Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

===================================================================
RCS file: /ftp/cvs/cvsroot/src/crypto/external/bsd/openssh/dist/auth2-hostbased.c,v
rcsdiff: /ftp/cvs/cvsroot/src/crypto/external/bsd/openssh/dist/auth2-hostbased.c,v: warning: Unknown phrases like `commitid ...;' are present.
retrieving revision 1.5
retrieving revision 1.6
diff -u -p -r1.5 -r1.6
--- src/crypto/external/bsd/openssh/dist/auth2-hostbased.c	2013/11/08 19:18:24	1.5
+++ src/crypto/external/bsd/openssh/dist/auth2-hostbased.c	2014/10/19 16:30:58	1.6
@@ -1,5 +1,5 @@
-/*	$NetBSD: auth2-hostbased.c,v 1.5 2013/11/08 19:18:24 christos Exp $	*/
-/* $OpenBSD: auth2-hostbased.c,v 1.16 2013/06/21 00:34:49 djm Exp $ */
+/*	$NetBSD: auth2-hostbased.c,v 1.6 2014/10/19 16:30:58 christos Exp $	*/
+/* $OpenBSD: auth2-hostbased.c,v 1.18 2014/07/15 15:54:14 millert Exp $ */
 /*
  * Copyright (c) 2000 Markus Friedl.  All rights reserved.
  *
@@ -25,7 +25,7 @@
  */
 
 #include "includes.h"
-__RCSID("$NetBSD: auth2-hostbased.c,v 1.5 2013/11/08 19:18:24 christos Exp $");
+__RCSID("$NetBSD: auth2-hostbased.c,v 1.6 2014/10/19 16:30:58 christos Exp $");
 #include <sys/types.h>
 
 #include <pwd.h>
@@ -37,6 +37,7 @@ __RCSID("$NetBSD: auth2-hostbased.c,v 1.
 #include "packet.h"
 #include "buffer.h"
 #include "log.h"
+#include "misc.h"
 #include "servconf.h"
 #include "compat.h"
 #include "key.h"
@@ -101,6 +102,12 @@ userauth_hostbased(Authctxt *authctxt)
 		    "(received %d, expected %d)", key->type, pktype);
 		goto done;
 	}
+	if (key_type_plain(key->type) == KEY_RSA &&
+	    (datafellows & SSH_BUG_RSASIGMD5) != 0) {
+		error("Refusing RSA key because peer uses unsafe "
+		    "signature format");
+		goto done;
+	}
 	service = datafellows & SSH_BUG_HBSERVICE ? __UNCONST("ssh-userauth") :
 	    authctxt->service;
 	buffer_init(&b);