diff --git a/SOURCES/openssh-6.6p1-ctr-cavstest.patch b/SOURCES/openssh-6.6p1-ctr-cavstest.patch
index 2e31fbf..e906b70 100644
--- a/SOURCES/openssh-6.6p1-ctr-cavstest.patch
+++ b/SOURCES/openssh-6.6p1-ctr-cavstest.patch
@@ -20,10 +20,10 @@ diff -up openssh-6.8p1/Makefile.in.ctr-cavs openssh-6.8p1/Makefile.in
ssh-xmss.o \
@@ -194,6 +195,9 @@ ssh-ldap-helper$(EXEEXT): $(LIBCOMPAT) l
ssh-keycat$(EXEEXT): $(LIBCOMPAT) $(SSHDOBJS) libssh.a ssh-keycat.o uidswap.o
- $(LD) -o $@ ssh-keycat.o uidswap.o $(LDFLAGS) -lssh -lopenbsd-compat -lfipscheck $(KEYCATLIBS) $(LIBS)
+ $(LD) -o $@ ssh-keycat.o uidswap.o $(LDFLAGS) -lssh -lopenbsd-compat $(KEYCATLIBS) $(LIBS)
+ctr-cavstest$(EXEEXT): $(LIBCOMPAT) libssh.a ctr-cavstest.o
-+ $(LD) -o $@ ctr-cavstest.o $(LDFLAGS) -lssh -lopenbsd-compat -lssh -lfipscheck $(LIBS)
++ $(LD) -o $@ ctr-cavstest.o $(LDFLAGS) -lssh -lopenbsd-compat -lssh $(LIBS)
+
ssh-keyscan$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-keyscan.o
$(LD) -o $@ ssh-keyscan.o $(LDFLAGS) -lssh -lopenbsd-compat -lssh $(LIBS)
diff --git a/SOURCES/openssh-6.6p1-keycat.patch b/SOURCES/openssh-6.6p1-keycat.patch
index e22a5f3..c658a87 100644
--- a/SOURCES/openssh-6.6p1-keycat.patch
+++ b/SOURCES/openssh-6.6p1-keycat.patch
@@ -62,10 +62,10 @@ diff -up openssh/Makefile.in.keycat openssh/Makefile.in
ssh-xmss.o \
@@ -190,6 +191,9 @@ ssh-pkcs11-helper$(EXEEXT): $(LIBCOMPAT)
ssh-ldap-helper$(EXEEXT): $(LIBCOMPAT) libssh.a ldapconf.o ldapbody.o ldapmisc.o ldap-helper.o
- $(LD) -o $@ ldapconf.o ldapbody.o ldapmisc.o ldap-helper.o $(LDFLAGS) -lssh -lopenbsd-compat -lssh -lopenbsd-compat -lfipscheck $(LIBS) $(LDAPLIBS)
+ $(LD) -o $@ ldapconf.o ldapbody.o ldapmisc.o ldap-helper.o $(LDFLAGS) -lssh -lopenbsd-compat -lssh -lopenbsd-compat $(LIBS) $(LDAPLIBS)
+ssh-keycat$(EXEEXT): $(LIBCOMPAT) $(SSHDOBJS) libssh.a ssh-keycat.o uidswap.o
-+ $(LD) -o $@ ssh-keycat.o uidswap.o $(LDFLAGS) -lssh -lopenbsd-compat -lfipscheck $(KEYCATLIBS) $(LIBS)
++ $(LD) -o $@ ssh-keycat.o uidswap.o $(LDFLAGS) -lssh -lopenbsd-compat $(KEYCATLIBS) $(LIBS)
+
ssh-keyscan$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-keyscan.o
$(LD) -o $@ ssh-keyscan.o $(LDFLAGS) -lssh -lopenbsd-compat -lssh $(LIBS)
diff --git a/SOURCES/openssh-6.7p1-kdf-cavs.patch b/SOURCES/openssh-6.7p1-kdf-cavs.patch
index a5beb8c..549cde4 100644
--- a/SOURCES/openssh-6.7p1-kdf-cavs.patch
+++ b/SOURCES/openssh-6.7p1-kdf-cavs.patch
@@ -20,7 +20,7 @@ diff -up openssh-6.8p1/Makefile.in.kdf-cavs openssh-6.8p1/Makefile.in
ssh-xmss.o \
@@ -198,6 +199,9 @@ ssh-keycat$(EXEEXT): $(LIBCOMPAT) $(SSHD
ctr-cavstest$(EXEEXT): $(LIBCOMPAT) libssh.a ctr-cavstest.o
- $(LD) -o $@ ctr-cavstest.o $(LDFLAGS) -lssh -lopenbsd-compat -lssh -lfipscheck $(LIBS)
+ $(LD) -o $@ ctr-cavstest.o $(LDFLAGS) -lssh -lopenbsd-compat -lssh $(LIBS)
+ssh-cavs$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-cavs.o
+ $(LD) -o $@ ssh-cavs.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS)
diff --git a/SOURCES/openssh-6.7p1-ldap.patch b/SOURCES/openssh-6.7p1-ldap.patch
index a8770e0..e5de1bb 100644
--- a/SOURCES/openssh-6.7p1-ldap.patch
+++ b/SOURCES/openssh-6.7p1-ldap.patch
@@ -171,7 +171,7 @@ diff -up openssh-6.8p1/Makefile.in.ldap openssh-6.8p1/Makefile.in
$(LD) -o $@ ssh-pkcs11-helper.o ssh-pkcs11.o $(LDFLAGS) -lssh -lopenbsd-compat -lssh -lopenbsd-compat $(LIBS)
+ssh-ldap-helper$(EXEEXT): $(LIBCOMPAT) libssh.a ldapconf.o ldapbody.o ldapmisc.o ldap-helper.o
-+ $(LD) -o $@ ldapconf.o ldapbody.o ldapmisc.o ldap-helper.o $(LDFLAGS) -lssh -lopenbsd-compat -lssh -lopenbsd-compat -lfipscheck $(LIBS) $(LDAPLIBS)
++ $(LD) -o $@ ldapconf.o ldapbody.o ldapmisc.o ldap-helper.o $(LDFLAGS) -lssh -lopenbsd-compat -lssh -lopenbsd-compat $(LIBS) $(LDAPLIBS)
+
ssh-keyscan$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-keyscan.o
$(LD) -o $@ ssh-keyscan.o $(LDFLAGS) -lssh -lopenbsd-compat -lssh $(LIBS)
diff --git a/SOURCES/openssh-7.7p1-fips.patch b/SOURCES/openssh-7.7p1-fips.patch
index 90b4fba..32091e3 100644
--- a/SOURCES/openssh-7.7p1-fips.patch
+++ b/SOURCES/openssh-7.7p1-fips.patch
@@ -127,50 +127,6 @@ diff -up openssh-7.9p1/kexgexc.c.fips openssh-7.9p1/kexgexc.c
p = g = NULL; /* belong to kex->dh now */
/* generate and send 'e', client DH public key */
-diff -up openssh-7.9p1/Makefile.in.fips openssh-7.9p1/Makefile.in
---- openssh-7.9p1/Makefile.in.fips 2019-03-11 17:06:37.615877984 +0100
-+++ openssh-7.9p1/Makefile.in 2019-03-11 17:06:37.621878041 +0100
-@@ -179,25 +179,25 @@ libssh.a: $(LIBSSH_OBJS)
- $(RANLIB) $@
-
- ssh$(EXEEXT): $(LIBCOMPAT) libssh.a $(SSHOBJS)
-- $(LD) -o $@ $(SSHOBJS) $(LDFLAGS) -lssh -lopenbsd-compat $(SSHLIBS) $(LIBS) $(GSSLIBS)
-+ $(LD) -o $@ $(SSHOBJS) $(LDFLAGS) -lssh -lopenbsd-compat -lfipscheck $(SSHLIBS) $(LIBS) $(GSSLIBS)
-
- sshd$(EXEEXT): libssh.a $(LIBCOMPAT) $(SSHDOBJS)
-- $(LD) -o $@ $(SSHDOBJS) $(LDFLAGS) -lssh -lopenbsd-compat $(SSHDLIBS) $(LIBS) $(GSSLIBS) $(K5LIBS)
-+ $(LD) -o $@ $(SSHDOBJS) $(LDFLAGS) -lssh -lopenbsd-compat -lfipscheck $(SSHDLIBS) $(LIBS) $(GSSLIBS) $(K5LIBS)
-
- scp$(EXEEXT): $(LIBCOMPAT) libssh.a scp.o progressmeter.o
- $(LD) -o $@ scp.o progressmeter.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS)
-
- ssh-add$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-add.o
-- $(LD) -o $@ ssh-add.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS)
-+ $(LD) -o $@ ssh-add.o $(LDFLAGS) -lssh -lopenbsd-compat -lfipscheck $(LIBS)
-
- ssh-agent$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-agent.o ssh-pkcs11-client.o
-- $(LD) -o $@ ssh-agent.o ssh-pkcs11-client.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS)
-+ $(LD) -o $@ ssh-agent.o ssh-pkcs11-client.o $(LDFLAGS) -lssh -lopenbsd-compat -lfipscheck $(LIBS)
-
- ssh-keygen$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-keygen.o
-- $(LD) -o $@ ssh-keygen.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS)
-+ $(LD) -o $@ ssh-keygen.o $(LDFLAGS) -lssh -lopenbsd-compat -lfipscheck $(LIBS)
-
- ssh-keysign$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-keysign.o readconf.o uidswap.o compat.o
-- $(LD) -o $@ ssh-keysign.o readconf.o uidswap.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS)
-+ $(LD) -o $@ ssh-keysign.o readconf.o uidswap.o $(LDFLAGS) -lssh -lopenbsd-compat -lfipscheck $(LIBS)
-
- ssh-pkcs11-helper$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-pkcs11-helper.o ssh-pkcs11.o
- $(LD) -o $@ ssh-pkcs11-helper.o ssh-pkcs11.o $(LDFLAGS) -lssh -lopenbsd-compat -lssh -lopenbsd-compat $(LIBS)
-@@ -215,7 +215,7 @@ ssh-cavs$(EXEEXT): $(LIBCOMPAT) libssh.a
- $(LD) -o $@ ssh-cavs.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS)
-
- ssh-keyscan$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-keyscan.o
-- $(LD) -o $@ ssh-keyscan.o $(LDFLAGS) -lssh -lopenbsd-compat -lssh $(LIBS)
-+ $(LD) -o $@ ssh-keyscan.o $(LDFLAGS) -lssh -lopenbsd-compat -lssh -lfipscheck $(LIBS)
-
- sftp-server$(EXEEXT): $(LIBCOMPAT) libssh.a sftp.o sftp-common.o sftp-server.o sftp-server-main.o
