[people/arne_f/ipfire-3.x.git] / openssh / patches / openssh-6.1p1-vendor.patch

diff -up openssh-6.1p1/configure.ac.vendor openssh-6.1p1/configure.ac
--- openssh-6.1p1/configure.ac.vendor	2012-09-14 20:36:49.153085211 +0200
+++ openssh-6.1p1/configure.ac	2012-09-14 20:36:49.559088133 +0200
@@ -4303,6 +4303,12 @@ AC_ARG_WITH([lastlog],
 		fi
 	]
 )
+AC_ARG_ENABLE(vendor-patchlevel,
+  [  --enable-vendor-patchlevel=TAG  specify a vendor patch level],
+  [AC_DEFINE_UNQUOTED(SSH_VENDOR_PATCHLEVEL,[SSH_RELEASE "-" "$enableval"],[Define to your vendor patch level, if it has been modified from the upstream source release.])
+   SSH_VENDOR_PATCHLEVEL="$enableval"],
+  [AC_DEFINE(SSH_VENDOR_PATCHLEVEL,SSH_RELEASE,[Define to your vendor patch level, if it has been modified from the upstream source release.])
+   SSH_VENDOR_PATCHLEVEL=none])
 
 dnl lastlog, [uw]tmpx? detection
 dnl  NOTE: set the paths in the platform section to avoid the
@@ -4529,6 +4535,7 @@ echo "           Translate v4 in v6 hack
 echo "                  BSD Auth support: $BSD_AUTH_MSG"
 echo "              Random number source: $RAND_MSG"
 echo "             Privsep sandbox style: $SANDBOX_STYLE"
+echo "                Vendor patch level: $SSH_VENDOR_PATCHLEVEL"
 
 echo ""
 
diff -up openssh-6.1p1/servconf.c.vendor openssh-6.1p1/servconf.c
--- openssh-6.1p1/servconf.c.vendor	2012-09-14 20:36:49.124085002 +0200
+++ openssh-6.1p1/servconf.c	2012-09-14 20:50:34.995972516 +0200
@@ -128,6 +128,7 @@ initialize_server_options(ServerOptions
 	options->max_authtries = -1;
 	options->max_sessions = -1;
 	options->banner = NULL;
+	options->show_patchlevel = -1;
 	options->use_dns = -1;
 	options->client_alive_interval = -1;
 	options->client_alive_count_max = -1;
@@ -289,6 +290,9 @@ fill_default_server_options(ServerOption
 		options->ip_qos_bulk = IPTOS_THROUGHPUT;
 	if (options->version_addendum == NULL)
 		options->version_addendum = xstrdup("");
+	if (options->show_patchlevel == -1)
+		options->show_patchlevel = 0;
+
 	/* Turn privilege separation on by default */
 	if (use_privsep == -1)
 		use_privsep = PRIVSEP_NOSANDBOX;
@@ -326,7 +330,7 @@ typedef enum {
 	sIgnoreUserKnownHosts, sCiphers, sMacs, sProtocol, sPidFile,
 	sGatewayPorts, sPubkeyAuthentication, sXAuthLocation, sSubsystem,
 	sMaxStartups, sMaxAuthTries, sMaxSessions,
-	sBanner, sUseDNS, sHostbasedAuthentication,
+	sBanner, sShowPatchLevel, sUseDNS, sHostbasedAuthentication,
 	sHostbasedUsesNameFromPacketOnly, sClientAliveInterval,
 	sClientAliveCountMax, sAuthorizedKeysFile,
 	sGssAuthentication, sGssCleanupCreds, sAcceptEnv, sPermitTunnel,
@@ -441,6 +445,7 @@ static struct {
 	{ "maxauthtries", sMaxAuthTries, SSHCFG_ALL },
 	{ "maxsessions", sMaxSessions, SSHCFG_ALL },
 	{ "banner", sBanner, SSHCFG_ALL },
+	{ "showpatchlevel", sShowPatchLevel, SSHCFG_GLOBAL },
 	{ "usedns", sUseDNS, SSHCFG_GLOBAL },
 	{ "verifyreversemapping", sDeprecated, SSHCFG_GLOBAL },
 	{ "reversemappingcheck", sDeprecated, SSHCFG_GLOBAL },
@@ -1162,6 +1167,10 @@ process_server_config_line(ServerOptions
 		multistate_ptr = multistate_privsep;
 		goto parse_multistate;
 
