update openssh version to 9.6p1

2024-12-09 06:17:22 +00:00 · 2024-12-09 06:17:22 +00:00 · d38f4b68ea
commit d38f4b68ea
parent 7bf431dcb1
32 changed files with 1671 additions and 2541 deletions
--- a/backport-CVE-2021-36368-added-option-to-disable-trivial-auth.patch
+++ b/backport-CVE-2021-36368-added-option-to-disable-trivial-auth.patch
@ -1,220 +0,0 @@
 Conflict:NA
 Reference:https://github.com/openssh/openssh-portable/pull/258/files
 ---
 readconf.c    | 11 ++++++++++-
 readconf.h    |  2 ++
 scp.1         |  1 +
 sftp.1        |  1 +
 ssh.1         |  1 +
 ssh_config    |  1 +
 ssh_config.5  |  7 +++++++
 sshconnect2.c | 13 ++++++++++++-
 8 files changed, 35 insertions(+), 2 deletions(-)
 diff --git a/readconf.c b/readconf.c
 index d25f983..45c1c22 100644
 --- a/readconf.c
 +++ b/readconf.c
@@ -157,7 +157,7 @@ typedef enum {
 	oLogFacility, oLogLevel, oLogVerbose, oCiphers, oMacs,
 	oPubkeyAuthentication,
 	oKbdInteractiveAuthentication, oKbdInteractiveDevices, oHostKeyAlias,
 -	oDynamicForward, oPreferredAuthentications, oHostbasedAuthentication,
 +	oDynamicForward, oPreferredAuthentications, oHostbasedAuthentication, oDisableTrivialAuth,
 	oHostKeyAlgorithms, oBindAddress, oBindInterface, oPKCS11Provider,
 	oClearAllForwardings, oNoHostAuthenticationForLocalhost,
 	oEnableSSHKeysign, oRekeyLimit, oVerifyHostKeyDNS, oConnectTimeout,
@@ -250,6 +250,7 @@ static struct {
 	{ "pubkeyauthentication", oPubkeyAuthentication },
 	{ "dsaauthentication", oPubkeyAuthentication },		    /* alias */
 	{ "hostbasedauthentication", oHostbasedAuthentication },
 +	{ "disabletrivialauth", oDisableTrivialAuth},
 	{ "identityfile", oIdentityFile },
 	{ "identityfile2", oIdentityFile },			/* obsolete */
 	{ "identitiesonly", oIdentitiesOnly },
@@ -1124,6 +1125,10 @@ parse_time:
 		intptr = &options->hostbased_authentication;
 		goto parse_flag;
 +	case oDisableTrivialAuth:
 +		intptr = &options->disable_trivial_auth;
 +		goto parse_flag;
 +
 	case oGssAuthentication:
 		intptr = &options->gss_authentication;
 		goto parse_flag;
@@ -2392,6 +2397,7 @@ initialize_options(Options * options)
 	options->kbd_interactive_authentication = -1;
 	options->kbd_interactive_devices = NULL;
 	options->hostbased_authentication = -1;
 +	options->disable_trivial_auth = -1;
 	options->batch_mode = -1;
 	options->check_host_ip = -1;
 	options->strict_host_key_checking = -1;
@@ -2562,6 +2568,8 @@ fill_default_options(Options * options)
 		options->kbd_interactive_authentication = 1;
 	if (options->hostbased_authentication == -1)
 		options->hostbased_authentication = 0;
 +	if (options->disable_trivial_auth == -1)
 +		options->disable_trivial_auth = 0;
 	if (options->batch_mode == -1)
 		options->batch_mode = 0;
 	if (options->check_host_ip == -1)
@@ -3362,6 +3370,7 @@ dump_client_config(Options *o, const char *host)
 #endif /* GSSAPI */
 	dump_cfg_fmtint(oHashKnownHosts, o->hash_known_hosts);
 	dump_cfg_fmtint(oHostbasedAuthentication, o->hostbased_authentication);
 +	dump_cfg_fmtint(oDisableTrivialAuth, o->disable_trivial_auth);
 	dump_cfg_fmtint(oIdentitiesOnly, o->identities_only);
 	dump_cfg_fmtint(oKbdInteractiveAuthentication, o->kbd_interactive_authentication);
 	dump_cfg_fmtint(oNoHostAuthenticationForLocalhost, o->no_host_authentication_for_localhost);
 diff --git a/readconf.h b/readconf.h
 index 00895ad..b391bd6 100644
 --- a/readconf.h
 +++ b/readconf.h
@@ -38,6 +38,8 @@ typedef struct {
 	struct ForwardOptions fwd_opts;	/* forwarding options */
 	int     pubkey_authentication;	/* Try ssh2 pubkey authentication. */
 	int     hostbased_authentication;	/* ssh2's rhosts_rsa */
 +
 +	int 	disable_trivial_auth; /* disable trivial authentications */
 	int     gss_authentication;	/* Try GSS authentication */
 	int     gss_keyex;		/* Try GSS key exchange */
 	int     gss_deleg_creds;	/* Delegate GSS credentials */
 diff --git a/scp.1 b/scp.1
 index 874c5c2..e1f8191 100644
 --- a/scp.1
 +++ b/scp.1
@@ -187,6 +187,7 @@ For full details of the options listed below, and their possible values, see
 .It Host
 .It HostbasedAcceptedAlgorithms
 .It HostbasedAuthentication
 +.It DisableTrivialAuth
 .It HostKeyAlgorithms
 .It HostKeyAlias
 .It Hostname
 diff --git a/sftp.1 b/sftp.1
 index 7eebeea..89b6773 100644
 --- a/sftp.1
 +++ b/sftp.1
@@ -247,6 +247,7 @@ For full details of the options listed below, and their possible values, see
 .It Host
 .It HostbasedAcceptedAlgorithms
 .It HostbasedAuthentication
 +.It DisableTrivialAuth
 .It HostKeyAlgorithms
 .It HostKeyAlias
 .It Hostname
 diff --git a/ssh.1 b/ssh.1
 index 975ab39..1cb8d5c 100644
 --- a/ssh.1
 +++ b/ssh.1
@@ -541,6 +541,7 @@ For full details of the options listed below, and their possible values, see
 .It Host
 .It HostbasedAcceptedAlgorithms
 .It HostbasedAuthentication
 +.It DisableTrivialAuth
 .It HostKeyAlgorithms
 .It HostKeyAlias
 .It Hostname
 diff --git a/ssh_config b/ssh_config
 index b3a4922..169f30c 100644
 --- a/ssh_config
 +++ b/ssh_config
@@ -22,6 +22,7 @@
 #   ForwardX11 no
 #   PasswordAuthentication yes
 #   HostbasedAuthentication no
 +#   DisableTrivialAuth no
 #   GSSAPIAuthentication no
 #   GSSAPIDelegateCredentials no
 #   GSSAPIKeyExchange no
 diff --git a/ssh_config.5 b/ssh_config.5
 index 6735401..fd82e05 100644
 --- a/ssh_config.5
 +++ b/ssh_config.5
@@ -955,6 +955,13 @@ The argument must be
 or
 .Cm no
 (the default).
 +.It Cm DisableTrivialAuth
 +Disables trivial or incomplete authentications.
 +The argument must be
 +.Cm yes
 +or
 +.Cm no
 +(the default).
 .It Cm HostKeyAlgorithms
 Specifies the host key signature algorithms
 that the client wants to use in order of preference.
 diff --git a/sshconnect2.c b/sshconnect2.c
 index e90eb89..150d419 100644
 --- a/sshconnect2.c
 +++ b/sshconnect2.c
@@ -403,6 +403,7 @@ struct identity {
 TAILQ_HEAD(idlist, identity);
 struct cauthctxt {
 +	int is_trivial_auth;
 	const char *server_user;
 	const char *local_user;
 	const char *host;
@@ -531,6 +532,7 @@ ssh_userauth2(struct ssh *ssh, const char *local_user,
 	/* setup authentication context */
 	memset(&authctxt, 0, sizeof(authctxt));
 	authctxt.server_user = server_user;
 +	authctxt.is_trivial_auth = 1;
 	authctxt.local_user = local_user;
 	authctxt.host = host;
 	authctxt.service = "ssh-connection";		/* service name */
@@ -570,6 +572,10 @@ ssh_userauth2(struct ssh *ssh, const char *local_user,
 	if (!authctxt.success)
 		fatal("Authentication failed.");
 +	if (authctxt.is_trivial_auth == 1 && options.disable_trivial_auth == 1) {
 +		fatal("Trivial authentication disabled.");
 +	}
 +	debug("Authentication succeeded (%s).", authctxt.method->name);
 	if (ssh_packet_connection_is_on_socket(ssh)) {
 		verbose("Authenticated to %s ([%s]:%d) using \"%s\".", host,
 		    ssh_remote_ipaddr(ssh), ssh_remote_port(ssh),
@@ -968,6 +974,7 @@ process_gssapi_token(struct ssh *ssh, gss_buffer_t recv_tok)
 			fatal_fr(r, "send %u packet", type);
 		gss_release_buffer(&ms, &send_tok);
 +		authctxt->is_trivial_auth = 0;
 	}
 	if (status == GSS_S_COMPLETE) {
@@ -1213,6 +1220,7 @@ static int
 userauth_passwd(struct ssh *ssh)
 {
 	Authctxt *authctxt = (Authctxt *)ssh->authctxt;
 +	authctxt->is_trivial_auth = 0;
 	char *password, *prompt = NULL;
 	const char *host = options.host_key_alias ?  options.host_key_alias :
 	    authctxt->host;
@@ -2023,8 +2031,10 @@ userauth_pubkey(struct ssh *ssh)
 				id->isprivate = 0;
 			}
 		}
 -		if (sent)
 +		if (sent) {
 +			authctxt->is_trivial_auth = 0;
 			return (sent);
 +		}
 	}
 	return (0);
 }
@@ -2105,6 +2115,7 @@ input_userauth_info_req(int type, u_int32_t seq, struct ssh *ssh)
 	debug2_f("num_prompts %d", num_prompts);
 	for (i = 0; i < num_prompts; i++) {
 +		authctxt->is_trivial_auth = 0;
 		if ((r = sshpkt_get_cstring(ssh, &prompt, NULL)) != 0 ||
 		    (r = sshpkt_get_u8(ssh, &echo)) != 0)
 			goto out;
 -- 
 2.27.0
--- a/backport-CVE-2023-48795-upstream-implement-strict-key-exchange-in-ssh-and-ss.patch
+++ b/backport-CVE-2023-48795-upstream-implement-strict-key-exchange-in-ssh-and-ss.patch
@ -1,499 +0,0 @@
 From 1edb00c58f8a6875fad6a497aa2bacf37f9e6cd5 Mon Sep 17 00:00:00 2001
 From: "djm@openbsd.org" <djm@openbsd.org>
 Date: Mon, 18 Dec 2023 14:45:17 +0000
 Subject: [PATCH] upstream: implement "strict key exchange" in ssh and sshd
 This adds a protocol extension to improve the integrity of the SSH
 transport protocol, particular in and around the initial key exchange
 (KEX) phase.
 Full details of the extension are in the PROTOCOL file.
 with markus@
 OpenBSD-Commit-ID: 2a66ac962f0a630d7945fee54004ed9e9c439f14
 Reference:https://github.com/openssh/openssh-portable/commit/1edb00c58f8a6875fad6a497aa2bacf37f9e6cd5
 ---
 PROTOCOL      |  28 +++++++++++++-
 kex.c         |  84 ++++++++++++++++++++++++++--------------
 kex.h         |   3 +-
 packet.c      | 103 +++++++++++++++++++++++++++++---------------------
 packet.h      |   3 +-
 sshconnect2.c |  12 ++----
 6 files changed, 148 insertions(+), 85 deletions(-)
 diff --git a/PROTOCOL b/PROTOCOL
 index d453c779b..ded935eb6 100644
 --- a/PROTOCOL
 +++ b/PROTOCOL
@@ -137,6 +137,32 @@ than as a named global or channel request to allow pings with very
 This is identical to curve25519-sha256 as later published in RFC8731.
 +1.9 transport: strict key exchange extension
 +
 +OpenSSH supports a number of transport-layer hardening measures under
 +a "strict KEX" feature. This feature is signalled similarly to the
 +RFC8308 ext-info feature: by including a additional algorithm in the
 +initiial SSH2_MSG_KEXINIT kex_algorithms field. The client may append
 +"kex-strict-c-v00@openssh.com" to its kex_algorithms and the server
 +may append "kex-strict-s-v00@openssh.com". These pseudo-algorithms
 +are only valid in the initial SSH2_MSG_KEXINIT and MUST be ignored
 +if they are present in subsequent SSH2_MSG_KEXINIT packets.
 +
 +When an endpoint that supports this extension observes this algorithm
 +name in a peer's KEXINIT packet, it MUST make the following changes to
 +the the protocol:
 +
 +a) During initial KEX, terminate the connection if any unexpected or
 +   out-of-sequence packet is received. This includes terminating the
 +   connection if the first packet received is not SSH2_MSG_KEXINIT.
 +   Unexpected packets for the purpose of strict KEX include messages
 +   that are otherwise valid at any time during the connection such as
 +   SSH2_MSG_DEBUG and SSH2_MSG_IGNORE.
 +b) After sending or receiving a SSH2_MSG_NEWKEYS message, reset the
 +   packet sequence number to zero. This behaviour persists for the
 +   duration of the connection (i.e. not just the first
 +   SSH2_MSG_NEWKEYS).
 +
 2. Connection protocol changes
 2.1. connection: Channel write close extension "eow@openssh.com"
@@ -745,4 +771,4 @@ master instance and later clients.
 OpenSSH extends the usual agent protocol. These changes are documented
 in the PROTOCOL.agent file.
 -$OpenBSD: PROTOCOL,v 1.48 2022/11/07 01:53:01 dtucker Exp $
 +$OpenBSD: PROTOCOL,v 1.50 2023/12/18 14:45:17 djm Exp $
 diff --git a/kex.c b/kex.c
 index aa5e792dd..d478ff6e7 100644
 --- a/kex.c
 +++ b/kex.c
@@ -1,4 +1,4 @@
 -/* $OpenBSD: kex.c,v 1.178 2023/03/12 10:40:39 dtucker Exp $ */
 +/* $OpenBSD: kex.c,v 1.183 2023/12/18 14:45:17 djm Exp $ */
 /*
  * Copyright (c) 2000, 2001 Markus Friedl.  All rights reserved.
  *
@@ -65,7 +65,7 @@
 #endif
 /* prototype */
 -static int kex_choose_conf(struct ssh *);
 +static int kex_choose_conf(struct ssh *, uint32_t seq);
 static int kex_input_newkeys(int, u_int32_t, struct ssh *);
 static const char * const proposal_names[PROPOSAL_MAX] = {
@@ -177,6 +177,18 @@ kex_names_valid(const char *names)
 	return 1;
 }
 +/* returns non-zero if proposal contains any algorithm from algs */
 +static int
 +has_any_alg(const char *proposal, const char *algs)
 +{
 +	char *cp;
 +
 +	if ((cp = match_list(proposal, algs, NULL)) == NULL)
 +		return 0;
 +	free(cp);
 +	return 1;
 +}
 +
 /*
  * Concatenate algorithm names, avoiding duplicates in the process.
  * Caller must free returned string.
@@ -184,7 +196,7 @@ kex_names_valid(const char *names)
 char *
 kex_names_cat(const char *a, const char *b)
 {
 -	char *ret = NULL, *tmp = NULL, *cp, *p, *m;
 +	char *ret = NULL, *tmp = NULL, *cp, *p;
 	size_t len;
 	if (a == NULL || *a == '\0')
@@ -201,10 +213,8 @@ kex_names_cat(const char *a, const char *b)
 	}
 	strlcpy(ret, a, len);
 	for ((p = strsep(&cp, ",")); p && *p != '\0'; (p = strsep(&cp, ","))) {
 -		if ((m = match_list(ret, p, NULL)) != NULL) {
 -			free(m);
 +		if (has_any_alg(ret, p))
 			continue; /* Algorithm already present */
 -		}
 		if (strlcat(ret, ",", len) >= len ||
 		    strlcat(ret, p, len) >= len) {
 			free(tmp);
@@ -334,15 +344,23 @@ kex_proposal_populate_entries(struct ssh *ssh, char *prop[PROPOSAL_MAX],
 	const char *defpropclient[PROPOSAL_MAX] = { KEX_CLIENT };
 	const char **defprop = ssh->kex->server ? defpropserver : defpropclient;
 	u_int i;
 +	char *cp;
 	if (prop == NULL)
 		fatal_f("proposal missing");
 +	/* Append EXT_INFO signalling to KexAlgorithms */
 +	if (kexalgos == NULL)
 +		kexalgos = defprop[PROPOSAL_KEX_ALGS];
 +	if ((cp = kex_names_cat(kexalgos, ssh->kex->server ?
 +	    "kex-strict-s-v00@openssh.com" :
 +	    "ext-info-c,kex-strict-c-v00@openssh.com")) == NULL)
 +		fatal_f("kex_names_cat");
 +
 	for (i = 0; i < PROPOSAL_MAX; i++) {
 		switch(i) {
 		case PROPOSAL_KEX_ALGS:
 -			prop[i] = compat_kex_proposal(ssh,
 -			    kexalgos ? kexalgos : defprop[i]);
 +			prop[i] = compat_kex_proposal(ssh, cp);
 			break;
 		case PROPOSAL_ENC_ALGS_CTOS:
 		case PROPOSAL_ENC_ALGS_STOC:
@@ -363,6 +381,7 @@ kex_proposal_populate_entries(struct ssh *ssh, char *prop[PROPOSAL_MAX],
 			prop[i] = xstrdup(defprop[i]);
 		}
 	}
 +	free(cp);
 }
 void
@@ -466,7 +485,12 @@ kex_protocol_error(int type, u_int32_t seq, struct ssh *ssh)
 {
 	int r;
 -	error("kex protocol error: type %d seq %u", type, seq);
 +	/* If in strict mode, any unexpected message is an error */
 +	if ((ssh->kex->flags & KEX_INITIAL) && ssh->kex->kex_strict) {
 +		ssh_packet_disconnect(ssh, "strict KEX violation: "
 +		    "unexpected packet type %u (seqnr %u)", type, seq);
 +	}
 +	error_f("type %u seq %u", type, seq);
 	if ((r = sshpkt_start(ssh, SSH2_MSG_UNIMPLEMENTED)) != 0 ||
 	    (r = sshpkt_put_u32(ssh, seq)) != 0 ||
 	    (r = sshpkt_send(ssh)) != 0)
@@ -563,7 +587,7 @@ kex_input_ext_info(int type, u_int32_t seq, struct ssh *ssh)
 	if (ninfo >= 1024) {
 		error("SSH2_MSG_EXT_INFO with too many entries, expected "
 		    "<=1024, received %u", ninfo);
 -		return SSH_ERR_INVALID_FORMAT;
 +		return dispatch_protocol_error(type, seq, ssh);
 	}
 	for (i = 0; i < ninfo; i++) {
 		if ((r = sshpkt_get_cstring(ssh, &name, NULL)) != 0)
@@ -681,7 +705,7 @@ kex_input_kexinit(int type, u_int32_t seq, struct ssh *ssh)
 		error_f("no kex");
 		return SSH_ERR_INTERNAL_ERROR;
 	}
 -	ssh_dispatch_set(ssh, SSH2_MSG_KEXINIT, NULL);
 +	ssh_dispatch_set(ssh, SSH2_MSG_KEXINIT, &kex_protocol_error);
 	ptr = sshpkt_ptr(ssh, &dlen);
 	if ((r = sshbuf_put(kex->peer, ptr, dlen)) != 0)
 		return r;
@@ -717,7 +741,7 @@ kex_input_kexinit(int type, u_int32_t seq, struct ssh *ssh)
 	if (!(kex->flags & KEX_INIT_SENT))
 		if ((r = kex_send_kexinit(ssh)) != 0)
 			return r;
 -	if ((r = kex_choose_conf(ssh)) != 0)
 +	if ((r = kex_choose_conf(ssh, seq)) != 0)
 		return r;
 	if (kex->kex_type < KEX_MAX && kex->kex[kex->kex_type] != NULL)
@@ -981,20 +1005,14 @@ proposals_match(char *my[PROPOSAL_MAX], char *peer[PROPOSAL_MAX])
 	return (1);
 }
 -/* returns non-zero if proposal contains any algorithm from algs */
 static int
 -has_any_alg(const char *proposal, const char *algs)
 +kexalgs_contains(char **peer, const char *ext)
 {
 -	char *cp;
 -
 -	if ((cp = match_list(proposal, algs, NULL)) == NULL)
 -		return 0;
 -	free(cp);
 -	return 1;
 +	return has_any_alg(peer[PROPOSAL_KEX_ALGS], ext);
 }
 static int
 -kex_choose_conf(struct ssh *ssh)
 +kex_choose_conf(struct ssh *ssh, uint32_t seq)
 {
 	struct kex *kex = ssh->kex;
 	struct newkeys *newkeys;
@@ -1019,13 +1037,23 @@ kex_choose_conf(struct ssh *ssh)
 		sprop=peer;
 	}
 -	/* Check whether client supports ext_info_c */
 -	if (kex->server && (kex->flags & KEX_INITIAL)) {
 -		char *ext;
 -
 -		ext = match_list("ext-info-c", peer[PROPOSAL_KEX_ALGS], NULL);
 -		kex->ext_info_c = (ext != NULL);
 -		free(ext);
 +	/* Check whether peer supports ext_info/kex_strict */
 +	if ((kex->flags & KEX_INITIAL) != 0) {
 +		if (kex->server) {
 +			kex->ext_info_c = kexalgs_contains(peer, "ext-info-c");
 +			kex->kex_strict = kexalgs_contains(peer,
 +			    "kex-strict-c-v00@openssh.com");
 +		} else {
 +			kex->kex_strict = kexalgs_contains(peer,
 +			    "kex-strict-s-v00@openssh.com");
 +		}
 +		if (kex->kex_strict) {
 +			debug3_f("will use strict KEX ordering");
 +			if (seq != 0)
 +				ssh_packet_disconnect(ssh,
 +				    "strict KEX violation: "
 +				    "KEXINIT was not the first packet");
 +		}
 	}
 	/* Check whether client supports rsa-sha2 algorithms */
 diff --git a/kex.h b/kex.h
 index 5f7ef784e..272ebb43d 100644
 --- a/kex.h
 +++ b/kex.h
@@ -1,4 +1,4 @@
 -/* $OpenBSD: kex.h,v 1.118 2023/03/06 12:14:48 dtucker Exp $ */
 +/* $OpenBSD: kex.h,v 1.120 2023/12/18 14:45:17 djm Exp $ */
 /*
  * Copyright (c) 2000, 2001 Markus Friedl.  All rights reserved.
