openssh-7.8p1-1 + 0.10.3-5

New upstream release including: * Dropping entropy patch * Remove default support for MD5 fingerprints * Porting all the downstream patches and pam_ssh_agent_auth to new sshbuf and sshkey API * pam_ssh_agent_auth is no longer using MD5 fingerprints
2018-08-24 22:40:20 +02:00 · 2018-08-24 22:40:20 +02:00 · bbf61daf97
parent 01ba761e18
commit bbf61daf97
41 changed files with 1346 additions and 1921 deletions
--- a/.gitignore
+++ b/.gitignore
@ -30,3 +30,5 @@ pam_ssh_agent_auth-0.9.2.tar.bz2
 /openssh-7.7p1.tar.gz
 /openssh-7.7p1.tar.gz.asc
 /DJM-GPG-KEY.gpg
 /openssh-7.8p1.tar.gz
 /openssh-7.8p1.tar.gz.asc
--- a/openssh-5.8p1-packet.patch
+++ b/openssh-5.8p1-packet.patch
@ -1,12 +0,0 @@
 diff -up openssh-6.8p1/packet.c.packet openssh-6.8p1/packet.c
 --- openssh-6.8p1/packet.c.packet	2015-03-18 10:56:32.286930601 +0100
 +++ openssh-6.8p1/packet.c	2015-03-18 10:58:38.535629739 +0100
@@ -371,6 +371,8 @@ ssh_packet_connection_is_on_socket(struc
 	struct sockaddr_storage from, to;
 	socklen_t fromlen, tolen;
 +	if (!state)
 +		return 0;
 	if (state->connection_in == -1 || state->connection_out == -1)
 		return 0;
--- a/openssh-6.1p1-gssapi-canohost.patch
+++ b/openssh-6.1p1-gssapi-canohost.patch
@ -4,7 +4,7 @@ diff -up openssh-6.1p1/sshconnect2.c.canohost openssh-6.1p1/sshconnect2.c
@@ -699,12 +699,15 @@ userauth_gssapi(Authctxt *authctxt)
 	static u_int mech = 0;
 	OM_uint32 min;
- 	int ok = 0;
+ 	int r, ok = 0;
 -	const char *gss_host;
 +	const char *gss_host = NULL;
@ -13,7 +13,7 @@ diff -up openssh-6.1p1/sshconnect2.c.canohost openssh-6.1p1/sshconnect2.c
 -	else if (options.gss_trust_dns)
 +	else if (options.gss_trust_dns) {
 		gss_host = get_canonical_hostname(active_state, 1);
-+		if ( strcmp( gss_host, "UNKNOWN" )  == 0 )
+		if (strcmp(gss_host, "UNKNOWN") == 0)
 +			gss_host = authctxt->host;
 +	}
 	else
--- a/openssh-6.2p1-vendor.patch
+++ b/openssh-6.2p1-vendor.patch
@ -34,7 +34,7 @@ diff -up openssh-7.4p1/servconf.c.vendor openssh-7.4p1/servconf.c
 	options->client_alive_interval = -1;
 	options->client_alive_count_max = -1;
@@ -325,6 +326,8 @@ fill_default_server_options(ServerOption
- 		options->ip_qos_bulk = IPTOS_THROUGHPUT;
+ 		options->ip_qos_bulk = IPTOS_DSCP_CS1;
 	if (options->version_addendum == NULL)
 		options->version_addendum = xstrdup("");
 +	if (options->show_patchlevel == -1)
@ -71,7 +71,7 @@ diff -up openssh-7.4p1/servconf.c.vendor openssh-7.4p1/servconf.c
 		while ((arg = strdelim(&cp)) && *arg != '\0') {
 			if (match_user(NULL, NULL, NULL, arg) == -1)
@@ -2269,6 +2277,7 @@ dump_config(ServerOptions *o)
- 	dump_cfg_fmtint(sPermitUserEnvironment, o->permit_user_env);
+ 	dump_cfg_fmtint(sEmptyPasswd, o->permit_empty_passwd);
 	dump_cfg_fmtint(sCompression, o->compression);
 	dump_cfg_fmtint(sGatewayPorts, o->fwd_opts.gateway_ports);
 +	dump_cfg_fmtint(sShowPatchLevel, o->show_patchlevel);
@ -89,28 +89,13 @@ diff -up openssh-7.4p1/servconf.h.vendor openssh-7.4p1/servconf.h
 	int	use_dns;
 	int	client_alive_interval;	/*
 					 * poke the client this often to
 diff -up openssh-7.4p1/sshd_config.0.vendor openssh-7.4p1/sshd_config.0
 --- openssh-7.4p1/sshd_config.0.vendor	2016-12-23 13:34:51.695253847 +0100
 +++ openssh-7.4p1/sshd_config.0	2016-12-23 13:36:53.146277511 +0100
@@ -792,6 +792,11 @@ DESCRIPTION
              rdomain(4).  If the routing domain is set to %D, then the domain
              in which the incoming connection was received will be applied.
 +     ShowPatchLevel
 +	     Specifies whether sshd will display the specific patch level of
 +	     the binary in the server identification string.  The patch level
 +	     is set at compile-time.  The default is M-bM-^@M-^\noM-bM-^@M-^].
 +
      StreamLocalBindMask
              Sets the octal file creation mode mask (umask) used when creating
              a Unix-domain socket file for local or remote port forwarding.
 diff -up openssh-7.4p1/sshd_config.5.vendor openssh-7.4p1/sshd_config.5
 --- openssh-7.4p1/sshd_config.5.vendor	2016-12-23 13:34:51.695253847 +0100
 +++ openssh-7.4p1/sshd_config.5	2016-12-23 13:37:17.482282253 +0100
@@ -1334,6 +1334,13 @@ an OpenSSH Key Revocation List (KRL) as
- If the routing domain is set to
+ .Cm AcceptEnv
- .Cm \&%D ,
+ or
- then the domain in which the incoming connection was received will be applied.
+ .Cm PermitUserEnvironment .
 +.It Cm ShowPatchLevel 
 +Specifies whether 
 +.Nm sshd 
--- a/openssh-6.6.1p1-ip-port-config-parser.patch
+++ b/openssh-6.6.1p1-ip-port-config-parser.patch
@ -1,75 +0,0 @@
 diff --git a/misc.c b/misc.c
 index 874dcc8a..7b7f7a58 100644
 --- a/misc.c
 +++ b/misc.c
@@ -466,7 +466,7 @@ put_host_port(const char *host, u_short port)
  * The delimiter char, if present, is stored in delim.
  * If this is the last field, *cp is set to NULL.
  */
 -static char *
 +char *
 hpdelim2(char **cp, char *delim)
 {
 	char *s, *old;
 diff --git a/misc.h b/misc.h
 index cdafea73..cf9c8f28 100644
 --- a/misc.h
 +++ b/misc.h
@@ -54,6 +54,7 @@ int	 set_rdomain(int, const char *);
 int	 a2port(const char *);
 int	 a2tun(const char *, int *);
 char	*put_host_port(const char *, u_short);
 +char	*hpdelim2(char **, char *);
 char	*hpdelim(char **);
 char	*cleanhostname(char *);
 char	*colon(char *);
 diff --git a/servconf.c b/servconf.c
 index 0f0d0906..1679181e 100644
 --- a/servconf.c
 +++ b/servconf.c
@@ -821,7 +821,7 @@ process_permitopen(struct ssh *ssh, ServerOptions *options)
 {
 	u_int i;
 	int port;
 -	char *host, *arg, *oarg;
 +	char *host, *arg, *oarg, ch;
 	channel_clear_adm_permitted_opens(ssh);
 	if (options->num_permitted_opens == 0)
@@ -839,8 +839,8 @@ process_permitopen(struct ssh *ssh, ServerOptions *options)
 	/* Otherwise treat it as a list of permitted host:port */
 	for (i = 0; i < options->num_permitted_opens; i++) {
 		oarg = arg = xstrdup(options->permitted_opens[i]);
 -		host = hpdelim(&arg);
 -		if (host == NULL)
 +		host = hpdelim2(&arg, &ch);
 +		if (host == NULL || ch == '/')
 			fatal("%s: missing host in PermitOpen", __func__);
 		host = cleanhostname(host);
 		if (arg == NULL || ((port = permitopen_port(arg)) < 0))
@@ -1244,8 +1244,10 @@ process_server_config_line(ServerOptions *options, char *line,
 			port = 0;
 			p = arg;
 		} else {
 -			p = hpdelim(&arg);
 -			if (p == NULL)
 +			char ch;
 +			arg2 = NULL;
 +			p = hpdelim2(&arg, &ch);
 +			if (p == NULL || ch == '/')
 				fatal("%s line %d: bad address:port usage",
 				    filename, linenum);
 			p = cleanhostname(p);
@@ -1815,9 +1817,10 @@ process_server_config_line(ServerOptions *options, char *line,
 			break;
 		}
 		for (; arg != NULL && *arg != '\0'; arg = strdelim(&cp)) {
 +			char ch;
 			arg2 = xstrdup(arg);
 -			p = hpdelim(&arg);
 -			if (p == NULL)
 +			p = hpdelim2(&arg, &ch);
 +			if (p == NULL || ch == '/')
 				fatal("%s line %d: missing host in PermitOpen",
 				    filename, linenum);
 			p = cleanhostname(p);
--- a/openssh-6.6.1p1-log-in-chroot.patch
+++ b/openssh-6.6.1p1-log-in-chroot.patch
@ -34,9 +34,9 @@ diff -up openssh-7.4p1/log.h.log-in-chroot openssh-7.4p1/log.h
 void     log_init(char *, LogLevel, SyslogFacility, int);
 +void     log_init_handler(char *, LogLevel, SyslogFacility, int, int);
 LogLevel log_level_get(void);
 int      log_change_level(LogLevel);
 int      log_is_on_stderr(void);
 void     log_redirect_stderr_to(const char *);
 diff -up openssh-7.4p1/monitor.c.log-in-chroot openssh-7.4p1/monitor.c
 --- openssh-7.4p1/monitor.c.log-in-chroot	2016-12-23 15:14:33.311168085 +0100
 +++ openssh-7.4p1/monitor.c	2016-12-23 15:16:42.154193100 +0100
@ -65,7 +65,7 @@ diff -up openssh-7.4p1/monitor.c.log-in-chroot openssh-7.4p1/monitor.c
 -	do_log2(level, "%s [preauth]", msg);
 +	do_log2(level, "%s [%s]", msg, pmonitor->m_state);
- 	buffer_free(&logmsg);
+ 	sshbuf_free(logmsg);
 	free(msg);
@@ -1719,13 +1723,28 @@ monitor_init(void)
 	mon = xcalloc(1, sizeof(*mon));
--- a/openssh-6.6.1p1-selinux-contexts.patch
+++ b/openssh-6.6.1p1-selinux-contexts.patch
@ -7,7 +7,7 @@ index 8f32464..18a2ca4 100644
 #include "servconf.h"
 #include "port-linux.h"
 +#include "misc.h"
- #include "key.h"
+ #include "sshkey.h"
 #include "hostfile.h"
 #include "auth.h"
@@ -445,7 +446,7 @@ sshd_selinux_setup_exec_context(char *pwname)
@ -82,6 +82,14 @@ diff --git a/openbsd-compat/port-linux.c b/openbsd-compat/port-linux.c
 index 22ea8ef..1fc963d 100644
 --- a/openbsd-compat/port-linux.c
 +++ b/openbsd-compat/port-linux.c
@@ -26,6 +26,7 @@
 #include <stdarg.h>
 #include <string.h>
 #include <stdio.h>
 +#include <stdlib.h>
 #include "log.h"
 #include "xmalloc.h"
@@ -179,7 +179,7 @@ ssh_selinux_change_context(const char *newname)
 	strlcpy(newctx + len, newname, newlen - len);
 	if ((cx = index(cx + 1, ':')))
--- a/openssh-6.6p1-GSSAPIEnablek5users.patch
+++ b/openssh-6.6p1-GSSAPIEnablek5users.patch
@ -4,7 +4,7 @@ diff -up openssh-7.4p1/gss-serv-krb5.c.GSSAPIEnablek5users openssh-7.4p1/gss-ser
@@ -279,7 +279,6 @@ ssh_gssapi_krb5_cmdok(krb5_principal pri
 	FILE *fp;
 	char file[MAXPATHLEN];
- 	char line[BUFSIZ] = "";
+ 	char *line = NULL;
 -	char kuser[65]; /* match krb5_kuserok() */
 	struct stat st;
 	struct passwd *pw = the_authctxt->pw;
@ -44,8 +44,8 @@ diff -up openssh-7.4p1/servconf.c.GSSAPIEnablek5users openssh-7.4p1/servconf.c
 	sClientAliveInterval, sClientAliveCountMax, sAuthorizedKeysFile,
 -	sGssAuthentication, sGssCleanupCreds, sGssStrictAcceptor,
 +	sGssAuthentication, sGssCleanupCreds, sGssEnablek5users, sGssStrictAcceptor,
- 	sGssKeyEx, sGssStoreRekey, sAcceptEnv, sPermitTunnel,
+ 	sGssKeyEx, sGssStoreRekey, sAcceptEnv, sSetEnv, sPermitTunnel,
- 	sMatch, sPermitOpen, sForceCommand, sChrootDirectory,
+ 	sMatch, sPermitOpen, sPermitListen, sForceCommand, sChrootDirectory,
 	sUsePrivilegeSeparation, sAllowAgentForwarding,
@@ -497,12 +500,14 @@ static struct {
 	{ "gssapistrictacceptorcheck", sGssStrictAcceptor, SSHCFG_GLOBAL },
@ -70,9 +70,9 @@ diff -up openssh-7.4p1/servconf.c.GSSAPIEnablek5users openssh-7.4p1/servconf.c
 +		intptr = &options->enable_k5users;
 +		goto parse_flag;
 +
 	case sPermitListen:
 	case sPermitOpen:
- 		arg = strdelim(&cp);
+ 		if (opcode == sPermitListen) {
 		if (!arg || *arg == '\0')
@@ -2026,6 +2035,7 @@ copy_set_server_options(ServerOptions *d
 	M_CP_INTOPT(ip_qos_interactive);
 	M_CP_INTOPT(ip_qos_bulk);
--- a/openssh-6.6p1-ctr-cavstest.patch
+++ b/openssh-6.6p1-ctr-cavstest.patch
@ -19,8 +19,8 @@ diff -up openssh-6.8p1/Makefile.in.ctr-cavs openssh-6.8p1/Makefile.in
 XMSS_OBJS=\
 	ssh-xmss.o \
@@ -194,6 +195,9 @@ ssh-ldap-helper$(EXEEXT): $(LIBCOMPAT) l
- ssh-keycat$(EXEEXT): $(LIBCOMPAT) $(SSHDOBJS) libssh.a ssh-keycat.o
+ ssh-keycat$(EXEEXT): $(LIBCOMPAT) $(SSHDOBJS) libssh.a ssh-keycat.o uidswap.o
- 	$(LD) -o $@ ssh-keycat.o bufaux.o $(LDFLAGS) -lssh -lopenbsd-compat -lfipscheck $(KEYCATLIBS) $(LIBS)
+ 	$(LD) -o $@ ssh-keycat.o uidswap.o $(LDFLAGS) -lssh -lopenbsd-compat -lfipscheck $(KEYCATLIBS) $(LIBS)
 +ctr-cavstest$(EXEEXT): $(LIBCOMPAT) libssh.a ctr-cavstest.o
 +	$(LD) -o $@ ctr-cavstest.o $(LDFLAGS) -lssh -lopenbsd-compat -lssh -lfipscheck $(LIBS)
--- a/openssh-6.6p1-entropy.patch
+++ b/openssh-6.6p1-entropy.patch
@ -1,262 +0,0 @@
 diff -up openssh-7.4p1/entropy.c.entropy openssh-7.4p1/entropy.c
 --- openssh-7.4p1/entropy.c.entropy	2016-12-19 05:59:41.000000000 +0100
 +++ openssh-7.4p1/entropy.c	2016-12-23 18:34:27.769753570 +0100
@@ -229,6 +229,9 @@ seed_rng(void)
 	memset(buf, '\0', sizeof(buf));
 #endif /* OPENSSL_PRNG_ONLY */
 +#ifdef __linux__
 +	linux_seed();
 +#endif /* __linux__ */
 	if (RAND_status() != 1)
 		fatal("PRNG is not seeded");
 }
 diff -up openssh-7.4p1/openbsd-compat/Makefile.in.entropy openssh-7.4p1/openbsd-compat/Makefile.in
 --- openssh-7.4p1/openbsd-compat/Makefile.in.entropy	2016-12-23 18:34:53.715762155 +0100
 +++ openssh-7.4p1/openbsd-compat/Makefile.in	2016-12-23 18:35:15.890769493 +0100
@@ -20,7 +20,8 @@ OPENBSD=base64.o basename.o bcrypt_pbkdf
 	port-solaris.o \
 	port-net.o \
 	port-uw.o \
 -	port-linux-sshd.o
 +	port-linux-sshd.o \
 +	port-linux-prng.o
 .c.o:
 	$(CC) $(CFLAGS) $(CPPFLAGS) -c $<
 diff -up openssh-7.4p1/openbsd-compat/port-linux.h.entropy openssh-7.4p1/openbsd-compat/port-linux.h
 --- openssh-7.4p1/openbsd-compat/port-linux.h.entropy	2016-12-23 18:34:27.747753563 +0100
 +++ openssh-7.4p1/openbsd-compat/port-linux.h	2016-12-23 18:34:27.769753570 +0100
@@ -34,4 +34,6 @@ void oom_adjust_restore(void);
 void oom_adjust_setup(void);
 #endif
 +void linux_seed(void);
 +
 #endif /* ! _PORT_LINUX_H */
 diff -up openssh-7.4p1/openbsd-compat/port-linux-prng.c.entropy openssh-7.4p1/openbsd-compat/port-linux-prng.c
 --- openssh-7.4p1/openbsd-compat/port-linux-prng.c.entropy	2016-12-23 18:34:27.769753570 +0100
 +++ openssh-7.4p1/openbsd-compat/port-linux-prng.c	2016-12-23 18:34:27.769753570 +0100
@@ -0,0 +1,59 @@
 +/* $Id: port-linux.c,v 1.11.4.2 2011/02/04 00:43:08 djm Exp $ */
 +
 +/*
 + * Copyright (c) 2011 Jan F. Chadima <jchadima@redhat.com>
 + *
 + * Permission to use, copy, modify, and distribute this software for any
 + * purpose with or without fee is hereby granted, provided that the above
 + * copyright notice and this permission notice appear in all copies.
 + *
 + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
 + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
 + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
 + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
 + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
 + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 + */
 +
 +/*
 + * Linux-specific portability code - prng support
 + */
 +
 +#include "includes.h"
 +
 +#include <errno.h>
 +#include <stdarg.h>
 +#include <string.h>
 +#include <stdio.h>
 +#include <openssl/rand.h>
 +
 +#include "log.h"
 +#include "xmalloc.h"
 +#include "misc.h"      /* servconf.h needs misc.h for struct ForwardOptions */
 +#include "servconf.h"
 +#include "port-linux.h"
 +#include "key.h"
 +#include "hostfile.h"
 +#include "auth.h"
 +
 +void
 +linux_seed(void)
 +{
 +	char *env = getenv("SSH_USE_STRONG_RNG");
 +	char *random = "/dev/random";
 +	size_t len, ienv, randlen = 14;
 +
 +	if (!env || !strcmp(env, "0"))
 +		random = "/dev/urandom";
 +	else if ((ienv = atoi(env)) > randlen)
 +		randlen = ienv;
 +
 +	errno = 0;
 +	if ((len = RAND_load_file(random, randlen)) != randlen) {
 +		if (errno)
 +			fatal ("cannot read from %s, %s", random, strerror(errno));
 +		else
 +			fatal ("EOF reading %s", random);
 +	}
 +}
 diff -up openssh-7.4p1/ssh.1.entropy openssh-7.4p1/ssh.1
 --- openssh-7.4p1/ssh.1.entropy	2016-12-23 18:34:27.754753565 +0100
 +++ openssh-7.4p1/ssh.1	2016-12-23 18:34:27.770753571 +0100
@@ -1441,6 +1441,23 @@ For more information, see the
 .Cm PermitUserEnvironment
 option in
 .Xr sshd_config 5 .
 +.Sh ENVIRONMENT
 +.Bl -tag -width Ds -compact
 +.It Ev SSH_USE_STRONG_RNG
 +The reseeding of the OpenSSL random generator is usually done from
 +.Cm /dev/urandom .
 +If the 
 +.Cm SSH_USE_STRONG_RNG
 +environment variable is set to value other than
 +.Cm 0
 +the OpenSSL random generator is reseeded from
 +.Cm /dev/random .
 +The number of bytes read is defined by the SSH_USE_STRONG_RNG value. 
 +Minimum is 14 bytes.
 +This setting is not recommended on the computers without the hardware
 +random generator because insufficient entropy causes the connection to 
 +be blocked until enough entropy is available.
 +.El
 .Sh FILES
 .Bl -tag -width Ds -compact
 .It Pa ~/.rhosts
 diff -up openssh-7.4p1/ssh-add.1.entropy openssh-7.4p1/ssh-add.1
 --- openssh-7.4p1/ssh-add.1.entropy	2016-12-19 05:59:41.000000000 +0100
 +++ openssh-7.4p1/ssh-add.1	2016-12-23 18:34:27.770753571 +0100
@@ -171,6 +171,20 @@ to make this work.)
 Identifies the path of a
 .Ux Ns -domain
 socket used to communicate with the agent.
 +.It Ev SSH_USE_STRONG_RNG
 +The reseeding of the OpenSSL random generator is usually done from
 +.Cm /dev/urandom .
 +If the 
 +.Cm SSH_USE_STRONG_RNG
 +environment variable is set to value other than
 +.Cm 0
 +the OpenSSL random generator is reseeded from
 +.Cm /dev/random .
 +The number of bytes read is defined by the SSH_USE_STRONG_RNG value. 
 +Minimum is 14 bytes.
 +This setting is not recommended on the computers without the hardware
 +random generator because insufficient entropy causes the connection to 
 +be blocked until enough entropy is available.
 .El
 .Sh FILES
 .Bl -tag -width Ds
 diff -up openssh-7.4p1/ssh-agent.1.entropy openssh-7.4p1/ssh-agent.1
 --- openssh-7.4p1/ssh-agent.1.entropy	2016-12-19 05:59:41.000000000 +0100
 +++ openssh-7.4p1/ssh-agent.1	2016-12-23 18:34:27.770753571 +0100
@@ -214,6 +214,24 @@ sockets used to contain the connection t
 These sockets should only be readable by the owner.
 The sockets should get automatically removed when the agent exits.
 .El
 +.Sh ENVIRONMENT
 +.Bl -tag -width Ds -compact
 +.Pp
 +.It Pa SSH_USE_STRONG_RNG
 +The reseeding of the OpenSSL random generator is usually done from
 +.Cm /dev/urandom .
 +If the 
 +.Cm SSH_USE_STRONG_RNG
 +environment variable is set to value other than
 +.Cm 0
 +the OpenSSL random generator is reseeded from
 +.Cm /dev/random .
 +The number of bytes read is defined by the SSH_USE_STRONG_RNG value. 
 +Minimum is 14 bytes.
 +This setting is not recommended on the computers without the hardware
 +random generator because insufficient entropy causes the connection to 
 +be blocked until enough entropy is available.
 +.El
 .Sh SEE ALSO
 .Xr ssh 1 ,
 .Xr ssh-add 1 ,
 diff -up openssh-7.4p1/sshd.8.entropy openssh-7.4p1/sshd.8
 --- openssh-7.4p1/sshd.8.entropy	2016-12-23 18:34:27.755753566 +0100
 +++ openssh-7.4p1/sshd.8	2016-12-23 18:34:27.770753571 +0100
@@ -920,6 +920,24 @@ concurrently for different ports, this c
 started last).
 The content of this file is not sensitive; it can be world-readable.
 .El
 +.Sh ENVIRONMENT
 +.Bl -tag -width Ds -compact
 +.Pp
 +.It Pa SSH_USE_STRONG_RNG
 +The reseeding of the OpenSSL random generator is usually done from
 +.Cm /dev/urandom .
 +If the 
 +.Cm SSH_USE_STRONG_RNG
 +environment variable is set to value other than
 +.Cm 0
 +the OpenSSL random generator is reseeded from
 +.Cm /dev/random .
 +The number of bytes read is defined by the SSH_USE_STRONG_RNG value. 
 +Minimum is 14 bytes.
 +This setting is not recommended on the computers without the hardware
 +random generator because insufficient entropy causes the connection to 
 +be blocked until enough entropy is available.
 +.El
 .Sh IPV6
 IPv6 address can be used everywhere where IPv4 address. In all entries must be the IPv6 address enclosed in square brackets. Note: The square brackets are metacharacters for the shell and must be escaped in shell.
 .Sh SEE ALSO
 diff -up openssh-7.4p1/ssh-keygen.1.entropy openssh-7.4p1/ssh-keygen.1
 --- openssh-7.4p1/ssh-keygen.1.entropy	2016-12-19 05:59:41.000000000 +0100
 +++ openssh-7.4p1/ssh-keygen.1	2016-12-23 18:34:27.770753571 +0100
@@ -848,6 +848,24 @@ Contains Diffie-Hellman groups used for
 The file format is described in
 .Xr moduli 5 .
 .El
 +.Sh ENVIRONMENT
 +.Bl -tag -width Ds -compact
 +.Pp
 +.It Pa SSH_USE_STRONG_RNG
 +The reseeding of the OpenSSL random generator is usually done from
 +.Cm /dev/urandom .
 +If the 
 +.Cm SSH_USE_STRONG_RNG
 +environment variable is set to value other than
 +.Cm 0
 +the OpenSSL random generator is reseeded from
 +.Cm /dev/random .
 +The number of bytes read is defined by the SSH_USE_STRONG_RNG value. 
 +Minimum is 14 bytes.
 +This setting is not recommended on the computers without the hardware
 +random generator because insufficient entropy causes the connection to 
 +be blocked until enough entropy is available.
 +.El
 .Sh SEE ALSO
 .Xr ssh 1 ,
 .Xr ssh-add 1 ,
 diff -up openssh-7.4p1/ssh-keysign.8.entropy openssh-7.4p1/ssh-keysign.8
 --- openssh-7.4p1/ssh-keysign.8.entropy	2016-12-19 05:59:41.000000000 +0100
 +++ openssh-7.4p1/ssh-keysign.8	2016-12-23 18:34:27.770753571 +0100
@@ -80,6 +80,24 @@ must be set-uid root if host-based authe
 If these files exist they are assumed to contain public certificate
 information corresponding with the private keys above.
 .El
 +.Sh ENVIRONMENT
 +.Bl -tag -width Ds -compact
 +.Pp
 +.It Pa SSH_USE_STRONG_RNG
 +The reseeding of the OpenSSL random generator is usually done from
 +.Cm /dev/urandom .
 +If the 
 +.Cm SSH_USE_STRONG_RNG
 +environment variable is set to value other than
 +.Cm 0
 +the OpenSSL random generator is reseeded from
 +.Cm /dev/random .
 +The number of bytes read is defined by the SSH_USE_STRONG_RNG value. 
 +Minimum is 14 bytes.
 +This setting is not recommended on the computers without the hardware
 +random generator because insufficient entropy causes the connection to 
 +be blocked until enough entropy is available.
