aboutsummaryrefslogtreecommitdiffstats
path: root/meta/recipes-connectivity/openssh/openssh-6.0p1/cve-2010-5107.patch
blob: 148dc510c1df7137a7f3ea9f81e175ccc7eb1069 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
Fix CVE-2010-5107 by backporting the relevant changes from upstream CVS.

http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/servconf.c?r1=1.234#rev1.234
http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/sshd_config.5?r1=1.156#rev1.156
http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/sshd_config?r1=1.89#rev1.89

Upstream-Status: Backport
Signed-off-by: Ross Burton <ross.burton@intel.com>

--- a/src/usr.bin/ssh/sshd_config	2012/10/30 22:29:55	1.88
+++ b/src/usr.bin/ssh/sshd_config	2013/02/06 00:20:42	1.89
@@ -96,7 +96,7 @@ UsePrivilegeSeparation sandbox		# Default for new inst
 #ClientAliveCountMax 3
 #UseDNS yes
 #PidFile /var/run/sshd.pid
-#MaxStartups 10
+#MaxStartups 10:30:100
 #PermitTunnel no
 #ChrootDirectory none
 #VersionAddendum none

--- a/src/usr.bin/ssh/sshd_config.5	2013/01/18 08:00:49	1.155
+++ b/src/usr.bin/ssh/sshd_config.5	2013/02/06 00:20:42	1.156
@@ -821,7 +821,7 @@ SSH daemon.
 Additional connections will be dropped until authentication succeeds or the
 .Cm LoginGraceTime
 expires for a connection.
-The default is 10.
+The default is 10:30:100.
 .Pp
 Alternatively, random early drop can be enabled by specifying
 the three colon separated values

--- a/src/usr.bin/ssh/servconf.c	2012/12/02 20:46:11	1.233
+++ b/src/usr.bin/ssh/servconf.c	2013/02/06 00:20:42	1.234
@@ -242,11 +242,11 @@ fill_default_server_options(ServerOptions *options)
 	if (options->gateway_ports == -1)
 		options->gateway_ports = 0;
 	if (options->max_startups == -1)
-		options->max_startups = 10;
+		options->max_startups = 100;
 	if (options->max_startups_rate == -1)
-		options->max_startups_rate = 100;		/* 100% */
+		options->max_startups_rate = 30;		/* 30% */
 	if (options->max_startups_begin == -1)
-		options->max_startups_begin = options->max_startups;
+		options->max_startups_begin = 10;
 	if (options->max_authtries == -1)
 		options->max_authtries = DEFAULT_AUTH_FAIL_MAX;
 	if (options->max_sessions == -1)