diff --git a/.cockpit.metadata b/.cockpit.metadata
index c7db194..8a82ffa 100644
--- a/.cockpit.metadata
+++ b/.cockpit.metadata
@@ -1 +1 @@
-9de4e1b0b328c6d1bb923f373d3f72e9ba2e0ede SOURCES/cockpit-173.1.tar.xz
+70a78561a0c958723655b998ed85bff6be166cdb SOURCES/cockpit-176.tar.xz
diff --git a/.gitignore b/.gitignore
index 44bd084..60d5ad0 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1 +1 @@
-SOURCES/cockpit-173.1.tar.xz
+SOURCES/cockpit-176.tar.xz
diff --git a/SOURCES/0001-ssh-Use-SHA256-fingerprints-when-available.patch b/SOURCES/0001-ssh-Use-SHA256-fingerprints-when-available.patch
new file mode 100644
index 0000000..11663ae
--- /dev/null
+++ b/SOURCES/0001-ssh-Use-SHA256-fingerprints-when-available.patch
@@ -0,0 +1,125 @@
+From 50873a820f9d9c655b93e8ff2d4158aff29761ff Mon Sep 17 00:00:00 2001
+From: Martin Pitt <martin@piware.de>
+Date: Mon, 8 Oct 2018 15:19:02 +0200
+Subject: [PATCH 1/2] ssh: Use SHA256 fingerprints when available
+
+libssh 0.8 offers SHA256 fingerprints in addition to the old MD5/SHA1
+ones. The latter are both cryptographically broken, and not allowed when
+running in FIPS mode -- these cause an assertion crash in OpenSSL.
+
+The "ssh" CLI hasn't shown MD5 fingerprints in a long time, not even on
+RHEL 7 (it shows SHA1 and SHA256 there by default), so this actually
+improves compatibility with ssh.
+
+Use libssh 0.8's ssh_get_fingerprint_hash() function, as ssh itself
+shows SHA256 fingerprints  in base64 instead of hex. cockpit-ssh's
+fingerprint prompts should be compatible, and hex fingerprints would be
+overly long.
+
+Adjust most check-multi-machine tests to not care about the particular
+type of fingerprint, as they don't check the actual fingerprint anyway.
+Only `TestMultiMachine.testDirectLogin` does, so adjust the test to
+accept both MD5 and SHA256 fingerprints.
+
+https://bugzilla.redhat.com/show_bug.cgi?id=1585191
+
+Closes #10241
+---
+ configure.ac              |  2 ++
+ src/ssh/cockpitsshrelay.c | 17 +++++++++++++++--
+ src/ssh/test-sshbridge.c  |  8 +++++++-
+ 3 files changed, 24 insertions(+), 3 deletions(-)
+
+diff --git a/configure.ac b/configure.ac
+index af8b1e3..b0d4879 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -132,6 +132,8 @@ if test "$enable_ssh" != "no"; then
+     AC_DEFINE_UNQUOTED(HAVE_SSH_GET_SERVER_PUBLICKEY, 1, Whether ssh_get_server_publickey is available)
+   ])
+ 
++  AC_CHECK_DECLS([SSH_PUBLICKEY_HASH_SHA256, ssh_get_fingerprint_hash], [], [], [[#include <libssh/libssh.h>]])
++
+   COCKPIT_SSH_SESSION_CFLAGS="$COCKPIT_CFLAGS $LIBSSH_CFLAGS $KRB5_CFLAGS"
+   COCKPIT_SSH_SESSION_LIBS="$COCKPIT_LIBS $LIBSSH_LIBS $KRB5_LIBS"
+   AC_SUBST(COCKPIT_SSH_SESSION_LIBS)
+diff --git a/src/ssh/cockpitsshrelay.c b/src/ssh/cockpitsshrelay.c
+index 41286c3..1798345 100644
+--- a/src/ssh/cockpitsshrelay.c
++++ b/src/ssh/cockpitsshrelay.c
+@@ -52,6 +52,15 @@
+ #include <fcntl.h>
+ #include <time.h>
+ 
++/* libssh 0.8 offers SHA256 fingerprints, use them if available */
++#if HAVE_DECL_SSH_PUBLICKEY_HASH_SHA256
++#define SSH_PUBLICKEY_HASH SSH_PUBLICKEY_HASH_SHA256
++#define SSH_PUBLICKEY_HASH_NAME "SHA256"
