## Do not apply any unauthorized patches to this package!
## - vdanen 05/18/01
##
# Version of ssh-askpass
%define aversion 1.2.4.1
# Version of watchdog patch
%define wversion 3.9p1
# overrides
%define build_skey 0
%define build_krb5 1
%define build_scard 0
%define build_watchdog 0
%define build_x11askpass 1
%define build_gnomeaskpass 1
%define build_ldap 0
%define build_sftplog 0
%define build_chroot 0
%{?_with_skey: %{expand: %%global build_skey 1}}
%{?_without_skey: %{expand: %%global build_skey 0}}
%{?_with_krb5: %{expand: %%global build_krb5 1}}
%{?_without_krb5: %{expand: %%global build_krb5 0}}
%{?_with_watchdog: %{expand: %%global build_watchdog 1}}
%{?_without_watchdog: %{expand: %%global build_watchdog 0}}
%{?_with_smartcard: %{expand: %%global build_scard 1}}
%{?_without_smartcard: %{expand: %%global build_scard 0}}
%{?_with_x11askpass: %{expand: %%global build_x11askpass 1}}
%{?_without_x11askpass: %{expand: %%global build_x11askpass 0}}
%{?_with_gnomeaskpass: %{expand: %%global build_gnomeaskpass 1}}
%{?_without_gnomeaskpass: %{expand: %%global build_gnomeaskpass 0}}
%{?_with_ldap: %{expand: %%global build_ldap 1}}
%{?_without_ldap: %{expand: %%global build_ldap 0}}
%{?_with_sftplog: %{expand: %%global build_sftplog 1}}
%{?_without_sftplog: %{expand: %%global build_sftplog 0}}
%{?_with_chroot: %{expand: %%global build_chroot 1}}
%{?_without_chroot: %{expand: %%global build_chroot 0}}
Summary: OpenSSH free Secure Shell (SSH) implementation
Name: openssh
Version: 4.2p1
Release: %mkrel 1
URL: http://www.openssh.com/
Source0: ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-%{version}.tar.gz
Source1: ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-%{version}.tar.gz.asc
Source2: http://www.ntrnet.net/~jmknoble/software/x11-ssh-askpass/x11-ssh-askpass-%{aversion}.tar.bz2
# ssh-copy-id taken from debian, with "usage" added
Source3: ssh-copy-id.bz2
Source4: gnome-ssh-askpass.sh
Source5: gnome-ssh-askpass.csh
Source6: ssh-client.sh
Source7: openssh-xinetd.bz2
# (sb) sftp logging patch http://sftplogging.sourceforge.net/
Source8: openssh-4.0p1.sftplogging-v1.3.patch.bz2
# this is never to be applied by default
# http://www.sc.isc.tohoku.ac.jp/~hgot/sources/
Source10: openssh-%{wversion}-watchdog.patch.tar.bz2
Source11: README.update.urpmi
Source12: ssh_ldap_key.pl
Source13: sftplogging-installation.html
Source14: README.chroot
Patch1: openssh-4.0p1-mdkconf.patch.bz2
# authorized by Damien Miller <djm@openbsd.com>
Patch3: openssh-3.1p1-check-only-ssl-version.patch.bz2
# (flepied) don't use killproc to avoid killing running sessions in some cases
Patch5: openssh-3.6.1p1-initscript.patch.bz2
# (sb) http://www.opendarwin.org/projects/openssh-lpk/files/
# optional ldap support
Patch6: openssh-lpk-4.1p1-0.3.6.patch.bz2
# (sb) http://chrootssh.sourceforge.net
Patch10: osshChroot-4.0p1.diff.bz2
License: BSD
Group: Networking/Remote access
BuildRoot: %{_tmppath}/%{name}-%{version}-buildroot
Obsoletes: ssh
Provides: ssh
PreReq: openssl >= 0.9.7
BuildRequires: groff-for-man, openssl-devel >= 0.9.7, pam-devel, tcp_wrappers-devel, zlib-devel
BuildRequires: db1-devel
%if %{build_skey}
BuildRequires: skey-devel, skey-static-devel
%endif
%if %{build_krb5}
BuildRequires: krb5-devel
%endif
%if %{build_x11askpass}
BuildRequires: XFree86-devel, XFree86
%endif
%if %{build_gnomeaskpass}
BuildRequires: gtk+2-devel
%endif
%if %{build_ldap}
BuildRequires: openldap-devel >= 2.0
%endif
%package clients
Summary: OpenSSH Secure Shell protocol clients
Requires: %{name} = %{version}-%{release}
Group: Networking/Remote access
Obsoletes: ssh-clients, sftp, ssh
Provides: ssh-clients, sftp, ssh
# scp was moved from openssh to openssh-clients
# http://qa.mandriva.com/show_bug.cgi?id=17491
Conflicts: %{name} <= 4.1p1-6mdk
%package server
Summary: OpenSSH Secure Shell protocol server (sshd)
Requires(pre): %{name} = %{version}-%{release} chkconfig >= 0.9
Requires(pre): pam >= 0.74
Requires(pre): rpm-helper
Requires(post): rpm-helper
Requires(preun): rpm-helper
Requires(postun): rpm-helper
Requires: %{name}-clients = %{version}-%{release}
%if %{build_skey}
Requires: skey
%endif
Group: System/Servers
Obsoletes: ssh-server, sshd
Provides: ssh-server, sshd
%if %{build_x11askpass}
%package askpass
Summary: OpenSSH X11 passphrase dialog
Group: Networking/Remote access
Requires: %{name} = %{version}-%{release}
Obsoletes: ssh-extras, ssh-askpass
Provides: ssh-extras, ssh-askpass
Requires(pre): /usr/sbin/update-alternatives
%endif
%if %{build_gnomeaskpass}
%package askpass-gnome
Summary: OpenSSH GNOME passphrase dialog
Group: Networking/Remote access
Requires: %{name} = %{version}-%{release}
Obsoletes: ssh-extras
Requires(pre): /usr/sbin/update-alternatives
Provides: %{name}-askpass, ssh-askpass, ssh-extras
%endif
%description
Ssh (Secure Shell) is a program for logging into a remote machine and for
executing commands in a remote machine. It is intended to replace
rlogin and rsh, and provide secure encrypted communications between
two untrusted hosts over an insecure network. X11 connections and
arbitrary TCP/IP ports can also be forwarded over the secure channel.
