Merge branch 'testing'

# By James Meyer (1091) and others
# Via James Meyer (5) and others
* testing: (1148 commits)
  LinHES-config: during install don't kill off lirc.  This keeps the remote active all the way to the finish
  Change version numbers to 8.0  to match the release number. LinHES-conifg LinHES-system mythdb-initial runit-scripts supplemental-web
  LinHES-conifig: mv_install.py  for the last partition don't go all the way to the end.  Gotta leave room for gpt tables.
  xf86-video-ati: xorg ati driver.
  LinHES-config: timezip.py  add syncing up of parental lvl passwords and starting level with MBE.
  LinHES-system: correct the logic for breaking out of the wmctrl loop.   As written it would break out of the inner loop..but not the 60 iteration loop.
  e16_theme_settings:  remove slide-in prop for new windows.   For whatever reason this was preventing mplayer from being positioned correctly for appletrailers.
  LinHES-config, mythinstall:  change  case of hd_pvr and   serial to all lower refs #902
  zilog-firmware:   firmware for TX support of the hdpvr and pvr-150 In general I can't recommend anybody using these transmitters  but including the firmware just in case someone really wants to
  linhes-udev-rules:  added hdprv_lirc rule. All of these lirc rules are limited to exactly one device.  If more then one device is present then only the last device in init will get the symlink
  runit-scripts:  fix logging for igdeamon,   add support to remote init script so that the blaster is always the first device in the chain. added support specificly for hd_pvr
  LinHES-system:   add lh_system_restore and lh_system_backup.  These scripts are called from the mythmenu. refs #900
  iguanair: rebuild with python 2.7
  LinHES-system: msg_daemon.py fix  init and nasty bug related to timeout. In a nutshell timeout wouldn't work unless a msg without a timeout was called first.
  linhes-udev-rules:  add rules for mce,streamzap,serial  lirc devices.
  mythinstall: recompile for matching libs
  mythtv:  latest .25-fixes  and change mythbackup/restore call lh_system_$op   to replace mythbackup/mythrestore.  mythbackup no longer works correctly with the new windowmanager
  linhes-scripts: myth2mp3, myth2x264, myth2xvid: use mythutil to get cutlist
  LinHES-config, supplimental-web:  Fix proxy numbering for Ceton infiniTV
  linhes-system:  add additional stuff to the system backup and also introduced an exclude file. The exclude/include files are locate in /home/mythtv/backup_config/
  ...

9 files changed, 191 insertions, 79 deletions

diff --git a/abs/core/openssh/PKGBUILD b/abs/core/openssh/PKGBUILD
index 36a82bd..fced1e1 100644
--- a/abs/core/openssh/PKGBUILD
+++ b/abs/core/openssh/PKGBUILD
@@ -1,64 +1,96 @@
-# $Id: PKGBUILD 89278 2010-08-30 21:38:00Z thomas $
-# Maintainer: Aaron Griffin <aaron@archlinux.org>
+# $Id: PKGBUILD 162326 2012-06-25 06:10:45Z bisson $
+# Maintainer: Gaetan Bisson <bisson@archlinux.org>
+# Contributor: Aaron Griffin <aaron@archlinux.org>
 # Contributor: judd <jvinet@zeroflux.org>
 
 pkgname=openssh
-pkgver=5.6p1
-pkgrel=1
-pkgdesc='A Secure SHell server/client'
+pkgver=6.0p1
+pkgrel=3
+pkgdesc='Free version of the SSH connectivity tools'
+url='http://www.openssh.org/portable.html'
+license=('custom:BSD')
 arch=('i686' 'x86_64')
-license=('custom')
-url="http://www.openssh.org/portable.html"
-backup=('etc/ssh/ssh_config' 'etc/ssh/sshd_config' 'etc/pam.d/sshd')
-depends=('openssl' 'zlib' 'pam' 'tcp_wrappers' 'heimdal')
+depends=('krb5' 'openssl' 'libedit' 'ldns')
+optdepends=('xorg-xauth: X11 forwarding'
+            'x11-ssh-askpass: input passphrase in X')
 source=("ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/${pkgname}-${pkgver}.tar.gz"
-        'sshd' 'sshd.confd' 'sshd.pam')
-md5sums=('e6ee52e47c768bf0ec42a232b5d18fb0'
-         '17b1b1bf0f578a55945ee204bd4462af'
-         'e2cea70ac13af7e63d40eb04415eacd5'
-         '1c7c2ea8734ec7e3ca58d820634dc73a')
+        'sshd.close-sessions'
+        'sshdgenkeys.service'
+        'sshd@.service'
+        'sshd.service'
+        'sshd.socket'
+        'tmpfiles.d'
+        'sshd.confd'
+        'sshd.pam'
+        'sshd')
+sha1sums=('f691e53ef83417031a2854b8b1b661c9c08e4422'
+          '954bf1660aa32620c37034320877f4511b767ccb'
+          '6c71de2c2ca9622aa8e863acd94b135555e11125'
+          'bd6eae36c7ef9efb7147778baad7858b81f2d660'
+          '83a257b8f6a62237383262cb0e2583e5609ddac0'
+          'a30fb5fda6d0143345bae47684edaffb8d0a92a7'
+          'b5cf44205e8f4365c00bfbee110d7c0e563627aa'
+          'ec102deb69cad7d14f406289d2fc11fee6eddbdd'
+          '659e3ee95c269014783ff8b318c6f50bf7496fbd'
+          'ed36e3a522f619ff6b13e253526596e4cca11e9f')
+
+backup=('etc/ssh/ssh_config' 'etc/ssh/sshd_config' 'etc/pam.d/sshd' 'etc/conf.d/sshd')
 
