%define XAUTH %{_bindir}/xauth
# Do we want to disable building of gnome-askpass? (1=yes 0=no)
%global no_gnome_askpass 0
# Do we want to link against a static libcrypto? (1=yes 0=no)
%global static_libcrypto 0
# Use GTK3 instead of GTK2 in gnome-ssh-askpass
%global gtk3 1
# Build position-independent executables (requires toolchain support)?
%global pie 1
# Do we want kerberos5 support (1=yes 0=no)
%global kerberos5 1
# Do we want libedit support
%global libedit 1
# Reserve options to override askpass settings with:
# rpm -ba|--rebuild --define 'skip_xxx 1'
%{?skip_gnome_askpass:%global no_gnome_askpass 1}
# Add option to build without GTK2 for older platforms with only GTK+.
# Red Hat Linux <= 7.2 and Red Hat Advanced Server 2.1 are examples.
# rpm -ba|--rebuild --define 'no_gtk3 1'
%{?no_gtk3:%global gtk3 0}
# Options for static OpenSSL link:
# rpm -ba|--rebuild --define "static_openssl 1"
%{?static_openssl:%global static_libcrypto 1}
Summary: OpenSSH free Secure Shell (SSH) implementation
Name: openssh
Version: 9.3p1
Release: %mkrel 2
License: BSD
Group: Networking/Remote access
URL: https://www.openssh.com/
Source0: https://ftp.fr.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-%{version}.tar.gz
Source1: https://ftp.fr.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-%{version}.tar.gz.asc
Source2: sshd.pam
Source6: ssh-keycat.pam
Source7: sshd.sysconfig
Source9: sshd@.service
Source10: sshd.socket
Source11: sshd.service
Source12: sshd-keygen@.service
Source13: sshd-keygen
Source15: sshd-keygen.target
Source16: ssh-agent.service
Source17: ssh-agent.socket
Source100: openssh-xinetd
Source101: ssh-avahi-integration
# mageia-specific configuration patch, equivalent to redhat patch #707
Patch1: openssh-8.5p1-mageia.patch
#https://bugzilla.mindrot.org/show_bug.cgi?id=1402
# https://bugzilla.redhat.com/show_bug.cgi?id=1171248
# record pfs= field in CRYPTO_SESSION audit event
Patch200: openssh-7.6p1-audit.patch
# Audit race condition in forked child (#1310684)
Patch201: openssh-7.1p2-audit-race-condition.patch
# https://bugzilla.redhat.com/show_bug.cgi?id=2049947
Patch202: openssh-9.0p1-audit-log.patch
#https://bugzilla.mindrot.org/show_bug.cgi?id=1641 (WONTFIX)
Patch400: openssh-7.8p1-role-mls.patch
#https://bugzilla.redhat.com/show_bug.cgi?id=781634
Patch404: openssh-6.6p1-privsep-selinux.patch
#?
Patch502: openssh-6.6p1-keycat.patch
#https://bugzilla.mindrot.org/show_bug.cgi?id=1644
Patch601: openssh-6.6p1-allow-ip-opts.patch
#(drop?) https://bugzilla.mindrot.org/show_bug.cgi?id=1925
Patch606: openssh-5.9p1-ipv6man.patch
#?
Patch607: openssh-5.8p2-sigpipe.patch
#https://bugzilla.mindrot.org/show_bug.cgi?id=1789
Patch609: openssh-7.2p2-x11.patch
#?
Patch700: openssh-7.7p1-fips.patch
#?
Patch702: openssh-5.1p1-askpass-progress.patch
#https://bugzilla.redhat.com/show_bug.cgi?id=198332
Patch703: openssh-4.3p2-askpass-grab-info.patch
# GSSAPI Key Exchange (RFC 4462 + RFC 8732)
# from https://github.com/openssh-gsskex/openssh-gsskex/tree/fedora/master
Patch800: openssh-8.0p1-gssapi-keyex.patch
#http://www.mail-archive.com/kerberos@mit.edu/msg17591.html
Patch801: openssh-6.6p1-force_krb.patch
# add new option GSSAPIEnablek5users and disable using ~/.k5users by default (#1169843)
# CVE-2014-9278
Patch802: openssh-6.6p1-GSSAPIEnablek5users.patch
# Improve ccache handling in openssh (#991186, #1199363, #1566494)
# https://bugzilla.mindrot.org/show_bug.cgi?id=2775
Patch804: openssh-7.7p1-gssapi-new-unique.patch
# Respect k5login_directory option in krk5.conf (#1328243)
Patch805: openssh-7.2p2-k5login_directory.patch
#https://bugzilla.mindrot.org/show_bug.cgi?id=1780
Patch901: openssh-6.6p1-kuserok.patch
# Use tty allocation for a remote scp (#985650)
Patch906: openssh-6.4p1-fromto-remote.patch
# privsep_preauth: use SELinux context from selinux-policy (#1008580)
Patch916: openssh-6.6.1p1-selinux-contexts.patch
# log via monitor in chroots without /dev/log (#2681)
Patch918: openssh-6.6.1p1-log-in-chroot.patch
# scp file into non-existing directory (#1142223)
Patch919: openssh-6.6.1p1-scp-non-existing-directory.patch
# apply upstream patch and make sshd -T more consistent (#1187521)
Patch922: openssh-6.8p1-sshdT-output.patch
# Add sftp option to force mode of created files (#1191055)
Patch926: openssh-6.7p1-sftp-force-permission.patch
# Move MAX_DISPLAYS to a configuration option (#1341302)
Patch944: openssh-7.3p1-x11-max-displays.patch
# Help systemd to track the running service
Patch948: openssh-7.4p1-systemd.patch
# Pass inetd flags for SELinux down to openbsd compat level
Patch949: openssh-7.6p1-cleanup-selinux.patch
# Sandbox adjustments for s390 and audit
Patch950: openssh-7.5p1-sandbox.patch
# PKCS#11 URIs (upstream #2817, 2nd iteration)
# https://github.com/Jakuje/openssh-portable/commits/jjelen-pkcs11
# git show > ~/devel/fedora/openssh/openssh-8.0p1-pkcs11-uri.patch
Patch951: openssh-8.0p1-pkcs11-uri.patch
# Unbreak scp between two IPv6 hosts (#1620333)
Patch953: openssh-7.8p1-scp-ipv6.patch
# Mention crypto-policies in manual pages (#1668325)
Patch962: openssh-8.0p1-crypto-policies.patch
# Use OpenSSL high-level API to produce and verify signatures (#1707485)
Patch963: openssh-8.0p1-openssl-evp.patch
# Use OpenSSL KDF (#1631761)
Patch964: openssh-8.0p1-openssl-kdf.patch
# sk-dummy.so built with -fvisibility=hidden does not work
Patch965: openssh-8.2p1-visibility.patch
# Do not break X11 without IPv6
Patch966: openssh-8.2p1-x11-without-ipv6.patch
# ssh-keygen printing fingerprint issue with Windows keys (#1901518)
Patch974: openssh-8.0p1-keygen-strip-doseol.patch
# sshd provides PAM an incorrect error code (#1879503)
Patch975: openssh-8.0p1-preserve-pam-errors.patch
# Implement kill switch for SCP protocol
Patch977: openssh-8.7p1-scp-kill-switch.patch
# Workaround for lack of sftp_realpath in older versions of RHEL
# https://bugzilla.redhat.com/show_bug.cgi?id=2038854
# https://github.com/openssh/openssh-portable/pull/299
# downstream only
Patch981: openssh-8.7p1-recursive-scp.patch
# https://github.com/djmdjm/openssh-wip/pull/13
Patch982: openssh-8.7p1-minrsabits.patch
# downstream only
Patch983: openssh-8.7p1-evpgenkey.patch
# downstream only, IBMCA tentative fix
# From https://bugzilla.redhat.com/show_bug.cgi?id=1976202#c14
Patch984: openssh-8.7p1-ibmca.patch
# Add missing options from ssh_config into ssh manpage
# upstream bug:
# https://bugzilla.mindrot.org/show_bug.cgi?id=3455
Patch1002: openssh-8.7p1-ssh-manpage.patch
# Reenable MONITOR_REQ_GSSCHECKMIC after gssapi-with-mic failures
# upstream MR:
# https://github.com/openssh-gsskex/openssh-gsskex/pull/21
Patch1004: openssh-8.7p1-gssapi-auth.patch
# Don't propose disallowed algorithms during hostkey negotiation
# upstream MR:
# https://github.com/openssh/openssh-portable/pull/323
Patch1006: openssh-8.7p1-negotiate-supported-algs.patch
Patch1011: openssh-9.0p1-evp-fips-sign.patch
Patch1012: openssh-9.0p1-evp-fips-dh.patch
Patch1013: openssh-9.0p1-evp-fips-ecdh.patch
Patch1014: openssh-8.7p1-nohostsha1proof.patch
Patch1015: openssh-9.0p1-evp-pkcs11.patch
# clarify rhbz#2068423 on the man page of ssh_config
Patch1016: openssh-9.0p1-man-hostkeyalgos.patch
%if ! %{no_gnome_askpass}
%if %{gtk3}
BuildRequires: gtk3-devel
%else
BuildRequires: gtk2-devel
%endif
%endif
Provides: ssh
Obsoletes: openssh-askpass < 8.3
Requires(post): openssl >= 0.9.7
Requires(preun): openssl >= 0.9.7
BuildRequires: groff-for-man
BuildRequires: pkgconfig(openssl) >= 0.9.7
BuildRequires: pam-devel
BuildRequires: pkgconfig(libsystemd)
BuildRequires: pkgconfig(zlib)
BuildRequires: p11-kit-devel
BuildRequires: pkgconfig(libfido2)
%if %{kerberos5}
BuildRequires: pkgconfig(krb5)
%endif
%if %{libedit}
BuildRequires: pkgconfig(libedit)
BuildRequires: pkgconfig(ncurses)
%endif
BuildRequires: pkgconfig(audit)
BuildConflicts: libgssapi-devel
Obsoletes: openssh-ldap <= 8.4p1
%description
SSH (Secure SHell) is a program for logging into and executing
commands on a remote machine. SSH is intended to replace rlogin and
rsh, and to provide secure encrypted communications between two
untrusted hosts over an insecure network. X11 connections and
arbitrary TCP/IP ports can also be forwarded over the secure channel.
OpenSSH is OpenBSD's version of the last free version of SSH, bringing
it up to date in terms of security and features.
This package includes the core files necessary for both the OpenSSH
client and server. To make this package useful, you should also
install openssh-clients, openssh-server, or both.
%package clients
Summary: OpenSSH Secure Shell protocol clients
Group: Networking/Remote access
Requires: %{name} = %{version}-%{release}
Provides: ssh-clients, sftp, ssh
%description clients
OpenSSH is a free version of SSH (Secure SHell), a program for logging
into and executing commands on a remote machine. This package includes
the clients necessary to make encrypted connections to SSH servers.
%package server
Summary: OpenSSH Secure Shell protocol server (sshd)
Group: System/Servers
Requires(pre): %{name} = %{version}-%{release} chkconfig >= 0.9
Requires(pre): pam >= 0.74
Requires(post): rpm-helper >= 0.24.8-1
Requires(preun): rpm-helper >= 0.24.8-1
Requires(post): openssl >= 0.9.7
Requires: %{name}-clients = %{version}-%{release}
BuildRequires: audit
Provides: ssh-server, sshd
%description server
OpenSSH is a free version of SSH (Secure SHell), a program for logging
into and executing commands on a remote machine. This package contains
the secure shell daemon (sshd). The sshd daemon allows SSH clients to
securely connect to your SSH server.
%package keycat
Summary: A mls keycat backend for openssh
Requires: openssh = %{version}-%{release}
%description keycat
OpenSSH mls keycat is backend for using the authorized keys in the
openssh in the mls mode.
%package askpass-common
Summary: OpenSSH X11 passphrase common scripts
Group: Networking/Remote access
%description askpass-common
OpenSSH X11 passphrase common scripts
%if ! %{no_gnome_askpass}
%package askpass-gnome
Summary: OpenSSH GNOME passphrase dialog
Group: Networking/Remote access
Requires: %{name} = %{version}-%{release}
Requires: %{name}-askpass-common
Requires(pre): update-alternatives
Provides: %{name}-askpass, ssh-askpass, ssh-extras
%description askpass-gnome
Ssh (Secure Shell) is a program for logging into a remote machine and for
executing commands in a remote machine. It is intended to replace
rlogin and rsh, and provide secure encrypted communications between
two untrusted hosts over an insecure network. X11 connections and
arbitrary TCP/IP ports can also be forwarded over the secure channel.
OpenSSH is OpenBSD's rework of the last free version of SSH, bringing it
up to date in terms of security and features, as well as removing all
patented algorithms to separate libraries (OpenSSL).
This package contains the GNOME passphrase dialog.
%endif
%prep
%setup -q
%patch1 -p1 -b .mageia
%patch400 -p1 -b .role-mls
%patch404 -p1 -b .privsep-selinux
%patch502 -p1 -b .keycat
%patch601 -p1 -b .ip-opts
%patch606 -p1 -b .ipv6man
%patch607 -p1 -b .sigpipe
%patch609 -p1 -b .x11
%patch702 -p1 -b .progress
%patch703 -p1 -b .grab-info
#
%patch800 -p1 -b .gsskex
%patch801 -p1 -b .force_krb
%patch804 -p1 -b .ccache_name
%patch805 -p1 -b .k5login
#
%patch901 -p1 -b .kuserok
%patch906 -p1 -b .fromto-remote
%patch916 -p1 -b .contexts
%patch918 -p1 -b .log-in-chroot
%patch919 -p1 -b .scp
%patch802 -p1 -b .GSSAPIEnablek5users
%patch922 -p1 -b .sshdt
%patch926 -p1 -b .sftp-force-mode
%patch944 -p1 -b .x11max
%patch948 -p1 -b .systemd
%patch949 -p1 -b .refactor
%patch950 -p1 -b .sandbox
%patch951 -p1 -b .pkcs11-uri
%patch953 -p1 -b .scp-ipv6
%patch962 -p1 -b .crypto-policies
%patch963 -p1 -b .openssl-evp
%patch964 -p1 -b .openssl-kdf
%patch965 -p1 -b .visibility
%patch966 -p1 -b .x11-ipv6
%patch974 -p1 -b .keygen-strip-doseol
%patch975 -p1 -b .preserve-pam-errors
%patch977 -p1 -b .kill-scp
%patch981 -p1 -b .scp-sftpdirs
%patch982 -p1 -b .minrsabits
%patch983 -p1 -b .evpgenrsa
%patch984 -p1 -b .ibmca
%patch200 -p1 -b .audit
%patch201 -p1 -b .audit-race
%patch202 -p1 -b .audit-log
%patch700 -p1 -b .fips
%patch1002 -p1 -b .ssh-manpage
%patch1004 -p1 -b .gssapi-auth
%patch1006 -p1 -b .negotiate-supported-algs
%patch1011 -p1 -b .evp-fips-sign
%patch1012 -p1 -b .evp-fips-dh
%patch1013 -p1 -b .evp-fips-ecdh
%patch1014 -p1 -b .nosha1hostproof
%patch1015 -p1 -b .evp-pkcs11
%patch1016 -p1 -b .man-hostkeyalgos
autoreconf
install %{SOURCE12} .
