37 files changed, 532 insertions, 647 deletions
diff --git a/debian/.git-dpm b/debian/.git-dpm
index 07406955d..8acad4cd4 100644
--- a/debian/.git-dpm
+++ b/debian/.git-dpm
@@ -1,12 +1,12 @@
 # see git-dpm(1) from git-dpm package
-2e128b223e8e73ace57a0726130bfbcf920d0f9e
+a2dabf35ce0228c86a288d11cc847a9d9801604f
-2e128b223e8e73ace57a0726130bfbcf920d0f9e
+a2dabf35ce0228c86a288d11cc847a9d9801604f
-4213eec74e74de6310c27a40c3e9759a08a73996
+f0de78bd4f29fa688c5df116f3f9cd43543a76d0
-4213eec74e74de6310c27a40c3e9759a08a73996
+f0de78bd4f29fa688c5df116f3f9cd43543a76d0
-openssh_8.1p1.orig.tar.gz
+openssh_8.2p1.orig.tar.gz
-c44b96094869f177735ae053d92bd5fcab1319de
+d1ab35a93507321c5db885e02d41ce1414f0507c
-1625894
+1701197
 debianTag="debian/%e%%%V"
 patchedTag="patched/%e%%%V"
 upstreamTag="upstream/%U"
-signature:8b241dee85731fb19e57622f160a4326da52a7a7:683:openssh_8.1p1.orig.tar.gz.asc
+signature:d3814ab57572c13bdee2037ad1477e2f7c51e1b0:683:openssh_8.2p1.orig.tar.gz.asc
diff --git a/debian/NEWS b/debian/NEWS
index 32a0c721e..1963c7919 100644
--- a/debian/NEWS
+++ b/debian/NEWS
@@ -1,3 +1,50 @@
+openssh (1:8.2p1-1) unstable; urgency=medium
+  OpenSSH 8.2 includes a number of changes that may affect existing
+  configurations:
+   * ssh(1), sshd(8), ssh-keygen(1): This release removes the "ssh-rsa"
+     (RSA/SHA1) algorithm from those accepted for certificate signatures
+     (i.e.  the client and server CASignatureAlgorithms option) and will use
+     the rsa-sha2-512 signature algorithm by default when the ssh-keygen(1)
+     CA signs new certificates.
+     Certificates are at special risk to SHA1 collision vulnerabilities as
+     an attacker has effectively unlimited time in which to craft a
+     collision that yields them a valid certificate, far more than the
+     relatively brief LoginGraceTime window that they have to forge a host
+     key signature.
+     The OpenSSH certificate format includes a CA-specified (typically
+     random) nonce value near the start of the certificate that should make
+     exploitation of chosen-prefix collisions in this context challenging,
+     as the attacker does not have full control over the prefix that
+     actually gets signed. Nonetheless, SHA1 is now a demonstrably broken
+     algorithm and futher improvements in attacks are highly likely.
+     OpenSSH releases prior to 7.2 do not support the newer RSA/SHA2
+     algorithms and will refuse to accept certificates signed by an OpenSSH
+     8.2+ CA using RSA keys unless the unsafe algorithm is explicitly
+     selected during signing ("ssh-keygen -t ssh-rsa").  Older
+     clients/servers may use another CA key type such as ssh-ed25519
+     (supported since OpenSSH 6.5) or one of the ecdsa-sha2-nistp256/384/521
+     types (supported since OpenSSH 5.7) instead if they cannot be upgraded.
+   * ssh(1), sshd(8): Remove diffie-hellman-group14-sha1 from the default
+     key exchange proposal for both the client and server.
+   * ssh-keygen(1): The command-line options related to the generation and
+     screening of safe prime numbers used by the
+     diffie-hellman-group-exchange-* key exchange algorithms have changed.
+     Most options have been folded under the -O flag.
+   * sshd(8): The sshd listener process title visible to ps(1) has changed
+     to include information about the number of connections that are
+     currently attempting authentication and the limits configured by
+     MaxStartups.
+ -- Colin Watson <cjwatson@debian.org>  Fri, 21 Feb 2020 12:11:52 +0000
 openssh (1:8.1p1-1) unstable; urgency=medium
  OpenSSH 8.1 includes a number of changes that may affect existing
diff --git a/debian/changelog b/debian/changelog
index fd967a966..b86ad184e 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,11 +1,108 @@
-openssh (1:8.1p1-6) UNRELEASED; urgency=medium
+openssh (1:8.2p1-1) UNRELEASED; urgency=medium
+  * New upstream release (https://www.openssh.com/txt/release-8.2, closes:
+    #951582):
+    - ssh(1), sshd(8), ssh-keygen(1): this release removes the "ssh-rsa"
+      (RSA/SHA1) algorithm from those accepted for certificate signatures
+      (i.e. the client and server CASignatureAlgorithms option) and will use
+      the rsa-sha2-512 signature algorithm by default when the ssh-keygen(1)
+      CA signs new certificates.
+    - ssh(1), sshd(8): Remove diffie-hellman-group14-sha1 from the default
+      key exchange proposal for both the client and server.
+    - ssh-keygen(1): The command-line options related to the generation and
+      screening of safe prime numbers used by the
+      diffie-hellman-group-exchange-* key exchange algorithms have changed.
+      Most options have been folded under the -O flag.
+    - sshd(8): The sshd listener process title visible to ps(1) has changed
+      to include information about the number of connections that are
+      currently attempting authentication and the limits configured by
+      MaxStartups.
+    - Add support for FIDO/U2F hardware authenticators.
+    - ssh-keygen(1): Add a "no-touch-required" option when generating
+      FIDO-hosted keys, that disables their default behaviour of requiring a
+      physical touch/tap on the token during authentication.  Note: not all
+      tokens support disabling the touch requirement.
+    - sshd(8): Add a sshd_config PubkeyAuthOptions directive that collects
+      miscellaneous public key authentication-related options for sshd(8).
+      At present it supports only a single option "no-touch-required".  This
+      causes sshd to skip its default check for FIDO/U2F keys that the
+      signature was authorised by a touch or press event on the token
+      hardware.
+    - ssh(1), sshd(8), ssh-keygen(1): Add a "no-touch-required" option for
+      authorized_keys and a similar extension for certificates.  This option
+      disables the default requirement that FIDO key signatures attest that
+      the user touched their key to authorize them, mirroring the similar
+      PubkeyAuthOptions sshd_config option.
+    - ssh-keygen(1): Add support for the writing the FIDO attestation
+      information that is returned when new keys are generated via the "-O
+      write-attestation=/path" option.  FIDO attestation certificates may be
+      used to verify that a FIDO key is hosted in trusted hardware.  OpenSSH
+      does not currently make use of this information, beyond optionally
+      writing it to disk.
+    - Add support for FIDO2 resident keys.
+    - sshd(8): Add an Include sshd_config keyword that allows including
+      additional configuration files via glob(3) patterns (closes: #631189).
+    - ssh(1)/sshd(8): Make the LE (low effort) DSCP code point available via
+      the IPQoS directive.
+    - ssh(1): When AddKeysToAgent=yes is set and the key contains no
+      comment, add the key to the agent with the key's path as the comment.
+    - ssh-keygen(1), ssh-agent(1): Expose PKCS#11 key labels and X.509
+      subjects as key comments, rather than simply listing the PKCS#11
+      provider library path.
+    - ssh-keygen(1): Allow PEM export of DSA and ECDSA keys.
+    - sshd(8): When clients get denied by MaxStartups, send a notification
+      prior to the SSH2 protocol banner according to RFC4253 section 4.2
+      (closes: #275458).
+    - ssh(1), ssh-agent(1): When invoking the $SSH_ASKPASS prompt program,
+      pass a hint to the program to describe the type of desired prompt.
+      The possible values are "confirm" (indicating that a yes/no
+      confirmation dialog with no text entry should be shown), "none" (to
+      indicate an informational message only), or blank for the original
+      ssh-askpass behaviour of requesting a password/phrase.
+    - ssh(1): Allow forwarding a different agent socket to the path
+      specified by $SSH_AUTH_SOCK, by extending the existing ForwardAgent
+      option to accepting an explicit path or the name of an environment
+      variable in addition to yes/no.
+    - ssh-keygen(1): Add a new signature operations "find-principals" to
+      look up the principal associated with a signature from an
+      allowed-signers file.
+    - sshd(8): Expose the number of currently-authenticating connections
+      along with the MaxStartups limit in the process title visible to "ps".
+    - sshd(8): Make ClientAliveCountMax=0 have sensible semantics: it will
+      now disable connection killing entirely rather than the current
+      behaviour of instantly killing the connection after the first liveness
+      test regardless of success.
+    - sshd(8): Clarify order of AllowUsers / DenyUsers vs AllowGroups /
+      DenyGroups in the sshd(8) manual page.
+    - sshd(8): Better describe HashKnownHosts in the manual page.
+    - sshd(8): Clarify that that permitopen=/PermitOpen do no name or
+      address translation in the manual page.
+    - sshd(8): Allow the UpdateHostKeys feature to function when multiple
+      known_hosts files are in use.  When updating host keys, ssh will now
+      search subsequent known_hosts files, but will add updated host keys to
+      the first specified file only.
+    - All: Replace all calls to signal(2) with a wrapper around
+      sigaction(2).  This wrapper blocks all other signals during the
+      handler preventing races between handlers, and sets SA_RESTART which
+      should reduce the potential for short read/write operations.
+    - sftp(1): Fix a race condition in the SIGCHILD handler that could turn
+      in to a kill(-1).
+    - sshd(8): Fix a case where valid (but extremely large) SSH channel IDs
+      were being incorrectly rejected.
+    - ssh(1): When checking host key fingerprints as answers to new hostkey
+      prompts, ignore whitespace surrounding the fingerprint itself.
+    - All: Wait for file descriptors to be readable or writeable during
+      non-blocking connect, not just readable.  Prevents a timeout when the
+      server doesn't immediately send a banner (e.g. multiplexers like
+      sslh).
+    - sshd_config(5): Document the sntrup4591761x25519-sha512@tinyssh.org
+      key exchange algorithm.
  * Add more historical md5sums of /etc/ssh/sshd_config between 1:7.4p1-1
    and 1:7.7p1-4 inclusive (closes: #951220).
  * ssh(1): Explain that -Y is equivalent to -X in the default configuration
    (closes: #951640).
- -- Colin Watson <cjwatson@debian.org>  Fri, 14 Feb 2020 18:43:44 +0000
+ -- Colin Watson <cjwatson@debian.org>  Fri, 21 Feb 2020 12:11:52 +0000
 openssh (1:8.1p1-5) unstable; urgency=medium
diff --git a/debian/control b/debian/control
index 9b0bba2bb..8b7fe6b68 100644
--- a/debian/control
+++ b/debian/control
@@ -11,6 +11,7 @@ Build-Depends: autotools-dev,
               dpkg-dev (>= 1.16.1~),
               libaudit-dev [linux-any],
               libedit-dev,
+               libfido2-dev [linux-any],
               libgtk-3-dev <!pkg.openssh.nognome>,
               libkrb5-dev | heimdal-dev,
               libpam0g-dev | libpam-dev,
@@ -34,7 +35,8 @@ Depends: adduser (>= 3.10),
         passwd,
         ${misc:Depends},
         ${shlibs:Depends},
-Recommends: xauth,
+Recommends: openssh-sk-helper,
+            xauth,
 Conflicts: sftp,
 Replaces: ssh,
          ssh-krb5,
@@ -157,6 +159,16 @@ Description: secure shell (SSH) sftp server module, for SFTP access from remote
 Newer versions of the draft will not be supported, though some features
 are individually implemented as extensions.
+Package: openssh-sk-helper
+Priority: optional
+Architecture: any
+Depends: ${misc:Depends},
+         ${shlibs:Depends}
+Multi-Arch: foreign
+Description: OpenSSH helper for FIDO authenticator support
+ This package provides ssh-sk-helper, which is used by ssh-agent to access
+ SSH keys provided by a FIDO authenticator for second-factor authentication.
 Package: openssh-tests
 Priority: optional
 Architecture: any
diff --git a/debian/openssh-sk-helper.install b/debian/openssh-sk-helper.install
new file mode 100644
index 000000000..65fc98e66
--- /dev/null
+++ b/debian/openssh-sk-helper.install
@@ -0,0 +1,2 @@
+usr/lib/openssh/ssh-sk-helper
+usr/share/man/man8/ssh-sk-helper.8
diff --git a/debian/patches/authorized-keys-man-symlink.patch b/debian/patches/authorized-keys-man-symlink.patch
index 01f1bf35c..43a160a0f 100644
--- a/debian/patches/authorized-keys-man-symlink.patch
+++ b/debian/patches/authorized-keys-man-symlink.patch
@@ -1,4 +1,4 @@
-From 7febe5a4b6bcb94d887ac1fe22e8a1742ffb609f Mon Sep 17 00:00:00 2001
+From b0cb3badf4d423f8ea7bf950e55ca72878cc224b Mon Sep 17 00:00:00 2001
 From: Tomas Pospisek <tpo_deb@sourcepole.ch>
 Date: Sun, 9 Feb 2014 16:10:07 +0000
 Subject: Install authorized_keys(5) as a symlink to sshd(8)
@@ -13,10 +13,10 @@ Patch-Name: authorized-keys-man-symlink.patch
 1 file changed, 1 insertion(+)
 diff --git a/Makefile.in b/Makefile.in
-index ab29e4f05..9b8a42c1e 100644
+index b68c1710f..bff1db49b 100644
 --- a/Makefile.in
 +++ b/Makefile.in
-@@ -362,6 +362,7 @@ install-files:
+@@ -402,6 +402,7 @@ install-files:
        $(INSTALL) -m 644 sshd_config.5.out $(DESTDIR)$(mandir)/$(mansubdir)5/sshd_config.5
        $(INSTALL) -m 644 ssh_config.5.out $(DESTDIR)$(mandir)/$(mansubdir)5/ssh_config.5
        $(INSTALL) -m 644 sshd.8.out $(DESTDIR)$(mandir)/$(mansubdir)8/sshd.8
diff --git a/debian/patches/conch-old-privkey-format.patch b/debian/patches/conch-old-privkey-format.patch
index ce7dc266e..b04c21060 100644
--- a/debian/patches/conch-old-privkey-format.patch
+++ b/debian/patches/conch-old-privkey-format.patch
@@ -1,4 +1,4 @@
-From 2e889a135439e6234502c813fa0ef2eb1fcd733c Mon Sep 17 00:00:00 2001
+From 311da721c2a5c6d147738e0699fa49d04cd5762a Mon Sep 17 00:00:00 2001
 From: Colin Watson <cjwatson@debian.org>
 Date: Thu, 30 Aug 2018 00:58:56 +0100
 Subject: Work around conch interoperability failure
@@ -18,10 +18,10 @@ Patch-Name: conch-old-privkey-format.patch
 3 files changed, 14 insertions(+), 2 deletions(-)
 diff --git a/regress/Makefile b/regress/Makefile
-index 34c47e8cb..17e0a06e8 100644
+index 774c10d41..01e257a94 100644
 --- a/regress/Makefile
 +++ b/regress/Makefile
-@@ -119,7 +119,7 @@ CLEANFILES= *.core actual agent-key.* authorized_keys_${USERNAME} \
+@@ -120,7 +120,7 @@ CLEANFILES= *.core actual agent-key.* authorized_keys_${USERNAME} \
                rsa_ssh2_crnl.prv scp-ssh-wrapper.exe \
                scp-ssh-wrapper.scp setuid-allowed sftp-server.log \
                sftp-server.sh sftp.log ssh-log-wrapper.sh ssh.log \
@@ -29,7 +29,7 @@ index 34c47e8cb..17e0a06e8 100644
 +               ssh-rsa_oldfmt ssh-rsa_oldfmt.pub \
                ssh_config ssh_config.* ssh_proxy ssh_proxy_bak \
                ssh_proxy_envpass sshd.log sshd_config sshd_config_minimal \
-                sshd_config.orig sshd_proxy sshd_proxy.* sshd_proxy_bak \
+                sshd_config.* sshd_proxy sshd_proxy.* sshd_proxy_bak \
 diff --git a/regress/conch-ciphers.sh b/regress/conch-ciphers.sh
 index 6678813a2..6ff5da20b 100644
 --- a/regress/conch-ciphers.sh
@@ -44,10 +44,10 @@ index 6678813a2..6ff5da20b 100644
            127.0.0.1 "cat ${DATA}" 2>/dev/null | cat > ${COPY}
        if [ $? -ne 0 ]; then
 diff --git a/regress/test-exec.sh b/regress/test-exec.sh
-index 508b93284..5e48bfbe3 100644
+index f5e3ee6f5..a3a40719f 100644
 --- a/regress/test-exec.sh
 +++ b/regress/test-exec.sh
-@@ -510,6 +510,18 @@ REGRESS_INTEROP_CONCH=no
+@@ -573,6 +573,18 @@ REGRESS_INTEROP_CONCH=no
 if test -x "$CONCH" ; then
        REGRESS_INTEROP_CONCH=yes
 fi
diff --git a/debian/patches/debian-banner.patch b/debian/patches/debian-banner.patch
index acf995e27..0d998fdd4 100644
--- a/debian/patches/debian-banner.patch
+++ b/debian/patches/debian-banner.patch
@@ -1,4 +1,4 @@
-From 4eb06adf69f21f387e4f2d29dad01b2ca1303094 Mon Sep 17 00:00:00 2001
+From 7d20d00ea24ec0c3fffacc80ab271d0699d198c6 Mon Sep 17 00:00:00 2001
 From: Kees Cook <kees@debian.org>
 Date: Sun, 9 Feb 2014 16:10:06 +0000
 Subject: Add DebianBanner server configuration option
@@ -8,7 +8,7 @@ initial protocol handshake, for those scared by package-versioning.patch.
 Bug-Debian: http://bugs.debian.org/562048
 Forwarded: not-needed
-Last-Update: 2019-06-05
+Last-Update: 2020-02-21
 Patch-Name: debian-banner.patch
 ---
@@ -22,10 +22,10 @@ Patch-Name: debian-banner.patch
 7 files changed, 23 insertions(+), 5 deletions(-)
 diff --git a/kex.c b/kex.c
-index 65ed6af02..f450bc2c7 100644
+index f638942d3..2abfbb95a 100644
 --- a/kex.c
 +++ b/kex.c
-@@ -1221,7 +1221,7 @@ send_error(struct ssh *ssh, char *msg)
+@@ -1226,7 +1226,7 @@ send_error(struct ssh *ssh, char *msg)
  */
 int
 kex_exchange_identification(struct ssh *ssh, int timeout_ms,
@@ -34,7 +34,7 @@ index 65ed6af02..f450bc2c7 100644
 {
        int remote_major, remote_minor, mismatch;
        size_t len, i, n;
-@@ -1239,7 +1239,8 @@ kex_exchange_identification(struct ssh *ssh, int timeout_ms,
+@@ -1244,7 +1244,8 @@ kex_exchange_identification(struct ssh *ssh, int timeout_ms,
        if (version_addendum != NULL && *version_addendum == '\0')
                version_addendum = NULL;
        if ((r = sshbuf_putf(our_version, "SSH-%d.%d-%.100s%s%s\r\n",
@@ -58,10 +58,10 @@ index fe7141414..938dca03b 100644
 struct kex *kex_new(void);
 int     kex_ready(struct ssh *, char *[PROPOSAL_MAX]);
 diff --git a/servconf.c b/servconf.c
-index 73b93c636..5576098a5 100644
+index bf3cd84a4..7bbc25c2e 100644
 --- a/servconf.c
 +++ b/servconf.c
-@@ -184,6 +184,7 @@ initialize_server_options(ServerOptions *options)
+@@ -194,6 +194,7 @@ initialize_server_options(ServerOptions *options)
        options->fingerprint_hash = -1;
        options->disable_forwarding = -1;
        options->expose_userauth_info = -1;
@@ -69,32 +69,32 @@ index 73b93c636..5576098a5 100644
 }
 