++#else
++#define SSH_PUBLICKEY_HASH SSH_PUBLICKEY_HASH_MD5
++#define SSH_PUBLICKEY_HASH_NAME "MD5"
++#endif
++
+ /* we had a private one before moving to /etc/ssh/ssh_known_hosts */
+ #define LEGACY_KNOWN_HOSTS PACKAGE_LOCALSTATE_DIR "/known_hosts"
+ 
+@@ -505,7 +514,7 @@ prompt_for_host_key (CockpitSshData *data)
+ 
+   message = g_strdup_printf ("The authenticity of host '%s:%d' can't be established. Do you want to proceed this time?",
+                              host, port);
+-  prompt = g_strdup_printf ("MD5 Fingerprint (%s):", data->host_key_type);
++  prompt = g_strdup_printf (SSH_PUBLICKEY_HASH_NAME " Fingerprint (%s):", data->host_key_type);
+ 
+   reply = prompt_with_authorize (data, prompt, message, data->host_fingerprint, data->host_key, TRUE);
+ 
+@@ -674,7 +683,7 @@ verify_knownhost (CockpitSshData *data,
+       goto done;
+     }
+ 
+-  if (ssh_get_publickey_hash (key, SSH_PUBLICKEY_HASH_MD5, &hash, &len) < 0)
++  if (ssh_get_publickey_hash (key, SSH_PUBLICKEY_HASH, &hash, &len) < 0)
+     {
+       g_warning ("Couldn't hash ssh public key");
+       ret = "internal-error";
+@@ -682,7 +691,11 @@ verify_knownhost (CockpitSshData *data,
+     }
+   else
+     {
++#if HAVE_DECL_SSH_GET_FINGERPRINT_HASH
++      data->host_fingerprint = ssh_get_fingerprint_hash (SSH_PUBLICKEY_HASH, hash, len);
++#else
+       data->host_fingerprint = ssh_get_hexa (hash, len);
++#endif
+       ssh_clean_pubkey_hash (&hash);
+     }
+ 
+diff --git a/src/ssh/test-sshbridge.c b/src/ssh/test-sshbridge.c
+index e86f639..bc5bc3a 100644
+--- a/src/ssh/test-sshbridge.c
++++ b/src/ssh/test-sshbridge.c
+@@ -563,7 +563,13 @@ test_echo_large (TestCase *tc,
+ 
+ static const gchar MOCK_RSA_KEY[] = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCYzo07OA0H6f7orVun9nIVjGYrkf8AuPDScqWGzlKpAqSipoQ9oY/mwONwIOu4uhKh7FTQCq5p+NaOJ6+Q4z++xBzSOLFseKX+zyLxgNG28jnF06WSmrMsSfvPdNuZKt9rZcQFKn9fRNa8oixa+RsqEEVEvTYhGtRf7w2wsV49xIoIza/bln1ABX1YLaCByZow+dK3ZlHn/UU0r4ewpAIZhve4vCvAsMe5+6KJH8ft/OKXXQY06h6jCythLV4h18gY/sYosOa+/4XgpmBiE7fDeFRKVjP3mvkxMpxce+ckOFae2+aJu51h513S9kxY2PmKaV/JU9HBYO+yO4j+j24v";
+ 
++#if HAVE_DECL_SSH_PUBLICKEY_HASH_SHA256
++static const gchar MOCK_RSA_FP[] = "SHA256:XQ8a7zGxMFstDrGecBRUP9OMnOUXd/T3vkNGtYShs2w";
++#define SSH_PUBLICKEY_HASH_NAME "SHA256"
++#else
+ static const gchar MOCK_RSA_FP[] = "0e:6a:c8:b1:07:72:e2:04:95:9f:0e:b3:56:af:48:e2";
++#define SSH_PUBLICKEY_HASH_NAME "MD5"
++#endif
+ 
+ 
+ static void
+@@ -634,7 +640,7 @@ do_hostkey_conversation (TestCase *tc,
+                                  (int)tc->ssh_port, MOCK_RSA_FP,
+                                  (int)tc->ssh_port, MOCK_RSA_KEY);
+ 
+-  do_auth_conversation (tc->transport, "MD5 Fingerprint (ssh-rsa):",
++  do_auth_conversation (tc->transport, SSH_PUBLICKEY_HASH_NAME " Fingerprint (ssh-rsa):",
+                         expect_json, response, add_header);
+   g_free (expect_json);
+ }
+-- 
+2.19.1
+
diff --git a/SOURCES/9999-Build-system-generated-changes-from-patches.patch b/SOURCES/9999-Build-system-generated-changes-from-patches.patch
new file mode 100644
