1 |
jpp |
1.8 |
# $Id: e-smith-openssh.spec,v 1.7 2021/02/19 04:11:15 jpp Exp $ |
2 |
stephdl |
1.1 |
|
3 |
|
|
Summary: e-smith module to configure and enable ssh |
4 |
|
|
%define name e-smith-openssh |
5 |
|
|
Name: %{name} |
6 |
|
|
%define version 2.6.0 |
7 |
jpp |
1.7 |
%define release 5 |
8 |
stephdl |
1.1 |
Version: %{version} |
9 |
|
|
Release: %{release}%{?dist} |
10 |
|
|
License: GPL |
11 |
|
|
Group: Networking/Daemons |
12 |
|
|
Source: %{name}-%{version}.tar.xz |
13 |
jpp |
1.2 |
Patch0: e-smith-openssh-2.6.0-bz10621-bz10937.patch |
14 |
jpp |
1.3 |
Patch1: e-smith-openssh-2.6.0-bz9893-autoblock-whitelist.patch |
15 |
jpp |
1.4 |
Patch2: e-smith-openssh-2.6.0-bz10939-denyhosts.patch |
16 |
jpp |
1.5 |
Patch3: e-smith-openssh-2.6.0-bz11147-bz11109-systemd-update.patch |
17 |
jpp |
1.7 |
Patch4: e-smith-openssh-2.6.0-bz11359.patch |
18 |
jpp |
1.8 |
Patch5: e-smith-openssh-2.6.0-bz11256-logging.patch |
19 |
jpp |
1.3 |
|
20 |
stephdl |
1.1 |
BuildRoot: /var/tmp/%{name}-%{version}-%{release}-buildroot |
21 |
|
|
BuildRequires: e-smith-devtools |
22 |
|
|
BuildArchitectures: noarch |
23 |
|
|
Requires: e-smith, openssl, |
24 |
|
|
Requires: openssh >= 3.5 |
25 |
|
|
Requires: openssh-clients |
26 |
|
|
Requires: openssh-server |
27 |
|
|
Requires: e-smith-lib >= 1.15.1-19 |
28 |
|
|
Requires: runit |
29 |
|
|
AutoReqProv: no |
30 |
|
|
|
31 |
|
|
%changelog |
32 |
jpp |
1.7 |
* Thu Feb 18 2021 Jean-Philipe Pialasse <tests@pialasse.com> 2.6.0-5.sme |
33 |
|
|
- increase default host key size [SME: 11359] |
34 |
jpp |
1.8 |
- redirect logging to /var/log/sshd/sshd.log and logrotate [SME: 11256] |
35 |
jpp |
1.7 |
|
36 |
jpp |
1.4 |
* Fri Dec 11 2020 Jean-Philipe Pialasse <tests@pialasse.com> 2.6.0-4.sme |
37 |
|
|
- add support for denyhost [SME: 10939] |
38 |
jpp |
1.5 |
- move sshd to systemd [SME: 11109] |
39 |
|
|
- create -update event [SME: 11147] |
40 |
|
|
- add ed25519 and ecdsa hostkeys [SME: 10940] |
41 |
jpp |
1.4 |
|
42 |
jpp |
1.3 |
* Sun May 03 2020 Jean-Philipe Pialasse <tests@pialasse.com> 2.6.0-3.sme |
43 |
|
|
- add Whitelist to AutoBlock using property sshd ValidFrom [SME: 9893] |
44 |
|
|
|
45 |
jpp |
1.2 |
* Sat May 02 2020 Jean-Philipe Pialasse <tests@pialasse.com> 2.6.0-2.sme |
46 |
|
|
- update client ciphers to use [SME: 10621] |
47 |
|
|
- add ciphers, macs and KexAlgorithms for server [SME: 10937] |
48 |
|
|
|
49 |
stephdl |
1.1 |
* Fri Feb 05 2016 stephane de Labrusse <stephdl@de-labrusse.fr> 2.6.0-1.sme |
50 |
|
|
- Initial release to sme10 |
51 |
|
|
|
52 |
|
|
* Thu Jun 25 2015 stephane de Labrusse <stephdl@de-labrusse.fr> 2.4.0-6.sme |
53 |
|
|
- enabled the motd message [SME: 8939] |
54 |
|
|
- Code done by John Crisp <jcrisp@safeandsoundit.co.uk> and |
55 |
|
|
- Stefano Zamboni <zamboni@mind-at-work.it> |
56 |
|
|
|
57 |
|
|
* Sun Apr 6 2014 Charlie Brady <charlie_brady@mitel.com> 2.4.0-5.sme |
58 |
|
|
- Fix use of uninitialized variables in last change. [SME: 8313] |
59 |
|
|
- Fix error with flush of xt_recent SSH connections. [SME: 8314] |
60 |
|
|
|
61 |
|
|
* Sat Apr 5 2014 Chris Burnat <devlist@burnat.com> 2.4.0-4.sme |
62 |
|
|
- Add ssh-autoblock for external interface - patch by Chris Maltby [SME: 8258] |
63 |
|
|
|
64 |
|
|
* Fri Nov 1 2013 Chris Burnat <devlist@burnat.com> 2.4.0-3.sme |
65 |
|
|
- Remove SSH v1 legacy support - patch by Daniel Berteaud [SME: 6381] |
66 |
|
|
|
67 |
|
|
* Sat Mar 16 2013 Daniel Berteaud <daniel@firewall-services.com> 2.4.0-2.sme |
68 |
|
|
- Make rsyslog listen to our socket [SME: 7221] |
69 |
|
|
|
70 |
|
|
* Wed Feb 13 2013 Shad L. Lords <slords@mail.com> 2.4.0-1.sme |
71 |
|
|
- Roll new stream for sme9 |
72 |
|
|
|
73 |
|
|
* Tue Mar 1 2011 Jonathan Martens <smesevrer-contribs@snetram.nl> 2.2.0-5.sme |
74 |
|
|
- Obsolete KeepAlive and replace ClientAliveInterval and ClientAliveCountMax [SME: 6380] |
75 |
|
|
|
76 |