 /* Returns 1 if a string option is unset or set to "none" or 0 otherwise. */
-@@ -437,6 +438,8 @@ fill_default_server_options(ServerOptions *options)
+@@ -468,6 +469,8 @@ fill_default_server_options(ServerOptions *options)
-                options->disable_forwarding = 0;
-        if (options->expose_userauth_info == -1)
                options->expose_userauth_info = 0;
+        if (options->sk_provider == NULL)
+                options->sk_provider = xstrdup("internal");
 +       if (options->debian_banner == -1)
 +               options->debian_banner = 1;
 
        assemble_algorithms(options);
 
-@@ -523,6 +526,7 @@ typedef enum {
+@@ -556,6 +559,7 @@ typedef enum {
        sStreamLocalBindMask, sStreamLocalBindUnlink,
        sAllowStreamLocalForwarding, sFingerprintHash, sDisableForwarding,
-        sExposeAuthInfo, sRDomain,
+        sExposeAuthInfo, sRDomain, sPubkeyAuthOptions, sSecurityKeyProvider,
 +       sDebianBanner,
        sDeprecated, sIgnore, sUnsupported
 } ServerOpCodes;
 
-@@ -682,6 +686,7 @@ static struct {
+@@ -719,6 +723,7 @@ static struct {
-        { "exposeauthinfo", sExposeAuthInfo, SSHCFG_ALL },
        { "rdomain", sRDomain, SSHCFG_ALL },
        { "casignaturealgorithms", sCASignatureAlgorithms, SSHCFG_ALL },
+        { "securitykeyprovider", sSecurityKeyProvider, SSHCFG_GLOBAL },
 +       { "debianbanner", sDebianBanner, SSHCFG_GLOBAL },
        { NULL, sBadOption, 0 }
 };
 
-@@ -2217,6 +2222,10 @@ process_server_config_line(ServerOptions *options, char *line,
+@@ -2382,6 +2387,10 @@ process_server_config_line_depth(ServerOptions *options, char *line,
                        *charptr = xstrdup(arg);
                break;
 
@@ -106,23 +106,23 @@ index 73b93c636..5576098a5 100644
        case sIgnore:
        case sUnsupported:
 diff --git a/servconf.h b/servconf.h
-index 29329ba1f..d5ad19065 100644
+index 3f47ea25e..3fa05fcac 100644
 --- a/servconf.h
 +++ b/servconf.h
-@@ -214,6 +214,8 @@ typedef struct {
+@@ -221,6 +221,8 @@ typedef struct {
-        int     fingerprint_hash;
        int     expose_userauth_info;
        u_int64_t timing_secret;
+        char   *sk_provider;
 +
 +       int     debian_banner;
 }       ServerOptions;
 
 /* Information about the incoming connection as used by Match */
 diff --git a/sshconnect.c b/sshconnect.c
-index 41e75a275..27daef74f 100644
+index b796d3c8a..9f2412e0d 100644
 --- a/sshconnect.c
 +++ b/sshconnect.c
-@@ -1291,7 +1291,7 @@ ssh_login(struct ssh *ssh, Sensitive *sensitive, const char *orighost,
+@@ -1292,7 +1292,7 @@ ssh_login(struct ssh *ssh, Sensitive *sensitive, const char *orighost,
        lowercase(host);
 
        /* Exchange protocol version identification strings with the server. */
@@ -132,10 +132,10 @@ index 41e75a275..27daef74f 100644
 
        /* Put the connection into non-blocking mode. */
 diff --git a/sshd.c b/sshd.c
-index ea8beacb4..4e8ff0662 100644
+index 65916fc6d..da876a900 100644
 --- a/sshd.c
 +++ b/sshd.c
-@@ -2165,7 +2165,8 @@ main(int ac, char **av)
+@@ -2187,7 +2187,8 @@ main(int ac, char **av)
        if (!debug_flag)
                alarm(options.login_grace_time);
 
@@ -146,10 +146,10 @@ index ea8beacb4..4e8ff0662 100644
 
        ssh_packet_set_nonblocking(ssh);
 diff --git a/sshd_config.5 b/sshd_config.5
-index eec224158..46537f177 100644
+index ebd09f891..c926f584c 100644
 --- a/sshd_config.5
 +++ b/sshd_config.5
-@@ -545,6 +545,11 @@ or
+@@ -542,6 +542,11 @@ or
 .Cm no .
 The default is
 .Cm yes .
diff --git a/debian/patches/debian-config.patch b/debian/patches/debian-config.patch
index acb4e3ce9..e5c690915 100644
--- a/debian/patches/debian-config.patch
+++ b/debian/patches/debian-config.patch
@@ -1,4 +1,4 @@
-From 9a713cd4bbaef5ad4f1d28c1718fb6960ac257b3 Mon Sep 17 00:00:00 2001
+From cc80ecc65d57a9e68ce84d67bcfece281ffa0e9f Mon Sep 17 00:00:00 2001
 From: Colin Watson <cjwatson@debian.org>
 Date: Sun, 9 Feb 2014 16:10:18 +0000
 Subject: Various Debian-specific configuration changes
@@ -39,10 +39,10 @@ Patch-Name: debian-config.patch
 6 files changed, 80 insertions(+), 9 deletions(-)
 diff --git a/readconf.c b/readconf.c
-index 16d2729dd..253574ce0 100644
+index 7f251dd4a..e82024678 100644
 --- a/readconf.c
 +++ b/readconf.c
-@@ -2037,7 +2037,7 @@ fill_default_options(Options * options)
+@@ -2087,7 +2087,7 @@ fill_default_options(Options * options)
        if (options->forward_x11 == -1)
                options->forward_x11 = 0;
        if (options->forward_x11_trusted == -1)
@@ -52,10 +52,10 @@ index 16d2729dd..253574ce0 100644
                options->forward_x11_timeout = 1200;
        /*
 diff --git a/ssh.1 b/ssh.1
-index 24530e511..44a00d525 100644
+index b33a8049f..a8967c2f8 100644
 --- a/ssh.1
 +++ b/ssh.1
-@@ -795,6 +795,16 @@ directive in
+@@ -809,6 +809,16 @@ directive in
 .Xr ssh_config 5
 for more information.
 .Pp
@@ -72,7 +72,7 @@ index 24530e511..44a00d525 100644
 .It Fl x
 Disables X11 forwarding.
 .Pp
-@@ -803,6 +813,20 @@ Enables trusted X11 forwarding.
+@@ -817,6 +827,20 @@ Enables trusted X11 forwarding.
 Trusted X11 forwardings are not subjected to the X11 SECURITY extension
 controls.
 .Pp
@@ -117,7 +117,7 @@ index 1ff999b68..6dd6ecf87 100644
 +    HashKnownHosts yes
 +    GSSAPIAuthentication yes
 diff --git a/ssh_config.5 b/ssh_config.5
-index 4b42aab9d..d27655e15 100644
+index c6eaa63e7..5c90d3e02 100644
 --- a/ssh_config.5
 +++ b/ssh_config.5
 @@ -71,6 +71,22 @@ Since the first obtained value for each parameter is used, more
@@ -143,7 +143,7 @@ index 4b42aab9d..d27655e15 100644
 The file contains keyword-argument pairs, one per line.
 Lines starting with
 .Ql #
-@@ -721,11 +737,12 @@ elapsed.
+@@ -729,11 +745,12 @@ elapsed.
 .It Cm ForwardX11Trusted
 If this option is set to
 .Cm yes ,
@@ -207,7 +207,7 @@ index 2c48105f8..ed8272f6d 100644
 # Example of overriding settings on a per-user basis
 #Match User anoncvs
 diff --git a/sshd_config.5 b/sshd_config.5
-index 270805060..02e29cb6f 100644
+index 25f4b8117..b8bea2ad7 100644
 --- a/sshd_config.5
 +++ b/sshd_config.5
 @@ -56,6 +56,28 @@ Arguments may optionally be enclosed in double quotes
diff --git a/debian/patches/dnssec-sshfp.patch b/debian/patches/dnssec-sshfp.patch
index 6e8f0ae2f..3744218ff 100644
--- a/debian/patches/dnssec-sshfp.patch
+++ b/debian/patches/dnssec-sshfp.patch
@@ -1,4 +1,4 @@
-From 6220be7f65137290fbe3ad71b83667e71e4ccd03 Mon Sep 17 00:00:00 2001
+From 74c1c0ef7689ea68dc8263f73c00ff8675f9f0fe Mon Sep 17 00:00:00 2001
 From: Colin Watson <cjwatson@debian.org>
 Date: Sun, 9 Feb 2014 16:10:01 +0000
 Subject: Force use of DNSSEC even if "options edns0" isn't in resolv.conf
diff --git a/debian/patches/doc-hash-tab-completion.patch b/debian/patches/doc-hash-tab-completion.patch
index d5ddbbd26..b0faea78c 100644
--- a/debian/patches/doc-hash-tab-completion.patch
+++ b/debian/patches/doc-hash-tab-completion.patch
@@ -1,4 +1,4 @@
-From 944653642de12f09baa546011429fb69ffc0065a Mon Sep 17 00:00:00 2001
+From a14ddfc3f607b0bf29046bfb4b26a6d827fa58c7 Mon Sep 17 00:00:00 2001
 From: Colin Watson <cjwatson@debian.org>
 Date: Sun, 9 Feb 2014 16:10:11 +0000
 Subject: Document that HashKnownHosts may break tab-completion
@@ -13,10 +13,10 @@ Patch-Name: doc-hash-tab-completion.patch
 1 file changed, 3 insertions(+)
 diff --git a/ssh_config.5 b/ssh_config.5
-index 2c74b57c0..4b42aab9d 100644
+index e61a0fd43..c6eaa63e7 100644
 --- a/ssh_config.5
 +++ b/ssh_config.5
-@@ -840,6 +840,9 @@ Note that existing names and addresses in known hosts files
+@@ -848,6 +848,9 @@ Note that existing names and addresses in known hosts files
 will not be converted automatically,
 but may be manually hashed using
 .Xr ssh-keygen 1 .
diff --git a/debian/patches/gnome-ssh-askpass2-icon.patch b/debian/patches/gnome-ssh-askpass2-icon.patch
index 89c2a9864..35b370752 100644
--- a/debian/patches/gnome-ssh-askpass2-icon.patch
+++ b/debian/patches/gnome-ssh-askpass2-icon.patch
@@ -1,4 +1,4 @@
-From 4360244ab2ed367bdb2c836292e761c589355950 Mon Sep 17 00:00:00 2001
+From 63da84c3570afb4fa6bab38fdac3e9af45d0ec54 Mon Sep 17 00:00:00 2001
 From: Vincent Untz <vuntz@ubuntu.com>
 Date: Sun, 9 Feb 2014 16:10:16 +0000
 Subject: Give the ssh-askpass-gnome window a default icon
@@ -12,10 +12,10 @@ Patch-Name: gnome-ssh-askpass2-icon.patch
 1 file changed, 2 insertions(+)
 diff --git a/contrib/gnome-ssh-askpass2.c b/contrib/gnome-ssh-askpass2.c
-index 535a69274..e37a13382 100644
+index bc83a2d67..88cdfaeff 100644
 --- a/contrib/gnome-ssh-askpass2.c
 +++ b/contrib/gnome-ssh-askpass2.c
-@@ -211,6 +211,8 @@ main(int argc, char **argv)
+@@ -233,6 +233,8 @@ main(int argc, char **argv)
 
        gtk_init(&argc, &argv);
 
diff --git a/debian/patches/gssapi.patch b/debian/patches/gssapi.patch
index b858f4915..4bf1d3f73 100644
--- a/debian/patches/gssapi.patch
+++ b/debian/patches/gssapi.patch
@@ -1,4 +1,4 @@
-From 9da806e67101afdc0d3a1d304659927acf18f5c5 Mon Sep 17 00:00:00 2001
+From 34aff3aa136e5a65f441b25811dd466488fda087 Mon Sep 17 00:00:00 2001
 From: Simon Wilkinson <simon@sxw.org.uk>
 Date: Sun, 9 Feb 2014 16:09:48 +0000
 Subject: GSSAPI key exchange support
@@ -18,12 +18,12 @@ security history.
 Origin: other, https://github.com/openssh-gsskex/openssh-gsskex/commits/debian/master
 Bug: https://bugzilla.mindrot.org/show_bug.cgi?id=1242
-Last-Updated: 2019-10-09
+Last-Updated: 2020-02-21
 Patch-Name: gssapi.patch
 ---
 Makefile.in     |   3 +-
- auth-krb5.c     |  17 +-
+ README.md       |  33 +++
 auth.c          |  96 +-------
 auth2-gss.c     |  56 ++++-
 auth2.c         |   2 +
@@ -34,14 +34,12 @@ Patch-Name: gssapi.patch
 gss-genr.c      | 300 +++++++++++++++++++++++-
 gss-serv-krb5.c |  85 ++++++-
 gss-serv.c      | 186 +++++++++++++--
- hmac.c          |   1 +
 kex.c           |  66 +++++-
 kex.h           |  29 +++
 kexdh.c         |  10 +
 kexgen.c        |   2 +-
 kexgssc.c       | 606 ++++++++++++++++++++++++++++++++++++++++++++++++
 kexgsss.c       | 474 +++++++++++++++++++++++++++++++++++++
- mac.c           |   1 +
 monitor.c       | 139 ++++++++++-
 monitor.h       |   2 +
 monitor_wrap.c  |  57 ++++-
@@ -53,96 +51,86 @@ Patch-Name: gssapi.patch
 session.c       |  10 +-
 ssh-gss.h       |  50 +++-
 ssh.1           |   8 +
- ssh.c           |   4 +-
+ ssh.c           |   6 +-
 ssh_config      |   2 +
 ssh_config.5    |  57 +++++
- sshconnect2.c   | 140 ++++++++++-
+ sshconnect2.c   | 142 +++++++++++-
- sshd.c          | 120 +++++++++-
+ sshd.c          |  62 ++++-
 sshd_config     |   2 +
 sshd_config.5   |  30 +++
 sshkey.c        |   3 +-
 sshkey.h        |   1 +
- 40 files changed, 2664 insertions(+), 160 deletions(-)
+ 38 files changed, 2624 insertions(+), 160 deletions(-)
 create mode 100644 kexgssc.c
 create mode 100644 kexgsss.c
 diff --git a/Makefile.in b/Makefile.in
-index adb1977e2..ab29e4f05 100644
+index e7549470c..b68c1710f 100644
 --- a/Makefile.in
 +++ b/Makefile.in
-@@ -100,6 +100,7 @@ LIBSSH_OBJS=${LIBOPENSSH_OBJS} \
+@@ -109,6 +109,7 @@ LIBSSH_OBJS=${LIBOPENSSH_OBJS} \
        kex.o kexdh.o kexgex.o kexecdh.o kexc25519.o \
        kexgexc.o kexgexs.o \
        sntrup4591761.o kexsntrup4591761x25519.o kexgen.o \
 +       kexgssc.o \
-        platform-pledge.o platform-tracing.o platform-misc.o
+        sftp-realpath.o platform-pledge.o platform-tracing.o platform-misc.o \
+        sshbuf-io.o
 
- 
+@@ -125,7 +126,7 @@ SSHDOBJS=sshd.o auth-rhosts.o auth-passwd.o \
-@@ -114,7 +115,7 @@ SSHDOBJS=sshd.o auth-rhosts.o auth-passwd.o \
        auth-bsdauth.o auth2-hostbased.o auth2-kbdint.o \
        auth2-none.o auth2-passwd.o auth2-pubkey.o \
        monitor.o monitor_wrap.o auth-krb5.o \
 -       auth2-gss.o gss-serv.o gss-serv-krb5.o \
 +       auth2-gss.o gss-serv.o gss-serv-krb5.o kexgsss.o \
        loginrec.o auth-pam.o auth-shadow.o auth-sia.o md5crypt.o \
-        sftp-server.o sftp-common.o sftp-realpath.o \
+        sftp-server.o sftp-common.o \
        sandbox-null.o sandbox-rlimit.o sandbox-systrace.o sandbox-darwin.o \
-diff --git a/auth-krb5.c b/auth-krb5.c
+diff --git a/README.md b/README.md
-index 3096f1c8e..204752e1b 100644
+index 28fb43d2a..5b73d24c0 100644
--- a/auth-krb5.c
+--- a/README.md
-+++ b/auth-krb5.c
+++ b/README.md
-@@ -182,8 +182,13 @@ auth_krb5_password(Authctxt *authctxt, const char *password)
+@@ -1,3 +1,36 @@
- 
+Portable OpenSSH with GSSAPI Key Exchange patches
-        len = strlen(authctxt->krb5_ticket_file) + 6;
+=================================================
-        authctxt->krb5_ccname = xmalloc(len);
+
-+#ifdef USE_CCAPI
+Currently, there are two branches with gssapi key exchange related
-+       snprintf(authctxt->krb5_ccname, len, "API:%s",
+patches:
-+           authctxt->krb5_ticket_file);
+
-+#else
+ * fedora/master: Changes that are shipped in Fedora
-        snprintf(authctxt->krb5_ccname, len, "FILE:%s",
+ * debian/master: Changes that are shipped in Debian
-            authctxt->krb5_ticket_file);
+
-+#endif
+The target is to converge to a shared repository with single master
- 
+branch from where we could build releases for both OSes.
- #ifdef USE_PAM
+
-        if (options.use_pam)
+
-@@ -240,15 +245,22 @@ krb5_cleanup_proc(Authctxt *authctxt)
+What is in:
- #ifndef HEIMDAL
+
- krb5_error_code
+ * The original patch implementing missing parts of RFC4462 by Simon Wilkinson
- ssh_krb5_cc_gen(krb5_context ctx, krb5_ccache *ccache) {
+   adapted to the current OpenSSH versions and with several fixes
-       int tmpfd, ret, oerrno;
+ * New methods for GSSAPI Kex from IETF draft [1] from Jakub Jelen
-+       int ret, oerrno;
+
-        char ccname[40];
+
-        mode_t old_umask;
+Missing kerberos-related parts:
-+#ifdef USE_CCAPI
+
-+       char cctemplate[] = "API:krb5cc_%d";
+ * .k5login and .kusers support available in Fedora [2] [3].
-+#else
+ * Improved handling of kerberos ccache location [4]
-+       char cctemplate[] = "FILE:/tmp/krb5cc_%d_XXXXXXXXXX";
+
-+       int tmpfd;
+
-+#endif
+[1] https://tools.ietf.org/html/draft-ietf-curdle-gss-keyex-sha2-08
- 
+[2] https://src.fedoraproject.org/rpms/openssh/blob/master/f/openssh-6.6p1-kuserok.patch
-        ret = snprintf(ccname, sizeof(ccname),
+[3] https://src.fedoraproject.org/rpms/openssh/blob/master/f/openssh-6.6p1-GSSAPIEnablek5users.patch
-           "FILE:/tmp/krb5cc_%d_XXXXXXXXXX", geteuid());
+[4] https://bugzilla.mindrot.org/show_bug.cgi?id=2775
-+           cctemplate, geteuid());
+
-        if (ret < 0 || (size_t)ret >= sizeof(ccname))
+-------------------------------------------------------------------------------
-                return ENOMEM;
+
- 
+ # Portable OpenSSH
-+#ifndef USE_CCAPI
-        old_umask = umask(0177);
-        tmpfd = mkstemp(ccname + strlen("FILE:"));
-        oerrno = errno;
-@@ -265,6 +277,7 @@ ssh_krb5_cc_gen(krb5_context ctx, krb5_ccache *ccache) {
-                return oerrno;
-        }
-        close(tmpfd);
-+#endif
 
