openssh-7.3p1-1 + 0.10.2-4

2016-07-26 12:31:13 +02:00 · 2016-07-26 12:31:13 +02:00 · a711d3c82f
commit a711d3c82f
parent 6454089e75
3 changed files with 117 additions and 118 deletions
--- a/openssh-6.6p1-role-mls.patch
+++ b/openssh-6.6p1-role-mls.patch
@ -1,7 +1,7 @@
-diff -up openssh-6.8p1/auth-pam.c.role-mls openssh-6.8p1/auth-pam.c
+diff -up openssh/auth-pam.c.role-mls openssh/auth-pam.c
--- openssh-6.8p1/auth-pam.c.role-mls	2015-03-17 06:49:20.000000000 +0100
+--- openssh/auth-pam.c.role-mls	2016-07-24 13:50:13.000000000 +0200
-+++ openssh-6.8p1/auth-pam.c	2015-03-18 11:04:21.045817122 +0100
+++ openssh/auth-pam.c	2016-07-26 12:37:48.793593333 +0200
-@@ -1068,7 +1068,7 @@ is_pam_session_open(void)
+@@ -1095,7 +1095,7 @@ is_pam_session_open(void)
  * during the ssh authentication process.
  */
 int
@ -10,9 +10,9 @@ diff -up openssh-6.8p1/auth-pam.c.role-mls openssh-6.8p1/auth-pam.c
 {
 	int ret = 1;
 #ifdef HAVE_PAM_PUTENV
-diff -up openssh-6.8p1/auth-pam.h.role-mls openssh-6.8p1/auth-pam.h
+diff -up openssh/auth-pam.h.role-mls openssh/auth-pam.h
--- openssh-6.8p1/auth-pam.h.role-mls	2015-03-17 06:49:20.000000000 +0100
+--- openssh/auth-pam.h.role-mls	2016-07-24 13:50:13.000000000 +0200
-+++ openssh-6.8p1/auth-pam.h	2015-03-18 11:04:21.045817122 +0100
+++ openssh/auth-pam.h	2016-07-26 12:37:48.793593333 +0200
@@ -38,7 +38,7 @@ void do_pam_session(void);
 void do_pam_set_tty(const char *);
 void do_pam_setcred(int );
@ -22,9 +22,9 @@ diff -up openssh-6.8p1/auth-pam.h.role-mls openssh-6.8p1/auth-pam.h
 char ** fetch_pam_environment(void);
 char ** fetch_pam_child_environment(void);
 void free_pam_environment(char **);
-diff -up openssh-6.8p1/auth.h.role-mls openssh-6.8p1/auth.h
+diff -up openssh/auth.h.role-mls openssh/auth.h
--- openssh-6.8p1/auth.h.role-mls	2015-03-17 06:49:20.000000000 +0100
+--- openssh/auth.h.role-mls	2016-07-24 13:50:13.000000000 +0200
-+++ openssh-6.8p1/auth.h	2015-03-18 11:04:21.045817122 +0100
+++ openssh/auth.h	2016-07-26 12:37:48.793593333 +0200
@@ -62,6 +62,9 @@ struct Authctxt {
 	char		*service;
 	struct passwd	*pw;		/* set if 'valid' */
@ -35,9 +35,9 @@ diff -up openssh-6.8p1/auth.h.role-mls openssh-6.8p1/auth.h
