Accepting request 231428 from network

- curve25519 key exchange fix (-curve25519-6.6.1p1.patch) - patch re-ordering (-audit3-key_auth_usage-fips.patch, -audit4-kex_results-fips.patch) (forwarded request 231427 from pcerny) OBS-URL: https://build.opensuse.org/request/show/231428 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/openssh?expand=0&rev=96
2014-04-26 15:02:02 +00:00 · 2014-04-26 15:02:02 +00:00 · c7fda0bd32
commit c7fda0bd32
parent 8d7787adc5 9fb40d132b
15 changed files with 255 additions and 29 deletions
--- a/openssh-6.6p1-X_forward_with_disabled_ipv6.patch
+++ b/openssh-6.6p1-X_forward_with_disabled_ipv6.patch
@ -1,5 +1,5 @@
 # HG changeset patch
-# Parent 73eb63cbbd603bf8c13995c478333c1b5a2a020a
+# Parent 1055b218140c3cc19228c47878a68740363d80dd
 Do not throw away already open sockets for X11 forwarding if another socket
 family is not available for bind()

--- a/openssh-6.6p1-audit2-better_audit_of_user_actions.patch
+++ b/openssh-6.6p1-audit2-better_audit_of_user_actions.patch
@ -849,7 +849,7 @@ diff --git a/openssh-6.6p1/session.h b/openssh-6.6p1/session.h
 diff --git a/openssh-6.6p1/sshd.c b/openssh-6.6p1/sshd.c
 --- a/openssh-6.6p1/sshd.c
 +++ b/openssh-6.6p1/sshd.c
-@@ -2529,13 +2529,14 @@ cleanup_exit(int i)
+@@ -2532,13 +2532,14 @@ cleanup_exit(int i)
 			if (kill(pmonitor->m_pid, SIGKILL) != 0 &&
 			    errno != ESRCH)
 				error("%s: kill(%d): %s", __func__,
--- a/openssh-6.6p1-audit3-key_auth_usage-fips.patch
+++ b/openssh-6.6p1-audit3-key_auth_usage-fips.patch
@ -1,5 +1,5 @@
 # HG changeset patch
-# Parent c487e15d91bc5cdfb0aedcf4d3c7fe4d0f309a73
+# Parent 5482d21e8bd06309af51dea77a5f3668859fb2a0

 diff --git a/openssh-6.6p1/auth-rsa.c b/openssh-6.6p1/auth-rsa.c
 --- a/openssh-6.6p1/auth-rsa.c
@ -11,7 +11,7 @@ diff --git a/openssh-6.6p1/auth-rsa.c b/openssh-6.6p1/auth-rsa.c
 	u_char buf[2 * SSH_DIGEST_MAX_LENGTH], mdbuf[SSH_DIGEST_MAX_LENGTH];
 	struct ssh_digest_ctx *md;
 	int len;
-     int dgst;
+ 	int dgst;
 	size_t dgst_len;
 +	int rv;
 +#ifdef SSH_AUDIT_EVENTS
--- a/openssh-6.6p1-audit4-kex_results-fips.patch
+++ b/openssh-6.6p1-audit4-kex_results-fips.patch
@ -1,5 +1,5 @@
 # HG changeset patch
-# Parent dec5efd68e0b652282f2b9b31f5999342123d33d
+# Parent 274a545b591567f1378c1086ad3ba40c911a8bd6

 diff --git a/openssh-6.6p1/Makefile.in b/openssh-6.6p1/Makefile.in
 --- a/openssh-6.6p1/Makefile.in
--- a/openssh-6.6p1-audit5-session_key_destruction.patch
+++ b/openssh-6.6p1-audit5-session_key_destruction.patch
@ -942,7 +942,7 @@ diff --git a/openssh-6.6p1/sshd.c b/openssh-6.6p1/sshd.c
 	verbose("Closing connection to %.500s port %d", remote_ip, remote_port);
 