OpenSSH is OpenBSD's rework of the last free version of SSH, bringing it
up to date in terms of security and features, as well as removing all
patented algorithms to separate libraries (OpenSSL).
This package includes the core files necessary for both the OpenSSH
client and server. To make this package useful, you should also
install openssh-clients, openssh-server, or both.
You can build %{name} with some conditional build swithes;
(ie. use with rpm --rebuild):
--with[out] skey smartcard support (disabled)
--with[out] krb5 kerberos support (enabled)
--with[out] watchdog watchdog support (disabled)
--with[out] x11askpass X11 ask pass support (enabled)
--with[out] gnomeaskpass Gnome ask pass support (enabled)
--with[out] ldap OpenLDAP support (disabled)
--with[out] sftplog sftp logging support (disabled)
--with[out] chroot chroot support (disabled)
%description clients
Ssh (Secure Shell) is a program for logging into a remote machine and for
executing commands in a remote machine. It is intended to replace
rlogin and rsh, and provide secure encrypted communications between
two untrusted hosts over an insecure network. X11 connections and
arbitrary TCP/IP ports can also be forwarded over the secure channel.
OpenSSH is OpenBSD's rework of the last free version of SSH, bringing it
up to date in terms of security and features, as well as removing all
patented algorithms to separate libraries (OpenSSL).
This package includes the clients necessary to make encrypted connections
to SSH servers.
%description server
Ssh (Secure Shell) is a program for logging into a remote machine and for
executing commands in a remote machine. It is intended to replace
rlogin and rsh, and provide secure encrypted communications between
two untrusted hosts over an insecure network. X11 connections and
arbitrary TCP/IP ports can also be forwarded over the secure channel.
OpenSSH is OpenBSD's rework of the last free version of SSH, bringing it
up to date in terms of security and features, as well as removing all
patented algorithms to separate libraries (OpenSSL).
This package contains the secure shell daemon. The sshd is the server
part of the secure shell protocol and allows ssh clients to connect to
your host.
%if %{build_x11askpass}
%description askpass
Ssh (Secure Shell) is a program for logging into a remote machine and for
executing commands in a remote machine. It is intended to replace
rlogin and rsh, and provide secure encrypted communications between
two untrusted hosts over an insecure network. X11 connections and
arbitrary TCP/IP ports can also be forwarded over the secure channel.
OpenSSH is OpenBSD's rework of the last free version of SSH, bringing it
up to date in terms of security and features, as well as removing all
patented algorithms to separate libraries (OpenSSL).
This package contains Jim Knoble's <jmknoble@pobox.com> X11 passphrase
dialog.
%endif
%if %{build_gnomeaskpass}
%description askpass-gnome
Ssh (Secure Shell) is a program for logging into a remote machine and for
executing commands in a remote machine. It is intended to replace
rlogin and rsh, and provide secure encrypted communications between
two untrusted hosts over an insecure network. X11 connections and
arbitrary TCP/IP ports can also be forwarded over the secure channel.
OpenSSH is OpenBSD's rework of the last free version of SSH, bringing it
up to date in terms of security and features, as well as removing all
patented algorithms to separate libraries (OpenSSL).
This package contains the GNOME passphrase dialog.
%endif
%prep
%if %{build_x11askpass}
echo "Building with x11 askpass..."
%endif
%if %{build_gnomeaskpass}
echo "Building with GNOME askpass..."
%endif
%if %{build_krb5}
echo "Building with Kerberos5 support..."
%endif
%if %{build_skey}
echo "Building with S/KEY support..."
%endif
%if %{build_scard}
echo "Building with smartcard support..."
%endif
%if %{build_watchdog}
echo "Building with watchdog support..."
%endif
%if %{build_ldap}
echo "Buiding with support for authenticating to public keys in ldap"
%endif
%if %{build_sftplog}
echo "Buiding with support for sftp logging"
%endif
%if %{build_chroot}
echo "Buiding with support for ssh chroot"
%endif
%setup -q -a2 -a10
%patch1 -p1 -b .mdkconf
%patch3 -p1 -b .ssl_ver
%if %{build_watchdog}
patch -p0 -s -z .wdog < %{name}-%{wversion}-watchdog.patch
%endif
%patch5 -p1 -b .initscript
%if %{build_ldap}
sed -i 's|UsePrivilegeSeparation yes|#UsePrivilegeSeparation yes|' sshd_config
%patch6 -p1 -b .lpk
%define fuzz 3
%else
%define fuzz 2
%endif
%if %{build_sftplog}
bzcat %{SOURCE8} | patch -p1 -F %{fuzz} -s -z .sftplog
install %{SOURCE13} .
%endif
%if %{build_chroot}
%patch10 -p1 -b .chroot
%endif
install %{SOURCE11} %{SOURCE12} %{SOURCE14} .
