- add authorized-keys-command.patch, needed for ldap support to work at all

[packages/openssh.git] / openssh.spec

diff --git a/openssh.spec b/openssh.spec
index 2f655985cca4cffc7b63812b40428efa2dc82a76..71c47fbfa21982b6be1a8dfaa8560b77e8115017 100644 (file)
--- a/openssh.spec
+++ b/openssh.spec
@@ -1,77 +1,103 @@
 #
 # Conditional build:
 #
 # Conditional build:

-%bcond_with    gnome           # without gnome-askpass utility
-%bcond_without gtk             # without gtk (2.x)
-%bcond_with    ldap            # with ldap support
+%bcond_with    audit           # sshd audit support
+%bcond_with    gnome           # with gnome-askpass (GNOME 1.x) utility
+%bcond_without gtk             # without GTK+ (2.x)
+%bcond_without ldap            # with ldap support
+%bcond_without libedit         # without libedit (editline/history support in sftp client)

 %bcond_without kerberos5       # without kerberos5 support
 %bcond_without kerberos5       # without kerberos5 support

-%bcond_without chroot          # without chrooted user environment support
-#
+%bcond_without selinux         # build without SELinux support
+%bcond_with    hpn             # High Performance SSH/SCP - HPN-SSH including Cipher NONE (broken too often)
+

 # gtk2-based gnome-askpass means no gnome1-based
 %{?with_gtk:%undefine with_gnome}
 # gtk2-based gnome-askpass means no gnome1-based
 %{?with_gtk:%undefine with_gnome}

+
+%if "%{pld_release}" == "ac"
+%define                pam_ver 0.79.0
+%else
+%define                pam_ver 0.99.7.1
+%endif
+

 Summary:       OpenSSH free Secure Shell (SSH) implementation
 Summary:       OpenSSH free Secure Shell (SSH) implementation

-Summary(de):   OpenSSH - freie Implementation der Secure Shell (SSH)
-Summary(es):   Implementación libre de SSH
-Summary(fr):   Implémentation libre du shell sécurisé OpenSSH (SSH)
-Summary(it):   Implementazione gratuita OpenSSH della Secure Shell
-Summary(pl):   Publicznie dostêpna implementacja bezpiecznego shella (SSH)
-Summary(pt):   Implementação livre OpenSSH do protocolo 'Secure Shell' (SSH)
-Summary(pt_BR):        Implementação livre do SSH
-Summary(ru):   OpenSSH - Ó×ÏÂÏÄÎÁÑ ÒÅÁÌÉÚÁÃÉÑ ÐÒÏÔÏËÏÌÁ Secure Shell (SSH)
-Summary(uk):   OpenSSH - צÌØÎÁ ÒÅÁ̦ÚÁÃ¦Ñ ÐÒÏÔÏËÏÌÕ Secure Shell (SSH)
+Summary(de.UTF-8):     OpenSSH - freie Implementation der Secure Shell (SSH)
+Summary(es.UTF-8):     Implementación libre de SSH
+Summary(fr.UTF-8):     Implémentation libre du shell sécurisé OpenSSH (SSH)
+Summary(it.UTF-8):     Implementazione gratuita OpenSSH della Secure Shell
+Summary(pl.UTF-8):     Publicznie dostępna implementacja bezpiecznego shella (SSH)
+Summary(pt.UTF-8):     Implementação livre OpenSSH do protocolo 'Secure Shell' (SSH)
+Summary(pt_BR.UTF-8):  Implementação livre do SSH
+Summary(ru.UTF-8):     OpenSSH - свободная реализация протокола Secure Shell (SSH)
+Summary(uk.UTF-8):     OpenSSH - вільна реалізація протоколу Secure Shell (SSH)

 Name:          openssh
 Name:          openssh

-Version:       3.8p1
-Release:       3
+Version:       5.9p1
+Release:       2

 Epoch:         2
 License:       BSD
 Group:         Applications/Networking
 Epoch:         2
 License:       BSD
 Group:         Applications/Networking

-Source0:       ftp://ftp.ca.openbsd.org/pub/OpenBSD/OpenSSH/portable/%{name}-%{version}.tar.gz
-# Source0-md5: 7861a4c0841ab69a6eec5c747daff6fb
-Source1:       %{name}d.conf
-Source2:       %{name}.conf
-Source3:       %{name}d.init
-Source4:       %{name}d.pamd
-Source5:       %{name}.sysconfig
-Source6:       passwd.pamd
-Source9:       http://www.imasy.or.jp/~gotoh/ssh/connect.c
-# NoSource9-md5:       c78de727e1208799072be78c05d64398
-Source10:      http://www.imasy.or.jp/~gotoh/ssh/connect.html
-# NoSource10-md5:      f14cb61fafd067a3f5ce4eaa9643bf05
+Source0:       ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/%{name}-%{version}.tar.gz
+# Source0-md5: b50a499fa02616a47984b1920848b565
+Source1:       http://www.mif.pg.gda.pl/homepages/ankry/man-PLD/%{name}-non-english-man-pages.tar.bz2
+# Source1-md5: 66943d481cc422512b537bcc2c7400d1
+Source2:       %{name}d.init
+Source3:       %{name}d.pamd
+Source4:       %{name}.sysconfig
+Source5:       ssh-agent.sh
+Source6:       ssh-agent.conf
+Source7:       %{name}-lpk.schema
+Source8:       %{name}d.upstart
+Patch100:      %{name}-heimdal.patch

 Patch0:                %{name}-no_libnsl.patch
 Patch0:                %{name}-no_libnsl.patch

-Patch2:                %{name}-linux-ipv6.patch
-Patch3:                %{name}-pam_misc.patch
-Patch4:                %{name}-sigpipe.patch
-# http://ldappubkey.gcu-squad.org/
-Patch5:                ldappubkey-ossh3.6-v2.patch
-Patch6:                %{name}-heimdal.patch
-Patch7:                %{name}-pam-conv.patch
-# http://chrootssh.sourceforge.net/download/osshChroot-3.7.1p2.diff
-Patch8:                %{name}-chroot.patch
-Patch9:                %{name}-selinux.patch
-Patch10:       %{name}-selinux-pld.patch
-Patch11:       %{name}-pam-authctxt.patch
-Patch12:       %{name}-long-utmp-line.patch
-URL:           http://www.openssh.com/
-BuildRequires: autoconf
+Patch2:                %{name}-pam_misc.patch
+Patch3:                %{name}-sigpipe.patch
+# http://pkgs.fedoraproject.org/gitweb/?p=openssh.git;a=tree
+Patch4:                %{name}-5.9p1-ldap.patch
+Patch5:                %{name}-5.9p1-ldap-fixes.patch
+Patch6:                %{name}-config.patch
+# https://bugzilla.mindrot.org/show_bug.cgi?id=1663
+Patch7:                authorized-keys-command.patch
+# High Performance SSH/SCP - HPN-SSH - http://www.psc.edu/networking/projects/hpn-ssh/
+# http://www.psc.edu/networking/projects/hpn-ssh/openssh-5.2p1-hpn13v6.diff.gz
+Patch9:                %{name}-5.2p1-hpn13v6.diff
+Patch10:       %{name}-include.patch
+Patch11:       %{name}-chroot.patch
+# http://people.debian.org/~cjwatson/%{name}-blacklist.diff
+Patch12:       %{name}-blacklist.diff
+Patch13:       %{name}-kuserok.patch
+URL:           http://www.openssh.com/portable.html
+BuildRequires: %{__perl}
+%{?with_audit:BuildRequires:   audit-libs-devel}
+BuildRequires: autoconf >= 2.50

 BuildRequires: automake
 %{?with_gnome:BuildRequires:   gnome-libs-devel}
 %{?with_gtk:BuildRequires:     gtk+2-devel}
 BuildRequires: automake
 %{?with_gnome:BuildRequires:   gnome-libs-devel}
 %{?with_gtk:BuildRequires:     gtk+2-devel}

-%{?with_kerberos5:BuildRequires:       heimdal-devel}
-BuildRequires: libselinux-devel
+%{?with_kerberos5:BuildRequires:       heimdal-devel >= 0.7}
+%{?with_libedit:BuildRequires: libedit-devel}
+%{?with_selinux:BuildRequires: libselinux-devel}

 BuildRequires: libwrap-devel
 %{?with_ldap:BuildRequires:    openldap-devel}
 BuildRequires: openssl-devel >= 0.9.7d
 BuildRequires: pam-devel
 BuildRequires: libwrap-devel
 %{?with_ldap:BuildRequires:    openldap-devel}
 BuildRequires: openssl-devel >= 0.9.7d
 BuildRequires: pam-devel

-BuildRequires: %{__perl}

 %{?with_gtk:BuildRequires:     pkgconfig}
 %{?with_gtk:BuildRequires:     pkgconfig}

+BuildRequires: rpm >= 4.4.9-56
+BuildRequires: rpmbuild(macros) >= 1.318
+BuildRequires: sed >= 4.0

