openssh-7.5p1-1 + 0.10.3-2
This commit is contained in:
parent
fd58b9eabb
commit
17b491b307
1
.gitignore
vendored
1
.gitignore
vendored
@ -25,3 +25,4 @@ pam_ssh_agent_auth-0.9.2.tar.bz2
|
||||
/openssh-7.3p1.tar.gz
|
||||
/openssh-7.4p1.tar.gz
|
||||
/pam_ssh_agent_auth-0.10.3.tar.bz2
|
||||
/openssh-7.5p1.tar.gz
|
||||
|
@ -60,8 +60,8 @@ diff -up openssh-7.4p1/servconf.c.vendor openssh-7.4p1/servconf.c
|
||||
{ "verifyreversemapping", sDeprecated, SSHCFG_GLOBAL },
|
||||
{ "reversemappingcheck", sDeprecated, SSHCFG_GLOBAL },
|
||||
@@ -1369,6 +1373,10 @@ process_server_config_line(ServerOptions
|
||||
multistate_ptr = multistate_privsep;
|
||||
goto parse_multistate;
|
||||
intptr = &options->disable_forwarding;
|
||||
goto parse_flag;
|
||||
|
||||
+ case sShowPatchLevel:
|
||||
+ intptr = &options->show_patchlevel;
|
||||
@ -138,12 +138,12 @@ diff -up openssh-7.4p1/sshd.c.vendor openssh-7.4p1/sshd.c
|
||||
@@ -367,7 +367,8 @@ sshd_exchange_identification(struct ssh
|
||||
char remote_version[256]; /* Must be at least as big as buf. */
|
||||
|
||||
xasprintf(&server_version_string, "SSH-%d.%d-%.100s%s%s%s",
|
||||
xasprintf(&server_version_string, "SSH-%d.%d-%.100s%s%s\r\n",
|
||||
- PROTOCOL_MAJOR_2, PROTOCOL_MINOR_2, SSH_VERSION,
|
||||
+ PROTOCOL_MAJOR_2, PROTOCOL_MINOR_2,
|
||||
+ (options.show_patchlevel == 1) ? SSH_VENDOR_PATCHLEVEL : SSH_VERSION,
|
||||
*options.version_addendum == '\0' ? "" : " ",
|
||||
options.version_addendum, newline);
|
||||
options.version_addendum);
|
||||
|
||||
@@ -1650,7 +1651,8 @@ main(int ac, char **av)
|
||||
exit(1);
|
||||
|
@ -82,7 +82,7 @@ diff -up openssh-7.4p1/servconf.c.GSSAPIEnablek5users openssh-7.4p1/servconf.c
|
||||
M_CP_INTOPT(rekey_interval);
|
||||
|
||||
@@ -2320,6 +2330,7 @@ dump_config(ServerOptions *o)
|
||||
dump_cfg_fmtint(sUsePrivilegeSeparation, use_privsep);
|
||||
dump_cfg_fmtint(sStreamLocalBindUnlink, o->fwd_opts.streamlocal_bind_unlink);
|
||||
dump_cfg_fmtint(sFingerprintHash, o->fingerprint_hash);
|
||||
dump_cfg_fmtint(sKerberosUseKuserok, o->use_kuserok);
|
||||
+ dump_cfg_fmtint(sGssEnablek5users, o->enable_k5users);
|
||||
|
@ -235,8 +235,8 @@ diff -up openssh-7.4p1/servconf.c.kuserok openssh-7.4p1/servconf.c
|
||||
M_CP_INTOPT(rekey_interval);
|
||||
|
||||
@@ -2309,6 +2319,7 @@ dump_config(ServerOptions *o)
|
||||
dump_cfg_fmtint(sAllowStreamLocalForwarding, o->allow_streamlocal_forwarding);
|
||||
dump_cfg_fmtint(sStreamLocalBindUnlink, o->fwd_opts.streamlocal_bind_unlink);
