openssh-7.5p1-1 + 0.10.3-2

2017-03-20 15:55:43 +01:00 · 2017-03-20 15:55:43 +01:00 · 17b491b307
commit 17b491b307
parent fd58b9eabb
16 changed files with 61 additions and 113 deletions
--- a/.gitignore
+++ b/.gitignore
@ -25,3 +25,4 @@ pam_ssh_agent_auth-0.9.2.tar.bz2
 /openssh-7.3p1.tar.gz
 /openssh-7.4p1.tar.gz
 /pam_ssh_agent_auth-0.10.3.tar.bz2
+/openssh-7.5p1.tar.gz
--- a/openssh-6.2p1-vendor.patch
+++ b/openssh-6.2p1-vendor.patch
@ -60,8 +60,8 @@ diff -up openssh-7.4p1/servconf.c.vendor openssh-7.4p1/servconf.c
 	{ "verifyreversemapping", sDeprecated, SSHCFG_GLOBAL },
 	{ "reversemappingcheck", sDeprecated, SSHCFG_GLOBAL },
@@ -1369,6 +1373,10 @@ process_server_config_line(ServerOptions
- 		multistate_ptr = multistate_privsep;
- 		goto parse_multistate;
+ 		intptr = &options->disable_forwarding;
+ 		goto parse_flag;
 
 +	case sShowPatchLevel:
 +		intptr = &options->show_patchlevel;
@ -138,12 +138,12 @@ diff -up openssh-7.4p1/sshd.c.vendor openssh-7.4p1/sshd.c
@@ -367,7 +367,8 @@ sshd_exchange_identification(struct ssh
 	char remote_version[256];	/* Must be at least as big as buf. */
 
- 	xasprintf(&server_version_string, "SSH-%d.%d-%.100s%s%s%s",
+ 	xasprintf(&server_version_string, "SSH-%d.%d-%.100s%s%s\r\n",
 -	    PROTOCOL_MAJOR_2, PROTOCOL_MINOR_2, SSH_VERSION,
 +	    PROTOCOL_MAJOR_2, PROTOCOL_MINOR_2,
 +	    (options.show_patchlevel == 1) ? SSH_VENDOR_PATCHLEVEL : SSH_VERSION,
 	    *options.version_addendum == '\0' ? "" : " ",
- 	    options.version_addendum, newline);
+ 	    options.version_addendum);
 
@@ -1650,7 +1651,8 @@ main(int ac, char **av)
 		exit(1);
--- a/openssh-6.6p1-GSSAPIEnablek5users.patch
+++ b/openssh-6.6p1-GSSAPIEnablek5users.patch
@ -82,7 +82,7 @@ diff -up openssh-7.4p1/servconf.c.GSSAPIEnablek5users openssh-7.4p1/servconf.c
 	M_CP_INTOPT(rekey_interval);
 
@@ -2320,6 +2330,7 @@ dump_config(ServerOptions *o)
- 	dump_cfg_fmtint(sUsePrivilegeSeparation, use_privsep);
+ 	dump_cfg_fmtint(sStreamLocalBindUnlink, o->fwd_opts.streamlocal_bind_unlink);
 	dump_cfg_fmtint(sFingerprintHash, o->fingerprint_hash);
 	dump_cfg_fmtint(sKerberosUseKuserok, o->use_kuserok);
 +	dump_cfg_fmtint(sGssEnablek5users, o->enable_k5users);
--- a/openssh-6.6p1-kuserok.patch
+++ b/openssh-6.6p1-kuserok.patch
@ -235,8 +235,8 @@ diff -up openssh-7.4p1/servconf.c.kuserok openssh-7.4p1/servconf.c
 	M_CP_INTOPT(rekey_interval);
 
@@ -2309,6 +2319,7 @@ dump_config(ServerOptions *o)
+ 	dump_cfg_fmtint(sAllowStreamLocalForwarding, o->allow_streamlocal_forwarding);
 	dump_cfg_fmtint(sStreamLocalBindUnlink, o->fwd_opts.streamlocal_bind_unlink);
- 	dump_cfg_fmtint(sUsePrivilegeSeparation, use_privsep);
 	dump_cfg_fmtint(sFingerprintHash, o->fingerprint_hash);
 +	dump_cfg_fmtint(sKerberosUseKuserok, o->use_kuserok);
 
