# THIS PACKAGE IS IN SVN # PLEASE DO NOT UPLOAD BEFORE COMMITTING # YOUR CHANGES ## Do not apply any unauthorized patches to this package! ## - vdanen 05/18/01 ## # Version of ssh-askpass %define aversion 1.2.4.1 # Version of watchdog patch %define wversion 4.0p1 # overrides %define build_skey 0 %define build_krb5 1 %define build_scard 0 %define build_watchdog 0 %define build_x11askpass 1 %define build_gnomeaskpass 1 %define build_ldap 0 %define build_sftplog 0 %define build_chroot 0 %{?_with_skey: %{expand: %%global build_skey 1}} %{?_without_skey: %{expand: %%global build_skey 0}} %{?_with_krb5: %{expand: %%global build_krb5 1}} %{?_without_krb5: %{expand: %%global build_krb5 0}} %{?_with_watchdog: %{expand: %%global build_watchdog 1}} %{?_without_watchdog: %{expand: %%global build_watchdog 0}} %{?_with_smartcard: %{expand: %%global build_scard 1}} %{?_without_smartcard: %{expand: %%global build_scard 0}} %{?_with_x11askpass: %{expand: %%global build_x11askpass 1}} %{?_without_x11askpass: %{expand: %%global build_x11askpass 0}} %{?_with_gnomeaskpass: %{expand: %%global build_gnomeaskpass 1}} %{?_without_gnomeaskpass: %{expand: %%global build_gnomeaskpass 0}} %{?_with_ldap: %{expand: %%global build_ldap 1}} %{?_without_ldap: %{expand: %%global build_ldap 0}} %{?_with_sftplog: %{expand: %%global build_sftplog 1}} %{?_without_sftplog: %{expand: %%global build_sftplog 0}} %{?_with_chroot: %{expand: %%global build_chroot 1}} %{?_without_chroot: %{expand: %%global build_chroot 0}} %if %{mdkversion} < 200700 %define OPENSSH_PATH "/usr/local/bin:/bin:%{_bindir}:/usr/X11R6/bin" %define XAUTH /usr/X11R6/bin/xauth %else %define OPENSSH_PATH "/usr/local/bin:/bin:%{_bindir}" %define XAUTH %{_bindir}/xauth %endif Summary: OpenSSH free Secure Shell (SSH) implementation Name: openssh Version: 4.5p1 %define subrel 3 Release: %mkrel 0 License: BSD Group: Networking/Remote access URL: http://www.openssh.com/ Source0: ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-%{version}.tar.gz Source1: ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-%{version}.tar.gz.asc Source2: http://www.ntrnet.net/~jmknoble/software/x11-ssh-askpass/x11-ssh-askpass-%{aversion}.tar.bz2 # ssh-copy-id taken from debian, with "usage" added Source3: ssh-copy-id Source6: ssh-client.sh Source7: openssh-xinetd # (sb) sftp logging patch http://sftplogging.sourceforge.net/ # Not applied by default Source8: http://sftplogging.sourceforge.net/download/v1.5/openssh-4.3p2.sftplogging-v1.5.patch # this is never to be applied by default # http://www.sc.isc.tohoku.ac.jp/~hgot/sources/openssh-watchdog.html Source10: openssh-%{wversion}-watchdog.patch.tar.bz2 Source11: README.update.urpmi Source12: ssh_ldap_key.pl Source13: sftplogging-installation.html Source14: README.chroot Source15: ssh-avahi-integration Source16: sshd.pam-0.77 Source17: sshd.pam Source18: sshd.init Patch1: openssh-4.3p2-mdv_conf.diff # authorized by Damien Miller <djm@openbsd.com> Patch3: openssh-3.1p1-check-only-ssl-version.patch # (sb) http://www.opendarwin.org/projects/openssh-lpk/files/ # optional ldap support Patch6: http://www.opendarwin.org/projects/openssh-lpk/files/openssh-lpk-4.3p1-0.3.7.patch # (sb) http://chrootssh.sourceforge.net # http://chrootssh.sourceforge.net/download/openssh-4.2p1-chroot.tar.gz Patch10: openssh-4.2p1-osshChroot.diff Patch11: openssh-CVE-2007-4752.patch Patch12: openssh-3.9p1-CVE-2008-1483-rhel-skip-used.patch Obsoletes: ssh Provides: ssh Requires(post): openssl >= 0.9.7 Requires(preun): openssl >= 0.9.7 Requires: tcp_wrappers BuildRequires: groff-for-man BuildRequires: openssl-devel >= 0.9.7 BuildRequires: pam-devel BuildRequires: tcp_wrappers-devel BuildRequires: zlib-devel %if %{build_skey} BuildRequires: skey-devel, skey-static-devel %endif %if %{build_scard} BuildRequires: libopensc-devel %endif %if %{build_krb5} BuildRequires: krb5-devel %endif %if %{build_x11askpass} %if %{mdkversion} < 200700 BuildRequires: X11-devel xorg-x11 %else BuildRequires: imake BuildRequires: rman # http://qa.mandriva.com/show_bug.cgi?id=22736 BuildRequires: x11-util-cf-files >= 1.0.2 BuildRequires: gccmakedep BuildRequires: libx11-devel BuildRequires: libxt-devel %endif %endif %if %{build_gnomeaskpass} BuildRequires: gtk+2-devel %endif %if %{build_ldap} BuildRequires: openldap-devel >= 2.0 %endif BuildConflicts: libgssapi-devel BuildRoot: %{_tmppath}/%{name}-%{version}-buildroot %description Ssh (Secure Shell) is a program for logging into a remote machine and for executing commands in a remote machine. It is intended to replace rlogin and rsh, and provide secure encrypted communications between two untrusted hosts over an insecure network. X11 connections and arbitrary TCP/IP ports can also be forwarded over the secure channel. OpenSSH is OpenBSD's rework of the last free version of SSH, bringing it up to date in terms of security and features, as well as removing all patented algorithms to separate libraries (OpenSSL). This package includes the core files necessary for both the OpenSSH client and server. To make this package useful, you should also install openssh-clients, openssh-server, or both. You can build %{name} with some conditional build swithes; (ie. use with rpm --rebuild): --with[out] skey smartcard support (disabled) --with[out] krb5 kerberos support (enabled) --with[out] watchdog watchdog support (disabled) --with[out] x11askpass X11 ask pass support (enabled) --with[out] gnomeaskpass Gnome ask pass support (enabled) --with[out] ldap OpenLDAP support (disabled) --with[out] sftplog sftp logging support (disabled) --with[out] chroot chroot support (disabled) %package clients Summary: OpenSSH Secure Shell protocol clients Group: Networking/Remote access Requires: %{name} = %{version}-%{release} Obsoletes: ssh-clients, sftp, ssh Provides: ssh-clients, sftp, ssh # scp was moved from openssh to openssh-clients # http://qa.mandriva.com/show_bug.cgi?id=17491 Conflicts: %{name} <= 4.1p1-6mdk %description clients Ssh (Secure Shell) is a program for logging into a remote machine and for executing commands in a remote machine. It is intended to replace rlogin and rsh, and provide secure encrypted communications between two untrusted hosts over an insecure network. X11 connections and arbitrary TCP/IP ports can also be forwarded over the secure channel. OpenSSH is OpenBSD's rework of the last free version of SSH, bringing it up to date in terms of security and features, as well as removing all patented algorithms to separate libraries (OpenSSL). This package includes the clients necessary to make encrypted connections to SSH servers. %package server Summary: OpenSSH Secure Shell protocol server (sshd) Group: System/Servers Requires(pre): %{name} = %{version}-%{release} chkconfig >= 0.9 Requires(pre): pam >= 0.74 Requires(pre): rpm-helper Requires(post): rpm-helper Requires(preun): rpm-helper Requires(postun): rpm-helper Requires: %{name}-clients = %{version}-%{release} %if %{build_skey} Requires: skey %endif Obsoletes: ssh-server, sshd Provides: ssh-server, sshd %description server Ssh (Secure Shell) is a program for logging into a remote machine and for executing commands in a remote machine. It is intended to replace rlogin and rsh, and provide secure encrypted communications between two untrusted hosts over an insecure network. X11 connections and arbitrary TCP/IP ports can also be forwarded over the secure channel. OpenSSH is OpenBSD's rework of the last free version of SSH, bringing it up to date in terms of security and features, as well as removing all patented algorithms to separate libraries (OpenSSL). This package contains the secure shell daemon. The sshd is the server part of the secure shell protocol and allows ssh clients to connect to your host. %package askpass-common Summary: OpenSSH X11 passphrase common scripts Group: Networking/Remote access %description askpass-common