 build() {
-  cd ${srcdir}/${pkgname}-${pkgver}
+	cd "${srcdir}/${pkgname}-${pkgver}"
+
+	./configure \
+		--prefix=/usr \
+		--libexecdir=/usr/lib/ssh \
+		--sysconfdir=/etc/ssh \
+		--with-ldns \
+		--with-libedit \
+		--with-ssl-engine \
+		--with-pam \
+		--with-privsep-user=nobody \
+		--with-kerberos5=/usr \
+		--with-xauth=/usr/bin/xauth \
+		--with-mantype=man \
+		--with-md5-passwords \
+		--with-pid-dir=/run \
+
+	make
+}
+
+check() {
+	cd "${srcdir}/${pkgname}-${pkgver}"
 
-  #NOTE we disable-strip so that makepkg can decide whether to strip or not
-  ./configure --prefix=/usr --libexecdir=/usr/lib/ssh \
-    --sysconfdir=/etc/ssh --with-tcp-wrappers --with-privsep-user=nobody \
-    --with-md5-passwords --with-pam --with-mantype=man --mandir=/usr/share/man \
-    --with-xauth=/usr/bin/xauth --with-kerberos5=/usr --with-ssl-engine \
-    --disable-strip
-  make || return 1
+	# The connect.sh test must be run by a user with a decent login shell;
+	# chroot builds use nobody with /bin/false.
+	make tests || true
 }
 
 package() {
-  cd ${srcdir}/${pkgname}-${pkgver}
-  make DESTDIR=${pkgdir} install
+	cd "${srcdir}/${pkgname}-${pkgver}"
+	make DESTDIR="${pkgdir}" install
 
-  install -Dm755 ${srcdir}/sshd ${pkgdir}/etc/rc.d/sshd
+	rm "${pkgdir}"/usr/share/man/man1/slogin.1
+	ln -sf ssh.1.gz "${pkgdir}"/usr/share/man/man1/slogin.1.gz
 
-  install -Dm644 LICENCE ${pkgdir}/usr/share/licenses/${pkgname}/LICENCE
-  install -Dm644 ${srcdir}/sshd.pam ${pkgdir}/etc/pam.d/sshd
-  install -Dm644 ${srcdir}/sshd.confd ${pkgdir}/etc/conf.d/sshd
+	install -Dm644 LICENCE "${pkgdir}/usr/share/licenses/${pkgname}/LICENCE"
 
-  rm ${pkgdir}/usr/share/man/man1/slogin.1
-  ln -sf ssh.1.gz ${pkgdir}/usr/share/man/man1/slogin.1.gz
+	install -Dm644 ../sshdgenkeys.service "${pkgdir}"/usr/lib/systemd/system/sshdgenkeys.service
+	install -Dm644 ../sshd@.service "${pkgdir}"/usr/lib/systemd/system/sshd@.service
+	install -Dm644 ../sshd.service "${pkgdir}"/usr/lib/systemd/system/sshd.service
+	install -Dm644 ../sshd.socket "${pkgdir}"/usr/lib/systemd/system/sshd.socket
+	install -Dm644 ../tmpfiles.d "${pkgdir}"/usr/lib/tmpfiles.d/openssh.conf
 
-  #additional contrib scripts that we like
-  install -Dm755 contrib/findssl.sh ${pkgdir}/usr/bin/findssl.sh
-  install -Dm755 contrib/ssh-copy-id ${pkgdir}/usr/bin/ssh-copy-id
-  install -Dm644 contrib/ssh-copy-id.1  ${pkgdir}/usr/share/man/man1/ssh-copy-id.1
+	install -Dm755 ../sshd.close-sessions "${pkgdir}/etc/rc.d/functions.d/sshd-close-sessions" # FS#17389
+	install -Dm644 ../sshd.confd "${pkgdir}"/etc/conf.d/sshd
+	install -Dm644 ../sshd.pam "${pkgdir}"/etc/pam.d/sshd
+	install -Dm755 ../sshd "${pkgdir}"/etc/rc.d/sshd
 
