123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747748749750751752753754755756757758759760761762763764765766767768769770771772773774775776777778779780781782783784785786787788789790791792793794795796797798799800801802803804805806807808809810811812813814815816817818819820821822823824825826827828829830831832833834835836837838839840841842843844845846847848849850851852853854855856857858859860861862863864865866867868869870871872873874875876877878879880881882883884885886887888889890891892893894895896897898899900901902903904905906907908909910911912913914915916917918919920921922923924925926927928929930931932933934935936937938939940941942943944945946947948949950951952953954955956957958 |
- %bcond_with systemd
- # SELinux
- %define WITH_SELINUX 0
- # OpenSSH privilege separation requires a user & group ID
- %define sshd_uid 74
- %define sshd_gid 74
- # Do we want to disable building of gnome-askpass? (1=yes 0=no)
- %define no_gnome_askpass 0
- # Use GTK3 for gnome-ssh-askpass
- %define gtk3 1
- # Build position-independent executables (requires toolchain support)?
- %define pie 1
- # Do we want to link against a static libcrypto? (1=yes 0=no)
- %define static_libcrypto 0
- # Do we want smartcard support (1=yes 0=no)
- %define scard 0
- # Disable IPv6 (avoids DNS hangs on some glibc versions)
- %define noip6 0
- # Do we want kerberos5 support (1=yes 0=no)
- %define kerberos5 0
- # Reserve options to override askpass settings with:
- # rpm -ba|--rebuild --define 'skip_xxx 1'
- %{?skip_gnome_askpass:%define no_gnome_askpass 1}
- # Options for static OpenSSL link:
- # rpm -ba|--rebuild --define "static_openssl 1"
- %{?static_openssl:%define static_libcrypto 1}
- # Options for Smartcard support: (needs libsectok and openssl-engine)
- # rpm -ba|--rebuild --define "smartcard 1"
- %{?smartcard:%define scard 1}
- # Option to disable ipv6
- # rpm -ba|--rebuild --define "noipv6 1"
- %{?noipv6:%define noip6 1}
- # Is this a build for the rescue CD (without PAM)? (1=yes 0=no)
- %define rescue 0
- %{?build_rescue:%define rescue 1}
- # Turn off some stuff for resuce builds
- %if %{rescue}
- %define kerberos5 0
- %endif
- Summary: The OpenSSH implementation of SSH.
- Summary(ja): OpenSSH - フリーの Secure Shell (SSH) の実装
- Name: openssh
- Version: 9.8p1
- Release: 1%{_dist_release}%{?with_systemd:.systemd}
- Group: network
- Vendor: Project Vine
- Distribution: Vine Linux
- Packager: daisuke
- License: BSD
- URL: https://www.openssh.com/portable.html
- Source0: https://cdn.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-%{version}.tar.gz
- # files for systemd
- Source7: sshd.sysconfig
- Source9: sshd@.service
- Source10: sshd.socket
- Source11: sshd.service
- Source12: sshd-keygen@.service
- Source13: sshd-keygen
- Source14: sshd.tmpfiles
- Source15: sshd-keygen.target
- Patch0: openssh-8.7p1-vine.patch
- #Patch4: openssh-8.0p1-vendor.patch
- # Patch12: openssh-selinux.patch
- # Patch20: openssh-3.9p1-gssapimitm.patch
- Patch21: openssh-7.6p1-safe-stop.patch
- Patch24: openssh-7.6p1-fromto-remote.patch
- Patch26: openssh-5.2p1-pam-no-stack.patch
- # Patch27: openssh-5.1p1-log-in-chroot.patch
- # Patch30: openssh-5.6p1-exit-deadlock.patch
- # Patch31: openssh-3.9p1-skip-used.patch
- Patch35: openssh-8.2p1-askpass-progress-gtk3.patch
- # Help systemd to track the running service
- Patch948: openssh-7.4p1-systemd.patch
- # Vine Source
- Source100: sshd.init.vine
- Source110: sshd.sysconfig.vine
- BuildRoot: %{_tmppath}/%{name}-%{version}-buildroot
- Obsoletes: ssh
- BuildRequires: perl, openssl-devel
- BuildRequires: util-linux
- %if "%{_dist_release}" >= "vl7"
- BuildRequires: libdb-devel
- %else
- BuildRequires: db4-devel
- %endif
- BuildRequires: pam-devel
- BuildRequires: zlib-devel
- %if ! %{no_gnome_askpass}
- BuildRequires: libX11-devel
- BuildRequires: gtk3-devel
- %endif
- BuildRequires: xorg-x11-xauth
- BuildRequires: groff
- BuildRequires: libedit-devel
- %if %{with systemd}
- BuildRequires: systemd-devel
- %endif
- %description
- SSH (Secure SHell) is a program for logging into and executing
- commands on a remote machine. SSH is intended to replace rlogin and
- rsh, and to provide secure encrypted communications between two
- untrusted hosts over an insecure network. X11 connections and
- arbitrary TCP/IP ports can also be forwarded over the secure channel.
- OpenSSH is OpenBSD's version of the last free version of SSH, bringing
- it up to date in terms of security and features, as well as removing
- all patented algorithms to separate libraries.
- This package includes the core files necessary for both the OpenSSH
- client and server. To make this package useful, you should also
- install openssh-clients, openssh-server, or both.
