#
# Conditional build:
%bcond_without audit # sshd audit support
-%bcond_with gnome # with gnome-askpass (GNOME 1.x) utility
-%bcond_without gtk # without GTK+ (2.x)
-%bcond_without ldap # with ldap support
-%bcond_without libedit # without libedit (editline/history support in sftp client)
-%bcond_without kerberos5 # without kerberos5 support
-%bcond_without selinux # build without SELinux support
+%bcond_with gnome # gnome-askpass (GNOME 1.x) utility
+%bcond_without gtk # gnome-askpass (GTK+ 2.x) utility
+%bcond_without ldap # LDAP support
+%bcond_with ldns # DNSSEC support via libldns
+%bcond_without libedit # libedit (editline/history support in sftp client)
+%bcond_without kerberos5 # Kerberos5 support
+%bcond_without selinux # SELinux support
%bcond_without libseccomp # use libseccomp for seccomp privsep (requires 3.5 kernel)
%bcond_with hpn # High Performance SSH/SCP - HPN-SSH including Cipher NONE (broken too often)
-%bcond_without tests
+%bcond_without tests # test suite
# gtk2-based gnome-askpass means no gnome1-based
%{?with_gtk:%undefine with_gnome}
Summary(ru.UTF-8): OpenSSH - свободная реализация протокола Secure Shell (SSH)
Summary(uk.UTF-8): OpenSSH - вільна реалізація протоколу Secure Shell (SSH)
Name: openssh
-Version: 7.4p1
+Version: 7.5p1
Release: 1
Epoch: 2
License: BSD
Group: Applications/Networking
Source0: http://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/%{name}-%{version}.tar.gz
-# Source0-md5: b2db2a83caf66a208bb78d6d287cdaa3
+# Source0-md5: 652fdc7d8392f112bef11cacf7e69e23
Source1: http://www.mif.pg.gda.pl/homepages/ankry/man-PLD/%{name}-non-english-man-pages.tar.bz2
# Source1-md5: 66943d481cc422512b537bcc2c7400d1
Source2: %{name}d.init
Source10: sshd-keygen
Source11: sshd.socket
Source12: sshd@.service
+Patch0: %{name}-ldns.patch
Patch1: %{name}-tests-reuseport.patch
Patch2: %{name}-pam_misc.patch
Patch3: %{name}-sigpipe.patch
%{?with_gnome:BuildRequires: gnome-libs-devel}
%{?with_gtk:BuildRequires: gtk+2-devel}
%{?with_kerberos5:BuildRequires: heimdal-devel >= 0.7}
+%{?with_ldns:BuildRequires: ldns-devel}
%{?with_libedit:BuildRequires: libedit-devel}
BuildRequires: libseccomp-devel
%{?with_selinux:BuildRequires: libselinux-devel}
%{?with_ldap:BuildRequires: openldap-devel}
-BuildRequires: openssl-devel >= 0.9.8f
+BuildRequires: openssl-devel >= 1.0.1
BuildRequires: pam-devel
%{?with_gtk:BuildRequires: pkgconfig}
BuildRequires: rpm >= 4.4.9-56
%prep
%setup -q
+%patch0 -p1
%patch1 -p1
%patch2 -p1
%patch3 -p1
%{__sed} -i -e 's,/usr/libexec/openssh/ssh-ldap-helper,%{_libexecdir}/ssh-ldap-helper,'
# prevent being ovewritten by aclocal calls
-mv aclocal.m4 acinclude.m4
+%{__mv} aclocal.m4 acinclude.m4
%build
cp /usr/share/automake/config.sub .
--with-ipaddr-display \
%{?with_kerberos5:--with-kerberos5=/usr} \
--with-ldap%{!?with_ldap:=no} \
+ %{?with_ldns:--with-ldns} \
%{?with_libedit:--with-libedit} \
--with-mantype=man \
--with-md5-passwords \