%build
%serverbuild
CFLAGS="$RPM_OPT_FLAGS" ./configure \
--prefix=%{_prefix} \
--sysconfdir=%{_sysconfdir}/ssh \
--mandir=%{_mandir} \
--libdir=%{_libdir} \
--libexecdir=%{_libdir}/ssh \
--datadir=%{_datadir}/ssh \
--with-tcp-wrappers \
--with-pam \
--with-default-path=/usr/local/bin:/bin:/usr/bin:/usr/X11R6/bin \
--with-xauth=/usr/X11R6/bin/xauth \
--with-privsep-path=/var/empty \
--without-zlib-version-check \
%if %{build_krb5}
--with-kerberos5 \
%endif
%if %{build_skey}
--with-skey \
%endif
%if %{build_scard}
--with-smartcard \
%endif
%if %{build_ldap}
--with-libs="-lldap -llber" \
--with-cppflags="-DWITH_LDAP_PUBKEY" \
%endif
--with-superuser-path=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
make
%if %{build_x11askpass}
pushd x11-ssh-askpass-%{aversion}
CFLAGS="$RPM_OPT_FLAGS" ./configure \
--prefix=%{_prefix} --libdir=%{_libdir} \
--mandir=%{_mandir} --libexecdir=%{_libdir}/ssh \
--with-app-defaults-dir=%{_sysconfdir}/X11/app-defaults
xmkmf -a
make
# For some reason the x11-ssh-askpass.1.html file is not created on 10.0/10.1
# x86_64, so we just do it manually here... (oden)
rm -f x11-ssh-askpass.1x.html x11-ssh-askpass.1x-html
rman -f HTML < x11-ssh-askpass._man > x11-ssh-askpass.1x-html && \
mv -f x11-ssh-askpass.1x-html x11-ssh-askpass.1.html
popd
%endif
%if %{build_gnomeaskpass}
pushd contrib
make gnome-ssh-askpass2
mv gnome-ssh-askpass2 gnome-ssh-askpass
popd
%endif
%install
rm -rf $RPM_BUILD_ROOT
make install DESTDIR=$RPM_BUILD_ROOT/
install -d $RPM_BUILD_ROOT%{_sysconfdir}/ssh
install -d $RPM_BUILD_ROOT%{_sysconfdir}/pam.d/
install -d $RPM_BUILD_ROOT%{_initrddir}
install -m644 contrib/redhat/sshd.pam $RPM_BUILD_ROOT%{_sysconfdir}/pam.d/sshd
install -m755 contrib/redhat/sshd.init $RPM_BUILD_ROOT%{_initrddir}/sshd
if [[ -f sshd_config.out ]]; then
install -m600 sshd_config.out $RPM_BUILD_ROOT%{_sysconfdir}/ssh/sshd_config
else
install -m600 sshd_config $RPM_BUILD_ROOT%{_sysconfdir}/ssh/sshd_config
fi
echo "root" > $RPM_BUILD_ROOT%{_sysconfdir}/ssh/denyusers
if [[ -f ssh_config.out ]]; then
install -m644 ssh_config.out $RPM_BUILD_ROOT%{_sysconfdir}/ssh/ssh_config
else
install -m644 ssh_config $RPM_BUILD_ROOT%{_sysconfdir}/ssh/ssh_config
fi
echo " StrictHostKeyChecking no" >> $RPM_BUILD_ROOT%{_sysconfdir}/ssh/ssh_config
mkdir -p $RPM_BUILD_ROOT%{_libdir}/ssh
%if %{build_x11askpass}
pushd x11-ssh-askpass-%{aversion}
make DESTDIR=$RPM_BUILD_ROOT install
make DESTDIR=$RPM_BUILD_ROOT install.man
install -d $RPM_BUILD_ROOT%{_prefix}/X11R6/lib/X11/doc/html
install -m0644 x11-ssh-askpass.1.html $RPM_BUILD_ROOT%{_prefix}/X11R6/lib/X11/doc/html/
popd
# fix x11-ssh-askpass manpage
(cd $RPM_BUILD_ROOT%{_mandir}/man1; mv x11-ssh-askpass.1x x11-ssh-askpass.1)
%endif
install -d $RPM_BUILD_ROOT%{_sysconfdir}/profile.d/
%if %{build_gnomeaskpass}
install -m 755 contrib/gnome-ssh-askpass $RPM_BUILD_ROOT%{_libdir}/ssh/gnome-ssh-askpass
install -m 755 %{SOURCE4} %{SOURCE5} $RPM_BUILD_ROOT%{_sysconfdir}/profile.d/
%endif
install -m 755 %{SOURCE6} $RPM_BUILD_ROOT%{_sysconfdir}/profile.d/
bzcat %{SOURCE3} > $RPM_BUILD_ROOT/%{_bindir}/ssh-copy-id
chmod a+x $RPM_BUILD_ROOT/%{_bindir}/ssh-copy-id
install -m 644 contrib/ssh-copy-id.1 $RPM_BUILD_ROOT/%{_mandir}/man1/
# create pre-authentication directory
mkdir -p %{buildroot}/var/empty
# remove unwanted files
rm -f %{buildroot}%{_libdir}/ssh/ssh-askpass
%if !%{build_scard}
rm -f %{buildroot}%{_datadir}/ssh/Ssh.bin
%endif
# xinetd support (tv)
mkdir -p $RPM_BUILD_ROOT%_sysconfdir/xinetd.d/
bzcat %SOURCE7 > $RPM_BUILD_ROOT%_sysconfdir/xinetd.d/sshd-xinetd
%clean
rm -rf $RPM_BUILD_ROOT
%pre server
%_pre_useradd sshd /var/empty /bin/true
%post server
# do some key management; taken from the initscript
KEYGEN=/usr/bin/ssh-keygen
RSA1_KEY=/etc/ssh/ssh_host_key
RSA_KEY=/etc/ssh/ssh_host_rsa_key
DSA_KEY=/etc/ssh/ssh_host_dsa_key
do_rsa1_keygen() {
if [ ! -s $RSA1_KEY ]; then
echo -n "Generating SSH1 RSA host key... "
if $KEYGEN -q -t rsa1 -f $RSA1_KEY -C '' -N '' >&/dev/null; then
chmod 600 $RSA1_KEY
chmod 644 $RSA1_KEY.pub
echo "done"
echo
else
