4 # OpenSSH privilege separation requires a user & group ID
8 # Version of ssh-askpass
9 %define aversion 1.2.4.1
11 # Do we want to disable building of x11-askpass? (1=yes 0=no)
12 %define no_x11_askpass 0
14 # Do we want to disable building of gnome-askpass? (1=yes 0=no)
15 %define no_gnome_askpass 0
17 # Do we want to link against a static libcrypto? (1=yes 0=no)
18 %define static_libcrypto 0
20 # Do we want smartcard support (1=yes 0=no)
23 # Use GTK2 instead of GNOME in gnome-ssh-askpass
26 # Is this build for RHL 6.x?
29 # Do we want kerberos5 support (1=yes 0=no)
32 # Reserve options to override askpass settings with:
33 # rpm -ba|--rebuild --define 'skip_xxx 1'
34 %{?skip_x11_askpass:%define no_x11_askpass 1}
35 %{?skip_gnome_askpass:%define no_gnome_askpass 1}
37 # Add option to build without GTK2 for older platforms with only GTK+.
38 # RedHat <= 7.2 and Red Hat Advanced Server 2.1 are examples.
39 # rpm -ba|--rebuild --define 'no_gtk2 1'
40 %{?no_gtk2:%define gtk2 0}
42 # Is this a build for RHL 6.x or earlier?
43 %{?build_6x:%define build6x 1}
45 # If this is RHL 6.x, the default configuration has sysconfdir in /usr/etc.
47 %define _sysconfdir /etc
50 # Options for static OpenSSL link:
51 # rpm -ba|--rebuild --define "static_openssl 1"
52 %{?static_openssl:%define static_libcrypto 1}
54 # Options for Smartcard support: (needs libsectok and openssl-engine)
55 # rpm -ba|--rebuild --define "smartcard 1"
56 %{?smartcard:%define scard 1}
58 # Is this a build for the rescue CD (without PAM, with MD5)? (1=yes 0=no)
60 %{?build_rescue:%define rescue 1}
62 # Turn off some stuff for resuce builds
67 Summary: The OpenSSH implementation of SSH protocol versions 1 and 2.
75 URL: http://www.openssh.com/portable.html
76 Source0: ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-%{version}.tar.gz
77 Source1: http://www.pobox.com/~jmknoble/software/x11-ssh-askpass/x11-ssh-askpass-%{aversion}.tar.gz
79 Group: Applications/Internet
80 BuildRoot: %{_tmppath}/%{name}-%{version}-buildroot
83 PreReq: initscripts >= 5.00
85 PreReq: initscripts >= 5.20
87 BuildPreReq: perl, openssl-devel, tcp_wrappers
88 BuildPreReq: /bin/login
90 BuildPreReq: glibc-devel, pam
92 BuildPreReq: /usr/include/security/pam_appl.h
94 %if ! %{no_x11_askpass}
95 BuildPreReq: XFree86-devel
97 %if ! %{no_gnome_askpass}
98 BuildPreReq: pkgconfig
101 BuildPreReq: krb5-devel
102 BuildPreReq: krb5-libs
106 Summary: OpenSSH clients.
107 Requires: openssh = %{version}-%{release}
108 Group: Applications/Internet
109 Obsoletes: ssh-clients
112 Summary: The OpenSSH server daemon.
113 Group: System Environment/Daemons
114 Obsoletes: ssh-server
115 PreReq: openssh = %{version}-%{release}, chkconfig >= 0.9
117 Requires: /etc/pam.d/system-auth
121 Summary: A passphrase dialog for OpenSSH and X.
122 Group: Applications/Internet
123 Requires: openssh = %{version}-%{release}
124 Obsoletes: ssh-extras
126 %package askpass-gnome
127 Summary: A passphrase dialog for OpenSSH, X, and GNOME.
128 Group: Applications/Internet
129 Requires: openssh = %{version}-%{release}
130 Obsoletes: ssh-extras
133 SSH (Secure SHell) is a program for logging into and executing
134 commands on a remote machine. SSH is intended to replace rlogin and
135 rsh, and to provide secure encrypted communications between two
136 untrusted hosts over an insecure network. X11 connections and
137 arbitrary TCP/IP ports can also be forwarded over the secure channel.
139 OpenSSH is OpenBSD's version of the last free version of SSH, bringing
140 it up to date in terms of security and features, as well as removing
141 all patented algorithms to separate libraries.