|
|
* Fri Nov 26 2010 Ian Wells <esmith@wellsi.com> 2.2.0-4.sme |
77 |
|
|
- Change permissions of ssh_config file to 644 [SME: 43] |
78 |
|
|
|
79 |
|
|
* Thu Nov 25 2010 Ian Wells <esmith@wellsi.com> 2.2.0-3.sme |
80 |
|
|
- Template ssh_config with improved defaults [SME: 43] |
81 |
|
|
|
82 |
|
|
* Sun Dec 28 2008 Jonathan Martens <smesevrer-contribs@snetram.nl> 2.2.0-2.sme |
83 |
|
|
- Template sshd login grace time, kept default at 600s [SME: 4903] |
84 |
|
|
|
85 |
|
|
* Tue Oct 7 2008 Shad L. Lords <slords@mail.com> 2.2.0-1.sme |
86 |
|
|
- Roll new stream to separate sme7/sme8 trees [SME: 4633] |
87 |
|
|
|
88 |
|
|
* Wed Jan 09 2008 Stephen Noble <support@dungog.net> 1.12.0-13 |
89 |
|
|
- Remove template fragments for /root/.ssh/config [SME: 513] |
90 |
|
|
|
91 |
|
|
* Tue Dec 18 2007 Shad L. Lords <slords@mail.com> 1.12.0-12 |
92 |
|
|
- Actually apply previous patch [SME: 3678] |
93 |
|
|
|
94 |
|
|
* Mon Dec 17 2007 Shad L. Lords <slords@mail.com> 1.12.0-11 |
95 |
|
|
- Allow root to be key based login only [SME: 3678] |
96 |
|
|
|
97 |
|
|
* Tue Oct 23 2007 Charlie Brady <charlie_brady@mitel.com> 1.12.0-10 |
98 |
|
|
- Prevent rkhunter false positive if ssh is disabled but |
99 |
|
|
PermitRootLogin is enabled in config. [SME: 166] |
100 |
|
|
|
101 |
|
|
* Sun Apr 29 2007 Shad L. Lords <slords@mail.com> |
102 |
|
|
- Clean up spec so package can be built by koji/plague |
103 |
|
|
|
104 |
|
|
* Sun Apr 08 2007 Shad L. Lords <slords@mail.com> 1.12.0-9 |
105 |
|
|
- Adjust permissions on empty/sshd directory again [SME: 2711] |
106 |
|
|
|
107 |
|
|
* Fri Apr 06 2007 Shad L. Lords <slords@mail.com> 1.12.0-8 |
108 |
|
|
- Adjust permissions on empty/sshd directory [SME: 2711] |
109 |
|
|
|
110 |
|
|
* Tue Mar 06 2007 Shad L. Lords <slords@mail.com> 1.12.0-7 |
111 |
|
|
- Adjust sftp-server path in sshd_config to match openssh-servers [SME: 2470] |
112 |
|
|
|
113 |
|
|
* Thu Dec 07 2006 Shad L. Lords <slords@mail.com> |
114 |
|
|
- Update to new release naming. No functional changes. |
115 |
|
|
- Make Packager generic |
116 |
|
|
|
117 |
|
|
* Tue Jul 25 2006 Gordon Rowell <gordonr@gormand.com.au> 1.12.0-05 |
118 |
|
|
- Use sshd{TCPPort} for listen Port - thanks MasterSleepy [SME: 1774] |
119 |
|
|
|
120 |
|
|
* Tue Jul 18 2006 Charlie Brady <charlie_brady@mitel.com> 1.12.0-04 |
121 |
|
|
- Allow "UsePAM" setting to be controlled from db. [SME: 1744] |
122 |
|
|
|
123 |
|
|
* Wed Apr 5 2006 Gordon Rowell <gordonr@gormand.com.au> 1.12.0-03 |
124 |
|
|
- Add newline after user entries in rssh.conf [SME: 877] |
125 |
|
|
|
126 |
|
|
* Wed Mar 29 2006 Gordon Rowell <gordonr@gormand.com.au> 1.12.0-02 |
127 |
|
|
- Don't display /etc/motd contents from ssh [SME: 718] |
128 |
|
|
|
129 |
|
|
* Tue Mar 14 2006 Charlie Brady <charlie_brady@mitel.com> 1.12.0-01 |
130 |
|
|
- Roll stable stream version. [SME: 1016] |
131 |
|
|
|
132 |
|
|
* Mon Mar 13 2006 Gordon Rowell <gordonr@gormand.com.au> 1.11.0-29 |
133 |
|
|
- Expand /etc/rssh.conf in user-{create,delete,lock,modify} [SME: 877] |
134 |
|
|
|
135 |
|
|
* Mon Mar 13 2006 Gordon Rowell <gordonr@gormand.com.au> 1.11.0-28 |
136 |
|
|
- A user is allowed access to rssh protocols if: |
137 |
|
|
- They have PasswordSet==yes |
138 |
|
|
- They have AllowRSSH==yes or |
139 |
|
|
VPNClientAccess==yes but not AllowRSSH==no [SME: 877] |
140 |
|
|
|
141 |
|
|
* Mon Mar 13 2006 Gordon Rowell <gordonr@gormand.com.au> 1.11.0-27 |
142 |
|
|
- Remove defaults for sshd{Allow*} and the templates for rssh.conf [SME: 877] |
143 |
|
|
- Allow a user all of the rssh protocols if AllowSSH is yes [SME: 877] |
144 |
|
|
|
145 |
|
|
* Thu Mar 02 2006 Gordon Rowell <gordonr@gormand.com.au> 1.11.0-26 |
146 |
|
|
- Adjust sftp-server path in sshd_config to match rssh [SME: 924] |
147 |
|
|
|
148 |
|
|
* Wed Mar 01 2006 Charlie Brady <charlie_brady@mitel.com> 1.11.0-25 |
