From 17b491b3075c078c75ca0fa5ad7438e52747b3b0 Mon Sep 17 00:00:00 2001 From: Jakub Jelen Date: Mar 20 2017 15:00:16 +0000 Subject: openssh-7.5p1-1 + 0.10.3-2 --- diff --git a/.gitignore b/.gitignore index b846d8f..c4ff457 100644 --- a/.gitignore +++ b/.gitignore @@ -25,3 +25,4 @@ pam_ssh_agent_auth-0.9.2.tar.bz2 /openssh-7.3p1.tar.gz /openssh-7.4p1.tar.gz /pam_ssh_agent_auth-0.10.3.tar.bz2 +/openssh-7.5p1.tar.gz diff --git a/openssh-6.2p1-vendor.patch b/openssh-6.2p1-vendor.patch index 2d946eb..02f4540 100644 --- a/openssh-6.2p1-vendor.patch +++ b/openssh-6.2p1-vendor.patch @@ -60,8 +60,8 @@ diff -up openssh-7.4p1/servconf.c.vendor openssh-7.4p1/servconf.c { "verifyreversemapping", sDeprecated, SSHCFG_GLOBAL }, { "reversemappingcheck", sDeprecated, SSHCFG_GLOBAL }, @@ -1369,6 +1373,10 @@ process_server_config_line(ServerOptions - multistate_ptr = multistate_privsep; - goto parse_multistate; + intptr = &options->disable_forwarding; + goto parse_flag; + case sShowPatchLevel: + intptr = &options->show_patchlevel; @@ -138,12 +138,12 @@ diff -up openssh-7.4p1/sshd.c.vendor openssh-7.4p1/sshd.c @@ -367,7 +367,8 @@ sshd_exchange_identification(struct ssh char remote_version[256]; /* Must be at least as big as buf. */ - xasprintf(&server_version_string, "SSH-%d.%d-%.100s%s%s%s", + xasprintf(&server_version_string, "SSH-%d.%d-%.100s%s%s\r\n", - PROTOCOL_MAJOR_2, PROTOCOL_MINOR_2, SSH_VERSION, + PROTOCOL_MAJOR_2, PROTOCOL_MINOR_2, + (options.show_patchlevel == 1) ? SSH_VENDOR_PATCHLEVEL : SSH_VERSION, *options.version_addendum == '\0' ? "" : " ", - options.version_addendum, newline); + options.version_addendum); @@ -1650,7 +1651,8 @@ main(int ac, char **av) exit(1); diff --git a/openssh-6.6p1-GSSAPIEnablek5users.patch b/openssh-6.6p1-GSSAPIEnablek5users.patch index 069b36d..e64d320 100644 --- a/openssh-6.6p1-GSSAPIEnablek5users.patch +++ b/openssh-6.6p1-GSSAPIEnablek5users.patch @@ -82,7 +82,7 @@ diff -up openssh-7.4p1/servconf.c.GSSAPIEnablek5users openssh-7.4p1/servconf.c M_CP_INTOPT(rekey_interval); @@ -2320,6 +2330,7 @@ dump_config(ServerOptions *o) - dump_cfg_fmtint(sUsePrivilegeSeparation, use_privsep); + dump_cfg_fmtint(sStreamLocalBindUnlink, o->fwd_opts.streamlocal_bind_unlink); dump_cfg_fmtint(sFingerprintHash, o->fingerprint_hash); dump_cfg_fmtint(sKerberosUseKuserok, o->use_kuserok); + dump_cfg_fmtint(sGssEnablek5users, o->enable_k5users); diff --git a/openssh-6.6p1-kuserok.patch b/openssh-6.6p1-kuserok.patch index 1af0fa4..3f10d60 100644 --- a/openssh-6.6p1-kuserok.patch +++ b/openssh-6.6p1-kuserok.patch @@ -235,8 +235,8 @@ diff -up openssh-7.4p1/servconf.c.kuserok openssh-7.4p1/servconf.c M_CP_INTOPT(rekey_interval); @@ -2309,6 +2319,7 @@ dump_config(ServerOptions *o) + dump_cfg_fmtint(sAllowStreamLocalForwarding, o->allow_streamlocal_forwarding); dump_cfg_fmtint(sStreamLocalBindUnlink, o->fwd_opts.streamlocal_bind_unlink); - dump_cfg_fmtint(sUsePrivilegeSeparation, use_privsep); dump_cfg_fmtint(sFingerprintHash, o->fingerprint_hash); + dump_cfg_fmtint(sKerberosUseKuserok, o->use_kuserok); diff --git a/openssh-6.7p1-debian-restore-tcp-wrappers.patch b/openssh-6.7p1-debian-restore-tcp-wrappers.patch index 5fcc451..2bd6fdf 100644 --- a/openssh-6.7p1-debian-restore-tcp-wrappers.patch +++ b/openssh-6.7p1-debian-restore-tcp-wrappers.patch @@ -71,7 +71,7 @@ diff -up openssh-7.4p1/configure.ac.tcp_wrappers openssh-7.4p1/configure.ac +echo " TCP Wrappers support: $TCPW_MSG" echo " MD5 password support: $MD5_MSG" echo " libedit support: $LIBEDIT_MSG" - echo " Solaris process contract support: $SPC_MSG" + echo " libldns support: $LDNS_MSG" diff -up openssh-7.4p1/sshd.8.tcp_wrappers openssh-7.4p1/sshd.8 --- openssh-7.4p1/sshd.8.tcp_wrappers 2016-12-23 15:36:38.759411194 +0100 +++ openssh-7.4p1/sshd.8 2016-12-23 15:36:38.778411197 +0100 diff --git a/openssh-7.0p1-gssKexAlgorithms.patch b/openssh-7.0p1-gssKexAlgorithms.patch index 4e989dc..30519af 100644 --- a/openssh-7.0p1-gssKexAlgorithms.patch +++ b/openssh-7.0p1-gssKexAlgorithms.patch @@ -169,7 +169,7 @@ diff -up openssh-7.0p1/readconf.c.gsskexalg openssh-7.0p1/readconf.c { "gssapiserveridentity", oGssServerIdentity }, { "gssapirenewalforcesrekey", oGssRenewalRekey }, + { "gssapikexalgorithms", oGssKexAlgorithms }, - #else + # else { "gssapiauthentication", oUnsupported }, { "gssapikeyexchange", oUnsupported }, @@ -207,6 +209,7 @@ static struct { @@ -178,8 +178,8 @@ diff -up openssh-7.0p1/readconf.c.gsskexalg openssh-7.0p1/readconf.c { "gssapirenewalforcesrekey", oUnsupported }, + { "gssapikexalgorithms", oUnsupported }, #endif - { "fallbacktorsh", oDeprecated }, - { "usersh", oDeprecated }, + #ifdef ENABLE_PKCS11 + { "smartcarddevice", oPKCS11Provider }, @@ -929,6 +932,18 @@ parse_time: intptr = &options->gss_renewal_rekey; goto parse_flag; @@ -249,7 +249,7 @@ diff -up openssh-7.0p1/servconf.c.gsskexalg openssh-7.0p1/servconf.c options->kbd_interactive_authentication = -1; options->challenge_response_authentication = -1; @@ -288,6 +290,10 @@ fill_default_server_options(ServerOption - options->gss_strict_acceptor = 0; + options->gss_strict_acceptor = 1; if (options->gss_store_rekey == -1) options->gss_store_rekey = 0; +#ifdef GSSAPI diff --git a/openssh-7.2p1-audit.patch b/openssh-7.2p1-audit.patch index c8a4df3..755b93c 100644 --- a/openssh-7.2p1-audit.patch +++ b/openssh-7.2p1-audit.patch @@ -776,7 +776,7 @@ diff -up openssh-7.4p1/auth2.c.audit