index 0000000..ec45230
--- /dev/null
+++ b/SOURCES/9999-Build-system-generated-changes-from-patches.patch
@@ -0,0 +1,97 @@
+From f2df0777226cf446d682812f464f68e91cbd25b4 Mon Sep 17 00:00:00 2001
+From: Martin Pitt <martin@piware.de>
+Date: Sun, 28 Oct 2018 13:55:38 +0100
+Subject: [PATCH 2/2] Build system generated changes from patches
+
+---
+ configure | 90 ++++++++++++++++++++++++++++++++++++++++++++++++-------
+ 1 file changed, 80 insertions(+), 10 deletions(-)
+
+diff --git a/configure b/configure
+index 841293e..665e89c 100755
+--- a/configure
++++ b/configure
+@@ -1939,6 +1939,52 @@ fi
+ 
+ } # ac_fn_c_try_link
+ 
++# ac_fn_c_check_decl LINENO SYMBOL VAR INCLUDES
++# ---------------------------------------------
++# Tests whether SYMBOL is declared in INCLUDES, setting cache variable VAR
++# accordingly.
++ac_fn_c_check_decl ()
++{
++  as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack
++  as_decl_name=`echo $2|sed 's/ *(.*//'`
++  as_decl_use=`echo $2|sed -e 's/(/((/' -e 's/)/) 0&/' -e 's/,/) 0& (/g'`
++  { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether $as_decl_name is declared" >&5
++$as_echo_n "checking whether $as_decl_name is declared... " >&6; }
++if eval \${$3+:} false; then :
++  $as_echo_n "(cached) " >&6
++else
++  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
++/* end confdefs.h.  */
++$4
++int
++main ()
++{
++#ifndef $as_decl_name
++#ifdef __cplusplus
++  (void) $as_decl_use;
++#else
++  (void) $as_decl_name;
++#endif
++#endif
++
++  ;
++  return 0;
++}
++_ACEOF
++if ac_fn_c_try_compile "$LINENO"; then :
++  eval "$3=yes"
++else
++  eval "$3=no"
++fi
++rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
++fi
++eval ac_res=\$$3
++	       { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5
++$as_echo "$ac_res" >&6; }
++  eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno
++
++} # ac_fn_c_check_decl
++
+ # ac_fn_c_check_func LINENO FUNC VAR
+ # ----------------------------------
+ # Tests whether FUNC exists, setting the cache variable VAR accordingly
+@@ -6891,6 +6937,30 @@ _ACEOF
+ fi
+ 
+ 
++  ac_fn_c_check_decl "$LINENO" "SSH_PUBLICKEY_HASH_SHA256" "ac_cv_have_decl_SSH_PUBLICKEY_HASH_SHA256" "#include <libssh/libssh.h>
++"
++if test "x$ac_cv_have_decl_SSH_PUBLICKEY_HASH_SHA256" = xyes; then :
++  ac_have_decl=1
++else
++  ac_have_decl=0
++fi
++
++cat >>confdefs.h <<_ACEOF
++#define HAVE_DECL_SSH_PUBLICKEY_HASH_SHA256 $ac_have_decl
++_ACEOF
++ac_fn_c_check_decl "$LINENO" "ssh_get_fingerprint_hash" "ac_cv_have_decl_ssh_get_fingerprint_hash" "#include <libssh/libssh.h>
++"
++if test "x$ac_cv_have_decl_ssh_get_fingerprint_hash" = xyes; then :
++  ac_have_decl=1
++else
++  ac_have_decl=0
++fi
++
++cat >>confdefs.h <<_ACEOF
++#define HAVE_DECL_SSH_GET_FINGERPRINT_HASH $ac_have_decl
++_ACEOF
++
++
+   COCKPIT_SSH_SESSION_CFLAGS="$COCKPIT_CFLAGS $LIBSSH_CFLAGS $KRB5_CFLAGS"
+   COCKPIT_SSH_SESSION_LIBS="$COCKPIT_LIBS $LIBSSH_LIBS $KRB5_LIBS"
+ 
diff --git a/SPECS/cockpit.spec b/SPECS/cockpit.spec
index 8fdce44..d26440a 100644
--- a/SPECS/cockpit.spec
+++ b/SPECS/cockpit.spec
@@ -19,14 +19,23 @@
 
