Accepting request 88642 from home:pcerny:factory

- Update to 5.9p1 * sandboxing privsep child through rlimit - spec files and sources cleanup - removed bogus key size from init script OBS-URL: https://build.opensuse.org/request/show/88642 OBS-URL: https://build.opensuse.org/package/show/network/openssh?expand=0&rev=14
2011-10-19 02:18:13 +00:00 · 2011-10-19 02:18:13 +00:00 · 5a89c49d11
commit 5a89c49d11
parent 2f1296c7be
27 changed files with 295 additions and 115 deletions
--- a/openssh-5.8p2.tar.bz2
+++ b/openssh-5.8p2.tar.bz2
@ -1,3 +0,0 @@
 version https://git-lfs.github.com/spec/v1
 oid sha256:517e6b2b0c528a7300315db224cf8b2377f87d71d7a0775572f1ce811d6b218a
 size 900171
--- a/openssh-5.9p1-askpass-fix.diff
+++ b/openssh-5.9p1-askpass-fix.diff
--- a/openssh-5.9p1-audit.patch
+++ b/openssh-5.9p1-audit.patch
@ -60,34 +60,34 @@ Index: openssh-5.8p1/config.h.in
 +/* Define if you want Linux audit support. */
 +#undef HAVE_LINUX_AUDIT
 +
- /* Define to 1 if your processor stores words with the most significant byte
+ /* Define WORDS_BIGENDIAN to 1 if your processor stores words with the most
-    first (like Motorola and SPARC, unlike Intel and VAX). */
+    significant byte first (like Motorola and SPARC, unlike Intel). */
- #undef WORDS_BIGENDIAN
+ #if defined AC_APPLE_UNIVERSAL_BUILD
 Index: openssh-5.8p1/configure.ac
 ===================================================================
 --- openssh-5.8p1.orig/configure.ac
 +++ openssh-5.8p1/configure.ac
@@ -3522,6 +3522,20 @@ AC_ARG_WITH(selinux,
- AC_SUBST(SSHLIBS)
+ AC_SUBST([SSHLIBS])
- AC_SUBST(SSHDLIBS)
+ AC_SUBST([SSHDLIBS])
 +# Check whether user wants Linux audit support
 +LINUX_AUDIT_MSG="no"
 +LIBAUDIT=""
-+AC_ARG_WITH(linux-audit,
+AC_ARG_WITH([linux-audit],
 +	[  --with-linux-audit   Enable Linux audit support],
 +	[ if test "x$withval" != "xno" ; then
-+		AC_DEFINE(HAVE_LINUX_AUDIT,1,[Define if you want Linux audit support.])
+		AC_DEFINE([HAVE_LINUX_AUDIT],[1],[Define if you want Linux audit support.])
 +		LINUX_AUDIT_MSG="yes"
-+		AC_CHECK_HEADERS(libaudit.h)
+		AC_CHECK_HEADERS([libaudit.h])
 +		LIBAUDIT="-laudit"
 +	fi
 +	])
-+AC_SUBST(LIBAUDIT)
+AC_SUBST([LIBAUDIT])
 +
 # Check whether user wants Kerberos 5 support
 KRB5_MSG="no"
- AC_ARG_WITH(kerberos5,
+ AC_ARG_WITH([kerberos5],
@@ -4316,6 +4330,7 @@ echo "                       PAM support
 echo "                   OSF SIA support: $SIA_MSG"
 echo "                 KerberosV support: $KRB5_MSG"
--- a/openssh-5.9p1-blocksigalrm.diff
+++ b/openssh-5.9p1-blocksigalrm.diff
@ -16,6 +16,7 @@ Index: log.c
 	int pri = LOG_INFO;
 +	sigset_t nset, oset;
 	int saved_errno = errno;
 	log_handler_fn *tmp_handler;
 	if (level > log_level)
@@ -387,6 +389,14 @@ do_log(LogLevel level, const char *fmt,
--- a/openssh-5.9p1-default-protocol.diff
+++ b/openssh-5.9p1-default-protocol.diff
--- a/openssh-5.9p1-eal3.diff
+++ b/openssh-5.9p1-eal3.diff
--- a/openssh-5.9p1-engines.diff
+++ b/openssh-5.9p1-engines.diff
@ -42,8 +42,8 @@ Index: openssh-5.8p1/ssh-agent.c
 +	ENGINE_register_all_complete();
 +
 	__progname = ssh_get_progname(av[0]);
 	init_rng();
 	seed_rng();
 Index: openssh-5.8p1/ssh-keygen.c
 ===================================================================
