Hello community, here is the log from the commit of package openssh for openSUSE:Factory checked in at 2019-03-01 20:27:19 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/openssh (Old) and /work/SRC/openSUSE:Factory/.openssh.new.28833 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "openssh" Fri Mar 1 20:27:19 2019 rev:129 rq:680205 version:7.9p1 Changes: -------- --- /work/SRC/openSUSE:Factory/openssh/openssh.changes 2019-02-25 17:47:01.798866284 +0100 +++ /work/SRC/openSUSE:Factory/.openssh.new.28833/openssh.changes 2019-03-01 20:27:20.874041373 +0100 @@ -1,0 +2,27 @@ +Thu Feb 28 19:20:58 UTC 2019 - Vítězslav Čížek <[email protected]> + +- Correctly filter out non-compliant algorithms when in FIPS mode + (bsc#1126397) + * A hunk was applied to a wrong place due to a patch fuzz when + the fips patch was being ported to openssh 7.9p1 +- update openssh-7.7p1-fips.patch + +------------------------------------------------------------------- +Wed Feb 27 12:29:05 UTC 2019 - Vítězslav Čížek <[email protected]> + +- Remove the "KexDHMin" config keyword (bsc#1127180) + It used to allow lowering of the minimal allowed DH group size, + which was increased to 2048 by upstream in the light of the Logjam + attack. + The code was broken since the upgrade to 7.6p1, but nobody noticed. + As apparently no one needs the functionality any more, let's drop + the patch. + It's still possible to use the fixed 1024-bit diffie-hellman-group1-sha1 + key exchange method when working with legacy systems. +- drop openssh-7.7p1-disable_short_DH_parameters.patch +- updated patches: + openssh-7.7p1-fips.patch + openssh-7.7p1-fips_checks.patch + openssh-7.7p1-gssapi_key_exchange.patch + +------------------------------------------------------------------- Old: ---- openssh-7.7p1-disable_short_DH_parameters.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ openssh.spec ++++++ --- /var/tmp/diff_new_pack.R7Rb9x/_old 2019-03-01 20:27:21.870041132 +0100 +++ /var/tmp/diff_new_pack.R7Rb9x/_new 2019-03-01 20:27:21.874041131 +0100 @@ -65,7 +65,6 @@ Patch8: openssh-7.7p1-remove_xauth_cookies_on_exit.patch Patch9: openssh-7.7p1-pts_names_formatting.patch Patch10: openssh-7.7p1-pam_check_locks.patch -Patch11: openssh-7.7p1-disable_short_DH_parameters.patch # https://bugzilla.mindrot.org/show_bug.cgi?id=2752 Patch14: openssh-7.7p1-seccomp_stat.patch # https://bugzilla.mindrot.org/show_bug.cgi?id=2752 ++++++ openssh-7.7p1-fips.patch ++++++ --- /var/tmp/diff_new_pack.R7Rb9x/_old 2019-03-01 20:27:21.950041113 +0100 +++ /var/tmp/diff_new_pack.R7Rb9x/_new 2019-03-01 20:27:21.950041113 +0100 @@ -5,8 +5,8 @@ Index: openssh-7.9p1/Makefile.in =================================================================== ---- openssh-7.9p1.orig/Makefile.in -+++ openssh-7.9p1/Makefile.in +--- openssh-7.9p1.orig/Makefile.in 2019-02-28 17:20:15.767164591 +0100 ++++ openssh-7.9p1/Makefile.in 2019-02-28 20:18:30.666473978 +0100 @@ -102,6 +102,8 @@ LIBSSH_OBJS=${LIBOPENSSH_OBJS} \ kexdhs.o kexgexs.o kexecdhs.o kexc25519s.o \ platform-pledge.o