--- openssh-6.6p1/ldap-helper.c~ 2014-05-13 17:04:22.258162978 +0300
+++ openssh-6.6p1/ldap-helper.c 2014-05-13 17:14:08.398824417 +0300
@@ -31,6 +31,7 @@
- #include "ldapbody.h"
+ #include <stdlib.h>
#include <string.h>
#include <unistd.h>
+#include <signal.h>
-diff -urNp -x '*.orig' openssh-8.8p1.org/servconf.c openssh-8.8p1/servconf.c
---- openssh-8.8p1.org/servconf.c 2021-09-26 16:03:19.000000000 +0200
-+++ openssh-8.8p1/servconf.c 2021-12-09 20:13:16.486586503 +0100
-@@ -92,7 +92,9 @@ initialize_server_options(ServerOptions
-
- /* Portable-specific options */
+diff -ruNp openssh-9.8p1.orig/servconf.c openssh-9.8p1/servconf.c
+--- openssh-9.8p1.orig/servconf.c 2024-07-01 06:36:28.000000000 +0200
++++ openssh-9.8p1/servconf.c 2024-07-01 11:17:17.929993456 +0200
+@@ -94,6 +94,8 @@ initialize_server_options(ServerOptions
options->use_pam = -1;
--
-+
+ options->pam_service_name = NULL;
+
+ options->use_chroot = -1;
-+
++
/* Standard Options */
options->num_ports = 0;
options->ports_from_cmdline = 0;
-@@ -279,6 +281,9 @@ fill_default_server_options(ServerOption
- if (options->use_pam == -1)
- options->use_pam = 0;
+@@ -299,6 +301,9 @@ fill_default_server_options(ServerOption
+ if (options->pam_service_name == NULL)
+ options->pam_service_name = xstrdup(SSHD_PAM_SERVICE);
+ if (options->use_chroot == -1)
+ options->use_chroot = 0;
-+
++
/* Standard Options */
if (options->num_host_key_files == 0) {
/* fill default hostkeys for protocols */
-@@ -486,6 +491,7 @@ typedef enum {
+@@ -538,6 +543,7 @@ typedef enum {
sBadOption, /* == unknown option */
/* Portable-specific options */
- sUsePAM,
+ sUsePAM, sPAMServiceName,
+ sUseChroot,
/* Standard Options */
sPort, sHostKeyFile, sLoginGraceTime,
sPermitRootLogin, sLogFacility, sLogLevel, sLogVerbose,
-@@ -538,6 +544,11 @@ static struct {
- #else
+@@ -595,6 +601,11 @@ static struct {
{ "usepam", sUnsupported, SSHCFG_GLOBAL },
+ { "pamservicename", sUnsupported, SSHCFG_ALL },
#endif
+#ifdef CHROOT
+ { "usechroot", sUseChroot, SSHCFG_GLOBAL },
{ "pamauthenticationviakbdint", sDeprecated, SSHCFG_GLOBAL },
/* Standard Options */
{ "port", sPort, SSHCFG_GLOBAL },
-@@ -1332,6 +1343,10 @@ process_server_config_line_depth(ServerO
- intptr = &options->use_pam;
- goto parse_flag;
+@@ -1338,6 +1349,10 @@ process_server_config_line_depth(ServerO
+ *charptr = xstrdup(arg);
+ break;
+ case sUseChroot:
+ intptr = &options->use_chroot;
+++ openssh-8.8p1/sshd_config 2021-12-09 20:13:16.489919836 +0100
@@ -85,6 +85,10 @@ GSSAPIAuthentication yes
# and KbdInteractiveAuthentication to 'no'.
- UsePAM yes
+ #UsePAM no
+# Set this to 'yes' to enable support for chrooted user environment.
+# You must create such environment before you can use this feature.