 BuildRequires: zlib-devel
 BuildRequires: zlib-devel

-PreReq:                FHS >= 2.1-24
-PreReq:                openssl >= 0.9.7c
+%if "%{pld_release}" == "ac"
+Requires:      filesystem >= 2.0-1
+Requires:      pam >= 0.79.0
+%else
+Requires:      filesystem >= 3.0-11
+Requires:      pam >= %{pam_ver}
+Suggests:      openssh-blacklist
+Suggests:      xorg-app-xauth
+%endif

 Obsoletes:     ssh
 BuildRoot:     %{tmpdir}/%{name}-%{version}-root-%(id -u -n)
 
 %define                _sysconfdir     /etc/ssh
 %define                _libexecdir     %{_libdir}/%{name}
 %define                _privsepdir     /usr/share/empty
 Obsoletes:     ssh
 BuildRoot:     %{tmpdir}/%{name}-%{version}-root-%(id -u -n)
 
 %define                _sysconfdir     /etc/ssh
 %define                _libexecdir     %{_libdir}/%{name}
 %define                _privsepdir     /usr/share/empty

+%define                schemadir       /usr/share/openldap/schema

 
 %description
 Ssh (Secure Shell) a program for logging into a remote machine and for
 
 %description
 Ssh (Secure Shell) a program for logging into a remote machine and for


@@ -88,119 +114,136 @@ This package includes the core files necessary for both the OpenSSH
 client and server. To make this package useful, you should also
 install openssh-clients, openssh-server, or both.
 
 client and server. To make this package useful, you should also
 install openssh-clients, openssh-server, or both.
 

-%description -l de
+%if %{with hpn}
+This release includes High Performance SSH/SCP patches from
+http://www.psc.edu/networking/projects/hpn-ssh/ which are supposed to
+increase throughput on fast connections with high RTT (20-150 msec).
+See the website for '-w' values for your connection and /proc/sys TCP
+values. BTW. in a LAN you have got generally RTT < 1 msec.
+%endif
+
+%description -l de.UTF-8

 OpenSSH (Secure Shell) stellt den Zugang zu anderen Rechnern her. Es
 ersetzt telnet, rlogin, rexec und rsh und stellt eine sichere,
 OpenSSH (Secure Shell) stellt den Zugang zu anderen Rechnern her. Es
 ersetzt telnet, rlogin, rexec und rsh und stellt eine sichere,

-verschlüsselte Verbindung zwischen zwei nicht vertrauenswürdigen Hosts
-über eine unsicheres Netzwerk her. X11 Verbindungen und beliebige
-andere TCP/IP Ports können ebenso über den sicheren Channel
+verschlüsselte Verbindung zwischen zwei nicht vertrauenswürdigen Hosts
+über eine unsicheres Netzwerk her. X11 Verbindungen und beliebige
+andere TCP/IP Ports können ebenso über den sicheren Channel

 weitergeleitet werden.
 
 weitergeleitet werden.
 

-%description -l es
-SSH es un programa para accesar y ejecutar órdenes en computadores
-remotos. Sustituye rlogin y rsh, y suministra un canal de comunicación
+%description -l es.UTF-8
+SSH es un programa para accesar y ejecutar órdenes en computadores
+remotos. Sustituye rlogin y rsh, y suministra un canal de comunicación

 seguro entre dos servidores en una red insegura. Conexiones X11 y
 seguro entre dos servidores en una red insegura. Conexiones X11 y

-puertas TCP/IP arbitrárias también pueden ser usadas por el canal
+puertas TCP/IP arbitrárias también pueden ser usadas por el canal

 seguro.
 
 OpenSSH es el resultado del trabajo del equipo de OpenBSD para
 seguro.
 
 OpenSSH es el resultado del trabajo del equipo de OpenBSD para

-continuar la última versión gratuita de SSH, actualizándolo en
-términos de seguridad y recursos,así también eliminando todos los
-algoritmos patentados y colocándolos en bibliotecas separadas
+continuar la última versión gratuita de SSH, actualizándolo en
+términos de seguridad y recursos,así también eliminando todos los
+algoritmos patentados y colocándolos en bibliotecas separadas

 (OpenSSL).
 
 Este paquete contiene "port" para Linux de OpenSSH. Se debe instalar
 (OpenSSL).
 
 Este paquete contiene "port" para Linux de OpenSSH. Se debe instalar

-también el paquete openssh-clients u openssh-server o ambos.
+también el paquete openssh-clients u openssh-server o ambos.

 
 

-%description -l fr
-OpenSSH (Secure Shell) fournit un accès à un système distant. Il
+%description -l fr.UTF-8
+OpenSSH (Secure Shell) fournit un accès à un système distant. Il

 remplace telnet, rlogin, rexec et rsh, tout en assurant des
 remplace telnet, rlogin, rexec et rsh, tout en assurant des

-communications cryptées securisées entre deux hôtes non fiabilisés sur
-un réseau non sécurisé. Des connexions X11 et des ports TCP/IP
-arbitraires peuvent également être transmis sur le canal sécurisé.
+communications cryptées securisées entre deux hôtes non fiabilisés sur
+un réseau non sécurisé. Des connexions X11 et des ports TCP/IP
+arbitraires peuvent également être transmis sur le canal sécurisé.

 
 

-%description -l it
+%description -l it.UTF-8

 OpenSSH (Secure Shell) fornisce l'accesso ad un sistema remoto.
 Sostituisce telnet, rlogin, rexec, e rsh, e fornisce comunicazioni
 sicure e crittate tra due host non fidati su una rete non sicura. Le
 connessioni X11 ad una porta TCP/IP arbitraria possono essere
 inoltrate attraverso un canale sicuro.
 
 OpenSSH (Secure Shell) fornisce l'accesso ad un sistema remoto.
 Sostituisce telnet, rlogin, rexec, e rsh, e fornisce comunicazioni
 sicure e crittate tra due host non fidati su una rete non sicura. Le
 connessioni X11 ad una porta TCP/IP arbitraria possono essere
 inoltrate attraverso un canale sicuro.
 

-%description -l pl
-Ssh (Secure Shell) to program s³u¿±cy do logowania siê na zdaln±
-maszynê i uruchamiania na niej aplikacji. W zamierzeniu openssh ma
-zast±piæ rlogin, rsh i dostarczyæ bezpieczne, szyfrowane po³±czenie
-pomiedzy dwoma hostami.
-
-Ten pakiet zawiera podstawowe pliki potrzebne zarówno po stronie
-klienta jak i serwera OpenSSH. Aby by³ u¿yteczny, trzeba zainstalowaæ
-co najmniej jeden z pakietów: openssh-clients lub openssh-server.
+%description -l pl.UTF-8
+Ssh (Secure Shell) to program służący do logowania się na zdalną
+maszynę i uruchamiania na niej aplikacji. W zamierzeniu openssh ma
+zastąpić rlogin, rsh i dostarczyć bezpieczne, szyfrowane połączenie
+pomiędzy dwoma hostami.
+
+Ten pakiet zawiera podstawowe pliki potrzebne zarówno po stronie
+klienta jak i serwera OpenSSH. Aby był użyteczny, trzeba zainstalować
+co najmniej jeden z pakietów: openssh-clients lub openssh-server.
+
+%if %{with hpn}
+Ta wersja zawiera łaty z projektu High Performance SSH/SCP
+http://www.psc.edu/networking/projects/hpn-ssh/, które mają na celu
+zwiększenie przepustowości transmisji dla szybkich połączeń z dużym
+RTT (20-150 msec). Na stronie projektu znaleźć można odpowednie dla
+danego połączenia wartości parametru '-w' oraz opcje /proc/sys dla
+TCP. Nawiasem mówiąc w sieciach LAN RTT < 1 msec.
+%endif

 
 

-%description -l pt
+%description -l pt.UTF-8

 OpenSSH (Secure Shell) fornece acesso a um sistema remoto. Substitui o
 OpenSSH (Secure Shell) fornece acesso a um sistema remoto. Substitui o

-telnet, rlogin, rexec, e o rsh e fornece comunicações seguras e
-cifradas entre duas máquinas sem confiança mútua sobre uma rede
-insegura. Ligações X11 e portos TCP/IP arbitrários também poder ser
+telnet, rlogin, rexec, e o rsh e fornece comunicações seguras e
+cifradas entre duas máquinas sem confiança mútua sobre uma rede
+insegura. Ligações X11 e portos TCP/IP arbitrários também poder ser

 reenviados pelo canal seguro.
 
 reenviados pelo canal seguro.
 