 +.El
 .Sh SEE ALSO
 .Xr ssh 1 ,
 .Xr ssh-keygen 1 ,
--- a/openssh-6.6p1-force_krb.patch
+++ b/openssh-6.6p1-force_krb.patch
@ -11,9 +11,9 @@ index 413b845..54dd383 100644
 +#include <unistd.h>
 #include "xmalloc.h"
- #include "key.h"
+ #include "sshkey.h"
@@ -45,6 +47,7 @@
- #include "buffer.h"
+ 
 #include "ssh-gss.h"
 +extern Authctxt *the_authctxt;
@ -66,7 +66,7 @@ index 413b845..54dd383 100644
 	} else
 		retval = 0;
-@@ -110,6 +133,135 @@ ssh_gssapi_krb5_userok(ssh_gssapi_client *client, char *name)
+@@ -110,6 +133,137 @@ ssh_gssapi_krb5_userok(ssh_gssapi_client *client, char *name)
 	return retval;
 }
@ -97,13 +97,14 @@ index 413b845..54dd383 100644
 +{
 +	FILE *fp;
 +	char file[MAXPATHLEN];
-+	char line[BUFSIZ] = "";
+	char *line = NULL;
 +	char kuser[65]; /* match krb5_kuserok() */
 +	struct stat st;
 +	struct passwd *pw = the_authctxt->pw;
 +	int found_principal = 0;
 +	int ncommands = 0, allcommands = 0;
 +	u_long linenum;
 +	size_t linesize = 0;
 +
 +	snprintf(file, sizeof(file), "%s/.k5users", pw->pw_dir);
 +	/* If both .k5login and .k5users DNE, self-login is ok. */
@ -147,9 +148,9 @@ index 413b845..54dd383 100644
 +	k5users_allowed_cmds = xcalloc(++ncommands,
 +	    sizeof(*k5users_allowed_cmds));
 +
-+	/* Check each line.  ksu allows unlimited length lines.  We don't. */
+	/* Check each line.  ksu allows unlimited length lines. */
-+	while (!allcommands && read_keyfile_line(fp, file, line, sizeof(line),
+	while (!allcommands && getline(&line, &linesize, fp) != -1) {
-+	    &linenum) != -1) {
+		linenum++;
 +		char *token;
 +
 +		/* we parse just like ksu, even though we could do better */
@ -182,6 +183,7 @@ index 413b845..54dd383 100644
 +			}
 +		}
 +       }
 +	free(line);
 +	if (k5users_allowed_cmds) {
 +		/* terminate vector */
 +		k5users_allowed_cmds[ncommands-1] = NULL;
--- a/openssh-6.6p1-keycat.patch
+++ b/openssh-6.6p1-keycat.patch
@ -64,8 +64,8 @@ diff -up openssh/Makefile.in.keycat openssh/Makefile.in
 ssh-ldap-helper$(EXEEXT): $(LIBCOMPAT) libssh.a ldapconf.o ldapbody.o ldapmisc.o ldap-helper.o
 	$(LD) -o $@ ldapconf.o ldapbody.o ldapmisc.o ldap-helper.o $(LDFLAGS) -lssh -lopenbsd-compat -lssh -lopenbsd-compat -lfipscheck $(LIBS) $(LDAPLIBS)
-+ssh-keycat$(EXEEXT): $(LIBCOMPAT) $(SSHDOBJS) libssh.a ssh-keycat.o
+ssh-keycat$(EXEEXT): $(LIBCOMPAT) $(SSHDOBJS) libssh.a ssh-keycat.o uidswap.o
-+	$(LD) -o $@ ssh-keycat.o bufaux.o $(LDFLAGS) -lssh -lopenbsd-compat -lfipscheck $(KEYCATLIBS) $(LIBS)
+	$(LD) -o $@ ssh-keycat.o uidswap.o $(LDFLAGS) -lssh -lopenbsd-compat -lfipscheck $(KEYCATLIBS) $(LIBS)
 +
 ssh-keyscan$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-keyscan.o
 	$(LD) -o $@ ssh-keyscan.o $(LDFLAGS) -lssh -lopenbsd-compat -lssh $(LIBS)
--- a/openssh-6.6p1-kuserok.patch
+++ b/openssh-6.6p1-kuserok.patch
@ -224,9 +224,9 @@ diff -up openssh-7.4p1/servconf.c.kuserok openssh-7.4p1/servconf.c
 +		intptr = &options->use_kuserok;
 +		goto parse_flag;
 +
 	case sPermitListen:
 	case sPermitOpen:
- 		arg = strdelim(&cp);
+ 		if (opcode == sPermitListen) {
 		if (!arg || *arg == '\0')
@@ -2016,6 +2025,7 @@ copy_set_server_options(ServerOptions *d
 	M_CP_INTOPT(client_alive_interval);
 	M_CP_INTOPT(ip_qos_interactive);
--- a/openssh-6.6p1-privsep-selinux.patch
+++ b/openssh-6.6p1-privsep-selinux.patch
@ -54,9 +54,9 @@ diff -up openssh-7.4p1/session.c.privsep-selinux openssh-7.4p1/session.c
 		if (setusercontext(lc, pw, pw->pw_uid,
 		    (LOGIN_SETALL & ~(LOGIN_SETPATH|LOGIN_SETUSER))) < 0) {
@@ -1361,6 +1361,9 @@ do_setusercontext(struct passwd *pw)
- 			    pw->pw_uid);
+			    (unsigned long long)pw->pw_uid);
 			chroot_path = percent_expand(tmp, "h", pw->pw_dir,
- 			    "u", pw->pw_name, (char *)NULL);
+			    "u", pw->pw_name, "U", uidstr, (char *)NULL);
 +#ifdef WITH_SELINUX
 +			sshd_selinux_copy_context();
 +#endif
--- a/openssh-6.7p1-coverity.patch
+++ b/openssh-6.7p1-coverity.patch
@ -120,7 +120,7 @@ diff -up openssh-7.4p1/serverloop.c.coverity openssh-7.4p1/serverloop.c
 -		while (read(notify_pipe[0], &c, 1) != -1)
 +	if (notify_pipe[0] >= 0 && FD_ISSET(notify_pipe[0], readset))
 +		while (read(notify_pipe[0], &c, 1) >= 0)
- 			debug2("notify_done: reading");
+ 			debug2("%s: reading", __func__);
 }
@@ -518,7 +518,7 @@ server_request_tun(void)
--- a/openssh-6.7p1-kdf-cavs.patch
+++ b/openssh-6.7p1-kdf-cavs.patch
@ -88,8 +88,8 @@ diff -up openssh-6.8p1/ssh-cavs.c.kdf-cavs openssh-6.8p1/ssh-cavs.c
 +#include <openssl/bn.h>
 +
 +#include "xmalloc.h"
-+#include "buffer.h"
+#include "sshbuf.h"
-+#include "key.h"
+#include "sshkey.h"
 +#include "cipher.h"
 +#include "kex.h"
 +#include "packet.h"
--- a/openssh-6.7p1-ldap.patch
+++ b/openssh-6.7p1-ldap.patch
@ -157,7 +157,7 @@ diff -up openssh-6.8p1/Makefile.in.ldap openssh-6.8p1/Makefile.in
 	ssh-xmss.o \
@@ -112,8 +115,8 @@ SSHDOBJS=sshd.o auth-rhosts.o auth-passw
 	sandbox-seccomp-filter.o sandbox-capsicum.o sandbox-pledge.o \
- 	sandbox-solaris.o
+ 	sandbox-solaris.o uidswap.o
 -MANPAGES	= moduli.5.out scp.1.out ssh-add.1.out ssh-agent.1.out ssh-keygen.1.out ssh-keyscan.1.out ssh.1.out sshd.8.out sftp-server.8.out sftp.1.out ssh-keysign.8.out ssh-pkcs11-helper.8.out sshd_config.5.out ssh_config.5.out
 -MANPAGES_IN	= moduli.5 scp.1 ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh-keyscan.1 ssh.1 sshd.8 sftp-server.8 sftp.1 ssh-keysign.8 ssh-pkcs11-helper.8 sshd_config.5 ssh_config.5
@ -356,7 +356,7 @@ diff -up openssh-6.8p1/configure.ac.ldap openssh-6.8p1/configure.ac
 diff -up openssh-6.8p1/ldap-helper.c.ldap openssh-6.8p1/ldap-helper.c
 --- openssh-6.8p1/ldap-helper.c.ldap	2015-03-18 11:11:29.030801464 +0100
 +++ openssh-6.8p1/ldap-helper.c	2015-03-18 11:11:29.030801464 +0100
-@@ -0,0 +1,155 @@
+@@ -0,0 +1,151 @@
 +/* $OpenBSD: ssh-pka-ldap.c,v 1.1 2009/12/03 03:34:42 jfch Exp $ */
 +/*
 + * Copyright (c) 2009 Jan F. Chadima.  All rights reserved.
@ -390,6 +390,7 @@ diff -up openssh-6.8p1/ldap-helper.c.ldap openssh-6.8p1/ldap-helper.c
 +#include "ldapbody.h"
 +#include <string.h>
 +#include <unistd.h>
 +#include <stdlib.h>
 +
 +static int config_debug = 0;
 +int config_exclusive_config_file = 0;
@ -507,11 +508,6 @@ diff -up openssh-6.8p1/ldap-helper.c.ldap openssh-6.8p1/ldap-helper.c
 +	ldap_do_close();
 +	return 0;
 +}
 +
 +/* Ugly hack */
 +void   *buffer_get_string(Buffer *b, u_int *l) { return NULL; }
 +void    buffer_put_string(Buffer *b, const void *f, u_int l) {}
 +
 diff -up openssh-6.8p1/ldap-helper.h.ldap openssh-6.8p1/ldap-helper.h
 --- openssh-6.8p1/ldap-helper.h.ldap	2015-03-18 11:11:29.031801462 +0100
 +++ openssh-6.8p1/ldap-helper.h	2015-03-18 11:11:29.031801462 +0100
@ -684,6 +680,7 @@ diff -up openssh-6.8p1/ldapbody.c.ldap openssh-6.8p1/ldapbody.c
 +#include "ldapbody.h"
 +#include <stdio.h>
 +#include <unistd.h>
 +#include <stdlib.h>
 +#include "misc.h"
 +
 +#define LDAPSEARCH_FORMAT "(&(objectclass=%c)(objectclass=ldapPublicKey)(uid=%u)%f)"
@ -1188,7 +1185,7 @@ diff -up openssh-6.8p1/ldapbody.h.ldap openssh-6.8p1/ldapbody.h
 diff -up openssh-6.8p1/ldapconf.c.ldap openssh-6.8p1/ldapconf.c
 --- openssh-6.8p1/ldapconf.c.ldap	2015-03-18 11:11:29.032801460 +0100
 +++ openssh-6.8p1/ldapconf.c	2015-03-18 11:11:29.032801460 +0100
-@@ -0,0 +1,728 @@
+@@ -0,0 +1,729 @@
 +/* $OpenBSD: ldapconf.c,v 1.1 2009/12/03 03:34:42 jfch Exp $ */
 +/*
 + * Copyright (c) 2009 Jan F. Chadima.  All rights reserved.
@ -1222,6 +1219,7 @@ diff -up openssh-6.8p1/ldapconf.c.ldap openssh-6.8p1/ldapconf.c
 +#include "ldapconf.h"
 +#include <unistd.h>
 +#include <string.h>
 +#include <stdlib.h>
 +
 +/* Keyword tokens. */
 +
--- a/openssh-7.0p1-gssKexAlgorithms.patch
+++ b/openssh-7.0p1-gssKexAlgorithms.patch
@ -23,9 +23,9 @@ diff -up openssh-7.0p1/gss-genr.c.gsskexalg openssh-7.0p1/gss-genr.c
 ssh_gssapi_kex_mechs(gss_OID_set gss_supported, ssh_gssapi_check_fn *check,
 -    const char *host, const char *client) {
 +    const char *host, const char *client, const char *kex) {
- 	Buffer buf;
+ 	struct sshbuf *buf;
 	size_t i;
- 	int oidpos, enclen;
+ 	int oidpos, enclen, r;
@@ -100,6 +101,7 @@ ssh_gssapi_kex_mechs(gss_OID_set gss_sup
 	char deroid[2];
 	const EVP_MD *evp_md = EVP_md5();
@ -35,39 +35,44 @@ diff -up openssh-7.0p1/gss-genr.c.gsskexalg openssh-7.0p1/gss-genr.c
 	if (gss_enc2oid != NULL) {
 		for (i = 0; gss_enc2oid[i].encoded != NULL; i++)
@@ -113,6 +115,7 @@ ssh_gssapi_kex_mechs(gss_OID_set gss_sup
- 	buffer_init(&buf);
+ 		fatal("%s: sshbuf_new failed", __func__);
 	oidpos = 0;
 +	s = cp = xstrdup(kex);
 	for (i = 0; i < gss_supported->count; i++) {
 		if (gss_supported->elements[i].length < 128 &&
 		    (*check)(NULL, &(gss_supported->elements[i]), host, client)) {
-@@ -131,26 +134,22 @@ ssh_gssapi_kex_mechs(gss_OID_set gss_sup
+@@ -131,28 +134,25 @@ ssh_gssapi_kex_mechs(gss_OID_set gss_sup
 			enclen = __b64_ntop(digest, EVP_MD_size(evp_md),
 			    encoded, EVP_MD_size(evp_md) * 2);
 -			if (oidpos != 0)
-				buffer_put_char(&buf, ',');
+-				if ((r = sshbuf_put_u8(buf, ',')) != 0)
 -					fatal("%s: buffer error: %s", __func__, ssh_err(r));
 -
-			buffer_append(&buf, KEX_GSS_GEX_SHA1_ID,
+-			if ((r = sshbuf_put(buf, KEX_GSS_GEX_SHA1_ID,
-			    sizeof(KEX_GSS_GEX_SHA1_ID) - 1);
+-			    sizeof(KEX_GSS_GEX_SHA1_ID) - 1)) != 0 ||
-			buffer_append(&buf, encoded, enclen);
+-			    (r = sshbuf_put(buf, encoded, enclen)) != 0 ||
-			buffer_put_char(&buf, ',');
+-			    (r = sshbuf_put_u8(buf, ',')) != 0 ||
-			buffer_append(&buf, KEX_GSS_GRP1_SHA1_ID, 
+-			    (r = sshbuf_put(buf, KEX_GSS_GRP1_SHA1_ID, 
-			    sizeof(KEX_GSS_GRP1_SHA1_ID) - 1);
+-			    sizeof(KEX_GSS_GRP1_SHA1_ID) - 1)) != 0 ||
-			buffer_append(&buf, encoded, enclen);
+-			    (r = sshbuf_put(buf, encoded, enclen)) != 0 ||
-			buffer_put_char(&buf, ',');
+-			    (r = sshbuf_put_u8(buf, ',')) != 0 ||
-			buffer_append(&buf, KEX_GSS_GRP14_SHA1_ID,
+-			    (r = sshbuf_put(buf, KEX_GSS_GRP14_SHA1_ID,
-			    sizeof(KEX_GSS_GRP14_SHA1_ID) - 1);
+-			    sizeof(KEX_GSS_GRP14_SHA1_ID) - 1)) != 0 ||
-			buffer_append(&buf, encoded, enclen);
+-			    (r = sshbuf_put(buf, encoded, enclen)) != 0)
 -		 		fatal("%s: buffer error: %s", __func__, ssh_err(r));
 +			cp = strncpy(s, kex, strlen(kex));
 +			for ((p = strsep(&cp, ",")); p && *p != '\0';
 +				(p = strsep(&cp, ","))) {
-+				if (buffer_len(&buf) != 0)
+				if (sshbuf_len(buf) != 0)
-+					buffer_put_char(&buf, ',');
+					if ((r = sshbuf_put_u8(buf, ',')) != 0)
-+				buffer_append(&buf, p,
+			 			fatal("%s: buffer error: %s",
-+				    strlen(p));
+						    __func__, ssh_err(r));
-+				buffer_append(&buf, encoded, enclen);
+				if ((r = sshbuf_put(buf, p, strlen(p))) != 0 ||
 +				    (r = sshbuf_put(buf, encoded, enclen)) != 0)
 +			 		fatal("%s: buffer error: %s",
 +					    __func__, ssh_err(r));
 +			}
 			gss_enc2oid[oidpos].oid = &(gss_supported->elements[i]);
@ -104,7 +109,7 @@ diff -up openssh-7.0p1/kex.c.gsskexalg openssh-7.0p1/kex.c
 #include "ssherr.h"
 #include "sshbuf.h"
@@ -232,6 +232,29 @@ kex_assemble_names(const char *def, char
- 	return 0;
+ 	return r;
 }
 +/* Validate GSS KEX method name list */
@ -139,7 +144,7 @@ diff -up openssh-7.0p1/kex.h.gsskexalg openssh-7.0p1/kex.h
@@ -173,6 +173,7 @@ int	 kex_names_valid(const char *);
 char	*kex_alg_list(char);
 char	*kex_names_cat(const char *, const char *);
- int	 kex_assemble_names(const char *, char **);
+ int	 kex_assemble_names(char **, const char *, const char *);
 +int	 gss_kex_names_valid(const char *);
 int	 kex_new(struct ssh *, char *[PROPOSAL_MAX], struct kex **);
@ -162,7 +167,7 @@ diff -up openssh-7.0p1/readconf.c.gsskexalg openssh-7.0p1/readconf.c
 -	oGssServerIdentity, 
 +	oGssServerIdentity, oGssKexAlgorithms,
 	oServerAliveInterval, oServerAliveCountMax, oIdentitiesOnly,
- 	oSendEnv, oControlPath, oControlMaster, oControlPersist,
+ 	oSendEnv, oSetEnv, oControlPath, oControlMaster, oControlPersist,
 	oHashKnownHosts,
@@ -200,6 +201,7 @@ static struct {
 	{ "gssapiclientidentity", oGssClientIdentity },
@ -263,9 +268,9 @@ diff -up openssh-7.0p1/servconf.c.gsskexalg openssh-7.0p1/servconf.c
 	sHostKeyAlgorithms,
 	sClientAliveInterval, sClientAliveCountMax, sAuthorizedKeysFile,
 	sGssAuthentication, sGssCleanupCreds, sGssEnablek5users, sGssStrictAcceptor,
-	sGssKeyEx, sGssStoreRekey, sAcceptEnv, sPermitTunnel,
+-	sGssKeyEx, sGssStoreRekey, sAcceptEnv, sSetEnv, sPermitTunnel,
-+	sGssKeyEx, sGssStoreRekey, sGssKexAlgorithms, sAcceptEnv, sPermitTunnel,
+	sGssKeyEx, sGssStoreRekey, sGssKexAlgorithms, sAcceptEnv, sSetEnv, sPermitTunnel,
- 	sMatch, sPermitOpen, sForceCommand, sChrootDirectory,
+ 	sMatch, sPermitOpen, sPermitListen, sForceCommand, sChrootDirectory,
 	sUsePrivilegeSeparation, sAllowAgentForwarding,
 	sHostCertificate,
@@ -506,6 +510,7 @@ static struct {
@ -388,7 +393,7 @@ diff -up openssh-7.0p1/sshconnect2.c.gsskexalg openssh-7.0p1/sshconnect2.c
 +This option only applies to protocol version 2 connections using GSSAPI.
 .It Cm HostbasedAcceptedKeyTypes
 Specifies the key types that will be accepted for hostbased authentication
- as a comma-separated pattern list.
+ as a list of comma-separated patterns.
 diff -up openssh-7.0p1/ssh-gss.h.gsskexalg openssh-7.0p1/ssh-gss.h
 --- openssh-7.0p1/ssh-gss.h.gsskexalg	2015-08-19 12:28:38.031518944 +0200
 +++ openssh-7.0p1/ssh-gss.h	2015-08-19 12:28:38.081518832 +0200
--- a/openssh-7.0p1-show-more-fingerprints.patch
+++ b/openssh-7.0p1-show-more-fingerprints.patch
@ -1,324 +0,0 @@
 diff -up openssh/clientloop.c.fingerprint openssh/clientloop.c
 --- openssh/clientloop.c.fingerprint	2017-09-26 15:21:22.582477729 +0200
 +++ openssh/clientloop.c	2017-09-26 15:21:22.620477932 +0200
@@ -1854,7 +1854,7 @@ update_known_hosts(struct hostkeys_updat
 		if (ctx->keys_seen[i] != 2)
 			continue;
 		if ((fp = sshkey_fingerprint(ctx->keys[i],
 -		    options.fingerprint_hash, SSH_FP_DEFAULT)) == NULL)
 +		    options.fingerprint_hash[0], SSH_FP_DEFAULT)) == NULL)
 			fatal("%s: sshkey_fingerprint failed", __func__);
 		do_log2(loglevel, "Learned new hostkey: %s %s",
 		    sshkey_type(ctx->keys[i]), fp);
@@ -1862,7 +1862,7 @@ update_known_hosts(struct hostkeys_updat
 	}
 	for (i = 0; i < ctx->nold; i++) {
 		if ((fp = sshkey_fingerprint(ctx->old_keys[i],
 -		    options.fingerprint_hash, SSH_FP_DEFAULT)) == NULL)
 +		    options.fingerprint_hash[0], SSH_FP_DEFAULT)) == NULL)
 			fatal("%s: sshkey_fingerprint failed", __func__);
 		do_log2(loglevel, "Deprecating obsolete hostkey: %s %s",
 		    sshkey_type(ctx->old_keys[i]), fp);
@@ -1905,7 +1905,7 @@ update_known_hosts(struct hostkeys_updat
 	    (r = hostfile_replace_entries(options.user_hostfiles[0],
 	    ctx->host_str, ctx->ip_str, ctx->keys, ctx->nkeys,
 	    options.hash_known_hosts, 0,
 -	    options.fingerprint_hash)) != 0)
 +	    options.fingerprint_hash[0])) != 0)
 		error("%s: hostfile_replace_entries failed: %s",
 		    __func__, ssh_err(r));
 }
@@ -2038,7 +2038,7 @@ client_input_hostkeys(void)
 			error("%s: parse key: %s", __func__, ssh_err(r));
 			goto out;
 		}
 -		fp = sshkey_fingerprint(key, options.fingerprint_hash,
 +		fp = sshkey_fingerprint(key, options.fingerprint_hash[0],
 		    SSH_FP_DEFAULT);
 		debug3("%s: received %s key %s", __func__,
 		    sshkey_type(key), fp);
 diff -up openssh/readconf.c.fingerprint openssh/readconf.c
 --- openssh/readconf.c.fingerprint	2017-09-26 15:21:22.618477921 +0200
 +++ openssh/readconf.c	2017-09-26 15:21:22.621477937 +0200
@@ -1681,16 +1681,18 @@ parse_keytypes:
 		goto parse_string;
 	case oFingerprintHash:
 -		intptr = &options->fingerprint_hash;
 -		arg = strdelim(&s);
 -		if (!arg || *arg == '\0')
 -			fatal("%.200s line %d: Missing argument.",
 -			    filename, linenum);
 -		if ((value = ssh_digest_alg_by_name(arg)) == -1)
 -			fatal("%.200s line %d: Invalid hash algorithm \"%s\".",
 -			    filename, linenum, arg);
 -		if (*activep && *intptr == -1)
 -			*intptr = value;
 +		if (*activep && options->num_fingerprint_hash == 0)
 +			while ((arg = strdelim(&s)) != NULL && *arg != '\0') {
 +				value = ssh_digest_alg_by_name(arg);
 +				if (value == -1)
 +					fatal("%s line %d: unknown fingerprints algorithm specs: %s.",
 +						filename, linenum, arg);
 +				if (options->num_fingerprint_hash >= SSH_DIGEST_MAX)
 +					fatal("%s line %d: too many fingerprints algorithm specs.",
 +						filename, linenum);
 +				options->fingerprint_hash[
 +					options->num_fingerprint_hash++] = value;
 +			}
 		break;
 	case oUpdateHostkeys:
@@ -1917,7 +1919,7 @@ initialize_options(Options * options)
 	options->canonicalize_fallback_local = -1;
 	options->canonicalize_hostname = -1;
 	options->revoked_host_keys = NULL;
 -	options->fingerprint_hash = -1;
 +	options->num_fingerprint_hash = 0;
 	options->update_hostkeys = -1;
 	options->hostbased_key_types = NULL;
 	options->pubkey_key_types = NULL;
@@ -2096,8 +2098,10 @@ fill_default_options(Options * options)
 		options->canonicalize_fallback_local = 1;
 	if (options->canonicalize_hostname == -1)
 		options->canonicalize_hostname = SSH_CANONICALISE_NO;
 -	if (options->fingerprint_hash == -1)
 -		options->fingerprint_hash = SSH_FP_HASH_DEFAULT;
 +	if (options->num_fingerprint_hash == 0) {
 +		options->fingerprint_hash[options->num_fingerprint_hash++] = SSH_DIGEST_SHA256;
 +		options->fingerprint_hash[options->num_fingerprint_hash++] = SSH_DIGEST_MD5;
 +	}
 	if (options->update_hostkeys == -1)
 		options->update_hostkeys = 0;
 	if (kex_assemble_names(KEX_CLIENT_ENCRYPT, &options->ciphers) != 0 ||
@@ -2474,6 +2478,17 @@ dump_cfg_strarray(OpCodes code, u_int co
 }
 static void
 +dump_cfg_fmtarray(OpCodes code, u_int count, int *vals)
 +{
 +	u_int i;
 +
 +	printf("%s", lookup_opcode_name(code));
 +	for (i = 0; i < count; i++)
 +		printf(" %s", fmt_intarg(code, vals[i]));
 +	printf("\n");
 +}
 +
 +static void
 dump_cfg_strarray_oneline(OpCodes code, u_int count, char **vals)
 {
 	u_int i;
@@ -2549,7 +2564,6 @@ dump_client_config(Options *o, const cha
 	dump_cfg_fmtint(oEnableSSHKeysign, o->enable_ssh_keysign);
 	dump_cfg_fmtint(oClearAllForwardings, o->clear_forwardings);
 	dump_cfg_fmtint(oExitOnForwardFailure, o->exit_on_forward_failure);
 -	dump_cfg_fmtint(oFingerprintHash, o->fingerprint_hash);
 	dump_cfg_fmtint(oForwardAgent, o->forward_agent);
 	dump_cfg_fmtint(oForwardX11, o->forward_x11);
 	dump_cfg_fmtint(oForwardX11Trusted, o->forward_x11_trusted);
@@ -2618,6 +2632,7 @@ dump_client_config(Options *o, const cha
 	dump_cfg_strarray_oneline(oGlobalKnownHostsFile, o->num_system_hostfiles, o->system_hostfiles);
 	dump_cfg_strarray_oneline(oUserKnownHostsFile, o->num_user_hostfiles, o->user_hostfiles);
 	dump_cfg_strarray(oSendEnv, o->num_send_env, o->send_env);
 +	dump_cfg_fmtarray(oFingerprintHash, o->num_fingerprint_hash, o->fingerprint_hash);
 	/* Special cases */
 diff -up openssh/readconf.h.fingerprint openssh/readconf.h
 --- openssh/readconf.h.fingerprint	2017-09-26 15:21:22.618477921 +0200
 +++ openssh/readconf.h	2017-09-26 15:21:22.621477937 +0200
@@ -21,6 +21,7 @@
 #define MAX_SEND_ENV		256
 #define SSH_MAX_HOSTS_FILES	32
 #define MAX_CANON_DOMAINS	32
 +#define MAX_SSH_DIGESTS	32
 #define PATH_MAX_SUN		(sizeof((struct sockaddr_un *)0)->sun_path)
 struct allowed_cname {
@@ -157,7 +158,8 @@ typedef struct {
 	char	*revoked_host_keys;
 -	int	 fingerprint_hash;
 +	int num_fingerprint_hash;
 +	int 	fingerprint_hash[MAX_SSH_DIGESTS];
 	int	 update_hostkeys; /* one of SSH_UPDATE_HOSTKEYS_* */
 diff -up openssh/ssh_config.5.fingerprint openssh/ssh_config.5
 --- openssh/ssh_config.5.fingerprint	2017-09-26 15:21:22.618477921 +0200
 +++ openssh/ssh_config.5	2017-09-26 15:21:22.621477937 +0200
@@ -624,12 +624,13 @@ or
 .Cm no
 (the default).
 .It Cm FingerprintHash
 -Specifies the hash algorithm used when displaying key fingerprints.
 +Specifies the hash algorithms used when displaying key fingerprints.
 Valid options are:
 .Cm md5
 and
 -.Cm sha256
 -(the default).
 +.Cm sha256 .
 +The default is
 +.Cm "sha256 md5".
 .It Cm ForwardAgent
 Specifies whether the connection to the authentication agent (if any)
 will be forwarded to the remote machine.
 diff -up openssh/sshconnect2.c.fingerprint openssh/sshconnect2.c
 --- openssh/sshconnect2.c.fingerprint	2017-09-26 15:21:22.619477926 +0200
 +++ openssh/sshconnect2.c	2017-09-26 15:21:50.677628003 +0200
@@ -679,7 +679,7 @@ input_userauth_pk_ok(int type, u_int32_t
 		    key->type, pktype);
 		goto done;
 	}
 -	if ((fp = sshkey_fingerprint(key, options.fingerprint_hash,
 +	if ((fp = sshkey_fingerprint(key, options.fingerprint_hash[0],
 	    SSH_FP_DEFAULT)) == NULL)
 		goto done;
 	debug2("input_userauth_pk_ok: fp %s", fp);
@@ -1198,7 +1198,7 @@ sign_and_send_pubkey(Authctxt *authctxt,
 	int matched, ret = -1, have_sig = 1;
 	char *fp;
 -	if ((fp = sshkey_fingerprint(id->key, options.fingerprint_hash,
 +	if ((fp = sshkey_fingerprint(id->key, options.fingerprint_hash[0],
 	    SSH_FP_DEFAULT)) == NULL)
 		return 0;
 	debug3("%s: %s %s", __func__, key_type(id->key), fp);
@@ -1620,7 +1620,7 @@ userauth_pubkey(Authctxt *authctxt)
 		if (id->key != NULL) {
 			if (try_identity(id)) {
 				if ((fp = sshkey_fingerprint(id->key,
 -				    options.fingerprint_hash,
 +				    options.fingerprint_hash[0],
 				    SSH_FP_DEFAULT)) == NULL) {
 					error("%s: sshkey_fingerprint failed",
 					    __func__);
@@ -1914,7 +1914,7 @@ userauth_hostbased(Authctxt *authctxt)
 		goto out;
 	}
 -	if ((fp = sshkey_fingerprint(private, options.fingerprint_hash,
 +	if ((fp = sshkey_fingerprint(private, options.fingerprint_hash[0],
 	    SSH_FP_DEFAULT)) == NULL) {
 		error("%s: sshkey_fingerprint failed", __func__);
 		goto out;
 diff -up openssh/sshconnect.c.fingerprint openssh/sshconnect.c
 --- openssh/sshconnect.c.fingerprint	2017-09-25 01:48:10.000000000 +0200
 +++ openssh/sshconnect.c	2017-09-26 15:21:22.622477943 +0200
@@ -861,9 +861,9 @@ check_host_key(char *hostname, struct so
 				    "of known hosts.", type, ip);
 		} else if (options.visual_host_key) {
 			fp = sshkey_fingerprint(host_key,
 -			    options.fingerprint_hash, SSH_FP_DEFAULT);
 +			    options.fingerprint_hash[0], SSH_FP_DEFAULT);
 			ra = sshkey_fingerprint(host_key,
 -			    options.fingerprint_hash, SSH_FP_RANDOMART);
 +			    options.fingerprint_hash[0], SSH_FP_RANDOMART);
 			if (fp == NULL || ra == NULL)
 				fatal("%s: sshkey_fingerprint fail", __func__);
 			logit("Host key fingerprint is %s\n%s", fp, ra);
@@ -907,12 +907,6 @@ check_host_key(char *hostname, struct so
 			else
 				snprintf(msg1, sizeof(msg1), ".");
 			/* The default */
 -			fp = sshkey_fingerprint(host_key,
 -			    options.fingerprint_hash, SSH_FP_DEFAULT);
 -			ra = sshkey_fingerprint(host_key,
 -			    options.fingerprint_hash, SSH_FP_RANDOMART);
 -			if (fp == NULL || ra == NULL)
 -				fatal("%s: sshkey_fingerprint fail", __func__);
 			msg2[0] = '\0';
 			if (options.verify_host_key_dns) {
 				if (matching_host_key_dns)
@@ -926,16 +920,28 @@ check_host_key(char *hostname, struct so
 			}
 			snprintf(msg, sizeof(msg),
 			    "The authenticity of host '%.200s (%s)' can't be "
 -			    "established%s\n"
 -			    "%s key fingerprint is %s.%s%s\n%s"
 +			    "established%s\n", host, ip, msg1);
 +			for (i = 0; i < (u_int) options.num_fingerprint_hash; i++) {
 +				fp = sshkey_fingerprint(host_key,
 +				    options.fingerprint_hash[i], SSH_FP_DEFAULT);
 +				ra = sshkey_fingerprint(host_key,
 +				    options.fingerprint_hash[i], SSH_FP_RANDOMART);
 +				if (fp == NULL || ra == NULL)
 +					fatal("%s: sshkey_fingerprint fail", __func__);
 +				len = strlen(msg);
 +				snprintf(msg+len, sizeof(msg)-len,
 +				    "%s key fingerprint is %s.%s%s\n%s",
 +				    type, fp,
 +				    options.visual_host_key ? "\n" : "",
 +				    options.visual_host_key ? ra : "",
 +				    msg2);
 +				free(ra);
 +				free(fp);
 +			}
 +			len = strlen(msg);
 +			snprintf(msg+len, sizeof(msg)-len,
 			    "Are you sure you want to continue connecting "
 -			    "(yes/no)? ",
 -			    host, ip, msg1, type, fp,
 -			    options.visual_host_key ? "\n" : "",
 -			    options.visual_host_key ? ra : "",
 -			    msg2);
 -			free(ra);
 -			free(fp);
 +			    "(yes/no)? ");
 			if (!confirm(msg))
 				goto fail;
 			hostkey_trusted = 1; /* user explicitly confirmed */
@@ -1192,7 +1198,7 @@ verify_host_key(char *host, struct socka
 	struct sshkey *plain = NULL;
 	if ((fp = sshkey_fingerprint(host_key,
 -	    options.fingerprint_hash, SSH_FP_DEFAULT)) == NULL) {
 +	    options.fingerprint_hash[0], SSH_FP_DEFAULT)) == NULL) {
 		error("%s: fingerprint host key: %s", __func__, ssh_err(r));
 		r = -1;
 		goto out;
@@ -1200,7 +1206,7 @@ verify_host_key(char *host, struct socka
 	if (sshkey_is_cert(host_key)) {
 		if ((cafp = sshkey_fingerprint(host_key->cert->signature_key,
 -		    options.fingerprint_hash, SSH_FP_DEFAULT)) == NULL) {
 +		    options.fingerprint_hash[0], SSH_FP_DEFAULT)) == NULL) {
 			error("%s: fingerprint CA key: %s",
 			    __func__, ssh_err(r));
 			r = -1;
@@ -1369,9 +1375,9 @@ show_other_keys(struct hostkeys *hostkey
 		if (!lookup_key_in_hostkeys_by_type(hostkeys, type[i], &found))
 			continue;
 		fp = sshkey_fingerprint(found->key,
 -		    options.fingerprint_hash, SSH_FP_DEFAULT);
 +		    options.fingerprint_hash[0], SSH_FP_DEFAULT);
 		ra = sshkey_fingerprint(found->key,
 -		    options.fingerprint_hash, SSH_FP_RANDOMART);
 +		    options.fingerprint_hash[0], SSH_FP_RANDOMART);
 		if (fp == NULL || ra == NULL)
 			fatal("%s: sshkey_fingerprint fail", __func__);
 		logit("WARNING: %s key found for host %s\n"
@@ -1394,7 +1400,7 @@ warn_changed_key(struct sshkey *host_key
 {
 	char *fp;
 -	fp = sshkey_fingerprint(host_key, options.fingerprint_hash,
 +	fp = sshkey_fingerprint(host_key, options.fingerprint_hash[0],
 	    SSH_FP_DEFAULT);
 	if (fp == NULL)
 		fatal("%s: sshkey_fingerprint fail", __func__);
 diff -up openssh/ssh-keysign.c.fingerprint openssh/ssh-keysign.c
 --- openssh/ssh-keysign.c.fingerprint	2017-09-25 01:48:10.000000000 +0200
 +++ openssh/ssh-keysign.c	2017-09-26 15:21:22.622477943 +0200
@@ -285,7 +285,7 @@ main(int argc, char **argv)
 		}
 	}
 	if (!found) {
 -		if ((fp = sshkey_fingerprint(key, options.fingerprint_hash,
 +		if ((fp = sshkey_fingerprint(key, options.fingerprint_hash[0],
 		    SSH_FP_DEFAULT)) == NULL)
 			fatal("%s: sshkey_fingerprint failed", __progname);
 		fatal("no matching hostkey found for key %s %s",
--- a/openssh-7.1p1-gssapi-documentation.patch
+++ b/openssh-7.1p1-gssapi-documentation.patch
@ -49,4 +49,4 @@ diff -up openssh-7.4p1/sshd_config.5.gss-docs openssh-7.4p1/sshd_config.5
 +needs to be enabled in the server and also used by the client.
