Accepting request 433779 from home:pcerny:factory

- remaining patches that were still missing
  since the update to 7.2p2 (FATE#319675):
  [openssh-7.2p2-disable_openssl_abi_check.patch]
- fix forwarding with IPv6 addresses in DISPLAY (bnc#847710)
  [openssh-7.2p2-IPv6_X_forwarding.patch]
- ignore PAM environment when using login
  (bsc#975865, CVE-2015-8325)
  [openssh-7.2p2-ignore_PAM_with_UseLogin.patch]
- limit accepted password length (prevents possible DoS)
  (bsc#992533, CVE-2016-6515)
  [openssh-7.2p2-limit_password_length.patch]
- Prevent user enumeration through the timing of password
  processing (bsc#989363, CVE-2016-6210)
  [openssh-7.2p2-prevent_timing_user_enumeration.patch]
- Add auditing for PRNG re-seeding
  [openssh-7.2p2-audit_seed_prng.patch]

OBS-URL: https://build.opensuse.org/request/show/433779
OBS-URL: https://build.opensuse.org/package/show/network/openssh?expand=0&rev=113

openssh-7.2p2-IPv6_X_forwarding.patch

@@ -0,0 +1,72 @@
+# HG changeset patch
+# Parent  8c4cb20b9633595de68131224b2d434e8dc41e17
+Correctly parse DISPLAY variable for cases where it contains an IPv6 address
+(which should - but not always is - in (square) brackets).
+
+bnc#847710 - https://bugzilla.novell.com/show_bug.cgi?id=847710
+
+diff --git a/openssh-7.2p2/channels.c b/openssh-7.2p2/channels.c
+--- a/openssh-7.2p2/channels.c
++++ b/openssh-7.2p2/channels.c
+@@ -4049,18 +4049,19 @@ x11_connect_display(void)
+ 		/* OK, we now have a connection to the display. */
+ 		return sock;
+ 	}
+ #endif
+ 	/*
+ 	 * Check if it is a unix domain socket.  Unix domain displays are in
+ 	 * one of the following formats: unix:d[.s], :d[.s], ::d[.s]
+ 	 */
++	cp = strrchr(display, ':');
+ 	if (strncmp(display, "unix:", 5) == 0 ||
+-	    display[0] == ':') {
++	    (display[0] == ':' && ((cp - display) < 2)) ) {
+ 		/* Connect to the unix domain socket. */
+ 		if (sscanf(strrchr(display, ':') + 1, "%u", &display_number) != 1) {
+ 			error("Could not parse display number from DISPLAY: %.100s",
+ 			    display);
+ 			return -1;
+ 		}
+ 		/* Create a socket. */
+ 		sock = connect_local_xsocket(display_number);
+@@ -4068,30 +4069,39 @@ x11_connect_display(void)
+ 			return -1;
+ 
+ 		/* OK, we now have a connection to the display. */
+ 		return sock;
+ 	}
+ 	/*
+ 	 * Connect to an inet socket.  The DISPLAY value is supposedly
+ 	 * hostname:d[.s], where hostname may also be numeric IP address.
++	 * Note that IPv6 numberic addresses contain colons (e.g. ::1:0)
+ 	 */
+ 	strlcpy(buf, display, sizeof(buf));
+-	cp = strchr(buf, ':');
++	cp = strrchr(buf, ':');
+ 	if (!cp) {
+ 		error("Could not find ':' in DISPLAY: %.100s", display);
+ 		return -1;
+ 	}
+ 	*cp = 0;
+ 	/* buf now contains the host name.  But first we parse the display number. */
+ 	if (sscanf(cp + 1, "%u", &display_number) != 1) {
+ 		error("Could not parse display number from DISPLAY: %.100s",
+ 		    display);
+ 		return -1;
+ 	}
++	
++	/* Remove brackets surrounding IPv6 addresses if there are any. */
++	if (buf[0] == '[' && (cp = strchr(buf, ']'))) {
++		*cp = 0;
++		cp = buf + 1;
++	} else {
++		cp = buf;
++	}
+ 
+ 	/* Look up the host address */
+ 	memset(&hints, 0, sizeof(hints));
+ 	hints.ai_family = IPv4or6;
+ 	hints.ai_socktype = SOCK_STREAM;
+ 	snprintf(strport, sizeof strport, "%u", 6000 + display_number);
+ 	if ((gaierr = getaddrinfo(buf, strport, &hints, &aitop)) != 0) {
+ 		error("%.100s: unknown host. (%s)", buf,

openssh-7.2p2-X11_trusted_forwarding.patch

@@ -1,5 +1,5 @@
 # HG changeset patch
-# Parent  d11948586a6da11e968278f55b48318b2263802b
+# Parent  7197d7a6b7c90566c68e980b5f8b937c183e79d0
 # enable trusted X11 forwarding by default in both sshd and sshsystem-wide
 # configuration
 # bnc#50836 (was suse #35836)

openssh-7.2p2-X_forward_with_disabled_ipv6.patch

@@ -1,5 +1,5 @@
 # HG changeset patch
-# Parent  3d4efb38a918055f977a08aa7d1486a04bee6e11
+# Parent  28e8840bbf49c6e603bf2b55a08ed9050a60f9fb
 Do not throw away already open sockets for X11 forwarding if another socket
 family is not available for bind()
 

