For the upcoming libcrypto bump, software based on older OpenSSH versions will need updating since it will need to make use of the OpenSSL 1.1 API.
As far as I can see, this is the latest version of the ssh-ldap-helper as shipped on Rocky Linux. Redhat have deprecated this and recommend using SSSD: https://bugzilla.redhat.com/show_bug.cgi?id=1871025 I don't use LDAP, so I have no easy way of testing this. It builds and packages fine, the modifications of the port are relatively straightforward. Tests and oks welcome. Index: Makefile =================================================================== RCS file: /cvs/ports/security/ssh-ldap-helper/Makefile,v retrieving revision 1.7 diff -u -p -r1.7 Makefile --- Makefile 10 Jan 2021 22:34:50 -0000 1.7 +++ Makefile 24 Nov 2021 13:11:01 -0000 @@ -2,36 +2,39 @@ COMMENT = fetch ssh AuthorizedKeys from LDAP -DISTNAME = openssh-5.3p1-81 -PKGNAME = ssh-ldap-helper-5.3 -REVISION = 0 +V = 8.0p1 +DISTNAME = openssh-${V}-10 +PKGNAME = ssh-ldap-helper-8.0 CATEGORIES = security net -EXTRACT_SUFX= .el6.src.rpm +EXTRACT_SUFX= .el8.src.rpm # BSD PERMIT_PACKAGE= Yes -WANTLIB += c crypto lber-2.4 ldap-2.4 util z +WANTLIB += c crypto lber ldap util z -MASTER_SITES = http://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/ +MASTER_SITES = https://dl.rockylinux.org/pub/rocky/8/BaseOS/source/tree/Packages/o/ -PATCH_LIST = ${WRKDIR}/openssh-5.3p1-ldap.patch patch-* +LDAP_PATCH = ${WRKDIR}/openssh-6.7p1-ldap.patch + +PATCH_LIST = ${LDAP_PATCH} patch-* PATCH_STRIP = -p1 -WRKDIST = ${WRKDIR}/openssh-5.3p1 +WRKDIST = ${WRKDIR}/openssh-${V} CONFIGURE_STYLE = autoconf -AUTOCONF_VERSION = 2.62 +AUTOCONF_VERSION = 2.69 CONFIGURE_ARGS = --with-ldap=${LOCALBASE} \ --without-pam NO_TEST = Yes ALL_TARGET = ssh-ldap-helper -BUILD_DEPENDS= archivers/bzip2 LIB_DEPENDS = databases/openldap post-extract: - cd ${WRKDIR} && ${TAR} xjf openssh-5.3p1-noacss.tar.bz2 + # Fix a 64-bit time_t issue in the LDAP_PATCH + sed -i 's/timeout to %l/&l/' ${LDAP_PATCH} + cd ${WRKDIR} && ${TAR} xzf openssh-${V}.tar.gz # The LDAP_SET_REBIND_PROC_ARGS macro is set to literal # "$ac_cv_ldap_set_rebind_proc" instead of "3" because of the improper Index: distinfo =================================================================== RCS file: /cvs/ports/security/ssh-ldap-helper/distinfo,v retrieving revision 1.1.1.1 diff -u -p -r1.1.1.1 distinfo --- distinfo 14 Nov 2012 18:42:50 -0000 1.1.1.1 +++ distinfo 24 Nov 2021 12:24:57 -0000 @@ -1,2 +1,2 @@ -SHA256 (openssh-5.3p1-81.el6.src.rpm) = 9QWDzq8p08r8TG9SrcQ/t1wKqdgcenMKYy3xI4wn2Is= -SIZE (openssh-5.3p1-81.el6.src.rpm) = 1317731 +SHA256 (openssh-8.0p1-10.el8.src.rpm) = yT3B6BwP1vrXWNm2WRjwbT6KNG9hWHlGYzgkqjRuiYw= +SIZE (openssh-8.0p1-10.el8.src.rpm) = 2998520 Index: patches/patch-Makefile_in =================================================================== RCS file: patches/patch-Makefile_in diff -N patches/patch-Makefile_in --- patches/patch-Makefile_in 14 Nov 2012 18:42:50 -0000 1.1.1.1 +++ /dev/null 1 Jan 1970 00:00:00 -0000 @@ -1,12 +0,0 @@ -$OpenBSD: patch-Makefile_in,v 1.1.1.1 2012/11/14 18:42:50 landry Exp $ ---- Makefile.in.orig Sun Nov 11 22:35:51 2012 -+++ Makefile.in Sun Nov 11 22:35:58 2012 -@@ -163,7 +163,7 @@ ssh-keyscan$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-keysca - $(LD) -o $@ ssh-keyscan.o roaming_dummy.o $(LDFLAGS) -lssh -lopenbsd-compat -lssh $(LIBS) - - ssh-ldap-helper$(EXEEXT): $(LIBCOMPAT) libssh.a ldapconf.o ldapbody.o ldapmisc.o ldap-helper.o -- $(LD) -o $@ ldapconf.o ldapbody.o ldapmisc.o ldap-helper.o $(LDFLAGS) -lssh -lopenbsd-compat -lfipscheck -lldap -llber $(LIBS) -+ $(LD) -o $@ ldapconf.o ldapbody.o ldapmisc.o ldap-helper.o $(LDFLAGS) -lssh -lopenbsd-compat -lldap -llber $(LIBS) - - sftp-server$(EXEEXT): $(LIBCOMPAT) libssh.a sftp.o sftp-common.o sftp-server.o sftp-server-main.o - $(LD) -o $@ sftp-server.o sftp-common.o sftp-server-main.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS) Index: patches/patch-log_h =================================================================== RCS file: /cvs/ports/security/ssh-ldap-helper/patches/patch-log_h,v retrieving revision 1.1.1.1 diff -u -p -r1.1.1.1 patch-log_h --- patches/patch-log_h 14 Nov 2012 18:42:50 -0000 1.1.1.1 +++ patches/patch-log_h 24 Nov 2021 13:04:26 -0000 @@ -1,12 +1,15 @@ $OpenBSD: patch-log_h,v 1.1.1.1 2012/11/14 18:42:50 landry Exp $ ---- log.h.orig Sun Nov 11 22:35:23 2012 -+++ log.h Sun Nov 11 22:35:33 2012 -@@ -14,7 +14,7 @@ - + +Index: log.h +--- log.h.orig ++++ log.h +@@ -15,6 +15,9 @@ #ifndef SSH_LOG_H #define SSH_LOG_H -- + +#include <stdarg.h> ++#include <stdio.h> ++ /* Supported syslog facilities and levels. */ typedef enum { SYSLOG_FACILITY_DAEMON,
