- improve selinux patch (by Jan Kiszka)

- upstream patch for buffer append space error (#191940)
- fixed typo in configure.ac (#198986)
- added pam_keyinit to pam configuration (#198628)
- improved error message when askpass dialog cannot grab keyboard input
    (#198332)
- buildrequires xauth instead of xorg-x11-xauth
- fixed a few rpmlint warnings
This commit is contained in:
Tomáš Mráz 2006-07-17 14:09:15 +00:00
parent d446e97b50
commit ef32423955
3 changed files with 64 additions and 23 deletions

View File

@ -1,6 +1,6 @@
--- openssh-4.2p1/contrib/redhat/sshd.pam.stack 2004-07-21 03:01:41.000000000 +0200 --- openssh-4.2p1/contrib/redhat/sshd.pam.stack 2004-07-21 03:01:41.000000000 +0200
+++ openssh-4.2p1/contrib/redhat/sshd.pam 2005-10-07 14:18:50.000000000 +0200 +++ openssh-4.2p1/contrib/redhat/sshd.pam 2005-10-07 14:18:50.000000000 +0200
@@ -1,6 +1,7 @@ @@ -1,6 +1,8 @@
#%PAM-1.0 #%PAM-1.0
-auth required pam_stack.so service=system-auth -auth required pam_stack.so service=system-auth
-auth required pam_nologin.so -auth required pam_nologin.so
@ -11,5 +11,6 @@
+account required pam_nologin.so +account required pam_nologin.so
+account include system-auth +account include system-auth
+password include system-auth +password include system-auth
+session optional pam_keyinit.so force revoke
+session include system-auth +session include system-auth
+session required pam_loginuid.so +session required pam_loginuid.so

View File

@ -0,0 +1,18 @@
--- openssh-4.3p2/contrib/gnome-ssh-askpass2.c.grab-info 2006-07-17 15:10:11.000000000 +0200
+++ openssh-4.3p2/contrib/gnome-ssh-askpass2.c 2006-07-17 15:25:04.000000000 +0200
@@ -65,9 +65,12 @@
err = gtk_message_dialog_new(NULL, 0,
GTK_MESSAGE_ERROR,
GTK_BUTTONS_CLOSE,
- "Could not grab %s. "
- "A malicious client may be eavesdropping "
- "on your session.", what);
+ "SSH password dialog could not grab the %s input.\n"
+ "This might be caused by application such as screensaver, "
+ "however it could also mean that someone may be eavesdropping "
+ "on your session.\n"
+ "Either close the application which grabs the %s or "
+ "log out and log in again to prevent this from happening.", what, what);
gtk_window_set_position(GTK_WINDOW(err), GTK_WIN_POS_CENTER);
gtk_label_set_line_wrap(GTK_LABEL((GTK_MESSAGE_DIALOG(err))->label),
TRUE);

View File

@ -55,10 +55,10 @@
%define kerberos5 0 %define kerberos5 0
%endif %endif
Summary: The OpenSSH implementation of SSH protocol versions 1 and 2. Summary: The OpenSSH implementation of SSH protocol versions 1 and 2
Name: openssh Name: openssh
Version: 4.3p2 Version: 4.3p2
%define rel 5.1 %define rel 6
%if %{rescue} %if %{rescue}
%define %{rel}rescue %define %{rel}rescue
%else %else
@ -89,36 +89,39 @@ Patch27: openssh-3.9p1-log-in-chroot.patch
Patch30: openssh-4.0p1-exit-deadlock.patch Patch30: openssh-4.0p1-exit-deadlock.patch
Patch31: openssh-3.9p1-skip-used.patch Patch31: openssh-3.9p1-skip-used.patch
Patch35: openssh-4.2p1-askpass-progress.patch Patch35: openssh-4.2p1-askpass-progress.patch
Patch36: openssh-4.3p2-buffer-len.patch
Patch37: openssh-4.3p2-configure-typo.patch
Patch38: openssh-4.3p2-askpass-grab-info.patch
License: BSD License: BSD
Group: Applications/Internet Group: Applications/Internet
BuildRoot: %{_tmppath}/%{name}-%{version}-buildroot BuildRoot: %{_tmppath}/%{name}-%{version}-buildroot
Obsoletes: ssh Obsoletes: ssh
Provides: ssh
%if %{nologin} %if %{nologin}
Requires: /sbin/nologin Requires: /sbin/nologin
%endif %endif
PreReq: initscripts >= 5.20 Requires: initscripts >= 5.20
%if ! %{no_gnome_askpass} %if ! %{no_gnome_askpass}
%if %{gtk2} %if %{gtk2}
BuildPreReq: gtk2-devel BuildRequires: gtk2-devel
BuildPreReq: libX11-devel BuildRequires: libX11-devel
%else %else
BuildPreReq: gnome-libs-devel BuildRequires: gnome-libs-devel
%endif %endif
%endif %endif
%if %{scard} %if %{scard}
BuildPreReq: sharutils BuildRequires: sharutils
%endif %endif
BuildPreReq: autoconf, automake, openssl-devel, perl, tcp_wrappers, zlib-devel BuildRequires: autoconf, automake, openssl-devel, perl, tcp_wrappers, zlib-devel
BuildPreReq: audit-libs-devel BuildRequires: audit-libs-devel
BuildPreReq: util-linux, groff, man BuildRequires: util-linux, groff, man
BuildRequires: pam-devel
BuildPreReq: pam-devel
%if %{kerberos5} %if %{kerberos5}
BuildPreReq: krb5-devel BuildRequires: krb5-devel
%endif %endif
%if %{WITH_SELINUX} %if %{WITH_SELINUX}
@ -131,25 +134,31 @@ Requires: audit-libs >= 1.0.8
BuildRequires: audit-libs >= 1.0.8 BuildRequires: audit-libs >= 1.0.8
%endif %endif
BuildRequires: xauth
%package clients %package clients
Summary: OpenSSH clients. Summary: The OpenSSH client applications
Requires: openssh = %{version}-%{release} Requires: openssh = %{version}-%{release}
Group: Applications/Internet Group: Applications/Internet
Obsoletes: ssh-clients Obsoletes: ssh-clients
Provides: ssh-clients
%package server %package server
Summary: The OpenSSH server daemon. Summary: The OpenSSH server daemon
Group: System Environment/Daemons Group: System Environment/Daemons
Obsoletes: ssh-server Obsoletes: ssh-server
PreReq: openssh = %{version}-%{release}, chkconfig >= 0.9, /usr/sbin/useradd Provides: ssh-server
Requires: openssh = %{version}-%{release}
Requires(post): chkconfig >= 0.9, /sbin/service
Requires(pre): /usr/sbin/useradd
Requires: /etc/pam.d/system-auth, /%{_lib}/security/pam_loginuid.so Requires: /etc/pam.d/system-auth, /%{_lib}/security/pam_loginuid.so
BuildRequires: xorg-x11-xauth
%package askpass %package askpass
Summary: A passphrase dialog for OpenSSH and X. Summary: A passphrase dialog for OpenSSH and X
Group: Applications/Internet Group: Applications/Internet
Requires: openssh = %{version}-%{release} Requires: openssh = %{version}-%{release}