149 |
|
|
- Add syslog socket inside privsep chroot jail [SME: 916] |
150 |
|
|
|
151 |
|
|
* Tue Jan 24 2006 Gordon Rowell <gordonr@gormand.com.au> 1.11.0-24 |
152 |
|
|
- Default sshd{AllowRSYNC} == yes [SME: 42] |
153 |
|
|
|
154 |
|
|
* Mon Jan 23 2006 Gordon Rowell <gordonr@gormand.com.au> 1.11.0-23 |
155 |
|
|
- Add template for /etc/rssh.conf [SME: 42] |
156 |
|
|
- Default sshd{AllowSCP, AllowSFTP} == yes [SME: 532] |
157 |
|
|
- Default sshd{AllowRDIST,AllowRSYNC,AllowCVS} == no |
158 |
|
|
|
159 |
|
|
* Fri Jan 6 2006 Gordon Rowell <gordonr@gormand.com.au> 1.11.0-22 |
160 |
|
|
- Default sshd{PasswordAuthentication} to "no" [SME: 377] |
161 |
|
|
|
162 |
|
|
* Wed Nov 30 2005 Gordon Rowell <gordonr@gormand.com.au> 1.11.0-21 |
163 |
|
|
- Bump release number only |
164 |
|
|
|
165 |
|
|
* Wed Aug 10 2005 Charlie Brady <charlieb@e-smith.com> |
166 |
|
|
- [1.11.0-20] |
167 |
|
|
- Delete test related requires (not really required) and add runit. |
168 |
|
|
|
169 |
|
|
* Wed Jul 20 2005 Charlie Brady <charlieb@e-smith.com> |
170 |
|
|
- [1.11.0-19] |
171 |
|
|
- Set $sshd{TCPPort} and remove obsolete masq template fragment. [SF: 1241409] |
172 |
|
|
|
173 |
|
|
* Tue Jul 19 2005 Charlie Brady <charlieb@e-smith.com> |
174 |
|
|
- [1.11.0-18] |
175 |
|
|
- Update to current db access APIs. [SF: 1216546] |
176 |
|
|
|
177 |
|
|
* Tue Jul 5 2005 Charlie Brady <charlieb@e-smith.com> |
178 |
|
|
- [1.11.0-17] |
179 |
|
|
- Configure MaxAuthTries (our default is 2). [SF: 1232544] |
180 |
|
|
|
181 |
|
|
* Thu Jun 16 2005 Charlie Brady <charlieb@e-smith.com> |
182 |
|
|
- [1.11.0-16] |
183 |
|
|
- Ensure that 'status' property is recognised at startup. [MN00061795] |
184 |
|
|
|
185 |
|
|
* Tue May 17 2005 Charlie Brady <charlieb@e-smith.com> |
186 |
|
|
- [1.11.0-15] |
187 |
|
|
- Default to protocol 2 only on new installs, and '2,1' for |
188 |
|
|
upgrades where $sshd{Protocol} is not defined. |
189 |
|
|
|
190 |
|
|
* Mon Mar 14 2005 Charlie Brady <charlieb@e-smith.com> |
191 |
|
|
- [1.11.0-14] |
192 |
|
|
- Use generic_template_expand action for all template expansions from |
193 |
|
|
sshd-conf. Update e-smith-lib dependency. [MN00064130] |
194 |
|
|
- Replace sshd-reload with call to 'adjust-services'. [MN00065576] |
195 |
|
|
|
196 |
|
|
* Tue Sep 28 2004 Michael Soulier <msoulier@e-smith.com> |
197 |
|
|
- [1.11.0-13] |
198 |
|
|
- Updated requires with new perl dependencies. [charlieb MN00040240] |
199 |
|
|
- Clean BuildRequires. [charlieb MN00043055] |
200 |
|
|
|
201 |
|
|
* Mon Dec 22 2003 Michael Soulier <msoulier@e-smith.com> |
202 |
|
|
- [1.11.0-12] |
203 |
|
|
- Added host key generation code to run script. [msoulier 9549] |
204 |
|
|
|
205 |
|
|
* Wed Dec 10 2003 Michael Soulier <msoulier@e-smith.com> |
206 |
|
|
- [1.11.0-11] |
207 |
|
|
- Fixed a bug in the genfilelist options. [msoulier 9549] |
208 |
|
|
|
209 |
|
|
* Fri Dec 5 2003 Michael Soulier <msoulier@e-smith.com> |
210 |
|
|
- [1.11.0-10] |
211 |
|
|
- Put full path to sshd in run script to work around assumption of full path |
212 |
|
|
in sshd sighup handler. [msoulier 9549] |
213 |
|
|
|
214 |
|
|
* Fri Dec 5 2003 Michael Soulier <msoulier@e-smith.com> |
215 |
|
|
- [1.11.0-09] |
216 |
|
|
- Updated sshd-reload to use daemontools wrapper. [msoulier 9549] |
217 |
|
|
|
218 |
|
|
* Fri Dec 5 2003 Michael Soulier <msoulier@e-smith.com> |
219 |
|
|
- [1.11.0-08] |
220 |
|
|
- Moved the shebang line to a place where it actually matters. Tell me it's |
221 |
|
|
friday. [msoulier 9549] |
222 |
|
|
|
223 |
|
|
* Fri Dec 5 2003 Michael Soulier <msoulier@e-smith.com> |
224 |
|
|
- [1.11.0-07] |
225 |
|
|
- Fixed a couple of typos preventing multilog from starting. [msoulier 9549] |
226 |
|
|
|
227 |
|
|
* Fri Dec 5 2003 Michael Soulier <msoulier@e-smith.com> |
228 |
|
|
- [1.11.0-06] |
229 |
|
|
- Moved initscript to /etc/init.d/supervise/sshd. [msoulier 9549] |
