From f2cb8fc74b4954d67d720a7d7afa8706efaf9d59 Mon Sep 17 00:00:00 2001 From: DistroBaker Date: Dec 01 2020 11:11:19 +0000 Subject: Merged update from upstream sources This is an automated DistroBaker update from upstream sources. If you do not know what this is about or would like to opt out, contact the OSCI team. Source: https://src.fedoraproject.org/rpms/openssh.git#557f728956f7a568a02eb8669b5d9d23def4ec7f --- diff --git a/openssh-7.7p1-redhat.patch b/openssh-7.7p1-redhat.patch index 6011593..fcda6c6 100644 --- a/openssh-7.7p1-redhat.patch +++ b/openssh-7.7p1-redhat.patch @@ -86,7 +86,7 @@ diff -up openssh/sshd_config.redhat openssh/sshd_config diff -up openssh/sshd_config_redhat.redhat openssh/sshd_config_redhat --- openssh/sshd_config_redhat.redhat 2020-02-13 18:14:02.268006439 +0100 +++ openssh/sshd_config_redhat 2020-02-13 18:19:20.765035947 +0100 -@@ -0,0 +1,29 @@ +@@ -0,0 +1,28 @@ +# This system is following system-wide crypto policy. The changes to +# crypto properties (Ciphers, MACs, ...) will not have any effect in +# this or following included files. To override some configuration option, @@ -96,7 +96,6 @@ diff -up openssh/sshd_config_redhat.redhat openssh/sshd_config_redhat + +SyslogFacility AUTHPRIV + -+PasswordAuthentication yes +ChallengeResponseAuthentication no + +GSSAPIAuthentication yes diff --git a/openssh.spec b/openssh.spec index feba23f..578a2eb 100644 --- a/openssh.spec +++ b/openssh.spec @@ -51,7 +51,7 @@ # Do not forget to bump pam_ssh_agent_auth release if you rewind the main package release to 1 %global openssh_ver 8.4p1 -%global openssh_rel 3 +%global openssh_rel 4 %global pam_ssh_agent_ver 0.10.4 %global pam_ssh_agent_rel 1 @@ -138,7 +138,7 @@ Patch713: openssh-6.6p1-ctr-cavstest.patch # add SSH KDF CAVS test driver Patch714: openssh-6.7p1-kdf-cavs.patch -# GSSAPI Key Exchange (RFC 4462 + draft-ietf-curdle-gss-keyex-sha2-08) +# GSSAPI Key Exchange (RFC 4462 + RFC 8732) # from https://github.com/openssh-gsskex/openssh-gsskex/tree/fedora/master Patch800: openssh-8.0p1-gssapi-keyex.patch #http://www.mail-archive.com/kerberos@mit.edu/msg17591.html @@ -225,7 +225,7 @@ BuildRequires: gcc make BuildRequires: p11-kit-devel BuildRequires: libfido2-devel Recommends: p11-kit -Obsoletes: openssh-ldap <= 8.3p1-3 +Obsoletes: openssh-ldap < 8.3p1-4 %if %{kerberos5} BuildRequires: krb5-devel @@ -669,6 +669,11 @@ test -f %{sysconfig_anaconda} && \ %endif %changelog +* Tue Dec 01 2020 Jakub Jelen - 8.4p1-4 + 0.10.4-1 +- Remove "PasswordAuthentication yes" from vendor configuration as it is + already default and it might be hard to override. +- Fix broken obsoletes for openssh-ldap (#1902084) + * Thu Nov 19 2020 Jakub Jelen - 8.4p1-3 + 0.10.4-1 - Unbreak seccomp filter on arm (#1897712) - Add a workaround for Debian's broken OpenSSH (#1881301)