]>
Commit | Line | Data |
---|---|---|
68ece370 | 1 | %define ver 3.6.1p2 |
8862e142 | 2 | %define rel 3 |
3ef3d901 | 3 | |
4 | # OpenSSH privilege separation requires a user & group ID | |
5 | %define sshd_uid 74 | |
6 | %define sshd_gid 74 | |
bc7ea646 | 7 | |
8 | # Version of ssh-askpass | |
e3d5570b | 9 | %define aversion 1.2.4.1 |
bc7ea646 | 10 | |
1e970014 | 11 | # Do we want to disable building of x11-askpass? (1=yes 0=no) |
12 | %define no_x11_askpass 0 | |
13 | ||
14 | # Do we want to disable building of gnome-askpass? (1=yes 0=no) | |
15 | %define no_gnome_askpass 0 | |
16 | ||
94dd09e3 | 17 | # Do we want to link against a static libcrypto? (1=yes 0=no) |
18 | %define static_libcrypto 0 | |
19 | ||
69c94072 | 20 | # Do we want smartcard support (1=yes 0=no) |
21 | %define scard 0 | |
22 | ||
3c1dff28 | 23 | # Use GTK2 instead of GNOME in gnome-ssh-askpass |
5ee9dd52 | 24 | %define gtk2 1 |
3c1dff28 | 25 | |
3ef3d901 | 26 | # Is this build for RHL 6.x? |
27 | %define build6x 0 | |
894a4851 | 28 | |
9f182968 | 29 | # Do we want kerberos5 support (1=yes 0=no) |
30 | %define kerberos5 1 | |
31 | ||
894a4851 | 32 | # Reserve options to override askpass settings with: |
33 | # rpm -ba|--rebuild --define 'skip_xxx 1' | |
34 | %{?skip_x11_askpass:%define no_x11_askpass 1} | |
35 | %{?skip_gnome_askpass:%define no_gnome_askpass 1} | |
36 | ||
3ef3d901 | 37 | # Is this a build for RHL 6.x or earlier? |
38 | %{?build_6x:%define build6x 1} | |
39 | ||
40 | # If this is RHL 6.x, the default configuration has sysconfdir in /usr/etc. | |
41 | %if %{build6x} | |
42 | %define _sysconfdir /etc | |
3ef3d901 | 43 | %endif |
894a4851 | 44 | |
94dd09e3 | 45 | # Options for static OpenSSL link: |
46 | # rpm -ba|--rebuild --define "static_openssl 1" | |
47 | %{?static_openssl:%define static_libcrypto 1} | |
48 | ||
69c94072 | 49 | # Options for Smartcard support: (needs libsectok and openssl-engine) |
50 | # rpm -ba|--rebuild --define "smartcard 1" | |
51 | %{?smartcard:%define scard 1} | |
52 | ||
3ef3d901 | 53 | # Is this a build for the rescue CD (without PAM, with MD5)? (1=yes 0=no) |
54 | %define rescue 0 | |
55 | %{?build_rescue:%define rescue 1} | |
cb291102 | 56 | |
34b4d38c | 57 | # Turn off some stuff for resuce builds |
58 | %if %{rescue} | |
59 | %define kerberos5 0 | |
60 | %endif | |
61 | ||
3ef3d901 | 62 | Summary: The OpenSSH implementation of SSH protocol versions 1 and 2. |
8efc0c15 | 63 | Name: openssh |
3ef3d901 | 64 | Version: %{ver} |
65 | %if %{rescue} | |
66 | Release: %{rel}rescue | |
67 | %else | |
68 | Release: %{rel} | |
69 | %endif | |
23c098ba | 70 | URL: http://www.openssh.com/portable.html |
3ef3d901 | 71 | Source0: ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-%{version}.tar.gz |
23c098ba | 72 | Source1: http://www.pobox.com/~jmknoble/software/x11-ssh-askpass/x11-ssh-askpass-%{aversion}.tar.gz |
23c098ba | 73 | License: BSD |
8efc0c15 | 74 | Group: Applications/Internet |
8fd97cc4 | 75 | BuildRoot: %{_tmppath}/%{name}-%{version}-buildroot |
e9c75a39 | 76 | Obsoletes: ssh |
3ef3d901 | 77 | %if %{build6x} |
78 | PreReq: initscripts >= 5.00 | |
79 | %else | |
80 | PreReq: initscripts >= 5.20 | |
81 | %endif | |
d35929b5 | 82 | BuildPreReq: perl, openssl-devel, tcp_wrappers |
3ef3d901 | 83 | BuildPreReq: /bin/login |
e18b7d35 | 84 | %if ! %{build6x} |
3ef3d901 | 85 | BuildPreReq: glibc-devel, pam |
86 | %else | |
87 | BuildPreReq: db1-devel, /usr/include/security/pam_appl.h | |
88 | %endif | |
23c098ba | 89 | %if ! %{no_x11_askpass} |
90 | BuildPreReq: XFree86-devel | |
91 | %endif | |
71d43804 | 92 | %if ! %{no_gnome_askpass} |
cf6713a2 | 93 | BuildPreReq: pkgconfig |
1e970014 | 94 | %endif |
9c696d0d | 95 | %if %{kerberos5} |
96 | BuildPreReq: krb5-devel | |
97 | BuildPreReq: krb5-libs | |
98 | %endif | |
8c119fd0 | 99 | |
100 | %package clients | |
23c098ba | 101 | Summary: OpenSSH clients. |
aa0289fe | 102 | Requires: openssh = %{version}-%{release} |
71d43804 | 103 | Group: Applications/Internet |
e9c75a39 | 104 | Obsoletes: ssh-clients |
8efc0c15 | 105 | |
d397b172 | 106 | %package server |
23c098ba | 107 | Summary: The OpenSSH server daemon. |
d397b172 | 108 | Group: System Environment/Daemons |
e9c75a39 | 109 | Obsoletes: ssh-server |
aa0289fe | 110 | PreReq: openssh = %{version}-%{release}, chkconfig >= 0.9 |
3ef3d901 | 111 | %if ! %{build6x} |
8fd97cc4 | 112 | Requires: /etc/pam.d/system-auth |
113 | %endif | |
d397b172 | 114 | |
115 | %package askpass | |
23c098ba | 116 | Summary: A passphrase dialog for OpenSSH and X. |
bc7ea646 | 117 | Group: Applications/Internet |
aa0289fe | 118 | Requires: openssh = %{version}-%{release} |
bc7ea646 | 119 | Obsoletes: ssh-extras |
bc7ea646 | 120 | |
