+defaults { -+} -+_EOF_ -+fi -+ -+if [ "$ENABLE" = 1 ]; then -+ if [ "$HAVE_DISABLE" = 1 ]; then -+ sed -i '/^blacklist[[:space:]]*{/,/^}/ s/^[[:space:]]*devnode \"\.\?\*\"/# devnode ".*"/' $TMPFILE -+ fi -+elif [ "$ENABLE" = 0 ]; then -+ if [ -z "$HAVE_DISABLE" ]; then -+ sed -i '/^blacklist[[:space:]]*{/ a\ -+ devnode "*" -+' $TMPFILE -+ elif [ "$HAVE_DISABLE" = 0 ]; then -+ sed -i '/^blacklist[[:space:]]*{/,/^}/ s/^[[:space:]]*#[#[:space:]]*devnode \"\.\?\*\"/ devnode ".*"/' $TMPFILE -+ fi -+fi -+ -+if [ "$FIND" = "n" ]; then -+ if [ "$HAVE_FIND" = 1 ]; then -+ sed -i '/^defaults[[:space:]]*{/,/^}/ s/^[[:space:]]*find_multipaths[[:space:]]*\(yes\|1\)/ find_multipaths no/' $TMPFILE -+ CHANGED_CONFIG=1 -+ fi -+elif [ "$FIND" = "y" ]; then -+ if [ -z "$HAVE_FIND" ]; then -+ sed -i '/^defaults[[:space:]]*{/ a\ -+ find_multipaths yes -+' $TMPFILE -+ CHANGED_CONFIG=1 -+ elif [ "$HAVE_FIND" = 0 ]; then -+ sed -i '/^defaults[[:space:]]*{/,/^}/ s/^[[:space:]]*find_multipaths[[:space:]]*\(no\|0\)/ find_multipaths yes/' $TMPFILE -+ CHANGED_CONFIG=1 -+ fi -+fi -+ -+if [ "$FRIENDLY" = "n" ]; then -+ if [ "$HAVE_FRIENDLY" = 1 ]; then -+ sed -i '/^defaults[[:space:]]*{/,/^}/ s/^[[:space:]]*user_friendly_names[[:space:]]*\(yes\|1\)/ user_friendly_names no/' $TMPFILE -+ CHANGED_CONFIG=1 -+ fi -+elif [ "$FRIENDLY" = "y" ]; then -+ if [ -z "$HAVE_FRIENDLY" ]; then -+ sed -i '/^defaults[[:space:]]*{/ a\ -+ user_friendly_names yes -+' $TMPFILE -+ CHANGED_CONFIG=1 -+ elif [ "$HAVE_FRIENDLY" = 0 ]; then -+ sed -i '/^defaults[[:space:]]*{/,/^}/ s/^[[:space:]]*user_friendly_names[[:space:]]*\(no\|0\)/ user_friendly_names yes/' $TMPFILE -+ CHANGED_CONFIG=1 -+ fi -+fi -+ -+if [ -f "$CONFIGFILE" ]; then -+ cp $CONFIGFILE $CONFIGFILE.old -+ if [ $? != 0 ]; then -+ echo "failed to backup old config file, $CONFIGFILE not updated" -+ exit 1 -+ fi -+fi -+ -+cp $TMPFILE $CONFIGFILE -+if [ $? != 0 ]; then -+ echo "failed to copy new config file into place, check $CONFIGFILE is still OK" -+ exit 1 -+fi -+ -+rm -f $TMPFILE -+ -+if [ "$ENABLE" = 1 ]; then -+ if [ "$HAVE_MODULE" = 0 ]; then -+ modprobe dm_multipath -+ fi -+ if [ "$HAVE_MULTIPATHD" = 0 ]; then -+ service multipathd start -+ fi -+elif [ "$ENABLE" = 0 ]; then -+ if [ "$HAVE_MULTIPATHD" = 1 ]; then -+ service multipathd stop -+ fi -+elif [ -n "$CHANGED_CONFIG" -a "$HAVE_MULTIPATHD" = 1 ]; then -+ service multipathd reload -+fi ---- multipath-tools-0.5.0.orig/multipath/mpathconf.8 -+++ multipath-tools-0.5.0/multipath/mpathconf.8 -@@ -0,0 +1,103 @@ -+.TH MPATHCONF 8 "June 2010" "" "Linux Administrator's Manual" -+.SH NAME -+mpathconf - A tool for configuring device-mapper-multipath -+.SH SYNOPSIS -+.B mpathconf -+.RB [\| commands \|] -+.RB [\| options \|] -+.SH DESCRIPTION -+.B mpathconf -+is a utility that creates or modifies -+.B /etc/multipath.conf. -+It can enable or disable multipathing and configure some common options. -+.B mpathconf -+can also load the -+.B dm_multipath -+module, start and stop the -+.B multipathd -+daemon, and configure the -+.B multipathd -+service to start automatically or not. If -+.B mpathconf -+is called with no commands, it will display the current configuration. -+ -+The default options for mpathconf are -+.B --with_module -+The -+.B --with_multipathd -+option is not set by default. Enabling multipathing will load the -+.B dm_multipath -+module but it will not immediately start it. This is so -+that users can manually edit their config file if necessary, before starting -+.B multipathd. -+ -+If -+.B /etc/multipath.conf -+already exists, mpathconf will edit it. If it does not exist, mpathconf will -+use -+.B /usr/share/doc/device-mapper-multipath-0.4.9/multipath.conf -+as the starting file. This file has -+.B user_friendly_names -+set. If this file does not exist, mpathconf will create -+.B /etc/multipath.conf -+from scratch. For most users, this means that -+.B user_friendly_names -+will be set by default, unless they use the -+.B --user_friendly_names n -+command. -+.SH COMMANDS -+.TP -+.B --enable -+Removes any line that blacklists all device nodes from the -+.B /etc/multipath.conf -+blacklist section. -+.TP -+.B --disable -+Adds a line that blacklists all device nodes to the -+.B /etc/multipath.conf -+blacklist section. If no blacklist section exists, it will create one. -+.TP -+.B --user_friendly_name \fP { \fBy\fP | \fBn\fP } -+If set to \fBy\fP, this adds the line -+.B user_friendly_names yes -+to the -+.B /etc/multipath.conf -+defaults section. If set to \fBn\fP, this removes the line, if present. This -+command can be used along with any other command. -+.TP -+.B --find_multipaths\fP { \fBy\fP | \fBn\fP } -+If set to \fBy\fP, this adds the line -+.B find_multipaths yes -+to the -+.B /etc/multipath.conf -+defaults section. If set to \fBn\fP, this removes the line, if present. This -+command can be used aldong with any other command. -+.SH OPTIONS -+.TP -+.B --with_module\fP { \fBy\fP | \fBn\fP } -+If set to \fBy\fP, this runs -+.B modprobe dm_multipath -+to install the multipath modules. This option only works with the -+.B --enable -+command. This option is set to \fBy\fP by default. -+.TP -+.B --with_multipathd { \fBy\fP | \fBn\fP } -+If set to \fBy\fP, this runs -+.B service multipathd start -+to start the multipathd daemon on \fB--enable\fP, -+.B service multipathd stop -+to start the multipathd daemon on \fB--disable\fP, and -+.B service multipathd reload -+to reconfigure multipathd on \fB--user_frindly_names\fP and -+\fB--find_multipaths\fP. -+This option is set to \fBn\fP by default. -+.SH FILES -+.BR /etc/multipath.conf -+.SH "SEE ALSO" -+.BR multipath.conf (5), -+.BR modprobe (8), -+.BR multipath (8), -+.BR multipathd (8), -+.BR service (8), -+.SH AUTHOR -+Benjamin Marzinski diff --git a/sys-fs/multipath-tools/files/fedora/0032-RHBZ-956464-mpathconf-defaults.patch b/sys-fs/multipath-tools/files/fedora/0032-RHBZ-956464-mpathconf-defaults.patch deleted file mode 100644 index d63c32e2a..000000000 --- a/sys-fs/multipath-tools/files/fedora/0032-RHBZ-956464-mpathconf-defaults.patch +++ /dev/null @@ -1,19 +0,0 @@ ---- - multipath/mpathconf | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -Index: multipath-tools-130222/multipath/mpathconf -=================================================================== ---- multipath-tools-130222.orig/multipath/mpathconf -+++ multipath-tools-130222/multipath/mpathconf -@@ -31,8 +31,8 @@ function usage - echo "Commands:" - echo "Enable: --enable " - echo "Disable: --disable" -- echo "Set user_friendly_names (Default n): --user_friendly_names " -- echo "Set find_multipaths (Default n): --find_multipaths " -+ echo "Set user_friendly_names (Default y): --user_friendly_names " -+ echo "Set find_multipaths (Default y): --find_multipaths " - echo "Load the dm-multipath modules on enable (Default y): --with_module " - echo "start/stop/reload multipathd (Default n): --with_multipathd " - echo "" diff --git a/sys-fs/multipath-tools/files/fedora/0034-RHBZ-851416-mpathconf-display.patch b/sys-fs/multipath-tools/files/fedora/0034-RHBZ-851416-mpathconf-display.patch deleted file mode 100644 index e9e00ceb4..000000000 --- a/sys-fs/multipath-tools/files/fedora/0034-RHBZ-851416-mpathconf-display.patch +++ /dev/null @@ -1,53 +0,0 @@ ---- - multipath/mpathconf | 21 +++++++++++++++------ - 1 file changed, 15 insertions(+), 6 deletions(-) - -Index: multipath-tools-130222/multipath/mpathconf -=================================================================== ---- multipath-tools-130222.orig/multipath/mpathconf -+++ multipath-tools-130222/multipath/mpathconf -@@ -159,7 +159,7 @@ if [ -z "$MODULE" -o "$MODULE" = "y" ]; - fi - - if [ "$MULTIPATHD" = "y" ]; then -- if service multipathd status > /dev/null ; then -+ if /bin/systemctl status multipathd.service > /dev/null 2>&1 ; then - HAVE_MULTIPATHD=1 - else - HAVE_MULTIPATHD=0 -@@ -210,8 +210,17 @@ if [ -n "$SHOW_STATUS" ]; then - echo "dm_multipath module is not loaded" - fi - fi -- if [ -n "$HAVE_MULTIPATHD" ]; then -- service multipathd status -+ if [ -z "$HAVE_MULTIPATHD" ]; then -+ if /bin/systemctl status multipathd.service > /dev/null 2>&1 ; then -+ HAVE_MULTIPATHD=1 -+ else -+ HAVE_MULTIPATHD=0 -+ fi -+ fi -+ if [ "$HAVE_MULTIPATHD" = 1 ]; then -+ echo "multipathd is running" -+ else -+ echo "multipathd is not running" - fi - exit 0 - fi -@@ -301,12 +310,12 @@ if [ "$ENABLE" = 1 ]; then - modprobe dm_multipath - fi - if [ "$HAVE_MULTIPATHD" = 0 ]; then -- service multipathd start -+ systemctl start multipathd.service - fi - elif [ "$ENABLE" = 0 ]; then - if [ "$HAVE_MULTIPATHD" = 1 ]; then -- service multipathd stop -+ systemctl stop multipathd.service - fi - elif [ -n "$CHANGED_CONFIG" -a "$HAVE_MULTIPATHD" = 1 ]; then -- service multipathd reload -+ systemctl reload multipathd.service - fi diff --git a/sys-fs/multipath-tools/files/fedora/0078-RHBZ-1054044-fix-mpathconf-manpage.patch b/sys-fs/multipath-tools/files/fedora/0078-RHBZ-1054044-fix-mpathconf-manpage.patch deleted file mode 100644 index b06b4101f..000000000 --- a/sys-fs/multipath-tools/files/fedora/0078-RHBZ-1054044-fix-mpathconf-manpage.patch +++ /dev/null @@ -1,17 +0,0 @@ ---- - multipath/mpathconf.8 | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -Index: multipath-tools-130222/multipath/mpathconf.8 -=================================================================== ---- multipath-tools-130222.orig/multipath/mpathconf.8 -+++ multipath-tools-130222/multipath/mpathconf.8 -@@ -86,7 +86,7 @@ If set to \fBy\fP, this runs - .B service multipathd start - to start the multipathd daemon on \fB--enable\fP, - .B service multipathd stop --to start the multipathd daemon on \fB--disable\fP, and -+to stop the multipathd daemon on \fB--disable\fP, and - .B service multipathd reload - to reconfigure multipathd on \fB--user_frindly_names\fP and - \fB--find_multipaths\fP. diff --git a/sys-fs/multipath-tools/files/fedora/0102-RHBZ-1160478-mpathconf-template.patch b/sys-fs/multipath-tools/files/fedora/0102-RHBZ-1160478-mpathconf-template.patch deleted file mode 100644 index 3c0e44346..000000000 --- a/sys-fs/multipath-tools/files/fedora/0102-RHBZ-1160478-mpathconf-template.patch +++ /dev/null @@ -1,52 +0,0 @@ ---- - multipath/mpathconf | 26 ++++++++++++++++++++------ - 1 file changed, 20 insertions(+), 6 deletions(-) - -Index: multipath-tools-130222/multipath/mpathconf -=================================================================== ---- multipath-tools-130222.orig/multipath/mpathconf -+++ multipath-tools-130222/multipath/mpathconf -@@ -19,10 +19,27 @@ - - unset ENABLE FIND FRIENDLY MODULE MULTIPATHD HAVE_DISABLE HAVE_FIND HAVE_BLACKLIST HAVE_DEFAULTS HAVE_FRIENDLY HAVE_MULTIPATHD HAVE_MODULE SHOW_STATUS CHANGED_CONFIG - --DEFAULT_CONFIGFILE="/usr/share/doc/device-mapper-multipath-0.4.9/multipath.conf" -+DEFAULT_CONFIG="# device-mapper-multipath configuration file -+ -+# For a complete list of the default configuration values, run either: -+# # multipath -t -+# or -+# # multipathd show config -+ -+# For a list of configuration options with descriptions, see the -+# multipath.conf man page. -+ -+# For an example configuration file, see: -+# /user/share/doc/device-mapper-multipath/multipath.conf -+ -+defaults { -+ user_friendly_names yes -+ find_multipaths yes -+}" -+ - CONFIGFILE="/etc/multipath.conf" - MULTIPATHDIR="/etc/multipath" --TMPFILE=/etc/multipath/.multipath.conf.tmp -+TMPFILE="/etc/multipath/.multipath.conf.tmp" - - function usage - { -@@ -134,12 +151,9 @@ if [ ! -d "$MULTIPATHDIR" ]; then - fi - - rm $TMPFILE 2> /dev/null -+echo "$DEFAULT_CONFIG" > $TMPFILE - if [ -f "$CONFIGFILE" ]; then - cp $CONFIGFILE $TMPFILE --elif [ -f "$DEFAULT_CONFIGFILE" ]; then -- cp $DEFAULT_CONFIGFILE $TMPFILE --else -- touch $TMPFILE - fi - - if grep -q "^blacklist[[:space:]]*{" $TMPFILE ; then diff --git a/sys-fs/multipath-tools/files/multipath-tools-0.5.0-makefile.patch b/sys-fs/multipath-tools/files/multipath-tools-0.5.0-makefile.patch deleted file mode 100644 index 691b13873..000000000 --- a/sys-fs/multipath-tools/files/multipath-tools-0.5.0-makefile.patch +++ /dev/null @@ -1,200 +0,0 @@ ---- multipath-tools-0.5.0/kpartx/Makefile -+++ multipath-tools-0.5.0/kpartx/Makefile -@@ -12,7 +12,7 @@ - CFLAGS += -DLIBDM_API_COOKIE - endif - --LDFLAGS = -ldevmapper -+LIBS = -ldevmapper - OBJS = bsd.o dos.o kpartx.o solaris.o unixware.o dasd.o sun.o \ - gpt.o mac.o ps3.o crc32.o lopart.o xstrncpy.o devmapper.o - EXEC = kpartx -@@ -20,8 +20,7 @@ - all: $(EXEC) - - $(EXEC): $(OBJS) -- $(CC) $(OBJS) -o $(EXEC) $(LDFLAGS) -- $(GZIP) $(EXEC).8 > $(EXEC).8.gz -+ $(CC) $(CFLAGS) $(LDFLAGS) $(OBJS) $(LIBS) -o $(EXEC) - - install: $(EXEC) $(EXEC).8 - $(INSTALL_PROGRAM) -d $(DESTDIR)$(bindir) -@@ -29,14 +28,15 @@ - $(INSTALL_PROGRAM) -d $(DESTDIR)$(libudevdir) - $(INSTALL_PROGRAM) -m 755 kpartx_id $(DESTDIR)$(libudevdir) - $(INSTALL_PROGRAM) -d $(DESTDIR)/etc/udev/rules.d -- $(INSTALL_PROGRAM) -m 644 kpartx.rules $(DESTDIR)/etc/udev/rules.d/ -+ $(INSTALL_PROGRAM) -m 644 kpartx.rules $(DESTDIR)/etc/udev/rules.d/66-kpartx.rules - $(INSTALL_PROGRAM) -d $(DESTDIR)$(mandir) -- $(INSTALL_PROGRAM) -m 644 $(EXEC).8.gz $(DESTDIR)$(mandir) -+ $(INSTALL_PROGRAM) -m 644 $(EXEC).8 $(DESTDIR)$(mandir) - - uninstall: - rm -f $(DESTDIR)$(bindir)/$(EXEC) -- rm -f $(DESTDIR)$(mandir)/$(EXEC).8.gz -+ rm -f $(DESTDIR)$(mandir)/$(EXEC).8 - rm -f $(DESTDIR)$(libudevdir)/kpartx_id -+ rm -f $(DESTDIR)/etc/udev/rules.d/66-kpartx.rules - - clean: -- rm -f core *.o $(EXEC) *.gz -+ rm -f core *.o $(EXEC) ---- multipath-tools-0.5.0/libmpathpersist/Makefile -+++ multipath-tools-0.5.0/libmpathpersist/Makefile -@@ -22,8 +22,6 @@ - $(CC) -Wall -fPIC -c $(CFLAGS) *.c - $(CC) -shared $(LIBDEPS) -Wl,-soname=$@ $(CFLAGS) -o $@ $(OBJS) - ln -s $(LIBS) $(DEVLIB) -- $(GZIP) mpath_persistent_reserve_in.3 > mpath_persistent_reserve_in.3.gz -- $(GZIP) mpath_persistent_reserve_out.3 > mpath_persistent_reserve_out.3.gz - - install: $(LIBS) - $(INSTALL_PROGRAM) -d $(DESTDIR)$(syslibdir) -@@ -31,19 +29,17 @@ - $(INSTALL_PROGRAM) -m 755 -d $(DESTDIR)$(syslibdir) - $(INSTALL_PROGRAM) -m 755 -d $(DESTDIR)$(man3dir) - $(INSTALL_PROGRAM) -m 755 -d $(DESTDIR)/usr/include/ -- $(INSTALL_PROGRAM) -m 755 -d $(DESTDIR)/usr/share/doc/mpathpersist/ -- ln -sf $(DESTDIR)$(syslibdir)/$(LIBS) $(DESTDIR)$(syslibdir)/$(DEVLIB) -- install -m 644 mpath_persistent_reserve_in.3.gz $(DESTDIR)$(man3dir) -- install -m 644 mpath_persistent_reserve_out.3.gz $(DESTDIR)$(man3dir) -- install -m 644 mpath_persist.h $(DESTDIR)/usr/include/ -+ $(INSTALL_PROGRAM) -m 644 mpath_persistent_reserve_in.3 $(DESTDIR)$(man3dir) -+ $(INSTALL_PROGRAM) -m 644 mpath_persistent_reserve_out.3 $(DESTDIR)$(man3dir) -+ $(INSTALL_PROGRAM) -m 644 mpath_persist.h $(DESTDIR)/usr/include/ - - uninstall: - rm -f $(DESTDIR)$(syslibdir)/$(LIBS) -- rm $(DESTDIR)$(mandir)/mpath_persistent_reserve_in.3.gz -- rm $(DESTDIR)$(mandir)/mpath_persistent_reserve_out.3.gz -+ rm $(DESTDIR)$(mandir)/mpath_persistent_reserve_in.3 -+ rm $(DESTDIR)$(mandir)/mpath_persistent_reserve_out.3 - - clean: - rm -f core *.a *.o - rm -f libmpathpersist.so.0 - rm -f libmpathpersist.so -- rm -f mpath_persistent_reserve_in.3.gz mpath_persistent_reserve_out.3.gz -+ rm -f mpath_persistent_reserve_in.3 mpath_persistent_reserve_out.3 ---- multipath-tools-0.5.0/Makefile.inc -+++ multipath-tools-0.5.0/Makefile.inc -@@ -48,8 +48,8 @@ - RPM_OPT_FLAGS = -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 - endif - --OPTFLAGS = $(RPM_OPT_FLAGS) -Wunused -Wstrict-prototypes --CFLAGS = $(OPTFLAGS) -fPIC -DLIB_STRING=\"${LIB}\" -+OPTFLAGS = -Wall -Wunused -Wstrict-prototypes -+CFLAGS += $(OPTFLAGS) -fPIC -DLIB_STRING=\"${LIB}\" - SHARED_FLAGS = -shared - - %.o: %.c ---- multipath-tools-0.5.0/mpathpersist/Makefile -+++ multipath-tools-0.5.0/mpathpersist/Makefile -@@ -13,18 +13,17 @@ - - $(EXEC): $(OBJS) - $(CC) -g $(OBJS) -o $(EXEC) $(LDFLAGS) $(CFLAGS) -- $(GZIP) $(EXEC).8 > $(EXEC).8.gz - - install: - install -d $(DESTDIR)$(bindir) - install -m 755 $(EXEC) $(DESTDIR)$(bindir)/ - install -d $(DESTDIR)$(mandir) -- install -m 644 $(EXEC).8.gz $(DESTDIR)$(mandir) -+ install -m 644 $(EXEC).8 $(DESTDIR)$(mandir) - - clean: - rm -f *.o $(EXEC) -- rm -f mpathpersist.8.gz -+ rm -f mpathpersist.8 - - uninstall: - rm $(DESTDIR)$(bindir)/$(EXEC) -- rm $(DESTDIR)$(mandir)/$(EXEC).8.gz -+ rm $(DESTDIR)$(mandir)/$(EXEC).8 ---- multipath-tools-0.5.0/multipath/Makefile -+++ multipath-tools-0.5.0/multipath/Makefile -@@ -7,29 +7,27 @@ - OBJS = main.o - - CFLAGS += -I$(multipathdir) --LDFLAGS += -lpthread -ldevmapper -ldl -L$(multipathdir) -lmultipath -ludev -+LIBS += -lpthread -ldevmapper -ldl -L$(multipathdir) -lmultipath -ludev - - EXEC = multipath - - all: $(EXEC) - - $(EXEC): $(OBJS) -- $(CC) $(CFLAGS) $(OBJS) -o $(EXEC) $(LDFLAGS) -- $(GZIP) $(EXEC).8 > $(EXEC).8.gz -- $(GZIP) $(EXEC).conf.5 > $(EXEC).conf.5.gz -+ $(CC) $(CFLAGS) $(LDFLAGS) $(OBJS) $(LIBS) -o $(EXEC) - - install: - $(INSTALL_PROGRAM) -d $(DESTDIR)$(bindir) - $(INSTALL_PROGRAM) -m 755 $(EXEC) $(DESTDIR)$(bindir)/ - $(INSTALL_PROGRAM) -d $(DESTDIR)$(mandir) -- $(INSTALL_PROGRAM) -m 644 $(EXEC).8.gz $(DESTDIR)$(mandir) -+ $(INSTALL_PROGRAM) -m 644 $(EXEC).8 $(DESTDIR)$(mandir) - $(INSTALL_PROGRAM) -d $(DESTDIR)$(man5dir) -- $(INSTALL_PROGRAM) -m 644 $(EXEC).conf.5.gz $(DESTDIR)$(man5dir) -+ $(INSTALL_PROGRAM) -m 644 $(EXEC).conf.5 $(DESTDIR)$(man5dir) - - uninstall: - rm $(DESTDIR)$(bindir)/$(EXEC) -- rm $(DESTDIR)$(mandir)/$(EXEC).8.gz -- rm $(DESTDIR)$(man5dir)/$(EXEC).conf.5.gz -+ rm $(DESTDIR)$(mandir)/$(EXEC).8 -+ rm $(DESTDIR)$(man5dir)/$(EXEC).conf.5 - - clean: -- rm -f core *.o $(EXEC) *.gz -+ rm -f core *.o $(EXEC) ---- multipath-tools-0.5.0/multipathd/Makefile -+++ multipath-tools-0.5.0/multipathd/Makefile -@@ -9,11 +9,11 @@ - ifdef SYSTEMD - CFLAGS += -DUSE_SYSTEMD=$(SYSTEMD) - endif --LDFLAGS += -lpthread -ldevmapper -lreadline -+LIBS += -lpthread -ldevmapper -lreadline - ifdef SYSTEMD -- LDFLAGS += -lsystemd-daemon -+ LIBS += -lsystemd-daemon - endif --LDFLAGS += -ludev -ldl \ -+LIBS += -ludev -ldl \ - -L$(multipathdir) -lmultipath -L$(mpathpersistdir) -lmpathpersist - - # -@@ -35,8 +35,7 @@ - all : $(EXEC) - - $(EXEC): $(OBJS) -- $(CC) $(CFLAGS) $(OBJS) $(LDFLAGS) -o $(EXEC) -- $(GZIP) $(EXEC).8 > $(EXEC).8.gz -+ $(CC) $(CFLAGS) $(LDFLAGS) $(OBJS) $(LIBS) -o $(EXEC) - - install: - $(INSTALL_PROGRAM) -d $(DESTDIR)$(bindir) -@@ -48,15 +47,15 @@ - $(INSTALL_PROGRAM) -m 644 $(EXEC).socket $(DESTDIR)$(unitdir) - endif - $(INSTALL_PROGRAM) -d $(DESTDIR)$(mandir) -- $(INSTALL_PROGRAM) -m 644 $(EXEC).8.gz $(DESTDIR)$(mandir) -+ $(INSTALL_PROGRAM) -m 644 $(EXEC).8 $(DESTDIR)$(mandir) - - uninstall: - rm -f $(DESTDIR)$(bindir)/$(EXEC) - rm -f $(DESTDIR)$(rcdir)/$(EXEC) -- rm -f $(DESTDIR)$(mandir)/$(EXEC).8.gz -+ rm -f $(DESTDIR)$(mandir)/$(EXEC).8 - rm -f $(DESTDIR)$(unitdir)/$(EXEC).service - rm -f $(DESTDIR)$(unitdir)/$(EXEC).socket - - clean: -- rm -f core *.o $(EXEC) *.gz -+ rm -f core *.o $(EXEC) - diff --git a/sys-fs/multipath-tools/files/multipath-tools-0.5.0-systemd-pkgconfig.patch b/sys-fs/multipath-tools/files/multipath-tools-0.5.0-systemd-pkgconfig.patch deleted file mode 100644 index d75f84136..000000000 --- a/sys-fs/multipath-tools/files/multipath-tools-0.5.0-systemd-pkgconfig.patch +++ /dev/null @@ -1,24 +0,0 @@ -diff -ru multipath-tools-0.5.0/libmultipath/Makefile multipath-tools-0.5.0-modified/libmultipath/Makefile ---- multipath-tools-0.5.0/libmultipath/Makefile 2013-12-17 22:40:41.000000000 +0100 -+++ multipath-tools-0.5.0-modified/libmultipath/Makefile 2014-03-07 04:03:45.963309627 +0100 -@@ -9,7 +9,7 @@ - LIBS = $(DEVLIB).