From 2a8cc759e22442a6bd0c5a2ceed4b9a9b392183c Mon Sep 17 00:00:00 2001 From: CentOS Sources Date: Tue, 3 Nov 2020 06:43:18 -0500 Subject: [PATCH] import openssh-8.0p1-5.el8 --- SOURCES/openssh-6.6p1-ctr-cavstest.patch | 4 +- SOURCES/openssh-6.6p1-keycat.patch | 4 +- SOURCES/openssh-6.7p1-kdf-cavs.patch | 2 +- SOURCES/openssh-6.7p1-ldap.patch | 2 +- SOURCES/openssh-7.7p1-fips.patch | 126 ++----- SOURCES/openssh-7.7p1-redhat.patch | 16 +- SOURCES/openssh-8.0p1-crypto-policies.patch | 356 +++++++++++++++---- SOURCES/openssh-8.0p1-entropy.patch | 68 ++-- SOURCES/openssh-8.0p1-gssapi-keyex.patch | 72 ++-- SOURCES/openssh-8.0p1-keygen-sha2.patch | 107 ++++++ SOURCES/openssh-8.0p1-keyscan-rsa-sha2.patch | 33 ++ SOURCES/openssh-8.0p1-pkcs11-uri.patch | 3 +- SOURCES/openssh-8.0p1-proxyjump-loops.patch | 33 ++ SOURCES/openssh-8.0p1-rdomain.patch | 44 +++ SOURCES/openssh-8.0p1-x11-without-ipv6.patch | 30 ++ SPECS/openssh.spec | 48 ++- 16 files changed, 700 insertions(+), 248 deletions(-) create mode 100644 SOURCES/openssh-8.0p1-keygen-sha2.patch create mode 100644 SOURCES/openssh-8.0p1-keyscan-rsa-sha2.patch create mode 100644 SOURCES/openssh-8.0p1-proxyjump-loops.patch create mode 100644 SOURCES/openssh-8.0p1-rdomain.patch create mode 100644 SOURCES/openssh-8.0p1-x11-without-ipv6.patch diff --git a/SOURCES/openssh-6.6p1-ctr-cavstest.patch b/SOURCES/openssh-6.6p1-ctr-cavstest.patch index 2e31fbf..e906b70 100644 --- a/SOURCES/openssh-6.6p1-ctr-cavstest.patch +++ b/SOURCES/openssh-6.6p1-ctr-cavstest.patch @@ -20,10 +20,10 @@ diff -up openssh-6.8p1/Makefile.in.ctr-cavs openssh-6.8p1/Makefile.in ssh-xmss.o \ @@ -194,6 +195,9 @@ ssh-ldap-helper$(EXEEXT): $(LIBCOMPAT) l ssh-keycat$(EXEEXT): $(LIBCOMPAT) $(SSHDOBJS) libssh.a ssh-keycat.o uidswap.o - $(LD) -o $@ ssh-keycat.o uidswap.o $(LDFLAGS) -lssh -lopenbsd-compat -lfipscheck $(KEYCATLIBS) $(LIBS) + $(LD) -o $@ ssh-keycat.o uidswap.o $(LDFLAGS) -lssh -lopenbsd-compat $(KEYCATLIBS) $(LIBS) +ctr-cavstest$(EXEEXT): $(LIBCOMPAT) libssh.a ctr-cavstest.o -+ $(LD) -o $@ ctr-cavstest.o $(LDFLAGS) -lssh -lopenbsd-compat -lssh -lfipscheck $(LIBS) ++ $(LD) -o $@ ctr-cavstest.o $(LDFLAGS) -lssh -lopenbsd-compat -lssh $(LIBS) + ssh-keyscan$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-keyscan.o $(LD) -o $@ ssh-keyscan.o $(LDFLAGS) -lssh -lopenbsd-compat -lssh $(LIBS) diff --git a/SOURCES/openssh-6.6p1-keycat.patch b/SOURCES/openssh-6.6p1-keycat.patch index e22a5f3..c658a87 100644 --- a/SOURCES/openssh-6.6p1-keycat.patch +++ b/SOURCES/openssh-6.6p1-keycat.patch @@ -62,10 +62,10 @@ diff -up openssh/Makefile.in.keycat openssh/Makefile.in ssh-xmss.o \ @@ -190,6 +191,9 @@ ssh-pkcs11-helper$(EXEEXT): $(LIBCOMPAT) ssh-ldap-helper$(EXEEXT): $(LIBCOMPAT) libssh.a ldapconf.o ldapbody.o ldapmisc.o ldap-helper.o - $(LD) -o $@ ldapconf.o ldapbody.o ldapmisc.o ldap-helper.o $(LDFLAGS) -lssh -lopenbsd-compat -lssh -lopenbsd-compat -lfipscheck $(LIBS) $(LDAPLIBS) + $(LD) -o $@ ldapconf.o ldapbody.o ldapmisc.o ldap-helper.o $(LDFLAGS) -lssh -lopenbsd-compat -lssh -lopenbsd-compat $(LIBS) $(LDAPLIBS) +ssh-keycat$(EXEEXT): $(LIBCOMPAT) $(SSHDOBJS) libssh.a ssh-keycat.o uidswap.o -+ $(LD) -o $@ ssh-keycat.o uidswap.o $(LDFLAGS) -lssh -lopenbsd-compat -lfipscheck $(KEYCATLIBS) $(LIBS) ++ $(LD) -o $@ ssh-keycat.o uidswap.o $(LDFLAGS) -lssh -lopenbsd-compat $(KEYCATLIBS) $(LIBS) + ssh-keyscan$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-keyscan.o $(LD) -o $@ ssh-keyscan.o $(LDFLAGS) -lssh -lopenbsd-compat -lssh $(LIBS) diff --git a/SOURCES/openssh-6.7p1-kdf-cavs.patch b/SOURCES/openssh-6.7p1-kdf-cavs.patch index a5beb8c..549cde4 100644 --- a/SOURCES/openssh-6.7p1-kdf-cavs.patch +++ b/SOURCES/openssh-6.7p1-kdf-cavs.patch @@ -20,7 +20,7 @@ diff -up openssh-6.8p1/Makefile.in.kdf-cavs openssh-6.8p1/Makefile.in ssh-xmss.o \ @@ -198,6 +199,9 @@ ssh-keycat$(EXEEXT): $(LIBCOMPAT) $(SSHD ctr-cavstest$(EXEEXT): $(LIBCOMPAT) libssh.a ctr-cavstest.o - $(LD) -o $@ ctr-cavstest.o $(LDFLAGS) -lssh -lopenbsd-compat -lssh -lfipscheck $(LIBS) + $(LD) -o $@ ctr-cavstest.o $(LDFLAGS) -lssh -lopenbsd-compat -lssh $(LIBS) +ssh-cavs$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-cavs.o + $(LD) -o $@ ssh-cavs.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS) diff --git a/SOURCES/openssh-6.7p1-ldap.patch b/SOURCES/openssh-6.7p1-ldap.patch index a8770e0..e5de1bb 100644 --- a/SOURCES/openssh-6.7p1-ldap.patch +++ b/SOURCES/openssh-6.7p1-ldap.patch @@ -171,7 +171,7 @@ diff -up openssh-6.8p1/Makefile.in.ldap openssh-6.8p1/Makefile.in $(LD) -o $@ ssh-pkcs11-helper.o ssh-pkcs11.o $(LDFLAGS) -lssh -lopenbsd-compat -lssh -lopenbsd-compat $(LIBS) +ssh-ldap-helper$(EXEEXT): $(LIBCOMPAT) libssh.a ldapconf.o ldapbody.o ldapmisc.o ldap-helper.o -+ $(LD) -o $@ ldapconf.o ldapbody.o ldapmisc.o ldap-helper.o $(LDFLAGS) -lssh -lopenbsd-compat -lssh -lopenbsd-compat -lfipscheck $(LIBS) $(LDAPLIBS) ++ $(LD) -o $@ ldapconf.o ldapbody.o ldapmisc.o ldap-helper.o $(LDFLAGS) -lssh -lopenbsd-compat -lssh -lopenbsd-compat $(LIBS) $(LDAPLIBS) + ssh-keyscan$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-keyscan.o $(LD) -o $@ ssh-keyscan.o $(LDFLAGS) -lssh -lopenbsd-compat -lssh $(LIBS) diff --git a/SOURCES/openssh-7.7p1-fips.patch b/SOURCES/openssh-7.7p1-fips.patch index 90b4fba..32091e3 100644 --- a/SOURCES/openssh-7.7p1-fips.patch +++ b/SOURCES/openssh-7.7p1-fips.patch @@ -127,50 +127,6 @@ diff -up openssh-7.9p1/kexgexc.c.fips openssh-7.9p1/kexgexc.c p = g = NULL; /* belong to kex->dh now */ /* generate and send 'e', client DH public key */ -diff -up openssh-7.9p1/Makefile.in.fips openssh-7.9p1/Makefile.in ---- openssh-7.9p1/Makefile.in.fips 2019-03-11 17:06:37.615877984 +0100 -+++ openssh-7.9p1/Makefile.in 2019-03-11 17:06:37.621878041 +0100 -@@ -179,25 +179,25 @@ libssh.a: $(LIBSSH_OBJS) - $(RANLIB) $@ - - ssh$(EXEEXT): $(LIBCOMPAT) libssh.a $(SSHOBJS) -- $(LD) -o $@ $(SSHOBJS) $(LDFLAGS) -lssh -lopenbsd-compat $(SSHLIBS) $(LIBS) $(GSSLIBS) -+ $(LD) -o $@ $(SSHOBJS) $(LDFLAGS) -lssh -lopenbsd-compat -lfipscheck $(SSHLIBS) $(LIBS) $(GSSLIBS) - - sshd$(EXEEXT): libssh.a $(LIBCOMPAT) $(SSHDOBJS) -- $(LD) -o $@ $(SSHDOBJS) $(LDFLAGS) -lssh -lopenbsd-compat $(SSHDLIBS) $(LIBS) $(GSSLIBS) $(K5LIBS) -+ $(LD) -o $@ $(SSHDOBJS) $(LDFLAGS) -lssh -lopenbsd-compat -lfipscheck $(SSHDLIBS) $(LIBS) $(GSSLIBS) $(K5LIBS) - - scp$(EXEEXT): $(LIBCOMPAT) libssh.a scp.o progressmeter.o - $(LD) -o $@ scp.o progressmeter.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS) - - ssh-add$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-add.o -- $(LD) -o $@ ssh-add.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS) -+ $(LD) -o $@ ssh-add.o $(LDFLAGS) -lssh -lopenbsd-compat -lfipscheck $(LIBS) - - ssh-agent$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-agent.o ssh-pkcs11-client.o -- $(LD) -o $@ ssh-agent.o ssh-pkcs11-client.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS) -+ $(LD) -o $@ ssh-agent.o ssh-pkcs11-client.o $(LDFLAGS) -lssh -lopenbsd-compat -lfipscheck $(LIBS) - - ssh-keygen$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-keygen.o -- $(LD) -o $@ ssh-keygen.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS) -+ $(LD) -o $@ ssh-keygen.o $(LDFLAGS) -lssh -lopenbsd-compat -lfipscheck $(LIBS) - - ssh-keysign$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-keysign.o readconf.o uidswap.o compat.o -- $(LD) -o $@ ssh-keysign.o readconf.o uidswap.