230 |
|
|
|
231 |
|
|
* Fri Dec 5 2003 Michael Soulier <msoulier@e-smith.com> |
232 |
|
|
- [1.11.0-05] |
233 |
|
|
- Fixed a couple of specfile typos. [msoulier 9549] |
234 |
|
|
|
235 |
|
|
* Fri Dec 5 2003 Michael Soulier <msoulier@e-smith.com> |
236 |
|
|
- [1.11.0-04] |
237 |
|
|
- Adding supervision of sshd. [msoulier 9549] |
238 |
|
|
- Updated createlinks to latest api. |
239 |
|
|
|
240 |
|
|
* Tue Sep 16 2003 Charlie Brady <charlieb@e-smith.com> |
241 |
|
|
- [1.11.0-03] |
242 |
|
|
- Remove deprecated RhostsAuthentication from sshd_config. [charlieb 10014] |
243 |
|
|
|
244 |
|
|
* Thu Aug 21 2003 Charlie Brady <charlieb@e-smith.com> |
245 |
|
|
- [1.11.0-02] |
246 |
|
|
- Replace sshd-conf-startup action with default db fragments. |
247 |
|
|
[charlieb 9553] |
248 |
|
|
|
249 |
|
|
* Thu Aug 21 2003 Charlie Brady <charlieb@e-smith.com> |
250 |
|
|
- [1.11.0-01] |
251 |
|
|
- Changing version to development stream number - 1.11.0 |
252 |
|
|
|
253 |
|
|
* Thu Jun 26 2003 Charlie Brady <charlieb@e-smith.com> |
254 |
|
|
- [1.10.0-01] |
255 |
|
|
- Changing version to stable stream number - 1.10.0 |
256 |
|
|
|
257 |
|
|
* Mon Apr 21 2003 Mark Knox <markk@e-smith.com> |
258 |
|
|
- [1.9.0-10] |
259 |
|
|
- Enforce 0600 on sshd_config [markk 8407] |
260 |
|
|
|
261 |
|
|
* Tue Apr 15 2003 Gordon Rowell <gordonr@e-smith.com> |
262 |
|
|
- [1.9.0-09] |
263 |
|
|
- Add Compression and UsePrivilegeSeparation options [gordonr 8173] |
264 |
|
|
|
265 |
|
|
* Tue Apr 8 2003 Michael Soulier <msoulier@e-smith.com> |
266 |
|
|
- [1.9.0-08] |
267 |
|
|
- Backed-out 1.9.0-07. [msoulier 5782] |
268 |
|
|
|
269 |
|
|
* Tue Apr 8 2003 Michael Soulier <msoulier@e-smith.com> |
270 |
|
|
- [1.9.0-07] |
271 |
|
|
- Shut off tcp forwarding in the daemon. [msoulier 5782] |
272 |
|
|
|
273 |
|
|
* Tue Apr 1 2003 Gordon Rowell <gordonr@e-smith.com> |
274 |
|
|
- [1.9.0-06] |
275 |
|
|
- Actually reload ssh rather than restarting in sshd-reload [gordonr 7785] |
276 |
|
|
|
277 |
|
|
* Tue Mar 18 2003 Lijie Deng <lijied@e-smith.com> |
278 |
|
|
- [1.9.0-05] |
279 |
|
|
- Deleted ./root/.ssh/config/template-begin [lijied 3295] |
280 |
|
|
|
281 |
|
|
* Mon Mar 17 2003 Lijie Deng <lijied@e-smith.com> |
282 |
|
|
- [1.9.0-04] |
283 |
|
|
- Deleted template-begin/end file [lijied 3295] |
284 |
|
|
|
285 |
|
|
* Tue Mar 4 2003 Charlie Brady <charlieb@e-smith.com> |
286 |
|
|
- [1.9.0-03] |
287 |
|
|
- s/HostsAllowSpec/hosts_allow_spec/ [charlieb 5650] |
288 |
|
|
|
289 |
|
|
* Fri Feb 28 2003 Charlie Brady <charlieb@e-smith.com> |
290 |
|
|
- [1.9.0-02] |
291 |
|
|
- Re-do hosts.allow template to use esmith::ConfigDB::HostsAllowSpec. |
292 |
|
|
Add dependency on up-to-date e-smith-lib. [charlieb 5650] |
293 |
|
|
|
294 |
|
|
* Fri Feb 28 2003 Charlie Brady <charlieb@e-smith.com> |
295 |
|
|
- [1.9.0-01] |
296 |
|
|
- Roll development stream to 1.9.0 |
297 |
|
|
|
298 |
|
|
* Mon Feb 24 2003 Charlie Brady <charlieb@e-smith.com> |
299 |
|
|
- [1.8.0-02] |
300 |
|
|
- Allow MaxStartups to be tunable from the config DB [charlieb 7362] |
301 |
|
|
|
302 |
|
|
* Fri Oct 11 2002 Charlie Brady <charlieb@e-smith.com> |
303 |
|
|
- [1.8.0-01] |
304 |
|
|
- Rolling stable version number to 1.8.0 |
305 |
|
|
|
306 |
|
|
* Wed Oct 2 2002 Mark Knox <markk@e-smith.com> |
307 |
|
|
- [1.7.3-04] |
308 |
|
|
- Remove stray braces in hosts.allow template [markk 3786] |
309 |
|
|
|
310 |
|
|
* Mon Sep 23 2002 Charlie Brady <charlieb@e-smith.com> |
311 |
|
|
- [1.7.3-03] |
312 |
|
|
- Fix hosts.allow template problem introduced by last change [charlieb 3786] |
313 |
|
|
|
314 |
|
|
* Tue Sep 10 2002 Mark Knox <markk@e-smith.com> |
315 |
|
|
- [1.7.3-02] |
316 |
|
|
- Remove deprecated split on pipe [markk 3786] |
317 |
|
|
|
318 |
|
|
* Tue Aug 20 2002 Charlie Brady <charlieb@e-smith.com> |
319 |
|
|
- [1.7.3-01] |
