# Version of ssh-askpass
%define aversion 1.2.4.1
# Version of watchdog patch
%define wversion 4.4p1
# Version of the hpn patch
%define hpnver 13v6
# overrides
%define build_skey 0
%define build_krb5 1
%define build_watchdog 0
%define build_x11askpass 1
%define build_gnomeaskpass 1
%define build_ldap 1
%define build_sftpcontrol 0
%define build_hpn 0
%define build_audit 0
%define build_libedit 1
%{?_with_skey: %{expand: %%global build_skey 1}}
%{?_without_skey: %{expand: %%global build_skey 0}}
%{?_with_krb5: %{expand: %%global build_krb5 1}}
%{?_without_krb5: %{expand: %%global build_krb5 0}}
%{?_with_watchdog: %{expand: %%global build_watchdog 1}}
%{?_without_watchdog: %{expand: %%global build_watchdog 0}}
%{?_with_x11askpass: %{expand: %%global build_x11askpass 1}}
%{?_without_x11askpass: %{expand: %%global build_x11askpass 0}}
%{?_with_gnomeaskpass: %{expand: %%global build_gnomeaskpass 1}}
%{?_without_gnomeaskpass: %{expand: %%global build_gnomeaskpass 0}}
%{?_with_ldap: %{expand: %%global build_ldap 1}}
%{?_without_ldap: %{expand: %%global build_ldap 0}}
%{?_with_sftpcontrol: %{expand: %%global build_sftpcontrol 1}}
%{?_without_sftpcontrol: %{expand: %%global build_sftpcontrol 0}}
%{?_with_hpn: %{expand: %%global build_hpn 1}}
%{?_without_hpn: %{expand: %%global build_hpn 0}}
%{?_with_audit: %{expand: %%global build_audit 1}}
%{?_without_audit: %{expand: %%global build_audit 0}}
%{?_with_libedit: %{expand: %%global build_libedit 1}}
%{?_without_libedit: %{expand: %%global build_libedit 0}}
%define OPENSSH_PATH "/usr/local/bin:%{_bindir}"
%define XAUTH %{_bindir}/xauth
Summary: OpenSSH free Secure Shell (SSH) implementation
Name: openssh
Version: 6.6p1
%define subrel 10
Release: %mkrel 5
License: BSD
Group: Networking/Remote access
URL: http://www.openssh.com/
Source0: ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-%{version}.tar.gz
Source1: ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-%{version}.tar.gz.asc
Source2: http://www.ntrnet.net/~jmknoble/software/x11-ssh-askpass/x11-ssh-askpass-%{aversion}.tar.bz2
# ssh-copy-id taken from debian, with "usage" added
Source3: ssh-copy-id
Source7: openssh-xinetd
Source9: README.sftpfilecontrol
# this is never to be applied by default
# http://www.sc.isc.tohoku.ac.jp/~hgot/sources/openssh-watchdog.html
Source10: openssh-%{wversion}-watchdog.patch.tgz
Source12: ssh_ldap_key.pl
Source15: ssh-avahi-integration
Source17: sshd.pam
Source21: README.hpn
Source22: sshd.service
Source23: sshd@.service
Source24: sshd-keygen.service
Source25: sshd.socket
Source26: sshd-keygen
# patch to set some default configuration
Patch1: openssh-6.5p1-config.patch
# rediffed from openssh-4.4p1-watchdog.patch.tgz
Patch4: openssh-4.4p1-watchdog.diff
# ldap support, from Fedora
Patch501: openssh-6.5p1-ldap.patch
# http://sftpfilecontrol.sourceforge.net
# Not applied by default
# P7 is rediffed and slightly adjusted from http://sftplogging.sourceforge.net/download/v1.5/openssh-4.4p1.sftplogging-v1.5.patch
Patch7: openssh-4.9p1.sftplogging-v1.5.diff
# (tpg) http://www.psc.edu/networking/projects/hpn-ssh/
Patch11: http://www.psc.edu/networking/projects/hpn-ssh/openssh-5.2p1-hpn%{hpnver}.diff
Patch12: http://www.psc.edu/networking/projects/hpn-ssh/openssh5.1-peaktput.diff
#gw: from Fedora:
#fix round-robin DNS with GSSAPI authentification
Patch13: openssh-4.3p2-gssapi-canohost.patch
Patch14: openssh-4.7p1-audit.patch
Patch17: openssh-5.1p1-askpass-progress.patch
Patch18: openssh-4.3p2-askpass-grab-info.patch
Patch19: openssh-5.6p1-exit-deadlock.patch
Patch20: openssh-6.6p1-CVE-2014-2653.patch
Patch21: openssh_tcp_wrappers.patch
Patch22: openssh-6.6p1-CVE-2015-5352.patch
Patch23: openssh-6.9p1-CVE-2015-5600.patch
# Handle terminal control characters in scp progressmeter (rhbz#1247204)
Patch24: openssh-6.6p1-scp-progressmeter.patch
# Vulnerabilities published with openssh-7.0:
# Privilege separation weakness related to PAM support (rhbz#1252844)
# Use-after-free bug related to PAM support (rhbz#1252852)
Patch25: openssh-6.6p1-security-7.0.patch
Patch26: openssh-7.1p1-CVE-2016-0777.patch
Patch27: openssh-7.2p2-CVE-2015-8325.patch
Patch28: openssh-7.2p2-user-enumeration.patch
Patch29: openssh-6.6p1-CVE-2017-15906.patch
Patch30: openssh-6.6p1-CVE-2016-10012.patch
# CVE-2016-3115
# https://github.com/openssh/openssh-portable/commit/9d47b8d3f50c3a6282896df8274147e3b9a38c56.patch
Patch100: 9d47b8d3f50c3a6282896df8274147e3b9a38c56.patch
Provides: ssh
Requires(post): openssl >= 0.9.7
Requires(post): makedev
Requires(preun): openssl >= 0.9.7
Requires: tcp_wrappers
BuildRequires: groff-for-man
BuildRequires: openssl-devel >= 0.9.7
BuildRequires: pam-devel
BuildRequires: tcp_wrappers-devel
BuildRequires: zlib-devel
%if %{build_skey}
BuildRequires: skey-devel
%endif
%if %{build_krb5}
BuildRequires: krb5-devel
%endif
%if %{build_x11askpass}
BuildRequires: imake
BuildRequires: rman
# http://qa.mandriva.com/show_bug.cgi?id=22736
BuildRequires: x11-util-cf-files >= 1.0.2
BuildRequires: gccmakedep
BuildRequires: libx11-devel
BuildRequires: libxt-devel
%endif
%if %{build_gnomeaskpass}
BuildRequires: gtk+2-devel
%endif
%if %{build_ldap}
BuildRequires: openldap-devel >= 2.0
%endif
%if %{build_audit}
BuildRequires: audit-devel
%endif
%if %{build_libedit}
BuildRequires: edit-devel
BuildRequires: ncurses-devel
%endif
BuildConflicts: libgssapi-devel
%description
Ssh (Secure Shell) is a program for logging into a remote machine and for
executing commands in a remote machine. It is intended to replace
rlogin and rsh, and provide secure encrypted communications between
two untrusted hosts over an insecure network. X11 connections and
arbitrary TCP/IP ports can also be forwarded over the secure channel.
OpenSSH is OpenBSD's rework of the last free version of SSH, bringing it
up to date in terms of security and features, as well as removing all
patented algorithms to separate libraries (OpenSSL).
This package includes the core files necessary for both the OpenSSH
client and server. To make this package useful, you should also
install openssh-clients, openssh-server, or both.
