4 # OpenSSH privilege separation requires a user & group ID
8 # Version of ssh-askpass
9 %define aversion 1.2.4.1
11 # Do we want to disable building of x11-askpass? (1=yes 0=no)
12 %define no_x11_askpass 0
14 # Do we want to disable building of gnome-askpass? (1=yes 0=no)
15 %define no_gnome_askpass 0
17 # Do we want to link against a static libcrypto? (1=yes 0=no)
18 %define static_libcrypto 0
20 # Do we want smartcard support (1=yes 0=no)
23 # Use GTK2 instead of GNOME in gnome-ssh-askpass
26 # Is this build for RHL 6.x?
29 # Do we want kerberos5 support (1=yes 0=no)
32 # Reserve options to override askpass settings with:
33 # rpm -ba|--rebuild --define 'skip_xxx 1'
34 %{?skip_x11_askpass:%define no_x11_askpass 1}
35 %{?skip_gnome_askpass:%define no_gnome_askpass 1}
37 # Add option to build without GTK2 for older platforms with only GTK+.
38 # RedHat <= 7.2 and Red Hat Advanced Server 2.1 are examples.
39 # rpm -ba|--rebuild --define 'no_gtk2 1'
40 %{?no_gtk2:%define gtk2 0}
42 # Is this a build for RHL 6.x or earlier?
43 %{?build_6x:%define build6x 1}
45 # If this is RHL 6.x, the default configuration has sysconfdir in /usr/etc.
47 %define _sysconfdir /etc
50 # Options for static OpenSSL link:
51 # rpm -ba|--rebuild --define "static_openssl 1"
52 %{?static_openssl:%define static_libcrypto 1}
54 # Options for Smartcard support: (needs libsectok and openssl-engine)
55 # rpm -ba|--rebuild --define "smartcard 1"
56 %{?smartcard:%define scard 1}
58 # Is this a build for the rescue CD (without PAM, with MD5)? (1=yes 0=no)
60 %{?build_rescue:%define rescue 1}
62 # Turn off some stuff for resuce builds
67 Summary: The OpenSSH implementation of SSH protocol versions 1 and 2.
75 URL: https://www.openssh.com/portable.html
76 Source0: https://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-%{version}.tar.gz
77 %if ! %{no_x11_askpass}
78 Source1: http://www.jmknoble.net/software/x11-ssh-askpass/x11-ssh-askpass-%{aversion}.tar.gz
81 Group: Applications/Internet
82 BuildRoot: %{_tmppath}/%{name}-%{version}-buildroot
85 PreReq: initscripts >= 5.00
87 Requires: initscripts >= 5.20
89 BuildRequires: perl, openssl-devel
90 BuildRequires: /bin/login
92 BuildRequires: glibc-devel, pam
94 BuildRequires: /usr/include/security/pam_appl.h
96 %if ! %{no_x11_askpass}
97 BuildRequires: /usr/include/X11/Xlib.h
99 %if ! %{no_gnome_askpass}
100 BuildRequires: pkgconfig
103 BuildRequires: krb5-devel
104 BuildRequires: krb5-libs
108 Summary: OpenSSH clients.
109 Requires: openssh = %{version}-%{release}
110 Group: Applications/Internet
111 Obsoletes: ssh-clients
114 Summary: The OpenSSH server daemon.
115 Group: System Environment/Daemons
116 Obsoletes: ssh-server
117 Requires: openssh = %{version}-%{release}, chkconfig >= 0.9
119 Requires: /etc/pam.d/system-auth
123 Summary: A passphrase dialog for OpenSSH and X.
124 Group: Applications/Internet
125 Requires: openssh = %{version}-%{release}
126 Obsoletes: ssh-extras
128 %package askpass-gnome
129 Summary: A passphrase dialog for OpenSSH, X, and GNOME.
130 Group: Applications/Internet
131 Requires: openssh = %{version}-%{release}
132 Obsoletes: ssh-extras
135 SSH (Secure SHell) is a program for logging into and executing
136 commands on a remote machine. SSH is intended to replace rlogin and
137 rsh, and to provide secure encrypted communications between two
138 untrusted hosts over an insecure network. X11 connections and
139 arbitrary TCP/IP ports can also be forwarded over the secure channel.
141 OpenSSH is OpenBSD's version of the last free version of SSH, bringing
142 it up to date in terms of security and features, as well as removing
143 all patented algorithms to separate libraries.
