aboutsummaryrefslogtreecommitdiffstats
path: root/main/openssh/APKBUILD
blob: a4e4c73d96ba6dd7a499814e6a7157f659324ef4 (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193

# Contributor: Sergei Lukin <sergej.lukin@gmail.com>
# Conptributor: Valery Kartel <valery.kartel@gmail.com>
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=openssh
pkgver=7.2_p2
_myver=${pkgver%_*}${pkgver#*_}
pkgrel=5
pkgdesc="Port of OpenBSD's free SSH release"
url="http://www.openssh.org/portable.html"
arch="all"
license="as-is"
options="suid"
depends="openssh-client openssh-sftp-server"
makedepends="openssl-dev zlib-dev linux-headers"
subpackages="$pkgname-doc $pkgname-client $pkgname-keysign
	$pkgname-sftp-server:sftp"
source="http://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/$pkgname-$_myver.tar.gz
	openssh6.5-peaktput.diff
	openssh7.1-dynwindows.diff
	openssh-fix-utmp.diff
	bsd-compatible-realpath.patch
	sshd.initd
	sshd.confd
	openssh-sftp-interactive.diff
	CVE-2016-6210.patch
	CVE-2016-6515.patch
	CVE-2016-10009.patch
	CVE-2016-10010.patch
	CVE-2016-10011.patch
	CVE-2016-10012-1.patch
	CVE-2016-10012-2.patch
	CVE-2016-10012-3.patch
	CVE-2017-15906.patch
	"
# HPN patches are from: http://www.psc.edu/index.php/hpn-ssh

# secfixes:
#   7.2_p2-r1:
#     - CVE-2016-6210
#   7.2_p2-r2:
#     - CVE-2016-6515
#   7.2_p2-r4:
#     - CVE-2016-10009
#     - CVE-2016-10010
#     - CVE-2016-10011
#     - CVE-2016-10012
#   7.2_p1-r2:
#     - CVE-2017-15906

_builddir="$srcdir"/$pkgname-$_myver
prepare() {
	cd "$_builddir"
	for i in $source; do
		case "$i" in
		*.diff.gz)
			msg "Applying $i"
			gunzip -c "$srcdir"/"${i##*/}" | patch -p1 -N || return 1
			;;
		*.diff|*.patch)
			msg "Applying $i"
			patch -p1 -N -i "$srcdir"/${i##*/} || return 1
			;;
		esac
	done
	sed -i -e '/_PATH_XAUTH/s:/usr/X11R6/bin/xauth:/usr/bin/xauth:' \
		pathnames.h || return 1
}

build() {
	cd "$_builddir"
	./configure \
		--build=$CBUILD \
		--host=$CHOST \
		--prefix=/usr \
		--sysconfdir=/etc/ssh \
		--datadir=/usr/share/openssh \
		--libexecdir=/usr/lib/ssh \
		--mandir=/usr/share/man \
		--with-pid-dir=/run \
		--with-mantype=man \
		--with-ldflags="${LDFLAGS}" \
		--disable-strip \
		--disable-lastlog \
		--disable-wtmp \
		--with-privsep-path=/var/empty \
		--with-privsep-user=sshd \
		--with-md5-passwords \
		--with-ssl-engine \
		--without-pam \
		|| return 1
	make || return 1
}

package() {
	cd "$_builddir"
	make DESTDIR="$pkgdir" install || return 1
	mkdir -p "$pkgdir"/var/empty
	install -D -m755 "$srcdir"/sshd.initd \
		"$pkgdir"/etc/init.d/sshd || return 1
	install -D -m644 "$srcdir"/sshd.confd \
		"$pkgdir"/etc/conf.d/sshd || return 1
        install -Dm644 "$_builddir"/contrib/ssh-copy-id.1 \
		"$pkgdir"/usr/share/man/man1/ssh-copy-id.1 || return 1
	sed -i 's/#UseDNS yes/UseDNS no/' "$pkgdir"/etc/ssh/sshd_config
}

client() {
	pkgdesc="OpenBSD's SSH client"
	replaces="openssh"
	depends=
	install -d "$subpkgdir"/usr/bin \
		"$subpkgdir"/usr/lib/ssh \
		"$subpkgdir"/etc/ssh \
		"$subpkgdir"/var/empty

	mv "$pkgdir"/usr/bin/* \
		"$subpkgdir"/usr/bin/ || return 1
	mv "$pkgdir"/etc/ssh/ssh_config \
		"$pkgdir"/etc/ssh/moduli \
		"$subpkgdir"/etc/ssh/ || return 1
	install -Dm755 "$_builddir"/contrib/findssl.sh \
		"$subpkgdir"/usr/bin/findssl.sh || return 1
	install -Dm755 "$_builddir"/contrib/ssh-copy-id \
		"$subpkgdir"/usr/bin/ssh-copy-id || return 1
}

