X-Git-Url: http://git.pld-linux.org/?a=blobdiff_plain;f=openssh.spec;h=905afa697aa741a4f3ce063a3488df5e0f54d6a1;hb=abb10822a8e67c3e7e6ab3b840bf8244784fe180;hp=c63d4fbb5555fa8fcefb61330d3d0b883c250a30;hpb=7a8301cf2b2039ea01646eb5a63c95c3752ce84d;p=packages%2Fopenssh.git diff --git a/openssh.spec b/openssh.spec index c63d4fb..905afa6 100644 --- a/openssh.spec +++ b/openssh.spec @@ -18,8 +18,17 @@ # gtk2-based gnome-askpass means no gnome1-based %{?with_gtk:%undefine with_gnome} +%ifnarch x32 +# libseccomp requires 3.5 kernel, avoid such requirement where possible (non-x32 arches) +%undefine with_libseccomp +%endif + %define sandbox %{?with_libseccomp:lib}seccomp_filter +%ifarch x32 +%{!?with_libseccomp:%error openssh seccomp implementation is broken! do not disable libseccomp on x32} +%endif + %if "%{pld_release}" == "ac" %define pam_ver 0.79.0 %else @@ -36,13 +45,13 @@ Summary(pt_BR.UTF-8): Implementação livre do SSH Summary(ru.UTF-8): OpenSSH - свободная реализация протокола Secure Shell (SSH) Summary(uk.UTF-8): OpenSSH - вільна реалізація протоколу Secure Shell (SSH) Name: openssh -Version: 6.8p1 +Version: 7.1p1 Release: 6 Epoch: 2 License: BSD Group: Applications/Networking Source0: ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/%{name}-%{version}.tar.gz -# Source0-md5: 08f72de6751acfbd0892b5f003922701 +# Source0-md5: 8709736bc8a8c253bc4eeb4829888ca5 Source1: http://www.mif.pg.gda.pl/homepages/ankry/man-PLD/%{name}-non-english-man-pages.tar.bz2 # Source1-md5: 66943d481cc422512b537bcc2c7400d1 Source2: %{name}d.init @@ -56,6 +65,7 @@ Source10: sshd-keygen Source11: sshd.socket Source12: sshd@.service Patch0: %{name}-no_libnsl.patch +Patch1: %{name}-tests-reuseport.patch Patch2: %{name}-pam_misc.patch Patch3: %{name}-sigpipe.patch # http://pkgs.fedoraproject.org/gitweb/?p=openssh.git;a=tree @@ -69,7 +79,6 @@ Patch8: ldap-helper-sigpipe.patch Patch9: %{name}-5.2p1-hpn13v6.diff Patch10: %{name}-include.patch Patch11: %{name}-chroot.patch - Patch14: %{name}-bind.patch Patch15: %{name}-disable_ldap.patch Patch16: libseccomp-sandbox.patch @@ -108,7 +117,6 @@ Requires: filesystem >= 3.0-11 Requires: pam >= %{pam_ver} Suggests: xorg-app-xauth %endif -%{?with_libseccomp:Requires: uname(release) >= 3.5} Obsoletes: ssh BuildRoot: %{tmpdir}/%{name}-%{version}-root-%(id -u -n) @@ -357,6 +365,7 @@ Requires: %{name} = %{epoch}:%{version}-%{release} Requires: pam >= %{pam_ver} Requires: rc-scripts >= 0.4.3.0 Requires: systemd-units >= 38 +%{?with_libseccomp:Requires: uname(release) >= 3.5} Requires: util-linux %{?with_ldap:Suggests: %{name}-server-ldap} Suggests: /bin/login @@ -522,6 +531,7 @@ openldap-a. %prep %setup -q %patch0 -p1 +%patch1 -p1 %patch2 -p1 %patch3 -p1 %patch4 -p1 @@ -587,7 +597,7 @@ echo '#define LOGIN_PROGRAM "/bin/login"' >>config.h %{__make} -%{?with_tests:%{__make} tests} +%{?with_tests:%{__make} -j1 tests} cd contrib %if %{with gnome} @@ -621,7 +631,8 @@ cp -p %{SOURCE7} $RPM_BUILD_ROOT%{schemadir} cp -p %{SOURCE9} %{SOURCE11} %{SOURCE12} $RPM_BUILD_ROOT%{systemdunitdir} install -p %{SOURCE10} $RPM_BUILD_ROOT%{_libexecdir}/sshd-keygen -%{__sed} -e 's|@@LIBEXECDIR@@|%{_libexecdir}|g' \ +%{__sed} -i -e 's|@@LIBEXECDIR@@|%{_libexecdir}|g' \ + $RPM_BUILD_ROOT/etc/rc.d/init.d/sshd \ $RPM_BUILD_ROOT%{systemdunitdir}/sshd.service \ $RPM_BUILD_ROOT%{_libexecdir}/sshd-keygen @@ -705,6 +716,16 @@ if [ "$1" = "0" ]; then fi %systemd_reload +%triggerpostun server -- %{name}-server < 2:7.0p1-2 +%banner %{name}-server -e << EOF +!!!!!!!!!!!!!!!!!!!!!!! WARNING !!!!!!!!!!!!!!!!!!! +! Starting from openssh 7.0 DSA keys are disabled ! +! on server and client side. You will NOT be able ! +! to use DSA keys for authentication. Please read ! +! about PubkeyAcceptedKeyTypes in man ssh_config. ! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +EOF + %triggerpostun server -- %{name}-server < 6.2p1-1 cp -f %{_sysconfdir}/sshd_config{,.rpmorig} sed -i -e 's#AuthorizedKeysCommandRunAs#AuthorizedKeysCommandUser##g' %{_sysconfdir}/sshd_config