 %define _hardened_build 1
 
-# define to build the dashboard
-# define build_dashboard 1
+# define to build the dashboard; i686 buildroot does not have libssh-devel
+%ifarch x86_64 %{arm} aarch64 ppc64le s390x
+%define build_dashboard 1
+%endif
 
 # build basic packages like cockpit-bridge
 %define build_basic 1
 # build optional extensions like cockpit-docker
 %define build_optional 1
 
+# cockpit's firewall service definition moved to firewalld
+%if 0%{?fedora} >= 29 || 0%{?rhel} >= 8
+%define firewalld_service 0
+%else
+%define firewalld_service 1
+%endif
+
 %define __lib lib
 
 # on RHEL 7.x we build subscriptions; superseded later by
@@ -36,7 +45,7 @@
 %endif
 
 
-%define libssh_version 0.7.1
+%define libssh_version 0.7.1-7
 %if 0%{?fedora} > 0 && 0%{?fedora} < 22
 %define libssh_version 0.6.0
 %endif
@@ -57,15 +66,18 @@ Summary:        A user interface for Linux servers
 License:        LGPLv2+
 URL:            https://cockpit-project.org/
 
-Version:        173.1
+Version:        176
 %if %{defined wip}
 Release:        1.%{wip}%{?dist}
 Source0:        cockpit-%{version}.tar.gz
 %else
-Release:        1%{?dist}
+Release:        4%{?dist}
 Source0:        https://github.com/cockpit-project/cockpit/releases/download/%{version}/cockpit-%{version}.tar.xz
 %endif
 
+Patch1:        0001-ssh-Use-SHA256-fingerprints-when-available.patch
+Patch9999:     9999-Build-system-generated-changes-from-patches.patch
+
 BuildRequires: gcc
 BuildRequires: pkgconfig(gio-unix-2.0)
 BuildRequires: pkgconfig(json-glib-1.0)
@@ -139,7 +151,7 @@ if [ -n "%{patches}" ]; then
     git config core.autocrlf false && git config core.safecrlf false && git config gc.auto 0
     git add -f . && git commit -a -q -m "Base" && git tag -a initial --message="initial"
     git am --whitespace=nowarn %{patches}
-    touch -r $(git diff --name-only initial..HEAD) .git dist/storaged/stamp $(find dist -type f)
+    touch -r $(git diff --name-only initial..HEAD) .git Makefile.in aclocal.m4
     rm -rf .git
 fi
 