%build
%serverbuild
%if %{pie}
CFLAGS="$CFLAGS -fpic"
SAVE_LDFLAGS="$LDFLAGS"
LDFLAGS="$LDFLAGS -pie -z relro -z now"
export CFLAGS
export LDFLAGS
%endif
%if %{kerberos5}
if test -r /etc/profile.d/krb5-devel.sh ; then
source /etc/profile.d/krb5-devel.sh
fi
krb5_prefix=`krb5-config --prefix`
if test "$krb5_prefix" != "%{_prefix}" ; then
CPPFLAGS="$CPPFLAGS -I${krb5_prefix}/include -I${krb5_prefix}/include/gssapi"; export CPPFLAGS
CFLAGS="$CFLAGS -I${krb5_prefix}/include -I${krb5_prefix}/include/gssapi"
LDFLAGS="$LDFLAGS -L${krb5_prefix}/%{_lib}"; export LDFLAGS
else
krb5_prefix=
CPPFLAGS="-I%{_includedir}/gssapi"; export CPPFLAGS
CFLAGS="$CFLAGS -I%{_includedir}/gssapi"
fi
%endif
%configure \
--sysconfdir=%{_sysconfdir}/ssh \
--libexecdir=%{_libexecdir}/openssh \
--datadir=%{_datadir}/openssh \
--with-default-path=/usr/local/bin:/usr/bin:/usr/local/sbin:/usr/sbin \
--with-superuser-path=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin \
--with-privsep-path=%{_datadir}/empty.sshd \
--disable-strip \
--without-zlib-version-check \
--with-ssl-engine \
--with-ipaddr-display \
--with-pie=no \
--without-hardening `# The hardening flags are configured by system` \
--with-systemd \
--with-default-pkcs11-provider=yes \
--with-security-key-builtin=yes \
--with-pam \
--with-xauth=%{XAUTH} \
--enable-vendor-patchlevel="Mageia-%{openssh_ver}-%{openssh_rel}" \
%if %{kerberos5}
--with-kerberos5${krb5_prefix:+=${krb5_prefix}} \
%else
--without-kerberos5 \
%endif
%if %{libedit}
--with-libedit
%else
--without-libedit
%endif
%if %{static_libcrypto}
perl -pi -e "s|-lcrypto|%{_libdir}/libcrypto.a|g" Makefile
%endif
%make_build
# Define a variable to toggle gtk2/gtk3 building. This is necessary
# because RPM doesn't handle nested %%if statements.
%if %{gtk3}
gtk3=yes
%else
gtk3=no
%endif
%if ! %{no_gnome_askpass}
pushd contrib
if [ $gtk3 = yes ] ; then
CFLAGS="$CFLAGS %{?__global_ldflags}" \
make gnome-ssh-askpass3
mv gnome-ssh-askpass3 gnome-ssh-askpass
else
CFLAGS="$CFLAGS %{?__global_ldflags}" \
make gnome-ssh-askpass2
mv gnome-ssh-askpass2 gnome-ssh-askpass
fi
popd
%endif
%install
install -d %{buildroot}%{_sysconfdir}/ssh
install -d %{buildroot}%{_sysconfdir}/ssh/ssh_config.d
install -d %{buildroot}%{_sysconfdir}/ssh/sshd_config.d
install -d %{buildroot}%{_libexecdir}/openssh
%make_install
install -d %{buildroot}%{_sysconfdir}/pam.d/
install -d %{buildroot}%{_sysconfdir}/sysconfig
install -d %{buildroot}%{_libexecdir}/openssh
install -m 644 %{SOURCE2} %{buildroot}/etc/pam.d/sshd
install -m 644 %{SOURCE6} %{buildroot}/etc/pam.d/ssh-keycat
install -m 644 %{SOURCE7} %{buildroot}/etc/sysconfig/sshd
install -m 644 ssh_config_mageia %{buildroot}%{_sysconfdir}/ssh/ssh_config.d/50-mageia.conf
install -m 644 sshd_config_mageia %{buildroot}%{_sysconfdir}/ssh/sshd_config.d/50-mageia.conf
install -d -m 755 %{buildroot}%{_unitdir}
install -m 644 %{SOURCE9} %{buildroot}%{_unitdir}/sshd@.service
install -m 644 %{SOURCE10} %{buildroot}%{_unitdir}/sshd.socket
install -m 644 %{SOURCE11} %{buildroot}%{_unitdir}/sshd.service
install -m 644 %{SOURCE12} %{buildroot}%{_unitdir}/sshd-keygen@.service
install -m 755 %{SOURCE15} %{buildroot}%{_unitdir}/sshd-keygen.target
install -d -m 755 %{buildroot}%{_userunitdir}
install -m 644 %{SOURCE16} %{buildroot}%{_userunitdir}/ssh-agent.service
install -m 644 %{SOURCE17} %{buildroot}%{_userunitdir}/ssh-agent.socket
install -m 755 %{SOURCE13} %{buildroot}%{_libexecdir}/openssh/sshd-keygen
install -m755 contrib/ssh-copy-id %{buildroot}%{_bindir}/
install contrib/ssh-copy-id.1 %{buildroot}%{_mandir}/man1/
install -d -m 711 %{buildroot}/%{_datadir}/empty.sshd
%if ! %{no_gnome_askpass}
install -m 755 contrib/gnome-ssh-askpass %{buildroot}%{_libexecdir}/openssh/gnome-ssh-askpass
%endif
install -d %{buildroot}%{_sysconfdir}/profile.d/
cat > %{buildroot}%{_sysconfdir}/profile.d/90ssh-askpass.csh <<EOF
setenv SSH_ASKPASS %{_libexecdir}/openssh/ssh-askpass
EOF
cat > %{buildroot}%{_sysconfdir}/profile.d/90ssh-askpass.sh <<EOF
export SSH_ASKPASS=%{_libexecdir}/openssh/ssh-askpass
EOF
# remove unwanted files
rm -f %{buildroot}%{_libexecdir}/openssh/ssh-askpass
perl -pi -e "s|%{buildroot}||g" %{buildroot}%{_mandir}/man*/*
# xinetd support (tv)
install -d -m 755 %{buildroot}%{_sysconfdir}/xinetd.d/
install -m 644 %{SOURCE100} %{buildroot}%{_sysconfdir}/xinetd.d/sshd-xinetd
# avahi integration support (misc)
mkdir -p %{buildroot}%{_sysconfdir}/avahi/services/
install -m 0644 %{SOURCE101} %{buildroot}%{_sysconfdir}/avahi/services/%{name}.service
echo "" > %{buildroot}%{_sysconfdir}/ssh/denyusers
# make sure strip can touch it
chmod 755 %{buildroot}%{_libexecdir}/openssh/ssh-keysign
%pre server
%_pre_useradd sshd /usr/share/empty.sshd /sbin/nologin
%post server
%_post_service sshd
%preun server
%_preun_service sshd
%postun server
%_postun_userdel sshd
%if ! %{no_gnome_askpass}
%post askpass-gnome
update-alternatives --install %{_libexecdir}/openssh/ssh-askpass ssh-askpass %{_libexecdir}/openssh/gnome-ssh-askpass 20
update-alternatives --install %{_bindir}/ssh-askpass bssh-askpass %{_libexecdir}/openssh/gnome-ssh-askpass 20
%postun askpass-gnome
[ $1 = 0 ] || exit 0
update-alternatives --remove ssh-askpass %{_libexecdir}/openssh/gnome-ssh-askpass
update-alternatives --remove bssh-askpass %{_libexecdir}/openssh/gnome-ssh-askpass
%endif
%files
%doc LICENCE
%doc CREDITS ChangeLog OVERVIEW PROTOCOL* README README.platform README.privsep README.tun README.dns TODO
%dir %{_sysconfdir}/ssh
%config(noreplace) %{_sysconfdir}/ssh/moduli
%{_bindir}/ssh-keygen
%{_mandir}/man1/ssh-keygen.1*
%dir %{_libexecdir}/openssh
%attr(4555,root,root) %{_libexecdir}/openssh/ssh-keysign
%{_mandir}/man8/ssh-keysign.8*
%files clients
%{_bindir}/ssh
%{_mandir}/man1/ssh.1*
%{_bindir}/scp
%{_mandir}/man1/scp.1*
%config(noreplace) %{_sysconfdir}/ssh/ssh_config
%dir %{_sysconfdir}/ssh/ssh_config.d/
%config(noreplace) %{_sysconfdir}/ssh/ssh_config.d/50-mageia.conf
%{_mandir}/man5/ssh_config.5*
%{_bindir}/ssh-agent
%{_bindir}/ssh-add