 .It Cm HostbasedAcceptedKeyTypes
 Specifies the key types that will be accepted for hostbased authentication
- as a comma-separated pattern list.
+ as a list of comma-separated patterns.
--- a/openssh-7.1p2-audit-race-condition.patch
+++ b/openssh-7.1p2-audit-race-condition.patch
@ -1,20 +1,21 @@
 diff -up openssh-7.4p1/monitor_wrap.c.audit-race openssh-7.4p1/monitor_wrap.c
 --- openssh-7.4p1/monitor_wrap.c.audit-race	2016-12-23 16:35:52.694685771 +0100
 +++ openssh-7.4p1/monitor_wrap.c	2016-12-23 16:35:52.697685772 +0100
-@@ -1107,4 +1107,48 @@ mm_audit_destroy_sensitive_data(const ch
+@@ -1107,4 +1107,50 @@ mm_audit_destroy_sensitive_data(const ch
- 	mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_AUDIT_SERVER_KEY_FREE, &m);
+ 	mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_AUDIT_SERVER_KEY_FREE, m);
- 	buffer_free(&m);
+ 	sshbuf_free(m);
 }
 +
 +int mm_forward_audit_messages(int fdin)
 +{
 +	u_char buf[4];
 +	u_int blen, msg_len;
-+	Buffer m;
+	struct sshbuf *m;
-+	int ret = 0;
+	int r, ret = 0;
 +
 +	debug3("%s: entering", __func__);
-+	buffer_init(&m);
+	if ((m = sshbuf_new()) == NULL)
 + 		fatal("%s: sshbuf_new failed", __func__);
 +	do {
 +		blen = atomicio(read, fdin, buf, sizeof(buf));
 +		if (blen == 0) /* closed pipe */
@ -28,21 +29,22 @@ diff -up openssh-7.4p1/monitor_wrap.c.audit-race openssh-7.4p1/monitor_wrap.c
 +		msg_len = get_u32(buf);
 +		if (msg_len > 256 * 1024)
 +			fatal("%s: read: bad msg_len %d", __func__, msg_len);
-+		buffer_clear(&m);
+		sshbuf_reset(m);
-+		buffer_append_space(&m, msg_len);
+		if ((r = sshbuf_reserve(m, msg_len, NULL)) != 0)
-+		if (atomicio(read, fdin, buffer_ptr(&m), msg_len) != msg_len) {
+			fatal("%s: buffer error: %s", __func__, ssh_err(r));
 +		if (atomicio(read, fdin, sshbuf_mutable_ptr(m), msg_len) != msg_len) {
 +			error("%s: Failed to read the the buffer content from the child", __func__);
 +			ret = -1;
 +			break;
 +		}
 +		if (atomicio(vwrite, pmonitor->m_recvfd, buf, blen) != blen || 
-+		    atomicio(vwrite, pmonitor->m_recvfd, buffer_ptr(&m), msg_len) != msg_len) {
+		    atomicio(vwrite, pmonitor->m_recvfd, sshbuf_mutable_ptr(m), msg_len) != msg_len) {
 +			error("%s: Failed to write the message to the monitor", __func__);
 +			ret = -1;
 +			break;
 +		}
 +	} while (1);
-+	buffer_free(&m);
+	sshbuf_free(m);
 +	return ret;
 +}
 +void mm_set_monitor_pipe(int fd)
@ -115,7 +117,7 @@ diff -up openssh-7.4p1/session.c.audit-race openssh-7.4p1/session.c
 		ret = do_exec_pty(ssh, s, command);
@@ -732,6 +745,20 @@ do_exec(Session *s, const char *command)
 	 */
- 	buffer_clear(&loginmsg);
+ 	sshbuf_reset(loginmsg);
 +#ifdef SSH_AUDIT_EVENTS
 +	close(paudit[1]);
--- a/openssh-7.3p1-openssl-1.1.0.patch
+++ b/openssh-7.3p1-openssl-1.1.0.patch
@ -136,7 +136,7 @@ diff -up openssh/dh.c.openssl openssh/dh.c
 	    need > INT_MAX / 2 || 2 * need > pbits)
 		return SSH_ERR_INVALID_ARGUMENT;
 	if (need < 256)
-@@ -271,10 +275,11 @@ dh_gen_key(DH *dh, int need)
+@@ -271,11 +275,11 @@ dh_gen_key(DH *dh, int need)
 	 * Pollard Rho, Big step/Little Step attacks are O(sqrt(n)),
 	 * so double requested need here.
 	 */
@ -144,6 +144,7 @@ diff -up openssh/dh.c.openssl openssh/dh.c
 -	if (DH_generate_key(dh) == 0 ||
 -	    !dh_pub_is_valid(dh, dh->pub_key)) {
 -		BN_clear_free(dh->priv_key);
 -		dh->priv_key = NULL;
 +	DH_set_length(dh, MINIMUM(need * 2, pbits - 1));
 +	if (DH_generate_key(dh) == 0)
 +		return SSH_ERR_LIBCRYPTO_ERROR;
@ -300,8 +301,8 @@ diff -up openssh/gss-genr.c.openssl openssh/gss-genr.c
 	if (gss_enc2oid != NULL) {
@@ -113,6 +113,7 @@ ssh_gssapi_kex_mechs(gss_OID_set gss_sup
- 
+ 	if ((buf = sshbuf_new()) == NULL)
- 	buffer_init(&buf);
+ 		fatal("%s: sshbuf_new failed", __func__);
 +	md = EVP_MD_CTX_new();
 	oidpos = 0;
@ -452,7 +453,7 @@ diff -up openssh/kexdhs.c.openssl openssh/kexdhs.c
 	    hash, &hashlen)) != 0)
 		goto out;
@@ -197,7 +203,7 @@ input_kex_dh_init(int type, u_int32_t se
- 	/* send server hostkey, DH pubkey 'f' and singed H */
+ 	/* send server hostkey, DH pubkey 'f' and signed H */
 	if ((r = sshpkt_start(ssh, SSH2_MSG_KEXDH_REPLY)) != 0 ||
 	    (r = sshpkt_put_string(ssh, server_host_key_blob, sbloblen)) != 0 ||
 -	    (r = sshpkt_put_bignum2(ssh, kex->dh->pub_key)) != 0 ||	/* f */
@ -599,7 +600,7 @@ diff -up openssh/kexgexs.c.openssl openssh/kexgexs.c
 	    hash, &hashlen)) != 0)
 		goto out;
@@ -227,7 +236,7 @@ input_kex_dh_gex_init(int type, u_int32_
- 	/* send server hostkey, DH pubkey 'f' and singed H */
+ 	/* send server hostkey, DH pubkey 'f' and signed H */
 	if ((r = sshpkt_start(ssh, SSH2_MSG_KEX_DH_GEX_REPLY)) != 0 ||
 	    (r = sshpkt_put_string(ssh, server_host_key_blob, sbloblen)) != 0 ||
 -	    (r = sshpkt_put_bignum2(ssh, kex->dh->pub_key)) != 0 ||     /* f */
@ -636,8 +637,8 @@ diff -up openssh/kexgssc.c.openssl openssh/kexgssc.c
 			} else {
 				packet_start(SSH2_MSG_KEXGSS_CONTINUE);
@@ -282,13 +284,14 @@ kexgss_client(struct ssh *ssh) {
- 		    buffer_ptr(ssh->kex->my), buffer_len(ssh->kex->my),
+ 		    sshbuf_ptr(ssh->kex->my), sshbuf_len(ssh->kex->my),
- 		    buffer_ptr(ssh->kex->peer), buffer_len(ssh->kex->peer),
+ 		    sshbuf_ptr(ssh->kex->peer), sshbuf_len(ssh->kex->peer),
 		    (serverhostkey ? serverhostkey : empty), slen,
 -		    dh->pub_key,	/* e */
 +		    pub_key,		/* e */
@ -652,7 +653,7 @@ diff -up openssh/kexgssc.c.openssl openssh/kexgssc.c
 		    ssh->kex->hash_alg,
 		    ssh->kex->client_version_string,
@@ -297,8 +300,8 @@ kexgss_client(struct ssh *ssh) {
- 		    buffer_ptr(ssh->kex->peer), buffer_len(ssh->kex->peer),
+ 		    sshbuf_ptr(ssh->kex->peer), sshbuf_len(ssh->kex->peer),
 		    (serverhostkey ? serverhostkey : empty), slen,
  		    min, nbits, max,
 -		    dh->p, dh->g,
@ -695,8 +696,8 @@ diff -up openssh/kexgsss.c.openssl openssh/kexgsss.c
 	switch (ssh->kex->kex_type) {
 	case KEX_GSS_GRP1_SHA1:
@@ -232,7 +235,7 @@ kexgss_server(struct ssh *ssh)
- 		    buffer_ptr(ssh->kex->peer), buffer_len(ssh->kex->peer),
+ 		    sshbuf_ptr(ssh->kex->peer), sshbuf_len(ssh->kex->peer),
- 		    buffer_ptr(ssh->kex->my), buffer_len(ssh->kex->my),
+ 		    sshbuf_ptr(ssh->kex->my), sshbuf_len(ssh->kex->my),
 		    NULL, 0, /* Change this if we start sending host keys */
 -		    dh_client_pub, dh->pub_key, shared_secret,
 +		    dh_client_pub, pub_key, shared_secret,
@ -704,7 +705,7 @@ diff -up openssh/kexgsss.c.openssl openssh/kexgsss.c
 		);
 		break;
@@ -244,9 +247,9 @@ kexgss_server(struct ssh *ssh)
- 		    buffer_ptr(ssh->kex->my), buffer_len(ssh->kex->my),
+ 		    sshbuf_ptr(ssh->kex->my), sshbuf_len(ssh->kex->my),
 		    NULL, 0,
 		    cmin, nbits, cmax,
 -		    dh->p, dh->g,
@ -1241,14 +1242,14 @@ diff -up openssh/monitor.c.openssl openssh/monitor.c
 +		const BIGNUM *p, *g;
 +
 +		DH_get0_pqg(dh, &p, NULL, &g);
- 		buffer_put_char(m, 1);
+ 		if ((r = sshbuf_put_u8(m, 1)) != 0 ||
-		buffer_put_bignum2(m, dh->p);
+-		    (r = sshbuf_put_bignum2(m, dh->p)) != 0 ||
-		buffer_put_bignum2(m, dh->g);
+-		    (r = sshbuf_put_bignum2(m, dh->g)) != 0)
-+		buffer_put_bignum2(m, p);
+		    (r = sshbuf_put_bignum2(m, p)) != 0 ||
-+		buffer_put_bignum2(m, g);
+		    (r = sshbuf_put_bignum2(m, g)) != 0)
 			fatal("%s: buffer error: %s", __func__, ssh_err(r));
 		DH_free(dh);
 	}
 diff -up openssh/openbsd-compat/openssl-compat.c.openssl openssh/openbsd-compat/openssl-compat.c
 --- openssh/openbsd-compat/openssl-compat.c.openssl	2017-09-19 06:26:43.000000000 +0200
 +++ openssh/openbsd-compat/openssl-compat.c	2017-09-26 13:19:31.799249709 +0200
@ -1404,17 +1405,6 @@ diff -up openssh/regress/unittests/sshkey/test_sshkey.c.openssl openssh/regress/
 	TEST_DONE();
 	TEST_START("equal KEY_DSA/demoted KEY_DSA");
 diff -up openssh/sshconnect2.c.openssl openssh/sshconnect2.c
 --- openssh/sshconnect2.c.openssl	2017-09-26 13:19:31.786249629 +0200
 +++ openssh/sshconnect2.c	2017-09-26 13:19:31.800249715 +0200
@@ -306,6 +306,7 @@ ssh_kex2(char *host, struct sockaddr *ho
 	packet_send();
 	packet_write_wait();
 #endif
 +	/* XXX free myproposal ?? */
 }
 /*
 diff -up openssh/ssh.c.openssl openssh/ssh.c
 --- openssh/ssh.c.openssl	2017-09-26 13:19:31.786249629 +0200
 +++ openssh/ssh.c	2017-09-26 13:19:31.800249715 +0200
--- a/openssh-7.3p1-x11-max-displays.patch
+++ b/openssh-7.3p1-x11-max-displays.patch
@ -10,8 +10,8 @@ diff -up openssh-7.4p1/channels.c.x11max openssh-7.4p1/channels.c
 +/* Minimum port number for X11 forwarding */
 +#define X11_PORT_MIN 6000
- /*
+ /* Per-channel callback for pre/post select() actions */
-  * Data structure for storing which hosts are permitted for forward requests.
+ typedef void chan_fn(struct ssh *, Channel *c,
@@ -4228,7 +4228,7 @@ channel_send_window_changes(void)
  */
 int
--- a/openssh-7.5p1-gssapi-kex-with-ec.patch
+++ b/openssh-7.5p1-gssapi-kex-with-ec.patch
@ -91,7 +91,7 @@ index 132df8b5..ed23f06d 100644
 +	case KEX_GSS_GRP16_SHA512:
 		kex_dh_hash(ssh->kex->hash_alg, ssh->kex->client_version_string, 
 		    ssh->kex->server_version_string,
- 		    buffer_ptr(ssh->kex->my), buffer_len(ssh->kex->my),
+		    sshbuf_ptr(ssh->kex->my), sshbuf_len(ssh->kex->my),
 diff --git a/kexgsss.c b/kexgsss.c
 index 82a715cc..b7da8823 100644
 --- a/kexgsss.c
@ -117,7 +117,7 @@ index 82a715cc..b7da8823 100644
 +	case KEX_GSS_GRP16_SHA512:
 		kex_dh_hash(ssh->kex->hash_alg,
 		    ssh->kex->client_version_string, ssh->kex->server_version_string,
- 		    buffer_ptr(ssh->kex->peer), buffer_len(ssh->kex->peer),
+		    sshbuf_ptr(ssh->kex->peer), sshbuf_len(ssh->kex->peer),
 diff --git a/monitor.c b/monitor.c
 index 17046936..d6bc7ac7 100644
 --- a/monitor.c
@ -674,8 +674,8 @@ index ed23f06d..bdb3109a 100644
 +		kex_c25519_hash(
 +		    kex->hash_alg,
 +		    kex->client_version_string, kex->server_version_string,
-+		    buffer_ptr(kex->my), buffer_len(kex->my),
+		    sshbuf_ptr(kex->my), sshbuf_len(kex->my),
-+		    buffer_ptr(kex->peer), buffer_len(kex->peer),
+		    sshbuf_ptr(kex->peer), sshbuf_len(kex->peer),
 +		    (serverhostkey ? serverhostkey : empty), slen,
 +		    kex->c25519_client_pubkey, server_pub,
 +		    sshbuf_ptr(c25519_shared_secret), sshbuf_len(c25519_shared_secret),
@ -1008,8 +1008,8 @@ index b7da8823..a7c42803 100644
 +		kex_c25519_hash(
 +		    kex->hash_alg,
 +		    kex->client_version_string, kex->server_version_string,
-+		    buffer_ptr(kex->peer), buffer_len(kex->peer),
+		    sshbuf_ptr(kex->peer), sshbuf_len(kex->peer),
-+		    buffer_ptr(kex->my), buffer_len(kex->my),
+		    sshbuf_ptr(kex->my), sshbuf_len(kex->my),
 +		    NULL, 0,
 +		    client_pub, c25519_server_pubkey,
 +		    sshbuf_ptr(c25519_shared_secret), sshbuf_len(c25519_shared_secret),
@ -1117,8 +1117,8 @@ index d6bc7ac7..b11616c8 100644
 		kex->load_host_public_key=&get_hostkey_public_by_type;
@@ -1867,7 +1869,8 @@ mm_answer_gss_sign(int socket, Buffer *m)
- 	data.value = buffer_get_string(m, &len);
+ 	if ((r = sshbuf_get_string(m, (u_char **)&data.value, &data.length)) != 0)
- 	data.length = len;
+ 		fatal("%s: buffer error: %s", __func__, ssh_err(r));
 -	if (data.length != 20) 
 +	/* Lengths of SHA-1, SHA-256 and SHA-512 hashes that are used */
 +	if (data.length != 20 && data.length != 32 && data.length != 64)
--- a/openssh-7.5p1-sandbox.patch
+++ b/openssh-7.5p1-sandbox.patch
@ -20,8 +20,8 @@ index ca75cc7..6e7de31 100644
 +#if defined(__NR_flock) && defined(__s390__)
 +	SC_ALLOW(__NR_flock),
 +#endif
- #ifdef __NR_getpgid
+ #ifdef __NR_geteuid
- 	SC_ALLOW(__NR_getpgid),
+ 	SC_ALLOW(__NR_geteuid),
 #endif
@@ -178,6 +181,9 @@ static const struct sock_filter preauth_insns[] = {
 #ifdef __NR_gettimeofday
@ -30,8 +30,8 @@ index ca75cc7..6e7de31 100644
 +#if defined(__NR_ipc) && defined(__s390__)
 +	SC_ALLOW(__NR_ipc),
 +#endif
- #ifdef __NR_madvise
+ #ifdef __NR_getuid
- 	SC_ALLOW(__NR_madvise),
+ 	SC_ALLOW(__NR_getuid),
 #endif
 -- 
 1.9.1
--- a/openssh-7.6p1-audit.patch
+++ b/openssh-7.6p1-audit.patch
@ -77,16 +77,8 @@ diff -up openssh-7.6p1/audit-bsm.c.audit openssh-7.6p1/audit-bsm.c
 diff -up openssh-7.6p1/audit.c.audit openssh-7.6p1/audit.c
 --- openssh-7.6p1/audit.c.audit	2017-10-02 21:34:26.000000000 +0200
 +++ openssh-7.6p1/audit.c	2017-10-04 17:18:32.834505048 +0200
@@ -26,6 +26,7 @@
 #include <stdarg.h>
 #include <string.h>
 +#include <unistd.h>
 #ifdef SSH_AUDIT_EVENTS
@@ -34,6 +35,12 @@
- #include "key.h"
+ #include "log.h"
 #include "hostfile.h"
 #include "auth.h"
 +#include "ssh-gss.h"
@ -127,7 +119,7 @@ diff -up openssh-7.6p1/audit.c.audit openssh-7.6p1/audit.c
 }
 +void
-+audit_key(int host_user, int *rv, const Key *key)
+audit_key(int host_user, int *rv, const struct sshkey *key)
 +{
 +	char *fp;
 +
@ -268,7 +260,7 @@ diff -up openssh-7.6p1/audit.h.audit openssh-7.6p1/audit.h
 # define _SSH_AUDIT_H
 #include "loginrec.h"
-+#include "key.h"
+#include "sshkey.h"
 enum ssh_audit_event_type {
 	SSH_LOGIN_EXCEED_MAXTRIES,
@ -296,7 +288,7 @@ diff -up openssh-7.6p1/audit.h.audit openssh-7.6p1/audit.h
 +void 	audit_end_command(int, const char *);
 ssh_audit_event_t audit_classify_auth(const char *);
 +int	audit_keyusage(int, char *, int);
-+void	audit_key(int, int *, const Key *);
+void	audit_key(int, int *, const struct sshkey *);
 +void	audit_unsupported(int);
 +void	audit_kex(int, char *, char *, char *, char *);
 +void	audit_unsupported_body(int);
@ -313,7 +305,7 @@ diff -up openssh-7.6p1/audit-linux.c.audit openssh-7.6p1/audit-linux.c
 #include "log.h"
 #include "audit.h"
-+#include "key.h"
+#include "sshkey.h"
 +#include "hostfile.h"
 +#include "auth.h"
 +#include "misc.h"      /* servconf.h needs misc.h for struct ForwardOptions */
@ -596,8 +588,8 @@ diff -up openssh-7.6p1/audit-linux.c.audit openssh-7.6p1/audit-linux.c
 +const static char *direction[] = { "from-server", "from-client", "both" };
 +
 +void
-+audit_kex_body(int ctos, char *enc, char *mac, char *compress, char *pfs, pid_t pid,
+audit_kex_body(int ctos, char *enc, char *mac, char *compress,
-+	       uid_t uid)
+    char *pfs, pid_t pid, uid_t uid)
 +{
 +#ifdef AUDIT_CRYPTO_SESSION
 +	char buf[AUDIT_LOG_SIZE];
@ -786,11 +778,11 @@ diff -up openssh-7.6p1/auth2-pubkey.c.audit openssh-7.6p1/auth2-pubkey.c
 		/* test for correct signature */
 		authenticated = 0;
 		if (PRIVSEP(user_key_allowed(ssh, pw, key, 1, &authopts)) &&
-		    PRIVSEP(sshkey_verify(key, sig, slen, sshbuf_ptr(b),
+-		    PRIVSEP(sshkey_verify(key, sig, slen,
-+		    PRIVSEP(user_key_verify(key, sig, slen, sshbuf_ptr(b),
+		    PRIVSEP(user_key_verify(key, sig, slen,
- 		    sshbuf_len(b), NULL, ssh->compat)) == 0) {
+ 		    sshbuf_ptr(b), sshbuf_len(b),
- 			authenticated = 1;
+ 		    (ssh->compat & SSH_BUG_SIGTYPE) == 0 ? pkalg : NULL,
- 		}
+ 		    ssh->compat)) == 0) {
@@ -250,6 +250,19 @@ done:
 	return authenticated;
 }
@ -882,7 +874,7 @@ diff -up openssh-7.6p1/cipher.c.audit openssh-7.6p1/cipher.c
 -
 static const struct sshcipher ciphers[] = {
 #ifdef WITH_OPENSSL
- 	{ "3des-cbc",		8, 24, 0, 0, CFLAG_CBC, EVP_des_ede3_cbc },
+ #ifndef OPENSSL_NO_DES
@@ -409,7 +409,7 @@ cipher_get_length(struct sshcipher_ctx *
 void
 cipher_free(struct sshcipher_ctx *cc)
@ -1032,17 +1024,6 @@ diff -up openssh-7.6p1/kex.h.audit openssh-7.6p1/kex.h
 int	 kex_dh_hash(int, const char *, const char *,
     const u_char *, size_t, const u_char *, size_t, const u_char *, size_t,
     const BIGNUM *, const BIGNUM *, const BIGNUM *, u_char *, size_t *);
 diff -up openssh-7.6p1/key.h.audit openssh-7.6p1/key.h
 --- openssh-7.6p1/key.h.audit	2017-10-02 21:34:26.000000000 +0200
 +++ openssh-7.6p1/key.h	2017-10-04 17:18:32.836505059 +0200
@@ -43,6 +43,7 @@ typedef struct sshkey Key;
 #define key_ssh_name_plain	sshkey_ssh_name_plain
 #define key_type_from_name	sshkey_type_from_name
 #define key_is_cert		sshkey_is_cert
 +#define key_is_private		sshkey_is_private
 #define key_type_plain		sshkey_type_plain
 #endif
 diff -up openssh-7.6p1/mac.c.audit openssh-7.6p1/mac.c
 --- openssh-7.6p1/mac.c.audit	2017-10-02 21:34:26.000000000 +0200
 +++ openssh-7.6p1/mac.c	2017-10-04 17:18:32.836505059 +0200
@ -1102,7 +1083,7 @@ diff -up openssh-7.6p1/monitor.c.audit openssh-7.6p1/monitor.c
 #include "ssherr.h"
@@ -117,6 +118,8 @@ extern Buffer auth_debug;
- extern Buffer loginmsg;
+ extern struct sshbuf *loginmsg;
 extern struct sshauthopt *auth_opts; /* XXX move to permanent ssh->authctxt? */
 +extern void destroy_sensitive_data(int);
@ -1112,13 +1093,13 @@ diff -up openssh-7.6p1/monitor.c.audit openssh-7.6p1/monitor.c
@@ -167,6 +170,11 @@ int mm_answer_gss_updatecreds(int, Buffe
 #ifdef SSH_AUDIT_EVENTS
- int mm_answer_audit_event(int, Buffer *);
+ int mm_answer_audit_event(int, struct sshbuf *);
- int mm_answer_audit_command(int, Buffer *);
+ int mm_answer_audit_command(int, struct sshbuf *);
-+int mm_answer_audit_end_command(int, Buffer *);
+int mm_answer_audit_end_command(int, struct sshbuf *);
-+int mm_answer_audit_unsupported_body(int, Buffer *);
+int mm_answer_audit_unsupported_body(int, struct sshbuf *);
-+int mm_answer_audit_kex_body(int, Buffer *);
+int mm_answer_audit_kex_body(int, struct sshbuf *);
-+int mm_answer_audit_session_key_free_body(int, Buffer *);
+int mm_answer_audit_session_key_free_body(int, struct sshbuf *);
-+int mm_answer_audit_server_key_free(int, Buffer *);
+int mm_answer_audit_server_key_free(int, struct sshbuf *);
 #endif
 static int monitor_read_log(struct monitor *);
@ -1145,16 +1126,18 @@ diff -up openssh-7.6p1/monitor.c.audit openssh-7.6p1/monitor.c
 #endif
     {0, 0, NULL}
 };
-@@ -1396,7 +1413,9 @@ mm_answer_keyverify(int sock, struct ssh
+@@ -1396,8 +1413,10 @@ mm_answer_keyverify(int sock, struct ssh
 	char *sigalg;
 	size_t signaturelen, datalen, bloblen;
 	int r, ret, valid_data = 0, encoded_ret;
 +	int type = 0;
-+	type = buffer_get_int(m);
+-	if ((r = sshbuf_get_string(m, &blob, &bloblen)) != 0 ||
- 	if ((r = sshbuf_get_string(m, &blob, &bloblen)) != 0 ||
+	if ((r = sshbuf_get_u32(m, &type)) != 0 ||
 +	    (r = sshbuf_get_string(m, &blob, &bloblen)) != 0 ||
 	    (r = sshbuf_get_string(m, &signature, &signaturelen)) != 0 ||
 	    (r = sshbuf_get_string(m, &data, &datalen)) != 0 ||
 	    (r = sshbuf_get_cstring(m, &sigalg, NULL)) != 0)
@@ -1405,6 +1424,8 @@ mm_answer_keyverify(int sock, struct ssh
 	if (hostbased_cuser == NULL || hostbased_chost == NULL ||
 	  !monitor_allowed_key(blob, bloblen))
@ -1213,14 +1196,15 @@ diff -up openssh-7.6p1/monitor.c.audit openssh-7.6p1/monitor.c
 	while (waitpid(pmonitor->m_pid, &status, 0) == -1)
 		if (errno != EINTR)
 			exit(1);
-@@ -1630,11 +1662,45 @@ mm_answer_audit_command(int socket, Buff
+@@ -1630,12 +1662,47 @@ mm_answer_audit_command(int socket, Buff
 {
 	u_int len;
 	char *cmd;
 	int r;
 +	Session *s;
 	debug3("%s entering", __func__);
- 	cmd = buffer_get_string(m, &len);
+ 	if ((r = sshbuf_get_cstring(m, &cmd, NULL)) != 0)
 		fatal("%s: buffer error: %s", __func__, ssh_err(r));
 +
 	/* sanity check command, if so how? */
 -	audit_run_command(cmd);
@ -1232,8 +1216,8 @@ diff -up openssh-7.6p1/monitor.c.audit openssh-7.6p1/monitor.c
 +	s->command_handle = audit_run_command(cmd);
 +#endif
 +
-+	buffer_clear(m);
+	sshbuf_reset(m);
-+	buffer_put_int(m, s->self);
+	sshbuf_put_u32(m, s->self);
 +
 +	mm_request_send(socket, MONITOR_ANS_AUDIT_COMMAND, m);
 +
@ -1241,16 +1225,17 @@ diff -up openssh-7.6p1/monitor.c.audit openssh-7.6p1/monitor.c
 +}
 +
 +int
-+mm_answer_audit_end_command(int socket, Buffer *m)
+mm_answer_audit_end_command(int socket, struct sshbuf *m)
 +{
-+	int handle;
+	int handle, r;
-+	u_int len;
+	size_t len;
-+	char *cmd;
+	u_char *cmd = NULL;
 +	Session *s;
 +
 +	debug3("%s entering", __func__);
-+	handle = buffer_get_int(m);
+	if ((r = sshbuf_get_u32(m, &handle)) != 0 ||
-+	cmd = buffer_get_string(m, &len);
+	    (r = sshbuf_get_string(m, &cmd, &len)) != 0)
 +		fatal("%s: buffer error: %s", __func__, ssh_err(r));
 +
 +	s = session_by_id(handle);
 +	if (s == NULL || s->ttyfd != -1 || s->command == NULL ||
@ -1264,7 +1249,7 @@ diff -up openssh-7.6p1/monitor.c.audit openssh-7.6p1/monitor.c
 void
 mm_get_keystate(struct monitor *pmonitor)
 {
-+	Buffer m;
+	struct sshbuf *m;
 	debug3("%s: Waiting for new keys", __func__);
 	if ((child_state = sshbuf_new()) == NULL)
@ -1274,11 +1259,11 @@ diff -up openssh-7.6p1/monitor.c.audit openssh-7.6p1/monitor.c
 	debug3("%s: GOT new keys", __func__);
 +
 +#ifdef SSH_AUDIT_EVENTS
-+	buffer_init(&m);
+	m = sshbuf_new();
 +	mm_request_receive_expect(pmonitor->m_sendfd,
-+				  MONITOR_REQ_AUDIT_SESSION_KEY_FREE, &m);
+				  MONITOR_REQ_AUDIT_SESSION_KEY_FREE, m);
-+	mm_answer_audit_session_key_free_body(pmonitor->m_sendfd, &m);
+	mm_answer_audit_session_key_free_body(pmonitor->m_sendfd, m);
-+	buffer_free(&m);
+	sshbuf_free(m);
 +#endif
 +
 +	/* Drain any buffered messages from the child */
@ -1288,41 +1273,47 @@ diff -up openssh-7.6p1/monitor.c.audit openssh-7.6p1/monitor.c
 }
-@@ -1976,3 +2056,86 @@ mm_answer_gss_updatecreds(int socket, Bu
+@@ -1976,3 +2056,102 @@ mm_answer_gss_updatecreds(int socket, Bu
 #endif /* GSSAPI */
 +#ifdef SSH_AUDIT_EVENTS
 +int
-+mm_answer_audit_unsupported_body(int sock, Buffer *m)
+mm_answer_audit_unsupported_body(int sock, struct sshbuf *m)
 +{
-+	int what;
+	int what, r;
 +
-+	what = buffer_get_int(m);
+	if ((r = sshbuf_get_u32(m, &what)) != 0)
 +		fatal("%s: buffer error: %s", __func__, ssh_err(r));
 +
 +	audit_unsupported_body(what);
 +
-+	buffer_clear(m);
+	sshbuf_reset(m);
 +
 +	mm_request_send(sock, MONITOR_ANS_AUDIT_UNSUPPORTED, m);
 +	return 0;
 +}
 +
 +int
-+mm_answer_audit_kex_body(int sock, Buffer *m)
+mm_answer_audit_kex_body(int sock, struct sshbuf *m)
 +{
-+	int ctos, len;
+	int ctos, r;
 +	char *cipher, *mac, *compress, *pfs;
 +	u_int64_t tmp;
 +	pid_t pid;
 +	uid_t uid;
 +
-+	ctos = buffer_get_int(m);
+	if ((r = sshbuf_get_u32(m, &ctos)) != 0 ||
-+	cipher = buffer_get_string(m, &len);
+	    (r = sshbuf_get_cstring(m, &cipher, NULL)) != 0 ||
-+	mac = buffer_get_string(m, &len);
+	    (r = sshbuf_get_cstring(m, &mac, NULL)) != 0 ||
-+	compress = buffer_get_string(m, &len);
+	    (r = sshbuf_get_cstring(m, &compress, NULL)) != 0 ||
-+	pfs = buffer_get_string(m, &len);
+	    (r = sshbuf_get_cstring(m, &pfs, NULL)) != 0 ||
-+	pid = buffer_get_int64(m);
+	    (r = sshbuf_get_u64(m, &tmp)) != 0)
-+	uid = buffer_get_int64(m);
+		fatal("%s: buffer error: %s", __func__, ssh_err(r));
 +	pid = (pid_t) tmp;
