# Maintainer: Natanael Copa pkgname=openssh pkgver=6.7_p1 _myver=${pkgver%_*}${pkgver#*_} pkgrel=6 pkgdesc="Port of OpenBSD's free SSH release" url="http://www.openssh.org/portable.html" arch="all" license="as-is" options="suid" depends="openssh-client" makedepends="openssl-dev zlib-dev" subpackages="$pkgname-doc $pkgname-client $pkgname-keysign" source="http://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/$pkgname-$_myver.tar.gz openssh6.7-dynwindows.diff openssh6.5-peaktput.diff openssh-fix-includes.diff openssh-fix-utmp.diff sshd.initd sshd.confd openssh-sftp-interactive.diff CVE-2015-5600.patch CVE-2015-6563.patch CVE-2015-6564.patch CVE-2015-6565.patch CVE-2016-0777_CVE-2016-0778.patch CVE-2016-3115.patch CVE-2016-6210-1.patch CVE-2016-6210-2.patch CVE-2016-6515.patch " # HPN patches are from: http://www.psc.edu/index.php/hpn-ssh # secfixes: # 6.7_p1-r5: # - CVE-2016-6210 # 6.7_p1-r6: # - CVE-2016-6515 _builddir="$srcdir"/$pkgname-$_myver prepare() { cd "$_builddir" for i in $source; do case "$i" in *.diff.gz) msg "Applying $i" gunzip -c "$srcdir"/"${i##*/}" | patch -p1 -N || return 1 ;; *.diff|*.patch) msg "Applying $i" patch -p1 -N -i "$srcdir"/${i##*/} || return 1 ;; esac done sed -i -e '/_PATH_XAUTH/s:/usr/X11R6/bin/xauth:/usr/bin/xauth:' \ pathnames.h || return 1 } build () { cd "$_builddir" ./configure \ --build=$CBUILD \ --host=$CHOST \ --prefix=/usr \ --sysconfdir=/etc/ssh \ --datadir=/usr/share/openssh \ --libexecdir=/usr/lib/ssh \ --mandir=/usr/share/man \ --with-mantype=man \ --with-ldflags="${LDFLAGS}" \ --disable-strip \ --disable-lastlog \ --disable-wtmp \ --with-privsep-path=/var/empty \ --with-privsep-user=sshd \ --with-md5-passwords \ --with-ssl-engine \ --without-pam \ || return 1 make || return 1 } package() { cd "$_builddir" make DESTDIR="$pkgdir" install || return 1 mkdir -p "$pkgdir"/var/empty install -D -m755 "$srcdir"/sshd.initd \ "$pkgdir"/etc/init.d/sshd || return 1 install -D -m644 "$srcdir"/sshd.confd \ "$pkgdir"/etc/conf.d/sshd || return 1 install -Dm644 "$_builddir"/contrib/ssh-copy-id.1 \ "$pkgdir"/usr/share/man/man1/ssh-copy-id.1 || return 1 sed -i 's/#UseDNS yes/UseDNS no/' "$pkgdir"/etc/ssh/sshd_config } client() { pkgdesc="OpenBSD's SSH client" replaces="openssh" depends= install -d "$subpkgdir"/usr/bin \ "$subpkgdir"/usr/lib/ssh \ "$subpkgdir"/etc/ssh \ "$subpkgdir"/var/run \ "$subpkgdir"/var/empty mv "$pkgdir"/usr/bin/* \ "$subpkgdir"/usr/bin/ || return 1 mv "$pkgdir"/etc/ssh/ssh_config \ "$pkgdir"/etc/ssh/moduli \ "$subpkgdir"/etc/ssh/ || return 1 install -Dm755 "$_builddir"/contrib/findssl.sh \ "$subpkgdir"/usr/bin/findssl.sh || return 1 install -Dm755 "$_builddir"/contrib/ssh-copy-id \ "$subpkgdir"/usr/bin/ssh-copy-id || return 1 } keysign() { pkgdesc="ssh helper program for host-based authentication" install -d "$subpkgdir"/usr/lib/ssh || return 1 mv "$pkgdir"/usr/lib/ssh/ssh-keysign \ "$subpkgdir"/usr/lib/ssh/ || return 1 } md5sums="3246aa79317b1d23cae783a3bf8275d6 openssh-6.7p1.tar.gz 2121bdcba3751877b13f2f90802d4399 openssh6.7-dynwindows.diff cd52fe99cb4b7d0d847bf5d710d93564 openssh6.5-peaktput.diff 7c86680602f7ad71b0773d9e98a30d73 openssh-fix-includes.diff f7d9d6f96940ef66bd3c3a0aa27e57a7 openssh-fix-utmp.diff bcf990d4ef7ff446160cde7dbd32bf1f sshd.initd b35e9f3829f4cfca07168fcba98749c7 sshd.confd 2dd7e366607e95f9762273067309fd6e openssh-sftp-interactive.diff 188d255048996a0f2dce35031a9fdb07 CVE-2015-5600.patch ae3ac6c890f3172327118f3b793e7f05 CVE-2015-6563.patch 9e107e2636250f33199ba47550ceca1e CVE-2015-6564.patch 48b16c12877d665d9701809fdc6f4bc6 CVE-2015-6565.patch 05cc6c7c1101b76959eac0d2d843561f CVE-2016-0777_CVE-2016-0778.patch 9dcae186783ebc1eaf80867016dde695 CVE-2016-3115.patch 8bdbd8213f3f5cac420839045fd377be CVE-2016-6210-1.patch 0a21e81b0920b2b79f788668072b827e CVE-2016-6210-2.patch c70de89a56f365514ea7a877c8267715 CVE-2016-6515.patch" sha256sums="b2f8394eae858dabbdef7dac10b99aec00c95462753e80342e530bbb6f725507 openssh-6.7p1.tar.gz 7d02930524d1357232770e9dc5a92746e654d6dafcbd5762c8618b059f0bf7b9 openssh6.7-dynwindows.diff bf49212e47a86d10650f739532cea514a310925e6445b4f8011031b6b55f3249 openssh6.5-peaktput.diff c3189ba0e17e60e83851ac2d6f18ad5b08cb90cccfce31d61cccb9fd76d44d59 openssh-fix-includes.diff f2748da45d0bc31055727f8c80d93e1872cc043ced3202e2f6d150aca3c08dde openssh-fix-utmp.diff 2a9889ab224be7202ece80a7085aa3e85bbba9432467031b436dcd77cb92a2ac sshd.initd 29c6d57ac3ec6018cadc6ba6cd9b90c9ed46e20049b970fdcc68ee2481a2ee41 sshd.confd 4ce1ad5f767c0f4e854a0cfeef0e2e400f333c649e552df1ecc317e6a6557376 openssh-sftp-interactive.diff d7bc0d62a9741775ab618725c63c9bdda915e5c6d2e8a4c6995ebe1fa8b3224f CVE-2015-5600.patch 044c3ceeb69c4812414bc605d3fd1f49e48623fe75b958f130420c9a3a3d3914 CVE-2015-6563.patch 0f4db4d65edbbef21862ac10714bdd4f8911cf9f9b6eb220f94663be0c4872c8 CVE-2015-6564.patch e42adee1f712850efcce272b556909fd3daf688c1f6059d86bfcc064cea09e87 CVE-2015-6565.patch 0b5536dc8b1d19a536826d0fe2fe27e4b814b12a2d5f1902ffd6f96ce14e6b49 CVE-2016-0777_CVE-2016-0778.patch 75c8353309d0c1870c40498f1c9ca370dfef336d7771a4a6a4301edc5a020115 CVE-2016-3115.patch 9d241c182c62d6ac55ef2db0f377cea8b2293131b75b97de939f36ece61725a4 CVE-2016-6210-1.patch 021f15627e56ca5c45a05d3a71d2c79af9d3c86637c1eb40208c6f71d2fb9697 CVE-2016-6210-2.patch