Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-12-SP2:GA
openssh.9495
openssh.spec
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File openssh.spec of Package openssh.9495
# # spec file for package openssh # # Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed # upon. The license for this file, and modifications and additions to the # file, is the same license as for the pristine package itself (unless the # license for the pristine package is not an Open Source License, in which # case the license is the MIT License). An "Open Source License" is a # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. # Please submit bugfixes or comments via https://bugs.opensuse.org/ # %if 0%{suse_version} >= 1100 %define has_fw_dir 1 %else %define has_fw_dir 0 %endif %if 0%{suse_version} >= 1110 %define has_libselinux 1 %else %define has_libselinux 0 %endif %if 0%{?suse_version} >= 1130 %define needs_all_dirs 1 %else %define needs_all_dirs 0 %endif %if 0%{?suse_version} >= 1140 %define needs_libedit 1 %else %define needs_libedit 0 %endif %if 0%{?suse_version} > 1140 %define has_krb_mini 1 %else %define has_krb_mini 0 %endif %if 0%{?suse_version} > 1220 %define uses_systemd 1 %else %define uses_systemd 0 %endif %define sandbox_seccomp 0 %ifarch %ix86 x86_64 %if 0%{?suse_version} > 1220 %define sandbox_seccomp 1 %endif %endif %define _fwdir %{_sysconfdir}/sysconfig/SuSEfirewall2.d %define _fwdefdir %{_fwdir}/services %define _appdefdir %( grep "configdirspec=" $( which xmkmf ) | sed -r 's,^[^=]+=.*-I(.*)/config.*$,\\1/app-defaults,' ) %{!?_initddir:%global _initddir %{_initrddir}} Name: openssh BuildRequires: audit-devel BuildRequires: autoconf BuildRequires: groff %if %{has_krb_mini} BuildRequires: krb5-mini-devel %else BuildRequires: krb5-devel %endif %if %{needs_libedit} BuildRequires: libedit-devel %endif %if %{has_libselinux} BuildRequires: libselinux-devel %endif BuildRequires: openldap2-devel BuildRequires: openssl BuildRequires: openssl-devel BuildRequires: pam-devel %if %{uses_systemd} BuildRequires: pkgconfig(libsystemd) %{?systemd_requires} %endif BuildRequires: tcpd-devel PreReq: pwdutils %{insserv_prereq} %{fillup_prereq} coreutils Version: 6.6p1 Release: 0 Summary: Secure Shell Client and Server (Remote Login Program) License: BSD-2-Clause AND MIT Group: Productivity/Networking/SSH Url: http://www.openssh.com/ Source: ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-%{version}.tar.gz Source1: sshd.init Source2: sshd.pamd Source3: README.SUSE Source4: README.kerberos Source5: ssh.reg Source6: ssh-askpass Source7: sshd.fw Source8: sysconfig.ssh Source9: sshd-gen-keys-start Source10: sshd.service Source11: README.FIPS Source12: cavs_driver-ssh.pl Patch00: openssh-6.6p1-curve25519-6.6.1p1.patch Patch01: openssh-6.6p1-X11-forwarding.patch Patch02: openssh-6.6p1-lastlog.patch Patch03: openssh-6.6p1-pam-fix2.patch Patch04: openssh-6.6p1-saveargv-fix.patch Patch05: openssh-6.6p1-pam-fix3.patch Patch06: openssh-6.6p1-gssapimitm.patch Patch07: openssh-6.6p1-eal3.patch Patch08: openssh-6.6p1-blocksigalrm.patch