import openssh-8.0p1-16.el8

2022-11-08 02:03:27 -05:00 · 2022-11-08 02:03:27 -05:00 · d538637397
commit d538637397
parent d7c51ce412
8 changed files with 519 additions and 21 deletions
--- a/SOURCES/openssh-6.7p1-sftp-force-permission.patch
+++ b/SOURCES/openssh-6.7p1-sftp-force-permission.patch
@ -1,6 +1,6 @@
-diff -up openssh-7.2p2/sftp-server.8.sftp-force-mode openssh-7.2p2/sftp-server.8
+diff --color -ru a/sftp-server.8 b/sftp-server.8
--- openssh-7.2p2/sftp-server.8.sftp-force-mode	2016-03-09 19:04:48.000000000 +0100
+--- a/sftp-server.8	2019-04-18 00:52:57.000000000 +0200
-+++ openssh-7.2p2/sftp-server.8	2016-06-23 16:18:20.463854117 +0200
+++ b/sftp-server.8	2022-06-20 16:03:47.892540068 +0200
@@ -38,6 +38,7 @@
 .Op Fl P Ar blacklisted_requests
 .Op Fl p Ar whitelisted_requests
@ -9,21 +9,23 @@ diff -up openssh-7.2p2/sftp-server.8.sftp-force-mode openssh-7.2p2/sftp-server.8
 .Ek
 .Nm
 .Fl Q Ar protocol_feature
-@@ -138,6 +139,10 @@ Sets an explicit
+@@ -138,6 +139,12 @@
 .Xr umask 2
 to be applied to newly-created files and directories, instead of the
 user's default mask.
 +.It Fl m Ar force_file_perms
 +Sets explicit file permissions to be applied to newly-created files instead
 +of the default or client requested mode.  Numeric values include:
-+777, 755, 750, 666, 644, 640, etc.  Option -u is ineffective if -m is set.
+777, 755, 750, 666, 644, 640, etc.  Using both -m and -u switches makes the
 +umask (-u) effective only for newly created directories and explicit mode (-m)
 +for newly created files.
 .El
 .Pp
 On some systems,
-diff -up openssh-7.2p2/sftp-server.c.sftp-force-mode openssh-7.2p2/sftp-server.c
+diff --color -ru a/sftp-server.c b/sftp-server.c
--- openssh-7.2p2/sftp-server.c.sftp-force-mode	2016-06-23 16:18:20.446854128 +0200
+--- a/sftp-server.c	2022-06-20 16:01:26.183793633 +0200
-+++ openssh-7.2p2/sftp-server.c	2016-06-23 16:20:37.950766082 +0200
+++ b/sftp-server.c	2022-06-20 16:02:12.442690608 +0200
-@@ -69,6 +69,10 @@ struct sshbuf *oqueue;
+@@ -65,6 +65,10 @@
 /* Version of client */
 static u_int version;
@ -34,7 +36,7 @@ diff -up openssh-7.2p2/sftp-server.c.sftp-force-mode openssh-7.2p2/sftp-server.c
 /* SSH2_FXP_INIT received */
 static int init_done;
-@@ -683,6 +687,7 @@ process_open(u_int32_t id)
+@@ -683,6 +687,7 @@
 	Attrib a;
 	char *name;
 	int r, handle, fd, flags, mode, status = SSH2_FX_FAILURE;
@ -42,7 +44,7 @@ diff -up openssh-7.2p2/sftp-server.c.sftp-force-mode openssh-7.2p2/sftp-server.c
 	if ((r = sshbuf_get_cstring(iqueue, &name, NULL)) != 0 ||
 	    (r = sshbuf_get_u32(iqueue, &pflags)) != 0 || /* portable flags */
-@@ -692,6 +697,10 @@ process_open(u_int32_t id)
+@@ -692,6 +697,10 @@
 	debug3("request %u: open flags %d", id, pflags);
 	flags = flags_from_portable(pflags);
 	mode = (a.flags & SSH2_FILEXFER_ATTR_PERMISSIONS) ? a.perm : 0666;
@ -53,7 +55,7 @@ diff -up openssh-7.2p2/sftp-server.c.sftp-force-mode openssh-7.2p2/sftp-server.c
 	logit("open \"%s\" flags %s mode 0%o",
 	    name, string_from_portable(pflags), mode);
