- Add a const to the openssl 1.1/RSA section of sshkey_is_private

to keep it similar to what it used before the 9.9 rebase:
  * openssh-8.1p1-audit.patch
- Add a openssl11 bcond to the spec file for the SLE12 case
  instead of checking suse_version in different parts.
- Move conditional patches to a number >= 1000.

OBS-URL: https://build.opensuse.org/package/show/network/openssh?expand=0&rev=276

openssh-8.1p1-audit.patch

@@ -2289,7 +2289,7 @@ Index: openssh-8.9p1/sshkey.c
 +# else /* OPENSSL < 3.0.0 */
 +      case KEY_RSA_CERT:
 +      case KEY_RSA: {
-+              BIGNUM *d = NULL;
++              const BIGNUM *d = NULL;
 +              RSA *rsakey = EVP_PKEY_get0_RSA(k->pkey);
 +              if (rsakey)
 +                  RSA_get0_key(rsakey, NULL, NULL, &d);

openssh.changes

@@ -1,3 +1,13 @@
+-------------------------------------------------------------------
+Wed Sep 25 10:45:17 UTC 2024 - Antonio Larrosa <alarrosa@suse.com>
+
+- Add a const to the openssl 1.1/RSA section of sshkey_is_private
+  to keep it similar to what it used before the 9.9 rebase:
+  * openssh-8.1p1-audit.patch
+- Add a openssl11 bcond to the spec file for the SLE12 case
+  instead of checking suse_version in different parts.
+- Move conditional patches to a number >= 1000.
+
 -------------------------------------------------------------------
 Mon Sep 23 06:16:59 UTC 2024 - Antonio Larrosa <alarrosa@suse.com>
 

openssh.spec

@@ -40,6 +40,12 @@
 %bcond_with crypto_policies
 %endif
 
+%if 0%{?suse_version} < 1500
+%bcond_without openssl11
+%else
+%bcond_with openssl11
+%endif
+
 #Compat macro for new _fillupdir macro introduced in Nov 2017
 %if ! %{defined _fillupdir}
   %define _fillupdir %{_localstatedir}/adm/fillup-templates
@@ -132,15 +138,18 @@ Patch103:       openssh-6.6p1-privsep-selinux.patch
 Patch104:       openssh-6.6p1-keycat.patch
 Patch105:       openssh-6.6.1p1-selinux-contexts.patch
 Patch106:       openssh-7.6p1-cleanup-selinux.patch
-%if 0%{with crypto_policies}
+# 200 - 300  --  Patches submitted to upstream
-# PATCH-FIX-OPENSUSE bsc#1211301 Add crypto-policies support
-Patch107:       openssh-9.6p1-crypto-policies.patch
-Patch108:       openssh-9.6p1-crypto-policies-man.patch
-%endif
 # PATCH-FIX-UPSTREAM -- https://github.com/openssh/openssh-portable/pull/452 boo#1229010
-Patch111:       0001-auth-pam-Immediately-report-instructions-to-clients-and-fix-handling-in-ssh-client.patch
+Patch200:       0001-auth-pam-Immediately-report-instructions-to-clients-and-fix-handling-in-ssh-client.patch
+# 1000 - 2000  --  Conditional patches
+# PATCH-FIX-OPENSUSE bsc#1211301 Add crypto-policies support
+%if 0%{with crypto_policies}
+Patch1000:      openssh-9.6p1-crypto-policies.patch
+Patch1001:      openssh-9.6p1-crypto-policies-man.patch
+%endif
 %if 0%{with allow_root_password_login_by_default}
-Patch1000:      openssh-7.7p1-allow_root_password_login.patch
+# PATCH-FIX-SLE Allow root login with password by default (for SLE12 and SLE15)
+Patch1002:      openssh-7.7p1-allow_root_password_login.patch
 %endif
 BuildRequires:  audit-devel
 BuildRequires:  automake
@@ -153,7 +162,7 @@ BuildRequires:  libselinux-devel
 %if %{with ldap}
 BuildRequires:  openldap2-devel
 %endif
-%if 0%{?suse_version} < 1500 
+%if 0%{with openssl11}
 BuildRequires:  libopenssl-1_1-devel
 BuildRequires:  openssl-1_1
 %else
@@ -473,7 +482,7 @@ install -m 644 %{SOURCE14} %{buildroot}%{_sysusersdir}/sshd.conf
 #
 # this shows up earlier because otherwise the %%expand of
 # the macro is too late.
-%if 0%{?suse_version} < 1500 
+%if 0%{with openssl11}
 %define opensslbin openssl-1_1
 %else
 %define opensslbin openssl