vishalmishra434 / rpms / openssh

Forked from rpms/openssh a month ago
Clone
Tomáš Mráz c9833c
# Do we want SELinux & Audit
cvsdist fe98d8
%define WITH_SELINUX 1
Tomáš Mráz fc72c2
cvsdist 8264e7
# OpenSSH privilege separation requires a user & group ID
cvsdist 8264e7
%define sshd_uid    74
cvsdist 8264e7
%define sshd_gid    74
cvsdist 8264e7
cvsdist f28bf6
# Do we want to disable building of gnome-askpass? (1=yes 0=no)
cvsdist f28bf6
%define no_gnome_askpass 0
cvsdist f28bf6
cvsdist b46e39
# Do we want to link against a static libcrypto? (1=yes 0=no)
cvsdist b46e39
%define static_libcrypto 0
cvsdist b46e39
cvsdist b46e39
# Do we want smartcard support (1=yes 0=no)
cvsdist b46e39
%define scard 0
cvsdist b46e39
cvsdist 3e66bd
# Use GTK2 instead of GNOME in gnome-ssh-askpass
cvsdist 3e66bd
%define gtk2 1
cvsdist 3e66bd
cvsdist fe98d8
# Build position-independent executables (requires toolchain support)?
Thomas Woerner b56212
%define pie 1
cvsdist fe98d8
cvsdist 3e66bd
# Do we want kerberos5 support (1=yes 0=no)
cvsdist 3e66bd
%define kerberos5 1
cvsdist 8264e7
Tomáš Mráz c9833c
# Do we want libedit support
Tomáš Mráz c9833c
%define libedit 1
Tomáš Mráz c9833c
Tomáš Mráz c3274c
# Do we want NSS tokens support
Tomáš Mráz c3274c
%define nss 1
Tomáš Mráz c3274c
cvsdist 8264e7
# Whether or not /sbin/nologin exists.
cvsdist 8264e7
%define nologin 1
cvsdist 8264e7
cvsdist 43f95f
# Reserve options to override askpass settings with:
cvsdist 43f95f
# rpm -ba|--rebuild --define 'skip_xxx 1'
cvsdist 43f95f
%{?skip_gnome_askpass:%define no_gnome_askpass 1}
cvsdist 43f95f
cvsdist ffdec5
# Add option to build without GTK2 for older platforms with only GTK+.
Nalin Dahyabhai 389c43
# Red Hat Linux <= 7.2 and Red Hat Advanced Server 2.1 are examples.
cvsdist ffdec5
# rpm -ba|--rebuild --define 'no_gtk2 1'
cvsdist ffdec5
%{?no_gtk2:%define gtk2 0}
cvsdist ffdec5
cvsdist b46e39
# Options for static OpenSSL link:
cvsdist b46e39
# rpm -ba|--rebuild --define "static_openssl 1"
cvsdist b46e39
%{?static_openssl:%define static_libcrypto 1}
cvsdist b46e39
cvsdist b46e39
# Options for Smartcard support: (needs libsectok and openssl-engine)
cvsdist b46e39
# rpm -ba|--rebuild --define "smartcard 1"
cvsdist b46e39
%{?smartcard:%define scard 1}
cvsdist b46e39
cvsdist b46e39
# Is this a build for the rescue CD (without PAM, with MD5)? (1=yes 0=no)
cvsdist b46e39
%define rescue 0
cvsdist b46e39
%{?build_rescue:%define rescue 1}
Tomáš Mráz c12d6b
%{?build_rescue:%define rescue_rel rescue}
cvsdist b46e39
cvsdist 3e66bd
# Turn off some stuff for resuce builds
cvsdist 3e66bd
%if %{rescue}
cvsdist 3e66bd
%define kerberos5 0
Tomáš Mráz c9833c
%define libedit 0
cvsdist 3e66bd
%endif
cvsdist 3e66bd
Tomáš Mráz 9e5c6e
Summary: An open source implementation of SSH protocol versions 1 and 2
cvsdist f71077
Name: openssh
Jan F. Chadima a3ba41
Version: 5.2p1
Jan F. Chadima 3d51c7
Release: 25%{?dist}%{?rescue_rel}
cvsdist f71077
URL: http://www.openssh.com/portable.html
Nalin Dahyabhai deb1e4
#Source0: ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-%{version}.tar.gz
Tomáš Mráz c9833c
#Source1: ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-%{version}.tar.gz.asc
Tomáš Mráz b40baa
# This package differs from the upstream OpenSSH tarball in that
Tomáš Mráz b40baa
# the ACSS cipher is removed by running openssh-nukeacss.sh in
Tomáš Mráz b40baa
# the unpacked source directory.
Tomáš Mráz 5de53f
Source0: openssh-%{version}-noacss.tar.bz2
Nalin Dahyabhai deb1e4
Source1: openssh-nukeacss.sh
Tomáš Mráz ca47f6
Source2: sshd.pam
Tomáš Mráz ca47f6
Source3: sshd.init
Jan F. Chadima a3ba41
Patch0: openssh-5.2p1-redhat.patch
Tomáš Mráz 09510a
Patch2: openssh-5.1p1-skip-initial.patch
cvsdist ffdec5
Patch3: openssh-3.8.1p1-krb5-config.patch
Jan F. Chadima a3ba41
Patch4: openssh-5.2p1-vendor.patch
Jan F. Chadima a3ba41
Patch12: openssh-5.2p1-selinux.patch
Tomáš Mráz ec5276
Patch13: openssh-5.1p1-mls.patch
Tomáš Mráz c9833c
Patch16: openssh-4.7p1-audit.patch
Tomáš Mráz 09510a
Patch18: openssh-5.0p1-pam_selinux.patch
Jan F. Chadima 15914f
Patch19: openssh-5.2p1-sesftp.patch
Tomáš Mráz 4c55a5
Patch22: openssh-3.9p1-askpass-keep-above.patch
Tomáš Mráz fd638a
Patch24: openssh-4.3p1-fromto-remote.patch
Tomáš Mráz 93a474
Patch27: openssh-5.1p1-log-in-chroot.patch
Tomáš Mráz fa1481
Patch30: openssh-4.0p1-exit-deadlock.patch
Tomáš Mráz ec5276
Patch35: openssh-5.1p1-askpass-progress.patch
Tomáš Mráz ef3242
Patch38: openssh-4.3p2-askpass-grab-info.patch
Tomáš Mráz c12d6b
Patch39: openssh-4.3p2-no-v6only.patch
Jan F. Chadima bd8eb9
Patch44: openssh-5.2p1-allow-ip-opts.patch
Tomáš Mráz 914284
Patch49: openssh-4.3p2-gssapi-canohost.patch
Jan F. Chadima a3ba41
Patch51: openssh-5.2p1-nss-keys.patch
Tomáš Mráz 93a474
Patch55: openssh-5.1p1-cloexec.patch
Tomáš Mráz ec5276
Patch62: openssh-5.1p1-scp-manpage.patch
Jan F. Chadima a3ba41
Patch65: openssh-5.2p1-fips.patch
Jan F. Chadima f4b0b4
Patch68: openssh-5.2p1-pathmax.patch
Jan F. Chadima ca05b3
Patch69: openssh-5.2p1-selabel.patch
Jan F. Chadima 986cee
Patch71: openssh-5.2p1-edns.patch
Tomáš Mráz 2cb0e7
cvsdist 7d7b03
License: BSD
cvsdist f71077
Group: Applications/Internet
Tomáš Mráz 9d725b
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
cvsdist 8264e7
%if %{nologin}
cvsdist 8264e7
Requires: /sbin/nologin
cvsdist 8264e7
%endif
cvsdist 8264e7
Tomáš Mráz ef3242
Requires: initscripts >= 5.20
cvsdist 8264e7
Bill Nottingham c92dff
%if ! %{no_gnome_askpass}
cvsdist 092b0a
%if %{gtk2}
Tomáš Mráz ef3242
BuildRequires: gtk2-devel
Tomáš Mráz ef3242
BuildRequires: libX11-devel
Bill Nottingham c92dff
%else
Tomáš Mráz ef3242
BuildRequires: gnome-libs-devel
cvsdist 092b0a
%endif
Bill Nottingham c92dff
%endif
Bill Nottingham c92dff
cvsdist 5ef607
%if %{scard}
Tomáš Mráz ef3242
BuildRequires: sharutils
cvsdist 5ef607
%endif
Tomáš Mráz d93958
BuildRequires: autoconf, automake, perl, zlib-devel
Tomáš Mráz ef3242
BuildRequires: audit-libs-devel
Tomáš Mráz ef3242
BuildRequires: util-linux, groff, man
Tomáš Mráz ef3242
BuildRequires: pam-devel
Tomáš Mráz fc2f31
BuildRequires: tcp_wrappers-devel
Tomáš Mráz d93958
BuildRequires: fipscheck-devel
Tomáš Mráz d93958
BuildRequires: openssl-devel >= 0.9.8j
cvsdist 8264e7
cvsdist 3e66bd
%if %{kerberos5}
Tomáš Mráz ef3242
BuildRequires: krb5-devel
cvsdist 3e66bd
%endif
cvsdist 3e66bd
Tomáš Mráz c9833c
%if %{libedit}
Tomáš Mráz 0a9a40
BuildRequires: libedit-devel ncurses-devel
Tomáš Mráz c9833c
%endif
Tomáš Mráz c9833c
Tomáš Mráz 0092bb
%if %{nss}
Tomáš Mráz 0092bb
BuildRequires: nss-devel
Tomáš Mráz 0092bb
%endif
Tomáš Mráz 0092bb
Tomáš Mráz fc72c2
%if %{WITH_SELINUX}
Daniel J Walsh 0e07ed
Requires: libselinux >= 1.27.7
Daniel J Walsh 0e07ed
BuildRequires: libselinux-devel >= 1.27.7
Tomáš Mráz fc72c2
Requires: audit-libs >= 1.0.8
Tomáš Mráz fc72c2
BuildRequires: audit-libs >= 1.0.8
Tomáš Mráz fc72c2
%endif
cvsdist 5ef607
Tomáš Mráz ef3242
BuildRequires: xauth
Tomáš Mráz ef3242
cvsdist f71077
%package clients
Tomáš Mráz 9e5c6e
Summary: An open source SSH client applications
cvsdist 328740
Requires: openssh = %{version}-%{release}
cvsdist f71077
Group: Applications/Internet
cvsdist f71077
cvsdist f71077
%package server
Tomáš Mráz 9e5c6e
Summary: An open source SSH server daemon
cvsdist f71077
Group: System Environment/Daemons
Tomáš Mráz ef3242
Requires: openssh = %{version}-%{release}
Tomáš Mráz ef3242
Requires(post): chkconfig >= 0.9, /sbin/service
Tomáš Mráz ef3242
Requires(pre): /usr/sbin/useradd
Tomáš Mráz 1961bc
Requires: pam >= 1.0.1-3
cvsdist f71077
cvsdist f71077
%package askpass
Tomáš Mráz ef3242
Summary: A passphrase dialog for OpenSSH and X
cvsdist f71077
Group: Applications/Internet
cvsdist 328740
Requires: openssh = %{version}-%{release}
Tomáš Mráz 762e40
Obsoletes: openssh-askpass-gnome
Tomáš Mráz 762e40
Provides: openssh-askpass-gnome
cvsdist f71077
cvsdist f71077
%description
cvsdist 7d7b03
SSH (Secure SHell) is a program for logging into and executing
cvsdist 7d7b03
commands on a remote machine. SSH is intended to replace rlogin and
cvsdist 7d7b03
rsh, and to provide secure encrypted communications between two
cvsdist 7d7b03
untrusted hosts over an insecure network. X11 connections and
cvsdist f71077
arbitrary TCP/IP ports can also be forwarded over the secure channel.
cvsdist f71077
cvsdist 7d7b03
OpenSSH is OpenBSD's version of the last free version of SSH, bringing
Tomáš Mráz 9e5c6e
it up to date in terms of security and features.
cvsdist f71077
cvsdist f71077
This package includes the core files necessary for both the OpenSSH
cvsdist 7d7b03
client and server. To make this package useful, you should also
cvsdist f71077
install openssh-clients, openssh-server, or both.
cvsdist f71077
cvsdist f71077
%description clients
cvsdist 7d7b03
OpenSSH is a free version of SSH (Secure SHell), a program for logging
cvsdist 7d7b03
into and executing commands on a remote machine. This package includes
cvsdist 7d7b03
the clients necessary to make encrypted connections to SSH servers.
cvsdist f71077
cvsdist f71077
%description server
cvsdist 7d7b03
OpenSSH is a free version of SSH (Secure SHell), a program for logging
cvsdist 7d7b03
into and executing commands on a remote machine. This package contains
cvsdist 7d7b03
the secure shell daemon (sshd). The sshd daemon allows SSH clients to
Tomáš Mráz 9e5c6e
securely connect to your SSH server.
cvsdist f71077
cvsdist f71077
%description askpass
cvsdist 7d7b03
OpenSSH is a free version of SSH (Secure SHell), a program for logging
cvsdist 7d7b03
into and executing commands on a remote machine. This package contains
cvsdist 7d7b03
an X11 passphrase dialog for OpenSSH.
