X-Git-Url: http://git.pld-linux.org/?a=blobdiff_plain;f=openssh.spec;h=17673c6c9ecca0daa617251eec68abd087433032;hb=35fc38a3cc76cfafb154b702b0f45293aeae10ca;hp=a0799c094fee6abf23acc1f06cf76fc21b025c2f;hpb=e63034364b49a7d940151fcd4b6575d4a754c1e8;p=packages%2Fopenssh.git diff --git a/openssh.spec b/openssh.spec index a0799c0..17673c6 100644 --- a/openssh.spec +++ b/openssh.spec @@ -15,6 +15,7 @@ %bcond_without libseccomp # use libseccomp for seccomp privsep (requires 3.5 kernel) %bcond_with hpn # High Performance SSH/SCP - HPN-SSH including Cipher NONE (broken too often) %bcond_without tests # test suite +%bcond_with tests_conch # run conch interoperability tests # gtk2-based gnome-askpass means no gnome1-based %{?with_gtk:%undefine with_gnome} @@ -35,13 +36,13 @@ Summary(pt_BR.UTF-8): Implementação livre do SSH Summary(ru.UTF-8): OpenSSH - свободная реализация протокола Secure Shell (SSH) Summary(uk.UTF-8): OpenSSH - вільна реалізація протоколу Secure Shell (SSH) Name: openssh -Version: 7.8p1 -Release: 3 +Version: 8.4p1 +Release: 2 Epoch: 2 License: BSD Group: Applications/Networking Source0: http://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/%{name}-%{version}.tar.gz -# Source0-md5: ce1d090fa6239fd38eb989d5e983b074 +# Source0-md5: 8f897870404c088e4aa7d1c1c58b526b Source1: http://www.mif.pg.gda.pl/homepages/ankry/man-PLD/%{name}-non-english-man-pages.tar.bz2 # Source1-md5: 66943d481cc422512b537bcc2c7400d1 Source2: %{name}d.init @@ -54,7 +55,7 @@ Source9: sshd.service Source10: sshd-keygen Source11: sshd.socket Source12: sshd@.service - +Patch0: %{name}-no-pty-tests.patch Patch1: %{name}-tests-reuseport.patch Patch2: %{name}-pam_misc.patch Patch3: %{name}-sigpipe.patch @@ -67,8 +68,10 @@ Patch8: ldap-helper-sigpipe.patch # High Performance SSH/SCP - HPN-SSH - http://www.psc.edu/networking/projects/hpn-ssh/ # http://www.psc.edu/networking/projects/hpn-ssh/openssh-5.2p1-hpn13v6.diff.gz Patch9: %{name}-5.2p1-hpn13v6.diff -Patch10: %{name}-include.patch + Patch11: %{name}-chroot.patch +Patch12: openssh-bug-2905.patch +Patch13: %{name}-skip-interop-tests.patch Patch14: %{name}-bind.patch Patch15: %{name}-disable_ldap.patch URL: http://www.openssh.com/portable.html @@ -81,12 +84,16 @@ BuildRequires: automake %{?with_kerberos5:BuildRequires: heimdal-devel >= 0.7} %{?with_ldns:BuildRequires: ldns-devel} %{?with_libedit:BuildRequires: libedit-devel} -BuildRequires: libseccomp-devel +BuildRequires: libfido2-devel >= 1.5.0 +%{?with_libseccomp:BuildRequires: libseccomp-devel} %{?with_selinux:BuildRequires: libselinux-devel} %{?with_ldap:BuildRequires: openldap-devel} -BuildRequires: openssl-devel >= 1.0.1 +BuildRequires: openssl-devel >= 1.1.0g BuildRequires: pam-devel %{?with_gtk:BuildRequires: pkgconfig} +%if %{with tests} && %{with tests_conch} +BuildRequires: python-TwistedConch +%endif BuildRequires: rpm >= 4.4.9-56 BuildRequires: rpmbuild(macros) >= 1.627 BuildRequires: sed >= 4.0 @@ -259,6 +266,7 @@ Summary(ru.UTF-8): OpenSSH - клиенты протокола Secure Shell Summary(uk.UTF-8): OpenSSH - клієнти протоколу Secure Shell Group: Applications/Networking Requires: %{name} +Suggests: %{name}-clients-helper-fido = %{epoch}:%{version}-%{release} Provides: ssh-clients Obsoletes: ssh-clients %requires_eq_to openssl openssl-devel @@ -332,6 +340,19 @@ xinitrc scripts for starting SSH agent. %description clients-agent-xinitrc -l pl.UTF-8 Skrypty xinitrc do uruchamiania agenta SSH. +%package clients-helper-fido +Summary: OpenSSH helper for FIDO authenticator +Summary(pl.UTF-8): OpenSSH helper obsługujący klucz autoryzujący FIDO +Group: Applications/Networking +Requires: %{name}-clients = %{epoch}:%{version}-%{release} +Requires: libfido2 >= 1.5.0 + +%description clients-helper-fido +OpenSSH helper for FIDO authenticator. + +%description clients-helper-fido -l pl.UTF-8 +OpenSSH helper obsługujący klucz autoryzujący FIDO. + %package server Summary: OpenSSH Secure Shell protocol server (sshd) Summary(de.UTF-8): OpenSSH Secure Shell Protocol-Server (sshd) @@ -520,7 +541,7 @@ openldap-a. %prep %setup -q - +%patch0 -p1 %patch1 -p1 %patch2 -p1 %patch3 -p1 @@ -531,8 +552,10 @@ openldap-a. %patch8 -p1 %{?with_hpn:%patch9 -p1} -%patch10 -p1 + %patch11 -p1 +%patch12 -p1 +%patch13 -p1 %patch14 -p1 %{!?with_ldap:%patch15 -p1} @@ -575,11 +598,16 @@ CPPFLAGS="%{rpmcppflags} -DCHROOT -std=gnu99" --with-pid-dir=%{_localstatedir}/run \ --with-privsep-path=%{_privsepdir} \ --with-privsep-user=sshd \ + --with-security-key-builtin \ %{?with_selinux:--with-selinux} \ %if "%{pld_release}" == "ac" --with-xauth=/usr/X11R6/bin/xauth %else +%if %{with libseccomp} --with-sandbox=seccomp_filter \ +%else + --with-sandbox=rlimit \ +%endif --with-xauth=%{_bindir}/xauth %endif @@ -587,7 +615,14 @@ echo '#define LOGIN_PROGRAM "/bin/login"' >>config.h %{__make} -%{?with_tests:%{__make} -j1 tests} +%if %{with tests} +%{__make} -j1 tests \ + TEST_SSH_PORT=$((4242 + ${RANDOM:-$$} % 1000)) \ + TEST_SSH_TRACE="yes" \ +%if %{without tests_conch} + SKIP_LTESTS="conch-ciphers" +%endif +%endif cd contrib %if %{with gnome} @@ -624,6 +659,7 @@ install -p %{SOURCE10} $RPM_BUILD_ROOT%{_libexecdir}/sshd-keygen %{__sed} -i -e 's|@@LIBEXECDIR@@|%{_libexecdir}|g' \ $RPM_BUILD_ROOT/etc/rc.d/init.d/sshd \ $RPM_BUILD_ROOT%{systemdunitdir}/sshd.service \ + $RPM_BUILD_ROOT%{systemdunitdir}/sshd@.service \ $RPM_BUILD_ROOT%{_libexecdir}/sshd-keygen %if %{with gnome} @@ -802,6 +838,11 @@ fi %defattr(644,root,root,755) %attr(755,root,root) /etc/X11/xinit/xinitrc.d/ssh-agent.sh +%files clients-helper-fido +%defattr(644,root,root,755) +%attr(755,root,root) %{_libexecdir}/ssh-sk-helper +%{_mandir}/man8/ssh-sk-helper.8* + %files server %defattr(644,root,root,755) %attr(755,root,root) %{_sbindir}/sshd @@ -817,7 +858,7 @@ fi %{_mandir}/man5/moduli.5* %attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/sshd_config %attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) /etc/pam.d/sshd -%attr(640,root,root) %{_sysconfdir}/moduli +%{_sysconfdir}/moduli %attr(754,root,root) /etc/rc.d/init.d/sshd %attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) /etc/sysconfig/sshd %attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) /etc/security/blacklist.sshd