.fmf/version

@@ -1 +0,0 @@
-1

.gitignore

@@ -1,66 +1,3 @@
-openssh-5.5p1-noacss.tar.bz2
+SOURCES/DJM-GPG-KEY.gpg
-pam_ssh_agent_auth-0.9.2.tar.bz2
+SOURCES/openssh-8.0p1.tar.gz
-/openssh-5.6p1-noacss.tar.bz2
+SOURCES/pam_ssh_agent_auth-0.10.3.tar.bz2
-/pam_ssh_agent_auth-0.9.2.tar.bz2
-/openssh-5.8p1-noacss.tar.bz2
-/openssh-5.8p2-noacss.tar.bz2
-/openssh-5.9p1-noacss.tar.bz2
-/pam_ssh_agent_auth-0.9.3.tar.bz2
-/openssh-6.0p1-noacss.tar.bz2
-/openssh-6.1p1-noacss.tar.bz2
-/openssh-6.2p1.tar.gz
-/openssh-6.2p2.tar.gz
-/openssh-6.3p1.tar.gz
-/openssh-6.4p1.tar.gz
-/openssh-6.6p1.tar.gz
-/openssh-6.7p1.tar.gz
-/openssh-6.8p1.tar.gz
-/openssh-6.9p1.tar.gz
-/openssh-7.0p1.tar.gz
-/openssh-7.1p1.tar.gz
-/openssh-7.1p2.tar.gz
-/pam_ssh_agent_auth-0.10.2.tar.bz2
-/openssh-7.2p1.tar.gz
-/openssh-7.2p2.tar.gz
-/openssh-7.3p1.tar.gz
-/openssh-7.4p1.tar.gz
-/pam_ssh_agent_auth-0.10.3.tar.bz2
-/openssh-7.5p1.tar.gz
-/openssh-7.6p1.tar.gz
-/openssh-7.7p1.tar.gz
-/openssh-7.7p1.tar.gz.asc
-/DJM-GPG-KEY.gpg
-/openssh-7.8p1.tar.gz
-/openssh-7.8p1.tar.gz.asc
-/openssh-7.9p1.tar.gz
-/openssh-7.9p1.tar.gz.asc
-/openssh-8.0p1.tar.gz
-/openssh-8.0p1.tar.gz.asc
-/openssh-8.1p1.tar.gz
-/openssh-8.1p1.tar.gz.asc
-/openssh-8.2p1.tar.gz
-/openssh-8.2p1.tar.gz.asc
-/openssh-8.3p1.tar.gz
-/openssh-8.3p1.tar.gz.asc
-/openssh-8.4p1.tar.gz
-/openssh-8.4p1.tar.gz.asc
-/pam_ssh_agent_auth-0.10.4.tar.gz
-/openssh-8.5p1.tar.gz
-/openssh-8.5p1.tar.gz.asc
-/gpgkey-736060BA.gpg
-/openssh-8.6p1.tar.gz
-/openssh-8.6p1.tar.gz.asc
-/openssh-8.7p1.tar.gz
-/openssh-8.7p1.tar.gz.asc
-/openssh-8.8p1.tar.gz
-/openssh-8.8p1.tar.gz.asc
-/openssh-9.0p1.tar.gz
-/openssh-9.0p1.tar.gz.asc
-/openssh-9.3p1.tar.gz
-/openssh-9.3p1.tar.gz.asc
-/openssh-9.6p1.tar.gz
-/openssh-9.6p1.tar.gz.asc
-/openssh-9.8p1.tar.gz
-/openssh-9.8p1.tar.gz.asc
-/openssh-9.9p1.tar.gz
-/openssh-9.9p1.tar.gz.asc

.openssh.metadata

@@ -0,0 +1,3 @@
+bed7240bb17840b451b8f8457791c33456814d93 SOURCES/DJM-GPG-KEY.gpg
+756dbb99193f9541c9206a667eaa27b0fa184a4f SOURCES/openssh-8.0p1.tar.gz
+a4482a050fdad1d012427e45799564136708cf6b SOURCES/pam_ssh_agent_auth-0.10.3.tar.bz2

SOURCES/openssh-4.3p2-askpass-grab-info.patch

@@ -0,0 +1,19 @@
+diff -up openssh-7.4p1/contrib/gnome-ssh-askpass2.c.grab-info openssh-7.4p1/contrib/gnome-ssh-askpass2.c
+--- openssh-7.4p1/contrib/gnome-ssh-askpass2.c.grab-info	2016-12-23 13:31:22.645213115 +0100
++++ openssh-7.4p1/contrib/gnome-ssh-askpass2.c	2016-12-23 13:31:40.997216691 +0100
+@@ -65,9 +65,12 @@ report_failed_grab (GtkWidget *parent_wi
+ 	err = gtk_message_dialog_new(GTK_WINDOW(parent_window), 0,
+ 				     GTK_MESSAGE_ERROR,
+ 				     GTK_BUTTONS_CLOSE,
+-				     "Could not grab %s. "
+-				     "A malicious client may be eavesdropping "
+-				     "on your session.", what);
++				     "SSH password dialog could not grab the %s input.\n"
++				     "This might be caused by application such as screensaver, "
++				     "however it could also mean that someone may be eavesdropping "
++				     "on your session.\n"
++				     "Either close the application which grabs the %s or "
++				     "log out and log in again to prevent this from happening.", what, what);
+ 	gtk_window_set_position(GTK_WINDOW(err), GTK_WIN_POS_CENTER);
+ 
+ 	gtk_dialog_run(GTK_DIALOG(err));

SOURCES/openssh-5.1p1-askpass-progress.patch

@@ -0,0 +1,81 @@
+diff -up openssh-7.4p1/contrib/gnome-ssh-askpass2.c.progress openssh-7.4p1/contrib/gnome-ssh-askpass2.c
+--- openssh-7.4p1/contrib/gnome-ssh-askpass2.c.progress	2016-12-19 05:59:41.000000000 +0100
++++ openssh-7.4p1/contrib/gnome-ssh-askpass2.c	2016-12-23 13:31:16.545211926 +0100
+@@ -53,6 +53,7 @@
+ #include <string.h>
+ #include <unistd.h>
+ #include <X11/Xlib.h>
++#include <glib.h>
+ #include <gtk/gtk.h>
+ #include <gdk/gdkx.h>
+ 
+@@ -81,13 +82,24 @@ ok_dialog(GtkWidget *entry, gpointer dia
+ 	gtk_dialog_response(GTK_DIALOG(dialog), GTK_RESPONSE_OK);
+ }
+ 
++static void
++move_progress(GtkWidget *entry, gpointer progress)
++{
++	gdouble step;
++	g_return_if_fail(GTK_IS_PROGRESS_BAR(progress));
++	
++	step = g_random_double_range(0.03, 0.1);
++	gtk_progress_bar_set_pulse_step(GTK_PROGRESS_BAR(progress), step);
++	gtk_progress_bar_pulse(GTK_PROGRESS_BAR(progress));
++}
++
+ static int
+ passphrase_dialog(char *message)
+ {
+ 	const char *failed;
+ 	char *passphrase, *local;
+ 	int result, grab_tries, grab_server, grab_pointer;
+-	GtkWidget *parent_window, *dialog, *entry;
++	GtkWidget *parent_window, *dialog, *entry, *progress, *hbox;
+ 	GdkGrabStatus status;
+ 
+ 	grab_server = (getenv("GNOME_SSH_ASKPASS_GRAB_SERVER") != NULL);
+@@ -104,14 +116,32 @@ passphrase_dialog(char *message)
+ 					"%s",
+ 					message);
+ 
++	hbox = gtk_hbox_new(FALSE, 0);
++	gtk_box_pack_start(GTK_BOX(GTK_DIALOG(dialog)->vbox), hbox, FALSE,
++	    FALSE, 0);
++	gtk_widget_show(hbox);
++
+ 	entry = gtk_entry_new();
+ 	gtk_box_pack_start(
+-	    GTK_BOX(gtk_dialog_get_content_area(GTK_DIALOG(dialog))), entry,
+-	    FALSE, FALSE, 0);
++	    GTK_BOX(hbox), entry,
++	    TRUE, FALSE, 0);
++	gtk_entry_set_width_chars(GTK_ENTRY(entry), 2);
+ 	gtk_entry_set_visibility(GTK_ENTRY(entry), FALSE);
+ 	gtk_widget_grab_focus(entry);
+ 	gtk_widget_show(entry);
+ 
++	hbox = gtk_hbox_new(FALSE, 0);
++	gtk_box_pack_start(GTK_BOX(GTK_DIALOG(dialog)->vbox), hbox, FALSE,
++	    FALSE, 8);
++	gtk_widget_show(hbox);
++
++	progress = gtk_progress_bar_new();
++	
++	gtk_progress_bar_set_text(GTK_PROGRESS_BAR(progress), "Passphrase length hidden intentionally");
++	gtk_box_pack_start(GTK_BOX(hbox), progress, TRUE,
++	    TRUE, 5);
++	gtk_widget_show(progress);
++
+ 	gtk_window_set_title(GTK_WINDOW(dialog), "OpenSSH");
+ 	gtk_window_set_position (GTK_WINDOW(dialog), GTK_WIN_POS_CENTER);
+ 	gtk_window_set_keep_above(GTK_WINDOW(dialog), TRUE);
+@@ -120,6 +150,8 @@ passphrase_dialog(char *message)
+ 	gtk_dialog_set_default_response(GTK_DIALOG(dialog), GTK_RESPONSE_OK);
+ 	g_signal_connect(G_OBJECT(entry), "activate",
+ 			 G_CALLBACK(ok_dialog), dialog);
++	g_signal_connect(G_OBJECT(entry), "changed",
++			 G_CALLBACK(move_progress), progress);
+ 
+ 	gtk_window_set_keep_above(GTK_WINDOW(dialog), TRUE);
+ 

SOURCES/openssh-5.8p2-sigpipe.patch

@@ -1,14 +1,12 @@
 diff -up openssh-5.8p2/ssh-keyscan.c.sigpipe openssh-5.8p2/ssh-keyscan.c
 --- openssh-5.8p2/ssh-keyscan.c.sigpipe	2011-08-23 18:30:33.873025916 +0200
 +++ openssh-5.8p2/ssh-keyscan.c	2011-08-23 18:32:24.574025362 +0200
-@@ -715,6 +715,9 @@ main(int argc, char **argv)
+@@ -715,6 +715,8 @@ main(int argc, char **argv)
-	if (maxfd > fdlim_get(0))
  		fdlim_set(maxfd);
  	fdcon = xcalloc(maxfd, sizeof(con));
-+ 
+ 
 +	signal(SIGPIPE, SIG_IGN);
 +
-	read_wait = xcalloc(maxfd, sizeof(struct pollfd));
+ 	read_wait_nfdset = howmany(maxfd, NFDBITS);
-	for (j = 0; j < maxfd; j++)
+ 	read_wait = xcalloc(read_wait_nfdset, sizeof(fd_mask));
-		read_wait[j].fd = -1;
  

SOURCES/openssh-6.3p1-ctr-evp-fast.patch

@@ -0,0 +1,101 @@
+diff -up openssh-5.9p1/cipher-ctr.c.ctr-evp openssh-5.9p1/cipher-ctr.c
+--- openssh-5.9p1/cipher-ctr.c.ctr-evp	2012-01-11 09:24:06.000000000 +0100
++++ openssh-5.9p1/cipher-ctr.c	2012-01-11 15:54:04.675956600 +0100
+@@ -38,7 +38,7 @@ void ssh_aes_ctr_iv(EVP_CIPHER_CTX *, in
+ 
+ struct ssh_aes_ctr_ctx
+ {
+-	AES_KEY		aes_ctx;
++	EVP_CIPHER_CTX	ecbctx;
+ 	u_char		aes_counter[AES_BLOCK_SIZE];
+ };
+ 
+@@ -63,21 +63,42 @@ ssh_aes_ctr(EVP_CIPHER_CTX *ctx, u_char
+ {
+ 	struct ssh_aes_ctr_ctx *c;
+ 	size_t n = 0;
+-	u_char buf[AES_BLOCK_SIZE];
++	u_char ctrbuf[AES_BLOCK_SIZE*256];
++	u_char buf[AES_BLOCK_SIZE*256];
+ 
+ 	if (len == 0)
+ 		return (1);
+ 	if ((c = EVP_CIPHER_CTX_get_app_data(ctx)) == NULL)
+ 		return (0);
+ 
+-	while ((len--) > 0) {
++	for (; len > 0; len -= sizeof(u_int)) {
++		u_int r,a,b;
++
+ 		if (n == 0) {
+-			AES_encrypt(c->aes_counter, buf, &c->aes_ctx);
+-			ssh_ctr_inc(c->aes_counter, AES_BLOCK_SIZE);
++			int outl, i, buflen;
++
++			buflen = MIN(len, sizeof(ctrbuf));
++
++			for(i = 0; i < buflen; i += AES_BLOCK_SIZE) {
++				memcpy(&ctrbuf[i], c->aes_counter, AES_BLOCK_SIZE);
++				ssh_ctr_inc(c->aes_counter, AES_BLOCK_SIZE);
++			}
++
++			EVP_EncryptUpdate(&c->ecbctx, buf, &outl,
++				ctrbuf, buflen);
+ 		}
+-		*(dest++) = *(src++) ^ buf[n];
+-		n = (n + 1) % AES_BLOCK_SIZE;
++
++		memcpy(&a, src, sizeof(a));
++		memcpy(&b, &buf[n], sizeof(b));
++		r = a ^ b;
++		memcpy(dest, &r, sizeof(r));
++		src += sizeof(a);
++		dest += sizeof(r);
++
++		n = (n + sizeof(b)) % sizeof(buf);
+ 	}
++	memset(ctrbuf, '\0', sizeof(ctrbuf));
++	memset(buf, '\0', sizeof(buf));
+ 	return (1);
+ }
+ 
+@@ -91,9 +112,28 @@ ssh_aes_ctr_init(EVP_CIPHER_CTX *ctx, co
+ 		c = xmalloc(sizeof(*c));
+ 		EVP_CIPHER_CTX_set_app_data(ctx, c);
+ 	}
+-	if (key != NULL)
+-		AES_set_encrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 8,
+-		    &c->aes_ctx);
++
++	EVP_CIPHER_CTX_init(&c->ecbctx);
++
++	if (key != NULL) {
++		const EVP_CIPHER *cipher;
++		switch(EVP_CIPHER_CTX_key_length(ctx)*8) {
++			case 128:
++				cipher = EVP_aes_128_ecb();
++				break;
++			case 192:
++				cipher = EVP_aes_192_ecb();
++				break;
++			case 256:
++				cipher = EVP_aes_256_ecb();
++				break;
++			default:
++				fatal("ssh_aes_ctr_init: wrong aes key length");
++		}
++		if(!EVP_EncryptInit_ex(&c->ecbctx, cipher, NULL, key, NULL))
++			fatal("ssh_aes_ctr_init: cannot initialize aes encryption");
++		EVP_CIPHER_CTX_set_padding(&c->ecbctx, 0);
++	}
+ 	if (iv != NULL)
+ 		memcpy(c->aes_counter, iv, AES_BLOCK_SIZE);
+ 	return (1);
+@@ -105,6 +145,7 @@ ssh_aes_ctr_cleanup(EVP_CIPHER_CTX *ctx)
+ 	struct ssh_aes_ctr_ctx *c;
+ 
+ 	if ((c = EVP_CIPHER_CTX_get_app_data(ctx)) != NULL) {
++		EVP_CIPHER_CTX_cleanup(&c->ecbctx);
+ 		memset(c, 0, sizeof(*c));
+ 		free(c);
+ 		EVP_CIPHER_CTX_set_app_data(ctx, NULL);

SOURCES/openssh-6.6.1p1-log-in-chroot.patch

@@ -1,19 +1,19 @@
-diff -up openssh-8.6p1/log.c.log-in-chroot openssh-8.6p1/log.c
+diff -up openssh-7.4p1/log.c.log-in-chroot openssh-7.4p1/log.c
---- openssh-8.6p1/log.c.log-in-chroot	2021-04-16 05:55:25.000000000 +0200
+--- openssh-7.4p1/log.c.log-in-chroot	2016-12-19 05:59:41.000000000 +0100
-+++ openssh-8.6p1/log.c	2021-04-19 14:43:08.544843434 +0200
++++ openssh-7.4p1/log.c	2016-12-23 15:14:33.330168088 +0100
-@@ -194,6 +194,11 @@ void
+@@ -250,6 +250,11 @@ debug3(const char *fmt,...)
- log_init(const char *av0, LogLevel level, SyslogFacility facility,
+ void
-     int on_stderr)
+ log_init(char *av0, LogLevel level, SyslogFacility facility, int on_stderr)
  {
 +	log_init_handler(av0, level, facility, on_stderr, 1);
 +}
 +
 +void
-+log_init_handler(const char *av0, LogLevel level, SyslogFacility facility, int on_stderr, int reset_handler) {
++log_init_handler(char *av0, LogLevel level, SyslogFacility facility, int on_stderr, int reset_handler) {
  #if defined(HAVE_OPENLOG_R) && defined(SYSLOG_DATA_INIT)
  	struct syslog_data sdata = SYSLOG_DATA_INIT;
  #endif
-@@ -206,8 +211,10 @@ log_init(const char *av0, LogLevel level
+@@ -273,8 +278,10 @@ log_init(char *av0, LogLevel level, Sysl
  		exit(1);
  	}
  
@@ -26,21 +26,21 @@ diff -up openssh-8.6p1/log.c.log-in-chroot openssh-8.6p1/log.c
  
  	log_on_stderr = on_stderr;
  	if (on_stderr)
-diff -up openssh-8.6p1/log.h.log-in-chroot openssh-8.6p1/log.h
+diff -up openssh-7.4p1/log.h.log-in-chroot openssh-7.4p1/log.h
---- openssh-8.6p1/log.h.log-in-chroot	2021-04-19 14:43:08.544843434 +0200
+--- openssh-7.4p1/log.h.log-in-chroot	2016-12-19 05:59:41.000000000 +0100
-+++ openssh-8.6p1/log.h	2021-04-19 14:56:46.931042176 +0200
++++ openssh-7.4p1/log.h	2016-12-23 15:14:33.330168088 +0100
-@@ -52,6 +52,7 @@ typedef enum {
+@@ -49,6 +49,7 @@ typedef enum {
- typedef void (log_handler_fn)(LogLevel, int, const char *, void *);
+ typedef void (log_handler_fn)(LogLevel, const char *, void *);
  
- void     log_init(const char *, LogLevel, SyslogFacility, int);
+ void     log_init(char *, LogLevel, SyslogFacility, int);
-+void     log_init_handler(const char *, LogLevel, SyslogFacility, int, int);
++void     log_init_handler(char *, LogLevel, SyslogFacility, int, int);
  LogLevel log_level_get(void);
  int      log_change_level(LogLevel);
  int      log_is_on_stderr(void);
-diff -up openssh-8.6p1/monitor.c.log-in-chroot openssh-8.6p1/monitor.c
+diff -up openssh-7.4p1/monitor.c.log-in-chroot openssh-7.4p1/monitor.c
---- openssh-8.6p1/monitor.c.log-in-chroot	2021-04-19 14:43:08.526843298 +0200
+--- openssh-7.4p1/monitor.c.log-in-chroot	2016-12-23 15:14:33.311168085 +0100
-+++ openssh-8.6p1/monitor.c	2021-04-19 14:55:25.286424043 +0200
++++ openssh-7.4p1/monitor.c	2016-12-23 15:16:42.154193100 +0100
-@@ -297,6 +297,8 @@ monitor_child_preauth(struct ssh *ssh, s
+@@ -307,6 +307,8 @@ monitor_child_preauth(Authctxt *_authctx
  		close(pmonitor->m_log_sendfd);
  	pmonitor->m_log_sendfd = pmonitor->m_recvfd = -1;
  
@@ -49,25 +49,25 @@ diff -up openssh-8.6p1/monitor.c.log-in-chroot openssh-8.6p1/monitor.c
  	authctxt = (Authctxt *)ssh->authctxt;
  	memset(authctxt, 0, sizeof(*authctxt));
  	ssh->authctxt = authctxt;
-@@ -408,6 +410,8 @@ monitor_child_postauth(struct ssh *ssh,
+@@ -405,6 +407,8 @@ monitor_child_postauth(struct monitor *p
  	close(pmonitor->m_recvfd);
  	pmonitor->m_recvfd = -1;
  
 +	pmonitor->m_state = "postauth";
 +
  	monitor_set_child_handler(pmonitor->m_pid);
- 	ssh_signal(SIGHUP, &monitor_child_handler);
+ 	signal(SIGHUP, &monitor_child_handler);
- 	ssh_signal(SIGTERM, &monitor_child_handler);
+ 	signal(SIGTERM, &monitor_child_handler);
-@@ -480,7 +484,7 @@ monitor_read_log(struct monitor *pmonito
+@@ -472,7 +476,7 @@ monitor_read_log(struct monitor *pmonito
- 	/* Log it */
  	if (log_level_name(level) == NULL)
- 		fatal_f("invalid log level %u (corrupted message?)", level);
+ 		fatal("%s: invalid log level %u (corrupted message?)",
--	sshlogdirect(level, forced, "%s [preauth]", msg);
+ 		    __func__, level);
-+	sshlogdirect(level, forced, "%s [%s]", msg, pmonitor->m_state);
+-	do_log2(level, "%s [preauth]", msg);
++	do_log2(level, "%s [%s]", msg, pmonitor->m_state);
  
  	sshbuf_free(logmsg);
  	free(msg);
-@@ -1868,13 +1872,28 @@ monitor_init(void)
+@@ -1719,13 +1723,28 @@ monitor_init(void)
  	mon = xcalloc(1, sizeof(*mon));
  	monitor_openfds(mon, 1);
  
@@ -89,7 +89,7 @@ diff -up openssh-8.6p1/monitor.c.log-in-chroot openssh-8.6p1/monitor.c
 +		xasprintf(&dev_log_path, "%s/dev/log", chroot_dir);
 +
 +		if (stat(dev_log_path, &dev_log_stat) != 0) {
-+			debug_f("/dev/log doesn't exist in %s chroot - will try to log via monitor using [postauth] suffix", chroot_dir);
++			debug("%s: /dev/log doesn't exist in %s chroot - will try to log via monitor using [postauth] suffix", __func__, chroot_dir);
 +			do_logfds = 1;
 +		}
 +		free(dev_log_path);
@@ -98,10 +98,10 @@ diff -up openssh-8.6p1/monitor.c.log-in-chroot openssh-8.6p1/monitor.c
  }
  
  #ifdef GSSAPI
-diff -up openssh-8.6p1/monitor.h.log-in-chroot openssh-8.6p1/monitor.h
+diff -up openssh-7.4p1/monitor.h.log-in-chroot openssh-7.4p1/monitor.h
---- openssh-8.6p1/monitor.h.log-in-chroot	2021-04-19 14:43:08.527843305 +0200
+--- openssh-7.4p1/monitor.h.log-in-chroot	2016-12-23 15:14:33.330168088 +0100
-+++ openssh-8.6p1/monitor.h	2021-04-19 14:43:08.545843441 +0200
++++ openssh-7.4p1/monitor.h	2016-12-23 15:16:28.372190424 +0100
-@@ -80,10 +80,11 @@ struct monitor {
+@@ -83,10 +83,11 @@ struct monitor {
  	int			 m_log_sendfd;
  	struct kex		**m_pkex;
  	pid_t			 m_pid;
@@ -114,9 +114,9 @@ diff -up openssh-8.6p1/monitor.h.log-in-chroot openssh-8.6p1/monitor.h
  
  struct Authctxt;
  void monitor_child_preauth(struct ssh *, struct monitor *);
-diff -up openssh-8.6p1/session.c.log-in-chroot openssh-8.6p1/session.c
+diff -up openssh-7.4p1/session.c.log-in-chroot openssh-7.4p1/session.c
---- openssh-8.6p1/session.c.log-in-chroot	2021-04-19 14:43:08.534843358 +0200
+--- openssh-7.4p1/session.c.log-in-chroot	2016-12-23 15:14:33.319168086 +0100
-+++ openssh-8.6p1/session.c	2021-04-19 14:43:08.545843441 +0200
++++ openssh-7.4p1/session.c	2016-12-23 15:18:18.742211853 +0100
 @@ -160,6 +160,7 @@ login_cap_t *lc;
  
  static int is_child = 0;
@@ -125,7 +125,7 @@ diff -up openssh-8.6p1/session.c.log-in-chroot openssh-8.6p1/session.c
  
  /* File containing userauth info, if ExposeAuthInfo set */
  static char *auth_info_file = NULL;
-@@ -661,6 +662,7 @@ do_exec(struct ssh *ssh, Session *s, con
+@@ -619,6 +620,7 @@ do_exec(Session *s, const char *command)
  	int ret;
  	const char *forced = NULL, *tty = NULL;
  	char session_type[1024];
@@ -133,7 +133,7 @@ diff -up openssh-8.6p1/session.c.log-in-chroot openssh-8.6p1/session.c
  
  	if (options.adm_forced_command) {
  		original_command = command;
-@@ -720,6 +722,10 @@ do_exec(struct ssh *ssh, Session *s, con
+@@ -676,6 +678,10 @@ do_exec(Session *s, const char *command)
  			tty += 5;
  	}
  
@@ -144,10 +144,10 @@ diff -up openssh-8.6p1/session.c.log-in-chroot openssh-8.6p1/session.c
  	verbose("Starting session: %s%s%s for %s from %.200s port %d id %d",
  	    session_type,
  	    tty == NULL ? "" : " on ",
-@@ -1524,14 +1530,6 @@ child_close_fds(struct ssh *ssh)
+@@ -1486,14 +1492,6 @@ child_close_fds(void)
- 
+ 	 * descriptors left by system functions.  They will be closed later.
- 	/* Stop directing logs to a high-numbered fd before we close it */
+ 	 */
- 	log_redirect_stderr_to(NULL);
+ 	endpwent();
 -
 -	/*
 -	 * Close any extra open file descriptors so that we don't have them
@@ -159,7 +159,7 @@ diff -up openssh-8.6p1/session.c.log-in-chroot openssh-8.6p1/session.c
  }
  
  /*
-@@ -1665,8 +1663,6 @@ do_child(struct ssh *ssh, Session *s, co
+@@ -1629,8 +1627,6 @@ do_child(Session *s, const char *command
  			exit(1);
  	}
  
@@ -168,7 +168,7 @@ diff -up openssh-8.6p1/session.c.log-in-chroot openssh-8.6p1/session.c
  	do_rc_files(ssh, s, shell);
  
  	/* restore SIGPIPE for child */
-@@ -1691,9 +1687,17 @@ do_child(struct ssh *ssh, Session *s, co
+@@ -1653,9 +1649,17 @@ do_child(Session *s, const char *command
  		argv[i] = NULL;
  		optind = optreset = 1;
  		__progname = argv[0];
@@ -187,9 +187,9 @@ diff -up openssh-8.6p1/session.c.log-in-chroot openssh-8.6p1/session.c
  	fflush(NULL);
  
  	/* Get the last component of the shell name. */
-diff -up openssh-8.6p1/sftp.h.log-in-chroot openssh-8.6p1/sftp.h
+diff -up openssh-7.4p1/sftp.h.log-in-chroot openssh-7.4p1/sftp.h
---- openssh-8.6p1/sftp.h.log-in-chroot	2021-04-16 05:55:25.000000000 +0200
+--- openssh-7.4p1/sftp.h.log-in-chroot	2016-12-19 05:59:41.000000000 +0100
-+++ openssh-8.6p1/sftp.h	2021-04-19 14:43:08.545843441 +0200
++++ openssh-7.4p1/sftp.h	2016-12-23 15:14:33.331168088 +0100
 @@ -97,5 +97,5 @@
  
  struct passwd;
@@ -197,28 +197,28 @@ diff -up openssh-8.6p1/sftp.h.log-in-chroot openssh-8.6p1/sftp.h
 -int	sftp_server_main(int, char **, struct passwd *);
 +int	sftp_server_main(int, char **, struct passwd *, int);
  void	sftp_server_cleanup_exit(int) __attribute__((noreturn));
-diff -up openssh-8.6p1/sftp-server.c.log-in-chroot openssh-8.6p1/sftp-server.c
+diff -up openssh-7.4p1/sftp-server.c.log-in-chroot openssh-7.4p1/sftp-server.c
---- openssh-8.6p1/sftp-server.c.log-in-chroot	2021-04-16 05:55:25.000000000 +0200
+--- openssh-7.4p1/sftp-server.c.log-in-chroot	2016-12-19 05:59:41.000000000 +0100
-+++ openssh-8.6p1/sftp-server.c	2021-04-19 14:43:08.545843441 +0200
++++ openssh-7.4p1/sftp-server.c	2016-12-23 15:14:33.331168088 +0100
-@@ -1644,7 +1644,7 @@ sftp_server_usage(void)
+@@ -1497,7 +1497,7 @@ sftp_server_usage(void)
  }
  
  int
 -sftp_server_main(int argc, char **argv, struct passwd *user_pw)
 +sftp_server_main(int argc, char **argv, struct passwd *user_pw, int reset_handler)
  {
-	int i, r, in, out, ch, skipargs = 0, log_stderr = 0;
+ 	fd_set *rset, *wset;
-	ssize_t len, olen;
+ 	int i, r, in, out, max, ch, skipargs = 0, log_stderr = 0;
-@@ -1657,7 +1657,7 @@ sftp_server_main(int argc, char **argv,
+@@ -1511,7 +1511,7 @@ sftp_server_main(int argc, char **argv,
- 	extern char *__progname;
  
+ 	ssh_malloc_init();	/* must be called before any mallocs */
  	__progname = ssh_get_progname(argv[0]);
 -	log_init(__progname, log_level, log_facility, log_stderr);
 +	log_init_handler(__progname, log_level, log_facility, log_stderr, reset_handler);
  
  	pw = pwcopy(user_pw);
  
-@@ -1730,7 +1730,7 @@ sftp_server_main(int argc, char **argv,
+@@ -1582,7 +1582,7 @@ sftp_server_main(int argc, char **argv,
  		}
  	}
  
@@ -227,21 +227,21 @@ diff -up openssh-8.6p1/sftp-server.c.log-in-chroot openssh-8.6p1/sftp-server.c
  
  	/*
  	 * On platforms where we can, avoid making /proc/self/{mem,maps}
-diff -up openssh-8.6p1/sftp-server-main.c.log-in-chroot openssh-8.6p1/sftp-server-main.c
+diff -up openssh-7.4p1/sftp-server-main.c.log-in-chroot openssh-7.4p1/sftp-server-main.c
---- openssh-8.6p1/sftp-server-main.c.log-in-chroot	2021-04-16 05:55:25.000000000 +0200
+--- openssh-7.4p1/sftp-server-main.c.log-in-chroot	2016-12-19 05:59:41.000000000 +0100
-+++ openssh-8.6p1/sftp-server-main.c	2021-04-19 14:43:08.545843441 +0200
++++ openssh-7.4p1/sftp-server-main.c	2016-12-23 15:14:33.331168088 +0100
-@@ -50,5 +50,5 @@ main(int argc, char **argv)
+@@ -49,5 +49,5 @@ main(int argc, char **argv)
  		return 1;
  	}
  
 -	return (sftp_server_main(argc, argv, user_pw));
 +	return (sftp_server_main(argc, argv, user_pw, 0));
  }
-diff -up openssh-8.6p1/sshd-session.c.log-in-chroot openssh-8.6p1/sshd-session.c
+diff -up openssh-7.4p1/sshd.c.log-in-chroot openssh-7.4p1/sshd.c
---- openssh-8.6p1/sshd-session.c.log-in-chroot	2021-04-19 14:43:08.543843426 +0200
+--- openssh-7.4p1/sshd.c.log-in-chroot	2016-12-23 15:14:33.328168088 +0100
-+++ openssh-8.6p1/sshd-session.c	2021-04-19 14:43:08.545843441 +0200
++++ openssh-7.4p1/sshd.c	2016-12-23 15:14:33.332168088 +0100
-@@ -559,7 +559,7 @@ privsep_postauth(struct ssh *ssh, Authct
+@@ -650,7 +650,7 @@ privsep_postauth(Authctxt *authctxt)
- #endif
+ 	}
  
  	/* New socket pair */
 -	monitor_reinit(pmonitor);
@@ -249,7 +249,7 @@ diff -up openssh-8.6p1/sshd-session.c.log-in-chroot openssh-8.6p1/sshd-session.c
  
  	pmonitor->m_pid = fork();
  	if (pmonitor->m_pid == -1)
-@@ -578,6 +578,11 @@ privsep_postauth(struct ssh *ssh, Authct
+@@ -668,6 +668,11 @@ privsep_postauth(Authctxt *authctxt)
  
  	close(pmonitor->m_sendfd);
  	pmonitor->m_sendfd = -1;

SOURCES/openssh-6.6.1p1-scp-non-existing-directory.patch

@@ -10,5 +10,5 @@
 +		}
  		omode = mode;
  		mode |= S_IWUSR;
- 		if ((ofd = open(np, O_WRONLY|O_CREAT, mode)) == -1) {
+ 		if ((ofd = open(np, O_WRONLY|O_CREAT, mode)) < 0) {
 -- 

SOURCES/openssh-6.6.1p1-selinux-contexts.patch

@@ -34,19 +34,19 @@ index 8f32464..18a2ca4 100644
 +
 +	contexts_path = selinux_openssh_contexts_path();
 +	if (contexts_path == NULL) {
-+		debug3_f("Failed to get the path to SELinux context");
++		debug3("%s: Failed to get the path to SELinux context", __func__);
 +		return;
 +	}
 +
 +	if ((contexts_file = fopen(contexts_path, "r")) == NULL) {
-+		debug_f("Failed to open SELinux context file");
++		debug("%s: Failed to open SELinux context file", __func__);
 +		return;
 +	}
 +
 +	if (fstat(fileno(contexts_file), &sb) != 0 ||
 +	    sb.st_uid != 0 || (sb.st_mode & 022) != 0) {
-+		logit_f("SELinux context file needs to be owned by root"
++		logit("%s: SELinux context file needs to be owned by root"
-+		    " and not writable by anyone else");
++		    " and not writable by anyone else", __func__);
 +		fclose(contexts_file);
 +		return;
 +	}
@@ -70,7 +70,7 @@ index 8f32464..18a2ca4 100644
 +		if (arg && strcmp(arg, "privsep_preauth") == 0) {
 +			arg = strdelim(&cp);
 +			if (!arg || *arg == '\0') {
-+				debug_f("privsep_preauth is empty");
++				debug("%s: privsep_preauth is empty", __func__);
 +				fclose(contexts_file);
 +				return;
 +			}
@@ -80,8 +80,8 @@ index 8f32464..18a2ca4 100644
 +	fclose(contexts_file);
 +
 +	if (preauth_context == NULL) {
-+		debug_f("Unable to find 'privsep_preauth' option in"
++		debug("%s: Unable to find 'privsep_preauth' option in"
-+		    " SELinux context file");
++		    " SELinux context file", __func__);
 +		return;
 +	}
 +
@@ -93,17 +93,18 @@ index 8f32464..18a2ca4 100644
  #endif
  
 diff --git a/openbsd-compat/port-linux.c b/openbsd-compat/port-linux.c
---- a/openbsd-compat/port-linux.c	(revision 8241b9c0529228b4b86d88b1a6076fb9f97e4a99)
+index 22ea8ef..1fc963d 100644
-+++ b/openbsd-compat/port-linux.c	(date 1703108053912)
+--- a/openbsd-compat/port-linux.c
-@@ -207,7 +207,7 @@
++++ b/openbsd-compat/port-linux.c
- 	xasprintf(&newctx, "%.*s%s%s", (int)(cx - oldctx + 1), oldctx,
+@@ -179,7 +179,7 @@ ssh_selinux_change_context(const char *newname)
- 	    newname, cx2 == NULL ? "" : cx2);
+ 	strlcpy(newctx + len, newname, newlen - len);
-
+ 	if ((cx = index(cx + 1, ':')))
--	debug3_f("setting context from '%s' to '%s'", oldctx, newctx);
+ 		strlcat(newctx, cx, newlen);
-+	debug_f("setting context from '%s' to '%s'", oldctx, newctx);
+-	debug3("%s: setting context from '%s' to '%s'", __func__,
++	debug("%s: setting context from '%s' to '%s'", __func__,
+ 	    oldctx, newctx);
  	if (setcon(newctx) < 0)
- 		do_log2_f(log_level, "setcon %s from %s failed with %s",
+ 		switchlog("%s: setcon %s from %s failed with %s", __func__,
- 		    newctx, oldctx, strerror(errno));
 diff --git a/openbsd-compat/port-linux.h b/openbsd-compat/port-linux.h
 index cb51f99..8b7cda2 100644
 --- a/openbsd-compat/port-linux.h
@@ -116,10 +117,10 @@ index cb51f99..8b7cda2 100644
  #endif
  
  #ifdef LINUX_OOM_ADJUST
-diff --git a/sshd-session.c b/sshd-session.c
+diff --git a/sshd.c b/sshd.c
 index 2871fe9..39b9c08 100644
---- a/sshd-session.c
+--- a/sshd.c
-+++ b/sshd-session.c
++++ b/sshd.c
 @@ -629,7 +629,7 @@ privsep_preauth_child(void)
  	demote_sensitive_data();
  

SOURCES/openssh-6.6p1-GSSAPIEnablek5users.patch

@@ -28,7 +28,7 @@ diff -up openssh-7.4p1/servconf.c.GSSAPIEnablek5users openssh-7.4p1/servconf.c
 +	options->enable_k5users = -1;
  	options->password_authentication = -1;
  	options->kbd_interactive_authentication = -1;
-	options->permit_empty_passwd = -1;
+ 	options->challenge_response_authentication = -1;
 @@ -345,6 +346,8 @@ fill_default_server_options(ServerOption
  #endif
  	if (options->use_kuserok == -1)
@@ -38,16 +38,16 @@ diff -up openssh-7.4p1/servconf.c.GSSAPIEnablek5users openssh-7.4p1/servconf.c
  	if (options->password_authentication == -1)
  		options->password_authentication = 1;
  	if (options->kbd_interactive_authentication == -1)
-@@ -578,7 +578,7 @@ typedef enum {
+@@ -418,7 +421,7 @@ typedef enum {
- 	sHostKeyAlgorithms, sPerSourceMaxStartups, sPerSourceNetBlockSize,
+ 	sHostbasedUsesNameFromPacketOnly, sHostbasedAcceptedKeyTypes,
- 	sPerSourcePenalties, sPerSourcePenaltyExemptList,
+ 	sHostKeyAlgorithms,
  	sClientAliveInterval, sClientAliveCountMax, sAuthorizedKeysFile,
 -	sGssAuthentication, sGssCleanupCreds, sGssStrictAcceptor,
 +	sGssAuthentication, sGssCleanupCreds, sGssEnablek5users, sGssStrictAcceptor,
  	sGssKeyEx, sGssKexAlgorithms, sGssStoreRekey,
  	sAcceptEnv, sSetEnv, sPermitTunnel,
  	sMatch, sPermitOpen, sPermitListen, sForceCommand, sChrootDirectory,
-@@ -600,14 +600,16 @@ static struct {
+@@ -497,14 +500,16 @@ static struct {
  	{ "gssapikeyexchange", sGssKeyEx, SSHCFG_GLOBAL },
  	{ "gssapistorecredentialsonrekey", sGssStoreRekey, SSHCFG_GLOBAL },
  	{ "gssapikexalgorithms", sGssKexAlgorithms, SSHCFG_GLOBAL },
@@ -72,9 +72,9 @@ diff -up openssh-7.4p1/servconf.c.GSSAPIEnablek5users openssh-7.4p1/servconf.c
 +		intptr = &options->enable_k5users;
 +		goto parse_flag;
 +
-	case sMatch:
+ 	case sPermitListen:
-		if (cmdline)
+ 	case sPermitOpen:
-			fatal("Match directive not supported as a command-line "
+ 		if (opcode == sPermitListen) {
 @@ -2026,6 +2035,7 @@ copy_set_server_options(ServerOptions *d
  	M_CP_INTOPT(ip_qos_interactive);
  	M_CP_INTOPT(ip_qos_bulk);
@@ -122,13 +122,10 @@ diff -up openssh-7.4p1/sshd_config.GSSAPIEnablek5users openssh-7.4p1/sshd_config
 --- openssh-7.4p1/sshd_config.GSSAPIEnablek5users	2016-12-23 15:18:40.616216100 +0100
 +++ openssh-7.4p1/sshd_config	2016-12-23 15:18:40.631216103 +0100
 @@ -80,6 +80,7 @@ GSSAPIAuthentication yes
- #GSSAPICleanupCredentials yes
+ GSSAPICleanupCredentials no
  #GSSAPIStrictAcceptorCheck yes
  #GSSAPIKeyExchange no
 +#GSSAPIEnablek5users no
  
  # Set this to 'yes' to enable PAM authentication, account processing,
  # and session processing. If this is enabled, PAM authentication will
-diff -up openssh-9.8p1/servconf.c.xxx openssh-9.8p1/servconf.c
---- openssh-9.8p1/servconf.c.xxx	2024-07-11 13:51:19.969960781 +0200
-+++ openssh-9.8p1/servconf.c	2024-07-11 13:51:30.938231250 +0200

SOURCES/openssh-6.6p1-allow-ip-opts.patch

@@ -1,7 +1,7 @@
 diff -up openssh/sshd.c.ip-opts openssh/sshd.c
---- openssh/sshd-session.c.ip-opts	2016-07-25 13:58:48.998507834 +0200
+--- openssh/sshd.c.ip-opts	2016-07-25 13:58:48.998507834 +0200
-+++ openssh/sshd-session.c	2016-07-25 14:01:28.346469878 +0200
++++ openssh/sshd.c	2016-07-25 14:01:28.346469878 +0200
-@@ -1507,12 +1507,32 @@ check_ip_options(struct ssh *ssh)
+@@ -1507,12 +1507,29 @@ check_ip_options(struct ssh *ssh)
  
  	if (getsockopt(sock_in, IPPROTO_IP, IP_OPTIONS, opts,
  	    &option_size) >= 0 && option_size != 0) {
@@ -21,14 +21,11 @@ diff -up openssh/sshd.c.ip-opts openssh/sshd.c
 +				case 130:
 +				case 133:
 +				case 134:
-+					if (i + 1 < option_size && opts[i + 1] >= 2) {
++					i += opts[i + 1];
-+						i += opts[i + 1];
++					break;
-+						break;
-+					}
-+					/* FALLTHROUGH */
 +				default:
 +				/* Fail, fatally, if we detect either loose or strict
-+			 	 * or incorrect source routing options. */
++			 	 * source routing options. */
 +					text[0] = '\0';
 +					for (i = 0; i < option_size; i++)
 +						snprintf(text + i*3, sizeof(text) - i*3,
@@ -38,5 +35,5 @@ diff -up openssh/sshd.c.ip-opts openssh/sshd.c
 +			}
 +		} while (i < option_size);
  	}
+ 	return;
  #endif /* IP_OPTIONS */
- }

SOURCES/openssh-6.6p1-ctr-cavstest.patch

@@ -0,0 +1,257 @@
+diff -up openssh-6.8p1/Makefile.in.ctr-cavs openssh-6.8p1/Makefile.in
+--- openssh-6.8p1/Makefile.in.ctr-cavs	2015-03-18 11:22:05.493289018 +0100
++++ openssh-6.8p1/Makefile.in	2015-03-18 11:22:44.504196316 +0100
+@@ -28,6 +28,7 @@ SSH_KEYSIGN=$(libexecdir)/ssh-keysign
+ SSH_LDAP_HELPER=$(libexecdir)/ssh-ldap-helper
+ SSH_LDAP_WRAPPER=$(libexecdir)/ssh-ldap-wrapper
+ SSH_KEYCAT=$(libexecdir)/ssh-keycat
++CTR_CAVSTEST=$(libexecdir)/ctr-cavstest
+ SSH_PKCS11_HELPER=$(libexecdir)/ssh-pkcs11-helper
+ PRIVSEP_PATH=@PRIVSEP_PATH@
+ SSH_PRIVSEP_USER=@SSH_PRIVSEP_USER@
+@@ -66,7 +67,7 @@ EXEEXT=@EXEEXT@
+ MKDIR_P=@MKDIR_P@
+ INSTALL_SSH_LDAP_HELPER=@INSTALL_SSH_LDAP_HELPER@
+ 
+-TARGETS=ssh$(EXEEXT) sshd$(EXEEXT) ssh-add$(EXEEXT) ssh-keygen$(EXEEXT) ssh-keyscan${EXEEXT} ssh-keysign${EXEEXT} ssh-pkcs11-helper$(EXEEXT) ssh-agent$(EXEEXT) scp$(EXEEXT) sftp-server$(EXEEXT) sftp$(EXEEXT) ssh-ldap-helper$(EXEEXT) ssh-keycat$(EXEEXT)
++TARGETS=ssh$(EXEEXT) sshd$(EXEEXT) ssh-add$(EXEEXT) ssh-keygen$(EXEEXT) ssh-keyscan${EXEEXT} ssh-keysign${EXEEXT} ssh-pkcs11-helper$(EXEEXT) ssh-agent$(EXEEXT) scp$(EXEEXT) sftp-server$(EXEEXT) sftp$(EXEEXT) ssh-ldap-helper$(EXEEXT) ssh-keycat$(EXEEXT) ctr-cavstest$(EXEEXT)
+ 
+ XMSS_OBJS=\
+ 	ssh-xmss.o \
+@@ -194,6 +195,9 @@ ssh-ldap-helper$(EXEEXT): $(LIBCOMPAT) l
+ ssh-keycat$(EXEEXT): $(LIBCOMPAT) $(SSHDOBJS) libssh.a ssh-keycat.o uidswap.o
+ 	$(LD) -o $@ ssh-keycat.o uidswap.o $(LDFLAGS) -lssh -lopenbsd-compat $(KEYCATLIBS) $(LIBS)
+ 
++ctr-cavstest$(EXEEXT): $(LIBCOMPAT) libssh.a ctr-cavstest.o
++	$(LD) -o $@ ctr-cavstest.o $(LDFLAGS) -lssh -lopenbsd-compat -lssh $(LIBS)
++
+ ssh-keyscan$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-keyscan.o
+ 	$(LD) -o $@ ssh-keyscan.o $(LDFLAGS) -lssh -lopenbsd-compat -lssh $(LIBS)
+ 
+@@ -326,6 +330,7 @@ install-files:
+ 		$(INSTALL) -m 0700 ssh-ldap-wrapper $(DESTDIR)$(SSH_LDAP_WRAPPER) ; \
+ 	fi
+ 	$(INSTALL) -m 0755 $(STRIP_OPT) ssh-keycat$(EXEEXT) $(DESTDIR)$(libexecdir)/ssh-keycat$(EXEEXT)
++	$(INSTALL) -m 0755 $(STRIP_OPT) ctr-cavstest$(EXEEXT) $(DESTDIR)$(libexecdir)/ctr-cavstest$(EXEEXT)
+ 	$(INSTALL) -m 0755 $(STRIP_OPT) sftp$(EXEEXT) $(DESTDIR)$(bindir)/sftp$(EXEEXT)
+ 	$(INSTALL) -m 0755 $(STRIP_OPT) sftp-server$(EXEEXT) $(DESTDIR)$(SFTP_SERVER)$(EXEEXT)
+ 	$(INSTALL) -m 644 ssh.1.out $(DESTDIR)$(mandir)/$(mansubdir)1/ssh.1
+diff -up openssh-6.8p1/ctr-cavstest.c.ctr-cavs openssh-6.8p1/ctr-cavstest.c
+--- openssh-6.8p1/ctr-cavstest.c.ctr-cavs	2015-03-18 11:22:05.521288952 +0100
++++ openssh-6.8p1/ctr-cavstest.c	2015-03-18 11:22:05.521288952 +0100
+@@ -0,0 +1,215 @@
++/*
++ *
++ * invocation (all of the following are equal):
++ * ./ctr-cavstest --algo aes128-ctr --key 987212980144b6a632e864031f52dacc --mode encrypt --data a6deca405eef2e8e4609abf3c3ccf4a6
++ * ./ctr-cavstest --algo aes128-ctr --key 987212980144b6a632e864031f52dacc --mode encrypt --data a6deca405eef2e8e4609abf3c3ccf4a6 --iv 00000000000000000000000000000000
++ * echo -n a6deca405eef2e8e4609abf3c3ccf4a6 | ./ctr-cavstest --algo aes128-ctr --key 987212980144b6a632e864031f52dacc --mode encrypt
++ */
++
++#include "includes.h"
++
++#include <sys/types.h>
++#include <sys/param.h>
++#include <stdarg.h>
++#include <stdio.h>
++#include <stdlib.h>
++#include <string.h>
++#include <ctype.h>
++
++#include "xmalloc.h"
++#include "log.h"
++#include "ssherr.h"
++#include "cipher.h"
++
++/* compatibility with old or broken OpenSSL versions */
++#include "openbsd-compat/openssl-compat.h"
++
++void usage(void) {
++        fprintf(stderr, "Usage: ctr-cavstest --algo <ssh-crypto-algorithm>\n"
++                        "                    --key <hexadecimal-key> --mode <encrypt|decrypt>\n"
++                        "                    [--iv <hexadecimal-iv>] --data <hexadecimal-data>\n\n"
++                        "Hexadecimal output is printed to stdout.\n"
++                        "Hexadecimal input data can be alternatively read from stdin.\n");
++        exit(1);
++}
++
++void *fromhex(char *hex, size_t *len)
++{
++        unsigned char *bin;
++        char *p;
++        size_t n = 0;
++        int shift = 4;
++        unsigned char out = 0;
++        unsigned char *optr;
++
++        bin = xmalloc(strlen(hex)/2);
++        optr = bin;
++
++        for (p = hex; *p != '\0'; ++p) {
++                unsigned char c;
++
++                c = *p;
++                if (isspace(c))
++                        continue;
++
++                if (c >= '0' && c <= '9') {
++                        c = c - '0';
++                } else if (c >= 'A' && c <= 'F') {
++                        c = c - 'A' + 10;
++                } else if (c >= 'a' && c <= 'f') {
++                        c = c - 'a' + 10;
++                } else {
++                        /* truncate on nonhex cipher */
++                        break;
++                }
++
++                out |= c << shift;
++                shift = (shift + 4) % 8;
++
++                if (shift) {
++                        *(optr++) = out;
++                        out = 0;
++                        ++n;
++                }
++        }
++
++        *len = n;
++        return bin;
++}
++
++#define READ_CHUNK 4096
++#define MAX_READ_SIZE 1024*1024*100
++char *read_stdin(void)
++{
++        char *buf;
++        size_t n, total = 0;
++
++        buf = xmalloc(READ_CHUNK);
++
++        do {
++                n = fread(buf + total, 1, READ_CHUNK, stdin);
++                if (n < READ_CHUNK) /* terminate on short read */
++                        break;
++
++                total += n;
++                buf = xreallocarray(buf, total + READ_CHUNK, 1);
++        } while(total < MAX_READ_SIZE);
++        return buf;
++}
++
++int main (int argc, char *argv[])
++{
++
++        const struct sshcipher *c;
++        struct sshcipher_ctx *cc;
++        char *algo = "aes128-ctr";
++        char *hexkey = NULL;
++        char *hexiv = "00000000000000000000000000000000";
++        char *hexdata = NULL;
++        char *p;
++        int i, r;
++        int encrypt = 1;
++        void *key;
++        size_t keylen;
++        void *iv;
++        size_t ivlen;
++        void *data;
++        size_t datalen;
++        void *outdata;
++
++        for (i = 1; i < argc; ++i) {
++                if (strcmp(argv[i], "--algo") == 0) {
++                        algo = argv[++i];
++                } else if (strcmp(argv[i], "--key") == 0) {
++                        hexkey = argv[++i];
++                } else if (strcmp(argv[i], "--mode") == 0) {
++                        ++i;
++                        if (argv[i] == NULL) {
++                                usage();
++                        }
++                        if (strncmp(argv[i], "enc", 3) == 0) {
++                                encrypt = 1;
++                        } else if (strncmp(argv[i], "dec", 3) == 0) {
++                                encrypt = 0;
++                        } else {
++                                usage();
++                        }
++                } else if (strcmp(argv[i], "--iv") == 0) {
++                        hexiv = argv[++i];
++                } else if (strcmp(argv[i], "--data") == 0) {
++                        hexdata = argv[++i];
++                }
++        }
++
++        if (hexkey == NULL || algo == NULL) {
++                usage();
++        }
++
++	OpenSSL_add_all_algorithms();
++
++	c = cipher_by_name(algo);
++	if (c == NULL) {
++		fprintf(stderr, "Error: unknown algorithm\n");
++		return 2;
++	}
++
++        if (hexdata == NULL) {
++                hexdata = read_stdin();
++        } else {
++                hexdata = xstrdup(hexdata);
++        }
++
++        key = fromhex(hexkey, &keylen);
++
++	if (keylen != 16 && keylen != 24 && keylen == 32) {
++		fprintf(stderr, "Error: unsupported key length\n");
++		return 2;
++	}
++
++        iv = fromhex(hexiv, &ivlen);
++
++        if (ivlen != 16) {
++		fprintf(stderr, "Error: unsupported iv length\n");
++		return 2;
++        }
++
++        data = fromhex(hexdata, &datalen);
++
++	if (data == NULL || datalen == 0) {
++		fprintf(stderr, "Error: no data to encrypt/decrypt\n");
++		return 2;
++	}
++
++	if ((r = cipher_init(&cc, c, key, keylen, iv, ivlen, encrypt)) != 0) {
++		fprintf(stderr, "Error: cipher_init failed: %s\n", ssh_err(r));
++		return 2;
++	}
++
++	free(key);
++	free(iv);
++
++	outdata = malloc(datalen);
++	if(outdata == NULL) {
++		fprintf(stderr, "Error: memory allocation failure\n");
++		return 2;
++	}
++
++	if ((r = cipher_crypt(cc, 0, outdata, data, datalen, 0, 0)) != 0) {
++		fprintf(stderr, "Error: cipher_crypt failed: %s\n", ssh_err(r));
++		return 2;
++	}
++
++	free(data);
++
++	cipher_free(cc);
++
++        for (p = outdata; datalen > 0; ++p, --datalen) {
++		printf("%02X", (unsigned char)*p);
++	}
++
++        free(outdata);
++
++        printf("\n");
++        return 0;
++}
++

SOURCES/openssh-6.6p1-keycat.patch

@@ -1,10 +1,10 @@
-diff -up openssh/misc.c.keycat openssh/misc.c
+diff -up openssh/auth.c.keycat openssh/misc.c
---- openssh/misc.c.keycat	2015-06-24 10:57:50.158849606 +0200
+--- openssh/auth.c.keycat	2015-06-24 10:57:50.158849606 +0200
-+++ openssh/misc.c	2015-06-24 11:04:23.989868638 +0200
++++ openssh/auth.c	2015-06-24 11:04:23.989868638 +0200
-@@ -966,6 +966,13 @@ subprocess(const char *tag, struct passw
+@@ -966,6 +966,14 @@ subprocess(const char *tag, struct passw
- 			error("%s: dup2: %s", tag, strerror(errno));
  			_exit(1);
  		}
+ 
 +#ifdef WITH_SELINUX
 +		if (sshd_selinux_setup_env_variables() < 0) {
 +			error ("failed to copy environment:  %s",
@@ -12,9 +12,10 @@ diff -up openssh/misc.c.keycat openssh/misc.c
 +			_exit(127);
 +		}
 +#endif
- 		if (env != NULL)
++
- 			execve(av[0], av, env);
+ 		execve(av[0], av, child_env);
- 		else
+ 		error("%s exec \"%s\": %s", tag, command, strerror(errno));
+ 		_exit(127);
 diff -up openssh/HOWTO.ssh-keycat.keycat openssh/HOWTO.ssh-keycat
 --- openssh/HOWTO.ssh-keycat.keycat	2015-06-24 10:57:50.157849608 +0200
 +++ openssh/HOWTO.ssh-keycat	2015-06-24 10:57:50.157849608 +0200
@@ -35,44 +36,44 @@ diff -up openssh/Makefile.in.keycat openssh/Makefile.in
 --- openssh/Makefile.in.keycat	2015-06-24 10:57:50.152849621 +0200
 +++ openssh/Makefile.in	2015-06-24 10:57:50.157849608 +0200
 @@ -27,6 +27,7 @@ SFTP_SERVER=$(libexecdir)/sftp-server
- ASKPASS_PROGRAM=$(libexecdir)/ssh-askpass
- SFTP_SERVER=$(libexecdir)/sftp-server
  SSH_KEYSIGN=$(libexecdir)/ssh-keysign
+ SSH_LDAP_HELPER=$(libexecdir)/ssh-ldap-helper
+ SSH_LDAP_WRAPPER=$(libexecdir)/ssh-ldap-wrapper
 +SSH_KEYCAT=$(libexecdir)/ssh-keycat
- SSHD_SESSION=$(libexecdir)/sshd-session
  SSH_PKCS11_HELPER=$(libexecdir)/ssh-pkcs11-helper
- SSH_SK_HELPER=$(libexecdir)/ssh-sk-helper
+ PRIVSEP_PATH=@PRIVSEP_PATH@
+ SSH_PRIVSEP_USER=@SSH_PRIVSEP_USER@
 @@ -52,6 +52,7 @@ K5LIBS=@K5LIBS@
- K5LIBS=@K5LIBS@
  GSSLIBS=@GSSLIBS@
+ SSHLIBS=@SSHLIBS@
  SSHDLIBS=@SSHDLIBS@
 +KEYCATLIBS=@KEYCATLIBS@
  LIBEDIT=@LIBEDIT@
- LIBFIDO2=@LIBFIDO2@
  AR=@AR@
+ AWK=@AWK@
 @@ -65,7 +66,7 @@ EXEEXT=@EXEEXT@
+ MKDIR_P=@MKDIR_P@
+ INSTALL_SSH_LDAP_HELPER=@INSTALL_SSH_LDAP_HELPER@
  
- .SUFFIXES: .lo
+-TARGETS=ssh$(EXEEXT) sshd$(EXEEXT) ssh-add$(EXEEXT) ssh-keygen$(EXEEXT) ssh-keyscan${EXEEXT} ssh-keysign${EXEEXT} ssh-pkcs11-helper$(EXEEXT) ssh-agent$(EXEEXT) scp$(EXEEXT) sftp-server$(EXEEXT) sftp$(EXEEXT) ssh-ldap-helper$(EXEEXT)
- 
++TARGETS=ssh$(EXEEXT) sshd$(EXEEXT) ssh-add$(EXEEXT) ssh-keygen$(EXEEXT) ssh-keyscan${EXEEXT} ssh-keysign${EXEEXT} ssh-pkcs11-helper$(EXEEXT) ssh-agent$(EXEEXT) scp$(EXEEXT) sftp-server$(EXEEXT) sftp$(EXEEXT) ssh-ldap-helper$(EXEEXT) ssh-keycat$(EXEEXT)
--TARGETS=ssh$(EXEEXT) sshd$(EXEEXT) sshd-session$(EXEEXT) ssh-add$(EXEEXT) ssh-keygen$(EXEEXT) ssh-keyscan${EXEEXT} ssh-keysign${EXEEXT} ssh-pkcs11-helper$(EXEEXT) ssh-agent$(EXEEXT) scp$(EXEEXT) sftp-server$(EXEEXT) sftp$(EXEEXT) ssh-sk-helper$(EXEEXT)
-+TARGETS=ssh$(EXEEXT) sshd$(EXEEXT) sshd-session$(EXEEXT) ssh-add$(EXEEXT) ssh-keygen$(EXEEXT) ssh-keyscan${EXEEXT} ssh-keysign${EXEEXT} ssh-pkcs11-helper$(EXEEXT) ssh-agent$(EXEEXT) scp$(EXEEXT) sftp-server$(EXEEXT) sftp$(EXEEXT) ssh-sk-helper$(EXEEXT) ssh-keycat$(EXEEXT)
  
  XMSS_OBJS=\
  	ssh-xmss.o \
 @@ -190,6 +191,9 @@ ssh-pkcs11-helper$(EXEEXT): $(LIBCOMPAT)
- ssh-sk-helper$(EXEEXT): $(LIBCOMPAT) libssh.a $(SKHELPER_OBJS)
+ ssh-ldap-helper$(EXEEXT): $(LIBCOMPAT) libssh.a ldapconf.o ldapbody.o ldapmisc.o ldap-helper.o
- 	$(LD) -o $@ $(SKHELPER_OBJS) $(LDFLAGS) -lssh -lopenbsd-compat -lssh -lopenbsd-compat $(LIBS) $(LIBFIDO2) $(CHANNELLIBS)
+ 	$(LD) -o $@ ldapconf.o ldapbody.o ldapmisc.o ldap-helper.o $(LDFLAGS) -lssh -lopenbsd-compat -lssh -lopenbsd-compat $(LIBS) $(LDAPLIBS)
  
 +ssh-keycat$(EXEEXT): $(LIBCOMPAT) $(SSHDOBJS) libssh.a ssh-keycat.o uidswap.o
 +	$(LD) -o $@ ssh-keycat.o uidswap.o $(LDFLAGS) -lssh -lopenbsd-compat $(KEYCATLIBS) $(LIBS)
 +
- ssh-keyscan$(EXEEXT): $(LIBCOMPAT) libssh.a $(SSHKEYSCAN_OBJS)
+ ssh-keyscan$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-keyscan.o
- 	$(LD) -o $@ $(SSHKEYSCAN_OBJS) $(LDFLAGS) -lssh -lopenbsd-compat -lssh $(LIBS) $(CHANNELLIBS)
+ 	$(LD) -o $@ ssh-keyscan.o $(LDFLAGS) -lssh -lopenbsd-compat -lssh $(LIBS)
  
 @@ -321,6 +325,7 @@ install-files:
- 	$(INSTALL) -m 4711 $(STRIP_OPT) ssh-keysign$(EXEEXT) $(DESTDIR)$(SSH_KEYSIGN)$(EXEEXT)
+ 		$(INSTALL) -m 0700 $(STRIP_OPT) ssh-ldap-helper $(DESTDIR)$(SSH_LDAP_HELPER) ; \
- 	$(INSTALL) -m 0755 $(STRIP_OPT) ssh-pkcs11-helper$(EXEEXT) $(DESTDIR)$(SSH_PKCS11_HELPER)$(EXEEXT)
+ 		$(INSTALL) -m 0700 ssh-ldap-wrapper $(DESTDIR)$(SSH_LDAP_WRAPPER) ; \
- 	$(INSTALL) -m 0755 $(STRIP_OPT) ssh-sk-helper$(EXEEXT) $(DESTDIR)$(SSH_SK_HELPER)$(EXEEXT)
+ 	fi
 +	$(INSTALL) -m 0755 $(STRIP_OPT) ssh-keycat$(EXEEXT) $(DESTDIR)$(libexecdir)/ssh-keycat$(EXEEXT)
  	$(INSTALL) -m 0755 $(STRIP_OPT) sftp$(EXEEXT) $(DESTDIR)$(bindir)/sftp$(EXEEXT)
  	$(INSTALL) -m 0755 $(STRIP_OPT) sftp-server$(EXEEXT) $(DESTDIR)$(SFTP_SERVER)$(EXEEXT)
@@ -95,8 +96,8 @@ diff -up openssh/openbsd-compat/port-linux-sshd.c.keycat openssh/openbsd-compat/
 --- openssh/openbsd-compat/port-linux-sshd.c.keycat	2015-06-24 10:57:50.150849626 +0200
 +++ openssh/openbsd-compat/port-linux-sshd.c	2015-06-24 10:57:50.159849603 +0200
 @@ -54,6 +54,20 @@ extern Authctxt *the_authctxt;
- extern Authctxt *the_authctxt;
  extern int inetd_flag;
+ extern int rexeced_flag;
  
 +/* Wrapper around is_selinux_enabled() to log its return value once only */
 +int
@@ -131,7 +132,7 @@ diff -up openssh/openbsd-compat/port-linux-sshd.c.keycat openssh/openbsd-compat/
 -	rv = do_pam_putenv("SELINUX_ROLE_REQUESTED", role ? role : "");
 +	rv = set_it("SELINUX_ROLE_REQUESTED", role ? role : "");
  
- 	if (inetd_flag) {
+ 	if (inetd_flag && !rexeced_flag) {
  		use_current = "1";
  	} else {
  		use_current = "";
@@ -465,16 +466,16 @@ index 3bbccfd..6481f1f 100644
  				esac
  			fi
 @@ -4042,6 +4044,7 @@ AC_ARG_WITH([selinux],
- 	fi ]
  )
+ AC_SUBST([SSHLIBS])
  AC_SUBST([SSHDLIBS])
 +AC_SUBST([KEYCATLIBS])
  
  # Check whether user wants Kerberos 5 support
  KRB5_MSG="no"
 @@ -5031,6 +5034,9 @@ fi
- if test ! -z "${SSHDLIBS}"; then
+ if test ! -z "${SSHLIBS}"; then
- echo "         +for sshd: ${SSHDLIBS}"
+ echo "          +for ssh: ${SSHLIBS}"
  fi
 +if test ! -z "${KEYCATLIBS}"; then
 +echo "   +for ssh-keycat: ${KEYCATLIBS}"

SOURCES/openssh-6.6p1-keyperm.patch

@@ -0,0 +1,26 @@
+diff --git a/authfile.c b/authfile.c
+index e93d867..4fc5b3d 100644
+--- a/authfile.c
++++ b/authfile.c
+@@ -32,6 +32,7 @@
+ 
+ #include <errno.h>
+ #include <fcntl.h>
++#include <grp.h>
+ #include <stdio.h>
+ #include <stdarg.h>
+ #include <stdlib.h>
+@@ -207,6 +208,13 @@ sshkey_perm_ok(int fd, const char *filename)
+ #ifdef HAVE_CYGWIN
+ 	if (check_ntsec(filename))
+ #endif
++	if (st.st_mode & 040) {
++		struct group *gr;
++
++		if ((gr = getgrnam("ssh_keys")) && (st.st_gid == gr->gr_gid))
++			st.st_mode &= ~040;
++	}
++
+ 	if ((st.st_uid == getuid()) && (st.st_mode & 077) != 0) {
+ 		error("@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@");
+ 		error("@         WARNING: UNPROTECTED PRIVATE KEY FILE!          @");