|
||||
dump_cfg_fmtint(sUsePrivilegeSeparation, use_privsep);
|
||||
dump_cfg_fmtint(sFingerprintHash, o->fingerprint_hash);
|
||||
+ dump_cfg_fmtint(sKerberosUseKuserok, o->use_kuserok);
|
||||
|
||||
|
@ -71,7 +71,7 @@ diff -up openssh-7.4p1/configure.ac.tcp_wrappers openssh-7.4p1/configure.ac
|
||||
+echo " TCP Wrappers support: $TCPW_MSG"
|
||||
echo " MD5 password support: $MD5_MSG"
|
||||
echo " libedit support: $LIBEDIT_MSG"
|
||||
echo " Solaris process contract support: $SPC_MSG"
|
||||
echo " libldns support: $LDNS_MSG"
|
||||
diff -up openssh-7.4p1/sshd.8.tcp_wrappers openssh-7.4p1/sshd.8
|
||||
--- openssh-7.4p1/sshd.8.tcp_wrappers 2016-12-23 15:36:38.759411194 +0100
|
||||
+++ openssh-7.4p1/sshd.8 2016-12-23 15:36:38.778411197 +0100
|
||||
|
@ -178,8 +178,8 @@ diff -up openssh-7.0p1/readconf.c.gsskexalg openssh-7.0p1/readconf.c
|
||||
{ "gssapirenewalforcesrekey", oUnsupported },
|
||||
+ { "gssapikexalgorithms", oUnsupported },
|
||||
#endif
|
||||
{ "fallbacktorsh", oDeprecated },
|
||||
{ "usersh", oDeprecated },
|
||||
#ifdef ENABLE_PKCS11
|
||||
{ "smartcarddevice", oPKCS11Provider },
|
||||
@@ -929,6 +932,18 @@ parse_time:
|
||||
intptr = &options->gss_renewal_rekey;
|
||||
goto parse_flag;
|
||||
@ -249,7 +249,7 @@ diff -up openssh-7.0p1/servconf.c.gsskexalg openssh-7.0p1/servconf.c
|
||||
options->kbd_interactive_authentication = -1;
|
||||
options->challenge_response_authentication = -1;
|
||||
@@ -288,6 +290,10 @@ fill_default_server_options(ServerOption
|
||||
options->gss_strict_acceptor = 0;
|
||||
options->gss_strict_acceptor = 1;
|
||||
if (options->gss_store_rekey == -1)
|
||||
options->gss_store_rekey = 0;
|
||||
+#ifdef GSSAPI
|
||||
|
@ -776,7 +776,7 @@ diff -up openssh-7.4p1/auth2.c.audit openssh-7.4p1/auth2.c
|
||||
+++ openssh-7.4p1/auth2.c 2016-12-23 18:54:54.434080419 +0100
|
||||
@@ -249,9 +249,6 @@ input_userauth_request(int type, u_int32
|
||||
} else {
|
||||
logit("input_userauth_request: invalid user %s", user);
|
||||
/* Invalid user, fake password information */
|
||||
authctxt->pw = fakepw();
|
||||
-#ifdef SSH_AUDIT_EVENTS
|
||||
- PRIVSEP(audit_event(SSH_INVALID_USER));
|
||||
@ -960,9 +960,9 @@ diff -up openssh-7.4p1/kex.c.audit openssh-7.4p1/kex.c
|
||||
+#endif
|
||||
return SSH_ERR_NO_CIPHER_ALG_MATCH;
|
||||
+ }
|
||||
if ((enc->cipher = cipher_by_name(name)) == NULL)
|
||||
if ((enc->cipher = cipher_by_name(name)) == NULL) {
|
||||
free(name);
|
||||
return SSH_ERR_INTERNAL_ERROR;
|
||||
