diff --git a/openssh-8.0p1-gssapi-keyex.patch b/openssh-8.0p1-gssapi-keyex.patch index e760f13..2f949b1 100644 --- a/openssh-8.0p1-gssapi-keyex.patch +++ b/openssh-8.0p1-gssapi-keyex.patch @@ -151,7 +151,7 @@ Index: openssh-9.6p1/auth2-gss.c + * The 'gssapi_keyex' userauth mechanism. + */ +static int -+userauth_gsskeyex(struct ssh *ssh) ++userauth_gsskeyex(struct ssh *ssh, const char *method) +{ + Authctxt *authctxt = ssh->authctxt; + int r, authenticated = 0; @@ -213,12 +213,13 @@ Index: openssh-9.6p1/auth2-gss.c else logit("GSSAPI MIC check failed"); -@@ -333,6 +377,12 @@ input_gssapi_mic(int type, u_int32_t ple +@@ -333,6 +377,13 @@ input_gssapi_mic(int type, u_int32_t ple return 0; } +Authmethod method_gsskeyex = { + "gssapi-keyex", ++ "NULL", + userauth_gsskeyex, + &options.gss_authentication +}; diff --git a/openssh.changes b/openssh.changes index eed4894..1331030 100644 --- a/openssh.changes +++ b/openssh.changes @@ -1,3 +1,21 @@ +------------------------------------------------------------------- +Mon Apr 15 13:21:50 UTC 2024 - Marcus Meissner + +- openssh-8.0p1-gssapi-keyex.patch: Added missing struct initializer, + added missing parameter (bsc#1222840) + +------------------------------------------------------------------- +Fri Apr 12 10:04:45 UTC 2024 - Antonio Larrosa + +- Make openssh-server recommend the openssh-server-config-rootlogin + package in SLE in order to keep the same behaviour of previous + SPs where the PermitRootLogin default was set to yes + (bsc#1221005). +- Fix crypto-policies requirement to be set by openssh-server, not + the config-rootlogin subpackage. +- Add back %config(noreplace) tag for more config files that were + already set like this in previous SPs. + ------------------------------------------------------------------- Thu Apr 11 06:35:21 UTC 2024 - Arnav Singh diff --git a/openssh.spec b/openssh.spec index 7e87b12..99c96b5 100644 --- a/openssh.spec +++ b/openssh.spec @@ -190,7 +190,11 @@ clients. Summary: SSH (Secure Shell) server Group: Productivity/Networking/SSH Requires: %{name}-common = %{version}-%{release} +Requires: crypto-policies >= 20220824 Recommends: audit +%if 0%{?suse_version} == 1500 +Recommends: openssh-server-config-rootlogin +%endif Requires(pre): findutils Requires(pre): grep Requires(post): %fillup_prereq @@ -213,7 +217,6 @@ securely connect to your server. %package server-config-rootlogin Summary: Config to permit root logins to sshd Group: Productivity/Networking/SSH -Requires: crypto-policies >= 20220824 Requires: %{name}-server = %{version}-%{release} %description server-config-rootlogin @@ -485,7 +488,7 @@ test -f /etc/ssh/ssh_config.rpmsave && mv -v /etc/ssh/ssh_config.rpmsave /etc/ss %attr(0755,root,root) %dir %{_distconfdir}/ssh/ssh_config.d %else %attr(0755,root,root) %dir %{_sysconfdir}/ssh -%attr(0600,root,root) %{_sysconfdir}/ssh/moduli +%attr(0600,root,root) %config(noreplace) %{_sysconfdir}/ssh/moduli %attr(0755,root,root) %dir %{_sysconfdir}/ssh/ssh_config.d %endif %attr(0444,root,root) %{_mandir}/man1/ssh-keygen.1* @@ -533,7 +536,7 @@ test -f /etc/ssh/ssh_config.rpmsave && mv -v /etc/ssh/ssh_config.rpmsave /etc/ss %if %{defined _distconfdir} %{_distconfdir}/ssh/sshd_config.d/50-permit-root-login.conf %else -%{_sysconfdir}/ssh/sshd_config.d/50-permit-root-login.conf +%config(noreplace) %{_sysconfdir}/ssh/sshd_config.d/50-permit-root-login.conf %endif %files clients @@ -542,7 +545,7 @@ test -f /etc/ssh/ssh_config.rpmsave && mv -v /etc/ssh/ssh_config.rpmsave /etc/ss %if %{defined _distconfdir} %attr(0644,root,root) %{_distconfdir}/ssh/ssh_config %else -%attr(0644,root,root) %{_sysconfdir}/ssh/ssh_config +%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/ssh/ssh_config %endif %attr(0755,root,root) %{_bindir}/ssh %attr(0755,root,root) %{_bindir}/scp*