--- a/openssh-6.7p1-debian-restore-tcp-wrappers.patch
+++ b/openssh-6.7p1-debian-restore-tcp-wrappers.patch
@ -71,7 +71,7 @@ diff -up openssh-7.4p1/configure.ac.tcp_wrappers openssh-7.4p1/configure.ac
 +echo "              TCP Wrappers support: $TCPW_MSG"
 echo "              MD5 password support: $MD5_MSG"
 echo "                   libedit support: $LIBEDIT_MSG"
- echo "  Solaris process contract support: $SPC_MSG"
+ echo "                   libldns support: $LDNS_MSG"
 diff -up openssh-7.4p1/sshd.8.tcp_wrappers openssh-7.4p1/sshd.8
 --- openssh-7.4p1/sshd.8.tcp_wrappers	2016-12-23 15:36:38.759411194 +0100
 +++ openssh-7.4p1/sshd.8	2016-12-23 15:36:38.778411197 +0100
--- a/openssh-7.0p1-gssKexAlgorithms.patch
+++ b/openssh-7.0p1-gssKexAlgorithms.patch
@ -169,7 +169,7 @@ diff -up openssh-7.0p1/readconf.c.gsskexalg openssh-7.0p1/readconf.c
 	{ "gssapiserveridentity", oGssServerIdentity },
 	{ "gssapirenewalforcesrekey", oGssRenewalRekey },
 +	{ "gssapikexalgorithms", oGssKexAlgorithms },
- #else
+ # else
 	{ "gssapiauthentication", oUnsupported },
 	{ "gssapikeyexchange", oUnsupported },
@@ -207,6 +209,7 @@ static struct {
@ -178,8 +178,8 @@ diff -up openssh-7.0p1/readconf.c.gsskexalg openssh-7.0p1/readconf.c
 	{ "gssapirenewalforcesrekey", oUnsupported },
 +	{ "gssapikexalgorithms", oUnsupported },
 #endif
- 	{ "fallbacktorsh", oDeprecated },
- 	{ "usersh", oDeprecated },
+ #ifdef ENABLE_PKCS11
+ 	{ "smartcarddevice", oPKCS11Provider },
@@ -929,6 +932,18 @@ parse_time:
 		intptr = &options->gss_renewal_rekey;
 		goto parse_flag;
@ -249,7 +249,7 @@ diff -up openssh-7.0p1/servconf.c.gsskexalg openssh-7.0p1/servconf.c
 	options->kbd_interactive_authentication = -1;
 	options->challenge_response_authentication = -1;
@@ -288,6 +290,10 @@ fill_default_server_options(ServerOption
- 		options->gss_strict_acceptor = 0;
+ 		options->gss_strict_acceptor = 1;
 	if (options->gss_store_rekey == -1)
 		options->gss_store_rekey = 0;
 +#ifdef GSSAPI
--- a/openssh-7.2p1-audit.patch
+++ b/openssh-7.2p1-audit.patch
@ -776,7 +776,7 @@ diff -up openssh-7.4p1/auth2.c.audit openssh-7.4p1/auth2.c
 +++ openssh-7.4p1/auth2.c	2016-12-23 18:54:54.434080419 +0100
@@ -249,9 +249,6 @@ input_userauth_request(int type, u_int32
 		} else {
- 			logit("input_userauth_request: invalid user %s", user);
+ 			/* Invalid user, fake password information */
 			authctxt->pw = fakepw();
 -#ifdef SSH_AUDIT_EVENTS
 -			PRIVSEP(audit_event(SSH_INVALID_USER));
@ -960,9 +960,9 @@ diff -up openssh-7.4p1/kex.c.audit openssh-7.4p1/kex.c
 +#endif
 		return SSH_ERR_NO_CIPHER_ALG_MATCH;
 +	}
- 	if ((enc->cipher = cipher_by_name(name)) == NULL)
+ 	if ((enc->cipher = cipher_by_name(name)) == NULL) {
+ 		free(name);
 		return SSH_ERR_INTERNAL_ERROR;
- 	enc->name = name;
@@ -702,8 +707,12 @@ choose_mac(struct ssh *ssh, struct sshma
 {
 	char *name = match_list(client, server, NULL);
@ -974,9 +974,9 @@ diff -up openssh-7.4p1/kex.c.audit openssh-7.4p1/kex.c
 +#endif
 		return SSH_ERR_NO_MAC_ALG_MATCH;
 +	}
- 	if (mac_setup(mac, name) < 0)
+ 	if (mac_setup(mac, name) < 0) {
+ 		free(name);
 		return SSH_ERR_INTERNAL_ERROR;
- 	/* truncate the key */
@@ -720,8 +729,12 @@ choose_comp(struct sshcomp *comp, char *
 {
 	char *name = match_list(client, server, NULL);
@ -1739,16 +1739,16 @@ diff -up openssh-7.4p1/sandbox-seccomp-filter.c.audit openssh-7.4p1/sandbox-secc
 +++ openssh-7.4p1/sandbox-seccomp-filter.c	2016-12-23 18:54:54.438080420 +0100
@@ -159,6 +159,12 @@ static const struct sock_filter preauth_
 #ifdef __NR_gettimeofday
- 	SC_ALLOW(gettimeofday),
+ 	SC_ALLOW(__NR_gettimeofday),
 #endif
 +#ifdef SSH_AUDIT_EVENTS
-+	SC_ALLOW(getuid),
+	SC_ALLOW(__NR_getuid),
 +#ifdef __NR_getuid32 /* not defined on x86_64 */
-+	SC_ALLOW(getuid32),
+	SC_ALLOW(__NR_getuid32),
 +#endif
 +#endif
 #ifdef __NR_madvise
- 	SC_ALLOW(madvise),
+ 	SC_ALLOW(__NR_madvise),
 #endif
 diff -up openssh-7.4p1/session.c.audit openssh-7.4p1/session.c
