wok-current view openssh/receipt @ rev 25695
Up linux 5.10.214, Patch xorg-server (CVE-2024-31080, CVE-2024-31081, CVE-2024-31082, CVE-2024-31083)
author | Stanislas Leduc <shann@slitaz.org> |
---|---|
date | Thu Apr 04 08:53:51 2024 +0000 (7 months ago) |
parents | 41581d281860 |
children | c848b3839e4a |
line source
1 # SliTaz package receipt.
3 PACKAGE="openssh"
4 VERSION="9.6p1"
5 CATEGORY="security"
6 TAGS="ssh security"
7 SHORT_DESC="Openbsd Secure Shell."
8 MAINTAINER="pascal.bellard@slitaz.org"
9 LICENSE="BSD"
10 WEB_SITE="https://www.openssh.com/"
12 TARBALL="$PACKAGE-$VERSION.tar.gz"
13 WGET_URL="https://ftp.fr.openbsd.org/pub/OpenBSD/OpenSSH/portable/$TARBALL"
15 PROVIDE="ssh"
16 SUGGESTED="gtk+"
17 DEPENDS="libcrypto sftp-server zlib"
18 BUILD_DEPENDS="gtk+-dev libcrypto-dev openssl-dev zlib-dev"
19 SPLIT="sftp-server"
20 TAZPANEL_DAEMON="man::sshd|edit::/etc/ssh/sshd_config|options|web::$WEB_SITE"
22 CONFIG_FILES="/etc/ssh/*config /etc/ssh/moduli"
23 SECRET_FILES="/etc/ssh/*key*"
25 HOST_ARCH="i486 arm"
27 # @maintainer: Please update also sftp-server
29 current_version()
30 {
31 wget -O - ${WGET_URL%/*}/ 2>/dev/null | \
32 sed '/tar..z"/!d;s|.*ssh-\(.*\).tar..z".*|\1|' | tail -n1
33 }
35 # Rules to configure and make the package.
36 compile_rules()
37 {
38 unset LD # for cross compiling with --disable-strip
39 ./configure \
40 --prefix=/usr \
41 --sysconfdir=/etc/ssh \
42 --libexecdir=/usr/sbin \
43 --with-privsep-user=nobody \
44 --with-xauth=/usr/bin/xauth \
45 --with-privsep-path=/var/run/sshd \
46 --without-pam \
47 --disable-strip \
48 $CONFIGURE_ARGS &&
49 make STRIP_OPT="" &&
50 make install -j 1 DESTDIR=$DESTDIR
51 install -d -m 755 $DESTDIR/usr/share/doc &&
52 install -m 644 $src/[A-Z][A-Z]* $DESTDIR/usr/share/doc
53 cd contrib &&
54 cc -Wall $(pkg-config --cflags gtk+-2.0) gnome-ssh-askpass2.c \
55 -o gnome-ssh-askpass $(pkg-config --libs gtk+-2.0) -lX11 &&
56 cp gnome-ssh-askpass $DESTDIR/usr/bin/ssh-askpass
57 }
59 # Rules to gen a SliTaz package suitable for Tazpkg.
60 genpkg_rules()
61 {
62 mkdir -p $fs/usr
63 mkdir -p $fs/etc/init.d
64 mkdir -p $fs/etc/ssh
66 cp -a $install/usr/sbin $fs/usr
67 cp -a $install/usr/bin $fs/usr
68 rm -f $fs/usr/sbin/sftp-server
69 install -m 755 -oroot -groot $src/contrib/ssh-copy-id \
70 $fs/usr/bin
71 cp $src/contrib/ssh-copy-id.1 $install/usr/share/man/cat1
72 cp -a $install/etc $fs
73 cp $stuff/openssh $fs/etc/init.d
74 sed -i 's|/usr/libexec/sftp-server|/usr/sbin/sftp-server|' \
75 $fs/etc/ssh/sshd_config
77 cat >> $fs/etc/ssh/ssh_config <<EOT
79 # client bug CVE-2016-0777 and CVE-2016-0778
80 Host *
81 UseRoaming no
83 # From https://wiki.gentoo.org/wiki/SSH_jump_host
84 Host *+*
85 ProxyCommand ssh \$(echo %h | sed 's/+[^+]*$//;s/\\([^+%%]*\\)%%\\([^+]*\\)\$/\\2 -l \\1/;s/:/ -p /') exec nc -w1 \$(echo %h | sed 's/^.*+//;/:/!s/\$/ %p/;s/:/ /')
87 EOT
88 }
90 post_install()
91 {
92 grep -q ssh "$1/etc/inetd.conf" ||
93 cat >> "$1/etc/inetd.conf" <<EOT
94 #ssh stream tcp nowait root sshd sshd -i
95 EOT
96 while read dropbear openssh
97 do
98 [ -s "$1$dropbear" ] || continue
99 [ -s "$1$openssh" ] && continue
100 chroot "$1/" dropbearconvert dropbear openssh $dropbear $openssh
101 chroot "$1/" dropbearkey -y -f $dropbear | grep ssh > "$1$openssh.pub"
102 chroot "$1/" dropbearkey -y -f $dropbear | grep Fingerprint
103 done <<EOT
104 /etc/dropbear/dropbear_rsa_host_key /etc/ssh/ssh_host_rsa_key
105 /etc/dropbear/dropbear_dss_host_key /etc/ssh/ssh_host_dsa_key
106 /etc/dropbear/dropbear_ecdsa_host_key /etc/ssh/ssh_host_ecdsa_key
107 /etc/dropbear/dropbear_ed25519_host_key /etc/ssh/ssh_host_ed25519_key
108 EOT
110 chroot "$1/" ssh-keygen -A
111 }
113 post_remove()
114 {
115 grep -q sshd "$1/etc/inetd.conf" &&
116 sed -i '/sshd/d' "$1/etc/inetd.conf"
117 }