-        return (krb5_cc_resolve(ctx, ccname, ccache));
+ [![Fuzzing Status](https://oss-fuzz-build-logs.storage.googleapis.com/badges/openssh.svg)](https://bugs.chromium.org/p/oss-fuzz/issues/list?sort=-opened&can=1&q=proj:openssh)
- }
 diff --git a/auth.c b/auth.c
-index ca450f4e4..47c27773c 100644
+index 086b8ebb1..687c57b42 100644
 --- a/auth.c
 +++ b/auth.c
-@@ -399,7 +399,8 @@ auth_root_allowed(struct ssh *ssh, const char *method)
+@@ -400,7 +400,8 @@ auth_root_allowed(struct ssh *ssh, const char *method)
        case PERMIT_NO_PASSWD:
                if (strcmp(method, "publickey") == 0 ||
                    strcmp(method, "hostbased") == 0 ||
@@ -152,7 +140,7 @@ index ca450f4e4..47c27773c 100644
                        return 1;
                break;
        case PERMIT_FORCED_ONLY:
-@@ -723,99 +724,6 @@ fakepw(void)
+@@ -724,99 +725,6 @@ fakepw(void)
        return (&fake);
 }
 
@@ -181,7 +169,7 @@ index ca450f4e4..47c27773c 100644
 -       if (getpeername(ssh_packet_get_connection_in(ssh),
 -           (struct sockaddr *)&from, &fromlen) == -1) {
 -               debug("getpeername failed: %.100s", strerror(errno));
-               return strdup(ntop);
+-               return xstrdup(ntop);
 -       }
 -
 -       ipv64_normalise_mapped(&from, &fromlen);
@@ -193,7 +181,7 @@ index ca450f4e4..47c27773c 100644
 -       if (getnameinfo((struct sockaddr *)&from, fromlen, name, sizeof(name),
 -           NULL, 0, NI_NAMEREQD) != 0) {
 -               /* Host name not found.  Use ip address. */
-               return strdup(ntop);
+-               return xstrdup(ntop);
 -       }
 -
 -       /*
@@ -208,7 +196,7 @@ index ca450f4e4..47c27773c 100644
 -               logit("Nasty PTR record \"%s\" is set up for %s, ignoring",
 -                   name, ntop);
 -               freeaddrinfo(ai);
-               return strdup(ntop);
+-               return xstrdup(ntop);
 -       }
 -
 -       /* Names are stored in lowercase. */
@@ -229,7 +217,7 @@ index ca450f4e4..47c27773c 100644
 -       if (getaddrinfo(name, NULL, &hints, &aitop) != 0) {
 -               logit("reverse mapping checking getaddrinfo for %.700s "
 -                   "[%s] failed.", name, ntop);
-               return strdup(ntop);
+-               return xstrdup(ntop);
 -       }
 -       /* Look for the address from the list of addresses. */
 -       for (ai = aitop; ai; ai = ai->ai_next) {
@@ -244,9 +232,9 @@ index ca450f4e4..47c27773c 100644
 -               /* Address not found for the host name. */
 -               logit("Address %.100s maps to %.600s, but this does not "
 -                   "map back to the address.", ntop, name);
-               return strdup(ntop);
+-               return xstrdup(ntop);
 -       }
-       return strdup(name);
+-       return xstrdup(name);
 -}
 -
 /*
@@ -368,7 +356,7 @@ index 0e7762242..1c217268c 100644
 #endif
        &method_passwd,
 diff --git a/canohost.c b/canohost.c
-index abea9c6e6..9a00fc2cf 100644
+index abea9c6e6..8e81b5193 100644
 --- a/canohost.c
 +++ b/canohost.c
 @@ -35,6 +35,99 @@
@@ -400,7 +388,7 @@ index abea9c6e6..9a00fc2cf 100644
 +       if (getpeername(ssh_packet_get_connection_in(ssh),
 +           (struct sockaddr *)&from, &fromlen) == -1) {
 +               debug("getpeername failed: %.100s", strerror(errno));
-+               return strdup(ntop);
+               return xstrdup(ntop);
 +       }
 +
 +       ipv64_normalise_mapped(&from, &fromlen);
@@ -412,7 +400,7 @@ index abea9c6e6..9a00fc2cf 100644
 +       if (getnameinfo((struct sockaddr *)&from, fromlen, name, sizeof(name),
 +           NULL, 0, NI_NAMEREQD) != 0) {
 +               /* Host name not found.  Use ip address. */
-+               return strdup(ntop);
+               return xstrdup(ntop);
 +       }
 +
 +       /*
@@ -427,7 +415,7 @@ index abea9c6e6..9a00fc2cf 100644
 +               logit("Nasty PTR record \"%s\" is set up for %s, ignoring",
 +                   name, ntop);
 +               freeaddrinfo(ai);
-+               return strdup(ntop);
+               return xstrdup(ntop);
 +       }
 +
 +       /* Names are stored in lowercase. */
@@ -448,7 +436,7 @@ index abea9c6e6..9a00fc2cf 100644
 +       if (getaddrinfo(name, NULL, &hints, &aitop) != 0) {
 +               logit("reverse mapping checking getaddrinfo for %.700s "
 +                   "[%s] failed.", name, ntop);
-+               return strdup(ntop);
+               return xstrdup(ntop);
 +       }
 +       /* Look for the address from the list of addresses. */
 +       for (ai = aitop; ai; ai = ai->ai_next) {
@@ -463,9 +451,9 @@ index abea9c6e6..9a00fc2cf 100644
 +               /* Address not found for the host name. */
 +               logit("Address %.100s maps to %.600s, but this does not "
 +                   "map back to the address.", ntop, name);
-+               return strdup(ntop);
+               return xstrdup(ntop);
 +       }
-+       return strdup(name);
+       return xstrdup(name);
 +}
 +
 void
@@ -486,7 +474,7 @@ index 26d62855a..0cadc9f18 100644
 int             get_peer_port(int);
 char           *get_local_ipaddr(int);
 diff --git a/clientloop.c b/clientloop.c
-index b5a1f7038..9def2a1a9 100644
+index ebd0dbca1..1bdac6a46 100644
 --- a/clientloop.c
 +++ b/clientloop.c
 @@ -112,6 +112,10 @@
@@ -500,7 +488,7 @@ index b5a1f7038..9def2a1a9 100644
 /* import options */
 extern Options options;
 
-@@ -1373,9 +1377,18 @@ client_loop(struct ssh *ssh, int have_pty, int escape_char_arg,
+@@ -1379,9 +1383,18 @@ client_loop(struct ssh *ssh, int have_pty, int escape_char_arg,
                        break;
 
                /* Do channel operations unless rekeying in progress. */
@@ -521,10 +509,10 @@ index b5a1f7038..9def2a1a9 100644
                client_process_net_input(ssh, readset);
 
 diff --git a/configure.ac b/configure.ac
-index 3e93c0276..1c2512314 100644
+index b689db4b5..efafb6bd8 100644
 --- a/configure.ac
 +++ b/configure.ac
-@@ -666,6 +666,30 @@ main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16))
+@@ -674,6 +674,30 @@ main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16))
            [Use tunnel device compatibility to OpenBSD])
        AC_DEFINE([SSH_TUN_PREPEND_AF], [1],
            [Prepend the address family to IP tunnel traffic])
@@ -1338,23 +1326,11 @@ index ab3a15f0f..1d47870e7 100644
 }
 
 /* Privileged */
-diff --git a/hmac.c b/hmac.c
-index 32688876d..a79e8569c 100644
--- a/hmac.c
-+++ b/hmac.c
-@@ -21,6 +21,7 @@
- 
- #include <stdlib.h>
- #include <string.h>
-+#include <stdlib.h>
- 
- #include "sshbuf.h"
- #include "digest.h"
 diff --git a/kex.c b/kex.c
-index 49d701568..e09355dbd 100644
+index ce85f0439..574c76093 100644
 --- a/kex.c
 +++ b/kex.c
-@@ -55,11 +55,16 @@
+@@ -57,11 +57,16 @@
 #include "misc.h"
 #include "dispatch.h"
 #include "monitor.h"
@@ -1371,7 +1347,7 @@ index 49d701568..e09355dbd 100644
 /* prototype */
 static int kex_choose_conf(struct ssh *);
 static int kex_input_newkeys(int, u_int32_t, struct ssh *);
-@@ -113,15 +118,28 @@ static const struct kexalg kexalgs[] = {
+@@ -115,15 +120,28 @@ static const struct kexalg kexalgs[] = {
 #endif /* HAVE_EVP_SHA256 || !WITH_OPENSSL */
        { NULL, 0, -1, -1},
 };
@@ -1386,7 +1362,7 @@ index 49d701568..e09355dbd 100644
 +           NID_X9_62_prime256v1, SSH_DIGEST_SHA256 },
 +       { KEX_GSS_C25519_SHA256_ID, KEX_GSS_C25519_SHA256, 0, SSH_DIGEST_SHA256 },
 +#endif
-+       { NULL, 0, -1, -1 },
+       { NULL, 0, -1, -1},
 +};
 
 -char *
@@ -1403,7 +1379,7 @@ index 49d701568..e09355dbd 100644
                if (ret != NULL)
                        ret[rlen++] = sep;
                nlen = strlen(k->name);
-@@ -136,6 +154,18 @@ kex_alg_list(char sep)
+@@ -138,6 +156,18 @@ kex_alg_list(char sep)
        return ret;
 }
 
@@ -1422,7 +1398,7 @@ index 49d701568..e09355dbd 100644
 static const struct kexalg *
 kex_alg_by_name(const char *name)
 {
-@@ -145,6 +175,10 @@ kex_alg_by_name(const char *name)
+@@ -147,6 +177,10 @@ kex_alg_by_name(const char *name)
                if (strcmp(k->name, name) == 0)
                        return k;
        }
@@ -1433,7 +1409,7 @@ index 49d701568..e09355dbd 100644
        return NULL;
 }
 
-@@ -313,6 +347,29 @@ kex_assemble_names(char **listp, const char *def, const char *all)
+@@ -315,6 +349,29 @@ kex_assemble_names(char **listp, const char *def, const char *all)
        return r;
 }
 
@@ -1463,7 +1439,7 @@ index 49d701568..e09355dbd 100644
 /* put algorithm proposal into buffer */
 int
 kex_prop2buf(struct sshbuf *b, char *proposal[PROPOSAL_MAX])
-@@ -696,6 +753,9 @@ kex_free(struct kex *kex)
+@@ -698,6 +755,9 @@ kex_free(struct kex *kex)
        sshbuf_free(kex->server_version);
        sshbuf_free(kex->client_pub);
        free(kex->session_id);
@@ -1572,7 +1548,7 @@ index 67133e339..edaa46762 100644
                break;
        case KEX_DH_GRP18_SHA512:
 diff --git a/kexgen.c b/kexgen.c
-index bb996b504..d353ed8b0 100644
+index 69348b964..c0e8c2f44 100644
 --- a/kexgen.c
 +++ b/kexgen.c
 @@ -44,7 +44,7 @@
@@ -2676,23 +2652,11 @@ index 000000000..60bc02deb
 +       return r;
 +}
 +#endif /* defined(GSSAPI) && defined(WITH_OPENSSL) */
-diff --git a/mac.c b/mac.c
-index f3dda6692..de346ed20 100644
--- a/mac.c
-+++ b/mac.c
-@@ -30,6 +30,7 @@
- #include <stdlib.h>
- #include <string.h>
- #include <stdio.h>
-+#include <stdlib.h>
- 
- #include "digest.h"
- #include "hmac.h"
 diff --git a/monitor.c b/monitor.c
-index 00af44f98..bead9e204 100644
+index 2ce89fe90..ebf76c7f9 100644
 --- a/monitor.c
 +++ b/monitor.c
-@@ -147,6 +147,8 @@ int mm_answer_gss_setup_ctx(struct ssh *, int, struct sshbuf *);
+@@ -148,6 +148,8 @@ int mm_answer_gss_setup_ctx(struct ssh *, int, struct sshbuf *);
 int mm_answer_gss_accept_ctx(struct ssh *, int, struct sshbuf *);
 int mm_answer_gss_userok(struct ssh *, int, struct sshbuf *);
 int mm_answer_gss_checkmic(struct ssh *, int, struct sshbuf *);
@@ -2701,7 +2665,7 @@ index 00af44f98..bead9e204 100644
 #endif
 
 #ifdef SSH_AUDIT_EVENTS
-@@ -219,11 +221,18 @@ struct mon_table mon_dispatch_proto20[] = {
+@@ -220,11 +222,18 @@ struct mon_table mon_dispatch_proto20[] = {
     {MONITOR_REQ_GSSSTEP, 0, mm_answer_gss_accept_ctx},
     {MONITOR_REQ_GSSUSEROK, MON_ONCE|MON_AUTHDECIDE, mm_answer_gss_userok},
     {MONITOR_REQ_GSSCHECKMIC, MON_ONCE, mm_answer_gss_checkmic},
@@ -2720,7 +2684,7 @@ index 00af44f98..bead9e204 100644
 #ifdef WITH_OPENSSL
     {MONITOR_REQ_MODULI, 0, mm_answer_moduli},
 #endif
-@@ -292,6 +301,10 @@ monitor_child_preauth(struct ssh *ssh, struct monitor *pmonitor)
+@@ -293,6 +302,10 @@ monitor_child_preauth(struct ssh *ssh, struct monitor *pmonitor)
        /* Permit requests for moduli and signatures */
        monitor_permit(mon_dispatch, MONITOR_REQ_MODULI, 1);
        monitor_permit(mon_dispatch, MONITOR_REQ_SIGN, 1);
@@ -2731,7 +2695,7 @@ index 00af44f98..bead9e204 100644
 
        /* The first few requests do not require asynchronous access */
        while (!authenticated) {
-@@ -405,6 +418,10 @@ monitor_child_postauth(struct ssh *ssh, struct monitor *pmonitor)
+@@ -406,6 +419,10 @@ monitor_child_postauth(struct ssh *ssh, struct monitor *pmonitor)
        monitor_permit(mon_dispatch, MONITOR_REQ_MODULI, 1);
        monitor_permit(mon_dispatch, MONITOR_REQ_SIGN, 1);
        monitor_permit(mon_dispatch, MONITOR_REQ_TERM, 1);
@@ -2742,7 +2706,7 @@ index 00af44f98..bead9e204 100644
 
        if (auth_opts->permit_pty_flag) {
                monitor_permit(mon_dispatch, MONITOR_REQ_PTY, 1);
-@@ -1687,6 +1704,17 @@ monitor_apply_keystate(struct ssh *ssh, struct monitor *pmonitor)
+@@ -1713,6 +1730,17 @@ monitor_apply_keystate(struct ssh *ssh, struct monitor *pmonitor)
 # ifdef OPENSSL_HAS_ECC
                kex->kex[KEX_ECDH_SHA2] = kex_gen_server;
 # endif
@@ -2760,7 +2724,7 @@ index 00af44f98..bead9e204 100644
 #endif /* WITH_OPENSSL */
                kex->kex[KEX_C25519_SHA256] = kex_gen_server;
                kex->kex[KEX_KEM_SNTRUP4591761X25519_SHA512] = kex_gen_server;
-@@ -1780,8 +1808,8 @@ mm_answer_gss_setup_ctx(struct ssh *ssh, int sock, struct sshbuf *m)
+@@ -1806,8 +1834,8 @@ mm_answer_gss_setup_ctx(struct ssh *ssh, int sock, struct sshbuf *m)
        u_char *p;
        int r;
 
@@ -2771,7 +2735,7 @@ index 00af44f98..bead9e204 100644
 
        if ((r = sshbuf_get_string(m, &p, &len)) != 0)
                fatal("%s: buffer error: %s", __func__, ssh_err(r));
-@@ -1813,8 +1841,8 @@ mm_answer_gss_accept_ctx(struct ssh *ssh, int sock, struct sshbuf *m)
+@@ -1839,8 +1867,8 @@ mm_answer_gss_accept_ctx(struct ssh *ssh, int sock, struct sshbuf *m)
        OM_uint32 flags = 0; /* GSI needs this */
        int r;
 
@@ -2782,7 +2746,7 @@ index 00af44f98..bead9e204 100644
 
        if ((r = ssh_gssapi_get_buffer_desc(m, &in)) != 0)
                fatal("%s: buffer error: %s", __func__, ssh_err(r));
-@@ -1834,6 +1862,7 @@ mm_answer_gss_accept_ctx(struct ssh *ssh, int sock, struct sshbuf *m)
+@@ -1860,6 +1888,7 @@ mm_answer_gss_accept_ctx(struct ssh *ssh, int sock, struct sshbuf *m)
                monitor_permit(mon_dispatch, MONITOR_REQ_GSSSTEP, 0);
                monitor_permit(mon_dispatch, MONITOR_REQ_GSSUSEROK, 1);
                monitor_permit(mon_dispatch, MONITOR_REQ_GSSCHECKMIC, 1);
@@ -2790,7 +2754,7 @@ index 00af44f98..bead9e204 100644
        }
        return (0);
 }
-@@ -1845,8 +1874,8 @@ mm_answer_gss_checkmic(struct ssh *ssh, int sock, struct sshbuf *m)
+@@ -1871,8 +1900,8 @@ mm_answer_gss_checkmic(struct ssh *ssh, int sock, struct sshbuf *m)
        OM_uint32 ret;
        int r;
 