145 This package includes the core files necessary for both the OpenSSH
146 client and server. To make this package useful, you should also
147 install openssh-clients, openssh-server, or both.
150 OpenSSH is a free version of SSH (Secure SHell), a program for logging
151 into and executing commands on a remote machine. This package includes
152 the clients necessary to make encrypted connections to SSH servers.
153 You'll also need to install the openssh package on OpenSSH clients.
156 OpenSSH is a free version of SSH (Secure SHell), a program for logging
157 into and executing commands on a remote machine. This package contains
158 the secure shell daemon (sshd). The sshd daemon allows SSH clients to
159 securely connect to your SSH server. You also need to have the openssh
163 OpenSSH is a free version of SSH (Secure SHell), a program for logging
164 into and executing commands on a remote machine. This package contains
165 an X11 passphrase dialog for OpenSSH.
167 %description askpass-gnome
168 OpenSSH is a free version of SSH (Secure SHell), a program for logging
169 into and executing commands on a remote machine. This package contains
170 an X11 passphrase dialog for OpenSSH and the GNOME GUI desktop
175 %if ! %{no_x11_askpass}
183 CFLAGS="$RPM_OPT_FLAGS -Os"; export CFLAGS
187 K5DIR=`rpm -ql krb5-devel | grep 'include/krb5\.h' | sed 's,\/include\/krb5.h,,'`
192 --sysconfdir=%{_sysconfdir}/ssh \
193 --libexecdir=%{_libexecdir}/openssh \
194 --datadir=%{_datadir}/openssh \
195 --with-default-path=/usr/local/bin:/bin:/usr/bin \
196 --with-superuser-path=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin \
197 --with-privsep-path=%{_var}/empty/sshd \
198 --with-md5-passwords \
208 --with-kerberos5=$K5DIR \
212 %if %{static_libcrypto}
213 perl -pi -e "s|-lcrypto|%{_libdir}/libcrypto.a|g" Makefile
218 %if ! %{no_x11_askpass}
219 pushd x11-ssh-askpass-%{aversion}
220 %configure --libexecdir=%{_libexecdir}/openssh
226 # Define a variable to toggle gnome1/gtk2 building. This is necessary
227 # because RPM doesn't handle nested %if statements.
234 %if ! %{no_gnome_askpass}
236 if [ $gtk2 = yes ] ; then
237 make gnome-ssh-askpass2
238 mv gnome-ssh-askpass2 gnome-ssh-askpass
240 make gnome-ssh-askpass1
241 mv gnome-ssh-askpass1 gnome-ssh-askpass
247 rm -rf $RPM_BUILD_ROOT
248 mkdir -p -m755 $RPM_BUILD_ROOT%{_sysconfdir}/ssh
249 mkdir -p -m755 $RPM_BUILD_ROOT%{_libexecdir}/openssh
250 mkdir -p -m755 $RPM_BUILD_ROOT%{_var}/empty/sshd
252 make install DESTDIR=$RPM_BUILD_ROOT
254 install -d $RPM_BUILD_ROOT/etc/pam.d/
255 install -d $RPM_BUILD_ROOT/etc/rc.d/init.d
256 install -d $RPM_BUILD_ROOT%{_libexecdir}/openssh
258 install -m644 contrib/redhat/sshd.pam.old $RPM_BUILD_ROOT/etc/pam.d/sshd
260 install -m644 contrib/redhat/sshd.pam $RPM_BUILD_ROOT/etc/pam.d/sshd
262 install -m755 contrib/redhat/sshd.init $RPM_BUILD_ROOT/etc/rc.d/init.d/sshd
264 %if ! %{no_x11_askpass}
265 install -s x11-ssh-askpass-%{aversion}/x11-ssh-askpass $RPM_BUILD_ROOT%{_libexecdir}/openssh/x11-ssh-askpass
266 ln -s x11-ssh-askpass $RPM_BUILD_ROOT%{_libexecdir}/openssh/ssh-askpass
269 %if ! %{no_gnome_askpass}
270 install -s contrib/gnome-ssh-askpass $RPM_BUILD_ROOT%{_libexecdir}/openssh/gnome-ssh-askpass
274 rm -f $RPM_BUILD_ROOT/usr/share/openssh/Ssh.bin
277 %if ! %{no_gnome_askpass}
278 install -m 755 -d $RPM_BUILD_ROOT%{_sysconfdir}/profile.d/
279 install -m 755 contrib/redhat/gnome-ssh-askpass.csh $RPM_BUILD_ROOT%{_sysconfdir}/profile.d/
280 install -m 755 contrib/redhat/gnome-ssh-askpass.sh $RPM_BUILD_ROOT%{_sysconfdir}/profile.d/
283 perl -pi -e "s|$RPM_BUILD_ROOT||g" $RPM_BUILD_ROOT%{_mandir}/man*/*
286 rm -rf $RPM_BUILD_ROOT
288 %triggerun server -- ssh-server
289 if [ "$1" != 0 -a -r /var/run/sshd.pid ] ; then
290 touch /var/run/sshd.restart
293 %triggerun server -- openssh-server < 2.5.0p1
294 # Count the number of HostKey and HostDsaKey statements we have.
