1 |
commit: 71cfbaaa8feb9925ae64b9a689a1859d9bf14862 |
2 |
Author: Andreas K. Hüttel <dilfridge <AT> gentoo <DOT> org> |
3 |
AuthorDate: Thu Apr 23 19:27:53 2020 +0000 |
4 |
Commit: Andreas K. Hüttel <dilfridge <AT> gentoo <DOT> org> |
5 |
CommitDate: Thu Apr 23 19:30:54 2020 +0000 |
6 |
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=71cfbaaa |
7 |
|
8 |
sys-libs/glibc: Block too-old openssh in 2.31 and later, bug 708224 |
9 |
|
10 |
Bug: https://bugs.gentoo.org/708224 |
11 |
Package-Manager: Portage-2.3.89, Repoman-2.3.20 |
12 |
Signed-off-by: Andreas K. Hüttel <dilfridge <AT> gentoo.org> |
13 |
|
14 |
sys-libs/glibc/glibc-2.31-r2.ebuild | 3 +++ |
15 |
sys-libs/glibc/glibc-9999.ebuild | 3 +++ |
16 |
2 files changed, 6 insertions(+) |
17 |
|
18 |
diff --git a/sys-libs/glibc/glibc-2.31-r2.ebuild b/sys-libs/glibc/glibc-2.31-r2.ebuild |
19 |
index 6afa9eaa6ef..f03483a5f7c 100644 |
20 |
--- a/sys-libs/glibc/glibc-2.31-r2.ebuild |
21 |
+++ b/sys-libs/glibc/glibc-2.31-r2.ebuild |
22 |
@@ -85,6 +85,8 @@ fi |
23 |
# We need a new-enough binutils/gcc to match upstream baseline. |
24 |
# Also we need to make sure our binutils/gcc supports TLS, |
25 |
# and that gcc already contains the hardened patches. |
26 |
+# Lastly, let's avoid some openssh nastiness, bug 708224, as |
27 |
+# convenience to our users. |
28 |
BDEPEND=" |
29 |
${PYTHON_DEPS} |
30 |
>=app-misc/pax-utils-0.1.10 |
31 |
@@ -101,6 +103,7 @@ COMMON_DEPEND=" |
32 |
suid? ( caps? ( sys-libs/libcap ) ) |
33 |
selinux? ( sys-libs/libselinux ) |
34 |
systemtap? ( dev-util/systemtap ) |
35 |
+ !<net-misc/openssh-8.1_p1-r2 |
36 |
" |
37 |
DEPEND="${COMMON_DEPEND} |
38 |
test? ( >=net-dns/libidn2-2.3.0 ) |
39 |
|
40 |
diff --git a/sys-libs/glibc/glibc-9999.ebuild b/sys-libs/glibc/glibc-9999.ebuild |
41 |
index ca721953558..dafe72da8ed 100644 |
42 |
--- a/sys-libs/glibc/glibc-9999.ebuild |
43 |
+++ b/sys-libs/glibc/glibc-9999.ebuild |
44 |
@@ -84,6 +84,8 @@ fi |
45 |
# We need a new-enough binutils/gcc to match upstream baseline. |
46 |
# Also we need to make sure our binutils/gcc supports TLS, |
47 |
# and that gcc already contains the hardened patches. |
48 |
+# Lastly, let's avoid some openssh nastiness, bug 708224, as |
49 |
+# convenience to our users. |
50 |
BDEPEND=" |
51 |
${PYTHON_DEPS} |
52 |
>=app-misc/pax-utils-0.1.10 |
53 |
@@ -100,6 +102,7 @@ COMMON_DEPEND=" |
54 |
suid? ( caps? ( sys-libs/libcap ) ) |
55 |
selinux? ( sys-libs/libselinux ) |
56 |
systemtap? ( dev-util/systemtap ) |
57 |
+ !<net-misc/openssh-8.1_p1-r2 |
58 |
" |
59 |
DEPEND="${COMMON_DEPEND} |
60 |
test? ( >=net-dns/libidn2-2.3.0 ) |