 #ifdef USE_PAM
-@@ -2523,26 +2532,38 @@ do_ssh2_kex(void)
+@@ -2526,26 +2535,38 @@ do_ssh2_kex(void)
 #endif
 	debug("KEX done");
 }
--- a/openssh-6.6p1-audit6-server_key_destruction.patch
+++ b/openssh-6.6p1-audit6-server_key_destruction.patch
@ -721,7 +721,7 @@ diff --git a/openssh-6.6p1/sshd.c b/openssh-6.6p1/sshd.c
 	BN_clear_free(session_key_int);
 
 	/* Set the session key.  From this on all communications will be encrypted. */
-@@ -2553,16 +2603,18 @@ cleanup_exit(int i)
+@@ -2556,16 +2606,18 @@ cleanup_exit(int i)
 			debug("Killing privsep child %d", pmonitor->m_pid);
 			if (kill(pmonitor->m_pid, SIGKILL) != 0 &&
 			    errno != ESRCH)
--- a/openssh-6.6p1-curve25519-6.6.1p1.patch
+++ b/openssh-6.6p1-curve25519-6.6.1p1.patch
@ -0,0 +1,205 @@
+# Date: Sun, 20 Apr 2014 17:14:08 +1000 (EST)
+# From: Damien Miller <djm@mindrot.org>
+# To: openssh-unix-dev@mindrot.org
+# Subject: bad bignum encoding for curve25519-sha256@libssh.org
+# Message-ID: <alpine.BSO.2.11.1404201713390.26134@natsu.mindrot.org>
+#
+# Hi,
+#
+# So I screwed up when writing the support for the curve25519 KEX method
+# that doesn't depend on OpenSSL's BIGNUM type - a bug in my code left
+# leading zero bytes where they should have been skipped. The impact of
+# this is that OpenSSH 6.5 and 6.6 will fail during key exchange with a
+# peer that implements curve25519-sha256@libssh.org properly about 0.2%
+# of the time (one in every 512ish connections).
+#
+# We've fixed this for OpenSSH 6.7 by avoiding the curve25519-sha256
+# key exchange for previous versions, but I'd recommend distributors
+# of OpenSSH apply this patch so the affected code doesn't become
+# too entrenched in LTS releases.
+#
+# The patch fixes the bug and makes OpenSSH identify itself as 6.6.1 so as
+# to distinguish itself from the incorrect versions so the compatibility
+# code to disable the affected KEX isn't activated.
+#
+# I've committed this on the 6.6 branch too.
+#
+# Apologies for the hassle.
+#
+# -d
+
+diff --git a/openssh-6.6p1/bufaux.c b/openssh-6.6p1/bufaux.c
+--- a/openssh-6.6p1/bufaux.c
+++ b/openssh-6.6p1/bufaux.c
+@@ -1,9 +1,9 @@
+-/* $OpenBSD: bufaux.c,v 1.56 2014/02/02 03:44:31 djm Exp $ */
+/* $OpenBSD: bufaux.c,v 1.57 2014/04/16 23:22:45 djm Exp $ */
+ /*
+  * Author: Tatu Ylonen <ylo@cs.hut.fi>
+  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
+  *                    All rights reserved
+  * Auxiliary functions for storing and retrieving various data types to/from
+  * Buffers.
+  *
+  * As far as I am concerned, the code I have written for this software
+@@ -367,16 +367,19 @@ buffer_get_bignum2_as_string(Buffer *buf
+ void
+ buffer_put_bignum2_from_string(Buffer *buffer, const u_char *s, u_int l)
+ {
+ 	u_char *buf, *p;
+ 	int pad = 0;
+ 
+ 	if (l > 8 * 1024)
+ 		fatal("%s: length %u too long", __func__, l);
+	/* Skip leading zero bytes */
+	for (; l > 0 && *s == 0; l--, s++)
+		;
+ 	p = buf = xmalloc(l + 1);
+ 	/*
+ 	 * If most significant bit is set then prepend a zero byte to
+ 	 * avoid interpretation as a negative number.
+ 	 */
+ 	if (l > 0 && (s[0] & 0x80) != 0) {
+ 		*p++ = '\0';
+ 		pad = 1;
+diff --git a/openssh-6.6p1/compat.c b/openssh-6.6p1/compat.c
+--- a/openssh-6.6p1/compat.c
+++ b/openssh-6.6p1/compat.c
+@@ -90,16 +90,19 @@ compat_datafellows(const char *version)
+ 					SSH_OLD_FORWARD_ADDR},
+ 		{ "OpenSSH_2.*,"
+ 		  "OpenSSH_3.0*,"
+ 		  "OpenSSH_3.1*",	SSH_BUG_EXTEOF|SSH_OLD_FORWARD_ADDR},
+ 		{ "OpenSSH_3.*",	SSH_OLD_FORWARD_ADDR },
+ 		{ "Sun_SSH_1.0*",	SSH_BUG_NOREKEY|SSH_BUG_EXTEOF},
+ 		{ "OpenSSH_4*",		0 },
+ 		{ "OpenSSH_5*",		SSH_NEW_OPENSSH|SSH_BUG_DYNAMIC_RPORT},
+		{ "OpenSSH_6.6.1*",	SSH_NEW_OPENSSH},
+		{ "OpenSSH_6.5*,"
+		  "OpenSSH_6.6*",	SSH_NEW_OPENSSH|SSH_BUG_CURVE25519PAD},
+ 		{ "OpenSSH*",		SSH_NEW_OPENSSH },
+ 		{ "*MindTerm*",		0 },
+ 		{ "2.1.0*",		SSH_BUG_SIGBLOB|SSH_BUG_HMAC|
+ 					SSH_OLD_SESSIONID|SSH_BUG_DEBUG|
+ 					SSH_BUG_RSASIGMD5|SSH_BUG_HBSERVICE|
+ 					SSH_BUG_FIRSTKEX },
+ 		{ "2.1 *",		SSH_BUG_SIGBLOB|SSH_BUG_HMAC|
+ 					SSH_OLD_SESSIONID|SSH_BUG_DEBUG|
+@@ -246,22 +249,34 @@ compat_cipher_proposal(char *cipher_prop
+ 	debug2("%s: original cipher proposal: %s", __func__, cipher_prop);
