- (djm) Add back radix.o (used by AFS support), after it went missing from

[openssh.git] / contrib / redhat / openssh.spec

diff --git a/contrib/redhat/openssh.spec b/contrib/redhat/openssh.spec
index b3dccfba63fae38bf5e86a5cbebd8d61557e971f..8809ded7094ae7c574db1894dc8da318ce4f1184 100644 (file)
--- a/contrib/redhat/openssh.spec
+++ b/contrib/redhat/openssh.spec
@@ -1,4 +1,4 @@
-%define ver 3.2.3p1
+%define ver 3.6.1p2
 %define rel 1
 
 # OpenSSH privilege separation requires a user & group ID
@@ -20,12 +20,18 @@
 # Do we want smartcard support (1=yes 0=no)
 %define scard 0
 
+# Use GTK2 instead of GNOME in gnome-ssh-askpass
+%define gtk2 1
+
 # Is this build for RHL 6.x?
 %define build6x 0
 
 # Disable IPv6 (avoids DNS hangs on some glibc versions)
 %define noip6 0
 
+# Do we want kerberos5 support (1=yes 0=no)
+%define kerberos5 1
+
 # Reserve options to override askpass settings with:
 # rpm -ba|--rebuild --define 'skip_xxx 1'
 %{?skip_x11_askpass:%define no_x11_askpass 1}
@@ -56,6 +62,11 @@
 %define rescue 0
 %{?build_rescue:%define rescue 1}
 
+# Turn off some stuff for resuce builds
+%if %{rescue}
+%define kerberos5 0
+%endif
+
 Summary: The OpenSSH implementation of SSH protocol versions 1 and 2.
 Name: openssh
 Version: %{ver}
@@ -76,9 +87,9 @@ PreReq: initscripts >= 5.00
 %else
 PreReq: initscripts >= 5.20
 %endif
-BuildPreReq: perl, openssl-devel, sharutils, tcp_wrappers
+BuildPreReq: perl, openssl-devel, tcp_wrappers
 BuildPreReq: /bin/login
-%if %{build6x}
+%if ! %{build6x}
 BuildPreReq: glibc-devel, pam
 %else
 BuildPreReq: db1-devel, /usr/include/security/pam_appl.h
@@ -87,7 +98,11 @@ BuildPreReq: db1-devel, /usr/include/security/pam_appl.h
 BuildPreReq: XFree86-devel
 %endif
 %if ! %{no_gnome_askpass}
-BuildPreReq: gnome-libs-devel
+BuildPreReq: pkgconfig
+%endif
+%if %{kerberos5}
+BuildPreReq: krb5-devel
+BuildPreReq: krb5-libs
 %endif
 
 %package clients
@@ -185,9 +200,12 @@ CFLAGS="$RPM_OPT_FLAGS -Os"; export CFLAGS
        --with-ipv4-default \
 %endif
 %if %{rescue}
-       --without-pam --with-md5-passwords
+       --without-pam --with-md5-passwords \
 %else
-       --with-pam --with-kerberos5=/usr/kerberos
+       --with-pam \
+%endif
+%if %{kerberos5}
+         --with-kerberos5=/usr/kerberos \
 %endif
 
 
@@ -205,11 +223,23 @@ make
 popd
 %endif
 
+# Define a variable to toggle gnome1/gtk2 building.  This is necessary
+# because RPM doesn't handle nested %if statements.
+%if %{gtk2}
+       gtk2=yes
+%else
+       gtk2=no
+%endif
+
 %if ! %{no_gnome_askpass}
 pushd contrib
-gcc $RPM_OPT_FLAGS `gnome-config --cflags gnome gnomeui` \
-        gnome-ssh-askpass.c -o gnome-ssh-askpass \
-        `gnome-config --libs gnome gnomeui`
+if [ $gtk2 = yes ] ; then
+       make gnome-ssh-askpass2
+       mv gnome-ssh-askpass2 gnome-ssh-askpass
+else
+       make gnome-ssh-askpass1
+       mv gnome-ssh-askpass1 gnome-ssh-askpass
+fi
 popd
 %endif
 
