Another round of testing calls. (redhat/openssh.spec)
Pekka Savola
pekkas at netcore.fi
Thu Oct 25 05:03:19 EST 2001
On Tue, 23 Oct 2001 mouring at etoh.eviladmin.org wrote:
> Outside the known 'Hang-on-exit' bug and the Solaris 'PAM_TTY_KLUDGE'
> required. *WHAT* other issues *MUST* be address before 3.0 which is
> approaching fast?
I'm not saying MUST, but I've been trying to suggest a few modifications
(under the OpenSSL_free thread) to contrib/redhat/openssh.spec for some
time now. I've yet to receive a reply.
Here's a full diff. It does:
1) As sshd -t is used when restarting sshd with RH scripts now,
sshd_config is better marked with noreplace as all config files should.
2) '--with-ipv4-default' is removed; it's a major release after all. I
haven't noticed any problems with this (and a lot of Linux distros already
do it, including Red Hat), and if you'd have to run 'sshd -6', IPv4 port
forwarding through mapped addresses won't work.
Caveat: if you haven't patched your tcp_wrappers for IPv6, and IPv6 is
enabled with SSHD, and you have access controls, you won't be let in even
with IPv4 (connections seem to originate from 0.0.0.0 vs.
::ffff:ipv4addr). I don't see this as a huge problem, as you have to have
IPv6 enabled. E.g. RHL72 already has patched tcp_wrappers.
3) Building appears to rely on the existance of openssl >= 0.9.6
(OPENSSL_free function). Mark the requirement there.
--
Pekka Savola "Tell me of difficulties surmounted,
Netcore Oy not those you stumble over and fall"
Systems. Networks. Security. -- Robert Jordan: A Crown of Swords
-------------- next part --------------
Index: contrib/redhat/openssh.spec
===================================================================
RCS file: /cvs/openssh_cvs/contrib/redhat/openssh.spec,v
retrieving revision 1.89
diff -u -r1.89 openssh.spec
--- contrib/redhat/openssh.spec 2001/10/24 05:36:55 1.89
+++ contrib/redhat/openssh.spec 2001/10/24 19:07:22
@@ -52,7 +52,7 @@
Group: Applications/Internet
BuildRoot: %{_tmppath}/%{name}-%{version}-buildroot
Obsoletes: ssh
-BuildPreReq: perl, openssl-devel, tcp_wrappers
+BuildPreReq: perl, openssl-devel >= 0.9.6, tcp_wrappers
BuildPreReq: /bin/login, /usr/include/security/pam_appl.h
BuildPreReq: rpm >= 3.0.5
%if ! %{no_x11_askpass}
@@ -62,9 +62,9 @@
BuildPreReq: gnome-libs-devel
%endif
%if ! %{static_libcrypto}
-PreReq: openssl >= 0.9.5a
+PreReq: openssl >= 0.9.6
PreReq: openssl = %{exact_openssl_version}
-Requires: openssl >= 0.9.5a
+Requires: openssl >= 0.9.6
%endif
Requires: rpm >= 3.0.5
@@ -155,7 +155,6 @@
--datadir=%{_datadir}/openssh \
--with-pam \
--with-tcp-wrappers \
- --with-ipv4-default \
--with-rsh=/usr/bin/rsh \
--with-default-path=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin \
$EXTRA_OPTS
@@ -264,8 +263,7 @@
%attr(0755,root,root) %{_libexecdir}/openssh/sftp-server
%attr(0644,root,root) %{_mandir}/man8/sshd.8*
%attr(0644,root,root) %{_mandir}/man8/sftp-server.8*
-#%attr(0600,root,root) %config(noreplace) %{_sysconfdir}/sshd_config
-%attr(0600,root,root) %config %{_sysconfdir}/sshd_config
+%attr(0600,root,root) %config(noreplace) %{_sysconfdir}/sshd_config
%attr(0600,root,root) %config(noreplace) /etc/pam.d/sshd
%attr(0755,root,root) %config /etc/rc.d/init.d/sshd
More information about the openssh-unix-dev
mailing list