+ 	cipher_prop = filter_proposal(cipher_prop, "aes*");
+ 	debug2("%s: compat cipher proposal: %s", __func__, cipher_prop);
+ 	if (*cipher_prop == '\0')
+ 		fatal("No supported ciphers found");
+ 	return cipher_prop;
+ }
+ 
+-
+ char *
+ compat_pkalg_proposal(char *pkalg_prop)
+ {
+ 	if (!(datafellows & SSH_BUG_RSASIGMD5))
+ 		return pkalg_prop;
+ 	debug2("%s: original public key proposal: %s", __func__, pkalg_prop);
+ 	pkalg_prop = filter_proposal(pkalg_prop, "ssh-rsa");
+ 	debug2("%s: compat public key proposal: %s", __func__, pkalg_prop);
+ 	if (*pkalg_prop == '\0')
+ 		fatal("No supported PK algorithms found");
+ 	return pkalg_prop;
+ }
+ 
+char *
+compat_kex_proposal(char *kex_prop)
+{
+	if (!(datafellows & SSH_BUG_CURVE25519PAD))
+		return kex_prop;
+	debug2("%s: original KEX proposal: %s", __func__, kex_prop);
+	kex_prop = filter_proposal(kex_prop, "curve25519-sha256@libssh.org");
+	debug2("%s: compat KEX proposal: %s", __func__, kex_prop);
+	if (*kex_prop == '\0')
+		fatal("No supported key exchange algorithms found");
+	return kex_prop;
+}
+
+diff --git a/openssh-6.6p1/compat.h b/openssh-6.6p1/compat.h
+--- a/openssh-6.6p1/compat.h
+++ b/openssh-6.6p1/compat.h
+@@ -54,20 +54,22 @@
+ #define SSH_BUG_DUMMYCHAN	0x00100000
+ #define SSH_BUG_EXTEOF		0x00200000
+ #define SSH_BUG_PROBE		0x00400000
+ #define SSH_BUG_FIRSTKEX	0x00800000
+ #define SSH_OLD_FORWARD_ADDR	0x01000000
+ #define SSH_BUG_RFWD_ADDR	0x02000000
+ #define SSH_NEW_OPENSSH		0x04000000
+ #define SSH_BUG_DYNAMIC_RPORT	0x08000000
+#define SSH_BUG_CURVE25519PAD	0x10000000
+ 
+ void     enable_compat13(void);
+ void     enable_compat20(void);
+ void     compat_datafellows(const char *);
+ int	 proto_spec(const char *);
+ char	*compat_cipher_proposal(char *);
+ char	*compat_pkalg_proposal(char *);
+char	*compat_kex_proposal(char *);
+ 
+ extern int compat13;
+ extern int compat20;
+ extern int datafellows;
+ #endif
+diff --git a/openssh-6.6p1/sshconnect2.c b/openssh-6.6p1/sshconnect2.c
+--- a/openssh-6.6p1/sshconnect2.c
+++ b/openssh-6.6p1/sshconnect2.c
+@@ -190,16 +190,18 @@ ssh_kex2(char *host, struct sockaddr *ho
+ 	else {
+ 		/* Prefer algorithms that we already have keys for */
+ 		myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] =
+ 		    compat_pkalg_proposal(
+ 		    order_hostkeyalgs(host, hostaddr, port));
+ 	}
+ 	if (options.kex_algorithms != NULL)
+ 		myproposal[PROPOSAL_KEX_ALGS] = options.kex_algorithms;
+	myproposal[PROPOSAL_KEX_ALGS] = compat_kex_proposal(
+	    myproposal[PROPOSAL_KEX_ALGS]);
+ 
+ 	if (options.rekey_limit || options.rekey_interval)
+ 		packet_set_rekey_limits((u_int32_t)options.rekey_limit,
+ 		    (time_t)options.rekey_interval);
+ 
+ 	/* start key exchange */
+ 	kex = kex_setup(myproposal);
+ 	kex->kex[KEX_DH_GRP1_SHA1] = kexdh_client;
+diff --git a/openssh-6.6p1/sshd.c b/openssh-6.6p1/sshd.c
+--- a/openssh-6.6p1/sshd.c
+++ b/openssh-6.6p1/sshd.c
+@@ -2457,16 +2457,19 @@ do_ssh2_kex(void)
+ 		myproposal[PROPOSAL_COMP_ALGS_STOC] = "none";
+ 	} else if (options.compression == COMP_DELAYED) {
+ 		myproposal[PROPOSAL_COMP_ALGS_CTOS] =
+ 		myproposal[PROPOSAL_COMP_ALGS_STOC] = "none,zlib@openssh.com";
+ 	}
+ 	if (options.kex_algorithms != NULL)
+ 		myproposal[PROPOSAL_KEX_ALGS] = options.kex_algorithms;
+ 
+	myproposal[PROPOSAL_KEX_ALGS] = compat_kex_proposal(
+	    myproposal[PROPOSAL_KEX_ALGS]);
+
+ 	if (options.rekey_limit || options.rekey_interval)
+ 		packet_set_rekey_limits((u_int32_t)options.rekey_limit,
+ 		    (time_t)options.rekey_interval);
+ 
+ 	myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = compat_pkalg_proposal(
+ 	    list_hostkey_types());
+ 
+ 	/* start key exchange */
+diff --git a/openssh-6.6p1/version.h b/openssh-6.6p1/version.h
+--- a/openssh-6.6p1/version.h
+++ b/openssh-6.6p1/version.h
+@@ -1,6 +1,6 @@
+ /* $OpenBSD: version.h,v 1.70 2014/02/27 22:57:40 djm Exp $ */
+ 
+-#define SSH_VERSION	"OpenSSH_6.6"
+#define SSH_VERSION	"OpenSSH_6.6.1"
+ 
+ #define SSH_PORTABLE	"p1"
+ #define SSH_RELEASE	SSH_VERSION SSH_PORTABLE
--- a/openssh-6.6p1-fingerprint_hash.patch
+++ b/openssh-6.6p1-fingerprint_hash.patch
@ -1,5 +1,5 @@
 # HG changeset patch
-# Parent a3a898b117b0f726e6cc923f18463de8e45e74f5
+# Parent 8b2615db484b7061edd15f3bee36958f790f790e