- #'
- %description -l ja
- OpenSSH は、ネットワーク接続ツールである SSH プロトコル実装の フリー版 です。
- Ssh はリモートマシンへログインしたり、リモートマシンでコマンドを実行したり
- するためのプログラムです。rlogin や rsh を置き換えるもので、二つの信頼でき
- ないホスト間の信頼できない通信路でセキュアで暗号化された通信を行うことが
- 可能にします。X11 のコネクションやあらゆる TCP/IP のポートもまた、セキュア
- な通信路の中を通すことができます。
- OpenSSH は OpenBSD による最後のフリーのバージョンの再実装で、
- 最新のセキュリティと機能を提供しています。またすべての特許がからむ
- アルゴリズムは分割したライブラリにわかれています。
- このパッケージは OpenSSH のクライアントとサーバの両方で必要とされる
- コアのファイルを含んでいます。実際に使用するにはこのパッケージの他に
- openssh-clients および/または openssh-server が必要です。
- %package clients
- Summary: OpenSSH clients.
- Summary(ja): OpenSSH Secure Shell プロトコルクライアント
- Requires: openssh = %{version}-%{release}
- Group: network
- Obsoletes: ssh-clients
- Obsoletes: openssh-contrib
- %description clients
- OpenSSH is a free version of SSH (Secure SHell), a program for logging
- into and executing commands on a remote machine. This package includes
- the clients necessary to make encrypted connections to SSH servers.
- You'll also need to install the openssh package on OpenSSH clients.
- #'
- %description -l ja clients
- OpenSSH は、ネットワーク接続ツールである SSH プロトコル実装の フリー版 です。
- Ssh はリモートマシンへログインしたり、リモートマシンでコマンドを実行したり
- するためのプログラムです。rlogin や rsh を置き換えるもので、二つの信頼でき
- ないホスト間の信頼できない通信路でセキュアで暗号化された通信を行うことが
- 可能にします。X11 のコネクションやあらゆる TCP/IP のポートもまた、セキュア
- な通信路の中を通すことができます。
- OpenSSH は OpenBSD による最後のフリーのバージョンの再実装で、
- 最新のセキュリティと機能を提供しています。またすべての特許がからむ
- アルゴリズムは分割したライブラリにわかれています。
- このパッケージは OpenSSH をクライアントとして使用する場合に
- 必要なものを含んでいます。
- %package server
- Summary: The OpenSSH server daemon.
- Summary(ja): OpenSSH Secure Shell プロトコルサーバ (sshd)
- Group: servers
- Obsoletes: ssh-server
- Requires(post): openssh = %{version}-%{release}
- Requires(post): chkconfig
- Requires(pre): shadow-utils
- Requires(post): initscripts >= 5.20
- Requires: pam
- %description server
- OpenSSH is a free version of SSH (Secure SHell), a program for logging
- into and executing commands on a remote machine. This package contains
- the secure shell daemon (sshd). The sshd daemon allows SSH clients to
- securely connect to your SSH server. You also need to have the openssh
- package installed.
- %description -l ja server
- OpenSSH は、ネットワーク接続ツールである SSH プロトコル実装の フリー版 です。
- Ssh はリモートマシンへログインしたり、リモートマシンでコマンドを実行したり
- するためのプログラムです。rlogin や rsh を置き換えるもので、二つの信頼でき
- ないホスト間の信頼できない通信路でセキュアで暗号化された通信を行うことが
- 可能にします。X11 のコネクションやあらゆる TCP/IP のポートもまた、セキュア
- な通信路の中を通すことができます。
- OpenSSH は OpenBSD による最後のフリーのバージョンの再実装で、
- 最新のセキュリティと機能を提供しています。またすべての特許がからむ
- アルゴリズムは分割したライブラリにわかれています。
- このパッケージは OpenSSH をサーバとして使用する場合に必要な
- デーモンなどを含んでいます。
- %package askpass-gnome
- Summary: A passphrase dialog for OpenSSH, X, and GNOME.
- Summary(ja): OpenSSH GNOME パスフレーズ入力ダイアログ
- Group: network
- Requires: openssh = %{version}-%{release}
- Obsoletes: ssh-extras
- Obsoletes: openssh-askpass < 5.5p1-3vl6
- Provides: openssh-askpass = %{version}-%{release}
- %description askpass-gnome
- OpenSSH is a free version of SSH (Secure SHell), a program for logging
- into and executing commands on a remote machine. This package contains
- an X11 passphrase dialog for OpenSSH and the GNOME GUI desktop
- environment.