- $(LD) -o $@ sftp-server.o sftp-common.o sftp-server-main.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS)
diff -up openssh-7.9p1/myproposal.h.fips openssh-7.9p1/myproposal.h
--- openssh-7.9p1/myproposal.h.fips 2018-10-17 02:01:20.000000000 +0200
+++ openssh-7.9p1/myproposal.h 2019-03-11 17:06:37.621878041 +0100
@@ -309,43 +265,25 @@ diff -up openssh-7.9p1/servconf.c.fips openssh-7.9p1/servconf.c
diff -up openssh-7.9p1/ssh.c.fips openssh-7.9p1/ssh.c
--- openssh-7.9p1/ssh.c.fips 2019-03-11 17:06:37.602877862 +0100
+++ openssh-7.9p1/ssh.c 2019-03-11 17:06:37.623878060 +0100
-@@ -76,6 +76,8 @@
+@@ -76,6 +76,7 @@
#include <openssl/evp.h>
#include <openssl/err.h>
#endif
+#include <openssl/crypto.h>
-+#include <fipscheck.h>
#include "openbsd-compat/openssl-compat.h"
#include "openbsd-compat/sys-queue.h"
-@@ -600,6 +602,16 @@ main(int ac, char **av)
- sanitise_stdfd();
-
- __progname = ssh_get_progname(av[0]);
-+#if OPENSSL_VERSION_NUMBER < 0x10100000L
-+ SSLeay_add_all_algorithms();
-+#endif
-+ if (access("/etc/system-fips", F_OK) == 0)
-+ if (! FIPSCHECK_verify(NULL, NULL)){
-+ if (FIPS_mode())
-+ fatal("FIPS integrity verification test failed.");
-+ else
-+ logit("FIPS integrity verification test failed.");
-+ }
-
- #ifndef HAVE_SETPROCTITLE
- /* Prepare for later setproctitle emulation */
@@ -1283,6 +1294,10 @@ main(int ac, char **av)
-
- seed_rng();
-
-+ if (FIPS_mode()) {
-+ logit("FIPS mode initialized");
-+ }
+ dump_client_config(&options, host);
+ exit(0);
+ }
+
- /*
- * Discard other fds that are hanging around. These can cause problem
- * with backgrounded ssh processes started by ControlPersist.
++ if (FIPS_mode()) {
++ debug("FIPS mode initialized");
++ }
+
+ if (muxclient_command != 0 && options.control_path == NULL)
+ fatal("No ControlPath specified for \"-O\" command");
diff -up openssh-7.9p1/sshconnect2.c.fips openssh-7.9p1/sshconnect2.c
--- openssh-7.9p1/sshconnect2.c.fips 2019-03-11 17:06:37.580877655 +0100
+++ openssh-7.9p1/sshconnect2.c 2019-03-11 17:06:37.623878060 +0100
@@ -387,7 +325,7 @@ diff -up openssh-7.9p1/sshconnect2.c.fips openssh-7.9p1/sshconnect2.c
/* Prefer algorithms that we already have keys for */
myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] =
compat_pkalg_proposal(
-@@ -201,29 +201,34 @@ ssh_kex2(char *host, struct sockaddr *ho
+@@ -201,35 +201,40 @@ ssh_kex2(char *host, struct sockaddr *ho
#if defined(GSSAPI) && defined(WITH_OPENSSL)
if (options.gss_keyex) {
@@ -395,12 +333,18 @@ diff -up openssh-7.9p1/sshconnect2.c.fips openssh-7.9p1/sshconnect2.c
- * client to the key exchange algorithm proposal */
- orig = myproposal[PROPOSAL_KEX_ALGS];
-
-- if (options.gss_server_identity)
+- if (options.gss_server_identity) {
- gss_host = xstrdup(options.gss_server_identity);
-- else if (options.gss_trust_dns)
+- } else if (options.gss_trust_dns) {
- gss_host = remote_hostname(ssh);
-- else
+- /* Fall back to specified host if we are using proxy command
+- * and can not use DNS on that socket */
+- if (strcmp(gss_host, "UNKNOWN") == 0) {
+- gss_host = xstrdup(host);
+- }
+- } else {
- gss_host = xstrdup(host);
+- }
-
- gss = ssh_gssapi_client_mechanisms(gss_host,
- options.gss_client_identity, options.gss_kex_algorithms);
@@ -422,12 +366,18 @@ diff -up openssh-7.9p1/sshconnect2.c.fips openssh-7.9p1/sshconnect2.c
+ * client to the key exchange algorithm proposal */
+ orig = myproposal[PROPOSAL_KEX_ALGS];
+
-+ if (options.gss_server_identity)
++ if (options.gss_server_identity) {
+ gss_host = xstrdup(options.gss_server_identity);
-+ else if (options.gss_trust_dns)
++ } else if (options.gss_trust_dns) {
+ gss_host = remote_hostname(ssh);
-+ else
++ /* Fall back to specified host if we are using proxy command
++ * and can not use DNS on that socket */
++ if (strcmp(gss_host, "UNKNOWN") == 0) {
++ gss_host = xstrdup(host);
++ }
++ } else {
+ gss_host = xstrdup(host);
++ }
+
+ gss = ssh_gssapi_client_mechanisms(gss_host,
+ options.gss_client_identity, options.gss_kex_algorithms);
@@ -456,31 +406,19 @@ diff -up openssh-7.9p1/sshd.c.fips openssh-7.9p1/sshd.c
#include <stdarg.h>
#include <stdio.h>
#include <stdlib.h>
-@@ -77,6 +78,8 @@
+@@ -77,6 +78,7 @@
#include <openssl/dh.h>
#include <openssl/bn.h>
#include <openssl/rand.h>
+#include <openssl/crypto.h>
-+#include <fipscheck.h>
#include "openbsd-compat/openssl-compat.h"
#endif
-@@ -1581,6 +1584,18 @@ main(int ac, char **av)
+@@ -1581,6 +1584,7 @@ main(int ac, char **av)
#endif
__progname = ssh_get_progname(av[0]);
+ OpenSSL_add_all_algorithms();
-+ if (access("/etc/system-fips", F_OK) == 0)
-+ if (! FIPSCHECK_verify(NULL, NULL)) {
-+ openlog(__progname, LOG_PID, LOG_AUTHPRIV);
-+ if (FIPS_mode()) {
-+ syslog(LOG_CRIT, "FIPS integrity verification test failed.");
-+ cleanup_exit(255);
-+ }
-+ else
-+ syslog(LOG_INFO, "FIPS integrity verification test failed.");
-+ closelog();
-+ }
/* Save argv. Duplicate so setproctitle emulation doesn't clobber it */
saved_argc = ac;
rexec_argc = ac;
@@ -489,7 +427,7 @@ diff -up openssh-7.9p1/sshd.c.fips openssh-7.9p1/sshd.c
log_init(__progname, options.log_level, options.log_facility, log_stderr);
+ if (FIPS_mode()) {
-+ logit("FIPS mode initialized");
++ debug("FIPS mode initialized");
+ }
+
/* Chdir to the root directory so that the current disk can be
diff --git a/SOURCES/openssh-7.7p1-redhat.patch b/SOURCES/openssh-7.7p1-redhat.patch
index 6fd9daf..1c1d778 100644
--- a/SOURCES/openssh-7.7p1-redhat.patch
+++ b/SOURCES/openssh-7.7p1-redhat.patch
@@ -1,11 +1,12 @@
diff -up openssh-7.7p1/ssh_config.redhat openssh-7.7p1/ssh_config
--- openssh-7.7p1/ssh_config.redhat 2018-04-02 07:38:28.000000000 +0200
+++ openssh-7.7p1/ssh_config 2018-07-03 10:44:06.522245125 +0200
-@@ -44,3 +44,7 @@
+@@ -44,3 +44,8 @@
# VisualHostKey no
# ProxyCommand ssh -q -W %h:%p gateway.example.com
# RekeyLimit 1G 1h
+#
++# This system is following system-wide crypto policy.
+# To modify the system-wide ssh configuration, create a *.conf file under
+# /etc/ssh/ssh_config.d/ which will be automatically included below
+Include /etc/ssh/ssh_config.d/*.conf
@@ -66,7 +67,7 @@ diff -up openssh-7.7p1/sshd_config.5.redhat openssh-7.7p1/sshd_config.5
diff -up openssh-7.7p1/sshd_config.redhat openssh-7.7p1/sshd_config
--- openssh-7.7p1/sshd_config.redhat 2018-04-02 07:38:28.000000000 +0200
+++ openssh-7.7p1/sshd_config 2018-07-03 10:45:16.950782466 +0200
-@@ -10,20 +10,34 @@
+@@ -10,20 +10,31 @@
# possible, but leave them commented. Uncommented options override the
# default value.
@@ -89,14 +90,11 @@ diff -up openssh-7.7p1/sshd_config.redhat openssh-7.7p1/sshd_config
# Ciphers and keying
#RekeyLimit default none
-+# System-wide Crypto policy:
+# This system is following system-wide crypto policy. The changes to
-+# Ciphers, MACs, KexAlgoritms and GSSAPIKexAlgorithsm will not have any
-+# effect here. They will be overridden by command-line options passed on
-+# the server start up.