 # select fingerprint hash algorithms based on the environment variable
 # SSH_FP_TYPE_ENVVAR and append it to hex and randomart fingerprints
@ -690,7 +690,7 @@ diff --git a/openssh-6.6p1/sshconnect.c b/openssh-6.6p1/sshconnect.c
 diff --git a/openssh-6.6p1/sshconnect2.c b/openssh-6.6p1/sshconnect2.c
 --- a/openssh-6.6p1/sshconnect2.c
 +++ b/openssh-6.6p1/sshconnect2.c
-@@ -577,17 +577,17 @@ input_userauth_pk_ok(int type, u_int32_t
+@@ -579,17 +579,17 @@ input_userauth_pk_ok(int type, u_int32_t
 		goto done;
 	}
 	if (key->type != pktype) {
@ -709,7 +709,7 @@ diff --git a/openssh-6.6p1/sshconnect2.c b/openssh-6.6p1/sshconnect2.c
 	 * moved to the end of the queue.  this also avoids confusion by
 	 * duplicate keys
 	 */
-@@ -988,17 +988,17 @@ sign_and_send_pubkey(Authctxt *authctxt,
+@@ -990,17 +990,17 @@ sign_and_send_pubkey(Authctxt *authctxt,
 	Buffer b;
 	u_char *blob, *signature;
 	u_int bloblen, slen;
--- a/openssh-6.6p1-fips-checks.patch
+++ b/openssh-6.6p1-fips-checks.patch
@ -1,5 +1,17 @@
 # HG changeset patch
-# Parent 12ad7b6077ef9c6b3a3a53b4f0084c3eb2f80fe7
+# Parent 717873621cf4991164c61caafd9ac07473231f10
+# Simple implementation of FIPS 140-2 selfchecks. Use OpenSSL to generate and
+# verify checksums of binaries. Any hash iused in OpenSSH can be used (MD5 would
+# obviously be a poor choice, since OpenSSL would barf and abort immediately in
+# FIPS mode). SHA-2 seems to be a reasonable choice.
+#
+# The logic of the checks is as follows: decide whether FIPS mode is mandated
+# (either by checking /proc/sys/crypto/fips_enabled or envoroinment variable
+# SSH_FORCE_FIPS. In FIPS mode, checksums are required to match (inability to
+# retrieve pre-calculated hash is a fatal error). In non-FIPS mode the checks
+# still must be performed, unless the hashes are not installed. Thus if the hash
+# file is not found (or the hash matches), proceed in non-FIPS mode and abort
+# otherwise.