143 This package includes the core files necessary for both the OpenSSH
144 client and server. To make this package useful, you should also
145 install openssh-clients, openssh-server, or both.
148 OpenSSH is a free version of SSH (Secure SHell), a program for logging
149 into and executing commands on a remote machine. This package includes
150 the clients necessary to make encrypted connections to SSH servers.
151 You'll also need to install the openssh package on OpenSSH clients.
154 OpenSSH is a free version of SSH (Secure SHell), a program for logging
155 into and executing commands on a remote machine. This package contains
156 the secure shell daemon (sshd). The sshd daemon allows SSH clients to
157 securely connect to your SSH server. You also need to have the openssh
161 OpenSSH is a free version of SSH (Secure SHell), a program for logging
162 into and executing commands on a remote machine. This package contains
163 an X11 passphrase dialog for OpenSSH.
165 %description askpass-gnome
166 OpenSSH is a free version of SSH (Secure SHell), a program for logging
167 into and executing commands on a remote machine. This package contains
168 an X11 passphrase dialog for OpenSSH and the GNOME GUI desktop
173 %if ! %{no_x11_askpass}
181 CFLAGS="$RPM_OPT_FLAGS -Os"; export CFLAGS
185 --sysconfdir=%{_sysconfdir}/ssh \
186 --libexecdir=%{_libexecdir}/openssh \
187 --datadir=%{_datadir}/openssh \
188 --with-tcp-wrappers \
189 --with-rsh=%{_bindir}/rsh \
190 --with-default-path=/usr/local/bin:/bin:/usr/bin \
191 --with-superuser-path=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin \
192 --with-privsep-path=%{_var}/empty/sshd \
193 --with-md5-passwords \
203 --with-kerberos5=/usr/kerberos \
207 %if %{static_libcrypto}
208 perl -pi -e "s|-lcrypto|%{_libdir}/libcrypto.a|g" Makefile
213 %if ! %{no_x11_askpass}
214 pushd x11-ssh-askpass-%{aversion}
215 %configure --libexecdir=%{_libexecdir}/openssh
221 # Define a variable to toggle gnome1/gtk2 building. This is necessary
222 # because RPM doesn't handle nested %if statements.
229 %if ! %{no_gnome_askpass}
231 if [ $gtk2 = yes ] ; then
232 make gnome-ssh-askpass2
233 mv gnome-ssh-askpass2 gnome-ssh-askpass
235 make gnome-ssh-askpass1
236 mv gnome-ssh-askpass1 gnome-ssh-askpass
242 rm -rf $RPM_BUILD_ROOT
243 mkdir -p -m755 $RPM_BUILD_ROOT%{_sysconfdir}/ssh
244 mkdir -p -m755 $RPM_BUILD_ROOT%{_libexecdir}/openssh
245 mkdir -p -m755 $RPM_BUILD_ROOT%{_var}/empty/sshd
247 make install DESTDIR=$RPM_BUILD_ROOT
249 install -d $RPM_BUILD_ROOT/etc/pam.d/
250 install -d $RPM_BUILD_ROOT/etc/rc.d/init.d
251 install -d $RPM_BUILD_ROOT%{_libexecdir}/openssh
253 install -m644 contrib/redhat/sshd.pam.old $RPM_BUILD_ROOT/etc/pam.d/sshd
255 install -m644 contrib/redhat/sshd.pam $RPM_BUILD_ROOT/etc/pam.d/sshd
257 install -m755 contrib/redhat/sshd.init $RPM_BUILD_ROOT/etc/rc.d/init.d/sshd
259 %if ! %{no_x11_askpass}
260 install -s x11-ssh-askpass-%{aversion}/x11-ssh-askpass $RPM_BUILD_ROOT%{_libexecdir}/openssh/x11-ssh-askpass
261 ln -s x11-ssh-askpass $RPM_BUILD_ROOT%{_libexecdir}/openssh/ssh-askpass
264 %if ! %{no_gnome_askpass}
265 install -s contrib/gnome-ssh-askpass $RPM_BUILD_ROOT%{_libexecdir}/openssh/gnome-ssh-askpass
269 rm -f $RPM_BUILD_ROOT/usr/share/openssh/Ssh.bin
272 %if ! %{no_gnome_askpass}
273 install -m 755 -d $RPM_BUILD_ROOT%{_sysconfdir}/profile.d/
274 install -m 755 contrib/redhat/gnome-ssh-askpass.csh $RPM_BUILD_ROOT%{_sysconfdir}/profile.d/
275 install -m 755 contrib/redhat/gnome-ssh-askpass.sh $RPM_BUILD_ROOT%{_sysconfdir}/profile.d/
278 perl -pi -e "s|$RPM_BUILD_ROOT||g" $RPM_BUILD_ROOT%{_mandir}/man*/*
281 rm -rf $RPM_BUILD_ROOT
283 %triggerun server -- ssh-server
284 if [ "$1" != 0 -a -r /var/run/sshd.pid ] ; then
285 touch /var/run/sshd.restart
288 %triggerun server -- openssh-server < 2.5.0p1
289 # Count the number of HostKey and HostDsaKey statements we have.