@@ -147,11 +159,13 @@ fi
 exec 2>&1
 %configure \
     --disable-silent-rules \
+    %{!?build_dashboard:--disable-ssh} \
     --with-cockpit-user=cockpit-ws \
     --with-selinux-config-type=etc_t \
-    %{?rhel:--without-storaged-iscsi-sessions} \
+%if 0%{?rhel} >= 7 && 0%{?rhel} < 8
+    --without-storaged-iscsi-sessions \
+%endif
     --with-appstream-data-packages='[ "appstream-data" ]' \
-    %{!?build_dashboard:--disable-ssh} \
     --with-nfs-client-package='"nfs-utils"' \
     %{?vdo_on_demand:--with-vdo-package='"vdo"'}
 make -j4 %{?extra_flags} all
@@ -166,6 +180,9 @@ make install-tests DESTDIR=%{buildroot}
 mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/pam.d
 install -p -m 644 tools/cockpit.pam $RPM_BUILD_ROOT%{_sysconfdir}/pam.d/cockpit
 rm -f %{buildroot}/%{_libdir}/cockpit/*.so
+%if 0%{?firewalld_service} == 0
+rm -f %{buildroot}/%{_prefix}/%{__lib}/firewalld/services/cockpit.xml
+%endif
 install -p -m 644 AUTHORS COPYING README.md %{buildroot}%{_docdir}/cockpit/
 
 # On RHEL we don't yet show options for changing language
@@ -190,8 +207,7 @@ echo '%{_libexecdir}/cockpit-ssh' >> base.list
 echo '%dir %{_datadir}/cockpit/dashboard' >> dashboard.list
 find %{buildroot}%{_datadir}/cockpit/dashboard -type f >> dashboard.list
 %else
-rm -rf %{buildroot}/%{_datadir}/cockpit/dashboard
-rm -rf %{buildroot}/%{_datadir}/%{name}/ssh
+rm -rf %{buildroot}/%{_datadir}/cockpit/dashboard %{buildroot}/%{_datadir}/cockpit/ssh
 touch dashboard.list
 %endif
 
@@ -232,15 +248,9 @@ find %{buildroot}%{_datadir}/cockpit/storaged -type f >> storaged.list
 echo '%dir %{_datadir}/cockpit/networkmanager' > networkmanager.list
 find %{buildroot}%{_datadir}/cockpit/networkmanager -type f >> networkmanager.list
 
-echo '%dir %{_datadir}/cockpit/ostree' > ostree.list
-find %{buildroot}%{_datadir}/cockpit/ostree -type f >> ostree.list
-
 echo '%dir %{_datadir}/cockpit/packagekit' >> packagekit.list
 find %{buildroot}%{_datadir}/cockpit/packagekit -type f >> packagekit.list
 
-echo '%dir %{_datadir}/cockpit/apps' >> packagekit.list
-find %{buildroot}%{_datadir}/cockpit/apps -type f >> packagekit.list
-
 echo '%dir %{_datadir}/cockpit/machines' > machines.list
 find %{buildroot}%{_datadir}/cockpit/machines -type f >> machines.list
 
@@ -304,7 +314,7 @@ rm -f %{buildroot}%{_libexecdir}/cockpit-ssh
 
 # when not building optional packages, remove their files
 %if 0%{?build_optional} == 0
-for pkg in apps dashboard docker kubernetes machines ostree ovirt packagekit pcp playground storaged; do
+for pkg in apps dashboard docker kubernetes machines ovirt packagekit pcp playground storaged; do
     rm -rf %{buildroot}/%{_datadir}/cockpit/$pkg
 done
 # files from -tests
@@ -315,6 +325,11 @@ rm -r %{buildroot}/%{_libexecdir}/cockpit-pcp %{buildroot}/%{_localstatedir}/lib
 rm -f %{buildroot}/%{_libexecdir}/cockpit-kube-auth %{buildroot}/%{_libexecdir}/cockpit-kube-launch %{buildroot}/%{_libexecdir}/cockpit-stub
 %endif
 
+# On RHEL, apps is not currently built
+%if 0%{?rhel}
+rm -rf %{buildroot}/%{_datadir}/%{name}/apps
+%endif
+
 sed -i "s|%{buildroot}||" *.list
 