 diff --git a/openssh-6.6p1/fips-check.c b/openssh-6.6p1/fips-check.c
 new file mode 100644
--- a/openssh-6.6p1-fips.patch
+++ b/openssh-6.6p1-fips.patch
@ -2,7 +2,7 @@
 # when OpenSSL is detected to be running in FIPS mode
 #
 # HG changeset patch
-# Parent ff04a9a96b7c41e99445c68d91911a9a1474ffa2
+# Parent 844066cb9c0ec2b10eb1ace7134f7bced7cc802d

 diff --git a/openssh-6.6p1/Makefile.in b/openssh-6.6p1/Makefile.in
 --- a/openssh-6.6p1/Makefile.in
@ -66,7 +66,7 @@ diff --git a/openssh-6.6p1/auth-rsa.c b/openssh-6.6p1/auth-rsa.c
 +	u_char buf[2 * SSH_DIGEST_MAX_LENGTH], mdbuf[SSH_DIGEST_MAX_LENGTH];
 	struct ssh_digest_ctx *md;
 	int len;
-+    int dgst;
+	int dgst;
 +	size_t dgst_len;
 
 	/* don't allow short keys */
@ -78,7 +78,7 @@ diff --git a/openssh-6.6p1/auth-rsa.c b/openssh-6.6p1/auth-rsa.c
 	}
 