Obsoletes: ssh-extras, openssh-askpass-gnome Obsoletes: ssh-extras, openssh-askpass-gnome
Provides: ssh-extras, openssh-askpass-gnome
%description %description
SSH (Secure SHell) is a program for logging into and executing SSH (Secure SHell) is a program for logging into and executing
@ -213,6 +222,9 @@ an X11 passphrase dialog for OpenSSH.
%patch30 -p1 -b .exit-deadlock %patch30 -p1 -b .exit-deadlock
%patch31 -p1 -b .skip-used %patch31 -p1 -b .skip-used
%patch35 -p1 -b .progress %patch35 -p1 -b .progress
%patch36 -p0 -b .buffer-len
%patch37 -p1 -b .typo
%patch38 -p1 -b .grab-info
autoreconf autoreconf
@ -399,7 +411,7 @@ fi
%attr(0755,root,root) %{_bindir}/ssh-keygen %attr(0755,root,root) %{_bindir}/ssh-keygen
%attr(0644,root,root) %{_mandir}/man1/ssh-keygen.1* %attr(0644,root,root) %{_mandir}/man1/ssh-keygen.1*
%attr(0755,root,root) %dir %{_libexecdir}/openssh %attr(0755,root,root) %dir %{_libexecdir}/openssh
%attr(4711,root,root) %{_libexecdir}/openssh/ssh-keysign %attr(4755,root,root) %{_libexecdir}/openssh/ssh-keysign
%attr(0644,root,root) %{_mandir}/man8/ssh-keysign.8* %attr(0644,root,root) %{_mandir}/man8/ssh-keysign.8*
%endif %endif
%if %{scard} %if %{scard}
@ -414,7 +426,7 @@ fi
%attr(0755,root,root) %{_bindir}/scp %attr(0755,root,root) %{_bindir}/scp
%attr(0644,root,root) %{_mandir}/man1/scp.1* %attr(0644,root,root) %{_mandir}/man1/scp.1*
%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/ssh/ssh_config %attr(0644,root,root) %config(noreplace) %{_sysconfdir}/ssh/ssh_config
%attr(-,root,root) %{_bindir}/slogin %attr(0755,root,root) %{_bindir}/slogin
%attr(0644,root,root) %{_mandir}/man1/slogin.1* %attr(0644,root,root) %{_mandir}/man1/slogin.1*
%attr(0644,root,root) %{_mandir}/man5/ssh_config.5* %attr(0644,root,root) %{_mandir}/man5/ssh_config.5*
%if ! %{rescue} %if ! %{rescue}
@ -433,7 +445,7 @@ fi
%if ! %{rescue} %if ! %{rescue}
%files server %files server
%defattr(-,root,root) %defattr(-,root,root)
%dir %attr(0111,root,root) %{_var}/empty/sshd %dir %attr(0711,root,root) %{_var}/empty/sshd
%attr(0755,root,root) %{_sbindir}/sshd %attr(0755,root,root) %{_sbindir}/sshd
%attr(0755,root,root) %{_libexecdir}/openssh/sftp-server %attr(0755,root,root) %{_libexecdir}/openssh/sftp-server
%attr(0644,root,root) %{_mandir}/man5/sshd_config.5* %attr(0644,root,root) %{_mandir}/man5/sshd_config.5*
@ -442,7 +454,7 @@ fi
%attr(0755,root,root) %dir %{_sysconfdir}/ssh %attr(0755,root,root) %dir %{_sysconfdir}/ssh
%attr(0600,root,root) %config(noreplace) %{_sysconfdir}/ssh/sshd_config %attr(0600,root,root) %config(noreplace) %{_sysconfdir}/ssh/sshd_config
%attr(0644,root,root) %config(noreplace) /etc/pam.d/sshd %attr(0644,root,root) %config(noreplace) /etc/pam.d/sshd
%attr(0755,root,root) %config /etc/rc.d/init.d/sshd %attr(0755,root,root) /etc/rc.d/init.d/sshd
%endif %endif
%if ! %{no_gnome_askpass} %if ! %{no_gnome_askpass}
@ -454,6 +466,16 @@ fi
%endif %endif
%changelog %changelog
* Mon Jul 17 2006 Tomas Mraz <tmraz@redhat.com> - 4.3p2-6
- improve selinux patch (by Jan Kiszka)
- upstream patch for buffer append space error (#191940)
- fixed typo in configure.ac (#198986)
- added pam_keyinit to pam configuration (#198628)
- improved error message when askpass dialog cannot grab
keyboard input (#198332)
- buildrequires xauth instead of xorg-x11-xauth
- fixed a few rpmlint warnings
* Wed Jul 12 2006 Jesse Keating <jkeating@redhat.com> - 4.3p2-5.1 * Wed Jul 12 2006 Jesse Keating <jkeating@redhat.com> - 4.3p2-5.1
- rebuild - rebuild