From e7298ce946cc2ac6f2f9b6c088ef9e8b6eda3324cf2a612a613c09f0f0b0d254 Mon Sep 17 00:00:00 2001
From: OBS User buildservice-autocommit <null@suse.de>
Date: Mon, 1 Oct 2018 07:04:20 +0000
Subject: [PATCH] Updating link to change in openSUSE:Factory/libssh revision
 49.0

OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/libssh?expand=0&rev=1894a1811f71c058d092d824d427ae9d
---
 ...gure-check-for-CRYPTO_ctr128_encrypt.patch |  71 ---
 ...nfig-Bugfix-Dont-skip-unseen-opcodes.patch |  32 -
 ...le-timeout-test-on-slow-buildsystems.patch |  40 +-
 ...to-Introduce-a-libcrypto-compat-file.patch | 421 ------------
 ...-libcrypto-Remove-AES_ctr128_encrypt.patch |  29 -
 ...pto-Use-a-pointer-for-EVP_CIPHER_CTX.patch |  29 -
 ...bcrypto-Use-a-pointer-for-EVP_MD_CTX.patch |  45 --
 0001-libcrypto-Use-newer-API-for-HMAC.patch   |  70 --
 ...etters-and-setters-for-opaque-keys-a.patch | 601 ------------------
 ...API-call-for-OpenSSL-CRYPTO-THREADID.patch |  80 ---
 libssh-0.7.5.tar.asc                          |  16 -
 libssh-0.7.5.tar.xz                           |   3 -
 libssh-0.8.3.tar.xz                           |   3 +
 libssh-0.8.3.tar.xz.asc                       |  16 +
 libssh.changes                                |  81 +++
 libssh.keyring                                | Bin 4331 -> 3432 bytes
 libssh.spec                                   | 101 ++-
 17 files changed, 154 insertions(+), 1484 deletions(-)
 delete mode 100644 0001-cmake-Use-configure-check-for-CRYPTO_ctr128_encrypt.patch
 delete mode 100644 0001-config-Bugfix-Dont-skip-unseen-opcodes.patch
 delete mode 100644 0001-libcrypto-Introduce-a-libcrypto-compat-file.patch
 delete mode 100644 0001-libcrypto-Remove-AES_ctr128_encrypt.patch
 delete mode 100644 0001-libcrypto-Use-a-pointer-for-EVP_CIPHER_CTX.patch
 delete mode 100644 0001-libcrypto-Use-a-pointer-for-EVP_MD_CTX.patch
 delete mode 100644 0001-libcrypto-Use-newer-API-for-HMAC.patch
 delete mode 100644 0001-pki_crypto-Use-getters-and-setters-for-opaque-keys-a.patch
 delete mode 100644 0001-threads-Use-new-API-call-for-OpenSSL-CRYPTO-THREADID.patch
 delete mode 100644 libssh-0.7.5.tar.asc
 delete mode 100644 libssh-0.7.5.tar.xz
 create mode 100644 libssh-0.8.3.tar.xz
 create mode 100644 libssh-0.8.3.tar.xz.asc

diff --git a/0001-cmake-Use-configure-check-for-CRYPTO_ctr128_encrypt.patch b/0001-cmake-Use-configure-check-for-CRYPTO_ctr128_encrypt.patch
deleted file mode 100644
index d6b8ac9..0000000
--- a/0001-cmake-Use-configure-check-for-CRYPTO_ctr128_encrypt.patch
+++ /dev/null
@@ -1,71 +0,0 @@
-From 3daf1760a18c091159338fc9077fa71bfbd726a1 Mon Sep 17 00:00:00 2001
-From: Andreas Schneider <asn@cryptomilk.org>
-Date: Sun, 6 Nov 2016 15:43:31 +0100
-Subject: [PATCH] cmake: Use configure check for CRYPTO_ctr128_encrypt
-
-Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
----
- ConfigureChecks.cmake | 4 ++++
- config.h.cmake        | 3 +++
- src/libcrypto.c       | 6 +++---
- 3 files changed, 10 insertions(+), 3 deletions(-)
-
-Index: libssh-0.7.5/ConfigureChecks.cmake
-===================================================================
---- libssh-0.7.5.orig/ConfigureChecks.cmake	2017-09-15 11:35:09.493600110 +0200
-+++ libssh-0.7.5/ConfigureChecks.cmake	2017-09-15 11:35:09.505600299 +0200
-@@ -95,6 +95,10 @@ if (OPENSSL_FOUND)
-     set(CMAKE_REQUIRED_INCLUDES ${OPENSSL_INCLUDE_DIR})
-     set(CMAKE_REQUIRED_LIBRARIES ${OPENSSL_CRYPTO_LIBRARY})
-     check_function_exists(CRYPTO_THREADID_set_callback HAVE_OPENSSL_CRYPTO_THREADID_SET_CALLBACK)
-+
-+    set(CMAKE_REQUIRED_INCLUDES ${OPENSSL_INCLUDE_DIR})
-+    set(CMAKE_REQUIRED_LIBRARIES ${OPENSSL_CRYPTO_LIBRARY})
-+    check_function_exists(CRYPTO_ctr128_encrypt HAVE_OPENSSL_CRYPTO_CTR128_ENCRYPT)
- endif()
- 
- if (CMAKE_HAVE_PTHREAD_H)
-Index: libssh-0.7.5/config.h.cmake
-===================================================================
---- libssh-0.7.5.orig/config.h.cmake	2017-09-15 11:35:09.493600110 +0200
-+++ libssh-0.7.5/config.h.cmake	2017-09-15 11:35:09.505600299 +0200
-@@ -79,6 +79,9 @@
- /* Define to 1 if you have the `CRYPTO_THREADID_set_callback' function. */
- #cmakedefine HAVE_OPENSSL_CRYPTO_THREADID_SET_CALLBACK 1
- 
-+/* Define to 1 if you have the `CRYPTO_ctr128_encrypt' function. */
-+#cmakedefine HAVE_OPENSSL_CRYPTO_CTR128_ENCRYPT 1
-+
- /* Define to 1 if you have the `snprintf' function. */
- #cmakedefine HAVE_SNPRINTF 1
- 
-Index: libssh-0.7.5/src/libcrypto.c
-===================================================================
---- libssh-0.7.5.orig/src/libcrypto.c	2017-09-15 11:35:09.473599793 +0200
-+++ libssh-0.7.5/src/libcrypto.c	2017-09-15 11:35:09.505600299 +0200
-@@ -41,6 +41,8 @@
- #include <openssl/dsa.h>
- #include <openssl/rsa.h>
- #include <openssl/hmac.h>
-+#include <openssl/evp.h>
-+#include <openssl/modes.h>
- #include <openssl/opensslv.h>
- #include <openssl/rand.h>
- #include "libcrypto-compat.h"
-@@ -458,11 +460,12 @@ static void aes_ctr128_encrypt(struct ss
-    * Same for num, which is being used to store the current offset in blocksize in CTR
-    * function.
-    */
--# if OPENSSL_VERSION_NUMBER >= 0x10100000L
--  CRYPTO_ctr128_encrypt(in, out, len, &cipher->aes_key->key, cipher->aes_key->IV, tmp_buffer, &num, (block128_f)AES_encrypt);
--# else
-+#ifdef HAVE_OPENSSL_CRYPTO_CTR128_ENCRYPT
-+  CRYPTO_ctr128_encrypt(in, out, len, cipher->key, cipher->IV, tmp_buffer, &num, (block128_f)AES_encrypt);
-+#else
-+
-   AES_ctr128_encrypt(in, out, len, cipher->key, cipher->IV, tmp_buffer, &num);
--# endif /* OPENSSL_VERSION_NUMBER >= 0x10100000L */
-+#endif /* HAVE_OPENSSL_CRYPTO_CTR128_ENCRYPT */
- }
- #endif /* BROKEN_AES_CTR */
- #endif /* HAS_AES */
diff --git a/0001-config-Bugfix-Dont-skip-unseen-opcodes.patch b/0001-config-Bugfix-Dont-skip-unseen-opcodes.patch
deleted file mode 100644
index 0e6dc58..0000000
--- a/0001-config-Bugfix-Dont-skip-unseen-opcodes.patch
+++ /dev/null
@@ -1,32 +0,0 @@
-From 5333be5988c3789e7011598995f4df90d50d84d0 Mon Sep 17 00:00:00 2001
-From: "Artyom V. Poptsov" <poptsov.artyom@gmail.com>
-Date: Sun, 4 Jun 2017 11:54:55 +0300
-Subject: config: Bugfix: Don't skip unseen opcodes
-
-libssh fails to read the configuration from a config file due to a
-wrong check in 'ssh_config_parse_line' procedure in 'config.c'; it's
-effectively skipping every opcode (and therefore every option) from
-the file.  The change fixes that behaviour.
-
-Signed-off-by: Artyom V. Poptsov <poptsov.artyom@gmail.com>
-Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
----
- src/config.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/src/config.c b/src/config.c
-index 6478fc5f..519926e7 100644
---- a/src/config.c
-+++ b/src/config.c
-@@ -219,7 +219,7 @@ static int ssh_config_parse_line(ssh_session session, const char *line,
- 
-   opcode = ssh_config_get_opcode(keyword);
-   if (*parsing == 1 && opcode != SOC_HOST) {
--      if (seen[opcode] == 0) {
-+      if (seen[opcode] != 0) {
-           return 0;
-       }
-       seen[opcode] = 1;
--- 
-cgit v1.1
-
diff --git a/0001-disable-timeout-test-on-slow-buildsystems.patch b/0001-disable-timeout-test-on-slow-buildsystems.patch
index c972802..b5cd9fd 100644
--- a/0001-disable-timeout-test-on-slow-buildsystems.patch
+++ b/0001-disable-timeout-test-on-slow-buildsystems.patch
@@ -1,8 +1,8 @@
-Index: libssh-0.7.5/tests/unittests/torture_misc.c
+Index: libssh-0.8.2/tests/unittests/torture_misc.c
 ===================================================================
---- libssh-0.7.5.orig/tests/unittests/torture_misc.c
-+++ libssh-0.7.5/tests/unittests/torture_misc.c
-@@ -180,11 +180,13 @@ static void torture_timeout_elapsed(void
+--- libssh-0.8.2.orig/tests/unittests/torture_misc.c	2018-08-30 08:12:50.355846083 +0200
++++ libssh-0.8.2/tests/unittests/torture_misc.c	2018-08-30 08:12:54.831889573 +0200
+@@ -197,11 +197,13 @@ static void torture_timeout_elapsed(void
      (void) state;
      ssh_timestamp_init(&ts);
      usleep(50000);
@@ -16,7 +16,7 @@ Index: libssh-0.7.5/tests/unittests/torture_misc.c
  }
  
  static void torture_timeout_update(void **state){
-@@ -192,11 +194,13 @@ static void torture_timeout_update(void
+@@ -209,11 +211,13 @@ static void torture_timeout_update(void
      (void) state;
      ssh_timestamp_init(&ts);
      usleep(50000);
@@ -29,27 +29,23 @@ Index: libssh-0.7.5/tests/unittests/torture_misc.c
 +#endif /* SLOW_TEST_SYSTEM */
  }
  