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS) -+ $(LD) -o $@ ssh-keysign.o readconf.o uidswap.o $(LDFLAGS) -lssh -lopenbsd-compat -lfipscheck $(LIBS) - - ssh-pkcs11-helper$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-pkcs11-helper.o ssh-pkcs11.o - $(LD) -o $@ ssh-pkcs11-helper.o ssh-pkcs11.o $(LDFLAGS) -lssh -lopenbsd-compat -lssh -lopenbsd-compat $(LIBS) -@@ -215,7 +215,7 @@ ssh-cavs$(EXEEXT): $(LIBCOMPAT) libssh.a - $(LD) -o $@ ssh-cavs.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS) - - ssh-keyscan$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-keyscan.o -- $(LD) -o $@ ssh-keyscan.o $(LDFLAGS) -lssh -lopenbsd-compat -lssh $(LIBS) -+ $(LD) -o $@ ssh-keyscan.o $(LDFLAGS) -lssh -lopenbsd-compat -lssh -lfipscheck $(LIBS) - - sftp-server$(EXEEXT): $(LIBCOMPAT) libssh.a sftp.o sftp-common.o sftp-server.o sftp-server-main.o - $(LD) -o $@ sftp-server.o sftp-common.o sftp-server-main.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS) diff -up openssh-7.9p1/myproposal.h.fips openssh-7.9p1/myproposal.h --- openssh-7.9p1/myproposal.h.fips 2018-10-17 02:01:20.000000000 +0200 +++ openssh-7.9p1/myproposal.h 2019-03-11 17:06:37.621878041 +0100 @@ -309,43 +265,25 @@ diff -up openssh-7.9p1/servconf.c.fips openssh-7.9p1/servconf.c diff -up openssh-7.9p1/ssh.c.fips openssh-7.9p1/ssh.c --- openssh-7.9p1/ssh.c.fips 2019-03-11 17:06:37.602877862 +0100 +++ openssh-7.9p1/ssh.c 2019-03-11 17:06:37.623878060 +0100 -@@ -76,6 +76,8 @@ +@@ -76,6 +76,7 @@ #include #include #endif +#include -+#include #include "openbsd-compat/openssl-compat.h" #include "openbsd-compat/sys-queue.h" -@@ -600,6 +602,16 @@ main(int ac, char **av) - sanitise_stdfd(); - - __progname = ssh_get_progname(av[0]); -+#if OPENSSL_VERSION_NUMBER < 0x10100000L -+ SSLeay_add_all_algorithms(); -+#endif -+ if (access("/etc/system-fips", F_OK) == 0) -+ if (! FIPSCHECK_verify(NULL, NULL)){ -+ if (FIPS_mode()) -+ fatal("FIPS integrity verification test failed."); -+ else -+ logit("FIPS integrity verification test failed."); -+ } - - #ifndef HAVE_SETPROCTITLE - /* Prepare for later setproctitle emulation */ @@ -1283,6 +1294,10 @@ main(int ac, char **av) - - seed_rng(); - -+ if (FIPS_mode()) { -+ logit("FIPS mode initialized"); -+ } + dump_client_config(&options, host); + exit(0); + } + - /* - * Discard other fds that are hanging around. These can cause problem - * with backgrounded ssh processes started by ControlPersist. ++ if (FIPS_mode()) { ++ debug("FIPS mode initialized"); ++ } + + if (muxclient_command != 0 && options.control_path == NULL) + fatal("No ControlPath specified for \"-O\" command"); diff -up openssh-7.9p1/sshconnect2.c.fips openssh-7.9p1/sshconnect2.c --- openssh-7.9p1/sshconnect2.c.fips 2019-03-11 17:06:37.580877655 +0100 +++ openssh-7.9p1/sshconnect2.c 2019-03-11 17:06:37.623878060 +0100 @@ -387,7 +325,7 @@ diff -up openssh-7.9p1/sshconnect2.c.fips openssh-7.9p1/sshconnect2.c /* Prefer algorithms that we already have keys for */ myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = compat_pkalg_proposal( -@@ -201,29 +201,34 @@ ssh_kex2(char *host, struct sockaddr *ho +@@ -201,35 +201,40 @@ ssh_kex2(char *host, struct sockaddr *ho #if defined(GSSAPI) && defined(WITH_OPENSSL) if (options.gss_keyex) { @@ -395,12 +333,18 @@ diff -up openssh-7.9p1/sshconnect2.c.fips openssh-7.9p1/sshconnect2.c - * client to the key exchange algorithm proposal */ - orig = myproposal[PROPOSAL_KEX_ALGS]; - -- if (options.gss_server_identity) +- if (options.gss_server_identity) { - gss_host = xstrdup(options.gss_server_identity); -- else if (options.gss_trust_dns) +- } else if (options.gss_trust_dns) { - gss_host = remote_hostname(ssh); -- else +- /* Fall back to specified host if we are using proxy command +- * and can not use DNS on that socket */ +- if (strcmp(gss_host, "UNKNOWN") == 0) { +- gss_host = xstrdup(host); +- } +- } else { - gss_host = xstrdup(host); +- } - - gss = ssh_gssapi_client_mechanisms(gss_host, - options.gss_client_identity, options.gss_kex_algorithms); @@ -422,12 +366,18 @@ diff -up openssh-7.9p1/sshconnect2.c.fips openssh-7.9p1/sshconnect2.c + * client to the key exchange algorithm proposal */ + orig = myproposal[PROPOSAL_KEX_ALGS]; + -+ if (options.gss_server_identity) ++ if (options.gss_server_identity) { + gss_host = xstrdup(options.gss_server_identity); -+ else if (options.gss_trust_dns) ++ } else if (options.gss_trust_dns) { + gss_host = remote_hostname(ssh); -+ else ++ /* Fall back to specified host if we are using proxy command ++ * and can not use DNS on that socket */ ++ if (strcmp(gss_host, "UNKNOWN") == 0) { ++ gss_host = xstrdup(host); ++ } ++ } else { + gss_host = xstrdup(host); ++ } + + gss = ssh_gssapi_client_mechanisms(gss_host, + options.gss_client_identity, options.gss_kex_algorithms); @@ -456,31 +406,19 @@ diff -up openssh-7.9p1/sshd.c.fips openssh-7.9p1/sshd.c #include #include #include -@@ -77,6 +78,8 @@ +@@ -77,6 +78,7 @@ #include #include #include +#include -+#include #include "openbsd-compat/openssl-compat.h" #endif -@@ -1581,6 +1584,18 @@ main(int ac, char **av) +@@ -1581,6 +1584,7 @@ main(int ac, char **av) #endif __progname = ssh_get_progname(av[0]); + OpenSSL_add_all_algorithms(); -+ if (access("/etc/system-fips", F_OK) == 0) -+ if (! FIPSCHECK_verify(NULL, NULL)) { -+ openlog(__progname, LOG_PID, LOG_AUTHPRIV); -+ if (FIPS_mode()) { -+ syslog(LOG_CRIT, "FIPS integrity verification test failed."); -+ cleanup_exit(255); -+ } -+ else -+ syslog(LOG_INFO, "FIPS integrity verification test failed."); -+ closelog(); -+ } /* Save argv. Duplicate so setproctitle emulation doesn't clobber it */ saved_argc = ac; rexec_argc = ac; @@ -489,7 +427,7 @@ diff -up openssh-7.9p1/sshd.c.fips openssh-7.9p1/sshd.c log_init(__progname, options.log_level, options.log_facility, log_stderr); + if (FIPS_mode()) { -+ logit("FIPS mode initialized"); ++ debug("FIPS mode initialized"); + } + /* Chdir to the root directory so that the current disk can be diff --git a/SOURCES/openssh-7.7p1-redhat.patch b/SOURCES/openssh-7.7p1-redhat.patch index 6fd9daf..1c1d778 100644 --- a/SOURCES/openssh-7.7p1-redhat.patch +++ b/SOURCES/openssh-7.7p1-redhat.patch @@ -1,11 +1,12 @@ diff -up openssh-7.7p1/ssh_config.redhat openssh-7.7p1/ssh_config --- openssh-7.7p1/ssh_config.redhat 2018-04-02 07:38:28.000000000 +0200 +++ openssh-7.7p1/ssh_config 2018-07-03 10:44:06.522245125 +0200 -@@ -44,3 +44,7 @@ +@@ -44,3 +44,8 @@ # VisualHostKey no # ProxyCommand ssh -q -W %h:%p gateway.example.com # RekeyLimit 1G 1h +# ++# This system is following system-wide crypto policy. +# To modify the system-wide ssh configuration, create a *.conf file under +# /etc/ssh/ssh_config.d/ which will be automatically included below +Include /etc/ssh/ssh_config.d/*.conf @@ -66,7 +67,7 @@ diff -up openssh-7.7p1/sshd_config.5.redhat openssh-7.7p1/sshd_config.5 diff -up openssh-7.7p1/sshd_config.redhat openssh-7.7p1/sshd_config --- openssh-7.7p1/sshd_config.redhat 2018-04-02 07:38:28.000000000 +0200 +++ openssh-7.7p1/sshd_config 2018-07-03 10:45:16.950782466 +0200 -@@ -10,20 +10,34 @@ +@@ -10,20 +10,31 @@ # possible, but leave them commented. Uncommented options override the # default value. @@ -89,14 +90,11 @@ diff -up openssh-7.7p1/sshd_config.redhat openssh-7.7p1/sshd_config # Ciphers and keying #RekeyLimit default none -+# System-wide Crypto policy: +# This system is following system-wide crypto policy. The changes to -+# Ciphers, MACs, KexAlgoritms and GSSAPIKexAlgorithsm will not have any -+# effect here. They will be