 	void		*kbdintctxt;
 	char		*info;		/* Extra info for next auth_log */
 #ifdef BSD_AUTH
-diff -up openssh-6.8p1/auth1.c.role-mls openssh-6.8p1/auth1.c
+diff -up openssh/auth1.c.role-mls openssh/auth1.c
--- openssh-6.8p1/auth1.c.role-mls	2015-03-17 06:49:20.000000000 +0100
+--- openssh/auth1.c.role-mls	2016-07-24 13:50:13.000000000 +0200
-+++ openssh-6.8p1/auth1.c	2015-03-18 11:04:21.046817119 +0100
+++ openssh/auth1.c	2016-07-26 12:37:48.793593333 +0200
@@ -384,6 +384,9 @@ do_authentication(Authctxt *authctxt)
 {
 	u_int ulen;
@ -73,9 +73,9 @@ diff -up openssh-6.8p1/auth1.c.role-mls openssh-6.8p1/auth1.c
 	/* Verify that the user is a valid user. */
 	if ((authctxt->pw = PRIVSEP(getpwnamallow(user))) != NULL)
-diff -up openssh-6.8p1/auth2-gss.c.role-mls openssh-6.8p1/auth2-gss.c
+diff -up openssh/auth2-gss.c.role-mls openssh/auth2-gss.c
--- openssh-6.8p1/auth2-gss.c.role-mls	2015-03-17 06:49:20.000000000 +0100
+--- openssh/auth2-gss.c.role-mls	2016-07-24 13:50:13.000000000 +0200
-+++ openssh-6.8p1/auth2-gss.c	2015-03-18 11:04:21.046817119 +0100
+++ openssh/auth2-gss.c	2016-07-26 12:37:48.794593332 +0200
@@ -255,6 +255,7 @@ input_gssapi_mic(int type, u_int32_t ple
 	Authctxt *authctxt = ctxt;
 	Gssctxt *gssctxt;
@ -108,10 +108,10 @@ diff -up openssh-6.8p1/auth2-gss.c.role-mls openssh-6.8p1/auth2-gss.c
 	free(mic.value);
 	authctxt->postponed = 0;
-diff -up openssh-6.8p1/auth2-hostbased.c.role-mls openssh-6.8p1/auth2-hostbased.c
+diff -up openssh/auth2-hostbased.c.role-mls openssh/auth2-hostbased.c
--- openssh-6.8p1/auth2-hostbased.c.role-mls	2015-03-17 06:49:20.000000000 +0100
+--- openssh/auth2-hostbased.c.role-mls	2016-07-24 13:50:13.000000000 +0200
-+++ openssh-6.8p1/auth2-hostbased.c	2015-03-18 11:04:21.046817119 +0100
+++ openssh/auth2-hostbased.c	2016-07-26 12:37:48.794593332 +0200
-@@ -122,7 +122,15 @@ userauth_hostbased(Authctxt *authctxt)
+@@ -121,7 +121,15 @@ userauth_hostbased(Authctxt *authctxt)
 	buffer_put_string(&b, session_id2, session_id2_len);
 	/* reconstruct packet */
 	buffer_put_char(&b, SSH2_MSG_USERAUTH_REQUEST);
@ -128,10 +128,10 @@ diff -up openssh-6.8p1/auth2-hostbased.c.role-mls openssh-6.8p1/auth2-hostbased.