- int torture_run_tests(void) {
-Index: libssh-0.7.5/DefineOptions.cmake
+ static void torture_ssh_analyze_banner(void **state) {
+Index: libssh-0.8.2/DefineOptions.cmake
 ===================================================================
---- libssh-0.7.5.orig/DefineOptions.cmake
-+++ libssh-0.7.5/DefineOptions.cmake
-@@ -14,6 +14,8 @@ option(WITH_CLIENT_TESTING "Build with c
- option(WITH_BENCHMARKS "Build benchmarks tools" OFF)
- option(WITH_EXAMPLES "Build examples" ON)
- option(WITH_NACL "Build with libnacl (curve25519" ON)
+--- libssh-0.8.2.orig/DefineOptions.cmake	2018-08-30 08:12:50.355846083 +0200
++++ libssh-0.8.2/DefineOptions.cmake	2018-08-30 08:13:25.020182668 +0200
+@@ -20,6 +20,7 @@ option(WITH_SYMBOL_VERSIONING "Build wit
+ option(WITH_ABI_BREAK "Allow ABI break" OFF)
+ option(FUZZ_TESTING "Build with fuzzer for the server" OFF)
+ option(PICKY_DEVELOPER "Build with picky developer flags" OFF)
 +option(SLOW_TEST_SYSTEM "Disable tests that fail on slow systems" OFF)
-+
+ 
  if (WITH_ZLIB)
      set(WITH_LIBZ ON)
- else (WITH_ZLIB)
-@@ -30,4 +32,9 @@ endif (WITH_TESTING)
- 
- if (WITH_NACL)
-   set(WITH_NACL ON)
--endif (WITH_NACL)
-\ No newline at end of file
-+endif (WITH_NACL)
+@@ -46,3 +47,8 @@ endif (WITH_NACL)
+ if (WITH_ABI_BREAK)
+   set(WITH_SYMBOL_VERSIONING ON)
+ endif (WITH_ABI_BREAK)
 +
 +if (SLOW_TEST_SYSTEM)
 +  set (SLOW_TEST_SYSTEM ON)
diff --git a/0001-libcrypto-Introduce-a-libcrypto-compat-file.patch b/0001-libcrypto-Introduce-a-libcrypto-compat-file.patch
deleted file mode 100644
index 3dd751e..0000000
--- a/0001-libcrypto-Introduce-a-libcrypto-compat-file.patch
+++ /dev/null
@@ -1,421 +0,0 @@
-From b6cfde8987d201e3cee942d3368e18545d6c28fb Mon Sep 17 00:00:00 2001
-From: Jakub Jelen <jjelen@redhat.com>
-Date: Wed, 2 Nov 2016 16:38:09 +0100
-Subject: [PATCH] libcrypto: Introduce a libcrypto compat file
-
-This is for OpenSSL 1.1.0 support.
-
-Signed-off-by: Jakub Jelen <jjelen@redhat.com>
-Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
----
- src/CMakeLists.txt     |   1 +
- src/libcrypto-compat.c | 335 +++++++++++++++++++++++++++++++++++++++++++++++++
- src/libcrypto-compat.h |  42 +++++++
- 3 files changed, 378 insertions(+)
- create mode 100644 src/libcrypto-compat.c
- create mode 100644 src/libcrypto-compat.h
-
-diff --git a/src/CMakeLists.txt b/src/CMakeLists.txt
-index ab9f1843..3c22dfac 100644
---- a/src/CMakeLists.txt
-+++ b/src/CMakeLists.txt
-@@ -126,6 +126,7 @@ set(libssh_SRCS
-   known_hosts.c
-   legacy.c
-   libcrypto.c
-+  libcrypto-compat.c
-   log.c
-   match.c
-   messages.c
-diff --git a/src/libcrypto-compat.c b/src/libcrypto-compat.c
-new file mode 100644
-index 00000000..1f27dd5f
---- /dev/null
-+++ b/src/libcrypto-compat.c
-@@ -0,0 +1,335 @@
-+/*
-+ * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
-+ *
-+ * Licensed under the OpenSSL license (the "License").  You may not use
-+ * this file except in compliance with the License.  You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
-+ */
-+
-+#include <openssl/opensslv.h>
-+#if OPENSSL_VERSION_NUMBER < 0x10100000L
-+
-+#include <string.h>
-+#include <openssl/engine.h>
-+#include "libcrypto-compat.h"
-+
-+static void *OPENSSL_zalloc(size_t num)
-+{
-+    void *ret = OPENSSL_malloc(num);
-+
-+    if (ret != NULL)
-+        memset(ret, 0, num);
-+    return ret;
-+}
-+
-+int RSA_set0_key(RSA *r, BIGNUM *n, BIGNUM *e, BIGNUM *d)
-+{
-+    /* If the fields n and e in r are NULL, the corresponding input
-+     * parameters MUST be non-NULL for n and e.  d may be
-+     * left NULL (in case only the public key is used).
-+     */
-+    if ((r->n == NULL && n == NULL)
-+        || (r->e == NULL && e == NULL))
-+        return 0;
-+
-+    if (n != NULL) {
-+        BN_free(r->n);
-+        r->n = n;
-+    }
-+    if (e != NULL) {
-+        BN_free(r->e);
-+        r->e = e;
-+    }
-+    if (d != NULL) {
-+        BN_free(r->d);
-+        r->d = d;
-+    }
-+
-+    return 1;
-+}
-+
-+int RSA_set0_factors(RSA *r, BIGNUM *p, BIGNUM *q)
-+{
-+    /* If the fields p and q in r are NULL, the corresponding input
-+     * parameters MUST be non-NULL.
-+     */
-+    if ((r->p == NULL && p == NULL)
-+        || (r->q == NULL && q == NULL))
-+        return 0;
-+
-+    if (p != NULL) {
-+        BN_free(r->p);
-+        r->p = p;
-+    }
-+    if (q != NULL) {
-+        BN_free(r->q);
-+        r->q = q;
-+    }
-+
-+    return 1;
-+}
-+
-+int RSA_set0_crt_params(RSA *r, BIGNUM *dmp1, BIGNUM *dmq1, BIGNUM *iqmp)
-+{
-+    /* If the fields dmp1, dmq1 and iqmp in r are NULL, the corresponding input
-+     * parameters MUST be non-NULL.
-+     */
-+    if ((r->dmp1 == NULL && dmp1 == NULL)
-+        || (r->dmq1 == NULL && dmq1 == NULL)
-+        || (r->iqmp == NULL && iqmp == NULL))
-+        return 0;
-+
-+    if (dmp1 != NULL) {
-+        BN_free(r->dmp1);
-+        r->dmp1 = dmp1;
-+    }
-+    if (dmq1 != NULL) {
-+        BN_free(r->dmq1);
-+        r->dmq1 = dmq1;
-+    }
-+    if (iqmp != NULL) {
-+        BN_free(r->iqmp);
-+        r->iqmp = iqmp;
-+    }
-+
-+    return 1;
-+}
-+
-+void RSA_get0_key(const RSA *r,
-+                  const BIGNUM **n, const BIGNUM **e, const BIGNUM **d)
-+{
-+    if (n != NULL)
-+        *n = r->n;
-+    if (e != NULL)
-+        *e = r->e;
-+    if (d != NULL)
-+        *d = r->d;
-+}
-+
-+void RSA_get0_factors(const RSA *r, const BIGNUM **p, const BIGNUM **q)
-+{
-+    if (p != NULL)
-+        *p = r->p;
-+    if (q != NULL)
-+        *q = r->q;
-+}
-+
-+void RSA_get0_crt_params(const RSA *r,
-+                         const BIGNUM **dmp1, const BIGNUM **dmq1,
-+                         const BIGNUM **iqmp)
-+{
-+    if (dmp1 != NULL)
-+        *dmp1 = r->dmp1;
-+    if (dmq1 != NULL)
-+        *dmq1 = r->dmq1;
-+    if (iqmp != NULL)
-+        *iqmp = r->iqmp;
-+}
-+
-+void DSA_get0_pqg(const DSA *d,
-+                  const BIGNUM **p, const BIGNUM **q, const BIGNUM **g)
-+{
-+    if (p != NULL)
-+        *p = d->p;
-+    if (q != NULL)
-+        *q = d->q;
-+    if (g != NULL)
-+        *g = d->g;
-+}
-+
-+int DSA_set0_pqg(DSA *d, BIGNUM *p, BIGNUM *q, BIGNUM *g)
-+{
-+    /* If the fields p, q and g in d are NULL, the corresponding input
-+     * parameters MUST be non-NULL.
-+     */
-+    if ((d->p == NULL && p == NULL)
-+        || (d->q == NULL && q == NULL)
-+        || (d->g == NULL && g == NULL))
-+        return 0;
-+
-+    if (p != NULL) {
-+        BN_free(d->p);
-+        d->p = p;
-+    }
-+    if (q != NULL) {
-+        BN_free(d->q);
-+        d->q = q;
-+    }
-+    if (g != NULL) {
-+        BN_free(d->g);
-+        d->g = g;
-+    }
-+
-+    return 1;
-+}
-+
-+void DSA_get0_key(const DSA *d,
-+                  const BIGNUM **pub_key, const BIGNUM **priv_key)
-+{
-+    if (pub_key != NULL)
-+        *pub_key = d->pub_key;
-+    if (priv_key != NULL)
-+        *priv_key = d->priv_key;
-+}
-+
-+int DSA_set0_key(DSA *d, BIGNUM *pub_key, BIGNUM *priv_key)
-+{
-+    /* If the field pub_key in d is NULL, the corresponding input
-+     * parameters MUST be non-NULL.  The priv_key field may
-+     * be left NULL.
-+     */
-+    if (d->pub_key == NULL && pub_key == NULL)
-+        return 0;
-+
-+    if (pub_key != NULL) {
-+        BN_free(d->pub_key);
-+        d->pub_key = pub_key;
-+    }
-+    if (priv_key != NULL) {
-+        BN_free(d->priv_key);
-+        d->priv_key = priv_key;
-+    }
-+
-+    return 1;
-+}
-+
-+void DSA_SIG_get0(const DSA_SIG *sig, const BIGNUM **pr, const BIGNUM **ps)
-+{
-+    if (pr != NULL)
-+        *pr = sig->r;
-+    if (ps != NULL)
-+        *ps = sig->s;
-+}
-+
-+int DSA_SIG_set0(DSA_SIG *sig, BIGNUM *r, BIGNUM *s)
-+{
-+    if (r == NULL || s == NULL)
-+        return 0;
-+    BN_clear_free(sig->r);
-+    BN_clear_free(sig->s);
-+    sig->r = r;
-+    sig->s = s;
-+    return 1;
-+}
-+
-+void ECDSA_SIG_get0(const ECDSA_SIG *sig, const BIGNUM **pr, const BIGNUM **ps)
-+{
-+    if (pr != NULL)
-+        *pr = sig->r;
-+    if (ps != NULL)
-+        *ps = sig->s;
-+}
-+
-+int ECDSA_SIG_set0(ECDSA_SIG *sig, BIGNUM *r, BIGNUM *s)
-+{
-+    if (r == NULL || s == NULL)
-+        return 0;
-+    BN_clear_free(sig->r);
-+    BN_clear_free(sig->s);
-+    sig->r = r;
-+    sig->s = s;
-+    return 1;
-+}
-+
-+EVP_MD_CTX *EVP_MD_CTX_new(void)
-+{
-+    return OPENSSL_zalloc(sizeof(EVP_MD_CTX));
-+}
-+
-+static void OPENSSL_clear_free(void *str, size_t num)
-+{
-+    if (str == NULL)
-+        return;
-+    if (num)
-+        OPENSSL_cleanse(str, num);
-+    OPENSSL_free(str);
-+}
-+
-+/* This call frees resources associated with the context */
-+int EVP_MD_CTX_reset(EVP_MD_CTX *ctx)
-+{
-+    if (ctx == NULL)
-+        return 1;
-+
-+    /*
-+     * Don't assume ctx->md_data was cleaned in EVP_Digest_Final, because
-+     * sometimes only copies of the context are ever finalised.
-+     */
-+    if (ctx->digest && ctx->digest->cleanup
-+        && !EVP_MD_CTX_test_flags(ctx, EVP_MD_CTX_FLAG_CLEANED))
-+        ctx->digest->cleanup(ctx);
-+    if (ctx->digest && ctx->digest->ctx_size && ctx->md_data
-+        && !EVP_MD_CTX_test_flags(ctx, EVP_MD_CTX_FLAG_REUSE)) {
-+        OPENSSL_clear_free(ctx->md_data, ctx->digest->ctx_size);
-+    }
-+    EVP_PKEY_CTX_free(ctx->pctx);
-+#ifndef OPENSSL_NO_ENGINE
-+    ENGINE_finish(ctx->engine);
-+#endif
-+    OPENSSL_cleanse(ctx, sizeof(*ctx));
-+
-+    return 1;
-+}
-+
-+void EVP_MD_CTX_free(EVP_MD_CTX *ctx)
-+{
-+    EVP_MD_CTX_reset(ctx);
-+    OPENSSL_free(ctx);
-+}
-+
-+HMAC_CTX *HMAC_CTX_new(void)
-+{
-+    HMAC_CTX *ctx = OPENSSL_zalloc(sizeof(HMAC_CTX));
-+
-+    if (ctx != NULL) {
-+        if (!HMAC_CTX_reset(ctx)) {
-+            HMAC_CTX_free(ctx);
-+            return NULL;
-+        }
-+    }
-+    return ctx;
-+}
-+
-+static void hmac_ctx_cleanup(HMAC_CTX *ctx)
-+{
-+    EVP_MD_CTX_reset(&ctx->i_ctx);
-+    EVP_MD_CTX_reset(&ctx->o_ctx);
-+    EVP_MD_CTX_reset(&ctx->md_ctx);
-+    ctx->md = NULL;
-+    ctx->key_length = 0;
-+    OPENSSL_cleanse(ctx->key, sizeof(ctx->key));
-+}
-+
-+void HMAC_CTX_free(HMAC_CTX *ctx)
-+{
-+    if (ctx != NULL) {
-+        hmac_ctx_cleanup(ctx);
-+        EVP_MD_CTX_free(&ctx->i_ctx);
-+        EVP_MD_CTX_free(&ctx->o_ctx);
-+        EVP_MD_CTX_free(&ctx->md_ctx);
-+        OPENSSL_free(ctx);
-+    }
-+}
-+
-+int HMAC_CTX_reset(HMAC_CTX *ctx)
-+{
-+    HMAC_CTX_init(ctx);
-+    return 1;
-+}
-+
-+EVP_CIPHER_CTX *EVP_CIPHER_CTX_new(void)
-+{
-+    return OPENSSL_zalloc(sizeof(EVP_CIPHER_CTX));
-+}
-+
-+void EVP_CIPHER_CTX_free(EVP_CIPHER_CTX *ctx)
-+{
-+    /* EVP_CIPHER_CTX_reset(ctx); alias */
-+    EVP_CIPHER_CTX_init(ctx);
-+    OPENSSL_free(ctx);
-+}
-+
-+#else
-+typedef int iso_c_forbids_an_empty_source_file;
-+#endif /* OPENSSL_VERSION_NUMBER */
-diff --git a/src/libcrypto-compat.h b/src/libcrypto-compat.h
-new file mode 100644
-index 00000000..21542c65
---- /dev/null
-+++ b/src/libcrypto-compat.h
-@@ -0,0 +1,42 @@
-+#ifndef LIBCRYPTO_COMPAT_H
-+#define LIBCRYPTO_COMPAT_H
-+
-+#include <openssl/opensslv.h>
-+#if OPENSSL_VERSION_NUMBER < 0x10100000L
-+
-+#include <openssl/rsa.h>
-+#include <openssl/dsa.h>
-+#include <openssl/ecdsa.h>
-+#include <openssl/dh.h>
-+#include <openssl/evp.h>
-+#include <openssl/hmac.h>
-+
-+int RSA_set0_key(RSA *r, BIGNUM *n, BIGNUM *e, BIGNUM *d);
-+int RSA_set0_factors(RSA *r, BIGNUM *p, BIGNUM *q);
-+int RSA_set0_crt_params(RSA *r, BIGNUM *dmp1, BIGNUM *dmq1, BIGNUM *iqmp);
-+void RSA_get0_key(const RSA *r, const BIGNUM **n, const BIGNUM **e, const BIGNUM **d);
-+void RSA_get0_factors(const RSA *r, const BIGNUM **p, const BIGNUM **q);
-+void RSA_get0_crt_params(const RSA *r, const BIGNUM **dmp1, const BIGNUM **dmq1, const BIGNUM **iqmp);
-+
-+void DSA_get0_pqg(const DSA *d, const BIGNUM **p, const BIGNUM **q, const BIGNUM **g);
-+int DSA_set0_pqg(DSA *d, BIGNUM *p, BIGNUM *q, BIGNUM *g);
-+void DSA_get0_key(const DSA *d, const BIGNUM **pub_key, const BIGNUM **priv_key);
-+int DSA_set0_key(DSA *d, BIGNUM *pub_key, BIGNUM *priv_key);
-+
-+void DSA_SIG_get0(const DSA_SIG *sig, const BIGNUM **pr, const BIGNUM **ps);
-+int DSA_SIG_set0(DSA_SIG *sig, BIGNUM *r, BIGNUM *s);
-+
-+void ECDSA_SIG_get0(const ECDSA_SIG *sig, const BIGNUM **pr, const BIGNUM **ps);
-+int ECDSA_SIG_set0(ECDSA_SIG *sig, BIGNUM *r, BIGNUM *s);
-+
-+int EVP_MD_CTX_reset(EVP_MD_CTX *ctx);
-+EVP_MD_CTX *EVP_MD_CTX_new(void);
-+void EVP_MD_CTX_free(EVP_MD_CTX *ctx);
-+
-+HMAC_CTX *HMAC_CTX_new(void);
-+int HMAC_CTX_reset(HMAC_CTX *ctx);
-+void HMAC_CTX_free(HMAC_CTX *ctx);
-+
-+#endif /* OPENSSL_VERSION_NUMBER */
-+
-+#endif /* LIBCRYPTO_COMPAT_H */
--- 
-2.13.5
-
diff --git a/0001-libcrypto-Remove-AES_ctr128_encrypt.patch b/0001-libcrypto-Remove-AES_ctr128_encrypt.patch
deleted file mode 100644
index 128e3c5..0000000
--- a/0001-libcrypto-Remove-AES_ctr128_encrypt.patch
+++ /dev/null
@@ -1,29 +0,0 @@
-From d73f665edddfaa8f5a51e4c294d205f6e60a5854 Mon Sep 17 00:00:00 2001
-From: Jakub Jelen <jjelen@redhat.com>
-Date: Wed, 2 Nov 2016 16:20:46 +0100
-Subject: [PATCH] libcrypto: Remove AES_ctr128_encrypt()
-
-This is for OpenSSL 1.1.0.
-
-Signed-off-by: Jakub Jelen <jjelen@redhat.com>
-Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
----
- src/libcrypto.c | 4 ++++
- 1 file changed, 4 insertions(+)
-
-Index: libssh-0.7.5/src/libcrypto.c
-===================================================================
---- libssh-0.7.5.orig/src/libcrypto.c	2017-08-22 09:33:23.362303166 +0200
-+++ libssh-0.7.5/src/libcrypto.c	2017-08-22 09:34:19.763181332 +0200
-@@ -455,7 +455,11 @@ static void aes_ctr128_encrypt(struct ss
-    * Same for num, which is being used to store the current offset in blocksize in CTR
-    * function.
-    */
-+# if OPENSSL_VERSION_NUMBER >= 0x10100000L
-+  CRYPTO_ctr128_encrypt(in, out, len, &cipher->aes_key->key, cipher->aes_key->IV, tmp_buffer, &num, (block128_f)AES_encrypt);
-+# else
-   AES_ctr128_encrypt(in, out, len, cipher->key, cipher->IV, tmp_buffer, &num);
-+# endif /* OPENSSL_VERSION_NUMBER >= 0x10100000L */
- }
- #endif /* BROKEN_AES_CTR */
- #endif /* HAS_AES */
diff --git a/0001-libcrypto-Use-a-pointer-for-EVP_CIPHER_CTX.patch b/0001-libcrypto-Use-a-pointer-for-EVP_CIPHER_CTX.patch
deleted file mode 100644
index 408fa75..0000000
--- a/0001-libcrypto-Use-a-pointer-for-EVP_CIPHER_CTX.patch
+++ /dev/null
@@ -1,29 +0,0 @@
-From 5d2e9ee66efb6bae9941987cc09a98867ae9ba6d Mon Sep 17 00:00:00 2001
-From: Jakub Jelen <jjelen@redhat.com>
-Date: Sat, 5 Nov 2016 16:54:02 +0100
-Subject: [PATCH] libcrypto: Use a pointer for EVP_CIPHER_CTX
-
-This has been made opaque and it needs to be a pointer.
-
-This is for OpenSSL 1.1.0 support.
-
-Signed-off-by: Jakub Jelen <jjelen@redhat.com>
-Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
----
- include/libssh/crypto.h |  2 +-
- src/libcrypto.c         | 23 ++++++++++++++---------
- src/wrapper.c           |  3 +++
- 3 files changed, 18 insertions(+), 10 deletions(-)
-
-Index: libssh-0.7.5/src/libcrypto.c
-===================================================================
---- libssh-0.7.5.orig/src/libcrypto.c	2017-09-15 11:28:54.851673060 +0200
-+++ libssh-0.7.5/src/libcrypto.c	2017-09-15 11:28:56.863704697 +0200
-@@ -43,6 +43,7 @@
- #include <openssl/hmac.h>
- #include <openssl/opensslv.h>
- #include <openssl/rand.h>
-+#include "libcrypto-compat.h"
- 
- #ifdef HAVE_OPENSSL_AES_H
- #define HAS_AES
diff --git a/0001-libcrypto-Use-a-pointer-for-EVP_MD_CTX.patch b/0001-libcrypto-Use-a-pointer-for-EVP_MD_CTX.patch
deleted file mode 100644
index 8ad4e5b..0000000
--- a/0001-libcrypto-Use-a-pointer-for-EVP_MD_CTX.patch
+++ /dev/null
@@ -1,45 +0,0 @@
-From 607c671f67de2443e39ef571122c0c0e0d150e3a Mon Sep 17 00:00:00 2001
-From: Jakub Jelen <jjelen@redhat.com>
-Date: Sat, 5 Nov 2016 16:52:41 +0100
-Subject: [PATCH] libcrypto: Use a pointer for EVP_MD_CTX
-
-This is for OpenSSL 1.1.0 support.
-
-Signed-off-by: Jakub Jelen <jjelen@redhat.com>
-Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
----
- src/libcrypto.c | 11 ++++++-----
- 1 file changed, 6 insertions(+), 5 deletions(-)
-
-diff --git a/src/libcrypto.c b/src/libcrypto.c
-index 64c92eaa..622b4470 100644
---- a/src/libcrypto.c
-+++ b/src/libcrypto.c
-@@ -135,18 +135,19 @@ static const EVP_MD *nid_to_evpmd(int nid)
- void evp(int nid, unsigned char *digest, int len, unsigned char *hash, unsigned int *hlen)
- {
