source: projects/specs/branches/6/o/openssh/openssh-vl.spec @ 11236

%define ver 7.2p2
%define rel 3%{_dist_release}

# SELinux
%define WITH_SELINUX 0

# OpenSSH privilege separation requires a user & group ID
%define sshd_uid    74
%define sshd_gid    74

# Version of ssh-askpass
%define aversion 1.2.4.1

# Do we want to disable building of gnome-askpass? (1=yes 0=no)
%define no_gnome_askpass 0

# Use GTK2 for gnome-ssh-askpass
%define gtk2 1

# Build position-independent executables (requires toolchain support)?
%define pie 1

# Do we want to link against a static libcrypto? (1=yes 0=no)
%define static_libcrypto 0

# Do we want smartcard support (1=yes 0=no)
%define scard 0

# Disable IPv6 (avoids DNS hangs on some glibc versions)
%define noip6 0

# Do we want kerberos5 support (1=yes 0=no)
%define kerberos5 0

# Reserve options to override askpass settings with:
# rpm -ba|--rebuild --define 'skip_xxx 1'
%{?skip_gnome_askpass:%define no_gnome_askpass 1}

# Options for static OpenSSL link:
# rpm -ba|--rebuild --define "static_openssl 1"
%{?static_openssl:%define static_libcrypto 1}

# Options for Smartcard support: (needs libsectok and openssl-engine)
# rpm -ba|--rebuild --define "smartcard 1"
%{?smartcard:%define scard 1}

# Option to disable ipv6
# rpm -ba|--rebuild --define "noipv6 1"
%{?noipv6:%define noip6 1}

# Is this a build for the rescue CD (without PAM)? (1=yes 0=no)
%define rescue 0
%{?build_rescue:%define rescue 1}

# Turn off some stuff for resuce builds
%if %{rescue}
%define kerberos5 0
%endif

Summary: The OpenSSH implementation of SSH.
Summary(ja): OpenSSH - フリーの Secure Shell (SSH) の実装
Name: openssh
Version: %{ver}
Release: %{rel}
URL: http://www.openssh.com/portable.html

Source0: ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-%{version}.tar.gz

Patch0: openssh-6.4p1-vine.patch
Patch4: openssh-7.0p1-vendor.patch
Patch12: openssh-selinux.patch
Patch20: openssh-3.9p1-gssapimitm.patch
Patch21: openssh-3.9p1-safe-stop.patch
Patch24: openssh-5.7p1-fromto-remote.patch
Patch26: openssh-5.2p1-pam-no-stack.patch
# Patch27: openssh-5.1p1-log-in-chroot.patch
Patch30: openssh-5.6p1-exit-deadlock.patch
# Patch31: openssh-3.9p1-skip-used.patch
Patch35: openssh-5.1p1-askpass-progress.patch

# secuirty
Patch100: openssh-7.2p2_CVE-2017-15906.patch

# Vine Source
Source100: sshd.init.vine
Source110: sshd.sysconfig.vine

License: BSD
Group: Applications/Internet
BuildRoot: %{_tmppath}/%{name}-%{version}-buildroot

Obsoletes: ssh

BuildRequires: perl, openssl-devel, tcp_wrappers
BuildRequires: util-linux
%if "%{_dist_release}" >= "vl7"
BuildRequires: libdb-devel
%else
BuildRequires: db4-devel
%endif
BuildRequires: pam-devel
BuildRequires: zlib-devel
%if ! %{no_gnome_askpass}
BuildRequires: libX11-devel
BuildRequires: gtk2-devel
%endif
BuildRequires: xorg-x11-xauth
BuildRequires: groff
BuildRequires: libedit-devel

Vendor: Project Vine
Distribution: Vine Linux
Packager: daisuke

%package clients
Summary: OpenSSH clients.
Summary(ja): OpenSSH Secure Shell プロトコルクライアント
Requires: openssh = %{version}-%{release}
Group: Applications/Internet
Obsoletes: ssh-clients
Obsoletes: openssh-contrib

%package server
Summary: The OpenSSH server daemon.
Summary(ja): OpenSSH Secure Shell プロトコルサーバ (sshd)
Group: System Environment/Daemons
Obsoletes: ssh-server
Requires(post): openssh = %{version}-%{release}
Requires(post): chkconfig
Requires(pre): shadow-utils
Requires(post): initscripts >= 5.20
Requires: pam

%package askpass-gnome
Summary: A passphrase dialog for OpenSSH, X, and GNOME.
Summary(ja): OpenSSH GNOME パスフレーズ入力ダイアログ
Group: Applications/Internet
Requires: openssh = %{version}-%{release}
Obsoletes: ssh-extras
Obsoletes: openssh-askpass < 5.5p1-3vl6
Provides: openssh-askpass = %{version}-%{release}

%description
SSH (Secure SHell) is a program for logging into and executing
commands on a remote machine. SSH is intended to replace rlogin and
rsh, and to provide secure encrypted communications between two
untrusted hosts over an insecure network. X11 connections and
arbitrary TCP/IP ports can also be forwarded over the secure channel.

