import openssh-8.0p1-5.el8

2020-07-28 08:06:13 -04:00 · 2020-07-28 08:06:13 -04:00 · 75ca0870c6
parent b40f69fe2a
commit 75ca0870c6
17 changed files with 970 additions and 224 deletions
--- a/SOURCES/openssh-6.6p1-ctr-cavstest.patch
+++ b/SOURCES/openssh-6.6p1-ctr-cavstest.patch
@ -20,10 +20,10 @@ diff -up openssh-6.8p1/Makefile.in.ctr-cavs openssh-6.8p1/Makefile.in
 	ssh-xmss.o \
@@ -194,6 +195,9 @@ ssh-ldap-helper$(EXEEXT): $(LIBCOMPAT) l
 ssh-keycat$(EXEEXT): $(LIBCOMPAT) $(SSHDOBJS) libssh.a ssh-keycat.o uidswap.o
- 	$(LD) -o $@ ssh-keycat.o uidswap.o $(LDFLAGS) -lssh -lopenbsd-compat -lfipscheck $(KEYCATLIBS) $(LIBS)
+ 	$(LD) -o $@ ssh-keycat.o uidswap.o $(LDFLAGS) -lssh -lopenbsd-compat $(KEYCATLIBS) $(LIBS)
 +ctr-cavstest$(EXEEXT): $(LIBCOMPAT) libssh.a ctr-cavstest.o
-+	$(LD) -o $@ ctr-cavstest.o $(LDFLAGS) -lssh -lopenbsd-compat -lssh -lfipscheck $(LIBS)
+	$(LD) -o $@ ctr-cavstest.o $(LDFLAGS) -lssh -lopenbsd-compat -lssh $(LIBS)
 +
 ssh-keyscan$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-keyscan.o
 	$(LD) -o $@ ssh-keyscan.o $(LDFLAGS) -lssh -lopenbsd-compat -lssh $(LIBS)
--- a/SOURCES/openssh-6.6p1-keycat.patch
+++ b/SOURCES/openssh-6.6p1-keycat.patch
@ -62,10 +62,10 @@ diff -up openssh/Makefile.in.keycat openssh/Makefile.in
 	ssh-xmss.o \
@@ -190,6 +191,9 @@ ssh-pkcs11-helper$(EXEEXT): $(LIBCOMPAT)
 ssh-ldap-helper$(EXEEXT): $(LIBCOMPAT) libssh.a ldapconf.o ldapbody.o ldapmisc.o ldap-helper.o
- 	$(LD) -o $@ ldapconf.o ldapbody.o ldapmisc.o ldap-helper.o $(LDFLAGS) -lssh -lopenbsd-compat -lssh -lopenbsd-compat -lfipscheck $(LIBS) $(LDAPLIBS)
+ 	$(LD) -o $@ ldapconf.o ldapbody.o ldapmisc.o ldap-helper.o $(LDFLAGS) -lssh -lopenbsd-compat -lssh -lopenbsd-compat $(LIBS) $(LDAPLIBS)
 +ssh-keycat$(EXEEXT): $(LIBCOMPAT) $(SSHDOBJS) libssh.a ssh-keycat.o uidswap.o
-+	$(LD) -o $@ ssh-keycat.o uidswap.o $(LDFLAGS) -lssh -lopenbsd-compat -lfipscheck $(KEYCATLIBS) $(LIBS)
+	$(LD) -o $@ ssh-keycat.o uidswap.o $(LDFLAGS) -lssh -lopenbsd-compat $(KEYCATLIBS) $(LIBS)
 +
 ssh-keyscan$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-keyscan.o
 	$(LD) -o $@ ssh-keyscan.o $(LDFLAGS) -lssh -lopenbsd-compat -lssh $(LIBS)
--- a/SOURCES/openssh-6.7p1-kdf-cavs.patch
+++ b/SOURCES/openssh-6.7p1-kdf-cavs.patch
@ -20,7 +20,7 @@ diff -up openssh-6.8p1/Makefile.in.kdf-cavs openssh-6.8p1/Makefile.in
 	ssh-xmss.o \
@@ -198,6 +199,9 @@ ssh-keycat$(EXEEXT): $(LIBCOMPAT) $(SSHD
 ctr-cavstest$(EXEEXT): $(LIBCOMPAT) libssh.a ctr-cavstest.o
- 	$(LD) -o $@ ctr-cavstest.o $(LDFLAGS) -lssh -lopenbsd-compat -lssh -lfipscheck $(LIBS)
+ 	$(LD) -o $@ ctr-cavstest.o $(LDFLAGS) -lssh -lopenbsd-compat -lssh $(LIBS)
 +ssh-cavs$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-cavs.o
 +	$(LD) -o $@ ssh-cavs.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS)
--- a/SOURCES/openssh-6.7p1-ldap.patch
+++ b/SOURCES/openssh-6.7p1-ldap.patch
@ -171,7 +171,7 @@ diff -up openssh-6.8p1/Makefile.in.ldap openssh-6.8p1/Makefile.in
 	$(LD) -o $@ ssh-pkcs11-helper.o ssh-pkcs11.o $(LDFLAGS) -lssh -lopenbsd-compat -lssh -lopenbsd-compat $(LIBS)
 +ssh-ldap-helper$(EXEEXT): $(LIBCOMPAT) libssh.a ldapconf.o ldapbody.o ldapmisc.o ldap-helper.o
-+	$(LD) -o $@ ldapconf.o ldapbody.o ldapmisc.o ldap-helper.o $(LDFLAGS) -lssh -lopenbsd-compat -lssh -lopenbsd-compat -lfipscheck $(LIBS) $(LDAPLIBS)
+	$(LD) -o $@ ldapconf.o ldapbody.o ldapmisc.o ldap-helper.o $(LDFLAGS) -lssh -lopenbsd-compat -lssh -lopenbsd-compat $(LIBS) $(LDAPLIBS)
 +
 ssh-keyscan$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-keyscan.o
 	$(LD) -o $@ ssh-keyscan.o $(LDFLAGS) -lssh -lopenbsd-compat -lssh $(LIBS)
--- a/SOURCES/openssh-7.7p1-fips.patch
+++ b/SOURCES/openssh-7.7p1-fips.patch
@ -127,50 +127,6 @@ diff -up openssh-7.9p1/kexgexc.c.fips openssh-7.9p1/kexgexc.c
 	p = g = NULL; /* belong to kex->dh now */
 	/* generate and send 'e', client DH public key */
 diff -up openssh-7.9p1/Makefile.in.fips openssh-7.9p1/Makefile.in
 --- openssh-7.9p1/Makefile.in.fips	2019-03-11 17:06:37.615877984 +0100
 +++ openssh-7.9p1/Makefile.in	2019-03-11 17:06:37.621878041 +0100
@@ -179,25 +179,25 @@ libssh.a: $(LIBSSH_OBJS)
 	$(RANLIB) $@
 ssh$(EXEEXT): $(LIBCOMPAT) libssh.a $(SSHOBJS)
 -	$(LD) -o $@ $(SSHOBJS) $(LDFLAGS) -lssh -lopenbsd-compat $(SSHLIBS) $(LIBS) $(GSSLIBS)
 +	$(LD) -o $@ $(SSHOBJS) $(LDFLAGS) -lssh -lopenbsd-compat -lfipscheck $(SSHLIBS) $(LIBS) $(GSSLIBS)
 sshd$(EXEEXT): libssh.a	$(LIBCOMPAT) $(SSHDOBJS)
 -	$(LD) -o $@ $(SSHDOBJS) $(LDFLAGS) -lssh -lopenbsd-compat $(SSHDLIBS) $(LIBS) $(GSSLIBS) $(K5LIBS)
 +	$(LD) -o $@ $(SSHDOBJS) $(LDFLAGS) -lssh -lopenbsd-compat -lfipscheck $(SSHDLIBS) $(LIBS) $(GSSLIBS) $(K5LIBS)
 scp$(EXEEXT): $(LIBCOMPAT) libssh.a scp.o progressmeter.o
 	$(LD) -o $@ scp.o progressmeter.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS)
 ssh-add$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-add.o
 -	$(LD) -o $@ ssh-add.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS)
 +	$(LD) -o $@ ssh-add.o $(LDFLAGS) -lssh -lopenbsd-compat -lfipscheck $(LIBS)
 ssh-agent$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-agent.o ssh-pkcs11-client.o
 -	$(LD) -o $@ ssh-agent.o ssh-pkcs11-client.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS)
 +	$(LD) -o $@ ssh-agent.o ssh-pkcs11-client.o $(LDFLAGS) -lssh -lopenbsd-compat -lfipscheck $(LIBS)
 ssh-keygen$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-keygen.o
 -	$(LD) -o $@ ssh-keygen.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS)
 +	$(LD) -o $@ ssh-keygen.o $(LDFLAGS) -lssh -lopenbsd-compat -lfipscheck $(LIBS)
 ssh-keysign$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-keysign.o readconf.o uidswap.o compat.o
 -	$(LD) -o $@ ssh-keysign.o readconf.o uidswap.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS)
 +	$(LD) -o $@ ssh-keysign.o readconf.o uidswap.o $(LDFLAGS) -lssh -lopenbsd-compat -lfipscheck $(LIBS)
 ssh-pkcs11-helper$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-pkcs11-helper.o ssh-pkcs11.o
 	$(LD) -o $@ ssh-pkcs11-helper.o ssh-pkcs11.o $(LDFLAGS) -lssh -lopenbsd-compat -lssh -lopenbsd-compat $(LIBS)
@@ -215,7 +215,7 @@ ssh-cavs$(EXEEXT): $(LIBCOMPAT) libssh.a
 	$(LD) -o $@ ssh-cavs.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS)
 ssh-keyscan$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-keyscan.o
 -	$(LD) -o $@ ssh-keyscan.o $(LDFLAGS) -lssh -lopenbsd-compat -lssh $(LIBS)
 +	$(LD) -o $@ ssh-keyscan.o $(LDFLAGS) -lssh -lopenbsd-compat -lssh -lfipscheck $(LIBS)
 sftp-server$(EXEEXT): $(LIBCOMPAT) libssh.a sftp.o sftp-common.o sftp-server.o sftp-server-main.o
 	$(LD) -o $@ sftp-server.o sftp-common.o sftp-server-main.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS)
 diff -up openssh-7.9p1/myproposal.h.fips openssh-7.9p1/myproposal.h
 --- openssh-7.9p1/myproposal.h.fips	2018-10-17 02:01:20.000000000 +0200
 +++ openssh-7.9p1/myproposal.h	2019-03-11 17:06:37.621878041 +0100
@ -309,43 +265,25 @@ diff -up openssh-7.9p1/servconf.c.fips openssh-7.9p1/servconf.c
 diff -up openssh-7.9p1/ssh.c.fips openssh-7.9p1/ssh.c
 --- openssh-7.9p1/ssh.c.fips	2019-03-11 17:06:37.602877862 +0100
 +++ openssh-7.9p1/ssh.c	2019-03-11 17:06:37.623878060 +0100
-@@ -76,6 +76,8 @@
+@@ -76,6 +76,7 @@
 #include <openssl/evp.h>
 #include <openssl/err.h>
 #endif
 +#include <openssl/crypto.h>
 +#include <fipscheck.h>
 #include "openbsd-compat/openssl-compat.h"
 #include "openbsd-compat/sys-queue.h"
@@ -600,6 +602,16 @@ main(int ac, char **av)
 	sanitise_stdfd();
 	__progname = ssh_get_progname(av[0]);
 +#if OPENSSL_VERSION_NUMBER < 0x10100000L
 +	SSLeay_add_all_algorithms();
 +#endif
 +	if (access("/etc/system-fips", F_OK) == 0)
 +		if (! FIPSCHECK_verify(NULL, NULL)){
 +			if (FIPS_mode())
 +				fatal("FIPS integrity verification test failed.");
 +			else
 +				logit("FIPS integrity verification test failed.");
 +	}
 #ifndef HAVE_SETPROCTITLE
 	/* Prepare for later setproctitle emulation */
@@ -1283,6 +1294,10 @@ main(int ac, char **av)
- 
+ 		dump_client_config(&options, host);
- 	seed_rng();
+ 		exit(0);
- 
+ 	}
 +	if (FIPS_mode()) {
 +		logit("FIPS mode initialized");
 +	}
 +
- 	/*
+	if (FIPS_mode()) {
- 	 * Discard other fds that are hanging around. These can cause problem
+		debug("FIPS mode initialized");
- 	 * with backgrounded ssh processes started by ControlPersist.
