X-Git-Url: https://git.pld-linux.org/?a=blobdiff_plain;f=openssh.spec;h=4852d7630ea9b8d6b73d675df405964114b4867e;hb=bdaa80c9b7a01c7d624839bc721d37ca0dee838a;hp=faffbbddbee350cd9b4395f4141c6bbe47a20fc8;hpb=0225d3b8c3d1f451b27d8812bb4dad3035c5b99f;p=packages%2Fopenssh.git

diff --git a/openssh.spec b/openssh.spec
index faffbbd..4852d76 100644
--- a/openssh.spec
+++ b/openssh.spec
@@ -8,7 +8,12 @@
 %bcond_without	kerberos5	# without kerberos5 support
 %bcond_without	selinux		# build without SELinux support
 %bcond_with	sshagentsh	# with system-wide script for starting ssh-agent
+%bcond_with	hpn		# with High Performance SSH/SCP - HPN-SSH (see patch comment)
+%bcond_with	hpn_none	# with hpn (above) and '-z' none cipher option
 #
+%if %{with hpn_none}
+%undefine       with_hpn
+%endif
 # gtk2-based gnome-askpass means no gnome1-based
 %{?with_gtk:%undefine with_gnome}
 Summary:	OpenSSH free Secure Shell (SSH) implementation
@@ -22,57 +27,66 @@ Summary(pt_BR):	Implementa
 Summary(ru):	OpenSSH - Ó×ÏÂÏÄÎÁÑ ÒÅÁÌÉÚÁÃÉÑ ÐÒÏÔÏËÏÌÁ Secure Shell (SSH)
 Summary(uk):	OpenSSH - צÌØÎÁ ÒÅÁ̦ÚÁÃ¦Ñ ÐÒÏÔÏËÏÌÕ Secure Shell (SSH)
 Name:		openssh
-Version:	4.0p1
-Release:	2
+Version:	4.3p2
+Release:	2%{?with_hpn:hpn}%{?with_hpn_none:hpn_none}
 Epoch:		2
 License:	BSD
 Group:		Applications/Networking
 Source0:	ftp://ftp.ca.openbsd.org/pub/OpenBSD/OpenSSH/portable/%{name}-%{version}.tar.gz
-# Source0-md5:	7b36f28fc16e1b7f4ba3c1dca191ac92
+# Source0-md5:	7e9880ac20a9b9db0d3fea30a9ff3d46
 Source1:	%{name}d.conf
 Source2:	%{name}.conf
 Source3:	%{name}d.init
 Source4:	%{name}d.pamd
 Source5:	%{name}.sysconfig
 Source6:	passwd.pamd
-Source7:	http://www.mif.pg.gda.pl/homepages/ankry/man-PLD/openssh-non-english-man-pages.tar.bz2
+Source7:	http://www.mif.pg.gda.pl/homepages/ankry/man-PLD/%{name}-non-english-man-pages.tar.bz2
 # Source7-md5:	66943d481cc422512b537bcc2c7400d1
 Source9:	http://www.taiyo.co.jp/~gotoh/ssh/connect.c
-# NoSource9-md5:	e1c3cbed88f08ea778d90813d48cd428
+# Source9-md5:	b856937f1cdfca7a3ccfb2fac36ef726
 Source10:	http://www.taiyo.co.jp/~gotoh/ssh/connect.html
-# NoSource10-md5:	ec74f3e3b2ea3a7dc84c7988235b6fcf
+# Source10-md5:	bb972b3a9d435c62023b355960d78f78
 Source11:	ssh-agent.sh
 Source12:	ssh-agent.conf
 Patch0:		%{name}-no_libnsl.patch
+Patch1:		%{name}-ac_fix.patch
 Patch2:		%{name}-linux-ipv6.patch
 Patch3:		%{name}-pam_misc.patch
 Patch4:		%{name}-sigpipe.patch
 # http://www.opendarwin.org/projects/openssh-lpk/
-Patch5:		%{name}-lpk-4.0p1-0.3.patch
+Patch5:		%{name}-lpk-4.3p1-0.3.7.patch
 Patch6:		%{name}-heimdal.patch
 Patch7:		%{name}-pam-conv.patch
 # http://chrootssh.sourceforge.net/download/osshChroot-3.7.1p2.diff
 Patch8:		%{name}-chroot.patch
 Patch9:		%{name}-selinux.patch
 Patch10:	%{name}-selinux-pld.patch
+# HPN patches rediffed due sigpipe patch.
+# High Performance SSH/SCP - HPN-SSH - http://www.psc.edu/networking/projects/hpn-ssh/
+# http://www.psc.edu/networking/projects/hpn-ssh/openssh-4.2p1-hpn11.diff
+Patch11:	%{name}-4.3p1-hpn11.patch
+# Adds HPN (see p11) and an undocumented -z none cipher flag
+# http://www.psc.edu/networking/projects/hpn-ssh/openssh-4.2p1-hpn11-none.diff
+Patch12:	%{name}-4.3p1-hpn11-none.patch
+Patch13:	%{name}-include.patch
 URL:		http://www.openssh.com/
+BuildRequires:	%{__perl}
 BuildRequires:	autoconf
 BuildRequires:	automake
 %{?with_gnome:BuildRequires:	gnome-libs-devel}
 %{?with_gtk:BuildRequires:	gtk+2-devel}
-%{?with_kerberos5:BuildRequires:	heimdal-devel}
+%{?with_kerberos5:BuildRequires:	heimdal-devel >= 0.7}
 %{?with_libedit:BuildRequires:	libedit-devel}
 %{?with_selinux:BuildRequires:	libselinux-devel}
 BuildRequires:	libwrap-devel
 %{?with_ldap:BuildRequires:	openldap-devel}
 BuildRequires:	openssl-devel >= 0.9.7d
 BuildRequires:	pam-devel
-BuildRequires:	%{__perl}
 %{?with_gtk:BuildRequires:	pkgconfig}
-BuildRequires:	rpmbuild(macros) >= 1.202
+BuildRequires:	rpmbuild(macros) >= 1.268
 BuildRequires:	zlib-devel
-PreReq:		FHS >= 2.1-24
-PreReq:		openssl >= 0.9.7d
+Requires:	FHS >= 2.1-24
+Requires:	pam >= 0.79.0
 Obsoletes:	ssh
 BuildRoot:	%{tmpdir}/%{name}-%{version}-root-%(id -u -n)
 
