import openssh-8.0p1-5.el8

2020-07-28 08:06:13 -04:00 · 2020-07-28 08:06:13 -04:00 · 75ca0870c6
parent b40f69fe2a
commit 75ca0870c6
17 changed files with 970 additions and 224 deletions
--- a/SOURCES/openssh-6.6p1-ctr-cavstest.patch
+++ b/SOURCES/openssh-6.6p1-ctr-cavstest.patch
@ -20,10 +20,10 @@ diff -up openssh-6.8p1/Makefile.in.ctr-cavs openssh-6.8p1/Makefile.in
 	ssh-xmss.o \
@@ -194,6 +195,9 @@ ssh-ldap-helper$(EXEEXT): $(LIBCOMPAT) l
 ssh-keycat$(EXEEXT): $(LIBCOMPAT) $(SSHDOBJS) libssh.a ssh-keycat.o uidswap.o
- 	$(LD) -o $@ ssh-keycat.o uidswap.o $(LDFLAGS) -lssh -lopenbsd-compat -lfipscheck $(KEYCATLIBS) $(LIBS)
+ 	$(LD) -o $@ ssh-keycat.o uidswap.o $(LDFLAGS) -lssh -lopenbsd-compat $(KEYCATLIBS) $(LIBS)
 
 +ctr-cavstest$(EXEEXT): $(LIBCOMPAT) libssh.a ctr-cavstest.o
-+	$(LD) -o $@ ctr-cavstest.o $(LDFLAGS) -lssh -lopenbsd-compat -lssh -lfipscheck $(LIBS)
+	$(LD) -o $@ ctr-cavstest.o $(LDFLAGS) -lssh -lopenbsd-compat -lssh $(LIBS)
 +
 ssh-keyscan$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-keyscan.o
 	$(LD) -o $@ ssh-keyscan.o $(LDFLAGS) -lssh -lopenbsd-compat -lssh $(LIBS)
--- a/SOURCES/openssh-6.6p1-keycat.patch
+++ b/SOURCES/openssh-6.6p1-keycat.patch
@ -62,10 +62,10 @@ diff -up openssh/Makefile.in.keycat openssh/Makefile.in
 	ssh-xmss.o \
@@ -190,6 +191,9 @@ ssh-pkcs11-helper$(EXEEXT): $(LIBCOMPAT)
 ssh-ldap-helper$(EXEEXT): $(LIBCOMPAT) libssh.a ldapconf.o ldapbody.o ldapmisc.o ldap-helper.o
- 	$(LD) -o $@ ldapconf.o ldapbody.o ldapmisc.o ldap-helper.o $(LDFLAGS) -lssh -lopenbsd-compat -lssh -lopenbsd-compat -lfipscheck $(LIBS) $(LDAPLIBS)
+ 	$(LD) -o $@ ldapconf.o ldapbody.o ldapmisc.o ldap-helper.o $(LDFLAGS) -lssh -lopenbsd-compat -lssh -lopenbsd-compat $(LIBS) $(LDAPLIBS)
 
 +ssh-keycat$(EXEEXT): $(LIBCOMPAT) $(SSHDOBJS) libssh.a ssh-keycat.o uidswap.o
-+	$(LD) -o $@ ssh-keycat.o uidswap.o $(LDFLAGS) -lssh -lopenbsd-compat -lfipscheck $(KEYCATLIBS) $(LIBS)
+	$(LD) -o $@ ssh-keycat.o uidswap.o $(LDFLAGS) -lssh -lopenbsd-compat $(KEYCATLIBS) $(LIBS)
 +
 ssh-keyscan$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-keyscan.o
 	$(LD) -o $@ ssh-keyscan.o $(LDFLAGS) -lssh -lopenbsd-compat -lssh $(LIBS)
--- a/SOURCES/openssh-6.7p1-kdf-cavs.patch
+++ b/SOURCES/openssh-6.7p1-kdf-cavs.patch
@ -20,7 +20,7 @@ diff -up openssh-6.8p1/Makefile.in.kdf-cavs openssh-6.8p1/Makefile.in
 	ssh-xmss.o \
@@ -198,6 +199,9 @@ ssh-keycat$(EXEEXT): $(LIBCOMPAT) $(SSHD
 ctr-cavstest$(EXEEXT): $(LIBCOMPAT) libssh.a ctr-cavstest.o
- 	$(LD) -o $@ ctr-cavstest.o $(LDFLAGS) -lssh -lopenbsd-compat -lssh -lfipscheck $(LIBS)
+ 	$(LD) -o $@ ctr-cavstest.o $(LDFLAGS) -lssh -lopenbsd-compat -lssh $(LIBS)
 
 +ssh-cavs$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-cavs.o
 +	$(LD) -o $@ ssh-cavs.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS)
--- a/SOURCES/openssh-6.7p1-ldap.patch
+++ b/SOURCES/openssh-6.7p1-ldap.patch
@ -171,7 +171,7 @@ diff -up openssh-6.8p1/Makefile.in.ldap openssh-6.8p1/Makefile.in
 	$(LD) -o $@ ssh-pkcs11-helper.o ssh-pkcs11.o $(LDFLAGS) -lssh -lopenbsd-compat -lssh -lopenbsd-compat $(LIBS)
 
 +ssh-ldap-helper$(EXEEXT): $(LIBCOMPAT) libssh.a ldapconf.o ldapbody.o ldapmisc.o ldap-helper.o
-+	$(LD) -o $@ ldapconf.o ldapbody.o ldapmisc.o ldap-helper.o $(LDFLAGS) -lssh -lopenbsd-compat -lssh -lopenbsd-compat -lfipscheck $(LIBS) $(LDAPLIBS)
+	$(LD) -o $@ ldapconf.o ldapbody.o ldapmisc.o ldap-helper.o $(LDFLAGS) -lssh -lopenbsd-compat -lssh -lopenbsd-compat $(LIBS) $(LDAPLIBS)
 +
 ssh-keyscan$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-keyscan.o
 	$(LD) -o $@ ssh-keyscan.o $(LDFLAGS) -lssh -lopenbsd-compat -lssh $(LIBS)
--- a/SOURCES/openssh-7.7p1-fips.patch
+++ b/SOURCES/openssh-7.7p1-fips.patch
@ -127,50 +127,6 @@ diff -up openssh-7.9p1/kexgexc.c.fips openssh-7.9p1/kexgexc.c
 	p = g = NULL; /* belong to kex->dh now */
 
 	/* generate and send 'e', client DH public key */
-diff -up openssh-7.9p1/Makefile.in.fips openssh-7.9p1/Makefile.in
--- openssh-7.9p1/Makefile.in.fips	2019-03-11 17:06:37.615877984 +0100
-+++ openssh-7.9p1/Makefile.in	2019-03-11 17:06:37.621878041 +0100
-@@ -179,25 +179,25 @@ libssh.a: $(LIBSSH_OBJS)
- 	$(RANLIB) $@
- 
- ssh$(EXEEXT): $(LIBCOMPAT) libssh.a $(SSHOBJS)
-	$(LD) -o $@ $(SSHOBJS) $(LDFLAGS) -lssh -lopenbsd-compat $(SSHLIBS) $(LIBS) $(GSSLIBS)
-+	$(LD) -o $@ $(SSHOBJS) $(LDFLAGS) -lssh -lopenbsd-compat -lfipscheck $(SSHLIBS) $(LIBS) $(GSSLIBS)
- 
- sshd$(EXEEXT): libssh.a	$(LIBCOMPAT) $(SSHDOBJS)
-	$(LD) -o $@ $(SSHDOBJS) $(LDFLAGS) -lssh -lopenbsd-compat $(SSHDLIBS) $(LIBS) $(GSSLIBS) $(K5LIBS)
-+	$(LD) -o $@ $(SSHDOBJS) $(LDFLAGS) -lssh -lopenbsd-compat -lfipscheck $(SSHDLIBS) $(LIBS) $(GSSLIBS) $(K5LIBS)
- 
- scp$(EXEEXT): $(LIBCOMPAT) libssh.a scp.o progressmeter.o
- 	$(LD) -o $@ scp.o progressmeter.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS)
- 
- ssh-add$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-add.o
-	$(LD) -o $@ ssh-add.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS)
-+	$(LD) -o $@ ssh-add.o $(LDFLAGS) -lssh -lopenbsd-compat -lfipscheck $(LIBS)
- 
- ssh-agent$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-agent.o ssh-pkcs11-client.o
-	$(LD) -o $@ ssh-agent.o ssh-pkcs11-client.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS)
-+	$(LD) -o $@ ssh-agent.o ssh-pkcs11-client.o $(LDFLAGS) -lssh -lopenbsd-compat -lfipscheck $(LIBS)
- 
- ssh-keygen$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-keygen.o
-	$(LD) -o $@ ssh-keygen.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS)
-+	$(LD) -o $@ ssh-keygen.o $(LDFLAGS) -lssh -lopenbsd-compat -lfipscheck $(LIBS)
- 
- ssh-keysign$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-keysign.o readconf.o uidswap.o compat.o
-	$(LD) -o $@ ssh-keysign.o readconf.o uidswap.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS)
-+	$(LD) -o $@ ssh-keysign.o readconf.o uidswap.o $(LDFLAGS) -lssh -lopenbsd-compat -lfipscheck $(LIBS)
- 
- ssh-pkcs11-helper$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-pkcs11-helper.o ssh-pkcs11.o
- 	$(LD) -o $@ ssh-pkcs11-helper.o ssh-pkcs11.o $(LDFLAGS) -lssh -lopenbsd-compat -lssh -lopenbsd-compat $(LIBS)
-@@ -215,7 +215,7 @@ ssh-cavs$(EXEEXT): $(LIBCOMPAT) libssh.a
- 	$(LD) -o $@ ssh-cavs.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS)
- 
- ssh-keyscan$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-keyscan.o
-	$(LD) -o $@ ssh-keyscan.o $(LDFLAGS) -lssh -lopenbsd-compat -lssh $(LIBS)
-+	$(LD) -o $@ ssh-keyscan.o $(LDFLAGS) -lssh -lopenbsd-compat -lssh -lfipscheck $(LIBS)
- 
- sftp-server$(EXEEXT): $(LIBCOMPAT) libssh.a sftp.o sftp-common.o sftp-server.o sftp-server-main.o
- 	$(LD) -o $@ sftp-server.o sftp-common.o sftp-server-main.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS)
 diff -up openssh-7.9p1/myproposal.h.fips openssh-7.9p1/myproposal.h
 --- openssh-7.9p1/myproposal.h.fips	2018-10-17 02:01:20.000000000 +0200
 +++ openssh-7.9p1/myproposal.h	2019-03-11 17:06:37.621878041 +0100
@ -309,43 +265,25 @@ diff -up openssh-7.9p1/servconf.c.fips openssh-7.9p1/servconf.c
 diff -up openssh-7.9p1/ssh.c.fips openssh-7.9p1/ssh.c
 --- openssh-7.9p1/ssh.c.fips	2019-03-11 17:06:37.602877862 +0100
 +++ openssh-7.9p1/ssh.c	2019-03-11 17:06:37.623878060 +0100
-@@ -76,6 +76,8 @@
+@@ -76,6 +76,7 @@
 #include <openssl/evp.h>
 #include <openssl/err.h>
 #endif
 +#include <openssl/crypto.h>
-+#include <fipscheck.h>
 #include "openbsd-compat/openssl-compat.h"
 #include "openbsd-compat/sys-queue.h"
 
