untrusted comment: signature from openbsd 5.8 base secret key
RWQNNZXtC/MqP6rjUaBgKYiTVW4j3VNm8K+xHJWNBRj2AlI1BUgbXdjcBwflJh4I6D15KlJ71Be12bl81bhRbAb/UnmdCTqEFQg=

OpenBSD 5.8 errata 10, Jan 14, 2016:

Experimental roaming code in the ssh client could be tricked by a
hostile sshd server, potentially leaking key material.
CVE-2016-0777 and CVE-0216-0778.
Prevent this problem immediately by adding the line "UseRoaming no" to
/etc/ssh/ssh_config.

Apply by doing:
   signify -Vep /etc/signify/openbsd-58-base.pub -x 010_ssh.patch.sig \
       -m - | (cd /usr/src && patch -p0)

And then rebuild and install sshd:
   cd /usr/src/usr.bin/ssh
   make obj
   make depend
   make
   make install

Index: usr.bin/ssh/readconf.c
===================================================================
RCS file: /cvs/src/usr.bin/ssh/readconf.c,v
retrieving revision 1.239
diff -u -p -r1.239 readconf.c
--- usr.bin/ssh/readconf.c      30 Jul 2015 00:01:34 -0000      1.239
+++ usr.bin/ssh/readconf.c      13 Jan 2016 23:17:23 -0000
@@ -1648,7 +1648,7 @@ initialize_options(Options * options)
       options->tun_remote = -1;
       options->local_command = NULL;
       options->permit_local_command = -1;
-       options->use_roaming = -1;
+       options->use_roaming = 0;
       options->visual_host_key = -1;
       options->ip_qos_interactive = -1;
       options->ip_qos_bulk = -1;
@@ -1819,8 +1819,7 @@ fill_default_options(Options * options)
               options->tun_remote = SSH_TUNID_ANY;
       if (options->permit_local_command == -1)
               options->permit_local_command = 0;
-       if (options->use_roaming == -1)
-               options->use_roaming = 1;
+       options->use_roaming = 0;
       if (options->visual_host_key == -1)
               options->visual_host_key = 0;
       if (options->ip_qos_interactive == -1)
Index: usr.bin/ssh/ssh.c
===================================================================
RCS file: /cvs/src/usr.bin/ssh/ssh.c,v
retrieving revision 1.420
diff -u -p -r1.420 ssh.c
--- usr.bin/ssh/ssh.c   30 Jul 2015 00:01:34 -0000      1.420
+++ usr.bin/ssh/ssh.c   13 Jan 2016 23:17:23 -0000
@@ -1882,9 +1882,6 @@ ssh_session2(void)
                       fork_postauth();
       }

-       if (options.use_roaming)
-               request_roaming();
-
       return client_loop(tty_flag, tty_flag ?
           options.escape_char : SSH_ESCAPECHAR_NONE, id);
}

You are viewing proxied material from ftp.icm.edu.pl. The copyright of proxied material belongs to its original authors. Any comments or complaints in relation to proxied material should be directed to the original authors of the content concerned. Please see the disclaimer for more details.