@@ -2801,7 +2765,7 @@ index 00af44f98..bead9e204 100644
 
        if ((r = ssh_gssapi_get_buffer_desc(m, &gssbuf)) != 0 ||
            (r = ssh_gssapi_get_buffer_desc(m, &mic)) != 0)
-@@ -1872,13 +1901,17 @@ mm_answer_gss_checkmic(struct ssh *ssh, int sock, struct sshbuf *m)
+@@ -1898,13 +1927,17 @@ mm_answer_gss_checkmic(struct ssh *ssh, int sock, struct sshbuf *m)
 int
 mm_answer_gss_userok(struct ssh *ssh, int sock, struct sshbuf *m)
 {
@@ -2823,7 +2787,7 @@ index 00af44f98..bead9e204 100644
 
        sshbuf_reset(m);
        if ((r = sshbuf_put_u32(m, authenticated)) != 0)
-@@ -1887,7 +1920,11 @@ mm_answer_gss_userok(struct ssh *ssh, int sock, struct sshbuf *m)
+@@ -1913,7 +1946,11 @@ mm_answer_gss_userok(struct ssh *ssh, int sock, struct sshbuf *m)
        debug3("%s: sending result %d", __func__, authenticated);
        mm_request_send(sock, MONITOR_ANS_GSSUSEROK, m);
 
@@ -2836,7 +2800,7 @@ index 00af44f98..bead9e204 100644
 
        if ((displayname = ssh_gssapi_displayname()) != NULL)
                auth2_record_info(authctxt, "%s", displayname);
-@@ -1895,5 +1932,85 @@ mm_answer_gss_userok(struct ssh *ssh, int sock, struct sshbuf *m)
+@@ -1921,5 +1958,85 @@ mm_answer_gss_userok(struct ssh *ssh, int sock, struct sshbuf *m)
        /* Monitor loop will terminate if authenticated */
        return (authenticated);
 }
@@ -2936,10 +2900,10 @@ index 683e5e071..2b1a2d590 100644
 
 struct ssh;
 diff --git a/monitor_wrap.c b/monitor_wrap.c
-index 4169b7604..fdca39a6a 100644
+index 001a8fa1c..6edb509a3 100644
 --- a/monitor_wrap.c
 +++ b/monitor_wrap.c
-@@ -978,13 +978,15 @@ mm_ssh_gssapi_checkmic(Gssctxt *ctx, gss_buffer_t gssbuf, gss_buffer_t gssmic)
+@@ -993,13 +993,15 @@ mm_ssh_gssapi_checkmic(Gssctxt *ctx, gss_buffer_t gssbuf, gss_buffer_t gssmic)
 }
 
 int
@@ -2956,7 +2920,7 @@ index 4169b7604..fdca39a6a 100644
 
        mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_GSSUSEROK, m);
        mm_request_receive_expect(pmonitor->m_recvfd,
-@@ -997,4 +999,57 @@ mm_ssh_gssapi_userok(char *user)
+@@ -1012,4 +1014,57 @@ mm_ssh_gssapi_userok(char *user)
        debug3("%s: user %sauthenticated",__func__, authenticated ? "" : "not ");
        return (authenticated);
 }
@@ -3015,10 +2979,10 @@ index 4169b7604..fdca39a6a 100644
 +
 #endif /* GSSAPI */
 diff --git a/monitor_wrap.h b/monitor_wrap.h
-index 191277f3a..92dda574b 100644
+index 23ab096aa..485590c18 100644
 --- a/monitor_wrap.h
 +++ b/monitor_wrap.h
-@@ -63,8 +63,10 @@ int mm_sshkey_verify(const struct sshkey *, const u_char *, size_t,
+@@ -64,8 +64,10 @@ int mm_sshkey_verify(const struct sshkey *, const u_char *, size_t,
 OM_uint32 mm_ssh_gssapi_server_ctx(Gssctxt **, gss_OID);
 OM_uint32 mm_ssh_gssapi_accept_ctx(Gssctxt *,
    gss_buffer_desc *, gss_buffer_desc *, OM_uint32 *);
@@ -3031,7 +2995,7 @@ index 191277f3a..92dda574b 100644
 
 #ifdef USE_PAM
 diff --git a/readconf.c b/readconf.c
-index f78b4d6fe..3c68d1a88 100644
+index f3cac6b3a..da8022dd0 100644
 --- a/readconf.c
 +++ b/readconf.c
 @@ -67,6 +67,7 @@
@@ -3042,7 +3006,7 @@ index f78b4d6fe..3c68d1a88 100644
 
 /* Format of the configuration file:
 
-@@ -162,6 +163,8 @@ typedef enum {
+@@ -160,6 +161,8 @@ typedef enum {
        oClearAllForwardings, oNoHostAuthenticationForLocalhost,
        oEnableSSHKeysign, oRekeyLimit, oVerifyHostKeyDNS, oConnectTimeout,
        oAddressFamily, oGssAuthentication, oGssDelegateCreds,
@@ -3051,7 +3015,7 @@ index f78b4d6fe..3c68d1a88 100644
        oServerAliveInterval, oServerAliveCountMax, oIdentitiesOnly,
        oSendEnv, oSetEnv, oControlPath, oControlMaster, oControlPersist,
        oHashKnownHosts,
-@@ -202,10 +205,22 @@ static struct {
+@@ -204,10 +207,22 @@ static struct {
        /* Sometimes-unsupported options */
 #if defined(GSSAPI)
        { "gssapiauthentication", oGssAuthentication },
@@ -3074,7 +3038,7 @@ index f78b4d6fe..3c68d1a88 100644
 #endif
 #ifdef ENABLE_PKCS11
        { "pkcs11provider", oPKCS11Provider },
-@@ -988,10 +1003,42 @@ parse_time:
+@@ -1029,10 +1044,42 @@ parse_time:
                intptr = &options->gss_authentication;
                goto parse_flag;
 
@@ -3117,7 +3081,7 @@ index f78b4d6fe..3c68d1a88 100644
        case oBatchMode:
                intptr = &options->batch_mode;
                goto parse_flag;
-@@ -1863,7 +1910,13 @@ initialize_options(Options * options)
+@@ -1911,7 +1958,13 @@ initialize_options(Options * options)
        options->pubkey_authentication = -1;
        options->challenge_response_authentication = -1;
        options->gss_authentication = -1;
@@ -3131,7 +3095,7 @@ index f78b4d6fe..3c68d1a88 100644
        options->password_authentication = -1;
        options->kbd_interactive_authentication = -1;
        options->kbd_interactive_devices = NULL;
-@@ -2009,8 +2062,18 @@ fill_default_options(Options * options)
+@@ -2059,8 +2112,18 @@ fill_default_options(Options * options)
                options->challenge_response_authentication = 1;
        if (options->gss_authentication == -1)
                options->gss_authentication = 0;
@@ -3150,7 +3114,7 @@ index f78b4d6fe..3c68d1a88 100644
        if (options->password_authentication == -1)
                options->password_authentication = 1;
        if (options->kbd_interactive_authentication == -1)
-@@ -2625,7 +2688,14 @@ dump_client_config(Options *o, const char *host)
+@@ -2702,7 +2765,14 @@ dump_client_config(Options *o, const char *host)
        dump_cfg_fmtint(oGatewayPorts, o->fwd_opts.gateway_ports);
 #ifdef GSSAPI
        dump_cfg_fmtint(oGssAuthentication, o->gss_authentication);
@@ -3166,10 +3130,10 @@ index f78b4d6fe..3c68d1a88 100644
        dump_cfg_fmtint(oHashKnownHosts, o->hash_known_hosts);
        dump_cfg_fmtint(oHostbasedAuthentication, o->hostbased_authentication);
 diff --git a/readconf.h b/readconf.h
-index 8e36bf32a..0bff6d80a 100644
+index feedb3d20..a8a8870d7 100644
 --- a/readconf.h
 +++ b/readconf.h
-@@ -40,7 +40,13 @@ typedef struct {
+@@ -41,7 +41,13 @@ typedef struct {
        int     challenge_response_authentication;
                                        /* Try S/Key or TIS, authentication. */
        int     gss_authentication;     /* Try GSS authentication */
@@ -3184,10 +3148,10 @@ index 8e36bf32a..0bff6d80a 100644
                                                 * authentication. */
        int     kbd_interactive_authentication; /* Try keyboard-interactive auth. */
 diff --git a/servconf.c b/servconf.c
-index e76f9c39e..f63eb0b94 100644
+index 70f5f73f0..191575a16 100644
 --- a/servconf.c
 +++ b/servconf.c
-@@ -64,6 +64,7 @@
+@@ -69,6 +69,7 @@
 #include "auth.h"
 #include "myproposal.h"
 #include "digest.h"
@@ -3195,7 +3159,7 @@ index e76f9c39e..f63eb0b94 100644
 
 static void add_listen_addr(ServerOptions *, const char *,
     const char *, int);
-@@ -124,8 +125,11 @@ initialize_server_options(ServerOptions *options)
+@@ -133,8 +134,11 @@ initialize_server_options(ServerOptions *options)
        options->kerberos_ticket_cleanup = -1;
        options->kerberos_get_afs_token = -1;
        options->gss_authentication=-1;
@@ -3207,7 +3171,7 @@ index e76f9c39e..f63eb0b94 100644
        options->password_authentication = -1;
        options->kbd_interactive_authentication = -1;
        options->challenge_response_authentication = -1;
-@@ -351,10 +355,18 @@ fill_default_server_options(ServerOptions *options)
+@@ -375,10 +379,18 @@ fill_default_server_options(ServerOptions *options)
                options->kerberos_get_afs_token = 0;
        if (options->gss_authentication == -1)
                options->gss_authentication = 0;
@@ -3226,7 +3190,7 @@ index e76f9c39e..f63eb0b94 100644
        if (options->password_authentication == -1)
                options->password_authentication = 1;
        if (options->kbd_interactive_authentication == -1)
-@@ -498,6 +510,7 @@ typedef enum {
+@@ -531,6 +543,7 @@ typedef enum {
        sHostKeyAlgorithms,
        sClientAliveInterval, sClientAliveCountMax, sAuthorizedKeysFile,
        sGssAuthentication, sGssCleanupCreds, sGssStrictAcceptor,
@@ -3234,7 +3198,7 @@ index e76f9c39e..f63eb0b94 100644
        sAcceptEnv, sSetEnv, sPermitTunnel,
        sMatch, sPermitOpen, sPermitListen, sForceCommand, sChrootDirectory,
        sUsePrivilegeSeparation, sAllowAgentForwarding,
-@@ -572,12 +585,22 @@ static struct {
+@@ -607,12 +620,22 @@ static struct {
 #ifdef GSSAPI
        { "gssapiauthentication", sGssAuthentication, SSHCFG_ALL },
        { "gssapicleanupcredentials", sGssCleanupCreds, SSHCFG_GLOBAL },
@@ -3257,7 +3221,7 @@ index e76f9c39e..f63eb0b94 100644
        { "passwordauthentication", sPasswordAuthentication, SSHCFG_ALL },
        { "kbdinteractiveauthentication", sKbdInteractiveAuthentication, SSHCFG_ALL },
        { "challengeresponseauthentication", sChallengeResponseAuthentication, SSHCFG_GLOBAL },
-@@ -1488,6 +1511,10 @@ process_server_config_line(ServerOptions *options, char *line,
+@@ -1548,6 +1571,10 @@ process_server_config_line_depth(ServerOptions *options, char *line,
                intptr = &options->gss_authentication;
                goto parse_flag;
 
@@ -3268,7 +3232,7 @@ index e76f9c39e..f63eb0b94 100644
        case sGssCleanupCreds:
                intptr = &options->gss_cleanup_creds;
                goto parse_flag;
-@@ -1496,6 +1523,22 @@ process_server_config_line(ServerOptions *options, char *line,
+@@ -1556,6 +1583,22 @@ process_server_config_line_depth(ServerOptions *options, char *line,
                intptr = &options->gss_strict_acceptor;
                goto parse_flag;
 
@@ -3291,7 +3255,7 @@ index e76f9c39e..f63eb0b94 100644
        case sPasswordAuthentication:
                intptr = &options->password_authentication;
                goto parse_flag;
-@@ -2585,6 +2628,10 @@ dump_config(ServerOptions *o)
+@@ -2777,6 +2820,10 @@ dump_config(ServerOptions *o)
 #ifdef GSSAPI
        dump_cfg_fmtint(sGssAuthentication, o->gss_authentication);
        dump_cfg_fmtint(sGssCleanupCreds, o->gss_cleanup_creds);
@@ -3303,10 +3267,10 @@ index e76f9c39e..f63eb0b94 100644
        dump_cfg_fmtint(sPasswordAuthentication, o->password_authentication);
        dump_cfg_fmtint(sKbdInteractiveAuthentication,
 diff --git a/servconf.h b/servconf.h
-index 5483da051..29329ba1f 100644
+index 4202a2d02..3f47ea25e 100644
 --- a/servconf.h
 +++ b/servconf.h
-@@ -126,8 +126,11 @@ typedef struct {
+@@ -132,8 +132,11 @@ typedef struct {
        int     kerberos_get_afs_token;         /* If true, try to get AFS token if
                                                 * authenticated with Kerberos. */
        int     gss_authentication;     /* If true, permit GSSAPI authentication */
@@ -3319,10 +3283,10 @@ index 5483da051..29329ba1f 100644
                                                 * authentication. */
        int     kbd_interactive_authentication; /* If true, permit */
 diff --git a/session.c b/session.c
-index 8f5d7e0a4..f1a47f766 100644
+index 8c0e54f79..06a33442a 100644
 --- a/session.c
 +++ b/session.c
-@@ -2674,13 +2674,19 @@ do_cleanup(struct ssh *ssh, Authctxt *authctxt)
+@@ -2678,13 +2678,19 @@ do_cleanup(struct ssh *ssh, Authctxt *authctxt)
 
 #ifdef KRB5
        if (options.kerberos_ticket_cleanup &&
@@ -3465,10 +3429,10 @@ index 36180d07a..70dd36658 100644
 
 #endif /* _SSH_GSS_H */
 diff --git a/ssh.1 b/ssh.1
-index 424d6c3e8..26940ad55 100644
+index 60de6087a..db5c65bc7 100644
 --- a/ssh.1
 +++ b/ssh.1
-@@ -497,7 +497,13 @@ For full details of the options listed below, and their possible values, see
+@@ -503,7 +503,13 @@ For full details of the options listed below, and their possible values, see
 .It GatewayPorts
 .It GlobalKnownHostsFile
 .It GSSAPIAuthentication
@@ -3482,7 +3446,7 @@ index 424d6c3e8..26940ad55 100644
 .It HashKnownHosts
 .It Host
 .It HostbasedAuthentication
-@@ -573,6 +579,8 @@ flag),
+@@ -579,6 +585,8 @@ flag),
 (supported message integrity codes),
 .Ar kex
 (key exchange algorithms),
@@ -3492,27 +3456,29 @@ index 424d6c3e8..26940ad55 100644
 (key types),
 .Ar key-cert
 diff --git a/ssh.c b/ssh.c
-index ee51823cd..2da9f5d0d 100644
+index 15aee569e..110cf9c19 100644
 --- a/ssh.c
 +++ b/ssh.c
-@@ -736,6 +736,8 @@ main(int ac, char **av)
+@@ -747,6 +747,8 @@ main(int ac, char **av)
-                                cp = mac_alg_list('\n');
+                        else if (strcmp(optarg, "kex") == 0 ||
-                        else if (strcmp(optarg, "kex") == 0)
+                            strcasecmp(optarg, "KexAlgorithms") == 0)
                                cp = kex_alg_list('\n');
 +                       else if (strcmp(optarg, "kex-gss") == 0)
 +                               cp = kex_gss_alg_list('\n');
                        else if (strcmp(optarg, "key") == 0)
                                cp = sshkey_alg_list(0, 0, 0, '\n');
                        else if (strcmp(optarg, "key-cert") == 0)
-@@ -748,7 +750,7 @@ main(int ac, char **av)
+@@ -772,8 +774,8 @@ main(int ac, char **av)
-                                cp = xstrdup("2");
+                        } else if (strcmp(optarg, "help") == 0) {
-                        else if (strcmp(optarg, "help") == 0) {
                                cp = xstrdup(
-                                   "cipher\ncipher-auth\nkex\nkey\n"
+                                    "cipher\ncipher-auth\ncompression\nkex\n"
-+                                   "cipher\ncipher-auth\nkex\nkex-gss\nkey\n"
+-                                   "key\nkey-cert\nkey-plain\nkey-sig\nmac\n"
-                                    "key-cert\nkey-plain\nmac\n"
+-                                   "protocol-version\nsig");
-                                    "protocol-version\nsig");
+                                   "kex-gss\nkey\nkey-cert\nkey-plain\n"
+                                   "key-sig\nmac\nprotocol-version\nsig");
                        }
+                        if (cp == NULL)
+                                fatal("Unsupported query \"%s\"", optarg);
 diff --git a/ssh_config b/ssh_config
 index 5e8ef548b..1ff999b68 100644
 --- a/ssh_config
@@ -3527,10 +3493,10 @@ index 5e8ef548b..1ff999b68 100644
 #   CheckHostIP yes
 #   AddressFamily any
 diff --git a/ssh_config.5 b/ssh_config.5
-index 02a87892d..f4668673b 100644
+index 06a32d314..3f4906972 100644
 --- a/ssh_config.5
 +++ b/ssh_config.5
-@@ -758,10 +758,67 @@ The default is
+@@ -766,10 +766,67 @@ The default is
 Specifies whether user authentication based on GSSAPI is allowed.
 The default is
 .Cm no .
@@ -3599,10 +3565,10 @@ index 02a87892d..f4668673b 100644
 Indicates that
 .Xr ssh 1
 diff --git a/sshconnect2.c b/sshconnect2.c
-index 87fa70a40..a4ec75ca1 100644
+index af00fb30c..03bc87eb4 100644
 --- a/sshconnect2.c
 +++ b/sshconnect2.c
-@@ -78,8 +78,6 @@
+@@ -80,8 +80,6 @@
 #endif
 
 /* import */
@@ -3611,9 +3577,9 @@ index 87fa70a40..a4ec75ca1 100644
 extern Options options;
 
 /*
-@@ -161,6 +159,11 @@ ssh_kex2(struct ssh *ssh, char *host, struct sockaddr *hostaddr, u_short port)
+@@ -163,6 +161,11 @@ ssh_kex2(struct ssh *ssh, char *host, struct sockaddr *hostaddr, u_short port)
        char *s, *all_key;
-        int r;
+        int r, use_known_hosts_order = 0;
 
 +#if defined(GSSAPI) && defined(WITH_OPENSSL)
 +       char *orig = NULL, *gss = NULL;
@@ -3623,8 +3589,8 @@ index 87fa70a40..a4ec75ca1 100644
        xxx_host = host;
        xxx_hostaddr = hostaddr;
 
-@@ -193,6 +196,35 @@ ssh_kex2(struct ssh *ssh, char *host, struct sockaddr *hostaddr, u_short port)
+@@ -206,6 +209,35 @@ ssh_kex2(struct ssh *ssh, char *host, struct sockaddr *hostaddr, u_short port)
-                    order_hostkeyalgs(host, hostaddr, port));
+                    compat_pkalg_proposal(options.hostkeyalgorithms);
        }
 
