After upgrading from openssh-portable 7.4p1 to 7.5p1 sshfp no longer works: debug1: found 8 insecure fingerprints in DNS debug1: matching host key fingerprint found in DNS Some debugging showed that config.h now has: /* #undef HAVE_LDNS */ I believe upstream left a line out of configure.ac when making the switch to using ldns-config. The attached patch adds the missing line and results in a binary that works: debug1: found 8 secure fingerprints in DNS debug1: matching host key fingerprint found in DNS I will file a report with upstream.
Created attachment 181580 [details] patch
Created attachment 181581 [details] poudriere build log
Yup, same thing upstream: commit 7af27bf538cbc493d609753f9a6d43168d438f1b Author: Darren Tucker <dtucker@zip.com.au> Date: Fri Mar 24 09:44:56 2017 +1100 Enable ldns when using ldns-config. Actually enable ldns when attempting to use ldns-config. bz#2697, patch from fredrik at fornwall.net. diff --git configure.ac configure.ac index c2878e3d..82b28ce9 100644 --- configure.ac +++ configure.ac @@ -1486,6 +1486,7 @@ AC_ARG_WITH(ldns, else LIBS="$LIBS `$LDNSCONFIG --libs`" CPPFLAGS="$CPPFLAGS `$LDNSCONFIG --cflags`" + ldns=yes fi elif test "x$withval" != "xno" ; then CPPFLAGS="$CPPFLAGS -I${withval}/include"
Thank you, sorry it took so long. I had just missed the email.
A commit references this bug: Author: bdrewery Date: Fri Jun 9 14:44:19 UTC 2017 New revision: 442999 URL: https://svnweb.freebsd.org/changeset/ports/442999 Log: Fix LDNS detection. This is the same fix made upstream as well. PR: 218472 Submitted by: leres@ee.lbl.gov MFH: 2017Q2 Changes: head/security/openssh-portable/Makefile head/security/openssh-portable/files/patch-configure.ac
A commit references this bug: Author: bdrewery Date: Fri Jun 9 14:45:08 UTC 2017 New revision: 443000 URL: https://svnweb.freebsd.org/changeset/ports/443000 Log: MFH: r442999 Fix LDNS detection. This is the same fix made upstream as well. PR: 218472 Submitted by: leres@ee.lbl.gov Approved by: portmgr (implicit) Changes: _U branches/2017Q2/ branches/2017Q2/security/openssh-portable/Makefile branches/2017Q2/security/openssh-portable/files/patch-configure.ac