-%description -l pt_BR
-SSH é um programa para acessar e executar comandos em máquinas
-remotas. Ele substitui rlogin e rsh, e provem um canal de comunicação
-seguro entre dois hosts em uma rede insegura. Conexões X11 e portas
-TCP/IP arbitrárias também podem ser usadas pelo canal seguro.
+%description -l pt_BR.UTF-8
+SSH é um programa para acessar e executar comandos em máquinas
+remotas. Ele substitui rlogin e rsh, e provem um canal de comunicação
+seguro entre dois hosts em uma rede insegura. Conexões X11 e portas
+TCP/IP arbitrárias também podem ser usadas pelo canal seguro.

 
 

-OpenSSH é o resultado do trabalho da equipe do OpenBSD em continuar a
-última versão gratuita do SSH, atualizando-o em termos de segurança e
+OpenSSH é o resultado do trabalho da equipe do OpenBSD em continuar a
+última versão gratuita do SSH, atualizando-o em termos de segurança e

 recursos, assim como removendo todos os algoritmos patenteados e
 colocando-os em bibliotecas separadas (OpenSSL).
 
 recursos, assim como removendo todos os algoritmos patenteados e
 colocando-os em bibliotecas separadas (OpenSSL).
 

-Esse pacote contém o "port" pra Linux do OpenSSH. Você deve instalar
-também ou o pacote openssh-clients, ou o openssh-server, ou ambos.
-
-%description -l ru
-Ssh (Secure Shell) - ÜÔÏ ÐÒÏÇÒÁÍÍÁ ÄÌÑ "ÚÁÈÏÄÁ" (login) ÎÁ ÕÄÁÌÅÎÎÕÀ
-ÍÁÛÉÎÕ É ÄÌÑ ×ÙÐÏÌÎÅÎÉÑ ËÏÍÁÎÄ ÎÁ ÕÄÁÌÅÎÎÏÊ ÍÁÛÉÎÅ. ïÎÁ ÐÒÅÄÎÁÚÎÁÞÅÎÁ
-ÄÌÑ ÚÁÍÅÎÙ rlogin É rsh É ÏÂÅÓÐÅÞÉ×ÁÅÔ ÂÅÚÏÐÁÓÎÕÀ ÛÉÆÒÏ×ÁÎÎÕÀ
-ËÏÍÍÕÎÉËÁÃÉÀ ÍÅÖÄÕ Ä×ÕÍÑ ÈÏÓÔÁÍÉ × ÓÅÔÉ, Ñ×ÌÑÀÝÅÊÓÑ ÎÅÂÅÚÏÐÁÓÎÏÊ.
-óÏÅÄÉÎÅÎÉÑ X11 É ÌÀÂÙÅ ÐÏÒÔÙ TCP/IP ÍÏÇÕÔ ÔÁËÖÅ ÂÙÔØ ÐÒÏ×ÅÄÅÎÙ ÞÅÒÅÚ
-ÂÅÚÏÐÁÓÎÙÊ ËÁÎÁÌ.
-
-OpenSSH - ÜÔÏ ÐÅÒÅÄÅÌËÁ ËÏÍÁÎÄÏÊ ÒÁÚÒÁÂÏÔÞÉËÏ× OpenBSD ÐÏÓÌÅÄÎÅÊ
-Ó×ÏÂÏÄÎÏÊ ×ÅÒÓÉÉ SSH, ÄÏ×ÅÄÅÎÎÁÑ ÄÏ ÓÏ×ÒÅÍÅÎÎÏÇÏ ÓÏÓÔÏÑÎÉÑ × ÔÅÒÍÉÎÁÈ
-ÕÒÏ×ÎÑ ÂÅÚÏÐÁÓÎÏÓÔÉ É ÐÏÄÄÅÒÖÉ×ÁÅÍÙÈ ×ÏÚÍÏÖÎÏÓÔÅÊ. ÷ÓÅ ÐÁÔÅÎÔÏ×ÁÎÎÙÅ
-ÁÌÇÏÒÉÔÍÙ ×ÙÎÅÓÅÎÙ × ÏÔÄÅÌØÎÙÅ ÂÉÂÌÉÏÔÅËÉ (OpenSSL).
-
-üÔÏÔ ÐÁËÅÔ ÓÏÄÅÒÖÉÔ ÆÁÊÌÙ, ÎÅÏÂÈÏÄÉÍÙÅ ËÁË ÄÌÑ ËÌÉÅÎÔÁ, ÔÁË É ÄÌÑ
-ÓÅÒ×ÅÒÁ OpenSSH. ÷ÁÍ ÎÕÖÎÏ ÂÕÄÅÔ ÕÓÔÁÎÏ×ÉÔØ ÅÝÅ openssh-clients,
-openssh-server, ÉÌÉ ÏÂÁ ÐÁËÅÔÁ.
-
-%description -l uk
-Ssh (Secure Shell) - ÃÅ ÐÒÏÇÒÁÍÁ ÄÌÑ "ÚÁÈÏÄÕ" (login) ÄÏ ×¦ÄÄÁÌÅÎϧ
-ÍÁÛÉÎÉ ÔÁ ÄÌÑ ×ÉËÏÎÁÎÎÑ ËÏÍÁÎÄ ÎÁ צÄÄÁÌÅÎ¦Ê ÍÁÛÉΦ. ÷ÏÎÁ ÐÒÉÚÎÁÞÅÎÁ
-ÄÌÑ ÚÁͦÎÉ rlogin ÔÁ rsh ¦ ÚÁÂÅÚÐÅÞÕ¤ ÂÅÚÐÅÞÎÕ ÛÉÆÒÏ×ÁÎÕ ËÏÍÕΦËÁæÀ
-Í¦Ö Ä×ÏÍÁ ÈÏÓÔÁÍÉ × ÍÅÒÅÖ¦, ÑËÁ ÎÅ ¤ ÂÅÚÐÅÞÎÏÀ. ú'¤ÄÎÁÎÎÑ X11 ÔÁ
-ÄÏצÌØΦ ÐÏÒÔÉ TCP/IP ÍÏÖÕÔØ ÔÁËÏÖ ÂÕÔÉ ÐÒÏ×ÅÄÅΦ ÞÅÒÅÚ ÂÅÚÐÅÞÎÉÊ
-ËÁÎÁÌ.
-
-OpenSSH - ÃÅ ÐÅÒÅÒÏÂËÁ ËÏÍÁÎÄÏÀ ÒÏÚÒÏÂÎÉË¦× OpenBSD ÏÓÔÁÎÎØϧ צÌØÎϧ
-×ÅÒÓ¦§ SSH, ÄÏ×ÅÄÅÎÁ ÄÏ ÓÕÞÁÓÎÏÇÏ ÓÔÁÎÕ × ÔÅÒͦÎÁÈ Ò¦×ÎÑ ÂÅÚÐÅËÉ ÔÁ
-ЦÄÔÒÉÍÕ×ÁÎÉÈ ÍÏÖÌÉ×ÏÓÔÅÊ. ÷Ó¦ ÐÁÔÅÎÔÏ×ÁΦ ÁÌÇÏÒÉÔÍÉ ×ÉÎÅÓÅΦ ÄÏ
-ÏËÒÅÍÉÈ Â¦Â̦ÏÔÅË (OpenSSL).
-
-ãÅÊ ÐÁËÅÔ Í¦ÓÔÉÔØ ÆÁÊÌÉ, ÎÅÏÂȦÄΦ ÑË ÄÌÑ Ë̦¤ÎÔÁ, ÔÁË ¦ ÄÌÑ ÓÅÒ×ÅÒÁ
-OpenSSH. ÷ÁÍ ÐÏÔÒ¦ÂÎÏ ÂÕÄÅ ÝÅ ×ÓÔÁÎÏ×ÉÔÉ openssh-clients,
-openssh-server, ÞÉ ÏÂÉÄ×Á ÐÁËÅÔÉ.
+Esse pacote contém o "port" pra Linux do OpenSSH. Você deve instalar
+também ou o pacote openssh-clients, ou o openssh-server, ou ambos.
+
+%description -l ru.UTF-8
+Ssh (Secure Shell) - это программа для "захода" (login) на удаленную
+машину и для выполнения команд на удаленной машине. Она предназначена
+для замены rlogin и rsh и обеспечивает безопасную шифрованную
+коммуникацию между двумя хостами в сети, являющейся небезопасной.
+Соединения X11 и любые порты TCP/IP могут также быть проведены через
+безопасный канал.
+
+OpenSSH - это переделка командой разработчиков OpenBSD последней
+свободной версии SSH, доведенная до современного состояния в терминах
+уровня безопасности и поддерживаемых возможностей. Все патентованные
+алгоритмы вынесены в отдельные библиотеки (OpenSSL).
+
+Этот пакет содержит файлы, необходимые как для клиента, так и для
+сервера OpenSSH. Вам нужно будет установить еще openssh-clients,
+openssh-server, или оба пакета.
+
+%description -l uk.UTF-8
+Ssh (Secure Shell) - це програма для "заходу" (login) до віддаленої
+машини та для виконання команд на віддаленій машині. Вона призначена
+для заміни rlogin та rsh і забезпечує безпечну шифровану комунікацію
+між двома хостами в мережі, яка не є безпечною. З'єднання X11 та
+довільні порти TCP/IP можуть також бути проведені через безпечний
+канал.
+
+OpenSSH - це переробка командою розробників OpenBSD останньої вільної
+версії SSH, доведена до сучасного стану в термінах рівня безпеки та
+пÑ\96дÑ\82Ñ\80имÑ\83ваниÑ\85 можливоÑ\81Ñ\82ей. Ð\92Ñ\81Ñ\96 паÑ\82енÑ\82ованÑ\96 алгоÑ\80иÑ\82ми винеÑ\81енÑ\96 до
+окремих бібліотек (OpenSSL).
+
+Цей пакет містить файли, необхідні як для клієнта, так і для сервера
+OpenSSH. Вам потрібно буде ще встановити openssh-clients,
+openssh-server, чи обидва пакети.