OpenSSH X11 passphrase common scripts %if %{build_x11askpass} %package askpass Summary: OpenSSH X11 passphrase dialog Group: Networking/Remote access Requires: %{name} = %{version}-%{release} Requires: %{name}-askpass-common Obsoletes: ssh-extras, ssh-askpass Provides: ssh-extras, ssh-askpass Requires(pre): /usr/sbin/update-alternatives %description askpass Ssh (Secure Shell) is a program for logging into a remote machine and for executing commands in a remote machine. It is intended to replace rlogin and rsh, and provide secure encrypted communications between two untrusted hosts over an insecure network. X11 connections and arbitrary TCP/IP ports can also be forwarded over the secure channel. OpenSSH is OpenBSD's rework of the last free version of SSH, bringing it up to date in terms of security and features, as well as removing all patented algorithms to separate libraries (OpenSSL). This package contains Jim Knoble's <jmknoble@pobox.com> X11 passphrase dialog. %endif %if %{build_gnomeaskpass} %package askpass-gnome Summary: OpenSSH GNOME passphrase dialog Group: Networking/Remote access Requires: %{name} = %{version}-%{release} Requires: %{name}-askpass-common Obsoletes: ssh-extras Requires(pre): /usr/sbin/update-alternatives Provides: %{name}-askpass, ssh-askpass, ssh-extras %description askpass-gnome Ssh (Secure Shell) is a program for logging into a remote machine and for executing commands in a remote machine. It is intended to replace rlogin and rsh, and provide secure encrypted communications between two untrusted hosts over an insecure network. X11 connections and arbitrary TCP/IP ports can also be forwarded over the secure channel. OpenSSH is OpenBSD's rework of the last free version of SSH, bringing it up to date in terms of security and features, as well as removing all patented algorithms to separate libraries (OpenSSL). This package contains the GNOME passphrase dialog. %endif %prep %if %{build_x11askpass} echo "Building with x11 askpass..." %endif %if %{build_gnomeaskpass} echo "Building with GNOME askpass..." %endif %if %{build_krb5} echo "Building with Kerberos5 support..." %endif %if %{build_skey} echo "Building with S/KEY support..." %endif %if %{build_scard} echo "Building with smartcard support..." %endif %if %{build_watchdog} echo "Building with watchdog support..." %endif %if %{build_ldap} echo "Buiding with support for authenticating to public keys in ldap" %endif %if %{build_sftplog} echo "Buiding with support for sftp logging" %endif %if %{build_chroot} echo "Buiding with support for ssh chroot" %endif %setup -q -a2 -a10 %patch1 -p1 -b .mdkconf %patch3 -p1 -b .ssl_ver %if %{build_watchdog} patch -p0 -s -z .wdog < %{name}-%{wversion}-watchdog.patch %endif %if %{build_ldap} sed -i 's|UsePrivilegeSeparation yes|#UsePrivilegeSeparation yes|' sshd_config %patch6 -p1 -b .lpk %define fuzz 3 %else %define fuzz 2 %endif %if %{build_sftplog} #cat %{SOURCE8} | patch -p1 -F %{fuzz} -s -z .sftplog # XXX - fuzz?! cat %{SOURCE8} | patch -p1 -s -z .sftplog install -m 0644 %{SOURCE13} . %endif %if %{build_chroot} %patch10 -p1 -b .chroot %endif %patch11 -p0 -b .cve-2007-4752 %patch12 -p1 -b .cve-2008-1483 install %{SOURCE11} %{SOURCE12} %{SOURCE14} . # fix conditional pam config file %if %{mdkversion} < 200610 install -m 0644 %{SOURCE16} sshd.pam %else install -m 0644 %{SOURCE17} sshd.pam %endif install -m 0755 %{SOURCE18} sshd.init # fix attribs chmod 644 ChangeLog OVERVIEW README* INSTALL CREDITS LICENCE TODO ssh_ldap_key.pl # http://qa.mandriva.com/show_bug.cgi?id=22957 perl -pi -e "s|_OPENSSH_PATH_|%{OPENSSH_PATH}|g" sshd_config %build %serverbuild %if %{build_x11askpass} pushd x11-ssh-askpass-%{aversion} CFLAGS="%{optflags}" ./configure \ --prefix=%{_prefix} --libdir=%{_libdir} \ --mandir=%{_mandir} --libexecdir=%{_libdir}/ssh \ --with-app-defaults-dir=%{_sysconfdir}/X11/app-defaults xmkmf -a %ifarch x86_64 perl -pi -e "s|/usr/lib\b|%{_libdir}|g" Makefile