Unpatch Red Hat help message

openssh-8.7p1-redhat-help.patch

@@ -1,38 +1,31 @@
-diff -up openssh-8.7p1/ssh.c.xxx openssh-8.7p1/ssh.c
---- openssh-8.7p1/ssh.c.xxx	2024-09-11 14:24:06.711088878 +0200
-+++ openssh-8.7p1/ssh.c	2024-09-11 14:35:12.883765718 +0200
-@@ -175,6 +175,16 @@ extern int muxserver_sock;
+diff --color -ruNp a/ssh.c b/ssh.c
+--- a/ssh.c	2025-07-17 14:08:37.880551301 +0200
++++ b/ssh.c	2025-07-17 15:02:09.224627879 +0200
+@@ -175,6 +175,17 @@ static int forward_confirms_pending = -1
+ extern int muxserver_sock;
  extern u_int muxclient_command;
  
- /* Prints a help message to the user.  This function never returns. */
 +static void
-+redhat_usage(void)
++redhat_help_message(void)
 +{
-+    if(isatty(fileno(stderr))) {
-+	fprintf(stderr,
-+"\nYou can find some explanations for typical errors at this link:\n"
-+"	    https://red.ht/support_rhel_ssh\n"
-+	);
-+    }
++	if (log_level_get() >= SYSLOG_LEVEL_DEBUG1 &&
++           isatty(fileno(stderr))) {
++		fprintf(stderr,
++"\nThe link below provides guidance on resolving common SSH errors:\n"
++"          https://red.ht/support_rhel_ssh\n");
++	}
 +}
++
+ /* Prints a help message to the user.  This function never returns. */
  
  static void
- usage(void)
-@@ -188,6 +196,7 @@ usage(void)
- "           destination [command [argument ...]]\n"
- "       ssh [-Q query_option]\n"
- 	);
-+	redhat_usage();
- 	exit(255);
- }
- 
-@@ -1609,8 +1618,10 @@ main(int ac, char **av)
+@@ -1648,8 +1659,10 @@ main(int ac, char **av)
  	/* Open a connection to the remote host. */
  	if (ssh_connect(ssh, host, options.host_arg, addrs, &hostaddr,
  	    options.port, options.connection_attempts,
 -	    &timeout_ms, options.tcp_keep_alive) != 0)
 +	    &timeout_ms, options.tcp_keep_alive) != 0) {
-+		redhat_usage();
++		redhat_help_message();
  		exit(255);
 +	}
  

openssh-9.9p1-bad-hostkey.patch

@@ -0,0 +1,68 @@
+diff --color -ruNp a/hostfile.c b/hostfile.c
+--- a/hostfile.c	2024-09-20 00:20:48.000000000 +0200
++++ b/hostfile.c	2025-04-30 15:52:02.792091018 +0200
+@@ -63,6 +63,14 @@
+ #include "hmac.h"
+ #include "sshbuf.h"
+ 
++static int required_rsa_size = SSH_RSA_MINIMUM_MODULUS_SIZE;
++
++void
++hostfile_set_minimum_rsa_size(int size)
++{
++	required_rsa_size = size;
++}
++
+ /* XXX hmac is too easy to dictionary attack; use bcrypt? */
+ 
+ static int
+@@ -233,6 +241,7 @@ record_hostkey(struct hostkey_foreach_li
+ 	struct load_callback_ctx *ctx = (struct load_callback_ctx *)_ctx;
+ 	struct hostkeys *hostkeys = ctx->hostkeys;
+ 	struct hostkey_entry *tmp;
++	int r = 0;
+ 
+ 	if (l->status == HKF_STATUS_INVALID) {
+ 		/* XXX make this verbose() in the future */
+@@ -241,6 +250,12 @@ record_hostkey(struct hostkey_foreach_li
+ 		return 0;
+ 	}
+ 
++	if ((r = sshkey_check_rsa_length(l->key, required_rsa_size)) != 0) {
++		debug2_f("%s:%ld: ignoring hostkey: %s",
++		    l->path, l->linenum, ssh_err(r));
++		return 0;
++	}
++
+ 	debug3_f("found %skey type %s in file %s:%lu",
+ 	    l->marker == MRK_NONE ? "" :
+ 	    (l->marker == MRK_CA ? "ca " : "revoked "),
+diff --color -ruNp a/hostfile.h b/hostfile.h
+--- a/hostfile.h	2024-09-20 00:20:48.000000000 +0200
++++ b/hostfile.h	2025-04-30 15:17:44.789206468 +0200
+@@ -119,5 +119,6 @@ int hostkeys_foreach_file(const char *pa
+     const char *host, const char *ip, u_int options, u_int note);
+ 
+ void hostfile_create_user_ssh_dir(const char *, int);
++void hostfile_set_minimum_rsa_size(int);
+ 
+ #endif
+diff --color -ruNp a/ssh.c b/ssh.c
+--- a/ssh.c	2025-04-29 15:40:27.916735894 +0200
++++ b/ssh.c	2025-04-30 15:19:48.856855308 +0200
+@@ -109,6 +109,7 @@
+ #include "ssherr.h"
+ #include "myproposal.h"
+ #include "utf8.h"
++#include "hostfile.h"
+ 
+ #ifdef ENABLE_PKCS11
+ #include "ssh-pkcs11.h"
+@@ -1395,6 +1396,7 @@ main(int ac, char **av)
+ 			options.update_hostkeys = 0;
+ 		}
+ 	}
++	hostfile_set_minimum_rsa_size(options.required_rsa_size);
+ 	if (options.connection_attempts <= 0)
+ 		fatal("Invalid number of ConnectionAttempts");
+ 

openssh-9.9p1-compression-directive.patch

@@ -0,0 +1,13 @@
+diff --git a/readconf.c b/readconf.c
+index 9f559269..777739d6 100644
+--- a/readconf.c
++++ b/readconf.c
+@@ -3410,6 +3410,8 @@ fmt_intarg(OpCodes code, int val)
+ 	switch (code) {
+ 	case oAddressFamily:
+ 		return fmt_multistate_int(val, multistate_addressfamily);
++	case oCompression:
++		return fmt_multistate_int(val, multistate_compression);
+ 	case oVerifyHostKeyDNS:
+ 	case oUpdateHostkeys:
+ 		return fmt_multistate_int(val, multistate_yesnoask);

