specs/o/openssh/openssh-vl.spec

%bcond_with systemd

# SELinux
%define WITH_SELINUX 0

# OpenSSH privilege separation requires a user & group ID
%define sshd_uid    74
%define sshd_gid    74

# Do we want to disable building of gnome-askpass? (1=yes 0=no)
%define no_gnome_askpass 0

# Use GTK3 for gnome-ssh-askpass
%define gtk3 1

# Build position-independent executables (requires toolchain support)?
%define pie 1

# Do we want to link against a static libcrypto? (1=yes 0=no)
%define static_libcrypto 0

# Do we want smartcard support (1=yes 0=no)
%define scard 0

# Disable IPv6 (avoids DNS hangs on some glibc versions)
%define noip6 0

# Do we want kerberos5 support (1=yes 0=no)
%define kerberos5 0

# Reserve options to override askpass settings with:
# rpm -ba|--rebuild --define 'skip_xxx 1'
%{?skip_gnome_askpass:%define no_gnome_askpass 1}

# Options for static OpenSSL link:
# rpm -ba|--rebuild --define "static_openssl 1"
%{?static_openssl:%define static_libcrypto 1}

# Options for Smartcard support: (needs libsectok and openssl-engine)
# rpm -ba|--rebuild --define "smartcard 1"
%{?smartcard:%define scard 1}

# Option to disable ipv6
# rpm -ba|--rebuild --define "noipv6 1"
%{?noipv6:%define noip6 1}

# Is this a build for the rescue CD (without PAM)? (1=yes 0=no)
%define rescue 0
%{?build_rescue:%define rescue 1}

# Turn off some stuff for resuce builds
%if %{rescue}
%define kerberos5 0
%endif

Summary: The OpenSSH implementation of SSH.
Summary(ja): OpenSSH - フリーの Secure Shell (SSH) の実装
Name: openssh
Version: 8.8p1
Release: 3%{_dist_release}%{?with_systemd:.systemd}
Group: network
Vendor: Project Vine
Distribution: Vine Linux
Packager: daisuke

License: BSD
URL: https://www.openssh.com/portable.html
Source0: https://cdn.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-%{version}.tar.gz
# files for systemd
Source9: sshd@.service
Source10: sshd.socket
Source11: sshd.service
Source12: sshd-keygen@.service
Source13: sshd-keygen
Source14: sshd.tmpfiles
Source15: sshd-keygen.target

Patch0: openssh-8.7p1-vine.patch
#Patch4: openssh-8.0p1-vendor.patch
# Patch12: openssh-selinux.patch
# Patch20: openssh-3.9p1-gssapimitm.patch
Patch21: openssh-7.6p1-safe-stop.patch
Patch24: openssh-7.6p1-fromto-remote.patch
Patch26: openssh-5.2p1-pam-no-stack.patch
# Patch27: openssh-5.1p1-log-in-chroot.patch
# Patch30: openssh-5.6p1-exit-deadlock.patch
# Patch31: openssh-3.9p1-skip-used.patch
Patch35: openssh-8.2p1-askpass-progress-gtk3.patch

# Help systemd to track the running service
Patch948: openssh-7.4p1-systemd.patch

# Vine Source
Source100: sshd.init.vine
Source110: sshd.sysconfig.vine

BuildRoot: %{_tmppath}/%{name}-%{version}-buildroot

Obsoletes: ssh

BuildRequires: perl, openssl-devel
BuildRequires: util-linux
%if "%{_dist_release}" >= "vl7"
BuildRequires: libdb-devel
%else
BuildRequires: db4-devel
%endif
BuildRequires: pam-devel
BuildRequires: zlib-devel
%if ! %{no_gnome_askpass}
BuildRequires: libX11-devel
BuildRequires: gtk3-devel
%endif
BuildRequires: xorg-x11-xauth
BuildRequires: groff
BuildRequires: libedit-devel
%if %{with systemd}
BuildRequires: systemd-devel
%endif

%description
SSH (Secure SHell) is a program for logging into and executing
commands on a remote machine. SSH is intended to replace rlogin and
rsh, and to provide secure encrypted communications between two
untrusted hosts over an insecure network. X11 connections and
arbitrary TCP/IP ports can also be forwarded over the secure channel.

OpenSSH is OpenBSD's version of the last free version of SSH, bringing
it up to date in terms of security and features, as well as removing
all patented algorithms to separate libraries.

This package includes the core files necessary for both the OpenSSH
client and server. To make this package useful, you should also
install openssh-clients, openssh-server, or both.

#'
%description -l ja
OpenSSH は、ネットワーク接続ツールである SSH プロトコル実装の フリー版 です。 
Ssh はリモートマシンへログインしたり、リモートマシンでコマンドを実行したり
するためのプログラムです。rlogin や rsh を置き換えるもので、二つの信頼でき
ないホスト間の信頼できない通信路でセキュアで暗号化された通信を行うことが
可能にします。X11 のコネクションやあらゆる TCP/IP のポートもまた、セキュア
な通信路の中を通すことができます。

OpenSSH は OpenBSD による最後のフリーのバージョンの再実装で、
最新のセキュリティと機能を提供しています。またすべての特許がからむ
アルゴリズムは分割したライブラリにわかれています。

このパッケージは OpenSSH のクライアントとサーバの両方で必要とされる
コアのファイルを含んでいます。実際に使用するにはこのパッケージの他に
openssh-clients および/または openssh-server が必要です。


%package clients
Summary: OpenSSH clients.
Summary(ja): OpenSSH Secure Shell プロトコルクライアント
Requires: openssh = %{version}-%{release}
Group: network
Obsoletes: ssh-clients
Obsoletes: openssh-contrib

%description clients
OpenSSH is a free version of SSH (Secure SHell), a program for logging
into and executing commands on a remote machine. This package includes
the clients necessary to make encrypted connections to SSH servers.
You'll also need to install the openssh package on OpenSSH clients.