 	if (readonly &&
-@@ -713,6 +722,8 @@ process_open(u_int32_t id)
+@@ -713,6 +722,8 @@
 			}
 		}
 	}
@ -62,7 +64,7 @@ diff -up openssh-7.2p2/sftp-server.c.sftp-force-mode openssh-7.2p2/sftp-server.c
 	if (status != SSH2_FX_OK)
 		send_status(id, status);
 	free(name);
-@@ -1494,7 +1505,7 @@ sftp_server_usage(void)
+@@ -1555,7 +1566,7 @@
 	fprintf(stderr,
 	    "usage: %s [-ehR] [-d start_directory] [-f log_facility] "
 	    "[-l log_level]\n\t[-P blacklisted_requests] "
@ -71,7 +73,7 @@ diff -up openssh-7.2p2/sftp-server.c.sftp-force-mode openssh-7.2p2/sftp-server.c
 	    "       %s -Q protocol_feature\n",
 	    __progname, __progname);
 	exit(1);
-@@ -1520,7 +1531,7 @@ sftp_server_main(int argc, char **argv,
+@@ -1581,7 +1592,7 @@
 	pw = pwcopy(user_pw);
 	while (!skipargs && (ch = getopt(argc, argv,
@ -80,7 +82,7 @@ diff -up openssh-7.2p2/sftp-server.c.sftp-force-mode openssh-7.2p2/sftp-server.c
 		switch (ch) {
 		case 'Q':
 			if (strcasecmp(optarg, "requests") != 0) {
-@@ -1580,6 +1591,15 @@ sftp_server_main(int argc, char **argv,
+@@ -1643,6 +1654,15 @@
 				fatal("Invalid umask \"%s\"", optarg);
 			(void)umask((mode_t)mask);
 			break;
--- a/SOURCES/openssh-7.7p1-fips.patch
+++ b/SOURCES/openssh-7.7p1-fips.patch
@ -32,7 +32,7 @@ diff -up openssh-7.9p1/dh.c.fips openssh-7.9p1/dh.c
 	struct dhgroup dhg;
 +	if (FIPS_mode()) {
-+		logit("Using arbitrary primes is not allowed in FIPS mode."
+		verbose("Using arbitrary primes is not allowed in FIPS mode."
 +		    " Falling back to known groups.");
 +		return (dh_new_group_fallback(max));
 +	}
--- a/SOURCES/openssh-7.8p1-UsePAM-warning.patch
+++ b/SOURCES/openssh-7.8p1-UsePAM-warning.patch
@ -5,9 +5,9 @@ diff --git a/sshd.c b/sshd.c
 	parse_server_config(&options, rexeced_flag ? "rexec" : config_file_name,
 	    cfg, NULL);
-+	/* 'UsePAM no' is not supported in Fedora */
+	/* 'UsePAM no' is not supported in RHEL */
 +	if (! options.use_pam)
-+		logit("WARNING: 'UsePAM no' is not supported in Fedora and may cause several problems.");
+		logit("WARNING: 'UsePAM no' is not supported in RHEL and may cause several problems.");
 +
 	/* Fill in default values for those options not explicitly set. */
 	fill_default_server_options(&options);
@ -19,7 +19,7 @@ diff --git a/sshd_config b/sshd_config
 # If you just want the PAM account and session checks to run without
 # PAM authentication, then enable this but set PasswordAuthentication
 # and ChallengeResponseAuthentication to 'no'.
-+# WARNING: 'UsePAM no' is not supported in Fedora and may cause several
+# WARNING: 'UsePAM no' is not supported in RHEL and may cause several
 +# problems.
 UsePAM yes
--- a/SOURCES/openssh-8.0p1-crypto-policy-doc.patch
+++ b/SOURCES/openssh-8.0p1-crypto-policy-doc.patch
@ -0,0 +1,25 @@
 diff --color -ru a/sshd.8 b/sshd.8
 --- a/sshd.8	2022-05-31 13:39:10.231843926 +0200
 +++ b/sshd.8	2022-05-31 14:34:01.460815420 +0200
@@ -78,6 +78,7 @@
 .Xr sshd_config 5 ) ;
 command-line options override values specified in the
 configuration file.