+	}
 	if (muxclient_command != 0 && options.control_path == NULL)
 		fatal("No ControlPath specified for \"-O\" command");
 diff -up openssh-7.9p1/sshconnect2.c.fips openssh-7.9p1/sshconnect2.c
 --- openssh-7.9p1/sshconnect2.c.fips	2019-03-11 17:06:37.580877655 +0100
 +++ openssh-7.9p1/sshconnect2.c	2019-03-11 17:06:37.623878060 +0100
@ -387,7 +325,7 @@ diff -up openssh-7.9p1/sshconnect2.c.fips openssh-7.9p1/sshconnect2.c
 		/* Prefer algorithms that we already have keys for */
 		myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] =
 		    compat_pkalg_proposal(
-@@ -201,29 +201,34 @@ ssh_kex2(char *host, struct sockaddr *ho
+@@ -201,35 +201,40 @@ ssh_kex2(char *host, struct sockaddr *ho
 #if defined(GSSAPI) && defined(WITH_OPENSSL)
 	if (options.gss_keyex) {
@ -395,12 +333,18 @@ diff -up openssh-7.9p1/sshconnect2.c.fips openssh-7.9p1/sshconnect2.c
 -		 * client to the key exchange algorithm proposal */
 -		orig = myproposal[PROPOSAL_KEX_ALGS];
 -
-		if (options.gss_server_identity)
+-		if (options.gss_server_identity) {
 -			gss_host = xstrdup(options.gss_server_identity);
-		else if (options.gss_trust_dns)
+-		} else if (options.gss_trust_dns) {
 -			gss_host = remote_hostname(ssh);
-		else
+-			/* Fall back to specified host if we are using proxy command
 -			 * and can not use DNS on that socket */
 -			if (strcmp(gss_host, "UNKNOWN") == 0) {
 -				gss_host = xstrdup(host);
 -			}
 -		} else {
 -			gss_host = xstrdup(host);
 -		}
 -
 -		gss = ssh_gssapi_client_mechanisms(gss_host,
 -		    options.gss_client_identity, options.gss_kex_algorithms);
@ -422,12 +366,18 @@ diff -up openssh-7.9p1/sshconnect2.c.fips openssh-7.9p1/sshconnect2.c
 +			 * client to the key exchange algorithm proposal */
 +			orig = myproposal[PROPOSAL_KEX_ALGS];
 +
-+			if (options.gss_server_identity)
+			if (options.gss_server_identity) {
 +				gss_host = xstrdup(options.gss_server_identity);
-+			else if (options.gss_trust_dns)
+			} else if (options.gss_trust_dns) {
 +				gss_host = remote_hostname(ssh);
-+			else
+				/* Fall back to specified host if we are using proxy command
 +				 * and can not use DNS on that socket */
 +				if (strcmp(gss_host, "UNKNOWN") == 0) {
 +					gss_host = xstrdup(host);
 +				}
 +			} else {
 +				gss_host = xstrdup(host);
 +			}
 +
 +			gss = ssh_gssapi_client_mechanisms(gss_host,
 +			    options.gss_client_identity, options.gss_kex_algorithms);
@ -456,31 +406,19 @@ diff -up openssh-7.9p1/sshd.c.fips openssh-7.9p1/sshd.c
 #include <stdarg.h>
 #include <stdio.h>
 #include <stdlib.h>
-@@ -77,6 +78,8 @@
+@@ -77,6 +78,7 @@
 #include <openssl/dh.h>
 #include <openssl/bn.h>
 #include <openssl/rand.h>
 +#include <openssl/crypto.h>
 +#include <fipscheck.h>
 #include "openbsd-compat/openssl-compat.h"
 #endif
-@@ -1581,6 +1584,18 @@ main(int ac, char **av)
+@@ -1581,6 +1584,7 @@ main(int ac, char **av)
 #endif
 	__progname = ssh_get_progname(av[0]);
 +	OpenSSL_add_all_algorithms();
 +	if (access("/etc/system-fips", F_OK) == 0)
 +		if (! FIPSCHECK_verify(NULL, NULL)) {
 +			openlog(__progname, LOG_PID, LOG_AUTHPRIV);
 +			if (FIPS_mode()) {
 +				syslog(LOG_CRIT, "FIPS integrity verification test failed.");
 +				cleanup_exit(255);
 +			}
 +			else
 +				syslog(LOG_INFO, "FIPS integrity verification test failed.");
 +			closelog();
 +		}
 	/* Save argv. Duplicate so setproctitle emulation doesn't clobber it */
 	saved_argc = ac;
 	rexec_argc = ac;
@ -489,7 +427,7 @@ diff -up openssh-7.9p1/sshd.c.fips openssh-7.9p1/sshd.c
 	log_init(__progname, options.log_level, options.log_facility, log_stderr);
 +	if (FIPS_mode()) {
-+		logit("FIPS mode initialized");
+		debug("FIPS mode initialized");
 +	}
 +
 	/* Chdir to the root directory so that the current disk can be
--- a/SOURCES/openssh-7.7p1-redhat.patch
+++ b/SOURCES/openssh-7.7p1-redhat.patch
@ -1,11 +1,12 @@
 diff -up openssh-7.7p1/ssh_config.redhat openssh-7.7p1/ssh_config
 --- openssh-7.7p1/ssh_config.redhat	2018-04-02 07:38:28.000000000 +0200
 +++ openssh-7.7p1/ssh_config	2018-07-03 10:44:06.522245125 +0200
-@@ -44,3 +44,7 @@
+@@ -44,3 +44,8 @@
 #   VisualHostKey no
 #   ProxyCommand ssh -q -W %h:%p gateway.example.com
 #   RekeyLimit 1G 1h
 +#
 +# This system is following system-wide crypto policy.
 +# To modify the system-wide ssh configuration, create a  *.conf  file under
 +#  /etc/ssh/ssh_config.d/  which will be automatically included below
 +Include /etc/ssh/ssh_config.d/*.conf
@ -66,7 +67,7 @@ diff -up openssh-7.7p1/sshd_config.5.redhat openssh-7.7p1/sshd_config.5
 diff -up openssh-7.7p1/sshd_config.redhat openssh-7.7p1/sshd_config
 --- openssh-7.7p1/sshd_config.redhat	2018-04-02 07:38:28.000000000 +0200
 +++ openssh-7.7p1/sshd_config	2018-07-03 10:45:16.950782466 +0200
-@@ -10,20 +10,34 @@
+@@ -10,20 +10,31 @@
 # possible, but leave them commented.  Uncommented options override the
 # default value.
@ -89,14 +90,11 @@ diff -up openssh-7.7p1/sshd_config.redhat openssh-7.7p1/sshd_config
 # Ciphers and keying
 #RekeyLimit default none
 +# System-wide Crypto policy:
 +# This system is following system-wide crypto policy. The changes to
-+# Ciphers, MACs, KexAlgoritms and GSSAPIKexAlgorithsm will not have any
+# crypto properties (Ciphers, MACs, ...) will not have any effect here.