#'
%description -l ja clients
OpenSSH は、ネットワーク接続ツールである SSH プロトコル実装の フリー版 です。 
Ssh はリモートマシンへログインしたり、リモートマシンでコマンドを実行したり
するためのプログラムです。rlogin や rsh を置き換えるもので、二つの信頼でき
ないホスト間の信頼できない通信路でセキュアで暗号化された通信を行うことが
可能にします。X11 のコネクションやあらゆる TCP/IP のポートもまた、セキュア
な通信路の中を通すことができます。

OpenSSH は OpenBSD による最後のフリーのバージョンの再実装で、
最新のセキュリティと機能を提供しています。またすべての特許がからむ
アルゴリズムは分割したライブラリにわかれています。

このパッケージは OpenSSH をクライアントとして使用する場合に
必要なものを含んでいます。


%package server
Summary: The OpenSSH server daemon.
Summary(ja): OpenSSH Secure Shell プロトコルサーバ (sshd)
Group: servers
Obsoletes: ssh-server
Requires(post): openssh = %{version}-%{release}
Requires(post): chkconfig
Requires(pre): shadow-utils
Requires(post): initscripts >= 5.20
Requires: pam

%description server
OpenSSH is a free version of SSH (Secure SHell), a program for logging
into and executing commands on a remote machine. This package contains
the secure shell daemon (sshd). The sshd daemon allows SSH clients to
securely connect to your SSH server. You also need to have the openssh
package installed.

%description -l ja server
OpenSSH は、ネットワーク接続ツールである SSH プロトコル実装の フリー版 です。 
Ssh はリモートマシンへログインしたり、リモートマシンでコマンドを実行したり
するためのプログラムです。rlogin や rsh を置き換えるもので、二つの信頼でき
ないホスト間の信頼できない通信路でセキュアで暗号化された通信を行うことが
可能にします。X11 のコネクションやあらゆる TCP/IP のポートもまた、セキュア
な通信路の中を通すことができます。

OpenSSH は OpenBSD による最後のフリーのバージョンの再実装で、
最新のセキュリティと機能を提供しています。またすべての特許がからむ
アルゴリズムは分割したライブラリにわかれています。

このパッケージは OpenSSH をサーバとして使用する場合に必要な
デーモンなどを含んでいます。


%package askpass-gnome
Summary: A passphrase dialog for OpenSSH, X, and GNOME.
Summary(ja): OpenSSH GNOME パスフレーズ入力ダイアログ
Group: network
Requires: openssh = %{version}-%{release}
Obsoletes: ssh-extras
Obsoletes: openssh-askpass < 5.5p1-3vl6
Provides: openssh-askpass = %{version}-%{release}

%description askpass-gnome
OpenSSH is a free version of SSH (Secure SHell), a program for logging
into and executing commands on a remote machine. This package contains
an X11 passphrase dialog for OpenSSH and the GNOME GUI desktop
environment.

%description -l ja askpass-gnome
OpenSSH は、ネットワーク接続ツールである SSH プロトコル実装の フリー版 です。 
Ssh はリモートマシンへログインしたり、リモートマシンでコマンドを実行したり
するためのプログラムです。rlogin や rsh を置き換えるもので、二つの信頼でき
ないホスト間の信頼できない通信路でセキュアで暗号化された通信を行うことが
可能にします。X11 のコネクションやあらゆる TCP/IP のポートもまた、セキュア
な通信路の中を通すことができます。

OpenSSH は OpenBSD による最後のフリーのバージョンの再実装で、
最新のセキュリティと機能を提供しています。またすべての特許がからむ
アルゴリズムは分割したライブラリにわかれています。

このパッケージは GNOME 用のパスフレーズ入力ダイアログを含んでいます。


%debug_package


%prep
%setup -q
%patch0 -p1 -b .vine
#patch4 -p1 -b .vendor

%if %{WITH_SELINUX}
#SELinux
#%patch12 -p1 -b .selinux
%endif

%patch21 -p1 -b .safe-stop
%patch24 -p1 -b .fromto-remote
%patch26 -p1 -b .stack
# %patch27 -p1 -b .log-chroot
# %patch30 -p1 -b .exit-deadlock
# %patch35 -p1 -b .progress

%if %{with systemd}
%patch948 -p1
%endif

autoreconf


%build
CFLAGS="$RPM_OPT_FLAGS -fvisibility=hidden"; export CFLAGS
%if %{pie}
%ifarch s390 s390x sparc sparc64
CFLAGS="$CFLAGS -fPIC"
%else
CFLAGS="$CFLAGS -fpic"
%endif
SAVE_LDFLAGS="$LDFLAGS"
LDFLAGS="$LDFLAGS -pie -z relro -z now"; export LDFLAGS
export CFLAGS
export LDFLAGS
%endif