 +	if ((r = sshbuf_get_u64(m, &tmp)) != 0)
 +		fatal("%s: buffer error: %s", __func__, ssh_err(r));
 +	uid = (pid_t) tmp;
 +
 +	audit_kex_body(ctos, cipher, mac, compress, pfs, pid, uid);
 +
@ -1330,47 +1321,57 @@ diff -up openssh-7.6p1/monitor.c.audit openssh-7.6p1/monitor.c
 +	free(mac);
 +	free(compress);
 +	free(pfs);
-+	buffer_clear(m);
+	sshbuf_reset(m);
 +
 +	mm_request_send(sock, MONITOR_ANS_AUDIT_KEX, m);
 +	return 0;
 +}
 +
 +int
-+mm_answer_audit_session_key_free_body(int sock, Buffer *m)
+mm_answer_audit_session_key_free_body(int sock, struct sshbuf *m)
 +{
-+	int ctos;
+	int ctos, r;
 +	u_int64_t tmp;
 +	pid_t pid;
 +	uid_t uid;
 +
-+	ctos = buffer_get_int(m);
+	if ((r = sshbuf_get_u32(m, &ctos)) != 0 ||
-+	pid = buffer_get_int64(m);
+	    (r = sshbuf_get_u64(m, &tmp)) != 0)
-+	uid = buffer_get_int64(m);
+		fatal("%s: buffer error: %s", __func__, ssh_err(r));
 +	pid = (pid_t) tmp;
 +	if ((r = sshbuf_get_u64(m, &tmp)) != 0)
 +		fatal("%s: buffer error: %s", __func__, ssh_err(r));
 +	uid = (uid_t) tmp;
 +
 +	audit_session_key_free_body(ctos, pid, uid);
 +
-+	buffer_clear(m);
+	sshbuf_reset(m);
 +
 +	mm_request_send(sock, MONITOR_ANS_AUDIT_SESSION_KEY_FREE, m);
 +	return 0;
 +}
 +
 +int
-+mm_answer_audit_server_key_free(int sock, Buffer *m)
+mm_answer_audit_server_key_free(int sock, struct sshbuf *m)
 +{
-+	int len;
+	size_t len, r;
 +	char *fp;
 +	u_int64_t tmp;
 +	pid_t pid;
 +	uid_t uid;
 +
-+	fp = buffer_get_string(m, &len);
+	if ((r = sshbuf_get_cstring(m, &fp, &len)) != 0 ||
-+	pid = buffer_get_int64(m);
+	    (r = sshbuf_get_u64(m, &tmp)) != 0)
-+	uid = buffer_get_int64(m);
+		fatal("%s: buffer error: %s", __func__, ssh_err(r));
 +	pid = (pid_t) tmp;
 +	if ((r = sshbuf_get_u64(m, &tmp)) != 0)
 +		fatal("%s: buffer error: %s", __func__, ssh_err(r));
 +	uid = (uid_t) tmp;
 +
 +	audit_destroy_sensitive_data(fp, pid, uid);
 +
 +	free(fp);
-+	buffer_clear(m);
+	sshbuf_reset(m);
 +
 +	return 0;
 +}
@ -1404,15 +1405,17 @@ diff -up openssh-7.6p1/monitor_wrap.c.audit openssh-7.6p1/monitor_wrap.c
 +mm_sshkey_verify(enum mm_keytype type, const struct sshkey *key, const u_char *sig, size_t siglen,
     const u_char *data, size_t datalen, const char *sigalg, u_int compat)
 {
- 	Buffer m;
+ 	struct sshbuf *m;
-@@ -478,6 +478,7 @@ mm_sshkey_verify(const struct sshkey *ke
+@@ -478,7 +478,8 @@ mm_sshkey_verify(const struct sshkey *ke
 		return (0);
- 	buffer_init(&m);
+ 	if ((m = sshbuf_new()) == NULL)
-+	buffer_put_int(&m, type);
+ 		fatal("%s: sshbuf_new failed", __func__);
- 	buffer_put_string(&m, blob, len);
+-	if ((r = sshkey_puts(key, m)) != 0 ||
- 	buffer_put_string(&m, sig, siglen);
+	if ((r = sshbuf_put_u32(m, type)) != 0 ||
- 	buffer_put_string(&m, data, datalen);
+	    (r = sshkey_puts(key, m)) != 0 ||
 	    (r = sshbuf_put_string(m, sig, siglen)) != 0 ||
 	    (r = sshbuf_put_string(m, data, datalen)) != 0 ||
 	    (r = sshbuf_put_cstring(m, sigalg == NULL ? "" : sigalg)) != 0)
@@ -497,6 +498,20 @@ mm_sshkey_verify(const struct sshkey *ke
 	return 0;
 }
@ -1434,27 +1437,29 @@ diff -up openssh-7.6p1/monitor_wrap.c.audit openssh-7.6p1/monitor_wrap.c
 void
 mm_send_keystate(struct monitor *monitor)
 {
-@@ -874,10 +889,11 @@ mm_audit_event(ssh_audit_event_t event)
+@@ -874,11 +889,12 @@ mm_audit_event(ssh_audit_event_t event)
- 	buffer_free(&m);
+ 	sshbuf_free(m);
 }
 -void
 +int
 mm_audit_run_command(const char *command)
 {
- 	Buffer m;
+ 	struct sshbuf *m;
 	int r;
 +	int handle;
 	debug3("%s entering command %s", __func__, command);
-@@ -885,6 +901,26 @@ mm_audit_run_command(const char *command
+@@ -885,6 +901,30 @@ mm_audit_run_command(const char *command
- 	buffer_put_cstring(&m, command);
+ 		fatal("%s: buffer error: %s", __func__, ssh_err(r));
- 	mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_AUDIT_COMMAND, &m);
+ 	mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_AUDIT_COMMAND, m);
-+	mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_AUDIT_COMMAND, &m);
+	mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_AUDIT_COMMAND, m);
 +
-+	handle = buffer_get_int(&m);
+	if ((r = sshbuf_get_u32(m, &handle)) != 0)
-+	buffer_free(&m);
+		fatal("%s: buffer error: %s", __func__, ssh_err(r));
 +	sshbuf_free(m);
 +
 +	return (handle);
 +}
@ -1462,87 +1467,103 @@ diff -up openssh-7.6p1/monitor_wrap.c.audit openssh-7.6p1/monitor_wrap.c
 +void
 +mm_audit_end_command(int handle, const char *command)
 +{
-+	Buffer m;
+	int r;
 +	struct sshbuf *m;
 +
 +	debug3("%s entering command %s", __func__, command);
 +
-+	buffer_init(&m);
+ 	if ((m = sshbuf_new()) == NULL)
-+	buffer_put_int(&m, handle);
+ 		fatal("%s: sshbuf_new failed", __func__);
-+	buffer_put_cstring(&m, command);
+	if ((r = sshbuf_put_u32(m, handle)) != 0 ||
 +	    (r = sshbuf_put_cstring(m, command)) != 0)
 +		fatal("%s: buffer error: %s", __func__, ssh_err(r));
 +
-+	mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_AUDIT_END_COMMAND, &m);
+	mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_AUDIT_END_COMMAND, m);
- 	buffer_free(&m);
+ 	sshbuf_free(m);
 }
 #endif /* SSH_AUDIT_EVENTS */
-@@ -1020,3 +1056,70 @@ mm_ssh_gssapi_update_creds(ssh_gssapi_cc
+@@ -1020,3 +1056,83 @@ mm_ssh_gssapi_update_creds(ssh_gssapi_cc
- 
+ 	return (ok);
 }
 #endif /* GSSAPI */
 +#ifdef SSH_AUDIT_EVENTS
 +void
 +mm_audit_unsupported_body(int what)
 +{
-+	Buffer m;
+	int r;
 +	struct sshbuf *m;
 +
-+	buffer_init(&m);
+ 	if ((m = sshbuf_new()) == NULL)
-+	buffer_put_int(&m, what);
+ 		fatal("%s: sshbuf_new failed", __func__);
 +	if ((r = sshbuf_put_u32(m, what)) != 0)
 +		fatal("%s: buffer error: %s", __func__, ssh_err(r));
 +
-+	mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_AUDIT_UNSUPPORTED, &m);
+	mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_AUDIT_UNSUPPORTED, m);
 +	mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_AUDIT_UNSUPPORTED,
-+				  &m);
+				  m);
 +
-+	buffer_free(&m);
+	sshbuf_free(m);
 +}
 +
 +void
 +mm_audit_kex_body(int ctos, char *cipher, char *mac, char *compress, char *fps, pid_t pid,
 +		  uid_t uid)
 +{
-+	Buffer m;
+	int r;
 +	struct sshbuf *m;
 +
-+	buffer_init(&m);
+ 	if ((m = sshbuf_new()) == NULL)
-+	buffer_put_int(&m, ctos);
+ 		fatal("%s: sshbuf_new failed", __func__);
-+	buffer_put_cstring(&m, cipher);
+	if ((r = sshbuf_put_u32(m, ctos)) != 0 ||
-+	buffer_put_cstring(&m, (mac ? mac : "<implicit>"));
+	    (r = sshbuf_put_cstring(m, cipher)) != 0 ||
-+	buffer_put_cstring(&m, compress);
+	    (r = sshbuf_put_cstring(m, (mac ? mac : "<implicit>"))) != 0 ||
-+	buffer_put_cstring(&m, fps);
+	    (r = sshbuf_put_cstring(m, compress)) != 0 ||
-+	buffer_put_int64(&m, pid);
+	    (r = sshbuf_put_cstring(m, fps)) != 0 ||
-+	buffer_put_int64(&m, uid);
+	    (r = sshbuf_put_u64(m, pid)) != 0 ||
 +	    (r = sshbuf_put_u64(m, uid)) != 0)
 +		fatal("%s: buffer error: %s", __func__, ssh_err(r));
 +
-+	mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_AUDIT_KEX, &m);
+	mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_AUDIT_KEX, m);
 +	mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_AUDIT_KEX,
-+				  &m);
+				  m);
 +
-+	buffer_free(&m);
+	sshbuf_free(m);
 +}
 +
 +void
 +mm_audit_session_key_free_body(int ctos, pid_t pid, uid_t uid)
 +{
-+	Buffer m;
+	int r;
 +	struct sshbuf *m;
 +
-+	buffer_init(&m);
+ 	if ((m = sshbuf_new()) == NULL)
-+	buffer_put_int(&m, ctos);
+ 		fatal("%s: sshbuf_new failed", __func__);
-+	buffer_put_int64(&m, pid);
+	if ((r = sshbuf_put_u32(m, ctos)) != 0 ||
-+	buffer_put_int64(&m, uid);
+	    (r = sshbuf_put_u64(m, pid)) != 0 ||
-+	mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_AUDIT_SESSION_KEY_FREE, &m);
+	    (r = sshbuf_put_u64(m, uid)) != 0)
 +		fatal("%s: buffer error: %s", __func__, ssh_err(r));
 +
 +	mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_AUDIT_SESSION_KEY_FREE, m);
 +	mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_AUDIT_SESSION_KEY_FREE,
-+				  &m);
+				  m);
-+	buffer_free(&m);
+	sshbuf_free(m);
 +}
 +
 +void
 +mm_audit_destroy_sensitive_data(const char *fp, pid_t pid, uid_t uid)
 +{
-+	Buffer m;
+	int r;
 +	struct sshbuf *m;
 +
-+	buffer_init(&m);
+ 	if ((m = sshbuf_new()) == NULL)
-+	buffer_put_cstring(&m, fp);
+ 		fatal("%s: sshbuf_new failed", __func__);
-+	buffer_put_int64(&m, pid);
+	if ((r = sshbuf_put_cstring(m, fp)) != 0 ||
-+	buffer_put_int64(&m, uid);
+	    (r = sshbuf_put_u64(m, pid)) != 0 ||
 +	    (r = sshbuf_put_u64(m, uid)) != 0)
 +		fatal("%s: buffer error: %s", __func__, ssh_err(r));
 +
-+	mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_AUDIT_SERVER_KEY_FREE, &m);
+	mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_AUDIT_SERVER_KEY_FREE, m);
-+	buffer_free(&m);
+	sshbuf_free(m);
 +}
 +#endif /* SSH_AUDIT_EVENTS */
 diff -up openssh-7.6p1/monitor_wrap.h.audit openssh-7.6p1/monitor_wrap.h
@ -1577,7 +1598,7 @@ diff -up openssh-7.6p1/packet.c.audit openssh-7.6p1/packet.c
 --- openssh-7.6p1/packet.c.audit	2017-10-04 17:18:32.672504220 +0200
 +++ openssh-7.6p1/packet.c	2017-10-04 17:25:48.141741390 +0200
@@ -67,6 +67,7 @@
- #include "key.h"	/* typedefs XXX */
+ #include <zlib.h>
 #include "xmalloc.h"
 +#include "audit.h"
@ -1642,9 +1663,9 @@ diff -up openssh-7.6p1/packet.c.audit openssh-7.6p1/packet.c
 +			close(state->connection_in);
 +			close(state->connection_out);
 +		}
 		free(ssh->local_ipaddr);
 		ssh->local_ipaddr = NULL;
 		free(ssh->remote_ipaddr);
 		ssh->remote_ipaddr = NULL;
 		free(ssh->state);
@@ -854,6 +863,7 @@ ssh_set_newkeys(struct ssh *ssh, int mod
 		   (unsigned long long)state->p_read.blocks,
 		   (unsigned long long)state->p_send.bytes,
@ -1685,16 +1706,16 @@ diff -up openssh-7.6p1/packet.c.audit openssh-7.6p1/packet.c
 +	cipher_free(state->receive_context);
 +	cipher_free(state->send_context);
 +
-+	buffer_free(state->input);
+	sshbuf_free(state->input);
 +	state->input = NULL;
-+	buffer_free(state->output);
+	sshbuf_free(state->output);
 +	state->output = NULL;
-+	buffer_free(state->outgoing_packet);
+	sshbuf_free(state->outgoing_packet);
 +	state->outgoing_packet = NULL;
-+	buffer_free(state->incoming_packet);
+	sshbuf_free(state->incoming_packet);
 +	state->incoming_packet = NULL;
-+	if( state->compression_buffer ) {
+	if (state->compression_buffer) {
-+		buffer_free(state->compression_buffer);
+		sshbuf_free(state->compression_buffer);
 +		state->compression_buffer = NULL;
 +	}
 +	newkeys_destroy_and_free(state->newkeys[MODE_IN]);
@ -1744,7 +1765,7 @@ diff -up openssh-7.6p1/session.c.audit openssh-7.6p1/session.c
 extern int startup_pipe;
 -extern void destroy_sensitive_data(void);
 +extern void destroy_sensitive_data(int);
- extern Buffer loginmsg;
+ extern struct sshbuf *loginmsg;
 extern struct sshauthopt *auth_opts;
 char *tun_fwd_ifnames; /* serverloop.c */
@@ -605,6 +605,14 @@ do_exec_pty(struct ssh *ssh, Session *s,
@ -1984,11 +2005,11 @@ diff -up openssh-7.6p1/sshd.c.audit openssh-7.6p1/sshd.c
 		if (sensitive_data.host_keys[i]) {
 +			char *fp;
 +
-+			if (key_is_private(sensitive_data.host_keys[i]))
+			if (sshkey_is_private(sensitive_data.host_keys[i]))
 +				fp = sshkey_fingerprint(sensitive_data.host_keys[i], options.fingerprint_hash, SSH_FP_HEX);
 +			else
 +				fp = NULL;
- 			key_free(sensitive_data.host_keys[i]);
+ 			sshkey_free(sensitive_data.host_keys[i]);
 			sensitive_data.host_keys[i] = NULL;
 +			if (fp != NULL) {
 +#ifdef SSH_AUDIT_EVENTS
@ -2005,13 +2026,13 @@ diff -up openssh-7.6p1/sshd.c.audit openssh-7.6p1/sshd.c
 -		if (sensitive_data.host_certificates[i]) {
 +		if (sensitive_data.host_certificates
 +		    && sensitive_data.host_certificates[i]) {
- 			key_free(sensitive_data.host_certificates[i]);
+ 			sshkey_free(sensitive_data.host_certificates[i]);
 			sensitive_data.host_certificates[i] = NULL;
 		}
-@@ -499,12 +536,30 @@ demote_sensitive_data(void)
+@@ -499,16 +536,34 @@ demote_sensitive_data(void)
 {
 	struct sshkey *tmp;
 	u_int i;
 	int r;
 +#ifdef SSH_AUDIT_EVENTS
 +	pid_t pid;
 +	uid_t uid;
@ -2023,12 +2044,16 @@ diff -up openssh-7.6p1/sshd.c.audit openssh-7.6p1/sshd.c
 		if (sensitive_data.host_keys[i]) {
 +			char *fp;
 +
-+			if (key_is_private(sensitive_data.host_keys[i]))
+			if (sshkey_is_private(sensitive_data.host_keys[i]))
 +				fp = sshkey_fingerprint(sensitive_data.host_keys[i], options.fingerprint_hash, SSH_FP_HEX);
 +			else
 +				fp = NULL;
- 			tmp = key_demote(sensitive_data.host_keys[i]);
+			if ((r = sshkey_demote(sensitive_data.host_keys[i],
- 			key_free(sensitive_data.host_keys[i]);
+			    &tmp)) != 0)
 				fatal("could not demote host %s key: %s",
 				    sshkey_type(sensitive_data.host_keys[i]),
 				    ssh_err(r));
 			sshkey_free(sensitive_data.host_keys[i]);
 			sensitive_data.host_keys[i] = tmp;
 +			if (fp != NULL) {
 +#ifdef SSH_AUDIT_EVENTS
--- a/openssh-7.6p1-pkcs11-ecdsa.patch
+++ b/openssh-7.6p1-pkcs11-ecdsa.patch
@ -29,7 +29,7 @@ diff -up openssh-7.6p1/ssh-pkcs11-client.c.pkcs11-ecdsa openssh-7.6p1/ssh-pkcs11
 {
 	static RSA_METHOD helper_rsa;
-@@ -152,6 +160,81 @@ wrap_key(RSA *rsa)
+@@ -152,6 +160,85 @@ wrap_key(RSA *rsa)
 	return (0);
 }
@ -38,30 +38,34 @@ diff -up openssh-7.6p1/ssh-pkcs11-client.c.pkcs11-ecdsa openssh-7.6p1/ssh-pkcs11
 +pkcs11_ecdsa_private_sign(const unsigned char *from, int flen,
 +    const BIGNUM *inv, const BIGNUM *rp, EC_KEY * ecdsa)
 +{
-+	Key key;
+	struct sshkey *key;
 +	u_char *blob, *signature = NULL;
-+	u_int blen, slen = 0;
+	size_t blen, slen = 0;
-+	Buffer msg;
+	struct sshbuf *msg;
 +	ECDSA_SIG *ret = NULL;
 +	BIGNUM *r = NULL, *s = NULL;
 +	int rv;
 +
-+	key.type = KEY_ECDSA;
+	key = sshkey_new(KEY_ECDSA);
-+	key.ecdsa = ecdsa;
+	key->ecdsa = ecdsa;
-+	key.ecdsa_nid = sshkey_ecdsa_key_to_nid(ecdsa);
+	key->ecdsa_nid = sshkey_ecdsa_key_to_nid(ecdsa);
-+	if (key_to_blob(&key, &blob, &blen) == 0)
+	if (sshkey_to_blob(key, &blob, &blen) == 0)
 +		return NULL;
-+	buffer_init(&msg);
+	if ((msg = sshbuf_new()) == NULL)
-+	buffer_put_char(&msg, SSH2_AGENTC_SIGN_REQUEST);
+		fatal("%s: sshbuf_new failed", __func__);
-+	buffer_put_string(&msg, blob, blen);
+	if ((rv = sshbuf_put_u8(msg, SSH2_AGENTC_SIGN_REQUEST)) != 0 ||
-+	buffer_put_string(&msg, from, flen);
+	    (rv = sshbuf_put_string(msg, blob, blen)) != 0 ||
-+	buffer_put_int(&msg, 0);
+	    (rv = sshbuf_put_string(msg, from, flen)) != 0 ||
 +	    (rv = sshbuf_put_u32(msg, 0)) != 0)
 +		fatal("%s: buffer error: %s", __func__, ssh_err(rv));
 +	free(blob);
-+	send_msg(&msg);
+	send_msg(msg);
-+	buffer_clear(&msg);
+	sshbuf_reset(msg);
 +
-+	if (recv_msg(&msg) == SSH2_AGENT_SIGN_RESPONSE) {
+	if (recv_msg(msg) == SSH2_AGENT_SIGN_RESPONSE) {
-+		signature = buffer_get_string(&msg, &slen);
+		if ((rv = sshbuf_get_string(msg, &signature, &slen)) != 0)
-+		if (slen <= (u_int)ECDSA_size(ecdsa)) {
+			fatal("%s: buffer error: %s", __func__, ssh_err(rv));
 +		if (slen <= (size_t)ECDSA_size(ecdsa)) {
 +			int nlen = slen / 2;
 +			ret = ECDSA_SIG_new();
 +			r = BN_new();
@ -72,7 +76,7 @@ diff -up openssh-7.6p1/ssh-pkcs11-client.c.pkcs11-ecdsa openssh-7.6p1/ssh-pkcs11
 +		}
 +		free(signature);
 +	}
-+	buffer_free(&msg);
+	sshbuf_free(msg);
 +	return (ret);
 +}
 +
@ -112,9 +116,9 @@ diff -up openssh-7.6p1/ssh-pkcs11-client.c.pkcs11-ecdsa openssh-7.6p1/ssh-pkcs11
 pkcs11_start_helper(void)
 {
@@ -212,7 +281,15 @@ pkcs11_add_provider(char *name, char *pi
- 			blob = buffer_get_string(&msg, &blen);
+ 				    __func__, ssh_err(r));
- 			free(buffer_get_string(&msg, NULL));
+ 			if ((r = sshkey_from_blob(blob, blen, &k)) != 0)
- 			k = key_from_blob(blob, blen);
+ 				fatal("%s: bad key: %s", __func__, ssh_err(r));
 -			wrap_key(k->rsa);
 +			if(k->type == KEY_RSA) {
 +				 wrap_rsa_key(k->rsa);
--- a/openssh-7.6p1-pkcs11-uri.patch
+++ b/openssh-7.6p1-pkcs11-uri.patch
@ -26,9 +26,9 @@ index ac959c1f..f8ed1781 100644
 	rm -f regress/unittests/utf8/test_utf8
 +	rm -f regress/unittests/pkcs11/*.o
 +	rm -f regress/unittests/pkcs11/test_pkcs11
- 	rm -f regress/unittests/misc/kexfuzz
+	rm -f regress/misc/kexfuzz/*.o
 	rm -f regress/misc/kexfuzz
 	(cd openbsd-compat && $(MAKE) distclean)
 	if test -d pkg ; then \
@@ -437,6 +441,7 @@ regress-prep:
 	$(MKDIR_P) `pwd`/regress/unittests/kex
 	$(MKDIR_P) `pwd`/regress/unittests/match
@ -72,8 +72,8 @@ index ac959c1f..f8ed1781 100644
 	regress/netcat$(EXEEXT) \
 +	regress/soft-pkcs11.so \
 	regress/check-perm$(EXEEXT) \
 	regress/mkdtemp$(EXEEXT) \
 	regress/unittests/sshbuf/test_sshbuf$(EXEEXT) \
 	regress/unittests/sshkey/test_sshkey$(EXEEXT) \
@@ -575,6 +596,7 @@ regress-binaries: regress/modpipe$(EXEEXT) \
 	regress/unittests/kex/test_kex$(EXEEXT) \
 	regress/unittests/match/test_match$(EXEEXT) \
@ -81,7 +81,7 @@ index ac959c1f..f8ed1781 100644
 +	regress/unittests/pkcs11/test_pkcs11$(EXEEXT) \
 	regress/misc/kexfuzz/kexfuzz$(EXEEXT)
- REGRESSTMP = "$(PWD)/regress"
+ tests interop-tests t-exec unit: regress-prep regress-binaries $(TARGETS)
 diff --git a/authfd.c b/authfd.c
 index 1eff7ba9..35153f47 100644
 --- a/authfd.c
@ -2717,7 +2717,7 @@ new file mode 100644
 index 00000000..e83aca54
 --- /dev/null
 +++ b/regress/unittests/pkcs11/tests.c
-@@ -0,0 +1,329 @@
+@@ -0,0 +1,330 @@
 +/*
 + * Copyright (c) 2017 Red Hat
 + *
@ -2743,6 +2743,7 @@ index 00000000..e83aca54
 +
 +#include "../test_helper/test_helper.h"
 +
 +#include "sshbuf.h"
 +#include "ssh-pkcs11-uri.h"
 +
 +#define EMPTY_URI compose_uri(NULL, 0, NULL, NULL, NULL, NULL, NULL)
@ -3288,12 +3289,12 @@ index a023f5f4..882e8381 100644
 	key.type = KEY_RSA;
 	key.rsa = rsa;
 +	key.ecdsa_nid = 0;
- 	if (key_to_blob(&key, &blob, &blen) == 0)
+ 	if ((r = sshkey_to_blob(&key, &blob, &blen)) != 0) {
 		error("%s: sshkey_to_blob: %s", __func__, ssh_err(r));
 		return -1;
 	buffer_init(&msg);
@@ -195,6 +196,8 @@ pkcs11_add_provider(char *name, char *pin, Key ***keysp)
- 	u_int blen;
+ 	u_int nkeys, i;
- 	Buffer msg;
+ 	struct sshbuf *msg;
 +	debug("%s: called, name = %s", __func__, name);
 +
@ -3301,19 +3302,19 @@ index a023f5f4..882e8381 100644
 		return (-1);
@@ -208,6 +211,7 @@ pkcs11_add_provider(char *name, char *pin, Key ***keysp)
- 	if (recv_msg(&msg) == SSH2_AGENT_IDENTITIES_ANSWER) {
+ 		if ((r = sshbuf_get_u32(msg, &nkeys)) != 0)
- 		nkeys = buffer_get_int(&msg);
+ 			fatal("%s: buffer error: %s", __func__, ssh_err(r));
- 		*keysp = xcalloc(nkeys, sizeof(Key *));
+ 		*keysp = xcalloc(nkeys, sizeof(struct sshkey *));
-+		debug("%s: nkeys = %d", __func__, nkeys);
+		debug("%s: nkeys = %u", __func__, nkeys);
 		for (i = 0; i < nkeys; i++) {
- 			blob = buffer_get_string(&msg, &blen);
+ 			/* XXX clean up properly instead of fatal() */
- 			free(buffer_get_string(&msg, NULL));
+ 			if ((r = sshbuf_get_string(msg, &blob, &blen)) != 0 ||
 diff --git a/ssh-pkcs11-uri.c b/ssh-pkcs11-uri.c
 new file mode 100644
 index 00000000..da15c164
 --- /dev/null
 +++ b/ssh-pkcs11-uri.c
-@@ -0,0 +1,400 @@
+@@ -0,0 +1,401 @@
 +/*
 + * Copyright (c) 2017 Red Hat
 + *
@ -3340,6 +3341,7 @@ index 00000000..da15c164
 +#include <string.h>
 +
 +#include "sshkey.h"
 +#include "sshbuf.h"
 +#include "log.h"
 +
 +#define CRYPTOKI_COMPAT
@ -4624,7 +4626,7 @@ index d3619fe2..180eb2e0 100644
 +				break;
 +			}
 +#endif
- 			p = tilde_expand_filename(optarg, original_real_uid);
+ 			p = tilde_expand_filename(optarg, getuid());
 			if (stat(p, &st) < 0)
 				fprintf(stderr, "Warning: Identity file %s "
@@ -1999,6 +2007,45 @@ ssh_session2(struct ssh *ssh, struct passwd *pw)
@ -4656,7 +4658,7 @@ index d3619fe2..180eb2e0 100644
 +	    (nkeys = pkcs11_add_provider_by_uri(uri, NULL, &keys)) > 0) {
 +		for (i = 0; i < nkeys; i++) {
 +			if (*n_ids >= SSH_MAX_IDENTITY_FILES) {
-+				key_free(keys[i]);
+				sshkey_free(keys[i]);
 +				continue;
 +			}
 +			identity_keys[*n_ids] = keys[i];
@ -4674,9 +4676,9 @@ index d3619fe2..180eb2e0 100644
 static void
 load_public_identity_files(struct passwd *pw)
@@ -2011,10 +2058,6 @@ load_public_identity_files(struct passwd *pw)
 	struct sshkey *identity_keys[SSH_MAX_IDENTITY_FILES];
 	char *certificate_files[SSH_MAX_CERTIFICATE_FILES];
 	struct sshkey *certificates[SSH_MAX_CERTIFICATE_FILES];
 	int certificate_file_userprovided[SSH_MAX_CERTIFICATE_FILES];
 -#ifdef ENABLE_PKCS11
 -	struct sshkey **keys;
 -	int nkeys;
@ -4684,8 +4686,8 @@ index d3619fe2..180eb2e0 100644
 	n_ids = n_certs = 0;
 	memset(identity_files, 0, sizeof(identity_files));
-@@ -2023,35 +2066,48 @@ load_public_identity_files(struct passwd *pw)
+@@ -2023,32 +2066,46 @@ load_public_identity_files(struct passwd *pw)
- 	memset(certificates, 0, sizeof(certificates));
+ 	    sizeof(certificate_file_userprovided));
 #ifdef ENABLE_PKCS11
 -	if (options.pkcs11_provider != NULL &&
@ -4695,7 +4697,7 @@ index d3619fe2..180eb2e0 100644
 -	    &keys)) > 0) {
 -		for (i = 0; i < nkeys; i++) {
 -			if (n_ids >= SSH_MAX_IDENTITY_FILES) {
-				key_free(keys[i]);
+-				sshkey_free(keys[i]);
 -				continue;
 -			}
 -			identity_keys[n_ids] = keys[i];
@ -4725,8 +4727,6 @@ index d3619fe2..180eb2e0 100644
 +		pkcs11_uri_cleanup(uri);
 	}
 #endif /* ENABLE_PKCS11 */
 	if ((pw = getpwuid(original_real_uid)) == NULL)
 		fatal("load_public_identity_files: getpwuid failed");
 	for (i = 0; i < options.num_identity_files; i++) {
 +		char *name = options.identity_files[i];
 		if (n_ids >= SSH_MAX_IDENTITY_FILES ||
@ -4736,8 +4736,7 @@ index d3619fe2..180eb2e0 100644
 			options.identity_files[i] = NULL;
 			continue;
 		}
-		cp = tilde_expand_filename(options.identity_files[i],
+-		cp = tilde_expand_filename(options.identity_files[i], getuid());
 -		    original_real_uid);
 +#ifdef ENABLE_PKCS11
 +		if (strlen(name) >= strlen(PKCS11_URI_SCHEME) &&
 +		    strncmp(name, PKCS11_URI_SCHEME,
@ -4748,7 +4747,7 @@ index d3619fe2..180eb2e0 100644
 +			continue;
 +		}
 +#endif /* ENABLE_PKCS11 */
-+		cp = tilde_expand_filename(name, original_real_uid);
+		cp = tilde_expand_filename(name, getuid());
 		filename = percent_expand(cp, "d", pw->pw_dir,
 		    "u", pw->pw_name, "l", thishost, "h", host,
 		    "r", options.user, (char *)NULL);
--- a/openssh-7.7p1-fips.patch
+++ b/openssh-7.7p1-fips.patch
@ -294,7 +294,7 @@ diff -up openssh-7.7p1/Makefile.in.fips openssh-7.7p1/Makefile.in
 +	$(LD) -o $@ $(SSHDOBJS) $(LDFLAGS) -lssh -lopenbsd-compat -lfipscheck $(SSHDLIBS) $(LIBS) $(GSSLIBS) $(K5LIBS)
 scp$(EXEEXT): $(LIBCOMPAT) libssh.a scp.o progressmeter.o