-  # sshd_config
-  sed -i \
-    -e 's|^#ListenAddress 0.0.0.0|ListenAddress 0.0.0.0|g' \
-    -e 's|^#UsePAM no|UsePAM yes|g' \
-    -e 's|^#ChallengeResponseAuthentication yes|ChallengeResponseAuthentication no|g' \
-    ${pkgdir}/etc/ssh/sshd_config
-  echo "HashKnownHosts yes" >>  ${pkgdir}/etc/ssh/ssh_config
-  echo "StrictHostKeyChecking ask" >>  ${pkgdir}/etc/ssh/ssh_config
+	install -Dm755 contrib/findssl.sh "${pkgdir}"/usr/bin/findssl.sh
+	install -Dm755 contrib/ssh-copy-id "${pkgdir}"/usr/bin/ssh-copy-id
+	install -Dm644 contrib/ssh-copy-id.1 "${pkgdir}"/usr/share/man/man1/ssh-copy-id.1
 
-  #ssh_config
-  sed -i \
-    -e 's|^# Host \*|Host *|g' \
-    ${pkgdir}/etc/ssh/ssh_config
+	sed \
+		-e '/^#ChallengeResponseAuthentication yes$/c ChallengeResponseAuthentication no' \
+		-e '/^#UsePAM no$/c UsePAM yes' \
+		-i "${pkgdir}"/etc/ssh/sshd_config
 }
diff --git a/abs/core/openssh/sshd b/abs/core/openssh/sshd
index bc0e453..4bf4780 100755
--- a/abs/core/openssh/sshd
+++ b/abs/core/openssh/sshd
@@ -4,38 +4,42 @@
 . /etc/rc.d/functions
 . /etc/conf.d/sshd
 