295 gawk 'BEGIN {IGNORECASE=1}
296 /^hostkey/ || /^hostdsakey/ {sawhostkey = sawhostkey + 1}
297 END {exit sawhostkey}' /etc/ssh/sshd_config
298 # And if we only found one, we know the client was relying on the old default
299 # behavior, which loaded the the SSH2 DSA host key when HostDsaKey wasn't
300 # specified. Now that HostKey is used for both SSH1 and SSH2 keys, specifying
301 # one nullifies the default, which would have loaded both.
302 if [ $? -eq 1 ] ; then
303 echo HostKey /etc/ssh/ssh_host_rsa_key >> /etc/ssh/sshd_config
304 echo HostKey /etc/ssh/ssh_host_dsa_key >> /etc/ssh/sshd_config
307 %triggerpostun server -- ssh-server
308 if [ "$1" != 0 ] ; then
309 /sbin/chkconfig --add sshd
310 if test -f /var/run/sshd.restart ; then
311 rm -f /var/run/sshd.restart
312 /sbin/service sshd start > /dev/null 2>&1 || :
317 %{_sbindir}/groupadd -r -g %{sshd_gid} sshd 2>/dev/null || :
318 %{_sbindir}/useradd -d /var/empty/sshd -s /bin/false -u %{sshd_uid} \
319 -g sshd -M -r sshd 2>/dev/null || :
322 /sbin/chkconfig --add sshd
325 /sbin/service sshd condrestart > /dev/null 2>&1 || :
330 /sbin/service sshd stop > /dev/null 2>&1 || :
331 /sbin/chkconfig --del sshd
335 %defattr(-,root,root)
336 %doc CREDITS ChangeLog INSTALL LICENCE OVERVIEW README* PROTOCOL* TODO
337 %attr(0755,root,root) %{_bindir}/scp
338 %attr(0644,root,root) %{_mandir}/man1/scp.1*
339 %attr(0755,root,root) %dir %{_sysconfdir}/ssh
340 %attr(0600,root,root) %config(noreplace) %{_sysconfdir}/ssh/moduli
342 %attr(0755,root,root) %{_bindir}/ssh-keygen
343 %attr(0644,root,root) %{_mandir}/man1/ssh-keygen.1*
344 %attr(0755,root,root) %dir %{_libexecdir}/openssh
345 %attr(4711,root,root) %{_libexecdir}/openssh/ssh-keysign
346 %attr(0755,root,root) %{_libexecdir}/openssh/ssh-pkcs11-helper
347 %attr(0644,root,root) %{_mandir}/man8/ssh-keysign.8*
348 %attr(0644,root,root) %{_mandir}/man8/ssh-pkcs11-helper.8*
351 %attr(0755,root,root) %dir %{_datadir}/openssh
352 %attr(0644,root,root) %{_datadir}/openssh/Ssh.bin
356 %defattr(-,root,root)
357 %attr(0755,root,root) %{_bindir}/ssh
358 %attr(0644,root,root) %{_mandir}/man1/ssh.1*
359 %attr(0644,root,root) %{_mandir}/man5/ssh_config.5*
360 %attr(0644,root,root) %config(noreplace) %{_sysconfdir}/ssh/ssh_config
362 %attr(2755,root,nobody) %{_bindir}/ssh-agent
363 %attr(0755,root,root) %{_bindir}/ssh-add
364 %attr(0755,root,root) %{_bindir}/ssh-keyscan
365 %attr(0755,root,root) %{_bindir}/sftp
366 %attr(0644,root,root) %{_mandir}/man1/ssh-agent.1*
367 %attr(0644,root,root) %{_mandir}/man1/ssh-add.1*
368 %attr(0644,root,root) %{_mandir}/man1/ssh-keyscan.1*
369 %attr(0644,root,root) %{_mandir}/man1/sftp.1*
374 %defattr(-,root,root)
375 %dir %attr(0111,root,root) %{_var}/empty/sshd
376 %attr(0755,root,root) %{_sbindir}/sshd
377 %attr(0755,root,root) %{_libexecdir}/openssh/sftp-server
378 %attr(0644,root,root) %{_mandir}/man8/sshd.8*
379 %attr(0644,root,root) %{_mandir}/man5/moduli.5*
380 %attr(0644,root,root) %{_mandir}/man5/sshd_config.5*
381 %attr(0644,root,root) %{_mandir}/man8/sftp-server.8*
382 %attr(0755,root,root) %dir %{_sysconfdir}/ssh
383 %attr(0600,root,root) %config(noreplace) %{_sysconfdir}/ssh/sshd_config
384 %attr(0600,root,root) %config(noreplace) /etc/pam.d/sshd
385 %attr(0755,root,root) %config /etc/rc.d/init.d/sshd
388 %if ! %{no_x11_askpass}
390 %defattr(-,root,root)
391 %doc x11-ssh-askpass-%{aversion}/README