# for glibc-2.34 on older kenel
export ac_cv_func_closefrom=no

%configure \
	--sysconfdir=%{_sysconfdir}/ssh \
	--libexecdir=%{_libexecdir}/openssh \
	--datadir=%{_datadir}/openssh \
	--with-default-path=/usr/local/bin:/bin:/usr/bin \
	--with-superuser-path=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin 	--with-privsep-path=%{_var}/empty/sshd \
	--disable-strip \
	--without-zlib-version-check \
	--with-ssl-engine \
	--with-ipaddr-display \
	--with-pie=no \
	--enable-vendor-patchlevel="VL-%{version}-%{release}" \
	--with-libedit \
	--with-xauth=/usr/bin/xauth \
%if %{scard}
	--with-smartcard \
%endif
%if %{noip6}
	--with-ipv4-default \
%endif
%if %{rescue}
	--without-pam --with-md5-passwords \
%else
	--with-pam \
%endif
%if %{with systemd}
	--with-systemd \
%endif
	%{nil}

%if %{static_libcrypto}
perl -pi -e "s|-lcrypto|%{_libdir}/libcrypto.a|g" Makefile
%endif

%make_build

%if %{gtk3}
	gtk3=yes
%else
	gtk3=no
%endif

%if ! %{no_gnome_askpass}
pushd contrib
if [ $gtk3 = yes ]; then
	make gnome-ssh-askpass3
	mv gnome-ssh-askpass3 gnome-ssh-askpass
else
	make gnome-ssh-askpass2
	mv gnome-ssh-askpass2 gnome-ssh-askpass
fi
popd
%endif


%install
rm -rf $RPM_BUILD_ROOT
mkdir -p -m755 $RPM_BUILD_ROOT%{_sysconfdir}/ssh
mkdir -p -m755 $RPM_BUILD_ROOT%{_libexecdir}/openssh
mkdir -p -m755 $RPM_BUILD_ROOT%{_var}/empty/sshd
mkdir -p -m755 $RPM_BUILD_ROOT%{_var}/empty/sshd/etc

make install DESTDIR=$RPM_BUILD_ROOT

touch $RPM_BUILD_ROOT%{_var}/empty/sshd/etc/localtime
install -d $RPM_BUILD_ROOT/etc/pam.d/
install -d $RPM_BUILD_ROOT/etc/rc.d/init.d
install -d $RPM_BUILD_ROOT/etc/sysconfig/
install -d $RPM_BUILD_ROOT%{_libexecdir}/openssh
install -m644 contrib/redhat/sshd.pam     $RPM_BUILD_ROOT/etc/pam.d/sshd
install -m644 %{SOURCE110} $RPM_BUILD_ROOT/etc/sysconfig/sshd

%if %{with systemd}
install -d -m755 $RPM_BUILD_ROOT/%{_unitdir}
install -m644 %{SOURCE9} $RPM_BUILD_ROOT/%{_unitdir}/sshd@.service
install -m644 %{SOURCE10} $RPM_BUILD_ROOT/%{_unitdir}/sshd.socket
install -m644 %{SOURCE11} $RPM_BUILD_ROOT/%{_unitdir}/sshd.service
install -m644 %{SOURCE12} $RPM_BUILD_ROOT/%{_unitdir}/sshd-keygen@.service
install -m644 %{SOURCE15} $RPM_BUILD_ROOT/%{_unitdir}/sshd-keygen.target
install -m744 %{SOURCE13} $RPM_BUILD_ROOT/%{_libexecdir}/openssh/sshd-keygen
install -m755 contrib/ssh-copy-id $RPM_BUILD_ROOT%{_bindir}/
install contrib/ssh-copy-id.1 $RPM_BUILD_ROOT%{_mandir}/man1/
install -m644 -D %{SOURCE14} $RPM_BUILD_ROOT%{_tmpfilesdir}/%{name}.conf
%else
install -m755 %{SOURCE100} $RPM_BUILD_ROOT/etc/rc.d/init.d/sshd
%endif

%if ! %{scard}
        rm -f $RPM_BUILD_ROOT%{_datadir}/openssh/Ssh.bin
%endif

%if ! %{no_gnome_askpass}
install -s contrib/gnome-ssh-askpass $RPM_BUILD_ROOT%{_libexecdir}/openssh/gnome-ssh-askpass
install -m 755 -d $RPM_BUILD_ROOT%{_sysconfdir}/profile.d/
install -m 755 contrib/redhat/gnome-ssh-askpass.{sh,csh} $RPM_BUILD_ROOT%{_sysconfdir}/profile.d/
%endif

%if %{no_gnome_askpass}
rm -f $RPM_BUILD_ROOT/etc/profile.d/gnome-ssh-askpass.*
%endif

# for contrib package
install -m 0755 contrib/ssh-copy-id $RPM_BUILD_ROOT%{_bindir}
install -m 0644 contrib/ssh-copy-id.1 $RPM_BUILD_ROOT%{_mandir}/man1
mv contrib/README contrib/README.contrib

perl -pi -e "s|$RPM_BUILD_ROOT||g" $RPM_BUILD_ROOT%{_mandir}/man*/*

%clean
rm -rf $RPM_BUILD_ROOT

%triggerun server -- ssh-server
if [ "$1" != 0 -a -r /var/run/sshd.pid ] ; then
	touch /var/run/sshd.restart
fi

