Bug#495917: [openssh] netscreen complete fix patch

[Florian Lohoff <flo@rfc822.org>]

Hi,

this is the complete fix from the OpenBSD cvs - applies with little
offsets, compiles and works for us (netscreen OS 5.4.x)

Flo

--- src/usr.bin/ssh/compat.c	2006/12/12 03:58:42	1.77
+++ src/usr.bin/ssh/compat.c	2008/09/11 15:22:37	1.78
@@ -1,4 +1,4 @@
-/* $OpenBSD: compat.c,v 1.77 2006/12/12 03:58:42 djm Exp $ */
+/* $OpenBSD: compat.c,v 1.78 2008/09/11 14:22:37 markus Exp $ */
 /*
  * Copyright (c) 1999, 2000, 2001, 2002 Markus Friedl.  All rights reserved.
  *
@@ -89,7 +89,8 @@ compat_datafellows(const char *version)
 		  "OpenSSH_3.1*",	SSH_BUG_EXTEOF|SSH_OLD_FORWARD_ADDR},
 		{ "OpenSSH_3.*",	SSH_OLD_FORWARD_ADDR },
 		{ "Sun_SSH_1.0*",	SSH_BUG_NOREKEY|SSH_BUG_EXTEOF},
-		{ "OpenSSH*",		0 },
+		{ "OpenSSH_4*",		0 },
+		{ "OpenSSH*",		SSH_NEW_OPENSSH },
 		{ "*MindTerm*",		0 },
 		{ "2.1.0*",		SSH_BUG_SIGBLOB|SSH_BUG_HMAC|
 					SSH_OLD_SESSIONID|SSH_BUG_DEBUG|
--- src/usr.bin/ssh/compat.h	2006/12/12 03:58:42	1.41
+++ src/usr.bin/ssh/compat.h	2008/09/11 15:22:37	1.42
@@ -1,4 +1,4 @@
-/* $OpenBSD: compat.h,v 1.41 2006/12/12 03:58:42 djm Exp $ */
+/* $OpenBSD: compat.h,v 1.42 2008/09/11 14:22:37 markus Exp $ */
 
 /*
  * Copyright (c) 1999, 2000, 2001 Markus Friedl.  All rights reserved.
@@ -57,6 +57,7 @@
 #define SSH_BUG_FIRSTKEX	0x00800000
 #define SSH_OLD_FORWARD_ADDR	0x01000000
 #define SSH_BUG_RFWD_ADDR	0x02000000
+#define SSH_NEW_OPENSSH		0x04000000
 
 void     enable_compat13(void);
 void     enable_compat20(void);
--- src/usr.bin/ssh/ssh.c	2008/07/02 14:47:39	1.318
+++ src/usr.bin/ssh/ssh.c	2008/09/11 15:22:37	1.319
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh.c,v 1.318 2008/07/02 13:47:39 djm Exp $ */
+/* $OpenBSD: ssh.c,v 1.319 2008/09/11 14:22:37 markus Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -1181,7 +1181,8 @@ ssh_session2(void)
 		id = ssh_session2_open();
 
 	/* If we don't expect to open a new session, then disallow it */
-	if (options.control_master == SSHCTL_MASTER_NO) {
+	if (options.control_master == SSHCTL_MASTER_NO &&
+	    (datafellows & SSH_NEW_OPENSSH)) {
 		debug("Requesting no-more-sessions@openssh.com");
 		packet_start(SSH2_MSG_GLOBAL_REQUEST);
 		packet_put_cstring("no-more-sessions@openssh.com");


Flo
-- 
Florian Lohoff                  flo@rfc822.org             +49-171-2280134
	Those who would give up a little freedom to get a little 
          security shall soon have neither - Benjamin Franklin

Attachment: signature.asc
Description: Digital signature