Thanks Jakub. If I want to build the FIPS supported OpenSSH, do I just need to apply this one single patch http://pkgs.fedoraproject.org/cgit/openssh.git/tree/openssh-6.7p1-fips.patch to the vanilla OpenSSH source code? I saw there are few other patches for OpenSSH version 6.7p1 under the same folder http://pkgs.fedoraproject.org/cgit/openssh.git/tree/. Do I need these other patches? Thanks. On Mon, Dec 7, 2015 at 7:53 AM, Jakub Jelen <jjelen@xxxxxxxxxx> wrote: > On 12/04/2015 10:02 PM, security veteran wrote: > >> Hi Jakub, >> >> Another question I have is, are there any changes in this patch RedHat >> Linux distribution specific? The reason I ask is, if I port the changes to >> other Linux distribution like Debian or Ubuntu, do you see any issues? >> > I don't think there is something distro-specific. Distro specific parts > are handled in other patches. > > Thanks. >> >> On Fri, Dec 4, 2015 at 12:58 PM, security veteran < >> security.veteran@xxxxxxxxx> wrote: >> >> Thanks Jakub. >>> >>> How does this patch match the OpenSSH source version? Does the patch only >>> applicable to OpenSSH version 6.6.1, or does other version available as >>> well? >>> >>> Thanks. >>> >> > We were doing certification for openssh-6.6.1 last time, since it is the > thing we ship in our recent system. But we are maintaining similar patch > for current openssh version (though the name is outdated, it is for 7.1p1) > for Fedora [1], even though it is not "verified" by certification, it > should fulfill similar requirements. > > [1] > http://pkgs.fedoraproject.org/cgit/openssh.git/tree/openssh-6.7p1-fips.patch > > > -- > Jakub Jelen > Security Technologies > Red Hat > > _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev