X-Git-Url: http://git.pld-linux.org/?a=blobdiff_plain;f=openssh.spec;h=2cd6d4e0284f18cacc1da05d9cd3421f801077ff;hb=859d163f91c2326a9a18a5e066b8e4fcabb771fa;hp=291cda9f00953d4174a058585e6f67cc72c48220;hpb=8a7ba6eb85c1731534730b900260b5e82e04085f;p=packages%2Fopenssh.git

diff --git a/openssh.spec b/openssh.spec
index 291cda9..2cd6d4e 100644
--- a/openssh.spec
+++ b/openssh.spec
@@ -1,20 +1,24 @@
+# TODO
+# - configure: WARNING: unrecognized options: --with-dns, --disable-suid-ssh
 #
 # Conditional build:
-%bcond_without	chroot		# without chrooted user environment support
 %bcond_with	gnome		# with gnome-askpass (GNOME 1.x) utility
 %bcond_without	gtk		# without GTK+ (2.x)
-%bcond_with	ldap		# with ldap support
+%bcond_without	ldap		# with ldap support
 %bcond_without	libedit		# without libedit (editline/history support in sftp client)
 %bcond_without	kerberos5	# without kerberos5 support
 %bcond_without	selinux		# build without SELinux support
-%bcond_with	hpn		# with High Performance SSH/SCP - HPN-SSH (see patch comment)
-%bcond_with	hpn_none	# with hpn (above) and '-z' none cipher option
-#
-%if %{with hpn_none}
-%undefine	with_hpn
-%endif
+%bcond_with	hpn		# High Performance SSH/SCP - HPN-SSH including Cipher NONE (broken too often)
+
 # gtk2-based gnome-askpass means no gnome1-based
 %{?with_gtk:%undefine with_gnome}
+
+%if "%{pld_release}" == "ac"
+%define		pam_ver	0.79.0
+%else
+%define		pam_ver	0.99.7.1
+%endif
+
 Summary:	OpenSSH free Secure Shell (SSH) implementation
 Summary(de.UTF-8):	OpenSSH - freie Implementation der Secure Shell (SSH)
 Summary(es.UTF-8):	Implementación libre de SSH
@@ -26,42 +30,36 @@ Summary(pt_BR.UTF-8):	Implementação livre do SSH
 Summary(ru.UTF-8):	OpenSSH - свободная реализация протокола Secure Shell (SSH)
 Summary(uk.UTF-8):	OpenSSH - вільна реалізація протоколу Secure Shell (SSH)
 Name:		openssh
-Version:	4.6p1
-Release:	2%{?with_hpn:hpn}%{?with_hpn_none:hpn_none}
+Version:	5.5p1
+Release:	2
 Epoch:		2
 License:	BSD
 Group:		Applications/Networking
-Source0:	ftp://ftp.ca.openbsd.org/pub/OpenBSD/OpenSSH/portable/%{name}-%{version}.tar.gz
-# Source0-md5:	6a7fa99f44d9e1b5b04d15256e1405bb
-Source1:	%{name}d.conf
-Source2:	%{name}.conf
-Source3:	%{name}d.init
-Source4:	%{name}d.pamd
-Source5:	%{name}.sysconfig
-Source6:	passwd.pamd
-Source7:	http://www.mif.pg.gda.pl/homepages/ankry/man-PLD/%{name}-non-english-man-pages.tar.bz2
-# Source7-md5:	66943d481cc422512b537bcc2c7400d1
-Source11:	ssh-agent.sh
-Source12:	ssh-agent.conf
+Source0:	ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/%{name}-%{version}.tar.gz
+# Source0-md5:	88633408f4cb1eb11ec7e2ec58b519eb
+Source1:	http://www.mif.pg.gda.pl/homepages/ankry/man-PLD/%{name}-non-english-man-pages.tar.bz2
+# Source1-md5:	66943d481cc422512b537bcc2c7400d1
+Source2:	%{name}d.init
+Source3:	%{name}d.pamd
+Source4:	%{name}.sysconfig
+Source5:	ssh-agent.sh
+Source6:	ssh-agent.conf
+Source7:	%{name}-lpk.schema
+Patch100:	%{name}-heimdal.patch
 Patch0:		%{name}-no_libnsl.patch
-Patch2:		%{name}-linux-ipv6.patch
-Patch3:		%{name}-pam_misc.patch
-Patch4:		%{name}-sigpipe.patch
-# http://www.opendarwin.org/projects/openssh-lpk/
-Patch5:		%{name}-lpk-4.3p1-0.3.7.patch
-Patch6:		%{name}-heimdal.patch
-Patch7:		%{name}-pam-conv.patch
-# http://chrootssh.sourceforge.net/download/osshChroot-3.7.1p2.diff
-Patch8:		%{name}-chroot.patch
-Patch9:		%{name}-selinux.patch
-# HPN patches rediffed due sigpipe patch.
+Patch2:		%{name}-pam_misc.patch
+Patch3:		%{name}-sigpipe.patch
+# http://code.google.com/p/openssh-lpk/
+Patch4:		%{name}-lpk.patch
+Patch5:		%{name}-config.patch
+Patch7:		%{name}-selinux.patch
 # High Performance SSH/SCP - HPN-SSH - http://www.psc.edu/networking/projects/hpn-ssh/
-# http://www.psc.edu/networking/projects/hpn-ssh/openssh-4.2p1-hpn11.diff
-Patch10:	%{name}-4.3p1-hpn11.patch
-# Adds HPN (see p11) and an undocumented -z none cipher flag
-# http://www.psc.edu/networking/projects/hpn-ssh/openssh-4.2p1-hpn11-none.diff
-Patch11:	%{name}-4.3p1-hpn11-none.patch
-Patch12:	%{name}-include.patch
+# http://www.psc.edu/networking/projects/hpn-ssh/openssh-5.2p1-hpn13v6.diff.gz
+Patch9:		%{name}-5.2p1-hpn13v6.diff
+Patch10:	%{name}-include.patch
+Patch11:	%{name}-chroot.patch
+# http://people.debian.org/~cjwatson/%{name}-blacklist.diff
+Patch12:	%{name}-blacklist.diff
 URL:		http://www.openssh.com/
 BuildRequires:	%{__perl}
 BuildRequires:	autoconf
@@ -76,16 +74,26 @@ BuildRequires:	libwrap-devel
 BuildRequires:	openssl-devel >= 0.9.7d
 BuildRequires:	pam-devel
 %{?with_gtk:BuildRequires:	pkgconfig}
+BuildRequires:	rpm >= 4.4.9-56
 BuildRequires:	rpmbuild(macros) >= 1.318
+BuildRequires:	sed >= 4.0
 BuildRequires:	zlib-devel
+%if "%{pld_release}" == "ac"
+Requires:	filesystem >= 2.0-1
+Requires:	pam >= 0.79.0
+%else
 Requires:	filesystem >= 3.0-11
-Requires:	pam >= 0.99.7.1
+Requires:	pam >= %{pam_ver}
+Suggests:	openssh-blacklist
+Suggests:	xorg-app-xauth
+%endif
 Obsoletes:	ssh
 BuildRoot:	%{tmpdir}/%{name}-%{version}-root-%(id -u -n)
 
 %define		_sysconfdir	/etc/ssh
 %define		_libexecdir	%{_libdir}/%{name}
 %define		_privsepdir	/usr/share/empty
+%define		schemadir	/usr/share/openldap/schema
 
 %description
 Ssh (Secure Shell) a program for logging into a remote machine and for
@@ -101,22 +109,14 @@ all patented algorithms to seperate libraries (OpenSSL).
 This package includes the core files necessary for both the OpenSSH
 client and server. To make this package useful, you should also
 install openssh-clients, openssh-server, or both.
-%if %{with hpn} || %{with hpn_none}
+
+%if %{with hpn}
 This release includes High Performance SSH/SCP patches from
-http://www.psc.edu/networking/projects/hpn-ssh/ which are supposed
-to increase throughput on fast connections with high RTT (20-150 msec).
+http://www.psc.edu/networking/projects/hpn-ssh/ which are supposed to
+increase throughput on fast connections with high RTT (20-150 msec).
 See the website for '-w' values for your connection and /proc/sys TCP
 values. BTW. in a LAN you have got generally RTT < 1 msec.
 %endif
-%if %{with hpn_none}
-It also includes an undocumented '-z' option which switches
-the cipher to none after authentication is completed. Data is
-still secured from tampering and corruption in transit through
-the use of the Message Authentication Code (MAC).
-This option will significantly reduce the number of cpu cycles used
-by the SSH/SCP process. This may allow some users to see significant
-improvement in (sniffable) data tranfer rates.
-%endif
 
 %description -l de.UTF-8
 OpenSSH (Secure Shell) stellt den Zugang zu anderen Rechnern her. Es
@@ -165,22 +165,14 @@ pomiędzy dwoma hostami.
 Ten pakiet zawiera podstawowe pliki potrzebne zarówno po stronie
 klienta jak i serwera OpenSSH. Aby był użyteczny, trzeba zainstalować
 co najmniej jeden z pakietów: openssh-clients lub openssh-server.
-%if %{with hpn} || %{with hpn_none}
+
+%if %{with hpn}
 Ta wersja zawiera łaty z projektu High Performance SSH/SCP
 http://www.psc.edu/networking/projects/hpn-ssh/, które mają na celu
-zwiększenie przepustowości transmisji dla szybkich połączeń
-z dużym RTT (20-150 msec). Na stronie projektu znaleźć można
-odpowednie dla danego połączenia wartości parametru '-w' oraz
-opcje /proc/sys dla TCP. Nawiasem mówiąc w sieciach LAN RTT < 1 msec.
-%endif
-%if %{with hpn_none}
-Obsługiwana jest również nieudokumentowana opcja '-z' odpowiedzialna
-za wyłączenie szyfrowania danych po zakończeniu procesu uwierzytelniania.
-Dane są zabezpieczone przed modyfikacją lub uszkodzeniem przez
-stosowanie Message Authentication Code (MAC).
-Opcja ta znacznie redukuje liczbę cykli procesora zużywanych przez
-procesy SSH/SCP. W wybranych zastosowaniach może ona wpłynąć
-na wyraźne przyspieszenie (podsłuchiwalnej) transmisji danych.
+zwiększenie przepustowości transmisji dla szybkich połączeń z dużym
+RTT (20-150 msec). Na stronie projektu znaleźć można odpowednie dla
+danego połączenia wartości parametru '-w' oraz opcje /proc/sys dla
+TCP. Nawiasem mówiąc w sieciach LAN RTT < 1 msec.
 %endif
 
 %description -l pt.UTF-8
@@ -246,7 +238,7 @@ Summary(pt_BR.UTF-8):	Clientes do OpenSSH
 Summary(ru.UTF-8):	OpenSSH - клиенты протокола Secure Shell
 Summary(uk.UTF-8):	OpenSSH - клієнти протоколу Secure Shell
 Group:		Applications/Networking
-Requires:	%{name} = %{epoch}:%{version}-%{release}
+Requires:	%{name}
 Provides:	ssh-clients
 Obsoletes:	ssh-clients
 
@@ -296,16 +288,16 @@ Ssh (Secure Shell) - це програма для "заходу" (login) до в
 
 %package clients-agent-profile_d
 Summary:	OpenSSH Secure Shell agent init script
-Summary(pl.UTF-8):	Skrypt
-Summary(pt_BR.UTF-8):	Clientes do OpenSSH
-Summary(ru.UTF-8):	OpenSSH - клиенты протокола Secure Shell
-Summary(uk.UTF-8):	OpenSSH - клієнти протоколу Secure Shell
+Summary(pl.UTF-8):	Skrypt startowy agenta OpenSSH
 Group:		Applications/Networking
 Requires:	%{name}-clients = %{epoch}:%{version}-%{release}
 
 %description clients-agent-profile_d
 profile.d scripts for starting SSH agent.
 
+%description clients-agent-profile_d -l pl.UTF-8
+Skrypty profile.d do uruchamiania agenta SSH.
+
 %package clients-agent-xinitrc
 Summary:	OpenSSH Secure Shell agent init script
 Summary(pl.UTF-8):	Skrypt inicjujący agenta ssh przez xinitrc
@@ -316,6 +308,8 @@ Requires:	xinitrc
 %description clients-agent-xinitrc
 xinitrc scripts for starting SSH agent.
 
+%description clients-agent-xinitrc -l pl.UTF-8
+Skrypty xinitrc do uruchamiania agenta SSH.
 
 %package server
 Summary:	OpenSSH Secure Shell protocol server (sshd)
@@ -329,17 +323,17 @@ Summary(pt_BR.UTF-8):	Servidor OpenSSH para comunicações encriptadas
 Summary(ru.UTF-8):	OpenSSH - сервер протокола Secure Shell (sshd)
 Summary(uk.UTF-8):	OpenSSH - сервер протоколу Secure Shell (sshd)
 Group:		Networking/Daemons
-Requires(post):	chkconfig >= 0.9
+Requires(post):	/sbin/chkconfig
 Requires(post):	grep
 Requires(post,preun):	/sbin/chkconfig
 Requires(postun):	/usr/sbin/userdel
 Requires(pre):	/bin/id
 Requires(pre):	/usr/sbin/useradd
 Requires:	%{name} = %{epoch}:%{version}-%{release}
-Requires:	/bin/login
-Requires:	pam >= 0.99.7.1
-Requires:	rc-scripts >= 0.4.0.18
+Requires:	pam >= %{pam_ver}
+Requires:	rc-scripts >= 0.4.1.23
 Requires:	util-linux
+Suggests:	/bin/login
 Provides:	ssh-server
 Provides:	user(sshd)
 
@@ -465,26 +459,44 @@ Ssh (Secure Shell) - це програма для "заходу" (login) до в
 Цей пакет містить діалог вводу ключової фрази для використання під
 GNOME.
 
+%package -n openldap-schema-openssh-lpk
+Summary:	OpenSSH LDAP Public Key schema
+Summary(pl.UTF-8):	Schemat klucza publicznego LDAP dla OpenSSH
+Group:		Networking/Daemons
+Requires(post,postun):	sed >= 4.0
+Requires:	openldap-servers
+
+%description -n openldap-schema-openssh-lpk
+This package contains OpenSSH LDAP Public Key schema for openldap.
+
+%description -n openldap-schema-openssh-lpk -l pl.UTF-8
+Ten pakiet zawiera schemat klucza publicznego LDAP dla OpenSSH dla
+openldap-a.
+
 %prep
 %setup -q
+%{?with_kerberos5:%patch100 -p1}
 %patch0 -p1
 %patch2 -p1
 %patch3 -p1
-%patch4 -p1
-%{?with_ldap:%patch5 -p1}
-%{?with_kerberos5:%patch6 -p1}
-#%patch7 -p1
-%patch8 -p1
-%patch9 -p1
-%{?with_hpn:%patch10 -p1}
-%{?with_hpn_none:%patch11 -p1}
+%{?with_ldap:%patch4 -p1}
+%patch5 -p1
+%patch7 -p1
+%{?with_hpn:%patch9 -p1}
+%patch10 -p1
+%patch11 -p1
 %patch12 -p1
 
+%if "%{pld_release}" == "ac"
+# fix for missing x11.pc
+%{__sed} -i -e '/pkg-config/s/ x11//' contrib/Makefile
+%endif
+
 %build
 cp /usr/share/automake/config.sub .
 %{__aclocal}
 %{__autoconf}
-%{?with_chroot:CPPFLAGS="-DCHROOT"}
+CPPFLAGS="-DCHROOT"
 %configure \
 	PERL=%{__perl} \
 	--with-dns \
@@ -498,10 +510,14 @@ cp /usr/share/automake/config.sub .
 	--with-tcp-wrappers \
 	%{?with_ldap:--with-libs="-lldap -llber"} \
 	%{?with_ldap:--with-cppflags="-DWITH_LDAP_PUBKEY"} \
-	%{?with_kerberos5:--with-kerberos5} \
+	%{?with_kerberos5:--with-kerberos5=/usr} \
 	--with-privsep-path=%{_privsepdir} \
 	--with-pid-dir=%{_localstatedir}/run \
+%if "%{pld_release}" == "ac"
+	--with-xauth=/usr/X11R6/bin/xauth \
+%else
 	--with-xauth=/usr/bin/xauth \
+%endif
 	--enable-utmpx \
 	--enable-wtmpx
 