-diff -urNp -x '*.orig' openssh-8.8p1.org/ssh_config openssh-8.8p1/ssh_config
---- openssh-8.8p1.org/ssh_config 2021-09-26 16:03:19.000000000 +0200
-+++ openssh-8.8p1/ssh_config 2021-12-09 20:12:26.796586510 +0100
-@@ -20,10 +20,13 @@
- # Host *
- # ForwardAgent no
- # ForwardX11 no
-+# ForwardX11Trusted no
- # PasswordAuthentication yes
- # HostbasedAuthentication no
- # GSSAPIAuthentication no
- # GSSAPIDelegateCredentials no
-+# GSSAPIKeyExchange no
-+# GSSAPITrustDNS no
- # BatchMode no
- # CheckHostIP no
- # AddressFamily any
-@@ -44,3 +47,18 @@
+diff -ur openssh-9.5p1.org/ssh_config openssh-9.5p1/ssh_config
+--- openssh-9.5p1.org/ssh_config 2023-10-04 06:34:10.000000000 +0200
++++ openssh-9.5p1/ssh_config 2023-11-28 09:12:00.249971177 +0100
+@@ -44,3 +44,6 @@
# ProxyCommand ssh -q -W %h:%p gateway.example.com
# RekeyLimit 1G 1h
# UserKnownHostsFile ~/.ssh/known_hosts.d/%k
+
-+Host *
-+ GSSAPIAuthentication yes
-+# If this option is set to yes then remote X11 clients will have full access
-+# to the original X11 server. As some X11 clients don't support the untrusted
-+# mode correctly, you might consider changing this to 'yes' or using '-Y'.
-+# ForwardX11Trusted no
-+ ServerAliveInterval 60
-+ ServerAliveCountMax 10
-+ TCPKeepAlive no
-+ # Allow DSA keys
-+# PubkeyAcceptedKeyTypes +ssh-dss
-+# HostkeyAlgorithms +ssh-dss
-+# Send locale-related environment variables, also pass some GIT vars
-+ SendEnv LANG LC_* LANGUAGE XMODIFIERS TZ GIT_AUTHOR_NAME GIT_AUTHOR_EMAIL GIT_COMMITTER_NAME GIT_COMMITTER_EMAIL
-diff -urNp -x '*.orig' openssh-8.8p1.org/sshd_config openssh-8.8p1/sshd_config
---- openssh-8.8p1.org/sshd_config 2021-09-26 16:03:19.000000000 +0200
-+++ openssh-8.8p1/sshd_config 2021-12-09 20:12:26.796586510 +0100
-@@ -29,7 +29,7 @@
- # Authentication:
-
- #LoginGraceTime 2m
--#PermitRootLogin prohibit-password
-+PermitRootLogin no
- #StrictModes yes
- #MaxAuthTries 6
- #MaxSessions 10
-@@ -57,6 +57,9 @@ AuthorizedKeysFile .ssh/authorized_keys
- #PasswordAuthentication yes
- #PermitEmptyPasswords no
-
-+# Allow DSA keys
-+## PubkeyAcceptedKeyTypes +ssh-dss
++# Put your local config in *.conf files
++Include /etc/ssh/ssh_config.d/*.conf
+diff -ur openssh-9.5p1.org/sshd_config openssh-9.5p1/sshd_config
+--- openssh-9.5p1.org/sshd_config 2023-10-04 06:34:10.000000000 +0200
++++ openssh-9.5p1/sshd_config 2023-11-28 09:12:18.119971176 +0100
+@@ -114,3 +114,6 @@
+ # AllowTcpForwarding no
+ # PermitTTY no
+ # ForceCommand cvs server
+
- # Change to no to disable s/key passwords
- #KbdInteractiveAuthentication yes
-
-@@ -69,6 +72,7 @@ AuthorizedKeysFile .ssh/authorized_keys
- # GSSAPI options
- #GSSAPIAuthentication no
- #GSSAPICleanupCredentials yes
-+GSSAPIAuthentication yes
-
- # Set this to 'yes' to enable PAM authentication, account processing,
- # and session processing. If this is enabled, PAM authentication will
-@@ -79,7 +83,7 @@ AuthorizedKeysFile .ssh/authorized_keys
- # If you just want the PAM account and session checks to run without
- # PAM authentication, then enable this but set PasswordAuthentication
- # and KbdInteractiveAuthentication to 'no'.
