c9833c9
# Do we want SELinux & Audit
cvsdist fe98d86
%define WITH_SELINUX 1
fc72c21
cvsdist 8264e71
# OpenSSH privilege separation requires a user & group ID
cvsdist 8264e71
%define sshd_uid    74
cvsdist 8264e71
%define sshd_gid    74
cvsdist 8264e71
cvsdist f28bf6e
# Do we want to disable building of gnome-askpass? (1=yes 0=no)
cvsdist f28bf6e
%define no_gnome_askpass 0
cvsdist f28bf6e
cvsdist b46e395
# Do we want to link against a static libcrypto? (1=yes 0=no)
cvsdist b46e395
%define static_libcrypto 0
cvsdist b46e395
cvsdist b46e395
# Do we want smartcard support (1=yes 0=no)
04cab1d
#Smartcard support is broken from 5.4p1
cvsdist b46e395
%define scard 0
cvsdist b46e395
cvsdist 3e66bdc
# Use GTK2 instead of GNOME in gnome-ssh-askpass
cvsdist 3e66bdc
%define gtk2 1
cvsdist 3e66bdc
cvsdist fe98d86
# Build position-independent executables (requires toolchain support)?
b562127
%define pie 1
cvsdist fe98d86
cvsdist 3e66bdc
# Do we want kerberos5 support (1=yes 0=no)
cvsdist 3e66bdc
%define kerberos5 1
cvsdist 8264e71
c9833c9
# Do we want libedit support
c9833c9
%define libedit 1
c9833c9
7e7fb42
# Do we want LDAP support
7e7fb42
%define ldap 1
7e7fb42
c3274cc
# Do we want NSS tokens support
974c89c
#NSS support is broken from 5.4p1
974c89c
%define nss 0
c3274cc
cvsdist 8264e71
# Whether or not /sbin/nologin exists.
cvsdist 8264e71
%define nologin 1
cvsdist 8264e71
e47cb00
# Whether to build pam_ssh_agent_auth
e47cb00
%define pam_ssh_agent 1
e47cb00
cvsdist 43f95f0
# Reserve options to override askpass settings with:
cvsdist 43f95f0
# rpm -ba|--rebuild --define 'skip_xxx 1'
b8bdc7c
%{?skip_gnome_askpass:%global no_gnome_askpass 1}
cvsdist 43f95f0
cvsdist ffdec57
# Add option to build without GTK2 for older platforms with only GTK+.
389c431
# Red Hat Linux <= 7.2 and Red Hat Advanced Server 2.1 are examples.
cvsdist ffdec57
# rpm -ba|--rebuild --define 'no_gtk2 1'
b8bdc7c
%{?no_gtk2:%global gtk2 0}
cvsdist ffdec57
cvsdist b46e395
# Options for static OpenSSL link:
cvsdist b46e395
# rpm -ba|--rebuild --define "static_openssl 1"
b8bdc7c
%{?static_openssl:%global static_libcrypto 1}
cvsdist b46e395
cvsdist b46e395
# Options for Smartcard support: (needs libsectok and openssl-engine)
cvsdist b46e395
# rpm -ba|--rebuild --define "smartcard 1"
b8bdc7c
%{?smartcard:%global scard 1}
cvsdist b46e395
cvsdist b46e395
# Is this a build for the rescue CD (without PAM, with MD5)? (1=yes 0=no)
cvsdist b46e395
%define rescue 0
b8bdc7c
%{?build_rescue:%global rescue 1}
b8bdc7c
%{?build_rescue:%global rescue_rel rescue}
cvsdist b46e395
cvsdist 3e66bdc
# Turn off some stuff for resuce builds
cvsdist 3e66bdc
%if %{rescue}
cvsdist 3e66bdc
%define kerberos5 0
c9833c9
%define libedit 0
e47cb00
%define pam_ssh_agent 0
cvsdist 3e66bdc
%endif
cvsdist 3e66bdc
04cab1d
# Do not forget to bump pam_ssh_agent_auth release if you rewind the main package release to 1
Jan F 003cb0b
%define openssh_ver 5.8p1
Jan F 8fe1509
%define openssh_rel 18
7451555
%define pam_ssh_agent_ver 0.9.2
Jan F 003cb0b
%define pam_ssh_agent_rel 30
e47cb00
9e5c6ec
Summary: An open source implementation of SSH protocol versions 1 and 2
cvsdist f710772
Name: openssh
82bc825
Version: %{openssh_ver}
fa335ee
Release: %{openssh_rel}%{?dist}%{?rescue_rel}.1
cvsdist f710772
URL: http://www.openssh.com/portable.html
7451555
#URL1: http://pamsshagentauth.sourceforge.net
deb1e49
#Source0: ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-%{version}.tar.gz
c9833c9
#Source1: ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-%{version}.tar.gz.asc
b40baab
# This package differs from the upstream OpenSSH tarball in that
b40baab
# the ACSS cipher is removed by running openssh-nukeacss.sh in
b40baab
# the unpacked source directory.
42225a2
Source0: openssh-%{version}-noacss.tar.bz2
deb1e49
Source1: openssh-nukeacss.sh
ca47f63
Source2: sshd.pam
ca47f63
Source3: sshd.init
e47cb00
Source4: http://prdownloads.sourceforge.net/pamsshagentauth/pam_ssh_agent_auth/pam_ssh_agent_auth-%{pam_ssh_agent_ver}.tar.bz2
e47cb00
Source5: pam_ssh_agent-rmheaders
Jan F 99f4276
Source6: ssh-keycat.pam
6fa4d80
Jan F f9ff105
Patch99: openssh-5.8p1-wIm.patch
Jan F 0f7ccbf
#https://bugzilla.mindrot.org/show_bug.cgi?id=1635 (WONTFIX)
Jan F. Chadima c6801b9
Patch0: openssh-5.6p1-redhat.patch
Jan F 5928f90
#https://bugzilla.mindrot.org/show_bug.cgi?id=1872
Jan F aefa65d
Patch100: openssh-5.8p1-fingerprint.patch
Jan F 0f7ccbf
#https://bugzilla.mindrot.org/show_bug.cgi?id=1879
Jan F 8fe1509
Patch200: openssh-5.8p1-exit.patch
Jan F faae1e8
#https://bugzilla.mindrot.org/show_bug.cgi?id=1402
Jan F edc1723
Patch8: openssh-5.8p1-audit0.patch
Jan F edc1723
Patch108: openssh-5.8p1-audit0a.patch
Jan F 483c733
Patch1: openssh-5.8p1-audit1.patch
Jan F 9cefae0
Patch101: openssh-5.8p1-audit1a.patch
Jan F 003cb0b
Patch2: openssh-5.8p1-audit2.patch
Jan F 2c1a4ad
Patch102: openssh-5.8p1-audit2a.patch
Jan F 003cb0b
Patch3: openssh-5.8p1-audit3.patch
Jan F 9cefae0
Patch103: openssh-5.8p1-audit3a.patch
Jan F 003cb0b
Patch4: openssh-5.8p1-audit4.patch
Jan F 9cefae0
Patch104: openssh-5.8p1-audit4a.patch
Jan F 003cb0b
Patch5: openssh-5.8p1-audit5.patch
Jan F 2c1a4ad
Patch105: openssh-5.8p1-audit5a.patch
Jan F 8fe1509
#?
Jan F 8fe1509
Patch6: openssh-5.8p1-reseed.patch
Jan F 8fe1509
#?
Jan F 8fe1509
Patch7: openssh-5.8p1-entropy.patch
Jan F 0f7ccbf
#https://bugzilla.mindrot.org/show_bug.cgi?id=1640 (WONTFIX)
Jan F 003cb0b
Patch9: openssh-5.8p1-vendor.patch
Jan F 003cb0b
# --- pam_ssh-agent ---
e47cb00
Patch10: pam_ssh_agent_auth-0.9-build.patch
Jan F. Chadima d2ed53b
Patch11: pam_ssh_agent_auth-0.9.2-seteuid.patch
6fa4d80
#https://bugzilla.mindrot.org/show_bug.cgi?id=1663
Jan F 003cb0b
Patch20: openssh-5.8p1-authorized-keys-command.patch
Jan F 0f7ccbf
#?
Jan F b934981
Patch21: openssh-5.8p1-ldap.patch
Jan F b934981
Patch121: openssh-5.8p1-ldap2.patch
Jan F 0f7ccbf
#-mail-conf
Jan F 003cb0b
Patch22: openssh-5.8p1-selinux.patch
Jan F 0f7ccbf
#https://bugzilla.mindrot.org/show_bug.cgi?id=1641 (WONTFIX)
Jan F 003cb0b
Patch23: openssh-5.8p1-selinux-role.patch
Jan F 003cb0b
#?
Jan F 003cb0b
Patch24: openssh-5.8p1-mls.patch
Jan F 003cb0b
# #https://bugzilla.mindrot.org/show_bug.cgi?id=1614
Jan F 003cb0b
# Patch25: openssh-5.6p1-selabel.patch
Jan F 0f7ccbf
#was https://bugzilla.mindrot.org/show_bug.cgi?id=1637
Jan F 8fe1509
#?
Jan F 8fe1509
Patch26: openssh-5.8p1-sftpcontext.patch
6fa4d80
#https://bugzilla.mindrot.org/show_bug.cgi?id=1668
Jan F 003cb0b
Patch30: openssh-5.6p1-keygen.patch
6fa4d80
#https://bugzilla.mindrot.org/show_bug.cgi?id=1644
Jan F 003cb0b
Patch31: openssh-5.2p1-allow-ip-opts.patch
6fa4d80
#https://bugzilla.mindrot.org/show_bug.cgi?id=1701
Jan F 003cb0b
Patch32: openssh-5.8p1-randclean.patch
Jan F 003cb0b
# #https://bugzilla.mindrot.org/show_bug.cgi?id=1636
Jan F 003cb0b
# Patch33: openssh-5.1p1-log-in-chroot.patch
Jan F cae7368
#https://bugzilla.mindrot.org/show_bug.cgi?id=1780
Jan F 003cb0b
Patch34: openssh-5.8p1-kuserok.patch
Jan F 71d3d9c
#http://cvsweb.netbsd.org/cgi-bin/cvsweb.cgi/src/crypto/dist/ssh/Attic/sftp-glob.c.diff?r1=1.13&r2=1.13.12.1&f=h
Jan F 71d3d9c
Patch35: openssh-5.8p1-glob.patch
Jan F 003cb0b
#?
Jan F 003cb0b
Patch50: openssh-5.8p1-fips.patch
Jan F 5c54191
#https://bugzilla.mindrot.org/show_bug.cgi?id=1789
Jan F 003cb0b
Patch51: openssh-5.5p1-x11.patch
Jan F 003cb0b
#?
Jan F 003cb0b
Patch52: openssh-5.6p1-exit-deadlock.patch
Jan F 003cb0b
#?
Jan F 003cb0b
Patch53: openssh-5.1p1-askpass-progress.patch
Jan F 003cb0b
#?
Jan F 003cb0b
Patch54: openssh-4.3p2-askpass-grab-info.patch
Jan F 003cb0b
#?
Jan F 003cb0b
Patch56: openssh-5.2p1-edns.patch
Jan F 003cb0b
#?
Jan F 003cb0b
Patch57: openssh-5.1p1-scp-manpage.patch
Jan F 99f4276
#?
Jan F 99f4276
Patch58: openssh-5.8p1-keycat.patch
Jan F 1499a28
Patch158: openssh-5.8p1-keycat2.patch
Jan F 003cb0b
#http://www.sxw.org.uk/computing/patches/openssh.html
Jan F 003cb0b
Patch60: openssh-5.8p1-gsskex.patch
Jan F 003cb0b
#?
Jan F 003cb0b
Patch61: openssh-5.8p1-gssapi-canohost.patch
Jan F 8fe1509
#---
Jan F 0f7ccbf
#https://bugzilla.mindrot.org/show_bug.cgi?id=1604
Jan F 0f7ccbf
# sctp
Jan F 8fe1509
#https://bugzilla.mindrot.org/show_bug.cgi?id=1873 => https://bugzilla.redhat.com/show_bug.cgi?id=668993
2cb0e73
cvsdist 7d7b035
License: BSD
cvsdist f710772
Group: Applications/Internet
9d725bd
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
cvsdist 8264e71
%if %{nologin}
cvsdist 8264e71
Requires: /sbin/nologin
cvsdist 8264e71
%endif
cvsdist 8264e71
ef32423
Requires: initscripts >= 5.20
cvsdist 8264e71
c92dff4
%if ! %{no_gnome_askpass}
cvsdist 092b0a1
%if %{gtk2}
ef32423
BuildRequires: gtk2-devel
ef32423
BuildRequires: libX11-devel
c92dff4
%else
ef32423
BuildRequires: gnome-libs-devel
cvsdist 092b0a1
%endif
c92dff4
%endif
c92dff4
cvsdist 5ef6073
%if %{scard}
ef32423
BuildRequires: sharutils
cvsdist 5ef6073
%endif
7e7fb42
%if %{ldap}
7e7fb42
BuildRequires: openldap-devel
7e7fb42
%endif
d93958d
BuildRequires: autoconf, automake, perl, zlib-devel
Jan F. Chadima f44bdee
BuildRequires: audit-libs-devel >= 2.0.5
9e777a2
BuildRequires: util-linux, groff
ef32423
BuildRequires: pam-devel
fc2f31d
BuildRequires: tcp_wrappers-devel
13fa787
BuildRequires: fipscheck-devel >= 1.3.0
d93958d
BuildRequires: openssl-devel >= 0.9.8j
cvsdist 8264e71
cvsdist 3e66bdc
%if %{kerberos5}
ef32423
BuildRequires: krb5-devel
cvsdist 3e66bdc
%endif
cvsdist 3e66bdc
c9833c9
%if %{libedit}
0a9a407
BuildRequires: libedit-devel ncurses-devel
c9833c9
%endif
c9833c9
0092bbd
%if %{nss}
0092bbd
BuildRequires: nss-devel
0092bbd
%endif
0092bbd
fc72c21
%if %{WITH_SELINUX}
0e07edf
Requires: libselinux >= 1.27.7
0e07edf
BuildRequires: libselinux-devel >= 1.27.7
fc72c21
Requires: audit-libs >= 1.0.8
fc72c21
BuildRequires: audit-libs >= 1.0.8
fc72c21
%endif
cvsdist 5ef6073
ef32423
BuildRequires: xauth
ef32423
cvsdist f710772
%package clients
9e5c6ec
Summary: An open source SSH client applications
cvsdist f710772
Group: Applications/Internet
13fa787
Requires: openssh = %{version}-%{release}
13fa787
Requires: fipscheck-lib%{_isa} >= 1.3.0
cvsdist f710772
cvsdist f710772
%package server
9e5c6ec
Summary: An open source SSH server daemon
cvsdist f710772
Group: System Environment/Daemons
ef32423
Requires: openssh = %{version}-%{release}
ef32423
Requires(post): chkconfig >= 0.9, /sbin/service
ef32423
Requires(pre): /usr/sbin/useradd
1961bc1
Requires: pam >= 1.0.1-3
13fa787
Requires: fipscheck-lib%{_isa} >= 1.3.0
cvsdist f710772
3fdf10c
%if %{ldap}
3fdf10c
%package ldap
3fdf10c
Summary: A LDAP support for open source SSH server daemon
3fdf10c
Requires: openssh = %{version}-%{release}
3fdf10c
Group: System Environment/Daemons
3fdf10c
%endif
3fdf10c
Jan F 99f4276
%package keycat
Jan F 99f4276
Summary: A mls keycat backend for openssh
Jan F 99f4276
Requires: openssh = %{version}-%{release}
Jan F 99f4276
Group: System Environment/Daemons
Jan F 99f4276
cvsdist f710772
%package askpass
ef32423
Summary: A passphrase dialog for OpenSSH and X
cvsdist f710772
Group: Applications/Internet
cvsdist 3287400
Requires: openssh = %{version}-%{release}
762e407
Obsoletes: openssh-askpass-gnome
762e407
Provides: openssh-askpass-gnome
cvsdist f710772
e47cb00
%package -n pam_ssh_agent_auth
e47cb00
Summary: PAM module for authentication with ssh-agent
e47cb00
Group: System Environment/Base
e47cb00
Version: %{pam_ssh_agent_ver}
04cab1d
Release: %{pam_ssh_agent_rel}.%{openssh_rel}%{?dist}%{?rescue_rel}
7451555
License: BSD
e47cb00
cvsdist f710772
%description
cvsdist 7d7b035
SSH (Secure SHell) is a program for logging into and executing
cvsdist 7d7b035
commands on a remote machine. SSH is intended to replace rlogin and
cvsdist 7d7b035
rsh, and to provide secure encrypted communications between two
cvsdist 7d7b035
untrusted hosts over an insecure network. X11 connections and
cvsdist f710772
arbitrary TCP/IP ports can also be forwarded over the secure channel.
cvsdist f710772
cvsdist 7d7b035
OpenSSH is OpenBSD's version of the last free version of SSH, bringing
9e5c6ec
it up to date in terms of security and features.
cvsdist f710772
cvsdist f710772
This package includes the core files necessary for both the OpenSSH
cvsdist 7d7b035
client and server. To make this package useful, you should also
cvsdist f710772
install openssh-clients, openssh-server, or both.
cvsdist f710772
cvsdist f710772
%description clients
cvsdist 7d7b035
OpenSSH is a free version of SSH (Secure SHell), a program for logging
cvsdist 7d7b035
into and executing commands on a remote machine. This package includes
cvsdist 7d7b035
the clients necessary to make encrypted connections to SSH servers.
cvsdist f710772
cvsdist f710772
%description server
cvsdist 7d7b035
OpenSSH is a free version of SSH (Secure SHell), a program for logging
cvsdist 7d7b035
into and executing commands on a remote machine. This package contains
cvsdist 7d7b035
the secure shell daemon (sshd). The sshd daemon allows SSH clients to
9e5c6ec
securely connect to your SSH server.
cvsdist f710772
3fdf10c
%if %{ldap}
3fdf10c
%description ldap
3fdf10c
OpenSSH LDAP backend is a way how to distribute the authorized tokens
3fdf10c
among the servers in the network.