 	buffer_put_cstring(&b, service);
 	buffer_put_cstring(&b, "hostbased");
 	buffer_put_string(&b, pkalg, alen);
-diff -up openssh-6.8p1/auth2-pubkey.c.role-mls openssh-6.8p1/auth2-pubkey.c
+diff -up openssh/auth2-pubkey.c.role-mls openssh/auth2-pubkey.c
--- openssh-6.8p1/auth2-pubkey.c.role-mls	2015-03-17 06:49:20.000000000 +0100
+--- openssh/auth2-pubkey.c.role-mls	2016-07-24 13:50:13.000000000 +0200
-+++ openssh-6.8p1/auth2-pubkey.c	2015-03-18 11:04:21.046817119 +0100
+++ openssh/auth2-pubkey.c	2016-07-26 12:37:48.794593332 +0200
-@@ -145,9 +145,11 @@ userauth_pubkey(Authctxt *authctxt)
+@@ -151,9 +151,11 @@ userauth_pubkey(Authctxt *authctxt)
 		}
 		/* reconstruct packet */
 		buffer_put_char(&b, SSH2_MSG_USERAUTH_REQUEST);
@ -145,9 +145,9 @@ diff -up openssh-6.8p1/auth2-pubkey.c.role-mls openssh-6.8p1/auth2-pubkey.c
 		buffer_put_cstring(&b, userstyle);
 		free(userstyle);
 		buffer_put_cstring(&b,
-diff -up openssh-6.8p1/auth2.c.role-mls openssh-6.8p1/auth2.c
+diff -up openssh/auth2.c.role-mls openssh/auth2.c
--- openssh-6.8p1/auth2.c.role-mls	2015-03-17 06:49:20.000000000 +0100
+--- openssh/auth2.c.role-mls	2016-07-24 13:50:13.000000000 +0200
-+++ openssh-6.8p1/auth2.c	2015-03-18 11:04:21.046817119 +0100
+++ openssh/auth2.c	2016-07-26 12:37:48.794593332 +0200
@@ -215,6 +215,9 @@ input_userauth_request(int type, u_int32
 	Authctxt *authctxt = ctxt;
 	Authmethod *m = NULL;
@ -187,10 +187,10 @@ diff -up openssh-6.8p1/auth2.c.role-mls openssh-6.8p1/auth2.c
 		userauth_banner();
 		if (auth2_setup_methods_lists(authctxt) != 0)
 			packet_disconnect("no authentication methods enabled");
-diff -up openssh-6.8p1/misc.c.role-mls openssh-6.8p1/misc.c
+diff -up openssh/misc.c.role-mls openssh/misc.c
--- openssh-6.8p1/misc.c.role-mls	2015-03-17 06:49:20.000000000 +0100
+--- openssh/misc.c.role-mls	2016-07-24 13:50:13.000000000 +0200
-+++ openssh-6.8p1/misc.c	2015-03-18 11:04:21.046817119 +0100
+++ openssh/misc.c	2016-07-26 12:37:48.794593332 +0200
-@@ -431,6 +431,7 @@ char *
+@@ -432,6 +432,7 @@ char *
 colon(char *cp)
 {
 	int flag = 0;
@ -198,7 +198,7 @@ diff -up openssh-6.8p1/misc.c.role-mls openssh-6.8p1/misc.c
 	if (*cp == ':')		/* Leading colon is part of file name. */
 		return NULL;
-@@ -446,6 +447,13 @@ colon(char *cp)
+@@ -447,6 +448,13 @@ colon(char *cp)
 			return (cp);
 		if (*cp == '/')
 			return NULL;
@ -212,10 +212,10 @@ diff -up openssh-6.8p1/misc.c.role-mls openssh-6.8p1/misc.c
 	}
 	return NULL;
 }
-diff -up openssh-6.8p1/monitor.c.role-mls openssh-6.8p1/monitor.c
+diff -up openssh/monitor.c.role-mls openssh/monitor.c
--- openssh-6.8p1/monitor.c.role-mls	2015-03-17 06:49:20.000000000 +0100
+--- openssh/monitor.c.role-mls	2016-07-24 13:50:13.000000000 +0200