%triggerun server -- openssh-server < 2.5.0p1
# Count the number of HostKey and HostDsaKey statements we have.
gawk	'BEGIN {IGNORECASE=1}
	 /^hostkey/ || /^hostdsakey/ {sawhostkey = sawhostkey + 1}
	 END {exit sawhostkey}' /etc/ssh/sshd_config
# And if we only found one, we know the client was relying on the old default
# behavior, which loaded the the SSH2 DSA host key when HostDsaKey wasn't
# specified.  Now that HostKey is used for both SSH1 and SSH2 keys, specifying
# one nullifies the default, which would have loaded both.
if [ $? -eq 1 ] ; then
	echo HostKey /etc/ssh/ssh_host_rsa_key >> /etc/ssh/sshd_config
	echo HostKey /etc/ssh/ssh_host_dsa_key >> /etc/ssh/sshd_config
fi

%triggerpostun server -- ssh-server
if [ "$1" != 0 ] ; then
	/sbin/chkconfig --add sshd
	if test -f /var/run/sshd.restart ; then
		rm -f /var/run/sshd.restart
		# /sbin/service sshd start > /dev/null 2>&1 || :
		/sbin/service sshd start
	fi
fi

%if %{with systemd}
%pre
getent group ssh_keys >/dev/null || groupadd -r ssh_keys || :
%endif

%pre server
%{_sbindir}/groupadd -r -g %{sshd_gid} sshd 2>/dev/null || :
%{_sbindir}/useradd -d /var/empty/sshd -s /bin/false -u %{sshd_uid} \
        -g sshd -M -r sshd 2>/dev/null || :

%post server
%if %{with systemd}
%systemd_post sshd.service sshd.socket
%else
/sbin/chkconfig --add sshd
%endif

%postun server
%if %{with systemd}
%systemd_postun_with_restart sshd.service
%else
# /sbin/service sshd condrestart > /dev/null 2>&1 || :
if [ "$1" -gt 0 ]; then
	/sbin/service sshd condrestart
fi
exit 0
%endif

%preun server
%if %{with systemd}
%systemd_preun sshd.service sshd.socket
%else
if [ "$1" = 0 -o -x /bin/systemctl ]; then
	/sbin/service sshd stop > /dev/null 2>&1 || :
	/sbin/chkconfig --del sshd
fi
%endif


%files
%defattr(-,root,root)
%license LICENCE
%doc CREDITS ChangeLog INSTALL OVERVIEW PROTOCOL* README* TODO
%attr(0755,root,root) %dir %{_sysconfdir}/ssh
%attr(0600,root,root) %config(noreplace) %{_sysconfdir}/ssh/moduli
%attr(644,root,root) %{_mandir}/man5/moduli.5*
%if ! %{rescue}
%attr(0755,root,root) %{_bindir}/ssh-keygen
%attr(0644,root,root) %{_mandir}/man1/ssh-keygen.1*
%attr(0755,root,root) %dir %{_libexecdir}/openssh
%attr(4711,root,root) %{_libexecdir}/openssh/ssh-keysign
%attr(0644,root,root) %{_mandir}/man8/ssh-keysign.8*
%endif
%if %{scard}
%attr(0755,root,root) %dir %{_datadir}/openssh
%attr(0644,root,root) %{_datadir}/openssh/Ssh.bin
%endif

%files clients
%defattr(-,root,root)
%attr(0755,root,root) %{_bindir}/scp
%attr(0755,root,root) %{_bindir}/ssh
%attr(0644,root,root) %{_mandir}/man1/scp.1*
%attr(0644,root,root) %{_mandir}/man1/ssh.1*
%attr(0644,root,root) %{_mandir}/man5/ssh_config.5*
# %attr(0644,root,root) %{_mandir}/man1/slogin.1*
%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/ssh/ssh_config
# %attr(-,root,root) %{_bindir}/slogin
%if ! %{rescue}
%attr(0755,root,root) %{_bindir}/ssh-agent
%attr(0755,root,root) %{_bindir}/ssh-add
%attr(0755,root,root) %{_bindir}/ssh-keyscan
%attr(0755,root,root) %{_bindir}/sftp
%attr(0755,root,root) %{_bindir}/ssh-copy-id
%attr(0755,root,root) %{_libexecdir}/openssh/ssh-pkcs11-helper
%attr(0755,root,root) %{_libexecdir}/openssh/ssh-sk-helper
%attr(0644,root,root) %{_mandir}/man1/ssh-agent.1*
%attr(0644,root,root) %{_mandir}/man1/ssh-add.1*
%attr(0644,root,root) %{_mandir}/man1/ssh-keyscan.1*
%attr(0644,root,root) %{_mandir}/man1/sftp.1*
%attr(0644,root,root) %{_mandir}/man1/ssh-copy-id.1*
%attr(0644,root,root) %{_mandir}/man8/ssh-pkcs11-helper.8*
%attr(0644,root,root) %{_mandir}/man8/ssh-sk-helper.8*
%endif

