22541411 problem in UTILITY/OPENSSH
authorTomas Kuthan <tomas.kuthan@oracle.com>
Thu, 14 Jan 2016 01:39:32 -0800
changeset 5270 00c5358f9f1d
parent 5269 df2b37609598
child 5271 195e24ffa71a
22541411 problem in UTILITY/OPENSSH 22541467 problem in UTILITY/OPENSSH
components/openssh/patches/035-disable_roaming.patch
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/components/openssh/patches/035-disable_roaming.patch	Thu Jan 14 01:39:32 2016 -0800
@@ -0,0 +1,33 @@
+#
+# This is to fix two vulnerabilities in experimental client roaming code.
+#
+# CVE numbers CVE-2016-0777 and CVE-2016-0778 have been reserved
+# for these problems, but not officially issued yet. This fix came from
+# OpenSSH upstream and will be included in future OpenSSH 7.1p2 release.
+# The fix completely disables roaming on the client.
+#
+# When we upgrade OpenSSH to 7.1p2 or higher in the future, we will remove
+# this patch.
+#
+diff -pur old/readconf.c new/readconf.c
+--- old/readconf.c
++++ new/readconf.c
[email protected]@ -1716,7 +1716,7 @@ initialize_options(Options * options)
+ 	options->tun_remote = -1;
+ 	options->local_command = NULL;
+ 	options->permit_local_command = -1;
+-	options->use_roaming = -1;
++	options->use_roaming = 0;
+ 	options->visual_host_key = -1;
+ 	options->ip_qos_interactive = -1;
+ 	options->ip_qos_bulk = -1;
[email protected]@ -1908,8 +1908,7 @@ fill_default_options(Options * options)
+ 		options->tun_remote = SSH_TUNID_ANY;
+ 	if (options->permit_local_command == -1)
+ 		options->permit_local_command = 0;
+-	if (options->use_roaming == -1)
+-		options->use_roaming = 1;
++	options->use_roaming = 0;
+ 	if (options->visual_host_key == -1)
+ 		options->visual_host_key = 0;
+ 	if (options->ip_qos_interactive == -1)