-@@ -600,6 +602,16 @@ main(int ac, char **av)
- 	sanitise_stdfd();
- 
- 	__progname = ssh_get_progname(av[0]);
-+#if OPENSSL_VERSION_NUMBER < 0x10100000L
-+	SSLeay_add_all_algorithms();
-+#endif
-+	if (access("/etc/system-fips", F_OK) == 0)
-+		if (! FIPSCHECK_verify(NULL, NULL)){
-+			if (FIPS_mode())
-+				fatal("FIPS integrity verification test failed.");
-+			else
-+				logit("FIPS integrity verification test failed.");
-+	}
- 
- #ifndef HAVE_SETPROCTITLE
- 	/* Prepare for later setproctitle emulation */
@@ -1283,6 +1294,10 @@ main(int ac, char **av)
- 
- 	seed_rng();
- 
-+	if (FIPS_mode()) {
-+		logit("FIPS mode initialized");
-+	}
+ 		dump_client_config(&options, host);
+ 		exit(0);
+ 	}
 +
- 	/*
- 	 * Discard other fds that are hanging around. These can cause problem
- 	 * with backgrounded ssh processes started by ControlPersist.
+	if (FIPS_mode()) {
+		debug("FIPS mode initialized");
+	}
+ 
+ 	if (muxclient_command != 0 && options.control_path == NULL)
+ 		fatal("No ControlPath specified for \"-O\" command");
 diff -up openssh-7.9p1/sshconnect2.c.fips openssh-7.9p1/sshconnect2.c
 --- openssh-7.9p1/sshconnect2.c.fips	2019-03-11 17:06:37.580877655 +0100
 +++ openssh-7.9p1/sshconnect2.c	2019-03-11 17:06:37.623878060 +0100
@ -387,7 +325,7 @@ diff -up openssh-7.9p1/sshconnect2.c.fips openssh-7.9p1/sshconnect2.c
 		/* Prefer algorithms that we already have keys for */
 		myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] =
 		    compat_pkalg_proposal(
-@@ -201,29 +201,34 @@ ssh_kex2(char *host, struct sockaddr *ho
+@@ -201,35 +201,40 @@ ssh_kex2(char *host, struct sockaddr *ho
 
 #if defined(GSSAPI) && defined(WITH_OPENSSL)
 	if (options.gss_keyex) {
@ -395,12 +333,18 @@ diff -up openssh-7.9p1/sshconnect2.c.fips openssh-7.9p1/sshconnect2.c
 -		 * client to the key exchange algorithm proposal */
 -		orig = myproposal[PROPOSAL_KEX_ALGS];
 -
-		if (options.gss_server_identity)
+-		if (options.gss_server_identity) {
 -			gss_host = xstrdup(options.gss_server_identity);
-		else if (options.gss_trust_dns)
+-		} else if (options.gss_trust_dns) {
 -			gss_host = remote_hostname(ssh);
-		else
+-			/* Fall back to specified host if we are using proxy command
+-			 * and can not use DNS on that socket */
+-			if (strcmp(gss_host, "UNKNOWN") == 0) {
+-				gss_host = xstrdup(host);
+-			}
+-		} else {
 -			gss_host = xstrdup(host);
+-		}
 -
 -		gss = ssh_gssapi_client_mechanisms(gss_host,
 -		    options.gss_client_identity, options.gss_kex_algorithms);
@ -422,12 +366,18 @@ diff -up openssh-7.9p1/sshconnect2.c.fips openssh-7.9p1/sshconnect2.c
 +			 * client to the key exchange algorithm proposal */
 +			orig = myproposal[PROPOSAL_KEX_ALGS];
 +
-+			if (options.gss_server_identity)
+			if (options.gss_server_identity) {
 +				gss_host = xstrdup(options.gss_server_identity);
-+			else if (options.gss_trust_dns)
+			} else if (options.gss_trust_dns) {
 +				gss_host = remote_hostname(ssh);
-+			else
+				/* Fall back to specified host if we are using proxy command
+				 * and can not use DNS on that socket */
+				if (strcmp(gss_host, "UNKNOWN") == 0) {
+					gss_host = xstrdup(host);
+				}
+			} else {
 +				gss_host = xstrdup(host);
+			}
 +
 +			gss = ssh_gssapi_client_mechanisms(gss_host,
 +			    options.gss_client_identity, options.gss_kex_algorithms);
@ -456,31 +406,19 @@ diff -up openssh-7.9p1/sshd.c.fips openssh-7.9p1/sshd.c
 #include <stdarg.h>
 #include <stdio.h>
 #include <stdlib.h>
-@@ -77,6 +78,8 @@
+@@ -77,6 +78,7 @@
 #include <openssl/dh.h>
 #include <openssl/bn.h>
 #include <openssl/rand.h>
 +#include <openssl/crypto.h>
-+#include <fipscheck.h>
 #include "openbsd-compat/openssl-compat.h"
 #endif
 
-@@ -1581,6 +1584,18 @@ main(int ac, char **av)
+@@ -1581,6 +1584,7 @@ main(int ac, char **av)
 #endif
 	__progname = ssh_get_progname(av[0]);
 
 +	OpenSSL_add_all_algorithms();
-+	if (access("/etc/system-fips", F_OK) == 0)
-+		if (! FIPSCHECK_verify(NULL, NULL)) {
-+			openlog(__progname, LOG_PID, LOG_AUTHPRIV);
-+			if (FIPS_mode()) {
-+				syslog(LOG_CRIT, "FIPS integrity verification test failed.");
-+				cleanup_exit(255);
-+			}
-+			else
-+				syslog(LOG_INFO, "FIPS integrity verification test failed.");
-+			closelog();
-+		}
 	/* Save argv. Duplicate so setproctitle emulation doesn't clobber it */
 	saved_argc = ac;
 	rexec_argc = ac;
@ -489,7 +427,7 @@ diff -up openssh-7.9p1/sshd.c.fips openssh-7.9p1/sshd.c
 	log_init(__progname, options.log_level, options.log_facility, log_stderr);
 
 +	if (FIPS_mode()) {
-+		logit("FIPS mode initialized");
+		debug("FIPS mode initialized");
 +	}
 +
 	/* Chdir to the root directory so that the current disk can be
--- a/SOURCES/openssh-7.7p1-redhat.patch
+++ b/SOURCES/openssh-7.7p1-redhat.patch
@ -1,11 +1,12 @@
 diff -up openssh-7.7p1/ssh_config.redhat openssh-7.7p1/ssh_config
 --- openssh-7.7p1/ssh_config.redhat	2018-04-02 07:38:28.000000000 +0200
 +++ openssh-7.7p1/ssh_config	2018-07-03 10:44:06.522245125 +0200
-@@ -44,3 +44,7 @@
+@@ -44,3 +44,8 @@
 #   VisualHostKey no
 #   ProxyCommand ssh -q -W %h:%p gateway.example.com
 #   RekeyLimit 1G 1h
 +#
+# This system is following system-wide crypto policy.
 +# To modify the system-wide ssh configuration, create a  *.conf  file under
 +#  /etc/ssh/ssh_config.d/  which will be automatically included below
 +Include /etc/ssh/ssh_config.d/*.conf
@ -66,7 +67,7 @@ diff -up openssh-7.7p1/sshd_config.5.redhat openssh-7.7p1/sshd_config.5
 diff -up openssh-7.7p1/sshd_config.redhat openssh-7.7p1/sshd_config
 --- openssh-7.7p1/sshd_config.redhat	2018-04-02 07:38:28.000000000 +0200
 +++ openssh-7.7p1/sshd_config	2018-07-03 10:45:16.950782466 +0200
-@@ -10,20 +10,34 @@
+@@ -10,20 +10,31 @@
 # possible, but leave them commented.  Uncommented options override the
 # default value.
 