overridden by command-line options passed on -+# the server start up. -+# To opt out, uncomment a line with redefinition of CRYPTO_POLICY= -+# variable in /etc/sysconfig/sshd to overwrite the policy. -+# For more information, see manual page for update-crypto-policies(8). ++# crypto properties (Ciphers, MACs, ...) will not have any effect here. ++# They will be overridden by command-line options passed to the server ++# on command line. ++# Please, check manual pages for update-crypto-policies(8) and sshd_config(5). + # Logging #SyslogFacility AUTH diff --git a/SOURCES/openssh-8.0p1-crypto-policies.patch b/SOURCES/openssh-8.0p1-crypto-policies.patch index ffd4bae..5dc2289 100644 --- a/SOURCES/openssh-8.0p1-crypto-policies.patch +++ b/SOURCES/openssh-8.0p1-crypto-policies.patch @@ -1,7 +1,55 @@ diff -up openssh-8.0p1/ssh_config.5.crypto-policies openssh-8.0p1/ssh_config.5 ---- openssh-8.0p1/ssh_config.5.crypto-policies 2019-05-13 14:04:01.999099570 +0200 -+++ openssh-8.0p1/ssh_config.5 2019-05-13 14:12:36.343923071 +0200 -@@ -445,12 +445,10 @@ aes256-gcm@openssh.com +--- openssh-8.0p1/ssh_config.5.crypto-policies 2020-03-24 17:32:54.821789205 +0100 ++++ openssh-8.0p1/ssh_config.5 2020-03-24 17:59:58.174122920 +0100 +@@ -357,17 +357,17 @@ or + .Qq *.c.example.com + domains. + .It Cm CASignatureAlgorithms ++The default is handled system-wide by ++.Xr crypto-policies 7 . ++To see the current defaults and how to modify them, see manual page ++.Xr update-crypto-policies 8 . ++.Pp + Specifies which algorithms are allowed for signing of certificates + by certificate authorities (CAs). +-The default is: +-.Bd -literal -offset indent +-ecdsa-sha2-nistp256.ecdsa-sha2-nistp384,ecdsa-sha2-nistp521, +-ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa +-.Ed +-.Pp + .Xr ssh 1 + will not accept host certificates signed using algorithms other than those + specified. ++.Pp + .It Cm CertificateFile + Specifies a file from which the user's certificate is read. + A corresponding private key must be provided separately in order +@@ -420,16 +420,21 @@ If the option is set to + .Cm no , + the check will not be executed. + .It Cm Ciphers ++The default is handled system-wide by ++.Xr crypto-policies 7 . ++To see the current defaults and how to modify them, see manual page ++.Xr update-crypto-policies 8 . ++.Pp + Specifies the ciphers allowed and their order of preference. + Multiple ciphers must be comma-separated. + If the specified value begins with a + .Sq + +-character, then the specified ciphers will be appended to the default set ++character, then the specified ciphers will be appended to the built-in default set + instead of replacing them. + If the specified value begins with a + .Sq - + character, then the specified ciphers (including wildcards) will be removed +-from the default set instead of replacing them. ++from the built-in default set instead of replacing them. + .Pp + The supported ciphers are: + .Bd -literal -offset indent +@@ -445,13 +450,6 @@ aes256-gcm@openssh.com chacha20-poly1305@openssh.com .Ed .Pp @@ -11,30 +59,53 @@ diff -up openssh-8.0p1/ssh_config.5.crypto-policies openssh-8.0p1/ssh_config.5 -aes128-ctr,aes192-ctr,aes256-ctr, -aes128-gcm@openssh.com,aes256-gcm@openssh.com -.Ed -+The default is handled system-wide by -+.Xr crypto-policies 7 . -+To see the defaults and how to modify this default, see manual page -+.Xr update-crypto-policies 8 . - .Pp +-.Pp The list of available ciphers may also be obtained using .Qq ssh -Q cipher . -@@ -812,8 +810,10 @@ gss-nistp256-sha256-, + .It Cm ClearAllForwardings +@@ -800,6 +798,11 @@ command line will be passed untouched to + The default is + .Dq no . + .It Cm GSSAPIKexAlgorithms ++The default is handled system-wide by ++.Xr crypto-policies 7 . ++To see the current defaults and how to modify them, see manual page ++.Xr update-crypto-policies 8 . ++.Pp + The list of key exchange algorithms that are offered for GSSAPI + key exchange. Possible values are + .Bd -literal -offset 3n +@@ -812,9 +815,8 @@ gss-nistp256-sha256-, gss-curve25519-sha256- .Ed .Pp -The default is --.Dq gss-gex-sha1-,gss-group14-sha1- . -+The default is handled system-wide by -+.Xr crypto-policies 7 . -+To see the defaults and how to modify this default, see manual page -+.Xr update-crypto-policies 8 . - This option only applies to protocol version 2 connections using GSSAPI. +-.Dq gss-group14-sha256-,gss-group16-sha512-,gss-nistp256-sha256-,gss-curve25519-sha256-,gss-group14-sha1-,gss-gex-sha1- . + This option only applies to connections using GSSAPI. ++.Pp .It Cm HashKnownHosts Indicates that -@@ -1123,16 +1123,10 @@ If the specified value begins with a + .Xr ssh 1 +@@ -1114,26 +1115,21 @@ it may be zero or more of: + and + .Cm pam . + .It Cm KexAlgorithms ++The default is handled system-wide by ++.Xr crypto-policies 7 . ++To see the current defaults and how to modify them, see manual page ++.Xr update-crypto-policies 8 . ++.Pp + Specifies the available KEX (Key Exchange) algorithms. + Multiple algorithms must be comma-separated. + Alternately if the specified value begins with a + .Sq + +-character, then the specified methods will be appended to the default set ++character, then the specified methods will be appended to the built-in default set + instead of replacing them. + If the specified value begins with a .Sq - character, then the specified methods (including wildcards) will be removed - from the default set instead of replacing them. +-from the default set instead of replacing them. -The default is: -.Bd -literal -offset indent -curve25519-sha256,curve25519-sha256@libssh.org, @@ -45,14 +116,36 @@ diff -up openssh-8.0p1/ssh_config.5.crypto-policies openssh-8.0p1/ssh_config.5 -diffie-hellman-group14-sha256, -diffie-hellman-group14-sha1 -.Ed -+The default is handled system-wide by -+.Xr crypto-policies 7 . -+To see the defaults and how to modify this default, see manual page -+.Xr update-crypto-policies 8 . ++from the built-in default set instead of replacing them. .Pp The list of available key exchange algorithms may also be obtained using .Qq ssh -Q kex . -@@ -1210,14 +1204,10 @@ The algorithms that contain +@@ -1193,33 +1189,29 @@ The default is INFO. + DEBUG and DEBUG1 are equivalent. + DEBUG2 and DEBUG3 each specify higher levels of verbose output. + .It Cm MACs ++The default is handled system-wide by ++.Xr crypto-policies 7 . ++To see the current defaults and how to modify them, see manual page ++.Xr update-crypto-policies 8 . ++.Pp + Specifies the MAC (message authentication code) algorithms + in order of preference. + The MAC algorithm is used for data integrity protection. + Multiple algorithms must be comma-separated. + If the specified value begins with a + .Sq + +-character, then the specified algorithms will be appended to the default set ++character, then the specified algorithms will be appended to the built-in default set + instead of replacing them. + If the specified value begins with a + .Sq - + character, then the specified algorithms (including wildcards) will be removed +-from the default set instead of replacing them. ++from the built-in default set instead of replacing them. + .Pp + The algorithms that contain + .Qq -etm calculate the MAC after encryption (encrypt-then-mac). These are considered safer and their use recommended. .Pp @@ -64,17 +157,30 @@ diff -up openssh-8.0p1/ssh_config.5.crypto-policies openssh-8.0p1/ssh_config.5 -umac-64@openssh.com,umac-128@openssh.com, -hmac-sha2-256,hmac-sha2-512,hmac-sha1 -.Ed -+The default is handled system-wide by -+.Xr crypto-policies 7 . -+To see the defaults and how to modify this default, see manual page -+.Xr update-crypto-policies 8 . - .Pp +-.Pp The list of available MAC algorithms may also be obtained using .Qq ssh -Q mac . -@@ -1361,17 +1351,10 @@ If the specified value begins with a + .It Cm NoHostAuthenticationForLocalhost +@@ -1352,27 +1344,21 @@ instead of continuing to execute and pas + The default is + .Cm no . + .It Cm PubkeyAcceptedKeyTypes ++The default is handled system-wide by ++.Xr crypto-policies 7 . ++To see the current defaults and how to modify them, see manual page ++.Xr update-crypto-policies 8 . ++.Pp + Specifies the key types that will be used for public key authentication + as a comma-separated list of patterns. + Alternately if the specified value begins with a + .Sq + +-character, then the key types after it will be appended to the default ++character, then the key types after it will be appended to the built-in default + instead of replacing it. + If the specified value begins with a .Sq - character, then the specified key types (including wildcards) will be removed - from the default set instead of replacing them. +-from the default set instead of replacing them. -The default for this option is: -.Bd -literal -offset 3n -ecdsa-sha2-nistp256-cert-v01@openssh.com, @@ -86,17 +192,61 @@ diff -up openssh-8.0p1/ssh_config.5.crypto-policies openssh-8.0p1/ssh_config.5 -ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521, -ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa -.Ed -+The default is handled system-wide by -+.Xr crypto-policies 7 . -+To see the defaults and how to modify this default, see manual page -+.Xr update-crypto-policies 8 . ++from the built-in default set instead of replacing them. .Pp The list of available key types may also be obtained using .Qq ssh -Q key . diff -up openssh-8.0p1/sshd_config.5.crypto-policies openssh-8.0p1/sshd_config.5 ---- openssh-8.0p1/sshd_config.5.crypto-policies 2019-05-13 14:12:41.226968863 +0200 -+++ openssh-8.0p1/sshd_config.5 2019-05-13 14:15:14.581406997 +0200 -@@ -490,12 +490,10 @@ aes256-gcm@openssh.com +--- openssh-8.0p1/sshd_config.5.crypto-policies 2020-03-24 17:32:54.802788908 +0100 ++++ openssh-8.0p1/sshd_config.5 2020-03-24 17:54:13.347740176 +0100 +@@ -383,16 +383,16 @@ If the argument is + then no banner is displayed. + By default, no banner is displayed. + .It Cm CASignatureAlgorithms ++The default is handled system-wide by ++.Xr crypto-policies 7 . ++To see the current defaults and how to modify them, see manual page ++.Xr update-crypto-policies 8 . ++.Pp + Specifies which algorithms are allowed for signing of certificates + by certificate authorities (CAs). +-The default is: +-.Bd -literal -offset indent +-ecdsa-sha2-nistp256.ecdsa-sha2-nistp384,ecdsa-sha2-nistp521, +-ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa +-.Ed +-.Pp + Certificates signed using other algorithms will not be accepted for + public key or host-based authentication. ++.Pp + .It Cm ChallengeResponseAuthentication + Specifies whether challenge-response authentication is allowed (e.g. via + PAM or through authentication styles supported in +@@ -454,16 +454,21 @@ The default is + indicating not to + .Xr chroot 2 . + .It Cm Ciphers ++The default is handled system-wide by ++.Xr crypto-policies 7 . ++To see the current defaults and how to modify them, see manual page ++.Xr update-crypto-policies 8 . ++.Pp + Specifies the ciphers allowed. + Multiple ciphers must be comma-separated. + If the specified value begins with a + .Sq + +-character, then the specified ciphers will be appended to the default set ++character, then the specified ciphers will be appended to the built-in default set + instead of replacing them. + If the specified value begins with a + .Sq - + character, then the specified ciphers (including wildcards) will be removed +-from the default set instead of replacing them. ++from the built-in default set instead of replacing them. + .Pp + The supported ciphers are: + .Pp +@@ -490,13 +495,6 @@ aes256-gcm@openssh.com chacha20-poly1305@openssh.com .El .Pp @@ -106,28 +256,40 @@ diff -up openssh-8.0p1/sshd_config.5.crypto-policies openssh-8.0p1/sshd_config.5 -aes128-ctr,aes192-ctr,aes256-ctr, -aes128-gcm@openssh.com,aes256-gcm@openssh.com -.Ed -+The default is handled system-wide by -+.Xr crypto-policies 7 . -+To see the defaults and how to modify this default, see manual page -+.Xr update-crypto-policies 8 . - .Pp +-.Pp The list of available ciphers may also be obtained using .Qq ssh -Q cipher . -@@ -700,8 +698,10 @@ gss-nistp256-sha256-, + .It Cm ClientAliveCountMax +@@ -688,6 +686,11 @@ For this to work + .Cm GSSAPIKeyExchange + needs to be enabled in the server and also used by the client. + .It Cm GSSAPIKexAlgorithms ++The default is handled system-wide by ++.Xr crypto-policies 7 . ++To see the current defaults and how to modify them, see manual page ++.Xr update-crypto-policies 8 . ++.Pp + The list of key exchange algorithms that are accepted by GSSAPI + key exchange. Possible values are + .Bd -literal -offset 3n +@@ -700,8 +703,6 @@ gss-nistp256-sha256-, gss-curve25519-sha256- .Ed .Pp -The default is --.Dq gss-gex-sha1-,gss-group14-sha1- . -+The default is handled system-wide by -+.Xr crypto-policies 7 . -+To see the defaults and how to modify this default, see manual page -+.Xr update-crypto-policies 8 . - This option only applies to protocol version 2 connections using GSSAPI. +-.Dq gss-group14-sha256-,gss-group16-sha512-,gss-nistp256-sha256-,gss-curve25519-sha256-,gss-group14-sha1-,gss-gex-sha1- . + This option only applies to connections using GSSAPI. .It Cm HostbasedAcceptedKeyTypes Specifies the key types that will be accepted for hostbased authentication -@@ -792,17 +792,10 @@ environment variable. +@@ -791,19 +791,13 @@ is specified, the location of the socket + .Ev SSH_AUTH_SOCK + environment variable. .It Cm HostKeyAlgorithms ++The default is handled system-wide by ++.Xr crypto-policies 7 . ++To see the current defaults and how to modify them, see manual page ++.Xr update-crypto-policies 8 . ++.Pp Specifies the host key algorithms that the server offers. -The default for this option is: @@ -141,14 +303,34 @@ diff -up openssh-8.0p1/sshd_config.5.crypto-policies openssh-8.0p1/sshd_config.5 -ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521, -ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa -.Ed -+The default is handled system-wide by -+.Xr crypto-policies 7 . -+To see the defaults and how to modify this default, see manual page -+.Xr update-crypto-policies 8 . .Pp The list of available key types may also be obtained using .Qq ssh -Q key . -@@ -960,14 +953,10 @@ ecdh-sha2-nistp384 +@@ -922,16 +916,21 @@ Specifies whether to look at .k5login fi + The default is + .Cm yes . + .It Cm KexAlgorithms ++The default is handled system-wide by ++.Xr crypto-policies 7 . ++To see the current defaults and how to modify them, see manual page ++.Xr update-crypto-policies 8 . ++.Pp + Specifies the available KEX (Key Exchange) algorithms. + Multiple algorithms must be comma-separated. + Alternately if the specified value begins with a + .Sq + +-character, then the specified methods will be appended to the default set ++character, then the specified methods will be appended to the built-in default set + instead of replacing them. + If the specified value