#
# Conditional build:
-%bcond_with gnome # without gnome-askpass utility
-%bcond_without gtk # without gtk (2.x)
+%bcond_without chroot # without chrooted user environment support
+%bcond_with gnome # with gnome-askpass (GNOME 1.x) utility
+%bcond_without gtk # without GTK+ (2.x)
%bcond_with ldap # with ldap support
+%bcond_without libedit # without libedit (editline/history support in sftp client)
%bcond_without kerberos5 # without kerberos5 support
-%bcond_without chroot # without chrooted user environment support
+%bcond_without selinux # build without SELinux support
%bcond_with sshagentsh # with system-wide script for starting ssh-agent
+%bcond_with hpn # with High Performance SSH/SCP - HPN-SSH (see patch comment)
+%bcond_with hpn_none # with hpn (above) and '-z' none cipher option
#
+%if %{with hpn_none}
+%undefine with_hpn
+%endif
# gtk2-based gnome-askpass means no gnome1-based
%{?with_gtk:%undefine with_gnome}
+%define _rel 4
Summary: OpenSSH free Secure Shell (SSH) implementation
Summary(de): OpenSSH - freie Implementation der Secure Shell (SSH)
Summary(es): Implementación libre de SSH
Summary(ru): OpenSSH - Ó×ÏÂÏÄÎÁÑ ÒÅÁÌÉÚÁÃÉÑ ÐÒÏÔÏËÏÌÁ Secure Shell (SSH)
Summary(uk): OpenSSH - צÌØÎÁ ÒÅÁ̦ÚÁÃ¦Ñ ÐÒÏÔÏËÏÌÕ Secure Shell (SSH)
Name: openssh
-Version: 3.8.1p1
-Release: 2
+Version: 4.3p2
+Release: %{_rel}%{?with_hpn:hpn}%{?with_hpn_none:hpn_none}
Epoch: 2
License: BSD
Group: Applications/Networking
Source0: ftp://ftp.ca.openbsd.org/pub/OpenBSD/OpenSSH/portable/%{name}-%{version}.tar.gz
-# Source0-md5: 1dbfd40ae683f822ae917eebf171ca42
+# Source0-md5: 7e9880ac20a9b9db0d3fea30a9ff3d46
Source1: %{name}d.conf
Source2: %{name}.conf
Source3: %{name}d.init
Source4: %{name}d.pamd
Source5: %{name}.sysconfig
Source6: passwd.pamd
-Source7: http://www.mif.pg.gda.pl/homepages/ankry/man-PLD/openssh-non-english-man-pages.tar.bz2
+Source7: http://www.mif.pg.gda.pl/homepages/ankry/man-PLD/%{name}-non-english-man-pages.tar.bz2
# Source7-md5: 66943d481cc422512b537bcc2c7400d1
-Source9: http://www.imasy.or.jp/~gotoh/ssh/connect.c
-# NoSource9-md5: c78de727e1208799072be78c05d64398
-Source10: http://www.imasy.or.jp/~gotoh/ssh/connect.html
-# NoSource10-md5: f14cb61fafd067a3f5ce4eaa9643bf05
+Source9: http://www.taiyo.co.jp/~gotoh/ssh/connect.c
+# Source9-md5: b856937f1cdfca7a3ccfb2fac36ef726
+Source10: http://www.taiyo.co.jp/~gotoh/ssh/connect.html
+# Source10-md5: bb972b3a9d435c62023b355960d78f78
Source11: ssh-agent.sh
Source12: ssh-agent.conf
Patch0: %{name}-no_libnsl.patch
+Patch1: %{name}-ac_fix.patch
Patch2: %{name}-linux-ipv6.patch
Patch3: %{name}-pam_misc.patch
Patch4: %{name}-sigpipe.patch
-# http://ldappubkey.gcu-squad.org/
-Patch5: ldappubkey-ossh3.6-v2.patch
+# http://www.opendarwin.org/projects/openssh-lpk/
+Patch5: %{name}-lpk-4.3p1-0.3.7.patch
Patch6: %{name}-heimdal.patch
Patch7: %{name}-pam-conv.patch
# http://chrootssh.sourceforge.net/download/osshChroot-3.7.1p2.diff
Patch8: %{name}-chroot.patch
Patch9: %{name}-selinux.patch
Patch10: %{name}-selinux-pld.patch
+# HPN patches rediffed due sigpipe patch.