@ -89,14 +90,11 @@ diff -up openssh-7.7p1/sshd_config.redhat openssh-7.7p1/sshd_config
 # Ciphers and keying
 #RekeyLimit default none
 
-+# System-wide Crypto policy:
 +# This system is following system-wide crypto policy. The changes to
-+# Ciphers, MACs, KexAlgoritms and GSSAPIKexAlgorithsm will not have any
-+# effect here. They will be overridden by command-line options passed on
-+# the server start up.
-+# To opt out, uncomment a line with redefinition of  CRYPTO_POLICY=
-+# variable in  /etc/sysconfig/sshd  to overwrite the policy.
-+# For more information, see manual page for update-crypto-policies(8).
+# crypto properties (Ciphers, MACs, ...) will not have any effect here.
+# They will be overridden by command-line options passed to the server
+# on command line.
+# Please, check manual pages for update-crypto-policies(8) and sshd_config(5).
 +
 # Logging
 #SyslogFacility AUTH
--- a/SOURCES/openssh-8.0p1-crypto-policies.patch
+++ b/SOURCES/openssh-8.0p1-crypto-policies.patch
@ -1,7 +1,55 @@
 diff -up openssh-8.0p1/ssh_config.5.crypto-policies openssh-8.0p1/ssh_config.5
--- openssh-8.0p1/ssh_config.5.crypto-policies	2019-05-13 14:04:01.999099570 +0200
-+++ openssh-8.0p1/ssh_config.5	2019-05-13 14:12:36.343923071 +0200
-@@ -445,12 +445,10 @@ aes256-gcm@openssh.com
+--- openssh-8.0p1/ssh_config.5.crypto-policies	2020-03-24 17:32:54.821789205 +0100
+++ openssh-8.0p1/ssh_config.5	2020-03-24 17:59:58.174122920 +0100
+@@ -357,17 +357,17 @@ or
+ .Qq *.c.example.com
+ domains.
+ .It Cm CASignatureAlgorithms
+The default is handled system-wide by
+.Xr crypto-policies 7 .
+To see the current defaults and how to modify them, see manual page
+.Xr update-crypto-policies 8 .
+.Pp
+ Specifies which algorithms are allowed for signing of certificates
+ by certificate authorities (CAs).
+-The default is:
+-.Bd -literal -offset indent
+-ecdsa-sha2-nistp256.ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,
+-ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa
+-.Ed
+-.Pp
+ .Xr ssh 1
+ will not accept host certificates signed using algorithms other than those
+ specified.
+.Pp
+ .It Cm CertificateFile
+ Specifies a file from which the user's certificate is read.
+ A corresponding private key must be provided separately in order
+@@ -420,16 +420,21 @@ If the option is set to
+ .Cm no ,
+ the check will not be executed.
+ .It Cm Ciphers
+The default is handled system-wide by
+.Xr crypto-policies 7 .
+To see the current defaults and how to modify them, see manual page
+.Xr update-crypto-policies 8 .
+.Pp
+ Specifies the ciphers allowed and their order of preference.
+ Multiple ciphers must be comma-separated.
+ If the specified value begins with a
+ .Sq +
+-character, then the specified ciphers will be appended to the default set
+character, then the specified ciphers will be appended to the built-in default set
+ instead of replacing them.
+ If the specified value begins with a
+ .Sq -
+ character, then the specified ciphers (including wildcards) will be removed
+-from the default set instead of replacing them.
+from the built-in default set instead of replacing them.
+ .Pp
+ The supported ciphers are:
+ .Bd -literal -offset indent
+@@ -445,13 +450,6 @@ aes256-gcm@openssh.com
 chacha20-poly1305@openssh.com
 .Ed
 .Pp
@ -11,30 +59,53 @@ diff -up openssh-8.0p1/ssh_config.5.crypto-policies openssh-8.0p1/ssh_config.5
 -aes128-ctr,aes192-ctr,aes256-ctr,
 -aes128-gcm@openssh.com,aes256-gcm@openssh.com
 -.Ed
-+The default is handled system-wide by
-+.Xr crypto-policies 7 .
-+To see the defaults and how to modify this default, see manual page
-+.Xr update-crypto-policies 8 .
- .Pp
+-.Pp
 The list of available ciphers may also be obtained using
 .Qq ssh -Q cipher .
-@@ -812,8 +810,10 @@ gss-nistp256-sha256-,
+ .It Cm ClearAllForwardings
+@@ -800,6 +798,11 @@ command line will be passed untouched to
+ The default is
+ .Dq no .
+ .It Cm GSSAPIKexAlgorithms
+The default is handled system-wide by
+.Xr crypto-policies 7 .
+To see the current defaults and how to modify them, see manual page
+.Xr update-crypto-policies 8 .
+.Pp
+ The list of key exchange algorithms that are offered for GSSAPI
+ key exchange. Possible values are
+ .Bd -literal -offset 3n
+@@ -812,9 +815,8 @@ gss-nistp256-sha256-,
 gss-curve25519-sha256-
 .Ed
 .Pp
 -The default is
-.Dq gss-gex-sha1-,gss-group14-sha1- .
-+The default is handled system-wide by
-+.Xr crypto-policies 7 .
-+To see the defaults and how to modify this default, see manual page
-+.Xr update-crypto-policies 8 .
- This option only applies to protocol version 2 connections using GSSAPI.
+-.Dq gss-group14-sha256-,gss-group16-sha512-,gss-nistp256-sha256-,gss-curve25519-sha256-,gss-group14-sha1-,gss-gex-sha1- .
+ This option only applies to connections using GSSAPI.
+.Pp
 .It Cm HashKnownHosts
 Indicates that
-@@ -1123,16 +1123,10 @@ If the specified value begins with a
+ .Xr ssh 1
+@@ -1114,26 +1115,21 @@ it may be zero or more of:
+ and
+ .Cm pam .
+ .It Cm KexAlgorithms
+The default is handled system-wide by
+.Xr crypto-policies 7 .
+To see the current defaults and how to modify them, see manual page
+.Xr update-crypto-policies 8 .
+.Pp
+ Specifies the available KEX (Key Exchange) algorithms.
+ Multiple algorithms must be comma-separated.
+ Alternately if the specified value begins with a
+ .Sq +
+-character, then the specified methods will be appended to the default set
+character, then the specified methods will be appended to the built-in default set
+ instead of replacing them.
+ If the specified value begins with a
 .Sq -
 character, then the specified methods (including wildcards) will be removed
- from the default set instead of replacing them.
+-from the default set instead of replacing them.
 -The default is:
 -.Bd -literal -offset indent
 -curve25519-sha256,curve25519-sha256@libssh.org,
@ -45,14 +116,36 @@ diff -up openssh-8.0p1/ssh_config.5.crypto-policies openssh-8.0p1/ssh_config.5
 -diffie-hellman-group14-sha256,
 -diffie-hellman-group14-sha1
 -.Ed
-+The default is handled system-wide by
-+.Xr crypto-policies 7 .
-+To see the defaults and how to modify this default, see manual page
-+.Xr update-crypto-policies 8 .
+from the built-in default set instead of replacing them.
 .Pp
 The list of available key exchange algorithms may also be obtained using
 .Qq ssh -Q kex .
-@@ -1210,14 +1204,10 @@ The algorithms that contain
+@@ -1193,33 +1189,29 @@ The default is INFO.
+ DEBUG and DEBUG1 are equivalent.
+ DEBUG2 and DEBUG3 each specify higher levels of verbose output.
+ .It Cm MACs
+The default is handled system-wide by
+.Xr crypto-policies 7 .
+To see the current defaults and how to modify them, see manual page
+.Xr update-crypto-policies 8 .
+.Pp
+ Specifies the MAC (message authentication code) algorithms
+ in order of preference.
+ The MAC algorithm is used for data integrity protection.
+ Multiple algorithms must be comma-separated.
+ If the specified value begins with a
+ .Sq +
+-character, then the specified algorithms will be appended to the default set
+character, then the specified algorithms will be appended to the built-in default set
+ instead of replacing them.
+ If the specified value begins with a
+ .Sq -
+ character, then the specified algorithms (including wildcards) will be removed
+-from the default set instead of replacing them.
+from the built-in default set instead of replacing them.
+ .Pp
+ The algorithms that contain
+ .Qq -etm
 calculate the MAC after encryption (encrypt-then-mac).
 These are considered safer and their use recommended.
 .Pp
@ -64,17 +157,30 @@ diff -up openssh-8.0p1/ssh_config.5.crypto-policies openssh-8.0p1/ssh_config.5
 -umac-64@openssh.com,umac-128@openssh.com,
 -hmac-sha2-256,hmac-sha2-512,hmac-sha1
 -.Ed
-+The default is handled system-wide by
-+.Xr crypto-policies 7 .
-+To see the defaults and how to modify this default, see manual page
-+.Xr update-crypto-policies 8 .
- .Pp
+-.Pp
 The list of available MAC algorithms may also be obtained using
 .Qq ssh -Q mac .
-@@ -1361,17 +1351,10 @@ If the specified value begins with a
+ .It Cm NoHostAuthenticationForLocalhost
+@@ -1352,27 +1344,21 @@ instead of continuing to execute and pas
+ The default is
+ .Cm no .
+ .It Cm PubkeyAcceptedKeyTypes
+The default is handled system-wide by
+.Xr crypto-policies 7 .
+To see the current defaults and how to modify them, see manual page
+.Xr update-crypto-policies 8 .
+.Pp
+ Specifies the key types that will be used for public key authentication
+ as a comma-separated list of patterns.
+ Alternately if the specified value begins with a
+ .Sq +
+-character, then the key types after it will be appended to the default
+character, then the key types after it will be appended to the built-in default
+ instead of replacing it.
+ If the specified value begins with a
 .Sq -
 character, then the specified key types (including wildcards) will be removed
- from the default set instead of replacing them.
+-from the default set instead of replacing them.
 -The default for this option is:
 -.Bd -literal -offset 3n
 -ecdsa-sha2-nistp256-cert-v01@openssh.com,
@ -86,17 +192,61 @@ diff -up openssh-8.0p1/ssh_config.5.crypto-policies openssh-8.0p1/ssh_config.5
 -ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,
 -ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa
 -.Ed
-+The default is handled system-wide by
-+.Xr crypto-policies 7 .
-+To see the defaults and how to modify this default, see manual page
-+.Xr update-crypto-policies 8 .