openssh-7.4p1/auth2.c +++ openssh-7.4p1/auth2.c 2016-12-23 18:54:54.434080419 +0100 @@ -249,9 +249,6 @@ input_userauth_request(int type, u_int32 } else { - logit("input_userauth_request: invalid user %s", user); + /* Invalid user, fake password information */ authctxt->pw = fakepw(); -#ifdef SSH_AUDIT_EVENTS - PRIVSEP(audit_event(SSH_INVALID_USER)); @@ -960,9 +960,9 @@ diff -up openssh-7.4p1/kex.c.audit openssh-7.4p1/kex.c +#endif return SSH_ERR_NO_CIPHER_ALG_MATCH; + } - if ((enc->cipher = cipher_by_name(name)) == NULL) + if ((enc->cipher = cipher_by_name(name)) == NULL) { + free(name); return SSH_ERR_INTERNAL_ERROR; - enc->name = name; @@ -702,8 +707,12 @@ choose_mac(struct ssh *ssh, struct sshma { char *name = match_list(client, server, NULL); @@ -974,9 +974,9 @@ diff -up openssh-7.4p1/kex.c.audit openssh-7.4p1/kex.c +#endif return SSH_ERR_NO_MAC_ALG_MATCH; + } - if (mac_setup(mac, name) < 0) + if (mac_setup(mac, name) < 0) { + free(name); return SSH_ERR_INTERNAL_ERROR; - /* truncate the key */ @@ -720,8 +729,12 @@ choose_comp(struct sshcomp *comp, char * { char *name = match_list(client, server, NULL); @@ -1739,16 +1739,16 @@ diff -up openssh-7.4p1/sandbox-seccomp-filter.c.audit openssh-7.4p1/sandbox-secc +++ openssh-7.4p1/sandbox-seccomp-filter.c 2016-12-23 18:54:54.438080420 +0100 @@ -159,6 +159,12 @@ static const struct sock_filter preauth_ #ifdef __NR_gettimeofday - SC_ALLOW(gettimeofday), + SC_ALLOW(__NR_gettimeofday), #endif +#ifdef SSH_AUDIT_EVENTS -+ SC_ALLOW(getuid), ++ SC_ALLOW(__NR_getuid), +#ifdef __NR_getuid32 /* not defined on x86_64 */ -+ SC_ALLOW(getuid32), ++ SC_ALLOW(__NR_getuid32), +#endif +#endif #ifdef __NR_madvise - SC_ALLOW(madvise), + SC_ALLOW(__NR_madvise), #endif diff -up openssh-7.4p1/session.c.audit openssh-7.4p1/session.c --- openssh-7.4p1/session.c.audit 2016-12-23 18:54:54.430080418 +0100 diff --git a/openssh-7.2p1-fips.patch b/openssh-7.2p1-fips.patch index d4de8b5..e454859 100644 --- a/openssh-7.2p1-fips.patch +++ b/openssh-7.2p1-fips.patch @@ -382,13 +382,13 @@ diff -up openssh-7.4p1/sandbox-seccomp-filter.c.fips openssh-7.4p1/sandbox-secco +++ openssh-7.4p1/sandbox-seccomp-filter.c 2016-12-23 16:37:49.300741586 +0100 @@ -118,6 +118,9 @@ static const struct sock_filter preauth_ #ifdef __NR_open - SC_DENY(open, EACCES), + SC_DENY(__NR_open, EACCES), #endif +#ifdef __NR_socket -+ SC_DENY(socket, EACCES), ++ SC_DENY(__NR_socket, EACCES), +#endif #ifdef __NR_openat - SC_DENY(openat, EACCES), + SC_DENY(__NR_openat, EACCES), #endif diff -up openssh-7.4p1/servconf.c.fips openssh-7.4p1/servconf.c --- openssh-7.4p1/servconf.c.fips 2016-12-23 16:37:49.285741579 +0100 diff --git a/openssh-7.2p1-gsskex.patch