SOURCES/openssh-6.6p1-kuserok.patch

@@ -155,8 +155,8 @@ diff -up openssh-7.4p1/gss-serv-krb5.c.kuserok openssh-7.4p1/gss-serv-krb5.c
  	 * because if they are on a krb5-protected filesystem, user credentials
  	 * to access these files aren't available yet. */
 -	if (krb5_kuserok(krb_context, princ, name) && k5login_exists) {
-+	if (k5login_exists &&
++	if (ssh_krb5_kuserok(krb_context, princ, name, k5login_exists)
-+	    ssh_krb5_kuserok(krb_context, princ, name, k5login_exists)) {
++			&& k5login_exists) {
  		retval = 1;
  		logit("Authorized to %s, krb5 principal %s (krb5_kuserok)",
  		    name, (char *)client->displayname.value);
@@ -182,7 +182,7 @@ diff -up openssh-7.4p1/servconf.c.kuserok openssh-7.4p1/servconf.c
 +	options->use_kuserok = -1;
  	options->password_authentication = -1;
  	options->kbd_interactive_authentication = -1;
-	options->permit_empty_passwd = -1;
+ 	options->challenge_response_authentication = -1;
 @@ -278,6 +279,8 @@ fill_default_server_options(ServerOption
  	if (options->gss_kex_algorithms == NULL)
  		options->gss_kex_algorithms = strdup(GSS_KEX_DEFAULT_KEX);
@@ -193,14 +193,14 @@ diff -up openssh-7.4p1/servconf.c.kuserok openssh-7.4p1/servconf.c
  		options->password_authentication = 1;
  	if (options->kbd_interactive_authentication == -1)
 @@ -399,7 +402,7 @@ typedef enum {
-	sPort, sHostKeyFile, sLoginGraceTime,
+ 	sPermitRootLogin, sLogFacility, sLogLevel,
-	sPermitRootLogin, sLogFacility, sLogLevel, sLogVerbose,
+ 	sRhostsRSAAuthentication, sRSAAuthentication,
-	sKerberosAuthentication, sKerberosOrLocalPasswd, sKerberosTicketCleanup,
+ 	sKerberosAuthentication, sKerberosOrLocalPasswd, sKerberosTicketCleanup,
--	sKerberosGetAFSToken, sKerberosUniqueCCache, sPasswordAuthentication,
+-	sKerberosGetAFSToken, sKerberosUniqueCCache,
-+	sKerberosGetAFSToken, sKerberosUniqueCCache, sKerberosUseKuserok, sPasswordAuthentication,
++	sKerberosGetAFSToken, sKerberosUniqueCCache, sKerberosUseKuserok,
-	sKbdInteractiveAuthentication, sListenAddress, sAddressFamily,
+ 	sChallengeResponseAuthentication,
-	sPrintMotd, sPrintLastLog, sIgnoreRhosts,
+ 	sPasswordAuthentication, sKbdInteractiveAuthentication,
-	sX11Forwarding, sX11DisplayOffset, sX11UseLocalhost,
+ 	sListenAddress, sAddressFamily,
 @@ -478,12 +481,14 @@ static struct {
  	{ "kerberosgetafstoken", sUnsupported, SSHCFG_GLOBAL },
  #endif
@@ -217,16 +217,16 @@ diff -up openssh-7.4p1/servconf.c.kuserok openssh-7.4p1/servconf.c
  	{ "kerberostgtpassing", sUnsupported, SSHCFG_GLOBAL },
  	{ "afstokenpassing", sUnsupported, SSHCFG_GLOBAL },
 @@ -1644,6 +1649,10 @@ process_server_config_line(ServerOptions
-		}
+ 		*activep = value;
-		break;
+ 		break;
  
 +	case sKerberosUseKuserok:
 +		intptr = &options->use_kuserok;
 +		goto parse_flag;
 +
-	case sMatch:
+ 	case sPermitListen:
-		if (cmdline)
+ 	case sPermitOpen:
-			fatal("Match directive not supported as a command-line "
+ 		if (opcode == sPermitListen) {
 @@ -2016,6 +2025,7 @@ copy_set_server_options(ServerOptions *d
  	M_CP_INTOPT(client_alive_interval);
  	M_CP_INTOPT(ip_qos_interactive);
@@ -266,8 +266,8 @@ diff -up openssh-7.4p1/sshd_config.5.kuserok openssh-7.4p1/sshd_config.5
 +The default is
 +.Cm yes .
  .It Cm KexAlgorithms
- Specifies the permitted KEX (Key Exchange) algorithms that the server will
+ Specifies the available KEX (Key Exchange) algorithms.
- offer to clients.
+ Multiple algorithms must be comma-separated.
 @@ -1078,6 +1082,7 @@ Available keywords are
  .Cm IPQoS ,
  .Cm KbdInteractiveAuthentication ,
@@ -286,4 +286,4 @@ diff -up openssh-7.4p1/sshd_config.kuserok openssh-7.4p1/sshd_config
 +#KerberosUseKuserok yes
  
  # GSSAPI options
- #GSSAPIAuthentication no
+ GSSAPIAuthentication yes

SOURCES/openssh-6.6p1-privsep-selinux.patch

@@ -13,7 +13,7 @@ diff -up openssh-7.4p1/openbsd-compat/port-linux-sshd.c.privsep-selinux openssh-
 --- openssh-7.4p1/openbsd-compat/port-linux-sshd.c.privsep-selinux	2016-12-23 18:58:52.973122201 +0100
 +++ openssh-7.4p1/openbsd-compat/port-linux-sshd.c	2016-12-23 18:58:52.974122201 +0100
 @@ -419,6 +419,28 @@ sshd_selinux_setup_exec_context(char *pw
- 	debug3_f("done");
+ 	debug3("%s: done", __func__);
  }
  
 +void
@@ -25,15 +25,15 @@ diff -up openssh-7.4p1/openbsd-compat/port-linux-sshd.c.privsep-selinux openssh-
 +		return;
 +
 +	if (getexeccon((security_context_t *)&ctx) != 0) {
-+		logit_f("getexeccon failed with %s", strerror(errno));
++		logit("%s: getexeccon failed with %s", __func__, strerror(errno));
 +		return;
 +	}
 +	if (ctx != NULL) {
 +		/* unset exec context before we will lose this capabililty */
 +		if (setexeccon(NULL) != 0)
-+			fatal_f("setexeccon failed with %s", strerror(errno));
++			fatal("%s: setexeccon failed with %s", __func__, strerror(errno));
 +		if (setcon(ctx) != 0)
-+			fatal_f("setcon failed with %s", strerror(errno));
++			fatal("%s: setcon failed with %s", __func__, strerror(errno));
 +		freecon(ctx);
 +	}
 +}
@@ -49,7 +49,7 @@ diff -up openssh-7.4p1/session.c.privsep-selinux openssh-7.4p1/session.c
  	platform_setusercontext(pw);
  
 -	if (platform_privileged_uidswap()) {
-+	if (platform_privileged_uidswap() && !is_child) {
++	if (platform_privileged_uidswap() && (!is_child || !use_privsep)) {
  #ifdef HAVE_LOGIN_CAP
  		if (setusercontext(lc, pw, pw->pw_uid,
  		    (LOGIN_SETALL & ~(LOGIN_SETPATH|LOGIN_SETUSER))) < 0) {
@@ -96,8 +96,8 @@ diff -up openssh-7.4p1/session.c.privsep-selinux openssh-7.4p1/session.c
  	}
  
 diff -up openssh-7.4p1/sshd.c.privsep-selinux openssh-7.4p1/sshd.c
---- openssh-7.4p1/sshd-session.c.privsep-selinux	2016-12-23 18:58:52.973122201 +0100
+--- openssh-7.4p1/sshd.c.privsep-selinux	2016-12-23 18:58:52.973122201 +0100
-+++ openssh-7.4p1/sshd-session.c	2016-12-23 18:59:13.808124269 +0100
++++ openssh-7.4p1/sshd.c	2016-12-23 18:59:13.808124269 +0100
 @@ -540,6 +540,10 @@ privsep_preauth_child(void)
  	/* Demote the private keys to public keys. */
  	demote_sensitive_data();
@@ -109,12 +109,13 @@ diff -up openssh-7.4p1/sshd.c.privsep-selinux openssh-7.4p1/sshd.c
  	/* Demote the child */
  	if (privsep_chroot) {
  		/* Change our root directory */
-@@ -403,7 +403,7 @@ privsep_postauth(struct ssh *ssh, Authct
+@@ -633,6 +637,9 @@ privsep_postauth(Authctxt *authctxt)
- 	 * fd passing, as AFAIK PTY allocation on this platform doesn't require
+ {
- 	 * special privileges to begin with.
+ #ifdef DISABLE_FD_PASSING
- 	 */
+ 	if (1) {
--#if defined(DISABLE_FD_PASSING) && !defined(HAVE_CYGWIN)
++#elif defined(WITH_SELINUX)
-+#if defined(DISABLE_FD_PASSING) && !defined(HAVE_CYGWIN) && !defined(WITH_SELINUX)
++	if (0) {
- 	skip_privdrop = 1;
++		/* even root user can be confined by SELinux */
+ #else
+ 	if (authctxt->pw->pw_uid == 0) {
  #endif
- 

SOURCES/openssh-6.7p1-coverity.patch

@@ -0,0 +1,177 @@
+diff -up openssh-8.0p1/channels.c.coverity openssh-8.0p1/channels.c
+--- openssh-8.0p1/channels.c.coverity	2021-06-21 10:59:17.297473319 +0200
++++ openssh-8.0p1/channels.c	2021-06-21 11:11:32.467290400 +0200
+@@ -341,15 +341,15 @@ channel_register_fds(struct ssh *ssh, Ch
+ 		 * restore their blocking state on exit to avoid interfering
+ 		 * with other programs that follow.
+ 		 */
+-		if (rfd != -1 && !isatty(rfd) && fcntl(rfd, F_GETFL) == 0) {
++		if (rfd >= 0 && !isatty(rfd) && fcntl(rfd, F_GETFL) == 0) {
+ 			c->restore_block |= CHANNEL_RESTORE_RFD;
+ 			set_nonblock(rfd);
+ 		}
+-		if (wfd != -1 && !isatty(wfd) && fcntl(wfd, F_GETFL) == 0) {
++		if (wfd >= 0 && !isatty(wfd) && fcntl(wfd, F_GETFL) == 0) {
+ 			c->restore_block |= CHANNEL_RESTORE_WFD;
+ 			set_nonblock(wfd);
+ 		}
+-		if (efd != -1 && !isatty(efd) && fcntl(efd, F_GETFL) == 0) {
++		if (efd >= 0 && !isatty(efd) && fcntl(efd, F_GETFL) == 0) {
+ 			c->restore_block |= CHANNEL_RESTORE_EFD;
+ 			set_nonblock(efd);
+ 		}
+diff -up openssh-8.0p1/monitor.c.coverity openssh-8.0p1/monitor.c
+--- openssh-8.0p1/monitor.c.coverity	2021-06-21 10:59:17.282473202 +0200
++++ openssh-8.0p1/monitor.c	2021-06-21 10:59:17.297473319 +0200
+@@ -401,7 +401,7 @@ monitor_child_preauth(struct ssh *ssh, s
+ 	mm_get_keystate(ssh, pmonitor);
+ 
+ 	/* Drain any buffered messages from the child */
+-	while (pmonitor->m_log_recvfd != -1 && monitor_read_log(pmonitor) == 0)
++	while (pmonitor->m_log_recvfd >= 0 && monitor_read_log(pmonitor) == 0)
+ 		;
+ 
+ 	if (pmonitor->m_recvfd >= 0)
+diff -up openssh-7.4p1/monitor_wrap.c.coverity openssh-7.4p1/monitor_wrap.c
+--- openssh-7.4p1/monitor_wrap.c.coverity	2016-12-23 16:40:26.892788689 +0100
++++ openssh-7.4p1/monitor_wrap.c	2016-12-23 16:40:26.900788691 +0100
+@@ -525,10 +525,10 @@ mm_pty_allocate(int *ptyfd, int *ttyfd,
+ 	if ((tmp1 = dup(pmonitor->m_recvfd)) == -1 ||
+ 	    (tmp2 = dup(pmonitor->m_recvfd)) == -1) {
+ 		error("%s: cannot allocate fds for pty", __func__);
+-		if (tmp1 > 0)
++		if (tmp1 >= 0)
+ 			close(tmp1);
+-		if (tmp2 > 0)
+-			close(tmp2);
++		/*DEAD CODE if (tmp2 >= 0)
++			close(tmp2);*/
+ 		return 0;
+ 	}
+ 	close(tmp1);
+diff -up openssh-7.4p1/openbsd-compat/bindresvport.c.coverity openssh-7.4p1/openbsd-compat/bindresvport.c
+--- openssh-7.4p1/openbsd-compat/bindresvport.c.coverity	2016-12-19 05:59:41.000000000 +0100
++++ openssh-7.4p1/openbsd-compat/bindresvport.c	2016-12-23 16:40:26.901788691 +0100
+@@ -58,7 +58,7 @@ bindresvport_sa(int sd, struct sockaddr
+ 	struct sockaddr_in6 *in6;
+ 	u_int16_t *portp;
+ 	u_int16_t port;
+-	socklen_t salen;
++	socklen_t salen = sizeof(struct sockaddr_storage);
+ 	int i;
+ 
+ 	if (sa == NULL) {
+diff -up openssh-7.4p1/scp.c.coverity openssh-7.4p1/scp.c
+--- openssh-7.4p1/scp.c.coverity	2016-12-23 16:40:26.856788681 +0100
++++ openssh-7.4p1/scp.c	2016-12-23 16:40:26.901788691 +0100
+@@ -157,7 +157,7 @@ killchild(int signo)
+ {
+ 	if (do_cmd_pid > 1) {
+ 		kill(do_cmd_pid, signo ? signo : SIGTERM);
+-		waitpid(do_cmd_pid, NULL, 0);
++		(void) waitpid(do_cmd_pid, NULL, 0);
+ 	}
+ 
+ 	if (signo)
+diff -up openssh-7.4p1/servconf.c.coverity openssh-7.4p1/servconf.c
+--- openssh-7.4p1/servconf.c.coverity	2016-12-23 16:40:26.896788690 +0100
++++ openssh-7.4p1/servconf.c	2016-12-23 16:40:26.901788691 +0100
+@@ -1547,7 +1547,7 @@ process_server_config_line(ServerOptions
+ 			fatal("%s line %d: Missing subsystem name.",
+ 			    filename, linenum);
+ 		if (!*activep) {
+-			arg = strdelim(&cp);
++			/*arg =*/ (void) strdelim(&cp);
+ 			break;
+ 		}
+ 		for (i = 0; i < options->num_subsystems; i++)
+@@ -1638,8 +1638,9 @@ process_server_config_line(ServerOptions
+ 		if (*activep && *charptr == NULL) {
+ 			*charptr = tilde_expand_filename(arg, getuid());
+ 			/* increase optional counter */
+-			if (intptr != NULL)
+-				*intptr = *intptr + 1;
++			/* DEAD CODE intptr is still NULL ;)
++  			 if (intptr != NULL)
++				*intptr = *intptr + 1; */
+ 		}
+ 		break;
+ 
+diff -up openssh-7.4p1/serverloop.c.coverity openssh-7.4p1/serverloop.c
+--- openssh-7.4p1/serverloop.c.coverity	2016-12-19 05:59:41.000000000 +0100
++++ openssh-7.4p1/serverloop.c	2016-12-23 16:40:26.902788691 +0100
+@@ -125,13 +125,13 @@ notify_setup(void)
+ static void
+ notify_parent(void)
+ {
+-	if (notify_pipe[1] != -1)
++	if (notify_pipe[1] >= 0)
+ 		(void)write(notify_pipe[1], "", 1);
+ }
+ static void
+ notify_prepare(fd_set *readset)
+ {
+-	if (notify_pipe[0] != -1)
++	if (notify_pipe[0] >= 0)
+ 		FD_SET(notify_pipe[0], readset);
+ }
+ static void
+@@ -139,8 +139,8 @@ notify_done(fd_set *readset)
+ {
+ 	char c;
+ 
+-	if (notify_pipe[0] != -1 && FD_ISSET(notify_pipe[0], readset))
+-		while (read(notify_pipe[0], &c, 1) != -1)
++	if (notify_pipe[0] >= 0 && FD_ISSET(notify_pipe[0], readset))
++		while (read(notify_pipe[0], &c, 1) >= 0)
+ 			debug2("%s: reading", __func__);
+ }
+ 
+@@ -518,7 +518,7 @@ server_request_tun(void)
+ 		debug("%s: invalid tun", __func__);
+ 		goto done;
+ 	}
+-	if (auth_opts->force_tun_device != -1) {
++	if (auth_opts->force_tun_device >= 0) {
+ 		if (tun != SSH_TUNID_ANY &&
+ 		    auth_opts->force_tun_device != (int)tun)
+ 			goto done;
+diff -up openssh-7.4p1/ssh-agent.c.coverity openssh-7.4p1/ssh-agent.c
+--- openssh-7.4p1/ssh-agent.c.coverity	2016-12-19 05:59:41.000000000 +0100
++++ openssh-7.4p1/ssh-agent.c	2016-12-23 16:40:26.903788691 +0100
+@@ -1220,8 +1220,8 @@ main(int ac, char **av)
+ 	sanitise_stdfd();
+ 
+ 	/* drop */
+-	setegid(getgid());
+-	setgid(getgid());
++	(void) setegid(getgid());
++	(void) setgid(getgid());
+ 
+ 	platform_disable_tracing(0);	/* strict=no */
+ 
+diff -up openssh-7.4p1/sshd.c.coverity openssh-7.4p1/sshd.c
+--- openssh-7.4p1/sshd.c.coverity	2016-12-23 16:40:26.897788690 +0100
++++ openssh-7.4p1/sshd.c	2016-12-23 16:40:26.904788692 +0100
+@@ -691,8 +691,10 @@ privsep_preauth(Authctxt *authctxt)
+ 
+ 		privsep_preauth_child(ssh);
+ 		setproctitle("%s", "[net]");
+-		if (box != NULL)
++		if (box != NULL) {
+ 			ssh_sandbox_child(box);
++			free(box);
++		}
+ 
+ 		return 0;
+ 	}
+@@ -1386,6 +1388,9 @@ server_accept_loop(int *sock_in, int *so
+ 			explicit_bzero(rnd, sizeof(rnd));
+ 		}
+ 	}
++
++	if (fdset != NULL)
++		free(fdset);
+ }
+ 
+ /*

SOURCES/openssh-6.7p1-kdf-cavs.patch

@@ -0,0 +1,618 @@
+diff -up openssh-6.8p1/Makefile.in.kdf-cavs openssh-6.8p1/Makefile.in
+--- openssh-6.8p1/Makefile.in.kdf-cavs	2015-03-18 11:23:46.346049359 +0100
++++ openssh-6.8p1/Makefile.in	2015-03-18 11:24:20.395968445 +0100
+@@ -29,6 +29,7 @@ SSH_LDAP_HELPER=$(libexecdir)/ssh-ldap-h
+ SSH_LDAP_WRAPPER=$(libexecdir)/ssh-ldap-wrapper
+ SSH_KEYCAT=$(libexecdir)/ssh-keycat
+ CTR_CAVSTEST=$(libexecdir)/ctr-cavstest
++SSH_CAVS=$(libexecdir)/ssh-cavs
+ SSH_PKCS11_HELPER=$(libexecdir)/ssh-pkcs11-helper
+ PRIVSEP_PATH=@PRIVSEP_PATH@
+ SSH_PRIVSEP_USER=@SSH_PRIVSEP_USER@
+@@ -67,7 +68,7 @@ EXEEXT=@EXEEXT@
+ MKDIR_P=@MKDIR_P@
+ INSTALL_SSH_LDAP_HELPER=@INSTALL_SSH_LDAP_HELPER@
+ 
+-TARGETS=ssh$(EXEEXT) sshd$(EXEEXT) ssh-add$(EXEEXT) ssh-keygen$(EXEEXT) ssh-keyscan${EXEEXT} ssh-keysign${EXEEXT} ssh-pkcs11-helper$(EXEEXT) ssh-agent$(EXEEXT) scp$(EXEEXT) sftp-server$(EXEEXT) sftp$(EXEEXT) ssh-ldap-helper$(EXEEXT) ssh-keycat$(EXEEXT) ctr-cavstest$(EXEEXT)
++TARGETS=ssh$(EXEEXT) sshd$(EXEEXT) ssh-add$(EXEEXT) ssh-keygen$(EXEEXT) ssh-keyscan${EXEEXT} ssh-keysign${EXEEXT} ssh-pkcs11-helper$(EXEEXT) ssh-agent$(EXEEXT) scp$(EXEEXT) sftp-server$(EXEEXT) sftp$(EXEEXT) ssh-ldap-helper$(EXEEXT) ssh-keycat$(EXEEXT) ctr-cavstest$(EXEEXT) ssh-cavs$(EXEEXT)
+ 
+ XMSS_OBJS=\
+ 	ssh-xmss.o \
+@@ -198,6 +199,9 @@ ssh-keycat$(EXEEXT): $(LIBCOMPAT) $(SSHD
+ ctr-cavstest$(EXEEXT): $(LIBCOMPAT) libssh.a ctr-cavstest.o
+ 	$(LD) -o $@ ctr-cavstest.o $(LDFLAGS) -lssh -lopenbsd-compat -lssh $(LIBS)
+ 
++ssh-cavs$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-cavs.o
++	$(LD) -o $@ ssh-cavs.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS)
++
+ ssh-keyscan$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-keyscan.o
+ 	$(LD) -o $@ ssh-keyscan.o $(LDFLAGS) -lssh -lopenbsd-compat -lssh $(LIBS)
+ 
+@@ -331,6 +335,8 @@ install-files:
+ 	fi
+ 	$(INSTALL) -m 0755 $(STRIP_OPT) ssh-keycat$(EXEEXT) $(DESTDIR)$(libexecdir)/ssh-keycat$(EXEEXT)
+ 	$(INSTALL) -m 0755 $(STRIP_OPT) ctr-cavstest$(EXEEXT) $(DESTDIR)$(libexecdir)/ctr-cavstest$(EXEEXT)
++	$(INSTALL) -m 0755 $(STRIP_OPT) ssh-cavs$(EXEEXT) $(DESTDIR)$(libexecdir)/ssh-cavs$(EXEEXT)
++	$(INSTALL) -m 0755 $(STRIP_OPT) ssh-cavs_driver.pl $(DESTDIR)$(libexecdir)/ssh-cavs_driver.pl
+ 	$(INSTALL) -m 0755 $(STRIP_OPT) sftp$(EXEEXT) $(DESTDIR)$(bindir)/sftp$(EXEEXT)
+ 	$(INSTALL) -m 0755 $(STRIP_OPT) sftp-server$(EXEEXT) $(DESTDIR)$(SFTP_SERVER)$(EXEEXT)
+ 	$(INSTALL) -m 644 ssh.1.out $(DESTDIR)$(mandir)/$(mansubdir)1/ssh.1
+diff -up openssh-6.8p1/ssh-cavs.c.kdf-cavs openssh-6.8p1/ssh-cavs.c
+--- openssh-6.8p1/ssh-cavs.c.kdf-cavs	2015-03-18 11:23:46.348049354 +0100
++++ openssh-6.8p1/ssh-cavs.c	2015-03-18 11:23:46.348049354 +0100
+@@ -0,0 +1,387 @@
++/*
++ * Copyright (C) 2015, Stephan Mueller <smueller@chronox.de>
++ *
++ * Redistribution and use in source and binary forms, with or without
++ * modification, are permitted provided that the following conditions
++ * are met:
++ * 1. Redistributions of source code must retain the above copyright
++ *    notice, and the entire permission notice in its entirety,
++ *    including the disclaimer of warranties.
++ * 2. Redistributions in binary form must reproduce the above copyright
++ *    notice, this list of conditions and the following disclaimer in the
++ *    documentation and/or other materials provided with the distribution.
++ * 3. The name of the author may not be used to endorse or promote
++ *    products derived from this software without specific prior
++ *    written permission.
++ *
++ * ALTERNATIVELY, this product may be distributed under the terms of
++ * the GNU General Public License, in which case the provisions of the GPL2
++ * are required INSTEAD OF the above restrictions.  (This clause is
++ * necessary due to a potential bad interaction between the GPL and
++ * the restrictions contained in a BSD-style copyright.)
++ *
++ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED
++ * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
++ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE, ALL OF
++ * WHICH ARE HEREBY DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR BE
++ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
++ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT
++ * OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
++ * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
++ * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
++ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE
++ * USE OF THIS SOFTWARE, EVEN IF NOT ADVISED OF THE POSSIBILITY OF SUCH
++ * DAMAGE.
++ */
++
++#include "includes.h"
++
++#include <stdio.h>
++#include <stdlib.h>
++#include <errno.h>
++#include <sys/types.h>
++#include <string.h>
++
++#include <openssl/bn.h>
++
++#include "xmalloc.h"
++#include "sshbuf.h"
++#include "sshkey.h"
++#include "cipher.h"
++#include "kex.h"
++#include "packet.h"
++#include "digest.h"
++
++static int bin_char(unsigned char hex)
++{
++	if (48 <= hex && 57 >= hex)
++		return (hex - 48);
++	if (65 <= hex && 70 >= hex)
++		return (hex - 55);
++	if (97 <= hex && 102 >= hex)
++		return (hex - 87);
++	return 0;
++}
++
++/*
++ * Convert hex representation into binary string
++ * @hex input buffer with hex representation
++ * @hexlen length of hex
++ * @bin output buffer with binary data
++ * @binlen length of already allocated bin buffer (should be at least
++ *	   half of hexlen -- if not, only a fraction of hexlen is converted)
++ */
++static void hex2bin(const char *hex, size_t hexlen,
++		    unsigned char *bin, size_t binlen)
++{
++	size_t i = 0;
++	size_t chars = (binlen > (hexlen / 2)) ? (hexlen / 2) : binlen;
++
++	for (i = 0; i < chars; i++) {
++		bin[i] = bin_char(hex[(i*2)]) << 4;
++		bin[i] |= bin_char(hex[((i*2)+1)]);
++	}
++}
++
++/*
++ * Allocate sufficient space for binary representation of hex
++ * and convert hex into bin
++ *
++ * Caller must free bin
++ * @hex input buffer with hex representation
++ * @hexlen length of hex
++ * @bin return value holding the pointer to the newly allocated buffer
++ * @binlen return value holding the allocated size of bin
++ *
++ * return: 0 on success, !0 otherwise
++ */
++static int hex2bin_alloc(const char *hex, size_t hexlen,
++			 unsigned char **bin, size_t *binlen)
++{
++	unsigned char *out = NULL;
++	size_t outlen = 0;
++
++	if (!hexlen)
++		return -EINVAL;
++
++	outlen = (hexlen + 1) / 2;
++
++	out = calloc(1, outlen);
++	if (!out)
++		return -errno;
++
++	hex2bin(hex, hexlen, out, outlen);
++	*bin = out;
++	*binlen = outlen;
++	return 0;
++}
++
++static char hex_char_map_l[] = { '0', '1', '2', '3', '4', '5', '6', '7',
++				 '8', '9', 'a', 'b', 'c', 'd', 'e', 'f' };
++static char hex_char_map_u[] = { '0', '1', '2', '3', '4', '5', '6', '7',
++				 '8', '9', 'A', 'B', 'C', 'D', 'E', 'F' };
++static char hex_char(unsigned int bin, int u)
++{
++	if (bin < sizeof(hex_char_map_l))
++		return (u) ? hex_char_map_u[bin] : hex_char_map_l[bin];
++	return 'X';
++}
++
++/*
++ * Convert binary string into hex representation
++ * @bin input buffer with binary data
++ * @binlen length of bin
++ * @hex output buffer to store hex data
++ * @hexlen length of already allocated hex buffer (should be at least
++ *	   twice binlen -- if not, only a fraction of binlen is converted)
++ * @u case of hex characters (0=>lower case, 1=>upper case)
++ */
++static void bin2hex(const unsigned char *bin, size_t binlen,
++		    char *hex, size_t hexlen, int u)
++{
++	size_t i = 0;
++	size_t chars = (binlen > (hexlen / 2)) ? (hexlen / 2) : binlen;
++
++	for (i = 0; i < chars; i++) {
++		hex[(i*2)] = hex_char((bin[i] >> 4), u);
++		hex[((i*2)+1)] = hex_char((bin[i] & 0x0f), u);
++	}
++}
++
++struct kdf_cavs {
++	unsigned char *K;
++	size_t Klen;
++	unsigned char *H;
++	size_t Hlen;
++	unsigned char *session_id;
++	size_t session_id_len;
++
++	unsigned int iv_len;
++	unsigned int ek_len;
++	unsigned int ik_len;
++};
++
++static int sshkdf_cavs(struct kdf_cavs *test)
++{
++	int ret = 0;
++	struct kex kex;
++	struct sshbuf *Kb = NULL;
++	BIGNUM *Kbn = NULL;
++	int mode = 0;
++	struct newkeys *ctoskeys;
++	struct newkeys *stockeys;
++	struct ssh *ssh = NULL;
++
++#define HEXOUTLEN 500
++	char hex[HEXOUTLEN];
++
++	memset(&kex, 0, sizeof(struct kex));
++
++	Kbn = BN_new();
++	BN_bin2bn(test->K, test->Klen, Kbn);
++	if (!Kbn) {
++		printf("cannot convert K into bignum\n");
++		ret = 1;
++		goto out;
++	}
++	Kb = sshbuf_new();
++	if (!Kb) {
++		printf("cannot convert K into sshbuf\n");
++		ret = 1;
++		goto out;
++	}
++	sshbuf_put_bignum2(Kb, Kbn);
++
++	kex.session_id = test->session_id;
++	kex.session_id_len = test->session_id_len;
++
++	/* setup kex */
++
++	/* select the right hash based on struct ssh_digest digests */
++	switch (test->ik_len) {
++		case 20:
++			kex.hash_alg = SSH_DIGEST_SHA1;
++			break;
++		case 32:
++			kex.hash_alg = SSH_DIGEST_SHA256;
++			break;
++		case 48:
++			kex.hash_alg = SSH_DIGEST_SHA384;
++			break;
++		case 64:
++			kex.hash_alg = SSH_DIGEST_SHA512;
++			break;
++		default:
++			printf("Wrong hash type %u\n", test->ik_len);
++			ret = 1;
++			goto out;
++	}
++
++	/* implement choose_enc */
++	for (mode = 0; mode < 2; mode++) {
++		kex.newkeys[mode] = calloc(1, sizeof(struct newkeys));
++		if (!kex.newkeys[mode]) {
++			printf("allocation of newkeys failed\n");
++			ret = 1;
++			goto out;
++		}
++		kex.newkeys[mode]->enc.iv_len = test->iv_len;
++		kex.newkeys[mode]->enc.key_len = test->ek_len;
++		kex.newkeys[mode]->enc.block_size = (test->iv_len == 64) ? 8 : 16;
++		kex.newkeys[mode]->mac.key_len = test->ik_len;
++	}
++
++	/* implement kex_choose_conf */
++	kex.we_need = kex.newkeys[0]->enc.key_len;
++	if (kex.we_need < kex.newkeys[0]->enc.block_size)
++		kex.we_need = kex.newkeys[0]->enc.block_size;
++	if (kex.we_need < kex.newkeys[0]->enc.iv_len)
++		kex.we_need = kex.newkeys[0]->enc.iv_len;
++	if (kex.we_need < kex.newkeys[0]->mac.key_len)
++		kex.we_need = kex.newkeys[0]->mac.key_len;
++
++	/* MODE_OUT (1) -> server to client
++	 * MODE_IN (0) -> client to server */
++	kex.server = 1;
++
++	/* do it */
++	if ((ssh = ssh_packet_set_connection(NULL, -1, -1)) == NULL){
++		printf("Allocation error\n");
++		goto out;
++	}
++	ssh->kex = &kex;
++	kex_derive_keys(ssh, test->H, test->Hlen, Kb);
++
++	ctoskeys = kex.newkeys[0];
++	stockeys = kex.newkeys[1];
++
++	/* get data */
++	memset(hex, 0, HEXOUTLEN);
++	bin2hex(ctoskeys->enc.iv, (size_t)ctoskeys->enc.iv_len,
++		hex, HEXOUTLEN, 0);
++	printf("Initial IV (client to server) = %s\n", hex);
++	memset(hex, 0, HEXOUTLEN);
++	bin2hex(stockeys->enc.iv, (size_t)stockeys->enc.iv_len,
++		hex, HEXOUTLEN, 0);
++	printf("Initial IV (server to client) = %s\n", hex);
++
++	memset(hex, 0, HEXOUTLEN);
++	bin2hex(ctoskeys->enc.key, (size_t)ctoskeys->enc.key_len,
++		hex, HEXOUTLEN, 0);
++	printf("Encryption key (client to server) = %s\n", hex);
++	memset(hex, 0, HEXOUTLEN);
++	bin2hex(stockeys->enc.key, (size_t)stockeys->enc.key_len,
++		hex, HEXOUTLEN, 0);
++	printf("Encryption key (server to client) = %s\n", hex);
++
++	memset(hex, 0, HEXOUTLEN);
++	bin2hex(ctoskeys->mac.key, (size_t)ctoskeys->mac.key_len,
++		hex, HEXOUTLEN, 0);
++	printf("Integrity key (client to server) = %s\n", hex);
++	memset(hex, 0, HEXOUTLEN);
++	bin2hex(stockeys->mac.key, (size_t)stockeys->mac.key_len,
++		hex, HEXOUTLEN, 0);
++	printf("Integrity key (server to client) = %s\n", hex);
++
++out:
++	if (Kbn)
++		BN_free(Kbn);
++	if (Kb)
++		sshbuf_free(Kb);
++	if (ssh)
++		ssh_packet_close(ssh);
++	return ret;
++}
++
++static void usage(void)
++{
++	fprintf(stderr, "\nOpenSSH KDF CAVS Test\n\n");
++	fprintf(stderr, "Usage:\n");
++	fprintf(stderr, "\t-K\tShared secret string\n");
++	fprintf(stderr, "\t-H\tHash string\n");
++	fprintf(stderr, "\t-s\tSession ID string\n");
++	fprintf(stderr, "\t-i\tIV length to be generated\n");
++	fprintf(stderr, "\t-e\tEncryption key length to be generated\n");
++	fprintf(stderr, "\t-m\tMAC key length to be generated\n");
++}
++
++/*
++ * Test command example:
++ * ./ssh-cavs -K 0055d50f2d163cc07cd8a93cc7c3430c30ce786b572c01ad29fec7597000cf8618d664e2ec3dcbc8bb7a1a7eb7ef67f61cdaf291625da879186ac0a5cb27af571b59612d6a6e0627344d846271959fda61c78354aa498773d59762f8ca2d0215ec590d8633de921f920d41e47b3de6ab9a3d0869e1c826d0e4adebf8e3fb646a15dea20a410b44e969f4b791ed6a67f13f1b74234004d5fa5e87eff7abc32d49bbdf44d7b0107e8f10609233b7e2b7eff74a4daf25641de7553975dac6ac1e5117df6f6dbaa1c263d23a6c3e5a3d7d49ae8a828c1e333ac3f85fbbf57b5c1a45be45e43a7be1a4707eac779b8285522d1f531fe23f890fd38a004339932b93eda4 -H d3ab91a850febb417a25d892ec48ed5952c7a5de -s d3ab91a850febb417a25d892ec48ed5952c7a5de -i 8 -e 24 -m 20
++ *
++ * Initial IV (client to server) = 4bb320d1679dfd3a
++ * Initial IV (server to client) = 43dea6fdf263a308
++ * Encryption key (client to server) = 13048cc600b9d3cf9095aa6cf8e2ff9cf1c54ca0520c89ed
++ * Encryption key (server to client) = 1e483c5134e901aa11fc4e0a524e7ec7b75556148a222bb0
++ * Integrity key (client to server) = ecef63a092b0dcc585bdc757e01b2740af57d640
++ * Integrity key (server to client) = 7424b05f3c44a72b4ebd281fb71f9cbe7b64d479
++ */
++int main(int argc, char *argv[])
++{
++	struct kdf_cavs test;
++	int ret = 1;
++	int opt = 0;
++
++	memset(&test, 0, sizeof(struct kdf_cavs));
++	while((opt = getopt(argc, argv, "K:H:s:i:e:m:")) != -1)
++	{
++		size_t len = 0;
++		switch(opt)
++		{
++			/*
++			 * CAVS K is MPINT
++			 * we want a hex (i.e. the caller must ensure the
++			 * following transformations already happened):
++			 * 	1. cut off first four bytes
++			 * 	2. if most significant bit of value is
++			 *	   1, prepend 0 byte
++			 */
++			case 'K':
++				len = strlen(optarg);
++				ret = hex2bin_alloc(optarg, len,
++						    &test.K, &test.Klen);
++				if (ret)
++					goto out;
++				break;
++			case 'H':
++				len = strlen(optarg);
++				ret = hex2bin_alloc(optarg, len,
++						    &test.H, &test.Hlen);
++				if (ret)
++					goto out;
++				break;
++			case 's':
++				len = strlen(optarg);
++				ret = hex2bin_alloc(optarg, len,
++						    &test.session_id,
++						    &test.session_id_len);
++				if (ret)
++					goto out;
++				break;
++			case 'i':
++				test.iv_len = strtoul(optarg, NULL, 10);
++				break;
++			case 'e':
++				test.ek_len = strtoul(optarg, NULL, 10);
++				break;
++			case 'm':
++				test.ik_len = strtoul(optarg, NULL, 10);
++				break;
++			default:
++				usage();
++				goto out;
++		}
++	}
++
++	ret = sshkdf_cavs(&test);
++
++out:
++	if (test.session_id)
++		free(test.session_id);
++	if (test.K)
++		free(test.K);
++	if (test.H)
++		free(test.H);
++	return ret;
++
++}
+diff -up openssh-6.8p1/ssh-cavs_driver.pl.kdf-cavs openssh-6.8p1/ssh-cavs_driver.pl
+--- openssh-6.8p1/ssh-cavs_driver.pl.kdf-cavs	2015-03-18 11:23:46.348049354 +0100
++++ openssh-6.8p1/ssh-cavs_driver.pl	2015-03-18 11:23:46.348049354 +0100
+@@ -0,0 +1,184 @@
++#!/usr/bin/env perl
++#
++# CAVS test driver for OpenSSH
++#
++# Copyright (C) 2015, Stephan Mueller <smueller@chronox.de>
++#
++# Permission is hereby granted, free of charge, to any person obtaining a copy
++# of this software and associated documentation files (the "Software"), to deal
++# in the Software without restriction, including without limitation the rights
++# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
++# copies of the Software, and to permit persons to whom the Software is
++# furnished to do so, subject to the following conditions:
++#
++# The above copyright notice and this permission notice shall be included in
++# all copies or substantial portions of the Software.
++#
++#                            NO WARRANTY
++#
++#    BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY
++#    FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW.  EXCEPT WHEN
++#    OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES
++#    PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED
++#    OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
++#    MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.  THE ENTIRE RISK AS
++#    TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU.  SHOULD THE
++#    PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING,
++#    REPAIR OR CORRECTION.
++#
++#    IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
++#    WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR
++#    REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES,
++#    INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING
++#    OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED
++#    TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY
++#    YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER
++#    PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE
++#    POSSIBILITY OF SUCH DAMAGES.
++#
++use strict;
++use warnings;
++use IPC::Open2;
++
++# Executing a program by feeding STDIN and retrieving
++# STDOUT
++# $1: data string to be piped to the app on STDIN
++# rest: program and args
++# returns: STDOUT of program as string
++sub pipe_through_program($@) {
++	my $in = shift;
++	my @args = @_;
++
++	my ($CO, $CI);
++	my $pid = open2($CO, $CI, @args);
++
++	my $out = "";
++	my $len = length($in);
++	my $first = 1;
++	while (1) {
++		my $rin = "";
++		my $win = "";
++		# Output of prog is FD that we read
++		vec($rin,fileno($CO),1) = 1;
++		# Input of prog is FD that we write
++		# check for $first is needed because we can have NULL input
++		# that is to be written to the app
++		if ( $len > 0 || $first) {
++			(vec($win,fileno($CI),1) = 1);
++			$first=0;
++		}
++		# Let us wait for 100ms
++		my $nfound = select(my $rout=$rin, my $wout=$win, undef, 0.1);
++		if ( $wout ) {
++			my $written = syswrite($CI, $in, $len);
++			die "broken pipe" if !defined $written;
++			$len -= $written;
++			substr($in, 0, $written) = "";
++			if ($len <= 0) {
++				close $CI or die "broken pipe: $!";
++			}
++		}
++		if ( $rout ) {
++			my $tmp_out = "";
++			my $bytes_read = sysread($CO, $tmp_out, 4096);
++			$out .= $tmp_out;
++			last if ($bytes_read == 0);
++		}
++	}
++	close $CO or die "broken pipe: $!";
++	waitpid $pid, 0;
++
++	return $out;
++}
++
++# Parser of CAVS test vector file
++# $1: Test vector file
++# $2: Output file for test results
++# return: nothing
++sub parse($$) {
++	my $infile = shift;
++	my $outfile = shift;
++
++	my $out = "";
++
++	my $K = "";
++	my $H = "";
++	my $session_id = "";
++	my $ivlen = 0;
++	my $eklen = "";
++	my $iklen = "";
++
++	open(IN, "<$infile");
++	while(<IN>) {
++
++		my $line = $_;
++		chomp($line);
++		$line =~ s/\r//;
++
++		if ($line =~ /\[SHA-1\]/) {
++			$iklen = 20;
++		} elsif ($line =~ /\[SHA-256\]/) {
++			$iklen = 32;
++		} elsif ($line =~ /\[SHA-384\]/) {
++			$iklen = 48;
++		} elsif ($line =~ /\[SHA-512\]/) {
++			$iklen = 64;
++		} elsif ($line =~ /^\[IV length\s*=\s*(.*)\]/) {
++			$ivlen = $1;
++			$ivlen = $ivlen / 8;
++		} elsif ($line =~ /^\[encryption key length\s*=\s*(.*)\]/) {
++			$eklen = $1;
++			$eklen = $eklen / 8;
++		} elsif ($line =~ /^K\s*=\s*(.*)/) {
++			$K = $1;
++			$K = substr($K, 8);
++			$K = "00" . $K;
++		} elsif ($line =~ /^H\s*=\s*(.*)/) {
++			$H = $1;
++		} elsif ($line =~ /^session_id\s*=\s*(.*)/) {
++			$session_id = $1;
++		}
++		$out .= $line . "\n";
++
++		if ($K ne "" && $H ne "" && $session_id ne "" &&
++		    $ivlen ne "" && $eklen ne "" && $iklen > 0) {
++			$out .= pipe_through_program("", "./ssh-cavs -H $H -K $K -s $session_id -i $ivlen -e $eklen -m $iklen");
++
++			$K = "";
++			$H = "";
++			$session_id = "";
++		}
++	}
++	close IN;
++	$out =~ s/\n/\r\n/g; # make it a dos file
++	open(OUT, ">$outfile") or die "Cannot create output file $outfile: $?";
++	print OUT $out;
++	close OUT;
++}
++
++############################################################
++#
++# let us pretend to be C :-)
++sub main() {
++
++	my $infile=$ARGV[0];
++	die "Error: Test vector file $infile not found" if (! -f $infile);
++
++	my $outfile = $infile;
++	# let us add .rsp regardless whether we could strip .req
++	$outfile =~ s/\.req$//;
++	$outfile .= ".rsp";
++	if (-f $outfile) {
++		die "Output file $outfile could not be removed: $?"
++			unless unlink($outfile);
++	}
++	print STDERR "Performing tests from source file $infile with results stored in destination file $outfile\n";
++
++	# Do the job
++	parse($infile, $outfile);
++}
++
++###########################################
++# Call it
++main();
++1;

SOURCES/openssh-6.7p1-sftp-force-permission.patch

@@ -1,15 +1,15 @@
-diff -up openssh-7.2p2/sftp-server.8.sftp-force-mode openssh-7.2p2/sftp-server.8
+diff --color -ru a/sftp-server.8 b/sftp-server.8
---- openssh-7.2p2/sftp-server.8.sftp-force-mode	2016-03-09 19:04:48.000000000 +0100
+--- a/sftp-server.8	2019-04-18 00:52:57.000000000 +0200
-+++ openssh-7.2p2/sftp-server.8	2016-06-23 16:18:20.463854117 +0200
++++ b/sftp-server.8	2022-06-20 16:03:47.892540068 +0200
 @@ -38,6 +38,7 @@
- .Op Fl P Ar denied_requests
+ .Op Fl P Ar blacklisted_requests
- .Op Fl p Ar allowed_requests
+ .Op Fl p Ar whitelisted_requests
  .Op Fl u Ar umask
 +.Op Fl m Ar force_file_perms
  .Ek
  .Nm
  .Fl Q Ar protocol_feature
-@@ -138,6 +139,12 @@ Sets an explicit
+@@ -138,6 +139,12 @@
  .Xr umask 2
  to be applied to newly-created files and directories, instead of the
  user's default mask.
@@ -22,10 +22,10 @@ diff -up openssh-7.2p2/sftp-server.8.sftp-force-mode openssh-7.2p2/sftp-server.8
  .El
  .Pp
  On some systems,
-diff -up openssh-7.2p2/sftp-server.c.sftp-force-mode openssh-7.2p2/sftp-server.c
+diff --color -ru a/sftp-server.c b/sftp-server.c
---- openssh-7.2p2/sftp-server.c.sftp-force-mode	2016-06-23 16:18:20.446854128 +0200
+--- a/sftp-server.c	2022-06-20 16:01:26.183793633 +0200
-+++ openssh-7.2p2/sftp-server.c	2016-06-23 16:20:37.950766082 +0200
++++ b/sftp-server.c	2022-06-20 16:02:12.442690608 +0200
-@@ -69,6 +69,10 @@ struct sshbuf *oqueue;
+@@ -65,6 +65,10 @@
  /* Version of client */
  static u_int version;
  
@@ -36,7 +36,7 @@ diff -up openssh-7.2p2/sftp-server.c.sftp-force-mode openssh-7.2p2/sftp-server.c
  /* SSH2_FXP_INIT received */
  static int init_done;
  
-@@ -683,6 +687,7 @@ process_open(u_int32_t id)
+@@ -683,6 +687,7 @@
  	Attrib a;
  	char *name;
  	int r, handle, fd, flags, mode, status = SSH2_FX_FAILURE;
@@ -44,7 +44,7 @@ diff -up openssh-7.2p2/sftp-server.c.sftp-force-mode openssh-7.2p2/sftp-server.c
  
  	if ((r = sshbuf_get_cstring(iqueue, &name, NULL)) != 0 ||
  	    (r = sshbuf_get_u32(iqueue, &pflags)) != 0 || /* portable flags */
-@@ -692,6 +697,10 @@ process_open(u_int32_t id)
+@@ -692,6 +697,10 @@
  	debug3("request %u: open flags %d", id, pflags);
  	flags = flags_from_portable(pflags);
  	mode = (a.flags & SSH2_FILEXFER_ATTR_PERMISSIONS) ? a.perm : 0666;
@@ -55,7 +55,7 @@ diff -up openssh-7.2p2/sftp-server.c.sftp-force-mode openssh-7.2p2/sftp-server.c
  	logit("open \"%s\" flags %s mode 0%o",
  	    name, string_from_portable(pflags), mode);
  	if (readonly &&
-@@ -713,6 +722,8 @@ process_open(u_int32_t id)
+@@ -713,6 +722,8 @@
  			}
  		}
  	}
@@ -64,16 +64,16 @@ diff -up openssh-7.2p2/sftp-server.c.sftp-force-mode openssh-7.2p2/sftp-server.c
  	if (status != SSH2_FX_OK)
  		send_status(id, status);
  	free(name);
-@@ -1494,7 +1505,7 @@ sftp_server_usage(void)
+@@ -1555,7 +1566,7 @@
  	fprintf(stderr,
  	    "usage: %s [-ehR] [-d start_directory] [-f log_facility] "
- 	    "[-l log_level]\n\t[-P denied_requests] "
+ 	    "[-l log_level]\n\t[-P blacklisted_requests] "
--	    "[-p allowed_requests] [-u umask]\n"
+-	    "[-p whitelisted_requests] [-u umask]\n"
-+	    "[-p allowed_requests] [-u umask] [-m force_file_perms]\n"
++	    "[-p whitelisted_requests] [-u umask] [-m force_file_perms]\n"
  	    "       %s -Q protocol_feature\n",
  	    __progname, __progname);
  	exit(1);
-@@ -1520,7 +1531,7 @@ sftp_server_main(int argc, char **argv,
+@@ -1581,7 +1592,7 @@
  	pw = pwcopy(user_pw);
  
  	while (!skipargs && (ch = getopt(argc, argv,
@@ -82,7 +82,7 @@ diff -up openssh-7.2p2/sftp-server.c.sftp-force-mode openssh-7.2p2/sftp-server.c
  		switch (ch) {
  		case 'Q':
  			if (strcasecmp(optarg, "requests") != 0) {
-@@ -1580,6 +1591,15 @@ sftp_server_main(int argc, char **argv,
+@@ -1643,6 +1654,15 @@
  				fatal("Invalid umask \"%s\"", optarg);
  			(void)umask((mode_t)mask);
  			break;

SOURCES/openssh-6.8p1-sshdT-output.patch

@@ -3,8 +3,8 @@ diff -up openssh/servconf.c.sshdt openssh/servconf.c
 +++ openssh/servconf.c	2015-06-24 11:44:39.734745802 +0200
 @@ -2317,7 +2317,7 @@ dump_config(ServerOptions *o)
  	dump_cfg_string(sXAuthLocation, o->xauth_location);
- 	dump_cfg_string(sCiphers, o->ciphers);
+ 	dump_cfg_string(sCiphers, o->ciphers ? o->ciphers : KEX_SERVER_ENCRYPT);
- 	dump_cfg_string(sMacs, o->macs);
+ 	dump_cfg_string(sMacs, o->macs ? o->macs : KEX_SERVER_MAC);
 -	dump_cfg_string(sBanner, o->banner);
 +	dump_cfg_string(sBanner, o->banner != NULL ? o->banner : "none");
  	dump_cfg_string(sForceCommand, o->adm_forced_command);

SOURCES/openssh-6.9p1-permit-root-login.patch

@@ -0,0 +1,12 @@
+diff -up openssh-7.0p1/sshd_config.root-login openssh-7.0p1/sshd_config
+--- openssh-7.0p1/sshd_config.root-login	2015-08-12 11:29:12.919269245 +0200
++++ openssh-7.0p1/sshd_config	2015-08-12 11:31:03.653096466 +0200
+@@ -46,7 +46,7 @@ SyslogFacility AUTHPRIV
+ # Authentication:
+ 
+ #LoginGraceTime 2m
+-#PermitRootLogin prohibit-password
++PermitRootLogin yes
+ #StrictModes yes
+ #MaxAuthTries 6
+ #MaxSessions 10

SOURCES/openssh-7.1p2-audit-race-condition.patch

@@ -13,33 +13,33 @@ diff -up openssh-7.4p1/monitor_wrap.c.audit-race openssh-7.4p1/monitor_wrap.c
 +	struct sshbuf *m;
 +	int r, ret = 0;
 +
-+	debug3_f("entering");
++	debug3("%s: entering", __func__);
 +	if ((m = sshbuf_new()) == NULL)
-+ 		fatal_f("sshbuf_new failed");
++ 		fatal("%s: sshbuf_new failed", __func__);
 +	do {
 +		blen = atomicio(read, fdin, buf, sizeof(buf));
 +		if (blen == 0) /* closed pipe */
 +			break;
 +		if (blen != sizeof(buf)) {
-+			error_f("Failed to read the buffer from child");
++			error("%s: Failed to read the buffer from child", __func__);
 +			ret = -1;
 +			break;
 +		}
 +
 +		msg_len = get_u32(buf);
 +		if (msg_len > 256 * 1024)
-+			fatal_f("read: bad msg_len %d", msg_len);
++			fatal("%s: read: bad msg_len %d", __func__, msg_len);
 +		sshbuf_reset(m);
 +		if ((r = sshbuf_reserve(m, msg_len, NULL)) != 0)
-+			fatal_fr(r, "buffer error");
++			fatal("%s: buffer error: %s", __func__, ssh_err(r));
 +		if (atomicio(read, fdin, sshbuf_mutable_ptr(m), msg_len) != msg_len) {
-+			error_f("Failed to read the the buffer content from the child");
++			error("%s: Failed to read the the buffer content from the child", __func__);
 +			ret = -1;
 +			break;
 +		}
 +		if (atomicio(vwrite, pmonitor->m_recvfd, buf, blen) != blen || 
 +		    atomicio(vwrite, pmonitor->m_recvfd, sshbuf_mutable_ptr(m), msg_len) != msg_len) {
-+			error_f("Failed to write the message to the monitor");
++			error("%s: Failed to write the message to the monitor", __func__);
 +			ret = -1;
 +			break;
 +		}
@@ -109,7 +109,7 @@ diff -up openssh-7.4p1/session.c.audit-race openssh-7.4p1/session.c
 @@ -717,6 +728,8 @@ do_exec(Session *s, const char *command)
  	}
  	if (s->command != NULL && s->ptyfd == -1)
- 		s->command_handle = mm_audit_run_command(ssh, s->command);
+ 		s->command_handle = PRIVSEP(audit_run_command(ssh, s->command));
 +	if (pipe(paudit) < 0)
 +		fatal("pipe: %s", strerror(errno));
  #endif
@@ -121,7 +121,7 @@ diff -up openssh-7.4p1/session.c.audit-race openssh-7.4p1/session.c
  
 +#ifdef SSH_AUDIT_EVENTS
 +	close(paudit[1]);
-+	if (ret == 0) {
++	if (use_privsep && ret == 0) {
 +		/*
 +		 * Read the audit messages from forked child and send them
 +		 * back to monitor. We don't want to communicate directly,
@@ -136,8 +136,8 @@ diff -up openssh-7.4p1/session.c.audit-race openssh-7.4p1/session.c
  	return ret;
  }
  
-@@ -1538,6 +1565,33 @@ child_close_fds(void)
+@@ -1538,6 +1565,34 @@ child_close_fds(void)
- 	log_redirect_stderr_to(NULL);
+ 	endpwent();
  }
  
 +void
@@ -147,11 +147,12 @@ diff -up openssh-7.4p1/session.c.audit-race openssh-7.4p1/session.c
 +	int pparent = paudit[1];
 +	close(paudit[0]);
 +	/* Hack the monitor pipe to avoid race condition with parent */
-+	mm_set_monitor_pipe(pparent);
++	if (use_privsep)
++		mm_set_monitor_pipe(pparent);
 +#endif
 +
 +	/* remove hostkey from the child's memory */
-+	destroy_sensitive_data(ssh);
++	destroy_sensitive_data(ssh, use_privsep);
 +	/*
 +	 * We can audit this, because we hacked the pipe to direct the
 +	 * messages over postauth child. But this message requires answer
@@ -175,7 +176,7 @@ diff -up openssh-7.4p1/session.c.audit-race openssh-7.4p1/session.c
  	sshpkt_fmt_connection_id(ssh, remote_id, sizeof(remote_id));
  
 -	/* remove hostkey from the child's memory */
--	destroy_sensitive_data(ssh);
+-	destroy_sensitive_data(ssh, 1);
 -	ssh_packet_clear_keys(ssh);
 -	/* Don't audit this - both us and the parent would be talking to the
 -	   monitor over a single socket, with no synchronization. */

SOURCES/openssh-7.2p2-k5login_directory.patch

@@ -28,15 +28,14 @@ diff --git a/auth.h b/auth.h
 index f9d191c..c432d2f 100644
 --- a/auth.h
 +++ b/auth.h
-@@ -222,6 +222,8 @@ int	 sys_auth_passwd(Authctxt *, const char *);
+@@ -222,5 +222,7 @@ int	 sys_auth_passwd(Authctxt *, const char *);
- 
  #if defined(KRB5) && !defined(HEIMDAL)
+ #include <krb5.h>
  krb5_error_code ssh_krb5_cc_new_unique(krb5_context, krb5_ccache *, int *);
 +krb5_error_code ssh_krb5_get_k5login_directory(krb5_context ctx,
 +	char **k5login_directory);
  #endif
- 
+ #endif
- #endif /* AUTH_H */
 diff --git a/gss-serv-krb5.c b/gss-serv-krb5.c
 index a7c0c5f..df8cc9a 100644
 --- a/gss-serv-krb5.c
@@ -49,7 +48,7 @@ index a7c0c5f..df8cc9a 100644
 +	int ret = 0;
 +
 +	ret = ssh_krb5_get_k5login_directory(krb_context, &k5login_directory);
-+	debug3_f("k5login_directory = %s (rv=%d)", k5login_directory, ret);
++	debug3("%s: k5login_directory = %s (rv=%d)", __func__, k5login_directory, ret);
 +	if (k5login_directory == NULL || ret != 0) {
 +		/* If not set, the library will look for  k5login
 +		 * files in the user's home directory, with the filename  .k5login.
@@ -64,7 +63,7 @@ index a7c0c5f..df8cc9a 100644
 +			k5login_directory[strlen(k5login_directory)-1] != '/' ? "/" : "",
 +			pw->pw_name);
 +	}
-+	debug_f("Checking existence of file %s", file);
++	debug("%s: Checking existence of file %s", __func__, file);
  
 -	snprintf(file, sizeof(file), "%s/.k5login", pw->pw_dir);
  	return access(file, F_OK) == 0;

SOURCES/openssh-7.2p2-s390-closefrom.patch

@@ -48,5 +48,5 @@ Author: Harald Freudenberger <freude@de.ibm.com>
 +#endif
  	}
  	(void) closedir(dirp);
- 	return;
+     } else
 

SOURCES/openssh-7.2p2-x11.patch

@@ -1,7 +1,7 @@
-diff --git a/channels.c b/channels.c
+diff -up openssh-7.2p2/channels.c.x11 openssh-7.2p2/channels.c
---- a/channels.c	(revision 8241b9c0529228b4b86d88b1a6076fb9f97e4a99)
+--- openssh-7.2p2/channels.c.x11	2016-03-09 19:04:48.000000000 +0100
-+++ b/channels.c	(date 1703026069921)
++++ openssh-7.2p2/channels.c	2016-06-03 10:42:04.775164520 +0200
-@@ -5075,11 +5075,13 @@
+@@ -3990,21 +3990,24 @@ x11_create_display_inet(int x11_display_
  }
  
  static int
@@ -14,10 +14,8 @@ diff --git a/channels.c b/channels.c
 +	if (len <= 0)
 +		return -1;
  	sock = socket(AF_UNIX, SOCK_STREAM, 0);
- 	if (sock == -1) {
+ 	if (sock < 0)
  		error("socket: %.100s", strerror(errno));
-@@ -5087,11 +5089,12 @@
- 	}
  	memset(&addr, 0, sizeof(addr));
  	addr.sun_family = AF_UNIX;
 -	strlcpy(addr.sun_path, pathname, sizeof addr.sun_path);
@@ -32,7 +30,7 @@ diff --git a/channels.c b/channels.c
  	return -1;
  }
  
-@@ -5099,8 +5102,18 @@
+@@ -4012,8 +4015,18 @@ static int
  connect_local_xsocket(u_int dnr)
  {
  	char buf[1024];

SOURCES/openssh-7.3p1-x11-max-displays.patch

@@ -2,7 +2,7 @@ diff -up openssh-7.4p1/channels.c.x11max openssh-7.4p1/channels.c
 --- openssh-7.4p1/channels.c.x11max	2016-12-23 15:46:32.071506625 +0100
 +++ openssh-7.4p1/channels.c	2016-12-23 15:46:32.139506636 +0100
 @@ -152,8 +152,8 @@ static int all_opens_permitted = 0;
- #define	NUM_SOCKS	10
+ #define FWD_PERMIT_ANY_HOST	"*"
  
  /* -- X11 forwarding */
 -/* Maximum number of fake X11 displays to try. */
@@ -10,8 +10,8 @@ diff -up openssh-7.4p1/channels.c.x11max openssh-7.4p1/channels.c
 +/* Minimum port number for X11 forwarding */
 +#define X11_PORT_MIN 6000
  
- /* Per-channel callback for pre/post IO actions */
+ /* Per-channel callback for pre/post select() actions */
- typedef void chan_fn(struct ssh *, Channel *c);
+ typedef void chan_fn(struct ssh *, Channel *c,
 @@ -4228,7 +4228,7 @@ channel_send_window_changes(void)
   */
  int
@@ -59,7 +59,7 @@ diff -up openssh-7.4p1/channels.c.x11max openssh-7.4p1/channels.c
  		ssh_gai_strerror(gaierr));
 @@ -4457,7 +4463,7 @@ x11_connect_display(void)
  		/* Connect it to the display. */
- 		if (connect(sock, ai->ai_addr, ai->ai_addrlen) == -1) {
+ 		if (connect(sock, ai->ai_addr, ai->ai_addrlen) < 0) {
  			debug2("connect %.100s port %u: %.100s", buf,
 -			    6000 + display_number, strerror(errno));
 +			    X11_PORT_MIN + display_number, strerror(errno));
@@ -82,7 +82,7 @@ diff -up openssh-7.4p1/channels.h.x11max openssh-7.4p1/channels.h
 +++ openssh-7.4p1/channels.h	2016-12-23 15:46:32.139506636 +0100
 @@ -293,7 +293,7 @@ int	 permitopen_port(const char *);
  
- void	 channel_set_x11_refuse_time(struct ssh *, time_t);
+ void	 channel_set_x11_refuse_time(struct ssh *, u_int);
  int	 x11_connect_display(struct ssh *);
 -int	 x11_create_display_inet(struct ssh *, int, int, int, u_int *, int **);
 +int	 x11_create_display_inet(struct ssh *, int, int, int, int, u_int *, int **);
@@ -110,9 +110,9 @@ diff -up openssh-7.4p1/servconf.c.x11max openssh-7.4p1/servconf.c
  		options->x11_use_localhost = 1;
  	if (options->xauth_location == NULL)
 @@ -419,7 +422,7 @@ typedef enum {
-	sKerberosGetAFSToken, sKerberosUniqueCCache, sKerberosUseKuserok, sPasswordAuthentication,
+ 	sPasswordAuthentication, sKbdInteractiveAuthentication,
-	sKbdInteractiveAuthentication, sListenAddress, sAddressFamily,
+ 	sListenAddress, sAddressFamily,
-	sPrintMotd, sPrintLastLog, sIgnoreRhosts,
+ 	sPrintMotd, sPrintLastLog, sIgnoreRhosts,
 -	sX11Forwarding, sX11DisplayOffset, sX11UseLocalhost,
 +	sX11Forwarding, sX11DisplayOffset, sX11MaxDisplays, sX11UseLocalhost,
  	sPermitTTY, sStrictModes, sEmptyPasswd, sTCPKeepAlive,
@@ -191,13 +191,13 @@ diff -up openssh-7.4p1/sshd_config.5.x11max openssh-7.4p1/sshd_config.5
 --- openssh-7.4p1/sshd_config.5.x11max	2016-12-23 15:46:32.134506635 +0100
 +++ openssh-7.4p1/sshd_config.5	2016-12-23 15:46:32.141506636 +0100
 @@ -1133,6 +1133,7 @@ Available keywords are
+ .Cm StreamLocalBindUnlink ,
  .Cm TrustedUserCAKeys ,
- .Cm UnusedConnectionTimeout ,
  .Cm X11DisplayOffset ,
 +.Cm X11MaxDisplays ,
  .Cm X11Forwarding
  and
- .Cm X11UseLocalhost .
+ .Cm X11UseLocalHost .
 @@ -1566,6 +1567,12 @@ Specifies the first display number avail
  X11 forwarding.
  This prevents sshd from interfering with real X11 servers.