begins with a + .Sq - + character, then the specified methods (including wildcards) will be removed +-from the default set instead of replacing them. ++from the built-in default set instead of replacing them. + The supported algorithms are: + .Pp + .Bl -item -compact -offset indent +@@ -961,15 +960,6 @@ ecdh-sha2-nistp384 ecdh-sha2-nistp521 .El .Pp @@ -160,14 +342,36 @@ diff -up openssh-8.0p1/sshd_config.5.crypto-policies openssh-8.0p1/sshd_config.5 -diffie-hellman-group16-sha512,diffie-hellman-group18-sha512, -diffie-hellman-group14-sha256,diffie-hellman-group14-sha1 -.Ed -+The default is handled system-wide by -+.Xr crypto-policies 7 . -+To see the defaults and how to modify this default, see manual page -+.Xr update-crypto-policies 8 . - .Pp +-.Pp The list of available key exchange algorithms may also be obtained using .Qq ssh -Q kex . -@@ -1090,14 +1079,10 @@ umac-64-etm@openssh.com + .It Cm ListenAddress +@@ -1038,17 +1028,22 @@ DEBUG and DEBUG1 are equivalent. + DEBUG2 and DEBUG3 each specify higher levels of debugging output. + Logging with a DEBUG level violates the privacy of users and is not recommended. + .It Cm MACs ++The default is handled system-wide by ++.Xr crypto-policies 7 . ++To see the current defaults and how to modify them, see manual page ++.Xr update-crypto-policies 8 . ++.Pp + Specifies the available MAC (message authentication code) algorithms. + The MAC algorithm is used for data integrity protection. + Multiple algorithms must be comma-separated. + If the specified value begins with a + .Sq + +-character, then the specified algorithms will be appended to the default set ++character, then the specified algorithms will be appended to the built-in default set + instead of replacing them. + If the specified value begins with a + .Sq - + character, then the specified algorithms (including wildcards) will be removed +-from the default set instead of replacing them. ++from the built-in default set instead of replacing them. + .Pp + The algorithms that contain + .Qq -etm +@@ -1091,15 +1086,6 @@ umac-64-etm@openssh.com umac-128-etm@openssh.com .El .Pp @@ -179,17 +383,30 @@ diff -up openssh-8.0p1/sshd_config.5.crypto-policies openssh-8.0p1/sshd_config.5 -umac-64@openssh.com,umac-128@openssh.com, -hmac-sha2-256,hmac-sha2-512,hmac-sha1 -.Ed -+The default is handled system-wide by -+.Xr crypto-policies 7 . -+To see the defaults and how to modify this default, see manual page -+.Xr update-crypto-policies 8 . - .Pp +-.Pp The list of available MAC algorithms may also be obtained using .Qq ssh -Q mac . -@@ -1455,17 +1440,10 @@ If the specified value begins with a + .It Cm Match +@@ -1446,27 +1432,21 @@ or equivalent.) + The default is + .Cm yes . + .It Cm PubkeyAcceptedKeyTypes ++The default is handled system-wide by ++.Xr crypto-policies 7 . ++To see the current defaults and how to modify them, see manual page ++.Xr update-crypto-policies 8 . ++.Pp + Specifies the key types that will be accepted for public key authentication + as a list of comma-separated patterns. + Alternately if the specified value begins with a + .Sq + +-character, then the specified key types will be appended to the default set ++character, then the specified key types will be appended to the built-in default set + instead of replacing them. + If the specified value begins with a .Sq - character, then the specified key types (including wildcards) will be removed - from the default set instead of replacing them. +-from the default set instead of replacing them. -The default for this option is: -.Bd -literal -offset 3n -ecdsa-sha2-nistp256-cert-v01@openssh.com, @@ -201,10 +418,7 @@ diff -up openssh-8.0p1/sshd_config.5.crypto-policies openssh-8.0p1/sshd_config.5 -ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521, -ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa -.Ed -+The default is handled system-wide by -+.Xr crypto-policies 7 . -+To see the defaults and how to modify this default, see manual page -+.Xr update-crypto-policies 8 . ++from the built-in default set instead of replacing them. .Pp The list of available key types may also be obtained using .Qq ssh -Q key . diff --git a/SOURCES/openssh-8.0p1-entropy.patch b/SOURCES/openssh-8.0p1-entropy.patch index dedc7c8..5dfee95 100644 --- a/SOURCES/openssh-8.0p1-entropy.patch +++ b/SOURCES/openssh-8.0p1-entropy.patch @@ -39,7 +39,7 @@ new file mode 100644 index 0000000..92a617c --- /dev/null +++ b/openbsd-compat/port-linux-prng.c -@@ -0,0 +1,70 @@ +@@ -0,0 +1,78 @@ +/* + * Copyright (c) 2011 - 2020 Red Hat, Inc. + * @@ -100,8 +100,16 @@ index 0000000..92a617c + do { + ssize_t len = getrandom(p, left, flags); + if (len == -1) { -+ if (errno != EINTR) -+ fatal("Failed to seed from getrandom: %s", strerror(errno)); ++ if (errno != EINTR) { ++ if (flags) { ++ /* With the variable present, this is fatal error */ ++ fatal("Failed to seed from getrandom: %s", strerror(errno)); ++ } else { ++ /* Otherwise we log the issue drop out from here */ ++ debug("Failed to seed from getrandom: %s", strerror(errno)); ++ return; ++ } ++ } + } else if (len > 0) { + left -= len; + p += len; @@ -114,19 +122,21 @@ diff --git a/ssh-add.1 b/ssh-add.1 index 4812448..16305bf 100644 --- a/ssh-add.1 +++ b/ssh-add.1 -@@ -161,6 +161,20 @@ to make this work.) +@@ -161,6 +161,22 @@ to make this work.) Identifies the path of a .Ux Ns -domain socket used to communicate with the agent. +.It Ev SSH_USE_STRONG_RNG +The reseeding of the OpenSSL random generator is usually done from -+.Cm /dev/urandom . ++.Cm getrandom(1) ++without any specific flags. +If the +.Cm SSH_USE_STRONG_RNG +environment variable is set to value other than +.Cm 0 +the OpenSSL random generator is reseeded from -+.Cm /dev/random . ++.Cm getrandom(1) ++with GRND_RANDOM flag specified. +The number of bytes read is defined by the SSH_USE_STRONG_RNG value. +Minimum is 14 bytes. +This setting is not recommended on the computers without the hardware @@ -139,7 +149,7 @@ diff --git a/ssh-agent.1 b/ssh-agent.1 index 281ecbd..1a9a635 100644 --- a/ssh-agent.1 +++ b/ssh-agent.1 -@@ -201,6 +201,24 @@ sockets used to contain the connection to the authentication agent. +@@ -201,6 +201,26 @@ sockets used to contain the connection to the authentication agent. These sockets should only be readable by the owner. The sockets should get automatically removed when the agent exits. .El @@ -148,13 +158,15 @@ index 281ecbd..1a9a635 100644 +.Pp +.It Pa SSH_USE_STRONG_RNG +The reseeding of the OpenSSL random generator is usually done from -+.Cm /dev/urandom . ++.Cm getrandom(1) ++without any specific flags. +If the +.Cm SSH_USE_STRONG_RNG +environment variable is set to value other than +.Cm 0 +the OpenSSL random generator is reseeded from -+.Cm /dev/random . ++.Cm getrandom(1) ++with GRND_RANDOM flag specified. +The number of bytes read is defined by the SSH_USE_STRONG_RNG value. +Minimum is 14 bytes. +This setting is not recommended on the computers without the hardware @@ -168,7 +180,7 @@ diff --git a/ssh-keygen.1 b/ssh-keygen.1 index 12e00d4..1b51a4a 100644 --- a/ssh-keygen.1 +++ b/ssh-keygen.1 -@@ -832,6 +832,24 @@ Contains Diffie-Hellman groups used for DH-GEX. +@@ -832,6 +832,26 @@ Contains Diffie-Hellman groups used for DH-GEX. The file format is described in .Xr moduli 5 . .El @@ -177,13 +189,15 @@ index 12e00d4..1b51a4a 100644 +.Pp +.It Pa SSH_USE_STRONG_RNG +The reseeding of the OpenSSL random generator is usually done from -+.Cm /dev/urandom . ++.Cm