cvsdist f71077
cvsdist 43f95f
%prep
cvsdist 43f95f
%setup -q
cvsdist 43f95f
%patch0 -p1 -b .redhat
cvsdist ffdec5
%patch2 -p1 -b .skip-initial
cvsdist ffdec5
%patch3 -p1 -b .krb5-config
Nalin Dahyabhai 8ccaa9
%patch4 -p1 -b .vendor
Tomáš Mráz c9833c
Tomáš Mráz fc72c2
%if %{WITH_SELINUX}
Tomáš Mráz fc72c2
#SELinux
cvsdist 092b0a
%patch12 -p1 -b .selinux
Tomáš Mráz c9833c
%patch13 -p1 -b .mls
Tomáš Mráz fc72c2
%patch16 -p1 -b .audit
Tomáš Mráz 09510a
%patch18 -p1 -b .pam_selinux
Jan F. Chadima 15914f
%patch19 -p1 -b .sesftp
Tomáš Mráz fc72c2
%endif
Tomáš Mráz fc72c2
Tomáš Mráz 4c55a5
%patch22 -p1 -b .keep-above
Tomáš Mráz 8d62bf
%patch24 -p1 -b .fromto-remote
Tomáš Mráz e01ed6
%patch27 -p1 -b .log-chroot
Tomáš Mráz fa1481
%patch30 -p1 -b .exit-deadlock
Tomáš Mráz 09d7e6
%patch35 -p1 -b .progress
Tomáš Mráz ef3242
%patch38 -p1 -b .grab-info
Tomáš Mráz c12d6b
%patch39 -p1 -b .no-v6only
Tomáš Mráz ac4818
%patch44 -p1 -b .ip-opts
Tomáš Mráz 914284
%patch49 -p1 -b .canohost
Tomáš Mráz c3274c
%patch51 -p1 -b .nss-keys
Tomáš Mráz 2cb0e7
%patch55 -p1 -b .cloexec
Tomáš Mráz ec5276
%patch62 -p1 -b .manpage
Tomáš Mráz d93958
%patch65 -p1 -b .fips
Jan F. Chadima f4b0b4
%patch68 -p1 -b .pathmax
Jan F. Chadima ca05b3
%patch69 -p1 -b .selabel
Jan F. Chadima 986cee
%patch71 -p1 -b .edns
Nalin Dahyabhai 05c945
Nalin Dahyabhai 8ccaa9
autoreconf
cvsdist ffdec5
cvsdist 43f95f
%build
Tomáš Mráz 09d7e6
CFLAGS="$RPM_OPT_FLAGS"; export CFLAGS
cvsdist fe98d8
%if %{rescue}
cvsdist fe98d8
CFLAGS="$CFLAGS -Os"
cvsdist fe98d8
%endif
cvsdist fe98d8
%if %{pie}
Dennis Gilmore 91bdf4
%ifarch s390 s390x sparc sparcv9 sparc64
cvsdist 8f8720
CFLAGS="$CFLAGS -fPIE"
cvsdist 8f8720
%else
cvsdist 8f8720
CFLAGS="$CFLAGS -fpie"
cvsdist 8f8720
%endif
cvsdist 8f8720
export CFLAGS
cvsdist 8f8720
LDFLAGS="$LDFLAGS -pie"; export LDFLAGS
cvsdist fe98d8
%endif
cvsdist 092b0a
%if %{kerberos5}
Tomáš Mráz 2cc09c
source /etc/profile.d/krb5-devel.sh
cvsdist 092b0a
krb5_prefix=`krb5-config --prefix`
cvsdist 092b0a
if test "$krb5_prefix" != "%{_prefix}" ; then
cvsdist 092b0a
	CPPFLAGS="$CPPFLAGS -I${krb5_prefix}/include -I${krb5_prefix}/include/gssapi"; export CPPFLAGS
cvsdist 092b0a
	CFLAGS="$CFLAGS -I${krb5_prefix}/include -I${krb5_prefix}/include/gssapi"
cvsdist 092b0a
	LDFLAGS="$LDFLAGS -L${krb5_prefix}/%{_lib}"; export LDFLAGS
cvsdist 092b0a
else
cvsdist 092b0a
	krb5_prefix=
cvsdist 092b0a
	CPPFLAGS="-I%{_includedir}/gssapi"; export CPPFLAGS
cvsdist 092b0a
	CFLAGS="$CFLAGS -I%{_includedir}/gssapi"
cvsdist 092b0a
fi
cvsdist 092b0a
%endif
cvsdist b46e39
cvsdist 43f95f
%configure \
cvsdist 43f95f
	--sysconfdir=%{_sysconfdir}/ssh \
cvsdist 43f95f
	--libexecdir=%{_libexecdir}/openssh \
cvsdist b46e39
	--datadir=%{_datadir}/openssh \
cvsdist 43f95f
	--with-tcp-wrappers \
cvsdist 8264e7
	--with-default-path=/usr/local/bin:/bin:/usr/bin \
cvsdist 8264e7
	--with-superuser-path=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin \
cvsdist 8264e7
	--with-privsep-path=%{_var}/empty/sshd \
Nalin Dahyabhai 8ccaa9
	--enable-vendor-patchlevel="FC-%{version}-%{release}" \
Nalin Dahyabhai 8ccaa9
	--disable-strip \
Tomáš Mráz de2e7a
	--without-zlib-version-check \
Tomáš Mráz ff6d59
	--with-ssl-engine \
Tomáš Mráz c3274c
%if %{nss}
Tomáš Mráz c3274c
	--with-nss \
Tomáš Mráz c3274c
%endif
cvsdist b46e39
%if %{scard}
cvsdist b46e39
	--with-smartcard \
cvsdist b46e39
%endif
cvsdist 43f95f
%if %{rescue}
cvsdist ffdec5
	--without-pam \
cvsdist 3e66bd
%else
cvsdist 3e66bd
	--with-pam \
cvsdist 3e66bd
%endif
Tomáš Mráz fc72c2
%if %{WITH_SELINUX}
Tomáš Mráz c9833c
	--with-selinux --with-linux-audit \
Tomáš Mráz fc72c2
%endif
cvsdist 3e66bd
%if %{kerberos5}
Tomáš Mráz c9833c
	--with-kerberos5${krb5_prefix:+=${krb5_prefix}} \
cvsdist 43f95f
%else
Tomáš Mráz c9833c
	--without-kerberos5 \
Tomáš Mráz c9833c
%endif
Tomáš Mráz c9833c
%if %{libedit}
Tomáš Mráz c9833c
	--with-libedit
Tomáš Mráz c9833c
%else
Tomáš Mráz c9833c
	--without-libedit
cvsdist b46e39
%endif
cvsdist b46e39
cvsdist b46e39
%if %{static_libcrypto}
cvsdist b46e39
perl -pi -e "s|-lcrypto|%{_libdir}/libcrypto.a|g" Makefile
cvsdist 43f95f
%endif
cvsdist 43f95f
cvsdist 43f95f
make
cvsdist 43f95f
cvsdist 8264e7
# Define a variable to toggle gnome1/gtk2 building.  This is necessary
cvsdist 8264e7
# because RPM doesn't handle nested %if statements.
cvsdist 8264e7
%if %{gtk2}
cvsdist 3e66bd
	gtk2=yes
cvsdist 8264e7
%else
cvsdist 3e66bd
	gtk2=no
cvsdist 8264e7
%endif
cvsdist 8264e7
cvsdist 43f95f
%if ! %{no_gnome_askpass}
cvsdist 43f95f
pushd contrib
cvsdist 8264e7
if [ $gtk2 = yes ] ; then
cvsdist 3e66bd
	make gnome-ssh-askpass2
cvsdist 3e66bd
	mv gnome-ssh-askpass2 gnome-ssh-askpass
cvsdist 8264e7
else
cvsdist 3e66bd
	make gnome-ssh-askpass1
cvsdist 3e66bd
	mv gnome-ssh-askpass1 gnome-ssh-askpass
cvsdist 8264e7
fi
cvsdist 43f95f
popd
cvsdist 43f95f
%endif
cvsdist 43f95f
Tomáš Mráz d93958
# Add generation of HMAC checksums of the final stripped binaries
Tomáš Mráz d93958
%define __spec_install_post \
Tomáš Mráz d93958
    %{?__debug_package:%{__debug_install_post}} \
Tomáš Mráz d93958
    %{__arch_install_post} \
Tomáš Mráz d93958
    %{__os_install_post} \
Tomáš Mráz d93958
    fipshmac $RPM_BUILD_ROOT%{_bindir}/ssh \
Tomáš Mráz d93958
    fipshmac $RPM_BUILD_ROOT%{_sbindir}/sshd \
Tomáš Mráz d93958
%{nil}
Tomáš Mráz d93958
cvsdist 43f95f
%install
cvsdist 43f95f
rm -rf $RPM_BUILD_ROOT
cvsdist 43f95f
mkdir -p -m755 $RPM_BUILD_ROOT%{_sysconfdir}/ssh
cvsdist 43f95f
mkdir -p -m755 $RPM_BUILD_ROOT%{_libexecdir}/openssh
Tomáš Mráz 320a1c
mkdir -p -m755 $RPM_BUILD_ROOT%{_var}/empty/sshd
cvsdist 43f95f
make install DESTDIR=$RPM_BUILD_ROOT
cvsdist 43f95f
cvsdist 43f95f
install -d $RPM_BUILD_ROOT/etc/pam.d/
cvsdist 43f95f
install -d $RPM_BUILD_ROOT/etc/rc.d/init.d
cvsdist 43f95f
install -d $RPM_BUILD_ROOT%{_libexecdir}/openssh
Tomáš Mráz ca47f6
install -m644 %{SOURCE2} $RPM_BUILD_ROOT/etc/pam.d/sshd
Tomáš Mráz ca47f6
install -m755 %{SOURCE3} $RPM_BUILD_ROOT/etc/rc.d/init.d/sshd
Tomáš Mráz f94d8f
install -m755 contrib/ssh-copy-id $RPM_BUILD_ROOT%{_bindir}/
Tomáš Mráz f94d8f
install contrib/ssh-copy-id.1 $RPM_BUILD_ROOT%{_mandir}/man1/
cvsdist 43f95f
cvsdist 43f95f
%if ! %{no_gnome_askpass}
cvsdist 43f95f
install -s contrib/gnome-ssh-askpass $RPM_BUILD_ROOT%{_libexecdir}/openssh/gnome-ssh-askpass
cvsdist 43f95f
%endif
cvsdist 43f95f
cvsdist 818000
%if ! %{scard}
cvsdist 3e66bd
	rm -f $RPM_BUILD_ROOT%{_datadir}/openssh/Ssh.bin
cvsdist 818000
%endif
cvsdist 818000
cvsdist ffdec5
%if ! %{no_gnome_askpass}
Tomáš Mráz 09d7e6
ln -s gnome-ssh-askpass $RPM_BUILD_ROOT%{_libexecdir}/openssh/ssh-askpass
cvsdist b46e39
install -m 755 -d $RPM_BUILD_ROOT%{_sysconfdir}/profile.d/
cvsdist 8264e7
install -m 755 contrib/redhat/gnome-ssh-askpass.csh $RPM_BUILD_ROOT%{_sysconfdir}/profile.d/
cvsdist 8264e7
install -m 755 contrib/redhat/gnome-ssh-askpass.sh $RPM_BUILD_ROOT%{_sysconfdir}/profile.d/
cvsdist ffdec5
%endif
cvsdist 43f95f
cvsdist 5ef607
%if %{no_gnome_askpass}
cvsdist 5ef607
rm -f $RPM_BUILD_ROOT/etc/profile.d/gnome-ssh-askpass.*
cvsdist 5ef607
%endif
cvsdist 5ef607
cvsdist 43f95f
perl -pi -e "s|$RPM_BUILD_ROOT||g" $RPM_BUILD_ROOT%{_mandir}/man*/*
cvsdist 43f95f
Tomáš Mráz c3274c
rm -f README.nss.nss-keys
Tomáš Mráz c3274c
%if ! %{nss}
Tomáš Mráz c3274c
rm -f README.nss
Tomáš Mráz c3274c
%endif
cvsdist 43f95f
%clean
cvsdist 43f95f
rm -rf $RPM_BUILD_ROOT
cvsdist 43f95f
cvsdist 8264e7
%pre server
cvsdist 8264e7
%if %{nologin}
Tomáš Mráz ad07b9
/usr/sbin/useradd -c "Privilege-separated SSH" -u %{sshd_uid} \
cvsdist 8264e7
	-s /sbin/nologin -r -d /var/empty/sshd sshd 2> /dev/null || :
cvsdist 8264e7
%else
Tomáš Mráz ad07b9
/usr/sbin/useradd -c "Privilege-separated SSH" -u %{sshd_uid} \
cvsdist 8264e7
	-s /dev/null -r -d /var/empty/sshd sshd 2> /dev/null || :
cvsdist 8264e7
%endif
cvsdist 8264e7
cvsdist 43f95f
%post server
cvsdist 43f95f
/sbin/chkconfig --add sshd
cvsdist 43f95f
cvsdist 43f95f
%postun server
cvsdist 43f95f
/sbin/service sshd condrestart > /dev/null 2>&1 || :
cvsdist 43f95f
cvsdist 43f95f
%preun server
cvsdist 43f95f
if [ "$1" = 0 ]
cvsdist 43f95f
then
cvsdist 43f95f
	/sbin/service sshd stop > /dev/null 2>&1 || :
cvsdist 43f95f
	/sbin/chkconfig --del sshd
cvsdist 43f95f
fi
cvsdist 43f95f
cvsdist 43f95f
%files
cvsdist 43f95f
%defattr(-,root,root)
Tomáš Mráz 93a474
%doc CREDITS ChangeLog INSTALL LICENCE OVERVIEW PROTOCOL* README* TODO WARNING*
cvsdist 43f95f
%attr(0755,root,root) %dir %{_sysconfdir}/ssh
cvsdist b46e39
%attr(0600,root,root) %config(noreplace) %{_sysconfdir}/ssh/moduli
cvsdist 43f95f
%if ! %{rescue}
cvsdist 43f95f
%attr(0755,root,root) %{_bindir}/ssh-keygen
cvsdist 43f95f
%attr(0644,root,root) %{_mandir}/man1/ssh-keygen.1*
cvsdist 43f95f
%attr(0755,root,root) %dir %{_libexecdir}/openssh
Tomáš Mráz ef3242
%attr(4755,root,root) %{_libexecdir}/openssh/ssh-keysign
cvsdist 8264e7
%attr(0644,root,root) %{_mandir}/man8/ssh-keysign.8*
cvsdist 43f95f
%endif
cvsdist b46e39
%if %{scard}
cvsdist b46e39
%attr(0755,root,root) %dir %{_datadir}/openssh
cvsdist b46e39
%attr(0644,root,root) %{_datadir}/openssh/Ssh.bin
cvsdist b46e39
%endif
cvsdist 43f95f
cvsdist 43f95f
%files clients
cvsdist 43f95f
%defattr(-,root,root)
cvsdist 8264e7
%attr(0755,root,root) %{_bindir}/ssh
Tomáš Mráz d93958
%attr(0644,root,root) %{_bindir}/.ssh.hmac
cvsdist 43f95f
%attr(0644,root,root) %{_mandir}/man1/ssh.1*
cvsdist 3e66bd
%attr(0755,root,root) %{_bindir}/scp
cvsdist 3e66bd
%attr(0644,root,root) %{_mandir}/man1/scp.1*
cvsdist 43f95f
%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/ssh/ssh_config
Tomáš Mráz ef3242
%attr(0755,root,root) %{_bindir}/slogin
cvsdist 3e66bd
%attr(0644,root,root) %{_mandir}/man1/slogin.1*
cvsdist 3e66bd
%attr(0644,root,root) %{_mandir}/man5/ssh_config.5*
cvsdist 43f95f
%if ! %{rescue}
cvsdist ffdec5
%attr(2755,root,nobody) %{_bindir}/ssh-agent
cvsdist 43f95f
%attr(0755,root,root) %{_bindir}/ssh-add
cvsdist 43f95f
%attr(0755,root,root) %{_bindir}/ssh-keyscan