OpenSSH is OpenBSD's version of the last free version of SSH, bringing
it up to date in terms of security and features, as well as removing
all patented algorithms to separate libraries.

This package includes the core files necessary for both the OpenSSH
client and server. To make this package useful, you should also
install openssh-clients, openssh-server, or both.

#'
%description -l ja
OpenSSH は、ネットワーク接続ツールである SSH プロトコル実装の フリー版 です。 
Ssh はリモートマシンへログインしたり、リモートマシンでコマンドを実行したり
するためのプログラムです。rlogin や rsh を置き換えるもので、二つの信頼でき
ないホスト間の信頼できない通信路でセキュアで暗号化された通信を行うことが
可能にします。X11 のコネクションやあらゆる TCP/IP のポートもまた、セキュア
な通信路の中を通すことができます。

OpenSSH は OpenBSD による最後のフリーのバージョンの再実装で、
最新のセキュリティと機能を提供しています。またすべての特許がからむ
アルゴリズムは分割したライブラリにわかれています。

このパッケージは OpenSSH のクライアントとサーバの両方で必要とされる
コアのファイルを含んでいます。実際に使用するにはこのパッケージの他に
openssh-clients および/または openssh-server が必要です。

%description clients
OpenSSH is a free version of SSH (Secure SHell), a program for logging
into and executing commands on a remote machine. This package includes
the clients necessary to make encrypted connections to SSH servers.
You'll also need to install the openssh package on OpenSSH clients.

#'
%description -l ja clients
OpenSSH は、ネットワーク接続ツールである SSH プロトコル実装の フリー版 です。 
Ssh はリモートマシンへログインしたり、リモートマシンでコマンドを実行したり
するためのプログラムです。rlogin や rsh を置き換えるもので、二つの信頼でき
ないホスト間の信頼できない通信路でセキュアで暗号化された通信を行うことが
可能にします。X11 のコネクションやあらゆる TCP/IP のポートもまた、セキュア
な通信路の中を通すことができます。

OpenSSH は OpenBSD による最後のフリーのバージョンの再実装で、
最新のセキュリティと機能を提供しています。またすべての特許がからむ
アルゴリズムは分割したライブラリにわかれています。

このパッケージは OpenSSH をクライアントとして使用する場合に
必要なものを含んでいます。


%description server
OpenSSH is a free version of SSH (Secure SHell), a program for logging
into and executing commands on a remote machine. This package contains
the secure shell daemon (sshd). The sshd daemon allows SSH clients to
securely connect to your SSH server. You also need to have the openssh
package installed.

%description -l ja server
OpenSSH は、ネットワーク接続ツールである SSH プロトコル実装の フリー版 です。 
Ssh はリモートマシンへログインしたり、リモートマシンでコマンドを実行したり
するためのプログラムです。rlogin や rsh を置き換えるもので、二つの信頼でき
ないホスト間の信頼できない通信路でセキュアで暗号化された通信を行うことが
可能にします。X11 のコネクションやあらゆる TCP/IP のポートもまた、セキュア
な通信路の中を通すことができます。

OpenSSH は OpenBSD による最後のフリーのバージョンの再実装で、
最新のセキュリティと機能を提供しています。またすべての特許がからむ
アルゴリズムは分割したライブラリにわかれています。

このパッケージは OpenSSH をサーバとして使用する場合に必要な
デーモンなどを含んでいます。

%description askpass-gnome
OpenSSH is a free version of SSH (Secure SHell), a program for logging
into and executing commands on a remote machine. This package contains
an X11 passphrase dialog for OpenSSH and the GNOME GUI desktop
environment.