 --- openssh-7.4p1/session.c.audit	2016-12-23 18:54:54.430080418 +0100
--- a/openssh-7.2p1-fips.patch
+++ b/openssh-7.2p1-fips.patch
@ -382,13 +382,13 @@ diff -up openssh-7.4p1/sandbox-seccomp-filter.c.fips openssh-7.4p1/sandbox-secco
 +++ openssh-7.4p1/sandbox-seccomp-filter.c	2016-12-23 16:37:49.300741586 +0100
@@ -118,6 +118,9 @@ static const struct sock_filter preauth_
 #ifdef __NR_open
- 	SC_DENY(open, EACCES),
+ 	SC_DENY(__NR_open, EACCES),
 #endif
 +#ifdef __NR_socket
-+	SC_DENY(socket, EACCES),
+	SC_DENY(__NR_socket, EACCES),
 +#endif
 #ifdef __NR_openat
- 	SC_DENY(openat, EACCES),
+ 	SC_DENY(__NR_openat, EACCES),
 #endif
 diff -up openssh-7.4p1/servconf.c.fips openssh-7.4p1/servconf.c
 --- openssh-7.4p1/servconf.c.fips	2016-12-23 16:37:49.285741579 +0100
--- a/openssh-7.2p1-gsskex.patch
+++ b/openssh-7.2p1-gsskex.patch
@ -1959,7 +1959,7 @@ diff -up openssh-7.4p1/readconf.c.gsskex openssh-7.4p1/readconf.c
 	oSendEnv, oControlPath, oControlMaster, oControlPersist,
 	oHashKnownHosts,
@@ -205,10 +207,19 @@ static struct {
- 	{ "afstokenpassing", oUnsupported },
+ 	/* Sometimes-unsupported options */
 #if defined(GSSAPI)
 	{ "gssapiauthentication", oGssAuthentication },
 +	{ "gssapikeyexchange", oGssKeyEx },
@ -1968,7 +1968,7 @@ diff -up openssh-7.4p1/readconf.c.gsskex openssh-7.4p1/readconf.c
 +	{ "gssapiclientidentity", oGssClientIdentity },
 +	{ "gssapiserveridentity", oGssServerIdentity },
 +	{ "gssapirenewalforcesrekey", oGssRenewalRekey },
- #else
+ # else
 	{ "gssapiauthentication", oUnsupported },
 +	{ "gssapikeyexchange", oUnsupported },
 	{ "gssapidelegatecredentials", oUnsupported },
@ -1976,8 +1976,8 @@ diff -up openssh-7.4p1/readconf.c.gsskex openssh-7.4p1/readconf.c
 +	{ "gssapiclientidentity", oUnsupported },
 +	{ "gssapirenewalforcesrekey", oUnsupported },
 #endif
- 	{ "fallbacktorsh", oDeprecated },
- 	{ "usersh", oDeprecated },
+ #ifdef ENABLE_PKCS11
+ 	{ "smartcarddevice", oPKCS11Provider },
@@ -961,10 +972,30 @@ parse_time:
 		intptr = &options->gss_authentication;
 		goto parse_flag;
@ -2136,7 +2136,7 @@ diff -up openssh-7.4p1/servconf.c.gsskex openssh-7.4p1/servconf.c
 	if (options->gss_cleanup_creds == -1)
 		options->gss_cleanup_creds = 1;
 	if (options->gss_strict_acceptor == -1)
- 		options->gss_strict_acceptor = 0;
+ 		options->gss_strict_acceptor = 1;
 +	if (options->gss_store_rekey == -1)
 +		options->gss_store_rekey = 0;
 	if (options->password_authentication == -1)
@ -2325,8 +2325,8 @@ diff -up openssh-7.4p1/sshconnect2.c.gsskex openssh-7.4p1/sshconnect2.c
 +#endif
 +
 	if (options.rekey_limit || options.rekey_interval)
- 		packet_set_rekey_limits((u_int32_t)options.rekey_limit,
- 		    (time_t)options.rekey_interval);
+ 		packet_set_rekey_limits(options.rekey_limit,
+ 		    options.rekey_interval);
@@ -212,11 +248,31 @@ ssh_kex2(char *host, struct sockaddr *ho
 	kex->kex[KEX_ECDH_SHA2] = kexecdh_client;
 # endif
--- a/openssh-7.2p2-expose-pam.patch
+++ b/openssh-7.2p2-expose-pam.patch
@ -2,8 +2,8 @@ diff -up openssh-7.4p1/auth2.c.expose-pam openssh-7.4p1/auth2.c
 --- openssh-7.4p1/auth2.c.expose-pam	2016-12-23 15:40:26.768447868 +0100
 +++ openssh-7.4p1/auth2.c	2016-12-23 15:40:26.818447876 +0100
@@ -310,6 +310,7 @@ userauth_finish(Authctxt *authctxt, int
-     const char *submethod)
 {
+ 	struct ssh *ssh = active_state;	/* XXX */
 	char *methods;
 +	char *prev_auth_details;
 	int partial = 0;
@ -217,7 +217,7 @@ diff -up openssh-7.4p1/monitor.c.expose-pam openssh-7.4p1/monitor.c
 --- openssh-7.4p1/monitor.c.expose-pam	2016-12-23 15:40:26.794447872 +0100
 +++ openssh-7.4p1/monitor.c	2016-12-23 15:41:16.473455863 +0100
@@ -300,6 +300,7 @@ monitor_child_preauth(Authctxt *_authctx
- {
+ 	struct ssh *ssh = active_state;	/* XXX */
 	struct mon_table *ent;
 	int authenticated = 0, partial = 0;
 +	char *prev_auth_details;
--- a/openssh-7.2p2-x11.patch
+++ b/openssh-7.2p2-x11.patch
@ -50,4 +50,4 @@ diff -up openssh-7.2p2/channels.c.x11 openssh-7.2p2/channels.c
 +	return -1;
 }
 
