4 # OpenSSH privilege separation requires a user & group ID
8 # Version of ssh-askpass
9 %define aversion 1.2.4.1
11 # Do we want to disable building of x11-askpass? (1=yes 0=no)
12 %define no_x11_askpass 0
14 # Do we want to disable building of gnome-askpass? (1=yes 0=no)
15 %define no_gnome_askpass 0
17 # Do we want to link against a static libcrypto? (1=yes 0=no)
18 %define static_libcrypto 0
20 # Do we want smartcard support (1=yes 0=no)
23 # Use GTK2 instead of GNOME in gnome-ssh-askpass
26 # Is this build for RHL 6.x?
29 # Do we want kerberos5 support (1=yes 0=no)
32 # Reserve options to override askpass settings with:
33 # rpm -ba|--rebuild --define 'skip_xxx 1'
34 %{?skip_x11_askpass:%define no_x11_askpass 1}
35 %{?skip_gnome_askpass:%define no_gnome_askpass 1}
37 # Add option to build without GTK2 for older platforms with only GTK+.
38 # RedHat <= 7.2 and Red Hat Advanced Server 2.1 are examples.
39 # rpm -ba|--rebuild --define 'no_gtk2 1'
40 %{?no_gtk2:%define gtk2 0}
42 # Is this a build for RHL 6.x or earlier?
43 %{?build_6x:%define build6x 1}
45 # If this is RHL 6.x, the default configuration has sysconfdir in /usr/etc.
47 %define _sysconfdir /etc
50 # Options for static OpenSSL link:
51 # rpm -ba|--rebuild --define "static_openssl 1"
52 %{?static_openssl:%define static_libcrypto 1}
54 # Options for Smartcard support: (needs libsectok and openssl-engine)
55 # rpm -ba|--rebuild --define "smartcard 1"
56 %{?smartcard:%define scard 1}
58 # Is this a build for the rescue CD (without PAM, with MD5)? (1=yes 0=no)
60 %{?build_rescue:%define rescue 1}
62 # Turn off some stuff for resuce builds
67 Summary: The OpenSSH implementation of SSH protocol versions 1 and 2.
75 URL: http://www.openssh.com/portable.html
76 Source0: ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-%{version}.tar.gz
77 Source1: http://www.pobox.com/~jmknoble/software/x11-ssh-askpass/x11-ssh-askpass-%{aversion}.tar.gz
79 Group: Applications/Internet
80 BuildRoot: %{_tmppath}/%{name}-%{version}-buildroot
83 PreReq: initscripts >= 5.00
85 PreReq: initscripts >= 5.20
87 BuildPreReq: perl, openssl-devel, tcp_wrappers
88 BuildPreReq: /bin/login
90 BuildPreReq: glibc-devel, pam
92 BuildPreReq: /usr/include/security/pam_appl.h
94 %if ! %{no_x11_askpass}
95 BuildPreReq: XFree86-devel
97 %if ! %{no_gnome_askpass}
98 BuildPreReq: pkgconfig
101 BuildPreReq: krb5-devel
102 BuildPreReq: krb5-libs
106 Summary: OpenSSH clients.
107 Requires: openssh = %{version}-%{release}
108 Group: Applications/Internet
109 Obsoletes: ssh-clients
112 Summary: The OpenSSH server daemon.
113 Group: System Environment/Daemons
114 Obsoletes: ssh-server
115 PreReq: openssh = %{version}-%{release}, chkconfig >= 0.9
117 Requires: /etc/pam.d/system-auth
121 Summary: A passphrase dialog for OpenSSH and X.
122 Group: Applications/Internet
123 Requires: openssh = %{version}-%{release}
124 Obsoletes: ssh-extras
126 %package askpass-gnome
127 Summary: A passphrase dialog for OpenSSH, X, and GNOME.
128 Group: Applications/Internet
129 Requires: openssh = %{version}-%{release}
130 Obsoletes: ssh-extras
133 SSH (Secure SHell) is a program for logging into and executing
134 commands on a remote machine. SSH is intended to replace rlogin and
135 rsh, and to provide secure encrypted communications between two
136 untrusted hosts over an insecure network. X11 connections and
137 arbitrary TCP/IP ports can also be forwarded over the secure channel.
139 OpenSSH is OpenBSD's version of the last free version of SSH, bringing
140 it up to date in terms of security and features, as well as removing
141 all patented algorithms to separate libraries.
143 This package includes the core files necessary for both the OpenSSH
144 client and server. To make this package useful, you should also
145 install openssh-clients, openssh-server, or both.
148 OpenSSH is a free version of SSH (Secure SHell), a program for logging
149 into and executing commands on a remote machine. This package includes
150 the clients necessary to make encrypted connections to SSH servers.
151 You'll also need to install the openssh package on OpenSSH clients.
154 OpenSSH is a free version of SSH (Secure SHell), a program for logging
155 into and executing commands on a remote machine. This package contains
156 the secure shell daemon (sshd). The sshd daemon allows SSH clients to
157 securely connect to your SSH server. You also need to have the openssh
161 OpenSSH is a free version of SSH (Secure SHell), a program for logging
162 into and executing commands on a remote machine. This package contains
163 an X11 passphrase dialog for OpenSSH.
165 %description askpass-gnome
166 OpenSSH is a free version of SSH (Secure SHell), a program for logging
167 into and executing commands on a remote machine. This package contains
168 an X11 passphrase dialog for OpenSSH and the GNOME GUI desktop
173 %if ! %{no_x11_askpass}
181 CFLAGS="$RPM_OPT_FLAGS -Os"; export CFLAGS
185 --sysconfdir=%{_sysconfdir}/ssh \
186 --libexecdir=%{_libexecdir}/openssh \
187 --datadir=%{_datadir}/openssh \
188 --with-tcp-wrappers \
189 --with-rsh=%{_bindir}/rsh \
190 --with-default-path=/usr/local/bin:/bin:/usr/bin \
191 --with-superuser-path=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin \
192 --with-privsep-path=%{_var}/empty/sshd \
197 --without-pam --with-md5-passwords \
202 --with-kerberos5=/usr/kerberos \
206 %if %{static_libcrypto}
207 perl -pi -e "s|-lcrypto|%{_libdir}/libcrypto.a|g" Makefile
212 %if ! %{no_x11_askpass}
213 pushd x11-ssh-askpass-%{aversion}
214 %configure --libexecdir=%{_libexecdir}/openssh
220 # Define a variable to toggle gnome1/gtk2 building. This is necessary
221 # because RPM doesn't handle nested %if statements.
228 %if ! %{no_gnome_askpass}
230 if [ $gtk2 = yes ] ; then
231 make gnome-ssh-askpass2
232 mv gnome-ssh-askpass2 gnome-ssh-askpass
234 make gnome-ssh-askpass1
235 mv gnome-ssh-askpass1 gnome-ssh-askpass
241 rm -rf $RPM_BUILD_ROOT
242 mkdir -p -m755 $RPM_BUILD_ROOT%{_sysconfdir}/ssh
243 mkdir -p -m755 $RPM_BUILD_ROOT%{_libexecdir}/openssh
244 mkdir -p -m755 $RPM_BUILD_ROOT%{_var}/empty/sshd
246 make install DESTDIR=$RPM_BUILD_ROOT
248 install -d $RPM_BUILD_ROOT/etc/pam.d/
249 install -d $RPM_BUILD_ROOT/etc/rc.d/init.d
250 install -d $RPM_BUILD_ROOT%{_libexecdir}/openssh
252 install -m644 contrib/redhat/sshd.pam.old $RPM_BUILD_ROOT/etc/pam.d/sshd
254 install -m644 contrib/redhat/sshd.pam $RPM_BUILD_ROOT/etc/pam.d/sshd
256 install -m755 contrib/redhat/sshd.init $RPM_BUILD_ROOT/etc/rc.d/init.d/sshd
258 %if ! %{no_x11_askpass}
259 install -s x11-ssh-askpass-%{aversion}/x11-ssh-askpass $RPM_BUILD_ROOT%{_libexecdir}/openssh/x11-ssh-askpass
260 ln -s x11-ssh-askpass $RPM_BUILD_ROOT%{_libexecdir}/openssh/ssh-askpass
263 %if ! %{no_gnome_askpass}
264 install -s contrib/gnome-ssh-askpass $RPM_BUILD_ROOT%{_libexecdir}/openssh/gnome-ssh-askpass
268 rm -f $RPM_BUILD_ROOT/usr/share/openssh/Ssh.bin
271 %if ! %{no_gnome_askpass}
272 install -m 755 -d $RPM_BUILD_ROOT%{_sysconfdir}/profile.d/
273 install -m 755 contrib/redhat/gnome-ssh-askpass.csh $RPM_BUILD_ROOT%{_sysconfdir}/profile.d/
274 install -m 755 contrib/redhat/gnome-ssh-askpass.sh $RPM_BUILD_ROOT%{_sysconfdir}/profile.d/
277 perl -pi -e "s|$RPM_BUILD_ROOT||g" $RPM_BUILD_ROOT%{_mandir}/man*/*
280 rm -rf $RPM_BUILD_ROOT
282 %triggerun server -- ssh-server
283 if [ "$1" != 0 -a -r /var/run/sshd.pid ] ; then
284 touch /var/run/sshd.restart
287 %triggerun server -- openssh-server < 2.5.0p1
288 # Count the number of HostKey and HostDsaKey statements we have.
289 gawk 'BEGIN {IGNORECASE=1}
290 /^hostkey/ || /^hostdsakey/ {sawhostkey = sawhostkey + 1}
291 END {exit sawhostkey}' /etc/ssh/sshd_config
292 # And if we only found one, we know the client was relying on the old default
293 # behavior, which loaded the the SSH2 DSA host key when HostDsaKey wasn't
294 # specified. Now that HostKey is used for both SSH1 and SSH2 keys, specifying
295 # one nullifies the default, which would have loaded both.
296 if [ $? -eq 1 ] ; then
297 echo HostKey /etc/ssh/ssh_host_rsa_key >> /etc/ssh/sshd_config
298 echo HostKey /etc/ssh/ssh_host_dsa_key >> /etc/ssh/sshd_config
301 %triggerpostun server -- ssh-server
302 if [ "$1" != 0 ] ; then
303 /sbin/chkconfig --add sshd
304 if test -f /var/run/sshd.restart ; then
305 rm -f /var/run/sshd.restart
306 /sbin/service sshd start > /dev/null 2>&1 || :
311 %{_sbindir}/groupadd -r -g %{sshd_gid} sshd 2>/dev/null || :
312 %{_sbindir}/useradd -d /var/empty/sshd -s /bin/false -u %{sshd_uid} \
313 -g sshd -M -r sshd 2>/dev/null || :
316 /sbin/chkconfig --add sshd
319 /sbin/service sshd condrestart > /dev/null 2>&1 || :
324 /sbin/service sshd stop > /dev/null 2>&1 || :
325 /sbin/chkconfig --del sshd
329 %defattr(-,root,root)
330 %doc CREDITS ChangeLog INSTALL LICENCE OVERVIEW README* RFC* TODO WARNING*
331 %attr(0755,root,root) %{_bindir}/scp
332 %attr(0644,root,root) %{_mandir}/man1/scp.1*
333 %attr(0755,root,root) %dir %{_sysconfdir}/ssh
334 %attr(0600,root,root) %config(noreplace) %{_sysconfdir}/ssh/moduli
336 %attr(0755,root,root) %{_bindir}/ssh-keygen
337 %attr(0644,root,root) %{_mandir}/man1/ssh-keygen.1*
338 %attr(0755,root,root) %dir %{_libexecdir}/openssh
339 %attr(4711,root,root) %{_libexecdir}/openssh/ssh-keysign
340 %attr(0644,root,root) %{_mandir}/man8/ssh-keysign.8*
343 %attr(0755,root,root) %dir %{_datadir}/openssh
344 %attr(0644,root,root) %{_datadir}/openssh/Ssh.bin
348 %defattr(-,root,root)
349 %attr(0755,root,root) %{_bindir}/ssh
350 %attr(0644,root,root) %{_mandir}/man1/ssh.1*
351 %attr(0644,root,root) %{_mandir}/man5/ssh_config.5*
352 %attr(0644,root,root) %config(noreplace) %{_sysconfdir}/ssh/ssh_config
353 %attr(-,root,root) %{_bindir}/slogin
354 %attr(-,root,root) %{_mandir}/man1/slogin.1*
356 %attr(2755,root,nobody) %{_bindir}/ssh-agent
357 %attr(0755,root,root) %{_bindir}/ssh-add
358 %attr(0755,root,root) %{_bindir}/ssh-keyscan
359 %attr(0755,root,root) %{_bindir}/sftp
360 %attr(0644,root,root) %{_mandir}/man1/ssh-agent.1*
361 %attr(0644,root,root) %{_mandir}/man1/ssh-add.1*
362 %attr(0644,root,root) %{_mandir}/man1/ssh-keyscan.1*
363 %attr(0644,root,root) %{_mandir}/man1/sftp.1*
368 %defattr(-,root,root)
369 %dir %attr(0111,root,root) %{_var}/empty/sshd
370 %attr(0755,root,root) %{_sbindir}/sshd
371 %attr(0755,root,root) %{_libexecdir}/openssh/sftp-server
372 %attr(0644,root,root) %{_mandir}/man8/sshd.8*
373 %attr(0644,root,root) %{_mandir}/man5/sshd_config.5*
374 %attr(0644,root,root) %{_mandir}/man8/sftp-server.8*
375 %attr(0755,root,root) %dir %{_sysconfdir}/ssh
376 %attr(0600,root,root) %config(noreplace) %{_sysconfdir}/ssh/sshd_config
377 %attr(0600,root,root) %config(noreplace) /etc/pam.d/sshd
378 %attr(0755,root,root) %config /etc/rc.d/init.d/sshd
381 %if ! %{no_x11_askpass}
383 %defattr(-,root,root)
384 %doc x11-ssh-askpass-%{aversion}/README
385 %doc x11-ssh-askpass-%{aversion}/ChangeLog
386 %doc x11-ssh-askpass-%{aversion}/SshAskpass*.ad
387 %attr(0755,root,root) %{_libexecdir}/openssh/ssh-askpass
388 %attr(0755,root,root) %{_libexecdir}/openssh/x11-ssh-askpass
391 %if ! %{no_gnome_askpass}
393 %defattr(-,root,root)
394 %attr(0755,root,root) %config %{_sysconfdir}/profile.d/gnome-ssh-askpass.*
395 %attr(0755,root,root) %{_libexecdir}/openssh/gnome-ssh-askpass
399 * Mon Jun 2 2003 Damien Miller <djm@mindrot.org>
400 - Remove noip6 option. This may be controlled at run-time in client config
401 file using new AddressFamily directive
403 * Mon May 12 2003 Damien Miller <djm@mindrot.org>
404 - Don't install profile.d scripts when not building with GNOME/GTK askpass
405 (patch from bet@rahul.net)
407 * Wed Oct 01 2002 Damien Miller <djm@mindrot.org>
408 - Install ssh-agent setgid nobody to prevent ptrace() key theft attacks
410 * Mon Sep 30 2002 Damien Miller <djm@mindrot.org>
411 - Use contrib/ Makefile for building askpass programs
413 * Fri Jun 21 2002 Damien Miller <djm@mindrot.org>
414 - Merge in spec changes from seba@iq.pl (Sebastian Pachuta)
415 - Add new {ssh,sshd}_config.5 manpages
416 - Add new ssh-keysign program and remove setuid from ssh client
418 * Fri May 10 2002 Damien Miller <djm@mindrot.org>
419 - Merge in spec changes from RedHat, reorgansie a little
420 - Add Privsep user, group and directory
422 * Thu Mar 7 2002 Nalin Dahyabhai <nalin@redhat.com> 3.1p1-2
423 - bump and grind (through the build system)
425 * Thu Mar 7 2002 Nalin Dahyabhai <nalin@redhat.com> 3.1p1-1
426 - require sharutils for building (mindrot #137)
427 - require db1-devel only when building for 6.x (#55105), which probably won't
428 work anyway (3.1 requires OpenSSL 0.9.6 to build), but what the heck
429 - require pam-devel by file (not by package name) again
430 - add Markus's patch to compile with OpenSSL 0.9.5a (from
431 http://bugzilla.mindrot.org/show_bug.cgi?id=141) and apply it if we're
434 * Thu Mar 7 2002 Nalin Dahyabhai <nalin@redhat.com> 3.1p1-0
437 * Tue Mar 5 2002 Nalin Dahyabhai <nalin@redhat.com> SNAP-20020305
438 - update to SNAP-20020305
439 - drop debug patch, fixed upstream
441 * Wed Feb 20 2002 Nalin Dahyabhai <nalin@redhat.com> SNAP-20020220
442 - update to SNAP-20020220 for testing purposes (you've been warned, if there's
443 anything to be warned about, gss patches won't apply, I don't mind)
445 * Wed Feb 13 2002 Nalin Dahyabhai <nalin@redhat.com> 3.0.2p1-3
446 - add patches from Simon Wilkinson and Nicolas Williams for GSSAPI key
447 exchange, authentication, and named key support
449 * Wed Jan 23 2002 Nalin Dahyabhai <nalin@redhat.com> 3.0.2p1-2
450 - remove dependency on db1-devel, which has just been swallowed up whole
453 * Sun Dec 29 2001 Nalin Dahyabhai <nalin@redhat.com>
454 - adjust build dependencies so that build6x actually works right (fix
455 from Hugo van der Kooij)
457 * Tue Dec 4 2001 Nalin Dahyabhai <nalin@redhat.com> 3.0.2p1-1
460 * Fri Nov 16 2001 Nalin Dahyabhai <nalin@redhat.com> 3.0.1p1-1
463 * Tue Nov 13 2001 Nalin Dahyabhai <nalin@redhat.com>
464 - update to current CVS (not for use in distribution)
466 * Thu Nov 8 2001 Nalin Dahyabhai <nalin@redhat.com> 3.0p1-1
467 - merge some of Damien Miller <djm@mindrot.org> changes from the upstream
468 3.0p1 spec file and init script
470 * Wed Nov 7 2001 Nalin Dahyabhai <nalin@redhat.com>
472 - update to x11-ssh-askpass 1.2.4.1
473 - change build dependency on a file from pam-devel to the pam-devel package
474 - replace primes with moduli
476 * Thu Sep 27 2001 Nalin Dahyabhai <nalin@redhat.com> 2.9p2-9
477 - incorporate fix from Markus Friedl's advisory for IP-based authorization bugs
479 * Thu Sep 13 2001 Bernhard Rosenkraenzer <bero@redhat.com> 2.9p2-8
480 - Merge changes to rescue build from current sysadmin survival cd
482 * Thu Sep 6 2001 Nalin Dahyabhai <nalin@redhat.com> 2.9p2-7
483 - fix scp's server's reporting of file sizes, and build with the proper
484 preprocessor define to get large-file capable open(), stat(), etc.
485 (sftp has been doing this correctly all along) (#51827)
486 - configure without --with-ipv4-default on RHL 7.x and newer (#45987,#52247)
487 - pull cvs patch to fix support for /etc/nologin for non-PAM logins (#47298)
488 - mark profile.d scriptlets as config files (#42337)
489 - refer to Jason Stone's mail for zsh workaround for exit-hanging quasi-bug
490 - change a couple of log() statements to debug() statements (#50751)
491 - pull cvs patch to add -t flag to sshd (#28611)
492 - clear fd_sets correctly (one bit per FD, not one byte per FD) (#43221)
494 * Mon Aug 20 2001 Nalin Dahyabhai <nalin@redhat.com> 2.9p2-6
495 - add db1-devel as a BuildPrerequisite (noted by Hans Ecke)
497 * Thu Aug 16 2001 Nalin Dahyabhai <nalin@redhat.com>
498 - pull cvs patch to fix remote port forwarding with protocol 2
500 * Thu Aug 9 2001 Nalin Dahyabhai <nalin@redhat.com>
501 - pull cvs patch to add session initialization to no-pty sessions
502 - pull cvs patch to not cut off challengeresponse auth needlessly
503 - refuse to do X11 forwarding if xauth isn't there, handy if you enable
504 it by default on a system that doesn't have X installed (#49263)
506 * Wed Aug 8 2001 Nalin Dahyabhai <nalin@redhat.com>
507 - don't apply patches to code we don't intend to build (spotted by Matt Galgoci)
509 * Mon Aug 6 2001 Nalin Dahyabhai <nalin@redhat.com>
510 - pass OPTIONS correctly to initlog (#50151)
512 * Wed Jul 25 2001 Nalin Dahyabhai <nalin@redhat.com>
513 - switch to x11-ssh-askpass 1.2.2
515 * Wed Jul 11 2001 Nalin Dahyabhai <nalin@redhat.com>
516 - rebuild in new environment
518 * Mon Jun 25 2001 Nalin Dahyabhai <nalin@redhat.com>
519 - disable the gssapi patch
521 * Mon Jun 18 2001 Nalin Dahyabhai <nalin@redhat.com>
523 - refresh to a new version of the gssapi patch
525 * Thu Jun 7 2001 Nalin Dahyabhai <nalin@redhat.com>
526 - change Copyright: BSD to License: BSD
527 - add Markus Friedl's unverified patch for the cookie file deletion problem
528 so that we can verify it
529 - drop patch to check if xauth is present (was folded into cookie patch)
530 - don't apply gssapi patches for the errata candidate
531 - clear supplemental groups list at startup
533 * Fri May 25 2001 Nalin Dahyabhai <nalin@redhat.com>
534 - fix an error parsing the new default sshd_config
535 - add a fix from Markus Friedl (via openssh-unix-dev) for ssh-keygen not
536 dealing with comments right
538 * Thu May 24 2001 Nalin Dahyabhai <nalin@redhat.com>
539 - add in Simon Wilkinson's GSSAPI patch to give it some testing in-house,
540 to be removed before the next beta cycle because it's a big departure
541 from the upstream version
543 * Thu May 3 2001 Nalin Dahyabhai <nalin@redhat.com>
544 - finish marking strings in the init script for translation
545 - modify init script to source /etc/sysconfig/sshd and pass $OPTIONS to sshd
546 at startup (change merged from openssh.com init script, originally by
548 - refuse to do X11 forwarding if xauth isn't there, handy if you enable
549 it by default on a system that doesn't have X installed
551 * Wed May 2 2001 Nalin Dahyabhai <nalin@redhat.com>
553 - drop various patches that came from or went upstream or to or from CVS
555 * Wed Apr 18 2001 Nalin Dahyabhai <nalin@redhat.com>
556 - only require initscripts 5.00 on 6.2 (reported by Peter Bieringer)
558 * Sun Apr 8 2001 Preston Brown <pbrown@redhat.com>
559 - remove explicit openssl requirement, fixes builddistro issue
560 - make initscript stop() function wait until sshd really dead to avoid
563 * Mon Apr 2 2001 Nalin Dahyabhai <nalin@redhat.com>
564 - mention that challengereponse supports PAM, so disabling password doesn't
565 limit users to pubkey and rsa auth (#34378)
566 - bypass the daemon() function in the init script and call initlog directly,
567 because daemon() won't start a daemon it detects is already running (like
569 - require the version of openssl we had when we were built
571 * Fri Mar 23 2001 Nalin Dahyabhai <nalin@redhat.com>
572 - make do_pam_setcred() smart enough to know when to establish creds and
573 when to reinitialize them
574 - add in a couple of other fixes from Damien for inclusion in the errata
576 * Thu Mar 22 2001 Nalin Dahyabhai <nalin@redhat.com>
578 - call setcred() again after initgroups, because the "creds" could actually
581 * Tue Mar 20 2001 Nalin Dahyabhai <nalin@redhat.com>
582 - update to 2.5.2p1 (includes endianness fixes in the rijndael implementation)
583 - don't enable challenge-response by default until we find a way to not
584 have too many userauth requests (we may make up to six pubkey and up to
585 three password attempts as it is)
586 - remove build dependency on rsh to match openssh.com's packages more closely
588 * Sat Mar 3 2001 Nalin Dahyabhai <nalin@redhat.com>
589 - remove dependency on openssl -- would need to be too precise
591 * Fri Mar 2 2001 Nalin Dahyabhai <nalin@redhat.com>
592 - rebuild in new environment
594 * Mon Feb 26 2001 Nalin Dahyabhai <nalin@redhat.com>
595 - Revert the patch to move pam_open_session.
596 - Init script and spec file changes from Pekka Savola. (#28750)
597 - Patch sftp to recognize '-o protocol' arguments. (#29540)
599 * Thu Feb 22 2001 Nalin Dahyabhai <nalin@redhat.com>
600 - Chuck the closing patch.
601 - Add a trigger to add host keys for protocol 2 to the config file, now that
602 configuration file syntax requires us to specify it with HostKey if we
603 specify any other HostKey values, which we do.
605 * Tue Feb 20 2001 Nalin Dahyabhai <nalin@redhat.com>
606 - Redo patch to move pam_open_session after the server setuid()s to the user.
607 - Rework the nopam patch to use be picked up by autoconf.
609 * Mon Feb 19 2001 Nalin Dahyabhai <nalin@redhat.com>
610 - Update for 2.5.1p1.
611 - Add init script mods from Pekka Savola.
612 - Tweak the init script to match the CVS contrib script more closely.
613 - Redo patch to ssh-add to try to adding both identity and id_dsa to also try
616 * Fri Feb 16 2001 Nalin Dahyabhai <nalin@redhat.com>
617 - Update for 2.5.0p1.
618 - Use $RPM_OPT_FLAGS instead of -O when building gnome-ssh-askpass
619 - Resync with parts of Damien Miller's openssh.spec from CVS, including
620 update of x11 askpass to 1.2.0.
621 - Only require openssl (don't prereq) because we generate keys in the init
624 * Tue Feb 13 2001 Nalin Dahyabhai <nalin@redhat.com>
625 - Don't open a PAM session until we've forked and become the user (#25690).
626 - Apply Andrew Bartlett's patch for letting pam_authenticate() know which
627 host the user is attempting a login from.
628 - Resync with parts of Damien Miller's openssh.spec from CVS.
629 - Don't expose KbdInt responses in debug messages (from CVS).
630 - Detect and handle errors in rsa_{public,private}_decrypt (from CVS).
632 * Wed Feb 7 2001 Trond Eivind Glomsrxd <teg@redhat.com>
633 - i18n-tweak to initscript.
635 * Tue Jan 23 2001 Nalin Dahyabhai <nalin@redhat.com>
637 - Close all files after going into daemon mode (needs more testing).
638 - Extract patch from CVS to handle auth banners (in the client).
639 - Extract patch from CVS to handle compat weirdness.
641 * Fri Jan 19 2001 Nalin Dahyabhai <nalin@redhat.com>
642 - Finish with the gettextizing.
644 * Thu Jan 18 2001 Nalin Dahyabhai <nalin@redhat.com>
645 - Fix a bug in auth2-pam.c (#23877)
646 - Gettextize the init script.
648 * Wed Dec 20 2000 Nalin Dahyabhai <nalin@redhat.com>
649 - Incorporate a switch for using PAM configs for 6.x, just in case.
651 * Tue Dec 5 2000 Nalin Dahyabhai <nalin@redhat.com>
652 - Incorporate Bero's changes for a build specifically for rescue CDs.
654 * Wed Nov 29 2000 Nalin Dahyabhai <nalin@redhat.com>
655 - Don't treat pam_setcred() failure as fatal unless pam_authenticate() has
656 succeeded, to allow public-key authentication after a failure with "none"
657 authentication. (#21268)
659 * Tue Nov 28 2000 Nalin Dahyabhai <nalin@redhat.com>
660 - Update to x11-askpass 1.1.1. (#21301)
661 - Don't second-guess fixpaths, which causes paths to get fixed twice. (#21290)
663 * Mon Nov 27 2000 Nalin Dahyabhai <nalin@redhat.com>
664 - Merge multiple PAM text messages into subsequent prompts when possible when
665 doing keyboard-interactive authentication.
667 * Sun Nov 26 2000 Nalin Dahyabhai <nalin@redhat.com>
668 - Disable the built-in MD5 password support. We're using PAM.
669 - Take a crack at doing keyboard-interactive authentication with PAM, and
670 enable use of it in the default client configuration so that the client
671 will try it when the server disallows password authentication.
672 - Build with debugging flags. Build root policies strip all binaries anyway.
674 * Tue Nov 21 2000 Nalin Dahyabhai <nalin@redhat.com>
675 - Use DESTDIR instead of %%makeinstall.
676 - Remove /usr/X11R6/bin from the path-fixing patch.
678 * Mon Nov 20 2000 Nalin Dahyabhai <nalin@redhat.com>
679 - Add the primes file from the latest snapshot to the main package (#20884).
680 - Add the dev package to the prereq list (#19984).
681 - Remove the default path and mimic login's behavior in the server itself.
683 * Fri Nov 17 2000 Nalin Dahyabhai <nalin@redhat.com>
684 - Resync with conditional options in Damien Miller's .spec file for an errata.
685 - Change libexecdir from %%{_libexecdir}/ssh to %%{_libexecdir}/openssh.
687 * Tue Nov 7 2000 Nalin Dahyabhai <nalin@redhat.com>
688 - Update to OpenSSH 2.3.0p1.
689 - Update to x11-askpass 1.1.0.
690 - Enable keyboard-interactive authentication.
692 * Mon Oct 30 2000 Nalin Dahyabhai <nalin@redhat.com>
693 - Update to ssh-askpass-x11 1.0.3.
694 - Change authentication related messages to be private (#19966).
696 * Tue Oct 10 2000 Nalin Dahyabhai <nalin@redhat.com>
697 - Patch ssh-keygen to be able to list signatures for DSA public key files
700 * Thu Oct 5 2000 Nalin Dahyabhai <nalin@redhat.com>
701 - Add BuildPreReq on /usr/include/security/pam_appl.h to be sure we always
702 build PAM authentication in.
