MFS (r296781):

  MFH (r296633): upgrade to 7.2p2 (fixes xauth command injection bug)
  MFH (r296634): re-add aes-cbc to server-side default cipher list
  MFH (r296651, r296657): fix gcc build of pam_ssh

PR:		207679
Security:	CVE-2016-3115
Approved by:	re (marius)

2 files changed, 5 insertions, 5 deletions

diff --git a/lib/libpam/modules/pam_ssh/Makefile b/lib/libpam/modules/pam_ssh/Makefile
index dc86e06..56f3781 100644
--- a/lib/libpam/modules/pam_ssh/Makefile
+++ b/lib/libpam/modules/pam_ssh/Makefile
@@ -7,10 +7,7 @@ LIB=	pam_ssh
 MAN=	pam_ssh.8
 SRCS=	pam_ssh.c
 
-# required when linking with a dynamic libssh
-SRCS+=	roaming_dummy.c
-
-WARNS?=	3
+WARNS?=	5
 CFLAGS+= -I${SSHDIR} -include ssh_namespace.h
 SRCS+=	 ssh_namespace.h
 
diff --git a/lib/libpam/modules/pam_ssh/pam_ssh.c b/lib/libpam/modules/pam_ssh/pam_ssh.c
index 8fc68fd..f95c737 100644
--- a/lib/libpam/modules/pam_ssh/pam_ssh.c
+++ b/lib/libpam/modules/pam_ssh/pam_ssh.c
@@ -57,6 +57,7 @@ __FBSDID("$FreeBSD$");
 
 #include <openssl/evp.h>
 
+#define __bounded__(x, y, z)
 #include "key.h"
 #include "buffer.h"
 #include "authfd.h"
@@ -84,7 +85,9 @@ static const char *pam_ssh_keyfiles[] = {
 };
 
 static const char *pam_ssh_agent = "/usr/bin/ssh-agent";
-static char *const pam_ssh_agent_argv[] = { "ssh_agent", "-s", NULL };
+static char str_ssh_agent[] = "ssh-agent";
+static char str_dash_s[] = "-s";
+static char *const pam_ssh_agent_argv[] = { str_ssh_agent, str_dash_s, NULL };
 static char *const pam_ssh_agent_envp[] = { NULL };
 
 /*