%if "%{pld_release}" == "ac"
%define pam_ver 0.79.0
%else
-%define pam_ver 1:1.1.5-5
+%define pam_ver 1:1.1.8-5
%endif
Summary: OpenSSH free Secure Shell (SSH) implementation
Summary(de.UTF-8): OpenSSH - freie Implementation der Secure Shell (SSH)
Summary(ru.UTF-8): OpenSSH - свободная реализация протокола Secure Shell (SSH)
Summary(uk.UTF-8): OpenSSH - вільна реалізація протоколу Secure Shell (SSH)
Name: openssh
-Version: 6.3p1
-Release: 1
+Version: 6.8p1
+Release: 2
Epoch: 2
License: BSD
Group: Applications/Networking
Source0: ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/%{name}-%{version}.tar.gz
-# Source0-md5: 225e75c9856f76011966013163784038
+# Source0-md5: 08f72de6751acfbd0892b5f003922701
Source1: http://www.mif.pg.gda.pl/homepages/ankry/man-PLD/%{name}-non-english-man-pages.tar.bz2
# Source1-md5: 66943d481cc422512b537bcc2c7400d1
Source2: %{name}d.init
# http://pkgs.fedoraproject.org/gitweb/?p=openssh.git;a=tree
Patch4: %{name}-ldap.patch
Patch5: %{name}-ldap-fixes.patch
-Patch8: ldap.conf.patch
-Patch6: %{name}-config.patch
-
+Patch6: ldap.conf.patch
+Patch7: %{name}-config.patch
+Patch8: ldap-helper-sigpipe.patch
# High Performance SSH/SCP - HPN-SSH - http://www.psc.edu/networking/projects/hpn-ssh/
# http://www.psc.edu/networking/projects/hpn-ssh/openssh-5.2p1-hpn13v6.diff.gz
Patch9: %{name}-5.2p1-hpn13v6.diff
Patch10: %{name}-include.patch
Patch11: %{name}-chroot.patch
-# http://people.debian.org/~cjwatson/%{name}-blacklist.diff
-Patch12: %{name}-blacklist.diff
-Patch13: %{name}-kuserok.patch
+
Patch14: %{name}-bind.patch
Patch15: %{name}-disable_ldap.patch
+Patch16: libseccomp-sandbox.patch
URL: http://www.openssh.com/portable.html
BuildRequires: %{__perl}
%{?with_tests:BuildRequires: %{name}-server}
%{?with_gtk:BuildRequires: gtk+2-devel}
%{?with_kerberos5:BuildRequires: heimdal-devel >= 0.7}
%{?with_libedit:BuildRequires: libedit-devel}
+BuildRequires: libseccomp-devel
%{?with_selinux:BuildRequires: libselinux-devel}
-BuildRequires: libwrap-devel
%{?with_ldap:BuildRequires: openldap-devel}
-BuildRequires: openssl-devel >= 0.9.7d
+BuildRequires: openssl-devel >= 0.9.8f
BuildRequires: pam-devel
%{?with_gtk:BuildRequires: pkgconfig}
BuildRequires: rpm >= 4.4.9-56
BuildRequires: rpmbuild(macros) >= 1.627
BuildRequires: sed >= 4.0
+# libseccomp based sandbox requires NO_NEW_PRIVS prctl flag
+%{?with_tests:BuildRequires: uname(release) >= 3.5}
BuildRequires: zlib-devel >= 1.2.3
Requires: zlib >= 1.2.3
%if "%{pld_release}" == "ac"
%else
Requires: filesystem >= 3.0-11
Requires: pam >= %{pam_ver}
-Suggests: openssh-blacklist
Suggests: xorg-app-xauth
%endif
Obsoletes: ssh
Requires(pre): /usr/sbin/useradd
Requires(post,preun,postun): systemd-units >= 38
Requires: %{name} = %{epoch}:%{version}-%{release}
-# remove in 6.0, kept for flawless upgrade
-%{?with_ldap:Requires: %{name}-server-ldap = %{epoch}:%{version}-%{release}}
Requires: pam >= %{pam_ver}
Requires: rc-scripts >= 0.4.3.0
Requires: systemd-units >= 38
Requires: util-linux
+%{?with_ldap:Suggests: %{name}-server-ldap}
Suggests: /bin/login
Suggests: xorg-app-xauth
Provides: ssh-server
Summary(pl.UTF-8): Wsparcie LDAP dla serwera OpenSSH
Group: Daemons
Requires: %{name} = %{epoch}:%{version}-%{release}
+Requires: openldap-nss-config
%description server-ldap
OpenSSH LDAP backend is a way how to distribute the authorized tokens
%patch3 -p1
%patch4 -p1
%patch5 -p1
-%patch8 -p1
%patch6 -p1
+%patch7 -p1
+%patch8 -p1
%{?with_hpn:%patch9 -p1}
%patch10 -p1
%patch11 -p1
-%patch12 -p1
-%patch13 -p1
+
%patch14 -p1
%{!?with_ldap:%patch15 -p1}
+%patch16 -p1
%if "%{pld_release}" == "ac"
# fix for missing x11.pc
-%{__sed} -i -e '/pkg-config/s/ x11//' contrib/Makefile
+%{__sed} -i -e 's/\(`$(PKG_CONFIG) --libs gtk+-2.0\) x11`/\1` -lX11/' contrib/Makefile
%endif
# hack since arc4random from openbsd-compat needs symbols from libssh and vice versa
%{__aclocal}
%{__autoconf}
%{__autoheader}
-CPPFLAGS="-DCHROOT"
+CPPFLAGS="%{rpmcppflags} -DCHROOT -std=gnu99"
%configure \
PERL=%{__perl} \
--disable-strip \
--with-pam \
--with-pid-dir=%{_localstatedir}/run \
--with-privsep-path=%{_privsepdir} \
- --with-sandbox=seccomp_filter \
+%if "%{pld_release}" != "ac"
+ --with-sandbox=libseccomp_filter \
+%endif
%{?with_selinux:--with-selinux} \
- --with-tcp-wrappers \
%if "%{pld_release}" == "ac"
--with-xauth=/usr/X11R6/bin/xauth
%else
%defattr(644,root,root,755)
%doc TODO README OVERVIEW CREDITS Change*
%attr(755,root,root) %{_bindir}/ssh-key*
-%attr(755,root,root) %{_bindir}/ssh-vulnkey*
+#%attr(755,root,root) %{_bindir}/ssh-vulnkey*
%{_mandir}/man1/ssh-key*.1*
-%{_mandir}/man1/ssh-vulnkey*.1*
+#%{_mandir}/man1/ssh-vulnkey*.1*
%dir %{_sysconfdir}
%dir %{_libexecdir}