703 - Try setting SSH_ASKPASS if gnome-ssh-askpass is installed.
704 - Clean out no-longer-used patches.
705 - Patch ssh-add to try to add both identity and id_dsa, and to error only
708 * Mon Oct 2 2000 Nalin Dahyabhai <nalin@redhat.com>
709 - Update x11-askpass to 1.0.2. (#17835)
710 - Add BuildPreReqs for /bin/login and /usr/bin/rsh so that configure will
711 always find them in the right place. (#17909)
712 - Set the default path to be the same as the one supplied by /bin/login, but
713 add /usr/X11R6/bin. (#17909)
714 - Try to handle obsoletion of ssh-server more cleanly. Package names
715 are different, but init script name isn't. (#17865)
717 * Wed Sep 6 2000 Nalin Dahyabhai <nalin@redhat.com>
718 - Update to 2.2.0p1. (#17835)
719 - Tweak the init script to allow proper restarting. (#18023)
721 * Wed Aug 23 2000 Nalin Dahyabhai <nalin@redhat.com>
722 - Update to 20000823 snapshot.
723 - Change subpackage requirements from %%{version} to %%{version}-%%{release}
724 - Back out the pipe patch.
726 * Mon Jul 17 2000 Nalin Dahyabhai <nalin@redhat.com>
727 - Update to 2.1.1p4, which includes fixes for config file parsing problems.
728 - Move the init script back.
729 - Add Damien's quick fix for wackiness.
731 * Wed Jul 12 2000 Nalin Dahyabhai <nalin@redhat.com>
732 - Update to 2.1.1p3, which includes fixes for X11 forwarding and strtok().
734 * Thu Jul 6 2000 Nalin Dahyabhai <nalin@redhat.com>
735 - Move condrestart to server postun.
736 - Move key generation to init script.
737 - Actually use the right patch for moving the key generation to the init script.
738 - Clean up the init script a bit.
740 * Wed Jul 5 2000 Nalin Dahyabhai <nalin@redhat.com>
741 - Fix X11 forwarding, from mail post by Chan Shih-Ping Richard.
743 * Sun Jul 2 2000 Nalin Dahyabhai <nalin@redhat.com>
745 - Use of strtok() considered harmful.
747 * Sat Jul 1 2000 Nalin Dahyabhai <nalin@redhat.com>
748 - Get the build root out of the man pages.
750 * Thu Jun 29 2000 Nalin Dahyabhai <nalin@redhat.com>
751 - Add and use condrestart support in the init script.
752 - Add newer initscripts as a prereq.
754 * Tue Jun 27 2000 Nalin Dahyabhai <nalin@redhat.com>
755 - Build in new environment (release 2)
756 - Move -clients subpackage to Applications/Internet group
758 * Fri Jun 9 2000 Nalin Dahyabhai <nalin@redhat.com>
761 * Sat Jun 3 2000 Nalin Dahyabhai <nalin@redhat.com>
762 - Patch to build with neither RSA nor RSAref.
763 - Miscellaneous FHS-compliance tweaks.
764 - Fix for possibly-compressed man pages.
766 * Wed Mar 15 2000 Damien Miller <djm@ibs.com.au>
767 - Updated for new location
768 - Updated for new gnome-ssh-askpass build
770 * Sun Dec 26 1999 Damien Miller <djm@mindrot.org>
771 - Added Jim Knoble's <jmknoble@pobox.com> askpass
773 * Mon Nov 15 1999 Damien Miller <djm@mindrot.org>
774 - Split subpackages further based on patch from jim knoble <jmknoble@pobox.com>
776 * Sat Nov 13 1999 Damien Miller <djm@mindrot.org>
777 - Added 'Obsoletes' directives
779 * Tue Nov 09 1999 Damien Miller <djm@ibs.com.au>
783 * Mon Nov 08 1999 Damien Miller <djm@ibs.com.au>
784 - Added links for slogin
785 - Fixed perms on manpages
787 * Sat Oct 30 1999 Damien Miller <djm@ibs.com.au>
788 - Renamed init script
790 * Fri Oct 29 1999 Damien Miller <djm@ibs.com.au>
791 - Back to old binary names
793 * Thu Oct 28 1999 Damien Miller <djm@ibs.com.au>
797 * Wed Oct 27 1999 Damien Miller <djm@ibs.com.au>
798 - Initial RPMification, based on Jan "Yenya" Kasprzak's <kas@fi.muni.cz> spec.