%description -l ja askpass-gnome
OpenSSH は、ネットワーク接続ツールである SSH プロトコル実装の フリー版 です。 
Ssh はリモートマシンへログインしたり、リモートマシンでコマンドを実行したり
するためのプログラムです。rlogin や rsh を置き換えるもので、二つの信頼でき
ないホスト間の信頼できない通信路でセキュアで暗号化された通信を行うことが
可能にします。X11 のコネクションやあらゆる TCP/IP のポートもまた、セキュア
な通信路の中を通すことができます。

OpenSSH は OpenBSD による最後のフリーのバージョンの再実装で、
最新のセキュリティと機能を提供しています。またすべての特許がからむ
アルゴリズムは分割したライブラリにわかれています。

このパッケージは GNOME 用のパスフレーズ入力ダイアログを含んでいます。

%prep

%setup -q
%patch0 -p1 -b .vine
%patch4 -p1 -b .vendor

%if %{WITH_SELINUX}
#SELinux
%patch12 -p1 -b .selinux
%endif

%patch21 -p1 -b .safe-stop
%patch24 -p1 -b .fromto-remote
%patch26 -p1 -b .stack
# %patch27 -p1 -b .log-chroot
%patch30 -p1 -b .exit-deadlock
%patch35 -p1 -b .progress

%patch100 -p1 -b .CVE-2017-15906

autoreconf


%build
CFLAGS="$RPM_OPT_FLAGS"; export CFLAGS
%if %{rescue}
CFLAGS="$RPM_OPT_FLAGS -Os"; export CFLAGS
%endif
%if %{pie}
%ifarch s390 s390x sparc sparc64
CFLAGS="$CFLAGS -fPIE"
%else
CFLAGS="$CFLAGS -fpie"
%endif
export CFLAGS
LDFLAGS="$LDFLAGS -pie"; export LDFLAGS
%endif

%configure \
        --sysconfdir=%{_sysconfdir}/ssh \
        --libexecdir=%{_libexecdir}/openssh \
        --datadir=%{_datadir}/openssh \
        --with-tcp-wrappers \
        --with-default-path=/usr/local/bin:/bin:/usr/bin \
        --with-superuser-path=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin \
        --with-privsep-path=%{_var}/empty/sshd \
        --enable-vendor-patchlevel="VL-%{version}-%{release}" \
        --with-libedit \
        --with-xauth=/usr/bin/xauth \
%if %{scard}
        --with-smartcard \
%endif
%if %{noip6}
        --with-ipv4-default \
%endif
%if %{rescue}
        --without-pam --with-md5-passwords
%else
        --with-pam
%endif

%if %{static_libcrypto}
perl -pi -e "s|-lcrypto|%{_libdir}/libcrypto.a|g" Makefile
%endif

make

%if %{gtk2}
        gtk2=yes
%else
        gtk2=no
%endif

%if ! %{no_gnome_askpass}
pushd contrib
if [ $gtk2 = yes ]; then
        make gnome-ssh-askpass2
        mv gnome-ssh-askpass2 gnome-ssh-askpass
else
        make gnome-ssh-askpass1
        mv gnome-ssh-askpass1 gnome-ssh-askpass
fi
popd
%endif

%install
rm -rf $RPM_BUILD_ROOT
mkdir -p -m755 $RPM_BUILD_ROOT%{_sysconfdir}/ssh
mkdir -p -m755 $RPM_BUILD_ROOT%{_libexecdir}/openssh
mkdir -p -m755 $RPM_BUILD_ROOT%{_var}/empty/sshd
mkdir -p -m755 $RPM_BUILD_ROOT%{_var}/empty/sshd/etc

make install DESTDIR=$RPM_BUILD_ROOT

touch $RPM_BUILD_ROOT%{_var}/empty/sshd/etc/localtime
install -d $RPM_BUILD_ROOT/etc/pam.d/
install -d $RPM_BUILD_ROOT/etc/rc.d/init.d
install -d $RPM_BUILD_ROOT/etc/sysconfig/
install -d $RPM_BUILD_ROOT%{_libexecdir}/openssh
install -m644 contrib/redhat/sshd.pam     $RPM_BUILD_ROOT/etc/pam.d/sshd
install -m755 %{SOURCE100} $RPM_BUILD_ROOT/etc/rc.d/init.d/sshd
install -m644 %{SOURCE110} $RPM_BUILD_ROOT/etc/sysconfig/sshd

%if ! %{scard}
        rm -f $RPM_BUILD_ROOT%{_datadir}/openssh/Ssh.bin
%endif

%if ! %{no_gnome_askpass}
install -s contrib/gnome-ssh-askpass $RPM_BUILD_ROOT%{_libexecdir}/openssh/gnome-ssh-askpass
install -m 755 -d $RPM_BUILD_ROOT%{_sysconfdir}/profile.d/
install -m 755 contrib/redhat/gnome-ssh-askpass.{sh,csh} $RPM_BUILD_ROOT%{_sysconfdir}/profile.d/
%endif

%if %{no_gnome_askpass}
rm -f $RPM_BUILD_ROOT/etc/profile.d/gnome-ssh-askpass.*
%endif