%{_bindir}/ssh-keyscan
%{_bindir}/sftp
%{_bindir}/ssh-copy-id
%{_libexecdir}/openssh/ssh-pkcs11-helper
%{_libexecdir}/openssh/ssh-sk-helper
%{_mandir}/man1/ssh-agent.1*
%{_mandir}/man1/ssh-add.1*
%{_mandir}/man1/ssh-keyscan.1*
%{_mandir}/man1/sftp.1*
%{_mandir}/man1/ssh-copy-id.1*
%{_mandir}/man8/ssh-pkcs11-helper.8*
%{_mandir}/man8/ssh-sk-helper.8*
%{_userunitdir}/ssh-agent.service
%{_userunitdir}/ssh-agent.socket
%files server
%dir %attr(0711,root,root) %{_datadir}/empty.sshd
%{_sbindir}/sshd
%{_libexecdir}/openssh/sftp-server
%{_libexecdir}/openssh/sshd-keygen
%{_mandir}/man5/sshd_config.5*
%{_mandir}/man5/moduli.5*
%{_mandir}/man8/sshd.8*
%{_mandir}/man8/sftp-server.8*
%attr(0600,root,root) %config(noreplace) %{_sysconfdir}/ssh/sshd_config
%dir %{_sysconfdir}/ssh/sshd_config.d/
%attr(0600,root,root) %config(noreplace) %{_sysconfdir}/ssh/sshd_config.d/50-mageia.conf
%attr(0600,root,root) %config(noreplace) %{_sysconfdir}/ssh/denyusers
%config(noreplace) %{_sysconfdir}/pam.d/sshd
%config(noreplace) %{_sysconfdir}/sysconfig/sshd
%config(noreplace) %{_sysconfdir}/ssh/moduli
%{_unitdir}/sshd.service
%{_unitdir}/sshd@.service
%{_unitdir}/sshd.socket
%{_unitdir}/sshd-keygen@.service
%{_unitdir}/sshd-keygen.target
%config(noreplace) %_sysconfdir/xinetd.d/sshd-xinetd
%config(noreplace) %{_sysconfdir}/avahi/services/%{name}.service
%files keycat
%doc HOWTO.ssh-keycat
%attr(0755,root,root) %{_libexecdir}/openssh/ssh-keycat
%attr(0644,root,root) %config(noreplace) /etc/pam.d/ssh-keycat
%files askpass-common
%{_sysconfdir}/profile.d/90ssh-askpass.*
%if ! %{no_gnome_askpass}
%files askpass-gnome
%{_libexecdir}/openssh/gnome-ssh-askpass
%endif
%changelog
* Tue Jun 13 2023 guillomovitch <guillomovitch> 9.3p1-2.mga9
+ Revision: 1961893
- revert changes to sshd pam file
* Mon Jun 12 2023 guillomovitch <guillomovitch> 9.3p1-1.mga9
+ Revision: 1961877
- new version 9.3
- sync patches with Fedora
* Fri Mar 10 2023 ns80 <ns80> 9.1p1-2.mga9
+ Revision: 1948542
- add an upstream patch for CVE-2023-25136 (mga#31503)
* Tue Nov 22 2022 bcornec <bcornec> 9.1p1-1.mga9
+ Revision: 1909947
- Update to upstream openssh 9.1
* Thu Aug 18 2022 guillomovitch <guillomovitch> 9.0p1-1.mga9
+ Revision: 1878532
- new version 9.0p1
* Tue Mar 29 2022 umeabot <umeabot> 8.8p1-2.mga9
+ Revision: 1832145
- Mageia 9 Mass Rebuild
* Mon Dec 06 2021 guillomovitch <guillomovitch> 8.8p1-1.mga9
+ Revision: 1760854
- new version 8.8p1
* Sat Oct 09 2021 guillomovitch <guillomovitch> 8.7p1-1.mga9
+ Revision: 1750339
- new version 8.7p1
- add upstream patch for CVE-2021-41617
* Fri Oct 01 2021 tmb <tmb> 8.6p1-3.mga9
+ Revision: 1747307
- rebuild for openssl 3.0.0
* Thu Sep 30 2021 guillomovitch <guillomovitch> 8.6p1-2.mga9
+ Revision: 1746903
- rebuild for openssl 3.0.0
* Sun May 23 2021 guillomovitch <guillomovitch> 8.6p1-1.mga9
+ Revision: 1726173
- new version 8.6p1
* Sun Mar 28 2021 guillomovitch <guillomovitch> 8.5p1-1.mga9
+ Revision: 1711520
- new version 8.5.p1
* Sat Mar 13 2021 tv <tv> 8.4p1-3.mga9
+ Revision: 1701922
- Disable sending locale-related environment variables, which cause tons of warnings
That was wrongly enabled as part of r1631389:
"- ship mageia-specific settings in distinct configuration files"
* Thu Nov 19 2020 guillomovitch <guillomovitch> 8.4p1-2.mga8
+ Revision: 1647777
- sync patch set with Fedora (fix #27599)
* Thu Oct 01 2020 guillomovitch <guillomovitch> 8.4p1-1.mga8
+ Revision: 1631474
- drop old workaround for hanging clients on exit, as fixed upstream 12 years ago (upstream bugzilla #52)
- drop unused sources
- use shipped ssh-copy-id script instead of an external one
- drop old post-installation configuration update trigger
- new version 8.4p1
- drop deprecated ldap subpackage (redhat bugzilla #1871025)
- ship mageia-specific settings in distinct configuration files
* Fri May 29 2020 shlomif <shlomif> 8.3p1-1.mga8
+ Revision: 1588825
- New version 8.3p1
* Tue Apr 14 2020 ovitters <ovitters> 8.2p1-2.mga8
+ Revision: 1567309
- drop makedev dependency
* Thu Feb 27 2020 guillomovitch <guillomovitch> 8.2p1-1.mga8
+ Revision: 1551059
- disable optional support for building x11-askpass
- new version 8.2p1
- sync patches with Fedora
* Thu Feb 20 2020 umeabot <umeabot> 8.1p1-4.mga8
+ Revision: 1546420
- Mageia 8 Mass Rebuild
* Sun Feb 02 2020 tmb <tmb> 8.1p1-3.mga8
+ Revision: 1486464
- add upstream fixes for glibc 2.31 support (via Debian)
+ wally <wally>
- replace deprecated %%configure2_5x
* Sat Oct 19 2019 guillomovitch <guillomovitch> 8.1p1-2.mga8
+ Revision: 1454604
- drop useless dependencies on tcp_wrappers
- add obsolete tag on openssh-askpass package
* Sun Oct 13 2019 guillomovitch <guillomovitch> 8.1p1-1.mga8
+ Revision: 1452629
- new version 8.1p1
- disable old X11 askpass handler
* Mon Apr 29 2019 guillomovitch <guillomovitch> 8.0p1-1.mga7
+ Revision: 1395920
- new version 8.0p1
* Tue Mar 12 2019 wally <wally> 7.9p1-3.mga7
+ Revision: 1374875
- own /usr/libexec/openssh/ with openssh instead of openssh-server
* Sun Feb 03 2019 luigiwalser <luigiwalser> 7.9p1-2.mga7
+ Revision: 1362761
- resync patches with fedora as of 2019-01-14 including fix for CVE-2018-20685
* Fri Oct 26 2018 guillomovitch <guillomovitch> 7.9p1-1.mga7
+ Revision: 1325830
- new version 7.9p1
sync patches with Fedora
* Sat Aug 25 2018 guillomovitch <guillomovitch> 7.8p1-1.mga7
+ Revision: 1254324
- new version 7.8p1
- sync patch set with fedora
- enable vendor patch level in server banner
* Thu Aug 16 2018 guillomovitch <guillomovitch> 7.7p1-1.mga7
+ Revision: 1252048
- new version 7.7p1
- fix user enumeration issue (#2452)
* Wed Dec 20 2017 wally <wally> 7.6p1-2.mga7
+ Revision: 1183593
- sync openssh-7.0p1-show-more-fingerprints.patch with fedora
* Tue Dec 19 2017 guillomovitch <guillomovitch> 7.6p1-1.mga7
+ Revision: 1183501
- new version 7.6p1
- sync patch set with fedora
* Wed Aug 02 2017 guillomovitch <guillomovitch> 7.5p1-3.mga7
+ Revision: 1133963
- rebuild for latest openssl
- support for system-wide crypto policies