echo "failed"
echo
exit 1
fi
fi
}
do_rsa_keygen() {
if [ ! -s $RSA_KEY ]; then
echo "Generating SSH2 RSA host key... "
if $KEYGEN -q -t rsa -f $RSA_KEY -C '' -N '' >&/dev/null; then
chmod 600 $RSA_KEY
chmod 644 $RSA_KEY.pub
echo "done"
echo
else
echo "failed"
echo
exit 1
fi
fi
}
do_dsa_keygen() {
if [ ! -s $DSA_KEY ]; then
echo "Generating SSH2 DSA host key... "
if $KEYGEN -q -t dsa -f $DSA_KEY -C '' -N '' >&/dev/null; then
chmod 600 $DSA_KEY
chmod 644 $DSA_KEY.pub
echo "done"
echo
else
echo "failed"
echo
exit 1
fi
fi
}
do_rsa1_keygen
do_rsa_keygen
do_dsa_keygen
%_post_service sshd
%preun server
%_preun_service sshd
%postun server
%_postun_userdel sshd
%if %{build_x11askpass}
%post askpass
update-alternatives --install %{_libdir}/ssh/ssh-askpass ssh-askpass %{_libdir}/ssh/x11-ssh-askpass 10
update-alternatives --install %{_bindir}/ssh-askpass bssh-askpass %{_libdir}/ssh/x11-ssh-askpass 10
%postun askpass
[ $1 = 0 ] || exit 0
update-alternatives --remove ssh-askpass %{_libdir}/ssh/x11-ssh-askpass
update-alternatives --remove bssh-askpass %{_libdir}/ssh/x11-ssh-askpass
%endif
%if %{build_gnomeaskpass}
%post askpass-gnome
update-alternatives --install %{_libdir}/ssh/ssh-askpass ssh-askpass %{_libdir}/ssh/gnome-ssh-askpass 20
update-alternatives --install %{_bindir}/ssh-askpass bssh-askpass %{_libdir}/ssh/gnome-ssh-askpass 20
%postun askpass-gnome
[ $1 = 0 ] || exit 0
update-alternatives --remove ssh-askpass %{_libdir}/ssh/gnome-ssh-askpass
update-alternatives --remove bssh-askpass %{_libdir}/ssh/gnome-ssh-askpass
%endif
%triggerpostun server -- openssh-server < 3.8p1
if grep -qE "^\W*auth\W+\w+\W+.*pam_(ldap|winbind|mysql)" /etc/pam.d/system-auth /etc/pam.d/sshd; then
perl -pi -e 's|^#UsePAM no|UsePAM yes|' /etc/ssh/sshd_config
fi
%files
%defattr(-,root,root)
%doc ChangeLog OVERVIEW README* INSTALL CREDITS LICENCE TODO ssh_ldap_key.pl
%if %{build_watchdog}
%doc CHANGES-openssh-watchdog openssh-watchdog.html
%endif
%if %{build_sftplog}
%doc sftplogging-installation.html
%endif
%{_bindir}/ssh-keygen
%dir %{_sysconfdir}/ssh
%{_bindir}/ssh-keyscan
%{_mandir}/man1/ssh-keygen.1*
%{_mandir}/man1/ssh-keyscan.1*
%{_mandir}/man8/ssh-keysign.8*
%{_libdir}/ssh/ssh-keysign
%if %{build_scard}
%dir %{_datadir}/ssh
%{_datadir}/ssh/Ssh.bin
%endif
%files clients
%defattr(-,root,root)
%{_bindir}/scp
%{_bindir}/ssh
%{_bindir}/ssh-agent
%{_bindir}/ssh-add
%{_bindir}/ssh-copy-id
%{_bindir}/slogin
%{_bindir}/sftp
%{_mandir}/man1/scp.1*
%{_mandir}/man1/ssh-copy-id.1*
%{_mandir}/man1/slogin.1*
%{_mandir}/man1/ssh.1*
%{_mandir}/man1/ssh-agent.1*
%{_mandir}/man1/ssh-add.1*
%{_mandir}/man1/sftp.1*
%{_mandir}/man5/ssh_config.5*
%config(noreplace) %{_sysconfdir}/ssh/ssh_config
%attr(0755,root,root) %{_sysconfdir}/profile.d/ssh-client.sh
%files server
%defattr(-,root,root)
%{_sbindir}/sshd
%dir %{_libdir}/ssh
%{_libdir}/ssh/sftp-server
%{_mandir}/man5/sshd_config.5*
%{_mandir}/man8/sshd.8*
%{_mandir}/man8/sftp-server.8*
%attr(0600,root,root) %config(noreplace) %{_sysconfdir}/ssh/sshd_config
%attr(0600,root,root) %config(noreplace) %{_sysconfdir}/ssh/denyusers
%attr(0600,root,root) %config(noreplace) %{_sysconfdir}/pam.d/sshd
%config(noreplace) %_sysconfdir/xinetd.d/sshd-xinetd
%config(noreplace) %{_sysconfdir}/ssh/moduli
%attr(0755,root,root) %{_initrddir}/sshd
%dir %attr(0755,root,root) /var/empty
%if %{build_x11askpass}
%files askpass
%defattr(-,root,root)
%doc x11-ssh-askpass-%{aversion}/README
%doc x11-ssh-askpass-%{aversion}/ChangeLog
%doc x11-ssh-askpass-%{aversion}/SshAskpass*.ad
%{_libdir}/ssh/x11-ssh-askpass
%{_sysconfdir}/X11/app-defaults/SshAskpass
%{_prefix}/X11R6/lib/X11/doc/html/x11-ssh-askpass.1.html
%{_mandir}/man1/x11-ssh-askpass.1*
%endif
%if %{build_gnomeaskpass}
%files askpass-gnome
%defattr(-,root,root)
%{_libdir}/ssh/gnome-ssh-askpass
%attr(0755,root,root) %{_sysconfdir}/profile.d/gnome-ssh-askpass.*
%endif
%changelog
* Mon Sep 05 2005 Oden Eriksson <oeriksson@mandriva.com> 4.2p1-1mdk
- 4.2p1 (Minor security fixes)
* Thu Aug 18 2005 Oden Eriksson <oeriksson@mandriva.com> 4.1p1-9mdk
