218472 – security/openssh-portable: 7.5p1 update breaks ldns/sshfp

Bug 218472 - security/openssh-portable: 7.5p1 update breaks ldns/sshfp

Summary: security/openssh-portable: 7.5p1 update breaks ldns/sshfp

Status:	Closed FIXED

Alias:	None

Product:	Ports & Packages
Classification:	Unclassified
Component:	Individual Port(s) (show other bugs)
Version:	Latest
Hardware:	Any Any

Importance:	--- Affects Only Me
Assignee:	Bryan Drewery

URL:
Keywords:

Depends on:
Blocks:

Reported:	2017-04-08 02:34 UTC by Craig Leres
Modified:	2017-06-09 14:45 UTC (History)
CC List:	0 users

See Also:

Flags:	bugzilla: maintainer-feedback? (bdrewery)

Attachments
patch (773 bytes, patch) 2017-04-08 02:34 UTC, Craig Leres	no flags	Details \| Diff
poudriere build log (261.13 KB, text/plain) 2017-04-08 02:35 UTC, Craig Leres	no flags	Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Craig Leres freebsd_committer

2017-04-08 02:34:30 UTC

After upgrading from openssh-portable 7.4p1 to 7.5p1 sshfp no longer works:

    debug1: found 8 insecure fingerprints in DNS
    debug1: matching host key fingerprint found in DNS

Some debugging showed that config.h now has:

    /* #undef HAVE_LDNS */

I believe upstream left a line out of configure.ac when making the switch to using ldns-config. The attached patch adds the missing line and results in a binary that works:

    debug1: found 8 secure fingerprints in DNS
    debug1: matching host key fingerprint found in DNS

I will file a report with upstream.

Comment 1 Craig Leres freebsd_committer

2017-04-08 02:34:54 UTC

Created attachment 181580 [details]
patch

Comment 2 Craig Leres freebsd_committer

2017-04-08 02:35:24 UTC

Created attachment 181581 [details]
poudriere build log

Comment 3 Bryan Drewery freebsd_committer

2017-06-09 14:41:51 UTC

Yup, same thing upstream:

commit 7af27bf538cbc493d609753f9a6d43168d438f1b
Author: Darren Tucker <dtucker@zip.com.au>
Date:   Fri Mar 24 09:44:56 2017 +1100

    Enable ldns when using ldns-config.

    Actually enable ldns when attempting to use ldns-config.  bz#2697, patch
    from fredrik at fornwall.net.

diff --git configure.ac configure.ac
index c2878e3d..82b28ce9 100644
--- configure.ac
+++ configure.ac
@@ -1486,6 +1486,7 @@ AC_ARG_WITH(ldns,
                else
                        LIBS="$LIBS `$LDNSCONFIG --libs`"
                        CPPFLAGS="$CPPFLAGS `$LDNSCONFIG --cflags`"
+                       ldns=yes
                fi
        elif test "x$withval" != "xno" ; then
                        CPPFLAGS="$CPPFLAGS -I${withval}/include"

Comment 4 Bryan Drewery freebsd_committer

2017-06-09 14:44:49 UTC

Thank you, sorry it took so long. I had just missed the email.

Comment 5 commit-hook freebsd_committer

2017-06-09 14:45:24 UTC

A commit references this bug:

Author: bdrewery
Date: Fri Jun  9 14:44:19 UTC 2017
New revision: 442999
URL: https://svnweb.freebsd.org/changeset/ports/442999

Log:
  Fix LDNS detection.

  This is the same fix made upstream as well.

  PR:		218472
  Submitted by:	leres@ee.lbl.gov
  MFH:		2017Q2

Changes:
  head/security/openssh-portable/Makefile
  head/security/openssh-portable/files/patch-configure.ac

Comment 6 commit-hook freebsd_committer

2017-06-09 14:45:26 UTC

A commit references this bug:

Author: bdrewery
Date: Fri Jun  9 14:45:08 UTC 2017
New revision: 443000
URL: https://svnweb.freebsd.org/changeset/ports/443000

Log:
  MFH: r442999

  Fix LDNS detection.

  This is the same fix made upstream as well.

  PR:		218472
  Submitted by:	leres@ee.lbl.gov
  Approved by:	portmgr (implicit)

Changes:
_U  branches/2017Q2/
  branches/2017Q2/security/openssh-portable/Makefile
  branches/2017Q2/security/openssh-portable/files/patch-configure.ac