 +#if defined(GSSAPI) && defined(WITH_OPENSSL)
@@ -3659,10 +3625,11 @@ index 87fa70a40..a4ec75ca1 100644
        if (options.rekey_limit || options.rekey_interval)
                ssh_packet_set_rekey_limits(ssh, options.rekey_limit,
                    options.rekey_interval);
-@@ -211,16 +243,46 @@ ssh_kex2(struct ssh *ssh, char *host, struct sockaddr *hostaddr, u_short port)
+@@ -224,16 +256,46 @@ ssh_kex2(struct ssh *ssh, char *host, struct sockaddr *hostaddr, u_short port)
 # ifdef OPENSSL_HAS_ECC
        ssh->kex->kex[KEX_ECDH_SHA2] = kex_gen_client;
 # endif
+-#endif
 +# ifdef GSSAPI
 +       if (options.gss_keyex) {
 +               ssh->kex->kex[KEX_GSS_GRP1_SHA1] = kexgss_client;
@@ -3674,7 +3641,7 @@ index 87fa70a40..a4ec75ca1 100644
 +               ssh->kex->kex[KEX_GSS_C25519_SHA256] = kexgss_client;
 +       }
 +# endif
- #endif
+#endif /* WITH_OPENSSL */
        ssh->kex->kex[KEX_C25519_SHA256] = kex_gen_client;
        ssh->kex->kex[KEX_KEM_SNTRUP4591761X25519_SHA512] = kex_gen_client;
        ssh->kex->verify_host_key=&verify_host_key_callback;
@@ -3706,7 +3673,7 @@ index 87fa70a40..a4ec75ca1 100644
        if ((r = kex_prop2buf(ssh->kex->my, myproposal)) != 0)
                fatal("kex_prop2buf: %s", ssh_err(r));
 
-@@ -317,6 +379,7 @@ static int input_gssapi_response(int type, u_int32_t, struct ssh *);
+@@ -330,6 +392,7 @@ static int input_gssapi_response(int type, u_int32_t, struct ssh *);
 static int input_gssapi_token(int type, u_int32_t, struct ssh *);
 static int input_gssapi_error(int, u_int32_t, struct ssh *);
 static int input_gssapi_errtok(int, u_int32_t, struct ssh *);
@@ -3714,7 +3681,7 @@ index 87fa70a40..a4ec75ca1 100644
 #endif
 
 void   userauth(struct ssh *, char *);
-@@ -333,6 +396,11 @@ static char *authmethods_get(void);
+@@ -346,6 +409,11 @@ static char *authmethods_get(void);
 
 Authmethod authmethods[] = {
 #ifdef GSSAPI
@@ -3726,7 +3693,7 @@ index 87fa70a40..a4ec75ca1 100644
        {"gssapi-with-mic",
                userauth_gssapi,
                userauth_gssapi_cleanup,
-@@ -697,12 +765,25 @@ userauth_gssapi(struct ssh *ssh)
+@@ -716,12 +784,25 @@ userauth_gssapi(struct ssh *ssh)
        OM_uint32 min;
        int r, ok = 0;
        gss_OID mech = NULL;
@@ -3753,7 +3720,7 @@ index 87fa70a40..a4ec75ca1 100644
 
        /* Check to see whether the mechanism is usable before we offer it */
        while (authctxt->mech_tried < authctxt->gss_supported_mechs->count &&
-@@ -711,13 +792,15 @@ userauth_gssapi(struct ssh *ssh)
+@@ -730,13 +811,15 @@ userauth_gssapi(struct ssh *ssh)
                    elements[authctxt->mech_tried];
                /* My DER encoding requires length<128 */
                if (mech->length < 128 && ssh_gssapi_check_mechanism(&gssctxt,
@@ -3770,7 +3737,7 @@ index 87fa70a40..a4ec75ca1 100644
        if (!ok || mech == NULL)
                return 0;
 
-@@ -957,6 +1040,55 @@ input_gssapi_error(int type, u_int32_t plen, struct ssh *ssh)
+@@ -976,6 +1059,55 @@ input_gssapi_error(int type, u_int32_t plen, struct ssh *ssh)
        free(lang);
        return r;
 }
@@ -3827,21 +3794,10 @@ index 87fa70a40..a4ec75ca1 100644
 
 static int
 diff --git a/sshd.c b/sshd.c
-index 11571c010..3a5c1ea78 100644
+index 60b2aaf73..d92f03aaf 100644
 --- a/sshd.c
 +++ b/sshd.c
-@@ -123,6 +123,10 @@
+@@ -817,8 +817,8 @@ notify_hostkeys(struct ssh *ssh)
- #include "version.h"
- #include "ssherr.h"
- 
-+#ifdef USE_SECURITY_SESSION_API
-+#include <Security/AuthSession.h>
-+#endif
-+
- /* Re-exec fds */
- #define REEXEC_DEVCRYPTO_RESERVED_FD   (STDERR_FILENO + 1)
- #define REEXEC_STARTUP_PIPE_FD         (STDERR_FILENO + 2)
-@@ -796,8 +800,8 @@ notify_hostkeys(struct ssh *ssh)
        }
        debug3("%s: sent %u hostkeys", __func__, nkeys);
        if (nkeys == 0)
@@ -3852,7 +3808,7 @@ index 11571c010..3a5c1ea78 100644
                sshpkt_fatal(ssh, r, "%s: send", __func__);
        sshbuf_free(buf);
 }
-@@ -1773,7 +1777,8 @@ main(int ac, char **av)
+@@ -1852,7 +1852,8 @@ main(int ac, char **av)
                free(fp);
        }
        accumulate_host_timing_secret(cfg, NULL);
@@ -3862,68 +3818,7 @@ index 11571c010..3a5c1ea78 100644
                logit("sshd: no hostkeys available -- exiting.");
                exit(1);
        }
-@@ -2069,6 +2074,60 @@ main(int ac, char **av)
+@@ -2347,6 +2348,48 @@ do_ssh2_kex(struct ssh *ssh)
-            rdomain == NULL ? "" : "\"");
-        free(laddr);
- 
-+#ifdef USE_SECURITY_SESSION_API
-+       /*
-+        * Create a new security session for use by the new user login if
-+        * the current session is the root session or we are not launched
-+        * by inetd (eg: debugging mode or server mode).  We do not
-+        * necessarily need to create a session if we are launched from
-+        * inetd because Panther xinetd will create a session for us.
-+        *
-+        * The only case where this logic will fail is if there is an
-+        * inetd running in a non-root session which is not creating
-+        * new sessions for us.  Then all the users will end up in the
-+        * same session (bad).
-+        *
-+        * When the client exits, the session will be destroyed for us
-+        * automatically.
-+        *
-+        * We must create the session before any credentials are stored
-+        * (including AFS pags, which happens a few lines below).
-+        */
-+       {
-+               OSStatus err = 0;
-+               SecuritySessionId sid = 0;
-+               SessionAttributeBits sattrs = 0;
-+
-+               err = SessionGetInfo(callerSecuritySession, &sid, &sattrs);
-+               if (err)
-+                       error("SessionGetInfo() failed with error %.8X",
-+                           (unsigned) err);
-+               else
-+                       debug("Current Session ID is %.8X / Session Attributes are %.8X",
-+                           (unsigned) sid, (unsigned) sattrs);
-+
-+               if (inetd_flag && !(sattrs & sessionIsRoot))
-+                       debug("Running in inetd mode in a non-root session... "
-+                           "assuming inetd created the session for us.");
-+               else {
-+                       debug("Creating new security session...");
-+                       err = SessionCreate(0, sessionHasTTY | sessionIsRemote);
-+                       if (err)
-+                               error("SessionCreate() failed with error %.8X",
-+                                   (unsigned) err);
-+
-+                       err = SessionGetInfo(callerSecuritySession, &sid, 
-+                           &sattrs);
-+                       if (err)
-+                               error("SessionGetInfo() failed with error %.8X",
-+                                   (unsigned) err);
-+                       else
-+                               debug("New Session ID is %.8X / Session Attributes are %.8X",
-+                                   (unsigned) sid, (unsigned) sattrs);
-+               }
-+       }
-+#endif
-+
-        /*
-         * We don't want to listen forever unless the other side
-         * successfully authenticates itself.  So we set up an alarm which is
-@@ -2265,6 +2324,48 @@ do_ssh2_kex(struct ssh *ssh)
        myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = compat_pkalg_proposal(
            list_hostkey_types());
 
@@ -3972,7 +3867,7 @@ index 11571c010..3a5c1ea78 100644
        /* start key exchange */
        if ((r = kex_setup(ssh, myproposal)) != 0)
                fatal("kex_setup: %s", ssh_err(r));
-@@ -2280,7 +2381,18 @@ do_ssh2_kex(struct ssh *ssh)
+@@ -2362,7 +2405,18 @@ do_ssh2_kex(struct ssh *ssh)
 # ifdef OPENSSL_HAS_ECC
        kex->kex[KEX_ECDH_SHA2] = kex_gen_server;
 # endif
@@ -4006,10 +3901,10 @@ index 19b7c91a1..2c48105f8 100644
 # Set this to 'yes' to enable PAM authentication, account processing,
 # and session processing. If this is enabled, PAM authentication will
 diff --git a/sshd_config.5 b/sshd_config.5
-index 9486f2a1c..cec3c3c4e 100644
+index 70ccea449..f6b41a2f8 100644
 --- a/sshd_config.5
 +++ b/sshd_config.5
-@@ -655,6 +655,11 @@ Specifies whether to automatically destroy the user's credentials cache
+@@ -646,6 +646,11 @@ Specifies whether to automatically destroy the user's credentials cache
 on logout.
 The default is
 .Cm yes .
@@ -4021,7 +3916,7 @@ index 9486f2a1c..cec3c3c4e 100644
 .It Cm GSSAPIStrictAcceptorCheck
 Determines whether to be strict about the identity of the GSSAPI acceptor
 a client authenticates against.
-@@ -669,6 +674,31 @@ machine's default store.
+@@ -660,6 +665,31 @@ machine's default store.
 This facility is provided to assist with operation on multi homed machines.
 The default is
 .Cm yes .
@@ -4054,18 +3949,18 @@ index 9486f2a1c..cec3c3c4e 100644
 Specifies the key types that will be accepted for hostbased authentication
 as a list of comma-separated patterns.
 diff --git a/sshkey.c b/sshkey.c
-index ef90563b3..4d2048b6a 100644
+index 57995ee68..fd5b77246 100644
 --- a/sshkey.c
 +++ b/sshkey.c
-@@ -145,6 +145,7 @@ static const struct keytype keytypes[] = {
+@@ -154,6 +154,7 @@ static const struct keytype keytypes[] = {
- #  endif /* OPENSSL_HAS_NISTP521 */
+            KEY_ECDSA_SK_CERT, NID_X9_62_prime256v1, 1, 0 },
 # endif /* OPENSSL_HAS_ECC */
 #endif /* WITH_OPENSSL */
 +       { "null", "null", NULL, KEY_NULL, 0, 0, 0 },
        { NULL, NULL, NULL, -1, -1, 0, 0 }
 };
 
-@@ -233,7 +234,7 @@ sshkey_alg_list(int certs_only, int plain_only, int include_sigonly, char sep)
+@@ -255,7 +256,7 @@ sshkey_alg_list(int certs_only, int plain_only, int include_sigonly, char sep)
        const struct keytype *kt;
 
        for (kt = keytypes; kt->type != -1; kt++) {
@@ -4075,13 +3970,13 @@ index ef90563b3..4d2048b6a 100644
                if (!include_sigonly && kt->sigonly)
                        continue;
 diff --git a/sshkey.h b/sshkey.h
-index 1119a7b07..1bf30d055 100644
+index 71a3fddcb..37a43a67a 100644
 --- a/sshkey.h
 +++ b/sshkey.h
-@@ -65,6 +65,7 @@ enum sshkey_types {
+@@ -69,6 +69,7 @@ enum sshkey_types {
-        KEY_ED25519_CERT,
+        KEY_ECDSA_SK_CERT,
-        KEY_XMSS,
+        KEY_ED25519_SK,
-        KEY_XMSS_CERT,
+        KEY_ED25519_SK_CERT,
 +       KEY_NULL,
        KEY_UNSPEC
 };
diff --git a/debian/patches/keepalive-extensions.patch b/debian/patches/keepalive-extensions.patch
index 2f7ac943d..734118a19 100644
--- a/debian/patches/keepalive-extensions.patch
+++ b/debian/patches/keepalive-extensions.patch
@@ -1,4 +1,4 @@
-From 26d9fe60e31c78018bdfd49bba1196ea7c44405d Mon Sep 17 00:00:00 2001
+From 3558be2914c0127489faae40ce2eae66142c3287 Mon Sep 17 00:00:00 2001
 From: Richard Kettlewell <rjk@greenend.org.uk>
 Date: Sun, 9 Feb 2014 16:09:52 +0000
 Subject: Various keepalive extensions
@@ -16,7 +16,7 @@ keepalives.
 Author: Ian Jackson <ian@chiark.greenend.org.uk>
 Author: Matthew Vernon <matthew@debian.org>
 Author: Colin Watson <cjwatson@debian.org>
-Last-Update: 2018-10-19
+Last-Update: 2020-02-21
 Patch-Name: keepalive-extensions.patch
 ---
@@ -26,27 +26,27 @@ Patch-Name: keepalive-extensions.patch
 3 files changed, 34 insertions(+), 4 deletions(-)
 diff --git a/readconf.c b/readconf.c
-index a7fb7ca15..09787c0e5 100644
+index 0fc996871..2399208f8 100644
 --- a/readconf.c
 +++ b/readconf.c
-@@ -177,6 +177,7 @@ typedef enum {
+@@ -176,6 +176,7 @@ typedef enum {
-        oStreamLocalBindMask, oStreamLocalBindUnlink, oRevokedHostKeys,
        oFingerprintHash, oUpdateHostkeys, oHostbasedKeyTypes,
        oPubkeyAcceptedKeyTypes, oCASignatureAlgorithms, oProxyJump,
+        oSecurityKeyProvider,
 +       oProtocolKeepAlives, oSetupTimeOut,
        oIgnore, oIgnoredUnknownOption, oDeprecated, oUnsupported
 } OpCodes;
 
 @@ -326,6 +327,8 @@ static struct {
-        { "pubkeyacceptedkeytypes", oPubkeyAcceptedKeyTypes },
        { "ignoreunknown", oIgnoreUnknown },
        { "proxyjump", oProxyJump },
+        { "securitykeyprovider", oSecurityKeyProvider },
 +       { "protocolkeepalives", oProtocolKeepAlives },
 +       { "setuptimeout", oSetupTimeOut },
 
        { NULL, oBadOption }
 };
-@@ -1449,6 +1452,8 @@ parse_keytypes:
+@@ -1495,6 +1498,8 @@ parse_keytypes:
                goto parse_flag;
 
        case oServerAliveInterval:
@@ -55,7 +55,7 @@ index a7fb7ca15..09787c0e5 100644
                intptr = &options->server_alive_interval;
                goto parse_time;
 