enc->name = name;
|
||||
@@ -702,8 +707,12 @@ choose_mac(struct ssh *ssh, struct sshma
|
||||
{
|
||||
char *name = match_list(client, server, NULL);
|
||||
@ -974,9 +974,9 @@ diff -up openssh-7.4p1/kex.c.audit openssh-7.4p1/kex.c
|
||||
+#endif
|
||||
return SSH_ERR_NO_MAC_ALG_MATCH;
|
||||
+ }
|
||||
if (mac_setup(mac, name) < 0)
|
||||
if (mac_setup(mac, name) < 0) {
|
||||
free(name);
|
||||
return SSH_ERR_INTERNAL_ERROR;
|
||||
/* truncate the key */
|
||||
@@ -720,8 +729,12 @@ choose_comp(struct sshcomp *comp, char *
|
||||
{
|
||||
char *name = match_list(client, server, NULL);
|
||||
@ -1739,16 +1739,16 @@ diff -up openssh-7.4p1/sandbox-seccomp-filter.c.audit openssh-7.4p1/sandbox-secc
|
||||
+++ openssh-7.4p1/sandbox-seccomp-filter.c 2016-12-23 18:54:54.438080420 +0100
|
||||
@@ -159,6 +159,12 @@ static const struct sock_filter preauth_
|
||||
#ifdef __NR_gettimeofday
|
||||
SC_ALLOW(gettimeofday),
|
||||
SC_ALLOW(__NR_gettimeofday),
|
||||
#endif
|
||||
+#ifdef SSH_AUDIT_EVENTS
|
||||
+ SC_ALLOW(getuid),
|
||||
+ SC_ALLOW(__NR_getuid),
|
||||
+#ifdef __NR_getuid32 /* not defined on x86_64 */
|
||||
+ SC_ALLOW(getuid32),
|
||||
+ SC_ALLOW(__NR_getuid32),
|
||||
+#endif
|
||||
+#endif
|
||||
#ifdef __NR_madvise
|
||||
SC_ALLOW(madvise),
|
||||
SC_ALLOW(__NR_madvise),
|
||||
#endif
|
||||
diff -up openssh-7.4p1/session.c.audit openssh-7.4p1/session.c
|
||||
--- openssh-7.4p1/session.c.audit 2016-12-23 18:54:54.430080418 +0100
|
||||
|
@ -382,13 +382,13 @@ diff -up openssh-7.4p1/sandbox-seccomp-filter.c.fips openssh-7.4p1/sandbox-secco
|
||||
+++ openssh-7.4p1/sandbox-seccomp-filter.c 2016-12-23 16:37:49.300741586 +0100
|
||||
@@ -118,6 +118,9 @@ static const struct sock_filter preauth_
|
||||
#ifdef __NR_open
|
||||
SC_DENY(open, EACCES),
|
||||
SC_DENY(__NR_open, EACCES),
|
||||
#endif
|
||||
+#ifdef __NR_socket
|
||||
+ SC_DENY(socket, EACCES),
|
||||
+ SC_DENY(__NR_socket, EACCES),
|
||||
+#endif
|
||||
#ifdef __NR_openat
|
||||
SC_DENY(openat, EACCES),
|
||||
SC_DENY(__NR_openat, EACCES),
|
||||
#endif
|
||||
diff -up openssh-7.4p1/servconf.c.fips openssh-7.4p1/servconf.c
|
||||
--- openssh-7.4p1/servconf.c.fips 2016-12-23 16:37:49.285741579 +0100
|
||||
|
@ -1959,7 +1959,7 @@ diff -up openssh-7.4p1/readconf.c.gsskex openssh-7.4p1/readconf.c
|
||||
oSendEnv, oControlPath, oControlMaster, oControlPersist,
|
||||
oHashKnownHosts,
|
||||
@@ -205,10 +207,19 @@ static struct {
|
||||
{ "afstokenpassing", oUnsupported },
|
||||
/* Sometimes-unsupported options */
