# HG changeset patch # User Tomas Kuthan # Date 1452764372 28800 # Node ID 00c5358f9f1d913f5005a97e24d468e23c917211 # Parent df2b37609598f1174bf47a75aa736dbe01ed0d14 22541411 problem in UTILITY/OPENSSH 22541467 problem in UTILITY/OPENSSH diff -r df2b37609598 -r 00c5358f9f1d components/openssh/patches/035-disable_roaming.patch --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/components/openssh/patches/035-disable_roaming.patch Thu Jan 14 01:39:32 2016 -0800 @@ -0,0 +1,33 @@ +# +# This is to fix two vulnerabilities in experimental client roaming code. +# +# CVE numbers CVE-2016-0777 and CVE-2016-0778 have been reserved +# for these problems, but not officially issued yet. This fix came from +# OpenSSH upstream and will be included in future OpenSSH 7.1p2 release. +# The fix completely disables roaming on the client. +# +# When we upgrade OpenSSH to 7.1p2 or higher in the future, we will remove +# this patch. +# +diff -pur old/readconf.c new/readconf.c +--- old/readconf.c ++++ new/readconf.c +@@ -1716,7 +1716,7 @@ initialize_options(Options * options) + options->tun_remote = -1; + options->local_command = NULL; + options->permit_local_command = -1; +- options->use_roaming = -1; ++ options->use_roaming = 0; + options->visual_host_key = -1; + options->ip_qos_interactive = -1; + options->ip_qos_bulk = -1; +@@ -1908,8 +1908,7 @@ fill_default_options(Options * options) + options->tun_remote = SSH_TUNID_ANY; + if (options->permit_local_command == -1) + options->permit_local_command = 0; +- if (options->use_roaming == -1) +- options->use_roaming = 1; ++ options->use_roaming = 0; + if (options->visual_host_key == -1) + options->visual_host_key = 0; + if (options->ip_qos_interactive == -1)