$(SONAME) - LIBDEPS = -lpthread -ldl -ldevmapper -ludev - ifdef SYSTEMD -- LIBDEPS += -lsystemd-daemon -+ LIBDEPS += $(shell pkg-config --libs libsystemd 2>/dev/null || pkg-config --libs libsystemd-daemon 2>/dev/null) - endif - - OBJS = memory.o parser.o vector.o devmapper.o callout.o \ -diff -ru multipath-tools-0.5.0/multipathd/Makefile multipath-tools-0.5.0-modified/multipathd/Makefile ---- multipath-tools-0.5.0/multipathd/Makefile 2014-03-07 04:05:09.340307633 +0100 -+++ multipath-tools-0.5.0-modified/multipathd/Makefile 2014-03-07 04:04:03.555309206 +0100 -@@ -11,7 +11,7 @@ - endif - LIBS += -lpthread -ldevmapper -lreadline - ifdef SYSTEMD -- LIBS += -lsystemd-daemon -+ LIBS += $(shell pkg-config --libs libsystemd 2>/dev/null || pkg-config --libs libsystemd-daemon 2>/dev/null) - endif - LIBS += -ludev -ldl \ - -L$(multipathdir) -lmultipath -L$(mpathpersistdir) -lmpathpersist diff --git a/sys-fs/multipath-tools/files/multipath.rc b/sys-fs/multipath-tools/files/multipath.rc deleted file mode 100644 index 68f8d5edb..000000000 --- a/sys-fs/multipath-tools/files/multipath.rc +++ /dev/null @@ -1,27 +0,0 @@ -#!/sbin/openrc-run -# Copyright 1999-2011 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 -# $Id$ - -depend() { - before checkfs fsck multipathd lvm - after modules device-mapper -} - -start() { - if ! grep -qs device-mapper /proc/devices /proc/misc ; then - [ -e /proc/modules ] && modprobe -q dm-mod - fi - - ebegin "Activating Multipath devices" - multipath -v0 >/dev/null - eend $? -} - -stop() { - ebegin "Shutting down Multipath devices" - multipath -v0 -F >/dev/null - eend $? -} - -# vim:ts=4 diff --git a/sys-fs/multipath-tools/files/rc-multipathd b/sys-fs/multipath-tools/files/rc-multipathd deleted file mode 100644 index aba0c2462..000000000 --- a/sys-fs/multipath-tools/files/rc-multipathd +++ /dev/null @@ -1,21 +0,0 @@ -#!/sbin/openrc-run -# Copyright 1999-2006 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 -# $Id$ - -depend() { - need localmount - after modules -} - -start() { - ebegin "Starting multipathd" - start-stop-daemon --start --quiet --exec /sbin/multipathd - eend $? -} - -stop() { - ebegin "Stopping multipathd" - start-stop-daemon --stop --quiet --pidfile /var/run/multipathd.pid - eend $? -} diff --git a/sys-fs/multipath-tools/metadata.xml b/sys-fs/multipath-tools/metadata.xml deleted file mode 100644 index 56c124413..000000000 --- a/sys-fs/multipath-tools/metadata.xml +++ /dev/null @@ -1,8 +0,0 @@ - - - - - base-system@gentoo.org - Gentoo Base System - - diff --git a/sys-fs/multipath-tools/multipath-tools-0.5.0-r99.ebuild b/sys-fs/multipath-tools/multipath-tools-0.5.0-r99.ebuild deleted file mode 100644 index 38e7124a7..000000000 --- a/sys-fs/multipath-tools/multipath-tools-0.5.0-r99.ebuild +++ /dev/null @@ -1,83 +0,0 @@ -# Copyright 1999-2014 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 - -EAPI=4 -inherit eutils systemd toolchain-funcs udev - -DESCRIPTION="Device mapper target autoconfig" -HOMEPAGE="http://christophe.varoqui.free.fr/" -SRC_URI="http://christophe.varoqui.free.fr/${PN}/${P}.tar.bz2" - -LICENSE="GPL-2" -SLOT="0" -KEYWORDS="~alpha amd64 ~arm ~arm64 ~ia64 ppc ppc64 ~sparc x86" -IUSE="systemd" - -RDEPEND=">=sys-fs/lvm2-2.02.45 - >=virtual/udev-171 - dev-libs/libaio - sys-libs/readline - systemd? ( sys-apps/systemd )" -DEPEND="${RDEPEND} - virtual/pkgconfig" - -src_prepare() { - epatch "${FILESDIR}"/${P}-makefile.patch - epatch "${FILESDIR}"/${P}-systemd-pkgconfig.patch - - # Anaconda 22 (Sabayon installer) patches. - local fedoradir="${FILESDIR}/fedora" - local fedora_patches=( - "0001-RH-dont_start_with_no_config.patch" - "0002-RH-multipath.rules.patch" - "0004-RH-multipathd-blacklist-all-by-default.patch" - "0005-RH-add-mpathconf.patch" - "0032-RHBZ-956464-mpathconf-defaults.patch" - "0034-RHBZ-851416-mpathconf-display.patch" - "0078-RHBZ-1054044-fix-mpathconf-manpage.patch" - "0102-RHBZ-1160478-mpathconf-template.patch" - ) - for p in "${fedora_patches[@]}"; do - epatch "${fedoradir}/${p}" - done - - epatch_user -} - -src_compile() { - # LIBDM_API_FLUSH involves grepping files in /usr/include, - # so force the test to go the way we want #411337. - emake LIBDM_API_FLUSH=1 CC="$(tc-getCC)" SYSTEMD=$(usex systemd 1 "") -} - -src_install() { - local udevdir="$(get_udevdir)" - - dodir /sbin /usr/share/man/man8 - emake \ - DESTDIR="${D}" \ - SYSTEMD=$(usex systemd 1 "") \ - unitdir="$(systemd_get_unitdir)" \ - libudevdir='${prefix}'/"${udevdir}" \ - install - - insinto /etc - newins "${S}"/multipath.conf.annotated multipath.conf - # /etc/udev is reserved for user modified rules! - mv "${D}"/etc/udev/rules.d/* "${D}/${udevdir}"/rules.d/ || die - dodir /etc/multipath # fedora: this must exist - fperms 644 "${udevdir}"/rules.d/66-kpartx.rules - newinitd "${FILESDIR}"/rc-multipathd multipathd - newinitd "${FILESDIR}"/multipath.rc multipath - - dodoc multipath.conf.* AUTHOR ChangeLog FAQ - docinto kpartx - dodoc kpartx/ChangeLog kpartx/README -} - -pkg_postinst() { - if [[ -z ${REPLACING_VERSIONS} ]]; then - elog "If you need multipath on your system, you must" - elog "add 'multipath' into your boot runlevel!" - fi -} diff --git a/www-client/firefox/Manifest b/www-client/firefox/Manifest deleted file mode 100644 index 0dcfc63bd..000000000 --- a/www-client/firefox/Manifest +++ /dev/null @@ -1,93 +0,0 @@ -DIST firefox-78.0-patches-05.tar.xz 31096 BLAKE2B 83915ede6e9dc2241f6c72eb41f1ba9e26d70cb1f968bc6f3506aa4596d282f6c9a433ce5151c1e0e69dc8343bcd17ed517db5ad5990f744362cc80c50154886 SHA512 4cc967dbdd0c76000ce565d85064884b7040e1f50fba830203256d06a6ee1f8004f4e64682b98fbfb5580254d67e8984b19ec34cee2c3d85190a8f214b05afa2 -DIST firefox-78.0.2-ach.xpi 500654 BLAKE2B bf3fef912634343b67525a5e7c9c0d655ed4a29ed18d526d4a700e84051e7bf44f2198dfdefd1f2bfcf988fd28473737fd268fbbf8b2fb6dce1c513e2d28c18e SHA512 56d25bb5a42959516ef75eb7f6d04f20dc003de69febea872706a4ae1d48115ba42ea678c84f9cf8685cda12268475916337fded23498bdf90eafbbafb553fcd -DIST firefox-78.0.2-af.xpi 444068 BLAKE2B a152864485b8d31194851de9360c8665ff0ee67c0c2e20aa685249c9bcda4ba066dfb1c0974586adead9e4cabdd3f8866ed4f5120955bc830229738cfd38addc SHA512 5016b0f236f9b1943409dd50c562235cb742eec78957eeda5bb6d154ba7c901d97342ae91fbebf7f0d5615ea6a311deaa23bd5a45fd24159c3fc3c58216b3aa2 -DIST firefox-78.0.2-an.xpi 511452 BLAKE2B 7aab5c2295d471d1c8c349286f7c9d3adb36c19feee3e2833916f9c283c5e0a168ab82846ff07c18aee3cd9ada3815db932e7e2bbd6b05dc19e4563239854beb SHA512 de59618a6761cb4961ffc215b159eb1a104d17f995e471b7ffe6051143ec8617ed8d0e884ae80d9465985483d2e63ec650346a2daee3733d97a6620133ccc274 -DIST firefox-78.0.2-ar.xpi 588704 BLAKE2B ad32738e1367a0352d9d4005d4ae7fc3cf30ad75c0d921dbe058b522d25294e6d1261d54be1068afcbec3726dd3f1d4f3c1f1b16c28f528aa22668b87ec23cf6 SHA512 a59080b98b5ec91a3b887b3756653a3ef291489cb55c5e9b26e76cafc5f95e1f64724fdf9e7a120ae65a9bfabcc93553ce4ed88e0755c87ec261d789034e2952 -DIST firefox-78.0.2-ast.xpi 500545 BLAKE2B 3d9ef360d8f344a2bf5c3af560d400d1ebd4aed0d5588c7e2249be886cce23b5cc8a62abd731841c10ec4766d8c76473edb08b11fd83d8f8b345390e7ef1963d SHA512 30b5192cd7d4e4ab4de8fd60429ce69d402dbd7cb698c29c9d3e30ce3fb68d0e4798c3ec472b279d334d93937eddd5f2e55769f08a35a773ce06cd134037e403 -DIST firefox-78.0.2-az.xpi 537587 BLAKE2B ed9ad6093f5921c74d1dc32447074aceab2f730c7daa9cc96e71daca75ed622386f51f4a998d22bf404483d722bb93603f11cc38fdcfb5a6208f7f7b6d6ead8d SHA512 3e1025ba841b8337cd2315c0e50d3f3557e574a1238deaf8d6971a9280e36c76eb27b3548e6e61c8c6a201346b38d1bff6c1c2fde5d85dd4c33d67c79e649eec -DIST firefox-78.0.2-be.xpi 647660 BLAKE2B 94cba38257d7134d6e90458d5a9c0743904d03aa9fe2587f26ec1cb4de6aee210a231e68fcf9dd16168fe0a4937363eafc83775b62f4f0178e2ef5ce5e0ed3d0 SHA512 ebc88638d682980a33d700cdc5847738dde59b4b0c52e2bb2bd1d707b2a75082fa0252d56f97079db2230bfd6951c237724cda4d856ead64c5adf25fff78eaca -DIST firefox-78.0.2-bg.xpi 608528 BLAKE2B faeff122e24a31da06908b608bbe34687bf86914eeb919edfffb474d01a51b521018f7be1d861e6e6f39b4d1cbcf82f564d04c443bc13c10124ab5fcb0901e7c SHA512 831c99c9740970c65c28b722d52e46ff170650a0e960289e3595930a1d6b528678115f2361a7616d788047e7d6946a3720f4b7d00ce4dfa1709298b95011ebfe -DIST firefox-78.0.2-bn.xpi 634051 BLAKE2B 771e24876f879dbc9dffd865e88531ea1859d6e1dc934c9c8ce42265ac83287f703d18851c90093813c5851cf5be96dd223242b86ce7e1f67781ea8d285f8058 SHA512 1ac4ac6fc9ef06b5ee2e1e5b44ee219130d83ab01e9c5c3bc24e23ad14bfd325c4dc499d5546da2b09ab9b646f9e32b0e60944086cb3f7f9ad514d760014f5fd -DIST firefox-78.0.2-br.xpi 551260 BLAKE2B f0b294801629c30396066fc4ec18828bde623d00149f3325d3d5e79e51976d5ef5e8d3b2d1bba972afd76211b0b20128594df20f807435b52f8ed6bb54b81fb4 SHA512 45cb812e6e99bc9072e0a5485e7c896a4de93c5b43ca2fccc06c16ab1b13adb31814698bd95da9379f02322cf54e440419b161e02f8757e21a94198cec972bb1 -DIST firefox-78.0.2-bs.xpi 506403 BLAKE2B 68c341502fcbe46b2e18cb6e1265100eef7c0a9ea7b4b3af0f10e88a748dee3a3048bdd5cdcac6049de9026e2617e17b2ca98afba6c96681fc927224fb8335ee SHA512 cda85620feaa917b5da0aad97c9224d374cfcb2586c6dd8328fd15ebba5ef34f42dc3b12e565497784c97d369865d717a4541bbd8e2b7ec838cee67a96cec5ba -DIST firefox-78.0.2-ca.xpi 552876 BLAKE2B c303bf42c811e9342443bee4f8554fd6545e423d809e2108b26fcb3ec67ffaab1906f4b7c3e8f6d3d97386726bcb6bd62fce1d2c924eeb5d32d221f18b4616dd SHA512 efd8f86b2d32212acaa8078afdb414b921539245d89c38d0e149bde028e77fa3de8b0407f86858b1a4c04bbb5dc1b11547640e2d6564a0265cec8c0c536fd93c -DIST firefox-78.0.2-cak.xpi 584936 BLAKE2B 96aff08f88471dad243324a89be76275efb77e4acb0ef928aa0610f9b073a290f78cb809ddb8c67232a1f6e3c4cf156506fad4e48194dbf16450b883b94757ee SHA512 1201d00af5a9e929fb805781b833937526ad82f526355ba90f5b808306a1d164984446215610e40d1224da96c8ce96ace5e4abbad1cc0b33d362eea78dbcc47a -DIST firefox-78.0.2-cs.xpi 585532 BLAKE2B 24d98e1f78a55e10bba9164469c69b559ec1173702d06f3f74475ef35ec09f7b2acfa2dc17bd94c76a3704c1a503e20272bf1d7060ce61f26b84ec98d97988c3 SHA512 59f324ff33fd2aec7380450a1486f6cc68f1043038911ea0e643dc1eea8fb5298f93dec84f9ef2a144a3d1564b2dd1d90c0bbec3cdb89cf15c442523c3b619f3 -DIST firefox-78.0.2-cy.xpi 563238 BLAKE2B 751eceac9a46898953237bb3b454b6f9b0dc3aa69026184f81d4708e0fa8bb9ab1a5b42b3ee955defbc99677347597925ed60066f80ec50e453bd0ace4bbf03f SHA512 506f17cdd27d07a1b0179d67d14f0f1d5cb04e99e9141b5de32305924dc1e51de7f9f60a2ddbf1d6c5398554fc90eb057728b1914367e3a7409320bff09e043c -DIST firefox-78.0.2-da.xpi 552310 BLAKE2B 89aee395a0c361920593bf3cd64c373d51bde5bb2dfc004ff11ff36a8d0f294e78d0e5bd3cd722d328d118e7337a5ee4ac815a3d6436ea5a57d415f995bfdba0 SHA512 1186aed12d1d5e6fa7578265dd20d0feeceb828ec8086f792c0c26a1b41c15755ca843a279d3e89719cb1a0255b339436c2b3448c38e726e3a10bd3847798830 -DIST firefox-78.0.2-de.xpi 576941 BLAKE2B 740e753f229591cdc43ea2eb2540d97fd73007a125a567c1a45c488747cb81ce1ecf08d1004c2e8077e39e3af97b45d00d524133d3f833276c933ce47036ea3d SHA512 5aea079772ff90cb251438e9f81de49b982d4faa967003d5c275984764f2b5622ea10fbd78a4950aeae1192efc418c2811a8208cdb90691e187704624ca82270 -DIST firefox-78.0.2-dsb.xpi 589026 BLAKE2B 863f6121517ba0b67ee302fbc10a6484e6bd1c12c7ec1363884dd149b83eeab534c8568c41f38c0c1ad3c5e2c632151bb2cede2a6a17295ffa98dd056067187f SHA512 70fe776e536d5af95d33b43bd56037be7d3905580ae26326a7235e2f7b9a2c9a9453d3bf2275852a4eda17397715448740fa84b49a1d3efaa4501bc8ae089179 -DIST firefox-78.0.2-el.xpi 665908 BLAKE2B 39045be9285e56e266de62a4e236789608cf8d72ecb25b54882a53e2f1ef63fc8eedaececed828f37cde68475ec98504eced6eaa274019eaaf8b33144bf4e81a SHA512 06a7b514a982cbfcbedf011bec5d964fffeb3c8257a2f59b0707b1793a818ac141cca48ae8f4cc00a02801012b4aca0e805b8a63b21b715b11cd2bf62c764cc5 -DIST firefox-78.0.2-en-CA.xpi 531414 BLAKE2B ca255e92547ea23cf073f8ccab14118a143bd5bde95d4e45392c6b10a5c155e690829afa049ce0ccce5d7bd32ac150113dc1c06bd03a0428130be7f67beb6dab SHA512 0e5fcb1ebdf4ee4eb8b66d7f8e778eedf3347e99cda6e2e7a822ad305cbefabba1306d9b2d363f2d3ca3eed8f29629a77472b0cafd960e7a33265c8a6ef5ae3e -DIST firefox-78.0.2-en-GB.xpi 531200 BLAKE2B aee748ec0373c527836bb102378e32f500b9f4e10e3f8af86d61c8f2add4c00a948bd5a4814e7bfde010a7aecaf28e48fd28401a8bf40ed593f547c171e425b6 SHA512 193685743085bfcc648e23f282386d8076f5dd374546304db32299c0dedf103b452a20ffd9f2e684868060474f6f8db66a053dfb5feec6d244e0a8a7ca42f83d -DIST firefox-78.0.2-eo.xpi 558624 BLAKE2B 5408b11170083a2df48b5dc46da823ad8bad3b715486297884e4015644c81782569b4630ed689f82597d0eba12ce27149b786c05291f5afb45f45e3d7224db26 SHA512 21a313af6d8667e75593a15f24b09a0ae8e86381a03c8e62a026e2e3dd7b39879d9aa964859ac555cdb4ff3bdf77d7cd62b8086b0f6a2cf84d5610af924851eb -DIST firefox-78.0.2-es-AR.xpi 568400 BLAKE2B 9a6a1ccac9cd2860ff190bfa1bb489faf15f544229db58901e365df7ab2a1722ac2b2e9c8accb361fa5e5f498d88f078f554344a873adc2ad7a7909f5430d462 SHA512 ce789af837d6fdef6b52bd63f7421f8c705edc4b29d7e7725c765caa6478c7f66f013a8fea8546df03f5009702f5984f6a380b8ead4faad4f72a1a22d3de7846 -DIST firefox-78.0.2-es-CL.xpi 567594 BLAKE2B 8a0a9b6e505934da7585af91911a1baf340624fe479e26e7150d6d4982041e9dc0380bdf68cbd771967fc258df8dacccbbc888928e7901a9af5db5096228e76f SHA512 b5cf4dddda9cadf361d9d921612d4d3a0fae200d345dab2be4bc2d9e7db88b782369cf2017d7ac9b0e67731629322fb8d34e760c400aeee91ce63e6418cb858b -DIST firefox-78.0.2-es-ES.xpi 551510 BLAKE2B 8692a853c97731e8a0922a24b4b6a330232237a1377d615230e1c6ed9efe639a052561190a354515a9e29e881df4d71f739f75db866dab4837b1988953f41115 SHA512 66ed66bae2ca78cb48058fcd160b56a72e0249141ad5503f460be1f2eb71db25a8b1100e2a98961d51b3c8d5ee4a4dcad92726121fe2ebde539eb39f45b803aa -DIST firefox-78.0.2-es-MX.xpi 569783 BLAKE2B b9732c562722821a5c4315f8cc73d01966a7a53fce60c68fb0369fdc26a8f72f43794bcc114c2c117e92fa3b7d87d0931dd7e2577b15bacddff66cca14d623f5 SHA512 2fc5d3d149798ef26ac06fd4f5b24a006d1820c3f955b7b1611fd1db1884e27b58edd2c6c9dd497a236d34e40f5746365a8f23ded196e666bd43e730e8f1c895 -DIST firefox-78.0.2-et.xpi 535625 BLAKE2B e03a9aba686730a6b7bd99793a73fa57091327dc4a501b089336cee7e225aa2ac9309d2473f548f05a7d9d1f0773be905b25f7581cd65ca926b31ad53f7308a1 SHA512 1eb284ba0724d10e560532bce88736055139cd5bc2216b00e46b22ceaa7712d7480facd256051a1db2cdb02e70234f2dba0528e872e74bd22c850a927e5f04f0 -DIST firefox-78.0.2-eu.xpi 556806 BLAKE2B c369e66a2346ca648cc12ee7cd295edebf2ffb2339e49aa171c4226c0bd7f6b4ae9a6ae366b0421a5bee9d7efdd4c2d0cd5dc511afbe889615aae21864726851 SHA512 e65dbe91cbf945cfc52a76056eee872377d3348c899b07019b052c719c4baec0b9b1eecb84ccd4144cb62fdc24678f37e6d4ed2af36de370238d8d8aa9d02b71 -DIST firefox-78.0.2-fa.xpi 593505 BLAKE2B 1ade6b88b0d490c65b2681af3872357659567365e471a85231acfc65d0410a0635890ef7fcbba18f24e8e7892ee26c53053a3c19a159e380a4f324936bbbbca5 SHA512 3e4579f4d967daf23174471dc56e2e0da0273cf9379762c5a93d58e26e3a67add825ec8b2cd56be87368f2cb5160fad9bf7b351af134f2c31df95ad40ec5b6d6 -DIST firefox-78.0.2-ff.xpi 531570 BLAKE2B 2a36f227bd161f1fcb7687aacd0e0d5580437157cadc312f9bc960644821b3d8af76cfa5553c3af1074d4e568eab345dbe5cb87f5a810c945d8f8808892a5148 SHA512 b6e1a5c0d79b38527e1c6bc07d10c27aab295da1f4537dba24a8caa98aea78a1e2c865600d3cdf64c4f0bc47fc2c2a401c99bd2123c6fafcfbcb4ed3036d8287 -DIST firefox-78.0.2-fi.xpi 554032 BLAKE2B cef6e2c318e4f28fe23f2ef3407da2778f123c709a3db96cc745e4c6d056d34755193c8b22a6c477ef914e38b0603a34e7b22142bef5a533cbd87e95aa653b1e SHA512 006ad38ce02fdee352399a36db99be98fba454f5c283b02c522438a49837a9eb1d3574210b32f816a058e26c7459b3cf401d9548f259690ae4a2e74e31b11728 -DIST firefox-78.0.2-fr.xpi 580680 BLAKE2B 079558908e869e27ca1e8f158585c0b8b49f3bae983f8469f52515222baf3dc4bedd58c192b752d6e84b8b9a2a5c088eadb9cfa5262db783abf028ba8993b6cb SHA512 c856e5533955f1827846b3cf1f859299eb346989c517b4cc7913a099d33b9bbb49e62f626a69b0d2ec08511dea46e879de76d09dfc579fa0cbe65b5aa803a5ea -DIST firefox-78.0.2-fy-NL.xpi 565456 BLAKE2B 0bc5446f7a6e0e4ea90fb871f1121f67aa6c20bd93805aecfcab3313dce826f5714a0f9a0e35144c44903a40bb8ebee53c8555b1e2e883b6a63f1584aa3a6de6 SHA512 4d39f8ae90916f87a178c59dd98ed0f41d496b5aafa4e106365cd4b4f6b55acb35d7446e16be59dea5e293f5832af8d3c77fbc9500e7c262d8a71cd443a18f92 -DIST firefox-78.0.2-ga-IE.xpi 514579 BLAKE2B 8bd6ec1c5416616332e09ca4073a0f4587524728762f00fd0365706b967be69ecfd2d952c5420e0a902264676bfe0e0245ff8869efea7062c338834d08fe6917 SHA512 27ac54219b902613d1d0d945ef882635149892941ecea78995525de28880389c42efd4ba24b51ac0608fc2e9d3bc74065e03ea5ab17d5b18f200c30d0b393170 -DIST firefox-78.0.2-gd.xpi 544419 BLAKE2B ff7a3757b69e4468a748a83853fef5363c99d5fcd1408c41c9620cb6e2b9d02fafc4ac3c8a55ceb2e1a22ab18e7b33707b0d881fcb49cfbf6cf89564fcc7e8bb