290 gawk 'BEGIN {IGNORECASE=1}
291 /^hostkey/ || /^hostdsakey/ {sawhostkey = sawhostkey + 1}
292 END {exit sawhostkey}' /etc/ssh/sshd_config
293 # And if we only found one, we know the client was relying on the old default
294 # behavior, which loaded the the SSH2 DSA host key when HostDsaKey wasn't
295 # specified. Now that HostKey is used for both SSH1 and SSH2 keys, specifying
296 # one nullifies the default, which would have loaded both.
297 if [ $? -eq 1 ] ; then
298 echo HostKey /etc/ssh/ssh_host_rsa_key >> /etc/ssh/sshd_config
299 echo HostKey /etc/ssh/ssh_host_dsa_key >> /etc/ssh/sshd_config
302 %triggerpostun server -- ssh-server
303 if [ "$1" != 0 ] ; then
304 /sbin/chkconfig --add sshd
305 if test -f /var/run/sshd.restart ; then
306 rm -f /var/run/sshd.restart
307 /sbin/service sshd start > /dev/null 2>&1 || :
312 %{_sbindir}/groupadd -r -g %{sshd_gid} sshd 2>/dev/null || :
313 %{_sbindir}/useradd -d /var/empty/sshd -s /bin/false -u %{sshd_uid} \
314 -g sshd -M -r sshd 2>/dev/null || :
317 /sbin/chkconfig --add sshd
320 /sbin/service sshd condrestart > /dev/null 2>&1 || :
325 /sbin/service sshd stop > /dev/null 2>&1 || :
326 /sbin/chkconfig --del sshd
330 %defattr(-,root,root)
331 %doc CREDITS ChangeLog INSTALL LICENCE OVERVIEW README* RFC* TODO WARNING*
332 %attr(0755,root,root) %{_bindir}/scp
333 %attr(0644,root,root) %{_mandir}/man1/scp.1*
334 %attr(0755,root,root) %dir %{_sysconfdir}/ssh
335 %attr(0600,root,root) %config(noreplace) %{_sysconfdir}/ssh/moduli
337 %attr(0755,root,root) %{_bindir}/ssh-keygen
338 %attr(0644,root,root) %{_mandir}/man1/ssh-keygen.1*
339 %attr(0755,root,root) %dir %{_libexecdir}/openssh
340 %attr(4711,root,root) %{_libexecdir}/openssh/ssh-keysign
341 %attr(0644,root,root) %{_mandir}/man8/ssh-keysign.8*
344 %attr(0755,root,root) %dir %{_datadir}/openssh
345 %attr(0644,root,root) %{_datadir}/openssh/Ssh.bin
349 %defattr(-,root,root)
350 %attr(0755,root,root) %{_bindir}/ssh
351 %attr(0644,root,root) %{_mandir}/man1/ssh.1*
352 %attr(0644,root,root) %{_mandir}/man5/ssh_config.5*
353 %attr(0644,root,root) %config(noreplace) %{_sysconfdir}/ssh/ssh_config
354 %attr(-,root,root) %{_bindir}/slogin
355 %attr(-,root,root) %{_mandir}/man1/slogin.1*
357 %attr(2755,root,nobody) %{_bindir}/ssh-agent
358 %attr(0755,root,root) %{_bindir}/ssh-add
359 %attr(0755,root,root) %{_bindir}/ssh-keyscan
360 %attr(0755,root,root) %{_bindir}/sftp
361 %attr(0644,root,root) %{_mandir}/man1/ssh-agent.1*
362 %attr(0644,root,root) %{_mandir}/man1/ssh-add.1*
363 %attr(0644,root,root) %{_mandir}/man1/ssh-keyscan.1*
364 %attr(0644,root,root) %{_mandir}/man1/sftp.1*
369 %defattr(-,root,root)
370 %dir %attr(0111,root,root) %{_var}/empty/sshd
371 %attr(0755,root,root) %{_sbindir}/sshd
372 %attr(0755,root,root) %{_libexecdir}/openssh/sftp-server
373 %attr(0644,root,root) %{_mandir}/man8/sshd.8*
374 %attr(0644,root,root) %{_mandir}/man5/sshd_config.5*
375 %attr(0644,root,root) %{_mandir}/man8/sftp-server.8*
376 %attr(0755,root,root) %dir %{_sysconfdir}/ssh
377 %attr(0600,root,root) %config(noreplace) %{_sysconfdir}/ssh/sshd_config
378 %attr(0600,root,root) %config(noreplace) /etc/pam.d/sshd
379 %attr(0755,root,root) %config /etc/rc.d/init.d/sshd
382 %if ! %{no_x11_askpass}
384 %defattr(-,root,root)
385 %doc x11-ssh-askpass-%{aversion}/README
386 %doc x11-ssh-askpass-%{aversion}/ChangeLog
387 %doc x11-ssh-askpass-%{aversion}/SshAskpass*.ad