- %description -l ja askpass-gnome
- OpenSSH は、ネットワーク接続ツールである SSH プロトコル実装の フリー版 です。
- Ssh はリモートマシンへログインしたり、リモートマシンでコマンドを実行したり
- するためのプログラムです。rlogin や rsh を置き換えるもので、二つの信頼でき
- ないホスト間の信頼できない通信路でセキュアで暗号化された通信を行うことが
- 可能にします。X11 のコネクションやあらゆる TCP/IP のポートもまた、セキュア
- な通信路の中を通すことができます。
- OpenSSH は OpenBSD による最後のフリーのバージョンの再実装で、
- 最新のセキュリティと機能を提供しています。またすべての特許がからむ
- アルゴリズムは分割したライブラリにわかれています。
- このパッケージは GNOME 用のパスフレーズ入力ダイアログを含んでいます。
- %debug_package
- %prep
- %setup -q
- %patch0 -p1 -b .vine
- #patch4 -p1 -b .vendor
- %if %{WITH_SELINUX}
- #SELinux
- #%patch12 -p1 -b .selinux
- %endif
- %patch21 -p1 -b .safe-stop
- %patch24 -p1 -b .fromto-remote
- %patch26 -p1 -b .stack
- # %patch27 -p1 -b .log-chroot
- # %patch30 -p1 -b .exit-deadlock
- # %patch35 -p1 -b .progress
- %if %{with systemd}
- %patch948 -p1
- %endif
- autoreconf
- %build
- CFLAGS="$RPM_OPT_FLAGS -fvisibility=hidden"; export CFLAGS
- %if %{pie}
- %ifarch s390 s390x sparc sparc64
- CFLAGS="$CFLAGS -fPIC"
- %else
- CFLAGS="$CFLAGS -fpic"
- %endif
- SAVE_LDFLAGS="$LDFLAGS"
- LDFLAGS="$LDFLAGS -pie -z relro -z now"; export LDFLAGS
- export CFLAGS
- export LDFLAGS
- %endif
- # for glibc-2.34 on older kenel
- export ac_cv_func_closefrom=no
- %configure \
- --sysconfdir=%{_sysconfdir}/ssh \
- --libexecdir=%{_libexecdir}/openssh \
- --datadir=%{_datadir}/openssh \
- --with-default-path=/usr/local/bin:/bin:/usr/bin \
- --with-superuser-path=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin --with-privsep-path=%{_var}/empty/sshd \
- --disable-strip \
- --without-zlib-version-check \
- --with-ssl-engine \
- --with-ipaddr-display \
- --with-pie=no \
- --enable-vendor-patchlevel="VL-%{version}-%{release}" \
- --with-libedit \
- --with-xauth=/usr/bin/xauth \
- %if %{scard}
- --with-smartcard \
- %endif
- %if %{noip6}
- --with-ipv4-default \
- %endif
- %if %{rescue}
- --without-pam --with-md5-passwords \
- %else
- --with-pam \
- %endif
- %if %{with systemd}
- --with-systemd \
- %endif
- %{nil}
- %if %{static_libcrypto}
- perl -pi -e "s|-lcrypto|%{_libdir}/libcrypto.a|g" Makefile
- %endif
- %make_build
- %if %{gtk3}
- gtk3=yes
- %else
- gtk3=no
- %endif
- %if ! %{no_gnome_askpass}
- pushd contrib
- if [ $gtk3 = yes ]; then
- make gnome-ssh-askpass3
- mv gnome-ssh-askpass3 gnome-ssh-askpass
- else
- make gnome-ssh-askpass2
- mv gnome-ssh-askpass2 gnome-ssh-askpass
- fi
- popd
- %endif
- %install
- rm -rf $RPM_BUILD_ROOT
- mkdir -p -m755 $RPM_BUILD_ROOT%{_sysconfdir}/ssh
- mkdir -p -m755 $RPM_BUILD_ROOT%{_libexecdir}/openssh
- mkdir -p -m755 $RPM_BUILD_ROOT%{_var}/empty/sshd
- mkdir -p -m755 $RPM_BUILD_ROOT%{_var}/empty/sshd/etc
- make install DESTDIR=$RPM_BUILD_ROOT
- touch $RPM_BUILD_ROOT%{_var}/empty/sshd/etc/localtime
- install -d $RPM_BUILD_ROOT/etc/pam.d/
- install -d $RPM_BUILD_ROOT/etc/rc.d/init.d
- install -d $RPM_BUILD_ROOT/etc/sysconfig/
- install -d $RPM_BUILD_ROOT%{_libexecdir}/openssh
- install -m644 contrib/redhat/sshd.pam $RPM_BUILD_ROOT/etc/pam.d/sshd
- %if %{with systemd}
- install -d -m755 $RPM_BUILD_ROOT/%{_unitdir}
- install -m644 %{SOURCE9} $RPM_BUILD_ROOT/%{_unitdir}/sshd@.service
- install -m644 %{SOURCE10} $RPM_BUILD_ROOT/%{_unitdir}/sshd.socket
- install -m644 %{SOURCE11} $RPM_BUILD_ROOT/%{_unitdir}/sshd.service
- install -m644 %{SOURCE12} $RPM_BUILD_ROOT/%{_unitdir}/sshd-keygen@.service
- install -m644 %{SOURCE15} $RPM_BUILD_ROOT/%{_unitdir}/sshd-keygen.target
- install -m744 %{SOURCE13} $RPM_BUILD_ROOT/%{_libexecdir}/openssh/sshd-keygen
- install -m755 contrib/ssh-copy-id $RPM_BUILD_ROOT%{_bindir}/
- install contrib/ssh-copy-id.1 $RPM_BUILD_ROOT%{_mandir}/man1/
- install -m644 -D %{SOURCE14} $RPM_BUILD_ROOT%{_tmpfilesdir}/%{name}.conf
- install -m644 %{SOURCE7} $RPM_BUILD_ROOT/etc/sysconfig/sshd
- %else
- install -m755 %{SOURCE100} $RPM_BUILD_ROOT/etc/rc.d/init.d/sshd
- install -m644 %{SOURCE110} $RPM_BUILD_ROOT/etc/sysconfig/sshd
- %endif
- %if ! %{scard}
- rm -f $RPM_BUILD_ROOT%{_datadir}/openssh/Ssh.bin
- %endif
- %if ! %{no_gnome_askpass}
- install -s contrib/gnome-ssh-askpass $RPM_BUILD_ROOT%{_libexecdir}/openssh/gnome-ssh-askpass
- install -m 755 -d $RPM_BUILD_ROOT%{_sysconfdir}/profile.d/
- install -m 755 contrib/redhat/gnome-ssh-askpass.{sh,csh} $RPM_BUILD_ROOT%{_sysconfdir}/profile.d/
- %endif
- %if %{no_gnome_askpass}
- rm -f $RPM_BUILD_ROOT/etc/profile.d/gnome-ssh-askpass.*
- %endif
- # for contrib package
- install -m 0755 contrib/ssh-copy-id $RPM_BUILD_ROOT%{_bindir}
- install -m 0644 contrib/ssh-copy-id.1 $RPM_BUILD_ROOT%{_mandir}/man1
- mv contrib/README contrib/README.contrib
- perl -pi -e "s|$RPM_BUILD_ROOT||g" $RPM_BUILD_ROOT%{_mandir}/man*/*
- %clean
- rm -rf $RPM_BUILD_ROOT
- %triggerun server -- ssh-server
- if [ "$1" != 0 -a -r /var/run/sshd.pid ] ; then
- touch /var/run/sshd.restart
- fi
- %triggerun server -- openssh-server < 2.5.0p1
- # Count the number of HostKey and HostDsaKey statements we have.