b/openssh-7.2p1-gsskex.patch index 0ab2e04..0b7c186 100644 --- a/openssh-7.2p1-gsskex.patch +++ b/openssh-7.2p1-gsskex.patch @@ -1959,7 +1959,7 @@ diff -up openssh-7.4p1/readconf.c.gsskex openssh-7.4p1/readconf.c oSendEnv, oControlPath, oControlMaster, oControlPersist, oHashKnownHosts, @@ -205,10 +207,19 @@ static struct { - { "afstokenpassing", oUnsupported }, + /* Sometimes-unsupported options */ #if defined(GSSAPI) { "gssapiauthentication", oGssAuthentication }, + { "gssapikeyexchange", oGssKeyEx }, @@ -1968,7 +1968,7 @@ diff -up openssh-7.4p1/readconf.c.gsskex openssh-7.4p1/readconf.c + { "gssapiclientidentity", oGssClientIdentity }, + { "gssapiserveridentity", oGssServerIdentity }, + { "gssapirenewalforcesrekey", oGssRenewalRekey }, - #else + # else { "gssapiauthentication", oUnsupported }, + { "gssapikeyexchange", oUnsupported }, { "gssapidelegatecredentials", oUnsupported }, @@ -1976,8 +1976,8 @@ diff -up openssh-7.4p1/readconf.c.gsskex openssh-7.4p1/readconf.c + { "gssapiclientidentity", oUnsupported }, + { "gssapirenewalforcesrekey", oUnsupported }, #endif - { "fallbacktorsh", oDeprecated }, - { "usersh", oDeprecated }, + #ifdef ENABLE_PKCS11 + { "smartcarddevice", oPKCS11Provider }, @@ -961,10 +972,30 @@ parse_time: intptr = &options->gss_authentication; goto parse_flag; @@ -2136,7 +2136,7 @@ diff -up openssh-7.4p1/servconf.c.gsskex openssh-7.4p1/servconf.c if (options->gss_cleanup_creds == -1) options->gss_cleanup_creds = 1; if (options->gss_strict_acceptor == -1) - options->gss_strict_acceptor = 0; + options->gss_strict_acceptor = 1; + if (options->gss_store_rekey == -1) + options->gss_store_rekey = 0; if (options->password_authentication == -1) @@ -2325,8 +2325,8 @@ diff -up openssh-7.4p1/sshconnect2.c.gsskex openssh-7.4p1/sshconnect2.c +#endif + if (options.rekey_limit || options.rekey_interval) - packet_set_rekey_limits((u_int32_t)options.rekey_limit, - (time_t)options.rekey_interval); + packet_set_rekey_limits(options.rekey_limit, + options.rekey_interval); @@ -212,11 +248,31 @@ ssh_kex2(char *host, struct sockaddr *ho kex->kex[KEX_ECDH_SHA2] = kexecdh_client; # endif diff --git a/openssh-7.2p2-expose-pam.patch b/openssh-7.2p2-expose-pam.patch index c593f68..91428c3 100644 --- a/openssh-7.2p2-expose-pam.patch +++ b/openssh-7.2p2-expose-pam.patch @@ -2,8 +2,8 @@ diff -up openssh-7.4p1/auth2.c.expose-pam openssh-7.4p1/auth2.c --- openssh-7.4p1/auth2.c.expose-pam 2016-12-23 15:40:26.768447868 +0100 +++ openssh-7.4p1/auth2.c 2016-12-23 15:40:26.818447876 +0100 @@ -310,6 +310,7 @@ userauth_finish(Authctxt *authctxt, int - const char *submethod) { + struct ssh *ssh = active_state; /* XXX */ char *methods; + char *prev_auth_details; int partial = 0; @@ -217,7 +217,7 @@ diff -up openssh-7.4p1/monitor.c.expose-pam openssh-7.4p1/monitor.c --- openssh-7.4p1/monitor.c.expose-pam 2016-12-23 15:40:26.794447872 +0100 +++ openssh-7.4p1/monitor.c 2016-12-23 15:41:16.473455863 +0100 @@ -300,6 +300,7 @@ monitor_child_preauth(Authctxt *_authctx - { + struct ssh *ssh = active_state; /* XXX */ struct mon_table *ent; int authenticated = 0, partial = 0; + char *prev_auth_details; diff --git a/openssh-7.2p2-x11.patch b/openssh-7.2p2-x11.patch index 09e56e9..48ce840 100644 --- a/openssh-7.2p2-x11.patch +++ b/openssh-7.2p2-x11.patch @@ -50,4 +50,4 @@ diff -up openssh-7.2p2/channels.c.x11 openssh-7.2p2/channels.c + return -1; } - int + #ifdef __APPLE__ diff --git a/openssh-7.3p1-openssl-1.1.0.patch b/openssh-7.3p1-openssl-1.1.0.patch index d0b34ad..efc58b8 100644 --- a/openssh-7.3p1-openssl-1.1.0.patch +++ b/openssh-7.3p1-openssl-1.1.0.patch @@ -2133,8 +2133,8 @@ diff -up openssh-7.4p1/sshconnect1.c.openssl openssh-7.4p1/sshconnect1.c int bits, rbits; int ssh_cipher_default = SSH_CIPHER_3DES; @@ -522,10 +530,14 @@ ssh_kex(char *host, struct sockaddr *hos - /* Get the public key. */ - server_key = key_new(KEY_RSA1); + if ((server_key = key_new(KEY_RSA1)) == NULL) + fatal("%s: key_new(KEY_RSA1) failed", __func__); bits = packet_get_int(); - packet_get_bignum(server_key->rsa->e); - packet_get_bignum(server_key->rsa->n); @@ -2151,8 +2151,8 @@ diff -up openssh-7.4p1/sshconnect1.c.openssl openssh-7.4p1/sshconnect1.c logit("Warning: Server lies about size of server public key: " "actual size is %d bits vs. announced %d.", rbits, bits); @@ -534,10 +546,14 @@ ssh_kex(char *host, struct sockaddr *hos - /* Get the host key. */ - host_key = key_new(KEY_RSA1); + if ((host_key = key_new(KEY_RSA1)) == NULL) + fatal("%s: key_new(KEY_RSA1) failed", __func__); bits = packet_get_int(); - packet_get_bignum(host_key->rsa->e); - packet_get_bignum(host_key->rsa->n); @@ -2644,7 +2644,7 @@ diff -up openssh-7.4p1/sshkey.c.openssl openssh-7.4p1/sshkey.c + BIGNUM *e = NULL, *n = NULL; #endif /* WITH_SSH1 */ - cp = *cpp; + if (ret == NULL) @@ -1303,12 +1319,21 @@ sshkey_read(struct sshkey *ret, char **c bits == 0 || bits > SSHBUF_MAX_BIGNUM * 8) return SSH_ERR_INVALID_FORMAT; /* Bad bit count... */ @@ -3318,7 +3318,7 @@ diff -up openssh-7.4p1/sshkey.c.openssl openssh-7.4p1/sshkey.c /* enable blinding */ @@ -3846,7 +4109,7 @@ sshkey_parse_private_pem_fileblob(struct - r = SSH_ERR_KEY_WRONG_PASSPHRASE; + r = SSH_ERR_LIBCRYPTO_ERROR; goto out; } - if (pk->type == EVP_PKEY_RSA && @@ -3640,3 +3640,17 @@ diff -up openssh-7.4p1/ssh-rsa.c.openssl openssh-7.4p1/ssh-rsa.c sig == NULL || siglen == 0) return SSH_ERR_INVALID_ARGUMENT; +diff --git a/sshkey.c