%if ! %{rescue}
%files server
%defattr(-,root,root)
%dir %attr(0711,root,root) %{_var}/empty/sshd
%dir %attr(0755,root,root) %{_var}/empty/sshd/etc
%ghost %verify(not md5 size mtime) %{_var}/empty/sshd/etc/localtime
%attr(0755,root,root) %{_sbindir}/sshd
%attr(0755,root,root) %{_libexecdir}/openssh/sftp-server
%attr(0644,root,root) %{_mandir}/man5/sshd_config.5*
%attr(0644,root,root) %{_mandir}/man8/sshd.8*
%attr(0644,root,root) %{_mandir}/man8/sftp-server.8*
%attr(0755,root,root) %dir %{_sysconfdir}/ssh
%attr(0600,root,root) %config(noreplace) %{_sysconfdir}/ssh/sshd_config
%attr(0600,root,root) %config(noreplace) /etc/pam.d/sshd
%attr(0755,root,root) %config /etc/sysconfig/sshd
%if %{with systemd}
%attr(0755,root,root) %{_libexecdir}/openssh/sshd-keygen
%attr(0644,root,root) %{_unitdir}/sshd.service
%attr(0644,root,root) %{_unitdir}/sshd@.service
%attr(0644,root,root) %{_unitdir}/sshd.socket
%attr(0644,root,root) %{_unitdir}/sshd-keygen@.service
%attr(0644,root,root) %{_unitdir}/sshd-keygen.target
%attr(0644,root,root) %{_tmpfilesdir}/openssh.conf
%else
%attr(0755,root,root) %config /etc/rc.d/init.d/sshd
%endif
%endif

%if ! %{no_gnome_askpass}
%files askpass-gnome
%defattr(-,root,root)
%attr(0755,root,root) %config %{_sysconfdir}/profile.d/gnome-ssh-askpass.*
%attr(0755,root,root) %{_libexecdir}/openssh/gnome-ssh-askpass
%endif


%changelog
* Tue Oct 19 2021 Tomohiro "Tomo-p" KATO <tomop@teamgedoh.net> 8.8p1-3
- built with workaround for glibc-2.34 on older kernel.

* Sat Oct 09 2021 Tomohiro "Tomo-p" KATO <tomop@teamgedoh.net> 8.8p1-2
- rebuilt with openssl-3.0.0.

* Fri Oct 01 2021 Tomohiro "Tomo-p" KATO <tomop@teamgedoh.net> 8.8p1-1
- new upstream release.

* Fri Aug 20 2021 Tomohiro "Tomo-p" KATO <tomop@teamgedoh.net> 8.7p1-1
- new upstream release.
- updated Patch0.

* Wed Apr 21 2021 Tomohiro "Tomo-p" KATO <tomop@teamgedoh.net> 8.6p1-1
- new upstream release.

* Tue Mar 09 2021 Tomohiro "Tomo-p" KATO <tomop@teamgedoh.net> 8.5p1-1
- new upstream release.

* Wed Oct 07 2020 Tomohiro "Tomo-p" KATO <tomop@teamgedoh.net> 8.4p1-1
- new upstream release.
- updated Patch0.
- disabled Patch35.

* Wed May 27 2020 Tomohiro "Tomo-p" KATO <tomop@teamgedoh.net> 8.3p1-1
- new upstream release.

* Thu Apr 02 2020 Tomohiro "Tomo-p" KATO <tomop@teamgedoh.net> 8.2p1-2
- added systemd support (disabled as default).

* Thu Mar 19 2020 Tomohiro "Tomo-p" KATO <tomop@teamgedoh.net> 8.2p1-1
- new upstream release.
- updated Patch35.

* Thu Oct 17 2019 Tomohiro "Tomo-p" KATO <tomop@teamgedoh.net> 8.1p1-1
- new upstream release.

* Sat Jun 22 2019 Tomohiro "Tomo-p" KATO <tomop@teamgedoh.net> 8.0p1-1
- new upstream release.
- moved scp to openssh-clients.
- changed "PasswordAuthentication" to "no" as default.
- dropped Patch4.
- updated Patch35 to use GTK+3 for gnome-ssh-askpass.

* Tue Nov 06 2018 Tomohiro "Tomo-p" KATO <tomop@teamgedoh.net> 7.9p1-1
- new upstream release.
- updated Patch4.

* Wed Nov 15 2017 Satoshi IWAMOTO <satoshi.iwamoto@nifty.ne.jp> 7.6p1-1
- new upstream release.
- update patch0,4,21,24
- update patch35 from fc26
- drop patch12,20,30

* Fri Aug  5 2016 Tomohiro "Tomo-p" KATO <tomop@teamgedoh.net> 7.2p2-2
- disabled rsa1 hostkey generation.

* Sat Jul 30 2016 Tomohiro "Tomo-p" KATO <tomop@teamgedoh.net> 7.2p2-1
- new upstream release.

* Wed Mar  9 2016 Satoshi IWAMOTO <satoshi.iwamoto@nifty.ne.jp> 7.2p1-1
- new upstream release
- built with openssl 1.0.2g
- drop slogin command and manual, this is upstream change.

