Accepting request 1167856 from network

OBS-URL: https://build.opensuse.org/request/show/1167856
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/openssh?expand=0&rev=174

openssh-8.0p1-gssapi-keyex.patch

@@ -151,7 +151,7 @@ Index: openssh-9.6p1/auth2-gss.c
 + * The 'gssapi_keyex' userauth mechanism.
 + */
 +static int
-+userauth_gsskeyex(struct ssh *ssh)
++userauth_gsskeyex(struct ssh *ssh, const char *method)
 +{
 +	Authctxt *authctxt = ssh->authctxt;
 +	int r, authenticated = 0;
@@ -213,12 +213,13 @@ Index: openssh-9.6p1/auth2-gss.c
  	else
  		logit("GSSAPI MIC check failed");
  
-@@ -333,6 +377,12 @@ input_gssapi_mic(int type, u_int32_t ple
+@@ -333,6 +377,13 @@ input_gssapi_mic(int type, u_int32_t ple
  	return 0;
  }
  
 +Authmethod method_gsskeyex = {
 +	"gssapi-keyex",
++	"NULL",
 +	userauth_gsskeyex,
 +	&options.gss_authentication
 +};

openssh.changes

@@ -1,3 +1,21 @@
+-------------------------------------------------------------------
+Mon Apr 15 13:21:50 UTC 2024 - Marcus Meissner <meissner@suse.com>
+
+- openssh-8.0p1-gssapi-keyex.patch: Added missing struct initializer,
+  added missing parameter (bsc#1222840)
+
+-------------------------------------------------------------------
+Fri Apr 12 10:04:45 UTC 2024 - Antonio Larrosa <alarrosa@suse.com>
+
+- Make openssh-server recommend the openssh-server-config-rootlogin
+  package in SLE in order to keep the same behaviour of previous
+  SPs where the PermitRootLogin default was set to yes
+  (bsc#1221005).
+- Fix crypto-policies requirement to be set by openssh-server, not
+  the config-rootlogin subpackage.
+- Add back %config(noreplace) tag for more config files that were
+  already set like this in previous SPs.
+
 -------------------------------------------------------------------
 Thu Apr 11 06:35:21 UTC 2024 - Arnav Singh <opensuse@arnavion.dev>
 

openssh.spec

@@ -190,7 +190,11 @@ clients.
 Summary:        SSH (Secure Shell) server
 Group:          Productivity/Networking/SSH
 Requires:       %{name}-common = %{version}-%{release}
+Requires:       crypto-policies >= 20220824
 Recommends:     audit
+%if 0%{?suse_version} == 1500
+Recommends:     openssh-server-config-rootlogin
+%endif
 Requires(pre):  findutils
 Requires(pre):  grep
 Requires(post): %fillup_prereq
@@ -213,7 +217,6 @@ securely connect to your server.
 %package server-config-rootlogin
 Summary:        Config to permit root logins to sshd
 Group:          Productivity/Networking/SSH
-Requires:       crypto-policies >= 20220824
 Requires:       %{name}-server = %{version}-%{release}
 
 %description server-config-rootlogin
@@ -485,7 +488,7 @@ test -f /etc/ssh/ssh_config.rpmsave && mv -v /etc/ssh/ssh_config.rpmsave /etc/ss
 %attr(0755,root,root) %dir %{_distconfdir}/ssh/ssh_config.d
 %else
 %attr(0755,root,root) %dir %{_sysconfdir}/ssh
-%attr(0600,root,root) %{_sysconfdir}/ssh/moduli
+%attr(0600,root,root) %config(noreplace) %{_sysconfdir}/ssh/moduli
 %attr(0755,root,root) %dir %{_sysconfdir}/ssh/ssh_config.d
 %endif
 %attr(0444,root,root) %{_mandir}/man1/ssh-keygen.1*
@@ -533,7 +536,7 @@ test -f /etc/ssh/ssh_config.rpmsave && mv -v /etc/ssh/ssh_config.rpmsave /etc/ss
 %if %{defined _distconfdir}
 %{_distconfdir}/ssh/sshd_config.d/50-permit-root-login.conf
 %else
-%{_sysconfdir}/ssh/sshd_config.d/50-permit-root-login.conf
+%config(noreplace) %{_sysconfdir}/ssh/sshd_config.d/50-permit-root-login.conf
 %endif
 
 %files clients
@@ -542,7 +545,7 @@ test -f /etc/ssh/ssh_config.rpmsave && mv -v /etc/ssh/ssh_config.rpmsave /etc/ss
 %if %{defined _distconfdir}
 %attr(0644,root,root) %{_distconfdir}/ssh/ssh_config
 %else
-%attr(0644,root,root) %{_sysconfdir}/ssh/ssh_config
+%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/ssh/ssh_config
 %endif
 %attr(0755,root,root) %{_bindir}/ssh
 %attr(0755,root,root) %{_bindir}/scp*