@@ -94,6 +108,22 @@ all patented algorithms to seperate libraries (OpenSSL).
 This package includes the core files necessary for both the OpenSSH
 client and server. To make this package useful, you should also
 install openssh-clients, openssh-server, or both.
+%if %{with hpn} || %{with hpn_none}
+This release includes High Performance SSH/SCP patches from
+http://www.psc.edu/networking/projects/hpn-ssh/ which are supposed
+to increase throughput on fast connections with high RTT (20-150 msec).
+See the website for '-w' values for your connection and /proc/sys TCP
+values. BTW. in a LAN you have got generally RTT < 1 msec.
+%endif
+%if %{with hpn_none}
+It also includes an undocumented '-z' option which switches
+the cipher to none after authentication is completed. Data is
+still secured from tampering and corruption in transit through
+the use of the Message Authentication Code (MAC).
+This option will significantly reduce the number of cpu cycles used
+by the SSH/SCP process. This may allow some users to see significant
+improvement in (sniffable) data tranfer rates.
+%endif
 
 %description -l de
 OpenSSH (Secure Shell) stellt den Zugang zu anderen Rechnern her. Es
@@ -142,6 +172,23 @@ pomi
 Ten pakiet zawiera podstawowe pliki potrzebne zarówno po stronie
 klienta jak i serwera OpenSSH. Aby by³ u¿yteczny, trzeba zainstalowaæ
 co najmniej jeden z pakietów: openssh-clients lub openssh-server.
+%if %{with hpn} || %{with hpn_none}
+Ta wersja zawiera ³aty z projektu High Performance SSH/SCP
+http://www.psc.edu/networking/projects/hpn-ssh/, które maj± na celu
+zwiêkszenie przepustowo¶ci transmisji dla szybkich po³±czeñ
+z du¿ym RTT (20-150 msec). Na stronie projektu znale¼æ mo¿na
+odpowednie dla danego po³±czenia warto¶ci parametru '-w' oraz
+opcje /proc/sys dla TCP. Nawiasem mówi±c w sieciach LAN RTT < 1 msec.
+%endif
+%if %{with hpn_none}
+Obs³ugiwana jest równie¿ nieudokumentowana opcja '-z' odpowiedzialna
+za wy³±czenie szyfrowania danych po zakoñczeniu procesu uwierzytelniania.
+Dane s± zabezpieczone przed modyfikacj± lub uszkodzeniem przez
+stosowanie Message Authentication Code (MAC).
+Opcja ta znacznie redukuje liczbê cykli procesora zu¿ywanych przez
+procesy SSH/SCP. W wybranych zastosowaniach mo¿e ona wp³yn±æ
+na wyra¼ne przyspieszenie (pods³uchiwalnej) transmisji danych.
+%endif
 