bc7ea646 | 121 | %package askpass-gnome |
23c098ba | 122 | Summary: A passphrase dialog for OpenSSH, X, and GNOME. |
d397b172 | 123 | Group: Applications/Internet |
aa0289fe | 124 | Requires: openssh = %{version}-%{release} |
8c119fd0 | 125 | Obsoletes: ssh-extras |
d397b172 | 126 | |
8efc0c15 | 127 | %description |
3ef3d901 | 128 | SSH (Secure SHell) is a program for logging into and executing |
129 | commands on a remote machine. SSH is intended to replace rlogin and | |
130 | rsh, and to provide secure encrypted communications between two | |
131 | untrusted hosts over an insecure network. X11 connections and | |
132 | arbitrary TCP/IP ports can also be forwarded over the secure channel. | |
133 | ||
134 | OpenSSH is OpenBSD's version of the last free version of SSH, bringing | |
135 | it up to date in terms of security and features, as well as removing | |
136 | all patented algorithms to separate libraries. | |
8efc0c15 | 137 | |
8c119fd0 | 138 | This package includes the core files necessary for both the OpenSSH |
23c098ba | 139 | client and server. To make this package useful, you should also |
8c119fd0 | 140 | install openssh-clients, openssh-server, or both. |
141 | ||
142 | %description clients | |
3ef3d901 | 143 | OpenSSH is a free version of SSH (Secure SHell), a program for logging |
144 | into and executing commands on a remote machine. This package includes | |
145 | the clients necessary to make encrypted connections to SSH servers. | |
146 | You'll also need to install the openssh package on OpenSSH clients. | |
d397b172 | 147 | |
148 | %description server | |
3ef3d901 | 149 | OpenSSH is a free version of SSH (Secure SHell), a program for logging |
150 | into and executing commands on a remote machine. This package contains | |
151 | the secure shell daemon (sshd). The sshd daemon allows SSH clients to | |
152 | securely connect to your SSH server. You also need to have the openssh | |
153 | package installed. | |
d397b172 | 154 | |
bc7ea646 | 155 | %description askpass |
3ef3d901 | 156 | OpenSSH is a free version of SSH (Secure SHell), a program for logging |
157 | into and executing commands on a remote machine. This package contains | |
158 | an X11 passphrase dialog for OpenSSH. | |
bc7ea646 | 159 | |
8a4958eb | 160 | %description askpass-gnome |
3ef3d901 | 161 | OpenSSH is a free version of SSH (Secure SHell), a program for logging |
162 | into and executing commands on a remote machine. This package contains | |
163 | an X11 passphrase dialog for OpenSSH and the GNOME GUI desktop | |
164 | environment. | |
d397b172 | 165 | |
8efc0c15 | 166 | %prep |
167 | ||
73bd30fe | 168 | %if ! %{no_x11_askpass} |
feab8600 | 169 | %setup -q -a 1 |
73bd30fe | 170 | %else |
171 | %setup -q | |
172 | %endif | |
8efc0c15 | 173 | |
174 | %build | |
3ef3d901 | 175 | %if %{rescue} |
176 | CFLAGS="$RPM_OPT_FLAGS -Os"; export CFLAGS | |
b013a983 | 177 | %endif |
178 | ||
aa0289fe | 179 | %configure \ |
3ef3d901 | 180 | --sysconfdir=%{_sysconfdir}/ssh \ |
aa0289fe | 181 | --libexecdir=%{_libexecdir}/openssh \ |
4b255446 | 182 | --datadir=%{_datadir}/openssh \ |
aa0289fe | 183 | --with-tcp-wrappers \ |
3ef3d901 | 184 | --with-rsh=%{_bindir}/rsh \ |
80e92e5d | 185 | --with-default-path=/usr/local/bin:/bin:/usr/bin \ |
186 | --with-superuser-path=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin \ | |
7295c001 | 187 | --with-privsep-path=%{_var}/empty/sshd \ |
3ef3d901 | 188 | %if %{scard} |
189 | --with-smartcard \ | |
190 | %endif | |
3ef3d901 | 191 | %if %{rescue} |
9f182968 | 192 | --without-pam --with-md5-passwords \ |
3ef3d901 | 193 | %else |
9f182968 | 194 | --with-pam \ |
3ef3d901 | 195 | %endif |
9f182968 | 196 | %if %{kerberos5} |
197 | --with-kerberos5=/usr/kerberos \ | |
65017cbd | 198 | %endif |
bc7ea646 | 199 | |
80e92e5d | 200 | |
94dd09e3 | 201 | %if %{static_libcrypto} |
3ef3d901 | 202 | perl -pi -e "s|-lcrypto|%{_libdir}/libcrypto.a|g" Makefile |
94dd09e3 | 203 | %endif |
204 | ||
bc7ea646 | 205 | make |
8efc0c15 | 206 | |
1e970014 | 207 | %if ! %{no_x11_askpass} |
aa0289fe | 208 | pushd x11-ssh-askpass-%{aversion} |
3ef3d901 | 209 | %configure --libexecdir=%{_libexecdir}/openssh |
d31a32a4 | 210 | xmkmf -a |
df16c1f2 | 211 | make |
aa0289fe | 212 | popd |
1e970014 | 213 | %endif |
df16c1f2 | 214 | |
3c1dff28 | 215 | # Define a variable to toggle gnome1/gtk2 building. This is necessary |
216 | # because RPM doesn't handle nested %if statements. | |
217 | %if %{gtk2} | |
218 | gtk2=yes | |
219 | %else | |
220 | gtk2=no | |
221 | %endif | |
222 | ||
223 | %if ! %{no_gnome_askpass} | |
224 | pushd contrib | |
225 | if [ $gtk2 = yes ] ; then | |
cf6713a2 | 226 | make gnome-ssh-askpass2 |
227 | mv gnome-ssh-askpass2 gnome-ssh-askpass | |