-@@ -2142,8 +2147,13 @@ fill_default_options(Options * options)
+@@ -2198,8 +2203,13 @@ fill_default_options(Options * options)
                options->rekey_interval = 0;
        if (options->verify_host_key_dns == -1)
                options->verify_host_key_dns = 0;
@@ -72,24 +72,25 @@ index a7fb7ca15..09787c0e5 100644
                options->server_alive_count_max = 3;
        if (options->control_master == -1)
 diff --git a/ssh_config.5 b/ssh_config.5
-index f4668673b..bc04d8d02 100644
+index 3f4906972..3079db19b 100644
 --- a/ssh_config.5
 +++ b/ssh_config.5
-@@ -265,8 +265,12 @@ Valid arguments are
+@@ -266,9 +266,13 @@ If set to
- If set to
 .Cm yes ,
- passphrase/password querying will be disabled.
+ user interaction such as password prompts and host key confirmation requests
+ will be disabled.
 +In addition, the
 +.Cm ServerAliveInterval
 +option will be set to 300 seconds by default (Debian-specific).
 This option is useful in scripts and other batch jobs where no user
-is present to supply the password.
+ is present to interact with
-+is present to supply the password,
+-.Xr ssh 1 .
+.Xr ssh 1 ,
 +and where it is desirable to detect a broken network swiftly.
 The argument must be
 .Cm yes
 or
-@@ -1557,7 +1561,14 @@ from the server,
+@@ -1593,7 +1597,14 @@ from the server,
 will send a message through the encrypted
 channel to request a response from the server.
 The default
@@ -105,7 +106,7 @@ index f4668673b..bc04d8d02 100644
 .It Cm SetEnv
 Directly specify one or more environment variables and their contents to
 be sent to the server.
-@@ -1637,6 +1648,12 @@ Specifies whether the system should send TCP keepalive messages to the
+@@ -1673,6 +1684,12 @@ Specifies whether the system should send TCP keepalive messages to the
 other side.
 If they are sent, death of the connection or crash of one
 of the machines will be properly noticed.
@@ -119,10 +120,10 @@ index f4668673b..bc04d8d02 100644
 connections will die if the route is down temporarily, and some people
 find it annoying.
 diff --git a/sshd_config.5 b/sshd_config.5
-index cec3c3c4e..eec224158 100644
+index f6b41a2f8..ebd09f891 100644
 --- a/sshd_config.5
 +++ b/sshd_config.5
-@@ -1615,6 +1615,9 @@ This avoids infinitely hanging sessions.
+@@ -1668,6 +1668,9 @@ This avoids infinitely hanging sessions.
 .Pp
 To disable TCP keepalive messages, the value should be set to
 .Cm no .
diff --git a/debian/patches/mention-ssh-keygen-on-keychange.patch b/debian/patches/mention-ssh-keygen-on-keychange.patch
index 639b216d6..6d48d7589 100644
--- a/debian/patches/mention-ssh-keygen-on-keychange.patch
+++ b/debian/patches/mention-ssh-keygen-on-keychange.patch
@@ -1,4 +1,4 @@
-From fdcf8c0343564121a89be817386c5feabd40c609 Mon Sep 17 00:00:00 2001
+From c18e3c8125fc4553951705a1da8c86395d219bb1 Mon Sep 17 00:00:00 2001
 From: Scott Moser <smoser@ubuntu.com>
 Date: Sun, 9 Feb 2014 16:10:03 +0000
 Subject: Mention ssh-keygen in ssh fingerprint changed warning
@@ -14,10 +14,10 @@ Patch-Name: mention-ssh-keygen-on-keychange.patch
 1 file changed, 8 insertions(+), 1 deletion(-)
 diff --git a/sshconnect.c b/sshconnect.c
-index 644057bc4..41e75a275 100644
+index 4a5d4a003..b796d3c8a 100644
 --- a/sshconnect.c
 +++ b/sshconnect.c
-@@ -990,9 +990,13 @@ check_host_key(char *hostname, struct sockaddr *hostaddr, u_short port,
+@@ -991,9 +991,13 @@ check_host_key(char *hostname, struct sockaddr *hostaddr, u_short port,
                        error("%s. This could either mean that", key_msg);
                        error("DNS SPOOFING is happening or the IP address for the host");
                        error("and its host key have changed at the same time.");
@@ -32,7 +32,7 @@ index 644057bc4..41e75a275 100644
                }
                /* The host key has changed. */
                warn_changed_key(host_key);
-@@ -1001,6 +1005,9 @@ check_host_key(char *hostname, struct sockaddr *hostaddr, u_short port,
+@@ -1002,6 +1006,9 @@ check_host_key(char *hostname, struct sockaddr *hostaddr, u_short port,
                error("Offending %s key in %s:%lu",
                    sshkey_type(host_found->key),
                    host_found->file, host_found->line);
diff --git a/debian/patches/no-openssl-version-status.patch b/debian/patches/no-openssl-version-status.patch
index 9b5baee08..02a798b85 100644
--- a/debian/patches/no-openssl-version-status.patch
+++ b/debian/patches/no-openssl-version-status.patch
@@ -1,4 +1,4 @@
-From ed88eee326ca80e1e0fdb6f9ef0346f6d5e021a8 Mon Sep 17 00:00:00 2001
+From ba0377ab3e6b68f7ab747f500991a0445c7f4086 Mon Sep 17 00:00:00 2001
 From: Kurt Roeckx <kurt@roeckx.be>
 Date: Sun, 9 Feb 2014 16:10:14 +0000
 Subject: Don't check the status field of the OpenSSL version
diff --git a/debian/patches/openbsd-docs.patch b/debian/patches/openbsd-docs.patch
index 46e1f8712..34ec87094 100644
--- a/debian/patches/openbsd-docs.patch
+++ b/debian/patches/openbsd-docs.patch
@@ -1,4 +1,4 @@
-From 8fb8f70b0534897791c61f2757e97bd13385944e Mon Sep 17 00:00:00 2001
+From 39fe318a4b572deeb3f7d03e55d319c0ab112a28 Mon Sep 17 00:00:00 2001
 From: Colin Watson <cjwatson@debian.org>
 Date: Sun, 9 Feb 2014 16:10:09 +0000
 Subject: Adjust various OpenBSD-specific references in manual pages
@@ -44,11 +44,11 @@ index ef0de0850..149846c8c 100644
 .Sh SEE ALSO
 .Xr ssh-keygen 1 ,
 diff --git a/ssh-keygen.1 b/ssh-keygen.1
-index 957d2f0f0..143a2349f 100644
+index 7af564297..d6a7870e0 100644
 --- a/ssh-keygen.1
 +++ b/ssh-keygen.1
-@@ -191,9 +191,7 @@ key in
+@@ -196,9 +196,7 @@ key in
- .Pa ~/.ssh/id_ed25519
+ .Pa ~/.ssh/id_ed25519_sk
 or
 .Pa ~/.ssh/id_rsa .
 -Additionally, the system administrator may use this to generate host keys,
@@ -58,7 +58,7 @@ index 957d2f0f0..143a2349f 100644
 .Pp
 Normally this program generates the key and asks for a file in which
 to store the private key.
-@@ -256,9 +254,7 @@ If
+@@ -261,9 +259,7 @@ If
 .Fl f
 has also been specified, its argument is used as a prefix to the
 default path for the resulting host key files.
@@ -69,7 +69,7 @@ index 957d2f0f0..143a2349f 100644
 .It Fl a Ar rounds
 When saving a private key, this option specifies the number of KDF
 (key derivation function) rounds used.
-@@ -798,7 +794,7 @@ option.
+@@ -783,7 +779,7 @@ option.
 Valid generator values are 2, 3, and 5.
 .Pp
 Screened DH groups may be installed in
@@ -77,8 +77,8 @@ index 957d2f0f0..143a2349f 100644
 +.Pa /etc/ssh/moduli .
 It is important that this file contains moduli of a range of bit lengths and
 that both ends of a connection share common moduli.
- .Sh CERTIFICATES
+ .Pp
-@@ -1049,7 +1045,7 @@ on all machines
+@@ -1154,7 +1150,7 @@ on all machines
 where the user wishes to log in using public key authentication.
 There is no need to keep the contents of this file secret.
 .Pp
@@ -88,10 +88,10 @@ index 957d2f0f0..143a2349f 100644
 The file format is described in
 .Xr moduli 5 .
 diff --git a/ssh.1 b/ssh.1
-index 20e4c4efa..4923031f4 100644
+index cf991e4ee..17b0e984f 100644
 --- a/ssh.1
 +++ b/ssh.1
-@@ -873,6 +873,10 @@ implements public key authentication protocol automatically,
+@@ -887,6 +887,10 @@ implements public key authentication protocol automatically,
 using one of the DSA, ECDSA, Ed25519 or RSA algorithms.
 The HISTORY section of
 .Xr ssl 8
@@ -103,7 +103,7 @@ index 20e4c4efa..4923031f4 100644
 .Pp
 The file
 diff --git a/sshd.8 b/sshd.8
-index 57a7fd66b..4abc01d66 100644
+index 730520231..5ce0ea4fa 100644
 --- a/sshd.8
 +++ b/sshd.8
 @@ -65,7 +65,7 @@ over an insecure network.
@@ -115,7 +115,7 @@ index 57a7fd66b..4abc01d66 100644
 It forks a new
 daemon for each incoming connection.
 The forked daemons handle
-@@ -884,7 +884,7 @@ This file is for host-based authentication (see
+@@ -904,7 +904,7 @@ This file is for host-based authentication (see
 .Xr ssh 1 ) .
 It should only be writable by root.
 .Pp
@@ -124,7 +124,7 @@ index 57a7fd66b..4abc01d66 100644
 Contains Diffie-Hellman groups used for the "Diffie-Hellman Group Exchange"
 key exchange method.
 The file format is described in
-@@ -982,7 +982,6 @@ The content of this file is not sensitive; it can be world-readable.
+@@ -1002,7 +1002,6 @@ The content of this file is not sensitive; it can be world-readable.
 .Xr ssh-keyscan 1 ,
 .Xr chroot 2 ,
 .Xr hosts_access 5 ,
@@ -133,10 +133,10 @@ index 57a7fd66b..4abc01d66 100644
 .Xr sshd_config 5 ,
 .Xr inetd 8 ,
 diff --git a/sshd_config.5 b/sshd_config.5
-index 46537f177..270805060 100644
+index c926f584c..25f4b8117 100644
 --- a/sshd_config.5
 +++ b/sshd_config.5
-@@ -393,8 +393,7 @@ Certificates signed using other algorithms will not be accepted for
+@@ -387,8 +387,7 @@ Certificates signed using other algorithms will not be accepted for
 public key or host-based authentication.
 .It Cm ChallengeResponseAuthentication
 Specifies whether challenge-response authentication is allowed (e.g. via
diff --git a/debian/patches/package-versioning.patch b/debian/patches/package-versioning.patch
index 7a811f9af..32a7a1fed 100644
--- a/debian/patches/package-versioning.patch
+++ b/debian/patches/package-versioning.patch
@@ -1,4 +1,4 @@
-From 6a8dfab1a067a52b004594fadb3a90578a8cc094 Mon Sep 17 00:00:00 2001
+From a4f868858c3395cacb59c58786b501317b9a3d03 Mon Sep 17 00:00:00 2001
 From: Matthew Vernon <matthew@debian.org>
 Date: Sun, 9 Feb 2014 16:10:05 +0000
 Subject: Include the Debian version in our identification
@@ -18,10 +18,10 @@ Patch-Name: package-versioning.patch
 2 files changed, 7 insertions(+), 2 deletions(-)
 diff --git a/kex.c b/kex.c
-index e09355dbd..65ed6af02 100644
+index 574c76093..f638942d3 100644
 --- a/kex.c
 +++ b/kex.c
-@@ -1239,7 +1239,7 @@ kex_exchange_identification(struct ssh *ssh, int timeout_ms,
+@@ -1244,7 +1244,7 @@ kex_exchange_identification(struct ssh *ssh, int timeout_ms,
        if (version_addendum != NULL && *version_addendum == '\0')
                version_addendum = NULL;
        if ((r = sshbuf_putf(our_version, "SSH-%d.%d-%.100s%s%s\r\n",
@@ -31,11 +31,11 @@ index e09355dbd..65ed6af02 100644
            version_addendum == NULL ? "" : version_addendum)) != 0) {
                error("%s: sshbuf_putf: %s", __func__, ssh_err(r));
 diff --git a/version.h b/version.h
-index 6b3fadf89..a24017eca 100644
+index c2affcb2a..d79126cc3 100644
 --- a/version.h
 +++ b/version.h
 @@ -3,4 +3,9 @@
- #define SSH_VERSION    "OpenSSH_8.1"
+ #define SSH_VERSION    "OpenSSH_8.2"
 
 #define SSH_PORTABLE   "p1"
 -#define SSH_RELEASE    SSH_VERSION SSH_PORTABLE
diff --git a/debian/patches/regress-2020.patch b/debian/patches/regress-2020.patch
deleted file mode 100644
index 785945d33..000000000
--- a/debian/patches/regress-2020.patch
+++ /dev/null
@@ -1,44 +0,0 @@
-From 7ee24da2b84bf463dd5e8611479fa7a5acaa40e4 Mon Sep 17 00:00:00 2001
-From: "djm@openbsd.org" <djm@openbsd.org>
-Date: Fri, 3 Jan 2020 03:02:26 +0000
-Subject: upstream: what bozo decided to use 2020 as a future date in a regress
-test?
-OpenBSD-Regress-ID: 3b953df5a7e14081ff6cf495d4e8d40e153cbc3a
-Origin: upstream, https://anongit.mindrot.org/openssh.git/commit/?id=ff31f15773ee173502eec4d7861ec56f26bba381
-Last-Update: 2020-01-09
-Patch-Name: regress-2020.patch
---
- regress/cert-hostkey.sh | 2 +-
- regress/cert-userkey.sh | 2 +-
- 2 files changed, 2 insertions(+), 2 deletions(-)
-diff --git a/regress/cert-hostkey.sh b/regress/cert-hostkey.sh
-index 86ea62504..844adabcc 100644
--- a/regress/cert-hostkey.sh
-+++ b/regress/cert-hostkey.sh
-@@ -252,7 +252,7 @@ test_one() {
- test_one "user-certificate"    failure "-n $HOSTS"
- test_one "empty principals"    success "-h"
- test_one "wrong principals"    failure "-h -n foo"
-test_one "cert not yet valid"  failure "-h -V20200101:20300101"
-+test_one "cert not yet valid"  failure "-h -V20300101:20320101"
- test_one "cert expired"                failure "-h -V19800101:19900101"
- test_one "cert valid interval" success "-h -V-1w:+2w"
- test_one "cert has constraints"        failure "-h -Oforce-command=false"
-diff --git a/regress/cert-userkey.sh b/regress/cert-userkey.sh
-index 38c14a698..5cd02fc3f 100644
--- a/regress/cert-userkey.sh
-+++ b/regress/cert-userkey.sh
-@@ -338,7 +338,7 @@ test_one() {
- test_one "correct principal"   success "-n ${USER}"
- test_one "host-certificate"    failure "-n ${USER} -h"
- test_one "wrong principals"    failure "-n foo"
-test_one "cert not yet valid"  failure "-n ${USER} -V20200101:20300101"
-+test_one "cert not yet valid"  failure "-n ${USER} -V20300101:20320101"
- test_one "cert expired"                failure "-n ${USER} -V19800101:19900101"
- test_one "cert valid interval" success "-n ${USER} -V-1w:+2w"
- test_one "wrong source-address"        failure "-n ${USER} -Osource-address=10.0.0.0/8"
diff --git a/debian/patches/restore-authorized_keys2.patch b/debian/patches/restore-authorized_keys2.patch
index 15102b004..7281395ae 100644
--- a/debian/patches/restore-authorized_keys2.patch
+++ b/debian/patches/restore-authorized_keys2.patch
@@ -1,4 +1,4 @@
-From 5c1ed7182e928fcf03d11c1bcc51c26c2c42629d Mon Sep 17 00:00:00 2001
+From 2fe72c4e855be0fc87dbdc296632394b6cfe957a Mon Sep 17 00:00:00 2001
 From: Colin Watson <cjwatson@debian.org>
 Date: Sun, 5 Mar 2017 02:02:11 +0000
 Subject: Restore reading authorized_keys2 by default
diff --git a/debian/patches/restore-tcp-wrappers.patch b/debian/patches/restore-tcp-wrappers.patch
index 222a996f1..d73cc283c 100644
--- a/debian/patches/restore-tcp-wrappers.patch
+++ b/debian/patches/restore-tcp-wrappers.patch
@@ -1,4 +1,4 @@
-From 57c1dd662f9259f58a47801e2d4b0f84e973441d Mon Sep 17 00:00:00 2001
+From 31d42cd8624f29508f772447e617ab043a6487d9 Mon Sep 17 00:00:00 2001
 From: Colin Watson <cjwatson@debian.org>
 Date: Tue, 7 Oct 2014 13:22:41 +0100
 Subject: Restore TCP wrappers support
@@ -28,10 +28,10 @@ Patch-Name: restore-tcp-wrappers.patch
 3 files changed, 89 insertions(+)
 diff --git a/configure.ac b/configure.ac
-index 1c2512314..e894db9fc 100644
+index efafb6bd8..cee7cbc51 100644
 --- a/configure.ac
 +++ b/configure.ac
-@@ -1521,6 +1521,62 @@ else
+@@ -1556,6 +1556,62 @@ else
        AC_MSG_RESULT([no])
 fi
 
@@ -94,7 +94,7 @@ index 1c2512314..e894db9fc 100644
 # Check whether user wants to use ldns
 LDNS_MSG="no"
 AC_ARG_WITH(ldns,
-@@ -5242,6 +5298,7 @@ echo "                       PAM support: $PAM_MSG"
+@@ -5413,6 +5469,7 @@ echo "                       PAM support: $PAM_MSG"
 echo "                   OSF SIA support: $SIA_MSG"
 echo "                 KerberosV support: $KRB5_MSG"
 echo "                   SELinux support: $SELINUX_MSG"
@@ -103,10 +103,10 @@ index 1c2512314..e894db9fc 100644
 echo "                   libedit support: $LIBEDIT_MSG"
 echo "                   libldns support: $LDNS_MSG"
 diff --git a/sshd.8 b/sshd.8
-index fb133c14b..57a7fd66b 100644
+index c5f8987d2..730520231 100644
 --- a/sshd.8
 +++ b/sshd.8
-@@ -873,6 +873,12 @@ the user's home directory becomes accessible.
+@@ -893,6 +893,12 @@ the user's home directory becomes accessible.
 This file should be writable only by the user, and need not be
 readable by anyone else.
 .Pp
@@ -119,7 +119,7 @@ index fb133c14b..57a7fd66b 100644
 .It Pa /etc/hosts.equiv
 This file is for host-based authentication (see
 .Xr ssh 1 ) .
-@@ -975,6 +981,7 @@ The content of this file is not sensitive; it can be world-readable.
+@@ -995,6 +1001,7 @@ The content of this file is not sensitive; it can be world-readable.
 .Xr ssh-keygen 1 ,
 .Xr ssh-keyscan 1 ,
 .Xr chroot 2 ,
@@ -128,12 +128,12 @@ index fb133c14b..57a7fd66b 100644
 .Xr moduli 5 ,
 .Xr sshd_config 5 ,
 diff --git a/sshd.c b/sshd.c
-index 3a5c1ea78..4e32fd10d 100644
+index d92f03aaf..62dc55cf2 100644
 --- a/sshd.c
 +++ b/sshd.c
-@@ -127,6 +127,13 @@
+@@ -124,6 +124,13 @@
- #include <Security/AuthSession.h>
+ #include "ssherr.h"
- #endif
+ #include "sk-api.h"
 