-+++ openssh-6.8p1/monitor.c	2015-03-18 11:04:21.047817117 +0100
+++ openssh/monitor.c	2016-07-26 12:44:19.363379490 +0200
-@@ -127,6 +127,9 @@ int mm_answer_sign(int, Buffer *);
+@@ -128,6 +128,9 @@ int mm_answer_sign(int, Buffer *);
 int mm_answer_pwnamallow(int, Buffer *);
 int mm_answer_auth2_read_banner(int, Buffer *);
 int mm_answer_authserv(int, Buffer *);
@ -225,7 +225,7 @@ diff -up openssh-6.8p1/monitor.c.role-mls openssh-6.8p1/monitor.c
 int mm_answer_authpassword(int, Buffer *);
 int mm_answer_bsdauthquery(int, Buffer *);
 int mm_answer_bsdauthrespond(int, Buffer *);
-@@ -206,6 +209,9 @@ struct mon_table mon_dispatch_proto20[]
+@@ -207,6 +210,9 @@ struct mon_table mon_dispatch_proto20[]
     {MONITOR_REQ_SIGN, MON_ONCE, mm_answer_sign},
     {MONITOR_REQ_PWNAM, MON_ONCE, mm_answer_pwnamallow},
     {MONITOR_REQ_AUTHSERV, MON_ONCE, mm_answer_authserv},
@ -235,7 +235,7 @@ diff -up openssh-6.8p1/monitor.c.role-mls openssh-6.8p1/monitor.c
     {MONITOR_REQ_AUTH2_READ_BANNER, MON_ONCE, mm_answer_auth2_read_banner},
     {MONITOR_REQ_AUTHPASSWORD, MON_AUTH, mm_answer_authpassword},
 #ifdef USE_PAM
-@@ -862,6 +868,9 @@ mm_answer_pwnamallow(int sock, Buffer *m
+@@ -863,6 +869,9 @@ mm_answer_pwnamallow(int sock, Buffer *m
 	else {
 		/* Allow service/style information on the auth context */
 		monitor_permit(mon_dispatch, MONITOR_REQ_AUTHSERV, 1);
@ -245,7 +245,7 @@ diff -up openssh-6.8p1/monitor.c.role-mls openssh-6.8p1/monitor.c
 		monitor_permit(mon_dispatch, MONITOR_REQ_AUTH2_READ_BANNER, 1);
 	}
 #ifdef USE_PAM
-@@ -903,6 +912,25 @@ mm_answer_authserv(int sock, Buffer *m)
+@@ -904,6 +913,25 @@ mm_answer_authserv(int sock, Buffer *m)
 	return (0);
 }
@ -271,25 +271,25 @@ diff -up openssh-6.8p1/monitor.c.role-mls openssh-6.8p1/monitor.c
 int
 mm_answer_authpassword(int sock, Buffer *m)
 {
-@@ -1291,7 +1319,7 @@ static int
+@@ -1300,7 +1328,7 @@ monitor_valid_userblob(u_char *data, u_i
 monitor_valid_userblob(u_char *data, u_int datalen)
 {
 	Buffer b;
-	char *p, *userstyle;
+ 	u_char *p;
-+	char *p, *r, *userstyle;
+-	char *userstyle, *cp;
 +	char *userstyle, *r, *cp;
 	u_int len;
 	int fail = 0;
-@@ -1317,6 +1345,8 @@ monitor_valid_userblob(u_char *data, u_i
+@@ -1326,6 +1354,8 @@ monitor_valid_userblob(u_char *data, u_i
 	if (buffer_get_char(&b) != SSH2_MSG_USERAUTH_REQUEST)
 		fail++;
- 	p = buffer_get_cstring(&b, NULL);
+ 	cp = buffer_get_cstring(&b, NULL);
 +	if ((r = strchr(p, '/')) != NULL)
 +		*r = '\0';
 	xasprintf(&userstyle, "%s%s%s", authctxt->user,
 	    authctxt->style ? ":" : "",
 	    authctxt->style ? authctxt->style : "");
-@@ -1352,7 +1382,7 @@ monitor_valid_hostbasedblob(u_char *data
+@@ -1361,7 +1391,7 @@ monitor_valid_hostbasedblob(u_char *data
