diff --git a/ChangeLog b/ChangeLog index 82e854541..cf282c7a1 100644 --- a/ChangeLog +++ b/ChangeLog @@ -3,6 +3,8 @@ the superuser receives. - (djm) Bug #231: UsePrivilegeSeparation turns off Banner. - (djm) Add --with-privsep-path configure option + - (djm) Update RPM spec file: different superuser path, use + /var/empty/sshd for privsep 20020511 - (tim) [configure.ac] applied a rework of djm's OpenSSL search cleanup patch. @@ -573,4 +575,4 @@ - (stevesk) entropy.c: typo in debug message - (djm) ssh-keygen -i needs seeded RNG; report from markus@ -$Id: ChangeLog,v 1.2109 2002/05/13 03:15:42 djm Exp $ +$Id: ChangeLog,v 1.2110 2002/05/13 03:26:57 djm Exp $ diff --git a/contrib/redhat/openssh.spec b/contrib/redhat/openssh.spec index e70f43893..e5b2ed894 100644 --- a/contrib/redhat/openssh.spec +++ b/contrib/redhat/openssh.spec @@ -175,6 +175,9 @@ CFLAGS="$RPM_OPT_FLAGS -Os"; export CFLAGS --datadir=%{_datadir}/openssh \ --with-tcp-wrappers \ --with-rsh=%{_bindir}/rsh \ + --with-default-path=/usr/local/bin:/bin:/usr/bin \ + --with-superuser-path=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin \ + --with-privsep-path=%{_var}/empty/sshd %if %{scard} --with-smartcard \ %endif @@ -187,6 +190,7 @@ CFLAGS="$RPM_OPT_FLAGS -Os"; export CFLAGS --with-pam --with-kerberos5=/usr/kerberos %endif + %if %{static_libcrypto} perl -pi -e "s|-lcrypto|%{_libdir}/libcrypto.a|g" Makefile %endif @@ -213,7 +217,7 @@ popd rm -rf $RPM_BUILD_ROOT mkdir -p -m755 $RPM_BUILD_ROOT%{_sysconfdir}/ssh mkdir -p -m755 $RPM_BUILD_ROOT%{_libexecdir}/openssh -mkdir -p -m755 $RPM_BUILD_ROOT%{_var}/run/empty-sshd +mkdir -p -m755 $RPM_BUILD_ROOT%{_var}/empty/sshd make install DESTDIR=$RPM_BUILD_ROOT @@ -275,7 +279,7 @@ fi %pre server %{_sbindir}/groupadd -r -g %{sshd_gid} sshd 2>/dev/null || : -%{_sbindir}/useradd -d /var/run/empty-sshd -s /bin/false -u %{sshd_uid} \ +%{_sbindir}/useradd -d /var/empty/sshd -s /bin/false -u %{sshd_uid} \ -g sshd -M -r sshd 2>/dev/null || : %post server @@ -329,7 +333,7 @@ fi %if ! %{rescue} %files server %defattr(-,root,root) -%dir %attr(0111,root,root) %{_var}/run/empty-sshd +%dir %attr(0111,root,root) %{_var}/empty/sshd %attr(0755,root,root) %{_sbindir}/sshd %attr(0755,root,root) %{_libexecdir}/openssh/sftp-server %attr(0644,root,root) %{_mandir}/man8/sshd.8*