392 %doc x11-ssh-askpass-%{aversion}/ChangeLog
393 %doc x11-ssh-askpass-%{aversion}/SshAskpass*.ad
394 %attr(0755,root,root) %{_libexecdir}/openssh/ssh-askpass
395 %attr(0755,root,root) %{_libexecdir}/openssh/x11-ssh-askpass
398 %if ! %{no_gnome_askpass}
400 %defattr(-,root,root)
401 %attr(0755,root,root) %config %{_sysconfdir}/profile.d/gnome-ssh-askpass.*
402 %attr(0755,root,root) %{_libexecdir}/openssh/gnome-ssh-askpass
406 * Wed Jul 14 2010 Tim Rice <tim@multitalents.net>
407 - test for skip_x11_askpass (line 77) should have been for no_x11_askpass
409 * Mon Jun 2 2003 Damien Miller <djm@mindrot.org>
410 - Remove noip6 option. This may be controlled at run-time in client config
411 file using new AddressFamily directive
413 * Mon May 12 2003 Damien Miller <djm@mindrot.org>
414 - Don't install profile.d scripts when not building with GNOME/GTK askpass
415 (patch from bet@rahul.net)
417 * Wed Oct 01 2002 Damien Miller <djm@mindrot.org>
418 - Install ssh-agent setgid nobody to prevent ptrace() key theft attacks
420 * Mon Sep 30 2002 Damien Miller <djm@mindrot.org>
421 - Use contrib/ Makefile for building askpass programs
423 * Fri Jun 21 2002 Damien Miller <djm@mindrot.org>
424 - Merge in spec changes from seba@iq.pl (Sebastian Pachuta)
425 - Add new {ssh,sshd}_config.5 manpages
426 - Add new ssh-keysign program and remove setuid from ssh client
428 * Fri May 10 2002 Damien Miller <djm@mindrot.org>
429 - Merge in spec changes from RedHat, reorgansie a little
430 - Add Privsep user, group and directory
432 * Thu Mar 7 2002 Nalin Dahyabhai <nalin@redhat.com> 3.1p1-2
433 - bump and grind (through the build system)
435 * Thu Mar 7 2002 Nalin Dahyabhai <nalin@redhat.com> 3.1p1-1
436 - require sharutils for building (mindrot #137)
437 - require db1-devel only when building for 6.x (#55105), which probably won't
438 work anyway (3.1 requires OpenSSL 0.9.6 to build), but what the heck
439 - require pam-devel by file (not by package name) again
440 - add Markus's patch to compile with OpenSSL 0.9.5a (from
441 http://bugzilla.mindrot.org/show_bug.cgi?id=141) and apply it if we're
444 * Thu Mar 7 2002 Nalin Dahyabhai <nalin@redhat.com> 3.1p1-0
447 * Tue Mar 5 2002 Nalin Dahyabhai <nalin@redhat.com> SNAP-20020305
448 - update to SNAP-20020305
449 - drop debug patch, fixed upstream
451 * Wed Feb 20 2002 Nalin Dahyabhai <nalin@redhat.com> SNAP-20020220
452 - update to SNAP-20020220 for testing purposes (you've been warned, if there's
453 anything to be warned about, gss patches won't apply, I don't mind)
455 * Wed Feb 13 2002 Nalin Dahyabhai <nalin@redhat.com> 3.0.2p1-3
456 - add patches from Simon Wilkinson and Nicolas Williams for GSSAPI key
457 exchange, authentication, and named key support
459 * Wed Jan 23 2002 Nalin Dahyabhai <nalin@redhat.com> 3.0.2p1-2
460 - remove dependency on db1-devel, which has just been swallowed up whole
463 * Sun Dec 29 2001 Nalin Dahyabhai <nalin@redhat.com>
464 - adjust build dependencies so that build6x actually works right (fix
465 from Hugo van der Kooij)
467 * Tue Dec 4 2001 Nalin Dahyabhai <nalin@redhat.com> 3.0.2p1-1
470 * Fri Nov 16 2001 Nalin Dahyabhai <nalin@redhat.com> 3.0.1p1-1
473 * Tue Nov 13 2001 Nalin Dahyabhai <nalin@redhat.com>
474 - update to current CVS (not for use in distribution)
476 * Thu Nov 8 2001 Nalin Dahyabhai <nalin@redhat.com> 3.0p1-1
477 - merge some of Damien Miller <djm@mindrot.org> changes from the upstream