-     const EVP_MD *evp_md = nid_to_evpmd(nid);
--    EVP_MD_CTX md;
-+    EVP_MD_CTX *md = EVP_MD_CTX_new();
- 
--    EVP_DigestInit(&md, evp_md);
--    EVP_DigestUpdate(&md, digest, len);
--    EVP_DigestFinal(&md, hash, hlen);
-+    EVP_DigestInit(md, evp_md);
-+    EVP_DigestUpdate(md, digest, len);
-+    EVP_DigestFinal(md, hash, hlen);
-+    EVP_MD_CTX_free(md);
- }
- 
- EVPCTX evp_init(int nid)
- {
-     const EVP_MD *evp_md = nid_to_evpmd(nid);
- 
--    EVPCTX ctx = malloc(sizeof(EVP_MD_CTX));
-+    EVPCTX ctx = EVP_MD_CTX_new();
-     if (ctx == NULL) {
-         return NULL;
-     }
--- 
-2.13.5
-
diff --git a/0001-libcrypto-Use-newer-API-for-HMAC.patch b/0001-libcrypto-Use-newer-API-for-HMAC.patch
deleted file mode 100644
index 159df3d..0000000
--- a/0001-libcrypto-Use-newer-API-for-HMAC.patch
+++ /dev/null
@@ -1,70 +0,0 @@
-From cf1e808e2ffa1f26644fb5d2cb82a919f323deba Mon Sep 17 00:00:00 2001
-From: Jakub Jelen <jjelen@redhat.com>
-Date: Sat, 5 Nov 2016 16:51:05 +0100
-Subject: [PATCH] libcrypto: Use newer API for HMAC
-
-This is for OpenSSL 1.1.0 support.
-
-Signed-off-by: Jakub Jelen <jjelen@redhat.com>
-Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
----
- src/libcrypto.c | 17 +++++++++--------
- 1 file changed, 9 insertions(+), 8 deletions(-)
-
-diff --git a/src/libcrypto.c b/src/libcrypto.c
-index 19065bd6..64c92eaa 100644
---- a/src/libcrypto.c
-+++ b/src/libcrypto.c
-@@ -378,32 +378,33 @@ void ssh_mac_final(unsigned char *md, ssh_mac_ctx ctx) {
- HMACCTX hmac_init(const void *key, int len, enum ssh_hmac_e type) {
-   HMACCTX ctx = NULL;
- 
--  ctx = malloc(sizeof(*ctx));
-+  ctx = HMAC_CTX_new();
-   if (ctx == NULL) {
-     return NULL;
-   }
- 
- #ifndef OLD_CRYPTO
--  HMAC_CTX_init(ctx); // openssl 0.9.7 requires it.
-+  HMAC_CTX_reset(ctx); // openssl 0.9.7 requires it.
- #endif
- 
-   switch(type) {
-     case SSH_HMAC_SHA1:
--      HMAC_Init(ctx, key, len, EVP_sha1());
-+      HMAC_Init_ex(ctx, key, len, EVP_sha1(), NULL);
-       break;
-     case SSH_HMAC_SHA256:
--      HMAC_Init(ctx, key, len, EVP_sha256());
-+      HMAC_Init_ex(ctx, key, len, EVP_sha256(), NULL);
-       break;
-     case SSH_HMAC_SHA384:
--      HMAC_Init(ctx, key, len, EVP_sha384());
-+      HMAC_Init_ex(ctx, key, len, EVP_sha384(), NULL);
-       break;
-     case SSH_HMAC_SHA512:
--      HMAC_Init(ctx, key, len, EVP_sha512());
-+      HMAC_Init_ex(ctx, key, len, EVP_sha512(), NULL);
-       break;
-     case SSH_HMAC_MD5:
--      HMAC_Init(ctx, key, len, EVP_md5());
-+      HMAC_Init_ex(ctx, key, len, EVP_md5(), NULL);
-       break;
-     default:
-+      HMAC_CTX_free(ctx);
-       SAFE_FREE(ctx);
-       ctx = NULL;
-   }
-@@ -419,7 +420,7 @@ void hmac_final(HMACCTX ctx, unsigned char *hashmacbuf, unsigned int *len) {
-   HMAC_Final(ctx,hashmacbuf,len);
- 
- #ifndef OLD_CRYPTO
--  HMAC_CTX_cleanup(ctx);
-+  HMAC_CTX_reset(ctx);
- #else
-   HMAC_cleanup(ctx);
- #endif
--- 
-2.13.5
-
diff --git a/0001-pki_crypto-Use-getters-and-setters-for-opaque-keys-a.patch b/0001-pki_crypto-Use-getters-and-setters-for-opaque-keys-a.patch
deleted file mode 100644
index f0e1a11..0000000
--- a/0001-pki_crypto-Use-getters-and-setters-for-opaque-keys-a.patch
+++ /dev/null
@@ -1,601 +0,0 @@
-From 3341f49a49a07cbce003e487ef24a2042e800f01 Mon Sep 17 00:00:00 2001
-From: Jakub Jelen <jjelen@redhat.com>
-Date: Wed, 2 Nov 2016 17:02:58 +0100
-Subject: [PATCH] pki_crypto: Use getters and setters for opaque keys and
- signatures
-
-This is for OpenSSL 1.1.0 support.
-
-Signed-off-by: Jakub Jelen <jjelen@redhat.com>
-Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
----
- src/pki_crypto.c | 295 ++++++++++++++++++++++++++++++++++++++-----------------
- 1 file changed, 203 insertions(+), 92 deletions(-)
-
-Index: libssh-0.7.5/src/pki_crypto.c
-===================================================================
---- libssh-0.7.5.orig/src/pki_crypto.c	2017-09-15 10:23:38.677834792 +0200
-+++ libssh-0.7.5/src/pki_crypto.c	2017-09-15 10:25:38.983736682 +0200
-@@ -31,6 +31,7 @@
- #include <openssl/dsa.h>
- #include <openssl/err.h>
- #include <openssl/rsa.h>
-+#include "libcrypto-compat.h"
- 
- #ifdef HAVE_OPENSSL_EC_H
- #include <openssl/ec.h>
-@@ -230,7 +231,10 @@ ssh_key pki_key_dup(const ssh_key key, i
-     }
- 
-     switch (key->type) {
--    case SSH_KEYTYPE_DSS:
-+    case SSH_KEYTYPE_DSS: {
-+        const BIGNUM *p = NULL, *q = NULL, *g = NULL,
-+          *pub_key = NULL, *priv_key = NULL;
-+        BIGNUM *np, *nq, *ng, *npub_key, *npriv_key;
-         new->dsa = DSA_new();
-         if (new->dsa == NULL) {
-             goto fail;
-@@ -243,36 +247,54 @@ ssh_key pki_key_dup(const ssh_key key, i
-          * pub_key  = public key y = g^x
-          * priv_key = private key x
-          */
--        new->dsa->p = BN_dup(key->dsa->p);
--        if (new->dsa->p == NULL) {
-+        DSA_get0_pqg(key->dsa, &p, &q, &g);
-+        np = BN_dup(p);
-+        nq = BN_dup(q);
-+        ng = BN_dup(g);
-+        if (np == NULL || nq == NULL || ng == NULL) {
-+            BN_free(np);
-+            BN_free(nq);
-+            BN_free(ng);
-             goto fail;
-         }
- 
--        new->dsa->q = BN_dup(key->dsa->q);
--        if (new->dsa->q == NULL) {
-+        rc = DSA_set0_pqg(new->dsa, np, nq, ng);
-+        if (rc == 0) {
-+            BN_free(np);
-+            BN_free(nq);
-+            BN_free(ng);
-             goto fail;
-         }
- 
--        new->dsa->g = BN_dup(key->dsa->g);
--        if (new->dsa->g == NULL) {
-+        DSA_get0_key(key->dsa, &pub_key, &priv_key);
-+        npub_key = BN_dup(pub_key);
-+        if (npub_key == NULL) {
-             goto fail;
-         }
- 
--        new->dsa->pub_key = BN_dup(key->dsa->pub_key);
--        if (new->dsa->pub_key == NULL) {
-+        rc = DSA_set0_key(new->dsa, npub_key, NULL);
-+        if (rc == 0) {
-             goto fail;
-         }
- 
-         if (!demote && (key->flags & SSH_KEY_FLAG_PRIVATE)) {
--            new->dsa->priv_key = BN_dup(key->dsa->priv_key);
--            if (new->dsa->priv_key == NULL) {
-+            npriv_key = BN_dup(priv_key);
-+            if (npriv_key == NULL) {
-+                goto fail;
-+            }
-+
-+            rc = DSA_set0_key(new->dsa, NULL, npriv_key);
-+            if (rc == 0) {
-                 goto fail;
-             }
-         }
- 
-         break;
-+    }
-     case SSH_KEYTYPE_RSA:
--    case SSH_KEYTYPE_RSA1:
-+    case SSH_KEYTYPE_RSA1: {
-+        const BIGNUM *n = NULL, *e = NULL, *d = NULL;
-+        BIGNUM *nn, *ne, *nd;
-         new->rsa = RSA_new();
-         if (new->rsa == NULL) {
-             goto fail;
-@@ -288,62 +310,82 @@ ssh_key pki_key_dup(const ssh_key key, i
-          * dmq1 = d mod (q-1)
-          * iqmp = q^-1 mod p
-          */
--        new->rsa->n = BN_dup(key->rsa->n);
--        if (new->rsa->n == NULL) {
-+        RSA_get0_key(key->rsa, &n, &e, &d);
-+        nn = BN_dup(n);
-+        ne = BN_dup(e);
-+        if (nn == NULL || ne == NULL) {
-+            BN_free(nn);
-+            BN_free(ne);
-             goto fail;
-         }
- 
--        new->rsa->e = BN_dup(key->rsa->e);
--        if (new->rsa->e == NULL) {
-+        rc = RSA_set0_key(new->rsa, nn, ne, NULL);
-+        if (rc == 0) {
-+            BN_free(nn);
-+            BN_free(ne);
-             goto fail;
-         }
- 
-         if (!demote && (key->flags & SSH_KEY_FLAG_PRIVATE)) {
--            new->rsa->d = BN_dup(key->rsa->d);
--            if (new->rsa->d == NULL) {
-+            const BIGNUM *p = NULL, *q = NULL, *dmp1 = NULL,
-+              *dmq1 = NULL, *iqmp = NULL;
-+            BIGNUM *np, *nq, *ndmp1, *ndmq1, *niqmp;
-+
-+            nd = BN_dup(d);
-+            if (nd == NULL) {
-+                goto fail;
-+            }
-+
-+            rc = RSA_set0_key(new->rsa, NULL, NULL, nd);
-+            if (rc == 0) {
-                 goto fail;
-             }
- 
-             /* p, q, dmp1, dmq1 and iqmp may be NULL in private keys, but the
-              * RSA operations are much faster when these values are available.
-              */
--            if (key->rsa->p != NULL) {
--                new->rsa->p = BN_dup(key->rsa->p);
--                if (new->rsa->p == NULL) {
-+            RSA_get0_factors(key->rsa, &p, &q);
-+            if (p != NULL && q != NULL) { /* need to set both of them */
-+                np = BN_dup(p);
-+                nq = BN_dup(q);
-+                if (np == NULL || nq == NULL) {
-+                    BN_free(np);
-+                    BN_free(nq);
-                     goto fail;
-                 }
--            }
- 
--            if (key->rsa->q != NULL) {
--                new->rsa->q = BN_dup(key->rsa->q);
--                if (new->rsa->q == NULL) {
-+                rc = RSA_set0_factors(new->rsa, np, nq);
-+                if (rc == 0) {
-+                    BN_free(np);
-+                    BN_free(nq);
-                     goto fail;
-                 }
-             }
- 
--            if (key->rsa->dmp1 != NULL) {
--                new->rsa->dmp1 = BN_dup(key->rsa->dmp1);
--                if (new->rsa->dmp1 == NULL) {
-+            RSA_get0_crt_params(key->rsa, &dmp1, &dmq1, &iqmp);
-+            if (dmp1 != NULL || dmq1 != NULL || iqmp != NULL) {
-+                ndmp1 = BN_dup(dmp1);
-+                ndmq1 = BN_dup(dmq1);
-+                niqmp = BN_dup(iqmp);
-+                if (ndmp1 == NULL || ndmq1 == NULL || niqmp == NULL) {
-+                    BN_free(ndmp1);
-+                    BN_free(ndmq1);
-+                    BN_free(niqmp);
-                     goto fail;
-                 }
--            }
- 
--            if (key->rsa->dmq1 != NULL) {
--                new->rsa->dmq1 = BN_dup(key->rsa->dmq1);
--                if (new->rsa->dmq1 == NULL) {
--                    goto fail;
--                }
--            }
--
--            if (key->rsa->iqmp != NULL) {
--                new->rsa->iqmp = BN_dup(key->rsa->iqmp);
--                if (new->rsa->iqmp == NULL) {
-+                rc =  RSA_set0_crt_params(new->rsa, ndmp1, ndmq1, niqmp);
-+                if (rc == 0) {
-+                    BN_free(ndmp1);
-+                    BN_free(ndmq1);
-+                    BN_free(niqmp);
-                     goto fail;
-                 }
-             }
-         }
- 
-         break;
-+    }
-     case SSH_KEYTYPE_ECDSA:
- #ifdef HAVE_OPENSSL_ECC
-         new->ecdsa_nid = key->ecdsa_nid;
-@@ -466,51 +508,64 @@ int pki_key_compare(const ssh_key k1,
-                     enum ssh_keycmp_e what)
- {
-     switch (k1->type) {
--        case SSH_KEYTYPE_DSS:
-+        case SSH_KEYTYPE_DSS: {
-+            const BIGNUM *p1, *p2, *q1, *q2, *g1, *g2,
-+                *pub_key1, *pub_key2, *priv_key1, *priv_key2;
-             if (DSA_size(k1->dsa) != DSA_size(k2->dsa)) {
-                 return 1;
-             }
--            if (bignum_cmp(k1->dsa->p, k2->dsa->p) != 0) {
-+            DSA_get0_pqg(k1->dsa, &p1, &q1, &g1);
-+            DSA_get0_pqg(k2->dsa, &p2, &q2, &g2);
-+            if (bignum_cmp(p1, p2) != 0) {
-                 return 1;
-             }
--            if (bignum_cmp(k1->dsa->q, k2->dsa->q) != 0) {
-+            if (bignum_cmp(q1, q2) != 0) {
-                 return 1;
-             }
--            if (bignum_cmp(k1->dsa->g, k2->dsa->g) != 0) {
-+            if (bignum_cmp(g1, g2) != 0) {
-                 return 1;
-             }
--            if (bignum_cmp(k1->dsa->pub_key, k2->dsa->pub_key) != 0) {
-+            DSA_get0_key(k1->dsa, &pub_key1, &priv_key1);
-+            DSA_get0_key(k2->dsa, &pub_key2, &priv_key2);
-+            if (bignum_cmp(pub_key1, pub_key2) != 0) {
-                 return 1;
-             }
- 
-             if (what == SSH_KEY_CMP_PRIVATE) {
--                if (bignum_cmp(k1->dsa->priv_key, k2->dsa->priv_key) != 0) {
-+                if (bignum_cmp(priv_key1, priv_key2) != 0) {
-                     return 1;
-                 }
-             }
-             break;
-+        }
-         case SSH_KEYTYPE_RSA:
--        case SSH_KEYTYPE_RSA1:
-+        case SSH_KEYTYPE_RSA1: {
-+            const BIGNUM *e1, *e2, *n1, *n2, *p1, *p2, *q1, *q2;
-             if (RSA_size(k1->rsa) != RSA_size(k2->rsa)) {
-                 return 1;
-             }
--            if (bignum_cmp(k1->rsa->e, k2->rsa->e) != 0) {
-+            RSA_get0_key(k1->rsa, &n1, &e1, NULL);
-+            RSA_get0_key(k2->rsa, &n2, &e2, NULL);
-+            if (bignum_cmp(e1, e2) != 0) {
-                 return 1;
-             }
--            if (bignum_cmp(k1->rsa->n, k2->rsa->n) != 0) {
-+            if (bignum_cmp(n1, n2) != 0) {
-                 return 1;
-             }
- 
-             if (what == SSH_KEY_CMP_PRIVATE) {
--                if (bignum_cmp(k1->rsa->p, k2->rsa->p) != 0) {
-+                RSA_get0_factors(k1->rsa, &p1, &q1);
-+                RSA_get0_factors(k2->rsa, &p2, &q2);
-+                if (bignum_cmp(p1, p2) != 0) {
-                     return 1;
-                 }
- 
--                if (bignum_cmp(k1->rsa->q, k2->rsa->q) != 0) {
-+                if (bignum_cmp(q1, q2) != 0) {
-                     return 1;
-                 }
-             }
-             break;
-+        }
-         case SSH_KEYTYPE_ECDSA:
- #ifdef HAVE_OPENSSL_ECC
-             {
-@@ -819,43 +874,65 @@ int pki_pubkey_build_dss(ssh_key key,
-                          ssh_string q,
-                          ssh_string g,
-                          ssh_string pubkey) {
-+    int rc;
-+    BIGNUM *bp, *bq, *bg, *bpub_key;
-+
-     key->dsa = DSA_new();
-     if (key->dsa == NULL) {
-         return SSH_ERROR;
-     }
- 
--    key->dsa->p = make_string_bn(p);
--    key->dsa->q = make_string_bn(q);
--    key->dsa->g = make_string_bn(g);
--    key->dsa->pub_key = make_string_bn(pubkey);
--    if (key->dsa->p == NULL ||
--        key->dsa->q == NULL ||
--        key->dsa->g == NULL ||
--        key->dsa->pub_key == NULL) {
--        DSA_free(key->dsa);
--        return SSH_ERROR;
-+    bp = make_string_bn(p);
-+    bq = make_string_bn(q);
-+    bg = make_string_bn(g);
-+    bpub_key = make_string_bn(pubkey);
-+    if (bp == NULL || bq == NULL ||
-+        bg == NULL || bpub_key == NULL) {
-+        goto fail;
-+    }
-+
-+    rc = DSA_set0_pqg(key->dsa, bp, bq, bg);
-+    if (rc == 0) {
-+        goto fail;
-+    }
-+
-+    rc = DSA_set0_key(key->dsa, bpub_key, NULL);
-+    if (rc == 0) {
-+        goto fail;
-     }
- 
-     return SSH_OK;
-+fail:
-+    DSA_free(key->dsa);
-+    return SSH_ERROR;
- }
- 
- int pki_pubkey_build_rsa(ssh_key key,
-                          ssh_string e,
-                          ssh_string n) {
-+    int rc;
-+    BIGNUM *be, *bn;
-+
-     key->rsa = RSA_new();
-     if (key->rsa == NULL) {
-         return SSH_ERROR;
-     }
- 
--    key->rsa->e = make_string_bn(e);
--    key->rsa->n = make_string_bn(n);
--    if (key->rsa->e == NULL ||
--        key->rsa->n == NULL) {
--        RSA_free(key->rsa);
--        return SSH_ERROR;
-+    be = make_string_bn(e);
-+    bn = make_string_bn(n);
-+    if (be == NULL || bn == NULL) {
-+        goto fail;
-+    }
-+
-+    rc = RSA_set0_key(key->rsa, bn, be, NULL);
-+    if (rc == 0) {
-+        goto fail;
-     }
- 
-     return SSH_OK;
-+fail:
-+    RSA_free(key->rsa);
-+    return SSH_ERROR;
- }
- 
- ssh_string pki_publickey_to_blob(const ssh_key key)
-@@ -889,23 +966,26 @@ ssh_string pki_publickey_to_blob(const s
-     }
- 
-     switch (key->type) {
--        case SSH_KEYTYPE_DSS:
--            p = make_bignum_string(key->dsa->p);
-+        case SSH_KEYTYPE_DSS: {
-+            const BIGNUM *bp, *bq, *bg, *bpub_key;
-+            DSA_get0_pqg(key->dsa, &bp, &bq, &bg);
-+            p = make_bignum_string((BIGNUM *)bp);
-             if (p == NULL) {
-                 goto fail;
-             }
- 
--            q = make_bignum_string(key->dsa->q);
-+            q = make_bignum_string((BIGNUM *)bq);
-             if (q == NULL) {
-                 goto fail;
-             }
- 
--            g = make_bignum_string(key->dsa->g);
-+            g = make_bignum_string((BIGNUM *)bg);
-             if (g == NULL) {
-                 goto fail;
-             }
- 
--            n = make_bignum_string(key->dsa->pub_key);
-+            DSA_get0_key(key->dsa, &bpub_key, NULL);
-+            n = make_bignum_string((BIGNUM *)bpub_key);
-             if (n == NULL) {
-                 goto fail;
-             }
-@@ -937,14 +1017,17 @@ ssh_string pki_publickey_to_blob(const s
-             n = NULL;
- 
-             break;
-+        }
-         case SSH_KEYTYPE_RSA:
--        case SSH_KEYTYPE_RSA1:
--            e = make_bignum_string(key->rsa->e);
-+        case SSH_KEYTYPE_RSA1: {
-+            const BIGNUM *be, *bn;
-+            RSA_get0_key(key->rsa, &bn, &be, NULL);
-+            e = make_bignum_string((BIGNUM *)be);
-             if (e == NULL) {
-                 goto fail;
-             }
- 
--            n = make_bignum_string(key->rsa->n);
-+            n = make_bignum_string((BIGNUM *)bn);
-             if (n == NULL) {
-                 goto fail;
-             }
-@@ -964,6 +1047,7 @@ ssh_string pki_publickey_to_blob(const s
-             n = NULL;
- 
-             break;
-+        }
-         case SSH_KEYTYPE_ECDSA:
- #ifdef HAVE_OPENSSL_ECC
-             rc = ssh_buffer_reinit(buffer);
-@@ -1065,13 +1149,15 @@ int pki_export_pubkey_rsa1(const ssh_key
-     char *e;
-     char *n;
-     int rsa_size = RSA_size(key->rsa);
-+    const BIGNUM *be, *bn;
- 
--    e = bignum_bn2dec(key->rsa->e);
-+    RSA_get0_key(key->rsa, &bn, &be, NULL);
-+    e = bignum_bn2dec(be);
-     if (e == NULL) {
-         return SSH_ERROR;
-     }
- 
--    n = bignum_bn2dec(key->rsa->n);
-+    n = bignum_bn2dec(bn);
-     if (n == NULL) {
-         OPENSSL_free(e);
-         return SSH_ERROR;
-@@ -1136,6 +1222,7 @@ static ssh_string pki_dsa_signature_to_b
- {
-     char buffer[40] = { 0 };
-     ssh_string sig_blob = NULL;
-+    const BIGNUM *pr, *ps;
- 
-     ssh_string r;
-     int r_len, r_offset_in, r_offset_out;
-@@ -1143,12 +1230,13 @@ static ssh_string pki_dsa_signature_to_b
-     ssh_string s;
-     int s_len, s_offset_in, s_offset_out;
- 
--    r = make_bignum_string(sig->dsa_sig->r);
-+    DSA_SIG_get0(sig->dsa_sig, &pr, &ps);
-+    r = make_bignum_string((BIGNUM *)pr);
-     if (r == NULL) {
-         return NULL;
-     }
- 
--    s = make_bignum_string(sig->dsa_sig->s);
-+    s = make_bignum_string((BIGNUM *)ps);
-     if (s == NULL) {
-         ssh_string_free(r);
-         return NULL;
-@@ -1201,13 +1289,15 @@ ssh_string pki_signature_to_blob(const s
-             ssh_string s;
-             ssh_buffer b;
-             int rc;
-+            const BIGNUM *pr, *ps;
- 
-             b = ssh_buffer_new();
-             if (b == NULL) {
-                 return NULL;
-             }
- 
--            r = make_bignum_string(sig->ecdsa_sig->r);
-+            ECDSA_SIG_get0(sig->ecdsa_sig, &pr, &ps);
-+            r = make_bignum_string((BIGNUM *)pr);
-             if (r == NULL) {
-                 ssh_buffer_free(b);
-                 return NULL;
-@@ -1219,7 +1309,7 @@ ssh_string pki_signature_to_blob(const s
-                 return NULL;
-             }
- 
--            s = make_bignum_string(sig->ecdsa_sig->s);
-+            s = make_bignum_string((BIGNUM *)ps);
-             if (s == NULL) {
-                 ssh_buffer_free(b);
-                 return NULL;
-@@ -1324,6 +1414,7 @@ ssh_signature pki_signature_from_blob(co
-     ssh_string s;
-     size_t len;
-     int rc;
-+    BIGNUM *pr = NULL, *ps = NULL;
- 
-     sig = ssh_signature_new();
-     if (sig == NULL) {
-@@ -1363,9 +1454,9 @@ ssh_signature pki_signature_from_blob(co
-             }
-             ssh_string_fill(r, ssh_string_data(sig_blob), 20);
- 
--            sig->dsa_sig->r = make_string_bn(r);
-+            pr = make_string_bn(r);
-             ssh_string_free(r);
--            if (sig->dsa_sig->r == NULL) {
-+            if (pr == NULL) {
-                 ssh_signature_free(sig);
-                 return NULL;
-             }
-@@ -1377,9 +1468,15 @@ ssh_signature pki_signature_from_blob(co
-             }
-             ssh_string_fill(s, (char *)ssh_string_data(sig_blob) + 20, 20);
- 
--            sig->dsa_sig->s = make_string_bn(s);
-+            ps = make_string_bn(s);
-             ssh_string_free(s);
--            if (sig->dsa_sig->s == NULL) {
-+            if (ps == NULL) {
-+                ssh_signature_free(sig);
-+                return NULL;
-+            }
-+
-+            rc = DSA_SIG_set0(sig->dsa_sig, pr, ps);
-+            if (rc == 0) {
-                 ssh_signature_free(sig);
-                 return NULL;
-             }
-@@ -1427,10 +1524,10 @@ ssh_signature pki_signature_from_blob(co
-                 ssh_print_hexa("r", ssh_string_data(r), ssh_string_len(r));
- #endif
- 
--                make_string_bn_inplace(r, sig->ecdsa_sig->r);
-+                pr = make_string_bn(r);
-                 ssh_string_burn(r);
-                 ssh_string_free(r);
--                if (sig->ecdsa_sig->r == NULL) {
-+                if (pr == NULL) {
-                     ssh_buffer_free(b);
-                     ssh_signature_free(sig);
-                     return NULL;
-@@ -1448,10 +1545,16 @@ ssh_signature pki_signature_from_blob(co
-                 ssh_print_hexa("s", ssh_string_data(s), ssh_string_len(s));
- #endif
- 
--                make_string_bn_inplace(s, sig->ecdsa_sig->s);
-+                ps = make_string_bn(s);
-                 ssh_string_burn(s);
-                 ssh_string_free(s);
--                if (sig->ecdsa_sig->s == NULL) {
-+                if (ps == NULL) {
-+                    ssh_signature_free(sig);
-+                    return NULL;
-+                }
-+
-+                rc = ECDSA_SIG_set0(sig->ecdsa_sig, pr, ps);
-+                if (rc == 0) {
-                     ssh_signature_free(sig);
-                     return NULL;
-                 }
-@@ -1578,8 +1681,12 @@ ssh_signature pki_do_sign(const ssh_key
-             }
- 
- #ifdef DEBUG_CRYPTO
--            ssh_print_bignum("r", sig->dsa_sig->r);
--            ssh_print_bignum("s", sig->dsa_sig->s);
-+            {
-+                const BIGNUM *pr, *ps;
-+                DSA_SIG_get0(sig->dsa_sig, &pr, &ps);
-+                ssh_print_bignum("r", (BIGNUM *) pr);
-+                ssh_print_bignum("s", (BIGNUM *) ps);
-+            }
- #endif
- 
-             break;
-@@ -1601,8 +1708,12 @@ ssh_signature pki_do_sign(const ssh_key
-             }
- 
- # ifdef DEBUG_CRYPTO
--            ssh_print_bignum("r", sig->ecdsa_sig->r);
--            ssh_print_bignum("s", sig->ecdsa_sig->s);
-+            {
-+                const BIGNUM *pr, *ps;
-+                ECDSA_SIG_get0(sig->ecdsa_sig, &pr, &ps);
-+                ssh_print_bignum("r", (BIGNUM *) pr);
-+                ssh_print_bignum("s", (BIGNUM *) ps);
-+            }
- # endif /* DEBUG_CRYPTO */
- 
-             break;
diff --git a/0001-threads-Use-new-API-call-for-OpenSSL-CRYPTO-THREADID.patch b/0001-threads-Use-new-API-call-for-OpenSSL-CRYPTO-THREADID.patch
deleted file mode 100644
index 139ae71..0000000
--- a/0001-threads-Use-new-API-call-for-OpenSSL-CRYPTO-THREADID.patch
+++ /dev/null
@@ -1,80 +0,0 @@
-From 2dff359a331c5c9aab2435c470596b0fee7a502a Mon Sep 17 00:00:00 2001
-From: Andreas Schneider <asn@cryptomilk.org>
-Date: Sun, 6 Nov 2016 12:07:32 +0100
-Subject: [PATCH] threads: Use new API call for OpenSSL CRYPTO THREADID
-
-BUG: https://red.libssh.org/issues/222
-
-Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
----
- ConfigureChecks.cmake |  3 +++
- config.h.cmake        |  3 +++
- src/threads.c         | 19 +++++++++++++++++--
- 3 files changed, 23 insertions(+), 2 deletions(-)
-
-Index: libssh-0.7.5/ConfigureChecks.cmake
-===================================================================
---- libssh-0.7.5.orig/ConfigureChecks.cmake	2017-08-22 09:52:57.756607716 +0200
-+++ libssh-0.7.5/ConfigureChecks.cmake	2017-08-22 09:53:16.480897731 +0200
-@@ -91,6 +91,10 @@ if (OPENSSL_FOUND)
- 
-     set(CMAKE_REQUIRED_INCLUDES ${OPENSSL_INCLUDE_DIR})
-     check_include_file(openssl/ecdsa.h HAVE_OPENSSL_ECDSA_H)
-+
-+    set(CMAKE_REQUIRED_INCLUDES ${OPENSSL_INCLUDE_DIR})
-+    set(CMAKE_REQUIRED_LIBRARIES ${OPENSSL_CRYPTO_LIBRARY})
-+    check_function_exists(CRYPTO_THREADID_set_callback HAVE_OPENSSL_CRYPTO_THREADID_SET_CALLBACK)
- endif()
- 
- if (CMAKE_HAVE_PTHREAD_H)
-Index: libssh-0.7.5/config.h.cmake
-===================================================================
---- libssh-0.7.5.orig/config.h.cmake	2017-08-22 09:52:41.940362760 +0200
-+++ libssh-0.7.5/config.h.cmake	2017-08-22 09:52:57.756607716 +0200
-@@ -76,6 +76,9 @@
- 
- /*************************** FUNCTIONS ***************************/
- 
-+/* Define to 1 if you have the `CRYPTO_THREADID_set_callback' function. */
-+#cmakedefine HAVE_OPENSSL_CRYPTO_THREADID_SET_CALLBACK 1
-+
- /* Define to 1 if you have the `snprintf' function. */
- #cmakedefine HAVE_SNPRINTF 1
- 
-Index: libssh-0.7.5/src/threads.c
-===================================================================
---- libssh-0.7.5.orig/src/threads.c	2017-08-22 09:52:41.944362821 +0200
-+++ libssh-0.7.5/src/threads.c	2017-08-22 09:52:57.756607716 +0200
-@@ -116,6 +116,15 @@ static void libcrypto_lock_callback(int
- 	}
- }
- 
-+#ifdef HAVE_OPENSSL_CRYPTO_THREADID_SET_CALLBACK
-+static void libcrypto_THREADID_callback(CRYPTO_THREADID *id)
-+{
-+    unsigned long thread_id = (*user_callbacks->thread_id)();
-+
-+    CRYPTO_THREADID_set_numeric(id, thread_id);
-+}
-+#endif /* HAVE_OPENSSL_CRYPTO_THREADID_SET_CALLBACK */
-+
- static int libcrypto_thread_init(void){
- 	int n=CRYPTO_num_locks();
- 	int i;
-@@ -127,8 +136,14 @@ static int libcrypto_thread_init(void){
- 	for (i=0;i<n;++i){
- 		user_callbacks->mutex_init(&libcrypto_mutexes[i]);
- 	}
--  CRYPTO_set_id_callback(user_callbacks->thread_id);
--	CRYPTO_set_locking_callback(libcrypto_lock_callback);
-+
-+#ifdef HAVE_OPENSSL_CRYPTO_THREADID_SET_CALLBACK
-+    CRYPTO_THREADID_set_callback(libcrypto_THREADID_callback);
-+#else
-+    CRYPTO_set_id_callback(user_callbacks->thread_id);
-+#endif
-+
-+    CRYPTO_set_locking_callback(libcrypto_lock_callback);
- 
- 	return SSH_OK;
- }
diff --git a/libssh-0.7.5.tar.asc b/libssh-0.7.5.tar.asc
deleted file mode 100644
index f861d73..0000000
--- a/libssh-0.7.5.tar.asc
+++ /dev/null
@@ -1,16 +0,0 @@
------BEGIN PGP SIGNATURE-----
-
-iQIzBAABCAAdFiEEjf9T4Y8qvI2PPJIjfuD8TcwBTj0FAljvjLwACgkQfuD8TcwB
-Tj1QFQ/+L44oVeYqw7LM8kRRaC7aaMnk5BOew3yGM8EJRB5duHeGAplIhcrAKB99
-w1J15/w9B4+LI2NipkBSF3bukXT2HpPLr+uSVwo0pN/jx8EKJ6iK67+uIyLEDvTI
-sfqFXrkE/0OQMWoIWLmNPsyZIQ7W+a3iuswhPOpV/oHLnoiGbjYzioJHoV+HaDWt
-PKBiHEl/zOCGKF+z7/OZTgsdeEfJ8V5zBJtvcs2VN+jGDt0BOnal55dVo1TCeW6P
-wkvNHPpBOydKLOe/RONINdIJWBwmWPOY+FqINqKSIpyOR9oRrvR6xLfn8l21Rz4G
-6LZnOQY576G2xds9xnXKQ2viti0c3mhm5bnllfXf8Mtkpougb9772xLWdZjlsP1m
-H12ApruuTd4LDniPceY8xVMWo4jLqmz4YdD7O7ql1StTmxgHVRVSUUceftfNd0F1
-8OhTRO3ncG7lFXowPsYPhfcdwopGXlJszuuaiOUCfGo37vzGe03/vUiVGGRqNqPY
-ToKbNe8VRG3oLyD/u9wcTOaY5MC2Noym/ABCr5DjC7mwHf4dKABq893SMOibZLg1
-cPE/MjRD52yi2gR8WbHyjQRG9Xi0v1YUyBPeiaWnccvUWND4GiWjkABVzl22g24W
-XZMygDuNxavtw0kRozwpD2Fbj76TFVG5p/9cJXLdGJ4NfrseJT0=
-=Y+Av
------END PGP SIGNATURE-----
diff --git a/libssh-0.7.5.tar.xz b/libssh-0.7.5.tar.xz
deleted file mode 100644
index 9b3d096..0000000
--- a/libssh-0.7.5.tar.xz
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:54e86dd5dc20e5367e58f3caab337ce37675f863f80df85b6b1614966a337095
-size 351632
diff --git a/libssh-0.8.3.tar.xz b/libssh-0.8.3.tar.xz
new file mode 100644
index 0000000..c4594af
--- /dev/null
+++ b/libssh-0.8.3.tar.xz
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:302f31f606f2368cd3ce77d7a69f7464c18eae176e73e59102e0524401bd29d0
+size 422244
diff --git a/libssh-0.8.3.tar.xz.asc b/libssh-0.8.3.tar.xz.asc
new file mode 100644
index 0000000..35abd42
--- /dev/null
+++ b/libssh-0.8.3.tar.xz.asc
@@ -0,0 +1,16 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAABCAAdFiEEjf9T4Y8qvI2PPJIjfuD8TcwBTj0FAlukpGkACgkQfuD8TcwB
+Tj3qsA//bPS3hYBbKIChg1+o2s/lAbkjV6mv5LR9gyTljjUAikFNf/AN/yrNLD/H
+0sAAD8S2Mj5t4+daUronpX9IJPZtimFB3WoBl+S9J9ybyzpgsspTNv0KZt/O9Vt+
+QamOYkMXDtDcqUCHxIzURKiIc6ATsobiUx6EhWOSa8fFsnW6golCJtHzHi5fKsPF
+x92J5gZ4jUehZJEiX/LmqFCblLK5qV8g/F+TauWg9jL5m0SNuR0gfDxi3VNV+yeG
+gCtneHNrg/Jq9PwI71dIAQ+EDxYARBrLRe7zNSJgZHNuHttyVZaObgO/tFGzAwfj
+g+9cuBTHvkKbgM0CodT9ftmdXU8Gt2/3yugfP/FSHUKCy9YgOM5Yo+T8lhAw3Pnt
+5ZienZztJwBabui7rWeebhaBSFNuaFUhp1V5HOBT1YjKWlr3yqSGs2PmYYA7Ioeq
+ulcyUsNZFXj7hALCxhyBfcwz+USWBpjuxZz5gK5uXbwWcxZUkiRTCXprKiN8jUn/
+1/wteO4inm3dpKM3oMuxsk6c64JZnbXkD9vPEP7Fv48nPVVcqs+jk5RPK7iOBUgd
+bglc6F05cnUzFz78Lj/FIgEqdYV/vGtxxpwOCRPBDhDWvjbDltN7GkcKQ7ItNd9L
+UpMir12LL1Lo32IWxH457dKSCut2/+wGGLcXjUMMhhs/6UDqerg=
+=uDol
+-----END PGP SIGNATURE-----
diff --git a/libssh.changes b/libssh.changes
index 6049222..8dfa336 100644
--- a/libssh.changes
+++ b/libssh.changes
@@ -1,3 +1,84 @@
+-------------------------------------------------------------------
+Fri Sep 21 08:32:56 UTC 2018 - Andreas Schneider <asn@cryptomilk.org>
+
+- Update to version 0.8.3
+  * Added support for rsa-sha2
+  * Added support to parse private keys in openssh container format
+    (other than ed25519)
+  * Added support for diffie-hellman-group18-sha512 and
+    diffie-hellman-group16-sha512
+  * Added ssh_get_fingerprint_hash()
+  * Added ssh_pki_export_privkey_base64()
+  * Added support for Match keyword in config file
+  * Improved performance and reduced memory footprint for sftp
+  * Fixed ecdsa publickey auth
+  * Fixed reading a closed channel
+  * Added support to announce posix-rename@openssh.com and
+    hardlink@openssh.com in the sftp server
+- Removed patch: 0001-poll-Fix-size-types-in-ssh_event_free.patch
+
+-------------------------------------------------------------------
+Thu Aug 30 06:00:24 UTC 2018 - Andreas Schneider <asn@cryptomilk.org>
+
+- Update to version 0.8.2
+  * Added sha256 fingerprints for pubkeys
+  * Improved compiler flag detection
+  * Fixed race condition in reading sftp messages
+  * Fixed doxygen generation and added modern style
+  * Fixed library initialization on Windows
+  * Fixed __bounded__ attribute detection
+  * Fixed a bug in the options parser
+  * Fixed documentation for new knwon_hosts API
+- Added patch: 0001-poll-Fix-size-types-in-ssh_event_free.patch
+  * Fix compiler warning on SLE12
+
+-------------------------------------------------------------------
+Mon Aug 27 09:25:49 UTC 2018 - vcizek@suse.com
+
+- Add missing zlib-devel dependency which was previously pulled in
+  by libopenssl-devel
+
+-------------------------------------------------------------------
+Tue Aug 14 13:34:19 UTC 2018 - asn@cryptomilk.org
+
+- Remove the libssh_threads.so symlink
+
+-------------------------------------------------------------------
+Mon Aug 13 20:26:03 UTC 2018 - asn@cryptomilk.org
+
+- Update to version 0.8.1
+  * Fixed version number in the header
+  * Fixed version number in pkg-config and cmake config
+  * Fixed library initialization
+  * Fixed attribute detection
+
+-------------------------------------------------------------------
+Fri Aug 10 12:01:17 UTC 2018 - asn@cryptomilk.org
+
+- Update to version 0.8.0
+  * Removed support for deprecated SSHv1 protocol
+  * Added new connector API for clients
+  * Added new known_hosts parsing API
+  * Added support for OpenSSL 1.1
+  * Added support for chacha20-poly1305 cipher
+  * Added crypto backend for mbedtls crypto library
+  * Added ECDSA support with gcrypt backend
+  * Added advanced client and server testing using cwrap.org
+  * Added support for curve25519-sha256 alias
+  * Added support for global known_hosts file
+  * Added support for symbol versioning
+  * Improved ssh_config parsing
+  * Improved threading support
+- Removed 0001-libcrypto-Remove-AES_ctr128_encrypt.patch
+- Removed 0001-libcrypto-Introduce-a-libcrypto-compat-file.patch
+- Removed 0001-libcrypto-Use-newer-API-for-HMAC.patch
+- Removed 0001-libcrypto-Use-a-pointer-for-EVP_MD_CTX.patch
+- Removed 0001-libcrypto-Use-a-pointer-for-EVP_CIPHER_CTX.patch
+- Removed 0001-pki_crypto-Use-getters-and-setters-for-opaque-keys-a.patch
+- Removed 0001-threads-Use-new-API-call-for-OpenSSL-CRYPTO-THREADID.patch
+- Removed 0001-cmake-Use-configure-check-for-CRYPTO_ctr128_encrypt.patch
+- Removed 0001-config-Bugfix-Dont-skip-unseen-opcodes.patch
+
 -------------------------------------------------------------------
 Fri Mar  9 14:12:28 UTC 2018 - jmcdonough@suse.com
 