SOURCES/openssh-7.4p1-systemd.patch

@@ -0,0 +1,98 @@
+commit 0e22b79bfde45a7cf7a2e51a68ec11c4285f3b31
+Author: Jakub Jelen <jjelen@redhat.com>
+Date:   Mon Nov 21 15:04:06 2016 +0100
+
+    systemd stuff
+
+diff --git a/configure.ac b/configure.ac
+index 2ffc369..162ce92 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -4265,6 +4265,30 @@ AC_ARG_WITH([kerberos5],
+ AC_SUBST([GSSLIBS])
+ AC_SUBST([K5LIBS])
+ 
++# Check whether user wants systemd support
++SYSTEMD_MSG="no"
++AC_ARG_WITH(systemd,
++	[  --with-systemd          Enable systemd support],
++	[ if test "x$withval" != "xno" ; then
++		AC_PATH_TOOL([PKGCONFIG], [pkg-config], [no])
++		if test "$PKGCONFIG" != "no"; then
++			AC_MSG_CHECKING([for libsystemd])
++			if $PKGCONFIG --exists libsystemd; then
++				SYSTEMD_CFLAGS=`$PKGCONFIG --cflags libsystemd`
++				SYSTEMD_LIBS=`$PKGCONFIG --libs libsystemd`
++				CPPFLAGS="$CPPFLAGS $SYSTEMD_CFLAGS"
++				SSHDLIBS="$SSHDLIBS $SYSTEMD_LIBS"
++				AC_MSG_RESULT([yes])
++				AC_DEFINE(HAVE_SYSTEMD, 1, [Define if you want systemd support.])
++				SYSTEMD_MSG="yes"
++			else
++				AC_MSG_RESULT([no])
++			fi
++		fi
++	fi ]
++)
++
++
+ # Looking for programs, paths and files
+ 
+ PRIVSEP_PATH=/var/empty
+@@ -5097,6 +5121,7 @@ echo "                   libedit support: $LIBEDIT_MSG"
+ echo "  Solaris process contract support: $SPC_MSG"
+ echo "           Solaris project support: $SP_MSG"
+ echo "         Solaris privilege support: $SPP_MSG"
++echo "                   systemd support: $SYSTEMD_MSG"
+ echo "       IP address in \$DISPLAY hack: $DISPLAY_HACK_MSG"
+ echo "           Translate v4 in v6 hack: $IPV4_IN6_HACK_MSG"
+ echo "                  BSD Auth support: $BSD_AUTH_MSG"
+diff --git a/contrib/sshd.service b/contrib/sshd.service
+new file mode 100644
+index 0000000..e0d4923
+--- /dev/null
++++ b/contrib/sshd.service
+@@ -0,0 +1,16 @@
++[Unit]
++Description=OpenSSH server daemon
++Documentation=man:sshd(8) man:sshd_config(5)
++After=network.target
++
++[Service]
++Type=notify
++ExecStart=/usr/sbin/sshd -D $OPTIONS
++ExecReload=/bin/kill -HUP $MAINPID
++KillMode=process
++Restart=on-failure
++RestartPreventExitStatus=255
++
++[Install]
++WantedBy=multi-user.target
++
+diff --git a/sshd.c b/sshd.c
+index 816611c..b8b9d13 100644
+--- a/sshd.c
++++ b/sshd.c
+@@ -85,6 +85,10 @@
+ #include <prot.h>
+ #endif
+ 
++#ifdef HAVE_SYSTEMD
++#include <systemd/sd-daemon.h>
++#endif
++
+ #include "xmalloc.h"
+ #include "ssh.h"
+ #include "ssh2.h"
+@@ -1888,6 +1892,11 @@ main(int ac, char **av)
+ 			}
+ 		}
+ 
++#ifdef HAVE_SYSTEMD
++		/* Signal systemd that we are ready to accept connections */
++		sd_notify(0, "READY=1");
++#endif
++
+ 		/* Accept a connection and return in a forked child */
+ 		server_accept_loop(&sock_in, &sock_out,
+ 		    &newsock, config_s);

SOURCES/openssh-7.5p1-sandbox.patch

@@ -21,7 +21,7 @@ index ca75cc7..6e7de31 100644
 +	SC_ALLOW(__NR_flock),
 +#endif
  #ifdef __NR_futex
- 	SC_FUTEX(__NR_futex),
+ 	SC_ALLOW(__NR_futex),
  #endif
 @@ -178,6 +181,9 @@ static const struct sock_filter preauth_insns[] = {
  #ifdef __NR_gettimeofday
@@ -69,6 +69,29 @@ index 6e7de31..e86aa2c 100644
  	SC_ALLOW(__NR_getrandom),
  #endif
 -- 1.9.1
+
+The EP11 crypto card needs to make an ioctl call, which receives an
+specific argument. This crypto card is for s390 only.
+
+Signed-off-by: Eduardo Barretto <ebarretto@xxxxxxxxxxxxxxxxxx>
+---
+ sandbox-seccomp-filter.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/sandbox-seccomp-filter.c b/sandbox-seccomp-filter.c
+index e86aa2c..98062f1 100644
+--- a/sandbox-seccomp-filter.c
++++ b/sandbox-seccomp-filter.c
+@@ -250,6 +250,8 @@ static const struct sock_filter preauth_insns[] = {
+ 	SC_ALLOW_ARG(__NR_ioctl, 1, Z90STAT_STATUS_MASK),
+ 	SC_ALLOW_ARG(__NR_ioctl, 1, ICARSAMODEXPO),
+ 	SC_ALLOW_ARG(__NR_ioctl, 1, ICARSACRT),
++	/* Allow ioctls for EP11 crypto card on s390 */
++	SC_ALLOW_ARG(__NR_ioctl, 1, ZSENDEP11CPRB),
+ #endif
+ #if defined(__x86_64__) && defined(__ILP32__) && defined(__X32_SYSCALL_BIT)
+ 	/*
+-- 
 1.9.1
 diff -up openssh-7.6p1/sandbox-seccomp-filter.c.sandbox openssh-7.6p1/sandbox-seccomp-filter.c
 --- openssh-7.6p1/sandbox-seccomp-filter.c.sandbox	2017-12-12 13:59:30.563874059 +0100
@@ -84,3 +107,40 @@ diff -up openssh-7.6p1/sandbox-seccomp-filter.c.sandbox openssh-7.6p1/sandbox-se
  	SC_ALLOW(__NR_getrandom),
  #endif
 
+
+From ef34ea4521b042dd8a9c4c7455f5d1a8f8ee5bb2 Mon Sep 17 00:00:00 2001
+From: Harald Freudenberger <freude@linux.ibm.com>
+Date: Fri, 24 May 2019 10:11:15 +0200
+Subject: [PATCH] allow s390 specific ioctl for ecc hardware support
+
+Adding another s390 specific ioctl to be able to support ECC hardware acceleration
+to the sandbox seccomp filter rules.
+
+Now the ibmca openssl engine provides elliptic curve cryptography support with the
+help of libica and CCA crypto cards. This is done via jet another ioctl call to the zcrypt
+device driver and so there is a need to enable this on the openssl sandbox.
+
+Code is s390 specific and has been tested, verified and reviewed.
+
+Please note that I am also the originator of the previous changes in that area.
+I posted these changes to Eduardo and he forwarded the patches to the openssl
+community.
+
+Signed-off-by: Harald Freudenberger <freude@linux.ibm.com>
+Reviewed-by: Joerg Schmidbauer <jschmidb@de.ibm.com>
+---
+ sandbox-seccomp-filter.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/sandbox-seccomp-filter.c b/sandbox-seccomp-filter.c
+index 5edbc6946..56eb9317f 100644
+--- a/sandbox-seccomp-filter.c
++++ b/sandbox-seccomp-filter.c
+@@ -252,6 +252,7 @@ static const struct sock_filter preauth_insns[] = {
+ 	SC_ALLOW_ARG(__NR_ioctl, 1, ICARSACRT),
+ 	/* Allow ioctls for EP11 crypto card on s390 */
+ 	SC_ALLOW_ARG(__NR_ioctl, 1, ZSENDEP11CPRB),
++	SC_ALLOW_ARG(__NR_ioctl, 1, ZSECSENDCPRB),
+ #endif
+ #if defined(__x86_64__) && defined(__ILP32__) && defined(__X32_SYSCALL_BIT)
+ 	/*

SOURCES/openssh-7.6p1-cleanup-selinux.patch

@@ -1,69 +1,70 @@
 diff -up openssh/auth2-pubkey.c.refactor openssh/auth2-pubkey.c
 --- openssh/auth2-pubkey.c.refactor	2019-04-04 13:19:12.188821236 +0200
 +++ openssh/auth2-pubkey.c	2019-04-04 13:19:12.276822078 +0200
-@@ -72,6 +72,8 @@
+@@ -72,6 +72,9 @@
- 
- /* import */
  extern ServerOptions options;
+ extern u_char *session_id2;
+ extern u_int session_id2_len;
 +extern int inetd_flag;
++extern int rexeced_flag;
 +extern Authctxt *the_authctxt;
- extern struct authmethod_cfg methodcfg_pubkey;
  
  static char *
+ format_key(const struct sshkey *key)
 @@ -511,7 +514,8 @@ match_principals_command(struct ssh *ssh
- 	if ((pid = subprocess("AuthorizedPrincipalsCommand", command,
+ 
+ 	if ((pid = subprocess("AuthorizedPrincipalsCommand", runas_pw, command,
  	    ac, av, &f,
- 	    SSH_SUBPROCESS_STDOUT_CAPTURE|SSH_SUBPROCESS_STDERR_DISCARD,
+-	    SSH_SUBPROCESS_STDOUT_CAPTURE|SSH_SUBPROCESS_STDERR_DISCARD)) == 0)
--	    runas_pw, temporarily_use_uid, restore_uid)) == 0)
++	    SSH_SUBPROCESS_STDOUT_CAPTURE|SSH_SUBPROCESS_STDERR_DISCARD,
-+	    runas_pw, temporarily_use_uid, restore_uid,
++	    (inetd_flag && !rexeced_flag), the_authctxt)) == 0)
-+	    inetd_flag, the_authctxt)) == 0)
  		goto out;
  
  	uid_swapped = 1;
 @@ -981,7 +985,8 @@ user_key_command_allowed2(struct ssh *ss
- 	if ((pid = subprocess("AuthorizedKeysCommand", command,
+ 
+ 	if ((pid = subprocess("AuthorizedKeysCommand", runas_pw, command,
  	    ac, av, &f,
-	    SSH_SUBPROCESS_STDOUT_CAPTURE|SSH_SUBPROCESS_STDERR_DISCARD,
+-	    SSH_SUBPROCESS_STDOUT_CAPTURE|SSH_SUBPROCESS_STDERR_DISCARD)) == 0)
--	    runas_pw, temporarily_use_uid, restore_uid)) == 0)
++	    SSH_SUBPROCESS_STDOUT_CAPTURE|SSH_SUBPROCESS_STDERR_DISCARD,
-+	    runas_pw, temporarily_use_uid, restore_uid,
++	    (inetd_flag && !rexeced_flag), the_authctxt)) == 0)
-+	    inetd_flag, the_authctxt)) == 0)
  		goto out;
  
  	uid_swapped = 1;
-diff -up openssh/misc.c.refactor openssh/misc.c
+diff -up openssh/auth.c.refactor openssh/auth.c
---- openssh/misc.c.refactor	2019-04-04 13:19:12.235821686 +0200
+--- openssh/auth.c.refactor	2019-04-04 13:19:12.235821686 +0200
-+++ openssh/misc.c	2019-04-04 13:19:12.276822078 +0200
++++ openssh/auth.c	2019-04-04 13:19:12.276822078 +0200
 @@ -756,7 +756,8 @@ auth_get_canonical_hostname(struct ssh *
+  */
  pid_t
- subprocess(const char *tag, const char *command,
+ subprocess(const char *tag, struct passwd *pw, const char *command,
-     int ac, char **av, FILE **child, u_int flags,
+-    int ac, char **av, FILE **child, u_int flags)
--    struct passwd *pw, privdrop_fn *drop_privs, privrestore_fn *restore_privs)
++    int ac, char **av, FILE **child, u_int flags, int inetd,
-+    struct passwd *pw, privdrop_fn *drop_privs,
++    void *the_authctxt)
-+    privrestore_fn *restore_privs, int inetd, void *the_authctxt)
  {
  	FILE *f = NULL;
  	struct stat st;
 @@ -872,7 +873,7 @@ subprocess(const char *tag, struct passw
- 			_exit(1);
  		}
+ 
  #ifdef WITH_SELINUX
 -		if (sshd_selinux_setup_env_variables() < 0) {
 +		if (sshd_selinux_setup_env_variables(inetd, the_authctxt) < 0) {
  			error ("failed to copy environment:  %s",
  			    strerror(errno));
  			_exit(127);
-diff -up openssh/misc.h.refactor openssh/misc.h
+diff -up openssh/auth.h.refactor openssh/auth.h
---- openssh/misc.h.refactor	2019-04-04 13:19:12.251821839 +0200
+--- openssh/auth.h.refactor	2019-04-04 13:19:12.251821839 +0200
-+++ openssh/misc.h	2019-04-04 13:19:12.276822078 +0200
++++ openssh/auth.h	2019-04-04 13:19:12.276822078 +0200
 @@ -235,7 +235,7 @@ struct passwd *fakepw(void);
- #define	SSH_SUBPROCESS_UNSAFE_PATH	(1<<3)	/* Don't check for safe cmd */
+ #define	SSH_SUBPROCESS_STDOUT_CAPTURE  (1<<1)  /* Redirect stdout */
- #define	SSH_SUBPROCESS_PRESERVE_ENV	(1<<4)	/* Keep parent environment */
+ #define	SSH_SUBPROCESS_STDERR_DISCARD  (1<<2)  /* Discard stderr */
- pid_t subprocess(const char *, const char *, int, char **, FILE **, u_int,
+ pid_t	subprocess(const char *, struct passwd *,
--    struct passwd *, privdrop_fn *, privrestore_fn *);
+-    const char *, int, char **, FILE **, u_int flags);
-+    struct passwd *, privdrop_fn *, privrestore_fn *, int, void *);
++    const char *, int, char **, FILE **, u_int flags, int, void *);
+ 
+ int	 sys_auth_passwd(struct ssh *, const char *);
  
- typedef struct arglist arglist;
- struct arglist {
 diff -up openssh/openbsd-compat/port-linux.h.refactor openssh/openbsd-compat/port-linux.h
 --- openssh/openbsd-compat/port-linux.h.refactor	2019-04-04 13:19:12.256821887 +0200
 +++ openssh/openbsd-compat/port-linux.h	2019-04-04 13:19:12.276822078 +0200
@@ -81,13 +82,14 @@ diff -up openssh/openbsd-compat/port-linux.h.refactor openssh/openbsd-compat/por
 diff -up openssh/openbsd-compat/port-linux-sshd.c.refactor openssh/openbsd-compat/port-linux-sshd.c
 --- openssh/openbsd-compat/port-linux-sshd.c.refactor	2019-04-04 13:19:12.256821887 +0200
 +++ openssh/openbsd-compat/port-linux-sshd.c	2019-04-04 13:19:12.276822078 +0200
-@@ -49,10 +49,6 @@
+@@ -49,11 +49,6 @@
  #include <unistd.h>
  #endif
  
 -extern ServerOptions options;
 -extern Authctxt *the_authctxt;
 -extern int inetd_flag;
+-extern int rexeced_flag;
 -
  /* Wrapper around is_selinux_enabled() to log its return value once only */
  int
@@ -126,7 +128,7 @@ diff -up openssh/openbsd-compat/port-linux-sshd.c.refactor openssh/openbsd-compa
  
  	if (r == 0) {
  		/* If launched from xinetd, we must use current level */
--		if (inetd_flag) {
+-		if (inetd_flag && !rexeced_flag) {
 +		if (inetd) {
  			security_context_t sshdsc=NULL;
  
@@ -143,14 +145,14 @@ diff -up openssh/openbsd-compat/port-linux-sshd.c.refactor openssh/openbsd-compa
  	char *role;
 @@ -342,11 +339,11 @@ sshd_selinux_setup_variables(int(*set_it
  
- 	debug3_f("setting execution context");
+ 	debug3("%s: setting execution context", __func__);
  
 -	ssh_selinux_get_role_level(&role, &reqlvl);
 +	ssh_selinux_get_role_level(&role, &reqlvl, the_authctxt);
  
  	rv = set_it("SELINUX_ROLE_REQUESTED", role ? role : "");
  
--	if (inetd_flag) {
+-	if (inetd_flag && !rexeced_flag) {
 +	if (inetd) {
  		use_current = "1";
  	} else {
@@ -201,10 +203,10 @@ diff -up openssh/openbsd-compat/port-linux-sshd.c.refactor openssh/openbsd-compa
 +		if (sshd_selinux_setup_pam_variables(inetd, pam_setenv, authctxt)) {
  			switch (security_getenforce()) {
  			case -1:
- 				fatal_f("security_getenforce() failed");
+ 				fatal("%s: security_getenforce() failed", __func__);
 @@ -410,7 +411,7 @@ sshd_selinux_setup_exec_context(char *pw
  
- 	debug3_f("setting execution context");
+ 	debug3("%s: setting execution context", __func__);
  
 -	r = sshd_selinux_getctxbyname(pwname, &default_ctx, &user_ctx);
 +	r = sshd_selinux_getctxbyname(pwname, &default_ctx, &user_ctx, inetd, authctxt);
@@ -214,58 +216,56 @@ diff -up openssh/openbsd-compat/port-linux-sshd.c.refactor openssh/openbsd-compa
 diff -up openssh/platform.c.refactor openssh/platform.c
 --- openssh/platform.c.refactor	2019-04-04 13:19:12.204821389 +0200
 +++ openssh/platform.c	2019-04-04 13:19:12.277822088 +0200
-@@ -32,6 +32,8 @@
+@@ -32,6 +32,9 @@
- #include "openbsd-compat/openbsd-compat.h"
  
+ extern int use_privsep;
  extern ServerOptions options;
 +extern int inetd_flag;
++extern int rexeced_flag;
 +extern Authctxt *the_authctxt;
  
- /* return 1 if we are running with privilege to swap UIDs, 0 otherwise */
+ void
- int
+ platform_pre_listen(void)
 @@ -183,7 +186,9 @@ platform_setusercontext_post_groups(stru
  	}
  #endif /* HAVE_SETPCRED */
  #ifdef WITH_SELINUX
 -	sshd_selinux_setup_exec_context(pw->pw_name);
 +	sshd_selinux_setup_exec_context(pw->pw_name,
-+	    inetd_flag, do_pam_putenv, the_authctxt,
++	    (inetd_flag && !rexeced_flag), do_pam_putenv, the_authctxt,
 +	    options.use_pam);
  #endif
  }
  
-diff -up openssh/sshd-session.c.refactor openssh/sshd-session.c
+diff -up openssh/sshd.c.refactor openssh/sshd.c
---- openssh/sshd-session.c.refactor	2019-04-04 13:19:12.275822068 +0200
+--- openssh/sshd.c.refactor	2019-04-04 13:19:12.275822068 +0200
-+++ openssh/sshd-session.c	2019-04-04 13:19:51.270195262 +0200
++++ openssh/sshd.c	2019-04-04 13:19:51.270195262 +0200
 @@ -158,7 +158,7 @@ int debug_flag = 0;
- int debug_flag = 0;
+ static int test_flag = 0;
  
  /* Flag indicating that the daemon is being started from inetd. */
 -static int inetd_flag = 0;
 +int inetd_flag = 0;
  
- /* debug goes to stderr unless inetd_flag is set */
+ /* Flag indicating that sshd should not detach and become a daemon. */
- static int log_stderr = 0;
+ static int no_daemon_flag = 0;
+@@ -171,7 +171,7 @@ static char **saved_argv;
+ static int saved_argc;
+ 
+ /* re-exec */
+-static int rexeced_flag = 0;
++int rexeced_flag = 0;
+ static int rexec_flag = 1;
+ static int rexec_argc = 0;
+ static char **rexec_argv;
 @@ -2192,7 +2192,9 @@ main(int ac, char **av)
  	}
  #endif
  #ifdef WITH_SELINUX
 -	sshd_selinux_setup_exec_context(authctxt->pw->pw_name);
 +	sshd_selinux_setup_exec_context(authctxt->pw->pw_name,
-+	    inetd_flag, do_pam_putenv, the_authctxt,
++	    (inetd_flag && !rexeced_flag), do_pam_putenv, the_authctxt,
 +	    options.use_pam);
  #endif
  #ifdef USE_PAM
  	if (options.use_pam) {
-diff -up openssh/sshconnect.c.refactor openssh/sshconnect.c
---- openssh/sshconnect.c.refactor	2021-02-24 00:12:03.065325046 +0100
-+++ openssh/sshconnect.c	2021-02-24 00:12:12.126449544 +0100
-@@ -892,7 +892,7 @@ load_hostkeys_command(struct hostkeys *h
- 
- 	if ((pid = subprocess(tag, command, ac, av, &f,
- 	    SSH_SUBPROCESS_STDOUT_CAPTURE|SSH_SUBPROCESS_UNSAFE_PATH|
--	    SSH_SUBPROCESS_PRESERVE_ENV, NULL, NULL, NULL)) == 0)
-+	    SSH_SUBPROCESS_PRESERVE_ENV, NULL, NULL, NULL, 0, NULL)) == 0)
- 		goto out;
- 
- 	load_hostkeys_file(hostkeys, hostfile_hostname, tag, f, 1);

SOURCES/openssh-7.7p1-fips.patch

@@ -0,0 +1,569 @@
+diff -up openssh-7.9p1/cipher-ctr.c.fips openssh-7.9p1/cipher-ctr.c
+--- openssh-7.9p1/cipher-ctr.c.fips	2019-03-11 17:06:37.519877082 +0100
++++ openssh-7.9p1/cipher-ctr.c	2019-03-11 17:06:37.620878031 +0100
+@@ -179,7 +179,8 @@ evp_aes_128_ctr(void)
+ 	aes_ctr.do_cipher = ssh_aes_ctr;
+ #ifndef SSH_OLD_EVP
+ 	aes_ctr.flags = EVP_CIPH_CBC_MODE | EVP_CIPH_VARIABLE_LENGTH |
+-	    EVP_CIPH_ALWAYS_CALL_INIT | EVP_CIPH_CUSTOM_IV;
++	    EVP_CIPH_ALWAYS_CALL_INIT | EVP_CIPH_CUSTOM_IV |
++	    EVP_CIPH_FLAG_FIPS;
+ #endif
+ 	return (&aes_ctr);
+ }
+diff -up openssh-7.9p1/clientloop.c.fips openssh-7.9p1/clientloop.c
+--- openssh-7.9p1/clientloop.c.fips	2019-03-11 17:06:37.523877120 +0100
++++ openssh-7.9p1/clientloop.c	2019-03-11 17:06:37.620878031 +0100
+@@ -2014,7 +2014,8 @@ key_accepted_by_hostkeyalgs(const struct
+ {
+ 	const char *ktype = sshkey_ssh_name(key);
+ 	const char *hostkeyalgs = options.hostkeyalgorithms != NULL ?
+-	    options.hostkeyalgorithms : KEX_DEFAULT_PK_ALG;
++	    options.hostkeyalgorithms : (FIPS_mode() ?
++	    KEX_FIPS_PK_ALG : KEX_DEFAULT_PK_ALG);
+ 
+ 	if (key == NULL || key->type == KEY_UNSPEC)
+ 		return 0;
+diff -up openssh-7.9p1/dh.c.fips openssh-7.9p1/dh.c
+--- openssh-7.9p1/dh.c.fips	2018-10-17 02:01:20.000000000 +0200
++++ openssh-7.9p1/dh.c	2019-03-11 17:08:11.769763057 +0100
+@@ -152,6 +152,12 @@ choose_dh(int min, int wantbits, int max
+ 	int best, bestcount, which, linenum;
+ 	struct dhgroup dhg;
+ 
++	if (FIPS_mode()) {
++		verbose("Using arbitrary primes is not allowed in FIPS mode."
++		    " Falling back to known groups.");
++		return (dh_new_group_fallback(max));
++	}
++
+ 	if ((f = fopen(_PATH_DH_MODULI, "r")) == NULL) {
+ 		logit("WARNING: could not open %s (%s), using fixed modulus",
+ 		    _PATH_DH_MODULI, strerror(errno));
+@@ -489,4 +495,38 @@ dh_estimate(int bits)
+ 	return 8192;
+ }
+ 
++/*
++ * Compares the received DH parameters with known-good groups,
++ * which might be either from group14, group16 or group18.
++ */
++int
++dh_is_known_group(const DH *dh)
++{
++	const BIGNUM *p, *g;
++	const BIGNUM *known_p, *known_g;
++	DH *known = NULL;
++	int bits = 0, rv = 0;
++
++	DH_get0_pqg(dh, &p, NULL, &g);
++	bits = BN_num_bits(p);
++
++	if (bits <= 3072) {
++		known = dh_new_group14();
++	} else if (bits <= 6144) {
++		known = dh_new_group16();
++	} else {
++		known = dh_new_group18();
++	}
++
++	DH_get0_pqg(known, &known_p, NULL, &known_g);
++
++	if (BN_cmp(g, known_g) == 0 &&
++	    BN_cmp(p, known_p) == 0) {
++		rv = 1;
++	}
++
++	DH_free(known);
++	return rv;
++}
++
+ #endif /* WITH_OPENSSL */
+diff -up openssh-7.9p1/dh.h.fips openssh-7.9p1/dh.h
+--- openssh-7.9p1/dh.h.fips	2018-10-17 02:01:20.000000000 +0200
++++ openssh-7.9p1/dh.h	2019-03-11 17:08:18.718828381 +0100
+@@ -43,6 +43,7 @@ DH	*dh_new_group_fallback(int);
+ 
+ int	 dh_gen_key(DH *, int);
+ int	 dh_pub_is_valid(const DH *, const BIGNUM *);
++int	 dh_is_known_group(const DH *);
+ 
+ u_int	 dh_estimate(int);
+ 
+diff -up openssh-7.9p1/kex.c.fips openssh-7.9p1/kex.c
+--- openssh-7.9p1/kex.c.fips	2019-03-11 17:06:37.614877975 +0100
++++ openssh-7.9p1/kex.c	2019-03-11 17:06:37.621878041 +0100
+@@ -175,7 +196,10 @@ kex_names_valid(const char *names)
+ 	for ((p = strsep(&cp, ",")); p && *p != '\0';
+ 	    (p = strsep(&cp, ","))) {
+ 		if (kex_alg_by_name(p) == NULL) {
+-			error("Unsupported KEX algorithm \"%.100s\"", p);
++			if (FIPS_mode())
++				error("\"%.100s\" is not allowed in FIPS mode", p);
++			else
++				error("Unsupported KEX algorithm \"%.100s\"", p);
+ 			free(s);
+ 			return 0;
+ 		}
+diff -up openssh-7.9p1/kexgexc.c.fips openssh-7.9p1/kexgexc.c
+--- openssh-7.9p1/kexgexc.c.fips	2018-10-17 02:01:20.000000000 +0200
++++ openssh-7.9p1/kexgexc.c	2019-03-11 17:06:37.621878041 +0100
+@@ -28,6 +28,7 @@
+ 
+ #ifdef WITH_OPENSSL
+ 
++#include <openssl/crypto.h>
+ #include <sys/types.h>
+ 
+ #include <openssl/dh.h>
+@@ -118,6 +119,10 @@ input_kex_dh_gex_group(int type, u_int32
+ 		r = SSH_ERR_ALLOC_FAIL;
+ 		goto out;
+ 	}
++	if (FIPS_mode() && dh_is_known_group(kex->dh) == 0) {
++		r = SSH_ERR_INVALID_ARGUMENT;
++		goto out;
++	}
+ 	p = g = NULL; /* belong to kex->dh now */
+ 
+ 	/* generate and send 'e', client DH public key */
+diff -up openssh-7.9p1/myproposal.h.fips openssh-7.9p1/myproposal.h
+--- openssh-7.9p1/myproposal.h.fips	2018-10-17 02:01:20.000000000 +0200
++++ openssh-7.9p1/myproposal.h	2019-03-11 17:06:37.621878041 +0100
+@@ -116,6 +116,16 @@
+ 	"rsa-sha2-256," \
+ 	"ssh-rsa"
+ 
++#define	KEX_FIPS_PK_ALG	\
++	HOSTKEY_ECDSA_CERT_METHODS \
++	"rsa-sha2-512-cert-v01@openssh.com," \
++	"rsa-sha2-256-cert-v01@openssh.com," \
++	"ssh-rsa-cert-v01@openssh.com," \
++	HOSTKEY_ECDSA_METHODS \
++	"rsa-sha2-512," \
++	"rsa-sha2-256," \
++	"ssh-rsa"
++
+ /* the actual algorithms */
+ 
+ #define KEX_SERVER_ENCRYPT \
+@@ -139,6 +147,38 @@
+ 
+ #define KEX_CLIENT_MAC KEX_SERVER_MAC
+ 
++#define	KEX_FIPS_ENCRYPT \
++	"aes128-ctr,aes192-ctr,aes256-ctr," \
++	"aes128-cbc,3des-cbc," \
++	"aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se" \
++	AESGCM_CIPHER_MODES
++#ifdef HAVE_EVP_SHA256
++# define KEX_DEFAULT_KEX_FIPS		\
++	KEX_ECDH_METHODS \
++	KEX_SHA2_METHODS \
++	"diffie-hellman-group14-sha256"
++# define KEX_FIPS_MAC \
++	"hmac-sha1," \
++	"hmac-sha2-256," \
++	"hmac-sha2-512," \
++	"hmac-sha1-etm@openssh.com," \
++	"hmac-sha2-256-etm@openssh.com," \
++	"hmac-sha2-512-etm@openssh.com"
++#else
++# ifdef OPENSSL_HAS_NISTP521
++#  define KEX_DEFAULT_KEX_FIPS		\
++	"ecdh-sha2-nistp256," \
++	"ecdh-sha2-nistp384," \
++	"ecdh-sha2-nistp521"
++# else
++#  define KEX_DEFAULT_KEX_FIPS		\
++	"ecdh-sha2-nistp256," \
++	"ecdh-sha2-nistp384"
++# endif
++#define        KEX_FIPS_MAC \
++       "hmac-sha1"
++#endif
++
+ /* Not a KEX value, but here so all the algorithm defaults are together */
+ #define	SSH_ALLOWED_CA_SIGALGS	\
+ 	"ecdsa-sha2-nistp256," \
+diff -up openssh-7.9p1/readconf.c.fips openssh-7.9p1/readconf.c
+--- openssh-7.9p1/readconf.c.fips	2019-03-11 17:06:37.601877853 +0100
++++ openssh-7.9p1/readconf.c	2019-03-11 17:06:37.622878050 +0100
+@@ -2178,18 +2178,19 @@ fill_default_options(Options * options)
+ 	all_kex = kex_alg_list(',');
+ 	all_key = sshkey_alg_list(0, 0, 1, ',');
+ 	all_sig = sshkey_alg_list(0, 1, 1, ',');
+-#define ASSEMBLE(what, defaults, all) \
++#define ASSEMBLE(what, defaults, fips_defaults, all) \
+ 	do { \
+ 		if ((r = kex_assemble_names(&options->what, \
+-		    defaults, all)) != 0) \
++		    (FIPS_mode() ? fips_defaults : defaults), \
++		    all)) != 0) \
+ 			fatal("%s: %s: %s", __func__, #what, ssh_err(r)); \
+ 	} while (0)
+-	ASSEMBLE(ciphers, KEX_CLIENT_ENCRYPT, all_cipher);
+-	ASSEMBLE(macs, KEX_CLIENT_MAC, all_mac);
+-	ASSEMBLE(kex_algorithms, KEX_CLIENT_KEX, all_kex);
+-	ASSEMBLE(hostbased_key_types, KEX_DEFAULT_PK_ALG, all_key);
+-	ASSEMBLE(pubkey_key_types, KEX_DEFAULT_PK_ALG, all_key);
+-	ASSEMBLE(ca_sign_algorithms, SSH_ALLOWED_CA_SIGALGS, all_sig);
++	ASSEMBLE(ciphers, KEX_CLIENT_ENCRYPT, KEX_FIPS_ENCRYPT, all_cipher);
++	ASSEMBLE(macs, KEX_CLIENT_MAC, KEX_FIPS_MAC, all_mac);
++	ASSEMBLE(kex_algorithms, KEX_CLIENT_KEX, KEX_DEFAULT_KEX_FIPS, all_kex);
++	ASSEMBLE(hostbased_key_types, KEX_DEFAULT_PK_ALG, KEX_FIPS_PK_ALG, all_key);
++	ASSEMBLE(pubkey_key_types, KEX_DEFAULT_PK_ALG, KEX_FIPS_PK_ALG, all_key);
++	ASSEMBLE(ca_sign_algorithms, SSH_ALLOWED_CA_SIGALGS, KEX_FIPS_PK_ALG, all_sig);
+ #undef ASSEMBLE
+ 	free(all_cipher);
+ 	free(all_mac);
+diff -up openssh-7.9p1/sandbox-seccomp-filter.c.fips openssh-7.9p1/sandbox-seccomp-filter.c
+--- openssh-7.9p1/sandbox-seccomp-filter.c.fips	2019-03-11 17:06:37.586877712 +0100
++++ openssh-7.9p1/sandbox-seccomp-filter.c	2019-03-11 17:06:37.622878050 +0100
+@@ -137,6 +137,9 @@ static const struct sock_filter preauth_
+ #ifdef __NR_open
+ 	SC_DENY(__NR_open, EACCES),
+ #endif
++#ifdef __NR_socket
++	SC_DENY(__NR_socket, EACCES),
++#endif
+ #ifdef __NR_openat
+ 	SC_DENY(__NR_openat, EACCES),
+ #endif
+diff -up openssh-7.9p1/servconf.c.fips openssh-7.9p1/servconf.c
+--- openssh-7.9p1/servconf.c.fips	2019-03-11 17:06:37.568877543 +0100
++++ openssh-7.9p1/servconf.c	2019-03-11 17:06:37.622878050 +0100
+@@ -209,18 +209,19 @@ assemble_algorithms(ServerOptions *o)
+ 	all_kex = kex_alg_list(',');
+ 	all_key = sshkey_alg_list(0, 0, 1, ',');
+ 	all_sig = sshkey_alg_list(0, 1, 1, ',');
+-#define ASSEMBLE(what, defaults, all) \
++#define ASSEMBLE(what, defaults, fips_defaults, all) \
+ 	do { \
+-		if ((r = kex_assemble_names(&o->what, defaults, all)) != 0) \
++		if ((r = kex_assemble_names(&o->what, (FIPS_mode() \
++		    ? fips_defaults : defaults), all)) != 0) \
+ 			fatal("%s: %s: %s", __func__, #what, ssh_err(r)); \
+ 	} while (0)
+-	ASSEMBLE(ciphers, KEX_SERVER_ENCRYPT, all_cipher);
+-	ASSEMBLE(macs, KEX_SERVER_MAC, all_mac);
+-	ASSEMBLE(kex_algorithms, KEX_SERVER_KEX, all_kex);
+-	ASSEMBLE(hostkeyalgorithms, KEX_DEFAULT_PK_ALG, all_key);
+-	ASSEMBLE(hostbased_key_types, KEX_DEFAULT_PK_ALG, all_key);
+-	ASSEMBLE(pubkey_key_types, KEX_DEFAULT_PK_ALG, all_key);
+-	ASSEMBLE(ca_sign_algorithms, SSH_ALLOWED_CA_SIGALGS, all_sig);
++	ASSEMBLE(ciphers, KEX_SERVER_ENCRYPT, KEX_FIPS_ENCRYPT, all_cipher);
++	ASSEMBLE(macs, KEX_SERVER_MAC, KEX_FIPS_MAC, all_mac);
++	ASSEMBLE(kex_algorithms, KEX_SERVER_KEX, KEX_DEFAULT_KEX_FIPS, all_kex);
++	ASSEMBLE(hostkeyalgorithms, KEX_DEFAULT_PK_ALG, KEX_FIPS_PK_ALG, all_key);
++	ASSEMBLE(hostbased_key_types, KEX_DEFAULT_PK_ALG, KEX_FIPS_PK_ALG, all_key);
++	ASSEMBLE(pubkey_key_types, KEX_DEFAULT_PK_ALG, KEX_FIPS_PK_ALG, all_key);
++	ASSEMBLE(ca_sign_algorithms, SSH_ALLOWED_CA_SIGALGS, KEX_FIPS_PK_ALG, all_sig);
+ #undef ASSEMBLE
+ 	free(all_cipher);
+ 	free(all_mac);
+diff -up openssh-7.9p1/ssh.c.fips openssh-7.9p1/ssh.c
+--- openssh-7.9p1/ssh.c.fips	2019-03-11 17:06:37.602877862 +0100
++++ openssh-7.9p1/ssh.c	2019-03-11 17:06:37.623878060 +0100
+@@ -76,6 +76,7 @@
+ #include <openssl/evp.h>
+ #include <openssl/err.h>
+ #endif
++#include <openssl/crypto.h>
+ #include "openbsd-compat/openssl-compat.h"
+ #include "openbsd-compat/sys-queue.h"
+ 
+@@ -1283,6 +1294,10 @@ main(int ac, char **av)
+ 		dump_client_config(&options, host);
+ 		exit(0);
+ 	}
++
++	if (FIPS_mode()) {
++		debug("FIPS mode initialized");
++	}
+ 
+ 	if (muxclient_command != 0 && options.control_path == NULL)
+ 		fatal("No ControlPath specified for \"-O\" command");
+diff -up openssh-7.9p1/sshconnect2.c.fips openssh-7.9p1/sshconnect2.c
+--- openssh-7.9p1/sshconnect2.c.fips	2019-03-11 17:06:37.580877655 +0100
++++ openssh-7.9p1/sshconnect2.c	2019-03-11 17:06:37.623878060 +0100
+@@ -44,6 +44,8 @@
+ #include <vis.h>
+ #endif
+ 
++#include <openssl/crypto.h>
++
+ #include "openbsd-compat/sys-queue.h"
+ 
+ #include "xmalloc.h"
+@@ -148,7 +150,8 @@ order_hostkeyalgs(char *host, struct soc
+ 	 * Otherwise, prefer the host key algorithms that match known keys
+ 	 * while keeping the ordering of HostkeyAlgorithms as much as possible.
+ 	 */
+-	oavail = avail = xstrdup(KEX_DEFAULT_PK_ALG);
++	oavail = avail = xstrdup((FIPS_mode()
++	    ? KEX_FIPS_PK_ALG : KEX_DEFAULT_PK_ALG));
+ 	maxlen = strlen(avail) + 1;
+ 	first = xmalloc(maxlen);
+ 	last = xmalloc(maxlen);
+@@ -229,14 +232,16 @@ ssh_kex2(struct ssh *ssh, char *host, st
+ 	if (options.hostkeyalgorithms != NULL) {
+ 		all_key = sshkey_alg_list(0, 0, 1, ',');
+ 		if (kex_assemble_names(&options.hostkeyalgorithms,
+-		    KEX_DEFAULT_PK_ALG, all_key) != 0)
++		    (FIPS_mode() ? KEX_FIPS_PK_ALG : KEX_DEFAULT_PK_ALG),
++		    all_key) != 0)
+ 			fatal("%s: kex_assemble_namelist", __func__);
+ 		free(all_key);
+ 		myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] =
+ 		    compat_pkalg_proposal(options.hostkeyalgorithms);
+ 	} else {
+ 		/* Enforce default */
+-		options.hostkeyalgorithms = xstrdup(KEX_DEFAULT_PK_ALG);
++		options.hostkeyalgorithms = xstrdup((FIPS_mode()
++		    ? KEX_FIPS_PK_ALG : KEX_DEFAULT_PK_ALG));
+ 		/* Prefer algorithms that we already have keys for */
+ 		myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] =
+ 		    compat_pkalg_proposal(
+@@ -201,35 +201,40 @@ ssh_kex2(char *host, struct sockaddr *ho
+ 
+ #if defined(GSSAPI) && defined(WITH_OPENSSL)
+ 	if (options.gss_keyex) {
+-		/* Add the GSSAPI mechanisms currently supported on this
+-		 * client to the key exchange algorithm proposal */
+-		orig = myproposal[PROPOSAL_KEX_ALGS];
+-
+-		if (options.gss_server_identity) {
+-			gss_host = xstrdup(options.gss_server_identity);
+-		} else if (options.gss_trust_dns) {
+-			gss_host = remote_hostname(ssh);
+-			/* Fall back to specified host if we are using proxy command
+-			 * and can not use DNS on that socket */
+-			if (strcmp(gss_host, "UNKNOWN") == 0) {
+-				gss_host = xstrdup(host);
+-			}
+-		} else {
+-			gss_host = xstrdup(host);
+-		}
+-
+-		gss = ssh_gssapi_client_mechanisms(gss_host,
+-		    options.gss_client_identity, options.gss_kex_algorithms);
+-		if (gss) {
+-			debug("Offering GSSAPI proposal: %s", gss);
+-			xasprintf(&myproposal[PROPOSAL_KEX_ALGS],
+-			    "%s,%s", gss, orig);
+-
+-			/* If we've got GSSAPI algorithms, then we also support the
+-			 * 'null' hostkey, as a last resort */
+-			orig = myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS];
+-			xasprintf(&myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS],
+-			    "%s,null", orig);
++		if (FIPS_mode()) {
++			logit("Disabling GSSAPIKeyExchange. Not usable in FIPS mode");
++			options.gss_keyex = 0;
++		} else {
++			/* Add the GSSAPI mechanisms currently supported on this
++			 * client to the key exchange algorithm proposal */
++			orig = myproposal[PROPOSAL_KEX_ALGS];
++
++			if (options.gss_server_identity) {
++				gss_host = xstrdup(options.gss_server_identity);
++			} else if (options.gss_trust_dns) {
++				gss_host = remote_hostname(ssh);
++				/* Fall back to specified host if we are using proxy command
++				 * and can not use DNS on that socket */
++				if (strcmp(gss_host, "UNKNOWN") == 0) {
++					gss_host = xstrdup(host);
++				}
++			} else {
++				gss_host = xstrdup(host);
++			}
++
++			gss = ssh_gssapi_client_mechanisms(gss_host,
++			    options.gss_client_identity, options.gss_kex_algorithms);
++			if (gss) {
++				debug("Offering GSSAPI proposal: %s", gss);
++				xasprintf(&myproposal[PROPOSAL_KEX_ALGS],
++				    "%s,%s", gss, orig);
++
++				/* If we've got GSSAPI algorithms, then we also support the
++				 * 'null' hostkey, as a last resort */
++				orig = myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS];
++				xasprintf(&myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS],
++				    "%s,null", orig);
++			}
+ 		}
+ 	}
+ #endif
+diff -up openssh-7.9p1/sshd.c.fips openssh-7.9p1/sshd.c
+--- openssh-7.9p1/sshd.c.fips	2019-03-11 17:06:37.617878003 +0100
++++ openssh-7.9p1/sshd.c	2019-03-11 17:06:37.624878069 +0100
+@@ -66,6 +66,7 @@
+ #include <grp.h>
+ #include <pwd.h>
+ #include <signal.h>
++#include <syslog.h>
+ #include <stdarg.h>
+ #include <stdio.h>
+ #include <stdlib.h>
+@@ -77,6 +78,7 @@
+ #include <openssl/dh.h>
+ #include <openssl/bn.h>
+ #include <openssl/rand.h>
++#include <openssl/crypto.h>
+ #include "openbsd-compat/openssl-compat.h"
+ #endif
+ 
+@@ -1581,6 +1584,7 @@ main(int ac, char **av)
+ #endif
+ 	__progname = ssh_get_progname(av[0]);
+ 
++	OpenSSL_add_all_algorithms();
+ 	/* Save argv. Duplicate so setproctitle emulation doesn't clobber it */
+ 	saved_argc = ac;
+ 	rexec_argc = ac;
+@@ -2036,6 +2051,10 @@ main(int ac, char **av)
+ 	/* Reinitialize the log (because of the fork above). */
+ 	log_init(__progname, options.log_level, options.log_facility, log_stderr);
+ 
++	if (FIPS_mode()) {
++		debug("FIPS mode initialized");
++	}
++
+ 	/* Chdir to the root directory so that the current disk can be
+ 	   unmounted if desired. */
+ 	if (chdir("/") == -1)
+@@ -2412,10 +2431,14 @@ do_ssh2_kex(void)
+ 	if (strlen(myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS]) == 0)
+ 		orig = NULL;
+ 
+-	if (options.gss_keyex)
+-		gss = ssh_gssapi_server_mechanisms();
+-	else
+-		gss = NULL;
++	if (options.gss_keyex) {
++		if (FIPS_mode()) {
++			logit("Disabling GSSAPIKeyExchange. Not usable in FIPS mode");
++			options.gss_keyex = 0;
++		} else {
++			gss = ssh_gssapi_server_mechanisms();
++		}
++	}
+ 
+ 	if (gss && orig)
+ 		xasprintf(&newstr, "%s,%s", gss, orig);
+diff -up openssh-7.9p1/sshkey.c.fips openssh-7.9p1/sshkey.c
+--- openssh-7.9p1/sshkey.c.fips	2019-03-11 17:06:37.617878003 +0100
++++ openssh-7.9p1/sshkey.c	2019-03-11 17:06:37.624878069 +0100
+@@ -34,6 +34,7 @@
+ #include <openssl/evp.h>
+ #include <openssl/err.h>
+ #include <openssl/pem.h>
++#include <openssl/crypto.h>
+ #endif
+ 
+ #include "crypto_api.h"
+@@ -57,6 +58,7 @@
+ #include "sshkey.h"
+ #include "sshkey-xmss.h"
+ #include "match.h"
++#include "log.h"
+ 
+ #include "xmss_fast.h"
+ 
+@@ -392,7 +394,8 @@ sshkey_calculate_signature(EVP_PKEY *pkey
+ {
+ 	EVP_MD_CTX *ctx = NULL;
+ 	u_char *sig = NULL;
+-	int ret, slen, len;
++	int ret, slen;
++	size_t len;
+ 
+ 	if (sigp == NULL || lenp == NULL) {
+ 		return SSH_ERR_INVALID_ARGUMENT;
+@@ -411,9 +414,10 @@ sshkey_calculate_signature(EVP_PKEY *pkey
+ 		ret = SSH_ERR_ALLOC_FAIL;
+ 		goto error;
+ 	}
+-	if (EVP_SignInit_ex(ctx, ssh_digest_to_md(hash_alg), NULL) <= 0 ||
+-	    EVP_SignUpdate(ctx, data, datalen) <= 0 ||
+-	    EVP_SignFinal(ctx, sig, &len, pkey) <= 0) {
++	if (EVP_DigestSignInit(ctx, NULL, ssh_digest_to_md(hash_alg),
++	        NULL, pkey) != 1 ||
++	    EVP_DigestSignUpdate(ctx, data, datalen) != 1 ||
++	    EVP_DigestSignFinal(ctx, sig, &len) != 1) {
+ 		ret = SSH_ERR_LIBCRYPTO_ERROR;
+ 		goto error;
+ 	}
+@@ -440,12 +444,13 @@ sshkey_verify_signature(EVP_PKEY *pkey
+ 	if ((ctx = EVP_MD_CTX_new()) == NULL) {
+ 		return SSH_ERR_ALLOC_FAIL;
+ 	}
+-	if (EVP_VerifyInit_ex(ctx, ssh_digest_to_md(hash_alg), NULL) <= 0 ||
+-	    EVP_VerifyUpdate(ctx, data, datalen) <= 0) {
++	if (EVP_DigestVerifyInit(ctx, NULL, ssh_digest_to_md(hash_alg),
++	    NULL, pkey) != 1 ||
++	    EVP_DigestVerifyUpdate(ctx, data, datalen) != 1) {
+ 		ret = SSH_ERR_LIBCRYPTO_ERROR;
+ 		goto done;
+ 	}
+-	ret = EVP_VerifyFinal(ctx, sigbuf, siglen, pkey);
++	ret = EVP_DigestVerifyFinal(ctx, sigbuf, siglen);
+ 	switch (ret) {
+ 	case 1:
+ 		ret = 0;
+@@ -1514,6 +1516,8 @@ rsa_generate_private_key(u_int bits, RSA
+ 	}
+ 	if (!BN_set_word(f4, RSA_F4) ||
+ 	    !RSA_generate_key_ex(private, bits, f4, NULL)) {
++		if (FIPS_mode())
++			logit("%s: the key length might be unsupported by FIPS mode approved key generation method", __func__);
+ 		ret = SSH_ERR_LIBCRYPTO_ERROR;
+ 		goto out;
+ 	}
+diff -up openssh-7.9p1/ssh-keygen.c.fips openssh-7.9p1/ssh-keygen.c
+--- openssh-7.9p1/ssh-keygen.c.fips	2019-03-11 17:06:37.590877750 +0100
++++ openssh-7.9p1/ssh-keygen.c	2019-03-11 17:06:37.625878079 +0100
+@@ -230,6 +230,12 @@ type_bits_valid(int type, const char *na
+ 	    OPENSSL_DSA_MAX_MODULUS_BITS : OPENSSL_RSA_MAX_MODULUS_BITS;
+ 	if (*bitsp > maxbits)
+ 		fatal("key bits exceeds maximum %d", maxbits);
++	if (FIPS_mode()) {
++		if (type == KEY_DSA)
++			fatal("DSA keys are not allowed in FIPS mode");
++		if (type == KEY_ED25519)
++			fatal("ED25519 keys are not allowed in FIPS mode");
++	}
+ 	switch (type) {
+ 	case KEY_DSA:
+ 		if (*bitsp != 1024)
+@@ -1029,9 +1035,17 @@ do_gen_all_hostkeys(struct passwd *pw)
+ 			first = 1;
+ 			printf("%s: generating new host keys: ", __progname);
+ 		}
++		type = sshkey_type_from_name(key_types[i].key_type);
++
++		/* Skip the keys that are not supported in FIPS mode */
++		if (FIPS_mode() && (type == KEY_DSA || type == KEY_ED25519)) {
++			logit("Skipping %s key in FIPS mode",
++			    key_types[i].key_type_display);
++			goto next;
++		}
++
+ 		printf("%s ", key_types[i].key_type_display);
+ 		fflush(stdout);
+-		type = sshkey_type_from_name(key_types[i].key_type);
+ 		if ((fd = mkstemp(prv_tmp)) == -1) {
+ 			error("Could not save your public key in %s: %s",
+ 			    prv_tmp, strerror(errno));
+diff -up openssh-8.0p1/sshd_config.xxx openssh-8.0p1/sshd_config
+--- openssh-8.0p1/sshd_config.xxx	2023-10-30 13:01:59.150952364 +0100
++++ openssh-8.0p1/sshd_config	2023-10-30 13:02:56.662231354 +0100
+@@ -21,6 +21,7 @@
+ 
+ HostKey /etc/ssh/ssh_host_rsa_key
+ HostKey /etc/ssh/ssh_host_ecdsa_key
++#In FIPS mode Ed25519 keys are not supported, please comment out the next line
+ HostKey /etc/ssh/ssh_host_ed25519_key
+ 
+ # Ciphers and keying

SOURCES/openssh-7.7p1-gssapi-new-unique.patch

@@ -1,26 +1,7 @@
-diff -up openssh-8.6p1/auth.h.ccache_name openssh-8.6p1/auth.h
+diff --git a/auth-krb5.c b/auth-krb5.c
---- openssh-8.6p1/auth.h.ccache_name	2021-04-19 14:05:10.820744325 +0200
+index a5a81ed2..63f877f2 100644
-+++ openssh-8.6p1/auth.h	2021-04-19 14:05:10.853744569 +0200
+--- a/auth-krb5.c
-@@ -83,6 +83,7 @@ struct Authctxt {
++++ b/auth-krb5.c
- 	krb5_principal	 krb5_user;
- 	char		*krb5_ticket_file;
- 	char		*krb5_ccname;
-+	int		 krb5_set_env;
- #endif
- 	struct sshbuf	*loginmsg;
- 
-@@ -231,7 +232,7 @@ struct passwd *fakepw(void);
- int	 sys_auth_passwd(struct ssh *, const char *);
- 
- #if defined(KRB5) && !defined(HEIMDAL)
--krb5_error_code ssh_krb5_cc_gen(krb5_context, krb5_ccache *);
-+krb5_error_code ssh_krb5_cc_new_unique(krb5_context, krb5_ccache *, int *);
- #endif
- 
- #endif /* AUTH_H */
-diff -up openssh-8.6p1/auth-krb5.c.ccache_name openssh-8.6p1/auth-krb5.c
---- openssh-8.6p1/auth-krb5.c.ccache_name	2021-04-16 05:55:25.000000000 +0200
-+++ openssh-8.6p1/auth-krb5.c	2021-04-19 14:40:55.142832954 +0200
 @@ -51,6 +51,7 @@
  #include <unistd.h>
  #include <string.h>
@@ -29,7 +10,7 @@ diff -up openssh-8.6p1/auth-krb5.c.ccache_name openssh-8.6p1/auth-krb5.c
  
  extern ServerOptions	 options;
  
-@@ -77,7 +78,7 @@ auth_krb5_password(Authctxt *authctxt, c
+@@ -77,7 +78,7 @@ auth_krb5_password(Authctxt *authctxt, const char *password)
  #endif
  	krb5_error_code problem;
  	krb5_ccache ccache = NULL;
@@ -38,18 +19,24 @@ diff -up openssh-8.6p1/auth-krb5.c.ccache_name openssh-8.6p1/auth-krb5.c
  	char *client, *platform_client;
  	const char *errmsg;
  
-@@ -163,8 +164,8 @@ auth_krb5_password(Authctxt *authctxt, c
+@@ -163,7 +164,8 @@ auth_krb5_password(Authctxt *authctxt, const char *password)
  		goto out;
  	}
  
--	problem = ssh_krb5_cc_gen(authctxt->krb5_ctx,
+-	problem = ssh_krb5_cc_gen(authctxt->krb5_ctx, &authctxt->krb5_fwd_ccache);
--	    &authctxt->krb5_fwd_ccache);
 +	problem = ssh_krb5_cc_new_unique(authctxt->krb5_ctx,
 +	     &authctxt->krb5_fwd_ccache, &authctxt->krb5_set_env);
  	if (problem)
  		goto out;
  
-@@ -179,15 +180,14 @@ auth_krb5_password(Authctxt *authctxt, c
+@@ -172,21 +174,20 @@ auth_krb5_password(Authctxt *authctxt, const char *password)
+ 	if (problem)
+ 		goto out;
+ 
+-	problem= krb5_cc_store_cred(authctxt->krb5_ctx, authctxt->krb5_fwd_ccache,
++	problem = krb5_cc_store_cred(authctxt->krb5_ctx, authctxt->krb5_fwd_ccache,
+ 				 &creds);
+ 	if (problem)
  		goto out;
  #endif
  
@@ -70,7 +57,7 @@ diff -up openssh-8.6p1/auth-krb5.c.ccache_name openssh-8.6p1/auth-krb5.c
  		do_pam_putenv("KRB5CCNAME", authctxt->krb5_ccname);
  #endif
  
-@@ -223,11 +223,54 @@ auth_krb5_password(Authctxt *authctxt, c
+@@ -222,11 +223,54 @@ auth_krb5_password(Authctxt *authctxt, const char *password)
  void
  krb5_cleanup_proc(Authctxt *authctxt)
  {
@@ -126,7 +113,7 @@ diff -up openssh-8.6p1/auth-krb5.c.ccache_name openssh-8.6p1/auth-krb5.c
  	if (authctxt->krb5_user) {
  		krb5_free_principal(authctxt->krb5_ctx, authctxt->krb5_user);
  		authctxt->krb5_user = NULL;
-@@ -238,36 +281,188 @@ krb5_cleanup_proc(Authctxt *authctxt)
+@@ -237,36 +281,188 @@ krb5_cleanup_proc(Authctxt *authctxt)
  	}
  }
  
@@ -164,7 +151,7 @@ diff -up openssh-8.6p1/auth-krb5.c.ccache_name openssh-8.6p1/auth-krb5.c
 +ssh_krb5_expand_template(char **result, const char *template) {
 +	char *p_n, *p_o, *r, *tmp_template;
 +
-+	debug3_f("called, template = %s", template);
++	debug3("%s: called, template = %s", __func__, template);
 +	if (template == NULL)
 +		return -1;
 +
@@ -192,7 +179,7 @@ diff -up openssh-8.6p1/auth-krb5.c.ccache_name openssh-8.6p1/auth-krb5.c
 +		} else {
 +			p_o = strchr(p_n, '}') + 1;
 +			*p_o = '\0';
-+			debug_f("unsupported token %s in %s", p_n, template);
++			debug("%s: unsupported token %s in %s", __func__, p_n, template);
 +			/* unknown token, fallback to the default */
 +			goto cleanup;
 +		}
@@ -211,13 +198,16 @@ diff -up openssh-8.6p1/auth-krb5.c.ccache_name openssh-8.6p1/auth-krb5.c
 +	return -1;
 +}
 +
-+krb5_error_code
+ krb5_error_code
+-ssh_krb5_cc_gen(krb5_context ctx, krb5_ccache *ccache) {
+-	int tmpfd, ret, oerrno;
+-	char ccname[40];
 +ssh_krb5_get_cctemplate(krb5_context ctx, char **ccname) {
 +	profile_t p;
 +	int ret = 0;
 +	char *value = NULL;
 +
-+	debug3_f("called");
++	debug3("%s: called", __func__);
 +	ret = krb5_get_profile(ctx, &p);
 +	if (ret)
 +		return ret;
@@ -228,14 +218,11 @@ diff -up openssh-8.6p1/auth-krb5.c.ccache_name openssh-8.6p1/auth-krb5.c
 +
 +	ret = ssh_krb5_expand_template(ccname, value);
 +
-+	debug3_f("returning with ccname = %s", *ccname);
++	debug3("%s: returning with ccname = %s", __func__, *ccname);
 +	return ret;
 +}
 +
- krb5_error_code
++krb5_error_code
--ssh_krb5_cc_gen(krb5_context ctx, krb5_ccache *ccache) {
--	int tmpfd, ret, oerrno;
--	char ccname[40];
 +ssh_krb5_cc_new_unique(krb5_context ctx, krb5_ccache *ccache, int *need_environment) {
 +	int tmpfd, ret, oerrno, type_len;
 +	char *ccname = NULL;
@@ -255,7 +242,7 @@ diff -up openssh-8.6p1/auth-krb5.c.ccache_name openssh-8.6p1/auth-krb5.c
 -		logit("mkstemp(): %.100s", strerror(oerrno));
 -		return oerrno;
 -	}
-+	debug3_f("called");
++	debug3("%s: called", __func__);
 +	if (need_environment)
 +		*need_environment = 0;
 +	ret = ssh_krb5_get_cctemplate(ctx, &ccname);
@@ -296,7 +283,7 @@ diff -up openssh-8.6p1/auth-krb5.c.ccache_name openssh-8.6p1/auth-krb5.c
 -	close(tmpfd);
  
 -	return (krb5_cc_resolve(ctx, ccname, ccache));
-+	debug3_f("setting default ccname to %s", ccname);
++	debug3("%s: setting default ccname to %s", __func__, ccname);
 +	/* set the default with already expanded user IDs */
 +	ret = krb5_cc_set_default_name(ctx, ccname);
 +	if (ret)
@@ -317,13 +304,13 @@ diff -up openssh-8.6p1/auth-krb5.c.ccache_name openssh-8.6p1/auth-krb5.c
 +	 * a primary cache for this collection, if it supports that (non-FILE)
 +	 */
 +	if (krb5_cc_support_switch(ctx, type)) {
-+		debug3_f("calling cc_new_unique(%s)", ccname);
++		debug3("%s: calling cc_new_unique(%s)", __func__, ccname);
 +		ret = krb5_cc_new_unique(ctx, type, NULL, ccache);
 +		free(type);
 +		if (ret)
 +			return ret;
 +
-+		debug3_f("calling cc_switch()");
++		debug3("%s: calling cc_switch()", __func__);
 +		return krb5_cc_switch(ctx, *ccache);
 +	} else {
 +		/* Otherwise, we can not create a unique ccname here (either
@@ -331,47 +318,35 @@ diff -up openssh-8.6p1/auth-krb5.c.ccache_name openssh-8.6p1/auth-krb5.c
 +		 * collections
 +		 */
 +		free(type);
-+		debug3_f("calling cc_resolve(%s)", ccname);
++		debug3("%s: calling cc_resolve(%s)", __func__, ccname);
 +		return (krb5_cc_resolve(ctx, ccname, ccache));
 +	}
  }
  #endif /* !HEIMDAL */
  #endif /* KRB5 */
-diff -up openssh-8.6p1/gss-serv.c.ccache_name openssh-8.6p1/gss-serv.c
+diff --git a/auth.h b/auth.h
---- openssh-8.6p1/gss-serv.c.ccache_name	2021-04-19 14:05:10.844744503 +0200
+index 29491df9..fdab5040 100644
-+++ openssh-8.6p1/gss-serv.c	2021-04-19 14:05:10.854744577 +0200
+--- a/auth.h
-@@ -413,13 +413,15 @@ ssh_gssapi_cleanup_creds(void)
++++ b/auth.h
- }
+@@ -82,6 +82,7 @@ struct Authctxt {
- 
+ 	krb5_principal	 krb5_user;
- /* As user */
+ 	char		*krb5_ticket_file;
--void
+ 	char		*krb5_ccname;
-+int
++	int		 krb5_set_env;
- ssh_gssapi_storecreds(void)
- {
- 	if (gssapi_client.mech && gssapi_client.mech->storecreds) {
--		(*gssapi_client.mech->storecreds)(&gssapi_client);
-+		return (*gssapi_client.mech->storecreds)(&gssapi_client);
- 	} else
- 		debug("ssh_gssapi_storecreds: Not a GSSAPI mechanism");
-+
-+	return 0;
- }
- 
- /* This allows GSSAPI methods to do things to the child's environment based
-@@ -499,9 +501,7 @@ ssh_gssapi_rekey_creds(void) {
- 	char *envstr;
  #endif
+ 	struct sshbuf	*loginmsg;
  
--	if (gssapi_client.store.filename == NULL &&
+@@ -243,6 +244,6 @@ int	 sys_auth_passwd(struct ssh *, const char *);
--	    gssapi_client.store.envval == NULL &&
--	    gssapi_client.store.envvar == NULL)
-+	if (gssapi_client.store.envval == NULL)
- 		return;
  
- 	ok = mm_ssh_gssapi_update_creds(&gssapi_client.store);
+ #if defined(KRB5) && !defined(HEIMDAL)
-diff -up openssh-8.6p1/gss-serv-krb5.c.ccache_name openssh-8.6p1/gss-serv-krb5.c
+ #include <krb5.h>
---- openssh-8.6p1/gss-serv-krb5.c.ccache_name	2021-04-19 14:05:10.852744562 +0200
+-krb5_error_code ssh_krb5_cc_gen(krb5_context, krb5_ccache *);
-+++ openssh-8.6p1/gss-serv-krb5.c	2021-04-19 14:05:10.854744577 +0200
++krb5_error_code ssh_krb5_cc_new_unique(krb5_context, krb5_ccache *, int *);
+ #endif
+ #endif
+diff -up openssh-7.9p1/gss-serv-krb5.c.ccache_name openssh-7.9p1/gss-serv-krb5.c
+--- openssh-7.9p1/gss-serv-krb5.c.ccache_name	2019-03-01 15:17:42.708611802 +0100
++++ openssh-7.9p1/gss-serv-krb5.c	2019-03-01 15:17:42.713611844 +0100
 @@ -267,7 +267,7 @@ ssh_gssapi_krb5_cmdok(krb5_principal pri
  /* This writes out any forwarded credentials from the structure populated
   * during userauth. Called after we have setuid to the user */
@@ -474,7 +449,7 @@ diff -up openssh-8.6p1/gss-serv-krb5.c.ccache_name openssh-8.6p1/gss-serv-krb5.c
  		do_pam_putenv(client->store.envvar, client->store.envval);
  #endif
  
-@@ -364,7 +354,7 @@ ssh_gssapi_krb5_storecreds(ssh_gssapi_cl
+@@ -361,7 +355,7 @@ ssh_gssapi_krb5_storecreds(ssh_gssapi_cl
  
  	client->store.data = krb_context;
  
@@ -483,10 +458,43 @@ diff -up openssh-8.6p1/gss-serv-krb5.c.ccache_name openssh-8.6p1/gss-serv-krb5.c
  }
  
  int
-diff -up openssh-8.6p1/servconf.c.ccache_name openssh-8.6p1/servconf.c
+diff --git a/gss-serv.c b/gss-serv.c
---- openssh-8.6p1/servconf.c.ccache_name	2021-04-19 14:05:10.848744532 +0200
+index 6cae720e..16e55cbc 100644
-+++ openssh-8.6p1/servconf.c	2021-04-19 14:05:10.854744577 +0200
+--- a/gss-serv.c
-@@ -136,6 +136,7 @@ initialize_server_options(ServerOptions
++++ b/gss-serv.c
+@@ -320,13 +320,15 @@ ssh_gssapi_getclient(Gssctxt *ctx, ssh_gssapi_client *client)
+ }
+ 
+ /* As user */
+-void
++int
+ ssh_gssapi_storecreds(void)
+ {
+ 	if (gssapi_client.mech && gssapi_client.mech->storecreds) {
+-		(*gssapi_client.mech->storecreds)(&gssapi_client);
++		return (*gssapi_client.mech->storecreds)(&gssapi_client);
+ 	} else
+ 		debug("ssh_gssapi_storecreds: Not a GSSAPI mechanism");
++
++	return 0;
+ }
+ 
+ /* This allows GSSAPI methods to do things to the childs environment based
+@@ -498,9 +500,7 @@ ssh_gssapi_rekey_creds() {
+ 	char *envstr;
+ #endif
+ 
+-	if (gssapi_client.store.filename == NULL &&
+-	    gssapi_client.store.envval == NULL &&
+-	    gssapi_client.store.envvar == NULL)
++	if (gssapi_client.store.envval == NULL)
+ 		return;
+ 
+ 	ok = PRIVSEP(ssh_gssapi_update_creds(&gssapi_client.store));
+diff -up openssh-7.9p1/servconf.c.ccache_name openssh-7.9p1/servconf.c
+--- openssh-7.9p1/servconf.c.ccache_name	2019-03-01 15:17:42.704611768 +0100
++++ openssh-7.9p1/servconf.c	2019-03-01 15:17:42.713611844 +0100
+@@ -123,6 +123,7 @@ initialize_server_options(ServerOptions
  	options->kerberos_or_local_passwd = -1;
  	options->kerberos_ticket_cleanup = -1;
  	options->kerberos_get_afs_token = -1;
@@ -494,7 +502,7 @@ diff -up openssh-8.6p1/servconf.c.ccache_name openssh-8.6p1/servconf.c
  	options->gss_authentication=-1;
  	options->gss_keyex = -1;
  	options->gss_cleanup_creds = -1;
-@@ -359,6 +360,8 @@ fill_default_server_options(ServerOption
+@@ -315,6 +316,8 @@ fill_default_server_options(ServerOptions *options)
  		options->kerberos_ticket_cleanup = 1;
  	if (options->kerberos_get_afs_token == -1)
  		options->kerberos_get_afs_token = 0;
@@ -503,16 +511,17 @@ diff -up openssh-8.6p1/servconf.c.ccache_name openssh-8.6p1/servconf.c
  	if (options->gss_authentication == -1)
  		options->gss_authentication = 0;
  	if (options->gss_keyex == -1)
-@@ -506,7 +509,7 @@ typedef enum {
+@@ -447,7 +450,8 @@ typedef enum {
-	sPort, sHostKeyFile, sLoginGraceTime,
+ 	sPermitRootLogin, sLogFacility, sLogLevel,
-	sPermitRootLogin, sLogFacility, sLogLevel, sLogVerbose,
+ 	sRhostsRSAAuthentication, sRSAAuthentication,
-	sKerberosAuthentication, sKerberosOrLocalPasswd, sKerberosTicketCleanup,
+ 	sKerberosAuthentication, sKerberosOrLocalPasswd, sKerberosTicketCleanup,
--	sKerberosGetAFSToken, sPasswordAuthentication,
+-	sKerberosGetAFSToken, sChallengeResponseAuthentication,
-+	sKerberosGetAFSToken, sKerberosUniqueCCache, sPasswordAuthentication,
++	sKerberosGetAFSToken, sKerberosUniqueCCache,
-	sKbdInteractiveAuthentication, sListenAddress, sAddressFamily,
++	sChallengeResponseAuthentication,
-	sPrintMotd, sPrintLastLog, sIgnoreRhosts,
+ 	sPasswordAuthentication, sKbdInteractiveAuthentication,
-	sX11Forwarding, sX11DisplayOffset, sX11UseLocalhost,
+ 	sListenAddress, sAddressFamily,
-@@ -593,11 +597,13 @@ static struct {
+ 	sPrintMotd, sPrintLastLog, sIgnoreRhosts,
+@@ -526,11 +530,13 @@ static struct {
  #else
  	{ "kerberosgetafstoken", sUnsupported, SSHCFG_GLOBAL },
  #endif
@@ -526,7 +535,7 @@ diff -up openssh-8.6p1/servconf.c.ccache_name openssh-8.6p1/servconf.c
  #endif
  	{ "kerberostgtpassing", sUnsupported, SSHCFG_GLOBAL },
  	{ "afstokenpassing", sUnsupported, SSHCFG_GLOBAL },
-@@ -1573,6 +1579,10 @@ process_server_config_line_depth(ServerO
+@@ -1437,6 +1443,10 @@ process_server_config_line(ServerOptions *options, char *line,
  		intptr = &options->kerberos_get_afs_token;
  		goto parse_flag;
  
@@ -537,7 +546,7 @@ diff -up openssh-8.6p1/servconf.c.ccache_name openssh-8.6p1/servconf.c
  	case sGssAuthentication:
  		intptr = &options->gss_authentication;
  		goto parse_flag;
-@@ -2891,6 +2901,7 @@ dump_config(ServerOptions *o)
+@@ -2507,6 +2517,7 @@ dump_config(ServerOptions *o)
  # ifdef USE_AFS
  	dump_cfg_fmtint(sKerberosGetAFSToken, o->kerberos_get_afs_token);
  # endif
@@ -545,10 +554,11 @@ diff -up openssh-8.6p1/servconf.c.ccache_name openssh-8.6p1/servconf.c
  #endif
  #ifdef GSSAPI
  	dump_cfg_fmtint(sGssAuthentication, o->gss_authentication);
-diff -up openssh-8.6p1/servconf.h.ccache_name openssh-8.6p1/servconf.h
+diff --git a/servconf.h b/servconf.h
---- openssh-8.6p1/servconf.h.ccache_name	2021-04-19 14:05:10.848744532 +0200
+index db8362c6..4fa42d64 100644
-+++ openssh-8.6p1/servconf.h	2021-04-19 14:05:10.855744584 +0200
+--- a/servconf.h
-@@ -140,6 +140,8 @@ typedef struct {
++++ b/servconf.h
+@@ -123,6 +123,8 @@ typedef struct {
  						 * file on logout. */
  	int     kerberos_get_afs_token;		/* If true, try to get AFS token if
  						 * authenticated with Kerberos. */
@@ -557,12 +567,13 @@ diff -up openssh-8.6p1/servconf.h.ccache_name openssh-8.6p1/servconf.h
  	int     gss_authentication;	/* If true, permit GSSAPI authentication */
  	int     gss_keyex;		/* If true, permit GSSAPI key exchange */
  	int     gss_cleanup_creds;	/* If true, destroy cred cache on logout */
-diff -up openssh-8.6p1/session.c.ccache_name openssh-8.6p1/session.c
+diff --git a/session.c b/session.c
---- openssh-8.6p1/session.c.ccache_name	2021-04-19 14:05:10.852744562 +0200
+index 85df6a27..480a5ead 100644
-+++ openssh-8.6p1/session.c	2021-04-19 14:05:10.855744584 +0200
+--- a/session.c
-@@ -1038,7 +1038,8 @@ do_setup_env(struct ssh *ssh, Session *s
++++ b/session.c
+@@ -1033,7 +1033,8 @@ do_setup_env(struct ssh *ssh, Session *s, const char *shell)
  	/* Allow any GSSAPI methods that we've used to alter
- 	 * the child's environment as they see fit
+ 	 * the childs environment as they see fit
  	 */
 -	ssh_gssapi_do_child(&env, &envsize);
 +	if (s->authctxt->krb5_set_env)
@@ -570,7 +581,7 @@ diff -up openssh-8.6p1/session.c.ccache_name openssh-8.6p1/session.c
  #endif
  