3fdf10c
%endif
3fdf10c
Jan F 99f4276
%description keycat
Jan F 99f4276
OpenSSH mls keycat is backend for using the authorized keys in the
Jan F 99f4276
openssh in the mls mode.
Jan F 99f4276
cvsdist f710772
%description askpass
cvsdist 7d7b035
OpenSSH is a free version of SSH (Secure SHell), a program for logging
cvsdist 7d7b035
into and executing commands on a remote machine. This package contains
cvsdist 7d7b035
an X11 passphrase dialog for OpenSSH.
cvsdist f710772
e47cb00
%description -n pam_ssh_agent_auth
e47cb00
This package contains a PAM module which can be used to authenticate
e47cb00
users using ssh keys stored in a ssh-agent. Through the use of the
e47cb00
forwarding of ssh-agent connection it also allows to authenticate with
e47cb00
remote ssh-agent instance.
e47cb00
e47cb00
The module is most useful for su and sudo service stacks.
e47cb00
cvsdist 43f95f0
%prep
e47cb00
%setup -q -a 4
Jan F 5c20fa8
#Do not enable by default
Jan F f9ff105
###%patch99 -p1 -b .wIm
cvsdist 43f95f0
%patch0 -p1 -b .redhat
Jan F f9ff105
%patch100 -p1 -b .fingerprint
Jan F 8fe1509
%patch200 -p1 -b .exit
Jan F edc1723
%patch8 -p1 -b .audit0
Jan F edc1723
%patch108 -p1 -b .audit0a
Jan F 483c733
%patch1 -p1 -b .audit1
Jan F 9cefae0
%patch101 -p1 -b .audit1a
Jan F 003cb0b
%patch2 -p1 -b .audit2
Jan F 2c1a4ad
%patch102 -p1 -b .audit2a
Jan F 003cb0b
%patch3 -p1 -b .audit3
Jan F 9cefae0
%patch103 -p1 -b .audit3a
Jan F 003cb0b
%patch4 -p1 -b .audit4
Jan F 9cefae0
%patch104 -p1 -b .audit4a
Jan F 003cb0b
%patch5 -p1 -b .audit5
Jan F 2c1a4ad
%patch105 -p1 -b .audit5a
Jan F 8fe1509
%patch6 -p1 -b .reseed
Jan F 8fe1509
%patch7 -p1 -b .entropy
Jan F 003cb0b
%patch9 -p1 -b .vendor
e47cb00
%if %{pam_ssh_agent}
e47cb00
pushd pam_ssh_agent_auth-%{pam_ssh_agent_ver}
e47cb00
%patch10 -p1 -b .psaa-build
Jan F. Chadima d2ed53b
%patch11 -p1 -b .psaa-seteuid
e47cb00
# Remove duplicate headers
e47cb00
rm -f $(cat %{SOURCE5})
e47cb00
popd
e47cb00
%endif
Jan F 377ba3c
%patch20 -p1 -b .akc
Jan F 2c1a4ad
%if %{ldap}
Jan F 377ba3c
%patch21 -p1 -b .ldap
Jan F b934981
%patch121 -p1 -b .ldap2
Jan F 2c1a4ad
%endif
Jan F 003cb0b
%if %{WITH_SELINUX}
Jan F 003cb0b
#SELinux
Jan F 003cb0b
%patch22 -p1 -b .selinux
Jan F f33c99e
%patch23 -p1 -b .role
Jan F f33c99e
%patch24 -p1 -b .mls
Jan F 8fe1509
%patch26 -p1 -b .sftpcontext
Jan F 003cb0b
%endif
Jan F f33c99e
%patch30 -p1 -b .keygen
Jan F f33c99e
%patch31 -p1 -b .ip-opts
Jan F f33c99e
%patch32 -p1 -b .randclean
Jan F f33c99e
%patch34 -p1 -b .kuserok
Jan F f33c99e
%patch35 -p1 -b .glob
Jan F f33c99e
%patch50 -p1 -b .fips
Jan F f33c99e
%patch51 -p1 -b .x11
Jan F f33c99e
%patch52 -p1 -b .exit-deadlock
Jan F f33c99e
%patch53 -p1 -b .progress
Jan F f33c99e
%patch54 -p1 -b .grab-info
Jan F f33c99e
%patch56 -p1 -b .edns
Jan F f33c99e
%patch57 -p1 -b .manpage
Jan F f33c99e
%patch58 -p1 -b .keycat
Jan F f33c99e
%patch158 -p1 -b .keycat2
Jan F f33c99e
%patch60 -p1 -b .gsskex
Jan F f33c99e
%patch61 -p1 -b .canohost
05c945b
8ccaa9f
autoreconf
50a3ddb
pushd pam_ssh_agent_auth-%{pam_ssh_agent_ver}
50a3ddb
autoreconf
50a3ddb
popd
cvsdist ffdec57
cvsdist 43f95f0
%build
09d7e68
CFLAGS="$RPM_OPT_FLAGS"; export CFLAGS
cvsdist fe98d86
%if %{rescue}
cvsdist fe98d86
CFLAGS="$CFLAGS -Os"
cvsdist fe98d86
%endif
cvsdist fe98d86
%if %{pie}
91bdf49
%ifarch s390 s390x sparc sparcv9 sparc64
e47cb00
CFLAGS="$CFLAGS -fPIC"
cvsdist 8f87201
%else
e47cb00
CFLAGS="$CFLAGS -fpic"
cvsdist 8f87201
%endif
e47cb00
SAVE_LDFLAGS="$LDFLAGS"
Jan F 003cb0b
LDFLAGS="$LDFLAGS -pie -z relro -z now"
Jan F 003cb0b
Jan F 003cb0b
export CFLAGS
Jan F 003cb0b
export LDFLAGS
Jan F 003cb0b
cvsdist fe98d86
%endif
cvsdist 092b0a1
%if %{kerberos5}
2640293
if test -r /etc/profile.d/krb5-devel.sh ; then
2640293
        source /etc/profile.d/krb5-devel.sh
2640293
fi
cvsdist 092b0a1
krb5_prefix=`krb5-config --prefix`
cvsdist 092b0a1
if test "$krb5_prefix" != "%{_prefix}" ; then
cvsdist 092b0a1
	CPPFLAGS="$CPPFLAGS -I${krb5_prefix}/include -I${krb5_prefix}/include/gssapi"; export CPPFLAGS
cvsdist 092b0a1
	CFLAGS="$CFLAGS -I${krb5_prefix}/include -I${krb5_prefix}/include/gssapi"
cvsdist 092b0a1
	LDFLAGS="$LDFLAGS -L${krb5_prefix}/%{_lib}"; export LDFLAGS
cvsdist 092b0a1
else
cvsdist 092b0a1
	krb5_prefix=
cvsdist 092b0a1
	CPPFLAGS="-I%{_includedir}/gssapi"; export CPPFLAGS
cvsdist 092b0a1
	CFLAGS="$CFLAGS -I%{_includedir}/gssapi"
cvsdist 092b0a1
fi
cvsdist 092b0a1
%endif
cvsdist b46e395
cvsdist 43f95f0
%configure \
cvsdist 43f95f0
	--sysconfdir=%{_sysconfdir}/ssh \
cvsdist 43f95f0
	--libexecdir=%{_libexecdir}/openssh \
cvsdist b46e395
	--datadir=%{_datadir}/openssh \
cvsdist 43f95f0
	--with-tcp-wrappers \
cvsdist 8264e71
	--with-default-path=/usr/local/bin:/bin:/usr/bin \
cvsdist 8264e71
	--with-superuser-path=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin \
cvsdist 8264e71
	--with-privsep-path=%{_var}/empty/sshd \
8ccaa9f
	--enable-vendor-patchlevel="FC-%{version}-%{release}" \
8ccaa9f
	--disable-strip \
de2e7a3
	--without-zlib-version-check \
ff6d597
	--with-ssl-engine \
Jan F abe4bc8
	--with-authorized-keys-command \
c3274cc
%if %{nss}
c3274cc
	--with-nss \
c3274cc
%endif
cvsdist b46e395
%if %{scard}
cvsdist b46e395
	--with-smartcard \
cvsdist b46e395
%endif
7e7fb42
%if %{ldap}
7e7fb42
	--with-ldap \
7e7fb42
%endif
cvsdist 43f95f0
%if %{rescue}
cvsdist ffdec57
	--without-pam \
cvsdist 3e66bdc
%else
cvsdist 3e66bdc
	--with-pam \
cvsdist 3e66bdc
%endif
fc72c21
%if %{WITH_SELINUX}
Jan F faae1e8
	--with-selinux --with-audit=linux \
fc72c21
%endif
cvsdist 3e66bdc
%if %{kerberos5}
c9833c9
	--with-kerberos5${krb5_prefix:+=${krb5_prefix}} \
cvsdist 43f95f0
%else
c9833c9
	--without-kerberos5 \
c9833c9
%endif
c9833c9
%if %{libedit}
c9833c9
	--with-libedit
c9833c9
%else
c9833c9
	--without-libedit
cvsdist b46e395
%endif
cvsdist b46e395
cvsdist b46e395
%if %{static_libcrypto}
cvsdist b46e395
perl -pi -e "s|-lcrypto|%{_libdir}/libcrypto.a|g" Makefile
cvsdist 43f95f0
%endif
cvsdist 43f95f0
cvsdist 43f95f0
make
cvsdist 43f95f0
cvsdist 8264e71
# Define a variable to toggle gnome1/gtk2 building.  This is necessary
cvsdist 8264e71
# because RPM doesn't handle nested %if statements.
cvsdist 8264e71
%if %{gtk2}
cvsdist 3e66bdc
	gtk2=yes
cvsdist 8264e71
%else
cvsdist 3e66bdc
	gtk2=no
cvsdist 8264e71
%endif
cvsdist 8264e71
cvsdist 43f95f0
%if ! %{no_gnome_askpass}
cvsdist 43f95f0
pushd contrib
cvsdist 8264e71
if [ $gtk2 = yes ] ; then
cvsdist 3e66bdc
	make gnome-ssh-askpass2
cvsdist 3e66bdc
	mv gnome-ssh-askpass2 gnome-ssh-askpass
cvsdist 8264e71
else
cvsdist 3e66bdc
	make gnome-ssh-askpass1
cvsdist 3e66bdc
	mv gnome-ssh-askpass1 gnome-ssh-askpass
cvsdist 8264e71
fi
cvsdist 43f95f0
popd
cvsdist 43f95f0
%endif
cvsdist 43f95f0
e47cb00
%if %{pam_ssh_agent}
e47cb00
pushd pam_ssh_agent_auth-%{pam_ssh_agent_ver}
e47cb00
LDFLAGS="$SAVE_LDFLAGS"
50a3ddb
%configure --with-selinux --libexecdir=/%{_lib}/security --with-mantype=man
e47cb00
make
e47cb00
popd
e47cb00
%endif
e47cb00
d93958d
# Add generation of HMAC checksums of the final stripped binaries
d93958d
%define __spec_install_post \
d93958d
    %{?__debug_package:%{__debug_install_post}} \
d93958d
    %{__arch_install_post} \
d93958d
    %{__os_install_post} \
13fa787
    fipshmac -d $RPM_BUILD_ROOT%{_libdir}/fipscheck $RPM_BUILD_ROOT%{_bindir}/ssh $RPM_BUILD_ROOT%{_sbindir}/sshd \
d93958d
%{nil}
d93958d
cvsdist 43f95f0
%install
cvsdist 43f95f0
rm -rf $RPM_BUILD_ROOT
cvsdist 43f95f0
mkdir -p -m755 $RPM_BUILD_ROOT%{_sysconfdir}/ssh
cvsdist 43f95f0
mkdir -p -m755 $RPM_BUILD_ROOT%{_libexecdir}/openssh
320a1c8
mkdir -p -m755 $RPM_BUILD_ROOT%{_var}/empty/sshd
cvsdist 43f95f0
make install DESTDIR=$RPM_BUILD_ROOT
99d9a39
rm -f $RPM_BUILD_ROOT%{_sysconfdir}/ssh/ldap.conf
cvsdist 43f95f0
cvsdist 43f95f0
install -d $RPM_BUILD_ROOT/etc/pam.d/
cvsdist 43f95f0
install -d $RPM_BUILD_ROOT/etc/rc.d/init.d
cvsdist 43f95f0
install -d $RPM_BUILD_ROOT%{_libexecdir}/openssh
13fa787
install -d $RPM_BUILD_ROOT%{_libdir}/fipscheck
ca47f63
install -m644 %{SOURCE2} $RPM_BUILD_ROOT/etc/pam.d/sshd
Jan F 99f4276
install -m644 %{SOURCE6} $RPM_BUILD_ROOT/etc/pam.d/ssh-keycat
ca47f63
install -m755 %{SOURCE3} $RPM_BUILD_ROOT/etc/rc.d/init.d/sshd
f94d8f5
install -m755 contrib/ssh-copy-id $RPM_BUILD_ROOT%{_bindir}/
f94d8f5
install contrib/ssh-copy-id.1 $RPM_BUILD_ROOT%{_mandir}/man1/
cvsdist 43f95f0
cvsdist 43f95f0
%if ! %{no_gnome_askpass}
cvsdist 43f95f0
install -s contrib/gnome-ssh-askpass $RPM_BUILD_ROOT%{_libexecdir}/openssh/gnome-ssh-askpass
cvsdist 43f95f0
%endif
cvsdist 43f95f0
cvsdist 8180003
%if ! %{scard}
cvsdist 3e66bdc
	rm -f $RPM_BUILD_ROOT%{_datadir}/openssh/Ssh.bin
cvsdist 8180003
%endif
cvsdist 8180003
cvsdist ffdec57
%if ! %{no_gnome_askpass}
09d7e68
ln -s gnome-ssh-askpass $RPM_BUILD_ROOT%{_libexecdir}/openssh/ssh-askpass
cvsdist b46e395
install -m 755 -d $RPM_BUILD_ROOT%{_sysconfdir}/profile.d/
cvsdist 8264e71
install -m 755 contrib/redhat/gnome-ssh-askpass.csh $RPM_BUILD_ROOT%{_sysconfdir}/profile.d/
cvsdist 8264e71
install -m 755 contrib/redhat/gnome-ssh-askpass.sh $RPM_BUILD_ROOT%{_sysconfdir}/profile.d/
cvsdist ffdec57
%endif
cvsdist 43f95f0
cvsdist 5ef6073
%if %{no_gnome_askpass}
cvsdist 5ef6073
rm -f $RPM_BUILD_ROOT/etc/profile.d/gnome-ssh-askpass.*
cvsdist 5ef6073
%endif
cvsdist 5ef6073
cvsdist 43f95f0
perl -pi -e "s|$RPM_BUILD_ROOT||g" $RPM_BUILD_ROOT%{_mandir}/man*/*
cvsdist 43f95f0
c3274cc
rm -f README.nss.nss-keys
c3274cc
%if ! %{nss}
c3274cc
rm -f README.nss
c3274cc
%endif
e47cb00
e47cb00
%if %{pam_ssh_agent}
e47cb00
pushd pam_ssh_agent_auth-%{pam_ssh_agent_ver}
e47cb00
make install DESTDIR=$RPM_BUILD_ROOT
e47cb00
popd
e47cb00
%endif
cvsdist 43f95f0
%clean
cvsdist 43f95f0
rm -rf $RPM_BUILD_ROOT
cvsdist 43f95f0
cvsdist 8264e71
%pre server
2fd1054
getent group sshd >/dev/null || groupadd -g %{sshd_uid} -r sshd || :
cvsdist 8264e71
%if %{nologin}
2fd1054
getent passwd sshd >/dev/null || \
2fd1054
  useradd -c "Privilege-separated SSH" -u %{sshd_uid} -g sshd  -s /sbin/nologin \
2fd1054
  -s /sbin/nologin -r -d /var/empty/sshd sshd 2> /dev/null || :
cvsdist 8264e71
%else
2fd1054
getent passwd sshd >/dev/null || \
2fd1054
  useradd -c "Privilege-separated SSH" -u %{sshd_uid} -g sshd  -s /sbin/nologin \
2fd1054
  -s /dev/null -r -d /var/empty/sshd sshd 2> /dev/null || :
cvsdist 8264e71
%endif
cvsdist 8264e71
cvsdist 43f95f0
%post server
cvsdist 43f95f0
/sbin/chkconfig --add sshd
cvsdist 43f95f0
cvsdist 43f95f0
%postun server
cvsdist 43f95f0
/sbin/service sshd condrestart > /dev/null 2>&1 || :
cvsdist 43f95f0
cvsdist 43f95f0
%preun server
cvsdist 43f95f0
if [ "$1" = 0 ]
cvsdist 43f95f0
then
cvsdist 43f95f0
	/sbin/service sshd stop > /dev/null 2>&1 || :
cvsdist 43f95f0
	/sbin/chkconfig --del sshd
cvsdist 43f95f0
fi
cvsdist 43f95f0
cvsdist 43f95f0
%files
cvsdist 43f95f0
%defattr(-,root,root)
99d9a39
%doc CREDITS ChangeLog INSTALL LICENCE OVERVIEW PROTOCOL* README README.platform README.privsep README.tun README.dns TODO WARNING*
cvsdist 43f95f0
%attr(0755,root,root) %dir %{_sysconfdir}/ssh
cvsdist b46e395
%attr(0600,root,root) %config(noreplace) %{_sysconfdir}/ssh/moduli
cvsdist 43f95f0
%if ! %{rescue}
cvsdist 43f95f0
%attr(0755,root,root) %{_bindir}/ssh-keygen
cvsdist 43f95f0
%attr(0644,root,root) %{_mandir}/man1/ssh-keygen.1*
cvsdist 43f95f0
%attr(0755,root,root) %dir %{_libexecdir}/openssh
Jan F. Chadima d2ed53b
%attr(4111,root,root) %{_libexecdir}/openssh/ssh-keysign
cvsdist 8264e71
%attr(0644,root,root) %{_mandir}/man8/ssh-keysign.8*
cvsdist 43f95f0
%endif
cvsdist b46e395
%if %{scard}
cvsdist b46e395
%attr(0755,root,root) %dir %{_datadir}/openssh
cvsdist b46e395
%attr(0644,root,root) %{_datadir}/openssh/Ssh.bin
cvsdist b46e395
%endif
cvsdist 43f95f0
cvsdist 43f95f0
%files clients
cvsdist 43f95f0
%defattr(-,root,root)
cvsdist 8264e71
%attr(0755,root,root) %{_bindir}/ssh
13fa787
%attr(0644,root,root) %{_libdir}/fipscheck/ssh.hmac
cvsdist 43f95f0
%attr(0644,root,root) %{_mandir}/man1/ssh.1*
cvsdist 3e66bdc
%attr(0755,root,root) %{_bindir}/scp
cvsdist 3e66bdc
%attr(0644,root,root) %{_mandir}/man1/scp.1*
cvsdist 43f95f0