 %description -l pt
 OpenSSH (Secure Shell) fornece acesso a um sistema remoto. Substitui o
@@ -267,19 +314,19 @@ Summary(pt_BR):	Servidor OpenSSH para comunica
 Summary(ru):	OpenSSH - ÓÅÒ×ÅÒ ÐÒÏÔÏËÏÌÁ Secure Shell (sshd)
 Summary(uk):	OpenSSH - ÓÅÒ×ÅÒ ÐÒÏÔÏËÏÌÕ Secure Shell (sshd)
 Group:		Networking/Daemons
-PreReq:		%{name} = %{epoch}:%{version}-%{release}
-PreReq:		rc-scripts >= 0.3.1-15
-Requires(pre):	/bin/id
-Requires(pre):	/usr/sbin/useradd
-Requires(post,preun):	/sbin/chkconfig
 Requires(post):	chkconfig >= 0.9
 Requires(post):	grep
+Requires(post,preun):	/sbin/chkconfig
 Requires(postun):	/usr/sbin/userdel
+Requires(pre):	/bin/id
+Requires(pre):	/usr/sbin/useradd
+Requires:	%{name} = %{epoch}:%{version}-%{release}
 Requires:	/bin/login
-Requires:	util-linux
 Requires:	pam >= 0.77.3
-Provides:	user(sshd)
+Requires:	rc-scripts >= 0.4.0.18
+Requires:	util-linux
 Provides:	ssh-server
+Provides:	user(sshd)
 
 %description server
 Ssh (Secure Shell) a program for logging into a remote machine and for
@@ -356,9 +403,9 @@ Summary(ru):	OpenSSH - 
 Summary(uk):	OpenSSH - ĦÁÌÏÇ ××ÏÄÕ ËÌÀÞÏ×ϧ ÆÒÁÚÉ (passphrase) ÄÌÑ GNOME
 Group:		Applications/Networking
 Requires:	%{name} = %{epoch}:%{version}-%{release}
-Obsoletes:	ssh-extras
-Obsoletes:	ssh-askpass
 Obsoletes:	openssh-askpass
+Obsoletes:	ssh-askpass
+Obsoletes:	ssh-extras
 
 %description gnome-askpass
 Ssh (Secure Shell) a program for logging into a remote machine and for
@@ -406,6 +453,7 @@ GNOME.
 %prep
 %setup -q
 %patch0 -p1
+%patch1 -p1
 %patch2 -p1
 %patch3 -p1
 %patch4 -p1
@@ -415,6 +463,9 @@ GNOME.
 %patch8 -p1
 %{?with_selinux:%patch9 -p1}
 %{?with_selinux:%patch10 -p1}
+%{?with_hpn:%patch11 -p1}
+%{?with_hpn_none:%patch12 -p1}
+%patch13 -p1
 
 %build
 cp %{_datadir}/automake/config.sub .
@@ -437,7 +488,9 @@ cp %{_datadir}/automake/config.sub .
 	%{?with_kerberos5:--with-kerberos5} \
 	--with-privsep-path=%{_privsepdir} \
 	--with-pid-dir=%{_localstatedir}/run \
-	--with-xauth=/usr/X11R6/bin/xauth
+	--with-xauth=/usr/bin/xauth \
+	--enable-utmpx \
+	--enable-wtmpx
 
 echo '#define LOGIN_PROGRAM           "/bin/login"' >>config.h
 
@@ -474,9 +527,9 @@ install %{SOURCE3} $RPM_BUILD_ROOT/etc/rc.d/init.d/sshd
 install %{SOURCE2} $RPM_BUILD_ROOT%{_sysconfdir}/ssh_config
 install %{SOURCE1} $RPM_BUILD_ROOT%{_sysconfdir}/sshd_config
 %if %{with sshagentsh}
-install %{SOURCE11} $RPM_BUILD_ROOT/etc/profile.d/
+install %{SOURCE11} $RPM_BUILD_ROOT/etc/profile.d
 ln -sf	/etc/profile.d/ssh-agent.sh $RPM_BUILD_ROOT/etc/X11/xinit/xinitrc.d/ssh-agent.sh
-install %{SOURCE12} $RPM_BUILD_ROOT/etc/ssh/
+install %{SOURCE12} $RPM_BUILD_ROOT%{_sysconfdir}
 %endif
 