  	/* Set basic environment. */
-@@ -1114,7 +1115,7 @@ do_setup_env(struct ssh *ssh, Session *s
+@@ -1105,7 +1106,7 @@ do_setup_env(struct ssh *ssh, Session *s, const char *shell)
  	}
  #endif
  #ifdef KRB5
@@ -579,10 +590,33 @@ diff -up openssh-8.6p1/session.c.ccache_name openssh-8.6p1/session.c
  		child_set_env(&env, &envsize, "KRB5CCNAME",
  		    s->authctxt->krb5_ccname);
  #endif
-diff -up openssh-8.6p1/sshd-session.c.ccache_name openssh-8.6p1/sshd-session.c
+diff --git a/ssh-gss.h b/ssh-gss.h
---- openssh-8.6p1/sshd-session.c.ccache_name	2021-04-19 14:05:10.849744540 +0200
+index 6593e422..245178af 100644
-+++ openssh-8.6p1/sshd-session.c	2021-04-19 14:05:10.855744584 +0200
+--- a/ssh-gss.h
-@@ -2284,7 +2284,7 @@ main(int ac, char **av)
++++ b/ssh-gss.h
+@@ -83,7 +82,7 @@ typedef struct ssh_gssapi_mech_struct {
+ 	int (*dochild) (ssh_gssapi_client *);
+ 	int (*userok) (ssh_gssapi_client *, char *);
+ 	int (*localname) (ssh_gssapi_client *, char **);
+-	void (*storecreds) (ssh_gssapi_client *);
++	int (*storecreds) (ssh_gssapi_client *);
+ 	int (*updatecreds) (ssh_gssapi_ccache *, ssh_gssapi_client *);
+ } ssh_gssapi_mech;
+ 
+@@ -127,7 +126,7 @@ int ssh_gssapi_userok(char *name);
+ OM_uint32 ssh_gssapi_checkmic(Gssctxt *, gss_buffer_t, gss_buffer_t);
+ void ssh_gssapi_do_child(char ***, u_int *);
+ void ssh_gssapi_cleanup_creds(void);
+-void ssh_gssapi_storecreds(void);
++int ssh_gssapi_storecreds(void);
+ const char *ssh_gssapi_displayname(void);
+ 
+ char *ssh_gssapi_server_mechanisms(void);
+diff --git a/sshd.c b/sshd.c
+index edbe815c..89514e8a 100644
+--- a/sshd.c
++++ b/sshd.c
+@@ -2162,7 +2162,7 @@ main(int ac, char **av)
  #ifdef GSSAPI
  	if (options.gss_authentication) {
  		temporarily_use_uid(authctxt->pw);
@@ -591,10 +625,11 @@ diff -up openssh-8.6p1/sshd-session.c.ccache_name openssh-8.6p1/sshd-session.c
  		restore_uid();
  	}
  #endif
-diff -up openssh-8.6p1/sshd_config.5.ccache_name openssh-8.6p1/sshd_config.5
+diff --git a/sshd_config.5 b/sshd_config.5
---- openssh-8.6p1/sshd_config.5.ccache_name	2021-04-19 14:05:10.849744540 +0200
+index c0683d4a..2349f477 100644
-+++ openssh-8.6p1/sshd_config.5	2021-04-19 14:05:10.856744592 +0200
+--- a/sshd_config.5
-@@ -939,6 +939,14 @@ Specifies whether to automatically destr
++++ b/sshd_config.5
+@@ -860,6 +860,14 @@ Specifies whether to automatically destroy the user's ticket cache
  file on logout.
  The default is
  .Cm yes .
@@ -607,26 +642,5 @@ diff -up openssh-8.6p1/sshd_config.5.ccache_name openssh-8.6p1/sshd_config.5
 +can lead to overwriting previous tickets by subseqent connections to the same
 +user account.
  .It Cm KexAlgorithms
- Specifies the permitted KEX (Key Exchange) algorithms that the server will
+ Specifies the available KEX (Key Exchange) algorithms.
- offer to clients.
+ Multiple algorithms must be comma-separated.
-diff -up openssh-8.6p1/ssh-gss.h.ccache_name openssh-8.6p1/ssh-gss.h
---- openssh-8.6p1/ssh-gss.h.ccache_name	2021-04-19 14:05:10.852744562 +0200
-+++ openssh-8.6p1/ssh-gss.h	2021-04-19 14:05:10.855744584 +0200
-@@ -114,7 +114,7 @@ typedef struct ssh_gssapi_mech_struct {
- 	int (*dochild) (ssh_gssapi_client *);
- 	int (*userok) (ssh_gssapi_client *, char *);
- 	int (*localname) (ssh_gssapi_client *, char **);
--	void (*storecreds) (ssh_gssapi_client *);
-+	int (*storecreds) (ssh_gssapi_client *);
- 	int (*updatecreds) (ssh_gssapi_ccache *, ssh_gssapi_client *);
- } ssh_gssapi_mech;
- 
-@@ -175,7 +175,7 @@ int ssh_gssapi_userok(char *name, struct
- OM_uint32 ssh_gssapi_checkmic(Gssctxt *, gss_buffer_t, gss_buffer_t);
- void ssh_gssapi_do_child(char ***, u_int *);
- void ssh_gssapi_cleanup_creds(void);
--void ssh_gssapi_storecreds(void);
-+int ssh_gssapi_storecreds(void);
- const char *ssh_gssapi_displayname(void);
- 
- char *ssh_gssapi_server_mechanisms(void);

SOURCES/openssh-7.7p1-redhat.patch

@@ -0,0 +1,164 @@
+diff -up openssh-7.7p1/ssh_config.redhat openssh-7.7p1/ssh_config
+--- openssh-7.7p1/ssh_config.redhat	2018-04-02 07:38:28.000000000 +0200
++++ openssh-7.7p1/ssh_config	2018-07-03 10:44:06.522245125 +0200
+@@ -44,3 +44,8 @@
+ #   VisualHostKey no
+ #   ProxyCommand ssh -q -W %h:%p gateway.example.com
+ #   RekeyLimit 1G 1h
++#
++# This system is following system-wide crypto policy.
++# To modify the system-wide ssh configuration, create a  *.conf  file under
++#  /etc/ssh/ssh_config.d/  which will be automatically included below
++Include /etc/ssh/ssh_config.d/*.conf
+diff -up openssh-7.7p1/ssh_config_redhat.redhat openssh-7.7p1/ssh_config_redhat
+--- openssh-7.7p1/ssh_config_redhat.redhat	2018-07-03 10:44:06.522245125 +0200
++++ openssh-7.7p1/ssh_config_redhat	2018-07-03 10:44:06.522245125 +0200
+@@ -0,0 +1,21 @@
++# The options here are in the "Match final block" to be applied as the last
++# options and could be potentially overwritten by the user configuration
++Match final all
++	# Follow system-wide Crypto Policy, if defined:
++	Include /etc/crypto-policies/back-ends/openssh.config
++
++	GSSAPIAuthentication yes
++
++# If this option is set to yes then remote X11 clients will have full access
++# to the original X11 display. As virtually no X11 client supports the untrusted
++# mode correctly we set this to yes.
++	ForwardX11Trusted yes
++
++# Send locale-related environment variables
++	SendEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
++	SendEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
++	SendEnv LC_IDENTIFICATION LC_ALL LANGUAGE
++	SendEnv XMODIFIERS
++
++# Uncomment this if you want to use .local domain
++# Host *.local
++#   CheckHostIP no
+diff -up openssh-7.7p1/sshd_config.0.redhat openssh-7.7p1/sshd_config.0
+--- openssh-7.7p1/sshd_config.0.redhat	2018-04-02 07:39:27.000000000 +0200
++++ openssh-7.7p1/sshd_config.0	2018-07-03 10:44:06.523245133 +0200
+@@ -872,9 +872,9 @@ DESCRIPTION
+ 
+      SyslogFacility
+              Gives the facility code that is used when logging messages from
+-             sshd(8).  The possible values are: DAEMON, USER, AUTH, LOCAL0,
+-             LOCAL1, LOCAL2, LOCAL3, LOCAL4, LOCAL5, LOCAL6, LOCAL7.  The
+-             default is AUTH.
++             sshd(8).  The possible values are: DAEMON, USER, AUTH, AUTHPRIV,
++             LOCAL0, LOCAL1, LOCAL2, LOCAL3, LOCAL4, LOCAL5, LOCAL6, LOCAL7.
++             The default is AUTH.
+ 
+      TCPKeepAlive
+              Specifies whether the system should send TCP keepalive messages
+diff -up openssh-7.7p1/sshd_config.5.redhat openssh-7.7p1/sshd_config.5
+--- openssh-7.7p1/sshd_config.5.redhat	2018-04-02 07:38:28.000000000 +0200
++++ openssh-7.7p1/sshd_config.5	2018-07-03 10:44:06.523245133 +0200
+@@ -1461,7 +1461,7 @@ By default no subsystems are defined.
+ .It Cm SyslogFacility
+ Gives the facility code that is used when logging messages from
+ .Xr sshd 8 .
+-The possible values are: DAEMON, USER, AUTH, LOCAL0, LOCAL1, LOCAL2,
++The possible values are: DAEMON, USER, AUTH, AUTHPRIV, LOCAL0, LOCAL1, LOCAL2,
+ LOCAL3, LOCAL4, LOCAL5, LOCAL6, LOCAL7.
+ The default is AUTH.
+ .It Cm TCPKeepAlive
+diff -up openssh-7.7p1/sshd_config.redhat openssh-7.7p1/sshd_config
+--- openssh-7.7p1/sshd_config.redhat	2018-04-02 07:38:28.000000000 +0200
++++ openssh-7.7p1/sshd_config	2018-07-03 10:45:16.950782466 +0200
+@@ -10,20 +10,31 @@
+ # possible, but leave them commented.  Uncommented options override the
+ # default value.
+ 
++# If you want to change the port on a SELinux system, you have to tell
++# SELinux about this change.
++# semanage port -a -t ssh_port_t -p tcp #PORTNUMBER
++#
+ #Port 22
+ #AddressFamily any
+ #ListenAddress 0.0.0.0
+ #ListenAddress ::
+ 
+-#HostKey /etc/ssh/ssh_host_rsa_key
+-#HostKey /etc/ssh/ssh_host_ecdsa_key
+-#HostKey /etc/ssh/ssh_host_ed25519_key
++HostKey /etc/ssh/ssh_host_rsa_key
++HostKey /etc/ssh/ssh_host_ecdsa_key
++HostKey /etc/ssh/ssh_host_ed25519_key
+ 
+ # Ciphers and keying
+ #RekeyLimit default none
+ 
++# This system is following system-wide crypto policy. The changes to
++# crypto properties (Ciphers, MACs, ...) will not have any effect here.
++# They will be overridden by command-line options passed to the server
++# on command line.
++# Please, check manual pages for update-crypto-policies(8) and sshd_config(5).
++
+ # Logging
+ #SyslogFacility AUTH
++SyslogFacility AUTHPRIV
+ #LogLevel INFO
+ 
+ # Authentication:
+@@ -56,9 +70,11 @@ AuthorizedKeysFile	.ssh/authorized_keys
+ # To disable tunneled clear text passwords, change to no here!
+ #PasswordAuthentication yes
+ #PermitEmptyPasswords no
++PasswordAuthentication yes
+ 
+ # Change to no to disable s/key passwords
+ #ChallengeResponseAuthentication yes
++ChallengeResponseAuthentication no
+ 
+ # Kerberos options
+ #KerberosAuthentication no
+@@ -67,8 +83,8 @@ AuthorizedKeysFile	.ssh/authorized_keys
+ #KerberosGetAFSToken no
+ 
+ # GSSAPI options
+-#GSSAPIAuthentication no
+-#GSSAPICleanupCredentials yes
++GSSAPIAuthentication yes
++GSSAPICleanupCredentials no
+ 
+ # Set this to 'yes' to enable PAM authentication, account processing,
+ # and session processing. If this is enabled, PAM authentication will
+@@ -79,16 +95,20 @@ AuthorizedKeysFile	.ssh/authorized_keys
+ # If you just want the PAM account and session checks to run without
+ # PAM authentication, then enable this but set PasswordAuthentication
+ # and ChallengeResponseAuthentication to 'no'.
+-#UsePAM no
++UsePAM yes
+ 
+ #AllowAgentForwarding yes
+ #AllowTcpForwarding yes
+ #GatewayPorts no
+-#X11Forwarding no
++X11Forwarding yes
+ #X11DisplayOffset 10
+ #X11UseLocalhost yes
+ #PermitTTY yes
+-#PrintMotd yes
++
++# It is recommended to use pam_motd in /etc/pam.d/sshd instead of PrintMotd,
++# as it is more configurable and versatile than the built-in version.
++PrintMotd no
++
+ #PrintLastLog yes
+ #TCPKeepAlive yes
+ #PermitUserEnvironment no
+@@ -106,6 +126,12 @@ AuthorizedKeysFile	.ssh/authorized_keys
+ # no default banner path
+ #Banner none
+ 
++# Accept locale-related environment variables
++AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
++AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
++AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE
++AcceptEnv XMODIFIERS
++
+ # override default of no subsystems
+ Subsystem	sftp	/usr/libexec/sftp-server
+ 

SOURCES/openssh-7.8p1-UsePAM-warning.patch

@@ -0,0 +1,26 @@
+diff --git a/sshd.c b/sshd.c
+--- a/sshd.c
++++ b/sshd.c
+@@ -1701,6 +1701,10 @@ main(int ac, char **av)
+ 	parse_server_config(&options, rexeced_flag ? "rexec" : config_file_name,
+ 	    cfg, NULL);
+ 
++	/* 'UsePAM no' is not supported in RHEL */
++	if (! options.use_pam)
++		logit("WARNING: 'UsePAM no' is not supported in RHEL and may cause several problems.");
++
+ 	/* Fill in default values for those options not explicitly set. */
+ 	fill_default_server_options(&options);
+ 
+diff --git a/sshd_config b/sshd_config
+--- a/sshd_config
++++ b/sshd_config
+@@ -101,6 +101,8 @@ GSSAPICleanupCredentials no
+ # If you just want the PAM account and session checks to run without
+ # PAM authentication, then enable this but set PasswordAuthentication
+ # and ChallengeResponseAuthentication to 'no'.
++# WARNING: 'UsePAM no' is not supported in RHEL and may cause several
++# problems.
+ UsePAM yes
+ 
+ #AllowAgentForwarding yes

SOURCES/openssh-7.8p1-role-mls.patch

@@ -23,20 +23,23 @@ diff -up openssh/auth2.c.role-mls openssh/auth2.c
  	if ((style = strchr(user, ':')) != NULL)
  		*style++ = 0;
  
-@@ -314,7 +314,13 @@ input_userauth_request(int type, u_int32
+@@ -296,8 +304,15 @@ input_userauth_request(int type, u_int32
- 		setproctitle("%s [net]", authctxt->valid ? user : "unknown");
+ 		    use_privsep ? " [net]" : "");
  		authctxt->service = xstrdup(service);
  		authctxt->style = style ? xstrdup(style) : NULL;
+-		if (use_privsep)
 +#ifdef WITH_SELINUX
 +		authctxt->role = role ? xstrdup(role) : NULL;
 +#endif
- 		mm_inform_authserv(service, style);
++		if (use_privsep) {
+ 			mm_inform_authserv(service, style);
 +#ifdef WITH_SELINUX
-+         	mm_inform_authrole(role);
++			mm_inform_authrole(role);
 +#endif
++		}
  		userauth_banner(ssh);
- 		if ((r = kex_server_update_ext_info(ssh)) != 0)
+ 		if (auth2_setup_methods_lists(authctxt) != 0)
- 			fatal_fr(r, "kex_server_update_ext_info failed");
+ 			ssh_packet_disconnect(ssh,
 diff -up openssh/auth2-gss.c.role-mls openssh/auth2-gss.c
 --- openssh/auth2-gss.c.role-mls	2018-08-20 07:57:29.000000000 +0200
 +++ openssh/auth2-gss.c	2018-08-22 11:15:42.459799171 +0200
@@ -47,9 +50,9 @@ diff -up openssh/auth2-gss.c.role-mls openssh/auth2-gss.c
 +	char *micuser;
  	struct sshbuf *b;
  	gss_buffer_desc mic, gssbuf;
- 	u_char *p;
+ 	const char *displayname;
 @@ -298,7 +299,13 @@ input_gssapi_mic(int type, u_int32_t ple
- 		fatal_f("sshbuf_new failed");
+ 		fatal("%s: sshbuf_new failed", __func__);
  	mic.value = p;
  	mic.length = len;
 -	ssh_gssapi_buildmic(b, authctxt->user, authctxt->service,
@@ -60,7 +63,7 @@ diff -up openssh/auth2-gss.c.role-mls openssh/auth2-gss.c
 +#endif
 +		micuser = authctxt->user;
 +	ssh_gssapi_buildmic(b, micuser, authctxt->service,
- 	    "gssapi-with-mic", ssh->kex->session_id);
+ 	    "gssapi-with-mic");
  
  	if ((gssbuf.value = sshbuf_mutable_ptr(b)) == NULL)
 @@ -311,6 +318,8 @@ input_gssapi_mic(int type, u_int32_t ple
@@ -71,13 +74,13 @@ diff -up openssh/auth2-gss.c.role-mls openssh/auth2-gss.c
 +		free(micuser);
  	free(mic.value);
  
- 	authctxt->postponed = 0;
+ 	if ((!use_privsep || mm_is_monitor()) &&
 diff -up openssh/auth2-hostbased.c.role-mls openssh/auth2-hostbased.c
 --- openssh/auth2-hostbased.c.role-mls	2018-08-20 07:57:29.000000000 +0200
 +++ openssh/auth2-hostbased.c	2018-08-22 11:14:56.816430924 +0200
 @@ -123,7 +123,16 @@ userauth_hostbased(struct ssh *ssh)
  	/* reconstruct packet */
- 	if ((r = sshbuf_put_stringb(b, ssh->kex->session_id)) != 0 ||
+ 	if ((r = sshbuf_put_string(b, session_id2, session_id2_len)) != 0 ||
  	    (r = sshbuf_put_u8(b, SSH2_MSG_USERAUTH_REQUEST)) != 0 ||
 +#ifdef WITH_SELINUX
 +	    (authctxt->role
@@ -90,7 +93,7 @@ diff -up openssh/auth2-hostbased.c.role-mls openssh/auth2-hostbased.c
  	    (r = sshbuf_put_cstring(b, authctxt->user)) != 0 ||
 +#endif
  	    (r = sshbuf_put_cstring(b, authctxt->service)) != 0 ||
- 	    (r = sshbuf_put_cstring(b, method)) != 0 ||
+ 	    (r = sshbuf_put_cstring(b, "hostbased")) != 0 ||
  	    (r = sshbuf_put_string(b, pkalg, alen)) != 0 ||
 diff -up openssh/auth2-pubkey.c.role-mls openssh/auth2-pubkey.c
 --- openssh/auth2-pubkey.c.role-mls	2018-08-22 11:14:56.816430924 +0200
@@ -138,19 +141,33 @@ diff -up openssh/auth-pam.c.role-mls openssh/auth-pam.c
 +do_pam_putenv(char *name, const char *value)
  {
  	int ret = 1;
- 	char *compound;
+ #ifdef HAVE_PAM_PUTENV
 diff -up openssh/auth-pam.h.role-mls openssh/auth-pam.h
 --- openssh/auth-pam.h.role-mls	2018-08-20 07:57:29.000000000 +0200
 +++ openssh/auth-pam.h	2018-08-22 11:14:56.817430932 +0200
 @@ -33,7 +33,7 @@ u_int do_pam_account(void);
  void do_pam_session(struct ssh *);
- void do_pam_setcred(void);
+ void do_pam_setcred(int );
  void do_pam_chauthtok(void);
 -int do_pam_putenv(char *, char *);
 +int do_pam_putenv(char *, const char *);
  char ** fetch_pam_environment(void);
  char ** fetch_pam_child_environment(void);
  void free_pam_environment(char **);
+diff -up openssh/configure.ac.role-mls openssh/configure.ac
+--- openssh/configure.ac.role-mls	2018-08-20 07:57:29.000000000 +0200
++++ openssh/configure.ac	2018-08-22 11:14:56.820430957 +0200
+@@ -4241,10 +4241,7 @@ AC_ARG_WITH([selinux],
+ 			  LIBS="$LIBS -lselinux"
+ 			],
+ 			AC_MSG_ERROR([SELinux support requires libselinux library]))
+-		SSHLIBS="$SSHLIBS $LIBSELINUX"
+-		SSHDLIBS="$SSHDLIBS $LIBSELINUX"
+ 		AC_CHECK_FUNCS([getseuserbyname get_default_context_with_level])
+-		LIBS="$save_LIBS"
+ 	fi ]
+ )
+ AC_SUBST([SSHLIBS])
 diff -up openssh/misc.c.role-mls openssh/misc.c
 --- openssh/misc.c.role-mls	2018-08-20 07:57:29.000000000 +0200
 +++ openssh/misc.c	2018-08-22 11:14:56.817430932 +0200
@@ -176,10 +193,10 @@ diff -up openssh/misc.c.role-mls openssh/misc.c
  	}
  	return NULL;
  }
-diff -up openssh-8.6p1/monitor.c.role-mls openssh-8.6p1/monitor.c
+diff -up openssh/monitor.c.role-mls openssh/monitor.c
---- openssh-8.6p1/monitor.c.role-mls	2021-04-16 05:55:25.000000000 +0200
+--- openssh/monitor.c.role-mls	2018-08-20 07:57:29.000000000 +0200
-+++ openssh-8.6p1/monitor.c	2021-05-21 14:21:56.719414087 +0200
++++ openssh/monitor.c	2018-08-22 11:19:56.006844867 +0200
-@@ -117,6 +117,9 @@ int mm_answer_sign(struct ssh *, int, st
+@@ -115,6 +115,9 @@ int mm_answer_sign(int, struct sshbuf *)
  int mm_answer_pwnamallow(struct ssh *, int, struct sshbuf *);
  int mm_answer_auth2_read_banner(struct ssh *, int, struct sshbuf *);
  int mm_answer_authserv(struct ssh *, int, struct sshbuf *);
@@ -189,7 +206,7 @@ diff -up openssh-8.6p1/monitor.c.role-mls openssh-8.6p1/monitor.c
  int mm_answer_authpassword(struct ssh *, int, struct sshbuf *);
  int mm_answer_bsdauthquery(struct ssh *, int, struct sshbuf *);
  int mm_answer_bsdauthrespond(struct ssh *, int, struct sshbuf *);
-@@ -195,6 +198,9 @@ struct mon_table mon_dispatch_proto20[]
+@@ -189,6 +192,9 @@ struct mon_table mon_dispatch_proto20[]
      {MONITOR_REQ_SIGN, MON_ONCE, mm_answer_sign},
      {MONITOR_REQ_PWNAM, MON_ONCE, mm_answer_pwnamallow},
      {MONITOR_REQ_AUTHSERV, MON_ONCE, mm_answer_authserv},
@@ -199,7 +216,7 @@ diff -up openssh-8.6p1/monitor.c.role-mls openssh-8.6p1/monitor.c
      {MONITOR_REQ_AUTH2_READ_BANNER, MON_ONCE, mm_answer_auth2_read_banner},
      {MONITOR_REQ_AUTHPASSWORD, MON_AUTH, mm_answer_authpassword},
  #ifdef USE_PAM
-@@ -803,6 +809,9 @@ mm_answer_pwnamallow(struct ssh *ssh, in
+@@ -796,6 +802,9 @@ mm_answer_pwnamallow(int sock, struct ss
  
  	/* Allow service/style information on the auth context */
  	monitor_permit(mon_dispatch, MONITOR_REQ_AUTHSERV, 1);
@@ -209,7 +226,7 @@ diff -up openssh-8.6p1/monitor.c.role-mls openssh-8.6p1/monitor.c
  	monitor_permit(mon_dispatch, MONITOR_REQ_AUTH2_READ_BANNER, 1);
  
  #ifdef USE_PAM
-@@ -877,6 +886,26 @@ key_base_type_match(const char *method,
+@@ -842,6 +851,26 @@ mm_answer_authserv(int sock, struct sshb
  	return found;
  }
  
@@ -221,8 +238,8 @@ diff -up openssh-8.6p1/monitor.c.role-mls openssh-8.6p1/monitor.c
 +	monitor_permit_authentications(1);
 +
 +	if ((r = sshbuf_get_cstring(m, &authctxt->role, NULL)) != 0)
-+		fatal_f("buffer error: %s", ssh_err(r));
++		fatal("%s: buffer error: %s", __func__, ssh_err(r));
-+	debug3_f("role=%s", authctxt->role);
++	debug3("%s: role=%s", __func__, authctxt->role);
 +
 +	if (strlen(authctxt->role) == 0) {
 +		free(authctxt->role);
@@ -236,25 +253,25 @@ diff -up openssh-8.6p1/monitor.c.role-mls openssh-8.6p1/monitor.c
  int
  mm_answer_authpassword(struct ssh *ssh, int sock, struct sshbuf *m)
  {
-@@ -1251,7 +1280,7 @@ monitor_valid_userblob(struct ssh *ssh,
+@@ -1218,7 +1247,7 @@ monitor_valid_userblob(u_char *data, u_i
+ {
  	struct sshbuf *b;
-	struct sshkey *hostkey = NULL;
  	const u_char *p;
 -	char *userstyle, *cp;
 +	char *userstyle, *s, *cp;
  	size_t len;
  	u_char type;
- 	int hostbound = 0, r, fail = 0;
+ 	int r, fail = 0;
-@@ -1282,6 +1311,8 @@ monitor_valid_userblob(struct ssh *ssh,
+@@ -1251,6 +1280,8 @@ monitor_valid_userblob(u_char *data, u_i
  		fail++;
  	if ((r = sshbuf_get_cstring(b, &cp, NULL)) != 0)
- 		fatal_fr(r, "parse userstyle");
+ 		fatal("%s: buffer error: %s", __func__, ssh_err(r));
 +	if ((s = strchr(cp, '/')) != NULL)
 +		*s = '\0';
  	xasprintf(&userstyle, "%s%s%s", authctxt->user,
  	    authctxt->style ? ":" : "",
  	    authctxt->style ? authctxt->style : "");
-@@ -1317,7 +1348,7 @@ monitor_valid_hostbasedblob(const u_char
+@@ -1286,7 +1317,7 @@ monitor_valid_hostbasedblob(u_char *data
  {
  	struct sshbuf *b;
  	const u_char *p;
@@ -263,10 +280,10 @@ diff -up openssh-8.6p1/monitor.c.role-mls openssh-8.6p1/monitor.c
  	size_t len;
  	int r, fail = 0;
  	u_char type;
-@@ -1338,6 +1370,8 @@ monitor_valid_hostbasedblob(const u_char
+@@ -1308,6 +1339,8 @@ monitor_valid_hostbasedblob(u_char *data
  		fail++;
  	if ((r = sshbuf_get_cstring(b, &cp, NULL)) != 0)
- 		fatal_fr(r, "parse userstyle");
+ 		fatal("%s: buffer error: %s", __func__, ssh_err(r));
 +	if ((s = strchr(cp, '/')) != NULL)
 +		*s = '\0';
  	xasprintf(&userstyle, "%s%s%s", authctxt->user,
@@ -302,12 +319,12 @@ diff -up openssh/monitor_wrap.c.role-mls openssh/monitor_wrap.c
 +	int r;
 +	struct sshbuf *m;
 +
-+	debug3_f("entering");
++	debug3("%s entering", __func__);
 +
 +	if ((m = sshbuf_new()) == NULL)
-+		fatal_f("sshbuf_new failed");
++		fatal("%s: sshbuf_new failed", __func__);
 +	if ((r = sshbuf_put_cstring(m, role ? role : "")) != 0)
-+		fatal_f("buffer error: %s", ssh_err(r));
++		fatal("%s: buffer error: %s", __func__, ssh_err(r));
 +	mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_AUTHROLE, m);
 +
 +	sshbuf_free(m);
@@ -321,8 +338,8 @@ diff -up openssh/monitor_wrap.h.role-mls openssh/monitor_wrap.h
 --- openssh/monitor_wrap.h.role-mls	2018-08-22 11:14:56.818430941 +0200
 +++ openssh/monitor_wrap.h	2018-08-22 11:22:10.439929513 +0200
 @@ -44,6 +44,9 @@ DH *mm_choose_dh(int, int, int);
-     const u_char *, size_t, const char *, const char *,
+ int mm_sshkey_sign(struct ssh *, struct sshkey *, u_char **, size_t *,
-     const char *, u_int compat);
+     const u_char *, size_t, const char *, u_int compat);
  void mm_inform_authserv(char *, char *);
 +#ifdef WITH_SELINUX
 +void mm_inform_authrole(char *);
@@ -334,7 +351,7 @@ diff -up openssh/openbsd-compat/Makefile.in.role-mls openssh/openbsd-compat/Make
 --- openssh/openbsd-compat/Makefile.in.role-mls	2018-08-20 07:57:29.000000000 +0200
 +++ openssh/openbsd-compat/Makefile.in	2018-08-22 11:14:56.819430949 +0200
 @@ -92,7 +92,8 @@ PORTS=	port-aix.o \
- 	port-prngd.o \
+ 	port-linux.o \
  	port-solaris.o \
  	port-net.o \
 -	port-uw.o
@@ -342,7 +359,7 @@ diff -up openssh/openbsd-compat/Makefile.in.role-mls openssh/openbsd-compat/Make
 +	port-linux-sshd.o
  
  .c.o:
- 	$(CC) $(CFLAGS_NOPIE) $(PICFLAG) $(CPPFLAGS) -c $<
+ 	$(CC) $(CFLAGS) $(CPPFLAGS) -c $<
 diff -up openssh/openbsd-compat/port-linux.c.role-mls openssh/openbsd-compat/port-linux.c
 --- openssh/openbsd-compat/port-linux.c.role-mls	2018-08-20 07:57:29.000000000 +0200
 +++ openssh/openbsd-compat/port-linux.c	2018-08-22 11:14:56.819430949 +0200
@@ -354,7 +371,7 @@ diff -up openssh/openbsd-compat/port-linux.c.role-mls openssh/openbsd-compat/por
 -void
 -ssh_selinux_setup_exec_context(char *pwname)
 -{
--	char *user_ctx = NULL;
+-	security_context_t user_ctx = NULL;
 -
 -	if (!ssh_selinux_enabled())
 -		return;
@@ -390,7 +407,7 @@ diff -up openssh/openbsd-compat/port-linux.c.role-mls openssh/openbsd-compat/por
  
 -	user_ctx = ssh_selinux_getctxbyname(pwname);
 +	if (getexeccon(&user_ctx) != 0) {
-+		error_f("getexeccon: %s", strerror(errno));
++		error("%s: getexeccon: %s", __func__, strerror(errno));
 +		goto out;
 +	}
 +
@@ -415,7 +432,7 @@ diff -up openssh/openbsd-compat/port-linux.h.role-mls openssh/openbsd-compat/por
 diff -up openssh/openbsd-compat/port-linux-sshd.c.role-mls openssh/openbsd-compat/port-linux-sshd.c
 --- openssh/openbsd-compat/port-linux-sshd.c.role-mls	2018-08-22 11:14:56.819430949 +0200
 +++ openssh/openbsd-compat/port-linux-sshd.c	2018-08-22 11:14:56.819430949 +0200
-@@ -0,0 +1,420 @@
+@@ -0,0 +1,425 @@
 +/*
 + * Copyright (c) 2005 Daniel Walsh <dwalsh@redhat.com>
 + * Copyright (c) 2014 Petr Lautrbach <plautrba@redhat.com>
@@ -469,6 +486,7 @@ diff -up openssh/openbsd-compat/port-linux-sshd.c.role-mls openssh/openbsd-compa
 +extern ServerOptions options;
 +extern Authctxt *the_authctxt;
 +extern int inetd_flag;
++extern int rexeced_flag;
 +
 +/* Send audit message */
 +static int
@@ -526,7 +544,7 @@ diff -up openssh/openbsd-compat/port-linux-sshd.c.role-mls openssh/openbsd-compa
 +	access_vector_t bit;
 +	security_class_t class;
 +
-+	debug_f("src:%s dst:%s", src, dst);
++	debug("%s: src:%s dst:%s", __func__, src, dst);
 +	class = string_to_security_class("context");
 +	if (!class) {
 +		error("string_to_security_class failed to translate security class context");
@@ -674,7 +692,7 @@ diff -up openssh/openbsd-compat/port-linux-sshd.c.role-mls openssh/openbsd-compa
 +
 +	if (r == 0) {
 +		/* If launched from xinetd, we must use current level */
-+		if (inetd_flag) {
++		if (inetd_flag && !rexeced_flag) {
 +			security_context_t sshdsc=NULL;
 +
 +			if (getcon_raw(&sshdsc) < 0)
@@ -688,7 +706,7 @@ diff -up openssh/openbsd-compat/port-linux-sshd.c.role-mls openssh/openbsd-compa
 +			    /* we actually don't change level */
 +			    reqlvl = "";
 +
-+			debug_f("current connection level '%s'", reqlvl);
++			debug("%s: current connection level '%s'", __func__, reqlvl);
 +
 +		}
 +
@@ -716,8 +734,8 @@ diff -up openssh/openbsd-compat/port-linux-sshd.c.role-mls openssh/openbsd-compa
 +		}
 +	}
 +	if (r != 0) {
-+		error_f("Failed to get default SELinux security "
++		error("%s: Failed to get default SELinux security "
-+		    "context for %s", pwname);
++		    "context for %s", __func__, pwname);
 +	}
 +
 +#ifdef HAVE_GETSEUSERBYNAME
@@ -742,13 +760,13 @@ diff -up openssh/openbsd-compat/port-linux-sshd.c.role-mls openssh/openbsd-compa
 +	char *use_current;
 +	int rv;
 +
-+	debug3_f("setting execution context");
++	debug3("%s: setting execution context", __func__);
 +
 +	ssh_selinux_get_role_level(&role, &reqlvl);
 +
 +	rv = do_pam_putenv("SELINUX_ROLE_REQUESTED", role ? role : "");
 +
-+	if (inetd_flag) {
++	if (inetd_flag && !rexeced_flag) {
 +		use_current = "1";
 +	} else {
 +		use_current = "";
@@ -779,30 +797,32 @@ diff -up openssh/openbsd-compat/port-linux-sshd.c.role-mls openssh/openbsd-compa
 +		if (sshd_selinux_setup_pam_variables()) {
 +			switch (security_getenforce()) {
 +			case -1:
-+				fatal_f("security_getenforce() failed");
++				fatal("%s: security_getenforce() failed", __func__);
 +			case 0:
-+				error_f("SELinux PAM variable setup failure. Continuing in permissive mode.");
++				error("%s: SELinux PAM variable setup failure. Continuing in permissive mode.",
++				    __func__);
 +			break;
 +			default:
-+				fatal_f("SELinux PAM variable setup failure. Aborting connection.");
++				fatal("%s: SELinux PAM variable setup failure. Aborting connection.",
++				    __func__);
 +			}
 +		}
 +		return;
 +	}
 +
-+	debug3_f("setting execution context");
++	debug3("%s: setting execution context", __func__);
 +
 +	r = sshd_selinux_getctxbyname(pwname, &default_ctx, &user_ctx);
 +	if (r >= 0) {
 +		r = setexeccon(user_ctx);
 +		if (r < 0) {
-+			error_f("Failed to set SELinux execution context %s for %s",
++			error("%s: Failed to set SELinux execution context %s for %s",
-+			    user_ctx, pwname);
++			    __func__, user_ctx, pwname);
 +		}
 +#ifdef HAVE_SETKEYCREATECON
 +		else if (setkeycreatecon(user_ctx) < 0) {
-+			error_f("Failed to set SELinux keyring creation context %s for %s",
++			error("%s: Failed to set SELinux keyring creation context %s for %s",
-+			    user_ctx, pwname);
++			    __func__, user_ctx, pwname);
 +		}
 +#endif
 +	}
@@ -817,12 +837,14 @@ diff -up openssh/openbsd-compat/port-linux-sshd.c.role-mls openssh/openbsd-compa
 +	if (r < 0) {
 +		switch (security_getenforce()) {
 +		case -1:
-+			fatal_f("security_getenforce() failed");
++			fatal("%s: security_getenforce() failed", __func__);
 +		case 0:
-+			error_f("ELinux failure. Continuing in permissive mode.");
++			error("%s: SELinux failure. Continuing in permissive mode.",
++			    __func__);
 +			break;
 +		default:
-+			fatal_f("SELinux failure. Aborting connection.");
++			fatal("%s: SELinux failure. Aborting connection.",
++			    __func__);
 +		}
 +	}
 +	if (user_ctx != NULL && user_ctx != default_ctx)
@@ -830,7 +852,7 @@ diff -up openssh/openbsd-compat/port-linux-sshd.c.role-mls openssh/openbsd-compa
 +	if (default_ctx != NULL)
 +		freecon(default_ctx);
 +
-+	debug3_f("done");
++	debug3("%s: done", __func__);
 +}
 +
 +#endif
@@ -849,8 +871,8 @@ diff -up openssh/platform.c.role-mls openssh/platform.c
  }
  
 diff -up openssh/sshd.c.role-mls openssh/sshd.c
---- openssh/sshd-session.c.role-mls	2018-08-20 07:57:29.000000000 +0200
+--- openssh/sshd.c.role-mls	2018-08-20 07:57:29.000000000 +0200
-+++ openssh/sshd-session.c	2018-08-22 11:14:56.820430957 +0200
++++ openssh/sshd.c	2018-08-22 11:14:56.820430957 +0200
 @@ -2186,6 +2186,9 @@ main(int ac, char **av)
  		restore_uid();
  	}
@@ -860,4 +882,4 @@ diff -up openssh/sshd.c.role-mls openssh/sshd.c
 +#endif
  #ifdef USE_PAM
  	if (options.use_pam) {
- 		do_pam_setcred();
+ 		do_pam_setcred(1);

SOURCES/openssh-7.9p1-ssh-copy-id.patch

@@ -0,0 +1,42 @@
+diff -up openssh-7.9p1/contrib/ssh-copy-id.ssh-copy-id openssh-7.9p1/contrib/ssh-copy-id
+--- openssh-7.9p1/contrib/ssh-copy-id.ssh-copy-id	2018-10-17 02:01:20.000000000 +0200
++++ openssh-7.9p1/contrib/ssh-copy-id	2019-01-23 20:49:30.513393667 +0100
+@@ -112,7 +112,8 @@ do
+         usage
+   }
+ 
+-  OPT= OPTARG=
++  OPT=
++  OPTARG=
+   # implement something like getopt to avoid Solaris pain
+   case "$1" in
+     -i?*|-o?*|-p?*)
+@@ -185,8 +185,8 @@
+   usage
+ fi
+ 
+-# drop trailing colon
+-USER_HOST=$(printf "%s\n" "$1" | sed 's/:$//')
++# don't drop trailing colon because it can be a valid ipv6 address
++USER_HOST=$(printf "%s\n" "$1")
+ # tack the hostname onto SSH_OPTS
+ SSH_OPTS="${SSH_OPTS:+$SSH_OPTS }'$(quote "$USER_HOST")'"
+ # and populate "$@" for later use (only way to get proper quoting of options)
+@@ -261,7 +262,7 @@ populate_new_ids() {
+   fi
+   if [ -z "$NEW_IDS" ] ; then
+     printf '\n%s: WARNING: All keys were skipped because they already exist on the remote system.\n' "$0" >&2
+-    printf '\t\t(if you think this is a mistake, you may want to use -f option)\n\n' "$0" >&2
++    printf '\t\t(if you think this is a mistake, you may want to use -f option)\n\n' >&2
+     exit 0
+   fi
+   printf '%s: INFO: %d key(s) remain to be installed -- if you are prompted now it is to install the new keys\n' "$0" "$(printf '%s\n' "$NEW_IDS" | wc -l)" >&2
+@@ -296,7 +297,7 @@ case "$REMOTE_VERSION" in
+     # in ssh below - to defend against quirky remote shells: use 'exec sh -c' to get POSIX;
+     #     'cd' to be at $HOME; add a newline if it's missing; and all on one line, because tcsh.
+     [ "$DRY_RUN" ] || printf '%s\n' "$NEW_IDS" | \
+-      ssh "$@" "exec sh -c 'cd ; umask 077 ; mkdir -p .ssh && { [ -z "'`tail -1c .ssh/authorized_keys 2>/dev/null`'" ] || echo >> .ssh/authorized_keys ; } && cat >> .ssh/authorized_keys || exit 1 ; if type restorecon >/dev/null 2>&1 ; then restorecon -F .ssh .ssh/authorized_keys ; fi'" \
++      ssh "$@" "exec sh -c 'cd ; umask 077 ; mkdir -p .ssh && { [ -z "'`tail -1c .ssh/authorized_keys 2>/dev/null`'" ] || echo >> .ssh/authorized_keys || exit 1; } && cat >> .ssh/authorized_keys || exit 1 ; if type restorecon >/dev/null 2>&1 ; then restorecon -F .ssh .ssh/authorized_keys ; fi'" \
+       || exit 1
+     ADDED=$(printf '%s\n' "$NEW_IDS" | wc -l)
+     ;;

SOURCES/openssh-8.0p1-avoidkillall.patch

@@ -0,0 +1,20 @@
+diff --git a/sftp.c b/sftp.c
+index b66037f1..54538ff9 100644
+--- a/sftp.c
++++ b/sftp.c
+@@ -220,9 +220,12 @@ static const struct CMD cmds[] = {
+ static void
+ killchild(int signo)
+ {
+-	if (sshpid > 1) {
+-		kill(sshpid, SIGTERM);
+-		waitpid(sshpid, NULL, 0);
++	pid_t pid;
++
++	pid = sshpid;
++	if (pid > 1) {
++		kill(pid, SIGTERM);
++		(void)waitpid(pid, NULL, 0);
+ 	}
+ 
+ 	_exit(1);

SOURCES/openssh-8.0p1-bigsshdconfig.patch

@@ -0,0 +1,13 @@
+diff --git a/msg.c b/msg.c
+index 99c25cd2..574a566e 100644
+--- a/msg.c
++++ b/msg.c
+@@ -77,7 +77,7 @@ ssh_msg_recv(int fd, struct sshbuf *m)
+ 		return (-1);
+ 	}
+ 	msg_len = get_u32(buf);
+-	if (msg_len > 256 * 1024) {
++	if (msg_len > sshbuf_max_size(m)) {
+ 		error("ssh_msg_recv: read: bad msg_len %u", msg_len);
+ 		return (-1);
+ 	}

SOURCES/openssh-8.0p1-channel-limits.patch

@@ -0,0 +1,33 @@
+diff -up openssh-8.0p1/channels.c.channel-limits openssh-8.0p1/channels.c
+--- openssh-8.0p1/channels.c.channel-limits	2021-03-16 12:17:58.905576511 +0100
++++ openssh-8.0p1/channels.c	2021-03-16 12:17:58.925576667 +0100
+@@ -354,6 +354,7 @@ channel_new(struct ssh *ssh, char *ctype
+ 	struct ssh_channels *sc = ssh->chanctxt;
+ 	u_int i, found;
+ 	Channel *c;
++	int r;
+ 
+ 	/* Try to find a free slot where to put the new channel. */
+ 	for (i = 0; i < sc->channels_alloc; i++) {
+@@ -383,6 +384,8 @@ channel_new(struct ssh *ssh, char *ctype
+ 	    (c->output = sshbuf_new()) == NULL ||
+ 	    (c->extended = sshbuf_new()) == NULL)
+ 		fatal("%s: sshbuf_new failed", __func__);
++	if ((r = sshbuf_set_max_size(c->input, CHAN_INPUT_MAX)) != 0)
++		fatal("%s: sshbuf_set_max_size: %s", __func__, ssh_err(r));
+ 	c->ostate = CHAN_OUTPUT_OPEN;
+ 	c->istate = CHAN_INPUT_OPEN;
+ 	channel_register_fds(ssh, c, rfd, wfd, efd, extusage, nonblock, 0);
+diff -up openssh-8.0p1/channels.h.channel-limits openssh-8.0p1/channels.h
+--- openssh-8.0p1/channels.h.channel-limits	2021-03-16 12:17:58.868576223 +0100
++++ openssh-8.0p1/channels.h	2021-03-16 12:17:58.907576527 +0100
+@@ -215,6 +215,9 @@ struct Channel {
+ /* Read buffer size */
+ #define CHAN_RBUF	(16*1024)
+ 
++/* Maximum channel input buffer size */
++#define CHAN_INPUT_MAX	(16*1024*1024)
++
+ /* Hard limit on number of channels */
+ #define CHANNELS_MAX_CHANNELS	(16*1024)
+ 

SOURCES/openssh-8.0p1-client_alive_count_max.patch

@@ -0,0 +1,28 @@
+diff --git a/serverloop.c b/serverloop.c
+index e16eabe2..a8c99e2e 100644
+--- a/serverloop.c
++++ b/serverloop.c
+@@ -184,7 +184,8 @@ client_alive_check(struct ssh *ssh)
+ 	int r, channel_id;
+ 
+ 	/* timeout, check to see how many we have had */
+-	if (ssh_packet_inc_alive_timeouts(ssh) >
++	if (options.client_alive_count_max > 0 &&
++	    ssh_packet_inc_alive_timeouts(ssh) >
+ 	    options.client_alive_count_max) {
+ 		sshpkt_fmt_connection_id(ssh, remote_id, sizeof(remote_id));
+ 		logit("Timeout, client not responding from %s", remote_id);
+diff --git a/sshd_config.5 b/sshd_config.5
+index d47cb0d2..2cddbd59 100644
+--- a/sshd_config.5
++++ b/sshd_config.5
+@@ -519,6 +519,9 @@ is set to 15, and
+ .Cm ClientAliveCountMax
+ is left at the default, unresponsive SSH clients
+ will be disconnected after approximately 45 seconds.
++Setting a zero
++.Cm ClientAliveCountMax
++disables connection termination.
+ .It Cm ClientAliveInterval
+ Sets a timeout interval in seconds after which if no data has been received
+ from the client,

SOURCES/openssh-8.0p1-crypto-policies.patch

@@ -0,0 +1,424 @@
+diff -up openssh-8.0p1/ssh_config.5.crypto-policies openssh-8.0p1/ssh_config.5
+--- openssh-8.0p1/ssh_config.5.crypto-policies	2020-03-24 17:32:54.821789205 +0100
++++ openssh-8.0p1/ssh_config.5	2020-03-24 17:59:58.174122920 +0100
+@@ -357,17 +357,17 @@ or
+ .Qq *.c.example.com
+ domains.
+ .It Cm CASignatureAlgorithms
++The default is handled system-wide by
++.Xr crypto-policies 7 .
++To see the current defaults and how to modify them, see manual page
++.Xr update-crypto-policies 8 .
++.Pp
+ Specifies which algorithms are allowed for signing of certificates
+ by certificate authorities (CAs).
+-The default is:
+-.Bd -literal -offset indent
+-ecdsa-sha2-nistp256.ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,
+-ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa
+-.Ed
+-.Pp
+ .Xr ssh 1
+ will not accept host certificates signed using algorithms other than those
+ specified.
++.Pp
+ .It Cm CertificateFile
+ Specifies a file from which the user's certificate is read.
+ A corresponding private key must be provided separately in order
+@@ -420,16 +420,21 @@ If the option is set to
+ .Cm no ,
+ the check will not be executed.
+ .It Cm Ciphers
++The default is handled system-wide by
++.Xr crypto-policies 7 .
++To see the current defaults and how to modify them, see manual page
++.Xr update-crypto-policies 8 .
++.Pp
+ Specifies the ciphers allowed and their order of preference.
+ Multiple ciphers must be comma-separated.
+ If the specified value begins with a
+ .Sq +
+-character, then the specified ciphers will be appended to the default set
++character, then the specified ciphers will be appended to the built-in default set
+ instead of replacing them.
+ If the specified value begins with a
+ .Sq -
+ character, then the specified ciphers (including wildcards) will be removed
+-from the default set instead of replacing them.
++from the built-in default set instead of replacing them.
+ .Pp
+ The supported ciphers are:
+ .Bd -literal -offset indent
+@@ -445,13 +450,6 @@ aes256-gcm@openssh.com
+ chacha20-poly1305@openssh.com
+ .Ed
+ .Pp
+-The default is:
+-.Bd -literal -offset indent
+-chacha20-poly1305@openssh.com,
+-aes128-ctr,aes192-ctr,aes256-ctr,
+-aes128-gcm@openssh.com,aes256-gcm@openssh.com
+-.Ed
+-.Pp
+ The list of available ciphers may also be obtained using
+ .Qq ssh -Q cipher .
+ .It Cm ClearAllForwardings
+@@ -800,6 +798,11 @@ command line will be passed untouched to
+ The default is
+ .Dq no .
+ .It Cm GSSAPIKexAlgorithms
++The default is handled system-wide by
++.Xr crypto-policies 7 .
++To see the current defaults and how to modify them, see manual page
++.Xr update-crypto-policies 8 .
++.Pp
+ The list of key exchange algorithms that are offered for GSSAPI
+ key exchange. Possible values are
+ .Bd -literal -offset 3n
+@@ -812,9 +815,8 @@ gss-nistp256-sha256-,
+ gss-curve25519-sha256-
+ .Ed
+ .Pp
+-The default is
+-.Dq gss-group14-sha256-,gss-group16-sha512-,gss-nistp256-sha256-,gss-curve25519-sha256-,gss-group14-sha1-,gss-gex-sha1- .
+ This option only applies to connections using GSSAPI.
++.Pp
+ .It Cm HashKnownHosts
+ Indicates that
+ .Xr ssh 1
+@@ -1114,26 +1115,21 @@ it may be zero or more of:
+ and
+ .Cm pam .
+ .It Cm KexAlgorithms
++The default is handled system-wide by
++.Xr crypto-policies 7 .
++To see the current defaults and how to modify them, see manual page
++.Xr update-crypto-policies 8 .
++.Pp
+ Specifies the available KEX (Key Exchange) algorithms.
+ Multiple algorithms must be comma-separated.
+ Alternately if the specified value begins with a
+ .Sq +
+-character, then the specified methods will be appended to the default set
++character, then the specified methods will be appended to the built-in default set
+ instead of replacing them.
+ If the specified value begins with a
+ .Sq -
+ character, then the specified methods (including wildcards) will be removed
+-from the default set instead of replacing them.
+-The default is:
+-.Bd -literal -offset indent
+-curve25519-sha256,curve25519-sha256@libssh.org,
+-ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,
+-diffie-hellman-group-exchange-sha256,
+-diffie-hellman-group16-sha512,
+-diffie-hellman-group18-sha512,
+-diffie-hellman-group14-sha256,
+-diffie-hellman-group14-sha1
+-.Ed
++from the built-in default set instead of replacing them.
+ .Pp
+ The list of available key exchange algorithms may also be obtained using
+ .Qq ssh -Q kex .
+@@ -1193,33 +1189,29 @@ The default is INFO.
+ DEBUG and DEBUG1 are equivalent.
+ DEBUG2 and DEBUG3 each specify higher levels of verbose output.
+ .It Cm MACs
++The default is handled system-wide by
++.Xr crypto-policies 7 .
++To see the current defaults and how to modify them, see manual page
++.Xr update-crypto-policies 8 .
++.Pp
+ Specifies the MAC (message authentication code) algorithms
+ in order of preference.
+ The MAC algorithm is used for data integrity protection.
+ Multiple algorithms must be comma-separated.
+ If the specified value begins with a
+ .Sq +
+-character, then the specified algorithms will be appended to the default set
++character, then the specified algorithms will be appended to the built-in default set
+ instead of replacing them.
+ If the specified value begins with a
+ .Sq -
+ character, then the specified algorithms (including wildcards) will be removed
+-from the default set instead of replacing them.
++from the built-in default set instead of replacing them.
+ .Pp
+ The algorithms that contain
+ .Qq -etm
+ calculate the MAC after encryption (encrypt-then-mac).
+ These are considered safer and their use recommended.
+ .Pp
+-The default is:
+-.Bd -literal -offset indent
+-umac-64-etm@openssh.com,umac-128-etm@openssh.com,
+-hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,
+-hmac-sha1-etm@openssh.com,
+-umac-64@openssh.com,umac-128@openssh.com,
+-hmac-sha2-256,hmac-sha2-512,hmac-sha1
+-.Ed
+-.Pp
+ The list of available MAC algorithms may also be obtained using
+ .Qq ssh -Q mac .
+ .It Cm NoHostAuthenticationForLocalhost
+@@ -1352,27 +1344,21 @@ instead of continuing to execute and pas
+ The default is
+ .Cm no .
+ .It Cm PubkeyAcceptedKeyTypes
++The default is handled system-wide by
++.Xr crypto-policies 7 .
++To see the current defaults and how to modify them, see manual page
++.Xr update-crypto-policies 8 .
++.Pp
+ Specifies the key types that will be used for public key authentication
+ as a comma-separated list of patterns.
+ Alternately if the specified value begins with a
+ .Sq +
+-character, then the key types after it will be appended to the default
++character, then the key types after it will be appended to the built-in default
+ instead of replacing it.
+ If the specified value begins with a
+ .Sq -
+ character, then the specified key types (including wildcards) will be removed
+-from the default set instead of replacing them.
+-The default for this option is:
+-.Bd -literal -offset 3n
+-ecdsa-sha2-nistp256-cert-v01@openssh.com,
+-ecdsa-sha2-nistp384-cert-v01@openssh.com,
+-ecdsa-sha2-nistp521-cert-v01@openssh.com,
+-ssh-ed25519-cert-v01@openssh.com,
+-rsa-sha2-512-cert-v01@openssh.com,rsa-sha2-256-cert-v01@openssh.com,
+-ssh-rsa-cert-v01@openssh.com,
+-ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,
+-ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa
+-.Ed
++from the built-in default set instead of replacing them.
+ .Pp
+ The list of available key types may also be obtained using
+ .Qq ssh -Q key .
+diff -up openssh-8.0p1/sshd_config.5.crypto-policies openssh-8.0p1/sshd_config.5
+--- openssh-8.0p1/sshd_config.5.crypto-policies	2020-03-24 17:32:54.802788908 +0100
++++ openssh-8.0p1/sshd_config.5	2020-03-24 17:54:13.347740176 +0100
+@@ -383,16 +383,16 @@ If the argument is
+ then no banner is displayed.
+ By default, no banner is displayed.
+ .It Cm CASignatureAlgorithms
++The default is handled system-wide by
++.Xr crypto-policies 7 .
++To see the current defaults and how to modify them, see manual page
++.Xr update-crypto-policies 8 .
++.Pp
+ Specifies which algorithms are allowed for signing of certificates
+ by certificate authorities (CAs).
+-The default is:
+-.Bd -literal -offset indent
+-ecdsa-sha2-nistp256.ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,
+-ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa
+-.Ed
+-.Pp
+ Certificates signed using other algorithms will not be accepted for
+ public key or host-based authentication.
++.Pp
+ .It Cm ChallengeResponseAuthentication
+ Specifies whether challenge-response authentication is allowed (e.g. via
+ PAM or through authentication styles supported in
+@@ -454,16 +454,21 @@ The default is
+ indicating not to
+ .Xr chroot 2 .
+ .It Cm Ciphers
++The default is handled system-wide by
++.Xr crypto-policies 7 .
++To see the current defaults and how to modify them, see manual page
++.Xr update-crypto-policies 8 .
++.Pp
+ Specifies the ciphers allowed.
+ Multiple ciphers must be comma-separated.
+ If the specified value begins with a
+ .Sq +
+-character, then the specified ciphers will be appended to the default set
++character, then the specified ciphers will be appended to the built-in default set
+ instead of replacing them.
+ If the specified value begins with a
+ .Sq -
+ character, then the specified ciphers (including wildcards) will be removed
+-from the default set instead of replacing them.
++from the built-in default set instead of replacing them.
+ .Pp
+ The supported ciphers are:
+ .Pp
+@@ -490,13 +495,6 @@ aes256-gcm@openssh.com
+ chacha20-poly1305@openssh.com
+ .El
+ .Pp
+-The default is:
+-.Bd -literal -offset indent
+-chacha20-poly1305@openssh.com,
+-aes128-ctr,aes192-ctr,aes256-ctr,
+-aes128-gcm@openssh.com,aes256-gcm@openssh.com
+-.Ed
+-.Pp
+ The list of available ciphers may also be obtained using
+ .Qq ssh -Q cipher .
+ .It Cm ClientAliveCountMax
+@@ -688,6 +686,11 @@ For this to work
+ .Cm GSSAPIKeyExchange
+ needs to be enabled in the server and also used by the client.
+ .It Cm GSSAPIKexAlgorithms
++The default is handled system-wide by
++.Xr crypto-policies 7 .
++To see the current defaults and how to modify them, see manual page
++.Xr update-crypto-policies 8 .
++.Pp
+ The list of key exchange algorithms that are accepted by GSSAPI
+ key exchange. Possible values are
+ .Bd -literal -offset 3n
+@@ -700,8 +703,6 @@ gss-nistp256-sha256-,
+ gss-curve25519-sha256-
+ .Ed
+ .Pp
+-The default is
+-.Dq gss-group14-sha256-,gss-group16-sha512-,gss-nistp256-sha256-,gss-curve25519-sha256-,gss-group14-sha1-,gss-gex-sha1- .
+ This option only applies to connections using GSSAPI.
+ .It Cm HostbasedAcceptedKeyTypes
+ Specifies the key types that will be accepted for hostbased authentication
+@@ -791,19 +791,13 @@ is specified, the location of the socket
+ .Ev SSH_AUTH_SOCK
+ environment variable.
+ .It Cm HostKeyAlgorithms
++The default is handled system-wide by
++.Xr crypto-policies 7 .
++To see the current defaults and how to modify them, see manual page
++.Xr update-crypto-policies 8 .
++.Pp
+ Specifies the host key algorithms
+ that the server offers.
+-The default for this option is:
+-.Bd -literal -offset 3n
+-ecdsa-sha2-nistp256-cert-v01@openssh.com,
+-ecdsa-sha2-nistp384-cert-v01@openssh.com,
+-ecdsa-sha2-nistp521-cert-v01@openssh.com,
+-ssh-ed25519-cert-v01@openssh.com,
+-rsa-sha2-512-cert-v01@openssh.com,rsa-sha2-256-cert-v01@openssh.com,
+-ssh-rsa-cert-v01@openssh.com,
+-ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,
+-ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa
+-.Ed
+ .Pp
+ The list of available key types may also be obtained using
+ .Qq ssh -Q key .
+@@ -922,16 +916,21 @@ Specifies whether to look at .k5login fi
+ The default is
+ .Cm yes .
+ .It Cm KexAlgorithms
++The default is handled system-wide by
++.Xr crypto-policies 7 .
++To see the current defaults and how to modify them, see manual page
++.Xr update-crypto-policies 8 .
++.Pp
+ Specifies the available KEX (Key Exchange) algorithms.
+ Multiple algorithms must be comma-separated.
+ Alternately if the specified value begins with a
+ .Sq +
+-character, then the specified methods will be appended to the default set
++character, then the specified methods will be appended to the built-in default set
+ instead of replacing them.
+ If the specified value begins with a
+ .Sq -
+ character, then the specified methods (including wildcards) will be removed
+-from the default set instead of replacing them.
++from the built-in default set instead of replacing them.
+ The supported algorithms are:
+ .Pp
+ .Bl -item -compact -offset indent
+@@ -961,15 +960,6 @@ ecdh-sha2-nistp384
+ ecdh-sha2-nistp521
+ .El
+ .Pp
+-The default is:
+-.Bd -literal -offset indent
+-curve25519-sha256,curve25519-sha256@libssh.org,
+-ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,
+-diffie-hellman-group-exchange-sha256,
+-diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,
+-diffie-hellman-group14-sha256,diffie-hellman-group14-sha1
+-.Ed
+-.Pp
+ The list of available key exchange algorithms may also be obtained using
+ .Qq ssh -Q kex .
+ .It Cm ListenAddress
+@@ -1038,17 +1028,22 @@ DEBUG and DEBUG1 are equivalent.
+ DEBUG2 and DEBUG3 each specify higher levels of debugging output.
+ Logging with a DEBUG level violates the privacy of users and is not recommended.
+ .It Cm MACs
++The default is handled system-wide by
++.Xr crypto-policies 7 .
++To see the current defaults and how to modify them, see manual page
++.Xr update-crypto-policies 8 .
++.Pp
+ Specifies the available MAC (message authentication code) algorithms.
+ The MAC algorithm is used for data integrity protection.
+ Multiple algorithms must be comma-separated.
+ If the specified value begins with a
+ .Sq +
+-character, then the specified algorithms will be appended to the default set
++character, then the specified algorithms will be appended to the built-in default set
+ instead of replacing them.
+ If the specified value begins with a
+ .Sq -
+ character, then the specified algorithms (including wildcards) will be removed
+-from the default set instead of replacing them.
++from the built-in default set instead of replacing them.
+ .Pp
+ The algorithms that contain
+ .Qq -etm
+@@ -1091,15 +1086,6 @@ umac-64-etm@openssh.com
+ umac-128-etm@openssh.com
+ .El
+ .Pp
+-The default is:
+-.Bd -literal -offset indent
+-umac-64-etm@openssh.com,umac-128-etm@openssh.com,
+-hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,
+-hmac-sha1-etm@openssh.com,
+-umac-64@openssh.com,umac-128@openssh.com,
+-hmac-sha2-256,hmac-sha2-512,hmac-sha1
+-.Ed
+-.Pp
+ The list of available MAC algorithms may also be obtained using
+ .Qq ssh -Q mac .
+ .It Cm Match
+@@ -1446,27 +1432,21 @@ or equivalent.)
+ The default is
+ .Cm yes .
+ .It Cm PubkeyAcceptedKeyTypes
++The default is handled system-wide by
++.Xr crypto-policies 7 .
++To see the current defaults and how to modify them, see manual page
++.Xr update-crypto-policies 8 .
++.Pp
+ Specifies the key types that will be accepted for public key authentication
+ as a list of comma-separated patterns.
+ Alternately if the specified value begins with a
+ .Sq +
+-character, then the specified key types will be appended to the default set
++character, then the specified key types will be appended to the built-in default set
+ instead of replacing them.
+ If the specified value begins with a
+ .Sq -
+ character, then the specified key types (including wildcards) will be removed
+-from the default set instead of replacing them.
+-The default for this option is:
+-.Bd -literal -offset 3n
+-ecdsa-sha2-nistp256-cert-v01@openssh.com,
+-ecdsa-sha2-nistp384-cert-v01@openssh.com,
+-ecdsa-sha2-nistp521-cert-v01@openssh.com,
+-ssh-ed25519-cert-v01@openssh.com,
+-rsa-sha2-512-cert-v01@openssh.com,rsa-sha2-256-cert-v01@openssh.com,
+-ssh-rsa-cert-v01@openssh.com,
+-ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,
+-ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa
+-.Ed
++from the built-in default set instead of replacing them.
+ .Pp
+ The list of available key types may also be obtained using
+ .Qq ssh -Q key .

SOURCES/openssh-8.0p1-crypto-policy-doc.patch

@@ -0,0 +1,25 @@
+diff --color -ru a/sshd.8 b/sshd.8
+--- a/sshd.8	2022-05-31 13:39:10.231843926 +0200
++++ b/sshd.8	2022-05-31 14:34:01.460815420 +0200
+@@ -78,6 +78,7 @@
+ .Xr sshd_config 5 ) ;
+ command-line options override values specified in the
+ configuration file.
++This mechanism is used by systemd to apply system-wide crypto-policies to ssh server.
+ .Nm
+ rereads its configuration file when it receives a hangup signal,
+ .Dv SIGHUP ,
+@@ -207,6 +208,13 @@
+ rules may be applied by specifying the connection parameters using one or more
+ .Fl C
+ options.
++The configuration does not contain the system-wide crypto-policy configuration.
++To show the most accurate runtime configuration, use:
++.Bd -literal -offset 3n
++source /etc/crypto-policies/back-ends/opensshserver.config
++source /etc/sysconfig/sshd
++sshd -T $OPTIONS $CRYPTO_POLICY
++.Ed
+ .It Fl t
+ Test mode.
+ Only check the validity of the configuration file and sanity of the keys.