     char *chost)
 {
 	Buffer b;
@ -298,7 +298,7 @@ diff -up openssh-6.8p1/monitor.c.role-mls openssh-6.8p1/monitor.c
 	u_int len;
 	int fail = 0;
-@@ -1369,6 +1399,8 @@ monitor_valid_hostbasedblob(u_char *data
+@@ -1378,6 +1408,8 @@ monitor_valid_hostbasedblob(u_char *data
 	if (buffer_get_char(&b) != SSH2_MSG_USERAUTH_REQUEST)
 		fail++;
 	p = buffer_get_cstring(&b, NULL);
@ -307,9 +307,9 @@ diff -up openssh-6.8p1/monitor.c.role-mls openssh-6.8p1/monitor.c
 	xasprintf(&userstyle, "%s%s%s", authctxt->user,
 	    authctxt->style ? ":" : "",
 	    authctxt->style ? authctxt->style : "");
-diff -up openssh-6.8p1/monitor.h.role-mls openssh-6.8p1/monitor.h
+diff -up openssh/monitor.h.role-mls openssh/monitor.h
--- openssh-6.8p1/monitor.h.role-mls	2015-03-17 06:49:20.000000000 +0100
+--- openssh/monitor.h.role-mls	2016-07-24 13:50:13.000000000 +0200
-+++ openssh-6.8p1/monitor.h	2015-03-18 11:04:21.047817117 +0100
+++ openssh/monitor.h	2016-07-26 12:37:48.795593331 +0200
@@ -57,6 +57,10 @@ enum monitor_reqtype {
 	MONITOR_REQ_GSSCHECKMIC = 48, MONITOR_ANS_GSSCHECKMIC = 49,
 	MONITOR_REQ_TERM = 50,
@ -321,10 +321,10 @@ diff -up openssh-6.8p1/monitor.h.role-mls openssh-6.8p1/monitor.h
 	MONITOR_REQ_PAM_START = 100,
 	MONITOR_REQ_PAM_ACCOUNT = 102, MONITOR_ANS_PAM_ACCOUNT = 103,
 	MONITOR_REQ_PAM_INIT_CTX = 104, MONITOR_ANS_PAM_INIT_CTX = 105,
-diff -up openssh-6.8p1/monitor_wrap.c.role-mls openssh-6.8p1/monitor_wrap.c
+diff -up openssh/monitor_wrap.c.role-mls openssh/monitor_wrap.c
--- openssh-6.8p1/monitor_wrap.c.role-mls	2015-03-17 06:49:20.000000000 +0100
+--- openssh/monitor_wrap.c.role-mls	2016-07-24 13:50:13.000000000 +0200
-+++ openssh-6.8p1/monitor_wrap.c	2015-03-18 11:04:21.047817117 +0100
+++ openssh/monitor_wrap.c	2016-07-26 12:37:48.795593331 +0200
-@@ -347,6 +347,25 @@ mm_inform_authserv(char *service, char *
+@@ -346,6 +346,25 @@ mm_inform_authserv(char *service, char *
 	buffer_free(&m);
 }
@ -350,9 +350,9 @@ diff -up openssh-6.8p1/monitor_wrap.c.role-mls openssh-6.8p1/monitor_wrap.c
 /* Do the password authentication */
 int
 mm_auth_password(Authctxt *authctxt, char *password)
-diff -up openssh-6.8p1/monitor_wrap.h.role-mls openssh-6.8p1/monitor_wrap.h
+diff -up openssh/monitor_wrap.h.role-mls openssh/monitor_wrap.h
--- openssh-6.8p1/monitor_wrap.h.role-mls	2015-03-18 11:04:21.047817117 +0100
+--- openssh/monitor_wrap.h.role-mls	2016-07-24 13:50:13.000000000 +0200
-+++ openssh-6.8p1/monitor_wrap.h	2015-03-18 11:10:32.343936171 +0100
+++ openssh/monitor_wrap.h	2016-07-26 12:37:48.795593331 +0200
@@ -42,6 +42,9 @@ int mm_is_monitor(void);
 DH *mm_choose_dh(int, int, int);
 int mm_key_sign(Key *, u_char **, u_int *, const u_char *, u_int, const char *);