 --- openssh-5.8p1.orig/ssh-keygen.c
@ -67,7 +67,7 @@ Index: openssh-5.8p1/ssh-keygen.c
 +
 	log_init(argv[0], SYSLOG_LEVEL_INFO, SYSLOG_FACILITY_USER, 1);
- 	init_rng();
+ 	seed_rng();
 Index: openssh-5.8p1/ssh-keysign.c
 ===================================================================
 --- openssh-5.8p1.orig/ssh-keysign.c
--- a/openssh-5.9p1-gssapimitm.patch
+++ b/openssh-5.9p1-gssapimitm.patch
@ -153,7 +153,7 @@ Index: servconf.c
@@ -322,7 +325,7 @@ typedef enum {
 	sBanner, sUseDNS, sHostbasedAuthentication,
 	sHostbasedUsesNameFromPacketOnly, sClientAliveInterval,
- 	sClientAliveCountMax, sAuthorizedKeysFile, sAuthorizedKeysFile2,
+ 	sClientAliveCountMax, sAuthorizedKeysFile,
 -	sGssAuthentication, sGssCleanupCreds, sAcceptEnv, sPermitTunnel,
 +	sGssAuthentication, sGssCleanupCreds, sAcceptEnv, sPermitTunnel, sGssEnableMITM,
 	sMatch, sPermitOpen, sForceCommand, sChrootDirectory,
--- a/openssh-5.9p1-homechroot.patch
+++ b/openssh-5.9p1-homechroot.patch
--- a/openssh-5.9p1-host_ident.diff
+++ b/openssh-5.9p1-host_ident.diff
@ -3,7 +3,7 @@ Index: openssh-5.7p1/sshconnect.c
 --- openssh-5.7p1.orig/sshconnect.c
 +++ openssh-5.7p1/sshconnect.c
@@ -958,6 +958,11 @@ check_host_key(char *hostname, struct so
- 		    user_hostfile);
+ 		    user_hostfiles[0]);
 		error("Offending %s key in %s:%lu", key_type(host_found->key),
 		    host_found->file, host_found->line);
 +		error("You can use following command to remove all keys for this IP:");
--- a/openssh-5.9p1-pam-fix2.diff
+++ b/openssh-5.9p1-pam-fix2.diff
--- a/openssh-5.9p1-pam-fix3.diff
+++ b/openssh-5.9p1-pam-fix3.diff
--- a/openssh-5.9p1-pts.diff
+++ b/openssh-5.9p1-pts.diff
--- a/openssh-5.9p1-saveargv-fix.diff
+++ b/openssh-5.9p1-saveargv-fix.diff
--- a/openssh-5.9p1-send_locale.diff
+++ b/openssh-5.9p1-send_locale.diff
--- a/openssh-5.9p1-sshconfig-knownhostschanges.diff
+++ b/openssh-5.9p1-sshconfig-knownhostschanges.diff
--- a/openssh-5.9p1-sshd_config.diff
+++ b/openssh-5.9p1-sshd_config.diff
--- a/openssh-5.9p1-xauth.diff
+++ b/openssh-5.9p1-xauth.diff
--- a/openssh-5.9p1-xauthlocalhostname.diff
+++ b/openssh-5.9p1-xauthlocalhostname.diff
--- a/openssh-5.9p1.tar.bz2
+++ b/openssh-5.9p1.tar.bz2
@ -0,0 +1,3 @@
 version https://git-lfs.github.com/spec/v1
 oid sha256:478962a2757c61d73de051b8cf8ace9f8f5c4cff5910ca7ba5a7735c5a2ab980
 size 894158
--- a/openssh-SuSE.tar.bz2
+++ b/openssh-SuSE.tar.bz2
@ -1,3 +0,0 @@
 version https://git-lfs.github.com/spec/v1
 oid sha256:f8266c1a050015a77ba8f6f1fd51aa1ce60d5b913564392bb205f94fedd4548c
 size 1965
--- a/openssh-askpass-gnome.changes
+++ b/openssh-askpass-gnome.changes
@ -1,3 +1,8 @@
 -------------------------------------------------------------------
 Wed Oct 19 00:40:15 UTC 2011 - pcerny@suse.com
 - Update to 5.9p1 
 -------------------------------------------------------------------
 Fri Feb  4 11:19:14 UTC 2011 - lchiquitto@novell.com
--- a/openssh-askpass-gnome.spec
+++ b/openssh-askpass-gnome.spec
@ -21,24 +21,25 @@ Name:           openssh-askpass-gnome
 BuildRequires:  gtk2-devel krb5-devel openssh openssl-devel pam-devel tcpd-devel update-desktop-files
 License:        BSD3c(or similar)
 Group:          Productivity/Networking/SSH
-Version:        5.8p2
+Version:        5.9p1
