OpenSSH 3.4 rpm spec file for redhat

From: Kurt Seifried (bugtraq@seifried.org)
Date: 07/02/02


From: "Kurt Seifried" <bugtraq@seifried.org>
To: <focus-linux@securityfocus.com>
Date: Mon, 1 Jul 2002 17:35:56 -0600

Red Hat will not be issuing OpenSSH 3.4 packages for Red Hat 7.x (can't say
that I blame them, customer support would be a nightmare). Unfortunately I
really wanted OpenSSH 3.4 on my server systems (privsep, all the bug fixes,
etc.). I modifed the Red Hat spec file slightly, you will need that, the
source RPM from Red hat, and the source code for OpenSSH 3.4 portable. I
have disabled askpass/gnome stuff, this is aimed at servers, not clients.

wget
http://seifried.org/security/os/linux/redhat/seifried-redhat-openssh.spec
wget ftp://updates.redhat.com/7.3/en/os/SRPMS/openssh-3.1p1-6.src.rpm
wget ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-3.4p1.tar.gz

rpm -Uvh openssh-3.1p1-6.src.rpm
cp openssh-3.4p1.tar.gz /usr/src/redhat/SOURCES/
cp seifried-redhat-openssh.spec /usr/src/redhat/SPECS/

cd /usr/src/redhat/SPECS/
rpm -ba seifried-redhat-openssh.spec

... wait for it to compile, hopefully without errors and you should have:

/usr/src/redhat/RPMS/i386/openssh-3.4p1-1.i386.rpm
/usr/src/redhat/RPMS/i386/openssh-clients-3.4p1-1.i386.rpm
/usr/src/redhat/RPMS/i386/openssh-server-3.4p1-1.i386.rpm
/usr/src/redhat/SRPMS/openssh-3.4p1-1.src.rpm

rpm -Fvh /usr/src/redhat/RPMS/i386/*ssh*3.4*

It will not overwrite sshd_config or ssh_config, you will probably need to
edit and copy the .rpmnew ones if you've done any tweaking. Please for the
love of all that is holy DO NOT DEPLOY ON REMOTE PRODUCTION SERVERS UNTIL
YOU HAVE TESTED IT ON A LOCAL MACHINE. I cannot stress this enough. If it
breaks I'll let you keep all the pieces.

These instructions are also available at:
http://seifried.org/security/os/linux/redhat/20020701-rh7x-openssh-34.html

Fromt he spec file:

* Mon Jul 1 2002 Kurt Seifried <kurt@seifried.org> 3.4p1
- creates sshd user and group, creates /var/empty directory
- imported openssh-3.4p1 portable source, removed various conflicting
patches
- turned off askpass, gnome stuff, this rpm is aimed at servers
- USE AT YOUR OWN RISK

Kurt Seifried, kurt@seifried.org
A15B BEE5 B391 B9AD B0EF
AEB0 AD63 0B4E AD56 E574
http://seifried.org/security/
http://www.iDefense.com/



Relevant Pages

  • [RHSA-2002:127-18] Updated OpenSSH packages fix various security issues
    ... These updates fix an input validation error in OpenSSH. ... OpenSSH on Red Hat Linux is vulnerable to this issue; ... errata packages which are based on OpenSSH 3.1p1. ... where is a list of the RPMs you wish to upgrade. ...
    (Bugtraq)
  • Re: How do you know?
    ... > Pretty much everyone here has made the choice to use Fedora over the other ... > I used to run SuSE on all my servers and Red Hat on my ... > the server side tools made it the best choice for servers. ... > Then came an ill fated day when I build two brand new DNS servers on SuSE ...
    (Fedora)
  • Re: How do you know?
    ... > Pretty much everyone here has made the choice to use Fedora over the other ... > I used to run SuSE on all my servers and Red Hat on my ... > the server side tools made it the best choice for servers. ... > Then came an ill fated day when I build two brand new DNS servers on SuSE ...
    (Fedora)
  • Re: How do you know?
    ... > Pretty much everyone here has made the choice to use Fedora over the other ... > I used to run SuSE on all my servers and Red Hat on my ... > the server side tools made it the best choice for servers. ... > Then came an ill fated day when I build two brand new DNS servers on SuSE ...
    (Fedora)
  • HELP: Worst ever RPM spec files needed
    ... Red Hat announced the full agenda for the Red Hat Summit ... RPM specfiles that have ever been created. ... Fedora Extras Steering Committee Member (RPM Standards and Practices) ...
    (Fedora)