openssh-9.9p1-disable-forwarding.patch

@@ -0,0 +1,22 @@
+diff --color -ruNp a/session.c b/session.c
+--- a/session.c	2025-04-29 11:20:59.475107377 +0200
++++ b/session.c	2025-04-29 11:23:16.638538968 +0200
+@@ -2284,7 +2284,8 @@ session_auth_agent_req(struct ssh *ssh,
+ 	if ((r = sshpkt_get_end(ssh)) != 0)
+ 		sshpkt_fatal(ssh, r, "%s: parse packet", __func__);
+ 	if (!auth_opts->permit_agent_forwarding_flag ||
+-	    !options.allow_agent_forwarding) {
++	    !options.allow_agent_forwarding ||
++	    options.disable_forwarding) {
+ 		debug_f("agent forwarding disabled");
+ 		return 0;
+ 	}
+@@ -2709,7 +2710,7 @@ session_setup_x11fwd(struct ssh *ssh, Se
+ 		ssh_packet_send_debug(ssh, "X11 forwarding disabled by key options.");
+ 		return 0;
+ 	}
+-	if (!options.x11_forwarding) {
++	if (!options.x11_forwarding || options.disable_forwarding) {
+ 		debug("X11 forwarding disabled in server configuration file.");
+ 		return 0;
+ 	}

openssh-9.9p1-non-supported-keys-err-msg.patch

@@ -0,0 +1,12 @@
+diff --color -ruNp a/sshkey.c b/sshkey.c
+--- a/sshkey.c	2025-04-29 11:20:59.484832762 +0200
++++ b/sshkey.c	2025-04-29 11:28:32.349323029 +0200
+@@ -3599,6 +3599,8 @@ translate_libcrypto_error(unsigned long
+ 		}
+ 	case ERR_LIB_ASN1:
+ 		return SSH_ERR_INVALID_FORMAT;
++	case ERR_LIB_OSSL_DECODER:
++		return SSH_ERR_INVALID_FORMAT;
+ 	}
+ 	return SSH_ERR_LIBCRYPTO_ERROR;
+ }

