Bug 1227350

Summary: the installed openssh-server-config-rootlogin-9.6p1-150600.2.7.x86_64 requires 'openssh-server = 9.6p1-150600.2.7', but this requirement cannot be provided
Product: [openSUSE] openSUSE Distribution Reporter: Mark Harvey <mark.harvey>
Component: BasesystemAssignee: Lubos Kocman <lubos.kocman>
Status: NEW --- QA Contact: E-mail List <qa-bugs>
Severity: Normal    
Priority: P5 - None CC: mark.harvey
Version: Leap 15.6   
Target Milestone: ---   
Hardware: Other   
OS: Other   
Whiteboard:
Found By: --- Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Description Mark Harvey 2024-07-03 14:47:56 UTC 
Initial Leap 15.6 system built in May 2024 from Beta release.  

Attempted update via pkgkit ( KDE toolbar notification ).  
Received this error:  

the installed openssh-server-config-rootlogin-9.6p1-150600.2.7.x86_64 requires 'openssh-server = 9.6p1-150600.2.7', but this requirement cannot be provided 

━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
Lubos Kocman <lubos.kocman@suse.com>
8:32 AM (0 minutes ago)
to OBS, me

Hello autobuild team

Could you please call

publish_distro with --delete publish_distro_conf/publish_leap156.config

We have an extra packages (namely this one) that are not in repodata.
Probably beta leftover.

http://download.opensuse.org/distribution/leap/15.6/repo/oss/x86_64/openssh-server-config-rootlogin-9.6p1-150600.2.3.x86_64.rpm

Many thanks in advance
--
Best regards

Luboš Kocman
openSUSE Leap Release Manager
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━

mharvey@p5570:~> cat /etc/os-release
NAME="openSUSE Leap"
VERSION="15.6"
ID="opensuse-leap"
ID_LIKE="suse opensuse"
VERSION_ID="15.6"
PRETTY_NAME="openSUSE Leap 15.6"
ANSI_COLOR="0;32"
CPE_NAME="cpe:/o:opensuse:leap:15.6"
BUG_REPORT_URL="https://bugs.opensuse.org"
HOME_URL="https://www.opensuse.org/"
DOCUMENTATION_URL="https://en.opensuse.org/Portal:Leap"
LOGO="distributor-logo-Leap"


mharvey@p5570:~> zypper info openssh

Information for package openssh:
--------------------------------
Repository     : update-sle (15.6)
Name           : openssh
Version        : 9.6p1-150600.6.3.1
Arch           : x86_64
Vendor         : SUSE LLC <https://www.suse.com/>
Installed Size : 0 B
Installed      : Yes
Status         : out-of-date (version 9.6p1-150600.2.7 installed)
Source package : openssh-9.6p1-150600.6.3.1.src
Upstream URL   : https://www.openssh.com/
Summary        : Secure Shell Client and Server (Remote Login Program)
Description    :
    SSH (Secure Shell) is a program for logging into and executing commands
    on a remote machine. It replaces rsh (rlogin and rsh) and
    provides secure encrypted communication between two untrusted
    hosts over an insecure network.

    xorg-x11 (X Window System) connections and arbitrary TCP/IP ports can
    also be forwarded over the secure channel.

    This is a dummy package that pulls in both the client and server
    components.


mharvey@p5570:~> zypper info openssh-server

Information for package openssh-server:
---------------------------------------
Repository     : update-sle (15.6)
Name           : openssh-server
Version        : 9.6p1-150600.6.3.1
Arch           : x86_64
Vendor         : SUSE LLC <https://www.suse.com/>
Installed Size : 1.5 MiB
Installed      : Yes
Status         : out-of-date (version 9.6p1-150600.2.7 installed)
Source package : openssh-9.6p1-150600.6.3.1.src
Upstream URL   : https://www.openssh.com/
Summary        : SSH (Secure Shell) server
Description    :
    SSH (Secure Shell) is a program for logging into and executing commands
    on a remote machine. It replaces rsh (rlogin and rsh) and
    provides secure encrypted communication between two untrusted
    hosts over an insecure network.

    xorg-x11 (X Window System) connections and arbitrary TCP/IP ports can
    also be forwarded over the secure channel.

    This package contains the Secure Shell daemon, which allows clients to
    securely connect to your server.



mharvey@p5570:~> zypper info openssh-server-config-disallow-rootlogin

Information for package openssh-server-config-disallow-rootlogin:
-----------------------------------------------------------------
Repository     : repo-oss (15.6)
Name           : openssh-server-config-disallow-rootlogin
Version        : 9.6p1-150600.4.2
Arch           : x86_64
Vendor         : SUSE LLC <https://www.suse.com/>
Installed Size : 34 B
Installed      : No
Status         : not installed
Source package : openssh-9.6p1-150600.4.2.src
Upstream URL   : https://www.openssh.com/
Summary        : Config to disallow password root logins to sshd
Description    : 
    The openssh-server package by default allows password based
    root logins. This package provides a config that disallows root
    to log in using the passwor. It's useful to secure your system
    preventing password attacks on the root account over ssh.


mharvey@p5570:~> zypper lr -u
Repository priorities are without effect. All enabled repositories share the same priority.