- make the --with[out] stuff work (Andrzej Kukula)
* Tue Aug 16 2005 Leonardo Chiquitto Filho <chiquitto@mandriva.com> 4.1p1-8mdk
- add a conflict on openssh-clients with versions prior to 6mdk because
of the scp change
- fix typo in description
* Tue Aug 16 2005 Oden Eriksson <oeriksson@mandriva.com> 4.1p1-7mdk
- fix #17491
* Sat Jul 30 2005 Oden Eriksson <oeriksson@mandriva.com> 4.1p1-6mdk
- fix the "executable-marked-as-config-file" errors
* Sat Jul 30 2005 Oden Eriksson <oeriksson@mandriva.com> 4.1p1-5mdk
- updated the ldap public key patch (P6) to v0.3.6
* Tue Jul 5 2005 Stew Benedict <sbenedict@mandriva.com> 4.1p1-4mdk
- openssh-server provides sshd (Zero_Dogg, cooker IRC)
openssh-client provides ssh
* Tue Jun 14 2005 Stew Benedict <sbenedict@mandriva.com> 4.1p1-3mdk
- --without-zlib-version-check (Oden, for backports)
* Fri Jun 10 2005 Buchan Milne <bgmilne@linux-mandrake.com> 4.1p1-2mdk
- Rebuild
* Tue May 31 2005 Stew Benedict <sbenedict@mandriva.com> 4.1p1-1mdk
- 4.1p1
- fix ssh-client.sh (#16180, Claudio)
- construct the x11-ssh-askpass.1.html file manually as it
sometimes seems to fail (Oden)
* Wed May 04 2005 Stew Benedict <sbenedict@mandriva.com> 4.0p1-2mdk
- rebuild, upload bot lost openssh-askpass somewhere
* Mon May 02 2005 Stew Benedict <sbenedict@mandrakesoft.com> 4.0p1-1mdk
- 4.0p1, redo P1, remove P9 (merged upstream)
- new S8 (sftplogging), new P10 (chroot, upstream patch malformed? - fix)
- new P6, drop P7, reverse a bit of P1 so P6 can apply unchanged (ldap)
* Sun Apr 24 2005 Oden Eriksson <oeriksson@mandriva.com> 3.9p1-10mdk
- rebuilt against latests openssl
* Tue Mar 22 2005 Stew Benedict <sbenedict@mandrakesoft.com> 3.9p1-9mdk
- README.chroot (Bruno Cornec)
* Mon Mar 21 2005 Stew Benedict <sbenedict@mandrakesoft.com> 3.9p1-8mdk
- optional chroot build (http://chrootssh.sourceforge.net, Bruno Cornec)
- spec massages - Oden
- use fuzz 3 with sftplogging patch if ldap is used
* Fri Mar 04 2005 Stew Benedict <sbenedict@mandrakesoft.com> 3.9p1-7mdk
- enable krb5, GSSAPI - (Bugzilla 14222)
- fix "need to reset console after ctrl-c" (Bugzilla 14153, P9)
- script-without-shellbang (Source 4,5,6)
* Mon Jan 03 2005 Stew Benedict <sbenedict@mandrakesoft.com> 3.9p1-6mdk
- drop reference to renamed README.mdk in description (Dick Gevers)
* Fri Dec 31 2004 Christiaan Welvaart <cjw@daneel.dyndns.org> 3.9p1-5mdk
- add BuildRequires: XFree86 (for rman)
* Mon Dec 27 2004 Stew Benedict <sbenedict@mandrakesoft.com> 3.9p1-4mdk
- optional sftplogging build (http://sftplogging.sourceforge.net, Josh Sehn)
* Mon Sep 13 2004 Stew Benedict <sbenedict@mandrakesoft.com> 3.9p1-3mdk
- accept only protocol 2 as default for sshd (redo patch1, #11413)
- rename Source11, add note about protocol change
* Thu Sep 09 2004 Stew Benedict <sbenedict@mandrakesoft.com> 3.9p1-2mdk
- rediff ldap patch (Buchan Milne)
- add sample ssh_ldap_key.pl (Buchan Milne)
* Thu Aug 19 2004 Stew Benedict <sbenedict@mandrakesoft.com> 3.9p1-1mdk
- 3.9p1, rework patch1
* Thu Jul 29 2004 Stew Benedict <sbenedict@mandrakesoft.com> 3.8.1p1-3mdk
- move app-defaults file to correct dir (Peggy KUTYLA)
* Wed Jun 16 2004 Stew Benedict <sbenedict@mandrakesoft.com> 3.8.1p1-2mdk
- definitive fix for ldap support (patch7, Tibor Pittich)
* Fri Jun 11 2004 Stew Benedict <sbenedict@mandrakesoft.com> 3.8.1p1-1mdk
- 3.8.1p1, rework patch1 (config)
- mod to patch6 from Buchan (ldap)
- trigger doesn't need epoch now (was running on rpm -e)
* Thu Jun 10 2004 Stew Benedict <sbenedict@mandrakesoft.com> 3.8p1-4mdk
- add README.mdk to docs to explain differences from <= 3.6.1p2
- add trigger to try and catch alternative auth methods on upgrade,
re-enabling PAM if in use (Bugzilla #9800, thx Buchan)
- add optional (--with ldap) support for authenticating to public keys
stored in ldap (Buchan Milne)
* Mon Jun 7 2004 Stew Benedict <sbenedict@mandrakesoft.com> 3.8p1-3mdk
- add "ForwardX11Trusted yes" to ssh_config so X11 forwarding works
(patch1, Bugzilla #9719)
* Mon May 10 2004 Stew Benedict <sbenedict@mandrakesoft.com> 3.8p1-2mdk
- modified pam stack so enabling UsePAM doesn't change