SOURCES/openssh-8.0p1-cve-2020-14145.patch

@@ -0,0 +1,127 @@
+diff -up openssh-8.0p1/hostfile.c.cve-2020-14145 openssh-8.0p1/hostfile.c
+--- openssh-8.0p1/hostfile.c.cve-2020-14145	2019-04-18 00:52:57.000000000 +0200
++++ openssh-8.0p1/hostfile.c	2021-05-17 16:53:38.694577251 +0200
+@@ -409,6 +409,18 @@ lookup_key_in_hostkeys_by_type(struct ho
+ 	    found) == HOST_FOUND);
+ }
+ 
++int
++lookup_marker_in_hostkeys(struct hostkeys *hostkeys, int want_marker)
++{
++	u_int i;
++
++	for (i = 0; i < hostkeys->num_entries; i++) {
++		if (hostkeys->entries[i].marker == (HostkeyMarker)want_marker)
++			return 1;
++	}
++	return 0;
++}
++
+ static int
+ write_host_entry(FILE *f, const char *host, const char *ip,
+     const struct sshkey *key, int store_hash)
+diff -up openssh-8.0p1/hostfile.h.cve-2020-14145 openssh-8.0p1/hostfile.h
+--- openssh-8.0p1/hostfile.h.cve-2020-14145	2019-04-18 00:52:57.000000000 +0200
++++ openssh-8.0p1/hostfile.h	2021-05-17 16:53:38.694577251 +0200
+@@ -39,6 +39,7 @@ HostStatus check_key_in_hostkeys(struct
+     const struct hostkey_entry **);
+ int	 lookup_key_in_hostkeys_by_type(struct hostkeys *, int,
+     const struct hostkey_entry **);
++int	 lookup_marker_in_hostkeys(struct hostkeys *, int);
+ 
+ int	 hostfile_read_key(char **, u_int *, struct sshkey *);
+ int	 add_host_to_hostfile(const char *, const char *,
+diff -up openssh-8.0p1/sshconnect2.c.cve-2020-14145 openssh-8.0p1/sshconnect2.c
+--- openssh-8.0p1/sshconnect2.c.cve-2020-14145	2021-05-17 16:53:38.610576561 +0200
++++ openssh-8.0p1/sshconnect2.c	2021-05-17 16:54:58.169230103 +0200
+@@ -98,12 +98,25 @@ verify_host_key_callback(struct sshkey *
+ 	return 0;
+ }
+ 
++/* Returns the first item from a comma-separated algorithm list */
++static char *
++first_alg(const char *algs)
++{
++	char *ret, *cp;
++
++	ret = xstrdup(algs);
++	if ((cp = strchr(ret, ',')) != NULL)
++		*cp = '\0';
++	return ret;
++}
++
+ static char *
+ order_hostkeyalgs(char *host, struct sockaddr *hostaddr, u_short port)
+ {
+-	char *oavail, *avail, *first, *last, *alg, *hostname, *ret;
++	char *oavail = NULL, *avail = NULL, *first = NULL, *last = NULL;
++	char *alg = NULL, *hostname = NULL, *ret = NULL, *best = NULL;
+ 	size_t maxlen;
+-	struct hostkeys *hostkeys;
++	struct hostkeys *hostkeys = NULL;
+ 	int ktype;
+ 	u_int i;
+ 
+@@ -115,6 +128,26 @@ order_hostkeyalgs(char *host, struct soc
+ 	for (i = 0; i < options.num_system_hostfiles; i++)
+ 		load_hostkeys(hostkeys, hostname, options.system_hostfiles[i]);
+ 
++	/*
++	 * If a plain public key exists that matches the type of the best
++	 * preference HostkeyAlgorithms, then use the whole list as is.
++	 * Note that we ignore whether the best preference algorithm is a
++	 * certificate type, as sshconnect.c will downgrade certs to
++	 * plain keys if necessary.
++	 */
++	best = first_alg(options.hostkeyalgorithms);
++	if (lookup_key_in_hostkeys_by_type(hostkeys,
++	    sshkey_type_plain(sshkey_type_from_name(best)), NULL)) {
++		debug3("%s: have matching best-preference key type %s, "
++		    "using HostkeyAlgorithms verbatim", __func__, best);
++		ret = xstrdup(options.hostkeyalgorithms);
++		goto out;
++	}
++
++	/*
++	 * Otherwise, prefer the host key algorithms that match known keys
++	 * while keeping the ordering of HostkeyAlgorithms as much as possible.
++	 */
+ 	oavail = avail = xstrdup(KEX_DEFAULT_PK_ALG);
+ 	maxlen = strlen(avail) + 1;
+ 	first = xmalloc(maxlen);
+@@ -131,11 +164,23 @@ order_hostkeyalgs(char *host, struct soc
+ 	while ((alg = strsep(&avail, ",")) && *alg != '\0') {
+ 		if ((ktype = sshkey_type_from_name(alg)) == KEY_UNSPEC)
+ 			fatal("%s: unknown alg %s", __func__, alg);
++		/*
++		 * If we have a @cert-authority marker in known_hosts then
++		 * prefer all certificate algorithms.
++		 */
++		if (sshkey_type_is_cert(ktype) &&
++		    lookup_marker_in_hostkeys(hostkeys, MRK_CA)) {
++			ALG_APPEND(first, alg);
++			continue;
++		}
++		/* If the key appears in known_hosts then prefer it */
+ 		if (lookup_key_in_hostkeys_by_type(hostkeys,
+-		    sshkey_type_plain(ktype), NULL))
++		    sshkey_type_plain(ktype), NULL)) {
+ 			ALG_APPEND(first, alg);
+-		else
+-			ALG_APPEND(last, alg);
++			continue;
++		}
++		/* Otherwise, put it last */
++		ALG_APPEND(last, alg);
+ 	}
+ #undef ALG_APPEND
+ 	xasprintf(&ret, "%s%s%s", first,
+@@ -143,6 +188,8 @@ order_hostkeyalgs(char *host, struct soc
+ 	if (*first != '\0')
+ 		debug3("%s: prefer hostkeyalgs: %s", __func__, first);
+ 
++ out:
++	free(best);
+ 	free(first);
+ 	free(last);
+ 	free(hostname);

SOURCES/openssh-8.0p1-entropy.patch

@@ -0,0 +1,302 @@
+diff --git a/entropy.c b/entropy.c
+index 2d483b3..b361a04 100644
+--- a/entropy.c
++++ b/entropy.c
+@@ -234,6 +234,9 @@ seed_rng(void)
+ 	}
+ #endif /* OPENSSL_PRNG_ONLY */
+ 
++#ifdef __linux__
++	linux_seed();
++#endif /* __linux__ */
+ 	if (RAND_status() != 1)
+ 		fatal("PRNG is not seeded");
+ 
+diff --git a/openbsd-compat/Makefile.in b/openbsd-compat/Makefile.in
+index b912dbe..9206337 100644
+--- a/openbsd-compat/Makefile.in
++++ b/openbsd-compat/Makefile.in
+@@ -20,6 +20,7 @@ OPENBSD=base64.o basename.o bcrypt_pbkdf.o bindresvport.o blowfish.o daemon.o di
+ 	port-solaris.o \
+ 	port-net.o \
+ 	port-uw.o \
++	port-linux-prng.o \
+ 	port-linux-sshd.o
+ 
+ .c.o:
+diff -up openssh-7.4p1/openbsd-compat/port-linux.h.entropy openssh-7.4p1/openbsd-compat/port-linux.h
+--- openssh-7.4p1/openbsd-compat/port-linux.h.entropy	2016-12-23 18:34:27.747753563 +0100
++++ openssh-7.4p1/openbsd-compat/port-linux.h	2016-12-23 18:34:27.769753570 +0100
+@@ -34,4 +34,6 @@ void oom_adjust_restore(void);
+ void oom_adjust_setup(void);
+ #endif
+ 
++void linux_seed(void);
++
+ #endif /* ! _PORT_LINUX_H */
+diff --git a/openbsd-compat/port-linux-prng.c b/openbsd-compat/port-linux-prng.c
+new file mode 100644
+index 0000000..92a617c
+--- /dev/null
++++ b/openbsd-compat/port-linux-prng.c
+@@ -0,0 +1,78 @@
++/*
++ * Copyright (c) 2011 - 2020 Red Hat, Inc.
++ *
++ * Authors:
++ *  Jan F. Chadima <jchadima@redhat.com>
++ *  Jakub Jelen <jjelen@redhat.com>
++ *
++ * Permission to use, copy, modify, and distribute this software for any
++ * purpose with or without fee is hereby granted, provided that the above
++ * copyright notice and this permission notice appear in all copies.
++ *
++ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
++ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
++ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
++ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
++ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
++ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
++ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
++ */
++
++/*
++ * Linux-specific portability code - prng support
++ */
++
++#include "includes.h"
++
++#include <errno.h>
++#include <string.h>
++#include <openssl/rand.h>
++#include <sys/random.h>
++
++#include "log.h"
++
++void
++linux_seed(void)
++{
++	char *env = NULL;
++	size_t randlen = 14, left;
++	unsigned int flags = 0;
++	unsigned char buf[256], *p;
++
++	env = getenv("SSH_USE_STRONG_RNG");
++	if (env && strcmp(env, "0") != 0) {
++		size_t ienv = atoi(env);
++
++		/* Max on buffer length */
++		if (ienv > sizeof(buf))
++			ienv = sizeof(buf);
++		/* Minimum is always 14 B */
++		if (ienv > randlen)
++			randlen = ienv;
++		flags = GRND_RANDOM;
++	}
++
++	errno = 0;
++	left = randlen;
++	p = buf;
++	do {
++		ssize_t len = getrandom(p, left, flags);
++		if (len == -1) {
++			if (errno != EINTR) {
++				if (flags) {
++					/* With the variable present, this is fatal error */
++					fatal("Failed to seed from getrandom: %s", strerror(errno));
++				} else {
++					/* Otherwise we log the issue drop out from here */
++					debug("Failed to seed from getrandom: %s", strerror(errno));
++					return;
++				}
++			}
++		} else if (len > 0) {
++			left -= len;
++			p += len;
++		}
++	} while (left > 0);
++
++	RAND_seed(buf, randlen);
++}
+diff --git a/ssh-add.1 b/ssh-add.1
+index 4812448..16305bf 100644
+--- a/ssh-add.1
++++ b/ssh-add.1
+@@ -161,6 +161,22 @@ to make this work.)
+ Identifies the path of a
+ .Ux Ns -domain
+ socket used to communicate with the agent.
++.It Ev SSH_USE_STRONG_RNG
++The reseeding of the OpenSSL random generator is usually done from
++.Cm getrandom(1)
++without any specific flags.
++If the
++.Cm SSH_USE_STRONG_RNG
++environment variable is set to value other than
++.Cm 0
++the OpenSSL random generator is reseeded from
++.Cm getrandom(1)
++with GRND_RANDOM flag specified.
++The number of bytes read is defined by the SSH_USE_STRONG_RNG value.
++Minimum is 14 bytes.
++This setting is not recommended on the computers without the hardware
++random generator because insufficient entropy causes the connection to
++be blocked until enough entropy is available.
+ .El
+ .Sh FILES
+ .Bl -tag -width Ds
+diff --git a/ssh-agent.1 b/ssh-agent.1
+index 281ecbd..1a9a635 100644
+--- a/ssh-agent.1
++++ b/ssh-agent.1
+@@ -201,6 +201,26 @@ sockets used to contain the connection to the authentication agent.
+ These sockets should only be readable by the owner.
+ The sockets should get automatically removed when the agent exits.
+ .El
++.Sh ENVIRONMENT
++.Bl -tag -width Ds -compact
++.Pp
++.It Pa SSH_USE_STRONG_RNG
++The reseeding of the OpenSSL random generator is usually done from
++.Cm getrandom(1)
++without any specific flags.
++If the
++.Cm SSH_USE_STRONG_RNG
++environment variable is set to value other than
++.Cm 0
++the OpenSSL random generator is reseeded from
++.Cm getrandom(1)
++with GRND_RANDOM flag specified.
++The number of bytes read is defined by the SSH_USE_STRONG_RNG value.
++Minimum is 14 bytes.
++This setting is not recommended on the computers without the hardware
++random generator because insufficient entropy causes the connection to
++be blocked until enough entropy is available.
++.El
+ .Sh SEE ALSO
+ .Xr ssh 1 ,
+ .Xr ssh-add 1 ,
+diff --git a/ssh-keygen.1 b/ssh-keygen.1
+index 12e00d4..1b51a4a 100644
+--- a/ssh-keygen.1
++++ b/ssh-keygen.1
+@@ -832,6 +832,26 @@ Contains Diffie-Hellman groups used for DH-GEX.
+ The file format is described in
+ .Xr moduli 5 .
+ .El
++.Sh ENVIRONMENT
++.Bl -tag -width Ds -compact
++.Pp
++.It Pa SSH_USE_STRONG_RNG
++The reseeding of the OpenSSL random generator is usually done from
++.Cm getrandom(1)
++without any specific flags.
++If the
++.Cm SSH_USE_STRONG_RNG
++environment variable is set to value other than
++.Cm 0
++the OpenSSL random generator is reseeded from
++.Cm getrandom(1)
++with GRND_RANDOM flag specified.
++The number of bytes read is defined by the SSH_USE_STRONG_RNG value.
++Minimum is 14 bytes.
++This setting is not recommended on the computers without the hardware
++random generator because insufficient entropy causes the connection to
++be blocked until enough entropy is available.
++.El
+ .Sh SEE ALSO
+ .Xr ssh 1 ,
+ .Xr ssh-add 1 ,
+diff --git a/ssh-keysign.8 b/ssh-keysign.8
+index 69d0829..02d79f8 100644
+--- a/ssh-keysign.8
++++ b/ssh-keysign.8
+@@ -80,6 +80,26 @@ must be set-uid root if host-based authentication is used.
+ If these files exist they are assumed to contain public certificate
+ information corresponding with the private keys above.
+ .El
++.Sh ENVIRONMENT
++.Bl -tag -width Ds -compact
++.Pp
++.It Pa SSH_USE_STRONG_RNG
++The reseeding of the OpenSSL random generator is usually done from
++.Cm getrandom(1)
++without any specific flags.
++If the
++.Cm SSH_USE_STRONG_RNG
++environment variable is set to value other than
++.Cm 0
++the OpenSSL random generator is reseeded from
++.Cm getrandom(1)
++with GRND_RANDOM flag specified.
++The number of bytes read is defined by the SSH_USE_STRONG_RNG value.
++Minimum is 14 bytes.
++This setting is not recommended on the computers without the hardware
++random generator because insufficient entropy causes the connection to
++be blocked until enough entropy is available.
++.El
+ .Sh SEE ALSO
+ .Xr ssh 1 ,
+ .Xr ssh-keygen 1 ,
+diff --git a/ssh.1 b/ssh.1
+index 929904b..f65e42f 100644
+--- a/ssh.1
++++ b/ssh.1
+@@ -1309,6 +1309,25 @@ For more information, see the
+ .Cm PermitUserEnvironment
+ option in
+ .Xr sshd_config 5 .
++.Bl -tag -width "SSH_ORIGINAL_COMMAND"
++.Pp
++.It Ev SSH_USE_STRONG_RNG
++The reseeding of the OpenSSL random generator is usually done from
++.Cm getrandom(1)
++without any specific flags.
++If the
++.Cm SSH_USE_STRONG_RNG
++environment variable is set to value other than
++.Cm 0
++the OpenSSL random generator is reseeded from
++.Cm getrandom(1)
++with GRND_RANDOM flag specified.
++The number of bytes read is defined by the SSH_USE_STRONG_RNG value.
++Minimum is 14 bytes.
++This setting is not recommended on the computers without the hardware
++random generator because insufficient entropy causes the connection to
++be blocked until enough entropy is available.
++.El
+ .Sh FILES
+ .Bl -tag -width Ds -compact
+ .It Pa ~/.rhosts
+diff --git a/sshd.8 b/sshd.8
+index c2c237f..058d37a 100644
+--- a/sshd.8
++++ b/sshd.8
+@@ -951,6 +951,26 @@ concurrently for different ports, this contains the process ID of the one
+ started last).
+ The content of this file is not sensitive; it can be world-readable.
+ .El
++.Sh ENVIRONMENT
++.Bl -tag -width Ds -compact
++.Pp
++.It Ev SSH_USE_STRONG_RNG
++The reseeding of the OpenSSL random generator is usually done from
++.Cm getrandom(1)
++without any specific flags.
++If the
++.Cm SSH_USE_STRONG_RNG
++environment variable is set to value other than
++.Cm 0
++the OpenSSL random generator is reseeded from
++.Cm getrandom(1)
++with GRND_RANDOM flag specified.
++The number of bytes read is defined by the SSH_USE_STRONG_RNG value.
++Minimum is 14 bytes.
++This setting is not recommended on the computers without the hardware
++random generator because insufficient entropy causes the connection to
++be blocked until enough entropy is available.
++.El
+ .Sh IPV6
+ IPv6 address can be used everywhere where IPv4 address. In all entries must be the IPv6 address enclosed in square brackets. Note: The square brackets are metacharacters for the shell and must be escaped in shell.
+ .Sh SEE ALSO
+

SOURCES/openssh-8.0p1-ipv6-process.patch

@@ -0,0 +1,27 @@
+diff --git a/sftp.c b/sftp.c
+index 04881c83..03c7a5c7 100644
+--- a/sftp.c
++++ b/sftp.c
+@@ -2527,12 +2527,17 @@ main(int argc, char **argv)
+ 				port = tmp;
+ 			break;
+ 		default:
++			/* Try with user, host and path. */
+ 			if (parse_user_host_path(*argv, &user, &host,
+-			    &file1) == -1) {
+-				/* Treat as a plain hostname. */
+-				host = xstrdup(*argv);
+-				host = cleanhostname(host);
+-			}
++			    &file1) == 0)
++				break;
++			/* Try with user and host. */
++			if (parse_user_host_port(*argv, &user, &host, NULL)
++			    == 0)
++				break;
++			/* Treat as a plain hostname. */
++			host = xstrdup(*argv);
++			host = cleanhostname(host);
+ 			break;
+ 		}
+ 		file2 = *(argv + 1);

SOURCES/openssh-8.0p1-keygen-sha2.patch

@@ -0,0 +1,107 @@
+From 4a41d245d6b13bd3882c8dc058dbd2e2b39a9f67 Mon Sep 17 00:00:00 2001
+From: "djm@openbsd.org" <djm@openbsd.org>
+Date: Fri, 24 Jan 2020 00:27:04 +0000
+Subject: [PATCH] upstream: when signing a certificate with an RSA key, default
+ to
+
+a safe signature algorithm (rsa-sha-512) if not is explicitly specified by
+the user; ok markus@
+
+OpenBSD-Commit-ID: e05f638f0be6c0266e1d3d799716b461011e83a9
+---
+ ssh-keygen.c | 14 +++++++++-----
+ 1 file changed, 9 insertions(+), 5 deletions(-)
+
+diff --git a/ssh-keygen.c b/ssh-keygen.c
+index 564c3c481..f2192edb9 100644
+--- a/ssh-keygen.c
++++ b/ssh-keygen.c
+@@ -1788,10 +1788,14 @@ do_ca_sign(struct passwd *pw, const char *ca_key_path, int prefer_agent,
+ 	}
+ 	free(tmp);
+ 
+-	if (key_type_name != NULL &&
+-	    sshkey_type_from_name(key_type_name) != ca->type)  {
+-		fatal("CA key type %s doesn't match specified %s",
+-		    sshkey_ssh_name(ca), key_type_name);
++	if (key_type_name != NULL) {
++		if (sshkey_type_from_name(key_type_name) != ca->type) {
++			fatal("CA key type %s doesn't match specified %s",
++			    sshkey_ssh_name(ca), key_type_name);
++		}
++	} else if (ca->type == KEY_RSA) {
++		/* Default to a good signature algorithm */
++		key_type_name = "rsa-sha2-512";
+ 	}
+ 
+ 	for (i = 0; i < argc; i++) {
+
+From 476e3551b2952ef73acc43d995e832539bf9bc4d Mon Sep 17 00:00:00 2001
+From: "djm@openbsd.org" <djm@openbsd.org>
+Date: Mon, 20 May 2019 00:20:35 +0000
+Subject: [PATCH] upstream: When signing certificates with an RSA key, default
+ to
+
+using the rsa-sha2-512 signature algorithm. Certificates signed by RSA keys
+will therefore be incompatible with OpenSSH < 7.2 unless the default is
+overridden.
+
+Document the ability of the ssh-keygen -t flag to override the
+signature algorithm when signing certificates, and the new default.
+
+ok deraadt@
+
+OpenBSD-Commit-ID: 400c9c15013978204c2cb80f294b03ae4cfc8b95
+---
+ ssh-keygen.1 | 13 +++++++++++--
+ sshkey.c     |  9 ++++++++-
+ 2 files changed, 19 insertions(+), 3 deletions(-)
+
+diff --git a/ssh-keygen.1 b/ssh-keygen.1
+index f29774249..673bf6e2f 100644
+--- a/ssh-keygen.1
++++ b/ssh-keygen.1
+@@ -35,7 +35,7 @@
+ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+ .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ .\"
+-.Dd $Mdocdate: March 5 2019 $
++.Dd $Mdocdate: May 20 2019 $
+ .Dt SSH-KEYGEN 1
+ .Os
+ .Sh NAME
+@@ -577,6 +577,15 @@ The possible values are
+ .Dq ed25519 ,
+ or
+ .Dq rsa .
++.Pp
++This flag may also be used to specify the desired signature type when
++signing certificates using a RSA CA key.
++The available RSA signature variants are
++.Dq ssh-rsa
++(SHA1 signatures, not recommended),
++.Dq rsa-sha2-256
++.Dq rsa-sha2-512
++(the default).
+ .It Fl U
+ When used in combination with
+ .Fl s ,
+diff --git a/sshkey.c b/sshkey.c
+index 9849cb237..379a579cf 100644
+--- a/sshkey.c
++++ b/sshkey.c
+@@ -2528,6 +2528,13 @@ sshkey_certify_custom(struct sshkey *k, struct sshkey *ca, const char *alg,
+ 	    strcmp(alg, k->cert->signature_type) != 0)
+ 		return SSH_ERR_INVALID_ARGUMENT;
+ 
++	/*
++	 * If no signing algorithm or signature_type was specified and we're
++	 * using a RSA key, then default to a good signature algorithm.
++	 */
++	if (alg == NULL && ca->type == KEY_RSA)
++		alg = "rsa-sha2-512";
++
+ 	if ((ret = sshkey_to_blob(ca, &ca_blob, &ca_len)) != 0)
+ 		return SSH_ERR_KEY_CERT_INVALID_SIGN_KEY;
+ 
+

SOURCES/openssh-8.0p1-keyscan-rsa-sha2.patch

@@ -0,0 +1,33 @@
+From 7250879c72d28275a53f2f220e49646c3e42ef18 Mon Sep 17 00:00:00 2001
+From: "djm@openbsd.org" <djm@openbsd.org>
+Date: Fri, 12 Jul 2019 04:08:39 +0000
+Subject: [PATCH] upstream: include SHA2-variant RSA key algorithms in KEX
+ proposal;
+
+allows ssh-keyscan to harvest keys from servers that disable olde SHA1
+ssh-rsa. bz#3029 from Jakub Jelen
+
+OpenBSD-Commit-ID: 9f95ebf76a150c2f727ca4780fb2599d50bbab7a
+---
+ ssh-keyscan.c | 9 +++++++--
+ 1 file changed, 7 insertions(+), 2 deletions(-)
+
+diff --git a/ssh-keyscan.c b/ssh-keyscan.c
+index d95ba1b37..d383b57b9 100644
+--- a/ssh-keyscan.c
++++ b/ssh-keyscan.c
+@@ -233,7 +233,12 @@ keygrab_ssh2(con *c)
+ 		break;
+ 	case KT_RSA:
+ 		myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = get_cert ?
+-		    "ssh-rsa-cert-v01@openssh.com" : "ssh-rsa";
++		    "rsa-sha2-512-cert-v01@openssh.com,"
++		    "rsa-sha2-256-cert-v01@openssh.com,"
++		    "ssh-rsa-cert-v01@openssh.com" :
++		    "rsa-sha2-512,"
++		    "rsa-sha2-256,"
++		    "ssh-rsa";
+ 		break;
+ 	case KT_ED25519:
+ 		myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = get_cert ?
+

SOURCES/openssh-8.0p1-openssl-evp.patch

@@ -0,0 +1,720 @@
+From ed7ec0cdf577ffbb0b15145340cf51596ca3eb89 Mon Sep 17 00:00:00 2001
+From: Jakub Jelen <jjelen@redhat.com>
+Date: Tue, 14 May 2019 10:45:45 +0200
+Subject: [PATCH] Use high-level OpenSSL API for signatures
+
+---
+ digest-openssl.c |  16 ++++
+ digest.h         |   6 ++
+ ssh-dss.c        |  65 ++++++++++------
+ ssh-ecdsa.c      |  69 ++++++++++-------
+ ssh-rsa.c        | 193 +++++++++--------------------------------------
+ sshkey.c         |  77 +++++++++++++++++++
+ sshkey.h         |   4 +
+ 7 files changed, 221 insertions(+), 209 deletions(-)
+
+diff --git a/digest-openssl.c b/digest-openssl.c
+index da7ed72bc..6a21d8adb 100644
+--- a/digest-openssl.c
++++ b/digest-openssl.c
+@@ -63,6 +63,22 @@ const struct ssh_digest digests[] = {
+ 	{ -1,			NULL,		0,	NULL },
+ };
+ 
++const EVP_MD *
++ssh_digest_to_md(int digest_type)
++{
++	switch (digest_type) {
++	case SSH_DIGEST_SHA1:
++		return EVP_sha1();
++	case SSH_DIGEST_SHA256:
++		return EVP_sha256();
++	case SSH_DIGEST_SHA384:
++		return EVP_sha384();
++	case SSH_DIGEST_SHA512:
++		return EVP_sha512();
++	}
++	return NULL;
++}
++
+ static const struct ssh_digest *
+ ssh_digest_by_alg(int alg)
+ {
+diff --git a/digest.h b/digest.h
+index 274574d0e..c7ceeb36f 100644
+--- a/digest.h
++++ b/digest.h
+@@ -32,6 +32,12 @@
+ struct sshbuf;
+ struct ssh_digest_ctx;
+ 
++#ifdef WITH_OPENSSL
++#include <openssl/evp.h>
++/* Converts internal digest representation to the OpenSSL one */
++const EVP_MD *ssh_digest_to_md(int digest_type);
++#endif
++
+ /* Looks up a digest algorithm by name */
+ int ssh_digest_alg_by_name(const char *name);
+ 
+diff --git a/ssh-dss.c b/ssh-dss.c
+index a23c383dc..ea45e7275 100644
+--- a/ssh-dss.c
++++ b/ssh-dss.c
+@@ -52,11 +52,15 @@ int
+ ssh_dss_sign(const struct sshkey *key, u_char **sigp, size_t *lenp,
+     const u_char *data, size_t datalen, u_int compat)
+ {
++	EVP_PKEY *pkey = NULL;
+ 	DSA_SIG *sig = NULL;
+ 	const BIGNUM *sig_r, *sig_s;
+-	u_char digest[SSH_DIGEST_MAX_LENGTH], sigblob[SIGBLOB_LEN];
+-	size_t rlen, slen, len, dlen = ssh_digest_bytes(SSH_DIGEST_SHA1);
++	u_char sigblob[SIGBLOB_LEN];
++	size_t rlen, slen;
++	int len;
+ 	struct sshbuf *b = NULL;
++	u_char *sigb = NULL;
++	const u_char *psig = NULL;
+ 	int ret = SSH_ERR_INVALID_ARGUMENT;
+ 
+ 	if (lenp != NULL)
+@@ -67,17 +71,24 @@ ssh_dss_sign(const struct sshkey *key, u_char **sigp, size_t *lenp,
+ 	if (key == NULL || key->dsa == NULL ||
+ 	    sshkey_type_plain(key->type) != KEY_DSA)
+ 		return SSH_ERR_INVALID_ARGUMENT;
+-	if (dlen == 0)
+-		return SSH_ERR_INTERNAL_ERROR;
+ 
+-	if ((ret = ssh_digest_memory(SSH_DIGEST_SHA1, data, datalen,
+-	    digest, sizeof(digest))) != 0)
++	if ((pkey = EVP_PKEY_new()) == NULL ||
++	    EVP_PKEY_set1_DSA(pkey, key->dsa) != 1)
++		return SSH_ERR_ALLOC_FAIL;
++	ret = sshkey_calculate_signature(pkey, SSH_DIGEST_SHA1, &sigb, &len,
++	    data, datalen);
++	EVP_PKEY_free(pkey);
++	if (ret < 0) {
+ 		goto out;
++	}
+ 
+-	if ((sig = DSA_do_sign(digest, dlen, key->dsa)) == NULL) {
++	psig = sigb;
++	if ((sig = d2i_DSA_SIG(NULL, &psig, len)) == NULL) {
+ 		ret = SSH_ERR_LIBCRYPTO_ERROR;
+ 		goto out;
+ 	}
++	free(sigb);
++	sigb = NULL;
+ 
+ 	DSA_SIG_get0(sig, &sig_r, &sig_s);
+ 	rlen = BN_num_bytes(sig_r);
+@@ -110,7 +121,7 @@ ssh_dss_sign(const struct sshkey *key, u_char **sigp, size_t *lenp,
+ 		*lenp = len;
+ 	ret = 0;
+  out:
+-	explicit_bzero(digest, sizeof(digest));
++	free(sigb);
+ 	DSA_SIG_free(sig);
+ 	sshbuf_free(b);
+ 	return ret;
+@@ -121,20 +132,20 @@ ssh_dss_verify(const struct sshkey *key,
+     const u_char *signature, size_t signaturelen,
+     const u_char *data, size_t datalen, u_int compat)
+ {
++	EVP_PKEY *pkey = NULL;
+ 	DSA_SIG *sig = NULL;
+ 	BIGNUM *sig_r = NULL, *sig_s = NULL;
+-	u_char digest[SSH_DIGEST_MAX_LENGTH], *sigblob = NULL;
+-	size_t len, dlen = ssh_digest_bytes(SSH_DIGEST_SHA1);
++	u_char *sigblob = NULL;
++	size_t len, slen;
+ 	int ret = SSH_ERR_INTERNAL_ERROR;
+ 	struct sshbuf *b = NULL;
+ 	char *ktype = NULL;
++	u_char *sigb = NULL, *psig = NULL;
+ 
+ 	if (key == NULL || key->dsa == NULL ||
+ 	    sshkey_type_plain(key->type) != KEY_DSA ||
+ 	    signature == NULL || signaturelen == 0)
+ 		return SSH_ERR_INVALID_ARGUMENT;
+-	if (dlen == 0)
+-		return SSH_ERR_INTERNAL_ERROR;
+ 
+ 	/* fetch signature */
+ 	if ((b = sshbuf_from(signature, signaturelen)) == NULL)
+@@ -176,25 +187,31 @@ ssh_dss_verify(const struct sshkey *key,
+ 	}
+ 	sig_r = sig_s = NULL; /* transferred */
+ 
+-	/* sha1 the data */
+-	if ((ret = ssh_digest_memory(SSH_DIGEST_SHA1, data, datalen,
+-	    digest, sizeof(digest))) != 0)
++	if ((slen = i2d_DSA_SIG(sig, NULL)) == 0) {
++		ret = SSH_ERR_LIBCRYPTO_ERROR;
+ 		goto out;
+-
+-	switch (DSA_do_verify(digest, dlen, sig, key->dsa)) {
+-	case 1:
+-		ret = 0;
+-		break;
+-	case 0:
+-		ret = SSH_ERR_SIGNATURE_INVALID;
++	}
++	if ((sigb = malloc(slen)) == NULL) {
++		ret = SSH_ERR_ALLOC_FAIL;
+ 		goto out;
+-	default:
++	}
++	psig = sigb;
++	if ((slen = i2d_DSA_SIG(sig, &psig)) == 0) {
+ 		ret = SSH_ERR_LIBCRYPTO_ERROR;
+ 		goto out;
+ 	}
+ 
++	if ((pkey = EVP_PKEY_new()) == NULL ||
++	    EVP_PKEY_set1_DSA(pkey, key->dsa) != 1) {
++		ret = SSH_ERR_ALLOC_FAIL;
++		goto out;
++	}
++	ret = sshkey_verify_signature(pkey, SSH_DIGEST_SHA1, data, datalen,
++	    sigb, slen);
++	EVP_PKEY_free(pkey);
++
+  out:
+-	explicit_bzero(digest, sizeof(digest));
++	free(sigb);
+ 	DSA_SIG_free(sig);
+ 	BN_clear_free(sig_r);
+ 	BN_clear_free(sig_s);
+diff --git a/ssh-ecdsa.c b/ssh-ecdsa.c
+index 599c7199d..b036796e8 100644
+--- a/ssh-ecdsa.c
++++ b/ssh-ecdsa.c
+@@ -50,11 +50,13 @@ int
+ ssh_ecdsa_sign(const struct sshkey *key, u_char **sigp, size_t *lenp,
+     const u_char *data, size_t datalen, u_int compat)
+ {
++	EVP_PKEY *pkey = NULL;
+ 	ECDSA_SIG *sig = NULL;
++	unsigned char *sigb = NULL;
++	const unsigned char *psig;
+ 	const BIGNUM *sig_r, *sig_s;
+ 	int hash_alg;
+-	u_char digest[SSH_DIGEST_MAX_LENGTH];
+-	size_t len, dlen;
++	int len;
+ 	struct sshbuf *b = NULL, *bb = NULL;
+ 	int ret = SSH_ERR_INTERNAL_ERROR;
+ 
+@@ -67,18 +69,24 @@ ssh_ecdsa_sign(const struct sshkey *key, u_char **sigp, size_t *lenp,
+ 	    sshkey_type_plain(key->type) != KEY_ECDSA)
+ 		return SSH_ERR_INVALID_ARGUMENT;
+ 
+-	if ((hash_alg = sshkey_ec_nid_to_hash_alg(key->ecdsa_nid)) == -1 ||
+-	    (dlen = ssh_digest_bytes(hash_alg)) == 0)
++	if ((hash_alg = sshkey_ec_nid_to_hash_alg(key->ecdsa_nid)) == -1)
+ 		return SSH_ERR_INTERNAL_ERROR;
+-	if ((ret = ssh_digest_memory(hash_alg, data, datalen,
+-	    digest, sizeof(digest))) != 0)
++
++	if ((pkey = EVP_PKEY_new()) == NULL ||
++	    EVP_PKEY_set1_EC_KEY(pkey, key->ecdsa) != 1)
++		return SSH_ERR_ALLOC_FAIL;
++	ret = sshkey_calculate_signature(pkey, hash_alg, &sigb, &len, data,
++	    datalen);
++	EVP_PKEY_free(pkey);
++	if (ret < 0) {
+ 		goto out;
++	}
+ 
+-	if ((sig = ECDSA_do_sign(digest, dlen, key->ecdsa)) == NULL) {
++	psig = sigb;
++	if ((sig = d2i_ECDSA_SIG(NULL, &psig, len)) == NULL) {
+ 		ret = SSH_ERR_LIBCRYPTO_ERROR;
+ 		goto out;
+ 	}
+-
+ 	if ((bb = sshbuf_new()) == NULL || (b = sshbuf_new()) == NULL) {
+ 		ret = SSH_ERR_ALLOC_FAIL;
+ 		goto out;
+@@ -102,7 +110,7 @@ ssh_ecdsa_sign(const struct sshkey *key, u_char **sigp, size_t *lenp,
+ 		*lenp = len;
+ 	ret = 0;
+  out:
+-	explicit_bzero(digest, sizeof(digest));
++	free(sigb);
+ 	sshbuf_free(b);
+ 	sshbuf_free(bb);
+ 	ECDSA_SIG_free(sig);
+@@ -115,22 +123,21 @@ ssh_ecdsa_verify(const struct sshkey *key,
+     const u_char *signature, size_t signaturelen,
+     const u_char *data, size_t datalen, u_int compat)
+ {
++	EVP_PKEY *pkey = NULL;
+ 	ECDSA_SIG *sig = NULL;
+ 	BIGNUM *sig_r = NULL, *sig_s = NULL;
+-	int hash_alg;
+-	u_char digest[SSH_DIGEST_MAX_LENGTH];
+-	size_t dlen;
++	int hash_alg, len;
+ 	int ret = SSH_ERR_INTERNAL_ERROR;
+ 	struct sshbuf *b = NULL, *sigbuf = NULL;
+ 	char *ktype = NULL;
++	unsigned char *sigb = NULL, *psig = NULL;
+ 
+ 	if (key == NULL || key->ecdsa == NULL ||
+ 	    sshkey_type_plain(key->type) != KEY_ECDSA ||
+ 	    signature == NULL || signaturelen == 0)
+ 		return SSH_ERR_INVALID_ARGUMENT;
+ 
+-	if ((hash_alg = sshkey_ec_nid_to_hash_alg(key->ecdsa_nid)) == -1 ||
+-	    (dlen = ssh_digest_bytes(hash_alg)) == 0)
++	if ((hash_alg = sshkey_ec_nid_to_hash_alg(key->ecdsa_nid)) == -1)
+ 		return SSH_ERR_INTERNAL_ERROR;
+ 
+ 	/* fetch signature */
+@@ -166,28 +173,36 @@ ssh_ecdsa_verify(const struct sshkey *key,
+ 	}
+ 	sig_r = sig_s = NULL; /* transferred */
+ 
+-	if (sshbuf_len(sigbuf) != 0) {
+-		ret = SSH_ERR_UNEXPECTED_TRAILING_DATA;
++	/* Figure out the length */
++	if ((len = i2d_ECDSA_SIG(sig, NULL)) == 0) {
++		ret = SSH_ERR_LIBCRYPTO_ERROR;
++		goto out;
++	}
++	if ((sigb = malloc(len)) == NULL) {
++		ret = SSH_ERR_ALLOC_FAIL;
+ 		goto out;
+ 	}
+-	if ((ret = ssh_digest_memory(hash_alg, data, datalen,
+-	    digest, sizeof(digest))) != 0)
++	psig = sigb;
++	if ((len = i2d_ECDSA_SIG(sig, &psig)) == 0) {
++		ret = SSH_ERR_LIBCRYPTO_ERROR;
+ 		goto out;
++	}
+ 
+-	switch (ECDSA_do_verify(digest, dlen, sig, key->ecdsa)) {
+-	case 1:
+-		ret = 0;
+-		break;
+-	case 0:
+-		ret = SSH_ERR_SIGNATURE_INVALID;
++	if (sshbuf_len(sigbuf) != 0) {
++		ret = SSH_ERR_UNEXPECTED_TRAILING_DATA;
+ 		goto out;
+-	default:
+-		ret = SSH_ERR_LIBCRYPTO_ERROR;
++	}
++
++	if ((pkey = EVP_PKEY_new()) == NULL ||
++	    EVP_PKEY_set1_EC_KEY(pkey, key->ecdsa) != 1) {
++		ret =  SSH_ERR_ALLOC_FAIL;
+ 		goto out;
+ 	}
++	ret = sshkey_verify_signature(pkey, hash_alg, data, datalen, sigb, len);
++	EVP_PKEY_free(pkey);
+ 
+  out:
+-	explicit_bzero(digest, sizeof(digest));
++	free(sigb);
+ 	sshbuf_free(sigbuf);
+ 	sshbuf_free(b);
+ 	ECDSA_SIG_free(sig);
+diff --git a/ssh-rsa.c b/ssh-rsa.c
+index 9b14f9a9a..8ef3a6aca 100644
+--- a/ssh-rsa.c
++++ b/ssh-rsa.c
+@@ -37,7 +37,7 @@
+ 
+ #include "openbsd-compat/openssl-compat.h"
+ 
+-static int openssh_RSA_verify(int, u_char *, size_t, u_char *, size_t, RSA *);
++static int openssh_RSA_verify(int, const u_char *, size_t, u_char *, size_t, EVP_PKEY *);
+ 
+ static const char *
+ rsa_hash_alg_ident(int hash_alg)
+@@ -90,21 +90,6 @@ rsa_hash_id_from_keyname(const char *alg)
+ 	return -1;
+ }
+ 
+-static int
+-rsa_hash_alg_nid(int type)
+-{
+-	switch (type) {
+-	case SSH_DIGEST_SHA1:
+-		return NID_sha1;
+-	case SSH_DIGEST_SHA256:
+-		return NID_sha256;
+-	case SSH_DIGEST_SHA512:
+-		return NID_sha512;
+-	default:
+-		return -1;
+-	}
+-}
+-
+ int
+ ssh_rsa_complete_crt_parameters(struct sshkey *key, const BIGNUM *iqmp)
+ {
+@@ -164,11 +149,10 @@ int
+ ssh_rsa_sign(const struct sshkey *key, u_char **sigp, size_t *lenp,
+     const u_char *data, size_t datalen, const char *alg_ident)
+ {
+-	const BIGNUM *rsa_n;
+-	u_char digest[SSH_DIGEST_MAX_LENGTH], *sig = NULL;
+-	size_t slen = 0;
+-	u_int dlen, len;
+-	int nid, hash_alg, ret = SSH_ERR_INTERNAL_ERROR;
++	EVP_PKEY *pkey = NULL;
++	u_char *sig = NULL;
++	int len, slen = 0;
++	int hash_alg, ret = SSH_ERR_INTERNAL_ERROR;
+ 	struct sshbuf *b = NULL;
+ 
+ 	if (lenp != NULL)
+@@ -180,33 +164,24 @@ ssh_rsa_sign(const struct sshkey *key, u_char **sigp, size_t *lenp,
+ 		hash_alg = SSH_DIGEST_SHA1;
+ 	else
+ 		hash_alg = rsa_hash_id_from_keyname(alg_ident);
++
+ 	if (key == NULL || key->rsa == NULL || hash_alg == -1 ||
+ 	    sshkey_type_plain(key->type) != KEY_RSA)
+ 		return SSH_ERR_INVALID_ARGUMENT;
+-	RSA_get0_key(key->rsa, &rsa_n, NULL, NULL);
+-	if (BN_num_bits(rsa_n) < SSH_RSA_MINIMUM_MODULUS_SIZE)
+-		return SSH_ERR_KEY_LENGTH;
+ 	slen = RSA_size(key->rsa);
+-	if (slen <= 0 || slen > SSHBUF_MAX_BIGNUM)
+-		return SSH_ERR_INVALID_ARGUMENT;
+-
+-	/* hash the data */
+-	nid = rsa_hash_alg_nid(hash_alg);
+-	if ((dlen = ssh_digest_bytes(hash_alg)) == 0)
+-		return SSH_ERR_INTERNAL_ERROR;
+-	if ((ret = ssh_digest_memory(hash_alg, data, datalen,
+-	    digest, sizeof(digest))) != 0)
+-		goto out;
++	if (RSA_bits(key->rsa) < SSH_RSA_MINIMUM_MODULUS_SIZE)
++		return SSH_ERR_KEY_LENGTH;
+ 
+-	if ((sig = malloc(slen)) == NULL) {
+-		ret = SSH_ERR_ALLOC_FAIL;
++	if ((pkey = EVP_PKEY_new()) == NULL ||
++	    EVP_PKEY_set1_RSA(pkey, key->rsa) != 1)
++		return SSH_ERR_ALLOC_FAIL;
++	ret = sshkey_calculate_signature(pkey, hash_alg, &sig, &len, data,
++	    datalen);
++	EVP_PKEY_free(pkey);
++	if (ret < 0) {
+ 		goto out;
+ 	}
+ 
+-	if (RSA_sign(nid, digest, dlen, sig, &len, key->rsa) != 1) {
+-		ret = SSH_ERR_LIBCRYPTO_ERROR;
+-		goto out;
+-	}
+ 	if (len < slen) {
+ 		size_t diff = slen - len;
+ 		memmove(sig + diff, sig, len);
+@@ -215,6 +190,7 @@ ssh_rsa_sign(const struct sshkey *key, u_char **sigp, size_t *lenp,
+ 		ret = SSH_ERR_INTERNAL_ERROR;
+ 		goto out;
+ 	}
++
+ 	/* encode signature */
+ 	if ((b = sshbuf_new()) == NULL) {
+ 		ret = SSH_ERR_ALLOC_FAIL;
+@@ -235,7 +211,6 @@ ssh_rsa_sign(const struct sshkey *key, u_char **sigp, size_t *lenp,
+ 		*lenp = len;
+ 	ret = 0;
+  out:
+-	explicit_bzero(digest, sizeof(digest));
+ 	freezero(sig, slen);
+ 	sshbuf_free(b);
+ 	return ret;
+@@ -246,10 +221,10 @@ ssh_rsa_verify(const struct sshkey *key,
+     const u_char *sig, size_t siglen, const u_char *data, size_t datalen,
+     const char *alg)
+ {
+-	const BIGNUM *rsa_n;
++	EVP_PKEY *pkey = NULL;
+ 	char *sigtype = NULL;
+ 	int hash_alg, want_alg, ret = SSH_ERR_INTERNAL_ERROR;
+-	size_t len = 0, diff, modlen, dlen;
++	size_t len = 0, diff, modlen;
+ 	struct sshbuf *b = NULL;
+ 	u_char digest[SSH_DIGEST_MAX_LENGTH], *osigblob, *sigblob = NULL;
+ 
+@@ -257,8 +232,7 @@ ssh_rsa_verify(const struct sshkey *key,
+ 	    sshkey_type_plain(key->type) != KEY_RSA ||
+ 	    sig == NULL || siglen == 0)
+ 		return SSH_ERR_INVALID_ARGUMENT;
+-	RSA_get0_key(key->rsa, &rsa_n, NULL, NULL);
+-	if (BN_num_bits(rsa_n) < SSH_RSA_MINIMUM_MODULUS_SIZE)
++	if (RSA_bits(key->rsa) < SSH_RSA_MINIMUM_MODULUS_SIZE)
+ 		return SSH_ERR_KEY_LENGTH;
+ 
+ 	if ((b = sshbuf_from(sig, siglen)) == NULL)
+@@ -310,16 +284,15 @@ ssh_rsa_verify(const struct sshkey *key,
+ 		explicit_bzero(sigblob, diff);
+ 		len = modlen;
+ 	}
+-	if ((dlen = ssh_digest_bytes(hash_alg)) == 0) {
+-		ret = SSH_ERR_INTERNAL_ERROR;
++
++	if ((pkey = EVP_PKEY_new()) == NULL ||
++	    EVP_PKEY_set1_RSA(pkey, key->rsa) != 1) {
++		ret = SSH_ERR_ALLOC_FAIL;
+ 		goto out;
+ 	}
+-	if ((ret = ssh_digest_memory(hash_alg, data, datalen,
+-	    digest, sizeof(digest))) != 0)
+-		goto out;
++	ret = openssh_RSA_verify(hash_alg, data, datalen, sigblob, len, pkey);
++	EVP_PKEY_free(pkey);
+ 
+-	ret = openssh_RSA_verify(hash_alg, digest, dlen, sigblob, len,
+-	    key->rsa);
+  out:
+ 	freezero(sigblob, len);
+ 	free(sigtype);
+@@ -328,122 +301,26 @@ ssh_rsa_verify(const struct sshkey *key,
+ 	return ret;
+ }
+ 
+-/*
+- * See:
+- * http://www.rsasecurity.com/rsalabs/pkcs/pkcs-1/
+- * ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-1/pkcs-1v2-1.asn
+- */
+-
+-/*
+- * id-sha1 OBJECT IDENTIFIER ::= { iso(1) identified-organization(3)
+- *	oiw(14) secsig(3) algorithms(2) 26 }
+- */
+-static const u_char id_sha1[] = {
+-	0x30, 0x21, /* type Sequence, length 0x21 (33) */
+-	0x30, 0x09, /* type Sequence, length 0x09 */
+-	0x06, 0x05, /* type OID, length 0x05 */
+-	0x2b, 0x0e, 0x03, 0x02, 0x1a, /* id-sha1 OID */
+-	0x05, 0x00, /* NULL */
+-	0x04, 0x14  /* Octet string, length 0x14 (20), followed by sha1 hash */
+-};
+-
+-/*
+- * See http://csrc.nist.gov/groups/ST/crypto_apps_infra/csor/algorithms.html
+- * id-sha256 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840)
+- *      organization(1) gov(101) csor(3) nistAlgorithm(4) hashAlgs(2)
+- *      id-sha256(1) }
+- */
+-static const u_char id_sha256[] = {
+-	0x30, 0x31, /* type Sequence, length 0x31 (49) */
+-	0x30, 0x0d, /* type Sequence, length 0x0d (13) */
+-	0x06, 0x09, /* type OID, length 0x09 */
+-	0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01, /* id-sha256 */
+-	0x05, 0x00, /* NULL */
+-	0x04, 0x20  /* Octet string, length 0x20 (32), followed by sha256 hash */
+-};
+-
+-/*
+- * See http://csrc.nist.gov/groups/ST/crypto_apps_infra/csor/algorithms.html
+- * id-sha512 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840)
+- *      organization(1) gov(101) csor(3) nistAlgorithm(4) hashAlgs(2)
+- *      id-sha256(3) }
+- */
+-static const u_char id_sha512[] = {
+-	0x30, 0x51, /* type Sequence, length 0x51 (81) */
+-	0x30, 0x0d, /* type Sequence, length 0x0d (13) */
+-	0x06, 0x09, /* type OID, length 0x09 */
+-	0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x03, /* id-sha512 */
+-	0x05, 0x00, /* NULL */
+-	0x04, 0x40  /* Octet string, length 0x40 (64), followed by sha512 hash */
+-};
+-
+ static int
+-rsa_hash_alg_oid(int hash_alg, const u_char **oidp, size_t *oidlenp)
++openssh_RSA_verify(int hash_alg, const u_char *data, size_t datalen,
++    u_char *sigbuf, size_t siglen, EVP_PKEY *pkey)
+ {
+-	switch (hash_alg) {
+-	case SSH_DIGEST_SHA1:
+-		*oidp = id_sha1;
+-		*oidlenp = sizeof(id_sha1);
+-		break;
+-	case SSH_DIGEST_SHA256:
+-		*oidp = id_sha256;
+-		*oidlenp = sizeof(id_sha256);
+-		break;
+-	case SSH_DIGEST_SHA512:
+-		*oidp = id_sha512;
+-		*oidlenp = sizeof(id_sha512);
+-		break;
+-	default:
+-		return SSH_ERR_INVALID_ARGUMENT;
+-	}
+-	return 0;
+-}
++	size_t rsasize = 0;
++	const RSA *rsa;
++	int ret;
+ 
+-static int
+-openssh_RSA_verify(int hash_alg, u_char *hash, size_t hashlen,
+-    u_char *sigbuf, size_t siglen, RSA *rsa)
+-{
+-	size_t rsasize = 0, oidlen = 0, hlen = 0;
+-	int ret, len, oidmatch, hashmatch;
+-	const u_char *oid = NULL;
+-	u_char *decrypted = NULL;
+-
+-	if ((ret = rsa_hash_alg_oid(hash_alg, &oid, &oidlen)) != 0)
+-		return ret;
+-	ret = SSH_ERR_INTERNAL_ERROR;
+-	hlen = ssh_digest_bytes(hash_alg);
+-	if (hashlen != hlen) {
+-		ret = SSH_ERR_INVALID_ARGUMENT;
+-		goto done;
+-	}
++	rsa = EVP_PKEY_get0_RSA(pkey);
+ 	rsasize = RSA_size(rsa);
+ 	if (rsasize <= 0 || rsasize > SSHBUF_MAX_BIGNUM ||
+ 	    siglen == 0 || siglen > rsasize) {
+ 		ret = SSH_ERR_INVALID_ARGUMENT;
+ 		goto done;
+ 	}
+-	if ((decrypted = malloc(rsasize)) == NULL) {
+-		ret = SSH_ERR_ALLOC_FAIL;
+-		goto done;
+-	}
+-	if ((len = RSA_public_decrypt(siglen, sigbuf, decrypted, rsa,
+-	    RSA_PKCS1_PADDING)) < 0) {
+-		ret = SSH_ERR_LIBCRYPTO_ERROR;
+-		goto done;
+-	}
+-	if (len < 0 || (size_t)len != hlen + oidlen) {
+-		ret = SSH_ERR_INVALID_FORMAT;
+-		goto done;
+-	}
+-	oidmatch = timingsafe_bcmp(decrypted, oid, oidlen) == 0;
+-	hashmatch = timingsafe_bcmp(decrypted + oidlen, hash, hlen) == 0;
+-	if (!oidmatch || !hashmatch) {
+-		ret = SSH_ERR_SIGNATURE_INVALID;
+-		goto done;
+-	}
+-	ret = 0;
++
++	ret = sshkey_verify_signature(pkey, hash_alg, data, datalen,
++	    sigbuf, siglen);
++
+ done:
+-	freezero(decrypted, rsasize);
+ 	return ret;
+ }
+ #endif /* WITH_OPENSSL */
+diff --git a/sshkey.c b/sshkey.c
+index ad1957762..b95ed0b10 100644
+--- a/sshkey.c
++++ b/sshkey.c
+@@ -358,6 +358,83 @@ sshkey_type_plain(int type)
+ }
+ 
+ #ifdef WITH_OPENSSL
++int
++sshkey_calculate_signature(EVP_PKEY *pkey, int hash_alg, u_char **sigp,
++    int *lenp, const u_char *data, size_t datalen)
++{
++	EVP_MD_CTX *ctx = NULL;
++	u_char *sig = NULL;
++	int ret, slen, len;
++
++	if (sigp == NULL || lenp == NULL) {
++		return SSH_ERR_INVALID_ARGUMENT;
++	}
++
++	slen = EVP_PKEY_size(pkey);
++	if (slen <= 0 || slen > SSHBUF_MAX_BIGNUM)
++		return SSH_ERR_INVALID_ARGUMENT;
++
++	len = slen;
++	if ((sig = malloc(slen)) == NULL) {
++		return SSH_ERR_ALLOC_FAIL;
++	}
++
++	if ((ctx = EVP_MD_CTX_new()) == NULL) {
++		ret = SSH_ERR_ALLOC_FAIL;
++		goto error;
++	}
++	if (EVP_SignInit_ex(ctx, ssh_digest_to_md(hash_alg), NULL) <= 0 ||
++	    EVP_SignUpdate(ctx, data, datalen) <= 0 ||
++	    EVP_SignFinal(ctx, sig, &len, pkey) <= 0) {
++		ret = SSH_ERR_LIBCRYPTO_ERROR;
++		goto error;
++	}
++
++	*sigp = sig;
++	*lenp = len;
++	/* Now owned by the caller */
++	sig = NULL;
++	ret = 0;
++
++error:
++	EVP_MD_CTX_free(ctx);
++	free(sig);
++	return ret;
++}
++
++int
++sshkey_verify_signature(EVP_PKEY *pkey, int hash_alg, const u_char *data,
++    size_t datalen, u_char *sigbuf, int siglen)
++{
++	EVP_MD_CTX *ctx = NULL;
++	int ret;
++
++	if ((ctx = EVP_MD_CTX_new()) == NULL) {
++		return SSH_ERR_ALLOC_FAIL;
++	}
++	if (EVP_VerifyInit_ex(ctx, ssh_digest_to_md(hash_alg), NULL) <= 0 ||
++	    EVP_VerifyUpdate(ctx, data, datalen) <= 0) {
++		ret = SSH_ERR_LIBCRYPTO_ERROR;
++		goto done;
++	}
++	ret = EVP_VerifyFinal(ctx, sigbuf, siglen, pkey);
++	switch (ret) {
++	case 1:
++		ret = 0;
++		break;
++	case 0:
++		ret = SSH_ERR_SIGNATURE_INVALID;
++		break;
++	default:
++		ret = SSH_ERR_LIBCRYPTO_ERROR;
++		break;
++	}
++
++done:
++	EVP_MD_CTX_free(ctx);
++	return ret;
++}
++
+ /* XXX: these are really begging for a table-driven approach */
+ int
+ sshkey_curve_name_to_nid(const char *name)
+diff --git a/sshkey.h b/sshkey.h
+index a91e60436..270901a87 100644
+--- a/sshkey.h
++++ b/sshkey.h
+@@ -179,6 +179,10 @@ const char	*sshkey_ssh_name(const struct sshkey *);
+ const char	*sshkey_ssh_name_plain(const struct sshkey *);
+ int		 sshkey_names_valid2(const char *, int);
+ char		*sshkey_alg_list(int, int, int, char);
++int		 sshkey_calculate_signature(EVP_PKEY*, int, u_char **,
++    int *, const u_char *, size_t);
++int		 sshkey_verify_signature(EVP_PKEY *, int, const u_char *,
++    size_t, u_char *, int);
+ 
+ int	 sshkey_from_blob(const u_char *, size_t, struct sshkey **);
+ int	 sshkey_fromb(struct sshbuf *, struct sshkey **);
+

SOURCES/openssh-8.0p1-openssl-kdf.patch

@@ -12,7 +12,7 @@ index 2a455e4e..e01c3d43 100644
  		HMAC_CTX_init \
  		RSA_generate_key_ex \
  		RSA_get_default_method \
-+		EVP_KDF_CTX_new \
++		EVP_KDF_CTX_new_id \
  	])
  
  	# OpenSSL_add_all_algorithms may be a macro.
@@ -20,35 +20,33 @@ diff --git a/kex.c b/kex.c
 index b6f041f4..1fbce2bb 100644
 --- a/kex.c
 +++ b/kex.c
-@@ -38,6 +38,11 @@
+@@ -38,6 +38,9 @@
  #ifdef WITH_OPENSSL
  #include <openssl/crypto.h>
  #include <openssl/dh.h>
-+# ifdef HAVE_EVP_KDF_CTX_NEW
++# ifdef HAVE_EVP_KDF_CTX_NEW_ID
 +# include <openssl/kdf.h>
-+# include <openssl/param_build.h>
-+# include <openssl/core_names.h>
 +# endif
  #endif
  
  #include "ssh.h"
-@@ -942,6 +945,107 @@ kex_choose_conf(struct ssh *ssh)
+@@ -942,6 +945,95 @@ kex_choose_conf(struct ssh *ssh)
  	return r;
  }
  
-+#ifdef HAVE_EVP_KDF_CTX_NEW
++#ifdef HAVE_EVP_KDF_CTX_NEW_ID
-+static const char *
++static const EVP_MD *
 +digest_to_md(int digest_type)
 +{
 +	switch (digest_type) {
 +	case SSH_DIGEST_SHA1:
-+		return SN_sha1;
++		return EVP_sha1();
 +	case SSH_DIGEST_SHA256:
-+		return SN_sha256;
++		return EVP_sha256();
 +	case SSH_DIGEST_SHA384:
-+		return SN_sha384;
++		return EVP_sha384();
 +	case SSH_DIGEST_SHA512:
-+		return SN_sha512;
++		return EVP_sha512();
 +	}
 +	return NULL;
 +}
@@ -58,62 +56,52 @@ index b6f041f4..1fbce2bb 100644
 +    const struct sshbuf *shared_secret, u_char **keyp)
 +{
 +	struct kex *kex = ssh->kex;
++	EVP_KDF_CTX *ctx = NULL;
 +	u_char *key = NULL;
 +	int r, key_len;
 +
-+	EVP_KDF *kdf = EVP_KDF_fetch(NULL, "SSHKDF", NULL);
++	if ((key_len = ssh_digest_bytes(kex->hash_alg)) == 0)
-+	EVP_KDF_CTX *ctx = EVP_KDF_CTX_new(kdf);
++		return SSH_ERR_INVALID_ARGUMENT;
-+	OSSL_PARAM_BLD *param_bld = OSSL_PARAM_BLD_new();
-+	OSSL_PARAM *params = NULL;
-+       const char *md = digest_to_md(kex->hash_alg);
-+       char keytype = (char)id;
-+
-+	EVP_KDF_free(kdf);
-+	if (!ctx) {
-+		r = SSH_ERR_LIBCRYPTO_ERROR;
-+		goto out;
-+	}
-+	if (md == NULL) {
-+		r = SSH_ERR_INVALID_ARGUMENT;
-+		goto out;
-+	}
-+
-+	if (param_bld == NULL) {
-+		EVP_KDF_CTX_free(ctx);
-+		return -1;
-+	}
-+	if ((key_len = ssh_digest_bytes(kex->hash_alg)) == 0) {
-+		r = SSH_ERR_INVALID_ARGUMENT;
-+		goto out;
-+	}
-+
 +	key_len = ROUNDUP(need, key_len);
 +	if ((key = calloc(1, key_len)) == NULL) {
 +		r = SSH_ERR_ALLOC_FAIL;
 +		goto out;
 +	}
 +
-+	r =     OSSL_PARAM_BLD_push_utf8_string(param_bld, OSSL_KDF_PARAM_DIGEST,
++	ctx = EVP_KDF_CTX_new_id(EVP_KDF_SSHKDF);
-+		                md, strlen(md)) && /* SN */
++	if (!ctx) {
-+		OSSL_PARAM_BLD_push_octet_string(param_bld, OSSL_KDF_PARAM_KEY,
-+				sshbuf_ptr(shared_secret), sshbuf_len(shared_secret)) &&
-+		OSSL_PARAM_BLD_push_octet_string(param_bld, OSSL_KDF_PARAM_SSHKDF_XCGHASH,
-+				hash, hashlen) &&
-+		OSSL_PARAM_BLD_push_octet_string(param_bld, OSSL_KDF_PARAM_SSHKDF_SESSION_ID,
-+				sshbuf_ptr(kex->session_id), sshbuf_len(kex->session_id)) &&
-+		OSSL_PARAM_BLD_push_utf8_string(param_bld, OSSL_KDF_PARAM_SSHKDF_TYPE,
-+				&keytype, 1);
-+	if (r != 1) {
 +		r = SSH_ERR_LIBCRYPTO_ERROR;
 +		goto out;
 +	}
 +
-+	params = OSSL_PARAM_BLD_to_param(param_bld);
++	r = EVP_KDF_ctrl(ctx, EVP_KDF_CTRL_SET_MD, digest_to_md(kex->hash_alg));
-+	if (params == NULL) {
++	if (r != 1) {
 +		r = SSH_ERR_LIBCRYPTO_ERROR;
 +		goto out;
 +	}
-+	r = EVP_KDF_derive(ctx, key, key_len, params);
++	r = EVP_KDF_ctrl(ctx, EVP_KDF_CTRL_SET_KEY,
++	    sshbuf_ptr(shared_secret), sshbuf_len(shared_secret));
++	if (r != 1) {
++		r = SSH_ERR_LIBCRYPTO_ERROR;
++		goto out;
++	}
++	r = EVP_KDF_ctrl(ctx, EVP_KDF_CTRL_SET_SSHKDF_XCGHASH, hash, hashlen);
++	if (r != 1) {
++		r = SSH_ERR_LIBCRYPTO_ERROR;
++		goto out;
++	}
++	r = EVP_KDF_ctrl(ctx, EVP_KDF_CTRL_SET_SSHKDF_TYPE, id);
++	if (r != 1) {
++		r = SSH_ERR_LIBCRYPTO_ERROR;
++		goto out;
++	}
++	r = EVP_KDF_ctrl(ctx, EVP_KDF_CTRL_SET_SSHKDF_SESSION_ID,
++	    kex->session_id, kex->session_id_len);
++	if (r != 1) {
++		r = SSH_ERR_LIBCRYPTO_ERROR;
++		goto out;
++	}
++	r = EVP_KDF_derive(ctx, key, key_len);
 +	if (r != 1) {
 +		r = SSH_ERR_LIBCRYPTO_ERROR;
 +		goto out;
@@ -127,8 +115,6 @@ index b6f041f4..1fbce2bb 100644
 +	r = 0;
 +
 +out:
-+	OSSL_PARAM_BLD_free(param_bld);
-+	OSSL_PARAM_free(params);
 +	free (key);
 +	EVP_KDF_CTX_free(ctx);
 +	if (r < 0) {
@@ -144,7 +130,7 @@ index b6f041f4..1fbce2bb 100644
  	ssh_digest_free(hashctx);
  	return r;
  }
-+#endif /* HAVE_OPENSSL_EVP_KDF_CTX_NEW */
++#endif /* HAVE_OPENSSL_EVP_KDF_CTX_NEW_ID */
  
