--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/components/openssh/patches/035-disable_roaming.patch Thu Jan 14 01:39:32 2016 -0800
@@ -0,0 +1,33 @@
+#
+# This is to fix two vulnerabilities in experimental client roaming code.
+#
+# CVE numbers CVE-2016-0777 and CVE-2016-0778 have been reserved
+# for these problems, but not officially issued yet. This fix came from
+# OpenSSH upstream and will be included in future OpenSSH 7.1p2 release.
+# The fix completely disables roaming on the client.
+#
+# When we upgrade OpenSSH to 7.1p2 or higher in the future, we will remove
+# this patch.
+#
+diff -pur old/readconf.c new/readconf.c
+--- old/readconf.c
++++ new/readconf.c
[email protected]@ -1716,7 +1716,7 @@ initialize_options(Options * options)
+ options->tun_remote = -1;
+ options->local_command = NULL;
+ options->permit_local_command = -1;
+- options->use_roaming = -1;
++ options->use_roaming = 0;
+ options->visual_host_key = -1;
+ options->ip_qos_interactive = -1;
+ options->ip_qos_bulk = -1;
[email protected]@ -1908,8 +1908,7 @@ fill_default_options(Options * options)
+ options->tun_remote = SSH_TUNID_ANY;
+ if (options->permit_local_command == -1)
+ options->permit_local_command = 0;
+- if (options->use_roaming == -1)
+- options->use_roaming = 1;
++ options->use_roaming = 0;
+ if (options->visual_host_key == -1)
+ options->visual_host_key = 0;
+ if (options->ip_qos_interactive == -1)