 -	/* The response is MD5 of decrypted challenge plus session id. */
-+    dgst = fips_correct_dgst(SSH_DIGEST_MD5);
+	dgst = fips_correct_dgst(SSH_DIGEST_MD5);
 +	dgst_len = ssh_digest_bytes(dgst);
 +
 +	/* The response is a hash of decrypted challenge plus session id.
--- a/openssh-6.6p1-gssapi_key_exchange.patch
+++ b/openssh-6.6p1-gssapi_key_exchange.patch
@ -1,5 +1,5 @@
 # HG changeset patch
-# Parent b50b01e06558d268ae59e8be8c1a41fde44fc70d
+# Parent 0b2761bdc8c2071a11ca24387c3f58be2fdbaa5e

 diff --git a/openssh-6.6p1/ChangeLog.gssapi b/openssh-6.6p1/ChangeLog.gssapi
 new file mode 100644
@ -3239,14 +3239,14 @@ diff --git a/openssh-6.6p1/sshconnect2.c b/openssh-6.6p1/sshconnect2.c
 		myproposal[PROPOSAL_ENC_ALGS_CTOS] =
 		myproposal[PROPOSAL_ENC_ALGS_STOC] = options.ciphers;
 	} else if (fips_mode()) {
-@@ -203,32 +228,63 @@ ssh_kex2(char *host, struct sockaddr *ho
- 		/* Prefer algorithms that we already have keys for */
- 		myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] =
+@@ -205,32 +230,63 @@ ssh_kex2(char *host, struct sockaddr *ho
 		    compat_pkalg_proposal(
 		    order_hostkeyalgs(host, hostaddr, port));
 	}
 	if (options.kex_algorithms != NULL)
 		myproposal[PROPOSAL_KEX_ALGS] = options.kex_algorithms;
+ 	myproposal[PROPOSAL_KEX_ALGS] = compat_kex_proposal(
+ 	    myproposal[PROPOSAL_KEX_ALGS]);
 
 +#ifdef GSSAPI
 +	/* If we've got GSSAPI algorithms, then we also support the
@ -3291,7 +3291,7 @@ diff --git a/openssh-6.6p1/sshconnect2.c b/openssh-6.6p1/sshconnect2.c
 +			kex->gss_host = options.gss_server_identity;
 +		} else {
 +			kex->gss_host = gss_host;
-+        }
+		}
 +	}
 +#endif
 +
@ -3303,7 +3303,7 @@ diff --git a/openssh-6.6p1/sshconnect2.c b/openssh-6.6p1/sshconnect2.c
 		debug("Roaming not allowed by server");
 		options.use_roaming = 0;
 	}
-@@ -308,31 +364,37 @@ int	userauth_hostbased(Authctxt *);
+@@ -310,31 +366,37 @@ int	userauth_hostbased(Authctxt *);
 
 #ifdef GSSAPI
 int	userauth_gssapi(Authctxt *authctxt);
@ -3341,7 +3341,7 @@ diff --git a/openssh-6.6p1/sshconnect2.c b/openssh-6.6p1/sshconnect2.c
 	{"gssapi",
 		userauth_gssapi,
 		NULL,
-@@ -624,29 +686,41 @@ done:
+@@ -626,29 +688,41 @@ done:
 int
 userauth_gssapi(Authctxt *authctxt)
 {
@ -3385,7 +3385,7 @@ diff --git a/openssh-6.6p1/sshconnect2.c b/openssh-6.6p1/sshconnect2.c
 
 	if (!ok)
 		return 0;
-@@ -735,18 +809,18 @@ process_gssapi_token(void *ctxt, gss_buf
+@@ -737,18 +811,18 @@ process_gssapi_token(void *ctxt, gss_buf
 }
 
 /* ARGSUSED */
@ -3406,7 +3406,7 @@ diff --git a/openssh-6.6p1/sshconnect2.c b/openssh-6.6p1/sshconnect2.c
 	/* Setup our OID */
 	oidv = packet_get_string(&oidlen);
 