%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/ssh/ssh_config
ef32423
%attr(0755,root,root) %{_bindir}/slogin
cvsdist 3e66bdc
%attr(0644,root,root) %{_mandir}/man1/slogin.1*
cvsdist 3e66bdc
%attr(0644,root,root) %{_mandir}/man5/ssh_config.5*
cvsdist 43f95f0
%if ! %{rescue}
Jan F. Chadima d2ed53b
%attr(2111,root,nobody) %{_bindir}/ssh-agent
cvsdist 43f95f0
%attr(0755,root,root) %{_bindir}/ssh-add
cvsdist 43f95f0
%attr(0755,root,root) %{_bindir}/ssh-keyscan
cvsdist 43f95f0
%attr(0755,root,root) %{_bindir}/sftp
f94d8f5
%attr(0755,root,root) %{_bindir}/ssh-copy-id
974c89c
%attr(0755,root,root) %{_libexecdir}/openssh/ssh-pkcs11-helper
cvsdist 43f95f0
%attr(0644,root,root) %{_mandir}/man1/ssh-agent.1*
cvsdist 43f95f0
%attr(0644,root,root) %{_mandir}/man1/ssh-add.1*
cvsdist 43f95f0
%attr(0644,root,root) %{_mandir}/man1/ssh-keyscan.1*
cvsdist 43f95f0
%attr(0644,root,root) %{_mandir}/man1/sftp.1*
f94d8f5
%attr(0644,root,root) %{_mandir}/man1/ssh-copy-id.1*
974c89c
%attr(0644,root,root) %{_mandir}/man8/ssh-pkcs11-helper.8*
cvsdist 43f95f0
%endif
cvsdist 43f95f0
cvsdist 43f95f0
%if ! %{rescue}
cvsdist 43f95f0
%files server
cvsdist 43f95f0
%defattr(-,root,root)
ef32423
%dir %attr(0711,root,root) %{_var}/empty/sshd
cvsdist 43f95f0
%attr(0755,root,root) %{_sbindir}/sshd
13fa787
%attr(0644,root,root) %{_libdir}/fipscheck/sshd.hmac
cvsdist 43f95f0
%attr(0755,root,root) %{_libexecdir}/openssh/sftp-server
cvsdist 8264e71
%attr(0644,root,root) %{_mandir}/man5/sshd_config.5*
93a4744
%attr(0644,root,root) %{_mandir}/man5/moduli.5*
cvsdist 43f95f0
%attr(0644,root,root) %{_mandir}/man8/sshd.8*
cvsdist 43f95f0
%attr(0644,root,root) %{_mandir}/man8/sftp-server.8*
cvsdist 43f95f0
%attr(0600,root,root) %config(noreplace) %{_sysconfdir}/ssh/sshd_config
5a8f6b5
%attr(0644,root,root) %config(noreplace) /etc/pam.d/sshd
ef32423
%attr(0755,root,root) /etc/rc.d/init.d/sshd
cvsdist 43f95f0
%endif
cvsdist 43f95f0
3fdf10c
%if %{ldap}
3fdf10c
%files ldap
3fdf10c
%defattr(-,root,root)
Jan F 9404cdd
%doc HOWTO.ldap-keys openssh-lpk-openldap.schema openssh-lpk-sun.schema ldap.conf
3fdf10c
%attr(0755,root,root) %{_libexecdir}/openssh/ssh-ldap-helper
Jan F b934981
%attr(0755,root,root) %{_libexecdir}/openssh/ssh-ldap-wrapper
3fdf10c
%attr(0644,root,root) %{_mandir}/man8/ssh-ldap-helper.8*
222d52d
%attr(0644,root,root) %{_mandir}/man5/ssh-ldap.conf.5*
3fdf10c
%endif
3fdf10c
Jan F 99f4276
%files keycat
Jan F 99f4276
%defattr(-,root,root)
Jan F 825921b
%doc HOWTO.ssh-keycat
Jan F 99f4276
%attr(0755,root,root) %{_libexecdir}/openssh/ssh-keycat
Jan F 99f4276
%attr(0644,root,root) %config(noreplace) /etc/pam.d/ssh-keycat
Jan F 99f4276
cvsdist 43f95f0
%if ! %{no_gnome_askpass}
09d7e68
%files askpass
cvsdist 43f95f0
%defattr(-,root,root)
b40baab
%attr(0644,root,root) %{_sysconfdir}/profile.d/gnome-ssh-askpass.*
cvsdist 43f95f0
%attr(0755,root,root) %{_libexecdir}/openssh/gnome-ssh-askpass
09d7e68
%attr(0755,root,root) %{_libexecdir}/openssh/ssh-askpass
cvsdist 43f95f0
%endif
cvsdist 43f95f0
e47cb00
%if %{pam_ssh_agent}
e47cb00
%files -n pam_ssh_agent_auth
e47cb00
%defattr(-,root,root)
e47cb00
%doc pam_ssh_agent_auth-%{pam_ssh_agent_ver}/OPENSSH_LICENSE
e47cb00
%attr(0755,root,root) /%{_lib}/security/pam_ssh_agent_auth.so
e47cb00
%attr(0644,root,root) %{_mandir}/man8/pam_ssh_agent_auth.8*
e47cb00
%endif
e47cb00
cvsdist f710772
%changelog
Jan F 8fe1509
* Thu Mar 17 2011 Jan F. Chadima <jchadima@redhat.com> - 5.8p1-18 + 0.9.2-30
Jan F 8fe1509
- add periodical reseeding of random generator 
Jan F 8fe1509
- change selinux contex for internal sftp in do_usercontext
Jan F 8fe1509
- exit(0) after sigterm
Jan F 8fe1509
Jan F 9404cdd
* Thu Mar 10 2011 Jan F. Chadima <jchadima@redhat.com> - 5.8p1-17 + 0.9.2-30
Jan F 9404cdd
- improove ssh-ldap (documentation)
Jan F 9404cdd
Jan F d1fc5c2
* Tue Mar  8 2011 Jan F. Chadima <jchadima@redhat.com> - 5.8p1-16 + 0.9.2-30
Jan F d1fc5c2
- improve session keys audit
Jan F d1fc5c2
Jan F 71d3d9c
* Mon Mar  7 2011 Jan F. Chadima <jchadima@redhat.com> - 5.8p1-15 + 0.9.2-30
Jan F 71d3d9c
- CVE-2010-4755
Jan F 71d3d9c
Jan F 825921b
* Fri Mar  4 2011 Jan F. Chadima <jchadima@redhat.com> - 5.8p1-14 + 0.9.2-30
Jan F 9404cdd
- improove ssh-keycat (documentation)
Jan F 825921b
Jan F edc1723
* Thu Mar  3 2011 Jan F. Chadima <jchadima@redhat.com> - 5.8p1-13 + 0.9.2-30
Jan F edc1723
- improve audit of logins and auths
Jan F edc1723
Jan F 1499a28
* Tue Mar  1 2011 Jan F. Chadima <jchadima@redhat.com> - 5.8p1-12 + 0.9.2-30
Jan F 1499a28
- improove ssk-keycat
Jan F 1499a28
Jan F 99f4276
* Mon Feb 28 2011 Jan F. Chadima <jchadima@redhat.com> - 5.8p1-11 + 0.9.2-30
Jan F 99f4276
- add ssk-keycat
Jan F 99f4276
Jan F b934981
* Fri Feb 25 2011 Jan F. Chadima <jchadima@redhat.com> - 5.8p1-10 + 0.9.2-30
Jan F b934981
- reenable auth-keys ldap backend
Jan F b934981
Jan F 48446f1
* Fri Feb 25 2011 Jan F. Chadima <jchadima@redhat.com> - 5.8p1-9 + 0.9.2-30
Jan F 48446f1
- another audit improovements
Jan F 48446f1
Jan F f9ff105
* Thu Feb 24 2011 Jan F. Chadima <jchadima@redhat.com> - 5.8p1-8 + 0.9.2-30
Jan F 9cefae0
- another audit improovements
Jan F 48446f1
- switchable fingerprint mode
Jan F 9cefae0
Jan F 2c1a4ad
* Thu Feb 17 2011 Jan F. Chadima <jchadima@redhat.com> - 5.8p1-4 + 0.9.2-30
Jan F 48446f1
- improve audit of server key management
Jan F 2c1a4ad
Jan F b9127ef
* Wed Feb 16 2011 Jan F. Chadima <jchadima@redhat.com> - 5.8p1-3 + 0.9.2-30
Jan F 483c733
- improve audit of logins and auths
Jan F 483c733
Jan F 003cb0b
* Mon Feb 14 2011 Jan F. Chadima <jchadima@redhat.com> - 5.8p1-1 + 0.9.2-30
Jan F 003cb0b
- bump openssh version to 5.8p1
Jan F 003cb0b
fa335ee
* Tue Feb 08 2011 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 5.6p1-30.1
fa335ee
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
fa335ee
Jan F cfb0f30
* Mon Feb  7 2011 Jan F. Chadima <jchadima@redhat.com> - 5.6p1-30 + 0.9.2-29
Jan F cfb0f30
- clean the data structures in the non privileged process
Jan F 865391f
- clean the data structures when roaming
Jan F 865391f
Jan F ee23b09
* Tue Feb  2 2011 Jan F. Chadima <jchadima@redhat.com> - 5.6p1-28 + 0.9.2-29
Jan F 6f93166
- clean the data structures in the privileged process
Jan F 6f93166
Jan F f00e4a3
* Tue Jan 25 2011 Jan F. Chadima <jchadima@redhat.com> - 5.6p1-25 + 0.9.2-29
Jan F f00e4a3
- clean the data structures before exit net process
Jan F f00e4a3
Jan F af87384
* Mon Jan 17 2011 Jan F. Chadima <jchadima@redhat.com> - 5.6p1-24 + 0.9.2-29
Jan F af87384
- make audit compatible with the fips mode
Jan F af87384
Jan F 92eab14
* Fri Jan 14 2011 Jan F. Chadima <jchadima@redhat.com> - 5.6p1-23 + 0.9.2-29
Jan F 92eab14
- add audit of destruction the server keys
Jan F 92eab14
Jan F 5c20fa8
* Wed Jan 12 2011 Jan F. Chadima <jchadima@redhat.com> - 5.6p1-22 + 0.9.2-29
Jan F 5c20fa8
- add audit of destruction the session keys
Jan F 5c20fa8
Jan F. Chadima a7cb7d2
* Fri Dec 10 2010 Jan F. Chadima <jchadima@redhat.com> - 5.6p1-21 + 0.9.2-29
Jan F. Chadima a7cb7d2
- reenable run sshd as non root user
Jan F. Chadima a7cb7d2
- renable rekeying
Jan F. Chadima a7cb7d2
Jan F 436639a
* Wed Nov 24 2010 Jan F. Chadima <jchadima@redhat.com> - 5.6p1-20 + 0.9.2-29
Jan F 436639a
- reapair clientloop crash (#627332)
Jan F bb5eb00
- properly restore euid in case connect to the ssh-agent socket fails
Jan F bb5eb00
Jan F. Chadima d2ed53b
* Mon Nov 22 2010 Jan F. Chadima <jchadima@redhat.com> - 5.6p1-19 + 0.9.2-28
Jan F. Chadima d2ed53b
- striped read permissions from suid and sgid binaries
Jan F. Chadima d2ed53b
Jan F 7c53d7e
* Mon Nov 15 2010 Jan F. Chadima <jchadima@redhat.com> - 5.6p1-18 + 0.9.2-27
Jan F 7c53d7e
- used upstream version of the biguid patch
Jan F 7c53d7e
Jan F 82036ab
* Mon Nov 15 2010 Jan F. Chadima <jchadima@redhat.com> - 5.6p1-17 + 0.9.2-27
Jan F 82036ab
- improoved kuserok patch
Jan F 82036ab
Jan F 5daee12
* Fri Nov  5 2010 Jan F. Chadima <jchadima@redhat.com> - 5.6p1-16 + 0.9.2-27
Jan F 5daee12
- add auditing the host based key ussage
Jan F 5daee12
- repait X11 abstract layer socket (#648896)
Jan F 5daee12
Jan F. Chadima f44bdee
* Wed Nov  3 2010 Jan F. Chadima <jchadima@redhat.com> - 5.6p1-15 + 0.9.2-27
Jan F. Chadima f44bdee
- add auditing the kex result
Jan F. Chadima f44bdee
Jan F f8f722e
* Fri Nov  2 2010 Jan F. Chadima <jchadima@redhat.com> - 5.6p1-14 + 0.9.2-27
Jan F 0f4c82e
- add auditing the key ussage
Jan F 0f4c82e
Jan F 2d0bc8b
* Fri Oct 20 2010 Jan F. Chadima <jchadima@redhat.com> - 5.6p1-12 + 0.9.2-27
Jan F 2d0bc8b
- update gsskex patch (#645389)
Jan F 2d0bc8b
Jan F ba25ecf
* Wed Oct 20 2010 Jan F. Chadima <jchadima@redhat.com> - 5.6p1-11 + 0.9.2-27
Jan F ba25ecf
- rebase linux audit according to upstream
Jan F ba25ecf
Jan F. Chadima cf74d50
* Fri Oct  1 2010 Jan F. Chadima <jchadima@redhat.com> - 5.6p1-10 + 0.9.2-27
Jan F. Chadima cf74d50
- add missing headers to linux audit
Jan F. Chadima cf74d50
Jan F faae1e8
* Wed Sep 29 2010 Jan F. Chadima <jchadima@redhat.com> - 5.6p1-9 + 0.9.2-27
Jan F faae1e8
- audit module now uses openssh audit framevork
Jan F faae1e8
Jan F 46c77f5
* Wed Sep 15 2010 Jan F. Chadima <jchadima@redhat.com> - 5.6p1-8 + 0.9.2-27
Jan F 46c77f5
- Add the GSSAPI kuserok switch to the kuserok patch
Jan F 46c77f5
Jan F 4c4aa13
* Wed Sep 15 2010 Jan F. Chadima <jchadima@redhat.com> - 5.6p1-7 + 0.9.2-27
Jan F 4c4aa13
- Repaired the kuserok patch
Jan F 4c4aa13
Jan F ce0606e
* Mon Sep 13 2010 Jan F. Chadima <jchadima@redhat.com> - 5.6p1-6 + 0.9.2-27
Jan F ce0606e
- Repaired the problem with puting entries with very big uid into lastlog
Jan F ce0606e
Jan F 84d568a
* Mon Sep 13 2010 Jan F. Chadima <jchadima@redhat.com> - 5.6p1-5 + 0.9.2-27
Jan F 84d568a
- Merging selabel patch with the upstream version. (#632914)
Jan F 84d568a
Jan F 93909d9
* Mon Sep 13 2010 Jan F. Chadima <jchadima@redhat.com> - 5.6p1-4 + 0.9.2-27
Jan F 84d568a
- Tweaking selabel patch to work properly without selinux rules loaded. (#632914)
Jan F 93909d9
13fa787
* Wed Sep  8 2010 Tomas Mraz <tmraz@redhat.com> - 5.6p1-3 + 0.9.2-27
13fa787
- Make fipscheck hmacs compliant with FHS - requires new fipscheck
13fa787
Jan F f7e15d5
* Fri Sep  3 2010 Jan F. Chadima <jchadima@redhat.com> - 5.6p1-2 + 0.9.2-27
Jan F f7e15d5
- Added -z relro -z now to LDFLAGS
Jan F f7e15d5
Jan F. Chadima c6801b9
* Fri Sep  3 2010 Jan F. Chadima <jchadima@redhat.com> - 5.6p1-1 + 0.9.2-27
Jan F. Chadima c6801b9
- Rebased to openssh5.6p1
Jan F. Chadima c6801b9
7818e56
* Wed Jul  7 2010 Jan F. Chadima <jchadima@redhat.com> - 5.5p1-18 + 0.9.2-26
7818e56
- merged with newer bugzilla's version of authorized keys command patch
7818e56
eb358aa
* Wed Jun 30 2010 Jan F. Chadima <jchadima@redhat.com> - 5.5p1-17 + 0.9.2-26
eb358aa
- improved the x11 patch according to upstream (#598671)
eb358aa
a3dee6b
* Thu Jun 25 2010 Jan F. Chadima <jchadima@redhat.com> - 5.5p1-16 + 0.9.2-26
a3dee6b
- improved the x11 patch (#598671)
a3dee6b
41a56c5
* Thu Jun 24 2010 Jan F. Chadima <jchadima@redhat.com> - 5.5p1-15 + 0.9.2-26
41a56c5
- changed _PATH_UNIX_X to unexistent file name (#598671)
41a56c5
411b917
* Wed Jun 23 2010 Jan F. Chadima <jchadima@redhat.com> - 5.5p1-14 + 0.9.2-26
411b917
- sftp works in deviceless chroot again (broken from 5.5p1-3)
411b917
59d42d3
* Tue Jun  8 2010 Jan F. Chadima <jchadima@redhat.com> - 5.5p1-13 + 0.9.2-26
59d42d3
- add option to switch out krb5_kuserok
59d42d3
2fd1054
* Fri May 21 2010 Jan F. Chadima <jchadima@redhat.com> - 5.5p1-12 + 0.9.2-26
2fd1054
- synchronize uid and gid for the user sshd
2fd1054
b1a625a
* Thu May 20 2010 Jan F. Chadima <jchadima@redhat.com> - 5.5p1-11 + 0.9.2-26
b1a625a
- Typo in ssh-ldap.conf(5) and ssh-ladap-helper(8)
b1a625a
99d9a39
* Fri May 14 2010 Jan F. Chadima <jchadima@redhat.com> - 5.5p1-10 + 0.9.2-26
99d9a39
- Repair the reference in man ssh-ldap-helper(8)
99d9a39
- Repair the PubkeyAgent section in sshd_config(5)
99d9a39
- Provide example ldap.conf
99d9a39
222d52d
* Thu May 13 2010 Jan F. Chadima <jchadima@redhat.com> - 5.5p1-9 + 0.9.2-26
222d52d
- Make the Ldap configuration widely compatible
222d52d
- create the aditional docs for LDAP support.