@@ -522,23 +538,21 @@ cd contrib
 %install
 rm -rf $RPM_BUILD_ROOT
 install -d $RPM_BUILD_ROOT{%{_sysconfdir},/etc/{pam.d,rc.d/init.d,sysconfig,security,env.d}} \
-	$RPM_BUILD_ROOT%{_libexecdir}/ssh
+	$RPM_BUILD_ROOT{%{_libexecdir}/ssh,%{schemadir}}
 install -d $RPM_BUILD_ROOT/etc/{profile.d,X11/xinit/xinitrc.d}
 
 %{__make} install \
 	DESTDIR=$RPM_BUILD_ROOT
 
-install %{SOURCE4} $RPM_BUILD_ROOT/etc/pam.d/sshd
-install %{SOURCE6} $RPM_BUILD_ROOT/etc/pam.d/passwdssh
-install %{SOURCE5} $RPM_BUILD_ROOT/etc/sysconfig/sshd
-install %{SOURCE3} $RPM_BUILD_ROOT/etc/rc.d/init.d/sshd
-install %{SOURCE2} $RPM_BUILD_ROOT%{_sysconfdir}/ssh_config
-install %{SOURCE1} $RPM_BUILD_ROOT%{_sysconfdir}/sshd_config
-install %{SOURCE11} $RPM_BUILD_ROOT/etc/profile.d
-ln -sf	/etc/profile.d/ssh-agent.sh $RPM_BUILD_ROOT/etc/X11/xinit/xinitrc.d/ssh-agent.sh
-install %{SOURCE12} $RPM_BUILD_ROOT%{_sysconfdir}
+bzip2 -dc %{SOURCE1} | tar xf - -C $RPM_BUILD_ROOT%{_mandir}
 
-bzip2 -dc %{SOURCE7} | tar xf - -C $RPM_BUILD_ROOT%{_mandir}
+install %{SOURCE2} $RPM_BUILD_ROOT/etc/rc.d/init.d/sshd
+install %{SOURCE3} $RPM_BUILD_ROOT/etc/pam.d/sshd
+install %{SOURCE4} $RPM_BUILD_ROOT/etc/sysconfig/sshd
+install %{SOURCE5} $RPM_BUILD_ROOT/etc/profile.d
+ln -sf	/etc/profile.d/ssh-agent.sh $RPM_BUILD_ROOT/etc/X11/xinit/xinitrc.d/ssh-agent.sh
+install %{SOURCE6} $RPM_BUILD_ROOT%{_sysconfdir}
+install %{SOURCE7} $RPM_BUILD_ROOT%{schemadir}
 
 %if %{with gnome}
 install contrib/gnome-ssh-askpass1 $RPM_BUILD_ROOT%{_libexecdir}/ssh/ssh-askpass
@@ -547,28 +561,30 @@ install contrib/gnome-ssh-askpass1 $RPM_BUILD_ROOT%{_libexecdir}/ssh/ssh-askpass
 install contrib/gnome-ssh-askpass2 $RPM_BUILD_ROOT%{_libexecdir}/ssh/ssh-askpass
 %endif
 %if %{with gnome} || %{with gtk}
-cat << EOF >$RPM_BUILD_ROOT/etc/env.d/GNOME_SSH_ASKPASS_GRAB_SERVER
+cat << 'EOF' >$RPM_BUILD_ROOT/etc/env.d/GNOME_SSH_ASKPASS_GRAB_SERVER
 #GNOME_SSH_ASKPASS_GRAB_SERVER="true"
 EOF
-cat << EOF >$RPM_BUILD_ROOT/etc/env.d/GNOME_SSH_ASKPASS_GRAB_POINTER
+cat << 'EOF' >$RPM_BUILD_ROOT/etc/env.d/GNOME_SSH_ASKPASS_GRAB_POINTER
 #GNOME_SSH_ASKPASS_GRAB_POINTER="true"
 EOF
 ln -s %{_libexecdir}/ssh/ssh-askpass $RPM_BUILD_ROOT%{_libexecdir}/ssh-askpass
 %endif
 