You can build %{name} with some conditional build swithes;
(ie. use with rpm --rebuild):
--with[out] skey smartcard support (disabled)
--with[out] krb5 kerberos support (enabled)
--with[out] watchdog watchdog support (disabled)
--with[out] x11askpass X11 ask pass support (enabled)
--with[out] gnomeaskpass Gnome ask pass support (enabled)
--with[out] ldap OpenLDAP support (enabled)
--with[out] sftpcontrol sftp file control support (disabled)
--with[out] hpn HPN ssh/scp support (disabled)
--with[out] audit audit support (disabled)
--with[out] libedit libedit support in sftp (enabled)
%package clients
Summary: OpenSSH Secure Shell protocol clients
Group: Networking/Remote access
Requires: %{name} = %{version}-%{release}
Provides: ssh-clients, sftp, ssh
%description clients
Ssh (Secure Shell) is a program for logging into a remote machine and for
executing commands in a remote machine. It is intended to replace
rlogin and rsh, and provide secure encrypted communications between
two untrusted hosts over an insecure network. X11 connections and
arbitrary TCP/IP ports can also be forwarded over the secure channel.
OpenSSH is OpenBSD's rework of the last free version of SSH, bringing it
up to date in terms of security and features, as well as removing all
patented algorithms to separate libraries (OpenSSL).
This package includes the clients necessary to make encrypted connections
to SSH servers.
%package server
Summary: OpenSSH Secure Shell protocol server (sshd)
Group: System/Servers
Requires(pre): %{name} = %{version}-%{release} chkconfig >= 0.9
Requires(pre): pam >= 0.74
Requires(post): rpm-helper >= 0.24.8-1
Requires(preun): rpm-helper >= 0.24.8-1
Requires(post): openssl >= 0.9.7
Requires(post): makedev
Requires: %{name}-clients = %{version}-%{release}
%if %{build_skey}
Requires: skey
%endif
%if %{build_audit}
BuildRequires: audit
%endif
Provides: ssh-server, sshd
%description server
Ssh (Secure Shell) is a program for logging into a remote machine and for
executing commands in a remote machine. It is intended to replace
rlogin and rsh, and provide secure encrypted communications between
two untrusted hosts over an insecure network. X11 connections and
arbitrary TCP/IP ports can also be forwarded over the secure channel.
OpenSSH is OpenBSD's rework of the last free version of SSH, bringing it
up to date in terms of security and features, as well as removing all
patented algorithms to separate libraries (OpenSSL).
This package contains the secure shell daemon. The sshd is the server
part of the secure shell protocol and allows ssh clients to connect to
your host.
%package askpass-common
Summary: OpenSSH X11 passphrase common scripts
Group: Networking/Remote access
%description askpass-common
OpenSSH X11 passphrase common scripts
%if %{build_x11askpass}
%package askpass
Summary: OpenSSH X11 passphrase dialog
Group: Networking/Remote access
Requires: %{name} = %{version}-%{release}
Requires: %{name}-askpass-common
Provides: ssh-extras, ssh-askpass
Requires(pre): update-alternatives
%description askpass
Ssh (Secure Shell) is a program for logging into a remote machine and for
executing commands in a remote machine. It is intended to replace
rlogin and rsh, and provide secure encrypted communications between
two untrusted hosts over an insecure network. X11 connections and
arbitrary TCP/IP ports can also be forwarded over the secure channel.
OpenSSH is OpenBSD's rework of the last free version of SSH, bringing it
up to date in terms of security and features, as well as removing all
patented algorithms to separate libraries (OpenSSL).
This package contains Jim Knoble's <jmknoble@pobox.com> X11 passphrase
dialog.
%endif
%if %{build_gnomeaskpass}
%package askpass-gnome
Summary: OpenSSH GNOME passphrase dialog
Group: Networking/Remote access
Requires: %{name} = %{version}-%{release}
Requires: %{name}-askpass-common
Requires(pre): update-alternatives
Provides: %{name}-askpass, ssh-askpass, ssh-extras
%description askpass-gnome
Ssh (Secure Shell) is a program for logging into a remote machine and for
executing commands in a remote machine. It is intended to replace
rlogin and rsh, and provide secure encrypted communications between
two untrusted hosts over an insecure network. X11 connections and
arbitrary TCP/IP ports can also be forwarded over the secure channel.
OpenSSH is OpenBSD's rework of the last free version of SSH, bringing it
up to date in terms of security and features, as well as removing all
patented algorithms to separate libraries (OpenSSL).
This package contains the GNOME passphrase dialog.
%endif
%if %{build_ldap}
%package ldap
Summary: A LDAP support for open source SSH server daemon
Group: Networking/Remote access
Requires: %{name} = %{version}-%{release}
%description ldap
OpenSSH LDAP backend is a way how to distribute the authorized tokens
among the servers in the network.
%endif
%prep
%if %{build_x11askpass}
echo "Building with x11 askpass..."
%endif
%if %{build_gnomeaskpass}
echo "Building with GNOME askpass..."
%endif
%if %{build_krb5}
echo "Building with Kerberos5 support..."
%endif
%if %{build_skey}
echo "Building with S/KEY support..."
%endif
%if %{build_watchdog}
echo "Building with watchdog support..."
%endif
%if %{build_ldap}
echo "Buiding with support for authenticating to public keys in ldap"
%endif
%if %{build_sftpcontrol}
echo "Buiding with support for sftp file control"
%endif
%if %{build_hpn}
echo "Buiding with support for High Performance Network SSH/SCP"
%endif
%if %{build_audit}
echo "Buiding with audit support"
%endif
%setup -q -a2 -a10
%patch1 -p1 -b .config
%if %{build_watchdog}
#patch -p0 -s -z .wdog < %{name}-%{wversion}-watchdog.patch
%patch4 -p1 -b .watchdog
%endif
%if %{build_ldap}
%patch501 -p1 -b .ldap
%endif
%if %{build_sftpcontrol}
#cat %{SOURCE8} | patch -p1 -s -z .sftpcontrol
echo "This patch is broken or needs to be updated/rediffed"; exit 1
%patch7 -p1 -b .sftplogging-v1.5
# README with license terms for this patch
install -m 0644 %{SOURCE9} .
%endif
%if %{build_hpn}
echo "This patch is broken or needs to be updated/rediffed"; exit 1
%patch11 -p1 -b .hpn
%patch12 -p1 -b .peak
install %{SOURCE21} .