cvsdist 43f95f
%attr(0755,root,root) %{_bindir}/sftp
Tomáš Mráz f94d8f
%attr(0755,root,root) %{_bindir}/ssh-copy-id
cvsdist 43f95f
%attr(0644,root,root) %{_mandir}/man1/ssh-agent.1*
cvsdist 43f95f
%attr(0644,root,root) %{_mandir}/man1/ssh-add.1*
cvsdist 43f95f
%attr(0644,root,root) %{_mandir}/man1/ssh-keyscan.1*
cvsdist 43f95f
%attr(0644,root,root) %{_mandir}/man1/sftp.1*
Tomáš Mráz f94d8f
%attr(0644,root,root) %{_mandir}/man1/ssh-copy-id.1*
cvsdist 43f95f
%endif
cvsdist 43f95f
cvsdist 43f95f
%if ! %{rescue}
cvsdist 43f95f
%files server
cvsdist 43f95f
%defattr(-,root,root)
Tomáš Mráz ef3242
%dir %attr(0711,root,root) %{_var}/empty/sshd
cvsdist 43f95f
%attr(0755,root,root) %{_sbindir}/sshd
Tomáš Mráz d93958
%attr(0644,root,root) %{_sbindir}/.sshd.hmac
cvsdist 43f95f
%attr(0755,root,root) %{_libexecdir}/openssh/sftp-server
cvsdist 8264e7
%attr(0644,root,root) %{_mandir}/man5/sshd_config.5*
Tomáš Mráz 93a474
%attr(0644,root,root) %{_mandir}/man5/moduli.5*
cvsdist 43f95f
%attr(0644,root,root) %{_mandir}/man8/sshd.8*
cvsdist 43f95f
%attr(0644,root,root) %{_mandir}/man8/sftp-server.8*
cvsdist 43f95f
%attr(0600,root,root) %config(noreplace) %{_sysconfdir}/ssh/sshd_config
Tomáš Mráz 5a8f6b
%attr(0644,root,root) %config(noreplace) /etc/pam.d/sshd
Tomáš Mráz ef3242
%attr(0755,root,root) /etc/rc.d/init.d/sshd
cvsdist 43f95f
%endif
cvsdist 43f95f
cvsdist 43f95f
%if ! %{no_gnome_askpass}
Tomáš Mráz 09d7e6
%files askpass
cvsdist 43f95f
%defattr(-,root,root)
Tomáš Mráz b40baa
%attr(0644,root,root) %{_sysconfdir}/profile.d/gnome-ssh-askpass.*
cvsdist 43f95f
%attr(0755,root,root) %{_libexecdir}/openssh/gnome-ssh-askpass
Tomáš Mráz 09d7e6
%attr(0755,root,root) %{_libexecdir}/openssh/ssh-askpass
cvsdist 43f95f
%endif
cvsdist 43f95f
cvsdist f71077
%changelog
Jan F. Chadima 0447c9
* Fri Sep 11 2009 Jan F. Chadima <jchadima@redhat.com> - 5.2p1-25
Jan F. Chadima 0447c9
- Dropped homechroot patch
Jan F. Chadima 0447c9
Jan F. Chadima 257d66
* Mon Sep  7 2009 Jan F. Chadima <jchadima@redhat.com> - 5.2p1-24
Jan F. Chadima 257d66
- Add check for nosuid, nodev in homechroot
Jan F. Chadima 257d66
Jan F. Chadima 49d0cf
* Tue Sep  1 2009 Jan F. Chadima <jchadima@redhat.com> - 5.2p1-23
Jan F. Chadima 49d0cf
- add correct patch for ip-opts
Jan F. Chadima 49d0cf
Jan F. Chadima bd8eb9
* Tue Sep  1 2009 Jan F. Chadima <jchadima@redhat.com> - 5.2p1-22
Jan F. Chadima bd8eb9
- replace ip-opts patch by an upstream candidate version
Jan F. Chadima bd8eb9
Jan F. Chadima ce94da
* Mon Aug 31 2009 Jan F. Chadima <jchadima@redhat.com> - 5.2p1-21
Jan F. Chadima 726565
- rearange selinux patch to be acceptable for upstream
Jan F. Chadima 726565
- replace seftp patch by an upstream version
Jan F. Chadima 726565
Jan F. Chadima 15914f
* Fri Aug 28 2009 Jan F. Chadima <jchadima@redhat.com> - 5.2p1-20
Jan F. Chadima 15914f
- merged xmodifiers to redhat patch
Jan F. Chadima 15914f
- merged gssapi-role to selinux patch
Jan F. Chadima 15914f
- merged cve-2007_3102 to audit patch
Jan F. Chadima 15914f
- sesftp patch only with WITH_SELINUX flag
Jan F. Chadima 56bb42
- rearange sesftp patch according to upstream request
Jan F. Chadima 15914f
Jan F. Chadima 214b7b
* Wed Aug 26 2009 Jan F. Chadima <jchadima@redhat.com> - 5.2p1-19
Jan F. Chadima 214b7b
- minor change in sesftp patch
Jan F. Chadima 214b7b
Tomáš Mráz 80bcb1
* Fri Aug 21 2009 Tomas Mraz <tmraz@redhat.com> - 5.2p1-18
Tomáš Mráz 80bcb1
- rebuilt with new openssl
Tomáš Mráz 80bcb1
Jan F. Chadima 986cee
* Thu Jul 30 2009 Jan F. Chadima <jchadima@redhat.com> - 5.2p1-17
Jan F. Chadima 986cee
- Added dnssec support.
Jan F. Chadima 986cee
Jesse Keating 42c539
* Sat Jul 25 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 5.2p1-16
Jesse Keating 42c539
- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild
Jesse Keating 42c539
Jan F. Chadima aa8983
* Fri Jul 24 2009 Jan F. Chadima <jchadima@redhat.com> - 5.2p1-15
Jan F. Chadima aa8983
- only INTERNAL_SFTP can be home-chrooted
Jan F. Chadima aa8983
- save _u and _r parts of context changing to sftpd_t
Jan F. Chadima aa8983
Jan F. Chadima 3d6b00
* Fri Jul 17 2009 Jan F. Chadima <jchadima@redhat.com> - 5.2p1-14
Jan F. Chadima 3d6b00
- changed internal-sftp context to sftpd_t
Jan F. Chadima 3d6b00
Jan F. Chadima 3d6b00
* Fri Jul  3 2009 Jan F. Chadima <jchadima@redhat.com> - 5.2p1-13
Jan F. Chadima 3d6b00
- changed home length path patch to upstream version
Jan F. Chadima 3d6b00
Jan F. Chadima 3d6b00
* Tue Jun 30 2009 Jan F. Chadima <jchadima@redhat.com> - 5.2p1-12
Jan F. Chadima ca05b3
- create '~/.ssh/known_hosts' within proper context
Jan F. Chadima ca05b3
Jan F. Chadima f4b0b4
* Mon Jun 29 2009 Jan F. Chadima <jchadima@redhat.com> - 5.2p1-11
Jan F. Chadima f4b0b4
- length of home path in ssh now limited by PATH_MAX
Jan F. Chadima ca05b3
- correct timezone with daylight processing
Jan F. Chadima f4b0b4
Jan F. Chadima eca05f
* Sat Jun 27 2009 Jan F. Chadima <jchadima@redhat.com> - 5.2p1-10
Jan F. Chadima eca05f
- final version chroot %%h (sftp only)
Jan F. Chadima eca05f
Jan F. Chadima c1398b
* Tue Jun 23 2009 Jan F. Chadima <jchadima@redhat.com> - 5.2p1-9
Jan F. Chadima c1398b
- repair broken ls in chroot %%h
Jan F. Chadima c1398b
Jan F. Chadima ecd846
* Fri Jun 12 2009 Jan F. Chadima <jchadima@redhat.com> - 5.2p1-8
Jan F. Chadima e45f2c
- add XMODIFIERS to exported environment
Jan F. Chadima e45f2c
Tomáš Mráz 76f329
* Fri May 15 2009 Tomas Mraz <tmraz@redhat.com> - 5.2p1-6
Tomáš Mráz 76f329
- allow only protocol 2 in the FIPS mode
Tomáš Mráz 76f329
Tomáš Mráz 685b62
* Thu Apr 30 2009 Tomas Mraz <tmraz@redhat.com> - 5.2p1-5
Tomáš Mráz 685b62
- do integrity verification only on binaries which are part
Tomáš Mráz 685b62
  of the OpenSSH FIPS modules
Tomáš Mráz 685b62
Tomáš Mráz 0a4fa5
* Mon Apr 20 2009 Tomas Mraz <tmraz@redhat.com> - 5.2p1-4
Tomáš Mráz 0a4fa5
- log if FIPS mode is initialized
Tomáš Mráz 0a4fa5
- make aes-ctr cipher modes work in the FIPS mode
Tomáš Mráz 0a4fa5
Jan F. Chadima 061e21
* Fri Apr  3 2009 Jan F. Chadima <jchadima@redhat.com> - 5.2p1-3
Jan F. Chadima 061e21
- fix logging after chroot
Jan F. Chadima 3a94ae
- enable non root users to use chroot %%h in internal-sftp
Jan F. Chadima 061e21
Tomáš Mráz 0f07b4
* Fri Mar 13 2009 Tomas Mraz <tmraz@redhat.com> - 5.2p1-2
Tomáš Mráz 0f07b4
- add AES-CTR ciphers to the FIPS mode proposal
Tomáš Mráz 0f07b4
Tomáš Mráz 0f07b4
* Mon Mar  9 2009 Jan F. Chadima <jchadima@redhat.com> - 5.2p1-1
Jan F. Chadima a3ba41
- upgrade to new upstream release
Jan F. Chadima a3ba41
Jesse Keating c5f25a
* Thu Feb 26 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 5.1p1-8
Jesse Keating c5f25a
- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild
Jesse Keating c5f25a
Tomáš Mráz d93958
* Thu Feb 12 2009 Tomas Mraz <tmraz@redhat.com> - 5.1p1-7
Tomáš Mráz d93958
- drop obsolete triggers
Tomáš Mráz d93958
- add testing FIPS mode support
Tomáš Mráz d93958
- LSBize the initscript (#247014)
Tomáš Mráz d93958
Tomáš Mráz ff6d59
* Fri Jan 30 2009 Tomas Mraz <tmraz@redhat.com> - 5.1p1-6
Tomáš Mráz ff6d59
- enable use of ssl engines (#481100)
Tomáš Mráz ff6d59
Tomáš Mráz 6a5e29
* Thu Jan 15 2009 Tomas Mraz <tmraz@redhat.com> - 5.1p1-5
Tomáš Mráz 6a5e29
- remove obsolete --with-rsh (#478298)
Tomáš Mráz 6a5e29
- add pam_sepermit to allow blocking confined users in permissive mode
Tomáš Mráz 6a5e29
  (#471746)
Tomáš Mráz 6a5e29
- move system-auth after pam_selinux in the session stack
Tomáš Mráz 6a5e29
Tomáš Mráz 9e5c6e
* Thu Dec 11 2008 Tomas Mraz <tmraz@redhat.com> - 5.1p1-4
Tomáš Mráz 9e5c6e
- set FD_CLOEXEC on channel sockets (#475866)
Tomáš Mráz 9e5c6e
- adjust summary
Tomáš Mráz 9e5c6e
- adjust nss-keys patch so it is applicable without selinux patches (#470859)
Tomáš Mráz 9e5c6e
Tomáš Mráz b9a07a
* Fri Oct 17 2008 Tomas Mraz <tmraz@redhat.com> - 5.1p1-3
Tomáš Mráz b9a07a
- fix compatibility with some servers (#466818)
Tomáš Mráz b9a07a
Tomáš Mráz 578f0d
* Thu Jul 31 2008 Tomas Mraz <tmraz@redhat.com> - 5.1p1-2
Tomáš Mráz 578f0d
- fixed zero length banner problem (#457326)
Tomáš Mráz 578f0d
Tomáš Mráz 93a474
* Wed Jul 23 2008 Tomas Mraz <tmraz@redhat.com> - 5.1p1-1
Tomáš Mráz 93a474
- upgrade to new upstream release
Tomáš Mráz 93a474
- fixed a problem with public key authentication and explicitely
Tomáš Mráz 93a474
  specified SELinux role
Tomáš Mráz 93a474
Tomáš Mráz 077dad
* Wed May 21 2008 Tomas Mraz <tmraz@redhat.com> - 5.0p1-3
Tomáš Mráz 077dad
- pass the connection socket to ssh-keysign (#447680)
Tomáš Mráz 077dad
Tomáš Mráz 1961bc
* Mon May 19 2008 Tomas Mraz <tmraz@redhat.com> - 5.0p1-2
Tomáš Mráz 1961bc
- add LANGUAGE to accepted/sent environment variables (#443231)
Tomáš Mráz 1961bc
- use pam_selinux to obtain the user context instead of doing it itself
Tomáš Mráz 1961bc
- unbreak server keep alive settings (patch from upstream)
Tomáš Mráz 1961bc
- small addition to scp manpage
Tomáš Mráz 1961bc
Tomáš Mráz ca47f6
* Mon Apr  7 2008 Tomas Mraz <tmraz@redhat.com> - 5.0p1-1
Tomáš Mráz ca47f6
- upgrade to new upstream (#441066)
Tomáš Mráz ca47f6
- prevent initscript from killing itself on halt with upstart (#438449)
Tomáš Mráz ca47f6
- initscript status should show that the daemon is running
Tomáš Mráz ca47f6
  only when the main daemon is still alive (#430882)
Tomáš Mráz ca47f6
Tomáš Mráz ca47f6
* Thu Mar  6 2008 Tomas Mraz <tmraz@redhat.com> - 4.7p1-10
Tomáš Mráz ca47f6
- fix race on control master and cleanup stale control socket (#436311)
Tomáš Mráz ca47f6
  patches by David Woodhouse
Tomáš Mráz ca47f6
Tomáš Mráz 2cb0e7
* Fri Feb 29 2008 Tomas Mraz <tmraz@redhat.com> - 4.7p1-9
Tomáš Mráz 2cb0e7
- set FD_CLOEXEC on client socket
Tomáš Mráz 2cb0e7
- apply real fix for window size problem (#286181) from upstream
Tomáš Mráz 2cb0e7
- apply fix for the spurious failed bind from upstream
Tomáš Mráz 2cb0e7
- apply open handle leak in sftp fix from upstream
Tomáš Mráz 2cb0e7
Dennis Gilmore 91bdf4