 Release:        1
 Requires:       openssh = %{version} openssh-askpass = %{version}
 AutoReqProv:    on
 Summary:        A GNOME-Based Passphrase Dialog for OpenSSH
-URL:            http://www.openssh.com/
+Url:            http://www.openssh.com/
 %define _name openssh
 Source:         %{_name}-%{version}.tar.bz2
-Patch:          %{_name}-5.8p1-sshd_config.diff
+Patch:          %{_name}-5.9p1-sshd_config.diff
-Patch1:         %{_name}-5.8p1-pam-fix2.diff
+Patch1:         %{_name}-5.9p1-pam-fix2.diff
-Patch2:         %{_name}-5.8p1-saveargv-fix.diff
+Patch2:         %{_name}-5.9p1-saveargv-fix.diff
-Patch3:         %{_name}-5.8p1-pam-fix3.diff
+Patch3:         %{_name}-5.9p1-pam-fix3.diff
-Patch4:         %{_name}-5.8p1-gssapimitm.patch
+Patch4:         %{_name}-5.9p1-gssapimitm.patch
-Patch5:         %{_name}-5.8p1-eal3.diff
+Patch5:         %{_name}-5.9p1-eal3.diff
-Patch6:         %{_name}-5.8p1-engines.diff
+Patch6:         %{_name}-5.9p1-engines.diff
-Patch7:         %{_name}-5.8p1-blocksigalrm.diff
+Patch7:         %{_name}-5.9p1-blocksigalrm.diff
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 %description
 SSH (Secure Shell) is a program for logging into a remote machine and
 for executing commands on a remote machine. This package contains a
@ -55,14 +56,15 @@ GNOME-based passphrase dialog for OpenSSH.
 %patch6 -p1
 %patch7
 %build
 %{?suse_update_config:%{suse_update_config}}
 aclocal
 autoheader
 autoconf
 %configure \
-	--sysconfdir=%_sysconfdir/ssh \
+	--sysconfdir=%{_sysconfdir}/ssh \
-	--libexecdir=%_libexecdir/ssh \
+	--libexecdir=%{_libexecdir}/ssh \
 	--with-tcp-wrappers \
 	--with-pam \
 	--with-kerberos5=/usr \
@ -73,13 +75,17 @@ cd contrib
 make %{?_smp_mflags} gnome-ssh-askpass2
 mv gnome-ssh-askpass2 gnome-ssh-askpass
 %install
-install -d -m 755 %buildroot/%_libexecdir/ssh/
+install -d -m 755 %{buildroot}%{_libexecdir}/ssh/
-install contrib/gnome-ssh-askpass %buildroot/%_libexecdir/ssh/gnome-ssh-askpass
+install contrib/gnome-ssh-askpass %{buildroot}%{_libexecdir}/ssh/gnome-ssh-askpass
 %files
 %defattr(-,root,root)
-%dir %_libexecdir/ssh
+%dir %{_libexecdir}/ssh
-%attr(0755,root,root) %_libexecdir/ssh/gnome-ssh-askpass
+%attr(0755,root,root) %{_libexecdir}/ssh/gnome-ssh-askpass
 %changelog
--- a/openssh.changes
+++ b/openssh.changes
@ -1,3 +1,9 @@
 -------------------------------------------------------------------
 Wed Oct 19 00:32:20 UTC 2011 - pcerny@suse.com
 - Update to 5.9p1
  * sandboxing privsep child through rlimit
 -------------------------------------------------------------------
 Fri Sep 16 09:43:47 UTC 2011 - jengelh@medozas.de
--- a/openssh.spec
+++ b/openssh.spec
@ -18,7 +18,7 @@
 Name:           openssh
-%define _fwdefdir %_sysconfdir/sysconfig/SuSEfirewall2.d/services
+%define _fwdefdir %{_sysconfdir}/sysconfig/SuSEfirewall2.d/services
 %define _appdefdir      %{_prefix}/share/X11/app-defaults
 BuildRequires:  audit-devel krb5-devel openssl-devel pam-devel tcpd-devel xorg-x11-devel
 BuildRequires:  libselinux-devel
@ -26,15 +26,15 @@ BuildRequires:  libedit-devel
 License:        BSD3c(or similar) ; MIT License (or similar)
 Group:          Productivity/Networking/SSH
 Requires:       /bin/netstat