  #define NKEYS	6
  int

SOURCES/openssh-8.0p1-openssl-pem.patch

@@ -0,0 +1,324 @@
+From eb0d8e708a1f958aecd2d6e2ff2450af488d4c2a Mon Sep 17 00:00:00 2001
+From: "djm@openbsd.org" <djm@openbsd.org>
+Date: Mon, 15 Jul 2019 13:16:29 +0000
+Subject: [PATCH] upstream: support PKCS8 as an optional format for storage of
+
+private keys, enabled via "ssh-keygen -m PKCS8" on operations that save
+private keys to disk.
+
+The OpenSSH native key format remains the default, but PKCS8 is a
+superior format to PEM if interoperability with non-OpenSSH software
+is required, as it may use a less terrible KDF (IIRC PEM uses a single
+round of MD5 as a KDF).
+
+adapted from patch by Jakub Jelen via bz3013; ok markus
+
+OpenBSD-Commit-ID: 027824e3bc0b1c243dc5188504526d73a55accb1
+---
+ authfile.c   |  6 ++--
+ ssh-keygen.1 |  9 +++---
+ ssh-keygen.c | 25 +++++++++--------
+ sshkey.c     | 78 +++++++++++++++++++++++++++++++++++++---------------
+ sshkey.h     | 11 ++++++--
+ 5 files changed, 87 insertions(+), 42 deletions(-)
+
+diff --git a/authfile.c b/authfile.c
+index 2166c1689..851c1a8a1 100644
+--- a/authfile.c
++++ b/authfile.c
+@@ -74,7 +74,7 @@ sshkey_save_private_blob(struct sshbuf *keybuf, const char *filename)
+ int
+ sshkey_save_private(struct sshkey *key, const char *filename,
+     const char *passphrase, const char *comment,
+-    int force_new_format, const char *new_format_cipher, int new_format_rounds)
++    int format, const char *openssh_format_cipher, int openssh_format_rounds)
+ {
+ 	struct sshbuf *keyblob = NULL;
+ 	int r;
+@@ -82,7 +82,7 @@ sshkey_save_private(struct sshkey *key, const char *filename,
+ 	if ((keyblob = sshbuf_new()) == NULL)
+ 		return SSH_ERR_ALLOC_FAIL;
+ 	if ((r = sshkey_private_to_fileblob(key, keyblob, passphrase, comment,
+-	    force_new_format, new_format_cipher, new_format_rounds)) != 0)
++	    format, openssh_format_cipher, openssh_format_rounds)) != 0)
+ 		goto out;
+ 	if ((r = sshkey_save_private_blob(keyblob, filename)) != 0)
+ 		goto out;
+diff --git a/ssh-keygen.1 b/ssh-keygen.1
+index f42127c60..8184a1797 100644
+--- a/ssh-keygen.1
++++ b/ssh-keygen.1
+@@ -419,11 +419,12 @@ The supported key formats are:
+ .Dq RFC4716
+ (RFC 4716/SSH2 public or private key),
+ .Dq PKCS8
+-(PEM PKCS8 public key)
++(PKCS8 public or private key)
+ or
+ .Dq PEM
+ (PEM public key).
+-The default conversion format is
++By default OpenSSH will write newly-generated private keys in its own
++format, but when converting public keys for export the default format is
+ .Dq RFC4716 .
+ Setting a format of
+ .Dq PEM
+diff --git a/ssh-keygen.c b/ssh-keygen.c
+index b019a02ff..5dcad1f61 100644
+--- a/ssh-keygen.c
++++ b/ssh-keygen.c
+@@ -147,11 +147,11 @@ static char *key_type_name = NULL;
+ /* Load key from this PKCS#11 provider */
+ static char *pkcs11provider = NULL;
+ 
+-/* Use new OpenSSH private key format when writing SSH2 keys instead of PEM */
+-static int use_new_format = 1;
++/* Format for writing private keys */
++static int private_key_format = SSHKEY_PRIVATE_OPENSSH;
+ 
+ /* Cipher for new-format private keys */
+-static char *new_format_cipher = NULL;
++static char *openssh_format_cipher = NULL;
+ 
+ /*
+  * Number of KDF rounds to derive new format keys /
+@@ -1048,7 +1048,8 @@ do_gen_all_hostkeys(struct passwd *pw)
+ 		snprintf(comment, sizeof comment, "%s@%s", pw->pw_name,
+ 		    hostname);
+ 		if ((r = sshkey_save_private(private, prv_tmp, "",
+-		    comment, use_new_format, new_format_cipher, rounds)) != 0) {
++		    comment, private_key_format, openssh_format_cipher,
++		    rounds)) != 0) {
+ 			error("Saving key \"%s\" failed: %s",
+ 			    prv_tmp, ssh_err(r));
+ 			goto failnext;
+@@ -1391,7 +1392,7 @@ do_change_passphrase(struct passwd *pw)
+ 
+ 	/* Save the file using the new passphrase. */
+ 	if ((r = sshkey_save_private(private, identity_file, passphrase1,
+-	    comment, use_new_format, new_format_cipher, rounds)) != 0) {
++	    comment, private_key_format, openssh_format_cipher, rounds)) != 0) {
+ 		error("Saving key \"%s\" failed: %s.",
+ 		    identity_file, ssh_err(r));
+ 		explicit_bzero(passphrase1, strlen(passphrase1));
+@@ -1480,7 +1481,7 @@ do_change_comment(struct passwd *pw, const char *identity_comment)
+ 	}
+ 
+ 	if (private->type != KEY_ED25519 && private->type != KEY_XMSS &&
+-	    !use_new_format) {
++	    private_key_format != SSHKEY_PRIVATE_OPENSSH) {
+ 		error("Comments are only supported for keys stored in "
+ 		    "the new format (-o).");
+ 		explicit_bzero(passphrase, strlen(passphrase));
+@@ -1514,7 +1515,8 @@ do_change_comment(struct passwd *pw, const char *identity_comment)
+ 
+ 	/* Save the file using the new passphrase. */
+ 	if ((r = sshkey_save_private(private, identity_file, passphrase,
+-	    new_comment, use_new_format, new_format_cipher, rounds)) != 0) {
++	    new_comment, private_key_format, openssh_format_cipher,
++	    rounds)) != 0) {
+ 		error("Saving key \"%s\" failed: %s",
+ 		    identity_file, ssh_err(r));
+ 		explicit_bzero(passphrase, strlen(passphrase));
+@@ -2525,11 +2527,12 @@ main(int argc, char **argv)
+ 			}
+ 			if (strcasecmp(optarg, "PKCS8") == 0) {
+ 				convert_format = FMT_PKCS8;
++				private_key_format = SSHKEY_PRIVATE_PKCS8;
+ 				break;
+ 			}
+ 			if (strcasecmp(optarg, "PEM") == 0) {
+ 				convert_format = FMT_PEM;
+-				use_new_format = 0;
++				private_key_format = SSHKEY_PRIVATE_PEM;
+ 				break;
+ 			}
+ 			fatal("Unsupported conversion format \"%s\"", optarg);
+@@ -2567,7 +2570,7 @@ main(int argc, char **argv)
+ 			add_cert_option(optarg);
+ 			break;
+ 		case 'Z':
+-			new_format_cipher = optarg;
++			openssh_format_cipher = optarg;
+ 			break;
+ 		case 'C':
+ 			identity_comment = optarg;
+@@ -2912,7 +2915,7 @@ main(int argc, char **argv)
+ 
+ 	/* Save the key with the given passphrase and comment. */
+ 	if ((r = sshkey_save_private(private, identity_file, passphrase1,
+-	    comment, use_new_format, new_format_cipher, rounds)) != 0) {
++	    comment, private_key_format, openssh_format_cipher, rounds)) != 0) {
+ 		error("Saving key \"%s\" failed: %s",
+ 		    identity_file, ssh_err(r));
+ 		explicit_bzero(passphrase1, strlen(passphrase1));
+diff --git a/sshkey.c b/sshkey.c
+index 6b5ff0485..a0cea9257 100644
+--- a/sshkey.c
++++ b/sshkey.c
+@@ -3975,10 +3975,10 @@ sshkey_parse_private2(struct sshbuf *blob, int type, const char *passphrase,
+ 
+ 
+ #ifdef WITH_OPENSSL
+-/* convert SSH v2 key in OpenSSL PEM format */
++/* convert SSH v2 key to PEM or PKCS#8 format */
+ static int
+-sshkey_private_pem_to_blob(struct sshkey *key, struct sshbuf *blob,
+-    const char *_passphrase, const char *comment)
++sshkey_private_to_blob_pem_pkcs8(struct sshkey *key, struct sshbuf *blob,
++    int format, const char *_passphrase, const char *comment)
+ {
+ 	int success, r;
+ 	int blen, len = strlen(_passphrase);
+@@ -3988,26 +3988,46 @@ sshkey_private_pem_to_blob(struct sshkey *key, struct sshbuf *buf,
+ 	const EVP_CIPHER *cipher = (len > 0) ? EVP_aes_128_cbc() : NULL;
+ 	char *bptr;
+ 	BIO *bio = NULL;
++	EVP_PKEY *pkey = NULL;
+ 
+ 	if (len > 0 && len <= 4)
+ 		return SSH_ERR_PASSPHRASE_TOO_SHORT;
+-	if ((bio = BIO_new(BIO_s_mem())) == NULL)
+-		return SSH_ERR_ALLOC_FAIL;
++ 	if ((bio = BIO_new(BIO_s_mem())) == NULL) {
++		r = SSH_ERR_ALLOC_FAIL;
++		goto out;
++ 	}
++
++	if (format == SSHKEY_PRIVATE_PKCS8 && (pkey = EVP_PKEY_new()) == NULL) {
++		r = SSH_ERR_ALLOC_FAIL;
++		goto out;
++ 	}
+ 
+ 	switch (key->type) {
+ 	case KEY_DSA:
+-		success = PEM_write_bio_DSAPrivateKey(bio, key->dsa,
+-		    cipher, passphrase, len, NULL, NULL);
++		if (format == SSHKEY_PRIVATE_PEM) {
++			success = PEM_write_bio_DSAPrivateKey(bio, key->dsa,
++			    cipher, passphrase, len, NULL, NULL);
++		} else {
++			success = EVP_PKEY_set1_DSA(pkey, key->dsa);
++		}
+ 		break;
+ #ifdef OPENSSL_HAS_ECC
+ 	case KEY_ECDSA:
+-		success = PEM_write_bio_ECPrivateKey(bio, key->ecdsa,
+-		    cipher, passphrase, len, NULL, NULL);
++		if (format == SSHKEY_PRIVATE_PEM) {
++			success = PEM_write_bio_ECPrivateKey(bio, key->ecdsa,
++			    cipher, passphrase, len, NULL, NULL);
++		} else {
++			success = EVP_PKEY_set1_EC_KEY(pkey, key->ecdsa);
++		}
+ 		break;
+ #endif
+ 	case KEY_RSA:
+-		success = PEM_write_bio_RSAPrivateKey(bio, key->rsa,
+-		    cipher, passphrase, len, NULL, NULL);
++		if (format == SSHKEY_PRIVATE_PEM) {
++			success = PEM_write_bio_RSAPrivateKey(bio, key->rsa,
++			    cipher, passphrase, len, NULL, NULL);
++		} else {
++			success = EVP_PKEY_set1_RSA(pkey, key->rsa);
++		}
+ 		break;
+ 	default:
+ 		success = 0;
+@@ -4023,6 +4040,13 @@ sshkey_private_pem_to_blob(struct sshkey *key, struct sshbuf *buf,
+ 		r = SSH_ERR_LIBCRYPTO_ERROR;
+ 		goto out;
+ 	}
++	if (format == SSHKEY_PRIVATE_PKCS8) {
++		if ((success = PEM_write_bio_PrivateKey(bio, pkey, cipher,
++		    passphrase, len, NULL, NULL)) == 0) {
++			r = SSH_ERR_LIBCRYPTO_ERROR;
++			goto out;
++		}
++	}
+ 	if ((blen = BIO_get_mem_data(bio, &bptr)) <= 0) {
+ 		r = SSH_ERR_INTERNAL_ERROR;
+ 		goto out;
+@@ -4035,6 +4059,7 @@ sshkey_private_pem_to_blob(struct sshkey *key, struct sshbuf *buf,
+ 		goto out;
+ 	r = 0;
+  out:
++	EVP_PKEY_free(pkey);
+ 	BIO_free(bio);
+ 	return r;
+ }
+@@ -4046,29 +4071,38 @@ sshkey_private_pem_to_blob(struct sshkey *key, struct sshbuf *buf,
+ int
+ sshkey_private_to_fileblob(struct sshkey *key, struct sshbuf *blob,
+     const char *passphrase, const char *comment,
+-    int force_new_format, const char *new_format_cipher, int new_format_rounds)
++    int format, const char *openssh_format_cipher, int openssh_format_rounds)
+ {
+ 	switch (key->type) {
+ #ifdef WITH_OPENSSL
+ 	case KEY_DSA:
+ 	case KEY_ECDSA:
+ 	case KEY_RSA:
+-		if (force_new_format) {
+-			return sshkey_private_to_blob2(key, blob, passphrase,
+-			    comment, new_format_cipher, new_format_rounds);
+-		}
+-		return sshkey_private_pem_to_blob(key, blob,
+-		    passphrase, comment);
++		break; /* see below */
+ #endif /* WITH_OPENSSL */
+ 	case KEY_ED25519:
+ #ifdef WITH_XMSS
+ 	case KEY_XMSS:
+ #endif /* WITH_XMSS */
+ 		return sshkey_private_to_blob2(key, blob, passphrase,
+-		    comment, new_format_cipher, new_format_rounds);
++		    comment, openssh_format_cipher, openssh_format_rounds);
+ 	default:
+ 		return SSH_ERR_KEY_TYPE_UNKNOWN;
+ 	}
++
++#ifdef WITH_OPENSSL
++	switch (format) {
++	case SSHKEY_PRIVATE_OPENSSH:
++		return sshkey_private_to_blob2(key, blob, passphrase,
++		    comment, openssh_format_cipher, openssh_format_rounds);
++	case SSHKEY_PRIVATE_PEM:
++	case SSHKEY_PRIVATE_PKCS8:
++		return sshkey_private_to_blob_pem_pkcs8(key, blob,
++		    format, passphrase, comment);
++	default:
++		return SSH_ERR_INVALID_ARGUMENT;
++	}
++#endif /* WITH_OPENSSL */
+ }
+ 
+ 
+diff --git a/sshkey.h b/sshkey.h
+index 41d159a1b..d30a69cc9 100644
+--- a/sshkey.h
++++ b/sshkey.h
+@@ -88,6 +88,13 @@ enum sshkey_serialize_rep {
+ 	SSHKEY_SERIALIZE_INFO = 254,
+ };
+ 
++/* Private key disk formats */
++enum sshkey_private_format {
++	SSHKEY_PRIVATE_OPENSSH = 0,
++	SSHKEY_PRIVATE_PEM = 1,
++	SSHKEY_PRIVATE_PKCS8 = 2,
++};
++
+ /* key is stored in external hardware */
+ #define SSHKEY_FLAG_EXT		0x0001
+ 
+@@ -221,7 +228,7 @@ int	sshkey_private_deserialize(struct sshbuf *buf,  struct sshkey **keyp);
+ /* private key file format parsing and serialisation */
+ int	sshkey_private_to_fileblob(struct sshkey *key, struct sshbuf *blob,
+     const char *passphrase, const char *comment,
+-    int force_new_format, const char *new_format_cipher, int new_format_rounds);
++    int format, const char *openssh_format_cipher, int openssh_format_rounds);
+ int	sshkey_parse_private_fileblob(struct sshbuf *buffer,
+     const char *passphrase, struct sshkey **keyp, char **commentp);
+ int	sshkey_parse_private_fileblob_type(struct sshbuf *blob, int type,
+

SOURCES/openssh-8.0p1-preserve-pam-errors.patch

@@ -27,15 +27,16 @@ diff -up openssh-8.0p1/auth-pam.c.preserve-pam-errors openssh-8.0p1/auth-pam.c
  	else if (sshpam_maxtries_reached)
  		ssh_msg_send(ctxt->pam_csock, PAM_MAXTRIES, buffer);
  	else
-@@ -856,9 +862,11 @@ sshpam_query(void *ctx, char **name, cha
+@@ -856,10 +862,12 @@ sshpam_query(void *ctx, char **name, cha
+ 			plen++;
  			free(msg);
  			break;
++		case PAM_USER_UNKNOWN:
++		case PAM_PERM_DENIED:
  		case PAM_ACCT_EXPIRED:
 +			sshpam_account_status = 0;
 +			/* FALLTHROUGH */
  		case PAM_MAXTRIES:
-+		case PAM_USER_UNKNOWN:
-+		case PAM_PERM_DENIED:
 -			if (type == PAM_ACCT_EXPIRED)
 -				sshpam_account_status = 0;
  			if (type == PAM_MAXTRIES)

SOURCES/openssh-8.0p1-proxyjump-loops.patch

@@ -0,0 +1,33 @@
+From de1f3564cd85915b3002859873a37cb8d31ac9ce Mon Sep 17 00:00:00 2001
+From: "dtucker@openbsd.org" <dtucker@openbsd.org>
+Date: Tue, 18 Feb 2020 08:49:49 +0000
+Subject: [PATCH] upstream: Detect and prevent simple configuration loops when
+ using
+
+ProxyJump. bz#3057, ok djm@
+
+OpenBSD-Commit-ID: 077d21c564c886c98309d871ed6f8ef267b9f037
+---
+ ssh.c | 10 +++++++++-
+ 1 file changed, 9 insertions(+), 1 deletion(-)
+
+diff --git a/ssh.c b/ssh.c
+index 15aee569e..a983a108b 100644
+--- a/ssh.c
++++ b/ssh.c
+@@ -1208,6 +1208,14 @@ main(int ac, char **av)
+ 	if (options.jump_host != NULL) {
+ 		char port_s[8];
+ 		const char *sshbin = argv0;
++		int port = options.port, jumpport = options.jump_port;
++
++		if (port <= 0)
++			port = default_ssh_port();
++		if (jumpport <= 0)
++			jumpport = default_ssh_port();
++		if (strcmp(options.jump_host, host) == 0 && port == jumpport)
++			fatal("jumphost loop via %s", options.jump_host);
+ 
+ 		/*
+ 		 * Try to use SSH indicated by argv[0], but fall back to
+

SOURCES/openssh-8.0p1-rdomain.patch

@@ -0,0 +1,44 @@
+commit 5481d0b4036b33b92c372ee36258ed11bff57d5d
+Author: Jakub Jelen <jjelen@redhat.com>
+Date:   Thu Feb 27 10:07:33 2020 +0100
+
+    Mark the RDomain configuration option unsupported on non-openbsd builds
+
+diff --git a/servconf.c b/servconf.c
+index db80e943..153d2525 100644
+--- a/servconf.c
++++ b/servconf.c
+@@ -698,7 +698,11 @@ static struct {
+ 	{ "fingerprinthash", sFingerprintHash, SSHCFG_GLOBAL },
+ 	{ "disableforwarding", sDisableForwarding, SSHCFG_ALL },
+ 	{ "exposeauthinfo", sExposeAuthInfo, SSHCFG_ALL },
++#if defined(__OpenBSD__)
+ 	{ "rdomain", sRDomain, SSHCFG_ALL },
++#else
++	{ "rdomain", sUnsupported, SSHCFG_ALL },
++#endif
+ 	{ "casignaturealgorithms", sCASignatureAlgorithms, SSHCFG_ALL },
+ 	{ NULL, sBadOption, 0 }
+ };
+@@ -2841,7 +2845,9 @@ dump_config(ServerOptions *o)
+ 	    o->hostkeyalgorithms : KEX_DEFAULT_PK_ALG);
+ 	dump_cfg_string(sPubkeyAcceptedKeyTypes, o->pubkey_key_types ?
+ 	    o->pubkey_key_types : KEX_DEFAULT_PK_ALG);
++#if defined(__OpenBSD__)
+ 	dump_cfg_string(sRDomain, o->routing_domain);
++#endif
+ 
+ 	/* string arguments requiring a lookup */
+ 	dump_cfg_string(sLogLevel, log_level_name(o->log_level));
+diff --git a/sshd_config.5 b/sshd_config.5
+index 5dca8981..766e9b90 100644
+--- a/sshd_config.5
++++ b/sshd_config.5
+@@ -1542,6 +1542,7 @@ will be bound to this
+ If the routing domain is set to
+ .Cm \&%D ,
+ then the domain in which the incoming connection was received will be applied.
++This feature is available on OpenBSD only.
+ .It Cm SetEnv
+ Specifies one or more environment variables to set in child sessions started
+ by

SOURCES/openssh-8.0p1-restore-nonblock.patch

@@ -0,0 +1,311 @@
+diff -up openssh-8.0p1/channels.c.restore-nonblock openssh-8.0p1/channels.c
+--- openssh-8.0p1/channels.c.restore-nonblock	2021-06-21 10:44:26.380559612 +0200
++++ openssh-8.0p1/channels.c	2021-06-21 10:48:47.754579151 +0200
+@@ -333,7 +333,27 @@ channel_register_fds(struct ssh *ssh, Ch
+ #endif
+ 
+ 	/* enable nonblocking mode */
+-	if (nonblock) {
++	c->restore_block = 0;
++	if (nonblock == CHANNEL_NONBLOCK_STDIO) {
++		/*
++		 * Special handling for stdio file descriptors: do not set
++		 * non-blocking mode if they are TTYs. Otherwise prepare to
++		 * restore their blocking state on exit to avoid interfering
++		 * with other programs that follow.
++		 */
++		if (rfd != -1 && !isatty(rfd) && fcntl(rfd, F_GETFL) == 0) {
++			c->restore_block |= CHANNEL_RESTORE_RFD;
++			set_nonblock(rfd);
++		}
++		if (wfd != -1 && !isatty(wfd) && fcntl(wfd, F_GETFL) == 0) {
++			c->restore_block |= CHANNEL_RESTORE_WFD;
++			set_nonblock(wfd);
++		}
++		if (efd != -1 && !isatty(efd) && fcntl(efd, F_GETFL) == 0) {
++			c->restore_block |= CHANNEL_RESTORE_EFD;
++			set_nonblock(efd);
++		}
++	} else if (nonblock) {
+ 		if (rfd != -1)
+ 			set_nonblock(rfd);
+ 		if (wfd != -1)
+@@ -422,17 +442,23 @@ channel_find_maxfd(struct ssh_channels *
+ }
+ 
+ int
+-channel_close_fd(struct ssh *ssh, int *fdp)
++channel_close_fd(struct ssh *ssh, Channel *c, int *fdp)
+ {
+ 	struct ssh_channels *sc = ssh->chanctxt;
+-	int ret = 0, fd = *fdp;
++	int ret, fd = *fdp;
+ 
+-	if (fd != -1) {
+-		ret = close(fd);
+-		*fdp = -1;
+-		if (fd == sc->channel_max_fd)
+-			channel_find_maxfd(sc);
+-	}
++	if (fd == -1)
++		return 0;
++
++	if ((*fdp == c->rfd && (c->restore_block & CHANNEL_RESTORE_RFD) != 0) ||
++	   (*fdp == c->wfd && (c->restore_block & CHANNEL_RESTORE_WFD) != 0) ||
++	   (*fdp == c->efd && (c->restore_block & CHANNEL_RESTORE_EFD) != 0))
++		(void)fcntl(*fdp, F_SETFL, 0);	/* restore blocking */
++
++	ret = close(fd);
++	*fdp = -1;
++	if (fd == sc->channel_max_fd)
++		channel_find_maxfd(sc);
+ 	return ret;
+ }
+ 
+@@ -442,13 +468,13 @@ channel_close_fds(struct ssh *ssh, Chann
+ {
+ 	int sock = c->sock, rfd = c->rfd, wfd = c->wfd, efd = c->efd;
+ 
+-	channel_close_fd(ssh, &c->sock);
++	channel_close_fd(ssh, c, &c->sock);
+ 	if (rfd != sock)
+-		channel_close_fd(ssh, &c->rfd);
++		channel_close_fd(ssh, c, &c->rfd);
+ 	if (wfd != sock && wfd != rfd)
+-		channel_close_fd(ssh, &c->wfd);
++		channel_close_fd(ssh, c, &c->wfd);
+ 	if (efd != sock && efd != rfd && efd != wfd)
+-		channel_close_fd(ssh, &c->efd);
++		channel_close_fd(ssh, c, &c->efd);
+ }
+ 
+ static void
+@@ -681,7 +707,7 @@ channel_stop_listening(struct ssh *ssh)
+ 			case SSH_CHANNEL_X11_LISTENER:
+ 			case SSH_CHANNEL_UNIX_LISTENER:
+ 			case SSH_CHANNEL_RUNIX_LISTENER:
+-				channel_close_fd(ssh, &c->sock);
++				channel_close_fd(ssh, c, &c->sock);
+ 				channel_free(ssh, c);
+ 				break;
+ 			}
+@@ -1487,7 +1513,8 @@ channel_decode_socks5(Channel *c, struct
+ 
+ Channel *
+ channel_connect_stdio_fwd(struct ssh *ssh,
+-    const char *host_to_connect, u_short port_to_connect, int in, int out)
++    const char *host_to_connect, u_short port_to_connect,
++    int in, int out, int nonblock)
+ {
+ 	Channel *c;
+ 
+@@ -1495,7 +1522,7 @@ channel_connect_stdio_fwd(struct ssh *ss
+ 
+ 	c = channel_new(ssh, "stdio-forward", SSH_CHANNEL_OPENING, in, out,
+ 	    -1, CHAN_TCP_WINDOW_DEFAULT, CHAN_TCP_PACKET_DEFAULT,
+-	    0, "stdio-forward", /*nonblock*/0);
++	    0, "stdio-forward", nonblock);
+ 
+ 	c->path = xstrdup(host_to_connect);
+ 	c->host_port = port_to_connect;
+@@ -1650,7 +1677,7 @@ channel_post_x11_listener(struct ssh *ss
+ 	if (c->single_connection) {
+ 		oerrno = errno;
+ 		debug2("single_connection: closing X11 listener.");
+-		channel_close_fd(ssh, &c->sock);
++		channel_close_fd(ssh, c, &c->sock);
+ 		chan_mark_dead(ssh, c);
+ 		errno = oerrno;
+ 	}
+@@ -2087,7 +2114,7 @@ channel_handle_efd_write(struct ssh *ssh
+ 		return 1;
+ 	if (len <= 0) {
+ 		debug2("channel %d: closing write-efd %d", c->self, c->efd);
+-		channel_close_fd(ssh, &c->efd);
++		channel_close_fd(ssh, c, &c->efd);
+ 	} else {
+ 		if ((r = sshbuf_consume(c->extended, len)) != 0) {
+ 			fatal("%s: channel %d: consume: %s",
+@@ -2119,7 +2146,7 @@ channel_handle_efd_read(struct ssh *ssh,
+ 	if (len <= 0) {
+ 		debug2("channel %d: closing read-efd %d",
+ 		    c->self, c->efd);
+-		channel_close_fd(ssh, &c->efd);
++		channel_close_fd(ssh, c, &c->efd);
+ 	} else {
+ 		if (c->extended_usage == CHAN_EXTENDED_IGNORE) {
+ 			debug3("channel %d: discard efd",
+diff -up openssh-8.0p1/channels.h.restore-nonblock openssh-8.0p1/channels.h
+--- openssh-8.0p1/channels.h.restore-nonblock	2021-06-21 10:44:26.380559612 +0200
++++ openssh-8.0p1/channels.h	2021-06-21 10:44:26.387559665 +0200
+@@ -63,6 +63,16 @@
+ 
+ #define CHANNEL_CANCEL_PORT_STATIC	-1
+ 
++/* nonblocking flags for channel_new */
++#define CHANNEL_NONBLOCK_LEAVE	0 /* don't modify non-blocking state */
++#define CHANNEL_NONBLOCK_SET	1 /* set non-blocking state */
++#define CHANNEL_NONBLOCK_STDIO	2 /* set non-blocking and restore on close */
++
++/* c->restore_block mask flags */
++#define CHANNEL_RESTORE_RFD	0x01
++#define CHANNEL_RESTORE_WFD	0x02
++#define CHANNEL_RESTORE_EFD	0x04
++
+ /* TCP forwarding */
+ #define FORWARD_DENY		0
+ #define FORWARD_REMOTE		(1)
+@@ -131,6 +141,7 @@ struct Channel {
+ 				 * to a matching pre-select handler.
+ 				 * this way post-select handlers are not
+ 				 * accidentally called if a FD gets reused */
++	int	restore_block;	/* fd mask to restore blocking status */
+ 	struct sshbuf *input;	/* data read from socket, to be sent over
+ 				 * encrypted connection */
+ 	struct sshbuf *output;	/* data received over encrypted connection for
+@@ -258,7 +269,7 @@ void	 channel_register_filter(struct ssh
+ void	 channel_register_status_confirm(struct ssh *, int,
+ 	    channel_confirm_cb *, channel_confirm_abandon_cb *, void *);
+ void	 channel_cancel_cleanup(struct ssh *, int);
+-int	 channel_close_fd(struct ssh *, int *);
++int	 channel_close_fd(struct ssh *, Channel *, int *);
+ void	 channel_send_window_changes(struct ssh *);
+ 
+ /* mux proxy support */
+@@ -305,7 +316,7 @@ Channel	*channel_connect_to_port(struct
+ 	    char *, char *, int *, const char **);
+ Channel *channel_connect_to_path(struct ssh *, const char *, char *, char *);
+ Channel	*channel_connect_stdio_fwd(struct ssh *, const char*,
+-	    u_short, int, int);
++	    u_short, int, int, int);
+ Channel	*channel_connect_by_listen_address(struct ssh *, const char *,
+ 	    u_short, char *, char *);
+ Channel	*channel_connect_by_listen_path(struct ssh *, const char *,
+diff -up openssh-8.0p1/clientloop.c.restore-nonblock openssh-8.0p1/clientloop.c
+--- openssh-8.0p1/clientloop.c.restore-nonblock	2021-06-21 10:44:26.290558923 +0200
++++ openssh-8.0p1/clientloop.c	2021-06-21 10:44:26.387559665 +0200
+@@ -1436,14 +1436,6 @@ client_loop(struct ssh *ssh, int have_pt
+ 	if (have_pty)
+ 		leave_raw_mode(options.request_tty == REQUEST_TTY_FORCE);
+ 
+-	/* restore blocking io */
+-	if (!isatty(fileno(stdin)))
+-		unset_nonblock(fileno(stdin));
+-	if (!isatty(fileno(stdout)))
+-		unset_nonblock(fileno(stdout));
+-	if (!isatty(fileno(stderr)))
+-		unset_nonblock(fileno(stderr));
+-
+ 	/*
+ 	 * If there was no shell or command requested, there will be no remote
+ 	 * exit status to be returned.  In that case, clear error code if the
+diff -up openssh-8.0p1/mux.c.restore-nonblock openssh-8.0p1/mux.c
+--- openssh-8.0p1/mux.c.restore-nonblock	2019-04-18 00:52:57.000000000 +0200
++++ openssh-8.0p1/mux.c	2021-06-21 10:50:51.007537336 +0200
+@@ -454,14 +454,6 @@ mux_master_process_new_session(struct ss
+ 	if (cctx->want_tty && tcgetattr(new_fd[0], &cctx->tio) == -1)
+ 		error("%s: tcgetattr: %s", __func__, strerror(errno));
+ 
+-	/* enable nonblocking unless tty */
+-	if (!isatty(new_fd[0]))
+-		set_nonblock(new_fd[0]);
+-	if (!isatty(new_fd[1]))
+-		set_nonblock(new_fd[1]);
+-	if (!isatty(new_fd[2]))
+-		set_nonblock(new_fd[2]);
+-
+ 	window = CHAN_SES_WINDOW_DEFAULT;
+ 	packetmax = CHAN_SES_PACKET_DEFAULT;
+ 	if (cctx->want_tty) {
+@@ -471,7 +463,7 @@ mux_master_process_new_session(struct ss
+ 
+ 	nc = channel_new(ssh, "session", SSH_CHANNEL_OPENING,
+ 	    new_fd[0], new_fd[1], new_fd[2], window, packetmax,
+-	    CHAN_EXTENDED_WRITE, "client-session", /*nonblock*/0);
++	    CHAN_EXTENDED_WRITE, "client-session", CHANNEL_NONBLOCK_STDIO);
+ 
+ 	nc->ctl_chan = c->self;		/* link session -> control channel */
+ 	c->remote_id = nc->self; 	/* link control -> session channel */
+@@ -1033,13 +1025,8 @@ mux_master_process_stdio_fwd(struct ssh
+ 		}
+ 	}
+ 
+-	/* enable nonblocking unless tty */
+-	if (!isatty(new_fd[0]))
+-		set_nonblock(new_fd[0]);
+-	if (!isatty(new_fd[1]))
+-		set_nonblock(new_fd[1]);
+-
+-	nc = channel_connect_stdio_fwd(ssh, chost, cport, new_fd[0], new_fd[1]);
++	nc = channel_connect_stdio_fwd(ssh, chost, cport, new_fd[0], new_fd[1],
++	    CHANNEL_NONBLOCK_STDIO);
+ 	free(chost);
+ 
+ 	nc->ctl_chan = c->self;		/* link session -> control channel */
+diff -up openssh-8.0p1/nchan.c.restore-nonblock openssh-8.0p1/nchan.c
+--- openssh-8.0p1/nchan.c.restore-nonblock	2021-06-21 10:44:26.388559673 +0200
++++ openssh-8.0p1/nchan.c	2021-06-21 10:52:42.685405537 +0200
+@@ -387,7 +387,7 @@ chan_shutdown_write(struct ssh *ssh, Cha
+ 			    strerror(errno));
+ 		}
+ 	} else {
+-		if (channel_close_fd(ssh, &c->wfd) < 0) {
++		if (channel_close_fd(ssh, c, &c->wfd) < 0) {
+ 			logit("channel %d: %s: close() failed for "
+ 			    "fd %d [i%d o%d]: %.100s",
+ 			    c->self, __func__, c->wfd, c->istate, c->ostate,
+@@ -417,7 +417,7 @@ chan_shutdown_read(struct ssh *ssh, Chan
+  			    strerror(errno));
+ 		}
+ 	} else {
+-		if (channel_close_fd(ssh, &c->rfd) < 0) {
++		if (channel_close_fd(ssh, c, &c->rfd) < 0) {
+ 			logit("channel %d: %s: close() failed for "
+ 			    "fd %d [i%d o%d]: %.100s",
+ 			    c->self, __func__, c->rfd, c->istate, c->ostate,
+@@ -437,7 +437,7 @@ chan_shutdown_extended_read(struct ssh *
+ 	debug2("channel %d: %s (i%d o%d sock %d wfd %d efd %d [%s])",
+ 	    c->self, __func__, c->istate, c->ostate, c->sock, c->rfd, c->efd,
+ 	    channel_format_extended_usage(c));
+-	if (channel_close_fd(ssh, &c->efd) < 0) {
++	if (channel_close_fd(ssh, c, &c->efd) < 0) {
+ 		logit("channel %d: %s: close() failed for "
+ 		    "extended fd %d [i%d o%d]: %.100s",
+ 		    c->self, __func__, c->efd, c->istate, c->ostate,
+diff -up openssh-8.0p1/ssh.c.restore-nonblock openssh-8.0p1/ssh.c
+--- openssh-8.0p1/ssh.c.restore-nonblock	2021-06-21 10:44:26.389559681 +0200
++++ openssh-8.0p1/ssh.c	2021-06-21 10:54:47.651377045 +0200
+@@ -1709,7 +1709,8 @@ ssh_init_stdio_forwarding(struct ssh *ss
+ 	    (out = dup(STDOUT_FILENO)) < 0)
+ 		fatal("channel_connect_stdio_fwd: dup() in/out failed");
+ 	if ((c = channel_connect_stdio_fwd(ssh, options.stdio_forward_host,
+-	    options.stdio_forward_port, in, out)) == NULL)
++	    options.stdio_forward_port, in, out,
++	    CHANNEL_NONBLOCK_STDIO)) == NULL)
+ 		fatal("%s: channel_connect_stdio_fwd failed", __func__);
+ 	channel_register_cleanup(ssh, c->self, client_cleanup_stdio_fwd, 0);
+ 	channel_register_open_confirm(ssh, c->self, ssh_stdio_confirm, NULL);
+@@ -1862,14 +1863,6 @@ ssh_session2_open(struct ssh *ssh)
+ 	if (in < 0 || out < 0 || err < 0)
+ 		fatal("dup() in/out/err failed");
+ 
+-	/* enable nonblocking unless tty */
+-	if (!isatty(in))
+-		set_nonblock(in);
+-	if (!isatty(out))
+-		set_nonblock(out);
+-	if (!isatty(err))
+-		set_nonblock(err);
+-
+ 	window = CHAN_SES_WINDOW_DEFAULT;
+ 	packetmax = CHAN_SES_PACKET_DEFAULT;
+ 	if (tty_flag) {
+@@ -1879,7 +1872,7 @@ ssh_session2_open(struct ssh *ssh)
+ 	c = channel_new(ssh,
+ 	    "session", SSH_CHANNEL_OPENING, in, out, err,
+ 	    window, packetmax, CHAN_EXTENDED_WRITE,
+-	    "client-session", /*nonblock*/0);
++	    "client-session", CHANNEL_NONBLOCK_STDIO);
+ 
+ 	debug3("%s: channel_new: %d", __func__, c->self);
+ 

SOURCES/openssh-8.0p1-scp-tests.patch

@@ -0,0 +1,61 @@
+diff --git a/regress/scp-ssh-wrapper.sh b/regress/scp-ssh-wrapper.sh
+index 59f1ff63..dd48a482 100644
+--- a/regress/scp-ssh-wrapper.sh
++++ b/regress/scp-ssh-wrapper.sh
+@@ -51,6 +51,18 @@ badserver_4)
+ 	echo "C755 2 file"
+ 	echo "X"
+ 	;;
++badserver_5)
++	echo "D0555 0 "
++	echo "X"
++	;;
++badserver_6)
++	echo "D0555 0 ."
++	echo "X"
++	;;
++badserver_7)
++	echo "C0755 2 extrafile"
++	echo "X"
++	;;
+ *)
+ 	set -- $arg
+ 	shift
+diff --git a/regress/scp.sh b/regress/scp.sh
+index 57cc7706..104c89e1 100644
+--- a/regress/scp.sh
++++ b/regress/scp.sh
+@@ -25,6 +25,7 @@ export SCP # used in scp-ssh-wrapper.scp
+ scpclean() {
+ 	rm -rf ${COPY} ${COPY2} ${DIR} ${DIR2}
+ 	mkdir ${DIR} ${DIR2}
++	chmod 755 ${DIR} ${DIR2}
+ }
+ 
+ verbose "$tid: simple copy local file to local file"
+@@ -101,7 +102,7 @@ if [ ! -z "$SUDO" ]; then
+ 	$SUDO rm ${DIR2}/copy
+ fi
+ 
+-for i in 0 1 2 3 4; do
++for i in 0 1 2 3 4 5 6 7; do
+ 	verbose "$tid: disallow bad server #$i"
+ 	SCPTESTMODE=badserver_$i
+ 	export DIR SCPTESTMODE
+@@ -113,6 +114,15 @@ for i in 0 1 2 3 4; do
+ 	scpclean
+ 	$SCP -r $scpopts somehost:${DATA} ${DIR2} >/dev/null 2>/dev/null
+ 	[ -d ${DIR}/dotpathdir ] && fail "allows dir creation outside of subdir"
++
++	scpclean
++	$SCP -pr $scpopts somehost:${DATA} ${DIR2} >/dev/null 2>/dev/null
++	[ ! -w ${DIR2} ] && fail "allows target root attribute change"
++
++	scpclean
++	$SCP $scpopts somehost:${DATA} ${DIR2} >/dev/null 2>/dev/null
++	[ -e ${DIR2}/extrafile ] && fail "allows extranous object creation"
++	rm -f ${DIR2}/extrafile
+ done
+ 
+ verbose "$tid: detect non-directory target"
+

SOURCES/openssh-8.0p1-sftp-realpath.patch

@@ -0,0 +1,273 @@
+diff --color -ruN a/Makefile.in b/Makefile.in
+--- a/Makefile.in	2022-06-23 11:31:10.168186838 +0200
++++ b/Makefile.in	2022-06-23 11:32:19.146513347 +0200
+@@ -125,7 +125,7 @@
+ 	monitor.o monitor_wrap.o auth-krb5.o \
+ 	auth2-gss.o gss-serv.o gss-serv-krb5.o kexgsss.o \
+ 	loginrec.o auth-pam.o auth-shadow.o auth-sia.o md5crypt.o \
+-	sftp-server.o sftp-common.o \
++	sftp-server.o sftp-common.o sftp-realpath.o \
+ 	sandbox-null.o sandbox-rlimit.o sandbox-systrace.o sandbox-darwin.o \
+ 	sandbox-seccomp-filter.o sandbox-capsicum.o sandbox-pledge.o \
+ 	sandbox-solaris.o uidswap.o
+@@ -217,8 +217,8 @@
+ ssh-keyscan$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-keyscan.o
+ 	$(LD) -o $@ ssh-keyscan.o $(LDFLAGS) -lssh -lopenbsd-compat -lssh $(LIBS)
+ 
+-sftp-server$(EXEEXT): $(LIBCOMPAT) libssh.a sftp.o sftp-common.o sftp-server.o sftp-server-main.o
+-	$(LD) -o $@ sftp-server.o sftp-common.o sftp-server-main.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS)
++sftp-server$(EXEEXT): $(LIBCOMPAT) libssh.a sftp.o sftp-common.o sftp-realpath.o sftp-server.o sftp-server-main.o
++	$(LD) -o $@ sftp-server.o sftp-common.o sftp-realpath.o sftp-server-main.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS)
+ 
+ sftp$(EXEEXT): $(LIBCOMPAT) libssh.a sftp.o sftp-client.o sftp-common.o sftp-glob.o progressmeter.o
+ 	$(LD) -o $@ progressmeter.o sftp.o sftp-client.o sftp-common.o sftp-glob.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS) $(LIBEDIT)
+diff --color -ruN a/sftp-realpath.c b/sftp-realpath.c
+--- a/sftp-realpath.c	1970-01-01 01:00:00.000000000 +0100
++++ b/sftp-realpath.c	2022-06-23 11:35:33.193244873 +0200
+@@ -0,0 +1,225 @@
++/*	$OpenBSD: sftp-realpath.c,v 1.2 2021/09/02 21:03:54 deraadt Exp $ */
++/*
++ * Copyright (c) 2003 Constantin S. Svintsoff <kostik@iclub.nsu.ru>
++ *
++ * Redistribution and use in source and binary forms, with or without
++ * modification, are permitted provided that the following conditions
++ * are met:
++ * 1. Redistributions of source code must retain the above copyright
++ *    notice, this list of conditions and the following disclaimer.
++ * 2. Redistributions in binary form must reproduce the above copyright
++ *    notice, this list of conditions and the following disclaimer in the
++ *    documentation and/or other materials provided with the distribution.
++ * 3. The names of the authors may not be used to endorse or promote
++ *    products derived from this software without specific prior written
++ *    permission.
++ *
++ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
++ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
++ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
++ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
++ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
++ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
++ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
++ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
++ * SUCH DAMAGE.
++ */
++
++#include "includes.h"
++
++#include <sys/types.h>
++#include <sys/stat.h>
++
++#include <errno.h>
++#include <stdlib.h>
++#include <stddef.h>
++#include <string.h>
++#include <unistd.h>
++#include <limits.h>
++
++#ifndef SYMLOOP_MAX
++# define SYMLOOP_MAX 32
++#endif
++
++/* XXX rewrite sftp-server to use POSIX realpath and remove this hack */
++
++char *sftp_realpath(const char *path, char *resolved);
++
++/*
++ * char *realpath(const char *path, char resolved[PATH_MAX]);
++ *
++ * Find the real name of path, by removing all ".", ".." and symlink
++ * components.  Returns (resolved) on success, or (NULL) on failure,
++ * in which case the path which caused trouble is left in (resolved).
++ */
++char *
++sftp_realpath(const char *path, char *resolved)
++{
++	struct stat sb;
++	char *p, *q, *s;
++	size_t left_len, resolved_len;
++	unsigned symlinks;
++	int serrno, slen, mem_allocated;
++	char left[PATH_MAX], next_token[PATH_MAX], symlink[PATH_MAX];
++
++	if (path[0] == '\0') {
++		errno = ENOENT;
++		return (NULL);
++	}
++
++	serrno = errno;
++
++	if (resolved == NULL) {
++		resolved = malloc(PATH_MAX);
++		if (resolved == NULL)
++			return (NULL);
++		mem_allocated = 1;
++	} else
++		mem_allocated = 0;
++
++	symlinks = 0;
++	if (path[0] == '/') {
++		resolved[0] = '/';
++		resolved[1] = '\0';
++		if (path[1] == '\0')
++			return (resolved);
++		resolved_len = 1;
++		left_len = strlcpy(left, path + 1, sizeof(left));
++	} else {
++		if (getcwd(resolved, PATH_MAX) == NULL) {
++			if (mem_allocated)
++				free(resolved);
++			else
++				strlcpy(resolved, ".", PATH_MAX);
++			return (NULL);
++		}
++		resolved_len = strlen(resolved);
++		left_len = strlcpy(left, path, sizeof(left));
++	}
++	if (left_len >= sizeof(left) || resolved_len >= PATH_MAX) {
++		errno = ENAMETOOLONG;
++		goto err;
++	}
++
++	/*
++	 * Iterate over path components in `left'.
++	 */
++	while (left_len != 0) {
++		/*
++		 * Extract the next path component and adjust `left'
++		 * and its length.
++		 */
++		p = strchr(left, '/');
++		s = p ? p : left + left_len;
++		if (s - left >= (ptrdiff_t)sizeof(next_token)) {
++			errno = ENAMETOOLONG;
++			goto err;
++		}
++		memcpy(next_token, left, s - left);
++		next_token[s - left] = '\0';
++		left_len -= s - left;
++		if (p != NULL)
++			memmove(left, s + 1, left_len + 1);
++		if (resolved[resolved_len - 1] != '/') {
++			if (resolved_len + 1 >= PATH_MAX) {
++				errno = ENAMETOOLONG;
++				goto err;
++			}
++			resolved[resolved_len++] = '/';
++			resolved[resolved_len] = '\0';
++		}
++		if (next_token[0] == '\0')
++			continue;
++		else if (strcmp(next_token, ".") == 0)
++			continue;
++		else if (strcmp(next_token, "..") == 0) {
++			/*
++			 * Strip the last path component except when we have
++			 * single "/"
++			 */
++			if (resolved_len > 1) {
++				resolved[resolved_len - 1] = '\0';
++				q = strrchr(resolved, '/') + 1;
++				*q = '\0';
++				resolved_len = q - resolved;
++			}
++			continue;
++		}
++
++		/*
++		 * Append the next path component and lstat() it. If
++		 * lstat() fails we still can return successfully if
++		 * there are no more path components left.
++		 */
++		resolved_len = strlcat(resolved, next_token, PATH_MAX);
++		if (resolved_len >= PATH_MAX) {
++			errno = ENAMETOOLONG;
++			goto err;
++		}
++		if (lstat(resolved, &sb) != 0) {
++			if (errno == ENOENT && p == NULL) {
++				errno = serrno;
++				return (resolved);
++			}
++			goto err;
++		}
++		if (S_ISLNK(sb.st_mode)) {
++			if (symlinks++ > SYMLOOP_MAX) {
++				errno = ELOOP;
++				goto err;
++			}
++			slen = readlink(resolved, symlink, sizeof(symlink) - 1);
++			if (slen < 0)
++				goto err;
++			symlink[slen] = '\0';
++			if (symlink[0] == '/') {
++				resolved[1] = 0;
++				resolved_len = 1;
++			} else if (resolved_len > 1) {
++				/* Strip the last path component. */
++				resolved[resolved_len - 1] = '\0';
++				q = strrchr(resolved, '/') + 1;
++				*q = '\0';
++				resolved_len = q - resolved;
++			}
++
++			/*
++			 * If there are any path components left, then
++			 * append them to symlink. The result is placed
++			 * in `left'.
++			 */
++			if (p != NULL) {
++				if (symlink[slen - 1] != '/') {
++					if (slen + 1 >=
++					    (ptrdiff_t)sizeof(symlink)) {
++						errno = ENAMETOOLONG;
++						goto err;
++					}
++					symlink[slen] = '/';
++					symlink[slen + 1] = 0;
++				}
++				left_len = strlcat(symlink, left, sizeof(symlink));
++				if (left_len >= sizeof(symlink)) {
++					errno = ENAMETOOLONG;
++					goto err;
++				}
++			}
++			left_len = strlcpy(left, symlink, sizeof(left));
++		}
++	}
++
++	/*
++	 * Remove trailing slash except when the resolved pathname
++	 * is a single "/".
++	 */
++	if (resolved_len > 1 && resolved[resolved_len - 1] == '/')
++		resolved[resolved_len - 1] = '\0';
++	return (resolved);
++
++err:
++	if (mem_allocated)
++		free(resolved);
++	return (NULL);
++}
+diff --color -ruN a/sftp-server.c b/sftp-server.c
+--- a/sftp-server.c	2022-06-23 11:31:10.147186434 +0200
++++ b/sftp-server.c	2022-06-23 11:32:19.147513366 +0200
+@@ -51,6 +51,8 @@
+ #include "sftp.h"
+ #include "sftp-common.h"
+ 
++char *sftp_realpath(const char *, char *); /* sftp-realpath.c */
++
+ /* Our verbosity */
+ static LogLevel log_level = SYSLOG_LEVEL_ERROR;
+ 
+@@ -1185,7 +1187,7 @@
+ 	}
+ 	debug3("request %u: realpath", id);
+ 	verbose("realpath \"%s\"", path);
+-	if (realpath(path, resolvedname) == NULL) {
++	if (sftp_realpath(path, resolvedname) == NULL) {
+ 		send_status(id, errno_to_portable(errno));
+ 	} else {
+ 		Stat s;

SOURCES/openssh-8.0p1-sftp-timespeccmp.patch

@@ -0,0 +1,16 @@
+diff -up openssh-8.0p1/sftp.c.original openssh-8.0p1/sftp.c
+--- openssh-8.0p1/sftp.c.original	2020-12-22 17:05:02.105698989 +0900
++++ openssh-8.0p1/sftp.c	2020-12-22 17:05:42.922035780 +0900
+@@ -937,7 +937,11 @@ sglob_comp(const void *aa, const void *b
+ 		return (rmul * strcmp(ap, bp));
+ 	else if (sort_flag & LS_TIME_SORT) {
+ #if defined(HAVE_STRUCT_STAT_ST_MTIM)
+-		return (rmul * timespeccmp(&as->st_mtim, &bs->st_mtim, <));
++		if (timespeccmp(&as->st_mtim, &bs->st_mtim, <)){
++			return rmul;
++		} else {
++			return -rmul;
++		}
+ #elif defined(HAVE_STRUCT_STAT_ST_MTIME)
+ 		return (rmul * NCMP(as->st_mtime, bs->st_mtime));
+ #else

SOURCES/openssh-8.0p1-sshd_config.patch

@@ -0,0 +1,97 @@
+diff --git a/servconf.c b/servconf.c
+index ffac5d2c..340045b2 100644
+--- a/servconf.c
++++ b/servconf.c
+@@ -1042,7 +1042,7 @@ match_cfg_line(char **condition, int line, struct connection_info *ci)
+ 			return -1;
+ 		}
+ 		if (strcasecmp(attrib, "user") == 0) {
+-			if (ci == NULL) {
++			if (ci == NULL || (ci->test && ci->user == NULL)) {
+ 				result = 0;
+ 				continue;
+ 			}
+@@ -1054,7 +1054,7 @@ match_cfg_line(char **condition, int line, struct connection_info *ci)
+ 				debug("user %.100s matched 'User %.100s' at "
+ 				    "line %d", ci->user, arg, line);
+ 		} else if (strcasecmp(attrib, "group") == 0) {
+-			if (ci == NULL) {
++			if (ci == NULL || (ci->test && ci->user == NULL)) {
+ 				result = 0;
+ 				continue;
+ 			}
+@@ -1067,7 +1067,7 @@ match_cfg_line(char **condition, int line, struct connection_info *ci)
+ 				result = 0;
+ 			}
+ 		} else if (strcasecmp(attrib, "host") == 0) {
+-			if (ci == NULL) {
++			if (ci == NULL || (ci->test && ci->host == NULL)) {
+ 				result = 0;
+ 				continue;
+ 			}
+@@ -1079,7 +1079,7 @@ match_cfg_line(char **condition, int line, struct connection_info *ci)
+ 				debug("connection from %.100s matched 'Host "
+ 				    "%.100s' at line %d", ci->host, arg, line);
+ 		} else if (strcasecmp(attrib, "address") == 0) {
+-			if (ci == NULL) {
++			if (ci == NULL || (ci->test && ci->address == NULL)) {
+ 				result = 0;
+ 				continue;
+ 			}
+@@ -1098,7 +1098,7 @@ match_cfg_line(char **condition, int line, struct connection_info *ci)
+ 				return -1;
+ 			}
+ 		} else if (strcasecmp(attrib, "localaddress") == 0){
+-			if (ci == NULL) {
++			if (ci == NULL || (ci->test && ci->laddress == NULL)) {
+ 				result = 0;
+ 				continue;
+ 			}
+@@ -1124,7 +1124,7 @@ match_cfg_line(char **condition, int line, struct connection_info *ci)
+ 				    arg);
+ 				return -1;
+ 			}
+-			if (ci == NULL) {
++			if (ci == NULL || (ci->test && ci->lport == -1)) {
+ 				result = 0;
+ 				continue;
+ 			}
+@@ -1138,10 +1138,12 @@ match_cfg_line(char **condition, int line, struct connection_info *ci)
+ 			else
+ 				result = 0;
+ 		} else if (strcasecmp(attrib, "rdomain") == 0) {
+-			if (ci == NULL || ci->rdomain == NULL) {
++			if (ci == NULL || (ci->test && ci->rdomain == NULL)) {
+ 				result = 0;
+ 				continue;
+ 			}
++			if (ci->rdomain == NULL)
++				match_test_missing_fatal("RDomain", "rdomain");
+ 			if (match_pattern_list(ci->rdomain, arg, 0) != 1)
+ 				result = 0;
+ 			else
+diff --git a/servconf.h b/servconf.h
+index 54e0a8d8..5483da05 100644
+--- a/servconf.h
++++ b/servconf.h
+@@ -221,6 +221,8 @@ struct connection_info {
+ 	const char *laddress;	/* local address */
+ 	int lport;		/* local port */
+ 	const char *rdomain;	/* routing domain if available */
++	int test;		/* test mode, allow some attributes to be
++				 * unspecified */
+ };
+ 
+ 
+diff --git a/sshd.c b/sshd.c
+index cbd3bce9..1fcde502 100644
+--- a/sshd.c
++++ b/sshd.c
+@@ -1843,6 +1843,7 @@ main(int ac, char **av)
+ 		 */
+ 		if (connection_info == NULL)
+ 			connection_info = get_connection_info(ssh, 0, 0);
++		connection_info->test = 1;
+ 		parse_server_match_config(&options, connection_info);
+ 		dump_config(&options);
+ 	}

SOURCES/openssh-8.0p1-sshd_include.patch

@@ -0,0 +1,805 @@
+diff -up openssh-8.0p1/auth.c.sshdinclude openssh-8.0p1/auth.c
+--- openssh-8.0p1/auth.c.sshdinclude	2021-10-20 15:18:49.740331098 +0200
++++ openssh-8.0p1/auth.c	2021-10-20 15:19:41.324781344 +0200
+@@ -80,6 +80,7 @@
+ 
+ /* import */
+ extern ServerOptions options;
++extern struct include_list includes;
+ extern int use_privsep;
+ extern struct sshbuf *loginmsg;
+ extern struct passwd *privsep_pw;
+@@ -573,7 +574,7 @@ getpwnamallow(struct ssh *ssh, const cha
+ 
+ 	ci = get_connection_info(ssh, 1, options.use_dns);
+ 	ci->user = user;
+-	parse_server_match_config(&options, ci);
++	parse_server_match_config(&options, &includes, ci);
+ 	log_change_level(options.log_level);
+ 	process_permitopen(ssh, &options);
+ 
+diff -up openssh-8.0p1/readconf.c.sshdinclude openssh-8.0p1/readconf.c
+--- openssh-8.0p1/readconf.c.sshdinclude	2021-10-20 15:21:43.541848103 +0200
++++ openssh-8.0p1/readconf.c	2021-10-20 15:22:06.302046768 +0200
+@@ -711,7 +711,7 @@ match_cfg_line(Options *options, char **
+ static void
+ rm_env(Options *options, const char *arg, const char *filename, int linenum)
+ {
+-	int i, j;
++	int i, j, onum_send_env = options->num_send_env;
+ 	char *cp;
+ 
+ 	/* Remove an environment variable */
+@@ -734,6 +734,11 @@ rm_env(Options *options, const char *arg
+ 		options->num_send_env--;
+ 		/* NB. don't increment i */
+ 	}
++	if (onum_send_env != options->num_send_env) {
++		options->send_env = xrecallocarray(options->send_env,
++		    onum_send_env, options->num_send_env,
++		    sizeof(*options->send_env));
++	}
+ }
+ 
+ /*
+diff -up openssh-8.0p1/regress/Makefile.sshdinclude openssh-8.0p1/regress/Makefile
+--- openssh-8.0p1/regress/Makefile.sshdinclude	2021-10-20 15:18:49.742331115 +0200
++++ openssh-8.0p1/regress/Makefile	2021-10-20 15:19:41.324781344 +0200
+@@ -82,6 +82,7 @@ LTESTS= 	connect \
+ 		principals-command \
+ 		cert-file \
+ 		cfginclude \
++		servcfginclude \
+ 		allow-deny-users \
+ 		authinfo
+ 
+@@ -118,7 +119,7 @@ CLEANFILES=	*.core actual agent-key.* au
+ 		sftp-server.sh sftp.log ssh-log-wrapper.sh ssh.log \
+ 		ssh_config ssh_config.* ssh_proxy ssh_proxy_bak \
+ 		ssh_proxy_envpass sshd.log sshd_config sshd_config_minimal \
+-		sshd_config.orig sshd_proxy sshd_proxy.* sshd_proxy_bak \
++		sshd_config.* sshd_proxy sshd_proxy.* sshd_proxy_bak \
+ 		sshd_proxy_orig t10.out t10.out.pub t12.out t12.out.pub \
+ 		t2.out t3.out t6.out1 t6.out2 t7.out t7.out.pub \
+ 		t8.out t8.out.pub t9.out t9.out.pub testdata \
+diff -up openssh-8.0p1/regress/servcfginclude.sh.sshdinclude openssh-8.0p1/regress/servcfginclude.sh
+--- openssh-8.0p1/regress/servcfginclude.sh.sshdinclude	2021-10-20 15:18:49.744331132 +0200
++++ openssh-8.0p1/regress/servcfginclude.sh	2021-10-20 15:22:06.303046777 +0200
+@@ -0,0 +1,188 @@
++#	Placed in the Public Domain.
++
++tid="server config include"
++
++cat > $OBJ/sshd_config.i << _EOF
++HostKey $OBJ/host.ssh-ed25519
++Match host a
++	Banner /aa
++
++Match host b
++	Banner /bb
++	Include $OBJ/sshd_config.i.*
++
++Match host c
++	Include $OBJ/sshd_config.i.*
++	Banner /cc
++
++Match host m
++	Include $OBJ/sshd_config.i.*
++
++Match Host d
++	Banner /dd
++
++Match Host e
++	Banner /ee
++	Include $OBJ/sshd_config.i.*
++
++Match Host f
++	Include $OBJ/sshd_config.i.*
++	Banner /ff
++
++Match Host n
++	Include $OBJ/sshd_config.i.*
++_EOF
++
++cat > $OBJ/sshd_config.i.0 << _EOF
++Match host xxxxxx
++_EOF
++
++cat > $OBJ/sshd_config.i.1 << _EOF
++Match host a
++	Banner /aaa
++
++Match host b
++	Banner /bbb
++
++Match host c
++	Banner /ccc
++
++Match Host d
++	Banner /ddd
++
++Match Host e
++	Banner /eee
++
++Match Host f
++	Banner /fff
++_EOF
++
++cat > $OBJ/sshd_config.i.2 << _EOF
++Match host a
++	Banner /aaaa
++
++Match host b
++	Banner /bbbb
++
++Match host c
++	Banner /cccc
++
++Match Host d
++	Banner /dddd
++
++Match Host e
++	Banner /eeee
++
++Match Host f
++	Banner /ffff
++
++Match all
++	Banner /xxxx
++_EOF
++
++trial() {
++	_host="$1"
++	_exp="$2"
++	_desc="$3"
++	test -z "$_desc" && _desc="test match"
++	trace "$_desc host=$_host expect=$_exp"
++	${SUDO} ${REAL_SSHD} -f $OBJ/sshd_config.i -T \
++	    -C "host=$_host,user=test,addr=127.0.0.1" > $OBJ/sshd_config.out ||
++		fatal "ssh config parse failed: $_desc host=$_host expect=$_exp"
++	_got=`grep -i '^banner ' $OBJ/sshd_config.out | awk '{print $2}'`
++	if test "x$_exp" != "x$_got" ; then
++		fail "$desc_ host $_host include fail: expected $_exp got $_got"
++	fi
++}
++
++trial a /aa
++trial b /bb
++trial c /ccc
++trial d /dd
++trial e /ee
++trial f /fff
++trial m /xxxx
++trial n /xxxx
++trial x none
++
++# Prepare an included config with an error.
++
++cat > $OBJ/sshd_config.i.3 << _EOF
++Banner xxxx
++	Junk
++_EOF
++
++trace "disallow invalid config host=a"
++${SUDO} ${REAL_SSHD} -f $OBJ/sshd_config.i \
++    -C "host=a,user=test,addr=127.0.0.1" 2>/dev/null && \
++	fail "sshd include allowed invalid config"
++
++trace "disallow invalid config host=x"
++${SUDO} ${REAL_SSHD} -f $OBJ/sshd_config.i \
++    -C "host=x,user=test,addr=127.0.0.1" 2>/dev/null && \
++	fail "sshd include allowed invalid config"
++
++rm -f $OBJ/sshd_config.i.*
++
++# Ensure that a missing include is not fatal.
++cat > $OBJ/sshd_config.i << _EOF
++HostKey $OBJ/host.ssh-ed25519
++Include $OBJ/sshd_config.i.*
++Banner /aa
++_EOF
++
++trial a /aa "missing include non-fatal"
++
++# Ensure that Match/Host in an included config does not affect parent.
++cat > $OBJ/sshd_config.i.x << _EOF
++Match host x
++_EOF
++
++trial a /aa "included file does not affect match state"
++
++# Ensure the empty include directive is not accepted
++cat > $OBJ/sshd_config.i.x << _EOF
++Include
++_EOF
++
++trace "disallow invalid with no argument"
++${SUDO} ${REAL_SSHD} -f $OBJ/sshd_config.i.x -T \
++    -C "host=x,user=test,addr=127.0.0.1" 2>/dev/null && \
++	fail "sshd allowed Include with no argument"
++
++# Ensure the Include before any Match block works as expected (bug #3122)
++cat > $OBJ/sshd_config.i << _EOF
++Banner /xx
++HostKey $OBJ/host.ssh-ed25519
++Include $OBJ/sshd_config.i.2
++Match host a
++	Banner /aaaa
++_EOF
++cat > $OBJ/sshd_config.i.2 << _EOF
++Match host a
++	Banner /aa
++_EOF
++
++trace "Include before match blocks"
++trial a /aa "included file before match blocks is properly evaluated"
++
++# Port in included file is correctly interpretted (bug #3169)
++cat > $OBJ/sshd_config.i << _EOF
++Include $OBJ/sshd_config.i.2
++Port 7722
++_EOF
++cat > $OBJ/sshd_config.i.2 << _EOF
++HostKey $OBJ/host.ssh-ed25519
++_EOF
++
++trace "Port after included files"
++${SUDO} ${REAL_SSHD} -f $OBJ/sshd_config.i -T \
++    -C "host=x,user=test,addr=127.0.0.1" > $OBJ/sshd_config.out || \
++	fail "failed to parse Port after included files"
++_port=`grep -i '^port ' $OBJ/sshd_config.out | awk '{print $2}'`
++if test "x7722" != "x$_port" ; then
++	fail "The Port in included file was intertepretted wrongly. Expected 7722, got $_port"
++fi
++
++# cleanup
++rm -f $OBJ/sshd_config.i $OBJ/sshd_config.i.* $OBJ/sshd_config.out
+diff -up openssh-8.0p1/regress/test-exec.sh.sshdinclude openssh-8.0p1/regress/test-exec.sh
+--- openssh-8.0p1/regress/test-exec.sh.sshdinclude	2021-10-20 15:18:49.746331150 +0200
++++ openssh-8.0p1/regress/test-exec.sh	2021-10-20 15:19:41.324781344 +0200
+@@ -220,6 +220,7 @@ echo "exec ${SSH} -E${TEST_SSH_LOGFILE}
+ 
+ chmod a+rx $OBJ/ssh-log-wrapper.sh
+ REAL_SSH="$SSH"
++REAL_SSHD="$SSHD"
+ SSH="$SSHLOGWRAP"
+ 
+ # Some test data.  We make a copy because some tests will overwrite it.
+diff -up openssh-8.0p1/servconf.c.sshdinclude openssh-8.0p1/servconf.c
+--- openssh-8.0p1/servconf.c.sshdinclude	2021-10-20 15:18:49.748331167 +0200
++++ openssh-8.0p1/servconf.c	2021-10-20 15:22:06.303046777 +0200
+@@ -40,6 +40,11 @@
+ #ifdef HAVE_UTIL_H
+ #include <util.h>
+ #endif
++#ifdef USE_SYSTEM_GLOB
++# include <glob.h>
++#else
++# include "openbsd-compat/glob.h"
++#endif
+ 
+ #include "openbsd-compat/sys-queue.h"
+ #include "xmalloc.h"
+@@ -70,6 +75,9 @@ static void add_listen_addr(ServerOption
+     const char *, int);
+ static void add_one_listen_addr(ServerOptions *, const char *,
+     const char *, int);
++static void parse_server_config_depth(ServerOptions *options,
++    const char *filename, struct sshbuf *conf, struct include_list *includes,
++    struct connection_info *connectinfo, int flags, int *activep, int depth);
+ 
+ /* Use of privilege separation or not */
+ extern int use_privsep;
+@@ -528,7 +536,7 @@ typedef enum {
+ 	sAcceptEnv, sSetEnv, sPermitTunnel,
+ 	sMatch, sPermitOpen, sPermitListen, sForceCommand, sChrootDirectory,
+ 	sUsePrivilegeSeparation, sAllowAgentForwarding,
+-	sHostCertificate,
++	sHostCertificate, sInclude,
+ 	sRevokedKeys, sTrustedUserCAKeys, sAuthorizedPrincipalsFile,
+ 	sAuthorizedPrincipalsCommand, sAuthorizedPrincipalsCommandUser,
+ 	sKexAlgorithms, sCASignatureAlgorithms, sIPQoS, sVersionAddendum,
+@@ -540,9 +548,11 @@ typedef enum {
+ 	sDeprecated, sIgnore, sUnsupported
+ } ServerOpCodes;
+ 
+-#define SSHCFG_GLOBAL	0x01	/* allowed in main section of sshd_config */
+-#define SSHCFG_MATCH	0x02	/* allowed inside a Match section */
+-#define SSHCFG_ALL	(SSHCFG_GLOBAL|SSHCFG_MATCH)
++#define SSHCFG_GLOBAL		0x01	/* allowed in main section of config */
++#define SSHCFG_MATCH		0x02	/* allowed inside a Match section */
++#define SSHCFG_ALL		(SSHCFG_GLOBAL|SSHCFG_MATCH)
++#define SSHCFG_NEVERMATCH	0x04  /* Match never matches; internal only */
++#define SSHCFG_MATCH_ONLY	0x08  /* Match only in conditional blocks; internal only */
+ 
+ /* Textual representation of the tokens. */
+ static struct {
+@@ -687,6 +697,7 @@ static struct {
+ 	{ "trustedusercakeys", sTrustedUserCAKeys, SSHCFG_ALL },
+ 	{ "authorizedprincipalsfile", sAuthorizedPrincipalsFile, SSHCFG_ALL },
+ 	{ "kexalgorithms", sKexAlgorithms, SSHCFG_GLOBAL },
++	{ "include", sInclude, SSHCFG_ALL },
+ 	{ "ipqos", sIPQoS, SSHCFG_ALL },
+ 	{ "authorizedkeyscommand", sAuthorizedKeysCommand, SSHCFG_ALL },
+ 	{ "authorizedkeyscommanduser", sAuthorizedKeysCommandUser, SSHCFG_ALL },
+@@ -1259,13 +1270,14 @@ static const struct multistate multistat
+ 	{ NULL, -1 }
+ };
+ 
+-int
+-process_server_config_line(ServerOptions *options, char *line,
++static int
++process_server_config_line_depth(ServerOptions *options, char *line,
+     const char *filename, int linenum, int *activep,
+-    struct connection_info *connectinfo)
++    struct connection_info *connectinfo, int *inc_flags, int depth,
++    struct include_list *includes)
+ {
+ 	char ch, *cp, ***chararrayptr, **charptr, *arg, *arg2, *p;
+-	int cmdline = 0, *intptr, value, value2, n, port;
++	int cmdline = 0, *intptr, value, value2, n, port, oactive, r, found;
+ 	SyslogFacility *log_facility_ptr;
+ 	LogLevel *log_level_ptr;
+ 	ServerOpCodes opcode;
+@@ -1274,6 +1286,8 @@ process_server_config_line(ServerOptions
+ 	long long val64;
+ 	const struct multistate *multistate_ptr;
+ 	const char *errstr;
++	struct include_item *item;
++	glob_t gbuf;
+ 
+ 	/* Strip trailing whitespace. Allow \f (form feed) at EOL only */
+ 	if ((len = strlen(line)) == 0)
+@@ -1300,7 +1314,7 @@ process_server_config_line(ServerOptions
+ 		cmdline = 1;
+ 		activep = &cmdline;
+ 	}
+-	if (*activep && opcode != sMatch)
++	if (*activep && opcode != sMatch && opcode != sInclude)
+ 		debug3("%s:%d setting %s %s", filename, linenum, arg, cp);
+ 	if (*activep == 0 && !(flags & SSHCFG_MATCH)) {
+ 		if (connectinfo == NULL) {
+@@ -1980,15 +1994,112 @@ process_server_config_line(ServerOptions
+ 			*intptr = value;
+ 		break;
+ 
++	case sInclude:
++		if (cmdline) {
++			fatal("Include directive not supported as a "
++			    "command-line option");
++		}
++		value = 0;
++		while ((arg2 = strdelim(&cp)) != NULL && *arg2 != '\0') {
++			value++;
++			found = 0;
++			if (*arg2 != '/' && *arg2 != '~') {
++				xasprintf(&arg, "%s/%s", SSHDIR, arg2);
++			} else
++				arg = xstrdup(arg2);
++
++			/*
++			 * Don't let included files clobber the containing
++			 * file's Match state.
++			 */
++			oactive = *activep;
++
++			/* consult cache of include files */
++			TAILQ_FOREACH(item, includes, entry) {
++				if (strcmp(item->selector, arg) != 0)
++					continue;
++				if (item->filename != NULL) {
++					parse_server_config_depth(options,
++					    item->filename, item->contents,
++					    includes, connectinfo,
++					    (*inc_flags & SSHCFG_MATCH_ONLY
++					        ? SSHCFG_MATCH_ONLY : (oactive
++					            ? 0 : SSHCFG_NEVERMATCH)),
++					    activep, depth + 1);
++				}
++				found = 1;
++				*activep = oactive;
++			}
++			if (found != 0) {
++				free(arg);
++				continue;
++			}
++
++			/* requested glob was not in cache */
++			debug2("%s line %d: new include %s",
++			    filename, linenum, arg);
++			if ((r = glob(arg, 0, NULL, &gbuf)) != 0) {
++				if (r != GLOB_NOMATCH) {
++					fatal("%s line %d: include \"%s\" "
++					    "glob failed", filename,
++					    linenum, arg);
++				}
++				/*
++				 * If no entry matched then record a
++				 * placeholder to skip later glob calls.
++				 */
++				debug2("%s line %d: no match for %s",
++				    filename, linenum, arg);
++				item = xcalloc(1, sizeof(*item));
++				item->selector = strdup(arg);
++				TAILQ_INSERT_TAIL(includes,
++				    item, entry);
++			}
++			if (gbuf.gl_pathc > INT_MAX)
++				fatal("%s: too many glob results", __func__);
++			for (n = 0; n < (int)gbuf.gl_pathc; n++) {
++				debug2("%s line %d: including %s",
++				    filename, linenum, gbuf.gl_pathv[n]);
++				item = xcalloc(1, sizeof(*item));
++				item->selector = strdup(arg);
++				item->filename = strdup(gbuf.gl_pathv[n]);
++				if ((item->contents = sshbuf_new()) == NULL) {
++					fatal("%s: sshbuf_new failed",
++					    __func__);
++				}
++				load_server_config(item->filename,
++				    item->contents);
++				parse_server_config_depth(options,
++				    item->filename, item->contents,
++				    includes, connectinfo,
++				    (*inc_flags & SSHCFG_MATCH_ONLY
++				        ? SSHCFG_MATCH_ONLY : (oactive
++				            ? 0 : SSHCFG_NEVERMATCH)),
++				    activep, depth + 1);
++				*activep = oactive;
++				TAILQ_INSERT_TAIL(includes, item, entry);
++			}
++			globfree(&gbuf);
++			free(arg);
++		}
++		if (value == 0) {
++			fatal("%s line %d: Include missing filename argument",
++			    filename, linenum);
++		}
++		break;
++
+ 	case sMatch:
+ 		if (cmdline)
+ 			fatal("Match directive not supported as a command-line "
+ 			   "option");
+-		value = match_cfg_line(&cp, linenum, connectinfo);
++		value = match_cfg_line(&cp, linenum,
++		    (*inc_flags & SSHCFG_NEVERMATCH ? NULL : connectinfo));
+ 		if (value < 0)
+ 			fatal("%s line %d: Bad Match condition", filename,
+ 			    linenum);
+-		*activep = value;
++		*activep = (*inc_flags & SSHCFG_NEVERMATCH) ? 0 : value;
++		/* The MATCH_ONLY is applicable only until the first match block */
++		*inc_flags &= ~SSHCFG_MATCH_ONLY;
+ 		break;
+ 
+ 	case sKerberosUseKuserok:
+@@ -2275,6 +2386,18 @@ process_server_config_line(ServerOptions
+ 	return 0;
+ }
+ 
++int
++process_server_config_line(ServerOptions *options, char *line,
++    const char *filename, int linenum, int *activep,
++    struct connection_info *connectinfo, struct include_list *includes)
++{
++	int inc_flags = 0;
++
++	return process_server_config_line_depth(options, line, filename,
++	    linenum, activep, connectinfo, &inc_flags, 0, includes);
++}
++
++
+ /* Reads the server configuration file. */
+ 
+ void
+@@ -2313,12 +2436,13 @@ load_server_config(const char *filename,
+ 
+ void
+ parse_server_match_config(ServerOptions *options,
+-   struct connection_info *connectinfo)
++   struct include_list *includes, struct connection_info *connectinfo)
+ {
+ 	ServerOptions mo;
+ 
+ 	initialize_server_options(&mo);
+-	parse_server_config(&mo, "reprocess config", cfg, connectinfo);
++	parse_server_config(&mo, "reprocess config", cfg, includes,
++	    connectinfo);
+ 	copy_set_server_options(options, &mo, 0);
+ }
+ 
+@@ -2464,28 +2588,44 @@ copy_set_server_options(ServerOptions *d
+ #undef M_CP_STROPT
+ #undef M_CP_STRARRAYOPT
+ 
+-void
+-parse_server_config(ServerOptions *options, const char *filename,
+-    struct sshbuf *conf, struct connection_info *connectinfo)
++#define SERVCONF_MAX_DEPTH	16
++static void
++parse_server_config_depth(ServerOptions *options, const char *filename,
++    struct sshbuf *conf, struct include_list *includes,
++    struct connection_info *connectinfo, int flags, int *activep, int depth)
+ {
+-	int active, linenum, bad_options = 0;
++	int linenum, bad_options = 0;
+ 	char *cp, *obuf, *cbuf;
+ 
+-	debug2("%s: config %s len %zu", __func__, filename, sshbuf_len(conf));
++	if (depth < 0 || depth > SERVCONF_MAX_DEPTH)
++		fatal("Too many recursive configuration includes");
++
++	debug2("%s: config %s len %zu%s", __func__, filename, sshbuf_len(conf),
++	    (flags & SSHCFG_NEVERMATCH ? " [checking syntax only]" : ""));
+ 
+ 	if ((obuf = cbuf = sshbuf_dup_string(conf)) == NULL)
+ 		fatal("%s: sshbuf_dup_string failed", __func__);
+-	active = connectinfo ? 0 : 1;
+ 	linenum = 1;
+ 	while ((cp = strsep(&cbuf, "\n")) != NULL) {
+-		if (process_server_config_line(options, cp, filename,
+-		    linenum++, &active, connectinfo) != 0)
++		if (process_server_config_line_depth(options, cp,
++		    filename, linenum++, activep, connectinfo, &flags,
++		    depth, includes) != 0)
+ 			bad_options++;
+ 	}
+ 	free(obuf);
+ 	if (bad_options > 0)
+ 		fatal("%s: terminating, %d bad configuration options",
+ 		    filename, bad_options);
++}
++
++void
++parse_server_config(ServerOptions *options, const char *filename,
++    struct sshbuf *conf, struct include_list *includes,
++    struct connection_info *connectinfo)
++{
++	int active = connectinfo ? 0 : 1;
++	parse_server_config_depth(options, filename, conf, includes,
++	    connectinfo, (connectinfo ? SSHCFG_MATCH_ONLY : 0), &active, 0);
+ 	process_queued_listen_addrs(options);
+ }
+ 
+diff -up openssh-8.0p1/servconf.h.sshdinclude openssh-8.0p1/servconf.h
+--- openssh-8.0p1/servconf.h.sshdinclude	2021-10-20 15:18:49.750331185 +0200
++++ openssh-8.0p1/servconf.h	2021-10-20 15:19:41.325781353 +0200
+@@ -16,6 +16,8 @@
+ #ifndef SERVCONF_H
+ #define SERVCONF_H
+ 
++#include <sys/queue.h>
++
+ #define MAX_PORTS		256	/* Max # ports. */
+ 
+ #define MAX_SUBSYSTEMS		256	/* Max # subsystems. */
+@@ -234,6 +236,15 @@ struct connection_info {
+ 				 * unspecified */
+ };
+ 
++/* List of included files for re-exec from the parsed configuration */
++struct include_item {
++	char *selector;
++	char *filename;
++	struct sshbuf *contents;
++	TAILQ_ENTRY(include_item) entry;
++};
++TAILQ_HEAD(include_list, include_item);
++
+ 
+ /*
+  * These are string config options that must be copied between the
+@@ -273,12 +284,13 @@ struct connection_info *get_connection_i
+ void	 initialize_server_options(ServerOptions *);
+ void	 fill_default_server_options(ServerOptions *);
+ int	 process_server_config_line(ServerOptions *, char *, const char *, int,
+-	     int *, struct connection_info *);
++	     int *, struct connection_info *, struct include_list *includes);
+ void	 process_permitopen(struct ssh *ssh, ServerOptions *options);
+ void	 load_server_config(const char *, struct sshbuf *);
+ void	 parse_server_config(ServerOptions *, const char *, struct sshbuf *,
+-	     struct connection_info *);
+-void	 parse_server_match_config(ServerOptions *, struct connection_info *);
++	     struct include_list *includes, struct connection_info *);
++void	 parse_server_match_config(ServerOptions *,
++	     struct include_list *includes, struct connection_info *);
+ int	 parse_server_match_testspec(struct connection_info *, char *);
+ int	 server_match_spec_complete(struct connection_info *);
+ void	 copy_set_server_options(ServerOptions *, ServerOptions *, int);
+diff -up openssh-8.0p1/sshd_config.5.sshdinclude openssh-8.0p1/sshd_config.5
+--- openssh-8.0p1/sshd_config.5.sshdinclude	2021-10-20 15:18:49.754331220 +0200
++++ openssh-8.0p1/sshd_config.5	2021-10-20 15:19:41.325781353 +0200
+@@ -825,7 +825,20 @@ during
+ and use only the system-wide known hosts file
+ .Pa /etc/ssh/known_hosts .
+ The default is
+-.Cm no .
++.Dq no .
++.It Cm Include
++Include the specified configuration file(s).
++Multiple path names may be specified and each pathname may contain
++.Xr glob 7
++wildcards.
++Files without absolute paths are assumed to be in
++.Pa /etc/ssh .
++A
++.Cm Include
++directive may appear inside a
++.Cm Match
++block
++to perform conditional inclusion.
+ .It Cm IPQoS
+ Specifies the IPv4 type-of-service or DSCP class for the connection.
+ Accepted values are
+diff -up openssh-8.0p1/sshd.c.sshdinclude openssh-8.0p1/sshd.c
+--- openssh-8.0p1/sshd.c.sshdinclude	2021-10-20 15:18:49.752331202 +0200
++++ openssh-8.0p1/sshd.c	2021-10-20 15:19:41.325781353 +0200
+@@ -257,6 +257,9 @@ struct sshauthopt *auth_opts = NULL;
+ /* sshd_config buffer */
+ struct sshbuf *cfg;
+ 
++/* Included files from the configuration file */
++struct include_list includes = TAILQ_HEAD_INITIALIZER(includes);
++
+ /* message to be displayed after login */
+ struct sshbuf *loginmsg;
+ 
+@@ -927,30 +930,45 @@ usage(void)
+ static void
+ send_rexec_state(int fd, struct sshbuf *conf)
+ {
+-	struct sshbuf *m;
++	struct sshbuf *m = NULL, *inc = NULL;
++	struct include_item *item = NULL;
+ 	int r;
+ 
+ 	debug3("%s: entering fd = %d config len %zu", __func__, fd,
+ 	    sshbuf_len(conf));
+ 
++	if ((m = sshbuf_new()) == NULL || (inc = sshbuf_new()) == NULL)
++		fatal("%s: sshbuf_new failed", __func__);
++
++	/* pack includes into a string */
++	TAILQ_FOREACH(item, &includes, entry) {
++		if ((r = sshbuf_put_cstring(inc, item->selector)) != 0 ||
++		    (r = sshbuf_put_cstring(inc, item->filename)) != 0 ||
++		    (r = sshbuf_put_stringb(inc, item->contents)) != 0)
++			fatal("%s: buffer error: %s", __func__, ssh_err(r));
++	}
++
+ 	/*
+ 	 * Protocol from reexec master to child:
+ 	 *	string	configuration
+-	 *	string rngseed		(only if OpenSSL is not self-seeded)
++	 *	string	included_files[] {
++	 *		string	selector
++	 *		string	filename
++	 *		string	contents
++	 *	}
++	 *	string	rng_seed (if required)
+ 	 */
+-	if ((m = sshbuf_new()) == NULL)
+-		fatal("%s: sshbuf_new failed", __func__);
+-	if ((r = sshbuf_put_stringb(m, conf)) != 0)
++	if ((r = sshbuf_put_stringb(m, conf)) != 0 ||
++	    (r = sshbuf_put_stringb(m, inc)) != 0)
+ 		fatal("%s: buffer error: %s", __func__, ssh_err(r));
+-
+ #if defined(WITH_OPENSSL) && !defined(OPENSSL_PRNG_ONLY)
+ 	rexec_send_rng_seed(m);
+ #endif
+-
+ 	if (ssh_msg_send(fd, 0, m) == -1)
+ 		fatal("%s: ssh_msg_send failed", __func__);
+ 
+ 	sshbuf_free(m);
++	sshbuf_free(inc);
+ 
+ 	debug3("%s: done", __func__);
+ }
+@@ -958,14 +976,15 @@ send_rexec_state(int fd, struct sshbuf *
+ static void
+ recv_rexec_state(int fd, struct sshbuf *conf)
+ {
+-	struct sshbuf *m;
++	struct sshbuf *m, *inc;
+ 	u_char *cp, ver;
+ 	size_t len;
+ 	int r;
++	struct include_item *item;
+ 
+ 	debug3("%s: entering fd = %d", __func__, fd);
+ 
+-	if ((m = sshbuf_new()) == NULL)
++	if ((m = sshbuf_new()) == NULL || (inc = sshbuf_new()) == NULL)
+ 		fatal("%s: sshbuf_new failed", __func__);
+ 	if (ssh_msg_recv(fd, m) == -1)
+ 		fatal("%s: ssh_msg_recv failed", __func__);
+@@ -973,14 +992,28 @@ recv_rexec_state(int fd, struct sshbuf *
+ 		fatal("%s: buffer error: %s", __func__, ssh_err(r));
+ 	if (ver != 0)
+ 		fatal("%s: rexec version mismatch", __func__);
+-	if ((r = sshbuf_get_string(m, &cp, &len)) != 0)
+-		fatal("%s: buffer error: %s", __func__, ssh_err(r));
+-	if (conf != NULL && (r = sshbuf_put(conf, cp, len)))
++	if ((r = sshbuf_get_string(m, &cp, &len)) != 0 ||
++	    (r = sshbuf_get_stringb(m, inc)) != 0)
+ 		fatal("%s: buffer error: %s", __func__, ssh_err(r));
++
+ #if defined(WITH_OPENSSL) && !defined(OPENSSL_PRNG_ONLY)
+ 	rexec_recv_rng_seed(m);
+ #endif
+ 
++	if (conf != NULL && (r = sshbuf_put(conf, cp, len)))
++		fatal("%s: buffer error: %s", __func__, ssh_err(r));
++
++	while (sshbuf_len(inc) != 0) {
++		item = xcalloc(1, sizeof(*item));
++		if ((item->contents = sshbuf_new()) == NULL)
++			fatal("%s: sshbuf_new failed", __func__);
++		if ((r = sshbuf_get_cstring(inc, &item->selector, NULL)) != 0 ||
++		    (r = sshbuf_get_cstring(inc, &item->filename, NULL)) != 0 ||
++		    (r = sshbuf_get_stringb(inc, item->contents)) != 0)
++			fatal("%s: buffer error: %s", __func__, ssh_err(r));
++		TAILQ_INSERT_TAIL(&includes, item, entry);
++	}
++
+ 	free(cp);
+ 	sshbuf_free(m);
+ 
+@@ -1661,7 +1694,7 @@ main(int ac, char **av)
+ 		case 'o':
+ 			line = xstrdup(optarg);
+ 			if (process_server_config_line(&options, line,
+-			    "command-line", 0, NULL, NULL) != 0)
++			    "command-line", 0, NULL, NULL, &includes) != 0)
+ 				exit(1);
+ 			free(line);
+ 			break;
+@@ -1692,7 +1725,7 @@ main(int ac, char **av)
+ 	    SYSLOG_LEVEL_INFO : options.log_level,
+ 	    options.log_facility == SYSLOG_FACILITY_NOT_SET ?
+ 	    SYSLOG_FACILITY_AUTH : options.log_facility,
+-	    log_stderr || !inetd_flag);
++	    log_stderr || !inetd_flag || debug_flag);
+ 
+ 	/*
+ 	 * Unset KRB5CCNAME, otherwise the user's session may inherit it from
+@@ -1725,12 +1758,11 @@ main(int ac, char **av)
+ 			 */
+ 			(void)atomicio(vwrite, startup_pipe, "\0", 1);
+ 		}
+-	}
+-	else if (strcasecmp(config_file_name, "none") != 0)
++	} else if (strcasecmp(config_file_name, "none") != 0)
+ 		load_server_config(config_file_name, cfg);
+ 
+ 	parse_server_config(&options, rexeced_flag ? "rexec" : config_file_name,
+-	    cfg, NULL);
++	    cfg, &includes, NULL);
+ 
+ 	/* 'UsePAM no' is not supported in RHEL */
+ 	if (! options.use_pam)
+@@ -1946,7 +1978,7 @@ main(int ac, char **av)
+ 		if (connection_info == NULL)
+ 			connection_info = get_connection_info(ssh, 0, 0);
+ 		connection_info->test = 1;
+-		parse_server_match_config(&options, connection_info);
++		parse_server_match_config(&options, &includes, connection_info);
+ 		dump_config(&options);
+ 	}
+ 
+diff -up openssh-8.0p1/sshbuf-getput-basic.c.stringb openssh-8.0p1/sshbuf-getput-basic.c
+--- openssh-8.0p1/sshbuf-getput-basic.c.stringb	2022-12-21 12:18:43.274799163 +0100
++++ openssh-8.0p1/sshbuf-getput-basic.c	2022-12-21 12:19:19.758081516 +0100
+@@ -371,6 +371,9 @@ sshbuf_put_cstring(struct sshbuf *buf, c
+ int
+ sshbuf_put_stringb(struct sshbuf *buf, const struct sshbuf *v)
+ {
++	if (v == NULL)
++		return sshbuf_put_string(buf, NULL, 0);
++
+ 	return sshbuf_put_string(buf, sshbuf_ptr(v), sshbuf_len(v));
+ }
+ 