- gawk 'BEGIN {IGNORECASE=1}
- /^hostkey/ || /^hostdsakey/ {sawhostkey = sawhostkey + 1}
- END {exit sawhostkey}' /etc/ssh/sshd_config
- # And if we only found one, we know the client was relying on the old default
- # behavior, which loaded the the SSH2 DSA host key when HostDsaKey wasn't
- # specified. Now that HostKey is used for both SSH1 and SSH2 keys, specifying
- # one nullifies the default, which would have loaded both.
- if [ $? -eq 1 ] ; then
- echo HostKey /etc/ssh/ssh_host_rsa_key >> /etc/ssh/sshd_config
- echo HostKey /etc/ssh/ssh_host_dsa_key >> /etc/ssh/sshd_config
- fi
- %triggerpostun server -- ssh-server
- if [ "$1" != 0 ] ; then
- /sbin/chkconfig --add sshd
- if test -f /var/run/sshd.restart ; then
- rm -f /var/run/sshd.restart
- # /sbin/service sshd start > /dev/null 2>&1 || :
- /sbin/service sshd start
- fi
- fi
- %if %{with systemd}
- %pre
- getent group ssh_keys >/dev/null || groupadd -r ssh_keys || :
- %endif
- %pre server
- %{_sbindir}/groupadd -r -g %{sshd_gid} sshd 2>/dev/null || :
- %{_sbindir}/useradd -d /var/empty/sshd -s /bin/false -u %{sshd_uid} \
- -g sshd -M -r sshd 2>/dev/null || :
- %post server
- %if %{with systemd}
- %systemd_post sshd.service sshd.socket
- %else
- /sbin/chkconfig --add sshd
- %endif
- %postun server
- %if %{with systemd}
- %systemd_postun_with_restart sshd.service
- %else
- # /sbin/service sshd condrestart > /dev/null 2>&1 || :
- if [ "$1" -gt 0 ]; then
- /sbin/service sshd condrestart
- fi
- exit 0
- %endif
- %preun server
- %if %{with systemd}
- %systemd_preun sshd.service sshd.socket
- %else
- if [ "$1" = 0 -o -x /bin/systemctl ]; then
- /sbin/service sshd stop > /dev/null 2>&1 || :
- /sbin/chkconfig --del sshd
- fi
- %endif
- %files
- %defattr(-,root,root)
- %license LICENCE
- %doc CREDITS ChangeLog INSTALL OVERVIEW PROTOCOL* README* TODO
- %attr(0755,root,root) %dir %{_sysconfdir}/ssh
- %attr(0600,root,root) %config(noreplace) %{_sysconfdir}/ssh/moduli
- %attr(644,root,root) %{_mandir}/man5/moduli.5*
- %if ! %{rescue}
- %attr(0755,root,root) %{_bindir}/ssh-keygen
- %attr(0644,root,root) %{_mandir}/man1/ssh-keygen.1*
- %attr(0755,root,root) %dir %{_libexecdir}/openssh
- %attr(4711,root,root) %{_libexecdir}/openssh/ssh-keysign
- %attr(0644,root,root) %{_mandir}/man8/ssh-keysign.8*
- %endif
- %if %{scard}
- %attr(0755,root,root) %dir %{_datadir}/openssh
- %attr(0644,root,root) %{_datadir}/openssh/Ssh.bin
- %endif
- %files clients
- %defattr(-,root,root)
- %attr(0755,root,root) %{_bindir}/scp
- %attr(0755,root,root) %{_bindir}/ssh
- %attr(0644,root,root) %{_mandir}/man1/scp.1*
- %attr(0644,root,root) %{_mandir}/man1/ssh.1*
- %attr(0644,root,root) %{_mandir}/man5/ssh_config.5*
- # %attr(0644,root,root) %{_mandir}/man1/slogin.1*
- %attr(0644,root,root) %config(noreplace) %{_sysconfdir}/ssh/ssh_config
- # %attr(-,root,root) %{_bindir}/slogin
- %if ! %{rescue}
- %attr(0755,root,root) %{_bindir}/ssh-agent
- %attr(0755,root,root) %{_bindir}/ssh-add
- %attr(0755,root,root) %{_bindir}/ssh-keyscan
- %attr(0755,root,root) %{_bindir}/sftp
- %attr(0755,root,root) %{_bindir}/ssh-copy-id
- %attr(0755,root,root) %dir %{_libexecdir}/openssh
- %attr(0755,root,root) %{_libexecdir}/openssh/ssh-pkcs11-helper
- %attr(0755,root,root) %{_libexecdir}/openssh/ssh-sk-helper
- %attr(0644,root,root) %{_mandir}/man1/ssh-agent.1*
- %attr(0644,root,root) %{_mandir}/man1/ssh-add.1*
- %attr(0644,root,root) %{_mandir}/man1/ssh-keyscan.1*
- %attr(0644,root,root) %{_mandir}/man1/sftp.1*
- %attr(0644,root,root) %{_mandir}/man1/ssh-copy-id.1*
- %attr(0644,root,root) %{_mandir}/man8/ssh-pkcs11-helper.8*
- %attr(0644,root,root) %{_mandir}/man8/ssh-sk-helper.8*
- %endif
- %if ! %{rescue}
- %files server
- %defattr(-,root,root)
- %dir %attr(0711,root,root) %{_var}/empty/sshd
