3 files changed, 52 insertions, 35 deletions

diff --git a/contrib/redhat/openssh.spec b/contrib/redhat/openssh.spec
index a96a36e49..a0d5e2071 100644
--- a/contrib/redhat/openssh.spec
+++ b/contrib/redhat/openssh.spec
@@ -1,5 +1,5 @@
-%define ver 7.6p1
-%define rel 1
+%define ver 7.7p1
+%define rel 1%{?dist}
 
 # OpenSSH privilege separation requires a user & group ID
 %define sshd_uid    74
@@ -23,8 +23,19 @@
 # Use GTK2 instead of GNOME in gnome-ssh-askpass
 %define gtk2 1
 
-# Is this build for RHL 6.x?
+# Use build6x options for older RHEL builds
+# RHEL 7 not yet supported
+%if 0%{?rhel} > 6
 %define build6x 0
+%else
+%define build6x 1
+%endif
+
+%if 0%{?fedora} >= 26
+%define compat_openssl 1
+%else
+%define compat_openssl 0
+%endif
 
 # Do we want kerberos5 support (1=yes 0=no)
 %define kerberos5 1
@@ -64,7 +75,7 @@
 %define kerberos5 0
 %endif
 
-Summary: The OpenSSH implementation of SSH protocol versions 1 and 2.
+Summary: The OpenSSH implementation of SSH protocol version 2.
 Name: openssh
 Version: %{ver}
 %if %{rescue}
@@ -74,9 +85,7 @@ Release: %{rel}
 %endif
 URL: https://www.openssh.com/portable.html
 Source0: https://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-%{version}.tar.gz
-%if ! %{no_x11_askpass}
 Source1: http://www.jmknoble.net/software/x11-ssh-askpass/x11-ssh-askpass-%{aversion}.tar.gz
-%endif
 License: BSD
 Group: Applications/Internet
 BuildRoot: %{_tmppath}/%{name}-%{version}-buildroot
@@ -86,7 +95,13 @@ PreReq: initscripts >= 5.00
 %else
 Requires: initscripts >= 5.20
 %endif
-BuildRequires: perl, openssl-devel
+BuildRequires: perl
+%if %{compat_openssl}
+BuildRequires: compat-openssl10-devel
+%else
+BuildRequires: openssl-devel >= 1.0.1
+BuildRequires: openssl-devel < 1.1
+%endif
 BuildRequires: /bin/login
 %if ! %{build6x}
 BuildRequires: glibc-devel, pam
@@ -95,6 +110,12 @@ BuildRequires: /usr/include/security/pam_appl.h
 %endif
 %if ! %{no_x11_askpass}
 BuildRequires: /usr/include/X11/Xlib.h
+# Xt development tools
+BuildRequires: libXt-devel
+# Provides xmkmf
+BuildRequires: imake
+# Rely on relatively recent gtk
+BuildRequires: gtk2-devel
 %endif
 %if ! %{no_gnome_askpass}
 BuildRequires: pkgconfig
@@ -183,11 +204,6 @@ environment.
 CFLAGS="$RPM_OPT_FLAGS -Os"; export CFLAGS
 %endif
 
-%if %{kerberos5}
-K5DIR=`rpm -ql krb5-devel | grep 'include/krb5\.h' | sed 's,\/include\/krb5.h,,'`
-echo K5DIR=$K5DIR
-%endif
-
 %configure \
         --sysconfdir=%{_sysconfdir}/ssh \
         --libexecdir=%{_libexecdir}/openssh \
@@ -196,6 +212,9 @@ echo K5DIR=$K5DIR
         --with-superuser-path=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin \
         --with-privsep-path=%{_var}/empty/sshd \
         --with-md5-passwords \
+        --mandir=%{_mandir} \
+        --with-mantype=man \
+        --disable-strip \
 %if %{scard}
         --with-smartcard \
 %endif
@@ -262,12 +281,12 @@ install -m644 contrib/redhat/sshd.pam     $RPM_BUILD_ROOT/etc/pam.d/sshd
 install -m755 contrib/redhat/sshd.init $RPM_BUILD_ROOT/etc/rc.d/init.d/sshd
 
 %if ! %{no_x11_askpass}
-install -s x11-ssh-askpass-%{aversion}/x11-ssh-askpass $RPM_BUILD_ROOT%{_libexecdir}/openssh/x11-ssh-askpass
+install x11-ssh-askpass-%{aversion}/x11-ssh-askpass $RPM_BUILD_ROOT%{_libexecdir}/openssh/x11-ssh-askpass
 ln -s x11-ssh-askpass $RPM_BUILD_ROOT%{_libexecdir}/openssh/ssh-askpass
 %endif
 
 %if ! %{no_gnome_askpass}
-install -s contrib/gnome-ssh-askpass $RPM_BUILD_ROOT%{_libexecdir}/openssh/gnome-ssh-askpass
+install contrib/gnome-ssh-askpass $RPM_BUILD_ROOT%{_libexecdir}/openssh/gnome-ssh-askpass
 %endif
 
