Mercurial Mercurial > upstream > oracle > userland-gate / annotate
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
components/openssh/patches/035-disable_roaming.patch
author Tomas Kuthan <tomas.kuthan@oracle.com>
Thu, 14 Jan 2016 01:39:32 -0800
changeset 5270 00c5358f9f1d
permissions -rw-r--r--
22541411 problem in UTILITY/OPENSSH 22541467 problem in UTILITY/OPENSSH
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
5270
00c5358f9f1d 22541411 problem in UTILITY/OPENSSH
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
diff changeset 
     1
 
#
00c5358f9f1d 22541411 problem in UTILITY/OPENSSH
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
diff changeset 
     2
 
# This is to fix two vulnerabilities in experimental client roaming code.
00c5358f9f1d 22541411 problem in UTILITY/OPENSSH
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
diff changeset 
     3
 
#
00c5358f9f1d 22541411 problem in UTILITY/OPENSSH
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
diff changeset 
     4
 
# CVE numbers CVE-2016-0777 and CVE-2016-0778 have been reserved
00c5358f9f1d 22541411 problem in UTILITY/OPENSSH
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
diff changeset 
     5
 
# for these problems, but not officially issued yet. This fix came from
00c5358f9f1d 22541411 problem in UTILITY/OPENSSH
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
diff changeset 
     6
 
# OpenSSH upstream and will be included in future OpenSSH 7.1p2 release.
00c5358f9f1d 22541411 problem in UTILITY/OPENSSH
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
diff changeset 
     7
 
# The fix completely disables roaming on the client.
00c5358f9f1d 22541411 problem in UTILITY/OPENSSH
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
diff changeset 
     8
 
#
00c5358f9f1d 22541411 problem in UTILITY/OPENSSH
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
diff changeset 
     9
 
# When we upgrade OpenSSH to 7.1p2 or higher in the future, we will remove
00c5358f9f1d 22541411 problem in UTILITY/OPENSSH
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
diff changeset 
    10
 
# this patch.
00c5358f9f1d 22541411 problem in UTILITY/OPENSSH
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
diff changeset 
    11
 
#
00c5358f9f1d 22541411 problem in UTILITY/OPENSSH
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
diff changeset 
    12
 
diff -pur old/readconf.c new/readconf.c
00c5358f9f1d 22541411 problem in UTILITY/OPENSSH
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
diff changeset 
    13
 
--- old/readconf.c
00c5358f9f1d 22541411 problem in UTILITY/OPENSSH
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
diff changeset 
    14
 
+++ new/readconf.c
00c5358f9f1d 22541411 problem in UTILITY/OPENSSH
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
diff changeset 
    15
 
@@ -1716,7 +1716,7 @@ initialize_options(Options * options)
00c5358f9f1d 22541411 problem in UTILITY/OPENSSH
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
diff changeset 
    16
 
 	options->tun_remote = -1;
00c5358f9f1d 22541411 problem in UTILITY/OPENSSH
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
diff changeset 
    17
 
 	options->local_command = NULL;
00c5358f9f1d 22541411 problem in UTILITY/OPENSSH
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
diff changeset 
    18
 
 	options->permit_local_command = -1;
00c5358f9f1d 22541411 problem in UTILITY/OPENSSH
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
diff changeset 
    19
 
-	options->use_roaming = -1;
00c5358f9f1d 22541411 problem in UTILITY/OPENSSH
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
diff changeset 
    20
 
+	options->use_roaming = 0;
00c5358f9f1d 22541411 problem in UTILITY/OPENSSH
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
diff changeset 
    21
 
 	options->visual_host_key = -1;
00c5358f9f1d 22541411 problem in UTILITY/OPENSSH
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
diff changeset 
    22
 
 	options->ip_qos_interactive = -1;
00c5358f9f1d 22541411 problem in UTILITY/OPENSSH
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
diff changeset 
    23
 
 	options->ip_qos_bulk = -1;
00c5358f9f1d 22541411 problem in UTILITY/OPENSSH
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
diff changeset 
    24
 
@@ -1908,8 +1908,7 @@ fill_default_options(Options * options)
00c5358f9f1d 22541411 problem in UTILITY/OPENSSH
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
diff changeset 
    25
 
 		options->tun_remote = SSH_TUNID_ANY;
00c5358f9f1d 22541411 problem in UTILITY/OPENSSH
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
diff changeset 
    26
 
 	if (options->permit_local_command == -1)
00c5358f9f1d 22541411 problem in UTILITY/OPENSSH
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
diff changeset 
    27
 
 		options->permit_local_command = 0;
00c5358f9f1d 22541411 problem in UTILITY/OPENSSH
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
diff changeset 
    28
 
-	if (options->use_roaming == -1)
00c5358f9f1d 22541411 problem in UTILITY/OPENSSH
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
diff changeset 
    29
 
-		options->use_roaming = 1;
00c5358f9f1d 22541411 problem in UTILITY/OPENSSH
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
diff changeset 
    30
 
+	options->use_roaming = 0;
00c5358f9f1d 22541411 problem in UTILITY/OPENSSH
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
diff changeset 
    31
 
 	if (options->visual_host_key == -1)
00c5358f9f1d 22541411 problem in UTILITY/OPENSSH
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
diff changeset 
    32
 
 		options->visual_host_key = 0;
00c5358f9f1d 22541411 problem in UTILITY/OPENSSH
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
diff changeset 
    33
 
 	if (options->ip_qos_interactive == -1)
upstream/oracle/userland-gate