# Contributor: Leonardo Arena # Contributor: Valery Kartel # Maintainer: Horst Burkhardt pkgname=openssh pkgver=8.1_p1 _myver=${pkgver%_*}${pkgver#*_} pkgrel=0 pkgdesc="Port of OpenBSD's free SSH release" url="https://www.openssh.com/portable.html" arch="all" license="BSD-1-Clause AND BSD-2-Clause AND BSD-3-Clause" options="suid !check" depends="openssh-client openssh-sftp-server openssh-server" makedepends_build="linux-pam-dev gettext-tiny" makedepends_host="openssl-dev zlib-dev linux-headers linux-pam-dev gettext-tiny-dev utmps-dev" makedepends="$makedepends_build $makedepends_host" subpackages="$pkgname-doc $pkgname-keygen $pkgname-client $pkgname-keysign $pkgname-sftp-server:sftp $pkgname-server $pkgname-openrc " source="https://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/$pkgname-$_myver.tar.gz disable-forwarding-by-default.patch fix-utmpx.patch sftp-interactive.patch time64-seccomp.patch sshd.initd sshd.confd " # secfixes: # 7.9_p1-r2: # - CVE-2018-20685 # 7.9_p1: # - CVE-2018-15473 # 7.7_p1: # - CVE-2017-15906 # 7.4_p1: # - CVE-2016-10009 # - CVE-2016-10010 # - CVE-2016-10011 # - CVE-2016-10012 # HPN patches are from: http://hpnssh.sourceforge.net/ builddir="$srcdir"/$pkgname-$_myver build() { export LD="$CC" LIBS="-lutmps -lskarnet" ./configure --build=$CBUILD \ --host=$CHOST \ --prefix=/usr \ --sysconfdir=/etc/ssh \ --libexecdir=/usr/lib/ssh \ --mandir=/usr/share/man \ --with-pid-dir=/run \ --with-mantype=man \ --with-ldflags="${LDFLAGS}" \ --enable-lastlog \ --disable-strip \ --enable-wtmp \ --with-privsep-path=/var/empty \ --with-xauth=/usr/bin/xauth \ --with-privsep-user=sshd \ --with-md5-passwords \ --with-ssl-engine \ --with-pam make } package() { make DESTDIR="$pkgdir" install mkdir -p "$pkgdir"/var/empty install -D -m755 "$srcdir"/sshd.initd \ "$pkgdir"/etc/init.d/sshd install -D -m644 "$srcdir"/sshd.confd \ "$pkgdir"/etc/conf.d/sshd install -Dm644 "$builddir"/contrib/ssh-copy-id.1 \ "$pkgdir"/usr/share/man/man1/ssh-copy-id.1 } keygen() { pkgdesc="Helper program for generating SSH keys" depends="" install -d "$subpkgdir"/usr/bin mv "$pkgdir"/usr/bin/ssh-keygen \ "$subpkgdir"/usr/bin/ } client() { pkgdesc="OpenBSD's SSH client" depends="openssh-keygen" install -d "$subpkgdir"/usr/bin \ "$subpkgdir"/usr/lib/ssh \ "$subpkgdir"/etc/ssh \ "$subpkgdir"/var/empty mv "$pkgdir"/usr/bin/* \ "$subpkgdir"/usr/bin/ mv "$pkgdir"/etc/ssh/ssh_config \ "$pkgdir"/etc/ssh/moduli \ "$subpkgdir"/etc/ssh/ install -Dm755 "$builddir"/contrib/findssl.sh \ "$subpkgdir"/usr/bin/findssl.sh install -Dm755 "$builddir"/contrib/ssh-copy-id \ "$subpkgdir"/usr/bin/ssh-copy-id install -Dm755 "$builddir"/ssh-pkcs11-helper \ "$subpkgdir"/usr/bin/ssh-pkcs11-helper } keysign() { pkgdesc="Helper program for SSH host-based authentication" depends="openssh-client" install -d "$subpkgdir"/usr/lib/ssh mv "$pkgdir"/usr/lib/ssh/ssh-keysign \ "$subpkgdir"/usr/lib/ssh/ } sftp() { pkgdesc="SFTP server module for OpenSSH" depends="" install -d "$subpkgdir"/usr/lib/ssh mv "$pkgdir"/usr/lib/ssh/sftp-server \ "$subpkgdir"/usr/lib/ssh/ } server() { pkgdesc="OpenSSH server" depends="openssh-client openssh-keygen" replaces="openssh-server-common" install -d "$subpkgdir"/usr/sbin install -d "$subpkgdir"/etc/ssh mv "$pkgdir"/usr/sbin/sshd "$subpkgdir"/usr/sbin/ mv "$pkgdir"/etc/ssh/sshd_config "$subpkgdir"/etc/ssh/ } openrc() { default_openrc depends="openssh-server" install_if="openssh-server=$pkgver-r$pkgrel openrc" } sha512sums="b987ea4ffd4ab0c94110723860273b06ed8ffb4d21cbd99ca144a4722dc55f4bf86f6253d500386b6bee7af50f066e2aa2dd095d50746509a10e11221d39d925 openssh-8.1p1.tar.gz f3d5960572ddf49635d4edbdff45835df1b538a81840db169c36b39862e6fa8b0393ca90626000b758f59567ff6810b2537304098652483b3b31fb438a061de6 disable-forwarding-by-default.patch 9033520d18ccfea87628c78008591ae8a143999868254eabc926ca0665611c9f09c221265b1b6f552b82eca58558244a020d615b55249a02f96e298c1f7ff520 fix-utmpx.patch 34c0673f550e7afcd47eda4fe1da48fb42e5344c95ba8064c9c3c137fda9c43635b0f7b8145d0300f59c79f75a396ebd467afb54cdaa42aa251d624d0752dc84 sftp-interactive.patch ad5b209f7f3fff69c10bae34da143e071e107a2141eee94f393532d6bb04a36bfe6d9b5d2c08b713f67118503c38d11b4aad689df1df7c8a918d52db8326821d time64-seccomp.patch 394a420a36880bb0dd37dfd8727cea91fd9de6534050169e21212a46513ef3aaafe2752c338699b3d4ccd14871b26cf01a152df8060cd37f86ce0665fd53c63f sshd.initd ce0abddbd2004891f88efd8522c4b37a4989290269fab339c0fa9aacc051f7fd3b20813e192e92e0e64315750041cb74012d4321260f4865ff69d7a935b259d4 sshd.confd"