keysign() {
	pkgdesc="ssh helper program for host-based authentication"
	depends="openssh-client"
	install -d "$subpkgdir"/usr/lib/ssh || return 1
	mv "$pkgdir"/usr/lib/ssh/ssh-keysign \
		"$subpkgdir"/usr/lib/ssh/ || return 1
}

sftp() {
	pkgdesc="ssh sftp server module"
	depends=""
	install -d "$subpkgdir"/usr/lib/ssh || return 1
	mv "$pkgdir"/usr/lib/ssh/sftp-server \
		"$subpkgdir"/usr/lib/ssh/ || return 1
}

md5sums="13009a9156510d8f27e752659075cced  openssh-7.2p2.tar.gz
cd52fe99cb4b7d0d847bf5d710d93564  openssh6.5-peaktput.diff
6337ad8a38783c8f1285cf4f97fc451f  openssh7.1-dynwindows.diff
37fbfe9cfb9a5e2454382ea8c79ed2e1  openssh-fix-utmp.diff
177e3fc8239080bbba5617b373d10e73  bsd-compatible-realpath.patch
8ae02e304db5d42790b7269b03a8985f  sshd.initd
ccff4ede2075bcdaa070940cb4eadba2  sshd.confd
2dd7e366607e95f9762273067309fd6e  openssh-sftp-interactive.diff
baccdaf19767102c91343742cc09ebc9  CVE-2016-6210.patch
c70de89a56f365514ea7a877c8267715  CVE-2016-6515.patch
c90d3f553ab3f7e18eef857160b4f3e4  CVE-2016-10009.patch
ff2645ea513fd071553f657aabb49e2b  CVE-2016-10010.patch
368a1f2e4d381157647671effbb2f48e  CVE-2016-10011.patch
af9e3c0a4d90b72cc9532120dd50341c  CVE-2016-10012-1.patch
7bc38d8b2ff07def069a063a4ba74311  CVE-2016-10012-2.patch
75b99affc2a24f8187561e27a90cfbc8  CVE-2016-10012-3.patch
ebd41a660d9908cc89464956ea24ca6e  CVE-2017-15906.patch"
sha256sums="a72781d1a043876a224ff1b0032daa4094d87565a68528759c1c2cab5482548c  openssh-7.2p2.tar.gz
bf49212e47a86d10650f739532cea514a310925e6445b4f8011031b6b55f3249  openssh6.5-peaktput.diff
861132af07c18f5e0ac7b64f389a929e61a051887bf44bda770a97e3afd9bfb6  openssh7.1-dynwindows.diff
1c85437fd94aa4fc269e6297e4eb790baa98c39949ec0410792c09ee31ba9782  openssh-fix-utmp.diff
75930926f8381883c63d6de7a1f4ed63c2eedd1b682d4e9da8c760ac9242e1c6  bsd-compatible-realpath.patch
18521d52f5e38d5820732356d210fb45922f7b848b7c9ca0bb3823de9e088e1d  sshd.initd
3342d2fc9b174f898f887237002f04fa9bc01c31e9a851e063ca7de8825ad0eb  sshd.confd
4ce1ad5f767c0f4e854a0cfeef0e2e400f333c649e552df1ecc317e6a6557376  openssh-sftp-interactive.diff
53ee8c957e9dd3bb51fe629d04e6373c6e4b62026352463bad916a4e66c00f37  CVE-2016-6210.patch
dae8c7167a614eae45e5efadd635791e1d7f47dadfa605819a29f7b8ecedf9aa  CVE-2016-6515.patch
21cc3551212d0e7468ea624fed9a77f75c26ee618d0c8f9db5ba371a6714c2c9  CVE-2016-10009.patch
477fe3e0aa4e84ed456ed976070596047a587e0a743c2be8a69274869e904a01  CVE-2016-10010.patch
2e281fe5fae68346097c83738516195733e3745cbf144404983116f90c9790ea  CVE-2016-10011.patch
fedc1069bdbd7e95b8ba7f597fa0f07cae09714ba839b454596e5aa860698004  CVE-2016-10012-1.patch
2be09b0a0aa4b3859fddd360a679b41c95f97a7e11df95aa1a1abe174f97bab7  CVE-2016-10012-2.patch
bd6fa4cfd9cd7ebdfb4e9b8b6295b6b9579e48e90d46da1ec0a9d53aa1479369  CVE-2016-10012-3.patch