* Sun Jan 17 2016 Daisuke SUZUKI <daisuke@vinelinux.org> 7.1p2-1
- update to 7.1p2

* Mon Dec 28 2015 Daisuke SUZUKI <daisuke@vinelinux.org> 7.1p1-1
- update to 7.1p1
- remove patch100 to use default value "prohibit-password" for PermitRootLogin

* Tue Oct 14 2014 Daisuke SUZUKI <daisuke@vinelinux.org> 6.7p1-1
- update to 6.7p1
- fix sshd.init

* Thu Aug 07 2014 Daisuke SUZUKI <daisuke@vinelinux.org> 6.6p1-1
- update to 6.6p1
- remove BR: sharutils
- add BR: libdb-devel instead of db4-devel

* Tue Feb 04 2014 Daisuke SUZUKI <daisuke@linux.or.jp> 6.5p1-1
- update to 6.5p1
- update sshd_config
  - generate ED25519 host key.

* Tue Nov 12 2013 Daisuke SUZUKI <daisuke@linux.or.jp> 6.4p1-1
- update to 6.4p1

* Mon May 20 2013 Daisuke SUZUKI <daisuke@linux.or.jp> 6.2p2-1
- update to 6.2p2

* Fri Mar 22 2013 Daisuke SUZUKI <daisuke@linux.or.jp> 6.2p1-1
- update to 6.2p1

* Fri Nov  2 2012 Satoshi IWAMOTO <satoshi.iwamoto@nifty.ne.jp> 6.1p1-1
- new upstream release
- add -with-xauth option in configure
- patch4, 30, 35 are updated from fc18

* Mon May 07 2012 Daisuke SUZUKI <daisuke@linux.or.jp> 6.0p1-1
- new upstream release 

* Tue Mar 06 2012 Daisuke SUZUKI <daisuke@linux.or.jp> 5.9p1-1
- new upstream release 

* Sun May  8 2011 Satoshi IWAMOTO <satoshi.iwamoto@nifty.ne.jp> 5.8p2-1
- new upstream release

* Tue Apr 19 2011 Daisuke SUZUKI <daisuke@linux.or.jp> 5.8p1-2
- add our own sshd.init based on fedora's sshd.init
  - generate ECDSA host key.

* Sat Feb 05 2011 Daisuke SUZUKI <daisuke@linux.or.jp> 5.8p1-1
- new upstream release

* Tue Jan 25 2011 Daisuke SUZUKI <daisuke@linux.or.jp> 5.7p1-1
- new upstream release

* Mon Jan 10 2011 Daisuke SUZUKI <daisuke@linux.or.jp> 5.6p1-1
- new upstream release
- obsolete contrib subpackage, move ssh-copy-id to client subpackage

* Sun Jan  9 2011 Satoshi IWAMOTO <satoshi.iwamoto@nifty.ne.jp> 5.5p1-4
- rebuilt with openssl 1.0.0c

* Sun May 23 2010 Daisuke SUZUKI <daisuke@linux.or.jp> 5.5p1-3
- drop x11-askpass, add Obsoletes: openssh-askpass
- add BR: groff
- enable --with-libedit option, add BR: libedit-devel
- remove unrecognized option '--with-rsh'

* Sun May 23 2010 Daisuke SUZUKI <daisuke@linux.or.jp> 5.5p1-2
- add BR: xorg-x11-xauth for X11 forwarding support

* Thu Apr 22 2010 Daisuke SUZUKI <daisuke@linux.or.jp> 5.5p1-1
- new upstream release
- update patch0,2
- drop patch3,22

* Tue Feb 24 2009 Daisuke SUZUKI <daisuke@linux.or.jp> 5.2p1-1
- new upstream release

* Tue Jul 22 2008 Daisuke SUZUKI <daisuke@linux.or.jp> 5.1p1-1
- new upstream release

* Thu May 29 2008 Daisuke SUZUKI <daisuke@linux.or.jp> 5.0p1-2
- rebuild with xorg-x11-7.3

* Fri Apr 04 2008 Satoshi IWAMOTO <satoshi.iwamoto@nifty.ne.jp> 5.0p1-1
- new upstream release with security fix (CVE-2008-1483)
- drop patch31 which is included in new release (This was for CVE-2008-1483)

* Tue Apr 01 2008 Satoshi IWAMOTO <satoshi.iwamoto@nifty.ne.jp> 4.9p1-1
- new upstream release with security fix ("ForceCommand" Directive)
- turn on daemon restart message
- new versioning policy

* Mon Nov 26 2007 Satoshi IWAMOTO <satoshi.iwamoto@nifty.ne.jp> 4.7p1-0vl2
- add /var/empty/sshd/etc/localtime to fix secure log bad timestamps

* Tue Nov 13 2007 Daisuke SUZUKI <daisuke@linux.or.jp> 4.7p1-0vl1
- new upstream release

* Thu May 17 2007 Daisuke SUZUKI <daisuke@linux.or.jp> 4.6p1-0vl2
- build with -fpie/-pie by default.
- enable ipv6 by default.

* Fri May 04 2007 Daisuke SUZUKI <daisuke@linux.or.jp> 4.6p1-0vl1
- new upstream release

* Wed Nov 08 2006 Satoshi IWAMOTO <satoshi.iwamoto@nifty.ne.jp> 4.5p1-0vl1
- new upstream release

* Fri Sep 29 2006 Daisuke SUZUKI <daisuke@linux.or.jp> 4.4p1-0vl1
- new upstream release

* Thu Jul 27 2006 Daisuke SUZUKI <daisuke@linux.or.jp> 4.3p2-0vl1
- new upstream release

* Mon Apr 10 2006 Daisuke SUZUKI <daisuke@linux.or.jp> 4.3p1-0vl1
- new upstream release
- remove build6x stuff
- remove libgnome-devel from BuildRequires
- cleanup BuildRequires
- drop Patch200, it is merged in upstream.
- import patches(25-35) from FC-devel

* Mon Apr 10 2006 IWAI, Masaharu <iwai@alib.jp> 4.2p1-0vl3
- SECURITY FIX: CVE-2006-0225
  - add scp no system patch ( Patch200 ): from Fedora Core 4 4.2p1-fc4.10
- update BuildPreReq: s/XFree86-devel/XOrg-devel/
- fix BuildPreReq for GNOME: gnome-libs-devel ( GNOME1 ) was always used
  - When GNOME2 is used, using libgnome-devel
  - add BuildPreReq: gtk2-devel for GNOME2

* Sat Sep 24 2005 Daisuke SUZUKI <daisuke@linux.or.jp> 4.2p1-0vl2
- rebuild with gtk+-2.8 final

* Sun Sep  4 2005 Daisuke SUZUKI <daisuke@linux.or.jp> 4.2p1-0vl1
- new upstream release
- build with gtk+-2.7

* Sun May 29 2005 Daisuke SUZUKI <daisuke@linux.or.jp> 4.1p1-0vl1
- new upstream release

* Fri Apr 01 2005 KOBAYASHI Taizo <tkoba@vinelinux.org> 4.0p1-0vl2
- cleanup obsolete patches and added patches from fedora

* Wed Mar 16 2005 Daisuke SUZUKI <daisuke@linux.or.jp> 4.0p1-0vl1
- new upstream release

* Thu Aug 19 2004 Daisuke SUZUKI <daisuke@linux.or.jp> 3.9pl1-0vl1
- new upstream release

* Wed Apr 21 2004 Daisuke SUZUKI <daisuke@linux.or.jp> 3.8.1p1-0vl1
- new upstream release

* Fri Mar 26 2004 Daisuke SUZUKI <daisuke@linux.or.jp> 3.8p1-0vl2
- rebuild with openssl-0.9.7d

* Fri Feb 27 2004 Daisuke SUZUKI <daisuke@linux.or.jp> 3.8p1-0vl1
- new upstream release

* Thu Oct  2 2003 IWAI, Masaharu <iwai@alib.jp> 3.7.1p2-0vl2
- create contrib package

* Wed Sep 24 2003 Daisuke SUZUKI <daisuke@linux.or.jp> 3.7.1p2-0vl1
- new upstream release
- fix security issue: http://www.openssh.com/txt/sshpam.adv

* Wed Sep 17 2003 Daisuke SUZUKI <daisuke@linux.or.jp> 3.7.1p1-0vl1
- new upstream release
- fix security issue: http://www.openssh.com/txt/buffer.adv

* Wed Sep 17 2003 Daisuke SUZUKI <daisuke@linux.or.jp> 3.7p1-0vl1
- new upstream release

* Thu May  1 2003 Daisuke SUZUKI <daisuke@linux.or.jp> 3.6.1p2-0vl1.1
- rebuild with gtk2

* Thu May  1 2003 Daisuke SUZUKI <daisuke@linux.or.jp> 3.6.1p2-0vl1
- new upstream release

* Sun Apr 13 2003 KOBAYASHI R. Taizo <tkoba@vinelinux.org> 3.5p1-0vl2
- rebuild with new tool chain

* Tue Oct 29 2002 Daisuke SUZUKI <daisuke@linux.or.jp> 3.5p1-0vl1
- new upstream release
- merge with upstream spec (drop anonymous mmap patch, suid of ssh)

* Tue Aug 20 2002 Daisuke SUZUKI <daisuke@linux.or.jp> 3.4p1-0vl3
- change some defines in spec files

* Thu Jun 27 2002 Daisuke SUZUKI <daisuke@linux.or.jp> 3.4p1-0vl2
- add patch110 ( 3.4p1 does not include mmap-fallback patch )

* Thu Jun 27 2002 Daisuke SUZUKI <daisuke@linux.or.jp> 3.4p1-0vl1
- new upstream release
  - security fix
- drop patch10

* Wed Jun 26 2002 Daisuke SUZUKI <daisuke@linux.or.jp> 3.3p1-0vl2
- add patch from Solar Designer to make privsep work with a 2.2 kernel.