388 %attr(0755,root,root) %{_libexecdir}/openssh/ssh-askpass
389 %attr(0755,root,root) %{_libexecdir}/openssh/x11-ssh-askpass
392 %if ! %{no_gnome_askpass}
394 %defattr(-,root,root)
395 %attr(0755,root,root) %config %{_sysconfdir}/profile.d/gnome-ssh-askpass.*
396 %attr(0755,root,root) %{_libexecdir}/openssh/gnome-ssh-askpass
400 * Mon Jun 2 2003 Damien Miller <djm@mindrot.org>
401 - Remove noip6 option. This may be controlled at run-time in client config
402 file using new AddressFamily directive
404 * Mon May 12 2003 Damien Miller <djm@mindrot.org>
405 - Don't install profile.d scripts when not building with GNOME/GTK askpass
406 (patch from bet@rahul.net)
408 * Wed Oct 01 2002 Damien Miller <djm@mindrot.org>
409 - Install ssh-agent setgid nobody to prevent ptrace() key theft attacks
411 * Mon Sep 30 2002 Damien Miller <djm@mindrot.org>
412 - Use contrib/ Makefile for building askpass programs
414 * Fri Jun 21 2002 Damien Miller <djm@mindrot.org>
415 - Merge in spec changes from seba@iq.pl (Sebastian Pachuta)
416 - Add new {ssh,sshd}_config.5 manpages
417 - Add new ssh-keysign program and remove setuid from ssh client
419 * Fri May 10 2002 Damien Miller <djm@mindrot.org>
420 - Merge in spec changes from RedHat, reorgansie a little
421 - Add Privsep user, group and directory
423 * Thu Mar 7 2002 Nalin Dahyabhai <nalin@redhat.com> 3.1p1-2
424 - bump and grind (through the build system)
426 * Thu Mar 7 2002 Nalin Dahyabhai <nalin@redhat.com> 3.1p1-1
427 - require sharutils for building (mindrot #137)
428 - require db1-devel only when building for 6.x (#55105), which probably won't
429 work anyway (3.1 requires OpenSSL 0.9.6 to build), but what the heck
430 - require pam-devel by file (not by package name) again
431 - add Markus's patch to compile with OpenSSL 0.9.5a (from
432 http://bugzilla.mindrot.org/show_bug.cgi?id=141) and apply it if we're
435 * Thu Mar 7 2002 Nalin Dahyabhai <nalin@redhat.com> 3.1p1-0
438 * Tue Mar 5 2002 Nalin Dahyabhai <nalin@redhat.com> SNAP-20020305
439 - update to SNAP-20020305
440 - drop debug patch, fixed upstream
442 * Wed Feb 20 2002 Nalin Dahyabhai <nalin@redhat.com> SNAP-20020220
443 - update to SNAP-20020220 for testing purposes (you've been warned, if there's
444 anything to be warned about, gss patches won't apply, I don't mind)
446 * Wed Feb 13 2002 Nalin Dahyabhai <nalin@redhat.com> 3.0.2p1-3
447 - add patches from Simon Wilkinson and Nicolas Williams for GSSAPI key
448 exchange, authentication, and named key support
450 * Wed Jan 23 2002 Nalin Dahyabhai <nalin@redhat.com> 3.0.2p1-2
451 - remove dependency on db1-devel, which has just been swallowed up whole
454 * Sun Dec 29 2001 Nalin Dahyabhai <nalin@redhat.com>
455 - adjust build dependencies so that build6x actually works right (fix
456 from Hugo van der Kooij)
458 * Tue Dec 4 2001 Nalin Dahyabhai <nalin@redhat.com> 3.0.2p1-1
461 * Fri Nov 16 2001 Nalin Dahyabhai <nalin@redhat.com> 3.0.1p1-1
464 * Tue Nov 13 2001 Nalin Dahyabhai <nalin@redhat.com>
465 - update to current CVS (not for use in distribution)
467 * Thu Nov 8 2001 Nalin Dahyabhai <nalin@redhat.com> 3.0p1-1
468 - merge some of Damien Miller <djm@mindrot.org> changes from the upstream
469 3.0p1 spec file and init script
471 * Wed Nov 7 2001 Nalin Dahyabhai <nalin@redhat.com>
473 - update to x11-ssh-askpass 1.2.4.1
474 - change build dependency on a file from pam-devel to the pam-devel package
475 - replace primes with moduli
477 * Thu Sep 27 2001 Nalin Dahyabhai <nalin@redhat.com> 2.9p2-9
478 - incorporate fix from Markus Friedl's advisory for IP-based authorization bugs
480 * Thu Sep 13 2001 Bernhard Rosenkraenzer <bero@redhat.com> 2.9p2-8
481 - Merge changes to rescue build from current sysadmin survival cd
483 * Thu Sep 6 2001 Nalin Dahyabhai <nalin@redhat.com> 2.9p2-7
484 - fix scp's server's reporting of file sizes, and build with the proper
485 preprocessor define to get large-file capable open(), stat(), etc.
486 (sftp has been doing this correctly all along) (#51827)
487 - configure without --with-ipv4-default on RHL 7.x and newer (#45987,#52247)
488 - pull cvs patch to fix support for /etc/nologin for non-PAM logins (#47298)
489 - mark profile.d scriptlets as config files (#42337)
490 - refer to Jason Stone's mail for zsh workaround for exit-hanging quasi-bug
491 - change a couple of log() statements to debug() statements (#50751)
492 - pull cvs patch to add -t flag to sshd (#28611)
493 - clear fd_sets correctly (one bit per FD, not one byte per FD) (#43221)
495 * Mon Aug 20 2001 Nalin Dahyabhai <nalin@redhat.com> 2.9p2-6
496 - add db1-devel as a BuildPrerequisite (noted by Hans Ecke)
498 * Thu Aug 16 2001 Nalin Dahyabhai <nalin@redhat.com>
499 - pull cvs patch to fix remote port forwarding with protocol 2
501 * Thu Aug 9 2001 Nalin Dahyabhai <nalin@redhat.com>
502 - pull cvs patch to add session initialization to no-pty sessions
503 - pull cvs patch to not cut off challengeresponse auth needlessly
504 - refuse to do X11 forwarding if xauth isn't there, handy if you enable
505 it by default on a system that doesn't have X installed (#49263)
507 * Wed Aug 8 2001 Nalin Dahyabhai <nalin@redhat.com>
508 - don't apply patches to code we don't intend to build (spotted by Matt Galgoci)
510 * Mon Aug 6 2001 Nalin Dahyabhai <nalin@redhat.com>
511 - pass OPTIONS correctly to initlog (#50151)
513 * Wed Jul 25 2001 Nalin Dahyabhai <nalin@redhat.com>
514 - switch to x11-ssh-askpass 1.2.2
516 * Wed Jul 11 2001 Nalin Dahyabhai <nalin@redhat.com>
517 - rebuild in new environment
519 * Mon Jun 25 2001 Nalin Dahyabhai <nalin@redhat.com>
520 - disable the gssapi patch
522 * Mon Jun 18 2001 Nalin Dahyabhai <nalin@redhat.com>
524 - refresh to a new version of the gssapi patch
526 * Thu Jun 7 2001 Nalin Dahyabhai <nalin@redhat.com>
527 - change Copyright: BSD to License: BSD
528 - add Markus Friedl's unverified patch for the cookie file deletion problem
529 so that we can verify it
530 - drop patch to check if xauth is present (was folded into cookie patch)
531 - don't apply gssapi patches for the errata candidate
532 - clear supplemental groups list at startup
534 * Fri May 25 2001 Nalin Dahyabhai <nalin@redhat.com>
535 - fix an error parsing the new default sshd_config
536 - add a fix from Markus Friedl (via openssh-unix-dev) for ssh-keygen not
537 dealing with comments right
539 * Thu May 24 2001 Nalin Dahyabhai <nalin@redhat.com>
540 - add in Simon Wilkinson's GSSAPI patch to give it some testing in-house,
541 to be removed before the next beta cycle because it's a big departure
542 from the upstream version
544 * Thu May 3 2001 Nalin Dahyabhai <nalin@redhat.com>
545 - finish marking strings in the init script for translation
546 - modify init script to source /etc/sysconfig/sshd and pass $OPTIONS to sshd