%endif
%patch13 -p1 -b .canohost
%if %{build_audit}
%patch14 -p1 -b .audit
%endif
%patch17 -p1 -b .progress
%patch18 -p1 -b .grab-info
%patch19 -p1 -b .exit-deadlock
%patch20 -p1 -b .CVE-2014-2653
%patch21 -p1 -b .tcp_wrappers_mips
%patch22 -p1 -b .CVE-2015-5352
%patch23 -p1 -b .CVE-2015-5600
#patch24 -p1 -b .progressmeter
%patch25 -p1 -b .security7
%patch26 -p0 -b .CVE-2016-0777
%patch27 -p1 -b .CVE-2015-8325
%patch28 -p1 -b .CVE-2016-6515
%patch29 -p1 -b .CVE-2017-15906
%patch30 -p1 -b .CVE-2016-10012
%patch100 -p1 -b .CVE-2016-3115
install %{SOURCE12} .
install -m 0644 %{SOURCE17} sshd.pam
# fix attribs
chmod 644 ChangeLog OVERVIEW README* INSTALL CREDITS LICENCE TODO ssh_ldap_key.pl
# http://qa.mandriva.com/show_bug.cgi?id=22957
perl -pi -e "s|_OPENSSH_PATH_|%{OPENSSH_PATH}|g" sshd_config
%build
autoreconf
%serverbuild
%if %{build_x11askpass}
pushd x11-ssh-askpass-%{aversion}
%configure2_5x \
--prefix=%{_prefix} --libdir=%{_libdir} \
--mandir=%{_mandir} --libexecdir=%{_libdir}/ssh \
--with-app-defaults-dir=%{_sysconfdir}/X11/app-defaults \
%if %{build_libedit}
--with-libedit \
%else
--without-libedit \
%endif
xmkmf -a
%ifarch x86_64
perl -pi -e "s|/usr/lib\b|%{_libdir}|g" Makefile
perl -pi -e "s|i586-%{_vendor}-linux-gnu|x86_64-%{_vendor}-linux-gnu|g" Makefile
perl -pi -e "s|%{_libdir}/gcc/|/usr/lib/gcc/|g" Makefile
perl -pi -e "s|-m32|-m64|g" Makefile
perl -pi -e "s|__i386__|__x86_64__|g" Makefile
%endif
make \
BINDIR=%{_libdir}/ssh \
CDEBUGFLAGS="$RPM_OPT_FLAGS" \
CXXDEBUGFLAGS="$RPM_OPT_FLAGS"
# For some reason the x11-ssh-askpass.1.html file is not created on 10.0/10.1
# x86_64, so we just do it manually here... (oden)
rm -f x11-ssh-askpass.1x.html x11-ssh-askpass.1x-html
rman -f HTML < x11-ssh-askpass._man > x11-ssh-askpass.1x-html && \
mv -f x11-ssh-askpass.1x-html x11-ssh-askpass.1.html
popd
%endif
%if %{build_gnomeaskpass}
pushd contrib
make gnome-ssh-askpass2 CC="%__cc %optflags %ldflags"
mv gnome-ssh-askpass2 gnome-ssh-askpass
popd
%endif
%configure2_5x \
--prefix=%{_prefix} \
--sysconfdir=%{_sysconfdir}/ssh \
--mandir=%{_mandir} \
--libdir=%{_libdir} \
--libexecdir=%{_libdir}/ssh \
--datadir=%{_datadir}/ssh \
--disable-strip \
--with-tcp-wrappers \
--with-pam \
--with-default-path=%{OPENSSH_PATH} \
--with-xauth=%{XAUTH} \
--with-privsep-path=/var/empty \
--without-zlib-version-check \
%if %{build_krb5}
--with-kerberos5=%{_prefix} \
%endif
%if %{build_skey}
--with-skey \
%endif
%if %{build_ldap}
-with-ldap \
%endif
--with-superuser-path=/usr/local/sbin:/usr/local/bin:%{_sbindir}:%{_bindir} \
%if %{build_libedit}
--with-libedit \
%else
--without-libedit \
%endif
%if %{build_audit}
--with-linux-audit \
%endif
%make
%install
%makeinstall_std
install -d %{buildroot}%{_sysconfdir}/ssh
install -d %{buildroot}%{_sysconfdir}/pam.d/
install -d %{buildroot}%{_sysconfdir}/sysconfig
install -m 644 sshd.pam %{buildroot}%{_sysconfdir}/pam.d/sshd
if [ -f sshd_config.out ]; then
install -m 600 sshd_config.out %{buildroot}%{_sysconfdir}/ssh/sshd_config
else
install -m 600 sshd_config %{buildroot}%{_sysconfdir}/ssh/sshd_config
fi
echo "" > %{buildroot}%{_sysconfdir}/ssh/denyusers
if [ -f ssh_config.out ]; then
install -m 644 ssh_config.out %{buildroot}%{_sysconfdir}/ssh/ssh_config
else
install -m 644 ssh_config %{buildroot}%{_sysconfdir}/ssh/ssh_config
fi
echo " StrictHostKeyChecking no" >> %{buildroot}%{_sysconfdir}/ssh/ssh_config
mkdir -p %{buildroot}%{_libdir}/ssh
%if %{build_x11askpass}
pushd x11-ssh-askpass-%{aversion}
#make DESTDIR=%{buildroot} install
#make DESTDIR=%{buildroot} install.man
#install -d %{buildroot}%{_prefix}/X11R6/lib/X11/doc/html
#install -m0644 x11-ssh-askpass.1.html %{buildroot}%{_prefix}/X11R6/lib/X11/doc/html/
install -d %{buildroot}%{_libdir}/ssh
install -d %{buildroot}%{_sysconfdir}/X11/app-defaults
install -m 644 SshAskpass.ad %{buildroot}%{_sysconfdir}/X11/app-defaults/SshAskpass
install -m 755 x11-ssh-askpass %{buildroot}%{_libdir}/ssh/
install -m 644 x11-ssh-askpass.man %{buildroot}%{_mandir}/man1/x11-ssh-askpass.1
popd
%endif
install -d %{buildroot}%{_sysconfdir}/profile.d/
%if %{build_gnomeaskpass}
install -m 755 contrib/gnome-ssh-askpass %{buildroot}%{_libdir}/ssh/gnome-ssh-askpass
%endif
cat > %{buildroot}%{_sysconfdir}/profile.d/90ssh-askpass.csh <<EOF
setenv SSH_ASKPASS %{_libdir}/ssh/ssh-askpass
EOF
cat > %{buildroot}%{_sysconfdir}/profile.d/90ssh-askpass.sh <<EOF
export SSH_ASKPASS=%{_libdir}/ssh/ssh-askpass
EOF
cat > %{buildroot}%{_sysconfdir}/profile.d/90ssh-client.sh <<'EOF'
# fix hanging ssh clients on exit
if [ -n "$BASH_VERSION" ]; then
shopt -s huponexit
elif [ -n "$ZSH_VERSION" ]; then
setopt hup
fi
EOF
install -m 755 %{SOURCE3} %{buildroot}/%{_bindir}/ssh-copy-id
chmod a+x %{buildroot}/%{_bindir}/ssh-copy-id
install -m 644 contrib/ssh-copy-id.1 %{buildroot}/%{_mandir}/man1/
# create pre-authentication directory
install -d -m 755 %{buildroot}/var/empty
# remove unwanted files
rm -f %{buildroot}%{_libdir}/ssh/ssh-askpass
# xinetd support (tv)
install -d -m 755 %{buildroot}%{_sysconfdir}/xinetd.d/
install -m 644 %{SOURCE7} %{buildroot}%{_sysconfdir}/xinetd.d/sshd-xinetd
cat > %{buildroot}%{_sysconfdir}/sysconfig/sshd << EOF
#OPTIONS=""
EOF
# avahi integration support (misc)
mkdir -p %{buildroot}%{_sysconfdir}/avahi/services/
install -m 0644 %{SOURCE15} %{buildroot}%{_sysconfdir}/avahi/services/%{name}.service
