Merge remote-tracking branch 'up/f33' into f33-riscv64

Signed-off-by: David Abdurachmanov <david.abdurachmanov@gmail.com>

openssh-8.0p1-pkcs11-uri.patch

@@ -2159,12 +2159,13 @@ index a302c79c..879fe917 100644
  	if (rv != CKR_OK) {
  		error("C_GetAttributeValue failed: %lu", rv);
  		return (NULL);
-@@ -717,18 +874,19 @@ pkcs11_fetch_ecdsa_pubkey(struct pkcs11_provider *p, CK_ULONG slotidx,
+@@ -717,19 +874,19 @@ pkcs11_fetch_ecdsa_pubkey(struct pkcs11_provider *p, CK_ULONG slotidx,
+ 	 * ensure that none of the others are zero length.
  	 * XXX assumes CKA_ID is always first.
  	 */
- 	if (key_attr[1].ulValueLen == 0 ||
+-	if (key_attr[1].ulValueLen == 0 ||
 -	    key_attr[2].ulValueLen == 0) {
-+	    key_attr[2].ulValueLen == 0 ||
++	if (key_attr[2].ulValueLen == 0 ||
 +	    key_attr[3].ulValueLen == 0) {
  		error("invalid attribute length");
  		return (NULL);
@@ -2259,12 +2260,13 @@ index a302c79c..879fe917 100644
  	if (rv != CKR_OK) {
  		error("C_GetAttributeValue failed: %lu", rv);
  		return (NULL);
-@@ -838,18 +998,19 @@ pkcs11_fetch_rsa_pubkey(struct pkcs11_provider *p, CK_ULONG slotidx,
+@@ -838,19 +998,19 @@ pkcs11_fetch_rsa_pubkey(struct pkcs11_provider *p, CK_ULONG slotidx,
+ 	 * ensure that none of the others are zero length.
  	 * XXX assumes CKA_ID is always first.
  	 */
- 	if (key_attr[1].ulValueLen == 0 ||
+-	if (key_attr[1].ulValueLen == 0 ||
 -	    key_attr[2].ulValueLen == 0) {
-+	    key_attr[2].ulValueLen == 0 ||
++	if (key_attr[2].ulValueLen == 0 ||
 +	    key_attr[3].ulValueLen == 0) {
  		error("invalid attribute length");
  		return (NULL);

openssh.spec

@@ -51,14 +51,14 @@
 
 # Do not forget to bump pam_ssh_agent_auth release if you rewind the main package release to 1
 %global openssh_ver 8.4p1
-%global openssh_rel 4
+%global openssh_rel 5
 %global pam_ssh_agent_ver 0.10.4
 %global pam_ssh_agent_rel 1
 
 Summary: An open source implementation of SSH protocol version 2
 Name: openssh
 Version: %{openssh_ver}
-Release: %{openssh_rel}%{?dist}
+Release: %{openssh_rel}.0.riscv64%{?dist}
 URL: http://www.openssh.com/portable.html
 #URL1: https://github.com/jbeverly/pam_ssh_agent_auth/
 Source0: ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-%{version}.tar.gz
@@ -274,7 +274,7 @@ Requires: openssh = %{version}-%{release}
 %package -n pam_ssh_agent_auth
 Summary: PAM module for authentication with ssh-agent
 Version: %{pam_ssh_agent_ver}
-Release: %{pam_ssh_agent_rel}.%{openssh_rel}%{?dist}.2
+Release: %{pam_ssh_agent_rel}.%{openssh_rel}.0.riscv64%{?dist}.2
 License: BSD
 
 %description
@@ -451,7 +451,11 @@ fi
 	--with-pam \
 %if %{WITH_SELINUX}
 	--with-selinux --with-audit=linux \
+%ifnarch riscv64
 	--with-sandbox=seccomp_filter \
+%else
+	--with-sandbox=no \
+%endif
 %endif
 %if %{kerberos5}
 	--with-kerberos5${krb5_prefix:+=${krb5_prefix}} \
@@ -669,6 +673,12 @@ test -f %{sysconfig_anaconda} && \
 %endif
 
 %changelog
+* Thu May 06 2021 David Abdurachmanov <david.abdurachmanov@gmail.com> - 8.4p1-5 + 0.10.4-1.0.riscv64
+- Dissable seccomp_filter on riscv64
+
+* Wed Feb 03 2021 Jakub Jelen <jjelen@redhat.com> - 8.4p1-5 + 0.10.4-1
+- Accept empty labels for keys from PKCS#11 (#1919007)
+
 * Tue Dec 01 2020 Jakub Jelen <jjelen@redhat.com> - 8.4p1-4 + 0.10.4-1
 - Remove "PasswordAuthentication yes" from vendor configuration as it is
   already default and it might be hard to override.