From ce2e80c1d01886820ef9290f5e810a1d88ed0dd2 Mon Sep 17 00:00:00 2001
From: Dmitry Belyavskiy <dbelyavs@redhat.com>
Date: Mon, 5 Aug 2024 13:03:20 +0200
Subject: [PATCH] sshd doesn't propose to enter password again when a
 non-existing user is specified

Resolves: RHEL-11981
---
 openssh-8.0p1-preserve-pam-errors.patch | 7 +++----
 openssh.spec                            | 8 ++++++--
 2 files changed, 9 insertions(+), 6 deletions(-)

diff --git a/openssh-8.0p1-preserve-pam-errors.patch b/openssh-8.0p1-preserve-pam-errors.patch
index dbdbe93..b7ab965 100644
--- a/openssh-8.0p1-preserve-pam-errors.patch
+++ b/openssh-8.0p1-preserve-pam-errors.patch
@@ -27,16 +27,15 @@ diff -up openssh-8.0p1/auth-pam.c.preserve-pam-errors openssh-8.0p1/auth-pam.c
  	else if (sshpam_maxtries_reached)
  		ssh_msg_send(ctxt->pam_csock, PAM_MAXTRIES, buffer);
  	else
-@@ -856,10 +862,12 @@ sshpam_query(void *ctx, char **name, cha
- 			plen++;
+@@ -856,9 +862,11 @@ sshpam_query(void *ctx, char **name, cha
  			free(msg);
  			break;
-+		case PAM_USER_UNKNOWN:
-+		case PAM_PERM_DENIED:
  		case PAM_ACCT_EXPIRED:
 +			sshpam_account_status = 0;
 +			/* FALLTHROUGH */
  		case PAM_MAXTRIES:
++		case PAM_USER_UNKNOWN:
++		case PAM_PERM_DENIED:
 -			if (type == PAM_ACCT_EXPIRED)
 -				sshpam_account_status = 0;
  			if (type == PAM_MAXTRIES)
diff --git a/openssh.spec b/openssh.spec
index da7a1fa..1710ce9 100644
--- a/openssh.spec
+++ b/openssh.spec
@@ -39,12 +39,12 @@
 %{?static_openssl:%global static_libcrypto 1}
 
 %global openssh_ver 9.8p1
-%global openssh_rel 2
+%global openssh_rel 3
 
 Summary: An open source implementation of SSH protocol version 2
 Name: openssh
 Version: %{openssh_ver}
-Release: %{openssh_rel}%{?dist}.0
+Release: %{openssh_rel}%{?dist}
 URL: http://www.openssh.com/portable.html
 Source0: ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-%{version}.tar.gz
 Source1: ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-%{version}.tar.gz.asc
@@ -653,6 +653,10 @@ test -f %{sysconfig_anaconda} && \
 %attr(0755,root,root) %{_libdir}/sshtest/sk-dummy.so
 
 %changelog
+* Mon Aug 05 2024 Dmitry Belyavskiy <dbelyavs@redhat.com> - 9.8p1-3
+- sshd doesn't propose to enter password again when a non-existing user is specified
+  Resolves: RHEL-11981
+
 * Fri Jul 26 2024 Dmitry Belyavskiy <dbelyavs@redhat.com> - 9.8p1-2.0
 - Temporary disabling self-test
   Related: RHEL-42635