# Maintainer: Natanael Copa pkgname=openssh pkgver=6.8_p1 _myver=${pkgver%_*}${pkgver#*_} pkgrel=9 pkgdesc="Port of OpenBSD's free SSH release" url="http://www.openssh.org/portable.html" arch="all" license="as-is" options="suid" depends="openssh-client" makedepends="openssl-dev zlib-dev" subpackages="$pkgname-doc $pkgname-client $pkgname-keysign" source="http://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/$pkgname-$_myver.tar.gz CVE-2015-5600.patch CVE-2015-6563.patch CVE-2015-6564.patch CVE-2015-6565.patch CVE-2016-0777_CVE-2016-0778.patch CVE-2016-3115.patch CVE-2016-6210-1.patch CVE-2016-6210-2.patch CVE-2016-6515.patch CVE-2016-10010.patch CVE-2016-10011.patch openssh6.5-peaktput.diff openssh6.8-dynwindows.diff openssh-fix-utmp.diff sshd.initd sshd.confd openssh-sftp-interactive.diff " # HPN patches are from: http://www.psc.edu/index.php/hpn-ssh # secfixes: # 6.8_p1-r7: # - CVE-2016-6210 # 6.8_p1-r8: # - CVE-2016-6515 # 6.8_p1-r9: # - CVE-2016-10010 # - CVE-2016-10011 _builddir="$srcdir"/$pkgname-$_myver prepare() { cd "$_builddir" for i in $source; do case "$i" in *.diff.gz) msg "Applying $i" gunzip -c "$srcdir"/"${i##*/}" | patch -p1 -N || return 1 ;; *.diff|*.patch) msg "Applying $i" patch -p1 -N -i "$srcdir"/${i##*/} || return 1 ;; esac done sed -i -e '/_PATH_XAUTH/s:/usr/X11R6/bin/xauth:/usr/bin/xauth:' \ pathnames.h || return 1 } build () { cd "$_builddir" ./configure \ --build=$CBUILD \ --host=$CHOST \ --prefix=/usr \ --sysconfdir=/etc/ssh \ --datadir=/usr/share/openssh \ --libexecdir=/usr/lib/ssh \ --mandir=/usr/share/man \ --with-mantype=man \ --with-ldflags="${LDFLAGS}" \ --disable-strip \ --disable-lastlog \ --disable-wtmp \ --with-privsep-path=/var/empty \ --with-privsep-user=sshd \ --with-md5-passwords \ --with-ssl-engine \ --without-pam \ || return 1 make || return 1 } package() { cd "$_builddir" make DESTDIR="$pkgdir" install || return 1 mkdir -p "$pkgdir"/var/empty install -D -m755 "$srcdir"/sshd.initd \ "$pkgdir"/etc/init.d/sshd || return 1 install -D -m644 "$srcdir"/sshd.confd \ "$pkgdir"/etc/conf.d/sshd || return 1 install -Dm644 "$_builddir"/contrib/ssh-copy-id.1 \ "$pkgdir"/usr/share/man/man1/ssh-copy-id.1 || return 1 sed -i 's/#UseDNS yes/UseDNS no/' "$pkgdir"/etc/ssh/sshd_config } client() { pkgdesc="OpenBSD's SSH client" replaces="openssh" depends= install -d "$subpkgdir"/usr/bin \ "$subpkgdir"/usr/lib/ssh \ "$subpkgdir"/etc/ssh \ "$subpkgdir"/var/run \ "$subpkgdir"/var/empty mv "$pkgdir"/usr/bin/* \ "$subpkgdir"/usr/bin/ || return 1 mv "$pkgdir"/etc/ssh/ssh_config \ "$pkgdir"/etc/ssh/moduli \ "$subpkgdir"/etc/ssh/ || return 1 install -Dm755 "$_builddir"/contrib/findssl.sh \ "$subpkgdir"/usr/bin/findssl.sh || return 1 install -Dm755 "$_builddir"/contrib/ssh-copy-id \ "$subpkgdir"/usr/bin/ssh-copy-id || return 1 } keysign() { pkgdesc="ssh helper program for host-based authentication" install -d "$subpkgdir"/usr/lib/ssh || return 1 mv "$pkgdir"/usr/lib/ssh/ssh-keysign \ "$subpkgdir"/usr/lib/ssh/ || return 1 } md5sums="08f72de6751acfbd0892b5f003922701 openssh-6.8p1.tar.gz f3e17e9514d246d415fb6388609bc0f8 CVE-2015-5600.patch ae3ac6c890f3172327118f3b793e7f05 CVE-2015-6563.patch 9e107e2636250f33199ba47550ceca1e CVE-2015-6564.patch 449775b5ce63d85331f78784eeb70f78 CVE-2015-6565.patch 05cc6c7c1101b76959eac0d2d843561f CVE-2016-0777_CVE-2016-0778.patch 9dcae186783ebc1eaf80867016dde695 CVE-2016-3115.patch 8bdbd8213f3f5cac420839045fd377be CVE-2016-6210-1.patch 0a21e81b0920b2b79f788668072b827e CVE-2016-6210-2.patch c70de89a56f365514ea7a877c8267715 CVE-2016-6515.patch ff2645ea513fd071553f657aabb49e2b CVE-2016-10010.patch 368a1f2e4d381157647671effbb2f48e CVE-2016-10011.patch cd52fe99cb4b7d0d847bf5d710d93564 openssh6.5-peaktput.diff c6e29d7d88529a66d857657753f39694 openssh6.8-dynwindows.diff 37fbfe9cfb9a5e2454382ea8c79ed2e1 openssh-fix-utmp.diff e3fd4d42e2664b6c37f0c636f5e7a5d8 sshd.initd b35e9f3829f4cfca07168fcba98749c7 sshd.confd 2dd7e366607e95f9762273067309fd6e openssh-sftp-interactive.diff" sha256sums="3ff64ce73ee124480b5bf767b9830d7d3c03bbcb6abe716b78f0192c37ce160e openssh-6.8p1.tar.gz 8ce7fa061a4d3a0ac94f07ac694551ac1c5c1e5f82daf04a6434b69761c2fb6e CVE-2015-5600.patch 044c3ceeb69c4812414bc605d3fd1f49e48623fe75b958f130420c9a3a3d3914 CVE-2015-6563.patch 0f4db4d65edbbef21862ac10714bdd4f8911cf9f9b6eb220f94663be0c4872c8 CVE-2015-6564.patch cd30c1f083f810d71d91eb03ad08e2cb46652cb80dc40560729e308d4fab8a81 CVE-2015-6565.patch 0b5536dc8b1d19a536826d0fe2fe27e4b814b12a2d5f1902ffd6f96ce14e6b49 CVE-2016-0777_CVE-2016-0778.patch 75c8353309d0c1870c40498f1c9ca370dfef336d7771a4a6a4301edc5a020115 CVE-2016-3115.patch 9d241c182c62d6ac55ef2db0f377cea8b2293131b75b97de939f36ece61725a4 CVE-2016-6210-1.patch 021f15627e56ca5c45a05d3a71d2c79af9d3c86637c1eb40208c6f71d2fb9697 CVE-2016-6210-2.patch dae8c7167a614eae45e5efadd635791e1d7f47dadfa605819a29f7b8ecedf9aa CVE-2016-6515.patch 477fe3e0aa4e84ed456ed976070596047a587e0a743c2be8a69274869e904a01 CVE-2016-10010.patch 2e281fe5fae68346097c83738516195733e3745cbf144404983116f90c9790ea CVE-2016-10011.patch bf49212e47a86d10650f739532cea514a310925e6445b4f8011031b6b55f3249 openssh6.5-peaktput.diff bf0f00bd88a7224ea0618f6e347a6a805c4e5acd869196725a3923d711ff1246 openssh6.8-dynwindows.diff 1c85437fd94aa4fc269e6297e4eb790baa98c39949ec0410792c09ee31ba9782 openssh-fix-utmp.diff cf053bee46c7037bdab3b3575c7080f4b514d8623c023a4dcfccb4cdcff179cf sshd.initd 29c6d57ac3ec6018cadc6ba6cd9b90c9ed46e20049b970fdcc68ee2481a2ee41 sshd.confd 4ce1ad5f767c0f4e854a0cfeef0e2e400f333c649e552df1ecc317e6a6557376 