Updated the patch with a suggestion from upstream.

- Add a patch to fix a regression introduced in 9.6 that makes X11
  forwarding very slow. Submitted to upstream in
  https://bugzilla.mindrot.org/show_bug.cgi?id=3655#c4 . Fixes
  bsc#1229449:
  * fix-x11-regression-bsc1229449.patch
- Remove empty line at the end of sshd-sle.pamd (bsc#1227456)

OBS-URL: https://build.opensuse.org/package/show/network/openssh?expand=0&rev=277

fix-x11-regression-bsc1229449.patch

@@ -0,0 +1,56 @@
+Index: openssh-9.9p1/clientloop.c
+===================================================================
+--- openssh-9.9p1.orig/clientloop.c
++++ openssh-9.9p1/clientloop.c
+@@ -663,9 +663,10 @@ obfuscate_keystroke_timing(struct ssh *s
+ 	if (just_started)
+ 		return 1;
+ 
+-	/* Don't arm output fd for poll until the timing interval has elapsed */
++	/* Don't arm output fd for poll until the timing interval has elapsed... */
+ 	if (timespeccmp(&now, &next_interval, <))
+-		return 0;
++		/* ...unless there's x11 communicattion happening */
++		return x11_channel_used_recently(ssh);
+ 
+ 	/* Calculate number of intervals missed since the last check */
+ 	n = (now.tv_sec - next_interval.tv_sec) * 1000LL * 1000 * 1000;
+Index: openssh-9.9p1/channels.c
+===================================================================
+--- openssh-9.9p1.orig/channels.c
++++ openssh-9.9p1/channels.c
+@@ -5352,3 +5352,22 @@ x11_request_forwarding_with_spoofing(str
+ 		fatal_fr(r, "send x11-req");
+ 	free(new_data);
+ }
++
++/*
++ * Returns whether an x11 channel was used recently (less than a second ago)
++ */
++int
++x11_channel_used_recently(struct ssh *ssh) {
++	u_int i;
++	Channel *c;
++	time_t lastused = 0;
++
++	for (i = 0; i < ssh->chanctxt->channels_alloc; i++) {
++	    c = ssh->chanctxt->channels[i];
++	    if (c == NULL || c->ctype == NULL || c->lastused == 0 ||
++		strcmp(c->ctype, "x11-connection"))
++		continue;
++	    lastused = c->lastused;
++	}
++	return (lastused != 0 && monotime() < lastused + 1);
++}
+Index: openssh-9.9p1/channels.h
+===================================================================
+--- openssh-9.9p1.orig/channels.h
++++ openssh-9.9p1/channels.h
+@@ -382,6 +382,7 @@ int	 x11_connect_display(struct ssh *);
+ int	 x11_create_display_inet(struct ssh *, int, int, int, u_int *, int **);
+ void	 x11_request_forwarding_with_spoofing(struct ssh *, int,
+ 	    const char *, const char *, const char *, int);
++int      x11_channel_used_recently(struct ssh *ssh);
+ 
+ /* channel close */
+ 

openssh.changes

@@ -1,3 +1,13 @@
+-------------------------------------------------------------------
+Fri Oct 11 09:28:30 UTC 2024 - Antonio Larrosa <alarrosa@suse.com>
+
+- Add a patch to fix a regression introduced in 9.6 that makes X11
+  forwarding very slow. Submitted to upstream in
+  https://bugzilla.mindrot.org/show_bug.cgi?id=3655#c4 . Fixes
+  bsc#1229449:
+  * fix-x11-regression-bsc1229449.patch
+- Remove empty line at the end of sshd-sle.pamd (bsc#1227456)
+
 -------------------------------------------------------------------
 Wed Sep 25 10:45:17 UTC 2024 - Antonio Larrosa <alarrosa@suse.com>
 

openssh.spec

@@ -141,9 +141,11 @@ Patch106:       openssh-7.6p1-cleanup-selinux.patch
 # 200 - 300  --  Patches submitted to upstream
 # PATCH-FIX-UPSTREAM -- https://github.com/openssh/openssh-portable/pull/452 boo#1229010
 Patch200:       0001-auth-pam-Immediately-report-instructions-to-clients-and-fix-handling-in-ssh-client.patch
+# PATCH-FIX-UPSTREAM -- https://bugzilla.mindrot.org/show_bug.cgi?id=3655#c4
+Patch201:       fix-x11-regression-bsc1229449.patch
 # 1000 - 2000  --  Conditional patches
-# PATCH-FIX-OPENSUSE bsc#1211301 Add crypto-policies support
 %if 0%{with crypto_policies}
+# PATCH-FIX-OPENSUSE bsc#1211301 Add crypto-policies support
 Patch1000:      openssh-9.6p1-crypto-policies.patch
 Patch1001:      openssh-9.6p1-crypto-policies-man.patch
 %endif

sshd-sle.pamd

@@ -8,4 +8,3 @@ session     required    pam_loginuid.so
 session     optional    pam_keyinit.so   force revoke
 session     include     common-session
 session     optional    pam_motd.so
-