- 	$(LD) -o $@ scp.o progressmeter.o bufaux.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS)
+ 	$(LD) -o $@ scp.o progressmeter.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS)
 ssh-add$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-add.o
 -	$(LD) -o $@ ssh-add.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS)
@ -308,9 +308,9 @@ diff -up openssh-7.7p1/Makefile.in.fips openssh-7.7p1/Makefile.in
 -	$(LD) -o $@ ssh-keygen.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS)
 +	$(LD) -o $@ ssh-keygen.o $(LDFLAGS) -lssh -lopenbsd-compat -lfipscheck $(LIBS)
- ssh-keysign$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-keysign.o readconf.o
+ ssh-keysign$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-keysign.o readconf.o uidswap.o
-	$(LD) -o $@ ssh-keysign.o readconf.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS)
+-	$(LD) -o $@ ssh-keysign.o readconf.o uidswap.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS)
-+	$(LD) -o $@ ssh-keysign.o readconf.o $(LDFLAGS) -lssh -lopenbsd-compat -lfipscheck $(LIBS)
+	$(LD) -o $@ ssh-keysign.o readconf.o uidswap.o $(LDFLAGS) -lssh -lopenbsd-compat -lfipscheck $(LIBS)
 ssh-pkcs11-helper$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-pkcs11-helper.o ssh-pkcs11.o
 	$(LD) -o $@ ssh-pkcs11-helper.o ssh-pkcs11.o $(LDFLAGS) -lssh -lopenbsd-compat -lssh -lopenbsd-compat $(LIBS)
@ -380,53 +380,35 @@ diff -up openssh-7.7p1/myproposal.h.fips openssh-7.7p1/myproposal.h
 #else /* WITH_OPENSSL */
 #define KEX_SERVER_KEX		\
 diff -up openssh-7.7p1/pam_ssh_agent_auth-0.10.3/pam_user_key_allowed2.c.fips openssh-7.7p1/pam_ssh_agent_auth-0.10.3/pam_user_key_allowed2.c
 --- openssh-7.7p1/pam_ssh_agent_auth-0.10.3/pam_user_key_allowed2.c.fips	2018-08-08 10:08:40.649718516 +0200
 +++ openssh-7.7p1/pam_ssh_agent_auth-0.10.3/pam_user_key_allowed2.c	2018-08-08 10:08:40.823719982 +0200
@@ -55,6 +55,7 @@
 #include "secure_filename.h"
 #include "uidswap.h"
 #include <unistd.h>
 +#include <openssl/crypto.h>
 #include "identity.h"
@@ -104,7 +105,8 @@ pamsshagentauth_check_authkeys_file(FILE
             found_key = 1;
             logit("matching key found: file/command %s, line %lu", file,
                                   linenum);
 -            fp = sshkey_fingerprint(found, SSH_DIGEST_MD5, SSH_FP_HEX);
 +            fp = sshkey_fingerprint(found, FIPS_mode() ? SSH_DIGEST_SHA1 : SSH_DIGEST_MD5,
 +				SSH_FP_HEX);
             logit("Found matching %s key: %s",
                                   sshkey_type(found), fp);
             free(fp);
 diff -up openssh-7.7p1/readconf.c.fips openssh-7.7p1/readconf.c
 --- openssh-7.7p1/readconf.c.fips	2018-08-08 10:08:40.769719527 +0200
 +++ openssh-7.7p1/readconf.c	2018-08-08 10:08:40.824719990 +0200
-@@ -2081,12 +2081,17 @@ fill_default_options(Options * options)
+@@ -2081,17 +2081,18 @@ fill_default_options(Options * options)
- 	}
+ 	all_mac = mac_alg_list(',');
- 	if (options->update_hostkeys == -1)
+ 	all_kex = kex_alg_list(',');
- 		options->update_hostkeys = 0;
+ 	all_key = sshkey_alg_list(0, 0, 1, ',');
-	if (kex_assemble_names(KEX_CLIENT_ENCRYPT, &options->ciphers) != 0 ||
+-#define ASSEMBLE(what, defaults, all) \
-	    kex_assemble_names(KEX_CLIENT_MAC, &options->macs) != 0 ||
+#define ASSEMBLE(what, defaults, fips_defaults, all) \
-	    kex_assemble_names(KEX_CLIENT_KEX, &options->kex_algorithms) != 0 ||
+ 	do { \
-	    kex_assemble_names(KEX_DEFAULT_PK_ALG,
+ 		if ((r = kex_assemble_names(&options->what, \
-+	if (kex_assemble_names((FIPS_mode() ? KEX_FIPS_ENCRYPT
+-		    defaults, all)) != 0) \
-+	        : KEX_CLIENT_ENCRYPT), &options->ciphers) != 0 ||
+		    (FIPS_mode() ? fips_defaults : defaults), \
-+	    kex_assemble_names((FIPS_mode() ? KEX_FIPS_MAC
+		    all)) != 0) \
-+	        : KEX_CLIENT_MAC), &options->macs) != 0 ||
+ 			fatal("%s: %s: %s", __func__, #what, ssh_err(r)); \
-+	    kex_assemble_names((FIPS_mode() ? KEX_DEFAULT_KEX_FIPS
+ 	} while (0)
-+	        : KEX_CLIENT_KEX), &options->kex_algorithms) != 0 ||
+-	ASSEMBLE(ciphers, KEX_SERVER_ENCRYPT, all_cipher);
-+	    kex_assemble_names((FIPS_mode() ? KEX_FIPS_PK_ALG
+-	ASSEMBLE(macs, KEX_SERVER_MAC, all_mac);
-+	        : KEX_DEFAULT_PK_ALG),
+-	ASSEMBLE(kex_algorithms, KEX_SERVER_KEX, all_kex);
- 	    &options->hostbased_key_types) != 0 ||
+-	ASSEMBLE(hostbased_key_types, KEX_DEFAULT_PK_ALG, all_key);
-	    kex_assemble_names(KEX_DEFAULT_PK_ALG,
+-	ASSEMBLE(pubkey_key_types, KEX_DEFAULT_PK_ALG, all_key);
-+	    kex_assemble_names((FIPS_mode() ? KEX_FIPS_PK_ALG
+	ASSEMBLE(ciphers, KEX_SERVER_ENCRYPT, KEX_FIPS_ENCRYPT, all_cipher);
-+	        : KEX_DEFAULT_PK_ALG),
+	ASSEMBLE(macs, KEX_SERVER_MAC, KEX_FIPS_MAC, all_mac);
- 	    &options->pubkey_key_types) != 0)
+	ASSEMBLE(kex_algorithms, KEX_SERVER_KEX, KEX_DEFAULT_KEX_FIPS, all_kex);
- 		fatal("%s: kex_assemble_names failed", __func__);
+	ASSEMBLE(hostbased_key_types, KEX_DEFAULT_PK_ALG, KEX_FIPS_PK_ALG, all_key);
- 
+	ASSEMBLE(pubkey_key_types, KEX_DEFAULT_PK_ALG, KEX_FIPS_PK_ALG, all_key);
 #undef ASSEMBLE
 	free(all_cipher);
 	free(all_mac);
 diff -up openssh-7.7p1/sandbox-seccomp-filter.c.fips openssh-7.7p1/sandbox-seccomp-filter.c
 --- openssh-7.7p1/sandbox-seccomp-filter.c.fips	2018-08-08 10:08:40.794719737 +0200
 +++ openssh-7.7p1/sandbox-seccomp-filter.c	2018-08-08 10:08:40.824719990 +0200
@ -443,33 +425,33 @@ diff -up openssh-7.7p1/sandbox-seccomp-filter.c.fips openssh-7.7p1/sandbox-secco
 diff -up openssh-7.7p1/servconf.c.fips openssh-7.7p1/servconf.c
 --- openssh-7.7p1/servconf.c.fips	2018-08-08 10:08:40.778719603 +0200
 +++ openssh-7.7p1/servconf.c	2018-08-08 10:08:40.824719990 +0200
-@@ -196,14 +196,20 @@ option_clear_or_none(const char *o)
+@@ -196,17 +196,18 @@ option_clear_or_none(const char *o)
- static void
+ 	all_mac = mac_alg_list(',');
- assemble_algorithms(ServerOptions *o)
+ 	all_kex = kex_alg_list(',');
- {
+ 	all_key = sshkey_alg_list(0, 0, 1, ',');
-	if (kex_assemble_names(KEX_SERVER_ENCRYPT, &o->ciphers) != 0 ||
+-#define ASSEMBLE(what, defaults, all) \
-	    kex_assemble_names(KEX_SERVER_MAC, &o->macs) != 0 ||
+#define ASSEMBLE(what, defaults, fips_defaults, all) \
-	    kex_assemble_names(KEX_SERVER_KEX, &o->kex_algorithms) != 0 ||
+ 	do { \
-	    kex_assemble_names(KEX_DEFAULT_PK_ALG,
+-		if ((r = kex_assemble_names(&o->what, defaults, all)) != 0) \
-+	if (kex_assemble_names((FIPS_mode() ? KEX_FIPS_ENCRYPT
+		if ((r = kex_assemble_names(&o->what, (FIPS_mode() \
-+	        : KEX_SERVER_ENCRYPT), &o->ciphers) != 0 ||
+		    ? fips_defaults : defaults), all)) != 0) \
-+	    kex_assemble_names((FIPS_mode() ? KEX_FIPS_MAC
+ 			fatal("%s: %s: %s", __func__, #what, ssh_err(r)); \
-+	        : KEX_SERVER_MAC), &o->macs) != 0 ||
+ 	} while (0)
-+	    kex_assemble_names((FIPS_mode() ? KEX_DEFAULT_KEX_FIPS
+-	ASSEMBLE(ciphers, KEX_SERVER_ENCRYPT, all_cipher);
-+	        : KEX_SERVER_KEX), &o->kex_algorithms) != 0 ||
+-	ASSEMBLE(macs, KEX_SERVER_MAC, all_mac);
-+	    kex_assemble_names((FIPS_mode() ? KEX_FIPS_PK_ALG
+-	ASSEMBLE(kex_algorithms, KEX_SERVER_KEX, all_kex);
-+	        : KEX_DEFAULT_PK_ALG),
+-	ASSEMBLE(hostkeyalgorithms, KEX_DEFAULT_PK_ALG, all_key);
- 	    &o->hostkeyalgorithms) != 0 ||
+-	ASSEMBLE(hostbased_key_types, KEX_DEFAULT_PK_ALG, all_key);
-	    kex_assemble_names(KEX_DEFAULT_PK_ALG,
+-	ASSEMBLE(pubkey_key_types, KEX_DEFAULT_PK_ALG, all_key);
-+	    kex_assemble_names((FIPS_mode() ? KEX_FIPS_PK_ALG
+	ASSEMBLE(ciphers, KEX_SERVER_ENCRYPT, KEX_FIPS_ENCRYPT, all_cipher);
-+	        : KEX_DEFAULT_PK_ALG),
+	ASSEMBLE(macs, KEX_SERVER_MAC, KEX_FIPS_MAC, all_mac);
- 	    &o->hostbased_key_types) != 0 ||
+	ASSEMBLE(kex_algorithms, KEX_SERVER_KEX, KEX_DEFAULT_KEX_FIPS, all_kex);
-	    kex_assemble_names(KEX_DEFAULT_PK_ALG, &o->pubkey_key_types) != 0)
+	ASSEMBLE(hostkeyalgorithms, KEX_DEFAULT_PK_ALG, KEX_FIPS_PK_ALG, all_key);
-+	    kex_assemble_names((FIPS_mode() ? KEX_FIPS_PK_ALG
+	ASSEMBLE(hostbased_key_types, KEX_DEFAULT_PK_ALG, KEX_FIPS_PK_ALG, all_key);
-+	        : KEX_DEFAULT_PK_ALG), &o->pubkey_key_types) != 0)
+	ASSEMBLE(pubkey_key_types, KEX_DEFAULT_PK_ALG, KEX_FIPS_PK_ALG, all_key);
- 		fatal("kex_assemble_names failed");
+ #undef ASSEMBLE
- }
+ 	free(all_cipher);
- 
+ 	free(all_mac);
 diff -up openssh-7.7p1/ssh.c.fips openssh-7.7p1/ssh.c
 --- openssh-7.7p1/ssh.c.fips	2018-08-08 10:08:40.811719881 +0200
 +++ openssh-7.7p1/ssh.c	2018-08-08 10:08:40.825719999 +0200
@ -581,14 +563,14 @@ diff -up openssh-7.7p1/sshconnect2.c.fips openssh-7.7p1/sshconnect2.c
 	}
 #endif
@@ -322,14 +330,16 @@ ssh_kex2(char *host, struct sockaddr *ho
 	myproposal[PROPOSAL_MAC_ALGS_CTOS] =
 	    myproposal[PROPOSAL_MAC_ALGS_STOC] = options.macs;
 	if (options.hostkeyalgorithms != NULL) {
-		if (kex_assemble_names(KEX_DEFAULT_PK_ALG,
+ 		all_key = sshkey_alg_list(0, 0, 1, ',');
-+		if (kex_assemble_names((FIPS_mode() ? KEX_FIPS_PK_ALG
+		if (kex_assemble_names(&options.hostkeyalgorithms,
-+		    : KEX_DEFAULT_PK_ALG),
+-		    KEX_DEFAULT_PK_ALG, all_key) != 0)
- 		    &options.hostkeyalgorithms) != 0)
+		    (FIPS_mode() ? KEX_FIPS_PK_ALG : KEX_DEFAULT_PK_ALG),
 +		    all_key) != 0)
 			fatal("%s: kex_assemble_namelist", __func__);
 		free(all_key);
 		myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] =
 		    compat_pkalg_proposal(options.hostkeyalgorithms);
 	} else {
--- a/openssh-7.7p1-redhat.patch
+++ b/openssh-7.7p1-redhat.patch
@ -148,7 +148,7 @@ diff -up openssh-7.7p1/sshd_config.redhat openssh-7.7p1/sshd_config
 +
 #PrintLastLog yes
 #TCPKeepAlive yes
- #UseLogin no
+ #PermitUserEnvironment no
@@ -106,6 +126,12 @@ AuthorizedKeysFile	.ssh/authorized_keys
 # no default banner path
 #Banner none
--- a/openssh-7.7p1-tun-devices.patch
+++ b/openssh-7.7p1-tun-devices.patch
@ -1,152 +0,0 @@
 From 4f60e4f66b5880c9f50ef758e8b7f7a9ae786d21 Mon Sep 17 00:00:00 2001
 From: Darren Tucker <dtucker@dtucker.net>
 Date: Fri, 13 Apr 2018 13:13:33 +1000
 Subject: [PATCH 1/5] Revert $REGRESSTMP changes.
 Revert 3fd2d229 and subsequent changes as they turned out to be a
 portability hassle.
 ---
 Makefile.in | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)
 diff --git a/Makefile.in b/Makefile.in
 index 04e1c8e53..dd942ee7b 100644
 --- a/Makefile.in
 +++ b/Makefile.in
@@ -577,8 +577,6 @@ regress-binaries: regress/modpipe$(EXEEXT) \
 	regress/unittests/pkcs11/test_pkcs11$(EXEEXT) \
 	regress/misc/kexfuzz/kexfuzz$(EXEEXT)
 -REGRESSTMP = "$(PWD)/regress"
 -
 tests interop-tests t-exec unit: regress-prep regress-binaries $(TARGETS)
 	BUILDDIR=`pwd`; \
 	TEST_SSH_SCP="$${BUILDDIR}/scp"; \
@@ -602,7 +600,7 @@ tests interop-tests t-exec unit: regress-prep regress-binaries $(TARGETS)
 		.OBJDIR="$${BUILDDIR}/regress" \
 		.CURDIR="`pwd`" \
 		BUILDDIR="$${BUILDDIR}" \
 -		OBJ="$(REGRESSTMP)" \
 +		OBJ="$${BUILDDIR}/regress/" \
 		PATH="$${BUILDDIR}:$${PATH}" \
 		TEST_ENV=MALLOC_OPTIONS="@TEST_MALLOC_OPTIONS@" \
 		TEST_MALLOC_OPTIONS="@TEST_MALLOC_OPTIONS@" \
 From b81b2d120e9c8a83489e241620843687758925ad Mon Sep 17 00:00:00 2001
 From: Damien Miller <djm@mindrot.org>
 Date: Fri, 13 Apr 2018 13:38:06 +1000
 Subject: [PATCH 2/5] Fix tunnel forwarding broken in 7.7p1
 bz2855, ok dtucker@
 ---
 openbsd-compat/port-net.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)
 diff --git a/openbsd-compat/port-net.c b/openbsd-compat/port-net.c
 index 7050629c3..bb535626f 100644
 --- a/openbsd-compat/port-net.c
 +++ b/openbsd-compat/port-net.c
@@ -185,7 +185,7 @@ sys_tun_open(int tun, int mode, char **ifname)
 	else
 		debug("%s: %s mode %d fd %d", __func__, ifr.ifr_name, mode, fd);
 -	if (ifname != NULL && (*ifname = strdup(ifr.ifr_name)))
 +	if (ifname != NULL && (*ifname = strdup(ifr.ifr_name)) == NULL)
 		goto failed;
 	return (fd);
@@ -272,7 +272,7 @@ sys_tun_open(int tun, int mode, char **ifname)
 			goto failed;
 	}
 -	if (ifname != NULL && (*ifname = strdup(ifr.ifr_name)))
 +	if (ifname != NULL && (*ifname = strdup(ifr.ifr_name)) == NULL)
 		goto failed;
 	close(sock);
 From 341727df910e12e26ef161508ed76d91c40a61eb Mon Sep 17 00:00:00 2001
 From: "djm@openbsd.org" <djm@openbsd.org>
 Date: Mon, 9 Apr 2018 23:54:49 +0000
 Subject: [PATCH 3/5] upstream: don't kill ssh-agent's listening socket
 entriely if we
 fail to accept a connection; bz#2837, patch from Lukas Kuster
 OpenBSD-Commit-ID: 52413f5069179bebf30d38f524afe1a2133c738f
 ---
 ssh-agent.c | 7 +++----
 1 file changed, 3 insertions(+), 4 deletions(-)
 diff --git a/ssh-agent.c b/ssh-agent.c
 index 2a4578b03..68de56ce6 100644
 --- a/ssh-agent.c
 +++ b/ssh-agent.c
@@ -1,4 +1,4 @@
 -/* $OpenBSD: ssh-agent.c,v 1.228 2018/02/23 15:58:37 markus Exp $ */
 +/* $OpenBSD: ssh-agent.c,v 1.229 2018/04/09 23:54:49 djm Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -909,9 +909,8 @@ after_poll(struct pollfd *pfd, size_t npfd)
 		/* Process events */
 		switch (sockets[socknum].type) {
 		case AUTH_SOCKET:
 -			if ((pfd[i].revents & (POLLIN|POLLERR)) != 0 &&
 -			    handle_socket_read(socknum) != 0)
 -				close_socket(&sockets[socknum]);
 +			if ((pfd[i].revents & (POLLIN|POLLERR)) != 0)
 +				handle_socket_read(socknum);
 			break;
 		case AUTH_CONNECTION:
 			if ((pfd[i].revents & (POLLIN|POLLERR)) != 0 &&
 From 3402cc607049ac900f6d8574bc2ce657a8cdf4fe Mon Sep 17 00:00:00 2001
 From: Darren Tucker <dtucker@dtucker.net>
 Date: Fri, 13 Apr 2018 13:43:55 +1000
 Subject: [PATCH 4/5] Using "==" in shell tests is not portable.
 Patch from rsbecker at nexbridge.com.
 ---
 configure.ac | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
 diff --git a/configure.ac b/configure.ac
 index 663062bef..2e84d90b7 100644
 --- a/configure.ac
 +++ b/configure.ac
@@ -1398,7 +1398,7 @@ AC_RUN_IFELSE(
 )
 AC_MSG_RESULT([$func_calloc_0_nonnull])
 -if test "x$func_calloc_0_nonnull" == "xyes"; then
 +if test "x$func_calloc_0_nonnull" = "xyes"; then
 	AC_DEFINE(HAVE_CALLOC, 1, [calloc(0, x) returns non-null])
 else
 	AC_DEFINE(HAVE_CALLOC, 0, [calloc(0, x) returns NULL])
 From 85fe48fd49f2e81fa30902841b362cfbb7f1933b Mon Sep 17 00:00:00 2001
 From: "djm@openbsd.org" <djm@openbsd.org>
 Date: Sat, 14 Apr 2018 21:50:41 +0000
 Subject: [PATCH 5/5] upstream: don't free the %C expansion, it's used later
 for
 LocalCommand
 OpenBSD-Commit-ID: 857b5cb37b2d856bfdfce61289a415257a487fb1
 ---
 ssh.c | 1 -
 1 file changed, 1 deletion(-)
 diff --git a/ssh.c b/ssh.c
 index d3619fe29..9c011dd7e 100644
 --- a/ssh.c
 +++ b/ssh.c
@@ -1323,7 +1323,6 @@ main(int ac, char **av)
 		    (char *)NULL);
 		free(cp);
 	}
 -	free(conn_hash_hex);
 	if (config_test) {
 		dump_client_config(&options, host);
--- a/openssh-7.2p2-UsePAM-UseLogin-warning.patch
+++ b/openssh-7.2p2-UsePAM-UseLogin-warning.patch
@ -3,7 +3,7 @@ diff --git a/sshd.c b/sshd.c
 +++ b/sshd.c
@@ -1701,6 +1701,10 @@ main(int ac, char **av)
 	parse_server_config(&options, rexeced_flag ? "rexec" : config_file_name,
- 	    &cfg, NULL);
+ 	    cfg, NULL);
 +	/* 'UsePAM no' is not supported in Fedora */
 +	if (! options.use_pam)
--- a/openssh-7.8p1-gsskex.patch
+++ b/openssh-7.8p1-gsskex.patch
--- a/openssh-7.8p1-ip-port-config-parser.patch
+++ b/openssh-7.8p1-ip-port-config-parser.patch
@ -0,0 +1,72 @@
 diff -up openssh/misc.c.config openssh/misc.c
 --- openssh/misc.c.config	2018-08-22 13:58:54.922807799 +0200
 +++ openssh/misc.c	2018-08-22 13:58:55.000808428 +0200
@@ -485,7 +485,7 @@ put_host_port(const char *host, u_short
  * The delimiter char, if present, is stored in delim.
  * If this is the last field, *cp is set to NULL.
  */
 -static char *
 +char *
 hpdelim2(char **cp, char *delim)
 {
 	char *s, *old;
 diff -up openssh/misc.h.config openssh/misc.h
 --- openssh/misc.h.config	2018-08-20 07:57:29.000000000 +0200
 +++ openssh/misc.h	2018-08-22 13:58:55.001808436 +0200
@@ -54,6 +54,7 @@ int	 set_rdomain(int, const char *);
 int	 a2port(const char *);
 int	 a2tun(const char *, int *);
 char	*put_host_port(const char *, u_short);
 +char	*hpdelim2(char **, char *);
 char	*hpdelim(char **);
 char	*cleanhostname(char *);
 char	*colon(char *);
 diff -up openssh/servconf.c.config openssh/servconf.c
 --- openssh/servconf.c.config	2018-08-22 13:58:54.989808340 +0200
 +++ openssh/servconf.c	2018-08-22 14:18:49.235443937 +0200
@@ -886,7 +886,7 @@ process_permitopen_list(struct ssh *ssh,
 {
 	u_int i;
 	int port;
 -	char *host, *arg, *oarg;
 +	char *host, *arg, *oarg, ch;
 	int where = opcode == sPermitOpen ? FORWARD_LOCAL : FORWARD_REMOTE;
 	const char *what = lookup_opcode_name(opcode);
@@ -904,8 +904,8 @@ process_permitopen_list(struct ssh *ssh,
 	/* Otherwise treat it as a list of permitted host:port */
 	for (i = 0; i < num_opens; i++) {
 		oarg = arg = xstrdup(opens[i]);
 -		host = hpdelim(&arg);
 -		if (host == NULL)
 +		host = hpdelim2(&arg, &ch);
 +		if (host == NULL || ch == '/')
 			fatal("%s: missing host in %s", __func__, what);
 		host = cleanhostname(host);
 		if (arg == NULL || ((port = permitopen_port(arg)) < 0))
@@ -1323,8 +1323,10 @@ process_server_config_line(ServerOptions
 			port = 0;
 			p = arg;
 		} else {
 -			p = hpdelim(&arg);
 -			if (p == NULL)
 +			char ch;
 +			arg2 = NULL;
 +			p = hpdelim2(&arg, &ch);
 +			if (p == NULL || ch == '/')
 				fatal("%s line %d: bad address:port usage",
 				    filename, linenum);
 			p = cleanhostname(p);
@@ -1965,9 +1967,10 @@ process_server_config_line(ServerOptions
 				 */
 				xasprintf(&arg2, "*:%s", arg);
 			} else {
 +				char ch;
 				arg2 = xstrdup(arg);
 -				p = hpdelim(&arg);
 -				if (p == NULL) {
 +				p = hpdelim2(&arg, &ch);
 +				if (p == NULL || ch == '/') {
 					fatal("%s line %d: missing host in %s",
 					    filename, linenum,
 					    lookup_opcode_name(opcode));
--- a/openssh-7.8p1-role-mls.patch
+++ b/openssh-7.8p1-role-mls.patch
@ -1,7 +1,7 @@
-diff -up openssh-7.4p1/auth2.c.role-mls openssh-7.4p1/auth2.c
+diff -up openssh/auth2.c.role-mls openssh/auth2.c
--- openssh-7.4p1/auth2.c.role-mls	2016-12-19 05:59:41.000000000 +0100
+--- openssh/auth2.c.role-mls	2018-08-20 07:57:29.000000000 +0200
-+++ openssh-7.4p1/auth2.c	2016-12-23 12:19:58.587459379 +0100
+++ openssh/auth2.c	2018-08-22 11:14:56.815430916 +0200
-@@ -215,6 +215,9 @@ input_userauth_request(int type, u_int32
+@@ -256,6 +256,9 @@ input_userauth_request(int type, u_int32
 	Authctxt *authctxt = ssh->authctxt;
 	Authmethod *m = NULL;
 	char *user, *service, *method, *style = NULL;
@ -9,9 +9,9 @@ diff -up openssh-7.4p1/auth2.c.role-mls openssh-7.4p1/auth2.c
 +	char *role = NULL;
 +#endif
 	int authenticated = 0;
 	double tstart = monotime_double();
- 	if (authctxt == NULL)
+@@ -268,6 +271,11 @@ input_userauth_request(int type, u_int32
@@ -226,6 +229,11 @@ input_userauth_request(int type, u_int32
 	debug("userauth-request for user %s service %s method %s", user, service, method);
 	debug("attempt %d failures %d", authctxt->attempt, authctxt->failures);
@ -23,7 +23,7 @@ diff -up openssh-7.4p1/auth2.c.role-mls openssh-7.4p1/auth2.c
 	if ((style = strchr(user, ':')) != NULL)
 		*style++ = 0;
-@@ -251,8 +259,15 @@ input_userauth_request(int type, u_int32
+@@ -296,8 +304,15 @@ input_userauth_request(int type, u_int32
 		    use_privsep ? " [net]" : "");
 		authctxt->service = xstrdup(service);
 		authctxt->style = style ? xstrdup(style) : NULL;
@ -40,49 +40,48 @@ diff -up openssh-7.4p1/auth2.c.role-mls openssh-7.4p1/auth2.c
 		userauth_banner();
 		if (auth2_setup_methods_lists(authctxt) != 0)
 			packet_disconnect("no authentication methods enabled");
-diff -up openssh-7.4p1/auth2-gss.c.role-mls openssh-7.4p1/auth2-gss.c
+diff -up openssh/auth2-gss.c.role-mls openssh/auth2-gss.c
--- openssh-7.4p1/auth2-gss.c.role-mls	2016-12-19 05:59:41.000000000 +0100
+--- openssh/auth2-gss.c.role-mls	2018-08-20 07:57:29.000000000 +0200
-+++ openssh-7.4p1/auth2-gss.c	2016-12-23 12:19:58.586459382 +0100
+++ openssh/auth2-gss.c	2018-08-22 11:15:42.459799171 +0200
-@@ -255,6 +255,7 @@ input_gssapi_mic(int type, u_int32_t ple
+@@ -281,6 +281,7 @@ input_gssapi_mic(int type, u_int32_t ple
 	Authctxt *authctxt = ssh->authctxt;
 	Gssctxt *gssctxt;
- 	int authenticated = 0;
+ 	int r, authenticated = 0;
 +	char *micuser;
- 	Buffer b;
+ 	struct sshbuf *b;
 	gss_buffer_desc mic, gssbuf;
- 	u_int len;
+ 	const char *displayname;
-@@ -267,7 +268,13 @@ input_gssapi_mic(int type, u_int32_t ple
+@@ -298,7 +299,13 @@ input_gssapi_mic(int type, u_int32_t ple
- 	mic.value = packet_get_string(&len);
+ 		fatal("%s: sshbuf_new failed", __func__);
 	mic.value = p;
 	mic.length = len;
- 
+-	ssh_gssapi_buildmic(b, authctxt->user, authctxt->service,
 -	ssh_gssapi_buildmic(&b, authctxt->user, authctxt->service,
 +#ifdef WITH_SELINUX
 +	if (authctxt->role && (strlen(authctxt->role) > 0))
 +		xasprintf(&micuser, "%s/%s", authctxt->user, authctxt->role);
 +	else
 +#endif
 +		micuser = authctxt->user;
-+	ssh_gssapi_buildmic(&b, micuser, authctxt->service,
+	ssh_gssapi_buildmic(b, micuser, authctxt->service,
 	    "gssapi-with-mic");
- 	gssbuf.value = buffer_ptr(&b);
+ 	if ((gssbuf.value = sshbuf_mutable_ptr(b)) == NULL)
-@@ -279,6 +286,8 @@ input_gssapi_mic(int type, u_int32_t ple
+@@ -311,6 +318,8 @@ input_gssapi_mic(int type, u_int32_t ple
 		logit("GSSAPI MIC check failed");
- 	buffer_free(&b);
+ 	sshbuf_free(b);
 +	if (micuser != authctxt->user)
 +		free(micuser);
 	free(mic.value);
 	if ((!use_privsep || mm_is_monitor()) &&
-diff -up openssh-7.4p1/auth2-hostbased.c.role-mls openssh-7.4p1/auth2-hostbased.c
+diff -up openssh/auth2-hostbased.c.role-mls openssh/auth2-hostbased.c
--- openssh-7.4p1/auth2-hostbased.c.role-mls	2016-12-19 05:59:41.000000000 +0100
+--- openssh/auth2-hostbased.c.role-mls	2018-08-20 07:57:29.000000000 +0200
-+++ openssh-7.4p1/auth2-hostbased.c	2016-12-23 12:19:58.586459382 +0100
+++ openssh/auth2-hostbased.c	2018-08-22 11:14:56.816430924 +0200
-@@ -121,7 +121,16 @@ userauth_hostbased(Authctxt *authctxt)
+@@ -123,7 +123,16 @@ userauth_hostbased(struct ssh *ssh)
 	/* reconstruct packet */
 	if ((r = sshbuf_put_string(b, session_id2, session_id2_len)) != 0 ||
 	    (r = sshbuf_put_u8(b, SSH2_MSG_USERAUTH_REQUEST)) != 0 ||
 -	    (r = sshbuf_put_cstring(b, authctxt->user)) != 0 ||
 +#ifdef WITH_SELINUX
 +	    (authctxt->role
 +	    ? ( (r = sshbuf_put_u32(b, strlen(authctxt->user)+strlen(authctxt->role)+1)) != 0 ||
@ -91,16 +90,16 @@ diff -up openssh-7.4p1/auth2-hostbased.c.role-mls openssh-7.4p1/auth2-hostbased.