|
||||
#if defined(GSSAPI)
|
||||
{ "gssapiauthentication", oGssAuthentication },
|
||||
+ { "gssapikeyexchange", oGssKeyEx },
|
||||
@ -1976,8 +1976,8 @@ diff -up openssh-7.4p1/readconf.c.gsskex openssh-7.4p1/readconf.c
|
||||
+ { "gssapiclientidentity", oUnsupported },
|
||||
+ { "gssapirenewalforcesrekey", oUnsupported },
|
||||
#endif
|
||||
{ "fallbacktorsh", oDeprecated },
|
||||
{ "usersh", oDeprecated },
|
||||
#ifdef ENABLE_PKCS11
|
||||
{ "smartcarddevice", oPKCS11Provider },
|
||||
@@ -961,10 +972,30 @@ parse_time:
|
||||
intptr = &options->gss_authentication;
|
||||
goto parse_flag;
|
||||
@ -2136,7 +2136,7 @@ diff -up openssh-7.4p1/servconf.c.gsskex openssh-7.4p1/servconf.c
|
||||
if (options->gss_cleanup_creds == -1)
|
||||
options->gss_cleanup_creds = 1;
|
||||
if (options->gss_strict_acceptor == -1)
|
||||
options->gss_strict_acceptor = 0;
|
||||
options->gss_strict_acceptor = 1;
|
||||
+ if (options->gss_store_rekey == -1)
|
||||
+ options->gss_store_rekey = 0;
|
||||
if (options->password_authentication == -1)
|
||||
@ -2325,8 +2325,8 @@ diff -up openssh-7.4p1/sshconnect2.c.gsskex openssh-7.4p1/sshconnect2.c
|
||||
+#endif
|
||||
+
|
||||
if (options.rekey_limit || options.rekey_interval)
|
||||
packet_set_rekey_limits((u_int32_t)options.rekey_limit,
|
||||
(time_t)options.rekey_interval);
|
||||
packet_set_rekey_limits(options.rekey_limit,
|
||||
options.rekey_interval);
|
||||
@@ -212,11 +248,31 @@ ssh_kex2(char *host, struct sockaddr *ho
|
||||
kex->kex[KEX_ECDH_SHA2] = kexecdh_client;
|
||||
# endif
|
||||
|
@ -2,8 +2,8 @@ diff -up openssh-7.4p1/auth2.c.expose-pam openssh-7.4p1/auth2.c
|
||||
--- openssh-7.4p1/auth2.c.expose-pam 2016-12-23 15:40:26.768447868 +0100
|
||||
+++ openssh-7.4p1/auth2.c 2016-12-23 15:40:26.818447876 +0100
|
||||
@@ -310,6 +310,7 @@ userauth_finish(Authctxt *authctxt, int
|
||||
const char *submethod)
|
||||
{
|
||||
struct ssh *ssh = active_state; /* XXX */
|
||||
char *methods;
|
||||
+ char *prev_auth_details;
|
||||
int partial = 0;
|
||||
@ -217,7 +217,7 @@ diff -up openssh-7.4p1/monitor.c.expose-pam openssh-7.4p1/monitor.c
|
||||
--- openssh-7.4p1/monitor.c.expose-pam 2016-12-23 15:40:26.794447872 +0100
|
||||
+++ openssh-7.4p1/monitor.c 2016-12-23 15:41:16.473455863 +0100
|
||||
@@ -300,6 +300,7 @@ monitor_child_preauth(Authctxt *_authctx
|
||||
{
|
||||
struct ssh *ssh = active_state; /* XXX */
|
||||
struct mon_table *ent;
|
||||
int authenticated = 0, partial = 0;
|
||||