Patch09: openssh-6.6p1-send_locale.patch Patch10: openssh-6.6p1-xauthlocalhostname.patch Patch11: openssh-6.6p1-xauth.patch Patch12: openssh-6.6p1-default-protocol.patch Patch13: openssh-6.6p1-pts.patch Patch14: openssh-6.6p1-pam-check-locks.patch Patch15: openssh-6.6p1-fingerprint_hash.patch Patch16: openssh-6.6p1-disable_short_DH_parameters.patch Patch17: openssh-6.6p1-remove_moduli_under_1536b.patch Patch18: openssh-6.6p1-fips.patch Patch19: openssh-6.6p1-fips-checks.patch Patch20: openssh-6.6p1-audit1-remove_duplicit_audit.patch Patch21: openssh-6.6p1-audit2-better_audit_of_user_actions.patch Patch22: openssh-6.6p1-audit3-key_auth_usage.patch Patch23: openssh-6.6p1-audit3-key_auth_usage-fips.patch Patch24: openssh-6.6p1-audit4-kex_results.patch Patch25: openssh-6.6p1-audit4-kex_results-fips.patch Patch26: openssh-6.6p1-audit5-session_key_destruction.patch Patch27: openssh-6.6p1-audit6-server_key_destruction.patch Patch28: openssh-6.6p1-audit8-libaudit_dns_timeouts.patch Patch29: openssh-6.6p1-seed-prng.patch Patch30: openssh-6.6p1-gssapi_key_exchange.patch Patch31: openssh-6.6p1-login_options.patch Patch32: openssh-6.6p1-disable-openssl-abi-check.patch Patch33: openssh-6.6p1-no_fork-no_pid_file.patch Patch34: openssh-6.6p1-host_ident.patch Patch35: openssh-6.6p1-sftp_homechroot.patch Patch36: openssh-6.6p1-sftp_force_permissions.patch Patch37: openssh-6.6p1-seccomp_getuid.patch Patch38: openssh-6.6p1-seccomp_stat.patch Patch39: openssh-6.6p1-X_forward_with_disabled_ipv6.patch Patch40: openssh-6.6p1-ldap.patch Patch41: openssh-6.6p1-cavstest-ctr.patch Patch42: openssh-6.6p1-cavstest-kdf.patch Patch43: openssh-6.6p1-IPv6_X_forwarding.patch Patch44: openssh-6.6p1-check_sshfp_for_certs.patch Patch45: openssh-6.6p1-ignore_postauth_SIGXFSZ.patch Patch46: openssh-6.6p1-sftp_procfs_restrictions.patch Patch47: openssh-6.6p1-X11_forwarding_timeout.patch Patch48: openssh-6.6p1-agent_locking_hardening.patch Patch49: openssh-6.6p1-use_each_kbd_method_just_once.patch Patch50: openssh-6.6p1-pam_privsep_dont_resend_username.patch Patch51: openssh-6.6p1-pam_privsep_auth_uaf.patch Patch52: openssh-6.6p1-disable_roaming.patch Patch53: openssh-6.6p1-sanitise_xauth_input.patch Patch54: openssh-6.6p1-untrusted_X_forwarding.patch Patch55: openssh-6.6p1-ignore_PAM_with_UseLogin.patch Patch56: openssh-6.6p1-prevent_timing_user_enumeration.patch Patch57: openssh-6.6p1-limit_password_length.patch Patch58: openssh-6.6p1-avoid_undefined_display_messages.patch Patch59: openssh-6.6p1-kex_resource_depletion.patch Patch60: openssh-6.6p1-verify_CIDR_address_ranges.patch Patch61: openssh-6.6p1-disable_preauth_compression.patch Patch62: openssh-6.6p1-restrict_pkcs11-modules.patch Patch63: openssh-6.6p1-prevent_private_key_leakage.patch Patch64: openssh-6.6p1-ssh_case_insensitive_host_matching.patch Patch65: openssh-6.6p1-sftp_print_diagnostic_messages.patch Patch66: openssh-6.6p1-duplicate_kex.patch Patch67: openssh-6.6p1-stricter_readonly_sftp.patch Patch68: openssh-6.6p1-systemd-notify.patch Patch69: openssh-6.6p1-out_of_seq_newkeys.patch Patch70: openssh-6.6p1-CVE-2018-15473.patch Patch71: openssh-6.6p1-sftp-client-return-code.patch Patch73: openssh-6.6p1-rm_ciphers_from_defaults.