222d52d
4669c37
* Thu May  6 2010 Jan F. Chadima <jchadima@redhat.com> - 5.5p1-8 + 0.9.2-26
4669c37
- Make LDAP config elements TLS_CACERT and TLS_REQCERT compatiple with pam_ldap (#589360)
4669c37
b6bdf18
* Thu May  6 2010 Jan F. Chadima <jchadima@redhat.com> - 5.5p1-7 + 0.9.2-26
b6bdf18
- Make LDAP config element tls_checkpeer compatiple with nss_ldap (#589360)
b6bdf18
6fa4d80
* Tue May  4 2010 Jan F. Chadima <jchadima@redhat.com> - 5.5p1-6 + 0.9.2-26
6fa4d80
- Comment spec.file
6fa4d80
- Sync patches from upstream
6fa4d80
3fdf10c
* Mon May  3 2010 Jan F. Chadima <jchadima@redhat.com> - 5.5p1-5 + 0.9.2-26
3fdf10c
- Create separate ldap package
3fdf10c
- Tweak the ldap patch
3fdf10c
- Rename stderr patch properly
3fdf10c
7e7fb42
* Wed Apr 29 2010 Jan F. Chadima <jchadima@redhat.com> - 5.5p1-4 + 0.9.2-26
7e7fb42
- Added LDAP support
7e7fb42
2220e68
* Mon Apr 26 2010 Jan F. Chadima <jchadima@redhat.com> - 5.5p1-3 + 0.9.2-26
2220e68
- Ignore .bashrc output to stderr in the subsystems
2220e68
9e777a2
* Tue Apr 20 2010 Jan F. Chadima <jchadima@redhat.com> - 5.5p1-2 + 0.9.2-26
9e777a2
- Drop dependency on man
9e777a2
82bc825
* Fri Apr 16 2010 Jan F. Chadima <jchadima@redhat.com> - 5.5p1-1 + 0.9.2-26
82bc825
- Update to 5.5p1
82bc825
b823409
* Fri Mar 12 2010 Jan F. Chadima <jchadima@redhat.com> - 5.4p1-3 + 0.9.2-25
50a3ddb
- repair configure script of pam_ssh_agent
b823409
- repair error mesage in ssh-keygen
50a3ddb
2640293
* Fri Mar 12 2010 Jan F. Chadima <jchadima@redhat.com> - 5.4p1-2
2640293
- source krb5-devel profile script only if exists
2640293
d1a73d1
* Tue Mar  9 2010 Jan F. Chadima <jchadima@redhat.com> - 5.4p1-1
d1a73d1
- Update to 5.4p1
04cab1d
- discontinued support for nss-keys
04cab1d
- discontinued support for scard
d1a73d1
974c89c
* Wed Mar  3 2010 Jan F. Chadima <jchadima@redhat.com> - 5.4p1-0.snap20100302.1
974c89c
- Prepare update to 5.4p1
974c89c
806a11f
* Mon Feb 15 2010 Jan F. Chadima <jchadima@redhat.com> - 5.3p1-22
806a11f
- ImplicitDSOLinking (#564824)
806a11f
a2a0cf4
* Fri Jan 29 2010 Jan F. Chadima <jchadima@redhat.com> - 5.3p1-21
a2a0cf4
- Allow to use hardware crypto if awailable (#559555)
a2a0cf4
606b55d
* Mon Jan 25 2010 Jan F. Chadima <jchadima@redhat.com> - 5.3p1-20
606b55d
- optimized FD_CLOEXEC on accept socket (#541809)
606b55d
7451555
* Mon Jan 25 2010 Tomas Mraz <tmraz@redhat.com> - 5.3p1-19
7451555
- updated pam_ssh_agent_auth to new version from upstream (just
7451555
  a licence change)
7451555
e39eb5b
* Thu Jan 21 2010 Jan F. Chadima <jchadima@redhat.com> - 5.3p1-18
e39eb5b
- optimized RAND_cleanup patch (#557166)
e39eb5b
28355b8
* Wed Jan 20 2010 Jan F. Chadima <jchadima@redhat.com> - 5.3p1-17
28355b8
- add RAND_cleanup at the exit of each program using RAND (#557166)
28355b8
3131004
* Tue Jan 19 2010 Jan F. Chadima <jchadima@redhat.com> - 5.3p1-16
3131004
- set FD_CLOEXEC on accepted socket (#541809)
3131004
37c0ae0
* Fri Jan  8 2010 Jan F. Chadima <jchadima@redhat.com> - 5.3p1-15
b8bdc7c
- replaced define by global in macros
b8bdc7c
9051e57
* Tue Jan  5 2010 Jan F. Chadima <jchadima@redhat.com> - 5.3p1-14
9051e57
- Update the pka patch
9051e57
ecd50fd
* Mon Dec 21 2009 Jan F. Chadima <jchadima@redhat.com> - 5.3p1-13
ecd50fd
- Update the audit patch
ecd50fd
c32d4ac
* Fri Dec  4 2009 Jan F. Chadima <jchadima@redhat.com> - 5.3p1-12
c32d4ac
- Add possibility to autocreate only RSA key into initscript (#533339)
c32d4ac
6323f67
* Fri Nov 27 2009 Jan F. Chadima <jchadima@redhat.com> - 5.3p1-11
6323f67
- Prepare NSS key patch for future SEC_ERROR_LOCKED_PASSWORD (#537411)
6323f67
0a64234
* Tue Nov 24 2009 Jan F. Chadima <jchadima@redhat.com> - 5.3p1-10
0a64234
- Update NSS key patch (#537411, #356451)
0a64234
0a64234
* Fri Nov 20 2009 Jan F. Chadima <jchadima@redhat.com> - 5.3p1-9
3d742c1
- Add gssapi key exchange patch (#455351)
3d742c1
3d742c1
* Fri Nov 20 2009 Jan F. Chadima <jchadima@redhat.com> - 5.3p1-8
201f4ac
- Add public key agent patch (#455350)
201f4ac
d2767e5
* Mon Nov  2 2009 Jan F. Chadima <jchadima@redhat.com> - 5.3p1-7
d2767e5
- Repair canohost patch to allow gssapi to work when host is acessed via pipe proxy (#531849)
d2767e5
5fb555b
* Thu Oct 29 2009 Jan F. Chadima <jchadima@redhat.com> - 5.3p1-6
5fb555b
- Modify the init script to prevent it to hang during generating the keys (#515145)
5fb555b
838d936
* Tue Oct 27 2009 Jan F. Chadima <jchadima@redhat.com> - 5.3p1-5
838d936
- Add README.nss
838d936
e47cb00
* Mon Oct 19 2009 Tomas Mraz <tmraz@redhat.com> - 5.3p1-4
e47cb00
- Add pam_ssh_agent_auth module to a subpackage.
e47cb00
2ed3f9b
* Fri Oct 16 2009 Jan F. Chadima <jchadima@redhat.com> - 5.3p1-3
2ed3f9b
- Reenable audit.
2ed3f9b
c54a8b0
* Fri Oct  2 2009 Jan F. Chadima <jchadima@redhat.com> - 5.3p1-2
35695c0
- Upgrade to new wersion 5.3p1
35695c0
71e8744
* Tue Sep 29 2009 Jan F. Chadima <jchadima@redhat.com> - 5.2p1-29
71e8744
- Resolve locking in ssh-add (#491312)
71e8744
f013bee
* Thu Sep 24 2009 Jan F. Chadima <jchadima@redhat.com> - 5.2p1-28
cee78eb
- Repair initscript to be acord to guidelines (#521860)
cee78eb
- Add bugzilla# to application of edns and xmodifiers patch
cee78eb
4330e6a
* Wed Sep 16 2009 Jan F. Chadima <jchadima@redhat.com> - 5.2p1-26
4330e6a
- Changed pam stack to password-auth
4330e6a
0447c9e
* Fri Sep 11 2009 Jan F. Chadima <jchadima@redhat.com> - 5.2p1-25
0447c9e
- Dropped homechroot patch
0447c9e
257d66a
* Mon Sep  7 2009 Jan F. Chadima <jchadima@redhat.com> - 5.2p1-24
257d66a
- Add check for nosuid, nodev in homechroot
257d66a
49d0cf7
* Tue Sep  1 2009 Jan F. Chadima <jchadima@redhat.com> - 5.2p1-23
49d0cf7
- add correct patch for ip-opts
49d0cf7
bd8eb96
* Tue Sep  1 2009 Jan F. Chadima <jchadima@redhat.com> - 5.2p1-22
bd8eb96
- replace ip-opts patch by an upstream candidate version
bd8eb96
ce94dae
* Mon Aug 31 2009 Jan F. Chadima <jchadima@redhat.com> - 5.2p1-21
726565c
- rearange selinux patch to be acceptable for upstream
726565c
- replace seftp patch by an upstream version
726565c
15914f2
* Fri Aug 28 2009 Jan F. Chadima <jchadima@redhat.com> - 5.2p1-20
15914f2
- merged xmodifiers to redhat patch
15914f2
- merged gssapi-role to selinux patch
15914f2
- merged cve-2007_3102 to audit patch
15914f2
- sesftp patch only with WITH_SELINUX flag
56bb420
- rearange sesftp patch according to upstream request
15914f2
214b7b9
* Wed Aug 26 2009 Jan F. Chadima <jchadima@redhat.com> - 5.2p1-19
214b7b9
- minor change in sesftp patch
214b7b9
80bcb17
* Fri Aug 21 2009 Tomas Mraz <tmraz@redhat.com> - 5.2p1-18
80bcb17
- rebuilt with new openssl
80bcb17
986cee7
* Thu Jul 30 2009 Jan F. Chadima <jchadima@redhat.com> - 5.2p1-17
cee78eb
- Added dnssec support. (#205842)
986cee7
42c5391
* Sat Jul 25 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 5.2p1-16
42c5391
- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild
42c5391
aa89838
* Fri Jul 24 2009 Jan F. Chadima <jchadima@redhat.com> - 5.2p1-15
aa89838
- only INTERNAL_SFTP can be home-chrooted
aa89838
- save _u and _r parts of context changing to sftpd_t
aa89838
3d6b00a
* Fri Jul 17 2009 Jan F. Chadima <jchadima@redhat.com> - 5.2p1-14
3d6b00a
- changed internal-sftp context to sftpd_t
3d6b00a
3d6b00a
* Fri Jul  3 2009 Jan F. Chadima <jchadima@redhat.com> - 5.2p1-13
3d6b00a
- changed home length path patch to upstream version
3d6b00a
3d6b00a
* Tue Jun 30 2009 Jan F. Chadima <jchadima@redhat.com> - 5.2p1-12
ca05b36
- create '~/.ssh/known_hosts' within proper context
ca05b36
f4b0b4b
* Mon Jun 29 2009 Jan F. Chadima <jchadima@redhat.com> - 5.2p1-11
f4b0b4b
- length of home path in ssh now limited by PATH_MAX
ca05b36
- correct timezone with daylight processing
f4b0b4b
eca05fc
* Sat Jun 27 2009 Jan F. Chadima <jchadima@redhat.com> - 5.2p1-10
eca05fc
- final version chroot %%h (sftp only)
eca05fc
c1398b8
* Tue Jun 23 2009 Jan F. Chadima <jchadima@redhat.com> - 5.2p1-9
c1398b8
- repair broken ls in chroot %%h
c1398b8
ecd8460
* Fri Jun 12 2009 Jan F. Chadima <jchadima@redhat.com> - 5.2p1-8
cee78eb
- add XMODIFIERS to exported environment (#495690)
e45f2ca
76f329e
* Fri May 15 2009 Tomas Mraz <tmraz@redhat.com> - 5.2p1-6
76f329e
- allow only protocol 2 in the FIPS mode
76f329e
685b623
* Thu Apr 30 2009 Tomas Mraz <tmraz@redhat.com> - 5.2p1-5
685b623
- do integrity verification only on binaries which are part
685b623
  of the OpenSSH FIPS modules
685b623
0a4fa5d
* Mon Apr 20 2009 Tomas Mraz <tmraz@redhat.com> - 5.2p1-4
0a4fa5d
- log if FIPS mode is initialized
0a4fa5d
- make aes-ctr cipher modes work in the FIPS mode
0a4fa5d
061e214
* Fri Apr  3 2009 Jan F. Chadima <jchadima@redhat.com> - 5.2p1-3
061e214
- fix logging after chroot
3a94ae1
- enable non root users to use chroot %%h in internal-sftp
061e214
0f07b4a
* Fri Mar 13 2009 Tomas Mraz <tmraz@redhat.com> - 5.2p1-2
0f07b4a
- add AES-CTR ciphers to the FIPS mode proposal
0f07b4a
0f07b4a
* Mon Mar  9 2009 Jan F. Chadima <jchadima@redhat.com> - 5.2p1-1
a3ba41c
- upgrade to new upstream release
a3ba41c
c5f25a5
* Thu Feb 26 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 5.1p1-8
c5f25a5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild
c5f25a5
d93958d
* Thu Feb 12 2009 Tomas Mraz <tmraz@redhat.com> - 5.1p1-7
d93958d
- drop obsolete triggers
d93958d
- add testing FIPS mode support
d93958d
- LSBize the initscript (#247014)
d93958d
ff6d597
* Fri Jan 30 2009 Tomas Mraz <tmraz@redhat.com> - 5.1p1-6
ff6d597
- enable use of ssl engines (#481100)
ff6d597
6a5e296
* Thu Jan 15 2009 Tomas Mraz <tmraz@redhat.com> - 5.1p1-5
6a5e296
- remove obsolete --with-rsh (#478298)
6a5e296
- add pam_sepermit to allow blocking confined users in permissive mode
6a5e296
  (#471746)
6a5e296
- move system-auth after pam_selinux in the session stack
6a5e296
9e5c6ec
* Thu Dec 11 2008 Tomas Mraz <tmraz@redhat.com> - 5.1p1-4
9e5c6ec
- set FD_CLOEXEC on channel sockets (#475866)
9e5c6ec
- adjust summary
9e5c6ec
- adjust nss-keys patch so it is applicable without selinux patches (#470859)
9e5c6ec