@@ -149,6 +149,7 @@ struct kex {
 	u_int	kex_type;
 	char	*server_sig_algs;
 	int	ext_info_c;
 +	int	kex_strict;
 	struct sshbuf *my;
 	struct sshbuf *peer;
 	struct sshbuf *client_version;
 diff --git a/packet.c b/packet.c
 index 52017defb..beb214f99 100644
 --- a/packet.c
 +++ b/packet.c
@@ -1,4 +1,4 @@
 -/* $OpenBSD: packet.c,v 1.309 2023/03/03 10:23:42 dtucker Exp $ */
 +/* $OpenBSD: packet.c,v 1.313 2023/12/18 14:45:17 djm Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -1207,8 +1207,13 @@ ssh_packet_send2_wrapped(struct ssh *ssh)
 	sshbuf_dump(state->output, stderr);
 #endif
 	/* increment sequence number for outgoing packets */
 -	if (++state->p_send.seqnr == 0)
 +	if (++state->p_send.seqnr == 0) {
 +		if ((ssh->kex->flags & KEX_INITIAL) != 0) {
 +			ssh_packet_disconnect(ssh, "outgoing sequence number "
 +			    "wrapped during initial key exchange");
 +		}
 		logit("outgoing seqnr wraps around");
 +	}
 	if (++state->p_send.packets == 0)
 		if (!(ssh->compat & SSH_BUG_NOREKEY))
 			return SSH_ERR_NEED_REKEY;
@@ -1216,6 +1221,11 @@ ssh_packet_send2_wrapped(struct ssh *ssh)
 	state->p_send.bytes += len;
 	sshbuf_reset(state->outgoing_packet);
 +	if (type == SSH2_MSG_NEWKEYS && ssh->kex->kex_strict) {
 +		debug_f("resetting send seqnr %u", state->p_send.seqnr);
 +		state->p_send.seqnr = 0;
 +	}
 +
 	if (type == SSH2_MSG_NEWKEYS)
 		r = ssh_set_newkeys(ssh, MODE_OUT);
 	else if (type == SSH2_MSG_USERAUTH_SUCCESS && state->server_side)
@@ -1344,8 +1354,7 @@ ssh_packet_read_seqnr(struct ssh *ssh, u_char *typep, u_int32_t *seqnr_p)
 	/* Stay in the loop until we have received a complete packet. */
 	for (;;) {
 		/* Try to read a packet from the buffer. */
 -		r = ssh_packet_read_poll_seqnr(ssh, typep, seqnr_p);
 -		if (r != 0)
 +		if ((r = ssh_packet_read_poll_seqnr(ssh, typep, seqnr_p)) != 0)
 			break;
 		/* If we got a packet, return it. */
 		if (*typep != SSH_MSG_NONE)
@@ -1629,10 +1615,16 @@ ssh_packet_read_poll2(struct ssh *ssh, u_char *typep, u_int32_t *seqnr_p)
 		if ((r = sshbuf_consume(state->input, mac->mac_len)) != 0)
 			goto out;
 	}
 +
 	if (seqnr_p != NULL)
 		*seqnr_p = state->p_read.seqnr;
 -	if (++state->p_read.seqnr == 0)
 +	if (++state->p_read.seqnr == 0) {
 +		if ((ssh->kex->flags & KEX_INITIAL) != 0) {
 +			ssh_packet_disconnect(ssh, "incoming sequence number "
 +			    "wrapped during initial key exchange");
 +		}
 		logit("incoming seqnr wraps around");
 +	}
 	if (++state->p_read.packets == 0)
 		if (!(ssh->compat & SSH_BUG_NOREKEY))
 			return SSH_ERR_NEED_REKEY;
@@ -1698,6 +1690,10 @@ ssh_packet_read_poll2(struct ssh *ssh, u_char *typep, u_int32_t *seqnr_p)
 #endif
 	/* reset for next packet */
 	state->packlen = 0;
 +	if (*typep == SSH2_MSG_NEWKEYS && ssh->kex->kex_strict) {
 +		debug_f("resetting read seqnr %u", state->p_read.seqnr);
 +		state->p_read.seqnr = 0;
 +	}
 	if ((r = ssh_packet_check_rekey(ssh)) != 0)
 		return r;
@@ -1720,10 +1716,39 @@ ssh_packet_read_poll_seqnr(struct ssh *ssh, u_char *typep, u_int32_t *seqnr_p)
 		r = ssh_packet_read_poll2(ssh, typep, seqnr_p);
 		if (r != 0)
 			return r;
 -		if (*typep) {
 -			state->keep_alive_timeouts = 0;
 -			DBG(debug("received packet type %d", *typep));
 +		if (*typep == 0) {
 +			/* no message ready */
 +			return 0;
 		}
 +		state->keep_alive_timeouts = 0;
 +		DBG(debug("received packet type %d", *typep));
 +
 +		/* Always process disconnect messages */
 +		if (*typep == SSH2_MSG_DISCONNECT) {
 +			if ((r = sshpkt_get_u32(ssh, &reason)) != 0 ||
 +			    (r = sshpkt_get_string(ssh, &msg, NULL)) != 0)
 +				return r;
 +			/* Ignore normal client exit notifications */
 +			do_log2(ssh->state->server_side &&
 +			    reason == SSH2_DISCONNECT_BY_APPLICATION ?
 +			    SYSLOG_LEVEL_INFO : SYSLOG_LEVEL_ERROR,
 +			    "Received disconnect from %s port %d:"
 +			    "%u: %.400s", ssh_remote_ipaddr(ssh),
 +			    ssh_remote_port(ssh), reason, msg);
 +			free(msg);
 +			return SSH_ERR_DISCONNECTED;
 +		}
 +
 +		/*
 +		 * Do not implicitly handle any messages here during initial
 +		 * KEX when in strict mode. They will be need to be allowed
 +		 * explicitly by the KEX dispatch table or they will generate
 +		 * protocol errors.
 +		 */
 +		if (ssh->kex != NULL &&
 +		    (ssh->kex->flags & KEX_INITIAL) && ssh->kex->kex_strict)
 +			return 0;
 +		/* Implicitly handle transport-level messages */
 		switch (*typep) {
 		case SSH2_MSG_IGNORE:
 			debug3("Received SSH2_MSG_IGNORE");
@@ -1738,19 +1763,6 @@ ssh_packet_read_poll_seqnr(struct ssh *ssh, u_char *typep, u_int32_t *seqnr_p)
 			debug("Remote: %.900s", msg);
 			free(msg);
 			break;
 -		case SSH2_MSG_DISCONNECT:
 -			if ((r = sshpkt_get_u32(ssh, &reason)) != 0 ||
 -			    (r = sshpkt_get_string(ssh, &msg, NULL)) != 0)
 -				return r;
 -			/* Ignore normal client exit notifications */
 -			do_log2(ssh->state->server_side &&
 -			    reason == SSH2_DISCONNECT_BY_APPLICATION ?
 -			    SYSLOG_LEVEL_INFO : SYSLOG_LEVEL_ERROR,
 -			    "Received disconnect from %s port %d:"
 -			    "%u: %.400s", ssh_remote_ipaddr(ssh),
 -			    ssh_remote_port(ssh), reason, msg);
 -			free(msg);
 -			return SSH_ERR_DISCONNECTED;
 		case SSH2_MSG_UNIMPLEMENTED:
 			if ((r = sshpkt_get_u32(ssh, &seqnr)) != 0)
 				return r;
@@ -2242,6 +2254,7 @@ kex_to_blob(struct sshbuf *m, struct kex *kex)
 	    (r = sshbuf_put_u32(m, kex->hostkey_type)) != 0 ||
 	    (r = sshbuf_put_u32(m, kex->hostkey_nid)) != 0 ||
 	    (r = sshbuf_put_u32(m, kex->kex_type)) != 0 ||
 +	    (r = sshbuf_put_u32(m, kex->kex_strict)) != 0 ||
 	    (r = sshbuf_put_stringb(m, kex->my)) != 0 ||
 	    (r = sshbuf_put_stringb(m, kex->peer)) != 0 ||
 	    (r = sshbuf_put_stringb(m, kex->client_version)) != 0 ||
@@ -2404,6 +2417,7 @@ kex_from_blob(struct sshbuf *m, struct kex **kexp)
 	    (r = sshbuf_get_u32(m, (u_int *)&kex->hostkey_type)) != 0 ||
 	    (r = sshbuf_get_u32(m, (u_int *)&kex->hostkey_nid)) != 0 ||
 	    (r = sshbuf_get_u32(m, &kex->kex_type)) != 0 ||
 +	    (r = sshbuf_get_u32(m, &kex->kex_strict)) != 0 ||
 	    (r = sshbuf_get_stringb(m, kex->my)) != 0 ||
 	    (r = sshbuf_get_stringb(m, kex->peer)) != 0 ||
 	    (r = sshbuf_get_stringb(m, kex->client_version)) != 0 ||
@@ -2732,6 +2746,7 @@ sshpkt_disconnect(struct ssh *ssh, const char *fmt,...)
 	vsnprintf(buf, sizeof(buf), fmt, args);
 	va_end(args);
 +	debug2_f("sending SSH2_MSG_DISCONNECT: %s", buf);
 	if ((r = sshpkt_start(ssh, SSH2_MSG_DISCONNECT)) != 0 ||
 	    (r = sshpkt_put_u32(ssh, SSH2_DISCONNECT_PROTOCOL_ERROR)) != 0 ||
 	    (r = sshpkt_put_cstring(ssh, buf)) != 0 ||
 diff --git a/packet.h b/packet.h
 index 11925a27d..b2bc3215d 100644
 --- a/packet.h
 +++ b/packet.h
@@ -1,4 +1,4 @@
 -/* $OpenBSD: packet.h,v 1.94 2022/01/22 00:49:34 djm Exp $ */
 +/* $OpenBSD: packet.h,v 1.96 2023/12/18 14:45:17 djm Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
 diff --git a/sshconnect2.c b/sshconnect2.c
 index df6caf817..0cccbcc43 100644
 --- a/sshconnect2.c
 +++ b/sshconnect2.c
@@ -1,4 +1,4 @@
 -/* $OpenBSD: sshconnect2.c,v 1.366 2023/03/09 07:11:05 dtucker Exp $ */
 +/* $OpenBSD: sshconnect2.c,v 1.370 2023/12/18 14:45:17 djm Exp $ */
 /*
  * Copyright (c) 2000 Markus Friedl.  All rights reserved.
  * Copyright (c) 2008 Damien Miller.  All rights reserved.
@@ -358,7 +358,6 @@ struct cauthmethod {
 };
 static int input_userauth_service_accept(int, u_int32_t, struct ssh *);
 -static int input_userauth_ext_info(int, u_int32_t, struct ssh *);
 static int input_userauth_success(int, u_int32_t, struct ssh *);
 static int input_userauth_failure(int, u_int32_t, struct ssh *);
 static int input_userauth_banner(int, u_int32_t, struct ssh *);
@@ -472,7 +471,7 @@ ssh_userauth2(struct ssh *ssh, const char *local_user,
 	ssh->authctxt = &authctxt;
 	ssh_dispatch_init(ssh, &input_userauth_error);
 -	ssh_dispatch_set(ssh, SSH2_MSG_EXT_INFO, &input_userauth_ext_info);
 +	ssh_dispatch_set(ssh, SSH2_MSG_EXT_INFO, kex_input_ext_info);
 	ssh_dispatch_set(ssh, SSH2_MSG_SERVICE_ACCEPT, &input_userauth_service_accept);
 	ssh_dispatch_run_fatal(ssh, DISPATCH_BLOCK, &authctxt.success);	/* loop until success */
 	pubkey_cleanup(ssh);
@@ -531,12 +530,6 @@ input_userauth_service_accept(int type, u_int32_t seq, struct ssh *ssh)
 	return r;
 }
 -static int
 -input_userauth_ext_info(int type, u_int32_t seqnr, struct ssh *ssh)
 -{
 -	return kex_input_ext_info(type, seqnr, ssh);
 -}
 -
 void
 userauth(struct ssh *ssh, char *authlist)
 {
@@ -615,6 +608,7 @@ input_userauth_success(int type, u_int32_t seq, struct ssh *ssh)
 	free(authctxt->methoddata);
 	authctxt->methoddata = NULL;
 	authctxt->success = 1;			/* break out */
 +	ssh_dispatch_set(ssh, SSH2_MSG_EXT_INFO, dispatch_protocol_error);
 	return 0;
 }
 -- 
 2.23.0
--- a/backport-CVE-2023-51384-upstream-apply-destination-constraints-to-all-p11-ke.patch
+++ b/backport-CVE-2023-51384-upstream-apply-destination-constraints-to-all-p11-ke.patch
@ -1,174 +0,0 @@
 From 881d9c6af9da4257c69c327c4e2f1508b2fa754b Mon Sep 17 00:00:00 2001
 From: "djm@openbsd.org" <djm@openbsd.org>
 Date: Mon, 18 Dec 2023 14:46:12 +0000
 Subject: [PATCH] upstream: apply destination constraints to all p11 keys
 Previously applied only to the first key returned from each token.
 ok markus@
 OpenBSD-Commit-ID: 36df3afb8eb94eec6b2541f063d0d164ef8b488d
 Reference:https://github.com/openssh/openssh-portable/commit/881d9c6af9da4257c69c327c4e2f1508b2fa754b
 ---
 ssh-agent.c | 105 +++++++++++++++++++++++++++++++++++++++++++++++++---
 1 file changed, 100 insertions(+), 5 deletions(-)
 diff --git a/ssh-agent.c b/ssh-agent.c
 index f52861163..1d4c321eb 100644
 --- a/ssh-agent.c
 +++ b/ssh-agent.c
@@ -1,4 +1,4 @@
 -/* $OpenBSD: ssh-agent.c,v 1.297 2023/03/09 21:06:24 jcs Exp $ */
 +/* $OpenBSD: ssh-agent.c,v 1.301 2023/12/18 14:46:12 djm Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -247,6 +247,91 @@ free_dest_constraints(struct dest_constraint *dcs, size_t ndcs)
 	free(dcs);
 }
 +static void
 +dup_dest_constraint_hop(const struct dest_constraint_hop *dch,
 +    struct dest_constraint_hop *out)
 +{
 +	u_int i;
 +	int r;
 +
 +	out->user = dch->user == NULL ? NULL : xstrdup(dch->user);
 +	out->hostname = dch->hostname == NULL ? NULL : xstrdup(dch->hostname);
 +	out->is_ca = dch->is_ca;
 +	out->nkeys = dch->nkeys;
 +	out->keys = out->nkeys == 0 ? NULL :
 +	    xcalloc(out->nkeys, sizeof(*out->keys));
 +	out->key_is_ca = out->nkeys == 0 ? NULL :
 +	    xcalloc(out->nkeys, sizeof(*out->key_is_ca));
 +	for (i = 0; i < dch->nkeys; i++) {
 +		if (dch->keys[i] != NULL &&
 +		    (r = sshkey_from_private(dch->keys[i],
 +		    &(out->keys[i]))) != 0)
 +			fatal_fr(r, "copy key");
 +		out->key_is_ca[i] = dch->key_is_ca[i];
 +	}
 +}
 +
 +static struct dest_constraint *
 +dup_dest_constraints(const struct dest_constraint *dcs, size_t ndcs)
 +{
 +	size_t i;
 +	struct dest_constraint *ret;
 +
 +	if (ndcs == 0)
 +		return NULL;
 +	ret = xcalloc(ndcs, sizeof(*ret));
 +	for (i = 0; i < ndcs; i++) {
 +		dup_dest_constraint_hop(&dcs[i].from, &ret[i].from);
 +		dup_dest_constraint_hop(&dcs[i].to, &ret[i].to);
 +	}
 +	return ret;
 +}
 +
 +#ifdef DEBUG_CONSTRAINTS
 +static void
 +dump_dest_constraint_hop(const struct dest_constraint_hop *dch)
 +{
 +	u_int i;
 +	char *fp;
 +
 +	debug_f("user %s hostname %s is_ca %d nkeys %u",
 +	    dch->user == NULL ? "(null)" : dch->user,
 +	    dch->hostname == NULL ? "(null)" : dch->hostname,
 +	    dch->is_ca, dch->nkeys);
 +	for (i = 0; i < dch->nkeys; i++) {
 +		fp = NULL;
 +		if (dch->keys[i] != NULL &&
 +		    (fp = sshkey_fingerprint(dch->keys[i],
 +		    SSH_FP_HASH_DEFAULT, SSH_FP_DEFAULT)) == NULL)
 +			fatal_f("fingerprint failed");
 +		debug_f("key %u/%u: %s%s%s key_is_ca %d", i, dch->nkeys,
 +		    dch->keys[i] == NULL ? "" : sshkey_ssh_name(dch->keys[i]),
 +		    dch->keys[i] == NULL ? "" : " ",
 +		    dch->keys[i] == NULL ? "none" : fp,
 +		    dch->key_is_ca[i]);
 +		free(fp);
 +	}
 +}
 +#endif /* DEBUG_CONSTRAINTS */
 +
 +static void
 +dump_dest_constraints(const char *context,
 +    const struct dest_constraint *dcs, size_t ndcs)
 +{
 +#ifdef DEBUG_CONSTRAINTS
 +	size_t i;
 +
 +	debug_f("%s: %zu constraints", context, ndcs);
 +	for (i = 0; i < ndcs; i++) {
 +		debug_f("constraint %zu / %zu: from: ", i, ndcs);
 +		dump_dest_constraint_hop(&dcs[i].from);
 +		debug_f("constraint %zu / %zu: to: ", i, ndcs);
 +		dump_dest_constraint_hop(&dcs[i].to);
 +	}
 +	debug_f("done for %s", context);
 +#endif /* DEBUG_CONSTRAINTS */
 +}
 +
 static void
 free_identity(Identity *id)
 {
@@ -518,13 +603,22 @@ process_request_identities(SocketEntry *e)
 	Identity *id;
 	struct sshbuf *msg, *keys;
 	int r;
 -	u_int nentries = 0;
 +	u_int i = 0, nentries = 0;
 +	char *fp;
 	debug2_f("entering");
 	if ((msg = sshbuf_new()) == NULL || (keys = sshbuf_new()) == NULL)
 		fatal_f("sshbuf_new failed");
 	TAILQ_FOREACH(id, &idtab->idlist, next) {
 +		if ((fp = sshkey_fingerprint(id->key, SSH_FP_HASH_DEFAULT,
 +		    SSH_FP_DEFAULT)) == NULL)
 +			fatal_f("fingerprint failed");
 +		debug_f("key %u / %u: %s %s", i++, idtab->nentries,
 +		    sshkey_ssh_name(id->key), fp);
 +		dump_dest_constraints(__func__,
 +		    id->dest_constraints, id->ndest_constraints);
 +		free(fp);
 		/* identity not visible, don't include in response */
 		if (identity_permitted(id, e, NULL, NULL, NULL) != 0)
 			continue;
@@ -1224,6 +1318,7 @@ process_add_identity(SocketEntry *e)
 		sshbuf_reset(e->request);
 		goto out;
 	}
 +	dump_dest_constraints(__func__, dest_constraints, ndest_constraints);
 	if (sk_provider != NULL) {
 		if (!sshkey_is_sk(k)) {
@@ -1403,6 +1498,7 @@ process_add_smartcard_key(SocketEntry *e)
 		error_f("failed to parse constraints");
 		goto send;
 	}
 +	dump_dest_constraints(__func__, dest_constraints, ndest_constraints);
 	if (e->nsession_ids != 0 && !remote_add_provider) {
 		verbose("failed PKCS#11 add of \"%.100s\": remote addition of "
 		    "providers is disabled", provider);
@@ -1438,10 +1534,9 @@ process_add_smartcard_key(SocketEntry *e)
 			}
 			id->death = death;
 			id->confirm = confirm;
 -			id->dest_constraints = dest_constraints;
 +			id->dest_constraints = dup_dest_constraints(
 +			    dest_constraints, ndest_constraints);
 			id->ndest_constraints = ndest_constraints;
 -			dest_constraints = NULL; /* transferred */
 -			ndest_constraints = 0;
 			TAILQ_INSERT_TAIL(&idtab->idlist, id, next);
 			idtab->nentries++;
 			success = 1;
 -- 
 2.33.0
--- a/backport-CVE-2023-51385-upstream-ban-user-hostnames-with-most-shell-metachar.patch
+++ b/backport-CVE-2023-51385-upstream-ban-user-hostnames-with-most-shell-metachar.patch
@ -1,100 +0,0 @@
 From 7ef3787c84b6b524501211b11a26c742f829af1a Mon Sep 17 00:00:00 2001
 From: "djm@openbsd.org" <djm@openbsd.org>
 Date: Mon, 18 Dec 2023 14:47:44 +0000
 Subject: [PATCH] upstream: ban user/hostnames with most shell metacharacters
 This makes ssh(1) refuse user or host names provided on the
 commandline that contain most shell metacharacters.
 Some programs that invoke ssh(1) using untrusted data do not filter
 metacharacters in arguments they supply. This could create
 interactions with user-specified ProxyCommand and other directives
 that allow shell injection attacks to occur.
 It's a mistake to invoke ssh(1) with arbitrary untrusted arguments,
 but getting this stuff right can be tricky, so this should prevent
 most obvious ways of creating risky situations. It however is not
 and cannot be perfect: ssh(1) has no practical way of interpreting
 what shell quoting rules are in use and how they interact with the
 user's specified ProxyCommand.