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build Conflicts: nonfreessh Recommends: audit Recommends: xauth Recommends: %{name}-helpers = %{version}-%{release} Conflicts: %{name}-fips < %{version}-%{release} , %{name}-fips > %{version}-%{release} %define CHECKSUM_SUFFIX .hmac %define CHECKSUM_HMAC_KEY "HMAC_KEY:OpenSSH-FIPS@SLE" %description SSH (Secure Shell) is a program for logging into and executing commands on a remote machine. It is intended to replace rsh (rlogin and rsh) and provides openssl (secure encrypted communication) between two untrusted hosts over an insecure network. xorg-x11 (X Window System) connections and arbitrary TCP/IP ports can also be forwarded over the secure channel. %package helpers Summary: OpenSSH AuthorizedKeysCommand helpers Group: Productivity/Networking/SSH Requires: %{name} = %{version}-%{release} %description helpers Helper applications for OpenSSH which retrieve keys from various sources. %package fips Summary: OpenSSH FIPS cryptomodule HMACs Group: Productivity/Networking/SSH Requires: %{name} = %{version}-%{release} Conflicts: %{name} < %{version}-%{release} , %{name} > %{version}-%{release} Obsoletes: %{name}-hmac %description fips Hashes that together with the main package form the FIPS certifiable cryptomodule. %package cavs Summary: OpenSSH FIPS cryptomodule CAVS tests Group: Productivity/Networking/SSH Requires: %{name} = %{version}-%{release} %description cavs FIPS140 CAVS tests related parts of the OpenSSH package %prep %setup -q %patch00 -p2 %patch01 -p2 %patch02 -p2 %patch03 -p2 %patch04 -p2 %patch05 -p2 %patch06 -p2 %patch07 -p2 %patch08 -p2 %patch09 -p2 %patch10 -p2 %patch11 -p2 %patch12 -p2 %patch13 -p2 %patch14 -p2 %patch15 -p2 %patch16 -p2 %patch17 -p2 %patch18 -p2 %patch19 -p2 %patch20 -p2 %patch21 -p2 %patch22 -p2 %patch23 -p2 %patch24 -p2 %patch25 -p2 %patch26 -p2 %patch27 -p2 %patch28 -p2 %patch29 -p2 %patch30 -p2 %patch31 -p2 %patch32 -p2 %patch33 -p2 %patch34 -p2 %patch35 -p2 %patch36 -p2 %patch37 -p2 %patch38 -p2 %patch39 -p2 %patch40 -p2 %patch41 -p2 %patch42 -p2 %patch43 -p2 %patch44 -p2 %patch45 -p2 %patch46 -p2 %patch47 -p2 %patch48 -p2 %patch49 -p2 %patch50 -p2 %patch51 -p2 %patch52 -p2 %patch53 -p2 %patch54 -p2 %patch55 -p2 %patch56 -p2 %patch57 -p2 %patch58 -p2 %patch59 -p2 %patch60 -p2 %patch61 -p2 %patch62 -p2 %patch63 -p2 %patch64 -p2 %patch65 -p2 %patch66 -p2 %patch67 -p2 %patch68 -p2 %patch69 -p2 %patch70 -p1 %patch71 -p1 %patch73 -p1 cp %{SOURCE3} %{SOURCE4} %{SOURCE11} . %build # set libexec dir in the LDAP patch sed -i.libexec 's,@LIBEXECDIR@,%{_libexecdir}/ssh,' \ $( grep -Rl @LIBEXECDIR@ \ $( grep "^+++" %{PATCH40} | sed -r 's@^.+/([^/\t ]+).