Slackware 14.2slackware-14.2

Thu Jun 30 20:26:57 UTC 2016 Slackware 14.2 x86_64 stable is released! The long development cycle (the Linux community has lately been living in "interesting times", as they say) is finally behind us, and we're proud to announce the release of Slackware 14.2. The new release brings many updates and modern tools, has switched from udev to eudev (no systemd), and adds well over a hundred new packages to the system. Thanks to the team, the upstream developers, the dedicated Slackware community, and everyone else who pitched in to help make this release a reality. The ISOs are off to be replicated, a 6 CD-ROM 32-bit set and a dual-sided 32-bit/64-bit x86/x86_64 DVD. Please consider supporting the Slackware project by picking up a copy from store.slackware.com. We're taking pre-orders now, and offer a discount if you sign up for a subscription. Have fun! :-)
author: Patrick J Volkerding <volkerdi@slackware.com> 2016-06-30 20:26:57 +0000
committer: Eric Hameleers <alien@slackware.com> 2018-05-31 23:31:18 +0200
commit: d31c50870d0bee042ce660e445c9294a59a3a65b (patch)
tree: 6bfc0de3c95267b401b620c2c67859557dc60f97 /source/n/openssh
parent: 76fc4757ac91ac7947a01fb7b53dddf9a78a01d1 (diff)
download: current-d31c50870d0bee042ce660e445c9294a59a3a65b.tar.gz
current-d31c50870d0bee042ce660e445c9294a59a3a65b.tar.xz
4 files changed, 184 insertions, 7 deletions
diff --git a/source/n/openssh/doinst.sh b/source/n/openssh/doinst.sh
index d696245d0..73ce62836 100644
--- a/source/n/openssh/doinst.sh
+++ b/source/n/openssh/doinst.sh
@@ -9,10 +9,24 @@ config() {
   fi
   # Otherwise, we leave the .new copy for the admin to consider...
 }
+preserve_perms() {
+  NEW="$1"
+  OLD="$(dirname ${NEW})/$(basename ${NEW} .new)"
+  if [ -e ${OLD} ]; then
+    cp -a ${OLD} ${NEW}.incoming
+    cat ${NEW} > ${NEW}.incoming
+    touch -r ${NEW} ${NEW}.incoming
+    mv ${NEW}.incoming ${NEW}
+  fi
+  config ${NEW}
+}
 
 config etc/ssh/ssh_config.new
 config etc/ssh/sshd_config.new
-config etc/rc.d/rc.sshd.new
+preserve_perms etc/rc.d/rc.sshd.new
+if [ -e etc/rc.d/rc.sshd.new ]; then
+  mv etc/rc.d/rc.sshd.new etc/rc.d/rc.sshd
+fi
 