320 |
|
|
- Add rc7.d symlink and don't set deprecated InitscriptsOrder property |
321 |
|
|
[charlieb 4458] |
322 |
|
|
- Change use of allow_tcp_in() function to allow dynamic reconfig. |
323 |
|
|
[charlieb 4501] |
324 |
|
|
|
325 |
|
|
* Thu Aug 8 2002 Charlie Brady <charlieb@e-smith.com> |
326 |
|
|
- [1.7.2-01] |
327 |
|
|
- Change masq script fragment to use allow_tcp_in() function. [charlieb 4499] |
328 |
|
|
|
329 |
|
|
* Wed Jul 17 2002 Charlie Brady <charlieb@e-smith.com> |
330 |
|
|
- [1.7.1-01] |
331 |
|
|
- Change masq script fragment to use iptables. [charlieb 1268] |
332 |
|
|
|
333 |
|
|
* Wed Jun 5 2002 Charlie Brady <charlieb@e-smith.com> |
334 |
|
|
- [1.7.0-01] |
335 |
|
|
- Changing version to maintained stream number to 1.7.0 |
336 |
|
|
|
337 |
|
|
* Fri May 31 2002 Charlie Brady <charlieb@e-smith.com> |
338 |
|
|
- [1.6.0-01] |
339 |
|
|
- Changing version to maintained stream number to 1.6.0 |
340 |
|
|
|
341 |
|
|
* Thu May 23 2002 Gordon Rowell <gordonr@e-smith.com> |
342 |
|
|
- [1.5.6-01] |
343 |
|
|
- RPM rebuild forced by cvsroot2rpm |
344 |
|
|
|
345 |
|
|
* Mon May 13 2002 Kirrily Robert <skud@e-smith.com> |
346 |
|
|
- [1.5.5-01] |
347 |
|
|
- Added buildtests [skud 2932] |
348 |
|
|
|
349 |
|
|
* Fri Apr 26 2002 Tony Clayton <apc@e-smith.com> |
350 |
|
|
- [1.5.4-01] |
351 |
|
|
- add -t option to ssh-keygen call in sshd-conf [tonyc] |
352 |
|
|
|
353 |
|
|
* Fri Mar 6 2002 Michael G Schwern <schwern@e-smith.com> |
354 |
|
|
- [1.5.3-01] |
355 |
|
|
- Tested & documented sshd-reload action [schwern 2932] |
356 |
|
|
- Tested & documented sshd-conf and sshd-conf-startup actions [schwern 2932] |
357 |
|
|
- Changed all actions to use esmith::ConfigDB [schwern 2932] |
358 |
|
|
- Fixed dependencies. [schwern] |
359 |
|
|
|
360 |
|
|
* Thu Feb 14 2002 Kirrily Robert <skud@e-smith.com> |
361 |
|
|
- [1.5.2-01] |
362 |
|
|
- CVS testing |
363 |
|
|
|
364 |
|
|
* Thu Feb 14 2002 Kirrily Robert <skud@e-smith.com> |
365 |
|
|
- [1.5.0-01] |
366 |
|
|
- rollRPM: Rolled version number to 1.5.0-01. Includes patches up to 1.4.0-06. |
367 |
|
|
|
368 |
|
|
* Mon Nov 05 2001 Charlie Brady <charlieb@e-smith.com> |
369 |
|
|
- [1.4.0-06] |
370 |
|
|
- Remove obsoleted "CheckMail no" fragment from sshd_config template. |
371 |
|
|
|
372 |
|
|
* Tue Aug 28 2001 Gordon Rowell <gordonr@e-smith.com> |
373 |
|
|
- [1.4.0-05] |
374 |
|
|
- Removed links from deprecated post-restore event |
375 |
|
|
|
376 |
|
|
* Fri Aug 17 2001 gordonr |
377 |
|
|
- [1.4.0-04] |
378 |
|
|
- Autorebuild by rebuildRPM |
379 |
|
|
|
380 |
|
|
* Tue Aug 14 2001 Charlie Brady <charlieb@e-smith.com> |
381 |
|
|
- [1.4.0-03] |
382 |
|
|
- Change back to Protocol 1 until known_hosts2 and authorized_keys2 files are |
383 |
|
|
implemented on both sides. |
384 |
|
|
|
385 |
|
|
* Tue Aug 14 2001 Charlie Brady <charlieb@e-smith.com> |
386 |
|
|
- [1.4.0-02] |
387 |
|
|
- Add template fragements to generate /root/.ssh/config host |
388 |
|
|
config sections for any hostnames added to %e_smith_hosts by |
389 |
|
|
other fragements numbered between 00 and 19. |
390 |
|
|
- Delete useless template-end for /root/.ssh/config. |
391 |
|
|
|
392 |
|
|
* Wed Aug 8 2001 Charlie Brady <charlieb@e-smith.com> |
393 |
|
|
- [1.4.0-01] |
394 |
|
|
- Rolled version number to 1.4.0-01. Includes patches upto 1.3.0-10. |
395 |
|
|
|
396 |
|
|
* Wed Aug 8 2001 Gordon Rowell <gordonr@e-smith.com> |
397 |
|
|
- [1.3.0-10] |
398 |
|
|
- Use restart instead of reload as some initscripts don't have the latter |
399 |
|
|
|
400 |
|
|
* Sun Jul 8 2001 Gordon Rowell <gordonr@e-smith.com> |
401 |
|
|
- [1.3.0-09] |
402 |
|
|
- Check "access" property of sshd service |
403 |
|
|
|
404 |
|
|
* Fri Jul 6 2001 Peter Samuel <peters@e-smith.com> |
405 |
|
|
- [1.3.0-08] |
406 |
|
|
- Changed license to GPL |
407 |
|
|
|
408 |
|
|
* Thu Jul 05 2001 Gordon Rowell <gordonr@e-smith.com> |