* Sun Apr 02 2017 wally <wally> 7.5p1-2.mga6
+ Revision: 1095660
- revert some changes in sshd.service and thus fix server key generation (mga#20618)
* Mon Mar 27 2017 luigiwalser <luigiwalser> 7.5p1-1.mga6
+ Revision: 1094919
- 7.5p1
- sync more patch changes from fedora
* Mon Mar 27 2017 luigiwalser <luigiwalser> 7.4p1-2.mga6
+ Revision: 1094915
- sync some patch changes for 7.4p1 from fedora
* Wed Jan 04 2017 guillomovitch <guillomovitch> 7.4p1-1.mga6
+ Revision: 1080116
- new version 7.4
* Sat Oct 22 2016 guillomovitch <guillomovitch> 7.3p1-3.mga6
+ Revision: 1063112
- use upstream patch to fix CVE-2016-8858
* Tue Oct 04 2016 luigiwalser <luigiwalser> 7.3p1-2.mga6
+ Revision: 1058559
- add patch from fedora to fix NULL dereference
* Sun Aug 07 2016 guillomovitch <guillomovitch> 7.3p1-1.mga6
+ Revision: 1044939
- sync patches with fedora
- new version 7.3p1
* Tue Jul 26 2016 guillomovitch <guillomovitch> 7.2p2-3.mga6
+ Revision: 1043667
- sync patches with Fedora, fixing CVE-2016-6210
* Mon Apr 25 2016 guillomovitch <guillomovitch> 7.2p2-2.mga6
+ Revision: 1006203
- fix CVE-2015-8325 (fix #18222)
* Thu Mar 10 2016 guillomovitch <guillomovitch> 7.2p2-1.mga6
+ Revision: 988872
- new version 7.2p2
first fedora patches syncing pass
* Thu Feb 11 2016 luigiwalser <luigiwalser> 7.1p2-2.mga6
+ Revision: 955836
- add patch from fedora to fix CVE-2016-1908
- start sshd.service after network-online.target (so it works with ListenAddress)
* Thu Jan 14 2016 luigiwalser <luigiwalser> 7.1p2-1.mga6
+ Revision: 923001
- 7.1p2 (fixes CVE-2016-0777)
* Sun Oct 11 2015 guillomovitch <guillomovitch> 7.1p1-1.mga6
+ Revision: 889745
- new version 7.1p1
* Thu Aug 20 2015 guillomovitch <guillomovitch> 7.0p1-1.mga6
+ Revision: 867024
- new version 7.0
* Thu Aug 20 2015 luigiwalser <luigiwalser> 6.9p1-7.mga6
+ Revision: 866033
- disable scp progressmeter patch for now, as it breaks the build
- add patch from fedora with security fixes from upstream OpenSSH 7.0 release
- add patch from fedora to handle control chars in scp progressmeter (rhbz#1247204)
* Thu Jul 23 2015 luigiwalser <luigiwalser> 6.9p1-5.mga6
+ Revision: 856409
- add upstream patch to fix CVE-2015-5600
* Wed Jul 15 2015 neoclust <neoclust> 6.9p1-4.mga6
+ Revision: 854523
- Fix libexecdir path
* Wed Jul 15 2015 neoclust <neoclust> 6.9p1-3.mga6
+ Revision: 854436
- Install as wanted by openssh
* Thu Jul 09 2015 guillomovitch <guillomovitch> 6.9p1-2.mga6
+ Revision: 853152
- drop host key generation logic from spec file, and switch to systemd-triggered generation, as in fedora
- drop ssh 1 host key usage in default configuration
- switch to more secure host keys in default configuration
* Thu Jul 09 2015 guillomovitch <guillomovitch> 6.9p1-1.mga6
+ Revision: 853132
- new version 6.9p1
* Sat Jul 04 2015 luigiwalser <luigiwalser> 6.8p1-2.mga6
+ Revision: 850632
- add upstream patch to fix CVE-2015-5352
* Sun Jun 28 2015 guillomovitch <guillomovitch> 6.8p1-1.mga6
+ Revision: 846658
- new version 6.8p1
- drop untested watchdog and hpn package conditional build option
- try to sync applied patches with fedora ones
* Wed Oct 15 2014 umeabot <umeabot> 6.6p1-5.mga5
+ Revision: 747165
- Second Mageia 5 Mass Rebuild
* Tue Sep 16 2014 umeabot <umeabot> 6.6p1-4.mga5
+ Revision: 683245
- Mageia 5 Mass Rebuild
* Mon Aug 11 2014 wally <wally> 6.6p1-3.mga5
+ Revision: 661694
- when creating sshd system user use /sbin/nologin as login shell instead of /bin/true (every other system user we have uses /sbin/nologin or /bin/false, but not /bin/true)
* Wed Apr 09 2014 luigiwalser <luigiwalser> 6.6p1-2.mga5
+ Revision: 613037
- add patch from debian to fix CVE-2014-2653
* Fri Mar 21 2014 guillomovitch <guillomovitch> 6.6p1-1.mga5
+ Revision: 606391
- new version 6.6p1
* Tue Feb 04 2014 guillomovitch <guillomovitch> 6.5p1-1.mga5
+ Revision: 582109
- new version 6.5p1
* Fri Nov 08 2013 oden <oden> 6.2p2-3.mga4
+ Revision: 549918
- P22: upstream security fix (http://www.openssh.com/txt/gcmrekey.adv)
* Sat Oct 19 2013 umeabot <umeabot> 6.2p2-2.mga4
+ Revision: 528319
- Mageia 4 Mass Rebuild
+ oden <oden>
- ldap support was enabled
- add the ecdsa key as well
- fix the sourcing, so it actually works
- fix #7665, requires more fedora integration than that
* Mon Jun 17 2013 guillomovitch <guillomovitch> 6.2p2-1.mga4
+ Revision: 444184
- update ldap patch
- drop max-startups patch, merged upstream
- sync systemd unit files with fedora
* Wed Feb 13 2013 luigiwalser <luigiwalser> 6.1p1-4.mga3
+ Revision: 398234
- add patch from fedora to fix CVE-2010-5107
* Sun Jan 13 2013 umeabot <umeabot> 6.1p1-3.mga3
+ Revision: 362153
- Mass Rebuild - https://wiki.mageia.org/en/Feature:Mageia3MassRebuild
* Tue Jan 01 2013 lmenut <lmenut> 6.1p1-2.mga3
+ Revision: 337413
- fix default paths after UsrMove
remove /bin and /sbin
* Wed Sep 05 2012 guillomovitch <guillomovitch> 6.1p1-1.mga3
+ Revision: 288573
- replace LPK patch with Redhat ldap patch
- build ldap support by default
- new version
- merge usepam patche with configuration patch, using a better explanation in
configuration file, but dropping specific message in logs
* Mon Aug 13 2012 luigiwalser <luigiwalser> 6.0p1-2.mga3
+ Revision: 281119
- do not disable root login redundantly through PAM in /etc/ssh/denyusers
* Thu Jun 07 2012 guillomovitch <guillomovitch> 6.0p1-1.mga3
+ Revision: 256806
- sync systemd support with fedora
- drop sysinit support
- new version
* Sat Apr 28 2012 tmb <tmb> 5.9p1-5.mga2
+ Revision: 233826
- Require rpm-helper >= 0.24.8-1 for systemd support
* Tue Apr 17 2012 guillomovitch <guillomovitch> 5.9p1-4.mga2
+ Revision: 231185
- don't install keygen service (redhat bug #810419)
* Sun Apr 01 2012 colin <colin> 5.9p1-3.mga2
+ Revision: 227677
- Add missing key generator
* Sun Apr 01 2012 colin <colin> 5.9p1-2.mga2
+ Revision: 227672
- Enable UsePAM by default (needed to prevent killing all SSH connections on service restart mga#5137)
- Fix systemd units to ensure sshd-keygen is run.
- Remove options from default sysconfig file that are not used.