 To allow configurations that use strange user or hostnames to
 continue to work, this strictness is applied only to names coming
 from the commandline. Names specified using User or Hostname
 directives in ssh_config(5) are not affected.
 feedback/ok millert@ markus@ dtucker@ deraadt@
 OpenBSD-Commit-ID: 3b487348b5964f3e77b6b4d3da4c3b439e94b2d9
 Reference:https://anongit.mindrot.org/openssh.git/commit?id=7ef3787c84b6b524501211b11a26c742f829af1a
 ---
 ssh.c | 41 ++++++++++++++++++++++++++++++++++++++++-
 1 file changed, 40 insertions(+), 1 deletion(-)
 diff --git a/ssh.c b/ssh.c
 index 35c48e62d..48d93ddf2 100644
 --- a/ssh.c
 +++ b/ssh.c
@@ -1,4 +1,4 @@
 -/* $OpenBSD: ssh.c,v 1.585 2023/02/10 04:40:28 djm Exp $ */
 +/* $OpenBSD: ssh.c,v 1.599 2023/12/18 14:47:44 djm Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -626,6 +626,41 @@ ssh_conn_info_free(struct ssh_conn_info *cinfo)
 	free(cinfo);
 }
 +static int
 +valid_hostname(const char *s)
 +{
 +	size_t i;
 +
 +	if (*s == '-')
 +		return 0;
 +	for (i = 0; s[i] != 0; i++) {
 +		if (strchr("'`\"$\\;&<>|(){}", s[i]) != NULL ||
 +		    isspace((u_char)s[i]) || iscntrl((u_char)s[i]))
 +			return 0;
 +	}
 +	return 1;
 +}
 +
 +static int
 +valid_ruser(const char *s)
 +{
 +	size_t i;
 +
 +	if (*s == '-')
 +		return 0;
 +	for (i = 0; s[i] != 0; i++) {
 +		if (strchr("'`\";&<>|(){}", s[i]) != NULL)
 +			return 0;
 +		/* Disallow '-' after whitespace */
 +		if (isspace((u_char)s[i]) && s[i + 1] == '-')
 +			return 0;
 +		/* Disallow \ in last position */
 +		if (s[i] == '\\' && s[i + 1] == '\0')
 +			return 0;
 +	}
 +	return 1;
 +}
 +
 /*
  * Main program for the ssh client.
  */
@@ -1118,6 +1153,10 @@ main(int ac, char **av)
 	if (!host)
 		usage();
 +	if (!valid_hostname(host))
 +		fatal("hostname contains invalid characters");
 +	if (options.user != NULL && !valid_ruser(options.user))
 +		fatal("remote username contains invalid characters");
 	options.host_arg = xstrdup(host);
 	/* Initialize the command to execute on remote host. */
 -- 
 2.23.0
--- a/backport-openssh-6.6p1-keyperm.patch
+++ b/backport-openssh-6.6p1-keyperm.patch
@ -1,33 +0,0 @@
 diff -up openssh-8.2p1/authfile.c.keyperm openssh-8.2p1/authfile.c
 --- openssh-8.2p1/authfile.c.keyperm	2020-02-14 01:40:54.000000000 +0100
 +++ openssh-8.2p1/authfile.c	2020-02-17 11:55:12.841729758 +0100
 Reference:https://src.fedoraproject.org/rpms/openssh/blob/rawhide/f/backport-openssh-6.6p1-keyperm.patch
 Conflict:NA
@@ -31,6 +31,7 @@
 #include <errno.h>
 #include <fcntl.h>
 +#include <grp.h>
 #include <stdio.h>
 #include <stdarg.h>
 #include <stdlib.h>
@@ -101,7 +102,19 @@ sshkey_perm_ok(int fd, const char *filen
 #ifdef HAVE_CYGWIN
 	if (check_ntsec(filename))
 #endif
 +
 	if ((st.st_uid == getuid()) && (st.st_mode & 077) != 0) {
 +		if (st.st_mode & 040) {
 +			struct group *gr;
 +
 +			if ((gr = getgrnam("ssh_keys")) && (st.st_gid == gr->gr_gid)) {
 +				/* The only additional bit is read
 +				 * for ssh_keys group, which is fine */
 +				if ((st.st_mode & 077) == 040 ) {
 +					return 0;
 +				}
 +			}
 +		}
 		error("@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@");
 		error("@         WARNING: UNPROTECTED PRIVATE KEY FILE!          @");
 		error("@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@");
--- a/backport-upstream-Make-sure-sftp_get_limits-only-returns-0-if.patch
+++ b/backport-upstream-Make-sure-sftp_get_limits-only-returns-0-if.patch
@ -1,42 +0,0 @@
 From 676377ce67807a24e08a54cd60ec832946cc6cae Mon Sep 17 00:00:00 2001
 From: "tobhe@openbsd.org" <tobhe@openbsd.org>
 Date: Mon, 13 Nov 2023 09:18:19 +0000
 Subject: [PATCH] upstream: Make sure sftp_get_limits() only returns 0 if
 'limits'
 was initialized. This fixes a potential uninitialized use of 'limits' in
 sftp_init() if sftp_get_limits() returned early because of an unexpected
 message type.
 ok djm@
 OpenBSD-Commit-ID: 1c177d7c3becc1d71bc8763eecf61873a1d3884c
 Reference:https://github.com/openssh/openssh-portable/commit/676377ce67807a24e08a54cd60ec832946cc6cae
 Conflict:2de990142(Rename do_limits to sftp_get_limits)
 ---
 sftp-client.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)
 diff --git a/sftp-client.c b/sftp-client.c
 index 2598029f7..5cc8bb539 100644
 --- a/sftp-client.c
 +++ b/sftp-client.c
@@ -1,4 +1,4 @@
 -/* $OpenBSD: sftp-client.c,v 1.169 2023/03/08 04:43:12 guenther Exp $ */
 +/* $OpenBSD: sftp-client.c,v 1.175 2023/11/13 09:18:19 tobhe Exp $ */
 /*
  * Copyright (c) 2001-2004 Damien Miller <djm@openbsd.org>
  *
@@ -656,7 +656,7 @@ do_limits(struct sftp_conn *conn, struct sftp_limits *limits)
 		/* Disable the limits extension */
 		conn->exts &= ~SFTP_EXT_LIMITS;
 		sshbuf_free(msg);
 -		return 0;
 +		return -1;
 	}
 	memset(limits, 0, sizeof(*limits));
 -- 
 2.33.0
--- a/backport-upstream-fix-memory-leak-in-mux-proxy-mode-when-requ.patch
+++ b/backport-upstream-fix-memory-leak-in-mux-proxy-mode-when-requ.patch
@ -1,41 +0,0 @@
 From c47e1c9c7911f38b2fc2fb01b1f6ae3a3121a838 Mon Sep 17 00:00:00 2001
 From: "djm@openbsd.org" <djm@openbsd.org>
 Date: Wed, 6 Mar 2024 02:59:59 +0000
 Subject: [PATCH] upstream: fix memory leak in mux proxy mode when requesting
 forwarding.
 found by RASU JSC, reported by Maks Mishin in GHPR#467
 OpenBSD-Commit-ID: 97d96a166b1ad4b8d229864a553e3e56d3116860
 Reference:https://github.com/openssh/openssh-portable/commit/c47e1c9c7911f38b2fc2fb01b1f6ae3a3121a838
 Conflict:NA
 ---
 channels.c | 7 +++----
 1 file changed, 3 insertions(+), 4 deletions(-)
 diff --git a/channels.c b/channels.c
 index 6862556be..ece8d30d6 100644
 --- a/channels.c
 +++ b/channels.c
@@ -1,4 +1,4 @@
 -/* $OpenBSD: channels.c,v 1.430 2023/03/10 03:01:51 dtucker Exp $ */
 +/* $OpenBSD: channels.c,v 1.437 2024/03/06 02:59:59 djm Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -3245,9 +3245,8 @@ channel_proxy_downstream(struct ssh *ssh, Channel *downstream)
 			goto out;
 		}
 		/* Record that connection to this host/port is permitted. */
 -		permission_set_add(ssh, FORWARD_USER, FORWARD_LOCAL, "<mux>", -1,
 -		    listen_host, NULL, (int)listen_port, downstream);
 -		listen_host = NULL;
 +		permission_set_add(ssh, FORWARD_USER, FORWARD_LOCAL, "<mux>",
 +		    -1, listen_host, NULL, (int)listen_port, downstream);
 		break;
 	case SSH2_MSG_CHANNEL_CLOSE:
 		if (have < 4)
 -- 
 2.33.0
--- a/backport-upstream-make-parsing-user-host-consistently-look-for-the-last-in.patch
+++ b/backport-upstream-make-parsing-user-host-consistently-look-for-the-last-in.patch
@ -1,23 +1,37 @@
 From a8ad7a2952111c6ce32949a775df94286550af6b Mon Sep 17 00:00:00 2001
 From: "djm@openbsd.org" <djm@openbsd.org>
 Date: Fri, 6 Sep 2024 02:30:44 +0000
-Subject: [PATCH] upstream: make parsing user@host consistently look for the
+Subject: upstream: make parsing user@host consistently look for the last '@'
-  last '@' in the string rather than the first. This makes it possible to
+ in
-  use usernames that contain '@' characters.
+MIME-Version: 1.0
 Content-Type: text/plain; charset=UTF-8
 Content-Transfer-Encoding: 8bit
-Conflict:NA
+the string rather than the first. This makes it possible to use usernames
-Reference:https://anongit.mindrot.org/openssh.git/commit/a8ad7a2952111c6ce32949a775df94286550af6b
+that contain '@' characters.
 MIME-Version: 1.0
 Content-Type: text/plain; charset=UTF-8
 Content-Transfer-Encoding: 8bit
 Prompted by Max Zettlmeißl; feedback/ok millert@
 OpenBSD-Commit-ID: 0b16eec246cda15469ebdcf3b1e2479810e394c5
 ---
- match.c   | 6 +++---
+ match.c   | 8 ++++----
- ssh-add.c | 2 +-
+ ssh-add.c | 4 ++--
- 2 files changed, 4 insertions(+), 4 deletions(-)
+ 2 files changed, 6 insertions(+), 6 deletions(-)
 diff --git a/match.c b/match.c
-index 3ac854d..b9a8225 100644
+index d6af2561..3ef53693 100644
 --- a/match.c
 +++ b/match.c
-@@ -241,17 +241,17 @@ match_user(const char *user, const char *host, const char *ipaddr,
+@@ -1,4 +1,4 @@
 -/* $OpenBSD: match.c,v 1.44 2023/04/06 03:19:32 djm Exp $ */
 +/* $OpenBSD: match.c,v 1.45 2024/09/06 02:30:44 djm Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -241,7 +241,7 @@ match_user(const char *user, const char *host, const char *ipaddr,
 	/* test mode */
 	if (user == NULL && host == NULL && ipaddr == NULL) {
@ -26,7 +40,9 @@ index 3ac854d..b9a8225 100644
 		    match_host_and_ip(NULL, NULL, p + 1) < 0)
 			return -1;
 		return 0;
- 	}
+@@ -250,11 +250,11 @@ match_user(const char *user, const char *host, const char *ipaddr,
 	if (user == NULL)
 		return 0; /* shouldn't happen */
 -	if ((p = strchr(pattern, '@')) == NULL)
 +	if (strrchr(pattern, '@') == NULL)
@ -39,10 +55,16 @@ index 3ac854d..b9a8225 100644
 	if ((ret = match_pattern(user, pat)) == 1)
 diff --git a/ssh-add.c b/ssh-add.c
-index 8cba0a7..2b081d6 100644
+index e532d5ce..0035cb84 100644
 --- a/ssh-add.c
 +++ b/ssh-add.c
-@@ -712,7 +712,7 @@ parse_dest_constraint_hop(const char *s, struct dest_constraint_hop *dch,
+@@ -1,4 +1,4 @@
 -/* $OpenBSD: ssh-add.c,v 1.169 2023/12/18 14:46:56 djm Exp $ */
 +/* $OpenBSD: ssh-add.c,v 1.173 2024/09/06 02:30:44 djm Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -696,7 +696,7 @@ parse_dest_constraint_hop(const char *s, struct dest_constraint_hop *dch,
 	memset(dch, '\0', sizeof(*dch));
 	os = xstrdup(s);
@ -52,5 +74,4 @@ index 8cba0a7..2b081d6 100644
 	else {
 		*host++ = '\0';
 -- 
-2.43.0
+cgit v1.2.3
--- a/backport-upstream-set-errno-EAFNOSUPPORT-when-filtering-addre.patch
+++ b/backport-upstream-set-errno-EAFNOSUPPORT-when-filtering-addre.patch
@ -1,39 +0,0 @@
 From c52db0114826d73eff6cdbf205e9c1fa4f7ca6c6 Mon Sep 17 00:00:00 2001
 From: "djm@openbsd.org" <djm@openbsd.org>
 Date: Mon, 20 Nov 2023 02:50:00 +0000
 Subject: [PATCH] upstream: set errno=EAFNOSUPPORT when filtering addresses
 that don't
 match AddressFamily; yields slightly better error message if no address
 matches. bz#3526
 OpenBSD-Commit-ID: 29cea900ddd8b04a4d1968da5c4a893be2ebd9e6
 Reference:https://github.com/openssh/openssh-portable/commit/c52db0114826d73eff6cdbf205e9c1fa4f7ca6c6
 Conflict:NA
 ---
 sshconnect.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)
 diff --git a/sshconnect.c b/sshconnect.c
 index ff3d3501f..bd077c75c 100644
 --- a/sshconnect.c
 +++ b/sshconnect.c
@@ -1,4 +1,4 @@
 -/* $OpenBSD: sshconnect.c,v 1.364 2023/11/15 23:03:38 djm Exp $ */
 +/* $OpenBSD: sshconnect.c,v 1.365 2023/11/20 02:50:00 djm Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -485,7 +485,7 @@ ssh_connect_direct(struct ssh *ssh, const char *host, struct addrinfo *aitop,
 			    ai->ai_family != options.address_family) {
 				debug2_f("skipping address [%s]:%s: "
 				    "wrong address family", ntop, strport);
 -				errno = 0;
 +				errno = EAFNOSUPPORT;
 				continue;
 			}
 -- 
 2.33.0
--- a/backport-upstream-when-connecting-via-socket-the-default-case.patch
+++ b/backport-upstream-when-connecting-via-socket-the-default-case.patch
@ -1,46 +0,0 @@
 From 26f3f3bbc69196d908cad6558c8c7dc5beb8d74a Mon Sep 17 00:00:00 2001
 From: "djm@openbsd.org" <djm@openbsd.org>
 Date: Wed, 15 Nov 2023 23:03:38 +0000
 Subject: [PATCH] upstream: when connecting via socket (the default case),
 filter
 addresses by AddressFamily if one was specified. Fixes the case where, if
 CanonicalizeHostname is enabled, ssh may ignore AddressFamily. bz5326; ok
 dtucker
 OpenBSD-Commit-ID: 6c7d7751f6cd055126b2b268a7b64dcafa447439
 Reference:https://github.com/openssh/openssh-portable/commit/26f3f3bbc69196d908cad6558c8c7dc5beb8d74a
 Conflict:NA
 ---
 sshconnect.c | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)
 diff --git a/sshconnect.c b/sshconnect.c
 index e6012f01e..ff3d3501f 100644
 --- a/sshconnect.c
 +++ b/sshconnect.c
@@ -1,4 +1,4 @@
 -/* $OpenBSD: sshconnect.c,v 1.363 2023/03/10 07:17:08 dtucker Exp $ */
 +/* $OpenBSD: sshconnect.c,v 1.364 2023/11/15 23:03:38 djm Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -481,6 +481,14 @@ ssh_connect_direct(struct ssh *ssh, const char *host, struct addrinfo *aitop,
 				errno = oerrno;
 				continue;
 			}
 +			if (options.address_family != AF_UNSPEC &&
 +			    ai->ai_family != options.address_family) {
 +				debug2_f("skipping address [%s]:%s: "
 +				    "wrong address family", ntop, strport);
 +				errno = 0;
 +				continue;
 +			}
 +
 			debug("Connecting to %.200s [%.100s] port %s.",
 				host, ntop, strport);
 -- 
 2.33.0
--- a/backport-upstream-when-invoking-KnownHostsCommand-to-determin.patch
+++ b/backport-upstream-when-invoking-KnownHostsCommand-to-determin.patch
@ -1,44 +0,0 @@
 From aa7b21708511a6d4aed3839fc9f6e82e849dd4a1 Mon Sep 17 00:00:00 2001
 From: "djm@openbsd.org" <djm@openbsd.org>
 Date: Wed, 13 Dec 2023 03:28:19 +0000
 Subject: [PATCH] upstream: when invoking KnownHostsCommand to determine the
 order of
 host key algorithms to request, ensure that the hostname passed to the
 command is decorated with the port number for ports other than 22.
 This matches the behaviour of KnownHostsCommand when invoked to look
 up the actual host key.
 bz3643, ok dtucker@
 OpenBSD-Commit-ID: 5cfabc0b7c6c7ab473666df314f377b1f15420b1
 Reference:https://github.com/openssh/openssh-portable/commit/aa7b21708511a6d4aed3839fc9f6e82e849dd4a1
 Conflict:NA
 ---
 sshconnect2.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)
 diff --git a/sshconnect2.c b/sshconnect2.c
 index 5831a00c6..df6caf817 100644
 --- a/sshconnect2.c
 +++ b/sshconnect2.c
@@ -1,4 +1,4 @@
 -/* $OpenBSD: sshconnect2.c,v 1.370 2023/12/18 14:45:17 djm Exp $ */
 +/* $OpenBSD: sshconnect2.c,v 1.369 2023/12/13 03:28:19 djm Exp $ */
 /*
  * Copyright (c) 2000 Markus Friedl.  All rights reserved.
  * Copyright (c) 2008 Damien Miller.  All rights reserved.
