diff --git a/dist b/dist
index 9c0e36ec42a2d9bfefacb21ac6354c9ddd910533..535c6900412d365bb0ff6de8d1f27110833b3ae3 100644
--- a/dist
+++ b/dist
@@ -1 +1 @@
-an8
+an8_7
diff --git a/openssh-8.0p1-ipv6-process.patch b/openssh-8.0p1-ipv6-process.patch
new file mode 100644
index 0000000000000000000000000000000000000000..cb769382472a81eb994394a0bf4b87a0435bc3e0
--- /dev/null
+++ b/openssh-8.0p1-ipv6-process.patch
@@ -0,0 +1,27 @@
+diff --git a/sftp.c b/sftp.c
+index 04881c83..03c7a5c7 100644
+--- a/sftp.c
++++ b/sftp.c
+@@ -2527,12 +2527,17 @@ main(int argc, char **argv)
+ 				port = tmp;
+ 			break;
+ 		default:
++			/* Try with user, host and path. */
+ 			if (parse_user_host_path(*argv, &user, &host,
+-			    &file1) == -1) {
+-				/* Treat as a plain hostname. */
+-				host = xstrdup(*argv);
+-				host = cleanhostname(host);
+-			}
++			    &file1) == 0)
++				break;
++			/* Try with user and host. */
++			if (parse_user_host_port(*argv, &user, &host, NULL)
++			    == 0)
++				break;
++			/* Treat as a plain hostname. */
++			host = xstrdup(*argv);
++			host = cleanhostname(host);
+ 			break;
+ 		}
+ 		file2 = *(argv + 1);
diff --git a/openssh.spec b/openssh.spec
index 5755871f6079110283d6e3edcbbbeaed650ea7c2..5320e01ddb20b43ee5e9dd3bb2f658a7f1a303db 100644
--- a/openssh.spec
+++ b/openssh.spec
@@ -1,4 +1,4 @@
-%define anolis_release .0.3
+%define anolis_release .0.1
 # Do we want SELinux & Audit
 %if 0%{?!noselinux:1}
 %global WITH_SELINUX 1
@@ -67,7 +67,7 @@
 
 # Do not forget to bump pam_ssh_agent_auth release if you rewind the main package release to 1
 %global openssh_ver 8.0p1
-%global openssh_rel 16
+%global openssh_rel 17
 %global pam_ssh_agent_ver 0.10.3
 %global pam_ssh_agent_rel 7
 
@@ -273,6 +273,8 @@ Patch984: openssh-8.0p1-crypto-policy-doc.patch
 # 0fa33683223c76289470a954404047bc762be84c
 # f8df0413f0a057b6a3d3dd7bd8bc7c5d80911d3a
 Patch985: openssh-8.7p1-minimize-sha1-use.patch
+# Upstream 25e3bccbaa63d27b9d5e09c123f1eb28594d2bd6
+Patch987: openssh-8.0p1-ipv6-process.patch
 
 Patch1001: 1001-openssh-8.1p1-seccomp-nanosleep.patch
 
@@ -514,6 +516,7 @@ popd
 %patch983 -p1 -b .sftp-realpath
 %patch984 -p1 -b .crypto-policy-doc
 %patch985 -p1 -b .minimize-sha1-use
+%patch987 -p1 -b .sftp_ipv6
 
 %patch200 -p1 -b .audit
 %patch201 -p1 -b .audit-race
@@ -810,15 +813,14 @@ getent passwd sshd >/dev/null || \
 %endif
 
 %changelog
-* Mon Mar 20 2023 JiangYong <jiang.yong5@zte.com.cn> - 8.0p1-16.0.3
-- another case where a utimes() failure could make scp send
-
-* Sat Mar 18 2023 JiangYong <jiang.yong5@zte.com.cn> - 8.0p1-16.0.2
-- Fix a one-byte overflow in SSH-banner processing
-
-* Thu Dec 29 2022 Weitao Zhou <zhouwt@linux.alibaba.com> - 8.0p1-16.0.1
+* Thu May 11 2023 Weitao Zhou <zhouwt@linux.alibaba.com> - 8.0p1-17.0.1
 - seccomp: Allow check_nanosleep to better compatibility for both glibc2.28 and glibc2.32
 - Support loongarch64 seccomp_filter sandbox (xuezhixin@uniontech.com)
+- Fix a one-byte overflow in SSH-banner processing (jiang.yong5@zte.com.cn)
+- another case where a utimes() failure could make scp send (jiang.yong5@zte.com.cn)
+
+* Mon Jan 23 2023 Dmitry Belyavskiy <dbelyavs@redhat.com> - 8.0p1-17
+- Fix parsing of IPv6 IPs in sftp client (#2162733)
 
 * Wed Jun 29 2022 Zoltan Fridrich <zfridric@redhat.com> - 8.0p1-16
 - Omit client side from minimize-sha1-use.patch to prevent regression (#2093897)