* Sat Oct 08 2011 guillomovitch <guillomovitch> 5.9p1-1.mga2
+ Revision: 152967
- native systemd support
- spec cleanup
+ pterjan <pterjan>
- Update to 5.9
- Drop old Obsoletes
* Thu May 05 2011 saispo <saispo> 5.8p1-2.mga1
+ Revision: 95041
- Bump Release
- Fix bug #1151
* Wed Apr 20 2011 pterjan <pterjan> 5.8p1-1.mga1
+ Revision: 89124
- Update to 5.8p1
* Sat Jan 15 2011 blino <blino> 5.6p1-4.mga1
+ Revision: 18289
- fix vendor in makefile hack
* Sat Jan 15 2011 blino <blino> 5.6p1-3.mga1
+ Revision: 18288
- rename conf patch
- remove old README upgrade files
- remove old version checks and files
+ kharec <kharec>
- imported package openssh
* Tue Dec 07 2010 Oden Eriksson <oeriksson@mandriva.com> 5.6p1-2mdv2011.0
+ Revision: 613606
- provide a useful debug package
* Tue Aug 24 2010 Funda Wang <fwang@mandriva.org> 5.6p1-1mdv2011.0
+ Revision: 572678
- New version 5.6p1
- use our own build flags
* Mon Jun 07 2010 Eugeni Dodonov <eugeni@mandriva.com> 5.5p1-2mdv2010.1
+ Revision: 547228
- Do not display bogus FAILED messages when stopping service (#58283).
* Fri Apr 16 2010 Eugeni Dodonov <eugeni@mandriva.com> 5.5p1-1mdv2010.1
+ Revision: 535499
- Updated to 5.5p1.
* Mon Apr 05 2010 Funda Wang <fwang@mandriva.org> 5.4p1-3mdv2010.1
+ Revision: 531711
- rebuild for new openssl
* Mon Mar 08 2010 Oden Eriksson <oeriksson@mandriva.com> 5.4p1-2mdv2010.1
+ Revision: 515815
- whoops!, the ldap patch wasn't supposed to be applied per default
- 5.4p1
- dropped upstream added patches
- rediffed two patches
- adjust the spec file for 5.4p1
* Tue Mar 02 2010 Olivier Blin <oblin@mandriva.com> 5.3p1-6mdv2010.1
+ Revision: 513571
- kill sshd clients at shutdown (#57782)
* Fri Feb 26 2010 Oden Eriksson <oeriksson@mandriva.com> 5.3p1-5mdv2010.1
+ Revision: 511605
- rebuilt against openssl-0.9.8m
* Fri Jan 15 2010 Oden Eriksson <oeriksson@mandriva.com> 5.3p1-4mdv2010.1
+ Revision: 491719
- fix #55951 (the openssh-server package needs openssl and makedev in Requires(post))
+ Jérôme Quelin <jquelin@mandriva.org>
- reverting to bash, till all functions get fixed
- remove bashisms, switch to dash
+ Olivier Blin <oblin@mandriva.com>
- require makedev in post (random/entropy devices are needed by openssl)
* Wed Oct 07 2009 Oden Eriksson <oeriksson@mandriva.com> 5.3p1-2mdv2010.0
+ Revision: 455652
- rediffed most of the third party patches
* Thu Oct 01 2009 Oden Eriksson <oeriksson@mandriva.com> 5.3p1-1mdv2010.0
+ Revision: 452225
- 5.3p1
+ Olivier Blin <oblin@mandriva.com>
- fix build on mips (from Arnaud Patard)
* Thu Sep 03 2009 Christophe Fergeau <cfergeau@mandriva.com> 5.2p1-2mdv2010.0
+ Revision: 426348
- rebuild
* Mon Feb 23 2009 Oden Eriksson <oeriksson@mandriva.com> 5.2p1-1mdv2009.1
+ Revision: 344077
- 5.2p1
- rediffed P1
- dropped one upstream patch (P21)
* Tue Feb 03 2009 Guillaume Rousse <guillomovitch@mandriva.org> 5.1p1-6mdv2009.1
+ Revision: 337115
- keep bash completion in its own package
* Fri Jan 09 2009 Guillaume Rousse <guillomovitch@mandriva.org> 5.1p1-5mdv2009.1
+ Revision: 327518
- bash completion, splitted from main file in upstream project
* Tue Dec 16 2008 Oden Eriksson <oeriksson@mandriva.com> 5.1p1-4mdv2009.1
+ Revision: 314936
- rebuild
* Thu Oct 16 2008 Oden Eriksson <oeriksson@mandriva.com> 5.1p1-3mdv2009.1
+ Revision: 294182
- rebuild
* Mon Sep 29 2008 Oden Eriksson <oeriksson@mandriva.com> 5.1p1-2mdv2009.0
+ Revision: 289727
- rebuild
- fix #43747 (transfering locales with ssh creates problems)
* Tue Aug 05 2008 Oden Eriksson <oeriksson@mandriva.com> 5.1p1-1mdv2009.0
+ Revision: 263950
- hpn13v5
- sync with openssh-5.1p1-2.fc10.src.rpm
* Mon Jul 28 2008 Oden Eriksson <oeriksson@mandriva.com> 5.1p1-0.1mdv2009.0
+ Revision: 251404
- 5.1p1
- rediffed P1,P21
- disabled P22 for now
- 3rd party patches needs to be fixed
* Thu Jul 17 2008 Oden Eriksson <oeriksson@mandriva.com> 5.0p1-5mdv2009.0
+ Revision: 236780
- rebuilt x11-ssh-askpass with LDFLAGS="-Wl,--as-needed"
- rebuild
- added P21, P22 from openssh-5.0p1-1.fc9 - fix race on control
master and cleanup stale control socket (#436311) patches by
David Woodhouse
- added P20 from openssh-5.0p1-1.fc9 - set FD_CLOEXEC on client socket
- added P19 from openssh-5.0p1-1.fc9 - don't deadlock on exit with
multiple X forwarded channels (rh #152432)
- added 3 patches for gnome-ssh-askpass from openssh-5.0p1-1.fc9
- make it possible to build without libedit support (rpmbuild --rebuild --without libedit ...)
- added audit support from openssh-5.0p1-1.fc9 (disabled for now, though it works)
- sync with fc9 (SendEnv AcceptEnv)
* Wed Apr 23 2008 Götz Waschk <waschk@mandriva.org> 5.0p1-3mdv2009.0
+ Revision: 196921
- fix gssapi with DNS loadbalanced clusters
* Tue Apr 15 2008 Tomasz Pawel Gajc <tpg@mandriva.org> 5.0p1-2mdv2009.0
+ Revision: 194354
- update HPN SSH/SCP patches against latest openssh version
* Wed Apr 09 2008 Oden Eriksson <oeriksson@mandriva.com> 5.0p1-1mdv2009.0
+ Revision: 192500
- 5.0p1
- drop P2 (CVE-2008-1483 is fixed in 5.0p1)
- 4.9p1
- dropped the chroot patch since another approach is in 4.9p1
- dropped the ctimeout patch since it's in there
- rediffed all patches that are not applied per default, except for the HPN patches
* Thu Mar 27 2008 Gustavo De Nardin <gustavodn@mandriva.com> 4.7p1-9mdv2008.1
+ Revision: 190750
- security fix for CVE-2008-1483
+ Giuseppe Ghibò <ghibo@mandriva.com>
- Move 2007.1 backports ssp flags to a more effective place in the building.