 %if ! %{scard}
@@ -391,7 +410,7 @@ fi
 %doc x11-ssh-askpass-%{aversion}/README
 %doc x11-ssh-askpass-%{aversion}/ChangeLog
 %doc x11-ssh-askpass-%{aversion}/SshAskpass*.ad
-%attr(0755,root,root) %{_libexecdir}/openssh/ssh-askpass
+%{_libexecdir}/openssh/ssh-askpass
 %attr(0755,root,root) %{_libexecdir}/openssh/x11-ssh-askpass
 %endif
 
@@ -403,6 +422,22 @@ fi
 %endif
 
 %changelog
+* Sat Feb 10 2018 Darren Tucker <dtucker@dtucker.net>
+- Update openssl-devel dependency to match current requirements.
+- Handle Fedora >=6 openssl 1.0 compat libs.
+- Remove SSH1 from description.
+- Don't strip binaries at build time so that debuginfo package can be
+  created.
+
+* Sun Nov 16 2014 Nico Kadel-Garcia <nakdel@gmail.com>
+- Add '--mandir' and '--with-mantype' for RHEL 5 compatibility
+- Add 'dist' option to 'ver' so package names reflect OS at build time
+- Always include x11-ssh-askpass tarball in SRPM
+- Add openssh-x11-aspass BuildRequires for libXT-devel, imake, gtk2-devel
+- Discard 'K5DIR' reporting, not usable inside 'mock' for RHEL 5 compatibility
+- Discard obsolete '--with-rsh' configure option
+- Update openssl-devel dependency to 0.9.8f, as found in autoconf
+
 * Wed Jul 14 2010 Tim Rice <tim@multitalents.net>
 - test for skip_x11_askpass (line 77) should have been for no_x11_askpass
 
@@ -414,7 +449,7 @@ fi
 - Don't install profile.d scripts when not building with GNOME/GTK askpass
   (patch from bet@rahul.net)
 
-* Wed Oct 01 2002 Damien Miller <djm@mindrot.org>
+* Tue Oct 01 2002 Damien Miller <djm@mindrot.org>
 - Install ssh-agent setgid nobody to prevent ptrace() key theft attacks
 
 * Mon Sep 30 2002 Damien Miller <djm@mindrot.org>
@@ -460,7 +495,7 @@ fi
 - remove dependency on db1-devel, which has just been swallowed up whole
   by gnome-libs-devel
 
-* Sun Dec 29 2001 Nalin Dahyabhai <nalin@redhat.com>
+* Sat Dec 29 2001 Nalin Dahyabhai <nalin@redhat.com>
 - adjust build dependencies so that build6x actually works right (fix
   from Hugo van der Kooij)
 
diff --git a/contrib/redhat/sshd.init b/contrib/redhat/sshd.init
index 40c8dfd9f..8ee5fcd3b 100755
--- a/contrib/redhat/sshd.init
+++ b/contrib/redhat/sshd.init
@@ -40,7 +40,6 @@ start()
         # Create keys if necessary
         /usr/bin/ssh-keygen -A
         if [ -x /sbin/restorecon ]; then
-                /sbin/restorecon /etc/ssh/ssh_host_key.pub
                 /sbin/restorecon /etc/ssh/ssh_host_rsa_key.pub
                 /sbin/restorecon /etc/ssh/ssh_host_dsa_key.pub
                 /sbin/restorecon /etc/ssh/ssh_host_ecdsa_key.pub
diff --git a/contrib/redhat/sshd.init.old b/contrib/redhat/sshd.init.old
index 0deb6080e..8a30f7da4 100755
--- a/contrib/redhat/sshd.init.old
+++ b/contrib/redhat/sshd.init.old
@@ -24,7 +24,6 @@ prog="sshd"
 # Some functions to make the below more readable
 KEYGEN=/usr/bin/ssh-keygen
 SSHD=/usr/sbin/sshd
-RSA1_KEY=/etc/ssh/ssh_host_key
 RSA_KEY=/etc/ssh/ssh_host_rsa_key
 DSA_KEY=/etc/ssh/ssh_host_dsa_key
 PID_FILE=/var/run/sshd.pid
@@ -61,21 +60,6 @@ my_failure() {
     ;;
   esac
 }
-do_rsa1_keygen() {
-        if [ ! -s $RSA1_KEY ]; then
-                echo -n "Generating SSH1 RSA host key: "
-                if $KEYGEN -q -t rsa1 -f $RSA1_KEY -C '' -N '' >&/dev/null; then
-                        chmod 600 $RSA1_KEY
-                        chmod 644 $RSA1_KEY.pub
-                        my_success "RSA1 key generation"
-                        echo
-                else
-                        my_failure "RSA1 key generation"
-                        echo
-                        exit 1
-                fi
-        fi
-}
 do_rsa_keygen() {
         if [ ! -s $RSA_KEY ]; then
                 echo -n "Generating SSH2 RSA host key: "
@@ -119,7 +103,6 @@ do_restart_sanity_check() {
 case "$1" in
         start)
                 # Create keys if necessary
-                do_rsa1_keygen;
                 do_rsa_keygen;
                 do_dsa_keygen;