-+# To opt out, uncomment a line with redefinition of CRYPTO_POLICY=
-+# variable in /etc/sysconfig/sshd to overwrite the policy.
-+# For more information, see manual page for update-crypto-policies(8).
++# crypto properties (Ciphers, MACs, ...) will not have any effect here.
++# They will be overridden by command-line options passed to the server
++# on command line.
++# Please, check manual pages for update-crypto-policies(8) and sshd_config(5).
+
# Logging
#SyslogFacility AUTH
diff --git a/SOURCES/openssh-8.0p1-crypto-policies.patch b/SOURCES/openssh-8.0p1-crypto-policies.patch
index ffd4bae..5dc2289 100644
--- a/SOURCES/openssh-8.0p1-crypto-policies.patch
+++ b/SOURCES/openssh-8.0p1-crypto-policies.patch
@@ -1,7 +1,55 @@
diff -up openssh-8.0p1/ssh_config.5.crypto-policies openssh-8.0p1/ssh_config.5
---- openssh-8.0p1/ssh_config.5.crypto-policies 2019-05-13 14:04:01.999099570 +0200
-+++ openssh-8.0p1/ssh_config.5 2019-05-13 14:12:36.343923071 +0200
-@@ -445,12 +445,10 @@ aes256-gcm@openssh.com
+--- openssh-8.0p1/ssh_config.5.crypto-policies 2020-03-24 17:32:54.821789205 +0100
++++ openssh-8.0p1/ssh_config.5 2020-03-24 17:59:58.174122920 +0100
+@@ -357,17 +357,17 @@ or
+ .Qq *.c.example.com
+ domains.
+ .It Cm CASignatureAlgorithms
++The default is handled system-wide by
++.Xr crypto-policies 7 .
++To see the current defaults and how to modify them, see manual page
++.Xr update-crypto-policies 8 .
++.Pp
+ Specifies which algorithms are allowed for signing of certificates
+ by certificate authorities (CAs).
+-The default is:
+-.Bd -literal -offset indent
+-ecdsa-sha2-nistp256.ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,
+-ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa
+-.Ed
+-.Pp
+ .Xr ssh 1
+ will not accept host certificates signed using algorithms other than those
+ specified.
++.Pp
+ .It Cm CertificateFile
+ Specifies a file from which the user's certificate is read.
+ A corresponding private key must be provided separately in order
+@@ -420,16 +420,21 @@ If the option is set to
+ .Cm no ,
+ the check will not be executed.
+ .It Cm Ciphers
++The default is handled system-wide by
++.Xr crypto-policies 7 .
++To see the current defaults and how to modify them, see manual page
++.Xr update-crypto-policies 8 .
++.Pp
+ Specifies the ciphers allowed and their order of preference.
+ Multiple ciphers must be comma-separated.
+ If the specified value begins with a
+ .Sq +
+-character, then the specified ciphers will be appended to the default set
++character, then the specified ciphers will be appended to the built-in default set
+ instead of replacing them.
+ If the specified value begins with a
+ .Sq -
+ character, then the specified ciphers (including wildcards) will be removed
+-from the default set instead of replacing them.
++from the built-in default set instead of replacing them.
+ .Pp
+ The supported ciphers are:
+ .Bd -literal -offset indent
+@@ -445,13 +450,6 @@ aes256-gcm@openssh.com
chacha20-poly1305@openssh.com
.Ed
.Pp
@@ -11,30 +59,53 @@ diff -up openssh-8.0p1/ssh_config.5.crypto-policies openssh-8.0p1/ssh_config.5
-aes128-ctr,aes192-ctr,aes256-ctr,
-aes128-gcm@openssh.com,aes256-gcm@openssh.com
-.Ed
-+The default is handled system-wide by
-+.Xr crypto-policies 7 .
-+To see the defaults and how to modify this default, see manual page
-+.Xr update-crypto-policies 8 .
- .Pp
+-.Pp
The list of available ciphers may also be obtained using
.Qq ssh -Q cipher .
-@@ -812,8 +810,10 @@ gss-nistp256-sha256-,
+ .It Cm ClearAllForwardings
+@@ -800,6 +798,11 @@ command line will be passed untouched to
+ The default is
+ .Dq no .
+ .It Cm GSSAPIKexAlgorithms
++The default is handled system-wide by
++.Xr crypto-policies 7 .
++To see the current defaults and how to modify them, see manual page
++.Xr update-crypto-policies 8 .
++.Pp
+ The list of key exchange algorithms that are offered for GSSAPI
+ key exchange. Possible values are
+ .Bd -literal -offset 3n
+@@ -812,9 +815,8 @@ gss-nistp256-sha256-,
gss-curve25519-sha256-
.Ed
.Pp
-The default is
--.Dq gss-gex-sha1-,gss-group14-sha1- .
-+The default is handled system-wide by
-+.Xr crypto-policies 7 .
-+To see the defaults and how to modify this default, see manual page
-+.Xr update-crypto-policies 8 .
- This option only applies to protocol version 2 connections using GSSAPI.
+-.Dq gss-group14-sha256-,gss-group16-sha512-,gss-nistp256-sha256-,gss-curve25519-sha256-,gss-group14-sha1-,gss-gex-sha1- .
+ This option only applies to connections using GSSAPI.
++.Pp
.It Cm HashKnownHosts
Indicates that
-@@ -1123,16 +1123,10 @@ If the specified value begins with a
+ .Xr ssh 1
+@@ -1114,26 +1115,21 @@ it may be zero or more of:
+ and
+ .Cm pam .
+ .It Cm KexAlgorithms
++The default is handled system-wide by
++.Xr crypto-policies 7 .
++To see the current defaults and how to modify them, see manual page
++.Xr update-crypto-policies 8 .
++.Pp
+ Specifies the available KEX (Key Exchange) algorithms.
+ Multiple algorithms must be comma-separated.
+ Alternately if the specified value begins with a
+ .Sq +
+-character, then the specified methods will be appended to the default set
++character, then the specified methods will be appended to the built-in default set
+ instead of replacing them.
+ If the specified value begins with a
.Sq -
character, then the specified methods (including wildcards) will be removed
- from the default set instead of replacing them.
+-from the default set instead of replacing them.
-The default is:
-.Bd -literal -offset indent
-curve25519-sha256,curve25519-sha256@libssh.org,
@@ -45,14 +116,36 @@ diff -up openssh-8.0p1/ssh_config.5.crypto-policies openssh-8.0p1/ssh_config.5
-diffie-hellman-group14-sha256,
-diffie-hellman-group14-sha1
-.Ed
-+The default is handled system-wide by
-+.Xr crypto-policies 7 .
-+To see the defaults and how to modify this default, see manual page
-+.Xr update-crypto-policies 8 .
++from the built-in default set instead of replacing them.
.Pp
The list of available key exchange algorithms may also be obtained using
.Qq ssh -Q kex .
-@@ -1210,14 +1204,10 @@ The algorithms that contain
+@@ -1193,33 +1189,29 @@ The default is INFO.
+ DEBUG and DEBUG1 are equivalent.
+ DEBUG2 and DEBUG3 each specify higher levels of verbose output.
+ .It Cm MACs
++The default is handled system-wide by
++.Xr crypto-policies 7 .
++To see the current defaults and how to modify them, see manual page
++.Xr update-crypto-policies 8 .
++.Pp
+ Specifies the MAC (message authentication code) algorithms
+ in order of preference.
+ The MAC algorithm is used for data integrity protection.
+ Multiple algorithms must be comma-separated.
+ If the specified value begins with a
+ .Sq +
+-character, then the specified algorithms will be appended to the default set
++character, then the specified algorithms will be appended to the built-in default set
+ instead of replacing them.
+ If the specified value begins with a
+ .Sq -
+ character, then the specified algorithms (including wildcards) will be removed
+-from the default set instead of replacing them.
++from the built-in default set instead of replacing them.
+ .Pp
+ The algorithms that contain
+ .Qq -etm
calculate the MAC after encryption (encrypt-then-mac).
These are considered safer and their use recommended.
.Pp
@@ -64,17 +157,30 @@ diff -up openssh-8.0p1/ssh_config.5.crypto-policies openssh-8.0p1/ssh_config.5
-umac-64@openssh.com,umac-128@openssh.com,
-hmac-sha2-256,hmac-sha2-512,hmac-sha1
-.Ed
-+The default is handled system-wide by
-+.Xr crypto-policies 7 .
-+To see the defaults and how to modify this default, see manual page
-+.Xr update-crypto-policies 8 .
- .Pp
+-.Pp
The list of available MAC algorithms may also be obtained using
.Qq ssh -Q mac .
-@@ -1361,17 +1351,10 @@ If the specified value begins with a
+ .It Cm NoHostAuthenticationForLocalhost
+@@ -1352,27 +1344,21 @@ instead of continuing to execute and pas
+ The default is
+ .Cm no .
+ .It Cm PubkeyAcceptedKeyTypes
++The default is handled system-wide by
++.Xr crypto-policies 7 .
++To see the current defaults and how to modify them, see manual page
++.Xr update-crypto-policies 8 .
++.Pp
+ Specifies the key types that will be used for public key authentication
+ as a comma-separated list of patterns.
+ Alternately if the specified value begins with a
+ .Sq +
+-character, then the key types after it will be appended to the default
++character, then the key types after it will be appended to the built-in default
+ instead of replacing it.
+ If the specified value begins with a
.Sq -
character, then the specified key types (including wildcards) will be removed
- from the default set instead of replacing them.
+-from the default set instead of replacing them.
-The default for this option is:
-.Bd -literal -offset 3n
-ecdsa-sha2-nistp256-cert-v01@openssh.com,
@@ -86,17 +192,61 @@ diff -up openssh-8.0p1/ssh_config.5.crypto-policies openssh-8.0p1/ssh_config.5
-ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,
-ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa
-.Ed
-+The default is handled system-wide by
-+.Xr crypto-policies 7 .