 
 %package clients
 Summary:       OpenSSH Secure Shell protocol clients
 
 %package clients
 Summary:       OpenSSH Secure Shell protocol clients

-Summary(es):   Clientes de OpenSSH
-Summary(pl):   Klienci protoko³u Secure Shell
-Summary(pt_BR):        Clientes do OpenSSH
-Summary(ru):   OpenSSH - ËÌÉÅÎÔÙ ÐÒÏÔÏËÏÌÁ Secure Shell
-Summary(uk):   OpenSSH - Ë̦¤ÎÔÉ ÐÒÏÔÏËÏÌÕ Secure Shell
+Summary(es.UTF-8):     Clientes de OpenSSH
+Summary(pl.UTF-8):     Klienci protokołu Secure Shell
+Summary(pt_BR.UTF-8):  Clientes do OpenSSH
+Summary(ru.UTF-8):     OpenSSH - клиенты протокола Secure Shell
+Summary(uk.UTF-8):     OpenSSH - клієнти протоколу Secure Shell

 Group:         Applications/Networking
 Group:         Applications/Networking

+Requires:      %{name}

 Provides:      ssh-clients
 Provides:      ssh-clients

-Requires:      %{name} = %{epoch}:%{version}

 Obsoletes:     ssh-clients
 
 %description clients
 Obsoletes:     ssh-clients
 
 %description clients


@@ -217,60 +260,86 @@ all patented algorithms to seperate libraries (OpenSSL).
 This package includes the clients necessary to make encrypted
 connections to SSH servers.
 
 This package includes the clients necessary to make encrypted
 connections to SSH servers.
 

-%description clients -l es
+%description clients -l es.UTF-8

 Este paquete incluye los clientes que se necesitan para hacer
 conexiones codificadas con servidores SSH.
 
 Este paquete incluye los clientes que se necesitan para hacer
 conexiones codificadas con servidores SSH.
 

-%description clients -l pl
-Ssh (Secure Shell) to program s³u¿±cy do logowania siê na zdaln±
-maszynê i uruchamiania na niej aplikacji. W zamierzeniu openssh ma
-zast±piæ rlogin, rsh i dostarczyæ bezpieczne, szyfrowane po³±czenie
-pomiedzy dwoma hostami.
+%description clients -l pl.UTF-8
+Ssh (Secure Shell) to program służący do logowania się na zdalną
+maszynę i uruchamiania na niej aplikacji. W zamierzeniu openssh ma
+zastąpić rlogin, rsh i dostarczyć bezpieczne, szyfrowane połączenie
+pomiędzy dwoma hostami.

 
 

-Ten pakiet zawiera klientów s³u¿±cych do ³±czenia siê z serwerami SSH.
+Ten pakiet zawiera klientów służących do łączenia się z serwerami SSH.

 
 

-%description clients -l pt_BR
-Esse pacote inclui os clientes necessários para fazer conexões
+%description clients -l pt_BR.UTF-8
+Esse pacote inclui os clientes necessários para fazer conexões

 encriptadas com servidores SSH.
 
 encriptadas com servidores SSH.
 

-%description clients -l ru
-Ssh (Secure Shell) - ÜÔÏ ÐÒÏÇÒÁÍÍÁ ÄÌÑ "ÚÁÈÏÄÁ" (login) ÎÁ ÕÄÁÌÅÎÎÕÀ
-ÍÁÛÉÎÕ É ÄÌÑ ×ÙÐÏÌÎÅÎÉÑ ËÏÍÁÎÄ ÎÁ ÕÄÁÌÅÎÎÏÊ ÍÁÛÉÎÅ.
+%description clients -l ru.UTF-8
+Ssh (Secure Shell) - это программа для "захода" (login) на удаленную
+машину и для выполнения команд на удаленной машине.
+
+Этот пакет содержит программы-клиенты, необходимые для установления
+зашифрованных соединений с серверами SSH.
+
+%description clients -l uk.UTF-8
+Ssh (Secure Shell) - це програма для "заходу" (login) до віддаленої
+машини та для виконання команд на віддаленій машині.

 
 

-üÔÏÔ ÐÁËÅÔ ÓÏÄÅÒÖÉÔ ÐÒÏÇÒÁÍÍÙ-ËÌÉÅÎÔÙ, ÎÅÏÂÈÏÄÉÍÙÅ ÄÌÑ ÕÓÔÁÎÏ×ÌÅÎÉÑ
-ÚÁÛÉÆÒÏ×ÁÎÎÙÈ ÓÏÅÄÉÎÅÎÉÊ Ó ÓÅÒ×ÅÒÁÍÉ SSH.
+Цей пакет містить програми-клієнти, необхідні для встановлення
+зашифрованих з'єднань з серверами SSH.

 
 

-%description clients -l uk
-Ssh (Secure Shell) - ÃÅ ÐÒÏÇÒÁÍÁ ÄÌÑ "ÚÁÈÏÄÕ" (login) ÄÏ ×¦ÄÄÁÌÅÎϧ
-ÍÁÛÉÎÉ ÔÁ ÄÌÑ ×ÉËÏÎÁÎÎÑ ËÏÍÁÎÄ ÎÁ צÄÄÁÌÅÎ¦Ê ÍÁÛÉΦ.
+%package clients-agent-profile_d
+Summary:       OpenSSH Secure Shell agent init script
+Summary(pl.UTF-8):     Skrypt startowy agenta OpenSSH
+Group:         Applications/Networking
+Requires:      %{name}-clients = %{epoch}:%{version}-%{release}
+
+%description clients-agent-profile_d
+profile.d scripts for starting SSH agent.

 
 

-ãÅÊ ÐÁËÅÔ Í¦ÓÔÉÔØ ÐÒÏÇÒÁÍÉ-Ë̦¤ÎÔÉ, ÎÅÏÂȦÄΦ ÄÌÑ ×ÓÔÁÎÏ×ÌÅÎÎÑ
-ÚÁÛÉÆÒÏ×ÁÎÉÈ Ú'¤ÄÎÁÎØ Ú ÓÅÒ×ÅÒÁÍÉ SSH.
+%description clients-agent-profile_d -l pl.UTF-8
+Skrypty profile.d do uruchamiania agenta SSH.
+
+%package clients-agent-xinitrc
+Summary:       OpenSSH Secure Shell agent init script
+Summary(pl.UTF-8):     Skrypt inicjujący agenta ssh przez xinitrc
+Group:         Applications/Networking
+Requires:      %{name}-clients-agent-profile_d = %{epoch}:%{version}-%{release}
+Requires:      xinitrc
+
+%description clients-agent-xinitrc
+xinitrc scripts for starting SSH agent.
+
+%description clients-agent-xinitrc -l pl.UTF-8
+Skrypty xinitrc do uruchamiania agenta SSH.