openssh-9.9p1-openssl-mlkem.patch

@@ -0,0 +1,385 @@
+diff --git a/kex-names.c b/kex-names.c
+index ec840c1f..c0d3be11 100644
+--- a/kex-names.c
++++ b/kex-names.c
+@@ -90,6 +90,19 @@ static const struct kexalg kexalgs[] = {
+ 	{ NULL, 0, -1, -1},
+ };
+ 
++static int is_mlkem768_available()
++{
++	static int is_fetched = -1;
++
++	if (is_fetched == -1) {
++		EVP_KEM *mlkem768 = EVP_KEM_fetch(NULL, "mlkem768", NULL);
++		is_fetched = mlkem768 != NULL ? 1 : 0;
++		EVP_KEM_free(mlkem768);
++	}
++
++	return is_fetched;
++}
++
+ static char *
+ kex_alg_list_internal(char sep, const struct kexalg *algs)
+ {
+@@ -98,6 +111,9 @@ kex_alg_list_internal(char sep, const struct kexalg *algs)
+ 	const struct kexalg *k;
+ 
+ 	for (k = algs; k->name != NULL; k++) {
++		if (strcmp(k->name, KEX_MLKEM768X25519_SHA256) == 0
++			&& !is_mlkem768_available())
++			continue;
+ 		if (ret != NULL)
+ 			ret[rlen++] = sep;
+ 		nlen = strlen(k->name);
+@@ -117,6 +133,10 @@ kex_alg_by_name(const char *name)
+ {
+ 	const struct kexalg *k;
+ 
++	if (strcmp(name, KEX_MLKEM768X25519_SHA256) == 0
++		&& !is_mlkem768_available())
++	return NULL;
++
+ 	for (k = kexalgs; k->name != NULL; k++) {
+ 		if (strcmp(k->name, name) == 0)
+ 			return k;
+diff --git a/kexmlkem768x25519.c b/kexmlkem768x25519.c
+index 2b5d3960..670049dc 100644
+--- a/kexmlkem768x25519.c
++++ b/kexmlkem768x25519.c
+@@ -48,10 +48,127 @@
+ #ifdef USE_MLKEM768X25519
+ 
+ #include "libcrux_mlkem768_sha3.h"
++#include <openssl/err.h>
++#include <openssl/evp.h>
++#include <stdio.h>
++
++static int
++mlkem768_keypair_gen(unsigned char *pubkeybuf, unsigned char *privkeybuf)
++{
++    EVP_PKEY_CTX *ctx = NULL;
++    EVP_PKEY *pkey = NULL;
++    int ret = SSH_ERR_INTERNAL_ERROR;
++    size_t pubkey_size = crypto_kem_mlkem768_PUBLICKEYBYTES, privkey_size = crypto_kem_mlkem768_SECRETKEYBYTES;
++
++    ctx = EVP_PKEY_CTX_new_from_name(NULL, "mlkem768", NULL);
++    if (ctx == NULL) {
++	ret = SSH_ERR_LIBCRYPTO_ERROR;
++	goto err;
++    }
++
++    if (EVP_PKEY_keygen_init(ctx) <= 0
++        || EVP_PKEY_keygen(ctx, &pkey) <= 0) {
++	ret = SSH_ERR_LIBCRYPTO_ERROR;
++        goto err;
++    }
++
++    if (EVP_PKEY_get_raw_public_key(pkey, pubkeybuf, &pubkey_size) <= 0
++	|| EVP_PKEY_get_raw_private_key(pkey, privkeybuf, &privkey_size) <= 0) {
++	ret = SSH_ERR_LIBCRYPTO_ERROR;
++        goto err;
++    }
++
++    if (privkey_size != crypto_kem_mlkem768_SECRETKEYBYTES
++	    || pubkey_size != crypto_kem_mlkem768_PUBLICKEYBYTES) {
++	ret = SSH_ERR_LIBCRYPTO_ERROR;
++        goto err;
++    }
++    ret = 0;
++
++ err:
++    EVP_PKEY_free(pkey);
++    EVP_PKEY_CTX_free(ctx);
++    if (ret == SSH_ERR_LIBCRYPTO_ERROR)
++	   ERR_print_errors_fp(stderr);
++    return ret;
++}
++
++static int
++mlkem768_encap_secret(const u_char *pubkeybuf, u_char *secret, u_char *out)
++{
++    EVP_PKEY *pkey = NULL;
++    EVP_PKEY_CTX *ctx = NULL;
++    int r = SSH_ERR_INTERNAL_ERROR;
++    size_t outlen = crypto_kem_mlkem768_CIPHERTEXTBYTES,
++	   secretlen = crypto_kem_mlkem768_BYTES;
++
++    pkey = EVP_PKEY_new_raw_public_key_ex(NULL, "mlkem768", NULL,
++		    pubkeybuf, crypto_kem_mlkem768_PUBLICKEYBYTES);
++    if (pkey == NULL) {
++	r = SSH_ERR_LIBCRYPTO_ERROR;
++	goto err;
++    }
++
++    ctx = EVP_PKEY_CTX_new_from_pkey(NULL, pkey, NULL);
++    if (ctx == NULL
++	|| EVP_PKEY_encapsulate_init(ctx, NULL) <= 0
++        || EVP_PKEY_encapsulate(ctx, out, &outlen, secret, &secretlen) <= 0
++	|| secretlen != crypto_kem_mlkem768_BYTES
++	|| outlen != crypto_kem_mlkem768_CIPHERTEXTBYTES) {
++	r = SSH_ERR_LIBCRYPTO_ERROR;
++	goto err;
++    }
++    r = 0;
++
++ err:
++    EVP_PKEY_free(pkey);
++    EVP_PKEY_CTX_free(ctx);
++    if (r == SSH_ERR_LIBCRYPTO_ERROR)
++	   ERR_print_errors_fp(stderr);
++
++    return r;
++}
++
++static int
++mlkem768_decap_secret(const u_char *privkeybuf, const u_char *wrapped, u_char *secret)
++{
++    EVP_PKEY *pkey = NULL;
++    EVP_PKEY_CTX *ctx = NULL;
++    int r = SSH_ERR_INTERNAL_ERROR;
++    size_t wrappedlen = crypto_kem_mlkem768_CIPHERTEXTBYTES,
++	   secretlen = crypto_kem_mlkem768_BYTES;
++
++    pkey = EVP_PKEY_new_raw_private_key_ex(NULL, "mlkem768", NULL,
++		    privkeybuf, crypto_kem_mlkem768_SECRETKEYBYTES);
++    if (pkey == NULL) {
++	r = SSH_ERR_LIBCRYPTO_ERROR;
++	goto err;
++    }
++
++    ctx = EVP_PKEY_CTX_new_from_pkey(NULL, pkey, NULL);
++    if (ctx == NULL
++	|| EVP_PKEY_decapsulate_init(ctx, NULL) <= 0
++        || EVP_PKEY_decapsulate(ctx, secret, &secretlen, wrapped, wrappedlen) <= 0
++	|| secretlen != crypto_kem_mlkem768_BYTES) {
++	r = SSH_ERR_LIBCRYPTO_ERROR;
++	goto err;
++    }
++    r = 0;
++
++ err:
++    EVP_PKEY_free(pkey);
++    EVP_PKEY_CTX_free(ctx);
++
++    if (r == SSH_ERR_LIBCRYPTO_ERROR)
++	   ERR_print_errors_fp(stderr);
++
++    return r;
++}
+ 
+ int
+ kex_kem_mlkem768x25519_keypair(struct kex *kex)
+ {
++#if 0
+ 	struct sshbuf *buf = NULL;
+ 	u_char rnd[LIBCRUX_ML_KEM_KEY_PAIR_PRNG_LEN], *cp = NULL;
+ 	size_t need;
+@@ -86,6 +203,36 @@ kex_kem_mlkem768x25519_keypair(struct kex *kex)
+ 	explicit_bzero(rnd, sizeof(rnd));
+ 	sshbuf_free(buf);
+ 	return r;
++#else
++	struct sshbuf *buf = NULL;
++	u_char *cp = NULL;
++	size_t need;
++	int r = SSH_ERR_INTERNAL_ERROR;
++
++	if ((buf = sshbuf_new()) == NULL)
++		return SSH_ERR_ALLOC_FAIL;
++	need = crypto_kem_mlkem768_PUBLICKEYBYTES + CURVE25519_SIZE;
++	if ((r = sshbuf_reserve(buf, need, &cp)) != 0)
++		goto out;
++	if ((r = mlkem768_keypair_gen(cp, kex->mlkem768_client_key)) != 0)
++		goto out;
++#ifdef DEBUG_KEXECDH
++	dump_digest("client public key mlkem768:", cp,
++	    crypto_kem_mlkem768_PUBLICKEYBYTES);
++#endif
++	cp += crypto_kem_mlkem768_PUBLICKEYBYTES;
++	kexc25519_keygen(kex->c25519_client_key, cp);
++#ifdef DEBUG_KEXECDH
++	dump_digest("client public key c25519:", cp, CURVE25519_SIZE);
