Accepting request 668656 from home:pmonrealgonzalez:branches:network

- Move ssh-ldap* man pages into openssh-helpers [bsc#1051531] - Allow root login by default [bsc#1118114, bsc#1121196] * Added/updated previous patch openssh-7.7p1-allow_root_password_login.patch - Added SLE conditionals in the spec files: * Keep gtk2-devel in openssh-askpass-gnome in SLE * Keep krb5-mini-devel in SLE - Removed obsolete configure options: * SSH protocol 1 --with-ssh1 * Smart card --with-opensc - Cleaned spec file with spec-cleaner OBS-URL: https://build.opensuse.org/request/show/668656 OBS-URL: https://build.opensuse.org/package/show/network/openssh?expand=0&rev=172
2019-01-28 08:02:07 +00:00 · 2019-01-28 08:02:07 +00:00 · ed403ddfcd
commit ed403ddfcd
parent be528d6e10
4 changed files with 108 additions and 3 deletions
--- a/openssh-7.7p1-allow_root_password_login.patch
+++ b/openssh-7.7p1-allow_root_password_login.patch
@ -0,0 +1,59 @@
 # HG changeset patch
 # Parent  af43d436bc7fe818dd976c923ad99b89051eb299
 Allow root login with password by default. While less secure than upstream
 default of forbidding access to the root account with a password, we are
 temporarily introducing this change to keep the default used in older OpenSSH
 versions shipped with SLE.
 Index: openssh-7.9p1/servconf.c
 ===================================================================
 --- openssh-7.9p1.orig/servconf.c
 +++ openssh-7.9p1/servconf.c
@@ -292,7 +292,7 @@ fill_default_server_options(ServerOption
 	if (options->login_grace_time == -1)
 		options->login_grace_time = 120;
 	if (options->permit_root_login == PERMIT_NOT_SET)
 -		options->permit_root_login = PERMIT_NO_PASSWD;
 +		options->permit_root_login = PERMIT_YES;
 	if (options->ignore_rhosts == -1)
 		options->ignore_rhosts = 1;
 	if (options->ignore_user_known_hosts == -1)
 Index: openssh-7.9p1/sshd_config
 ===================================================================
 --- openssh-7.9p1.orig/sshd_config
 +++ openssh-7.9p1/sshd_config
@@ -29,7 +29,7 @@
 # Authentication:
 #LoginGraceTime 2m
 -#PermitRootLogin prohibit-password
 +PermitRootLogin yes
 #StrictModes yes
 #MaxAuthTries 6
 #MaxSessions 10
 Index: openssh-7.9p1/sshd_config.0
 ===================================================================
 --- openssh-7.9p1.orig/sshd_config.0
 +++ openssh-7.9p1/sshd_config.0
@@ -749,7 +749,7 @@ DESCRIPTION
      PermitRootLogin
              Specifies whether root can log in using ssh(1).  The argument
              must be yes, prohibit-password, forced-commands-only, or no.  The
 -             default is prohibit-password.
 +             default is yes.
              If this option is set to prohibit-password (or its deprecated
              alias, without-password), password and keyboard-interactive
 Index: openssh-7.9p1/sshd_config.5
 ===================================================================
 --- openssh-7.9p1.orig/sshd_config.5
 +++ openssh-7.9p1/sshd_config.5
@@ -1285,7 +1285,7 @@ The argument must be
 or
 .Cm no .
 The default is
 -.Cm prohibit-password .
 +.Cm yes .
 .Pp
 If this option is set to
 .Cm prohibit-password
--- a/openssh-askpass-gnome.spec
+++ b/openssh-askpass-gnome.spec
@ -26,7 +26,11 @@ Group:          Productivity/Networking/SSH
 URL:            http://www.openssh.com/
 Source:         http://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/%{_name}-%{version}.tar.gz
 Source42:       http://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/%{_name}-%{version}.tar.gz.asc
 %if 0%{?suse_version} >= 1550
 BuildRequires:  gtk3-devel
 %else
 BuildRequires:  gtk2-devel
 %endif
 Requires:       %{_name} = %{version}
 %description
@ -40,11 +44,19 @@ GNOME-based passphrase dialog for OpenSSH.