478 3.0p1 spec file and init script
480 * Wed Nov 7 2001 Nalin Dahyabhai <nalin@redhat.com>
482 - update to x11-ssh-askpass 1.2.4.1
483 - change build dependency on a file from pam-devel to the pam-devel package
484 - replace primes with moduli
486 * Thu Sep 27 2001 Nalin Dahyabhai <nalin@redhat.com> 2.9p2-9
487 - incorporate fix from Markus Friedl's advisory for IP-based authorization bugs
489 * Thu Sep 13 2001 Bernhard Rosenkraenzer <bero@redhat.com> 2.9p2-8
490 - Merge changes to rescue build from current sysadmin survival cd
492 * Thu Sep 6 2001 Nalin Dahyabhai <nalin@redhat.com> 2.9p2-7
493 - fix scp's server's reporting of file sizes, and build with the proper
494 preprocessor define to get large-file capable open(), stat(), etc.
495 (sftp has been doing this correctly all along) (#51827)
496 - configure without --with-ipv4-default on RHL 7.x and newer (#45987,#52247)
497 - pull cvs patch to fix support for /etc/nologin for non-PAM logins (#47298)
498 - mark profile.d scriptlets as config files (#42337)
499 - refer to Jason Stone's mail for zsh workaround for exit-hanging quasi-bug
500 - change a couple of log() statements to debug() statements (#50751)
501 - pull cvs patch to add -t flag to sshd (#28611)
502 - clear fd_sets correctly (one bit per FD, not one byte per FD) (#43221)
504 * Mon Aug 20 2001 Nalin Dahyabhai <nalin@redhat.com> 2.9p2-6
505 - add db1-devel as a BuildPrerequisite (noted by Hans Ecke)
507 * Thu Aug 16 2001 Nalin Dahyabhai <nalin@redhat.com>
508 - pull cvs patch to fix remote port forwarding with protocol 2
510 * Thu Aug 9 2001 Nalin Dahyabhai <nalin@redhat.com>
511 - pull cvs patch to add session initialization to no-pty sessions
512 - pull cvs patch to not cut off challengeresponse auth needlessly
513 - refuse to do X11 forwarding if xauth isn't there, handy if you enable
514 it by default on a system that doesn't have X installed (#49263)
516 * Wed Aug 8 2001 Nalin Dahyabhai <nalin@redhat.com>
517 - don't apply patches to code we don't intend to build (spotted by Matt Galgoci)
519 * Mon Aug 6 2001 Nalin Dahyabhai <nalin@redhat.com>
520 - pass OPTIONS correctly to initlog (#50151)
522 * Wed Jul 25 2001 Nalin Dahyabhai <nalin@redhat.com>
523 - switch to x11-ssh-askpass 1.2.2
525 * Wed Jul 11 2001 Nalin Dahyabhai <nalin@redhat.com>
526 - rebuild in new environment
528 * Mon Jun 25 2001 Nalin Dahyabhai <nalin@redhat.com>
529 - disable the gssapi patch
531 * Mon Jun 18 2001 Nalin Dahyabhai <nalin@redhat.com>
533 - refresh to a new version of the gssapi patch
535 * Thu Jun 7 2001 Nalin Dahyabhai <nalin@redhat.com>
536 - change Copyright: BSD to License: BSD
537 - add Markus Friedl's unverified patch for the cookie file deletion problem
538 so that we can verify it
539 - drop patch to check if xauth is present (was folded into cookie patch)
540 - don't apply gssapi patches for the errata candidate
541 - clear supplemental groups list at startup
543 * Fri May 25 2001 Nalin Dahyabhai <nalin@redhat.com>
544 - fix an error parsing the new default sshd_config
545 - add a fix from Markus Friedl (via openssh-unix-dev) for ssh-keygen not
546 dealing with comments right
548 * Thu May 24 2001 Nalin Dahyabhai <nalin@redhat.com>
549 - add in Simon Wilkinson's GSSAPI patch to give it some testing in-house,
550 to be removed before the next beta cycle because it's a big departure
551 from the upstream version