@@ -140,7 +140,7 @@ order_hostkeyalgs(char *host, struct sockaddr *hostaddr, u_short port,
 	}
 	if (options.known_hosts_command != NULL) {
 		load_hostkeys_command(hostkeys, options.known_hosts_command,
 -		    "ORDER", cinfo, NULL, host);
 +		    "ORDER", cinfo, NULL, hostname);
 	}
 	/*
 	 * If a plain public key exists that matches the type of the best
 -- 
 2.33.0
--- a/openssh-6.6.1p1-selinux-contexts.patch
+++ b/openssh-6.6.1p1-selinux-contexts.patch
@ -93,19 +93,17 @@ index 8f32464..18a2ca4 100644
 #endif
 diff --git a/openbsd-compat/port-linux.c b/openbsd-compat/port-linux.c
-index 22ea8ef..1fc963d 100644
+--- a/openbsd-compat/port-linux.c	(revision 8241b9c0529228b4b86d88b1a6076fb9f97e4a99)
--- a/openbsd-compat/port-linux.c
+++ b/openbsd-compat/port-linux.c	(date 1703108053912)
-+++ b/openbsd-compat/port-linux.c
+@@ -207,7 +207,7 @@
-@@ -179,7 +179,7 @@ ssh_selinux_change_context(const char *newname)
+ 	xasprintf(&newctx, "%.*s%s%s", (int)(cx - oldctx + 1), oldctx,
- 	strlcpy(newctx + len, newname, newlen - len);
+ 	    newname, cx2 == NULL ? "" : cx2);
- 	if ((cx = index(cx + 1, ':')))
+
- 		strlcat(newctx, cx, newlen);
+-	debug3_f("setting context from '%s' to '%s'", oldctx, newctx);
-	debug3("%s: setting context from '%s' to '%s'", __func__,
+	debug_f("setting context from '%s' to '%s'", oldctx, newctx);
 +	debug_f("setting context from '%s' to '%s'",
 	    oldctx, newctx);
 	if (setcon(newctx) < 0)
- 		do_log2(log_level, "%s: setcon %s from %s failed with %s",
+ 		do_log2_f(log_level, "setcon %s from %s failed with %s",
-		    __func__, newctx, oldctx, strerror(errno));
+ 		    newctx, oldctx, strerror(errno));
 diff --git a/openbsd-compat/port-linux.h b/openbsd-compat/port-linux.h
 index cb51f99..8b7cda2 100644
 --- a/openbsd-compat/port-linux.h
--- a/openssh-6.7p1-coverity.patch
+++ b/openssh-6.7p1-coverity.patch
@ -17,17 +17,6 @@ diff -up openssh-8.5p1/auth-krb5.c.coverity openssh-8.5p1/auth-krb5.c
 			return oerrno;
 		}
 		/* make sure the KRB5CCNAME is set for non-standard location */
 diff -up openssh-8.5p1/auth-options.c.coverity openssh-8.5p1/auth-options.c
 --- openssh-8.5p1/auth-options.c.coverity	2021-03-02 11:31:47.000000000 +0100
 +++ openssh-8.5p1/auth-options.c	2021-03-24 12:03:33.782968159 +0100
@@ -706,6 +708,7 @@ serialise_array(struct sshbuf *m, char *
 		return r;
 	}
 	/* success */
 +	sshbuf_free(b);
 	return 0;
 }
 diff -up openssh-8.5p1/gss-genr.c.coverity openssh-8.5p1/gss-genr.c
 --- openssh-8.5p1/gss-genr.c.coverity	2021-03-26 11:52:46.613942552 +0100
 +++ openssh-8.5p1/gss-genr.c	2021-03-26 11:54:37.881726318 +0100
@ -42,32 +31,9 @@ diff -up openssh-8.5p1/gss-genr.c.coverity openssh-8.5p1/gss-genr.c
 			for ((p = strsep(&cp, ",")); p && *p != '\0';
 				(p = strsep(&cp, ","))) {
 				if (sshbuf_len(buf) != 0 &&
 diff -up openssh-8.5p1/kexgssc.c.coverity openssh-8.5p1/kexgssc.c
 --- openssh-8.5p1/kexgssc.c.coverity	2021-03-24 12:03:33.711967665 +0100
 +++ openssh-8.5p1/kexgssc.c	2021-03-24 12:03:33.783968166 +0100
@@ -98,8 +98,10 @@ kexgss_client(struct ssh *ssh)
 	default:
 		fatal_f("Unexpected KEX type %d", kex->kex_type);
 	}
 -	if (r != 0)
 +	if (r != 0) {
 +		ssh_gssapi_delete_ctx(&ctxt);
 		return r;
 +	}
 	token_ptr = GSS_C_NO_BUFFER;
 diff -up openssh-8.5p1/krl.c.coverity openssh-8.5p1/krl.c
 --- openssh-8.5p1/krl.c.coverity	2021-03-02 11:31:47.000000000 +0100
 +++ openssh-8.5p1/krl.c	2021-03-24 12:03:33.783968166 +0100
@@ -1209,6 +1209,7 @@ ssh_krl_from_blob(struct sshbuf *buf, st
 	sshkey_free(key);
 	sshbuf_free(copy);
 	sshbuf_free(sect);
 +	/* coverity[leaked_storage : FALSE] */
 	return r;
 }
@@ -1261,6 +1262,7 @@ is_key_revoked(struct ssh_krl *krl, cons
 		return r;
 	erb = RB_FIND(revoked_blob_tree, &krl->revoked_sha1s, &rb);
@ -164,23 +130,6 @@ diff -up openssh-7.4p1/monitor.c.coverity openssh-7.4p1/monitor.c
 	return (0);
  error:
 diff -up openssh-7.4p1/monitor_wrap.c.coverity openssh-7.4p1/monitor_wrap.c
 --- openssh-7.4p1/monitor_wrap.c.coverity	2016-12-23 16:40:26.892788689 +0100
 +++ openssh-7.4p1/monitor_wrap.c	2016-12-23 16:40:26.900788691 +0100
@@ -525,10 +525,10 @@ mm_pty_allocate(int *ptyfd, int *ttyfd,
 	if ((tmp1 = dup(pmonitor->m_recvfd)) == -1 ||
 	    (tmp2 = dup(pmonitor->m_recvfd)) == -1) {
 		error_f("cannot allocate fds for pty");
 -		if (tmp1 > 0)
 +		if (tmp1 >= 0)
 			close(tmp1);
 -		if (tmp2 > 0)
 -			close(tmp2);
 +		/*DEAD CODE if (tmp2 >= 0)
 +			close(tmp2);*/
 		return 0;
 	}
 	close(tmp1);
 diff -up openssh-7.4p1/openbsd-compat/bindresvport.c.coverity openssh-7.4p1/openbsd-compat/bindresvport.c
 --- openssh-7.4p1/openbsd-compat/bindresvport.c.coverity	2016-12-19 05:59:41.000000000 +0100
 +++ openssh-7.4p1/openbsd-compat/bindresvport.c	2016-12-23 16:40:26.901788691 +0100
@ -234,23 +183,6 @@ diff -up openssh-8.5p1/readconf.c.coverity openssh-8.5p1/readconf.c
 				goto out;
 			}
 			free(arg2);
 diff -up openssh-8.7p1/scp.c.coverity openssh-8.7p1/scp.c
 --- openssh-8.7p1/scp.c.coverity	2021-08-30 16:23:35.389741329 +0200
 +++ openssh-8.7p1/scp.c	2021-08-30 16:27:04.854555296 +0200
@@ -186,11 +186,11 @@ killchild(int signo)
 {
 	if (do_cmd_pid > 1) {
 		kill(do_cmd_pid, signo ? signo : SIGTERM);
 -		waitpid(do_cmd_pid, NULL, 0);
 +		(void) waitpid(do_cmd_pid, NULL, 0);
 	}
 	if (do_cmd_pid2 > 1) {
 		kill(do_cmd_pid2, signo ? signo : SIGTERM);
 -		waitpid(do_cmd_pid2, NULL, 0);
 +		(void) waitpid(do_cmd_pid2, NULL, 0);
 	}
 	if (signo)
 diff -up openssh-7.4p1/servconf.c.coverity openssh-7.4p1/servconf.c
 --- openssh-7.4p1/servconf.c.coverity	2016-12-23 16:40:26.896788690 +0100
 +++ openssh-7.4p1/servconf.c	2016-12-23 16:40:26.901788691 +0100
@ -278,18 +210,6 @@ diff -up openssh-8.7p1/serverloop.c.coverity openssh-8.7p1/serverloop.c
 		if (tun != SSH_TUNID_ANY &&
 		    auth_opts->force_tun_device != (int)tun)
 			goto done;
 diff -up openssh-7.4p1/sftp.c.coverity openssh-7.4p1/sftp.c
 --- openssh-7.4p1/sftp.c.coverity	2016-12-19 05:59:41.000000000 +0100
 +++ openssh-7.4p1/sftp.c	2016-12-23 16:40:26.903788691 +0100
@@ -224,7 +224,7 @@ killchild(int signo)
 	pid = sshpid;
 	if (pid > 1) {
 		kill(pid, SIGTERM);
 -		waitpid(pid, NULL, 0);
 +		(void) waitpid(pid, NULL, 0);
 	}
 	_exit(1);
 diff -up openssh-7.4p1/ssh-agent.c.coverity openssh-7.4p1/ssh-agent.c
 --- openssh-7.4p1/ssh-agent.c.coverity	2016-12-19 05:59:41.000000000 +0100
 +++ openssh-7.4p1/ssh-agent.c	2016-12-23 16:40:26.903788691 +0100
@ -301,28 +221,6 @@ diff -up openssh-7.4p1/ssh-agent.c.coverity openssh-7.4p1/ssh-agent.c
 			return NULL;
 		}
 		/* validate also provider from URI */
@@ -1220,8 +1220,8 @@ main(int ac, char **av)
 	sanitise_stdfd();
 	/* drop */
 -	setegid(getgid());
 -	setgid(getgid());
 +	(void) setegid(getgid());
 +	(void) setgid(getgid());
 	platform_disable_tracing(0);	/* strict=no */
 diff -up openssh-8.5p1/ssh.c.coverity openssh-8.5p1/ssh.c
 --- openssh-8.5p1/ssh.c.coverity	2021-03-24 12:03:33.779968138 +0100
 +++ openssh-8.5p1/ssh.c	2021-03-24 12:03:33.786968187 +0100
@@ -1746,6 +1746,7 @@ control_persist_detach(void)
 		close(muxserver_sock);
 		muxserver_sock = -1;
 		options.control_master = SSHCTL_MASTER_NO;
 +		/* coverity[leaked_handle: FALSE]*/
 		muxclient(options.control_path);
 		/* muxclient() doesn't return on success. */
 		fatal("Failed to connect to new control master");
 diff -up openssh-7.4p1/sshd.c.coverity openssh-7.4p1/sshd.c
 --- openssh-7.4p1/sshd.c.coverity	2016-12-23 16:40:26.897788690 +0100
 +++ openssh-7.4p1/sshd.c	2016-12-23 16:40:26.904788692 +0100
--- a/openssh-7.2p2-x11.patch
+++ b/openssh-7.2p2-x11.patch
@ -1,7 +1,7 @@
-diff -up openssh-7.2p2/channels.c.x11 openssh-7.2p2/channels.c
+diff --git a/channels.c b/channels.c
--- openssh-7.2p2/channels.c.x11	2016-03-09 19:04:48.000000000 +0100
+--- a/channels.c	(revision 8241b9c0529228b4b86d88b1a6076fb9f97e4a99)
-+++ openssh-7.2p2/channels.c	2016-06-03 10:42:04.775164520 +0200
+++ b/channels.c	(date 1703026069921)
-@@ -3990,21 +3990,24 @@ x11_create_display_inet(int x11_display_
+@@ -5075,11 +5075,13 @@
 }
 static int
@ -14,8 +14,10 @@ diff -up openssh-7.2p2/channels.c.x11 openssh-7.2p2/channels.c
 +    if (len <= 0)
 +        return -1;
 	sock = socket(AF_UNIX, SOCK_STREAM, 0);
- 	if (sock == -1)
+ 	if (sock == -1) {
 		error("socket: %.100s", strerror(errno));
@@ -5087,11 +5089,12 @@
 	}
 	memset(&addr, 0, sizeof(addr));
 	addr.sun_family = AF_UNIX;
 -	strlcpy(addr.sun_path, pathname, sizeof addr.sun_path);
@ -30,7 +32,7 @@ diff -up openssh-7.2p2/channels.c.x11 openssh-7.2p2/channels.c
 	return -1;
 }
-@@ -4012,8 +4015,18 @@ static int
+@@ -5099,8 +5102,18 @@
 connect_local_xsocket(u_int dnr)
 {
 	char buf[1024];
--- a/backport-openssh-7.7p1-fips.patch
+++ b/backport-openssh-7.7p1-fips.patch
@ -1,45 +1,6 @@
-From 94f3898f43a7ef0c53dd50c60ce6d6f884de28e1 Mon Sep 17 00:00:00 2001
+diff -up openssh-8.6p1/dh.c.fips openssh-8.6p1/dh.c
-Date: Tue, 20 Aug 2024 20:17:01 +0800
+--- openssh-8.6p1/dh.c.fips	2021-04-16 05:55:25.000000000 +0200
-Subject: [PATCH] backport-openssh-7.7p1-fips
+++ openssh-8.6p1/dh.c	2021-05-06 12:12:10.107634472 +0200
 Reference:https://src.fedoraproject.org/rpms/openssh/blob/rawhide/f/backport-openssh-7.7p1-fips.patch
 Conflict:NA
 ---
 cipher-aes.c             |  3 +-
 dh.c                     | 41 +++++++++++++++++++++++++++
 dh.h                     |  1 +
 kex.c                    |  6 +++-
 kexgexc.c                |  5 ++++
 myproposal.h             | 33 ++++++++++++++++++++++
 readconf.c               | 16 +++++++----
 sandbox-seccomp-filter.c |  3 ++
 servconf.c               | 16 +++++++----
 ssh-keygen.c             | 17 ++++++++++-
 ssh-rsa.c                |  3 ++
 ssh.c                    |  5 ++++
 sshconnect2.c            | 61 ++++++++++++++++++++++------------------
 sshd.c                   | 19 ++++++++++---
 sshkey.c                 |  1 +
 15 files changed, 186 insertions(+), 44 deletions(-)
 diff --git a/cipher-aes.c b/cipher-aes.c
 index 8b10172..1a07697 100644
 --- a/cipher-aes.c
 +++ b/cipher-aes.c
@@ -154,7 +154,8 @@ evp_rijndael(void)
 	rijndal_cbc.do_cipher = ssh_rijndael_cbc;
 #ifndef SSH_OLD_EVP
 	rijndal_cbc.flags = EVP_CIPH_CBC_MODE | EVP_CIPH_VARIABLE_LENGTH |
 -	    EVP_CIPH_ALWAYS_CALL_INIT | EVP_CIPH_CUSTOM_IV;
 +	    EVP_CIPH_ALWAYS_CALL_INIT | EVP_CIPH_CUSTOM_IV |
 +	    EVP_CIPH_FLAG_FIPS;
 #endif
 	return (&rijndal_cbc);
 }
 diff --git a/dh.c b/dh.c
 index ce2eb47..166cb02 100644
 --- a/dh.c
 +++ b/dh.c
@@ -36,6 +36,7 @@
 #include <openssl/bn.h>
@ -48,12 +9,12 @@ index ce2eb47..166cb02 100644
 #include "dh.h"
 #include "pathnames.h"
-@@ -164,6 +165,12 @@ choose_dh(int min, int wantbits, int max)
+@@ -164,6 +164,12 @@ choose_dh(int min, int wantbits, int max
 	int best, bestcount, which, linenum;
 	struct dhgroup dhg;
 +	if (FIPS_mode()) {
-+		logit("Using arbitrary primes is not allowed in FIPS mode."
+		verbose("Using arbitrary primes is not allowed in FIPS mode."
 +		    " Falling back to known groups.");
 +		return (dh_new_group_fallback(max));
 +	}
@ -61,7 +22,7 @@ index ce2eb47..166cb02 100644
 	if ((f = fopen(get_moduli_filename(), "r")) == NULL) {
 		logit("WARNING: could not open %s (%s), using fixed modulus",
 		    get_moduli_filename(), strerror(errno));
-@@ -502,4 +509,38 @@ dh_estimate(int bits)
+@@ -502,4 +508,38 @@ dh_estimate(int bits)
 	return 8192;
 }
@ -100,10 +61,9 @@ index ce2eb47..166cb02 100644
 +}
 +
 #endif /* WITH_OPENSSL */
-diff --git a/dh.h b/dh.h
+diff -up openssh-8.6p1/dh.h.fips openssh-8.6p1/dh.h
-index c6326a3..e51e292 100644
+--- openssh-8.6p1/dh.h.fips	2021-05-06 12:08:36.498926877 +0200
--- a/dh.h
+++ openssh-8.6p1/dh.h	2021-05-06 12:11:28.393298005 +0200
 +++ b/dh.h
@@ -45,6 +45,7 @@ DH	*dh_new_group_fallback(int);
 int	 dh_gen_key(DH *, int);
@ -112,19 +72,18 @@ index c6326a3..e51e292 100644
 u_int	 dh_estimate(int);
 void	 dh_set_moduli_file(const char *);
-diff --git a/kex.c b/kex.c
+diff -up openssh-8.6p1/kex.c.fips openssh-8.6p1/kex.c
-index 36ae36c..1636f25 100644
+--- openssh-8.6p1/kex.c.fips	2021-05-06 12:08:36.489926807 +0200
--- a/kex.c
+++ openssh-8.6p1/kex.c	2021-05-06 12:08:36.498926877 +0200
-+++ b/kex.c
+@@ -39,6 +39,7 @@
-@@ -40,6 +40,7 @@
+ 
 #ifdef WITH_OPENSSL
 #include <openssl/crypto.h>
 #include <openssl/dh.h>
 +#include <openssl/fips.h>
 #include <openssl/dh.h>
 # ifdef HAVE_EVP_KDF_CTX_NEW_ID
 # include <openssl/kdf.h>
- # endif
+@@ -203,7 +203,10 @@ kex_names_valid(const char *names)
@@ -205,7 +206,10 @@ kex_names_valid(const char *names)
 	for ((p = strsep(&cp, ",")); p && *p != '\0';
 	    (p = strsep(&cp, ","))) {
 		if (kex_alg_by_name(p) == NULL) {
@ -136,10 +95,9 @@ index 36ae36c..1636f25 100644
 			free(s);
 			return 0;
 		}
-diff --git a/kexgexc.c b/kexgexc.c
+diff -up openssh-8.6p1/kexgexc.c.fips openssh-8.6p1/kexgexc.c
-index e99e0cf..4c3feae 100644
+--- openssh-8.6p1/kexgexc.c.fips	2021-04-16 05:55:25.000000000 +0200
--- a/kexgexc.c
+++ openssh-8.6p1/kexgexc.c	2021-05-06 12:08:36.498926877 +0200
 +++ b/kexgexc.c
@@ -28,6 +28,7 @@
 #ifdef WITH_OPENSSL
@ -148,7 +106,7 @@ index e99e0cf..4c3feae 100644
 #include <sys/types.h>
 #include <openssl/dh.h>
-@@ -115,6 +116,10 @@ input_kex_dh_gex_group(int type, u_int32_t seq, struct ssh *ssh)
+@@ -115,6 +116,10 @@ input_kex_dh_gex_group(int type, u_int32
 		r = SSH_ERR_ALLOC_FAIL;
 		goto out;
 	}
@ -159,11 +117,10 @@ index e99e0cf..4c3feae 100644
 	p = g = NULL; /* belong to kex->dh now */
 	/* generate and send 'e', client DH public key */
-diff --git a/myproposal.h b/myproposal.h
+diff -up openssh-8.6p1/myproposal.h.fips openssh-8.6p1/myproposal.h
-index ee6e9f7..ff8dfa8 100644
+--- openssh-8.6p1/myproposal.h.fips	2021-04-16 05:55:25.000000000 +0200
--- a/myproposal.h
+++ openssh-8.6p1/myproposal.h	2021-05-06 12:08:36.498926877 +0200
-+++ b/myproposal.h
+@@ -57,6 +57,18 @@
@@ -56,6 +56,18 @@
 	"rsa-sha2-512," \
 	"rsa-sha2-256"
@ -177,12 +134,12 @@ index ee6e9f7..ff8dfa8 100644
 +	"ecdsa-sha2-nistp384," \
 +	"ecdsa-sha2-nistp521," \
 +	"rsa-sha2-512," \
-+	"rsa-sha2-256," \
+	"rsa-sha2-256"
 +
 #define	KEX_SERVER_ENCRYPT \
 	"chacha20-poly1305@openssh.com," \
 	"aes128-ctr,aes192-ctr,aes256-ctr," \
-@@ -77,6 +89,27 @@
+@@ -78,6 +92,27 @@
 #define KEX_CLIENT_MAC KEX_SERVER_MAC
@ -210,19 +167,18 @@ index ee6e9f7..ff8dfa8 100644
 /* Not a KEX value, but here so all the algorithm defaults are together */
 #define	SSH_ALLOWED_CA_SIGALGS	\
 	"ssh-ed25519," \
-diff --git a/readconf.c b/readconf.c
+diff -up openssh-8.6p1/readconf.c.fips openssh-8.6p1/readconf.c
-index bd8627c..dd22c3c 100644
+--- openssh-8.6p1/readconf.c.fips	2021-05-06 12:08:36.428926336 +0200
--- a/readconf.c
+++ openssh-8.6p1/readconf.c	2021-05-06 12:08:36.499926885 +0200
-+++ b/readconf.c
+@@ -39,6 +39,7 @@
-@@ -24,6 +24,7 @@
+ #include <string.h>
- #include <netinet/in_systm.h>
+ #include <stdarg.h>
- #include <netinet/ip.h>
+ #include <unistd.h>
 #include <arpa/inet.h>
 +#include <openssl/fips.h>
- 
+ #ifdef USE_SYSTEM_GLOB
- #include <ctype.h>
+ # include <glob.h>
- #include <errno.h>
+ #else
-@@ -2711,11 +2712,16 @@ fill_default_options(Options * options)
+@@ -2538,11 +2538,16 @@ fill_default_options(Options * options)
 	all_key = sshkey_alg_list(0, 0, 1, ',');
 	all_sig = sshkey_alg_list(0, 1, 1, ',');
 	/* remove unsupported algos from default lists */
@ -244,11 +200,10 @@ index bd8627c..dd22c3c 100644
 #define ASSEMBLE(what, defaults, all) \
 	do { \
 		if ((r = kex_assemble_names(&options->what, \
-diff --git a/sandbox-seccomp-filter.c b/sandbox-seccomp-filter.c
+diff -up openssh-8.6p1/sandbox-seccomp-filter.c.fips openssh-8.6p1/sandbox-seccomp-filter.c
-index 139b6fb..5376800 100644
+--- openssh-8.6p1/sandbox-seccomp-filter.c.fips	2021-05-06 12:08:36.463926606 +0200
--- a/sandbox-seccomp-filter.c
+++ openssh-8.6p1/sandbox-seccomp-filter.c	2021-05-06 12:08:36.499926885 +0200
-+++ b/sandbox-seccomp-filter.c
+@@ -160,6 +160,9 @@ static const struct sock_filter preauth_
@@ -230,6 +230,9 @@ static const struct sock_filter preauth_insns[] = {
 #ifdef __NR_open
 	SC_DENY(__NR_open, EACCES),
 #endif
@ -258,19 +213,18 @@ index 139b6fb..5376800 100644
 #ifdef __NR_openat
 	SC_DENY(__NR_openat, EACCES),
 #endif
-diff --git a/servconf.c b/servconf.c
+diff -up openssh-8.6p1/servconf.c.fips openssh-8.6p1/servconf.c
-index 0dbf90c..24db0cc 100644
+--- openssh-8.6p1/servconf.c.fips	2021-05-06 12:08:36.455926545 +0200
--- a/servconf.c
+++ openssh-8.6p1/servconf.c	2021-05-06 12:08:36.500926893 +0200
-+++ b/servconf.c
+@@ -38,6 +38,7 @@
-@@ -26,6 +26,7 @@
+ #include <limits.h>
- #ifdef HAVE_NET_ROUTE_H
+ #include <stdarg.h>
- #include <net/route.h>
+ #include <errno.h>
 #endif
 +#include <openssl/fips.h>
- 
+ #ifdef HAVE_UTIL_H
- #include <ctype.h>
+ #include <util.h>
- #include <netdb.h>
+ #endif
-@@ -230,11 +231,16 @@ assemble_algorithms(ServerOptions *o)
+@@ -226,11 +226,16 @@ assemble_algorithms(ServerOptions *o)
 	all_key = sshkey_alg_list(0, 0, 1, ',');
 	all_sig = sshkey_alg_list(0, 1, 1, ',');
 	/* remove unsupported algos from default lists */
@ -292,75 +246,9 @@ index 0dbf90c..24db0cc 100644
 #define ASSEMBLE(what, defaults, all) \
 	do { \
 		if ((r = kex_assemble_names(&o->what, defaults, all)) != 0) \
-diff --git a/ssh-keygen.c b/ssh-keygen.c
+diff -up openssh-8.6p1/ssh.c.fips openssh-8.6p1/ssh.c
-index 46f4998..5c48ee0 100644
+--- openssh-8.6p1/ssh.c.fips	2021-05-06 12:08:36.467926637 +0200
--- a/ssh-keygen.c
+++ openssh-8.6p1/ssh.c	2021-05-06 12:08:36.500926893 +0200
 +++ b/ssh-keygen.c
@@ -23,6 +23,7 @@
 #include <openssl/pem.h>
 #include "openbsd-compat/openssl-compat.h"
 #endif
 +#include <openssl/fips.h>
 #ifdef HAVE_STDINT_H
 # include <stdint.h>
@@ -207,6 +208,12 @@ type_bits_valid(int type, const char *name, u_int32_t *bitsp)
 #endif
 	}
 #ifdef WITH_OPENSSL
 +	if (FIPS_mode()) {
 +		if (type == KEY_DSA)
 +			fatal("DSA keys are not allowed in FIPS mode");
 +		if (type == KEY_ED25519)
 +			fatal("ED25519 keys are not allowed in FIPS mode");
 +	}
 	switch (type) {
 	case KEY_DSA:
 		if (*bitsp != 1024)
@@ -1113,9 +1120,17 @@ do_gen_all_hostkeys(struct passwd *pw)
 			first = 1;
 			printf("%s: generating new host keys: ", __progname);
 		}
 +		type = sshkey_type_from_name(key_types[i].key_type);
 +
 +		/* Skip the keys that are not supported in FIPS mode */
 +		if (FIPS_mode() && (type == KEY_DSA || type == KEY_ED25519)) {
 +			logit("Skipping %s key in FIPS mode",
 +			    key_types[i].key_type_display);
 +			goto next;
 +		}
 +
 		printf("%s ", key_types[i].key_type_display);
 		fflush(stdout);
 -		type = sshkey_type_from_name(key_types[i].key_type);
 		if ((fd = mkstemp(prv_tmp)) == -1) {
 			error("Could not save your private key in %s: %s",
 			    prv_tmp, strerror(errno));
 diff --git a/ssh-rsa.c b/ssh-rsa.c
 index 88a98fd..17662be 100644
 --- a/ssh-rsa.c
 +++ b/ssh-rsa.c
@@ -25,6 +25,7 @@
 #include <openssl/err.h>
 #include <openssl/core_names.h>
 #include <openssl/param_build.h>
 +#include <openssl/fips.h>
 #include <stdarg.h>
 #include <string.h>
@@ -162,6 +163,8 @@ ssh_rsa_generate(struct sshkey *k, int bits)
 		goto out;
 	if (EVP_PKEY_keygen(ctx, &res) <= 0) {
 +		if (FIPS_mode())
 +			logit_f("the key length might be unsupported by FIPS mode approved key generation method");
 		ret = SSH_ERR_LIBCRYPTO_ERROR;
 		goto out;
 	}
 diff --git a/ssh.c b/ssh.c
 index 4caa6e1..d144a25 100644
 --- a/ssh.c
 +++ b/ssh.c
@@ -77,6 +77,7 @@
 #include <openssl/evp.h>
 #include <openssl/err.h>
@ -369,7 +257,7 @@ index 4caa6e1..d144a25 100644
 #include "openbsd-compat/openssl-compat.h"
 #include "openbsd-compat/sys-queue.h"
-@@ -1564,6 +1565,10 @@ main(int ac, char **av)
+@@ -1516,6 +1517,10 @@ main(int ac, char **av)
 		exit(0);
 	}
@ -380,10 +268,9 @@ index 4caa6e1..d144a25 100644
 	/* Expand SecurityKeyProvider if it refers to an environment variable */
 	if (options.sk_provider != NULL && *options.sk_provider == '$' &&
 	    strlen(options.sk_provider) > 1) {
-diff --git a/sshconnect2.c b/sshconnect2.c
+diff -up openssh-8.6p1/sshconnect2.c.fips openssh-8.6p1/sshconnect2.c
-index 1e217e4..1d72a91 100644
+--- openssh-8.6p1/sshconnect2.c.fips	2021-05-06 12:08:36.485926777 +0200
--- a/sshconnect2.c
+++ openssh-8.6p1/sshconnect2.c	2021-05-06 12:08:36.501926900 +0200
 +++ b/sshconnect2.c
@@ -45,6 +45,8 @@
 #include <vis.h>
 #endif
@ -393,7 +280,7 @@ index 1e217e4..1d72a91 100644
 #include "openbsd-compat/sys-queue.h"
 #include "xmalloc.h"
-@@ -276,36 +278,41 @@ ssh_kex2(struct ssh *ssh, char *host, struct sockaddr *hostaddr, u_short port,
+@@ -269,36 +271,41 @@ ssh_kex2(struct ssh *ssh, char *host, st
 #if defined(GSSAPI) && defined(WITH_OPENSSL)
 	if (options.gss_keyex) {
@ -462,11 +349,10 @@ index 1e217e4..1d72a91 100644
 		}
 	}
 #endif
-diff --git a/sshd.c b/sshd.c
+diff -up openssh-8.6p1/sshd.c.fips openssh-8.6p1/sshd.c
-index 595e44a..f49e2e5 100644
+--- openssh-8.6p1/sshd.c.fips	2021-05-06 12:08:36.493926838 +0200
--- a/sshd.c
+++ openssh-8.6p1/sshd.c	2021-05-06 12:13:56.501492639 +0200
-+++ b/sshd.c
+@@ -66,6 +66,7 @@
@@ -69,6 +69,7 @@
 #endif
 #include <pwd.h>
 #include <signal.h>
@ -474,7 +360,7 @@ index 595e44a..f49e2e5 100644
 #include <stdarg.h>
 #include <stdio.h>
 #include <stdlib.h>
-@@ -80,6 +81,7 @@
+@@ -77,6 +78,7 @@
 #include <openssl/dh.h>
 #include <openssl/bn.h>
 #include <openssl/rand.h>
@ -482,15 +368,21 @@ index 595e44a..f49e2e5 100644
 #include "openbsd-compat/openssl-compat.h"
 #endif
-@@ -1665,6 +1667,7 @@ main(int ac, char **av)
+@@ -1931,6 +1931,13 @@ main(int ac, char **av)
- 	sigemptyset(&sigmask);
+ 		    &key, NULL)) != 0 && r != SSH_ERR_SYSTEM_ERROR)
- 	sigprocmask(SIG_SETMASK, &sigmask, NULL);
+ 			do_log2_r(r, ll, "Unable to load host key \"%s\"",
- 
+ 			    options.host_key_files[i]);
-+	OpenSSL_add_all_algorithms();
+		if (FIPS_mode() && key != NULL && (sshkey_type_plain(key->type) == KEY_ED25519_SK
- 	/* Save argv. Duplicate so setproctitle emulation doesn't clobber it */
+				||  sshkey_type_plain(key->type) == KEY_ED25519)) {
- 	saved_argc = ac;
+		    logit_f("sshd: Ed25519 keys are not allowed in FIPS mode, skipping %s", options.host_key_files[i]);
- 	rexec_argc = ac;
+		    sshkey_free(key);
-@@ -2160,6 +2163,10 @@ main(int ac, char **av)
+		    key = NULL;
 +		    continue;
 +		}
 		if (sshkey_is_sk(key) &&
 		    key->sk_flags & SSH_SK_USER_PRESENCE_REQD) {
 			debug("host key %s requires user presence, ignoring",
@@ -2110,6 +2113,10 @@ main(int ac, char **av)
 	/* Reinitialize the log (because of the fork above). */
 	log_init(__progname, options.log_level, options.log_facility, log_stderr);
@ -501,7 +393,7 @@ index 595e44a..f49e2e5 100644
 	/*
 	 * Chdir to the root directory so that the current disk can be
 	 * unmounted if desired.