+from the built-in default set instead of replacing them.
 .Pp
 The list of available key types may also be obtained using
 .Qq ssh -Q key .
 diff -up openssh-8.0p1/sshd_config.5.crypto-policies openssh-8.0p1/sshd_config.5
--- openssh-8.0p1/sshd_config.5.crypto-policies	2019-05-13 14:12:41.226968863 +0200
-+++ openssh-8.0p1/sshd_config.5	2019-05-13 14:15:14.581406997 +0200
-@@ -490,12 +490,10 @@ aes256-gcm@openssh.com
+--- openssh-8.0p1/sshd_config.5.crypto-policies	2020-03-24 17:32:54.802788908 +0100
+++ openssh-8.0p1/sshd_config.5	2020-03-24 17:54:13.347740176 +0100
+@@ -383,16 +383,16 @@ If the argument is
+ then no banner is displayed.
+ By default, no banner is displayed.
+ .It Cm CASignatureAlgorithms
+The default is handled system-wide by
+.Xr crypto-policies 7 .
+To see the current defaults and how to modify them, see manual page
+.Xr update-crypto-policies 8 .
+.Pp
+ Specifies which algorithms are allowed for signing of certificates
+ by certificate authorities (CAs).
+-The default is:
+-.Bd -literal -offset indent
+-ecdsa-sha2-nistp256.ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,
+-ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa
+-.Ed
+-.Pp
+ Certificates signed using other algorithms will not be accepted for
+ public key or host-based authentication.
+.Pp
+ .It Cm ChallengeResponseAuthentication
+ Specifies whether challenge-response authentication is allowed (e.g. via
+ PAM or through authentication styles supported in
+@@ -454,16 +454,21 @@ The default is
+ indicating not to
+ .Xr chroot 2 .
+ .It Cm Ciphers
+The default is handled system-wide by
+.Xr crypto-policies 7 .
+To see the current defaults and how to modify them, see manual page
+.Xr update-crypto-policies 8 .
+.Pp
+ Specifies the ciphers allowed.
+ Multiple ciphers must be comma-separated.
+ If the specified value begins with a
+ .Sq +
+-character, then the specified ciphers will be appended to the default set
+character, then the specified ciphers will be appended to the built-in default set
+ instead of replacing them.
+ If the specified value begins with a
+ .Sq -
+ character, then the specified ciphers (including wildcards) will be removed
+-from the default set instead of replacing them.
+from the built-in default set instead of replacing them.
+ .Pp
+ The supported ciphers are:
+ .Pp
+@@ -490,13 +495,6 @@ aes256-gcm@openssh.com
 chacha20-poly1305@openssh.com
 .El
 .Pp
@ -106,28 +256,40 @@ diff -up openssh-8.0p1/sshd_config.5.crypto-policies openssh-8.0p1/sshd_config.5
 -aes128-ctr,aes192-ctr,aes256-ctr,
 -aes128-gcm@openssh.com,aes256-gcm@openssh.com
 -.Ed
-+The default is handled system-wide by
-+.Xr crypto-policies 7 .
-+To see the defaults and how to modify this default, see manual page
-+.Xr update-crypto-policies 8 .
- .Pp
+-.Pp
 The list of available ciphers may also be obtained using
 .Qq ssh -Q cipher .
-@@ -700,8 +698,10 @@ gss-nistp256-sha256-,
+ .It Cm ClientAliveCountMax
+@@ -688,6 +686,11 @@ For this to work
+ .Cm GSSAPIKeyExchange
+ needs to be enabled in the server and also used by the client.
+ .It Cm GSSAPIKexAlgorithms
+The default is handled system-wide by
+.Xr crypto-policies 7 .
+To see the current defaults and how to modify them, see manual page
+.Xr update-crypto-policies 8 .
+.Pp
+ The list of key exchange algorithms that are accepted by GSSAPI
+ key exchange. Possible values are
+ .Bd -literal -offset 3n
+@@ -700,8 +703,6 @@ gss-nistp256-sha256-,
 gss-curve25519-sha256-
 .Ed
 .Pp
 -The default is
-.Dq gss-gex-sha1-,gss-group14-sha1- .
-+The default is handled system-wide by
-+.Xr crypto-policies 7 .
-+To see the defaults and how to modify this default, see manual page
-+.Xr update-crypto-policies 8 .
- This option only applies to protocol version 2 connections using GSSAPI.
+-.Dq gss-group14-sha256-,gss-group16-sha512-,gss-nistp256-sha256-,gss-curve25519-sha256-,gss-group14-sha1-,gss-gex-sha1- .
+ This option only applies to connections using GSSAPI.
 .It Cm HostbasedAcceptedKeyTypes
 Specifies the key types that will be accepted for hostbased authentication
-@@ -792,17 +792,10 @@ environment variable.
+@@ -791,19 +791,13 @@ is specified, the location of the socket
+ .Ev SSH_AUTH_SOCK
+ environment variable.
 .It Cm HostKeyAlgorithms
+The default is handled system-wide by
+.Xr crypto-policies 7 .
+To see the current defaults and how to modify them, see manual page
+.Xr update-crypto-policies 8 .
+.Pp
 Specifies the host key algorithms
 that the server offers.
 -The default for this option is:
@ -141,14 +303,34 @@ diff -up openssh-8.0p1/sshd_config.5.crypto-policies openssh-8.0p1/sshd_config.5
 -ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,
 -ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa
 -.Ed
-+The default is handled system-wide by
-+.Xr crypto-policies 7 .
-+To see the defaults and how to modify this default, see manual page
-+.Xr update-crypto-policies 8 .
 .Pp
 The list of available key types may also be obtained using
 .Qq ssh -Q key .
-@@ -960,14 +953,10 @@ ecdh-sha2-nistp384
+@@ -922,16 +916,21 @@ Specifies whether to look at .k5login fi
+ The default is
+ .Cm yes .
+ .It Cm KexAlgorithms
+The default is handled system-wide by
+.Xr crypto-policies 7 .
+To see the current defaults and how to modify them, see manual page
+.Xr update-crypto-policies 8 .
+.Pp
+ Specifies the available KEX (Key Exchange) algorithms.
+ Multiple algorithms must be comma-separated.
+ Alternately if the specified value begins with a
+ .Sq +
+-character, then the specified methods will be appended to the default set
+character, then the specified methods will be appended to the built-in default set
+ instead of replacing them.
+ If the specified value begins with a
+ .Sq -
+ character, then the specified methods (including wildcards) will be removed
+-from the default set instead of replacing them.
+from the built-in default set instead of replacing them.
+ The supported algorithms are:
+ .Pp
+ .Bl -item -compact -offset indent
+@@ -961,15 +960,6 @@ ecdh-sha2-nistp384
 ecdh-sha2-nistp521
 .El
 .Pp
@ -160,14 +342,36 @@ diff -up openssh-8.0p1/sshd_config.5.crypto-policies openssh-8.0p1/sshd_config.5
 -diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,
 -diffie-hellman-group14-sha256,diffie-hellman-group14-sha1
 -.Ed
-+The default is handled system-wide by
-+.Xr crypto-policies 7 .
-+To see the defaults and how to modify this default, see manual page
-+.Xr update-crypto-policies 8 .
- .Pp
+-.Pp
 The list of available key exchange algorithms may also be obtained using
 .Qq ssh -Q kex .
-@@ -1090,14 +1079,10 @@ umac-64-etm@openssh.com
+ .It Cm ListenAddress
+@@ -1038,17 +1028,22 @@ DEBUG and DEBUG1 are equivalent.
+ DEBUG2 and DEBUG3 each specify higher levels of debugging output.
+ Logging with a DEBUG level violates the privacy of users and is not recommended.
+ .It Cm MACs
+The default is handled system-wide by
+.Xr crypto-policies 7 .
+To see the current defaults and how to modify them, see manual page
+.Xr update-crypto-policies 8 .
+.Pp
+ Specifies the available MAC (message authentication code) algorithms.
+ The MAC algorithm is used for data integrity protection.
+ Multiple algorithms must be comma-separated.
+ If the specified value begins with a
+ .Sq +
+-character, then the specified algorithms will be appended to the default set
+character, then the specified algorithms will be appended to the built-in default set
+ instead of replacing them.
+ If the specified value begins with a
+ .Sq -
+ character, then the specified algorithms (including wildcards) will be removed
+-from the default set instead of replacing them.
+from the built-in default set instead of replacing them.
+ .Pp
+ The algorithms that contain
+ .Qq -etm
+@@ -1091,15 +1086,6 @@ umac-64-etm@openssh.com
 umac-128-etm@openssh.com
 .El
 .Pp
@ -179,17 +383,30 @@ diff -up openssh-8.0p1/sshd_config.5.crypto-policies openssh-8.0p1/sshd_config.5
 -umac-64@openssh.com,umac-128@openssh.com,
 -hmac-sha2-256,hmac-sha2-512,hmac-sha1
 -.Ed
-+The default is handled system-wide by
-+.Xr crypto-policies 7 .
-+To see the defaults and how to modify this default, see manual page
-+.Xr update-crypto-policies 8 .
- .Pp
+-.Pp
 The list of available MAC algorithms may also be obtained using
 .Qq ssh -Q mac .
-@@ -1455,17 +1440,10 @@ If the specified value begins with a
+ .It Cm Match
+@@ -1446,27 +1432,21 @@ or equivalent.)
+ The default is
+ .Cm yes .
+ .It Cm PubkeyAcceptedKeyTypes
+The default is handled system-wide by
+.Xr crypto-policies 7 .
+To see the current defaults and how to modify them, see manual page
+.Xr update-crypto-policies 8 .
+.Pp
+ Specifies the key types that will be accepted for public key authentication
+ as a list of comma-separated patterns.
+ Alternately if the specified value begins with a
+ .Sq +
+-character, then the specified key types will be appended to the default set
+character, then the specified key types will be appended to the built-in default set
+ instead of replacing them.
+ If the specified value begins with a
 .Sq -
 character, then the specified key types (including wildcards) will be removed
- from the default set instead of replacing them.
+-from the default set instead of replacing them.
 -The default for this option is:
 -.Bd -literal -offset 3n
 -ecdsa-sha2-nistp256-cert-v01@openssh.com,
@ -201,10 +418,7 @@ diff -up openssh-8.0p1/sshd_config.5.crypto-policies openssh-8.0p1/sshd_config.5
 -ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,