* Tue Feb 12 2008 Dennis Gilmore <dennis@ausil.us> - 4.7p1-8
Dennis Gilmore 91bdf4
- we build for sparcv9 now  and it needs -fPIE
Dennis Gilmore 91bdf4
Tomáš Mráz 993dd1
* Thu Jan  3 2008 Tomas Mraz <tmraz@redhat.com> - 4.7p1-7
Tomáš Mráz 993dd1
- fix gssapi auth with explicit selinux role requested (#427303) - patch
Tomáš Mráz 993dd1
  by Nalin Dahyabhai
Tomáš Mráz 993dd1
Tomáš Mráz 3457e3
* Tue Dec  4 2007 Tomas Mraz <tmraz@redhat.com> - 4.7p1-6
Tomáš Mráz 2cc09c
- explicitly source krb5-devel profile script
Tomáš Mráz 3457e3
Tomáš Mráz 3457e3
* Tue Dec 04 2007 Release Engineering <rel-eng at fedoraproject dot org> - 4.7p1-5
Tomáš Mráz 3457e3
- Rebuild for openssl bump
Jesse Keating 9eac42
Tomáš Mráz b1ffa0
* Tue Nov 20 2007 Tomas Mraz <tmraz@redhat.com> - 4.7p1-4
Tomáš Mráz 8b8c4d
- do not copy /etc/localtime into the chroot as it is not
Tomáš Mráz 8b8c4d
  necessary anymore (#193184)
Tomáš Mráz 8b8c4d
- call setkeycreatecon when selinux context is established
Tomáš Mráz 8b8c4d
- test for NULL privk when freeing key (#391871) - patch by
Tomáš Mráz 8b8c4d
  Pierre Ossman
Tomáš Mráz 8b8c4d
Tomáš Mráz 95be08
* Mon Sep 17 2007 Tomas Mraz <tmraz@redhat.com> - 4.7p1-2
Tomáš Mráz 95be08
- revert default window size adjustments (#286181)
Tomáš Mráz 95be08
Tomáš Mráz c9833c
* Thu Sep  6 2007 Tomas Mraz <tmraz@redhat.com> - 4.7p1-1
Tomáš Mráz c9833c
- upgrade to latest upstream
Tomáš Mráz c9833c
- use libedit in sftp (#203009)
Tomáš Mráz c9833c
- fixed audit log injection problem (CVE-2007-3102)
Tomáš Mráz c9833c
Tomáš Mráz f37073
* Thu Aug  9 2007 Tomas Mraz <tmraz@redhat.com> - 4.5p1-8
Tomáš Mráz f37073
- fix sftp client problems on write error (#247802)
Tomáš Mráz f37073
- allow disabling autocreation of server keys (#235466)
Tomáš Mráz f37073
Tomáš Mráz c3274c
* Wed Jun 20 2007 Tomas Mraz <tmraz@redhat.com> - 4.5p1-7
Tomáš Mráz c3274c
- experimental NSS keys support
Tomáš Mráz c3274c
- correctly setup context when empty level requested (#234951)
Tomáš Mráz c3274c
Tomáš Mráz 7210c0
* Tue Mar 20 2007 Tomas Mraz <tmraz@redhat.com> - 4.5p1-6
Tomáš Mráz 7210c0
- mls level check must be done with default role same as requested
Tomáš Mráz 7210c0
Tomáš Mráz b40baa
* Mon Mar 19 2007 Tomas Mraz <tmraz@redhat.com> - 4.5p1-5
Tomáš Mráz b40baa
- make profile.d/gnome-ssh-askpass.* regular files (#226218)
Tomáš Mráz b40baa
Tomáš Mráz 546fdd
* Thu Feb 27 2007 Tomas Mraz <tmraz@redhat.com> - 4.5p1-4
Tomáš Mráz 546fdd
- reject connection if requested mls range is not obtained (#229278)
Tomáš Mráz 546fdd
Tomáš Mráz 9d725b
* Wed Feb 22 2007 Tomas Mraz <tmraz@redhat.com> - 4.5p1-3
Tomáš Mráz 9d725b
- improve Buildroot
Tomáš Mráz 9d725b
- remove duplicate /etc/ssh from files
Tomáš Mráz 9d725b
Tomáš Mráz c2b35d
* Tue Jan 16 2007 Tomas Mraz <tmraz@redhat.com> - 4.5p1-2
Tomáš Mráz c2b35d
- support mls on labeled networks (#220487)
Tomáš Mráz c2b35d
- support mls level selection on unlabeled networks
Tomáš Mráz c2b35d
- allow / in usernames in scp (only beginning /, ./, and ../ is special) 
Tomáš Mráz c2b35d
Tomáš Mráz ad07b9
* Thu Dec 21 2006 Tomas Mraz <tmraz@redhat.com> - 4.5p1-1
Tomáš Mráz ad07b9
- update to 4.5p1 (#212606)
Tomáš Mráz ad07b9
Tomáš Mráz 914284
* Thu Nov 30 2006 Tomas Mraz <tmraz@redhat.com> - 4.3p2-14
Tomáš Mráz 914284
- fix gssapi with DNS loadbalanced clusters (#216857)
Tomáš Mráz 914284
Tomáš Mráz d63dc6
* Tue Nov 28 2006 Tomas Mraz <tmraz@redhat.com> - 4.3p2-13
Tomáš Mráz d63dc6
- improved pam_session patch so it doesn't regress, the patch is necessary
Tomáš Mráz d63dc6
  for the pam_session_close to be called correctly as uid 0
Tomáš Mráz d63dc6
Tomáš Mráz ad61b1
* Fri Nov 10 2006 Tomas Mraz <tmraz@redhat.com> - 4.3p2-12
Tomáš Mráz ad61b1
- CVE-2006-5794 - properly detect failed key verify in monitor (#214641)
Tomáš Mráz ad61b1
Tomáš Mráz 19675a
* Thu Nov  2 2006 Tomas Mraz <tmraz@redhat.com> - 4.3p2-11
Tomáš Mráz 19675a
- merge sshd initscript patches
Tomáš Mráz 19675a
- kill all ssh sessions when stop is called in halt or reboot runlevel
Tomáš Mráz 19675a
- remove -TERM option from killproc so we don't race on sshd restart
Tomáš Mráz 19675a
Tomáš Mráz 7114c4
* Mon Oct  2 2006 Tomas Mraz <tmraz@redhat.com> - 4.3p2-10
Tomáš Mráz 7114c4
- improve gssapi-no-spnego patch (#208102)
Tomáš Mráz 7114c4
- CVE-2006-4924 - prevent DoS on deattack detector (#207957)
Tomáš Mráz 7114c4
- CVE-2006-5051 - don't call cleanups from signal handler (#208459)
Tomáš Mráz 7114c4
Tomáš Mráz ac4818
* Wed Aug 23 2006 Tomas Mraz <tmraz@redhat.com> - 4.3p2-9
Tomáš Mráz ac4818
- don't report duplicate syslog messages, use correct local time (#189158)
Tomáš Mráz ac4818
- don't allow spnego as gssapi mechanism (from upstream)
Tomáš Mráz ac4818
- fixed memleaks found by Coverity (from upstream)
Tomáš Mráz ac4818
- allow ip options except source routing (#202856) (patch by HP)
Tomáš Mráz ac4818
Tomáš Mráz c12d6b
* Tue Aug  8 2006 Tomas Mraz <tmraz@redhat.com> - 4.3p2-8
Tomáš Mráz c12d6b
- drop the pam-session patch from the previous build (#201341)
Tomáš Mráz c12d6b
- don't set IPV6_V6ONLY sock opt when listening on wildcard addr (#201594)
Tomáš Mráz c12d6b
Tomáš Mráz 762e40
* Thu Jul 20 2006 Tomas Mraz <tmraz@redhat.com> - 4.3p2-7
Tomáš Mráz 762e40
- dropped old ssh obsoletes
Tomáš Mráz 762e40
- call the pam_session_open/close from the monitor when privsep is
Tomáš Mráz 762e40
  enabled so it is always called as root (patch by Darren Tucker)
Tomáš Mráz 762e40
Tomáš Mráz ef3242
* Mon Jul 17 2006 Tomas Mraz <tmraz@redhat.com> - 4.3p2-6
Tomáš Mráz ef3242
- improve selinux patch (by Jan Kiszka)
Tomáš Mráz ef3242
- upstream patch for buffer append space error (#191940)
Tomáš Mráz ef3242
- fixed typo in configure.ac (#198986)
Tomáš Mráz ef3242
- added pam_keyinit to pam configuration (#198628)
Tomáš Mráz ef3242
- improved error message when askpass dialog cannot grab
Tomáš Mráz ef3242
  keyboard input (#198332)
Tomáš Mráz ef3242
- buildrequires xauth instead of xorg-x11-xauth
Tomáš Mráz ef3242
- fixed a few rpmlint warnings
Tomáš Mráz ef3242
Jesse Keating d446e9
* Wed Jul 12 2006 Jesse Keating <jkeating@redhat.com> - 4.3p2-5.1
Jesse Keating d446e9
- rebuild
Jesse Keating d446e9
Tomáš Mráz 7e1c55
* Fri Apr 14 2006 Tomas Mraz <tmraz@redhat.com> - 4.3p2-5
Tomáš Mráz 7e1c55
- don't request pseudoterminal allocation if stdin is not tty (#188983)
Tomáš Mráz 7e1c55
Tomáš Mráz 5f29ac
* Thu Mar  2 2006 Tomas Mraz <tmraz@redhat.com> - 4.3p2-4
Tomáš Mráz 5f29ac
- allow access if audit is not compiled in kernel (#183243)
Tomáš Mráz 5f29ac
Tomáš Mráz e01ed6
* Fri Feb 24 2006 Tomas Mraz <tmraz@redhat.com> - 4.3p2-3
Tomáš Mráz e01ed6
- enable the subprocess in chroot to send messages to system log
Tomáš Mráz e01ed6
- sshd should prevent login if audit call fails
Tomáš Mráz e01ed6
Tomáš Mráz b5e849
* Tue Feb 21 2006 Tomas Mraz <tmraz@redhat.com> - 4.3p2-2
Tomáš Mráz b5e849
- print error from scp if not remote (patch by Bjorn Augustsson #178923)
Tomáš Mráz b5e849
Tomáš Mráz f16d34
* Mon Feb 13 2006 Tomas Mraz <tmraz@redhat.com> - 4.3p2-1
Tomáš Mráz f16d34
- new version
Tomáš Mráz f16d34
Jesse Keating 3de0ff
* Fri Feb 10 2006 Jesse Keating <jkeating@redhat.com> - 4.3p1-2.1
Jesse Keating 3de0ff
- bump again for double-long bug on ppc(64)
Jesse Keating 3de0ff
Tomáš Mráz f223eb
* Mon Feb  6 2006 Tomas Mraz <tmraz@redhat.com> - 4.3p1-2
Tomáš Mráz f223eb
- fixed another place where syslog was called in signal handler
Tomáš Mráz f223eb
- pass locale environment variables to server, accept them there (#179851)
Tomáš Mráz f223eb
Tomáš Mráz fd638a
* Wed Feb  1 2006 Tomas Mraz <tmraz@redhat.com> - 4.3p1-1
Tomáš Mráz fd638a
- new version, dropped obsolete patches
Tomáš Mráz fd638a
Tomáš Mráz bb93ea
* Tue Dec 20 2005 Tomas Mraz <tmraz@redhat.com> - 4.2p1-10
Tomáš Mráz bb93ea
- hopefully make the askpass dialog less confusing (#174765)
Tomáš Mráz bb93ea
Jesse Keating 6e3ae4
* Fri Dec 09 2005 Jesse Keating <jkeating@redhat.com>
Jesse Keating 6e3ae4
- rebuilt
Jesse Keating 6e3ae4
Tomáš Mráz 09d7e6
* Tue Nov 22 2005 Tomas Mraz <tmraz@redhat.com> - 4.2p1-9
Tomáš Mráz 09d7e6
- drop x11-ssh-askpass from the package
Tomáš Mráz 09d7e6
- drop old build_6x ifs from spec file
Tomáš Mráz 09d7e6
- improve gnome-ssh-askpass so it doesn't reveal number of passphrase 
Tomáš Mráz 09d7e6
  characters to person looking at the display
Tomáš Mráz 09d7e6
- less hackish fix for the __USE_GNU problem
Tomáš Mráz 09d7e6
Nalin Dahyabhai 05c945
* Fri Nov 18 2005 Nalin Dahyabhai <nalin@redhat.com> - 4.2p1-8
Nalin Dahyabhai 05c945
- work around missing gccmakedep by wrapping makedepend in a local script
Nalin Dahyabhai db2565
- remove now-obsolete build dependency on "xauth"
Nalin Dahyabhai 05c945
Warren Togami d40b8c
* Thu Nov 17 2005 Warren Togami <wtogami@redhat.com> - 4.2p1-7
Warren Togami 19e22a
- xorg-x11-devel -> libXt-devel
Warren Togami 19e22a
- rebuild for new xauth location so X forwarding works
Warren Togami 0e5862
- buildreq audit-libs-devel
Warren Togami 0e5862
- buildreq automake for aclocal
Warren Togami 0e5862
- buildreq imake for xmkmf
Warren Togami 0e5862
-  -D_GNU_SOURCE in flags in order to get it to build
Warren Togami 0e5862
   Ugly hack to workaround openssh defining __USE_GNU which is
Warren Togami 0e5862
   not allowed and causes problems according to Ulrich Drepper
Warren Togami 0e5862
   fix this the correct way after FC5test1
Warren Togami d40b8c
Jeremy Katz 35e1e0
* Wed Nov  9 2005 Jeremy Katz <katzj@redhat.com> - 4.2p1-6
Jeremy Katz 35e1e0
- rebuild against new openssl
Jeremy Katz 35e1e0
Tomáš Mráz fc72c2
* Fri Oct 28 2005 Tomas Mraz <tmraz@redhat.com> 4.2p1-5
Tomáš Mráz fc72c2
- put back the possibility to skip SELinux patch
Tomáš Mráz fc72c2
- add patch for user login auditing by Steve Grubb
Tomáš Mráz fc72c2
Daniel J Walsh 531256
* Tue Oct 18 2005 Dan Walsh <dwalsh@redhat.com> 4.2p1-4
Daniel J Walsh 531256
- Change selinux patch to use get_default_context_with_rolelevel in libselinux.