--#UsePAM no
-+UsePAM yes
-
- #AllowAgentForwarding yes
- #AllowTcpForwarding yes
-@@ -105,9 +109,16 @@ AuthorizedKeysFile .ssh/authorized_keys
- # no default banner path
- #Banner none
-
-+# Accept locale-related environment variables, also accept some GIT vars
-+AcceptEnv LANG LC_* LANGUAGE XMODIFIERS TZ GIT_AUTHOR_NAME GIT_AUTHOR_EMAIL GIT_COMMITTER_NAME GIT_COMMITTER_EMAIL
-+
- # override default of no subsystems
- Subsystem sftp /usr/libexec/sftp-server
-
-+# Uncomment this if you want to use .local domain
-+#Host *.local
-+# CheckHostIP no
-+
- # Example of overriding settings on a per-user basis
- #Match User anoncvs
- # X11Forwarding no
++# Put your local config in *.conf files
++Include /etc/ssh/sshd_config.d/*.conf
+5) Author
+ Jan F. Chadima <jchadima@redhat.com>
+
-diff -urNp -x '*.orig' openssh-8.4p1.org/Makefile.in openssh-8.4p1/Makefile.in
---- openssh-8.4p1.org/Makefile.in 2020-09-27 09:25:01.000000000 +0200
-+++ openssh-8.4p1/Makefile.in 2021-03-01 11:29:31.280956671 +0100
-@@ -23,6 +23,8 @@ SSH_PROGRAM=@bindir@/ssh
+diff -ruN openssh-9.8p1.orig/Makefile.in openssh-9.8p1/Makefile.in
+--- openssh-9.8p1.orig/Makefile.in 2024-07-01 06:36:28.000000000 +0200
++++ openssh-9.8p1/Makefile.in 2024-07-01 11:10:26.787664770 +0200
+@@ -24,6 +24,8 @@
ASKPASS_PROGRAM=$(libexecdir)/ssh-askpass
SFTP_SERVER=$(libexecdir)/sftp-server
SSH_KEYSIGN=$(libexecdir)/ssh-keysign
+SSH_LDAP_HELPER=$(libexecdir)/ssh-ldap-helper
+SSH_LDAP_WRAPPER=$(libexecdir)/ssh-ldap-wrapper
+ SSHD_SESSION=$(libexecdir)/sshd-session
+ SSHD_AUTH=$(libexecdir)/sshd-auth
SSH_PKCS11_HELPER=$(libexecdir)/ssh-pkcs11-helper
- SSH_SK_HELPER=$(libexecdir)/ssh-sk-helper
- PRIVSEP_PATH=@PRIVSEP_PATH@
-@@ -63,10 +65,11 @@ LDFLAGS_NOPIE=-L. -Lopenbsd-compat/ @LDF
+@@ -74,10 +74,11 @@ LDFLAGS_NOPIE=-L. -Lopenbsd-compat/ @LDF
EXEEXT=@EXEEXT@
MANFMT=@MANFMT@
MKDIR_P=@MKDIR_P@
.SUFFIXES: .lo
--TARGETS=ssh$(EXEEXT) sshd$(EXEEXT) ssh-add$(EXEEXT) ssh-keygen$(EXEEXT) ssh-keyscan${EXEEXT} ssh-keysign${EXEEXT} ssh-pkcs11-helper$(EXEEXT) ssh-agent$(EXEEXT) scp$(EXEEXT) sftp-server$(EXEEXT) sftp$(EXEEXT) ssh-sk-helper$(EXEEXT)
-+TARGETS=ssh$(EXEEXT) sshd$(EXEEXT) ssh-add$(EXEEXT) ssh-keygen$(EXEEXT) ssh-keyscan${EXEEXT} ssh-keysign${EXEEXT} ssh-pkcs11-helper$(EXEEXT) ssh-agent$(EXEEXT) scp$(EXEEXT) sftp-server$(EXEEXT) sftp$(EXEEXT) ssh-sk-helper$(EXEEXT) ssh-ldap-helper$(EXEEXT)
