OpenSSH 3.4 rpm spec file for redhat

From: Kurt Seifried (bugtraq@seifried.org)
Date: 07/02/02


From: "Kurt Seifried" <bugtraq@seifried.org>
To: <focus-linux@securityfocus.com>
Date: Mon, 1 Jul 2002 17:35:56 -0600

Red Hat will not be issuing OpenSSH 3.4 packages for Red Hat 7.x (can't say
that I blame them, customer support would be a nightmare). Unfortunately I
really wanted OpenSSH 3.4 on my server systems (privsep, all the bug fixes,
etc.). I modifed the Red Hat spec file slightly, you will need that, the
source RPM from Red hat, and the source code for OpenSSH 3.4 portable. I
have disabled askpass/gnome stuff, this is aimed at servers, not clients.

wget
http://seifried.org/security/os/linux/redhat/seifried-redhat-openssh.spec
wget ftp://updates.redhat.com/7.3/en/os/SRPMS/openssh-3.1p1-6.src.rpm
wget ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-3.4p1.tar.gz

rpm -Uvh openssh-3.1p1-6.src.rpm
cp openssh-3.4p1.tar.gz /usr/src/redhat/SOURCES/
cp seifried-redhat-openssh.spec /usr/src/redhat/SPECS/

cd /usr/src/redhat/SPECS/
rpm -ba seifried-redhat-openssh.spec

... wait for it to compile, hopefully without errors and you should have:

/usr/src/redhat/RPMS/i386/openssh-3.4p1-1.i386.rpm
/usr/src/redhat/RPMS/i386/openssh-clients-3.4p1-1.i386.rpm
/usr/src/redhat/RPMS/i386/openssh-server-3.4p1-1.i386.rpm
/usr/src/redhat/SRPMS/openssh-3.4p1-1.src.rpm

rpm -Fvh /usr/src/redhat/RPMS/i386/*ssh*3.4*

It will not overwrite sshd_config or ssh_config, you will probably need to
edit and copy the .rpmnew ones if you've done any tweaking. Please for the
love of all that is holy DO NOT DEPLOY ON REMOTE PRODUCTION SERVERS UNTIL
YOU HAVE TESTED IT ON A LOCAL MACHINE. I cannot stress this enough. If it
breaks I'll let you keep all the pieces.

These instructions are also available at:
http://seifried.org/security/os/linux/redhat/20020701-rh7x-openssh-34.html

Fromt he spec file:

* Mon Jul 1 2002 Kurt Seifried <kurt@seifried.org> 3.4p1
- creates sshd user and group, creates /var/empty directory
- imported openssh-3.4p1 portable source, removed various conflicting
patches
- turned off askpass, gnome stuff, this rpm is aimed at servers
- USE AT YOUR OWN RISK

Kurt Seifried, kurt@seifried.org
A15B BEE5 B391 B9AD B0EF
AEB0 AD63 0B4E AD56 E574
http://seifried.org/security/
http://www.iDefense.com/