-PID="$(cat /var/run/sshd.pid 2>/dev/null)"
+PIDFILE=/run/sshd.pid
+PID=$(cat $PIDFILE 2>/dev/null)
+if ! readlink -q /proc/$PID/exe | grep -q '^/usr/sbin/sshd'; then
+	PID=
+	rm $PIDFILE 2>/dev/null
+fi
+
 case "$1" in
-  start)
-    stat_busy "Starting Secure Shell Daemon"
-    [ -f /etc/ssh/ssh_host_key ] || { /usr/bin/ssh-keygen -t rsa1 -N "" -f /etc/ssh/ssh_host_key >/dev/null; }
-    [ -f /etc/ssh/ssh_host_rsa_key ] || { /usr/bin/ssh-keygen -t rsa -N "" -f /etc/ssh/ssh_host_rsa_key >/dev/null; }
-    [ -f /etc/ssh/ssh_host_dsa_key ] || { /usr/bin/ssh-keygen -t dsa -N "" -f /etc/ssh/ssh_host_dsa_key >/dev/null; }
-    [ -d /var/empty ] || mkdir -p /var/empty
-    [ -z "$PID" ] && /usr/sbin/sshd $SSHD_ARGS
-    if [ $? -gt 0 ]; then
-      stat_fail
-    else
-      add_daemon sshd
-      stat_done
-    fi
-    ;;
-  stop)
-    stat_busy "Stopping Secure Shell Daemon"
-    [ ! -z "$PID" ]  && kill $PID &> /dev/null
-    if [ $? -gt 0 ]; then
-      stat_fail
-    else
-      rm_daemon sshd
-      stat_done
-    fi
-    ;;
-  restart)
-    $0 stop
-    sleep 1
-    $0 start
-    ;;
-  *)
-    echo "usage: $0 {start|stop|restart}"  
+	start)
+		stat_busy 'Starting Secure Shell Daemon'
+		/usr/bin/ssh-keygen -A
+		[[ -d /var/empty ]] || mkdir -p /var/empty
+		[[ -z $PID ]] && /usr/sbin/sshd $SSHD_ARGS
+		if [[ $? -gt 0 ]]; then
+			stat_fail
+		else
+			add_daemon sshd
+			stat_done
+		fi
+		;;
+	stop)
+		stat_busy 'Stopping Secure Shell Daemon'
+		[[ ! -z $PID ]] && kill $PID &> /dev/null
+		if [[ $? -gt 0 ]]; then
+			stat_fail
+		else
+			rm_daemon sshd
+			stat_done
+		fi
+		;;
+	restart)
+		$0 stop
+		sleep 1
+		$0 start
+		;;
+	*)
+		echo "usage: $0 {start|stop|restart}"
 esac
 exit 0
diff --git a/abs/core/openssh/sshd.close-sessions b/abs/core/openssh/sshd.close-sessions
new file mode 100644
index 0000000..be2a709
--- /dev/null
+++ b/abs/core/openssh/sshd.close-sessions
@@ -0,0 +1,17 @@
+# Close sshd sessions before shutting down the network; see FS#17389.
+
+sshd_close_sessions () {
+	if ck_daemon sshd; then
+		return
+	fi
+	/etc/rc.d/sshd stop
+	stat_busy "Stopping Secure Shell Sessions"
+	for i in $(pgrep sshd); do
+		if readlink -q /proc/$i/exe | grep -q '^/usr/sbin/sshd'; then
+			kill $i
+		fi
+	done &>/dev/null
+	stat_done
+}
+
+add_hook shutdown_start sshd_close_sessions
diff --git a/abs/core/openssh/sshd.pam b/abs/core/openssh/sshd.pam
index dc70815..aeef8be 100644
--- a/abs/core/openssh/sshd.pam
+++ b/abs/core/openssh/sshd.pam
@@ -1,10 +1,13 @@
 #%PAM-1.0
 #auth		required	pam_securetty.so	#Disable remote root
 auth		required	pam_unix.so
-auth		required	pam_nologin.so
 auth		required	pam_env.so
+account		required	pam_nologin.so
 account		required	pam_unix.so
 account		required	pam_time.so
 password	required	pam_unix.so
 session		required	pam_unix_session.so
 session		required	pam_limits.so
+session         optional        pam_loginuid.so
+-session	optional	pam_ck_connector.so nox11
+-session	optional	pam_systemd.so
diff --git a/abs/core/openssh/sshd.service b/abs/core/openssh/sshd.service
new file mode 100644
index 0000000..7c8f883
--- /dev/null
+++ b/abs/core/openssh/sshd.service
@@ -0,0 +1,19 @@
+[Unit]
+Description=OpenSSH Daemon
+After=sshdgenkeys.service
+
+[Service]
+ExecStart=/usr/sbin/sshd -D
+ExecReload=/bin/kill -HUP $MAINPID
+KillMode=process
+Restart=always
+
+[Install]
+WantedBy=multi-user.target
+Also=sshdgenkeys.service
+
+# Note that this is the service file for running a single SSH server for all
+# incoming connections, suitable only for systems with a large amount of SSH
+# traffic. In almost all other cases it is a better idea to use sshd.socket +
+# sshd@.service (i.e. the on-demand spawning version for one instance per
+# connection).
diff --git a/abs/core/openssh/sshd.socket b/abs/core/openssh/sshd.socket
new file mode 100644
index 0000000..6a67bfe
--- /dev/null
+++ b/abs/core/openssh/sshd.socket
@@ -0,0 +1,10 @@
+[Unit]
+Conflicts=sshd.service
+
+[Socket]
+ListenStream=22
+Accept=yes
+
+[Install]
+WantedBy=sockets.target
+Also=sshdgenkeys.service
diff --git a/abs/core/openssh/sshd@.service b/abs/core/openssh/sshd@.service
new file mode 100644
index 0000000..2fd9b08
--- /dev/null
+++ b/abs/core/openssh/sshd@.service
@@ -0,0 +1,8 @@
+[Unit]
+Description=OpenSSH Per-Connection Daemon
+After=sshdgenkeys.service
+
+[Service]
+ExecStart=-/usr/sbin/sshd -i
+StandardInput=socket
+StandardError=syslog
diff --git a/abs/core/openssh/sshdgenkeys.service b/abs/core/openssh/sshdgenkeys.service
new file mode 100644
index 0000000..47c1c3f
--- /dev/null
+++ b/abs/core/openssh/sshdgenkeys.service
@@ -0,0 +1,18 @@
+[Unit]
+Description=SSH Key Generation
+ConditionPathExists=|!/etc/ssh/ssh_host_key
+ConditionPathExists=|!/etc/ssh/ssh_host_key.pub
+ConditionPathExists=|!/etc/ssh/ssh_host_ecdsa_key
+ConditionPathExists=|!/etc/ssh/ssh_host_ecdsa_key.pub
+ConditionPathExists=|!/etc/ssh/ssh_host_dsa_key
+ConditionPathExists=|!/etc/ssh/ssh_host_dsa_key.pub
+ConditionPathExists=|!/etc/ssh/ssh_host_rsa_key
+ConditionPathExists=|!/etc/ssh/ssh_host_rsa_key.pub
+
+[Service]
+ExecStart=/usr/bin/ssh-keygen -A
+Type=oneshot
+RemainAfterExit=yes
+
+[Install]
+WantedBy=multi-user.target
diff --git a/abs/core/openssh/tmpfiles.d b/abs/core/openssh/tmpfiles.d
new file mode 100644
index 0000000..7c5b261
--- /dev/null
+++ b/abs/core/openssh/tmpfiles.d
@@ -0,0 +1 @@
+d /var/empty 0755 root root -