diff --git a/libssh.keyring b/libssh.keyring
index 1cf6ab82adab9875989edc4418615f944e6ff66b33f94b580b7d960b834d1306..da7a828d183d177caf63eead37cdfcea0a46ea1f7a2f6a75b1c7d5bfed89bfaa 100644
GIT binary patch
literal 3432
zcma*p_ct4i!ocx}QL!m1M$D?3u}kf!7>&Kfo>jzNwfC+*)QGKCjjC0OQpBF2iW)Uz
zuiB;D=e_5i^FF`a_q_kZ=X}pM8%R!|t2L&GM+F!>lQPCyyIvl`cuN@$-G>|ou&}^A
zn93lyCo!q)4>ia3)el-n*1nj^vXJGQThLGx{NnCp;L^s1(PBlSFEXaSzqiqHCY|Id
zZL;oMaJk9*-Y}D^u@0LTMT-kB>#wDZL;*&GW~y!D9OJcT_H}-W3Uz%p8N&m4CUS7>
zD-$(<Q0Rin2ZbvT#4@%p*p-6Qpdn}&eXD!b!oW3Vdv^x`%vCCkv$DP~_2;fG63dDF
z)Vs*PTRs0wyTTsNR1PXoSSG@*;uag+hDv{3K1O>KGF!hH;-%I|{sgrT=$64vNgx3y
zk6cyafMfnTZk;oDS-&XwToz$?4HG2<BD)9|X7ff8jPsXm%i$S=KY8d3tEZznrNI)=
zqjaR2ssOtUGg1@3&Nq2i=-WuipLf^WR->@AT|d5v#;2?GmSH}<BXQipud9?v=-6?)
zEFl^7%MWlpPmdQYRRGfLVs}1vgvFDr6%@0(K300ZJTX!3RY`)`CaE)#hx`LVvr}%e
zw1yY=Vl9bO0{7wPt+iuxg<oG5>!`IX4V3Z4b)oAz=2pZRy9};;0<bn_kHW4QJPZ?9
zFgKvbSpU$^a#zQG7AK5?ngP4ulU-$2=Jd6T^k!DL6~I_`{q;q=hhIf)1TMT-6|QOK
z#hda}=ONmQm@=o48D>gB`uUi48bFN)z-#1IbhGocxAtPwvvqQ_e_?0u$tGj%<)&ck
z8Q|`Xa(&_QQV`|oC>IZuA-InR1aJeH@b8g=i0|P8@rdY%fglo60(u}m9uR^Dd=N$m
z)YY0y1%mMaBp|B4(I7_fG-dsvRDkl6bCGmiA5G$Wu-n+uzoaaMu@$LFQM>wT1WY?3
zkl`S1YZ{^K;Uc068akUF1?XQKYWin<?<+A|Y2ZU<kZ^2GPcRAH38F?<39)cFRo0M{
zfK)D$ybXdHo>R_qf+5tTaDS_T&5Ma%Qm@G;UzWb@ER&0dP!?BHkITj|CtGNKbVNej
z^lkm9-UehnIPes}p8v8%fo!NF=Q^yS+AIR;^i0_BpS^!=Kj~h~_;AMZ4aWG-`p&!R
zpR#c?AE884S%wnC0!E2!;Y>4$>5i8V5ANh!F7EuIOa^XfzIy*w!jmz`@A~n$ZZ3Kg
z_oO8&P2}g~Fh|=CGB}UT*PCi)s-!iX!EppqJumx>_>mJMVZVI0?SbIjgQ{c_NSakw
z`4M;YuIJ}Z9T^iUjIA37yxz}`Mmtk$DQGlQZ;o7J6d{8@R}%Vub^jQ{AoY1A!V6a}
zv)ZQ)9{<)V|MRryQ3(L|g3`GU8lUg+XGNQ0987ZjhsSeg755GLk>uV|j8CTO-17Gv
zp;H2@iV;>N2EwE?4A%-Jox5bFe5|m>t#R1^fctzM(v~NmEYbIh+dMvRX}aigPdaE%
z?Nu{Q8@b}hI16GDuQ{koe6uP1gVwzmj*n|oJw`I`<@$kdICa^!IpsB8Hl<_3bj@{R
zmU>q6v#(>p&V~FexOG?~`+s5PW$kKX{U2dc{}#si{}A?1UUBM_cZOh|e%=GAb4Kd6
zX+>srORAGXdV`JT-=yuy#W_)o!oK<w5n8|m4<5;?^L~}u)hu%kA`n62Cf3wg7lNVh
zQKuQrvg+-QJ_O+}Y^L8Z#vl`fv4QJuZN_L*mKxwri6mHuztuWXot>ZSI-9@xf^BSv
z%Hk}`Yyao{>7sq?s3>&C@=*tymxWj=yV^oAKmHzcTphuh`yDHy4=kVKb4hh>DFyk-
zU>-M>wcYvD^B8qsX(~3PB-dPhXkLknp5KaY-ZvbDy87eWgJ-Bw9f8=4N$8C91iw8`
zxj*TZjb$9wiJnswT}*k;O^OA**D2X9!-em&Su-eTo|Cn54lh)QPr;w+x&gCH@u7_-
zEQZR+2z`&wMOyH6uMiEFGewgo`PtW&$&<ujL+<=8NfYy%(%gz79oCu7Lb}g<rU!!s
zr6$F>5lODY-`63il0sKZbPatrF_~toqOs)!+e-?K*ID_Amsgsij+&6!VzOiML>Vxu
zrco_mQ;jwd<&lWc7-53eO(L}0lB|1YJ#F88*WM>ZZcrE#eiJEks%aCtQb%tjjR8BV
ze7pCKRwR=|cZgMesASEajgof2Q-(qgESH*UV_8zy#P7$N3%ykl@H*wxT&qn<Y2QS)
zb0!JEFN?I0uQb)=!x_P6ZykS$#hiDc5w{vyLh_9q|Am*Qy`7V_x1cS`_3wiH#}^^c
z@CIk{e=7T@FSsZbpvTa>ymykBQMd5%ow{~hF8%j}XMNe#iHeLGSoPE)gOBbfoSALf
zF?Id99)$^fWAle0j3GA8$=k(dm|1WKh^YXkr)_>fIZ>LNGUFuWq_5mS#HG@*PjJEQ
zACBeFxIa7yBjx`~J5-Doq1CXpq^eOvX?jP}k|sAm#uCHfwFU$pi%jP&lN)i$i<_<%
zI#iH+507AW6^$2<rFB>V7H8@fG~a&Wx-THchjmwYw&=@&@rvXivU!*&R<0WENa@&U
zw49x3)}*`1l7lmjgiRu1s^nx<&`BfX@d8O}pC=;Dm@oHpi!NUXN4qbJ(ywyFJOT%*
zGt*8_A;rAPm-So5$dFu#0;sp@%kpA->Z9tJ(U=;XJC|feP;3osXIaj=qvT`Ic%BEf
zMW1;8Wb||V1yWEW;B>RaL(dU%C6CpshsL)Z@IWA2<@He-4n)I~_vGcynDD7n(F%9M
ztLI{euUf!LrBHpc^W?3`t&vasi6N}_tKo*D_)WA=zE!@?{A&?VL$KoO)~|}TvfS7+
zUXclP7$|wNZ6!TZU{elwB=Wp2$7HA(H6Xwl4^tcrnF>Le61(<)4BH5lK`(He^UGy*
z%b`7!GiNz&5S>wD4`49*&E0Cr$t-DGPI5I&KYqekSA0EePKz{T#EXasY{9c6dv{yv
zL%{X<f3FEUcO4}anUf#2&WFuY9Dlxiy<hKu?~}3{>H@+be$s7xul(fTdfJuJ;uyp)
z6t3uCz<)`528o7Nyd$l2l|Y5&XPoxUyIdGMRwuhk6WWJ9^{u<7yf3T#u|{}N_jm0p
ziG*>B&4R**r*0}{4{oPZYS;#x*!+in_-dxU5>=M*(Q(>mhqs_R4`+9##H{rQDNmd$
z<3GL8m+<sdGPM2bt85rcnlbx3j&ys+ad~WnSHEpcNB8I?{?K>A2c+HN0Em|MzNi4e
zszZ^O3|CJCW&}y2kY0M)Q)(7n%-OHtW{!&MCPB`pRyAe6PtJ9^PT^+x5Ms?2lpEcg
zxLE42T2Q;)-@I2rN3bZf`ZGVsESUm*azDxK)1S)?X1dOY6Fk110>vSA>xs@(83LvN
zrqZ8RqPwhP2MbDS8dN(KLk<<PcIoI7CV{$~1iP)O)}3Dv#?U$O>M0^X91Y&-2YtVD
z7BEl8V*IU1za57kjLA}OZbyBE4RPh&y<U51m;K|*WkyL(d-Ze_B8|+AJ2#`{oy2p~
z%fX><C6}K?76V0o^C`_khP8GWv)*38V@BzX25k^&b_2E^DS0BY)Z@F1=8unNeq}hY
zxARwiM-i^4o2J$i>8`PFdQ<wg2&gHeMis)8M2ZRHuARlw*ihq+!WUbMBzb$s1MX)3
zzNUB}D*?mbHw5~h;Tcl|GLikW819plx6<MSCR1{4S$tQEiccC_9kqt}-@J)R@KO@2
zn?l>S*AN%(*I0Dhl5g_`w+fV-wDz^?%e-M<C3)!{^t4?_TS_UL^8wlmS0VjkPt0b0
z!2pFBbm^l_JIf1@?xcus3k^TE5jk9&CKbocB|@#VrP+QMzk%ap@W3IK(5a6k_Y;C@
zPo%@WHEP%btZO6Qe^okPJv4Zxfj7jfayx1{G7NeWeJaLAp|sVUSF}$RJ3^z*!VLRz
zvt_0Sp9q^0<xU>C+^^F)pKXO*>8GLAobn_18oHSlg1D@CVQ@t^{77jP+?~bsVsupi
zx!ysj!tWst*4B-=Dlp12NVb<o>B|9bzI+YYMDxj^+?*_K=k1?_vXW+YMq5Fgxu<yI
z73AXcQXG+%_Af+SWC4-kK~oR45ff-Lb1iWx_+rleU3#diM(^1R;zGf90!!plR61*C
zs=9p%aNF+C0P%>;00GLv7ozi8D%0m6&DgGm$ag&vThM`$#;S<X723K2s$e<|&q7lQ
zW1P`E+<>->ro4Abem9=|F=4Q<)fXi_hC?5-{)I4qJ<*-gGX^b5V}^M4xQA-l?J3`=
z+j%iAdqjf#6K6CNg}+~#7iki!4|J-=5~{hT*G;m(8i?A7`d1HoY>4HBTts484LyV#
WZDm2tMA4T=UAs2at-!xR8~z2&g;JCN

