Bug 218472 - security/openssh-portable: 7.5p1 update breaks ldns/sshfp
Summary: security/openssh-portable: 7.5p1 update breaks ldns/sshfp
Status: New
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Only Me
Assignee: Bryan Drewery
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2017-04-08 02:34 UTC by leres
Modified: 2017-04-08 02:35 UTC (History)
0 users

See Also:
bugzilla: maintainer-feedback? (bdrewery)


Attachments
patch (773 bytes, patch)
2017-04-08 02:34 UTC, leres
no flags Details | Diff
poudriere build log (261.13 KB, text/plain)
2017-04-08 02:35 UTC, leres
no flags Details

Note You need to log in before you can comment on or make changes to this bug.
Description leres 2017-04-08 02:34:30 UTC
After upgrading from openssh-portable 7.4p1 to 7.5p1 sshfp no longer works:

    debug1: found 8 insecure fingerprints in DNS
    debug1: matching host key fingerprint found in DNS

Some debugging showed that config.h now has:

    /* #undef HAVE_LDNS */

I believe upstream left a line out of configure.ac when making the switch to using ldns-config. The attached patch adds the missing line and results in a binary that works:

    debug1: found 8 secure fingerprints in DNS
    debug1: matching host key fingerprint found in DNS

I will file a report with upstream.
Comment 1 leres 2017-04-08 02:34:54 UTC
Created attachment 181580 [details]
patch
Comment 2 leres 2017-04-08 02:35:24 UTC
Created attachment 181581 [details]
poudriere build log