# for contrib package
install -m 0755 contrib/ssh-copy-id $RPM_BUILD_ROOT%{_bindir}
install -m 0644 contrib/ssh-copy-id.1 $RPM_BUILD_ROOT%{_mandir}/man1
mv contrib/README contrib/README.contrib

perl -pi -e "s|$RPM_BUILD_ROOT||g" $RPM_BUILD_ROOT%{_mandir}/man*/*

%clean
rm -rf $RPM_BUILD_ROOT

%triggerun server -- ssh-server
if [ "$1" != 0 -a -r /var/run/sshd.pid ] ; then
        touch /var/run/sshd.restart
fi

%triggerun server -- openssh-server < 2.5.0p1
# Count the number of HostKey and HostDsaKey statements we have.
gawk    'BEGIN {IGNORECASE=1}
         /^hostkey/ || /^hostdsakey/ {sawhostkey = sawhostkey + 1}
         END {exit sawhostkey}' /etc/ssh/sshd_config
# And if we only found one, we know the client was relying on the old default
# behavior, which loaded the the SSH2 DSA host key when HostDsaKey wasn't
# specified.  Now that HostKey is used for both SSH1 and SSH2 keys, specifying
# one nullifies the default, which would have loaded both.
if [ $? -eq 1 ] ; then
        echo HostKey /etc/ssh/ssh_host_rsa_key >> /etc/ssh/sshd_config
        echo HostKey /etc/ssh/ssh_host_dsa_key >> /etc/ssh/sshd_config
fi

%triggerpostun server -- ssh-server
if [ "$1" != 0 ] ; then
        /sbin/chkconfig --add sshd
        if test -f /var/run/sshd.restart ; then
                rm -f /var/run/sshd.restart
                # /sbin/service sshd start > /dev/null 2>&1 || :
                /sbin/service sshd start
        fi
fi

%pre server
%{_sbindir}/groupadd -r -g %{sshd_gid} sshd 2>/dev/null || :
%{_sbindir}/useradd -d /var/empty/sshd -s /bin/false -u %{sshd_uid} \
        -g sshd -M -r sshd 2>/dev/null || :

%post server
/sbin/chkconfig --add sshd

%postun server
# /sbin/service sshd condrestart > /dev/null 2>&1 || :
/sbin/service sshd condrestart
exit 0

%preun server
if [ "$1" = 0 ]
then
        /sbin/service sshd stop > /dev/null 2>&1 || :
        /sbin/chkconfig --del sshd
fi

%files
%defattr(-,root,root)
%doc CREDITS ChangeLog INSTALL LICENCE OVERVIEW README* RFC* TODO WARNING*
%attr(0755,root,root) %{_bindir}/scp
%attr(0644,root,root) %{_mandir}/man1/scp.1*
%attr(0755,root,root) %dir %{_sysconfdir}/ssh
%attr(0600,root,root) %config(noreplace) %{_sysconfdir}/ssh/moduli
%attr(644,root,root) %{_mandir}/man5/moduli.5*
%if ! %{rescue}
%attr(0755,root,root) %{_bindir}/ssh-keygen
%attr(0644,root,root) %{_mandir}/man1/ssh-keygen.1*
%attr(0755,root,root) %dir %{_libexecdir}/openssh
%attr(4711,root,root) %{_libexecdir}/openssh/ssh-keysign
%attr(0644,root,root) %{_mandir}/man8/ssh-keysign.8*
%endif
%if %{scard}
%attr(0755,root,root) %dir %{_datadir}/openssh
%attr(0644,root,root) %{_datadir}/openssh/Ssh.bin
%endif

%files clients
%defattr(-,root,root)
%attr(0755,root,root) %{_bindir}/ssh
%attr(0644,root,root) %{_mandir}/man1/ssh.1*
%attr(0644,root,root) %{_mandir}/man5/ssh_config.5*
# %attr(0644,root,root) %{_mandir}/man1/slogin.1*
%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/ssh/ssh_config
# %attr(-,root,root) %{_bindir}/slogin
%if ! %{rescue}
%attr(0755,root,root) %{_bindir}/ssh-agent
%attr(0755,root,root) %{_bindir}/ssh-add
%attr(0755,root,root) %{_bindir}/ssh-keyscan
%attr(0755,root,root) %{_bindir}/sftp
%attr(0755,root,root) %{_bindir}/ssh-copy-id
%attr(0755,root,root) %{_libexecdir}/openssh/ssh-pkcs11-helper
%attr(0644,root,root) %{_mandir}/man1/ssh-agent.1*
%attr(0644,root,root) %{_mandir}/man1/ssh-add.1*
%attr(0644,root,root) %{_mandir}/man1/ssh-keyscan.1*
%attr(0644,root,root) %{_mandir}/man1/sftp.1*
%attr(0644,root,root) %{_mandir}/man1/ssh-copy-id.1*
%attr(0644,root,root) %{_mandir}/man8/ssh-pkcs11-helper.8*
%endif

