X-Git-Url: http://git.pld-linux.org/?a=blobdiff_plain;f=openssh.spec;h=d7661d0cd32e64848891ea32f1c8e2472534c1cc;hb=141a04d1fdecda5efd3d0588eff5dd8b65ba3856;hp=8cd6de48025f9947be50945cc9ebe7e293dbff7e;hpb=163b394748a668e9bbbac07425223310d5aca4be;p=packages%2Fopenssh.git

diff --git a/openssh.spec b/openssh.spec
index 8cd6de4..d7661d0 100644
--- a/openssh.spec
+++ b/openssh.spec
@@ -1,3 +1,7 @@
+# TODO:
+# - add trigger to enable this:
+#  * sshd(8): This release turns on pre-auth sandboxing sshd by default for
+#   new installs, by setting UsePrivilegeSeparation=sandbox in sshd_config.
 #
 # Conditional build:
 %bcond_without	audit		# sshd audit support
@@ -30,13 +34,13 @@ Summary(pt_BR.UTF-8):	Implementação livre do SSH
 Summary(ru.UTF-8):	OpenSSH - свободная реализация протокола Secure Shell (SSH)
 Summary(uk.UTF-8):	OpenSSH - вільна реалізація протоколу Secure Shell (SSH)
 Name:		openssh
-Version:	6.0p1
+Version:	6.1p1
 Release:	2
 Epoch:		2
 License:	BSD
 Group:		Applications/Networking
 Source0:	ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/%{name}-%{version}.tar.gz
-# Source0-md5:	3c9347aa67862881c5da3f3b1c08da7b
+# Source0-md5:	3345cbf4efe90ffb06a78670ab2d05d5
 Source1:	http://www.mif.pg.gda.pl/homepages/ankry/man-PLD/%{name}-non-english-man-pages.tar.bz2
 # Source1-md5:	66943d481cc422512b537bcc2c7400d1
 Source2:	%{name}d.init
@@ -70,6 +74,7 @@ Patch11:	%{name}-chroot.patch
 Patch12:	%{name}-blacklist.diff
 Patch13:	%{name}-kuserok.patch
 Patch14:	%{name}-bind.patch
+Patch15:	%{name}-disable_ldap.patch
 URL:		http://www.openssh.com/portable.html
 BuildRequires:	%{__perl}
 %{?with_tests:BuildRequires:	%{name}-server}
@@ -89,7 +94,8 @@ BuildRequires:	pam-devel
 BuildRequires:	rpm >= 4.4.9-56
 BuildRequires:	rpmbuild(macros) >= 1.627
 BuildRequires:	sed >= 4.0
-BuildRequires:	zlib-devel
+BuildRequires:	zlib-devel >= 1.2.3
+Requires:	zlib >= 1.2.3
 %if "%{pld_release}" == "ac"
 Requires:	filesystem >= 2.0-1
 Requires:	pam >= 0.79.0
@@ -344,12 +350,13 @@ Requires(pre):	/usr/sbin/useradd
 Requires(post,preun,postun):	systemd-units >= 38
 Requires:	%{name} = %{epoch}:%{version}-%{release}
 # remove in 6.0, kept for flawless upgrade
-Requires:	%{name}-server-ldap = %{epoch}:%{version}-%{release}
+%{?with_ldap:Requires:	%{name}-server-ldap = %{epoch}:%{version}-%{release}}
 Requires:	pam >= %{pam_ver}
 Requires:	rc-scripts >= 0.4.3.0
 Requires:	systemd-units >= 38
 Requires:	util-linux
 Suggests:	/bin/login
+Suggests:	xorg-app-xauth
 Provides:	ssh-server
 Provides:	user(sshd)
 
@@ -534,6 +541,7 @@ openldap-a.
 %patch12 -p1
 %patch13 -p1
 %patch14 -p1
+%{!?with_ldap:%patch15 -p1}
 
 %if "%{pld_release}" == "ac"
 # fix for missing x11.pc
@@ -658,7 +666,7 @@ cat << 'EOF' > $RPM_BUILD_ROOT/etc/env.d/SSH_ASKPASS
 EOF
 
 %{__rm} $RPM_BUILD_ROOT%{_mandir}/README.openssh-non-english-man-pages
-%{__rm} $RPM_BUILD_ROOT%{_sysconfdir}/ldap.conf
+%{?with_ldap:%{__rm} $RPM_BUILD_ROOT%{_sysconfdir}/ldap.conf}
 
 %clean
 rm -rf $RPM_BUILD_ROOT
@@ -681,10 +689,6 @@ rm -rf $RPM_BUILD_ROOT
 %post server
 /sbin/chkconfig --add sshd
 %service sshd reload "OpenSSH Daemon"
-if ! grep -qs ssh /etc/security/passwd.conf ; then
-	umask 022
-	echo "ssh" >> /etc/security/passwd.conf
-fi
 NORESTART=1
 %systemd_post sshd.service
 
@@ -709,8 +713,8 @@ if grep -qE '^(UseLPK|Lpk)' %{_sysconfdir}/sshd_config; then
 	%{__sed} -i -e '
 		# disable old configs
 		# just UseLPK/LkpLdapConf supported for now
-		s/^UseLPK/## Obsolete &/
-		s/^Lpk/## Obsolete &/
+		s/^\s*UseLPK/## Obsolete &/
+		s/^\s*Lpk/## Obsolete &/
 		# Enable new ones, assumes /etc/ldap.conf defaults, see HOWTO.ldap-keys
 		/UseLPK/iAuthorizedKeysCommand %{_libexecdir}/ssh-ldap-wrapper
 	' %{_sysconfdir}/sshd_config