@ -363,21 +363,21 @@ diff -up openssh-6.8p1/monitor_wrap.h.role-mls openssh-6.8p1/monitor_wrap.h
 struct passwd *mm_getpwnamallow(const char *);
 char *mm_auth2_read_banner(void);
 int mm_auth_password(struct Authctxt *, char *);
-diff -up openssh-6.8p1/openbsd-compat/Makefile.in.role-mls openssh-6.8p1/openbsd-compat/Makefile.in
+diff -up openssh/openbsd-compat/Makefile.in.role-mls openssh/openbsd-compat/Makefile.in
--- openssh-6.8p1/openbsd-compat/Makefile.in.role-mls	2015-03-17 06:49:20.000000000 +0100
+--- openssh/openbsd-compat/Makefile.in.role-mls	2016-07-24 13:50:13.000000000 +0200
-+++ openssh-6.8p1/openbsd-compat/Makefile.in	2015-03-18 11:04:21.047817117 +0100
+++ openssh/openbsd-compat/Makefile.in	2016-07-26 12:37:48.795593331 +0200
@@ -20,7 +20,7 @@ OPENBSD=base64.o basename.o bcrypt_pbkdf
- COMPAT=arc4random.o bsd-asprintf.o bsd-closefrom.o bsd-cray.o bsd-cygwin_util.o bsd-getpeereid.o getrrsetbyname-ldns.o bsd-misc.o bsd-nextstep.o bsd-openpty.o bsd-poll.o bsd-setres_id.o bsd-snprintf.o bsd-statvfs.o bsd-waitpid.o fake-rfc2553.o openssl-compat.o xmmap.o xcrypt.o kludge-fd_set.o
+ COMPAT=arc4random.o bsd-asprintf.o bsd-closefrom.o bsd-cray.o bsd-cygwin_util.o bsd-getpeereid.o getrrsetbyname-ldns.o bsd-err.o bsd-misc.o bsd-nextstep.o bsd-openpty.o bsd-poll.o bsd-setres_id.o bsd-snprintf.o bsd-statvfs.o bsd-waitpid.o fake-rfc2553.o openssl-compat.o xmmap.o xcrypt.o kludge-fd_set.o
 -PORTS=port-aix.o port-irix.o port-linux.o port-solaris.o port-tun.o port-uw.o
 +PORTS=port-aix.o port-irix.o port-linux.o port-linux-sshd.o port-solaris.o port-tun.o port-uw.o
 .c.o:
 	$(CC) $(CFLAGS) $(CPPFLAGS) -c $<
-diff -up openssh-6.8p1/openbsd-compat/port-linux-sshd.c.role-mls openssh-6.8p1/openbsd-compat/port-linux-sshd.c
+diff -up openssh/openbsd-compat/port-linux-sshd.c.role-mls openssh/openbsd-compat/port-linux-sshd.c
--- openssh-6.8p1/openbsd-compat/port-linux-sshd.c.role-mls	2015-03-18 11:04:21.048817114 +0100
+--- openssh/openbsd-compat/port-linux-sshd.c.role-mls	2016-07-26 12:37:48.796593331 +0200
-+++ openssh-6.8p1/openbsd-compat/port-linux-sshd.c	2015-03-18 11:04:21.048817114 +0100
+++ openssh/openbsd-compat/port-linux-sshd.c	2016-07-26 12:37:48.796593331 +0200
@@ -0,0 +1,424 @@
 +/*
 + * Copyright (c) 2005 Daniel Walsh <dwalsh@redhat.com>
@ -803,9 +803,9 @@ diff -up openssh-6.8p1/openbsd-compat/port-linux-sshd.c.role-mls openssh-6.8p1/o
 +#endif
 +#endif
 +
-diff -up openssh-6.8p1/openbsd-compat/port-linux.c.role-mls openssh-6.8p1/openbsd-compat/port-linux.c
+diff -up openssh/openbsd-compat/port-linux.c.role-mls openssh/openbsd-compat/port-linux.c
--- openssh-6.8p1/openbsd-compat/port-linux.c.role-mls	2015-03-17 06:49:20.000000000 +0100
