# Conptributor: Valery Kartel # Maintainer: Natanael Copa pkgname=openssh pkgver=7.5_p1 _myver=${pkgver%_*}${pkgver#*_} pkgrel=4 pkgdesc="Port of OpenBSD's free SSH release" url="http://www.openssh.org/portable.html" arch="all" license="as-is" options="suid" depends="openssh-client openssh-sftp-server openssh-server" makedepends_build="" makedepends_host="libressl-dev zlib-dev linux-headers" makedepends="$makedepends_build $makedepends_host" subpackages="$pkgname-doc $pkgname-keygen $pkgname-client $pkgname-keysign $pkgname-sftp-server:sftp $pkgname-server " source="http://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/$pkgname-$_myver.tar.gz fix-utmp.patch bsd-compatible-realpath.patch sftp-interactive.patch openssh-7.5p1-sandbox.patch CVE-2017-15906.patch CVE-2018-15473.patch CVE-2018-20685.patch CVE-2019-6109.patch CVE-2019-6111.patch have-progressmeter-force-update-at-beginning-and-end-transfer.patch openssh7.4-peaktput.patch openssh7.4-dynwindows.patch sshd.initd sshd.confd " # secfixes: # 7.5_p1-r4: # - CVE-2018-20685 # - CVE-2019-6109 # - CVE-2019-6111 # 7.5_p1-r3: # - CVE-2018-15473 # 7.5_p1-r2: # - CVE-2017-15906 # 7.4_p1-r0: # - CVE-2016-10009 # - CVE-2016-10010 # - CVE-2016-10011 # - CVE-2016-10012 # HPN patches are from: http://hpnssh.sourceforge.net/ builddir="$srcdir"/$pkgname-$_myver build() { cd "$builddir" export LD="$CC" ./configure \ --build=$CBUILD \ --host=$CHOST \ --prefix=/usr \ --sysconfdir=/etc/ssh \ --libexecdir=/usr/lib/ssh \ --mandir=/usr/share/man \ --with-pid-dir=/run \ --with-mantype=man \ --with-ldflags="${LDFLAGS}" \ --disable-lastlog \ --disable-strip \ --disable-wtmp \ --with-privsep-path=/var/empty \ --with-xauth=/usr/bin/xauth \ --with-privsep-user=sshd \ --with-md5-passwords \ --with-ssl-engine \ --without-pam \ || return 1 make || return 1 } package() { cd "$builddir" make DESTDIR="$pkgdir" install || return 1 mkdir -p "$pkgdir"/var/empty install -D -m755 "$srcdir"/sshd.initd \ "$pkgdir"/etc/init.d/sshd || return 1 install -D -m644 "$srcdir"/sshd.confd \ "$pkgdir"/etc/conf.d/sshd || return 1 install -Dm644 "$builddir"/contrib/ssh-copy-id.1 \ "$pkgdir"/usr/share/man/man1/ssh-copy-id.1 || return 1 sed -i 's/#UseDNS yes/UseDNS no/' "$pkgdir"/etc/ssh/sshd_config } keygen() { pkgdesc="ssh helper program for generating keys" depends= install -d "$subpkgdir"/usr/bin || return 1 mv "$pkgdir"/usr/bin/ssh-keygen \ "$subpkgdir"/usr/bin/ || return 1 } client() { pkgdesc="OpenBSD's SSH client" depends="openssh-keygen" install -d "$subpkgdir"/usr/bin \ "$subpkgdir"/usr/lib/ssh \ "$subpkgdir"/etc/ssh \ "$subpkgdir"/var/empty mv "$pkgdir"/usr/bin/* \ "$subpkgdir"/usr/bin/ || return 1 mv "$pkgdir"/etc/ssh/ssh_config \ "$pkgdir"/etc/ssh/moduli \ "$subpkgdir"/etc/ssh/ || return 1 install -Dm755 "$builddir"/contrib/findssl.sh \ "$subpkgdir"/usr/bin/findssl.sh || return 1 install -Dm755 "$builddir"/contrib/ssh-copy-id \ "$subpkgdir"/usr/bin/ssh-copy-id || return 1 } keysign() { pkgdesc="ssh