Daniel J Walsh 531256
Daniel J Walsh 0e07ed
* Thu Oct 13 2005 Tomas Mraz <tmraz@redhat.com> 4.2p1-3
Daniel J Walsh 0e07ed
- Update selinux patch to use getseuserbyname
Daniel J Walsh 0e07ed
Tomáš Mráz 5bab48
* Fri Oct  7 2005 Tomas Mraz <tmraz@redhat.com> 4.2p1-2
Tomáš Mráz 5bab48
- use include instead of pam_stack in pam config
Tomáš Mráz fd638a
- use fork+exec instead of system in scp - CVE-2006-0225 (#168167)
Tomáš Mráz 5bab48
- upstream patch for displaying authentication errors
Tomáš Mráz 5bab48
Tomáš Mráz de2e7a
* Tue Sep 06 2005 Tomas Mraz <tmraz@redhat.com> 4.2p1-1
Tomáš Mráz de2e7a
- upgrade to a new upstream version
Tomáš Mráz de2e7a
Tomáš Mráz f94d8f
* Tue Aug 16 2005 Tomas Mraz <tmraz@redhat.com> 4.1p1-5
Tomáš Mráz f94d8f
- use x11-ssh-askpass if openssh-askpass-gnome is not installed (#165207)
Tomáš Mráz f94d8f
- install ssh-copy-id from contrib (#88707)
Tomáš Mráz f94d8f
Tomáš Mráz fa1481
* Wed Jul 27 2005 Tomas Mraz <tmraz@redhat.com> 4.1p1-4
Tomáš Mráz fa1481
- don't deadlock on exit with multiple X forwarded channels (#152432)
Tomáš Mráz fa1481
- don't use X11 port which can't be bound on all IP families (#163732)
Tomáš Mráz fa1481
Tomáš Mráz 79c968
* Wed Jun 29 2005 Tomas Mraz <tmraz@redhat.com> 4.1p1-3
Tomáš Mráz 79c968
- fix small regression caused by the nologin patch (#161956)
Tomáš Mráz 79c968
- fix race in getpeername error checking (mindrot #1054)
Tomáš Mráz 79c968
Tomáš Mráz 9ac1c8
* Thu Jun  9 2005 Tomas Mraz <tmraz@redhat.com> 4.1p1-2
Tomáš Mráz 9ac1c8
- use only pam_nologin for nologin testing
Tomáš Mráz 9ac1c8
Tomáš Mráz 9cf4ab
* Mon Jun  6 2005 Tomas Mraz <tmraz@redhat.com> 4.1p1-1
Tomáš Mráz 9cf4ab
- upgrade to a new upstream version
Tomáš Mráz 9cf4ab
- call pam_loginuid as a pam session module
Tomáš Mráz 9cf4ab
Tomáš Mráz 9c5771
* Mon May 16 2005 Tomas Mraz <tmraz@redhat.com> 4.0p1-3
Tomáš Mráz 9c5771
- link libselinux only to sshd (#157678)
Tomáš Mráz 9c5771
Tomáš Mráz 1e27c0
* Mon Apr  4 2005 Tomas Mraz <tmraz@redhat.com> 4.0p1-2
Tomáš Mráz 1e27c0
- fixed Local/RemoteForward in ssh_config.5 manpage
Tomáš Mráz 1e27c0
- fix fatal when Local/RemoteForward is used and scp run (#153258)
Tomáš Mráz 1e27c0
- don't leak user validity when using krb5 authentication
Tomáš Mráz 1e27c0
Tomáš Mráz 5de53f
* Thu Mar 24 2005 Tomas Mraz <tmraz@redhat.com> 4.0p1-1
Tomáš Mráz 5de53f
- upgrade to 4.0p1
Tomáš Mráz 5de53f
- remove obsolete groups patch
Tomáš Mráz 5de53f
Elliot Lee 683f4f
* Wed Mar 16 2005 Elliot Lee <sopwith@redhat.com>
Elliot Lee 683f4f
- rebuilt
Elliot Lee 683f4f
Nalin Dahyabhai 4f9d64
* Mon Feb 28 2005 Nalin Dahyabhai <nalin@redhat.com> 3.9p1-12
Nalin Dahyabhai 4f9d64
- rebuild so that configure can detect that krb5_init_ets is gone now
Nalin Dahyabhai 4f9d64
Tomáš Mráz 8d62bf
* Mon Feb 21 2005 Tomas Mraz <tmraz@redhat.com> 3.9p1-11
Tomáš Mráz d048f9
- don't call syslog in signal handler
Tomáš Mráz 8d62bf
- allow password authentication when copying from remote
Tomáš Mráz 8d62bf
  to remote machine (#103364)
Tomáš Mráz d048f9
Tomáš Mráz 504978
* Wed Feb  9 2005 Tomas Mraz <tmraz@redhat.com>
Tomáš Mráz 504978
- add spaces to messages in initscript (#138508)
Tomáš Mráz 504978
Tomáš Mráz 4c55a5
* Tue Feb  8 2005 Tomas Mraz <tmraz@redhat.com> 3.9p1-10
Tomáš Mráz 4c55a5
- enable trusted forwarding by default if X11 forwarding is 
Tomáš Mráz 4c55a5
  required by user (#137685 and duplicates)
Tomáš Mráz 4c55a5
- disable protocol 1 support by default in sshd server config (#88329)
Tomáš Mráz 4c55a5
- keep the gnome-askpass dialog above others (#69131)
Tomáš Mráz 4c55a5
Tomáš Mráz 5a8f6b
* Fri Feb  4 2005 Tomas Mraz <tmraz@redhat.com>
Tomáš Mráz 4c55a5
- change permissions on pam.d/sshd to 0644 (#64697)
Tomáš Mráz 5a8f6b
- patch initscript so it doesn't kill opened sessions if
Tomáš Mráz 4c55a5
  the sshd daemon isn't running anymore (#67624)
Tomáš Mráz 5a8f6b
Bill Nottingham ede9e0
* Mon Jan  3 2005 Bill Nottingham <notting@redhat.com> 3.9p1-9
Bill Nottingham ede9e0
- don't use initlog
Bill Nottingham ede9e0
Thomas Woerner b56212
* Mon Nov 29 2004 Thomas Woerner <twoerner@redhat.com> 3.9p1-8.1
Thomas Woerner b56212
- fixed PIE build for all architectures
Thomas Woerner b56212
Nalin Dahyabhai 8ccaa9
* Mon Oct  4 2004 Nalin Dahyabhai <nalin@redhat.com> 3.9p1-8
Nalin Dahyabhai 8ccaa9
- add a --enable-vendor-patchlevel option which allows a ShowPatchLevel option
Nalin Dahyabhai 8ccaa9
  to enable display of a vendor patch level during version exchange (#120285)
Nalin Dahyabhai 8ccaa9
- configure with --disable-strip to build useful debuginfo subpackages
Nalin Dahyabhai 8ccaa9
Bill Nottingham c92dff
* Mon Sep 20 2004 Bill Nottingham <notting@redhat.com> 3.9p1-7
Bill Nottingham c92dff
- when using gtk2 for askpass, don't buildprereq gnome-libs-devel
Bill Nottingham c92dff
Nalin Dahyabhai 567e63
* Tue Sep 14 2004 Nalin Dahyabhai <nalin@redhat.com> 3.9p1-6
Nalin Dahyabhai 567e63
- build
Nalin Dahyabhai 567e63
Nalin Dahyabhai deb1e4
* Mon Sep 13 2004 Nalin Dahyabhai <nalin@redhat.com>
Nalin Dahyabhai deb1e4
- disable ACSS support
Nalin Dahyabhai deb1e4
Daniel J Walsh c82df7
* Thu Sep 2 2004 Daniel Walsh <dwalsh@redhat.com> 3.9p1-5
Daniel J Walsh c82df7
- Change selinux patch to use get_default_context_with_role in libselinux.
Daniel J Walsh c82df7
Daniel J Walsh c82df7
* Thu Sep 2 2004 Daniel Walsh <dwalsh@redhat.com> 3.9p1-4
Daniel J Walsh c82df7
- Fix patch
Daniel J Walsh c82df7
	* Bad debug statement.
Daniel J Walsh c82df7
	* Handle root/sysadm_r:kerberos
Daniel J Walsh c82df7
cvsdist 29a4bf
* Thu Sep 2 2004 Daniel Walsh <dwalsh@redhat.com> 3.9p1-3
cvsdist 29a4bf
- Modify Colin Walter's patch to allow specifying rule during connection
cvsdist 29a4bf
cvsdist d7affc
* Tue Aug 31 2004 Daniel Walsh <dwalsh@redhat.com> 3.9p1-2
cvsdist d7affc
- Fix TTY handling for SELinux
cvsdist d7affc
cvsdist 653818
* Tue Aug 24 2004 Daniel Walsh <dwalsh@redhat.com> 3.9p1-1
cvsdist 653818
- Update to upstream
cvsdist 653818
cvsdist 5ef607
* Sun Aug 1 2004 Alan Cox <alan@redhat.com> 3.8.1p1-5
cvsdist 5ef607
- Apply buildreq fixup patch (#125296)
cvsdist 5ef607
cvsdist 9d5a53
* Tue Jun 15 2004 Daniel Walsh <dwalsh@redhat.com> 3.8.1p1-4
cvsdist 9d5a53
- Clean up patch for upstream submission.
cvsdist 9d5a53
cvsdist de28cc
* Tue Jun 15 2004 Elliot Lee <sopwith@redhat.com>
cvsdist de28cc
- rebuilt
cvsdist de28cc
cvsdist e965c7
* Wed Jun 9 2004 Daniel Walsh <dwalsh@redhat.com> 3.8.1p1-2
cvsdist e965c7
- Remove use of pam_selinux and patch selinux in directly.  
cvsdist e965c7
cvsdist ffdec5
* Mon Jun  7 2004 Nalin Dahyabhai <nalin@redhat.com> 3.8.1p1-1
cvsdist ffdec5
- request gssapi-with-mic by default but not delegation (flag day for anyone
cvsdist ffdec5
  who used previous gssapi patches)
cvsdist ffdec5
- no longer request x11 forwarding by default
cvsdist ffdec5
cvsdist 162c7f
* Thu Jun 3 2004 Daniel Walsh <dwalsh@redhat.com> 3.6.1p2-36
cvsdist 162c7f
- Change pam file to use open and close with pam_selinux
cvsdist 162c7f
cvsdist ffdec5
* Tue Jun  1 2004 Nalin Dahyabhai <nalin@redhat.com> 3.8.1p1-0
cvsdist ffdec5
- update to 3.8.1p1
cvsdist ffdec5
- add workaround from CVS to reintroduce passwordauth using pam
cvsdist ffdec5
cvsdist 73e10e
* Tue Jun 1 2004 Daniel Walsh <dwalsh@redhat.com> 3.6.1p2-35
cvsdist 73e10e
- Remove CLOSEXEC on STDERR
cvsdist 73e10e
cvsdist 8f8720
* Tue Mar 16 2004 Daniel Walsh <dwalsh@redhat.com> 3.6.1p2-34
cvsdist 8f8720
cvsdist 8f8720
* Wed Mar 03 2004 Phil Knirsch <pknirsch@redhat.com> 3.6.1p2-33.30.1
cvsdist 8f8720
- Built RHLE3 U2 update package.