openssh-7.2p2-additional_seccomp_archs.patch

@@ -1,5 +1,5 @@
 # HG changeset patch
-# Parent  27b9bd4a1a53a28b5e9eda0a9c013d98f821149b
+# Parent  e7bdbc5ea8971599466becf01bff12b9fcb5df3e
 Enable the seccomp-bpf sandbox on more architectures
 
 upstream commit: b9c50614eba9d90939b2b119b6e1b7e03b462278 (7.3p1)
@@ -7,7 +7,7 @@ Author: Damien Miller <djm@mindrot.org>
 Date:   Fri Jul 8 13:59:13 2016 +1000
 
     whitelist more architectures for seccomp-bpf
-    
+
     bz#2590 - testing and patch from Jakub Jelen
 
 diff --git a/openssh-7.2p2/configure.ac b/openssh-7.2p2/configure.ac

openssh-7.2p2-allow_DSS_by_default.patch

@@ -1,5 +1,5 @@
 # HG changeset patch
-# Parent  ec31f6a59145c0db748855bd5bc178161591dae9
+# Parent  d33bce122aa351a56ce457be35feda52171f9088
 Enable DSS authentication by default to maintain compatibility with older
 versions.
 

openssh-7.2p2-allow_root_password_login.patch

@@ -1,5 +1,5 @@
 # HG changeset patch
-# Parent  aab6d99cb51e48a9046c3d7be8443b83b8ee5127
+# Parent  c43ae523939377778762e81743b77b3c75eb4bd1
 Allow root login with password by default. While less secure than upstream
 default of forbidding access to the root account with a password, we are
 temporarily introducing this change to keep the default used in older OpenSSH

openssh-7.2p2-audit.patch

@@ -1,7 +1,6 @@
 # HG changeset patch
-# Parent  cca48c52e3c70244e7f52d4fb3f86f920d5c8e0f
-Extended auditing through Linux Audit subsystem
-bz#1402
+# Parent  af5c4026e36e7aa181c164d2eca72b7e2a8a897a
+Extended auditing through the Linux Auditing subsystem
 
 diff --git a/openssh-7.2p2/Makefile.in b/openssh-7.2p2/Makefile.in
 --- a/openssh-7.2p2/Makefile.in

openssh-7.2p2-audit_seed_prng.patch

@@ -0,0 +1,116 @@
+# HG changeset patch
+# Parent  3aad88a155050008275527c0624ae6fa05d0cdad
+Audit PRNG re-seeding
+
+diff --git a/openssh-7.2p2/audit-bsm.c b/openssh-7.2p2/audit-bsm.c
+--- a/openssh-7.2p2/audit-bsm.c
++++ b/openssh-7.2p2/audit-bsm.c
+@@ -504,9 +504,15 @@ audit_destroy_sensitive_data(const char 
+ 	/* not implemented */
+ }
+ 
+ void
+ audit_generate_ephemeral_server_key(const char *fp)
+ {
+ 	/* not implemented */
+ }
++
++void
++audit_linux_prng_seed(long bytes, const char *rf)
++{
++	/* not implemented */
++}
+ #endif /* BSM */
+diff --git a/openssh-7.2p2/audit-linux.c b/openssh-7.2p2/audit-linux.c
+--- a/openssh-7.2p2/audit-linux.c
++++ b/openssh-7.2p2/audit-linux.c
+@@ -402,9 +402,31 @@ audit_generate_ephemeral_server_key(cons
+ 	}
+ 	audit_ok = audit_log_user_message(audit_fd, AUDIT_CRYPTO_KEY_USER,
+ 			buf, NULL, 0, NULL, 1);
+ 	audit_close(audit_fd);
+ 	/* do not abort if the error is EPERM and sshd is run as non root user */
+ 	if ((audit_ok < 0) && ((audit_ok != -1) || (getuid() == 0)))
+ 		error("cannot write into audit");
+ }
++
++void
++audit_linux_prng_seed(long bytes, const char *rf)
++{
++	char buf[AUDIT_LOG_SIZE];
++	int audit_fd, audit_ok;
++
++	snprintf(buf, sizeof(buf), "op=prng_seed kind=server bytes=%li source=%s ", bytes, rf);
++	audit_fd = audit_open();
++	if (audit_fd < 0) {
++		if (errno != EINVAL && errno != EPROTONOSUPPORT &&
++					 errno != EAFNOSUPPORT)
++			error("cannot open audit");
++		return;
++	}
++	audit_ok = audit_log_user_message(audit_fd, AUDIT_CRYPTO_PARAM_CHANGE_USER,
++			buf, NULL, 0, NULL, 1);
++	audit_close(audit_fd);
++	/* do not abort if the error is EPERM and sshd is run as non root user */
++	if ((audit_ok < 0) && ((audit_ok != -1) || (getuid() == 0)))
++		error("cannot write into audit");
++}
+ #endif /* USE_LINUX_AUDIT */
+diff --git a/openssh-7.2p2/audit.c b/openssh-7.2p2/audit.c
+--- a/openssh-7.2p2/audit.c
++++ b/openssh-7.2p2/audit.c
+@@ -304,10 +304,16 @@ audit_destroy_sensitive_data(const char 
+ /*
+  * This will be called on generation of the ephemeral server key
+  */
+ void
+ audit_generate_ephemeral_server_key(const char *)
+ {
+ 	debug("audit create ephemeral server key euid %d fingerprint %s", geteuid(), fp);
+ }
++
++void
++audit_linux_prng_seed(long bytes, const char *rf)
++{
++	debug("audit PRNG seed euid %d bytes %li source %s", geteuid(), bytes, rf);
++}
+ # endif  /* !defined CUSTOM_SSH_AUDIT_EVENTS */
+ #endif /* SSH_AUDIT_EVENTS */
+diff --git a/openssh-7.2p2/audit.h b/openssh-7.2p2/audit.h
+--- a/openssh-7.2p2/audit.h
++++ b/openssh-7.2p2/audit.h
+@@ -69,10 +69,11 @@ void	audit_key(int, int *, const Key *);
+ void	audit_unsupported(int);
+ void	audit_kex(int, char *, char *, char *, char *);
+ void	audit_unsupported_body(int);
+ void	audit_kex_body(int, char *, char *, char *, char *, pid_t, uid_t);
+ void	audit_session_key_free(int ctos);
+ void	audit_session_key_free_body(int ctos, pid_t, uid_t);
+ void	audit_destroy_sensitive_data(const char *, pid_t, uid_t);
+ void	audit_generate_ephemeral_server_key(const char *);
++void	audit_linux_prng_seed(long, const char *);
+ 
+ #endif /* _SSH_AUDIT_H */
+diff --git a/openssh-7.2p2/sshd.c b/openssh-7.2p2/sshd.c
+--- a/openssh-7.2p2/sshd.c
++++ b/openssh-7.2p2/sshd.c
+@@ -1421,16 +1421,19 @@ server_accept_loop(int *sock_in, int *so
+ 					if (maxfd < startup_p[0])
+ 						maxfd = startup_p[0];
+ 					startups++;
+ 					break;
+ 				}
+ 			if(!(--re_seeding_counter)) {
+ 				re_seeding_counter = RESEED_AFTER;
+ 				linux_seed();
++#ifdef SSH_AUDIT_EVENTS
++				audit_linux_prng_seed(rand_bytes, rand_file);
++#endif
+ 			}
+ 
+ 			/*
+ 			 * Got connection.  Fork a child to handle it, unless
+ 			 * we are in debugging mode.
+ 			 */
+ 			if (debug_flag) {
+ 				/*