+	case sShowPatchLevel:
+		intptr = &options->show_patchlevel;
+		goto parse_flag;
+
 	case sAllowUsers:
 		while ((arg = strdelim(&cp)) && *arg != '\0') {
 			if (options->num_allow_users >= MAX_ALLOW_USERS)
@@ -1956,6 +1965,7 @@ dump_config(ServerOptions *o)
 	dump_cfg_fmtint(sUseLogin, o->use_login);
 	dump_cfg_fmtint(sCompression, o->compression);
 	dump_cfg_fmtint(sGatewayPorts, o->gateway_ports);
+	dump_cfg_fmtint(sShowPatchLevel, o->show_patchlevel);
 	dump_cfg_fmtint(sUseDNS, o->use_dns);
 	dump_cfg_fmtint(sAllowTcpForwarding, o->allow_tcp_forwarding);
 	dump_cfg_fmtint(sUsePrivilegeSeparation, use_privsep);
diff -up openssh-6.1p1/servconf.h.vendor openssh-6.1p1/servconf.h
--- openssh-6.1p1/servconf.h.vendor	2012-09-14 20:36:49.125085009 +0200
+++ openssh-6.1p1/servconf.h	2012-09-14 20:36:49.564088168 +0200
@@ -140,6 +140,7 @@ typedef struct {
 	int	max_authtries;
 	int	max_sessions;
 	char   *banner;			/* SSH-2 banner message */
+	int	show_patchlevel;	/* Show vendor patch level to clients */
 	int	use_dns;
 	int	client_alive_interval;	/*
 					 * poke the client this often to
diff -up openssh-6.1p1/sshd_config.vendor openssh-6.1p1/sshd_config
--- openssh-6.1p1/sshd_config.vendor	2012-09-14 20:36:49.507087759 +0200
+++ openssh-6.1p1/sshd_config	2012-09-14 20:36:49.565088175 +0200
@@ -114,6 +114,7 @@ UsePrivilegeSeparation sandbox		# Defaul
 #Compression delayed
 #ClientAliveInterval 0
 #ClientAliveCountMax 3
+#ShowPatchLevel no
 #UseDNS yes
 #PidFile /var/run/sshd.pid
 #MaxStartups 10
diff -up openssh-6.1p1/sshd_config.0.vendor openssh-6.1p1/sshd_config.0
--- openssh-6.1p1/sshd_config.0.vendor	2012-09-14 20:36:49.510087780 +0200
+++ openssh-6.1p1/sshd_config.0	2012-09-14 20:36:49.567088190 +0200
@@ -558,6 +558,11 @@ DESCRIPTION
              Defines the number of bits in the ephemeral protocol version 1
              server key.  The minimum value is 512, and the default is 1024.
 
+     ShowPatchLevel
+	     Specifies whether sshd will display the specific patch level of
+	     the binary in the server identification string.  The patch level
+	     is set at compile-time.  The default is M-bM-^@M-^\noM-bM-^@M-^].
+
      StrictModes
              Specifies whether sshd(8) should check file modes and ownership
              of the user's files and home directory before accepting login.
diff -up openssh-6.1p1/sshd_config.5.vendor openssh-6.1p1/sshd_config.5
--- openssh-6.1p1/sshd_config.5.vendor	2012-09-14 20:36:49.512087794 +0200
+++ openssh-6.1p1/sshd_config.5	2012-09-14 20:36:49.568088198 +0200
@@ -978,6 +978,14 @@ This option applies to protocol version
 .It Cm ServerKeyBits
 Defines the number of bits in the ephemeral protocol version 1 server key.
 The minimum value is 512, and the default is 1024.
+.It Cm ShowPatchLevel 
+Specifies whether 
+.Nm sshd 
+will display the patch level of the binary in the identification string. 
+The patch level is set at compile-time. 
+The default is 
+.Dq no . 
+This option applies to protocol version 1 only. 
 .It Cm StrictModes
 Specifies whether
 .Xr sshd 8
diff -up openssh-6.1p1/sshd.c.vendor openssh-6.1p1/sshd.c
--- openssh-6.1p1/sshd.c.vendor	2012-09-14 20:36:49.399086981 +0200
+++ openssh-6.1p1/sshd.c	2012-09-14 20:47:30.696088744 +0200
@@ -433,7 +433,7 @@ sshd_exchange_identification(int sock_in
 	}
 
