blob: 38d94758569190558af7e37ff4df5367fb154541 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
|
# Contributor: Leonardo Arena <rnalrd@alpinelinux.org>
# Contributor: Valery Kartel <valery.kartel@gmail.com>
# Maintainer: Horst Burkhardt <horst@adelielinux.org>
pkgname=openssh
pkgver=7.9_p1
_myver=${pkgver%_*}${pkgver#*_}
pkgrel=4
pkgdesc="Port of OpenBSD's free SSH release"
url="https://www.openssh.com/portable.html"
arch="all"
license="BSD-1-Clause AND BSD-2-Clause AND BSD-3-Clause"
options="suid !check"
depends="openssh-client openssh-sftp-server openssh-server"
makedepends_build="linux-pam-dev gettext-tiny"
makedepends_host="openssl-dev zlib-dev linux-headers linux-pam-dev
gettext-tiny-dev utmps-dev"
makedepends="$makedepends_build $makedepends_host"
subpackages="$pkgname-doc
$pkgname-keygen
$pkgname-client
$pkgname-keysign
$pkgname-sftp-server:sftp
$pkgname-server
$pkgname-openrc
"
source="https://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/$pkgname-$_myver.tar.gz
bsd-compatible-realpath.patch
CVE-2018-20685.patch
disable-forwarding-by-default.patch
fix-utmpx.patch
openssh7.4-peaktput.patch
openssh-7.9_p1-openssl-1.0.2-compat.patch
sftp-interactive.patch
sshd.initd
sshd.confd
"
# secfixes:
# 7.9_p1-r2:
# - CVE-2018-20685
# 7.9_p1:
# - CVE-2018-15473
# 7.7_p1:
# - CVE-2017-15906
# 7.4_p1:
# - CVE-2016-10009
# - CVE-2016-10010
# - CVE-2016-10011
# - CVE-2016-10012
# HPN patches are from: http://hpnssh.sourceforge.net/
builddir="$srcdir"/$pkgname-$_myver
build() {
export LD="$CC"
LIBS="-lutmps -lskarnet" ./configure --build=$CBUILD \
--host=$CHOST \
--prefix=/usr \
--sysconfdir=/etc/ssh \
--libexecdir=/usr/lib/ssh \
--mandir=/usr/share/man \
--with-pid-dir=/run \
--with-mantype=man \
--with-ldflags="${LDFLAGS}" \
--enable-lastlog \
--disable-strip \
--enable-wtmp \
--with-privsep-path=/var/empty \
--with-xauth=/usr/bin/xauth \
--with-privsep-user=sshd \
--with-md5-passwords \
--with-ssl-engine \
--with-pam
make
}
package() {
make DESTDIR="$pkgdir" install
mkdir -p "$pkgdir"/var/empty
install -D -m755 "$srcdir"/sshd.initd \
"$pkgdir"/etc/init.d/sshd
install -D -m644 "$srcdir"/sshd.confd \
"$pkgdir"/etc/conf.d/sshd
install -Dm644 "$builddir"/contrib/ssh-copy-id.1 \
"$pkgdir"/usr/share/man/man1/ssh-copy-id.1
}
keygen() {
pkgdesc="Helper program for generating SSH keys"
depends=""
install -d "$subpkgdir"/usr/bin
mv "$pkgdir"/usr/bin/ssh-keygen \
"$subpkgdir"/usr/bin/
}
client() {
pkgdesc="OpenBSD's SSH client"
depends="openssh-keygen"
install -d "$subpkgdir"/usr/bin \
"$subpkgdir"/usr/lib/ssh \
"$subpkgdir"/etc/ssh \
"$subpkgdir"/var/empty
mv "$pkgdir"/usr/bin/* \
"$subpkgdir"/usr/bin/