-+To see the defaults and how to modify this default, see manual page
-+.Xr update-crypto-policies 8 .
++from the built-in default set instead of replacing them.
.Pp
The list of available key types may also be obtained using
.Qq ssh -Q key .
diff -up openssh-8.0p1/sshd_config.5.crypto-policies openssh-8.0p1/sshd_config.5
---- openssh-8.0p1/sshd_config.5.crypto-policies 2019-05-13 14:12:41.226968863 +0200
-+++ openssh-8.0p1/sshd_config.5 2019-05-13 14:15:14.581406997 +0200
-@@ -490,12 +490,10 @@ aes256-gcm@openssh.com
+--- openssh-8.0p1/sshd_config.5.crypto-policies 2020-03-24 17:32:54.802788908 +0100
++++ openssh-8.0p1/sshd_config.5 2020-03-24 17:54:13.347740176 +0100
+@@ -383,16 +383,16 @@ If the argument is
+ then no banner is displayed.
+ By default, no banner is displayed.
+ .It Cm CASignatureAlgorithms
++The default is handled system-wide by
++.Xr crypto-policies 7 .
++To see the current defaults and how to modify them, see manual page
++.Xr update-crypto-policies 8 .
++.Pp
+ Specifies which algorithms are allowed for signing of certificates
+ by certificate authorities (CAs).
+-The default is:
+-.Bd -literal -offset indent
+-ecdsa-sha2-nistp256.ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,
+-ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa
+-.Ed
+-.Pp
+ Certificates signed using other algorithms will not be accepted for
+ public key or host-based authentication.
++.Pp
+ .It Cm ChallengeResponseAuthentication
+ Specifies whether challenge-response authentication is allowed (e.g. via
+ PAM or through authentication styles supported in
+@@ -454,16 +454,21 @@ The default is
+ indicating not to
+ .Xr chroot 2 .
+ .It Cm Ciphers
++The default is handled system-wide by
++.Xr crypto-policies 7 .
++To see the current defaults and how to modify them, see manual page
++.Xr update-crypto-policies 8 .
++.Pp
+ Specifies the ciphers allowed.
+ Multiple ciphers must be comma-separated.
+ If the specified value begins with a
+ .Sq +
+-character, then the specified ciphers will be appended to the default set
++character, then the specified ciphers will be appended to the built-in default set
+ instead of replacing them.
+ If the specified value begins with a
+ .Sq -
+ character, then the specified ciphers (including wildcards) will be removed
+-from the default set instead of replacing them.
++from the built-in default set instead of replacing them.
+ .Pp
+ The supported ciphers are:
+ .Pp
+@@ -490,13 +495,6 @@ aes256-gcm@openssh.com
chacha20-poly1305@openssh.com
.El
.Pp
@@ -106,28 +256,40 @@ diff -up openssh-8.0p1/sshd_config.5.crypto-policies openssh-8.0p1/sshd_config.5
-aes128-ctr,aes192-ctr,aes256-ctr,
-aes128-gcm@openssh.com,aes256-gcm@openssh.com
-.Ed
-+The default is handled system-wide by
-+.Xr crypto-policies 7 .
-+To see the defaults and how to modify this default, see manual page
-+.Xr update-crypto-policies 8 .
- .Pp
+-.Pp
The list of available ciphers may also be obtained using
.Qq ssh -Q cipher .
-@@ -700,8 +698,10 @@ gss-nistp256-sha256-,
+ .It Cm ClientAliveCountMax
+@@ -688,6 +686,11 @@ For this to work
+ .Cm GSSAPIKeyExchange
+ needs to be enabled in the server and also used by the client.
+ .It Cm GSSAPIKexAlgorithms
++The default is handled system-wide by
++.Xr crypto-policies 7 .
++To see the current defaults and how to modify them, see manual page
++.Xr update-crypto-policies 8 .
++.Pp
+ The list of key exchange algorithms that are accepted by GSSAPI
+ key exchange. Possible values are
+ .Bd -literal -offset 3n
+@@ -700,8 +703,6 @@ gss-nistp256-sha256-,
gss-curve25519-sha256-
.Ed
.Pp
-The default is
--.Dq gss-gex-sha1-,gss-group14-sha1- .
-+The default is handled system-wide by
-+.Xr crypto-policies 7 .
-+To see the defaults and how to modify this default, see manual page
-+.Xr update-crypto-policies 8 .
- This option only applies to protocol version 2 connections using GSSAPI.
+-.Dq gss-group14-sha256-,gss-group16-sha512-,gss-nistp256-sha256-,gss-curve25519-sha256-,gss-group14-sha1-,gss-gex-sha1- .
+ This option only applies to connections using GSSAPI.
.It Cm HostbasedAcceptedKeyTypes
Specifies the key types that will be accepted for hostbased authentication
-@@ -792,17 +792,10 @@ environment variable.
+@@ -791,19 +791,13 @@ is specified, the location of the socket
+ .Ev SSH_AUTH_SOCK
+ environment variable.
.It Cm HostKeyAlgorithms
++The default is handled system-wide by
++.Xr crypto-policies 7 .
++To see the current defaults and how to modify them, see manual page
++.Xr update-crypto-policies 8 .
++.Pp
Specifies the host key algorithms
that the server offers.
-The default for this option is:
@@ -141,14 +303,34 @@ diff -up openssh-8.0p1/sshd_config.5.crypto-policies openssh-8.0p1/sshd_config.5
-ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,
-ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa
-.Ed
-+The default is handled system-wide by
-+.Xr crypto-policies 7 .
-+To see the defaults and how to modify this default, see manual page
-+.Xr update-crypto-policies 8 .
.Pp
The list of available key types may also be obtained using
.Qq ssh -Q key .
-@@ -960,14 +953,10 @@ ecdh-sha2-nistp384
+@@ -922,16 +916,21 @@ Specifies whether to look at .k5login fi
+ The default is
+ .Cm yes .
+ .It Cm KexAlgorithms
++The default is handled system-wide by
++.Xr crypto-policies 7 .
++To see the current defaults and how to modify them, see manual page
++.Xr update-crypto-policies 8 .
++.Pp
+ Specifies the available KEX (Key Exchange) algorithms.
+ Multiple algorithms must be comma-separated.
+ Alternately if the specified value begins with a
+ .Sq +
+-character, then the specified methods will be appended to the default set
++character, then the specified methods will be appended to the built-in default set
+ instead of replacing them.
+ If the specified value begins with a
+ .Sq -
+ character, then the specified methods (including wildcards) will be removed
+-from the default set instead of replacing them.
++from the built-in default set instead of replacing them.
+ The supported algorithms are:
+ .Pp
+ .Bl -item -compact -offset indent
+@@ -961,15 +960,6 @@ ecdh-sha2-nistp384
ecdh-sha2-nistp521
.El
.Pp
@@ -160,14 +342,36 @@ diff -up openssh-8.0p1/sshd_config.5.crypto-policies openssh-8.0p1/sshd_config.5
-diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,
-diffie-hellman-group14-sha256,diffie-hellman-group14-sha1
-.Ed
-+The default is handled system-wide by
-+.Xr crypto-policies 7 .
-+To see the defaults and how to modify this default, see manual page
-+.Xr update-crypto-policies 8 .
- .Pp
+-.Pp
The list of available key exchange algorithms may also be obtained using
.Qq ssh -Q kex .
-@@ -1090,14 +1079,10 @@ umac-64-etm@openssh.com
+ .It Cm ListenAddress
+@@ -1038,17 +1028,22 @@ DEBUG and DEBUG1 are equivalent.
+ DEBUG2 and DEBUG3 each specify higher levels of debugging output.
+ Logging with a DEBUG level violates the privacy of users and is not recommended.
+ .It Cm MACs
++The default is handled system-wide by
++.Xr crypto-policies 7 .
++To see the current defaults and how to modify them, see manual page
++.Xr update-crypto-policies 8 .
++.Pp
+ Specifies the available MAC (message authentication code) algorithms.
+ The MAC algorithm is used for data integrity protection.
+ Multiple algorithms must be comma-separated.
+ If the specified value begins with a
+ .Sq +
+-character, then the specified algorithms will be appended to the default set
++character, then the specified algorithms will be appended to the built-in default set
+ instead of replacing them.
+ If the specified value begins with a
+ .Sq -
+ character, then the specified algorithms (including wildcards) will be removed
+-from the default set instead of replacing them.
++from the built-in default set instead of replacing them.
+ .Pp
+ The algorithms that contain
+ .Qq -etm
+@@ -1091,15 +1086,6 @@ umac-64-etm@openssh.com
umac-128-etm@openssh.com
.El
.Pp
@@ -179,17 +383,30 @@ diff -up openssh-8.0p1/sshd_config.5.crypto-policies openssh-8.0p1/sshd_config.5
-umac-64@openssh.com,umac-128@openssh.com,
-hmac-sha2-256,hmac-sha2-512,hmac-sha1
-.Ed
-+The default is handled system-wide by
-+.Xr crypto-policies 7 .
-+To see the defaults and how to modify this default, see manual page
-+.Xr update-crypto-policies 8 .
- .Pp
+-.Pp
The list of available MAC algorithms may also be obtained using
.Qq ssh -Q mac .
-@@ -1455,17 +1440,10 @@ If the specified value begins with a
+ .It Cm Match
+@@ -1446,27 +1432,21 @@ or equivalent.)
+ The default is
+ .Cm yes .
+ .It Cm PubkeyAcceptedKeyTypes
++The default is handled system-wide by
++.Xr crypto-policies 7 .
++To see the current defaults and how to modify them, see manual page
++.Xr update-crypto-policies 8 .
++.Pp
+ Specifies the key types that will be accepted for public key authentication
+ as a list of comma-separated patterns.
+ Alternately if the specified value begins with a
+ .Sq +
+-character, then the specified key types will be appended to the default set
++character, then the specified key types will be appended to the built-in default set
+ instead of replacing them.