-PreReq:         pwdutils %insserv_prereq  %fillup_prereq coreutils
+PreReq:         pwdutils %{insserv_prereq} %{fillup_prereq} coreutils
 Conflicts:      nonfreessh
-Version:        5.8p2
+Version:        5.9p1
 Release:        1
 %define xversion 1.2.4.1
 Summary:        Secure Shell Client and Server (Remote Login Program)
-URL:            http://www.openssh.com/
+Url:            http://www.openssh.com/
 Source:         %{name}-%{version}.tar.bz2
-Source1:        %{name}-SuSE.tar.bz2
+Source1:        sshd.init
 Source2:        sshd.pamd
 Source3:        x11-ssh-askpass-%{xversion}.tar.bz2
 Source4:        README.SuSE
@ -43,34 +43,37 @@ Source6:        README.kerberos
 Source7:        ssh.reg
 Source8:        ssh-askpass
 Source9:        sshd.fw
-Patch:          %{name}-5.8p1-sshd_config.diff
+Source10:       sysconfig.ssh
-Patch1:         %{name}-5.8p1-askpass-fix.diff
+Patch:          %{name}-5.9p1-sshd_config.diff
-Patch2:         %{name}-5.8p1-pam-fix2.diff
+Patch1:         %{name}-5.9p1-askpass-fix.diff
-Patch3:         %{name}-5.8p1-saveargv-fix.diff
+Patch2:         %{name}-5.9p1-pam-fix2.diff
-Patch4:         %{name}-5.8p1-pam-fix3.diff
+Patch3:         %{name}-5.9p1-saveargv-fix.diff
-Patch5:         %{name}-5.8p1-gssapimitm.patch
+Patch4:         %{name}-5.9p1-pam-fix3.diff
-Patch6:         %{name}-5.8p1-eal3.diff
+Patch5:         %{name}-5.9p1-gssapimitm.patch
-Patch7:         %{name}-5.8p1-engines.diff
+Patch6:         %{name}-5.9p1-eal3.diff
-Patch8:         %{name}-5.8p1-blocksigalrm.diff
+Patch7:         %{name}-5.9p1-engines.diff
-Patch9:         %{name}-5.8p1-send_locale.diff
+Patch8:         %{name}-5.9p1-blocksigalrm.diff
-Patch10:        %{name}-5.8p1-xauthlocalhostname.diff
+Patch9:         %{name}-5.9p1-send_locale.diff
-Patch12:        %{name}-5.8p1-xauth.diff
+Patch10:        %{name}-5.9p1-xauthlocalhostname.diff
-Patch14:        %{name}-5.8p1-default-protocol.diff
+Patch12:        %{name}-5.9p1-xauth.diff
-Patch15:        %{name}-5.8p1-audit.patch
+Patch14:        %{name}-5.9p1-default-protocol.diff
-Patch16:        %{name}-5.8p1-pts.diff
+Patch15:        %{name}-5.9p1-audit.patch
-Patch17:        %{name}-5.8p1-homechroot.patch
+Patch16:        %{name}-5.9p1-pts.diff
-Patch18:        %{name}-5.8p1-sshconfig-knownhostschanges.diff
+Patch17:        %{name}-5.9p1-homechroot.patch
-Patch19:        %{name}-5.8p1-host_ident.diff
+Patch18:        %{name}-5.9p1-sshconfig-knownhostschanges.diff
 Patch19:        %{name}-5.9p1-host_ident.diff
 Patch20:        converter-linking.patch
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 %package        askpass
 License:        BSD3c(or similar) ; MIT License (or similar)
 Summary:        A passphrase dialog for OpenSSH and the X Window System
 Requires:       openssh = %{version}
-Provides:       openssh:%_libexecdir/ssh/ssh-askpass
+Provides:       openssh:%{_libexecdir}/ssh/ssh-askpass
 Group:          Productivity/Networking/SSH
 %description
 SSH (Secure Shell) is a program for logging into and executing commands
 on a remote machine. It is intended to replace rsh (rlogin and rsh) and
@ -86,7 +89,7 @@ for executing commands on a remote machine. This package contains an X
 Window System passphrase dialog for OpenSSH.