- int
+ #ifdef __APPLE__
--- a/openssh-7.3p1-openssl-1.1.0.patch
+++ b/openssh-7.3p1-openssl-1.1.0.patch
@ -2133,8 +2133,8 @@ diff -up openssh-7.4p1/sshconnect1.c.openssl openssh-7.4p1/sshconnect1.c
 	int bits, rbits;
 	int ssh_cipher_default = SSH_CIPHER_3DES;
@@ -522,10 +530,14 @@ ssh_kex(char *host, struct sockaddr *hos
- 	/* Get the public key. */
- 	server_key = key_new(KEY_RSA1);
+ 	if ((server_key = key_new(KEY_RSA1)) == NULL)
+ 		fatal("%s: key_new(KEY_RSA1) failed", __func__);
 	bits = packet_get_int();
 -	packet_get_bignum(server_key->rsa->e);
 -	packet_get_bignum(server_key->rsa->n);
@ -2151,8 +2151,8 @@ diff -up openssh-7.4p1/sshconnect1.c.openssl openssh-7.4p1/sshconnect1.c
 		logit("Warning: Server lies about size of server public key: "
 		    "actual size is %d bits vs. announced %d.", rbits, bits);
@@ -534,10 +546,14 @@ ssh_kex(char *host, struct sockaddr *hos
- 	/* Get the host key. */
- 	host_key = key_new(KEY_RSA1);
+ 	if ((host_key = key_new(KEY_RSA1)) == NULL)
+ 		fatal("%s: key_new(KEY_RSA1) failed", __func__);
 	bits = packet_get_int();
 -	packet_get_bignum(host_key->rsa->e);
 -	packet_get_bignum(host_key->rsa->n);
@ -2644,7 +2644,7 @@ diff -up openssh-7.4p1/sshkey.c.openssl openssh-7.4p1/sshkey.c
 +	BIGNUM *e = NULL, *n = NULL;
 #endif /* WITH_SSH1 */
 