 -ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa
 -.Ed
-+The default is handled system-wide by
-+.Xr crypto-policies 7 .
-+To see the defaults and how to modify this default, see manual page
-+.Xr update-crypto-policies 8 .
+from the built-in default set instead of replacing them.
 .Pp
 The list of available key types may also be obtained using
 .Qq ssh -Q key .
--- a/SOURCES/openssh-8.0p1-entropy.patch
+++ b/SOURCES/openssh-8.0p1-entropy.patch
@ -0,0 +1,302 @@
+diff --git a/entropy.c b/entropy.c
+index 2d483b3..b361a04 100644
+--- a/entropy.c
+++ b/entropy.c
+@@ -234,6 +234,9 @@ seed_rng(void)
+ 	}
+ #endif /* OPENSSL_PRNG_ONLY */
+ 
+#ifdef __linux__
+	linux_seed();
+#endif /* __linux__ */
+ 	if (RAND_status() != 1)
+ 		fatal("PRNG is not seeded");
+ 
+diff --git a/openbsd-compat/Makefile.in b/openbsd-compat/Makefile.in
+index b912dbe..9206337 100644
+--- a/openbsd-compat/Makefile.in
+++ b/openbsd-compat/Makefile.in
+@@ -20,6 +20,7 @@ OPENBSD=base64.o basename.o bcrypt_pbkdf.o bindresvport.o blowfish.o daemon.o di
+ 	port-solaris.o \
+ 	port-net.o \
+ 	port-uw.o \
+	port-linux-prng.o \
+ 	port-linux-sshd.o
+ 
+ .c.o:
+diff -up openssh-7.4p1/openbsd-compat/port-linux.h.entropy openssh-7.4p1/openbsd-compat/port-linux.h
+--- openssh-7.4p1/openbsd-compat/port-linux.h.entropy	2016-12-23 18:34:27.747753563 +0100
+++ openssh-7.4p1/openbsd-compat/port-linux.h	2016-12-23 18:34:27.769753570 +0100
+@@ -34,4 +34,6 @@ void oom_adjust_restore(void);
+ void oom_adjust_setup(void);
+ #endif
+ 
+void linux_seed(void);
+
+ #endif /* ! _PORT_LINUX_H */
+diff --git a/openbsd-compat/port-linux-prng.c b/openbsd-compat/port-linux-prng.c
+new file mode 100644
+index 0000000..92a617c
+--- /dev/null
+++ b/openbsd-compat/port-linux-prng.c
+@@ -0,0 +1,78 @@
+/*
+ * Copyright (c) 2011 - 2020 Red Hat, Inc.
+ *
+ * Authors:
+ *  Jan F. Chadima <jchadima@redhat.com>
+ *  Jakub Jelen <jjelen@redhat.com>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/*
+ * Linux-specific portability code - prng support
+ */
+
+#include "includes.h"
+
+#include <errno.h>
+#include <string.h>
+#include <openssl/rand.h>
+#include <sys/random.h>
+
+#include "log.h"
+
+void
+linux_seed(void)
+{
+	char *env = NULL;
+	size_t randlen = 14, left;
+	unsigned int flags = 0;
+	unsigned char buf[256], *p;
+
+	env = getenv("SSH_USE_STRONG_RNG");
+	if (env && strcmp(env, "0") != 0) {
+		size_t ienv = atoi(env);
+
+		/* Max on buffer length */
+		if (ienv > sizeof(buf))
+			ienv = sizeof(buf);
+		/* Minimum is always 14 B */
+		if (ienv > randlen)
+			randlen = ienv;
+		flags = GRND_RANDOM;
+	}
+
+	errno = 0;
+	left = randlen;
+	p = buf;
+	do {
+		ssize_t len = getrandom(p, left, flags);
+		if (len == -1) {
+			if (errno != EINTR) {
+				if (flags) {
+					/* With the variable present, this is fatal error */
+					fatal("Failed to seed from getrandom: %s", strerror(errno));
+				} else {
+					/* Otherwise we log the issue drop out from here */
+					debug("Failed to seed from getrandom: %s", strerror(errno));
+					return;
+				}
+			}
+		} else if (len > 0) {
+			left -= len;
+			p += len;
+		}
+	} while (left > 0);
+
+	RAND_seed(buf, randlen);
+}
+diff --git a/ssh-add.1 b/ssh-add.1
+index 4812448..16305bf 100644
+--- a/ssh-add.1
+++ b/ssh-add.1
+@@ -161,6 +161,22 @@ to make this work.)
+ Identifies the path of a
+ .Ux Ns -domain
+ socket used to communicate with the agent.
+.It Ev SSH_USE_STRONG_RNG
+The reseeding of the OpenSSL random generator is usually done from
+.Cm getrandom(1)
+without any specific flags.
+If the
+.Cm SSH_USE_STRONG_RNG
+environment variable is set to value other than
+.Cm 0
+the OpenSSL random generator is reseeded from
+.Cm getrandom(1)
+with GRND_RANDOM flag specified.
+The number of bytes read is defined by the SSH_USE_STRONG_RNG value.
+Minimum is 14 bytes.
+This setting is not recommended on the computers without the hardware
+random generator because insufficient entropy causes the connection to
+be blocked until enough entropy is available.
+ .El
+ .Sh FILES
+ .Bl -tag -width Ds
+diff --git a/ssh-agent.1 b/ssh-agent.1
+index 281ecbd..1a9a635 100644
+--- a/ssh-agent.1
+++ b/ssh-agent.1
+@@ -201,6 +201,26 @@ sockets used to contain the connection to the authentication agent.
+ These sockets should only be readable by the owner.
+ The sockets should get automatically removed when the agent exits.
+ .El
+.Sh ENVIRONMENT
+.Bl -tag -width Ds -compact
+.Pp
+.It Pa SSH_USE_STRONG_RNG
+The reseeding of the OpenSSL random generator is usually done from
+.Cm getrandom(1)
+without any specific flags.
+If the
+.Cm SSH_USE_STRONG_RNG
+environment variable is set to value other than
+.Cm 0
+the OpenSSL random generator is reseeded from
+.Cm getrandom(1)
+with GRND_RANDOM flag specified.
+The number of bytes read is defined by the SSH_USE_STRONG_RNG value.
+Minimum is 14 bytes.
+This setting is not recommended on the computers without the hardware
+random generator because insufficient entropy causes the connection to
+be blocked until enough entropy is available.
+.El
+ .Sh SEE ALSO
+ .Xr ssh 1 ,
+ .Xr ssh-add 1 ,
+diff --git a/ssh-keygen.1 b/ssh-keygen.1
+index 12e00d4..1b51a4a 100644
+--- a/ssh-keygen.1
+++ b/ssh-keygen.1
+@@ -832,6 +832,26 @@ Contains Diffie-Hellman groups used for DH-GEX.
+ The file format is described in
+ .Xr moduli 5 .
+ .El
+.Sh ENVIRONMENT
+.Bl -tag -width Ds -compact
+.Pp
+.It Pa SSH_USE_STRONG_RNG
+The reseeding of the OpenSSL random generator is usually done from
+.Cm getrandom(1)
+without any specific flags.
+If the
+.Cm SSH_USE_STRONG_RNG
+environment variable is set to value other than
+.Cm 0
+the OpenSSL random generator is reseeded from
+.Cm getrandom(1)
+with GRND_RANDOM flag specified.
+The number of bytes read is defined by the SSH_USE_STRONG_RNG value.
+Minimum is 14 bytes.
+This setting is not recommended on the computers without the hardware
+random generator because insufficient entropy causes the connection to
+be blocked until enough entropy is available.
+.El
+ .Sh SEE ALSO
+ .Xr ssh 1 ,
+ .Xr ssh-add 1 ,
+diff --git a/ssh-keysign.8 b/ssh-keysign.8
+index 69d0829..02d79f8 100644
+--- a/ssh-keysign.8
+++ b/ssh-keysign.8
+@@ -80,6 +80,26 @@ must be set-uid root if host-based authentication is used.
+ If these files exist they are assumed to contain public certificate
+ information corresponding with the private keys above.
+ .El
+.Sh ENVIRONMENT
+.Bl -tag -width Ds -compact
+.Pp
+.It Pa SSH_USE_STRONG_RNG
+The reseeding of the OpenSSL random generator is usually done from
+.Cm getrandom(1)
+without any specific flags.
+If the
+.Cm SSH_USE_STRONG_RNG
+environment variable is set to value other than
+.Cm 0
+the OpenSSL random generator is reseeded from
+.Cm getrandom(1)
+with GRND_RANDOM flag specified.
+The number of bytes read is defined by the SSH_USE_STRONG_RNG value.
+Minimum is 14 bytes.
+This setting is not recommended on the computers without the hardware
+random generator because insufficient entropy causes the connection to
+be blocked until enough entropy is available.
+.El
+ .Sh SEE ALSO
+ .Xr ssh 1 ,
+ .Xr ssh-keygen 1 ,
+diff --git a/ssh.1 b/ssh.1
+index 929904b..f65e42f 100644
+--- a/ssh.1
+++ b/ssh.1
+@@ -1309,6 +1309,25 @@ For more information, see the
+ .Cm PermitUserEnvironment
+ option in
+ .Xr sshd_config 5 .
+.Bl -tag -width "SSH_ORIGINAL_COMMAND"
+.Pp
+.It Ev SSH_USE_STRONG_RNG
+The reseeding of the OpenSSL random generator is usually done from
+.Cm getrandom(1)
+without any specific flags.
+If the
+.Cm SSH_USE_STRONG_RNG
+environment variable is set to value other than
+.Cm 0
+the OpenSSL random generator is reseeded from
+.Cm getrandom(1)
+with GRND_RANDOM flag specified.
+The number of bytes read is defined by the SSH_USE_STRONG_RNG value.
+Minimum is 14 bytes.
+This setting is not recommended on the computers without the hardware
+random generator because insufficient entropy causes the connection to
+be blocked until enough entropy is available.
+.El
+ .Sh FILES
+ .Bl -tag -width Ds -compact
+ .It Pa ~/.rhosts
+diff --git a/sshd.8 b/sshd.8
+index c2c237f..058d37a 100644
+--- a/sshd.8
+++ b/sshd.8
+@@ -951,6 +951,26 @@ concurrently for different ports, this contains the process ID of the one
+ started last).
+ The content of this file is not sensitive; it can be world-readable.
+ .El
+.Sh ENVIRONMENT
+.Bl -tag -width Ds -compact
+.Pp
+.It Ev SSH_USE_STRONG_RNG
+The reseeding of the OpenSSL random generator is usually done from
+.Cm getrandom(1)
+without any specific flags.
+If the
+.Cm SSH_USE_STRONG_RNG
+environment variable is set to value other than
+.Cm 0
+the OpenSSL random generator is reseeded from
+.Cm getrandom(1)
+with GRND_RANDOM flag specified.
+The number of bytes read is defined by the SSH_USE_STRONG_RNG value.
+Minimum is 14 bytes.
+This setting is not recommended on the computers without the hardware
+random generator because insufficient entropy causes the connection to
+be blocked until enough entropy is available.
+.El
+ .Sh IPV6
+ IPv6 address can be used everywhere where IPv4 address. In all entries must be the IPv6 address enclosed in square brackets. Note: The square brackets are metacharacters for the shell and must be escaped in shell.
+ .Sh SEE ALSO
+
--- a/SOURCES/openssh-8.0p1-gssapi-keyex.patch
+++ b/SOURCES/openssh-8.0p1-gssapi-keyex.patch
@ -3265,7 +3265,7 @@ index 36180d07..70dd3665 100644
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
-@@ -61,10 +61,30 @@
+@@ -61,10 +61,34 @@
 