547 at startup (change merged from openssh.com init script, originally by
549 - refuse to do X11 forwarding if xauth isn't there, handy if you enable
550 it by default on a system that doesn't have X installed
552 * Wed May 2 2001 Nalin Dahyabhai <nalin@redhat.com>
554 - drop various patches that came from or went upstream or to or from CVS
556 * Wed Apr 18 2001 Nalin Dahyabhai <nalin@redhat.com>
557 - only require initscripts 5.00 on 6.2 (reported by Peter Bieringer)
559 * Sun Apr 8 2001 Preston Brown <pbrown@redhat.com>
560 - remove explicit openssl requirement, fixes builddistro issue
561 - make initscript stop() function wait until sshd really dead to avoid
564 * Mon Apr 2 2001 Nalin Dahyabhai <nalin@redhat.com>
565 - mention that challengereponse supports PAM, so disabling password doesn't
566 limit users to pubkey and rsa auth (#34378)
567 - bypass the daemon() function in the init script and call initlog directly,
568 because daemon() won't start a daemon it detects is already running (like
570 - require the version of openssl we had when we were built
572 * Fri Mar 23 2001 Nalin Dahyabhai <nalin@redhat.com>
573 - make do_pam_setcred() smart enough to know when to establish creds and
574 when to reinitialize them
575 - add in a couple of other fixes from Damien for inclusion in the errata
577 * Thu Mar 22 2001 Nalin Dahyabhai <nalin@redhat.com>
579 - call setcred() again after initgroups, because the "creds" could actually
582 * Tue Mar 20 2001 Nalin Dahyabhai <nalin@redhat.com>
583 - update to 2.5.2p1 (includes endianness fixes in the rijndael implementation)
584 - don't enable challenge-response by default until we find a way to not
585 have too many userauth requests (we may make up to six pubkey and up to
586 three password attempts as it is)
587 - remove build dependency on rsh to match openssh.com's packages more closely
589 * Sat Mar 3 2001 Nalin Dahyabhai <nalin@redhat.com>
590 - remove dependency on openssl -- would need to be too precise
592 * Fri Mar 2 2001 Nalin Dahyabhai <nalin@redhat.com>
593 - rebuild in new environment
595 * Mon Feb 26 2001 Nalin Dahyabhai <nalin@redhat.com>
596 - Revert the patch to move pam_open_session.
597 - Init script and spec file changes from Pekka Savola. (#28750)
598 - Patch sftp to recognize '-o protocol' arguments. (#29540)
600 * Thu Feb 22 2001 Nalin Dahyabhai <nalin@redhat.com>
601 - Chuck the closing patch.
602 - Add a trigger to add host keys for protocol 2 to the config file, now that
603 configuration file syntax requires us to specify it with HostKey if we
604 specify any other HostKey values, which we do.
606 * Tue Feb 20 2001 Nalin Dahyabhai <nalin@redhat.com>
607 - Redo patch to move pam_open_session after the server setuid()s to the user.
608 - Rework the nopam patch to use be picked up by autoconf.
610 * Mon Feb 19 2001 Nalin Dahyabhai <nalin@redhat.com>
611 - Update for 2.5.1p1.
612 - Add init script mods from Pekka Savola.
613 - Tweak the init script to match the CVS contrib script more closely.
614 - Redo patch to ssh-add to try to adding both identity and id_dsa to also try
617 * Fri Feb 16 2001 Nalin Dahyabhai <nalin@redhat.com>
618 - Update for 2.5.0p1.
619 - Use $RPM_OPT_FLAGS instead of -O when building gnome-ssh-askpass
620 - Resync with parts of Damien Miller's openssh.spec from CVS, including
621 update of x11 askpass to 1.2.0.