openssh-7.2p2-blocksigalrm.patch

@@ -1,5 +1,5 @@
 # HG changeset patch
-# Parent  0c50460ce313d041c2484d21ab810c8ee487cded
+# Parent  0bfb5dd4b190b546a3e40a59483b2b2884a47c39
 block SIGALRM while logging through syslog to prevent deadlocks
 (through grace_alarm_handler())
 

openssh-7.2p2-disable_openssl_abi_check.patch

@@ -1,5 +1,5 @@
 # HG changeset patch
-# Parent  2d4a91c3c6c5b161f21511712889c2906fa158a4
+# Parent  16c4937db837ab7cdbe0422b81de0e7a9a8479cd
 disable run-time check for OpenSSL ABI by version number as that is not a
 reliable indicator of ABI changes and doesn't make much sense in a
 distribution package

openssh-7.2p2-disable_short_DH_parameters.patch

@@ -1,5 +1,5 @@
 # HG changeset patch
-# Parent  69bdfde8282f9ab67c29e431a74916c045301ff5
+# Parent  7b5f436e0026923299fdd1994f8da8fd9948be7c
 
 Raise minimal size of DH group parameters to 2048 bits like upstream did in
 7.2. 1024b values are believed to be in breaking range for state adversaries

openssh-7.2p2-dont_use_pthreads_in_PAM.patch

@@ -1,5 +1,5 @@
 # HG changeset patch
-# Parent  93f67586b27e7f018c5b34e33f8156df772e980d
+# Parent  e4886597a8984ae1594b6866fe1b232370b23529
 # posix threads are generally not supported nor safe
 # (see upstream log from 2005-05-24)
 # --used to be called '-pam-fix3'

openssh-7.2p2-eal3.patch

@@ -1,5 +1,5 @@
 # HG changeset patch
-# Parent  8e5876ee9478740b83887db9fc6e3b1605848534
+# Parent  f19426f2fa9c634474e635bf33b86acea0518f6d
 fix paths and references in sshd man pages
 
 diff --git a/openssh-7.2p2/sshd.8 b/openssh-7.2p2/sshd.8

openssh-7.2p2-enable_PAM_by_default.patch

@@ -1,5 +1,5 @@
 # HG changeset patch
-# Parent  a51f9cba48652fc5df45b9ac8bd238268c70673c
+# Parent  980f301b2920c09b30577dd722546bca85d25fc1
 # force PAM in defaullt install (this was removed from upstream in 3.8p1)
 # bnc#46749
 # --used to be called '-pam-fix2'

openssh-7.2p2-fips.patch

@@ -1,5 +1,5 @@
 # HG changeset patch
-# Parent  0c3e1f1c3b2ab533f9cb1c82fb75ff247a9c71b1
+# Parent  3e1393b771d6430ae09ae30741a3b9b382e3e041
 FIPS 140-2 compliance. Perform selftests on start and use only FIPS approved
 algorithms.
 