 +This mechanism is used by systemd to apply system-wide crypto-policies to ssh server.
 .Nm
 rereads its configuration file when it receives a hangup signal,
 .Dv SIGHUP ,
@@ -207,6 +208,13 @@
 rules may be applied by specifying the connection parameters using one or more
 .Fl C
 options.
 +The configuration does not contain the system-wide crypto-policy configuration.
 +To show the most accurate runtime configuration, use:
 +.Bd -literal -offset 3n
 +source /etc/crypto-policies/back-ends/opensshserver.config
 +source /etc/sysconfig/sshd
 +sshd -T $OPTIONS $CRYPTO_POLICY
 +.Ed
 .It Fl t
 Test mode.
 Only check the validity of the configuration file and sanity of the keys.
--- a/SOURCES/openssh-8.0p1-sftp-realpath.patch
+++ b/SOURCES/openssh-8.0p1-sftp-realpath.patch
@ -0,0 +1,273 @@
 diff --color -ruN a/Makefile.in b/Makefile.in
 --- a/Makefile.in	2022-06-23 11:31:10.168186838 +0200
 +++ b/Makefile.in	2022-06-23 11:32:19.146513347 +0200
@@ -125,7 +125,7 @@
 	monitor.o monitor_wrap.o auth-krb5.o \
 	auth2-gss.o gss-serv.o gss-serv-krb5.o kexgsss.o \
 	loginrec.o auth-pam.o auth-shadow.o auth-sia.o md5crypt.o \
 -	sftp-server.o sftp-common.o \
 +	sftp-server.o sftp-common.o sftp-realpath.o \
 	sandbox-null.o sandbox-rlimit.o sandbox-systrace.o sandbox-darwin.o \
 	sandbox-seccomp-filter.o sandbox-capsicum.o sandbox-pledge.o \
 	sandbox-solaris.o uidswap.o
@@ -217,8 +217,8 @@
 ssh-keyscan$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-keyscan.o
 	$(LD) -o $@ ssh-keyscan.o $(LDFLAGS) -lssh -lopenbsd-compat -lssh $(LIBS)
 -sftp-server$(EXEEXT): $(LIBCOMPAT) libssh.a sftp.o sftp-common.o sftp-server.o sftp-server-main.o
 -	$(LD) -o $@ sftp-server.o sftp-common.o sftp-server-main.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS)
 +sftp-server$(EXEEXT): $(LIBCOMPAT) libssh.a sftp.o sftp-common.o sftp-realpath.o sftp-server.o sftp-server-main.o
 +	$(LD) -o $@ sftp-server.o sftp-common.o sftp-realpath.o sftp-server-main.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS)
 sftp$(EXEEXT): $(LIBCOMPAT) libssh.a sftp.o sftp-client.o sftp-common.o sftp-glob.o progressmeter.o
 	$(LD) -o $@ progressmeter.o sftp.o sftp-client.o sftp-common.o sftp-glob.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS) $(LIBEDIT)
 diff --color -ruN a/sftp-realpath.c b/sftp-realpath.c
 --- a/sftp-realpath.c	1970-01-01 01:00:00.000000000 +0100
 +++ b/sftp-realpath.c	2022-06-23 11:35:33.193244873 +0200
@@ -0,0 +1,225 @@
 +/*	$OpenBSD: sftp-realpath.c,v 1.2 2021/09/02 21:03:54 deraadt Exp $ */
 +/*
 + * Copyright (c) 2003 Constantin S. Svintsoff <kostik@iclub.nsu.ru>
 + *
 + * Redistribution and use in source and binary forms, with or without
 + * modification, are permitted provided that the following conditions
 + * are met:
 + * 1. Redistributions of source code must retain the above copyright
 + *    notice, this list of conditions and the following disclaimer.
 + * 2. Redistributions in binary form must reproduce the above copyright
 + *    notice, this list of conditions and the following disclaimer in the
 + *    documentation and/or other materials provided with the distribution.
