Bug 2708

Summary: openssh: 7.5p1 update breaks ldns/sshfp
Product: Portable OpenSSH Reporter: Craig Leres <mindrot10>
Component: sshAssignee: Assigned to nobody <unassigned-bugs>
Status: CLOSED DUPLICATE    
Severity: normal CC: djm
Priority: P5    
Version: 7.5p1   
Hardware: Other   
OS: FreeBSD   
Attachments:
Description Flags
patch none

Description Craig Leres 2017-04-08 13:51:20 AEST 
Created attachment 2974 [details]
patch

I'm building the FreeBSD security/openssh-portable port and have found that upgrading from 7.4p1 to 7.5p1 breaks sshfp:

    debug1: found 8 insecure fingerprints in DNS
    debug1: matching host key fingerprint found in DNS

When configure is given --with-ldns config.h ends up with:

    /* #undef HAVE_LDNS */

I believe this is because ldns=yes is missing from the new ldns-config logic in configure.ac. The attached patch fixes this issue for me.

FreeBSD zinc.ee.lbl.gov 10.3-RELEASE-p17 FreeBSD 10.3-RELEASE-p17 #17 r26: Thu Feb 23 10:08:13 PST 2017     leres@zinc.ee.lbl.gov:/usr/src/sys/amd64/compile/LBL  amd64
Comment 1 Damien Miller 2017-04-28 13:44:37 AEST 

*** This bug has been marked as a duplicate of bug 2697 ***
Comment 2 Damien Miller 2021-04-23 14:59:57 AEST 
closing resolved bugs as of 8.6p1 release