++#endif
++	/* success */
++	r = 0;
++	kex->client_pub = buf;
++	buf = NULL;
++ out:
++	sshbuf_free(buf);
++	return r;
++#endif
+ }
+ 
+ int
+@@ -93,6 +240,7 @@ kex_kem_mlkem768x25519_enc(struct kex *kex,
+    const struct sshbuf *client_blob, struct sshbuf **server_blobp,
+    struct sshbuf **shared_secretp)
+ {
++#if 0
+ 	struct sshbuf *server_blob = NULL;
+ 	struct sshbuf *buf = NULL;
+ 	const u_char *client_pub;
+@@ -185,12 +333,97 @@ kex_kem_mlkem768x25519_enc(struct kex *kex,
+ 	sshbuf_free(server_blob);
+ 	sshbuf_free(buf);
+ 	return r;
++#else
++	struct sshbuf *server_blob = NULL;
++	struct sshbuf *buf = NULL;
++	const u_char *client_pub;
++	u_char server_pub[CURVE25519_SIZE], server_key[CURVE25519_SIZE];
++	u_char hash[SSH_DIGEST_MAX_LENGTH];
++	size_t need;
++	int r = SSH_ERR_INTERNAL_ERROR;
++	struct libcrux_mlkem768_enc_result enc; /* FIXME */
++
++	*server_blobp = NULL;
++	*shared_secretp = NULL;
++
++	/* client_blob contains both KEM and ECDH client pubkeys */
++	need = crypto_kem_mlkem768_PUBLICKEYBYTES + CURVE25519_SIZE;
++	if (sshbuf_len(client_blob) != need) {
++		r = SSH_ERR_SIGNATURE_INVALID;
++		goto out;
++	}
++	client_pub = sshbuf_ptr(client_blob);
++#ifdef DEBUG_KEXECDH
++	dump_digest("client public key mlkem768:", client_pub,
++	    crypto_kem_mlkem768_PUBLICKEYBYTES);
++	dump_digest("client public key 25519:",
++	    client_pub + crypto_kem_mlkem768_PUBLICKEYBYTES,
++	    CURVE25519_SIZE);
++#endif
++
++	/* allocate buffer for concatenation of KEM key and ECDH shared key */
++	/* the buffer will be hashed and the result is the shared secret */
++	if ((buf = sshbuf_new()) == NULL) {
++		r = SSH_ERR_ALLOC_FAIL;
++		goto out;
++	}
++	/* allocate space for encrypted KEM key and ECDH pub key */
++	if ((server_blob = sshbuf_new()) == NULL) {
++		r = SSH_ERR_ALLOC_FAIL;
++		goto out;
++	}
++	if (mlkem768_encap_secret(client_pub, enc.snd, enc.fst.value) != 0)
++		goto out;
++
++	/* generate ECDH key pair, store server pubkey after ciphertext */
++	kexc25519_keygen(server_key, server_pub);
++	if ((r = sshbuf_put(buf, enc.snd, sizeof(enc.snd))) != 0 ||
++	    (r = sshbuf_put(server_blob, enc.fst.value, sizeof(enc.fst.value))) != 0 ||
++	    (r = sshbuf_put(server_blob, server_pub, sizeof(server_pub))) != 0)
++		goto out;
++	/* append ECDH shared key */
++	client_pub += crypto_kem_mlkem768_PUBLICKEYBYTES;
++	if ((r = kexc25519_shared_key_ext(server_key, client_pub, buf, 1)) < 0)
++		goto out;
++	if ((r = ssh_digest_buffer(kex->hash_alg, buf, hash, sizeof(hash))) != 0)
++		goto out;
++#ifdef DEBUG_KEXECDH
++	dump_digest("server public key 25519:", server_pub, CURVE25519_SIZE);
++	dump_digest("server cipher text:",
++	    enc.fst.value, sizeof(enc.fst.value));
++	dump_digest("server kem key:", enc.snd, sizeof(enc.snd));
++	dump_digest("concatenation of KEM key and ECDH shared key:",
++	    sshbuf_ptr(buf), sshbuf_len(buf));
++#endif
++	/* string-encoded hash is resulting shared secret */
++	sshbuf_reset(buf);
++	if ((r = sshbuf_put_string(buf, hash,
++	    ssh_digest_bytes(kex->hash_alg))) != 0)
++		goto out;
++#ifdef DEBUG_KEXECDH
++	dump_digest("encoded shared secret:", sshbuf_ptr(buf), sshbuf_len(buf));
++#endif
++	/* success */
++	r = 0;
++	*server_blobp = server_blob;
++	*shared_secretp = buf;
++	server_blob = NULL;
++	buf = NULL;
++ out:
++	explicit_bzero(hash, sizeof(hash));
++	explicit_bzero(server_key, sizeof(server_key));
++	explicit_bzero(&enc, sizeof(enc));
++	sshbuf_free(server_blob);
++	sshbuf_free(buf);
++	return r;
++#endif
+ }
+ 
+ int
+ kex_kem_mlkem768x25519_dec(struct kex *kex,
+     const struct sshbuf *server_blob, struct sshbuf **shared_secretp)
+ {
++#if 0
+ 	struct sshbuf *buf = NULL;
+ 	u_char mlkem_key[crypto_kem_mlkem768_BYTES];
+ 	const u_char *ciphertext, *server_pub;
+@@ -258,6 +491,64 @@ kex_kem_mlkem768x25519_dec(struct kex *kex,
+ 	explicit_bzero(mlkem_key, sizeof(mlkem_key));
+ 	sshbuf_free(buf);
+ 	return r;
++#else
++	struct sshbuf *buf = NULL;
++	const u_char *ciphertext, *server_pub;
++	u_char hash[SSH_DIGEST_MAX_LENGTH];
++	u_char decap[crypto_kem_mlkem768_BYTES];
++	size_t need;
++	int r;
++
++	*shared_secretp = NULL;
++
++	need = crypto_kem_mlkem768_CIPHERTEXTBYTES + CURVE25519_SIZE;
++	if (sshbuf_len(server_blob) != need) {
++		r = SSH_ERR_SIGNATURE_INVALID;
++		goto out;
++	}
++	ciphertext = sshbuf_ptr(server_blob);
++	server_pub = ciphertext + crypto_kem_mlkem768_CIPHERTEXTBYTES;
++	/* hash concatenation of KEM key and ECDH shared key */
++	if ((buf = sshbuf_new()) == NULL) {
++		r = SSH_ERR_ALLOC_FAIL;
++		goto out;
++	}
++#ifdef DEBUG_KEXECDH
++	dump_digest("server cipher text:", ciphertext, crypto_kem_mlkem768_CIPHERTEXTBYTES);
++	dump_digest("server public key c25519:", server_pub, CURVE25519_SIZE);
++#endif
++	if ((r = mlkem768_decap_secret(kex->mlkem768_client_key, ciphertext, decap)) != 0)
++		goto out;
++	if ((r = sshbuf_put(buf, decap, sizeof(decap))) != 0)
++		goto out;
++	if ((r = kexc25519_shared_key_ext(kex->c25519_client_key, server_pub,
++	    buf, 1)) < 0)
++		goto out;
++	if ((r = ssh_digest_buffer(kex->hash_alg, buf,
++	    hash, sizeof(hash))) != 0)
++		goto out;
++#ifdef DEBUG_KEXECDH
++	dump_digest("client kem key:", decap, sizeof(decap));
++	dump_digest("concatenation of KEM key and ECDH shared key:",
++	    sshbuf_ptr(buf), sshbuf_len(buf));
++#endif
++	sshbuf_reset(buf);
++	if ((r = sshbuf_put_string(buf, hash,
++	    ssh_digest_bytes(kex->hash_alg))) != 0)
++		goto out;
++#ifdef DEBUG_KEXECDH
++	dump_digest("encoded shared secret:", sshbuf_ptr(buf), sshbuf_len(buf));
++#endif
++	/* success */
++	r = 0;
++	*shared_secretp = buf;
++	buf = NULL;
++ out:
++	explicit_bzero(hash, sizeof(hash));
++	explicit_bzero(decap, sizeof(decap));
++	sshbuf_free(buf);
++	return r;
++#endif
+ }
+ #else /* USE_MLKEM768X25519 */
+ int