%if ! %{rescue}
%files server
%defattr(-,root,root)
%dir %attr(0711,root,root) %{_var}/empty/sshd
%dir %attr(0755,root,root) %{_var}/empty/sshd/etc
%ghost %verify(not md5 size mtime) %{_var}/empty/sshd/etc/localtime
%attr(0755,root,root) %{_sbindir}/sshd
%attr(0755,root,root) %{_libexecdir}/openssh/sftp-server
%attr(0644,root,root) %{_mandir}/man5/sshd_config.5*
%attr(0644,root,root) %{_mandir}/man8/sshd.8*
%attr(0644,root,root) %{_mandir}/man8/sftp-server.8*
%attr(0755,root,root) %dir %{_sysconfdir}/ssh
%attr(0600,root,root) %config(noreplace) %{_sysconfdir}/ssh/sshd_config
%attr(0600,root,root) %config(noreplace) /etc/pam.d/sshd
%attr(0755,root,root) %config /etc/rc.d/init.d/sshd
%attr(0755,root,root) %config /etc/sysconfig/sshd
%endif

%if ! %{no_gnome_askpass}
%files askpass-gnome
%defattr(-,root,root)
%attr(0755,root,root) %config %{_sysconfdir}/profile.d/gnome-ssh-askpass.*
%attr(0755,root,root) %{_libexecdir}/openssh/gnome-ssh-askpass
%endif


%changelog
* Tue Nov 14 2017 Satoshi IWAMOTO <satoshi.iwamoto@nifty.ne.jp> 7.2p2-3
- add Patch100 for fix CVE-2017-15906 (sftp-server)

* Fri Aug  5 2016 Tomohiro "Tomo-p" KATO <tomop@teamgedoh.net> 7.2p2-2
- disabled rsa1 hostkey generation.

* Sat Jul 30 2016 Tomohiro "Tomo-p" KATO <tomop@teamgedoh.net> 7.2p2-1
- new upstream release.

* Wed Mar  9 2016 Satoshi IWAMOTO <satoshi.iwamoto@nifty.ne.jp> 7.2p1-1
- new upstream release
- built with openssl 1.0.2g
- drop slogin command and manual, this is upstream change.

* Sun Jan 17 2016 Daisuke SUZUKI <daisuke@vinelinux.org> 7.1p2-1
- update to 7.1p2

* Mon Dec 28 2015 Daisuke SUZUKI <daisuke@vinelinux.org> 7.1p1-1
- update to 7.1p1
- remove patch100 to use default value "prohibit-password" for PermitRootLogin

* Tue Oct 14 2014 Daisuke SUZUKI <daisuke@vinelinux.org> 6.7p1-1
- update to 6.7p1
- fix sshd.init

* Thu Aug 07 2014 Daisuke SUZUKI <daisuke@vinelinux.org> 6.6p1-1
- update to 6.6p1
- remove BR: sharutils
- add BR: libdb-devel instead of db4-devel

* Tue Feb 04 2014 Daisuke SUZUKI <daisuke@linux.or.jp> 6.5p1-1
- update to 6.5p1
- update sshd_config
  - generate ED25519 host key.

* Tue Nov 12 2013 Daisuke SUZUKI <daisuke@linux.or.jp> 6.4p1-1
- update to 6.4p1

* Mon May 20 2013 Daisuke SUZUKI <daisuke@linux.or.jp> 6.2p2-1
- update to 6.2p2

* Fri Mar 22 2013 Daisuke SUZUKI <daisuke@linux.or.jp> 6.2p1-1
- update to 6.2p1

* Fri Nov  2 2012 Satoshi IWAMOTO <satoshi.iwamoto@nifty.ne.jp> 6.1p1-1
- new upstream release
- add -with-xauth option in configure
- patch4, 30, 35 are updated from fc18

* Mon May 07 2012 Daisuke SUZUKI <daisuke@linux.or.jp> 6.0p1-1
- new upstream release 

* Tue Mar 06 2012 Daisuke SUZUKI <daisuke@linux.or.jp> 5.9p1-1
- new upstream release 

* Sun May  8 2011 Satoshi IWAMOTO <satoshi.iwamoto@nifty.ne.jp> 5.8p2-1
- new upstream release

* Tue Apr 19 2011 Daisuke SUZUKI <daisuke@linux.or.jp> 5.8p1-2
- add our own sshd.init based on fedora's sshd.init
  - generate ECDSA host key.