+# High Performance SSH/SCP - HPN-SSH - http://www.psc.edu/networking/projects/hpn-ssh/
+# http://www.psc.edu/networking/projects/hpn-ssh/openssh-4.2p1-hpn11.diff
+Patch11: %{name}-4.3p1-hpn11.patch
+# Adds HPN (see p11) and an undocumented -z none cipher flag
+# http://www.psc.edu/networking/projects/hpn-ssh/openssh-4.2p1-hpn11-none.diff
+Patch12: %{name}-4.3p1-hpn11-none.patch
+Patch13: %{name}-include.patch
URL: http://www.openssh.com/
+BuildRequires: %{__perl}
BuildRequires: autoconf
BuildRequires: automake
%{?with_gnome:BuildRequires: gnome-libs-devel}
%{?with_gtk:BuildRequires: gtk+2-devel}
-%{?with_kerberos5:BuildRequires: heimdal-devel}
-BuildRequires: libselinux-devel
+%{?with_kerberos5:BuildRequires: heimdal-devel >= 0.7}
+%{?with_libedit:BuildRequires: libedit-devel}
+%{?with_selinux:BuildRequires: libselinux-devel}
BuildRequires: libwrap-devel
%{?with_ldap:BuildRequires: openldap-devel}
BuildRequires: openssl-devel >= 0.9.7d
BuildRequires: pam-devel
-BuildRequires: %{__perl}
%{?with_gtk:BuildRequires: pkgconfig}
+BuildRequires: rpmbuild(macros) >= 1.318
BuildRequires: zlib-devel
-PreReq: FHS >= 2.1-24
-PreReq: openssl >= 0.9.7d
-%{?with_sshagentsh:Requires: xinitrc}
+Requires: FHS >= 2.1-24
+Requires: pam >= 0.79.0
Obsoletes: ssh
BuildRoot: %{tmpdir}/%{name}-%{version}-root-%(id -u -n)
This package includes the core files necessary for both the OpenSSH
client and server. To make this package useful, you should also
install openssh-clients, openssh-server, or both.
+%if %{with hpn} || %{with hpn_none}
+This release includes High Performance SSH/SCP patches from
+http://www.psc.edu/networking/projects/hpn-ssh/ which are supposed
+to increase throughput on fast connections with high RTT (20-150 msec).
+See the website for '-w' values for your connection and /proc/sys TCP
+values. BTW. in a LAN you have got generally RTT < 1 msec.
+%endif
+%if %{with hpn_none}
+It also includes an undocumented '-z' option which switches
+the cipher to none after authentication is completed. Data is
+still secured from tampering and corruption in transit through
+the use of the Message Authentication Code (MAC).
+This option will significantly reduce the number of cpu cycles used
+by the SSH/SCP process. This may allow some users to see significant
+improvement in (sniffable) data tranfer rates.
+%endif
%description -l de
OpenSSH (Secure Shell) stellt den Zugang zu anderen Rechnern her. Es
Ssh (Secure Shell) to program s³u¿±cy do logowania siê na zdaln±
maszynê i uruchamiania na niej aplikacji. W zamierzeniu openssh ma
zast±piæ rlogin, rsh i dostarczyæ bezpieczne, szyfrowane po³±czenie
-pomiedzy dwoma hostami.
+pomiêdzy dwoma hostami.
Ten pakiet zawiera podstawowe pliki potrzebne zarówno po stronie
klienta jak i serwera OpenSSH. Aby by³ u¿yteczny, trzeba zainstalowaæ
co najmniej jeden z pakietów: openssh-clients lub openssh-server.