- %dir %attr(0755,root,root) %{_var}/empty/sshd/etc
- %ghost %verify(not md5 size mtime) %{_var}/empty/sshd/etc/localtime
- %attr(0755,root,root) %{_sbindir}/sshd
- %attr(0755,root,root) %dir %{_libexecdir}/openssh
- %attr(0755,root,root) %{_libexecdir}/openssh/sftp-server
- %attr(0755,root,root) %{_libexecdir}/openssh/sshd-session
- %attr(0644,root,root) %{_mandir}/man5/sshd_config.5*
- %attr(0644,root,root) %{_mandir}/man8/sshd.8*
- %attr(0644,root,root) %{_mandir}/man8/sftp-server.8*
- %attr(0755,root,root) %dir %{_sysconfdir}/ssh
- %attr(0600,root,root) %config(noreplace) %{_sysconfdir}/ssh/sshd_config
- %attr(0600,root,root) %config(noreplace) /etc/pam.d/sshd
- %attr(0755,root,root) %config /etc/sysconfig/sshd
- %if %{with systemd}
- %attr(0755,root,root) %{_libexecdir}/openssh/sshd-keygen
- %attr(0644,root,root) %{_unitdir}/sshd.service
- %attr(0644,root,root) %{_unitdir}/sshd@.service
- %attr(0644,root,root) %{_unitdir}/sshd.socket
- %attr(0644,root,root) %{_unitdir}/sshd-keygen@.service
- %attr(0644,root,root) %{_unitdir}/sshd-keygen.target
- %attr(0644,root,root) %{_tmpfilesdir}/openssh.conf
- %else
- %attr(0755,root,root) %config /etc/rc.d/init.d/sshd
- %endif
- %endif
- %if ! %{no_gnome_askpass}
- %files askpass-gnome
- %defattr(-,root,root)
- %attr(0755,root,root) %config %{_sysconfdir}/profile.d/gnome-ssh-askpass.*
- %attr(0755,root,root) %{_libexecdir}/openssh/gnome-ssh-askpass
- %endif
- %changelog
- * Wed Jul 03 2024 Tomohiro "Tomo-p" KATO <tomop@teamgedoh.net> 9.8p1-1
- - new upstream release.
- * Thu Mar 28 2024 Tomohiro "Tomo-p" KATO <tomop@teamgedoh.net> 9.7p1-1
- - new upstream release.
- * Wed Sep 20 2023 Tomohiro "Tomo-p" KATO <tomop@teamgedoh.net> 9.4p1-1
- - new upstream release.
- * Tue Aug 01 2023 Tomohiro "Tomo-p" KATO <tomop@teamgedoh.net> 9.3p2-1
- - new upstream release.
- * Tue Mar 28 2023 Tomohiro "Tomo-p" KATO <tomop@teamgedoh.net> 9.3p1-1
- - new upstream release.
- * Mon Feb 13 2023 Tomohiro "Tomo-p" KATO <tomop@teamgedoh.net> 9.2p1-1
- - new upstream release.
- * Tue Oct 19 2021 Tomohiro "Tomo-p" KATO <tomop@teamgedoh.net> 8.8p1-3
- - built with workaround for glibc-2.34 on older kernel.
- * Sat Oct 09 2021 Tomohiro "Tomo-p" KATO <tomop@teamgedoh.net> 8.8p1-2
- - rebuilt with openssl-3.0.0.
- * Fri Oct 01 2021 Tomohiro "Tomo-p" KATO <tomop@teamgedoh.net> 8.8p1-1
- - new upstream release.
- * Fri Aug 20 2021 Tomohiro "Tomo-p" KATO <tomop@teamgedoh.net> 8.7p1-1
- - new upstream release.
- - updated Patch0.
- * Wed Apr 21 2021 Tomohiro "Tomo-p" KATO <tomop@teamgedoh.net> 8.6p1-1
- - new upstream release.
- * Tue Mar 09 2021 Tomohiro "Tomo-p" KATO <tomop@teamgedoh.net> 8.5p1-1
- - new upstream release.
- * Wed Oct 07 2020 Tomohiro "Tomo-p" KATO <tomop@teamgedoh.net> 8.4p1-1
- - new upstream release.
- - updated Patch0.
- - disabled Patch35.
- * Wed May 27 2020 Tomohiro "Tomo-p" KATO <tomop@teamgedoh.net> 8.3p1-1
- - new upstream release.
- * Thu Apr 02 2020 Tomohiro "Tomo-p" KATO <tomop@teamgedoh.net> 8.2p1-2
- - added systemd support (disabled as default).
- * Thu Mar 19 2020 Tomohiro "Tomo-p" KATO <tomop@teamgedoh.net> 8.2p1-1
- - new upstream release.
- - updated Patch35.
- * Thu Oct 17 2019 Tomohiro "Tomo-p" KATO <tomop@teamgedoh.net> 8.1p1-1
- - new upstream release.
- * Sat Jun 22 2019 Tomohiro "Tomo-p" KATO <tomop@teamgedoh.net> 8.0p1-1
- - new upstream release.
- - moved scp to openssh-clients.
- - changed "PasswordAuthentication" to "no" as default.
- - dropped Patch4.
- - updated Patch35 to use GTK+3 for gnome-ssh-askpass.
- * Tue Nov 06 2018 Tomohiro "Tomo-p" KATO <tomop@teamgedoh.net> 7.9p1-1
- - new upstream release.
- - updated Patch4.
- * Wed Nov 15 2017 Satoshi IWAMOTO <satoshi.iwamoto@nifty.ne.jp> 7.6p1-1
- - new upstream release.