* Mon Mar 17 2008 Tomasz Pawel Gajc <tpg@mandriva.org> 4.7p1-7mdv2008.1
+ Revision: 188362
- new version of HPN patch
* Wed Jan 23 2008 Thierry Vignaud <tv@mandriva.org> 4.7p1-6mdv2008.1
+ Revision: 157259
- rebuild with fixed %%serverbuild macro
* Mon Jan 14 2008 Olivier Blin <oblin@mandriva.com> 4.7p1-5mdv2008.1
+ Revision: 151175
- use ConnectTimeout option for banner exchange, to timeout on stuck servers (rediffed from CVS)
* Thu Jan 03 2008 Tomasz Pawel Gajc <tpg@mandriva.org> 4.7p1-4mdv2008.1
+ Revision: 142673
- disable hpn support by default
+ Olivier Blin <oblin@mandriva.com>
- restore BuildRoot
* Tue Jan 01 2008 Tomasz Pawel Gajc <tpg@mandriva.org> 4.7p1-3mdv2008.1
+ Revision: 140105
- add support for High Performance SSH/SCP - HPN-SSH
o add patch 11, the hpn core
o add patch 12, which displays peak throughput through the life of the connection
o add README.hpn, all info about hpn idea
+ Guillaume Rousse <guillomovitch@mandriva.org>
- no executable bit on profile scriptlets
order prefix on profile scriptlets
use herein-documents instead of additional source for profile scriptlets
+ Thierry Vignaud <tv@mandriva.org>
- kill re-definition of %%buildroot on Pixel's request
* Wed Sep 12 2007 Anssi Hannula <anssi@mandriva.org> 4.7p1-2mdv2008.0
+ Revision: 84669
- show upgrade notes only on relevant upgrades
* Wed Sep 05 2007 Oden Eriksson <oeriksson@mandriva.com> 4.7p1-1mdv2008.0
+ Revision: 80390
- 4.7p1
- rediffed P1,S8
- dropped upstream chan_read_failed patch (P2)
- fixed build deps (edit-devel)
+ Giuseppe Ghibò <ghibo@mandriva.com>
- Add conditional flags for 2007.1 and CD4.
+ Thierry Vignaud <tv@mandriva.org>
- kill file require on update-alternatives
* Fri Aug 03 2007 Andreas Hasenack <andreas@mandriva.com> 4.6p1-8mdv2008.0
+ Revision: 58559
- updated lpk patch (still not applied by default)
* Mon Jul 02 2007 Andreas Hasenack <andreas@mandriva.com> 4.6p1-7mdv2008.0
+ Revision: 47243
- updated sftplogging patch, which is now called sftpfilecontrol
- added README file for it with the license
* Wed Jun 27 2007 Andreas Hasenack <andreas@mandriva.com> 4.6p1-6mdv2008.0
+ Revision: 45218
- added patch from openssh's bugzilla to fix the chan_read_failed error
messages in logs (#31664)
* Thu Jun 21 2007 Andreas Hasenack <andreas@mandriva.com> 4.6p1-5mdv2008.0
+ Revision: 42382
- rebuild
* Wed Jun 20 2007 Andreas Hasenack <andreas@mandriva.com> 4.6p1-4mdv2008.0
+ Revision: 41658
- don't use %%{optflags} macro when using %%serverbuild
- don't use -fstack-protector explicitly, as it is now defined by
the %%serverbuild macro
- move lpk doc to main base package
- remove empty README.lpk.lpk file, caused by patch backup
- install lpk schema files as %%doc if using ldap patch
- updated lpk patch and its url
* Wed Apr 18 2007 Oden Eriksson <oeriksson@mandriva.com> 4.6p1-3mdv2008.0
+ Revision: 14713
- use conditionals for the -fstack-protector gcc clags
* Sat Apr 07 2007 David Walluck <walluck@mandriva.org> 4.6p1-2mdv2007.1
+ Revision: 151271
- enable libedit support for sftp
* Sun Mar 11 2007 Oden Eriksson <oeriksson@mandriva.com> 4.6p1-1mdv2007.1
+ Revision: 141301
- 4.6p1
- new openssh-4.4p1.sftplogging-v1.5.patch (S8)
- rediffed the openssh-lpk-4.3p1-0.3.7.patch patch (P6)
- fixed deps
+ Andreas Hasenack <andreas@mandriva.com>
- enabled gcc's stack-protector, let's try it
* Sat Jan 20 2007 Olivier Blin <oblin@mandriva.com> 4.5p1-3mdv2007.1
+ Revision: 111120
- use Should-Start/Should-Stop tags for remote_fs system facility in sshd service (#25757)
* Fri Nov 10 2006 Andreas Hasenack <andreas@mandriva.com> 4.5p1-2mdv2007.1
+ Revision: 80618
- rebuild with new openssl
- get rid of svn comment, not needed anymore
* Tue Nov 07 2006 Andreas Hasenack <andreas@mandriva.com> 4.5p1-1mdv2007.0
+ Revision: 77765
- updated to version 4.5p1
- updated to version 4.4p1, fixing CVE-2006-4924,
CVE-2006-4925 and CVE-2006-5051 (#26249)
+ Oden Eriksson <oeriksson@mandriva.com>
- don't use bugus config in the lpk patch, it prevents the sshd server from starting...
- it really links against the shared skey libs, so nuke one build dep
- kerberos was not found on my cs4 box, using "--with-kerberos5=%%{_prefix}" fixed it (!?)
- pass "-DLDAP_DEPRECATED" to the CPPFLAGS if building with ldap support
* Thu Aug 03 2006 Andreas Hasenack <andreas@mandriva.com> 4.3p2-12mdv2007.0
+ Revision: 42979
- bunzipped remaining source files
- updated sftploggin patch (still not applied by default)
- fixed pam configuration file for recent pam (#22008)
- removed requirement for xauth (#23086)
- removed workaround for #22736
- added versioned buildrequires for x11-util-cf-files in order
to fix #22736. Rebuild.
- added other missing buildrequires due to xorg xplit
- re-generate ssh-askpass html doc page again during build
* Mon Jul 31 2006 Helio Chissini de Castro <helio@mandriva.com> 4.3p2-11mdv2007.0
+ Revision: 42821
- Fixed file list
- Wrong.. askpass env should come *before* keyring
- Fixed source list
- Added ordering for askpass script. Same change will be added on keychain
script
+ Andreas Hasenack <andreas@mandriva.com>
- add svn warning
- import openssh-4.3p2-10mdv2007.0
* Fri Jul 28 2006 Helio Chissini de Castro <helio@mandriva.com> 4.3p2-10mdv2007.0
- Created script package askpass-common to enable just one file on profile.d and rely on
correct alternatives, with recent introduction of qt version of ssh-askpass ( separated
package ).