+%if %{with hpn} || %{with hpn_none}
+Ta wersja zawiera ³aty z projektu High Performance SSH/SCP
+http://www.psc.edu/networking/projects/hpn-ssh/, które maj± na celu
+zwiêkszenie przepustowo¶ci transmisji dla szybkich po³±czeñ
+z du¿ym RTT (20-150 msec). Na stronie projektu znale¼æ mo¿na
+odpowednie dla danego po³±czenia warto¶ci parametru '-w' oraz
+opcje /proc/sys dla TCP. Nawiasem mówi±c w sieciach LAN RTT < 1 msec.
+%endif
+%if %{with hpn_none}
+Obs³ugiwana jest równie¿ nieudokumentowana opcja '-z' odpowiedzialna
+za wy³±czenie szyfrowania danych po zakoñczeniu procesu uwierzytelniania.
+Dane s± zabezpieczone przed modyfikacj± lub uszkodzeniem przez
+stosowanie Message Authentication Code (MAC).
+Opcja ta znacznie redukuje liczbê cykli procesora zu¿ywanych przez
+procesy SSH/SCP. W wybranych zastosowaniach mo¿e ona wp³yn±æ
+na wyra¼ne przyspieszenie (pods³uchiwalnej) transmisji danych.
+%endif
%description -l pt
OpenSSH (Secure Shell) fornece acesso a um sistema remoto. Substitui o
Summary(ru): OpenSSH - ËÌÉÅÎÔÙ ÐÒÏÔÏËÏÌÁ Secure Shell
Summary(uk): OpenSSH - Ë̦¤ÎÔÉ ÐÒÏÔÏËÏÌÕ Secure Shell
Group: Applications/Networking
+Requires: %{name} = %{epoch}:%{version}-%{release}
+%{?with_sshagentsh:Requires: xinitrc}
Provides: ssh-clients
-Requires: %{name} = %{epoch}:%{version}
Obsoletes: ssh-clients
%description clients
Ssh (Secure Shell) to program s³u¿±cy do logowania siê na zdaln±
maszynê i uruchamiania na niej aplikacji. W zamierzeniu openssh ma
zast±piæ rlogin, rsh i dostarczyæ bezpieczne, szyfrowane po³±czenie
-pomiedzy dwoma hostami.
+pomiêdzy dwoma hostami.
Ten pakiet zawiera klientów s³u¿±cych do ³±czenia siê z serwerami SSH.
Summary(ru): OpenSSH - ÓÅÒ×ÅÒ ÐÒÏÔÏËÏÌÁ Secure Shell (sshd)
Summary(uk): OpenSSH - ÓÅÒ×ÅÒ ÐÒÏÔÏËÏÌÕ Secure Shell (sshd)
Group: Networking/Daemons
-PreReq: %{name} = %{epoch}:%{version}
-PreReq: rc-scripts >= 0.3.1-15
-Requires(pre): /bin/id
-Requires(pre): /usr/sbin/useradd
-Requires(post,preun): /sbin/chkconfig
Requires(post): chkconfig >= 0.9
Requires(post): grep
+Requires(post,preun): /sbin/chkconfig
Requires(postun): /usr/sbin/userdel
+Requires(pre): /bin/id
+Requires(pre): /usr/sbin/useradd
+Requires: %{name} = %{epoch}:%{version}-%{release}
Requires: /bin/login
-Requires: util-linux
Requires: pam >= 0.77.3
+Requires: rc-scripts >= 0.4.0.18
+Requires: util-linux
Provides: ssh-server
+Provides: user(sshd)
%description server
Ssh (Secure Shell) a program for logging into a remote machine and for
Ssh (Secure Shell) to program s³u¿±cy do logowania siê na zdaln±
maszynê i uruchamiania na niej aplikacji. W zamierzeniu openssh ma
zast±piæ rlogin, rsh i dostarczyæ bezpieczne, szyfrowane po³±czenie
-pomiedzy dwoma hostami.