@@ -240,6 +270,10 @@ ln -s x11-ssh-askpass $RPM_BUILD_ROOT%{_libexecdir}/openssh/ssh-askpass
 install -s contrib/gnome-ssh-askpass $RPM_BUILD_ROOT%{_libexecdir}/openssh/gnome-ssh-askpass
 %endif
 
+%if ! %{scard}
+        rm -f $RPM_BUILD_ROOT/usr/share/openssh/Ssh.bin
+%endif
+
 install -m 755 -d $RPM_BUILD_ROOT%{_sysconfdir}/profile.d/
 install -m 755 contrib/redhat/gnome-ssh-askpass.csh $RPM_BUILD_ROOT%{_sysconfdir}/profile.d/
 install -m 755 contrib/redhat/gnome-ssh-askpass.sh $RPM_BUILD_ROOT%{_sysconfdir}/profile.d/
@@ -306,6 +340,8 @@ fi
 %attr(0755,root,root) %{_bindir}/ssh-keygen
 %attr(0644,root,root) %{_mandir}/man1/ssh-keygen.1*
 %attr(0755,root,root) %dir %{_libexecdir}/openssh
+%attr(4711,root,root) %{_libexecdir}/openssh/ssh-keysign
+%attr(0644,root,root) %{_mandir}/man8/ssh-keysign.8*
 %endif
 %if %{scard}
 %attr(0755,root,root) %dir %{_datadir}/openssh
@@ -314,13 +350,14 @@ fi
 
 %files clients
 %defattr(-,root,root)
-%attr(4755,root,root) %{_bindir}/ssh
+%attr(0755,root,root) %{_bindir}/ssh
 %attr(0644,root,root) %{_mandir}/man1/ssh.1*
+%attr(0644,root,root) %{_mandir}/man5/ssh_config.5*
 %attr(0644,root,root) %config(noreplace) %{_sysconfdir}/ssh/ssh_config
 %attr(-,root,root) %{_bindir}/slogin
 %attr(-,root,root) %{_mandir}/man1/slogin.1*
 %if ! %{rescue}
-%attr(0755,root,root) %{_bindir}/ssh-agent
+%attr(2755,root,nobody) %{_bindir}/ssh-agent
 %attr(0755,root,root) %{_bindir}/ssh-add
 %attr(0755,root,root) %{_bindir}/ssh-keyscan
 %attr(0755,root,root) %{_bindir}/sftp
@@ -337,6 +374,7 @@ fi
 %attr(0755,root,root) %{_sbindir}/sshd
 %attr(0755,root,root) %{_libexecdir}/openssh/sftp-server
 %attr(0644,root,root) %{_mandir}/man8/sshd.8*
+%attr(0644,root,root) %{_mandir}/man5/sshd_config.5*
 %attr(0644,root,root) %{_mandir}/man8/sftp-server.8*
 %attr(0755,root,root) %dir %{_sysconfdir}/ssh
 %attr(0600,root,root) %config(noreplace) %{_sysconfdir}/ssh/sshd_config
@@ -362,6 +400,17 @@ fi
 %endif
 
 %changelog
+* Wed Oct 01 2002 Damien Miller <djm@mindrot.org>
+- Install ssh-agent setgid nobody to prevent ptrace() key theft attacks
+
+* Mon Sep 30 2002 Damien Miller <djm@mindrot.org>
+- Use contrib/ Makefile for building askpass programs
+
+* Fri Jun 21 2002 Damien Miller <djm@mindrot.org>
+- Merge in spec changes from seba@iq.pl (Sebastian Pachuta)
+- Add new {ssh,sshd}_config.5 manpages
+- Add new ssh-keysign program and remove setuid from ssh client
+
 * Fri May 10 2002 Damien Miller <djm@mindrot.org>
 - Merge in spec changes from RedHat, reorgansie a little
 - Add Privsep user, group and directory