net-misc/openssh/files/openssh-5.1_p1-x509-hpn-glue.patch - mirrors/cros/chromiumos/overlays/chromiumos-overlay - Git at Google

 Move things around so hpn applies cleanly when using X509.

 Forward-Ported-from: files/openssh-4.9_p1-x509-hpn-glue.patch
 Signed-off-by: Robin H. Johnson <robbat2@gentoo.org>

 diff -Nuar --exclude '*.orig' --exclude '*.rej' openssh-5.1p1+x509/Makefile.in openssh-5.1p1+x509-hpn-glue/Makefile.in
 --- openssh-5.1p1+x509/Makefile.in	2008-08-23 14:12:53.000000000 -0700
 +++ openssh-5.1p1+x509-hpn-glue/Makefile.in	2008-08-23 14:13:51.000000000 -0700
 @@ -44,11 +44,12 @@
  CC=@CC@
  LD=@LD@
  CFLAGS=@CFLAGS@
 -CPPFLAGS=-I. -I$(srcdir) @CPPFLAGS@ @LDAP_CPPFLAGS@ $(PATHS) @DEFS@
 +CPPFLAGS=-I. -I$(srcdir) @CPPFLAGS@ $(PATHS) @DEFS@
  LIBS=@LIBS@
  SSHDLIBS=@SSHDLIBS@
  LIBEDIT=@LIBEDIT@
  LIBLDAP=@LDAP_LDFLAGS@ @LDAP_LIBS@
 +CPPFLAGS += @LDAP_CPPFLAGS@
  AR=@AR@
  AWK=@AWK@
  RANLIB=@RANLIB@
 diff -Nuar --exclude '*.orig' --exclude '*.rej' openssh-5.1p1+x509/servconf.c openssh-5.1p1+x509-hpn-glue/servconf.c
 --- openssh-5.1p1+x509/servconf.c	2008-08-23 14:12:53.000000000 -0700
 +++ openssh-5.1p1+x509-hpn-glue/servconf.c	2008-08-23 14:23:56.000000000 -0700
 @@ -108,6 +108,17 @@
  	options->log_level = SYSLOG_LEVEL_NOT_SET;
  	options->rhosts_rsa_authentication = -1;
  	options->hostbased_authentication = -1;
 +	options->hostbased_algorithms = NULL;
 +	options->pubkey_algorithms = NULL;
 +	ssh_x509flags_initialize(&options->x509flags, 1);
 +#ifndef SSH_X509STORE_DISABLED
 +	ssh_x509store_initialize(&options->ca);
 +#endif /*ndef SSH_X509STORE_DISABLED*/
 +#ifdef SSH_OCSP_ENABLED
 +	options->va.type = -1;
 +	options->va.certificate_file = NULL;
 +	options->va.responder_url = NULL;
 +#endif /*def SSH_OCSP_ENABLED*/
  	options->hostbased_uses_name_from_packet_only = -1;
  	options->rsa_authentication = -1;
  	options->pubkey_authentication = -1;
 @@ -151,18 +162,6 @@
  	options->num_permitted_opens = -1;
  	options->adm_forced_command = NULL;
  	options->chroot_directory = NULL;
 -
 -	options->hostbased_algorithms = NULL;
 -	options->pubkey_algorithms = NULL;
 -	ssh_x509flags_initialize(&options->x509flags, 1);
 -#ifndef SSH_X509STORE_DISABLED
 -	ssh_x509store_initialize(&options->ca);
 -#endif /*ndef SSH_X509STORE_DISABLED*/
 -#ifdef SSH_OCSP_ENABLED
 -	options->va.type = -1;
 -	options->va.certificate_file = NULL;
 -	options->va.responder_url = NULL;
 -#endif /*def SSH_OCSP_ENABLED*/
  }

  void
 @@ -338,6 +337,16 @@
  	/* Portable-specific options */
  	sUsePAM,
  	/* Standard Options */
 +	sHostbasedAlgorithms,
 +	sPubkeyAlgorithms,
 +	sX509KeyAlgorithm,
 +	sAllowedClientCertPurpose,
 +	sKeyAllowSelfIssued, sMandatoryCRL,
 +	sCACertificateFile, sCACertificatePath,
 +	sCARevocationFile, sCARevocationPath,
 +	sCAldapVersion, sCAldapURL,
 +	sVAType, sVACertificateFile,
 +	sVAOCSPResponderURL,
  	sPort, sHostKeyFile, sServerKeyBits, sLoginGraceTime, sKeyRegenerationTime,
  	sPermitRootLogin, sLogFacility, sLogLevel,
  	sRhostsRSAAuthentication, sRSAAuthentication,
 @@ -360,16 +369,6 @@
  	sGssAuthentication, sGssCleanupCreds, sAcceptEnv, sPermitTunnel,
  	sMatch, sPermitOpen, sForceCommand, sChrootDirectory,
  	sUsePrivilegeSeparation, sAllowAgentForwarding,
 -	sHostbasedAlgorithms,
 -	sPubkeyAlgorithms,
 -	sX509KeyAlgorithm,
 -	sAllowedClientCertPurpose,
 -	sKeyAllowSelfIssued, sMandatoryCRL,
 -	sCACertificateFile, sCACertificatePath,
 -	sCARevocationFile, sCARevocationPath,
 -	sCAldapVersion, sCAldapURL,
 -	sVAType, sVACertificateFile,
 -	sVAOCSPResponderURL,
  	sDeprecated, sUnsupported
  } ServerOpCodes;
	Move things around so hpn applies cleanly when using X509.