b9a07ad
* Fri Oct 17 2008 Tomas Mraz <tmraz@redhat.com> - 5.1p1-3
b9a07ad
- fix compatibility with some servers (#466818)
b9a07ad
578f0d0
* Thu Jul 31 2008 Tomas Mraz <tmraz@redhat.com> - 5.1p1-2
578f0d0
- fixed zero length banner problem (#457326)
578f0d0
93a4744
* Wed Jul 23 2008 Tomas Mraz <tmraz@redhat.com> - 5.1p1-1
93a4744
- upgrade to new upstream release
93a4744
- fixed a problem with public key authentication and explicitely
93a4744
  specified SELinux role
93a4744
077dad7
* Wed May 21 2008 Tomas Mraz <tmraz@redhat.com> - 5.0p1-3
077dad7
- pass the connection socket to ssh-keysign (#447680)
077dad7
1961bc1
* Mon May 19 2008 Tomas Mraz <tmraz@redhat.com> - 5.0p1-2
1961bc1
- add LANGUAGE to accepted/sent environment variables (#443231)
1961bc1
- use pam_selinux to obtain the user context instead of doing it itself
1961bc1
- unbreak server keep alive settings (patch from upstream)
1961bc1
- small addition to scp manpage
1961bc1
ca47f63
* Mon Apr  7 2008 Tomas Mraz <tmraz@redhat.com> - 5.0p1-1
ca47f63
- upgrade to new upstream (#441066)
ca47f63
- prevent initscript from killing itself on halt with upstart (#438449)
ca47f63
- initscript status should show that the daemon is running
ca47f63
  only when the main daemon is still alive (#430882)
ca47f63
ca47f63
* Thu Mar  6 2008 Tomas Mraz <tmraz@redhat.com> - 4.7p1-10
ca47f63
- fix race on control master and cleanup stale control socket (#436311)
ca47f63
  patches by David Woodhouse
ca47f63
2cb0e73
* Fri Feb 29 2008 Tomas Mraz <tmraz@redhat.com> - 4.7p1-9
2cb0e73
- set FD_CLOEXEC on client socket
2cb0e73
- apply real fix for window size problem (#286181) from upstream
2cb0e73
- apply fix for the spurious failed bind from upstream
2cb0e73
- apply open handle leak in sftp fix from upstream
2cb0e73
91bdf49
* Tue Feb 12 2008 Dennis Gilmore <dennis@ausil.us> - 4.7p1-8
91bdf49
- we build for sparcv9 now  and it needs -fPIE
91bdf49
993dd1a
* Thu Jan  3 2008 Tomas Mraz <tmraz@redhat.com> - 4.7p1-7
993dd1a
- fix gssapi auth with explicit selinux role requested (#427303) - patch
993dd1a
  by Nalin Dahyabhai
993dd1a
3457e3e
* Tue Dec  4 2007 Tomas Mraz <tmraz@redhat.com> - 4.7p1-6
2cc09c6
- explicitly source krb5-devel profile script
3457e3e
3457e3e
* Tue Dec 04 2007 Release Engineering <rel-eng at fedoraproject dot org> - 4.7p1-5
3457e3e
- Rebuild for openssl bump
9eac427
b1ffa00
* Tue Nov 20 2007 Tomas Mraz <tmraz@redhat.com> - 4.7p1-4
8b8c4dc
- do not copy /etc/localtime into the chroot as it is not
8b8c4dc
  necessary anymore (#193184)
8b8c4dc
- call setkeycreatecon when selinux context is established
8b8c4dc
- test for NULL privk when freeing key (#391871) - patch by
8b8c4dc
  Pierre Ossman
8b8c4dc
95be083
* Mon Sep 17 2007 Tomas Mraz <tmraz@redhat.com> - 4.7p1-2
95be083
- revert default window size adjustments (#286181)
95be083
c9833c9
* Thu Sep  6 2007 Tomas Mraz <tmraz@redhat.com> - 4.7p1-1
c9833c9
- upgrade to latest upstream
c9833c9
- use libedit in sftp (#203009)
c9833c9
- fixed audit log injection problem (CVE-2007-3102)
c9833c9
f370730
* Thu Aug  9 2007 Tomas Mraz <tmraz@redhat.com> - 4.5p1-8
f370730
- fix sftp client problems on write error (#247802)
f370730
- allow disabling autocreation of server keys (#235466)
f370730
c3274cc
* Wed Jun 20 2007 Tomas Mraz <tmraz@redhat.com> - 4.5p1-7
c3274cc
- experimental NSS keys support
c3274cc
- correctly setup context when empty level requested (#234951)
c3274cc
7210c01
* Tue Mar 20 2007 Tomas Mraz <tmraz@redhat.com> - 4.5p1-6
7210c01
- mls level check must be done with default role same as requested
7210c01
b40baab
* Mon Mar 19 2007 Tomas Mraz <tmraz@redhat.com> - 4.5p1-5
b40baab
- make profile.d/gnome-ssh-askpass.* regular files (#226218)
b40baab
546fdd9
* Thu Feb 27 2007 Tomas Mraz <tmraz@redhat.com> - 4.5p1-4
546fdd9
- reject connection if requested mls range is not obtained (#229278)
546fdd9
9d725bd
* Wed Feb 22 2007 Tomas Mraz <tmraz@redhat.com> - 4.5p1-3
9d725bd
- improve Buildroot
9d725bd
- remove duplicate /etc/ssh from files
9d725bd
c2b35d0
* Tue Jan 16 2007 Tomas Mraz <tmraz@redhat.com> - 4.5p1-2
c2b35d0
- support mls on labeled networks (#220487)
c2b35d0
- support mls level selection on unlabeled networks
c2b35d0
- allow / in usernames in scp (only beginning /, ./, and ../ is special) 
c2b35d0
ad07b99
* Thu Dec 21 2006 Tomas Mraz <tmraz@redhat.com> - 4.5p1-1
ad07b99
- update to 4.5p1 (#212606)
ad07b99
914284f
* Thu Nov 30 2006 Tomas Mraz <tmraz@redhat.com> - 4.3p2-14
914284f
- fix gssapi with DNS loadbalanced clusters (#216857)
914284f
d63dc67
* Tue Nov 28 2006 Tomas Mraz <tmraz@redhat.com> - 4.3p2-13
d63dc67
- improved pam_session patch so it doesn't regress, the patch is necessary
d63dc67
  for the pam_session_close to be called correctly as uid 0
d63dc67
ad61b11
* Fri Nov 10 2006 Tomas Mraz <tmraz@redhat.com> - 4.3p2-12
ad61b11
- CVE-2006-5794 - properly detect failed key verify in monitor (#214641)
ad61b11
19675af
* Thu Nov  2 2006 Tomas Mraz <tmraz@redhat.com> - 4.3p2-11
19675af
- merge sshd initscript patches
19675af
- kill all ssh sessions when stop is called in halt or reboot runlevel
19675af
- remove -TERM option from killproc so we don't race on sshd restart
19675af
7114c42
* Mon Oct  2 2006 Tomas Mraz <tmraz@redhat.com> - 4.3p2-10
7114c42
- improve gssapi-no-spnego patch (#208102)
7114c42
- CVE-2006-4924 - prevent DoS on deattack detector (#207957)
7114c42
- CVE-2006-5051 - don't call cleanups from signal handler (#208459)
7114c42
ac4818c
* Wed Aug 23 2006 Tomas Mraz <tmraz@redhat.com> - 4.3p2-9
ac4818c
- don't report duplicate syslog messages, use correct local time (#189158)
ac4818c
- don't allow spnego as gssapi mechanism (from upstream)
ac4818c
- fixed memleaks found by Coverity (from upstream)
ac4818c
- allow ip options except source routing (#202856) (patch by HP)
ac4818c
c12d6ba
* Tue Aug  8 2006 Tomas Mraz <tmraz@redhat.com> - 4.3p2-8
c12d6ba
- drop the pam-session patch from the previous build (#201341)
c12d6ba
- don't set IPV6_V6ONLY sock opt when listening on wildcard addr (#201594)
c12d6ba
762e407
* Thu Jul 20 2006 Tomas Mraz <tmraz@redhat.com> - 4.3p2-7
762e407
- dropped old ssh obsoletes
762e407
- call the pam_session_open/close from the monitor when privsep is
762e407
  enabled so it is always called as root (patch by Darren Tucker)
762e407
ef32423
* Mon Jul 17 2006 Tomas Mraz <tmraz@redhat.com> - 4.3p2-6
ef32423
- improve selinux patch (by Jan Kiszka)
ef32423
- upstream patch for buffer append space error (#191940)
ef32423
- fixed typo in configure.ac (#198986)
ef32423
- added pam_keyinit to pam configuration (#198628)
ef32423
- improved error message when askpass dialog cannot grab
ef32423
  keyboard input (#198332)
ef32423
- buildrequires xauth instead of xorg-x11-xauth
ef32423
- fixed a few rpmlint warnings
ef32423
d446e97
* Wed Jul 12 2006 Jesse Keating <jkeating@redhat.com> - 4.3p2-5.1
d446e97
- rebuild
d446e97
7e1c558
* Fri Apr 14 2006 Tomas Mraz <tmraz@redhat.com> - 4.3p2-5
7e1c558
- don't request pseudoterminal allocation if stdin is not tty (#188983)
7e1c558
5f29aca
* Thu Mar  2 2006 Tomas Mraz <tmraz@redhat.com> - 4.3p2-4
5f29aca
- allow access if audit is not compiled in kernel (#183243)
5f29aca
e01ed66
* Fri Feb 24 2006 Tomas Mraz <tmraz@redhat.com> - 4.3p2-3
e01ed66
- enable the subprocess in chroot to send messages to system log
e01ed66
- sshd should prevent login if audit call fails
e01ed66
b5e849f
* Tue Feb 21 2006 Tomas Mraz <tmraz@redhat.com> - 4.3p2-2
b5e849f
- print error from scp if not remote (patch by Bjorn Augustsson #178923)
b5e849f
f16d34e
* Mon Feb 13 2006 Tomas Mraz <tmraz@redhat.com> - 4.3p2-1
f16d34e
- new version
f16d34e
3de0ff3
* Fri Feb 10 2006 Jesse Keating <jkeating@redhat.com> - 4.3p1-2.1
3de0ff3
- bump again for double-long bug on ppc(64)
3de0ff3
f223ebd
* Mon Feb  6 2006 Tomas Mraz <tmraz@redhat.com> - 4.3p1-2
f223ebd
- fixed another place where syslog was called in signal handler
f223ebd
- pass locale environment variables to server, accept them there (#179851)
f223ebd
fd638ab
* Wed Feb  1 2006 Tomas Mraz <tmraz@redhat.com> - 4.3p1-1
fd638ab
- new version, dropped obsolete patches
fd638ab
bb93ea2
* Tue Dec 20 2005 Tomas Mraz <tmraz@redhat.com> - 4.2p1-10
bb93ea2
- hopefully make the askpass dialog less confusing (#174765)
bb93ea2
6e3ae48
* Fri Dec 09 2005 Jesse Keating <jkeating@redhat.com>
6e3ae48
- rebuilt
6e3ae48
09d7e68
* Tue Nov 22 2005 Tomas Mraz <tmraz@redhat.com> - 4.2p1-9
09d7e68
- drop x11-ssh-askpass from the package
09d7e68
- drop old build_6x ifs from spec file
09d7e68
- improve gnome-ssh-askpass so it doesn't reveal number of passphrase 
09d7e68
  characters to person looking at the display
09d7e68
- less hackish fix for the __USE_GNU problem
09d7e68
05c945b
* Fri Nov 18 2005 Nalin Dahyabhai <nalin@redhat.com> - 4.2p1-8
05c945b
- work around missing gccmakedep by wrapping makedepend in a local script
db25651
- remove now-obsolete build dependency on "xauth"
05c945b
d40b8ce
* Thu Nov 17 2005 Warren Togami <wtogami@redhat.com> - 4.2p1-7
19e22ad
- xorg-x11-devel -> libXt-devel
19e22ad
- rebuild for new xauth location so X forwarding works
0e58628
- buildreq audit-libs-devel
0e58628
- buildreq automake for aclocal
0e58628
- buildreq imake for xmkmf
0e58628
-  -D_GNU_SOURCE in flags in order to get it to build
0e58628
   Ugly hack to workaround openssh defining __USE_GNU which is
0e58628
   not allowed and causes problems according to Ulrich Drepper
0e58628
   fix this the correct way after FC5test1
d40b8ce
35e1e0c
* Wed Nov  9 2005 Jeremy Katz <katzj@redhat.com> - 4.2p1-6
35e1e0c
- rebuild against new openssl
35e1e0c
fc72c21
* Fri Oct 28 2005 Tomas Mraz <tmraz@redhat.com> 4.2p1-5
fc72c21
- put back the possibility to skip SELinux patch
fc72c21
- add patch for user login auditing by Steve Grubb
fc72c21
5312560
* Tue Oct 18 2005 Dan Walsh <dwalsh@redhat.com> 4.2p1-4
5312560
- Change selinux patch to use get_default_context_with_rolelevel in libselinux.