 + * 3. The names of the authors may not be used to endorse or promote
 + *    products derived from this software without specific prior written
 + *    permission.
 + *
 + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
 + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
 + * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
 + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
 + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
 + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
 + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
 + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 + * SUCH DAMAGE.
 + */
 +
 +#include "includes.h"
 +
 +#include <sys/types.h>
 +#include <sys/stat.h>
 +
 +#include <errno.h>
 +#include <stdlib.h>
 +#include <stddef.h>
 +#include <string.h>
 +#include <unistd.h>
 +#include <limits.h>
 +
 +#ifndef SYMLOOP_MAX
 +# define SYMLOOP_MAX 32
 +#endif
 +
 +/* XXX rewrite sftp-server to use POSIX realpath and remove this hack */
 +
 +char *sftp_realpath(const char *path, char *resolved);
 +
 +/*
 + * char *realpath(const char *path, char resolved[PATH_MAX]);
 + *
 + * Find the real name of path, by removing all ".", ".." and symlink
 + * components.  Returns (resolved) on success, or (NULL) on failure,
 + * in which case the path which caused trouble is left in (resolved).
 + */
 +char *
 +sftp_realpath(const char *path, char *resolved)
 +{
 +	struct stat sb;
 +	char *p, *q, *s;
 +	size_t left_len, resolved_len;
 +	unsigned symlinks;
 +	int serrno, slen, mem_allocated;
 +	char left[PATH_MAX], next_token[PATH_MAX], symlink[PATH_MAX];
 +
 +	if (path[0] == '\0') {
 +		errno = ENOENT;
 +		return (NULL);
 +	}
 +
 +	serrno = errno;
 +
 +	if (resolved == NULL) {
 +		resolved = malloc(PATH_MAX);
 +		if (resolved == NULL)
 +			return (NULL);
 +		mem_allocated = 1;
 +	} else
 +		mem_allocated = 0;
 +
 +	symlinks = 0;
 +	if (path[0] == '/') {
 +		resolved[0] = '/';
 +		resolved[1] = '\0';
 +		if (path[1] == '\0')
 +			return (resolved);
 +		resolved_len = 1;
 +		left_len = strlcpy(left, path + 1, sizeof(left));
 +	} else {
 +		if (getcwd(resolved, PATH_MAX) == NULL) {
 +			if (mem_allocated)
 +				free(resolved);
 +			else
 +				strlcpy(resolved, ".", PATH_MAX);
 +			return (NULL);
 +		}
 +		resolved_len = strlen(resolved);
 +		left_len = strlcpy(left, path, sizeof(left));
 +	}
 +	if (left_len >= sizeof(left) || resolved_len >= PATH_MAX) {
 +		errno = ENAMETOOLONG;
 +		goto err;
 +	}
 +
 +	/*
 +	 * Iterate over path components in `left'.
 +	 */
 +	while (left_len != 0) {
 +		/*
 +		 * Extract the next path component and adjust `left'
 +		 * and its length.
 +		 */
 +		p = strchr(left, '/');
 +		s = p ? p : left + left_len;
 +		if (s - left >= (ptrdiff_t)sizeof(next_token)) {
 +			errno = ENAMETOOLONG;
 +			goto err;
 +		}
 +		memcpy(next_token, left, s - left);
 +		next_token[s - left] = '\0';
 +		left_len -= s - left;
 +		if (p != NULL)
 +			memmove(left, s + 1, left_len + 1);
 +		if (resolved[resolved_len - 1] != '/') {
 +			if (resolved_len + 1 >= PATH_MAX) {
 +				errno = ENAMETOOLONG;
 +				goto err;
 +			}
 +			resolved[resolved_len++] = '/';
 +			resolved[resolved_len] = '\0';
 +		}
 +		if (next_token[0] == '\0')
 +			continue;
 +		else if (strcmp(next_token, ".") == 0)
 +			continue;
 +		else if (strcmp(next_token, "..") == 0) {
 +			/*
 +			 * Strip the last path component except when we have
 +			 * single "/"
 +			 */
 +			if (resolved_len > 1) {
 +				resolved[resolved_len - 1] = '\0';
 +				q = strrchr(resolved, '/') + 1;
 +				*q = '\0';
 +				resolved_len = q - resolved;
 +			}
 +			continue;
 +		}
 +
 +		/*
 +		 * Append the next path component and lstat() it. If
 +		 * lstat() fails we still can return successfully if
 +		 * there are no more path components left.