#  | Alias                           | Name                                           | Enabled | GPG Check | Refresh | URI
---+---------------------------------+------------------------------------------------+---------+-----------+---------+---------------------------------------------------------------------------------
 1 | NVIDIA:repo-non-free            | repo-non-free (15.6)                           | Yes     | (r ) Yes  | Yes     | https://download.nvidia.com/opensuse/leap/15.6
 2 | brave-browser                   | Brave Browser                                  | Yes     | (r ) Yes  | Yes     | https://brave-browser-rpm-release.s3.brave.com/x86_64
 3 | google-chrome                   | google-chrome                                  | Yes     | (r ) Yes  | Yes     | https://dl.google.com/linux/chrome/rpm/stable/x86_64
 4 | http-download.suse.de-7fd9be3d  | SUSECA                                         | Yes     | (r ) Yes  | Yes     | http://download.suse.de/ibs/SUSE:/CA/openSUSE_Tumbleweed/
 5 | openSUSE-Leap-15.6-1            | openSUSE-Leap-15.6-1                           | No      | ----      | ----    | hd:/?device=/dev/disk/by-id/usb-Lexar_USB_Flash_Drive_AAQVGR2YJ1BS8UQX-0:0-part2
 6 | openSUSE:repo-non-oss           | repo-non-oss (15.6)                            | Yes     | (r ) Yes  | Yes     | http://cdn.opensuse.org/distribution/leap/15.6/repo/non-oss
 7 | openSUSE:repo-non-oss-debug     | repo-non-oss-debug (15.6)                      | No      | ----      | ----    | http://cdn.opensuse.org/debug/distribution/leap/15.6/repo/non-oss
 8 | openSUSE:repo-openh264          | repo-openh264 (15.6)                           | Yes     | (r ) Yes  | Yes     | http://codecs.opensuse.org/openh264/openSUSE_Leap
 9 | openSUSE:repo-oss               | repo-oss (15.6)                                | Yes     | (r ) Yes  | Yes     | http://cdn.opensuse.org/distribution/leap/15.6/repo/oss
10 | openSUSE:repo-oss-debug         | repo-oss-debug (15.6)                          | No      | ----      | ----    | http://cdn.opensuse.org/debug/distribution/leap/15.6/repo/oss
11 | openSUSE:repo-oss-source        | repo-oss-source (15.6)                         | No      | ----      | ----    | http://cdn.opensuse.org/source/distribution/leap/15.6/repo/oss
12 | openSUSE:update-backports       | update-backports (15.6)                        | Yes     | (r ) Yes  | Yes     | http://cdn.opensuse.org/update/leap/15.6/backports
13 | openSUSE:update-backports-debug | update-backports-debug (15.6)                  | No      | ----      | ----    | http://cdn.opensuse.org/update/leap/15.6/backports_debug
14 | openSUSE:update-non-oss         | update-non-oss (15.6)                          | Yes     | (r ) Yes  | Yes     | http://cdn.opensuse.org/update/leap/15.6/non-oss
15 | openSUSE:update-non-oss-debug   | update-non-oss-debug (15.6)                    | No      | ----      | ----    | http://cdn.opensuse.org/debug/update/leap/15.6/non-oss
16 | openSUSE:update-oss             | update-oss (15.6)                              | Yes     | (r ) Yes  | Yes     | http://cdn.opensuse.org/update/leap/15.6/oss
17 | openSUSE:update-oss-debug       | update-oss-debug (15.6)                        | No      | ----      | ----    | http://cdn.opensuse.org/debug/update/leap/15.6/oss
18 | openSUSE:update-sle             | update-sle (15.6)                              | Yes     | (r ) Yes  | Yes     | http://cdn.opensuse.org/update/leap/15.6/sle
19 | openSUSE:update-sle-debug       | update-sle-debug (15.6)                        | No      | ----      | ----    | http://cdn.opensuse.org/debug/update/leap/15.6/sle
20 | repo-backports-debug-update     | Update repository with updates for openSUSE -> | No      | ----      | ----    | http://download.opensuse.org/update/leap/15.6/backports_debug/
21 | repo-backports-update           | Update repository of openSUSE Backports        | Yes     | (r ) Yes  | Yes     | http://download.opensuse.org/update/leap/15.6/backports/
22 | repo-sle-debug-update           | Update repository with debuginfo for updates-> | No      | ----      | ----    | http://download.opensuse.org/debug/update/leap/15.6/sle/
23 | repo-sle-update                 | Update repository with updates from SUSE Lin-> | Yes     | (r ) Yes  | Yes     | http://download.opensuse.org/update/leap/15.6/sle/
Comment 1 Mark Harvey 2024-07-03 15:22:53 UTC 
after reboot, still receiving this error

the installed openssh-server-config-rootlogin-9.6p1-150600.2.7.x86_64 requires 'openssh-server = 9.6p1-150600.2.7', but this requirement cannot be provided 

mharvey@p5570:~> uname -a
Linux p5570 6.4.0-150600.23.7-default #1 SMP PREEMPT_DYNAMIC Fri Jun 14 14:33:11 UTC 2024 (33f31da) x86_64 x86_64 x86_64 GNU/Linux