perl -pi -e "s|i586-mandriva-linux-gnu|x86_64-mandriva-linux-gnu|g" Makefile perl -pi -e "s|%{_libdir}/gcc/|/usr/lib/gcc/|g" Makefile perl -pi -e "s|-m32|-m64|g" Makefile perl -pi -e "s|__i386__|__x86_64__|g" Makefile %endif make \ BINDIR=%{_libdir}/ssh \ CDEBUGFLAGS="%{optflags}" \ CXXDEBUGFLAGS="%{optflags}" # For some reason the x11-ssh-askpass.1.html file is not created on 10.0/10.1 # x86_64, so we just do it manually here... (oden) rm -f x11-ssh-askpass.1x.html x11-ssh-askpass.1x-html rman -f HTML < x11-ssh-askpass._man > x11-ssh-askpass.1x-html && \ mv -f x11-ssh-askpass.1x-html x11-ssh-askpass.1.html popd %endif %if %{build_gnomeaskpass} pushd contrib make gnome-ssh-askpass2 mv gnome-ssh-askpass2 gnome-ssh-askpass popd %endif CFLAGS="%{optflags}" ./configure \ --prefix=%{_prefix} \ --sysconfdir=%{_sysconfdir}/ssh \ --mandir=%{_mandir} \ --libdir=%{_libdir} \ --libexecdir=%{_libdir}/ssh \ --datadir=%{_datadir}/ssh \ --with-tcp-wrappers \ --with-pam \ --with-default-path=%{OPENSSH_PATH} \ --with-xauth=%{XAUTH} \ --with-privsep-path=/var/empty \ --without-zlib-version-check \ %if %{build_krb5} --with-kerberos5 \ %endif %if %{build_skey} --with-skey \ %endif %if %{build_scard} --with-opensc \ %endif %if %{build_ldap} --with-libs="-lldap -llber" \ --with-cppflags="-DWITH_LDAP_PUBKEY" \ %endif --with-superuser-path=/usr/local/sbin:/usr/local/bin:/sbin:/bin:%{_sbindir}:%{_bindir} %make %install rm -rf %{buildroot} make install DESTDIR=%{buildroot}/ install -d %{buildroot}%{_sysconfdir}/ssh install -d %{buildroot}%{_sysconfdir}/pam.d/ install -d %{buildroot}%{_sysconfdir}/sysconfig install -d %{buildroot}%{_initrddir} install -m644 sshd.pam %{buildroot}%{_sysconfdir}/pam.d/sshd install -m755 sshd.init %{buildroot}%{_initrddir}/sshd if [[ -f sshd_config.out ]]; then install -m600 sshd_config.out %{buildroot}%{_sysconfdir}/ssh/sshd_config else install -m600 sshd_config %{buildroot}%{_sysconfdir}/ssh/sshd_config fi echo "root" > %{buildroot}%{_sysconfdir}/ssh/denyusers if [[ -f ssh_config.out ]]; then install -m644 ssh_config.out %{buildroot}%{_sysconfdir}/ssh/ssh_config else install -m644 ssh_config %{buildroot}%{_sysconfdir}/ssh/ssh_config fi echo " StrictHostKeyChecking no" >> %{buildroot}%{_sysconfdir}/ssh/ssh_config mkdir -p %{buildroot}%{_libdir}/ssh %if %{build_x11askpass} pushd x11-ssh-askpass-%{aversion} #make DESTDIR=%{buildroot} install #make DESTDIR=%{buildroot} install.man #install -d %{buildroot}%{_prefix}/X11R6/lib/X11/doc/html #install -m0644 x11-ssh-askpass.1.html %{buildroot}%{_prefix}/X11R6/lib/X11/doc/html/ install -d %{buildroot}%{_libdir}/ssh install -d %{buildroot}%{_sysconfdir}/X11/app-defaults install -m0644 SshAskpass.ad %{buildroot}%{_sysconfdir}/X11/app-defaults/SshAskpass install -m0755 x11-ssh-askpass %{buildroot}%{_libdir}/ssh/ install -m0644 x11-ssh-askpass.man %{buildroot}%{_mandir}/man1/x11-ssh-askpass.1 popd %endif install -d %{buildroot}%{_sysconfdir}/profile.d/ %if %{build_gnomeaskpass} install -m 755 contrib/gnome-ssh-askpass %{buildroot}%{_libdir}/ssh/gnome-ssh-askpass %endif cat > %{buildroot}%{_sysconfdir}/profile.d/90ssh-askpass.csh <<EOF #!/bin/csh setenv SSH_ASKPASS %{_libdir}/ssh/ssh-askpass EOF cat > %{buildroot}%{_sysconfdir}/profile.d/90ssh-askpass.sh <<EOF #!/bin/sh export SSH_ASKPASS=%{_libdir}/ssh/ssh-askpass EOF install -m 755 %{SOURCE6} %{buildroot}%{_sysconfdir}/profile.d/ install -m 0755 %{SOURCE3} %{buildroot}/%{_bindir}/ssh-copy-id chmod a+x %{buildroot}/%{_bindir}/ssh-copy-id install -m 644 contrib/ssh-copy-id.1 %{buildroot}/%{_mandir}/man1/ # create pre-authentication directory mkdir -p %{buildroot}/var/empty # remove unwanted files rm -f %{buildroot}%{_libdir}/ssh/ssh-askpass %if !