 +		 */
 +		resolved_len = strlcat(resolved, next_token, PATH_MAX);
 +		if (resolved_len >= PATH_MAX) {
 +			errno = ENAMETOOLONG;
 +			goto err;
 +		}
 +		if (lstat(resolved, &sb) != 0) {
 +			if (errno == ENOENT && p == NULL) {
 +				errno = serrno;
 +				return (resolved);
 +			}
 +			goto err;
 +		}
 +		if (S_ISLNK(sb.st_mode)) {
 +			if (symlinks++ > SYMLOOP_MAX) {
 +				errno = ELOOP;
 +				goto err;
 +			}
 +			slen = readlink(resolved, symlink, sizeof(symlink) - 1);
 +			if (slen < 0)
 +				goto err;
 +			symlink[slen] = '\0';
 +			if (symlink[0] == '/') {
 +				resolved[1] = 0;
 +				resolved_len = 1;
 +			} else if (resolved_len > 1) {
 +				/* Strip the last path component. */
 +				resolved[resolved_len - 1] = '\0';
 +				q = strrchr(resolved, '/') + 1;
 +				*q = '\0';
 +				resolved_len = q - resolved;
 +			}
 +
 +			/*
 +			 * If there are any path components left, then
 +			 * append them to symlink. The result is placed
 +			 * in `left'.
 +			 */
 +			if (p != NULL) {
 +				if (symlink[slen - 1] != '/') {
 +					if (slen + 1 >=
 +					    (ptrdiff_t)sizeof(symlink)) {
 +						errno = ENAMETOOLONG;
 +						goto err;
 +					}
 +					symlink[slen] = '/';
 +					symlink[slen + 1] = 0;
 +				}
 +				left_len = strlcat(symlink, left, sizeof(symlink));
 +				if (left_len >= sizeof(symlink)) {
 +					errno = ENAMETOOLONG;
 +					goto err;
 +				}
 +			}
 +			left_len = strlcpy(left, symlink, sizeof(left));
 +		}
 +	}
 +
 +	/*
 +	 * Remove trailing slash except when the resolved pathname
 +	 * is a single "/".
 +	 */
 +	if (resolved_len > 1 && resolved[resolved_len - 1] == '/')
 +		resolved[resolved_len - 1] = '\0';
 +	return (resolved);
 +
 +err:
 +	if (mem_allocated)
 +		free(resolved);
 +	return (NULL);
 +}
 diff --color -ruN a/sftp-server.c b/sftp-server.c
 --- a/sftp-server.c	2022-06-23 11:31:10.147186434 +0200
 +++ b/sftp-server.c	2022-06-23 11:32:19.147513366 +0200
@@ -51,6 +51,8 @@
 #include "sftp.h"
 #include "sftp-common.h"
 +char *sftp_realpath(const char *, char *); /* sftp-realpath.c */
 +
 /* Our verbosity */
 static LogLevel log_level = SYSLOG_LEVEL_ERROR;
@@ -1185,7 +1187,7 @@
 	}
 	debug3("request %u: realpath", id);
 	verbose("realpath \"%s\"", path);
 -	if (realpath(path, resolvedname) == NULL) {
 +	if (sftp_realpath(path, resolvedname) == NULL) {
 		send_status(id, errno_to_portable(errno));
 	} else {
 		Stat s;
--- a/SOURCES/openssh-8.0p1-sshd_include.patch
+++ b/SOURCES/openssh-8.0p1-sshd_include.patch
@ -779,7 +779,7 @@ diff -up openssh-8.0p1/sshd.c.sshdinclude openssh-8.0p1/sshd.c
 -	    cfg, NULL);
 +	    cfg, &includes, NULL);
- 	/* 'UsePAM no' is not supported in Fedora */
+ 	/* 'UsePAM no' is not supported in RHEL */
 	if (! options.use_pam)