 
 %package server
 Summary:       OpenSSH Secure Shell protocol server (sshd)
 
 %package server
 Summary:       OpenSSH Secure Shell protocol server (sshd)

-Summary(de):   OpenSSH Secure Shell Protocol-Server (sshd)
-Summary(es):   Servidor OpenSSH para comunicaciones codificadas
-Summary(fr):   Serveur de protocole du shell sécurisé OpenSSH (sshd)
-Summary(it):   Server OpenSSH per il protocollo Secure Shell (sshd)
-Summary(pl):   Serwer protoko³u Secure Shell (sshd)
-Summary(pt):   Servidor do protocolo 'Secure Shell' OpenSSH (sshd)
-Summary(pt_BR):        Servidor OpenSSH para comunicações encriptadas
-Summary(ru):   OpenSSH - ÓÅÒ×ÅÒ ÐÒÏÔÏËÏÌÁ Secure Shell (sshd)
-Summary(uk):   OpenSSH - ÓÅÒ×ÅÒ ÐÒÏÔÏËÏÌÕ Secure Shell (sshd)
+Summary(de.UTF-8):     OpenSSH Secure Shell Protocol-Server (sshd)
+Summary(es.UTF-8):     Servidor OpenSSH para comunicaciones codificadas
+Summary(fr.UTF-8):     Serveur de protocole du shell sécurisé OpenSSH (sshd)
+Summary(it.UTF-8):     Server OpenSSH per il protocollo Secure Shell (sshd)
+Summary(pl.UTF-8):     Serwer protokołu Secure Shell (sshd)
+Summary(pt.UTF-8):     Servidor do protocolo 'Secure Shell' OpenSSH (sshd)
+Summary(pt_BR.UTF-8):  Servidor OpenSSH para comunicações encriptadas
+Summary(ru.UTF-8):     OpenSSH - сервер протокола Secure Shell (sshd)
+Summary(uk.UTF-8):     OpenSSH - сервер протоколу Secure Shell (sshd)

 Group:         Networking/Daemons
 Group:         Networking/Daemons

-PreReq:                %{name} = %{epoch}:%{version}
-PreReq:                rc-scripts >= 0.3.1-15
-Requires(pre): /bin/id
-Requires(pre): /usr/sbin/useradd
-Requires(post,preun):  /sbin/chkconfig
-Requires(post):        chkconfig >= 0.9
+Requires(post):        /sbin/chkconfig

 Requires(post):        grep
 Requires(post):        grep

+Requires(post,preun):  /sbin/chkconfig

 Requires(postun):      /usr/sbin/userdel
 Requires(postun):      /usr/sbin/userdel

-Requires:      /bin/login
+Requires(pre): /bin/id
+Requires(pre): /usr/sbin/useradd
+Requires:      %{name} = %{epoch}:%{version}-%{release}
+Requires:      pam >= %{pam_ver}
+Requires:      rc-scripts >= 0.4.3.0

 Requires:      util-linux
 Requires:      util-linux

-Requires:      pam >= 0.77.3
+Suggests:      /bin/login

 Provides:      ssh-server
 Provides:      ssh-server

+Provides:      user(sshd)

 
 %description server
 Ssh (Secure Shell) a program for logging into a remote machine and for
 
 %description server
 Ssh (Secure Shell) a program for logging into a remote machine and for


@@ -287,69 +356,83 @@ This package contains the secure shell daemon. The sshd is the server
 part of the secure shell protocol and allows ssh clients to connect to
 your host.
 
 part of the secure shell protocol and allows ssh clients to connect to
 your host.
 

-%description server -l de
+%description server -l de.UTF-8

 Dieses Paket installiert den sshd, den Server-Teil der OpenSSH.
 
 Dieses Paket installiert den sshd, den Server-Teil der OpenSSH.
 

-%description server -l es
+%description server -l es.UTF-8

 Este paquete contiene el servidor SSH. sshd es la parte servidor del
 protocolo secure shell y permite que clientes ssh se conecten a su
 servidor.
 
 Este paquete contiene el servidor SSH. sshd es la parte servidor del
 protocolo secure shell y permite que clientes ssh se conecten a su
 servidor.
 

-%description server -l fr
+%description server -l fr.UTF-8

 Ce paquetage installe le 'sshd', partie serveur de OpenSSH.
 
 Ce paquetage installe le 'sshd', partie serveur de OpenSSH.
 

-%description server -l it
+%description server -l it.UTF-8

 Questo pacchetto installa sshd, il server di OpenSSH.
 
 Questo pacchetto installa sshd, il server di OpenSSH.
 

-%description server -l pl
-Ssh (Secure Shell) to program s³u¿±cy do logowania siê na zdaln±
-maszynê i uruchamiania na niej aplikacji. W zamierzeniu openssh ma
-zast±piæ rlogin, rsh i dostarczyæ bezpieczne, szyfrowane po³±czenie
-pomiedzy dwoma hostami.
+%description server -l pl.UTF-8
+Ssh (Secure Shell) to program służący do logowania się na zdalną
+maszynę i uruchamiania na niej aplikacji. W zamierzeniu openssh ma
+zastąpić rlogin, rsh i dostarczyć bezpieczne, szyfrowane połączenie
+pomiędzy dwoma hostami.

 
 

-Ten pakiet zawiera serwer sshd (do którego mog± ³±czyæ siê klienci
+Ten pakiet zawiera serwer sshd (do którego mogą łączyć się klienci

 ssh).
 
 ssh).
 

-%description server -l pt
+%description server -l pt.UTF-8

 Este pacote intala o sshd, o servidor do OpenSSH.
 
 Este pacote intala o sshd, o servidor do OpenSSH.
 

-%description server -l pt_BR
-Esse pacote contém o servidor SSH. O sshd é a parte servidor do
+%description server -l pt_BR.UTF-8
+Esse pacote contém o servidor SSH. O sshd é a parte servidor do

 protocolo secure shell e permite que clientes ssh se conectem ao seu
 host.
 
 protocolo secure shell e permite que clientes ssh se conectem ao seu
 host.
 

-%description server -l ru
-Ssh (Secure Shell) - ÜÔÏ ÐÒÏÇÒÁÍÍÁ ÄÌÑ "ÚÁÈÏÄÁ" (login) ÎÁ ÕÄÁÌÅÎÎÕÀ
-ÍÁÛÉÎÕ É ÄÌÑ ×ÙÐÏÌÎÅÎÉÑ ËÏÍÁÎÄ ÎÁ ÕÄÁÌÅÎÎÏÊ ÍÁÛÉÎÅ.
+%description server -l ru.UTF-8
+Ssh (Secure Shell) - это программа для "захода" (login) на удаленную
+машину и для выполнения команд на удаленной машине.
+
+Этот пакет содержит sshd - "демон" Secure Shell. sshd - это серверная
+часть протокола Secure Shell, позволяющая клиентам ssh соединяться с
+вашим хостом.
+
+%description server -l uk.UTF-8
+Ssh (Secure Shell) - це програма для "заходу" (login) до віддаленої
+машини та для виконання команд на віддаленій машині.

 
 

-üÔÏÔ ÐÁËÅÔ ÓÏÄÅÒÖÉÔ sshd - "ÄÅÍÏÎ" Secure Shell. sshd - ÜÔÏ ÓÅÒ×ÅÒÎÁÑ
-ÞÁÓÔØ ÐÒÏÔÏËÏÌÁ Secure Shell, ÐÏÚ×ÏÌÑÀÝÁÑ ËÌÉÅÎÔÁÍ ssh ÓÏÅÄÉÎÑÔØÓÑ Ó
-×ÁÛÉÍ ÈÏÓÔÏÍ.
+Цей пакет містить sshd - "демон" Secure Shell. sshd - це серверна
+частина протоколу Secure Shell, яка дозволяє клієнтам ssh зв'язуватись
+з вашим хостом.

 
 

-%description server -l uk
-Ssh (Secure Shell) - ÃÅ ÐÒÏÇÒÁÍÁ ÄÌÑ "ÚÁÈÏÄÕ" (login) ÄÏ ×¦ÄÄÁÌÅÎϧ
-ÍÁÛÉÎÉ ÔÁ ÄÌÑ ×ÉËÏÎÁÎÎÑ ËÏÍÁÎÄ ÎÁ צÄÄÁÌÅÎ¦Ê ÍÁÛÉΦ.
+%package server-upstart
+Summary:       Upstart job description for OpenSSH server
+Summary(pl.UTF-8):     Opis zadania Upstart dla serwera OpenSSH
+Group:         Daemons
+Requires:      %{name}-server = %{epoch}:%{version}-%{release}
+Requires:      upstart >= 0.6
+Conflicts:     syslog-ng < 3.2.4-1

 
 

-ãÅÊ ÐÁËÅÔ Í¦ÓÔÉÔØ sshd - "ÄÅÍÏÎ" Secure Shell. sshd - ÃÅ ÓÅÒ×ÅÒÎÁ
-ÞÁÓÔÉÎÁ ÐÒÏÔÏËÏÌÕ Secure Shell, ÑËÁ ÄÏÚ×ÏÌѤ Ë̦¤ÎÔÁÍ ssh Ú×'ÑÚÕ×ÁÔÉÓØ
-Ú ×ÁÛÉÍ ÈÏÓÔÏÍ.
+%description server-upstart
+Upstart job description for OpenSSH.
+
+%description server-upstart -l pl.UTF-8
+Opis zadania Upstart dla OpenSSH.