SHA512 607913cef428b8f3ca2efa83a608fc6ca87597961b6ae9236a305c9637d8cc4146da5808af742e81a14ac920dbe3cf18473a73915bb4d24980f179ca2c0d4a57 -DIST firefox-78.0.2-gl.xpi 508283 BLAKE2B bad499e35cb14bee19c4275ee8cb09bcea7cf68a3c58a8465236a10af2ac4af6103e7e1c0de8aa6e417d13136bc6e8c03df589bc5181cfbfcbd4388aad90b6a3 SHA512 48516418d3010a15dda0518f55a0860f90921ae2225e8335e40e06ad9243a6a14b6795cdf4043aad1235787d0d11ea1f8c26010b2807bb87c4dc756ee84bcdf5 -DIST firefox-78.0.2-gn.xpi 582166 BLAKE2B 7c42a6f9b765f809c6c42ddb167bfff71a1debafbcd92263dcc9ee6f5d129c1f9d39c13cb663fba4708026e4832131e9a74e4b24eeba5cbfedd043f897144c33 SHA512 df6b6d13a1a8bea98903d2ab0e1cf90dfd7b4f3c4786be342c519a00e86ae0c36743f49502b0be2fab8cf7af9c60a824d5dcccd22998a7019bffb53931dbe803 -DIST firefox-78.0.2-gu-IN.xpi 602914 BLAKE2B c5699cc3e197f6b90e4125e8cc9d578ef60a5691661a2c8dfc7e4a8c5ea8fe184cf4979be7028040b1b4c25316301b1c81ad5654805e57e1620ba56af6e0d91c SHA512 9f8c0317de2724ee6cb7f3a0190ef5d3a29617a011415fe6c46f23a09d4ed3cfe3b0732430ca341deb50a3d1f0772ee163683e8c62e6efc0d7f17dd58614ff6a -DIST firefox-78.0.2-he.xpi 582418 BLAKE2B 08a46e34e08b135b583526ad2187c4f1b962cdba461aed2b1017abeafe3b18a889372abb368996a85fe0e139f6c1a74106046936e9b22337b82e293ece386dfc SHA512 0e3373892e9179143e65009e44b54059e40da0d02d6ad631188b445af84ae60bcf7303db4fff8543f0b09419f72a7b12f435d02dc1e68fe7a48d0541d7c32c8e -DIST firefox-78.0.2-hi-IN.xpi 622444 BLAKE2B 78c7a3ab28e64a84ac385b32d0cd1d644de09d30a9b82109c89b5f04c13efe2328aff8e2717d3f2431b3095a33507475f87bb33e64a7bd8eb8707911f773ab1d SHA512 3d536f5478194e0d48b321ed2cb38eab6c123d8ea8b04e41f3665f6403813ad9560dfac601426e8767b3a53af4048a197a9aee1abd489f0fdcac8c575670d9eb -DIST firefox-78.0.2-hr.xpi 560786 BLAKE2B e5e967103080da9b375913098a5cc01d64282953ce341fba4e5b0eca5cd1bf2f098cff8e42670db4e5a9c3bd7fbebc746ffa5185e888a8dddf734479bc0c89cc SHA512 b771ef8096c8274f17aa0a9495fbfe9b77e67bd23fdf394e979471d23d46731aa32fc7c50d3a7af5fec8d0a6045bfe2929ec1917439487272962befdd97687d5 -DIST firefox-78.0.2-hsb.xpi 585290 BLAKE2B a22a83556fba35148f4eb4f7b0d12819e489e13600301b5ccee54b838f59452d207b8d12e2e732a6db42ba4567ee33ad8377eecc1d5932e3e950f7c5fd91e877 SHA512 6a81156afd1ab924a5896b97766ad6c93bb4db98ecfec887e8eb46db1a69f5c49770bf18ebf7353616668d6f88c5b1f39c5afa2cdf6956910e035aa1b9d37b67 -DIST firefox-78.0.2-hu.xpi 588748 BLAKE2B d4d0ad59ddd7dd4451c6cba98948ba78e37f9bc3bb05623d5fb6f0c7d23d0a344e7e5535fd60791ec3207ab68302e3da7344d473e96669922b53004c2577a1dc SHA512 dea3571c1f34ceb0d2f2764ac2e74d4a8d303cb04be0fd652ca73ad5a050addd7a0cf4e0be85a24c6cf2dca63da4c580372c086aed9f359640a30f4999ab1352 -DIST firefox-78.0.2-hy-AM.xpi 649327 BLAKE2B f7d8ded6b3f4c18aa0c179d38c46d4cc6b3e04d943aa65db3d504f265d96c31dc3b33e05db0a0e15d951b66933544ebcec526b77446d69c9461d25c0696beb6f SHA512 93c8b76215003c7b085fea61d0a3992a75e5a78e6dfcad9a6440472d443fbdb8c8bb2be28ed9fb6d8ffa26f918225b66143fe0aa02ce3dabcb2ee3043b922c02 -DIST firefox-78.0.2-ia.xpi 554118 BLAKE2B bd5f3ab4567fba9a85de26e1b43f3a1d4c44049472d15c7c127c911127b052be875640d93cb033d0b5048034696b2c35167f25884930d8103263e3714499e6a1 SHA512 d43e1c48a00e96974a23c448bef689d458b0e9173c065ceb33960e80a8645d93e75399a2fe04529fc410090e2b6ab6a5e29f7bcd8d06aed99cd9c00974e3a661 -DIST firefox-78.0.2-id.xpi 551946 BLAKE2B ccafff682cf346815f5c03a1cf17cc2f24e491b528d5f75e2aa2ec85ad0cf9f3a565fa966757506fa09a8dca500a9cb0d7d2f1d23a6fd240a0eed8c991ad5bdc SHA512 9ec28fbbf500f469cc4210f0f1859015ae9aae7cf912b66f843d940caadeb8acd2afa7c33dbc3310ae6cef470d4fc564acc3754c4816a5364f64bfa967950b33 -DIST firefox-78.0.2-is.xpi 527499 BLAKE2B 4087a4160b2176a83fcbb8b0522cc68b0fa58dba099fb114acb3444fb73d4ffb3f2a686cb123507ec5caf33c665dbc9c6f3e8414c84c334cc161de09bd85940f SHA512 0239eea5cc3e5e6e90365b507f372b35a4ecb193a973ca7f2b549d5f16d05fdf33a182e655c780fa20c8dd08468cf43e4116f35499801c1d2a1c99c69fbefe49 -DIST firefox-78.0.2-it.xpi 454998 BLAKE2B 4d23e7d1a3be1d21607f4f434e989119fffc77fbb6cc6ed5a22388327b6485be25543aa8247b0a7f67b62f2266e2a64206429ce928e65c3456f152acb5e9af0e SHA512 b5c1b435b62e82c041ea3955c560926743edb741c4411ed88c3bacd483e0000383eaf59df3d963fdc04d3b256b65959726bb42813460b4e1f853d0d430c17aa8 -DIST firefox-78.0.2-ja.xpi 615921 BLAKE2B 4c30b7d374042304cf2ab2b60ab70ed8260820335b86dd19ab3186ff784430802a1b767fc7e3c9462906372c31aa2ff600c793c4c407068ffa61e1c47fcad80b SHA512 1a65a805d1789e24a2042e6036b6320b6f3b396b52d0438fe73b7c21794b05288baf5148a1fe8e6c6fab8e2b7c48fb1dd981e1b7512fa1522356d3c9089e4f76 -DIST firefox-78.0.2-ka.xpi 612304 BLAKE2B 5ccbc62550aff429305048cda81f0786a639772667b145f0b3f1239c504c1bbde2e30ab106f488327ad7a5242b992584c6ec3efae917757e08d567c753618ac3 SHA512 183fa9c16cf9d212f1af18ef18c9a1ef337de8722840c5a2efbbd007d527929d7830360a1c822ddaac7bcc8e0334ee3ef393407cb81239f37e147e1d2018977b -DIST firefox-78.0.2-kab.xpi 574013 BLAKE2B 6a59322839ccef91339f6556262f36fae51581f3325de6bccd9ff9035cec84174cee1b8464b7481e7ad2c58b701ab2712ac4f83518924ba1e9ad12ba51bfaae1 SHA512 142f46b584f44260a9a25a62b9d9f5ac809f5fe17795d2d4b91b3f4527a0bb4862382b55ef858681173455cd508922577d2f7a3bbf2ed2a9b1469dafbfa16312 -DIST firefox-78.0.2-kk.xpi 642139 BLAKE2B 33d5f2abf19efd2c6e4ec99f696e552f5bf34bbe3cdc9f95e235a94ed62568e7bdf0c92c18527ffa86b94fdf85df3dd456bcc2db7818fbd28eb0d55b8500c2ca SHA512 cbd256fd0d6a98e1b99e27a62785bdc993aa936efd0ea8a14cb293c8211d8bd7487a684ce4daf3d64e589f26224a3767060a020ec341fdc64b6c11457dad1273 -DIST firefox-78.0.2-km.xpi 567231 BLAKE2B dbfed5b0c772114326eebee0ac946bf8cfbd10e78970a1d625e778a47227c6d3eea4b8a9f7d605b99202abc2badb821e0a59c61aba0facc7162a0ea5d1e79f43 SHA512 4965b4bf13d77a5a0316809e2f341918579726e3b57723090e1748ed5f4c343939e376bfd3c4619f04f3b21c1b28481caaf15c3132794c8c05b405cceeb816b7 -DIST firefox-78.0.2-kn.xpi 558806 BLAKE2B f216c49c89d6c32e1ae216180799b62f95834cf695af5bd216513301b78a369ef9855bf9c5066a2b98fe57b531d679172267389a35e767d76df8fa07e174c407 SHA512 af9358112304576cec914dce6208490dc895c77bd074d28d5c05d157634d2fcc5fdc0983e6e3ca607bef0aa1ec507440e8cc1f68f81d9bf380235743205b128e -DIST firefox-78.0.2-ko.xpi 602762 BLAKE2B 7d3b615c03122ee26f3f7610f81230e7eef0b9274dc78e3ffb8ff16905d197f4ca5980e45c7077dfc6b08cf6ea34fd32058f6e1d6d83241205b9cdf2d65d0598 SHA512 19bb88a9bfd1cf17ddaa8acfc953cab0976d3854d20e1f8ebdb95f70cbdf46f42fa43c44f371a9b6aa8cb7875b0d9d5cf2f6a0ea181738b817b72f8130383a1d -DIST firefox-78.0.2-lij.xpi 526112 BLAKE2B ffff708cd07d77d2d6222a0563623685d94e0fbd13f670bb31ae22ca3b9aa7d76bc4ad6f606cd20c7529feff16005c5432b57e67027b41e8f37b14bb95d90382 SHA512 cc24878ca1487c8d1eab4c52bceb0ca3e3f4b750e7bb64ba47b3f125a9aa8e956244119154d92a496e172d2561968712b5979e57ff945e07df9e2a9989712bed -DIST firefox-78.0.2-lt.xpi 579632 BLAKE2B f2891910b9195d87a0821acbba5c9ccfa88de205c0cfa08504e64bf535c5861e0fd14b43b28f2eabdf05b2dc8d949cfa16ce6bb2f362553e3d7db3b68f012ebf SHA512 4467844055fcce7aa24633bd2440b9730674e96c99b566a8889107a685c01e5c2850d8c8cc2112faca896eb9837f41e14c8e7caa14ffdc8775abad41ef997347 -DIST firefox-78.0.2-lv.xpi 516883 BLAKE2B f9190e768c52bc0b6643f8859c21ac5c6f36bad6e975340eb7423bd63a115f7d1a7843b37056c7d63c097cdd388f6d90dbc0f39c77a30dc2af627c0cd05fa45b SHA512 f8199169ebf790978afec332b79d4e6a799016ba2734e9e920bdeb8904fdf9df8631a0a00a652e605ba17c33787a7668bd548b3c2fc6d34aed66733446e61094 -DIST firefox-78.0.2-mk.xpi 482942 BLAKE2B 1109c1bfca6df35869207a2b0e758592a530d4a6f8cfeb66587cb0975a8269c06f29e9ca968c9f21b319935983a6fcbc0884ac4fe04151cf0bd9368830de88bc SHA512 179bc2a43eb02e5cc9bbd60e91777636746044a788aadbab6084c2d41796c5633ff6ec47be5be0c7a244728fd14d0b2dda266ef253213b1d88b2bf4e6db69ffa -DIST firefox-78.0.2-mr.xpi 599907 BLAKE2B 77f47a35b2cb43e4c97812f2019b695a6a1ccab79a4019c81fcccc534e03066855e2e1961924c05b533c8b3fbd20e74a85580d9c5bd516c3e44425673059870e SHA512 4b4a21ecb72bbf324600f8bfc451e41a97970aa6364c496ba6d28c3d94adc5bf14138f639fa7bd11d4bbe986161a9c24b8e000e5f4b0f219055a80454f2cac7f -DIST firefox-78.0.2-ms.xpi 500966 BLAKE2B 0da28df093b793c8c63ae4c76a903fb4f0f54b28ed74ef6f540c8d81ff09ad8e5de9e773b91beec6546ef706723a04c523524e2c4d825c8aea852bd76872d7ef SHA512 94e2908186b6a0e062b0a276f8d1ba3239e3159d9cba2eb91635bac6bde4106cec7c5468fcccdaedb7e0e1bb72b1389c9614abaf23bb5314619d5158da266f7b -DIST firefox-78.0.2-my.xpi 557205 BLAKE2B edcd002b29cf51309220d2abadbe382dbab00f6e612d12ffcda16b501a3e791fe58c1e57b0e9cdebecd14d7124b8b8e4a32d75c405ce9b9ead1751976371a7f7 SHA512 80ce551365a7168b1d57e04b4d2ffd3870d7299669d61bbc837f4260b39be4407eb5d6bfe06ecd29a71cbf316613cbbd8cff8bb20e36b983d354219f9f8e6a28 -DIST firefox-78.0.2-nb-NO.xpi 549591 BLAKE2B f14759ab55b05169255a610e00b3f65a8451b603b3d0d53007af6665eb50cb29d69f59947212cf06d682176c79b9979ae3437e97ae74d17580ed5ca7b7e78d49 SHA512 b8fe2c08ac334acf62b4555f5bf8a483b361381bda3770416b03f791ca82e65763762c7cdb85172179ebdb83a98d2e37aa18deb2b0eecedf43a751b13188b0cf -DIST firefox-78.0.2-nl.xpi 558784 BLAKE2B a72ae73b21b2c177cd0e03782d53c1f9a9d47028b6955982dd2e52dbb83e66b6bb9de605d9ac98d95044e4877875f88f002a205be6d4b27b0fa22b978beb2a8c SHA512 81bf078623ba72822d27309706d4850c1fda4dbc7474c3a82aea5d9e71d9353010c498e1136a29d5dd0b4e8e7426400e422d5de952fb5dac6aada9d6a00b7e8a -DIST firefox-78.0.2-nn-NO.xpi 552139 BLAKE2B 3ff432eea0e53d4d5599993d195a77fbc102c18bd86d6f8a5e1fc2b74f762a2fc5208b8002f268506a8480133933a0aec87f6e00e4a34ec7668a0c76b8343e1e SHA512 56b89988d24aee6213764e9bdf31b6457ac2895c0a9a6dfa8b55a76cee8565b6132adf7820c1c5b74e1870219853bcfe876df94010b127ae57480a6685e86f42 -DIST firefox-78.0.2-oc.xpi 576253 BLAKE2B c039ca9078de54ff9c509f3f0cf451c0039850e70b28e01c8da4b875b60d8ec73b5224017b0980f1a87ddff01a439d6a9c7e107b6a5b27efcd4d6c852eb39adc SHA512 401ce7ca2edcc26778a2aca6680afd84be5567780943315f7290401ff58be9c84b3178ef4be16197a71873d284b76cddf0215b6e91991d92ee0d12c867626ba2 -DIST firefox-78.0.2-pa-IN.xpi 606175 BLAKE2B b734574fdbc603abedc068292fd2a1e71ee461955071a918dedc231a760e9594a51f8f315ed363f583a6842fb1198e059fcb9052859022f77160913547498807 SHA512 8546927fa84e57fef201017440e4cf66d647605cfd28b8ea937ccc3c3058c93b3e54cb4f5db5cb9aad842eeffecbb6d841cc11816d84c27ee339346567c32ca6 -DIST firefox-78.0.2-pl.xpi 574895 BLAKE2B 3302c8446c1910551678d109a696ec99e76fc37b22306af83b104f6cf465db407b54e7c759c27e0ea6f97241a18777997ea1a23eb4c25e1b302a5d72d5b0b728 SHA512 661e5f9b14bc0af714e81b8e9fb04ccad491dca52fce3ef2d696b95e599064c09a9fd27604b446831c2816f5e575979680c87234a66d2b55f9a63b82d39fe267 -DIST firefox-78.0.2-pt-BR.xpi 558017 BLAKE2B 65e1923bf356b0f7430d0f367dfed48930f80c8e430410319dc72bd96f5151bad55f0349bafaff5f9324fa30902b13ce3607222a904157bce6136478e66102a6 SHA512 f05c0df3a38b2f5b6939d5cf40a28e1bb9e804c08d155a7a3526caf6fef8207f7ccba3fad57cb14a2a3386629e2156d2b44430514239903fa4517776f93824cb -DIST firefox-78.0.2-pt-PT.xpi 565637 BLAKE2B 0430ec52e7ba581bb19590d6d408076bfe3134f2726190c5e92bf3439e088c1bd86561cd53d0c83102238ee23c00714c8f49161785b9566c312507bc1175745a SHA512 983c345406070cdfb65de99c5b3efb30f6142e3e3284a60fe419aeb7be86ab0eb8d6afc42467f7c493a42e94b65581eaa437ffa3a29796b0525b9c86065718aa -DIST firefox-78.0.2-rm.xpi 557918 BLAKE2B 2d1da1dc5020098d79b2b59bdd6c4e11dd9792736cba5fd90dfbbd2d47cc0e10dc9b8b49e3b5f5a35c94284622efa027f31275d9f395c4e4a78373467f14f45b SHA512 072265c3af5b17027049faf45608805dbf93f3e2a6f2192bfb098d6819f778411ddeb8b88a816c5bd016c320df21804c062ae5944d95172fcdc73ce2a556a40d -DIST firefox-78.0.2-ro.xpi 569376 BLAKE2B 4ae4c5880290efbb597ef5bdb1e93720da0590d892010e5cab4f1d77d59688622883468f3170de9b3c7923f92d2d95dd80dacfd9d9f1af9720e3d1787290b9d0 SHA512 6100a08560ca26190efb6b85b3cf20da75d79acece21b64f6d0f938effc2e5f25374ced1bd61ba62c64671d206525bff982f5d4e6efe4c3505ea4ed92fc0ad93 -DIST firefox-78.0.2-ru.xpi 650703 BLAKE2B cd11d3b06e24e2518c2ac5542a36e02908b8cf506b8f8ad0ed08fd899377a159e0a22a91ac0ee25b72af23dc795ca5180c864d5e625af048e85d2c3247ffb68f SHA512 f66399bc87051ae1c5a83b5054e79c75f53b2b467bcf312044f4c3284dbc9085a2f1e01992e146aea3661a5a436107c0e7b729ae37642cdb44df85e3a4bc8230 -DIST firefox-78.0.2-si.xpi 534197 BLAKE2B dc1c49b91e9688cc1037eb4d265e7dff204281ced39a05e74e12cd60eb921d6424f347ad4c38c3efba09b63a912e14970f939e1cc3cea5278f0b93558d7f8850 SHA512 c66e6e67fb456bb0bc80c9030af5adfcd84c44405801dbad94abc9c55d0c2fbe126980bae8a127a6f91248b1fe452fb5337065b3818f0e042b7977aaa4392620 -DIST firefox-78.0.2-sk.xpi 578535 BLAKE2B f25a1da52c36f898cf3da19ab34f023327d43f3bc23220f172cc172606137e33ca8d8b01ab4986cbd2a8a9d3c45032a7491c08c82e4aafa5861f5dca3c8c6a70 SHA512 0e8f8e1c271d053e06af774b2d6c9edea51e63516a18534c51383ea2937406f75979b5776f2a543d72562212b1de7640d2c48eb91099034e7c329a10d47b3342 -DIST firefox-78.0.2-sl.xpi 563038 BLAKE2B b0077cd719ab2e10008cc45e41ae080c2e7d6a570b87854d08ac188618277c2a6a9d1544446b7cba10dbffafb33e5ae4c84c3bfa03c3e436c37055ace68deffe SHA512 cdbc2b72b7b891e6bd12ab3ef156b3063b4ffca6f5af870109b708136d34d461bbd9fbc46a2241a82a9c33e5288bf18b482eb3660a0ef158874fc75eae2d2f60 -DIST firefox-78.0.2-son.xpi 454246 BLAKE2B f7d0f11084e125be5132c54293012813cd0ad334a6cc962ef236ada2e2b085f27cbcf8db1341639c74c9b8a76132fdc9ef690765a815b4dc7fec40ab754e1321 SHA512 a426b2e2137b717ca9b09496db08c68e6fd16802376452539f260b5c29dc91be1d8224a6cf1e81aaa9299da6ac090de6650c07293f97c281cb806cf5603ee854 -DIST firefox-78.0.2-sq.xpi 580008 BLAKE2B 38fa940006469b7b6cfb948ef612f4a1235cb4567f1c9d9a634e221f42b1656b59d643f037d2f840fda4149056144c77035fc27f98c43779e026911df219b895 SHA512 8578769ea79100146c024e853d7dd8138663dd304ee9050d5c6ea2333015c898f02ab27da1e386b0c2dc70c8c6774aa8ee1046c3bc6715c514a6037e46a3bf0d -DIST firefox-78.0.2-sr.xpi 604540 BLAKE2B c3d2771034ac6e5fc82b4ebe7e106d44edfa7ec33f185b6df1fbf1ee5fd79356a4636d9b803db8b6e9d03f8b04a0776bc4b0427762c5a6eebdf76cfcc077fbca SHA512 0b151cbce3239d8f80ba84a51d33b7cfb2258c8e2372c401a32643858f12cf7a27c4a4f725d60455d746d9636fbabfedf76290fb88f8da03acc29071716093bc -DIST firefox-78.0.2-sv-SE.xpi 561863 BLAKE2B e90ffdd603f8a1655edca48b9974fb5c042173676052a3ad66a03fa3d014a750f884a94a4eea7cc2407987f5d6200f0d76dba0404b438a0d9a28350a4ac5bc03 SHA512 3c27c8098fb659eba75b3f2e73ab717882e12e1d44269da85dc6ea251e41ac9c27a0d9c5b2a3443a385efcd182740cf41eab9558a3b1123c7583174f3277a7b0 -DIST firefox-78.0.2-ta.xpi 572336 BLAKE2B 48a0ba1bf90e9338e5c494339205e96d8d9eee8ba141be5cab7d7703d5acf2fa6e0b0b9a807c72b0bf31fdd19a16bba988ed6970c243003156c98d03c30473d5 SHA512 f906f8feb8a356a77b5be12bc01596916824e2782f61387d814a40e6c7deebf2511611bc19bb66c8e8208c947a00bf8de296d826ea6b1b5bfba84ce0ca0fa628 -DIST firefox-78.0.2-te.xpi 591642 BLAKE2B adab23edd9beaebb81f73025f66a5cee184db7932b07385a1dd529ab150e9af66b16055297332e1b658f58962b40888c77da5f10d7004d15814c68dc84e6fb7c SHA512 8b676fde6249f66d4e819db01ce9ca8221b75a5025f68c31bbafa9d09daf02d19d490a4fcbd2253fa68475d50c6dc2793142a504c9a7f090569c5b11c9c4bb42 -DIST firefox-78.0.2-th.xpi 628317 BLAKE2B f4740071921e76952e6bf06a7676c718686b8f4860082e573014efad1b66e99bbc9ca549a30129301243b008a7f30e5a8b5510b065bf5177cf9cb335956950e8 SHA512 1c2fb8b5792660e2d4d25ca1909f726092a5c0c025edb2a089384c48804ac5d592db0393d7e4d236fe925b1f00c55b27b10b15f49c7ccd07e110da276bdcea21 -DIST firefox-78.0.2-tr.xpi 576348 BLAKE2B 7a4e720d2cfe0481208a41a6cf3ea1fc7aec23722f14f951f5aa2da7374398dd3ff2ff8e4885c7c7c8305abac05e067de8f556428d6e3d0495de0cb946e6baf3 SHA512 a365bccd6fcc973a0e27a491e2b1bf4c6ee4ced65ff4916942c63830b07847efaf582611bb3b781cb8dea9bb929d37b12c55833e46459bc090a61ca698270e10 -DIST firefox-78.0.2-uk.xpi 646853 BLAKE2B eb1011c17c73b9ce2da2569f42f3ebd8fac483bdc0ff800298c449daedd7b68897d2c526343d154a2eb4cc57b8680e9d9018d89355d6f39ba92c99abf94a5417 SHA512 12a54535da90bae1c0f0dc7929912ae3a06027f06d76d44aae31640964a26ab6848217ff64c3b5c777f6601ef3a198dbbfb478e6bf8d9f8ae1efed0c0c0444b1 -DIST firefox-78.0.2-ur.xpi 608128 BLAKE2B af96c238ca788d6c9107080466199644ab858615bd9e6b4d4ccbcdc4f94705c6456aa18788f1a5ef2f8599ba5712e5b6dda45e173dd93b103a440f370dd56f45 SHA512 a97a1a44beb40f2792b8e9b2af8b1a1cb4c65ba655ffd17bde7e2ea0fcd199c9004b9ae20522e06b0077b5df0b5661fd7e9e98baa423d34539960fe8742d48b8 -DIST firefox-78.0.2-uz.xpi 521137 BLAKE2B 84657ae37696ef2f6698e64aebd553c3f844f5411b6a403ee4473164cb361d95a57592d7b13ae956f9cfe8507984af34fe3c62dbc60b406f6d28a8d2d318276d SHA512 216fd71e9a2d629239b97b89d615e490152ff1f4decc1b2d74cb2453897cd7e06a525df73c670accd2105ad997d2f8b4ea898ce8c30fd93c4136354696fb2493 -DIST firefox-78.0.2-vi.xpi 596833 BLAKE2B 71b198f15986029e5f93cb3ca0f52fc3abd59611faefdce88c541c53d59df67afbf691cfdc810915510e0fc59ce77474105399e8066e0835d544dd1d3cd93fe7 SHA512 57148e969ae64aebd009896239b96e70b0f8cacb00ad121b49b7d122071de1789cb08812765e2b6565d228870ff06639353776a4fb5151c2a8835310728ba41c -DIST firefox-78.0.2-xh.xpi 458898 BLAKE2B 1357c2a37ea0d5a6eb3b25b79793a3be744c51c2930d0515fb386c81314d479e7978bf955d020af227a84152910b037186ded92cdb89c0146ea011ab1e2c35a4 SHA512 2aded0092cd9bf77c89be91ff9f0818213566d2293e6693d8ba8aff5ba7ee463d2f5ca1a770d4cbff1b17db2e487f544f96f009eab5fa2edad3ec9899e44ae3e -DIST firefox-78.0.2-zh-CN.xpi 600177 BLAKE2B dd3909d4c3777a5259f92ab499b354a3ae97839cadb504edadfaad92ac9af12bf5cb637775765f0d24c50c435ecad4621a53ac105165d8ff013ef6350c208513 SHA512 1f56ef51b8a5226477d623f886ba5622fe6ccc3e1e99abeab64a60dfd656920aca248fc80efc58d71f7126076f3ecca07f3b135b40d922686886ffa6194a17b3 -DIST firefox-78.0.2-zh-TW.xpi 599268 BLAKE2B 5f2d2ac97f146f13ff3a16756c5d2208a3fb5f37277f0037c3f13dbb0530ff44478c290afcff4d2312167cf75915f65af1ec1c60480853a1d5ac3683d4c9df7e SHA512 03152b433cb8c80960b081f9ecf97447e492c1f2e8719397ea2dbf9865d0b60f8b24d653c7564dd866ca38068b92c6aa4978bfe78450989522dac160c125e43d -DIST firefox-78.0.2.source.tar.xz 334406116 BLAKE2B ecddeee641a61409cf603afe97c3e97854700d3858bef8ec0d09c58b39023162e2939a3619481c1b9ac7f5b98bf6c7082108db3c9736332f2e30a6ac14b34b2c SHA512 4aa753fb51459301379d186f3c93e15755530e5e1ea17795d620cc9da56eb5e76cce483ca57f4af339b6f17e47101dff772ca01fb1b469201a09283f14f567be diff --git a/www-client/firefox/files/disable-auto-update.policy.json b/www-client/firefox/files/disable-auto-update.policy.json deleted file mode 100644 index f36622021..000000000 --- a/www-client/firefox/files/disable-auto-update.policy.json +++ /dev/null @@ -1,5 +0,0 @@ -{ - "policies": { - "DisableAppUpdate": true - } -} diff --git a/www-client/firefox/files/firefox-wayland.sh b/www-client/firefox/files/firefox-wayland.sh deleted file mode 100644 index 44280250f..000000000 --- a/www-client/firefox/files/firefox-wayland.sh +++ /dev/null @@ -1,7 +0,0 @@ -#!