openssh-7.2p2-gssapi_key_exchange.patch

@@ -1,5 +1,5 @@
 # HG changeset patch
-# Parent  9240088fbf80624f62dc79bcf5f3113a1b6dddd8
+# Parent  84a6252b7ac18855cf188e5911bdf8a757d4460a
 GSSAPI Key Exchange implementation
 
 diff --git a/openssh-7.2p2/ChangeLog.gssapi b/openssh-7.2p2/ChangeLog.gssapi

openssh-7.2p2-host_ident.patch

@@ -1,5 +1,5 @@
 # HG changeset patch
-# Parent  fe2618b7337c0d97483dc98a6b53636c89f3d371
+# Parent  605a6220fcc2c96e9196681fe480fab16b505ee1
 Suggest command line for removal of offending keys from known_hosts file
 
 diff --git a/openssh-7.2p2/sshconnect.c b/openssh-7.2p2/sshconnect.c

openssh-7.2p2-hostname_changes_when_forwarding_X.patch

@@ -1,5 +1,5 @@
 # HG changeset patch
-# Parent  7e84e692f90c19e76a4180d54c7fdda2752c6c41
+# Parent  f7ba2081f120bd1e44dbe68737c898f078725aab
 # -- uset do be called '-xauthlocalhostname'
 handle hostname changes when forwarding X
 

openssh-7.2p2-ignore_PAM_with_UseLogin.patch

@@ -0,0 +1,33 @@
+# HG changeset patch
+# Parent  cb9be7363a9f32133f0d105d515149dd77cc8cd3
+
+Do not import PAM environment variables when using login, since it may have
+security implications.
+
+CVE-2015-8325
+bsc#975865
+
+Backport of upstream commit 85bdcd7c92fe7ff133bbc4e10a65c91810f88755
+
+diff --git a/openssh-7.2p2/session.c b/openssh-7.2p2/session.c
+--- a/openssh-7.2p2/session.c
++++ b/openssh-7.2p2/session.c
+@@ -1351,17 +1351,17 @@ do_setup_env(Session *s, const char *she
+ 		child_set_env(&env, &envsize, "KRB5CCNAME",
+ 		    s->authctxt->krb5_ccname);
+ #endif
+ #ifdef USE_PAM
+ 	/*
+ 	 * Pull in any environment variables that may have
+ 	 * been set by PAM.
+ 	 */
+-	if (options.use_pam) {
++	if (options.use_pam && !options.use_login) {
+ 		char **p;
+ 
+ 		p = fetch_pam_child_environment();
+ 		copy_environment(p, &env, &envsize);
+ 		free_pam_environment(p);
+ 
+ 		p = fetch_pam_environment();
+ 		copy_environment(p, &env, &envsize);

openssh-7.2p2-lastlog.patch

@@ -1,5 +1,5 @@
 # HG changeset patch
-# Parent  3007da75cc9c93ead70a4971b9057d230178511c
+# Parent  79c00e0f450c33b3f545ef104112b55186290e2c
 # set uid for functions that use it to seek in lastlog and wtmp files
 # bnc#18024 (was suse #3024)
 

openssh-7.2p2-ldap.patch

@@ -1,5 +1,5 @@
 # HG changeset patch
-# Parent  fac59d81a8fba12278aea6a7b8a88b02fe02155a
+# Parent  b8135c449e59282a8926ff44fcb4670baf8f158e
 # Helper app for retrieving keys from a LDAP server
 # by Jan F. Chadima <jchadima@redhat.com>
 #

openssh-7.2p2-limit_password_length.patch

@@ -0,0 +1,52 @@
+# HG changeset patch
+# Parent  e351203d2784230a3b56b8e3dd6955403ed10ca4
+Limit accepted passwords length to prevent DoS by resource consumption
+(via crypt() eating CPU cycles).
+
+CVE-2016-6515
+bsc#992533
+
+upstream commit: fcd135c9df440bcd2d5870405ad3311743d78d97
+
+diff --git a/openssh-7.2p2/auth-passwd.c b/openssh-7.2p2/auth-passwd.c
+--- a/openssh-7.2p2/auth-passwd.c
++++ b/openssh-7.2p2/auth-passwd.c
+@@ -61,16 +61,18 @@ extern ServerOptions options;
+ #ifdef HAVE_LOGIN_CAP
+ extern login_cap_t *lc;
+ #endif
+ 
+ 
+ #define DAY		(24L * 60 * 60) /* 1 day in seconds */
+ #define TWO_WEEKS	(2L * 7 * DAY)	/* 2 weeks in seconds */
+ 
++#define MAX_PASSWORD_LEN	1024
++
+ void
+ disable_forwarding(void)
+ {
+ 	no_port_forwarding_flag = 1;
+ 	no_agent_forwarding_flag = 1;
+ 	no_x11_forwarding_flag = 1;
+ }
+ 
+@@ -82,16 +84,19 @@ int
+ auth_password(Authctxt *authctxt, const char *password)
+ {
+ 	struct passwd * pw = authctxt->pw;
+ 	int result, ok = authctxt->valid;
+ #if defined(USE_SHADOW) && defined(HAS_SHADOW_EXPIRE)
+ 	static int expire_checked = 0;
+ #endif
+ 
++	if (strlen(password) > MAX_PASSWORD_LEN)
++		return 0;
++
+ #ifndef HAVE_CYGWIN
+ 	if (pw->pw_uid == 0 && options.permit_root_login != PERMIT_YES)
+ 		ok = 0;
+ #endif
+ 	if (*password == '\0' && options.permit_empty_passwd == 0)
+ 		return 0;
+ 
+ #ifdef KRB5

