# Contributor: Leonardo Arena # Contributor: Valery Kartel # Maintainer: Natanael Copa pkgname=openssh pkgver=8.2_p1 _myver=${pkgver%_*}${pkgver#*_} pkgrel=0 pkgdesc="Port of OpenBSD's free SSH release" url="https://www.openssh.com/portable.html" arch="all" license="BSD" options="!check suid" # FIXME: tests fails. disable for now depends="openssh-client openssh-sftp-server openssh-server" makedepends_build="linux-pam-dev" makedepends_host="openssl-dev zlib-dev libedit-dev linux-headers" makedepends="$makedepends_build $makedepends_host" # Add more packages support here e.g. kerberos _pkgsupport="" [ -z "$BOOTSTRAP" ] && _pkgsupport="pam" subpackages="$pkgname-dbg $pkgname-doc $pkgname-keygen $pkgname-client $pkgname-keysign $pkgname-sftp-server:sftp $pkgname-server-common:server_common:noarch $pkgname-server " for _flavour in $_pkgsupport; do subpackages="$subpackages $pkgname-server-$_flavour:_pkg_flavour" done source="https://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-$_myver.tar.gz fix-utmp.patch sftp-interactive.patch disable-forwarding-by-default.patch fix-verify-dns-segfault.patch sshd.initd sshd.confd " # secfixes: # 7.9_p1-r3: # - CVE-2018-20685 # - CVE-2019-6109 # - CVE-2019-6111 # 7.7_p1-r4: # - CVE-2018-15473 # 7.5_p1-r8: # - CVE-2017-15906 # 7.4_p1-r0: # - CVE-2016-10009 # - CVE-2016-10010 # - CVE-2016-10011 # - CVE-2016-10012 builddir="$srcdir"/$pkgname-$_myver prepare() { default_prepare for _flavour in $_pkgsupport; do cp -a "$srcdir"/$pkgname-$_myver "$srcdir"/$pkgname-$_myver-$_flavour done } build() { export LD="$CC" export TEST_SSH_UTF8=no # utf8 test fails _configure_vanilla="./configure \ --build=$CBUILD \ --host=$CHOST \ --prefix=/usr \ --sysconfdir=/etc/ssh \ --libexecdir=/usr/lib/ssh \ --mandir=/usr/share/man \ --with-pid-dir=/run \ --with-mantype=doc \ --with-ldflags='${LDFLAGS}' \ --disable-lastlog \ --disable-strip \ --disable-wtmp \ --with-privsep-path=/var/empty \ --with-xauth=/usr/bin/xauth \ --with-privsep-user=sshd \ --with-md5-passwords \ --with-ssl-engine \ --with-libedit \ " # now we build "vanilla" openssh _configure="$_configure_vanilla" for _flavour in $_pkgsupport; do _configure="$_configure --without-$_flavour" done msg "Building openssh..." eval "$_configure" make # now we build other openssh-$_flavour _configure="$_configure_vanilla" for _flavour in $_pkgsupport; do cd "$builddir-$_flavour" msg "Building openssh with $_flavour support..." eval "$_configure --with-$_flavour" make done } check() { make tests } package() { make DESTDIR="$pkgdir" install mkdir -p "$pkgdir"/var/empty install -D -m755 "$srcdir"/sshd.initd \ "$pkgdir"/etc/init.d/sshd install -D -m644 "$srcdir"/sshd.confd \ "$pkgdir"/etc/conf.d/sshd install -Dm644 "$builddir"/contrib/ssh-copy-id.1 \ "$pkgdir"/usr/share/man/man1/ssh-copy-id.1 sed -i 's/#UseDNS yes/UseDNS no/' "$pkgdir"/etc/ssh/sshd_config } keygen() { pkgdesc="ssh helper program for generating keys" depends= install -d "$subpkgdir"/usr/bin mv "$pkgdir"/usr/bin/ssh-keygen \ "$subpkgdir"/usr/bin/ } client() { pkgdesc="OpenBSD's SSH client" depends="openssh-keygen" install -d "$subpkgdir"/usr/bin \ "$subpkgdir"/usr/lib/ssh \ "$subpkgdir"/etc/ssh \ "$subpkgdir"/var/empty mv "$pkgdir"/usr/bin/* \ "$subpkgdir"/usr/bin/ mv "$pkgdir"/etc/ssh/ssh_config \ "$pkgdir"/etc/ssh/moduli \ "$subpkgdir"/etc/ssh/ install -Dm755 "$builddir"/contrib/findssl.sh \ "$subpkgdir"/usr/bin/findssl.sh install -Dm755 "$builddir"/contrib/ssh-copy-id \ "$subpkgdir"/usr/bin/ssh-copy-id install -Dm755 "$builddir"/ssh-pkcs11-helper \ "$subpkgdir"/usr/bin/ssh-pkcs11-helper } keysign() { pkgdesc="ssh helper program for host-based authentication" depends="openssh-client" install -d "$subpkgdir"/usr/lib/ssh mv "$pkgdir"/usr/lib/ssh/ssh-keysign \ "$subpkgdir"/usr/lib/ssh/ } sftp() { pkgdesc="ssh sftp server module" depends="" install -d "$subpkgdir"/usr/lib/ssh mv "$pkgdir"/usr/lib/ssh/sftp-server \ "$subpkgdir"/usr/lib/ssh/ } server_common() { pkgdesc="OpenSSH server configuration files" depends="" for i in etc/ssh/sshd_config \ etc/init.d/sshd \ etc/conf.d/sshd; do install -d "$subpkgdir"/${i%/*} mv "$pkgdir"/$i \ "$subpkgdir"/${i%/*}/ done } server() { pkgdesc="OpenSSH server" depends="openssh-keygen openssh-server-common" cd "$builddir" install -d "$subpkgdir"/usr/sbin mv "$pkgdir"/usr/sbin/sshd "$subpkgdir"/usr/sbin/ } _server() { cd "$builddir" install -d "$subpkgdir"/usr/sbin mv "$1"/sshd "$subpkgdir"/usr/sbin/ } _pkg_flavour() { pkgdesc="OpenSSH server with $_flavour support" depends="openssh-keygen openssh-server-common" for _flavour in $_pkgsupport; do cd "$builddir"-$_flavour _server "$builddir"-$_flavour done } sha512sums="c4db64e52a3a4c410de9de49f9cb104dd493b10250af3599b92457dd986277b3fd99a6f51cec94892fd1be5bd0369c5757262ea7805f0de464b245c3d34c120a openssh-8.2p1.tar.gz f35fffcd26635249ce5d820e7b3e406e586f2d2d7f6a045f221e2f9fb53aebc1ab1dd1e603b3389462296ed77921a1d08456e7aaa3825cbed08f405b381a58e1 fix-utmp.patch c1d09c65dbc347f0904edc30f91aa9a24b0baee50309536182455b544f1e3f85a8cecfa959e32be8b101d8282ef06dde3febbbc3f315489339dcf04155c859a9 sftp-interactive.patch 8df35d72224cd255eb0685d2c707b24e5eb24f0fdd67ca6cc0f615bdbd3eeeea2d18674a6af0c6dab74c2d8247e2370d0b755a84c99f766a431bc50c40b557de disable-forwarding-by-default.patch b0d1fc89bd46ebfc8c7c00fd897732e67a6cda996811c14d99392685bb0b508b52c9dc3188b1a84c0ffa3f72f57189cc615a76b81796dd1b5f552542bd53f84d fix-verify-dns-segfault.patch 8122ac1838586a1487dad1f70ed2ec8161ae57b4a7ee8bfef9757b590aa76a887a6c5e5f2575728da4c6c2f00d2a924360e23d84a4df204d7021b44b690cb2f8 sshd.initd ec506156c286e5b28a530e9964dd68b7f6c9e881fbc47247a988e52a1f9cd50cbfaf4955c96774f9e2508d8b734c4abf98785fbaa75ae6249e3464b5495f1afc sshd.confd"