platform-tracing.o platform-misc.o @@ -18,8 +18,8 @@ Index: openssh-7.9p1/cipher-ctr.c =================================================================== ---- openssh-7.9p1.orig/cipher-ctr.c -+++ openssh-7.9p1/cipher-ctr.c +--- openssh-7.9p1.orig/cipher-ctr.c 2018-10-17 02:01:20.000000000 +0200 ++++ openssh-7.9p1/cipher-ctr.c 2019-02-28 17:20:15.919165544 +0100 @@ -27,6 +27,8 @@ #include "xmalloc.h" #include "log.h" @@ -40,8 +40,8 @@ } Index: openssh-7.9p1/cipher.c =================================================================== ---- openssh-7.9p1.orig/cipher.c -+++ openssh-7.9p1/cipher.c +--- openssh-7.9p1.orig/cipher.c 2018-10-17 02:01:20.000000000 +0200 ++++ openssh-7.9p1/cipher.c 2019-02-28 20:18:30.666473978 +0100 @@ -51,6 +51,8 @@ #include "openbsd-compat/openssl-compat.h" @@ -131,23 +131,11 @@ if (strcmp(c->name, name) == 0) return c; return NULL; -Index: openssh-7.9p1/dh.h -=================================================================== ---- openssh-7.9p1.orig/dh.h -+++ openssh-7.9p1/dh.h -@@ -52,6 +52,7 @@ u_int dh_estimate(int); - */ - #define DH_GRP_MIN_RFC 1024 - #define DH_GRP_MIN 2048 -+#define DH_GRP_MIN_FIPS 2048 - #define DH_GRP_MAX 8192 - - /* Index: openssh-7.9p1/fips.c =================================================================== ---- /dev/null -+++ openssh-7.9p1/fips.c -@@ -0,0 +1,237 @@ +--- /dev/null 1970-01-01 00:00:00.000000000 +0000 ++++ openssh-7.9p1/fips.c 2019-02-28 20:18:30.534473204 +0100 +@@ -0,0 +1,215 @@ +/* + * Copyright (c) 2012 Petr Cerny. All rights reserved. + * @@ -363,33 +351,11 @@ + return dgst; +} + -+int -+fips_dh_grp_min(void) -+{ -+ int fips; -+ int dh; -+ -+ fips = fips_mode(); -+ switch (fips) { -+ case 0: -+ dh = dh_grp_min; -+ break; -+ case 1: -+ dh = DH_GRP_MIN_FIPS; -+ break; -+ default: -+ /* should not be reached */ -+ fatal("Fatal error: incorrect FIPS mode '%i' at %s:%u", -+ fips, __FILE__, __LINE__); -+ } -+ return dh; -+} -+ Index: openssh-7.9p1/fips.h =================================================================== ---- /dev/null -+++ openssh-7.9p1/fips.h -@@ -0,0 +1,45 @@ +--- /dev/null 1970-01-01 00:00:00.000000000 +0000 ++++ openssh-7.9p1/fips.h 2019-02-28 20:18:30.534473204 +0100 +@@ -0,0 +1,44 @@ +/* + * Copyright (c) 2012 Petr Cerny. All rights reserved. + * @@ -429,7 +395,6 @@ +int fips_mode(void); +int fips_correct_dgst(int); +int fips_dgst_min(void); -+int fips_dh_grp_min(void); +enum fp_type fips_correct_fp_type(enum fp_type); +int fips_filter_crypto(char **, fips_filters); + @@ -437,8 +402,8 @@ + Index: openssh-7.9p1/hmac.c =================================================================== ---- openssh-7.9p1.orig/hmac.c -+++ openssh-7.9p1/hmac.c +--- openssh-7.9p1.orig/hmac.c 2018-10-17 02:01:20.000000000 +0200 ++++ openssh-7.9p1/hmac.c 2019-02-28 17:20:15.919165544 +0100 @@ -144,7 +144,7 @@ hmac_test(void *key, size_t klen, void * size_t i; u_char digest[16]; @@ -450,8 +415,8 @@ ssh_hmac_update(ctx, m, mlen) < 0 || Index: openssh-7.9p1/kex.c =================================================================== ---- openssh-7.9p1.orig/kex.c -+++ openssh-7.9p1/kex.c +--- openssh-7.9p1.orig/kex.c 2018-10-17 02:01:20.000000000 +0200 ++++ openssh-7.9p1/kex.c 2019-02-28 17:20:15.919165544 +0100 @@ -54,6 +54,8 @@ #include "sshbuf.h" #include "digest.h" @@ -547,59 +512,23 @@ free(s); return 0; } -Index: openssh-7.9p1/kexgexc.c -=================================================================== ---- openssh-7.9p1.orig/kexgexc.c -+++ openssh-7.9p1/kexgexc.c -@@ -53,8 +53,7 @@ - #include "sshbuf.h" - #include "misc.h" - --/* import from dh.c */ --extern int dh_grp_min; -+#include "fips.h" - - static int input_kex_dh_gex_group(int, u_int32_t, struct ssh *); - static int input_kex_dh_gex_reply(int, u_int32_t, struct ssh *); -@@ -68,7 +67,7 @@ kexgex_client(struct ssh *ssh) - - nbits = dh_estimate(kex->dh_need * 8); - -- kex->min = dh_grp_min; -+ kex->min = fips_dh_grp_min(); - kex->max = DH_GRP_MAX; - kex->nbits = nbits; - if (datafellows & SSH_BUG_DHGEX_LARGE) Index: openssh-7.9p1/kexgexs.c =================================================================== ---- openssh-7.9p1.orig/kexgexs.c -+++ openssh-7.9p1/kexgexs.c -@@ -56,8 +56,7 @@ +--- openssh-7.9p1.orig/kexgexs.c 2018-10-17 02:01:20.000000000 +0200 ++++ openssh-7.9p1/kexgexs.c 2019-02-28 17:20:15.923165569 +0100 +@@ -56,6 +56,8 @@ #include "sshbuf.h" #include "misc.h" --/* import from dh.c */ --extern int dh_grp_min; +#include "fips.h" - ++ static int input_kex_dh_gex_request(int, u_int32_t, struct ssh *); static int input_kex_dh_gex_init(int, u_int32_t, struct ssh *); -@@ -88,9 +87,9 @@ input_kex_dh_gex_request(int type, u_int - kex->nbits = nbits; - kex->min = min; - kex->max = max; -- min = MAXIMUM(dh_grp_min, min); -+ min = MAXIMUM(fips_dh_grp_min(), min); - max = MINIMUM(DH_GRP_MAX, max); -- nbits = MAXIMUM(dh_grp_min, nbits); -+ nbits = MAXIMUM(fips_dh_grp_min(), nbits); - nbits = MINIMUM(DH_GRP_MAX, nbits); - if (kex->max < kex->min || kex->nbits < kex->min || Index: openssh-7.9p1/mac.c =================================================================== ---- openssh-7.9p1.orig/mac.c -+++ openssh-7.9p1/mac.c +--- openssh-7.9p1.orig/mac.c 2018-10-17 02:01:20.000000000 +0200 ++++ openssh-7.9p1/mac.c 2019-02-28 17:20:15.923165569 +0100 @@ -40,6 +40,9 @@ #include "openbsd-compat/openssl-compat.h" @@ -681,8 +610,8 @@ if (mac != NULL) Index: openssh-7.9p1/myproposal.h =================================================================== ---- openssh-7.9p1.orig/myproposal.h -+++ openssh-7.9p1/myproposal.h +--- openssh-7.9p1.orig/myproposal.h 2018-10-17 02:01:20.000000000 +0200 ++++ openssh-7.9p1/myproposal.h 2019-02-28 17:20:15.923165569 +0100 @@ -151,6 +151,8 @@ #else /* WITH_OPENSSL */ @@ -694,17 +623,18 @@ "[email protected]" Index: openssh-7.9p1/readconf.c =================================================================== ---- openssh-7.9p1.orig/readconf.c -+++ openssh-7.9p1/readconf.c -@@ -68,6 +68,7 @@ +--- openssh-7.9p1.orig/readconf.c 2018-10-17 02:01:20.000000000 +0200 ++++ openssh-7.9p1/readconf.c 2019-02-28 20:18:54.650614520 +0100 +@@ -68,6 +68,8 @@ #include "myproposal.h" #include "digest.h" - #include "dh.h" -+#include "fips.h" ++#include "fips.h" ++ /* Format of the configuration file: -@@ -1825,6 +1826,23 @@ option_clear_or_none(const char *o) + # Configuration data is parsed as follows: +@@ -1816,6 +1818,23 @@ option_clear_or_none(const char *o) return o == NULL || strcasecmp(o, "none") == 0; } @@ -728,19 +658,7 @@ /* * Initializes options to special values that indicate that they have not yet * been set. Read_config_file will only set options with this value. Options -@@ -2025,9 +2043,9 @@ fill_default_options(Options * options) - if (options->number_of_password_prompts == -1) - options->number_of_password_prompts = 3; - if (options->kex_dhmin == -1) -- options->kex_dhmin = DH_GRP_MIN; -+ options->kex_dhmin = fips_dh_grp_min(); - else { -- options->kex_dhmin = MAXIMUM(options->kex_dhmin, DH_GRP_MIN_RFC); -+ options->kex_dhmin = MAXIMUM(options->kex_dhmin, fips_dh_grp_min()); - options->kex_dhmin = MINIMUM(options->kex_dhmin, DH_GRP_MAX); - } - dh_grp_min = options->kex_dhmin; -@@ -2112,6 +2130,8 @@ fill_default_options(Options * options) +@@ -2095,6 +2114,8 @@ fill_default_options(Options * options) options->canonicalize_hostname = SSH_CANONICALISE_NO; if (options->fingerprint_hash == -1) options->fingerprint_hash = SSH_FP_HASH_DEFAULT; @@ -749,19 +667,19 @@ if (options->update_hostkeys == -1) options->update_hostkeys = 0; -@@ -2594,6 +2614,7 @@ dump_client_config(Options *o, const cha - KEX_DEFAULT_PK_ALG, all_key) != 0) - fatal("%s: kex_assemble_names failed", __func__); +@@ -2122,6 +2143,7 @@ fill_default_options(Options * options) + free(all_kex); free(all_key); -+ filter_fips_algorithms(o); + free(all_sig); ++ filter_fips_algorithms(options); - /* Most interesting options first: user, host, port */ - dump_cfg_string(oUser, o->user); + #define CLEAR_ON_NONE(v) \ + do { \ Index: openssh-7.9p1/readconf.h =================================================================== ---- openssh-7.9p1.orig/readconf.h -+++ openssh-7.9p1/readconf.h -@@ -198,6 +198,7 @@ typedef struct { +--- openssh-7.9p1.orig/readconf.h 2018-10-17 02:01:20.000000000 +0200 ++++ openssh-7.9p1/readconf.h 2019-02-28 17:20:15.923165569 +0100 +@@ -197,6 +197,7 @@ typedef struct { #define SSH_STRICT_HOSTKEY_YES 2 #define SSH_STRICT_HOSTKEY_ASK 3 @@ -771,17 +689,17 @@ void fill_default_options_for_canonicalization(Options *); Index: openssh-7.9p1/servconf.c =================================================================== ---- openssh-7.9p1.orig/servconf.c -+++ openssh-7.9p1/servconf.c -@@ -65,6 +65,7 @@ +--- openssh-7.9p1.orig/servconf.c 2019-02-28 17:20:15.851165117 +0100 ++++ openssh-7.9p1/servconf.c 2019-02-28 17:20:15.923165569 +0100 +@@ -64,6 +64,7 @@ + #include "auth.h" #include "myproposal.h" #include "digest.h" - #include "dh.h" +#include "fips.h" - /* import from dh.c */ - extern int dh_grp_min; -@@ -195,6 +196,23 @@ option_clear_or_none(const char *o) + static void add_listen_addr(ServerOptions *, const char *, + const char *, int); +@@ -190,6 +191,23 @@ option_clear_or_none(const char *o) return o == NULL || strcasecmp(o, "none") == 0; } @@ -805,7 +723,7 @@ static void assemble_algorithms(ServerOptions *o) { -@@ -224,6 +242,8 @@ assemble_algorithms(ServerOptions *o) +@@ -219,6 +237,8 @@ assemble_algorithms(ServerOptions *o) free(all_kex); free(all_key); free(all_sig); @@ -814,19 +732,7 @@ } static void -@@ -273,9 +293,9 @@ fill_default_server_options(ServerOption - options->use_pam_check_locks = 0; - - if (options->kex_dhmin == -1) -- options->kex_dhmin = DH_GRP_MIN; -+ options->kex_dhmin = fips_dh_grp_min(); - else { -- options->kex_dhmin = MAXIMUM(options->kex_dhmin, DH_GRP_MIN_RFC); -+ options->kex_dhmin = MAXIMUM(options->kex_dhmin, fips_dh_grp_min()); - options->kex_dhmin = MINIMUM(options->kex_dhmin, DH_GRP_MAX); - } - dh_grp_min = options->kex_dhmin; -@@ -423,6 +443,8 @@ fill_default_server_options(ServerOption +@@ -410,6 +430,8 @@ fill_default_server_options(ServerOption options->fwd_opts.streamlocal_bind_unlink = 0; if (options->fingerprint_hash == -1) options->fingerprint_hash = SSH_FP_HASH_DEFAULT; @@ -837,8 +743,8 @@ if (options->expose_userauth_info == -1) Index: openssh-7.9p1/ssh-keygen.c =================================================================== ---- openssh-7.9p1.orig/ssh-keygen.c -+++ openssh-7.9p1/ssh-keygen.c +--- openssh-7.9p1.orig/ssh-keygen.c 2018-10-17 02:01:20.000000000 +0200 ++++ openssh-7.9p1/ssh-keygen.c 2019-02-28 17:20:15.923165569 +0100 @@ -61,6 +61,8 @@ #include "utf8.h" #include "authfd.h" @@ -913,8 +819,8 @@ if (!quiet) Index: openssh-7.9p1/ssh_config.0 =================================================================== ---- openssh-7.9p1.orig/ssh_config.0 -+++ openssh-7.9p1/ssh_config.0 +--- openssh-7.9p1.orig/ssh_config.0 2018-10-19 03:06:19.000000000 +0200 ++++ openssh-7.9p1/ssh_config.0 2019-02-28 17:20:15.923165569 +0100 @@ -353,6 +353,9 @@ DESCRIPTION Specifies the hash algorithm used when displaying key fingerprints. Valid options are: md5 and sha256 (the default). @@ -925,9 +831,9 @@ ForwardAgent Specifies whether the connection to the authentication agent (if any) will be forwarded to the remote machine. The argument must -@@ -627,6 +630,9 @@ DESCRIPTION - resort and all efforts should be made to fix the (broken) - counterparty. +@@ -610,6 +613,9 @@ DESCRIPTION + The list of available key exchange algorithms may also be + obtained using "ssh -Q kex". + In the FIPS mode the FIPS standard takes precedence over RFC and + forces the minimum to a higher value, currently 2048 bits. @@ -937,8 +843,8 @@ successfully connecting to the server. The command string Index: openssh-7.9p1/ssh_config.5 =================================================================== ---- openssh-7.9p1.orig/ssh_config.5 -+++ openssh-7.9p1/ssh_config.5 +--- openssh-7.9p1.orig/ssh_config.5 2018-10-17 02:01:20.000000000 +0200 ++++ openssh-7.9p1/ssh_config.5 2019-02-28 17:20:15.923165569 +0100 @@ -642,6 +642,8 @@ Valid options are: and .Cm sha256 @@ -948,20 +854,10 @@ .It Cm ForwardAgent Specifies whether the