From e6c85f8889c5c9eb04796fdb76d2807636b9eef5 Mon Sep 17 00:00:00 2001
From: Damien Miller <djm@mindrot.org>
Date: Fri, 15 Jan 2016 01:30:36 +1100
Subject: [PATCH] forcibly disable roaming support in the client


Upstream-Status: Backport
CVE: CVE-2016-0777
CVE: CVE-2016-0778

[Yocto #8935]

Signed-off-by: Armin Kuster <akuster@mvista.com>

---
 readconf.c | 5 ++---
 ssh.c      | 3 ---
 2 files changed, 2 insertions(+), 6 deletions(-)

Index: openssh-6.7p1/readconf.c
===================================================================
--- openssh-6.7p1.orig/readconf.c
+++ openssh-6.7p1/readconf.c
@@ -1597,7 +1597,7 @@ initialize_options(Options * options)
 	options->tun_remote = -1;
 	options->local_command = NULL;
 	options->permit_local_command = -1;
-	options->use_roaming = -1;
+	options->use_roaming = 0;
 	options->visual_host_key = -1;
 	options->ip_qos_interactive = -1;
 	options->ip_qos_bulk = -1;
@@ -1768,8 +1768,7 @@ fill_default_options(Options * options)
 		options->tun_remote = SSH_TUNID_ANY;
 	if (options->permit_local_command == -1)
 		options->permit_local_command = 0;
-	if (options->use_roaming == -1)
-		options->use_roaming = 1;
+	options->use_roaming = 0;
 	if (options->visual_host_key == -1)
 		options->visual_host_key = 0;
 	if (options->ip_qos_interactive == -1)
Index: openssh-6.7p1/ssh.c
===================================================================
--- openssh-6.7p1.orig/ssh.c
+++ openssh-6.7p1/ssh.c
@@ -1800,9 +1800,6 @@ ssh_session2(void)
 			fork_postauth();
 	}
 
-	if (options.use_roaming)
-		request_roaming();
-
 	return client_loop(tty_flag, tty_flag ?
 	    options.escape_char : SSH_ESCAPECHAR_NONE, id);
 }