mv "$pkgdir"/etc/ssh/ssh_config \
"$pkgdir"/etc/ssh/moduli \
"$subpkgdir"/etc/ssh/
install -Dm755 "$builddir"/contrib/findssl.sh \
"$subpkgdir"/usr/bin/findssl.sh
install -Dm755 "$builddir"/contrib/ssh-copy-id \
"$subpkgdir"/usr/bin/ssh-copy-id
install -Dm755 "$builddir"/ssh-pkcs11-helper \
"$subpkgdir"/usr/bin/ssh-pkcs11-helper
}
keysign() {
pkgdesc="Helper program for SSH host-based authentication"
depends="openssh-client"
install -d "$subpkgdir"/usr/lib/ssh
mv "$pkgdir"/usr/lib/ssh/ssh-keysign \
"$subpkgdir"/usr/lib/ssh/
}
sftp() {
pkgdesc="SFTP server module for OpenSSH"
depends=""
install -d "$subpkgdir"/usr/lib/ssh
mv "$pkgdir"/usr/lib/ssh/sftp-server \
"$subpkgdir"/usr/lib/ssh/
}
server() {
pkgdesc="OpenSSH server"
depends="openssh-client openssh-keygen"
replaces="openssh-server-common"
cd "$builddir"
install -d "$subpkgdir"/usr/sbin
install -d "$subpkgdir"/etc/ssh
mv "$pkgdir"/usr/sbin/sshd "$subpkgdir"/usr/sbin/
mv "$pkgdir"/etc/ssh/sshd_config "$subpkgdir"/etc/ssh/
}
openrc() {
default_openrc
depends="openssh-server"
install_if="openssh-server=$pkgver-r$pkgrel openrc"
}
sha512sums="0412c9c429c9287f0794023951469c8e6ec833cdb55821bfa0300dd90d0879ff60484f620cffd93372641ab69bf0b032c2d700ccc680950892725fb631b7708e openssh-7.9p1.tar.gz
f2b8daa537ea3f32754a4485492cc6eb3f40133ed46c0a5a29a89e4bcf8583d82d891d94bf2e5eb1c916fa68ec094abf4e6cd641e9737a6c05053808012b3a73 bsd-compatible-realpath.patch
b8907d3d6ebceeca15f6bc97551a7613c68df5c31e4e76d43b7c0bd9ad42dedcabc20a2cc5404b89f40850a4765b24892bde50eab1db55c96ad5cf23bb1f8d04 CVE-2018-20685.patch
f3d5960572ddf49635d4edbdff45835df1b538a81840db169c36b39862e6fa8b0393ca90626000b758f59567ff6810b2537304098652483b3b31fb438a061de6 disable-forwarding-by-default.patch
0c1e832cec420bc7b57558041d2288912a438db97050b87f6a57e94a2741a374cc5d141fe352968b0d1ba6accaff965794463fe9169d136678a8915a60d2f0b7 fix-utmpx.patch
398096a89aa104abeff31aa043ac406a6348e0fdd4d313b7888ee0b931d38fd71fc21bceee46145e88f03bc27e00890e068442faee2d33f86cfbc04d58ffa4b6 openssh7.4-peaktput.patch
dde28496df7ee74a2bbcf0aba389abefade3dc41f7d10dc6d3c1a0aca087478bafe10d31ec5e61e758084fa0a2a7c64314502091d900d9cee487c1bdc92722a6 openssh-7.9_p1-openssl-1.0.2-compat.patch
c1d09c65dbc347f0904edc30f91aa9a24b0baee50309536182455b544f1e3f85a8cecfa959e32be8b101d8282ef06dde3febbbc3f315489339dcf04155c859a9 sftp-interactive.patch
394a420a36880bb0dd37dfd8727cea91fd9de6534050169e21212a46513ef3aaafe2752c338699b3d4ccd14871b26cf01a152df8060cd37f86ce0665fd53c63f sshd.initd
ce0abddbd2004891f88efd8522c4b37a4989290269fab339c0fa9aacc051f7fd3b20813e192e92e0e64315750041cb74012d4321260f4865ff69d7a935b259d4 sshd.confd"
|