/bin/sh - -# -# Run Mozilla Firefox under Wayland -# -export MOZ_ENABLE_WAYLAND=1 -exec @PREFIX@/bin/firefox "$@" diff --git a/www-client/firefox/files/firefox-x11.sh b/www-client/firefox/files/firefox-x11.sh deleted file mode 100644 index 756556690..000000000 --- a/www-client/firefox/files/firefox-x11.sh +++ /dev/null @@ -1,7 +0,0 @@ -#!/bin/sh - -# -# Run Mozilla Firefox on X11 -# -export MOZ_DISABLE_WAYLAND=1 -exec @PREFIX@/bin/firefox "$@" diff --git a/www-client/firefox/files/firefox.sh b/www-client/firefox/files/firefox.sh deleted file mode 100644 index c08d55519..000000000 --- a/www-client/firefox/files/firefox.sh +++ /dev/null @@ -1,128 +0,0 @@ -#!/bin/bash - -## -## Usage: -## -## $ firefox -## -## This script is meant to run Mozilla Firefox in Gentoo. - -cmdname=$(basename "$0") - -## -## Variables -## -MOZ_ARCH=$(uname -m) -case ${MOZ_ARCH} in - x86_64|s390x|sparc64) - MOZ_LIB_DIR="@PREFIX@/lib64" - SECONDARY_LIB_DIR="@PREFIX@/lib" - ;; - *) - MOZ_LIB_DIR="@PREFIX@/lib" - SECONDARY_LIB_DIR="@PREFIX@/lib64" - ;; -esac - -MOZ_FIREFOX_FILE="firefox" - -if [[ ! -r ${MOZ_LIB_DIR}/firefox/${MOZ_FIREFOX_FILE} ]]; then - if [[ ! -r ${SECONDARY_LIB_DIR}/firefox/${MOZ_FIREFOX_FILE} ]]; then - echo "Error: ${MOZ_LIB_DIR}/firefox/${MOZ_FIREFOX_FILE} not found" >&2 - if [[ -d $SECONDARY_LIB_DIR ]]; then - echo " ${SECONDARY_LIB_DIR}/firefox/${MOZ_FIREFOX_FILE} not found" >&2 - fi - exit 1 - fi - MOZ_LIB_DIR="$SECONDARY_LIB_DIR" -fi -MOZILLA_FIVE_HOME="${MOZ_LIB_DIR}/firefox" -MOZ_EXTENSIONS_PROFILE_DIR="${HOME}/.mozilla/extensions/{ec8030f7-c20a-464f-9b0e-13a3a9e97384}" -MOZ_PROGRAM="${MOZILLA_FIVE_HOME}/${MOZ_FIREFOX_FILE}" -DESKTOP_FILE="firefox" - -## -## Enable Wayland backend? -## -if @DEFAULT_WAYLAND@ && [[ -z ${MOZ_DISABLE_WAYLAND} ]]; then - if [[ -n "$WAYLAND_DISPLAY" ]]; then - DESKTOP_FILE="firefox-wayland" - export MOZ_ENABLE_WAYLAND=1 - fi -elif [[ -n ${MOZ_DISABLE_WAYLAND} ]]; then - DESKTOP_FILE="firefox-x11" -fi - -## -## Use D-Bus remote exclusively when there's Wayland display. -## -if [[ -n "${WAYLAND_DISPLAY}" ]]; then - export MOZ_DBUS_REMOTE=1 -fi - -## -## Make sure that we set the plugin path -## -MOZ_PLUGIN_DIR="plugins" - -if [[ -n "${MOZ_PLUGIN_PATH}" ]]; then - MOZ_PLUGIN_PATH=${MOZ_PLUGIN_PATH}:${MOZ_LIB_DIR}/mozilla/${MOZ_PLUGIN_DIR} -else - MOZ_PLUGIN_PATH=${MOZ_LIB_DIR}/mozilla/${MOZ_PLUGIN_DIR} -fi - -if [[ -d "${SECONDARY_LIB_DIR}/mozilla/${MOZ_PLUGIN_DIR}" ]]; then - MOZ_PLUGIN_PATH=${MOZ_PLUGIN_PATH}:${SECONDARY_LIB_DIR}/mozilla/${MOZ_PLUGIN_DIR} -fi - -export MOZ_PLUGIN_PATH - -## -## Set MOZ_APP_LAUNCHER for gnome-session -## -export MOZ_APP_LAUNCHER="@PREFIX@/bin/${cmdname}" - -## -## Disable the GNOME crash dialog, Moz has it's own -## -if [[ "$XDG_CURRENT_DESKTOP" == "GNOME" ]]; then - GNOME_DISABLE_CRASH_DIALOG=1 - export GNOME_DISABLE_CRASH_DIALOG -fi - -## -## Enable Xinput2 (#617344) -## - -# respect user settings -MOZ_USE_XINPUT2=${MOZ_USE_XINPUT2:-auto} - -if [[ ${MOZ_USE_XINPUT2} == auto && -n ${WAYLAND_DISPLAY} ]]; then - # enabling XINPUT2 should be safe for all wayland users - MOZ_USE_XINPUT2=1 -elif [[ ${MOZ_USE_XINPUT2} == auto && ${XDG_CURRENT_DESKTOP^^} == KDE ]]; then - # XINPUT2 is known to cause problems for KWin users - MOZ_USE_XINPUT2=0 -elif [[ ${MOZ_USE_XINPUT2} == auto && ${XDG_CURRENT_DESKTOP^^} == LXQT ]]; then - # LXQt uses KWin - MOZ_USE_XINPUT2=0 -elif [[ ${MOZ_USE_XINPUT2} == auto ]]; then - # should work on Mate, Xfce, FluxBox, OpenBox and all the others ... - MOZ_USE_XINPUT2=1 -fi - -[[ ${MOZ_USE_XINPUT2} != 0 ]] && export MOZ_USE_XINPUT2=${MOZ_USE_XINPUT2} - -# Don't throw "old profile" dialog box. -export MOZ_ALLOW_DOWNGRADE=1 - -## -## Route to the correct .desktop file to get proper -## name and actions -## -if [[ $@ != *"--name "* ]]; then - set -- --name "${DESKTOP_FILE}" "$@" -fi - -# Run the browser -exec ${MOZ_PROGRAM} "$@" diff --git a/www-client/firefox/files/gentoo-default-prefs.js-3 b/www-client/firefox/files/gentoo-default-prefs.js-3 deleted file mode 100644 index 073ea77e5..000000000 --- a/www-client/firefox/files/gentoo-default-prefs.js-3 +++ /dev/null @@ -1,19 +0,0 @@ -pref("app.update.enabled", false); -pref("app.update.autoInstallEnabled", false); -pref("browser.display.use_system_colors", true); -pref("browser.link.open_external", 3); -pref("general.smoothScroll", true); -pref("general.autoScroll", false); -pref("browser.tabs.tabMinWidth", 15); -pref("browser.backspace_action", 0); -pref("browser.urlbar.hideGoButton", true); -pref("accessibility.typeaheadfind", true); -pref("browser.shell.checkDefaultBrowser", false); -pref("browser.EULA.override", true); -pref("general.useragent.vendor", "Gentoo"); -pref("general.useragent.locale", "chrome://global/locale/intl.properties"); -pref("intl.locale.requested", ""); -pref("extensions.autoDisableScopes", 0); -pref("layout.css.dpi", 0); -pref("network.trr.mode", 5); -pref("app.normandy.enabled", false); diff --git a/www-client/firefox/files/gentoo-hwaccel-prefs.js-1 b/www-client/firefox/files/gentoo-hwaccel-prefs.js-1 deleted file mode 100644 index 0cb92b046..000000000 --- a/www-client/firefox/files/gentoo-hwaccel-prefs.js-1 +++ /dev/null @@ -1,2 +0,0 @@ -pref("layers.acceleration.force-enabled", true); -pref("webgl.force-enabled", true); diff --git a/www-client/firefox/files/icon/firefox-r1.desktop b/www-client/firefox/files/icon/firefox-r1.desktop deleted file mode 100644 index a000dffda..000000000 --- a/www-client/firefox/files/icon/firefox-r1.desktop +++ /dev/null @@ -1,230 +0,0 @@ -[Desktop Entry] -Version=1.0 -Name=@NAME@ -GenericName=Web Browser -Comment=Browse the Web -Exec=@EXEC@ %u -Icon=@ICON@ -Terminal=false -Type=Application -MimeType=application/pdf;application/vnd.mozilla.xul+xml;application/xhtml+xml;text/html;text/mml;text/xml;x-scheme-handler/ftp;x-scheme-handler/http;x-scheme-handler/https; -StartupNotify=@STARTUP_NOTIFY@ -Categories=Network;WebBrowser; -Keywords=web;browser;internet; -Actions=new-window;new-private-window; - -[Desktop Action new-window] -Name=Open a New Window -Name[ach]=Dirica manyen -Name[af]=Nuwe venster -Name[an]=Nueva finestra -Name[ar]=نافذة جديدة -Name[as]=নতুন উইন্ডো -Name[ast]=Ventana nueva -Name[az]=Yeni Pəncərə -Name[be]=Новае акно -Name[bg]=Нов прозорец -Name[bn_BD]=নতুন উইন্ডো (N) -Name[bn_IN]=নতুন উইন্ডো -Name[br]=Prenestr nevez -Name[brx]=गोदान उइन्ड'(N) -Name[bs]=Novi prozor -Name[ca]=Finestra nova -Name[cak]=K'ak'a' tzuwäch -Name[cs]=Nové okno -Name[cy]=Ffenestr Newydd -Name[da]=Nyt vindue -Name[de]=Neues Fenster -Name[dsb]=Nowe wokno -Name[el]=Νέο παράθυρο -Name[en_GB]=New Window -Name[en_US]=New Window -Name[en_ZA]=New Window -Name[eo]=Nova fenestro -Name[es_AR]=Nueva ventana -Name[es_CL]=Nueva ventana -Name[es_ES]=Nueva ventana -Name[es_MX]=Nueva ventana -Name[et]=Uus aken -Name[eu]=Leiho berria -Name[fa]=پنجره جدید‌ -Name[ff]=Henorde Hesere -Name[fi]=Uusi ikkuna -Name[fr]=Nouvelle fenêtre -Name[fy_NL]=Nij finster -Name[ga_IE]=Fuinneog Nua -Name[gd]=Uinneag ùr -Name[gl]=Nova xanela -Name[gn]=Ovetã pyahu -Name[gu_IN]=નવી વિન્ડો -Name[he]=חלון חדש -Name[hi_IN]=नया विंडो -Name[hr]=Novi prozor -Name[hsb]=Nowe wokno -Name[hu]=Új ablak -Name[hy_AM]=Նոր Պատուհան -Name[id]=Jendela Baru -Name[is]=Nýr gluggi -Name[it]=Nuova finestra -Name[ja]=新しいウィンドウ -Name[ja_JP-mac]=新規ウインドウ -Name[ka]=ახალი ფანჯარა -Name[kk]=Жаңа терезе -Name[km]=បង្អួច​​​ថ្មី -Name[kn]=ಹೊಸ ಕಿಟಕಿ -Name[ko]=새 창 -Name[kok]=नवें जनेल -Name[ks]=نئئ وِنڈو -Name[lij]=Neuvo barcon -Name[lo]=ຫນ້າຕ່າງໃຫມ່ -Name[lt]=Naujas langas -Name[ltg]=Jauns lūgs -Name[lv]=Jauns logs -Name[mai]=नव विंडो -Name[mk]=Нов прозорец -Name[ml]=പുതിയ ജാലകം -Name[mr]=नवीन पटल -Name[ms]=Tetingkap Baru -Name[my]=ဝင်းဒိုးအသစ် -Name[nb_NO]=Nytt vindu -Name[ne_NP]=नयाँ सञ्झ्याल -Name[nl]=Nieuw venster -Name[nn_NO]=Nytt vindauge -Name[or]=ନୂତନ ୱିଣ୍ଡୋ -Name[pa_IN]=ਨਵੀਂ ਵਿੰਡੋ -Name[pl]=Nowe okno -Name[pt_BR]=Nova janela -Name[pt_PT]=Nova janela -Name[rm]=Nova fanestra -Name[ro]=Fereastră nouă -Name[ru]=Новое окно -Name[sat]=नावा विंडो (N) -Name[si]=නව කවුළුවක් -Name[sk]=Nové okno -Name[sl]=Novo okno -Name[son]=Zanfun taaga -Name[sq]=Dritare e Re -Name[sr]=Нови прозор -Name[sv_SE]=Nytt fönster -Name[ta]=புதிய சாளரம் -Name[te]=కొత్త విండో -Name[th]=หน้าต่างใหม่ -Name[tr]=Yeni pencere -Name[tsz]=Eraatarakua jimpani -Name[uk]=Нове вікно -Name[ur]=نیا دریچہ -Name[uz]=Yangi oyna -Name[vi]=Cửa sổ mới -Name[wo]=Palanteer bu bees -Name[xh]=Ifestile entsha -Name[zh_CN]=新建窗口 -Name[zh_TW]=開新視窗 -Exec=@EXEC@ --new-window %u - -[Desktop Action new-private-window] -Name=Open a New Private Window -Name[ach]=Dirica manyen me mung -Name[af]=Nuwe privaatvenster -Name[an]=Nueva finestra privada -Name[ar]=نافذة خاصة جديدة -Name[as]=নতুন ব্যক্তিগত উইন্ডো -Name[ast]=Ventana privada nueva -Name[az]=Yeni Məxfi Pəncərə -Name[be]=Новае акно адасаблення -Name[bg]=Нов прозорец за поверително сърфиране -Name[bn_BD]=নতুন ব্যক্তিগত উইন্ডো -Name[bn_IN]=নতুন ব্যক্তিগত উইন্ডো -Name[br]=Prenestr merdeiñ prevez nevez -Name[brx]=गोदान प्राइभेट उइन्ड' -Name[bs]=Novi privatni prozor -Name[ca]=Finestra privada nova -Name[cak]=K'ak'a' ichinan tzuwäch -Name[cs]=Nové anonymní okno -Name[cy]=Ffenestr Breifat Newydd -Name[da]=Nyt privat vindue -Name[de]=Neues privates Fenster -Name[dsb]=Nowe priwatne wokno -Name[el]=Νέο παράθυρο ιδιωτικής περιήγησης -Name[en_GB]=New Private Window -Name[en_US]=New Private Window -Name[en_ZA]=New Private Window -Name[eo]=Nova privata fenestro -Name[es_AR]=Nueva ventana privada -Name[es_CL]=Nueva ventana privada -Name[es_ES]=Nueva ventana privada -Name[es_MX]=Nueva ventana privada -Name[et]=Uus privaatne aken -Name[eu]=Leiho pribatu berria -Name[fa]=پنجره ناشناس جدید -Name[ff]=Henorde Suturo Hesere -Name[fi]=Uusi yksityinen ikkuna -Name[fr]=Nouvelle fenêtre de navigation privée -Name[fy_NL]=Nij priveefinster -Name[ga_IE]=Fuinneog Nua Phríobháideach -Name[gd]=Uinneag phrìobhaideach ùr -Name[gl]=Nova xanela privada -Name[gn]=Ovetã ñemi pyahu -Name[gu_IN]=નવી ખાનગી વિન્ડો -Name[he]=חלון פרטי חדש -Name[hi_IN]=नयी निजी विंडो -Name[hr]=Novi privatni prozor -Name[hsb]=Nowe priwatne wokno -Name[hu]=Új privát ablak -Name[hy_AM]=Սկսել Գաղտնի դիտարկում -Name[id]=Jendela Mode Pribadi Baru -Name[is]=Nýr huliðsgluggi -Name[it]=Nuova finestra anonima -Name[ja]=新しいプライベートウィンドウ -Name[ja_JP-mac]=新規プライベートウインドウ -Name[ka]=ახალი პირადი ფანჯარა -Name[kk]=Жаңа жекелік терезе -Name[km]=បង្អួច​ឯកជន​ថ្មី -Name[kn]=ಹೊಸ ಖಾಸಗಿ ಕಿಟಕಿ -Name[ko]=새 사생활 보호 모드 -Name[kok]=नवो खाजगी विंडो -Name[ks]=نْو پرایوٹ وینڈو& -Name[lij]=Neuvo barcon privou -Name[lo]=ເປີດຫນ້າຕ່າງສວນຕົວຂື້ນມາໃຫມ່ -Name[lt]=Naujas privataus naršymo langas -Name[ltg]=Jauns privatais lūgs -Name[lv]=Jauns privātais logs -Name[mai]=नया निज विंडो (W) -Name[mk]=Нов приватен прозорец -Name[ml]=പുതിയ സ്വകാര്യ ജാലകം -Name[mr]=नवीन वैयक्तिक पटल -Name[ms]=Tetingkap Persendirian Baharu -Name[my]=New Private Window -Name[nb_NO]=Nytt privat vindu -Name[ne_NP]=नयाँ निजी सञ्झ्याल -Name[nl]=Nieuw privévenster -Name[nn_NO]=Nytt privat vindauge -Name[or]=ନୂତନ ବ୍ୟକ୍ତିଗତ ୱିଣ୍ଡୋ -Name[pa_IN]=ਨਵੀਂ ਪ੍ਰਾਈਵੇਟ ਵਿੰਡੋ -Name[pl]=Nowe okno prywatne -Name[pt_BR]=Nova janela privativa -Name[pt_PT]=Nova janela privada -Name[rm]=Nova fanestra privata -Name[ro]=Fereastră privată nouă -Name[ru]=Новое приватное окно -Name[sat]=नावा निजेराक् विंडो (W ) -Name[si]=නව පුද්ගලික කවුළුව (W) -Name[sk]=Nové okno v režime Súkromné prehliadanie -Name[sl]=Novo zasebno okno -Name[son]=Sutura zanfun taaga -Name[sq]=Dritare e Re Private -Name[sr]=Нови приватан прозор -Name[sv_SE]=Nytt privat fönster -Name[ta]=புதிய தனிப்பட்ட சாளரம் -Name[te]=కొత్త ఆంతరంగిక విండో -Name[th]=หน้าต่างส่วนตัวใหม่ -Name[tr]=Yeni gizli pencere -Name[tsz]=Juchiiti eraatarakua jimpani -Name[uk]=Приватне вікно -Name[ur]=نیا نجی دریچہ -Name[uz]=Yangi maxfiy oyna -Name[vi]=Cửa sổ riêng tư mới -Name[wo]=Panlanteeru biir bu bees -Name[xh]=Ifestile yangasese entsha -Name[zh_CN]=新建隐私浏览窗口 -Name[zh_TW]=新增隱私視窗 -Exec=@EXEC@ --private-window %u diff --git a/www-client/firefox/files/icon/firefox-r2.desktop b/www-client/firefox/files/icon/firefox-r2.desktop deleted file mode 100644 index 45d5f11ff..000000000 --- a/www-client/firefox/files/icon/firefox-r2.desktop +++ /dev/null @@ -1,236 +0,0 @@ -[Desktop Entry] -Version=1.0 -Name=@NAME@ -GenericName=Web Browser -Comment=Browse the Web -Exec=@EXEC@ %u -Icon=@ICON@ -Terminal=false -Type=Application -MimeType=application/pdf;application/vnd.mozilla.xul+xml;application/xhtml+xml;text/html;text/mml;text/xml;x-scheme-handler/ftp;x-scheme-handler/http;x-scheme-handler/https; -StartupNotify=true -Categories=Network;WebBrowser; -Keywords=web;browser;internet; -Actions=new-window;new-private-window;profile-manager-window; - -[Desktop Action new-window] -Name=Open a New Window -Name[ach]=Dirica manyen -Name[af]=Nuwe venster -Name[an]=Nueva finestra -Name[ar]=نافذة جديدة -Name[as]=নতুন উইন্ডো -Name[ast]=Ventana nueva -Name[az]=Yeni Pəncərə -Name[be]=Новае акно -Name[bg]=Нов прозорец -Name[bn_BD]=নতুন উইন্ডো (N) -Name[bn_IN]=নতুন উইন্ডো -Name[br]=Prenestr nevez -Name[brx]=गोदान उइन्ड'(N) -Name[bs]=Novi prozor -Name[ca]=Finestra nova -Name[cak]=K'ak'a' tzuwäch -Name[cs]=Nové okno -Name[cy]=Ffenestr Newydd -Name[da]=Nyt vindue -Name[de]=Neues Fenster -Name[dsb]=Nowe wokno -Name[el]=Νέο παράθυρο -Name[en_GB]=New Window -Name[en_US]=New Window -Name[en_ZA]=New Window -Name[eo]=Nova fenestro -Name[es_AR]=Nueva ventana -Name[es_CL]=Nueva ventana -Name[es_ES]=Nueva ventana -Name[es_MX]=Nueva ventana -Name[et]=Uus aken -Name[eu]=Leiho berria -Name[fa]=پنجره جدید‌ -Name[ff]=Henorde Hesere -Name[fi]=Uusi ikkuna -Name[fr]=Nouvelle fenêtre -Name[fy_NL]=Nij finster -Name[ga_IE]=Fuinneog Nua -Name[gd]=Uinneag ùr -Name[gl]=Nova xanela -Name[gn]=Ovetã pyahu -Name[gu_IN]=નવી વિન્ડો -Name[he]=חלון חדש -Name[hi_IN]=नया विंडो -Name[hr]=Novi prozor -Name[hsb]=Nowe wokno -Name[hu]=Új ablak -Name[hy_AM]=Նոր Պատուհան -Name[id]=Jendela Baru -Name[is]=Nýr gluggi -Name[it]=Nuova finestra -Name[ja]=新しいウィンドウ -Name[ja_JP-mac]=新規ウインドウ -Name[ka]=ახალი ფანჯარა -Name[kk]=Жаңа терезе -Name[km]=បង្អួច​​​ថ្មី -Name[kn]=ಹೊಸ ಕಿಟಕಿ -Name[ko]=새 창 -Name[kok]=नवें जनेल -Name[ks]=نئئ وِنڈو -Name[lij]=Neuvo barcon -Name[lo]=ຫນ້າຕ່າງໃຫມ່ -Name[lt]=Naujas langas -Name[ltg]=Jauns lūgs -Name[lv]=Jauns logs -Name[mai]=नव विंडो -Name[mk]=Нов прозорец -Name[ml]=പുതിയ ജാലകം -Name[mr]=नवीन पटल -Name[ms]=Tetingkap Baru -Name[my]=ဝင်းဒိုးအသစ် -Name[nb_NO]=Nytt vindu -Name[ne_NP]=नयाँ सञ्झ्याल -Name[nl]=Nieuw venster -Name[nn_NO]=Nytt vindauge -Name[or]=ନୂତନ ୱିଣ୍ଡୋ -Name[pa_IN]=ਨਵੀਂ ਵਿੰਡੋ -Name[pl]=Nowe okno -Name[pt_BR]=Nova janela -Name[pt_PT]=Nova janela -Name[rm]=Nova fanestra -Name[ro]=Fereastră nouă -Name[ru]=Новое окно -Name[sat]=नावा विंडो (N) -Name[si]=නව කවුළුවක් -Name[sk]=Nové okno -Name[sl]=Novo okno -Name[son]=Zanfun taaga -Name[sq]=Dritare e Re -Name[sr]=Нови прозор -Name[sv_SE]=Nytt fönster -Name[ta]=புதிய சாளரம் -Name[te]=కొత్త విండో -Name[th]=หน้าต่างใหม่ -Name[tr]=Yeni pencere -Name[tsz]=Eraatarakua jimpani -Name[uk]=Нове вікно -Name[ur]=نیا دریچہ -Name[uz]=Yangi oyna -Name[vi]=Cửa sổ mới -Name[wo]=Palanteer bu bees -Name[xh]=Ifestile entsha -Name[zh_CN]=新建窗口 -Name[zh_TW]=開新視窗 -Exec=@EXEC@ --new-window %u - -[Desktop Action new-private-window] -Name=Open a New Private Window -Name[ach]=Dirica manyen me mung -Name[af]=Nuwe privaatvenster -Name[an]=Nueva finestra privada -Name[ar]=نافذة خاصة جديدة -Name[as]=নতুন ব্যক্তিগত উইন্ডো -Name[ast]=Ventana privada nueva -Name[az]=Yeni Məxfi Pəncərə -Name[be]=Новае акно адасаблення -Name[bg]=Нов прозорец за поверително сърфиране -Name[bn_BD]=নতুন ব্যক্তিগত উইন্ডো -Name[bn_IN]=নতুন ব্যক্তিগত উইন্ডো -Name[br]=Prenestr merdeiñ prevez nevez -Name[brx]=गोदान प्राइभेट उइन्ड' -Name[bs]=Novi privatni prozor -Name[ca]=Finestra privada nova -Name[cak]=K'ak'a' ichinan tzuwäch -Name[cs]=Nové anonymní okno -Name[cy]=Ffenestr Breifat Newydd -Name[da]=Nyt privat vindue -Name[de]=Neues privates Fenster -Name[dsb]=Nowe priwatne wokno -Name[el]=Νέο παράθυρο ιδιωτικής περιήγησης -Name[en_GB]=New Private Window -Name[en_US]=New Private Window -Name[en_ZA]=New Private Window -Name[eo]=Nova privata fenestro -Name[es_AR]=Nueva ventana privada -Name[es_CL]=Nueva ventana privada -Name[es_ES]=Nueva ventana privada -Name[es_MX]=Nueva ventana privada -Name[et]=Uus privaatne aken -Name[eu]=Leiho pribatu berria -Name[fa]=پنجره ناشناس جدید -Name[ff]=Henorde Suturo Hesere -Name[fi]=Uusi yksityinen ikkuna -Name[fr]=Nouvelle fenêtre de navigation privée -Name[fy_NL]=Nij priveefinster -Name[ga_IE]=Fuinneog Nua Phríobháideach -Name[gd]=Uinneag phrìobhaideach ùr -Name[gl]=Nova xanela privada -Name[gn]=Ovetã ñemi pyahu -Name[gu_IN]=નવી ખાનગી વિન્ડો -Name[he]=חלון פרטי חדש -Name[hi_IN]=नयी निजी विंडो -Name[hr]=Novi privatni prozor -Name[hsb]=Nowe priwatne wokno -Name[hu]=Új privát ablak -Name[hy_AM]=Սկսել Գաղտնի դիտարկում -Name[id]=Jendela Mode Pribadi Baru -Name[is]=Nýr huliðsgluggi -Name[it]=Nuova finestra anonima -Name[ja]=新しいプライベートウィンドウ -Name[ja_JP-mac]=新規プライベートウインドウ -Name[ka]=ახალი პირადი ფანჯარა -Name[kk]=Жаңа жекелік терезе -Name[km]=បង្អួច​ឯកជន​ថ្មី -Name[kn]=ಹೊಸ ಖಾಸಗಿ ಕಿಟಕಿ -Name[ko]=새 사생활 보호 모드 -Name[kok]=नवो खाजगी विंडो -Name[ks]=نْو پرایوٹ وینڈو& -Name[lij]=Neuvo barcon privou -Name[lo]=ເປີດຫນ້າຕ່າງສວນຕົວຂື້ນມາໃຫມ່ -Name[lt]=Naujas privataus naršymo langas -Name[ltg]=Jauns privatais lūgs -Name[lv]=Jauns privātais logs -Name[mai]=नया निज विंडो (W) -Name[mk]=Нов приватен прозорец -Name[ml]=പുതിയ സ്വകാര്യ ജാലകം -Name[mr]=नवीन वैयक्तिक पटल -Name[ms]=Tetingkap Persendirian Baharu -Name[my]=New Private Window -Name[nb_NO]=Nytt privat vindu -Name[ne_NP]=नयाँ निजी