@@ -1946,7 +1978,7 @@ main(int ac, char **av)
 		if (connection_info == NULL)
--- a/SOURCES/openssh-8.7p1-minimize-sha1-use.patch
+++ b/SOURCES/openssh-8.7p1-minimize-sha1-use.patch
@ -0,0 +1,166 @@
 diff --color -ru a/kex.c b/kex.c
 --- a/kex.c	2022-06-23 10:25:29.529922670 +0200
 +++ b/kex.c	2022-06-23 10:26:12.911762100 +0200
@@ -906,6 +906,18 @@
 	return (1);
 }
 +/* returns non-zero if proposal contains any algorithm from algs */
 +static int
 +has_any_alg(const char *proposal, const char *algs)
 +{
 +	char *cp;
 +
 +	if ((cp = match_list(proposal, algs, NULL)) == NULL)
 +		return 0;
 +	free(cp);
 +	return 1;
 +}
 +
 static int
 kex_choose_conf(struct ssh *ssh)
 {
@@ -941,6 +953,16 @@
 		free(ext);
 	}
 +	/* Check whether client supports rsa-sha2 algorithms */
 +	if (kex->server && (kex->flags & KEX_INITIAL)) {
 +		if (has_any_alg(peer[PROPOSAL_SERVER_HOST_KEY_ALGS],
 +		    "rsa-sha2-256,rsa-sha2-256-cert-v01@openssh.com"))
 +			kex->flags |= KEX_RSA_SHA2_256_SUPPORTED;
 +		if (has_any_alg(peer[PROPOSAL_SERVER_HOST_KEY_ALGS],
 +		    "rsa-sha2-512,rsa-sha2-512-cert-v01@openssh.com"))
 +			kex->flags |= KEX_RSA_SHA2_512_SUPPORTED;
 +	}
 +
 	/* Algorithm Negotiation */
 	if ((r = choose_kex(kex, cprop[PROPOSAL_KEX_ALGS],
 	    sprop[PROPOSAL_KEX_ALGS])) != 0) {
 diff --color -ru a/kex.h b/kex.h
 --- a/kex.h	2022-06-23 10:25:29.511922322 +0200
 +++ b/kex.h	2022-06-23 10:26:12.902761926 +0200
@@ -117,6 +117,8 @@
 #define KEX_INIT_SENT	0x0001
 #define KEX_INITIAL	0x0002
 +#define KEX_RSA_SHA2_256_SUPPORTED 	0x0008 /* only set in server for now */
 +#define KEX_RSA_SHA2_512_SUPPORTED 	0x0010 /* only set in server for now */
 struct sshenc {
 	char	*name;
 diff --color -ru a/serverloop.c b/serverloop.c
 --- a/serverloop.c	2022-06-23 10:25:29.537922825 +0200
 +++ b/serverloop.c	2022-06-23 10:26:12.918762235 +0200
@@ -736,16 +736,17 @@
 	struct sshbuf *resp = NULL;
 	struct sshbuf *sigbuf = NULL;
 	struct sshkey *key = NULL, *key_pub = NULL, *key_prv = NULL;
 -	int r, ndx, kexsigtype, use_kexsigtype, success = 0;
 +	int r, ndx, success = 0;
 	const u_char *blob;
 +	const char *sigalg, *kex_rsa_sigalg = NULL;
 	u_char *sig = 0;
 	size_t blen, slen;
 	if ((resp = sshbuf_new()) == NULL || (sigbuf = sshbuf_new()) == NULL)
 		fatal("%s: sshbuf_new", __func__);
 -
 -	kexsigtype = sshkey_type_plain(
 -	    sshkey_type_from_name(ssh->kex->hostkey_alg));
 +	if (sshkey_type_plain(sshkey_type_from_name(
 +	    ssh->kex->hostkey_alg)) == KEY_RSA)
 +		kex_rsa_sigalg = ssh->kex->hostkey_alg;
 	while (ssh_packet_remaining(ssh) > 0) {
 		sshkey_free(key);
 		key = NULL;
@@ -780,16 +781,24 @@
 		 * For RSA keys, prefer to use the signature type negotiated
 		 * during KEX to the default (SHA1).