+ char *prev_auth_details;
|
||||
|
@ -50,4 +50,4 @@ diff -up openssh-7.2p2/channels.c.x11 openssh-7.2p2/channels.c
|
||||
+ return -1;
|
||||
}
|
||||
|
||||
int
|
||||
#ifdef __APPLE__
|
||||
|
@ -2133,8 +2133,8 @@ diff -up openssh-7.4p1/sshconnect1.c.openssl openssh-7.4p1/sshconnect1.c
|
||||
int bits, rbits;
|
||||
int ssh_cipher_default = SSH_CIPHER_3DES;
|
||||
@@ -522,10 +530,14 @@ ssh_kex(char *host, struct sockaddr *hos
|
||||
/* Get the public key. */
|
||||
server_key = key_new(KEY_RSA1);
|
||||
if ((server_key = key_new(KEY_RSA1)) == NULL)
|
||||
fatal("%s: key_new(KEY_RSA1) failed", __func__);
|
||||
bits = packet_get_int();
|
||||
- packet_get_bignum(server_key->rsa->e);
|
||||
- packet_get_bignum(server_key->rsa->n);
|
||||
@ -2151,8 +2151,8 @@ diff -up openssh-7.4p1/sshconnect1.c.openssl openssh-7.4p1/sshconnect1.c
|
||||
logit("Warning: Server lies about size of server public key: "
|
||||
"actual size is %d bits vs. announced %d.", rbits, bits);
|
||||
@@ -534,10 +546,14 @@ ssh_kex(char *host, struct sockaddr *hos
|
||||
/* Get the host key. */
|
||||
host_key = key_new(KEY_RSA1);
|
||||
if ((host_key = key_new(KEY_RSA1)) == NULL)
|
||||
fatal("%s: key_new(KEY_RSA1) failed", __func__);
|
||||
bits = packet_get_int();
|
||||
- packet_get_bignum(host_key->rsa->e);
|
||||
- packet_get_bignum(host_key->rsa->n);
|
||||
@ -2644,7 +2644,7 @@ diff -up openssh-7.4p1/sshkey.c.openssl openssh-7.4p1/sshkey.c
|
||||
+ BIGNUM *e = NULL, *n = NULL;
|
||||
#endif /* WITH_SSH1 */
|
||||
|
||||
cp = *cpp;
|
||||
if (ret == NULL)
|
||||
@@ -1303,12 +1319,21 @@ sshkey_read(struct sshkey *ret, char **c
|
||||
bits == 0 || bits > SSHBUF_MAX_BIGNUM * 8)
|
||||
return SSH_ERR_INVALID_FORMAT; /* Bad bit count... */
|
||||
@ -3318,7 +3318,7 @@ diff -up openssh-7.4p1/sshkey.c.openssl openssh-7.4p1/sshkey.c
|
||||
|
||||
/* enable blinding */
|
||||
@@ -3846,7 +4109,7 @@ sshkey_parse_private_pem_fileblob(struct
|
||||
r = SSH_ERR_KEY_WRONG_PASSPHRASE;
|
||||
r = SSH_ERR_LIBCRYPTO_ERROR;
|
||||
goto out;
|
||||
}
|
||||
- if (pk->type == EVP_PKEY_RSA &&
|
||||
@ -3640,3 +3640,17 @@ diff -up openssh-7.4p1/ssh-rsa.c.openssl openssh-7.4p1/ssh-rsa.c
|
||||
sig == NULL || siglen == 0)
|
||||
return SSH_ERR_INVALID_ARGUMENT;
|
||||
|
||||
diff --git a/sshkey.c b/sshkey.c
|
||||
index ffc17ce..130217a 100644
|
||||
--- a/sshkey.c
|
||||
+++ b/sshkey.c
|
||||
@@ -3815,7 +3815,9 @@ sshkey_parse_private_pem_fileblob(struct sshbuf *blob, int type,
|
||||
case EVP_R_BAD_DECRYPT:
|
||||
