Mercurial Mercurial > upstream > oracle > userland-gate / annotate
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
components/openssh/patches/009-CVE-2010-5107.patch
author Mike Sullivan <Mike.Sullivan@Oracle.COM>
Mon, 03 Mar 2014 23:00:33 -0800
changeset 1741 8e31d13070e7
parent 1612 3f2ec017627f
permissions -rw-r--r--
Added tag s12-43 for changeset d5b2d81eeedc
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
1612
3f2ec017627f PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff changeset 
     1
 
#
3f2ec017627f PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff changeset 
     2
 
# This is to fix the CVE-2010-5107 security bug.  The bug fix code came from
3f2ec017627f PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff changeset 
     3
 
# OpenSSH and is in version 6.2 of OpenSSH.  When we upgrade OpenSSH to
3f2ec017627f PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff changeset 
     4
 
# version 6.2 or later, we will remove this patch file.
3f2ec017627f PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff changeset 
     5
 
#
3f2ec017627f PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff changeset 
     6
 
--- orig/servconf.c	Wed Feb 27 16:03:18 2013
3f2ec017627f PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff changeset 
     7
 
+++ new/servconf.c	Wed Feb 27 16:10:09 2013
3f2ec017627f PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff changeset 
     8
 
@@ -248,11 +248,11 @@
3f2ec017627f PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff changeset 
     9
 
 	if (options->gateway_ports == -1)
3f2ec017627f PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff changeset 
    10
 
 		options->gateway_ports = 0;
3f2ec017627f PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff changeset 
    11
 
 	if (options->max_startups == -1)
3f2ec017627f PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff changeset 
    12
 
-		options->max_startups = 10;
3f2ec017627f PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff changeset 
    13
 
+		options->max_startups = 100;
3f2ec017627f PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff changeset 
    14
 
 	if (options->max_startups_rate == -1)
3f2ec017627f PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff changeset 
    15
 
-		options->max_startups_rate = 100;		/* 100% */
3f2ec017627f PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff changeset 
    16
 
+		options->max_startups_rate = 30;		/* 30% */
3f2ec017627f PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff changeset 
    17
 
 	if (options->max_startups_begin == -1)
3f2ec017627f PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff changeset 
    18
 
-		options->max_startups_begin = options->max_startups;
3f2ec017627f PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff changeset 
    19
 
+		options->max_startups_begin = 10;
3f2ec017627f PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff changeset 
    20
 
 	if (options->max_authtries == -1)
3f2ec017627f PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff changeset 
    21
 
 		options->max_authtries = DEFAULT_AUTH_FAIL_MAX;
3f2ec017627f PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff changeset 
    22
 
 	if (options->max_sessions == -1)
3f2ec017627f PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff changeset 
    23
 
--- orig/sshd_config	Wed Feb 27 16:05:01 2013
3f2ec017627f PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff changeset 
    24
 
+++ new/sshd_config	Wed Feb 27 16:11:50 2013
3f2ec017627f PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff changeset 
    25
 
@@ -104,7 +104,7 @@
3f2ec017627f PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff changeset 
    26
 
 #ClientAliveCountMax 3
3f2ec017627f PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff changeset 
    27
 
 #UseDNS yes
3f2ec017627f PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff changeset 
    28
 
 #PidFile /var/run/sshd.pid
3f2ec017627f PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff changeset 
    29
 
-#MaxStartups 10
3f2ec017627f PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff changeset 
    30
 
+#MaxStartups 10:30:100
3f2ec017627f PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff changeset 
    31
 
 #PermitTunnel no
3f2ec017627f PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff changeset 
    32
 
 #ChrootDirectory none
3f2ec017627f PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff changeset 
    33
3f2ec017627f PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff changeset 
    34
 
--- orig/sshd_config.5	Wed Feb 27 16:04:36 2013
3f2ec017627f PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff changeset 
    35
 
+++ new/sshd_config.5	Wed Feb 27 16:15:03 2013
3f2ec017627f PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff changeset 
    36
 
@@ -745,7 +745,7 @@
3f2ec017627f PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff changeset 
    37
 
 Additional connections will be dropped until authentication succeeds or the
3f2ec017627f PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff changeset 
    38
 
 .Cm LoginGraceTime
3f2ec017627f PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff changeset 
    39
 
 expires for a connection.
3f2ec017627f PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff changeset 
    40
 
-The default is 10.
3f2ec017627f PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff changeset 
    41
 
+The default is 10:30:100.
3f2ec017627f PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff changeset 
    42
 
 .Pp
3f2ec017627f PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff changeset 
    43
 
 Alternatively, random early drop can be enabled by specifying
3f2ec017627f PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff changeset 
    44
 
 the three colon separated values
upstream/oracle/userland-gate