* Sat Feb 05 2011 Daisuke SUZUKI <daisuke@linux.or.jp> 5.8p1-1
- new upstream release

* Tue Jan 25 2011 Daisuke SUZUKI <daisuke@linux.or.jp> 5.7p1-1
- new upstream release

* Mon Jan 10 2011 Daisuke SUZUKI <daisuke@linux.or.jp> 5.6p1-1
- new upstream release
- obsolete contrib subpackage, move ssh-copy-id to client subpackage

* Sun Jan  9 2011 Satoshi IWAMOTO <satoshi.iwamoto@nifty.ne.jp> 5.5p1-4
- rebuilt with openssl 1.0.0c

* Sun May 23 2010 Daisuke SUZUKI <daisuke@linux.or.jp> 5.5p1-3
- drop x11-askpass, add Obsoletes: openssh-askpass
- add BR: groff
- enable --with-libedit option, add BR: libedit-devel
- remove unrecognized option '--with-rsh'

* Sun May 23 2010 Daisuke SUZUKI <daisuke@linux.or.jp> 5.5p1-2
- add BR: xorg-x11-xauth for X11 forwarding support

* Thu Apr 22 2010 Daisuke SUZUKI <daisuke@linux.or.jp> 5.5p1-1
- new upstream release
- update patch0,2
- drop patch3,22

* Tue Feb 24 2009 Daisuke SUZUKI <daisuke@linux.or.jp> 5.2p1-1
- new upstream release

* Tue Jul 22 2008 Daisuke SUZUKI <daisuke@linux.or.jp> 5.1p1-1
- new upstream release

* Thu May 29 2008 Daisuke SUZUKI <daisuke@linux.or.jp> 5.0p1-2
- rebuild with xorg-x11-7.3

* Fri Apr 04 2008 Satoshi IWAMOTO <satoshi.iwamoto@nifty.ne.jp> 5.0p1-1
- new upstream release with security fix (CVE-2008-1483)
- drop patch31 which is included in new release (This was for CVE-2008-1483)

* Tue Apr 01 2008 Satoshi IWAMOTO <satoshi.iwamoto@nifty.ne.jp> 4.9p1-1
- new upstream release with security fix ("ForceCommand" Directive)
- turn on daemon restart message
- new versioning policy

* Mon Nov 26 2007 Satoshi IWAMOTO <satoshi.iwamoto@nifty.ne.jp> 4.7p1-0vl2
- add /var/empty/sshd/etc/localtime to fix secure log bad timestamps

* Tue Nov 13 2007 Daisuke SUZUKI <daisuke@linux.or.jp> 4.7p1-0vl1
- new upstream release

* Thu May 17 2007 Daisuke SUZUKI <daisuke@linux.or.jp> 4.6p1-0vl2
- build with -fpie/-pie by default.
- enable ipv6 by default.

* Fri May 04 2007 Daisuke SUZUKI <daisuke@linux.or.jp> 4.6p1-0vl1
- new upstream release

* Wed Nov 08 2006 Satoshi IWAMOTO <satoshi.iwamoto@nifty.ne.jp> 4.5p1-0vl1
- new upstream release

* Fri Sep 29 2006 Daisuke SUZUKI <daisuke@linux.or.jp> 4.4p1-0vl1
- new upstream release

* Thu Jul 27 2006 Daisuke SUZUKI <daisuke@linux.or.jp> 4.3p2-0vl1
- new upstream release

* Mon Apr 10 2006 Daisuke SUZUKI <daisuke@linux.or.jp> 4.3p1-0vl1
- new upstream release
- remove build6x stuff
- remove libgnome-devel from BuildRequires
- cleanup BuildRequires
- drop Patch200, it is merged in upstream.
- import patches(25-35) from FC-devel

* Mon Apr 10 2006 IWAI, Masaharu <iwai@alib.jp> 4.2p1-0vl3
- SECURITY FIX: CVE-2006-0225
  - add scp no system patch ( Patch200 ): from Fedora Core 4 4.2p1-fc4.10
- update BuildPreReq: s/XFree86-devel/XOrg-devel/
- fix BuildPreReq for GNOME: gnome-libs-devel ( GNOME1 ) was always used
  - When GNOME2 is used, using libgnome-devel
  - add BuildPreReq: gtk2-devel for GNOME2

* Sat Sep 24 2005 Daisuke SUZUKI <daisuke@linux.or.jp> 4.2p1-0vl2
- rebuild with gtk+-2.8 final