r = SSH_ERR_KEY_WRONG_PASSPHRASE;
|
||||
goto out;
|
||||
+#ifdef EVP_R_BN_DECODE_ERROR
|
||||
case EVP_R_BN_DECODE_ERROR:
|
||||
+#endif
|
||||
case EVP_R_DECODE_ERROR:
|
||||
#ifdef EVP_R_PRIVATE_KEY_DECODE_ERROR
|
||||
case EVP_R_PRIVATE_KEY_DECODE_ERROR:
|
||||
|
@ -1,40 +0,0 @@
|
||||
diff --git a/readconf.c b/readconf.c
|
||||
index fa3fab8..e7eb30d 100644
|
||||
--- a/readconf.c
|
||||
+++ b/readconf.c
|
||||
@@ -1499,7 +1499,7 @@ parse_keytypes:
|
||||
oactive ? "" : " (parse only)");
|
||||
r = read_config_file_depth(gl.gl_pathv[i],
|
||||
pw, host, original_host, options,
|
||||
- flags | SSHCONF_CHECKPERM |
|
||||
+ flags | SSHCONF_CHECKPERM | SSHCONF_IGNORE_READERR |
|
||||
(oactive ? 0 : SSHCONF_NEVERMATCH),
|
||||
activep, depth + 1);
|
||||
/*
|
||||
@@ -1707,8 +1707,13 @@ read_config_file_depth(const char *filename, struct passwd *pw,
|
||||
if (depth < 0 || depth > READCONF_MAX_DEPTH)
|
||||
fatal("Too many recursive configuration includes");
|
||||
|
||||
- if ((f = fopen(filename, "r")) == NULL)
|
||||
+ if ((f = fopen(filename, "r")) == NULL) {
|
||||
+ if (flags & SSHCONF_IGNORE_READERR) {
|
||||
+ error("Can not open configuration file %s", filename);
|
||||
+ return 1;
|
||||
+ }
|
||||
return 0;
|
||||
+ }
|
||||
|
||||
if (flags & SSHCONF_CHECKPERM) {
|
||||
struct stat sb;
|
||||
diff --git a/readconf.h b/readconf.h
|
||||
index cef55f7..4f7d3b4 100644
|
||||
--- a/readconf.h
|
||||
+++ b/readconf.h
|
||||
@@ -190,6 +190,7 @@ typedef struct {
|
||||
#define SSHCONF_USERCONF 2 /* user provided config file not system */
|
||||
#define SSHCONF_POSTCANON 4 /* After hostname canonicalisation */
|
||||
#define SSHCONF_NEVERMATCH 8 /* Match/Host never matches; internal only */
|
||||
+#define SSHCONF_IGNORE_READERR 16 /* Treat unreadable files as errors; internal only */
|
||||
|
||||
#define SSH_UPDATE_HOSTKEYS_NO 0
|
||||
#define SSH_UPDATE_HOSTKEYS_YES 1
|
@ -1,24 +0,0 @@
|
||||
diff -up openssh-7.4p1/ssh-agent.1.pkcs11-whitelist openssh-7.4p1/ssh-agent.1
|
||||
--- openssh-7.4p1/ssh-agent.1.pkcs11-whitelist 2017-01-03 10:41:01.916331710 +0100
|
||||
+++ openssh-7.4p1/ssh-agent.1 2017-01-03 10:40:06.549366029 +0100
|
||||
@@ -129,7 +129,7 @@ that may be added using the
|
||||
option to
|
||||
.Xr ssh-add 1 .
|
||||
The default is to allow loading PKCS#11 libraries from
|
||||
-.Dq /usr/lib/*,/usr/local/lib/* .
|
||||
+.Dq /usr/lib*/*,/usr/local/lib*/* .
|
||||
PKCS#11 libraries that do not match the whitelist will be refused.