 +	        (r = sshbuf_put(b, authctxt->role, strlen(authctxt->role))) != 0)
 +	    : (r = sshbuf_put_cstring(b, authctxt->user)) != 0) ||
 +#else
-+	    (r = sshbuf_put_cstring(b, authctxt->user)) != 0 ||
+ 	    (r = sshbuf_put_cstring(b, authctxt->user)) != 0 ||
 +#endif
 	    (r = sshbuf_put_cstring(b, authctxt->service)) != 0 ||
 	    (r = sshbuf_put_cstring(b, "hostbased")) != 0 ||
 	    (r = sshbuf_put_string(b, pkalg, alen)) != 0 ||
-diff -up openssh-7.4p1/auth2-pubkey.c.role-mls openssh-7.4p1/auth2-pubkey.c
+diff -up openssh/auth2-pubkey.c.role-mls openssh/auth2-pubkey.c
--- openssh-7.4p1/auth2-pubkey.c.role-mls	2016-12-19 05:59:41.000000000 +0100
+--- openssh/auth2-pubkey.c.role-mls	2018-08-22 11:14:56.816430924 +0200
-+++ openssh-7.4p1/auth2-pubkey.c	2016-12-23 12:19:58.587459379 +0100
+++ openssh/auth2-pubkey.c	2018-08-22 11:17:07.331483958 +0200
-@@ -151,9 +151,15 @@ userauth_pubkey(Authctxt *authctxt)
+@@ -169,9 +169,16 @@ userauth_pubkey(struct ssh *ssh)
- 				    __func__, ssh_err(r));
+ 			goto done;
 		}
 		/* reconstruct packet */
 -		xasprintf(&userstyle, "%s%s%s", authctxt->user,
@ -110,17 +109,18 @@ diff -up openssh-7.4p1/auth2-pubkey.c.role-mls openssh-7.4p1/auth2-pubkey.c
 +		    authctxt->style ? authctxt->style : "",
 +#ifdef WITH_SELINUX
 +		    authctxt->role ? "/" : "",
-+		    authctxt->role ? authctxt->role : "");
+		    authctxt->role ? authctxt->role : ""
 +#else
-+		    "", "");
+		    "", ""
 +#endif
 +		    );
 		if ((r = sshbuf_put_u8(b, SSH2_MSG_USERAUTH_REQUEST)) != 0 ||
 		    (r = sshbuf_put_cstring(b, userstyle)) != 0 ||
 		    (r = sshbuf_put_cstring(b, authctxt->service)) != 0 ||
-diff -up openssh-7.4p1/auth.h.role-mls openssh-7.4p1/auth.h
+diff -up openssh/auth.h.role-mls openssh/auth.h
--- openssh-7.4p1/auth.h.role-mls	2016-12-19 05:59:41.000000000 +0100
+--- openssh/auth.h.role-mls	2018-08-20 07:57:29.000000000 +0200
-+++ openssh-7.4p1/auth.h	2016-12-23 12:19:43.478510375 +0100
+++ openssh/auth.h	2018-08-22 11:14:56.816430924 +0200
-@@ -62,6 +62,9 @@ struct Authctxt {
+@@ -65,6 +65,9 @@ struct Authctxt {
 	char		*service;
 	struct passwd	*pw;		/* set if 'valid' */
 	char		*style;
@ -130,10 +130,10 @@ diff -up openssh-7.4p1/auth.h.role-mls openssh-7.4p1/auth.h
 	/* Method lists for multiple authentication */
 	char		**auth_methods;	/* modified from server config */
-diff -up openssh-7.4p1/auth-pam.c.role-mls openssh-7.4p1/auth-pam.c
+diff -up openssh/auth-pam.c.role-mls openssh/auth-pam.c
--- openssh-7.4p1/auth-pam.c.role-mls	2016-12-19 05:59:41.000000000 +0100
+--- openssh/auth-pam.c.role-mls	2018-08-20 07:57:29.000000000 +0200
-+++ openssh-7.4p1/auth-pam.c	2016-12-23 12:19:43.477510378 +0100
+++ openssh/auth-pam.c	2018-08-22 11:14:56.816430924 +0200
-@@ -1087,7 +1087,7 @@ is_pam_session_open(void)
+@@ -1172,7 +1172,7 @@ is_pam_session_open(void)
  * during the ssh authentication process.
  */
 int
@ -142,10 +142,10 @@ diff -up openssh-7.4p1/auth-pam.c.role-mls openssh-7.4p1/auth-pam.c
 {
 	int ret = 1;
 #ifdef HAVE_PAM_PUTENV
-diff -up openssh-7.4p1/auth-pam.h.role-mls openssh-7.4p1/auth-pam.h
+diff -up openssh/auth-pam.h.role-mls openssh/auth-pam.h
--- openssh-7.4p1/auth-pam.h.role-mls	2016-12-23 12:19:43.478510375 +0100
+--- openssh/auth-pam.h.role-mls	2018-08-20 07:57:29.000000000 +0200
-+++ openssh-7.4p1/auth-pam.h	2016-12-23 12:21:44.698101234 +0100
+++ openssh/auth-pam.h	2018-08-22 11:14:56.817430932 +0200
-@@ -31,7 +31,7 @@ u_int do_pam_account(void);
+@@ -33,7 +33,7 @@ u_int do_pam_account(void);
 void do_pam_session(struct ssh *);
 void do_pam_setcred(int );
 void do_pam_chauthtok(void);
@ -154,10 +154,24 @@ diff -up openssh-7.4p1/auth-pam.h.role-mls openssh-7.4p1/auth-pam.h
 char ** fetch_pam_environment(void);
 char ** fetch_pam_child_environment(void);
 void free_pam_environment(char **);
-diff -up openssh-7.4p1/misc.c.role-mls openssh-7.4p1/misc.c
+diff -up openssh/configure.ac.role-mls openssh/configure.ac
--- openssh-7.4p1/misc.c.role-mls	2016-12-19 05:59:41.000000000 +0100
+--- openssh/configure.ac.role-mls	2018-08-20 07:57:29.000000000 +0200
-+++ openssh-7.4p1/misc.c	2016-12-23 12:19:58.587459379 +0100
+++ openssh/configure.ac	2018-08-22 11:14:56.820430957 +0200
-@@ -432,6 +432,7 @@ char *
+@@ -4241,10 +4241,7 @@ AC_ARG_WITH([selinux],
 			  LIBS="$LIBS -lselinux"
 			],
 			AC_MSG_ERROR([SELinux support requires libselinux library]))
 -		SSHLIBS="$SSHLIBS $LIBSELINUX"
 -		SSHDLIBS="$SSHDLIBS $LIBSELINUX"
 		AC_CHECK_FUNCS([getseuserbyname get_default_context_with_level])
 -		LIBS="$save_LIBS"
 	fi ]
 )
 AC_SUBST([SSHLIBS])
 diff -up openssh/misc.c.role-mls openssh/misc.c
 --- openssh/misc.c.role-mls	2018-08-20 07:57:29.000000000 +0200
 +++ openssh/misc.c	2018-08-22 11:14:56.817430932 +0200
@@ -542,6 +542,7 @@ char *
 colon(char *cp)
 {
 	int flag = 0;
@ -165,7 +179,7 @@ diff -up openssh-7.4p1/misc.c.role-mls openssh-7.4p1/misc.c
 	if (*cp == ':')		/* Leading colon is part of file name. */
 		return NULL;
-@@ -447,6 +448,13 @@ colon(char *cp)
+@@ -557,6 +558,13 @@ colon(char *cp)
 			return (cp);
 		if (*cp == '/')
 			return NULL;
@ -179,20 +193,20 @@ diff -up openssh-7.4p1/misc.c.role-mls openssh-7.4p1/misc.c
 	}
 	return NULL;
 }
-diff -up openssh-7.4p1/monitor.c.role-mls openssh-7.4p1/monitor.c
+diff -up openssh/monitor.c.role-mls openssh/monitor.c
--- openssh-7.4p1/monitor.c.role-mls	2016-12-19 05:59:41.000000000 +0100
+--- openssh/monitor.c.role-mls	2018-08-20 07:57:29.000000000 +0200
-+++ openssh-7.4p1/monitor.c	2016-12-23 12:23:03.503835248 +0100
+++ openssh/monitor.c	2018-08-22 11:19:56.006844867 +0200
-@@ -127,6 +127,9 @@ int mm_answer_sign(int, Buffer *);
+@@ -115,6 +115,9 @@ int mm_answer_sign(int, struct sshbuf *)
- int mm_answer_pwnamallow(int, Buffer *);
+ int mm_answer_pwnamallow(int, struct sshbuf *);
- int mm_answer_auth2_read_banner(int, Buffer *);
+ int mm_answer_auth2_read_banner(int, struct sshbuf *);
- int mm_answer_authserv(int, Buffer *);
+ int mm_answer_authserv(int, struct sshbuf *);
 +#ifdef WITH_SELINUX
-+int mm_answer_authrole(int, Buffer *);
+int mm_answer_authrole(int, struct sshbuf *);
 +#endif
- int mm_answer_authpassword(int, Buffer *);
+ int mm_answer_authpassword(int, struct sshbuf *);
- int mm_answer_bsdauthquery(int, Buffer *);
+ int mm_answer_bsdauthquery(int, struct sshbuf *);
- int mm_answer_bsdauthrespond(int, Buffer *);
+ int mm_answer_bsdauthrespond(int, struct sshbuf *);
-@@ -202,6 +205,9 @@ struct mon_table mon_dispatch_proto20[]
+@@ -189,6 +192,9 @@ struct mon_table mon_dispatch_proto20[]
     {MONITOR_REQ_SIGN, MON_ONCE, mm_answer_sign},
     {MONITOR_REQ_PWNAM, MON_ONCE, mm_answer_pwnamallow},
     {MONITOR_REQ_AUTHSERV, MON_ONCE, mm_answer_authserv},
@ -202,7 +216,7 @@ diff -up openssh-7.4p1/monitor.c.role-mls openssh-7.4p1/monitor.c
     {MONITOR_REQ_AUTH2_READ_BANNER, MON_ONCE, mm_answer_auth2_read_banner},
     {MONITOR_REQ_AUTHPASSWORD, MON_AUTH, mm_answer_authpassword},
 #ifdef USE_PAM
-@@ -769,6 +775,9 @@ mm_answer_pwnamallow(int sock, Buffer *m
+@@ -796,6 +802,9 @@ mm_answer_pwnamallow(int sock, struct ss
 	/* Allow service/style information on the auth context */
 	monitor_permit(mon_dispatch, MONITOR_REQ_AUTHSERV, 1);
@ -212,19 +226,20 @@ diff -up openssh-7.4p1/monitor.c.role-mls openssh-7.4p1/monitor.c
 	monitor_permit(mon_dispatch, MONITOR_REQ_AUTH2_READ_BANNER, 1);
 #ifdef USE_PAM
-@@ -810,6 +819,25 @@ mm_answer_authserv(int sock, Buffer *m)
+@@ -842,6 +851,26 @@ mm_answer_authserv(int sock, struct sshb
 	return (0);
 }
 +#ifdef WITH_SELINUX
 +int
-+mm_answer_authrole(int sock, Buffer *m)
+mm_answer_authrole(int sock, struct sshbuf *m)
 +{
 +	int r;
 +	monitor_permit_authentications(1);
 +
-+	authctxt->role = buffer_get_string(m, NULL);
+	if ((r = sshbuf_get_cstring(m, &authctxt->role, NULL)) != 0)
-+	debug3("%s: role=%s",
+		fatal("%s: buffer error: %s", __func__, ssh_err(r));
-+	    __func__, authctxt->role);
+	debug3("%s: role=%s", __func__, authctxt->role);
 +
 +	if (strlen(authctxt->role) == 0) {
 +		free(authctxt->role);
@ -236,48 +251,48 @@ diff -up openssh-7.4p1/monitor.c.role-mls openssh-7.4p1/monitor.c
 +#endif
 +
 int
- mm_answer_authpassword(int sock, Buffer *m)
+ mm_answer_authpassword(int sock, struct sshbuf *m)
 {
-@@ -1208,7 +1236,7 @@ monitor_valid_userblob(u_char *data, u_i
+@@ -1218,7 +1247,7 @@ monitor_valid_userblob(u_char *data, u_i
 {
- 	Buffer b;
+ 	struct sshbuf *b;
- 	u_char *p;
+ 	const u_char *p;
 -	char *userstyle, *cp;
-+	char *userstyle, *r, *cp;
+	char *userstyle, *s, *cp;
- 	u_int len;
+ 	size_t len;
- 	int fail = 0;
+ 	u_char type;
- 
+ 	int r, fail = 0;
-@@ -1234,6 +1262,8 @@ monitor_valid_userblob(u_char *data, u_i
+@@ -1251,6 +1280,8 @@ monitor_valid_userblob(u_char *data, u_i
 	if (buffer_get_char(&b) != SSH2_MSG_USERAUTH_REQUEST)
 		fail++;
- 	cp = buffer_get_cstring(&b, NULL);
+ 	if ((r = sshbuf_get_cstring(b, &cp, NULL)) != 0)
-+	if ((r = strchr(cp, '/')) != NULL)
+ 		fatal("%s: buffer error: %s", __func__, ssh_err(r));
-+		*r = '\0';
+	if ((s = strchr(cp, '/')) != NULL)
 +		*s = '\0';
 	xasprintf(&userstyle, "%s%s%s", authctxt->user,
 	    authctxt->style ? ":" : "",
 	    authctxt->style ? authctxt->style : "");
-@@ -1269,7 +1299,7 @@ monitor_valid_hostbasedblob(u_char *data
+@@ -1286,7 +1317,7 @@ monitor_valid_hostbasedblob(u_char *data
     char *chost)
 {
- 	Buffer b;
+ 	struct sshbuf *b;
-	char *p, *userstyle;
+ 	const u_char *p;
-+	char *p, *r, *userstyle;
+-	char *cp, *userstyle;
- 	u_int len;
+	char *cp, *s, *userstyle;
- 	int fail = 0;
+ 	size_t len;
- 
+ 	int r, fail = 0;
-@@ -1286,6 +1316,8 @@ monitor_valid_hostbasedblob(u_char *data
+ 	u_char type;
- 	if (buffer_get_char(&b) != SSH2_MSG_USERAUTH_REQUEST)
+@@ -1308,6 +1339,8 @@ monitor_valid_hostbasedblob(u_char *data
 		fail++;
- 	p = buffer_get_cstring(&b, NULL);
+ 	if ((r = sshbuf_get_cstring(b, &cp, NULL)) != 0)
-+	if ((r = strchr(p, '/')) != NULL)
+ 		fatal("%s: buffer error: %s", __func__, ssh_err(r));
-+		*r = '\0';
+	if ((s = strchr(p, '/')) != NULL)
 +		*s = '\0';
 	xasprintf(&userstyle, "%s%s%s", authctxt->user,
 	    authctxt->style ? ":" : "",
 	    authctxt->style ? authctxt->style : "");
-diff -up openssh-7.4p1/monitor.h.role-mls openssh-7.4p1/monitor.h
+diff -up openssh/monitor.h.role-mls openssh/monitor.h
--- openssh-7.4p1/monitor.h.role-mls	2016-12-19 05:59:41.000000000 +0100
+--- openssh/monitor.h.role-mls	2018-08-20 07:57:29.000000000 +0200
-+++ openssh-7.4p1/monitor.h	2016-12-23 12:19:58.588459376 +0100
+++ openssh/monitor.h	2018-08-22 11:14:56.818430941 +0200
-@@ -57,6 +57,10 @@ enum monitor_reqtype {
+@@ -55,6 +55,10 @@ enum monitor_reqtype {
 	MONITOR_REQ_GSSCHECKMIC = 48, MONITOR_ANS_GSSCHECKMIC = 49,
 	MONITOR_REQ_TERM = 50,
@ -288,11 +303,11 @@ diff -up openssh-7.4p1/monitor.h.role-mls openssh-7.4p1/monitor.h
 	MONITOR_REQ_PAM_START = 100,
 	MONITOR_REQ_PAM_ACCOUNT = 102, MONITOR_ANS_PAM_ACCOUNT = 103,
 	MONITOR_REQ_PAM_INIT_CTX = 104, MONITOR_ANS_PAM_INIT_CTX = 105,
-diff -up openssh-7.4p1/monitor_wrap.c.role-mls openssh-7.4p1/monitor_wrap.c
+diff -up openssh/monitor_wrap.c.role-mls openssh/monitor_wrap.c
--- openssh-7.4p1/monitor_wrap.c.role-mls	2016-12-19 05:59:41.000000000 +0100
+--- openssh/monitor_wrap.c.role-mls	2018-08-22 11:14:56.818430941 +0200
-+++ openssh-7.4p1/monitor_wrap.c	2016-12-23 12:19:58.588459376 +0100
+++ openssh/monitor_wrap.c	2018-08-22 11:21:47.938747968 +0200
-@@ -345,6 +345,25 @@ mm_inform_authserv(char *service, char *
+@@ -390,6 +390,27 @@ mm_inform_authserv(char *service, char *
- 	buffer_free(&m);
+ 	sshbuf_free(m);
 }
 +/* Inform the privileged process about role */
@ -301,28 +316,30 @@ diff -up openssh-7.4p1/monitor_wrap.c.role-mls openssh-7.4p1/monitor_wrap.c
 +void
 +mm_inform_authrole(char *role)
 +{
-+	Buffer m;
+	int r;
 +	struct sshbuf *m;
 +
 +	debug3("%s entering", __func__);
 +
-+	buffer_init(&m);
+	if ((m = sshbuf_new()) == NULL)
-+	buffer_put_cstring(&m, role ? role : "");
+		fatal("%s: sshbuf_new failed", __func__);
 +	if ((r = sshbuf_put_cstring(m, role ? role : "")) != 0)
 +		fatal("%s: buffer error: %s", __func__, ssh_err(r));
 +	mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_AUTHROLE, m);
 +
-+	mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_AUTHROLE, &m);
+	sshbuf_free(m);
 +
 +	buffer_free(&m);
 +}
 +#endif
 +
 /* Do the password authentication */
 int
 mm_auth_password(struct ssh *ssh, char *password)
-diff -up openssh-7.4p1/monitor_wrap.h.role-mls openssh-7.4p1/monitor_wrap.h
+diff -up openssh/monitor_wrap.h.role-mls openssh/monitor_wrap.h
--- openssh-7.4p1/monitor_wrap.h.role-mls	2016-12-19 05:59:41.000000000 +0100
+--- openssh/monitor_wrap.h.role-mls	2018-08-22 11:14:56.818430941 +0200
-+++ openssh-7.4p1/monitor_wrap.h	2016-12-23 12:19:58.588459376 +0100
+++ openssh/monitor_wrap.h	2018-08-22 11:22:10.439929513 +0200
-@@ -42,6 +42,9 @@ int mm_is_monitor(void);
+@@ -44,6 +44,9 @@ DH *mm_choose_dh(int, int, int);
- int mm_key_sign(struct sshkey *, u_char **, u_int *, const u_char *, u_int,
+ int mm_sshkey_sign(struct sshkey *, u_char **, size_t *, const u_char *, size_t,
-     const char *);
+     const char *, u_int compat);
 void mm_inform_authserv(char *, char *);
 +#ifdef WITH_SELINUX
 +void mm_inform_authrole(char *);
@ -330,10 +347,10 @@ diff -up openssh-7.4p1/monitor_wrap.h.role-mls openssh-7.4p1/monitor_wrap.h
 struct passwd *mm_getpwnamallow(const char *);
 char *mm_auth2_read_banner(void);
 int mm_auth_password(struct ssh *, char *);
-diff -up openssh-7.4p1/openbsd-compat/Makefile.in.role-mls openssh-7.4p1/openbsd-compat/Makefile.in
+diff -up openssh/openbsd-compat/Makefile.in.role-mls openssh/openbsd-compat/Makefile.in
--- openssh-7.4p1/openbsd-compat/Makefile.in.role-mls	2016-12-23 12:19:58.588459376 +0100
+--- openssh/openbsd-compat/Makefile.in.role-mls	2018-08-20 07:57:29.000000000 +0200
-+++ openssh-7.4p1/openbsd-compat/Makefile.in	2016-12-23 12:24:06.042643938 +0100
+++ openssh/openbsd-compat/Makefile.in	2018-08-22 11:14:56.819430949 +0200
-@@ -20,7 +20,8 @@ OPENBSD=base64.o basename.o bcrypt_pbkdf
+@@ -92,7 +92,8 @@ PORTS=	port-aix.o \
 	port-linux.o \
 	port-solaris.o \
 	port-net.o \
@ -343,10 +360,10 @@ diff -up openssh-7.4p1/openbsd-compat/Makefile.in.role-mls openssh-7.4p1/openbsd
 .c.o:
 	$(CC) $(CFLAGS) $(CPPFLAGS) -c $<
-diff -up openssh-7.4p1/openbsd-compat/port-linux.c.role-mls openssh-7.4p1/openbsd-compat/port-linux.c
+diff -up openssh/openbsd-compat/port-linux.c.role-mls openssh/openbsd-compat/port-linux.c
--- openssh-7.4p1/openbsd-compat/port-linux.c.role-mls	2016-12-19 05:59:41.000000000 +0100
+--- openssh/openbsd-compat/port-linux.c.role-mls	2018-08-20 07:57:29.000000000 +0200
-+++ openssh-7.4p1/openbsd-compat/port-linux.c	2016-12-23 12:19:58.590459369 +0100
+++ openssh/openbsd-compat/port-linux.c	2018-08-22 11:14:56.819430949 +0200
-@@ -101,37 +101,6 @@ ssh_selinux_getctxbyname(char *pwname)
+@@ -100,37 +100,6 @@ ssh_selinux_getctxbyname(char *pwname)
 	return sc;
 }
@ -397,9 +414,9 @@ diff -up openssh-7.4p1/openbsd-compat/port-linux.c.role-mls openssh-7.4p1/openbs
 	/* XXX: should these calls fatal() upon failure in enforcing mode? */
-diff -up openssh-7.4p1/openbsd-compat/port-linux.h.role-mls openssh-7.4p1/openbsd-compat/port-linux.h
+diff -up openssh/openbsd-compat/port-linux.h.role-mls openssh/openbsd-compat/port-linux.h
--- openssh-7.4p1/openbsd-compat/port-linux.h.role-mls	2016-12-19 05:59:41.000000000 +0100
+--- openssh/openbsd-compat/port-linux.h.role-mls	2018-08-20 07:57:29.000000000 +0200
-+++ openssh-7.4p1/openbsd-compat/port-linux.h	2016-12-23 12:19:58.591459365 +0100
+++ openssh/openbsd-compat/port-linux.h	2018-08-22 11:14:56.819430949 +0200
@@ -20,9 +20,10 @@
 #ifdef WITH_SELINUX
 int ssh_selinux_enabled(void);
@ -412,10 +429,10 @@ diff -up openssh-7.4p1/openbsd-compat/port-linux.h.role-mls openssh-7.4p1/openbs
 #endif
 #ifdef LINUX_OOM_ADJUST
-diff -up openssh-7.4p1/openbsd-compat/port-linux-sshd.c.role-mls openssh-7.4p1/openbsd-compat/port-linux-sshd.c
+diff -up openssh/openbsd-compat/port-linux-sshd.c.role-mls openssh/openbsd-compat/port-linux-sshd.c
--- openssh-7.4p1/openbsd-compat/port-linux-sshd.c.role-mls	2016-12-23 12:19:58.590459369 +0100
+--- openssh/openbsd-compat/port-linux-sshd.c.role-mls	2018-08-22 11:14:56.819430949 +0200
-+++ openssh-7.4p1/openbsd-compat/port-linux-sshd.c	2016-12-23 12:19:58.590459369 +0100
+++ openssh/openbsd-compat/port-linux-sshd.c	2018-08-22 11:14:56.819430949 +0200
-@@ -0,0 +1,424 @@
+@@ -0,0 +1,425 @@
 +/*
 + * Copyright (c) 2005 Daniel Walsh <dwalsh@redhat.com>
 + * Copyright (c) 2014 Petr Lautrbach <plautrba@redhat.com>
@ -444,13 +461,14 @@ diff -up openssh-7.4p1/openbsd-compat/port-linux-sshd.c.role-mls openssh-7.4p1/o
 +#include <stdarg.h>
 +#include <string.h>
 +#include <stdio.h>
 +#include <stdlib.h>
 +
 +#include "log.h"
 +#include "xmalloc.h"
 +#include "misc.h"      /* servconf.h needs misc.h for struct ForwardOptions */
 +#include "servconf.h"
 +#include "port-linux.h"
-+#include "key.h"
+#include "sshkey.h"
 +#include "hostfile.h"
 +#include "auth.h"
 +
@ -840,10 +858,10 @@ diff -up openssh-7.4p1/openbsd-compat/port-linux-sshd.c.role-mls openssh-7.4p1/o
 +#endif
 +#endif
 +
-diff -up openssh-7.4p1/platform.c.role-mls openssh-7.4p1/platform.c
+diff -up openssh/platform.c.role-mls openssh/platform.c
--- openssh-7.4p1/platform.c.role-mls	2016-12-19 05:59:41.000000000 +0100
+--- openssh/platform.c.role-mls	2018-08-20 07:57:29.000000000 +0200
-+++ openssh-7.4p1/platform.c	2016-12-23 12:19:58.591459365 +0100
+++ openssh/platform.c	2018-08-22 11:14:56.819430949 +0200
-@@ -184,7 +184,7 @@ platform_setusercontext_post_groups(stru
+@@ -183,7 +183,7 @@ platform_setusercontext_post_groups(stru
 	}
 #endif /* HAVE_SETPCRED */
 #ifdef WITH_SELINUX
@ -852,10 +870,10 @@ diff -up openssh-7.4p1/platform.c.role-mls openssh-7.4p1/platform.c
 #endif
 }
-diff -up openssh-7.4p1/sshd.c.role-mls openssh-7.4p1/sshd.c
+diff -up openssh/sshd.c.role-mls openssh/sshd.c
--- openssh-7.4p1/sshd.c.role-mls	2016-12-19 05:59:41.000000000 +0100
+--- openssh/sshd.c.role-mls	2018-08-20 07:57:29.000000000 +0200
-+++ openssh-7.4p1/sshd.c	2016-12-23 12:19:58.591459365 +0100
+++ openssh/sshd.c	2018-08-22 11:14:56.820430957 +0200
-@@ -2053,6 +2053,9 @@ main(int ac, char **av)
+@@ -2186,6 +2186,9 @@ main(int ac, char **av)
 		restore_uid();
 	}
 #endif
@ -865,16 +883,3 @@ diff -up openssh-7.4p1/sshd.c.role-mls openssh-7.4p1/sshd.c
 #ifdef USE_PAM
 	if (options.use_pam) {
 		do_pam_setcred(1);
 --- openssh/configure.ac.role-mls	2017-09-27 12:54:52.926425979 +0200
 +++ openssh/configure.ac	2017-09-27 12:57:06.854224956 +0200
@@ -4158,10 +4158,7 @@
 			  LIBS="$LIBS -lselinux"
 			],
 			AC_MSG_ERROR([SELinux support requires libselinux library]))
 -		SSHLIBS="$SSHLIBS $LIBSELINUX"
 -		SSHDLIBS="$SSHDLIBS $LIBSELINUX"
 		AC_CHECK_FUNCS([getseuserbyname get_default_context_with_level])
 -		LIBS="$save_LIBS"
 	fi ]
 )
 AC_SUBST([SSHLIBS])
--- a/openssh.spec
+++ b/openssh.spec
@ -65,10 +65,10 @@
 %endif
 # Do not forget to bump pam_ssh_agent_auth release if you rewind the main package release to 1
-%global openssh_ver 7.7p1
+%global openssh_ver 7.8p1
-%global openssh_rel 6
+%global openssh_rel 1
 %global pam_ssh_agent_ver 0.10.3
-%global pam_ssh_agent_rel 4
+%global pam_ssh_agent_rel 5
 Summary: An open source implementation of SSH protocol version 2
 Name: openssh
@ -100,8 +100,6 @@ Patch100: openssh-6.7p1-coverity.patch
 #https://bugzilla.mindrot.org/show_bug.cgi?id=1894
 #https://bugzilla.redhat.com/show_bug.cgi?id=735889
 #Patch102: openssh-5.8p1-getaddrinfo.patch
 #https://bugzilla.mindrot.org/show_bug.cgi?id=1889
 Patch103: openssh-5.8p1-packet.patch
 # OpenSSL 1.1.0 compatibility
 Patch104: openssh-7.3p1-openssl-1.1.0.patch
@ -129,7 +127,7 @@ Patch306: pam_ssh_agent_auth-0.10.2-compat.patch
 Patch307: pam_ssh_agent_auth-0.10.2-dereference.patch
 #https://bugzilla.mindrot.org/show_bug.cgi?id=1641 (WONTFIX)
-Patch400: openssh-6.6p1-role-mls.patch
+Patch400: openssh-7.8p1-role-mls.patch
 #https://bugzilla.redhat.com/show_bug.cgi?id=781634
 Patch404: openssh-6.6p1-privsep-selinux.patch
@ -157,12 +155,10 @@ Patch702: openssh-5.1p1-askpass-progress.patch
 Patch703: openssh-4.3p2-askpass-grab-info.patch
 #https://bugzilla.mindrot.org/show_bug.cgi?id=1635 (WONTFIX)
 Patch707: openssh-7.7p1-redhat.patch
 #https://bugzilla.mindrot.org/show_bug.cgi?id=1890 (WONTFIX) need integration to prng helper which is discontinued :)
 Patch708: openssh-6.6p1-entropy.patch
 #https://bugzilla.mindrot.org/show_bug.cgi?id=1640 (WONTFIX)
 Patch709: openssh-6.2p1-vendor.patch
 # warn users for unsupported UsePAM=no (#757545)
-Patch711: openssh-7.2p2-UsePAM-UseLogin-warning.patch
+Patch711: openssh-7.8p1-UsePAM-warning.patch
 # make aes-ctr ciphers use EVP engines such as AES-NI from OpenSSL
 Patch712: openssh-6.3p1-ctr-evp-fast.patch
 # add cavs test binary for the aes-ctr
@ -173,7 +169,7 @@ Patch714: openssh-6.7p1-kdf-cavs.patch
 #http://www.sxw.org.uk/computing/patches/openssh.html
 #changed cache storage type - #848228
-Patch800: openssh-7.2p1-gsskex.patch
+Patch800: openssh-7.8p1-gsskex.patch
 #http://www.mail-archive.com/kerberos@mit.edu/msg17591.html
 Patch801: openssh-6.6p1-force_krb.patch
 # add new option GSSAPIEnablek5users and disable using ~/.k5users by default (#1169843)
@ -204,7 +200,7 @@ Patch918: openssh-6.6.1p1-log-in-chroot.patch
 # scp file into non-existing directory (#1142223)
 Patch919: openssh-6.6.1p1-scp-non-existing-directory.patch
 # Config parser shouldn't accept ip/port syntax (#1130733)
-Patch920: openssh-6.6.1p1-ip-port-config-parser.patch
+Patch920: openssh-7.8p1-ip-port-config-parser.patch
 # apply upstream patch and make sshd -T more consistent (#1187521)
 Patch922: openssh-6.8p1-sshdT-output.patch
 # Add sftp option to force mode of created files (#1191055)
@ -213,8 +209,6 @@ Patch926: openssh-6.7p1-sftp-force-permission.patch
 Patch929: openssh-6.9p1-permit-root-login.patch
 # Add GSSAPIKexAlgorithms option for server and client application
 Patch932: openssh-7.0p1-gssKexAlgorithms.patch
 # Possibility to validate legacy systems by more fingerprints (#1249626)(#2439)
 Patch933: openssh-7.0p1-show-more-fingerprints.patch
 # make s390 use /dev/ crypto devices -- ignore closefrom
 Patch939: openssh-7.2p2-s390-closefrom.patch
 # Move MAX_DISPLAYS to a configuration option (#1341302)
@ -229,8 +223,6 @@ Patch950: openssh-7.5p1-sandbox.patch
 Patch951: openssh-7.6p1-pkcs11-uri.patch
 # PKCS#11 ECDSA keys (upstream #2474, 8th iteration)
 Patch952: openssh-7.6p1-pkcs11-ecdsa.patch
 # Opening tun devices fails + other regressions in OpenSSH v7.7 (#2855, #1567775)
 Patch953: openssh-7.7p1-tun-devices.patch
 License: BSD
 Group: Applications/Internet
@ -326,7 +318,7 @@ Requires: openssh = %{version}-%{release}
 Summary: PAM module for authentication with ssh-agent
 Group: System Environment/Base
 Version: %{pam_ssh_agent_ver}
-Release: %{pam_ssh_agent_rel}.%{openssh_rel}%{?dist}%{?rescue_rel}.1
+Release: %{pam_ssh_agent_rel}.%{openssh_rel}%{?dist}%{?rescue_rel}
 License: BSD
 %description
@ -390,7 +382,6 @@ gpgv2 --quiet --keyring %{SOURCE3} %{SOURCE1} %{SOURCE0}
 %endif
 # investigate %patch102 -p1 -b .getaddrinfo
 %patch103 -p1 -b .packet
 %if %{pam_ssh_agent}
 pushd pam_ssh_agent_auth-%{pam_ssh_agent_ver}
@ -421,7 +412,6 @@ popd
 %patch702 -p1 -b .progress
 %patch703 -p1 -b .grab-info
 %patch707 -p1 -b .redhat
 %patch708 -p1 -b .entropy
 %patch709 -p1 -b .vendor
 %patch711 -p1 -b .log-usepam-no
 %patch712 -p1 -b .evp-ctr
@ -447,7 +437,6 @@ popd
 %patch926 -p1 -b .sftp-force-mode
 %patch929 -p1 -b .root-login
 %patch932 -p1 -b .gsskexalg
 %patch933 -p1 -b .fingerprint
 %patch939 -p1 -b .s390-dev
 %patch944 -p1 -b .x11max
 %patch948 -p1 -b .systemd
@ -456,7 +445,6 @@ popd
 %patch950 -p1 -b .sandbox
 %patch951 -p1 -b .pkcs11-uri
 %patch952 -p1 -b .pkcs11-ecdsa
 %patch953 -p1 -b .tun-devices
 %patch200 -p1 -b .audit
 %patch201 -p1 -b .audit-race
--- a/pam_ssh_agent_auth-0.10.2-compat.patch
+++ b/pam_ssh_agent_auth-0.10.2-compat.patch
@ -1,7 +1,15 @@
-diff -up openssh-7.4p1/pam_ssh_agent_auth-0.10.3/get_command_line.c.psaa-compat openssh-7.4p1/pam_ssh_agent_auth-0.10.3/get_command_line.c
+diff -up openssh/pam_ssh_agent_auth-0.10.3/get_command_line.c.psaa-compat openssh/pam_ssh_agent_auth-0.10.3/get_command_line.c
--- openssh-7.4p1/pam_ssh_agent_auth-0.10.3/get_command_line.c.psaa-compat	2016-11-13 04:24:32.000000000 +0100
+--- openssh/pam_ssh_agent_auth-0.10.3/get_command_line.c.psaa-compat	2016-11-13 04:24:32.000000000 +0100
-+++ openssh-7.4p1/pam_ssh_agent_auth-0.10.3/get_command_line.c	2017-02-07 14:41:20.483509205 +0100
+++ openssh/pam_ssh_agent_auth-0.10.3/get_command_line.c	2018-08-24 10:22:56.281930322 +0200
-@@ -65,8 +65,8 @@ proc_pid_cmdline(char *** inargv)
+@@ -27,6 +27,7 @@
  * or implied, of Jamie Beverly.