► openssh-server-config-rootlogin 

mharvey@p5570:~> sudo zypper info openssh-server-config-rootlogin
Refreshing service 'NVIDIA'.
Refreshing service 'openSUSE'.
Loading repository data...
Reading installed packages...


Information for package openssh-server-config-rootlogin:
--------------------------------------------------------
Repository     : @System
Name           : openssh-server-config-rootlogin
Version        : 9.6p1-150600.2.7
Arch           : x86_64
Vendor         : SUSE LLC <https://www.suse.com/>
Installed Size : 20 B
Installed      : Yes
Status         : up-to-date
Source package : openssh-9.6p1-150600.2.7.src
Upstream URL   : https://www.openssh.com/
Summary        : Config to permit root logins to sshd
Description    : 
    The openssh-server package by default disallows password based
    root logins. This package provides a config that does. It's useful
    to temporarily have a password based login to be able to use
    ssh-copy-id(1).


► openssh-server-config-disallow-rootlogin 

mharvey@p5570:~> sudo zypper info openssh-server-config-disallow-rootlogin
Refreshing service 'NVIDIA'.
Refreshing service 'openSUSE'.
Loading repository data...
Reading installed packages...


Information for package openssh-server-config-disallow-rootlogin:
-----------------------------------------------------------------
Repository     : repo-oss (15.6)
Name           : openssh-server-config-disallow-rootlogin
Version        : 9.6p1-150600.4.2
Arch           : x86_64
Vendor         : SUSE LLC <https://www.suse.com/>
Installed Size : 34 B
Installed      : No
Status         : not installed
Source package : openssh-9.6p1-150600.4.2.src
Upstream URL   : https://www.openssh.com/
Summary        : Config to disallow password root logins to sshd
Description    : 
    The openssh-server package by default allows password based
    root logins. This package provides a config that disallows root
    to log in using the passwor. It's useful to secure your system
    preventing password attacks on the root account over ssh.

► openssh-server 

mharvey@p5570:~> sudo zypper info openssh-server
Refreshing service 'NVIDIA'.
Refreshing service 'openSUSE'.
Loading repository data...
Reading installed packages...


Information for package openssh-server:
---------------------------------------
Repository     : update-sle (15.6)
Name           : openssh-server
Version        : 9.6p1-150600.6.3.1
Arch           : x86_64
Vendor         : SUSE LLC <https://www.suse.com/>
Installed Size : 1.5 MiB
Installed      : Yes
Status         : out-of-date (version 9.6p1-150600.2.7 installed)
Source package : openssh-9.6p1-150600.6.3.1.src
Upstream URL   : https://www.openssh.com/
Summary        : SSH (Secure Shell) server
Description    : 
    SSH (Secure Shell) is a program for logging into and executing commands
    on a remote machine. It replaces rsh (rlogin and rsh) and
    provides secure encrypted communication between two untrusted
    hosts over an insecure network.

    xorg-x11 (X Window System) connections and arbitrary TCP/IP ports can
    also be forwarded over the secure channel.

    This package contains the Secure Shell daemon, which allows clients to
    securely connect to your server.
Comment 2 Marcus Meissner 2024-07-03 16:07:54 UTC 
you will need to solve this confklict manually.
Comment 3 Lubos Kocman 2024-07-03 16:42:33 UTC 
Ack, meanwhile I did ask autobuild team to drop package from the repo.
Comment 8 Maintenance Automation 2024-07-10 16:30:04 UTC 
SUSE-SU-2024:2393-1: An update that solves two vulnerabilities and has three security fixes can now be installed.

Category: security (moderate)
Bug References: 1218215, 1224392, 1225904, 1227318, 1227350
CVE References: CVE-2023-51385, CVE-2024-39894
Maintenance Incident: [SUSE:Maintenance:34681](https://smelt.suse.de/incident/34681/)
Sources used:
openSUSE Leap 15.6 (src):
 openssh-askpass-gnome-9.6p1-150600.6.6.1, openssh-9.6p1-150600.6.6.1
Basesystem Module 15-SP6 (src):
 openssh-9.6p1-150600.6.6.1
Desktop Applications Module 15-SP6 (src):
 openssh-askpass-gnome-9.6p1-150600.6.6.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.