Bug 218472 - security/openssh-portable: 7.5p1 update breaks ldns/sshfp
Summary: security/openssh-portable: 7.5p1 update breaks ldns/sshfp
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Only Me
Assignee: Bryan Drewery
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2017-04-08 02:34 UTC by leres
Modified: 2017-06-09 14:45 UTC (History)
0 users

See Also:
bugzilla: maintainer-feedback? (bdrewery)


Attachments
patch (773 bytes, patch)
2017-04-08 02:34 UTC, leres
no flags Details | Diff
poudriere build log (261.13 KB, text/plain)
2017-04-08 02:35 UTC, leres
no flags Details

Note You need to log in before you can comment on or make changes to this bug.
Description leres 2017-04-08 02:34:30 UTC
After upgrading from openssh-portable 7.4p1 to 7.5p1 sshfp no longer works:

    debug1: found 8 insecure fingerprints in DNS
    debug1: matching host key fingerprint found in DNS

Some debugging showed that config.h now has:

    /* #undef HAVE_LDNS */

I believe upstream left a line out of configure.ac when making the switch to using ldns-config. The attached patch adds the missing line and results in a binary that works:

    debug1: found 8 secure fingerprints in DNS
    debug1: matching host key fingerprint found in DNS

I will file a report with upstream.
Comment 1 leres 2017-04-08 02:34:54 UTC
Created attachment 181580 [details]
patch
Comment 2 leres 2017-04-08 02:35:24 UTC
Created attachment 181581 [details]
poudriere build log
Comment 3 Bryan Drewery freebsd_committer 2017-06-09 14:41:51 UTC
Yup, same thing upstream:

commit 7af27bf538cbc493d609753f9a6d43168d438f1b
Author: Darren Tucker <dtucker@zip.com.au>
Date:   Fri Mar 24 09:44:56 2017 +1100

    Enable ldns when using ldns-config.

    Actually enable ldns when attempting to use ldns-config.  bz#2697, patch
    from fredrik at fornwall.net.

diff --git configure.ac configure.ac
index c2878e3d..82b28ce9 100644
--- configure.ac
+++ configure.ac
@@ -1486,6 +1486,7 @@ AC_ARG_WITH(ldns,
                else
                        LIBS="$LIBS `$LDNSCONFIG --libs`"
                        CPPFLAGS="$CPPFLAGS `$LDNSCONFIG --cflags`"
+                       ldns=yes
                fi
        elif test "x$withval" != "xno" ; then
                        CPPFLAGS="$CPPFLAGS -I${withval}/include"
Comment 4 Bryan Drewery freebsd_committer 2017-06-09 14:44:49 UTC
Thank you, sorry it took so long. I had just missed the email.
Comment 5 commit-hook freebsd_committer 2017-06-09 14:45:24 UTC
A commit references this bug:

Author: bdrewery
Date: Fri Jun  9 14:44:19 UTC 2017
New revision: 442999
URL: https://svnweb.freebsd.org/changeset/ports/442999

Log:
  Fix LDNS detection.

  This is the same fix made upstream as well.

  PR:		218472
  Submitted by:	leres@ee.lbl.gov
  MFH:		2017Q2

Changes:
  head/security/openssh-portable/Makefile
  head/security/openssh-portable/files/patch-configure.ac
Comment 6 commit-hook freebsd_committer 2017-06-09 14:45:26 UTC
A commit references this bug:

Author: bdrewery
Date: Fri Jun  9 14:45:08 UTC 2017
New revision: 443000
URL: https://svnweb.freebsd.org/changeset/ports/443000

Log:
  MFH: r442999

  Fix LDNS detection.

  This is the same fix made upstream as well.

  PR:		218472
  Submitted by:	leres@ee.lbl.gov
  Approved by:	portmgr (implicit)

Changes:
_U  branches/2017Q2/
  branches/2017Q2/security/openssh-portable/Makefile
  branches/2017Q2/security/openssh-portable/files/patch-configure.ac