 
 %package gnome-askpass
 Summary:       OpenSSH GNOME passphrase dialog
 
 %package gnome-askpass
 Summary:       OpenSSH GNOME passphrase dialog

-Summary(de):   OpenSSH GNOME Passwort-Dialog
-Summary(es):   Diálogo para introducción de passphrase para GNOME
-Summary(fr):   Dialogue pass-phrase GNOME d'OpenSSH
-Summary(it):   Finestra di dialogo GNOME per la frase segreta di OpenSSH
-Summary(pl):   Odpytywacz has³a OpenSSH dla GNOME
-Summary(pt):   Diálogo de pedido de senha para GNOME do OpenSSH
-Summary(pt_BR):        Diálogo para entrada de passphrase para GNOME
-Summary(ru):   OpenSSH - ÄÉÁÌÏÇ ××ÏÄÁ ËÌÀÞÅ×ÏÊ ÆÒÁÚÙ (passphrase) ÄÌÑ GNOME
-Summary(uk):   OpenSSH - ĦÁÌÏÇ ××ÏÄÕ ËÌÀÞÏ×ϧ ÆÒÁÚÉ (passphrase) ÄÌÑ GNOME
+Summary(de.UTF-8):     OpenSSH GNOME Passwort-Dialog
+Summary(es.UTF-8):     Diálogo para introducción de passphrase para GNOME
+Summary(fr.UTF-8):     Dialogue pass-phrase GNOME d'OpenSSH
+Summary(it.UTF-8):     Finestra di dialogo GNOME per la frase segreta di OpenSSH
+Summary(pl.UTF-8):     Odpytywacz hasła OpenSSH dla GNOME
+Summary(pt.UTF-8):     Diálogo de pedido de senha para GNOME do OpenSSH
+Summary(pt_BR.UTF-8):  Diálogo para entrada de passphrase para GNOME
+Summary(ru.UTF-8):     OpenSSH - диалог ввода ключевой фразы (passphrase) для GNOME
+Summary(uk.UTF-8):     OpenSSH - діалог вводу ключової фрази (passphrase) для GNOME

 Group:         Applications/Networking
 Group:         Applications/Networking

-Requires:      %{name} = %{epoch}:%{version}
-Obsoletes:     ssh-extras
-Obsoletes:     ssh-askpass
+Requires:      %{name} = %{epoch}:%{version}-%{release}

 Obsoletes:     openssh-askpass
 Obsoletes:     openssh-askpass

+Obsoletes:     ssh-askpass
+Obsoletes:     ssh-extras

 
 %description gnome-askpass
 Ssh (Secure Shell) a program for logging into a remote machine and for
 
 %description gnome-askpass
 Ssh (Secure Shell) a program for logging into a remote machine and for


@@ -364,81 +447,117 @@ all patented algorithms to seperate libraries (OpenSSL).
 
 This package contains the GNOME passphrase dialog.
 
 
 This package contains the GNOME passphrase dialog.
 

-%description gnome-askpass -l es
-Este paquete contiene un programa que abre una caja de diálogo para
+%description gnome-askpass -l es.UTF-8
+Este paquete contiene un programa que abre una caja de diálogo para

 entrada de passphrase en GNOME.
 
 entrada de passphrase en GNOME.
 

-%description gnome-askpass -l pl
-Ssh (Secure Shell) to program s³u¿±cy do logowania siê na zdaln±
-maszynê i uruchamiania na niej aplikacji. W zamierzeniu openssh ma
-zast±piæ rlogin, rsh i dostarczyæ bezpieczne, szyfrowane po³±czenie
-pomiedzy dwoma hostami.
+%description gnome-askpass -l pl.UTF-8
+Ssh (Secure Shell) to program służący do logowania się na zdalną
+maszynę i uruchamiania na niej aplikacji. W zamierzeniu openssh ma
+zastąpić rlogin, rsh i dostarczyć bezpieczne, szyfrowane połączenie
+pomiędzy dwoma hostami.

 
 

-Ten pakiet zawiera ,,odpytywacz has³a'' dla GNOME.
+Ten pakiet zawiera ,,odpytywacz hasła'' dla GNOME.

 
 

-%description gnome-askpass -l pt_BR
-Esse pacote contém um programa que abre uma caixa de diálogo para
+%description gnome-askpass -l pt_BR.UTF-8
+Esse pacote contém um programa que abre uma caixa de diálogo para

 entrada de passphrase no GNOME.
 
 entrada de passphrase no GNOME.
 

-%description gnome-askpass -l ru
-Ssh (Secure Shell) - ÜÔÏ ÐÒÏÇÒÁÍÍÁ ÄÌÑ "ÚÁÈÏÄÁ" (login) ÎÁ ÕÄÁÌÅÎÎÕÀ
-ÍÁÛÉÎÕ É ÄÌÑ ×ÙÐÏÌÎÅÎÉÑ ËÏÍÁÎÄ ÎÁ ÕÄÁÌÅÎÎÏÊ ÍÁÛÉÎÅ.
+%description gnome-askpass -l ru.UTF-8
+Ssh (Secure Shell) - это программа для "захода" (login) на удаленную
+машину и для выполнения команд на удаленной машине.

 
 

-üÔÏÔ ÐÁËÅÔ ÓÏÄÅÒÖÉÔ ÄÉÁÌÏÇ ××ÏÄÁ ËÌÀÞÅ×ÏÊ ÆÒÁÚÙ ÄÌÑ ÉÓÐÏÌØÚÏ×ÁÎÉÑ ÐÏÄ
+Этот пакет содержит диалог ввода ключевой фразы для использования под

 GNOME.
 
 GNOME.
 

-%description gnome-askpass -l uk
-Ssh (Secure Shell) - ÃÅ ÐÒÏÇÒÁÍÁ ÄÌÑ "ÚÁÈÏÄÕ" (login) ÄÏ ×¦ÄÄÁÌÅÎϧ
-ÍÁÛÉÎÉ ÔÁ ÄÌÑ ×ÉËÏÎÁÎÎÑ ËÏÍÁÎÄ ÎÁ צÄÄÁÌÅÎ¦Ê ÍÁÛÉΦ.
+%description gnome-askpass -l uk.UTF-8
+Ssh (Secure Shell) - це програма для "заходу" (login) до віддаленої
+машини та для виконання команд на віддаленій машині.

 
 

-ãÅÊ ÐÁËÅÔ Í¦ÓÔÉÔØ Ä¦ÁÌÏÇ ××ÏÄÕ ËÌÀÞÏ×ϧ ÆÒÁÚÉ ÄÌÑ ×ÉËÏÒÉÓÔÁÎÎÑ Ð¦Ä
+Цей пакет містить діалог вводу ключової фрази для використання під

 GNOME.
 
 GNOME.
 

+%package -n openldap-schema-openssh-lpk
+Summary:       OpenSSH LDAP Public Key schema
+Summary(pl.UTF-8):     Schemat klucza publicznego LDAP dla OpenSSH
+Group:         Networking/Daemons
+Requires(post,postun): sed >= 4.0
+Requires:      openldap-servers
+
+%description -n openldap-schema-openssh-lpk
+This package contains OpenSSH LDAP Public Key schema for openldap.
+
+%description -n openldap-schema-openssh-lpk -l pl.UTF-8
+Ten pakiet zawiera schemat klucza publicznego LDAP dla OpenSSH dla
+openldap-a.
+

 %prep
 %setup -q
 %prep
 %setup -q

+%{?with_kerberos5:%patch100 -p1}

 %patch0 -p1
 %patch2 -p1
 %patch3 -p1
 %patch0 -p1
 %patch2 -p1
 %patch3 -p1

-%patch4 -p1
+%{?with_ldap:%patch4 -p1}

 %{?with_ldap:%patch5 -p1}
 %{?with_ldap:%patch5 -p1}

-%{?with_kerberos5:%patch6 -p1}
-#%patch7 -p1
-%patch8 -p1
-%patch9 -p1
+%patch6 -p1
+%patch7 -p1
+%{?with_hpn:%patch9 -p1}

 %patch10 -p1
 %patch10 -p1

-%patch11 -p0
+%patch11 -p1

 %patch12 -p1
 %patch12 -p1

+%patch13 -p1
+
+cp -p %{SOURCE3} sshd.pam
+install -p %{SOURCE2} sshd.init
+
+%if "%{pld_release}" == "ac"
+# fix for missing x11.pc
+%{__sed} -i -e '/pkg-config/s/ x11//' contrib/Makefile
+# not present in ac, no point searching it
+%{__sed} -i -e '/pam_keyinit.so/d' sshd.pam
+
+# openssl on ac does not have OPENSSL_HAS_ECC
+%{__sed} -i -e '/ecdsa/d' sshd.init
+%endif
+
+# hack since arc4random from openbsd-compat needs symbols from libssh and vice versa
+sed -i -e 's#-lssh -lopenbsd-compat#-lssh -lopenbsd-compat -lssh#g' Makefile*

 
 %build
 cp /usr/share/automake/config.sub .
 %{__aclocal}
 %{__autoconf}
 
 %build
 cp /usr/share/automake/config.sub .
 %{__aclocal}
 %{__autoconf}

-%{?with_chroot:CPPFLAGS="-DCHROOT"}
+%{__autoheader}
+CPPFLAGS="-DCHROOT"

 %configure \
        PERL=%{__perl} \
 %configure \
        PERL=%{__perl} \

-       --with-dns \
-       --with-pam \
+       --disable-strip \
+       --enable-utmpx \
+       --enable-wtmpx \
+       --with-4in6 \
+       %{?with_audit:--with-audit=linux} \
+       --with-ipaddr-display \
+       %{?with_kerberos5:--with-kerberos5=/usr} \
+       %{?with_ldap:--with-ldap} \
+       %{?with_libedit:--with-libedit} \