cvsdist 8f8720
cvsdist 8f8720
* Wed Mar 3 2004 Daniel Walsh <dwalsh@redhat.com> 3.6.1p2-33
cvsdist 8f8720
- Close file descriptors on exec 
cvsdist 8f8720
cvsdist 8f8720
* Mon Mar  1 2004 Thomas Woerner <twoerner@redhat.com> 3.6.1p2-32
cvsdist 8f8720
- fixed pie build
cvsdist 8f8720
cvsdist 8f8720
* Thu Feb 26 2004 Daniel Walsh <dwalsh@redhat.com> 3.6.1p2-31
cvsdist 8f8720
- Add restorecon to startup scripts
cvsdist 8f8720
cvsdist 8f8720
* Thu Feb 26 2004 Daniel Walsh <dwalsh@redhat.com> 3.6.1p2-30
cvsdist 8f8720
- Add multiple qualified to openssh
cvsdist 8f8720
cvsdist 8f8720
* Mon Feb 23 2004 Daniel Walsh <dwalsh@redhat.com> 3.6.1p2-29
cvsdist 8f8720
- Eliminate selinux code and use pam_selinux
cvsdist 8f8720
cvsdist 8f8720
* Fri Feb 13 2004 Elliot Lee <sopwith@redhat.com>
cvsdist 8f8720
- rebuilt
cvsdist 8f8720
cvsdist fe98d8
* Mon Jan 26 2004 Daniel Walsh <dwalsh@redhat.com> 3.6.1p2-27
cvsdist fe98d8
- turn off pie on ppc
cvsdist fe98d8
cvsdist fe98d8
* Mon Jan 26 2004 Daniel Walsh <dwalsh@redhat.com> 3.6.1p2-26
cvsdist fe98d8
- fix is_selinux_enabled
cvsdist fe98d8
cvsdist fe98d8
* Wed Jan 14 2004 Daniel Walsh <dwalsh@redhat.com> 3.6.1p2-25
cvsdist fe98d8
- Rebuild to grab shared libselinux
cvsdist fe98d8
cvsdist fe98d8
* Wed Dec 3 2003 Daniel Walsh <dwalsh@redhat.com> 3.6.1p2-24
cvsdist fe98d8
- turn on selinux
cvsdist fe98d8
cvsdist fe98d8
* Tue Nov 18 2003 Nalin Dahyabhai <nalin@redhat.com>
cvsdist fe98d8
- un#ifdef out code for reporting password expiration in non-privsep
cvsdist fe98d8
  mode (#83585)
cvsdist fe98d8
cvsdist fe98d8
* Mon Nov 10 2003 Nalin Dahyabhai <nalin@redhat.com>
cvsdist fe98d8
- add machinery to build with/without -fpie/-pie, default to doing so
cvsdist fe98d8
cvsdist fe98d8
* Thu Nov 06 2003 David Woodhouse <dwmw2@redhat.com> 3.6.1p2-23
cvsdist fe98d8
- Don't whinge about getsockopt failing (#109161)
cvsdist fe98d8
cvsdist fe98d8
* Fri Oct 24 2003 Nalin Dahyabhai <nalin@redhat.com>
cvsdist fe98d8
- add missing buildprereq on zlib-devel (#104558)
cvsdist fe98d8
cvsdist fe98d8
* Mon Oct 13 2003 Daniel Walsh <dwalsh@redhat.com> 3.6.1p2-22
cvsdist fe98d8
- turn selinux off
cvsdist fe98d8
cvsdist fe98d8
* Mon Oct 13 2003 Daniel Walsh <dwalsh@redhat.com> 3.6.1p2-21.sel
cvsdist fe98d8
- turn selinux on
cvsdist fe98d8
cvsdist fe98d8
* Fri Sep 19 2003 Daniel Walsh <dwalsh@redhat.com> 3.6.1p2-21
cvsdist fe98d8
- turn selinux off
cvsdist fe98d8
cvsdist fe98d8
* Fri Sep 19 2003 Daniel Walsh <dwalsh@redhat.com> 3.6.1p2-20.sel
cvsdist fe98d8
- turn selinux on
cvsdist fe98d8
cvsdist fe98d8
* Fri Sep 19 2003 Nalin Dahyabhai <nalin@redhat.com>
cvsdist fe98d8
- additional fix for apparently-never-happens double-free in buffer_free()
cvsdist fe98d8
- extend fix for #103998 to cover SSH1
cvsdist fe98d8
cvsdist fe98d8
* Wed Sep 17 2003 Nalin Dahyabhai <nalin@redhat.com> 3.6.1p2-19
cvsdist 092b0a
- rebuild
cvsdist 092b0a
cvsdist fe98d8
* Wed Sep 17 2003 Nalin Dahyabhai <nalin@redhat.com> 3.6.1p2-18
cvsdist 903730
- additional buffer manipulation cleanups from Solar Designer
cvsdist 903730
cvsdist 092b0a
* Wed Sep 17 2003 Daniel Walsh <dwalsh@redhat.com> 3.6.1p2-17
cvsdist 092b0a
- turn selinux off
cvsdist 092b0a
cvsdist 092b0a
* Wed Sep 17 2003 Daniel Walsh <dwalsh@redhat.com> 3.6.1p2-16.sel
cvsdist 092b0a
- turn selinux on
cvsdist 092b0a
cvsdist fe98d8
* Tue Sep 16 2003 Bill Nottingham <notting@redhat.com> 3.6.1p2-15
cvsdist 092b0a
- rebuild
cvsdist 092b0a
cvsdist fe98d8
* Tue Sep 16 2003 Bill Nottingham <notting@redhat.com> 3.6.1p2-14
cvsdist 903730
- additional buffer manipulation fixes (CAN-2003-0695)
cvsdist 44a5d2
cvsdist 092b0a
* Tue Sep 16 2003 Daniel Walsh <dwalsh@redhat.com> 3.6.1p2-13.sel
cvsdist 092b0a
- turn selinux on
cvsdist 092b0a
cvsdist fe98d8
* Tue Sep 16 2003 Nalin Dahyabhai <nalin@redhat.com> 3.6.1p2-12
cvsdist 092b0a
- rebuild
cvsdist 092b0a
cvsdist fe98d8
* Tue Sep 16 2003 Nalin Dahyabhai <nalin@redhat.com> 3.6.1p2-11
cvsdist 6eaa41
- apply patch to store the correct buffer size in allocated buffers
cvsdist 6eaa41
  (CAN-2003-0693)
cvsdist 6eaa41
- skip the initial PAM authentication attempt with an empty password if
cvsdist 6eaa41
  empty passwords are not permitted in our configuration (#103998)
cvsdist 6eaa41
cvsdist 092b0a
* Fri Sep 5 2003 Daniel Walsh <dwalsh@redhat.com> 3.6.1p2-10
cvsdist 092b0a
- turn selinux off
cvsdist 092b0a
cvsdist 092b0a
* Fri Sep 5 2003 Daniel Walsh <dwalsh@redhat.com> 3.6.1p2-9.sel
cvsdist 092b0a
- turn selinux on
cvsdist 092b0a
cvsdist 092b0a
* Tue Aug 26 2003 Daniel Walsh <dwalsh@redhat.com> 3.6.1p2-8
cvsdist 092b0a
- Add BuildPreReq gtk2-devel if gtk2
cvsdist 092b0a
cvsdist 092b0a
* Tue Aug 12 2003 Nalin Dahyabhai <nalin@redhat.com> 3.6.1p2-7
cvsdist 092b0a
- rebuild
cvsdist 092b0a
cvsdist 092b0a
* Tue Aug 12 2003 Nalin Dahyabhai <nalin@redhat.com> 3.6.1p2-6
cvsdist 092b0a
- modify patch which clears the supplemental group list at startup to only
cvsdist 092b0a
  complain if setgroups() fails if sshd has euid == 0
cvsdist 092b0a
- handle krb5 installed in %%{_prefix} or elsewhere by using krb5-config
cvsdist 092b0a
cvsdist 092b0a
* Tue Jul 28 2003 Daniel Walsh <dwalsh@redhat.com> 3.6.1p2-5
cvsdist 092b0a
- Add SELinux patch
cvsdist 092b0a
cvsdist 092b0a
* Tue Jul 22 2003 Nalin Dahyabhai <nalin@redhat.com> 3.6.1p2-4
cvsdist 092b0a
- rebuild
cvsdist 092b0a
cvsdist 092b0a
* Wed Jun 16 2003 Nalin Dahyabhai <nalin@redhat.com> 3.6.1p2-3
cvsdist 092b0a
- rebuild
cvsdist 092b0a
cvsdist 092b0a
* Wed Jun 16 2003 Nalin Dahyabhai <nalin@redhat.com> 3.6.1p2-2
cvsdist 092b0a
- rebuild
cvsdist 092b0a
cvsdist 092b0a
* Thu Jun  5 2003 Nalin Dahyabhai <nalin@redhat.com> 3.6.1p2-1
cvsdist 092b0a
- update to 3.6.1p2
cvsdist 092b0a
cvsdist 092b0a
* Wed Jun 04 2003 Elliot Lee <sopwith@redhat.com>
cvsdist 092b0a
- rebuilt
cvsdist 092b0a
cvsdist 092b0a
* Mon Mar 24 2003 Florian La Roche <Florian.LaRoche@redhat.de>
cvsdist 092b0a
- add patch for getsockopt() call to work on bigendian 64bit archs
cvsdist 6c4a0b
cvsdist 3e66bd
* Fri Feb 14 2003 Nalin Dahyabhai <nalin@redhat.com> 3.5p1-6
cvsdist 3e66bd
- move scp to the -clients subpackage, because it directly depends on ssh
cvsdist 3e66bd
  which is also in -clients (#84329)
cvsdist 3e66bd
cvsdist 3e66bd
* Mon Feb 10 2003 Nalin Dahyabhai <nalin@redhat.com> 3.5p1-5
cvsdist 3e66bd
- rebuild
cvsdist 3e66bd
cvsdist 3e66bd
* Wed Jan 22 2003 Tim Powers <timp@redhat.com>
cvsdist 3e66bd
- rebuilt
cvsdist 818000
cvsdist 3e66bd
* Tue Jan  7 2003 Nalin Dahyabhai <nalin@redhat.com> 3.5p1-3
cvsdist 818000
- rebuild
cvsdist 818000
cvsdist 3e66bd
* Tue Nov 12 2002 Nalin Dahyabhai <nalin@redhat.com> 3.5p1-2
cvsdist 3e66bd
- patch PAM configuration to use relative path names for the modules, allowing
cvsdist 3e66bd
  us to not worry about which arch the modules are built for on multilib systems
cvsdist 3e66bd
cvsdist 3e66bd
* Tue Oct 15 2002 Nalin Dahyabhai <nalin@redhat.com> 3.5p1-1
cvsdist 3e66bd
- update to 3.5p1, merging in filelist/perm changes from the upstream spec
cvsdist 3e66bd
cvsdist 3e66bd
* Fri Oct  4 2002 Nalin Dahyabhai <nalin@redhat.com> 3.4p1-3
cvsdist 3e66bd
- merge
cvsdist 3e66bd
cvsdist 3e66bd
* Thu Sep 12 2002  Than Ngo <than@redhat.com> 3.4p1-2.1
cvsdist 3e66bd
- fix to build on multilib systems
cvsdist 3e66bd
cvsdist 3e66bd
* Thu Aug 29 2002 Curtis Zinzilieta <curtisz@redhat.com> 3.4p1-2gss
cvsdist 3e66bd
- added gssapi patches and uncommented patch here
cvsdist 818000
cvsdist e98831
* Wed Aug 14 2002 Nalin Dahyabhai <nalin@redhat.com> 3.4p1-2
cvsdist e98831
- pull patch from CVS to fix too-early free in ssh-keysign (#70009)
cvsdist e98831
cvsdist 8264e7
* Thu Jun 27 2002 Nalin Dahyabhai <nalin@redhat.com> 3.4p1-1
cvsdist 8264e7
- 3.4p1
cvsdist 8264e7
- drop anon mmap patch
cvsdist 8264e7
cvsdist 8264e7
* Tue Jun 25 2002 Nalin Dahyabhai <nalin@redhat.com> 3.3p1-2
cvsdist 8264e7
- rework the close-on-exit docs
cvsdist 8264e7
- include configuration file man pages
cvsdist 8264e7
- make use of nologin as the privsep shell optional
cvsdist 8264e7
cvsdist 8264e7
* Mon Jun 24 2002 Nalin Dahyabhai <nalin@redhat.com> 3.3p1-1
cvsdist 8264e7
- update to 3.3p1
cvsdist 8264e7
- merge in spec file changes from upstream (remove setuid from ssh, ssh-keysign)
cvsdist 8264e7
- disable gtk2 askpass
cvsdist 8264e7
- require pam-devel by filename rather than by package for erratum
cvsdist 8264e7
- include patch from Solar Designer to work around anonymous mmap failures
cvsdist 7c1cbd
cvsdist 8264e7
* Fri Jun 21 2002 Tim Powers <timp@redhat.com>
cvsdist 8264e7
- automated rebuild
cvsdist 7c1cbd
cvsdist 8264e7
* Fri Jun  7 2002 Nalin Dahyabhai <nalin@redhat.com> 3.2.3p1-3
cvsdist 8264e7
- don't require autoconf any more
cvsdist 7c1cbd
cvsdist 8264e7
* Fri May 31 2002 Nalin Dahyabhai <nalin@redhat.com> 3.2.3p1-2
cvsdist 8264e7
- build gnome-ssh-askpass with gtk2
cvsdist 7c1cbd
cvsdist 8264e7
* Tue May 28 2002 Nalin Dahyabhai <nalin@redhat.com> 3.2.3p1-1
cvsdist 8264e7
- update to 3.2.3p1
cvsdist 8264e7
- merge in spec file changes from upstream
cvsdist a423ec
cvsdist 8264e7
* Fri May 17 2002 Nalin Dahyabhai <nalin@redhat.com> 3.2.2p1-1
cvsdist 8264e7
- update to 3.2.2p1
cvsdist a423ec
cvsdist 8264e7
* Fri May 17 2002 Nalin Dahyabhai <nalin@redhat.com> 3.1p1-4
cvsdist a423ec
- drop buildreq on db1-devel
cvsdist a423ec
- require pam-devel by package name
cvsdist a423ec
- require autoconf instead of autoconf253 again
cvsdist a423ec
cvsdist 0c1105
* Tue Apr  2 2002 Nalin Dahyabhai <nalin@redhat.com> 3.1p1-3
cvsdist 0c1105
- pull patch from CVS to avoid printing error messages when some of the
cvsdist 0c1105
  default keys aren't available when running ssh-add
cvsdist 0c1105
- refresh to current revisions of Simon's patches
cvsdist 0c1105
 
cvsdist 0c1105
* Thu Mar 21 2002 Nalin Dahyabhai <nalin@redhat.com> 3.1p1-2gss
cvsdist 0c1105
- reintroduce Simon's gssapi patches
cvsdist 0c1105
- add buildprereq for autoconf253, which is needed to regenerate configure
cvsdist 0c1105
  after applying the gssapi patches
cvsdist 0c1105
- refresh to the latest version of Markus's patch to build properly with
cvsdist 0c1105
  older versions of OpenSSL
cvsdist 8f631f
cvsdist b46e39
* Thu Mar  7 2002 Nalin Dahyabhai <nalin@redhat.com> 3.1p1-2
cvsdist b46e39
- bump and grind (through the build system)