+-TARGETS=ssh$(EXEEXT) sshd$(EXEEXT) sshd-session$(EXEEXT) sshd-auth$(EXEEXT) ssh-add$(EXEEXT) ssh-keygen$(EXEEXT) ssh-keyscan${EXEEXT} ssh-keysign${EXEEXT} ssh-pkcs11-helper$(EXEEXT) ssh-agent$(EXEEXT) scp$(EXEEXT) sftp-server$(EXEEXT) sftp$(EXEEXT) ssh-sk-helper$(EXEEXT) $(SK_STANDALONE)
++TARGETS=ssh$(EXEEXT) sshd$(EXEEXT) sshd-session$(EXEEXT) sshd-auth$(EXEEXT) ssh-add$(EXEEXT) ssh-keygen$(EXEEXT) ssh-keyscan${EXEEXT} ssh-keysign${EXEEXT} ssh-pkcs11-helper$(EXEEXT) ssh-agent$(EXEEXT) scp$(EXEEXT) sftp-server$(EXEEXT) sftp$(EXEEXT) ssh-sk-helper$(EXEEXT) ssh-ldap-helper$(EXEEXT) $(SK_STANDALONE)
- XMSS_OBJS=\
- ssh-xmss.o \
-@@ -150,8 +153,8 @@ SFTPSERVER_OBJS=sftp-common.o sftp-serve
+ LIBOPENSSH_OBJS=\
+ ssh_api.o \
+@@ -163,8 +166,8 @@
SFTP_OBJS= sftp.o sftp-usergroup.o progressmeter.o $(SFTP_CLIENT_OBJS)
MANTYPE = @MANTYPE@
CONFIGFILES=sshd_config.out ssh_config.out moduli.out
-@@ -230,6 +233,9 @@ ssh-pkcs11-helper$(EXEEXT): $(LIBCOMPAT)
+@@ -241,6 +244,9 @@
ssh-sk-helper$(EXEEXT): $(LIBCOMPAT) libssh.a $(SKHELPER_OBJS)
$(LD) -o $@ $(SKHELPER_OBJS) $(LDFLAGS) -lssh -lopenbsd-compat -lssh -lopenbsd-compat $(LIBS) $(LIBFIDO2) $(CHANNELLIBS)
ssh-keyscan$(EXEEXT): $(LIBCOMPAT) libssh.a $(SSHKEYSCAN_OBJS)
$(LD) -o $@ $(SSHKEYSCAN_OBJS) $(LDFLAGS) -lssh -lopenbsd-compat -lssh $(LIBS) $(CHANNELLIBS)
-@@ -395,6 +401,10 @@ install-files:
+@@ -414,6 +420,10 @@
$(INSTALL) -m 4711 $(STRIP_OPT) ssh-keysign$(EXEEXT) $(DESTDIR)$(SSH_KEYSIGN)$(EXEEXT)
$(INSTALL) -m 0755 $(STRIP_OPT) ssh-pkcs11-helper$(EXEEXT) $(DESTDIR)$(SSH_PKCS11_HELPER)$(EXEEXT)
$(INSTALL) -m 0755 $(STRIP_OPT) ssh-sk-helper$(EXEEXT) $(DESTDIR)$(SSH_SK_HELPER)$(EXEEXT)
$(INSTALL) -m 0755 $(STRIP_OPT) sftp$(EXEEXT) $(DESTDIR)$(bindir)/sftp$(EXEEXT)
$(INSTALL) -m 0755 $(STRIP_OPT) sftp-server$(EXEEXT) $(DESTDIR)$(SFTP_SERVER)$(EXEEXT)
$(INSTALL) -m 644 ssh.1.out $(DESTDIR)$(mandir)/$(mansubdir)1/ssh.1
-@@ -412,6 +422,10 @@ install-files:
+@@ -431,6 +441,10 @@
$(INSTALL) -m 644 ssh-keysign.8.out $(DESTDIR)$(mandir)/$(mansubdir)8/ssh-keysign.8
$(INSTALL) -m 644 ssh-pkcs11-helper.8.out $(DESTDIR)$(mandir)/$(mansubdir)8/ssh-pkcs11-helper.8
$(INSTALL) -m 644 ssh-sk-helper.8.out $(DESTDIR)$(mandir)/$(mansubdir)8/ssh-sk-helper.8
install-sysconf:
$(MKDIR_P) $(DESTDIR)$(sysconfdir)
-@@ -435,6 +449,13 @@ install-sysconf:
+@@ -454,6 +468,13 @@
else \
echo "$(DESTDIR)$(sysconfdir)/moduli already exists, install will not overwrite"; \
fi
host-key: ssh-keygen$(EXEEXT)
@if [ -z "$(DESTDIR)" ] ; then \
-@@ -473,6 +494,8 @@ uninstall:
+@@ -492,6 +513,8 @@
-rm -f $(DESTDIR)$(SSH_KEYSIGN)$(EXEEXT)
-rm -f $(DESTDIR)$(SSH_PKCS11_HELPER)$(EXEEXT)
-rm -f $(DESTDIR)$(SSH_SK_HELPER)$(EXEEXT)
-rm -f $(DESTDIR)$(mandir)/$(mansubdir)1/ssh.1
-rm -f $(DESTDIR)$(mandir)/$(mansubdir)1/scp.1
-rm -f $(DESTDIR)$(mandir)/$(mansubdir)1/ssh-add.1
-@@ -485,6 +508,7 @@ uninstall:
+@@ -504,6 +527,7 @@
-rm -f $(DESTDIR)$(mandir)/$(mansubdir)8/ssh-keysign.8
-rm -f $(DESTDIR)$(mandir)/$(mansubdir)8/ssh-pkcs11-helper.8
-rm -f $(DESTDIR)$(mandir)/$(mansubdir)8/ssh-sk-helper.8
+
dnl Checks for library functions. Please keep in alphabetical order
AC_CHECK_FUNCS([ \
- Blowfish_initstate \
+ auth_hostok \
diff -urNp -x '*.orig' openssh-8.4p1.org/ldap-helper.c openssh-8.4p1/ldap-helper.c
--- openssh-8.4p1.org/ldap-helper.c 1970-01-01 01:00:00.000000000 +0100
+++ openssh-8.4p1/ldap-helper.c 2021-03-01 11:29:31.280956671 +0100
-@@ -0,0 +1,155 @@
+@@ -0,0 +1,156 @@
+/* $OpenBSD: ssh-pka-ldap.c,v 1.1 2009/12/03 03:34:42 jfch Exp $ */
+/*
+ * Copyright (c) 2009 Jan F. Chadima. All rights reserved.
+#include "xmalloc.h"
+#include "ldapconf.h"
+#include "ldapbody.h"
++#include <stdlib.h>
+#include <string.h>
+#include <unistd.h>
+
diff -urNp -x '*.orig' openssh-8.4p1.org/ldapbody.c openssh-8.4p1/ldapbody.c
--- openssh-8.4p1.org/ldapbody.c 1970-01-01 01:00:00.000000000 +0100
+++ openssh-8.4p1/ldapbody.c 2021-03-01 11:29:31.280956671 +0100
-@@ -0,0 +1,494 @@
+@@ -0,0 +1,495 @@
+/* $OpenBSD: ldapbody.c,v 1.1 2009/12/03 03:34:42 jfch Exp $ */
+/*
+ * Copyright (c) 2009 Jan F. Chadima. All rights reserved.
+#include "ldapmisc.h"
+#include "ldapbody.h"
+#include <stdio.h>
++#include <stdlib.h>
+#include <unistd.h>
+
+#define LDAPSEARCH_FORMAT "(&(objectclass=%s)(objectclass=ldapPublicKey)(uid=%s)%s)"
diff -urNp -x '*.orig' openssh-8.4p1.org/ldapconf.c openssh-8.4p1/ldapconf.c
--- openssh-8.4p1.org/ldapconf.c 1970-01-01 01:00:00.000000000 +0100
+++ openssh-8.4p1/ldapconf.c 2021-03-01 11:29:31.280956671 +0100
-@@ -0,0 +1,691 @@
+@@ -0,0 +1,692 @@
+/* $OpenBSD: ldapconf.c,v 1.1 2009/12/03 03:34:42 jfch Exp $ */
+/*
+ * Copyright (c) 2009 Jan F. Chadima. All rights reserved.