- 	cp = *cpp;
+ 	if (ret == NULL)
@@ -1303,12 +1319,21 @@ sshkey_read(struct sshkey *ret, char **c
 		    bits == 0 || bits > SSHBUF_MAX_BIGNUM * 8)
 			return SSH_ERR_INVALID_FORMAT;	/* Bad bit count... */
@ -3318,7 +3318,7 @@ diff -up openssh-7.4p1/sshkey.c.openssl openssh-7.4p1/sshkey.c
 
 	/* enable blinding */
@@ -3846,7 +4109,7 @@ sshkey_parse_private_pem_fileblob(struct
- 		r = SSH_ERR_KEY_WRONG_PASSPHRASE;
+ 		r = SSH_ERR_LIBCRYPTO_ERROR;
 		goto out;
 	}
 -	if (pk->type == EVP_PKEY_RSA &&
@ -3640,3 +3640,17 @@ diff -up openssh-7.4p1/ssh-rsa.c.openssl openssh-7.4p1/ssh-rsa.c
 	    sig == NULL || siglen == 0)
 		return SSH_ERR_INVALID_ARGUMENT;
 
+diff --git a/sshkey.c b/sshkey.c
+index ffc17ce..130217a 100644
+--- a/sshkey.c
+++ b/sshkey.c
+@@ -3815,7 +3815,9 @@ sshkey_parse_private_pem_fileblob(struct sshbuf *blob, int type,
+ 			case EVP_R_BAD_DECRYPT:
+ 				r = SSH_ERR_KEY_WRONG_PASSPHRASE;
+ 				goto out;
+#ifdef EVP_R_BN_DECODE_ERROR
+ 			case EVP_R_BN_DECODE_ERROR:
+#endif
+ 			case EVP_R_DECODE_ERROR:
+ #ifdef EVP_R_PRIVATE_KEY_DECODE_ERROR
+ 			case EVP_R_PRIVATE_KEY_DECODE_ERROR:
--- a/openssh-7.4p1-include-errors.patch
+++ b/openssh-7.4p1-include-errors.patch
@ -1,40 +0,0 @@
-diff --git a/readconf.c b/readconf.c
-index fa3fab8..e7eb30d 100644
--- a/readconf.c
-+++ b/readconf.c
-@@ -1499,7 +1499,7 @@ parse_keytypes:
- 				    oactive ? "" : " (parse only)");
- 				r = read_config_file_depth(gl.gl_pathv[i],
- 				    pw, host, original_host, options,
-				    flags | SSHCONF_CHECKPERM |
-+				    flags | SSHCONF_CHECKPERM | SSHCONF_IGNORE_READERR |
- 				    (oactive ? 0 : SSHCONF_NEVERMATCH),
- 				    activep, depth + 1);
- 				/*
-@@ -1707,8 +1707,13 @@ read_config_file_depth(const char *filename, struct passwd *pw,
- 	if (depth < 0 || depth > READCONF_MAX_DEPTH)
- 		fatal("Too many recursive configuration includes");
- 
-	if ((f = fopen(filename, "r")) == NULL)
-+	if ((f = fopen(filename, "r")) == NULL) {
-+		if (flags & SSHCONF_IGNORE_READERR) {
-+			error("Can not open configuration file %s", filename);
-+			return 1;
-+		}
- 		return 0;
-+	}
- 
- 	if (flags & SSHCONF_CHECKPERM) {
- 		struct stat sb;
-diff --git a/readconf.h b/readconf.h
-index cef55f7..4f7d3b4 100644
--- a/readconf.h
-+++ b/readconf.h
-@@ -190,6 +190,7 @@ typedef struct {
- #define SSHCONF_USERCONF	2  /* user provided config file not system */
- #define SSHCONF_POSTCANON	4  /* After hostname canonicalisation */
- #define SSHCONF_NEVERMATCH	8  /* Match/Host never matches; internal only */
-+#define SSHCONF_IGNORE_READERR	16 /* Treat unreadable files as errors; internal only */
- 
- #define SSH_UPDATE_HOSTKEYS_NO	0
- #define SSH_UPDATE_HOSTKEYS_YES	1
--- a/openssh-7.4p1-pkcs11-whitelist.patch
+++ b/openssh-7.4p1-pkcs11-whitelist.patch
@ -1,24 +0,0 @@
-diff -up openssh-7.4p1/ssh-agent.1.pkcs11-whitelist openssh-7.4p1/ssh-agent.1
--- openssh-7.4p1/ssh-agent.1.pkcs11-whitelist	2017-01-03 10:41:01.916331710 +0100
-+++ openssh-7.4p1/ssh-agent.1	2017-01-03 10:40:06.549366029 +0100
-@@ -129,7 +129,7 @@ that may be added using the
- option to
- .Xr ssh-add 1 .
- The default is to allow loading PKCS#11 libraries from
-.Dq /usr/lib/*,/usr/local/lib/* .
-+.Dq /usr/lib*/*,/usr/local/lib*/* .
- PKCS#11 libraries that do not match the whitelist will be refused.
- See PATTERNS in
- .Xr ssh_config 5
-diff -up openssh-7.4p1/ssh-agent.c.pkcs11-whitelist openssh-7.4p1/ssh-agent.c
--- openssh-7.4p1/ssh-agent.c.pkcs11-whitelist	2017-01-03 10:41:09.324327118 +0100
-+++ openssh-7.4p1/ssh-agent.c	2017-01-03 10:40:21.212356939 +0100
-@@ -89,7 +89,7 @@
- #endif
- 
- #ifndef DEFAULT_PKCS11_WHITELIST
-# define DEFAULT_PKCS11_WHITELIST "/usr/lib/*,/usr/local/lib/*"
-+# define DEFAULT_PKCS11_WHITELIST "/usr/lib*/*,/usr/local/lib*/*"
- #endif
- 
- typedef enum {
--- a/openssh.spec
+++ b/openssh.spec
@ -65,10 +65,10 @@
 %endif