 	xasprintf(&server_version_string, "SSH-%d.%d-%.100s%s%s%s",
-	    major, minor, SSH_VERSION,
+	    major, minor, (options.show_patchlevel == 1) ? SSH_VENDOR_PATCHLEVEL : SSH_VERSION,
 	    *options.version_addendum == '\0' ? "" : " ",
 	    options.version_addendum, newline);
 
@@ -1635,7 +1635,8 @@ main(int ac, char **av)
 		exit(1);
 	}
 
-	debug("sshd version %.100s", SSH_RELEASE);
+	debug("sshd version %.100s",
+	      (options.show_patchlevel == 1) ? SSH_VENDOR_PATCHLEVEL : SSH_RELEASE);
 
 	/* Store privilege separation user for later use if required. */
 	if ((privsep_pw = getpwnam(SSH_PRIVSEP_USER)) == NULL) {
Commit	Line	Data
43c69e28 SS	1	diff -up openssh-6.1p1/configure.ac.vendor openssh-6.1p1/configure.ac
	2	--- openssh-6.1p1/configure.ac.vendor 2012-09-14 20:36:49.153085211 +0200
	3	+++ openssh-6.1p1/configure.ac 2012-09-14 20:36:49.559088133 +0200
	4	@@ -4303,6 +4303,12 @@ AC_ARG_WITH([lastlog],
9d8fd3ad SS	5	fi
	6	]
	7	)
	8	+AC_ARG_ENABLE(vendor-patchlevel,
	9	+ [ --enable-vendor-patchlevel=TAG specify a vendor patch level],
	10	+ [AC_DEFINE_UNQUOTED(SSH_VENDOR_PATCHLEVEL,[SSH_RELEASE "-" "$enableval"],[Define to your vendor patch level, if it has been modified from the upstream source release.])
	11	+ SSH_VENDOR_PATCHLEVEL="$enableval"],
	12	+ [AC_DEFINE(SSH_VENDOR_PATCHLEVEL,SSH_RELEASE,[Define to your vendor patch level, if it has been modified from the upstream source release.])
	13	+ SSH_VENDOR_PATCHLEVEL=none])
	14
	15	dnl lastlog, [uw]tmpx? detection
	16	dnl NOTE: set the paths in the platform section to avoid the
43c69e28	17	@@ -4529,6 +4535,7 @@ echo " Translate v4 in v6 hack
9d8fd3ad SS	18	echo " BSD Auth support: $BSD_AUTH_MSG"
	19	echo " Random number source: $RAND_MSG"
	20	echo " Privsep sandbox style: $SANDBOX_STYLE"
	21	+echo " Vendor patch level: $SSH_VENDOR_PATCHLEVEL"
	22
	23	echo ""
	24
43c69e28 SS	25	diff -up openssh-6.1p1/servconf.c.vendor openssh-6.1p1/servconf.c
	26	--- openssh-6.1p1/servconf.c.vendor 2012-09-14 20:36:49.124085002 +0200
	27	+++ openssh-6.1p1/servconf.c 2012-09-14 20:50:34.995972516 +0200
	28	@@ -128,6 +128,7 @@ initialize_server_options(ServerOptions
9d8fd3ad SS	29	options->max_authtries = -1;
	30	options->max_sessions = -1;
	31	options->banner = NULL;
	32	+ options->show_patchlevel = -1;
	33	options->use_dns = -1;
	34	options->client_alive_interval = -1;
	35	options->client_alive_count_max = -1;
43c69e28	36	@@ -289,6 +290,9 @@ fill_default_server_options(ServerOption