+#include "xmalloc.h"
+#include "ldapconf.h"
+#include <unistd.h>
++#include <stdlib.h>
+#include <string.h>
+
+/* Keyword tokens. */
/*
* Name of the host we are connecting to. This is the name given on the
* command line, or the Hostname specified for the user-supplied name in a
-@@ -1301,6 +1304,8 @@ client_loop(struct ssh *ssh, int have_pt
+@@ -1518,6 +1518,8 @@ client_loop(struct ssh *ssh, int have_pt
ssh_signal(SIGQUIT, signal_handler);
if (ssh_signal(SIGTERM, SIG_IGN) != SIG_IGN)
ssh_signal(SIGTERM, signal_handler);
+ if (enable_sigpipe)
-+ signal(SIGPIPE, signal_handler);
++ ssh_signal(SIGPIPE, signal_handler);
ssh_signal(SIGWINCH, window_change_handler);
-
- if (have_pty)
+ #ifdef SIGINFO
+ ssh_signal(SIGINFO, siginfo_handler);
diff -urNp -x '*.orig' openssh-8.4p1.org/ssh.0 openssh-8.4p1/ssh.0
--- openssh-8.4p1.org/ssh.0 2020-09-27 09:42:10.000000000 +0200
+++ openssh-8.4p1/ssh.0 2021-03-01 11:29:10.909905265 +0100
Summary(ru.UTF-8): OpenSSH - свободная реализация протокола Secure Shell (SSH)
Summary(uk.UTF-8): OpenSSH - вільна реалізація протоколу Secure Shell (SSH)
Name: openssh
-Version: 9.7p1
-Release: 1
+Version: 10.2p1
+Release: 4
Epoch: 2
License: BSD
Group: Applications/Networking
Source0: https://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/%{name}-%{version}.tar.gz
-# Source0-md5: 1100f170ca1bc669038ca3743e074094
+# Source0-md5: 801b5ad6da38e0045de20dd5dd2f6a80
Source1: http://www.mif.pg.gda.pl/homepages/ankry/man-PLD/%{name}-non-english-man-pages.tar.bz2
# Source1-md5: 66943d481cc422512b537bcc2c7400d1
Source2: %{name}d.init
Source6: ssh-agent.conf
Source7: %{name}-lpk.schema
Source10: sshd-keygen
+Source13: tld_ssh_config
+Source14: tld_sshd_config
Patch100: %{name}-git.patch
# Patch100-md5: eb723cc4f21efc32752161d539c9c5e9
Patch0: %{name}-no-pty-tests.patch
%{?with_libseccomp:BuildRequires: libseccomp-devel}
%{?with_selinux:BuildRequires: libselinux-devel}
%{?with_ldap:BuildRequires: openldap-devel}
-BuildRequires: openssl-devel >= 1.1.0g
+BuildRequires: openssl-devel >= 1.1.1
BuildRequires: pam-devel
%{?with_gtk:BuildRequires: pkgconfig}
%if %{with tests} && %{with tests_conch}
BuildRequires: python-TwistedConch
%endif
BuildRequires: rpm >= 4.4.9-56
+BuildRequires: rpm-build >= 4.6
BuildRequires: rpmbuild(macros) >= 1.752
BuildRequires: sed >= 4.0
BuildRequires: zlib-devel >= 1.2.3
BuildRequires: uname(release) >= 3.5
%endif
Requires: zlib >= 1.2.3
-Requires: filesystem >= 3.0-11
-Requires: pam >= %{pam_ver}
-Suggests: xorg-app-xauth
Obsoletes: ssh
BuildRoot: %{tmpdir}/%{name}-%{version}-root-%(id -u -n)
Summary(ru.UTF-8): OpenSSH - клиенты протокола Secure Shell
Summary(uk.UTF-8): OpenSSH - клієнти протоколу Secure Shell
Group: Applications/Networking
-Requires: %{name}
+Requires: %{name} = %{epoch}:%{version}-%{release}
Suggests: %{name}-clients-helper-fido = %{epoch}:%{version}-%{release}
