File openssh-6.6p1-disable_roaming.patch of Package openssh.1821

# HG changeset patch
# Parent  c0c4ec1e8f1d8e0db43ef63bd57c724ec5453a7d
Completely disable roaming code since it contains exploitable bugs (upstream
solution).

CVE-2016-0777, bsc#961642
CVE-2016-0778, bsc#961645

diff --git a/openssh-6.6p1/readconf.c b/openssh-6.6p1/readconf.c
--- a/openssh-6.6p1/readconf.c
+++ b/openssh-6.6p1/readconf.c
@@ -1607,17 +1607,17 @@ initialize_options(Options * options)
 	options->control_persist = -1;
 	options->control_persist_timeout = 0;
 	options->hash_known_hosts = -1;
 	options->tun_open = -1;
 	options->tun_local = -1;
 	options->tun_remote = -1;
 	options->local_command = NULL;
 	options->permit_local_command = -1;
-	options->use_roaming = -1;
+	options->use_roaming = 0;
 	options->visual_host_key = -1;
 	options->ip_qos_interactive = -1;
 	options->ip_qos_bulk = -1;
 	options->request_tty = -1;
 	options->proxy_use_fdpass = -1;
 	options->ignored_unknown = NULL;
 	options->num_canonical_domains = 0;
 	options->num_permitted_cnames = 0;
@@ -1790,18 +1790,17 @@ fill_default_options(Options * options)
 	if (options->tun_open == -1)
 		options->tun_open = SSH_TUNMODE_NO;
 	if (options->tun_local == -1)
 		options->tun_local = SSH_TUNID_ANY;
 	if (options->tun_remote == -1)
 		options->tun_remote = SSH_TUNID_ANY;
 	if (options->permit_local_command == -1)
 		options->permit_local_command = 0;
-	if (options->use_roaming == -1)
-		options->use_roaming = 1;
+	options->use_roaming = 0;
 	if (options->visual_host_key == -1)
 		options->visual_host_key = 0;
 	if (options->ip_qos_interactive == -1)
 		options->ip_qos_interactive = IPTOS_LOWDELAY;
 	if (options->ip_qos_bulk == -1)
 		options->ip_qos_bulk = IPTOS_THROUGHPUT;
 	if (options->request_tty == -1)
 		options->request_tty = REQUEST_TTY_AUTO;