553 * Thu May 3 2001 Nalin Dahyabhai <nalin@redhat.com>
554 - finish marking strings in the init script for translation
555 - modify init script to source /etc/sysconfig/sshd and pass $OPTIONS to sshd
556 at startup (change merged from openssh.com init script, originally by
558 - refuse to do X11 forwarding if xauth isn't there, handy if you enable
559 it by default on a system that doesn't have X installed
561 * Wed May 2 2001 Nalin Dahyabhai <nalin@redhat.com>
563 - drop various patches that came from or went upstream or to or from CVS
565 * Wed Apr 18 2001 Nalin Dahyabhai <nalin@redhat.com>
566 - only require initscripts 5.00 on 6.2 (reported by Peter Bieringer)
568 * Sun Apr 8 2001 Preston Brown <pbrown@redhat.com>
569 - remove explicit openssl requirement, fixes builddistro issue
570 - make initscript stop() function wait until sshd really dead to avoid
573 * Mon Apr 2 2001 Nalin Dahyabhai <nalin@redhat.com>
574 - mention that challengereponse supports PAM, so disabling password doesn't
575 limit users to pubkey and rsa auth (#34378)
576 - bypass the daemon() function in the init script and call initlog directly,
577 because daemon() won't start a daemon it detects is already running (like
579 - require the version of openssl we had when we were built
581 * Fri Mar 23 2001 Nalin Dahyabhai <nalin@redhat.com>
582 - make do_pam_setcred() smart enough to know when to establish creds and
583 when to reinitialize them
584 - add in a couple of other fixes from Damien for inclusion in the errata
586 * Thu Mar 22 2001 Nalin Dahyabhai <nalin@redhat.com>
588 - call setcred() again after initgroups, because the "creds" could actually
591 * Tue Mar 20 2001 Nalin Dahyabhai <nalin@redhat.com>
592 - update to 2.5.2p1 (includes endianness fixes in the rijndael implementation)
593 - don't enable challenge-response by default until we find a way to not
594 have too many userauth requests (we may make up to six pubkey and up to
595 three password attempts as it is)
596 - remove build dependency on rsh to match openssh.com's packages more closely
598 * Sat Mar 3 2001 Nalin Dahyabhai <nalin@redhat.com>
599 - remove dependency on openssl -- would need to be too precise
601 * Fri Mar 2 2001 Nalin Dahyabhai <nalin@redhat.com>
602 - rebuild in new environment
604 * Mon Feb 26 2001 Nalin Dahyabhai <nalin@redhat.com>
605 - Revert the patch to move pam_open_session.
606 - Init script and spec file changes from Pekka Savola. (#28750)
607 - Patch sftp to recognize '-o protocol' arguments. (#29540)
609 * Thu Feb 22 2001 Nalin Dahyabhai <nalin@redhat.com>
610 - Chuck the closing patch.
611 - Add a trigger to add host keys for protocol 2 to the config file, now that
612 configuration file syntax requires us to specify it with HostKey if we
613 specify any other HostKey values, which we do.
615 * Tue Feb 20 2001 Nalin Dahyabhai <nalin@redhat.com>
616 - Redo patch to move pam_open_session after the server setuid()s to the user.
617 - Rework the nopam patch to use be picked up by autoconf.
619 * Mon Feb 19 2001 Nalin Dahyabhai <nalin@redhat.com>
620 - Update for 2.5.1p1.
621 - Add init script mods from Pekka Savola.
622 - Tweak the init script to match the CVS contrib script more closely.
623 - Redo patch to ssh-add to try to adding both identity and id_dsa to also try
626 * Fri Feb 16 2001 Nalin Dahyabhai <nalin@redhat.com>
627 - Update for 2.5.0p1.
