Merge branch 'STABLE-BRANCH-2-2' into master

--
Fixed conflicts:
  NEWS            - keep master
  configure.ac    - merge
  g10/card-util.c - mostly 2.2
  g10/sig-check.c - 2.2

agent/command-ssh.c

@@ -27,8 +27,10 @@
    RFC-4253 - Transport Layer Protocol
    RFC-5656 - ECC support
 
-   The protocol for the agent is defined in OpenSSH's PROTOCL.agent
-   file.
+   The protocol for the agent is defined in:
+
+   https://tools.ietf.org/html/draft-miller-ssh-agent
+
   */
 
 #include <config.h>
@@ -83,6 +85,8 @@
 /* Other constants.  */
 #define SSH_DSA_SIGNATURE_PADDING 20
 #define SSH_DSA_SIGNATURE_ELEMS    2
+#define SSH_AGENT_RSA_SHA2_256            0x02
+#define SSH_AGENT_RSA_SHA2_512            0x04
 #define SPEC_FLAG_USE_PKCS1V2 (1 << 0)
 #define SPEC_FLAG_IS_ECDSA    (1 << 1)
 #define SPEC_FLAG_IS_EdDSA    (1 << 2)  /*(lowercase 'd' on purpose.)*/
@@ -2865,7 +2869,6 @@ ssh_handler_sign_request (ctrl_t ctrl, estream_t request, estream_t response)
   unsigned char *sig = NULL;
   size_t sig_n;
   u32 data_size;
-  u32 flags;
   gpg_error_t err;
   gpg_error_t ret_err;
   int hash_algo;
@@ -2885,10 +2888,39 @@ ssh_handler_sign_request (ctrl_t ctrl, estream_t request, estream_t response)
   if (err)
     goto out;
 
-  /* FIXME?  */
-  err = stream_read_uint32 (request, &flags);
-  if (err)
-    goto out;
+  /* Flag processing.  */
+  {
+    u32 flags;
+
+    err = stream_read_uint32 (request, &flags);
+    if (err)
+      goto out;
+
+    if (spec.algo == GCRY_PK_RSA)
+      {
+        if ((flags & SSH_AGENT_RSA_SHA2_512))
+          {
+            flags &= ~SSH_AGENT_RSA_SHA2_512;
+            spec.ssh_identifier = "rsa-sha2-512";
+            spec.hash_algo = GCRY_MD_SHA512;
+          }
+        if ((flags & SSH_AGENT_RSA_SHA2_256))
+          {
+            /* Note: We prefer SHA256 over SHA512.  */
+            flags &= ~SSH_AGENT_RSA_SHA2_256;
+            spec.ssh_identifier = "rsa-sha2-256";
+            spec.hash_algo = GCRY_MD_SHA256;
+          }
+      }
+
+    /* Some flag is present that we do not know about.  Note that
+     * processed or known flags have been cleared at this point.  */
+    if (flags)
+      {
+        err = gpg_error (GPG_ERR_UNKNOWN_OPTION);
+        goto out;
+      }
+  }
 
   hash_algo = spec.hash_algo;
   if (!hash_algo)