- "PermitRootLogin without-password" behavior (rework patch1)
- "root" in %{_sysconfdir}/ssh/denyusers
* Tue Apr 06 2004 Stew Benedict <sbenedict@mandrakesoft.com> 3.8p1-1mdk
- 3.8p1, rework patch1, drop patch6 (merged upstream)
* Tue Feb 03 2004 Vincent Danen <vdanen@mandrakesoft.com> 3.6.1p2-12mdk
- revert changed default in ssh_config to turn stricthostkey checking off
because it is deemed too secure
* Fri Jan 30 2004 Vincent Danen <vdanen@mandrakesoft.com> 3.6.1p2-11mdk
- revert change; put scp back into openssh because openssh-server requires
it; openssh-clients requires openssh so we should be ok
- fix anthill #277 to make ssh-client.sh ksh-friendly
* Wed Jan 28 2004 Vincent Danen <vdanen@mandrakesoft.com> 3.6.1p2-10mdk
- add a bin-ssh-askpass alternative so we don't have a dangling symlink in
the client package (bugzilla #6991)
- put scp in the clients package as it cannot run without ssh (bugzilla
#5947)
* Mon Oct 20 2003 Frederic Lepied <flepied@mandrakesoft.com> 3.6.1p2-9mdk
- rebuild for rewriting /etc/pam.d file
* Tue Sep 16 2003 Vincent Danen <vdanen@mandrakesoft.com> 3.6.1p2-8mdk
- revised patch for security fix
* Tue Sep 16 2003 Vincent Danen <vdanen@mandrakesoft.com> 3.6.1p2-7mdk
- security fix
* Mon Aug 25 2003 Frederic Lepied <flepied@mandrakesoft.com> 3.6.1p2-6mdk
- don't put pam_console and pam_limits in pam config file
* Sat Aug 23 2003 Vincent Danen <vdanen@mandrakesoft.com> 3.6.1p2-5mdk
- make openssh-server own /usr/lib/ssh (re: distlint)
- spec cleanups (no more 7.2 support)
* Wed May 14 2003 Vincent Danen <vdanen@mandrakesoft.com> 3.6.1p2-4mdk
- use %%global, not %%define and all the --with stuff works (thanks Buchan)
* Tue May 13 2003 Vincent Danen <vdanen@mandrakesoft.com> 3.6.1p2-3mdk
- only build for 8.2 or 7.2 (no 8.1/8.0 checking); keep 7.2 because we still
support SNF (you can still build for 8.[01] but have to edit the spec
manually)
- remove P2; it's sorely out of date and not used
- remove P4; we don't need it anymore
- new macros:
--with nox11askpass - doesn't build openssh-askpass
--with nognomeaskpass - doesn't build openssh-askpass-gnome
--with smartcard - builds with smartcard support
--with watchdog - apply the watchdog/heartbeat patch
- set %%{_datadir} so Ssh.bin doesn't install in /usr/share
- NOTE: for some reason, the --with stuff doesn't seem to be working
properly for stuff that modifies in places other than build or install
(ie. files, post, etc.) and I'm not sure why, so to rebuild this properly
with those options, you need to manually modify the spec (ie. for
watchdog, smartcard, etc.)
* Wed May 7 2003 Vincent Danen <vdanen@mandrakesoft.com> 3.6.1p2-2mdk
- --rebuild --with skey will now build with skey support
- --rebuild --with krb5 will now build with krb5 support (unsure as to
whether we should do this by default as we would then require krb5-libs)
* Thu May 1 2003 Vincent Danen <vdanen@mandrakesoft.com> 3.6.1p2-1mdk
- 3.6.1p2
* Fri Apr 4 2003 Frederic Lepied <flepied@mandrakesoft.com> 3.6.1p1-2mdk
- don't use killproc in the stop target of the initscript to avoid
killing running sessions (patch5).
* Tue Apr 1 2003 Vincent Danen <vdanen@mandrakesoft.com> 3.6.1p1-1mdk
- 3.6.1p1
- create keys in %%post instead of relying on the initscript (which is never
called if someone uses xinetd)
- auto-detection for old hosts (build macros)
- rediff P1
- PermitRootLogin disabled by default
* Mon Feb 03 2003 Thierry Vignaud <tvignaud@mandrakesoft.com> 3.5p1-7mdk
- disable xinetd server by default
* Mon Feb 03 2003 Thierry Vignaud <tvignaud@mandrakesoft.com> 3.5p1-6mdk
- source 7 : add xinetd support
* Tue Jan 14 2003 Frederic Lepied <flepied@mandrakesoft.com> 3.5p1-5mdk
- move scp to the openssh package as it's needed by the server and the clients
* Tue Jan 14 2003 Frederic Lepied <flepied@mandrakesoft.com> 3.5p1-4mdk
- rebuilt for new openssl
* Tue Dec 31 2002 Stefan van der Eijk <stefan@eijk.nu> 3.5p1-3mdk
- BuildRequires
* Mon Dec 30 2002 Vincent Danen <vdanen@mandrakesoft.com> 3.5p1-2mdk
- rebuild for glibc, etc.
* Mon Oct 15 2002 Vincent Danen <vdanen@mandrakesoft.com> 3.5p1-1mdk
- 3.5p1
- rediff P1
* Wed Sep 11 2002 Vincent Danen <vdanen@mandrakesoft.com> 3.4p1-4mdk
- openssh-server: PreReq: rpm-helper
- fix builds for old distribs (remove support for 7.1)
* Wed Jul 17 2002 Vincent Danen <vdanen@mandrakesoft.com> 3.4p1-3mdk
- make privsep home /var/empty, not /var/empty/sshd
- use %%_pre_useradd and %%_postun_userdel if building for cooker or higher
- add %%build_8x to support 8.x distros
- put scp into clients package
* Wed Jul 10 2002 Gwenole Beauchesne <gbeauchesne@mandrakesoft.com> 3.4p1-2mdk
- rpmlint fixes: strange-permission, configure-without-libdir-spec
* Wed Jun 26 2002 Vincent Danen <vdanen@mandrakesoft.com> 3.4p1-1mdk
- 3.4p1
- regenerate mdkconf patch to include our defaults in /etc/ssh_config again
(X forwarding = yes)
- From Oden Erikkson <oden.eriksson@kvikkjokk.net>:
- misc spec fixes
- include missing ssh-keysign file
* Mon Jun 24 2002 Vincent Danen <vdanen@mandrakesoft.com> 3.3p1-3mdk
- missing manpages
* Mon Jun 24 2002 Vincent Danen <vdanen@mandrakesoft.com> 3.3p1-2mdk
- more build macros for 7.x
- create user sshd, group sshd (uid/gid 94)
- create pre-auth directory: /var/empty/sshd
* Mon Jun 24 2002 Vincent Danen <vdanen@mandrakesoft.com> 3.3p1-1mdk
- 3.3p1
- build macro for 7.x systems so we can use the same spec
* Mon Jun 17 2002 Florin <florin@mandrakesoft.com> 3.2.3p1-1mdk
- 3.2.3p1
* Fri May 17 2002 Florin <florin@mandrakesoft.com> 3.2.2p1-1mdk
- 3.2.2p1
- update the mdk patch
* Tue May 07 2002 Gwenole Beauchesne <gbeauchesne@mandrakesoft.com> 3.1p1-2mdk
- Automated rebuild in gcc3.1 environment
* Thu Mar 07 2002 Florin <florin@mandrakesoft.com> 3.1p1-1mdk
- 3.1p1
- update the mdkconf (1) and check (3) patches
* Mon Feb 25 2002 Frederic Lepied <flepied@mandrakesoft.com> 3.0.2p1-7mdk
- mention reload on argument error in initscript
* Mon Feb 25 2002 Frederic Lepied <flepied@mandrakesoft.com> 3.0.2p1-6mdk
- corrected init script to avoid a deadlock if the server dies (gc)
- added reload option to the init script
* Wed Feb 13 2002 Frederic Lepied <flepied@mandrakesoft.com> 3.0.2p1-5mdk
- put scp on openssh package because it's needed for both the client and
server sides.
* Thu Feb 7 2002 Vincent Danen <vdanen@mandrakesoft.com> 3.0.2p1-3mdk
- disable agent forwarding by default
* Wed Jan 2 2002 Frederic Lepied <flepied@mandrakesoft.com> 3.0.2p1-2mdk
- put back the init script patch to prevent killproc from killing all
the sshd instances.
* Tue Dec 4 2001 Vincent Danen <vdanen@mandrakesoft.com> 3.0.2p1-1mdk
- 3.0.2p1
- remove init patch; the redhat initscript is identical to ours now
* Thu Nov 8 2001 Vincent Danen <vdanen@mandrakesoft.com> 3.0p1-1mdk
- 3.0p1
- x11-ssh-askpass 1.2.4.1
- fix rpmlint errors; we provide everything we obsolete
* Thu Oct 4 2001 Chmouel Boudjnah <chmouel@mandrakesoft.com> 2.9.9p2-4mdk
- Fix ssh-client.sh with zsh (Andrej).
* Thu Oct 4 2001 Vincent Danen <vdanen@mandrakesoft.com> 2.9.9p2-3mdk
- include fix from openssh.com for hung ssh clients on exit (thanks to Oden
Eriksson <oden.eriksson@kvikkjokk.net> for pointing it out)
* Tue Oct 2 2001 Chmouel Boudjnah <chmouel@mandrakesoft.com> 2.9.9p2-2mdk
- Fix xauth path for X11 forwarding.
* Mon Oct 1 2001 Vincent Danen <vdanen@mandrakesoft.com> 2.9.9p2-1mdk
- 2.9.9p2 (security fix)
- regenerate patch 0 (initscript)
- regenerate patch 1 (configs)
- default to using Protocol 2,1 not Protocol 1,2
- /etc/ssh/primes is now called /etc/ssh/moduli
* Sat Sep 01 2001 Florin <florin@mandrakesoft.com> 2.9p2-4mdk
- fix the path in the profile.d files
* Fri Aug 31 2001 Florin <florin@mandrakesoft.com> 2.9p2-3mdk
- fix the reload in the initscript
- add the /etc/profile.d/gnome-ssh-askpass.* files
* Thu Jun 21 2001 Florin <florin@mandrakesoft.com> 2.9p2-2mdk
- move the sources back to the original gz state
* Wed Jun 20 2001 Florin <florin@mandrakesoft.com> 2.9p2-1mdk
- 2.9p2
- bzip2 the sources and the .sig file
- use %{version} for the patches names
- update the patches
* Mon May 21 2001 Frederic Lepied <flepied@mandrakesoft.com> 2.9p1-4mdk
- enable patch 3
- added zlib-devel to BuildRequires (Stephane Lentz).
* Fri May 18 2001 Vincent Danen <vdanen@mandrakesoft.com> 2.9p1-3mdk
- remove transmit_interlude patch, ssl_version patch
- update x11-ssh-askpass to 1.2.2
* Mon May 7 2001 Frederic Lepied <flepied@mandrakesoft.com> 2.9p1-2mdk
- only check version of openssl lib at runtime (and not patchlevel).
* Wed May 2 2001 Frederic Lepied <flepied@mandrakesoft.com> 2.9p1-1mdk
- 2.9p1
* Fri Apr 13 2001 Frederic Lepied <flepied@mandrakesoft.com> 2.5.2p2-3mdk
- put ssh-keyscan in main package
- put scp in client package
* Wed Mar 28 2001 Frederic Lepied <flepied@mandrakesoft.com> 2.5.2p2-2mdk
- use new macros for %%preun et %%post of openssh-server
* Wed Mar 21 2001 Vincent Danen <vdanen@mandrakesoft.com> 2.5.2p2-1mdk
- 2.5.2p2
- more macros
- removed -fomit-frame-pointer from compile flags
* Fri Mar 16 2001 Frederic Lepied <flepied@mandrakesoft.com> 2.5.1p2-7mdk
- removed dependency on openssh-askpass to be able to install without X.
* Fri Mar 16 2001 Frederic Lepied <flepied@mandrakesoft.com> 2.5.1p2-6mdk
- added missing /etc/ssh/primes
* Fri Mar 16 2001 Frederic Lepied <flepied@mandrakesoft.com> 2.5.1p2-5mdk
- corrected trans_inter patch to avoid zero length malloc.
* Tue Mar 6 2001 Frederic Lepied <flepied@mandrakesoft.com> 2.5.1p2-4mdk
- X11 forwarding by default.