helper program for host-based authentication" depends="openssh-client" install -d "$subpkgdir"/usr/lib/ssh || return 1 mv "$pkgdir"/usr/lib/ssh/ssh-keysign \ "$subpkgdir"/usr/lib/ssh/ || return 1 } sftp() { pkgdesc="ssh sftp server module" depends="" install -d "$subpkgdir"/usr/lib/ssh || return 1 mv "$pkgdir"/usr/lib/ssh/sftp-server \ "$subpkgdir"/usr/lib/ssh/ || return 1 } server() { pkgdesc="OpenSSH server" depends="openssh-keygen" for i in etc/ssh/sshd_config \ etc/init.d/sshd \ etc/conf.d/sshd \ usr/sbin/sshd \ usr/lib/ssh/ssh-pkcs11-helper; do install -d "$subpkgdir"/${i%/*} || return 1 mv "$pkgdir"/$i \ "$subpkgdir"/${i%/*}/ || return 1 done } sha512sums="58c542e8a110fb4316a68db94abb663fa1c810becd0638d45281df8aeca62c1f705090437a80e788e6c29121769b72a505feced537d3118c933fde01b5285c81 openssh-7.5p1.tar.gz f35fffcd26635249ce5d820e7b3e406e586f2d2d7f6a045f221e2f9fb53aebc1ab1dd1e603b3389462296ed77921a1d08456e7aaa3825cbed08f405b381a58e1 fix-utmp.patch f2b8daa537ea3f32754a4485492cc6eb3f40133ed46c0a5a29a89e4bcf8583d82d891d94bf2e5eb1c916fa68ec094abf4e6cd641e9737a6c05053808012b3a73 bsd-compatible-realpath.patch c1d09c65dbc347f0904edc30f91aa9a24b0baee50309536182455b544f1e3f85a8cecfa959e32be8b101d8282ef06dde3febbbc3f315489339dcf04155c859a9 sftp-interactive.patch 15c5478bcae56c019a2fbd82ec04808537fd4ba1f1ba4a0a88c0343c16c698c45dbfac59eebc3fcfd3c15b302ebec43e60ffa02442a6c77673b14818ad3f7b60 openssh-7.5p1-sandbox.patch e064acdb9b9990ac3e997b0110051150a0e0e86a128228d400707815957cb6414ae167c8992da049ee81f315ef19d0ba4d6f55aef197b1fa16fc7ebb8596d320 CVE-2017-15906.patch 390b238ec6f037dcd684f3cbbfd9655aa264791a32d3cbd270773989cdda3896756ddd83e4088356a56e21c183b11052cc4cc7653506d4b46ba48f092f7c66ea CVE-2018-15473.patch aab79b8a5761d27096a40af32ea864aecdde16068b2fe9090b7a45463c30c308f5c20756baf11705249e66d52489ccf51c95bbd8ac13af915d8151184fbbe681 CVE-2018-20685.patch 1ca02180ac6514ee32e898b76e4c678acdef75099bd7d3a75c485fd69c2d123906eca4f930d29051407d52d4d259a6ba94c1147c47a1be012d041aa41a05702d CVE-2019-6109.patch 73617926e4de73108f75c525b587ab643310417dbe43eb855748601cf6e91e646f3600a43a0d8a16a9ab88da770c6595a13c7acfa911e4da23c31a29d6968c78 CVE-2019-6111.patch da016f2e76cc663ca14a354abcbb5e8a0139735e6b3833fc7345ca6207dc02d4f093ffc64527a129f6cfdd1275cedca79fadf2d839fbd4d01517459b3f8a1d82 have-progressmeter-force-update-at-beginning-and-end-transfer.patch a69c79ca4bc76fbc8d16d20d508f307874e518e9ba3816db689cc94ee649f266286e74c1b03c25fd529c85332b85017a10614b381e3e9270be3de84d19633cc8 openssh7.4-peaktput.patch d98825a40bccbf6b46336fdbe7ac4a91cfd94939236f0ac03b48f09a29cf0df437e1ccf9eea7a8b3f1cd06e1e031aa023d99e68b97c0f3996b6642c94571f492 openssh7.4-dynwindows.patch 394a420a36880bb0dd37dfd8727cea91fd9de6534050169e21212a46513ef3aaafe2752c338699b3d4ccd14871b26cf01a152df8060cd37f86ce0665fd53c63f sshd.initd ce0abddbd2004891f88efd8522c4b37a4989290269fab339c0fa9aacc051f7fd3b20813e192e92e0e64315750041cb74012d4321260f4865ff69d7a935b259d4 sshd.confd"