-@@ -2535,10 +2542,14 @@ do_ssh2_kex(struct ssh *ssh)
+@@ -2494,10 +2501,14 @@ do_ssh2_kex(struct ssh *ssh)
 	if (strlen(myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS]) == 0)
 		orig = NULL;
@ -520,18 +412,267 @@ index 595e44a..f49e2e5 100644
 	if (gss && orig)
 		xasprintf(&newstr, "%s,%s", gss, orig);
-diff --git a/sshkey.c b/sshkey.c
+diff -up openssh-8.6p1/sshkey.c.fips openssh-8.6p1/sshkey.c
-index 1aee244..be2c399 100644
+--- openssh-8.6p1/sshkey.c.fips	2021-05-06 12:08:36.493926838 +0200
--- a/sshkey.c
+++ openssh-8.6p1/sshkey.c	2021-05-06 12:08:36.502926908 +0200
-+++ b/sshkey.c
+@@ -36,6 +36,7 @@
@@ -34,6 +34,7 @@
 #include <openssl/evp.h>
 #include <openssl/err.h>
 #include <openssl/pem.h>
 +#include <openssl/crypto.h>
 #include <openssl/core_names.h>
 #include <openssl/param_build.h>
 +#include <openssl/fips.h>
 #endif
 -- 
 2.33.0
 #include "crypto_api.h"
@@ -57,6 +58,7 @@
 #define SSHKEY_INTERNAL
 #include "sshkey.h"
 #include "match.h"
 +#include "log.h"
 #include "ssh-sk.h"
 #ifdef WITH_XMSS
@@ -285,6 +285,18 @@ sshkey_alg_list(int certs_only, int plai
 		impl = keyimpls[i];
 		if (impl->name == NULL || impl->type == KEY_NULL)
 			continue;
 +		if (FIPS_mode()) {
 +			switch (impl->type) {
 +			case KEY_ED25519:
 +			case KEY_ED25519_SK:
 +			case KEY_ED25519_CERT:
 +			case KEY_ED25519_SK_CERT:
 +			     continue;
 +			     break;
 +			default:
 +			     break;
 +			}
 +		}
 		if (!include_sigonly && impl->sigonly)
 			continue;
 		if ((certs_only && !impl->cert) || (plain_only && impl->cert))
@@ -1503,6 +1503,20 @@ sshkey_read(struct sshkey *ret, char **c
 		return SSH_ERR_EC_CURVE_MISMATCH;
 	}
 +	switch (type) {
 +	case KEY_ED25519:
 +	case KEY_ED25519_SK:
 +	case KEY_ED25519_CERT:
 +	case KEY_ED25519_SK_CERT:
 +		if (FIPS_mode()) {
 +		    sshkey_free(k);
 +		    logit_f("Ed25519 keys are not allowed in FIPS mode");
 +		    return SSH_ERR_INVALID_ARGUMENT;
 +		}
 +		break;
 +	default:
 +		break;
 +	}
 	/* Fill in ret from parsed key */
 	sshkey_free_contents(ret);
 	*ret = *k;
@@ -2916,6 +2916,11 @@ sshkey_sign(struct sshkey *key,
 		*lenp = 0;
 	if (datalen > SSH_KEY_MAX_SIGN_DATA_SIZE)
 		return SSH_ERR_INVALID_ARGUMENT;
 +		if (FIPS_mode() && ((key->type == KEY_ED25519_SK) || (key->type == KEY_ED25519_SK_CERT))) {
 +		    logit_f("Ed25519 keys are not allowed in FIPS mode");
 +		    return SSH_ERR_INVALID_ARGUMENT;
 +		}
 +		/* Fallthrough */
 	if ((impl = sshkey_impl_from_key(key)) == NULL)
 		return SSH_ERR_KEY_TYPE_UNKNOWN;
 	if ((r = sshkey_unshield_private(key)) != 0)
@@ -2973,6 +2978,10 @@ sshkey_verify(const struct sshkey *key,
 		*detailsp = NULL;
 	if (siglen == 0 || dlen > SSH_KEY_MAX_SIGN_DATA_SIZE)
 		return SSH_ERR_INVALID_ARGUMENT;
 +		if (FIPS_mode() && ((key->type == KEY_ED25519_SK) || (key->type == KEY_ED25519_SK_CERT))) {
 +		    logit_f("Ed25519 keys are not allowed in FIPS mode");
 +		    return SSH_ERR_INVALID_ARGUMENT;
 +		}
 	if ((impl = sshkey_impl_from_key(key)) == NULL)
 		return SSH_ERR_KEY_TYPE_UNKNOWN;
 	return impl->funcs->verify(key, sig, siglen, data, dlen,
 diff -up openssh-8.6p1/ssh-keygen.c.fips openssh-8.6p1/ssh-keygen.c
 --- openssh-8.6p1/ssh-keygen.c.fips	2021-05-06 12:08:36.467926637 +0200
 +++ openssh-8.6p1/ssh-keygen.c	2021-05-06 12:08:36.503926916 +0200
@@ -20,6 +20,7 @@
 #ifdef WITH_OPENSSL
 #include <openssl/evp.h>
 +#include <openssl/fips.h>
 #include <openssl/pem.h>
 #include "openbsd-compat/openssl-compat.h"
 #endif
@@ -205,6 +205,12 @@ type_bits_valid(int type, const char *na
 #endif
 	}
 #ifdef WITH_OPENSSL
 +	if (FIPS_mode()) {
 +		if (type == KEY_DSA)
 +			fatal("DSA keys are not allowed in FIPS mode");
 +		if (type == KEY_ED25519 || type == KEY_ED25519_SK)
 +			fatal("ED25519 keys are not allowed in FIPS mode");
 +	}
 	switch (type) {
 	case KEY_DSA:
 		if (*bitsp != 1024)
@@ -1098,9 +1104,17 @@ do_gen_all_hostkeys(struct passwd *pw)
 			first = 1;
 			printf("%s: generating new host keys: ", __progname);
 		}
 +		type = sshkey_type_from_name(key_types[i].key_type);
 +
 +		/* Skip the keys that are not supported in FIPS mode */
 +		if (FIPS_mode() && (type == KEY_DSA || type == KEY_ED25519)) {
 +			logit("Skipping %s key in FIPS mode",
 +			    key_types[i].key_type_display);
 +			goto next;
 +		}
 +
 		printf("%s ", key_types[i].key_type_display);
 		fflush(stdout);
 -		type = sshkey_type_from_name(key_types[i].key_type);
 		if ((fd = mkstemp(prv_tmp)) == -1) {
 			error("Could not save your private key in %s: %s",
 			    prv_tmp, strerror(errno));
 diff -up openssh-9.3p1/ssh-rsa.c.evpgenrsa openssh-9.3p1/ssh-rsa.c
 --- openssh-9.3p1/ssh-rsa.c.evpgenrsa	2022-06-30 15:14:58.200518353 +0200
 +++ openssh-9.3p1/ssh-rsa.c	2022-06-30 15:24:31.499641196 +0200
@@ -33,6 +33,7 @@
 #include <openssl/err.h>
 #include <openssl/core_names.h>
 #include <openssl/param_build.h>
 +#include <openssl/fips.h>
 #include <stdarg.h>
 #include <string.h>
@@ -1705,6 +1707,8 @@ ssh_rsa_generate(u_int bits, RSA
 		goto out;
 	if (EVP_PKEY_keygen(ctx, &res) <= 0) {
 +		if (FIPS_mode())
 +			logit_f("the key length might be unsupported by FIPS mode approved key generation method");
 		ret = SSH_ERR_LIBCRYPTO_ERROR;
 		goto out;
 	}
 diff -up openssh-8.7p1/kexgen.c.fips3 openssh-8.7p1/kexgen.c
 --- openssh-8.7p1/kexgen.c.fips3	2022-07-11 16:11:21.973519913 +0200
 +++ openssh-8.7p1/kexgen.c	2022-07-11 16:25:31.172187365 +0200
@@ -31,6 +31,7 @@
 #include <stdio.h>
 #include <string.h>
 #include <signal.h>
 +#include <openssl/fips.h>
 #include "sshkey.h"
 #include "kex.h"
@@ -115,10 +116,20 @@ kex_gen_client(struct ssh *ssh)
 		break;
 #endif
 	case KEX_C25519_SHA256:
 -		r = kex_c25519_keypair(kex);
 +		if (FIPS_mode()) {
 +		    logit_f("Key exchange type c25519 is not allowed in FIPS mode");
 +		    r = SSH_ERR_INVALID_ARGUMENT;
 +		} else {
 +		    r = kex_c25519_keypair(kex);
 +		}
 		break;
 	case KEX_KEM_SNTRUP761X25519_SHA512:
 -		r = kex_kem_sntrup761x25519_keypair(kex);
 +		if (FIPS_mode()) {
 +		    logit_f("Key exchange type sntrup761 is not allowed in FIPS mode");
 +		    r = SSH_ERR_INVALID_ARGUMENT;
 +		} else {
 +		    r = kex_kem_sntrup761x25519_keypair(kex);
 +		}
 		break;
 	default:
 		r = SSH_ERR_INVALID_ARGUMENT;
@@ -186,11 +197,21 @@ input_kex_gen_reply(int type, u_int32_t
 		break;
 #endif
 	case KEX_C25519_SHA256:
 -		r = kex_c25519_dec(kex, server_blob, &shared_secret);
 +		if (FIPS_mode()) {
 +		    logit_f("Key exchange type c25519 is not allowed in FIPS mode");
 +		    r = SSH_ERR_INVALID_ARGUMENT;
 +		} else {
 +		    r = kex_c25519_dec(kex, server_blob, &shared_secret);
 +		}
 		break;
 	case KEX_KEM_SNTRUP761X25519_SHA512:
 -		r = kex_kem_sntrup761x25519_dec(kex, server_blob,
 -		    &shared_secret);
 +		if (FIPS_mode()) {
 +		    logit_f("Key exchange type sntrup761 is not allowed in FIPS mode");
 +		    r = SSH_ERR_INVALID_ARGUMENT;
 +		} else {
 +		    r = kex_kem_sntrup761x25519_dec(kex, server_blob,
 +		        &shared_secret);
 +		}
 		break;
 	default:
 		r = SSH_ERR_INVALID_ARGUMENT;
@@ -285,12 +306,22 @@ input_kex_gen_init(int type, u_int32_t s
 		break;
 #endif
 	case KEX_C25519_SHA256:
 -		r = kex_c25519_enc(kex, client_pubkey, &server_pubkey,
 -		    &shared_secret);
 +		if (FIPS_mode()) {
 +		    logit_f("Key exchange type c25519 is not allowed in FIPS mode");
 +		    r = SSH_ERR_INVALID_ARGUMENT;
 +		} else {
 +		    r = kex_c25519_enc(kex, client_pubkey, &server_pubkey,
 +		        &shared_secret);
 +		}
 		break;
 	case KEX_KEM_SNTRUP761X25519_SHA512:
 -		r = kex_kem_sntrup761x25519_enc(kex, client_pubkey,
 -		    &server_pubkey, &shared_secret);
 +		if (FIPS_mode()) {
 +		    logit_f("Key exchange type sntrup761 is not allowed in FIPS mode");
 +		    r = SSH_ERR_INVALID_ARGUMENT;
 +		} else {
 +		    r = kex_kem_sntrup761x25519_enc(kex, client_pubkey,
 +		        &server_pubkey, &shared_secret);
 +		}
 		break;
 	default:
 		r = SSH_ERR_INVALID_ARGUMENT;
 diff -up openssh-8.7p1/ssh-ed25519.c.fips3 openssh-8.7p1/ssh-ed25519.c
 --- openssh-8.7p1/ssh-ed25519.c.fips3	2022-07-11 16:53:41.428343304 +0200
 +++ openssh-8.7p1/ssh-ed25519.c	2022-07-11 16:56:09.284663661 +0200
@@ -24,6 +24,7 @@
 #include <string.h>
 #include <stdarg.h>
 +#include <openssl/fips.h>
 #include "log.h"
 #include "sshbuf.h"
@@ -52,6 +53,10 @@ ssh_ed25519_sign(const struct sshkey *ke
 	    key->ed25519_sk == NULL ||
 	    datalen >= INT_MAX - crypto_sign_ed25519_BYTES)
 		return SSH_ERR_INVALID_ARGUMENT;
 +	if (FIPS_mode()) {
 +	    logit_f("Ed25519 keys are not allowed in FIPS mode");
 +	    return SSH_ERR_INVALID_ARGUMENT;
 +	}
 	smlen = slen = datalen + crypto_sign_ed25519_BYTES;
 	if ((sig = malloc(slen)) == NULL)
 		return SSH_ERR_ALLOC_FAIL;
@@ -108,6 +113,10 @@ ssh_ed25519_verify(const struct sshkey *
 	    dlen >= INT_MAX - crypto_sign_ed25519_BYTES ||
 	    sig == NULL || siglen == 0)
 		return SSH_ERR_INVALID_ARGUMENT;
 +	if (FIPS_mode()) {
 +	    logit_f("Ed25519 keys are not allowed in FIPS mode");
 +	    return SSH_ERR_INVALID_ARGUMENT;
 +	}
 	if ((b = sshbuf_from(sig, siglen)) == NULL)
 		return SSH_ERR_ALLOC_FAIL;
--- a/openssh-7.8p1-role-mls.patch
+++ b/openssh-7.8p1-role-mls.patch
@ -23,7 +23,7 @@ diff -up openssh/auth2.c.role-mls openssh/auth2.c
 	if ((style = strchr(user, ':')) != NULL)
 		*style++ = 0;
-@@ -296,8 +304,15 @@ input_userauth_request(int type, u_int32
+@@ -314,8 +314,15 @@ input_userauth_request(int type, u_int32
 		    use_privsep ? " [net]" : "");
 		authctxt->service = xstrdup(service);
 		authctxt->style = style ? xstrdup(style) : NULL;
@ -38,8 +38,8 @@ diff -up openssh/auth2.c.role-mls openssh/auth2.c
 +#endif
 +        }
 		userauth_banner(ssh);
- 		if (auth2_setup_methods_lists(authctxt) != 0)
+ 		if ((r = kex_server_update_ext_info(ssh)) != 0)
- 			ssh_packet_disconnect(ssh,
+ 			fatal_fr(r, "kex_server_update_ext_info failed");
 diff -up openssh/auth2-gss.c.role-mls openssh/auth2-gss.c
 --- openssh/auth2-gss.c.role-mls	2018-08-20 07:57:29.000000000 +0200
 +++ openssh/auth2-gss.c	2018-08-22 11:15:42.459799171 +0200
--- a/openssh-8.0p1-gssapi-keyex.patch
+++ b/openssh-8.0p1-gssapi-keyex.patch
@ -144,7 +144,7 @@ index 9351e042..d6446c0c 100644
 --- a/auth2-gss.c
 +++ b/auth2-gss.c
@@ -1,7 +1,7 @@
- /* $OpenBSD: auth2-gss.c,v 1.33 2021/12/19 22:12:07 djm Exp $ */
+ /* $OpenBSD: auth2-gss.c,v 1.34 2023/03/31 04:22:27 djm Exp $ */
 /*
 - * Copyright (c) 2001-2003 Simon Wilkinson. All rights reserved.
@ -160,7 +160,7 @@ index 9351e042..d6446c0c 100644
 + * The 'gssapi_keyex' userauth mechanism.
 + */
 +static int
-+userauth_gsskeyex(struct ssh *ssh)
+userauth_gsskeyex(struct ssh *ssh, const char *method)
 +{
 +	Authctxt *authctxt = ssh->authctxt;
 +	int r, authenticated = 0;
@ -221,12 +221,13 @@ index 9351e042..d6446c0c 100644
 	else
 		logit("GSSAPI MIC check failed");
-@@ -326,6 +370,12 @@ input_gssapi_mic(int type, u_int32_t plen, struct ssh *ssh)
+@@ -326,6 +370,13 @@ input_gssapi_mic(int type, u_int32_t plen, struct ssh *ssh)
 	return 0;
 }
 +Authmethod method_gsskeyex = {
 +	"gssapi-keyex",
 +	NULL,
 +	userauth_gsskeyex,
 +	&options.gss_authentication
 +};
@ -1267,7 +1268,7 @@ index ce85f043..574c7609 100644
 +#endif
 +
 /* prototype */
- static int kex_choose_conf(struct ssh *);
+ static int kex_choose_conf(struct ssh *, uint32_t seq);
 static int kex_input_newkeys(int, u_int32_t, struct ssh *);
@@ -115,15 +120,28 @@ static const struct kexalg kexalgs[] = {
 #endif /* HAVE_EVP_SHA256 || !WITH_OPENSSL */
@ -1487,7 +1488,7 @@ new file mode 100644
 index 00000000..f6e1405e
 --- /dev/null
 +++ b/kexgssc.c
-@@ -0,0 +1,600 @@
+@@ -0,0 +1,612 @@
 +/*
 + * Copyright (c) 2001-2009 Simon Wilkinson. All rights reserved.