-+# effect here. They will be overridden by command-line options passed on
+# They will be overridden by command-line options passed to the server
-+# the server start up.
+# on command line.
-+# To opt out, uncomment a line with redefinition of  CRYPTO_POLICY=
+# Please, check manual pages for update-crypto-policies(8) and sshd_config(5).
 +# variable in  /etc/sysconfig/sshd  to overwrite the policy.
 +# For more information, see manual page for update-crypto-policies(8).
 +
 # Logging
 #SyslogFacility AUTH
--- a/SOURCES/openssh-8.0p1-crypto-policies.patch
+++ b/SOURCES/openssh-8.0p1-crypto-policies.patch
@ -1,7 +1,55 @@
 diff -up openssh-8.0p1/ssh_config.5.crypto-policies openssh-8.0p1/ssh_config.5
--- openssh-8.0p1/ssh_config.5.crypto-policies	2019-05-13 14:04:01.999099570 +0200
+--- openssh-8.0p1/ssh_config.5.crypto-policies	2020-03-24 17:32:54.821789205 +0100
-+++ openssh-8.0p1/ssh_config.5	2019-05-13 14:12:36.343923071 +0200
+++ openssh-8.0p1/ssh_config.5	2020-03-24 17:59:58.174122920 +0100
-@@ -445,12 +445,10 @@ aes256-gcm@openssh.com
+@@ -357,17 +357,17 @@ or
 .Qq *.c.example.com
 domains.
 .It Cm CASignatureAlgorithms
 +The default is handled system-wide by
 +.Xr crypto-policies 7 .
 +To see the current defaults and how to modify them, see manual page
 +.Xr update-crypto-policies 8 .
 +.Pp
 Specifies which algorithms are allowed for signing of certificates
 by certificate authorities (CAs).
 -The default is:
 -.Bd -literal -offset indent
 -ecdsa-sha2-nistp256.ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,
 -ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa
 -.Ed
 -.Pp
 .Xr ssh 1
 will not accept host certificates signed using algorithms other than those
 specified.
 +.Pp
 .It Cm CertificateFile
 Specifies a file from which the user's certificate is read.
 A corresponding private key must be provided separately in order
@@ -420,16 +420,21 @@ If the option is set to
 .Cm no ,
 the check will not be executed.
 .It Cm Ciphers
 +The default is handled system-wide by
 +.Xr crypto-policies 7 .
 +To see the current defaults and how to modify them, see manual page
 +.Xr update-crypto-policies 8 .
 +.Pp
 Specifies the ciphers allowed and their order of preference.
 Multiple ciphers must be comma-separated.
 If the specified value begins with a
 .Sq +
 -character, then the specified ciphers will be appended to the default set
 +character, then the specified ciphers will be appended to the built-in default set
 instead of replacing them.
 If the specified value begins with a
 .Sq -
 character, then the specified ciphers (including wildcards) will be removed
 -from the default set instead of replacing them.
 +from the built-in default set instead of replacing them.
 .Pp
 The supported ciphers are:
 .Bd -literal -offset indent
@@ -445,13 +450,6 @@ aes256-gcm@openssh.com
 chacha20-poly1305@openssh.com
 .Ed
 .Pp
@ -11,30 +59,53 @@ diff -up openssh-8.0p1/ssh_config.5.crypto-policies openssh-8.0p1/ssh_config.5
 -aes128-ctr,aes192-ctr,aes256-ctr,
 -aes128-gcm@openssh.com,aes256-gcm@openssh.com
 -.Ed
-+The default is handled system-wide by
+-.Pp
 +.Xr crypto-policies 7 .
 +To see the defaults and how to modify this default, see manual page
 +.Xr update-crypto-policies 8 .
 .Pp
 The list of available ciphers may also be obtained using
 .Qq ssh -Q cipher .
-@@ -812,8 +810,10 @@ gss-nistp256-sha256-,
+ .It Cm ClearAllForwardings
@@ -800,6 +798,11 @@ command line will be passed untouched to
 The default is
 .Dq no .
 .It Cm GSSAPIKexAlgorithms
 +The default is handled system-wide by
 +.Xr crypto-policies 7 .
 +To see the current defaults and how to modify them, see manual page
 +.Xr update-crypto-policies 8 .
 +.Pp
 The list of key exchange algorithms that are offered for GSSAPI
 key exchange. Possible values are
 .Bd -literal -offset 3n
@@ -812,9 +815,8 @@ gss-nistp256-sha256-,
 gss-curve25519-sha256-
 .Ed
 .Pp
 -The default is
-.Dq gss-gex-sha1-,gss-group14-sha1- .
+-.Dq gss-group14-sha256-,gss-group16-sha512-,gss-nistp256-sha256-,gss-curve25519-sha256-,gss-group14-sha1-,gss-gex-sha1- .
-+The default is handled system-wide by
+ This option only applies to connections using GSSAPI.
-+.Xr crypto-policies 7 .
+.Pp
 +To see the defaults and how to modify this default, see manual page
 +.Xr update-crypto-policies 8 .
 This option only applies to protocol version 2 connections using GSSAPI.
 .It Cm HashKnownHosts
 Indicates that
-@@ -1123,16 +1123,10 @@ If the specified value begins with a
+ .Xr ssh 1
@@ -1114,26 +1115,21 @@ it may be zero or more of:
 and
 .Cm pam .
 .It Cm KexAlgorithms
 +The default is handled system-wide by
 +.Xr crypto-policies 7 .
 +To see the current defaults and how to modify them, see manual page
 +.Xr update-crypto-policies 8 .
 +.Pp
 Specifies the available KEX (Key Exchange) algorithms.
 Multiple algorithms must be comma-separated.
 Alternately if the specified value begins with a
 .Sq +
 -character, then the specified methods will be appended to the default set
 +character, then the specified methods will be appended to the built-in default set
 instead of replacing them.
 If the specified value begins with a
 .Sq -
 character, then the specified methods (including wildcards) will be removed
- from the default set instead of replacing them.
+-from the default set instead of replacing them.
 -The default is:
 -.Bd -literal -offset indent
 -curve25519-sha256,curve25519-sha256@libssh.org,
@ -45,14 +116,36 @@ diff -up openssh-8.0p1/ssh_config.5.crypto-policies openssh-8.0p1/ssh_config.5
 -diffie-hellman-group14-sha256,
 -diffie-hellman-group14-sha1
 -.Ed
-+The default is handled system-wide by
+from the built-in default set instead of replacing them.
 +.Xr crypto-policies 7 .
 +To see the defaults and how to modify this default, see manual page
 +.Xr update-crypto-policies 8 .
 .Pp
 The list of available key exchange algorithms may also be obtained using
 .Qq ssh -Q kex .
-@@ -1210,14 +1204,10 @@ The algorithms that contain
+@@ -1193,33 +1189,29 @@ The default is INFO.
 DEBUG and DEBUG1 are equivalent.
 DEBUG2 and DEBUG3 each specify higher levels of verbose output.
 .It Cm MACs
 +The default is handled system-wide by
 +.Xr crypto-policies 7 .
 +To see the current defaults and how to modify them, see manual page
 +.Xr update-crypto-policies 8 .
 +.Pp
 Specifies the MAC (message authentication code) algorithms
 in order of preference.
 The MAC algorithm is used for data integrity protection.
 Multiple algorithms must be comma-separated.
 If the specified value begins with a
 .Sq +
 -character, then the specified algorithms will be appended to the default set
 +character, then the specified algorithms will be appended to the built-in default set
 instead of replacing them.
 If the specified value begins with a
 .Sq -
 character, then the specified algorithms (including wildcards) will be removed
 -from the default set instead of replacing them.
 +from the built-in default set instead of replacing them.
 .Pp
 The algorithms that contain
 .Qq -etm
 calculate the MAC after encryption (encrypt-then-mac).
 These are considered safer and their use recommended.
 .Pp
@ -64,17 +157,30 @@ diff -up openssh-8.0p1/ssh_config.5.crypto-policies openssh-8.0p1/ssh_config.5
 -umac-64@openssh.com,umac-128@openssh.com,
 -hmac-sha2-256,hmac-sha2-512,hmac-sha1
 -.Ed
-+The default is handled system-wide by
+-.Pp
 +.Xr crypto-policies 7 .
 +To see the defaults and how to modify this default, see manual page
 +.Xr update-crypto-policies 8 .
 .Pp
 The list of available MAC algorithms may also be obtained using
 .Qq ssh -Q mac .
-@@ -1361,17 +1351,10 @@ If the specified value begins with a
+ .It Cm NoHostAuthenticationForLocalhost
@@ -1352,27 +1344,21 @@ instead of continuing to execute and pas
 The default is
 .Cm no .
 .It Cm PubkeyAcceptedKeyTypes
 +The default is handled system-wide by
 +.Xr crypto-policies 7 .
 +To see the current defaults and how to modify them, see manual page
 +.Xr update-crypto-policies 8 .
 +.Pp
 Specifies the key types that will be used for public key authentication
 as a comma-separated list of patterns.
 Alternately if the specified value begins with a
 .Sq +
 -character, then the key types after it will be appended to the default
 +character, then the key types after it will be appended to the built-in default
 instead of replacing it.
 If the specified value begins with a
 .Sq -
 character, then the specified key types (including wildcards) will be removed
- from the default set instead of replacing them.
+-from the default set instead of replacing them.
 -The default for this option is:
 -.Bd -literal -offset 3n
 -ecdsa-sha2-nistp256-cert-v01@openssh.com,
@ -86,17 +192,61 @@ diff -up openssh-8.0p1/ssh_config.5.crypto-policies openssh-8.0p1/ssh_config.5
 -ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,
 -ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa
 -.Ed
-+The default is handled system-wide by
+from the built-in default set instead of replacing them.