+--- openssh/openbsd-compat/port-linux.c.role-mls	2016-07-24 13:50:13.000000000 +0200
-+++ openssh-6.8p1/openbsd-compat/port-linux.c	2015-03-18 11:04:21.048817114 +0100
+++ openssh/openbsd-compat/port-linux.c	2016-07-26 12:37:48.796593331 +0200
@@ -103,37 +103,6 @@ ssh_selinux_getctxbyname(char *pwname)
 	return sc;
 }
@ -844,51 +844,7 @@ diff -up openssh-6.8p1/openbsd-compat/port-linux.c.role-mls openssh-6.8p1/openbs
 /* Set the TTY context for the specified user */
 void
 ssh_selinux_setup_pty(char *pwname, const char *tty)
-diff -up openssh-6.8p1/openbsd-compat/port-linux.h.role-mls openssh-6.8p1/openbsd-compat/port-linux.h
+@@ -147,7 +116,11 @@ ssh_selinux_setup_pty(char *pwname, cons
 --- openssh-6.8p1/openbsd-compat/port-linux.h.role-mls	2015-03-17 06:49:20.000000000 +0100
 +++ openssh-6.8p1/openbsd-compat/port-linux.h	2015-03-18 11:04:21.048817114 +0100
@@ -22,9 +22,10 @@
 #ifdef WITH_SELINUX
 int ssh_selinux_enabled(void);
 void ssh_selinux_setup_pty(char *, const char *);
 -void ssh_selinux_setup_exec_context(char *);
 void ssh_selinux_change_context(const char *);
 void ssh_selinux_setfscreatecon(const char *);
 +
 +void sshd_selinux_setup_exec_context(char *);
 #endif
 #ifdef LINUX_OOM_ADJUST
 diff -up openssh-6.8p1/platform.c.role-mls openssh-6.8p1/platform.c
 --- openssh-6.8p1/platform.c.role-mls	2015-03-17 06:49:20.000000000 +0100
 +++ openssh-6.8p1/platform.c	2015-03-18 11:04:21.048817114 +0100
@@ -184,7 +184,7 @@ platform_setusercontext_post_groups(stru
 	}
 #endif /* HAVE_SETPCRED */
 #ifdef WITH_SELINUX
 -	ssh_selinux_setup_exec_context(pw->pw_name);
 +	sshd_selinux_setup_exec_context(pw->pw_name);
 #endif
 }
 diff -up openssh-6.8p1/sshd.c.role-mls openssh-6.8p1/sshd.c
 --- openssh-6.8p1/sshd.c.role-mls	2015-03-17 06:49:20.000000000 +0100
 +++ openssh-6.8p1/sshd.c	2015-03-18 11:04:21.048817114 +0100
@@ -2220,6 +2220,9 @@ main(int ac, char **av)
 		restore_uid();
 	}
 #endif
 +#ifdef WITH_SELINUX
 +	sshd_selinux_setup_exec_context(authctxt->pw->pw_name);
 +#endif
 #ifdef USE_PAM
 	if (options.use_pam) {
 		do_pam_setcred(1);
 diff --git a/openbsd-compat/port-linux.c b/openbsd-compat/port-linux.c
 index 22ea8ef..2660085 100644
 --- a/openbsd-compat/port-linux.c
 +++ b/openbsd-compat/port-linux.c
@@ -116,7 +116,11 @@ ssh_selinux_setup_pty(char *pwname, const char *tty)
 	debug3("%s: setting TTY context on %s", __func__, tty);
@ -901,3 +857,43 @@ index 22ea8ef..2660085 100644
 	/* XXX: should these calls fatal() upon failure in enforcing mode? */
 diff -up openssh/openbsd-compat/port-linux.h.role-mls openssh/openbsd-compat/port-linux.h
 --- openssh/openbsd-compat/port-linux.h.role-mls	2016-07-24 13:50:13.000000000 +0200