 + *
@ -1588,8 +1589,10 @@ index 00000000..f6e1405e
 +	default:
 +		fatal_f("Unexpected KEX type %d", kex->kex_type);
 +	}
-+	if (r != 0)
+	if (r != 0) {
 +		ssh_gssapi_delete_ctx(&ctxt);
 +		return r;
 +	}
 +
 +	token_ptr = GSS_C_NO_BUFFER;
 +
@ -1652,11 +1655,16 @@ index 00000000..f6e1405e
 +			do {
 +				type = ssh_packet_read(ssh);
 +				if (type == SSH2_MSG_KEXGSS_HOSTKEY) {
 +					u_char *tmp = NULL;
 +					size_t tmp_len = 0;
 +
 +					debug("Received KEXGSS_HOSTKEY");
 +					if (server_host_key_blob)
 +						fatal("Server host key received more than once");
-+					if ((r = sshpkt_getb_froms(ssh, &server_host_key_blob)) != 0)
+					if ((r = sshpkt_get_string(ssh, &tmp, &tmp_len)) != 0)
 +						fatal("Failed to read server host key: %s", ssh_err(r));
 +					if ((server_host_key_blob = sshbuf_from(tmp, tmp_len)) == NULL)
 +						fatal("sshbuf_from failed");
 +				}
 +			} while (type == SSH2_MSG_KEXGSS_HOSTKEY);
 +
@ -1943,11 +1951,16 @@ index 00000000..f6e1405e
 +			do {
 +				type = ssh_packet_read(ssh);
 +				if (type == SSH2_MSG_KEXGSS_HOSTKEY) {
 +					u_char *tmp = NULL;
 +					size_t tmp_len = 0;
 +
 +					debug("Received KEXGSS_HOSTKEY");
 +					if (server_host_key_blob)
 +						fatal("Server host key received more than once");
-+					if ((r = sshpkt_getb_froms(ssh, &server_host_key_blob)) != 0)
+					if ((r = sshpkt_get_string(ssh, &tmp, &tmp_len)) != 0)
 +						fatal("sshpkt failed: %s", ssh_err(r));
 +					if ((server_host_key_blob = sshbuf_from(tmp, tmp_len)) == NULL)
 +						fatal("sshbuf_from failed");
 +				}
 +			} while (type == SSH2_MSG_KEXGSS_HOSTKEY);
 +
@ -2093,7 +2106,7 @@ new file mode 100644
 index 00000000..60bc02de
 --- /dev/null
 +++ b/kexgsss.c
-@@ -0,0 +1,474 @@
+@@ -0,0 +1,482 @@
 +/*
 + * Copyright (c) 2001-2009 Simon Wilkinson. All rights reserved.
 + *
@ -2160,7 +2173,7 @@ index 00000000..60bc02de
 +	 */
 +
 +	OM_uint32 ret_flags = 0;
-+	gss_buffer_desc gssbuf, recv_tok, msg_tok;
+	gss_buffer_desc gssbuf = {0, NULL}, recv_tok, msg_tok;
 +	gss_buffer_desc send_tok = GSS_C_EMPTY_BUFFER;
 +	Gssctxt *ctxt = NULL;
 +	struct sshbuf *shared_secret = NULL;
@ -2200,7 +2213,7 @@ index 00000000..60bc02de
 +		type = ssh_packet_read(ssh);
 +		switch(type) {
 +		case SSH2_MSG_KEXGSS_INIT:
-+			if (client_pubkey != NULL)
+			if (gssbuf.value != NULL)
 +				fatal("Received KEXGSS_INIT after initialising");
 +			if ((r = ssh_gssapi_sshpkt_get_buffer_desc(ssh,
 +			        &recv_tok)) != 0 ||
@ -2231,6 +2244,31 @@ index 00000000..60bc02de
 +				goto out;
 +
 +			/* Send SSH_MSG_KEXGSS_HOSTKEY here, if we want */
 +
 +			/* Calculate the hash early so we can free the
 +			* client_pubkey, which has reference to the parent
 +			* buffer state->incoming_packet
 +			*/
 +			hashlen = sizeof(hash);
 +			if ((r = kex_gen_hash(
 +			    kex->hash_alg,
 +			    kex->client_version,
 +			    kex->server_version,
 +			    kex->peer,
 +			    kex->my,
 +			    empty,
 +			    client_pubkey,
 +			    server_pubkey,
 +			    shared_secret,
 +			    hash, &hashlen)) != 0)
 +				goto out;
 +
 +			gssbuf.value = hash;
 +			gssbuf.length = hashlen;
 +
 +			sshbuf_free(client_pubkey);
 +			client_pubkey = NULL;
 +
 +			break;
 +		case SSH2_MSG_KEXGSS_CONTINUE:
 +			if ((r = ssh_gssapi_sshpkt_get_buffer_desc(ssh,
@ -2252,7 +2290,7 @@ index 00000000..60bc02de
 +		if (maj_status != GSS_S_COMPLETE && send_tok.length == 0)
 +			fatal("Zero length token output when incomplete");
 +
-+		if (client_pubkey == NULL)
+		if (gssbuf.value == NULL)
 +			fatal("No client public key");
 +
 +		if (maj_status & GSS_S_CONTINUE_NEEDED) {
@ -2281,23 +2319,6 @@ index 00000000..60bc02de
 +	if (!(ret_flags & GSS_C_INTEG_FLAG))
 +		fatal("Integrity flag wasn't set");
 +
 +	hashlen = sizeof(hash);
 +	if ((r = kex_gen_hash(
 +	    kex->hash_alg,
 +	    kex->client_version,
 +	    kex->server_version,
 +	    kex->peer,
 +	    kex->my,
 +	    empty,
 +	    client_pubkey,
 +	    server_pubkey,
 +	    shared_secret,
 +	    hash, &hashlen)) != 0)
 +		goto out;
 +
 +	gssbuf.value = hash;
 +	gssbuf.length = hashlen;
 +
 +	if (GSS_ERROR(PRIVSEP(ssh_gssapi_sign(ctxt, &gssbuf, &msg_tok))))
 +		fatal("Couldn't get MIC");
 +
@ -3379,7 +3400,7 @@ index 60de6087..db5c65bc 100644
 .It HashKnownHosts
 .It Host
 .It HostbasedAcceptedAlgorithms
-@@ -579,6 +585,8 @@ flag),
+@@ -624,6 +624,8 @@
 (supported message integrity codes),
 .Ar kex
 (key exchange algorithms),
@ -3387,7 +3408,7 @@ index 60de6087..db5c65bc 100644
 +(GSSAPI key exchange algorithms),
 .Ar key
 (key types),
- .Ar key-cert
+ .Ar key-ca-sign
 diff --git a/ssh.c b/ssh.c
 index 15aee569..110cf9c1 100644
 --- a/ssh.c
@ -3423,7 +3444,7 @@ index 5e8ef548..1ff999b6 100644
 +#   GSSAPIKeyExchange no
 +#   GSSAPITrustDNS no
 #   BatchMode no
- #   CheckHostIP yes
+ #   CheckHostIP no
 #   AddressFamily any
 diff --git a/ssh_config.5 b/ssh_config.5
 index 06a32d31..3f490697 100644
@ -4007,3 +4028,48 @@ index 71a3fddc..37a43a67 100644
 	KEY_UNSPEC
 };
 diff --git a/packet.h b/packet.h
 --- a/packet.h	(revision 8241b9c0529228b4b86d88b1a6076fb9f97e4a99)
 +++ b/packet.h	(date 1703172586447)
@@ -124,6 +124,7 @@
 int	 ssh_packet_send2(struct ssh *);
 int      ssh_packet_read(struct ssh *);
 +int	 ssh_packet_read_expect(struct ssh *, u_int type);
 int      ssh_packet_read_poll(struct ssh *);
 int ssh_packet_read_poll2(struct ssh *, u_char *, u_int32_t *seqnr_p);
 int	 ssh_packet_process_incoming(struct ssh *, const char *buf, u_int len);
 diff --git a/packet.c b/packet.c
 --- a/packet.c	(revision 8241b9c0529228b4b86d88b1a6076fb9f97e4a99)
 +++ b/packet.c	(date 1703172586447)
@@ -1425,6 +1416,29 @@
 	return type;
 }
 +/*
 + * Waits until a packet has been received, verifies that its type matches
 + * that given, and gives a fatal error and exits if there is a mismatch.
 + */
 +
 +int
 +ssh_packet_read_expect(struct ssh *ssh, u_int expected_type)
 +{
 +	int r;
 +	u_char type;
 +
 +	if ((r = ssh_packet_read_seqnr(ssh, &type, NULL)) != 0)
 +		return r;
 +	if (type != expected_type) {
 +		if ((r = sshpkt_disconnect(ssh,
 +		    "Protocol error: expected packet type %d, got %d",
 +		    expected_type, type)) != 0)
 +			return r;
 +		return SSH_ERR_PROTOCOL_ERROR;
 +	}
 +	return 0;
 +}
 +
 static int
 ssh_packet_read_poll2_mux(struct ssh *ssh, u_char *typep, u_int32_t *seqnr_p)
 {
--- a/openssh-8.0p1-pkcs11-uri.patch
+++ b/openssh-8.0p1-pkcs11-uri.patch
--- a/openssh-8.7p1-minrsabits.patch
+++ b/openssh-8.7p1-minrsabits.patch
@ -1,20 +1,18 @@
 diff --git a/readconf.c b/readconf.c
-index 7f26c680..42be690b 100644
+--- a/readconf.c	(revision 8241b9c0529228b4b86d88b1a6076fb9f97e4a99)
--- a/readconf.c
+++ b/readconf.c	(date 1703169891147)
-+++ b/readconf.c
+@@ -326,6 +326,7 @@
@@ -320,6 +320,7 @@ static struct {
 	{ "securitykeyprovider", oSecurityKeyProvider },
 	{ "knownhostscommand", oKnownHostsCommand },
 	{ "requiredrsasize", oRequiredRSASize },
 +	{ "rsaminsize", oRequiredRSASize }, /* alias */
 	{ "enableescapecommandline", oEnableEscapeCommandline },
- 
+ 	{ "obscurekeystroketiming", oObscureKeystrokeTiming },
- 	{ NULL, oBadOption }
+ 	{ "channeltimeout", oChannelTimeout },
 diff --git a/servconf.c b/servconf.c
-index 29df0463..423772b1 100644
+--- a/servconf.c	(revision 8241b9c0529228b4b86d88b1a6076fb9f97e4a99)
--- a/servconf.c
+++ b/servconf.c	(date 1703169891148)
-+++ b/servconf.c
+@@ -691,6 +691,7 @@
@@ -676,6 +680,7 @@ static struct {
 	{ "casignaturealgorithms", sCASignatureAlgorithms, SSHCFG_ALL },
 	{ "securitykeyprovider", sSecurityKeyProvider, SSHCFG_GLOBAL },
 	{ "requiredrsasize", sRequiredRSASize, SSHCFG_ALL },
--- a/openssh-8.7p1-recursive-scp.patch
+++ b/openssh-8.7p1-recursive-scp.patch
@ -1,28 +1,28 @@
-diff -up openssh-8.7p1/scp.c.scp-sftpdirs openssh-8.7p1/scp.c
+diff --git a/scp.c b/scp.c
--- openssh-8.7p1/scp.c.scp-sftpdirs	2022-02-07 12:31:07.407740407 +0100
+--- a/scp.c	(revision 8241b9c0529228b4b86d88b1a6076fb9f97e4a99)
-+++ openssh-8.7p1/scp.c	2022-02-07 12:31:07.409740424 +0100
+++ b/scp.c	(date 1703111453316)
-@@ -1324,7 +1324,7 @@ source_sftp(int argc, char *src, char *t
+@@ -1372,7 +1372,7 @@
 	if (src_is_dir && iamrecursive) {
- 		if (upload_dir(conn, src, abs_dst, pflag,
+ 		if (sftp_upload_dir(conn, src, abs_dst, pflag,
 -		    SFTP_PROGRESS_ONLY, 0, 0, 1, 1) != 0) {
 +		    SFTP_PROGRESS_ONLY, 0, 0, 1, 1, 1) != 0) {
 			error("failed to upload directory %s to %s", src, targ);
 			errs = 1;
 		}
-diff -up openssh-8.7p1/sftp-client.c.scp-sftpdirs openssh-8.7p1/sftp-client.c
+diff --git a/sftp-client.c b/sftp-client.c
--- openssh-8.7p1/sftp-client.c.scp-sftpdirs	2021-08-20 06:03:49.000000000 +0200
+--- a/sftp-client.c	(revision 8241b9c0529228b4b86d88b1a6076fb9f97e4a99)
-+++ openssh-8.7p1/sftp-client.c	2022-02-07 12:47:59.117516131 +0100
+++ b/sftp-client.c	(date 1703169614263)
-@@ -971,7 +971,7 @@ do_fsetstat(struct sftp_conn *conn, cons
+@@ -1003,7 +1003,7 @@
 /* Implements both the realpath and expand-path operations */
 static char *
-do_realpath_expand(struct sftp_conn *conn, const char *path, int expand)
+-sftp_realpath_expand(struct sftp_conn *conn, const char *path, int expand)
-+do_realpath_expand(struct sftp_conn *conn, const char *path, int expand, int create_dir)
+sftp_realpath_expand(struct sftp_conn *conn, const char *path, int expand, int create_dir)
 {
 	struct sshbuf *msg;
 	u_int expected_id, count, id;
-@@ -1033,11 +1033,43 @@ do_realpath_expand(struct sftp_conn *con
+@@ -1049,11 +1049,43 @@
 		if ((r = sshbuf_get_u32(msg, &status)) != 0 ||
 		    (r = sshbuf_get_cstring(msg, &errmsg, NULL)) != 0)
 			fatal_fr(r, "parse status");
@ -33,7 +33,7 @@ diff -up openssh-8.7p1/sftp-client.c.scp-sftpdirs openssh-8.7p1/sftp-client.c
 -		return NULL;
 +		if ((status == SSH2_FX_NO_SUCH_FILE) && create_dir)  {
 +			memset(&a, '\0', sizeof(a));
-+			if ((r = do_mkdir(conn, path, &a, 0)) != 0) {
+			if ((r = sftp_mkdir(conn, path, &a, 0)) != 0) {
 +				sshbuf_free(msg);
 +				return NULL;
 +			}
@ -71,42 +71,42 @@ diff -up openssh-8.7p1/sftp-client.c.scp-sftpdirs openssh-8.7p1/sftp-client.c
 	} else if (type != SSH2_FXP_NAME)
 		fatal("Expected SSH2_FXP_NAME(%u) packet, got %u",
 		    SSH2_FXP_NAME, type);
-@@ -1039,9 +1067,9 @@ do_realpath_expand(struct sftp_conn *con
+@@ -1078,9 +1110,9 @@
 }
 char *
-do_realpath(struct sftp_conn *conn, const char *path)
+-sftp_realpath(struct sftp_conn *conn, const char *path)
-+do_realpath(struct sftp_conn *conn, const char *path, int create_dir)
+sftp_realpath(struct sftp_conn *conn, const char *path, int create_dir)
 {
-	return do_realpath_expand(conn, path, 0);
+-	return sftp_realpath_expand(conn, path, 0);
-+	return do_realpath_expand(conn, path, 0, create_dir);
+	return sftp_realpath_expand(conn, path, 0, create_dir);
 }
 int
-@@ -1055,9 +1083,9 @@ do_expand_path(struct sftp_conn *conn, c
+@@ -1094,9 +1126,9 @@
 {
- 	if (!can_expand_path(conn)) {
+ 	if (!sftp_can_expand_path(conn)) {
 		debug3_f("no server support, fallback to realpath");
-		return do_realpath_expand(conn, path, 0);
+-		return sftp_realpath_expand(conn, path, 0);
-+		return do_realpath_expand(conn, path, 0, 0);
+		return sftp_realpath_expand(conn, path, 0, 0);
 	}
-	return do_realpath_expand(conn, path, 1);
+-	return sftp_realpath_expand(conn, path, 1);
-+	return do_realpath_expand(conn, path, 1, 0);
+	return sftp_realpath_expand(conn, path, 1, 0);
 }
 int
-@@ -1807,7 +1835,7 @@ download_dir(struct sftp_conn *conn, con
+@@ -2016,7 +2048,7 @@
 	char *src_canon;
 	int ret;
-	if ((src_canon = do_realpath(conn, src)) == NULL) {
+-	if ((src_canon = sftp_realpath(conn, src)) == NULL) {
-+	if ((src_canon = do_realpath(conn, src, 0)) == NULL) {
+	if ((src_canon = sftp_realpath(conn, src, 0)) == NULL) {
 		error("download \"%s\": path canonicalization failed", src);
 		return -1;
 	}
-@@ -2115,12 +2143,12 @@ upload_dir_internal(struct sftp_conn *co
+@@ -2365,12 +2397,12 @@
 int
- upload_dir(struct sftp_conn *conn, const char *src, const char *dst,
+ sftp_upload_dir(struct sftp_conn *conn, const char *src, const char *dst,
     int preserve_flag, int print_flag, int resume, int fsync_flag,
 -    int follow_link_flag, int inplace_flag)
 +    int follow_link_flag, int inplace_flag, int create_dir)
@ -114,68 +114,69 @@ diff -up openssh-8.7p1/sftp-client.c.scp-sftpdirs openssh-8.7p1/sftp-client.c
 	char *dst_canon;
 	int ret;
-	if ((dst_canon = do_realpath(conn, dst)) == NULL) {
+-	if ((dst_canon = sftp_realpath(conn, dst)) == NULL) {
-+	if ((dst_canon = do_realpath(conn, dst, create_dir)) == NULL) {
+	if ((dst_canon = sftp_realpath(conn, dst, create_dir)) == NULL) {
 		error("upload \"%s\": path canonicalization failed", dst);
 		return -1;
 	}
-@@ -2557,7 +2585,7 @@ crossload_dir(struct sftp_conn *from, st
+@@ -2825,7 +2857,7 @@
 	char *from_path_canon;
 	int ret;
-	if ((from_path_canon = do_realpath(from, from_path)) == NULL) {
+-	if ((from_path_canon = sftp_realpath(from, from_path)) == NULL) {
-+	if ((from_path_canon = do_realpath(from, from_path, 0)) == NULL) {
+	if ((from_path_canon = sftp_realpath(from, from_path, 0)) == NULL) {
 		error("crossload \"%s\": path canonicalization failed",
 		    from_path);
 		return -1;
-diff -up openssh-8.7p1/sftp-client.h.scp-sftpdirs openssh-8.7p1/sftp-client.h
+diff --git a/sftp-client.h b/sftp-client.h
--- openssh-8.7p1/sftp-client.h.scp-sftpdirs	2021-08-20 06:03:49.000000000 +0200
+--- a/sftp-client.h	(revision 8241b9c0529228b4b86d88b1a6076fb9f97e4a99)
-+++ openssh-8.7p1/sftp-client.h	2022-02-07 12:31:07.410740433 +0100
+++ b/sftp-client.h	(date 1703111691284)
-@@ -111,7 +111,7 @@ int do_fsetstat(struct sftp_conn *, cons
+@@ -111,7 +111,7 @@
- int do_lsetstat(struct sftp_conn *conn, const char *path, Attrib *a);
+ int sftp_lsetstat(struct sftp_conn *conn, const char *path, Attrib *a);
 /* Canonicalise 'path' - caller must free result */
-char *do_realpath(struct sftp_conn *, const char *);
+-char *sftp_realpath(struct sftp_conn *, const char *);
-+char *do_realpath(struct sftp_conn *, const char *, int);
+char *sftp_realpath(struct sftp_conn *, const char *, int);
 /* Canonicalisation with tilde expansion (requires server extension) */
- char *do_expand_path(struct sftp_conn *, const char *);
+ char *sftp_expand_path(struct sftp_conn *, const char *);
-@@ -159,7 +159,7 @@ int do_upload(struct sftp_conn *, const
+@@ -163,7 +163,7 @@
  * times if 'pflag' is set
  */
- int upload_dir(struct sftp_conn *, const char *, const char *,
+ int sftp_upload_dir(struct sftp_conn *, const char *, const char *,
 -    int, int, int, int, int, int);
 +    int, int, int, int, int, int, int);
 /*
  * Download a 'from_path' from the 'from' connection and upload it to
-diff -up openssh-8.7p1/sftp.c.scp-sftpdirs openssh-8.7p1/sftp.c
+
--- openssh-8.7p1/sftp.c.scp-sftpdirs	2021-08-20 06:03:49.000000000 +0200
+diff --git a/sftp.c b/sftp.c
-+++ openssh-8.7p1/sftp.c	2022-02-07 12:31:07.411740442 +0100
+--- a/sftp.c	(revision 8241b9c0529228b4b86d88b1a6076fb9f97e4a99)
-@@ -760,7 +760,7 @@ process_put(struct sftp_conn *conn, cons
+++ b/sftp.c	(date 1703168795365)
- 		if (globpath_is_dir(g.gl_pathv[i]) && (rflag || global_rflag)) {
+@@ -807,7 +807,7 @@
- 			if (upload_dir(conn, g.gl_pathv[i], abs_dst,
+ 		    (rflag || global_rflag)) {
 			if (sftp_upload_dir(conn, g.gl_pathv[i], abs_dst,
 			    pflag || global_pflag, 1, resume,
 -			    fflag || global_fflag, 0, 0) == -1)
 +			    fflag || global_fflag, 0, 0, 0) == -1)
 				err = -1;
 		} else {
- 			if (do_upload(conn, g.gl_pathv[i], abs_dst,
+ 			if (sftp_upload(conn, g.gl_pathv[i], abs_dst,
-@@ -1577,7 +1577,7 @@ parse_dispatch_command(struct sftp_conn
+@@ -1642,7 +1642,7 @@
 		if (path1 == NULL || *path1 == '\0')
 			path1 = xstrdup(startdir);
