Summary: Restricted shell for ssh based file services Name: scponly Version: 4.8 Release: 5 License: BSD Group: Applications/Internet URL: http://sublimation.org/scponly/ Source: http://downloads.sf.net/scponly/scponly-%{version}.tgz Patch0: scponly-install.patch Patch1: scponly-4.8-elif-gcc44.patch BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) # Checks only for location of binaries BuildRequires: openssh-clients >= 3.4 BuildRequires: openssh-server BuildRequires: rsync %description scponly is an alternative 'shell' for system administrators who would like to provide access to remote users to both read and write local files without providing any remote execution priviledges. Functionally, it is best described as a wrapper to the "tried and true" ssh suite of applications. %prep %setup -q %patch0 -p1 %patch1 -p1 %build # config.guess in tarball lacks ppc64 cp -p /usr/lib/rpm/config.{guess,sub} . %configure \ --enable-scp-compat \ --enable-winscp-compat \ --enable-chrooted-binary # --enable-svn-compat \ # --enable-quota-compat \ # --enable-rsync-compat %{__make} %{?_smp_mflags} \ OPTS="%{optflags}" # Remove executable bit so the debuginfo does not hae executable source files chmod 0644 scponly.c scponly.h helper.c %install %{__rm} -rf %{buildroot} # sed -i "s|%{_prefix}/local/|%{_prefix}/|g" scponly.8* INSTALL README make install DESTDIR=%{buildroot} %clean %{__rm} -rf %{buildroot} %files %defattr(0644, root, root, 0755) %doc AUTHOR CHANGELOG CONTRIB COPYING INSTALL README TODO BUILDING-JAILS.TXT %doc SECURITY %defattr(-, root, root, 0755) %doc %{_mandir}/man8/scponly.8* %{_bindir}/scponly %{_sbindir}/scponlyc %dir %{_sysconfdir}/scponly/ %config(noreplace) %{_sysconfdir}/scponly/* %changelog * Tue Mar 17 2009 Scott R. Shinn - 4.8-5 - Initial import to atomic * Fri Feb 27 2009 Warren Togami - 4.8-4 - Fix gcc-4.4 build due to broken #elif - copy config.guess from /usr/lib/rpm so it builds on ppc64 * Wed Feb 25 2009 Fedora Release Engineering - 4.8-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild * Mon May 5 2008 Toshio Kuratomi - 4.8-1 - Update to 4.8 which has its own version of. scponly-4.6-CVE-2007-6415. * Wed Feb 13 2008 Tomas Hoger - 4.6-10 - Add patch to prevent restriction bypass using OpenSSH's scp options -F and -o (CVE-2007-6415, #426072) * Mon Feb 11 2008 Warren Togami - 4.6-9 - rebuild with gcc-4.3 * Tue Dec 11 2007 Toshio Kuratomi - 4.6-8 - Disable rsync support due to security concerns: RH BZ#418201 * Tue Aug 21 2007 Warren Togami - 4.6-7 - rebuild * Fri Sep 15 2006 Warren Togami - 4.6-6 - rebuild for FC6 * Tue Jun 27 2006 Toshio Kuratomi - 4.6-5 - Add BR: openssh-server so sftp-server is present. - Make source files nonexecutable so they are nonexecutable in debuginfo. - Mark the scponly configuration files as %%config. * Sun Jun 25 2006 Toshio Kuratomi - 4.6-4 - --enable-chrooted-binary creates a binary that will operate in a chroot environment. It does not manage creation and updating of a chroot jail. This is the user's responsibility. - Patch the Makefile.in to support install as a non-root user. * Sun Mar 19 2006 Warren Togami - 4.6-3 - --enable-winscp-compat seems necessary - --enable-rsync-compat seems useful too * Fri Feb 17 2006 Warren Togami - 4.6-1 - 4.6 - --enable-scp-compat so scp works upstream seems broken and no longer enables by default WinSCP 2.0 compatibilty is not enabled in this build * Mon Jan 02 2006 Warren Togami - 4.3-1 - security fixes - Gentoo's patch for optreset which is not supplied by glibc * Thu Nov 03 2005 Warren Togami - 4.1-6 - use macro in substitution * Tue Nov 01 2005 Warren Togami - 4.1-5 - BSD license - fix path to scponly binary in man and docs * Mon Oct 31 2005 Warren Togami - 4.1-4 - fix doc permissions * Fri Oct 28 2005 Warren Togami - 4.1-2 - various spec fixes (#171987) * Fri Oct 28 2005 Warren Togami - 4.1-1 - Fedora * Tue May 10 2005 Dag Wieers - 4.1-1 - 3051+/dag - Updated to release 4.1. * Thu Mar 03 2005 Dag Wieers - 4.0-1 - Initial package. (using DAR)