 # Build the package lists for debug package, and move debug files to installed locations
@@ -457,6 +472,11 @@ Summary: Cockpit Web Service
 Requires: glib-networking
 Requires: openssl
 Requires: glib2 >= 2.37.4
+%if 0%{?firewalld_service}
+Conflicts: firewalld >= 0.6.0-1
+%else
+Conflicts: firewalld < 0.6.0-1
+%endif
 %if 0%{?fedora} >= 24 || 0%{?rhel} >= 8
 Recommends: sscg >= 2.3
 %endif
@@ -474,14 +494,16 @@ The Cockpit Web Service listens on the network, and authenticates users.
 %doc %{_mandir}/man8/pam_ssh_add.8.gz
 %config(noreplace) %{_sysconfdir}/cockpit/ws-certs.d
 %config(noreplace) %{_sysconfdir}/pam.d/cockpit
-%config %{_sysconfdir}/issue.d/cockpit
+%config %{_sysconfdir}/issue.d/cockpit.issue
 %config %{_sysconfdir}/motd.d/cockpit
 %{_datadir}/cockpit/motd/update-motd
 %{_datadir}/cockpit/motd/inactive.motd
 %{_unitdir}/cockpit.service
 %{_unitdir}/cockpit-motd.service
 %{_unitdir}/cockpit.socket
+%if 0%{?firewalld_service}
 %{_prefix}/%{__lib}/firewalld/services/cockpit.xml
+%endif
 %{_prefix}/%{__lib}/tmpfiles.d/cockpit-tempfiles.conf
 %{_sbindir}/remotectl
 %{_libdir}/security/pam_ssh_add.so
@@ -596,25 +618,10 @@ Dummy package from building optional packages only; never install or publish me.
 %package -n cockpit-storaged
 Summary: Cockpit user interface for storage, using udisks
 Requires: cockpit-shell >= %{required_base}
-%if 0%{?rhel} == 7 || 0%{?centos} == 7
 Requires: udisks2 >= 2.6
 Requires: udisks2-lvm2 >= 2.6
 Requires: udisks2-iscsi >= 2.6
 Requires: device-mapper-multipath
-%else
-%if 0%{?fedora} >= 27 || 0%{?rhel} >= 8
-Requires: udisks2 >= 2.6
-Recommends: udisks2-lvm2 >= 2.6
-Recommends: udisks2-iscsi >= 2.6
-Recommends: device-mapper-multipath
-%else
-# Fedora < 27
-Requires: storaged >= 2.1.1
-Recommends: storaged-lvm2 >= 2.1.1
-Recommends: storaged-iscsi >= 2.1.1
-Recommends: device-mapper-multipath
-%endif
-%endif
 %if 0%{?fedora} || 0%{?rhel} >= 8
 Requires: python3
 Requires: python3-dbus
@@ -648,7 +655,6 @@ These files are not required for running Cockpit.
 %{_prefix}/%{__lib}/cockpit-test-assets
 
 %package -n cockpit-machines
-BuildArch: noarch
 Summary: Cockpit user interface for virtual machines
 Requires: cockpit-bridge >= %{required_base}
 Requires: cockpit-system >= %{required_base}
@@ -683,23 +689,6 @@ The Cockpit components for managing oVirt virtual machines.
 
 %files -n cockpit-machines-ovirt -f ovirt.list
 
-%package -n cockpit-ostree
-BuildArch: noarch
-Summary: Cockpit user interface for rpm-ostree
-# Requires: Uses new translations functionality
-Requires: cockpit-bridge >= %{required_base}
-Requires: cockpit-system >= %{required_base}
-%if 0%{?fedora} > 0 && 0%{?fedora} < 24
-Requires: rpm-ostree >= 2015.10-1
-%else
-Requires: /usr/libexec/rpm-ostreed
-%endif
-
-%description -n cockpit-ostree
-The Cockpit components for managing software updates for ostree based systems.
-
-%files -n cockpit-ostree -f ostree.list
-
 %package -n cockpit-pcp
 Summary: Cockpit PCP integration
 Requires: cockpit-bridge >= %{required_base}
@@ -791,67 +780,112 @@ cluster. Installed on the Kubernetes master. This package is not yet complete.
 %endif
 
 %package -n cockpit-packagekit
-Summary: Cockpit user interface for packages
-BuildArch: noarch
+Summary: Cockpit user interface for package updates
 Requires: cockpit-bridge >= %{required_base}
 Requires: PackageKit
 
 %description -n cockpit-packagekit
-The Cockpit components for installing OS updates and Cockpit add-ons,
-via PackageKit.
+The Cockpit component for installing package updates, via PackageKit.
 