- - update patch0,4,21,24
- - update patch35 from fc26
- - drop patch12,20,30
- * Fri Aug 5 2016 Tomohiro "Tomo-p" KATO <tomop@teamgedoh.net> 7.2p2-2
- - disabled rsa1 hostkey generation.
- * Sat Jul 30 2016 Tomohiro "Tomo-p" KATO <tomop@teamgedoh.net> 7.2p2-1
- - new upstream release.
- * Wed Mar 9 2016 Satoshi IWAMOTO <satoshi.iwamoto@nifty.ne.jp> 7.2p1-1
- - new upstream release
- - built with openssl 1.0.2g
- - drop slogin command and manual, this is upstream change.
- * Sun Jan 17 2016 Daisuke SUZUKI <daisuke@vinelinux.org> 7.1p2-1
- - update to 7.1p2
- * Mon Dec 28 2015 Daisuke SUZUKI <daisuke@vinelinux.org> 7.1p1-1
- - update to 7.1p1
- - remove patch100 to use default value "prohibit-password" for PermitRootLogin
- * Tue Oct 14 2014 Daisuke SUZUKI <daisuke@vinelinux.org> 6.7p1-1
- - update to 6.7p1
- - fix sshd.init
- * Thu Aug 07 2014 Daisuke SUZUKI <daisuke@vinelinux.org> 6.6p1-1
- - update to 6.6p1
- - remove BR: sharutils
- - add BR: libdb-devel instead of db4-devel
- * Tue Feb 04 2014 Daisuke SUZUKI <daisuke@linux.or.jp> 6.5p1-1
- - update to 6.5p1
- - update sshd_config
- - generate ED25519 host key.
- * Tue Nov 12 2013 Daisuke SUZUKI <daisuke@linux.or.jp> 6.4p1-1
- - update to 6.4p1
- * Mon May 20 2013 Daisuke SUZUKI <daisuke@linux.or.jp> 6.2p2-1
- - update to 6.2p2
- * Fri Mar 22 2013 Daisuke SUZUKI <daisuke@linux.or.jp> 6.2p1-1
- - update to 6.2p1
- * Fri Nov 2 2012 Satoshi IWAMOTO <satoshi.iwamoto@nifty.ne.jp> 6.1p1-1
- - new upstream release
- - add -with-xauth option in configure
- - patch4, 30, 35 are updated from fc18
- * Mon May 07 2012 Daisuke SUZUKI <daisuke@linux.or.jp> 6.0p1-1
- - new upstream release
- * Tue Mar 06 2012 Daisuke SUZUKI <daisuke@linux.or.jp> 5.9p1-1
- - new upstream release
- * Sun May 8 2011 Satoshi IWAMOTO <satoshi.iwamoto@nifty.ne.jp> 5.8p2-1
- - new upstream release
- * Tue Apr 19 2011 Daisuke SUZUKI <daisuke@linux.or.jp> 5.8p1-2
- - add our own sshd.init based on fedora's sshd.init
- - generate ECDSA host key.
- * Sat Feb 05 2011 Daisuke SUZUKI <daisuke@linux.or.jp> 5.8p1-1
- - new upstream release
- * Tue Jan 25 2011 Daisuke SUZUKI <daisuke@linux.or.jp> 5.7p1-1
- - new upstream release
- * Mon Jan 10 2011 Daisuke SUZUKI <daisuke@linux.or.jp> 5.6p1-1
- - new upstream release
- - obsolete contrib subpackage, move ssh-copy-id to client subpackage
- * Sun Jan 9 2011 Satoshi IWAMOTO <satoshi.iwamoto@nifty.ne.jp> 5.5p1-4
- - rebuilt with openssl 1.0.0c
- * Sun May 23 2010 Daisuke SUZUKI <daisuke@linux.or.jp> 5.5p1-3
- - drop x11-askpass, add Obsoletes: openssh-askpass
- - add BR: groff
- - enable --with-libedit option, add BR: libedit-devel
- - remove unrecognized option '--with-rsh'
- * Sun May 23 2010 Daisuke SUZUKI <daisuke@linux.or.jp> 5.5p1-2
- - add BR: xorg-x11-xauth for X11 forwarding support
- * Thu Apr 22 2010 Daisuke SUZUKI <daisuke@linux.or.jp> 5.5p1-1
- - new upstream release
- - update patch0,2
- - drop patch3,22
- * Tue Feb 24 2009 Daisuke SUZUKI <daisuke@linux.or.jp> 5.2p1-1
- - new upstream release
- * Tue Jul 22 2008 Daisuke SUZUKI <daisuke@linux.or.jp> 5.1p1-1
- - new upstream release
- * Thu May 29 2008 Daisuke SUZUKI <daisuke@linux.or.jp> 5.0p1-2
- - rebuild with xorg-x11-7.3
- * Fri Apr 04 2008 Satoshi IWAMOTO <satoshi.iwamoto@nifty.ne.jp> 5.0p1-1
- - new upstream release with security fix (CVE-2008-1483)
- - drop patch31 which is included in new release (This was for CVE-2008-1483)
- * Tue Apr 01 2008 Satoshi IWAMOTO <satoshi.iwamoto@nifty.ne.jp> 4.9p1-1
- - new upstream release with security fix ("ForceCommand" Directive)
- - turn on daemon restart message
- - new versioning policy
- * Mon Nov 26 2007 Satoshi IWAMOTO <satoshi.iwamoto@nifty.ne.jp> 4.7p1-0vl2
- - add /var/empty/sshd/etc/localtime to fix secure log bad timestamps
- * Tue Nov 13 2007 Daisuke SUZUKI <daisuke@linux.or.jp> 4.7p1-0vl1
- - new upstream release
- * Thu May 17 2007 Daisuke SUZUKI <daisuke@linux.or.jp> 4.6p1-0vl2
- - build with -fpie/-pie by default.