%{build_scard} rm -f %{buildroot}%{_datadir}/ssh/Ssh.bin %endif # xinetd support (tv) mkdir -p %{buildroot}%{_sysconfdir}/xinetd.d/ install -m 0644 %{SOURCE7} %{buildroot}%{_sysconfdir}/xinetd.d/sshd-xinetd cat > %{buildroot}%{_sysconfdir}/sysconfig/sshd << EOF #SSHD="%{_sbindir}/sshd" #PID_FILE="/var/run/sshd.pid" #OPTIONS="" EOF # avahi integration support (misc) mkdir -p %{buildroot}%{_sysconfdir}/avahi/services/ install -m 0644 %{SOURCE15} %{buildroot}%{_sysconfdir}/avahi/services/%{name}.service %clean rm -rf %{buildroot} %pre server %_pre_useradd sshd /var/empty /bin/true %post server # do some key management; taken from the initscript KEYGEN=/usr/bin/ssh-keygen RSA1_KEY=/etc/ssh/ssh_host_key RSA_KEY=/etc/ssh/ssh_host_rsa_key DSA_KEY=/etc/ssh/ssh_host_dsa_key do_rsa1_keygen() { if [ ! -s $RSA1_KEY ]; then echo -n "Generating SSH1 RSA host key... " if $KEYGEN -q -t rsa1 -f $RSA1_KEY -C '' -N '' >&/dev/null; then chmod 600 $RSA1_KEY chmod 644 $RSA1_KEY.pub echo "done" echo else echo "failed" echo exit 1 fi fi } do_rsa_keygen() { if [ ! -s $RSA_KEY ]; then echo "Generating SSH2 RSA host key... " if $KEYGEN -q -t rsa -f $RSA_KEY -C '' -N '' >&/dev/null; then chmod 600 $RSA_KEY chmod 644 $RSA_KEY.pub echo "done" echo else echo "failed" echo exit 1 fi fi } do_dsa_keygen() { if [ ! -s $DSA_KEY ]; then echo "Generating SSH2 DSA host key... " if $KEYGEN -q -t dsa -f $DSA_KEY -C '' -N '' >&/dev/null; then chmod 600 $DSA_KEY chmod 644 $DSA_KEY.pub echo "done" echo else echo "failed" echo exit 1 fi fi } do_rsa1_keygen do_rsa_keygen do_dsa_keygen %_post_service sshd %preun server %_preun_service sshd %postun server %_postun_userdel sshd %if %{build_x11askpass} %post askpass update-alternatives --install %{_libdir}/ssh/ssh-askpass ssh-askpass %{_libdir}/ssh/x11-ssh-askpass 10 update-alternatives --install %{_bindir}/ssh-askpass bssh-askpass %{_libdir}/ssh/x11-ssh-askpass 10 %postun askpass [ $1 = 0 ] || exit 0 update-alternatives --remove ssh-askpass %{_libdir}/ssh/x11-ssh-askpass update-alternatives --remove bssh-askpass %{_libdir}/ssh/x11-ssh-askpass %endif %if %{build_gnomeaskpass} %post askpass-gnome update-alternatives --install %{_libdir}/ssh/ssh-askpass ssh-askpass %{_libdir}/ssh/gnome-ssh-askpass 20 update-alternatives --install %{_bindir}/ssh-askpass bssh-askpass %{_libdir}/ssh/gnome-ssh-askpass 20 %postun askpass-gnome [ $1 = 0 ] || exit 0 update-alternatives --remove ssh-askpass %{_libdir}/ssh/gnome-ssh-askpass update-alternatives --remove bssh-askpass %{_libdir}/ssh/gnome-ssh-askpass %endif %triggerpostun server -- openssh-server < 3.8p1 if grep -qE "^\W*auth\W+\w+\W+.*pam_(ldap|winbind|mysql)" /etc/pam.d/system-auth /etc/pam.d/sshd; then perl -pi -e 's|^#UsePAM no|UsePAM yes|' /etc/ssh/sshd_config fi %files %defattr(-,root,root) %doc ChangeLog OVERVIEW README* INSTALL CREDITS LICENCE TODO ssh_ldap_key.pl %if %{build_watchdog} %doc CHANGES-openssh-watchdog openssh-watchdog.html %endif %if %{build_sftplog} %doc sftplogging-installation.html %endif %{_bindir}/ssh-keygen %dir %{_sysconfdir}/ssh %{_bindir}/ssh-keyscan %{_mandir}/man1/ssh-keygen.1* %{_mandir}/man1/ssh-keyscan.1* %{_mandir}/man8/ssh-keysign.8* %{_libdir}/ssh/ssh-keysign %if %{build_scard} %dir %{_datadir}/ssh %{_datadir}/ssh/Ssh.bin %endif %files clients %defattr(-,root,root) %{_bindir}/scp %{_bindir}/ssh %{_bindir}/ssh-agent %{_bindir}/ssh-add %{_bindir}/ssh-copy-id %{_bindir}/slogin %{_bindir}/sftp %{_mandir}/man1/scp.1* %{_mandir}/man1/ssh-copy-id.1* %{_mandir}/man1/slogin.1* %{_mandir}/man1/ssh.1* %{_mandir}/man1/ssh-agent.1* %{_mandir}/man1/ssh-add.1* %{_mandir}/man1/sftp.1* %{_mandir}/man5/ssh_config.5* %config(noreplace) %{_sysconfdir}/ssh/ssh_config %attr(0755,root,root) %{_sysconfdir}/profile.d/ssh-client.sh %files server %defattr(-,root,root) %attr(0644,root,root) %config(noreplace) %{_sysconfdir}/sysconfig/sshd %{_sbindir}/sshd %dir %{_libdir}/ssh %{_libdir}/ssh/sftp-server %{_mandir}/man5/sshd_config.5* %{_mandir}/man8/sshd.8* %{_mandir}/man8/sftp-server.8* %attr(0600,root,root) %config(noreplace) %{_sysconfdir}/ssh/sshd_config %attr(0600,root,root) %config(noreplace) %{_sysconfdir}/ssh/denyusers %attr(0600,root,root) %config(noreplace) %{_sysconfdir}/pam.d/sshd %config(noreplace) %_sysconfdir/xinetd.d/sshd-xinetd %config(noreplace) %{_sysconfdir}/avahi/services/%{name}.service %config(noreplace) %{_sysconfdir}/ssh/moduli %attr(0755,root,root) %{_initrddir}/sshd %dir %attr(0755,root,root) /var/empty %files askpass-common %defattr(-,root,root) %attr(0755,root,root) %{_sysconfdir}/profile.d/90ssh-askpass.