Bug 218472

Summary: security/openssh-portable: 7.5p1 update breaks ldns/sshfp
Product: Ports & Packages Reporter: Craig Leres <leres>
Component: Individual Port(s)Assignee: Bryan Drewery <bdrewery>
Status: Closed FIXED    
Severity: Affects Only Me Flags: bugzilla: maintainer-feedback? (bdrewery)
Priority: ---    
Version: Latest   
Hardware: Any   
OS: Any   
Attachments:
Description Flags
patch
none
poudriere build log none

Description Craig Leres freebsd_committer 2017-04-08 02:34:30 UTC
After upgrading from openssh-portable 7.4p1 to 7.5p1 sshfp no longer works:

    debug1: found 8 insecure fingerprints in DNS
    debug1: matching host key fingerprint found in DNS

Some debugging showed that config.h now has:

    /* #undef HAVE_LDNS */

I believe upstream left a line out of configure.ac when making the switch to using ldns-config. The attached patch adds the missing line and results in a binary that works:

    debug1: found 8 secure fingerprints in DNS
    debug1: matching host key fingerprint found in DNS

I will file a report with upstream.
Comment 1 Craig Leres freebsd_committer 2017-04-08 02:34:54 UTC
Created attachment 181580 [details]
patch
Comment 2 Craig Leres freebsd_committer 2017-04-08 02:35:24 UTC
Created attachment 181581 [details]
poudriere build log
Comment 3 Bryan Drewery freebsd_committer 2017-06-09 14:41:51 UTC
Yup, same thing upstream:

commit 7af27bf538cbc493d609753f9a6d43168d438f1b
Author: Darren Tucker <dtucker@zip.com.au>
Date:   Fri Mar 24 09:44:56 2017 +1100

    Enable ldns when using ldns-config.

    Actually enable ldns when attempting to use ldns-config.  bz#2697, patch
    from fredrik at fornwall.net.

diff --git configure.ac configure.ac
index c2878e3d..82b28ce9 100644
--- configure.ac
+++ configure.ac
@@ -1486,6 +1486,7 @@ AC_ARG_WITH(ldns,
                else
                        LIBS="$LIBS `$LDNSCONFIG --libs`"
                        CPPFLAGS="$CPPFLAGS `$LDNSCONFIG --cflags`"
+                       ldns=yes
                fi
        elif test "x$withval" != "xno" ; then
                        CPPFLAGS="$CPPFLAGS -I${withval}/include"
Comment 4 Bryan Drewery freebsd_committer 2017-06-09 14:44:49 UTC
Thank you, sorry it took so long. I had just missed the email.
Comment 5 commit-hook freebsd_committer 2017-06-09 14:45:24 UTC
A commit references this bug:

Author: bdrewery
Date: Fri Jun  9 14:44:19 UTC 2017
New revision: 442999
URL: https://svnweb.freebsd.org/changeset/ports/442999

Log:
  Fix LDNS detection.

  This is the same fix made upstream as well.

  PR:		218472
  Submitted by:	leres@ee.lbl.gov
  MFH:		2017Q2

Changes:
  head/security/openssh-portable/Makefile
  head/security/openssh-portable/files/patch-configure.ac
Comment 6 commit-hook freebsd_committer 2017-06-09 14:45:26 UTC
A commit references this bug:

Author: bdrewery
Date: Fri Jun  9 14:45:08 UTC 2017
New revision: 443000
URL: https://svnweb.freebsd.org/changeset/ports/443000

Log:
  MFH: r442999

  Fix LDNS detection.

  This is the same fix made upstream as well.

  PR:		218472
  Submitted by:	leres@ee.lbl.gov
  Approved by:	portmgr (implicit)

Changes:
_U  branches/2017Q2/
  branches/2017Q2/security/openssh-portable/Makefile
  branches/2017Q2/security/openssh-portable/files/patch-configure.ac