|
||||
See PATTERNS in
|
||||
.Xr ssh_config 5
|
||||
diff -up openssh-7.4p1/ssh-agent.c.pkcs11-whitelist openssh-7.4p1/ssh-agent.c
|
||||
--- openssh-7.4p1/ssh-agent.c.pkcs11-whitelist 2017-01-03 10:41:09.324327118 +0100
|
||||
+++ openssh-7.4p1/ssh-agent.c 2017-01-03 10:40:21.212356939 +0100
|
||||
@@ -89,7 +89,7 @@
|
||||
#endif
|
||||
|
||||
#ifndef DEFAULT_PKCS11_WHITELIST
|
||||
-# define DEFAULT_PKCS11_WHITELIST "/usr/lib/*,/usr/local/lib/*"
|
||||
+# define DEFAULT_PKCS11_WHITELIST "/usr/lib*/*,/usr/local/lib*/*"
|
||||
#endif
|
||||
|
||||
typedef enum {
|
15
openssh.spec
15
openssh.spec
@ -65,10 +65,10 @@
|
||||
%endif
|
||||
|
||||
# Do not forget to bump pam_ssh_agent_auth release if you rewind the main package release to 1
|
||||
%global openssh_ver 7.4p1
|
||||
%global openssh_rel 4
|
||||
%global openssh_ver 7.5p1
|
||||
%global openssh_rel 1
|
||||
%global pam_ssh_agent_ver 0.10.3
|
||||
%global pam_ssh_agent_rel 1
|
||||
%global pam_ssh_agent_rel 2
|
||||
|
||||
Summary: An open source implementation of SSH protocol versions 1 and 2
|
||||
Name: openssh
|
||||
@ -226,10 +226,6 @@ Patch940: openssh-7.2p2-expose-pam.patch
|
||||
Patch942: openssh-7.2p2-chroot-capabilities.patch
|
||||
# Move MAX_DISPLAYS to a configuration option (#1341302)
|
||||
Patch944: openssh-7.3p1-x11-max-displays.patch
|
||||
# Whitelist /usr/lib*/ as planed upstream to prevent breakage
|
||||
Patch946: openssh-7.4p1-pkcs11-whitelist.patch
|
||||
# Correct reporting errors from included files (#1408558)
|
||||
Patch947: openssh-7.4p1-include-errors.patch
|
||||
# Help systemd to track the running service
|
||||
Patch948: openssh-7.4p1-systemd.patch
|
||||
|
||||
@ -466,8 +462,6 @@ popd
|
||||
%patch940 -p1 -b .expose-pam
|
||||
%patch942 -p1 -b .chroot-cap
|
||||
%patch944 -p1 -b .x11max
|
||||
%patch946 -p1 -b .pkcs11-whitelist
|
||||
%patch947 -p1 -b .include-errors
|
||||
%patch948 -p1 -b .systemd
|
||||
|
||||
%patch200 -p1 -b .audit
|
||||
@ -811,6 +805,9 @@ getent passwd sshd >/dev/null || \
|
||||
%endif
|
||||
|
||||
%changelog
|
||||
* Mon Mar 20 2017 Jakub Jelen <jjelen@redhat.com> - 7.5p1-1 + 0.10.3-2
|
||||
- New upstream release
|
||||
|
||||
* Fri Mar 03 2017 Jakub Jelen <jjelen@redhat.com> - 7.4p1-4 + 0.10.3-1
|
||||
- Avoid sending the SD_NOTIFY messages from wrong processes (#1427526)
|
||||
- Address reports by coverity
|
||||
|
2
sources
2
sources
@ -1,2 +1,2 @@
|
||||
SHA512 (openssh-7.5p1.tar.gz) = 58c542e8a110fb4316a68db94abb663fa1c810becd0638d45281df8aeca62c1f705090437a80e788e6c29121769b72a505feced537d3118c933fde01b5285c81
|
||||
SHA512 (pam_ssh_agent_auth-0.10.3.tar.bz2) = d75062c4e46b0b011f46aed9704a99049995fea8b5115ff7ee26dad7e93cbcf54a8af7efc6b521109d77dc03c6f5284574d2e1b84c6829cec25610f24fb4bd66
|
||||
SHA512 (openssh-7.4p1.tar.gz) = 4f3256f461f01366c5d5e0e45285eec65016e2643b3284b407f48f53d81087bf2c1caf7d5f7530d307a15c91c64de91446e1cba948e8fc68f82098290fe3b292
|
||||
|
Loading…
Reference in New Issue
Block a user