+install contrib/ssh-copy-id $RPM_BUILD_ROOT%{_bindir}
+install contrib/ssh-copy-id.1 $RPM_BUILD_ROOT%{_mandir}/man1
+
 rm -f	$RPM_BUILD_ROOT%{_mandir}/man1/slogin.1
 echo ".so ssh.1" > $RPM_BUILD_ROOT%{_mandir}/man1/slogin.1
 
 touch $RPM_BUILD_ROOT/etc/security/blacklist.sshd
 
-%if "%{_lib}" != "lib"
-find $RPM_BUILD_ROOT%{_sysconfdir} -type f -print0 | xargs -0 sed -i -e 's#%{_prefix}/lib#%{_libdir}#'
-%endif
-
 cat << 'EOF' > $RPM_BUILD_ROOT/etc/env.d/SSH_ASKPASS
 #SSH_ASKPASS="%{_libexecdir}/ssh-askpass"
 EOF
 
+rm -f $RPM_BUILD_ROOT%{_datadir}/Ssh.bin # ???
+rm -f $RPM_BUILD_ROOT%{_mandir}/README.openssh-non-english-man-pages
+
 %clean
 rm -rf $RPM_BUILD_ROOT
 
@@ -606,11 +622,23 @@ if [ "$1" = "0" ]; then
 	%userremove sshd
 fi
 
+%post -n openldap-schema-openssh-lpk
+%openldap_schema_register %{schemadir}/openssh-lpk.schema
+%service -q ldap restart
+
+%postun -n openldap-schema-openssh-lpk
+if [ "$1" = "0" ]; then
+	%openldap_schema_unregister %{schemadir}/openssh-lpk.schema
+	%service -q ldap restart
+fi
+
 %files
 %defattr(644,root,root,755)
 %doc *.RNG TODO README OVERVIEW CREDITS Change*
 %attr(755,root,root) %{_bindir}/ssh-key*
+%attr(755,root,root) %{_bindir}/ssh-vulnkey*
 %{_mandir}/man1/ssh-key*.1*
+%{_mandir}/man1/ssh-vulnkey*.1*
 %dir %{_sysconfdir}
 %dir %{_libexecdir}
 
@@ -621,6 +649,7 @@ fi
 %attr(755,root,root) %{_bindir}/sftp
 %attr(755,root,root) %{_bindir}/ssh-agent
 %attr(755,root,root) %{_bindir}/ssh-add
+%attr(755,root,root) %{_bindir}/ssh-copy-id
 %attr(755,root,root) %{_bindir}/scp
 %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/ssh_config
 %config(noreplace,missingok) %verify(not md5 mtime size) /etc/env.d/SSH_ASKPASS
@@ -630,6 +659,7 @@ fi
 %{_mandir}/man1/sftp.1*
 %{_mandir}/man1/ssh-agent.1*
 %{_mandir}/man1/ssh-add.1*
+%{_mandir}/man1/ssh-copy-id.1*
 %{_mandir}/man5/ssh_config.5*
 %lang(it) %{_mandir}/it/man1/ssh.1*
 %lang(it) %{_mandir}/it/man5/ssh_config.5*
@@ -654,10 +684,13 @@ fi
 %attr(755,root,root) %{_sbindir}/sshd
 %attr(755,root,root) %{_libexecdir}/sftp-server
 %attr(755,root,root) %{_libexecdir}/ssh-keysign
+%attr(755,root,root) %{_libexecdir}/ssh-pkcs11-helper
 %{_mandir}/man8/sshd.8*
 %{_mandir}/man8/sftp-server.8*
 %{_mandir}/man8/ssh-keysign.8*
+%{_mandir}/man8/ssh-pkcs11-helper.8*
 %{_mandir}/man5/sshd_config.5*
+%{_mandir}/man5/moduli.5*
 %attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/sshd_config
 %attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) /etc/pam.d/sshd
 %attr(640,root,root) %{_sysconfdir}/moduli
@@ -673,3 +706,9 @@ fi
 %attr(755,root,root) %{_libexecdir}/ssh/ssh-askpass
 %attr(755,root,root) %{_libexecdir}/ssh-askpass
 %endif
+
+%if %{with ldap}
+%files -n openldap-schema-openssh-lpk
+%defattr(644,root,root,755)
+%{schemadir}/openssh-lpk.schema
+%endif