--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/components/openssh/patches/009-CVE-2010-5107.patch Fri Dec 20 12:17:34 2013 -0800
@@ -0,0 +1,44 @@
+#
+# This is to fix the CVE-2010-5107 security bug. The bug fix code came from
+# OpenSSH and is in version 6.2 of OpenSSH. When we upgrade OpenSSH to
+# version 6.2 or later, we will remove this patch file.
+#
+--- orig/servconf.c Wed Feb 27 16:03:18 2013
++++ new/servconf.c Wed Feb 27 16:10:09 2013
+@@ -248,11 +248,11 @@
+ if (options->gateway_ports == -1)
+ options->gateway_ports = 0;
+ if (options->max_startups == -1)
+- options->max_startups = 10;
++ options->max_startups = 100;
+ if (options->max_startups_rate == -1)
+- options->max_startups_rate = 100; /* 100% */
++ options->max_startups_rate = 30; /* 30% */
+ if (options->max_startups_begin == -1)
+- options->max_startups_begin = options->max_startups;
++ options->max_startups_begin = 10;
+ if (options->max_authtries == -1)
+ options->max_authtries = DEFAULT_AUTH_FAIL_MAX;
+ if (options->max_sessions == -1)
+--- orig/sshd_config Wed Feb 27 16:05:01 2013
++++ new/sshd_config Wed Feb 27 16:11:50 2013
+@@ -104,7 +104,7 @@
+ #ClientAliveCountMax 3
+ #UseDNS yes
+ #PidFile /var/run/sshd.pid
+-#MaxStartups 10
++#MaxStartups 10:30:100
+ #PermitTunnel no
+ #ChrootDirectory none
+
+--- orig/sshd_config.5 Wed Feb 27 16:04:36 2013
++++ new/sshd_config.5 Wed Feb 27 16:15:03 2013
+@@ -745,7 +745,7 @@
+ Additional connections will be dropped until authentication succeeds or the
+ .Cm LoginGraceTime
+ expires for a connection.
+-The default is 10.
++The default is 10:30:100.
+ .Pp
+ Alternatively, random early drop can be enabled by specifying
+ the three colon separated values