getrandom(1) ++without any specific flags. +If the +.Cm SSH_USE_STRONG_RNG +environment variable is set to value other than +.Cm 0 +the OpenSSL random generator is reseeded from -+.Cm /dev/random . ++.Cm getrandom(1) ++with GRND_RANDOM flag specified. +The number of bytes read is defined by the SSH_USE_STRONG_RNG value. +Minimum is 14 bytes. +This setting is not recommended on the computers without the hardware @@ -197,7 +211,7 @@ diff --git a/ssh-keysign.8 b/ssh-keysign.8 index 69d0829..02d79f8 100644 --- a/ssh-keysign.8 +++ b/ssh-keysign.8 -@@ -80,6 +80,24 @@ must be set-uid root if host-based authentication is used. +@@ -80,6 +80,26 @@ must be set-uid root if host-based authentication is used. If these files exist they are assumed to contain public certificate information corresponding with the private keys above. .El @@ -206,13 +220,15 @@ index 69d0829..02d79f8 100644 +.Pp +.It Pa SSH_USE_STRONG_RNG +The reseeding of the OpenSSL random generator is usually done from -+.Cm /dev/urandom . ++.Cm getrandom(1) ++without any specific flags. +If the +.Cm SSH_USE_STRONG_RNG +environment variable is set to value other than +.Cm 0 +the OpenSSL random generator is reseeded from -+.Cm /dev/random . ++.Cm getrandom(1) ++with GRND_RANDOM flag specified. +The number of bytes read is defined by the SSH_USE_STRONG_RNG value. +Minimum is 14 bytes. +This setting is not recommended on the computers without the hardware @@ -226,21 +242,23 @@ diff --git a/ssh.1 b/ssh.1 index 929904b..f65e42f 100644 --- a/ssh.1 +++ b/ssh.1 -@@ -1309,6 +1309,23 @@ For more information, see the +@@ -1309,6 +1309,25 @@ For more information, see the .Cm PermitUserEnvironment option in .Xr sshd_config 5 . -+.Sh ENVIRONMENT -+.Bl -tag -width Ds -compact ++.Bl -tag -width "SSH_ORIGINAL_COMMAND" ++.Pp +.It Ev SSH_USE_STRONG_RNG +The reseeding of the OpenSSL random generator is usually done from -+.Cm /dev/urandom . ++.Cm getrandom(1) ++without any specific flags. +If the +.Cm SSH_USE_STRONG_RNG +environment variable is set to value other than +.Cm 0 +the OpenSSL random generator is reseeded from -+.Cm /dev/random . ++.Cm getrandom(1) ++with GRND_RANDOM flag specified. +The number of bytes read is defined by the SSH_USE_STRONG_RNG value. +Minimum is 14 bytes. +This setting is not recommended on the computers without the hardware @@ -254,22 +272,24 @@ diff --git a/sshd.8 b/sshd.8 index c2c237f..058d37a 100644 --- a/sshd.8 +++ b/sshd.8 -@@ -951,6 +951,24 @@ concurrently for different ports, this contains the process ID of the one +@@ -951,6 +951,26 @@ concurrently for different ports, this contains the process ID of the one started last). The content of this file is not sensitive; it can be world-readable. .El +.Sh ENVIRONMENT +.Bl -tag -width Ds -compact +.Pp -+.It Pa SSH_USE_STRONG_RNG ++.It Ev SSH_USE_STRONG_RNG +The reseeding of the OpenSSL random generator is usually done from -+.Cm /dev/urandom . ++.Cm getrandom(1) ++without any specific flags. +If the +.Cm SSH_USE_STRONG_RNG +environment variable is set to value other than +.Cm 0 +the OpenSSL random generator is reseeded from -+.Cm /dev/random . ++.Cm getrandom(1) ++with GRND_RANDOM flag specified. +The number of bytes read is defined by the SSH_USE_STRONG_RNG value. +Minimum is 14 bytes. +This setting is not recommended on the computers without the hardware diff --git a/SOURCES/openssh-8.0p1-gssapi-keyex.patch b/SOURCES/openssh-8.0p1-gssapi-keyex.patch index fe3e7a6..a8f2838 100644 --- a/SOURCES/openssh-8.0p1-gssapi-keyex.patch +++ b/SOURCES/openssh-8.0p1-gssapi-keyex.patch @@ -3265,7 +3265,7 @@ index 36180d07..70dd3665 100644 * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions -@@ -61,10 +61,30 @@ +@@ -61,10 +61,34 @@ #define SSH_GSS_OIDTYPE 0x06 @@ -3285,8 +3285,12 @@ index 36180d07..70dd3665 100644 +#define KEX_GSS_C25519_SHA256_ID "gss-curve25519-sha256-" + +#define GSS_KEX_DEFAULT_KEX \ -+ KEX_GSS_GEX_SHA1_ID "," \ -+ KEX_GSS_GRP14_SHA1_ID ++ KEX_GSS_GRP14_SHA256_ID "," \ ++ KEX_GSS_GRP16_SHA512_ID "," \ ++ KEX_GSS_NISTP256_SHA256_ID "," \ ++ KEX_GSS_C25519_SHA256_ID "," \ ++ KEX_GSS_GRP14_SHA1_ID "," \ ++ KEX_GSS_GEX_SHA1_ID + typedef struct { char *filename; @@ -3492,18 +3496,18 @@ index 41262963..c3c8b274 100644 +The list of key exchange algorithms that are offered for GSSAPI +key exchange. Possible values are +.Bd -literal -offset 3n -+gss-gex-sha1-, -+gss-group1-sha1-, -+gss-group14-sha1-, -+gss-group14-sha256-, -+gss-group16-sha512-, -+gss-nistp256-sha256-, ++gss-gex-sha1- ++gss-group1-sha1- ++gss-group14-sha1- ++gss-group14-sha256- ++gss-group16-sha512- ++gss-nistp256-sha256- +gss-curve25519-sha256- +.Ed +.Pp +The default is -+.Dq gss-gex-sha1-,gss-group14-sha1- . -+This option only applies to protocol version 2 connections using GSSAPI. ++.Dq gss-group14-sha256-,gss-group16-sha512-,gss-nistp256-sha256-,gss-curve25519-sha256-,gss-group14-sha1-,gss-gex-sha1- . ++This option only applies to connections using GSSAPI. .It Cm HashKnownHosts Indicates that .Xr ssh 1 @@ -3532,7 +3536,7 @@ index dffee90b..0d0a6cb8 100644 xxx_host = host; xxx_hostaddr = hostaddr; -@@ -193,6 +196,35 @@ ssh_kex2(struct ssh *ssh, char *host, struct sockaddr *hostaddr, u_short port) +@@ -193,6 +196,41 @@ ssh_kex2(struct ssh *ssh, char *host, struct sockaddr *hostaddr, u_short port) order_hostkeyalgs(host, hostaddr, port)); } @@ -3542,12 +3546,18 @@ index dffee90b..0d0a6cb8 100644 + * client to the key exchange algorithm proposal */ + orig = myproposal[PROPOSAL_KEX_ALGS]; + -+ if (options.gss_server_identity) ++ if (options.gss_server_identity) { + gss_host = xstrdup(options.gss_server_identity); -+ else if (options.gss_trust_dns) ++ } else if (options.gss_trust_dns) { + gss_host = remote_hostname(ssh); -+ else ++ /* Fall back to specified host if we are using proxy command ++ * and can not use DNS on that socket */ ++ if (strcmp(gss_host, "UNKNOWN") == 0) { ++ gss_host = xstrdup(host); ++ } ++ } else { + gss_host = xstrdup(host); ++ } + + gss = ssh_gssapi_client_mechanisms(gss_host, + options.gss_client_identity, options.gss_kex_algorithms); @@ -3636,18 +3646,24 @@ index dffee90b..0d0a6cb8 100644 {"gssapi-with-mic", userauth_gssapi, userauth_gssapi_cleanup, -@@ -698,12 +766,23 @@ userauth_gssapi(struct ssh *ssh) +@@ -698,12 +766,29 @@ userauth_gssapi(struct ssh *ssh) OM_uint32 min; int r, ok = 0; gss_OID mech = NULL; -+ char *gss_host; ++ char *gss_host = NULL; + -+ if (options.gss_server_identity) ++ if (options.gss_server_identity) { + gss_host = xstrdup(options.gss_server_identity); -+ else if (options.gss_trust_dns) ++ } else if (options.gss_trust_dns) { + gss_host = remote_hostname(ssh); -+ else ++ /* Fall back to specified host if we are using proxy command ++ * and can not use DNS on that socket */ ++ if (strcmp(gss_host, "UNKNOWN") == 0) { ++ gss_host = xstrdup(authctxt->host); ++ } ++ } else { + gss_host = xstrdup(authctxt->host); ++ } /* Try one GSSAPI method at a time, rather than sending them all at * once. */ @@ -3874,18 +3890,18 @@ index b224f292..2baa6622 100644 +The list of key exchange algorithms that are accepted by GSSAPI +key exchange. Possible values are +.Bd -literal -offset 3n -+gss-gex-sha1-, -+gss-group1-sha1-, -+gss-group14-sha1-, -+gss-group14-sha256-, -+gss-group16-sha512-, -+gss-nistp256-sha256-, ++gss-gex-sha1- ++gss-group1-sha1- ++gss-group14-sha1- ++gss-group14-sha256- ++gss-group16-sha512- ++gss-nistp256-sha256- +gss-curve25519-sha256- +.Ed +.Pp +The default is -+.Dq