        --with-mantype=man \
        --with-md5-passwords \
        --with-mantype=man \
        --with-md5-passwords \

-       --with-ipaddr-display \
-       --with-4in6 \
-       --disable-suid-ssh \
-       --with-tcp-wrappers \
-       %{?with_ldap:--with-libs="-lldap -llber"} \
-       %{?with_ldap:--with-cppflags="-DWITH_LDAP_PUBKEY"} \
-       %{?with_kerberos5:--with-kerberos5} \
-       --with-privsep-path=%{_privsepdir} \
+       --with-pam \
+       --with-authorized-keys-command \

        --with-pid-dir=%{_localstatedir}/run \
        --with-pid-dir=%{_localstatedir}/run \

+       --with-privsep-path=%{_privsepdir} \
+       %{?with_selinux:--with-selinux} \
+       --with-tcp-wrappers \
+%if "%{pld_release}" == "ac"

        --with-xauth=/usr/X11R6/bin/xauth
        --with-xauth=/usr/X11R6/bin/xauth

+%else
+       --with-xauth=%{_bindir}/xauth
+%endif

 
 

-echo '#define LOGIN_PROGRAM           "/bin/login"' >>config.h
+echo '#define LOGIN_PROGRAM               "/bin/login"' >>config.h

 
 %{__make}
 
 
 %{__make}
 

-cp -f %{SOURCE9} .
-cp -f %{SOURCE10} .
-%{__cc} %{rpmcflags} %{rpmldflags} connect.c -o connect
-

 cd contrib
 %if %{with gnome}
 %{__make} gnome-ssh-askpass1 \
 cd contrib
 %if %{with gnome}
 %{__make} gnome-ssh-askpass1 \


@@ -451,52 +570,75 @@ cd contrib
 
 %install
 rm -rf $RPM_BUILD_ROOT
 
 %install
 rm -rf $RPM_BUILD_ROOT

-install -d $RPM_BUILD_ROOT{%{_sysconfdir},/etc/{pam.d,rc.d/init.d,sysconfig,security}} \
-       $RPM_BUILD_ROOT%{_libexecdir}/ssh
+install -d $RPM_BUILD_ROOT{%{_sysconfdir},/etc/{init,pam.d,rc.d/init.d,sysconfig,security,env.d}} \
+       $RPM_BUILD_ROOT{%{_libexecdir}/ssh,%{schemadir}}
+install -d $RPM_BUILD_ROOT/etc/{profile.d,X11/xinit/xinitrc.d}

 
 %{__make} install \
        DESTDIR=$RPM_BUILD_ROOT
 
 
 %{__make} install \
        DESTDIR=$RPM_BUILD_ROOT
 

-install connect    $RPM_BUILD_ROOT%{_bindir}
-install %{SOURCE4} $RPM_BUILD_ROOT/etc/pam.d/sshd
-install %{SOURCE6} $RPM_BUILD_ROOT/etc/pam.d/passwdssh
-install %{SOURCE5} $RPM_BUILD_ROOT/etc/sysconfig/sshd
-install %{SOURCE3} $RPM_BUILD_ROOT/etc/rc.d/init.d/sshd
-install %{SOURCE2} $RPM_BUILD_ROOT%{_sysconfdir}/ssh_config
-install %{SOURCE1} $RPM_BUILD_ROOT%{_sysconfdir}/sshd_config
+bzip2 -dc %{SOURCE1} | tar xf - -C $RPM_BUILD_ROOT%{_mandir}
+
+install -p sshd.init $RPM_BUILD_ROOT/etc/rc.d/init.d/sshd
+cp -p sshd.pam $RPM_BUILD_ROOT/etc/pam.d/sshd
+cp -p %{SOURCE4} $RPM_BUILD_ROOT/etc/sysconfig/sshd
+cp -p %{SOURCE5} $RPM_BUILD_ROOT/etc/profile.d
+ln -sf /etc/profile.d/ssh-agent.sh $RPM_BUILD_ROOT/etc/X11/xinit/xinitrc.d/ssh-agent.sh
+cp -p %{SOURCE6} $RPM_BUILD_ROOT%{_sysconfdir}
+cp -p %{SOURCE7} $RPM_BUILD_ROOT%{schemadir}
+cp -p %{SOURCE8} $RPM_BUILD_ROOT/etc/init/sshd.conf

 
 %if %{with gnome}
 
 %if %{with gnome}

-install contrib/gnome-ssh-askpass1 $RPM_BUILD_ROOT%{_libexecdir}/ssh/ssh-askpass
+install -p contrib/gnome-ssh-askpass1 $RPM_BUILD_ROOT%{_libexecdir}/ssh/ssh-askpass

 %endif
 %if %{with gtk}
 %endif
 %if %{with gtk}

-install contrib/gnome-ssh-askpass2 $RPM_BUILD_ROOT%{_libexecdir}/ssh/ssh-askpass
+install -p contrib/gnome-ssh-askpass2 $RPM_BUILD_ROOT%{_libexecdir}/ssh/ssh-askpass
+%endif
+%if %{with gnome} || %{with gtk}
+cat << 'EOF' >$RPM_BUILD_ROOT/etc/env.d/GNOME_SSH_ASKPASS_GRAB_SERVER
+#GNOME_SSH_ASKPASS_GRAB_SERVER="true"
+EOF
+cat << 'EOF' >$RPM_BUILD_ROOT/etc/env.d/GNOME_SSH_ASKPASS_GRAB_POINTER
+#GNOME_SSH_ASKPASS_GRAB_POINTER="true"
+EOF
+ln -s %{_libexecdir}/ssh/ssh-askpass $RPM_BUILD_ROOT%{_libexecdir}/ssh-askpass

 %endif
 
 %endif
 

-rm -f  $RPM_BUILD_ROOT%{_mandir}/man1/slogin.1
+install -p contrib/ssh-copy-id $RPM_BUILD_ROOT%{_bindir}
+cp -p contrib/ssh-copy-id.1 $RPM_BUILD_ROOT%{_mandir}/man1
+
+%{__rm} $RPM_BUILD_ROOT%{_mandir}/man1/slogin.1

 echo ".so ssh.1" > $RPM_BUILD_ROOT%{_mandir}/man1/slogin.1
 
 touch $RPM_BUILD_ROOT/etc/security/blacklist.sshd
 
 echo ".so ssh.1" > $RPM_BUILD_ROOT%{_mandir}/man1/slogin.1
 
 touch $RPM_BUILD_ROOT/etc/security/blacklist.sshd
 

+cat << 'EOF' > $RPM_BUILD_ROOT/etc/env.d/SSH_ASKPASS
+#SSH_ASKPASS="%{_libexecdir}/ssh-askpass"
+EOF
+
+%{__rm} $RPM_BUILD_ROOT%{_mandir}/README.openssh-non-english-man-pages
+

 %clean
 rm -rf $RPM_BUILD_ROOT
 
 %clean
 rm -rf $RPM_BUILD_ROOT
 

+%post clients
+%env_update
+
+%postun clients
+%env_update
+
+%post gnome-askpass
+%env_update
+
+%postun gnome-askpass
+%env_update
+

 %pre server
 %pre server

-if [ -n "`id -u sshd 2>/dev/null`" ]; then
-       if [ "`id -u sshd`" != "40" ]; then
-               echo "Error: user sshd doesn't have uid=40. Correct this before installing ssh server." 1>&2
-               exit 1
-       fi
-else
-       /usr/sbin/useradd -u 40 -d %{_privsepdir} -s /bin/false -M -r -c "OpenSSH PrivSep User" -g nobody sshd 1>&2
-fi
+%useradd -P %{name}-server -u 40 -d %{_privsepdir} -s /bin/false -c "OpenSSH PrivSep User" -g nobody sshd

 
 %post server
 /sbin/chkconfig --add sshd
 
 %post server
 /sbin/chkconfig --add sshd

-if [ -f /var/lock/subsys/sshd ]; then
-       /etc/rc.d/init.d/sshd restart 1>&2
-else
-       echo "Run \"/etc/rc.d/init.d/sshd start\" to start openssh daemon."
-fi
+%service sshd reload "openssh daemon"

 if ! grep -qs ssh /etc/security/passwd.conf ; then
        umask 022
        echo "ssh" >> /etc/security/passwd.conf
 if ! grep -qs ssh /etc/security/passwd.conf ; then
        umask 022
        echo "ssh" >> /etc/security/passwd.conf


@@ -504,67 +646,135 @@ fi
 
 %preun server
 if [ "$1" = "0" ]; then
 
 %preun server
 if [ "$1" = "0" ]; then

-       if [ -f /var/lock/subsys/sshd ]; then
-               /etc/rc.d/init.d/sshd stop 1>&2
-       fi
+       %service sshd stop