+pomiêdzy dwoma hostami.
Ten pakiet zawiera serwer sshd (do którego mog± ³±czyæ siê klienci
ssh).
Summary(ru): OpenSSH - ÄÉÁÌÏÇ ××ÏÄÁ ËÌÀÞÅ×ÏÊ ÆÒÁÚÙ (passphrase) ÄÌÑ GNOME
Summary(uk): OpenSSH - ĦÁÌÏÇ ××ÏÄÕ ËÌÀÞÏ×ϧ ÆÒÁÚÉ (passphrase) ÄÌÑ GNOME
Group: Applications/Networking
-Requires: %{name} = %{epoch}:%{version}
-Obsoletes: ssh-extras
-Obsoletes: ssh-askpass
+Requires: %{name} = %{epoch}:%{version}-%{release}
Obsoletes: openssh-askpass
+Obsoletes: ssh-askpass
+Obsoletes: ssh-extras
%description gnome-askpass
Ssh (Secure Shell) a program for logging into a remote machine and for
Ssh (Secure Shell) to program s³u¿±cy do logowania siê na zdaln±
maszynê i uruchamiania na niej aplikacji. W zamierzeniu openssh ma
zast±piæ rlogin, rsh i dostarczyæ bezpieczne, szyfrowane po³±czenie
-pomiedzy dwoma hostami.
+pomiêdzy dwoma hostami.
Ten pakiet zawiera ,,odpytywacz has³a'' dla GNOME.
%prep
%setup -q
%patch0 -p1
+%patch1 -p1
%patch2 -p1
%patch3 -p1
%patch4 -p1
%{?with_kerberos5:%patch6 -p1}
#%patch7 -p1
%patch8 -p1
-%patch9 -p1
-%patch10 -p1
+%{?with_selinux:%patch9 -p1}
+%{?with_selinux:%patch10 -p1}
+%{?with_hpn:%patch11 -p1}
+%{?with_hpn_none:%patch12 -p1}
+%patch13 -p1
%build
cp %{_datadir}/automake/config.sub .
--with-mantype=man \
--with-md5-passwords \
--with-ipaddr-display \
+ %{?with_libedit:--with-libedit} \
--with-4in6 \
--disable-suid-ssh \
--with-tcp-wrappers \
%{?with_kerberos5:--with-kerberos5} \
--with-privsep-path=%{_privsepdir} \
--with-pid-dir=%{_localstatedir}/run \
- --with-xauth=/usr/X11R6/bin/xauth
+ --with-xauth=/usr/bin/xauth \
+ --enable-utmpx \
+ --enable-wtmpx
echo '#define LOGIN_PROGRAM "/bin/login"' >>config.h
%install
rm -rf $RPM_BUILD_ROOT
-install -d $RPM_BUILD_ROOT{%{_sysconfdir},/etc/{pam.d,rc.d/init.d,sysconfig,security}} \
+install -d $RPM_BUILD_ROOT{%{_sysconfdir},/etc/{pam.d,rc.d/init.d,sysconfig,security,env.d}} \
$RPM_BUILD_ROOT%{_libexecdir}/ssh
%{?with_sshagentsh:install -d $RPM_BUILD_ROOT/etc/{profile.d,X11/xinit/xinitrc.d}}
%{__make} install \
DESTDIR=$RPM_BUILD_ROOT
-install connect $RPM_BUILD_ROOT%{_bindir}
+install connect $RPM_BUILD_ROOT%{_bindir}
install %{SOURCE4} $RPM_BUILD_ROOT/etc/pam.d/sshd
install %{SOURCE6} $RPM_BUILD_ROOT/etc/pam.d/passwdssh
install %{SOURCE5} $RPM_BUILD_ROOT/etc/sysconfig/sshd
install %{SOURCE2} $RPM_BUILD_ROOT%{_sysconfdir}/ssh_config
install %{SOURCE1} $RPM_BUILD_ROOT%{_sysconfdir}/sshd_config
%if %{with sshagentsh}
-install %{SOURCE11} $RPM_BUILD_ROOT/etc/profile.d/
+install %{SOURCE11} $RPM_BUILD_ROOT/etc/profile.d
ln -sf /etc/profile.d/ssh-agent.sh $RPM_BUILD_ROOT/etc/X11/xinit/xinitrc.d/ssh-agent.sh
-install %{SOURCE12} $RPM_BUILD_ROOT/etc/ssh/
+install %{SOURCE12} $RPM_BUILD_ROOT%{_sysconfdir}
%endif
bzip2 -dc %{SOURCE7} | tar xf - -C $RPM_BUILD_ROOT%{_mandir}
%if %{with gnome}
install contrib/gnome-ssh-askpass1 $RPM_BUILD_ROOT%{_libexecdir}/ssh/ssh-askpass
-ln -s %{_libexecdir}/ssh/ssh-askpass $RPM_BUILD_ROOT%{_libexecdir}/ssh-askpass
%endif
%if %{with gtk}
install contrib/gnome-ssh-askpass2 $RPM_BUILD_ROOT%{_libexecdir}/ssh/ssh-askpass
+%endif
+%if %{with gnome} || %{with gtk}
+cat << EOF >$RPM_BUILD_ROOT/etc/env.d/GNOME_SSH_ASKPASS_GRAB_SERVER
+#GNOME_SSH_ASKPASS_GRAB_SERVER="true"
+EOF
+cat << EOF >$RPM_BUILD_ROOT/etc/env.d/GNOME_SSH_ASKPASS_GRAB_POINTER
+#GNOME_SSH_ASKPASS_GRAB_POINTER="true"
+EOF
ln -s %{_libexecdir}/ssh/ssh-askpass $RPM_BUILD_ROOT%{_libexecdir}/ssh-askpass
%endif
touch $RPM_BUILD_ROOT/etc/security/blacklist.sshd
+%if "%{_lib}" != "lib"
+find $RPM_BUILD_ROOT%{_sysconfdir} -type f -print0 | xargs -0 perl -pi -e "s#/usr/lib#/usr/%{_lib}#"
+%endif
+
+cat << EOF >$RPM_BUILD_ROOT/etc/env.d/SSH_ASKPASS
+#SSH_ASKPASS="%{_libexecdir}/ssh-askpass"
+EOF
+
%clean
rm -rf $RPM_BUILD_ROOT
+%post clients
+%env_update
+
+%postun clients
+%env_update
+
+%post gnome-askpass
+%env_update
+
+%postun gnome-askpass
+%env_update
+
%pre server
-if [ -n "`id -u sshd 2>/dev/null`" ]; then
- if [ "`id -u sshd`" != "40" ]; then
- echo "Error: user sshd doesn't have uid=40. Correct this before installing ssh server." 1>&2
- exit 1
- fi
-else
- /usr/sbin/useradd -u 40 -d %{_privsepdir} -s /bin/false -M -r -c "OpenSSH PrivSep User" -g nobody sshd 1>&2
-fi
+%useradd -P %{name}-server -u 40 -d %{_privsepdir} -s /bin/false -c "OpenSSH PrivSep User" -g nobody sshd
%post server
/sbin/chkconfig --add sshd
-if [ -f /var/lock/subsys/sshd ]; then
- /etc/rc.d/init.d/sshd restart 1>&2
-else
- echo "Run \"/etc/rc.d/init.d/sshd start\" to start openssh daemon."