 %files -n cockpit-packagekit -f packagekit.list
 
 %endif # build optional extension packages
 
 %changelog
-* Tue Oct 30 2018 Martin Pitt <mpitt@redhat.com> 173.1-1
-- Crash fixes spotted by coverity rhbz#1644345
-- Fix race condition with fslist channels rhbz#1644346
-- Fix remotectl crash on errors rhbz#1644348
-
-* Tue Sep 25 2018 Martin Pitt <mpitt@redhat.com> 173-7
-- Build against fixed build root with all architectures again rhbz#1628490
-
-* Wed Sep 12 2018 Martin Pitt <mpitt@redhat.com> 173-6
-- Fix remote unauthenticated crash with crafted URLs rhbz#1627631
-- Fix off-by-one error in flow control rhbz#1626846
-
-* Tue Aug 21 2018 Martin Pitt <mpitt@redhat.com> 173-5
-- Storage: Fix crash when cancelling package install
-- Update translations rhbz#1569423
-
-* Thu Jul 26 2018 Martin Pitt <mpitt@redhat.com> 173-1
-- Rebase to version 173 rhbz#1568728
-
-* Thu Jul 12 2018 Martin Pitt <mpitt@redhat.com> 172-1
-- Rebase to version 172 rhbz#1568728
-
-* Wed Jun 27 2018 Martin Pitt <mpitt@redhat.com> 171-1
-- Rebase to version 171 rhbz#1568728
-
-* Tue Jun 05 2018 Martin Pitt <mpitt@redhat.com> 169-3
-- Rebase to version 169, drop all patches rhbz#1568728
-- Fix Subscriptions page hang when accessing as non-admin rhbz#1442540
-- Show an indicator on front page if updates are available rhbz#1495543
-- Properly localize "Log in" rhbz#1541454
-- Improve check for root privilege availability, to e. g. also work for FreeIPA
-  admins rhbz#1574630
-
-* Mon Jan 08 2018 Martin Pitt <mpitt@redhat.com> 154-3
-- Update source po for Japanese translations rhbz#1512923
-- Adjust build system to avoid build failure for the above
-
-* Mon Dec 11 2017 Martin Pitt <mpitt@redhat.com> 154-2
-- Update Japanese translations rhbz#1512923
-
-* Tue Oct 17 2017 Martin Pitt <mpitt@redhat.com> 154-1
-- Rebase to version 154, drop all patches rhbz#1470780
-- This allows ssh keys to be loaded from arbitrary directories
-  rhbz#1425887
-
-* Thu Jun 22 2017 Dominik Perpeet <dperpeet@redhat.com> 138-9
-- Add Japanese translation rhbz#1461085
+* Mon Oct 29 2018 Martin Pitt <mpitt@redhat.com> 176-4
+- Switch to ssh SHA256 fingerprints, to fix crash in FIPS mode
+  rhbz#1585191
+
+* Thu Aug 30 2018 Martin Pitt <mpitt@redhat.com> 176-3
+- Storage: Offer installation of VDO on demand
+- Machines: Add disks to a virtual machine
+
+* Tue Aug 14 2018 Martin Pitt <mpitt@redhat.com> 173-3
+- Re-enable cockpit-kubernetes, Go is now available in
+  extras-rhel-7.6-go-toolset. (RCM-38564)
+
+* Tue Jul 31 2018 Martin Pitt <mpitt@redhat.com> 173-2
+- Update to 173 release
+- Kubernetes: VM detail page
+- Realmd: Install on demand
+- Temporarily disable cockpit-kubernetes, until Go becomes available
+  (RCM-38564)
+
+* Mon Jul 16 2018 Martin Pitt <mpitt@redhat.com> 172-2
+- Update to 172 release
+- Software Updates: Layout rework
+- Machines: Add virtual CPU configuration
+- Docker: Show container volumes
+
+* Thu Jun 14 2018 Martin Pitt <mpitt@redhat.com> 170-1
+- Update to 170 release
+- Software Updates: Layout rework