 +.Xr crypto-policies 7 .
 +To see the defaults and how to modify this default, see manual page
 +.Xr update-crypto-policies 8 .
 .Pp
 The list of available key types may also be obtained using
 .Qq ssh -Q key .
 diff -up openssh-8.0p1/sshd_config.5.crypto-policies openssh-8.0p1/sshd_config.5
--- openssh-8.0p1/sshd_config.5.crypto-policies	2019-05-13 14:12:41.226968863 +0200
+--- openssh-8.0p1/sshd_config.5.crypto-policies	2020-03-24 17:32:54.802788908 +0100
-+++ openssh-8.0p1/sshd_config.5	2019-05-13 14:15:14.581406997 +0200
+++ openssh-8.0p1/sshd_config.5	2020-03-24 17:54:13.347740176 +0100
-@@ -490,12 +490,10 @@ aes256-gcm@openssh.com
+@@ -383,16 +383,16 @@ If the argument is
 then no banner is displayed.
 By default, no banner is displayed.
 .It Cm CASignatureAlgorithms
 +The default is handled system-wide by
 +.Xr crypto-policies 7 .
 +To see the current defaults and how to modify them, see manual page
 +.Xr update-crypto-policies 8 .
 +.Pp
 Specifies which algorithms are allowed for signing of certificates
 by certificate authorities (CAs).
 -The default is:
 -.Bd -literal -offset indent
 -ecdsa-sha2-nistp256.ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,
 -ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa
 -.Ed
 -.Pp
 Certificates signed using other algorithms will not be accepted for
 public key or host-based authentication.
 +.Pp
 .It Cm ChallengeResponseAuthentication
 Specifies whether challenge-response authentication is allowed (e.g. via
 PAM or through authentication styles supported in
@@ -454,16 +454,21 @@ The default is
 indicating not to
 .Xr chroot 2 .
 .It Cm Ciphers
 +The default is handled system-wide by
 +.Xr crypto-policies 7 .
 +To see the current defaults and how to modify them, see manual page
 +.Xr update-crypto-policies 8 .
 +.Pp
 Specifies the ciphers allowed.
 Multiple ciphers must be comma-separated.
 If the specified value begins with a
 .Sq +
 -character, then the specified ciphers will be appended to the default set
 +character, then the specified ciphers will be appended to the built-in default set
 instead of replacing them.
 If the specified value begins with a
 .Sq -
 character, then the specified ciphers (including wildcards) will be removed
 -from the default set instead of replacing them.
 +from the built-in default set instead of replacing them.
 .Pp
 The supported ciphers are:
 .Pp
@@ -490,13 +495,6 @@ aes256-gcm@openssh.com
 chacha20-poly1305@openssh.com
 .El
 .Pp
@ -106,28 +256,40 @@ diff -up openssh-8.0p1/sshd_config.5.crypto-policies openssh-8.0p1/sshd_config.5
 -aes128-ctr,aes192-ctr,aes256-ctr,
 -aes128-gcm@openssh.com,aes256-gcm@openssh.com
 -.Ed
-+The default is handled system-wide by
+-.Pp
 +.Xr crypto-policies 7 .
 +To see the defaults and how to modify this default, see manual page
 +.Xr update-crypto-policies 8 .
 .Pp
 The list of available ciphers may also be obtained using
 .Qq ssh -Q cipher .
-@@ -700,8 +698,10 @@ gss-nistp256-sha256-,
+ .It Cm ClientAliveCountMax
@@ -688,6 +686,11 @@ For this to work
 .Cm GSSAPIKeyExchange
 needs to be enabled in the server and also used by the client.
 .It Cm GSSAPIKexAlgorithms
 +The default is handled system-wide by
 +.Xr crypto-policies 7 .
 +To see the current defaults and how to modify them, see manual page
 +.Xr update-crypto-policies 8 .
 +.Pp
 The list of key exchange algorithms that are accepted by GSSAPI
 key exchange. Possible values are
 .Bd -literal -offset 3n
@@ -700,8 +703,6 @@ gss-nistp256-sha256-,
 gss-curve25519-sha256-
 .Ed
 .Pp
 -The default is
-.Dq gss-gex-sha1-,gss-group14-sha1- .
+-.Dq gss-group14-sha256-,gss-group16-sha512-,gss-nistp256-sha256-,gss-curve25519-sha256-,gss-group14-sha1-,gss-gex-sha1- .
-+The default is handled system-wide by
+ This option only applies to connections using GSSAPI.
 +.Xr crypto-policies 7 .
 +To see the defaults and how to modify this default, see manual page
 +.Xr update-crypto-policies 8 .
 This option only applies to protocol version 2 connections using GSSAPI.
 .It Cm HostbasedAcceptedKeyTypes
 Specifies the key types that will be accepted for hostbased authentication
-@@ -792,17 +792,10 @@ environment variable.
+@@ -791,19 +791,13 @@ is specified, the location of the socket
 .Ev SSH_AUTH_SOCK
 environment variable.
 .It Cm HostKeyAlgorithms
 +The default is handled system-wide by
 +.Xr crypto-policies 7 .
 +To see the current defaults and how to modify them, see manual page
 +.Xr update-crypto-policies 8 .
 +.Pp
 Specifies the host key algorithms
 that the server offers.
 -The default for this option is:
@ -141,14 +303,34 @@ diff -up openssh-8.0p1/sshd_config.5.crypto-policies openssh-8.0p1/sshd_config.5
 -ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,
 -ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa
 -.Ed
 +The default is handled system-wide by
 +.Xr crypto-policies 7 .
 +To see the defaults and how to modify this default, see manual page
 +.Xr update-crypto-policies 8 .
 .Pp
 The list of available key types may also be obtained using
 .Qq ssh -Q key .
-@@ -960,14 +953,10 @@ ecdh-sha2-nistp384
+@@ -922,16 +916,21 @@ Specifies whether to look at .k5login fi
 The default is
 .Cm yes .
 .It Cm KexAlgorithms
 +The default is handled system-wide by
 +.Xr crypto-policies 7 .
 +To see the current defaults and how to modify them, see manual page
 +.Xr update-crypto-policies 8 .
 +.Pp
 Specifies the available KEX (Key Exchange) algorithms.
 Multiple algorithms must be comma-separated.
 Alternately if the specified value begins with a
 .Sq +
 -character, then the specified methods will be appended to the default set
 +character, then the specified methods will be appended to the built-in default set
 instead of replacing them.
 If the specified value begins with a
 .Sq -
 character, then the specified methods (including wildcards) will be removed
 -from the default set instead of replacing them.
 +from the built-in default set instead of replacing them.
 The supported algorithms are:
 .Pp
 .Bl -item -compact -offset indent
@@ -961,15 +960,6 @@ ecdh-sha2-nistp384
 ecdh-sha2-nistp521
 .El
 .Pp
@ -160,14 +342,36 @@ diff -up openssh-8.0p1/sshd_config.5.crypto-policies openssh-8.0p1/sshd_config.5
 -diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,
 -diffie-hellman-group14-sha256,diffie-hellman-group14-sha1
 -.Ed
-+The default is handled system-wide by
+-.Pp
 +.Xr crypto-policies 7 .
 +To see the defaults and how to modify this default, see manual page
 +.Xr update-crypto-policies 8 .
 .Pp
 The list of available key exchange algorithms may also be obtained using
 .Qq ssh -Q kex .
-@@ -1090,14 +1079,10 @@ umac-64-etm@openssh.com
+ .It Cm ListenAddress
@@ -1038,17 +1028,22 @@ DEBUG and DEBUG1 are equivalent.
 DEBUG2 and DEBUG3 each specify higher levels of debugging output.
 Logging with a DEBUG level violates the privacy of users and is not recommended.
 .It Cm MACs
 +The default is handled system-wide by
 +.Xr crypto-policies 7 .
 +To see the current defaults and how to modify them, see manual page
 +.Xr update-crypto-policies 8 .
 +.Pp
 Specifies the available MAC (message authentication code) algorithms.
 The MAC algorithm is used for data integrity protection.
 Multiple algorithms must be comma-separated.
 If the specified value begins with a
 .Sq +
 -character, then the specified algorithms will be appended to the default set
 +character, then the specified algorithms will be appended to the built-in default set
 instead of replacing them.
 If the specified value begins with a
 .Sq -
 character, then the specified algorithms (including wildcards) will be removed
 -from the default set instead of replacing them.
 +from the built-in default set instead of replacing them.
 .Pp
 The algorithms that contain
 .Qq -etm
@@ -1091,15 +1086,6 @@ umac-64-etm@openssh.com
 umac-128-etm@openssh.com
 .El
 .Pp
@ -179,17 +383,30 @@ diff -up openssh-8.0p1/sshd_config.5.crypto-policies openssh-8.0p1/sshd_config.5
 -umac-64@openssh.com,umac-128@openssh.com,
 -hmac-sha2-256,hmac-sha2-512,hmac-sha1
 -.Ed
-+The default is handled system-wide by
+-.Pp
 +.Xr crypto-policies 7 .
 +To see the defaults and how to modify this default, see manual page
 +.Xr update-crypto-policies 8 .
 .Pp
 The list of available MAC algorithms may also be obtained using
 .Qq ssh -Q mac .
-@@ -1455,17 +1440,10 @@ If the specified value begins with a
+ .It Cm Match
@@ -1446,27 +1432,21 @@ or equivalent.)
 The default is
 .Cm yes .
 .It Cm PubkeyAcceptedKeyTypes
 +The default is handled system-wide by
 +.Xr crypto-policies 7 .
 +To see the current defaults and how to modify them, see manual page
 +.Xr update-crypto-policies 8 .
 +.Pp
 Specifies the key types that will be accepted for public key authentication
 as a list of comma-separated patterns.
