Fix incorrect claim about SSH_AUTH_SOCK in pam_ssh_agent_auth manual page

Resolves: RHEL-122302 Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>
2026-03-17 12:37:09 +01:00 · 2026-03-17 12:37:09 +01:00 · 3aa56f0911
commit 3aa56f0911
parent 59346084f6
2 changed files with 18 additions and 2 deletions
--- a/openssh.spec
+++ b/openssh.spec
@ -49,7 +49,7 @@
 %global openssh_ver 9.9p1
 %global openssh_rel 5
 %global pam_ssh_agent_ver 0.10.4
-%global pam_ssh_agent_rel 7
+%global pam_ssh_agent_rel 8

 Summary: An open source implementation of SSH protocol version 2
 Name: openssh
@ -104,6 +104,8 @@ Patch306: pam_ssh_agent_auth-0.10.2-compat.patch
 Patch307: pam_ssh_agent_auth-0.10.2-dereference.patch
 # https://bugzilla.redhat.com/show_bug.cgi?id=2070113
 Patch308: pam_ssh_agent_auth-0.10.4-rsasha2.patch
+# fix manual page claiming SSH_AUTH_SOCK not being required by newer sudo
+Patch309: pam_ssh_agent_auth-0.10.4-doc.patch

 #https://bugzilla.mindrot.org/show_bug.cgi?id=1641 (WONTFIX)
 Patch400: openssh-7.8p1-role-mls.patch
@ -380,6 +382,7 @@ pushd pam_ssh_agent_auth-pam_ssh_agent_auth-%{pam_ssh_agent_ver}
 %patch305 -p2 -b .psaa-agent
 %patch307 -p2 -b .psaa-deref
 %patch308 -p2 -b .rsasha2
+%patch309 -p2 -b .psaa-doc
 # Remove duplicate headers and library files
 rm -f $(cat %{SOURCE5})
 popd
@ -748,10 +751,12 @@ test -f %{sysconfig_anaconda} && \
 %endif

 %changelog
-* Mon Mar 16 2026 Zoltan Fridrich <zfridric@redhat.com> - 9.9p1-5
+* Mon Mar 16 2026 Zoltan Fridrich <zfridric@redhat.com> - 9.9p1-5 + 0.10.4-8
 - CVE-2026-3497: Fix information disclosure or denial of service due
  to uninitialized variables in gssapi-keyex
  Resolves: RHEL-155825
+- Fix incorrect claim about SSH_AUTH_SOCK in pam_ssh_agent_auth manual page
+  Resolves: RHEL-122302

 * Wed Feb 25 2026 Dmitry Belyavskiy <dbelyavs@redhat.com> - 9.9p1-4
 - Provide a way to skip unsupported ML-KEM hybrid algorithms in FIPS mode
--- a/pam_ssh_agent_auth-0.10.4-doc.patch
+++ b/pam_ssh_agent_auth-0.10.4-doc.patch
@ -0,0 +1,11 @@
+diff --color -ruNp a/pam_ssh_agent_auth-pam_ssh_agent_auth-0.10.4/pam_ssh_agent_auth.pod b/pam_ssh_agent_auth-pam_ssh_agent_auth-0.10.4/pam_ssh_agent_auth.pod
+--- a/pam_ssh_agent_auth-pam_ssh_agent_auth-0.10.4/pam_ssh_agent_auth.pod	2019-07-08 18:36:13.000000000 +0200
+++ b/pam_ssh_agent_auth-pam_ssh_agent_auth-0.10.4/pam_ssh_agent_auth.pod	2026-03-17 12:24:44.462364449 +0100
+@@ -18,7 +18,6 @@ This module provides authentication via
+ 
+ =item /etc/sudoers:
+  
+-In older versions of sudo (< 1.8.5) it was necessary to set:
+  Defaults    env_keep += "SSH_AUTH_SOCK"
+ 
+ =back