install -d -m 755 %{buildroot}%{_unitdir}
install -m 644 %{SOURCE22} %{buildroot}%{_unitdir}/sshd.service
#install -m 644 %{SOURCE23} %{buildroot}%{_unitdir}/sshd@.service
#install -m 644 %{SOURCE24} %{buildroot}%{_unitdir}/sshd-keygen.service
#install -m 644 %{SOURCE25} %{buildroot}%{_unitdir}/sshd.socket
install -m 755 %{SOURCE26} %{buildroot}%{_sbindir}/sshd-keygen
# make sure strip can touch it
chmod 755 %{buildroot}%{_libdir}/ssh/ssh-keysign
sed -e 's,\$LIB,%{_libdir},g' -i %buildroot%_libdir/ssh/ssh-ldap-wrapper
%pre server
%_pre_useradd sshd /var/empty /sbin/nologin
%post server
# do some key management; taken from the initscript
KEYGEN=/usr/bin/ssh-keygen
RSA1_KEY=/etc/ssh/ssh_host_key
RSA_KEY=/etc/ssh/ssh_host_rsa_key
DSA_KEY=/etc/ssh/ssh_host_dsa_key
ECDSA_KEY=/etc/ssh/ssh_host_ecdsa_key
do_rsa1_keygen() {
if [ ! -s $RSA1_KEY ]; then
echo -n "Generating SSH1 RSA host key... "
if $KEYGEN -q -t rsa1 -f $RSA1_KEY -C '' -N '' >&/dev/null; then
chmod 600 $RSA1_KEY
chmod 644 $RSA1_KEY.pub
echo "done"
echo
else
echo "failed"
echo
exit 1
fi
fi
}
do_rsa_keygen() {
if [ ! -s $RSA_KEY ]; then
echo "Generating SSH2 RSA host key... "
if $KEYGEN -q -t rsa -f $RSA_KEY -C '' -N '' >&/dev/null; then
chmod 600 $RSA_KEY
chmod 644 $RSA_KEY.pub
echo "done"
echo
else
echo "failed"
echo
exit 1
fi
fi
}
do_dsa_keygen() {
if [ ! -s $DSA_KEY ]; then
echo "Generating SSH2 DSA host key... "
if $KEYGEN -q -t dsa -f $DSA_KEY -C '' -N '' >&/dev/null; then
chmod 600 $DSA_KEY
chmod 644 $DSA_KEY.pub
echo "done"
echo
else
echo "failed"
echo
exit 1
fi
fi
}
do_ecdsa_keygen() {
if [ ! -s $ECDSA_KEY ]; then
echo "Generating SSH2 EC DSA host key... "
if $KEYGEN -q -t dsa -f $ECDSA_KEY -C '' -N '' >&/dev/null; then
chmod 600 $ECDSA_KEY
chmod 644 $ECDSA_KEY.pub
echo "done"
echo
else
echo "failed"
echo
exit 1
fi
fi
}
do_rsa1_keygen
do_rsa_keygen
do_dsa_keygen
do_ecdsa_keygen
%_post_service sshd
%preun server
%_preun_service sshd
%postun server
%_postun_userdel sshd
%if %{build_x11askpass}
%post askpass
update-alternatives --install %{_libdir}/ssh/ssh-askpass ssh-askpass %{_libdir}/ssh/x11-ssh-askpass 10
update-alternatives --install %{_bindir}/ssh-askpass bssh-askpass %{_libdir}/ssh/x11-ssh-askpass 10
%postun askpass
[ $1 = 0 ] || exit 0
update-alternatives --remove ssh-askpass %{_libdir}/ssh/x11-ssh-askpass
update-alternatives --remove bssh-askpass %{_libdir}/ssh/x11-ssh-askpass
%endif
%if %{build_gnomeaskpass}
%post askpass-gnome
update-alternatives --install %{_libdir}/ssh/ssh-askpass ssh-askpass %{_libdir}/ssh/gnome-ssh-askpass 20
update-alternatives --install %{_bindir}/ssh-askpass bssh-askpass %{_libdir}/ssh/gnome-ssh-askpass 20
%postun askpass-gnome
[ $1 = 0 ] || exit 0
update-alternatives --remove ssh-askpass %{_libdir}/ssh/gnome-ssh-askpass
update-alternatives --remove bssh-askpass %{_libdir}/ssh/gnome-ssh-askpass
%endif
%triggerpostun server -- openssh-server < 3.8p1
if grep -qE "^\W*auth\W+\w+\W+.*pam_(ldap|winbind|mysql)" /etc/pam.d/system-auth /etc/pam.d/sshd; then
perl -pi -e 's|^#UsePAM no|UsePAM yes|' /etc/ssh/sshd_config
fi
%files
%doc ChangeLog OVERVIEW README* INSTALL CREDITS LICENCE TODO ssh_ldap_key.pl
%if %{build_ldap}
%doc *.schema
%endif
%if %{build_watchdog}
%doc CHANGES-openssh-watchdog openssh-watchdog.html
%endif
%if %{build_sftpcontrol}
%doc README.sftpfilecontrol
%endif
%{_bindir}/ssh-keygen
%dir %{_sysconfdir}/ssh
%{_bindir}/ssh-keyscan
%attr(4711,root,root) %{_libdir}/ssh/ssh-keysign
%{_libdir}/ssh/ssh-pkcs11-helper
%{_mandir}/man1/ssh-keygen.1*
%{_mandir}/man1/ssh-keyscan.1*
%{_mandir}/man8/ssh-keysign.8*
%{_mandir}/man8/ssh-pkcs11-helper.8*
%files clients
%{_bindir}/scp
%{_bindir}/ssh
%{_bindir}/ssh-agent
%{_bindir}/ssh-add
%{_bindir}/ssh-copy-id
%{_bindir}/slogin
%{_bindir}/sftp
%{_mandir}/man1/scp.1*
%{_mandir}/man1/ssh-copy-id.1*
%{_mandir}/man1/slogin.1*
%{_mandir}/man1/ssh.1*
%{_mandir}/man1/ssh-agent.1*
%{_mandir}/man1/ssh-add.1*
%{_mandir}/man1/sftp.1*
%{_mandir}/man5/ssh_config.5*
%config(noreplace) %{_sysconfdir}/ssh/ssh_config
%{_sysconfdir}/profile.d/90ssh-client.sh
%files server
%config(noreplace) %{_sysconfdir}/sysconfig/sshd
%{_sbindir}/sshd
%{_sbindir}/sshd-keygen
%dir %{_libdir}/ssh
%{_libdir}/ssh/sftp-server
%{_mandir}/man5/sshd_config.5*
%{_mandir}/man5/moduli.5*
%{_mandir}/man8/sshd.8*
%{_mandir}/man8/sftp-server.8*
%attr(0600,root,root) %config(noreplace) %{_sysconfdir}/ssh/sshd_config
%attr(0600,root,root) %config(noreplace) %{_sysconfdir}/ssh/denyusers
%attr(0600,root,root) %config(noreplace) %{_sysconfdir}/pam.d/sshd
%config(noreplace) %_sysconfdir/xinetd.d/sshd-xinetd
%config(noreplace) %{_sysconfdir}/avahi/services/%{name}.service
%config(noreplace) %{_sysconfdir}/ssh/moduli
%{_unitdir}/sshd.service
%dir /var/empty
%files askpass-common
%{_sysconfdir}/profile.d/90ssh-askpass.*
%if %{build_x11askpass}
%files askpass
%doc x11-ssh-askpass-%{aversion}/README
%doc x11-ssh-askpass-%{aversion}/ChangeLog
%doc x11-ssh-askpass-%{aversion}/SshAskpass*.ad
%doc x11-ssh-askpass-%{aversion}/x11-ssh-askpass.1.html
%{_libdir}/ssh/x11-ssh-askpass
%{_sysconfdir}/X11/app-defaults/SshAskpass
%{_mandir}/man1/x11-ssh-askpass.1*
%endif
%if %{build_gnomeaskpass}
%files askpass-gnome
%{_libdir}/ssh/gnome-ssh-askpass
%endif
%if %{build_ldap}
%files ldap
%doc HOWTO.ldap-keys openssh-lpk-openldap.schema openssh-lpk-sun.schema