* %if %{build_x11askpass} %files askpass %defattr(-,root,root) %doc x11-ssh-askpass-%{aversion}/README %doc x11-ssh-askpass-%{aversion}/ChangeLog %doc x11-ssh-askpass-%{aversion}/SshAskpass*.ad %doc x11-ssh-askpass-%{aversion}/x11-ssh-askpass.1.html %{_libdir}/ssh/x11-ssh-askpass %{_sysconfdir}/X11/app-defaults/SshAskpass #%{_prefix}/X11R6/lib/X11/doc/html/x11-ssh-askpass.1.html %{_mandir}/man1/x11-ssh-askpass.1* %endif %if %{build_gnomeaskpass} %files askpass-gnome %defattr(-,root,root) %{_libdir}/ssh/gnome-ssh-askpass %endif %changelog * Tue Mar 25 2008 Gustavo De Nardin <gustavodn@mandriva.com> - P12: security fix for CVE-2008-1483 * Tue Dec 04 2007 Vincent Danen <vdanen@mandriva.com> - P11: security fix for CVE-2007-4752 * Wed Nov 08 2006 Vincent Danen <vdanen@mandriva.com> - 4.5p1 (privsep vuln fixed) * Wed Aug 02 2006 Andreas Hasenack <andreas@mandriva.com> + 2006-08-02 15:13:06 (42979) - bunzipped remaining source files - updated sftploggin patch (still not applied by default) - fixed pam configuration file for recent pam (#22008) * Wed Aug 02 2006 Andreas Hasenack <andreas@mandriva.com> + 2006-08-02 14:36:51 (42977) - removed requirement for xauth (#23086) * Tue Aug 01 2006 Andreas Hasenack <andreas@mandriva.com> + 2006-08-01 21:16:32 (42929) - removed workaround for #22736 - added versioned buildrequires for x11-util-cf-files in order to fix #22736. Rebuild. - added other missing buildrequires due to xorg xplit - re-generate ssh-askpass html doc page again during build * Sun Jul 30 2006 Helio Chissini de Castro <helio@mandriva.com> + 2006-07-30 18:53:21 (42821) - Fixed file list * Sun Jul 30 2006 Helio Chissini de Castro <helio@mandriva.com> + 2006-07-30 18:52:24 (42820) - Wrong.. askpass env should come *before* keyring * Sun Jul 30 2006 Helio Chissini de Castro <helio@mandriva.com> + 2006-07-30 18:42:59 (42819) - Fixed source list * Sun Jul 30 2006 Helio Chissini de Castro <helio@mandriva.com> + 2006-07-30 18:06:04 (42817) - Added ordering for askpass script. Same change will be added on keychain script * Fri Jul 28 2006 Andreas Hasenack <andreas@mandriva.com> + 2006-07-28 14:22:11 (42378) - add svn warning * Fri Jul 28 2006 Andreas Hasenack <andreas@mandriva.com> + 2006-07-28 14:16:21 (42368) - import openssh-4.3p2-10mdv2007.0 * Fri Jul 27 2006 Helio Chissini de Castro <helio@mandriva.com> 4.3p2-10mdv2007.0 - Created script package askpass-common to enable just one file on profile.d and rely on correct alternatives, with recent introduction of qt version of ssh-askpass ( separated package ). - Nuke the old invalid buildrequires dependency for db1 * Mon Jul 03 2006 Per Øyvind Karlsen <pkarlsen@mandriva.com> 4.3p2-9mdv2007.0 - fix buildrequires - fix macro-in-%changelog * Wed Jun 07 2006 Oden Eriksson <oeriksson@mandriva.com> 4.3p2-8mdv2007.0 - fix #22957 (P1 + spec file hack) - make it backportable for older X - fix deps * Sun May 28 2006 Oden Eriksson <oeriksson@mandriva.com> 4.3p2-7mdv2007.0 - fix #22736 with a temporary hack * Mon Mar 06 2006 Buchan Milne <bgmilne@mandriva.org> 4.3p2-5mdk - update lpk patch to 0.3.7 * Sun Feb 19 2006 Michael Scherer <misc@mandriva.org> 4.3p2-4mdk - fix avahi config file naming * Mon Feb 13 2006 Oden Eriksson <oeriksson@mandriva.com> 4.3p2-3mdk - make it backportable for older pam (S16) * Sun Feb 12 2006 Oden Eriksson <oeriksson@mandriva.com> 4.3p2-2mdk - use "include" directive instead of the deprecated pam_stack.so module and provide our own pam configuration file (S16) - removed patches that touches the initscript, provide