 # If the sshd user/group/shadow don't exist, add them:
 
diff --git a/source/n/openssh/openssh-7.2p1-libwrap.diff b/source/n/openssh/openssh-7.2p1-libwrap.diff
new file mode 100644
index 000000000..546e63ce2
--- /dev/null
+++ b/source/n/openssh/openssh-7.2p1-libwrap.diff
@@ -0,0 +1,156 @@
+From 8c59bae0e4bdc0e3456d1802b391370bdf9975f3 Mon Sep 17 00:00:00 2001
+From: mancha <mancha1 AT zoho DOT com>
+Date: Mon, 6 Oct 2014
+Subject: Re-introduce TCP Wrappers support
+
+Support for TCP Wrappers was dropped as of OpenSSH 6.7. This patch
+resurrects the feature.
+
+Relevant upstream commits:
+
+  https://anongit.mindrot.org/openssh.git/commit/?id=f2719b7c2b8a
+  https://anongit.mindrot.org/openssh.git/commit/?id=f9696566fb41
+
+---
+ configure.ac |   57 +++++++++++++++++++++++++++++++++++++++++++++++++++++
+ sshd.8       |    7 +++++++
+ sshd.c       |   25 +++++++++++++++++++++++
+ 3 files changed, 89 insertions(+)
+
+--- a/configure.ac
++++ b/configure.ac
+@@ -1380,6 +1380,62 @@ AC_ARG_WITH([skey],
+ 	]
+ )
+ 
++# Check whether user wants TCP wrappers support
++TCPW_MSG="no"
++AC_ARG_WITH([tcp-wrappers],
++	[  --with-tcp-wrappers[[=PATH]] Enable tcpwrappers support (optionally in PATH)],
++	[
++		if test "x$withval" != "xno" ; then
++			saved_LIBS="$LIBS"
++			saved_LDFLAGS="$LDFLAGS"
++			saved_CPPFLAGS="$CPPFLAGS"
++			if test -n "${withval}" && \
++			    test "x${withval}" != "xyes"; then
++				if test -d "${withval}/lib"; then
++					if test -n "${need_dash_r}"; then
++						LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
++					else
++						LDFLAGS="-L${withval}/lib ${LDFLAGS}"
++					fi
++				else
++					if test -n "${need_dash_r}"; then
++						LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
++					else
++						LDFLAGS="-L${withval} ${LDFLAGS}"
++					fi
++				fi
++				if test -d "${withval}/include"; then
++					CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
++				else
++					CPPFLAGS="-I${withval} ${CPPFLAGS}"
++				fi
++			fi
++			LIBS="-lwrap -lnsl $LIBS"
++			AC_MSG_CHECKING([for libwrap])
++			AC_LINK_IFELSE([AC_LANG_PROGRAM([[
++#include <sys/types.h>
++#include <sys/socket.h>
++#include <netinet/in.h>
++#include <tcpd.h>
++int deny_severity = 0, allow_severity = 0;
++				]], [[
++	hosts_access(0);
++				]])], [
++					AC_MSG_RESULT([yes])
++					AC_DEFINE([LIBWRAP], [1],
++						[Define if you want
++						TCP Wrappers support])
++					SSHDLIBS="$SSHDLIBS -lwrap -lnsl"
++					TCPW_MSG="yes"
++				], [
++					AC_MSG_ERROR([*** libwrap missing])
++				
++			])
++			LIBS="$saved_LIBS"
++		fi
++	]
++)
++
+ # Check whether user wants to use ldns
+ LDNS_MSG="no"
+ AC_ARG_WITH(ldns,
+@@ -4829,6 +4885,7 @@ echo "                 KerberosV support
+ echo "                   SELinux support: $SELINUX_MSG"
+ echo "                 Smartcard support: $SCARD_MSG"
+ echo "                     S/KEY support: $SKEY_MSG"
++echo "              TCP Wrappers support: $TCPW_MSG"
+ echo "              MD5 password support: $MD5_MSG"
+ echo "                   libedit support: $LIBEDIT_MSG"
+ echo "  Solaris process contract support: $SPC_MSG"
+--- a/sshd.8
++++ b/sshd.8
+@@ -851,6 +851,12 @@ the user's home directory becomes access
+ This file should be writable only by the user, and need not be
+ readable by anyone else.
+ .Pp
++.It Pa /etc/hosts.allow
++.It Pa /etc/hosts.deny
++Access controls that should be enforced by tcp-wrappers are defined here.
++Further details are described in
++.Xr hosts_access 5 .
++.Pp
+ .It Pa /etc/hosts.equiv
+ This file is for host-based authentication (see
+ .Xr ssh 1 ) .
+@@ -954,6 +960,7 @@ The content of this file is not sensitiv
+ .Xr ssh-keygen 1 ,
+ .Xr ssh-keyscan 1 ,
+ .Xr chroot 2 ,
++.Xr hosts_access 5 ,
+ .Xr login.conf 5 ,
+ .Xr moduli 5 ,
+ .Xr sshd_config 5 ,
+--- a/sshd.c
++++ b/sshd.c
+@@ -123,6 +123,13 @@
+ #include "ssh-sandbox.h"
+ #include "version.h"
+ 
++#ifdef LIBWRAP
++#include <tcpd.h>
++#include <syslog.h>
++int allow_severity;
++int deny_severity;
++#endif /* LIBWRAP */
++
+ #ifndef O_NOCTTY
+ #define O_NOCTTY	0
+ #endif
+@@ -2054,6 +2061,24 @@ main(int ac, char **av)
+ #ifdef SSH_AUDIT_EVENTS
+ 	audit_connection_from(remote_ip, remote_port);
+ #endif
++#ifdef LIBWRAP
++	allow_severity = options.log_facility|LOG_INFO;
++	deny_severity = options.log_facility|LOG_WARNING;
++	/* Check whether logins are denied from this host. */
++	if (packet_connection_is_on_socket()) {
++		struct request_info req;
++
++		request_init(&req, RQ_DAEMON, __progname, RQ_FILE, sock_in, 0);
++		fromhost(&req);
++
++		if (!hosts_access(&req)) {
++			debug("Connection refused by tcp wrapper");
++			refuse(&req);
++			/* NOTREACHED */
++			fatal("libwrap refuse returns");
++		}
++	}
++#endif /* LIBWRAP */
+ 
+ 	/* Log the connection. */
+ 	verbose("Connection from %s port %d on %s port %d",
diff --git a/source/n/openssh/openssh.SlackBuild b/source/n/openssh/openssh.SlackBuild
index 07ea16156..a917ee801 100755
--- a/source/n/openssh/openssh.SlackBuild
+++ b/source/n/openssh/openssh.SlackBuild
@@ -36,15 +36,15 @@ NUMJOBS=${NUMJOBS:--j6}
 # Automatically determine the architecture we're building on:
 if [ -z "$ARCH" ]; then
   case "$( uname -m )" in
-    i?86) export ARCH=i486 ;;
+    i?86) export ARCH=i586 ;;
     arm*) export ARCH=arm ;;
     # Unless $ARCH is already set, use uname -m for all other archs:
        *) export ARCH=$( uname -m ) ;;
   esac
 fi
 
