diff --git a/srcpkgs/openssh/INSTALL.msg b/srcpkgs/openssh/INSTALL.msg new file mode 100644 index 00000000000..be9370562a3 --- /dev/null +++ b/srcpkgs/openssh/INSTALL.msg @@ -0,0 +1,3 @@ +CAUTION: After updating from OpenSSH <=8.1 to OpenSSH 8.2, the existing sshd +will not allow new connections. **Restart OpenSSH immediately** after this +update to ensure you still can log in! diff --git a/srcpkgs/openssh/patches/auth2-pubkey_c-command.patch b/srcpkgs/openssh/patches/auth2-pubkey_c-command.patch deleted file mode 100644 index 5370f6b4fd1..00000000000 --- a/srcpkgs/openssh/patches/auth2-pubkey_c-command.patch +++ /dev/null @@ -1,10 +0,0 @@ ---- auth2-pubkey.c 2019-05-14 12:41:42.185855228 +0200 -+++ auth2-pubkey.c 2019-05-14 12:44:49.649864899 +0200 -@@ -446,6 +446,7 @@ - username, strerror(errno)); - goto out; - } -+ command = strdup(options.authorized_principals_command); - - /* Turn the command into an argument vector */ - if (argv_split(options.authorized_principals_command, &ac, &av) != 0) { diff --git a/srcpkgs/openssh/patches/config.patch b/srcpkgs/openssh/patches/config.patch index 66f992101df..5ce3d57eb30 100644 --- a/srcpkgs/openssh/patches/config.patch +++ b/srcpkgs/openssh/patches/config.patch @@ -16,14 +16,6 @@ fchmod \ fchown \ freeaddrinfo \ -@@ -1732,7 +1732,6 @@ - prctl \ - pstat \ - readpassphrase \ -- reallocarray \ - recvmsg \ - rresvport_af \ - sendmsg \ @@ -1761,8 +1760,6 @@ strcasestr \ strdup \ diff --git a/srcpkgs/openssh/template b/srcpkgs/openssh/template index 6ac5ad0060c..0c7cf0de2ff 100644 --- a/srcpkgs/openssh/template +++ b/srcpkgs/openssh/template @@ -1,7 +1,7 @@ # Template file for 'openssh' pkgname=openssh -version=8.1p1 -revision=2 +version=8.2p1 +revision=1 build_style=gnu-configure configure_args="--datadir=/usr/share/openssh --sysconfdir=/etc/ssh --without-selinux --with-privsep-user=nobody @@ -12,23 +12,25 @@ configure_args="--datadir=/usr/share/openssh $(vopt_with ldns ldns=$XBPS_CROSS_BASE/usr) $(vopt_if ssl --with-ssl-engine --without-openssl) $(vopt_if gssapi --with-kerberos5=$XBPS_CROSS_BASE/usr --without-kerberos5) + $(vopt_if fido2 --with-security-key-builtin) LD=$CC ac_cv_header_sys_cdefs_h=false" hostmakedepends="autoconf" makedepends="libedit-devel pam-devel zlib-devel $(vopt_if gssapi 'mit-krb5-devel') $(vopt_if ldns 'libldns-devel') - $(vopt_if ssl 'libressl-devel')" + $(vopt_if ssl 'libressl-devel') $(vopt_if fido2 'libfido2-devel')" short_desc="OpenSSH free Secure Shell (SSH) client and server implementation" maintainer="Enno Boland " license="BSD-2-Clause, ISC" homepage="https://www.openssh.com" distfiles="https://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/${pkgname}-${version}.tar.gz" -checksum=02f5dbef3835d0753556f973cd57b4c19b6b1f6cd24c03445e23ac77ca1b93ff +checksum=43925151e6cf6cee1450190c0e9af4dc36b41c12737619edff8bcebdff64e671 conf_files="/etc/ssh/moduli /etc/ssh/ssh_config /etc/ssh/sshd_config /etc/pam.d/sshd" make_dirs="/var/chroot/ssh 0755 root root" # Package build options -build_options="ldns ssl gssapi" -build_options_default="ldns ssl" +build_options="fido2 gssapi ldns ssl" +build_options_default="fido2 ldns ssl" +desc_option_fido2="Enable support for FIDO2 USB tokens" CFLAGS="-Wno-format-truncation -Wno-stringop-truncation"