622 - Only require openssl (don't prereq) because we generate keys in the init
625 * Tue Feb 13 2001 Nalin Dahyabhai <nalin@redhat.com>
626 - Don't open a PAM session until we've forked and become the user (#25690).
627 - Apply Andrew Bartlett's patch for letting pam_authenticate() know which
628 host the user is attempting a login from.
629 - Resync with parts of Damien Miller's openssh.spec from CVS.
630 - Don't expose KbdInt responses in debug messages (from CVS).
631 - Detect and handle errors in rsa_{public,private}_decrypt (from CVS).
633 * Wed Feb 7 2001 Trond Eivind Glomsrxd <teg@redhat.com>
634 - i18n-tweak to initscript.
636 * Tue Jan 23 2001 Nalin Dahyabhai <nalin@redhat.com>
638 - Close all files after going into daemon mode (needs more testing).
639 - Extract patch from CVS to handle auth banners (in the client).
640 - Extract patch from CVS to handle compat weirdness.
642 * Fri Jan 19 2001 Nalin Dahyabhai <nalin@redhat.com>
643 - Finish with the gettextizing.
645 * Thu Jan 18 2001 Nalin Dahyabhai <nalin@redhat.com>
646 - Fix a bug in auth2-pam.c (#23877)
647 - Gettextize the init script.
649 * Wed Dec 20 2000 Nalin Dahyabhai <nalin@redhat.com>
650 - Incorporate a switch for using PAM configs for 6.x, just in case.
652 * Tue Dec 5 2000 Nalin Dahyabhai <nalin@redhat.com>
653 - Incorporate Bero's changes for a build specifically for rescue CDs.
655 * Wed Nov 29 2000 Nalin Dahyabhai <nalin@redhat.com>
656 - Don't treat pam_setcred() failure as fatal unless pam_authenticate() has
657 succeeded, to allow public-key authentication after a failure with "none"
658 authentication. (#21268)
660 * Tue Nov 28 2000 Nalin Dahyabhai <nalin@redhat.com>
661 - Update to x11-askpass 1.1.1. (#21301)
662 - Don't second-guess fixpaths, which causes paths to get fixed twice. (#21290)
664 * Mon Nov 27 2000 Nalin Dahyabhai <nalin@redhat.com>
665 - Merge multiple PAM text messages into subsequent prompts when possible when
666 doing keyboard-interactive authentication.
668 * Sun Nov 26 2000 Nalin Dahyabhai <nalin@redhat.com>
669 - Disable the built-in MD5 password support. We're using PAM.
670 - Take a crack at doing keyboard-interactive authentication with PAM, and
671 enable use of it in the default client configuration so that the client
672 will try it when the server disallows password authentication.
673 - Build with debugging flags. Build root policies strip all binaries anyway.
675 * Tue Nov 21 2000 Nalin Dahyabhai <nalin@redhat.com>
676 - Use DESTDIR instead of %%makeinstall.
677 - Remove /usr/X11R6/bin from the path-fixing patch.
679 * Mon Nov 20 2000 Nalin Dahyabhai <nalin@redhat.com>
680 - Add the primes file from the latest snapshot to the main package (#20884).
681 - Add the dev package to the prereq list (#19984).
682 - Remove the default path and mimic login's behavior in the server itself.
684 * Fri Nov 17 2000 Nalin Dahyabhai <nalin@redhat.com>
685 - Resync with conditional options in Damien Miller's .spec file for an errata.
686 - Change libexecdir from %%{_libexecdir}/ssh to %%{_libexecdir}/openssh.
688 * Tue Nov 7 2000 Nalin Dahyabhai <nalin@redhat.com>
689 - Update to OpenSSH 2.3.0p1.
690 - Update to x11-askpass 1.1.0.
691 - Enable keyboard-interactive authentication.
693 * Mon Oct 30 2000 Nalin Dahyabhai <nalin@redhat.com>
694 - Update to ssh-askpass-x11 1.0.3.
695 - Change authentication related messages to be private (#19966).
697 * Tue Oct 10 2000 Nalin Dahyabhai <nalin@redhat.com>
698 - Patch ssh-keygen to be able to list signatures for DSA public key files
701 * Thu Oct 5 2000 Nalin Dahyabhai <nalin@redhat.com>
702 - Add BuildPreReq on /usr/include/security/pam_appl.h to be sure we always
703 build PAM authentication in.