 %prep
-%setup -q -b 3 -a 1 -a 5
+%setup -q -b 3 -a 5
 %patch 
 %patch2
 %patch3
@ -110,6 +113,7 @@ cp -v %{SOURCE6} .
 cd ../x11-ssh-askpass-%{xversion}
 %patch1
 %build
 autoreconf -fiv
 %ifarch s390 s390x %sparc
@ -117,20 +121,22 @@ PIEFLAGS="-fPIE"
 %else
 PIEFLAGS="-fpie"
 %endif
-%configure --with-ssl-engine \
+export CFLAGS="%{optflags} $PIEFLAGS -fstack-protector"
-    CFLAGS="%optflags $PIEFLAGS -fstack-protector" \
+export CXXFLAGS="%{optflags} $PIEFLAGS -fstack-protector"
-    CXXFLAGS="%optflags $PIEFLAGS -fstack-protector" \
+export LDFLAGS="-pie"
-    LDFLAGS="-pie" \
+%configure \
    --with-ssl-engine \
 %if 0%{suse_version} >= 1140
    --with-libedit \
 %endif
-    --sysconfdir=%_sysconfdir/ssh \
+    --sysconfdir=%{_sysconfdir}/ssh \
-    --libexecdir=%_libexecdir/ssh \
+    --libexecdir=%{_libexecdir}/ssh \
    --with-tcp-wrappers \
    --with-selinux \
    --with-pam \
    --with-kerberos5=/usr \
    --with-privsep-path=/var/lib/empty \
    --with-sandbox=rlimit \
    --disable-strip \
    --with-linux-audit \
    --with-xauth=%{_prefix}/bin/xauth \
@ -141,67 +147,77 @@ make %{?_smp_mflags}
 cd contrib
 cd ../../x11-ssh-askpass-%{xversion}
 %configure \
-    --libexecdir=%_libdir/ssh
+    --libexecdir=%{_libdir}/ssh
 xmkmf
-make includes USRLIBDIR=%_libdir
+make includes USRLIBDIR=%{_libdir}
-make %{?_smp_mflags} USRLIBDIR=%_libdir CCOPTIONS="%optflags"
+make %{?_smp_mflags} USRLIBDIR=%{_libdir} CCOPTIONS="%{optflags}"
 %install
-make DESTDIR=%buildroot/ install
+make DESTDIR=%{buildroot}/ install
-install -d -m 755 %buildroot%_sysconfdir/pam.d
+install -d -m 755 %{buildroot}%{_sysconfdir}/pam.d
-install -d -m 755 %buildroot/var/lib/sshd
+install -d -m 755 %{buildroot}/var/lib/sshd
-install -m 644 %{S:2} %buildroot%_sysconfdir/pam.d/sshd
+install -m 644 %{S:2} %{buildroot}%{_sysconfdir}/pam.d/sshd
-install -d -m 755 %buildroot%_sysconfdir/slp.reg.d/
+install -d -m 755 %{buildroot}%{_sysconfdir}/slp.reg.d/
-install -m 644 %{S:7} %buildroot%_sysconfdir/slp.reg.d/
+install -m 644 %{S:7} %{buildroot}%{_sysconfdir}/slp.reg.d/
-cp -a SuSE/* %buildroot
+install -d -m 755 %{buildroot}/etc/init.d
 install -m 755 %{S:1} %{buildroot}/etc/init.d/sshd
 ln -vs ../../etc/init.d/sshd %{buildroot}/usr/sbin/rcsshd
 install -d -m 755 %{buildroot}/var/adm/fillup-templates
 install -m 644 %{S:10} %{buildroot}/var/adm/fillup-templates
 # install shell script to automate the process of adding your public key to a remote machine
-install -m 755 contrib/ssh-copy-id %buildroot%_bindir
+install -m 755 contrib/ssh-copy-id %{buildroot}%{_bindir}
-install -m 644 contrib/ssh-copy-id.1 %buildroot/%_mandir/man1
+install -m 644 contrib/ssh-copy-id.1 %{buildroot}/%{_mandir}/man1
-(cd converter; make install DESTDIR=%buildroot/)
+(cd converter; make install DESTDIR=%{buildroot}/)
-cd ../x11-ssh-askpass-%xversion
+cd ../x11-ssh-askpass-%{xversion}
-make BINDIR=%_libexecdir/ssh DESTDIR=%buildroot install install.man
+make BINDIR=%{_libexecdir}/ssh DESTDIR=%{buildroot} install install.man
-rm -rf %buildroot/%_libexecdir/ssh/ssh-askpass
+rm -rf %{buildroot}/%{_libexecdir}/ssh/ssh-askpass
-sed -e "s@usr/lib/ssh@usr/%_lib/ssh@" < %{S:8} > %buildroot/%_libexecdir/ssh/ssh-askpass
+sed -e "s@usr/lib/ssh@usr/%{_lib}/ssh@" < %{S:8} > %{buildroot}/%{_libexecdir}/ssh/ssh-askpass
-rm -f %buildroot%_datadir/Ssh.bin
+rm -f %{buildroot}%{_datadir}/Ssh.bin