+ If the specified value begins with a
.Sq -
character, then the specified key types (including wildcards) will be removed
- from the default set instead of replacing them.
+-from the default set instead of replacing them.
-The default for this option is:
-.Bd -literal -offset 3n
-ecdsa-sha2-nistp256-cert-v01@openssh.com,
@@ -201,10 +418,7 @@ diff -up openssh-8.0p1/sshd_config.5.crypto-policies openssh-8.0p1/sshd_config.5
-ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,
-ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa
-.Ed
-+The default is handled system-wide by
-+.Xr crypto-policies 7 .
-+To see the defaults and how to modify this default, see manual page
-+.Xr update-crypto-policies 8 .
++from the built-in default set instead of replacing them.
.Pp
The list of available key types may also be obtained using
.Qq ssh -Q key .
diff --git a/SOURCES/openssh-8.0p1-entropy.patch b/SOURCES/openssh-8.0p1-entropy.patch
new file mode 100644
index 0000000..5dfee95
--- /dev/null
+++ b/SOURCES/openssh-8.0p1-entropy.patch
@@ -0,0 +1,302 @@
+diff --git a/entropy.c b/entropy.c
+index 2d483b3..b361a04 100644
+--- a/entropy.c
++++ b/entropy.c
+@@ -234,6 +234,9 @@ seed_rng(void)
+ }
+ #endif /* OPENSSL_PRNG_ONLY */
+
++#ifdef __linux__
++ linux_seed();
++#endif /* __linux__ */
+ if (RAND_status() != 1)
+ fatal("PRNG is not seeded");
+
+diff --git a/openbsd-compat/Makefile.in b/openbsd-compat/Makefile.in
+index b912dbe..9206337 100644
+--- a/openbsd-compat/Makefile.in
++++ b/openbsd-compat/Makefile.in
+@@ -20,6 +20,7 @@ OPENBSD=base64.o basename.o bcrypt_pbkdf.o bindresvport.o blowfish.o daemon.o di
+ port-solaris.o \
+ port-net.o \
+ port-uw.o \
++ port-linux-prng.o \
+ port-linux-sshd.o
+
+ .c.o:
+diff -up openssh-7.4p1/openbsd-compat/port-linux.h.entropy openssh-7.4p1/openbsd-compat/port-linux.h
+--- openssh-7.4p1/openbsd-compat/port-linux.h.entropy 2016-12-23 18:34:27.747753563 +0100
++++ openssh-7.4p1/openbsd-compat/port-linux.h 2016-12-23 18:34:27.769753570 +0100
+@@ -34,4 +34,6 @@ void oom_adjust_restore(void);
+ void oom_adjust_setup(void);
+ #endif
+
++void linux_seed(void);
++
+ #endif /* ! _PORT_LINUX_H */
+diff --git a/openbsd-compat/port-linux-prng.c b/openbsd-compat/port-linux-prng.c
+new file mode 100644
+index 0000000..92a617c
+--- /dev/null
++++ b/openbsd-compat/port-linux-prng.c
+@@ -0,0 +1,78 @@
++/*
++ * Copyright (c) 2011 - 2020 Red Hat, Inc.
++ *
++ * Authors:
++ * Jan F. Chadima <jchadima@redhat.com>
++ * Jakub Jelen <jjelen@redhat.com>
++ *
++ * Permission to use, copy, modify, and distribute this software for any
++ * purpose with or without fee is hereby granted, provided that the above
++ * copyright notice and this permission notice appear in all copies.
++ *
++ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
++ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
++ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
++ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
++ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
++ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
++ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
++ */
++
++/*
++ * Linux-specific portability code - prng support
++ */
++
++#include "includes.h"
++
++#include <errno.h>
++#include <string.h>
++#include <openssl/rand.h>
++#include <sys/random.h>
++
++#include "log.h"
++
++void
++linux_seed(void)
++{
++ char *env = NULL;
++ size_t randlen = 14, left;
++ unsigned int flags = 0;
++ unsigned char buf[256], *p;
++
++ env = getenv("SSH_USE_STRONG_RNG");
++ if (env && strcmp(env, "0") != 0) {
++ size_t ienv = atoi(env);
++
++ /* Max on buffer length */
++ if (ienv > sizeof(buf))
++ ienv = sizeof(buf);
++ /* Minimum is always 14 B */
++ if (ienv > randlen)
++ randlen = ienv;
++ flags = GRND_RANDOM;
++ }
++
++ errno = 0;
++ left = randlen;
++ p = buf;
++ do {
++ ssize_t len = getrandom(p, left, flags);
++ if (len == -1) {
++ if (errno != EINTR) {
++ if (flags) {
++ /* With the variable present, this is fatal error */
++ fatal("Failed to seed from getrandom: %s", strerror(errno));
++ } else {
++ /* Otherwise we log the issue drop out from here */
++ debug("Failed to seed from getrandom: %s", strerror(errno));
++ return;
++ }
++ }
++ } else if (len > 0) {
++ left -= len;
++ p += len;
++ }
++ } while (left > 0);
++
++ RAND_seed(buf, randlen);
++}
+diff --git a/ssh-add.1 b/ssh-add.1
+index 4812448..16305bf 100644
+--- a/ssh-add.1
++++ b/ssh-add.1
+@@ -161,6 +161,22 @@ to make this work.)
+ Identifies the path of a
+ .Ux Ns -domain
+ socket used to communicate with the agent.
++.It Ev SSH_USE_STRONG_RNG
++The reseeding of the OpenSSL random generator is usually done from
++.Cm getrandom(1)
++without any specific flags.
++If the
++.Cm SSH_USE_STRONG_RNG
++environment variable is set to value other than
++.Cm 0
++the OpenSSL random generator is reseeded from
++.Cm getrandom(1)
++with GRND_RANDOM flag specified.
++The number of bytes read is defined by the SSH_USE_STRONG_RNG value.
++Minimum is 14 bytes.
++This setting is not recommended on the computers without the hardware
++random generator because insufficient entropy causes the connection to
++be blocked until enough entropy is available.
+ .El
+ .Sh FILES
+ .Bl -tag -width Ds
+diff --git a/ssh-agent.1 b/ssh-agent.1
+index 281ecbd..1a9a635 100644
+--- a/ssh-agent.1
++++ b/ssh-agent.1
+@@ -201,6 +201,26 @@ sockets used to contain the connection to the authentication agent.
+ These sockets should only be readable by the owner.
+ The sockets should get automatically removed when the agent exits.
+ .El
++.Sh ENVIRONMENT
++.Bl -tag -width Ds -compact
++.Pp
++.It Pa SSH_USE_STRONG_RNG
++The reseeding of the OpenSSL random generator is usually done from
++.Cm getrandom(1)
++without any specific flags.
++If the
++.Cm SSH_USE_STRONG_RNG
++environment variable is set to value other than
++.Cm 0
++the OpenSSL random generator is reseeded from
++.Cm getrandom(1)
++with GRND_RANDOM flag specified.
++The number of bytes read is defined by the SSH_USE_STRONG_RNG value.
++Minimum is 14 bytes.
++This setting is not recommended on the computers without the hardware
++random generator because insufficient entropy causes the connection to
++be blocked until enough entropy is available.
++.El
+ .Sh SEE ALSO
+ .Xr ssh 1 ,
+ .Xr ssh-add 1 ,
+diff --git a/ssh-keygen.1 b/ssh-keygen.1
+index 12e00d4..1b51a4a 100644
+--- a/ssh-keygen.1
++++ b/ssh-keygen.1
+@@ -832,6 +832,26 @@ Contains Diffie-Hellman groups used for DH-GEX.
+ The file format is described in
+ .Xr moduli 5 .
+ .El
++.Sh ENVIRONMENT
++.Bl -tag -width Ds -compact
++.Pp
++.It Pa SSH_USE_STRONG_RNG
++The reseeding of the OpenSSL random generator is usually done from
++.Cm getrandom(1)
++without any specific flags.
++If the
++.Cm SSH_USE_STRONG_RNG
++environment variable is set to value other than
++.Cm 0
++the OpenSSL random generator is reseeded from
++.Cm getrandom(1)
++with GRND_RANDOM flag specified.
++The number of bytes read is defined by the SSH_USE_STRONG_RNG value.
++Minimum is 14 bytes.
++This setting is not recommended on the computers without the hardware
++random generator because insufficient entropy causes the connection to
++be blocked until enough entropy is available.
++.El
+ .Sh SEE ALSO
+ .Xr ssh 1 ,
+ .Xr ssh-add 1 ,
+diff --git a/ssh-keysign.8 b/ssh-keysign.8
+index 69d0829..02d79f8 100644
+--- a/ssh-keysign.8
++++ b/ssh-keysign.8
+@@ -80,6 +80,26 @@ must be set-uid root if host-based authentication is used.
+ If these files exist they are assumed to contain public certificate
+ information corresponding with the private keys above.
+ .El
++.Sh ENVIRONMENT
++.Bl -tag -width Ds -compact
++.Pp
++.It Pa SSH_USE_STRONG_RNG
++The reseeding of the OpenSSL random generator is usually done from
++.Cm getrandom(1)
++without any specific flags.
++If the
++.Cm SSH_USE_STRONG_RNG
++environment variable is set to value other than
++.Cm 0
++the OpenSSL random generator is reseeded from
++.Cm getrandom(1)
++with GRND_RANDOM flag specified.
++The number of bytes read is defined by the SSH_USE_STRONG_RNG value.
++Minimum is 14 bytes.
++This setting is not recommended on the computers without the hardware
++random generator because insufficient entropy causes the connection to
++be blocked until enough entropy is available.
++.El
+ .Sh SEE ALSO
+ .Xr ssh 1 ,
+ .Xr ssh-keygen 1 ,
+diff --git a/ssh.1 b/ssh.1
+index 929904b..f65e42f 100644
+--- a/ssh.1
++++ b/ssh.1
+@@ -1309,6 +1309,25 @@ For more information, see the
+ .Cm PermitUserEnvironment
+ option in
+ .Xr sshd_config 5 .