- TransmitInterlude patch is back.
* Mon Mar 5 2001 Frederic Lepied <flepied@mandrakesoft.com> 2.5.1p2-3mdk
- remove --with-ipv4-default from configure flag to work fine with ipv6.
* Mon Mar 5 2001 Frederic Lepied <flepied@mandrakesoft.com> 2.5.1p2-2mdk
- pam is back.
* Sat Mar 3 2001 Frederic Lepied <flepied@mandrakesoft.com> 2.5.1p2-1mdk
- Obsoletes/Provides sftp
- 2.5.1p2
* Tue Feb 27 2001 Frederic Lepied <flepied@mandrakesoft.com> 2.5.1p1-1mdk
- correct init.d script to stop only the listening daemon.
- 2.5.1p1: added sftp client and ssh-keyscan.
* Tue Jan 16 2001 Frederic Lepied <flepied@mandrakesoft.com> 2.3.0p1-8mdk
- applied patch for TransmitInterlude adapted by Troels Walsted Hansen.
* Fri Nov 10 2000 Frederic Lepied <flepied@mandrakesoft.com> 2.3.0p1-7mdk
- 2.3.0p1
* Tue Oct 17 2000 Frederic Lepied <flepied@mandrakesoft.com> 2.2.0p1-7mdk
- ssh suid.
* Thu Oct 5 2000 Frederic Lepied <flepied@mandrakesoft.com> 2.2.0p1-6mdk
- don't try Protocol 2 first (chmou sucks).
- ssh not suid.
* Tue Sep 26 2000 Chmouel Boudjnah <chmouel@mandrakesoft.com> 2.2.0p1-5mdk
- Pamstackizification.
- X11Forwarding = yes by defaut.
* Fri Sep 15 2000 Frederic Lepied <flepied@mandrakesoft.com> 2.2.0p1-4mdk
- fixed the init script to restart even if forked daemon are still present.
* Tue Sep 12 2000 Frederic Lepied <flepied@mandrakesoft.com> 2.2.0p1-3mdk
- put priority to 20 for gnome alternative of ssh-askpass.
* Mon Sep 11 2000 Frederic Lepied <flepied@mandrakesoft.com> 2.2.0p1-2mdk
- x11-ssh-askpass version 1.0.1
- new package askpass-gnome (use update-alternatives).
* Thu Sep 7 2000 Frederic Lepied <flepied@mandrakesoft.com> 2.2.0p1-1mdk
- 2.2.0p1
- added copy-id man page
- make a symlink in libdir to ssh-askpass to allow ssh-add to find it.
- added reload and condrestart to init script.
* Tue Aug 8 2000 Pixel <pixel@mandrakesoft.com> 2.1.1p3-3mdk
- remove the BuildRequires gnome-libs-devel
* Thu Aug 3 2000 Pixel <pixel@mandrakesoft.com> 2.1.1p3-2mdk
- cleanup, macrozaition
- add script ssh-copy-id from debian's ssh (i just added a usage)
- StrictHostKeyChecking set to "no" in /etc/ssh/ssh_config (it was "ask"),
so you won't get the following unless the identification changed
"The authenticity of host 'linux-mandrake.com' can't be established.
RSA key fingerprint is 9b:f4:10:21:d6:ff:b2:46:d6:86:b1:42:70:4e:5d:e3.
Are you sure you want to continue connecting (yes/no)? "
* Thu Jul 13 2000 Frederic Lepied <flepied@mandrakesoft.com> 2.1.1p3-1mdk
- 2.1.1p3
* Mon Jul 3 2000 Frederic Lepied <flepied@mandrakesoft.com> 2.1.1p2-1mdk
- 2.1.1p2
* Wed Jun 14 2000 Chmouel Boudjnah <chmouel@mandrakesoft.com> 2.1.1p1-2mdk
- Move all /usr/lib/ files to /usr/bin/.
* Tue Jun 13 2000 Frederic Lepied <flepied@mandrakesoft.com> 2.1.1p1-1mdk
- move /usr/libexec => /usr/lib
- 2.1.1p1
* Thu Jun 8 2000 Frederic Lepied <flepied@mandrakesoft.com> 2.1.0p3-2mdk
- removed unneeded BuildPreReq on gnome-libs-devel.
* Thu Jun 8 2000 Frederic Lepied <flepied@mandrakesoft.com> 2.1.0p3-1mdk
- 2.1.0p3
* Fri May 26 2000 Frederic Lepied <flepied@mandrakesoft.com> 2.1.0p2-1mdk
- 2.1.0p2
* Mon May 08 2000 Jean-Michel Dault <jmdault@mandrakesoft.com> 1.2.2-3mdk
- add Prereq openssl so the post script works.
* Tue Apr 25 2000 Chmouel Boudjnah <chmouel@mandrakesoft.com> 1.2.2-2mdk
- Upgrade groups.
- Clean-up specs.
* Fri Feb 4 2000 Yoann Vandoorselaere <yoann@mandrakesoft.com>
- openssh 1.2.2 release
- if it exist, install the .out version of ssh[d]_config.
* Mon Jan 3 2000 Jean-Michel Dault <jmdault@netrevolution.com>
- final cleanup for Mandrake 7
* Mon Jan 3 2000 Jean-Michel Dault <jmdault@netrevolution.com>
- updated to 1.2.1pre24
- linked with openssl instead of ssleay
* Mon Jan 3 2000 Yoann Vandoorselaere <yoann@mandrakesoft.com>
- Fix a problem with sshd not using the good path.
- Enable tcp wrapper support.
* Mon Dec 13 1999 Yoann Vandoorselaere <yoann@mandrakesoft.com>
- openssh-1.2pre17 released.
* Thu Dec 2 1999 Yoann Vandoorselaere <yoann@mandrakesoft.com>
- First Mandrake release.
distrib
>
Mandriva
>
2006.0
>
i586
>
media
>
main-src
>
by-pkgid
>
1c5f92f040e8db7463b109129cf53dfd
>
files
>
14