%config %{_sysconfdir}/ssh/ldap.conf
%{_libdir}/ssh/ssh-ldap-helper
%{_libdir}/ssh/ssh-ldap-wrapper
%{_mandir}/man8/ssh-ldap-helper.8*
%{_mandir}/man5/ssh-ldap.conf.5*
%endif
%changelog
* Thu Dec 28 2017 luigiwalser <luigiwalser> 6.6p1-5.10.mga5
+ Revision: 1186023
- CVE-2016-8858 does not affect this version, remove patch
- rediff patch from redhat to fix CVE-2016-10012
- rediff patch from opensuse to fix CVE-2016-8858
- rediff patch from fedora to fix CVE-2017-15906
- use fedora patch that also includes fix for CVE-2016-6210 and related issue
- add upstream patch to fix CVE-2016-6515
- add patch from fedora to fix CVE-2015-8325
- start sshd.service after network-online.target (so it works with ListenAddress)
- add upstream patch to disable roaming (fixes CVE-2016-0777)
- disable scp progressmeter patch for now, as it breaks the build
- add patch from fedora with security fixes from upstream OpenSSH 7.0 release
- add patch from fedora to handle control chars in scp progressmeter (rhbz#1247204)
- add upstream patch to fix CVE-2015-5600
- rediff upstream patch to fix CVE-2015-5352
+ guillomovitch <guillomovitch>
- fix CVE 2016-3115
+ neoclust <neoclust>
- Fix wrapper path
* Wed Oct 15 2014 umeabot <umeabot> 6.6p1-5.mga5
+ Revision: 747165
- Second Mageia 5 Mass Rebuild
* Tue Sep 16 2014 umeabot <umeabot> 6.6p1-4.mga5
+ Revision: 683245
- Mageia 5 Mass Rebuild
* Mon Aug 11 2014 wally <wally> 6.6p1-3.mga5
+ Revision: 661694
- when creating sshd system user use /sbin/nologin as login shell instead of /bin/true (every other system user we have uses /sbin/nologin or /bin/false, but not /bin/true)
* Wed Apr 09 2014 luigiwalser <luigiwalser> 6.6p1-2.mga5
+ Revision: 613037
- add patch from debian to fix CVE-2014-2653
* Fri Mar 21 2014 guillomovitch <guillomovitch> 6.6p1-1.mga5
+ Revision: 606391
- new version 6.6p1
* Tue Feb 04 2014 guillomovitch <guillomovitch> 6.5p1-1.mga5
+ Revision: 582109
- new version 6.5p1
* Fri Nov 08 2013 oden <oden> 6.2p2-3.mga4
+ Revision: 549918
- P22: upstream security fix (http://www.openssh.com/txt/gcmrekey.adv)
* Sat Oct 19 2013 umeabot <umeabot> 6.2p2-2.mga4
+ Revision: 528319
- Mageia 4 Mass Rebuild
+ oden <oden>
- ldap support was enabled
- add the ecdsa key as well
- fix the sourcing, so it actually works
- fix #7665, requires more fedora integration than that
* Mon Jun 17 2013 guillomovitch <guillomovitch> 6.2p2-1.mga4
+ Revision: 444184
- update ldap patch
- drop max-startups patch, merged upstream
- sync systemd unit files with fedora
* Wed Feb 13 2013 luigiwalser <luigiwalser> 6.1p1-4.mga3
+ Revision: 398234
- add patch from fedora to fix CVE-2010-5107
* Sun Jan 13 2013 umeabot <umeabot> 6.1p1-3.mga3
+ Revision: 362153
- Mass Rebuild - https://wiki.mageia.org/en/Feature:Mageia3MassRebuild
* Tue Jan 01 2013 lmenut <lmenut> 6.1p1-2.mga3
+ Revision: 337413
- fix default paths after UsrMove
remove /bin and /sbin
* Wed Sep 05 2012 guillomovitch <guillomovitch> 6.1p1-1.mga3
+ Revision: 288573
- replace LPK patch with Redhat ldap patch
- build ldap support by default
- new version
- merge usepam patche with configuration patch, using a better explanation in
configuration file, but dropping specific message in logs
* Mon Aug 13 2012 luigiwalser <luigiwalser> 6.0p1-2.mga3
+ Revision: 281119
- do not disable root login redundantly through PAM in /etc/ssh/denyusers
* Thu Jun 07 2012 guillomovitch <guillomovitch> 6.0p1-1.mga3
+ Revision: 256806
- sync systemd support with fedora
- drop sysinit support
- new version
* Sat Apr 28 2012 tmb <tmb> 5.9p1-5.mga2
+ Revision: 233826
- Require rpm-helper >= 0.24.8-1 for systemd support
* Tue Apr 17 2012 guillomovitch <guillomovitch> 5.9p1-4.mga2
+ Revision: 231185
- don't install keygen service (redhat bug #810419)
* Sun Apr 01 2012 colin <colin> 5.9p1-3.mga2
+ Revision: 227677
- Add missing key generator
* Sun Apr 01 2012 colin <colin> 5.9p1-2.mga2
+ Revision: 227672
- Enable UsePAM by default (needed to prevent killing all SSH connections on service restart mga#5137)
- Fix systemd units to ensure sshd-keygen is run.
- Remove options from default sysconfig file that are not used.
* Sat Oct 08 2011 guillomovitch <guillomovitch> 5.9p1-1.mga2
+ Revision: 152967
- native systemd support
- spec cleanup
+ pterjan <pterjan>
- Update to 5.9
- Drop old Obsoletes
* Thu May 05 2011 saispo <saispo> 5.8p1-2.mga1
+ Revision: 95041
- Bump Release
- Fix bug #1151
* Wed Apr 20 2011 pterjan <pterjan> 5.8p1-1.mga1
+ Revision: 89124
- Update to 5.8p1
* Sat Jan 15 2011 blino <blino> 5.6p1-4.mga1
+ Revision: 18289
- fix vendor in makefile hack
* Sat Jan 15 2011 blino <blino> 5.6p1-3.mga1
+ Revision: 18288
- rename conf patch
- remove old README upgrade files
- remove old version checks and files
+ kharec <kharec>
- imported package openssh
* Tue Dec 07 2010 Oden Eriksson <oeriksson@mandriva.com> 5.6p1-2mdv2011.0
+ Revision: 613606
- provide a useful debug package
* Tue Aug 24 2010 Funda Wang <fwang@mandriva.org> 5.6p1-1mdv2011.0
+ Revision: 572678
- New version 5.6p1
- use our own build flags
* Mon Jun 07 2010 Eugeni Dodonov <eugeni@mandriva.com> 5.5p1-2mdv2010.1
+ Revision: 547228
- Do not display bogus FAILED messages when stopping service (#58283).
* Fri Apr 16 2010 Eugeni Dodonov <eugeni@mandriva.com> 5.5p1-1mdv2010.1
+ Revision: 535499
- Updated to 5.5p1.
