- (djm) Update version.h and spec files for HEAD

[openssh.git] / contrib / redhat / openssh.spec

diff --git a/contrib/redhat/openssh.spec b/contrib/redhat/openssh.spec
index 99e765328d8e0b83ff4a8c03c68ea4cb650fa465..09e4054758ecc0168516c6efb151a09cb82f4ac3 100644 (file)
--- a/contrib/redhat/openssh.spec
+++ b/contrib/redhat/openssh.spec
@@ -1,4 +1,4 @@
-%define ver 3.2.3p1
+%define ver 3.7.1p2
 %define rel 1
 
 # OpenSSH privilege separation requires a user & group ID
@@ -20,12 +20,12 @@
 # Do we want smartcard support (1=yes 0=no)
 %define scard 0
 
+# Use GTK2 instead of GNOME in gnome-ssh-askpass
+%define gtk2 1
+
 # Is this build for RHL 6.x?
 %define build6x 0
 
-# Disable IPv6 (avoids DNS hangs on some glibc versions)
-%define noip6 0
-
 # Do we want kerberos5 support (1=yes 0=no)
 %define kerberos5 1
 
@@ -34,13 +34,17 @@
 %{?skip_x11_askpass:%define no_x11_askpass 1}
 %{?skip_gnome_askpass:%define no_gnome_askpass 1}
 
+# Add option to build without GTK2 for older platforms with only GTK+.
+# RedHat <= 7.2 and Red Hat Advanced Server 2.1 are examples.
+# rpm -ba|--rebuild --define 'no_gtk2 1'
+%{?no_gtk2:%define gtk2 0}
+
 # Is this a build for RHL 6.x or earlier?
 %{?build_6x:%define build6x 1}
 
 # If this is RHL 6.x, the default configuration has sysconfdir in /usr/etc.
 %if %{build6x}
 %define _sysconfdir /etc
-%define noip6 1
 %endif
 
 # Options for static OpenSSL link:
@@ -51,10 +55,6 @@
 # rpm -ba|--rebuild --define "smartcard 1"
 %{?smartcard:%define scard 1}
 
-# Option to disable ipv6
-# rpm -ba|--rebuild --define "noipv6 1"
-%{?noipv6:%define noip6 1}
-
 # Is this a build for the rescue CD (without PAM, with MD5)? (1=yes 0=no)
 %define rescue 0
 %{?build_rescue:%define rescue 1}
@@ -84,18 +84,22 @@ PreReq: initscripts >= 5.00
 %else
 PreReq: initscripts >= 5.20
 %endif
-BuildPreReq: perl, openssl-devel, sharutils, tcp_wrappers
+BuildPreReq: perl, openssl-devel, tcp_wrappers
 BuildPreReq: /bin/login
-%if %{build6x}
+%if ! %{build6x}
 BuildPreReq: glibc-devel, pam
 %else
-BuildPreReq: db1-devel, /usr/include/security/pam_appl.h
+BuildPreReq: /usr/include/security/pam_appl.h
 %endif
 %if ! %{no_x11_askpass}
 BuildPreReq: XFree86-devel
 %endif
 %if ! %{no_gnome_askpass}
-BuildPreReq: gnome-libs-devel
+BuildPreReq: pkgconfig
+%endif
+%if %{kerberos5}
+BuildPreReq: krb5-devel
+BuildPreReq: krb5-libs
 %endif
 
 %package clients
@@ -189,9 +193,6 @@ CFLAGS="$RPM_OPT_FLAGS -Os"; export CFLAGS
 %if %{scard}
        --with-smartcard \
 %endif
-%if %{noip6}
-       --with-ipv4-default \
-%endif
 %if %{rescue}
        --without-pam --with-md5-passwords \
 %else
@@ -199,8 +200,7 @@ CFLAGS="$RPM_OPT_FLAGS -Os"; export CFLAGS
 %endif
 %if %{kerberos5}
          --with-kerberos5=/usr/kerberos \
-%else
-
+%endif
 
 
 %if %{static_libcrypto}
@@ -217,11 +217,23 @@ make
 popd
 %endif
 
+# Define a variable to toggle gnome1/gtk2 building.  This is necessary
+# because RPM doesn't handle nested %if statements.
+%if %{gtk2}
+       gtk2=yes
+%else
+       gtk2=no
+%endif
+
 %if ! %{no_gnome_askpass}
 pushd contrib
-gcc $RPM_OPT_FLAGS `gnome-config --cflags gnome gnomeui` \
-        gnome-ssh-askpass.c -o gnome-ssh-askpass \
-        `gnome-config --libs gnome gnomeui`
+if [ $gtk2 = yes ] ; then
+       make gnome-ssh-askpass2
+       mv gnome-ssh-askpass2 gnome-ssh-askpass
+else
+       make gnome-ssh-askpass1
+       mv gnome-ssh-askpass1 gnome-ssh-askpass
+fi
 popd
 %endif
 
@@ -252,9 +264,15 @@ ln -s x11-ssh-askpass $RPM_BUILD_ROOT%{_libexecdir}/openssh/ssh-askpass
 install -s contrib/gnome-ssh-askpass $RPM_BUILD_ROOT%{_libexecdir}/openssh/gnome-ssh-askpass
 %endif
 
+%if ! %{scard}
+        rm -f $RPM_BUILD_ROOT/usr/share/openssh/Ssh.bin
+%endif
+
+%if ! %{no_gnome_askpass}
 install -m 755 -d $RPM_BUILD_ROOT%{_sysconfdir}/profile.d/
 install -m 755 contrib/redhat/gnome-ssh-askpass.csh $RPM_BUILD_ROOT%{_sysconfdir}/profile.d/
 install -m 755 contrib/redhat/gnome-ssh-askpass.sh $RPM_BUILD_ROOT%{_sysconfdir}/profile.d/
+%endif
 
 perl -pi -e "s|$RPM_BUILD_ROOT||g" $RPM_BUILD_ROOT%{_mandir}/man*/*
 
@@ -335,7 +353,7 @@ fi
 %attr(-,root,root) %{_bindir}/slogin
 %attr(-,root,root) %{_mandir}/man1/slogin.1*
 %if ! %{rescue}
-%attr(0755,root,root) %{_bindir}/ssh-agent
+%attr(2755,root,nobody) %{_bindir}/ssh-agent
 %attr(0755,root,root) %{_bindir}/ssh-add
 %attr(0755,root,root) %{_bindir}/ssh-keyscan
 %attr(0755,root,root) %{_bindir}/sftp
@@ -378,6 +396,20 @@ fi
 %endif
 
 %changelog
+* Mon Jun 2 2003 Damien Miller <djm@mindrot.org>
+- Remove noip6 option. This may be controlled at run-time in client config 
+  file using new AddressFamily directive
+
+* Mon May 12 2003 Damien Miller <djm@mindrot.org>
+- Don't install profile.d scripts when not building with GNOME/GTK askpass
+  (patch from bet@rahul.net)
+
+* Wed Oct 01 2002 Damien Miller <djm@mindrot.org>
+- Install ssh-agent setgid nobody to prevent ptrace() key theft attacks
+
+* Mon Sep 30 2002 Damien Miller <djm@mindrot.org>
+- Use contrib/ Makefile for building askpass programs
+
 * Fri Jun 21 2002 Damien Miller <djm@mindrot.org>
 - Merge in spec changes from seba@iq.pl (Sebastian Pachuta)
 - Add new {ssh,sshd}_config.5 manpages