diff --git a/0001-ssh-Add-final-version-of-the-option-RequiredRSASize-53.patch b/0001-ssh-Add-final-version-of-the-option-RequiredRSASize-53.patch new file mode 100644 index 0000000..b8b9941 --- /dev/null +++ b/0001-ssh-Add-final-version-of-the-option-RequiredRSASize-53.patch @@ -0,0 +1,79 @@ +From 1bda31d2d07ed9042b09b0596904dd4f317d8f48 Mon Sep 17 00:00:00 2001 +From: Jakub Jelen +Date: Mon, 26 Sep 2022 20:20:47 +0200 +Subject: [PATCH] Add final version of the option RequiredRSASize (#53) + +* Update source template to match generated template + +* Add final name of the RequiredRSASize parameter + +keeping the old version for backward compatibility. + +Upstream commit: +https://github.com/openssh/openssh-portable/commit/54b333d1 +--- + .dev-tools/10_top.j2 | 4 ++-- + .dev-tools/options_body | 1 + + templates/ssh_config.j2 | 3 +++ + 3 files changed, 6 insertions(+), 2 deletions(-) + +diff --git a/.dev-tools/10_top.j2 b/.dev-tools/10_top.j2 +index 99704bd..8411de8 100644 +--- a/.dev-tools/10_top.j2 ++++ b/.dev-tools/10_top.j2 +@@ -7,10 +7,10 @@ + {% elif value is sameas false %} + {{ key }} no + {% elif value is string or value is number %} +-{{ key }} {{ value }} ++{{ key }} {{ value | string }} + {% else %} + {% for i in value %} +-{{ key }} {{ i }} ++{{ key }} {{ i | string }} + {% endfor %} + {% endif %} + {% endif %} +diff --git a/.dev-tools/options_body b/.dev-tools/options_body +index 176879d..8cc382f 100644 +--- a/.dev-tools/options_body ++++ b/.dev-tools/options_body +@@ -84,6 +84,7 @@ RekeyLimit + RemoteCommand + RemoteForward + RequestTTY ++RequiredRSASize + RevokedHostKeys + RhostsRSAAuthentication + RSAAuthentication +diff --git a/templates/ssh_config.j2 b/templates/ssh_config.j2 +index fab57de..7f277c7 100644 +--- a/templates/ssh_config.j2 ++++ b/templates/ssh_config.j2 +@@ -119,6 +119,7 @@ Match {{ match["Condition"] }} + {{ render_option("RemoteCommand",match["RemoteCommand"],true) -}} + {{ render_option("RemoteForward",match["RemoteForward"],true) -}} + {{ render_option("RequestTTY",match["RequestTTY"],true) -}} ++{{ render_option("RequiredRSASize",match["RequiredRSASize"],true) -}} + {{ render_option("RevokedHostKeys",match["RevokedHostKeys"],true) -}} + {{ render_option("RhostsRSAAuthentication",match["RhostsRSAAuthentication"],true) -}} + {{ render_option("RSAAuthentication",match["RSAAuthentication"],true) -}} +@@ -240,6 +241,7 @@ Host {{ host["Condition"] }} + {{ render_option("RemoteCommand",host["RemoteCommand"],true) -}} + {{ render_option("RemoteForward",host["RemoteForward"],true) -}} + {{ render_option("RequestTTY",host["RequestTTY"],true) -}} ++{{ render_option("RequiredRSASize",host["RequiredRSASize"],true) -}} + {{ render_option("RevokedHostKeys",host["RevokedHostKeys"],true) -}} + {{ render_option("RhostsRSAAuthentication",host["RhostsRSAAuthentication"],true) -}} + {{ render_option("RSAAuthentication",host["RSAAuthentication"],true) -}} +@@ -354,6 +356,7 @@ Host {{ host["Condition"] }} + {{ body_option("RemoteCommand",ssh_RemoteCommand) -}} + {{ body_option("RemoteForward",ssh_RemoteForward) -}} + {{ body_option("RequestTTY",ssh_RequestTTY) -}} ++{{ body_option("RequiredRSASize",ssh_RequiredRSASize) -}} + {{ body_option("RevokedHostKeys",ssh_RevokedHostKeys) -}} + {{ body_option("RhostsRSAAuthentication",ssh_RhostsRSAAuthentication) -}} + {{ body_option("RSAAuthentication",ssh_RSAAuthentication) -}} +-- +2.37.3 + diff --git a/0001-sshd-Add-final-version-of-RequiredRSASize.patch b/0001-sshd-Add-final-version-of-RequiredRSASize.patch new file mode 100644 index 0000000..e1072c2 --- /dev/null +++ b/0001-sshd-Add-final-version-of-RequiredRSASize.patch @@ -0,0 +1,83 @@ +From 1408f489240dca04f086e4b32b253313eea28ea8 Mon Sep 17 00:00:00 2001 +From: Jakub Jelen +Date: Mon, 26 Sep 2022 15:26:12 +0200 +Subject: [PATCH] Add final version of RequiredRSASize + +Keep the old version for backward compatibility + +Upstream commit: +https://github.com/openssh/openssh-portable/commit/1875042c +--- + meta/options_body | 1 + + meta/options_match | 1 + + templates/sshd_config.j2 | 2 ++ + templates/sshd_config_snippet.j2 | 2 ++ + 4 files changed, 6 insertions(+) + +diff --git a/meta/options_body b/meta/options_body +index 8681269..23a00f4 100644 +--- a/meta/options_body ++++ b/meta/options_body +@@ -89,6 +89,7 @@ PubkeyAuthentication + RSAAuthentication + RSAMinSize + RekeyLimit ++RequiredRSASize + RevokedKeys + RDomain + RhostsRSAAuthentication +diff --git a/meta/options_match b/meta/options_match +index 6ef9214..5ec1413 100644 +--- a/meta/options_match ++++ b/meta/options_match +@@ -47,6 +47,7 @@ PubkeyAuthentication + RDomain + RekeyLimit + RevokedKeys ++RequiredRSASize + RhostsRSAAuthentication + RSAAuthentication + RSAMinSize +diff --git a/templates/sshd_config.j2 b/templates/sshd_config.j2 +index 2899f0a..a3b2465 100644 +--- a/templates/sshd_config.j2 ++++ b/templates/sshd_config.j2 +@@ -89,6 +89,7 @@ Match {{ match["Condition"] }} + {{ render_option("RDomain",match["RDomain"],true) -}} + {{ render_option("RekeyLimit",match["RekeyLimit"],true) -}} + {{ render_option("RevokedKeys",match["RevokedKeys"],true) -}} ++{{ render_option("RequiredRSASize",match["RequiredRSASize"],true) -}} + {{ render_option("RhostsRSAAuthentication",match["RhostsRSAAuthentication"],true) -}} + {{ render_option("RSAAuthentication",match["RSAAuthentication"],true) -}} + {{ render_option("RSAMinSize",match["RSAMinSize"],true) -}} +@@ -203,6 +204,7 @@ Match {{ match["Condition"] }} + {{ body_option("RSAAuthentication",sshd_RSAAuthentication) -}} + {{ body_option("RSAMinSize",sshd_RSAMinSize) -}} + {{ body_option("RekeyLimit",sshd_RekeyLimit) -}} ++{{ body_option("RequiredRSASize",sshd_RequiredRSASize) -}} + {{ body_option("RevokedKeys",sshd_RevokedKeys) -}} + {{ body_option("RDomain",sshd_RDomain) -}} + {{ body_option("RhostsRSAAuthentication",sshd_RhostsRSAAuthentication) -}} +diff --git a/templates/sshd_config_snippet.j2 b/templates/sshd_config_snippet.j2 +index 0ece8ed..a12cb3b 100644 +--- a/templates/sshd_config_snippet.j2 ++++ b/templates/sshd_config_snippet.j2 +@@ -88,6 +88,7 @@ Match {{ match["Condition"] }} + {{ render_option("RDomain",match["RDomain"],true) -}} + {{ render_option("RekeyLimit",match["RekeyLimit"],true) -}} + {{ render_option("RevokedKeys",match["RevokedKeys"],true) -}} ++{{ render_option("RequiredRSASize",match["RequiredRSASize"],true) -}} + {{ render_option("RhostsRSAAuthentication",match["RhostsRSAAuthentication"],true) -}} + {{ render_option("RSAAuthentication",match["RSAAuthentication"],true) -}} + {{ render_option("RSAMinSize",match["RSAMinSize"],true) -}} +@@ -202,6 +203,7 @@ Match {{ match["Condition"] }} + {{ body_option("RSAAuthentication",sshd_RSAAuthentication) -}} + {{ body_option("RSAMinSize",sshd_RSAMinSize) -}} + {{ body_option("RekeyLimit",sshd_RekeyLimit) -}} ++{{ body_option("RequiredRSASize",sshd_RequiredRSASize) -}} + {{ body_option("RevokedKeys",sshd_RevokedKeys) -}} + {{ body_option("RDomain",sshd_RDomain) -}} + {{ body_option("RhostsRSAAuthentication",sshd_RhostsRSAAuthentication) -}} +-- +2.37.3 + diff --git a/CHANGELOG.md b/CHANGELOG.md index 920d9b6..0530187 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,15 @@ Changelog ========= +[1.20.1] - 2022-09-27 +---------------------------- + +### New Features + +- [ssh,sshd - Sync on final OpenSSH option name RequiredRSASize in ssh and sshd roles](https://bugzilla.redhat.com/show_bug.cgi?id=2129875) + +### Bug Fixes + +- none [1.20.0] - 2022-08-09 ---------------------------- diff --git a/rhel-system-roles.spec b/rhel-system-roles.spec index cf4a858..28cc510 100644 --- a/rhel-system-roles.spec +++ b/rhel-system-roles.spec @@ -30,7 +30,7 @@ Name: linux-system-roles %endif Url: https://github.com/linux-system-roles Summary: Set of interfaces for unified system management -Version: 1.20.0 +Version: 1.20.1 Release: 1%{?dist} #Group: Development/Libraries @@ -249,6 +249,10 @@ Source998: collection_readme.sh Patch51: network-disable-bondtests.diff +Patch1501: 0001-sshd-Add-final-version-of-RequiredRSASize.patch + +Patch1601: 0001-ssh-Add-final-version-of-the-option-RequiredRSASize-53.patch + BuildArch: noarch %if %{with html} @@ -362,6 +366,14 @@ if [ "$rolesdir" != "$realrolesdir" ]; then fi cd .. +cd %{rolename15} +%patch1501 -p1 +cd .. + +cd %{rolename16} +%patch1601 -p1 +cd .. + %if 0%{?rhel} # Unpack tar.gz to retrieve to be vendored modules and place them in the roles library. # ansible.posix: @@ -745,6 +757,9 @@ fi %endif %changelog +* Tue Sep 27 2022 Rich Megginson - 1.20.1-1 +- Resolves:rhbz#2129875 : ssh,sshd - Sync on final OpenSSH option name RequiredRSASize in ssh and sshd roles + * Tue Aug 09 2022 Rich Megginson - 1.20.0-1 - Resolves:rhbz#2115159 : cockpit - Add customization of port - Resolves:rhbz#2100939 : firewall - RFE: firewall-system-role: add ability to add interface to zone by PCI device ID