 Alternately if the specified value begins with a
 .Sq +
 -character, then the specified key types will be appended to the default set
 +character, then the specified key types will be appended to the built-in default set
 instead of replacing them.
 If the specified value begins with a
 .Sq -
 character, then the specified key types (including wildcards) will be removed
- from the default set instead of replacing them.
+-from the default set instead of replacing them.
 -The default for this option is:
 -.Bd -literal -offset 3n
 -ecdsa-sha2-nistp256-cert-v01@openssh.com,
@ -201,10 +418,7 @@ diff -up openssh-8.0p1/sshd_config.5.crypto-policies openssh-8.0p1/sshd_config.5
 -ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,
 -ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa
 -.Ed
-+The default is handled system-wide by
+from the built-in default set instead of replacing them.
 +.Xr crypto-policies 7 .
 +To see the defaults and how to modify this default, see manual page
 +.Xr update-crypto-policies 8 .
 .Pp
 The list of available key types may also be obtained using
 .Qq ssh -Q key .
--- a/SOURCES/openssh-8.0p1-entropy.patch
+++ b/SOURCES/openssh-8.0p1-entropy.patch
@ -0,0 +1,302 @@
 diff --git a/entropy.c b/entropy.c
 index 2d483b3..b361a04 100644
 --- a/entropy.c
 +++ b/entropy.c
@@ -234,6 +234,9 @@ seed_rng(void)
 	}
 #endif /* OPENSSL_PRNG_ONLY */
 +#ifdef __linux__
 +	linux_seed();
 +#endif /* __linux__ */
 	if (RAND_status() != 1)
 		fatal("PRNG is not seeded");
 diff --git a/openbsd-compat/Makefile.in b/openbsd-compat/Makefile.in
 index b912dbe..9206337 100644
 --- a/openbsd-compat/Makefile.in
 +++ b/openbsd-compat/Makefile.in
@@ -20,6 +20,7 @@ OPENBSD=base64.o basename.o bcrypt_pbkdf.o bindresvport.o blowfish.o daemon.o di
 	port-solaris.o \
 	port-net.o \
 	port-uw.o \
 +	port-linux-prng.o \
 	port-linux-sshd.o
 .c.o:
 diff -up openssh-7.4p1/openbsd-compat/port-linux.h.entropy openssh-7.4p1/openbsd-compat/port-linux.h
 --- openssh-7.4p1/openbsd-compat/port-linux.h.entropy	2016-12-23 18:34:27.747753563 +0100
 +++ openssh-7.4p1/openbsd-compat/port-linux.h	2016-12-23 18:34:27.769753570 +0100
@@ -34,4 +34,6 @@ void oom_adjust_restore(void);
 void oom_adjust_setup(void);
 #endif
 +void linux_seed(void);
 +
 #endif /* ! _PORT_LINUX_H */
 diff --git a/openbsd-compat/port-linux-prng.c b/openbsd-compat/port-linux-prng.c
 new file mode 100644
 index 0000000..92a617c
 --- /dev/null
 +++ b/openbsd-compat/port-linux-prng.c
@@ -0,0 +1,78 @@
 +/*
 + * Copyright (c) 2011 - 2020 Red Hat, Inc.
 + *
 + * Authors:
 + *  Jan F. Chadima <jchadima@redhat.com>
 + *  Jakub Jelen <jjelen@redhat.com>
 + *
 + * Permission to use, copy, modify, and distribute this software for any
 + * purpose with or without fee is hereby granted, provided that the above
 + * copyright notice and this permission notice appear in all copies.
 + *
 + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
 + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
 + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
 + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
 + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
 + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 + */
 +
 +/*
 + * Linux-specific portability code - prng support
 + */
 +
 +#include "includes.h"
 +
 +#include <errno.h>
 +#include <string.h>
 +#include <openssl/rand.h>
 +#include <sys/random.h>
 +
 +#include "log.h"
 +
 +void
 +linux_seed(void)
 +{
 +	char *env = NULL;
 +	size_t randlen = 14, left;
 +	unsigned int flags = 0;
 +	unsigned char buf[256], *p;
 +
 +	env = getenv("SSH_USE_STRONG_RNG");
 +	if (env && strcmp(env, "0") != 0) {
 +		size_t ienv = atoi(env);
 +
 +		/* Max on buffer length */
 +		if (ienv > sizeof(buf))
 +			ienv = sizeof(buf);
 +		/* Minimum is always 14 B */
 +		if (ienv > randlen)
 +			randlen = ienv;
 +		flags = GRND_RANDOM;
 +	}
 +
 +	errno = 0;
 +	left = randlen;
 +	p = buf;
 +	do {
 +		ssize_t len = getrandom(p, left, flags);
 +		if (len == -1) {
 +			if (errno != EINTR) {
 +				if (flags) {
 +					/* With the variable present, this is fatal error */
 +					fatal("Failed to seed from getrandom: %s", strerror(errno));
 +				} else {
 +					/* Otherwise we log the issue drop out from here */
 +					debug("Failed to seed from getrandom: %s", strerror(errno));
 +					return;
 +				}
 +			}
 +		} else if (len > 0) {
 +			left -= len;
 +			p += len;
 +		}
 +	} while (left > 0);
 +
 +	RAND_seed(buf, randlen);
 +}
 diff --git a/ssh-add.1 b/ssh-add.1
 index 4812448..16305bf 100644
 --- a/ssh-add.1
 +++ b/ssh-add.1
@@ -161,6 +161,22 @@ to make this work.)
 Identifies the path of a
 .Ux Ns -domain
 socket used to communicate with the agent.
 +.It Ev SSH_USE_STRONG_RNG
 +The reseeding of the OpenSSL random generator is usually done from
 +.Cm getrandom(1)
 +without any specific flags.
 +If the
 +.Cm SSH_USE_STRONG_RNG
 +environment variable is set to value other than
 +.Cm 0
 +the OpenSSL random generator is reseeded from
 +.Cm getrandom(1)
 +with GRND_RANDOM flag specified.
 +The number of bytes read is defined by the SSH_USE_STRONG_RNG value.
 +Minimum is 14 bytes.
 +This setting is not recommended on the computers without the hardware
 +random generator because insufficient entropy causes the connection to
 +be blocked until enough entropy is available.
 .El
 .Sh FILES
 .Bl -tag -width Ds
 diff --git a/ssh-agent.1 b/ssh-agent.1
 index 281ecbd..1a9a635 100644
 --- a/ssh-agent.1
 +++ b/ssh-agent.1
@@ -201,6 +201,26 @@ sockets used to contain the connection to the authentication agent.
 These sockets should only be readable by the owner.
 The sockets should get automatically removed when the agent exits.
 .El
 +.Sh ENVIRONMENT
 +.Bl -tag -width Ds -compact
 +.Pp
 +.It Pa SSH_USE_STRONG_RNG
 +The reseeding of the OpenSSL random generator is usually done from
 +.Cm getrandom(1)
 +without any specific flags.
 +If the
 +.Cm SSH_USE_STRONG_RNG
 +environment variable is set to value other than
 +.Cm 0
 +the OpenSSL random generator is reseeded from
 +.Cm getrandom(1)
 +with GRND_RANDOM flag specified.
 +The number of bytes read is defined by the SSH_USE_STRONG_RNG value.
 +Minimum is 14 bytes.
 +This setting is not recommended on the computers without the hardware
 +random generator because insufficient entropy causes the connection to
 +be blocked until enough entropy is available.
 +.El
 .Sh SEE ALSO
 .Xr ssh 1 ,
 .Xr ssh-add 1 ,
 diff --git a/ssh-keygen.1 b/ssh-keygen.1
 index 12e00d4..1b51a4a 100644
 --- a/ssh-keygen.1
 +++ b/ssh-keygen.1
@@ -832,6 +832,26 @@ Contains Diffie-Hellman groups used for DH-GEX.
 The file format is described in
 .Xr moduli 5 .
 .El
 +.Sh ENVIRONMENT
 +.Bl -tag -width Ds -compact
 +.Pp
 +.It Pa SSH_USE_STRONG_RNG
 +The reseeding of the OpenSSL random generator is usually done from
 +.Cm getrandom(1)
 +without any specific flags.
 +If the
 +.Cm SSH_USE_STRONG_RNG
 +environment variable is set to value other than
 +.Cm 0
 +the OpenSSL random generator is reseeded from
 +.Cm getrandom(1)
 +with GRND_RANDOM flag specified.
 +The number of bytes read is defined by the SSH_USE_STRONG_RNG value.
 +Minimum is 14 bytes.
 +This setting is not recommended on the computers without the hardware
 +random generator because insufficient entropy causes the connection to
 +be blocked until enough entropy is available.
 +.El
 .Sh SEE ALSO
 .Xr ssh 1 ,
 .Xr ssh-add 1 ,
 diff --git a/ssh-keysign.8 b/ssh-keysign.8
 index 69d0829..02d79f8 100644
 --- a/ssh-keysign.8
 +++ b/ssh-keysign.8
@@ -80,6 +80,26 @@ must be set-uid root if host-based authentication is used.
 If these files exist they are assumed to contain public certificate
 information corresponding with the private keys above.
 .El
 +.Sh ENVIRONMENT
 +.Bl -tag -width Ds -compact
 +.Pp
 +.It Pa SSH_USE_STRONG_RNG
 +The reseeding of the OpenSSL random generator is usually done from
 +.Cm getrandom(1)
 +without any specific flags.
 +If the
 +.Cm SSH_USE_STRONG_RNG
 +environment variable is set to value other than
 +.Cm 0
 +the OpenSSL random generator is reseeded from
 +.Cm getrandom(1)
 +with GRND_RANDOM flag specified.