3c1dff28 | 228 | else |
cf6713a2 | 229 | make gnome-ssh-askpass1 |
230 | mv gnome-ssh-askpass1 gnome-ssh-askpass | |
3c1dff28 | 231 | fi |
232 | popd | |
233 | %endif | |
234 | ||
8efc0c15 | 235 | %install |
236 | rm -rf $RPM_BUILD_ROOT | |
3ef3d901 | 237 | mkdir -p -m755 $RPM_BUILD_ROOT%{_sysconfdir}/ssh |
238 | mkdir -p -m755 $RPM_BUILD_ROOT%{_libexecdir}/openssh | |
80e92e5d | 239 | mkdir -p -m755 $RPM_BUILD_ROOT%{_var}/empty/sshd |
aa0289fe | 240 | |
3ef3d901 | 241 | make install DESTDIR=$RPM_BUILD_ROOT |
8efc0c15 | 242 | |
22574738 | 243 | install -d $RPM_BUILD_ROOT/etc/pam.d/ |
244 | install -d $RPM_BUILD_ROOT/etc/rc.d/init.d | |
aa0289fe | 245 | install -d $RPM_BUILD_ROOT%{_libexecdir}/openssh |
3ef3d901 | 246 | %if %{build6x} |
247 | install -m644 contrib/redhat/sshd.pam.old $RPM_BUILD_ROOT/etc/pam.d/sshd | |
14a49e44 | 248 | %else |
3ef3d901 | 249 | install -m644 contrib/redhat/sshd.pam $RPM_BUILD_ROOT/etc/pam.d/sshd |
894a4851 | 250 | %endif |
5cc53885 | 251 | install -m755 contrib/redhat/sshd.init $RPM_BUILD_ROOT/etc/rc.d/init.d/sshd |
f1bcacf9 | 252 | |
1e970014 | 253 | %if ! %{no_x11_askpass} |
1eb4ec64 | 254 | install -s x11-ssh-askpass-%{aversion}/x11-ssh-askpass $RPM_BUILD_ROOT%{_libexecdir}/openssh/x11-ssh-askpass |
3ef3d901 | 255 | ln -s x11-ssh-askpass $RPM_BUILD_ROOT%{_libexecdir}/openssh/ssh-askpass |
1e970014 | 256 | %endif |
bc7ea646 | 257 | |
1e970014 | 258 | %if ! %{no_gnome_askpass} |
1eb4ec64 | 259 | install -s contrib/gnome-ssh-askpass $RPM_BUILD_ROOT%{_libexecdir}/openssh/gnome-ssh-askpass |
1e970014 | 260 | %endif |
5cc53885 | 261 | |
4d43d1ca | 262 | %if ! %{scard} |
263 | rm -f $RPM_BUILD_ROOT/usr/share/openssh/Ssh.bin | |
264 | %endif | |
265 | ||
91f3aa9b | 266 | %if ! %{no_gnome_askpass} |
3ef3d901 | 267 | install -m 755 -d $RPM_BUILD_ROOT%{_sysconfdir}/profile.d/ |
268 | install -m 755 contrib/redhat/gnome-ssh-askpass.csh $RPM_BUILD_ROOT%{_sysconfdir}/profile.d/ | |
269 | install -m 755 contrib/redhat/gnome-ssh-askpass.sh $RPM_BUILD_ROOT%{_sysconfdir}/profile.d/ | |
91f3aa9b | 270 | %endif |
3ef3d901 | 271 | |
aa0289fe | 272 | perl -pi -e "s|$RPM_BUILD_ROOT||g" $RPM_BUILD_ROOT%{_mandir}/man*/* |
273 | ||
8efc0c15 | 274 | %clean |
275 | rm -rf $RPM_BUILD_ROOT | |
276 | ||
3ef3d901 | 277 | %triggerun server -- ssh-server |
278 | if [ "$1" != 0 -a -r /var/run/sshd.pid ] ; then | |
279 | touch /var/run/sshd.restart | |
280 | fi | |
281 | ||
282 | %triggerun server -- openssh-server < 2.5.0p1 | |
283 | # Count the number of HostKey and HostDsaKey statements we have. | |
284 | gawk 'BEGIN {IGNORECASE=1} | |
285 | /^hostkey/ || /^hostdsakey/ {sawhostkey = sawhostkey + 1} | |
286 | END {exit sawhostkey}' /etc/ssh/sshd_config | |
287 | # And if we only found one, we know the client was relying on the old default | |
288 | # behavior, which loaded the the SSH2 DSA host key when HostDsaKey wasn't | |
289 | # specified. Now that HostKey is used for both SSH1 and SSH2 keys, specifying | |
290 | # one nullifies the default, which would have loaded both. | |
291 | if [ $? -eq 1 ] ; then | |
292 | echo HostKey /etc/ssh/ssh_host_rsa_key >> /etc/ssh/sshd_config | |
293 | echo HostKey /etc/ssh/ssh_host_dsa_key >> /etc/ssh/sshd_config | |
294 | fi | |
295 | ||
296 | %triggerpostun server -- ssh-server | |
297 | if [ "$1" != 0 ] ; then | |
298 | /sbin/chkconfig --add sshd | |
299 | if test -f /var/run/sshd.restart ; then | |
300 | rm -f /var/run/sshd.restart | |
301 | /sbin/service sshd start > /dev/null 2>&1 || : | |
302 | fi | |
303 | fi | |
304 | ||
305 | %pre server | |
306 | %{_sbindir}/groupadd -r -g %{sshd_gid} sshd 2>/dev/null || : | |
80e92e5d | 307 | %{_sbindir}/useradd -d /var/empty/sshd -s /bin/false -u %{sshd_uid} \ |
3ef3d901 | 308 | -g sshd -M -r sshd 2>/dev/null || : |
309 | ||
d397b172 | 310 | %post server |
f1bcacf9 | 311 | /sbin/chkconfig --add sshd |
3ef3d901 | 312 | |
313 | %postun server | |
314 | /sbin/service sshd condrestart > /dev/null 2>&1 || : | |
8efc0c15 | 315 | |
d397b172 | 316 | %preun server |
3ef3d901 | 317 | if [ "$1" = 0 ] |
318 | then | |
319 | /sbin/service sshd stop > /dev/null 2>&1 || : | |
f1bcacf9 | 320 | /sbin/chkconfig --del sshd |
8efc0c15 | 321 | fi |
322 | ||
323 | %files | |
324 | %defattr(-,root,root) | |
23c098ba | 325 | %doc CREDITS ChangeLog INSTALL LICENCE OVERVIEW README* RFC* TODO WARNING* |
aa0289fe | 326 | %attr(0755,root,root) %{_bindir}/scp |
777319db | 327 | %attr(0644,root,root) %{_mandir}/man1/scp.1* |
3ef3d901 | 328 | %attr(0755,root,root) %dir %{_sysconfdir}/ssh |
329 | %attr(0600,root,root) %config(noreplace) %{_sysconfdir}/ssh/moduli | |
330 | %if ! %{rescue} | |
331 | %attr(0755,root,root) %{_bindir}/ssh-keygen | |
332 | %attr(0644,root,root) %{_mandir}/man1/ssh-keygen.1* | |
aa0289fe | 333 | %attr(0755,root,root) %dir %{_libexecdir}/openssh |
9f182968 | 334 | %attr(4711,root,root) %{_libexecdir}/openssh/ssh-keysign |
335 | %attr(0644,root,root) %{_mandir}/man8/ssh-keysign.8* | |
3ef3d901 | 336 | %endif |
6fc63fcb | 337 | %if %{scard} |
4b255446 | 338 | %attr(0755,root,root) %dir %{_datadir}/openssh |
339 | %attr(0644,root,root) %{_datadir}/openssh/Ssh.bin | |
69c94072 | 340 | %endif |
8c119fd0 | 341 | |
342 | %files clients | |
343 | %defattr(-,root,root) | |
9f182968 | 344 | %attr(0755,root,root) %{_bindir}/ssh |
3ef3d901 | 345 | %attr(0644,root,root) %{_mandir}/man1/ssh.1* |
9f182968 | 346 | %attr(0644,root,root) %{_mandir}/man5/ssh_config.5* |
3ef3d901 | 347 | %attr(0644,root,root) %config(noreplace) %{_sysconfdir}/ssh/ssh_config |
348 | %attr(-,root,root) %{_bindir}/slogin | |
349 | %attr(-,root,root) %{_mandir}/man1/slogin.1* | |
350 | %if ! %{rescue} | |
eebf7c4f | 351 | %attr(2755,root,nobody) %{_bindir}/ssh-agent |
aa0289fe | 352 | %attr(0755,root,root) %{_bindir}/ssh-add |
61e96248 | 353 | %attr(0755,root,root) %{_bindir}/ssh-keyscan |
354 | %attr(0755,root,root) %{_bindir}/sftp | |
777319db | 355 | %attr(0644,root,root) %{_mandir}/man1/ssh-agent.1* |
356 | %attr(0644,root,root) %{_mandir}/man1/ssh-add.1* | |
61e96248 | 357 | %attr(0644,root,root) %{_mandir}/man1/ssh-keyscan.1* |
358 | %attr(0644,root,root) %{_mandir}/man1/sftp.1* | |
3ef3d901 | 359 | %endif |
f1bcacf9 | 360 | |
3ef3d901 | 361 | %if ! %{rescue} |
d397b172 | 362 | %files server |
363 | %defattr(-,root,root) | |
80e92e5d | 364 | %dir %attr(0111,root,root) %{_var}/empty/sshd |
aa0289fe | 365 | %attr(0755,root,root) %{_sbindir}/sshd |
366 | %attr(0755,root,root) %{_libexecdir}/openssh/sftp-server | |
777319db | 367 | %attr(0644,root,root) %{_mandir}/man8/sshd.8* |
9f182968 | 368 | %attr(0644,root,root) %{_mandir}/man5/sshd_config.5* |
777319db | 369 | %attr(0644,root,root) %{_mandir}/man8/sftp-server.8* |
3ef3d901 | 370 | %attr(0755,root,root) %dir %{_sysconfdir}/ssh |
371 | %attr(0600,root,root) %config(noreplace) %{_sysconfdir}/ssh/sshd_config | |
548fd014 | 372 | %attr(0600,root,root) %config(noreplace) /etc/pam.d/sshd |
f1bcacf9 | 373 | %attr(0755,root,root) %config /etc/rc.d/init.d/sshd |
3ef3d901 | 374 | %endif |
8efc0c15 | 375 | |
1e970014 | 376 | %if ! %{no_x11_askpass} |
d397b172 | 377 | %files askpass |
378 | %defattr(-,root,root) | |
f28583d0 | 379 | %doc x11-ssh-askpass-%{aversion}/README |
380 | %doc x11-ssh-askpass-%{aversion}/ChangeLog | |
381 | %doc x11-ssh-askpass-%{aversion}/SshAskpass*.ad | |
aa0289fe | 382 | %attr(0755,root,root) %{_libexecdir}/openssh/ssh-askpass |
383 | %attr(0755,root,root) %{_libexecdir}/openssh/x11-ssh-askpass | |
1e970014 | 384 | %endif |
8c119fd0 | 385 | |
1e970014 | 386 | %if ! %{no_gnome_askpass} |
bc7ea646 | 387 | %files askpass-gnome |
388 | %defattr(-,root,root) | |
3ef3d901 | 389 | %attr(0755,root,root) %config %{_sysconfdir}/profile.d/gnome-ssh-askpass.* |
aa0289fe | 390 | %attr(0755,root,root) %{_libexecdir}/openssh/gnome-ssh-askpass |
1e970014 | 391 | %endif |
aa0289fe | 392 | |
393 | %changelog | |
8862e142 | 394 | * Mon Jun 2 2003 Damien Miller <djm@mindrot.org> |
395 | - Remove noip6 option. This may be controlled at run-time in client config | |
396 | file using new AddressFamily directive | |
397 | ||
91f3aa9b | 398 | * Mon May 12 2003 Damien Miller <djm@mindrot.org> |
399 | - Don't install profile.d scripts when not building with GNOME/GTK askpass | |
400 | (patch from bet@rahul.net) | |
401 | ||
eebf7c4f | 402 | * Wed Oct 01 2002 Damien Miller <djm@mindrot.org> |
403 | - Install ssh-agent setgid nobody to prevent ptrace() key theft attacks | |
404 | ||
cf6713a2 | 405 | * Mon Sep 30 2002 Damien Miller <djm@mindrot.org> |
406 | - Use contrib/ Makefile for building askpass programs | |
407 | ||
9f182968 | 408 | * Fri Jun 21 2002 Damien Miller <djm@mindrot.org> |
409 | - Merge in spec changes from seba@iq.pl (Sebastian Pachuta) | |
410 | - Add new {ssh,sshd}_config.5 manpages | |
411 | - Add new ssh-keysign program and remove setuid from ssh client | |
412 | ||
3ef3d901 | 413 | * Fri May 10 2002 Damien Miller <djm@mindrot.org> |
414 | - Merge in spec changes from RedHat, reorgansie a little | |
415 | - Add Privsep user, group and directory | |
416 | ||
417 | * Thu Mar 7 2002 Nalin Dahyabhai <nalin@redhat.com> 3.1p1-2 | |
418 | - bump and grind (through the build system) | |
419 | ||
420 | * Thu Mar 7 2002 Nalin Dahyabhai <nalin@redhat.com> 3.1p1-1 | |
421 | - require sharutils for building (mindrot #137) | |
422 | - require db1-devel only when building for 6.x (#55105), which probably won't | |
423 | work anyway (3.1 requires OpenSSL 0.9.6 to build), but what the heck | |
424 | - require pam-devel by file (not by package name) again | |
425 | - add Markus's patch to compile with OpenSSL 0.9.5a (from | |
426 | http://bugzilla.mindrot.org/show_bug.cgi?id=141) and apply it if we're | |
427 | building for 6.x | |
428 | ||
429 | * Thu Mar 7 2002 Nalin Dahyabhai <nalin@redhat.com> 3.1p1-0 | |
430 | - update to 3.1p1 | |
431 | ||
432 | * Tue Mar 5 2002 Nalin Dahyabhai <nalin@redhat.com> SNAP-20020305 | |
433 | - update to SNAP-20020305 | |
434 | - drop debug patch, fixed upstream | |
435 | ||
436 | * Wed Feb 20 2002 Nalin Dahyabhai <nalin@redhat.com> SNAP-20020220 | |
437 | - update to SNAP-20020220 for testing purposes (you've been warned, if there's | |
438 | anything to be warned about, gss patches won't apply, I don't mind) | |
439 | ||
440 | * Wed Feb 13 2002 Nalin Dahyabhai <nalin@redhat.com> 3.0.2p1-3 | |
441 | - add patches from Simon Wilkinson and Nicolas Williams for GSSAPI key | |
442 | exchange, authentication, and named key support | |
443 | ||
444 | * Wed Jan 23 2002 Nalin Dahyabhai <nalin@redhat.com> 3.0.2p1-2 | |
445 | - remove dependency on db1-devel, which has just been swallowed up whole | |
446 | by gnome-libs-devel | |
447 | ||
448 | * Sun Dec 29 2001 Nalin Dahyabhai <nalin@redhat.com> | |
449 | - adjust build dependencies so that build6x actually works right (fix | |
450 | from Hugo van der Kooij) | |
451 | ||
452 | * Tue Dec 4 2001 Nalin Dahyabhai <nalin@redhat.com> 3.0.2p1-1 | |
453 | - update to 3.0.2p1 | |
454 | ||
455 | * Fri Nov 16 2001 Nalin Dahyabhai <nalin@redhat.com> 3.0.1p1-1 | |
456 | - update to 3.0.1p1 | |
457 | ||
458 | * Tue Nov 13 2001 Nalin Dahyabhai <nalin@redhat.com> | |
459 | - update to current CVS (not for use in distribution) | |
460 | ||
461 | * Thu Nov 8 2001 Nalin Dahyabhai <nalin@redhat.com> 3.0p1-1 | |
462 | - merge some of Damien Miller <djm@mindrot.org> changes from the upstream | |
463 | 3.0p1 spec file and init script | |
464 | ||
465 | * Wed Nov 7 2001 Nalin Dahyabhai <nalin@redhat.com> | |
466 | - update to 3.0p1 | |
467 | - update to x11-ssh-askpass 1.2.4.1 | |
468 | - change build dependency on a file from pam-devel to the pam-devel package | |
469 | - replace primes with moduli | |
470 | ||
471 | * Thu Sep 27 2001 Nalin Dahyabhai <nalin@redhat.com> 2.9p2-9 | |
472 | - incorporate fix from Markus Friedl's advisory for IP-based authorization bugs | |
473 | ||
474 | * Thu Sep 13 2001 Bernhard Rosenkraenzer <bero@redhat.com> 2.9p2-8 | |
475 | - Merge changes to rescue build from current sysadmin survival cd | |
476 | ||
477 | * Thu Sep 6 2001 Nalin Dahyabhai <nalin@redhat.com> 2.9p2-7 | |
478 | - fix scp's server's reporting of file sizes, and build with the proper | |
479 | preprocessor define to get large-file capable open(), stat(), etc. | |
480 | (sftp has been doing this correctly all along) (#51827) | |
481 | - configure without --with-ipv4-default on RHL 7.x and newer (#45987,#52247) | |
482 | - pull cvs patch to fix support for /etc/nologin for non-PAM logins (#47298) | |
483 | - mark profile.d scriptlets as config files (#42337) | |
484 | - refer to Jason Stone's mail for zsh workaround for exit-hanging quasi-bug | |
485 | - change a couple of log() statements to debug() statements (#50751) | |
486 | - pull cvs patch to add -t flag to sshd (#28611) | |
487 | - clear fd_sets correctly (one bit per FD, not one byte per FD) (#43221) | |
488 | ||
489 | * Mon Aug 20 2001 Nalin Dahyabhai <nalin@redhat.com> 2.9p2-6 | |
490 | - add db1-devel as a BuildPrerequisite (noted by Hans Ecke) | |
491 | ||
492 | * Thu Aug 16 2001 Nalin Dahyabhai <nalin@redhat.com> | |
493 | - pull cvs patch to fix remote port forwarding with protocol 2 | |
494 | ||
495 | * Thu Aug 9 2001 Nalin Dahyabhai <nalin@redhat.com> | |
496 | - pull cvs patch to add session initialization to no-pty sessions | |
497 | - pull cvs patch to not cut off challengeresponse auth needlessly | |
498 | - refuse to do X11 forwarding if xauth isn't there, handy if you enable | |
499 | it by default on a system that doesn't have X installed (#49263) | |
500 | ||
501 | * Wed Aug 8 2001 Nalin Dahyabhai <nalin@redhat.com> | |
502 | - don't apply patches to code we don't intend to build (spotted by Matt Galgoci) | |
503 | ||
504 | * Mon Aug 6 2001 Nalin Dahyabhai <nalin@redhat.com> | |
505 | - pass OPTIONS correctly to initlog (#50151) | |
506 | ||
507 | * Wed Jul 25 2001 Nalin Dahyabhai <nalin@redhat.com> | |
508 | - switch to x11-ssh-askpass 1.2.2 | |
509 | ||
510 | * Wed Jul 11 2001 Nalin Dahyabhai <nalin@redhat.com> | |
511 | - rebuild in new environment | |
512 | ||
513 | * Mon Jun 25 2001 Nalin Dahyabhai <nalin@redhat.com> | |
514 | - disable the gssapi patch | |
515 | ||
516 | * Mon Jun 18 2001 Nalin Dahyabhai <nalin@redhat.com> | |
517 | - update to 2.9p2 | |
518 | - refresh to a new version of the gssapi patch | |
519 | ||
520 | * Thu Jun 7 2001 Nalin Dahyabhai <nalin@redhat.com> | |
521 | - change Copyright: BSD to License: BSD | |
522 | - add Markus Friedl's unverified patch for the cookie file deletion problem | |
523 | so that we can verify it | |
524 | - drop patch to check if xauth is present (was folded into cookie patch) | |
525 | - don't apply gssapi patches for the errata candidate | |
526 | - clear supplemental groups list at startup | |
527 | ||
528 | * Fri May 25 2001 Nalin Dahyabhai <nalin@redhat.com> | |
529 | - fix an error parsing the new default sshd_config | |
530 | - add a fix from Markus Friedl (via openssh-unix-dev) for ssh-keygen not | |
531 | dealing with comments right | |
532 | ||
533 | * Thu May 24 2001 Nalin Dahyabhai <nalin@redhat.com> | |
534 | - add in Simon Wilkinson's GSSAPI patch to give it some testing in-house, | |
535 | to be removed before the next beta cycle because it's a big departure | |
536 | from the upstream version | |
537 | ||
538 | * Thu May 3 2001 Nalin Dahyabhai <nalin@redhat.com> | |
539 | - finish marking strings in the init script for translation | |
540 | - modify init script to source /etc/sysconfig/sshd and pass $OPTIONS to sshd | |
541 | at startup (change merged from openssh.com init script, originally by | |
542 | Pekka Savola) | |
543 | - refuse to do X11 forwarding if xauth isn't there, handy if you enable | |
544 | it by default on a system that doesn't have X installed | |
545 | ||
546 | * Wed May 2 2001 Nalin Dahyabhai <nalin@redhat.com> | |
547 | - update to 2.9 | |
548 | - drop various patches that came from or went upstream or to or from CVS | |
549 | ||
550 | * Wed Apr 18 2001 Nalin Dahyabhai <nalin@redhat.com> | |
551 | - only require initscripts 5.00 on 6.2 (reported by Peter Bieringer) | |
552 | ||
553 | * Sun Apr 8 2001 Preston Brown <pbrown@redhat.com> | |
554 | - remove explicit openssl requirement, fixes builddistro issue | |
555 | - make initscript stop() function wait until sshd really dead to avoid | |
556 | races in condrestart | |
557 | ||
558 | * Mon Apr 2 2001 Nalin Dahyabhai <nalin@redhat.com> | |
559 | - mention that challengereponse supports PAM, so disabling password doesn't | |
560 | limit users to pubkey and rsa auth (#34378) | |
561 | - bypass the daemon() function in the init script and call initlog directly, | |
562 | because daemon() won't start a daemon it detects is already running (like | |
563 | open connections) | |
564 | - require the version of openssl we had when we were built | |
565 | ||
566 | * Fri Mar 23 2001 Nalin Dahyabhai <nalin@redhat.com> | |
567 | - make do_pam_setcred() smart enough to know when to establish creds and | |
568 | when to reinitialize them | |
569 | - add in a couple of other fixes from Damien for inclusion in the errata | |
570 | ||
571 | * Thu Mar 22 2001 Nalin Dahyabhai <nalin@redhat.com> | |
572 | - update to 2.5.2p2 | |
573 | - call setcred() again after initgroups, because the "creds" could actually | |
574 | be group memberships | |
575 | ||
576 | * Tue Mar 20 2001 Nalin Dahyabhai <nalin@redhat.com> | |
577 | - update to 2.5.2p1 (includes endianness fixes in the rijndael implementation) | |
578 | - don't enable challenge-response by default until we find a way to not | |
579 | have too many userauth requests (we may make up to six pubkey and up to | |
580 | three password attempts as it is) | |
581 | - remove build dependency on rsh to match openssh.com's packages more closely | |
582 | ||
583 | * Sat Mar 3 2001 Nalin Dahyabhai <nalin@redhat.com> | |
584 | - remove dependency on openssl -- would need to be too precise | |
585 | ||
586 | * Fri Mar 2 2001 Nalin Dahyabhai <nalin@redhat.com> | |
587 | - rebuild in new environment | |
588 | ||
589 | * Mon Feb 26 2001 Nalin Dahyabhai <nalin@redhat.com> | |
590 | - Revert the patch to move pam_open_session. | |
591 | - Init script and spec file changes from Pekka Savola. (#28750) | |
592 | - Patch sftp to recognize '-o protocol' arguments. (#29540) | |
593 | ||
594 | * Thu Feb 22 2001 Nalin Dahyabhai <nalin@redhat.com> | |
595 | - Chuck the closing patch. | |
596 | - Add a trigger to add host keys for protocol 2 to the config file, now that | |
597 | configuration file syntax requires us to specify it with HostKey if we | |
598 | specify any other HostKey values, which we do. | |
599 | ||
600 | * Tue Feb 20 2001 Nalin Dahyabhai <nalin@redhat.com> | |
601 | - Redo patch to move pam_open_session after the server setuid()s to the user. | |
602 | - Rework the nopam patch to use be picked up by autoconf. | |
603 | ||