 		 */
 -		use_kexsigtype = kexsigtype == KEY_RSA &&
 -		    sshkey_type_plain(key->type) == KEY_RSA;
 +		sigalg = NULL;
 +		if (sshkey_type_plain(key->type) == KEY_RSA) {
 +			if (kex_rsa_sigalg != NULL)
 +				sigalg = kex_rsa_sigalg;
 +			else if (ssh->kex->flags & KEX_RSA_SHA2_512_SUPPORTED)
 +				sigalg = "rsa-sha2-512";
 +			else if (ssh->kex->flags & KEX_RSA_SHA2_256_SUPPORTED)
 +				sigalg = "rsa-sha2-256";
 +		}
 +		debug3("%s: sign %s key (index %d) using sigalg %s", __func__,
 +			sshkey_type(key), ndx, sigalg == NULL ? "default" : sigalg);
 		if ((r = sshbuf_put_cstring(sigbuf,
 		    "hostkeys-prove-00@openssh.com")) != 0 ||
 		    (r = sshbuf_put_string(sigbuf,
 		    ssh->kex->session_id, ssh->kex->session_id_len)) != 0 ||
 		    (r = sshkey_puts(key, sigbuf)) != 0 ||
 		    (r = ssh->kex->sign(ssh, key_prv, key_pub, &sig, &slen,
 -		    sshbuf_ptr(sigbuf), sshbuf_len(sigbuf),
 -		    use_kexsigtype ? ssh->kex->hostkey_alg : NULL)) != 0 ||
 +		    sshbuf_ptr(sigbuf), sshbuf_len(sigbuf), sigalg)) != 0 ||
 		    (r = sshbuf_put_string(resp, sig, slen)) != 0) {
 			error("%s: couldn't prepare signature: %s",
 			    __func__, ssh_err(r));
 diff --color -ru a/sshkey.c b/sshkey.c
 --- a/sshkey.c	2022-06-23 10:25:29.532922728 +0200
 +++ b/sshkey.c	2022-06-23 10:26:12.914762158 +0200
@@ -82,7 +82,6 @@
     struct sshbuf *buf, enum sshkey_serialize_rep);
 static int sshkey_from_blob_internal(struct sshbuf *buf,
     struct sshkey **keyp, int allow_cert);
 -static int get_sigtype(const u_char *sig, size_t siglen, char **sigtypep);
 /* Supported key types */
 struct keytype {
@@ -2092,7 +2091,8 @@
 	if ((ret = sshkey_verify(key->cert->signature_key, sig, slen,
 	    sshbuf_ptr(key->cert->certblob), signed_len, NULL, 0)) != 0)
 		goto out;
 -	if ((ret = get_sigtype(sig, slen, &key->cert->signature_type)) != 0)
 +	if ((ret = sshkey_get_sigtype(sig, slen,
 +	    &key->cert->signature_type)) != 0)
 		goto out;
 	/* Success */
@@ -2394,8 +2394,8 @@
 	return r;
 }
 -static int
 -get_sigtype(const u_char *sig, size_t siglen, char **sigtypep)
 +int
 +sshkey_get_sigtype(const u_char *sig, size_t siglen, char **sigtypep)
 {
 	int r;
 	struct sshbuf *b = NULL;
@@ -2477,7 +2477,7 @@
 		return 0;
 	if ((expected_alg = sshkey_sigalg_by_name(requested_alg)) == NULL)
 		return SSH_ERR_INVALID_ARGUMENT;
 -	if ((r = get_sigtype(sig, siglen, &sigtype)) != 0)
 +	if ((r = sshkey_get_sigtype(sig, siglen, &sigtype)) != 0)
 		return r;
 	r = strcmp(expected_alg, sigtype) == 0;
 	free(sigtype);
@@ -2739,7 +2739,7 @@
 	    sshbuf_len(cert), alg, 0, signer_ctx)) != 0)
 		goto out;
 	/* Check and update signature_type against what was actually used */
 -	if ((ret = get_sigtype(sig_blob, sig_len, &sigtype)) != 0)
 +	if ((ret = sshkey_get_sigtype(sig_blob, sig_len, &sigtype)) != 0)
 		goto out;
 	if (alg != NULL && strcmp(alg, sigtype) != 0) {
 		ret = SSH_ERR_SIGN_ALG_UNSUPPORTED;
 diff --color -ru a/sshkey.h b/sshkey.h