 +The number of bytes read is defined by the SSH_USE_STRONG_RNG value.
 +Minimum is 14 bytes.
 +This setting is not recommended on the computers without the hardware
 +random generator because insufficient entropy causes the connection to
 +be blocked until enough entropy is available.
 +.El
 .Sh SEE ALSO
 .Xr ssh 1 ,
 .Xr ssh-keygen 1 ,
 diff --git a/ssh.1 b/ssh.1
 index 929904b..f65e42f 100644
 --- a/ssh.1
 +++ b/ssh.1
@@ -1309,6 +1309,25 @@ For more information, see the
 .Cm PermitUserEnvironment
 option in
 .Xr sshd_config 5 .
 +.Bl -tag -width "SSH_ORIGINAL_COMMAND"
 +.Pp
 +.It Ev SSH_USE_STRONG_RNG
 +The reseeding of the OpenSSL random generator is usually done from
 +.Cm getrandom(1)
 +without any specific flags.
 +If the
 +.Cm SSH_USE_STRONG_RNG
 +environment variable is set to value other than
 +.Cm 0
 +the OpenSSL random generator is reseeded from
 +.Cm getrandom(1)
 +with GRND_RANDOM flag specified.
 +The number of bytes read is defined by the SSH_USE_STRONG_RNG value.
 +Minimum is 14 bytes.
 +This setting is not recommended on the computers without the hardware
 +random generator because insufficient entropy causes the connection to
 +be blocked until enough entropy is available.
 +.El
 .Sh FILES
 .Bl -tag -width Ds -compact
 .It Pa ~/.rhosts
 diff --git a/sshd.8 b/sshd.8
 index c2c237f..058d37a 100644
 --- a/sshd.8
 +++ b/sshd.8
@@ -951,6 +951,26 @@ concurrently for different ports, this contains the process ID of the one
 started last).
 The content of this file is not sensitive; it can be world-readable.
 .El
 +.Sh ENVIRONMENT
 +.Bl -tag -width Ds -compact
 +.Pp
 +.It Ev SSH_USE_STRONG_RNG
 +The reseeding of the OpenSSL random generator is usually done from
 +.Cm getrandom(1)
 +without any specific flags.
 +If the
 +.Cm SSH_USE_STRONG_RNG
 +environment variable is set to value other than
 +.Cm 0
 +the OpenSSL random generator is reseeded from
 +.Cm getrandom(1)
 +with GRND_RANDOM flag specified.
 +The number of bytes read is defined by the SSH_USE_STRONG_RNG value.
 +Minimum is 14 bytes.
 +This setting is not recommended on the computers without the hardware
 +random generator because insufficient entropy causes the connection to
 +be blocked until enough entropy is available.
 +.El
 .Sh IPV6
 IPv6 address can be used everywhere where IPv4 address. In all entries must be the IPv6 address enclosed in square brackets. Note: The square brackets are metacharacters for the shell and must be escaped in shell.
 .Sh SEE ALSO
--- a/SOURCES/openssh-8.0p1-gssapi-keyex.patch
+++ b/SOURCES/openssh-8.0p1-gssapi-keyex.patch
@ -3265,7 +3265,7 @@ index 36180d07..70dd3665 100644
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
-@@ -61,10 +61,30 @@
+@@ -61,10 +61,34 @@
 #define SSH_GSS_OIDTYPE 0x06
@ -3285,8 +3285,12 @@ index 36180d07..70dd3665 100644
 +#define KEX_GSS_C25519_SHA256_ID			"gss-curve25519-sha256-"
 +
 +#define        GSS_KEX_DEFAULT_KEX \
-+	KEX_GSS_GEX_SHA1_ID "," \
+	KEX_GSS_GRP14_SHA256_ID "," \
-+	KEX_GSS_GRP14_SHA1_ID
+	KEX_GSS_GRP16_SHA512_ID	"," \
 +	KEX_GSS_NISTP256_SHA256_ID "," \
 +	KEX_GSS_C25519_SHA256_ID "," \
 +	KEX_GSS_GRP14_SHA1_ID "," \
 +	KEX_GSS_GEX_SHA1_ID
 +
 typedef struct {
 	char *filename;
@ -3492,18 +3496,18 @@ index 41262963..c3c8b274 100644
 +The list of key exchange algorithms that are offered for GSSAPI
 +key exchange. Possible values are
 +.Bd -literal -offset 3n
-+gss-gex-sha1-,
+gss-gex-sha1-
-+gss-group1-sha1-,
+gss-group1-sha1-
-+gss-group14-sha1-,
+gss-group14-sha1-
-+gss-group14-sha256-,
+gss-group14-sha256-
-+gss-group16-sha512-,
+gss-group16-sha512-
-+gss-nistp256-sha256-,
+gss-nistp256-sha256-
 +gss-curve25519-sha256-
 +.Ed
 +.Pp
 +The default is
-+.Dq gss-gex-sha1-,gss-group14-sha1- .
+.Dq gss-group14-sha256-,gss-group16-sha512-,gss-nistp256-sha256-,gss-curve25519-sha256-,gss-group14-sha1-,gss-gex-sha1- .
-+This option only applies to protocol version 2 connections using GSSAPI.
+This option only applies to connections using GSSAPI.
 .It Cm HashKnownHosts
 Indicates that
 .Xr ssh 1
@ -3532,7 +3536,7 @@ index dffee90b..0d0a6cb8 100644
 	xxx_host = host;
 	xxx_hostaddr = hostaddr;
-@@ -193,6 +196,35 @@ ssh_kex2(struct ssh *ssh, char *host, struct sockaddr *hostaddr, u_short port)
+@@ -193,6 +196,41 @@ ssh_kex2(struct ssh *ssh, char *host, struct sockaddr *hostaddr, u_short port)
 		    order_hostkeyalgs(host, hostaddr, port));
 	}
@ -3542,12 +3546,18 @@ index dffee90b..0d0a6cb8 100644
 +		 * client to the key exchange algorithm proposal */
 +		orig = myproposal[PROPOSAL_KEX_ALGS];
 +
-+		if (options.gss_server_identity)
+		if (options.gss_server_identity) {
 +			gss_host = xstrdup(options.gss_server_identity);
-+		else if (options.gss_trust_dns)
+		} else if (options.gss_trust_dns) {
 +			gss_host = remote_hostname(ssh);
-+		else
+			/* Fall back to specified host if we are using proxy command
 +			 * and can not use DNS on that socket */
 +			if (strcmp(gss_host, "UNKNOWN") == 0) {
 +				gss_host = xstrdup(host);
 +			}
 +		} else {
 +			gss_host = xstrdup(host);
 +		}
 +
 +		gss = ssh_gssapi_client_mechanisms(gss_host,
 +		    options.gss_client_identity, options.gss_kex_algorithms);
@ -3636,18 +3646,24 @@ index dffee90b..0d0a6cb8 100644
 	{"gssapi-with-mic",
 		userauth_gssapi,
 		userauth_gssapi_cleanup,
-@@ -698,12 +766,23 @@ userauth_gssapi(struct ssh *ssh)
+@@ -698,12 +766,29 @@ userauth_gssapi(struct ssh *ssh)
 	OM_uint32 min;
 	int r, ok = 0;
 	gss_OID mech = NULL;
-+	char *gss_host;
+	char *gss_host = NULL;
 +
-+	if (options.gss_server_identity)
+	if (options.gss_server_identity) {
 +		gss_host = xstrdup(options.gss_server_identity);
-+	else if (options.gss_trust_dns)
+	} else if (options.gss_trust_dns) {
 +		gss_host = remote_hostname(ssh);
-+	else
+		/* Fall back to specified host if we are using proxy command
 +		 * and can not use DNS on that socket */
 +		if (strcmp(gss_host, "UNKNOWN") == 0) {
 +			gss_host = xstrdup(authctxt->host);
 +		}
 +	} else {
 +		gss_host = xstrdup(authctxt->host);
 +	}
 	/* Try one GSSAPI method at a time, rather than sending them all at
 	 * once. */
@ -3874,18 +3890,18 @@ index b224f292..2baa6622 100644
 +The list of key exchange algorithms that are accepted by GSSAPI
 +key exchange. Possible values are
 +.Bd -literal -offset 3n
-+gss-gex-sha1-,
+gss-gex-sha1-
-+gss-group1-sha1-,
+gss-group1-sha1-
-+gss-group14-sha1-,
+gss-group14-sha1-
-+gss-group14-sha256-,
+gss-group14-sha256-
-+gss-group16-sha512-,
+gss-group16-sha512-
-+gss-nistp256-sha256-,
+gss-nistp256-sha256-
 +gss-curve25519-sha256-
 +.Ed
 +.Pp
 +The default is
-+.Dq gss-gex-sha1-,gss-group14-sha1- .
+.Dq gss-group14-sha256-,gss-group16-sha512-,gss-nistp256-sha256-,gss-curve25519-sha256-,gss-group14-sha1-,gss-gex-sha1- .
-+This option only applies to protocol version 2 connections using GSSAPI.
+This option only applies to connections using GSSAPI.
 .It Cm HostbasedAcceptedKeyTypes
 Specifies the key types that will be accepted for hostbased authentication
 as a list of comma-separated patterns.