 +#ifdef LIBWRAP
 +#include <tcpd.h>
@@ -145,7 +145,7 @@ index 3a5c1ea78..4e32fd10d 100644
 /* Re-exec fds */
 #define REEXEC_DEVCRYPTO_RESERVED_FD   (STDERR_FILENO + 1)
 #define REEXEC_STARTUP_PIPE_FD         (STDERR_FILENO + 2)
-@@ -2062,6 +2069,24 @@ main(int ac, char **av)
+@@ -2138,6 +2145,24 @@ main(int ac, char **av)
 #ifdef SSH_AUDIT_EVENTS
        audit_connection_from(remote_ip, remote_port);
 #endif
diff --git a/debian/patches/revert-ipqos-defaults.patch b/debian/patches/revert-ipqos-defaults.patch
index 37a1fec98..02c505531 100644
--- a/debian/patches/revert-ipqos-defaults.patch
+++ b/debian/patches/revert-ipqos-defaults.patch
@@ -1,4 +1,4 @@
-From 08ef8cb952462442660914b42de3f84f31ec1a6d Mon Sep 17 00:00:00 2001
+From a2dabf35ce0228c86a288d11cc847a9d9801604f Mon Sep 17 00:00:00 2001
 From: Colin Watson <cjwatson@debian.org>
 Date: Mon, 8 Apr 2019 10:46:29 +0100
 Subject: Revert "upstream: Update default IPQoS in ssh(1), sshd(8) to DSCP
@@ -24,10 +24,10 @@ Patch-Name: revert-ipqos-defaults.patch
 4 files changed, 8 insertions(+), 12 deletions(-)
 diff --git a/readconf.c b/readconf.c
-index 253574ce0..9812b8d98 100644
+index e82024678..1b9494d7c 100644
 --- a/readconf.c
 +++ b/readconf.c
-@@ -2174,9 +2174,9 @@ fill_default_options(Options * options)
+@@ -2230,9 +2230,9 @@ fill_default_options(Options * options)
        if (options->visual_host_key == -1)
                options->visual_host_key = 0;
        if (options->ip_qos_interactive == -1)
@@ -40,10 +40,10 @@ index 253574ce0..9812b8d98 100644
                options->request_tty = REQUEST_TTY_AUTO;
        if (options->proxy_use_fdpass == -1)
 diff --git a/servconf.c b/servconf.c
-index 5576098a5..4464d51a5 100644
+index 7bbc25c2e..470ad3619 100644
 --- a/servconf.c
 +++ b/servconf.c
-@@ -423,9 +423,9 @@ fill_default_server_options(ServerOptions *options)
+@@ -452,9 +452,9 @@ fill_default_server_options(ServerOptions *options)
        if (options->permit_tun == -1)
                options->permit_tun = SSH_TUNMODE_NO;
        if (options->ip_qos_interactive == -1)
@@ -56,10 +56,10 @@ index 5576098a5..4464d51a5 100644
                options->version_addendum = xstrdup("");
        if (options->fwd_opts.streamlocal_bind_mask == (mode_t)-1)
 diff --git a/ssh_config.5 b/ssh_config.5
-index d27655e15..b71d5ede9 100644
+index 5c90d3e02..6b4e4f43b 100644
 --- a/ssh_config.5
 +++ b/ssh_config.5
-@@ -1110,11 +1110,9 @@ If one argument is specified, it is used as the packet class unconditionally.
+@@ -1133,11 +1133,9 @@ If one argument is specified, it is used as the packet class unconditionally.
 If two values are specified, the first is automatically selected for
 interactive sessions and the second for non-interactive sessions.
 The default is
@@ -74,10 +74,10 @@ index d27655e15..b71d5ede9 100644
 .It Cm KbdInteractiveAuthentication
 Specifies whether to use keyboard-interactive authentication.
 diff --git a/sshd_config.5 b/sshd_config.5
-index 02e29cb6f..ba533af9e 100644
+index b8bea2ad7..fd205e418 100644
 --- a/sshd_config.5
 +++ b/sshd_config.5
-@@ -892,11 +892,9 @@ If one argument is specified, it is used as the packet class unconditionally.
+@@ -907,11 +907,9 @@ If one argument is specified, it is used as the packet class unconditionally.
 If two values are specified, the first is automatically selected for
 interactive sessions and the second for non-interactive sessions.
 The default is
diff --git a/debian/patches/sandbox-seccomp-clock_gettime64.patch b/debian/patches/sandbox-seccomp-clock_gettime64.patch
deleted file mode 100644
index d3e0bc40c..000000000
--- a/debian/patches/sandbox-seccomp-clock_gettime64.patch
+++ /dev/null
@@ -1,30 +0,0 @@
-From ba675f490d681365db5a4e4ea6419e8690da6f30 Mon Sep 17 00:00:00 2001
-From: Khem Raj <raj.khem@gmail.com>
-Date: Tue, 7 Jan 2020 16:26:45 -0800
-Subject: seccomp: Allow clock_gettime64() in sandbox.
-This helps sshd accept connections on mips platforms with
-upcoming glibc ( 2.31 )
-Origin: upstream, https://anongit.mindrot.org/openssh.git/commit/?id=b110cefdfbf5a20f49b774a55062d6ded2fb6e22
-Last-Update: 2020-01-11
-Patch-Name: sandbox-seccomp-clock_gettime64.patch
---
- sandbox-seccomp-filter.c | 3 +++
- 1 file changed, 3 insertions(+)
-diff --git a/sandbox-seccomp-filter.c b/sandbox-seccomp-filter.c
-index 3ef30c9d5..999c46c9f 100644
--- a/sandbox-seccomp-filter.c
-+++ b/sandbox-seccomp-filter.c
-@@ -248,6 +248,9 @@ static const struct sock_filter preauth_insns[] = {
- #ifdef __NR_clock_nanosleep_time64
-        SC_ALLOW(__NR_clock_nanosleep_time64),
- #endif
-+#ifdef __NR_clock_gettime64
-+       SC_ALLOW(__NR_clock_gettime64),
-+#endif
- #ifdef __NR__newselect
-        SC_ALLOW(__NR__newselect),
- #endif
diff --git a/debian/patches/sandbox-seccomp-clock_nanosleep.patch b/debian/patches/sandbox-seccomp-clock_nanosleep.patch
deleted file mode 100644
index 2023717b9..000000000
--- a/debian/patches/sandbox-seccomp-clock_nanosleep.patch
+++ /dev/null
@@ -1,31 +0,0 @@
-From cb38e55b8af8756b2d6d6f6a1c1a5f949e15b980 Mon Sep 17 00:00:00 2001
-From: Darren Tucker <dtucker@dtucker.net>
-Date: Wed, 13 Nov 2019 23:19:35 +1100
-Subject: seccomp: Allow clock_nanosleep() in sandbox.
-seccomp: Allow clock_nanosleep() to make OpenSSH working with latest
-glibc.  Patch from Jakub Jelen <jjelen@redhat.com> via bz #3093.
-Origin: upstream, https://anongit.mindrot.org/openssh.git/commit/?id=b1c82f4b8adf3f42476d8a1f292df33fb7aa1a56
-Origin: upstream, https://anongit.mindrot.org/openssh.git/commit/?id=546274a6f89489d2e6be8a8b62f2bb63c87a61fd
-Last-Update: 2020-01-11
-Patch-Name: sandbox-seccomp-clock_nanosleep.patch
---
- sandbox-seccomp-filter.c | 3 +++
- 1 file changed, 3 insertions(+)
-diff --git a/sandbox-seccomp-filter.c b/sandbox-seccomp-filter.c
-index b5cda70bb..be2397671 100644
--- a/sandbox-seccomp-filter.c
-+++ b/sandbox-seccomp-filter.c
-@@ -242,6 +242,9 @@ static const struct sock_filter preauth_insns[] = {
- #ifdef __NR_nanosleep
-        SC_ALLOW(__NR_nanosleep),
- #endif
-+#ifdef __NR_clock_nanosleep
-+       SC_ALLOW(__NR_clock_nanosleep),
-+#endif
- #ifdef __NR__newselect
-        SC_ALLOW(__NR__newselect),
- #endif
diff --git a/debian/patches/sandbox-seccomp-clock_nanosleep_time64.patch b/debian/patches/sandbox-seccomp-clock_nanosleep_time64.patch
deleted file mode 100644
index b8d7ad569..000000000
--- a/debian/patches/sandbox-seccomp-clock_nanosleep_time64.patch
+++ /dev/null
@@ -1,29 +0,0 @@
-From f0cfb9ad4b83693731505c945c0685de64483c8d Mon Sep 17 00:00:00 2001
-From: Darren Tucker <dtucker@dtucker.net>
-Date: Mon, 16 Dec 2019 13:55:56 +1100
-Subject: Allow clock_nanosleep_time64 in seccomp sandbox.
-Needed on Linux ARM.  bz#3100, patch from jjelen@redhat.com.
-Origin: upstream, https://anongit.mindrot.org/openssh.git/commit/?id=5af6fd5461bb709304e6979c8b7856c7af921c9e
-Last-Update: 2020-01-11
-Patch-Name: sandbox-seccomp-clock_nanosleep_time64.patch
---
- sandbox-seccomp-filter.c | 3 +++
- 1 file changed, 3 insertions(+)
-diff --git a/sandbox-seccomp-filter.c b/sandbox-seccomp-filter.c
-index be2397671..3ef30c9d5 100644
--- a/sandbox-seccomp-filter.c
-+++ b/sandbox-seccomp-filter.c
-@@ -245,6 +245,9 @@ static const struct sock_filter preauth_insns[] = {
- #ifdef __NR_clock_nanosleep
-        SC_ALLOW(__NR_clock_nanosleep),
- #endif
-+#ifdef __NR_clock_nanosleep_time64
-+       SC_ALLOW(__NR_clock_nanosleep_time64),
-+#endif
- #ifdef __NR__newselect
-        SC_ALLOW(__NR__newselect),
- #endif
diff --git a/debian/patches/sandbox-seccomp-ipc.patch b/debian/patches/sandbox-seccomp-ipc.patch
deleted file mode 100644
index c84290726..000000000
--- a/debian/patches/sandbox-seccomp-ipc.patch
+++ /dev/null
@@ -1,33 +0,0 @@
-From 2e128b223e8e73ace57a0726130bfbcf920d0f9e Mon Sep 17 00:00:00 2001
-From: Jeremy Drake <github@jdrake.com>
-Date: Fri, 11 Oct 2019 18:31:05 -0700
-Subject: Deny (non-fatal) ipc in preauth privsep child.
-As noted in openssh/openssh-portable#149, i386 does not have have
-_NR_shmget etc.  Instead, it has a single ipc syscall (see man 2 ipc,
-https://linux.die.net/man/2/ipc).  Add this syscall, if present, to the
-list of syscalls that seccomp will deny non-fatally.
-Bug-Debian: https://bugs.debian.org/946242
-Origin: upstream, https://anongit.mindrot.org/openssh.git/commit/?id=30f704ebc0e9e32b3d12f5d9e8c1b705fdde2c89
-Last-Update: 2020-01-11
-Patch-Name: sandbox-seccomp-ipc.patch
---
- sandbox-seccomp-filter.c | 3 +++
- 1 file changed, 3 insertions(+)
-diff --git a/sandbox-seccomp-filter.c b/sandbox-seccomp-filter.c
-index 999c46c9f..0914e48ba 100644
--- a/sandbox-seccomp-filter.c
-+++ b/sandbox-seccomp-filter.c
-@@ -177,6 +177,9 @@ static const struct sock_filter preauth_insns[] = {
- #ifdef __NR_shmdt
-        SC_DENY(__NR_shmdt, EACCES),
- #endif
-+#ifdef __NR_ipc
-+       SC_DENY(__NR_ipc, EACCES),
-+#endif
- 
-        /* Syscalls to permit */
- #ifdef __NR_brk
diff --git a/debian/patches/scp-quoting.patch b/debian/patches/scp-quoting.patch
index e69c9c46e..8935b8e04 100644
--- a/debian/patches/scp-quoting.patch
+++ b/debian/patches/scp-quoting.patch
@@ -1,4 +1,4 @@
-From 2d8e679834c81fc381d02974986e08cafe3efa29 Mon Sep 17 00:00:00 2001
+From 5166a6af68da4778c7e2c2d117bb56361c7aa361 Mon Sep 17 00:00:00 2001
 From: =?UTF-8?q?Nicolas=20Valc=C3=A1rcel?= <nvalcarcel@ubuntu.com>
 Date: Sun, 9 Feb 2014 16:09:59 +0000
 Subject: Adjust scp quoting in verbose mode
@@ -17,10 +17,10 @@ Patch-Name: scp-quoting.patch
 1 file changed, 10 insertions(+), 2 deletions(-)
 diff --git a/scp.c b/scp.c
-index 0348d0673..5a7a92a7e 100644
+index 6901e0c94..9b64aa5f4 100644
 --- a/scp.c
 +++ b/scp.c
-@@ -199,8 +199,16 @@ do_local_cmd(arglist *a)
+@@ -201,8 +201,16 @@ do_local_cmd(arglist *a)
 
        if (verbose_mode) {
                fprintf(stderr, "Executing:");
diff --git a/debian/patches/selinux-role.patch b/debian/patches/selinux-role.patch
index 02d740fe3..63e44af55 100644
--- a/debian/patches/selinux-role.patch
+++ b/debian/patches/selinux-role.patch
@@ -1,4 +1,4 @@
-From 3131e3bb3c56a6c6ee8cb9d68f542af04cd9e8ff Mon Sep 17 00:00:00 2001
+From b108c6bbe4b3691600a272b27fa24d9080018db7 Mon Sep 17 00:00:00 2001
 From: Manoj Srivastava <srivasta@debian.org>
 Date: Sun, 9 Feb 2014 16:09:49 +0000
 Subject: Handle SELinux authorisation roles
@@ -9,7 +9,7 @@ SELinux maintainer, so we'll keep it until we have something better.
 Bug: https://bugzilla.mindrot.org/show_bug.cgi?id=1641
 Bug-Debian: http://bugs.debian.org/394795
-Last-Update: 2019-06-05
+Last-Update: 2020-02-21
 Patch-Name: selinux-role.patch
 ---
@@ -81,10 +81,10 @@ index 1c217268c..92a6bcaf4 100644
                if (auth2_setup_methods_lists(authctxt) != 0)
                        ssh_packet_disconnect(ssh,
 diff --git a/monitor.c b/monitor.c
-index bead9e204..04db44c9c 100644
+index ebf76c7f9..947fdfadc 100644
 --- a/monitor.c
 +++ b/monitor.c
-@@ -117,6 +117,7 @@ int mm_answer_sign(struct ssh *, int, struct sshbuf *);
+@@ -118,6 +118,7 @@ int mm_answer_sign(struct ssh *, int, struct sshbuf *);
 int mm_answer_pwnamallow(struct ssh *, int, struct sshbuf *);
 int mm_answer_auth2_read_banner(struct ssh *, int, struct sshbuf *);
 int mm_answer_authserv(struct ssh *, int, struct sshbuf *);
@@ -92,7 +92,7 @@ index bead9e204..04db44c9c 100644
 int mm_answer_authpassword(struct ssh *, int, struct sshbuf *);
 int mm_answer_bsdauthquery(struct ssh *, int, struct sshbuf *);
 int mm_answer_bsdauthrespond(struct ssh *, int, struct sshbuf *);
-@@ -197,6 +198,7 @@ struct mon_table mon_dispatch_proto20[] = {
+@@ -198,6 +199,7 @@ struct mon_table mon_dispatch_proto20[] = {
     {MONITOR_REQ_SIGN, MON_ONCE, mm_answer_sign},
     {MONITOR_REQ_PWNAM, MON_ONCE, mm_answer_pwnamallow},
     {MONITOR_REQ_AUTHSERV, MON_ONCE, mm_answer_authserv},
@@ -100,7 +100,7 @@ index bead9e204..04db44c9c 100644
     {MONITOR_REQ_AUTH2_READ_BANNER, MON_ONCE, mm_answer_auth2_read_banner},
     {MONITOR_REQ_AUTHPASSWORD, MON_AUTH, mm_answer_authpassword},
 #ifdef USE_PAM
-@@ -819,6 +821,7 @@ mm_answer_pwnamallow(struct ssh *ssh, int sock, struct sshbuf *m)
+@@ -820,6 +822,7 @@ mm_answer_pwnamallow(struct ssh *ssh, int sock, struct sshbuf *m)
 
        /* Allow service/style information on the auth context */
        monitor_permit(mon_dispatch, MONITOR_REQ_AUTHSERV, 1);
@@ -108,7 +108,7 @@ index bead9e204..04db44c9c 100644
        monitor_permit(mon_dispatch, MONITOR_REQ_AUTH2_READ_BANNER, 1);
 
 #ifdef USE_PAM
-@@ -852,16 +855,42 @@ mm_answer_authserv(struct ssh *ssh, int sock, struct sshbuf *m)
+@@ -853,16 +856,42 @@ mm_answer_authserv(struct ssh *ssh, int sock, struct sshbuf *m)
        monitor_permit_authentications(1);
 
        if ((r = sshbuf_get_cstring(m, &authctxt->service, NULL)) != 0 ||
@@ -154,7 +154,7 @@ index bead9e204..04db44c9c 100644
        return (0);
 }
 
-@@ -1528,7 +1557,7 @@ mm_answer_pty(struct ssh *ssh, int sock, struct sshbuf *m)
+@@ -1554,7 +1583,7 @@ mm_answer_pty(struct ssh *ssh, int sock, struct sshbuf *m)
        res = pty_allocate(&s->ptyfd, &s->ttyfd, s->tty, sizeof(s->tty));
        if (res == 0)
                goto error;
@@ -177,7 +177,7 @@ index 2b1a2d590..4d87284aa 100644
 
 struct ssh;
 diff --git a/monitor_wrap.c b/monitor_wrap.c
-index fdca39a6a..933ce9a3d 100644
+index 6edb509a3..b49c268d3 100644
 --- a/monitor_wrap.c
 +++ b/monitor_wrap.c
 @@ -364,10 +364,10 @@ mm_auth2_read_banner(void)
@@ -231,13 +231,13 @@ index fdca39a6a..933ce9a3d 100644
 int
 mm_auth_password(struct ssh *ssh, char *password)
 diff --git a/monitor_wrap.h b/monitor_wrap.h
-index 92dda574b..0f09dba09 100644
+index 485590c18..370b08e17 100644
 --- a/monitor_wrap.h
 +++ b/monitor_wrap.h
-@@ -46,7 +46,8 @@ DH *mm_choose_dh(int, int, int);
+@@ -47,7 +47,8 @@ DH *mm_choose_dh(int, int, int);
 #endif
 int mm_sshkey_sign(struct ssh *, struct sshkey *, u_char **, size_t *,
-     const u_char *, size_t, const char *, u_int compat);
+     const u_char *, size_t, const char *, const char *, u_int compat);
 -void mm_inform_authserv(char *, char *);
 +void mm_inform_authserv(char *, char *, char *);
 +void mm_inform_authrole(char *);
@@ -363,10 +363,10 @@ index ea4f9c584..60d72ffe7 100644
 char *platform_krb5_get_principal_name(const char *);
 int platform_sys_dir_uid(uid_t);
 diff --git a/session.c b/session.c
-index f1a47f766..df7d7cf55 100644
+index 06a33442a..871799590 100644
 --- a/session.c
 +++ b/session.c
-@@ -1356,7 +1356,7 @@ safely_chroot(const char *path, uid_t uid)
+@@ -1360,7 +1360,7 @@ safely_chroot(const char *path, uid_t uid)
 
 /* Set login name, uid, gid, and groups. */
 void
@@ -375,7 +375,7 @@ index f1a47f766..df7d7cf55 100644
 {
        char uidstr[32], *chroot_path, *tmp;
 
-@@ -1384,7 +1384,7 @@ do_setusercontext(struct passwd *pw)
+@@ -1388,7 +1388,7 @@ do_setusercontext(struct passwd *pw)
                endgrent();
 #endif
 
@@ -384,7 +384,7 @@ index f1a47f766..df7d7cf55 100644
 
                if (!in_chroot && options.chroot_directory != NULL &&
                    strcasecmp(options.chroot_directory, "none") != 0) {
-@@ -1525,7 +1525,7 @@ do_child(struct ssh *ssh, Session *s, const char *command)
+@@ -1529,7 +1529,7 @@ do_child(struct ssh *ssh, Session *s, const char *command)
 
        /* Force a password change */
        if (s->authctxt->force_pwchange) {
@@ -393,7 +393,7 @@ index f1a47f766..df7d7cf55 100644
                child_close_fds(ssh);
                do_pwchange(s);
                exit(1);
-@@ -1543,7 +1543,7 @@ do_child(struct ssh *ssh, Session *s, const char *command)
+@@ -1547,7 +1547,7 @@ do_child(struct ssh *ssh, Session *s, const char *command)
        /* When PAM is enabled we rely on it to do the nologin check */
        if (!options.use_pam)
                do_nologin(pw);
@@ -402,7 +402,7 @@ index f1a47f766..df7d7cf55 100644
        /*
         * PAM session modules in do_setusercontext may have
         * generated messages, so if this in an interactive
-@@ -1942,7 +1942,7 @@ session_pty_req(struct ssh *ssh, Session *s)
+@@ -1946,7 +1946,7 @@ session_pty_req(struct ssh *ssh, Session *s)
                sshpkt_fatal(ssh, r, "%s: parse packet", __func__);
 
        if (!use_privsep)
@@ -425,10 +425,10 @@ index ce59dabd9..675c91146 100644
 const char     *session_get_remote_name_or_ip(struct ssh *, u_int, int);
 
 diff --git a/sshd.c b/sshd.c
-index 4e32fd10d..ea8beacb4 100644
+index 62dc55cf2..65916fc6d 100644
 --- a/sshd.c
 +++ b/sshd.c
-@@ -594,7 +594,7 @@ privsep_postauth(struct ssh *ssh, Authctxt *authctxt)
+@@ -595,7 +595,7 @@ privsep_postauth(struct ssh *ssh, Authctxt *authctxt)
        reseed_prngs();
 
