[gentoo-commits] repo/gentoo:master commit in: sys-libs/glibc/

Thu, 23 Apr 2020 12:34:10 -0700 

commit:     71cfbaaa8feb9925ae64b9a689a1859d9bf14862
Author:     Andreas K. Hüttel <dilfridge <AT> gentoo <DOT> org>
AuthorDate: Thu Apr 23 19:27:53 2020 +0000
Commit:     Andreas K. Hüttel <dilfridge <AT> gentoo <DOT> org>
CommitDate: Thu Apr 23 19:30:54 2020 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=71cfbaaa

sys-libs/glibc: Block too-old openssh in 2.31 and later, bug 708224

Bug: https://bugs.gentoo.org/708224
Package-Manager: Portage-2.3.89, Repoman-2.3.20
Signed-off-by: Andreas K. Hüttel <dilfridge <AT> gentoo.org>

 sys-libs/glibc/glibc-2.31-r2.ebuild | 3 +++
 sys-libs/glibc/glibc-9999.ebuild    | 3 +++
 2 files changed, 6 insertions(+)

diff --git a/sys-libs/glibc/glibc-2.31-r2.ebuild 
b/sys-libs/glibc/glibc-2.31-r2.ebuild
index 6afa9eaa6ef..f03483a5f7c 100644
--- a/sys-libs/glibc/glibc-2.31-r2.ebuild
+++ b/sys-libs/glibc/glibc-2.31-r2.ebuild
@@ -85,6 +85,8 @@ fi
 # We need a new-enough binutils/gcc to match upstream baseline.
 # Also we need to make sure our binutils/gcc supports TLS,
 # and that gcc already contains the hardened patches.
+# Lastly, let's avoid some openssh nastiness, bug 708224, as
+# convenience to our users.
 BDEPEND="
        ${PYTHON_DEPS}
        >=app-misc/pax-utils-0.1.10
@@ -101,6 +103,7 @@ COMMON_DEPEND="
        suid? ( caps? ( sys-libs/libcap ) )
        selinux? ( sys-libs/libselinux )
        systemtap? ( dev-util/systemtap )
+       !<net-misc/openssh-8.1_p1-r2
 "
 DEPEND="${COMMON_DEPEND}
        test? ( >=net-dns/libidn2-2.3.0 )

diff --git a/sys-libs/glibc/glibc-9999.ebuild b/sys-libs/glibc/glibc-9999.ebuild
index ca721953558..dafe72da8ed 100644
--- a/sys-libs/glibc/glibc-9999.ebuild
+++ b/sys-libs/glibc/glibc-9999.ebuild
@@ -84,6 +84,8 @@ fi
 # We need a new-enough binutils/gcc to match upstream baseline.
 # Also we need to make sure our binutils/gcc supports TLS,
 # and that gcc already contains the hardened patches.
+# Lastly, let's avoid some openssh nastiness, bug 708224, as
+# convenience to our users.
 BDEPEND="
        ${PYTHON_DEPS}
        >=app-misc/pax-utils-0.1.10
@@ -100,6 +102,7 @@ COMMON_DEPEND="
        suid? ( caps? ( sys-libs/libcap ) )
        selinux? ( sys-libs/libselinux )
        systemtap? ( dev-util/systemtap )
+       !<net-misc/openssh-8.1_p1-r2
 "
 DEPEND="${COMMON_DEPEND}
        test? ( >=net-dns/libidn2-2.3.0 )

Reply via email to