- 		path1 = make_absolute(path1, *pwd);
+ 		path1 = sftp_make_absolute(path1, *pwd);
-		if ((tmp = do_realpath(conn, path1)) == NULL) {
+-		if ((tmp = sftp_realpath(conn, path1)) == NULL) {
-+		if ((tmp = do_realpath(conn, path1, 0)) == NULL) {
+		if ((tmp = sftp_realpath(conn, path1, 0)) == NULL) {
 			err = 1;
 			break;
 		}
-@@ -2160,7 +2160,7 @@ interactive_loop(struct sftp_conn *conn,
+@@ -2247,7 +2247,7 @@
 	}
 #endif /* USE_LIBEDIT */
-	remote_path = do_realpath(conn, ".");
+-	if ((remote_path = sftp_realpath(conn, ".")) == NULL)
-+	remote_path = do_realpath(conn, ".", 0);
+	if ((remote_path = sftp_realpath(conn, ".", 0)) == NULL)
 	if (remote_path == NULL)
 		fatal("Need cwd");
 	startdir = xstrdup(remote_path);
--- a/openssh-9.0p1-audit-log.patch
+++ b/openssh-9.0p1-audit-log.patch
@ -0,0 +1,119 @@
 diff -up openssh-9.0p1/audit-bsm.c.patch openssh-9.0p1/audit-bsm.c
 --- openssh-9.0p1/audit-bsm.c.patch	2022-10-24 15:02:16.544858331 +0200
 +++ openssh-9.0p1/audit-bsm.c	2022-10-24 14:51:43.685766639 +0200
@@ -405,7 +405,7 @@ audit_session_close(struct logininfo *li
 }
 int
 -audit_keyusage(struct ssh *ssh, int host_user, char *fp, int rv)
 +audit_keyusage(struct ssh *ssh, int host_user, char *key_fp, const struct sshkey_cert *cert, const char *issuer_fp, int rv)
 {
 	/* not implemented */
 }
 diff -up openssh-9.0p1/audit.c.patch openssh-9.0p1/audit.c
 --- openssh-9.0p1/audit.c.patch	2022-10-24 15:02:16.544858331 +0200
 +++ openssh-9.0p1/audit.c	2022-10-24 15:20:38.854548226 +0200
@@ -116,12 +116,22 @@ audit_event_lookup(ssh_audit_event_t ev)
 void
 audit_key(struct ssh *ssh, int host_user, int *rv, const struct sshkey *key)
 {
 -	char *fp;
 +	char *key_fp = NULL;
 +	char *issuer_fp = NULL;
 +	struct sshkey_cert *cert = NULL;
 -	fp = sshkey_fingerprint(key, options.fingerprint_hash, SSH_FP_HEX);
 -	if (audit_keyusage(ssh, host_user, fp, (*rv == 0)) == 0)
 +	key_fp = sshkey_fingerprint(key, options.fingerprint_hash, SSH_FP_HEX);
 +	if (sshkey_is_cert(key) && key->cert != NULL && key->cert->signature_key != NULL) {
 +		cert = key->cert;
 +		issuer_fp = sshkey_fingerprint(cert->signature_key,
 +										options.fingerprint_hash, SSH_FP_DEFAULT);
 +	}
 +	if (audit_keyusage(ssh, host_user, key_fp, cert, issuer_fp, (*rv == 0)) == 0)
 		*rv = -SSH_ERR_INTERNAL_ERROR;
 -	free(fp);
 +	if (key_fp)
 +		free(key_fp);
 +	if (issuer_fp)
 +		free(issuer_fp);
 }
 void
 diff -up openssh-9.0p1/audit.h.patch openssh-9.0p1/audit.h
 --- openssh-9.0p1/audit.h.patch	2022-10-24 15:02:16.544858331 +0200
 +++ openssh-9.0p1/audit.h	2022-10-24 14:58:20.887565518 +0200
@@ -64,7 +64,7 @@ void	audit_session_close(struct logininf
 int	audit_run_command(struct ssh *, const char *);
 void 	audit_end_command(struct ssh *, int, const char *);
 ssh_audit_event_t audit_classify_auth(const char *);
 -int	audit_keyusage(struct ssh *, int, char *, int);
 +int	audit_keyusage(struct ssh *, int, const char *, const struct sshkey_cert *, const char *, int);
 void	audit_key(struct ssh *, int, int *, const struct sshkey *);
 void	audit_unsupported(struct ssh *, int);
 void	audit_kex(struct ssh *, int, char *, char *, char *, char *);
 diff -up openssh-9.0p1/audit-linux.c.patch openssh-9.0p1/audit-linux.c
 --- openssh-9.0p1/audit-linux.c.patch	2022-10-24 15:02:16.544858331 +0200
 +++ openssh-9.0p1/audit-linux.c	2022-10-24 15:21:58.165303951 +0200
@@ -137,10 +137,12 @@ fatal_report:
 }
 int
 -audit_keyusage(struct ssh *ssh, int host_user, char *fp, int rv)
 +audit_keyusage(struct ssh *ssh, int host_user, const char *key_fp, const struct sshkey_cert *cert, const char *issuer_fp, int rv)
 {
 	char buf[AUDIT_LOG_SIZE];
 	int audit_fd, rc, saved_errno;
 +	const char *rip;
 +	u_int i;
 	audit_fd = audit_open();
 	if (audit_fd < 0) {
@@ -150,14 +152,44 @@ audit_keyusage(struct ssh *ssh, int host
 		else
 			return 0; /* Must prevent login */
 	}
 +	rip = ssh_remote_ipaddr(ssh);
 	snprintf(buf, sizeof(buf), "%s_auth grantors=auth-key", host_user ? "pubkey" : "hostbased");
 	rc = audit_log_acct_message(audit_fd, AUDIT_USER_AUTH, NULL,
 -		buf, audit_username(), -1, NULL, ssh_remote_ipaddr(ssh), NULL, rv);
 +		buf, audit_username(), -1, NULL, rip, NULL, rv);
 	if ((rc < 0) && ((rc != -1) || (getuid() == 0)))
 		goto out;
 -	snprintf(buf, sizeof(buf), "op=negotiate kind=auth-key fp=%s", fp);
 +	snprintf(buf, sizeof(buf), "op=negotiate kind=auth-key fp=%s", key_fp);
 	rc = audit_log_user_message(audit_fd, AUDIT_CRYPTO_KEY_USER, buf, NULL,
 -		ssh_remote_ipaddr(ssh), NULL, rv);
 +		rip, NULL, rv);
 +	if ((rc < 0) && ((rc != -1) || (getuid() == 0)))
 +		goto out;
 +
 +	if (cert) {
 +		char *pbuf;
 +
 +		pbuf = audit_encode_nv_string("key_id", cert->key_id, 0);
 +		if (pbuf == NULL)
 +			goto out;
 +		snprintf(buf, sizeof(buf), "cert %s cert_serial=%llu cert_issuer_alg=\"%s\" cert_issuer_fp=\"%s\"",
 +			pbuf, (unsigned long long)cert->serial, sshkey_type(cert->signature_key), issuer_fp);
 +		free(pbuf);
 +		rc = audit_log_acct_message(audit_fd, AUDIT_USER_AUTH, NULL,
 +			buf, audit_username(), -1, NULL, rip, NULL, rv);
 +		if ((rc < 0) && ((rc != -1) || (getuid() == 0)))
 +			goto out;
 +
 +		for (i = 0; cert->principals != NULL && i < cert->nprincipals; i++) {
 +			pbuf = audit_encode_nv_string("cert_principal", cert->principals[i], 0);
 +			if (pbuf == NULL)
 +				goto out;
 +			snprintf(buf, sizeof(buf), "principal %s", pbuf);
 +			free(pbuf);
 +			rc = audit_log_acct_message(audit_fd, AUDIT_USER_AUTH, NULL,
 +				buf, audit_username(), -1, NULL, rip, NULL, rv);
 +			if ((rc < 0) && ((rc != -1) || (getuid() == 0)))
 +				goto out;
 +		}
 +	}
 out:
 	saved_errno = errno;
 	audit_close(audit_fd);
--- a/openssh-9.3p1-merged-openssl-evp.patch
+++ b/openssh-9.3p1-merged-openssl-evp.patch
@ -252,6 +252,16 @@ diff --color -ru -x regress -x autom4te.cache -x '*.o' -x '*.lo' -x Makefile -x
 #include <string.h>
@@ -44,6 +44,9 @@
 #include "digest.h"
 #define SSHKEY_INTERNAL
 #include "sshkey.h"
 +#ifdef ENABLE_PKCS11
 +#include "ssh-pkcs11.h"
 +#endif
 #include "openbsd-compat/openssl-compat.h"
@@ -126,19 +128,29 @@
 static int
 ssh_ecdsa_generate(struct sshkey *k, int bits)
@ -521,14 +531,6 @@ diff --color -ru -x regress -x autom4te.cache -x '*.o' -x '*.lo' -x Makefile -x
 #endif
 #include "crypto_api.h"
@@ -57,6 +59,7 @@
 #define SSHKEY_INTERNAL
 #include "sshkey.h"
 #include "match.h"
 +#include "log.h"
 #include "ssh-sk.h"
 #ifdef WITH_XMSS
@@ -575,6 +577,86 @@
 }
@ -657,9 +659,9 @@ diff --color -ru -x regress -x autom4te.cache -x '*.o' -x '*.lo' -x Makefile -x
 # ifdef OPENSSL_HAS_ECC
 #  include <openssl/ec.h>
 #  include <openssl/ecdsa.h>
-@@ -268,6 +271,10 @@
+@@ -266,6 +266,10 @@
 const char	*sshkey_ssh_name_plain(const struct sshkey *);
- int		 sshkey_names_valid2(const char *, int);
+ int		 sshkey_names_valid2(const char *, int, int);
 char		*sshkey_alg_list(int, int, int, char);
 +int		 sshkey_calculate_signature(EVP_PKEY*, int, u_char **,
 +    int *, const u_char *, size_t);
@ -693,10 +695,10 @@ diff --color -ru -x regress -x autom4te.cache -x '*.o' -x '*.lo' -x Makefile -x
 #if !defined(WITH_OPENSSL)
 # undef RSA
 # undef DSA
-diff --color -ru -x regress -x autom4te.cache -x '*.o' -x '*.lo' -x Makefile -x config.status -x configure~ -x configure.ac openssh-9.3p1/ssh-pkcs11.c openssh-9.3p1-patched/ssh-pkcs11.c
+diff --git a/ssh-pkcs11.c b/ssh-pkcs11.c
--- openssh-9.3p1/ssh-pkcs11.c	2023-06-06 15:53:36.592443989 +0200
+--- a/ssh-pkcs11.c	(revision 8241b9c0529228b4b86d88b1a6076fb9f97e4a99)
-+++ openssh-9.3p1-patched/ssh-pkcs11.c	2023-06-06 15:52:25.626551768 +0200
+++ b/ssh-pkcs11.c	(date 1703110934679)
-@@ -777,8 +777,24 @@
+@@ -620,8 +620,24 @@
 	return (0);
 }
@ -718,16 +720,16 @@ diff --color -ru -x regress -x autom4te.cache -x '*.o' -x '*.lo' -x Makefile -x
 +	return 0;
 +}
 +
- /* remove trailing spaces */
+ /* remove trailing spaces. Note, that this does NOT guarantee the buffer
- static void
+  * will be null terminated if there are no trailing spaces! */
- rmspace(u_char *buf, size_t len)
+ static char *
-diff --color -ru -x regress -x autom4te.cache -x '*.o' -x '*.lo' -x Makefile -x config.status -x configure~ -x configure.ac openssh-9.3p1/ssh-pkcs11-client.c openssh-9.3p1-patched/ssh-pkcs11-client.c
+diff --git a/ssh-pkcs11-client.c b/ssh-pkcs11-client.c
--- openssh-9.3p1/ssh-pkcs11-client.c	2023-06-06 15:53:36.591443976 +0200
+--- a/ssh-pkcs11-client.c	(revision 8241b9c0529228b4b86d88b1a6076fb9f97e4a99)
-+++ openssh-9.3p1-patched/ssh-pkcs11-client.c	2023-06-06 15:52:25.626551768 +0200
+++ b/ssh-pkcs11-client.c	(date 1703110830967)
-@@ -225,8 +225,36 @@
+@@ -402,8 +402,36 @@
- static RSA_METHOD	*helper_rsa;
+ 	if (helper->nrsa == 0 && helper->nec == 0)
- #if defined(OPENSSL_HAS_ECC) && defined(HAVE_EC_KEY_METHOD_NEW)
+ 		helper_terminate(helper);
- static EC_KEY_METHOD	*helper_ecdsa;
+ }
 +
 +int
 +is_ecdsa_pkcs11(EC_KEY *ecdsa)
@ -742,7 +744,7 @@ diff --color -ru -x regress -x autom4te.cache -x '*.o' -x '*.lo' -x Makefile -x
 +		return 1;
 +	return 0;
 +}
- #endif /* OPENSSL_HAS_ECC && HAVE_EC_KEY_METHOD_NEW */
+ #endif /* defined(OPENSSL_HAS_ECC) && defined(HAVE_EC_KEY_METHOD_NEW) */
 +int
 +is_rsa_pkcs11(RSA *rsa)
@ -760,14 +762,15 @@ diff --color -ru -x regress -x autom4te.cache -x '*.o' -x '*.lo' -x Makefile -x
 +
 /* redirect private key crypto operations to the ssh-pkcs11-helper */
 static void
- wrap_key(struct sshkey *k)
+ wrap_key(struct helper *helper, struct sshkey *k)
-diff --color -ru -x regress -x autom4te.cache -x '*.o' -x '*.lo' -x Makefile -x config.status -x configure~ -x configure.ac openssh-9.3p1/ssh-pkcs11.h openssh-9.3p1-patched/ssh-pkcs11.h
+diff --git a/ssh-pkcs11.h b/ssh-pkcs11.h
--- openssh-9.3p1/ssh-pkcs11.h	2023-06-06 15:53:36.592443989 +0200
+--- a/ssh-pkcs11.h	(revision 8241b9c0529228b4b86d88b1a6076fb9f97e4a99)
-+++ openssh-9.3p1-patched/ssh-pkcs11.h	2023-06-06 15:52:25.626551768 +0200
+++ b/ssh-pkcs11.h	(date 1703111023334)
-@@ -39,6 +39,11 @@
+@@ -38,6 +38,12 @@
- 	    u_int32_t *);
+ /* Only available in ssh-pkcs11-client.c so far */
- #endif
+ int pkcs11_make_cert(const struct sshkey *,
- 
+     const struct sshkey *, struct sshkey **);
 +
 +#ifdef HAVE_EC_KEY_METHOD_NEW
 +int is_ecdsa_pkcs11(EC_KEY *ecdsa);
 +#endif
@ -788,7 +791,13 @@ diff --color -ru -x regress -x autom4te.cache -x '*.o' -x '*.lo' -x Makefile -x
 #include <stdarg.h>
 #include <string.h>
-@@ -36,7 +38,7 @@
+@@ -36,10 +36,13 @@
 #include "sshkey.h"
 #include "digest.h"
 #include "log.h"
 +#ifdef ENABLE_PKCS11
 +#include "ssh-pkcs11.h"
 +#endif
 #include "openbsd-compat/openssl-compat.h"
--- a/openssh-9.3p2.tar.gz
+++ b/openssh-9.3p2.tar.gz
--- a/openssh-9.3p2.tar.gz.asc
+++ b/openssh-9.3p2.tar.gz.asc
@ -1,16 +0,0 @@
 -----BEGIN PGP SIGNATURE-----
 iQIzBAABCgAdFiEEcWi5g4FaXu9ZpK39Kj9BTnNgYLoFAmS3g5wACgkQKj9BTnNg
 YLrMYw//evjl0mlSnycb85tWASdBWQh28xQCouuqYhDhY+8kt6YpEx34r4zuXvL3
 pEN/F1ancNXwvlRPct/tF3OEQVpKHZqiRyfWuHHURSBLaGf9V1b+gQgfM4lEQNtH
 8PqRj+ur8E2GMGxvxuDKPcfduCTFrjbPJ/0OCgquuEteSM6dgcClT7q5SKKpTVSa
 jV0PaXeYgnaa+u+4GsH01oUteyJNmhvEa4T+fC1RDrct1DiieUQNkaw3pwMqYXA5
 8PldGatn/npNM5ZFW4uxTjbib2yJXNIEhUIzo2A00XWRG3jIArtRJwJ6ZSBahUE4
 PyasPMhJVIxIaKy5OL4s4FAd1goe2hBlPzmDhUJOhpFniLIZ9dS5AGaX4i2TjsZl
 iaIwtE2VLIn3peKZPvm7SCBqyBoiPKC0BfHmVOYs8c1W5Q30jE+kCcTDrJhHl32/
 kN5khCHIg6bUc3JzFZM7Ib0tshNP5AY0pyduSEF7SPOB5Zz2E+EwkDmkrnw9FoMh
 LCvSERDkBdxWD7okUdb0ARr564lShRjd2UTFZqv3Py4nVfvnP19RgCfakNg0CZ3w
 VoLytn8OQ/joAx4GMWox6g5ieYqeQ2kLzXYfXObTlDIjxirFeiBYPh6Ln5oGl81/
 jx/172HqCzRDgUogtZ/BTwiLDEzTHG7YS5RDIUYkqEGkkjjj6gg=
 =yVD2
 -----END PGP SIGNATURE-----
--- a/openssh-9.6p1.tar.gz
+++ b/openssh-9.6p1.tar.gz
--- a/openssh-9.6p1.tar.gz.asc
+++ b/openssh-9.6p1.tar.gz.asc
@ -0,0 +1,16 @@
 -----BEGIN PGP SIGNATURE-----
 iQIzBAABCgAdFiEEcWi5g4FaXu9ZpK39Kj9BTnNgYLoFAmWAXvAACgkQKj9BTnNg
 YLrypA/6A1O8e80XnzVWIFhXkbv/biGL10Q5ZMvjQvND6mbkphNWZ4G4QOEh0nBG
 rseD3Fce7me9pfeLYVhaNXO9R3OYAXxjbWfQwI7FpBU4QUCnbH53PG32B6ESq7pl
 0vlDqdqI7aBAyMpp+8WFD+EvHWUVA77JtfU4MFw7myKJacrVrDUygDaZkJKOhqKf
 N1Nurz4YppdQ5zIK1ElL0jlRJXm08flLFRg8fD5/5rwabpUbZIY9b5qZzGKgnR7I
 sxUBlDkfLnvKIlKzUXbRvOHazvFAHYH1ltJZGlJUc/+H/ZaPigWf4IR+E1FB9c2O
 zxaZhlbwGKyD+p7l08F9n8T21taxpBCW1Uxkx7MLTz8k9huPNpdX5l8VM4Gotmn8
 I4V3Fevyx+M3XJYeKtkspa51h0GqF3gNFPLxW7ERGaIuqwoxuHxIEKwYE+JPmQag
 UDma5LDrSrasa8Rw8g5urGE48PeDQ5muPy8Bi9eIGZU5JLqX6TNgz7QDDs/dQsHB
 iny4wQOLmdIA78IGttiCo0rqikEvFtFDFR4mCUTC8K0nQKzWwGewO3gRTcHttzyU
 xMalxw+wt9cUJ8gb1E9p7OeMUuXdaHMmem8/PcFCar/vKx1mdV/On6evnp3P8yQA
 la8WnbcP0+zJg0GGwGszpFlOMjWCDB0kUTBCT+MR+IWbj/pVZVA=
 =G9YA
 -----END PGP SIGNATURE-----
--- a/openssh.spec
+++ b/openssh.spec
@ -6,10 +6,10 @@
 %{?no_gtk2:%global gtk2 0}
 %global sshd_uid    74
-%global openssh_release 6
+%global openssh_release 1
 Name:           openssh
-Version:        9.3p2
+Version:        9.6p1
 Release:        %{openssh_release}
 URL:            http://www.openssh.com/portable.html
 License:        BSD
@ -32,88 +32,83 @@ Source13:       sshd-keygen.target
 Source14:       ssh-agent.service
 Source15:       ssh-agent.socket
 Source16:       ssh-keygen-bash-completion.sh
 Source17:       ssh-host-keys-migration.sh
 Source18:       ssh-host-keys-migration.service
 Patch0:         openssh-6.7p1-coverity.patch
 Patch1:         openssh-7.6p1-audit.patch
 Patch2:         openssh-7.1p2-audit-race-condition.patch
-Patch3:         pam_ssh_agent_auth-0.9.3-build.patch
+Patch3:         openssh-9.0p1-audit-log.patch
-Patch4:         pam_ssh_agent_auth-0.10.3-seteuid.patch
+Patch4:         pam_ssh_agent_auth-0.9.3-build.patch
-Patch5:         pam_ssh_agent_auth-0.9.2-visibility.patch
+Patch5:         pam_ssh_agent_auth-0.10.3-seteuid.patch
-Patch6:         pam_ssh_agent_auth-0.9.3-agent_structure.patch
+Patch6:         pam_ssh_agent_auth-0.9.2-visibility.patch
-Patch7:         pam_ssh_agent_auth-0.10.2-compat.patch
+Patch7:         pam_ssh_agent_auth-0.9.3-agent_structure.patch
-Patch8:         pam_ssh_agent_auth-0.10.2-dereference.patch
+Patch8:         pam_ssh_agent_auth-0.10.2-compat.patch
-Patch9:         pam_ssh_agent_auth-0.10.4-rsasha2.patch
+Patch9:         pam_ssh_agent_auth-0.10.2-dereference.patch
-Patch10:        pam_ssh_agent-configure-c99.patch
+Patch10:        pam_ssh_agent_auth-0.10.4-rsasha2.patch
-Patch11:        openssh-7.8p1-role-mls.patch
+Patch11:        pam_ssh_agent-configure-c99.patch
-Patch12:        openssh-6.6p1-privsep-selinux.patch
+Patch12:        openssh-7.8p1-role-mls.patch
 Patch13:        openssh-6.6p1-privsep-selinux.patch
 Patch14:        openssh-6.6p1-keycat.patch
 Patch15:        openssh-6.6p1-allow-ip-opts.patch
-Patch17:        openssh-5.9p1-ipv6man.patch
+Patch16:        openssh-5.9p1-ipv6man.patch
-Patch18:        openssh-5.8p2-sigpipe.patch
+Patch17:        openssh-5.8p2-sigpipe.patch
-Patch19:        openssh-7.2p2-x11.patch
+Patch18:        openssh-7.2p2-x11.patch
-Patch21:        openssh-5.1p1-askpass-progress.patch
+Patch19:        openssh-7.7p1-fips.patch
-Patch22:        openssh-4.3p2-askpass-grab-info.patch
+Patch20:        openssh-5.1p1-askpass-progress.patch
-Patch23:        openssh-7.7p1.patch
+Patch21:        openssh-4.3p2-askpass-grab-info.patch
-Patch24:        openssh-7.8p1-UsePAM-warning.patch
+Patch22:        openssh-7.7p1.patch
-Patch28:        openssh-8.0p1-gssapi-keyex.patch
+Patch23:        openssh-7.8p1-UsePAM-warning.patch
-Patch29:        openssh-6.6p1-force_krb.patch
+Patch24:        openssh-8.0p1-gssapi-keyex.patch
-Patch30:        openssh-6.6p1-GSSAPIEnablek5users.patch
+Patch25:        openssh-6.6p1-force_krb.patch
-Patch31:        openssh-7.7p1-gssapi-new-unique.patch
+Patch26:        openssh-6.6p1-GSSAPIEnablek5users.patch
-Patch32:        openssh-7.2p2-k5login_directory.patch