* Mon Apr 05 2010 Funda Wang <fwang@mandriva.org> 5.4p1-3mdv2010.1
+ Revision: 531711
- rebuild for new openssl
* Mon Mar 08 2010 Oden Eriksson <oeriksson@mandriva.com> 5.4p1-2mdv2010.1
+ Revision: 515815
- whoops!, the ldap patch wasn't supposed to be applied per default
- 5.4p1
- dropped upstream added patches
- rediffed two patches
- adjust the spec file for 5.4p1
* Tue Mar 02 2010 Olivier Blin <oblin@mandriva.com> 5.3p1-6mdv2010.1
+ Revision: 513571
- kill sshd clients at shutdown (#57782)
* Fri Feb 26 2010 Oden Eriksson <oeriksson@mandriva.com> 5.3p1-5mdv2010.1
+ Revision: 511605
- rebuilt against openssl-0.9.8m
* Fri Jan 15 2010 Oden Eriksson <oeriksson@mandriva.com> 5.3p1-4mdv2010.1
+ Revision: 491719
- fix #55951 (the openssh-server package needs openssl and makedev in Requires(post))
+ Jérôme Quelin <jquelin@mandriva.org>
- reverting to bash, till all functions get fixed
- remove bashisms, switch to dash
+ Olivier Blin <oblin@mandriva.com>
- require makedev in post (random/entropy devices are needed by openssl)
* Wed Oct 07 2009 Oden Eriksson <oeriksson@mandriva.com> 5.3p1-2mdv2010.0
+ Revision: 455652
- rediffed most of the third party patches
* Thu Oct 01 2009 Oden Eriksson <oeriksson@mandriva.com> 5.3p1-1mdv2010.0
+ Revision: 452225
- 5.3p1
+ Olivier Blin <oblin@mandriva.com>
- fix build on mips (from Arnaud Patard)
* Thu Sep 03 2009 Christophe Fergeau <cfergeau@mandriva.com> 5.2p1-2mdv2010.0
+ Revision: 426348
- rebuild
* Mon Feb 23 2009 Oden Eriksson <oeriksson@mandriva.com> 5.2p1-1mdv2009.1
+ Revision: 344077
- 5.2p1
- rediffed P1
- dropped one upstream patch (P21)
* Tue Feb 03 2009 Guillaume Rousse <guillomovitch@mandriva.org> 5.1p1-6mdv2009.1
+ Revision: 337115
- keep bash completion in its own package
* Fri Jan 09 2009 Guillaume Rousse <guillomovitch@mandriva.org> 5.1p1-5mdv2009.1
+ Revision: 327518
- bash completion, splitted from main file in upstream project
* Tue Dec 16 2008 Oden Eriksson <oeriksson@mandriva.com> 5.1p1-4mdv2009.1
+ Revision: 314936
- rebuild
* Thu Oct 16 2008 Oden Eriksson <oeriksson@mandriva.com> 5.1p1-3mdv2009.1
+ Revision: 294182
- rebuild
* Mon Sep 29 2008 Oden Eriksson <oeriksson@mandriva.com> 5.1p1-2mdv2009.0
+ Revision: 289727
- rebuild
- fix #43747 (transfering locales with ssh creates problems)
* Tue Aug 05 2008 Oden Eriksson <oeriksson@mandriva.com> 5.1p1-1mdv2009.0
+ Revision: 263950
- hpn13v5
- sync with openssh-5.1p1-2.fc10.src.rpm
* Mon Jul 28 2008 Oden Eriksson <oeriksson@mandriva.com> 5.1p1-0.1mdv2009.0
+ Revision: 251404
- 5.1p1
- rediffed P1,P21
- disabled P22 for now
- 3rd party patches needs to be fixed
* Thu Jul 17 2008 Oden Eriksson <oeriksson@mandriva.com> 5.0p1-5mdv2009.0
+ Revision: 236780
- rebuilt x11-ssh-askpass with LDFLAGS="-Wl,--as-needed"
- rebuild
- added P21, P22 from openssh-5.0p1-1.fc9 - fix race on control
master and cleanup stale control socket (#436311) patches by
David Woodhouse
- added P20 from openssh-5.0p1-1.fc9 - set FD_CLOEXEC on client socket
- added P19 from openssh-5.0p1-1.fc9 - don't deadlock on exit with
multiple X forwarded channels (rh #152432)
- added 3 patches for gnome-ssh-askpass from openssh-5.0p1-1.fc9
- make it possible to build without libedit support (rpmbuild --rebuild --without libedit ...)
- added audit support from openssh-5.0p1-1.fc9 (disabled for now, though it works)
- sync with fc9 (SendEnv AcceptEnv)
* Wed Apr 23 2008 Götz Waschk <waschk@mandriva.org> 5.0p1-3mdv2009.0
+ Revision: 196921
- fix gssapi with DNS loadbalanced clusters
* Tue Apr 15 2008 Tomasz Pawel Gajc <tpg@mandriva.org> 5.0p1-2mdv2009.0
+ Revision: 194354
- update HPN SSH/SCP patches against latest openssh version
* Wed Apr 09 2008 Oden Eriksson <oeriksson@mandriva.com> 5.0p1-1mdv2009.0
+ Revision: 192500
- 5.0p1
- drop P2 (CVE-2008-1483 is fixed in 5.0p1)
- 4.9p1
- dropped the chroot patch since another approach is in 4.9p1
- dropped the ctimeout patch since it's in there
- rediffed all patches that are not applied per default, except for the HPN patches
* Thu Mar 27 2008 Gustavo De Nardin <gustavodn@mandriva.com> 4.7p1-9mdv2008.1
+ Revision: 190750
- security fix for CVE-2008-1483
+ Giuseppe Ghibò <ghibo@mandriva.com>
- Move 2007.1 backports ssp flags to a more effective place in the building.
* Mon Mar 17 2008 Tomasz Pawel Gajc <tpg@mandriva.org> 4.7p1-7mdv2008.1
+ Revision: 188362
- new version of HPN patch
* Wed Jan 23 2008 Thierry Vignaud <tv@mandriva.org> 4.7p1-6mdv2008.1
+ Revision: 157259
- rebuild with fixed %%serverbuild macro
* Mon Jan 14 2008 Olivier Blin <oblin@mandriva.com> 4.7p1-5mdv2008.1
+ Revision: 151175
- use ConnectTimeout option for banner exchange, to timeout on stuck servers (rediffed from CVS)
* Thu Jan 03 2008 Tomasz Pawel Gajc <tpg@mandriva.org> 4.7p1-4mdv2008.1
+ Revision: 142673
- disable hpn support by default
+ Olivier Blin <oblin@mandriva.com>
- restore BuildRoot
* Tue Jan 01 2008 Tomasz Pawel Gajc <tpg@mandriva.org> 4.7p1-3mdv2008.1
+ Revision: 140105
- add support for High Performance SSH/SCP - HPN-SSH
o add patch 11, the hpn core
o add patch 12, which displays peak throughput through the life of the connection
o add README.hpn, all info about hpn idea
+ Guillaume Rousse <guillomovitch@mandriva.org>
- no executable bit on profile scriptlets
order prefix on profile scriptlets
use herein-documents instead of additional source for profile scriptlets
+ Thierry Vignaud <tv@mandriva.org>
- kill re-definition of %%buildroot on Pixel's request
* Wed Sep 12 2007 Anssi Hannula <anssi@mandriva.org> 4.7p1-2mdv2008.0
+ Revision: 84669
- show upgrade notes only on relevant upgrades
* Wed Sep 05 2007 Oden Eriksson <oeriksson@mandriva.com> 4.7p1-1mdv2008.0
+ Revision: 80390
- 4.7p1
- rediffed P1,S8
- dropped upstream chan_read_failed patch (P2)
- fixed build deps (edit-devel)
+ Giuseppe Ghibò <ghibo@mandriva.com>
- Add conditional flags for 2007.1 and CD4.