00d52aa970f8d98f938cedae371c5e2f265a0b52f377f3cea1c1f50209ad40bb  CVE-2017-15906.patch"
sha512sums="44f62b3a7bc50a0735d496a5aedeefb71550d8c10ad8f22b94e29fcc8084842db96e8c4ca41fced17af69e1aab09ed1182a12ad8650d9a46fd8743a0344df95b  openssh-7.2p2.tar.gz
e041398e177674f698480e23be037160bd07b751c754956a3ddf1b964da24c85e826fb75e7c23c9826d36761da73d08db9583c047d58a08dc7b2149a949075b1  openssh6.5-peaktput.diff
72a7dc21d18388c635d14dda762ac50caeefd38f0153d8ea36d18e9d7c982e104f7b7a3af8c18fd479c31201fbdee1639f3a1ec60d035d4ca8721a8563fa11a0  openssh7.1-dynwindows.diff
f35fffcd26635249ce5d820e7b3e406e586f2d2d7f6a045f221e2f9fb53aebc1ab1dd1e603b3389462296ed77921a1d08456e7aaa3825cbed08f405b381a58e1  openssh-fix-utmp.diff
0f5299c8ac921a3e75934bd6145c35f9151c33f9dd4bf3067412c7bf3c8b8f5668edf9d0a8bfac3f9eaa0a3a0819e9292742d131aab1185cac2b358b4e89fec2  bsd-compatible-realpath.patch
394a420a36880bb0dd37dfd8727cea91fd9de6534050169e21212a46513ef3aaafe2752c338699b3d4ccd14871b26cf01a152df8060cd37f86ce0665fd53c63f  sshd.initd
ce0abddbd2004891f88efd8522c4b37a4989290269fab339c0fa9aacc051f7fd3b20813e192e92e0e64315750041cb74012d4321260f4865ff69d7a935b259d4  sshd.confd
c1d09c65dbc347f0904edc30f91aa9a24b0baee50309536182455b544f1e3f85a8cecfa959e32be8b101d8282ef06dde3febbbc3f315489339dcf04155c859a9  openssh-sftp-interactive.diff
202ae2ca83c0caeb0099ca22e7a248053d29cc7751c5b5865004108e4b998d7bf738df8cc0aa138a2b770748e5f90835e707434acd4719ce388181db1dc81ccd  CVE-2016-6210.patch
23794c9035ac25851734f154fca25f10fdb4bb6fc02c4162e7593ee7f05dbbd7bc3d158fca640cc57819e8fb9d64053f188f7a2cbb204c7f37fe6a60115f2ac6  CVE-2016-6515.patch
8fed8ced305b61428a83c074c4a4ea53c7ad5a59c68604398852a5e33b728c241ca12f89f15fb6d3df37e82854b574a117522e4c178e20ca466f3f725ad05be1  CVE-2016-10009.patch
d6798d818ff7dfad0cd314c2f0e2d3d5477e4567f5422ff2409fdd56050d45e88073fb2b9008c3335cc3ac596b6c0ed13128fa5d588cbb56d4919ab62b218c26  CVE-2016-10010.patch
3ab26c702f7a64225d11dd485b288ac81f96afa2a13ab0a8082245d80d31d7c9c335e49cb4cec1e0439c39cb32df5360afd6bf6363d4cbaa80cb3a991c636755  CVE-2016-10011.patch
8d7601ecf86d5e4fcb7908690598d28af25a7e019d359b7b680a235844403414127262978e07679e36cef2293c114d417bd139c8791423febdb4ce2437d628b6  CVE-2016-10012-1.patch
8f2e4b851d69ff1328452ed0b2f804cb55f1ba668a9a77cb1b14c8bbd573436d8f4daa163662ac40e15bebfedaba2a666519c9b9e6f53a769415cef343e61fd5  CVE-2016-10012-2.patch
deef0aba42fa3d5c63807cfb106eaee25be2ab63a0f7cd80046ffd8e67bbc78ca19f1cdf433d522dbd09b088c4f0a165f3edcaba4c12d0200f8615da3c98f78a  CVE-2016-10012-3.patch
651e5b64659f4189e94113bbfcd58db4c435b9a65b1e877131d37865abc3d86db9dfcf0d0432d763d8463133dc083aa4aff689545cb0621fd79c552c034f34fe  CVE-2017-15906.patch"
generated by cgit v1.2.3 (git 2.25.1) at 2025-08-21 01:40:45 +0000