++.Bl -tag -width "SSH_ORIGINAL_COMMAND"
++.Pp
++.It Ev SSH_USE_STRONG_RNG
++The reseeding of the OpenSSL random generator is usually done from
++.Cm getrandom(1)
++without any specific flags.
++If the
++.Cm SSH_USE_STRONG_RNG
++environment variable is set to value other than
++.Cm 0
++the OpenSSL random generator is reseeded from
++.Cm getrandom(1)
++with GRND_RANDOM flag specified.
++The number of bytes read is defined by the SSH_USE_STRONG_RNG value.
++Minimum is 14 bytes.
++This setting is not recommended on the computers without the hardware
++random generator because insufficient entropy causes the connection to
++be blocked until enough entropy is available.
++.El
+ .Sh FILES
+ .Bl -tag -width Ds -compact
+ .It Pa ~/.rhosts
+diff --git a/sshd.8 b/sshd.8
+index c2c237f..058d37a 100644
+--- a/sshd.8
++++ b/sshd.8
+@@ -951,6 +951,26 @@ concurrently for different ports, this contains the process ID of the one
+ started last).
+ The content of this file is not sensitive; it can be world-readable.
+ .El
++.Sh ENVIRONMENT
++.Bl -tag -width Ds -compact
++.Pp
++.It Ev SSH_USE_STRONG_RNG
++The reseeding of the OpenSSL random generator is usually done from
++.Cm getrandom(1)
++without any specific flags.
++If the
++.Cm SSH_USE_STRONG_RNG
++environment variable is set to value other than
++.Cm 0
++the OpenSSL random generator is reseeded from
++.Cm getrandom(1)
++with GRND_RANDOM flag specified.
++The number of bytes read is defined by the SSH_USE_STRONG_RNG value.
++Minimum is 14 bytes.
++This setting is not recommended on the computers without the hardware
++random generator because insufficient entropy causes the connection to
++be blocked until enough entropy is available.
++.El
+ .Sh IPV6
+ IPv6 address can be used everywhere where IPv4 address. In all entries must be the IPv6 address enclosed in square brackets. Note: The square brackets are metacharacters for the shell and must be escaped in shell.
+ .Sh SEE ALSO
+
diff --git a/SOURCES/openssh-8.0p1-gssapi-keyex.patch b/SOURCES/openssh-8.0p1-gssapi-keyex.patch
index fe3e7a6..a8f2838 100644
--- a/SOURCES/openssh-8.0p1-gssapi-keyex.patch
+++ b/SOURCES/openssh-8.0p1-gssapi-keyex.patch
@@ -3265,7 +3265,7 @@ index 36180d07..70dd3665 100644
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
-@@ -61,10 +61,30 @@
+@@ -61,10 +61,34 @@
#define SSH_GSS_OIDTYPE 0x06
@@ -3285,8 +3285,12 @@ index 36180d07..70dd3665 100644
+#define KEX_GSS_C25519_SHA256_ID "gss-curve25519-sha256-"
+
+#define GSS_KEX_DEFAULT_KEX \
-+ KEX_GSS_GEX_SHA1_ID "," \
-+ KEX_GSS_GRP14_SHA1_ID
++ KEX_GSS_GRP14_SHA256_ID "," \
++ KEX_GSS_GRP16_SHA512_ID "," \
++ KEX_GSS_NISTP256_SHA256_ID "," \
++ KEX_GSS_C25519_SHA256_ID "," \
++ KEX_GSS_GRP14_SHA1_ID "," \
++ KEX_GSS_GEX_SHA1_ID
+
typedef struct {
char *filename;
@@ -3492,18 +3496,18 @@ index 41262963..c3c8b274 100644
+The list of key exchange algorithms that are offered for GSSAPI
+key exchange. Possible values are
+.Bd -literal -offset 3n
-+gss-gex-sha1-,
-+gss-group1-sha1-,
-+gss-group14-sha1-,
-+gss-group14-sha256-,
-+gss-group16-sha512-,
-+gss-nistp256-sha256-,
++gss-gex-sha1-
++gss-group1-sha1-
++gss-group14-sha1-
++gss-group14-sha256-
++gss-group16-sha512-
++gss-nistp256-sha256-
+gss-curve25519-sha256-
+.Ed
+.Pp
+The default is
-+.Dq gss-gex-sha1-,gss-group14-sha1- .
-+This option only applies to protocol version 2 connections using GSSAPI.
++.Dq gss-group14-sha256-,gss-group16-sha512-,gss-nistp256-sha256-,gss-curve25519-sha256-,gss-group14-sha1-,gss-gex-sha1- .
++This option only applies to connections using GSSAPI.
.It Cm HashKnownHosts
Indicates that
.Xr ssh 1
@@ -3532,7 +3536,7 @@ index dffee90b..0d0a6cb8 100644
xxx_host = host;
xxx_hostaddr = hostaddr;
-@@ -193,6 +196,35 @@ ssh_kex2(struct ssh *ssh, char *host, struct sockaddr *hostaddr, u_short port)
+@@ -193,6 +196,41 @@ ssh_kex2(struct ssh *ssh, char *host, struct sockaddr *hostaddr, u_short port)
order_hostkeyalgs(host, hostaddr, port));
}
@@ -3542,12 +3546,18 @@ index dffee90b..0d0a6cb8 100644
+ * client to the key exchange algorithm proposal */
+ orig = myproposal[PROPOSAL_KEX_ALGS];
+
-+ if (options.gss_server_identity)
++ if (options.gss_server_identity) {
+ gss_host = xstrdup(options.gss_server_identity);
-+ else if (options.gss_trust_dns)
++ } else if (options.gss_trust_dns) {
+ gss_host = remote_hostname(ssh);
-+ else
++ /* Fall back to specified host if we are using proxy command
++ * and can not use DNS on that socket */
++ if (strcmp(gss_host, "UNKNOWN") == 0) {
++ gss_host = xstrdup(host);
++ }
++ } else {
+ gss_host = xstrdup(host);
++ }
+
+ gss = ssh_gssapi_client_mechanisms(gss_host,
+ options.gss_client_identity, options.gss_kex_algorithms);
@@ -3636,18 +3646,24 @@ index dffee90b..0d0a6cb8 100644
{"gssapi-with-mic",
userauth_gssapi,
userauth_gssapi_cleanup,
-@@ -698,12 +766,23 @@ userauth_gssapi(struct ssh *ssh)
+@@ -698,12 +766,29 @@ userauth_gssapi(struct ssh *ssh)
OM_uint32 min;
int r, ok = 0;
gss_OID mech = NULL;
-+ char *gss_host;
++ char *gss_host = NULL;
+
-+ if (options.gss_server_identity)
++ if (options.gss_server_identity) {
+ gss_host = xstrdup(options.gss_server_identity);
-+ else if (options.gss_trust_dns)
++ } else if (options.gss_trust_dns) {
+ gss_host = remote_hostname(ssh);
-+ else
++ /* Fall back to specified host if we are using proxy command
++ * and can not use DNS on that socket */
++ if (strcmp(gss_host, "UNKNOWN") == 0) {
++ gss_host = xstrdup(authctxt->host);
++ }
++ } else {
+ gss_host = xstrdup(authctxt->host);
++ }
/* Try one GSSAPI method at a time, rather than sending them all at
* once. */
@@ -3874,18 +3890,18 @@ index b224f292..2baa6622 100644
+The list of key exchange algorithms that are accepted by GSSAPI
+key exchange. Possible values are
+.Bd -literal -offset 3n
-+gss-gex-sha1-,
-+gss-group1-sha1-,
-+gss-group14-sha1-,
-+gss-group14-sha256-,
-+gss-group16-sha512-,
-+gss-nistp256-sha256-,
++gss-gex-sha1-
++gss-group1-sha1-
++gss-group14-sha1-
++gss-group14-sha256-
++gss-group16-sha512-
++gss-nistp256-sha256-
+gss-curve25519-sha256-
+.Ed
+.Pp
+The default is
-+.Dq gss-gex-sha1-,gss-group14-sha1- .
-+This option only applies to protocol version 2 connections using GSSAPI.
++.Dq gss-group14-sha256-,gss-group16-sha512-,gss-nistp256-sha256-,gss-curve25519-sha256-,gss-group14-sha1-,gss-gex-sha1- .
++This option only applies to connections using GSSAPI.
.It Cm HostbasedAcceptedKeyTypes
Specifies the key types that will be accepted for hostbased authentication
as a list of comma-separated patterns.
diff --git a/SOURCES/openssh-8.0p1-keygen-sha2.patch b/SOURCES/openssh-8.0p1-keygen-sha2.patch
new file mode 100644
index 0000000..31927fa
--- /dev/null
+++ b/SOURCES/openssh-8.0p1-keygen-sha2.patch
@@ -0,0 +1,107 @@
+From 4a41d245d6b13bd3882c8dc058dbd2e2b39a9f67 Mon Sep 17 00:00:00 2001
+From: "djm@openbsd.org" <djm@openbsd.org>
+Date: Fri, 24 Jan 2020 00:27:04 +0000
+Subject: [PATCH] upstream: when signing a certificate with an RSA key, default
+ to
+
+a safe signature algorithm (rsa-sha-512) if not is explicitly specified by
+the user; ok markus@
+
+OpenBSD-Commit-ID: e05f638f0be6c0266e1d3d799716b461011e83a9
+---
+ ssh-keygen.c | 14 +++++++++-----
+ 1 file changed, 9 insertions(+), 5 deletions(-)
+
+diff --git a/ssh-keygen.c b/ssh-keygen.c
+index 564c3c481..f2192edb9 100644
+--- a/ssh-keygen.c
++++ b/ssh-keygen.c
+@@ -1788,10 +1788,14 @@ do_ca_sign(struct passwd *pw, const char *ca_key_path, int prefer_agent,
+ }
+ free(tmp);
+
+- if (key_type_name != NULL &&
+- sshkey_type_from_name(key_type_name) != ca->type) {
+- fatal("CA key type %s doesn't match specified %s",
+- sshkey_ssh_name(ca), key_type_name);
++ if (key_type_name != NULL) {
++ if (sshkey_type_from_name(key_type_name) != ca->type) {
++ fatal("CA key type %s doesn't match specified %s",
++ sshkey_ssh_name(ca), key_type_name);
++ }
++ } else if (ca->type == KEY_RSA) {
++ /* Default to a good signature algorithm */
++ key_type_name = "rsa-sha2-512";
+ }
+
+ for (i = 0; i < argc; i++) {
+
+From 476e3551b2952ef73acc43d995e832539bf9bc4d Mon Sep 17 00:00:00 2001
+From: "djm@openbsd.org" <djm@openbsd.org>
+Date: Mon, 20 May 2019 00:20:35 +0000
+Subject: [PATCH] upstream: When signing certificates with an RSA key, default
+ to
+
+using the rsa-sha2-512 signature algorithm. Certificates signed by RSA keys
+will therefore be incompatible with OpenSSH < 7.2 unless the default is
+overridden.