 +++ openssh/openbsd-compat/port-linux.h	2016-07-26 12:37:48.796593331 +0200
@@ -22,9 +22,10 @@
 #ifdef WITH_SELINUX
 int ssh_selinux_enabled(void);
 void ssh_selinux_setup_pty(char *, const char *);
 -void ssh_selinux_setup_exec_context(char *);
 void ssh_selinux_change_context(const char *);
 void ssh_selinux_setfscreatecon(const char *);
 +
 +void sshd_selinux_setup_exec_context(char *);
 #endif
 #ifdef LINUX_OOM_ADJUST
 diff -up openssh/platform.c.role-mls openssh/platform.c
 --- openssh/platform.c.role-mls	2016-07-24 13:50:13.000000000 +0200
 +++ openssh/platform.c	2016-07-26 12:37:48.796593331 +0200
@@ -186,7 +186,7 @@ platform_setusercontext_post_groups(stru
 	}
 #endif /* HAVE_SETPCRED */
 #ifdef WITH_SELINUX
 -	ssh_selinux_setup_exec_context(pw->pw_name);
 +	sshd_selinux_setup_exec_context(pw->pw_name);
 #endif
 }
 diff -up openssh/sshd.c.role-mls openssh/sshd.c
 --- openssh/sshd.c.role-mls	2016-07-24 13:50:13.000000000 +0200
 +++ openssh/sshd.c	2016-07-26 12:37:48.796593331 +0200
@@ -2295,6 +2295,9 @@ main(int ac, char **av)
 		restore_uid();
 	}
 #endif
 +#ifdef WITH_SELINUX
 +	sshd_selinux_setup_exec_context(authctxt->pw->pw_name);
 +#endif
 #ifdef USE_PAM
 	if (options.use_pam) {
 		do_pam_setcred(1);
--- a/openssh-7.2p1-fips.patch
+++ b/openssh-7.2p1-fips.patch
@ -320,7 +320,7 @@ diff -up openssh-7.2p1/myproposal.h.fips openssh-7.2p1/myproposal.h
 +#define KEX_DEFAULT_KEX_FIPS		\
 +	KEX_ECDH_METHODS \
-+	KEX_SHA256_METHODS \
+	KEX_SHA2_METHODS \
 +	"diffie-hellman-group-exchange-sha1," \
 +	"diffie-hellman-group14-sha1"
 +#define	KEX_FIPS_ENCRYPT \
@ -705,10 +705,10 @@ index 7efe312..bcf2ae1 100644
 #define KEX_DEFAULT_KEX_FIPS		\
 	KEX_ECDH_METHODS \
-	KEX_SHA256_METHODS \
+-	KEX_SHA2_METHODS \
 -	"diffie-hellman-group-exchange-sha1," \
 -	"diffie-hellman-group14-sha1"
-+	KEX_SHA256_METHODS
+	KEX_SHA2_METHODS
 #define	KEX_FIPS_ENCRYPT \
 	"aes128-ctr,aes192-ctr,aes256-ctr," \
 	"aes128-cbc,3des-cbc," \
--- a/openssh.spec
+++ b/openssh.spec
@ -65,10 +65,10 @@
 %endif
 # Do not forget to bump pam_ssh_agent_auth release if you rewind the main package release to 1
-%global openssh_ver 7.2p2
+%global openssh_ver 7.3p1
-%global openssh_rel 11
+%global openssh_rel 1
 %global pam_ssh_agent_ver 0.10.2
-%global pam_ssh_agent_rel 3
+%global pam_ssh_agent_rel 4
 Summary: An open source implementation of SSH protocol versions 1 and 2
 Name: openssh
@ -798,6 +798,9 @@ getent passwd sshd >/dev/null || \
 %endif
 %changelog
 * Tue Aug 02 2016 Jakub Jelen <jjelen@redhat.com> - 7.3p1-1 + 0.10.2-4
 - New upstream release (#1362156)
 * Tue Jul 26 2016 Jakub Jelen <jjelen@redhat.com> - 7.2p2-11 + 0.10.2-3
 - Remove slogin and sshd-keygen (#1359762)
 - Prevent guest_t from running sudo (#1357860)