connection to the authentication agent (if any) will be forwarded to the remote machine. -@@ -1063,6 +1065,9 @@ maximum backward compatibility, using it - security and thus should be viewed as a temporary fix of last - resort and all efforts should be made to fix the (broken) - counterparty. -+.Pp -+In the FIPS mode the FIPS standard takes precedence over RFC and -+forces the minimum to a higher value, currently 2048 bits. - .It Cm LocalCommand - Specifies a command to execute on the local machine after successfully - connecting to the server. Index: openssh-7.9p1/sshd.c =================================================================== ---- openssh-7.9p1.orig/sshd.c -+++ openssh-7.9p1/sshd.c +--- openssh-7.9p1.orig/sshd.c 2018-10-17 02:01:20.000000000 +0200 ++++ openssh-7.9p1/sshd.c 2019-02-28 20:18:30.534473204 +0100 @@ -123,6 +123,8 @@ #include "version.h" #include "ssherr.h" @@ -973,8 +869,8 @@ #define REEXEC_STARTUP_PIPE_FD (STDERR_FILENO + 2) Index: openssh-7.9p1/sshd_config.0 =================================================================== ---- openssh-7.9p1.orig/sshd_config.0 -+++ openssh-7.9p1/sshd_config.0 +--- openssh-7.9p1.orig/sshd_config.0 2019-02-28 17:20:15.851165117 +0100 ++++ openssh-7.9p1/sshd_config.0 2019-02-28 17:20:15.927165594 +0100 @@ -348,6 +348,9 @@ DESCRIPTION Specifies the hash algorithm used when logging key fingerprints. Valid options are: md5 and sha256. The default is sha256. @@ -985,9 +881,9 @@ ForceCommand Forces the execution of the command specified by ForceCommand, ignoring any command supplied by the client and ~/.ssh/rc if -@@ -572,6 +575,9 @@ DESCRIPTION - resort and all efforts should be made to fix the (broken) - counterparty. +@@ -555,6 +558,9 @@ DESCRIPTION + The list of available key exchange algorithms may also be + obtained using "ssh -Q kex". + In the FIPS mode the FIPS standard takes precedence over RFC and + forces the minimum to a higher value, currently 2048 bits. @@ -997,8 +893,8 @@ following forms may be used: Index: openssh-7.9p1/sshd_config.5 =================================================================== ---- openssh-7.9p1.orig/sshd_config.5 -+++ openssh-7.9p1/sshd_config.5 +--- openssh-7.9p1.orig/sshd_config.5 2019-02-28 17:20:15.851165117 +0100 ++++ openssh-7.9p1/sshd_config.5 2019-02-28 17:20:15.927165594 +0100 @@ -603,6 +603,8 @@ and .Cm sha256 . The default is ++++++ openssh-7.7p1-fips_checks.patch ++++++ --- /var/tmp/diff_new_pack.R7Rb9x/_old 2019-03-01 20:27:21.958041111 +0100 +++ /var/tmp/diff_new_pack.R7Rb9x/_new 2019-03-01 20:27:21.958041111 +0100 @@ -14,10 +14,10 @@ # file is not found (or the hash matches), proceed in non-FIPS mode and abort # otherwise. -Index: openssh-7.8p1/fips-check.c +Index: openssh-7.9p1/fips-check.c =================================================================== ---- /dev/null -+++ openssh-7.8p1/fips-check.c +--- /dev/null 1970-01-01 00:00:00.000000000 +0000 ++++ openssh-7.9p1/fips-check.c 2019-02-27 14:03:03.383988170 +0100 @@ -0,0 +1,34 @@ +#include "includes.h" +#include <fcntl.h> @@ -53,10 +53,10 @@ + fips_ssh_init(); + return 0; +} -Index: openssh-7.8p1/fips.c +Index: openssh-7.9p1/fips.c =================================================================== ---- openssh-7.8p1.orig/fips.c -+++ openssh-7.8p1/fips.c +--- openssh-7.9p1.orig/fips.c 2019-02-27 14:03:03.323987792 +0100 ++++ openssh-7.9p1/fips.c 2019-02-27 14:03:03.383988170 +0100 @@ -35,33 +35,296 @@ #include "log.h" #include "xmalloc.h" @@ -365,15 +365,10 @@ int fips_mode(void) { -@@ -234,4 +497,3 @@ fips_dh_grp_min(void) - } - return dh; - } -- -Index: openssh-7.8p1/fips.h +Index: openssh-7.9p1/fips.h =================================================================== ---- openssh-7.8p1.orig/fips.h -+++ openssh-7.8p1/fips.h +--- openssh-7.9p1.orig/fips.h 2019-02-27 14:03:03.323987792 +0100 ++++ openssh-7.9p1/fips.h 2019-02-27 14:03:03.383988170 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2012 Petr Cerny. All rights reserved. @@ -410,15 +405,15 @@ int fips_mode(void); int fips_correct_dgst(int); int fips_dgst_min(void); -@@ -42,4 +57,3 @@ enum fp_type fips_correct_fp_type(enum +@@ -41,4 +56,3 @@ enum fp_type fips_correct_fp_type(enum int fips_filter_crypto(char **, fips_filters); #endif - -Index: openssh-7.8p1/sftp-server.c +Index: openssh-7.9p1/sftp-server.c =================================================================== ---- openssh-7.8p1.orig/sftp-server.c -+++ openssh-7.8p1/sftp-server.c +--- openssh-7.9p1.orig/sftp-server.c 2018-10-17 02:01:20.000000000 +0200 ++++ openssh-7.9p1/sftp-server.c 2019-02-27 14:03:03.383988170 +0100 @@ -51,6 +51,8 @@ #include "sftp.h" #include "sftp-common.h" @@ -438,10 +433,10 @@ ssh_malloc_init(); /* must be called before any mallocs */ __progname = ssh_get_progname(argv[0]); log_init(__progname, log_level, log_facility, log_stderr); -Index: openssh-7.8p1/ssh.c +Index: openssh-7.9p1/ssh.c =================================================================== ---- openssh-7.8p1.orig/ssh.c -+++ openssh-7.8p1/ssh.c +--- openssh-7.9p1.orig/ssh.c 2018-10-17 02:01:20.000000000 +0200 ++++ openssh-7.9p1/ssh.c 2019-02-27 14:03:03.387988194 +0100 @@ -113,6 +113,8 @@ #include "ssh-pkcs11.h" #endif @@ -462,11 +457,11 @@ ssh_malloc_init(); /* must be called before any mallocs */ /* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */ sanitise_stdfd(); -Index: openssh-7.8p1/sshd.c +Index: openssh-7.9p1/sshd.c =================================================================== ---- openssh-7.8p1.orig/sshd.c -+++ openssh-7.8p1/sshd.c -@@ -1486,6 +1486,10 @@ main(int ac, char **av) +--- openssh-7.9p1.orig/sshd.c 2019-02-27 14:03:03.327987816 +0100 ++++ openssh-7.9p1/sshd.c 2019-02-27 14:03:03.387988194 +0100 +@@ -1485,6 +1485,10 @@ main(int ac, char **av) Authctxt *authctxt; struct connection_info *connection_info = NULL; ++++++ openssh-7.7p1-gssapi_key_exchange.patch ++++++ ++++ 651 lines (skipped) ++++ between /work/SRC/openSUSE:Factory/openssh/openssh-7.7p1-gssapi_key_exchange.patch ++++ and /work/SRC/openSUSE:Factory/.openssh.new.28833/openssh-7.7p1-gssapi_key_exchange.patch