gss-gex-sha1-,gss-group14-sha1- . -+This option only applies to protocol version 2 connections using GSSAPI. ++.Dq gss-group14-sha256-,gss-group16-sha512-,gss-nistp256-sha256-,gss-curve25519-sha256-,gss-group14-sha1-,gss-gex-sha1- . ++This option only applies to connections using GSSAPI. .It Cm HostbasedAcceptedKeyTypes Specifies the key types that will be accepted for hostbased authentication as a list of comma-separated patterns. diff --git a/SOURCES/openssh-8.0p1-keygen-sha2.patch b/SOURCES/openssh-8.0p1-keygen-sha2.patch new file mode 100644 index 0000000..31927fa --- /dev/null +++ b/SOURCES/openssh-8.0p1-keygen-sha2.patch @@ -0,0 +1,107 @@ +From 4a41d245d6b13bd3882c8dc058dbd2e2b39a9f67 Mon Sep 17 00:00:00 2001 +From: "djm@openbsd.org" +Date: Fri, 24 Jan 2020 00:27:04 +0000 +Subject: [PATCH] upstream: when signing a certificate with an RSA key, default + to + +a safe signature algorithm (rsa-sha-512) if not is explicitly specified by +the user; ok markus@ + +OpenBSD-Commit-ID: e05f638f0be6c0266e1d3d799716b461011e83a9 +--- + ssh-keygen.c | 14 +++++++++----- + 1 file changed, 9 insertions(+), 5 deletions(-) + +diff --git a/ssh-keygen.c b/ssh-keygen.c +index 564c3c481..f2192edb9 100644 +--- a/ssh-keygen.c ++++ b/ssh-keygen.c +@@ -1788,10 +1788,14 @@ do_ca_sign(struct passwd *pw, const char *ca_key_path, int prefer_agent, + } + free(tmp); + +- if (key_type_name != NULL && +- sshkey_type_from_name(key_type_name) != ca->type) { +- fatal("CA key type %s doesn't match specified %s", +- sshkey_ssh_name(ca), key_type_name); ++ if (key_type_name != NULL) { ++ if (sshkey_type_from_name(key_type_name) != ca->type) { ++ fatal("CA key type %s doesn't match specified %s", ++ sshkey_ssh_name(ca), key_type_name); ++ } ++ } else if (ca->type == KEY_RSA) { ++ /* Default to a good signature algorithm */ ++ key_type_name = "rsa-sha2-512"; + } + + for (i = 0; i < argc; i++) { + +From 476e3551b2952ef73acc43d995e832539bf9bc4d Mon Sep 17 00:00:00 2001 +From: "djm@openbsd.org" +Date: Mon, 20 May 2019 00:20:35 +0000 +Subject: [PATCH] upstream: When signing certificates with an RSA key, default + to + +using the rsa-sha2-512 signature algorithm. Certificates signed by RSA keys +will therefore be incompatible with OpenSSH < 7.2 unless the default is +overridden. + +Document the ability of the ssh-keygen -t flag to override the +signature algorithm when signing certificates, and the new default. + +ok deraadt@ + +OpenBSD-Commit-ID: 400c9c15013978204c2cb80f294b03ae4cfc8b95 +--- + ssh-keygen.1 | 13 +++++++++++-- + sshkey.c | 9 ++++++++- + 2 files changed, 19 insertions(+), 3 deletions(-) + +diff --git a/ssh-keygen.1 b/ssh-keygen.1 +index f29774249..673bf6e2f 100644 +--- a/ssh-keygen.1 ++++ b/ssh-keygen.1 +@@ -35,7 +35,7 @@ + .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF + .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + .\" +-.Dd $Mdocdate: March 5 2019 $ ++.Dd $Mdocdate: May 20 2019 $ + .Dt SSH-KEYGEN 1 + .Os + .Sh NAME +@@ -577,6 +577,15 @@ The possible values are + .Dq ed25519 , + or + .Dq rsa . ++.Pp ++This flag may also be used to specify the desired signature type when ++signing certificates using a RSA CA key. ++The available RSA signature variants are ++.Dq ssh-rsa ++(SHA1 signatures, not recommended), ++.Dq rsa-sha2-256 ++.Dq rsa-sha2-512 ++(the default). + .It Fl U + When used in combination with + .Fl s , +diff --git a/sshkey.c b/sshkey.c +index 9849cb237..379a579cf 100644 +--- a/sshkey.c ++++ b/sshkey.c +@@ -2528,6 +2528,13 @@ sshkey_certify_custom(struct sshkey *k, struct sshkey *ca, const char *alg, + strcmp(alg, k->cert->signature_type) != 0) + return SSH_ERR_INVALID_ARGUMENT; + ++ /* ++ * If no signing algorithm or signature_type was specified and we're ++ * using a RSA key, then default to a good signature algorithm. ++ */ ++ if (alg == NULL && ca->type == KEY_RSA) ++ alg = "rsa-sha2-512"; ++ + if ((ret = sshkey_to_blob(ca, &ca_blob, &ca_len)) != 0) + return SSH_ERR_KEY_CERT_INVALID_SIGN_KEY; + + diff --git a/SOURCES/openssh-8.0p1-keyscan-rsa-sha2.patch b/SOURCES/openssh-8.0p1-keyscan-rsa-sha2.patch new file mode 100644 index 0000000..954ece9 --- /dev/null +++ b/SOURCES/openssh-8.0p1-keyscan-rsa-sha2.patch @@ -0,0 +1,33 @@ +From 7250879c72d28275a53f2f220e49646c3e42ef18 Mon Sep 17 00:00:00 2001 +From: "djm@openbsd.org" +Date: Fri, 12 Jul 2019 04:08:39 +0000 +Subject: [PATCH] upstream: include SHA2-variant RSA key algorithms in KEX + proposal; + +allows ssh-keyscan to harvest keys from servers that disable olde SHA1 +ssh-rsa. bz#3029 from Jakub Jelen + +OpenBSD-Commit-ID: 9f95ebf76a150c2f727ca4780fb2599d50bbab7a +--- + ssh-keyscan.c | 9 +++++++-- + 1 file changed, 7 insertions(+), 2 deletions(-) + +diff --git a/ssh-keyscan.c b/ssh-keyscan.c +index d95ba1b37..d383b57b9 100644 +--- a/ssh-keyscan.c ++++ b/ssh-keyscan.c +@@ -233,7 +233,12 @@ keygrab_ssh2(con *c) + break; + case KT_RSA: + myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = get_cert ? +- "ssh-rsa-cert-v01@openssh.com" : "ssh-rsa"; ++ "rsa-sha2-512-cert-v01@openssh.com," ++ "rsa-sha2-256-cert-v01@openssh.com," ++ "ssh-rsa-cert-v01@openssh.com" : ++ "rsa-sha2-512," ++ "rsa-sha2-256," ++ "ssh-rsa"; + break; + case KT_ED25519: + myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = get_cert ? + diff --git a/SOURCES/openssh-8.0p1-pkcs11-uri.patch b/SOURCES/openssh-8.0p1-pkcs11-uri.patch index 8942dd2..a24dea6 100644 --- a/SOURCES/openssh-8.0p1-pkcs11-uri.patch +++ b/SOURCES/openssh-8.0p1-pkcs11-uri.patch @@ -2583,7 +2583,8 @@ index 70f06bff..59332945 100644 } - if (p->nslots == 0) { + if (m->nslots == 0) { - error("%s: provider %s returned no slots", __func__, +- error("%s: provider %s returned no slots", __func__, ++ debug("%s: provider %s returned no slots", __func__, - provider_id); + provider_module); ret = -SSH_PKCS11_ERR_NO_SLOTS; diff --git a/SOURCES/openssh-8.0p1-proxyjump-loops.patch b/SOURCES/openssh-8.0p1-proxyjump-loops.patch new file mode 100644 index 0000000..578eff3 --- /dev/null +++ b/SOURCES/openssh-8.0p1-proxyjump-loops.patch @@ -0,0 +1,33 @@ +From de1f3564cd85915b3002859873a37cb8d31ac9ce Mon Sep 17 00:00:00 2001 +From: "dtucker@openbsd.org" +Date: Tue, 18 Feb 2020 08:49:49 +0000 +Subject: [PATCH] upstream: Detect and prevent simple configuration loops when + using + +ProxyJump. bz#3057, ok djm@ + +OpenBSD-Commit-ID: 077d21c564c886c98309d871ed6f8ef267b9f037 +--- + ssh.c | 10 +++++++++- + 1 file changed, 9 insertions(+), 1 deletion(-) + +diff --git a/ssh.c b/ssh.c +index 15aee569e..a983a108b 100644 +--- a/ssh.c ++++ b/ssh.c +@@ -1208,6 +1208,14 @@ main(int ac, char **av) + if (options.jump_host != NULL) { + char port_s[8]; + const char *sshbin = argv0; ++ int port = options.port, jumpport = options.jump_port; ++ ++ if (port <= 0) ++ port = default_ssh_port(); ++ if (jumpport <= 0) ++ jumpport = default_ssh_port(); ++ if (strcmp(options.jump_host, host) == 0 && port == jumpport) ++ fatal("jumphost loop via %s", options.jump_host); + + /* + * Try to use SSH indicated by argv[0], but fall back to + diff --git a/SOURCES/openssh-8.0p1-rdomain.patch b/SOURCES/openssh-8.0p1-rdomain.patch new file mode 100644 index 0000000..610c8b3 --- /dev/null +++ b/SOURCES/openssh-8.0p1-rdomain.patch @@ -0,0 +1,44 @@ +commit 5481d0b4036b33b92c372ee36258ed11bff57d5d +Author: Jakub Jelen +Date: Thu Feb 27 10:07:33 2020 +0100 + + Mark the RDomain configuration option unsupported on non-openbsd builds + +diff --git a/servconf.c b/servconf.c +index db80e943..153d2525 