- - enable ipv6 by default.
- * Fri May 04 2007 Daisuke SUZUKI <daisuke@linux.or.jp> 4.6p1-0vl1
- - new upstream release
- * Wed Nov 08 2006 Satoshi IWAMOTO <satoshi.iwamoto@nifty.ne.jp> 4.5p1-0vl1
- - new upstream release
- * Fri Sep 29 2006 Daisuke SUZUKI <daisuke@linux.or.jp> 4.4p1-0vl1
- - new upstream release
- * Thu Jul 27 2006 Daisuke SUZUKI <daisuke@linux.or.jp> 4.3p2-0vl1
- - new upstream release
- * Mon Apr 10 2006 Daisuke SUZUKI <daisuke@linux.or.jp> 4.3p1-0vl1
- - new upstream release
- - remove build6x stuff
- - remove libgnome-devel from BuildRequires
- - cleanup BuildRequires
- - drop Patch200, it is merged in upstream.
- - import patches(25-35) from FC-devel
- * Mon Apr 10 2006 IWAI, Masaharu <iwai@alib.jp> 4.2p1-0vl3
- - SECURITY FIX: CVE-2006-0225
- - add scp no system patch ( Patch200 ): from Fedora Core 4 4.2p1-fc4.10
- - update BuildPreReq: s/XFree86-devel/XOrg-devel/
- - fix BuildPreReq for GNOME: gnome-libs-devel ( GNOME1 ) was always used
- - When GNOME2 is used, using libgnome-devel
- - add BuildPreReq: gtk2-devel for GNOME2
- * Sat Sep 24 2005 Daisuke SUZUKI <daisuke@linux.or.jp> 4.2p1-0vl2
- - rebuild with gtk+-2.8 final
- * Sun Sep 4 2005 Daisuke SUZUKI <daisuke@linux.or.jp> 4.2p1-0vl1
- - new upstream release
- - build with gtk+-2.7
- * Sun May 29 2005 Daisuke SUZUKI <daisuke@linux.or.jp> 4.1p1-0vl1
- - new upstream release
- * Fri Apr 01 2005 KOBAYASHI Taizo <tkoba@vinelinux.org> 4.0p1-0vl2
- - cleanup obsolete patches and added patches from fedora
- * Wed Mar 16 2005 Daisuke SUZUKI <daisuke@linux.or.jp> 4.0p1-0vl1
- - new upstream release
- * Thu Aug 19 2004 Daisuke SUZUKI <daisuke@linux.or.jp> 3.9pl1-0vl1
- - new upstream release
- * Wed Apr 21 2004 Daisuke SUZUKI <daisuke@linux.or.jp> 3.8.1p1-0vl1
- - new upstream release
- * Fri Mar 26 2004 Daisuke SUZUKI <daisuke@linux.or.jp> 3.8p1-0vl2
- - rebuild with openssl-0.9.7d
- * Fri Feb 27 2004 Daisuke SUZUKI <daisuke@linux.or.jp> 3.8p1-0vl1
- - new upstream release
- * Thu Oct 2 2003 IWAI, Masaharu <iwai@alib.jp> 3.7.1p2-0vl2
- - create contrib package
- * Wed Sep 24 2003 Daisuke SUZUKI <daisuke@linux.or.jp> 3.7.1p2-0vl1
- - new upstream release
- - fix security issue: http://www.openssh.com/txt/sshpam.adv
- * Wed Sep 17 2003 Daisuke SUZUKI <daisuke@linux.or.jp> 3.7.1p1-0vl1
- - new upstream release
- - fix security issue: http://www.openssh.com/txt/buffer.adv
- * Wed Sep 17 2003 Daisuke SUZUKI <daisuke@linux.or.jp> 3.7p1-0vl1
- - new upstream release
- * Thu May 1 2003 Daisuke SUZUKI <daisuke@linux.or.jp> 3.6.1p2-0vl1.1
- - rebuild with gtk2
- * Thu May 1 2003 Daisuke SUZUKI <daisuke@linux.or.jp> 3.6.1p2-0vl1
- - new upstream release
- * Sun Apr 13 2003 KOBAYASHI R. Taizo <tkoba@vinelinux.org> 3.5p1-0vl2
- - rebuild with new tool chain
- * Tue Oct 29 2002 Daisuke SUZUKI <daisuke@linux.or.jp> 3.5p1-0vl1
- - new upstream release
- - merge with upstream spec (drop anonymous mmap patch, suid of ssh)
- * Tue Aug 20 2002 Daisuke SUZUKI <daisuke@linux.or.jp> 3.4p1-0vl3
- - change some defines in spec files
- * Thu Jun 27 2002 Daisuke SUZUKI <daisuke@linux.or.jp> 3.4p1-0vl2
- - add patch110 ( 3.4p1 does not include mmap-fallback patch )
- * Thu Jun 27 2002 Daisuke SUZUKI <daisuke@linux.or.jp> 3.4p1-0vl1
- - new upstream release
- - security fix
- - drop patch10
- * Wed Jun 26 2002 Daisuke SUZUKI <daisuke@linux.or.jp> 3.3p1-0vl2
- - add patch from Solar Designer to make privsep work with a 2.2 kernel.
- * Sun Jun 23 2002 Daisuke SUZUKI <daisuke@linux.or.jp> 3.3p1-0vl1
- - new upstream release
- - add {sshd,ssh}_config.5 manpages
- - add ssh-keysign
- * Sun May 26 2002 Daisuke SUZUKI <daisuke@linux.or.jp> 3.2.3p1-0vl1
- - new upstream release
- * Sat May 18 2002 Daisuke SUZUKI <daisuke@linux.or.jp> 3.2.2p1-0vl1
- - new upstream release
- - drop patch1
- * Fri Mar 08 2002 Daisuke SUZUKI <daisuke@linux.or.jp> 3.1p1-2vl1
- - new upstream release
- - merged with rawhide release.
