[8.0p1-3 + 0.10.3-7] - Fix typos in manual pages - Use the upstream support for PKCS#8 PEM files alongside with the legacy PEM files - Unbreak ssh-keygen -A in FIPS mode - Add missing RSA certificate types to offered hostkey types in FIPS mode [8.0p1-2 + 0.10.3-7] - Allow specifying a pin-value in PKCS #11 URI in ssh-add - Whitelist another syscall variant for s390x cryptographic module [8.0p1-1 + 0.10.3-7] - New upstream release - Remove support for unused VendorPatchLevel configuration option - Fix kerberos cleanup procedures - Do not negotiate arbitrary primes with DH GEX in FIPS - Several GSSAPI key exchange improvements and sync with Debian - Allow to use labels in PKCS#11 URIs even if they do not match on private key - Do not fall back to sshd_net_t SELinux context - Use FIPS compliant high-level signature OpenSSL API and KDF - Mention crypto-policies in manual pages - Do not fail if non-FIPS approved algorithm is enabled in FIPS - Generate the PEM files in new PKCS#8 format without the need of MD5