+ Thierry Vignaud <tv@mandriva.org>
- kill file require on update-alternatives
* Fri Aug 03 2007 Andreas Hasenack <andreas@mandriva.com> 4.6p1-8mdv2008.0
+ Revision: 58559
- updated lpk patch (still not applied by default)
* Mon Jul 02 2007 Andreas Hasenack <andreas@mandriva.com> 4.6p1-7mdv2008.0
+ Revision: 47243
- updated sftplogging patch, which is now called sftpfilecontrol
- added README file for it with the license
* Wed Jun 27 2007 Andreas Hasenack <andreas@mandriva.com> 4.6p1-6mdv2008.0
+ Revision: 45218
- added patch from openssh's bugzilla to fix the chan_read_failed error
messages in logs (#31664)
* Thu Jun 21 2007 Andreas Hasenack <andreas@mandriva.com> 4.6p1-5mdv2008.0
+ Revision: 42382
- rebuild
* Wed Jun 20 2007 Andreas Hasenack <andreas@mandriva.com> 4.6p1-4mdv2008.0
+ Revision: 41658
- don't use %%{optflags} macro when using %%serverbuild
- don't use -fstack-protector explicitly, as it is now defined by
the %%serverbuild macro
- move lpk doc to main base package
- remove empty README.lpk.lpk file, caused by patch backup
- install lpk schema files as %%doc if using ldap patch
- updated lpk patch and its url
* Wed Apr 18 2007 Oden Eriksson <oeriksson@mandriva.com> 4.6p1-3mdv2008.0
+ Revision: 14713
- use conditionals for the -fstack-protector gcc clags
* Sat Apr 07 2007 David Walluck <walluck@mandriva.org> 4.6p1-2mdv2007.1
+ Revision: 151271
- enable libedit support for sftp
* Sun Mar 11 2007 Oden Eriksson <oeriksson@mandriva.com> 4.6p1-1mdv2007.1
+ Revision: 141301
- 4.6p1
- new openssh-4.4p1.sftplogging-v1.5.patch (S8)
- rediffed the openssh-lpk-4.3p1-0.3.7.patch patch (P6)
- fixed deps
+ Andreas Hasenack <andreas@mandriva.com>
- enabled gcc's stack-protector, let's try it
* Sat Jan 20 2007 Olivier Blin <oblin@mandriva.com> 4.5p1-3mdv2007.1
+ Revision: 111120
- use Should-Start/Should-Stop tags for remote_fs system facility in sshd service (#25757)
* Fri Nov 10 2006 Andreas Hasenack <andreas@mandriva.com> 4.5p1-2mdv2007.1
+ Revision: 80618
- rebuild with new openssl
- get rid of svn comment, not needed anymore
* Tue Nov 07 2006 Andreas Hasenack <andreas@mandriva.com> 4.5p1-1mdv2007.0
+ Revision: 77765
- updated to version 4.5p1
- updated to version 4.4p1, fixing CVE-2006-4924,
CVE-2006-4925 and CVE-2006-5051 (#26249)
+ Oden Eriksson <oeriksson@mandriva.com>
- don't use bugus config in the lpk patch, it prevents the sshd server from starting...
- it really links against the shared skey libs, so nuke one build dep
- kerberos was not found on my cs4 box, using "--with-kerberos5=%%{_prefix}" fixed it (!?)
- pass "-DLDAP_DEPRECATED" to the CPPFLAGS if building with ldap support
* Thu Aug 03 2006 Andreas Hasenack <andreas@mandriva.com> 4.3p2-12mdv2007.0
+ Revision: 42979
- bunzipped remaining source files
- updated sftploggin patch (still not applied by default)
- fixed pam configuration file for recent pam (#22008)
- removed requirement for xauth (#23086)
- removed workaround for #22736
- added versioned buildrequires for x11-util-cf-files in order
to fix #22736. Rebuild.
- added other missing buildrequires due to xorg xplit
- re-generate ssh-askpass html doc page again during build
* Mon Jul 31 2006 Helio Chissini de Castro <helio@mandriva.com> 4.3p2-11mdv2007.0
+ Revision: 42821
- Fixed file list
- Wrong.. askpass env should come *before* keyring
- Fixed source list
- Added ordering for askpass script. Same change will be added on keychain
script
+ Andreas Hasenack <andreas@mandriva.com>
- add svn warning
- import openssh-4.3p2-10mdv2007.0
* Fri Jul 28 2006 Helio Chissini de Castro <helio@mandriva.com> 4.3p2-10mdv2007.0
- Created script package askpass-common to enable just one file on profile.d and rely on
correct alternatives, with recent introduction of qt version of ssh-askpass ( separated
package ).
- Nuke the old invalid buildrequires dependency for db1
* Tue Jul 04 2006 Per Øyvind Karlsen <pkarlsen@mandriva.com> 4.3p2-9mdv2007.0
- fix buildrequires
- fix macro-in-%%changelog
* Thu Jun 08 2006 Oden Eriksson <oeriksson@mandriva.com> 4.3p2-8mdv2007.0
- fix #22957 (P1 + spec file hack)
- make it backportable for older X
- fix deps
* Mon May 29 2006 Oden Eriksson <oeriksson@mandriva.com> 4.3p2-7mdv2007.0
- fix #22736 with a temporary hack
* Mon Mar 06 2006 Buchan Milne <bgmilne@mandriva.org> 4.3p2-5mdk
- update lpk patch to 0.3.7
* Sun Feb 19 2006 Michael Scherer <misc@mandriva.org> 4.3p2-4mdk
- fix avahi config file naming
* Mon Feb 13 2006 Oden Eriksson <oeriksson@mandriva.com> 4.3p2-3mdk
- make it backportable for older pam (S16)
* Sun Feb 12 2006 Oden Eriksson <oeriksson@mandriva.com> 4.3p2-2mdk
- use "include" directive instead of the deprecated pam_stack.so
module and provide our own pam configuration file (S16)
- removed patches that touches the initscript, provide our own
initscript and remove deprecated calls to "initlog" from there (S17)
- fix attribs on the doc files
* Sun Feb 12 2006 Oden Eriksson <oeriksson@mandriva.com> 4.3p2-1mdk
- 4.3p2 (Minor bugfixes)
* Fri Feb 10 2006 Michael Scherer <misc@mandriva.org> 4.3p1-3mdk
- add a avahi service file for ssh and sftp
* Fri Feb 10 2006 Oden Eriksson <oeriksson@mandriva.com> 4.3p1-2mdk
- fix deps
- added P12 to make it possible to use a different sshd binary by using
the /etc/sysconfig/sshd file. also add that file (David Walluck)
* Wed Feb 01 2006 Oden Eriksson <oeriksson@mandriva.com> 4.3p1-1mdk
- 4.3p1 (fixes CVE-2006-0225)
- spec file "massage"
- rediff P1
* Mon Jan 09 2006 Olivier Blin <oblin@mandriva.com> 4.2p1-13mdk
- fix typo in initscript
* Mon Jan 09 2006 Olivier Blin <oblin@mandriva.com> 4.2p1-12mdk
- convert parallel init to LSB
* Mon Jan 02 2006 Oden Eriksson <oeriksson@mandriva.com> 4.2p1-11mdk