* Sun Jun 23 2002 Daisuke SUZUKI <daisuke@linux.or.jp> 3.3p1-0vl1
- new upstream release
- add {sshd,ssh}_config.5 manpages
- add ssh-keysign

* Sun May 26 2002 Daisuke SUZUKI <daisuke@linux.or.jp> 3.2.3p1-0vl1
- new upstream release

* Sat May 18 2002 Daisuke SUZUKI <daisuke@linux.or.jp> 3.2.2p1-0vl1
- new upstream release
- drop patch1

* Fri Mar 08 2002 Daisuke SUZUKI <daisuke@linux.or.jp> 3.1p1-2vl1
- new upstream release
- merged with rawhide release.
- drop Patch101 (merged in upstream)

* Fri Mar 08 2002 Toru Sagami <sagami@vinelinux.org> 3.0.2p1-2vl2
- seurity patch for off-by-one bug 

* Wed Jan 30 2002 KOBAYASHI R. Taizo <tkoba@vinelinux.org> 3.0.2p-2vl1
- merged with Rawhide 3.0.2p1-2

* Sun Dec 02 2001 Toru Sagami <sagami@vinelinux.org>
- updated to 3.0.2p1

* Mon Nov 19 2001 Toru Sagami <sagami@vinelinux.org>
- updated to 3.0.1p1

* Thu Nov 08 2001 Toru Sagami <sagami@vinelinux.org> 3.0p1-0vl0
- updated to 3.0p1

* Sun Sep 30 2001 Daisuke SUZUKI <daisuke@linux.or.jp> 2.9.9p2-0vl2
- add japanese summery and descriptions.
- update x11-askpass 1.2.5

* Sun Sep 30 2001 Daisuke SUZUKI <daisuke@linux.or.jp> 2.9.9p2-0vl1
- update to openssh-2.9.9p2

* Mon Jul 16 2001 MATSUBAYASHI 'Shaolin' Kohji <shaolin@vinelinux.org> 2.5.2p2-0vl3
- rebuilt with openssl-0.9.6b

* Tue Mar 27 2001 Jun Nishii <jun@vinelinux.org> 2.5.2p2-0vl2
- do not Permit RootLogin

* Tue Mar 27 2001 Daisuke SUZUKI <daisuke@linux.or.jp> 2.5.2p2-0vl1
- update to openssh-2.5.2p2

* Wed Mar 21 2001 Daisuke SUZUKI <daisuke@linux.or.jp> 2.5.2p1-0vl1
- update to openssh-2.5.2p1

* Thu Mar 15 2001 Daisuke SUZUKI <daisuke@linux.or.jp> 2.5.1p2-0vl1
- update to openssh-2.5.1p2

* Thu Mar 15 2001 Daisuke SUZUKI <daisuke@linux.or.jp> 2.5.1p2-0vl1
- update to openssh-2.5.1p1

* Wed Feb 21 2001 Daisuke SUZUKI <daisuke@linux.or.jp> 2.5.1p1-0vl1
- update to openssh-2.5.1p1

* Thu Dec 28 2000 Daisuke SUZUKI <daisuke@linux.or.jp> 2.3.0p1-0vl4
- remove suid bit from ssh

* Tue Dec 19 2000 Satoshi MACHINO <machino@vinelinux.org> 2.3.0p1-0vl3
- moved man dir to /usr/share/man

* Wed Dec 06 2000 Satoshi MACHINO <machino@vinelinux.org> 2.3.0p1-0vl2
- fixed askpass's link in ssh-add
- partially used rpmmacros

* Fri Nov 10 2000 Daisuke SUZUKI <daisuke@linux.or.jp> 2.3.0p1-0vl1
- update to 2.3.0p1
- update x11-askpass 1.0.3

* Wed Oct 18 2000 Damien Miller <djm@mindrot.org>
- Merge some of Nalin Dahyabhai <nalin@redhat.com> changes from the 
  Redhat 7.0 spec file

* Sat Oct 14 2000 Daisuke SUZUKI <daisuke@linux.or.jp> 2.2.0p2-2vl1
- rebuild for Vine Linux

* Tue Sep 05 2000 Damien Miller <djm@mindrot.org>
- Use RPM configure macro
* Tue Aug 08 2000 Damien Miller <djm@mindrot.org>
- Some surgery to sshd.init (generate keys at runtime)
- Cleanup of groups and removal of keygen calls
* Wed Jul 12 2000 Damien Miller <djm@mindrot.org>
- Make building of X11-askpass and gnome-askpass optional
* Mon Jun 12 2000 Damien Miller <djm@mindrot.org>
- Glob manpages to catch compressed files
* Wed Mar 15 2000 Damien Miller <djm@ibs.com.au>
- Updated for new location
- Updated for new gnome-ssh-askpass build
* Sun Dec 26 1999 Damien Miller <djm@mindrot.org>
- Added Jim Knoble's <jmknoble@pobox.com> askpass
* Mon Nov 15 1999 Damien Miller <djm@mindrot.org>
- Split subpackages further based on patch from jim knoble <jmknoble@pobox.com>
* Sat Nov 13 1999 Damien Miller <djm@mindrot.org>
- Added 'Obsoletes' directives
* Tue Nov 09 1999 Damien Miller <djm@ibs.com.au>
- Use make install
- Subpackages
* Mon Nov 08 1999 Damien Miller <djm@ibs.com.au>
- Added links for slogin
- Fixed perms on manpages
* Sat Oct 30 1999 Damien Miller <djm@ibs.com.au>
- Renamed init script
* Fri Oct 29 1999 Damien Miller <djm@ibs.com.au>
- Back to old binary names
* Thu Oct 28 1999 Damien Miller <djm@ibs.com.au>
- Use autoconf
- New binary names
* Wed Oct 27 1999 Damien Miller <djm@ibs.com.au>
- Initial RPMification, based on Jan "Yenya" Kasprzak's <kas@fi.muni.cz> spec.