 bzip2 -dc %{SOURCE7} | tar xf - -C $RPM_BUILD_ROOT%{_mandir}
@@ -502,6 +555,10 @@ echo ".so ssh.1" > $RPM_BUILD_ROOT%{_mandir}/man1/slogin.1
 
 touch $RPM_BUILD_ROOT/etc/security/blacklist.sshd
 
+%if "%{_lib}" != "lib"
+find $RPM_BUILD_ROOT%{_sysconfdir} -type f -print0 | xargs -0 perl -pi -e "s#/usr/lib#/usr/%{_lib}#"
+%endif
+
 cat << EOF >$RPM_BUILD_ROOT/etc/env.d/SSH_ASKPASS
 #SSH_ASKPASS="%{_libexecdir}/ssh-askpass"
 EOF
@@ -514,11 +571,7 @@ rm -rf $RPM_BUILD_ROOT
 
 %post server
 /sbin/chkconfig --add sshd
-if [ -f /var/lock/subsys/sshd ]; then
-	/etc/rc.d/init.d/sshd restart 1>&2
-else
-	echo "Run \"/etc/rc.d/init.d/sshd start\" to start openssh daemon."
-fi
+%service sshd reload "openssh daemon"
 if ! grep -qs ssh /etc/security/passwd.conf ; then
 	umask 022
 	echo "ssh" >> /etc/security/passwd.conf
@@ -526,9 +579,7 @@ fi
 
 %preun server
 if [ "$1" = "0" ]; then
-	if [ -f /var/lock/subsys/sshd ]; then
-		/etc/rc.d/init.d/sshd stop 1>&2
-	fi
+	%service sshd stop
 	/sbin/chkconfig --del sshd
 fi
 
@@ -555,10 +606,10 @@ fi
 %attr(755,root,root) %{_bindir}/ssh-agent
 %attr(755,root,root) %{_bindir}/ssh-add
 %attr(755,root,root) %{_bindir}/scp
-%config(noreplace) %verify(not md5 size mtime) %{_sysconfdir}/ssh_config
-%attr(644,root,root) %config(noreplace,missingok) %verify(not md5 size mtime) /etc/env.d/SSH_ASKPASS
+%config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/ssh_config
+%config(noreplace,missingok) %verify(not md5 mtime size) /etc/env.d/SSH_ASKPASS
 %if %{with sshagentsh}
-%config(noreplace) %verify(not md5 size mtime) %{_sysconfdir}/ssh-agent.conf
+%config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/ssh-agent.conf
 %attr(755,root,root) /etc/profile.d/ssh-agent.sh
 %attr(755,root,root) /etc/X11/xinit/xinitrc.d/ssh-agent.sh
 %endif
@@ -587,17 +638,17 @@ fi
 %{_mandir}/man8/sftp-server.8*
 %{_mandir}/man8/ssh-keysign.8*
 %{_mandir}/man5/sshd_config.5*
-%attr(640,root,root) %config(noreplace) %verify(not md5 size mtime) %{_sysconfdir}/sshd_config
-%attr(640,root,root) %config(noreplace) %verify(not md5 size mtime) /etc/pam.d/sshd
+%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/sshd_config
+%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) /etc/pam.d/sshd
 %attr(640,root,root) %{_sysconfdir}/moduli
 %attr(754,root,root) /etc/rc.d/init.d/sshd
-%attr(640,root,root) %config(noreplace) %verify(not md5 size mtime) /etc/sysconfig/sshd
-%attr(640,root,root) %config(noreplace) %verify(not md5 size mtime) /etc/security/blacklist.sshd
+%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) /etc/sysconfig/sshd
+%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) /etc/security/blacklist.sshd
 
 %if %{with gnome} || %{with gtk}
 %files gnome-askpass
 %defattr(644,root,root,755)
-%attr(644,root,root) %config(noreplace,missingok) %verify(not md5 size mtime) /etc/env.d/GNOME_SSH_ASKPASS*
+%config(noreplace,missingok) %verify(not md5 mtime size) /etc/env.d/GNOME_SSH_ASKPASS*
 %dir %{_libexecdir}/ssh
 %attr(755,root,root) %{_libexecdir}/ssh/ssh-askpass
 %attr(755,root,root) %{_libexecdir}/ssh-askpass