+- oVirt: Use authenticated libvirt connection by default rhbz#1297037
+
+* Wed May 30 2018 Martin Pitt <mpitt@redhat.com> 169-1
+- Update to 169 release
+- Storage: Offer installation of NFS client support on demand
+- Containers: Don't try to manage "overlay2" storage without a volume group
+- Machines: Fix "Start VM" checkbox layout
+- Software Updates: Fix security update icon rhbz#1582570
+- Drop obsolete cockpit-bashboard SELinux %post hack rhbz#1570833
+
+* Tue Apr 17 2018 Martin Pitt <mpitt@redhat.com> 165-3
+- Revert "noarch" change for cockpit-doc as well
+
+* Tue Apr 17 2018 Martin Pitt <mpitt@redhat.com> 165-2
+- Revert "noarch" changes from 165-1, they cause too much fallout
+
+* Fri Apr 13 2018 Martin Pitt <mpitt@redhat.com> 165-1
+- Update to 165 release
+- New VMs can be created on Machines page
+- Improve LVM volume resizing
+- Hide Docker storage pool reset button when it cannot work properly
+- Move NFS management into new details page
+- Show more details of sessions and services that keep NFS busy
+- Machines page now shows proper error notifications
+- Show virtual machines that are being created
+- Detect if libvirtd is not running and offer to start and/or enable it
+- Enable building of cockpit-machines-ovirt rhbz#1515796
+
+* Mon Feb 26 2018 Martin Pitt <mpitt@redhat.com> 160-3
+- storaged: Drop VDO async option rhbz#1548988
+
+* Mon Jan 29 2018 Martin Pitt <mpitt@redhat.com> 160-2
+- Add kubevirt Virtual Machines overview
+- Redesign package list on Software Updates page and show RHEL Errata
+
+* Wed Jan 10 2018 Martin Pitt <mpitt@redhat.com> 159-1
+- Update to 159 release
+- Configure data deduplication with VDO devices on Storage page
+- Add serial console to virtual Machines page and redesign the Consoles tab
+- Show more error message details for failures on virtual Machines page
+
+* Thu Dec 14 2017 Martin Pitt <mpitt@redhat.com> 158-1
+- Update to 158 release
+- New package "cockpit-packagekit", which provides a "Software Updates" page
+  for installing package updates rhbz#1479836
+- Add NFS client support to the Storage page
+- Add checkboxes for common Storage encryption and mount options
+- Adjust cockpit-storaged dependencies to storaged → udisks2 rename
+  rhbz#1510667
+
+* Thu Jun 29 2017 Dominik Perpeet <dperpeet@redhat.com> 141-4
+- Bump for rebuild on more architectures
+
+* Thu Jun 29 2017 Dominik Perpeet <dperpeet@redhat.com> 141-3
+- Fix dashboard dependency rhbz#1466423
+
+* Mon Jun 05 2017 Dominik Perpeet <dperpeet@redhat.com> 141-2
+- Build on more architectures
+
+* Mon Jun 05 2017 Dominik Perpeet <dperpeet@redhat.com> 141-1
+- Update to 141 release
+- Allow users to change Docker container environment variables
+- Allow auth commands to store credentials for future challenges
+- Attempt to tear down used partitions when formatting disks
+- Show the correct known_hosts path on missing/mismatching host keys
+- Set HTML content type when serving login page, for better reverse proxy operation
 
 * Wed May 24 2017 Dominik Perpeet <dperpeet@redhat.com> 138-8
 - Rebuild for new dependencies