--- a/SOURCES/openssh-8.0p1-keygen-sha2.patch
+++ b/SOURCES/openssh-8.0p1-keygen-sha2.patch
@ -0,0 +1,107 @@
 From 4a41d245d6b13bd3882c8dc058dbd2e2b39a9f67 Mon Sep 17 00:00:00 2001
 From: "djm@openbsd.org" <djm@openbsd.org>
 Date: Fri, 24 Jan 2020 00:27:04 +0000
 Subject: [PATCH] upstream: when signing a certificate with an RSA key, default
 to
 a safe signature algorithm (rsa-sha-512) if not is explicitly specified by
 the user; ok markus@
 OpenBSD-Commit-ID: e05f638f0be6c0266e1d3d799716b461011e83a9
 ---
 ssh-keygen.c | 14 +++++++++-----
 1 file changed, 9 insertions(+), 5 deletions(-)
 diff --git a/ssh-keygen.c b/ssh-keygen.c
 index 564c3c481..f2192edb9 100644
 --- a/ssh-keygen.c
 +++ b/ssh-keygen.c
@@ -1788,10 +1788,14 @@ do_ca_sign(struct passwd *pw, const char *ca_key_path, int prefer_agent,
 	}
 	free(tmp);
 -	if (key_type_name != NULL &&
 -	    sshkey_type_from_name(key_type_name) != ca->type)  {
 -		fatal("CA key type %s doesn't match specified %s",
 -		    sshkey_ssh_name(ca), key_type_name);
 +	if (key_type_name != NULL) {
 +		if (sshkey_type_from_name(key_type_name) != ca->type) {
 +			fatal("CA key type %s doesn't match specified %s",
 +			    sshkey_ssh_name(ca), key_type_name);
 +		}
 +	} else if (ca->type == KEY_RSA) {
 +		/* Default to a good signature algorithm */
 +		key_type_name = "rsa-sha2-512";
 	}
 	for (i = 0; i < argc; i++) {
 From 476e3551b2952ef73acc43d995e832539bf9bc4d Mon Sep 17 00:00:00 2001
 From: "djm@openbsd.org" <djm@openbsd.org>
 Date: Mon, 20 May 2019 00:20:35 +0000
 Subject: [PATCH] upstream: When signing certificates with an RSA key, default
 to
 using the rsa-sha2-512 signature algorithm. Certificates signed by RSA keys
 will therefore be incompatible with OpenSSH < 7.2 unless the default is
 overridden.
 Document the ability of the ssh-keygen -t flag to override the
 signature algorithm when signing certificates, and the new default.
 ok deraadt@
 OpenBSD-Commit-ID: 400c9c15013978204c2cb80f294b03ae4cfc8b95
 ---
 ssh-keygen.1 | 13 +++++++++++--
 sshkey.c     |  9 ++++++++-
 2 files changed, 19 insertions(+), 3 deletions(-)
 diff --git a/ssh-keygen.1 b/ssh-keygen.1
 index f29774249..673bf6e2f 100644
 --- a/ssh-keygen.1
 +++ b/ssh-keygen.1
@@ -35,7 +35,7 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
 -.Dd $Mdocdate: March 5 2019 $
 +.Dd $Mdocdate: May 20 2019 $
 .Dt SSH-KEYGEN 1
 .Os
 .Sh NAME
@@ -577,6 +577,15 @@ The possible values are
 .Dq ed25519 ,
 or
 .Dq rsa .
 +.Pp
 +This flag may also be used to specify the desired signature type when
 +signing certificates using a RSA CA key.
 +The available RSA signature variants are
 +.Dq ssh-rsa
 +(SHA1 signatures, not recommended),
 +.Dq rsa-sha2-256
 +.Dq rsa-sha2-512
 +(the default).
 .It Fl U
 When used in combination with
 .Fl s ,
 diff --git a/sshkey.c b/sshkey.c
 index 9849cb237..379a579cf 100644
 --- a/sshkey.c
 +++ b/sshkey.c
@@ -2528,6 +2528,13 @@ sshkey_certify_custom(struct sshkey *k, struct sshkey *ca, const char *alg,
 	    strcmp(alg, k->cert->signature_type) != 0)
 		return SSH_ERR_INVALID_ARGUMENT;
 +	/*
 +	 * If no signing algorithm or signature_type was specified and we're
 +	 * using a RSA key, then default to a good signature algorithm.
 +	 */
 +	if (alg == NULL && ca->type == KEY_RSA)
 +		alg = "rsa-sha2-512";
 +
 	if ((ret = sshkey_to_blob(ca, &ca_blob, &ca_len)) != 0)
 		return SSH_ERR_KEY_CERT_INVALID_SIGN_KEY;
--- a/SOURCES/openssh-8.0p1-keyscan-rsa-sha2.patch
+++ b/SOURCES/openssh-8.0p1-keyscan-rsa-sha2.patch
@ -0,0 +1,33 @@
 From 7250879c72d28275a53f2f220e49646c3e42ef18 Mon Sep 17 00:00:00 2001
 From: "djm@openbsd.org" <djm@openbsd.org>
 Date: Fri, 12 Jul 2019 04:08:39 +0000
 Subject: [PATCH] upstream: include SHA2-variant RSA key algorithms in KEX
 proposal;
 allows ssh-keyscan to harvest keys from servers that disable olde SHA1
 ssh-rsa. bz#3029 from Jakub Jelen
 OpenBSD-Commit-ID: 9f95ebf76a150c2f727ca4780fb2599d50bbab7a
 ---
 ssh-keyscan.c | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)
 diff --git a/ssh-keyscan.c b/ssh-keyscan.c
 index d95ba1b37..d383b57b9 100644
 --- a/ssh-keyscan.c
 +++ b/ssh-keyscan.c
@@ -233,7 +233,12 @@ keygrab_ssh2(con *c)
 		break;
 	case KT_RSA:
 		myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = get_cert ?
 -		    "ssh-rsa-cert-v01@openssh.com" : "ssh-rsa";
 +		    "rsa-sha2-512-cert-v01@openssh.com,"
 +		    "rsa-sha2-256-cert-v01@openssh.com,"
 +		    "ssh-rsa-cert-v01@openssh.com" :
 +		    "rsa-sha2-512,"
 +		    "rsa-sha2-256,"
 +		    "ssh-rsa";
 		break;
 	case KT_ED25519:
 		myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = get_cert ?
--- a/SOURCES/openssh-8.0p1-pkcs11-uri.patch
+++ b/SOURCES/openssh-8.0p1-pkcs11-uri.patch
@ -2583,7 +2583,8 @@ index 70f06bff..59332945 100644
 	}
 -	if (p->nslots == 0) {
 +	if (m->nslots == 0) {
- 		error("%s: provider %s returned no slots", __func__,
+-		error("%s: provider %s returned no slots", __func__,
 +		debug("%s: provider %s returned no slots", __func__,
 -		    provider_id);
 +		    provider_module);
 		ret = -SSH_PKCS11_ERR_NO_SLOTS;
--- a/SOURCES/openssh-8.0p1-proxyjump-loops.patch
+++ b/SOURCES/openssh-8.0p1-proxyjump-loops.patch
@ -0,0 +1,33 @@
 From de1f3564cd85915b3002859873a37cb8d31ac9ce Mon Sep 17 00:00:00 2001
 From: "dtucker@openbsd.org" <dtucker@openbsd.org>
 Date: Tue, 18 Feb 2020 08:49:49 +0000
 Subject: [PATCH] upstream: Detect and prevent simple configuration loops when
 using
 ProxyJump. bz#3057, ok djm@
 OpenBSD-Commit-ID: 077d21c564c886c98309d871ed6f8ef267b9f037
 ---
 ssh.c | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)
 diff --git a/ssh.c b/ssh.c
 index 15aee569e..a983a108b 100644
 --- a/ssh.c
 +++ b/ssh.c
@@ -1208,6 +1208,14 @@ main(int ac, char **av)
 	if (options.jump_host != NULL) {
 		char port_s[8];
 		const char *sshbin = argv0;
 +		int port = options.port, jumpport = options.jump_port;
 +
 +		if (port <= 0)
 +			port = default_ssh_port();
 +		if (jumpport <= 0)
 +			jumpport = default_ssh_port();
 +		if (strcmp(options.jump_host, host) == 0 && port == jumpport)
 +			fatal("jumphost loop via %s", options.jump_host);
 		/*
 		 * Try to use SSH indicated by argv[0], but fall back to
--- a/SOURCES/openssh-8.0p1-rdomain.patch
+++ b/SOURCES/openssh-8.0p1-rdomain.patch
@ -0,0 +1,44 @@
 commit 5481d0b4036b33b92c372ee36258ed11bff57d5d
 Author: Jakub Jelen <jjelen@redhat.com>
 Date:   Thu Feb 27 10:07:33 2020 +0100
    Mark the RDomain configuration option unsupported on non-openbsd builds
 diff --git a/servconf.c b/servconf.c
 index db80e943..153d2525 100644
 --- a/servconf.c
 +++ b/servconf.c
@@ -698,7 +698,11 @@ static struct {
 	{ "fingerprinthash", sFingerprintHash, SSHCFG_GLOBAL },
 	{ "disableforwarding", sDisableForwarding, SSHCFG_ALL },
 	{ "exposeauthinfo", sExposeAuthInfo, SSHCFG_ALL },
 +#if defined(__OpenBSD__)
 	{ "rdomain", sRDomain, SSHCFG_ALL },
 +#else
 +	{ "rdomain", sUnsupported, SSHCFG_ALL },
 +#endif
 	{ "casignaturealgorithms", sCASignatureAlgorithms, SSHCFG_ALL },
 	{ NULL, sBadOption, 0 }
 };
@@ -2841,7 +2845,9 @@ dump_config(ServerOptions *o)
 	    o->hostkeyalgorithms : KEX_DEFAULT_PK_ALG);
 	dump_cfg_string(sPubkeyAcceptedKeyTypes, o->pubkey_key_types ?
 	    o->pubkey_key_types : KEX_DEFAULT_PK_ALG);
 +#if defined(__OpenBSD__)
 	dump_cfg_string(sRDomain, o->routing_domain);
 +#endif
 	/* string arguments requiring a lookup */
 	dump_cfg_string(sLogLevel, log_level_name(o->log_level));
 diff --git a/sshd_config.5 b/sshd_config.5
 index 5dca8981..766e9b90 100644
 --- a/sshd_config.5
 +++ b/sshd_config.5
@@ -1542,6 +1542,7 @@ will be bound to this
 If the routing domain is set to
 .Cm \&%D ,
 then the domain in which the incoming connection was received will be applied.