SOURCES/openssh-8.0p1-upstream-ignore-SIGPIPE.patch

@@ -0,0 +1,38 @@
+From d33ff14309e33aa79fdf95e1bc4facafa80b90a9 Mon Sep 17 00:00:00 2001
+From: Stepan Broz <sbroz@redhat.com>
+Date: Tue, 25 Jun 2024 17:38:22 +0200
+Subject: [PATCH] upstream: ignore SIGPIPE earlier in main(), specifically
+ before
+
+muxclient() which performs operations that could cause one; Reported by Noam
+Lewis via bz3454, ok dtucker@
+
+OpenBSD-Commit-ID: 63d8e13276869eebac6d7a05d5a96307f9026e47
+---
+ ssh.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/ssh.c b/ssh.c
+index 786e26d..e037c66 100644
+--- a/ssh.c
++++ b/ssh.c
+@@ -1115,6 +1115,8 @@ main(int ac, char **av)
+ 		}
+ 	}
+ 
++	signal(SIGPIPE, SIG_IGN); /* ignore SIGPIPE early */
++
+ 	/*
+ 	 * Initialize "log" output.  Since we are the client all output
+ 	 * goes to stderr unless otherwise specified by -y or -E.
+@@ -1545,7 +1547,6 @@ main(int ac, char **av)
+ 	    options.num_system_hostfiles);
+ 	tilde_expand_paths(options.user_hostfiles, options.num_user_hostfiles);
+ 
+-	signal(SIGPIPE, SIG_IGN); /* ignore SIGPIPE early */
+ 	signal(SIGCHLD, main_sigchld_handler);
+ 
+ 	/* Log into the remote system.  Never returns if the login fails. */
+-- 
+2.45.2
+

SOURCES/openssh-8.0p1-x11-without-ipv6.patch

@@ -6,9 +6,9 @@ diff --git a/channels.c b/channels.c
  				sock_set_v6only(sock);
  			if (x11_use_localhost)
  				set_reuseaddr(sock);
- 			if (bind(sock, ai->ai_addr, ai->ai_addrlen) == -1) {
+ 			if (bind(sock, ai->ai_addr, ai->ai_addrlen) < 0) {
- 				debug2_f("bind port %d: %.100s", port,
+ 				debug2("%s: bind port %d: %.100s", __func__,
- 				    strerror(errno));
+ 				    port, strerror(errno));
  				close(sock);
 +
 +				/* do not remove successfully opened

SOURCES/openssh-8.0p1.tar.gz.asc

@@ -0,0 +1,14 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQHDBAABCgAdFiEEWcIRjtIG2SfmZ+vj0+X1a22SDTAFAly3ro8ACgkQ0+X1a22S
+DTCAiAx/W9XHoDs5NijyNIP43W2nFYuf6HG1duoLjdJ8rnsC3e90gx8h5RpUUh24
+JDACoUFnbJsNgiQBaYpO7bOnf3Vw5Oui1gPeKnQ76KQsXDwD/N/0wLUf55+XdNJ6
+tcgm6/x1W4b8bWje5bcS3qhxv6t/hSL/OxusA8zoNmnTD5XMg6QtJ0Rp9ZHPriCJ
+C4eCPdHfmyHCr1IATMX9+n5CO5JUPexaDjQug7k/Z1XA/UlwVfRRs1JMpviBodC+
+ZUOuk9tH11RKSBcUeR3Ef4iaR3FchryyyBZUZdYBkmDrnHrYpUK5ifdHT+ZXdzPl
+laX03Kz094LqrP6L3lafk6b1PKOVjKwx1vM5fhnv+pfx4dmao9BwZMuIq6Fa5uMX
+w2oHGhlIDmeT66Yny5d0APn2wCewyYUGPanSZY/HolHAPs+doOBgI361kMAR9J3e
+Ii3VKhIdE8i4K3fC19uDkf7xL8UVvRVXjgM7i+GNndh1ou/vDYxmEAsW9IR/D3XC
+HM/jMdq+UewAiRG46aI5rsi/A8J8/A==
+=YtoH
+-----END PGP SIGNATURE-----

SOURCES/openssh-8.7p1-minimize-sha1-use.patch

@@ -0,0 +1,166 @@
+diff --color -ru a/kex.c b/kex.c
+--- a/kex.c	2022-06-23 10:25:29.529922670 +0200
++++ b/kex.c	2022-06-23 10:26:12.911762100 +0200
+@@ -906,6 +906,18 @@
+ 	return (1);
+ }
+ 
++/* returns non-zero if proposal contains any algorithm from algs */
++static int
++has_any_alg(const char *proposal, const char *algs)
++{
++	char *cp;
++
++	if ((cp = match_list(proposal, algs, NULL)) == NULL)
++		return 0;
++	free(cp);
++	return 1;
++}
++
+ static int
+ kex_choose_conf(struct ssh *ssh)
+ {
+@@ -941,6 +953,16 @@
+ 		free(ext);
+ 	}
+ 
++	/* Check whether client supports rsa-sha2 algorithms */
++	if (kex->server && (kex->flags & KEX_INITIAL)) {
++		if (has_any_alg(peer[PROPOSAL_SERVER_HOST_KEY_ALGS],
++		    "rsa-sha2-256,rsa-sha2-256-cert-v01@openssh.com"))
++			kex->flags |= KEX_RSA_SHA2_256_SUPPORTED;
++		if (has_any_alg(peer[PROPOSAL_SERVER_HOST_KEY_ALGS],
++		    "rsa-sha2-512,rsa-sha2-512-cert-v01@openssh.com"))
++			kex->flags |= KEX_RSA_SHA2_512_SUPPORTED;
++	}
++
+ 	/* Algorithm Negotiation */
+ 	if ((r = choose_kex(kex, cprop[PROPOSAL_KEX_ALGS],
+ 	    sprop[PROPOSAL_KEX_ALGS])) != 0) {
+diff --color -ru a/kex.h b/kex.h
+--- a/kex.h	2022-06-23 10:25:29.511922322 +0200
++++ b/kex.h	2022-06-23 10:26:12.902761926 +0200
+@@ -117,6 +117,8 @@
+ 
+ #define KEX_INIT_SENT	0x0001
+ #define KEX_INITIAL	0x0002
++#define KEX_RSA_SHA2_256_SUPPORTED 	0x0008 /* only set in server for now */
++#define KEX_RSA_SHA2_512_SUPPORTED 	0x0010 /* only set in server for now */
+ 
+ struct sshenc {
+ 	char	*name;
+diff --color -ru a/serverloop.c b/serverloop.c
+--- a/serverloop.c	2022-06-23 10:25:29.537922825 +0200
++++ b/serverloop.c	2022-06-23 10:26:12.918762235 +0200
+@@ -736,16 +736,17 @@
+ 	struct sshbuf *resp = NULL;
+ 	struct sshbuf *sigbuf = NULL;
+ 	struct sshkey *key = NULL, *key_pub = NULL, *key_prv = NULL;
+-	int r, ndx, kexsigtype, use_kexsigtype, success = 0;
++	int r, ndx, success = 0;
+ 	const u_char *blob;
++	const char *sigalg, *kex_rsa_sigalg = NULL;
+ 	u_char *sig = 0;
+ 	size_t blen, slen;
+ 
+ 	if ((resp = sshbuf_new()) == NULL || (sigbuf = sshbuf_new()) == NULL)
+ 		fatal("%s: sshbuf_new", __func__);
+-
+-	kexsigtype = sshkey_type_plain(
+-	    sshkey_type_from_name(ssh->kex->hostkey_alg));
++	if (sshkey_type_plain(sshkey_type_from_name(
++	    ssh->kex->hostkey_alg)) == KEY_RSA)
++		kex_rsa_sigalg = ssh->kex->hostkey_alg;
+ 	while (ssh_packet_remaining(ssh) > 0) {
+ 		sshkey_free(key);
+ 		key = NULL;
+@@ -780,16 +781,24 @@
+ 		 * For RSA keys, prefer to use the signature type negotiated
+ 		 * during KEX to the default (SHA1).
+ 		 */
+-		use_kexsigtype = kexsigtype == KEY_RSA &&
+-		    sshkey_type_plain(key->type) == KEY_RSA;
++		sigalg = NULL;
++		if (sshkey_type_plain(key->type) == KEY_RSA) {
++			if (kex_rsa_sigalg != NULL)
++				sigalg = kex_rsa_sigalg;
++			else if (ssh->kex->flags & KEX_RSA_SHA2_512_SUPPORTED)
++				sigalg = "rsa-sha2-512";
++			else if (ssh->kex->flags & KEX_RSA_SHA2_256_SUPPORTED)
++				sigalg = "rsa-sha2-256";
++		}
++		debug3("%s: sign %s key (index %d) using sigalg %s", __func__,
++			sshkey_type(key), ndx, sigalg == NULL ? "default" : sigalg);
+ 		if ((r = sshbuf_put_cstring(sigbuf,
+ 		    "hostkeys-prove-00@openssh.com")) != 0 ||
+ 		    (r = sshbuf_put_string(sigbuf,
+ 		    ssh->kex->session_id, ssh->kex->session_id_len)) != 0 ||
+ 		    (r = sshkey_puts(key, sigbuf)) != 0 ||
+ 		    (r = ssh->kex->sign(ssh, key_prv, key_pub, &sig, &slen,
+-		    sshbuf_ptr(sigbuf), sshbuf_len(sigbuf),
+-		    use_kexsigtype ? ssh->kex->hostkey_alg : NULL)) != 0 ||
++		    sshbuf_ptr(sigbuf), sshbuf_len(sigbuf), sigalg)) != 0 ||
+ 		    (r = sshbuf_put_string(resp, sig, slen)) != 0) {
+ 			error("%s: couldn't prepare signature: %s",
+ 			    __func__, ssh_err(r));
+diff --color -ru a/sshkey.c b/sshkey.c
+--- a/sshkey.c	2022-06-23 10:25:29.532922728 +0200
++++ b/sshkey.c	2022-06-23 10:26:12.914762158 +0200
+@@ -82,7 +82,6 @@
+     struct sshbuf *buf, enum sshkey_serialize_rep);
+ static int sshkey_from_blob_internal(struct sshbuf *buf,
+     struct sshkey **keyp, int allow_cert);
+-static int get_sigtype(const u_char *sig, size_t siglen, char **sigtypep);
+ 
+ /* Supported key types */
+ struct keytype {
+@@ -2092,7 +2091,8 @@
+ 	if ((ret = sshkey_verify(key->cert->signature_key, sig, slen,
+ 	    sshbuf_ptr(key->cert->certblob), signed_len, NULL, 0)) != 0)
+ 		goto out;
+-	if ((ret = get_sigtype(sig, slen, &key->cert->signature_type)) != 0)
++	if ((ret = sshkey_get_sigtype(sig, slen,
++	    &key->cert->signature_type)) != 0)
+ 		goto out;
+ 
+ 	/* Success */
+@@ -2394,8 +2394,8 @@
+ 	return r;
+ }
+ 
+-static int
+-get_sigtype(const u_char *sig, size_t siglen, char **sigtypep)
++int
++sshkey_get_sigtype(const u_char *sig, size_t siglen, char **sigtypep)
+ {
+ 	int r;
+ 	struct sshbuf *b = NULL;
+@@ -2477,7 +2477,7 @@
+ 		return 0;
+ 	if ((expected_alg = sshkey_sigalg_by_name(requested_alg)) == NULL)
+ 		return SSH_ERR_INVALID_ARGUMENT;
+-	if ((r = get_sigtype(sig, siglen, &sigtype)) != 0)
++	if ((r = sshkey_get_sigtype(sig, siglen, &sigtype)) != 0)
+ 		return r;
+ 	r = strcmp(expected_alg, sigtype) == 0;
+ 	free(sigtype);
+@@ -2739,7 +2739,7 @@
+ 	    sshbuf_len(cert), alg, 0, signer_ctx)) != 0)
+ 		goto out;
+ 	/* Check and update signature_type against what was actually used */
+-	if ((ret = get_sigtype(sig_blob, sig_len, &sigtype)) != 0)
++	if ((ret = sshkey_get_sigtype(sig_blob, sig_len, &sigtype)) != 0)
+ 		goto out;
+ 	if (alg != NULL && strcmp(alg, sigtype) != 0) {
+ 		ret = SSH_ERR_SIGN_ALG_UNSUPPORTED;
+diff --color -ru a/sshkey.h b/sshkey.h
+--- a/sshkey.h	2022-06-23 10:25:29.521922515 +0200
++++ b/sshkey.h	2022-06-23 10:26:12.907762022 +0200
+@@ -211,6 +211,7 @@
+     const u_char *, size_t, const char *, u_int);
+ int	 sshkey_check_sigtype(const u_char *, size_t, const char *);
+ const char *sshkey_sigalg_by_name(const char *);
++int      sshkey_get_sigtype(const u_char *, size_t, char **);
+ 
+ /* for debug */
+ void	sshkey_dump_ec_point(const EC_GROUP *, const EC_POINT *);

SOURCES/openssh-8.7p1-scp-kill-switch.patch

@@ -13,8 +13,8 @@ diff -up openssh-8.7p1/scp.1.kill-scp openssh-8.7p1/scp.1
 --- openssh-8.7p1/scp.1.kill-scp	2021-09-16 12:09:02.646714578 +0200
 +++ openssh-8.7p1/scp.1	2021-09-16 12:26:49.978628226 +0200
 @@ -278,6 +278,13 @@ to print debugging messages about their
- By default a 32KB buffer is used.
+ This is helpful in
- .El
+ debugging connection, authentication, and configuration problems.
  .El
 +.Pp
 +Usage of SCP protocol can be blocked by creating a world-readable
@@ -30,10 +30,10 @@ diff -up openssh-8.7p1/scp.c.kill-scp openssh-8.7p1/scp.c
 --- openssh-8.7p1/scp.c.kill-scp	2021-09-16 11:42:56.013650519 +0200
 +++ openssh-8.7p1/scp.c	2021-09-16 11:53:03.249713836 +0200
 @@ -596,6 +596,14 @@ main(int argc, char **argv)
- 	if (iamremote)
+ 	argc -= optind;
- 		mode = MODE_SCP;
+ 	argv += optind;
  
-+	if (mode == MODE_SCP) {
++	{
 +		FILE *f = fopen(_PATH_SCP_KILL_SWITCH, "r");
 +		if (f != NULL) {
 +			fclose(f);

SOURCES/openssh-8.7p1-upstream-cve-2021-41617.patch

@@ -0,0 +1,25 @@
+diff --git a/auth.c b/auth.c
+index b8d1040d..0134d694 100644
+--- a/auth.c
++++ b/auth.c
+@@ -56,6 +56,7 @@
+ # include <paths.h>
+ #endif
+ #include <pwd.h>
++#include <grp.h>
+ #ifdef HAVE_LOGIN_H
+ #include <login.h>
+ #endif
+@@ -2695,6 +2696,12 @@ subprocess(const char *tag, const char *command,
+ 		}
+ 		closefrom(STDERR_FILENO + 1);
+ 
++		if (geteuid() == 0 &&
++		    initgroups(pw->pw_name, pw->pw_gid) == -1) {
++			error("%s: initgroups(%s, %u): %s", tag,
++			    pw->pw_name, (u_int)pw->pw_gid, strerror(errno));
++			_exit(1);
++		}
+		/* Don't use permanently_set_uid() here to avoid fatal() */
+ 		if (setresgid(pw->pw_gid, pw->pw_gid, pw->pw_gid) != 0) {
+ 			error("%s: setresgid %u: %s", tag, (u_int)pw->pw_gid,

SOURCES/openssh-9.1p1-sshbanner.patch

@@ -0,0 +1,32 @@
+diff --git a/ssh-keyscan.c b/ssh-keyscan.c
+index d29a03b4..d7283136 100644
+--- a/ssh-keyscan.c
++++ b/ssh-keyscan.c
+@@ -490,6 +490,15 @@ congreet(int s)
+ 		return;
+ 	}
+ 
++	/*
++	 * Read the server banner as per RFC4253 section 4.2.  The "SSH-"
++	 * protocol identification string may be preceeded by an arbitarily
++	 * large banner which we must read and ignore.  Loop while reading
++	 * newline-terminated lines until we have one starting with "SSH-".
++	 * The ID string cannot be longer than 255 characters although the
++	 * preceeding banner lines may (in which case they'll be discarded
++	 * in multiple iterations of the outer loop).
++	 */
+ 	for (;;) {
+ 		memset(buf, '\0', sizeof(buf));
+ 		bufsiz = sizeof(buf);
+@@ -517,6 +526,11 @@ congreet(int s)
+ 		conrecycle(s);
+ 		return;
+ 	}
++	if (cp >= buf + sizeof(buf)) {
++		error("%s: greeting exceeds allowable length", c->c_name);
++		confree(s);
++		return;
++	}
+ 	if (*cp != '\n' && *cp != '\r') {
+ 		error("%s: bad greeting", c->c_name);
+ 		confree(s);

SOURCES/openssh-9.3p1-upstream-cve-2023-38408.patch

@@ -0,0 +1,17 @@
+diff --git a/ssh-pkcs11.c b/ssh-pkcs11.c
+index 6be647ec..ebddf6c3 100644
+--- a/ssh-pkcs11.c
++++ b/ssh-pkcs11.c
+@@ -1537,10 +1537,8 @@ pkcs11_register_provider(char *provider_id, char *pin,
+ 		error("dlopen %s failed: %s", provider_module, dlerror());
+ 		goto fail;
+ 	}
+-	if ((getfunctionlist = dlsym(handle, "C_GetFunctionList")) == NULL) {
+-		error("dlsym(C_GetFunctionList) failed: %s", dlerror());
+-		goto fail;
+-	}
++	if ((getfunctionlist = dlsym(handle, "C_GetFunctionList")) == NULL)
++		fatal("dlsym(C_GetFunctionList) failed: %s", dlerror());
+ 
+ 	p->module->handle = handle;
+ 	/* setup the pkcs11 callbacks */

SOURCES/openssh-9.4p2-limit-delay.patch

@@ -0,0 +1,33 @@
+diff -u -p -r1.166 auth2.c
+--- a/auth2.c	8 Mar 2023 04:43:12 -0000	1.166
++++ b/auth2.c	28 Aug 2023 08:32:44 -0000
+@@ -208,6 +208,7 @@ input_service_request(int type, u_int32_
+ }
+ 
+ #define MIN_FAIL_DELAY_SECONDS 0.005
++#define MAX_FAIL_DELAY_SECONDS 5.0
+ static double
+ user_specific_delay(const char *user)
+ {
+@@ -233,6 +234,12 @@ ensure_minimum_time_since(double start, 
+ 	struct timespec ts;
+ 	double elapsed = monotime_double() - start, req = seconds, remain;
+ 
++	if (elapsed > MAX_FAIL_DELAY_SECONDS) {
++		debug3("elapsed %0.3lfms exceeded the max delay "
++		    "requested %0.3lfms)", elapsed*1000, req*1000);
++		return;
++	}
++
+ 	/* if we've already passed the requested time, scale up */
+ 	while ((remain = seconds - elapsed) < 0.0)
+ 		seconds *= 2;
+@@ -317,7 +324,7 @@ input_userauth_request(int type, u_int32
+ 		debug2("input_userauth_request: try method %s", method);
+ 		authenticated =	m->userauth(ssh);
+ 	}
+-	if (!authctxt->authenticated)
++	if (!authctxt->authenticated && strcmp(method, "none") != 0)
+ 		ensure_minimum_time_since(tstart,
+ 		    user_specific_delay(authctxt->user));
+ 	userauth_finish(ssh, authenticated, method, NULL);

SOURCES/openssh-9.6p1-CVE-2023-48795.patch

@@ -0,0 +1,447 @@
+diff --git a/PROTOCOL b/PROTOCOL
+index d453c779..ded935eb 100644
+--- a/PROTOCOL
++++ b/PROTOCOL
+@@ -137,6 +137,32 @@ than as a named global or channel request to allow pings with very
+ described at:
+ http://git.libssh.org/users/aris/libssh.git/plain/doc/curve25519-sha256@libssh.org.txt?h=curve25519
+ 
++1.9 transport: strict key exchange extension
++
++OpenSSH supports a number of transport-layer hardening measures under
++a "strict KEX" feature. This feature is signalled similarly to the
++RFC8308 ext-info feature: by including a additional algorithm in the
++initiial SSH2_MSG_KEXINIT kex_algorithms field. The client may append
++"kex-strict-c-v00@openssh.com" to its kex_algorithms and the server
++may append "kex-strict-s-v00@openssh.com". These pseudo-algorithms
++are only valid in the initial SSH2_MSG_KEXINIT and MUST be ignored
++if they are present in subsequent SSH2_MSG_KEXINIT packets.
++
++When an endpoint that supports this extension observes this algorithm
++name in a peer's KEXINIT packet, it MUST make the following changes to
++the the protocol:
++
++a) During initial KEX, terminate the connection if any unexpected or
++   out-of-sequence packet is received. This includes terminating the
++   connection if the first packet received is not SSH2_MSG_KEXINIT.
++   Unexpected packets for the purpose of strict KEX include messages
++   that are otherwise valid at any time during the connection such as
++   SSH2_MSG_DEBUG and SSH2_MSG_IGNORE.
++b) After sending or receiving a SSH2_MSG_NEWKEYS message, reset the
++   packet sequence number to zero. This behaviour persists for the
++   duration of the connection (i.e. not just the first
++   SSH2_MSG_NEWKEYS).
++
+ 2. Connection protocol changes
+ 
+ 2.1. connection: Channel write close extension "eow@openssh.com"
+diff --git a/kex.c b/kex.c
+index aa5e792d..d478ff6e 100644
+--- a/kex.c
++++ b/kex.c
+@@ -65,7 +65,7 @@
+ #endif
+ 
+ /* prototype */
+-static int kex_choose_conf(struct ssh *);
++static int kex_choose_conf(struct ssh *, uint32_t seq);
+ static int kex_input_newkeys(int, u_int32_t, struct ssh *);
+ 
+ static const char *proposal_names[PROPOSAL_MAX] = {
+@@ -177,6 +177,18 @@ kex_names_valid(const char *names)
+ 	return 1;
+ }
+ 
++/* returns non-zero if proposal contains any algorithm from algs */
++static int
++has_any_alg(const char *proposal, const char *algs)
++{
++	char *cp;
++
++	if ((cp = match_list(proposal, algs, NULL)) == NULL)
++		return 0;
++	free(cp);
++	return 1;
++}
++
+ /*
+  * Concatenate algorithm names, avoiding duplicates in the process.
+  * Caller must free returned string.
+@@ -184,7 +196,7 @@ kex_names_valid(const char *names)
+ char *
+ kex_names_cat(const char *a, const char *b)
+ {
+-	char *ret = NULL, *tmp = NULL, *cp, *p, *m;
++	char *ret = NULL, *tmp = NULL, *cp, *p;
+ 	size_t len;
+ 
+ 	if (a == NULL || *a == '\0')
+@@ -201,10 +213,8 @@ kex_names_cat(const char *a, const char *b)
+ 	}
+ 	strlcpy(ret, a, len);
+ 	for ((p = strsep(&cp, ",")); p && *p != '\0'; (p = strsep(&cp, ","))) {
+-		if ((m = match_list(ret, p, NULL)) != NULL) {
+-			free(m);
++		if (has_any_alg(ret, p))
+ 			continue; /* Algorithm already present */
+-		}
+ 		if (strlcat(ret, ",", len) >= len ||
+ 		    strlcat(ret, p, len) >= len) {
+ 			free(tmp);
+@@ -466,7 +485,12 @@ kex_protocol_error(int type, u_int32_t seq, struct ssh *ssh)
+ {
+ 	int r;
+ 
+-	error("kex protocol error: type %d seq %u", type, seq);
++	/* If in strict mode, any unexpected message is an error */
++	if ((ssh->kex->flags & KEX_INITIAL) && ssh->kex->kex_strict) {
++		ssh_packet_disconnect(ssh, "strict KEX violation: "
++		    "unexpected packet type %u (seqnr %u)", type, seq);
++	}
++	error("type %u seq %u", type, seq);
+ 	if ((r = sshpkt_start(ssh, SSH2_MSG_UNIMPLEMENTED)) != 0 ||
+ 	    (r = sshpkt_put_u32(ssh, seq)) != 0 ||
+ 	    (r = sshpkt_send(ssh)) != 0)
+@@ -548,6 +572,11 @@ kex_input_ext_info(int type, u_int32_t seq, struct ssh *ssh)
+ 	ssh_dispatch_set(ssh, SSH2_MSG_EXT_INFO, &kex_protocol_error);
+ 	if ((r = sshpkt_get_u32(ssh, &ninfo)) != 0)
+ 		return r;
++ 	if (ninfo >= 1024) {
++ 		error("SSH2_MSG_EXT_INFO with too many entries, expected "
++ 		    "<=1024, received %u", ninfo);
++		return dispatch_protocol_error(type, seq, ssh);
++ 	}
+ 	for (i = 0; i < ninfo; i++) {
+ 		if ((r = sshpkt_get_cstring(ssh, &name, NULL)) != 0)
+ 			return r;
+@@ -681,7 +705,7 @@ kex_input_kexinit(int type, u_int32_t seq, struct ssh *ssh)
+ 	if (kex == NULL)
+ 		return SSH_ERR_INVALID_ARGUMENT;
+ 
+-	ssh_dispatch_set(ssh, SSH2_MSG_KEXINIT, NULL);
++	ssh_dispatch_set(ssh, SSH2_MSG_KEXINIT, &kex_protocol_error);
+ 	ptr = sshpkt_ptr(ssh, &dlen);
+ 	if ((r = sshbuf_put(kex->peer, ptr, dlen)) != 0)
+ 		return r;
+@@ -717,7 +741,7 @@ kex_input_kexinit(int type, u_int32_t seq, struct ssh *ssh)
+ 	if (!(kex->flags & KEX_INIT_SENT))
+ 		if ((r = kex_send_kexinit(ssh)) != 0)
+ 			return r;
+-	if ((r = kex_choose_conf(ssh)) != 0)
++	if ((r = kex_choose_conf(ssh, seq)) != 0)
+ 		return r;
+ 
+ 	if (kex->kex_type < KEX_MAX && kex->kex[kex->kex_type] != NULL)
+@@ -981,20 +1005,14 @@ proposals_match(char *my[PROPOSAL_MAX], char *peer[PROPOSAL_MAX])
+ 	return (1);
+ }
+ 
+-/* returns non-zero if proposal contains any algorithm from algs */
+ static int
+-has_any_alg(const char *proposal, const char *algs)
++kexalgs_contains(char **peer, const char *ext)
+ {
+-	char *cp;
+-
+-	if ((cp = match_list(proposal, algs, NULL)) == NULL)
+-		return 0;
+-	free(cp);
+-	return 1;
++	return has_any_alg(peer[PROPOSAL_KEX_ALGS], ext);
+ }
+ 
+ static int
+-kex_choose_conf(struct ssh *ssh)
++kex_choose_conf(struct ssh *ssh, uint32_t seq)
+ {
+ 	struct kex *kex = ssh->kex;
+ 	struct newkeys *newkeys;
+@@ -1019,13 +1037,23 @@ kex_choose_conf(struct ssh *ssh)
+ 		sprop=peer;
+ 	}
+ 
+-	/* Check whether client supports ext_info_c */
+-	if (kex->server && (kex->flags & KEX_INITIAL)) {
+-		char *ext;
+-
+-		ext = match_list("ext-info-c", peer[PROPOSAL_KEX_ALGS], NULL);
+-		kex->ext_info_c = (ext != NULL);
+-		free(ext);
++	/* Check whether peer supports ext_info/kex_strict */
++	if ((kex->flags & KEX_INITIAL) != 0) {
++		if (kex->server) {
++			kex->ext_info_c = kexalgs_contains(peer, "ext-info-c");
++			kex->kex_strict = kexalgs_contains(peer,
++			    "kex-strict-c-v00@openssh.com");
++		} else {
++			kex->kex_strict = kexalgs_contains(peer,
++			    "kex-strict-s-v00@openssh.com");
++		}
++		if (kex->kex_strict) {
++			debug3("will use strict KEX ordering");
++			if (seq != 0)
++				ssh_packet_disconnect(ssh,
++				    "strict KEX violation: "
++				    "KEXINIT was not the first packet");
++		}
+ 	}
+ 
+ 	/* Check whether client supports rsa-sha2 algorithms */
+diff --git a/kex.h b/kex.h
+index 5f7ef784..272ebb43 100644
+--- a/kex.h
++++ b/kex.h
+@@ -149,6 +149,7 @@ struct kex {
+ 	u_int	kex_type;
+ 	char	*server_sig_algs;
+ 	int	ext_info_c;
++	int	kex_strict;
+ 	struct sshbuf *my;
+ 	struct sshbuf *peer;
+ 	struct sshbuf *client_version;
+diff --git a/packet.c b/packet.c
+index 52017def..beb214f9 100644
+--- a/packet.c
++++ b/packet.c
+@@ -1207,8 +1207,13 @@ ssh_packet_send2_wrapped(struct ssh *ssh)
+ 	sshbuf_dump(state->output, stderr);
+ #endif
+ 	/* increment sequence number for outgoing packets */
+-	if (++state->p_send.seqnr == 0)
++	if (++state->p_send.seqnr == 0) {
++		if ((ssh->kex->flags & KEX_INITIAL) != 0) {
++			ssh_packet_disconnect(ssh, "outgoing sequence number "
++			    "wrapped during initial key exchange");
++		}
+ 		logit("outgoing seqnr wraps around");
++	}
+ 	if (++state->p_send.packets == 0)
+ 		if (!(ssh->compat & SSH_BUG_NOREKEY))
+ 			return SSH_ERR_NEED_REKEY;
+@@ -1216,6 +1221,11 @@ ssh_packet_send2_wrapped(struct ssh *ssh)
+ 	state->p_send.bytes += len;
+ 	sshbuf_reset(state->outgoing_packet);
+ 
++	if (type == SSH2_MSG_NEWKEYS && ssh->kex->kex_strict) {
++		debug("resetting send seqnr %u", state->p_send.seqnr);
++		state->p_send.seqnr = 0;
++	}
++
+ 	if (type == SSH2_MSG_NEWKEYS)
+ 		r = ssh_set_newkeys(ssh, MODE_OUT);
+ 	else if (type == SSH2_MSG_USERAUTH_SUCCESS && state->server_side)
+@@ -1344,8 +1354,7 @@ ssh_packet_read_seqnr(struct ssh *ssh, u_char *typep, u_int32_t *seqnr_p)
+ 	/* Stay in the loop until we have received a complete packet. */
+ 	for (;;) {
+ 		/* Try to read a packet from the buffer. */
+-		r = ssh_packet_read_poll_seqnr(ssh, typep, seqnr_p);
+-		if (r != 0)
++		if ((r = ssh_packet_read_poll_seqnr(ssh, typep, seqnr_p)) != 0)
+ 			break;
+ 		/* If we got a packet, return it. */
+ 		if (*typep != SSH_MSG_NONE)
+@@ -1629,10 +1615,16 @@ ssh_packet_read_poll2(struct ssh *ssh, u_char *typep, u_int32_t *seqnr_p)
+ 		if ((r = sshbuf_consume(state->input, mac->mac_len)) != 0)
+ 			goto out;
+ 	}
++
+ 	if (seqnr_p != NULL)
+ 		*seqnr_p = state->p_read.seqnr;
+-	if (++state->p_read.seqnr == 0)
++	if (++state->p_read.seqnr == 0) {
++		if ((ssh->kex->flags & KEX_INITIAL) != 0) {
++			ssh_packet_disconnect(ssh, "incoming sequence number "
++			    "wrapped during initial key exchange");
++		}
+ 		logit("incoming seqnr wraps around");
++	}
+ 	if (++state->p_read.packets == 0)
+ 		if (!(ssh->compat & SSH_BUG_NOREKEY))
+ 			return SSH_ERR_NEED_REKEY;
+@@ -1698,6 +1690,10 @@ ssh_packet_read_poll2(struct ssh *ssh, u_char *typep, u_int32_t *seqnr_p)
+ #endif
+ 	/* reset for next packet */
+ 	state->packlen = 0;
++	if (*typep == SSH2_MSG_NEWKEYS && ssh->kex->kex_strict) {
++		debug("resetting read seqnr %u", state->p_read.seqnr);
++		state->p_read.seqnr = 0;
++	}
+ 
+ 	/* do we need to rekey? */
+ 	if (ssh_packet_need_rekeying(ssh, 0)) {
+@@ -1720,10 +1716,39 @@ ssh_packet_read_poll_seqnr(struct ssh *ssh, u_char *typep, u_int32_t *seqnr_p)
+ 		r = ssh_packet_read_poll2(ssh, typep, seqnr_p);
+ 		if (r != 0)
+ 			return r;
+-		if (*typep) {
+-			state->keep_alive_timeouts = 0;
+-			DBG(debug("received packet type %d", *typep));
++		if (*typep == 0) {
++			/* no message ready */
++			return 0;
+ 		}
++		state->keep_alive_timeouts = 0;
++		DBG(debug("received packet type %d", *typep));
++
++		/* Always process disconnect messages */
++		if (*typep == SSH2_MSG_DISCONNECT) {
++			if ((r = sshpkt_get_u32(ssh, &reason)) != 0 ||
++			    (r = sshpkt_get_string(ssh, &msg, NULL)) != 0)
++				return r;
++			/* Ignore normal client exit notifications */
++			do_log2(ssh->state->server_side &&
++			    reason == SSH2_DISCONNECT_BY_APPLICATION ?
++			    SYSLOG_LEVEL_INFO : SYSLOG_LEVEL_ERROR,
++			    "Received disconnect from %s port %d:"
++			    "%u: %.400s", ssh_remote_ipaddr(ssh),
++			    ssh_remote_port(ssh), reason, msg);
++			free(msg);
++			return SSH_ERR_DISCONNECTED;
++		}
++
++		/*
++		 * Do not implicitly handle any messages here during initial
++		 * KEX when in strict mode. They will be need to be allowed
++		 * explicitly by the KEX dispatch table or they will generate
++		 * protocol errors.
++		 */
++		if (ssh->kex != NULL &&
++		    (ssh->kex->flags & KEX_INITIAL) && ssh->kex->kex_strict)
++			return 0;
++		/* Implicitly handle transport-level messages */
+ 		switch (*typep) {
+ 		case SSH2_MSG_IGNORE:
+ 			debug3("Received SSH2_MSG_IGNORE");
+@@ -1738,19 +1763,6 @@ ssh_packet_read_poll_seqnr(struct ssh *ssh, u_char *typep, u_int32_t *seqnr_p)
+ 			debug("Remote: %.900s", msg);
+ 			free(msg);
+ 			break;
+-		case SSH2_MSG_DISCONNECT:
+-			if ((r = sshpkt_get_u32(ssh, &reason)) != 0 ||
+-			    (r = sshpkt_get_string(ssh, &msg, NULL)) != 0)
+-				return r;
+-			/* Ignore normal client exit notifications */
+-			do_log2(ssh->state->server_side &&
+-			    reason == SSH2_DISCONNECT_BY_APPLICATION ?
+-			    SYSLOG_LEVEL_INFO : SYSLOG_LEVEL_ERROR,
+-			    "Received disconnect from %s port %d:"
+-			    "%u: %.400s", ssh_remote_ipaddr(ssh),
+-			    ssh_remote_port(ssh), reason, msg);
+-			free(msg);
+-			return SSH_ERR_DISCONNECTED;
+ 		case SSH2_MSG_UNIMPLEMENTED:
+ 			if ((r = sshpkt_get_u32(ssh, &seqnr)) != 0)
+ 				return r;
+@@ -2242,6 +2254,7 @@ kex_to_blob(struct sshbuf *m, struct kex *kex)
+ 	    (r = sshbuf_put_u32(m, kex->hostkey_type)) != 0 ||
+ 	    (r = sshbuf_put_u32(m, kex->hostkey_nid)) != 0 ||
+ 	    (r = sshbuf_put_u32(m, kex->kex_type)) != 0 ||
++	    (r = sshbuf_put_u32(m, kex->kex_strict)) != 0 ||
+ 	    (r = sshbuf_put_stringb(m, kex->my)) != 0 ||
+ 	    (r = sshbuf_put_stringb(m, kex->peer)) != 0 ||
+ 	    (r = sshbuf_put_stringb(m, kex->client_version)) != 0 ||
+@@ -2404,6 +2417,7 @@ kex_from_blob(struct sshbuf *m, struct kex **kexp)
+ 	    (r = sshbuf_get_u32(m, (u_int *)&kex->hostkey_type)) != 0 ||
+ 	    (r = sshbuf_get_u32(m, (u_int *)&kex->hostkey_nid)) != 0 ||
+ 	    (r = sshbuf_get_u32(m, &kex->kex_type)) != 0 ||
++	    (r = sshbuf_get_u32(m, &kex->kex_strict)) != 0 ||
+ 	    (r = sshbuf_get_stringb(m, kex->my)) != 0 ||
+ 	    (r = sshbuf_get_stringb(m, kex->peer)) != 0 ||
+ 	    (r = sshbuf_get_stringb(m, kex->client_version)) != 0 ||
+@@ -2732,6 +2746,7 @@ sshpkt_disconnect(struct ssh *ssh, const char *fmt,...)
+ 	vsnprintf(buf, sizeof(buf), fmt, args);
+ 	va_end(args);
+ 
++	debug2("sending SSH2_MSG_DISCONNECT: %s", buf);
+ 	if ((r = sshpkt_start(ssh, SSH2_MSG_DISCONNECT)) != 0 ||
+ 	    (r = sshpkt_put_u32(ssh, SSH2_DISCONNECT_PROTOCOL_ERROR)) != 0 ||
+ 	    (r = sshpkt_put_cstring(ssh, buf)) != 0 ||
+diff --git a/sshconnect2.c b/sshconnect2.c
+index df6caf81..0cccbcc4 100644
+--- a/sshconnect2.c
++++ b/sshconnect2.c
+@@ -253,7 +253,8 @@ ssh_kex2(struct ssh *ssh, char *host, st
+ 	xxx_host = host;
+ 	xxx_hostaddr = hostaddr;
+ 
+-	if ((s = kex_names_cat(options.kex_algorithms, "ext-info-c")) == NULL)
++	if ((s = kex_names_cat(options.kex_algorithms,
++	    "ext-info-c,kex-strict-c-v00@openssh.com")) == NULL)
+ 		fatal("%s: kex_names_cat", __func__);
+ 	myproposal[PROPOSAL_KEX_ALGS] = compat_kex_proposal(s);
+ 	myproposal[PROPOSAL_ENC_ALGS_CTOS] =
+@@ -358,7 +358,6 @@ struct cauthmethod {
+ };
+ 
+ static int input_userauth_service_accept(int, u_int32_t, struct ssh *);
+-static int input_userauth_ext_info(int, u_int32_t, struct ssh *);
+ static int input_userauth_success(int, u_int32_t, struct ssh *);
+ static int input_userauth_failure(int, u_int32_t, struct ssh *);
+ static int input_userauth_banner(int, u_int32_t, struct ssh *);
+@@ -472,7 +471,7 @@ ssh_userauth2(struct ssh *ssh, const char *local_user,
+ 
+ 	ssh->authctxt = &authctxt;
+ 	ssh_dispatch_init(ssh, &input_userauth_error);
+-	ssh_dispatch_set(ssh, SSH2_MSG_EXT_INFO, &input_userauth_ext_info);
++	ssh_dispatch_set(ssh, SSH2_MSG_EXT_INFO, kex_input_ext_info);
+ 	ssh_dispatch_set(ssh, SSH2_MSG_SERVICE_ACCEPT, &input_userauth_service_accept);
+ 	ssh_dispatch_run_fatal(ssh, DISPATCH_BLOCK, &authctxt.success);	/* loop until success */
+ 	pubkey_cleanup(ssh);
+@@ -531,12 +530,6 @@ input_userauth_service_accept(int type, u_int32_t seq, struct ssh *ssh)
+ }
+ 
+ /* ARGSUSED */
+-static int
+-input_userauth_ext_info(int type, u_int32_t seqnr, struct ssh *ssh)
+-{
+-	return kex_input_ext_info(type, seqnr, ssh);
+-}
+-
+ void
+ userauth(struct ssh *ssh, char *authlist)
+ {
+@@ -615,6 +608,7 @@ input_userauth_success(int type, u_int32_t seq, struct ssh *ssh)
+ 	free(authctxt->methoddata);
+ 	authctxt->methoddata = NULL;
+ 	authctxt->success = 1;			/* break out */
++	ssh_dispatch_set(ssh, SSH2_MSG_EXT_INFO, dispatch_protocol_error);
+ 	return 0;
+ }
+ 
+diff -up openssh-8.7p1/sshd.c.kexstrict openssh-8.7p1/sshd.c
+--- openssh-8.7p1/sshd.c.kexstrict	2023-11-27 13:19:18.855433602 +0100
++++ openssh-8.7p1/sshd.c	2023-11-27 13:28:10.441325314 +0100
+@@ -2531,10 +2531,14 @@ do_ssh2_kex(struct ssh *ssh)
+ {
+ 	char *myproposal[PROPOSAL_MAX] = { KEX_SERVER };
+ 	struct kex *kex;
++	char *cp;
+ 	int r;
+ 
+-	myproposal[PROPOSAL_KEX_ALGS] = compat_kex_proposal(
+-	    options.kex_algorithms);
++	if ((cp = kex_names_cat(options.kex_algorithms, 
++	   "kex-strict-s-v00@openssh.com")) == NULL)
++		fatal("kex_names_cat");
++
++	myproposal[PROPOSAL_KEX_ALGS] = compat_kex_proposal(cp);
+ 	myproposal[PROPOSAL_ENC_ALGS_CTOS] = compat_cipher_proposal(
+ 	    options.ciphers);
+ 	myproposal[PROPOSAL_ENC_ALGS_STOC] = compat_cipher_proposal(
+@@ -2586,7 +2586,7 @@ do_ssh2_kex(struct ssh *ssh)
+ 	if (gss && orig)
+ 		xasprintf(&newstr, "%s,%s", gss, orig);
+ 	else if (gss)
+-		newstr = gss;
++		xasprintf(&newstr, "%s,%s", gss, "kex-strict-s-v00@openssh.com");
+ 	else if (orig)
+ 		newstr = orig;
+ 
+@@ -2650,6 +2654,7 @@ do_ssh2_kex(struct ssh *ssh)
+ 	packet_send();
+ 	packet_write_wait();
+ #endif
++	free(cp);
+ 	debug("KEX done");
+ }
+ 

SOURCES/openssh-9.6p1-CVE-2023-51385.patch

@@ -0,0 +1,57 @@
+diff --git a/ssh.c b/ssh.c
+index 35c48e62..48d93ddf 100644
+--- a/ssh.c
++++ b/ssh.c
+@@ -626,6 +626,41 @@ ssh_conn_info_free(struct ssh_conn_info *cinfo)
+ 	}
+ }
+ 
++static int
++valid_hostname(const char *s)
++{
++	size_t i;
++
++	if (*s == '-')
++		return 0;
++	for (i = 0; s[i] != 0; i++) {
++		if (strchr("'`\"$\\;&<>|(){}", s[i]) != NULL ||
++		    isspace((u_char)s[i]) || iscntrl((u_char)s[i]))
++			return 0;
++	}
++	return 1;
++}
++
++static int
++valid_ruser(const char *s)
++{
++	size_t i;
++
++	if (*s == '-')
++		return 0;
++	for (i = 0; s[i] != 0; i++) {
++		if (strchr("'`\";&<>|(){}", s[i]) != NULL)
++			return 0;
++		/* Disallow '-' after whitespace */
++		if (isspace((u_char)s[i]) && s[i + 1] == '-')
++			return 0;
++		/* Disallow \ in last position */
++		if (s[i] == '\\' && s[i + 1] == '\0')
++			return 0;
++	}
++	return 1;
++}
++
+ /*
+  * Main program for the ssh client.
+  */
+@@ -1118,6 +1153,10 @@ main(int ac, char **av)
+ 	if (!host)
+ 		usage();
+ 
++	if (!valid_hostname(host))
++		fatal("hostname contains invalid characters");
++	if (options.user != NULL && !valid_ruser(options.user))
++		fatal("remote username contains invalid characters");
+ 	host_arg = xstrdup(host);
+ 
+ 	/* Initialize the command to execute on remote host. */

SOURCES/pam_ssh_agent-rmheaders

@@ -0,0 +1,37 @@
+authfd.c
+authfd.h
+atomicio.c
+atomicio.h
+bufaux.c
+bufbn.c
+buffer.h
+buffer.c
+cleanup.c
+cipher.h
+compat.h
+defines.h
+entropy.c
+entropy.h
+fatal.c
+includes.h
+kex.h
+key.c
+key.h
+log.c
+log.h
+match.h
+misc.c
+misc.h
+pathnames.h
+platform.h
+rsa.h
+ssh-dss.c
+ssh-rsa.c
+ssh.h
+ssh2.h
+uidswap.c
+uidswap.h
+uuencode.c
+uuencode.h
+xmalloc.c
+xmalloc.h