628 - Use $RPM_OPT_FLAGS instead of -O when building gnome-ssh-askpass
629 - Resync with parts of Damien Miller's openssh.spec from CVS, including
630 update of x11 askpass to 1.2.0.
631 - Only require openssl (don't prereq) because we generate keys in the init
634 * Tue Feb 13 2001 Nalin Dahyabhai <nalin@redhat.com>
635 - Don't open a PAM session until we've forked and become the user (#25690).
636 - Apply Andrew Bartlett's patch for letting pam_authenticate() know which
637 host the user is attempting a login from.
638 - Resync with parts of Damien Miller's openssh.spec from CVS.
639 - Don't expose KbdInt responses in debug messages (from CVS).
640 - Detect and handle errors in rsa_{public,private}_decrypt (from CVS).
642 * Wed Feb 7 2001 Trond Eivind Glomsrxd <teg@redhat.com>
643 - i18n-tweak to initscript.
645 * Tue Jan 23 2001 Nalin Dahyabhai <nalin@redhat.com>
647 - Close all files after going into daemon mode (needs more testing).
648 - Extract patch from CVS to handle auth banners (in the client).
649 - Extract patch from CVS to handle compat weirdness.
651 * Fri Jan 19 2001 Nalin Dahyabhai <nalin@redhat.com>
652 - Finish with the gettextizing.
654 * Thu Jan 18 2001 Nalin Dahyabhai <nalin@redhat.com>
655 - Fix a bug in auth2-pam.c (#23877)
656 - Gettextize the init script.
658 * Wed Dec 20 2000 Nalin Dahyabhai <nalin@redhat.com>
659 - Incorporate a switch for using PAM configs for 6.x, just in case.
661 * Tue Dec 5 2000 Nalin Dahyabhai <nalin@redhat.com>
662 - Incorporate Bero's changes for a build specifically for rescue CDs.
664 * Wed Nov 29 2000 Nalin Dahyabhai <nalin@redhat.com>
665 - Don't treat pam_setcred() failure as fatal unless pam_authenticate() has
666 succeeded, to allow public-key authentication after a failure with "none"
667 authentication. (#21268)
669 * Tue Nov 28 2000 Nalin Dahyabhai <nalin@redhat.com>
670 - Update to x11-askpass 1.1.1. (#21301)
671 - Don't second-guess fixpaths, which causes paths to get fixed twice. (#21290)
673 * Mon Nov 27 2000 Nalin Dahyabhai <nalin@redhat.com>
674 - Merge multiple PAM text messages into subsequent prompts when possible when
675 doing keyboard-interactive authentication.
677 * Sun Nov 26 2000 Nalin Dahyabhai <nalin@redhat.com>
678 - Disable the built-in MD5 password support. We're using PAM.
679 - Take a crack at doing keyboard-interactive authentication with PAM, and
680 enable use of it in the default client configuration so that the client
681 will try it when the server disallows password authentication.
682 - Build with debugging flags. Build root policies strip all binaries anyway.
684 * Tue Nov 21 2000 Nalin Dahyabhai <nalin@redhat.com>
685 - Use DESTDIR instead of %%makeinstall.
686 - Remove /usr/X11R6/bin from the path-fixing patch.
688 * Mon Nov 20 2000 Nalin Dahyabhai <nalin@redhat.com>
689 - Add the primes file from the latest snapshot to the main package (#20884).
690 - Add the dev package to the prereq list (#19984).
691 - Remove the default path and mimic login's behavior in the server itself.
693 * Fri Nov 17 2000 Nalin Dahyabhai <nalin@redhat.com>
694 - Resync with conditional options in Damien Miller's .spec file for an errata.
695 - Change libexecdir from %%{_libexecdir}/ssh to %%{_libexecdir}/openssh.
697 * Tue Nov 7 2000 Nalin Dahyabhai <nalin@redhat.com>
698 - Update to OpenSSH 2.3.0p1.
699 - Update to x11-askpass 1.1.0.
700 - Enable keyboard-interactive authentication.
702 * Mon Oct 30 2000 Nalin Dahyabhai <nalin@redhat.com>
703 - Update to ssh-askpass-x11 1.0.3.
704 - Change authentication related messages to be private (#19966).
706 * Tue Oct 10 2000 Nalin Dahyabhai <nalin@redhat.com>
707 - Patch ssh-keygen to be able to list signatures for DSA public key files
710 * Thu Oct 5 2000 Nalin Dahyabhai <nalin@redhat.com>
711 - Add BuildRequires on /usr/include/security/pam_appl.h to be sure we always
712 build PAM authentication in.