literal 4331
zcmaKwM+?Nrc7^x)6|=Mv?<pt4ER=K3+9|YhXtiSN*SlwI%rh7ZY9**!MV))TQ}vI3
z{60>URqGE&cK&ce&QSS3bTR#dGi+Y}>+e5+==IsUW&V#p<oR&qKTh<Y@IMjekAIV`
z5Hh;?xc?mhCRepMNpqe-<V04`m|#rdSlU6G5%e`oDNN9_t@m8)v$=4g$)#=ddclak
z@dm3U1hN~F+jX7lL!hB%)?2a0AjnZcS?lDHYOO67+K-{!g;yhltJ}A4h5N|7k?DP>
zTn2z838vH3V%7cG&W(s3lZ~#Z@Qu?^H}GWQ_^x1y-O8*Rw^N;?0rVJ&io=05FsKB)
zm0&@4cqRC&sbknyk@%_2BZo$VIJjnbCI^CUoJI3D``mQB<`J%~-`3I&Vc(JpFzjPP
z;mBR(kc)f#GID-0J4r5<iaAg)?8(}e91cVcW3FdQ+gTVdK$yMyXM&%s1X#zMi!fK&
zjljd0gpf;4=?4E479y~P<Gxw<OTx&eNGQy2-g>^q`pZ-il%e@Ju@vw`@>mDyMQdK^
zht00WYMF?*uqC-gexdNu17?BFcWNTS0PdKM>#z;#-vsB7yZowvHlxl8ySn5n6L}-x
z_%Rv@ECd@;$^=eXyAxpuiv}(?e1&Xm)ZUR)vQS;k#Zo^^z<7_@V7&zD`=|!f2SpEu
z(OD`jLd)L#**z#HKQtaKCihuJNjoe`eRqd?W$S(Ja|>ABhl}bFc~w#ue_t$kw|BHG
z)$LrGUP*XO4Io%cSaO=VF%SfK&kqT^wW0+*L--h=z*WOatxu>Bb}ACK>L5=na_5Vc
z9b@L&_q(TM?}ul>V&`rlZgAtM#Sn2>k9AoN*!herChwcY(xXaNpUcFU$KF_WES)CS
z;mX$cm2hx@BJV=pjsnwWXBl{hbpzH_SwL&lg1t(EcN>MhRE}#ym2C!{zucH@Opa~w
z-*~Z{tN8(=yKFmfEW2o;LN$<xnE)H&%uDz!Mz0^H*TZm*Y@V$IXnBo8Kh|a?FN69O
zNyO7Q?p)25GHO0+#SYBAq$mR`r$*_%*3+qWeiR@&Ijy(d1@en7`9M}arN!`V@&q~J
zy8~8&mOX9wS5HL0wIG59OsPNxX6t1S_jtI%Q?s8LMv!>S@ofWpA@-*c0t*yKeG^NX
zY1^-r4CIv|*Q*%49;j|UdSy*Q&FT)<#WzK1Ep251Er_Ny_SdV8g4kyTFQ1&O(ypal
zMg#%9Tl$@%z4pMzqM6QmT_&5lla!)7k0jlf=Vaz(jB<@@FA8#~9)qx#7?(XQZX65_
zD(6V?>#CMFuvL>pfGK`xU108z|NZI|Io{0db7;j02~7HA<F)g{ksJD8A<tKf+$4%a
zYdzIb86c5|#kXXTn(|EZxkO?*v46-I7SsGVl0%<8lQvOk&}my7b`^5Cy&c5Yw}RSk
zE55+Bf9zYjL%q+r#a8gicmk@M$$+dGn-u3aD@?h|tas0A^Q<s<#M;mOo34hJ^7wQB
zvAfsCE(*3}$O!itZsmmmxnipKrUI)emwtnr4_e`lE{iCk_K^%|?4~cvPR!xHfP;Xc
zUk}Q!Z&r2L@7Qt$r-V06i6gaxnVZ<sEbombKk-g|WMg=hH`;pFGL!=G*;Rm!u9DJj
zOs=m!?1Z=aFh>5fOgQEIB+_MUbGrFGQ|&#j3x8F_;R&6Xia!YOESpLIJ8BO65m~+&
z+?v6`9x_3P&OG1c>p(qdv8Ch7MO9rAZZw_Y<6$}9b=esXQK!jU;F&(P%xYC0+DvLT
z+bdL!f35I$ft&uj0Q>8RXxYKtXeHs|Urt7~04_ab-H>T1_KQ(OrC*+;GKcKqa79D8
z(p@69XfaoDXjDtYoBZ*JotOT{0)YS10~D(*Vy!hM=9@jF#`c3KUcWu_CNE#6!e2ir
zUMA1FX$0`Bs`1SxN{#w!YW4LSNyCPGI6(fuvO4c^Anx4O!%DW3wz>c@vF!JXe&7Vt
zE*@|&5vPdnT6FA28k2E{7UNXWZo=K%OtKJGHHTf^w=TRs%vQ-CP)`$Im3h~P2}a6+
zSW;g%R|tM<Sd%PB*OHvP>y!i$(DIU%U9Whr!#fV7%i|W^*<&57d-M$B-FEQO0tO#Y
zlmFeAuV9lc_hPd4p(;A~32KK+_%W@j)+oFw5gZ<PNyBt?W5Mfs;J2j^PYl3;7P4!d
z>FC$ZKi$YDC4KV~^8TDqRj5lu8$>Y3Prsl$n3EWub`lD9zX0*0aKP=ri?v3%D!qat
zNH{Be(<(`rzeioKaQ-Ly1aDj#v6hyL<u~on{fNgU<eKE&W7UwPK>V;8`ZeoyAGrEU
ze_W+;LCO(vmOPGIXWN!bB4SZ=^dgM~l8jp&@`gl$2172R_W>H;nW)QOS5Re1{T*k$
zYeNr8PLhodf6u9Hs^8Jn&8lt|<rxzkalUnKztwn`-h&DVB1yVYTf;o}5r)H=G|~W_
z(KgY_R`#wF9MS5YD=SD8_LF(`J&!Cf*$BeZlpp>E-~n+D{0GFU{idW7hc;{^c4)_J
z5}Iqae2VP^!!;+;$7Vm|r`n9|=S^5II4du<2p|eb;gzs)4lnyVQ%Ay($OkX0!8Q>Q
zuPTFxWFv846{h+RPTHqkl_zhTMp)xZ$dtefCUgfEbGeSA3{v6tEVyaFK%Zz%2XAGL
z`$4o}<^M(-`d?UsUd{qNP7ld|DADZPzsuh#Yz+>gZhBQ9^T_5otk+MGtj265V=q!5
zl$9>%V`#CthH)wSW$mSvf&X2>?EkL7a`qnOM*Z>e^ZB*5j>lf|_Mz8`sSU!NOW3Om
z{Ae7t1HXQQ8WG%{^eG&9d&w(}x*9(lUiDC)ffroQ4`|}Ajj(X_vo>K8CV~_R{`BTh
zae%-UD5}sV7K?2XV>Z6@EbLB3WL?p0!r&_<@eI2*1DCjL3^$Mq5M>FkRX2@wf>EHr
zz}I*NGWx?#EWfrshDk1tAREhX4i0uF^si5#RN?tccu%fB2sO_nJ2EmM$9D|^NJ{Ri
z*)FQm>*$=>gR(uIa3f*d?`rtMrw??Z_9w7pDd1e_$=6le-%@DJ+SeVk9=McDjF!?E
z_nz$7^G!~5^K91|8K)ga#zo`vS?wIcM?9W2ykyS-wz8b?QJC`9vK=S~Onjuv|0S4_
zG3_zN<4&b3wiuDKGgbYsn6y%Hwx(#AJBO{c=uuDNr`EpGj-M6qj*A}&q4!PI+scI^
z7CaqB5Oj>g_H>#-FOw)#_oKqakXErv^`ZA=CI&*?S5ZrMAa2;=T|tBiZuN6er8|s<
zXs^q6$`>d0!`~!@QOHF%1<Oi(R=UOWni-IfWy-AD_yAk`N2JuK;tk8WqZ%~MO2%uL
zd+&9~%&UKhO;C^Ub@(SJ`x*Md@NxBvQ-7jXL<2yO@oCm_e0ef6K6~xE`vYhUUo2U^
zV7K$=O&I~W<dc>V9$r||SZnEk2ASFRWlC0n*~8ugZh7L*7Xs;V*2%P?f8ydwhEZDG
zt;u}+tIQS4pa+j=o(x&8%JJr^N}aQ>fTfvDK{K;i*9+#Z73C;uDQ&Fiia+=cymGne
zUx}1=|Avk2x@sZ(3vhtHiIWJv0O6$NdKvtX)Wn|z7K-?8yyt-4wjq<nZnk*iqXg3w
z|BSP1s2q7+lW75@zcWXN&T;XPkI|(EU+MU1ziQ#24TL4!_s~nk`ytkb{5dC_9zhw!
zkob)s`FC4Hfccji&x_O!4CLro{ZgP4@lP_L>2{?OORCm89l}z$Suv|e`hqD|7x6d!
zflRVVJOlXn9FgWAzm^=&9L5>_^vjmZ>YbF8(9aKCox})kBMio}6KG3$yz+3Gu6Va_
z*3SaOi1o`-LSTM#>*rDX7AYudyah1wg95acc~L(btrnPa4XOVYJXktd+$6oD_<8?N
z%5A<ALgXAZERf$$t$*3@cbOT_1iP5q)A;j6O(<FSi4pqyl+TI#Rmpe4bZb8BUoi*L
zFEu5JigeKMVyOAmv6&M(n$@Xx&5gyem!=opn??|I-!TNkFypll9#n*<#Kb?aEIip8
z6>ixc=iyMKhFh+CsKeLTfHX%%7%tf4fl~x<5i!kZx3p3=q$4y(bA5Fm23Fj#aL>Qz
zn`5MK|1Q#E$99&Wa1}}VZ`X7ZIN+hF{vg$X)SRIf$Tow-bX_(|8vrJ_j*Qnj7Sg1h
zFRNNOWv5DoVsWjv{A^r@Z}898U|k?{1Z{(+)xQR#wpXMTng2suiwN75)7(~f6m509
zK%a%6|3sDDX5saYJ7L_C;IyfHe)kBHeQVHm{rM;GCue~p@b^Q7XbJz%E5?5UJ~en0