* Sun Sep  4 2005 Daisuke SUZUKI <daisuke@linux.or.jp> 4.2p1-0vl1
- new upstream release
- build with gtk+-2.7

* Sun May 29 2005 Daisuke SUZUKI <daisuke@linux.or.jp> 4.1p1-0vl1
- new upstream release

* Fri Apr 01 2005 KOBAYASHI Taizo <tkoba@vinelinux.org> 4.0p1-0vl2
- cleanup obsolete patches and added patches from fedora

* Wed Mar 16 2005 Daisuke SUZUKI <daisuke@linux.or.jp> 4.0p1-0vl1
- new upstream release

* Thu Aug 19 2004 Daisuke SUZUKI <daisuke@linux.or.jp> 3.9pl1-0vl1
- new upstream release

* Wed Apr 21 2004 Daisuke SUZUKI <daisuke@linux.or.jp> 3.8.1p1-0vl1
- new upstream release

* Fri Mar 26 2004 Daisuke SUZUKI <daisuke@linux.or.jp> 3.8p1-0vl2
- rebuild with openssl-0.9.7d

* Fri Feb 27 2004 Daisuke SUZUKI <daisuke@linux.or.jp> 3.8p1-0vl1
- new upstream release

* Thu Oct  2 2003 IWAI, Masaharu <iwai@alib.jp> 3.7.1p2-0vl2
- create contrib package

* Wed Sep 24 2003 Daisuke SUZUKI <daisuke@linux.or.jp> 3.7.1p2-0vl1
- new upstream release
- fix security issue: http://www.openssh.com/txt/sshpam.adv

* Wed Sep 17 2003 Daisuke SUZUKI <daisuke@linux.or.jp> 3.7.1p1-0vl1
- new upstream release
- fix security issue: http://www.openssh.com/txt/buffer.adv

* Wed Sep 17 2003 Daisuke SUZUKI <daisuke@linux.or.jp> 3.7p1-0vl1
- new upstream release

* Thu May  1 2003 Daisuke SUZUKI <daisuke@linux.or.jp> 3.6.1p2-0vl1.1
- rebuild with gtk2

* Thu May  1 2003 Daisuke SUZUKI <daisuke@linux.or.jp> 3.6.1p2-0vl1
- new upstream release

* Sun Apr 13 2003 KOBAYASHI R. Taizo <tkoba@vinelinux.org> 3.5p1-0vl2
- rebuild with new tool chain

* Tue Oct 29 2002 Daisuke SUZUKI <daisuke@linux.or.jp> 3.5p1-0vl1
- new upstream release
- merge with upstream spec (drop anonymous mmap patch, suid of ssh)

* Tue Aug 20 2002 Daisuke SUZUKI <daisuke@linux.or.jp> 3.4p1-0vl3
- change some defines in spec files

* Thu Jun 27 2002 Daisuke SUZUKI <daisuke@linux.or.jp> 3.4p1-0vl2
- add patch110 ( 3.4p1 does not include mmap-fallback patch )

* Thu Jun 27 2002 Daisuke SUZUKI <daisuke@linux.or.jp> 3.4p1-0vl1
- new upstream release
  - security fix
- drop patch10

* Wed Jun 26 2002 Daisuke SUZUKI <daisuke@linux.or.jp> 3.3p1-0vl2
- add patch from Solar Designer to make privsep work with a 2.2 kernel.

* Sun Jun 23 2002 Daisuke SUZUKI <daisuke@linux.or.jp> 3.3p1-0vl1
- new upstream release
- add {sshd,ssh}_config.5 manpages
- add ssh-keysign

* Sun May 26 2002 Daisuke SUZUKI <daisuke@linux.or.jp> 3.2.3p1-0vl1
- new upstream release

* Sat May 18 2002 Daisuke SUZUKI <daisuke@linux.or.jp> 3.2.2p1-0vl1
- new upstream release
- drop patch1

* Fri Mar 08 2002 Daisuke SUZUKI <daisuke@linux.or.jp> 3.1p1-2vl1
- new upstream release
- merged with rawhide release.
- drop Patch101 (merged in upstream)

* Fri Mar 08 2002 Toru Sagami <sagami@vinelinux.org> 3.0.2p1-2vl2
- seurity patch for off-by-one bug 

* Wed Jan 30 2002 KOBAYASHI R. Taizo <tkoba@vinelinux.org> 3.0.2p-2vl1
- merged with Rawhide 3.0.2p1-2

* Sun Dec 02 2001 Toru Sagami <sagami@vinelinux.org>
- updated to 3.0.2p1

* Mon Nov 19 2001 Toru Sagami <sagami@vinelinux.org>
- updated to 3.0.1p1

* Thu Nov 08 2001 Toru Sagami <sagami@vinelinux.org> 3.0p1-0vl0
- updated to 3.0p1