- Nuke the old invalid buildrequires dependency for db1
* Tue Jul 04 2006 Per Ãyvind Karlsen <pkarlsen@mandriva.com> 4.3p2-9mdv2007.0
- fix buildrequires
- fix macro-in-%%changelog
* Thu Jun 08 2006 Oden Eriksson <oeriksson@mandriva.com> 4.3p2-8mdv2007.0
- fix #22957 (P1 + spec file hack)
- make it backportable for older X
- fix deps
* Mon May 29 2006 Oden Eriksson <oeriksson@mandriva.com> 4.3p2-7mdv2007.0
- fix #22736 with a temporary hack
* Mon Mar 06 2006 Buchan Milne <bgmilne@mandriva.org> 4.3p2-5mdk
- update lpk patch to 0.3.7
* Sun Feb 19 2006 Michael Scherer <misc@mandriva.org> 4.3p2-4mdk
- fix avahi config file naming
* Mon Feb 13 2006 Oden Eriksson <oeriksson@mandriva.com> 4.3p2-3mdk
- make it backportable for older pam (S16)
* Sun Feb 12 2006 Oden Eriksson <oeriksson@mandriva.com> 4.3p2-2mdk
- use "include" directive instead of the deprecated pam_stack.so
module and provide our own pam configuration file (S16)
- removed patches that touches the initscript, provide our own
initscript and remove deprecated calls to "initlog" from there (S17)
- fix attribs on the doc files
* Sun Feb 12 2006 Oden Eriksson <oeriksson@mandriva.com> 4.3p2-1mdk
- 4.3p2 (Minor bugfixes)
* Fri Feb 10 2006 Michael Scherer <misc@mandriva.org> 4.3p1-3mdk
- add a avahi service file for ssh and sftp
* Fri Feb 10 2006 Oden Eriksson <oeriksson@mandriva.com> 4.3p1-2mdk
- fix deps
- added P12 to make it possible to use a different sshd binary by using
the /etc/sysconfig/sshd file. also add that file (David Walluck)
* Wed Feb 01 2006 Oden Eriksson <oeriksson@mandriva.com> 4.3p1-1mdk
- 4.3p1 (fixes CVE-2006-0225)
- spec file "massage"
- rediff P1
* Mon Jan 09 2006 Olivier Blin <oblin@mandriva.com> 4.2p1-13mdk
- fix typo in initscript
* Mon Jan 09 2006 Olivier Blin <oblin@mandriva.com> 4.2p1-12mdk
- convert parallel init to LSB
* Mon Jan 02 2006 Oden Eriksson <oeriksson@mandriva.com> 4.2p1-11mdk
- rebuilt due a missing package
* Sun Jan 01 2006 Couriousous <couriousous@mandriva.org> 4.2p1-10mdk
- Add parallel init stuff
* Wed Dec 28 2005 Christiaan Welvaart <cjw@daneel.dyndns.org> 4.2p1-9mdk
- re-add BuildRequires: xorg-x11 (was removed in previous update)
* Mon Dec 05 2005 Andreas Hasenack <andreas@mandriva.com> 4.2p1-8mdk
- fixed X11 buildrequires (used the x11askpass is built)
* Sun Dec 04 2005 Andreas Hasenack <andreas@mandriva.com> 4.2p1-7mdk
- fixed smart card build (but it's still disabled by default)
* Sun Nov 13 2005 Oden Eriksson <oeriksson@mandriva.com> 4.2p1-6mdk
- rebuilt against openssl-0.9.8a
* Thu Nov 10 2005 Olivier Blin <oblin@mandriva.com> 4.2p1-5mdk
- fix gnome-ssh-askpass.sh generation
* Sun Nov 06 2005 Oden Eriksson <oeriksson@mandriva.com> 4.2p1-4mdk
- update S8 (openssh-4.2p1.sftplogging-v1.4.patch)
- update S10 (openssh-4.0p1-watchdog.patch)
- update P10
* Sun Nov 06 2005 Guillaume Rousse <guillomovitch@mandriva.org> 4.2p1-3mdk
- use here-in document for generating profile scripts, so as to get correct installation location
* Thu Oct 13 2005 Oden Eriksson <oeriksson@mandriva.com> 4.2p1-2mdk
- rebuilt against openssl-0.9.7h
* Tue Sep 06 2005 Oden Eriksson <oeriksson@mandriva.com> 4.2p1-1mdk
- 4.2p1 (Minor security fixes)
* Fri Aug 19 2005 Oden Eriksson <oeriksson@mandriva.com> 4.1p1-9mdk
- make the --with[out] stuff work (Andrzej Kukula)
* Wed Aug 17 2005 Leonardo Chiquitto Filho <chiquitto@mandriva.com> 4.1p1-8mdk
- add a conflict on openssh-clients with versions prior to 6mdk because
of the scp change
- fix typo in description
* Wed Aug 17 2005 Oden Eriksson <oeriksson@mandriva.com> 4.1p1-7mdk
- fix #17491
* Sun Jul 31 2005 Oden Eriksson <oeriksson@mandriva.com> 4.1p1-6mdk
- fix the "executable-marked-as-config-file" errors
* Sun Jul 31 2005 Oden Eriksson <oeriksson@mandriva.com> 4.1p1-5mdk
- updated the ldap public key patch (P6) to v0.3.6
* Wed Jul 06 2005 Stew Benedict <sbenedict@mandriva.com> 4.1p1-4mdk
- openssh-server provides sshd (Zero_Dogg, cooker IRC)
openssh-client provides ssh
* Wed Jun 15 2005 Stew Benedict <sbenedict@mandriva.com> 4.1p1-3mdk
- --without-zlib-version-check (Oden, for backports)
* Sat Jun 11 2005 Buchan Milne <bgmilne@linux-mandrake.com> 4.1p1-2mdk
- Rebuild
* Wed Jun 01 2005 Stew Benedict <sbenedict@mandriva.com> 4.1p1-1mdk
- 4.1p1
- fix ssh-client.sh (#16180, Claudio)
- construct the x11-ssh-askpass.1.html file manually as it
sometimes seems to fail (Oden)
* Thu May 05 2005 Stew Benedict <sbenedict@mandriva.com> 4.0p1-2mdk
- rebuild, upload bot lost openssh-askpass somewhere
* Tue May 03 2005 Stew Benedict <sbenedict@mandrakesoft.com> 4.0p1-1mdk
- 4.0p1, redo P1, remove P9 (merged upstream)
- new S8 (sftplogging), new P10 (chroot, upstream patch malformed? - fix)
- new P6, drop P7, reverse a bit of P1 so P6 can apply unchanged (ldap)
* Mon Apr 25 2005 Oden Eriksson <oeriksson@mandriva.com> 3.9p1-10mdk
- rebuilt against latests openssl
* Tue Mar 22 2005 Stew Benedict <sbenedict@mandrakesoft.com> 3.9p1-9mdk
- README.chroot (Bruno Cornec)
* Mon Mar 21 2005 Stew Benedict <sbenedict@mandrakesoft.com> 3.9p1-8mdk
- optional chroot build (http://chrootssh.sourceforge.net, Bruno Cornec)
- spec massages - Oden
- use fuzz 3 with sftplogging patch if ldap is used
* Fri Mar 04 2005 Stew Benedict <sbenedict@mandrakesoft.com> 3.9p1-7mdk
- enable krb5, GSSAPI - (Bugzilla 14222)
- fix "need to reset console after ctrl-c" (Bugzilla 14153, P9)
- script-without-shellbang (Source 4,5,6)
* Mon Jan 03 2005 Stew Benedict <sbenedict@mandrakesoft.com> 3.9p1-6mdk
- drop reference to renamed README.mdk in description (Dick Gevers)
* Fri Dec 31 2004 Christiaan Welvaart <cjw@daneel.dyndns.org> 3.9p1-5mdk
- add BuildRequires: XFree86 (for rman)
* Mon Dec 27 2004 Stew Benedict <sbenedict@mandrakesoft.com> 3.9p1-4mdk
- optional sftplogging build (http://sftplogging.sourceforge.net, Josh Sehn)
* Tue Sep 14 2004 Stew Benedict <sbenedict@mandrakesoft.com> 3.9p1-3mdk
- accept only protocol 2 as default for sshd (redo patch1, #11413)
- rename Source11, add note about protocol change
* Fri Sep 10 2004 Stew Benedict <sbenedict@mandrakesoft.com> 3.9p1-2mdk
- rediff ldap patch (Buchan Milne)
- add sample ssh_ldap_key.pl (Buchan Milne)
* Fri Aug 20 2004 Stew Benedict <sbenedict@mandrakesoft.com> 3.9p1-1mdk
- 3.9p1, rework patch1
* Fri Jul 30 2004 Stew Benedict <sbenedict@mandrakesoft.com> 3.8.1p1-3mdk
- move app-defaults file to correct dir (Peggy KUTYLA)
* Thu Jun 17 2004 Stew Benedict <sbenedict@mandrakesoft.com> 3.8.1p1-2mdk
- definitive fix for ldap support (patch7, Tibor Pittich)
* Sat Jun 12 2004 Stew Benedict <sbenedict@mandrakesoft.com> 3.8.1p1-1mdk
- 3.8.1p1, rework patch1 (config)
- mod to patch6 from Buchan (ldap)
- trigger doesn't need epoch now (was running on rpm -e)
* Fri Jun 11 2004 Stew Benedict <sbenedict@mandrakesoft.com> 3.8p1-4mdk
- add README.mdk to docs to explain differences from <= 3.6.1p2
- add trigger to try and catch alternative auth methods on upgrade,
re-enabling PAM if in use (Bugzilla #9800, thx Buchan)
- add optional (--with ldap) support for authenticating to public keys
stored in ldap (Buchan Milne)
* Tue Jun 08 2004 Stew Benedict <sbenedict@mandrakesoft.com> 3.8p1-3mdk
- add "ForwardX11Trusted yes" to ssh_config so X11 forwarding works
(patch1, Bugzilla #9719)
* Tue May 11 2004 Stew Benedict <sbenedict@mandrakesoft.com> 3.8p1-2mdk
- modified pam stack so enabling UsePAM doesn't change
- "PermitRootLogin without-password" behavior (rework patch1)
- "root" in /etc/ssh/denyusers
distrib
>
Mageia
>
9
>
armv7hl
>
media
>
core-release-src
>
by-pkgid
>
1bde0bcef1c3a79294422c4f9ba86aa7
>
files
>
57