-sed -i -e s@/usr/libexec@%_libexecdir@g %buildroot%_sysconfdir/ssh/sshd_config
+sed -i -e s@/usr/libexec@%{_libexecdir}@g %{buildroot}%{_sysconfdir}/ssh/sshd_config
 #install firewall definitions format is described here:
-#%_datadir/SuSEfirewall2/services/TEMPLATE
+#%{_datadir}/SuSEfirewall2/services/TEMPLATE
-mkdir -p %buildroot/%{_fwdefdir}
+mkdir -p %{buildroot}/%{_fwdefdir}
-install -m 644 %{S:9} %buildroot/%{_fwdefdir}/sshd
+install -m 644 %{S:9} %{buildroot}/%{_fwdefdir}/sshd
 %pre
-getent group sshd >/dev/null || %_sbindir/groupadd -o -r sshd
+getent group sshd >/dev/null || %{_sbindir}/groupadd -o -r sshd
-getent passwd sshd >/dev/null || %_sbindir/useradd -r -g sshd -d /var/lib/sshd -s /bin/false -c "SSH daemon" sshd
+getent passwd sshd >/dev/null || %{_sbindir}/useradd -r -g sshd -d /var/lib/sshd -s /bin/false -c "SSH daemon" sshd
 %post
 %{fillup_and_insserv -n ssh sshd}
 %preun
 %stop_on_removal sshd
 %postun
 %restart_on_update sshd
 %{insserv_cleanup}
 %files
 %defattr(-,root,root)
 %dir %attr(755,root,root) /var/lib/sshd
 %doc README.SuSE README.kerberos ChangeLog OVERVIEW README TODO LICENCE CREDITS
-%attr(0755,root,root) %dir %_sysconfdir/ssh
+%attr(0755,root,root) %dir %{_sysconfdir}/ssh
-%attr(0600,root,root) %config(noreplace) %_sysconfdir/ssh/moduli
+%attr(0600,root,root) %config(noreplace) %{_sysconfdir}/ssh/moduli
-%attr(0644,root,root) %config(noreplace) %_sysconfdir/ssh/ssh_config
+%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/ssh/ssh_config
-%attr(0640,root,root) %config(noreplace) %_sysconfdir/ssh/sshd_config
+%attr(0640,root,root) %config(noreplace) %{_sysconfdir}/ssh/sshd_config
-%attr(0644,root,root) %config %_sysconfdir/pam.d/sshd
+%attr(0644,root,root) %config %{_sysconfdir}/pam.d/sshd
-%attr(0755,root,root) %config %_initddir/sshd
+%attr(0755,root,root) %config %{_initddir}/sshd
-%attr(0755,root,root) %_bindir/ssh
+%attr(0755,root,root) %{_bindir}/ssh
-%_bindir/scp
+%{_bindir}/scp
-%_bindir/sftp
+%{_bindir}/sftp
-%_bindir/slogin
+%{_bindir}/slogin
-%_bindir/ssh-*
+%{_bindir}/ssh-*
-%_sbindir/*
+%{_sbindir}/*
 %attr(444,root,root) %doc %{_mandir}/man1/scp.1.gz
 %attr(444,root,root) %doc %{_mandir}/man1/ssh-keygen.1.gz
-%attr(444,root,root) %doc %_mandir/man1/ssh-keyconverter.1.gz
+%attr(444,root,root) %doc %{_mandir}/man1/ssh-keyconverter.1.gz
 %attr(444,root,root) %doc %{_mandir}/man1/ssh.1.gz
 %attr(444,root,root) %doc %{_mandir}/man1/slogin.1.gz
 %attr(444,root,root) %doc %{_mandir}/man1/ssh-agent.1*
@ -211,21 +227,24 @@ getent passwd sshd >/dev/null || %_sbindir/useradd -r -g sshd -d /var/lib/sshd -
 %attr(444,root,root) %doc %{_mandir}/man1/ssh-copy-id.1*
 %attr(444,root,root) %doc %{_mandir}/man5/*
 %attr(444,root,root) %doc %{_mandir}/man8/*
-%attr(0755,root,root) %dir %_libexecdir/ssh
+%attr(0755,root,root) %dir %{_libexecdir}/ssh
-%attr(0755,root,root) %_libexecdir/ssh/sftp-server
+%attr(0755,root,root) %{_libexecdir}/ssh/sftp-server
-%attr(0755,root,root) %_libexecdir/ssh/ssh-keysign
+%attr(0755,root,root) %{_libexecdir}/ssh/ssh-keysign
-%attr(0755,root,root) %_libexecdir/ssh/ssh-pkcs11-helper
+%attr(0755,root,root) %{_libexecdir}/ssh/ssh-pkcs11-helper
-%dir %_sysconfdir/slp.reg.d
+%dir %{_sysconfdir}/slp.reg.d
-%config %_sysconfdir/slp.reg.d/ssh.reg
+%config %{_sysconfdir}/slp.reg.d/ssh.reg
 /var/adm/fillup-templates/sysconfig.ssh
 %config %{_fwdefdir}/sshd
 %files askpass
 %defattr(-,root,root)