604 | * Mon Feb 19 2001 Nalin Dahyabhai <nalin@redhat.com> | |
605 | - Update for 2.5.1p1. | |
606 | - Add init script mods from Pekka Savola. | |
607 | - Tweak the init script to match the CVS contrib script more closely. | |
608 | - Redo patch to ssh-add to try to adding both identity and id_dsa to also try | |
609 | adding id_rsa. | |
610 | ||
611 | * Fri Feb 16 2001 Nalin Dahyabhai <nalin@redhat.com> | |
612 | - Update for 2.5.0p1. | |
613 | - Use $RPM_OPT_FLAGS instead of -O when building gnome-ssh-askpass | |
614 | - Resync with parts of Damien Miller's openssh.spec from CVS, including | |
615 | update of x11 askpass to 1.2.0. | |
616 | - Only require openssl (don't prereq) because we generate keys in the init | |
617 | script now. | |
618 | ||
619 | * Tue Feb 13 2001 Nalin Dahyabhai <nalin@redhat.com> | |
620 | - Don't open a PAM session until we've forked and become the user (#25690). | |
621 | - Apply Andrew Bartlett's patch for letting pam_authenticate() know which | |
622 | host the user is attempting a login from. | |
623 | - Resync with parts of Damien Miller's openssh.spec from CVS. | |
624 | - Don't expose KbdInt responses in debug messages (from CVS). | |
625 | - Detect and handle errors in rsa_{public,private}_decrypt (from CVS). | |
626 | ||
627 | * Wed Feb 7 2001 Trond Eivind Glomsrxd <teg@redhat.com> | |
628 | - i18n-tweak to initscript. | |
629 | ||
630 | * Tue Jan 23 2001 Nalin Dahyabhai <nalin@redhat.com> | |
631 | - More gettextizing. | |
632 | - Close all files after going into daemon mode (needs more testing). | |
633 | - Extract patch from CVS to handle auth banners (in the client). | |
634 | - Extract patch from CVS to handle compat weirdness. | |
635 | ||
636 | * Fri Jan 19 2001 Nalin Dahyabhai <nalin@redhat.com> | |
637 | - Finish with the gettextizing. | |
638 | ||
639 | * Thu Jan 18 2001 Nalin Dahyabhai <nalin@redhat.com> | |
640 | - Fix a bug in auth2-pam.c (#23877) | |
641 | - Gettextize the init script. | |
642 | ||
643 | * Wed Dec 20 2000 Nalin Dahyabhai <nalin@redhat.com> | |
644 | - Incorporate a switch for using PAM configs for 6.x, just in case. | |
645 | ||
646 | * Tue Dec 5 2000 Nalin Dahyabhai <nalin@redhat.com> | |
647 | - Incorporate Bero's changes for a build specifically for rescue CDs. | |
648 | ||
649 | * Wed Nov 29 2000 Nalin Dahyabhai <nalin@redhat.com> | |
650 | - Don't treat pam_setcred() failure as fatal unless pam_authenticate() has | |
651 | succeeded, to allow public-key authentication after a failure with "none" | |
652 | authentication. (#21268) | |
653 | ||
654 | * Tue Nov 28 2000 Nalin Dahyabhai <nalin@redhat.com> | |
655 | - Update to x11-askpass 1.1.1. (#21301) | |
656 | - Don't second-guess fixpaths, which causes paths to get fixed twice. (#21290) | |
657 | ||
658 | * Mon Nov 27 2000 Nalin Dahyabhai <nalin@redhat.com> | |
659 | - Merge multiple PAM text messages into subsequent prompts when possible when | |
660 | doing keyboard-interactive authentication. | |
661 | ||
662 | * Sun Nov 26 2000 Nalin Dahyabhai <nalin@redhat.com> | |
663 | - Disable the built-in MD5 password support. We're using PAM. | |
664 | - Take a crack at doing keyboard-interactive authentication with PAM, and | |
665 | enable use of it in the default client configuration so that the client | |
666 | will try it when the server disallows password authentication. | |
667 | - Build with debugging flags. Build root policies strip all binaries anyway. | |
668 | ||
669 | * Tue Nov 21 2000 Nalin Dahyabhai <nalin@redhat.com> | |
670 | - Use DESTDIR instead of %%makeinstall. | |
671 | - Remove /usr/X11R6/bin from the path-fixing patch. | |
672 | ||
673 | * Mon Nov 20 2000 Nalin Dahyabhai <nalin@redhat.com> | |
674 | - Add the primes file from the latest snapshot to the main package (#20884). | |
675 | - Add the dev package to the prereq list (#19984). | |
676 | - Remove the default path and mimic login's behavior in the server itself. | |
677 | ||
678 | * Fri Nov 17 2000 Nalin Dahyabhai <nalin@redhat.com> | |
679 | - Resync with conditional options in Damien Miller's .spec file for an errata. | |
680 | - Change libexecdir from %%{_libexecdir}/ssh to %%{_libexecdir}/openssh. | |
681 | ||
682 | * Tue Nov 7 2000 Nalin Dahyabhai <nalin@redhat.com> | |
683 | - Update to OpenSSH 2.3.0p1. | |
684 | - Update to x11-askpass 1.1.0. | |
685 | - Enable keyboard-interactive authentication. | |
686 | ||
687 | * Mon Oct 30 2000 Nalin Dahyabhai <nalin@redhat.com> | |
688 | - Update to ssh-askpass-x11 1.0.3. | |
689 | - Change authentication related messages to be private (#19966). | |
690 | ||
691 | * Tue Oct 10 2000 Nalin Dahyabhai <nalin@redhat.com> | |
692 | - Patch ssh-keygen to be able to list signatures for DSA public key files | |