  */
 +#include <stdlib.h>
 #include <stdio.h>
 #include <errno.h>
 #include <string.h>
@@ -65,8 +66,8 @@ proc_pid_cmdline(char *** inargv)
                 case EOF:
                 case '\0':
                     if (len > 0) { 
@ -12,7 +20,7 @@ diff -up openssh-7.4p1/pam_ssh_agent_auth-0.10.3/get_command_line.c.psaa-compat
                         strncpy(argv[count++], argbuf, len);
                         memset(argbuf, '\0', MAX_LEN_PER_CMDLINE_ARG + 1);
                         len = 0;
-@@ -105,9 +105,9 @@ pamsshagentauth_free_command_line(char *
+@@ -105,9 +106,9 @@ pamsshagentauth_free_command_line(char *
 {
     size_t i;
     for (i = 0; i < n_args; i++)
@ -24,9 +32,43 @@ diff -up openssh-7.4p1/pam_ssh_agent_auth-0.10.3/get_command_line.c.psaa-compat
     return;
 }
-diff -up openssh-7.4p1/pam_ssh_agent_auth-0.10.3/iterate_ssh_agent_keys.c.psaa-compat openssh-7.4p1/pam_ssh_agent_auth-0.10.3/iterate_ssh_agent_keys.c
+diff -up openssh/pam_ssh_agent_auth-0.10.3/identity.h.psaa-compat openssh/pam_ssh_agent_auth-0.10.3/identity.h
--- openssh-7.4p1/pam_ssh_agent_auth-0.10.3/iterate_ssh_agent_keys.c.psaa-compat	2017-02-07 14:41:20.479509208 +0100
+--- openssh/pam_ssh_agent_auth-0.10.3/identity.h.psaa-compat	2016-11-13 04:24:32.000000000 +0100
-+++ openssh-7.4p1/pam_ssh_agent_auth-0.10.3/iterate_ssh_agent_keys.c	2017-02-07 14:41:20.481509206 +0100
+++ openssh/pam_ssh_agent_auth-0.10.3/identity.h	2018-08-24 10:18:05.009393312 +0200
@@ -30,8 +30,8 @@
 #include "openbsd-compat/sys-queue.h"
 #include "xmalloc.h"
 #include "log.h"
 -#include "buffer.h"
 -#include "key.h"
 +#include "sshbuf.h"
 +#include "sshkey.h"
 #include "authfd.h"
 #include <stdio.h>
@@ -41,7 +41,7 @@ typedef struct idlist Idlist;
 struct identity {
     TAILQ_ENTRY(identity) next;
     AuthenticationConnection *ac;   /* set if agent supports key */
 -    Key *key;           /* public/private key */
 +    struct sshkey *key;           /* public/private key */
     char    *filename;      /* comment for agent-only keys */
     int tried;
     int isprivate;      /* key points to the private key */
 diff -up openssh/pam_ssh_agent_auth-0.10.3/iterate_ssh_agent_keys.c.psaa-compat openssh/pam_ssh_agent_auth-0.10.3/iterate_ssh_agent_keys.c
 --- openssh/pam_ssh_agent_auth-0.10.3/iterate_ssh_agent_keys.c.psaa-compat	2018-08-24 10:18:05.007393297 +0200
 +++ openssh/pam_ssh_agent_auth-0.10.3/iterate_ssh_agent_keys.c	2018-08-24 10:18:32.937612513 +0200
@@ -36,8 +36,8 @@
 #include "openbsd-compat/sys-queue.h"
 #include "xmalloc.h"
 #include "log.h"
 -#include "buffer.h"
 -#include "key.h"
 +#include "sshbuf.h"
 +#include "sshkey.h"
 #include "authfd.h"
 #include <stdio.h>
 #include <openssl/evp.h>
@@ -58,6 +58,8 @@
 #include "get_command_line.h"
 extern char **environ;
@ -45,25 +87,48 @@ diff -up openssh-7.4p1/pam_ssh_agent_auth-0.10.3/iterate_ssh_agent_keys.c.psaa-c
     for (i = 0; i < count; i++) {
         strcat(buf, (i > 0) ? " '" : "'");
         strncat(buf, action[i], MAX_LEN_PER_CMDLINE_ARG);
-@@ -90,12 +92,12 @@ void
+@@ -87,21 +89,25 @@ log_action(char ** action, size_t count)
- agent_action(Buffer *buf, char ** action, size_t count)
+ }
 void
 -agent_action(Buffer *buf, char ** action, size_t count)
 +agent_action(struct sshbuf *buf, char ** action, size_t count)
 {
     size_t i;
 -    pamsshagentauth_buffer_init(buf);
-+    buffer_init(buf);
+    int r;
 -    pamsshagentauth_buffer_put_int(buf, count);
-+    buffer_put_int(buf, count);
+    if ((buf = sshbuf_new()) == NULL)
 +        fatal("%s: sshbuf_new failed", __func__);
 +    if ((r = sshbuf_put_u32(buf, count)) != 0)
 +        fatal("%s: buffer error: %s", __func__, ssh_err(r));
     for (i = 0; i < count; i++) {
 -        pamsshagentauth_buffer_put_cstring(buf, action[i]);
-+        buffer_put_cstring(buf, action[i]);
+        if ((r = sshbuf_put_cstring(buf, action[i])) != 0)
 +            fatal("%s: buffer error: %s", __func__, ssh_err(r));
     }
 }
-@@ -119,17 +121,17 @@ pamsshagentauth_session_id2_gen(Buffer *
+ 
 -void
 -pamsshagentauth_session_id2_gen(Buffer * session_id2, const char * user,
 +static void
 +pamsshagentauth_session_id2_gen(struct sshbuf ** session_id2, const char * user,
                                 const char * ruser, const char * servicename)
 {
     u_char *cookie = NULL;
@@ -114,22 +116,23 @@ pamsshagentauth_session_id2_gen(Buffer *
     char ** reported_argv = NULL;
     size_t count = 0;
     char * action_logbuf = NULL;
 -    Buffer action_agentbuf;
 +    struct sshbuf *action_agentbuf = NULL;
     uint8_t free_logbuf = 0;
     char * retc;
     int32_t reti;
 +    int r;
 -    rnd = pamsshagentauth_arc4random();
 +    rnd = arc4random();
@ -73,7 +138,7 @@ diff -up openssh-7.4p1/pam_ssh_agent_auth-0.10.3/iterate_ssh_agent_keys.c.psaa-c
     }
 -    cookie = pamsshagentauth_xcalloc(1,cookie_len);
-+    cookie = xcalloc(1,cookie_len);
+    cookie = xcalloc(1, cookie_len);
     for (i = 0; i < cookie_len; i++) {
         if (i % 4 == 0) {
@ -82,21 +147,29 @@ diff -up openssh-7.4p1/pam_ssh_agent_auth-0.10.3/iterate_ssh_agent_keys.c.psaa-c
         }
         cookie[i] = (u_char) rnd;
         rnd >>= 8;
-@@ -144,7 +146,7 @@ pamsshagentauth_session_id2_gen(Buffer *
+@@ -139,12 +141,13 @@ pamsshagentauth_session_id2_gen(Buffer *
     if (count > 0) { 
         free_logbuf = 1;
         action_logbuf = log_action(reported_argv, count);
 -        agent_action(&action_agentbuf, reported_argv, count);
 +        agent_action(action_agentbuf, reported_argv, count);
         pamsshagentauth_free_command_line(reported_argv, count);
     }
     else {
         action_logbuf = "unknown on this platform";
 -        pamsshagentauth_buffer_init(&action_agentbuf); /* stays empty, means unavailable */
-+        buffer_init(&action_agentbuf); /* stays empty, means unavailable */
+        if ((action_agentbuf = sshbuf_new()) == NULL) /* stays empty, means unavailable */
 +            fatal("%s: sshbuf_new failed", __func__);
     }
     /*
-@@ -161,35 +163,35 @@ pamsshagentauth_session_id2_gen(Buffer *
+@@ -161,35 +163,39 @@ pamsshagentauth_session_id2_gen(Buffer *
     retc = getcwd(pwd, sizeof(pwd) - 1);
     time(&ts);
 -    pamsshagentauth_buffer_init(session_id2);
-+    buffer_init(session_id2);
+    if ((*session_id2 = sshbuf_new()) == NULL)
 +        fatal("%s: sshbuf_new failed", __func__);
 -    pamsshagentauth_buffer_put_int(session_id2, PAM_SSH_AGENT_AUTH_REQUESTv1);
 -    /* pamsshagentauth_debug3("cookie: %s", pamsshagentauth_tohex(cookie, cookie_len)); */
@ -108,49 +181,81 @@ diff -up openssh-7.4p1/pam_ssh_agent_auth-0.10.3/iterate_ssh_agent_keys.c.psaa-c
 -    /* pamsshagentauth_debug3("servicename: %s", servicename); */
 -    pamsshagentauth_buffer_put_cstring(session_id2, servicename);
 -    /* pamsshagentauth_debug3("pwd: %s", pwd); */
-+    buffer_put_int(session_id2, PAM_SSH_AGENT_AUTH_REQUESTv1);
+-    if(retc)
 +    /* debug3("cookie: %s", tohex(cookie, cookie_len)); */
 +    buffer_put_string(session_id2, cookie, cookie_len);
 +    /* debug3("user: %s", user); */
 +    buffer_put_cstring(session_id2, user);
 +    /* debug3("ruser: %s", ruser); */
 +    buffer_put_cstring(session_id2, ruser);
 +    /* debug3("servicename: %s", servicename); */
 +    buffer_put_cstring(session_id2, servicename);
 +    /* debug3("pwd: %s", pwd); */
     if(retc)
 -        pamsshagentauth_buffer_put_cstring(session_id2, pwd);
-+        buffer_put_cstring(session_id2, pwd);
+-    else
     else
 -        pamsshagentauth_buffer_put_cstring(session_id2, "");
 -    /* pamsshagentauth_debug3("action: %s", action_logbuf); */
 -    pamsshagentauth_buffer_put_string(session_id2, action_agentbuf.buf + action_agentbuf.offset, action_agentbuf.end - action_agentbuf.offset);
-+        buffer_put_cstring(session_id2, "");
+    if ((r = sshbuf_put_u32(*session_id2, PAM_SSH_AGENT_AUTH_REQUESTv1)) != 0 ||
-+    /* debug3("action: %s", action_logbuf); */
+        (r = sshbuf_put_string(*session_id2, cookie, cookie_len)) != 0 ||
-+    buffer_put_string(session_id2, sshbuf_ptr(&action_agentbuf), sshbuf_len(&action_agentbuf));
+        (r = sshbuf_put_cstring(*session_id2, user)) != 0 ||
 +        (r = sshbuf_put_cstring(*session_id2, ruser)) != 0 ||
 +        (r = sshbuf_put_cstring(*session_id2, servicename)) != 0)
 +        fatal("%s: buffer error: %s", __func__, ssh_err(r));
 +    if (retc) {
 +        if ((r = sshbuf_put_cstring(*session_id2, pwd)) != 0)
 +            fatal("%s: buffer error: %s", __func__, ssh_err(r));
 +    } else {
 +        if ((r = sshbuf_put_cstring(*session_id2, "")) != 0)
 +            fatal("%s: buffer error: %s", __func__, ssh_err(r));
 +    }
 +    if ((r = sshbuf_put_stringb(*session_id2, action_agentbuf)) != 0)
 +        fatal("%s: buffer error: %s", __func__, ssh_err(r));
     if (free_logbuf) { 
 -        pamsshagentauth_xfree(action_logbuf);
 -        pamsshagentauth_buffer_free(&action_agentbuf);
 +        free(action_logbuf);
-+        buffer_free(&action_agentbuf);
+        sshbuf_free(action_agentbuf);
     }
 -    /* pamsshagentauth_debug3("hostname: %s", hostname); */
-+    /* debug3("hostname: %s", hostname); */
+-    if(reti >= 0)
     if(reti >= 0)
 -        pamsshagentauth_buffer_put_cstring(session_id2, hostname);
-+        buffer_put_cstring(session_id2, hostname);
+-    else
     else
 -        pamsshagentauth_buffer_put_cstring(session_id2, "");
 -    /* pamsshagentauth_debug3("ts: %ld", ts); */
 -    pamsshagentauth_buffer_put_int64(session_id2, (uint64_t) ts);
-+        buffer_put_cstring(session_id2, "");
+    /* debug3("hostname: %s", hostname); */
 +    if (reti >= 0) {
 +        if ((r = sshbuf_put_cstring(*session_id2, hostname)) != 0)
 +            fatal("%s: buffer error: %s", __func__, ssh_err(r));
 +    } else {
 +        if ((r = sshbuf_put_cstring(*session_id2, "")) != 0)
 +            fatal("%s: buffer error: %s", __func__, ssh_err(r));
 +    }
 +    /* debug3("ts: %ld", ts); */
-+    buffer_put_int64(session_id2, (uint64_t) ts);
+    if ((r = sshbuf_put_u64(*session_id2, (uint64_t) ts)) != 0)
 +        fatal("%s: buffer error: %s", __func__, ssh_err(r));
     free(cookie);
     return;
-@@ -295,29 +297,29 @@ pamsshagentauth_find_authorized_keys(con
+@@ -278,7 +280,8 @@ ssh_get_authentication_connection_for_ui
-     pamsshagentauth_session_id2_gen(&session_id2, user, ruser, servicename);
+ 
 	auth = xmalloc(sizeof(*auth));
 	auth->fd = sock;
 -	buffer_init(&auth->identities);
 +	if ((auth->identities = sshbuf_new()) == NULL)
 +           fatal("%s: sshbuf_new failed", __func__);
 	auth->howmany = 0;
 	return auth;
@@ -287,43 +289,42 @@ ssh_get_authentication_connection_for_ui
 int
 pamsshagentauth_find_authorized_keys(const char * user, const char * ruser, const char * servicename)
 {
 -    Buffer session_id2 = { 0 };
 +    struct sshbuf *session_id2 = NULL;
     Identity *id;
 -    Key *key;
 +    struct sshkey *key;
     AuthenticationConnection *ac;
     char *comment;
     uint8_t retval = 0;
     uid_t uid = getpwnam(ruser)->pw_uid;
     OpenSSL_add_all_digests();
 -    pamsshagentauth_session_id2_gen(&session_id2, user, ruser, servicename);
 +    pamsshagentauth_session_id2_gen(&session_id2, user, ruser, servicename);
     if ((ac = ssh_get_authentication_connection_for_uid(uid))) {
 -        pamsshagentauth_verbose("Contacted ssh-agent of user %s (%u)", ruser, uid);
@ -163,7 +268,8 @@ diff -up openssh-7.4p1/pam_ssh_agent_auth-0.10.3/iterate_ssh_agent_keys.c.psaa-c
                 id->key = key;
                 id->filename = comment;
                 id->ac = ac;
-                 if(userauth_pubkey_from_id(ruser, id, &session_id2)) {
+-                if(userauth_pubkey_from_id(ruser, id, &session_id2)) {
 +                if(userauth_pubkey_from_id(ruser, id, session_id2)) {
                     retval = 1;
                 }
 -                pamsshagentauth_xfree(id->filename);
@ -177,18 +283,20 @@ diff -up openssh-7.4p1/pam_ssh_agent_auth-0.10.3/iterate_ssh_agent_keys.c.psaa-c
             }
         }
 -        pamsshagentauth_buffer_free(&session_id2);
-+        buffer_free(&session_id2);
+        sshbuf_free(session_id2);
         ssh_close_authentication_connection(ac);
     }
     else {
 -        pamsshagentauth_verbose("No ssh-agent could be contacted");
 +        verbose("No ssh-agent could be contacted");
     }
-     /* pamsshagentauth_xfree(session_id2); */
+-    /* pamsshagentauth_xfree(session_id2); */
     EVP_cleanup();
-diff -up openssh-7.4p1/pam_ssh_agent_auth-0.10.3/pam_ssh_agent_auth.c.psaa-compat openssh-7.4p1/pam_ssh_agent_auth-0.10.3/pam_ssh_agent_auth.c
+     return retval;
--- openssh-7.4p1/pam_ssh_agent_auth-0.10.3/pam_ssh_agent_auth.c.psaa-compat	2017-02-07 14:41:20.480509207 +0100
+ }
-+++ openssh-7.4p1/pam_ssh_agent_auth-0.10.3/pam_ssh_agent_auth.c	2017-02-07 14:44:20.549369019 +0100
+diff -up openssh/pam_ssh_agent_auth-0.10.3/pam_ssh_agent_auth.c.psaa-compat openssh/pam_ssh_agent_auth-0.10.3/pam_ssh_agent_auth.c
 --- openssh/pam_ssh_agent_auth-0.10.3/pam_ssh_agent_auth.c.psaa-compat	2018-08-24 10:18:05.008393305 +0200
 +++ openssh/pam_ssh_agent_auth-0.10.3/pam_ssh_agent_auth.c	2018-08-24 10:18:05.009393312 +0200
@@ -104,7 +104,7 @@ pam_sm_authenticate(pam_handle_t * pamh,
  * a patch 8-)
  */
@ -276,10 +384,29 @@ diff -up openssh-7.4p1/pam_ssh_agent_auth-0.10.3/pam_ssh_agent_auth.c.psaa-compa
     }
 cleanexit:
-diff -up openssh-7.4p1/pam_ssh_agent_auth-0.10.3/pam_user_authorized_keys.c.psaa-compat openssh-7.4p1/pam_ssh_agent_auth-0.10.3/pam_user_authorized_keys.c
+diff -up openssh/pam_ssh_agent_auth-0.10.3/pam_user_authorized_keys.c.psaa-compat openssh/pam_ssh_agent_auth-0.10.3/pam_user_authorized_keys.c
--- openssh-7.4p1/pam_ssh_agent_auth-0.10.3/pam_user_authorized_keys.c.psaa-compat	2016-11-13 04:24:32.000000000 +0100
+--- openssh/pam_ssh_agent_auth-0.10.3/pam_user_authorized_keys.c.psaa-compat	2016-11-13 04:24:32.000000000 +0100
-+++ openssh-7.4p1/pam_ssh_agent_auth-0.10.3/pam_user_authorized_keys.c	2017-02-07 14:41:20.484509204 +0100
+++ openssh/pam_ssh_agent_auth-0.10.3/pam_user_authorized_keys.c	2018-08-24 10:18:05.009393312 +0200
-@@ -117,12 +117,12 @@ parse_authorized_key_file(const char *us
+@@ -66,8 +66,8 @@
 #include "xmalloc.h"
 #include "match.h"
 #include "log.h"
 -#include "buffer.h"
 -#include "key.h"
 +#include "sshbuf.h"
 +#include "sshkey.h"
 #include "misc.h"
 #include "xmalloc.h"
@@ -77,7 +77,6 @@
 #include "pathnames.h"
 #include "secure_filename.h"
 -#include "identity.h"
 #include "pam_user_key_allowed2.h"
 extern char *authorized_keys_file;
@@ -117,12 +116,12 @@ parse_authorized_key_file(const char *us
         } else {
             slash_ptr = strchr(auth_keys_file_buf, '/');
             if(!slash_ptr)
@ -294,7 +421,7 @@ diff -up openssh-7.4p1/pam_ssh_agent_auth-0.10.3/pam_user_authorized_keys.c.psaa
             strncat(owner_uname, auth_keys_file_buf + 1, owner_uname_len);
             if(!authorized_keys_file_allowed_owner_uid)
-@@ -130,11 +130,11 @@ parse_authorized_key_file(const char *us
+@@ -130,11 +129,11 @@ parse_authorized_key_file(const char *us
                     getpwnam(owner_uname)->pw_uid;
         }
         authorized_keys_file =
@ -308,7 +435,7 @@ diff -up openssh-7.4p1/pam_ssh_agent_auth-0.10.3/pam_user_authorized_keys.c.psaa
                                                               percent_expand
                                                               later, we'd step
                                                               on this, so free
-@@ -150,7 +150,7 @@ parse_authorized_key_file(const char *us
+@@ -150,13 +149,13 @@ parse_authorized_key_file(const char *us
     strncat(hostname, fqdn, strcspn(fqdn, "."));
 #endif
     authorized_keys_file =
@ -317,38 +444,78 @@ diff -up openssh-7.4p1/pam_ssh_agent_auth-0.10.3/pam_user_authorized_keys.c.psaa
                                        getpwnam(user)->pw_dir, "H", hostname,
                                        "f", fqdn, "u", user, NULL);
 }
-diff -up openssh-7.4p1/pam_ssh_agent_auth-0.10.3/pam_user_key_allowed2.c.psaa-compat openssh-7.4p1/pam_ssh_agent_auth-0.10.3/pam_user_key_allowed2.c
+ 
--- openssh-7.4p1/pam_ssh_agent_auth-0.10.3/pam_user_key_allowed2.c.psaa-compat	2016-11-13 04:24:32.000000000 +0100
+ int
-+++ openssh-7.4p1/pam_ssh_agent_auth-0.10.3/pam_user_key_allowed2.c	2017-02-07 14:41:20.484509204 +0100
+-pam_user_key_allowed(const char *ruser, Key * key)
-@@ -48,11 +48,13 @@
+pam_user_key_allowed(const char *ruser, struct sshkey * key)
- #include "buffer.h"
+ {
     return
         pamsshagentauth_user_key_allowed2(getpwuid(authorized_keys_file_allowed_owner_uid),
 diff -up openssh/pam_ssh_agent_auth-0.10.3/pam_user_authorized_keys.h.psaa-compat openssh/pam_ssh_agent_auth-0.10.3/pam_user_authorized_keys.h
 --- openssh/pam_ssh_agent_auth-0.10.3/pam_user_authorized_keys.h.psaa-compat	2016-11-13 04:24:32.000000000 +0100
 +++ openssh/pam_ssh_agent_auth-0.10.3/pam_user_authorized_keys.h	2018-08-24 10:18:05.010393320 +0200
@@ -32,7 +32,7 @@
 #define _PAM_USER_KEY_ALLOWED_H
 #include "identity.h"
 -int pam_user_key_allowed(const char *, Key *);
 +int pam_user_key_allowed(const char *, struct sshkey *);
 void parse_authorized_key_file(const char *, const char *);
 #endif
 diff -up openssh/pam_ssh_agent_auth-0.10.3/pam_user_key_allowed2.c.psaa-compat openssh/pam_ssh_agent_auth-0.10.3/pam_user_key_allowed2.c
 --- openssh/pam_ssh_agent_auth-0.10.3/pam_user_key_allowed2.c.psaa-compat	2016-11-13 04:24:32.000000000 +0100
 +++ openssh/pam_ssh_agent_auth-0.10.3/pam_user_key_allowed2.c	2018-08-24 10:18:05.010393320 +0200
@@ -45,44 +45,46 @@
 #include "xmalloc.h"
 #include "ssh.h"
 #include "ssh2.h"
 -#include "buffer.h"
 +#include "sshbuf.h"
 #include "log.h"
 #include "compat.h"
 -#include "key.h"
 +#include "digest.h"
- #include "key.h"
+#include "sshkey.h"
 #include "pathnames.h"
 #include "misc.h"
 #include "secure_filename.h"
 #include "uidswap.h"
 -
 -#include "identity.h"
 +#include <unistd.h>
- #include "identity.h"
+ /* return 1 if user allows given key */
- 
+ /* Modified slightly from original found in auth2-pubkey.c */
-@@ -68,7 +70,7 @@ pamsshagentauth_check_authkeys_file(FILE
+ static int
 -pamsshagentauth_check_authkeys_file(FILE * f, char *file, Key * key)
 +pamsshagentauth_check_authkeys_file(FILE * f, char *file, struct sshkey * key)
 {
 -    char line[SSH_MAX_PUBKEY_BYTES];
 +    char *line = NULL;
     int found_key = 0;
     u_long linenum = 0;
 -    Key *found;
 +    struct sshkey *found;
     char *fp;
 +    size_t linesize = 0;
     found_key = 0;
 -    found = pamsshagentauth_key_new(key->type);
-+    found = key_new(key->type);
+    found = sshkey_new(key->type);
-     while(read_keyfile_line(f, file, line, sizeof(line), &linenum) != -1) {
+-    while(read_keyfile_line(f, file, line, sizeof(line), &linenum) != -1) {
 +    while ((getline(&line, &linesize, f)) != -1) {
         char *cp = NULL; /* *key_options = NULL; */
-@@ -78,11 +80,11 @@ pamsshagentauth_check_authkeys_file(FILE
+ 
 +        linenum++;
         /* Skip leading whitespace, empty and comment lines. */
         for(cp = line; *cp == ' ' || *cp == '\t'; cp++);
         if(!*cp || *cp == '\n' || *cp == '#')
             continue;
 -        if(pamsshagentauth_key_read(found, &cp) != 1) {
-+        if(key_read(found, &cp) != 1) {
+        if (sshkey_read(found, &cp) != 0) {
             /* no key? check if there are options for this key */
             int quoted = 0;
@ -357,20 +524,20 @@ diff -up openssh-7.4p1/pam_ssh_agent_auth-0.10.3/pam_user_key_allowed2.c.psaa-co
             /* key_options = cp; */
             for(; *cp && (quoted || (*cp != ' ' && *cp != '\t')); cp++) {
                 if(*cp == '\\' && cp[1] == '"')
-@@ -92,26 +94,26 @@ pamsshagentauth_check_authkeys_file(FILE
+@@ -92,26 +94,27 @@ pamsshagentauth_check_authkeys_file(FILE
             }
             /* Skip remaining whitespace. */
             for(; *cp == ' ' || *cp == '\t'; cp++);
 -            if(pamsshagentauth_key_read(found, &cp) != 1) {
 -                pamsshagentauth_verbose("user_key_allowed: advance: '%s'", cp);
-+            if(key_read(found, &cp) != 1) {
+            if(sshkey_read(found, &cp) != 0) {
 +                verbose("user_key_allowed: advance: '%s'", cp);
                 /* still no key? advance to next line */
                 continue;
             }
         }
 -        if(pamsshagentauth_key_equal(found, key)) {
-+        if(key_equal(found, key)) {
+        if(sshkey_equal(found, key)) {
             found_key = 1;
 -            pamsshagentauth_logit("matching key found: file/command %s, line %lu", file,
 +            logit("matching key found: file/command %s, line %lu", file,
@ -379,23 +546,34 @@ diff -up openssh-7.4p1/pam_ssh_agent_auth-0.10.3/pam_user_key_allowed2.c.psaa-co
 -            pamsshagentauth_logit("Found matching %s key: %s",
 -                                  pamsshagentauth_key_type(found), fp);
 -            pamsshagentauth_xfree(fp);
-+            fp = sshkey_fingerprint(found, SSH_DIGEST_MD5, SSH_FP_HEX);
+            fp = sshkey_fingerprint(found, SSH_DIGEST_SHA256, SSH_FP_BASE64);
 +            logit("Found matching %s key: %s",
-+                                  key_type(found), fp);
+                                  sshkey_type(found), fp);
 +            free(fp);
             break;
         }
     }
 -    pamsshagentauth_key_free(found);
-+    key_free(found);
+    free(line);
 +    sshkey_free(found);
     if(!found_key)
 -        pamsshagentauth_verbose("key not found");
 +        verbose("key not found");
     return found_key;
 }
-@@ -128,11 +130,11 @@ pamsshagentauth_user_key_allowed2(struct
+@@ -120,19 +123,19 @@ pamsshagentauth_check_authkeys_file(FILE
-     char buf[SSH_MAX_PUBKEY_BYTES];
+  * returns 1 if the key is allowed or 0 otherwise.