our own initscript and remove deprecated calls to "initlog" from there (S17) - fix attribs on the doc files * Sun Feb 12 2006 Oden Eriksson <oeriksson@mandriva.com> 4.3p2-1mdk - 4.3p2 (Minor bugfixes) * Fri Feb 10 2006 Michael Scherer <misc@mandriva.org> 4.3p1-3mdk - add a avahi service file for ssh and sftp * Fri Feb 10 2006 Oden Eriksson <oeriksson@mandriva.com> 4.3p1-2mdk - fix deps - added P12 to make it possible to use a different sshd binary by using the /etc/sysconfig/sshd file. also add that file (David Walluck) * Wed Feb 01 2006 Oden Eriksson <oeriksson@mandriva.com> 4.3p1-1mdk - 4.3p1 (fixes CVE-2006-0225) - spec file "massage" - rediff P1 * Mon Jan 09 2006 Olivier Blin <oblin@mandriva.com> 4.2p1-13mdk - fix typo in initscript * Mon Jan 09 2006 Olivier Blin <oblin@mandriva.com> 4.2p1-12mdk - convert parallel init to LSB * Mon Jan 02 2006 Oden Eriksson <oeriksson@mandriva.com> 4.2p1-11mdk - rebuilt due a missing package * Sun Jan 01 2006 Couriousous <couriousous@mandriva.org> 4.2p1-10mdk - Add parallel init stuff * Wed Dec 28 2005 Christiaan Welvaart <cjw@daneel.dyndns.org> 4.2p1-9mdk - re-add BuildRequires: xorg-x11 (was removed in previous update) * Mon Dec 05 2005 Andreas Hasenack <andreas@mandriva.com> 4.2p1-8mdk - fixed X11 buildrequires (used the x11askpass is built) * Sun Dec 04 2005 Andreas Hasenack <andreas@mandriva.com> 4.2p1-7mdk - fixed smart card build (but it's still disabled by default) * Sun Nov 13 2005 Oden Eriksson <oeriksson@mandriva.com> 4.2p1-6mdk - rebuilt against openssl-0.9.8a * Thu Nov 10 2005 Olivier Blin <oblin@mandriva.com> 4.2p1-5mdk - fix gnome-ssh-askpass.sh generation * Sun Nov 06 2005 Oden Eriksson <oeriksson@mandriva.com> 4.2p1-4mdk - update S8 (openssh-4.2p1.sftplogging-v1.4.patch) - update S10 (openssh-4.0p1-watchdog.patch) - update P10 * Sun Nov 06 2005 Guillaume Rousse <guillomovitch@mandriva.org> 4.2p1-3mdk - use here-in document for generating profile scripts, so as to get correct installation location * Wed Oct 12 2005 Oden Eriksson <oeriksson@mandriva.com> 4.2p1-2mdk - rebuilt against openssl-0.9.7h * Mon Sep 05 2005 Oden Eriksson <oeriksson@mandriva.com> 4.2p1-1mdk - 4.2p1 (Minor security fixes) * Thu Aug 18 2005 Oden Eriksson <oeriksson@mandriva.com> 4.1p1-9mdk - make the --with[out] stuff work (Andrzej Kukula) * Tue Aug 16 2005 Leonardo Chiquitto Filho <chiquitto@mandriva.com> 4.1p1-8mdk - add a conflict on openssh-clients with versions prior to 6mdk because of the scp change - fix typo in description * Tue Aug 16 2005 Oden Eriksson <oeriksson@mandriva.com> 4.1p1-7mdk - fix #17491 * Sat Jul 30 2005 Oden Eriksson <oeriksson@mandriva.com> 4.1p1-6mdk - fix the "executable-marked-as-config-file" errors * Sat Jul 30 2005 Oden Eriksson <oeriksson@mandriva.com> 4.1p1-5mdk - updated the ldap public key patch (P6) to v0.3.6 * Tue Jul 05 2005 Stew Benedict <sbenedict@mandriva.com> 4.1p1-4mdk - openssh-server provides sshd (Zero_Dogg, cooker IRC) openssh-client provides ssh * Tue Jun 14 2005 Stew Benedict <sbenedict@mandriva.com> 4.1p1-3mdk - --without-zlib-version-check (Oden, for backports) * Fri Jun 10 2005 Buchan Milne <bgmilne@linux-mandrake.com> 4.1p1-2mdk - Rebuild * Tue May 31 2005 Stew Benedict <sbenedict@mandriva.com> 4.1p1-1mdk - 4.1p1 - fix ssh-client.sh (#16180, Claudio) - construct the x11-ssh-askpass.1.html file manually as it sometimes seems to fail (Oden) * Wed May 04 2005 Stew Benedict <sbenedict@mandriva.com> 4.0p1-2mdk - rebuild, upload bot lost openssh-askpass somewhere * Mon May 02 2005 Stew Benedict <sbenedict@mandrakesoft.com> 4.0p1-1mdk - 4.0p1, redo P1, remove P9 (merged upstream) - new S8 (sftplogging), new P10 (chroot, upstream patch malformed? - fix) - new P6, drop P7, reverse a bit of P1 so P6 can apply unchanged (ldap) * Sun Apr 24 2005 Oden Eriksson <oeriksson@mandriva.com> 3.9p1-10mdk - rebuilt against latests openssl * Tue Mar 22 2005 Stew Benedict <sbenedict@mandrakesoft.com> 3.9p1-9mdk - README.chroot (Bruno Cornec) * Mon Mar 21 2005 Stew Benedict <sbenedict@mandrakesoft.com> 3.9p1-8mdk - optional chroot build (http://chrootssh.sourceforge.net, Bruno Cornec) - spec massages - Oden - use fuzz 3 with sftplogging patch if ldap is used * Fri Mar 04 2005 Stew Benedict <sbenedict@mandrakesoft.com> 3.9p1-7mdk - enable krb5, GSSAPI - (Bugzilla 14222) - fix "need to reset console after ctrl-c" (Bugzilla 14153, P9) - script-without-shellbang (Source 4,5,6) * Mon Jan 03 2005 Stew Benedict <sbenedict@mandrakesoft.com> 3.9p1-6mdk - drop reference to renamed README.mdk in description (Dick Gevers) * Fri Dec 31 2004 Christiaan Welvaart <cjw@daneel.dyndns.org> 3.9p1-5mdk - add BuildRequires: XFree86 (for rman) * Mon Dec 27 2004 Stew Benedict <sbenedict@mandrakesoft.com> 3.9p1-4mdk - optional sftplogging build (http://sftplogging.sourceforge.net, Josh Sehn) * Mon Sep 13 2004 Stew Benedict <sbenedict@mandrakesoft.com> 3.9p1-3mdk - accept only protocol 2 as default for sshd (redo patch1, #11413) - rename Source11, add note about protocol change * Thu Sep 09 2004 Stew Benedict <sbenedict@mandrakesoft.com> 3.9p1-2mdk - rediff ldap patch (Buchan Milne) - add sample ssh_ldap_key.pl (Buchan Milne) * Thu Aug 19 2004 Stew Benedict <sbenedict@mandrakesoft.com> 3.9p1-1mdk - 3.9p1, rework patch1 * Thu Jul 29 2004 Stew Benedict <sbenedict@mandrakesoft.com> 3.8.1p1-3mdk - move app-defaults file to correct dir (Peggy KUTYLA) * Wed Jun 16 2004 Stew Benedict <sbenedict@mandrakesoft.com> 3.8.1p1-2mdk - definitive fix for ldap support (patch7, Tibor Pittich) * Fri Jun 11 2004 Stew Benedict <sbenedict@mandrakesoft.com> 3.8.1p1-1mdk - 3.8.1p1, rework patch1 (config) - mod to patch6 from Buchan (ldap) - trigger doesn't need epoch now (was running on rpm -e) * Thu Jun 10 2004 Stew Benedict <sbenedict@mandrakesoft.com> 3.8p1-4mdk - add README.mdk to docs to explain differences from <= 3.6.1p2 - add trigger to try and catch alternative auth methods on upgrade, re-enabling PAM if in use (Bugzilla #9800, thx Buchan) - add optional (--with ldap) support for authenticating to public keys stored in ldap (Buchan Milne) * Mon Jun 07 2004 Stew Benedict <sbenedict@mandrakesoft.com> 3.8p1-3mdk - add "ForwardX11Trusted yes" to ssh_config so X11 forwarding works (patch1, Bugzilla #9719) * Mon May 10 2004 Stew Benedict <sbenedict@mandrakesoft.com> 3.8p1-2mdk - modified pam stack so enabling UsePAM doesn't change - "PermitRootLogin without-password" behavior (rework patch1) - "root" in %{_sysconfdir}/ssh/denyusers * Tue Apr 06 2004 Stew Benedict <sbenedict@mandrakesoft.com> 3.8p1-1mdk - 3.8p1, rework patch1, drop patch6 (merged upstream) * Tue Feb 03 2004 Vincent Danen <vdanen@mandrakesoft.com> 3.6.1p2-12mdk - revert changed default in ssh_config to turn stricthostkey checking off because it is deemed too secure * Fri Jan 30 2004 Vincent Danen <vdanen@mandrakesoft.com> 3.6.1p2-11mdk - revert change; put scp back into openssh because openssh-server requires it; openssh-clients requires openssh so we should be ok - fix anthill #277 to make ssh-client.sh ksh-friendly * Wed Jan 28 2004 Vincent Danen <vdanen@mandrakesoft.com> 3.6.1p2-10mdk - add a bin-ssh-askpass alternative so we don't have a dangling symlink in the client package (bugzilla #6991) - put scp in the clients package as it cannot run without ssh (bugzilla * Mon Oct 20 2003 Frederic Lepied <flepied@mandrakesoft.com> 3.6.1p2-9mdk - rebuild for rewriting /etc/pam.d file * Tue Sep 16 2003 Vincent Danen <vdanen@mandrakesoft.com> 3.6.1p2-8mdk - revised patch for security fix * Tue Sep 16 2003 Vincent Danen <vdanen@mandrakesoft.com> 3.6.1p2-7mdk - security fix * Mon Aug 25 2003 Frederic Lepied <flepied@mandrakesoft.com> 3.6.1p2-6mdk - don't put pam_console and pam_limits in pam config file * Sat Aug 23 2003 Vincent Danen <vdanen@mandrakesoft.com> 3.6.1p2-5mdk - make openssh-server own /usr/lib/ssh (re: distlint) - spec cleanups (no more 7.2 support)