wok view openssh/receipt @ rev 18807
openssh: CVE-2016-0777 and CVE-2016-0778
| author | Pascal Bellard <pascal.bellard@slitaz.org> |
|---|---|
| date | Thu Jan 14 18:33:14 2016 +0100 (2016-01-14) |
| parents | 9e01bc6321ea |
| children | 02ef2d50d1a5 |
line source
1 # SliTaz package receipt.
3 PACKAGE="openssh"
4 VERSION="7.1p1"
5 CATEGORY="security"
6 SHORT_DESC="Openbsd Secure Shell."
7 MAINTAINER="pascal.bellard@slitaz.org"
8 LICENSE="BSD"
9 TARBALL="$PACKAGE-$VERSION.tar.gz"
10 WEB_SITE="http://www.openssh.org/"
11 WGET_URL="http://ftp.fr.openbsd.org/pub/OpenBSD/OpenSSH/portable/$TARBALL"
12 CONFIG_FILES="/etc/ssh /etc/inetd.conf"
13 TAGS="ssh security"
14 HOST_ARCH="i486 arm"
16 PROVIDE="ssh"
17 DEPENDS="sftp-server libcrypto zlib"
18 BUILD_DEPENDS="libcrypto-dev zlib-dev openssl-dev"
19 TAZPANEL_DAEMON="man::sshd|edit::/etc/ssh/sshd_config|options|web::$WEB_SITE"
21 # Rules to configure and make the package.
22 compile_rules()
23 {
24 unset LD # for cross compiling with --disable-strip
25 ./configure \
26 --prefix=/usr \
27 --sysconfdir=/etc/ssh \
28 --libexecdir=/usr/sbin \
29 --with-privsep-user=nobody \
30 --with-xauth=/usr/bin/xauth \
31 --with-privsep-path=/var/run/sshd \
32 --without-ssh1 \
33 --without-pam \
34 --disable-strip \
35 $CONFIGURE_ARGS &&
36 make STRIP_OPT="" &&
37 make DESTDIR=$DESTDIR install
38 }
40 # Rules to gen a SliTaz package suitable for Tazpkg.
41 genpkg_rules()
42 {
43 mkdir -p $fs/usr $fs/etc/init.d $fs/etc/ssh
44 cp -a $install/usr/sbin $install/usr/bin $fs/usr
45 rm -f $fs/usr/sbin/sftp-server
46 cp -a $install/etc $fs
47 cp $stuff/openssh $fs/etc/init.d
48 sed -i 's|/usr/libexec/sftp-server|/usr/sbin/sftp-server|' \
49 $fs/etc/ssh/sshd_config
51 # client bug CVE-2016-0777 and CVE-2016-0778
52 echo -e '\nHost *\nUseRoaming no' >> $fs/etc/ssh/ssh_config
53 }
55 post_install()
56 {
57 grep -q ssh "$1/etc/inetd.conf" || cat >> "$1/etc/inetd.conf" <<EOT
58 #ssh stream tcp nowait root sshd sshd -i
59 EOT
60 while read dropbear openssh ; do
61 [ -s "$1$dropbear" ] || continue
62 chroot "$1/" dropbearconvert dropbear openssh $dropbear $openssh
63 chroot "$1/" dropbearkey -y -f $dropbear | grep ssh > "$1$openssh.pub"
64 chroot "$1/" dropbearkey -y -f $dropbear | grep Fingerprint
65 done <<EOT
66 /etc/dropbear/dropbear_rsa_host_key /etc/ssh/ssh_host_rsa_key
67 /etc/dropbear/dropbear_dss_host_key /etc/ssh/ssh_host_dsa_key
68 EOT
70 chroot "$1/" ssh-keygen -A
71 }
73 post_remove()
74 {
75 grep -q sshd "$1/etc/inetd.conf" && sed -i '/sshd/d' "$1/etc/inetd.conf"
76 }