*$@\1@' ) ) autoreconf -fiv %ifarch s390 s390x %sparc PIEFLAGS="-fPIE" %else PIEFLAGS="-fpie" %endif CFLAGS="%{optflags} $PIEFLAGS -fstack-protector" CXXFLAGS="%{optflags} $PIEFLAGS -fstack-protector" LDFLAGS="-pie -Wl,--as-needed" #CPPFLAGS="%{optflags} -DUSE_INTERNAL_B64" export LDFLAGS CFLAGS CXXFLAGS CPPFLAGS %configure \ --prefix=%{_prefix} \ --mandir=%{_mandir} \ --infodir=%{_infodir} \ --sysconfdir=%{_sysconfdir}/ssh \ --libexecdir=%{_libexecdir}/ssh \ --with-tcp-wrappers \ %if %{has_libselinux} --with-selinux \ %endif %if %{uses_systemd} --with-pid-dir=/run \ --with-systemd \ %endif --with-ssl-engine \ --with-pam \ --with-kerberos5=%{_prefix} \ --with-privsep-path=/var/lib/empty \ %if %{sandbox_seccomp} --with-sandbox=seccomp_filter \ %else --with-sandbox=rlimit \ %endif %ifnarch s390 s390x --with-opensc \ %endif --disable-strip \ --with-audit=linux \ --with-ldap \ --with-xauth=%{_bindir}/xauth \ %if %{needs_libedit} --with-libedit \ %endif --target=%{_target_cpu}-suse-linux \ ### configure end make %{?_smp_mflags} #make %{?_smp_mflags} -C converter %install make install DESTDIR=%{buildroot} #make install DESTDIR=%{buildroot} -C converter install -d -m 755 %{buildroot}%{_sysconfdir}/pam.d install -d -m 755 %{buildroot}/var/lib/sshd install -m 644 %{SOURCE2} %{buildroot}%{_sysconfdir}/pam.d/sshd install -d -m 755 %{buildroot}%{_sysconfdir}/slp.reg.d/ install -m 644 %{SOURCE5} %{buildroot}%{_sysconfdir}/slp.reg.d/ install -d -m 755 %{buildroot}%{_initddir} %if %{uses_systemd} install -m 0755 %{SOURCE1} . install -D -m 0644 %{SOURCE10} %{buildroot}%{_unitdir}/sshd.service ln -s /usr/sbin/service %{buildroot}%{_sbindir}/rcsshd %else install -D -m 0755 %{SOURCE1} %{buildroot}%{_initddir}/sshd install -m 0644 %{SOURCE10} . ln -s ../..%{_initddir}/sshd %{buildroot}%{_sbindir}/rcsshd %endif install -d -m 755 %{buildroot}/var/adm/fillup-templates install -m 644 %{SOURCE8} %{buildroot}/var/adm/fillup-templates # install shell script to automate the process of adding your public key to a remote machine install -m 755 contrib/ssh-copy-id %{buildroot}%{_bindir} install -m 644 contrib/ssh-copy-id.1 %{buildroot}%{_mandir}/man1 sed -i -e s@/usr/libexec@%{_libexecdir}@g %{buildroot}%{_sysconfdir}/ssh/sshd_config %if %{has_fw_dir} #install firewall definitions format is described here: #%{_datadir}/SuSEfirewall2/services/TEMPLATE mkdir -p %{buildroot}%{_fwdefdir} install -m 644 %{SOURCE7} %{buildroot}%{_fwdefdir}/sshd %endif # askpass wrapper sed -e "s,@LIBEXECDIR@,%{_libexecdir},g" < %{SOURCE6} > %{buildroot}%{_libexecdir}/ssh/ssh-askpass sed -e "s,@LIBEXECDIR@,%{_libexecdir},g" < %{SOURCE12} > %{buildroot}%{_libexecdir}/ssh/cavs_driver-ssh.pl rm -f %{buildroot}%{_datadir}/Ssh.bin # sshd keys generator wrapper install -D -m 0755 %{SOURCE9} %{buildroot}%{_sbindir}/sshd-gen-keys-start # the hmac hashes - taken from openssl # # re-define the __os_install_post macro: the macro strips # the binaries and thereby invalidates any hashes created earlier. # # this shows up earlier because otherwise the %expand of # the macro is too late. %{expand:%%global __os_install_post {%__os_install_post for b in \ %{_bindir}/ssh \ %{_sbindir}/sshd \ %{_libexecdir}/ssh/sftp-server \ ; do openssl dgst -sha256 -binary -hmac %{CHECKSUM_HMAC_KEY} < %{buildroot}$b > %{buildroot}$b%{CHECKSUM_SUFFIX} done }} %pre getent group sshd >/dev/null || %{_sbindir}/groupadd -r sshd getent passwd sshd >/dev/null || %{_sbindir}/useradd -r -g sshd -d /var/lib/sshd -s /bin/false -c "SSH daemon" sshd %if %{uses_systemd} %service_add_pre sshd.service %endif %post %if %{uses_systemd} %{fillup_only -n ssh sshd} %service_add_post sshd.service %else %{fillup_and_insserv -n ssh sshd} %endif %preun %if %{uses_systemd} %service_del_preun sshd.service %else %stop_on_removal sshd %endif %postun # The openssh-fips trigger script for openssh will normally restart sshd once # it gets installed, so only restart the service here is openssh-fips is not # present rpm -q openssh-fips >& /dev/null && DISABLE_RESTART_ON_UPDATE=yes %if %{uses_systemd} %service_del_postun sshd.service %else %restart_on_update sshd %{insserv_cleanup} %endif %triggerin -n openssh-fips -- %{name} = %{version}-%{release} %restart_on_update sshd %files %defattr(-,root,root) %exclude %{_bindir}/ssh%{CHECKSUM_SUFFIX} %exclude %{_sbindir}/sshd%{CHECKSUM_SUFFIX} %exclude %{_libexecdir}/ssh/sftp-server%{CHECKSUM_SUFFIX} %exclude %{_libexecdir}/ssh/cavs* %dir %attr(755,root,root) /var/lib/sshd %doc README.SUSE README.kerberos README.FIPS ChangeLog OVERVIEW README TODO LICENCE CREDITS %attr(0755,root,root) %dir %{_sysconfdir}/ssh %attr(0600,root,root) %config(noreplace) %{_sysconfdir}/ssh/moduli %verify(not mode) %attr(0644,root,root) %config(noreplace) %{_sysconfdir}/ssh/ssh_config %verify(not mode) %attr(0640,root,root) %config(noreplace) %{_sysconfdir}/ssh/sshd_config %attr(0644,root,root) %config(noreplace) %{_sysconfdir}/pam.d/sshd %if %{uses_systemd} %doc sshd.init %attr(0644,root,root) %config %{_unitdir}/sshd.service %else %attr(0755,root,root) %config %{_initddir}/sshd %doc sshd.service %endif %attr(0755,root,root) %{_bindir}/* %attr(0755,root,root) %{_sbindir}/* %attr(0755,root,root) %dir %{_libexecdir}/ssh %exclude %{_libexecdir}/ssh/ssh-ldap* %attr(0755,root,root) %{_libexecdir}/ssh/* %attr(0444,root,root) %doc %{_mandir}/man1/* %attr(0444,root,root) %doc %{_mandir}/man5/* %attr(0444,root,root) %doc %{_mandir}/man8/* %dir %{_sysconfdir}/slp.reg.d %config %{_sysconfdir}/slp.reg.d/ssh.reg /var/adm/fillup-templates/sysconfig.ssh %if %{has_fw_dir} %if %{needs_all_dirs} %dir %{_fwdir} %dir %{_fwdefdir} %endif %config %{_fwdefdir}/sshd %endif %files helpers %defattr(-,root,root) %attr(0755,root,root) %dir %{_sysconfdir}/ssh %verify(not mode) %attr(0644,root,root) %config(noreplace) %{_sysconfdir}/ssh/ldap.conf %attr(0755,root,root) %dir %{_libexecdir}/ssh %attr(0755,root,root) %{_libexecdir}/ssh/ssh-ldap* %doc HOWTO.ldap-keys openssh-lpk-openldap.schema openssh-lpk-sun.schema %files fips %defattr(-,root,root) %attr(0444,root,root) %{_bindir}/ssh%{CHECKSUM_SUFFIX} %attr(0444,root,root) %{_sbindir}/sshd%{CHECKSUM_SUFFIX} %attr(0444,root,root) %{_libexecdir}/ssh/sftp-server%{CHECKSUM_SUFFIX} %files cavs %defattr(-,root,root) %attr(0755,root,root) %{_libexecdir}/ssh/cavs* %changelog
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor