-#
-# TODO:
-# - check this:
-# http://securitytracker.com/alerts/2008/Nov/1021235.html (CVE-2008-5161)
-#
# Conditional build:
%bcond_with gnome # with gnome-askpass (GNOME 1.x) utility
%bcond_without gtk # without GTK+ (2.x)
-%bcond_with ldap # with ldap support
+%bcond_without ldap # with ldap support
%bcond_without libedit # without libedit (editline/history support in sftp client)
%bcond_without kerberos5 # without kerberos5 support
%bcond_without selinux # build without SELinux support
Summary(uk.UTF-8): OpenSSH - вільна реалізація протоколу Secure Shell (SSH)
Name: openssh
Version: 5.2p1
-Release: 1
+Release: 6
Epoch: 2
License: BSD
Group: Applications/Networking
Source4: %{name}.sysconfig
Source5: ssh-agent.sh
Source6: ssh-agent.conf
+Source7: %{name}-lpk.schema
Patch0: %{name}-no_libnsl.patch
Patch2: %{name}-pam_misc.patch
Patch3: %{name}-sigpipe.patch
-# http://www.opendarwin.org/projects/openssh-lpk/
-Patch4: %{name}-lpk-4.3p1-0.3.7.patch
+# http://code.google.com/p/openssh-lpk/
+Patch4: %{name}-lpk.patch
Patch5: %{name}-config.patch
Patch7: %{name}-selinux.patch
# High Performance SSH/SCP - HPN-SSH - http://www.psc.edu/networking/projects/hpn-ssh/
-# http://www.psc.edu/networking/projects/hpn-ssh/openssh-4.9p1-hpn13v2.diff.gz
-Patch9: %{name}-5.0p1-hpn13v4.diff
+# http://www.psc.edu/networking/projects/hpn-ssh/openssh-5.2p1-hpn13v6.diff.gz
+Patch9: %{name}-5.2p1-hpn13v6.diff
Patch10: %{name}-include.patch
Patch11: %{name}-chroot.patch
Patch12: http://people.debian.org/~cjwatson/%{name}-blacklist.diff
BuildRequires: automake
%{?with_gnome:BuildRequires: gnome-libs-devel}
%{?with_gtk:BuildRequires: gtk+2-devel}
-%{?with_kerberos5:BuildRequires: krb5-devel}
+%{?with_kerberos5:BuildRequires: heimdal-devel}
%{?with_libedit:BuildRequires: libedit-devel}
%{?with_selinux:BuildRequires: libselinux-devel}
BuildRequires: libwrap-devel
%define _sysconfdir /etc/ssh
%define _libexecdir %{_libdir}/%{name}
%define _privsepdir /usr/share/empty
+%define schemadir /usr/share/openldap/schema
%description
Ssh (Secure Shell) a program for logging into a remote machine and for
This package includes the core files necessary for both the OpenSSH
client and server. To make this package useful, you should also
install openssh-clients, openssh-server, or both.
-%if %{with hpn} || %{with hpn_none}
+%if %{with hpn}
This release includes High Performance SSH/SCP patches from
http://www.psc.edu/networking/projects/hpn-ssh/ which are supposed
to increase throughput on fast connections with high RTT (20-150 msec).
See the website for '-w' values for your connection and /proc/sys TCP
values. BTW. in a LAN you have got generally RTT < 1 msec.
%endif
-%if %{with hpn_none}
-It also includes an undocumented '-z' option which switches
-the cipher to none after authentication is completed. Data is
-still secured from tampering and corruption in transit through
-the use of the Message Authentication Code (MAC).
-This option will significantly reduce the number of cpu cycles used
-by the SSH/SCP process. This may allow some users to see significant
-improvement in (sniffable) data tranfer rates.
-%endif
%description -l de.UTF-8
OpenSSH (Secure Shell) stellt den Zugang zu anderen Rechnern her. Es
Ten pakiet zawiera podstawowe pliki potrzebne zarówno po stronie
klienta jak i serwera OpenSSH. Aby był użyteczny, trzeba zainstalować
co najmniej jeden z pakietów: openssh-clients lub openssh-server.
-%if %{with hpn} || %{with hpn_none}
+%if %{with hpn}
Ta wersja zawiera łaty z projektu High Performance SSH/SCP
http://www.psc.edu/networking/projects/hpn-ssh/, które mają na celu
zwiększenie przepustowości transmisji dla szybkich połączeń
odpowednie dla danego połączenia wartości parametru '-w' oraz
opcje /proc/sys dla TCP. Nawiasem mówiąc w sieciach LAN RTT < 1 msec.
%endif
-%if %{with hpn_none}
-Obsługiwana jest również nieudokumentowana opcja '-z' odpowiedzialna
-za wyłączenie szyfrowania danych po zakończeniu procesu uwierzytelniania.
-Dane są zabezpieczone przed modyfikacją lub uszkodzeniem przez
-stosowanie Message Authentication Code (MAC).
-Opcja ta znacznie redukuje liczbę cykli procesora zużywanych przez
-procesy SSH/SCP. W wybranych zastosowaniach może ona wpłynąć
-na wyraźne przyspieszenie (podsłuchiwalnej) transmisji danych.
-%endif
%description -l pt.UTF-8
OpenSSH (Secure Shell) fornece acesso a um sistema remoto. Substitui o
Summary(ru.UTF-8): OpenSSH - клиенты протокола Secure Shell
Summary(uk.UTF-8): OpenSSH - клієнти протоколу Secure Shell
Group: Applications/Networking
-Requires: %{name} = %{epoch}:%{version}-%{release}
+Requires: %{name}
Provides: ssh-clients
Obsoletes: ssh-clients
Requires(pre): /bin/id
Requires(pre): /usr/sbin/useradd
Requires: %{name} = %{epoch}:%{version}-%{release}
-Requires: /bin/login
Requires: pam >= 0.99.7.1
Requires: rc-scripts >= 0.4.1.23
Requires: util-linux
+Suggests: /bin/login
Provides: ssh-server
Provides: user(sshd)
Цей пакет містить діалог вводу ключової фрази для використання під
GNOME.
+%package -n openldap-schema-openssh-lpk
+Summary: OpenSSH LDAP Public Key schema
+Summary(pl.UTF-8): Schemat klucza publicznego LDAP dla OpenSSH
+Group: Networking/Daemons
+Requires(post,postun): sed >= 4.0
+Requires: openldap-servers
+
+%description -n openldap-schema-openssh-lpk
+This package contains OpenSSH LDAP Public Key schema for openldap.
+
+%description -n openldap-schema-openssh-lpk -l pl.UTF-8
+Ten pakiet zawiera schemat klucza publicznego LDAP dla OpenSSH dla
+openldap-a.
+
%prep
%setup -q
%patch0 -p1
%install
rm -rf $RPM_BUILD_ROOT
install -d $RPM_BUILD_ROOT{%{_sysconfdir},/etc/{pam.d,rc.d/init.d,sysconfig,security,env.d}} \
- $RPM_BUILD_ROOT%{_libexecdir}/ssh
+ $RPM_BUILD_ROOT{%{_libexecdir}/ssh,%{schemadir}}
install -d $RPM_BUILD_ROOT/etc/{profile.d,X11/xinit/xinitrc.d}
%{__make} install \
install %{SOURCE5} $RPM_BUILD_ROOT/etc/profile.d
ln -sf /etc/profile.d/ssh-agent.sh $RPM_BUILD_ROOT/etc/X11/xinit/xinitrc.d/ssh-agent.sh
install %{SOURCE6} $RPM_BUILD_ROOT%{_sysconfdir}
+install %{SOURCE7} $RPM_BUILD_ROOT%{schemadir}
%if %{with gnome}
install contrib/gnome-ssh-askpass1 $RPM_BUILD_ROOT%{_libexecdir}/ssh/ssh-askpass
%userremove sshd
fi
+%post -n openldap-schema-openssh-lpk
+%openldap_schema_register %{schemadir}/openssh-lpk.schema
+%service -q ldap restart
+
+%postun -n openldap-schema-openssh-lpk
+if [ "$1" = "0" ]; then
+ %openldap_schema_unregister %{schemadir}/openssh-lpk.schema
+ %service -q ldap restart
+fi
+
%files
%defattr(644,root,root,755)
%doc *.RNG TODO README OVERVIEW CREDITS Change*
%attr(755,root,root) %{_libexecdir}/ssh/ssh-askpass
%attr(755,root,root) %{_libexecdir}/ssh-askpass
%endif
+
+%if %{with ldap}
+%files -n openldap-schema-openssh-lpk
+%defattr(644,root,root,755)
+%{schemadir}/openssh-lpk.schema
+%endif
projects / packages / openssh.git / blobdiff