Provides: ssh-clients
Obsoletes: ssh-clients
-%requires_eq_to openssl openssl-devel
+%requires_eq_to openssl%{?_isa} openssl-devel
%description clients
Ssh (Secure Shell) a program for logging into a remote machine and for
Requires(pre): /bin/id
Requires(pre): /usr/sbin/useradd
Requires: %{name} = %{epoch}:%{version}-%{release}
+Requires: filesystem >= 3.0-11
Requires: pam >= %{pam_ver}
+Suggests: xorg-app-xauth
Requires: rc-scripts >= 0.4.3.0
%{?with_libseccomp:Requires: uname(release) >= 3.5}
Requires: util-linux
Suggests: xorg-app-xauth
Provides: ssh-server
Provides: user(sshd)
-%requires_eq_to openssl openssl-devel
+%requires_eq_to openssl%{?_isa} openssl-devel
%description server
Ssh (Secure Shell) a program for logging into a remote machine and for
%prep
%setup -q
-#%%patch100 -p1
+#%%patch -P100 -p1
-%patch0 -p1
-%patch1 -p1
-%patch2 -p1
-%patch3 -p1
-%patch4 -p1
-%patch5 -p1
-%patch6 -p1
-%patch7 -p1
-%patch8 -p1
+%patch -P0 -p1
+%patch -P1 -p1
+%patch -P2 -p1
+%patch -P3 -p1
+%patch -P4 -p1
+%patch -P5 -p1
+%patch -P6 -p1
+%patch -P7 -p1
+%patch -P8 -p1
-%{?with_hpn:%patch9 -p1}
+%{?with_hpn:%patch -P9 -p1}
-%patch11 -p1
+%patch -P11 -p1
-%patch13 -p1
+%patch -P13 -p1
-%patch14 -p1
-%{!?with_ldap:%patch15 -p1}
+%patch -P14 -p1
+%{!?with_ldap:%patch -P15 -p1}
# hack since arc4random from openbsd-compat needs symbols from libssh and vice versa
sed -i -e 's#-lssh -lopenbsd-compat#-lssh -lopenbsd-compat -lssh -lopenbsd-compat#g' Makefile*
--with-ldap%{!?with_ldap:=no} \
%{?with_ldns:--with-ldns} \
%{?with_libedit:--with-libedit} \
- --with-mantype=man \
- --with-md5-passwords \
+ --with-mantype=doc \
--with-pam \
--with-pid-dir=%{_localstatedir}/run \
--with-privsep-path=%{_privsepdir} \
rm -rf $RPM_BUILD_ROOT
install -d $RPM_BUILD_ROOT{%{_sysconfdir},/etc/{pam.d,rc.d/init.d,sysconfig,security,env.d}} \
$RPM_BUILD_ROOT{%{_libexecdir}/ssh,%{schemadir}}
+install -d $RPM_BUILD_ROOT%{_sysconfdir}/ssh{,d}_config.d
install -d $RPM_BUILD_ROOT/etc/{profile.d,X11/xinit/xinitrc.d}
%{__make} install \
cp -p %{SOURCE5} $RPM_BUILD_ROOT/etc/profile.d
ln -sf /etc/profile.d/ssh-agent.sh $RPM_BUILD_ROOT/etc/X11/xinit/xinitrc.d/ssh-agent.sh
cp -p %{SOURCE6} $RPM_BUILD_ROOT%{_sysconfdir}
+cp -p %{SOURCE13} $RPM_BUILD_ROOT%{_sysconfdir}/ssh_config.d/50-tld.conf
+cp -p %{SOURCE14} $RPM_BUILD_ROOT%{_sysconfdir}/sshd_config.d/50-tld.conf
cp -p %{SOURCE7} $RPM_BUILD_ROOT%{schemadir}
install -p %{SOURCE10} $RPM_BUILD_ROOT%{_libexecdir}/sshd-keygen
%triggerpostun server -- %{name}-server < 2:7.0p1-2
%banner %{name}-server -e << EOF
-!!!!!!!!!!!!!!!!!!!!! WARNING !!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!! WARNING !!!!!!!!!!!!!!!!!!!
! Starting from openssh 7.0 DSA keys are disabled !
! on server and client side. You will NOT be able !
! to use DSA keys for authentication. Please read !