 %build
 cd contrib
 export CFLAGS="%{optflags}"
 %if 0%{?suse_version} >= 1550
 make %{?_smp_mflags} gnome-ssh-askpass3
 %else
 make %{?_smp_mflags} gnome-ssh-askpass2
 %endif
 %install
 install -d -m 755 %{buildroot}%{_libexecdir}/ssh/
 %if 0%{?suse_version} >= 1550
 install contrib/gnome-ssh-askpass3 %{buildroot}%{_libexecdir}/ssh/gnome-ssh-askpass
 %else
 install contrib/gnome-ssh-askpass2 %{buildroot}%{_libexecdir}/ssh/gnome-ssh-askpass
 %endif
 %files
 %dir %{_libexecdir}/ssh
--- a/openssh.changes
+++ b/openssh.changes
@ -1,3 +1,25 @@
 -------------------------------------------------------------------
 Fri Jan 25 12:42:54 UTC 2019 - Pedro Monreal Gonzalez <pmonrealgonzalez@suse.com>
 - Move ssh-ldap* man pages into openssh-helpers [bsc#1051531]
 -------------------------------------------------------------------
 Thu Jan 24 15:51:19 UTC 2019 - Pedro Monreal Gonzalez <pmonrealgonzalez@suse.com>
 - Allow root login by default [bsc#1118114, bsc#1121196]
  * Added/updated previous patch openssh-7.7p1-allow_root_password_login.patch
 -------------------------------------------------------------------
 Thu Jan 24 12:21:40 UTC 2019 - Pedro Monreal Gonzalez <pmonrealgonzalez@suse.com>
 - Added SLE conditionals in the spec files:
  * Keep gtk2-devel in openssh-askpass-gnome in SLE
  * Keep krb5-mini-devel in SLE
 - Removed obsolete configure options:
  * SSH protocol 1 --with-ssh1
  * Smart card --with-opensc
 - Cleaned spec file with spec-cleaner
 -------------------------------------------------------------------
 Wed Jan 16 14:11:29 UTC 2019 - Pedro Monreal Gonzalez <pmonrealgonzalez@suse.com>
--- a/openssh.spec
+++ b/openssh.spec
@ -17,9 +17,12 @@
 %define sandbox_seccomp 0
-%ifnarch ppc
+%if 0%{?suse_version} > 1220
 %define sandbox_seccomp 1
 %endif
 %ifarch ppc
 %define sandbox_seccomp 0
 %endif
 %if 0%{?suse_version} >= 1500
 %bcond_without tirpc
@ -56,6 +59,7 @@ Source9:        sshd-gen-keys-start
 Source10:       sshd.service
 Source11:       README.FIPS
 Source12:       cavs_driver-ssh.pl
 Patch0:         openssh-7.7p1-allow_root_password_login.patch
 Patch1:         openssh-7.7p1-X11_trusted_forwarding.patch
 Patch3:         openssh-7.7p1-enable_PAM_by_default.patch
 Patch4:         openssh-7.7p1-eal3.patch
@ -111,9 +115,8 @@ BuildRequires:  openssl-devel
 BuildRequires:  pam-devel
 BuildRequires:  pkgconfig
 BuildRequires:  zlib-devel
 BuildRequires:  pkgconfig(krb5)
 BuildRequires:  pkgconfig(libsystemd)
-Requires(post): %{fillup_prereq}
+Requires(post): %fillup_prereq
 Requires(pre):  pwdutils
 Recommends:     %{name}-helpers = %{version}-%{release}
 Recommends:     audit
@ -125,6 +128,11 @@ Conflicts:      nonfreessh
 %if %{with tirpc}
 BuildRequires:  libtirpc-devel
 %endif
 %if 0%{?suse_version} >= 1550
 BuildRequires:  pkgconfig(krb5)
 %else
 BuildRequires:  krb5-mini-devel
 %endif
 %description
 SSH (Secure Shell) is a program for logging into and executing commands
@ -305,6 +313,8 @@ rpm -q openssh-fips >& /dev/null && DISABLE_RESTART_ON_UPDATE=yes
 %attr(0444,root,root) %{_mandir}/man1/*
 %attr(0444,root,root) %{_mandir}/man5/*
 %attr(0444,root,root) %{_mandir}/man8/*
 %exclude %{_mandir}/man5/ssh-ldap*
 %exclude %{_mandir}/man8/ssh-ldap*
 %dir %{_sysconfdir}/slp.reg.d
 %config %{_sysconfdir}/slp.reg.d/ssh.reg
 %{_fillupdir}/sysconfig.ssh
@ -317,6 +327,8 @@ rpm -q openssh-fips >& /dev/null && DISABLE_RESTART_ON_UPDATE=yes
 %verify(not mode) %attr(0644,root,root) %config(noreplace) %{_sysconfdir}/ssh/ldap.conf
 %attr(0755,root,root) %dir %{_libexecdir}/ssh
 %attr(0755,root,root) %{_libexecdir}/ssh/ssh-ldap*
 %attr(0444,root,root) %{_mandir}/man5/ssh-ldap*
 %attr(0444,root,root) %{_mandir}/man8/ssh-ldap*
 %doc HOWTO.ldap-keys openssh-lpk-openldap.schema openssh-lpk-sun.schema
 %files fips