openssh-9.9p1-support-authentication-indicators-in-GSSAPI.patch

@@ -0,0 +1,450 @@
+From 5d5a66e96ad03132f65371070f4fa475f10207d9 Mon Sep 17 00:00:00 2001
+From: Alexander Bokovoy <abokovoy@redhat.com>
+Date: Mon, 10 Jun 2024 23:00:03 +0300
+Subject: [PATCH] support authentication indicators in GSSAPI
+
+RFC 6680 defines a set of GSSAPI extensions to handle attributes
+associated with the GSSAPI names. MIT Kerberos and FreeIPA use
+name attributes to add information about pre-authentication methods used
+to acquire the initial Kerberos ticket. The attribute 'auth-indicators'
+may contain list of strings that KDC has associated with the ticket
+issuance process.
+
+Use authentication indicators to authorise or deny access to SSH server.
+GSSAPIIndicators setting allows to specify a list of possible indicators
+that a Kerberos ticket presented must or must not contain. More details
+on the syntax are provided in sshd_config(5) man page.
+
+Fixes: https://bugzilla.mindrot.org/show_bug.cgi?id=2696
+
+Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
+---
+ configure.ac    |   1 +
+ gss-serv-krb5.c |  64 +++++++++++++++++++++++++++---
+ gss-serv.c      | 103 +++++++++++++++++++++++++++++++++++++++++++++++-
+ servconf.c      |  15 ++++++-
+ servconf.h      |   2 +
+ ssh-gss.h       |   7 ++++
+ sshd_config.5   |  44 +++++++++++++++++++++
+ 7 files changed, 228 insertions(+), 8 deletions(-)
+
+diff --git a/configure.ac b/configure.ac
+index d92a85809..2cbe20bf3 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -5004,6 +5004,7 @@ AC_ARG_WITH([kerberos5],
+ 		AC_CHECK_HEADERS([gssapi.h gssapi/gssapi.h])
+ 		AC_CHECK_HEADERS([gssapi_krb5.h gssapi/gssapi_krb5.h])
+ 		AC_CHECK_HEADERS([gssapi_generic.h gssapi/gssapi_generic.h])
++		AC_CHECK_HEADERS([gssapi_ext.h gssapi/gssapi_ext.h])
+ 
+ 		AC_SEARCH_LIBS([k_hasafs], [kafs], [AC_DEFINE([USE_AFS], [1],
+ 			[Define this if you want to use libkafs' AFS support])])
+diff --git a/gss-serv-krb5.c b/gss-serv-krb5.c
+index 03188d9b3..2c786ef14 100644
+--- a/gss-serv-krb5.c
++++ b/gss-serv-krb5.c
+@@ -43,6 +43,7 @@
+ #include "log.h"
+ #include "misc.h"
+ #include "servconf.h"
++#include "match.h"
+ 
+ #include "ssh-gss.h"
+ 
+@@ -87,6 +88,32 @@ ssh_gssapi_krb5_init(void)
+ 	return 1;
+ }
+ 
++/* Check if any of the indicators in the Kerberos ticket match
++ * one of indicators in the list of allowed/denied rules.
++ * In case of the match, apply the decision from the rule.
++ * In case of no indicator from the ticket matching the rule, deny
++ */
++
++static int
++ssh_gssapi_check_indicators(ssh_gssapi_client *client, int *matched)
++{
++	int ret;
++	u_int i;
++
++	/* Check indicators */
++	for (i = 0; client->indicators[i] != NULL; i++) {
++		ret = match_pattern_list(client->indicators[i],
++					 options.gss_indicators, 1);
++		/* negative or positive match */
++		if (ret != 0) {
++			*matched = i;
++			return ret;
++		}
++	}
++	/* No rule matched */
++	return 0;
++}
++
+ /* Check if this user is OK to login. This only works with krb5 - other
+  * GSSAPI mechanisms will need their own.
+  * Returns true if the user is OK to log in, otherwise returns 0
+@@ -193,7 +220,7 @@ static int
+ ssh_gssapi_krb5_userok(ssh_gssapi_client *client, char *name)
+ {
+ 	krb5_principal princ;
+-	int retval;
++	int retval, matched;
+ 	const char *errmsg;
+ 	int k5login_exists;
+ 
+@@ -216,17 +243,42 @@ ssh_gssapi_krb5_userok(ssh_gssapi_client *client, char *name)
+ 	if (k5login_exists &&
+ 	    ssh_krb5_kuserok(krb_context, princ, name, k5login_exists)) {
+ 		retval = 1;
+-		logit("Authorized to %s, krb5 principal %s (krb5_kuserok)",
+-		    name, (char *)client->displayname.value);
++	    errmsg = "krb5_kuserok";
+ 	} else if (ssh_gssapi_krb5_cmdok(princ, client->exportedname.value,
+ 		name, k5login_exists)) {
+ 		retval = 1;
+-		logit("Authorized to %s, krb5 principal %s "
+-		    "(ssh_gssapi_krb5_cmdok)",
+-		    name, (char *)client->displayname.value);
++		errmsg = "ssh_gssapi_krb5_cmdok";
+ 	} else
+ 		retval = 0;
+ 
++	if ((retval == 1) && (options.gss_indicators != NULL)) {
++		/* At this point the configuration enforces presence of indicators
++		 * so we drop the authorization result again */
++		retval = 0;
++		if (client->indicators) {
++			matched = -1;
++			retval = ssh_gssapi_check_indicators(client, &matched);
++			if (retval != 0) {
++				retval = (retval == 1);
++				logit("Ticket contains indicator %s, "
++					"krb5 principal %s is %s",
++					client->indicators[matched],
++					(char *)client->displayname.value,
++				        retval ? "allowed" : "denied");
++				goto cont;
++			}
++		}
++		if (retval == 0) {
++			logit("GSSAPI authentication indicators enforced "
++				"but not matched. krb5 principal %s denied",
++			(char *)client->displayname.value);
++		}
++	}
++cont:
++	if (retval == 1) {
++		logit("Authorized to %s, krb5 principal %s (%s)",
++		    name, (char *)client->displayname.value, errmsg);
++	}
+ 	krb5_free_principal(krb_context, princ);
+ 	return retval;
+ }
+diff --git a/gss-serv.c b/gss-serv.c
+index 9d5435eda..5c0491cf1 100644
+--- a/gss-serv.c
++++ b/gss-serv.c
+@@ -54,7 +54,7 @@ extern ServerOptions options;
+ 
+ static ssh_gssapi_client gssapi_client =
+     { GSS_C_EMPTY_BUFFER, GSS_C_EMPTY_BUFFER, GSS_C_NO_CREDENTIAL,
+-    GSS_C_NO_NAME, NULL, {NULL, NULL, NULL, NULL, NULL}, 0, 0};
++    GSS_C_NO_NAME, NULL, {NULL, NULL, NULL, NULL, NULL}, 0, 0, NULL};
+ 