openssh-7.2p2-login_options.patch

@@ -1,5 +1,5 @@
 # HG changeset patch
-# Parent  a2ec408c99eefdd4c23f01eafddb0ce786514f50
+# Parent  295ae9c5f5da12d273f3b91e90145b449984a7dc
 # HG changeset patch
 # Parent  b262fd34c8ecd55e93d457b3ca5593abce716856
 # login-pam cannot handle the option terminator "--" as login from util-linux

openssh-7.2p2-no_fork-no_pid_file.patch

@@ -1,11 +1,11 @@
 # HG changeset patch
-# Parent  09a93433f5bb8baff0dce629c75f96357e3b1055
+# Parent  7ce81a30bb196401c63782b646d8a6d511ddec4b
 Do not write a PID file when not daemonizing (e.g. when running from systemd)
 
 diff --git a/openssh-7.2p2/sshd.c b/openssh-7.2p2/sshd.c
 --- a/openssh-7.2p2/sshd.c
 +++ b/openssh-7.2p2/sshd.c
-@@ -2104,17 +2104,17 @@ main(int ac, char **av)
+@@ -2107,17 +2107,17 @@ main(int ac, char **av)
  		signal(SIGCHLD, main_sigchld_handler);
  		signal(SIGTERM, sigterm_handler);
  		signal(SIGQUIT, sigterm_handler);

openssh-7.2p2-pam_check_locks.patch

@@ -1,5 +1,5 @@
 # HG changeset patch
-# Parent  2b2855c68e979299aee899a7cb6e4aa57a828668
+# Parent  ac7f843cd7ebec413691d51823cdc67b611abdff
 new option UsePAMCheckLocks to enforce checking for locked accounts while
 UsePAM is used
 

