%else
%define pam_ver 1:1.1.5-5
%endif
-
Summary: OpenSSH free Secure Shell (SSH) implementation
Summary(de.UTF-8): OpenSSH - freie Implementation der Secure Shell (SSH)
Summary(es.UTF-8): Implementación libre de SSH
Summary(ru.UTF-8): OpenSSH - свободная реализация протокола Secure Shell (SSH)
Summary(uk.UTF-8): OpenSSH - вільна реалізація протоколу Secure Shell (SSH)
Name: openssh
-Version: 6.1p1
-Release: 2
+Version: 6.5p1
+Release: 0.1
Epoch: 2
License: BSD
Group: Applications/Networking
Source0: ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/%{name}-%{version}.tar.gz
-# Source0-md5: 3345cbf4efe90ffb06a78670ab2d05d5
+# Source0-md5: a084e7272b8cbd25afe0f5dce4802fef
Source1: http://www.mif.pg.gda.pl/homepages/ankry/man-PLD/%{name}-non-english-man-pages.tar.bz2
# Source1-md5: 66943d481cc422512b537bcc2c7400d1
Source2: %{name}d.init
Source10: sshd-keygen
Source11: sshd.socket
Source12: sshd@.service
-Patch100: %{name}-heimdal.patch
Patch0: %{name}-no_libnsl.patch
Patch2: %{name}-pam_misc.patch
Patch3: %{name}-sigpipe.patch
# http://pkgs.fedoraproject.org/gitweb/?p=openssh.git;a=tree
-Patch4: %{name}-5.9p1-ldap.patch
-Patch5: %{name}-5.9p1-ldap-fixes.patch
+Patch4: %{name}-ldap.patch
+Patch5: %{name}-ldap-fixes.patch
Patch8: ldap.conf.patch
Patch6: %{name}-config.patch
-# https://bugzilla.mindrot.org/show_bug.cgi?id=1663
-Patch7: authorized-keys-command.patch
+Patch7: ldap-helper-sigpipe.patch
+
# High Performance SSH/SCP - HPN-SSH - http://www.psc.edu/networking/projects/hpn-ssh/
# http://www.psc.edu/networking/projects/hpn-ssh/openssh-5.2p1-hpn13v6.diff.gz
Patch9: %{name}-5.2p1-hpn13v6.diff
Patch12: %{name}-blacklist.diff
Patch13: %{name}-kuserok.patch
Patch14: %{name}-bind.patch
+Patch15: %{name}-disable_ldap.patch
URL: http://www.openssh.com/portable.html
BuildRequires: %{__perl}
%{?with_tests:BuildRequires: %{name}-server}
Requires: %{name}
Provides: ssh-clients
Obsoletes: ssh-clients
+%requires_eq_to openssl openssl-devel
%description clients
Ssh (Secure Shell) a program for logging into a remote machine and for
Requires(pre): /usr/sbin/useradd
Requires(post,preun,postun): systemd-units >= 38
Requires: %{name} = %{epoch}:%{version}-%{release}
-# remove in 6.0, kept for flawless upgrade
-Requires: %{name}-server-ldap = %{epoch}:%{version}-%{release}
Requires: pam >= %{pam_ver}
Requires: rc-scripts >= 0.4.3.0
Requires: systemd-units >= 38
Requires: util-linux
+%{?with_ldap:Suggests: %{name}-server-ldap}
Suggests: /bin/login
+Suggests: xorg-app-xauth
Provides: ssh-server
Provides: user(sshd)
+%requires_eq_to openssl openssl-devel
%description server
Ssh (Secure Shell) a program for logging into a remote machine and for
Summary(pl.UTF-8): Wsparcie LDAP dla serwera OpenSSH
Group: Daemons
Requires: %{name} = %{epoch}:%{version}-%{release}
+Requires: openldap-nss-config
%description server-ldap
OpenSSH LDAP backend is a way how to distribute the authorized tokens
Group: Networking/Daemons
Requires(post,postun): sed >= 4.0
Requires: openldap-servers
+%if "%{_rpmversion}" >= "5"
+BuildArch: noarch
+%endif
%description -n openldap-schema-openssh-lpk
This package contains OpenSSH LDAP Public Key schema for openldap.
%prep
%setup -q
-%{?with_kerberos5:%patch100 -p1}
%patch0 -p1
%patch2 -p1
%patch3 -p1
%patch8 -p1
%patch6 -p1
%patch7 -p1
+
%{?with_hpn:%patch9 -p1}
%patch10 -p1
%patch11 -p1
-%patch12 -p1
+# do we really need to drag this old/obsolete patch?
+#%patch12 -p1
%patch13 -p1
%patch14 -p1
+%{!?with_ldap:%patch15 -p1}
%if "%{pld_release}" == "ac"
# fix for missing x11.pc
--with-mantype=man \
--with-md5-passwords \
--with-pam \
- --with-authorized-keys-command \
--with-pid-dir=%{_localstatedir}/run \
--with-privsep-path=%{_privsepdir} \
+ --with-sandbox=seccomp_filter \
%{?with_selinux:--with-selinux} \
--with-tcp-wrappers \
%if "%{pld_release}" == "ac"
%{__sed} -i -e '/ecdsa/d' sshd.init
%endif
+%if %{without audit}
+# remove recording user's login uid to the process attribute
+%{__sed} -i -e '/pam_loginuid.so/d' sshd.pam
+%endif
+
install -p sshd.init $RPM_BUILD_ROOT/etc/rc.d/init.d/sshd
cp -p sshd.pam $RPM_BUILD_ROOT/etc/pam.d/sshd
cp -p %{SOURCE4} $RPM_BUILD_ROOT/etc/sysconfig/sshd
EOF
%{__rm} $RPM_BUILD_ROOT%{_mandir}/README.openssh-non-english-man-pages
-%{__rm} $RPM_BUILD_ROOT%{_sysconfdir}/ldap.conf
+%{?with_ldap:%{__rm} $RPM_BUILD_ROOT%{_sysconfdir}/ldap.conf}
%clean
rm -rf $RPM_BUILD_ROOT
fi
%systemd_reload
+%triggerpostun server -- %{name}-server < 6.2p1-1
+cp -f %{_sysconfdir}/sshd_config{,.rpmorig}
+sed -i -e 's#AuthorizedKeysCommandRunAs#AuthorizedKeysCommandUser##g' %{_sysconfdir}/sshd_config
+
%triggerpostun server -- %{name}-server < 2:5.9p1-8
# lpk.patch to ldap.patch
if grep -qE '^(UseLPK|Lpk)' %{_sysconfdir}/sshd_config; then
%defattr(644,root,root,755)
%doc TODO README OVERVIEW CREDITS Change*
%attr(755,root,root) %{_bindir}/ssh-key*
-%attr(755,root,root) %{_bindir}/ssh-vulnkey*
+#%attr(755,root,root) %{_bindir}/ssh-vulnkey*
%{_mandir}/man1/ssh-key*.1*
-%{_mandir}/man1/ssh-vulnkey*.1*
+#%{_mandir}/man1/ssh-vulnkey*.1*
%dir %{_sysconfdir}
%dir %{_libexecdir}