 #define SSH_GSS_OIDTYPE 0x06
 
@ -3285,8 +3285,12 @@ index 36180d07..70dd3665 100644
 +#define KEX_GSS_C25519_SHA256_ID			"gss-curve25519-sha256-"
 +
 +#define        GSS_KEX_DEFAULT_KEX \
-+	KEX_GSS_GEX_SHA1_ID "," \
-+	KEX_GSS_GRP14_SHA1_ID
+	KEX_GSS_GRP14_SHA256_ID "," \
+	KEX_GSS_GRP16_SHA512_ID	"," \
+	KEX_GSS_NISTP256_SHA256_ID "," \
+	KEX_GSS_C25519_SHA256_ID "," \
+	KEX_GSS_GRP14_SHA1_ID "," \
+	KEX_GSS_GEX_SHA1_ID
 +
 typedef struct {
 	char *filename;
@ -3492,18 +3496,18 @@ index 41262963..c3c8b274 100644
 +The list of key exchange algorithms that are offered for GSSAPI
 +key exchange. Possible values are
 +.Bd -literal -offset 3n
-+gss-gex-sha1-,
-+gss-group1-sha1-,
-+gss-group14-sha1-,
-+gss-group14-sha256-,
-+gss-group16-sha512-,
-+gss-nistp256-sha256-,
+gss-gex-sha1-
+gss-group1-sha1-
+gss-group14-sha1-
+gss-group14-sha256-
+gss-group16-sha512-
+gss-nistp256-sha256-
 +gss-curve25519-sha256-
 +.Ed
 +.Pp
 +The default is
-+.Dq gss-gex-sha1-,gss-group14-sha1- .
-+This option only applies to protocol version 2 connections using GSSAPI.
+.Dq gss-group14-sha256-,gss-group16-sha512-,gss-nistp256-sha256-,gss-curve25519-sha256-,gss-group14-sha1-,gss-gex-sha1- .
+This option only applies to connections using GSSAPI.
 .It Cm HashKnownHosts
 Indicates that
 .Xr ssh 1
@ -3532,7 +3536,7 @@ index dffee90b..0d0a6cb8 100644
 	xxx_host = host;
 	xxx_hostaddr = hostaddr;
 
-@@ -193,6 +196,35 @@ ssh_kex2(struct ssh *ssh, char *host, struct sockaddr *hostaddr, u_short port)
+@@ -193,6 +196,41 @@ ssh_kex2(struct ssh *ssh, char *host, struct sockaddr *hostaddr, u_short port)
 		    order_hostkeyalgs(host, hostaddr, port));
 	}
 
@ -3542,12 +3546,18 @@ index dffee90b..0d0a6cb8 100644
 +		 * client to the key exchange algorithm proposal */
 +		orig = myproposal[PROPOSAL_KEX_ALGS];
 +
-+		if (options.gss_server_identity)
+		if (options.gss_server_identity) {
 +			gss_host = xstrdup(options.gss_server_identity);
-+		else if (options.gss_trust_dns)
+		} else if (options.gss_trust_dns) {
 +			gss_host = remote_hostname(ssh);
-+		else
+			/* Fall back to specified host if we are using proxy command
+			 * and can not use DNS on that socket */
+			if (strcmp(gss_host, "UNKNOWN") == 0) {
+				gss_host = xstrdup(host);
+			}
+		} else {
 +			gss_host = xstrdup(host);
+		}
 +
 +		gss = ssh_gssapi_client_mechanisms(gss_host,
 +		    options.gss_client_identity, options.gss_kex_algorithms);
@ -3636,18 +3646,24 @@ index dffee90b..0d0a6cb8 100644
 	{"gssapi-with-mic",
 		userauth_gssapi,
 		userauth_gssapi_cleanup,
-@@ -698,12 +766,23 @@ userauth_gssapi(struct ssh *ssh)
+@@ -698,12 +766,29 @@ userauth_gssapi(struct ssh *ssh)
 	OM_uint32 min;
 	int r, ok = 0;
 	gss_OID mech = NULL;
-+	char *gss_host;
+	char *gss_host = NULL;
 +
-+	if (options.gss_server_identity)
+	if (options.gss_server_identity) {
 +		gss_host = xstrdup(options.gss_server_identity);
-+	else if (options.gss_trust_dns)
+	} else if (options.gss_trust_dns) {
 +		gss_host = remote_hostname(ssh);
-+	else
+		/* Fall back to specified host if we are using proxy command
+		 * and can not use DNS on that socket */
+		if (strcmp(gss_host, "UNKNOWN") == 0) {
+			gss_host = xstrdup(authctxt->host);
+		}
+	} else {
 +		gss_host = xstrdup(authctxt->host);
+	}
 