5312560
0e07edf
* Thu Oct 13 2005 Tomas Mraz <tmraz@redhat.com> 4.2p1-3
0e07edf
- Update selinux patch to use getseuserbyname
0e07edf
5bab487
* Fri Oct  7 2005 Tomas Mraz <tmraz@redhat.com> 4.2p1-2
5bab487
- use include instead of pam_stack in pam config
fd638ab
- use fork+exec instead of system in scp - CVE-2006-0225 (#168167)
5bab487
- upstream patch for displaying authentication errors
5bab487
de2e7a3
* Tue Sep 06 2005 Tomas Mraz <tmraz@redhat.com> 4.2p1-1
de2e7a3
- upgrade to a new upstream version
de2e7a3
f94d8f5
* Tue Aug 16 2005 Tomas Mraz <tmraz@redhat.com> 4.1p1-5
f94d8f5
- use x11-ssh-askpass if openssh-askpass-gnome is not installed (#165207)
f94d8f5
- install ssh-copy-id from contrib (#88707)
f94d8f5
fa14815
* Wed Jul 27 2005 Tomas Mraz <tmraz@redhat.com> 4.1p1-4
fa14815
- don't deadlock on exit with multiple X forwarded channels (#152432)
fa14815
- don't use X11 port which can't be bound on all IP families (#163732)
fa14815
79c9686
* Wed Jun 29 2005 Tomas Mraz <tmraz@redhat.com> 4.1p1-3
79c9686
- fix small regression caused by the nologin patch (#161956)
79c9686
- fix race in getpeername error checking (mindrot #1054)
79c9686
9ac1c8b
* Thu Jun  9 2005 Tomas Mraz <tmraz@redhat.com> 4.1p1-2
9ac1c8b
- use only pam_nologin for nologin testing
9ac1c8b
9cf4ab1
* Mon Jun  6 2005 Tomas Mraz <tmraz@redhat.com> 4.1p1-1
9cf4ab1
- upgrade to a new upstream version
9cf4ab1
- call pam_loginuid as a pam session module
9cf4ab1
9c57713
* Mon May 16 2005 Tomas Mraz <tmraz@redhat.com> 4.0p1-3
9c57713
- link libselinux only to sshd (#157678)
9c57713
1e27c05
* Mon Apr  4 2005 Tomas Mraz <tmraz@redhat.com> 4.0p1-2
1e27c05
- fixed Local/RemoteForward in ssh_config.5 manpage
1e27c05
- fix fatal when Local/RemoteForward is used and scp run (#153258)
1e27c05
- don't leak user validity when using krb5 authentication
1e27c05
5de53f1
* Thu Mar 24 2005 Tomas Mraz <tmraz@redhat.com> 4.0p1-1
5de53f1
- upgrade to 4.0p1
5de53f1
- remove obsolete groups patch
5de53f1
Elliot Lee 683f4f3
* Wed Mar 16 2005 Elliot Lee <sopwith@redhat.com>
Elliot Lee 683f4f3
- rebuilt
Elliot Lee 683f4f3
4f9d64c
* Mon Feb 28 2005 Nalin Dahyabhai <nalin@redhat.com> 3.9p1-12
4f9d64c
- rebuild so that configure can detect that krb5_init_ets is gone now
4f9d64c
8d62bf1
* Mon Feb 21 2005 Tomas Mraz <tmraz@redhat.com> 3.9p1-11
d048f92
- don't call syslog in signal handler
8d62bf1
- allow password authentication when copying from remote
8d62bf1
  to remote machine (#103364)
d048f92
504978b
* Wed Feb  9 2005 Tomas Mraz <tmraz@redhat.com>
504978b
- add spaces to messages in initscript (#138508)
504978b
4c55a53
* Tue Feb  8 2005 Tomas Mraz <tmraz@redhat.com> 3.9p1-10
4c55a53
- enable trusted forwarding by default if X11 forwarding is 
4c55a53
  required by user (#137685 and duplicates)
4c55a53
- disable protocol 1 support by default in sshd server config (#88329)
4c55a53
- keep the gnome-askpass dialog above others (#69131)
4c55a53
5a8f6b5
* Fri Feb  4 2005 Tomas Mraz <tmraz@redhat.com>
4c55a53
- change permissions on pam.d/sshd to 0644 (#64697)
5a8f6b5
- patch initscript so it doesn't kill opened sessions if
4c55a53
  the sshd daemon isn't running anymore (#67624)
5a8f6b5
ede9e01
* Mon Jan  3 2005 Bill Nottingham <notting@redhat.com> 3.9p1-9
ede9e01
- don't use initlog
ede9e01
b562127
* Mon Nov 29 2004 Thomas Woerner <twoerner@redhat.com> 3.9p1-8.1
b562127
- fixed PIE build for all architectures
b562127
8ccaa9f
* Mon Oct  4 2004 Nalin Dahyabhai <nalin@redhat.com> 3.9p1-8
8ccaa9f
- add a --enable-vendor-patchlevel option which allows a ShowPatchLevel option
8ccaa9f
  to enable display of a vendor patch level during version exchange (#120285)
8ccaa9f
- configure with --disable-strip to build useful debuginfo subpackages
8ccaa9f
c92dff4
* Mon Sep 20 2004 Bill Nottingham <notting@redhat.com> 3.9p1-7
c92dff4
- when using gtk2 for askpass, don't buildprereq gnome-libs-devel
c92dff4
567e63c
* Tue Sep 14 2004 Nalin Dahyabhai <nalin@redhat.com> 3.9p1-6
567e63c
- build
567e63c
deb1e49
* Mon Sep 13 2004 Nalin Dahyabhai <nalin@redhat.com>
deb1e49
- disable ACSS support
deb1e49
c82df74
* Thu Sep 2 2004 Daniel Walsh <dwalsh@redhat.com> 3.9p1-5
c82df74
- Change selinux patch to use get_default_context_with_role in libselinux.
c82df74
c82df74
* Thu Sep 2 2004 Daniel Walsh <dwalsh@redhat.com> 3.9p1-4
c82df74
- Fix patch
c82df74
	* Bad debug statement.
c82df74
	* Handle root/sysadm_r:kerberos
c82df74
cvsdist 29a4bfd
* Thu Sep 2 2004 Daniel Walsh <dwalsh@redhat.com> 3.9p1-3
cvsdist 29a4bfd
- Modify Colin Walter's patch to allow specifying rule during connection
cvsdist 29a4bfd
cvsdist d7affcf
* Tue Aug 31 2004 Daniel Walsh <dwalsh@redhat.com> 3.9p1-2
cvsdist d7affcf
- Fix TTY handling for SELinux
cvsdist d7affcf
cvsdist 653818f
* Tue Aug 24 2004 Daniel Walsh <dwalsh@redhat.com> 3.9p1-1
cvsdist 653818f
- Update to upstream
cvsdist 653818f
cvsdist 5ef6073
* Sun Aug 1 2004 Alan Cox <alan@redhat.com> 3.8.1p1-5
cvsdist 5ef6073
- Apply buildreq fixup patch (#125296)
cvsdist 5ef6073
cvsdist 9d5a538
* Tue Jun 15 2004 Daniel Walsh <dwalsh@redhat.com> 3.8.1p1-4
cvsdist 9d5a538
- Clean up patch for upstream submission.
cvsdist 9d5a538
cvsdist de28cc3
* Tue Jun 15 2004 Elliot Lee <sopwith@redhat.com>
cvsdist de28cc3
- rebuilt
cvsdist de28cc3
cvsdist e965c75
* Wed Jun 9 2004 Daniel Walsh <dwalsh@redhat.com> 3.8.1p1-2
cvsdist e965c75
- Remove use of pam_selinux and patch selinux in directly.  
cvsdist e965c75
cvsdist ffdec57
* Mon Jun  7 2004 Nalin Dahyabhai <nalin@redhat.com> 3.8.1p1-1
cvsdist ffdec57
- request gssapi-with-mic by default but not delegation (flag day for anyone
cvsdist ffdec57
  who used previous gssapi patches)
cvsdist ffdec57
- no longer request x11 forwarding by default
cvsdist ffdec57
cvsdist 162c7f9
* Thu Jun 3 2004 Daniel Walsh <dwalsh@redhat.com> 3.6.1p2-36
cvsdist 162c7f9
- Change pam file to use open and close with pam_selinux
cvsdist 162c7f9
cvsdist ffdec57
* Tue Jun  1 2004 Nalin Dahyabhai <nalin@redhat.com> 3.8.1p1-0
cvsdist ffdec57
- update to 3.8.1p1
cvsdist ffdec57
- add workaround from CVS to reintroduce passwordauth using pam
cvsdist ffdec57
cvsdist 73e10ec
* Tue Jun 1 2004 Daniel Walsh <dwalsh@redhat.com> 3.6.1p2-35
cvsdist 73e10ec
- Remove CLOSEXEC on STDERR
cvsdist 73e10ec
cvsdist 8f87201
* Tue Mar 16 2004 Daniel Walsh <dwalsh@redhat.com> 3.6.1p2-34
cvsdist 8f87201
cvsdist 8f87201
* Wed Mar 03 2004 Phil Knirsch <pknirsch@redhat.com> 3.6.1p2-33.30.1
cvsdist 8f87201
- Built RHLE3 U2 update package.
cvsdist 8f87201
cvsdist 8f87201
* Wed Mar 3 2004 Daniel Walsh <dwalsh@redhat.com> 3.6.1p2-33
cvsdist 8f87201
- Close file descriptors on exec 
cvsdist 8f87201
cvsdist 8f87201
* Mon Mar  1 2004 Thomas Woerner <twoerner@redhat.com> 3.6.1p2-32
cvsdist 8f87201
- fixed pie build
cvsdist 8f87201
cvsdist 8f87201
* Thu Feb 26 2004 Daniel Walsh <dwalsh@redhat.com> 3.6.1p2-31
cvsdist 8f87201
- Add restorecon to startup scripts
cvsdist 8f87201
cvsdist 8f87201
* Thu Feb 26 2004 Daniel Walsh <dwalsh@redhat.com> 3.6.1p2-30
cvsdist 8f87201
- Add multiple qualified to openssh
cvsdist 8f87201
cvsdist 8f87201
* Mon Feb 23 2004 Daniel Walsh <dwalsh@redhat.com> 3.6.1p2-29
cvsdist 8f87201
- Eliminate selinux code and use pam_selinux
cvsdist 8f87201
cvsdist 8f87201
* Fri Feb 13 2004 Elliot Lee <sopwith@redhat.com>
cvsdist 8f87201
- rebuilt
cvsdist 8f87201
cvsdist fe98d86
* Mon Jan 26 2004 Daniel Walsh <dwalsh@redhat.com> 3.6.1p2-27
cvsdist fe98d86
- turn off pie on ppc
cvsdist fe98d86
cvsdist fe98d86
* Mon Jan 26 2004 Daniel Walsh <dwalsh@redhat.com> 3.6.1p2-26
cvsdist fe98d86
- fix is_selinux_enabled
cvsdist fe98d86
cvsdist fe98d86
* Wed Jan 14 2004 Daniel Walsh <dwalsh@redhat.com> 3.6.1p2-25
cvsdist fe98d86
- Rebuild to grab shared libselinux
cvsdist fe98d86
cvsdist fe98d86
* Wed Dec 3 2003 Daniel Walsh <dwalsh@redhat.com> 3.6.1p2-24
cvsdist fe98d86
- turn on selinux
cvsdist fe98d86
cvsdist fe98d86
* Tue Nov 18 2003 Nalin Dahyabhai <nalin@redhat.com>
cvsdist fe98d86
- un#ifdef out code for reporting password expiration in non-privsep
cvsdist fe98d86
  mode (#83585)
cvsdist fe98d86
cvsdist fe98d86
* Mon Nov 10 2003 Nalin Dahyabhai <nalin@redhat.com>
cvsdist fe98d86
- add machinery to build with/without -fpie/-pie, default to doing so
cvsdist fe98d86
cvsdist fe98d86
* Thu Nov 06 2003 David Woodhouse <dwmw2@redhat.com> 3.6.1p2-23
cvsdist fe98d86
- Don't whinge about getsockopt failing (#109161)
cvsdist fe98d86
cvsdist fe98d86
* Fri Oct 24 2003 Nalin Dahyabhai <nalin@redhat.com>
cvsdist fe98d86
- add missing buildprereq on zlib-devel (#104558)
cvsdist fe98d86
cvsdist fe98d86
* Mon Oct 13 2003 Daniel Walsh <dwalsh@redhat.com> 3.6.1p2-22
cvsdist fe98d86
- turn selinux off
cvsdist fe98d86
cvsdist fe98d86
* Mon Oct 13 2003 Daniel Walsh <dwalsh@redhat.com> 3.6.1p2-21.sel
cvsdist fe98d86
- turn selinux on
cvsdist fe98d86
cvsdist fe98d86
* Fri Sep 19 2003 Daniel Walsh <dwalsh@redhat.com> 3.6.1p2-21
cvsdist fe98d86
- turn selinux off
cvsdist fe98d86
cvsdist fe98d86
* Fri Sep 19 2003 Daniel Walsh <dwalsh@redhat.com> 3.6.1p2-20.sel
cvsdist fe98d86
- turn selinux on
cvsdist fe98d86
cvsdist fe98d86
* Fri Sep 19 2003 Nalin Dahyabhai <nalin@redhat.com>
cvsdist fe98d86
- additional fix for apparently-never-happens double-free in buffer_free()
cvsdist fe98d86
- extend fix for #103998 to cover SSH1
cvsdist fe98d86
cvsdist fe98d86
* Wed Sep 17 2003 Nalin Dahyabhai <nalin@redhat.com> 3.6.1p2-19
cvsdist 092b0a1
- rebuild
cvsdist 092b0a1
cvsdist fe98d86
* Wed Sep 17 2003 Nalin Dahyabhai <nalin@redhat.com> 3.6.1p2-18
cvsdist 9037309
- additional buffer manipulation cleanups from Solar Designer
cvsdist 9037309
cvsdist 092b0a1
* Wed Sep 17 2003 Daniel Walsh <dwalsh@redhat.com> 3.6.1p2-17
cvsdist 092b0a1
- turn selinux off
cvsdist 092b0a1
cvsdist 092b0a1
* Wed Sep 17 2003 Daniel Walsh <dwalsh@redhat.com> 3.6.1p2-16.sel
cvsdist 092b0a1
- turn selinux on
cvsdist 092b0a1
cvsdist fe98d86
* Tue Sep 16 2003 Bill Nottingham <notting@redhat.com> 3.6.1p2-15
cvsdist 092b0a1
- rebuild
cvsdist 092b0a1
cvsdist fe98d86
* Tue Sep 16 2003 Bill Nottingham <notting@redhat.com> 3.6.1p2-14
cvsdist 9037309
- additional buffer manipulation fixes (CAN-2003-0695)
cvsdist 44a5d2b
cvsdist 092b0a1
* Tue Sep 16 2003 Daniel Walsh <dwalsh@redhat.com> 3.6.1p2-13.sel
cvsdist 092b0a1
- turn selinux on
cvsdist 092b0a1
cvsdist fe98d86
* Tue Sep 16 2003 Nalin Dahyabhai <nalin@redhat.com> 3.6.1p2-12
cvsdist 092b0a1
- rebuild
cvsdist 092b0a1
cvsdist fe98d86
* Tue Sep 16 2003 Nalin Dahyabhai <nalin@redhat.com> 3.6.1p2-11
cvsdist 6eaa41e
- apply patch to store the correct buffer size in allocated buffers
cvsdist 6eaa41e
  (CAN-2003-0693)
cvsdist 6eaa41e
- skip the initial PAM authentication attempt with an empty password if
cvsdist 6eaa41e
  empty passwords are not permitted in our configuration (#103998)
cvsdist 6eaa41e
cvsdist 092b0a1
* Fri Sep 5 2003 Daniel Walsh <dwalsh@redhat.com> 3.6.1p2-10
cvsdist 092b0a1
- turn selinux off
cvsdist 092b0a1
cvsdist 092b0a1
* Fri Sep 5 2003 Daniel Walsh <dwalsh@redhat.com> 3.6.1p2-9.sel
cvsdist 092b0a1
- turn selinux on
cvsdist 092b0a1
cvsdist 092b0a1
* Tue Aug 26 2003 Daniel Walsh <dwalsh@redhat.com> 3.6.1p2-8
cvsdist 092b0a1
- Add BuildPreReq gtk2-devel if gtk2
cvsdist 092b0a1
cvsdist 092b0a1
* Tue Aug 12 2003 Nalin Dahyabhai <nalin@redhat.com> 3.6.1p2-7
cvsdist 092b0a1
- rebuild
cvsdist 092b0a1
cvsdist 092b0a1
* Tue Aug 12 2003 Nalin Dahyabhai <nalin@redhat.com> 3.6.1p2-6
cvsdist 092b0a1
- modify patch which clears the supplemental group list at startup to only
cvsdist 092b0a1
  complain if setgroups() fails if sshd has euid == 0
cvsdist 092b0a1
- handle krb5 installed in %%{_prefix} or elsewhere by using krb5-config
cvsdist 092b0a1
cvsdist 092b0a1
* Tue Jul 28 2003 Daniel Walsh <dwalsh@redhat.com> 3.6.1p2-5
cvsdist 092b0a1
- Add SELinux patch
cvsdist 092b0a1
cvsdist 092b0a1
* Tue Jul 22 2003 Nalin Dahyabhai <nalin@redhat.com> 3.6.1p2-4
cvsdist 092b0a1
- rebuild
cvsdist 092b0a1
cvsdist 092b0a1
* Wed Jun 16 2003 Nalin Dahyabhai <nalin@redhat.com> 3.6.1p2-3
cvsdist 092b0a1
- rebuild
cvsdist 092b0a1
cvsdist 092b0a1
* Wed Jun 16 2003 Nalin Dahyabhai <nalin@redhat.com> 3.6.1p2-2
cvsdist 092b0a1
- rebuild
cvsdist 092b0a1
cvsdist 092b0a1
* Thu Jun  5 2003 Nalin Dahyabhai <nalin@redhat.com> 3.6.1p2-1
cvsdist 092b0a1
- update to 3.6.1p2
cvsdist 092b0a1
cvsdist 092b0a1
* Wed Jun 04 2003 Elliot Lee <sopwith@redhat.com>
3131004
6 rebuilt
cvsdist 092b0a1
cvsdist 092b0a1
* Mon Mar 24 2003 Florian La Roche <Florian.LaRoche@redhat.de>
cvsdist 092b0a1
- add patch for getsockopt() call to work on bigendian 64bit archs
cvsdist 6c4a0be
cvsdist 3e66bdc
* Fri Feb 14 2003 Nalin Dahyabhai <nalin@redhat.com> 3.5p1-6
cvsdist 3e66bdc
- move scp to the -clients subpackage, because it directly depends on ssh
cvsdist 3e66bdc
  which is also in -clients (#84329)
cvsdist 3e66bdc
cvsdist 3e66bdc
* Mon Feb 10 2003 Nalin Dahyabhai <nalin@redhat.com> 3.5p1-5
cvsdist 3e66bdc
- rebuild
cvsdist 3e66bdc
cvsdist 3e66bdc
* Wed Jan 22 2003 Tim Powers <timp@redhat.com>
cvsdist 3e66bdc
- rebuilt
cvsdist 8180003
cvsdist 3e66bdc
* Tue Jan  7 2003 Nalin Dahyabhai <nalin@redhat.com> 3.5p1-3
cvsdist 8180003
- rebuild
cvsdist 8180003
cvsdist 3e66bdc
* Tue Nov 12 2002 Nalin Dahyabhai <nalin@redhat.com> 3.5p1-2
cvsdist 3e66bdc
- patch PAM configuration to use relative path names for the modules, allowing
cvsdist 3e66bdc
  us to not worry about which arch the modules are built for on multilib systems
cvsdist 3e66bdc
cvsdist 3e66bdc
* Tue Oct 15 2002 Nalin Dahyabhai <nalin@redhat.com> 3.5p1-1
cvsdist 3e66bdc