409 |
|
|
- [1.3.0-07] |
410 |
|
|
- Explicitly disable ChallengeResponseAuthentication and |
411 |
|
|
KbdInteractiveAuthentication |
412 |
|
|
|
413 |
|
|
* Wed May 30 2001 Gordon Rowell <gordonr@e-smith.com> |
414 |
|
|
- [1.3.0-06] |
415 |
|
|
- Added HostKey line for /etc/ssh/ssh_host_rsa_key for SSH version 2 |
416 |
|
|
|
417 |
|
|
* Tue May 29 2001 Tony Clayton <tonyc@e-smith.com> |
418 |
|
|
- [1.3.0-05] |
419 |
|
|
- fixed actions that had tied %conf when calling serviceControl (2 actions) |
420 |
|
|
|
421 |
|
|
* Mon May 21 2001 Gordon Rowell <gordonr@e-smith.com> |
422 |
|
|
- [1.3.0-04] |
423 |
|
|
- Added links to /usr/libexec and /usr/local/libexec to enable |
424 |
|
|
sftp for more client systems under protocol V1 |
425 |
|
|
|
426 |
|
|
* Mon May 21 2001 Gordon Rowell <gordonr@e-smith.com> |
427 |
|
|
- [1.3.0-03] |
428 |
|
|
- Revised after comments from Charlie |
429 |
|
|
- Added documentation for MaxStartups and cleaner perl idiom for |
430 |
|
|
SubsystemSftp test |
431 |
|
|
|
432 |
|
|
* Mon May 21 2001 Gordon Rowell <gordonr@e-smith.com> |
433 |
|
|
- [1.3.0-02] |
434 |
|
|
- Enabled sftp subsystem by default with correct path to sftp-server |
435 |
|
|
- Added MaxStartups configuration |
436 |
|
|
|
437 |
|
|
* Mon May 21 2001 Gordon Rowell <gordonr@e-smith.com> |
438 |
|
|
- [1.3.0-01] |
439 |
|
|
- Rolled version number to 1.3.0-01. Includes patches upto 1.2.0-06. |
440 |
|
|
|
441 |
|
|
* Wed May 09 2001 Tony Clayton <tonyc@e-smith.com> |
442 |
|
|
- [1.2.0-06] |
443 |
|
|
- Forgot to add last patch to %setup. Adding it now. |
444 |
|
|
|
445 |
|
|
* Wed May 09 2001 Tony Clayton <tonyc@e-smith.com> |
446 |
|
|
- [1.2.0-05] |
447 |
|
|
- Add /root/.ssh/config template-{begin,end} fragments |
448 |
|
|
- Expand config template from sshd-conf |
449 |
|
|
|
450 |
|
|
* Thu Apr 27 2001 Gordon Rowell <gordonr@e-smith.com> |
451 |
|
|
- [1.2.0-04] |
452 |
|
|
- Rolled version for GPG signing - no change |
453 |
|
|
|
454 |
|
|
* Mon Apr 9 2001 Gordon Rowell <gordonr@e-smith.com> |
455 |
|
|
- [1.2.0-03] |
456 |
|
|
- Extra HostKey line for openssh-2.5 |
457 |
|
|
|
458 |
|
|
* Thu Feb 8 2001 Adrian Chung <adrianc@e-smith.com> |
459 |
|
|
- [1.2.0-02] |
460 |
|
|
- Rolling release number for GPG signing. |
461 |
|
|
|
462 |
|
|
* Thu Jan 25 2001 Peter Samuel <peters@e-smith.com> |
463 |
|
|
- [1.2.0-01] |
464 |
|
|
- Rolled version number to 1.2.0-01. Includes patches upto 1.1.0-23. |
465 |
|
|
|
466 |
|
|
* Thu Jan 11 2001 Gordon Rowell <gordonr@e-smith.com> |
467 |
|
|
- [1.1.0-23] |
468 |
|
|
- use serviceControl() |
469 |
|
|
|
470 |
|
|
* Thu Jan 11 2001 Gordon Rowell <gordonr@e-smith.com> |
471 |
|
|
- [1.1.0-22] |
472 |
|
|
- reload sshd (and possibly kill it off) in post-restore |
473 |
|
|
|
474 |
|
|
* Thu Jan 11 2001 Adrian Chung <adrianc@e-smith.com> |
475 |
|
|
- [1.1.0-21] |
476 |
|
|
- fully qualify path to killall in sshd-reload |
477 |
|
|
|
478 |
|
|
* Wed Jan 10 2001 Gordon Rowell <gordonr@e-smith.com> |
479 |
|
|
- [1.1.0-20] |
480 |
|
|
- Kill existing ssh sessions if we have just stopped the service |
481 |
|
|
|
482 |
|
|
* Wed Jan 10 2001 Gordon Rowell <gordonr@e-smith.com> |
483 |
|
|
- [1.1.0-19] |
484 |
|
|
- Use sshd reload instead of killall -HUP - that closes current connections |
485 |
|
|
|
486 |
|
|
* Tue Jan 9 2001 Charlie Brady <charlieb@e-smith.com> |
487 |
|
|
- [1.1.0-18] |
488 |
|
|
- Make new bootstrap-console-save event - the Lite version |
489 |
|
|
- Make sshd-reload shut down sshd if it has been disabled |
490 |
|
|
- Don't redo conf-sshd-startup with every console-save |
491 |
|
|
|
492 |
|
|
* Fri Jan 5 2001 Peter Samuel <peters@e-smith.com> |
493 |
|
|
- [1.1.0-17] |
494 |
|
|
- Added missing use esmith::util to sshd-reload |
495 |
|
|
|
496 |
|
|
* Thu Jan 04 2001 Gordon Rowell <gordonr@e-smith.com> |
497 |
|