        /* Drop privileges */
diff --git a/debian/patches/series b/debian/patches/series
index 59c651095..8c1046a74 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -23,8 +23,3 @@ debian-config.patch
 restore-authorized_keys2.patch
 conch-old-privkey-format.patch
 revert-ipqos-defaults.patch
-regress-2020.patch
-sandbox-seccomp-clock_nanosleep.patch
-sandbox-seccomp-clock_nanosleep_time64.patch
-sandbox-seccomp-clock_gettime64.patch
-sandbox-seccomp-ipc.patch
diff --git a/debian/patches/shell-path.patch b/debian/patches/shell-path.patch
index d7f69011e..43fb1d145 100644
--- a/debian/patches/shell-path.patch
+++ b/debian/patches/shell-path.patch
@@ -1,4 +1,4 @@
-From 5d1aab0eb6baeb044516660a0bde36cba2a3f9c2 Mon Sep 17 00:00:00 2001
+From c19bcc02b07b450d585d0fd10ccd96174aeb3b7c Mon Sep 17 00:00:00 2001
 From: Colin Watson <cjwatson@debian.org>
 Date: Sun, 9 Feb 2014 16:10:00 +0000
 Subject: Look for $SHELL on the path for ProxyCommand/LocalCommand
@@ -8,7 +8,7 @@ I (Colin Watson) agree with Vincent and think it does.
 Bug: https://bugzilla.mindrot.org/show_bug.cgi?id=1494
 Bug-Debian: http://bugs.debian.org/492728
-Last-Update: 2013-09-14
+Last-Update: 2020-02-21
 Patch-Name: shell-path.patch
 ---
@@ -16,21 +16,21 @@ Patch-Name: shell-path.patch
 1 file changed, 2 insertions(+), 2 deletions(-)
 diff --git a/sshconnect.c b/sshconnect.c
-index 6230dad32..644057bc4 100644
+index 4711af782..4a5d4a003 100644
 --- a/sshconnect.c
 +++ b/sshconnect.c
 @@ -260,7 +260,7 @@ ssh_proxy_connect(struct ssh *ssh, const char *host, const char *host_arg,
                /* Execute the proxy command.  Note that we gave up any
                   extra privileges above. */
-                signal(SIGPIPE, SIG_DFL);
+                ssh_signal(SIGPIPE, SIG_DFL);
 -               execv(argv[0], argv);
 +               execvp(argv[0], argv);
                perror(argv[0]);
                exit(1);
        }
-@@ -1387,7 +1387,7 @@ ssh_local_cmd(const char *args)
+@@ -1388,7 +1388,7 @@ ssh_local_cmd(const char *args)
        if (pid == 0) {
-                signal(SIGPIPE, SIG_DFL);
+                ssh_signal(SIGPIPE, SIG_DFL);
                debug3("Executing %s -c \"%s\"", shell, args);
 -               execl(shell, shell, "-c", args, (char *)NULL);
 +               execlp(shell, shell, "-c", args, (char *)NULL);
diff --git a/debian/patches/ssh-agent-setgid.patch b/debian/patches/ssh-agent-setgid.patch
index 0dd4c662e..e7849e6c3 100644
--- a/debian/patches/ssh-agent-setgid.patch
+++ b/debian/patches/ssh-agent-setgid.patch
@@ -1,11 +1,11 @@
-From a8b5ec5c28805f0ab6b1b05474531521ac42eb12 Mon Sep 17 00:00:00 2001
+From ad09303388f0172ab6e028aaf27d87cf873d123d Mon Sep 17 00:00:00 2001
 From: Colin Watson <cjwatson@debian.org>
 Date: Sun, 9 Feb 2014 16:10:13 +0000
 Subject: Document consequences of ssh-agent being setgid in ssh-agent(1)
 Bug-Debian: http://bugs.debian.org/711623
 Forwarded: no
-Last-Update: 2013-06-08
+Last-Update: 2020-02-21
 Patch-Name: ssh-agent-setgid.patch
 ---
@@ -13,13 +13,13 @@ Patch-Name: ssh-agent-setgid.patch
 1 file changed, 15 insertions(+)
 diff --git a/ssh-agent.1 b/ssh-agent.1
-index 83b2b41c8..7230704a3 100644
+index fff0db6bc..99e4f6d2e 100644
 --- a/ssh-agent.1
 +++ b/ssh-agent.1
-@@ -206,6 +206,21 @@ environment variable holds the agent's process ID.
+@@ -201,6 +201,21 @@ socket and stores its pathname in this variable.
- .Pp
+ It is accessible only to the current user,
- The agent exits automatically when the command given on the command
+ but is easily abused by root or another instance of the same user.
- line terminates.
+ .El
 +.Pp
 +In Debian,
 +.Nm
diff --git a/debian/patches/ssh-argv0.patch b/debian/patches/ssh-argv0.patch
index af95ce67e..8f796719d 100644
--- a/debian/patches/ssh-argv0.patch
+++ b/debian/patches/ssh-argv0.patch
@@ -1,4 +1,4 @@
-From e9f961ffa4e4e73ed22103b5697147d135d88b4f Mon Sep 17 00:00:00 2001
+From 4b1e0000a099f988553ccc4b274e1790b5114c12 Mon Sep 17 00:00:00 2001
 From: Colin Watson <cjwatson@debian.org>
 Date: Sun, 9 Feb 2014 16:10:10 +0000
 Subject: ssh(1): Refer to ssh-argv0(1)
@@ -18,10 +18,10 @@ Patch-Name: ssh-argv0.patch
 1 file changed, 1 insertion(+)
 diff --git a/ssh.1 b/ssh.1
-index 4923031f4..24530e511 100644
+index 17b0e984f..b33a8049f 100644
 --- a/ssh.1
 +++ b/ssh.1
-@@ -1584,6 +1584,7 @@ if an error occurred.
+@@ -1610,6 +1610,7 @@ if an error occurred.
 .Xr sftp 1 ,
 .Xr ssh-add 1 ,
 .Xr ssh-agent 1 ,
diff --git a/debian/patches/ssh-vulnkey-compat.patch b/debian/patches/ssh-vulnkey-compat.patch
index 5c2b58257..99116e9c4 100644
--- a/debian/patches/ssh-vulnkey-compat.patch
+++ b/debian/patches/ssh-vulnkey-compat.patch
@@ -1,4 +1,4 @@
-From 42c820f76fddf2f2e537dbe10842aa39f6154059 Mon Sep 17 00:00:00 2001
+From 11d571f137c76d8c2e38b1c1a537b04cc279f8e3 Mon Sep 17 00:00:00 2001
 From: Colin Watson <cjwatson@ubuntu.com>
 Date: Sun, 9 Feb 2014 16:09:50 +0000
 Subject: Accept obsolete ssh-vulnkey configuration options
@@ -17,10 +17,10 @@ Patch-Name: ssh-vulnkey-compat.patch
 2 files changed, 2 insertions(+)
 diff --git a/readconf.c b/readconf.c
-index 3c68d1a88..a7fb7ca15 100644
+index da8022dd0..0fc996871 100644
 --- a/readconf.c
 +++ b/readconf.c
-@@ -192,6 +192,7 @@ static struct {
+@@ -191,6 +191,7 @@ static struct {
        { "fallbacktorsh", oDeprecated },
        { "globalknownhostsfile2", oDeprecated },
        { "rhostsauthentication", oDeprecated },
@@ -29,10 +29,10 @@ index 3c68d1a88..a7fb7ca15 100644
        { "useroaming", oDeprecated },
        { "usersh", oDeprecated },
 diff --git a/servconf.c b/servconf.c
-index f63eb0b94..73b93c636 100644
+index 191575a16..bf3cd84a4 100644
 --- a/servconf.c
 +++ b/servconf.c
-@@ -621,6 +621,7 @@ static struct {
+@@ -656,6 +656,7 @@ static struct {
        { "x11uselocalhost", sX11UseLocalhost, SSHCFG_ALL },
        { "xauthlocation", sXAuthLocation, SSHCFG_GLOBAL },
        { "strictmodes", sStrictModes, SSHCFG_GLOBAL },
diff --git a/debian/patches/syslog-level-silent.patch b/debian/patches/syslog-level-silent.patch
index 2e4e5bbec..234d95ad2 100644
--- a/debian/patches/syslog-level-silent.patch
+++ b/debian/patches/syslog-level-silent.patch
@@ -1,4 +1,4 @@
-From 3d1a993f484e9043e57af3ae37b7c9c608d5a5f1 Mon Sep 17 00:00:00 2001
+From 387c2c1954773733bae9fca21a92db62c31180bd Mon Sep 17 00:00:00 2001
 From: Natalie Amery <nmamery@chiark.greenend.org.uk>
 Date: Sun, 9 Feb 2014 16:09:54 +0000
 Subject: "LogLevel SILENT" compatibility
@@ -33,10 +33,10 @@ index d9c2d136c..1749af6d1 100644
        { "FATAL",      SYSLOG_LEVEL_FATAL },
        { "ERROR",      SYSLOG_LEVEL_ERROR },
 diff --git a/ssh.c b/ssh.c
-index 2da9f5d0d..7b482dcb0 100644
+index 110cf9c19..6138fd4d3 100644
 --- a/ssh.c
 +++ b/ssh.c
-@@ -1268,7 +1268,7 @@ main(int ac, char **av)
+@@ -1305,7 +1305,7 @@ main(int ac, char **av)
        /* Do not allocate a tty if stdin is not a tty. */
        if ((!isatty(fileno(stdin)) || stdin_null_flag) &&
            options.request_tty != REQUEST_TTY_FORCE) {
diff --git a/debian/patches/systemd-readiness.patch b/debian/patches/systemd-readiness.patch
index 7fb76cf3d..fdcfca30d 100644
--- a/debian/patches/systemd-readiness.patch
+++ b/debian/patches/systemd-readiness.patch
@@ -1,4 +1,4 @@
-From ab765b2bd55062a704f09da8f8c1c4ad1d6630a7 Mon Sep 17 00:00:00 2001
+From a208834b2d1811dac7054d7fdcdd04672f8b19f6 Mon Sep 17 00:00:00 2001
 From: Michael Biebl <biebl@debian.org>
 Date: Mon, 21 Dec 2015 16:08:47 +0000
 Subject: Add systemd readiness notification support
@@ -14,10 +14,10 @@ Patch-Name: systemd-readiness.patch
 2 files changed, 33 insertions(+)
 diff --git a/configure.ac b/configure.ac
-index e894db9fc..c119d6fd1 100644
+index cee7cbc51..5db3013de 100644
 --- a/configure.ac
 +++ b/configure.ac
-@@ -4499,6 +4499,29 @@ AC_ARG_WITH([kerberos5],
+@@ -4664,6 +4664,29 @@ AC_ARG_WITH([kerberos5],
 AC_SUBST([GSSLIBS])
 AC_SUBST([K5LIBS])
 
@@ -47,7 +47,7 @@ index e894db9fc..c119d6fd1 100644
 # Looking for programs, paths and files
 
 PRIVSEP_PATH=/var/empty
-@@ -5305,6 +5328,7 @@ echo "                   libldns support: $LDNS_MSG"
+@@ -5476,6 +5499,7 @@ echo "                   libldns support: $LDNS_MSG"
 echo "  Solaris process contract support: $SPC_MSG"
 echo "           Solaris project support: $SP_MSG"
 echo "         Solaris privilege support: $SPP_MSG"
@@ -56,7 +56,7 @@ index e894db9fc..c119d6fd1 100644
 echo "           Translate v4 in v6 hack: $IPV4_IN6_HACK_MSG"
 echo "                  BSD Auth support: $BSD_AUTH_MSG"
 diff --git a/sshd.c b/sshd.c
-index 4e8ff0662..5e7679a33 100644
+index da876a900..c069505a0 100644
 --- a/sshd.c
 +++ b/sshd.c
 @@ -85,6 +85,10 @@
@@ -70,7 +70,7 @@ index 4e8ff0662..5e7679a33 100644
 #include "xmalloc.h"
 #include "ssh.h"
 #include "ssh2.h"
-@@ -1951,6 +1955,11 @@ main(int ac, char **av)
+@@ -2027,6 +2031,11 @@ main(int ac, char **av)
                        }
                }
 
diff --git a/debian/patches/user-group-modes.patch b/debian/patches/user-group-modes.patch
index 9a1b434fa..8bd35addf 100644
--- a/debian/patches/user-group-modes.patch
+++ b/debian/patches/user-group-modes.patch
@@ -1,4 +1,4 @@
-From 19f1d075a06f4d3c9b440d7272272569d8bb0a17 Mon Sep 17 00:00:00 2001
+From 3309e464e5ae6c940ddd584eed4d2d403f4c168c Mon Sep 17 00:00:00 2001
 From: Colin Watson <cjwatson@debian.org>
 Date: Sun, 9 Feb 2014 16:09:58 +0000
 Subject: Allow harmless group-writability
@@ -51,10 +51,10 @@ index 7a10210b6..587f53721 100644
                            pw->pw_name, buf);
                        auth_debug_add("Bad file modes for %.200s", buf);
 diff --git a/auth.c b/auth.c
-index 47c27773c..fc0c05bae 100644
+index 687c57b42..aed3c13ac 100644
 --- a/auth.c
 +++ b/auth.c
-@@ -473,8 +473,7 @@ check_key_in_hostfiles(struct passwd *pw, struct sshkey *key, const char *host,
+@@ -474,8 +474,7 @@ check_key_in_hostfiles(struct passwd *pw, struct sshkey *key, const char *host,
                user_hostfile = tilde_expand_filename(userfile, pw->pw_uid);
                if (options.strict_modes &&
                    (stat(user_hostfile, &st) == 0) &&
@@ -65,10 +65,10 @@ index 47c27773c..fc0c05bae 100644
                            "bad owner or modes for %.200s",
                            pw->pw_name, user_hostfile);
 diff --git a/misc.c b/misc.c
-index 88833d7ff..42eeb425a 100644
+index 3a31d5c18..073d3be19 100644
 --- a/misc.c
 +++ b/misc.c
-@@ -59,8 +59,9 @@
+@@ -61,8 +61,9 @@
 #include <netdb.h>
 #ifdef HAVE_PATHS_H
 # include <paths.h>
@@ -79,7 +79,7 @@ index 88833d7ff..42eeb425a 100644
 #ifdef SSH_TUN_OPENBSD
 #include <net/if.h>
 #endif
-@@ -1112,6 +1113,55 @@ percent_expand(const char *string, ...)
+@@ -1124,6 +1125,55 @@ percent_expand(const char *string, ...)
 #undef EXPAND_MAX_KEYS
 }
 
@@ -135,7 +135,7 @@ index 88833d7ff..42eeb425a 100644
 int
 tun_open(int tun, int mode, char **ifname)
 {
-@@ -1869,8 +1919,7 @@ safe_path(const char *name, struct stat *stp, const char *pw_dir,
+@@ -1909,8 +1959,7 @@ safe_path(const char *name, struct stat *stp, const char *pw_dir,
                snprintf(err, errlen, "%s is not a regular file", buf);
                return -1;
        }
@@ -145,7 +145,7 @@ index 88833d7ff..42eeb425a 100644
                snprintf(err, errlen, "bad ownership or modes for file %s",
                    buf);
                return -1;
-@@ -1885,8 +1934,7 @@ safe_path(const char *name, struct stat *stp, const char *pw_dir,
+@@ -1925,8 +1974,7 @@ safe_path(const char *name, struct stat *stp, const char *pw_dir,
                strlcpy(buf, cp, sizeof(buf));
 
                if (stat(buf, &st) == -1 ||
@@ -156,12 +156,12 @@ index 88833d7ff..42eeb425a 100644
                            "bad ownership or modes for directory %s", buf);
                        return -1;
 diff --git a/misc.h b/misc.h
-index bcc34f980..869895d3a 100644
+index 4a05db2da..5db594b91 100644
 --- a/misc.h
 +++ b/misc.h
-@@ -181,6 +181,8 @@ int opt_match(const char **opts, const char *term);
+@@ -188,6 +188,8 @@ struct notifier_ctx *notify_start(int, const char *, ...)
- char   *read_passphrase(const char *, int);
+        __attribute__((format(printf, 2, 3)));
- int     ask_permission(const char *, ...) __attribute__((format(printf, 1, 2)));
+ void   notify_complete(struct notifier_ctx *);
 
 +int     secure_permissions(struct stat *st, uid_t uid);
 +
@@ -169,10 +169,10 @@ index bcc34f980..869895d3a 100644
 #define MAXIMUM(a, b)  (((a) > (b)) ? (a) : (b))
 #define ROUNDUP(x, y)   ((((x)+((y)-1))/(y))*(y))
 diff --git a/readconf.c b/readconf.c
-index 09787c0e5..16d2729dd 100644
+index 2399208f8..7f251dd4a 100644
 --- a/readconf.c
 +++ b/readconf.c
-@@ -1855,8 +1855,7 @@ read_config_file_depth(const char *filename, struct passwd *pw,
+@@ -1902,8 +1902,7 @@ read_config_file_depth(const char *filename, struct passwd *pw,
 
                if (fstat(fileno(f), &sb) == -1)
                        fatal("fstat %s: %s", filename, strerror(errno));
@@ -183,10 +183,10 @@ index 09787c0e5..16d2729dd 100644
        }
 
 diff --git a/ssh.1 b/ssh.1
-index 26940ad55..20e4c4efa 100644
+index db5c65bc7..cf991e4ee 100644
 --- a/ssh.1
 +++ b/ssh.1
-@@ -1484,6 +1484,8 @@ The file format and configuration options are described in
+@@ -1506,6 +1506,8 @@ The file format and configuration options are described in
 .Xr ssh_config 5 .
 Because of the potential for abuse, this file must have strict permissions:
 read/write for the user, and not writable by others.
@@ -196,10 +196,10 @@ index 26940ad55..20e4c4efa 100644
 .It Pa ~/.ssh/environment
 Contains additional definitions for environment variables; see
 diff --git a/ssh_config.5 b/ssh_config.5
-index bc04d8d02..2c74b57c0 100644
+index 3079db19b..e61a0fd43 100644
 --- a/ssh_config.5
 +++ b/ssh_config.5
-@@ -1907,6 +1907,8 @@ The format of this file is described above.
+@@ -1952,6 +1952,8 @@ The format of this file is described above.
 This file is used by the SSH client.
 Because of the potential for abuse, this file must have strict permissions:
 read/write for the user, and not writable by others.
diff --git a/debian/rules b/debian/rules
index 5e415fc7f..b4dbec715 100755
--- a/debian/rules
+++ b/debian/rules
@@ -78,6 +78,7 @@ ifeq ($(DEB_HOST_ARCH_OS),linux)
 confflags += --with-selinux
 confflags += --with-audit=linux
 confflags += --with-systemd
+confflags += --with-security-key-builtin
 endif
 # The deb build wants xauth; the udeb build doesn't.
@@ -184,8 +185,10 @@ override_dh_install-indep:
        dh_install
 override_dh_installdocs:
-        dh_installdocs -Nopenssh-server -Nopenssh-sftp-server
+        dh_installdocs \
-        dh_installdocs -popenssh-server -popenssh-sftp-server \
+                -Nopenssh-server -Nopenssh-sftp-server -Nopenssh-sk-helper
+        dh_installdocs \
+                -popenssh-server -popenssh-sftp-server -popenssh-sk-helper \
                --link-doc=openssh-client
        # Avoid breaking dh_installexamples later.
        mkdir -p debian/openssh-server/usr/share/doc/openssh-client