+
+Document the ability of the ssh-keygen -t flag to override the
+signature algorithm when signing certificates, and the new default.
+
+ok deraadt@
+
+OpenBSD-Commit-ID: 400c9c15013978204c2cb80f294b03ae4cfc8b95
+---
+ ssh-keygen.1 | 13 +++++++++++--
+ sshkey.c | 9 ++++++++-
+ 2 files changed, 19 insertions(+), 3 deletions(-)
+
+diff --git a/ssh-keygen.1 b/ssh-keygen.1
+index f29774249..673bf6e2f 100644
+--- a/ssh-keygen.1
++++ b/ssh-keygen.1
+@@ -35,7 +35,7 @@
+ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+ .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ .\"
+-.Dd $Mdocdate: March 5 2019 $
++.Dd $Mdocdate: May 20 2019 $
+ .Dt SSH-KEYGEN 1
+ .Os
+ .Sh NAME
+@@ -577,6 +577,15 @@ The possible values are
+ .Dq ed25519 ,
+ or
+ .Dq rsa .
++.Pp
++This flag may also be used to specify the desired signature type when
++signing certificates using a RSA CA key.
++The available RSA signature variants are
++.Dq ssh-rsa
++(SHA1 signatures, not recommended),
++.Dq rsa-sha2-256
++.Dq rsa-sha2-512
++(the default).
+ .It Fl U
+ When used in combination with
+ .Fl s ,
+diff --git a/sshkey.c b/sshkey.c
+index 9849cb237..379a579cf 100644
+--- a/sshkey.c
++++ b/sshkey.c
+@@ -2528,6 +2528,13 @@ sshkey_certify_custom(struct sshkey *k, struct sshkey *ca, const char *alg,
+ strcmp(alg, k->cert->signature_type) != 0)
+ return SSH_ERR_INVALID_ARGUMENT;
+
++ /*
++ * If no signing algorithm or signature_type was specified and we're
++ * using a RSA key, then default to a good signature algorithm.
++ */
++ if (alg == NULL && ca->type == KEY_RSA)
++ alg = "rsa-sha2-512";
++
+ if ((ret = sshkey_to_blob(ca, &ca_blob, &ca_len)) != 0)
+ return SSH_ERR_KEY_CERT_INVALID_SIGN_KEY;
+
+
diff --git a/SOURCES/openssh-8.0p1-keyscan-rsa-sha2.patch b/SOURCES/openssh-8.0p1-keyscan-rsa-sha2.patch
new file mode 100644
index 0000000..954ece9
--- /dev/null
+++ b/SOURCES/openssh-8.0p1-keyscan-rsa-sha2.patch
@@ -0,0 +1,33 @@
+From 7250879c72d28275a53f2f220e49646c3e42ef18 Mon Sep 17 00:00:00 2001
+From: "djm@openbsd.org" <djm@openbsd.org>
+Date: Fri, 12 Jul 2019 04:08:39 +0000
+Subject: [PATCH] upstream: include SHA2-variant RSA key algorithms in KEX
+ proposal;
+
+allows ssh-keyscan to harvest keys from servers that disable olde SHA1
+ssh-rsa. bz#3029 from Jakub Jelen
+
+OpenBSD-Commit-ID: 9f95ebf76a150c2f727ca4780fb2599d50bbab7a
+---
+ ssh-keyscan.c | 9 +++++++--
+ 1 file changed, 7 insertions(+), 2 deletions(-)
+
+diff --git a/ssh-keyscan.c b/ssh-keyscan.c
+index d95ba1b37..d383b57b9 100644
+--- a/ssh-keyscan.c
++++ b/ssh-keyscan.c
+@@ -233,7 +233,12 @@ keygrab_ssh2(con *c)
+ break;
+ case KT_RSA:
+ myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = get_cert ?
+- "ssh-rsa-cert-v01@openssh.com" : "ssh-rsa";
++ "rsa-sha2-512-cert-v01@openssh.com,"
++ "rsa-sha2-256-cert-v01@openssh.com,"
++ "ssh-rsa-cert-v01@openssh.com" :
++ "rsa-sha2-512,"
++ "rsa-sha2-256,"
++ "ssh-rsa";
+ break;
+ case KT_ED25519:
+ myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = get_cert ?
+
diff --git a/SOURCES/openssh-8.0p1-pkcs11-uri.patch b/SOURCES/openssh-8.0p1-pkcs11-uri.patch
index 8942dd2..a24dea6 100644
--- a/SOURCES/openssh-8.0p1-pkcs11-uri.patch
+++ b/SOURCES/openssh-8.0p1-pkcs11-uri.patch
@@ -2583,7 +2583,8 @@ index 70f06bff..59332945 100644
}
- if (p->nslots == 0) {
+ if (m->nslots == 0) {
- error("%s: provider %s returned no slots", __func__,
+- error("%s: provider %s returned no slots", __func__,
++ debug("%s: provider %s returned no slots", __func__,
- provider_id);
+ provider_module);
ret = -SSH_PKCS11_ERR_NO_SLOTS;
diff --git a/SOURCES/openssh-8.0p1-proxyjump-loops.patch b/SOURCES/openssh-8.0p1-proxyjump-loops.patch
new file mode 100644
index 0000000..578eff3
--- /dev/null
+++ b/SOURCES/openssh-8.0p1-proxyjump-loops.patch
@@ -0,0 +1,33 @@
+From de1f3564cd85915b3002859873a37cb8d31ac9ce Mon Sep 17 00:00:00 2001
+From: "dtucker@openbsd.org" <dtucker@openbsd.org>
+Date: Tue, 18 Feb 2020 08:49:49 +0000
+Subject: [PATCH] upstream: Detect and prevent simple configuration loops when
+ using
+
+ProxyJump. bz#3057, ok djm@
+
+OpenBSD-Commit-ID: 077d21c564c886c98309d871ed6f8ef267b9f037
+---
+ ssh.c | 10 +++++++++-
+ 1 file changed, 9 insertions(+), 1 deletion(-)
+
+diff --git a/ssh.c b/ssh.c
+index 15aee569e..a983a108b 100644
+--- a/ssh.c
++++ b/ssh.c
+@@ -1208,6 +1208,14 @@ main(int ac, char **av)
+ if (options.jump_host != NULL) {
+ char port_s[8];
+ const char *sshbin = argv0;
++ int port = options.port, jumpport = options.jump_port;
++
++ if (port <= 0)
++ port = default_ssh_port();
++ if (jumpport <= 0)
++ jumpport = default_ssh_port();
++ if (strcmp(options.jump_host, host) == 0 && port == jumpport)
++ fatal("jumphost loop via %s", options.jump_host);
+
+ /*
+ * Try to use SSH indicated by argv[0], but fall back to
+
diff --git a/SOURCES/openssh-8.0p1-rdomain.patch b/SOURCES/openssh-8.0p1-rdomain.patch
new file mode 100644
index 0000000..610c8b3
--- /dev/null
+++ b/SOURCES/openssh-8.0p1-rdomain.patch
@@ -0,0 +1,44 @@
+commit 5481d0b4036b33b92c372ee36258ed11bff57d5d
+Author: Jakub Jelen <jjelen@redhat.com>
+Date: Thu Feb 27 10:07:33 2020 +0100
+
+ Mark the RDomain configuration option unsupported on non-openbsd builds
+
+diff --git a/servconf.c b/servconf.c
+index db80e943..153d2525 100644
+--- a/servconf.c
++++ b/servconf.c
+@@ -698,7 +698,11 @@ static struct {
+ { "fingerprinthash", sFingerprintHash, SSHCFG_GLOBAL },
+ { "disableforwarding", sDisableForwarding, SSHCFG_ALL },
+ { "exposeauthinfo", sExposeAuthInfo, SSHCFG_ALL },
++#if defined(__OpenBSD__)
+ { "rdomain", sRDomain, SSHCFG_ALL },
++#else
++ { "rdomain", sUnsupported, SSHCFG_ALL },
++#endif
+ { "casignaturealgorithms", sCASignatureAlgorithms, SSHCFG_ALL },
+ { NULL, sBadOption, 0 }
+ };
+@@ -2841,7 +2845,9 @@ dump_config(ServerOptions *o)
+ o->hostkeyalgorithms : KEX_DEFAULT_PK_ALG);
+ dump_cfg_string(sPubkeyAcceptedKeyTypes, o->pubkey_key_types ?
+ o->pubkey_key_types : KEX_DEFAULT_PK_ALG);
++#if defined(__OpenBSD__)
+ dump_cfg_string(sRDomain, o->routing_domain);
++#endif
+
+ /* string arguments requiring a lookup */
+ dump_cfg_string(sLogLevel, log_level_name(o->log_level));
+diff --git a/sshd_config.5 b/sshd_config.5
+index 5dca8981..766e9b90 100644
+--- a/sshd_config.5
++++ b/sshd_config.5
+@@ -1542,6 +1542,7 @@ will be bound to this
+ If the routing domain is set to
+ .Cm \&%D ,
+ then the domain in which the incoming connection was received will be applied.
