Bring in patch suggested in http://bugzilla.mindrot.org/show_bug.cgi?id=1299 .

This fixes the issue that, when "options edns0" is turned on (usually in /etc/resolv.conf), ssh doesn't see it, and thus fails to request a DNSSEC response, which in turn leads to SSHFP records being considered insecure.
author: cjs <cjs> 2007-03-16 05:46:06 +0000
committer: cjs <cjs> 2007-03-16 05:46:06 +0000
commit: aa0aecb0c15dc8dbfe3ba8d870ccab452edb9639 (patch)
tree: af10499265800c4498cde88826eebff55762a01b /security/openssh/patches
parent: eee20438b637977dd8ea528e97b7e5b135902d77 (diff)
download: pkgsrc-aa0aecb0c15dc8dbfe3ba8d870ccab452edb9639.tar.gz
1 files changed, 21 insertions, 0 deletions
diff --git a/security/openssh/patches/patch-ax b/security/openssh/patches/patch-ax
new file mode 100644
index 00000000000..0d3cbaafe7a
--- /dev/null
+++ b/security/openssh/patches/patch-ax
@@ -0,0 +1,21 @@
+$NetBSD: patch-ax,v 1.3 2007/03/16 05:46:07 cjs Exp $
+
+# http://bugzilla.mindrot.org/show_bug.cgi?id=1299
+
+--- openbsd-compat/getrrsetbyname.c.orig	2006-09-02 14:32:40.000000000 +0900
++++ openbsd-compat/getrrsetbyname.c	2007-03-16 14:07:32.000000000 +0900
+@@ -67,14 +67,6 @@
+ #endif
+ #define _THREAD_PRIVATE(a,b,c) (c)
+ 
+-/* to avoid conflicts where a platform already has _res */
+-#ifdef _res
+-# undef _res
+-#endif
+-#define _res	_compat_res
+-
+-struct __res_state _res;
+-
+ /* Necessary functions and macros */
+ 
+ /*
author	cjs <cjs>	2007-03-16 05:46:06 +0000
committer	cjs <cjs>	2007-03-16 05:46:06 +0000
commit	aa0aecb0c15dc8dbfe3ba8d870ccab452edb9639 (patch)
tree	af10499265800c4498cde88826eebff55762a01b /security/openssh/patches
parent	eee20438b637977dd8ea528e97b7e5b135902d77 (diff)
download	pkgsrc-aa0aecb0c15dc8dbfe3ba8d870ccab452edb9639.tar.gz