 --- a/sshkey.h	2022-06-23 10:25:29.521922515 +0200
 +++ b/sshkey.h	2022-06-23 10:26:12.907762022 +0200
@@ -211,6 +211,7 @@
     const u_char *, size_t, const char *, u_int);
 int	 sshkey_check_sigtype(const u_char *, size_t, const char *);
 const char *sshkey_sigalg_by_name(const char *);
 +int      sshkey_get_sigtype(const u_char *, size_t, char **);
 /* for debug */
 void	sshkey_dump_ec_point(const EC_GROUP *, const EC_POINT *);
--- a/SPECS/openssh.spec
+++ b/SPECS/openssh.spec
@ -66,7 +66,7 @@
 # Do not forget to bump pam_ssh_agent_auth release if you rewind the main package release to 1
 %global openssh_ver 8.0p1
-%global openssh_rel 13
+%global openssh_rel 16
 %global pam_ssh_agent_ver 0.10.3
 %global pam_ssh_agent_rel 7
@ -257,6 +257,21 @@ Patch981: openssh-8.0p1-sshd_include.patch
 # upstream commit:
 # 69334996ae203c51c70bf01d414c918a44618f8e
 Patch982: openssh-8.0p1-client_alive_count_max.patch
 # add a local implementation of BSD realpath() for sftp-server
 # use ahead of OpenBSD's realpath changing to match POSIX
 # upstream commits:
 # 569b650f93b561c09c655f83f128e1dfffe74101
 # 53a6ebf1445a857f5e487b18ee5e5830a9575149
 # 5428b0d239f6b516c81d1dd15aa9fe9e60af75d4
 Patch983: openssh-8.0p1-sftp-realpath.patch
 # include caveat for crypto-policy in sshd manpage (#2044354)
 Patch984: openssh-8.0p1-crypto-policy-doc.patch
 # minimize the use of SHA1 as a proof of possession for RSA key (#2093897)
 # upstream commits:
 # 291721bc7c840d113a49518f3fca70e86248b8e8
 # 0fa33683223c76289470a954404047bc762be84c
 # f8df0413f0a057b6a3d3dd7bd8bc7c5d80911d3a
 Patch985: openssh-8.7p1-minimize-sha1-use.patch
 License: BSD
 Group: Applications/Internet
@ -485,6 +500,9 @@ popd
 %patch980 -p1 -b .cve-2021-41617
 %patch981 -p1 -b .sshdinclude
 %patch982 -p1 -b .client_alive_count_max
 %patch983 -p1 -b .sftp-realpath
 %patch984 -p1 -b .crypto-policy-doc
 %patch985 -p1 -b .minimize-sha1-use
 %patch200 -p1 -b .audit
 %patch201 -p1 -b .audit-race
@ -776,6 +794,20 @@ getent passwd sshd >/dev/null || \
 %endif
 %changelog
 * Wed Jun 29 2022 Zoltan Fridrich <zfridric@redhat.com> - 8.0p1-16
 - Omit client side from minimize-sha1-use.patch to prevent regression (#2093897)
 * Thu Jun 23 2022 Zoltan Fridrich <zfridric@redhat.com> - 8.0p1-15
 - Fix new issues found by static analyzers
 * Wed Jun 01 2022 Zoltan Fridrich <zfridric@redhat.com> - 8.0p1-14
 - Upstream: add a local implementation of BSD realpath() for sftp-server (#2064249)
 - Change product name from Fedora to RHEL in openssh-7.8p1-UsePAM-warning.patch (#1953807)
 - Include caveat for crypto-policy in sshd manpage (#2044354)
 - Change log level of FIPS specific log message to verbose (#2050511)
 - Clarify force_file_perms (-m) documentation in sftp-server manpage (#1862504)
 - Minimize the use of SHA1 as a proof of possession for RSA key (#2093897)
 * Tue Oct 26 2021 Dmitry Belyavskiy <dbelyavs@redhat.com> - 8.0p1-13
 - Upstream: ClientAliveCountMax=0 disable the connection killing behaviour (#2015828)