Accepting request 563833 from home:pcerny:factory

- Replace forgotten references to /var/adm/fillup-templates with new %_fillupdir macro (boo#1069468) - tighten configuration access rights OBS-URL: https://build.opensuse.org/request/show/563833 OBS-URL: https://build.opensuse.org/package/show/network/openssh?expand=0&rev=130
2018-01-12 12:57:27 +00:00 · 2018-01-12 12:57:27 +00:00 · d8a13def71
commit d8a13def71
parent 13e1fadf84
2 changed files with 16 additions and 4 deletions
--- a/openssh.changes
+++ b/openssh.changes
@ -1,3 +1,10 @@
 -------------------------------------------------------------------
 Fri Jan 12 12:38:09 UTC 2018 - pcerny@suse.com
 - Replace forgotten references to /var/adm/fillup-templates
  with new %_fillupdir macro (boo#1069468)
 - tighten configuration access rights
 -------------------------------------------------------------------
 Fri Jan 12 00:38:37 CET 2018 - pcerny@suse.com
--- a/openssh.spec
+++ b/openssh.spec
@ -209,6 +209,7 @@ export LDFLAGS CFLAGS CXXFLAGS CPPFLAGS
 %endif
 %if %{uses_systemd}
    --with-pid-dir=/run \
    --with-systemd \
 %endif
    --with-ssl-engine \
    --with-pam \
@ -256,8 +257,8 @@ install -D -m 0755 %{SOURCE1} %{buildroot}%{_initddir}/sshd
 install -m 0644 %{SOURCE10} .
 ln -s ../..%{_initddir}/sshd %{buildroot}%{_sbindir}/rcsshd
 %endif
-install -d -m 755 %{buildroot}/var/adm/fillup-templates
+install -d -m 755 %{buildroot}%{_fillupdir}
-install -m 644 %{SOURCE8} %{buildroot}/var/adm/fillup-templates
+install -m 644 %{SOURCE8} %{buildroot}%{_fillupdir}
 # install shell script to automate the process of adding your public key to a remote machine
 install -m 755 contrib/ssh-copy-id %{buildroot}%{_bindir}
 install -m 644 contrib/ssh-copy-id.1 %{buildroot}%{_mandir}/man1
@ -309,6 +310,7 @@ getent passwd sshd >/dev/null || %{_sbindir}/useradd -r -g sshd -d /var/lib/sshd
 %else
 %{fillup_and_insserv -n ssh sshd}
 %endif
 %set_permissions /etc/ssh/sshd_config
 %preun
 %if %{uses_systemd}
@ -332,6 +334,9 @@ rpm -q openssh-fips >& /dev/null && DISABLE_RESTART_ON_UPDATE=yes
 %triggerin -n openssh-fips -- %{name} = %{version}-%{release}
 %restart_on_update sshd
 %verifyscript
 %verify_permissions -e /etc/ssh/sshd_config
 %files
 %defattr(-,root,root)
 %exclude %{_bindir}/ssh%{CHECKSUM_SUFFIX}
@ -343,7 +348,7 @@ rpm -q openssh-fips >& /dev/null && DISABLE_RESTART_ON_UPDATE=yes
 %attr(0755,root,root) %dir %{_sysconfdir}/ssh
 %attr(0600,root,root) %config(noreplace) %{_sysconfdir}/ssh/moduli
 %verify(not mode) %attr(0644,root,root) %config(noreplace) %{_sysconfdir}/ssh/ssh_config
-%verify(not mode) %attr(0640,root,root) %config(noreplace) %{_sysconfdir}/ssh/sshd_config
+%verify(not mode) %attr(0600,root,root) %config(noreplace) %{_sysconfdir}/ssh/sshd_config
 %attr(0644,root,root) %config(noreplace) %{_sysconfdir}/pam.d/sshd
 %if %{uses_systemd}
 %doc sshd.init
@ -362,7 +367,7 @@ rpm -q openssh-fips >& /dev/null && DISABLE_RESTART_ON_UPDATE=yes
 %attr(0444,root,root) %doc %{_mandir}/man8/*
 %dir %{_sysconfdir}/slp.reg.d
 %config %{_sysconfdir}/slp.reg.d/ssh.reg
-/var/adm/fillup-templates/sysconfig.ssh
+%{_fillupdir}/sysconfig.ssh
 %if %{has_fw_dir}
 %if %{needs_all_dirs}
 %dir %{_fwdir}