-if [ "$ARCH" = "i486" ]; then
-  SLKCFLAGS="-O2 -march=i486 -mtune=i686"
+if [ "$ARCH" = "i586" ]; then
+  SLKCFLAGS="-O2 -march=i586 -mtune=i686"
 elif [ "$ARCH" = "s390" ]; then
   SLKCFLAGS="-O2"
 elif [ "$ARCH" = "x86_64" ]; then
@@ -68,6 +68,10 @@ tar xvf $CWD/openssh-$VERSION.tar.gz || tar xvf $CWD/openssh-$VERSION.tar.?z* ||
 cd openssh-$VERSION
 chown -R root:root .
 
+# Restore support for tcpwrappers:
+zcat $CWD/openssh-7.2p1-libwrap.diff.gz | patch -p1 --verbose || exit 1
+autoreconf -vif
+
 # Compile package:
 CFLAGS="$SLKCFLAGS" \
 ./configure \
diff --git a/source/n/openssh/rc.sshd b/source/n/openssh/rc.sshd
index cb2dfa410..2da2ab307 100644
--- a/source/n/openssh/rc.sshd
+++ b/source/n/openssh/rc.sshd
@@ -3,9 +3,6 @@
 
 sshd_start() {
   # Create host keys if needed.
-  if [ ! -r /etc/ssh/ssh_host_key ]; then
-    /usr/bin/ssh-keygen -t rsa1 -f /etc/ssh/ssh_host_key -N '' 
-  fi
   if [ ! -f /etc/ssh/ssh_host_dsa_key ]; then
     /usr/bin/ssh-keygen -t dsa -f /etc/ssh/ssh_host_dsa_key -N ''
   fi
@@ -15,6 +12,12 @@ sshd_start() {
   if [ ! -f /etc/ssh/ssh_host_ecdsa_key ]; then
     /usr/bin/ssh-keygen -t ecdsa -f /etc/ssh/ssh_host_ecdsa_key -N ''
   fi
+  if [ ! -f /etc/ssh/ssh_host_ed25519_key ]; then
+    /usr/bin/ssh-keygen -t ed25519 -f /etc/ssh/ssh_host_ed25519_key -N ''
+  fi
+  # Catch any new host key types not yet created above:
+  /usr/bin/ssh-keygen -A
+  # Start the sshd daemon:
   /usr/sbin/sshd
 }
author	Patrick J Volkerding <volkerdi@slackware.com>	2016-06-30 20:26:57 +0000
committer	Eric Hameleers <alien@slackware.com>	2018-05-31 23:31:18 +0200
commit	d31c50870d0bee042ce660e445c9294a59a3a65b (patch)
tree	6bfc0de3c95267b401b620c2c67859557dc60f97 /source/n/openssh
parent	76fc4757ac91ac7947a01fb7b53dddf9a78a01d1 (diff)
download	current-d31c50870d0bee042ce660e445c9294a59a3a65b.tar.gz current-d31c50870d0bee042ce660e445c9294a59a3a65b.tar.xz