From dff2def71487642b4d636b2e12a9fbc7c0e8293d Mon Sep 17 00:00:00 2001
From: Dmitry Belyavskiy <dbelyavs@redhat.com>
Date: Jun 02 2023 11:13:08 +0000
Subject: Fixed some regressions


---

diff --git a/openssh-8.0p1-gssapi-keyex.patch b/openssh-8.0p1-gssapi-keyex.patch
index 1d415ac..e9f0299 100644
--- a/openssh-8.0p1-gssapi-keyex.patch
+++ b/openssh-8.0p1-gssapi-keyex.patch
@@ -3629,9 +3629,10 @@ index af00fb30..03bc87eb 100644
  	xxx_hostaddr = hostaddr;
  	xxx_conn_info = cinfo;
 @@ -206,6 +209,42 @@ ssh_kex2(struct ssh *ssh, char *host, struct sockaddr *hostaddr, u_short port)
- 	if (use_known_hosts_order)
- 		hkalgs = order_hostkeyalgs(host, hostaddr, port, cinfo);
- 
+ 	kex_proposal_populate_entries(ssh, myproposal, s, options.ciphers,
+ 	    options.macs, compression_alg_list(options.compression),
+ 	    hkalgs ? hkalgs : options.hostkeyalgorithms);
++
 +#if defined(GSSAPI) && defined(WITH_OPENSSL)
 +	if (options.gss_keyex) {
 +		/* Add the GSSAPI mechanisms currently supported on this
@@ -3667,10 +3668,9 @@ index af00fb30..03bc87eb 100644
 +		}
 +	}
 +#endif
-+
- 	kex_proposal_populate_entries(ssh, myproposal, s, options.ciphers,
- 	    options.macs, compression_alg_list(options.compression),
- 	    hkalgs ? hkalgs : options.hostkeyalgorithms);
+ 
+ 	free(hkalgs);
+ 
 @@ -224,17 +256,47 @@ ssh_kex2(struct ssh *ssh, char *host, struct sockaddr *hostaddr, u_short port)
  # ifdef OPENSSL_HAS_ECC
  	ssh->kex->kex[KEX_ECDH_SHA2] = kex_gen_client;
diff --git a/openssh-8.7p1-negotiate-supported-algs.patch b/openssh-8.7p1-negotiate-supported-algs.patch
index 6738a61..ee3637f 100644
--- a/openssh-8.7p1-negotiate-supported-algs.patch
+++ b/openssh-8.7p1-negotiate-supported-algs.patch
@@ -84,7 +84,7 @@ diff -up openssh-9.3p1/sshconnect2.c.xxx openssh-9.3p1/sshconnect2.c
  	int r, use_known_hosts_order = 0;
  
  #if defined(GSSAPI) && defined(WITH_OPENSSL)
-@@ -260,6 +260,18 @@ ssh_kex2(struct ssh *ssh, char *host, st
+@@ -260,9 +260,21 @@ ssh_kex2(struct ssh *ssh, char *host, st
  	if (use_known_hosts_order)
  		hkalgs = order_hostkeyalgs(host, hostaddr, port, cinfo);
  
@@ -100,16 +100,16 @@ diff -up openssh-9.3p1/sshconnect2.c.xxx openssh-9.3p1/sshconnect2.c
 +			        options.hostkeyalgorithms, options.pubkey_accepted_algos);
 +	}
 +
- #if defined(GSSAPI) && defined(WITH_OPENSSL)
- 	if (options.gss_keyex) {
- 		if (FIPS_mode()) {
-@@ -303,9 +315,10 @@ ssh_kex2(struct ssh *ssh, char *host, st
- 
  	kex_proposal_populate_entries(ssh, myproposal, s, options.ciphers,
  	    options.macs, compression_alg_list(options.compression),
 -	    hkalgs ? hkalgs : options.hostkeyalgorithms);
 +	    filtered_algs);
  
+ #if defined(GSSAPI) && defined(WITH_OPENSSL)
+ 	if (options.gss_keyex) {
+@@ -303,6 +315,7 @@ ssh_kex2(struct ssh *ssh, char *host, st
+ #endif
+ 
  	free(hkalgs);
 +	free(filtered_algs);