- - drop Patch101 (merged in upstream)
- * Fri Mar 08 2002 Toru Sagami <sagami@vinelinux.org> 3.0.2p1-2vl2
- - seurity patch for off-by-one bug
- * Wed Jan 30 2002 KOBAYASHI R. Taizo <tkoba@vinelinux.org> 3.0.2p-2vl1
- - merged with Rawhide 3.0.2p1-2
- * Sun Dec 02 2001 Toru Sagami <sagami@vinelinux.org>
- - updated to 3.0.2p1
- * Mon Nov 19 2001 Toru Sagami <sagami@vinelinux.org>
- - updated to 3.0.1p1
- * Thu Nov 08 2001 Toru Sagami <sagami@vinelinux.org> 3.0p1-0vl0
- - updated to 3.0p1
- * Sun Sep 30 2001 Daisuke SUZUKI <daisuke@linux.or.jp> 2.9.9p2-0vl2
- - add japanese summery and descriptions.
- - update x11-askpass 1.2.5
- * Sun Sep 30 2001 Daisuke SUZUKI <daisuke@linux.or.jp> 2.9.9p2-0vl1
- - update to openssh-2.9.9p2
- * Mon Jul 16 2001 MATSUBAYASHI 'Shaolin' Kohji <shaolin@vinelinux.org> 2.5.2p2-0vl3
- - rebuilt with openssl-0.9.6b
- * Tue Mar 27 2001 Jun Nishii <jun@vinelinux.org> 2.5.2p2-0vl2
- - do not Permit RootLogin
- * Tue Mar 27 2001 Daisuke SUZUKI <daisuke@linux.or.jp> 2.5.2p2-0vl1
- - update to openssh-2.5.2p2
- * Wed Mar 21 2001 Daisuke SUZUKI <daisuke@linux.or.jp> 2.5.2p1-0vl1
- - update to openssh-2.5.2p1
- * Thu Mar 15 2001 Daisuke SUZUKI <daisuke@linux.or.jp> 2.5.1p2-0vl1
- - update to openssh-2.5.1p2
- * Thu Mar 15 2001 Daisuke SUZUKI <daisuke@linux.or.jp> 2.5.1p2-0vl1
- - update to openssh-2.5.1p1
- * Wed Feb 21 2001 Daisuke SUZUKI <daisuke@linux.or.jp> 2.5.1p1-0vl1
- - update to openssh-2.5.1p1
- * Thu Dec 28 2000 Daisuke SUZUKI <daisuke@linux.or.jp> 2.3.0p1-0vl4
- - remove suid bit from ssh
- * Tue Dec 19 2000 Satoshi MACHINO <machino@vinelinux.org> 2.3.0p1-0vl3
- - moved man dir to /usr/share/man
- * Wed Dec 06 2000 Satoshi MACHINO <machino@vinelinux.org> 2.3.0p1-0vl2
- - fixed askpass's link in ssh-add
- - partially used rpmmacros
- * Fri Nov 10 2000 Daisuke SUZUKI <daisuke@linux.or.jp> 2.3.0p1-0vl1
- - update to 2.3.0p1
- - update x11-askpass 1.0.3
- * Wed Oct 18 2000 Damien Miller <djm@mindrot.org>
- - Merge some of Nalin Dahyabhai <nalin@redhat.com> changes from the
- Redhat 7.0 spec file
- * Sat Oct 14 2000 Daisuke SUZUKI <daisuke@linux.or.jp> 2.2.0p2-2vl1
- - rebuild for Vine Linux
- * Tue Sep 05 2000 Damien Miller <djm@mindrot.org>
- - Use RPM configure macro
- * Tue Aug 08 2000 Damien Miller <djm@mindrot.org>
- - Some surgery to sshd.init (generate keys at runtime)
- - Cleanup of groups and removal of keygen calls
- * Wed Jul 12 2000 Damien Miller <djm@mindrot.org>
- - Make building of X11-askpass and gnome-askpass optional
- * Mon Jun 12 2000 Damien Miller <djm@mindrot.org>
- - Glob manpages to catch compressed files
- * Wed Mar 15 2000 Damien Miller <djm@ibs.com.au>
- - Updated for new location
- - Updated for new gnome-ssh-askpass build
- * Sun Dec 26 1999 Damien Miller <djm@mindrot.org>
- - Added Jim Knoble's <jmknoble@pobox.com> askpass
- * Mon Nov 15 1999 Damien Miller <djm@mindrot.org>
- - Split subpackages further based on patch from jim knoble <jmknoble@pobox.com>
- * Sat Nov 13 1999 Damien Miller <djm@mindrot.org>
- - Added 'Obsoletes' directives
- * Tue Nov 09 1999 Damien Miller <djm@ibs.com.au>
- - Use make install
- - Subpackages
- * Mon Nov 08 1999 Damien Miller <djm@ibs.com.au>
- - Added links for slogin
- - Fixed perms on manpages
- * Sat Oct 30 1999 Damien Miller <djm@ibs.com.au>
- - Renamed init script
- * Fri Oct 29 1999 Damien Miller <djm@ibs.com.au>
- - Back to old binary names
- * Thu Oct 28 1999 Damien Miller <djm@ibs.com.au>
- - Use autoconf
- - New binary names
- * Wed Oct 27 1999 Damien Miller <djm@ibs.com.au>
- - Initial RPMification, based on Jan "Yenya" Kasprzak's <kas@fi.muni.cz> spec.
|