        /sbin/chkconfig --del sshd
 fi
 
 %postun server
 if [ "$1" = "0" ]; then
        /sbin/chkconfig --del sshd
 fi
 
 %postun server
 if [ "$1" = "0" ]; then

-       /usr/sbin/userdel sshd
+       %userremove sshd
+fi
+
+%triggerpostun server -- %{name}-server < 5.9p1-1
+# lpk.patch to ldap.patch
+if grep -qE '^(UseLPK|Lpk)' %{_sysconfdir}/sshd_config; then
+       echo >&2 "Migrating LPK patch to LDAP patch"
+       cp -f %{_sysconfdir}/sshd_config{,.rpmorig}
+       %{__sed} -i -e '
+               # disable old configs
+               # just UseLPK/LkpLdapConf supported for now
+               s/^UseLPK/## Obsolete &/
+               s/^LPK/## Obsolete &/
+               # Enable new ones, assumes /etc/ldap.conf defaults, see HOWTO.ldap-keys
+               /UseLPK/iAuthorizedKeysCommand "%{_libexecdir}/ssh-ldap-wrapper"
+       ' %{_sysconfdir}/sshd_config
+fi
+
+%post server-upstart
+%upstart_post sshd
+
+%postun server-upstart
+%upstart_postun sshd
+
+%post -n openldap-schema-openssh-lpk
+%openldap_schema_register %{schemadir}/openssh-lpk.schema
+%service -q ldap restart
+
+%postun -n openldap-schema-openssh-lpk
+if [ "$1" = "0" ]; then
+       %openldap_schema_unregister %{schemadir}/openssh-lpk.schema
+       %service -q ldap restart

 fi
 
 %files
 %defattr(644,root,root,755)
 fi
 
 %files
 %defattr(644,root,root,755)

-%doc *.RNG TODO README OVERVIEW CREDITS Change*
+%doc TODO README OVERVIEW CREDITS Change*

 %attr(755,root,root) %{_bindir}/ssh-key*
 %attr(755,root,root) %{_bindir}/ssh-key*

+%attr(755,root,root) %{_bindir}/ssh-vulnkey*

 %{_mandir}/man1/ssh-key*.1*
 %{_mandir}/man1/ssh-key*.1*

+%{_mandir}/man1/ssh-vulnkey*.1*

 %dir %{_sysconfdir}
 %dir %{_sysconfdir}

+%dir %{_libexecdir}

 
 %files clients
 %defattr(644,root,root,755)
 
 %files clients
 %defattr(644,root,root,755)

-%doc connect.html
-%attr(0755,root,root) %{_bindir}/connect
-%attr(0755,root,root) %{_bindir}/ssh
-%attr(0755,root,root) %{_bindir}/slogin
-%attr(0755,root,root) %{_bindir}/sftp
-%attr(0755,root,root) %{_bindir}/ssh-agent
-%attr(0755,root,root) %{_bindir}/ssh-add
-%attr(0755,root,root) %{_bindir}/scp
-%config(noreplace) %verify(not md5 size mtime) %{_sysconfdir}/ssh_config
+%attr(755,root,root) %{_bindir}/ssh
+%attr(755,root,root) %{_bindir}/slogin
+%attr(755,root,root) %{_bindir}/sftp
+%attr(755,root,root) %{_bindir}/ssh-agent
+%attr(755,root,root) %{_bindir}/ssh-add
+%attr(755,root,root) %{_bindir}/ssh-copy-id
+%attr(755,root,root) %{_bindir}/scp
+%config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/ssh_config
+%config(noreplace,missingok) %verify(not md5 mtime size) /etc/env.d/SSH_ASKPASS

 %{_mandir}/man1/scp.1*
 %{_mandir}/man1/ssh.1*
 %{_mandir}/man1/slogin.1*
 %{_mandir}/man1/sftp.1*
 %{_mandir}/man1/ssh-agent.1*
 %{_mandir}/man1/ssh-add.1*
 %{_mandir}/man1/scp.1*
 %{_mandir}/man1/ssh.1*
 %{_mandir}/man1/slogin.1*
 %{_mandir}/man1/sftp.1*
 %{_mandir}/man1/ssh-agent.1*
 %{_mandir}/man1/ssh-add.1*

+%{_mandir}/man1/ssh-copy-id.1*

 %{_mandir}/man5/ssh_config.5*
 %{_mandir}/man5/ssh_config.5*

+%lang(it) %{_mandir}/it/man1/ssh.1*
+%lang(it) %{_mandir}/it/man5/ssh_config.5*
+%lang(pl) %{_mandir}/pl/man1/scp.1*
+%lang(zh_CN) %{_mandir}/zh_CN/man1/scp.1*

 
 # for host-based auth (suid required for accessing private host key)
 #%attr(4755,root,root) %{_libexecdir}/ssh-keysign
 #%{_mandir}/man8/ssh-keysign.8*
 
 
 # for host-based auth (suid required for accessing private host key)
 #%attr(4755,root,root) %{_libexecdir}/ssh-keysign
 #%{_mandir}/man8/ssh-keysign.8*
 

+%files clients-agent-profile_d
+%defattr(644,root,root,755)
+%config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/ssh-agent.conf
+%attr(755,root,root) /etc/profile.d/ssh-agent.sh
+
+%files clients-agent-xinitrc
+%defattr(644,root,root,755)
+%attr(755,root,root) /etc/X11/xinit/xinitrc.d/ssh-agent.sh
+

 %files server
 %defattr(644,root,root,755)
 %files server
 %defattr(644,root,root,755)

+%doc HOWTO.ldap-keys

 %attr(755,root,root) %{_sbindir}/sshd
 %attr(755,root,root) %{_libexecdir}/sftp-server
 %attr(755,root,root) %{_libexecdir}/ssh-keysign
 %attr(755,root,root) %{_sbindir}/sshd
 %attr(755,root,root) %{_libexecdir}/sftp-server
 %attr(755,root,root) %{_libexecdir}/ssh-keysign

-%dir %{_libexecdir}
+%attr(755,root,root) %{_libexecdir}/ssh-ldap-helper
+%attr(755,root,root) %{_libexecdir}/ssh-ldap-wrapper
+%attr(755,root,root) %{_libexecdir}/ssh-pkcs11-helper

 %{_mandir}/man8/sshd.8*
 %{_mandir}/man8/sftp-server.8*
 %{_mandir}/man8/ssh-keysign.8*
 %{_mandir}/man8/sshd.8*
 %{_mandir}/man8/sftp-server.8*
 %{_mandir}/man8/ssh-keysign.8*

+%{_mandir}/man8/ssh-ldap-helper.8*
+%{_mandir}/man8/ssh-pkcs11-helper.8*

 %{_mandir}/man5/sshd_config.5*
 %{_mandir}/man5/sshd_config.5*

-%attr(640,root,root) %config(noreplace) %verify(not md5 size mtime) %{_sysconfdir}/sshd_config
-%attr(640,root,root) %config(noreplace) %verify(not md5 size mtime) /etc/pam.d/sshd
+%{_mandir}/man5/ssh-ldap.conf.5*
+%{_mandir}/man5/moduli.5*
+%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/sshd_config
+%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/ldap.conf
+%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) /etc/pam.d/sshd

 %attr(640,root,root) %{_sysconfdir}/moduli
 %attr(754,root,root) /etc/rc.d/init.d/sshd
 %attr(640,root,root) %{_sysconfdir}/moduli
 %attr(754,root,root) /etc/rc.d/init.d/sshd

-%attr(640,root,root) %config(noreplace) %verify(not md5 size mtime) /etc/sysconfig/sshd
-%attr(640,root,root) %config(noreplace) %verify(not md5 size mtime) /etc/security/blacklist.sshd
+%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) /etc/sysconfig/sshd
+%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) /etc/security/blacklist.sshd

 
 %if %{with gnome} || %{with gtk}
 %files gnome-askpass
 %defattr(644,root,root,755)
 
 %if %{with gnome} || %{with gtk}
 %files gnome-askpass
 %defattr(644,root,root,755)

+%config(noreplace,missingok) %verify(not md5 mtime size) /etc/env.d/GNOME_SSH_ASKPASS*

 %dir %{_libexecdir}/ssh
 %attr(755,root,root) %{_libexecdir}/ssh/ssh-askpass
 %dir %{_libexecdir}/ssh
 %attr(755,root,root) %{_libexecdir}/ssh/ssh-askpass

+%attr(755,root,root) %{_libexecdir}/ssh-askpass
+%endif
+
+%if %{with ldap}
+%files -n openldap-schema-openssh-lpk
+%defattr(644,root,root,755)
+%{schemadir}/openssh-lpk.schema
+%endif
+
+%if "%{pld_release}" != "ti"
+%files server-upstart
+%defattr(644,root,root,755)
+%config(noreplace) %verify(not md5 mtime size) /etc/init/sshd.conf

 %endif
 %endif