-%attr(0755,root,root) %_libexecdir/ssh/ssh-askpass
+%attr(0755,root,root) %{_libexecdir}/ssh/ssh-askpass
-%attr(0755,root,root) %_libexecdir/ssh/x11-ssh-askpass
+%attr(0755,root,root) %{_libexecdir}/ssh/x11-ssh-askpass
-%doc %_mandir/man1/ssh-askpass.1x.gz
+%doc %{_mandir}/man1/ssh-askpass.1x.gz
-%doc %_mandir/man1/x11-ssh-askpass.1x.gz
+%doc %{_mandir}/man1/x11-ssh-askpass.1x.gz
-%_appdefdir/SshAskpass
+%{_appdefdir}/SshAskpass
 %changelog
--- a/sshd.init
+++ b/sshd.init
@ -0,0 +1,137 @@
 #! /bin/sh
 # Copyright (c) 1995-2000 SuSE GmbH Nuernberg, Germany.
 #
 # Author: Jiri Smid <feedback@suse.de>
 #
 # /etc/init.d/sshd
 #
 #   and symbolic its link
 #
 # /usr/sbin/rcsshd
 #
 ### BEGIN INIT INFO
 # Provides: sshd
 # Required-Start: $network $remote_fs
 # Required-Stop: $network $remote_fs
 # Default-Start: 3 5
 # Default-Stop: 0 1 2 6
 # Description: Start the sshd daemon
 ### END INIT INFO
 SSHD_BIN=/usr/sbin/sshd
 test -x $SSHD_BIN || exit 5
 SSHD_SYSCONFIG=/etc/sysconfig/ssh
 test -r $SSHD_SYSCONFIG || exit 6
 . $SSHD_SYSCONFIG
 SSHD_PIDFILE=/var/run/sshd.init.pid
 . /etc/rc.status
 # Shell functions sourced from /etc/rc.status:
 #      rc_check         check and set local and overall rc status
 #      rc_status        check and set local and overall rc status
 #      rc_status -v     ditto but be verbose in local rc status
 #      rc_status -v -r  ditto and clear the local rc status
 #      rc_failed        set local and overall rc status to failed
 #      rc_reset         clear local rc status (overall remains)
 #      rc_exit          exit appropriate to overall rc status
 # First reset status of this service
 rc_reset
 case "$1" in
    start)
        if ! grep -q '^[[:space:]]*HostKey[[:space:]]' /etc/ssh/sshd_config; then
                if ! test -f /etc/ssh/ssh_host_key ; then
                    echo Generating /etc/ssh/ssh_host_key.
                    ssh-keygen -t rsa1 -b 2048 -f /etc/ssh/ssh_host_key -N ''
                fi
                if ! test -f /etc/ssh/ssh_host_dsa_key ; then
                    echo Generating /etc/ssh/ssh_host_dsa_key.
                    ssh-keygen -t dsa -f /etc/ssh/ssh_host_dsa_key -N ''
                fi
                if ! test -f /etc/ssh/ssh_host_rsa_key ; then
                    echo Generating /etc/ssh/ssh_host_rsa_key.
                    ssh-keygen -t rsa -b 2048 -f /etc/ssh/ssh_host_rsa_key -N ''
                fi
                if ! test -f /etc/ssh/ssh_host_ecdsa_key ; then
                    echo Generating /etc/ssh/ssh_host_ecdsa_key.
                    ssh-keygen -t ecdsa -b 256 -f /etc/ssh/ssh_host_ecdsa_key -N ''
                fi
        fi
 	echo -n "Starting SSH daemon"
 	## Start daemon with startproc(8). If this fails
 	## the echo return value is set appropriate.
 	startproc -f $SSHD_BIN $SSHD_OPTS -o "PidFile=$SSHD_PIDFILE" 
 	# Remember status and be verbose
 	rc_status -v
 	;;
    stop)
 	echo -n "Shutting down SSH daemon"
 	## Stop daemon with killproc(8) and if this fails
 	## set echo the echo return value.
 	killproc -p $SSHD_PIDFILE -TERM $SSHD_BIN
 	# Remember status and be verbose
 	rc_status -v
 	;;
    try-restart)
        ## Stop the service and if this succeeds (i.e. the 
        ## service was running before), start it again.
        $0 status >/dev/null &&  $0 restart
        # Remember status and be quiet
        rc_status
        ;;
    restart)
        ## Stop the service and regardless of whether it was
        ## running or not, start it again.
        $0 stop
        $0 start
        # Remember status and be quiet
        rc_status
        ;;
    force-reload|reload)
 	## Signal the daemon to reload its config. Most daemons
 	## do this on signal 1 (SIGHUP).
 	echo -n "Reload service sshd"
 	killproc -p $SSHD_PIDFILE -HUP $SSHD_BIN
        rc_status -v
        ;;
    status)
 	echo -n "Checking for service sshd "
        ## Check status with checkproc(8), if process is running
        ## checkproc will return with exit status 0.
        # Status has a slightly different for the status command:
        # 0 - service running
        # 1 - service dead, but /var/run/  pid  file exists
        # 2 - service dead, but /var/lock/ lock file exists
        # 3 - service not running
 	checkproc -p $SSHD_PIDFILE $SSHD_BIN
 	rc_status -v
 	;;
    probe)
 	## Optional: Probe for the necessity of a reload,
 	## give out the argument which is required for a reload.
        test /etc/ssh/sshd_config -nt $SSHD_PIDFILE && echo reload
 	;;
    *)
 	echo "Usage: $0 {start|stop|status|try-restart|restart|force-reload|reload|probe}"
 	exit 1
 	;;
 esac
 rc_exit
--- a/sysconfig.ssh
+++ b/sysconfig.ssh
@ -0,0 +1,9 @@
 ## Path:	Network/Remote access/SSH
 ## Description:	SSH server settings
 ## Type:	string
 ## Default:	""
 ## ServiceRestart: sshd
 #
 # Options for sshd
 #
 SSHD_OPTS=""