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
EOF
-%triggerpostun server -- %{name}-server < 6.2p1-1
-cp -f %{_sysconfdir}/sshd_config{,.rpmorig}
-sed -i -e 's#AuthorizedKeysCommandRunAs#AuthorizedKeysCommandUser##g' %{_sysconfdir}/sshd_config
+if grep -q AuthorizedKeysCommandRunAs %{_sysconfdir}/sshd_config; then
+ cp -f %{_sysconfdir}/sshd_config{,.rpmorig}
+ sed -i -e 's#AuthorizedKeysCommandRunAs#AuthorizedKeysCommandUser##g' %{_sysconfdir}/sshd_config
+fi
-%triggerpostun server -- %{name}-server < 2:5.9p1-8
# lpk.patch to ldap.patch
if grep -qE '^(UseLPK|Lpk)' %{_sysconfdir}/sshd_config; then
echo >&2 "Migrating LPK patch to LDAP patch"
%defattr(644,root,root,755)
%doc TODO README OVERVIEW CREDITS Change*
%attr(755,root,root) %{_bindir}/ssh-key*
+#%attr(755,root,root) %{_bindir}/ssh-vulnkey*
%{_mandir}/man1/ssh-key*.1*
+#%{_mandir}/man1/ssh-vulnkey*.1*
%dir %{_sysconfdir}
%dir %{_libexecdir}
%attr(755,root,root) %{_bindir}/ssh-add
%attr(755,root,root) %{_bindir}/ssh-copy-id
%attr(755,root,root) %{_bindir}/scp
+%attr(755,root,root) %{_libexecdir}/ssh-pkcs11-helper
%config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/ssh_config
+%dir %{_sysconfdir}/ssh_config.d
+%config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/ssh_config.d/50-tld.conf
%config(noreplace,missingok) %verify(not md5 mtime size) /etc/env.d/SSH_ASKPASS
%{_mandir}/man1/scp.1*
%{_mandir}/man1/ssh.1*
%{_mandir}/man1/ssh-add.1*
%{_mandir}/man1/ssh-copy-id.1*
%{_mandir}/man5/ssh_config.5*
+%{_mandir}/man8/ssh-pkcs11-helper.8*
%lang(it) %{_mandir}/it/man1/ssh.1*
%lang(it) %{_mandir}/it/man5/ssh_config.5*
%lang(pl) %{_mandir}/pl/man1/scp.1*
%attr(755,root,root) %{_sbindir}/sshd
%attr(755,root,root) %{_libexecdir}/sftp-server
%attr(755,root,root) %{_libexecdir}/ssh-keysign
-%attr(755,root,root) %{_libexecdir}/ssh-pkcs11-helper
+%attr(755,root,root) %{_libexecdir}/sshd-auth
%attr(755,root,root) %{_libexecdir}/sshd-keygen
+%attr(755,root,root) %{_libexecdir}/sshd-session
%{_mandir}/man8/sshd.8*
%{_mandir}/man8/sftp-server.8*
%{_mandir}/man8/ssh-keysign.8*
-%{_mandir}/man8/ssh-pkcs11-helper.8*
%{_mandir}/man5/sshd_config.5*
%{_mandir}/man5/moduli.5*
%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/sshd_config
+%attr(750,root,root) %dir %{_sysconfdir}/sshd_config.d
+%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/sshd_config.d/50-tld.conf
%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) /etc/pam.d/sshd
%{_sysconfdir}/moduli
%attr(754,root,root) /etc/rc.d/init.d/sshd
# generate new keys with empty passwords if they do not exist
ssh_gen_key ed25519 /etc/ssh/ssh_host_ed25519_key
-ssh_gen_key ecdsa /etc/ssh/ssh_host_ecdsa_key
ssh_gen_key rsa /etc/ssh/ssh_host_rsa_key
-ssh_gen_key dsa /etc/ssh/ssh_host_dsa_key
--- /dev/null
+Host *
+ ServerAliveInterval 60
+ ServerAliveCountMax 10
+ TCPKeepAlive no
--- /dev/null
+PermitRootLogin no
TLD / packages / openssh.git / commitdiff