# Contributor: Leonardo Arena # Contributor: Valery Kartel # Maintainer: Natanael Copa pkgname=openssh pkgver=7.5_p1 _myver=${pkgver%_*}${pkgver#*_} pkgrel=10 pkgdesc="Port of OpenBSD's free SSH release" url="http://www.openssh.org/portable.html" arch="all" license="as-is" options="suid" depends="openssh-client openssh-sftp-server openssh-server" makedepends_build="linux-pam-dev" makedepends_host="libressl-dev zlib-dev linux-headers" makedepends="$makedepends_build $makedepends_host" # Add more packages support here e.g. kerberos _pkgsupport="" [ -z "$BOOTSTRAP" ] && _pkgsupport="pam" subpackages="$pkgname-doc $pkgname-keygen $pkgname-client $pkgname-keysign $pkgname-sftp-server:sftp $pkgname-server-common:server_common:noarch $pkgname-server " for _flavour in $_pkgsupport; do subpackages="$subpackages ${pkgname}-server-$_flavour:_pkg_flavour" done source="http://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/$pkgname-$_myver.tar.gz fix-utmp.patch bsd-compatible-realpath.patch sftp-interactive.patch openssh-7.5p1-sandbox.patch CVE-2017-15906.patch CVE-2018-15473.patch CVE-2018-20685.patch CVE-2019-6109.patch CVE-2019-6111.patch have-progressmeter-force-update-at-beginning-and-end-transfer.patch openssh7.4-peaktput.patch openssh7.4-dynwindows.patch sshd.initd sshd.confd " # secfixes: # 7.5_p1-r10: # - CVE-2018-20685 # - CVE-2019-6109 # - CVE-2019-6111 # 7.5_p1-r9: # - CVE-2018-15473 # 7.5_p1-r0: # - CVE-2017-15906 # 7.5_p1-r8: # - CVE-2016-10009 # - CVE-2016-10010 # - CVE-2016-10011 # - CVE-2016-10012 # HPN patches are from: http://hpnssh.sourceforge.net/ builddir="$srcdir"/$pkgname-$_myver prepare() { cd "$builddir" default_prepare for _flavour in $_pkgsupport; do cp -R "$srcdir"/$pkgname-$_myver "$srcdir"/$pkgname-${_myver}-$_flavour done } build() { cd "$builddir" export LD="$CC" _configure_vanilla="./configure \ --build=$CBUILD \ --host=$CHOST \ --prefix=/usr \ --sysconfdir=/etc/ssh \ --libexecdir=/usr/lib/ssh \ --mandir=/usr/share/man \ --with-pid-dir=/run \ --with-mantype=doc \ --with-ldflags='${LDFLAGS}' \ --disable-lastlog \ --disable-strip \ --disable-wtmp \ --with-privsep-path=/var/empty \ --with-xauth=/usr/bin/xauth \ --with-privsep-user=sshd \ --with-md5-passwords \ --with-ssl-engine \ " # now we build "vanilla" openssh _configure="$_configure_vanilla" for _flavour in $_pkgsupport; do _configure="$_configure --without-$_flavour" done msg "Building openssh..." eval "$_configure" make # now we build other openssh-$_flavour _configure="$_configure_vanilla" for _flavour in $_pkgsupport; do cd "$builddir-$_flavour" msg "Building openssh with $_flavour support..." eval "$_configure --with-$_flavour" make done } package() { cd "$builddir" make DESTDIR="$pkgdir" install mkdir -p "$pkgdir"/var/empty install -D -m755 "$srcdir"/sshd.initd \ "$pkgdir"/etc/init.d/sshd install -D -m644 "$srcdir"/sshd.confd \ "$pkgdir"/etc/conf.d/sshd install -Dm644 "$builddir"/contrib/ssh-copy-id.1 \ "$pkgdir"/usr/share/man/man1/ssh-copy-id.1 sed -i 's/#UseDNS yes/UseDNS no/' "$pkgdir"/etc/ssh/sshd_config } keygen() { pkgdesc="ssh helper program for generating keys" depends= install -d "$subpkgdir"/usr/bin mv "$pkgdir"/usr/bin/ssh-keygen \ "$subpkgdir"/usr/bin/ } client() { pkgdesc="OpenBSD's SSH client" depends="openssh-keygen" install -d "$subpkgdir"/usr/bin \ "$subpkgdir"/usr/lib/ssh \ "$subpkgdir"/etc/ssh \ "$subpkgdir"/var/empty mv "$pkgdir"/usr/bin/* \ "$subpkgdir"/usr/bin/ mv "$pkgdir"/etc/ssh/ssh_config \ "$pkgdir"/etc/ssh/moduli \ "$subpkgdir"/etc/ssh/ install -Dm755 "$builddir"/contrib/findssl.sh \ "$subpkgdir"/usr/bin/findssl.sh install -Dm755 "$builddir"/contrib/ssh-copy-id \ "$subpkgdir"/usr/bin/ssh-copy-id install -Dm755 "$builddir"/ssh-pkcs11-helper \ "$subpkgdir"/usr/bin/ssh-pkcs11-helper } keysign() { pkgdesc="ssh helper program for host-based authentication" depends="openssh-client" install -d "$subpkgdir"/usr/lib/ssh mv "$pkgdir"/usr/lib/ssh/ssh-keysign \ "$subpkgdir"/usr/lib/ssh/ } sftp() { pkgdesc="ssh sftp server module" depends="" install -d "$subpkgdir"/usr/lib/ssh mv "$pkgdir"/usr/lib/ssh/sftp-server \ "$subpkgdir"/usr/lib/ssh/ } server_common() { pkgdesc="OpenSSH server configuration files" depends="" for i in etc/ssh/sshd_config \ etc/init.d/sshd \ etc/conf.d/sshd; do install -d "$subpkgdir"/${i%/*} mv "$pkgdir"/$i \ "$subpkgdir"/${i%/*}/ done } server() { pkgdesc="OpenSSH server" depends="openssh-keygen openssh-server-common" cd "$builddir" install -d "$subpkgdir"/usr/sbin mv "$pkgdir"/usr/sbin/sshd "$subpkgdir"/usr/sbin/ } _server() { cd "$builddir" install -d "$subpkgdir"/usr/sbin mv "$1"/sshd "$subpkgdir"/usr/sbin/ } _pkg_flavour() { pkgdesc="OpenSSH server with $_flavour support" depends="openssh-keygen openssh-server-common" for _flavour in $_pkgsupport; do cd "${builddir}"-$_flavour _server "${builddir}"-$_flavour done } sha512sums="58c542e8a110fb4316a68db94abb663fa1c810becd0638d45281df8aeca62c1f705090437a80e788e6c29121769b72a505feced537d3118c933fde01b5285c81 openssh-7.5p1.tar.gz f35fffcd26635249ce5d820e7b3e406e586f2d2d7f6a045f221e2f9fb53aebc1ab1dd1e603b3389462296ed77921a1d08456e7aaa3825cbed08f405b381a58e1 fix-utmp.patch f2b8daa537ea3f32754a4485492cc6eb3f40133ed46c0a5a29a89e4bcf8583d82d891d94bf2e5eb1c916fa68ec094abf4e6cd641e9737a6c05053808012b3a73 bsd-compatible-realpath.patch c1d09c65dbc347f0904edc30f91aa9a24b0baee50309536182455b544f1e3f85a8cecfa959e32be8b101d8282ef06dde3febbbc3f315489339dcf04155c859a9 sftp-interactive.patch 15c5478bcae56c019a2fbd82ec04808537fd4ba1f1ba4a0a88c0343c16c698c45dbfac59eebc3fcfd3c15b302ebec43e60ffa02442a6c77673b14818ad3f7b60 openssh-7.5p1-sandbox.patch e064acdb9b9990ac3e997b0110051150a0e0e86a128228d400707815957cb6414ae167c8992da049ee81f315ef19d0ba4d6f55aef197b1fa16fc7ebb8596d320 CVE-2017-15906.patch 390b238ec6f037dcd684f3cbbfd9655aa264791a32d3cbd270773989cdda3896756ddd83e4088356a56e21c183b11052cc4cc7653506d4b46ba48f092f7c66ea CVE-2018-15473.patch aab79b8a5761d27096a40af32ea864aecdde16068b2fe9090b7a45463c30c308f5c20756baf11705249e66d52489ccf51c95bbd8ac13af915d8151184fbbe681 CVE-2018-20685.patch 1ca02180ac6514ee32e898b76e4c678acdef75099bd7d3a75c485fd69c2d123906eca4f930d29051407d52d4d259a6ba94c1147c47a1be012d041aa41a05702d CVE-2019-6109.patch 73617926e4de73108f75c525b587ab643310417dbe43eb855748601cf6e91e646f3600a43a0d8a16a9ab88da770c6595a13c7acfa911e4da23c31a29d6968c78 CVE-2019-6111.patch da016f2e76cc663ca14a354abcbb5e8a0139735e6b3833fc7345ca6207dc02d4f093ffc64527a129f6cfdd1275cedca79fadf2d839fbd4d01517459b3f8a1d82 have-progressmeter-force-update-at-beginning-and-end-transfer.patch a69c79ca4bc76fbc8d16d20d508f307874e518e9ba3816db689cc94ee649f266286e74c1b03c25fd529c85332b85017a10614b381e3e9270be3de84d19633cc8 openssh7.4-peaktput.patch d98825a40bccbf6b46336fdbe7ac4a91cfd94939236f0ac03b48f09a29cf0df437e1ccf9eea7a8b3f1cd06e1e031aa023d99e68b97c0f3996b6642c94571f492 openssh7.4-dynwindows.patch 394a420a36880bb0dd37dfd8727cea91fd9de6534050169e21212a46513ef3aaafe2752c338699b3d4ccd14871b26cf01a152df8060cd37f86ce0665fd53c63f sshd.initd ce0abddbd2004891f88efd8522c4b37a4989290269fab339c0fa9aacc051f7fd3b20813e192e92e0e64315750041cb74012d4321260f4865ff69d7a935b259d4 sshd.confd"