|
- [1.1.0-16] |
498 |
|
|
- Added missing use esmith::db |
499 |
|
|
|
500 |
|
|
* Wed Jan 03 2001 Gordon Rowell <gordonr@e-smith.com> |
501 |
|
|
- [1.1.0-15] |
502 |
|
|
- sshd-reload now starts sshd if not running and service enabled |
503 |
|
|
|
504 |
|
|
* Thu Dec 28 2000 Gordon Rowell <gordonr@e-smith.com> |
505 |
|
|
- [1.1.0-14] |
506 |
|
|
- Process sshd_config template in remoteaccess-update |
507 |
|
|
|
508 |
|
|
* Thu Dec 28 2000 Gordon Rowell <gordonr@e-smith.com> |
509 |
|
|
- [1.1.0-13] |
510 |
|
|
- Provide defaults for PermitRootLogin and PasswordAuthentication properties |
511 |
|
|
|
512 |
|
|
* Thu Dec 21 2000 Charlie Brady <charlieb@e-smith.com> |
513 |
|
|
- [1.1.0-12] |
514 |
|
|
- Don't restart sshd after config change, just reload config. |
515 |
|
|
|
516 |
|
|
* Sat Dec 16 2000 Charlie Brady <charlieb@e-smith.com> |
517 |
|
|
- [1.1.0-11] |
518 |
|
|
- Fix typo |
519 |
|
|
|
520 |
|
|
* Fri Dec 15 2000 Charlie Brady <charlieb@e-smith.com> |
521 |
|
|
- [1.1.0-10] |
522 |
|
|
- Move AllowSSH packet filter template fragment here. |
523 |
|
|
|
524 |
|
|
* Wed Dec 13 2000 Gordon Rowell <gordonr@e-smith.com> |
525 |
|
|
- [1.1.0-9] |
526 |
|
|
- Disable ssh by default |
527 |
|
|
|
528 |
|
|
* Wed Dec 13 2000 Gordon Rowell <gordonr@e-smith.com> |
529 |
|
|
- [1.1.0-8] |
530 |
|
|
- Fixed typo in hosts.allow fragment for private access |
531 |
|
|
|
532 |
|
|
* Wed Dec 13 2000 Gordon Rowell <gordonr@e-smith.com> |
533 |
|
|
- [1.1.0-7] |
534 |
|
|
- Added sshd-restart to remoteaccess-update event (and others) |
535 |
|
|
- Renamed scripts to sshd-{conf,conf-startup,restart} |
536 |
|
|
- Enable private ssh access by default |
537 |
|
|
|
538 |
|
|
* Tue Dec 12 2000 Adrian Chung <adrianc@e-smith.com> |
539 |
|
|
- [1.1.0-6] |
540 |
|
|
- fixed location of ssh_host_key in 20HostKey fragment |
541 |
|
|
|
542 |
|
|
* Wed Dec 06 2000 Peter Samuel <peters@e-smith.com |
543 |
|
|
- [1.1.0-5] |
544 |
|
|
- Fixed sshd_config templates for PermitRootLogin and |
545 |
|
|
PasswordAuthentication |
546 |
|
|
|
547 |
|
|
* Wed Dec 06 2000 Gordon Rowell <gordonr@e-smith.com> |
548 |
|
|
- [1.1.0-4] |
549 |
|
|
- conf-ssh-startup: PasswordAuthentication=yes and RootLogin=no |
550 |
|
|
- Fixed ordering of Port/Listen fragments |
551 |
|
|
|
552 |
|
|
* Tue Dec 05 2000 Gordon Rowell <gordonr@e-smith.com> |
553 |
|
|
- [1.1.0-3] |
554 |
|
|
- Changed sshd_config into a directory template |
555 |
|
|
- Used services notation to enable/disable |
556 |
|
|
- sshd_config: PasswordAuthentication and RootLogin - both disabled by default |
557 |
|
|
|
558 |
|
|
* Tue Dec 05 2000 Gordon Rowell <gordonr@e-smith.com> |
559 |
|
|
- [1.1.0-1] |
560 |
|
|
- Rolled version to 1.1.0. Includes patches up to 0.6-3 |
561 |
|
|
|
562 |
|
|
* Tue Oct 31 2000 Charlie Brady <charlieb@e-smith.com> |
563 |
|
|
- Ensure that conf-ssh-startup is run during post-upgrade event. |
564 |
|
|
- Fix missing " in hosts.allow template. |
565 |
|
|
|
566 |
|
|
* Tue Oct 31 2000 Charlie Brady <charlieb@e-smith.com> |
567 |
|
|
- Merge services database back into configuration database. |
568 |
|
|
|
569 |
|
|
* Thu Oct 26 2000 Peter Samuel <peters@e-smith.com> |
570 |
|
|
- Rolled version to 0.6. Includes patches up to 0.5-17 |
571 |
|
|
|
572 |
|
|
* Fri Oct 06 2000 Adrian Chung <adrian.chung@e-smith.com> |
573 |
|
|
- Fixed a typo in conf-ssh-startup. |
574 |
|
|
|
575 |
|
|
* Fri Oct 06 2000 Adrian Chung <adrian.chung@e-smith.com> |
576 |
|
|
- Move %post code to conf-ssh-startup instead |
577 |
|
|
- Default to enabled for sshd in services database if not |
578 |
|
|
already set. |
579 |
|
|
|
580 |
|
|
* Thu Oct 05 2000 Adrian Chung <adrian.chung@e-smith.com> |
581 |
|
|
- Change %post to setdefault ... enabled. |
582 |
|
|
|
583 |
|
|
* Wed Oct 4 2000 Charlie Brady <charlieb@e-smith.com> |
584 |
|
|