सञ्झ्याल -Name[nl]=Nieuw privévenster -Name[nn_NO]=Nytt privat vindauge -Name[or]=ନୂତନ ବ୍ୟକ୍ତିଗତ ୱିଣ୍ଡୋ -Name[pa_IN]=ਨਵੀਂ ਪ੍ਰਾਈਵੇਟ ਵਿੰਡੋ -Name[pl]=Nowe okno prywatne -Name[pt_BR]=Nova janela privativa -Name[pt_PT]=Nova janela privada -Name[rm]=Nova fanestra privata -Name[ro]=Fereastră privată nouă -Name[ru]=Новое приватное окно -Name[sat]=नावा निजेराक् विंडो (W ) -Name[si]=නව පුද්ගලික කවුළුව (W) -Name[sk]=Nové okno v režime Súkromné prehliadanie -Name[sl]=Novo zasebno okno -Name[son]=Sutura zanfun taaga -Name[sq]=Dritare e Re Private -Name[sr]=Нови приватан прозор -Name[sv_SE]=Nytt privat fönster -Name[ta]=புதிய தனிப்பட்ட சாளரம் -Name[te]=కొత్త ఆంతరంగిక విండో -Name[th]=หน้าต่างส่วนตัวใหม่ -Name[tr]=Yeni gizli pencere -Name[tsz]=Juchiiti eraatarakua jimpani -Name[uk]=Приватне вікно -Name[ur]=نیا نجی دریچہ -Name[uz]=Yangi maxfiy oyna -Name[vi]=Cửa sổ riêng tư mới -Name[wo]=Panlanteeru biir bu bees -Name[xh]=Ifestile yangasese entsha -Name[zh_CN]=新建隐私浏览窗口 -Name[zh_TW]=新增隱私視窗 -Exec=@EXEC@ --private-window %u - -[Desktop Action profile-manager-window] -Name=Open the Profile Manager -Name[de]=Profilverwaltung öffnen -Name[cs]=Správa profilů -Exec=@EXEC@ --ProfileManager diff --git a/www-client/firefox/files/icon/firefox.desktop b/www-client/firefox/files/icon/firefox.desktop deleted file mode 100644 index 1affce8f5..000000000 --- a/www-client/firefox/files/icon/firefox.desktop +++ /dev/null @@ -1,10 +0,0 @@ -[Desktop Entry] -Name=@NAME@ -Comment=Web Browser -Exec=firefox %u -Icon=@ICON@ -Terminal=false -Type=Application -MimeType=text/html;text/xml;application/xhtml+xml;application/vnd.mozilla.xul+xml;text/mml;x-scheme-handler/http;x-scheme-handler/https; -Categories=Network;WebBrowser; - diff --git a/www-client/firefox/firefox-78.0.2.ebuild b/www-client/firefox/firefox-78.0.2.ebuild deleted file mode 100644 index db0db9940..000000000 --- a/www-client/firefox/firefox-78.0.2.ebuild +++ /dev/null @@ -1,921 +0,0 @@ -# Copyright 1999-2020 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -EAPI="6" -VIRTUALX_REQUIRED="pgo" -WANT_AUTOCONF="2.1" -MOZ_ESR="" - -PYTHON_COMPAT=( python3_{6,7,8,9} ) -PYTHON_REQ_USE='ncurses,sqlite,ssl,threads(+)' - -# This list can be updated with scripts/get_langs.sh from the mozilla overlay -MOZ_LANGS=( ach af an ar ast az be bg bn br bs ca cak cs cy da de dsb -el en en-CA en-GB en-US eo es-AR es-CL es-ES es-MX et eu fa ff fi fr -fy-NL ga-IE gd gl gn gu-IN he hi-IN hr hsb hu hy-AM ia id is it ja ka -kab kk km kn ko lij lt lv mk mr ms my nb-NO nl nn-NO oc pa-IN pl pt-BR -pt-PT rm ro ru si sk sl son sq sr sv-SE ta te th tr uk ur uz vi xh -zh-CN zh-TW ) - -# Convert the ebuild version to the upstream mozilla version, used by mozlinguas -MOZ_PV="${PV/_alpha/a}" # Handle alpha for SRC_URI -MOZ_PV="${MOZ_PV/_beta/b}" # Handle beta for SRC_URI -MOZ_PV="${MOZ_PV%%_rc*}" # Handle rc for SRC_URI - -if [[ ${MOZ_ESR} == 1 ]] ; then - # ESR releases have slightly different version numbers - MOZ_PV="${MOZ_PV}esr" -fi - -# Patch version -PATCH="${PN}-78.0-patches-05" - -MOZ_HTTP_URI="https://archive.mozilla.org/pub/${PN}/releases" -MOZ_SRC_URI="${MOZ_HTTP_URI}/${MOZ_PV}/source/${PN}-${MOZ_PV}.source.tar.xz" - -if [[ "${PV}" == *_rc* ]]; then - MOZ_HTTP_URI="https://archive.mozilla.org/pub/${PN}/candidates/${MOZ_PV}-candidates/build${PV##*_rc}" - MOZ_LANGPACK_PREFIX="linux-i686/xpi/" - MOZ_SRC_URI="${MOZ_HTTP_URI}/source/${PN}-${MOZ_PV}.source.tar.xz -> $P.tar.xz" -fi - -LLVM_MAX_SLOT=10 - -inherit check-reqs eapi7-ver flag-o-matic toolchain-funcs eutils \ - gnome2-utils llvm mozcoreconf-v6 pax-utils xdg-utils \ - autotools mozlinguas-v2 multiprocessing virtualx - -DESCRIPTION="Firefox Web Browser" -HOMEPAGE="https://www.mozilla.com/firefox" - -KEYWORDS="~amd64 ~arm64 ~ppc64 ~x86" - -SLOT="0" -LICENSE="MPL-2.0 GPL-2 LGPL-2.1" -IUSE="bindist clang cpu_flags_x86_avx2 debug eme-free geckodriver - +gmp-autoupdate hardened hwaccel jack lto cpu_flags_arm_neon - +openh264 pgo pulseaudio screencast +screenshot selinux +system-av1 - +system-harfbuzz +system-icu +system-jpeg +system-libevent - +system-libvpx +system-webp test wayland wifi" - -REQUIRED_USE="pgo? ( lto )" - -RESTRICT="!bindist? ( bindist ) - !test? ( test )" - -PATCH_URIS=( https://dev.gentoo.org/~{whissi,polynomial-c,axs}/mozilla/patchsets/${PATCH}.tar.xz ) -SRC_URI="${SRC_URI} - ${MOZ_SRC_URI} - ${PATCH_URIS[@]}" - -CDEPEND=" - >=dev-libs/nss-3.53.1 - >=dev-libs/nspr-4.25 - dev-libs/atk - dev-libs/expat - >=x11-libs/cairo-1.10[X] - >=x11-libs/gtk+-2.18:2 - >=x11-libs/gtk+-3.4.0:3[X] - x11-libs/gdk-pixbuf - >=x11-libs/pango-1.22.0 - >=media-libs/libpng-1.6.35:0=[apng] - >=media-libs/mesa-10.2:* - media-libs/fontconfig - >=media-libs/freetype-2.4.10 - kernel_linux? ( !pulseaudio? ( media-libs/alsa-lib ) ) - virtual/freedesktop-icon-theme - sys-apps/dbus - dev-libs/dbus-glib - >=x11-libs/pixman-0.19.2 - >=dev-libs/glib-2.26:2 - >=sys-libs/zlib-1.2.3 - >=dev-libs/libffi-3.0.10:= - media-video/ffmpeg - x11-libs/libX11 - x11-libs/libXcomposite - x11-libs/libXdamage - x11-libs/libXext - x11-libs/libXfixes - x11-libs/libXrender - x11-libs/libXt - screencast? ( media-video/pipewire:0/0.3 ) - system-av1? ( - >=media-libs/dav1d-0.3.0:= - >=media-libs/libaom-1.0.0:= - ) - system-harfbuzz? ( - >=media-libs/harfbuzz-2.6.4:0= - >=media-gfx/graphite2-1.3.13 - ) - system-icu? ( >=dev-libs/icu-67.1:= ) - system-jpeg? ( >=media-libs/libjpeg-turbo-1.2.1 ) - system-libevent? ( >=dev-libs/libevent-2.0:0=[threads] ) - system-libvpx? ( >=media-libs/libvpx-1.8.2:0=[postproc] ) - system-webp? ( >=media-libs/libwebp-1.1.0:0= ) - wifi? ( - kernel_linux? ( - net-misc/networkmanager - ) - ) - jack? ( virtual/jack ) - selinux? ( sec-policy/selinux-mozilla )" - -RDEPEND="${CDEPEND} - jack? ( virtual/jack ) - openh264? ( media-libs/openh264:*[plugin] ) - pulseaudio? ( - || ( - media-sound/pulseaudio - >=media-sound/apulse-0.1.12-r4 - ) - ) - selinux? ( sec-policy/selinux-mozilla )" - -DEPEND="${CDEPEND} - app-arch/zip - app-arch/unzip - >=dev-util/cbindgen-0.14.1 - >=net-libs/nodejs-10.19.0 - >=sys-devel/binutils-2.30 - sys-apps/findutils - virtual/pkgconfig - >=virtual/rust-1.41.0 - || ( - ( - sys-devel/clang:10 - !clang? ( sys-devel/llvm:10 ) - clang? ( - =sys-devel/lld-10* - sys-devel/llvm:10[gold] - pgo? ( =sys-libs/compiler-rt-sanitizers-10*[profile] ) - ) - ) - ( - sys-devel/clang:9 - !clang? ( sys-devel/llvm:9 ) - clang? ( - =sys-devel/lld-9* - sys-devel/llvm:9[gold] - pgo? ( =sys-libs/compiler-rt-sanitizers-9*[profile] ) - ) - ) - ( - sys-devel/clang:8 - !clang? ( sys-devel/llvm:8 ) - clang? ( - =sys-devel/lld-8* - sys-devel/llvm:8[gold] - pgo? ( =sys-libs/compiler-rt-sanitizers-8*[profile] ) - ) - ) - ( - sys-devel/clang:7 - !clang? ( sys-devel/llvm:7 ) - clang? ( - =sys-devel/lld-7* - sys-devel/llvm:7[gold] - pgo? ( =sys-libs/compiler-rt-sanitizers-7*[profile] ) - ) - ) - ) - pulseaudio? ( - || ( - media-sound/pulseaudio - >=media-sound/apulse-0.1.12-r4[sdk] - ) - ) - wayland? ( >=x11-libs/gtk+-3.11:3[wayland] ) - amd64? ( >=dev-lang/yasm-1.1 virtual/opengl ) - x86? ( >=dev-lang/yasm-1.1 virtual/opengl ) - !system-av1? ( - amd64? ( >=dev-lang/nasm-2.13 ) - x86? ( >=dev-lang/nasm-2.13 ) - )" - -S="${WORKDIR}/firefox-${PV%_*}" - -BUILD_OBJ_DIR="${S}/ff" - -# allow GMP_PLUGIN_LIST to be set in an eclass or -# overridden in the enviromnent (advanced hackers only) -if [[ -z $GMP_PLUGIN_LIST ]] ; then - GMP_PLUGIN_LIST=( gmp-gmpopenh264 gmp-widevinecdm ) -fi - -llvm_check_deps() { - if ! has_version --host-root "sys-devel/clang:${LLVM_SLOT}" ; then - ewarn "sys-devel/clang:${LLVM_SLOT} is missing! Cannot use LLVM slot ${LLVM_SLOT} ..." >&2 - return 1 - fi - - if use clang ; then - if ! has_version --host-root "=sys-devel/lld-${LLVM_SLOT}*" ; then - ewarn "=sys-devel/lld-${LLVM_SLOT}* is missing! Cannot use LLVM slot ${LLVM_SLOT} ..." >&2 - return 1 - fi - - if use pgo ; then - if ! has_version --host-root "=sys-libs/compiler-rt-sanitizers-${LLVM_SLOT}*" ; then - ewarn "=sys-libs/compiler-rt-sanitizers-${LLVM_SLOT}* is missing! Cannot use LLVM slot ${LLVM_SLOT} ..." >&2 - return 1 - fi - fi - fi - - einfo "Will use LLVM slot ${LLVM_SLOT}!" >&2 -} - -pkg_pretend() { - if use pgo ; then - if ! has usersandbox $FEATURES ; then - die "You must enable usersandbox as X server can not run as root!" - fi - fi - - # Ensure we have enough disk space to compile - if use pgo || use lto || use debug || use test ; then - CHECKREQS_DISK_BUILD="10G" - else - CHECKREQS_DISK_BUILD="5G" - fi - - check-reqs_pkg_pretend -} - -pkg_setup() { - moz_pkgsetup - - # Ensure we have enough disk space to compile - if use pgo || use lto || use debug || use test ; then - CHECKREQS_DISK_BUILD="10G" - else - CHECKREQS_DISK_BUILD="5G" - fi - - check-reqs_pkg_setup - - # Avoid PGO profiling problems due to enviroment leakage - # These should *always* be cleaned up anyway - unset DBUS_SESSION_BUS_ADDRESS \ - DISPLAY \ - ORBIT_SOCKETDIR \ - SESSION_MANAGER \ - XDG_CACHE_HOME \ - XDG_SESSION_COOKIE \ - XAUTHORITY - - if ! use bindist ; then - einfo - elog "You are enabling official branding. You may not redistribute this build" - elog "to any users on your network or the internet. Doing so puts yourself into" - elog "a legal problem with Mozilla Foundation." - elog "You can disable it by emerging ${PN} _with_ the bindist USE-flag." - fi - - addpredict /proc/self/oom_score_adj - - llvm_pkg_setup -} - -src_unpack() { - default - - # Unpack language packs - mozlinguas_src_unpack -} - -src_prepare() { - eapply "${WORKDIR}/firefox" - - # Make LTO respect MAKEOPTS - sed -i \ - -e "s/multiprocessing.cpu_count()/$(makeopts_jobs)/" \ - "${S}"/build/moz.configure/lto-pgo.configure \ - || die "sed failed to set num_cores" - - # Make ICU respect MAKEOPTS - sed -i \ - -e "s/multiprocessing.cpu_count()/$(makeopts_jobs)/" \ - "${S}"/intl/icu_sources_data.py \ - || die "sed failed to set num_cores" - - # sed-in toolchain prefix - sed -i \ - -e "s/objdump/${CHOST}-objdump/" \ - "${S}"/python/mozbuild/mozbuild/configure/check_debug_ranges.py \ - || die "sed failed to set toolchain prefix" - - # Allow user to apply any additional patches without modifing ebuild - eapply_user - - einfo "Removing pre-built binaries ..." - find "${S}"/third_party -type f \( -name '*.so' -o -name '*.o' \) -print -delete || die - - # Enable gnomebreakpad - if use debug ; then - sed -i -e "s:GNOME_DISABLE_CRASH_DIALOG=1:GNOME_DISABLE_CRASH_DIALOG=0:g" \ - "${S}"/build/unix/run-mozilla.sh || die "sed failed!" - fi - - # Drop -Wl,--as-needed related manipulation for ia64 as it causes ld sefgaults, bug #582432 - if use ia64 ; then - sed -i \ - -e '/^OS_LIBS += no_as_needed/d' \ - -e '/^OS_LIBS += as_needed/d' \ - "${S}"/widget/gtk/mozgtk/gtk2/moz.build \ - "${S}"/widget/gtk/mozgtk/gtk3/moz.build \ - || die "sed failed to drop --as-needed for ia64" - fi - - # Fix sandbox violations during make clean, bug 372817 - sed -e "s:\(/no-such-file\):${T}\1:g" \ - -i "${S}"/config/rules.mk \ - -i "${S}"/nsprpub/configure{.in,} \ - || die - - # Don't exit with error when some libs are missing which we have in - # system. - sed '/^MOZ_PKG_FATAL_WARNINGS/s@= 1@= 0@' \ - -i "${S}"/browser/installer/Makefile.in || die - - # Don't error out when there's no files to be removed: - sed 's@\(xargs rm\)$@\1 -f@' \ - -i "${S}"/toolkit/mozapps/installer/packager.mk || die - - # Keep codebase the same even if not using official branding - sed '/^MOZ_DEV_EDITION=1/d' \ - -i "${S}"/browser/branding/aurora/configure.sh || die - - # rustfmt, a tool to format Rust code, is optional and not required to build Firefox. - # However, when available, an unsupported version can cause problems, bug #669548 - sed -i -e "s@check_prog('RUSTFMT', add_rustup_path('rustfmt')@check_prog('RUSTFMT', add_rustup_path('rustfmt_do_not_use')@" \ - "${S}"/build/moz.configure/rust.configure || die - - # Autotools configure is now called old-configure.in - # This works because there is still a configure.in that happens to be for the - # shell wrapper configure script - eautoreconf old-configure.in - - # Must run autoconf in js/src - cd "${S}"/js/src || die - eautoconf old-configure.in - - # Clear checksums that present a problem - sed -i 's/\("files":{\)[^}]*/\1/' "${S}"/third_party/rust/target-lexicon-0.9.0/.cargo-checksum.json || die -} - -src_configure() { - MEXTENSIONS="default" - # Google API keys (see http://www.chromium.org/developers/how-tos/api-keys) - # Note: These are for Gentoo Linux use ONLY. For your own distribution, please - # get your own set of keys. - _google_api_key=AIzaSyDEAOvatFo0eTgsV_ZlEzx0ObmepsMzfAc - - # Add information about TERM to output (build.log) to aid debugging - # blessings problems - if [[ -n "${TERM}" ]] ; then - einfo "TERM is set to: \"${TERM}\"" - else - einfo "TERM is unset." - fi - - if use clang && ! tc-is-clang ; then - # Force clang - einfo "Enforcing the use of clang due to USE=clang ..." - CC=${CHOST}-clang - CXX=${CHOST}-clang++ - strip-unsupported-flags - elif ! use clang && ! tc-is-gcc ; then - # Force gcc - einfo "Enforcing the use of gcc due to USE=-clang ..." - CC=${CHOST}-gcc - CXX=${CHOST}-g++ - strip-unsupported-flags - fi - - #################################### - # - # mozconfig, CFLAGS and CXXFLAGS setup - # - #################################### - - mozconfig_init - # common config components - mozconfig_annotate 'system_libs' \ - --with-system-zlib - - # Must pass release in order to properly select linker - mozconfig_annotate 'Enable by Gentoo' --enable-release - - # libclang.so is not properly detected work around issue - mozconfig_annotate '' --with-libclang-path="$(llvm-config --libdir)" - - if use pgo ; then - if ! has userpriv $FEATURES ; then - eerror "Building firefox with USE=pgo and FEATURES=-userpriv is not supported!" - fi - fi - - # Don't let user's LTO flags clash with upstream's flags - filter-flags -flto* - - if use lto ; then - local show_old_compiler_warning= - - if use clang ; then - # At this stage CC is adjusted and the following check will - # will work - if [[ $(clang-major-version) -lt 7 ]] ; then - show_old_compiler_warning=1 - fi - - # Upstream only supports lld when using clang - mozconfig_annotate "forcing ld=lld due to USE=clang and USE=lto" --enable-linker=lld - else - if [[ $(gcc-major-version) -lt 8 ]] ; then - show_old_compiler_warning=1 - fi - - if ! use cpu_flags_x86_avx2 ; then - local _gcc_version_with_ipa_cdtor_fix="8.3" - local _current_gcc_version="$(gcc-major-version).$(gcc-minor-version)" - - if ver_test "${_current_gcc_version}" -lt "${_gcc_version_with_ipa_cdtor_fix}" ; then - # due to a GCC bug, GCC will produce AVX2 instructions - # even if the CPU doesn't support AVX2, https://gcc.gnu.org/ml/gcc-patches/2018-12/msg01142.html - einfo "Disable IPA cdtor due to bug in GCC and missing AVX2 support -- triggered by USE=lto" - append-ldflags -fdisable-ipa-cdtor - else - einfo "No GCC workaround required, GCC version is already patched!" - fi - else - einfo "No GCC workaround required, system supports AVX2" - fi - - # Linking only works when using ld.gold when LTO is enabled - mozconfig_annotate "forcing ld=gold due to USE=lto" --enable-linker=gold - fi - - if [[ -n "${show_old_compiler_warning}" ]] ; then - # Checking compiler's major version uses CC variable. Because we allow - # user to control used compiler via USE=clang flag, we cannot use - # initial value. So this is the earliest stage where we can do this check - # because pkg_pretend is not called in the main phase function sequence - # environment saving is not guaranteed so we don't know if we will have - # correct compiler until now. - ewarn "" - ewarn "USE=lto requires up-to-date compiler (>=gcc-8 or >=clang-7)." - ewarn "You are on your own -- expect build failures. Don't file bugs using that unsupported configuration!" - ewarn "" - sleep 5 - fi - - mozconfig_annotate '+lto' --enable-lto=thin - - if use pgo ; then - mozconfig_annotate '+pgo' MOZ_PGO=1 - fi - else - # Avoid auto-magic on linker - if use clang ; then - # This is upstream's default - mozconfig_annotate "forcing ld=lld due to USE=clang" --enable-linker=lld - elif tc-ld-is-gold ; then - mozconfig_annotate "linker is set to gold" --enable-linker=gold - else - mozconfig_annotate "linker is set to bfd" --enable-linker=bfd - fi - fi - - # It doesn't compile on alpha without this LDFLAGS - use alpha && append-ldflags "-Wl,--no-relax" - - # Add full relro support for hardened - use hardened && append-ldflags "-Wl,-z,now" - - # Modifications to better support ARM, bug 553364 - if use cpu_flags_arm_neon ; then - mozconfig_annotate '' --with-fpu=neon - - if ! tc-is-clang ; then - # thumb options aren't supported when using clang, bug 666966 - mozconfig_annotate '' --with-thumb=yes - mozconfig_annotate '' --with-thumb-interwork=no - fi - fi - - if [[ ${CHOST} == armv*h* ]] ; then - mozconfig_annotate '' --with-float-abi=hard - if ! use system-libvpx ; then - sed -i -e "s|softfp|hard|" \ - "${S}"/media/libvpx/moz.build - fi - fi - - mozconfig_use_enable !bindist official-branding - - mozconfig_use_enable debug - mozconfig_use_enable debug tests - if ! use debug ; then - mozconfig_annotate 'disabled by Gentoo' --disable-debug-symbols - else - mozconfig_annotate 'enabled by Gentoo' --enable-debug-symbols - fi - # These are enabled by default in all mozilla applications - mozconfig_annotate '' --with-system-nspr - mozconfig_annotate '' --with-system-nss - mozconfig_annotate '' --x-includes="${SYSROOT}${EPREFIX}"/usr/include \ - --x-libraries="${SYSROOT}${EPREFIX}"/usr/$(get_libdir) - mozconfig_annotate '' --prefix="${EPREFIX}"/usr - mozconfig_annotate '' --libdir="${EPREFIX}"/usr/$(get_libdir) - mozconfig_annotate '' --disable-crashreporter - mozconfig_annotate 'Gentoo default' --with-system-png - mozconfig_annotate '' --enable-system-ffi - mozconfig_annotate '' --with-intl-api - mozconfig_annotate '' --enable-system-pixman - # Instead of the standard --build= and --host=, mozilla uses --host