-@@ -845,16 +919,58 @@ input_gssapi_error(int type, u_int32_t p
+@@ -847,16 +921,58 @@ input_gssapi_error(int type, u_int32_t p
 	lang=packet_get_string(NULL);
 
 	packet_check_eom();
@ -3655,7 +3655,7 @@ diff --git a/openssh-6.6p1/sshd.c b/openssh-6.6p1/sshd.c
 	 * mode; it is just annoying to have the server exit just when you
 	 * are about to discover the bug.
 	 */
-@@ -2559,24 +2674,73 @@ do_ssh2_kex(void)
+@@ -2562,24 +2677,73 @@ do_ssh2_kex(void)
 
 	if (options.rekey_limit || options.rekey_interval)
 		packet_set_rekey_limits((u_int32_t)options.rekey_limit,
--- a/openssh-6.6p1-gssapimitm.patch
+++ b/openssh-6.6p1-gssapimitm.patch
@ -356,7 +356,7 @@ diff --git a/openssh-6.6p1/ssh_config b/openssh-6.6p1/ssh_config
 diff --git a/openssh-6.6p1/sshconnect2.c b/openssh-6.6p1/sshconnect2.c
 --- a/openssh-6.6p1/sshconnect2.c
 +++ b/openssh-6.6p1/sshconnect2.c
-@@ -316,16 +316,21 @@ static char *authmethods_get(void);
+@@ -318,16 +318,21 @@ static char *authmethods_get(void);
 
 Authmethod authmethods[] = {
 #ifdef GSSAPI
@ -378,7 +378,7 @@ diff --git a/openssh-6.6p1/sshconnect2.c b/openssh-6.6p1/sshconnect2.c
 		NULL},
 	{"publickey",
 		userauth_pubkey,
-@@ -683,17 +688,19 @@ process_gssapi_token(void *ctxt, gss_buf
+@@ -685,17 +690,19 @@ process_gssapi_token(void *ctxt, gss_buf
 
 		packet_put_string(send_tok.value, send_tok.length);
 		packet_send();
--- a/openssh-6.6p1-seccomp_getuid.patch
+++ b/openssh-6.6p1-seccomp_getuid.patch
@ -1,5 +1,5 @@
 # HG changeset patch
-# Parent 47040f4641d43b039f19c8c902b0259729bb88e2
+# Parent bde6f1a808f345e141a976ebc3e37903c81a09cb
 add 'getuid' syscall to list of allowed ones to prevent the sanboxed thread
 from being killed by the seccomp filter

--- a/openssh.changes
+++ b/openssh.changes
@ -1,3 +1,10 @@
+-------------------------------------------------------------------
+Thu Apr 24 01:33:45 UTC 2014 - pcerny@suse.com
+
+- curve25519 key exchange fix (-curve25519-6.6.1p1.patch)
+- patch re-ordering (-audit3-key_auth_usage-fips.patch,
+    -audit4-kex_results-fips.patch)
+
 -------------------------------------------------------------------
 Tue Apr 15 09:26:16 UTC 2014 - rhafer@suse.com

--- a/openssh.spec
+++ b/openssh.spec
@ -108,6 +108,7 @@ Source7:        sshd.fw
 Source8:        sysconfig.ssh
 Source9:        sshd-gen-keys-start
 Source10:       sshd.service
+Patch0:         openssh-6.6p1-curve25519-6.6.1p1.patch
 Patch1:         openssh-6.6p1-key-converter.patch
 Patch2:         openssh-6.6p1-X11-forwarding.patch
 Patch3:         openssh-6.6p1-lastlog.patch
@ -128,9 +129,9 @@ Patch17:        openssh-6.6p1-fips.patch
 Patch18:        openssh-6.6p1-audit1-remove_duplicit_audit.patch
 Patch19:        openssh-6.6p1-audit2-better_audit_of_user_actions.patch
 Patch20:        openssh-6.6p1-audit3-key_auth_usage.patch
-Patch21:        openssh-6.6p1-audit3_fips-key_auth_usage.patch
+Patch21:        openssh-6.6p1-audit3-key_auth_usage-fips.patch
 Patch22:        openssh-6.6p1-audit4-kex_results.patch
-Patch23:        openssh-6.6p1-audit4_fips-kex_results.patch
+Patch23:        openssh-6.6p1-audit4-kex_results-fips.patch
 Patch24:        openssh-6.6p1-audit5-session_key_destruction.patch
 Patch25:        openssh-6.6p1-audit6-server_key_destruction.patch
 Patch26:        openssh-6.6p1-audit7-libaudit_compat.patch
@ -180,6 +181,7 @@ cryptomodule.

 %prep
 %setup -q
+%patch0 -p2
 #patch1 -p2
 %patch2 -p2
 %patch3 -p2