b/sshkey.c +index ffc17ce..130217a 100644 +--- a/sshkey.c ++++ b/sshkey.c +@@ -3815,7 +3815,9 @@ sshkey_parse_private_pem_fileblob(struct sshbuf *blob, int type, + case EVP_R_BAD_DECRYPT: + r = SSH_ERR_KEY_WRONG_PASSPHRASE; + goto out; ++#ifdef EVP_R_BN_DECODE_ERROR + case EVP_R_BN_DECODE_ERROR: ++#endif + case EVP_R_DECODE_ERROR: + #ifdef EVP_R_PRIVATE_KEY_DECODE_ERROR + case EVP_R_PRIVATE_KEY_DECODE_ERROR: diff --git a/openssh-7.4p1-include-errors.patch b/openssh-7.4p1-include-errors.patch deleted file mode 100644 index c4dfa0b..0000000 --- a/openssh-7.4p1-include-errors.patch +++ /dev/null @@ -1,40 +0,0 @@ -diff --git a/readconf.c b/readconf.c -index fa3fab8..e7eb30d 100644 ---- a/readconf.c -+++ b/readconf.c -@@ -1499,7 +1499,7 @@ parse_keytypes: - oactive ? "" : " (parse only)"); - r = read_config_file_depth(gl.gl_pathv[i], - pw, host, original_host, options, -- flags | SSHCONF_CHECKPERM | -+ flags | SSHCONF_CHECKPERM | SSHCONF_IGNORE_READERR | - (oactive ? 0 : SSHCONF_NEVERMATCH), - activep, depth + 1); - /* -@@ -1707,8 +1707,13 @@ read_config_file_depth(const char *filename, struct passwd *pw, - if (depth < 0 || depth > READCONF_MAX_DEPTH) - fatal("Too many recursive configuration includes"); - -- if ((f = fopen(filename, "r")) == NULL) -+ if ((f = fopen(filename, "r")) == NULL) { -+ if (flags & SSHCONF_IGNORE_READERR) { -+ error("Can not open configuration file %s", filename); -+ return 1; -+ } - return 0; -+ } - - if (flags & SSHCONF_CHECKPERM) { - struct stat sb; -diff --git a/readconf.h b/readconf.h -index cef55f7..4f7d3b4 100644 ---- a/readconf.h -+++ b/readconf.h -@@ -190,6 +190,7 @@ typedef struct { - #define SSHCONF_USERCONF 2 /* user provided config file not system */ - #define SSHCONF_POSTCANON 4 /* After hostname canonicalisation */ - #define SSHCONF_NEVERMATCH 8 /* Match/Host never matches; internal only */ -+#define SSHCONF_IGNORE_READERR 16 /* Treat unreadable files as errors; internal only */ - - #define SSH_UPDATE_HOSTKEYS_NO 0 - #define SSH_UPDATE_HOSTKEYS_YES 1 diff --git a/openssh-7.4p1-pkcs11-whitelist.patch b/openssh-7.4p1-pkcs11-whitelist.patch deleted file mode 100644 index 36b4232..0000000 --- a/openssh-7.4p1-pkcs11-whitelist.patch +++ /dev/null @@ -1,24 +0,0 @@ -diff -up openssh-7.4p1/ssh-agent.1.pkcs11-whitelist openssh-7.4p1/ssh-agent.1 ---- openssh-7.4p1/ssh-agent.1.pkcs11-whitelist 2017-01-03 10:41:01.916331710 +0100 -+++ openssh-7.4p1/ssh-agent.1 2017-01-03 10:40:06.549366029 +0100 -@@ -129,7 +129,7 @@ that may be added using the - option to - .Xr ssh-add 1 . - The default is to allow loading PKCS#11 libraries from --.Dq /usr/lib/*,/usr/local/lib/* . -+.Dq /usr/lib*/*,/usr/local/lib*/* . - PKCS#11 libraries that