- update to 3.5p1, merging in filelist/perm changes from the upstream spec
cvsdist 3e66bdc
cvsdist 3e66bdc
* Fri Oct  4 2002 Nalin Dahyabhai <nalin@redhat.com> 3.4p1-3
cvsdist 3e66bdc
- merge
cvsdist 3e66bdc
cvsdist 3e66bdc
* Thu Sep 12 2002  Than Ngo <than@redhat.com> 3.4p1-2.1
cvsdist 3e66bdc
- fix to build on multilib systems
cvsdist 3e66bdc
cvsdist 3e66bdc
* Thu Aug 29 2002 Curtis Zinzilieta <curtisz@redhat.com> 3.4p1-2gss
cvsdist 3e66bdc
- added gssapi patches and uncommented patch here
cvsdist 8180003
cvsdist e98831d
* Wed Aug 14 2002 Nalin Dahyabhai <nalin@redhat.com> 3.4p1-2
cvsdist e98831d
- pull patch from CVS to fix too-early free in ssh-keysign (#70009)
cvsdist e98831d
cvsdist 8264e71
* Thu Jun 27 2002 Nalin Dahyabhai <nalin@redhat.com> 3.4p1-1
cvsdist 8264e71
- 3.4p1
cvsdist 8264e71
- drop anon mmap patch
cvsdist 8264e71
cvsdist 8264e71
* Tue Jun 25 2002 Nalin Dahyabhai <nalin@redhat.com> 3.3p1-2
cvsdist 8264e71
- rework the close-on-exit docs
cvsdist 8264e71
- include configuration file man pages
cvsdist 8264e71
- make use of nologin as the privsep shell optional
cvsdist 8264e71
cvsdist 8264e71
* Mon Jun 24 2002 Nalin Dahyabhai <nalin@redhat.com> 3.3p1-1
cvsdist 8264e71
- update to 3.3p1
cvsdist 8264e71
- merge in spec file changes from upstream (remove setuid from ssh, ssh-keysign)
cvsdist 8264e71
- disable gtk2 askpass
cvsdist 8264e71
- require pam-devel by filename rather than by package for erratum
cvsdist 8264e71
- include patch from Solar Designer to work around anonymous mmap failures
cvsdist 7c1cbd3
cvsdist 8264e71
* Fri Jun 21 2002 Tim Powers <timp@redhat.com>
cvsdist 8264e71
- automated rebuild
cvsdist 7c1cbd3
cvsdist 8264e71
* Fri Jun  7 2002 Nalin Dahyabhai <nalin@redhat.com> 3.2.3p1-3
cvsdist 8264e71
- don't require autoconf any more
cvsdist 7c1cbd3
cvsdist 8264e71
* Fri May 31 2002 Nalin Dahyabhai <nalin@redhat.com> 3.2.3p1-2
cvsdist 8264e71
- build gnome-ssh-askpass with gtk2
cvsdist 7c1cbd3
cvsdist 8264e71
* Tue May 28 2002 Nalin Dahyabhai <nalin@redhat.com> 3.2.3p1-1
cvsdist 8264e71
- update to 3.2.3p1
cvsdist 8264e71
- merge in spec file changes from upstream
cvsdist a423ec3
cvsdist 8264e71
* Fri May 17 2002 Nalin Dahyabhai <nalin@redhat.com> 3.2.2p1-1
cvsdist 8264e71
- update to 3.2.2p1
cvsdist a423ec3
cvsdist 8264e71
* Fri May 17 2002 Nalin Dahyabhai <nalin@redhat.com> 3.1p1-4
cvsdist a423ec3
- drop buildreq on db1-devel
cvsdist a423ec3
- require pam-devel by package name
cvsdist a423ec3
- require autoconf instead of autoconf253 again
cvsdist a423ec3
cvsdist 0c11050
* Tue Apr  2 2002 Nalin Dahyabhai <nalin@redhat.com> 3.1p1-3
cvsdist 0c11050
- pull patch from CVS to avoid printing error messages when some of the
cvsdist 0c11050
  default keys aren't available when running ssh-add
cvsdist 0c11050
- refresh to current revisions of Simon's patches
cvsdist 0c11050
 
cvsdist 0c11050
* Thu Mar 21 2002 Nalin Dahyabhai <nalin@redhat.com> 3.1p1-2gss
cvsdist 0c11050
- reintroduce Simon's gssapi patches
cvsdist 0c11050
- add buildprereq for autoconf253, which is needed to regenerate configure
cvsdist 0c11050
  after applying the gssapi patches
cvsdist 0c11050
- refresh to the latest version of Markus's patch to build properly with
cvsdist 0c11050
  older versions of OpenSSL
cvsdist 8f631f8
cvsdist b46e395
* Thu Mar  7 2002 Nalin Dahyabhai <nalin@redhat.com> 3.1p1-2
cvsdist b46e395
- bump and grind (through the build system)
cvsdist b46e395
cvsdist b46e395
* Thu Mar  7 2002 Nalin Dahyabhai <nalin@redhat.com> 3.1p1-1
cvsdist b46e395
- require sharutils for building (mindrot #137)
cvsdist b46e395
- require db1-devel only when building for 6.x (#55105), which probably won't
cvsdist b46e395
  work anyway (3.1 requires OpenSSL 0.9.6 to build), but what the heck
cvsdist b46e395
- require pam-devel by file (not by package name) again
cvsdist b46e395
- add Markus's patch to compile with OpenSSL 0.9.5a (from
cvsdist b46e395
  http://bugzilla.mindrot.org/show_bug.cgi?id=141) and apply it if we're
cvsdist b46e395
  building for 6.x
cvsdist b46e395
cvsdist b46e395
* Thu Mar  7 2002 Nalin Dahyabhai <nalin@redhat.com> 3.1p1-0
cvsdist b46e395
- update to 3.1p1
cvsdist b46e395
cvsdist b46e395
* Tue Mar  5 2002 Nalin Dahyabhai <nalin@redhat.com> SNAP-20020305
cvsdist b46e395
- update to SNAP-20020305
cvsdist b46e395
- drop debug patch, fixed upstream
cvsdist b46e395
cvsdist b46e395
* Wed Feb 20 2002 Nalin Dahyabhai <nalin@redhat.com> SNAP-20020220
cvsdist b46e395
- update to SNAP-20020220 for testing purposes (you've been warned, if there's
cvsdist b46e395
  anything to be warned about, gss patches won't apply, I don't mind)
cvsdist b46e395
cvsdist b46e395
* Wed Feb 13 2002 Nalin Dahyabhai <nalin@redhat.com> 3.0.2p1-3
cvsdist b46e395
- add patches from Simon Wilkinson and Nicolas Williams for GSSAPI key
cvsdist b46e395
  exchange, authentication, and named key support
cvsdist b46e395
cvsdist b46e395
* Wed Jan 23 2002 Nalin Dahyabhai <nalin@redhat.com> 3.0.2p1-2
cvsdist b46e395
- remove dependency on db1-devel, which has just been swallowed up whole
cvsdist b46e395
  by gnome-libs-devel
cvsdist b46e395
cvsdist b46e395
* Sun Dec 29 2001 Nalin Dahyabhai <nalin@redhat.com>
cvsdist b46e395
- adjust build dependencies so that build6x actually works right (fix
cvsdist b46e395
  from Hugo van der Kooij)
cvsdist b46e395
cvsdist b46e395
* Tue Dec  4 2001 Nalin Dahyabhai <nalin@redhat.com> 3.0.2p1-1
cvsdist b46e395
- update to 3.0.2p1
cvsdist b46e395
cvsdist b46e395
* Fri Nov 16 2001 Nalin Dahyabhai <nalin@redhat.com> 3.0.1p1-1
cvsdist b46e395
- update to 3.0.1p1
cvsdist d92638e
cvsdist b46e395
* Tue Nov 13 2001 Nalin Dahyabhai <nalin@redhat.com>
cvsdist b46e395
- update to current CVS (not for use in distribution)
cvsdist 55bc91d
cvsdist b46e395
* Thu Nov  8 2001 Nalin Dahyabhai <nalin@redhat.com> 3.0p1-1
cvsdist b46e395
- merge some of Damien Miller <djm@mindrot.org> changes from the upstream
cvsdist b46e395
  3.0p1 spec file and init script
cvsdist 55bc91d
cvsdist b46e395
* Wed Nov  7 2001 Nalin Dahyabhai <nalin@redhat.com>
cvsdist b46e395
- update to 3.0p1
cvsdist b46e395
- update to x11-ssh-askpass 1.2.4.1
cvsdist b46e395
- change build dependency on a file from pam-devel to the pam-devel package
cvsdist b46e395
- replace primes with moduli
cvsdist 55bc91d
cvsdist 9383d50
* Thu Sep 27 2001 Nalin Dahyabhai <nalin@redhat.com> 2.9p2-9
cvsdist 9383d50
- incorporate fix from Markus Friedl's advisory for IP-based authorization bugs
cvsdist 9383d50
cvsdist 9383d50
* Thu Sep 13 2001 Bernhard Rosenkraenzer <bero@redhat.com> 2.9p2-8
cvsdist 9383d50
- Merge changes to rescue build from current sysadmin survival cd
cvsdist 9383d50
cvsdist fcc3005
* Thu Sep  6 2001 Nalin Dahyabhai <nalin@redhat.com> 2.9p2-7
cvsdist fcc3005
- fix scp's server's reporting of file sizes, and build with the proper
cvsdist fcc3005
  preprocessor define to get large-file capable open(), stat(), etc.
cvsdist fcc3005
  (sftp has been doing this correctly all along) (#51827)
cvsdist fcc3005
- configure without --with-ipv4-default on RHL 7.x and newer (#45987,#52247)
cvsdist fcc3005
- pull cvs patch to fix support for /etc/nologin for non-PAM logins (#47298)
cvsdist fcc3005
- mark profile.d scriptlets as config files (#42337)
cvsdist fcc3005
- refer to Jason Stone's mail for zsh workaround for exit-hanging quasi-bug
cvsdist fcc3005
- change a couple of log() statements to debug() statements (#50751)
cvsdist fcc3005
- pull cvs patch to add -t flag to sshd (#28611)
cvsdist fcc3005
- clear fd_sets correctly (one bit per FD, not one byte per FD) (#43221)
cvsdist fcc3005
cvsdist fcc3005
* Mon Aug 20 2001 Nalin Dahyabhai <nalin@redhat.com> 2.9p2-6
cvsdist 35482e8
- add db1-devel as a BuildPrerequisite (noted by Hans Ecke)
cvsdist 35482e8
cvsdist 35482e8
* Thu Aug 16 2001 Nalin Dahyabhai <nalin@redhat.com>
cvsdist 35482e8
- pull cvs patch to fix remote port forwarding with protocol 2
cvsdist 35482e8
cvsdist 628f20a
* Thu Aug  9 2001 Nalin Dahyabhai <nalin@redhat.com>
cvsdist 35482e8
- pull cvs patch to add session initialization to no-pty sessions
cvsdist b46e395
- pull cvs patch to not cut off challengeresponse auth needlessly
cvsdist 628f20a
- refuse to do X11 forwarding if xauth isn't there, handy if you enable
cvsdist 628f20a
  it by default on a system that doesn't have X installed (#49263)
cvsdist 628f20a
cvsdist 628f20a
* Wed Aug  8 2001 Nalin Dahyabhai <nalin@redhat.com>
cvsdist 628f20a
- don't apply patches to code we don't intend to build (spotted by Matt Galgoci)
cvsdist 628f20a
cvsdist 7d7b035
* Mon Aug  6 2001 Nalin Dahyabhai <nalin@redhat.com>
cvsdist 7d7b035
- pass OPTIONS correctly to initlog (#50151)
cvsdist 7d7b035
cvsdist 7d7b035
* Wed Jul 25 2001 Nalin Dahyabhai <nalin@redhat.com>
cvsdist 7d7b035
- switch to x11-ssh-askpass 1.2.2
cvsdist 7d7b035
cvsdist 7d7b035
* Wed Jul 11 2001 Nalin Dahyabhai <nalin@redhat.com>
cvsdist 7d7b035
- rebuild in new environment
cvsdist 7d7b035
cvsdist 7d7b035
* Mon Jun 25 2001 Nalin Dahyabhai <nalin@redhat.com>
cvsdist 7d7b035
- disable the gssapi patch
cvsdist 7d7b035
cvsdist 7d7b035
* Mon Jun 18 2001 Nalin Dahyabhai <nalin@redhat.com>
cvsdist 7d7b035
- update to 2.9p2
cvsdist 7d7b035
- refresh to a new version of the gssapi patch
cvsdist 7d7b035
cvsdist 7d7b035
* Thu Jun  7 2001 Nalin Dahyabhai <nalin@redhat.com>
cvsdist 7d7b035
- change Copyright: BSD to License: BSD
cvsdist 7d7b035
- add Markus Friedl's unverified patch for the cookie file deletion problem
cvsdist 7d7b035
  so that we can verify it
cvsdist 7d7b035
- drop patch to check if xauth is present (was folded into cookie patch)
cvsdist 7d7b035
- don't apply gssapi patches for the errata candidate
cvsdist 7d7b035
- clear supplemental groups list at startup
cvsdist 7d7b035
cvsdist 7d7b035
* Fri May 25 2001 Nalin Dahyabhai <nalin@redhat.com>
cvsdist 7d7b035
- fix an error parsing the new default sshd_config
cvsdist 7d7b035
- add a fix from Markus Friedl (via openssh-unix-dev) for ssh-keygen not
cvsdist 7d7b035
  dealing with comments right
cvsdist 7d7b035
cvsdist 7d7b035
* Thu May 24 2001 Nalin Dahyabhai <nalin@redhat.com>
cvsdist 7d7b035
- add in Simon Wilkinson's GSSAPI patch to give it some testing in-house,
cvsdist 7d7b035
  to be removed before the next beta cycle because it's a big departure
cvsdist 7d7b035
  from the upstream version
cvsdist 7d7b035
cvsdist 7d7b035
* Thu May  3 2001 Nalin Dahyabhai <nalin@redhat.com>
cvsdist 7d7b035
- finish marking strings in the init script for translation
cvsdist 7d7b035
- modify init script to source /etc/sysconfig/sshd and pass $OPTIONS to sshd
cvsdist 7d7b035
  at startup (change merged from openssh.com init script, originally by
cvsdist 7d7b035
  Pekka Savola)
cvsdist 7d7b035
- refuse to do X11 forwarding if xauth isn't there, handy if you enable
cvsdist 7d7b035
  it by default on a system that doesn't have X installed
cvsdist 7d7b035
cvsdist 7d7b035
* Wed May  2 2001 Nalin Dahyabhai <nalin@redhat.com>
cvsdist 7d7b035
- update to 2.9
cvsdist 7d7b035
- drop various patches that came from or went upstream or to or from CVS
cvsdist 7d7b035
cvsdist 7d7b035
* Wed Apr 18 2001 Nalin Dahyabhai <nalin@redhat.com>
cvsdist 7d7b035
- only require initscripts 5.00 on 6.2 (reported by Peter Bieringer)
cvsdist 7d7b035
cvsdist 4135ab2
* Sun Apr  8 2001 Preston Brown <pbrown@redhat.com>
cvsdist 4135ab2
- remove explicit openssl requirement, fixes builddistro issue
cvsdist 4135ab2
- make initscript stop() function wait until sshd really dead to avoid 
cvsdist 4135ab2
  races in condrestart
cvsdist 43f95f0
cvsdist 4135ab2
* Mon Apr  2 2001 Nalin Dahyabhai <nalin@redhat.com>
cvsdist 4135ab2
- mention that challengereponse supports PAM, so disabling password doesn't
cvsdist 4135ab2
  limit users to pubkey and rsa auth (#34378)
cvsdist b46e395
- bypass the daemon() function in the init script and call initlog directly,
cvsdist b46e395
  because daemon() won't start a daemon it detects is already running (like
cvsdist b46e395
  open connections)
cvsdist 4135ab2
- require the version of openssl we had when we were built
cvsdist 43f95f0
cvsdist 43f95f0
* Fri Mar 23 2001 Nalin Dahyabhai <nalin@redhat.com>
cvsdist 43f95f0
- make do_pam_setcred() smart enough to know when to establish creds and
cvsdist 43f95f0
  when to reinitialize them
cvsdist 43f95f0
- add in a couple of other fixes from Damien for inclusion in the errata
cvsdist 43f95f0
cvsdist 43f95f0
* Thu Mar 22 2001 Nalin Dahyabhai <nalin@redhat.com>
cvsdist 43f95f0
- update to 2.5.2p2
cvsdist 43f95f0
- call setcred() again after initgroups, because the "creds" could actually
cvsdist 43f95f0
  be group memberships
cvsdist 43f95f0
cvsdist 43f95f0
* Tue Mar 20 2001 Nalin Dahyabhai <nalin@redhat.com>
cvsdist 43f95f0
- update to 2.5.2p1 (includes endianness fixes in the rijndael implementation)
cvsdist 43f95f0
- don't enable challenge-response by default until we find a way to not
cvsdist 43f95f0
  have too many userauth requests (we may make up to six pubkey and up to
cvsdist 43f95f0
  three password attempts as it is)
cvsdist 43f95f0
- remove build dependency on rsh to match openssh.com's packages more closely
cvsdist 43f95f0
cvsdist 43f95f0
* Sat Mar  3 2001 Nalin Dahyabhai <nalin@redhat.com>
cvsdist 43f95f0
- remove dependency on openssl -- would need to be too precise
cvsdist 43f95f0
cvsdist 43f95f0
* Fri Mar  2 2001 Nalin Dahyabhai <nalin@redhat.com>
cvsdist 43f95f0
- rebuild in new environment
cvsdist 43f95f0
cvsdist 43f95f0
* Mon Feb 26 2001 Nalin Dahyabhai <nalin@redhat.com>
cvsdist 43f95f0
- Revert the patch to move pam_open_session.