  */
 int
 -pamsshagentauth_user_key_allowed2(struct passwd *pw, Key * key, char *file)
 +pamsshagentauth_user_key_allowed2(struct passwd *pw, struct sshkey * key, char *file)
 {
     FILE *f;
     int found_key = 0;
     struct stat st;
 -    char buf[SSH_MAX_PUBKEY_BYTES];
 +    char buf[256];
     /* Temporarily use the user's uid. */
 -    pamsshagentauth_verbose("trying public key file %s", file);
@ -408,7 +586,7 @@ diff -up openssh-7.4p1/pam_ssh_agent_auth-0.10.3/pam_user_key_allowed2.c.psaa-co
         return 0;
     }
-@@ -144,7 +146,7 @@ pamsshagentauth_user_key_allowed2(struct
+@@ -144,7 +147,7 @@ pamsshagentauth_user_key_allowed2(struct
     if(pamsshagentauth_secure_filename(f, file, pw, buf, sizeof(buf)) != 0) {
         fclose(f);
@ -417,7 +595,16 @@ diff -up openssh-7.4p1/pam_ssh_agent_auth-0.10.3/pam_user_key_allowed2.c.psaa-co
         return 0;
     }
-@@ -187,44 +189,44 @@ pamsshagentauth_user_key_command_allowed
+@@ -160,7 +163,7 @@ pamsshagentauth_user_key_allowed2(struct
 int
 pamsshagentauth_user_key_command_allowed2(char *authorized_keys_command,
                           char *authorized_keys_command_user,
 -                          struct passwd *user_pw, Key * key)
 +                          struct passwd *user_pw, struct sshkey * key)
 {
     FILE *f;
     int ok, found_key = 0;
@@ -187,44 +190,44 @@ pamsshagentauth_user_key_command_allowed
     else {
         pw = getpwnam(authorized_keys_command_user);
         if(pw == NULL) {
@ -470,7 +657,7 @@ diff -up openssh-7.4p1/pam_ssh_agent_auth-0.10.3/pam_user_key_allowed2.c.psaa-co
         close(p[0]);
         close(p[1]);
         return 0;
-@@ -234,13 +236,13 @@ pamsshagentauth_user_key_command_allowed
+@@ -234,13 +237,13 @@ pamsshagentauth_user_key_command_allowed
         /* do this before the setresuid so thta they can be logged */
         if((devnull = open(_PATH_DEVNULL, O_RDWR)) == -1) {
@ -486,7 +673,7 @@ diff -up openssh-7.4p1/pam_ssh_agent_auth-0.10.3/pam_user_key_allowed2.c.psaa-co
             _exit(1);
         }
 #if defined(HAVE_SETRESGID) && !defined(BROKEN_SETRESGID)
-@@ -248,7 +250,7 @@ pamsshagentauth_user_key_command_allowed
+@@ -248,7 +251,7 @@ pamsshagentauth_user_key_command_allowed
 #else
         if (setgid(pw->pw_gid) != 0 || setegid(pw->pw_gid) != 0) {
 #endif
@ -495,7 +682,7 @@ diff -up openssh-7.4p1/pam_ssh_agent_auth-0.10.3/pam_user_key_allowed2.c.psaa-co
                                      strerror(errno));
             _exit(1);
         }
-@@ -258,7 +260,7 @@ pamsshagentauth_user_key_command_allowed
+@@ -258,7 +261,7 @@ pamsshagentauth_user_key_command_allowed
 #else
         if (setuid(pw->pw_uid) != 0 || seteuid(pw->pw_uid) != 0) {
 #endif
@ -504,7 +691,7 @@ diff -up openssh-7.4p1/pam_ssh_agent_auth-0.10.3/pam_user_key_allowed2.c.psaa-co
                                      strerror(errno));
             _exit(1);
         }
-@@ -270,18 +272,18 @@ pamsshagentauth_user_key_command_allowed
+@@ -270,18 +273,18 @@ pamsshagentauth_user_key_command_allowed
         /* pretty sure this will barf because we are now suid, but since we
            should't reach this anyway, I'll leave it here */
@ -526,7 +713,7 @@ diff -up openssh-7.4p1/pam_ssh_agent_auth-0.10.3/pam_user_key_allowed2.c.psaa-co
         close(p[0]);
         /* Don't leave zombie child */
         while(waitpid(pid, NULL, 0) == -1 && errno == EINTR);
-@@ -292,22 +294,22 @@ pamsshagentauth_user_key_command_allowed
+@@ -292,22 +295,22 @@ pamsshagentauth_user_key_command_allowed
     while(waitpid(pid, &status, 0) == -1) {
         if(errno != EINTR) {
@ -553,9 +740,33 @@ diff -up openssh-7.4p1/pam_ssh_agent_auth-0.10.3/pam_user_key_allowed2.c.psaa-co
 +    restore_uid();
     return found_key;
 }
-diff -up openssh-7.4p1/pam_ssh_agent_auth-0.10.3/secure_filename.c.psaa-compat openssh-7.4p1/pam_ssh_agent_auth-0.10.3/secure_filename.c
+diff -up openssh/pam_ssh_agent_auth-0.10.3/pam_user_key_allowed2.h.psaa-compat openssh/pam_ssh_agent_auth-0.10.3/pam_user_key_allowed2.h
--- openssh-7.4p1/pam_ssh_agent_auth-0.10.3/secure_filename.c.psaa-compat	2016-11-13 04:24:32.000000000 +0100
+--- openssh/pam_ssh_agent_auth-0.10.3/pam_user_key_allowed2.h.psaa-compat	2016-11-13 04:24:32.000000000 +0100
-+++ openssh-7.4p1/pam_ssh_agent_auth-0.10.3/secure_filename.c	2017-02-07 14:41:20.481509206 +0100
+++ openssh/pam_ssh_agent_auth-0.10.3/pam_user_key_allowed2.h	2018-08-24 10:18:05.010393320 +0200
@@ -32,7 +32,7 @@
 #define _PAM_USER_KEY_ALLOWED_H
 #include "identity.h"
 -int pamsshagentauth_user_key_allowed2(struct passwd *, Key *, char *);
 -int pamsshagentauth_user_key_command_allowed2(char *, char *, struct passwd *, Key *);
 +int pamsshagentauth_user_key_allowed2(struct passwd *, struct sshkey *, char *);
 +int pamsshagentauth_user_key_command_allowed2(char *, char *, struct passwd *, struct sshkey *);
 #endif
 diff -up openssh/pam_ssh_agent_auth-0.10.3/secure_filename.c.psaa-compat openssh/pam_ssh_agent_auth-0.10.3/secure_filename.c
 --- openssh/pam_ssh_agent_auth-0.10.3/secure_filename.c.psaa-compat	2016-11-13 04:24:32.000000000 +0100
 +++ openssh/pam_ssh_agent_auth-0.10.3/secure_filename.c	2018-08-24 10:18:05.010393320 +0200
@@ -53,8 +53,8 @@
 #include "xmalloc.h"
 #include "match.h"
 #include "log.h"
 -#include "buffer.h"
 -#include "key.h"
 +#include "sshbuf.h"
 +#include "sshkey.h"
 #include "misc.h"
@@ -80,7 +80,7 @@ pamsshagentauth_auth_secure_path(const c
 	int comparehome = 0;
 	struct stat st;
@ -586,10 +797,24 @@ diff -up openssh-7.4p1/pam_ssh_agent_auth-0.10.3/secure_filename.c.psaa-compat o
 			    buf);
 			break;
 		}
-diff -up openssh-7.4p1/pam_ssh_agent_auth-0.10.3/userauth_pubkey_from_id.c.psaa-compat openssh-7.4p1/pam_ssh_agent_auth-0.10.3/userauth_pubkey_from_id.c
+diff -up openssh/pam_ssh_agent_auth-0.10.3/userauth_pubkey_from_id.c.psaa-compat openssh/pam_ssh_agent_auth-0.10.3/userauth_pubkey_from_id.c
--- openssh-7.4p1/pam_ssh_agent_auth-0.10.3/userauth_pubkey_from_id.c.psaa-compat	2016-11-13 04:24:32.000000000 +0100
+--- openssh/pam_ssh_agent_auth-0.10.3/userauth_pubkey_from_id.c.psaa-compat	2016-11-13 04:24:32.000000000 +0100
-+++ openssh-7.4p1/pam_ssh_agent_auth-0.10.3/userauth_pubkey_from_id.c	2017-02-07 14:41:20.484509204 +0100
+++ openssh/pam_ssh_agent_auth-0.10.3/userauth_pubkey_from_id.c	2018-08-24 10:22:13.202657025 +0200
-@@ -48,6 +48,8 @@
+@@ -37,10 +37,11 @@
 #include "xmalloc.h"
 #include "ssh.h"
 #include "ssh2.h"
 -#include "buffer.h"
 +#include "sshbuf.h"
 #include "log.h"
 #include "compat.h"
 -#include "key.h"
 +#include "sshkey.h"
 +#include "ssherr.h"
 #include "pathnames.h"
 #include "misc.h"
 #include "secure_filename.h"
@@ -48,54 +48,59 @@
 #include "identity.h"
 #include "pam_user_authorized_keys.h"
@ -598,7 +823,22 @@ diff -up openssh-7.4p1/pam_ssh_agent_auth-0.10.3/userauth_pubkey_from_id.c.psaa-
 /* extern u_char  *session_id2;
 extern uint8_t  session_id_len;
  */
-@@ -65,37 +67,38 @@ userauth_pubkey_from_id(const char *ruse
+ 
 int
 -userauth_pubkey_from_id(const char *ruser, Identity * id, Buffer * session_id2)
 +userauth_pubkey_from_id(const char *ruser, Identity * id, struct sshbuf * session_id2)
 {
 -    Buffer          b = { 0 };
 +    struct sshbuf  *b = NULL;
     char           *pkalg = NULL;
     u_char         *pkblob = NULL, *sig = NULL;
 -    u_int           blen = 0, slen = 0;
 +    size_t          blen = 0, slen = 0;
 -    int             authenticated = 0;
 +    int             r, authenticated = 0;
 -    pkalg = (char *) key_ssh_name(id->key);
 +    pkalg = (char *) sshkey_ssh_name(id->key);
     /* first test if this key is even allowed */
     if(! pam_user_key_allowed(ruser, id->key))
@ -607,12 +847,13 @@ diff -up openssh-7.4p1/pam_ssh_agent_auth-0.10.3/userauth_pubkey_from_id.c.psaa-
 -    if(pamsshagentauth_key_to_blob(id->key, &pkblob, &blen) == 0)
 -        goto user_auth_clean_exit;
-+    if(key_to_blob(id->key, &pkblob, &blen) == 0)
+    if(sshkey_to_blob(id->key, &pkblob, &blen) != 0)
 +        goto user_auth_clean_exit_without_buffer;
     /* construct packet to sign and test */
 -    pamsshagentauth_buffer_init(&b);
-+    buffer_init(&b);
+    if ((b = sshbuf_new()) == NULL)
 +        fatal("%s: sshbuf_new failed", __func__);
 -    pamsshagentauth_buffer_put_string(&b, session_id2->buf + session_id2->offset, session_id2->end - session_id2->offset);
 -    pamsshagentauth_buffer_put_char(&b, SSH2_MSG_USERAUTH_TRUST_REQUEST); 
@ -622,28 +863,29 @@ diff -up openssh-7.4p1/pam_ssh_agent_auth-0.10.3/userauth_pubkey_from_id.c.psaa-
 -    pamsshagentauth_buffer_put_char(&b, 1);
 -    pamsshagentauth_buffer_put_cstring(&b, pkalg);
 -    pamsshagentauth_buffer_put_string(&b, pkblob, blen);
-+    buffer_put_string(&b, sshbuf_ptr(session_id2), sshbuf_len(session_id2));
+    if ((r = sshbuf_put_string(b, sshbuf_ptr(session_id2), sshbuf_len(session_id2))) != 0 ||
-+    buffer_put_char(&b, SSH2_MSG_USERAUTH_TRUST_REQUEST); 
+        (r = sshbuf_put_u8(b, SSH2_MSG_USERAUTH_TRUST_REQUEST)) != 0 ||
-+    buffer_put_cstring(&b, ruser);
+        (r = sshbuf_put_cstring(b, ruser)) != 0 ||
-+    buffer_put_cstring(&b, "pam_ssh_agent_auth");
+        (r = sshbuf_put_cstring(b, "pam_ssh_agent_auth")) != 0 ||
-+    buffer_put_cstring(&b, "publickey");
+        (r = sshbuf_put_cstring(b, "publickey")) != 0 ||
-+    buffer_put_char(&b, 1);
+        (r = sshbuf_put_u8(b, 1)) != 0 ||
-+    buffer_put_cstring(&b, pkalg);
+        (r = sshbuf_put_cstring(b, pkalg)) != 0 ||
-+    buffer_put_string(&b, pkblob, blen);
+        (r = sshbuf_put_string(b, pkblob, blen)) != 0)
 +        fatal("%s: buffer error: %s", __func__, ssh_err(r));
 -    if(ssh_agent_sign(id->ac, id->key, &sig, &slen, pamsshagentauth_buffer_ptr(&b), pamsshagentauth_buffer_len(&b)) != 0)
-+    if(ssh_agent_sign(id->ac, id->key, &sig, &slen, buffer_ptr(&b), buffer_len(&b)) != 0)
+    if (ssh_agent_sign(id->ac, id->key, &sig, &slen, sshbuf_ptr(b), sshbuf_len(b)) != 0)
         goto user_auth_clean_exit;
     /* test for correct signature */
 -    if(pamsshagentauth_key_verify(id->key, sig, slen, pamsshagentauth_buffer_ptr(&b), pamsshagentauth_buffer_len(&b)) == 1)
-+    if(key_verify(id->key, sig, slen, buffer_ptr(&b), buffer_len(&b)) == 1)
+    if (sshkey_verify(id->key, sig, slen, sshbuf_ptr(b), sshbuf_len(b), NULL, 0) == 0)
         authenticated = 1;
   user_auth_clean_exit:
     /* if(&b != NULL) */
 -    pamsshagentauth_buffer_free(&b);
-+    buffer_free(&b);
+    sshbuf_free(b);
 +  user_auth_clean_exit_without_buffer:
     if(sig != NULL)
 -        pamsshagentauth_xfree(sig);
@ -654,9 +896,22 @@ diff -up openssh-7.4p1/pam_ssh_agent_auth-0.10.3/userauth_pubkey_from_id.c.psaa-
     CRYPTO_cleanup_all_ex_data();
     return authenticated;
 }
-diff -up openssh-7.4p1/pam_ssh_agent_auth-0.10.3/uuencode.c.psaa-compat openssh-7.4p1/pam_ssh_agent_auth-0.10.3/uuencode.c
+diff -up openssh/pam_ssh_agent_auth-0.10.3/userauth_pubkey_from_id.h.psaa-compat openssh/pam_ssh_agent_auth-0.10.3/userauth_pubkey_from_id.h
--- openssh-7.4p1/pam_ssh_agent_auth-0.10.3/uuencode.c.psaa-compat	2016-11-13 04:24:32.000000000 +0100
+--- openssh/pam_ssh_agent_auth-0.10.3/userauth_pubkey_from_id.h.psaa-compat	2016-11-13 04:24:32.000000000 +0100
-+++ openssh-7.4p1/pam_ssh_agent_auth-0.10.3/uuencode.c	2017-02-07 14:41:20.484509204 +0100
+++ openssh/pam_ssh_agent_auth-0.10.3/userauth_pubkey_from_id.h	2018-08-24 10:18:05.010393320 +0200
@@ -31,7 +31,7 @@
 #ifndef _USERAUTH_PUBKEY_FROM_ID_H
 #define _USERAUTH_PUBKEY_FROM_ID_H
 -#include <identity.h>
 -int userauth_pubkey_from_id(const char *, Identity *, Buffer *);
 +#include "identity.h"
 +int userauth_pubkey_from_id(const char *, Identity *, struct sshbuf *);
 #endif
 diff -up openssh/pam_ssh_agent_auth-0.10.3/uuencode.c.psaa-compat openssh/pam_ssh_agent_auth-0.10.3/uuencode.c
 --- openssh/pam_ssh_agent_auth-0.10.3/uuencode.c.psaa-compat	2016-11-13 04:24:32.000000000 +0100
 +++ openssh/pam_ssh_agent_auth-0.10.3/uuencode.c	2018-08-24 10:18:05.010393320 +0200
@@ -56,7 +56,7 @@ pamsshagentauth_uudecode(const char *src
 	/* and remove trailing whitespace because __b64_pton needs this */
 	*p = '\0';
--- a/pam_ssh_agent_auth-0.10.2-dereference.patch
+++ b/pam_ssh_agent_auth-0.10.2-dereference.patch
@ -3,7 +3,7 @@ diff --git a/pam_ssh_agent_auth-0.10.2/pam_user_authorized_keys.c b/pam_ssh_agen
 +++ b/pam_ssh_agent_auth-0.10.2/pam_user_authorized_keys.c
@@ -158,11 +158,12 @@ parse_authorized_key_file(const char *user,
 int
- pam_user_key_allowed(const char *ruser, Key * key)
+ pam_user_key_allowed(const char *ruser, struct sshkey * key)
 {
 +    struct passwd *pw;
     return
--- a/pam_ssh_agent_auth-0.9.3-agent_structure.patch
+++ b/pam_ssh_agent_auth-0.9.3-agent_structure.patch
@ -7,7 +7,7 @@ diff -up openssh/pam_ssh_agent_auth-0.10.3/identity.h.psaa-agent openssh/pam_ssh
 +typedef struct {
 +       int     fd;
-+       Buffer  identities;
+       struct sshbuf *identities;
 +       int     howmany;
 +}      AuthenticationConnection;
 +
@ -18,8 +18,8 @@ diff -up openssh/pam_ssh_agent_auth-0.10.3/iterate_ssh_agent_keys.c.psaa-agent o
 --- openssh/pam_ssh_agent_auth-0.10.3/iterate_ssh_agent_keys.c.psaa-agent	2017-09-27 14:25:49.420739021 +0200
 +++ openssh/pam_ssh_agent_auth-0.10.3/iterate_ssh_agent_keys.c	2017-09-27 14:25:49.421739027 +0200
@@ -39,6 +39,7 @@
- #include "buffer.h"
+ #include "sshbuf.h"
- #include "key.h"
+ #include "sshkey.h"
 #include "authfd.h"
 +#include "ssherr.h"
 #include <stdio.h>
@ -27,9 +27,9 @@ diff -up openssh/pam_ssh_agent_auth-0.10.3/iterate_ssh_agent_keys.c.psaa-agent o
 #include "ssh2.h"
@@ -291,36 +292,43 @@ pamsshagentauth_find_authorized_keys(con
 {
-     Buffer session_id2 = { 0 };
+     struct sshbuf *session_id2 = NULL;
     Identity *id;
-    Key *key;
+-    struct sshkey *key;
     AuthenticationConnection *ac;
 -    char *comment;
     uint8_t retval = 0;
@ -59,7 +59,7 @@ diff -up openssh/pam_ssh_agent_auth-0.10.3/iterate_ssh_agent_keys.c.psaa-agent o
 +                id->key = idlist->keys[i];
 +                id->filename = idlist->comments[i];
                 id->ac = ac;
-                 if(userauth_pubkey_from_id(ruser, id, &session_id2)) {
+                 if(userauth_pubkey_from_id(ruser, id, session_id2)) {
                     retval = 1;
                 }
 -                free(id->filename);
@ -69,7 +69,7 @@ diff -up openssh/pam_ssh_agent_auth-0.10.3/iterate_ssh_agent_keys.c.psaa-agent o
                     break;
             }
         }
-         buffer_free(&session_id2);
+         sshbuf_free(session_id2);
 -        ssh_close_authentication_connection(ac);
 +        ssh_free_identitylist(idlist);
 +        ssh_close_authentication_socket(ac->fd);
@ -78,91 +78,15 @@ diff -up openssh/pam_ssh_agent_auth-0.10.3/iterate_ssh_agent_keys.c.psaa-agent o
     }
     else {
         verbose("No ssh-agent could be contacted");
 diff -up openssh/pam_ssh_agent_auth-0.10.3/pam_user_key_allowed2.c.psaa-agent openssh/pam_ssh_agent_auth-0.10.3/pam_user_key_allowed2.c
 --- openssh/pam_ssh_agent_auth-0.10.3/pam_user_key_allowed2.c.psaa-agent	2017-09-27 14:26:04.277820716 +0200
 +++ openssh/pam_ssh_agent_auth-0.10.3/pam_user_key_allowed2.c	2017-09-27 14:26:34.426986497 +0200
@@ -70,7 +70,7 @@ pamsshagentauth_check_authkeys_file(FILE
     char *fp;
     found_key = 0;
 -    found = key_new(key->type);
 +    found = sshkey_new(key->type);
     while(read_keyfile_line(f, file, line, sizeof(line), &linenum) != -1) {
         char *cp = NULL; /* *key_options = NULL; */
@@ -80,7 +80,7 @@ pamsshagentauth_check_authkeys_file(FILE
         if(!*cp || *cp == '\n' || *cp == '#')
             continue;
 -        if(key_read(found, &cp) != 1) {
 +        if(sshkey_read(found, &cp) != 0) {
             /* no key? check if there are options for this key */
             int quoted = 0;
@@ -94,24 +94,24 @@ pamsshagentauth_check_authkeys_file(FILE
             }
             /* Skip remaining whitespace. */
             for(; *cp == ' ' || *cp == '\t'; cp++);
 -            if(key_read(found, &cp) != 1) {
 +            if(sshkey_read(found, &cp) != 0) {
                 verbose("user_key_allowed: advance: '%s'", cp);
                 /* still no key? advance to next line */
                 continue;
             }
         }
 -        if(key_equal(found, key)) {
 +        if(sshkey_equal(found, key)) {
             found_key = 1;
             logit("matching key found: file/command %s, line %lu", file,
                                   linenum);
             fp = sshkey_fingerprint(found, SSH_DIGEST_MD5, SSH_FP_HEX);
             logit("Found matching %s key: %s",
 -                                  key_type(found), fp);
 +                                  sshkey_type(found), fp);
             free(fp);
             break;
         }
     }
 -    key_free(found);
 +    sshkey_free(found);
     if(!found_key)
         verbose("key not found");
     return found_key;
 diff -up openssh/pam_ssh_agent_auth-0.10.3/userauth_pubkey_from_id.c.psaa-agent openssh/pam_ssh_agent_auth-0.10.3/userauth_pubkey_from_id.c
 --- openssh/pam_ssh_agent_auth-0.10.3/userauth_pubkey_from_id.c.psaa-agent	2017-09-27 14:25:49.420739021 +0200
 +++ openssh/pam_ssh_agent_auth-0.10.3/userauth_pubkey_from_id.c	2017-09-27 14:25:49.422739032 +0200
@@ -57,10 +57,11 @@ extern uint8_t  session_id_len;
 int
 userauth_pubkey_from_id(const char *ruser, Identity * id, Buffer * session_id2)
 {
 -    Buffer          b = { 0 };
 +    Buffer          b;
     char           *pkalg = NULL;
     u_char         *pkblob = NULL, *sig = NULL;
 -    u_int           blen = 0, slen = 0;
 +    u_int           blen = 0;
 +    size_t          slen = 0;
     int             authenticated = 0;
     pkalg = (char *) key_ssh_name(id->key);
@@ -84,7 +85,7 @@ userauth_pubkey_from_id(const char *ruse
-     buffer_put_cstring(&b, pkalg);
+         (r = sshbuf_put_string(b, pkblob, blen)) != 0)
-     buffer_put_string(&b, pkblob, blen);
+         fatal("%s: buffer error: %s", __func__, ssh_err(r));
-    if(ssh_agent_sign(id->ac, id->key, &sig, &slen, buffer_ptr(&b), buffer_len(&b)) != 0)
+-    if (ssh_agent_sign(id->ac, id->key, &sig, &slen, sshbuf_ptr(b), sshbuf_len(b)) != 0)
-+    if(ssh_agent_sign(id->ac->fd, id->key, &sig, &slen, buffer_ptr(&b), buffer_len(&b), NULL, 0) != 0)
+    if (ssh_agent_sign(id->ac->fd, id->key, &sig, &slen, sshbuf_ptr(b), sshbuf_len(b), NULL, 0) != 0)
         goto user_auth_clean_exit;
     /* test for correct signature */
 diff -up openssh-7.7p1/pam_ssh_agent_auth-0.10.3/userauth_pubkey_from_id.c.psaa-sshkey openssh-7.7p1/pam_ssh_agent_auth-0.10.3/userauth_pubkey_from_id.c
 --- openssh-7.7p1/pam_ssh_agent_auth-0.10.3/userauth_pubkey_from_id.c.psaa-sshkey	2018-04-04 13:55:02.383899631 +0200
 +++ openssh-7.7p1/pam_ssh_agent_auth-0.10.3/userauth_pubkey_from_id.c	2018-04-04 13:58:36.759339845 +0200
@@ -89,7 +89,7 @@ userauth_pubkey_from_id(const char *ruse
         goto user_auth_clean_exit;
     /* test for correct signature */
 -    if(key_verify(id->key, sig, slen, buffer_ptr(&b), buffer_len(&b)) == 1)
 +    if(sshkey_verify(id->key, sig, slen, buffer_ptr(&b), buffer_len(&b), NULL, 0) == 0)
         authenticated = 1;
   user_auth_clean_exit:
--- a/pam_ssh_agent_auth-0.9.3-build.patch
+++ b/pam_ssh_agent_auth-0.9.3-build.patch
@ -189,8 +189,8 @@ diff -up openssh-7.4p1/pam_ssh_agent_auth-0.10.3/Makefile.in.psaa-build openssh-
 -pam_ssh_agent_auth.so: $(LIBCOMPAT) $(SSHOBJS) $(ED25519OBJS) $(PAM_SSH_AGENT_AUTH_OBJS)  pam_ssh_agent_auth.o
 -	$(LD) $(LDFLAGS_SHARED) -o $@ $(SSHOBJS) $(ED25519OBJS) $(PAM_SSH_AGENT_AUTH_OBJS) $(LDFLAGS) -lopenbsd-compat pam_ssh_agent_auth.o $(LIBS) -lpam
-+pam_ssh_agent_auth.so: $(PAM_SSH_AGENT_AUTH_OBJS)  pam_ssh_agent_auth.o
+pam_ssh_agent_auth.so: $(PAM_SSH_AGENT_AUTH_OBJS)  pam_ssh_agent_auth.o ../uidswap.o
-+	$(LD) $(LDFLAGS_SHARED) -o $@ $(PAM_SSH_AGENT_AUTH_OBJS) $(LDFLAGS) -lssh -lopenbsd-compat pam_ssh_agent_auth.o $(LIBS) -lpam
+	$(LD) $(LDFLAGS_SHARED) -o $@ $(PAM_SSH_AGENT_AUTH_OBJS) $(LDFLAGS) -lssh -lopenbsd-compat pam_ssh_agent_auth.o ../uidswap.o $(LIBS) -lpam
 $(MANPAGES): $(MANPAGES_IN)
 	pod2man --section=8 --release=v0.10.3 --name=pam_ssh_agent_auth --official --center "PAM" pam_ssh_agent_auth.pod > pam_ssh_agent_auth.8
--- a/4
+++ b/4
@ -1,4 +1,4 @@
-SHA512 (openssh-7.7p1.tar.gz) = 597252cb48209a0cb98ca1928a67e8d63e4275252f25bc37269204c108f034baade6ba0634e32ae63422fddd280f73096a6b31ad2f2e7a848dde75ca30e14261
+SHA512 (openssh-7.8p1.tar.gz) = 8e5b0c8682a9243e4e8b7c374ec989dccd1a752eb6f84e593b67141e8b23dcc8b9a7322b1f7525d18e2ce8830a767d0d9793f997486339db201a57986b910705
-SHA512 (openssh-7.7p1.tar.gz.asc) = 9445a589a84538fb0b4eae0f7bf6ce46def51b09254d6fffcc6ed64472f10ccf9e4d5d200387725043039d77ca886e2c8e8f3128e7969c582156fafb0783988d
+SHA512 (openssh-7.8p1.tar.gz.asc) = 3a7bef84df3c07aa78965a11a6bbd6ca6e5d1e9265ac08871b3e5d304646be651b74f5302a195e86a56e6a83b19d79292e5599c9a9cf6f003a513d4354e8ad2f
 SHA512 (DJM-GPG-KEY.gpg) = db1191ed9b6495999e05eed2ef863fb5179bdb63e94850f192dad68eed8579836f88fbcfffd9f28524fe1457aff8cd248ee3e0afc112c8f609b99a34b80ecc0d
 SHA512 (pam_ssh_agent_auth-0.10.3.tar.bz2) = d75062c4e46b0b011f46aed9704a99049995fea8b5115ff7ee26dad7e93cbcf54a8af7efc6b521109d77dc03c6f5284574d2e1b84c6829cec25610f24fb4bd66