	Forward-Ported-from: files/openssh-4.9_p1-x509-hpn-glue.patch
	Signed-off-by: Robin H. Johnson <robbat2@gentoo.org>

	diff -Nuar --exclude '.orig' --exclude '.rej' openssh-5.1p1+x509/Makefile.in openssh-5.1p1+x509-hpn-glue/Makefile.in
	--- openssh-5.1p1+x509/Makefile.in 2008-08-23 14:12:53.000000000 -0700
	+++ openssh-5.1p1+x509-hpn-glue/Makefile.in 2008-08-23 14:13:51.000000000 -0700
	@@ -44,11 +44,12 @@
	CC=@CC@
	LD=@LD@
	CFLAGS=@CFLAGS@
	-CPPFLAGS=-I. -I$(srcdir) @CPPFLAGS@ @LDAP_CPPFLAGS@ $(PATHS) @DEFS@
	+CPPFLAGS=-I. -I$(srcdir) @CPPFLAGS@ $(PATHS) @DEFS@
	LIBS=@LIBS@
	SSHDLIBS=@SSHDLIBS@
	LIBEDIT=@LIBEDIT@
	LIBLDAP=@LDAP_LDFLAGS@ @LDAP_LIBS@
	+CPPFLAGS += @LDAP_CPPFLAGS@
	AR=@AR@
	AWK=@AWK@
	RANLIB=@RANLIB@
	diff -Nuar --exclude '.orig' --exclude '.rej' openssh-5.1p1+x509/servconf.c openssh-5.1p1+x509-hpn-glue/servconf.c
	--- openssh-5.1p1+x509/servconf.c 2008-08-23 14:12:53.000000000 -0700
	+++ openssh-5.1p1+x509-hpn-glue/servconf.c 2008-08-23 14:23:56.000000000 -0700
	@@ -108,6 +108,17 @@
	options->log_level = SYSLOG_LEVEL_NOT_SET;
	options->rhosts_rsa_authentication = -1;
	options->hostbased_authentication = -1;
	+ options->hostbased_algorithms = NULL;
	+ options->pubkey_algorithms = NULL;
	+ ssh_x509flags_initialize(&options->x509flags, 1);
	+#ifndef SSH_X509STORE_DISABLED
	+ ssh_x509store_initialize(&options->ca);
	+#endif /ndef SSH_X509STORE_DISABLED/
	+#ifdef SSH_OCSP_ENABLED
	+ options->va.type = -1;
	+ options->va.certificate_file = NULL;
	+ options->va.responder_url = NULL;
	+#endif /def SSH_OCSP_ENABLED/
	options->hostbased_uses_name_from_packet_only = -1;
	options->rsa_authentication = -1;
	options->pubkey_authentication = -1;
	@@ -151,18 +162,6 @@
	options->num_permitted_opens = -1;
	options->adm_forced_command = NULL;
	options->chroot_directory = NULL;
	-
	- options->hostbased_algorithms = NULL;
	- options->pubkey_algorithms = NULL;
	- ssh_x509flags_initialize(&options->x509flags, 1);
	-#ifndef SSH_X509STORE_DISABLED
	- ssh_x509store_initialize(&options->ca);
	-#endif /ndef SSH_X509STORE_DISABLED/
	-#ifdef SSH_OCSP_ENABLED
	- options->va.type = -1;
	- options->va.certificate_file = NULL;
	- options->va.responder_url = NULL;
	-#endif /def SSH_OCSP_ENABLED/
	}

	void
	@@ -338,6 +337,16 @@
	/* Portable-specific options */
	sUsePAM,
	/* Standard Options */
	+ sHostbasedAlgorithms,
	+ sPubkeyAlgorithms,
	+ sX509KeyAlgorithm,
	+ sAllowedClientCertPurpose,
	+ sKeyAllowSelfIssued, sMandatoryCRL,
	+ sCACertificateFile, sCACertificatePath,
	+ sCARevocationFile, sCARevocationPath,
	+ sCAldapVersion, sCAldapURL,
	+ sVAType, sVACertificateFile,
	+ sVAOCSPResponderURL,
	sPort, sHostKeyFile, sServerKeyBits, sLoginGraceTime, sKeyRegenerationTime,
	sPermitRootLogin, sLogFacility, sLogLevel,
	sRhostsRSAAuthentication, sRSAAuthentication,
	@@ -360,16 +369,6 @@
	sGssAuthentication, sGssCleanupCreds, sAcceptEnv, sPermitTunnel,
	sMatch, sPermitOpen, sForceCommand, sChrootDirectory,
	sUsePrivilegeSeparation, sAllowAgentForwarding,
	- sHostbasedAlgorithms,
	- sPubkeyAlgorithms,
	- sX509KeyAlgorithm,
	- sAllowedClientCertPurpose,
	- sKeyAllowSelfIssued, sMandatoryCRL,
	- sCACertificateFile, sCACertificatePath,
	- sCARevocationFile, sCARevocationPath,
	- sCAldapVersion, sCAldapURL,
	- sVAType, sVACertificateFile,
	- sVAOCSPResponderURL,
	sDeprecated, sUnsupported
	} ServerOpCodes;