693 | it generates. | |
694 | ||
695 | * Thu Oct 5 2000 Nalin Dahyabhai <nalin@redhat.com> | |
696 | - Add BuildPreReq on /usr/include/security/pam_appl.h to be sure we always | |
697 | build PAM authentication in. | |
698 | - Try setting SSH_ASKPASS if gnome-ssh-askpass is installed. | |
699 | - Clean out no-longer-used patches. | |
700 | - Patch ssh-add to try to add both identity and id_dsa, and to error only | |
701 | when neither exists. | |
702 | ||
703 | * Mon Oct 2 2000 Nalin Dahyabhai <nalin@redhat.com> | |
704 | - Update x11-askpass to 1.0.2. (#17835) | |
705 | - Add BuildPreReqs for /bin/login and /usr/bin/rsh so that configure will | |
706 | always find them in the right place. (#17909) | |
707 | - Set the default path to be the same as the one supplied by /bin/login, but | |
708 | add /usr/X11R6/bin. (#17909) | |
709 | - Try to handle obsoletion of ssh-server more cleanly. Package names | |
710 | are different, but init script name isn't. (#17865) | |
711 | ||
712 | * Wed Sep 6 2000 Nalin Dahyabhai <nalin@redhat.com> | |
713 | - Update to 2.2.0p1. (#17835) | |
714 | - Tweak the init script to allow proper restarting. (#18023) | |
715 | ||
716 | * Wed Aug 23 2000 Nalin Dahyabhai <nalin@redhat.com> | |
717 | - Update to 20000823 snapshot. | |
718 | - Change subpackage requirements from %%{version} to %%{version}-%%{release} | |
719 | - Back out the pipe patch. | |
720 | ||
721 | * Mon Jul 17 2000 Nalin Dahyabhai <nalin@redhat.com> | |
722 | - Update to 2.1.1p4, which includes fixes for config file parsing problems. | |
723 | - Move the init script back. | |
724 | - Add Damien's quick fix for wackiness. | |
725 | ||
726 | * Wed Jul 12 2000 Nalin Dahyabhai <nalin@redhat.com> | |
727 | - Update to 2.1.1p3, which includes fixes for X11 forwarding and strtok(). | |
728 | ||
729 | * Thu Jul 6 2000 Nalin Dahyabhai <nalin@redhat.com> | |
730 | - Move condrestart to server postun. | |
731 | - Move key generation to init script. | |
732 | - Actually use the right patch for moving the key generation to the init script. | |
733 | - Clean up the init script a bit. | |
734 | ||
735 | * Wed Jul 5 2000 Nalin Dahyabhai <nalin@redhat.com> | |
736 | - Fix X11 forwarding, from mail post by Chan Shih-Ping Richard. | |
737 | ||
738 | * Sun Jul 2 2000 Nalin Dahyabhai <nalin@redhat.com> | |
739 | - Update to 2.1.1p2. | |
740 | - Use of strtok() considered harmful. | |
741 | ||
742 | * Sat Jul 1 2000 Nalin Dahyabhai <nalin@redhat.com> | |
743 | - Get the build root out of the man pages. | |
744 | ||
745 | * Thu Jun 29 2000 Nalin Dahyabhai <nalin@redhat.com> | |
746 | - Add and use condrestart support in the init script. | |
747 | - Add newer initscripts as a prereq. | |
748 | ||
749 | * Tue Jun 27 2000 Nalin Dahyabhai <nalin@redhat.com> | |
750 | - Build in new environment (release 2) | |
751 | - Move -clients subpackage to Applications/Internet group | |
752 | ||
753 | * Fri Jun 9 2000 Nalin Dahyabhai <nalin@redhat.com> | |
754 | - Update to 2.2.1p1 | |
755 | ||
756 | * Sat Jun 3 2000 Nalin Dahyabhai <nalin@redhat.com> | |
757 | - Patch to build with neither RSA nor RSAref. | |
758 | - Miscellaneous FHS-compliance tweaks. | |
759 | - Fix for possibly-compressed man pages. | |
760 | ||
aa0289fe | 761 | * Wed Mar 15 2000 Damien Miller <djm@ibs.com.au> |
762 | - Updated for new location | |
763 | - Updated for new gnome-ssh-askpass build | |
3ef3d901 | 764 | |
aa0289fe | 765 | * Sun Dec 26 1999 Damien Miller <djm@mindrot.org> |
766 | - Added Jim Knoble's <jmknoble@pobox.com> askpass | |
3ef3d901 | 767 | |
aa0289fe | 768 | * Mon Nov 15 1999 Damien Miller <djm@mindrot.org> |
769 | - Split subpackages further based on patch from jim knoble <jmknoble@pobox.com> | |
3ef3d901 | 770 | |
aa0289fe | 771 | * Sat Nov 13 1999 Damien Miller <djm@mindrot.org> |
772 | - Added 'Obsoletes' directives | |
3ef3d901 | 773 | |
aa0289fe | 774 | * Tue Nov 09 1999 Damien Miller <djm@ibs.com.au> |
775 | - Use make install | |
776 | - Subpackages | |
3ef3d901 | 777 | |
aa0289fe | 778 | * Mon Nov 08 1999 Damien Miller <djm@ibs.com.au> |
779 | - Added links for slogin | |
780 | - Fixed perms on manpages | |
3ef3d901 | 781 | |
aa0289fe | 782 | * Sat Oct 30 1999 Damien Miller <djm@ibs.com.au> |
783 | - Renamed init script | |
3ef3d901 | 784 | |
aa0289fe | 785 | * Fri Oct 29 1999 Damien Miller <djm@ibs.com.au> |
786 | - Back to old binary names | |
3ef3d901 | 787 | |
aa0289fe | 788 | * Thu Oct 28 1999 Damien Miller <djm@ibs.com.au> |
789 | - Use autoconf | |
790 | - New binary names | |
3ef3d901 | 791 | |
aa0289fe | 792 | * Wed Oct 27 1999 Damien Miller <djm@ibs.com.au> |
793 | - Initial RPMification, based on Jan "Yenya" Kasprzak's <kas@fi.muni.cz> spec. |