+ ssh_gssapi_mech gssapi_null_mech =
+     { NULL, NULL, {0, NULL}, NULL, NULL, NULL, NULL, NULL};
+@@ -296,6 +296,92 @@ ssh_gssapi_parse_ename(Gssctxt *ctx, gss_buffer_t ename, gss_buffer_t name)
+ 	return GSS_S_COMPLETE;
+ }
+ 
++
++/* Extract authentication indicators from the Kerberos ticket. Authentication
++ * indicators are GSSAPI name attributes for the name "auth-indicators".
++ * Multiple indicators might be present in the ticket.
++ * Each indicator is a utf8 string. */
++
++#define AUTH_INDICATORS_TAG "auth-indicators"
++
++/* Privileged (called from accept_secure_ctx) */
++static OM_uint32
++ssh_gssapi_getindicators(Gssctxt *ctx, gss_name_t gss_name, ssh_gssapi_client *client)
++{
++	gss_buffer_set_t attrs = GSS_C_NO_BUFFER_SET;
++	gss_buffer_desc value = GSS_C_EMPTY_BUFFER;
++	gss_buffer_desc display_value = GSS_C_EMPTY_BUFFER;
++	int is_mechname, authenticated, complete, more;
++	size_t count, i;
++
++	ctx->major = gss_inquire_name(&ctx->minor, gss_name,
++				      &is_mechname, NULL, &attrs);
++	if (ctx->major != GSS_S_COMPLETE) {
++		return (ctx->major);
++	}
++
++	if (attrs == GSS_C_NO_BUFFER_SET) {
++		/* No indicators in the ticket */
++		return (0);
++	}
++
++	count = 0;
++	for (i = 0; i < attrs->count; i++) {
++		/* skip anything but auth-indicators */
++		if (((sizeof(AUTH_INDICATORS_TAG) - 1) != attrs->elements[i].length) ||
++		    strncmp(AUTH_INDICATORS_TAG,
++			    attrs->elements[i].value,
++			    sizeof(AUTH_INDICATORS_TAG) - 1) != 0)
++			continue;
++		count++;
++	}
++
++	if (count == 0) {
++		/* No auth-indicators in the ticket */
++		(void) gss_release_buffer_set(&ctx->minor, &attrs);
++		return (0);
++	}
++
++	client->indicators = recallocarray(NULL, 0, count + 1, sizeof(char*));
++	count = 0;
++	for (i = 0; i < attrs->count; i++) {
++		authenticated = 0;
++		complete = 0;
++		more = -1;
++		/* skip anything but auth-indicators */
++		if (((sizeof(AUTH_INDICATORS_TAG) - 1) != attrs->elements[i].length) ||
++		    strncmp(AUTH_INDICATORS_TAG,
++			    attrs->elements[i].value,
++			    sizeof(AUTH_INDICATORS_TAG) - 1) != 0)
++			continue;
++		/* retrieve all indicators */
++		while (more != 0) {
++			value.value = NULL;
++			display_value.value = NULL;
++			ctx->major = gss_get_name_attribute(&ctx->minor, gss_name,
++					&attrs->elements[i], &authenticated,
++					&complete, &value, &display_value, &more);
++			if (ctx->major != GSS_S_COMPLETE) {
++				goto out;
++			}
++
++			if ((value.value != NULL) && authenticated) {
++				client->indicators[count] = xmalloc(value.length + 1);
++				memcpy(client->indicators[count], value.value, value.length);
++				client->indicators[count][value.length] = '\0';
++				count++;
++			}
++		}
++	}
++
++out:
++	(void) gss_release_buffer(&ctx->minor, &value);
++	(void) gss_release_buffer(&ctx->minor, &display_value);
++	(void) gss_release_buffer_set(&ctx->minor, &attrs);
++	return (ctx->major);
++}
++
++
+ /* Extract the client details from a given context. This can only reliably
+  * be called once for a context */
+ 
+@@ -385,6 +471,12 @@ ssh_gssapi_getclient(Gssctxt *ctx, ssh_gssapi_client *client)
+ 	}
+ 
+ 	gss_release_buffer(&ctx->minor, &ename);
++	/* Retrieve authentication indicators, if they exist */
++	if ((ctx->major = ssh_gssapi_getindicators(ctx,
++	    ctx->client, client))) {
++		ssh_gssapi_error(ctx);
++		return (ctx->major);
++	}
+ 
+ 	/* We can't copy this structure, so we just move the pointer to it */
+ 	client->creds = ctx->client_creds;
+@@ -447,6 +539,7 @@ int
+ ssh_gssapi_userok(char *user, struct passwd *pw, int kex)
+ {
+ 	OM_uint32 lmin;
++	size_t i;
+ 
+ 	(void) kex; /* used in privilege separation */
+ 
+@@ -465,6 +558,14 @@ ssh_gssapi_userok(char *user, struct passwd *pw, int kex)
+ 			gss_release_buffer(&lmin, &gssapi_client.displayname);
+ 			gss_release_buffer(&lmin, &gssapi_client.exportedname);
+ 			gss_release_cred(&lmin, &gssapi_client.creds);
++
++			if (gssapi_client.indicators != NULL) {
++				for(i = 0; gssapi_client.indicators[i] != NULL; i++) {
++					free(gssapi_client.indicators[i]);
++				}
++				free(gssapi_client.indicators);
++			}
++
+ 			explicit_bzero(&gssapi_client,
+ 			    sizeof(ssh_gssapi_client));
+ 			return 0;
+diff --git a/servconf.c b/servconf.c
+index e7e4ad046..aab653244 100644
+--- a/servconf.c
++++ b/servconf.c
+@@ -147,6 +147,7 @@ initialize_server_options(ServerOptions *options)
+ 	options->gss_strict_acceptor = -1;
+ 	options->gss_store_rekey = -1;
+ 	options->gss_kex_algorithms = NULL;
++	options->gss_indicators = NULL;
+ 	options->use_kuserok = -1;
+ 	options->enable_k5users = -1;
+ 	options->password_authentication = -1;
+@@ -598,7 +599,7 @@ typedef enum {
+ 	sPerSourcePenalties, sPerSourcePenaltyExemptList,
+ 	sClientAliveInterval, sClientAliveCountMax, sAuthorizedKeysFile,
+ 	sGssAuthentication, sGssCleanupCreds, sGssEnablek5users, sGssStrictAcceptor,
+-	sGssKeyEx, sGssKexAlgorithms, sGssStoreRekey,
++	sGssKeyEx, sGssIndicators, sGssKexAlgorithms, sGssStoreRekey,
+ 	sAcceptEnv, sSetEnv, sPermitTunnel,
+ 	sMatch, sPermitOpen, sPermitListen, sForceCommand, sChrootDirectory,
+ 	sUsePrivilegeSeparation, sAllowAgentForwarding,
+@@ -694,6 +695,7 @@ static struct {
+ 	{ "gssapistorecredentialsonrekey", sGssStoreRekey, SSHCFG_GLOBAL },
+ 	{ "gssapikexalgorithms", sGssKexAlgorithms, SSHCFG_GLOBAL },
+ 	{ "gssapienablek5users", sGssEnablek5users, SSHCFG_ALL },
++	{ "gssapiindicators", sGssIndicators, SSHCFG_ALL },
+ #else
