+ * The 'gssapi_keyex' userauth mechanism.

  + */

  +static int

  +{

  +	Authctxt *authctxt = ssh->authctxt;

  +	int r, authenticated = 0;

   	else

   		logit("GSSAPI MIC check failed");

   	return 0;

   }

  +Authmethod method_gsskeyex = {

  +	"gssapi-keyex",

  +	userauth_gsskeyex,

  +	&options.gss_authentication

  +};

  +

   Authmethod method_gssapi = {

   	"gssapi-with-mic",

  diff --git a/auth2.c b/auth2.c

  index 0e776224..1c217268 100644

  --- a/auth2.c

  +#endif

  +

   		/* Buffer input from the connection.  */

  diff --git a/configure.ac b/configure.ac

  index b689db4b..efafb6bd 100644

  --- a/configure.ac

  +#ifdef GSSAPI

  +	free(kex->gss_host);

  +#endif /* GSSAPI */

   	free(kex->failed_choice);

  diff --git a/kex.h b/kex.h

  index a5ae6ac0..fe714141 100644

  +# endif

  +#endif /* WITH_OPENSSL */

   	ssh->kex->kex[KEX_C25519_SHA256] = kex_gen_client;

   	ssh->kex->verify_host_key=&verify_host_key_callback;

  +#if defined(GSSAPI) && defined(WITH_OPENSSL)

  # Do not forget to bump pam_ssh_agent_auth release if you rewind the main package release to 1

  %global openssh_ver 9.3p1

  %global pam_ssh_agent_ver 0.10.4

  %global pam_ssh_agent_rel 9

  Summary: An open source implementation of SSH protocol version 2

  Name: openssh

  Version: %{openssh_ver}

  URL: http://www.openssh.com/portable.html

  #URL1: https://github.com/jbeverly/pam_ssh_agent_auth/

  Source0: ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-%{version}.tar.gz

  %package -n pam_ssh_agent_auth

  Summary: PAM module for authentication with ssh-agent

  Version: %{pam_ssh_agent_ver}

  License: BSD

  %description

  %endif

  %changelog

  * Fri Jul 21 2023 Dmitry Belyavskiy <dbelyavs@redhat.com> - 9.3p1-5

  - Fix remote code execution in ssh-agent PKCS#11 support

    Resolves: CVE-2023-38408