openssh-sftp-interactive.diff" sha512sums="7c4457e4525a56cdabb1164ffaf6bed1c094294ae7d06dd3484dcffcd87738fcffe7019b6cae0032c254b0389832644522d5a9f2603b50637ffeb9999b5fcede openssh-6.8p1.tar.gz 30decd1e2f66e9a772389b190e3576722d554015c2ee2418b83bc77ed692c3e3d8ec0a8caf389b054c7db23571742d9eadd0017e8f95441759401867ceaf1fd1 CVE-2015-5600.patch 7ab16c39dc02d38c2b8498a187c43637f6e8a06dc9786d1746010d2d416d979c34103bd6f95365664a143641d85d6985f73bcf055f5eb481ec34ad2a7ee2e939 CVE-2015-6563.patch e5a7d536837aefb07260b01c2863f96d0db2521d7739ded69f92490fad4c8537c853320458cdbc3a86cd90805d54fc87e081ece1dd4cb19392599888f9078e26 CVE-2015-6564.patch 1199d18e14dcd9d296894c87b26288ac17744497f2aca0a0c9eae2f0e13e45b193160895cad5334ca282aece3a337831549debea22b98852fc221aec7dbc34eb CVE-2015-6565.patch c60a6d66537f08b69bcb320903c2903c10f7685052fa58b5ef3deb102f7a1ea50d817e5980bcc6c96d7b898f9cb8f4b0081c59d06c5a49dbc7e1ca737b63f6b1 CVE-2016-0777_CVE-2016-0778.patch 3fdfa02f4892abd1f5ca4cbe5e1cf5fe528c55b0ead3dd32de0bc04d4ec1ff6aec377b8e3a912bc209bb5186802ff9d86bd86ae7aefb59740005e4e091643aef CVE-2016-3115.patch 6c78935209d9af00c4f0ce27261a40cdea8714ce0eaf28935ec75853333421f72ee2281c674d70c2a5ef7c297ec0fe4699214e0874efe0341c35dfd5027a1702 CVE-2016-6210-1.patch aad1fc45a8f83fc778105ea43b6406860155fc89545a058ff0359586cbb33a0d0ebff99dc70be64a9e1021c4b971658b33bbae3efd383a9d81531dc4395b83a5 CVE-2016-6210-2.patch 23794c9035ac25851734f154fca25f10fdb4bb6fc02c4162e7593ee7f05dbbd7bc3d158fca640cc57819e8fb9d64053f188f7a2cbb204c7f37fe6a60115f2ac6 CVE-2016-6515.patch d6798d818ff7dfad0cd314c2f0e2d3d5477e4567f5422ff2409fdd56050d45e88073fb2b9008c3335cc3ac596b6c0ed13128fa5d588cbb56d4919ab62b218c26 CVE-2016-10010.patch 3ab26c702f7a64225d11dd485b288ac81f96afa2a13ab0a8082245d80d31d7c9c335e49cb4cec1e0439c39cb32df5360afd6bf6363d4cbaa80cb3a991c636755 CVE-2016-10011.patch e041398e177674f698480e23be037160bd07b751c754956a3ddf1b964da24c85e826fb75e7c23c9826d36761da73d08db9583c047d58a08dc7b2149a949075b1 openssh6.5-peaktput.diff 307ca56d2bae53f2f2852a695de440843a457c4000524d1b7dbcf2f46f70ae4f8ba7309273b62287ad5eef2005e2911dd737a0f55605352397b8f557d78e18df openssh6.8-dynwindows.diff f35fffcd26635249ce5d820e7b3e406e586f2d2d7f6a045f221e2f9fb53aebc1ab1dd1e603b3389462296ed77921a1d08456e7aaa3825cbed08f405b381a58e1 openssh-fix-utmp.diff 4c24dd9c3cc9ca97bc77bbabb4128e9e043d71523a4bfb93dae65882db1b397f80dc432a9dd013a0aafba1bc0864700d0c8613d444de244d540ff026ffc57e80 sshd.initd b9ae816af54a55e134a9307e376f05367b815f1b3fd545c2a2c312d18aedcf907f413e8bad8db980cdd9aad4011a72a79e1e94594f69500939a9cb46287f2f81 sshd.confd c1d09c65dbc347f0904edc30f91aa9a24b0baee50309536182455b544f1e3f85a8cecfa959e32be8b101d8282ef06dde3febbbc3f315489339dcf04155c859a9 openssh-sftp-interactive.diff"