Merged update from upstream sources

This is an automated DistroBaker update from upstream sources. If you do not know what this is about or would like to opt out, contact the OSCI team. Source: https://src.fedoraproject.org/rpms/openssh.git#557f728956f7a568a02eb8669b5d9d23def4ec7f
2020-12-01 11:11:19 +00:00 · 2020-12-01 11:11:19 +00:00 · f2cb8fc74b
commit f2cb8fc74b
parent 314f21a968
2 changed files with 9 additions and 5 deletions
--- a/openssh-7.7p1-redhat.patch
+++ b/openssh-7.7p1-redhat.patch
@ -86,7 +86,7 @@ diff -up openssh/sshd_config.redhat openssh/sshd_config
 diff -up openssh/sshd_config_redhat.redhat openssh/sshd_config_redhat
 --- openssh/sshd_config_redhat.redhat	2020-02-13 18:14:02.268006439 +0100
 +++ openssh/sshd_config_redhat	2020-02-13 18:19:20.765035947 +0100
-@@ -0,0 +1,29 @@
+@@ -0,0 +1,28 @@
 +# This system is following system-wide crypto policy. The changes to
 +# crypto properties (Ciphers, MACs, ...) will not have any effect in
 +# this or following included files. To override some configuration option,
@ -96,7 +96,6 @@ diff -up openssh/sshd_config_redhat.redhat openssh/sshd_config_redhat
 +
 +SyslogFacility AUTHPRIV
 +
-+PasswordAuthentication yes
 +ChallengeResponseAuthentication no
 +
 +GSSAPIAuthentication yes
--- a/openssh.spec
+++ b/openssh.spec
@ -51,7 +51,7 @@

 # Do not forget to bump pam_ssh_agent_auth release if you rewind the main package release to 1
 %global openssh_ver 8.4p1
-%global openssh_rel 3
+%global openssh_rel 4
 %global pam_ssh_agent_ver 0.10.4
 %global pam_ssh_agent_rel 1

@ -138,7 +138,7 @@ Patch713: openssh-6.6p1-ctr-cavstest.patch
 # add SSH KDF CAVS test driver
 Patch714: openssh-6.7p1-kdf-cavs.patch

-# GSSAPI Key Exchange (RFC 4462 + draft-ietf-curdle-gss-keyex-sha2-08)
+# GSSAPI Key Exchange (RFC 4462 + RFC 8732)
 # from https://github.com/openssh-gsskex/openssh-gsskex/tree/fedora/master
 Patch800: openssh-8.0p1-gssapi-keyex.patch
 #http://www.mail-archive.com/kerberos@mit.edu/msg17591.html
@ -225,7 +225,7 @@ BuildRequires: gcc make
 BuildRequires: p11-kit-devel
 BuildRequires: libfido2-devel
 Recommends: p11-kit
-Obsoletes: openssh-ldap <= 8.3p1-3
+Obsoletes: openssh-ldap < 8.3p1-4

 %if %{kerberos5}
 BuildRequires: krb5-devel
@ -669,6 +669,11 @@ test -f %{sysconfig_anaconda} && \
 %endif

 %changelog
+* Tue Dec 01 2020 Jakub Jelen <jjelen@redhat.com> - 8.4p1-4 + 0.10.4-1
+- Remove "PasswordAuthentication yes" from vendor configuration as it is
+  already default and it might be hard to override.
+- Fix broken obsoletes for openssh-ldap (#1902084)
+
 * Thu Nov 19 2020 Jakub Jelen <jjelen@redhat.com> - 8.4p1-3 + 0.10.4-1
 - Unbreak seccomp filter on arm (#1897712)
 - Add a workaround for Debian's broken OpenSSH (#1881301)