dae8c7167a614eae45e5efadd635791e1d7f47dadfa605819a29f7b8ecedf9aa CVE-2016-6515.patch" sha512sums="2469dfcd289948374843311dd9e5f7e144ce1cebd4bfce0d387d0b75cb59f3e1af1b9ebf96bd4ab6407dfa77a013c5d25742971053e61cae2541054aeaca559d openssh-6.7p1.tar.gz 4985134b4b1b06d9c8bc81af9f0e0690c3f23d78f3df2af70cd0030cc7ab5bd8d9aad60031ce8069902c6bb8ae6dde754aa87d6fd4587cdc6e99e7bb33f0d1bb openssh6.7-dynwindows.diff e041398e177674f698480e23be037160bd07b751c754956a3ddf1b964da24c85e826fb75e7c23c9826d36761da73d08db9583c047d58a08dc7b2149a949075b1 openssh6.5-peaktput.diff 70e2c6613ab77ec379e03ddf029c1c38e5d852bb225db40ceaa63e642d58b0261fa7c954b288710736bb1dc71f8057f2598ea0d1f5b1214135fa5e9541d5f05a openssh-fix-includes.diff cc909f68d9da1b264926973b96d36162b5c588299c98d62f526faf2ef1273d98bb8d8dea4d482770a2aef88bcbf15fa61144401aef9ab916c15e1623bcf449b5 openssh-fix-utmp.diff eeafefcb8a3357b498591480b39dc0116ab3440c88faeaeaddeac0b860f9e268abe6f603bc27893b79945acde06a45a7616d1bdc6ca27201cd8dc522f49b207e sshd.initd b9ae816af54a55e134a9307e376f05367b815f1b3fd545c2a2c312d18aedcf907f413e8bad8db980cdd9aad4011a72a79e1e94594f69500939a9cb46287f2f81 sshd.confd c1d09c65dbc347f0904edc30f91aa9a24b0baee50309536182455b544f1e3f85a8cecfa959e32be8b101d8282ef06dde3febbbc3f315489339dcf04155c859a9 openssh-sftp-interactive.diff c53410eb119fdba313661bdffbbbc0e19970c2321fdf24cb086d1946d0f99c8fb06c65b7edc52a746024caa1c6cf87dfc19758e28ff2935a555ac04c9437827a CVE-2015-5600.patch 7ab16c39dc02d38c2b8498a187c43637f6e8a06dc9786d1746010d2d416d979c34103bd6f95365664a143641d85d6985f73bcf055f5eb481ec34ad2a7ee2e939 CVE-2015-6563.patch e5a7d536837aefb07260b01c2863f96d0db2521d7739ded69f92490fad4c8537c853320458cdbc3a86cd90805d54fc87e081ece1dd4cb19392599888f9078e26 CVE-2015-6564.patch 2f74906d7bfc2ca48f001470606a055ade36b44c17d386ed89e44507c8821f1c7b48eed022be729459185d5b6f848fd5763f7b711e106fbc20fb18c10bb688bd CVE-2015-6565.patch c60a6d66537f08b69bcb320903c2903c10f7685052fa58b5ef3deb102f7a1ea50d817e5980bcc6c96d7b898f9cb8f4b0081c59d06c5a49dbc7e1ca737b63f6b1 CVE-2016-0777_CVE-2016-0778.patch 3fdfa02f4892abd1f5ca4cbe5e1cf5fe528c55b0ead3dd32de0bc04d4ec1ff6aec377b8e3a912bc209bb5186802ff9d86bd86ae7aefb59740005e4e091643aef CVE-2016-3115.patch 6c78935209d9af00c4f0ce27261a40cdea8714ce0eaf28935ec75853333421f72ee2281c674d70c2a5ef7c297ec0fe4699214e0874efe0341c35dfd5027a1702 CVE-2016-6210-1.patch aad1fc45a8f83fc778105ea43b6406860155fc89545a058ff0359586cbb33a0d0ebff99dc70be64a9e1021c4b971658b33bbae3efd383a9d81531dc4395b83a5 CVE-2016-6210-2.patch 23794c9035ac25851734f154fca25f10fdb4bb6fc02c4162e7593ee7f05dbbd7bc3d158fca640cc57819e8fb9d64053f188f7a2cbb204c7f37fe6a60115f2ac6 CVE-2016-6515.patch"