diff --git a/libssh.spec b/libssh.spec
index 7aa909a..9aa7967 100644
--- a/libssh.spec
+++ b/libssh.spec
@@ -12,35 +12,29 @@
 # license that conforms to the Open Source Definition (Version 1.9)
 # published by the Open Source Initiative.
 
-# Please submit bugfixes or comments via http://bugs.opensuse.org/
+# Please submit bugfixes or comments via https://bugs.opensuse.org/
 #
 
 
+%if 0%{?suse_version} >= 1500 || 0%{?sle_version} >= 150000
+%bcond_without docs
+%else
+# We need cmake >= 3.9 to build docs
+%bcond_with docs
+%endif
+
 Name:           libssh
-Version:        0.7.5
+Version:        0.8.3
 Release:        0
 Summary:        The SSH library
-License:        LGPL-2.1+
+License:        LGPL-2.1-or-later
 Group:          Development/Libraries/C and C++
-Url:            https://www.libssh.org
-# Dynamic number: https://red.libssh.org/projects/libssh/files
-Source0:        https://red.libssh.org/attachments/download/218/%{name}-%{version}.tar.xz
-Source1:        https://red.libssh.org/attachments/download/217/%{name}-%{version}.tar.asc
-Source2:        https://cryptomilk.org/0xCC014E3D-asn@cryptomilk.org-gpg_key.asc#/%{name}.keyring
+URL:            https://www.libssh.org
+Source0:        https://www.libssh.org/files/0.8/%{name}-%{version}.tar.xz
+Source1:        https://www.libssh.org/files/0.8/%{name}-%{version}.tar.xz.asc
+Source2:        https://cryptomilk.org/gpgkey-8DFF53E18F2ABC8D8F3C92237EE0FC4DCC014E3D.gpg#/%{name}.keyring
 Source99:       baselibs.conf
-# PATCH-FIX-UPSTREAM Upstream patches for OpenSSL 1.1 compatibility (will appear in 0.8 release)
-Patch0:         0001-libcrypto-Remove-AES_ctr128_encrypt.patch
-Patch1:         0001-libcrypto-Introduce-a-libcrypto-compat-file.patch
-Patch2:         0001-libcrypto-Use-newer-API-for-HMAC.patch
-Patch3:         0001-libcrypto-Use-a-pointer-for-EVP_MD_CTX.patch
-Patch4:         0001-libcrypto-Use-a-pointer-for-EVP_CIPHER_CTX.patch
-Patch5:         0001-pki_crypto-Use-getters-and-setters-for-opaque-keys-a.patch
-Patch6:         0001-threads-Use-new-API-call-for-OpenSSL-CRYPTO-THREADID.patch
-Patch7:         0001-cmake-Use-configure-check-for-CRYPTO_ctr128_encrypt.patch
-# END of OpenSSL 1.1 support patches
-# PATCH-FIX-UPSTREAM Fix parsing of config files (boo#1067782)
-Patch10:        0001-config-Bugfix-Dont-skip-unseen-opcodes.patch
-Patch11:        0001-disable-timeout-test-on-slow-buildsystems.patch
+Patch0:         0001-disable-timeout-test-on-slow-buildsystems.patch
 BuildRequires:  cmake
 BuildRequires:  doxygen
 BuildRequires:  gcc-c++
@@ -49,31 +43,27 @@ BuildRequires:  libcmocka-devel
 BuildRequires:  openssl-devel
 BuildRequires:  pkgconfig
 BuildRequires:  xz
-BuildRoot:      %{_tmppath}/%{name}-%{version}-build
+BuildRequires:  zlib-devel
 
