pool/openssh
SHA256
2
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Updated the patch with a suggestion from upstream.

Browse Source 
- Add a patch to fix a regression introduced in 9.6 that makes X11
  forwarding very slow. Submitted to upstream in
  https://bugzilla.mindrot.org/show_bug.cgi?id=3655#c4 . Fixes
  bsc#1229449:
  * fix-x11-regression-bsc1229449.patch
- Remove empty line at the end of sshd-sle.pamd (bsc#1227456)

OBS-URL: https://build.opensuse.org/package/show/network/openssh?expand=0&rev=277
This commit is contained in:
Antonio Larrosa 2024-10-14 06:33:00 +00:00 committed by Git OBS Bridge
parent a77a72fabb
commit 77273f8679
4 changed files with 69 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

56
fix-x11-regression-bsc1229449.patch Normal file
View File

@ -0,0 +1,56 @@
Index: openssh-9.9p1/clientloop.c
===================================================================
--- openssh-9.9p1.orig/clientloop.c
+++ openssh-9.9p1/clientloop.c
@@ -663,9 +663,10 @@ obfuscate_keystroke_timing(struct ssh *s
if (just_started)
return 1;
- /* Don't arm output fd for poll until the timing interval has elapsed */
+ /* Don't arm output fd for poll until the timing interval has elapsed... */
if (timespeccmp(&now, &next_interval, <))
- return 0;
+ /* ...unless there's x11 communicattion happening */
+ return x11_channel_used_recently(ssh);
/* Calculate number of intervals missed since the last check */
n = (now.tv_sec - next_interval.tv_sec) * 1000LL * 1000 * 1000;
Index: openssh-9.9p1/channels.c
===================================================================
--- openssh-9.9p1.orig/channels.c
+++ openssh-9.9p1/channels.c
@@ -5352,3 +5352,22 @@ x11_request_forwarding_with_spoofing(str
fatal_fr(r, "send x11-req");
free(new_data);
}
+
+/*
+ * Returns whether an x11 channel was used recently (less than a second ago)
+ */
+int
+x11_channel_used_recently(struct ssh *ssh) {
+ u_int i;
+ Channel *c;
+ time_t lastused = 0;
+
+ for (i = 0; i < ssh->chanctxt->channels_alloc; i++) {
+ c = ssh->chanctxt->channels[i];
+ if (c == NULL || c->ctype == NULL || c->lastused == 0 ||
+ strcmp(c->ctype, "x11-connection"))
+ continue;
+ lastused = c->lastused;
+ }
+ return (lastused != 0 && monotime() < lastused + 1);
+}
Index: openssh-9.9p1/channels.h
===================================================================
--- openssh-9.9p1.orig/channels.h
+++ openssh-9.9p1/channels.h
@@ -382,6 +382,7 @@ int x11_connect_display(struct ssh *);
int x11_create_display_inet(struct ssh *, int, int, int, u_int *, int **);
void x11_request_forwarding_with_spoofing(struct ssh *, int,
const char *, const char *, const char *, int);
+int x11_channel_used_recently(struct ssh *ssh);
/* channel close */

10
openssh.changes
View File

@ -1,3 +1,13 @@
-------------------------------------------------------------------
Fri Oct 11 09:28:30 UTC 2024 - Antonio Larrosa <alarrosa@suse.com>
- Add a patch to fix a regression introduced in 9.6 that makes X11
forwarding very slow. Submitted to upstream in
https://bugzilla.mindrot.org/show_bug.cgi?id=3655#c4 . Fixes
bsc#1229449:
* fix-x11-regression-bsc1229449.patch
- Remove empty line at the end of sshd-sle.pamd (bsc#1227456)
------------------------------------------------------------------- -------------------------------------------------------------------
Wed Sep 25 10:45:17 UTC 2024 - Antonio Larrosa <alarrosa@suse.com> Wed Sep 25 10:45:17 UTC 2024 - Antonio Larrosa <alarrosa@suse.com>

4
openssh.spec
View File

@ -141,9 +141,11 @@ Patch106: openssh-7.6p1-cleanup-selinux.patch
# 200 - 300 -- Patches submitted to upstream # 200 - 300 -- Patches submitted to upstream
# PATCH-FIX-UPSTREAM -- https://github.com/openssh/openssh-portable/pull/452 boo#1229010 # PATCH-FIX-UPSTREAM -- https://github.com/openssh/openssh-portable/pull/452 boo#1229010
Patch200: 0001-auth-pam-Immediately-report-instructions-to-clients-and-fix-handling-in-ssh-client.patch Patch200: 0001-auth-pam-Immediately-report-instructions-to-clients-and-fix-handling-in-ssh-client.patch
# PATCH-FIX-UPSTREAM -- https://bugzilla.mindrot.org/show_bug.cgi?id=3655#c4
Patch201: fix-x11-regression-bsc1229449.patch
# 1000 - 2000 -- Conditional patches # 1000 - 2000 -- Conditional patches
# PATCH-FIX-OPENSUSE bsc#1211301 Add crypto-policies support
%if 0%{with crypto_policies} %if 0%{with crypto_policies}
# PATCH-FIX-OPENSUSE bsc#1211301 Add crypto-policies support
Patch1000: openssh-9.6p1-crypto-policies.patch Patch1000: openssh-9.6p1-crypto-policies.patch
Patch1001: openssh-9.6p1-crypto-policies-man.patch Patch1001: openssh-9.6p1-crypto-policies-man.patch
%endif %endif

1
sshd-sle.pamd
View File

@ -8,4 +8,3 @@ session required pam_loginuid.so
session optional pam_keyinit.so force revoke session optional pam_keyinit.so force revoke
session include common-session session include common-session
session optional pam_motd.so session optional pam_motd.so