File openssh-6.6p1-disable_DH_under_1536b.patch of Package openssh.890

# HG changeset patch
# Parent  49d6f0c7bd349c3ca1ce4c67a7b6b507823f3d3c

Raise minimal size of DH group parameters to 1536bits. 1024b values are
believed to be in breaking range for state adversaries and the default moduli
shipped with openssh have been around long enough to make it more likely for
them to be broken.

CVE-2015-4000 (LOGJAM)
bsc#932483

diff --git a/openssh-6.6p1/dh.h b/openssh-6.6p1/dh.h
--- a/openssh-6.6p1/dh.h
+++ b/openssh-6.6p1/dh.h
@@ -39,17 +39,17 @@ DH	*dh_new_group1(void);
 DH	*dh_new_group14(void);
 
 void	 dh_gen_key(DH *, int);
 int	 dh_pub_is_valid(DH *, BIGNUM *);
 
 int	 dh_estimate(int);
 
 /* Min and max values from RFC4419. */
-#define DH_GRP_MIN	1024
+#define DH_GRP_MIN	1536
 #define DH_GRP_MIN_FIPS	2048
 #define DH_GRP_MAX	8192
 
 /*
  * Values for "type" field of moduli(5)
  * Specifies the internal structure of the prime modulus.
  */
 #define MODULI_TYPE_UNKNOWN		(0)