 	/* Try one GSSAPI method at a time, rather than sending them all at
 	 * once. */
@ -3874,18 +3890,18 @@ index b224f292..2baa6622 100644
 +The list of key exchange algorithms that are accepted by GSSAPI
 +key exchange. Possible values are
 +.Bd -literal -offset 3n
-+gss-gex-sha1-,
-+gss-group1-sha1-,
-+gss-group14-sha1-,
-+gss-group14-sha256-,
-+gss-group16-sha512-,
-+gss-nistp256-sha256-,
+gss-gex-sha1-
+gss-group1-sha1-
+gss-group14-sha1-
+gss-group14-sha256-
+gss-group16-sha512-
+gss-nistp256-sha256-
 +gss-curve25519-sha256-
 +.Ed
 +.Pp
 +The default is
-+.Dq gss-gex-sha1-,gss-group14-sha1- .
-+This option only applies to protocol version 2 connections using GSSAPI.
+.Dq gss-group14-sha256-,gss-group16-sha512-,gss-nistp256-sha256-,gss-curve25519-sha256-,gss-group14-sha1-,gss-gex-sha1- .
+This option only applies to connections using GSSAPI.
 .It Cm HostbasedAcceptedKeyTypes
 Specifies the key types that will be accepted for hostbased authentication
 as a list of comma-separated patterns.
--- a/SOURCES/openssh-8.0p1-keygen-sha2.patch
+++ b/SOURCES/openssh-8.0p1-keygen-sha2.patch
@ -0,0 +1,107 @@
+From 4a41d245d6b13bd3882c8dc058dbd2e2b39a9f67 Mon Sep 17 00:00:00 2001
+From: "djm@openbsd.org" <djm@openbsd.org>
+Date: Fri, 24 Jan 2020 00:27:04 +0000
+Subject: [PATCH] upstream: when signing a certificate with an RSA key, default
+ to
+
+a safe signature algorithm (rsa-sha-512) if not is explicitly specified by
+the user; ok markus@
+
+OpenBSD-Commit-ID: e05f638f0be6c0266e1d3d799716b461011e83a9
+---
+ ssh-keygen.c | 14 +++++++++-----
+ 1 file changed, 9 insertions(+), 5 deletions(-)
+
+diff --git a/ssh-keygen.c b/ssh-keygen.c
+index 564c3c481..f2192edb9 100644
+--- a/ssh-keygen.c
+++ b/ssh-keygen.c
+@@ -1788,10 +1788,14 @@ do_ca_sign(struct passwd *pw, const char *ca_key_path, int prefer_agent,
+ 	}
+ 	free(tmp);
+ 
+-	if (key_type_name != NULL &&
+-	    sshkey_type_from_name(key_type_name) != ca->type)  {
+-		fatal("CA key type %s doesn't match specified %s",
+-		    sshkey_ssh_name(ca), key_type_name);
+	if (key_type_name != NULL) {
+		if (sshkey_type_from_name(key_type_name) != ca->type) {
+			fatal("CA key type %s doesn't match specified %s",
+			    sshkey_ssh_name(ca), key_type_name);
+		}
+	} else if (ca->type == KEY_RSA) {
+		/* Default to a good signature algorithm */
+		key_type_name = "rsa-sha2-512";
+ 	}
+ 
+ 	for (i = 0; i < argc; i++) {
+
+From 476e3551b2952ef73acc43d995e832539bf9bc4d Mon Sep 17 00:00:00 2001
+From: "djm@openbsd.org" <djm@openbsd.org>
+Date: Mon, 20 May 2019 00:20:35 +0000
+Subject: [PATCH] upstream: When signing certificates with an RSA key, default
+ to
+
+using the rsa-sha2-512 signature algorithm. Certificates signed by RSA keys
+will therefore be incompatible with OpenSSH < 7.2 unless the default is
+overridden.
+
+Document the ability of the ssh-keygen -t flag to override the
+signature algorithm when signing certificates, and the new default.
+
+ok deraadt@
+
+OpenBSD-Commit-ID: 400c9c15013978204c2cb80f294b03ae4cfc8b95
+---
+ ssh-keygen.1 | 13 +++++++++++--
+ sshkey.c     |  9 ++++++++-
+ 2 files changed, 19 insertions(+), 3 deletions(-)
+
+diff --git a/ssh-keygen.1 b/ssh-keygen.1
+index f29774249..673bf6e2f 100644
+--- a/ssh-keygen.1
+++ b/ssh-keygen.1
+@@ -35,7 +35,7 @@
+ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+ .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ .\"
+-.Dd $Mdocdate: March 5 2019 $
+.Dd $Mdocdate: May 20 2019 $
+ .Dt SSH-KEYGEN 1
+ .Os
+ .Sh NAME
+@@ -577,6 +577,15 @@ The possible values are
+ .Dq ed25519 ,
+ or
+ .Dq rsa .
+.Pp
+This flag may also be used to specify the desired signature type when
+signing certificates using a RSA CA key.
+The available RSA signature variants are
+.Dq ssh-rsa
+(SHA1 signatures, not recommended),
+.Dq rsa-sha2-256
+.Dq rsa-sha2-512
+(the default).
+ .It Fl U
+ When used in combination with
+ .Fl s ,
+diff --git a/sshkey.c b/sshkey.c
+index 9849cb237..379a579cf 100644
+--- a/sshkey.c
+++ b/sshkey.c
+@@ -2528,6 +2528,13 @@ sshkey_certify_custom(struct sshkey *k, struct sshkey *ca, const char *alg,
+ 	    strcmp(alg, k->cert->signature_type) != 0)
+ 		return SSH_ERR_INVALID_ARGUMENT;
+ 
+	/*
+	 * If no signing algorithm or signature_type was specified and we're
+	 * using a RSA key, then default to a good signature algorithm.
+	 */
+	if (alg == NULL && ca->type == KEY_RSA)
+		alg = "rsa-sha2-512";
+
+ 	if ((ret = sshkey_to_blob(ca, &ca_blob, &ca_len)) != 0)
+ 		return SSH_ERR_KEY_CERT_INVALID_SIGN_KEY;
+ 
+
--- a/SOURCES/openssh-8.0p1-keyscan-rsa-sha2.patch
+++ b/SOURCES/openssh-8.0p1-keyscan-rsa-sha2.patch
@ -0,0 +1,33 @@
+From 7250879c72d28275a53f2f220e49646c3e42ef18 Mon Sep 17 00:00:00 2001
+From: "djm@openbsd.org" <djm@openbsd.org>
+Date: Fri, 12 Jul 2019 04:08:39 +0000
+Subject: [PATCH] upstream: include SHA2-variant RSA key algorithms in KEX
+ proposal;
+
+allows ssh-keyscan to harvest keys from servers that disable olde SHA1
+ssh-rsa. bz#3029 from Jakub Jelen
+
+OpenBSD-Commit-ID: 9f95ebf76a150c2f727ca4780fb2599d50bbab7a
+---
+ ssh-keyscan.c | 9 +++++++--
+ 1 file changed, 7 insertions(+), 2 deletions(-)
+
+diff --git a/ssh-keyscan.c b/ssh-keyscan.c
+index d95ba1b37..d383b57b9 100644
+--- a/ssh-keyscan.c
+++ b/ssh-keyscan.c
+@@ -233,7 +233,12 @@ keygrab_ssh2(con *c)
+ 		break;
+ 	case KT_RSA:
+ 		myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = get_cert ?
+-		    "ssh-rsa-cert-v01@openssh.com" : "ssh-rsa";
+		    "rsa-sha2-512-cert-v01@openssh.com,"
+		    "rsa-sha2-256-cert-v01@openssh.com,"
+		    "ssh-rsa-cert-v01@openssh.com" :
+		    "rsa-sha2-512,"
+		    "rsa-sha2-256,"
+		    "ssh-rsa";
+ 		break;
+ 	case KT_ED25519:
+ 		myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = get_cert ?
+
--- a/SOURCES/openssh-8.0p1-pkcs11-uri.patch
+++ b/SOURCES/openssh-8.0p1-pkcs11-uri.patch
@ -2583,7 +2583,8 @@ index 70f06bff..59332945 100644
 	}
 -	if (p->nslots == 0) {
 +	if (m->nslots == 0) {
- 		error("%s: provider %s returned no slots", __func__,
+-		error("%s: provider %s returned no slots", __func__,
+		debug("%s: provider %s returned no slots", __func__,
 -		    provider_id);
 +		    provider_module);
 		ret = -SSH_PKCS11_ERR_NO_SLOTS;
--- a/SOURCES/openssh-8.0p1-proxyjump-loops.patch
+++ b/SOURCES/openssh-8.0p1-proxyjump-loops.patch
@ -0,0 +1,33 @@
+From de1f3564cd85915b3002859873a37cb8d31ac9ce Mon Sep 17 00:00:00 2001
+From: "dtucker@openbsd.org" <dtucker@openbsd.org>
+Date: Tue, 18 Feb 2020 08:49:49 +0000
+Subject: [PATCH] upstream: Detect and prevent simple configuration loops when
+ using
+
+ProxyJump. bz#3057, ok djm@
+
+OpenBSD-Commit-ID: 077d21c564c886c98309d871ed6f8ef267b9f037
+---
+ ssh.c | 10 +++++++++-
+ 1 file changed, 9 insertions(+), 1 deletion(-)
+
+diff --git a/ssh.c b/ssh.c
+index 15aee569e..a983a108b 100644
+--- a/ssh.c
+++ b/ssh.c
+@@ -1208,6 +1208,14 @@ main(int ac, char **av)
+ 	if (options.jump_host != NULL) {
+ 		char port_s[8];
+ 		const char *sshbin = argv0;
+		int port = options.port, jumpport = options.jump_port;
+
+		if (port <= 0)
+			port = default_ssh_port();
+		if (jumpport <= 0)
+			jumpport = default_ssh_port();
+		if (strcmp(options.jump_host, host) == 0 && port == jumpport)
+			fatal("jumphost loop via %s", options.jump_host);
+ 
+ 		/*
+ 		 * Try to use SSH indicated by argv[0], but fall back to
+
--- a/SOURCES/openssh-8.0p1-rdomain.patch
+++ b/SOURCES/openssh-8.0p1-rdomain.patch
@ -0,0 +1,44 @@
+commit 5481d0b4036b33b92c372ee36258ed11bff57d5d
+Author: Jakub Jelen <jjelen@redhat.com>
+Date:   Thu Feb 27 10:07:33 2020 +0100
+
+    Mark the RDomain configuration option unsupported on non-openbsd builds
+
+diff --git a/servconf.c b/servconf.c
+index db80e943..153d2525 100644
+--- a/servconf.c
+++ b/servconf.c
+@@ -698,7 +698,11 @@ static struct {
+ 	{ "fingerprinthash", sFingerprintHash, SSHCFG_GLOBAL },
+ 	{ "disableforwarding", sDisableForwarding, SSHCFG_ALL },
+ 	{ "exposeauthinfo", sExposeAuthInfo, SSHCFG_ALL },
+#if defined(__OpenBSD__)
+ 	{ "rdomain", sRDomain, SSHCFG_ALL },
+#else
+	{ "rdomain", sUnsupported, SSHCFG_ALL },
+#endif
+ 	{ "casignaturealgorithms", sCASignatureAlgorithms, SSHCFG_ALL },
+ 	{ NULL, sBadOption, 0 }
+ };
+@@ -2841,7 +2845,9 @@ dump_config(ServerOptions *o)
+ 	    o->hostkeyalgorithms : KEX_DEFAULT_PK_ALG);
+ 	dump_cfg_string(sPubkeyAcceptedKeyTypes, o->pubkey_key_types ?
+ 	    o->pubkey_key_types : KEX_DEFAULT_PK_ALG);
+#if defined(__OpenBSD__)
+ 	dump_cfg_string(sRDomain, o->routing_domain);
+#endif
+ 
+ 	/* string arguments requiring a lookup */
+ 	dump_cfg_string(sLogLevel, log_level_name(o->log_level));
+diff --git a/sshd_config.5 b/sshd_config.5
+index 5dca8981..766e9b90 100644
+--- a/sshd_config.5
+++ b/sshd_config.5
+@@ -1542,6 +1542,7 @@ will be bound to this
+ If the routing domain is set to
+ .Cm \&%D ,
+ then the domain in which the incoming connection was received will be applied.
+This feature is available on OpenBSD only.
+ .It Cm SetEnv
+ Specifies one or more environment variables to set in child sessions started
+ by
--- a/SOURCES/openssh-8.0p1-x11-without-ipv6.patch
+++ b/SOURCES/openssh-8.0p1-x11-without-ipv6.patch
@ -0,0 +1,30 @@
+diff --git a/channels.c b/channels.c
+--- a/channels.c
+++ b/channels.c
+@@ -3933,16 +3933,26 @@ x11_create_display_inet(int x11_display_
+ 			if (ai->ai_family == AF_INET6)
+ 				sock_set_v6only(sock);
+ 			if (x11_use_localhost)
+ 				set_reuseaddr(sock);
+ 			if (bind(sock, ai->ai_addr, ai->ai_addrlen) < 0) {
+ 				debug2("%s: bind port %d: %.100s", __func__,
+ 				    port, strerror(errno));
+ 				close(sock);
+
+				/* do not remove successfully opened
+				 * sockets if the request failed because
+				 * the protocol IPv4/6 is not available
+				 * (e.g. IPv6 may be disabled while being
+				 * supported)
+				 */
+				if (EADDRNOTAVAIL == errno)
+    					continue;
+
+ 				for (n = 0; n < num_socks; n++)
+ 					close(socks[n]);
+ 				num_socks = 0;
+ 				break;
+ 			}
+ 			socks[num_socks++] = sock;
+ 			if (num_socks == NUM_SOCKS)
+ 				break;
--- a/SOURCES/sshd.sysconfig
+++ b/SOURCES/sshd.sysconfig
@ -6,6 +6,12 @@
 # of DSA key or  systemctl mask sshd-keygen@rsa.service  to disable RSA key
 # creation.

+# Do not change this option unless you have hardware random
+# generator and you REALLY know what you are doing
+
+SSH_USE_STRONG_RNG=0
+# SSH_USE_STRONG_RNG=1
+
 # System-wide crypto policy:
 # To opt-out, uncomment the following line
 # CRYPTO_POLICY=
--- a/SPECS/openssh.spec
+++ b/SPECS/openssh.spec
@ -66,7 +66,7 @@

 # Do not forget to bump pam_ssh_agent_auth release if you rewind the main package release to 1
 %global openssh_ver 8.0p1
-%global openssh_rel 3
+%global openssh_rel 5
 %global pam_ssh_agent_ver 0.10.3
 %global pam_ssh_agent_rel 7

@ -216,6 +216,20 @@ Patch963: openssh-8.0p1-openssl-evp.patch
 Patch964: openssh-8.0p1-openssl-kdf.patch
 # Use new OpenSSL for PEM export to avoid MD5 dependency (#1712436)
 Patch965: openssh-8.0p1-openssl-pem.patch
+# Seed from dev/random if requested (#1785655)
+Patch966: openssh-8.0p1-entropy.patch
+# Unbreak ssh-keyscan RSA keys without SHA1 (#1744108)
+Patch967: openssh-8.0p1-keyscan-rsa-sha2.patch
+# Detect proxyJump loops in configuration files (#1804099)
+Patch968: openssh-8.0p1-proxyjump-loops.patch
+# ssh-keygen should default to SHA2-based signature algorithm (#1790610)
+Patch969: openssh-8.0p1-keygen-sha2.patch
+# RDomain is not suported on non-OpenBSD (#1807686)
+# https://bugzilla.mindrot.org/show_bug.cgi?id=3126
+Patch970: openssh-8.0p1-rdomain.patch
+# Do not fail X11 forwarding if IPv6 is disabled (#1662189)
+# https://bugzilla.mindrot.org/show_bug.cgi?id=2143
+Patch971: openssh-8.0p1-x11-without-ipv6.patch

 License: BSD
 Group: Applications/Internet
@ -239,7 +253,6 @@ BuildRequires: autoconf, automake, perl-interpreter, perl-generators, zlib-devel
 BuildRequires: audit-libs-devel >= 2.0.5
 BuildRequires: util-linux, groff
 BuildRequires: pam-devel
-BuildRequires: fipscheck-devel >= 1.3.0
 BuildRequires: openssl-devel >= 0.9.8j
 BuildRequires: perl-podlators
 BuildRequires: systemd-devel
@ -270,7 +283,6 @@ BuildRequires: gnupg2
 Summary: An open source SSH client applications
 Group: Applications/Internet
 Requires: openssh = %{version}-%{release}
-Requires: fipscheck-lib%{_isa} >= 1.3.0
 Requires: crypto-policies >= 20180306-1

 %package server
@ -279,7 +291,6 @@ Group: System Environment/Daemons
 Requires: openssh = %{version}-%{release}
 Requires(pre): /usr/sbin/useradd
 Requires: pam >= 1.0.1-3
-Requires: fipscheck-lib%{_isa} >= 1.3.0
 Requires: crypto-policies >= 20180306-1
 %{?systemd_requires}

@ -431,6 +442,12 @@ popd
 %patch963 -p1 -b .openssl-evp
 %patch964 -p1 -b .openssl-kdf
 %patch965 -p1 -b .openssl-pem
+%patch966 -p1 -b .entropy
+%patch967 -p1 -b .keyscan
+%patch968 -p1 -b .proxyjump-loops
+%patch969 -p1 -b .keygen-sha2
+%patch970 -p1 -b .rdomain
+%patch971 -p1 -b .x11-ipv6

 %patch200 -p1 -b .audit
 %patch201 -p1 -b .audit-race
@ -556,14 +573,6 @@ make
 popd
 %endif

-# Add generation of HMAC checksums of the final stripped binaries
-%global __spec_install_post \
-    %%{?__debug_package:%%{__debug_install_post}} \
-    %%{__arch_install_post} \
-    %%{__os_install_post} \
-    fipshmac -d $RPM_BUILD_ROOT%{_libdir}/fipscheck $RPM_BUILD_ROOT%{_bindir}/ssh $RPM_BUILD_ROOT%{_sbindir}/sshd \
-%{nil}
-
 %check
 #to run tests use "--with check"
 %if %{?_with_check:1}%{!?_with_check:0}
@ -582,7 +591,6 @@ rm -f $RPM_BUILD_ROOT%{_sysconfdir}/ssh/ldap.conf
 install -d $RPM_BUILD_ROOT/etc/pam.d/
 install -d $RPM_BUILD_ROOT/etc/sysconfig/
 install -d $RPM_BUILD_ROOT%{_libexecdir}/openssh
-install -d $RPM_BUILD_ROOT%{_libdir}/fipscheck
 install -m644 %{SOURCE2} $RPM_BUILD_ROOT/etc/pam.d/sshd
 install -m644 %{SOURCE6} $RPM_BUILD_ROOT/etc/pam.d/ssh-keycat
 install -m644 %{SOURCE7} $RPM_BUILD_ROOT/etc/sysconfig/sshd
@ -653,7 +661,6 @@ getent passwd sshd >/dev/null || \

 %files clients
 %attr(0755,root,root) %{_bindir}/ssh
-%attr(0644,root,root) %{_libdir}/fipscheck/ssh.hmac
 %attr(0644,root,root) %{_mandir}/man1/ssh.1*
 %attr(0755,root,root) %{_bindir}/scp
 %attr(0644,root,root) %{_mandir}/man1/scp.1*
@ -680,7 +687,6 @@ getent passwd sshd >/dev/null || \
 %files server
 %dir %attr(0711,root,root) %{_var}/empty/sshd
 %attr(0755,root,root) %{_sbindir}/sshd
-%attr(0644,root,root) %{_libdir}/fipscheck/sshd.hmac
 %attr(0755,root,root) %{_libexecdir}/openssh/sftp-server
 %attr(0755,root,root) %{_libexecdir}/openssh/sshd-keygen
 %attr(0644,root,root) %{_mandir}/man5/sshd_config.5*
@ -733,6 +739,24 @@ getent passwd sshd >/dev/null || \
 %endif

 %changelog
+* Tue Mar 24 2020 Jakub Jelen <jjelen@redhat.com> - 8.0p1-5 + 0.10.3-7
+- Do not print "no slots" warning by default (#1744220)
+- Unbreak connecting using gssapi through proxy commands (#1749862)
+- Document in manual pages that CASignatureAlgorithms are handled by crypto policies (#1790604)
+- Use SHA2-based signature algorithms by default for signing certificates (#1790610)
+- Prevent simple ProxyJump loops in configuration files (#1804099)
+- Teach ssh-keyscan to use SHA2 RSA variants (#1744108)
+- Do not fail hard if getrandom() is not available and no SSH_USE_STRONG_RNG is specified (#1812120)
+- Improve wording of crypto policies references in manual pages (#1812854)
+- Do not break X11 forwarding if IPv6 is disabled (#1662189)
+- Enable SHA2-based GSSAPI key exchange algorithms by default (#1816226)
+- Mark RDomain server configuration option unsupported in RHEL (#1807686)
+- Clarify crypto policies defaults in manual pages (#1724195)
+- Mention RSA SHA2 variants in ssh-keygen manual page (#1665900)
+
+* Wed Jan 08 2020 Jakub Jelen <jjelen@redhat.com> - 8.0p1-4 + 0.10.3-7
+- Restore entropy patch for CC certification (#1785655)
+
 * Tue Jul 23 2019 Jakub Jelen <jjelen@redhat.com> - 8.0p1-3 + 0.10.3-7
 - Fix typos in manual pages (#1668325)
 - Use the upstream support for PKCS#8 PEM files alongside with the legacy PEM files (#1712436)