100644 +--- a/servconf.c ++++ b/servconf.c +@@ -698,7 +698,11 @@ static struct { + { "fingerprinthash", sFingerprintHash, SSHCFG_GLOBAL }, + { "disableforwarding", sDisableForwarding, SSHCFG_ALL }, + { "exposeauthinfo", sExposeAuthInfo, SSHCFG_ALL }, ++#if defined(__OpenBSD__) + { "rdomain", sRDomain, SSHCFG_ALL }, ++#else ++ { "rdomain", sUnsupported, SSHCFG_ALL }, ++#endif + { "casignaturealgorithms", sCASignatureAlgorithms, SSHCFG_ALL }, + { NULL, sBadOption, 0 } + }; +@@ -2841,7 +2845,9 @@ dump_config(ServerOptions *o) + o->hostkeyalgorithms : KEX_DEFAULT_PK_ALG); + dump_cfg_string(sPubkeyAcceptedKeyTypes, o->pubkey_key_types ? + o->pubkey_key_types : KEX_DEFAULT_PK_ALG); ++#if defined(__OpenBSD__) + dump_cfg_string(sRDomain, o->routing_domain); ++#endif + + /* string arguments requiring a lookup */ + dump_cfg_string(sLogLevel, log_level_name(o->log_level)); +diff --git a/sshd_config.5 b/sshd_config.5 +index 5dca8981..766e9b90 100644 +--- a/sshd_config.5 ++++ b/sshd_config.5 +@@ -1542,6 +1542,7 @@ will be bound to this + If the routing domain is set to + .Cm \&%D , + then the domain in which the incoming connection was received will be applied. ++This feature is available on OpenBSD only. + .It Cm SetEnv + Specifies one or more environment variables to set in child sessions started + by diff --git a/SOURCES/openssh-8.0p1-x11-without-ipv6.patch b/SOURCES/openssh-8.0p1-x11-without-ipv6.patch new file mode 100644 index 0000000..0623b47 --- /dev/null +++ b/SOURCES/openssh-8.0p1-x11-without-ipv6.patch @@ -0,0 +1,30 @@ +diff --git a/channels.c b/channels.c +--- a/channels.c ++++ b/channels.c +@@ -3933,16 +3933,26 @@ x11_create_display_inet(int x11_display_ + if (ai->ai_family == AF_INET6) + sock_set_v6only(sock); + if (x11_use_localhost) + set_reuseaddr(sock); + if (bind(sock, ai->ai_addr, ai->ai_addrlen) < 0) { + debug2("%s: bind port %d: %.100s", __func__, + port, strerror(errno)); + close(sock); ++ ++ /* do not remove successfully opened ++ * sockets if the request failed because ++ * the protocol IPv4/6 is not available ++ * (e.g. IPv6 may be disabled while being ++ * supported) ++ */ ++ if (EADDRNOTAVAIL == errno) ++ continue; ++ + for (n = 0; n < num_socks; n++) + close(socks[n]); + num_socks = 0; + break; + } + socks[num_socks++] = sock; + if (num_socks == NUM_SOCKS) + break; diff --git a/SPECS/openssh.spec b/SPECS/openssh.spec index 0a4b2ea..feecf68 100644 --- a/SPECS/openssh.spec +++ b/SPECS/openssh.spec @@ -66,7 +66,7 @@ # Do not forget to bump pam_ssh_agent_auth release if you rewind the main package release to 1 %global openssh_ver 8.0p1 -%global openssh_rel 4 +%global openssh_rel 5 %global pam_ssh_agent_ver 0.10.3 %global pam_ssh_agent_rel 7 @@ -218,6 +218,18 @@ Patch964: openssh-8.0p1-openssl-kdf.patch Patch965: openssh-8.0p1-openssl-pem.patch # Seed from dev/random if requested (#1785655) Patch966: openssh-8.0p1-entropy.patch +# Unbreak ssh-keyscan RSA keys without SHA1 (#1744108) +Patch967: openssh-8.0p1-keyscan-rsa-sha2.patch +# Detect proxyJump loops in configuration files (#1804099) +Patch968: openssh-8.0p1-proxyjump-loops.patch +# ssh-keygen should default to SHA2-based signature algorithm (#1790610) +Patch969: openssh-8.0p1-keygen-sha2.patch +# RDomain is not suported on non-OpenBSD (#1807686) +# https://bugzilla.mindrot.org/show_bug.cgi?id=3126 +Patch970: openssh-8.0p1-rdomain.patch +# Do not fail X11 forwarding if IPv6 is disabled (#1662189) +# https://bugzilla.mindrot.org/show_bug.cgi?id=2143 +Patch971: openssh-8.0p1-x11-without-ipv6.patch License: BSD Group: Applications/Internet @@ -241,7 +253,6 @@ BuildRequires: autoconf, automake, perl-interpreter, perl-generators, zlib-devel BuildRequires: audit-libs-devel >= 2.0.5 BuildRequires: util-linux, groff BuildRequires: pam-devel -BuildRequires: fipscheck-devel >= 1.3.0 BuildRequires: openssl-devel >= 0.9.8j BuildRequires: perl-podlators BuildRequires: systemd-devel @@ -272,7 +283,6 @@ BuildRequires: gnupg2 Summary: An open source SSH client applications Group: Applications/Internet Requires: openssh = %{version}-%{release} -Requires: fipscheck-lib%{_isa} >= 1.3.0 Requires: crypto-policies >= 20180306-1 %package server @@ -281,7 +291,6 @@ Group: System Environment/Daemons Requires: openssh = %{version}-%{release} Requires(pre): /usr/sbin/useradd Requires: pam >= 1.0.1-3 -Requires: fipscheck-lib%{_isa} >= 1.3.0 Requires: crypto-policies >= 20180306-1 %{?systemd_requires} @@ -434,6 +443,11 @@ popd %patch964 -p1 -b .openssl-kdf %patch965 -p1 -b .openssl-pem %patch966 -p1 -b .entropy +%patch967 -p1 -b .keyscan +%patch968 -p1 -b .proxyjump-loops +%patch969 -p1 -b .keygen-sha2 +%patch970 -p1 -b .rdomain +%patch971 -p1 -b .x11-ipv6 %patch200 -p1 -b .audit %patch201 -p1 -b .audit-race @@ -559,14 +573,6 @@ make popd %endif -# Add generation of HMAC checksums of the final stripped binaries -%global __spec_install_post \ - %%{?__debug_package:%%{__debug_install_post}} \ - %%{__arch_install_post} \ - %%{__os_install_post} \ - fipshmac -d $RPM_BUILD_ROOT%{_libdir}/fipscheck $RPM_BUILD_ROOT%{_bindir}/ssh $RPM_BUILD_ROOT%{_sbindir}/sshd \ -%{nil} - %check #to run tests use "--with check" %if %{?_with_check:1}%{!?_with_check:0} @@ -585,7 +591,6 @@ rm -f $RPM_BUILD_ROOT%{_sysconfdir}/ssh/ldap.conf install -d $RPM_BUILD_ROOT/etc/pam.d/ install -d $RPM_BUILD_ROOT/etc/sysconfig/ install -d $RPM_BUILD_ROOT%{_libexecdir}/openssh -install -d $RPM_BUILD_ROOT%{_libdir}/fipscheck install -m644 %{SOURCE2} $RPM_BUILD_ROOT/etc/pam.d/sshd install -m644 %{SOURCE6} $RPM_BUILD_ROOT/etc/pam.d/ssh-keycat install -m644 %{SOURCE7} $RPM_BUILD_ROOT/etc/sysconfig/sshd @@ -656,7 +661,6 @@ getent passwd sshd >/dev/null || \ %files clients %attr(0755,root,root) %{_bindir}/ssh -%attr(0644,root,root) %{_libdir}/fipscheck/ssh.hmac %attr(0644,root,root) %{_mandir}/man1/ssh.1* %attr(0755,root,root) %{_bindir}/scp %attr(0644,root,root) %{_mandir}/man1/scp.1* @@ -683,7 +687,6 @@ getent passwd sshd >/dev/null || \ %files server %dir %attr(0711,root,root) %{_var}/empty/sshd %attr(0755,root,root) %{_sbindir}/sshd -%attr(0644,root,root) %{_libdir}/fipscheck/sshd.hmac %attr(0755,root,root) %{_libexecdir}/openssh/sftp-server %attr(0755,root,root) %{_libexecdir}/openssh/sshd-keygen %attr(0644,root,root) %{_mandir}/man5/sshd_config.5* @@ -736,6 +739,21 @@ getent passwd sshd >/dev/null || \ %endif %changelog +* Tue Mar 24 2020 Jakub Jelen - 8.0p1-5 + 0.10.3-7 +- Do not print "no slots" warning by default (#1744220) +- Unbreak connecting using gssapi through proxy commands (#1749862) +- Document in manual pages that CASignatureAlgorithms are handled by crypto policies (#1790604) +- Use SHA2-based signature algorithms by default for signing certificates (#1790610) +- Prevent simple ProxyJump loops in configuration files (#1804099) +- Teach ssh-keyscan to use SHA2 RSA variants (#1744108) +- Do not fail hard if getrandom() is not available and no SSH_USE_STRONG_RNG is specified (#1812120) +- Improve wording of crypto policies references in manual pages (#1812854) +- Do not break X11 forwarding if IPv6 is disabled (#1662189) +- Enable SHA2-based GSSAPI key exchange algorithms by default (#1816226) +- Mark RDomain server configuration option unsupported in RHEL (#1807686) +- Clarify crypto policies defaults in manual pages (#1724195) +- Mention RSA SHA2 variants in ssh-keygen manual page (#1665900) + * Wed Jan 08 2020 Jakub Jelen - 8.0p1-4 + 0.10.3-7 - Restore entropy patch for CC certification (#1785655)