+Patch27:        openssh-7.7p1-gssapi-new-unique.patch
-Patch33:        openssh-6.6p1-kuserok.patch
+Patch28:        openssh-7.2p2-k5login_directory.patch
-Patch34:        openssh-6.4p1-fromto-remote.patch
+Patch29:        openssh-6.6p1-kuserok.patch
-Patch35:        openssh-6.6.1p1-selinux-contexts.patch
+Patch30:        openssh-6.4p1-fromto-remote.patch
-Patch36:        openssh-6.6.1p1-log-in-chroot.patch
+Patch31:        openssh-6.6.1p1-selinux-contexts.patch
-Patch37:        openssh-6.6.1p1-scp-non-existing-directory.patch
+Patch32:        openssh-6.6.1p1-log-in-chroot.patch
-Patch38:        openssh-6.8p1-sshdT-output.patch
+Patch33:        openssh-6.6.1p1-scp-non-existing-directory.patch
-Patch39:        openssh-6.7p1-sftp-force-permission.patch
+Patch34:        openssh-6.8p1-sshdT-output.patch
-Patch40:        openssh-7.2p2-s390-closefrom.patch
+Patch35:        openssh-6.7p1-sftp-force-permission.patch
-Patch41:        openssh-7.3p1-x11-max-displays.patch
+Patch36:        openssh-7.2p2-s390-closefrom.patch
-Patch42:        openssh-7.4p1-systemd.patch
+Patch37:        openssh-7.3p1-x11-max-displays.patch
-Patch43:        openssh-7.6p1-cleanup-selinux.patch
+Patch38:        openssh-7.4p1-systemd.patch
-Patch44:        openssh-7.5p1-sandbox.patch
+Patch39:        openssh-7.6p1-cleanup-selinux.patch
-Patch45:        openssh-8.0p1-pkcs11-uri.patch
+Patch40:        openssh-7.5p1-sandbox.patch
-Patch46:        openssh-7.8p1-scp-ipv6.patch
+Patch41:        openssh-8.0p1-pkcs11-uri.patch
-Patch48:        openssh-8.0p1-crypto-policies.patch
+Patch42:        openssh-7.8p1-scp-ipv6.patch
-Patch49:        openssh-9.3p1-merged-openssl-evp.patch
+Patch43:        openssh-8.0p1-crypto-policies.patch
-Patch50:        openssh-8.0p1-openssl-kdf.patch
+Patch44:        openssh-9.3p1-merged-openssl-evp.patch
-Patch51:        openssh-8.2p1-visibility.patch
+Patch45:        openssh-8.0p1-openssl-kdf.patch
-Patch52:        openssh-8.2p1-x11-without-ipv6.patch
+Patch46:        openssh-8.2p1-visibility.patch
-Patch53:        openssh-8.0p1-keygen-strip-doseol.patch
+Patch47:        openssh-8.2p1-x11-without-ipv6.patch
-Patch54:        openssh-8.0p1-preserve-pam-errors.patch
+Patch48:        openssh-8.0p1-keygen-strip-doseol.patch
-Patch55:        openssh-8.7p1-scp-kill-switch.patch
+Patch49:        openssh-8.0p1-preserve-pam-errors.patch
-Patch56:        openssh-8.7p1-recursive-scp.patch
+Patch50:        openssh-8.7p1-scp-kill-switch.patch
-Patch57:        openssh-8.7p1-minrsabits.patch
+Patch51:        openssh-8.7p1-recursive-scp.patch
-Patch58:        openssh-8.7p1-ibmca.patch
+Patch52:        openssh-8.7p1-minrsabits.patch
-Patch60:        openssh-8.7p1-ssh-manpage.patch
+Patch53:        openssh-8.7p1-ibmca.patch
-Patch61:        openssh-8.7p1-negotiate-supported-algs.patch
+Patch54:        openssh-8.7p1-ssh-manpage.patch
-Patch66:        bugfix-sftp-when-parse_user_host_path-empty-path-should-be-allowed.patch
+Patch55:        openssh-8.7p1-negotiate-supported-algs.patch
-Patch67:        bugfix-openssh-add-option-check-username-splash.patch
+
-Patch68:        feature-openssh-7.4-hima-sftpserver-oom-and-fix.patch
+Patch56:        bugfix-sftp-when-parse_user_host_path-empty-path-should-be-allowed.patch
-Patch69:        bugfix-openssh-fix-sftpserver.patch
+Patch57:        bugfix-openssh-add-option-check-username-splash.patch
-Patch70:        set-sshd-config.patch
+Patch58:        feature-openssh-7.4-hima-sftpserver-oom-and-fix.patch
-Patch71:        feature-add-SMx-support.patch
+Patch59:        bugfix-openssh-fix-sftpserver.patch
-Patch72:        add-loongarch.patch
+Patch60:        set-sshd-config.patch
-Patch73:        openssh-Add-sw64-architecture.patch
+Patch61:        feature-add-SMx-support.patch
-Patch74:        add-strict-scp-check-for-CVE-2020-15778.patch
+Patch62:        add-loongarch.patch
-Patch75:        skip-scp-test-if-there-is-no-scp-on-remote-path-as-s.patch
+Patch63:        openssh-Add-sw64-architecture.patch
-Patch77:        set-ssh-config.patch
+Patch64:        add-strict-scp-check-for-CVE-2020-15778.patch
-Patch78:        backport-CVE-2023-48795-upstream-implement-strict-key-exchange-in-ssh-and-ss.patch
+Patch65:        skip-scp-test-if-there-is-no-scp-on-remote-path-as-s.patch
-Patch79:        backport-CVE-2023-51385-upstream-ban-user-hostnames-with-most-shell-metachar.patch
+Patch66:        set-ssh-config.patch
-Patch80:        backport-fix-CVE-2024-6387.patch
+Patch67:        backport-fix-CVE-2024-6387.patch
-Patch81:        backport-CVE-2023-51384-upstream-apply-destination-constraints-to-all-p11-ke.patch
+
-Patch82:        backport-upstream-Make-sure-sftp_get_limits-only-returns-0-if.patch
+Patch68:        backport-upstream-ensure-key_fd-is-filled-when-DSA-is-disable.patch
-Patch83:        backport-upstream-when-connecting-via-socket-the-default-case.patch
+Patch69:        backport-upstream-Fix-proxy-multiplexing-O-proxy-bug.patch
-Patch84:        backport-upstream-set-errno-EAFNOSUPPORT-when-filtering-addre.patch
+Patch70:        backport-upstream-make-parsing-user-host-consistently-look-for-the-last-in.patch
-Patch85:        backport-upstream-when-invoking-KnownHostsCommand-to-determin.patch
+Patch71:        backport-upstream-Do-not-apply-authorized_keys-options-when-signature.patch
-Patch86:        backport-upstream-ensure-key_fd-is-filled-when-DSA-is-disable.patch
+Patch72:        backport-upstream-some-extra-paranoia.patch
 Patch87:        backport-upstream-fix-memory-leak-in-mux-proxy-mode-when-requ.patch
 Patch88:        backport-openssh-7.7p1-fips.patch
 Patch89:        backport-CVE-2021-36368-added-option-to-disable-trivial-auth.patch
 Patch90:        backport-upstream-Fix-proxy-multiplexing-O-proxy-bug.patch
 Patch91:        backport-openssh-6.6p1-keyperm.patch
 Patch92:        backport-upstream-make-parsing-user-host-consistently-look-for-the-last-in.patch
 Patch93:        backport-upstream-Do-not-apply-authorized_keys-options-when-signature.patch
 Patch94:        backport-upstream-some-extra-paranoia.patch
 Requires:       /sbin/nologin
 Requires:       libselinux >= 2.3-5 audit-libs >= 1.0.8
@ -190,93 +185,84 @@ instance. The module is most useful for su and sudo service stacks.
 %setup -q -a 3
 pushd pam_ssh_agent_auth-pam_ssh_agent_auth-0.10.4
-%patch3 -p2 -b .psaa-build
+%patch -P 4 -p2 -b .psaa-build
-%patch4 -p2 -b .psaa-seteuid
+%patch -P 5 -p2 -b .psaa-seteuid
-%patch5 -p2 -b .psaa-visibility
+%patch -P 6 -p2 -b .psaa-visibility
-%patch7 -p2 -b .psaa-compat
+%patch -P 8 -p2 -b .psaa-compat
-%patch6 -p2 -b .psaa-agent
+%patch -P 7 -p2 -b .psaa-agent
-%patch8 -p2 -b .psaa-deref
+%patch -P 9 -p2 -b .psaa-deref
-%patch9 -p2 -b .rsasha2
+%patch -P 10 -p2 -b .rsasha2
-%patch10 -p1 -b .psaa-configure-c99
+%patch -P 11 -p1 -b .psaa-configure-c99
 # Remove duplicate headers and library files
 rm -f $(cat %{SOURCE4})
 popd
-%patch11 -p1 -b .role-mls
+%patch -P 12 -p1 -b .role-mls
-%patch12 -p1 -b .privsep-selinux
+%patch -P 13 -p1 -b .privsep-selinux
-%patch14 -p1 -b .keycat
+%patch -P 14 -p1 -b .keycat
-%patch15 -p1 -b .ip-opts
+%patch -P 15 -p1 -b .ip-opts
-%patch17 -p1 -b .ipv6man
+%patch -P 16 -p1 -b .ipv6man
-%patch18 -p1 -b .sigpipe
+%patch -P 17 -p1 -b .sigpipe
-%patch19 -p1 -b .x11
+%patch -P 18 -p1 -b .x11
-%patch21 -p1 -b .progress
+%patch -P 20 -p1 -b .progress
-%patch22 -p1 -b .grab-info
+%patch -P 21 -p1 -b .grab-info
-%patch23 -p1
+%patch -P 22 -p1
-%patch24 -p1 -b .log-usepam-no
+%patch -P 23 -p1 -b .log-usepam-no
-%patch28 -p1 -b .gsskex
+%patch -P 24 -p1 -b .gsskex
-%patch29 -p1 -b .force_krb
+%patch -P 25 -p1 -b .force_krb
-%patch31 -p1 -b .ccache_name
+%patch -P 27 -p1 -b .ccache_name
-%patch32 -p1 -b .k5login
+%patch -P 28 -p1 -b .k5login
-%patch33 -p1 -b .kuserok
+%patch -P 29 -p1 -b .kuserok
-%patch34 -p1 -b .fromto-remote
+%patch -P 30 -p1 -b .fromto-remote
-%patch35 -p1 -b .contexts
+%patch -P 31 -p1 -b .contexts
-%patch36 -p1 -b .log-in-chroot
+%patch -P 32 -p1 -b .log-in-chroot
-%patch37 -p1 -b .scp
+%patch -P 33 -p1 -b .scp
-%patch30 -p1 -b .GSSAPIEnablek5users
+%patch -P 26 -p1 -b .GSSAPIEnablek5users
-%patch38 -p1 -b .sshdt
+%patch -P 34 -p1 -b .sshdt
-%patch39 -p1 -b .sftp-force-mode
+%patch -P 35 -p1 -b .sftp-force-mode
-%patch40 -p1 -b .s390-dev
+%patch -P 36 -p1 -b .s390-dev
-%patch41 -p1 -b .x11max
+%patch -P 37 -p1 -b .x11max
-%patch42 -p1 -b .systemd
+%patch -P 38 -p1 -b .systemd
-%patch43 -p1 -b .refactor
+%patch -P 39 -p1 -b .refactor
-%patch44 -p1 -b .sandbox
+%patch -P 40 -p1 -b .sandbox
-%patch45 -p1 -b .pkcs11-uri
+%patch -P 41 -p1 -b .pkcs11-uri
-%patch46 -p1 -b .scp-ipv6
+%patch -P 42 -p1 -b .scp-ipv6
-%patch48 -p1 -b .crypto-policies
+%patch -P 43 -p1 -b .crypto-policies
-%patch49 -p1 -b .openssl-evp
+%patch -P 44 -p1 -b .openssl-evp
-%patch50 -p1 -b .openssl-kdf
+%patch -P 45 -p1 -b .openssl-kdf
-%patch51 -p1 -b .visibility
+%patch -P 46 -p1 -b .visibility
-%patch52 -p1 -b .x11-ipv6
+%patch -P 47 -p1 -b .x11-ipv6
-%patch53 -p1 -b .keygen-strip-doseol
+%patch -P 48 -p1 -b .keygen-strip-doseol
-%patch54 -p1 -b .preserve-pam-errors
+%patch -P 49 -p1 -b .preserve-pam-errors
-%patch55 -p1 -b .kill-scp
+%patch -P 50 -p1 -b .kill-scp
-%patch56 -p1 -b .scp-sftpdirs
+%patch -P 51 -p1 -b .scp-sftpdirs
-%patch57 -p1 -b .minrsabits
+%patch -P 52 -p1 -b .minrsabits
-%patch58 -p1 -b .ibmca
+%patch -P 53 -p1 -b .ibmca
-%patch60 -p1 -b .ssh-manpage
+%patch -P 1 -p1 -b .audit
-%patch61 -p1 -b .negotiate-supported-algs
+%patch -P 2 -p1 -b .audit-race
-%patch1 -p1 -b .audit
+%patch -P 3 -p1 -b .audit-log
-%patch2 -p1 -b .audit-race
+%patch -P 19 -p1 -b .fips
-%patch0 -p1 -b .coverity
+%patch -P 54 -p1 -b .ssh-manpage
 %patch -P 55 -p1 -b .negotiate-supported-algs
 %patch -P 0 -p1 -b .coverity
-%patch66 -p1
+%patch -P 56 -p1
-%patch67 -p1
+%patch -P 57 -p1
-%patch68 -p1
+%patch -P 58 -p1
-%patch69 -p1
+%patch -P 59 -p1
-%patch70 -p1
+%patch -P 60 -p1
-%patch71 -p1
+%patch -P 61 -p1
-%patch72 -p1
+%patch -P 62 -p1
-%patch73 -p1
+%patch -P 63 -p1
-%patch74 -p1
+%patch -P 64 -p1
-%patch75 -p1
+%patch -P 65 -p1
-%patch77 -p1
+%patch -P 66 -p1
-%patch78 -p1
+%patch -P 67 -p1
-%patch79 -p1
+%patch -P 68 -p1
-%patch80 -p1
+%patch -P 69 -p1
-%patch81 -p1
+%patch -P 70 -p1
-%patch82 -p1
+%patch -P 71 -p1
-%patch83 -p1
+%patch -P 72 -p1
 %patch84 -p1
 %patch85 -p1
 %patch86 -p1
 %patch87 -p1
 %patch88 -p1
 %patch89 -p1
 %patch90 -p1
 %patch91 -p1
 %patch92 -p1
 %patch93 -p1
 %patch94 -p1
 autoreconf
 pushd pam_ssh_agent_auth-pam_ssh_agent_auth-0.10.4
@ -390,6 +376,10 @@ install contrib/ssh-copy-id.1 $RPM_BUILD_ROOT%{_mandir}/man1/
 install -m644 -D %{SOURCE12} $RPM_BUILD_ROOT%{_tmpfilesdir}/%{name}.conf
 install contrib/gnome-ssh-askpass $RPM_BUILD_ROOT%{_libexecdir}/openssh/gnome-ssh-askpass
 install -m644 %{SOURCE16} $RPM_BUILD_ROOT/etc/bash_completion.d/ssh-keygen-bash-completion.sh
 install -m744 %{SOURCE17} $RPM_BUILD_ROOT/%{_libexecdir}/openssh/ssh-host-keys-migration.sh
 install -m644 %{SOURCE18} $RPM_BUILD_ROOT/%{_unitdir}/ssh-host-keys-migration.service
 install -d $RPM_BUILD_ROOT/%{_localstatedir}/lib
 touch $RPM_BUILD_ROOT/%{_localstatedir}/lib/.ssh-host-keys-migration
 ln -s gnome-ssh-askpass $RPM_BUILD_ROOT%{_libexecdir}/openssh/ssh-askpass
 install -m 755 -d $RPM_BUILD_ROOT%{_sysconfdir}/profile.d/
@ -412,6 +402,14 @@ getent passwd sshd >/dev/null || \
  -s /sbin/nologin -r -d /var/empty/sshd sshd 2> /dev/null || :
 %post server
 if [ $1 -gt 1 ]; then
    # In the case of an upgrade (never true on OSTree systems) run the migration
    # script for Fedora 38 to remove group ownership for host keys.
    %{_libexecdir}/openssh/ssh-host-keys-migration.sh
    # Prevent the systemd unit that performs the same service (useful for
    # OSTree systems) from running.
    touch /var/lib/.ssh-host-keys-migration
 fi
 %systemd_post sshd.service sshd.socket
 %preun server
@ -466,6 +464,9 @@ getent passwd sshd >/dev/null || \
 %attr(0644,root,root) %{_unitdir}/sshd-keygen@.service
 %attr(0644,root,root) %{_unitdir}/sshd-keygen.target
 %attr(0644,root,root) %{_tmpfilesdir}/openssh.conf
 %attr(0644,root,root) %{_unitdir}/ssh-host-keys-migration.service
 %attr(0744,root,root) %{_libexecdir}/openssh/ssh-host-keys-migration.sh
 %ghost %attr(0644,root,root) %{_localstatedir}/lib/.ssh-host-keys-migration
 %files keycat
 %attr(0755,root,root) %{_libexecdir}/openssh/ssh-keycat
@ -493,6 +494,12 @@ getent passwd sshd >/dev/null || \
 %attr(0644,root,root) %{_mandir}/man8/sftp-server.8*
 %changelog
 * Mon Dec 09 2024 yanglu <yanglu72@h-partners.com> - 9.6p1-1
 - Type:requirement
 - CVE:NA
 - SUG:NA
 - DESC:update openssh version to 9.6p1
 * Tue Oct 29 2024 bitianyuan <bitianyuan@huawei.com> - 9.3p2-6
 - Type:bugfix
 - ID:NA
--- a/ssh-host-keys-migration.service
+++ b/ssh-host-keys-migration.service
@ -0,0 +1,14 @@
 [Unit]
 Description=Update OpenSSH host key permissions
 Before=sshd.service
 After=ssh-keygen.target
 ConditionPathExists=!/var/lib/.ssh-host-keys-migration
 [Service]
 Type=oneshot
 ExecStart=-/usr/libexec/openssh/ssh-host-keys-migration.sh
 ExecStart=touch /var/lib/.ssh-host-keys-migration
 RemainAfterExit=yes
 [Install]
 WantedBy=sshd.service
--- a/ssh-host-keys-migration.sh
+++ b/ssh-host-keys-migration.sh
@ -0,0 +1,34 @@
 #!/usr/bin/bash 
 set -eu -o pipefail
 #
 # Example output looks like:
 # @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
 # @         WARNING: UNPROTECTED PRIVATE KEY FILE!          @
 # @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
 # Permissions 0640 for '/etc/ssh/ssh_host_rsa_key' are too open.
 # It is required that your private key files are NOT accessible by others.
 # This private key will be ignored.
 # @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
 # @         WARNING: UNPROTECTED PRIVATE KEY FILE!          @
 # @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
 # Permissions 0640 for '/etc/ssh/ssh_host_ecdsa_key' are too open.
 # It is required that your private key files are NOT accessible by others.
 # This private key will be ignored.
 # @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
 # @         WARNING: UNPROTECTED PRIVATE KEY FILE!          @
 # @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
 # Permissions 0640 for '/etc/ssh/ssh_host_ed25519_key' are too open.
 # It is required that your private key files are NOT accessible by others.
 # This private key will be ignored.
 # sshd: no hostkeys available -- exiting.
 #
 output="$(sshd -T 2>&1 || true)" # expected to fail
 while read line; do
    if [[ $line =~ ^Permissions\ [0-9]+\ for\ \'(.*)\'\ are\ too\ open. ]]; then
        keyfile=${BASH_REMATCH[1]}
        echo $line
        echo -e "\t-> changing permissions on $keyfile"
        chmod --verbose g-r $keyfile
        chown --verbose root:root $keyfile
    fi
 done <<< "$output"
--- a/5
+++ b/5
@ -30,9 +30,8 @@ if ! $KEYGEN -q -t $KEYTYPE -f $KEY -C '' -N '' >&/dev/null; then
 fi
 # sanitize permissions
-/usr/bin/chgrp ssh_keys $KEY
+/usr/bin/chmod 600 $KEY
-/usr/bin/chmod 400 $KEY
+/usr/bin/chmod 644 $KEY.pub
 /usr/bin/chmod 400 $KEY.pub
 if [[ -x /usr/sbin/restorecon ]]; then
 	/usr/sbin/restorecon $KEY{,.pub}
 fi
--- a/sshd.service
+++ b/sshd.service
@ -3,6 +3,7 @@ Description=OpenSSH server daemon
 Documentation=man:sshd(8) man:sshd_config(5)
 After=network.target sshd-keygen.target
 Wants=sshd-keygen.target
 Wants=ssh-host-keys-migration.service
 [Service]
 Type=notify
--- a/sshd@.service
+++ b/sshd@.service
@ -3,6 +3,7 @@ Description=OpenSSH per-connection server daemon
 Documentation=man:sshd(8) man:sshd_config(5)
 Wants=sshd-keygen.target
 After=sshd-keygen.target
 Wants=ssh-host-keys-migration.service
 [Service]
 EnvironmentFile=-/etc/sysconfig/sshd