- Use db_get_type to get service status - to be safe against |
585 |
|
|
defined service properties |
586 |
|
|
- Do not init services database during post-install event - |
587 |
|
|
it is done during %post action. |
588 |
|
|
|
589 |
|
|
* Wed Oct 4 2000 Charlie Brady <charlieb@e-smith.com> |
590 |
|
|
- Only initialise services database during post-install action. |
591 |
|
|
- Only expand hosts.allow/sshd if sshd service is enabled. |
592 |
|
|
|
593 |
|
|
* Wed Oct 4 2000 Charlie Brady <charlieb@e-smith.com> |
594 |
|
|
- Fix typo |
595 |
|
|
|
596 |
|
|
* Tue Oct 3 2000 Charlie Brady <charlieb@e-smith.com> |
597 |
|
|
- Update services database when enabling startup |
598 |
|
|
|
599 |
|
|
* Mon Oct 2 2000 Gordon Rowell <gordonr@e-smith.com> |
600 |
|
|
- rewrote spec file to use e-smith-devtools |
601 |
|
|
|
602 |
|
|
* Mon Sep 25 2000 Paul Nebsit <pkn@e-smith.com> |
603 |
|
|
- updated contact and URL info |
604 |
|
|
|
605 |
|
|
* Thu Sep 14 2000 Gordon Rowell <gordonr@e-smith.com> |
606 |
|
|
- Removed obsolete rc7.d symlink from createlinks |
607 |
|
|
|
608 |
|
|
* Thu Sep 14 2000 Gordon Rowell <gordonr@e-smith.com> |
609 |
|
|
- Rebuilt using latest e-smith-devtools - hosts.allow template fragment missing |
610 |
|
|
|
611 |
|
|
* Tue Aug 30 2000 Paul Nesbit <pkn@e-smith.com> |
612 |
|
|
- added 'use e-smith::util' line to conf-ssh-startup |
613 |
|
|
|
614 |
|
|
* Thu Aug 24 2000 Gordon Rowell <gordonr@e-smith.com> |
615 |
|
|
- Rewrote conf-ssh-startup to use serviceControl() |
616 |
|
|
|
617 |
|
|
* Sun Jul 2 2000 Charlie Brady <charlieb@e-smith.net> |
618 |
|
|
- Make S85sshd symlink absolute so that RPM verifies |
619 |
|
|
|
620 |
|
|
* Sat Jun 17 2000 Charlie Brady <charlieb@e-smith.net> |
621 |
|
|
- Rewrite createlinks in perl |
622 |
|
|
- Add sshd template for /etc/hosts.allow |
623 |
|
|
- Fix ssh-keygen options code |
624 |
|
|
|
625 |
|
|
* Mon Jun 12 2000 Charlie Brady <charlieb@e-smith.net> |
626 |
|
|
- Remove /etc/rc.d/rc7.d symlink before (re-)creating it. Avoids logfile mess. |
627 |
|
|
- Change backgroundCommand call to use array instead of string - avoid shell |
628 |
|
|
parsing. |
629 |
|
|
|
630 |
|
|
* Thu May 11 2000 Charlie Brady <charlieb@e-smith.net> |
631 |
|
|
- Change rc?.d directory from 3 to 7. |
632 |
|
|
|
633 |
|
|
%description |
634 |
|
|
e-smith server enhancement to configure and enable openssh |
635 |
|
|
|
636 |
|
|
%prep |
637 |
|
|
%setup |
638 |
jpp |
1.2 |
%patch0 -p1 |
639 |
jpp |
1.3 |
%patch1 -p1 |
640 |
jpp |
1.4 |
%patch2 -p1 |
641 |
jpp |
1.5 |
%patch3 -p1 |
642 |
|
|
rm -rf root/var/service root/service |
643 |
jpp |
1.7 |
%patch4 -p1 |
644 |
jpp |
1.8 |
%patch5 -p1 |
645 |
stephdl |
1.1 |
|
646 |
|
|
%build |
647 |
|
|
perl createlinks |
648 |
|
|
# build the test suite from embedded tests |
649 |
|
|
/sbin/e-smith/buildtests e-smith-openssh |
650 |
|
|
|
651 |
|
|
%install |
652 |
|
|
rm -rf $RPM_BUILD_ROOT |
653 |
|
|
( cd root ; find . -depth -print | cpio -dump $RPM_BUILD_ROOT ) |
654 |
|
|
rm -f %{name}-%{version}-%{release}-filelist |
655 |
|
|
|
656 |
|
|
/sbin/e-smith/genfilelist \ |
657 |
jpp |
1.5 |
--file '/sbin/e-smith/systemd/sshd-prepare' 'attr(0554,root,root)' \ |
658 |
jpp |
1.8 |
--dir '/var/log/sshd' 'attr(2750,root,root)' \ |
659 |
stephdl |
1.1 |
--dir '/var/empty/sshd' 'attr(0711,root,root)' \ |
660 |
|
|
$RPM_BUILD_ROOT \ |
661 |
|
|
> %{name}-%{version}-%{release}-filelist |
662 |
|
|
|
663 |
|
|
echo "%doc COPYING" >> %{name}-%{version}-%{release}-filelist |
664 |
|
|
|
665 |
|
|
%clean |
666 |
|
|
rm -rf $RPM_BUILD_ROOT |
667 |
|
|
|
668 |
|
|
%files -f %{name}-%{version}-%{release}-filelist |
669 |
|
|
%defattr(-,root,root) |
670 |
jpp |
1.6 |
|
671 |
|
|
%pre |
672 |
|
|
if [ $1 -gt 1 ] ; then |
673 |
|
|
if [ -e /var/service/sshd/run ] ; then |
674 |
|
|
/usr/bin/sv d sshd |
675 |
|
|
/usr/bin/sv d sshd/log |
676 |
|
|
fi |
677 |
|
|
fi |