openssh-7.2p2-prevent_timing_user_enumeration.patch

@@ -0,0 +1,264 @@
+# HG changeset patch
+# Parent  323ac0fc20b1d5e9bf7037e020adfd760dd2d5f2
+Prevent user enumeration through password processing timing
+CVE-2016-6210
+bsc#989363
+
+non-PAM part:
+upstream commit: 9286875a73b2de7736b5e50692739d314cd8d9dc
+
+PAM part:
+upstream commit: 283b97ff33ea2c641161950849931bd578de6946
+
+diff --git a/openssh-7.2p2/auth-pam.c b/openssh-7.2p2/auth-pam.c
+--- a/openssh-7.2p2/auth-pam.c
++++ b/openssh-7.2p2/auth-pam.c
+@@ -227,17 +227,16 @@ static pam_handle_t *sshpam_handle = NUL
+ static int sshpam_err = 0;
+ static int sshpam_authenticated = 0;
+ static int sshpam_session_open = 0;
+ static int sshpam_cred_established = 0;
+ static int sshpam_account_status = -1;
+ static char **sshpam_env = NULL;
+ static Authctxt *sshpam_authctxt = NULL;
+ static const char *sshpam_password = NULL;
+-static char badpw[] = "\b\n\r\177INCORRECT";
+ 
+ /* Some PAM implementations don't implement this */
+ #ifndef HAVE_PAM_GETENVLIST
+ static char **
+ pam_getenvlist(pam_handle_t *pamh)
+ {
+ 	/*
+ 	 * XXX - If necessary, we can still support envrionment passing
+@@ -807,22 +806,45 @@ sshpam_query(void *ctx, char **name, cha
+ 			free(msg);
+ 			ctxt->pam_done = -1;
+ 			return (-1);
+ 		}
+ 	}
+ 	return (-1);
+ }
+ 
++/*
++ * Returns a junk password of identical length to that the user supplied.
++ * Used to mitigate timing attacks against crypt(3)/PAM stacks that
++ * vary processing time in proportion to password length.
++ */
++static char *
++fake_password(const char *wire_password)
++{
++	const char junk[] = "\b\n\r\177INCORRECT";
++	char *ret = NULL;
++	size_t i, l = wire_password != NULL ? strlen(wire_password) : 0;
++
++	if (l >= INT_MAX)
++		fatal("%s: password length too long: %zu", __func__, l);
++
++	ret = xmalloc(l + 1);
++	for (i = 0; i < l; i++)
++		ret[i] = junk[i % (sizeof(junk) - 1)];
++	ret[i] = '\0';
++	return ret;
++}
++
+ /* XXX - see also comment in auth-chall.c:verify_response */
+ static int
+ sshpam_respond(void *ctx, u_int num, char **resp)
+ {
+ 	Buffer buffer;
+ 	struct pam_ctxt *ctxt = ctx;
++	char *fake;
+ 
+ 	debug2("PAM: %s entering, %u responses", __func__, num);
+ 	switch (ctxt->pam_done) {
+ 	case 1:
+ 		sshpam_authenticated = 1;
+ 		return (0);
+ 	case 0:
+ 		break;
+@@ -833,18 +855,21 @@ sshpam_respond(void *ctx, u_int num, cha
+ 		error("PAM: expected one response, got %u", num);
+ 		return (-1);
+ 	}
+ 	buffer_init(&buffer);
+ 	if (sshpam_authctxt->valid &&
+ 	    (sshpam_authctxt->pw->pw_uid != 0 ||
+ 	    options.permit_root_login == PERMIT_YES))
+ 		buffer_put_cstring(&buffer, *resp);
+-	else
+-		buffer_put_cstring(&buffer, badpw);
++	else {
++		fake = fake_password(*resp);
++		buffer_put_cstring(&buffer, fake);
++		free(fake);
++	}
+ 	if (ssh_msg_send(ctxt->pam_psock, PAM_AUTHTOK, &buffer) == -1) {
+ 		buffer_free(&buffer);
+ 		return (-1);
+ 	}
+ 	buffer_free(&buffer);
+ 	return (1);
+ }
+ 
+@@ -1178,41 +1203,43 @@ static struct pam_conv passwd_conv = { s
+ /*
+  * Attempt password authentication via PAM
+  */
+ int
+ sshpam_auth_passwd(Authctxt *authctxt, const char *password)
+ {
+ 	int flags = (options.permit_empty_passwd == 0 ?
+ 	    PAM_DISALLOW_NULL_AUTHTOK : 0);
++	char *fake = NULL;
+ 
+ 	if (!options.use_pam || sshpam_handle == NULL)
+ 		fatal("PAM: %s called when PAM disabled or failed to "
+ 		    "initialise.", __func__);
+ 
+ 	sshpam_password = password;
+ 	sshpam_authctxt = authctxt;
+ 
+ 	/*
+ 	 * If the user logging in is invalid, or is root but is not permitted
+ 	 * by PermitRootLogin, use an invalid password to prevent leaking
+ 	 * information via timing (eg if the PAM config has a delay on fail).
+ 	 */
+ 	if (!authctxt->valid || (authctxt->pw->pw_uid == 0 &&
+ 	    options.permit_root_login != PERMIT_YES))
+-		sshpam_password = badpw;
++		sshpam_password = fake = fake_password(password);
+ 
+ 	sshpam_err = pam_set_item(sshpam_handle, PAM_CONV,
+ 	    (const void *)&passwd_conv);
+ 	if (sshpam_err != PAM_SUCCESS)
+ 		fatal("PAM: %s: failed to set PAM_CONV: %s", __func__,
+ 		    pam_strerror(sshpam_handle, sshpam_err));
+ 
+ 	sshpam_err = pam_authenticate(sshpam_handle, flags);
+ 	sshpam_password = NULL;
++	free(fake);
+ 	if (sshpam_err == PAM_SUCCESS && authctxt->valid) {
+ 		debug("PAM: password authentication accepted for %.100s",
+ 		    authctxt->user);
+ 		return 1;
+ 	} else {
+ 		debug("PAM: password authentication failed for %.100s: %s",
+ 		    authctxt->valid ? authctxt->user : "an illegal user",
+ 		    pam_strerror(sshpam_handle, sshpam_err));
+diff --git a/openssh-7.2p2/auth-passwd.c b/openssh-7.2p2/auth-passwd.c
+--- a/openssh-7.2p2/auth-passwd.c
++++ b/openssh-7.2p2/auth-passwd.c
+@@ -188,28 +188,32 @@ sys_auth_passwd(Authctxt *authctxt, cons
+ 		return (auth_close(as));
+ 	}
+ }
+ #elif !defined(CUSTOM_SYS_AUTH_PASSWD)
+ int
+ sys_auth_passwd(Authctxt *authctxt, const char *password)
+ {
+ 	struct passwd *pw = authctxt->pw;
+-	char *encrypted_password;
++	char *encrypted_password, *salt = NULL;
+ 
+ 	/* Just use the supplied fake password if authctxt is invalid */
+ 	char *pw_password = authctxt->valid ? shadow_pw(pw) : pw->pw_passwd;
+ 
+ 	/* Check for users with no password. */
+ 	if (strcmp(pw_password, "") == 0 && strcmp(password, "") == 0)
+ 		return (1);
+ 
+-	/* Encrypt the candidate password using the proper salt. */
+-	encrypted_password = xcrypt(password,
+-	    (pw_password[0] && pw_password[1]) ? pw_password : "xx");
++	/*
++	 * Encrypt the candidate password using the proper salt, or pass a
++	 * NULL and let xcrypt pick one.
++	 */
++	if (authctxt->valid && pw_password[0] && pw_password[1])
++		salt = pw_password;
++	encrypted_password = xcrypt(password, salt);
+ 
+ 	/*
+ 	 * Authentication is accepted if the encrypted passwords
+ 	 * are identical.
+ 	 */
+ 	return encrypted_password != NULL &&
+ 	    strcmp(encrypted_password, pw_password) == 0;
+ }
+diff --git a/openssh-7.2p2/openbsd-compat/xcrypt.c b/openssh-7.2p2/openbsd-compat/xcrypt.c
+--- a/openssh-7.2p2/openbsd-compat/xcrypt.c
++++ b/openssh-7.2p2/openbsd-compat/xcrypt.c
+@@ -20,16 +20,17 @@
+  * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+  * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+  */
+ 
+ #include "includes.h"
+ 
+ #include <sys/types.h>
++#include <string.h>
+ #include <unistd.h>
+ #include <pwd.h>
+ 
+ # if defined(HAVE_CRYPT_H) && !defined(HAVE_SECUREWARE)
+ #  include <crypt.h>
+ # endif
+ 
+ # ifdef __hpux
+@@ -57,21 +58,54 @@
+ #  include "md5crypt.h"
+ # endif
+ 
+ # if defined(WITH_OPENSSL) && !defined(HAVE_CRYPT) && defined(HAVE_DES_CRYPT)
+ #  include <openssl/des.h>
+ #  define crypt DES_crypt
+ # endif
+ 
++/*
++ * Pick an appropriate password encryption type and salt for the running
++ * system.
++ */
++static const char *
++pick_salt(void)
++{
++	struct passwd *pw;
++	char *passwd, *p;
++	size_t typelen;
++	static char salt[32];
++
++	if (salt[0] != '\0')
++		return salt;
++	strlcpy(salt, "xx", sizeof(salt));
++	if ((pw = getpwuid(0)) == NULL)
++		return salt;
++	passwd = shadow_pw(pw);
++	if (passwd[0] != '$' || (p = strrchr(passwd + 1, '$')) == NULL)
++		return salt;  /* no $, DES */
++	typelen = p - passwd + 1;
++	strlcpy(salt, passwd, MIN(typelen, sizeof(salt)));
++	explicit_bzero(passwd, strlen(passwd));
++	return salt;
++}
++
+ char *
+ xcrypt(const char *password, const char *salt)
+ {
+ 	char *crypted;
+ 
++	/*
++	 * If we don't have a salt we are encrypting a fake password for
++	 * for timing purposes.  Pick an appropriate salt.
++	 */
++	if (salt == NULL)
++		salt = pick_salt();
++
+ # ifdef HAVE_MD5_PASSWORDS
+         if (is_md5_salt(salt))
+                 crypted = md5_crypt(password, salt);
+         else
+                 crypted = crypt(password, salt);
+ # elif defined(__hpux) && !defined(HAVE_SECUREWARE)
+ 	if (iscomsec())
+                 crypted = bigcrypt(password, salt);

