Bug 2708 - openssh: 7.5p1 update breaks ldns/sshfp
Summary: openssh: 7.5p1 update breaks ldns/sshfp
Status: CLOSED DUPLICATE of bug 2697
Alias: None
Product: Portable OpenSSH
Classification: Unclassified
Component: ssh (show other bugs)
Version: 7.5p1
Hardware: Other FreeBSD
: P5 normal
Assignee: Assigned to nobody
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2017-04-08 13:51 AEST by Craig Leres
Modified: 2021-04-23 14:59 AEST (History)
1 user (show)

See Also:

Attachments
patch (332 bytes, text/plain)
2017-04-08 13:51 AEST, Craig Leres 		no flags Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Craig Leres 2017-04-08 13:51:20 AEST 
Created attachment 2974 [details]
patch

I'm building the FreeBSD security/openssh-portable port and have found that upgrading from 7.4p1 to 7.5p1 breaks sshfp:

    debug1: found 8 insecure fingerprints in DNS
    debug1: matching host key fingerprint found in DNS

When configure is given --with-ldns config.h ends up with:

    /* #undef HAVE_LDNS */

I believe this is because ldns=yes is missing from the new ldns-config logic in configure.ac. The attached patch fixes this issue for me.

FreeBSD zinc.ee.lbl.gov 10.3-RELEASE-p17 FreeBSD 10.3-RELEASE-p17 #17 r26: Thu Feb 23 10:08:13 PST 2017     leres@zinc.ee.lbl.gov:/usr/src/sys/amd64/compile/LBL  amd64
Comment 1 Damien Miller 2017-04-28 13:44:37 AEST 

*** This bug has been marked as a duplicate of bug 2697 ***
Comment 2 Damien Miller 2021-04-23 14:59:57 AEST 
closing resolved bugs as of 8.6p1 release