+ 	{ "gssapiauthentication", sUnsupported, SSHCFG_ALL },
+ 	{ "gssapicleanupcredentials", sUnsupported, SSHCFG_GLOBAL },
+@@ -703,6 +705,7 @@ static struct {
+ 	{ "gssapistorecredentialsonrekey", sUnsupported, SSHCFG_GLOBAL },
+ 	{ "gssapikexalgorithms", sUnsupported, SSHCFG_GLOBAL },
+ 	{ "gssapienablek5users", sUnsupported, SSHCFG_ALL },
++	{ "gssapiindicators", sUnsupported, SSHCFG_ALL },
+ #endif
+ 	{ "gssusesessionccache", sUnsupported, SSHCFG_GLOBAL },
+ 	{ "gssapiusesessioncredcache", sUnsupported, SSHCFG_GLOBAL },
+@@ -1730,6 +1733,15 @@ process_server_config_line_depth(ServerOptions *options, char *line,
+ 			options->gss_kex_algorithms = xstrdup(arg);
+ 		break;
+ 
++	case sGssIndicators:
++		arg = argv_next(&ac, &av);
++		if (!arg || *arg == '\0')
++			fatal("%s line %d: %s missing argument.",
++			    filename, linenum, keyword);
++		if (options->gss_indicators == NULL)
++			options->gss_indicators = xstrdup(arg);
++		break;
++
+ 	case sPasswordAuthentication:
+ 		intptr = &options->password_authentication;
+ 		goto parse_flag;
+@@ -3351,6 +3363,7 @@ dump_config(ServerOptions *o)
+ 	dump_cfg_fmtint(sGssStrictAcceptor, o->gss_strict_acceptor);
+ 	dump_cfg_fmtint(sGssStoreRekey, o->gss_store_rekey);
+ 	dump_cfg_string(sGssKexAlgorithms, o->gss_kex_algorithms);
++	dump_cfg_string(sGssIndicators, o->gss_indicators);
+ #endif
+ 	dump_cfg_fmtint(sPasswordAuthentication, o->password_authentication);
+ 	dump_cfg_fmtint(sKbdInteractiveAuthentication,
+diff --git a/servconf.h b/servconf.h
+index 7c7e5d434..7c41df417 100644
+--- a/servconf.h
++++ b/servconf.h
+@@ -181,6 +181,7 @@ typedef struct {
+ 	char   **allow_groups;
+ 	u_int num_deny_groups;
+ 	char   **deny_groups;
++	char   *gss_indicators;
+ 
+ 	u_int num_subsystems;
+ 	char   **subsystem_name;
+@@ -310,6 +311,7 @@ TAILQ_HEAD(include_list, include_item);
+ 		M_CP_STROPT(routing_domain); \
+ 		M_CP_STROPT(permit_user_env_allowlist); \
+ 		M_CP_STROPT(pam_service_name); \
++		M_CP_STROPT(gss_indicators); \
+ 		M_CP_STRARRAYOPT(authorized_keys_files, num_authkeys_files); \
+ 		M_CP_STRARRAYOPT(allow_users, num_allow_users); \
+ 		M_CP_STRARRAYOPT(deny_users, num_deny_users); \
+diff --git a/ssh-gss.h b/ssh-gss.h
+index a894e23c9..59cf46d47 100644
+--- a/ssh-gss.h
++++ b/ssh-gss.h
+@@ -34,6 +34,12 @@
+ #include <gssapi/gssapi.h>
+ #endif
+ 
++#ifdef HAVE_GSSAPI_EXT_H
++#include <gssapi_ext.h>
++#elif defined(HAVE_GSSAPI_GSSAPI_EXT_H)
++#include <gssapi/gssapi_ext.h>
++#endif
++
+ #ifdef KRB5
+ # ifndef HEIMDAL
+ #  ifdef HAVE_GSSAPI_GENERIC_H
+@@ -107,6 +113,7 @@ typedef struct {
+ 	ssh_gssapi_ccache store;
+ 	int used;
+ 	int updated;
++	char **indicators; /* auth indicators */
+ } ssh_gssapi_client;
+ 
+ typedef struct ssh_gssapi_mech_struct {
+diff --git a/sshd_config.5 b/sshd_config.5
+index 583a01cdb..90ab87edd 100644
+--- a/sshd_config.5
++++ b/sshd_config.5
+@@ -785,6 +785,50 @@ gss-nistp256-sha256-
+ gss-curve25519-sha256-
+ .Ed
+ This option only applies to connections using GSSAPI.
++.It Cm GSSAPIIndicators
++Specifies whether to accept or deny GSSAPI authenticated access if Kerberos
++mechanism is used and Kerberos ticket contains a particular set of
++authentication indicators. The values can be specified as a comma-separated list
++.Cm [!]name1,[!]name2,... .
++When indicator's name is prefixed with !, the authentication indicator 'name'
++will deny access to the system. Otherwise, one of non-negated authentication
++indicators must be present in the Kerberos ticket to allow access. If
++.Cm GSSAPIIndicators
++is defined, a Kerberos ticket that has indicators but does not match the
++policy will get denial. If at least one indicator is configured, whether for
++access or denial, tickets without authentication indicators will be explicitly
++rejected.
++.Pp
++By default systems using MIT Kerberos 1.17 or later will not assign any
++indicators. SPAKE and PKINIT methods add authentication indicators
++to all successful authentications. The SPAKE pre-authentication method is
++preferred over an encrypted timestamp pre-authentication when passwords used to
++authenticate user principals. Kerberos KDCs built with Heimdal Kerberos
++(including Samba AD DC built with Heimdal) do not add authentication
++indicators. However, OpenSSH built against Heimdal Kerberos library is able to
++inquire authentication indicators and thus can be used to check for their presence.
++.Pp
++Indicator name is case-sensitive and depends on the configuration of a
++particular Kerberos deployment. Indicators available in MIT Kerberos and
++FreeIPA environments:
++.Pp
++.Bl -tag -width XXXX -offset indent -compact
++.It Cm hardened
++SPAKE or encrypted timestamp pre-authentication mechanisms in MIT Kerberos and FreeIPA
++.It Cm pkinit
++smartcard or PKCS11 token-based pre-authentication in MIT Kerberos and FreeIPA
++.It Cm radius
++pre-authentication based on a RADIUS server in MIT Kerberos and FreeIPA
++.It Cm otp
++TOTP/HOTP-based two-factor pre-authentication in FreeIPA
++.It Cm idp
++OAuth2-based pre-authentication in FreeIPA using an external identity provider
++and device authorization grant flow
++.It Cm passkey
++FIDO2-based pre-authentication in FreeIPA, using FIDO2 USB and NFC tokens
++.El
++.Pp
++The default is to not use GSSAPI authentication indicators for access decisions.
+ .It Cm HostbasedAcceptedAlgorithms
+ The default is handled system-wide by
+ .Xr crypto-policies 7 .
+-- 
+2.49.0
+