cvsdist b46e39
cvsdist b46e39
* Thu Mar  7 2002 Nalin Dahyabhai <nalin@redhat.com> 3.1p1-1
cvsdist b46e39
- require sharutils for building (mindrot #137)
cvsdist b46e39
- require db1-devel only when building for 6.x (#55105), which probably won't
cvsdist b46e39
  work anyway (3.1 requires OpenSSL 0.9.6 to build), but what the heck
cvsdist b46e39
- require pam-devel by file (not by package name) again
cvsdist b46e39
- add Markus's patch to compile with OpenSSL 0.9.5a (from
cvsdist b46e39
  http://bugzilla.mindrot.org/show_bug.cgi?id=141) and apply it if we're
cvsdist b46e39
  building for 6.x
cvsdist b46e39
cvsdist b46e39
* Thu Mar  7 2002 Nalin Dahyabhai <nalin@redhat.com> 3.1p1-0
cvsdist b46e39
- update to 3.1p1
cvsdist b46e39
cvsdist b46e39
* Tue Mar  5 2002 Nalin Dahyabhai <nalin@redhat.com> SNAP-20020305
cvsdist b46e39
- update to SNAP-20020305
cvsdist b46e39
- drop debug patch, fixed upstream
cvsdist b46e39
cvsdist b46e39
* Wed Feb 20 2002 Nalin Dahyabhai <nalin@redhat.com> SNAP-20020220
cvsdist b46e39
- update to SNAP-20020220 for testing purposes (you've been warned, if there's
cvsdist b46e39
  anything to be warned about, gss patches won't apply, I don't mind)
cvsdist b46e39
cvsdist b46e39
* Wed Feb 13 2002 Nalin Dahyabhai <nalin@redhat.com> 3.0.2p1-3
cvsdist b46e39
- add patches from Simon Wilkinson and Nicolas Williams for GSSAPI key
cvsdist b46e39
  exchange, authentication, and named key support
cvsdist b46e39
cvsdist b46e39
* Wed Jan 23 2002 Nalin Dahyabhai <nalin@redhat.com> 3.0.2p1-2
cvsdist b46e39
- remove dependency on db1-devel, which has just been swallowed up whole
cvsdist b46e39
  by gnome-libs-devel
cvsdist b46e39
cvsdist b46e39
* Sun Dec 29 2001 Nalin Dahyabhai <nalin@redhat.com>
cvsdist b46e39
- adjust build dependencies so that build6x actually works right (fix
cvsdist b46e39
  from Hugo van der Kooij)
cvsdist b46e39
cvsdist b46e39
* Tue Dec  4 2001 Nalin Dahyabhai <nalin@redhat.com> 3.0.2p1-1
cvsdist b46e39
- update to 3.0.2p1
cvsdist b46e39
cvsdist b46e39
* Fri Nov 16 2001 Nalin Dahyabhai <nalin@redhat.com> 3.0.1p1-1
cvsdist b46e39
- update to 3.0.1p1
cvsdist d92638
cvsdist b46e39
* Tue Nov 13 2001 Nalin Dahyabhai <nalin@redhat.com>
cvsdist b46e39
- update to current CVS (not for use in distribution)
cvsdist 55bc91
cvsdist b46e39
* Thu Nov  8 2001 Nalin Dahyabhai <nalin@redhat.com> 3.0p1-1
cvsdist b46e39
- merge some of Damien Miller <djm@mindrot.org> changes from the upstream
cvsdist b46e39
  3.0p1 spec file and init script
cvsdist 55bc91
cvsdist b46e39
* Wed Nov  7 2001 Nalin Dahyabhai <nalin@redhat.com>
cvsdist b46e39
- update to 3.0p1
cvsdist b46e39
- update to x11-ssh-askpass 1.2.4.1
cvsdist b46e39
- change build dependency on a file from pam-devel to the pam-devel package
cvsdist b46e39
- replace primes with moduli
cvsdist 55bc91
cvsdist 9383d5
* Thu Sep 27 2001 Nalin Dahyabhai <nalin@redhat.com> 2.9p2-9
cvsdist 9383d5
- incorporate fix from Markus Friedl's advisory for IP-based authorization bugs
cvsdist 9383d5
cvsdist 9383d5
* Thu Sep 13 2001 Bernhard Rosenkraenzer <bero@redhat.com> 2.9p2-8
cvsdist 9383d5
- Merge changes to rescue build from current sysadmin survival cd
cvsdist 9383d5
cvsdist fcc300
* Thu Sep  6 2001 Nalin Dahyabhai <nalin@redhat.com> 2.9p2-7
cvsdist fcc300
- fix scp's server's reporting of file sizes, and build with the proper
cvsdist fcc300
  preprocessor define to get large-file capable open(), stat(), etc.
cvsdist fcc300
  (sftp has been doing this correctly all along) (#51827)
cvsdist fcc300
- configure without --with-ipv4-default on RHL 7.x and newer (#45987,#52247)
cvsdist fcc300
- pull cvs patch to fix support for /etc/nologin for non-PAM logins (#47298)
cvsdist fcc300
- mark profile.d scriptlets as config files (#42337)
cvsdist fcc300
- refer to Jason Stone's mail for zsh workaround for exit-hanging quasi-bug
cvsdist fcc300
- change a couple of log() statements to debug() statements (#50751)
cvsdist fcc300
- pull cvs patch to add -t flag to sshd (#28611)
cvsdist fcc300
- clear fd_sets correctly (one bit per FD, not one byte per FD) (#43221)
cvsdist fcc300
cvsdist fcc300
* Mon Aug 20 2001 Nalin Dahyabhai <nalin@redhat.com> 2.9p2-6
cvsdist 35482e
- add db1-devel as a BuildPrerequisite (noted by Hans Ecke)
cvsdist 35482e
cvsdist 35482e
* Thu Aug 16 2001 Nalin Dahyabhai <nalin@redhat.com>
cvsdist 35482e
- pull cvs patch to fix remote port forwarding with protocol 2
cvsdist 35482e
cvsdist 628f20
* Thu Aug  9 2001 Nalin Dahyabhai <nalin@redhat.com>
cvsdist 35482e
- pull cvs patch to add session initialization to no-pty sessions
cvsdist b46e39
- pull cvs patch to not cut off challengeresponse auth needlessly
cvsdist 628f20
- refuse to do X11 forwarding if xauth isn't there, handy if you enable
cvsdist 628f20
  it by default on a system that doesn't have X installed (#49263)
cvsdist 628f20
cvsdist 628f20
* Wed Aug  8 2001 Nalin Dahyabhai <nalin@redhat.com>
cvsdist 628f20
- don't apply patches to code we don't intend to build (spotted by Matt Galgoci)
cvsdist 628f20
cvsdist 7d7b03
* Mon Aug  6 2001 Nalin Dahyabhai <nalin@redhat.com>
cvsdist 7d7b03
- pass OPTIONS correctly to initlog (#50151)
cvsdist 7d7b03
cvsdist 7d7b03
* Wed Jul 25 2001 Nalin Dahyabhai <nalin@redhat.com>
cvsdist 7d7b03
- switch to x11-ssh-askpass 1.2.2
cvsdist 7d7b03
cvsdist 7d7b03
* Wed Jul 11 2001 Nalin Dahyabhai <nalin@redhat.com>
cvsdist 7d7b03
- rebuild in new environment
cvsdist 7d7b03
cvsdist 7d7b03
* Mon Jun 25 2001 Nalin Dahyabhai <nalin@redhat.com>
cvsdist 7d7b03
- disable the gssapi patch
cvsdist 7d7b03
cvsdist 7d7b03
* Mon Jun 18 2001 Nalin Dahyabhai <nalin@redhat.com>
cvsdist 7d7b03
- update to 2.9p2
cvsdist 7d7b03
- refresh to a new version of the gssapi patch
cvsdist 7d7b03
cvsdist 7d7b03
* Thu Jun  7 2001 Nalin Dahyabhai <nalin@redhat.com>
cvsdist 7d7b03
- change Copyright: BSD to License: BSD
cvsdist 7d7b03
- add Markus Friedl's unverified patch for the cookie file deletion problem
cvsdist 7d7b03
  so that we can verify it
cvsdist 7d7b03
- drop patch to check if xauth is present (was folded into cookie patch)
cvsdist 7d7b03
- don't apply gssapi patches for the errata candidate
cvsdist 7d7b03
- clear supplemental groups list at startup
cvsdist 7d7b03
cvsdist 7d7b03
* Fri May 25 2001 Nalin Dahyabhai <nalin@redhat.com>
cvsdist 7d7b03
- fix an error parsing the new default sshd_config
cvsdist 7d7b03
- add a fix from Markus Friedl (via openssh-unix-dev) for ssh-keygen not
cvsdist 7d7b03
  dealing with comments right
cvsdist 7d7b03
cvsdist 7d7b03
* Thu May 24 2001 Nalin Dahyabhai <nalin@redhat.com>
cvsdist 7d7b03
- add in Simon Wilkinson's GSSAPI patch to give it some testing in-house,
cvsdist 7d7b03
  to be removed before the next beta cycle because it's a big departure
cvsdist 7d7b03
  from the upstream version
cvsdist 7d7b03
cvsdist 7d7b03
* Thu May  3 2001 Nalin Dahyabhai <nalin@redhat.com>
cvsdist 7d7b03
- finish marking strings in the init script for translation
cvsdist 7d7b03
- modify init script to source /etc/sysconfig/sshd and pass $OPTIONS to sshd
cvsdist 7d7b03
  at startup (change merged from openssh.com init script, originally by
cvsdist 7d7b03
  Pekka Savola)
cvsdist 7d7b03
- refuse to do X11 forwarding if xauth isn't there, handy if you enable
cvsdist 7d7b03
  it by default on a system that doesn't have X installed
cvsdist 7d7b03
cvsdist 7d7b03
* Wed May  2 2001 Nalin Dahyabhai <nalin@redhat.com>
cvsdist 7d7b03
- update to 2.9
cvsdist 7d7b03
- drop various patches that came from or went upstream or to or from CVS
cvsdist 7d7b03
cvsdist 7d7b03
* Wed Apr 18 2001 Nalin Dahyabhai <nalin@redhat.com>
cvsdist 7d7b03
- only require initscripts 5.00 on 6.2 (reported by Peter Bieringer)
cvsdist 7d7b03
cvsdist 4135ab
* Sun Apr  8 2001 Preston Brown <pbrown@redhat.com>
cvsdist 4135ab
- remove explicit openssl requirement, fixes builddistro issue
cvsdist 4135ab
- make initscript stop() function wait until sshd really dead to avoid 
cvsdist 4135ab
  races in condrestart
cvsdist 43f95f
cvsdist 4135ab
* Mon Apr  2 2001 Nalin Dahyabhai <nalin@redhat.com>
cvsdist 4135ab
- mention that challengereponse supports PAM, so disabling password doesn't
cvsdist 4135ab
  limit users to pubkey and rsa auth (#34378)
cvsdist b46e39
- bypass the daemon() function in the init script and call initlog directly,
cvsdist b46e39
  because daemon() won't start a daemon it detects is already running (like
cvsdist b46e39
  open connections)
cvsdist 4135ab
- require the version of openssl we had when we were built
cvsdist 43f95f
cvsdist 43f95f
* Fri Mar 23 2001 Nalin Dahyabhai <nalin@redhat.com>
cvsdist 43f95f
- make do_pam_setcred() smart enough to know when to establish creds and
cvsdist 43f95f
  when to reinitialize them
cvsdist 43f95f
- add in a couple of other fixes from Damien for inclusion in the errata
cvsdist 43f95f
cvsdist 43f95f
* Thu Mar 22 2001 Nalin Dahyabhai <nalin@redhat.com>
cvsdist 43f95f
- update to 2.5.2p2
cvsdist 43f95f
- call setcred() again after initgroups, because the "creds" could actually
cvsdist 43f95f
  be group memberships
cvsdist 43f95f
cvsdist 43f95f
* Tue Mar 20 2001 Nalin Dahyabhai <nalin@redhat.com>
cvsdist 43f95f
- update to 2.5.2p1 (includes endianness fixes in the rijndael implementation)
cvsdist 43f95f
- don't enable challenge-response by default until we find a way to not
cvsdist 43f95f
  have too many userauth requests (we may make up to six pubkey and up to
cvsdist 43f95f
  three password attempts as it is)
cvsdist 43f95f
- remove build dependency on rsh to match openssh.com's packages more closely
cvsdist 43f95f
cvsdist 43f95f
* Sat Mar  3 2001 Nalin Dahyabhai <nalin@redhat.com>
cvsdist 43f95f
- remove dependency on openssl -- would need to be too precise
cvsdist 43f95f
cvsdist 43f95f
* Fri Mar  2 2001 Nalin Dahyabhai <nalin@redhat.com>
cvsdist 43f95f
- rebuild in new environment
cvsdist 43f95f
cvsdist 43f95f
* Mon Feb 26 2001 Nalin Dahyabhai <nalin@redhat.com>
cvsdist 43f95f
- Revert the patch to move pam_open_session.
cvsdist 43f95f
- Init script and spec file changes from Pekka Savola. (#28750)
cvsdist 43f95f
- Patch sftp to recognize '-o protocol' arguments. (#29540)
cvsdist 43f95f
cvsdist 43f95f
* Thu Feb 22 2001 Nalin Dahyabhai <nalin@redhat.com>
cvsdist 43f95f
- Chuck the closing patch.
cvsdist 43f95f
- Add a trigger to add host keys for protocol 2 to the config file, now that
cvsdist 43f95f
  configuration file syntax requires us to specify it with HostKey if we
cvsdist 43f95f
  specify any other HostKey values, which we do.
cvsdist 43f95f
cvsdist 43f95f
* Tue Feb 20 2001 Nalin Dahyabhai <nalin@redhat.com>
cvsdist 43f95f
- Redo patch to move pam_open_session after the server setuid()s to the user.
cvsdist 43f95f
- Rework the nopam patch to use be picked up by autoconf.
cvsdist 43f95f
cvsdist 43f95f
* Mon Feb 19 2001 Nalin Dahyabhai <nalin@redhat.com>
cvsdist 43f95f
- Update for 2.5.1p1.
cvsdist 43f95f
- Add init script mods from Pekka Savola.
cvsdist 43f95f
- Tweak the init script to match the CVS contrib script more closely.
cvsdist 43f95f
- Redo patch to ssh-add to try to adding both identity and id_dsa to also try
cvsdist 43f95f
  adding id_rsa.
cvsdist 43f95f
cvsdist 43f95f
* Fri Feb 16 2001 Nalin Dahyabhai <nalin@redhat.com>
cvsdist 43f95f
- Update for 2.5.0p1.
cvsdist 43f95f
- Use $RPM_OPT_FLAGS instead of -O when building gnome-ssh-askpass
cvsdist 43f95f
- Resync with parts of Damien Miller's openssh.spec from CVS, including
cvsdist 43f95f
  update of x11 askpass to 1.2.0.
cvsdist 43f95f
- Only require openssl (don't prereq) because we generate keys in the init
cvsdist 43f95f
  script now.
cvsdist 43f95f
cvsdist 43f95f
* Tue Feb 13 2001 Nalin Dahyabhai <nalin@redhat.com>
cvsdist 43f95f
- Don't open a PAM session until we've forked and become the user (#25690).
cvsdist 43f95f
- Apply Andrew Bartlett's patch for letting pam_authenticate() know which
cvsdist 43f95f
  host the user is attempting a login from.
cvsdist 43f95f
- Resync with parts of Damien Miller's openssh.spec from CVS.
cvsdist 43f95f
- Don't expose KbdInt responses in debug messages (from CVS).
cvsdist 43f95f
- Detect and handle errors in rsa_{public,private}_decrypt (from CVS).
cvsdist 43f95f
cvsdist 4135ab
* Wed Feb  7 2001 Trond Eivind Glomsrxd <teg@redhat.com>
cvsdist 43f95f
- i18n-tweak to initscript.
cvsdist 43f95f
cvsdist 43f95f
* Tue Jan 23 2001 Nalin Dahyabhai <nalin@redhat.com>
cvsdist 43f95f
- More gettextizing.
cvsdist 43f95f
- Close all files after going into daemon mode (needs more testing).
cvsdist 43f95f
- Extract patch from CVS to handle auth banners (in the client).
cvsdist 43f95f
- Extract patch from CVS to handle compat weirdness.
cvsdist 43f95f
cvsdist 43f95f
* Fri Jan 19 2001 Nalin Dahyabhai <nalin@redhat.com>
cvsdist 43f95f
- Finish with the gettextizing.
cvsdist 43f95f
cvsdist 43f95f
* Thu Jan 18 2001 Nalin Dahyabhai <nalin@redhat.com>
cvsdist 43f95f
- Fix a bug in auth2-pam.c (#23877)
cvsdist 43f95f
- Gettextize the init script.
cvsdist 43f95f
cvsdist 43f95f
* Wed Dec 20 2000 Nalin Dahyabhai <nalin@redhat.com>
cvsdist 43f95f
- Incorporate a switch for using PAM configs for 6.x, just in case.
cvsdist 43f95f
cvsdist 43f95f
* Tue Dec  5 2000 Nalin Dahyabhai <nalin@redhat.com>
cvsdist 43f95f
- Incorporate Bero's changes for a build specifically for rescue CDs.
cvsdist 43f95f
cvsdist 43f95f
* Wed Nov 29 2000 Nalin Dahyabhai <nalin@redhat.com>
cvsdist 43f95f
- Don't treat pam_setcred() failure as fatal unless pam_authenticate() has
cvsdist 43f95f
  succeeded, to allow public-key authentication after a failure with "none"
cvsdist 43f95f
  authentication.  (#21268)
cvsdist 43f95f
cvsdist 43f95f
* Tue Nov 28 2000 Nalin Dahyabhai <nalin@redhat.com>
cvsdist 43f95f
- Update to x11-askpass 1.1.1. (#21301)
cvsdist 43f95f
- Don't second-guess fixpaths, which causes paths to get fixed twice. (#21290)
cvsdist 43f95f
cvsdist 43f95f
* Mon Nov 27 2000 Nalin Dahyabhai <nalin@redhat.com>
cvsdist 43f95f
- Merge multiple PAM text messages into subsequent prompts when possible when
cvsdist 43f95f
  doing keyboard-interactive authentication.
cvsdist 43f95f
cvsdist 43f95f
* Sun Nov 26 2000 Nalin Dahyabhai <nalin@redhat.com>
cvsdist 43f95f
- Disable the built-in MD5 password support.  We're using PAM.
cvsdist 43f95f
- Take a crack at doing keyboard-interactive authentication with PAM, and
cvsdist 43f95f
  enable use of it in the default client configuration so that the client
cvsdist 43f95f
  will try it when the server disallows password authentication.
cvsdist 43f95f
- Build with debugging flags.  Build root policies strip all binaries anyway.
cvsdist 43f95f
cvsdist f28bf6
* Tue Nov 21 2000 Nalin Dahyabhai <nalin@redhat.com>
cvsdist f28bf6
- Use DESTDIR instead of %%makeinstall.
cvsdist f28bf6
- Remove /usr/X11R6/bin from the path-fixing patch.
cvsdist f28bf6
cvsdist f28bf6
* Mon Nov 20 2000 Nalin Dahyabhai <nalin@redhat.com>
cvsdist f28bf6
- Add the primes file from the latest snapshot to the main package (#20884).
cvsdist f28bf6
- Add the dev package to the prereq list (#19984).
cvsdist f28bf6
- Remove the default path and mimic login's behavior in the server itself.
cvsdist f28bf6
cvsdist f28bf6
* Fri Nov 17 2000 Nalin Dahyabhai <nalin@redhat.com>
cvsdist f28bf6
- Resync with conditional options in Damien Miller's .spec file for an errata.
cvsdist f28bf6
- Change libexecdir from %%{_libexecdir}/ssh to %%{_libexecdir}/openssh.
cvsdist f28bf6
cvsdist f28bf6
* Tue Nov  7 2000 Nalin Dahyabhai <nalin@redhat.com>
cvsdist f28bf6
- Update to OpenSSH 2.3.0p1.
cvsdist f28bf6
- Update to x11-askpass 1.1.0.
cvsdist f28bf6
- Enable keyboard-interactive authentication.
cvsdist f28bf6
cvsdist f28bf6
* Mon Oct 30 2000 Nalin Dahyabhai <nalin@redhat.com>
cvsdist f28bf6
- Update to ssh-askpass-x11 1.0.3.
cvsdist f28bf6
- Change authentication related messages to be private (#19966).
cvsdist f28bf6
cvsdist f28bf6
* Tue Oct 10 2000 Nalin Dahyabhai <nalin@redhat.com>
cvsdist f28bf6
- Patch ssh-keygen to be able to list signatures for DSA public key files
cvsdist f28bf6
  it generates.
cvsdist f28bf6
cvsdist 328740
* Thu Oct  5 2000 Nalin Dahyabhai <nalin@redhat.com>
cvsdist 328740
- Add BuildPreReq on /usr/include/security/pam_appl.h to be sure we always
cvsdist 328740
  build PAM authentication in.
cvsdist 328740
- Try setting SSH_ASKPASS if gnome-ssh-askpass is installed.
cvsdist 328740
- Clean out no-longer-used patches.
cvsdist 328740
- Patch ssh-add to try to add both identity and id_dsa, and to error only
cvsdist 328740
  when neither exists.
cvsdist 328740
cvsdist 328740
* Mon Oct  2 2000 Nalin Dahyabhai <nalin@redhat.com>
cvsdist 328740
- Update x11-askpass to 1.0.2. (#17835)
cvsdist 328740
- Add BuildPreReqs for /bin/login and /usr/bin/rsh so that configure will
cvsdist 328740
  always find them in the right place. (#17909)
cvsdist 328740
- Set the default path to be the same as the one supplied by /bin/login, but
cvsdist 328740
  add /usr/X11R6/bin. (#17909)
cvsdist 328740
- Try to handle obsoletion of ssh-server more cleanly.  Package names
cvsdist 328740
  are different, but init script name isn't. (#17865)
cvsdist 328740
cvsdist 328740
* Wed Sep  6 2000 Nalin Dahyabhai <nalin@redhat.com>
cvsdist 328740
- Update to 2.2.0p1. (#17835)
cvsdist 328740
- Tweak the init script to allow proper restarting. (#18023)
cvsdist 328740
cvsdist 328740
* Wed Aug 23 2000 Nalin Dahyabhai <nalin@redhat.com>
cvsdist 328740
- Update to 20000823 snapshot.
cvsdist 328740
- Change subpackage requirements from %%{version} to %%{version}-%%{release}
cvsdist 328740
- Back out the pipe patch.
cvsdist 328740
cvsdist f71077
* Mon Jul 17 2000 Nalin Dahyabhai <nalin@redhat.com>
cvsdist f71077
- Update to 2.1.1p4, which includes fixes for config file parsing problems.
cvsdist f71077
- Move the init script back.
cvsdist f71077
- Add Damien's quick fix for wackiness.
cvsdist f71077
cvsdist f71077
* Wed Jul 12 2000 Nalin Dahyabhai <nalin@redhat.com>
cvsdist f71077
- Update to 2.1.1p3, which includes fixes for X11 forwarding and strtok().
cvsdist f71077
cvsdist f71077
* Thu Jul  6 2000 Nalin Dahyabhai <nalin@redhat.com>
cvsdist f71077
- Move condrestart to server postun.
cvsdist f71077
- Move key generation to init script.
cvsdist f71077
- Actually use the right patch for moving the key generation to the init script.
cvsdist f71077
- Clean up the init script a bit.
cvsdist f71077
cvsdist f71077
* Wed Jul  5 2000 Nalin Dahyabhai <nalin@redhat.com>
cvsdist f71077
- Fix X11 forwarding, from mail post by Chan Shih-Ping Richard.
cvsdist f71077
cvsdist f71077
* Sun Jul  2 2000 Nalin Dahyabhai <nalin@redhat.com>
cvsdist f71077
- Update to 2.1.1p2.
cvsdist f71077
- Use of strtok() considered harmful.
cvsdist f71077
cvsdist f71077
* Sat Jul  1 2000 Nalin Dahyabhai <nalin@redhat.com>
cvsdist f71077
- Get the build root out of the man pages.
cvsdist f71077
cvsdist f71077
* Thu Jun 29 2000 Nalin Dahyabhai <nalin@redhat.com>
cvsdist f71077
- Add and use condrestart support in the init script.
cvsdist f71077
- Add newer initscripts as a prereq.
cvsdist f71077
cvsdist f71077
* Tue Jun 27 2000 Nalin Dahyabhai <nalin@redhat.com>
cvsdist f71077
- Build in new environment (release 2)
cvsdist f71077
- Move -clients subpackage to Applications/Internet group
cvsdist f71077
cvsdist f71077
* Fri Jun  9 2000 Nalin Dahyabhai <nalin@redhat.com>
cvsdist f71077
- Update to 2.2.1p1
cvsdist f71077
cvsdist f71077
* Sat Jun  3 2000 Nalin Dahyabhai <nalin@redhat.com>
cvsdist f71077
- Patch to build with neither RSA nor RSAref.
cvsdist f71077
- Miscellaneous FHS-compliance tweaks.
cvsdist f71077
- Fix for possibly-compressed man pages.
cvsdist f71077
cvsdist f71077
* Wed Mar 15 2000 Damien Miller <djm@ibs.com.au>
cvsdist f71077
- Updated for new location
cvsdist f71077
- Updated for new gnome-ssh-askpass build
cvsdist f71077
cvsdist f71077
* Sun Dec 26 1999 Damien Miller <djm@mindrot.org>
cvsdist f71077
- Added Jim Knoble's <jmknoble@pobox.com> askpass
cvsdist f71077
cvsdist f71077
* Mon Nov 15 1999 Damien Miller <djm@mindrot.org>
cvsdist f71077
- Split subpackages further based on patch from jim knoble <jmknoble@pobox.com>
cvsdist f71077
cvsdist f71077
* Sat Nov 13 1999 Damien Miller <djm@mindrot.org>
cvsdist f71077
- Added 'Obsoletes' directives
cvsdist f71077
cvsdist f71077
* Tue Nov 09 1999 Damien Miller <djm@ibs.com.au>
cvsdist f71077
- Use make install
cvsdist f71077
- Subpackages
cvsdist f71077
cvsdist f71077
* Mon Nov 08 1999 Damien Miller <djm@ibs.com.au>
cvsdist f71077
- Added links for slogin
cvsdist f71077
- Fixed perms on manpages
cvsdist f71077
cvsdist f71077
* Sat Oct 30 1999 Damien Miller <djm@ibs.com.au>
cvsdist f71077
- Renamed init script
cvsdist f71077
cvsdist f71077
* Fri Oct 29 1999 Damien Miller <djm@ibs.com.au>
cvsdist f71077
- Back to old binary names
cvsdist f71077
cvsdist f71077
* Thu Oct 28 1999 Damien Miller <djm@ibs.com.au>
cvsdist f71077
- Use autoconf
cvsdist f71077
- New binary names
cvsdist f71077
cvsdist f71077
* Wed Oct 27 1999 Damien Miller <djm@ibs.com.au>
cvsdist f71077
- Initial RPMification, based on Jan "Yenya" Kasprzak's <kas@fi.muni.cz> spec.