instead - # of --build, and --target intstead of --host. - # Note, mozilla also has --build but it does not do what you think it does. - # Set both --target and --host as mozilla uses python to guess values otherwise - mozconfig_annotate '' --target="${CHOST}" - mozconfig_annotate '' --host="${CBUILD:-${CHOST}}" - mozconfig_annotate '' --with-toolchain-prefix="${CHOST}-" - if use system-libevent ; then - mozconfig_annotate '' --with-system-libevent="${SYSROOT}${EPREFIX}"/usr - fi - - if ! use x86 && [[ ${CHOST} != armv*h* ]] ; then - mozconfig_annotate '' --enable-rust-simd - fi - - # use the gtk3 toolkit (the only one supported at this point) - # TODO: Will this result in automagic dependency on x11-libs/gtk+[wayland]? - if use wayland ; then - mozconfig_annotate '' --enable-default-toolkit=cairo-gtk3-wayland - else - mozconfig_annotate '' --enable-default-toolkit=cairo-gtk3 - fi - - mozconfig_use_with system-av1 - mozconfig_use_with system-harfbuzz - mozconfig_use_with system-harfbuzz system-graphite2 - mozconfig_use_with system-icu - mozconfig_use_with system-jpeg - mozconfig_use_with system-libvpx - mozconfig_use_with system-webp - mozconfig_use_enable pulseaudio - # force the deprecated alsa sound code if pulseaudio is disabled - if use kernel_linux && ! use pulseaudio ; then - mozconfig_annotate '-pulseaudio' --enable-alsa - fi - - # Disable built-in ccache support to avoid sandbox violation, #665420 - # Use FEATURES=ccache instead! - mozconfig_annotate '' --without-ccache - sed -i -e 's/ccache_stats = None/return None/' \ - python/mozbuild/mozbuild/controller/building.py || \ - die "Failed to disable ccache stats call" - - mozconfig_use_enable wifi necko-wifi - - mozconfig_use_enable geckodriver - - # enable JACK, bug 600002 - mozconfig_use_enable jack - - mozconfig_use_enable screencast pipewire - - # Enable/Disable eme support - use eme-free && mozconfig_annotate '+eme-free' --disable-eme - - # Setup api key for location services and safebrowsing, https://bugzilla.mozilla.org/show_bug.cgi?id=1531176#c34 - echo -n "${_google_api_key}" > "${S}"/google-api-key - mozconfig_annotate '' --with-google-location-service-api-keyfile="${S}/google-api-key" - mozconfig_annotate '' --with-google-safebrowsing-api-keyfile="${S}/google-api-key" - - mozconfig_annotate '' --enable-extensions="${MEXTENSIONS}" - - # allow elfhack to work in combination with unstripped binaries - # when they would normally be larger than 2GiB. - append-ldflags "-Wl,--compress-debug-sections=zlib" - - if use clang ; then - # https://bugzilla.mozilla.org/show_bug.cgi?id=1482204 - # https://bugzilla.mozilla.org/show_bug.cgi?id=1483822 - # toolkit/moz.configure Elfhack section: target.cpu in ('arm', 'x86', 'x86_64') - local disable_elf_hack= - if use amd64 ; then - disable_elf_hack=yes - elif use x86 ; then - disable_elf_hack=yes - elif use arm ; then - disable_elf_hack=yes - fi - - if [[ -n ${disable_elf_hack} ]] ; then - mozconfig_annotate 'elf-hack is broken when using Clang' --disable-elf-hack - fi - fi - - echo "mk_add_options MOZ_OBJDIR=${BUILD_OBJ_DIR}" >> "${S}"/.mozconfig - echo "mk_add_options XARGS=/usr/bin/xargs" >> "${S}"/.mozconfig - - # Finalize and report settings - mozconfig_final - - mkdir -p "${S}"/third_party/rust/libloading/.deps - - # workaround for funky/broken upstream configure... - SHELL="${SHELL:-${EPREFIX}/bin/bash}" MOZ_NOSPAM=1 \ - ./mach configure || die -} - -src_compile() { - local _virtx= - if use pgo ; then - _virtx=virtx - - # Reset and cleanup environment variables used by GNOME/XDG - gnome2_environment_reset - - addpredict /root - fi - - GDK_BACKEND=x11 \ - MOZ_MAKE_FLAGS="${MAKEOPTS} -O" \ - SHELL="${SHELL:-${EPREFIX}/bin/bash}" \ - MOZ_NOSPAM=1 \ - ${_virtx} \ - ./mach build --verbose \ - || die -} - -src_install() { - cd "${BUILD_OBJ_DIR}" || die - - # Pax mark xpcshell for hardened support, only used for startupcache creation. - pax-mark m "${BUILD_OBJ_DIR}"/dist/bin/xpcshell - - # Add our default prefs for firefox - cp "${FILESDIR}"/gentoo-default-prefs.js-3 \ - "${BUILD_OBJ_DIR}/dist/bin/browser/defaults/preferences/all-gentoo.js" \ - || die - - # set dictionary path, to use system hunspell - echo "pref(\"spellchecker.dictionary_path\", \"${EPREFIX}/usr/share/myspell\");" \ - >>"${BUILD_OBJ_DIR}/dist/bin/browser/defaults/preferences/all-gentoo.js" || die - - # force the graphite pref if system-harfbuzz is enabled, since the pref cant disable it - if use system-harfbuzz ; then - echo "sticky_pref(\"gfx.font_rendering.graphite.enabled\",true);" \ - >>"${BUILD_OBJ_DIR}/dist/bin/browser/defaults/preferences/all-gentoo.js" || die - fi - - # force cairo as the canvas renderer on platforms without skia support - if [[ $(tc-endian) == "big" ]] ; then - echo "sticky_pref(\"gfx.canvas.azure.backends\",\"cairo\");" \ - >>"${BUILD_OBJ_DIR}/dist/bin/browser/defaults/preferences/all-gentoo.js" || die - echo "sticky_pref(\"gfx.content.azure.backends\",\"cairo\");" \ - >>"${BUILD_OBJ_DIR}/dist/bin/browser/defaults/preferences/all-gentoo.js" || die - fi - - # Augment this with hwaccel prefs - if use hwaccel ; then - cat "${FILESDIR}"/gentoo-hwaccel-prefs.js-1 >> \ - "${BUILD_OBJ_DIR}/dist/bin/browser/defaults/preferences/all-gentoo.js" \ - || die - fi - - if ! use screenshot ; then - echo "pref(\"extensions.screenshots.disabled\", true);" >> \ - "${BUILD_OBJ_DIR}/dist/bin/browser/defaults/preferences/all-gentoo.js" \ - || die - fi - - echo "pref(\"extensions.autoDisableScopes\", 3);" >> \ - "${BUILD_OBJ_DIR}/dist/bin/browser/defaults/preferences/all-gentoo.js" \ - || die - - if ! use gmp-autoupdate ; then - local plugin - for plugin in "${GMP_PLUGIN_LIST[@]}" ; do - echo "pref(\"media.${plugin}.autoupdate\", false);" >> \ - "${BUILD_OBJ_DIR}/dist/bin/browser/defaults/preferences/all-gentoo.js" \ - || die - done - fi - - cd "${S}" - MOZ_MAKE_FLAGS="${MAKEOPTS}" SHELL="${SHELL:-${EPREFIX}/bin/bash}" MOZ_NOSPAM=1 \ - DESTDIR="${D}" ./mach install || die - - if use geckodriver ; then - cp "${BUILD_OBJ_DIR}"/dist/bin/geckodriver "${ED%/}"${MOZILLA_FIVE_HOME} || die - pax-mark m "${ED%/}"${MOZILLA_FIVE_HOME}/geckodriver - - dosym ${MOZILLA_FIVE_HOME}/geckodriver /usr/bin/geckodriver - fi - - # Install language packs - MOZEXTENSION_TARGET="distribution/extensions" MOZ_INSTALL_L10N_XPIFILE="1" mozlinguas_src_install - - local size sizes icon_path icon name - if use bindist ; then - sizes="16 32 48" - icon_path="${S}/browser/branding/aurora" - # Firefox's new rapid release cycle means no more codenames - # Let's just stick with this one... - icon="aurora" - name="Aurora" - - # Override preferences to set the MOZ_DEV_EDITION defaults, since we - # don't define MOZ_DEV_EDITION to avoid profile debaucles. - # (source: browser/app/profile/firefox.js) - cat >>"${BUILD_OBJ_DIR}/dist/bin/browser/defaults/preferences/all-gentoo.js" <=media-sound/apulse-0.1.12-r4" ; then - einfo "APULSE found - Generating library symlinks for sound support" - local lib - pushd "${ED}"${MOZILLA_FIVE_HOME} &>/dev/null || die - for lib in ../apulse/libpulse{.so{,.0},-simple.so{,.0}} ; do - # a quickpkg rolled by hand will grab symlinks as part of the package, - # so we need to avoid creating them if they already exist. - if [[ ! -L ${lib##*/} ]] ; then - ln -s "${lib}" ${lib##*/} || die - fi - done - popd &>/dev/null || die - fi -} - -pkg_postinst() { - xdg_desktop_database_update - xdg_icon_cache_update - - if ! use gmp-autoupdate ; then - elog "USE='-gmp-autoupdate' has disabled the following plugins from updating or" - elog "installing into new profiles:" - local plugin - for plugin in "${GMP_PLUGIN_LIST[@]}" ; do - elog "\t ${plugin}" - done - elog - fi - - if use pulseaudio && has_version ">=media-sound/apulse-0.1.12-r4" ; then - elog "Apulse was detected at merge time on this system and so it will always be" - elog "used for sound. If you wish to use pulseaudio instead please unmerge" - elog "media-sound/apulse." - elog - fi - - local show_doh_information show_normandy_information - - if [[ -z "${REPLACING_VERSIONS}" ]] ; then - # New install; Tell user that DoH is disabled by default - show_doh_information=yes - show_normandy_information=yes - else - local replacing_version - for replacing_version in ${REPLACING_VERSIONS} ; do - if ver_test "${replacing_version}" -lt 70 ; then - # Tell user only once about our DoH default - show_doh_information=yes - fi - - if ver_test "${replacing_version}" -lt 74.0-r2 ; then - # Tell user only once about our Normandy default - show_normandy_information=yes - fi - done - fi - - if [[ -n "${show_doh_information}" ]] ; then - elog - elog "Note regarding Trusted Recursive Resolver aka DNS-over-HTTPS (DoH):" - elog "Due to privacy concerns (encrypting DNS might be a good thing, sending all" - elog "DNS traffic to Cloudflare by default is not a good idea and applications" - elog "should respect OS configured settings), \"network.trr.mode\" was set to 5" - elog "(\"Off by choice\") by default." - elog "You can enable DNS-over-HTTPS in ${PN^}'s preferences." - fi - - # bug 713782 - if [[ -n "${show_normandy_information}" ]] ; then - elog - elog "Upstream operates a service named Normandy which allows Mozilla to" - elog "push changes for default settings or even install new add-ons remotely." - elog "While this can be useful to address problems like 'Armagadd-on 2.0' or" - elog "revert previous decisions to disable TLS 1.0/1.1, privacy and security" - elog "concerns prevail, which is why we have switched off the use of this" - elog "service by default." - elog - elog "To re-enable this service set" - elog - elog " app.normandy.enabled=true" - elog - elog "in about:config." - fi -} - -pkg_postrm() { - xdg_desktop_database_update - xdg_icon_cache_update -} diff --git a/www-servers/apache/Manifest b/www-servers/apache/Manifest deleted file mode 100644 index bad25e94a..000000000 --- a/www-servers/apache/Manifest +++ /dev/null @@ -1,2 +0,0 @@ -DIST gentoo-apache-2.4.39-20190402.tar.bz2 25491 BLAKE2B ce230b07ec156048c7d7c1eb4b0e732fa6140f55d136e317714591327bde3f85bab7780424e6eef04b7a4518cbdcfdddcbc094409f4ca19ffea1ce967bdf7cf1 SHA512 bc0ffa20cffd9a89c2ea64420fa2243d77e97d7922bcd0b387a7fcfcc3c6908a056972b499a81344f7c3e3e19b55ffc300fd034c54b287f4f32d8931bd50cde4 -DIST httpd-2.4.41.tar.bz2 7072373 BLAKE2B 88a2390736209d5ef04bffcb867bc8d6019302885e6f3cc63d18123336d4d0657252105a3bfebf4e91b8daa02119d4a61f4c0a9702244858a3193ec6cf681c0f SHA512 350cc7dcd2c439e0590338fa6da3f44df44f9bb885c381e91f91b14c2f48597f6f0bbac0ea118a8a67eaa70ae7edbb769beace368643ed73f6daee44c307b335 diff --git a/www-servers/apache/apache-2.4.41.ebuild b/www-servers/apache/apache-2.4.41.ebuild deleted file mode 100644 index 8c28f2265..000000000 --- a/www-servers/apache/apache-2.4.41.ebuild +++ /dev/null @@ -1,275 +0,0 @@ -# Copyright 1999-2019 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -EAPI=6 - -# latest gentoo apache files -GENTOO_PATCHSTAMP="20190402" -GENTOO_DEVELOPER="polynomial-c" -GENTOO_PATCHNAME="gentoo-apache-2.4.39" - -# IUSE/USE_EXPAND magic -IUSE_MPMS_FORK="prefork" -IUSE_MPMS_THREAD="event worker" - -# << obsolete modules: -# authn_default authz_default mem_cache -# mem_cache is replaced by cache_disk -# ?? buggy modules -# proxy_scgi: startup error: undefined symbol "ap_proxy_release_connection", no fix found -# >> added modules for reason: -# compat: compatibility with 2.2 access control -# authz_host: new module for access control -# authn_core: functionality provided by authn_alias in previous versions -# authz_core: new module, provides core authorization capabilities -# cache_disk: replacement for mem_cache -# lbmethod_byrequests: Split off from mod_proxy_balancer in 2.3 -# lbmethod_bytraffic: Split off from mod_proxy_balancer in 2.3 -# lbmethod_bybusyness: Split off from mod_proxy_balancer in 2.3 -# lbmethod_heartbeat: Split off from mod_proxy_balancer in 2.3 -# slotmem_shm: Slot-based shared memory provider (for lbmethod_byrequests). -# socache_shmcb: shared object cache provider. Default config with ssl needs it -# unixd: fixes startup error: Invalid command 'User' -IUSE_MODULES="access_compat actions alias asis auth_basic auth_digest auth_form -authn_alias authn_anon authn_core authn_dbd authn_dbm authn_file authn_socache authz_core -authz_dbd authz_dbm authz_groupfile authz_host authz_owner authz_user autoindex -brotli cache cache_disk cache_socache cern_meta charset_lite cgi cgid dav dav_fs dav_lock -dbd deflate dir dumpio env expires ext_filter file_cache filter headers http2 -ident imagemap include info lbmethod_byrequests lbmethod_bytraffic lbmethod_bybusyness -lbmethod_heartbeat log_config log_forensic logio macro md mime mime_magic negotiation -proxy proxy_ajp proxy_balancer proxy_connect proxy_ftp proxy_html proxy_http proxy_scgi -proxy_http2 proxy_fcgi proxy_wstunnel rewrite ratelimit remoteip reqtimeout -session session_cookie session_crypto session_dbd setenvif slotmem_shm speling -socache_shmcb status substitute unique_id userdir usertrack unixd version vhost_alias -watchdog xml2enc" -# The following are also in the source as of this version, but are not available -# for user selection: -# bucketeer case_filter case_filter_in echo http isapi optional_fn_export -# optional_fn_import optional_hook_export optional_hook_import - -# inter-module dependencies -# TODO: this may still be incomplete -MODULE_DEPENDS=" - auth_form:session - brotli:filter - dav_fs:dav - dav_lock:dav - deflate:filter - cache_disk:cache - ext_filter:filter - file_cache:cache - lbmethod_byrequests:proxy_balancer - lbmethod_byrequests:slotmem_shm - lbmethod_bytraffic:proxy_balancer - lbmethod_bybusyness:proxy_balancer - lbmethod_heartbeat:proxy_balancer - log_forensic:log_config - logio:log_config - cache_disk:cache - cache_socache:cache - md:watchdog - mime_magic:mime - proxy_ajp:proxy - proxy_balancer:proxy - proxy_balancer:slotmem_shm - proxy_connect:proxy - proxy_ftp:proxy - proxy_html:proxy - proxy_html:xml2enc - proxy_http:proxy - proxy_http2:proxy - proxy_scgi:proxy - proxy_fcgi:proxy - proxy_wstunnel:proxy - session_cookie:session - session_dbd:dbd - session_dbd:session - substitute:filter -" - -# module<->define mappings -MODULE_DEFINES=" - auth_digest:AUTH_DIGEST - authnz_ldap:AUTHNZ_LDAP - cache:CACHE - cache_disk:CACHE - cache_socache:CACHE - dav:DAV - dav_fs:DAV - dav_lock:DAV - file_cache:CACHE - http2:HTTP2 - info:INFO - ldap:LDAP - md:SSL - proxy:PROXY - proxy_ajp:PROXY - proxy_balancer:PROXY - proxy_connect:PROXY - proxy_ftp:PROXY - proxy_html:PROXY - proxy_http:PROXY - proxy_fcgi:PROXY - proxy_scgi:PROXY - proxy_wstunnel:PROXY - socache_shmcb:SSL - ssl:SSL - status:STATUS - suexec:SUEXEC - userdir:USERDIR -" - -# critical modules for the default config -MODULE_CRITICAL=" - authn_core - authz_core - authz_host - dir - mime - unixd -" -inherit apache-2 systemd tmpfiles toolchain-funcs - -DESCRIPTION="The Apache Web Server" -HOMEPAGE="https://httpd.apache.org/" - -# some helper scripts are Apache-1.1, thus both are here -LICENSE="Apache-2.0 Apache-1.1" -SLOT="2" -KEYWORDS="alpha amd64 ~arm arm64 hppa ia64 ~mips ppc ppc64 ~s390 ~sh sparc x86 ~amd64-linux ~x64-macos ~x86-macos ~m68k-mint ~sparc64-solaris ~x64-solaris" - -# Enable http2 by default (bug #563452) -# FIXME: Move to apache-2.eclass once this has reached stable. -IUSE="${IUSE/apache2_modules_http2/+apache2_modules_http2}" -# New suexec options (since 2.4.34) -IUSE="${IUSE} +suexec-caps suexec-syslog libressl" - -CDEPEND="apache2_modules_brotli? ( >=app-arch/brotli-0.6.0:= ) - apache2_modules_http2? ( >=net-libs/nghttp2-1.2.1 ) - apache2_modules_proxy_http2? ( >=net-libs/nghttp2-1.2.1 ) - apache2_modules_md? ( >=dev-libs/jansson-2.10 ) - apache2_modules_session_crypto? ( - libressl? ( dev-libs/apr-util[libressl] ) - !libressl? ( dev-libs/apr-util[openssl] ) - )" - -DEPEND+="${CDEPEND} - suexec? ( suexec-caps? ( sys-libs/libcap ) )" -RDEPEND+="${CDEPEND}" - -REQUIRED_USE="apache2_modules_http2? ( ssl ) - apache2_modules_md? ( ssl )" - -pkg_setup() { - # dependend critical modules which are not allowed in global scope due - # to USE flag conditionals (bug #499260) - use ssl && MODULE_CRITICAL+=" socache_shmcb" - use doc && MODULE_CRITICAL+=" alias negotiation setenvif" - apache-2_pkg_setup -} - -src_configure() { - # Brain dead check. - tc-is-cross-compiler && export ap_cv_void_ptr_lt_long="no" - - apache-2_src_configure -} - -src_compile() { - if tc-is-cross-compiler; then - # This header is the same across targets, so use the build compiler. - pushd server >/dev/null - emake gen_test_char - tc-export_build_env BUILD_CC - ${BUILD_CC} ${BUILD_CFLAGS} ${BUILD_CPPFLAGS} ${BUILD_LDFLAGS} \ - gen_test_char.c -o gen_test_char $(apr-1-config --includes) || die - popd >/dev/null - fi - - default -} - -src_install() { - apache-2_src_install - - # systemd support for logrotate scripts - # override Gentoo logrotate script with a version - # that works for both openrc and systemd - insinto /etc/logrotate.d - newins "${FILESDIR}"/apache2-logrotate apache2 - - local i - local apache_tools_prune_list=( - /usr/bin/{htdigest,logresolve,htpasswd,htdbm,ab,httxt2dbm} - /usr/sbin/{checkgid,fcgistarter,htcacheclean,rotatelogs} - /usr/share/man/man1/{logresolve.1,htdbm.1,htdigest.1,htpasswd.1,dbmmanage.1,ab.1} - /usr/share/man/man8/{rotatelogs.8,htcacheclean.8} - ) - for i in ${apache_tools_prune_list[@]} ; do - rm "${ED%/}"/${i} || die "Failed to prune apache-tools bits" - done - - # install apxs in /usr/bin (bug #502384) and put a symlink into the - # old location until all ebuilds and eclasses have been modified to - # use the new location. - dobin support/apxs - dosym ../bin/apxs /usr/sbin/apxs - - # Note: wait for mod_systemd to be included in some forthcoming release, - # Then apache2.4.service can be used and systemd support controlled - # through --enable-systemd - systemd_newunit "${FILESDIR}/apache2.2-hardened.service" "apache2.service" - systemd_dotmpfilesd "${FILESDIR}/apache.conf" - #insinto /etc/apache2/modules.d - #doins "${FILESDIR}/00_systemd.conf" - - # Install http2 module config - insinto /etc/apache2/modules.d - doins "${FILESDIR}"/41_mod_http2.conf - - # Fix path to apache libdir - sed "s|@LIBDIR@|$(get_libdir)|" -i "${ED%/}"/usr/sbin/apache2ctl || die -} - -pkg_postinst() { - apache-2_pkg_postinst || die "apache-2_pkg_postinst failed" - - tmpfiles_process apache.conf #662544 - - # warnings that default config might not work out of the box - local mod cmod - for mod in ${MODULE_CRITICAL} ; do - if ! use "apache2_modules_${mod}"; then - echo - ewarn "Warning: Critical module not installed!" - ewarn "Modules 'authn_core', 'authz_core' and 'unixd'" - ewarn "are highly recomended but might not be in the base profile yet." - ewarn "Default config for ssl needs module 'socache_shmcb'." - ewarn "Enabling the following flags is highly recommended:" - for cmod in ${MODULE_CRITICAL} ; do - use "apache2_modules_${cmod}" || \ - ewarn "+ apache2_modules_${cmod}" - done - echo - break - fi - done - # warning for proxy_balancer and missing load balancing scheduler - if use apache2_modules_proxy_balancer; then - local lbset= - for mod in lbmethod_byrequests lbmethod_bytraffic lbmethod_bybusyness lbmethod_heartbeat; do - if use "apache2_modules_${mod}"; then - lbset=1 && break - fi - done - if [ ! ${lbset} ] ; then - echo - ewarn "Info: Missing load balancing scheduler algorithm module" - ewarn "(They were split off from proxy_balancer in 2.3)" - ewarn "In order to get the ability of load balancing, at least" - ewarn "one of these modules has to be present:" - ewarn "lbmethod_byrequests lbmethod_bytraffic lbmethod_bybusyness lbmethod_heartbeat" - echo - fi - fi -} diff --git a/www-servers/apache/files/41_mod_http2.conf b/www-servers/apache/files/41_mod_http2.conf deleted file mode 100644 index e4c9454e0..000000000 --- a/www-servers/apache/files/41_mod_http2.conf +++ /dev/null @@ -1,9 +0,0 @@ - - - # enable debugging for this module - #LogLevel http2:info - - #Enable HTTP/2 support - Protocols h2 h2c http/1.1 - - diff --git a/www-servers/apache/files/apache-2.4.12-alpn.patch b/www-servers/apache/files/apache-2.4.12-alpn.patch deleted file mode 100644 index 25bb6e1b5..000000000 --- a/www-servers/apache/files/apache-2.4.12-alpn.patch +++ /dev/null @@ -1,476 +0,0 @@ -https://bugs.gentoo.org/471512 - -upstream apache has merged alpn into trunk: -https://issues.apache.org/bugzilla/show_bug.cgi?id=52210 -note: the bug is closed INVALID due to the npn discussion; go to the bottom to -see alpn merged into it trunk. unfortunately, it wasn't merged into the 2.4 -branch. - -the mod_h2 project has backported it to the 2.4 branch: -https://github.com/icing/mod_h2/tree/master/sandbox/httpd/patches -commit 73e4d0e9c813b58581a32a6948780fa948094cc1 - ---- modules/ssl/mod_ssl.c -+++ modules/ssl/mod_ssl.c -@@ -273,6 +273,12 @@ - "OpenSSL configuration command") - #endif - -+#ifdef HAVE_TLS_ALPN -+ SSL_CMD_SRV(ALPNPreference, ITERATE, -+ "Preference in Application-Layer Protocol Negotiation (ALPN), " -+ "protocols are chosen in the specified order") -+#endif -+ - /* Deprecated directives. */ - AP_INIT_RAW_ARGS("SSLLog", ap_set_deprecated, NULL, OR_ALL, - "SSLLog directive is no longer supported - use ErrorLog."), -@@ -423,12 +448,44 @@ - return 1; - } - -+static int modssl_register_alpn(conn_rec *c, -+ ssl_alpn_propose_protos advertisefn, -+ ssl_alpn_proto_negotiated negotiatedfn) -+{ -+#ifdef HAVE_TLS_ALPN -+ SSLConnRec *sslconn = myConnConfig(c); -+ -+ if (!sslconn) { -+ return DECLINED; -+ } -+ -+ if (!sslconn->alpn_proposefns) { -+ sslconn->alpn_proposefns = -+ apr_array_make(c->pool, 5, sizeof(ssl_alpn_propose_protos)); -+ sslconn->alpn_negofns = -+ apr_array_make(c->pool, 5, sizeof(ssl_alpn_proto_negotiated)); -+ } -+ -+ if (advertisefn) -+ APR_ARRAY_PUSH(sslconn->alpn_proposefns, ssl_alpn_propose_protos) = -+ advertisefn; -+ if (negotiatedfn) -+ APR_ARRAY_PUSH(sslconn->alpn_negofns, ssl_alpn_proto_negotiated) = -+ negotiatedfn; -+ -+ return OK; -+#else -+ return DECLINED; -+#endif -+} -+ - int ssl_init_ssl_connection(conn_rec *c, request_rec *r) - { - SSLSrvConfigRec *sc; - SSL *ssl; - SSLConnRec *sslconn = myConnConfig(c); - char *vhost_md5; -+ int rc; - modssl_ctx_t *mctx; - server_rec *server; - -@@ -585,6 +647,7 @@ - - APR_REGISTER_OPTIONAL_FN(ssl_proxy_enable); - APR_REGISTER_OPTIONAL_FN(ssl_engine_disable); -+ APR_REGISTER_OPTIONAL_FN(modssl_register_alpn); - - ap_register_auth_provider(p, AUTHZ_PROVIDER_GROUP, "ssl", - AUTHZ_PROVIDER_VERSION, ---- modules/ssl/mod_ssl.h -+++ modules/ssl/mod_ssl.h -@@ -63,5 +93,46 @@ - - APR_DECLARE_OPTIONAL_FN(int, ssl_engine_disable, (conn_rec *)); - -+/** The alpn_propose_proto callback allows other modules to propose -+ * the name of the protocol that will be chosen during the -+ * Application-Layer Protocol Negotiation (ALPN) portion of the SSL handshake. -+ * The callback is given the connection and a list of NULL-terminated -+ * protocol strings as supported by the client. If this client_protos is -+ * non-empty, it must pick its preferred protocol from that list. Otherwise -+ * it should add its supported protocols in order of precedence. -+ * The callback should not yet modify the connection or install any filters -+ * as its proposal(s) may be overridden by another callback or server -+ * configuration. -+ * It should return OK or, to prevent further processing of (other modules') -+ * callbacks, return DONE. -+ */ -+typedef int (*ssl_alpn_propose_protos)(conn_rec *connection, -+ apr_array_header_t *client_protos, -+ apr_array_header_t *proposed_protos); -+ -+/** The alpn_proto_negotiated callback allows other modules to discover -+ * the name of the protocol that was chosen during the Application-Layer -+ * Protocol Negotiation (ALPN) portion of the SSL handshake. -+ * The callback is given the connection, a -+ * non-NUL-terminated string containing the protocol name, and the -+ * length of the string; it should do something appropriate -+ * (i.e. insert or remove filters) and return OK. To prevent further -+ * processing of (other modules') callbacks, return DONE. */ -+typedef int (*ssl_alpn_proto_negotiated)(conn_rec *connection, -+ const char *proto_name, -+ apr_size_t proto_name_len); -+ -+/* An optional function which can be used to register a pair of callbacks -+ * for ALPN handling. -+ * This optional function should be invoked from a pre_connection hook -+ * which runs *after* mod_ssl.c's pre_connection hook. The function returns -+ * OK if the callbacks are registered, or DECLINED otherwise (for example if -+ * mod_ssl does not support ALPN). -+ */ -+APR_DECLARE_OPTIONAL_FN(int, modssl_register_alpn, -+ (conn_rec *conn, -+ ssl_alpn_propose_protos proposefn, -+ ssl_alpn_proto_negotiated negotiatedfn)); -+ - #endif /* __MOD_SSL_H__ */ - /** @} */ ---- modules/ssl/ssl_engine_config.c -+++ modules/ssl/ssl_engine_config.c -@@ -159,6 +160,9 @@ - SSL_CONF_CTX_set_flags(mctx->ssl_ctx_config, SSL_CONF_FLAG_CERTIFICATE); - mctx->ssl_ctx_param = apr_array_make(p, 5, sizeof(ssl_ctx_param_t)); - #endif -+#ifdef HAVE_TLS_ALPN -+ mctx->ssl_alpn_pref = apr_array_make(p, 5, sizeof(const char *)); -+#endif - } - - static void modssl_ctx_init_proxy(SSLSrvConfigRec *sc, -@@ -301,6 +307,9 @@ - #ifdef HAVE_SSL_CONF_CMD - cfgMergeArray(ssl_ctx_param); - #endif -+#ifdef HAVE_TLS_ALPN -+ cfgMergeArray(ssl_alpn_pref); -+#endif - } - - static void modssl_ctx_cfg_merge_proxy(apr_pool_t *p, -@@ -1875,6 +1868,16 @@ - } - #endif - -+#ifdef HAVE_TLS_ALPN -+const char *ssl_cmd_SSLALPNPreference(cmd_parms *cmd, void *dcfg, -+ const char *protocol) -+{ -+ SSLSrvConfigRec *sc = mySrvConfig(cmd->server); -+ APR_ARRAY_PUSH(sc->server->ssl_alpn_pref, const char *) = protocol; -+ return NULL; -+} -+#endif -+ - #ifdef HAVE_SRP - - const char *ssl_cmd_SSLSRPVerifierFile(cmd_parms *cmd, void *dcfg, ---- modules/ssl/ssl_engine_init.c -+++ modules/ssl/ssl_engine_init.c -@@ -623,6 +646,11 @@ - SSL_CTX_set_tmp_dh_callback(ctx, ssl_callback_TmpDH); - - SSL_CTX_set_info_callback(ctx, ssl_callback_Info); -+ -+#ifdef HAVE_TLS_ALPN -+ SSL_CTX_set_alpn_select_cb( -+ ctx, ssl_callback_alpn_select, NULL); -+#endif - } - - static apr_status_t ssl_init_ctx_verify(server_rec *s, ---- modules/ssl/ssl_engine_io.c -+++ modules/ssl/ssl_engine_io.c -@@ -28,6 +28,7 @@ - core keeps dumping.'' - -- Unknown */ - #include "ssl_private.h" -+#include "mod_ssl.h" - #include "apr_date.h" - - /* _________________________________________________________________ -@@ -297,6 +315,9 @@ - apr_pool_t *pool; - char buffer[AP_IOBUFSIZE]; - ssl_filter_ctx_t *filter_ctx; -+#ifdef HAVE_TLS_ALPN -+ int alpn_finished; /* 1 if ALPN has finished, 0 otherwise */ -+#endif - } bio_filter_in_ctx_t; - - /* -@@ -1412,6 +1485,37 @@ - APR_BRIGADE_INSERT_TAIL(bb, bucket); - } - -+#ifdef HAVE_TLS_ALPN -+ /* By this point, Application-Layer Protocol Negotiation (ALPN) should be -+ * completed (if our version of OpenSSL supports it). If we haven't already, -+ * find out which protocol was decided upon and inform other modules -+ * by calling alpn_proto_negotiated_hook. -+ */ -+ if (!inctx->alpn_finished) { -+ SSLConnRec *sslconn = myConnConfig(f->c); -+ const unsigned char *next_proto = NULL; -+ unsigned next_proto_len = 0; -+ int n; -+ -+ if (sslconn->alpn_negofns) { -+ SSL_get0_alpn_selected(inctx->ssl, &next_proto, &next_proto_len); -+ ap_log_cerror(APLOG_MARK, APLOG_DEBUG, APR_SUCCESS, f->c, -+ APLOGNO(02836) "SSL negotiated protocol: '%s'", -+ (next_proto && next_proto_len)? -+ apr_pstrmemdup(f->c->pool, (const char *)next_proto, -+ next_proto_len) : "(null)"); -+ for (n = 0; n < sslconn->alpn_negofns->nelts; n++) { -+ ssl_alpn_proto_negotiated fn = -+ APR_ARRAY_IDX(sslconn->alpn_negofns, n, ssl_alpn_proto_negotiated); -+ -+ if (fn(f->c, (const char *)next_proto, next_proto_len) == DONE) -+ break; -+ } -+ } -+ inctx->alpn_finished = 1; -+ } -+#endif -+ - return APR_SUCCESS; - } - -@@ -1893,6 +1996,9 @@ - inctx->block = APR_BLOCK_READ; - inctx->pool = c->pool; - inctx->filter_ctx = filter_ctx; -+#ifdef HAVE_TLS_ALPN -+ inctx->alpn_finished = 0; -+#endif - } - - /* The request_rec pointer is passed in here only to ensure that the ---- modules/ssl/ssl_engine_kernel.c -+++ modules/ssl/ssl_engine_kernel.c -@@ -29,6 +29,7 @@ - time I was too famous.'' - -- Unknown */ - #include "ssl_private.h" -+#include "mod_ssl.h" - #include "util_md5.h" - - static void ssl_configure_env(request_rec *r, SSLConnRec *sslconn); -@@ -2137,6 +2162,153 @@ - } - #endif /* HAVE_TLS_SESSION_TICKETS */ - -+#ifdef HAVE_TLS_ALPN -+static int ssl_array_index(apr_array_header_t *array, -+ const char *s) -+{ -+ int i; -+ for (i = 0; i < array->nelts; i++) { -+ const char *p = APR_ARRAY_IDX(array, i, const char*); -+ if (!strcmp(p, s)) { -+ return i; -+ } -+ } -+ return -1; -+} -+ -+/* -+ * Compare two ALPN protocol proposal. Result is similar to strcmp(): -+ * 0 gives same precedence, >0 means proto1 is prefered. -+ */ -+static int ssl_cmp_alpn_protos(modssl_ctx_t *ctx, -+ const char *proto1, -+ const char *proto2) -+{ -+ /* TODO: we should have a mod_ssl configuration parameter. */ -+ if (ctx && ctx->ssl_alpn_pref) { -+ int index1 = ssl_array_index(ctx->ssl_alpn_pref, proto1); -+ int index2 = ssl_array_index(ctx->ssl_alpn_pref, proto2); -+ if (index2 > index1) { -+ return (index1 >= 0)? 1 : -1; -+ } -+ else if (index1 > index2) { -+ return (index2 >= 0)? -1 : 1; -+ } -+ } -+ /* both have the same index (mabye -1 or no pref configured) and we compare -+ * the names so that spdy3 gets precedence over spdy2. That makes -+ * the outcome at least deterministic. */ -+ return strcmp((const char *)proto1, (const char *)proto2); -+} -+ -+/* -+ * This callback function is executed when the TLS Application Layer -+ * Protocol Negotiate Extension (ALPN, RFC 7301) is triggered by the client -+ * hello, giving a list of desired protocol names (in descending preference) -+ * to the server. -+ * The callback has to select a protocol name or return an error if none of -+ * the clients preferences is supported. -+ * The selected protocol does not have to be on the client list, according -+ * to RFC 7301, so no checks are performed. -+ * The client protocol list is serialized as length byte followed by ascii -+ * characters (not null-terminated), followed by the next protocol name. -+ */ -+int ssl_callback_alpn_select(SSL *ssl, -+ const unsigned char **out, unsigned char *outlen, -+ const unsigned char *in, unsigned int inlen, void *arg) -+{ -+ conn_rec *c = (conn_rec*)SSL_get_app_data(ssl); -+ SSLConnRec *sslconn = myConnConfig(c); -+ server_rec *s = mySrvFromConn(c); -+ SSLSrvConfigRec *sc = mySrvConfig(s); -+ modssl_ctx_t *mctx = myCtxConfig(sslconn, sc); -+ const char *alpn_http1 = "http/1.1"; -+ apr_array_header_t *client_protos; -+ apr_array_header_t *proposed_protos; -+ int i; -+ size_t len; -+ -+ /* If the connection object is not available, -+ * then there's nothing for us to do. */ -+ if (c == NULL) { -+ return SSL_TLSEXT_ERR_OK; -+ } -+ -+ if (inlen == 0) { -+ // someone tries to trick us? -+ ap_log_cerror(APLOG_MARK, APLOG_ERR, 0, c, APLOGNO(02837) -+ "ALPN client protocol list empty"); -+ return SSL_TLSEXT_ERR_ALERT_FATAL; -+ } -+ -+ client_protos = apr_array_make(c->pool, 0, sizeof(char *)); -+ for (i = 0; i < inlen; /**/) { -+ unsigned int plen = in[i++]; -+ if (plen + i > inlen) { -+ // someone tries to trick us? -+ ap_log_cerror(APLOG_MARK, APLOG_ERR, 0, c, APLOGNO(02838) -+ "ALPN protocol identier too long"); -+ return SSL_TLSEXT_ERR_ALERT_FATAL; -+ } -+ APR_ARRAY_PUSH(client_protos, char*) = -+ apr_pstrndup(c->pool, (const char *)in+i, plen); -+ i += plen; -+ } -+ -+ proposed_protos = apr_array_make(c->pool, client_protos->nelts+1, -+ sizeof(char *)); -+ -+ if (sslconn->alpn_proposefns != NULL) { -+ /* Invoke our alpn_propos_proto hooks, giving other modules a chance to -+ * propose protocol names for selection. We might have several such -+ * hooks installed and if two make a proposal, we need to give -+ * preference to one. -+ */ -+ for (i = 0; i < sslconn->alpn_proposefns->nelts; i++) { -+ ssl_alpn_propose_protos fn = -+ APR_ARRAY_IDX(sslconn->alpn_proposefns, i, -+ ssl_alpn_propose_protos); -+ -+ if (fn(c, client_protos, proposed_protos) == DONE) -+ break; -+ } -+ } -+ -+ if (proposed_protos->nelts <= 0) { -+ /* Regardless of installed hooks, the http/1.1 protocol is always -+ * supported by us. Choose it if none other matches. */ -+ if (ssl_array_index(client_protos, alpn_http1) < 0) { -+ ap_log_cerror(APLOG_MARK, APLOG_ERR, 0, c, APLOGNO(02839) -+ "none of the client ALPN protocols are supported"); -+ return SSL_TLSEXT_ERR_ALERT_FATAL; -+ } -+ *out = (const unsigned char*)alpn_http1; -+ *outlen = (unsigned char)strlen(alpn_http1); -+ return SSL_TLSEXT_ERR_OK; -+ } -+ -+ /* Now select the most preferred protocol from the proposals. */ -+ *out = APR_ARRAY_IDX(proposed_protos, 0, const unsigned char *); -+ for (i = 1; i < proposed_protos->nelts; ++i) { -+ const char *proto = APR_ARRAY_IDX(proposed_protos, i, const char*); -+ /* Do we prefer it over existing candidate? */ -+ if (ssl_cmp_alpn_protos(mctx, (const char *)*out, proto) < 0) { -+ *out = (const unsigned char*)proto; -+ } -+ } -+ -+ len = strlen((const char*)*out); -+ if (len > 255) { -+ ap_log_cerror(APLOG_MARK, APLOG_ERR, 0, c, APLOGNO(02840) -+ "ALPN negotiated protocol name too long"); -+ return SSL_TLSEXT_ERR_ALERT_FATAL; -+ } -+ *outlen = (unsigned char)len; -+ -+ return SSL_TLSEXT_ERR_OK; -+} -+#endif -+ - #ifdef HAVE_SRP - - int ssl_callback_SRPServerParams(SSL *ssl, int *ad, void *arg) ---- modules/ssl/ssl_private.h -+++ modules/ssl/ssl_private.h -@@ -182,6 +182,11 @@ - #include - #endif - -+/* ALPN Protocol Negotiation */ -+#if defined(TLSEXT_TYPE_application_layer_protocol_negotiation) -+#define HAVE_TLS_ALPN -+#endif -+ - #endif /* !defined(OPENSSL_NO_TLSEXT) && defined(SSL_set_tlsext_host_name) */ - - /* mod_ssl headers */ -@@ -443,6 +438,12 @@ - * connection */ - } reneg_state; - -+#ifdef HAVE_TLS_ALPN -+ /* Poor man's inter-module optional hooks for ALPN. */ -+ apr_array_header_t *alpn_proposefns; /* list of ssl_alpn_propose_protos callbacks */ -+ apr_array_header_t *alpn_negofns; /* list of ssl_alpn_proto_negotiated callbacks. */ -+#endif -+ - server_rec *server; - } SSLConnRec; - -@@ -633,6 +633,10 @@ - SSL_CONF_CTX *ssl_ctx_config; /* Configuration context */ - apr_array_header_t *ssl_ctx_param; /* parameters to pass to SSL_CTX */ - #endif -+ -+#ifdef HAVE_TLS_ALPN -+ apr_array_header_t *ssl_alpn_pref; /* protocol names in order of preference */ -+#endif - } modssl_ctx_t; - - struct SSLSrvConfigRec { -@@ -763,6 +763,10 @@ - const char *ssl_cmd_SSLOpenSSLConfCmd(cmd_parms *cmd, void *dcfg, const char *arg1, const char *arg2); - #endif - -+#ifdef HAVE_TLS_ALPN -+const char *ssl_cmd_SSLALPNPreference(cmd_parms *cmd, void *dcfg, const char *protocol); -+#endif -+ - #ifdef HAVE_SRP - const char *ssl_cmd_SSLSRPVerifierFile(cmd_parms *cmd, void *dcfg, const char *arg); - const char *ssl_cmd_SSLSRPUnknownUserSeed(cmd_parms *cmd, void *dcfg, const char *arg); -@@ -815,6 +815,12 @@ - EVP_CIPHER_CTX *, HMAC_CTX *, int); - #endif - -+#ifdef HAVE_TLS_ALPN -+int ssl_callback_alpn_select(SSL *ssl, const unsigned char **out, -+ unsigned char *outlen, const unsigned char *in, -+ unsigned int inlen, void *arg); -+#endif -+ - /** Session Cache Support */ - apr_status_t ssl_scache_init(server_rec *, apr_pool_t *); - void ssl_scache_status_register(apr_pool_t *p); diff --git a/www-servers/apache/files/apache.conf b/www-servers/apache/files/apache.conf deleted file mode 100644 index 56e23aefa..000000000 --- a/www-servers/apache/files/apache.conf +++ /dev/null @@ -1,2 +0,0 @@ -d /run/apache2 710 root apache -d /run/apache_ssl_mutex diff --git a/www-servers/apache/files/apache2-logrotate b/www-servers/apache/files/apache2-logrotate deleted file mode 100644 index 00a127c1d..000000000 --- a/www-servers/apache/files/apache2-logrotate +++ /dev/null @@ -1,12 +0,0 @@ -# Apache2 logrotate snipet for Gentoo Linux -# Contributes by Chuck Short -# -/var/log/apache2/*log { - missingok - notifempty - sharedscripts - postrotate - test -e /run/openrc/softlevel && /etc/init.d/apache2 reload > /dev/null 2>&1 || true - test -e /run/systemd/system && systemctl reload apache2 > /dev/null 2>&1 || true - endscript -} diff --git a/www-servers/apache/files/apache2.2-hardened.service b/www-servers/apache/files/apache2.2-hardened.service deleted file mode 100644 index 7a512a733..000000000 --- a/www-servers/apache/files/apache2.2-hardened.service +++ /dev/null @@ -1,27 +0,0 @@ -[Unit] -Description=The Apache HTTP Server -After=network.target remote-fs.target nss-lookup.target - -[Service] -EnvironmentFile=/etc/conf.d/apache2 -ExecStart=/usr/sbin/apache2 $APACHE2_OPTS -DFOREGROUND -ExecReload=/usr/sbin/apache2 $APACHE2_OPTS -k graceful -ExecStop=/usr/sbin/apache2 $APACHE2_OPTS -k graceful-stop -# We want systemd to give httpd some time to finish gracefully, but still want -# it to kill httpd after TimeoutStopSec if something went wrong during the -# graceful stop. Normally, Systemd sends SIGTERM signal right after the -# ExecStop, which would kill httpd. We are sending useless SIGCONT here to give -# httpd time to finish. -KillSignal=SIGCONT -PrivateTmp=true -#Hardening -PrivateTmp=true -CapabilityBoundingSet=CAP_CHOWN CAP_SETGID CAP_SETUID CAP_DAC_OVERRIDE CAP_KILL CAP_NET_BIND_SERVICE CAP_IPC_LOCK -SecureBits=noroot-locked -ProtectSystem=full -NoNewPrivileges=true -PrivateDevices=true -MemoryDenyWriteExecute=true - -[Install] -WantedBy=multi-user.target diff --git a/x11-libs/libxklavier/Manifest b/x11-libs/libxklavier/Manifest deleted file mode 100644 index abd3744ec..000000000 --- a/x11-libs/libxklavier/Manifest +++ /dev/null @@ -1 +0,0 @@ -DIST libxklavier-5.4.tar.bz2 390428 SHA256 17a34194df5cbcd3b7bfd0f561d95d1f723aa1c87fca56bc2c209514460a9320 SHA512 e9342d94f6cd67e900e44d9751ee0d8c75bec8e3a7b30989612bd71a5f890be52ff843465162dbbe0bfc9004da76e1d47158a4671b8f915e51c91f9d82f7baae WHIRLPOOL 93e2b73d8035e6ef01c0286c98e36d8f0ad5981238de49c9e93fedd97efc5247feadefa30cfc8fbf924980aa0e95fe6f24d1702b00171e0fdb3f4a430bab1a1f diff --git a/x11-libs/libxklavier/libxklavier-5.4.ebuild b/x11-libs/libxklavier/libxklavier-5.4.ebuild deleted file mode 100644 index 851bacd21..000000000 --- a/x11-libs/libxklavier/libxklavier-5.4.ebuild +++ /dev/null @@ -1,57 +0,0 @@ -# Copyright 1999-2016 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 - -EAPI=5 - -inherit eutils gnome.org libtool vala xdg-utils - -DESCRIPTION="A library for the X Keyboard Extension (high-level API)" -HOMEPAGE="https://www.freedesktop.org/wiki/Software/LibXklavier" - -LICENSE="LGPL-2" -SLOT="0/16" -KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~mips ~ppc ~ppc64 ~sh ~sparc ~x86 ~amd64-fbsd ~x86-fbsd ~x86-interix ~amd64-linux ~x86-linux ~x86-solaris" -IUSE="+introspection vala" -REQUIRED_USE="vala? ( introspection )" -RESTRICT=nomirror -SRC_URI="http://distfiles.sabayon.org/${CATEGORY}/${P}.tar.bz2" - -RDEPEND=" - app-text/iso-codes - >=dev-libs/glib-2.16:2 - dev-libs/libxml2:2 - x11-apps/xkbcomp - x11-libs/libX11 - >=x11-libs/libXi-1.1.3 - x11-libs/libxkbfile - >=x11-misc/xkeyboard-config-2.4.1-r3 - introspection? ( >=dev-libs/gobject-introspection-1.30:= ) -" -DEPEND="${RDEPEND} - >=dev-util/gtk-doc-am-1.4 - sys-devel/gettext - vala? ( $(vala_depend) ) - virtual/pkgconfig -" - -src_prepare() { - xdg_environment_reset - elibtoolize - use vala && vala_src_prepare -} - -src_configure() { - econf \ - --disable-static \ - --disable-gtk-doc \ - $(use_enable vala) \ - $(use_enable introspection) \ - --with-xkb-base="${EPREFIX}"/usr/share/X11/xkb \ - --with-xkb-bin-base="${EPREFIX}"/usr/bin -} - -src_install() { - default - dodoc AUTHORS ChangeLog CREDITS NEWS README - prune_libtool_files -} diff --git a/x11-libs/libxklavier/metadata.xml b/x11-libs/libxklavier/metadata.xml deleted file mode 100644 index f3cab85cf..000000000 --- a/x11-libs/libxklavier/metadata.xml +++ /dev/null @@ -1,7 +0,0 @@ - - - - - freedesktop-bugs@gentoo.org - - diff --git a/x11-plugins/pidgin-libnotify/Manifest b/x11-plugins/pidgin-libnotify/Manifest deleted file mode 100644 index 825fed32e..000000000 --- a/x11-plugins/pidgin-libnotify/Manifest +++ /dev/null @@ -1 +0,0 @@ -DIST pidgin-libnotify-0.14.tar.gz 316365 SHA256 74f4a9f20e0a483df39974178f1f2380786176189512bcd438e4ada280ec3abe diff --git a/x11-plugins/pidgin-libnotify/files/fix-notify-osd.diff b/x11-plugins/pidgin-libnotify/files/fix-notify-osd.diff deleted file mode 100644 index 25b678d64..000000000 --- a/x11-plugins/pidgin-libnotify/files/fix-notify-osd.diff +++ /dev/null @@ -1,16 +0,0 @@ -diff -urN pidgin-libnotify-0.14.orig/src/pidgin-libnotify.c pidgin-libnotify-0.14/src/pidgin-libnotify.c ---- pidgin-libnotify-0.14.orig/src/pidgin-libnotify.c 2010-01-24 13:22:41.000000000 -0500 -+++ pidgin-libnotify-0.14/src/pidgin-libnotify.c 2010-01-24 13:22:51.000000000 -0500 -@@ -317,7 +317,11 @@ - - notify_notification_set_urgency (notification, NOTIFY_URGENCY_NORMAL); - -- notify_notification_add_action (notification, "show", _("Show"), action_cb, NULL, NULL); -+ GList *caps; -+ caps = notify_get_server_caps(); -+ if (g_list_index(caps, "action") != -1) { -+ notify_notification_add_action (notification, "show", _("Show"), action_cb, NULL, NULL); -+ } - - if (!notify_notification_show (notification, NULL)) { - purple_debug_error (PLUGIN_ID, "notify(), failed to send notification\n"); diff --git a/x11-plugins/pidgin-libnotify/files/no_text_in_messages.diff b/x11-plugins/pidgin-libnotify/files/no_text_in_messages.diff deleted file mode 100644 index f0745e486..000000000 --- a/x11-plugins/pidgin-libnotify/files/no_text_in_messages.diff +++ /dev/null @@ -1,43 +0,0 @@ -diff -ur pidgin-libnotify-0.14.orig/src/pidgin-libnotify.c pidgin-libnotify-0.14.mine/src/pidgin-libnotify.c ---- pidgin-libnotify-0.14.orig/src/pidgin-libnotify.c 2008-12-14 17:45:51.000000000 +0000 -+++ pidgin-libnotify-0.14.mine/src/pidgin-libnotify.c 2010-12-29 21:06:56.764904502 +0000 -@@ -58,6 +58,11 @@ - purple_plugin_pref_frame_add (frame, ppref); - - ppref = purple_plugin_pref_new_with_name_and_label ( -+ "/plugins/gtk/libnotify/newmsgshowtext", -+ _("Show the message inside the popup")); -+ purple_plugin_pref_frame_add (frame, ppref); -+ -+ ppref = purple_plugin_pref_new_with_name_and_label ( - "/plugins/gtk/libnotify/newconvonly", - _("Only new conversations")); - purple_plugin_pref_frame_add (frame, ppref); -@@ -408,8 +413,17 @@ - - tr_name = truncate_escape_string (best_name (buddy), 25); - -- title = g_strdup_printf (_("%s says:"), tr_name); -- body = purple_markup_strip_html (message); -+ -+ if (purple_prefs_get_bool ("/plugins/gtk/libnotify/newmsgshowtext")) -+ { -+ title = g_strdup_printf (_("%s says:"), tr_name); -+ body = purple_markup_strip_html (message); -+ } -+ else -+ { -+ title = g_strdup_printf ("%s", tr_name); -+ body = g_strdup_printf(_("New message!")); -+ } - - notify (title, body, buddy); - -@@ -585,6 +599,7 @@ - purple_prefs_add_bool ("/plugins/gtk/libnotify/signon", TRUE); - purple_prefs_add_bool ("/plugins/gtk/libnotify/signoff", FALSE); - purple_prefs_add_bool ("/plugins/gtk/libnotify/only_available", FALSE); -+ purple_prefs_add_bool ("/plugins/gtk/libnotify/newmsgshowtext", TRUE); - } - - PURPLE_INIT_PLUGIN(notify, init_plugin, info) diff --git a/x11-plugins/pidgin-libnotify/files/notify_file_transfers.diff b/x11-plugins/pidgin-libnotify/files/notify_file_transfers.diff deleted file mode 100644 index ace92e17e..000000000 --- a/x11-plugins/pidgin-libnotify/files/notify_file_transfers.diff +++ /dev/null @@ -1,160 +0,0 @@ -# -# LP BUG: https://bugs.launchpad.net/ubuntu/+source/pidgin-libnotify/+bug/345522 -# DESCRIPTION: adds notifications for file transfers (request, end, fail) -# - ---- pidgin-libnotify-0.14.old/src/pidgin-libnotify.c 2008-12-14 18:45:51.000000000 +0100 -+++ pidgin-libnotify-0.14.new/src/pidgin-libnotify.c 2009-03-19 20:04:39.000000000 +0100 -@@ -58,6 +58,11 @@ - purple_plugin_pref_frame_add (frame, ppref); - - ppref = purple_plugin_pref_new_with_name_and_label ( -+ "/plugins/gtk/libnotify/filetransfer", -+ _("File transfers")); -+ purple_plugin_pref_frame_add (frame, ppref); -+ -+ ppref = purple_plugin_pref_new_with_name_and_label ( - "/plugins/gtk/libnotify/newconvonly", - _("Only new conversations")); - purple_plugin_pref_frame_add (frame, ppref); -@@ -469,10 +474,62 @@ - notify_msg_sent (account, sender, message); - } - -+static void -+notify_transfer_with_message(const char* message, PurpleXfer *xfer) -+{ -+ PurpleBuddy *buddy; -+ gchar *title, *body, *tr_name; -+ gboolean blocked; -+ -+ if (!purple_prefs_get_bool ("/plugins/gtk/libnotify/filetransfer")) -+ return; -+ -+ -+ buddy = purple_find_buddy (xfer->account, xfer->who); -+ if (!buddy) -+ { -+ purple_debug_info (PLUGIN_ID, "Buddy non trovato\n"); -+ return; -+ } -+ -+ blocked = purple_prefs_get_bool ("/plugins/gtk/libnotify/blocked"); -+ if (!purple_privacy_check(xfer->account, xfer->who) && blocked) -+ return; -+ -+ tr_name = truncate_escape_string (best_name (buddy), 25); -+ -+ title = g_strdup_printf (_("%s file transfer:"), tr_name); -+ body = g_strdup_printf("%s: %s", message, xfer->filename); -+ -+ notify (title, body, buddy); -+ -+ g_free (tr_name); -+ g_free (title); -+ g_free (body); -+} -+ -+static void -+event_file_transfer_request (PurpleXfer *xfer, gpointer data) -+{ -+ notify_transfer_with_message(_("Request"), xfer); -+} -+ -+static void -+event_file_transfer_complete (PurpleXfer *xfer, gpointer data) -+{ -+ notify_transfer_with_message(_("Complete"), xfer); -+} -+ -+static void -+event_file_transfer_cancel (PurpleXfer *xfer, gpointer data) -+{ -+ notify_transfer_with_message(_("Failed"), xfer); -+} -+ - static gboolean - plugin_load (PurplePlugin *plugin) - { -- void *conv_handle, *blist_handle, *conn_handle; -+ void *conv_handle, *blist_handle, *conn_handle, *xfer_handle; - - if (!notify_is_initted () && !notify_init ("Pidgin")) { - purple_debug_error (PLUGIN_ID, "libnotify not running!\n"); -@@ -482,6 +539,7 @@ - conv_handle = purple_conversations_get_handle (); - blist_handle = purple_blist_get_handle (); - conn_handle = purple_connections_get_handle(); -+ xfer_handle = purple_xfers_get_handle (); - - buddy_hash = g_hash_table_new (NULL, NULL); - -@@ -496,6 +554,21 @@ - - purple_signal_connect (conv_handle, "received-chat-msg", plugin, - PURPLE_CALLBACK(notify_chat_nick), NULL); -+ -+ purple_signal_connect (xfer_handle, "file-recv-request", plugin, -+ PURPLE_CALLBACK(event_file_transfer_request), NULL); -+ -+ purple_signal_connect (xfer_handle, "file-recv-complete", plugin, -+ PURPLE_CALLBACK(event_file_transfer_complete), NULL); -+ -+ purple_signal_connect (xfer_handle, "file-recv-cancel", plugin, -+ PURPLE_CALLBACK(event_file_transfer_cancel), NULL); -+ -+ purple_signal_connect (xfer_handle, "file-send-complete", plugin, -+ PURPLE_CALLBACK(event_file_transfer_complete), NULL); -+ -+ purple_signal_connect (xfer_handle, "file-send-cancel", plugin, -+ PURPLE_CALLBACK(event_file_transfer_cancel), NULL); - - /* used just to not display the flood of guifications we'd get */ - purple_signal_connect (conn_handle, "signed-on", plugin, -@@ -507,11 +580,12 @@ - static gboolean - plugin_unload (PurplePlugin *plugin) - { -- void *conv_handle, *blist_handle, *conn_handle; -+ void *conv_handle, *blist_handle, *conn_handle, *xfer_handle; - - conv_handle = purple_conversations_get_handle (); - blist_handle = purple_blist_get_handle (); - conn_handle = purple_connections_get_handle(); -+ xfer_handle = purple_xfers_get_handle (); - - purple_signal_disconnect (blist_handle, "buddy-signed-on", plugin, - PURPLE_CALLBACK(notify_buddy_signon_cb)); -@@ -527,6 +601,24 @@ - - purple_signal_disconnect (conn_handle, "signed-on", plugin, - PURPLE_CALLBACK(event_connection_throttle)); -+ -+ purple_signal_disconnect (conn_handle, "signed-on", plugin, -+ PURPLE_CALLBACK(event_connection_throttle)); -+ -+ purple_signal_disconnect (xfer_handle, "file-recv-request", plugin, -+ PURPLE_CALLBACK(event_file_transfer_request)); -+ -+ purple_signal_disconnect (xfer_handle, "file-recv-complete", plugin, -+ PURPLE_CALLBACK(event_file_transfer_complete)); -+ -+ purple_signal_disconnect (xfer_handle, "file-recv-cancel", plugin, -+ PURPLE_CALLBACK(event_file_transfer_cancel)); -+ -+ purple_signal_disconnect (xfer_handle, "file-send-complete", plugin, -+ PURPLE_CALLBACK(event_file_transfer_complete)); -+ -+ purple_signal_disconnect (xfer_handle, "file-send-cancel", plugin, -+ PURPLE_CALLBACK(event_file_transfer_cancel)); - - g_hash_table_destroy (buddy_hash); - -@@ -580,6 +672,7 @@ - - purple_prefs_add_none ("/plugins/gtk/libnotify"); - purple_prefs_add_bool ("/plugins/gtk/libnotify/newmsg", TRUE); -+ purple_prefs_add_bool ("/plugins/gtk/libnotify/filetransfer", TRUE); - purple_prefs_add_bool ("/plugins/gtk/libnotify/blocked", TRUE); - purple_prefs_add_bool ("/plugins/gtk/libnotify/newconvonly", FALSE); - purple_prefs_add_bool ("/plugins/gtk/libnotify/signon", TRUE); diff --git a/x11-plugins/pidgin-libnotify/files/pidgin-libnotify-0.14-libnotify-0.7-support.patch b/x11-plugins/pidgin-libnotify/files/pidgin-libnotify-0.14-libnotify-0.7-support.patch deleted file mode 100644 index 649da35a9..000000000 --- a/x11-plugins/pidgin-libnotify/files/pidgin-libnotify-0.14-libnotify-0.7-support.patch +++ /dev/null @@ -1,16 +0,0 @@ -diff -ur pidgin-libnotify-0.14/src/pidgin-libnotify.c pidgin-libnotify-0.14.new/src/pidgin-libnotify.c ---- pidgin-libnotify-0.14/src/pidgin-libnotify.c 2008-12-14 17:45:51.000000000 +0000 -+++ pidgin-libnotify-0.14.new/src/pidgin-libnotify.c 2011-03-14 21:09:23.523914000 +0000 -@@ -286,7 +286,12 @@ - g_free (tr_body); - return; - } -+/* the fourth argument was removed in libnotify 0.7.0 */ -+#if !defined(NOTIFY_VERSION_MINOR) || (NOTIFY_VERSION_MAJOR == 0 && NOTIFY_VERSION_MINOR < 7) - notification = notify_notification_new (title, tr_body, NULL, NULL); -+#else -+ notification = notify_notification_new (title, tr_body, NULL); -+#endif - purple_debug_info (PLUGIN_ID, "notify(), new: " - "title: '%s', body: '%s', buddy: '%s'\n", - title, tr_body, best_name (buddy)); diff --git a/x11-plugins/pidgin-libnotify/files/pidgin-libnotify-showbutton.patch b/x11-plugins/pidgin-libnotify/files/pidgin-libnotify-showbutton.patch deleted file mode 100644 index 1f84e6025..000000000 --- a/x11-plugins/pidgin-libnotify/files/pidgin-libnotify-showbutton.patch +++ /dev/null @@ -1,10 +0,0 @@ ---- src/pidgin-libnotify.c.orig 2007-10-01 20:52:38.000000000 +1000 -+++ src/pidgin-libnotify.c 2007-10-01 20:53:20.000000000 +1000 -@@ -307,6 +307,7 @@ - g_hash_table_insert (buddy_hash, contact, notification); - - g_object_set_data (G_OBJECT(notification), "contact", contact); -+ g_object_set_data (G_OBJECT(notification), "buddy", buddy); - - g_signal_connect (notification, "closed", G_CALLBACK(closed_cb), NULL); - diff --git a/x11-plugins/pidgin-libnotify/files/pidgin-libnotify_best_name.diff b/x11-plugins/pidgin-libnotify/files/pidgin-libnotify_best_name.diff deleted file mode 100644 index d445f3c9d..000000000 --- a/x11-plugins/pidgin-libnotify/files/pidgin-libnotify_best_name.diff +++ /dev/null @@ -1,22 +0,0 @@ -diff -ur pidgin-libnotify-0.14.orig/src/pidgin-libnotify.c pidgin-libnotify-0.14.mine/src/pidgin-libnotify.c ---- pidgin-libnotify-0.14.orig/src/pidgin-libnotify.c 2008-12-14 17:45:51.000000000 +0000 -+++ pidgin-libnotify-0.14.mine/src/pidgin-libnotify.c 2010-12-29 21:19:33.495080501 +0000 -@@ -131,16 +131,10 @@ - } - - /* do NOT g_free() the string returned by this function */ --static gchar * -+const static gchar * - best_name (PurpleBuddy *buddy) - { -- if (buddy->alias) { -- return buddy->alias; -- } else if (buddy->server_alias) { -- return buddy->server_alias; -- } else { -- return buddy->name; -- } -+ return purple_buddy_get_contact_alias(buddy); - } - - static GdkPixbuf * diff --git a/x11-plugins/pidgin-libnotify/pidgin-libnotify-0.14-r2.ebuild b/x11-plugins/pidgin-libnotify/pidgin-libnotify-0.14-r2.ebuild deleted file mode 100644 index 8c78c20a7..000000000 --- a/x11-plugins/pidgin-libnotify/pidgin-libnotify-0.14-r2.ebuild +++ /dev/null @@ -1,58 +0,0 @@ -# Copyright 1999-2012 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 - -EAPI="2" - -inherit eutils - -DESCRIPTION="pidgin-libnotify provides popups for pidgin via a libnotify interface" -HOMEPAGE="http://gaim-libnotify.sourceforge.net/" -SRC_URI="mirror://sourceforge/gaim-libnotify/${P}.tar.gz" - -LICENSE="GPL-2" -SLOT="0" -KEYWORDS="amd64 ppc x86" -IUSE="nls debug" - -RDEPEND=">=x11-libs/libnotify-0.3.2 - net-im/pidgin[gtk] - >=x11-libs/gtk+-2:2" - -DEPEND="${RDEPEND} - virtual/pkgconfig" - -src_prepare() { - epatch "${FILESDIR}"/${P}-libnotify-0.7-support.patch - # Source: Thev00d00 - # Make it build with libnotify 0.7 - epatch "${FILESDIR}"/pidgin-libnotify-showbutton.patch - # A collection of patches submitted to the (dead?) upstream - # Source: Debian - # needed to work with Notify OSD correctly. - epatch "${FILESDIR}"/fix-notify-osd.diff - # Source: Thev00d00 - # A version of the same patch found on ${HOMEPAGE} - # Adds an option to not show the message content in the message - epatch "${FILESDIR}"/no_text_in_messages.diff - # Source: Sourceforge patches page - # Enables file transfer notifications - epatch "${FILESDIR}"/notify_file_transfers.diff - # Source: Thev00d00 - # A version of the same patch found on ${HOMEPAGE} - # Use what Purple thinks is the most appropriate name - epatch "${FILESDIR}"/pidgin-libnotify_best_name.diff -} - -src_configure() { - econf \ - --disable-static \ - --disable-deprecated \ - $(use_enable debug) \ - $(use_enable nls) -} - -src_install() { - emake install DESTDIR="${D}" || die "make install failed" - find "${D}" -name '*.la' -delete - dodoc AUTHORS ChangeLog INSTALL NEWS README TODO VERSION || die -}