openssh-7.2p2-pts_names_formatting.patch

@@ -1,5 +1,5 @@
 # HG changeset patch
-# Parent  c08afc8b92580b589ea02d84cf3d29be257ec103
+# Parent  787bc0aab11e5a7b6510c8dbf771958743ca25b0
 # use same lines naming as utempter (prevents problems with using different
 # formats in ?tmp? files)
 # --used to be called '-pts'

openssh-7.2p2-remove_xauth_cookies_on_exit.patch

@@ -1,5 +1,5 @@
 # HG changeset patch
-# Parent  ff8f0a192e120430204441cdcd18ff130f85a61e
+# Parent  18c2690afd988b9cb0fd0fa927d02cf5336dce9c
 # --used to be called '-xauth'
 try to remove xauth cookies on logout
 

openssh-7.2p2-seccomp_getuid.patch

@@ -1,5 +1,5 @@
 # HG changeset patch
-# Parent  80f5b9b81269880fbc12bcbc5830fe2044baf894
+# Parent  c66097e5e31cd607bf2206b2da95730cce518b7a
 add 'getuid' syscall to list of allowed ones to prevent the sanboxed thread
 from being killed by the seccomp filter
 

openssh-7.2p2-seccomp_stat.patch

@@ -1,5 +1,5 @@
 # HG changeset patch
-# Parent  f8357691112e6b15424f506f7ab6c417f5aa6f9e
+# Parent  def949a57b8101691c79ecce6366cc7ae1685b07
 Allow the stat() syscall for OpenSSL re-seed patch
 (which causes OpenSSL use stat() on some file)
 

openssh-7.2p2-seed-prng.patch

@@ -1,5 +1,5 @@
 # HG changeset patch
-# Parent  ea1ef0bb63e77f14c91b2b417f1b8c3383b2835f
+# Parent  6ece65e11f754d75dd33d72b6f8e487a9d047f2e
 # extended support for (re-)seeding the OpenSSL PRNG from /dev/random
 # bnc#703221, FATE#312172
 

openssh-7.2p2-send_locale.patch

@@ -1,5 +1,5 @@
 # HG changeset patch
-# Parent  5bcf5f230ccaec7b9c9398cc6b4193574559861d
+# Parent  dfcac093fca4d826a806b9d1c0bdc26e7ae8ee8e
 send locales in default configuration
 bnc#65747
 

openssh-7.2p2-sftp_force_permissions.patch

@@ -1,5 +1,5 @@
 # HG changeset patch
-# Parent  7951ad8c720728b382cfaa32e3d7a549126a1496
+# Parent  efa850d8312ceef224dbec0f2ae1002201afabd9
 additional option for sftp-server to force file mode for new files
 FATE#312774
 http://lists.mindrot.org/pipermail/openssh-unix-dev/2010-November/029044.html

openssh-7.2p2-sftp_homechroot.patch

@@ -1,5 +1,5 @@
 # HG changeset patch
-# Parent  2f269fe1cd176bc5ff833819e1b04f1d96f13144
+# Parent  9b1033f35a6cb173fbc13416065ed40c4b14e656
 run sftp sessions inside a chroot
 
 diff --git a/openssh-7.2p2/session.c b/openssh-7.2p2/session.c

openssh.changes

@@ -1,6 +1,8 @@
 -------------------------------------------------------------------
 Thu Sep 29 23:27:49 UTC 2016 - pcerny@suse.com
 
