- put back the possibility to skip SELinux patch

- add patch for user login auditing by Steve Grubb
This commit is contained in:
Tomáš Mráz 2005-10-28 16:02:53 +00:00
parent 5312560fd5
commit fc72c21070

View File

@ -1,4 +1,9 @@
%define WITH_SELINUX 1 %define WITH_SELINUX 1
%if %{WITH_SELINUX}
# Audit patch applicable only over SELinux patch
%define WITH_AUDIT 1
%endif
# OpenSSH privilege separation requires a user & group ID # OpenSSH privilege separation requires a user & group ID
%define sshd_uid 74 %define sshd_uid 74
%define sshd_gid 74 %define sshd_gid 74
@ -71,7 +76,7 @@
Summary: The OpenSSH implementation of SSH protocol versions 1 and 2. Summary: The OpenSSH implementation of SSH protocol versions 1 and 2.
Name: openssh Name: openssh
Version: 4.2p1 Version: 4.2p1
%define rel 4 %define rel 5
%if %{rescue} %if %{rescue}
Release: %{rel}rescue Release: %{rel}rescue
%else %else
@ -93,6 +98,7 @@ Patch3: openssh-3.8.1p1-krb5-config.patch
Patch4: openssh-4.0p1-vendor.patch Patch4: openssh-4.0p1-vendor.patch
Patch5: openssh-3.9p1-noinitlog.patch Patch5: openssh-3.9p1-noinitlog.patch
Patch12: openssh-selinux.patch Patch12: openssh-selinux.patch
Patch16: openssh-4.2p1-audit.patch
Patch20: openssh-3.9p1-gssapimitm.patch Patch20: openssh-3.9p1-gssapimitm.patch
Patch21: openssh-3.9p1-safe-stop.patch Patch21: openssh-3.9p1-safe-stop.patch
Patch22: openssh-3.9p1-askpass-keep-above.patch Patch22: openssh-3.9p1-askpass-keep-above.patch
@ -147,8 +153,15 @@ BuildPreReq: XFree86-devel
BuildPreReq: krb5-devel BuildPreReq: krb5-devel
%endif %endif
%if %{WITH_SELINUX}
Requires: libselinux >= 1.27.7 Requires: libselinux >= 1.27.7
BuildRequires: libselinux-devel >= 1.27.7 BuildRequires: libselinux-devel >= 1.27.7
%endif
%if %{WITH_AUDIT}
Requires: audit-libs >= 1.0.8
BuildRequires: audit-libs >= 1.0.8
%endif
%package clients %package clients
Summary: OpenSSH clients. Summary: OpenSSH clients.
@ -228,7 +241,16 @@ environment.
%patch3 -p1 -b .krb5-config %patch3 -p1 -b .krb5-config
%patch4 -p1 -b .vendor %patch4 -p1 -b .vendor
%patch5 -p1 -b .noinitlog %patch5 -p1 -b .noinitlog
%if %{WITH_SELINUX}
#SELinux
%patch12 -p1 -b .selinux %patch12 -p1 -b .selinux
%endif
%if %{WITH_AUDIT}
%patch16 -p1 -b .audit
%endif
#%patch20 -p0 -b .gssapimitm #%patch20 -p0 -b .gssapimitm
%patch21 -p1 -b .safe-stop %patch21 -p1 -b .safe-stop
%patch22 -p1 -b .keep-above %patch22 -p1 -b .keep-above
@ -297,7 +319,12 @@ fi
%else %else
--with-pam \ --with-pam \
%endif %endif
%if %{WITH_SELINUX}
--with-selinux \ --with-selinux \
%endif
%if %{WITH_AUDIT}
--with-linux-audit \
%endif
%if %{kerberos5} %if %{kerberos5}
--with-kerberos5${krb5_prefix:+=${krb5_prefix}} --with-kerberos5${krb5_prefix:+=${krb5_prefix}}
%else %else
@ -514,6 +541,10 @@ fi
%endif %endif
%changelog %changelog
* Fri Oct 28 2005 Tomas Mraz <tmraz@redhat.com> 4.2p1-5
- put back the possibility to skip SELinux patch
- add patch for user login auditing by Steve Grubb
* Tue Oct 18 2005 Dan Walsh <dwalsh@redhat.com> 4.2p1-4 * Tue Oct 18 2005 Dan Walsh <dwalsh@redhat.com> 4.2p1-4
- Change selinux patch to use get_default_context_with_rolelevel in libselinux. - Change selinux patch to use get_default_context_with_rolelevel in libselinux.