713 - Try setting SSH_ASKPASS if gnome-ssh-askpass is installed.
714 - Clean out no-longer-used patches.
715 - Patch ssh-add to try to add both identity and id_dsa, and to error only
718 * Mon Oct 2 2000 Nalin Dahyabhai <nalin@redhat.com>
719 - Update x11-askpass to 1.0.2. (#17835)
720 - Add BuildRequiress for /bin/login and /usr/bin/rsh so that configure will
721 always find them in the right place. (#17909)
722 - Set the default path to be the same as the one supplied by /bin/login, but
723 add /usr/X11R6/bin. (#17909)
724 - Try to handle obsoletion of ssh-server more cleanly. Package names
725 are different, but init script name isn't. (#17865)
727 * Wed Sep 6 2000 Nalin Dahyabhai <nalin@redhat.com>
728 - Update to 2.2.0p1. (#17835)
729 - Tweak the init script to allow proper restarting. (#18023)
731 * Wed Aug 23 2000 Nalin Dahyabhai <nalin@redhat.com>
732 - Update to 20000823 snapshot.
733 - Change subpackage requirements from %%{version} to %%{version}-%%{release}
734 - Back out the pipe patch.
736 * Mon Jul 17 2000 Nalin Dahyabhai <nalin@redhat.com>
737 - Update to 2.1.1p4, which includes fixes for config file parsing problems.
738 - Move the init script back.
739 - Add Damien's quick fix for wackiness.
741 * Wed Jul 12 2000 Nalin Dahyabhai <nalin@redhat.com>
742 - Update to 2.1.1p3, which includes fixes for X11 forwarding and strtok().
744 * Thu Jul 6 2000 Nalin Dahyabhai <nalin@redhat.com>
745 - Move condrestart to server postun.
746 - Move key generation to init script.
747 - Actually use the right patch for moving the key generation to the init script.
748 - Clean up the init script a bit.
750 * Wed Jul 5 2000 Nalin Dahyabhai <nalin@redhat.com>
751 - Fix X11 forwarding, from mail post by Chan Shih-Ping Richard.
753 * Sun Jul 2 2000 Nalin Dahyabhai <nalin@redhat.com>
755 - Use of strtok() considered harmful.
757 * Sat Jul 1 2000 Nalin Dahyabhai <nalin@redhat.com>
758 - Get the build root out of the man pages.
760 * Thu Jun 29 2000 Nalin Dahyabhai <nalin@redhat.com>
761 - Add and use condrestart support in the init script.
762 - Add newer initscripts as a prereq.
764 * Tue Jun 27 2000 Nalin Dahyabhai <nalin@redhat.com>
765 - Build in new environment (release 2)
766 - Move -clients subpackage to Applications/Internet group
768 * Fri Jun 9 2000 Nalin Dahyabhai <nalin@redhat.com>
771 * Sat Jun 3 2000 Nalin Dahyabhai <nalin@redhat.com>
772 - Patch to build with neither RSA nor RSAref.
773 - Miscellaneous FHS-compliance tweaks.
774 - Fix for possibly-compressed man pages.
776 * Wed Mar 15 2000 Damien Miller <djm@ibs.com.au>
777 - Updated for new location
778 - Updated for new gnome-ssh-askpass build
780 * Sun Dec 26 1999 Damien Miller <djm@mindrot.org>
781 - Added Jim Knoble's <jmknoble@pobox.com> askpass
783 * Mon Nov 15 1999 Damien Miller <djm@mindrot.org>
784 - Split subpackages further based on patch from jim knoble <jmknoble@pobox.com>
786 * Sat Nov 13 1999 Damien Miller <djm@mindrot.org>
787 - Added 'Obsoletes' directives
789 * Tue Nov 09 1999 Damien Miller <djm@ibs.com.au>
793 * Mon Nov 08 1999 Damien Miller <djm@ibs.com.au>
794 - Added links for slogin
795 - Fixed perms on manpages
797 * Sat Oct 30 1999 Damien Miller <djm@ibs.com.au>
798 - Renamed init script
800 * Fri Oct 29 1999 Damien Miller <djm@ibs.com.au>
801 - Back to old binary names
803 * Thu Oct 28 1999 Damien Miller <djm@ibs.com.au>
807 * Wed Oct 27 1999 Damien Miller <djm@ibs.com.au>
808 - Initial RPMification, based on Jan "Yenya" Kasprzak's <kas@fi.muni.cz> spec.