openssh.spec

@@ -39,12 +39,11 @@
 %{?static_openssl:%global static_libcrypto 1}
 
 %global openssh_ver 9.9p1
-%global openssh_rel 7
 
 Summary: An open source implementation of SSH protocol version 2
 Name: openssh
 Version: %{openssh_ver}
-Release: %{openssh_rel}%{?dist}.alma.1
+Release: 11%{?dist}.alma.1
 URL: http://www.openssh.com/portable.html
 Source0: ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-%{version}.tar.gz
 Source1: ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-%{version}.tar.gz.asc
@@ -205,6 +204,16 @@ Patch1020: openssh-9.9p1-match-regression.patch
 # upstream 6ce00f0c2ecbb9f75023dbe627ee6460bcec78c2
 # upstream 0832aac79517611dd4de93ad0a83577994d9c907
 Patch1021: openssh-9.9p2-error_processing.patch
+# Downstream patch, OpenSSL based MLKEM implementation
+Patch1022: openssh-9.9p1-openssl-mlkem.patch
+# upstream 8eabd2ae2ca1d7756417a1ee5b41f09c5d997634
+Patch1023: openssh-9.9p1-compression-directive.patch
+# upstream fc86875e6acb36401dfc1dfb6b628a9d1460f367
+Patch1024: openssh-9.9p1-disable-forwarding.patch
+Patch1025: openssh-9.9p1-non-supported-keys-err-msg.patch
+Patch1026: openssh-9.9p1-bad-hostkey.patch
+# https://github.com/openssh/openssh-portable/pull/500
+Patch1027: openssh-9.9p1-support-authentication-indicators-in-GSSAPI.patch
 
 License: BSD-3-Clause AND BSD-2-Clause AND ISC AND SSH-OpenSSH AND ssh-keyscan AND sprintf AND LicenseRef-Fedora-Public-Domain AND X11-distribute-modifications-variant
 Requires: /sbin/nologin
@@ -391,6 +400,12 @@ gpgv2 --quiet --keyring %{SOURCE3} %{SOURCE1} %{SOURCE0}
 %patch -P 1019 -p1 -b .mlkembe
 %patch -P 1020 -p1 -b .match
 %patch -P 1021 -p1 -b .errcode_set
+%patch -P 1022 -p1 -b .openssl-mlkem
+%patch -P 1023 -p1 -b .compression
+%patch -P 1024 -p1 -b .disable-forwarding
+%patch -P 1025 -p1 -b .non-supported-keys-err-msg
+%patch -P 1026 -p1 -b .bad-hostkey
+%patch -P 1027 -p1 -b .gss-indicators
 
 %patch -P 100 -p1 -b .coverity
 
@@ -489,7 +504,8 @@ popd
 %endif
 
 %check
-OPENSSL_CONF=/dev/null %{SOURCE22} %{SOURCE23}  # ./parallel_tests.sh parallel_tests.Makefile
+%{SOURCE22} %{SOURCE23}  # ./parallel_tests.sh parallel_tests.Makefile
+#make tests
 
 %install
 rm -rf $RPM_BUILD_ROOT
@@ -670,9 +686,33 @@ test -f %{sysconfig_anaconda} && \
 %attr(0755,root,root) %{_libdir}/sshtest/sk-dummy.so
 
 %changelog
-* Wed Jun 25 2025 Koichiro Iwao <meta@almalinux.org> - 9.9p1-7.alma.1
+* Tue Nov 11 2025 Koichiro Iwao <meta@almalinux.org> - 9.9p1-11.alma.1
 - Unpatch Red Hat help message
 
+* Fri Jul 18 2025 Zoltan Fridrich <zfridric@redhat.com> - 9.9p1-11
+- Move the redhat help message to debug1 log level
+  Resolves: RHEL-93957
+
+* Thu Jun 26 2025 Dmitry Belyavskiy <dbelyavs@redhat.com> - 9.9p1-10
+- Support for authentication indicators in OpenSSH
+  Resolves: RHEL-40790
+
+* Tue Apr 29 2025 Zoltan Fridrich <zfridric@redhat.com> - 9.9p1-9
+- CVE-2025-32728: Fix logic error in DisableForwarding option
+  Resolves: RHEL-86819
+- Provide better error for non-supported private keys
+  Resolves: RHEL-68124
+- Ignore bad hostkeys in known_hosts file
+  Resolves: RHEL-83644
+
+* Thu Mar 20 2025 Dmitry Belyavskiy <dbelyavs@redhat.com> - 9.9p1-8
+- OpenSSH should not use its own implementation of MLKEM
+  Resolves: RHEL-58252
+- Correct processing of Compression directive
+  Resolves: RHEL-68346
+- Supress systemd warning
+  Resolves: RHEL-84816
+
 * Tue Feb 18 2025 Dmitry Belyavskiy <dbelyavs@redhat.com> - 9.9p1-7
 - rebuilt
   Related: RHEL-78699

sshd.sysconfig

@@ -8,3 +8,4 @@
 
 #SSH_RSA_BITS=3072
 #SSH_ECDSA_BITS=256
+OPTIONS=""