 +This feature is available on OpenBSD only.
 .It Cm SetEnv
 Specifies one or more environment variables to set in child sessions started
 by
--- a/SOURCES/openssh-8.0p1-x11-without-ipv6.patch
+++ b/SOURCES/openssh-8.0p1-x11-without-ipv6.patch
@ -0,0 +1,30 @@
 diff --git a/channels.c b/channels.c
 --- a/channels.c
 +++ b/channels.c
@@ -3933,16 +3933,26 @@ x11_create_display_inet(int x11_display_
 			if (ai->ai_family == AF_INET6)
 				sock_set_v6only(sock);
 			if (x11_use_localhost)
 				set_reuseaddr(sock);
 			if (bind(sock, ai->ai_addr, ai->ai_addrlen) < 0) {
 				debug2("%s: bind port %d: %.100s", __func__,
 				    port, strerror(errno));
 				close(sock);
 +
 +				/* do not remove successfully opened
 +				 * sockets if the request failed because
 +				 * the protocol IPv4/6 is not available
 +				 * (e.g. IPv6 may be disabled while being
 +				 * supported)
 +				 */
 +				if (EADDRNOTAVAIL == errno)
 +    					continue;
 +
 				for (n = 0; n < num_socks; n++)
 					close(socks[n]);
 				num_socks = 0;
 				break;
 			}
 			socks[num_socks++] = sock;
 			if (num_socks == NUM_SOCKS)
 				break;
--- a/SOURCES/sshd.sysconfig
+++ b/SOURCES/sshd.sysconfig
@ -6,6 +6,12 @@
 # of DSA key or  systemctl mask sshd-keygen@rsa.service  to disable RSA key
 # creation.
 # Do not change this option unless you have hardware random
 # generator and you REALLY know what you are doing
 SSH_USE_STRONG_RNG=0
 # SSH_USE_STRONG_RNG=1
 # System-wide crypto policy:
 # To opt-out, uncomment the following line
 # CRYPTO_POLICY=
--- a/SPECS/openssh.spec
+++ b/SPECS/openssh.spec
@ -66,7 +66,7 @@
 # Do not forget to bump pam_ssh_agent_auth release if you rewind the main package release to 1
 %global openssh_ver 8.0p1
-%global openssh_rel 3
+%global openssh_rel 5
 %global pam_ssh_agent_ver 0.10.3
 %global pam_ssh_agent_rel 7
@ -216,6 +216,20 @@ Patch963: openssh-8.0p1-openssl-evp.patch
 Patch964: openssh-8.0p1-openssl-kdf.patch
 # Use new OpenSSL for PEM export to avoid MD5 dependency (#1712436)
 Patch965: openssh-8.0p1-openssl-pem.patch
 # Seed from dev/random if requested (#1785655)
 Patch966: openssh-8.0p1-entropy.patch
 # Unbreak ssh-keyscan RSA keys without SHA1 (#1744108)
 Patch967: openssh-8.0p1-keyscan-rsa-sha2.patch
 # Detect proxyJump loops in configuration files (#1804099)
 Patch968: openssh-8.0p1-proxyjump-loops.patch
 # ssh-keygen should default to SHA2-based signature algorithm (#1790610)
 Patch969: openssh-8.0p1-keygen-sha2.patch
 # RDomain is not suported on non-OpenBSD (#1807686)
 # https://bugzilla.mindrot.org/show_bug.cgi?id=3126
 Patch970: openssh-8.0p1-rdomain.patch
 # Do not fail X11 forwarding if IPv6 is disabled (#1662189)
 # https://bugzilla.mindrot.org/show_bug.cgi?id=2143
 Patch971: openssh-8.0p1-x11-without-ipv6.patch
 License: BSD
 Group: Applications/Internet
@ -239,7 +253,6 @@ BuildRequires: autoconf, automake, perl-interpreter, perl-generators, zlib-devel
 BuildRequires: audit-libs-devel >= 2.0.5
 BuildRequires: util-linux, groff
 BuildRequires: pam-devel
 BuildRequires: fipscheck-devel >= 1.3.0
 BuildRequires: openssl-devel >= 0.9.8j
 BuildRequires: perl-podlators
 BuildRequires: systemd-devel
@ -270,7 +283,6 @@ BuildRequires: gnupg2
 Summary: An open source SSH client applications
 Group: Applications/Internet
 Requires: openssh = %{version}-%{release}
 Requires: fipscheck-lib%{_isa} >= 1.3.0
 Requires: crypto-policies >= 20180306-1
 %package server
@ -279,7 +291,6 @@ Group: System Environment/Daemons
 Requires: openssh = %{version}-%{release}
 Requires(pre): /usr/sbin/useradd
 Requires: pam >= 1.0.1-3
 Requires: fipscheck-lib%{_isa} >= 1.3.0
 Requires: crypto-policies >= 20180306-1
 %{?systemd_requires}
@ -431,6 +442,12 @@ popd
 %patch963 -p1 -b .openssl-evp
 %patch964 -p1 -b .openssl-kdf
 %patch965 -p1 -b .openssl-pem
 %patch966 -p1 -b .entropy
 %patch967 -p1 -b .keyscan
 %patch968 -p1 -b .proxyjump-loops
 %patch969 -p1 -b .keygen-sha2
 %patch970 -p1 -b .rdomain
 %patch971 -p1 -b .x11-ipv6
 %patch200 -p1 -b .audit
 %patch201 -p1 -b .audit-race
@ -556,14 +573,6 @@ make
 popd
 %endif
 # Add generation of HMAC checksums of the final stripped binaries
 %global __spec_install_post \
    %%{?__debug_package:%%{__debug_install_post}} \
    %%{__arch_install_post} \
    %%{__os_install_post} \
    fipshmac -d $RPM_BUILD_ROOT%{_libdir}/fipscheck $RPM_BUILD_ROOT%{_bindir}/ssh $RPM_BUILD_ROOT%{_sbindir}/sshd \
 %{nil}
 %check
 #to run tests use "--with check"
 %if %{?_with_check:1}%{!?_with_check:0}
@ -582,7 +591,6 @@ rm -f $RPM_BUILD_ROOT%{_sysconfdir}/ssh/ldap.conf
 install -d $RPM_BUILD_ROOT/etc/pam.d/
 install -d $RPM_BUILD_ROOT/etc/sysconfig/
 install -d $RPM_BUILD_ROOT%{_libexecdir}/openssh
 install -d $RPM_BUILD_ROOT%{_libdir}/fipscheck
 install -m644 %{SOURCE2} $RPM_BUILD_ROOT/etc/pam.d/sshd
 install -m644 %{SOURCE6} $RPM_BUILD_ROOT/etc/pam.d/ssh-keycat
 install -m644 %{SOURCE7} $RPM_BUILD_ROOT/etc/sysconfig/sshd
@ -653,7 +661,6 @@ getent passwd sshd >/dev/null || \
 %files clients
 %attr(0755,root,root) %{_bindir}/ssh
 %attr(0644,root,root) %{_libdir}/fipscheck/ssh.hmac
 %attr(0644,root,root) %{_mandir}/man1/ssh.1*
 %attr(0755,root,root) %{_bindir}/scp
 %attr(0644,root,root) %{_mandir}/man1/scp.1*
@ -680,7 +687,6 @@ getent passwd sshd >/dev/null || \
 %files server
 %dir %attr(0711,root,root) %{_var}/empty/sshd
 %attr(0755,root,root) %{_sbindir}/sshd
 %attr(0644,root,root) %{_libdir}/fipscheck/sshd.hmac
 %attr(0755,root,root) %{_libexecdir}/openssh/sftp-server
 %attr(0755,root,root) %{_libexecdir}/openssh/sshd-keygen
 %attr(0644,root,root) %{_mandir}/man5/sshd_config.5*
@ -733,6 +739,24 @@ getent passwd sshd >/dev/null || \
 %endif
 %changelog
 * Tue Mar 24 2020 Jakub Jelen <jjelen@redhat.com> - 8.0p1-5 + 0.10.3-7
 - Do not print "no slots" warning by default (#1744220)
 - Unbreak connecting using gssapi through proxy commands (#1749862)
 - Document in manual pages that CASignatureAlgorithms are handled by crypto policies (#1790604)
 - Use SHA2-based signature algorithms by default for signing certificates (#1790610)
 - Prevent simple ProxyJump loops in configuration files (#1804099)
 - Teach ssh-keyscan to use SHA2 RSA variants (#1744108)
 - Do not fail hard if getrandom() is not available and no SSH_USE_STRONG_RNG is specified (#1812120)
 - Improve wording of crypto policies references in manual pages (#1812854)
 - Do not break X11 forwarding if IPv6 is disabled (#1662189)
 - Enable SHA2-based GSSAPI key exchange algorithms by default (#1816226)
 - Mark RDomain server configuration option unsupported in RHEL (#1807686)
 - Clarify crypto policies defaults in manual pages (#1724195)
 - Mention RSA SHA2 variants in ssh-keygen manual page (#1665900)
 * Wed Jan 08 2020 Jakub Jelen <jjelen@redhat.com> - 8.0p1-4 + 0.10.3-7
 - Restore entropy patch for CC certification (#1785655)
 * Tue Jul 23 2019 Jakub Jelen <jjelen@redhat.com> - 8.0p1-3 + 0.10.3-7
 - Fix typos in manual pages (#1668325)
 - Use the upstream support for PKCS#8 PEM files alongside with the legacy PEM files (#1712436)