- rebuilt due a missing package
* Sun Jan 01 2006 Couriousous <couriousous@mandriva.org> 4.2p1-10mdk
- Add parallel init stuff
* Wed Dec 28 2005 Christiaan Welvaart <cjw@daneel.dyndns.org> 4.2p1-9mdk
- re-add BuildRequires: xorg-x11 (was removed in previous update)
* Mon Dec 05 2005 Andreas Hasenack <andreas@mandriva.com> 4.2p1-8mdk
- fixed X11 buildrequires (used the x11askpass is built)
* Sun Dec 04 2005 Andreas Hasenack <andreas@mandriva.com> 4.2p1-7mdk
- fixed smart card build (but it's still disabled by default)
* Sun Nov 13 2005 Oden Eriksson <oeriksson@mandriva.com> 4.2p1-6mdk
- rebuilt against openssl-0.9.8a
* Thu Nov 10 2005 Olivier Blin <oblin@mandriva.com> 4.2p1-5mdk
- fix gnome-ssh-askpass.sh generation
* Sun Nov 06 2005 Oden Eriksson <oeriksson@mandriva.com> 4.2p1-4mdk
- update S8 (openssh-4.2p1.sftplogging-v1.4.patch)
- update S10 (openssh-4.0p1-watchdog.patch)
- update P10
* Sun Nov 06 2005 Guillaume Rousse <guillomovitch@mandriva.org> 4.2p1-3mdk
- use here-in document for generating profile scripts, so as to get correct installation location
* Thu Oct 13 2005 Oden Eriksson <oeriksson@mandriva.com> 4.2p1-2mdk
- rebuilt against openssl-0.9.7h
* Tue Sep 06 2005 Oden Eriksson <oeriksson@mandriva.com> 4.2p1-1mdk
- 4.2p1 (Minor security fixes)
* Fri Aug 19 2005 Oden Eriksson <oeriksson@mandriva.com> 4.1p1-9mdk
- make the --with[out] stuff work (Andrzej Kukula)
* Wed Aug 17 2005 Leonardo Chiquitto Filho <chiquitto@mandriva.com> 4.1p1-8mdk
- add a conflict on openssh-clients with versions prior to 6mdk because
of the scp change
- fix typo in description
* Wed Aug 17 2005 Oden Eriksson <oeriksson@mandriva.com> 4.1p1-7mdk
- fix #17491
* Sun Jul 31 2005 Oden Eriksson <oeriksson@mandriva.com> 4.1p1-6mdk
- fix the "executable-marked-as-config-file" errors
* Sun Jul 31 2005 Oden Eriksson <oeriksson@mandriva.com> 4.1p1-5mdk
- updated the ldap public key patch (P6) to v0.3.6
* Wed Jul 06 2005 Stew Benedict <sbenedict@mandriva.com> 4.1p1-4mdk
- openssh-server provides sshd (Zero_Dogg, cooker IRC)
openssh-client provides ssh
* Wed Jun 15 2005 Stew Benedict <sbenedict@mandriva.com> 4.1p1-3mdk
- --without-zlib-version-check (Oden, for backports)
* Sat Jun 11 2005 Buchan Milne <bgmilne@linux-mandrake.com> 4.1p1-2mdk
- Rebuild
* Wed Jun 01 2005 Stew Benedict <sbenedict@mandriva.com> 4.1p1-1mdk
- 4.1p1
- fix ssh-client.sh (#16180, Claudio)
- construct the x11-ssh-askpass.1.html file manually as it
sometimes seems to fail (Oden)
* Thu May 05 2005 Stew Benedict <sbenedict@mandriva.com> 4.0p1-2mdk
- rebuild, upload bot lost openssh-askpass somewhere
* Tue May 03 2005 Stew Benedict <sbenedict@mandrakesoft.com> 4.0p1-1mdk
- 4.0p1, redo P1, remove P9 (merged upstream)
- new S8 (sftplogging), new P10 (chroot, upstream patch malformed? - fix)
- new P6, drop P7, reverse a bit of P1 so P6 can apply unchanged (ldap)
* Mon Apr 25 2005 Oden Eriksson <oeriksson@mandriva.com> 3.9p1-10mdk
- rebuilt against latests openssl
* Tue Mar 22 2005 Stew Benedict <sbenedict@mandrakesoft.com> 3.9p1-9mdk
- README.chroot (Bruno Cornec)
* Mon Mar 21 2005 Stew Benedict <sbenedict@mandrakesoft.com> 3.9p1-8mdk
- optional chroot build (http://chrootssh.sourceforge.net, Bruno Cornec)
- spec massages - Oden
- use fuzz 3 with sftplogging patch if ldap is used
* Fri Mar 04 2005 Stew Benedict <sbenedict@mandrakesoft.com> 3.9p1-7mdk
- enable krb5, GSSAPI - (Bugzilla 14222)
- fix "need to reset console after ctrl-c" (Bugzilla 14153, P9)
- script-without-shellbang (Source 4,5,6)
* Mon Jan 03 2005 Stew Benedict <sbenedict@mandrakesoft.com> 3.9p1-6mdk
- drop reference to renamed README.mdk in description (Dick Gevers)
* Fri Dec 31 2004 Christiaan Welvaart <cjw@daneel.dyndns.org> 3.9p1-5mdk
- add BuildRequires: XFree86 (for rman)
* Mon Dec 27 2004 Stew Benedict <sbenedict@mandrakesoft.com> 3.9p1-4mdk
- optional sftplogging build (http://sftplogging.sourceforge.net, Josh Sehn)
* Tue Sep 14 2004 Stew Benedict <sbenedict@mandrakesoft.com> 3.9p1-3mdk
- accept only protocol 2 as default for sshd (redo patch1, #11413)
- rename Source11, add note about protocol change
* Fri Sep 10 2004 Stew Benedict <sbenedict@mandrakesoft.com> 3.9p1-2mdk
- rediff ldap patch (Buchan Milne)
- add sample ssh_ldap_key.pl (Buchan Milne)
* Fri Aug 20 2004 Stew Benedict <sbenedict@mandrakesoft.com> 3.9p1-1mdk
- 3.9p1, rework patch1
* Fri Jul 30 2004 Stew Benedict <sbenedict@mandrakesoft.com> 3.8.1p1-3mdk
- move app-defaults file to correct dir (Peggy KUTYLA)
* Thu Jun 17 2004 Stew Benedict <sbenedict@mandrakesoft.com> 3.8.1p1-2mdk
- definitive fix for ldap support (patch7, Tibor Pittich)
* Sat Jun 12 2004 Stew Benedict <sbenedict@mandrakesoft.com> 3.8.1p1-1mdk
- 3.8.1p1, rework patch1 (config)
- mod to patch6 from Buchan (ldap)
- trigger doesn't need epoch now (was running on rpm -e)
* Fri Jun 11 2004 Stew Benedict <sbenedict@mandrakesoft.com> 3.8p1-4mdk
- add README.mdk to docs to explain differences from <= 3.6.1p2
- add trigger to try and catch alternative auth methods on upgrade,
re-enabling PAM if in use (Bugzilla #9800, thx Buchan)
- add optional (--with ldap) support for authenticating to public keys
stored in ldap (Buchan Milne)
* Tue Jun 08 2004 Stew Benedict <sbenedict@mandrakesoft.com> 3.8p1-3mdk
- add "ForwardX11Trusted yes" to ssh_config so X11 forwarding works
(patch1, Bugzilla #9719)
* Tue May 11 2004 Stew Benedict <sbenedict@mandrakesoft.com> 3.8p1-2mdk
- modified pam stack so enabling UsePAM doesn't change
- "PermitRootLogin without-password" behavior (rework patch1)
- "root" in /etc/ssh/denyusers
distrib
>
Mageia
>
5
>
x86_64
>
media
>
core-updates-src
>
by-pkgid
>
8644b522f5e643afb7290dfa1bc123e4
>
files
>
28