cvsdist 43f95f0
- Init script and spec file changes from Pekka Savola. (#28750)
cvsdist 43f95f0
- Patch sftp to recognize '-o protocol' arguments. (#29540)
cvsdist 43f95f0
cvsdist 43f95f0
* Thu Feb 22 2001 Nalin Dahyabhai <nalin@redhat.com>
cvsdist 43f95f0
- Chuck the closing patch.
cvsdist 43f95f0
- Add a trigger to add host keys for protocol 2 to the config file, now that
cvsdist 43f95f0
  configuration file syntax requires us to specify it with HostKey if we
cvsdist 43f95f0
  specify any other HostKey values, which we do.
cvsdist 43f95f0
cvsdist 43f95f0
* Tue Feb 20 2001 Nalin Dahyabhai <nalin@redhat.com>
cvsdist 43f95f0
- Redo patch to move pam_open_session after the server setuid()s to the user.
cvsdist 43f95f0
- Rework the nopam patch to use be picked up by autoconf.
cvsdist 43f95f0
cvsdist 43f95f0
* Mon Feb 19 2001 Nalin Dahyabhai <nalin@redhat.com>
cvsdist 43f95f0
- Update for 2.5.1p1.
cvsdist 43f95f0
- Add init script mods from Pekka Savola.
cvsdist 43f95f0
- Tweak the init script to match the CVS contrib script more closely.
cvsdist 43f95f0
- Redo patch to ssh-add to try to adding both identity and id_dsa to also try
cvsdist 43f95f0
  adding id_rsa.
cvsdist 43f95f0
cvsdist 43f95f0
* Fri Feb 16 2001 Nalin Dahyabhai <nalin@redhat.com>
cvsdist 43f95f0
- Update for 2.5.0p1.
cvsdist 43f95f0
- Use $RPM_OPT_FLAGS instead of -O when building gnome-ssh-askpass
cvsdist 43f95f0
- Resync with parts of Damien Miller's openssh.spec from CVS, including
cvsdist 43f95f0
  update of x11 askpass to 1.2.0.
cvsdist 43f95f0
- Only require openssl (don't prereq) because we generate keys in the init
cvsdist 43f95f0
  script now.
cvsdist 43f95f0
cvsdist 43f95f0
* Tue Feb 13 2001 Nalin Dahyabhai <nalin@redhat.com>
cvsdist 43f95f0
- Don't open a PAM session until we've forked and become the user (#25690).
cvsdist 43f95f0
- Apply Andrew Bartlett's patch for letting pam_authenticate() know which
cvsdist 43f95f0
  host the user is attempting a login from.
cvsdist 43f95f0
- Resync with parts of Damien Miller's openssh.spec from CVS.
cvsdist 43f95f0
- Don't expose KbdInt responses in debug messages (from CVS).
cvsdist 43f95f0
- Detect and handle errors in rsa_{public,private}_decrypt (from CVS).
cvsdist 43f95f0
cvsdist 4135ab2
* Wed Feb  7 2001 Trond Eivind Glomsrxd <teg@redhat.com>
cvsdist 43f95f0
- i18n-tweak to initscript.
cvsdist 43f95f0
cvsdist 43f95f0
* Tue Jan 23 2001 Nalin Dahyabhai <nalin@redhat.com>
cvsdist 43f95f0
- More gettextizing.
cvsdist 43f95f0
- Close all files after going into daemon mode (needs more testing).
cvsdist 43f95f0
- Extract patch from CVS to handle auth banners (in the client).
cvsdist 43f95f0
- Extract patch from CVS to handle compat weirdness.
cvsdist 43f95f0
cvsdist 43f95f0
* Fri Jan 19 2001 Nalin Dahyabhai <nalin@redhat.com>
cvsdist 43f95f0
- Finish with the gettextizing.
cvsdist 43f95f0
cvsdist 43f95f0
* Thu Jan 18 2001 Nalin Dahyabhai <nalin@redhat.com>
cvsdist 43f95f0
- Fix a bug in auth2-pam.c (#23877)
cvsdist 43f95f0
- Gettextize the init script.
cvsdist 43f95f0
cvsdist 43f95f0
* Wed Dec 20 2000 Nalin Dahyabhai <nalin@redhat.com>
cvsdist 43f95f0
- Incorporate a switch for using PAM configs for 6.x, just in case.
cvsdist 43f95f0
cvsdist 43f95f0
* Tue Dec  5 2000 Nalin Dahyabhai <nalin@redhat.com>
cvsdist 43f95f0
- Incorporate Bero's changes for a build specifically for rescue CDs.
cvsdist 43f95f0
cvsdist 43f95f0
* Wed Nov 29 2000 Nalin Dahyabhai <nalin@redhat.com>
cvsdist 43f95f0
- Don't treat pam_setcred() failure as fatal unless pam_authenticate() has
cvsdist 43f95f0
  succeeded, to allow public-key authentication after a failure with "none"
cvsdist 43f95f0
  authentication.  (#21268)
cvsdist 43f95f0
cvsdist 43f95f0
* Tue Nov 28 2000 Nalin Dahyabhai <nalin@redhat.com>
cvsdist 43f95f0
- Update to x11-askpass 1.1.1. (#21301)
cvsdist 43f95f0
- Don't second-guess fixpaths, which causes paths to get fixed twice. (#21290)
cvsdist 43f95f0
cvsdist 43f95f0
* Mon Nov 27 2000 Nalin Dahyabhai <nalin@redhat.com>
cvsdist 43f95f0
- Merge multiple PAM text messages into subsequent prompts when possible when
cvsdist 43f95f0
  doing keyboard-interactive authentication.
cvsdist 43f95f0
cvsdist 43f95f0
* Sun Nov 26 2000 Nalin Dahyabhai <nalin@redhat.com>
cvsdist 43f95f0
- Disable the built-in MD5 password support.  We're using PAM.
cvsdist 43f95f0
- Take a crack at doing keyboard-interactive authentication with PAM, and
cvsdist 43f95f0
  enable use of it in the default client configuration so that the client
cvsdist 43f95f0
  will try it when the server disallows password authentication.
cvsdist 43f95f0
- Build with debugging flags.  Build root policies strip all binaries anyway.
cvsdist 43f95f0
cvsdist f28bf6e
* Tue Nov 21 2000 Nalin Dahyabhai <nalin@redhat.com>
cvsdist f28bf6e
- Use DESTDIR instead of %%makeinstall.
cvsdist f28bf6e
- Remove /usr/X11R6/bin from the path-fixing patch.
cvsdist f28bf6e
cvsdist f28bf6e
* Mon Nov 20 2000 Nalin Dahyabhai <nalin@redhat.com>
cvsdist f28bf6e
- Add the primes file from the latest snapshot to the main package (#20884).
cvsdist f28bf6e
- Add the dev package to the prereq list (#19984).
cvsdist f28bf6e
- Remove the default path and mimic login's behavior in the server itself.
cvsdist f28bf6e
cvsdist f28bf6e
* Fri Nov 17 2000 Nalin Dahyabhai <nalin@redhat.com>
cvsdist f28bf6e
- Resync with conditional options in Damien Miller's .spec file for an errata.
cvsdist f28bf6e
- Change libexecdir from %%{_libexecdir}/ssh to %%{_libexecdir}/openssh.
cvsdist f28bf6e
cvsdist f28bf6e
* Tue Nov  7 2000 Nalin Dahyabhai <nalin@redhat.com>
cvsdist f28bf6e
- Update to OpenSSH 2.3.0p1.
cvsdist f28bf6e
- Update to x11-askpass 1.1.0.
cvsdist f28bf6e
- Enable keyboard-interactive authentication.
cvsdist f28bf6e
cvsdist f28bf6e
* Mon Oct 30 2000 Nalin Dahyabhai <nalin@redhat.com>
cvsdist f28bf6e
- Update to ssh-askpass-x11 1.0.3.
cvsdist f28bf6e
- Change authentication related messages to be private (#19966).
cvsdist f28bf6e
cvsdist f28bf6e
* Tue Oct 10 2000 Nalin Dahyabhai <nalin@redhat.com>
cvsdist f28bf6e
- Patch ssh-keygen to be able to list signatures for DSA public key files
cvsdist f28bf6e
  it generates.
cvsdist f28bf6e
cvsdist 3287400
* Thu Oct  5 2000 Nalin Dahyabhai <nalin@redhat.com>
cvsdist 3287400
- Add BuildPreReq on /usr/include/security/pam_appl.h to be sure we always
cvsdist 3287400
  build PAM authentication in.
cvsdist 3287400
- Try setting SSH_ASKPASS if gnome-ssh-askpass is installed.
cvsdist 3287400
- Clean out no-longer-used patches.
cvsdist 3287400
- Patch ssh-add to try to add both identity and id_dsa, and to error only
cvsdist 3287400
  when neither exists.
cvsdist 3287400
cvsdist 3287400
* Mon Oct  2 2000 Nalin Dahyabhai <nalin@redhat.com>
cvsdist 3287400
- Update x11-askpass to 1.0.2. (#17835)
cvsdist 3287400
- Add BuildPreReqs for /bin/login and /usr/bin/rsh so that configure will
cvsdist 3287400
  always find them in the right place. (#17909)
cvsdist 3287400
- Set the default path to be the same as the one supplied by /bin/login, but
cvsdist 3287400
  add /usr/X11R6/bin. (#17909)
cvsdist 3287400
- Try to handle obsoletion of ssh-server more cleanly.  Package names
cvsdist 3287400
  are different, but init script name isn't. (#17865)
cvsdist 3287400
cvsdist 3287400
* Wed Sep  6 2000 Nalin Dahyabhai <nalin@redhat.com>
cvsdist 3287400
- Update to 2.2.0p1. (#17835)
cvsdist 3287400
- Tweak the init script to allow proper restarting. (#18023)
cvsdist 3287400
cvsdist 3287400
* Wed Aug 23 2000 Nalin Dahyabhai <nalin@redhat.com>
cvsdist 3287400
- Update to 20000823 snapshot.
cvsdist 3287400
- Change subpackage requirements from %%{version} to %%{version}-%%{release}
cvsdist 3287400
- Back out the pipe patch.
cvsdist 3287400
cvsdist f710772
* Mon Jul 17 2000 Nalin Dahyabhai <nalin@redhat.com>
cvsdist f710772
- Update to 2.1.1p4, which includes fixes for config file parsing problems.
cvsdist f710772
- Move the init script back.
cvsdist f710772
- Add Damien's quick fix for wackiness.
cvsdist f710772
cvsdist f710772
* Wed Jul 12 2000 Nalin Dahyabhai <nalin@redhat.com>
cvsdist f710772
- Update to 2.1.1p3, which includes fixes for X11 forwarding and strtok().
cvsdist f710772
cvsdist f710772
* Thu Jul  6 2000 Nalin Dahyabhai <nalin@redhat.com>
cvsdist f710772
- Move condrestart to server postun.
cvsdist f710772
- Move key generation to init script.
cvsdist f710772
- Actually use the right patch for moving the key generation to the init script.
cvsdist f710772
- Clean up the init script a bit.
cvsdist f710772
cvsdist f710772
* Wed Jul  5 2000 Nalin Dahyabhai <nalin@redhat.com>
cvsdist f710772
- Fix X11 forwarding, from mail post by Chan Shih-Ping Richard.
cvsdist f710772
cvsdist f710772
* Sun Jul  2 2000 Nalin Dahyabhai <nalin@redhat.com>
cvsdist f710772
- Update to 2.1.1p2.
cvsdist f710772
- Use of strtok() considered harmful.
cvsdist f710772
cvsdist f710772
* Sat Jul  1 2000 Nalin Dahyabhai <nalin@redhat.com>
cvsdist f710772
- Get the build root out of the man pages.
cvsdist f710772
cvsdist f710772
* Thu Jun 29 2000 Nalin Dahyabhai <nalin@redhat.com>
cvsdist f710772
- Add and use condrestart support in the init script.
cvsdist f710772
- Add newer initscripts as a prereq.
cvsdist f710772
cvsdist f710772
* Tue Jun 27 2000 Nalin Dahyabhai <nalin@redhat.com>
cvsdist f710772
- Build in new environment (release 2)
cvsdist f710772
- Move -clients subpackage to Applications/Internet group
cvsdist f710772
cvsdist f710772
* Fri Jun  9 2000 Nalin Dahyabhai <nalin@redhat.com>
cvsdist f710772
- Update to 2.2.1p1
cvsdist f710772
cvsdist f710772
* Sat Jun  3 2000 Nalin Dahyabhai <nalin@redhat.com>
cvsdist f710772
- Patch to build with neither RSA nor RSAref.
cvsdist f710772
- Miscellaneous FHS-compliance tweaks.
cvsdist f710772
- Fix for possibly-compressed man pages.
cvsdist f710772
cvsdist f710772
* Wed Mar 15 2000 Damien Miller <djm@ibs.com.au>
cvsdist f710772
- Updated for new location
cvsdist f710772
- Updated for new gnome-ssh-askpass build
cvsdist f710772
cvsdist f710772
* Sun Dec 26 1999 Damien Miller <djm@mindrot.org>
cvsdist f710772
- Added Jim Knoble's <jmknoble@pobox.com> askpass
cvsdist f710772
cvsdist f710772
* Mon Nov 15 1999 Damien Miller <djm@mindrot.org>
cvsdist f710772
- Split subpackages further based on patch from jim knoble <jmknoble@pobox.com>
cvsdist f710772
cvsdist f710772
* Sat Nov 13 1999 Damien Miller <djm@mindrot.org>
cvsdist f710772
- Added 'Obsoletes' directives
cvsdist f710772
cvsdist f710772
* Tue Nov 09 1999 Damien Miller <djm@ibs.com.au>
cvsdist f710772
- Use make install
cvsdist f710772
- Subpackages
cvsdist f710772
cvsdist f710772
* Mon Nov 08 1999 Damien Miller <djm@ibs.com.au>
cvsdist f710772
- Added links for slogin
cvsdist f710772
- Fixed perms on manpages
cvsdist f710772
cvsdist f710772
* Sat Oct 30 1999 Damien Miller <djm@ibs.com.au>
cvsdist f710772
- Renamed init script
cvsdist f710772
cvsdist f710772
* Fri Oct 29 1999 Damien Miller <djm@ibs.com.au>
cvsdist f710772
- Back to old binary names
cvsdist f710772
cvsdist f710772
* Thu Oct 28 1999 Damien Miller <djm@ibs.com.au>
cvsdist f710772
- Use autoconf
cvsdist f710772
- New binary names
cvsdist f710772
cvsdist f710772
* Wed Oct 27 1999 Damien Miller <djm@ibs.com.au>
cvsdist f710772
- Initial RPMification, based on Jan "Yenya" Kasprzak's <kas@fi.muni.cz> spec.