+- remaining patches that were still missing
+  since the update to 7.2p2 (FATE#319675):
 - allow X forwarding over IPv4 when IPv6 sockets is not available
   [openssh-7.2p2-X_forward_with_disabled_ipv6.patch]
 - do not write PID file when not daemonizing
@@ -13,7 +15,7 @@ Thu Sep 29 23:27:49 UTC 2016 - pcerny@suse.com
 - allow forcing permissions over sftp
   [openssh-7.2p2-sftp_force_permissions.patch]
 - do not perform run-time checks for OpenSSL API/ABI change
-  [openssh-7.2p2-disable-openssl-abi-check.patch]
+  [openssh-7.2p2-disable_openssl_abi_check.patch]
 - suggest commands for cleaning known hosts file
   [openssh-7.2p2-host_ident.patch]
 - sftp home chroot patch
@@ -22,6 +24,19 @@ Thu Sep 29 23:27:49 UTC 2016 - pcerny@suse.com
   [openssh-7.2p2-audit.patch]
 - enable seccomp sandbox on additional architectures
   [openssh-7.2p2-additional_seccomp_archs.patch]
+- fix forwarding with IPv6 addresses in DISPLAY (bnc#847710)
+  [openssh-7.2p2-IPv6_X_forwarding.patch]
+- ignore PAM environment when using login
+  (bsc#975865, CVE-2015-8325)
+  [openssh-7.2p2-ignore_PAM_with_UseLogin.patch]
+- limit accepted password length (prevents possible DoS)
+  (bsc#992533, CVE-2016-6515)
+  [openssh-7.2p2-limit_password_length.patch]
+- Prevent user enumeration through the timing of password
+  processing (bsc#989363, CVE-2016-6210)
+  [openssh-7.2p2-prevent_timing_user_enumeration.patch]
+- Add auditing for PRNG re-seeding
+  [openssh-7.2p2-audit_seed_prng.patch]
 
 -------------------------------------------------------------------
 Fri Sep 16 12:45:11 UTC 2016 - pcerny@suse.com

openssh.spec

@@ -53,11 +53,9 @@
 %endif
 
 %define sandbox_seccomp 0
-%ifarch %ix86 x86_64
 %if 0%{?suse_version} > 1220
 %define sandbox_seccomp 1
 %endif
-%endif
 
 %define _fwdir   %{_sysconfdir}/sysconfig/SuSEfirewall2.d
 %define _fwdefdir   %{_fwdir}/services
@@ -132,15 +130,20 @@ Patch16:        openssh-7.2p2-fips.patch
 Patch17:        openssh-7.2p2-seed-prng.patch
 Patch18:        openssh-7.2p2-gssapi_key_exchange.patch
 Patch19:        openssh-7.2p2-audit.patch
-Patch20:        openssh-7.2p2-login_options.patch
-Patch21:        openssh-7.2p2-disable-openssl-abi-check.patch
-Patch22:        openssh-7.2p2-no_fork-no_pid_file.patch
-Patch23:        openssh-7.2p2-host_ident.patch
-Patch24:        openssh-7.2p2-sftp_homechroot.patch
-Patch25:        openssh-7.2p2-sftp_force_permissions.patch
-Patch26:        openssh-7.2p2-X_forward_with_disabled_ipv6.patch
-Patch27:        openssh-7.2p2-ldap.patch
-Patch28:        openssh-7.2p2-additional_seccomp_archs.patch
+Patch20:        openssh-7.2p2-audit_seed_prng.patch
+Patch21:        openssh-7.2p2-login_options.patch
+Patch22:        openssh-7.2p2-disable_openssl_abi_check.patch
+Patch23:        openssh-7.2p2-no_fork-no_pid_file.patch
+Patch24:        openssh-7.2p2-host_ident.patch
+Patch25:        openssh-7.2p2-sftp_homechroot.patch
+Patch26:        openssh-7.2p2-sftp_force_permissions.patch
+Patch27:        openssh-7.2p2-X_forward_with_disabled_ipv6.patch
+Patch28:        openssh-7.2p2-ldap.patch
+Patch29:        openssh-7.2p2-additional_seccomp_archs.patch
+Patch30:        openssh-7.2p2-IPv6_X_forwarding.patch
+Patch31:        openssh-7.2p2-ignore_PAM_with_UseLogin.patch
+Patch32:        openssh-7.2p2-prevent_timing_user_enumeration.patch
+Patch33:        openssh-7.2p2-limit_password_length.patch
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 Conflicts:      nonfreessh
 Recommends:     audit
@@ -221,13 +224,18 @@ FIPS140 CAVS tests related parts of the OpenSSH package
 %patch26 -p2
 %patch27 -p2
 %patch28 -p2
+%patch29 -p2
+%patch30 -p2
+%patch31 -p2
+%patch32 -p2
+%patch33 -p2
 cp %{SOURCE3} %{SOURCE4} %{SOURCE11} .
 
 %build
 # set libexec dir in the LDAP patch
 sed -i.libexec 's,@LIBEXECDIR@,%{_libexecdir}/ssh,' \
     $( grep -Rl @LIBEXECDIR@ \
-        $( grep "^+++" %{PATCH27} | sed -r 's@^.+/([^/\t ]+).*$@\1@' )
+        $( grep "^+++" %{PATCH28} | sed -r 's@^.+/([^/\t ]+).*$@\1@' )
     )
 
 autoreconf -fiv