SOURCES/pam_ssh_agent_auth-0.10.2-compat.patch

@@ -0,0 +1,939 @@
+diff -up openssh/pam_ssh_agent_auth-0.10.3/get_command_line.c.psaa-compat openssh/pam_ssh_agent_auth-0.10.3/get_command_line.c
+--- openssh/pam_ssh_agent_auth-0.10.3/get_command_line.c.psaa-compat	2016-11-13 04:24:32.000000000 +0100
++++ openssh/pam_ssh_agent_auth-0.10.3/get_command_line.c	2018-08-24 10:22:56.281930322 +0200
+@@ -27,6 +27,7 @@
+  * or implied, of Jamie Beverly.
+  */
+ 
++#include <stdlib.h>
+ #include <stdio.h>
+ #include <errno.h>
+ #include <string.h>
+@@ -65,8 +66,8 @@ proc_pid_cmdline(char *** inargv)
+                 case EOF:
+                 case '\0':
+                     if (len > 0) { 
+-                        argv = pamsshagentauth_xrealloc(argv, count + 1, sizeof(*argv));
+-                        argv[count] = pamsshagentauth_xcalloc(len + 1, sizeof(*argv[count]));
++                        argv = xreallocarray(argv, count + 1, sizeof(*argv));
++                        argv[count] = xcalloc(len + 1, sizeof(*argv[count]));
+                         strncpy(argv[count++], argbuf, len);
+                         memset(argbuf, '\0', MAX_LEN_PER_CMDLINE_ARG + 1);
+                         len = 0;
+@@ -105,9 +106,9 @@ pamsshagentauth_free_command_line(char *
+ {
+     size_t i;
+     for (i = 0; i < n_args; i++)
+-        pamsshagentauth_xfree(argv[i]);
++        free(argv[i]);
+ 
+-    pamsshagentauth_xfree(argv);
++    free(argv);
+     return;
+ }
+ 
+diff -up openssh/pam_ssh_agent_auth-0.10.3/identity.h.psaa-compat openssh/pam_ssh_agent_auth-0.10.3/identity.h
+--- openssh/pam_ssh_agent_auth-0.10.3/identity.h.psaa-compat	2016-11-13 04:24:32.000000000 +0100
++++ openssh/pam_ssh_agent_auth-0.10.3/identity.h	2018-08-24 10:18:05.009393312 +0200
+@@ -30,8 +30,8 @@
+ #include "openbsd-compat/sys-queue.h"
+ #include "xmalloc.h"
+ #include "log.h"
+-#include "buffer.h"
+-#include "key.h"
++#include "sshbuf.h"
++#include "sshkey.h"
+ #include "authfd.h"
+ #include <stdio.h>
+ 
+@@ -41,7 +41,7 @@ typedef struct idlist Idlist;
+ struct identity {
+     TAILQ_ENTRY(identity) next;
+     AuthenticationConnection *ac;   /* set if agent supports key */
+-    Key *key;           /* public/private key */
++    struct sshkey *key;           /* public/private key */
+     char    *filename;      /* comment for agent-only keys */
+     int tried;
+     int isprivate;      /* key points to the private key */
+diff -up openssh/pam_ssh_agent_auth-0.10.3/iterate_ssh_agent_keys.c.psaa-compat openssh/pam_ssh_agent_auth-0.10.3/iterate_ssh_agent_keys.c
+--- openssh/pam_ssh_agent_auth-0.10.3/iterate_ssh_agent_keys.c.psaa-compat	2018-08-24 10:18:05.007393297 +0200
++++ openssh/pam_ssh_agent_auth-0.10.3/iterate_ssh_agent_keys.c	2018-08-24 10:18:32.937612513 +0200
+@@ -36,8 +36,8 @@
+ #include "openbsd-compat/sys-queue.h"
+ #include "xmalloc.h"
+ #include "log.h"
+-#include "buffer.h"
+-#include "key.h"
++#include "sshbuf.h"
++#include "sshkey.h"
+ #include "authfd.h"
+ #include <stdio.h>
+ #include <openssl/evp.h>
+@@ -58,6 +58,8 @@
+ #include "get_command_line.h"
+ extern char **environ;
+ 
++#define PAM_SSH_AGENT_AUTH_REQUESTv1 101
++
+ /* 
+  * Added by Jamie Beverly, ensure socket fd points to a socket owned by the user 
+  * A cursory check is done, but to avoid race conditions, it is necessary 
+@@ -77,7 +79,7 @@ log_action(char ** action, size_t count)
+     if (count == 0)
+         return NULL;
+    
+-    buf = pamsshagentauth_xcalloc((count * MAX_LEN_PER_CMDLINE_ARG) + (count * 3), sizeof(*buf));
++    buf = xcalloc((count * MAX_LEN_PER_CMDLINE_ARG) + (count * 3), sizeof(*buf));
+     for (i = 0; i < count; i++) {
+         strcat(buf, (i > 0) ? " '" : "'");
+         strncat(buf, action[i], MAX_LEN_PER_CMDLINE_ARG);
+@@ -87,21 +89,25 @@ log_action(char ** action, size_t count)
+ }
+ 
+ void
+-agent_action(Buffer *buf, char ** action, size_t count)
++agent_action(struct sshbuf **buf, char ** action, size_t count)
+ {
+     size_t i;
+-    pamsshagentauth_buffer_init(buf);
++    int r;
+ 
+-    pamsshagentauth_buffer_put_int(buf, count);
++    if ((*buf = sshbuf_new()) == NULL)
++        fatal("%s: sshbuf_new failed", __func__);
++    if ((r = sshbuf_put_u32(*buf, count)) != 0)
++        fatal("%s: buffer error: %s", __func__, ssh_err(r));
+ 
+     for (i = 0; i < count; i++) {
+-        pamsshagentauth_buffer_put_cstring(buf, action[i]);
++        if ((r = sshbuf_put_cstring(*buf, action[i])) != 0)
++            fatal("%s: buffer error: %s", __func__, ssh_err(r));
+     }
+ }
+ 
+ 
+-void
+-pamsshagentauth_session_id2_gen(Buffer * session_id2, const char * user,
++static void
++pamsshagentauth_session_id2_gen(struct sshbuf ** session_id2, const char * user,
+                                 const char * ruser, const char * servicename)
+ {
+     u_char *cookie = NULL;
+@@ -114,22 +116,23 @@ pamsshagentauth_session_id2_gen(Buffer *
+     char ** reported_argv = NULL;
+     size_t count = 0;
+     char * action_logbuf = NULL;
+-    Buffer action_agentbuf;
++    struct sshbuf *action_agentbuf = NULL;
+     uint8_t free_logbuf = 0;
+     char * retc;
+     int32_t reti;
++    int r;
+ 
+-    rnd = pamsshagentauth_arc4random();
++    rnd = arc4random();
+     cookie_len = ((uint8_t) rnd);
+     while (cookie_len < 16) { 
+         cookie_len += 16;                                          /* Add 16 bytes to the size to ensure that while the length is random, the length is always reasonable; ticket #18 */
+     }
+ 
+-    cookie = pamsshagentauth_xcalloc(1,cookie_len);
++    cookie = xcalloc(1, cookie_len);
+ 
+     for (i = 0; i < cookie_len; i++) {
+         if (i % 4 == 0) {
+-            rnd = pamsshagentauth_arc4random();
++            rnd = arc4random();
+         }
+         cookie[i] = (u_char) rnd;
+         rnd >>= 8;
+@@ -139,12 +141,13 @@ pamsshagentauth_session_id2_gen(Buffer *
+     if (count > 0) { 
+         free_logbuf = 1;
+         action_logbuf = log_action(reported_argv, count);
+-        agent_action(&action_agentbuf, reported_argv, count);
++        agent_action(&action_agentbuf, reported_argv, count);
+         pamsshagentauth_free_command_line(reported_argv, count);
+     }
+     else {
+         action_logbuf = "unknown on this platform";
+-        pamsshagentauth_buffer_init(&action_agentbuf); /* stays empty, means unavailable */
++        if ((action_agentbuf = sshbuf_new()) == NULL) /* stays empty, means unavailable */
++            fatal("%s: sshbuf_new failed", __func__);
+     }
+     
+     /*
+@@ -161,35 +163,39 @@ pamsshagentauth_session_id2_gen(Buffer *
+     retc = getcwd(pwd, sizeof(pwd) - 1);
+     time(&ts);
+ 
+-    pamsshagentauth_buffer_init(session_id2);
++    if ((*session_id2 = sshbuf_new()) == NULL)
++        fatal("%s: sshbuf_new failed", __func__);
+ 
+-    pamsshagentauth_buffer_put_int(session_id2, PAM_SSH_AGENT_AUTH_REQUESTv1);
+-    /* pamsshagentauth_debug3("cookie: %s", pamsshagentauth_tohex(cookie, cookie_len)); */
+-    pamsshagentauth_buffer_put_string(session_id2, cookie, cookie_len);
+-    /* pamsshagentauth_debug3("user: %s", user); */
+-    pamsshagentauth_buffer_put_cstring(session_id2, user);
+-    /* pamsshagentauth_debug3("ruser: %s", ruser); */
+-    pamsshagentauth_buffer_put_cstring(session_id2, ruser);
+-    /* pamsshagentauth_debug3("servicename: %s", servicename); */
+-    pamsshagentauth_buffer_put_cstring(session_id2, servicename);
+-    /* pamsshagentauth_debug3("pwd: %s", pwd); */
+-    if(retc)
+-        pamsshagentauth_buffer_put_cstring(session_id2, pwd);
+-    else
+-        pamsshagentauth_buffer_put_cstring(session_id2, "");
+-    /* pamsshagentauth_debug3("action: %s", action_logbuf); */
+-    pamsshagentauth_buffer_put_string(session_id2, action_agentbuf.buf + action_agentbuf.offset, action_agentbuf.end - action_agentbuf.offset);
++    if ((r = sshbuf_put_u32(*session_id2, PAM_SSH_AGENT_AUTH_REQUESTv1)) != 0 ||
++        (r = sshbuf_put_string(*session_id2, cookie, cookie_len)) != 0 ||
++        (r = sshbuf_put_cstring(*session_id2, user)) != 0 ||
++        (r = sshbuf_put_cstring(*session_id2, ruser)) != 0 ||
++        (r = sshbuf_put_cstring(*session_id2, servicename)) != 0)
++        fatal("%s: buffer error: %s", __func__, ssh_err(r));
++    if (retc) {
++        if ((r = sshbuf_put_cstring(*session_id2, pwd)) != 0)
++            fatal("%s: buffer error: %s", __func__, ssh_err(r));
++    } else {
++        if ((r = sshbuf_put_cstring(*session_id2, "")) != 0)
++            fatal("%s: buffer error: %s", __func__, ssh_err(r));
++    }
++    if ((r = sshbuf_put_stringb(*session_id2, action_agentbuf)) != 0)
++        fatal("%s: buffer error: %s", __func__, ssh_err(r));
+     if (free_logbuf) { 
+-        pamsshagentauth_xfree(action_logbuf);
+-        pamsshagentauth_buffer_free(&action_agentbuf);
++        free(action_logbuf);
++        sshbuf_free(action_agentbuf);
+     }
+-    /* pamsshagentauth_debug3("hostname: %s", hostname); */
+-    if(reti >= 0)
+-        pamsshagentauth_buffer_put_cstring(session_id2, hostname);
+-    else
+-        pamsshagentauth_buffer_put_cstring(session_id2, "");
+-    /* pamsshagentauth_debug3("ts: %ld", ts); */
+-    pamsshagentauth_buffer_put_int64(session_id2, (uint64_t) ts);
++    /* debug3("hostname: %s", hostname); */
++    if (reti >= 0) {
++        if ((r = sshbuf_put_cstring(*session_id2, hostname)) != 0)
++            fatal("%s: buffer error: %s", __func__, ssh_err(r));
++    } else {
++        if ((r = sshbuf_put_cstring(*session_id2, "")) != 0)
++            fatal("%s: buffer error: %s", __func__, ssh_err(r));
++    }
++    /* debug3("ts: %ld", ts); */
++    if ((r = sshbuf_put_u64(*session_id2, (uint64_t) ts)) != 0)
++        fatal("%s: buffer error: %s", __func__, ssh_err(r));
+ 
+     free(cookie);
+     return;
+@@ -278,7 +280,8 @@ ssh_get_authentication_connection_for_ui
+ 
+ 	auth = xmalloc(sizeof(*auth));
+ 	auth->fd = sock;
+-	buffer_init(&auth->identities);
++	if ((auth->identities = sshbuf_new()) == NULL)
++           fatal("%s: sshbuf_new failed", __func__);
+ 	auth->howmany = 0;
+ 
+ 	return auth;
+@@ -287,43 +289,42 @@ ssh_get_authentication_connection_for_ui
+ int
+ pamsshagentauth_find_authorized_keys(const char * user, const char * ruser, const char * servicename)
+ {
+-    Buffer session_id2 = { 0 };
++    struct sshbuf *session_id2 = NULL;
+     Identity *id;
+-    Key *key;
++    struct sshkey *key;
+     AuthenticationConnection *ac;
+     char *comment;
+     uint8_t retval = 0;
+     uid_t uid = getpwnam(ruser)->pw_uid;
+ 
+     OpenSSL_add_all_digests();
+-    pamsshagentauth_session_id2_gen(&session_id2, user, ruser, servicename);
++    pamsshagentauth_session_id2_gen(&session_id2, user, ruser, servicename);
+ 
+     if ((ac = ssh_get_authentication_connection_for_uid(uid))) {
+-        pamsshagentauth_verbose("Contacted ssh-agent of user %s (%u)", ruser, uid);
++        verbose("Contacted ssh-agent of user %s (%u)", ruser, uid);
+         for (key = ssh_get_first_identity(ac, &comment, 2); key != NULL; key = ssh_get_next_identity(ac, &comment, 2)) 
+         {
+             if(key != NULL) {
+-                id = pamsshagentauth_xcalloc(1, sizeof(*id));
++                id = xcalloc(1, sizeof(*id));
+                 id->key = key;
+                 id->filename = comment;
+                 id->ac = ac;
+-                if(userauth_pubkey_from_id(ruser, id, &session_id2)) {
++                if(userauth_pubkey_from_id(ruser, id, session_id2)) {
+                     retval = 1;
+                 }
+-                pamsshagentauth_xfree(id->filename);
+-                pamsshagentauth_key_free(id->key);
+-                pamsshagentauth_xfree(id);
++                free(id->filename);
++                key_free(id->key);
++                free(id);
+                 if(retval == 1)
+                     break;
+             }
+         }
+-        pamsshagentauth_buffer_free(&session_id2);
++        sshbuf_free(session_id2);
+         ssh_close_authentication_connection(ac);
+     }
+     else {
+-        pamsshagentauth_verbose("No ssh-agent could be contacted");
++        verbose("No ssh-agent could be contacted");
+     }
+-    /* pamsshagentauth_xfree(session_id2); */
+     EVP_cleanup();
+     return retval;
+ }
+diff -up openssh/pam_ssh_agent_auth-0.10.3/pam_ssh_agent_auth.c.psaa-compat openssh/pam_ssh_agent_auth-0.10.3/pam_ssh_agent_auth.c
+--- openssh/pam_ssh_agent_auth-0.10.3/pam_ssh_agent_auth.c.psaa-compat	2018-08-24 10:18:05.008393305 +0200
++++ openssh/pam_ssh_agent_auth-0.10.3/pam_ssh_agent_auth.c	2018-08-24 10:18:05.009393312 +0200
+@@ -104,7 +104,7 @@ pam_sm_authenticate(pam_handle_t * pamh,
+  * a patch 8-)
+  */
+ #if ! HAVE___PROGNAME || HAVE_BUNDLE
+-    __progname = pamsshagentauth_xstrdup(servicename);
++    __progname = xstrdup(servicename);
+ #endif
+ 
+     for(i = argc, argv_ptr = (char **) argv; i > 0; ++argv_ptr, i--) {
+@@ -130,11 +130,11 @@ pam_sm_authenticate(pam_handle_t * pamh,
+ #endif
+     }
+ 
+-    pamsshagentauth_log_init(__progname, log_lvl, facility, getenv("PAM_SSH_AGENT_AUTH_DEBUG") ? 1 : 0);
++    log_init(__progname, log_lvl, facility, getenv("PAM_SSH_AGENT_AUTH_DEBUG") ? 1 : 0);
+     pam_get_item(pamh, PAM_USER, (void *) &user);
+     pam_get_item(pamh, PAM_RUSER, (void *) &ruser_ptr);
+ 
+-    pamsshagentauth_verbose("Beginning pam_ssh_agent_auth for user %s", user);
++    verbose("Beginning pam_ssh_agent_auth for user %s", user);
+ 
+     if(ruser_ptr) {
+         strncpy(ruser, ruser_ptr, sizeof(ruser) - 1);
+@@ -149,12 +149,12 @@ pam_sm_authenticate(pam_handle_t * pamh,
+ #ifdef ENABLE_SUDO_HACK
+         if( (strlen(sudo_service_name) > 0) && strncasecmp(servicename, sudo_service_name, sizeof(sudo_service_name) - 1) == 0 && getenv("SUDO_USER") ) {
+             strncpy(ruser, getenv("SUDO_USER"), sizeof(ruser) - 1 );
+-            pamsshagentauth_verbose( "Using environment variable SUDO_USER (%s)", ruser );
++            verbose( "Using environment variable SUDO_USER (%s)", ruser );
+         } else
+ #endif
+         {
+             if( ! getpwuid(getuid()) ) {
+-                pamsshagentauth_verbose("Unable to getpwuid(getuid())");
++                verbose("Unable to getpwuid(getuid())");
+                 goto cleanexit;
+             }
+             strncpy(ruser, getpwuid(getuid())->pw_name, sizeof(ruser) - 1);
+@@ -163,11 +163,11 @@ pam_sm_authenticate(pam_handle_t * pamh,
+ 
+     /* Might as well explicitely confirm the user exists here */
+     if(! getpwnam(ruser) ) {
+-        pamsshagentauth_verbose("getpwnam(%s) failed, bailing out", ruser);
++        verbose("getpwnam(%s) failed, bailing out", ruser);
+         goto cleanexit;
+     }
+     if( ! getpwnam(user) ) {
+-        pamsshagentauth_verbose("getpwnam(%s) failed, bailing out", user);
++        verbose("getpwnam(%s) failed, bailing out", user);
+         goto cleanexit;
+     }
+ 
+@@ -177,8 +177,8 @@ pam_sm_authenticate(pam_handle_t * pamh,
+          */
+         parse_authorized_key_file(user, authorized_keys_file_input);
+     } else {
+-        pamsshagentauth_verbose("Using default file=/etc/security/authorized_keys");
+-        authorized_keys_file = pamsshagentauth_xstrdup("/etc/security/authorized_keys");
++        verbose("Using default file=/etc/security/authorized_keys");
++        authorized_keys_file = xstrdup("/etc/security/authorized_keys");
+     }
+ 
+     /*
+@@ -187,19 +187,19 @@ pam_sm_authenticate(pam_handle_t * pamh,
+      */
+ 
+     if(user && strlen(ruser) > 0) {
+-        pamsshagentauth_verbose("Attempting authentication: `%s' as `%s' using %s", ruser, user, authorized_keys_file);
++        verbose("Attempting authentication: `%s' as `%s' using %s", ruser, user, authorized_keys_file);
+ 
+         /*
+          * this pw_uid is used to validate the SSH_AUTH_SOCK, and so must be the uid of the ruser invoking the program, not the target-user
+          */
+         if(pamsshagentauth_find_authorized_keys(user, ruser, servicename)) { /* getpwnam(ruser)->pw_uid)) { */
+-            pamsshagentauth_logit("Authenticated: `%s' as `%s' using %s", ruser, user, authorized_keys_file);
++            logit("Authenticated: `%s' as `%s' using %s", ruser, user, authorized_keys_file);
+             retval = PAM_SUCCESS;
+         } else {
+-            pamsshagentauth_logit("Failed Authentication: `%s' as `%s' using %s", ruser, user, authorized_keys_file);
++            logit("Failed Authentication: `%s' as `%s' using %s", ruser, user, authorized_keys_file);
+         }
+     } else {
+-        pamsshagentauth_logit("No %s specified, cannot continue with this form of authentication", (user) ? "ruser" : "user" );
++        logit("No %s specified, cannot continue with this form of authentication", (user) ? "ruser" : "user" );
+     }
+ 
+ cleanexit:
+diff -up openssh/pam_ssh_agent_auth-0.10.3/pam_user_authorized_keys.c.psaa-compat openssh/pam_ssh_agent_auth-0.10.3/pam_user_authorized_keys.c
+--- openssh/pam_ssh_agent_auth-0.10.3/pam_user_authorized_keys.c.psaa-compat	2016-11-13 04:24:32.000000000 +0100
++++ openssh/pam_ssh_agent_auth-0.10.3/pam_user_authorized_keys.c	2018-08-24 10:18:05.009393312 +0200
+@@ -66,8 +66,8 @@
+ #include "xmalloc.h"
+ #include "match.h"
+ #include "log.h"
+-#include "buffer.h"
+-#include "key.h"
++#include "sshbuf.h"
++#include "sshkey.h"
+ #include "misc.h"
+ 
+ #include "xmalloc.h"
+@@ -77,7 +77,6 @@
+ #include "pathnames.h"
+ #include "secure_filename.h"
+ 
+-#include "identity.h"
+ #include "pam_user_key_allowed2.h"
+ 
+ extern char *authorized_keys_file;
+@@ -117,12 +116,12 @@ parse_authorized_key_file(const char *us
+         } else {
+             slash_ptr = strchr(auth_keys_file_buf, '/');
+             if(!slash_ptr)
+-                pamsshagentauth_fatal
++                fatal
+                     ("cannot expand tilde in path without a `/'");
+ 
+             owner_uname_len = slash_ptr - auth_keys_file_buf - 1;
+             if(owner_uname_len > (sizeof(owner_uname) - 1))
+-                pamsshagentauth_fatal("Username too long");
++                fatal("Username too long");
+ 
+             strncat(owner_uname, auth_keys_file_buf + 1, owner_uname_len);
+             if(!authorized_keys_file_allowed_owner_uid)
+@@ -130,11 +129,11 @@ parse_authorized_key_file(const char *us
+                     getpwnam(owner_uname)->pw_uid;
+         }
+         authorized_keys_file =
+-            pamsshagentauth_tilde_expand_filename(auth_keys_file_buf,
++            tilde_expand_filename(auth_keys_file_buf,
+                                                   authorized_keys_file_allowed_owner_uid);
+         strncpy(auth_keys_file_buf, authorized_keys_file,
+                 sizeof(auth_keys_file_buf) - 1);
+-        pamsshagentauth_xfree(authorized_keys_file)        /* when we
++        free(authorized_keys_file)        /* when we
+                                                               percent_expand
+                                                               later, we'd step
+                                                               on this, so free
+@@ -150,13 +149,13 @@ parse_authorized_key_file(const char *us
+     strncat(hostname, fqdn, strcspn(fqdn, "."));
+ #endif
+     authorized_keys_file =
+-        pamsshagentauth_percent_expand(auth_keys_file_buf, "h",
++        percent_expand(auth_keys_file_buf, "h",
+                                        getpwnam(user)->pw_dir, "H", hostname,
+                                        "f", fqdn, "u", user, NULL);
+ }
+ 
+ int
+-pam_user_key_allowed(const char *ruser, Key * key)
++pam_user_key_allowed(const char *ruser, struct sshkey * key)
+ {
+     return
+         pamsshagentauth_user_key_allowed2(getpwuid(authorized_keys_file_allowed_owner_uid),
+diff -up openssh/pam_ssh_agent_auth-0.10.3/pam_user_authorized_keys.h.psaa-compat openssh/pam_ssh_agent_auth-0.10.3/pam_user_authorized_keys.h
+--- openssh/pam_ssh_agent_auth-0.10.3/pam_user_authorized_keys.h.psaa-compat	2016-11-13 04:24:32.000000000 +0100
++++ openssh/pam_ssh_agent_auth-0.10.3/pam_user_authorized_keys.h	2018-08-24 10:18:05.010393320 +0200
+@@ -32,7 +32,7 @@
+ #define _PAM_USER_KEY_ALLOWED_H
+ 
+ #include "identity.h"
+-int pam_user_key_allowed(const char *, Key *);
++int pam_user_key_allowed(const char *, struct sshkey *);
+ void parse_authorized_key_file(const char *, const char *);
+ 
+ #endif
+diff -up openssh/pam_ssh_agent_auth-0.10.3/pam_user_key_allowed2.c.psaa-compat openssh/pam_ssh_agent_auth-0.10.3/pam_user_key_allowed2.c
+--- openssh/pam_ssh_agent_auth-0.10.3/pam_user_key_allowed2.c.psaa-compat	2016-11-13 04:24:32.000000000 +0100
++++ openssh/pam_ssh_agent_auth-0.10.3/pam_user_key_allowed2.c	2018-08-24 10:18:05.010393320 +0200
+@@ -45,44 +45,46 @@
+ #include "xmalloc.h"
+ #include "ssh.h"
+ #include "ssh2.h"
+-#include "buffer.h"
++#include "sshbuf.h"
+ #include "log.h"
+ #include "compat.h"
+-#include "key.h"
++#include "digest.h"
++#include "sshkey.h"
+ #include "pathnames.h"
+ #include "misc.h"
+ #include "secure_filename.h"
+ #include "uidswap.h"
+-
+-#include "identity.h"
++#include <unistd.h>
+ 
+ /* return 1 if user allows given key */
+ /* Modified slightly from original found in auth2-pubkey.c */
+ static int
+-pamsshagentauth_check_authkeys_file(FILE * f, char *file, Key * key)
++pamsshagentauth_check_authkeys_file(FILE * f, char *file, struct sshkey * key)
+ {
+-    char line[SSH_MAX_PUBKEY_BYTES];
++    char *line = NULL;
+     int found_key = 0;
+     u_long linenum = 0;
+-    Key *found;
++    struct sshkey *found;
+     char *fp;
++    size_t linesize = 0;
+ 
+     found_key = 0;
+-    found = pamsshagentauth_key_new(key->type);
++    found = sshkey_new(key->type);
+ 
+-    while(read_keyfile_line(f, file, line, sizeof(line), &linenum) != -1) {
++    while ((getline(&line, &linesize, f)) != -1) {
+         char *cp = NULL; /* *key_options = NULL; */
+ 
++        linenum++;
+         /* Skip leading whitespace, empty and comment lines. */
+         for(cp = line; *cp == ' ' || *cp == '\t'; cp++);
+         if(!*cp || *cp == '\n' || *cp == '#')
+             continue;
+ 
+-        if(pamsshagentauth_key_read(found, &cp) != 1) {
++        if (sshkey_read(found, &cp) != 0) {
+             /* no key? check if there are options for this key */
+             int quoted = 0;
+ 
+-            pamsshagentauth_verbose("user_key_allowed: check options: '%s'", cp);
++            verbose("user_key_allowed: check options: '%s'", cp);
+             /* key_options = cp; */
+             for(; *cp && (quoted || (*cp != ' ' && *cp != '\t')); cp++) {
+                 if(*cp == '\\' && cp[1] == '"')
+@@ -92,26 +94,27 @@ pamsshagentauth_check_authkeys_file(FILE
+             }
+             /* Skip remaining whitespace. */
+             for(; *cp == ' ' || *cp == '\t'; cp++);
+-            if(pamsshagentauth_key_read(found, &cp) != 1) {
+-                pamsshagentauth_verbose("user_key_allowed: advance: '%s'", cp);
++            if(sshkey_read(found, &cp) != 0) {
++                verbose("user_key_allowed: advance: '%s'", cp);
+                 /* still no key? advance to next line */
+                 continue;
+             }
+         }
+-        if(pamsshagentauth_key_equal(found, key)) {
++        if(sshkey_equal(found, key)) {
+             found_key = 1;
+-            pamsshagentauth_logit("matching key found: file/command %s, line %lu", file,
++            logit("matching key found: file/command %s, line %lu", file,
+                                   linenum);
+-            fp = pamsshagentauth_key_fingerprint(found, SSH_FP_MD5, SSH_FP_HEX);
+-            pamsshagentauth_logit("Found matching %s key: %s",
+-                                  pamsshagentauth_key_type(found), fp);
+-            pamsshagentauth_xfree(fp);
++            fp = sshkey_fingerprint(found, SSH_DIGEST_SHA256, SSH_FP_BASE64);
++            logit("Found matching %s key: %s",
++                                  sshkey_type(found), fp);
++            free(fp);
+             break;
+         }
+     }
+-    pamsshagentauth_key_free(found);
++    free(line);
++    sshkey_free(found);
+     if(!found_key)
+-        pamsshagentauth_verbose("key not found");
++        verbose("key not found");
+     return found_key;
+ }
+ 
+@@ -120,19 +123,19 @@ pamsshagentauth_check_authkeys_file(FILE
+  * returns 1 if the key is allowed or 0 otherwise.
+  */
+ int
+-pamsshagentauth_user_key_allowed2(struct passwd *pw, Key * key, char *file)
++pamsshagentauth_user_key_allowed2(struct passwd *pw, struct sshkey * key, char *file)
+ {
+     FILE *f;
+     int found_key = 0;
+     struct stat st;
+-    char buf[SSH_MAX_PUBKEY_BYTES];
++    char buf[256];
+ 
+     /* Temporarily use the user's uid. */
+-    pamsshagentauth_verbose("trying public key file %s", file);
++    verbose("trying public key file %s", file);
+ 
+     /* Fail not so quietly if file does not exist */
+     if(stat(file, &st) < 0) {
+-        pamsshagentauth_verbose("File not found: %s", file);
++        verbose("File not found: %s", file);
+         return 0;
+     }
+ 
+@@ -144,7 +147,7 @@ pamsshagentauth_user_key_allowed2(struct
+ 
+     if(pamsshagentauth_secure_filename(f, file, pw, buf, sizeof(buf)) != 0) {
+         fclose(f);
+-        pamsshagentauth_logit("Authentication refused: %s", buf);
++        logit("Authentication refused: %s", buf);
+         return 0;
+     }
+ 
+@@ -160,7 +163,7 @@ pamsshagentauth_user_key_allowed2(struct
+ int
+ pamsshagentauth_user_key_command_allowed2(char *authorized_keys_command,
+                           char *authorized_keys_command_user,
+-                          struct passwd *user_pw, Key * key)
++                          struct passwd *user_pw, struct sshkey * key)
+ {
+     FILE *f;
+     int ok, found_key = 0;
+@@ -187,44 +190,44 @@ pamsshagentauth_user_key_command_allowed
+     else {
+         pw = getpwnam(authorized_keys_command_user);
+         if(pw == NULL) {
+-            pamsshagentauth_logerror("authorized_keys_command_user \"%s\" not found: %s",
++            error("authorized_keys_command_user \"%s\" not found: %s",
+                  authorized_keys_command_user, strerror(errno));
+             return 0;
+         }
+     }
+ 
+-    pamsshagentauth_temporarily_use_uid(pw);
++    temporarily_use_uid(pw);
+ 
+     if(stat(authorized_keys_command, &st) < 0) {
+-        pamsshagentauth_logerror
++        error
+             ("Could not stat AuthorizedKeysCommand \"%s\": %s",
+              authorized_keys_command, strerror(errno));
+         goto out;
+     }
+     if(pamsshagentauth_auth_secure_path
+        (authorized_keys_command, &st, NULL, 0, errmsg, sizeof(errmsg)) != 0) {
+-        pamsshagentauth_logerror("Unsafe AuthorizedKeysCommand: %s", errmsg);
++        error("Unsafe AuthorizedKeysCommand: %s", errmsg);
+         goto out;
+     }
+ 
+     /* open the pipe and read the keys */
+     if(pipe(p) != 0) {
+-        pamsshagentauth_logerror("%s: pipe: %s", __func__, strerror(errno));
++        error("%s: pipe: %s", __func__, strerror(errno));
+         goto out;
+     }
+ 
+-    pamsshagentauth_debug("Running AuthorizedKeysCommand: \"%s\" as \"%s\" with argument: \"%s\"",
++    debug("Running AuthorizedKeysCommand: \"%s\" as \"%s\" with argument: \"%s\"",
+                           authorized_keys_command, pw->pw_name, username);
+ 
+     /* 
+      * Don't want to call this in the child, where it can fatal() and
+      * run cleanup_exit() code.
+      */
+-    pamsshagentauth_restore_uid();
++    restore_uid();
+ 
+     switch ((pid = fork())) {
+     case -1:                                              /* error */
+-        pamsshagentauth_logerror("%s: fork: %s", __func__, strerror(errno));
++        error("%s: fork: %s", __func__, strerror(errno));
+         close(p[0]);
+         close(p[1]);
+         return 0;
+@@ -234,13 +237,13 @@ pamsshagentauth_user_key_command_allowed
+ 
+         /* do this before the setresuid so thta they can be logged */
+         if((devnull = open(_PATH_DEVNULL, O_RDWR)) == -1) {
+-            pamsshagentauth_logerror("%s: open %s: %s", __func__, _PATH_DEVNULL,
++            error("%s: open %s: %s", __func__, _PATH_DEVNULL,
+                                      strerror(errno));
+             _exit(1);
+         }
+         if(dup2(devnull, STDIN_FILENO) == -1 || dup2(p[1], STDOUT_FILENO) == -1
+            || dup2(devnull, STDERR_FILENO) == -1) {
+-            pamsshagentauth_logerror("%s: dup2: %s", __func__, strerror(errno));
++            error("%s: dup2: %s", __func__, strerror(errno));
+             _exit(1);
+         }
+ #if defined(HAVE_SETRESGID) && !defined(BROKEN_SETRESGID)
+@@ -248,7 +251,7 @@ pamsshagentauth_user_key_command_allowed
+ #else
+         if (setgid(pw->pw_gid) != 0 || setegid(pw->pw_gid) != 0) {
+ #endif
+-            pamsshagentauth_logerror("setresgid %u: %s", (u_int) pw->pw_gid,
++            error("setresgid %u: %s", (u_int) pw->pw_gid,
+                                      strerror(errno));
+             _exit(1);
+         }
+@@ -258,7 +261,7 @@ pamsshagentauth_user_key_command_allowed
+ #else
+         if (setuid(pw->pw_uid) != 0 || seteuid(pw->pw_uid) != 0) {
+ #endif
+-            pamsshagentauth_logerror("setresuid %u: %s", (u_int) pw->pw_uid,
++            error("setresuid %u: %s", (u_int) pw->pw_uid,
+                                      strerror(errno));
+             _exit(1);
+         }
+@@ -270,18 +273,18 @@ pamsshagentauth_user_key_command_allowed
+ 
+         /* pretty sure this will barf because we are now suid, but since we
+            should't reach this anyway, I'll leave it here */
+-        pamsshagentauth_logerror("AuthorizedKeysCommand %s exec failed: %s",
++        error("AuthorizedKeysCommand %s exec failed: %s",
+                                  authorized_keys_command, strerror(errno));
+         _exit(127);
+     default:                                              /* parent */
+         break;
+     }
+ 
+-    pamsshagentauth_temporarily_use_uid(pw);
++    temporarily_use_uid(pw);
+ 
+     close(p[1]);
+     if((f = fdopen(p[0], "r")) == NULL) {
+-        pamsshagentauth_logerror("%s: fdopen: %s", __func__, strerror(errno));
++        error("%s: fdopen: %s", __func__, strerror(errno));
+         close(p[0]);
+         /* Don't leave zombie child */
+         while(waitpid(pid, NULL, 0) == -1 && errno == EINTR);
+@@ -292,22 +295,22 @@ pamsshagentauth_user_key_command_allowed
+ 
+     while(waitpid(pid, &status, 0) == -1) {
+         if(errno != EINTR) {
+-            pamsshagentauth_logerror("%s: waitpid: %s", __func__,
++            error("%s: waitpid: %s", __func__,
+                                      strerror(errno));
+             goto out;
+         }
+     }
+     if(WIFSIGNALED(status)) {
+-        pamsshagentauth_logerror("AuthorizedKeysCommand %s exited on signal %d",
++        error("AuthorizedKeysCommand %s exited on signal %d",
+                                  authorized_keys_command, WTERMSIG(status));
+         goto out;
+     } else if(WEXITSTATUS(status) != 0) {
+-        pamsshagentauth_logerror("AuthorizedKeysCommand %s returned status %d",
++        error("AuthorizedKeysCommand %s returned status %d",
+                                  authorized_keys_command, WEXITSTATUS(status));
+         goto out;
+     }
+     found_key = ok;
+   out:
+-    pamsshagentauth_restore_uid();
++    restore_uid();
+     return found_key;
+ }
+diff -up openssh/pam_ssh_agent_auth-0.10.3/pam_user_key_allowed2.h.psaa-compat openssh/pam_ssh_agent_auth-0.10.3/pam_user_key_allowed2.h
+--- openssh/pam_ssh_agent_auth-0.10.3/pam_user_key_allowed2.h.psaa-compat	2016-11-13 04:24:32.000000000 +0100
++++ openssh/pam_ssh_agent_auth-0.10.3/pam_user_key_allowed2.h	2018-08-24 10:18:05.010393320 +0200
+@@ -32,7 +32,7 @@
+ #define _PAM_USER_KEY_ALLOWED_H
+ 
+ #include "identity.h"
+-int pamsshagentauth_user_key_allowed2(struct passwd *, Key *, char *);
+-int pamsshagentauth_user_key_command_allowed2(char *, char *, struct passwd *, Key *);
++int pamsshagentauth_user_key_allowed2(struct passwd *, struct sshkey *, char *);
++int pamsshagentauth_user_key_command_allowed2(char *, char *, struct passwd *, struct sshkey *);
+ 
+ #endif
+diff -up openssh/pam_ssh_agent_auth-0.10.3/secure_filename.c.psaa-compat openssh/pam_ssh_agent_auth-0.10.3/secure_filename.c
+--- openssh/pam_ssh_agent_auth-0.10.3/secure_filename.c.psaa-compat	2016-11-13 04:24:32.000000000 +0100
++++ openssh/pam_ssh_agent_auth-0.10.3/secure_filename.c	2018-08-24 10:18:05.010393320 +0200
+@@ -53,8 +53,8 @@
+ #include "xmalloc.h"
+ #include "match.h"
+ #include "log.h"
+-#include "buffer.h"
+-#include "key.h"
++#include "sshbuf.h"
++#include "sshkey.h"
+ #include "misc.h"
+ 
+ 
+@@ -80,7 +80,7 @@ pamsshagentauth_auth_secure_path(const c
+ 	int comparehome = 0;
+ 	struct stat st;
+ 
+-    pamsshagentauth_verbose("auth_secure_filename: checking for uid: %u", uid);
++    verbose("auth_secure_filename: checking for uid: %u", uid);
+ 
+ 	if (realpath(name, buf) == NULL) {
+ 		snprintf(err, errlen, "realpath %s failed: %s", name,
+@@ -115,9 +115,9 @@ pamsshagentauth_auth_secure_path(const c
+ 			snprintf(err, errlen, "dirname() failed");
+ 			return -1;
+ 		}
+-		pamsshagentauth_strlcpy(buf, cp, sizeof(buf));
++		strlcpy(buf, cp, sizeof(buf));
+ 
+-		pamsshagentauth_verbose("secure_filename: checking '%s'", buf);
++		verbose("secure_filename: checking '%s'", buf);
+ 		if (stat(buf, &st) < 0 ||
+ 		    (st.st_uid != 0 && st.st_uid != uid) ||
+ 		    (st.st_mode & 022) != 0) {
+@@ -128,7 +128,7 @@ pamsshagentauth_auth_secure_path(const c
+ 
+ 		/* If are passed the homedir then we can stop */
+ 		if (comparehome && strcmp(homedir, buf) == 0) {
+-			pamsshagentauth_verbose("secure_filename: terminating check at '%s'",
++			verbose("secure_filename: terminating check at '%s'",
+ 			    buf);
+ 			break;
+ 		}
+diff -up openssh/pam_ssh_agent_auth-0.10.3/userauth_pubkey_from_id.c.psaa-compat openssh/pam_ssh_agent_auth-0.10.3/userauth_pubkey_from_id.c
+--- openssh/pam_ssh_agent_auth-0.10.3/userauth_pubkey_from_id.c.psaa-compat	2016-11-13 04:24:32.000000000 +0100
++++ openssh/pam_ssh_agent_auth-0.10.3/userauth_pubkey_from_id.c	2018-08-24 10:22:13.202657025 +0200
+@@ -37,10 +37,11 @@
+ #include "xmalloc.h"
+ #include "ssh.h"
+ #include "ssh2.h"
+-#include "buffer.h"
++#include "sshbuf.h"
+ #include "log.h"
+ #include "compat.h"
+-#include "key.h"
++#include "sshkey.h"
++#include "ssherr.h"
+ #include "pathnames.h"
+ #include "misc.h"
+ #include "secure_filename.h"
+@@ -48,54 +48,59 @@
+ #include "identity.h"
+ #include "pam_user_authorized_keys.h"
+ 
++#define SSH2_MSG_USERAUTH_TRUST_REQUEST          54
++
+ /* extern u_char  *session_id2;
+ extern uint8_t  session_id_len;
+  */
+ 
+ int
+-userauth_pubkey_from_id(const char *ruser, Identity * id, Buffer * session_id2)
++userauth_pubkey_from_id(const char *ruser, Identity * id, struct sshbuf * session_id2)
+ {
+-    Buffer          b = { 0 };
++    struct sshbuf  *b = NULL;
+     char           *pkalg = NULL;
+     u_char         *pkblob = NULL, *sig = NULL;
+-    u_int           blen = 0, slen = 0;
++    size_t          blen = 0, slen = 0;
+-    int             authenticated = 0;
++    int             r, authenticated = 0;
+ 
+-    pkalg = (char *) key_ssh_name(id->key);
++    pkalg = (char *) sshkey_ssh_name(id->key);
+ 
+     /* first test if this key is even allowed */
+     if(! pam_user_key_allowed(ruser, id->key))
+-        goto user_auth_clean_exit;
++        goto user_auth_clean_exit_without_buffer;
+ 
+-    if(pamsshagentauth_key_to_blob(id->key, &pkblob, &blen) == 0)
+-        goto user_auth_clean_exit;
++    if(sshkey_to_blob(id->key, &pkblob, &blen) != 0)
++        goto user_auth_clean_exit_without_buffer;
+ 
+     /* construct packet to sign and test */
+-    pamsshagentauth_buffer_init(&b);
++    if ((b = sshbuf_new()) == NULL)
++        fatal("%s: sshbuf_new failed", __func__);
+ 
+-    pamsshagentauth_buffer_put_string(&b, session_id2->buf + session_id2->offset, session_id2->end - session_id2->offset);
+-    pamsshagentauth_buffer_put_char(&b, SSH2_MSG_USERAUTH_TRUST_REQUEST); 
+-    pamsshagentauth_buffer_put_cstring(&b, ruser);
+-    pamsshagentauth_buffer_put_cstring(&b, "pam_ssh_agent_auth");
+-    pamsshagentauth_buffer_put_cstring(&b, "publickey");
+-    pamsshagentauth_buffer_put_char(&b, 1);
+-    pamsshagentauth_buffer_put_cstring(&b, pkalg);
+-    pamsshagentauth_buffer_put_string(&b, pkblob, blen);
++    if ((r = sshbuf_put_string(b, sshbuf_ptr(session_id2), sshbuf_len(session_id2))) != 0 ||
++        (r = sshbuf_put_u8(b, SSH2_MSG_USERAUTH_TRUST_REQUEST)) != 0 ||
++        (r = sshbuf_put_cstring(b, ruser)) != 0 ||
++        (r = sshbuf_put_cstring(b, "pam_ssh_agent_auth")) != 0 ||
++        (r = sshbuf_put_cstring(b, "publickey")) != 0 ||
++        (r = sshbuf_put_u8(b, 1)) != 0 ||
++        (r = sshbuf_put_cstring(b, pkalg)) != 0 ||
++        (r = sshbuf_put_string(b, pkblob, blen)) != 0)
++        fatal("%s: buffer error: %s", __func__, ssh_err(r));
+ 
+-    if(ssh_agent_sign(id->ac, id->key, &sig, &slen, pamsshagentauth_buffer_ptr(&b), pamsshagentauth_buffer_len(&b)) != 0)
++    if (ssh_agent_sign(id->ac, id->key, &sig, &slen, sshbuf_ptr(b), sshbuf_len(b)) != 0)
+         goto user_auth_clean_exit;
+ 
+     /* test for correct signature */
+-    if(pamsshagentauth_key_verify(id->key, sig, slen, pamsshagentauth_buffer_ptr(&b), pamsshagentauth_buffer_len(&b)) == 1)
++    if (sshkey_verify(id->key, sig, slen, sshbuf_ptr(b), sshbuf_len(b), NULL, 0) == 0)
+         authenticated = 1;
+ 
+   user_auth_clean_exit:
+     /* if(&b != NULL) */
+-    pamsshagentauth_buffer_free(&b);
++    sshbuf_free(b);
++  user_auth_clean_exit_without_buffer:
+     if(sig != NULL)
+-        pamsshagentauth_xfree(sig);
++        free(sig);
+     if(pkblob != NULL)
+-        pamsshagentauth_xfree(pkblob);
++        free(pkblob);
+     CRYPTO_cleanup_all_ex_data();
+     return authenticated;
+ }
+diff -up openssh/pam_ssh_agent_auth-0.10.3/userauth_pubkey_from_id.h.psaa-compat openssh/pam_ssh_agent_auth-0.10.3/userauth_pubkey_from_id.h
+--- openssh/pam_ssh_agent_auth-0.10.3/userauth_pubkey_from_id.h.psaa-compat	2016-11-13 04:24:32.000000000 +0100
++++ openssh/pam_ssh_agent_auth-0.10.3/userauth_pubkey_from_id.h	2018-08-24 10:18:05.010393320 +0200
+@@ -31,7 +31,7 @@
+ #ifndef _USERAUTH_PUBKEY_FROM_ID_H
+ #define _USERAUTH_PUBKEY_FROM_ID_H
+ 
+-#include <identity.h>
+-int userauth_pubkey_from_id(const char *, Identity *, Buffer *);
++#include "identity.h"
++int userauth_pubkey_from_id(const char *, Identity *, struct sshbuf *);
+ 
+ #endif
+diff -up openssh/pam_ssh_agent_auth-0.10.3/uuencode.c.psaa-compat openssh/pam_ssh_agent_auth-0.10.3/uuencode.c
+--- openssh/pam_ssh_agent_auth-0.10.3/uuencode.c.psaa-compat	2016-11-13 04:24:32.000000000 +0100
++++ openssh/pam_ssh_agent_auth-0.10.3/uuencode.c	2018-08-24 10:18:05.010393320 +0200
+@@ -56,7 +56,7 @@ pamsshagentauth_uudecode(const char *src
+ 	/* and remove trailing whitespace because __b64_pton needs this */
+ 	*p = '\0';
+ 	len = pamsshagentauth___b64_pton(encoded, target, targsize);
+-	pamsshagentauth_xfree(encoded);
++	xfree(encoded);
+ 	return len;
+ }
+ 
+@@ -70,7 +70,7 @@ pamsshagentauth_dump_base64(FILE *fp, co
+ 		fprintf(fp, "dump_base64: len > 65536\n");
+ 		return;
+ 	}
+-	buf = pamsshagentauth_xmalloc(2*len);
++	buf = malloc(2*len);
+ 	n = pamsshagentauth_uuencode(data, len, buf, 2*len);
+ 	for (i = 0; i < n; i++) {
+ 		fprintf(fp, "%c", buf[i]);
+@@ -79,5 +79,5 @@ pamsshagentauth_dump_base64(FILE *fp, co
+ 	}
+ 	if (i % 70 != 69)
+ 		fprintf(fp, "\n");
+-	pamsshagentauth_xfree(buf);
++	free(buf);
+ }

SOURCES/pam_ssh_agent_auth-0.10.2-dereference.patch

@@ -0,0 +1,20 @@
+diff --git a/pam_ssh_agent_auth-0.10.2/pam_user_authorized_keys.c b/pam_ssh_agent_auth-0.10.2/pam_user_authorized_keys.c
+--- a/pam_ssh_agent_auth-0.10.2/pam_user_authorized_keys.c
++++ b/pam_ssh_agent_auth-0.10.2/pam_user_authorized_keys.c
+@@ -158,11 +158,12 @@ parse_authorized_key_file(const char *user,
+ int
+ pam_user_key_allowed(const char *ruser, struct sshkey * key)
+ {
++    struct passwd *pw;
+     return
+-        pamsshagentauth_user_key_allowed2(getpwuid(authorized_keys_file_allowed_owner_uid),
+-                                          key, authorized_keys_file)
+-        || pamsshagentauth_user_key_allowed2(getpwuid(0), key,
+-                                             authorized_keys_file)
++        ( (pw = getpwuid(authorized_keys_file_allowed_owner_uid)) &&
++            pamsshagentauth_user_key_allowed2(pw, key, authorized_keys_file))
++        || ((pw = getpwuid(0)) &&
++            pamsshagentauth_user_key_allowed2(pw, key, authorized_keys_file))
+         || pamsshagentauth_user_key_command_allowed2(authorized_keys_command,
+                                                      authorized_keys_command_user,
+                                                      getpwnam(ruser), key);

SOURCES/pam_ssh_agent_auth-0.10.3-seteuid.patch

@@ -0,0 +1,37 @@
+diff -up openssh-7.4p1/pam_ssh_agent_auth-0.10.3/iterate_ssh_agent_keys.c.psaa-seteuid openssh-7.4p1/pam_ssh_agent_auth-0.10.3/iterate_ssh_agent_keys.c
+--- openssh-7.4p1/pam_ssh_agent_auth-0.10.3/iterate_ssh_agent_keys.c.psaa-seteuid	2017-02-07 15:41:53.172334151 +0100
++++ openssh-7.4p1/pam_ssh_agent_auth-0.10.3/iterate_ssh_agent_keys.c	2017-02-07 15:41:53.174334149 +0100
+@@ -238,17 +238,26 @@ ssh_get_authentication_socket_for_uid(ui
+ 	}
+ 
+ 	errno = 0; 
+-	seteuid(uid); /* To ensure a race condition is not used to circumvent the stat
+-	             above, we will temporarily drop UID to the caller */
+-	if (connect(sock, (struct sockaddr *)&sunaddr, sizeof sunaddr) < 0) {
++	/* To ensure a race condition is not used to circumvent the stat
++	   above, we will temporarily drop UID to the caller */
++	if (seteuid(uid) == -1) {
+ 		close(sock);
+-        if(errno == EACCES)
+-		fatal("MAJOR SECURITY WARNING: uid %lu made a deliberate and malicious attempt to open an agent socket owned by another user", (unsigned long) uid);
++		error("seteuid(%lu) failed with error: %s",
++		    (unsigned long) uid, strerror(errno));
+ 		return -1;
+ 	}
++	if (connect(sock, (struct sockaddr *)&sunaddr, sizeof sunaddr) < 0) {
++		close(sock);
++		sock = -1;
++		if(errno == EACCES)
++			fatal("MAJOR SECURITY WARNING: uid %lu made a deliberate and malicious attempt to open an agent socket owned by another user", (unsigned long) uid);
++	}
+ 
+-	seteuid(0); /* we now continue the regularly scheduled programming */
+-
++	/* we now continue the regularly scheduled programming */
++	if (0 != seteuid(0)) {
++		fatal("setuid(0) failed with error: %s", strerror(errno));
++		return -1;
++	}
+ 	return sock;
+ }
+ 

SOURCES/pam_ssh_agent_auth-0.9.2-visibility.patch

@@ -0,0 +1,21 @@
+diff -up openssh-7.1p2/pam_ssh_agent_auth-0.10.2/pam_ssh_agent_auth.c.psaa-visibility openssh-7.1p2/pam_ssh_agent_auth-0.10.2/pam_ssh_agent_auth.c
+--- openssh-7.1p2/pam_ssh_agent_auth-0.10.2/pam_ssh_agent_auth.c.psaa-visibility	2014-03-31 19:35:17.000000000 +0200
++++ openssh-7.1p2/pam_ssh_agent_auth-0.10.2/pam_ssh_agent_auth.c	2016-01-22 15:22:40.984469774 +0100
+@@ -72,7 +72,7 @@ char           *__progname;
+ extern char    *__progname;
+ #endif
+ 
+-PAM_EXTERN int
++PAM_EXTERN int __attribute__ ((visibility ("default")))
+ pam_sm_authenticate(pam_handle_t * pamh, int flags, int argc, const char **argv)
+ {
+     char          **argv_ptr;
+@@ -214,7 +214,7 @@ cleanexit:
+ }
+ 
+ 
+-PAM_EXTERN int
++PAM_EXTERN int __attribute__ ((visibility ("default")))
+ pam_sm_setcred(pam_handle_t * pamh, int flags, int argc, const char **argv)
+ {
+     UNUSED(pamh);

SOURCES/pam_ssh_agent_auth-0.9.3-agent_structure.patch

@@ -0,0 +1,96 @@
+diff -up openssh/pam_ssh_agent_auth-0.10.3/identity.h.psaa-agent openssh/pam_ssh_agent_auth-0.10.3/identity.h
+--- openssh/pam_ssh_agent_auth-0.10.3/identity.h.psaa-agent	2016-11-13 04:24:32.000000000 +0100
++++ openssh/pam_ssh_agent_auth-0.10.3/identity.h	2017-09-27 14:25:49.421739027 +0200
+@@ -38,6 +38,12 @@
+ typedef struct identity Identity;
+ typedef struct idlist Idlist;
+ 
++typedef struct {
++       int     fd;
++       struct sshbuf *identities;
++       int     howmany;
++}      AuthenticationConnection;
++
+ struct identity {
+     TAILQ_ENTRY(identity) next;
+     AuthenticationConnection *ac;   /* set if agent supports key */
+diff -up openssh/pam_ssh_agent_auth-0.10.3/iterate_ssh_agent_keys.c.psaa-agent openssh/pam_ssh_agent_auth-0.10.3/iterate_ssh_agent_keys.c
+--- openssh/pam_ssh_agent_auth-0.10.3/iterate_ssh_agent_keys.c.psaa-agent	2017-09-27 14:25:49.420739021 +0200
++++ openssh/pam_ssh_agent_auth-0.10.3/iterate_ssh_agent_keys.c	2017-09-27 14:25:49.421739027 +0200
+@@ -39,6 +39,7 @@
+ #include "sshbuf.h"
+ #include "sshkey.h"
+ #include "authfd.h"
++#include "ssherr.h"
+ #include <stdio.h>
+ #include <openssl/evp.h>
+ #include "ssh2.h"
+@@ -291,36 +292,43 @@ pamsshagentauth_find_authorized_keys(con
+ {
+     struct sshbuf *session_id2 = NULL;
+     Identity *id;
+-    struct sshkey *key;
+     AuthenticationConnection *ac;
+-    char *comment;
+     uint8_t retval = 0;
+     uid_t uid = getpwnam(ruser)->pw_uid;
++    struct ssh_identitylist *idlist;
++    int r;
++    unsigned int i;
+ 
+     OpenSSL_add_all_digests();
+     pamsshagentauth_session_id2_gen(&session_id2, user, ruser, servicename);
+ 
+     if ((ac = ssh_get_authentication_connection_for_uid(uid))) {
+         verbose("Contacted ssh-agent of user %s (%u)", ruser, uid);
+-        for (key = ssh_get_first_identity(ac, &comment, 2); key != NULL; key = ssh_get_next_identity(ac, &comment, 2)) 
+-        {
+-            if(key != NULL) {
++        if ((r = ssh_fetch_identitylist(ac->fd, &idlist)) != 0) {
++            if (r != SSH_ERR_AGENT_NO_IDENTITIES)
++               fprintf(stderr, "error fetching identities for "
++                               "protocol %d: %s\n", 2, ssh_err(r));
++        } else {
++            for (i = 0; i < idlist->nkeys; i++)
++            {
++              if (idlist->keys[i] != NULL) {
+                 id = xcalloc(1, sizeof(*id));
+-                id->key = key;
+-                id->filename = comment;
++                id->key = idlist->keys[i];
++                id->filename = idlist->comments[i];
+                 id->ac = ac;
+                 if(userauth_pubkey_from_id(ruser, id, session_id2)) {
+                     retval = 1;
+                 }
+-                free(id->filename);
+-                key_free(id->key);
+                 free(id);
+                 if(retval == 1)
+                     break;
+-            }
+-        }
++              }
++            }
+-        sshbuf_free(session_id2);
+-        ssh_close_authentication_connection(ac);
++            sshbuf_free(session_id2);
++            ssh_free_identitylist(idlist);
++        }
++        ssh_close_authentication_socket(ac->fd);
++        free(ac);
+     }
+     else {
+         verbose("No ssh-agent could be contacted");
+diff -up openssh/pam_ssh_agent_auth-0.10.3/userauth_pubkey_from_id.c.psaa-agent openssh/pam_ssh_agent_auth-0.10.3/userauth_pubkey_from_id.c
+--- openssh/pam_ssh_agent_auth-0.10.3/userauth_pubkey_from_id.c.psaa-agent	2017-09-27 14:25:49.420739021 +0200
++++ openssh/pam_ssh_agent_auth-0.10.3/userauth_pubkey_from_id.c	2017-09-27 14:25:49.422739032 +0200
+@@ -84,7 +85,7 @@ userauth_pubkey_from_id(const char *ruse
+         (r = sshbuf_put_string(b, pkblob, blen)) != 0)
+         fatal("%s: buffer error: %s", __func__, ssh_err(r));
+ 
+-    if (ssh_agent_sign(id->ac, id->key, &sig, &slen, sshbuf_ptr(b), sshbuf_len(b)) != 0)
++    if (ssh_agent_sign(id->ac->fd, id->key, &sig, &slen, sshbuf_ptr(b), sshbuf_len(b), NULL, 0) != 0)
+         goto user_auth_clean_exit;
+ 
+     /* test for correct signature */

SOURCES/pam_ssh_agent_auth-0.9.3-build.patch

@@ -0,0 +1,196 @@
+diff -up openssh-7.4p1/pam_ssh_agent_auth-0.10.3/iterate_ssh_agent_keys.c.psaa-build openssh-7.4p1/pam_ssh_agent_auth-0.10.3/iterate_ssh_agent_keys.c
+--- openssh-7.4p1/pam_ssh_agent_auth-0.10.3/iterate_ssh_agent_keys.c.psaa-build	2016-11-13 04:24:32.000000000 +0100
++++ openssh-7.4p1/pam_ssh_agent_auth-0.10.3/iterate_ssh_agent_keys.c	2017-02-07 14:29:41.626116675 +0100
+@@ -43,12 +43,31 @@
+ #include <openssl/evp.h>
+ #include "ssh2.h"
+ #include "misc.h"
++#include "ssh.h"
++#include <sys/types.h>
++#include <sys/stat.h>
++#include <sys/socket.h>
++#include <sys/un.h>
++#include <unistd.h>
++#include <stdlib.h>
++#include <errno.h>
++#include <fcntl.h>
+ 
+ #include "userauth_pubkey_from_id.h"
+ #include "identity.h"
+ #include "get_command_line.h"
+ extern char **environ;
+ 
++/* 
++ * Added by Jamie Beverly, ensure socket fd points to a socket owned by the user 
++ * A cursory check is done, but to avoid race conditions, it is necessary 
++ * to drop effective UID when connecting to the socket. 
++ *
++ * If the cause of error is EACCES, because we verified we would not have that 
++ * problem initially, we can safely assume that somebody is attempting to find a 
++ * race condition; so a more "direct" log message is generated.
++ */
++
+ static char *
+ log_action(char ** action, size_t count)
+ {
+@@ -85,7 +104,7 @@ void
+ pamsshagentauth_session_id2_gen(Buffer * session_id2, const char * user,
+                                 const char * ruser, const char * servicename)
+ {
+-    char *cookie = NULL;
++    u_char *cookie = NULL;
+     uint8_t i = 0;
+     uint32_t rnd = 0;
+     uint8_t cookie_len;
+@@ -112,7 +131,7 @@ pamsshagentauth_session_id2_gen(Buffer *
+         if (i % 4 == 0) {
+             rnd = pamsshagentauth_arc4random();
+         }
+-        cookie[i] = (char) rnd;
++        cookie[i] = (u_char) rnd;
+         rnd >>= 8;
+     }
+ 
+@@ -177,6 +196,86 @@ pamsshagentauth_session_id2_gen(Buffer *
+ }
+ 
+ int
++ssh_get_authentication_socket_for_uid(uid_t uid)
++{
++	const char *authsocket;
++	int sock;
++	struct sockaddr_un sunaddr;
++	struct stat sock_st;
++
++	authsocket = getenv(SSH_AUTHSOCKET_ENV_NAME);
++	if (!authsocket)
++		return -1;
++
++	/* Advisory only; seteuid ensures no race condition; but will only log if we see EACCES */
++	if( stat(authsocket,&sock_st) == 0) {
++		if(uid != 0 && sock_st.st_uid != uid) {
++			fatal("uid %lu attempted to open an agent socket owned by uid %lu", (unsigned long) uid, (unsigned long) sock_st.st_uid);
++			return -1;
++		}
++	}
++
++	/* 
++	 * Ensures that the EACCES tested for below can _only_ happen if somebody 
++	 * is attempting to race the stat above to bypass authentication.
++	 */
++	if( (sock_st.st_mode & S_IWUSR) != S_IWUSR || (sock_st.st_mode & S_IRUSR) != S_IRUSR) {
++		error("ssh-agent socket has incorrect permissions for owner");
++		return -1;
++	}
++
++	sunaddr.sun_family = AF_UNIX;
++	strlcpy(sunaddr.sun_path, authsocket, sizeof(sunaddr.sun_path));
++
++	sock = socket(AF_UNIX, SOCK_STREAM, 0);
++	if (sock < 0)
++		return -1;
++
++	/* close on exec */
++	if (fcntl(sock, F_SETFD, 1) == -1) {
++		close(sock);
++		return -1;
++	}
++
++	errno = 0; 
++	seteuid(uid); /* To ensure a race condition is not used to circumvent the stat
++	             above, we will temporarily drop UID to the caller */
++	if (connect(sock, (struct sockaddr *)&sunaddr, sizeof sunaddr) < 0) {
++		close(sock);
++        if(errno == EACCES)
++		fatal("MAJOR SECURITY WARNING: uid %lu made a deliberate and malicious attempt to open an agent socket owned by another user", (unsigned long) uid);
++		return -1;
++	}
++
++	seteuid(0); /* we now continue the regularly scheduled programming */
++
++	return sock;
++}
++
++AuthenticationConnection *
++ssh_get_authentication_connection_for_uid(uid_t uid)
++{
++	AuthenticationConnection *auth;
++	int sock;
++
++	sock = ssh_get_authentication_socket_for_uid(uid);
++
++	/*
++	 * Fail if we couldn't obtain a connection.  This happens if we
++	 * exited due to a timeout.
++	 */
++	if (sock < 0)
++		return NULL;
++
++	auth = xmalloc(sizeof(*auth));
++	auth->fd = sock;
++	buffer_init(&auth->identities);
++	auth->howmany = 0;
++
++	return auth;
++}
++
++int
+ pamsshagentauth_find_authorized_keys(const char * user, const char * ruser, const char * servicename)
+ {
+     Buffer session_id2 = { 0 };
+@@ -190,7 +289,7 @@ pamsshagentauth_find_authorized_keys(con
+     OpenSSL_add_all_digests();
+     pamsshagentauth_session_id2_gen(&session_id2, user, ruser, servicename);
+ 
+-    if ((ac = ssh_get_authentication_connection(uid))) {
++    if ((ac = ssh_get_authentication_connection_for_uid(uid))) {
+         pamsshagentauth_verbose("Contacted ssh-agent of user %s (%u)", ruser, uid);
+         for (key = ssh_get_first_identity(ac, &comment, 2); key != NULL; key = ssh_get_next_identity(ac, &comment, 2)) 
+         {
+diff -up openssh-7.4p1/pam_ssh_agent_auth-0.10.3/Makefile.in.psaa-build openssh-7.4p1/pam_ssh_agent_auth-0.10.3/Makefile.in
+--- openssh-7.4p1/pam_ssh_agent_auth-0.10.3/Makefile.in.psaa-build	2016-11-13 04:24:32.000000000 +0100
++++ openssh-7.4p1/pam_ssh_agent_auth-0.10.3/Makefile.in	2017-02-07 14:40:14.407566921 +0100
+@@ -52,7 +52,7 @@ PATHS=
+ CC=@CC@
+ LD=@LD@
+ CFLAGS=@CFLAGS@
+-CPPFLAGS=-I. -I$(srcdir) @CPPFLAGS@ $(PATHS) @DEFS@
++CPPFLAGS=-I.. -I$(srcdir) @CPPFLAGS@ $(PATHS) @DEFS@
+ LIBS=@LIBS@
+ AR=@AR@
+ AWK=@AWK@
+@@ -61,7 +61,7 @@ INSTALL=@INSTALL@
+ PERL=@PERL@
+ SED=@SED@
+ ENT=@ENT@
+-LDFLAGS=-L. -Lopenbsd-compat/ @LDFLAGS@
++LDFLAGS=-L.. -L../openbsd-compat/ @LDFLAGS@
+ LDFLAGS_SHARED = @LDFLAGS_SHARED@
+ EXEEXT=@EXEEXT@
+ 
+@@ -74,7 +74,7 @@ SSHOBJS=xmalloc.o atomicio.o authfd.o bu
+ 
+ ED25519OBJS=ed25519-donna/ed25519.o
+ 
+-PAM_SSH_AGENT_AUTH_OBJS=pam_user_key_allowed2.o iterate_ssh_agent_keys.o userauth_pubkey_from_id.o pam_user_authorized_keys.o get_command_line.o
++PAM_SSH_AGENT_AUTH_OBJS=pam_user_key_allowed2.o iterate_ssh_agent_keys.o userauth_pubkey_from_id.o pam_user_authorized_keys.o get_command_line.o secure_filename.o
+ 
+ 
+ MANPAGES_IN	= pam_ssh_agent_auth.pod
+@@ -94,13 +94,13 @@ $(PAM_MODULES): Makefile.in config.h
+ .c.o:
+ 	$(CC) $(CFLAGS) $(CPPFLAGS) -c $< -o $@
+ 
+-LIBCOMPAT=openbsd-compat/libopenbsd-compat.a
++LIBCOMPAT=../openbsd-compat/libopenbsd-compat.a
+ $(LIBCOMPAT): always
+ 	(cd openbsd-compat && $(MAKE))
+ always:
+ 
+-pam_ssh_agent_auth.so: $(LIBCOMPAT) $(SSHOBJS) $(ED25519OBJS) $(PAM_SSH_AGENT_AUTH_OBJS)  pam_ssh_agent_auth.o
+-	$(LD) $(LDFLAGS_SHARED) -o $@ $(SSHOBJS) $(ED25519OBJS) $(PAM_SSH_AGENT_AUTH_OBJS) $(LDFLAGS) -lopenbsd-compat pam_ssh_agent_auth.o $(LIBS) -lpam
++pam_ssh_agent_auth.so: $(PAM_SSH_AGENT_AUTH_OBJS)  pam_ssh_agent_auth.o ../uidswap.o
++	$(LD) $(LDFLAGS_SHARED) -o $@ $(PAM_SSH_AGENT_AUTH_OBJS) $(LDFLAGS) -lssh -lopenbsd-compat pam_ssh_agent_auth.o ../uidswap.o $(LIBS) -lpam
+ 
+ $(MANPAGES): $(MANPAGES_IN)
+ 	pod2man --section=8 --release=v0.10.3 --name=pam_ssh_agent_auth --official --center "PAM" pam_ssh_agent_auth.pod > pam_ssh_agent_auth.8

SOURCES/sshd-keygen

@@ -9,14 +9,8 @@ case $KEYTYPE in
 		if [[ -r "$FIPS" && $(cat $FIPS) == "1" ]]; then
 			exit 0
 		fi ;;
-	"rsa")
+	"rsa") ;; # always ok
-		if [[ ! -z $SSH_RSA_BITS  ]]; then
+	"ecdsa") ;;
-			SSH_KEYGEN_OPTIONS="-b $SSH_RSA_BITS"
-		fi ;; # always ok
-	"ecdsa") 
-		if [[ ! -z $SSH_ECDSA_BITS  ]]; then
-			SSH_KEYGEN_OPTIONS="-b $SSH_ECDSA_BITS"
-		fi ;;
 	*) # wrong argument
 		exit 12 ;;
 esac
@@ -31,12 +25,13 @@ fi
 rm -f $KEY{,.pub}
 
 # create new keys
-if ! $KEYGEN -q -t $KEYTYPE $SSH_KEYGEN_OPTIONS -f $KEY -C '' -N '' >&/dev/null; then
+if ! $KEYGEN -q -t $KEYTYPE -f $KEY -C '' -N '' >&/dev/null; then
 	exit 1
 fi
 
 # sanitize permissions
-/usr/bin/chmod 600 $KEY
+/usr/bin/chgrp ssh_keys $KEY
+/usr/bin/chmod 640 $KEY
 /usr/bin/chmod 644 $KEY.pub
 if [[ -x /usr/sbin/restorecon ]]; then
 	/usr/sbin/restorecon $KEY{,.pub}

SOURCES/sshd.service

@@ -3,14 +3,12 @@ Description=OpenSSH server daemon
 Documentation=man:sshd(8) man:sshd_config(5)
 After=network.target sshd-keygen.target
 Wants=sshd-keygen.target
-# Migration for Fedora 38 change to remove group ownership for standard host keys
-# See https://fedoraproject.org/wiki/Changes/SSHKeySignSuidBit
-Wants=ssh-host-keys-migration.service
 
 [Service]
 Type=notify
+EnvironmentFile=-/etc/crypto-policies/back-ends/opensshserver.config
 EnvironmentFile=-/etc/sysconfig/sshd
-ExecStart=/usr/sbin/sshd -D $OPTIONS
+ExecStart=/usr/sbin/sshd -D $OPTIONS $CRYPTO_POLICY
 ExecReload=/bin/kill -HUP $MAINPID
 KillMode=process
 Restart=on-failure

SOURCES/sshd.sysconfig

@@ -6,5 +6,12 @@
 # of DSA key or  systemctl mask sshd-keygen@rsa.service  to disable RSA key
 # creation.
 
-#SSH_RSA_BITS=3072
+# Do not change this option unless you have hardware random
-#SSH_ECDSA_BITS=256
+# generator and you REALLY know what you are doing
+
+SSH_USE_STRONG_RNG=0
+# SSH_USE_STRONG_RNG=1
+
+# System-wide crypto policy:
+# To opt-out, uncomment the following line
+# CRYPTO_POLICY=

SOURCES/sshd.tmpfiles

@@ -0,0 +1 @@
+d /var/empty/sshd 711 root root -

SOURCES/sshd@.service

@@ -0,0 +1,11 @@
+[Unit]
+Description=OpenSSH per-connection server daemon
+Documentation=man:sshd(8) man:sshd_config(5)
+Wants=sshd-keygen.target
+After=sshd-keygen.target
+
+[Service]
+EnvironmentFile=-/etc/crypto-policies/back-ends/opensshserver.config
+EnvironmentFile=-/etc/sysconfig/sshd
+ExecStart=-/usr/sbin/sshd -i $OPTIONS $CRYPTO_POLICY
+StandardInput=socket

ci.fmf

@@ -1 +0,0 @@
-resultsdb-testcase: separate

gating.yaml

@@ -1,9 +0,0 @@
---- !Policy
-product_versions:
-  - rhel-10
-decision_context: osci_compose_gate
-rules:
-  - !PassingTestCaseRule {test_case_name: osci.brew-build./plans/ci/fips-disabled-buildroot-enabled.functional}
-  - !PassingTestCaseRule {test_case_name: osci.brew-build./plans/ci/fips-enabled-buildroot-enabled.functional}
-  - !PassingTestCaseRule {test_case_name: osci.brew-build./plans/ci/fips-disabled-buildroot-disabled.functional}
-  - !PassingTestCaseRule {test_case_name: osci.brew-build./plans/ci/fips-enabled-buildroot-disabled.functional}

openssh-4.3p2-askpass-grab-info.patch

@@ -1,18 +0,0 @@
-diff -up openssh-8.6p1/contrib/gnome-ssh-askpass2.c.grab-info openssh-8.6p1/contrib/gnome-ssh-askpass2.c
---- openssh-8.6p1/contrib/gnome-ssh-askpass2.c.grab-info	2021-04-19 13:57:11.720113536 +0200
-+++ openssh-8.6p1/contrib/gnome-ssh-askpass2.c	2021-04-19 13:59:29.842163204 +0200
-@@ -70,8 +70,12 @@ report_failed_grab (GtkWidget *parent_wi
- 
- 	err = gtk_message_dialog_new(GTK_WINDOW(parent_window), 0,
- 	    GTK_MESSAGE_ERROR, GTK_BUTTONS_CLOSE,
--	    "Could not grab %s. A malicious client may be eavesdropping "
--	    "on your session.", what);
-+	    "SSH password dialog could not grab the %s input.\n"
-+	    "This might be caused by application such as screensaver, "
-+	    "however it could also mean that someone may be eavesdropping "
-+	    "on your session.\n"
-+	    "Either close the application which grabs the %s or "
-+	    "log out and log in again to prevent this from happening.", what, what);
- 	gtk_window_set_position(GTK_WINDOW(err), GTK_WIN_POS_CENTER);
- 
- 	gtk_dialog_run(GTK_DIALOG(err));