 # Do not forget to bump pam_ssh_agent_auth release if you rewind the main package release to 1
-%global openssh_ver 7.4p1
-%global openssh_rel 4
+%global openssh_ver 7.5p1
+%global openssh_rel 1
 %global pam_ssh_agent_ver 0.10.3
-%global pam_ssh_agent_rel 1
+%global pam_ssh_agent_rel 2

 Summary: An open source implementation of SSH protocol versions 1 and 2
 Name: openssh
@ -226,10 +226,6 @@ Patch940: openssh-7.2p2-expose-pam.patch
 Patch942: openssh-7.2p2-chroot-capabilities.patch
 # Move MAX_DISPLAYS to a configuration option (#1341302)
 Patch944: openssh-7.3p1-x11-max-displays.patch
-# Whitelist /usr/lib*/ as planed upstream to prevent breakage
-Patch946: openssh-7.4p1-pkcs11-whitelist.patch
-# Correct reporting errors from included files (#1408558)
-Patch947: openssh-7.4p1-include-errors.patch
 # Help systemd to track the running service
 Patch948: openssh-7.4p1-systemd.patch

@ -466,8 +462,6 @@ popd
 %patch940 -p1 -b .expose-pam
 %patch942 -p1 -b .chroot-cap
 %patch944 -p1 -b .x11max
-%patch946 -p1 -b .pkcs11-whitelist
-%patch947 -p1 -b .include-errors
 %patch948 -p1 -b .systemd

 %patch200 -p1 -b .audit
@ -811,6 +805,9 @@ getent passwd sshd >/dev/null || \
 %endif

 %changelog
+* Mon Mar 20 2017 Jakub Jelen <jjelen@redhat.com> - 7.5p1-1 + 0.10.3-2
+- New upstream release
+
 * Fri Mar 03 2017 Jakub Jelen <jjelen@redhat.com> - 7.4p1-4 + 0.10.3-1
 - Avoid sending the SD_NOTIFY messages from wrong processes (#1427526)
 - Address reports by coverity
--- a/2
+++ b/2
@ -1,2 +1,2 @@
+SHA512 (openssh-7.5p1.tar.gz) = 58c542e8a110fb4316a68db94abb663fa1c810becd0638d45281df8aeca62c1f705090437a80e788e6c29121769b72a505feced537d3118c933fde01b5285c81
 SHA512 (pam_ssh_agent_auth-0.10.3.tar.bz2) = d75062c4e46b0b011f46aed9704a99049995fea8b5115ff7ee26dad7e93cbcf54a8af7efc6b521109d77dc03c6f5284574d2e1b84c6829cec25610f24fb4bd66
-SHA512 (openssh-7.4p1.tar.gz) = 4f3256f461f01366c5d5e0e45285eec65016e2643b3284b407f48f53d81087bf2c1caf7d5f7530d307a15c91c64de91446e1cba948e8fc68f82098290fe3b292