do not match the whitelist will be refused. - See PATTERNS in - .Xr ssh_config 5 -diff -up openssh-7.4p1/ssh-agent.c.pkcs11-whitelist openssh-7.4p1/ssh-agent.c ---- openssh-7.4p1/ssh-agent.c.pkcs11-whitelist 2017-01-03 10:41:09.324327118 +0100 -+++ openssh-7.4p1/ssh-agent.c 2017-01-03 10:40:21.212356939 +0100 -@@ -89,7 +89,7 @@ - #endif - - #ifndef DEFAULT_PKCS11_WHITELIST --# define DEFAULT_PKCS11_WHITELIST "/usr/lib/*,/usr/local/lib/*" -+# define DEFAULT_PKCS11_WHITELIST "/usr/lib*/*,/usr/local/lib*/*" - #endif - - typedef enum { diff --git a/openssh.spec b/openssh.spec index ed05468..2970509 100644 --- a/openssh.spec +++ b/openssh.spec @@ -65,10 +65,10 @@ %endif # Do not forget to bump pam_ssh_agent_auth release if you rewind the main package release to 1 -%global openssh_ver 7.4p1 -%global openssh_rel 4 +%global openssh_ver 7.5p1 +%global openssh_rel 1 %global pam_ssh_agent_ver 0.10.3 -%global pam_ssh_agent_rel 1 +%global pam_ssh_agent_rel 2 Summary: An open source implementation of SSH protocol versions 1 and 2 Name: openssh @@ -226,10 +226,6 @@ Patch940: openssh-7.2p2-expose-pam.patch Patch942: openssh-7.2p2-chroot-capabilities.patch # Move MAX_DISPLAYS to a configuration option (#1341302) Patch944: openssh-7.3p1-x11-max-displays.patch -# Whitelist /usr/lib*/ as planed upstream to prevent breakage -Patch946: openssh-7.4p1-pkcs11-whitelist.patch -# Correct reporting errors from included files (#1408558) -Patch947: openssh-7.4p1-include-errors.patch # Help systemd to track the running service Patch948: openssh-7.4p1-systemd.patch @@ -466,8 +462,6 @@ popd %patch940 -p1 -b .expose-pam %patch942 -p1 -b .chroot-cap %patch944 -p1 -b .x11max -%patch946 -p1 -b .pkcs11-whitelist -%patch947 -p1 -b .include-errors %patch948 -p1 -b .systemd %patch200 -p1 -b .audit @@ -811,6 +805,9 @@ getent passwd sshd >/dev/null || \ %endif %changelog +* Mon Mar 20 2017 Jakub Jelen - 7.5p1-1 + 0.10.3-2 +- New upstream release + * Fri Mar 03 2017 Jakub Jelen - 7.4p1-4 + 0.10.3-1 - Avoid sending the SD_NOTIFY messages from wrong processes (#1427526) - Address reports by coverity diff --git a/sources b/sources index 26b90c1..1d4f18b 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ +SHA512 (openssh-7.5p1.tar.gz) = 58c542e8a110fb4316a68db94abb663fa1c810becd0638d45281df8aeca62c1f705090437a80e788e6c29121769b72a505feced537d3118c933fde01b5285c81 SHA512 (pam_ssh_agent_auth-0.10.3.tar.bz2) = d75062c4e46b0b011f46aed9704a99049995fea8b5115ff7ee26dad7e93cbcf54a8af7efc6b521109d77dc03c6f5284574d2e1b84c6829cec25610f24fb4bd66 -SHA512 (openssh-7.4p1.tar.gz) = 4f3256f461f01366c5d5e0e45285eec65016e2643b3284b407f48f53d81087bf2c1caf7d5f7530d307a15c91c64de91446e1cba948e8fc68f82098290fe3b292