openssh: fixes issues with some openssl options

This adds a couple of patches when setting some openssl options:
* ECDSA code in openssh-compat.h and libressl-api-compat.c needs to be
  be guarded by OPENSSL_HAS_ECC; otherwise, it will not build with
  openssl compiled without ECC support.

* Fix openssl version number in openbsd-compat/openssl-compat.c which
  failed to compile --with-ssl-engine; this option is used when
  CONFIG_OPENSSL_ENGINE_CRYPTO=y

Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
Signed-off-by: Peter Wagner <tripolar@gmx.at>

diff --git a/net/openssh/Makefile b/net/openssh/Makefile
index ae567d464dae2dc0c0ea7febf3db1e547ec9df21..09063abaaadfefe9f9d846021c7fb3e8e6383bde 100644 (file)
--- a/net/openssh/Makefile
+++ b/net/openssh/Makefile
@@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk
 
 PKG_NAME:=openssh
 PKG_VERSION:=7.9p1
-PKG_RELEASE:=1
+PKG_RELEASE:=2
 
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
 PKG_SOURCE_URL:=https://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/ \
@@ -23,7 +23,6 @@ PKG_LICENSE_FILES:=LICENCE
 
 PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-$(BUILD_VARIANT)/$(PKG_NAME)-$(PKG_VERSION)
 PKG_REMOVE_FILES:=
-PKG_FIXUP:=autoreconf
 
 include $(INCLUDE_DIR)/package.mk
 

diff --git a/net/openssh/patches/0001-fix-compilation-with-openssl-built-without-ECC.patch b/net/openssh/patches/0001-fix-compilation-with-openssl-built-without-ECC.patch
new file mode 100644 (file)
index 0000000..e430dfe
--- /dev/null
+++ b/net/openssh/patches/0001-fix-compilation-with-openssl-built-without-ECC.patch
@@ -0,0 +1,70 @@
+From 91b777c7064d9d91a1433a42b0bb31592388d1b4 Mon Sep 17 00:00:00 2001
+From: Eneas U de Queiroz <cote2004-github@yahoo.com>
+Date: Tue, 9 Oct 2018 16:17:42 -0300
+Subject: [PATCH] fix compilation with openssl built without ECC
+
+ECDSA code in openssh-compat.h and libressl-api-compat.c needs to be
+guarded by OPENSSL_HAS_ECC
+
+Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
+
+diff --git a/openbsd-compat/libressl-api-compat.c b/openbsd-compat/libressl-api-compat.c
+index de3e64a6..ae00ff59 100644
+--- a/openbsd-compat/libressl-api-compat.c
++++ b/openbsd-compat/libressl-api-compat.c
+@@ -152,7 +152,9 @@
+ #include <openssl/dsa.h>
+ #include <openssl/rsa.h>
+ #include <openssl/evp.h>
++#ifdef OPENSSL_HAS_ECC
+ #include <openssl/ecdsa.h>
++#endif
+ #include <openssl/dh.h>
+ 
+ #ifndef HAVE_DSA_GET0_PQG
+@@ -417,6 +419,7 @@ DSA_SIG_set0(DSA_SIG *sig, BIGNUM *r, BIGNUM *s)
+ }
+ #endif /* HAVE_DSA_SIG_SET0 */
+ 
++#ifdef OPENSSL_HAS_ECC
+ #ifndef HAVE_ECDSA_SIG_GET0
+ void
+ ECDSA_SIG_get0(const ECDSA_SIG *sig, const BIGNUM **pr, const BIGNUM **ps)
+@@ -442,6 +445,7 @@ ECDSA_SIG_set0(ECDSA_SIG *sig, BIGNUM *r, BIGNUM *s)
+       return 1;
+ }
+ #endif /* HAVE_ECDSA_SIG_SET0 */
++#endif /* OPENSSL_HAS_ECC */
+ 
+ #ifndef HAVE_DH_GET0_PQG
+ void
+diff --git a/openbsd-compat/openssl-compat.h b/openbsd-compat/openssl-compat.h
+index 9e0264c0..6a525f28 100644
+--- a/openbsd-compat/openssl-compat.h
++++ b/openbsd-compat/openssl-compat.h
+@@ -24,7 +24,9 @@
+ #include <openssl/evp.h>
+ #include <openssl/rsa.h>
+ #include <openssl/dsa.h>
++#ifdef OPENSSL_HAS_ECC
+ #include <openssl/ecdsa.h>
++#endif
+ #include <openssl/dh.h>
+ 
+ int ssh_compatible_openssl(long, long);
+@@ -161,6 +163,7 @@ void DSA_SIG_get0(const DSA_SIG *sig, const BIGNUM **pr, const BIGNUM **ps);
+ int DSA_SIG_set0(DSA_SIG *sig, BIGNUM *r, BIGNUM *s);
+ #endif /* DSA_SIG_SET0 */
+ 
++#ifdef OPENSSL_HAS_ECC
+ #ifndef HAVE_ECDSA_SIG_GET0
+ void ECDSA_SIG_get0(const ECDSA_SIG *sig, const BIGNUM **pr, const BIGNUM **ps);
+ #endif /* HAVE_ECDSA_SIG_GET0 */
+@@ -168,6 +171,7 @@ void ECDSA_SIG_get0(const ECDSA_SIG *sig, const BIGNUM **pr, const BIGNUM **ps);
+ #ifndef HAVE_ECDSA_SIG_SET0
+ int ECDSA_SIG_set0(ECDSA_SIG *sig, BIGNUM *r, BIGNUM *s);
+ #endif /* HAVE_ECDSA_SIG_SET0 */
++#endif /* OPENSSL_HAS_ECC */
+ 
+ #ifndef HAVE_DH_GET0_PQG
+ void DH_get0_pqg(const DH *dh, const BIGNUM **p, const BIGNUM **q,

diff --git a/net/openssh/patches/0002-Fix-OPENSSL_init_crypto-call-for-openssl-1.1.patch b/net/openssh/patches/0002-Fix-OPENSSL_init_crypto-call-for-openssl-1.1.patch
new file mode 100644 (file)
index 0000000..7c1e15d
--- /dev/null
+++ b/net/openssh/patches/0002-Fix-OPENSSL_init_crypto-call-for-openssl-1.1.patch
@@ -0,0 +1,20 @@
+From edfc2e18ef069ba600c8f4632ce1e3dc94a0669a Mon Sep 17 00:00:00 2001
+From: Eneas U de Queiroz <cote2004-github@yahoo.com>
+Date: Fri, 19 Oct 2018 10:04:24 -0300
+Subject: [PATCH 2/2] Fix OPENSSL_init_crypto call for openssl < 1.1
+
+Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
+
+diff --git a/openbsd-compat/openssl-compat.c b/openbsd-compat/openssl-compat.c
+index 8b4a3627..590b66d1 100644
+--- a/openbsd-compat/openssl-compat.c
++++ b/openbsd-compat/openssl-compat.c
+@@ -76,7 +76,7 @@ ssh_OpenSSL_add_all_algorithms(void)
+       ENGINE_load_builtin_engines();
+       ENGINE_register_all_complete();
+ 
+-#if OPENSSL_VERSION_NUMBER < 0x10001000L
++#if OPENSSL_VERSION_NUMBER < 0x10100000L
+       OPENSSL_config(NULL);
+ #else
+       OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_CIPHERS |