++This feature is available on OpenBSD only.
+ .It Cm SetEnv
+ Specifies one or more environment variables to set in child sessions started
+ by
diff --git a/SOURCES/openssh-8.0p1-x11-without-ipv6.patch b/SOURCES/openssh-8.0p1-x11-without-ipv6.patch
new file mode 100644
index 0000000..0623b47
--- /dev/null
+++ b/SOURCES/openssh-8.0p1-x11-without-ipv6.patch
@@ -0,0 +1,30 @@
+diff --git a/channels.c b/channels.c
+--- a/channels.c
++++ b/channels.c
+@@ -3933,16 +3933,26 @@ x11_create_display_inet(int x11_display_
+ if (ai->ai_family == AF_INET6)
+ sock_set_v6only(sock);
+ if (x11_use_localhost)
+ set_reuseaddr(sock);
+ if (bind(sock, ai->ai_addr, ai->ai_addrlen) < 0) {
+ debug2("%s: bind port %d: %.100s", __func__,
+ port, strerror(errno));
+ close(sock);
++
++ /* do not remove successfully opened
++ * sockets if the request failed because
++ * the protocol IPv4/6 is not available
++ * (e.g. IPv6 may be disabled while being
++ * supported)
++ */
++ if (EADDRNOTAVAIL == errno)
++ continue;
++
+ for (n = 0; n < num_socks; n++)
+ close(socks[n]);
+ num_socks = 0;
+ break;
+ }
+ socks[num_socks++] = sock;
+ if (num_socks == NUM_SOCKS)
+ break;
diff --git a/SOURCES/sshd.sysconfig b/SOURCES/sshd.sysconfig
index 6c2bff9..de7f0c6 100644
--- a/SOURCES/sshd.sysconfig
+++ b/SOURCES/sshd.sysconfig
@@ -6,6 +6,12 @@
# of DSA key or systemctl mask sshd-keygen@rsa.service to disable RSA key
# creation.
+# Do not change this option unless you have hardware random
+# generator and you REALLY know what you are doing
+
+SSH_USE_STRONG_RNG=0
+# SSH_USE_STRONG_RNG=1
+
# System-wide crypto policy:
# To opt-out, uncomment the following line
# CRYPTO_POLICY=
diff --git a/SPECS/openssh.spec b/SPECS/openssh.spec
index 6784355..feecf68 100644
--- a/SPECS/openssh.spec
+++ b/SPECS/openssh.spec
@@ -66,7 +66,7 @@
# Do not forget to bump pam_ssh_agent_auth release if you rewind the main package release to 1
%global openssh_ver 8.0p1
-%global openssh_rel 3
+%global openssh_rel 5
%global pam_ssh_agent_ver 0.10.3
%global pam_ssh_agent_rel 7
@@ -216,6 +216,20 @@ Patch963: openssh-8.0p1-openssl-evp.patch
Patch964: openssh-8.0p1-openssl-kdf.patch
# Use new OpenSSL for PEM export to avoid MD5 dependency (#1712436)
Patch965: openssh-8.0p1-openssl-pem.patch
+# Seed from dev/random if requested (#1785655)
+Patch966: openssh-8.0p1-entropy.patch
+# Unbreak ssh-keyscan RSA keys without SHA1 (#1744108)
+Patch967: openssh-8.0p1-keyscan-rsa-sha2.patch
+# Detect proxyJump loops in configuration files (#1804099)
+Patch968: openssh-8.0p1-proxyjump-loops.patch
+# ssh-keygen should default to SHA2-based signature algorithm (#1790610)
+Patch969: openssh-8.0p1-keygen-sha2.patch
+# RDomain is not suported on non-OpenBSD (#1807686)
+# https://bugzilla.mindrot.org/show_bug.cgi?id=3126
+Patch970: openssh-8.0p1-rdomain.patch
+# Do not fail X11 forwarding if IPv6 is disabled (#1662189)
+# https://bugzilla.mindrot.org/show_bug.cgi?id=2143
+Patch971: openssh-8.0p1-x11-without-ipv6.patch
License: BSD
Group: Applications/Internet
@@ -239,7 +253,6 @@ BuildRequires: autoconf, automake, perl-interpreter, perl-generators, zlib-devel
BuildRequires: audit-libs-devel >= 2.0.5
BuildRequires: util-linux, groff
BuildRequires: pam-devel
-BuildRequires: fipscheck-devel >= 1.3.0
BuildRequires: openssl-devel >= 0.9.8j
BuildRequires: perl-podlators
BuildRequires: systemd-devel
@@ -270,7 +283,6 @@ BuildRequires: gnupg2
Summary: An open source SSH client applications
Group: Applications/Internet
Requires: openssh = %{version}-%{release}
-Requires: fipscheck-lib%{_isa} >= 1.3.0
Requires: crypto-policies >= 20180306-1
%package server
@@ -279,7 +291,6 @@ Group: System Environment/Daemons
Requires: openssh = %{version}-%{release}
Requires(pre): /usr/sbin/useradd
Requires: pam >= 1.0.1-3
-Requires: fipscheck-lib%{_isa} >= 1.3.0
Requires: crypto-policies >= 20180306-1
%{?systemd_requires}
@@ -431,6 +442,12 @@ popd
%patch963 -p1 -b .openssl-evp
%patch964 -p1 -b .openssl-kdf
%patch965 -p1 -b .openssl-pem
+%patch966 -p1 -b .entropy
+%patch967 -p1 -b .keyscan
+%patch968 -p1 -b .proxyjump-loops
+%patch969 -p1 -b .keygen-sha2
+%patch970 -p1 -b .rdomain
+%patch971 -p1 -b .x11-ipv6
%patch200 -p1 -b .audit
%patch201 -p1 -b .audit-race
@@ -556,14 +573,6 @@ make
popd
%endif
-# Add generation of HMAC checksums of the final stripped binaries
-%global __spec_install_post \
- %%{?__debug_package:%%{__debug_install_post}} \
- %%{__arch_install_post} \
- %%{__os_install_post} \
- fipshmac -d $RPM_BUILD_ROOT%{_libdir}/fipscheck $RPM_BUILD_ROOT%{_bindir}/ssh $RPM_BUILD_ROOT%{_sbindir}/sshd \
-%{nil}
-
%check
#to run tests use "--with check"
%if %{?_with_check:1}%{!?_with_check:0}
@@ -582,7 +591,6 @@ rm -f $RPM_BUILD_ROOT%{_sysconfdir}/ssh/ldap.conf
install -d $RPM_BUILD_ROOT/etc/pam.d/
install -d $RPM_BUILD_ROOT/etc/sysconfig/
install -d $RPM_BUILD_ROOT%{_libexecdir}/openssh
-install -d $RPM_BUILD_ROOT%{_libdir}/fipscheck
install -m644 %{SOURCE2} $RPM_BUILD_ROOT/etc/pam.d/sshd
install -m644 %{SOURCE6} $RPM_BUILD_ROOT/etc/pam.d/ssh-keycat
install -m644 %{SOURCE7} $RPM_BUILD_ROOT/etc/sysconfig/sshd
@@ -653,7 +661,6 @@ getent passwd sshd >/dev/null || \
%files clients
%attr(0755,root,root) %{_bindir}/ssh
-%attr(0644,root,root) %{_libdir}/fipscheck/ssh.hmac
%attr(0644,root,root) %{_mandir}/man1/ssh.1*
%attr(0755,root,root) %{_bindir}/scp
%attr(0644,root,root) %{_mandir}/man1/scp.1*
@@ -680,7 +687,6 @@ getent passwd sshd >/dev/null || \
%files server
%dir %attr(0711,root,root) %{_var}/empty/sshd
%attr(0755,root,root) %{_sbindir}/sshd
-%attr(0644,root,root) %{_libdir}/fipscheck/sshd.hmac
%attr(0755,root,root) %{_libexecdir}/openssh/sftp-server
%attr(0755,root,root) %{_libexecdir}/openssh/sshd-keygen
%attr(0644,root,root) %{_mandir}/man5/sshd_config.5*
@@ -733,6 +739,24 @@ getent passwd sshd >/dev/null || \
%endif
%changelog
+* Tue Mar 24 2020 Jakub Jelen <jjelen@redhat.com> - 8.0p1-5 + 0.10.3-7
+- Do not print "no slots" warning by default (#1744220)
+- Unbreak connecting using gssapi through proxy commands (#1749862)
+- Document in manual pages that CASignatureAlgorithms are handled by crypto policies (#1790604)
+- Use SHA2-based signature algorithms by default for signing certificates (#1790610)
+- Prevent simple ProxyJump loops in configuration files (#1804099)
+- Teach ssh-keyscan to use SHA2 RSA variants (#1744108)
+- Do not fail hard if getrandom() is not available and no SSH_USE_STRONG_RNG is specified (#1812120)
+- Improve wording of crypto policies references in manual pages (#1812854)
+- Do not break X11 forwarding if IPv6 is disabled (#1662189)
+- Enable SHA2-based GSSAPI key exchange algorithms by default (#1816226)
+- Mark RDomain server configuration option unsupported in RHEL (#1807686)
+- Clarify crypto policies defaults in manual pages (#1724195)
+- Mention RSA SHA2 variants in ssh-keygen manual page (#1665900)
+
+* Wed Jan 08 2020 Jakub Jelen <jjelen@redhat.com> - 8.0p1-4 + 0.10.3-7
+- Restore entropy patch for CC certification (#1785655)
+
* Tue Jul 23 2019 Jakub Jelen <jjelen@redhat.com> - 8.0p1-3 + 0.10.3-7
- Fix typos in manual pages (#1668325)
- Use the upstream support for PKCS#8 PEM files alongside with the legacy PEM files (#1712436)