* Sun Sep 30 2001 Daisuke SUZUKI <daisuke@linux.or.jp> 2.9.9p2-0vl2
- add japanese summery and descriptions.
- update x11-askpass 1.2.5

* Sun Sep 30 2001 Daisuke SUZUKI <daisuke@linux.or.jp> 2.9.9p2-0vl1
- update to openssh-2.9.9p2

* Mon Jul 16 2001 MATSUBAYASHI 'Shaolin' Kohji <shaolin@vinelinux.org> 2.5.2p2-0vl3
- rebuilt with openssl-0.9.6b

* Tue Mar 27 2001 Jun Nishii <jun@vinelinux.org> 2.5.2p2-0vl2
- do not Permit RootLogin

* Tue Mar 27 2001 Daisuke SUZUKI <daisuke@linux.or.jp> 2.5.2p2-0vl1
- update to openssh-2.5.2p2

* Wed Mar 21 2001 Daisuke SUZUKI <daisuke@linux.or.jp> 2.5.2p1-0vl1
- update to openssh-2.5.2p1

* Thu Mar 15 2001 Daisuke SUZUKI <daisuke@linux.or.jp> 2.5.1p2-0vl1
- update to openssh-2.5.1p2

* Thu Mar 15 2001 Daisuke SUZUKI <daisuke@linux.or.jp> 2.5.1p2-0vl1
- update to openssh-2.5.1p1

* Wed Feb 21 2001 Daisuke SUZUKI <daisuke@linux.or.jp> 2.5.1p1-0vl1
- update to openssh-2.5.1p1

* Thu Dec 28 2000 Daisuke SUZUKI <daisuke@linux.or.jp> 2.3.0p1-0vl4
- remove suid bit from ssh

* Tue Dec 19 2000 Satoshi MACHINO <machino@vinelinux.org> 2.3.0p1-0vl3
- moved man dir to /usr/share/man

* Wed Dec 06 2000 Satoshi MACHINO <machino@vinelinux.org> 2.3.0p1-0vl2
- fixed askpass's link in ssh-add
- partially used rpmmacros

* Fri Nov 10 2000 Daisuke SUZUKI <daisuke@linux.or.jp> 2.3.0p1-0vl1
- update to 2.3.0p1
- update x11-askpass 1.0.3

* Wed Oct 18 2000 Damien Miller <djm@mindrot.org>
- Merge some of Nalin Dahyabhai <nalin@redhat.com> changes from the 
  Redhat 7.0 spec file

* Sat Oct 14 2000 Daisuke SUZUKI <daisuke@linux.or.jp> 2.2.0p2-2vl1
- rebuild for Vine Linux

* Tue Sep 05 2000 Damien Miller <djm@mindrot.org>
- Use RPM configure macro
* Tue Aug 08 2000 Damien Miller <djm@mindrot.org>
- Some surgery to sshd.init (generate keys at runtime)
- Cleanup of groups and removal of keygen calls
* Wed Jul 12 2000 Damien Miller <djm@mindrot.org>
- Make building of X11-askpass and gnome-askpass optional
* Mon Jun 12 2000 Damien Miller <djm@mindrot.org>
- Glob manpages to catch compressed files
* Wed Mar 15 2000 Damien Miller <djm@ibs.com.au>
- Updated for new location
- Updated for new gnome-ssh-askpass build
* Sun Dec 26 1999 Damien Miller <djm@mindrot.org>
- Added Jim Knoble's <jmknoble@pobox.com> askpass
* Mon Nov 15 1999 Damien Miller <djm@mindrot.org>
- Split subpackages further based on patch from jim knoble <jmknoble@pobox.com>
* Sat Nov 13 1999 Damien Miller <djm@mindrot.org>
- Added 'Obsoletes' directives
* Tue Nov 09 1999 Damien Miller <djm@ibs.com.au>
- Use make install
- Subpackages
* Mon Nov 08 1999 Damien Miller <djm@ibs.com.au>
- Added links for slogin
- Fixed perms on manpages
* Sat Oct 30 1999 Damien Miller <djm@ibs.com.au>
- Renamed init script
* Fri Oct 29 1999 Damien Miller <djm@ibs.com.au>
- Back to old binary names
* Thu Oct 28 1999 Damien Miller <djm@ibs.com.au>
- Use autoconf
- New binary names
* Wed Oct 27 1999 Damien Miller <djm@ibs.com.au>
- Initial RPMification, based on Jan "Yenya" Kasprzak's <kas@fi.muni.cz> spec.