 %description
-An SSH implementation in the form of a library. With libssh, you can
-remotely execute programs, transfer files, use a secure and
-transparent tunnel for your remote programs. It supports SFTP as
-well.
+An SSH implementation in the form of a library. With libssh, you can remotely
+execute programs, transfer files, use a secure and transparent tunnel for your
+remote programs. It supports SFTP as well.
 
-This package provides libssh from http://www.libssh.org that should not
-be confused with libssh2 available from http://www.libssh2.org (libssh2
-package)
+This package provides libssh from https://www.libssh.org that should not be
+confused with libssh2 available from https://www.libssh2.org (libssh2 package)
 
 %package -n libssh4
 Summary:        SSH library
 Group:          System/Libraries
 
 %description -n libssh4
-An SSH implementation in the form of a library. With libssh, you can
-remotely execute programs, transfer files, use a secure and
-transparent tunnel for your remote programs. It supports SFTP as
-well.
+An SSH implementation in the form of a library. With libssh, you can remotely
+execute programs, transfer files, use a secure and transparent tunnel for your
+remote programs. It supports SFTP as well.
 
-This package provides libssh from http://www.libssh.org that should not
-be confused with libssh2 available from http://www.libssh2.org (libssh2
-package)
+This package provides libssh from https://www.libssh.org that should not be
+confused with libssh2 available from https://www.libssh2.org (libssh2 package)
 
 %package devel
 Summary:        SSH library development headers
@@ -84,25 +74,17 @@ Requires:       libssh4 = %{version}
 %description devel
 Development headers for the SSH library.
 
+%if %{with docs}
 %package devel-doc
 Summary:        SSH library API documentation
 Group:          Documentation/HTML
 
 %description devel-doc
 Documentation for libssh development.
+%endif # with docs
 
 %prep
-%setup -q
-%patch0 -p1
-%patch1 -p1
-%patch2 -p1
-%patch3 -p1
-%patch4 -p1
-%patch5 -p1
-%patch6 -p1
-%patch7 -p1
-%patch10 -p1
-%patch11 -p1
+%autosetup -p1
 
 %build
 
@@ -114,52 +96,41 @@ Documentation for libssh development.
 
 %cmake \
     -DCMAKE_C_FLAGS:STRING="%{optflags} -DOPENSSL_LOAD_CONF" \
-    -DWITH_CLIENT_TESTING="OFF" \
-    -DWITH_TESTING="ON" \
+    -DUNIT_TESTING="ON" \
     -DWITH_GSSAPI=ON \
-    -DWITH_BENCHMARKS="OFF" \
     -DWITH_EXAMPLES="OFF" \
     -DSLOW_TEST_SYSTEM=%{slow_test_system}
 
 make %{?_smp_mflags}
-make %{?_smp_mflags} doc
+%if %{with docs}
+make %{?_smp_mflags} docs
+%endif # with docs
 
 %install
 %cmake_install
 
-# remove the static libs, we don't want them installed, needed by tests
-rm -rf %{buildroot}%{_libdir}/*.a
-
 %check
 cd build
-make %{?_smp_mflags} test || {
-    cat Testing/Temporary/LastTest.log;
-    exit 1;
-}
+ctest --output-on-failure
 
 %post -n libssh4 -p /sbin/ldconfig
-
 %postun -n libssh4 -p /sbin/ldconfig
 
 %files -n libssh4
-%defattr(-,root,root)
 %doc AUTHORS README ChangeLog
 %{_libdir}/libssh.so.*
-%{_libdir}/libssh_threads.so.*
 
 %files devel
-%defattr(-,root,root)
 %{_includedir}/libssh
 %{_libdir}/libssh.so
-%{_libdir}/libssh_threads.so
 %{_libdir}/pkgconfig/libssh.pc
-%{_libdir}/pkgconfig/libssh_threads.pc
 %dir %{_libdir}/cmake/libssh
 %{_libdir}/cmake/libssh/libssh-config.cmake
 %{_libdir}/cmake/libssh/libssh-config-version.cmake
 
+%if %{with docs}
 %files devel-doc
-%defattr(-,root,root)
 %doc build/doc/html
+%endif # with docs
 
 %changelog