From a0ec3ff9eeb70ea59081688dd74da52142fc0da5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?St=C3=A9phane=20Lesimple?= Date: Tue, 17 Sep 2024 09:37:44 +0000 Subject: [PATCH] release v3.16.99-rc2 --- contrib/git/pre-commit | 2 +- doc/CHANGELOG.md | 9 +++++++++ doc/sphinx/installation/upgrading.rst | 15 +++++++++------ lib/perl/OVH/Bastion.pm | 2 +- 4 files changed, 20 insertions(+), 8 deletions(-) diff --git a/contrib/git/pre-commit b/contrib/git/pre-commit index bf2928dcb..73ac164ee 100755 --- a/contrib/git/pre-commit +++ b/contrib/git/pre-commit @@ -105,7 +105,7 @@ for f in $(git diff --cached --name-only --diff-filter=ACM $against); do done # check versions and docs -ver=$(grep -F 'our $VERSION =' lib/perl/OVH/Bastion.pm | cut -d"'" -f2 | cut -d- -f1) +ver=$(grep -E '^our \$VERSION = .[0-9]+\.[0-9]+\.[0-9]+(-rc[0-9]+)?.;$' lib/perl/OVH/Bastion.pm | cut -d"'" -f2) if ! grep -Eq "^## v$ver - 202./[01][0-9]/.." doc/CHANGELOG.md; then echo echo "ERROR: detected version '$ver', but no matching entry in doc/CHANGELOG.md" diff --git a/doc/CHANGELOG.md b/doc/CHANGELOG.md index e7a226c2e..eca82c202 100644 --- a/doc/CHANGELOG.md +++ b/doc/CHANGELOG.md @@ -1,3 +1,12 @@ +## v3.16.99-rc2 - 2024/09/17 +feat: add rsync support through the ``--protocol rsync`` option in all plugins +feat: add ``--egress-session-multiplexing`` option to ``accountModify`` +feat: add ``groupSetServers`` to entirely change a group ACL in one shot +enh: add lock for group ACL change to avoid race conditions on busy bastions +enh: ``selfPlaySession``: remove sqliteLog.ttyrecfile dependency +chore: FreeBSD: ignore OS version mismatch with packages +chore: ``selfMFASetupPassword``: clearer message + ## v3.16.99-rc1 - 2024/07/04 feat: support wildcards in --user for ACL management plugins (fix #461) feat: accountFreeze: terminate running sessions if any diff --git a/doc/sphinx/installation/upgrading.rst b/doc/sphinx/installation/upgrading.rst index 6dd96e3d4..22cd70223 100644 --- a/doc/sphinx/installation/upgrading.rst +++ b/doc/sphinx/installation/upgrading.rst @@ -27,13 +27,12 @@ See the ``--help`` for a more fine-grained upgrade path if needed. Version-specific upgrade instructions ===================================== -v3.16.99-rc1 - 2024/07/04 +v3.16.99-rc2 - 2024/09/17 ************************* This release drops support for Ubuntu 16.04 and CentOS 7. If you're still using these EOL OS releases (which is obviously discouraged), proper functioning of The Bastion is no longer tested or guaranteed. - -This release adds official support for Ubuntu 24.04 LTS and OpenSUSE Leap 15.6, these were already working but +It also adds official support for Ubuntu 24.04 LTS and OpenSUSE Leap 15.6, these were already working but are now part of the integration tests. This release adds support of wildcards (also called "shell-style globbing characters"), namely ``?`` and ``*``, @@ -41,9 +40,13 @@ when using the ``--user`` option for plugins such as ``groupAddServer``, ``group ``groupDelGuestAccess``, ``accountAddPersonalAccess``, ``accountDelPersonalAccess``, ``selfAddPersonalAccess``, ``selfDelPersonalAccess``. -This release adds support of the ``sntrup761x25519-sha512@openssh.com`` KEX algorithm by default on shipped versions -of ``sshd_config`` and ``ssh_config``. If you're upgrading, these files won't be touched, so if you want to add -support, you'll need to modify them manually by prepending ``sntrup761x25519-sha512@openssh.com`` to the +We also deprecate all the ``--sftp``, ``--scpdown``, ``--scpup`` options that are now replaced by a more generic +``--protocol`` option, which supports ``sftp``, ``scpdown ``, ``scpup`` and now also ``rsync`` as parameters. +The use of rsync is similar to sftp and scp, and is detailed here: :doc:`/plugins/open/rsync`. + +Last but not least, the ``sntrup761x25519-sha512@openssh.com`` KEX algorithm is now enabled by default on shipped +versions of ``sshd_config`` and ``ssh_config``. If you're upgrading, these files won't be touched, so if you want to +add support, you'll need to modify them manually by prepending ``sntrup761x25519-sha512@openssh.com`` to the ``KexAlgorithms`` line. Verify that the OpenSSH version shipped by your OS does support it (run ``ssh -Q kex``). v3.16.01 - 2024/04/17 diff --git a/lib/perl/OVH/Bastion.pm b/lib/perl/OVH/Bastion.pm index 7bdb62426..49678b52b 100644 --- a/lib/perl/OVH/Bastion.pm +++ b/lib/perl/OVH/Bastion.pm @@ -5,7 +5,7 @@ use common::sense; use Fcntl; use POSIX qw(strftime); -our $VERSION = '3.16.99-rc1'; +our $VERSION = '3.16.99-rc2'; BEGIN { # only used by the handler below