704 - Try setting SSH_ASKPASS if gnome-ssh-askpass is installed.
705 - Clean out no-longer-used patches.
706 - Patch ssh-add to try to add both identity and id_dsa, and to error only
709 * Mon Oct 2 2000 Nalin Dahyabhai <nalin@redhat.com>
710 - Update x11-askpass to 1.0.2. (#17835)
711 - Add BuildPreReqs for /bin/login and /usr/bin/rsh so that configure will
712 always find them in the right place. (#17909)
713 - Set the default path to be the same as the one supplied by /bin/login, but
714 add /usr/X11R6/bin. (#17909)
715 - Try to handle obsoletion of ssh-server more cleanly. Package names
716 are different, but init script name isn't. (#17865)
718 * Wed Sep 6 2000 Nalin Dahyabhai <nalin@redhat.com>
719 - Update to 2.2.0p1. (#17835)
720 - Tweak the init script to allow proper restarting. (#18023)
722 * Wed Aug 23 2000 Nalin Dahyabhai <nalin@redhat.com>
723 - Update to 20000823 snapshot.
724 - Change subpackage requirements from %%{version} to %%{version}-%%{release}
725 - Back out the pipe patch.
727 * Mon Jul 17 2000 Nalin Dahyabhai <nalin@redhat.com>
728 - Update to 2.1.1p4, which includes fixes for config file parsing problems.
729 - Move the init script back.
730 - Add Damien's quick fix for wackiness.
732 * Wed Jul 12 2000 Nalin Dahyabhai <nalin@redhat.com>
733 - Update to 2.1.1p3, which includes fixes for X11 forwarding and strtok().
735 * Thu Jul 6 2000 Nalin Dahyabhai <nalin@redhat.com>
736 - Move condrestart to server postun.
737 - Move key generation to init script.
738 - Actually use the right patch for moving the key generation to the init script.
739 - Clean up the init script a bit.
741 * Wed Jul 5 2000 Nalin Dahyabhai <nalin@redhat.com>
742 - Fix X11 forwarding, from mail post by Chan Shih-Ping Richard.
744 * Sun Jul 2 2000 Nalin Dahyabhai <nalin@redhat.com>
746 - Use of strtok() considered harmful.
748 * Sat Jul 1 2000 Nalin Dahyabhai <nalin@redhat.com>
749 - Get the build root out of the man pages.
751 * Thu Jun 29 2000 Nalin Dahyabhai <nalin@redhat.com>
752 - Add and use condrestart support in the init script.
753 - Add newer initscripts as a prereq.
755 * Tue Jun 27 2000 Nalin Dahyabhai <nalin@redhat.com>
756 - Build in new environment (release 2)
757 - Move -clients subpackage to Applications/Internet group
759 * Fri Jun 9 2000 Nalin Dahyabhai <nalin@redhat.com>
762 * Sat Jun 3 2000 Nalin Dahyabhai <nalin@redhat.com>
763 - Patch to build with neither RSA nor RSAref.
764 - Miscellaneous FHS-compliance tweaks.
765 - Fix for possibly-compressed man pages.
767 * Wed Mar 15 2000 Damien Miller <djm@ibs.com.au>
768 - Updated for new location
769 - Updated for new gnome-ssh-askpass build
771 * Sun Dec 26 1999 Damien Miller <djm@mindrot.org>
772 - Added Jim Knoble's <jmknoble@pobox.com> askpass
774 * Mon Nov 15 1999 Damien Miller <djm@mindrot.org>
775 - Split subpackages further based on patch from jim knoble <jmknoble@pobox.com>
777 * Sat Nov 13 1999 Damien Miller <djm@mindrot.org>
778 - Added 'Obsoletes' directives
780 * Tue Nov 09 1999 Damien Miller <djm@ibs.com.au>
784 * Mon Nov 08 1999 Damien Miller <djm@ibs.com.au>
785 - Added links for slogin
786 - Fixed perms on manpages
788 * Sat Oct 30 1999 Damien Miller <djm@ibs.com.au>
789 - Renamed init script
791 * Fri Oct 29 1999 Damien Miller <djm@ibs.com.au>
792 - Back to old binary names
794 * Thu Oct 28 1999 Damien Miller <djm@ibs.com.au>
798 * Wed Oct 27 1999 Damien Miller <djm@ibs.com.au>
799 - Initial RPMification, based on Jan "Yenya" Kasprzak's <kas@fi.muni.cz> spec.