-fi
+%service sshd reload "openssh daemon"
if ! grep -qs ssh /etc/security/passwd.conf ; then
umask 022
echo "ssh" >> /etc/security/passwd.conf
%preun server
if [ "$1" = "0" ]; then
- if [ -f /var/lock/subsys/sshd ]; then
- /etc/rc.d/init.d/sshd stop 1>&2
- fi
+ %service sshd stop
/sbin/chkconfig --del sshd
fi
%postun server
if [ "$1" = "0" ]; then
- /usr/sbin/userdel sshd
+ %userremove sshd
fi
%files
%attr(755,root,root) %{_bindir}/ssh-key*
%{_mandir}/man1/ssh-key*.1*
%dir %{_sysconfdir}
+%dir %{_libexecdir}
%files clients
%defattr(644,root,root,755)
%doc connect.html
-%attr(0755,root,root) %{_bindir}/connect
-%attr(0755,root,root) %{_bindir}/ssh
-%attr(0755,root,root) %{_bindir}/slogin
-%attr(0755,root,root) %{_bindir}/sftp
-%attr(0755,root,root) %{_bindir}/ssh-agent
-%attr(0755,root,root) %{_bindir}/ssh-add
-%attr(0755,root,root) %{_bindir}/scp
-%config(noreplace) %verify(not md5 size mtime) %{_sysconfdir}/ssh_config
+%attr(755,root,root) %{_bindir}/connect
+%attr(755,root,root) %{_bindir}/ssh
+%attr(755,root,root) %{_bindir}/slogin
+%attr(755,root,root) %{_bindir}/sftp
+%attr(755,root,root) %{_bindir}/ssh-agent
+%attr(755,root,root) %{_bindir}/ssh-add
+%attr(755,root,root) %{_bindir}/scp
+%config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/ssh_config
+%config(noreplace,missingok) %verify(not md5 mtime size) /etc/env.d/SSH_ASKPASS
%if %{with sshagentsh}
-%config(noreplace) %verify(not md5 size mtime) %{_sysconfdir}/ssh-agent.conf
-%attr(0755,root,root) /etc/profile.d/ssh-agent.sh
-%attr(0755,root,root) /etc/X11/xinit/xinitrc.d/ssh-agent.sh
+%config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/ssh-agent.conf
+%attr(755,root,root) /etc/profile.d/ssh-agent.sh
+%attr(755,root,root) /etc/X11/xinit/xinitrc.d/ssh-agent.sh
%endif
%{_mandir}/man1/scp.1*
%{_mandir}/man1/ssh.1*
%attr(755,root,root) %{_sbindir}/sshd
%attr(755,root,root) %{_libexecdir}/sftp-server
%attr(755,root,root) %{_libexecdir}/ssh-keysign
-%dir %{_libexecdir}
%{_mandir}/man8/sshd.8*
%{_mandir}/man8/sftp-server.8*
%{_mandir}/man8/ssh-keysign.8*
%{_mandir}/man5/sshd_config.5*
-%attr(640,root,root) %config(noreplace) %verify(not md5 size mtime) %{_sysconfdir}/sshd_config
-%attr(640,root,root) %config(noreplace) %verify(not md5 size mtime) /etc/pam.d/sshd
+%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/sshd_config
+%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) /etc/pam.d/sshd
%attr(640,root,root) %{_sysconfdir}/moduli
%attr(754,root,root) /etc/rc.d/init.d/sshd
-%attr(640,root,root) %config(noreplace) %verify(not md5 size mtime) /etc/sysconfig/sshd
-%attr(640,root,root) %config(noreplace) %verify(not md5 size mtime) /etc/security/blacklist.sshd
+%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) /etc/sysconfig/sshd
+%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) /etc/security/blacklist.sshd
%if %{with gnome} || %{with gtk}
%files gnome-askpass
%defattr(644,root,root,755)
+%config(noreplace,missingok) %verify(not md5 mtime size) /etc/env.d/GNOME_SSH_ASKPASS*
%dir %{_libexecdir}/ssh
%attr(755,root,root) %{_libexecdir}/ssh/ssh-askpass
%attr(755,root,root) %{_libexecdir}/ssh-askpass
projects / packages / openssh.git / blobdiff