9d8fd3ad	37	options->ip_qos_bulk = IPTOS_THROUGHPUT;
43c69e28 SS	38	if (options->version_addendum == NULL)
43c69e28 SS	39	options->version_addendum = xstrdup("");
9d8fd3ad	40	+ if (options->show_patchlevel == -1)
43c69e28 SS	41	+ options->show_patchlevel = 0;
43c69e28 SS	42	+
9d8fd3ad SS	43	/* Turn privilege separation on by default */
9d8fd3ad SS	44	if (use_privsep == -1)
43c69e28 SS	45	use_privsep = PRIVSEP_NOSANDBOX;
43c69e28 SS	46	@@ -326,7 +330,7 @@ typedef enum {
9d8fd3ad SS	47	sIgnoreUserKnownHosts, sCiphers, sMacs, sProtocol, sPidFile,
	48	sGatewayPorts, sPubkeyAuthentication, sXAuthLocation, sSubsystem,
	49	sMaxStartups, sMaxAuthTries, sMaxSessions,
	50	- sBanner, sUseDNS, sHostbasedAuthentication,
	51	+ sBanner, sShowPatchLevel, sUseDNS, sHostbasedAuthentication,
43c69e28 SS	52	sHostbasedUsesNameFromPacketOnly, sClientAliveInterval,
	53	sClientAliveCountMax, sAuthorizedKeysFile,
	54	sGssAuthentication, sGssCleanupCreds, sAcceptEnv, sPermitTunnel,
	55	@@ -441,6 +445,7 @@ static struct {
9d8fd3ad SS	56	{ "maxauthtries", sMaxAuthTries, SSHCFG_ALL },
	57	{ "maxsessions", sMaxSessions, SSHCFG_ALL },
	58	{ "banner", sBanner, SSHCFG_ALL },
	59	+ { "showpatchlevel", sShowPatchLevel, SSHCFG_GLOBAL },
	60	{ "usedns", sUseDNS, SSHCFG_GLOBAL },
	61	{ "verifyreversemapping", sDeprecated, SSHCFG_GLOBAL },
	62	{ "reversemappingcheck", sDeprecated, SSHCFG_GLOBAL },
43c69e28	63	@@ -1162,6 +1167,10 @@ process_server_config_line(ServerOptions
9d8fd3ad SS	64	multistate_ptr = multistate_privsep;
	65	goto parse_multistate;
	66
	67	+ case sShowPatchLevel:
	68	+ intptr = &options->show_patchlevel;
	69	+ goto parse_flag;
	70	+
	71	case sAllowUsers:
	72	while ((arg = strdelim(&cp)) && *arg != '\0') {
	73	if (options->num_allow_users >= MAX_ALLOW_USERS)
43c69e28	74	@@ -1956,6 +1965,7 @@ dump_config(ServerOptions *o)
9d8fd3ad SS	75	dump_cfg_fmtint(sUseLogin, o->use_login);
	76	dump_cfg_fmtint(sCompression, o->compression);
	77	dump_cfg_fmtint(sGatewayPorts, o->gateway_ports);
	78	+ dump_cfg_fmtint(sShowPatchLevel, o->show_patchlevel);
	79	dump_cfg_fmtint(sUseDNS, o->use_dns);
	80	dump_cfg_fmtint(sAllowTcpForwarding, o->allow_tcp_forwarding);
	81	dump_cfg_fmtint(sUsePrivilegeSeparation, use_privsep);
43c69e28 SS	82	diff -up openssh-6.1p1/servconf.h.vendor openssh-6.1p1/servconf.h
	83	--- openssh-6.1p1/servconf.h.vendor 2012-09-14 20:36:49.125085009 +0200
	84	+++ openssh-6.1p1/servconf.h 2012-09-14 20:36:49.564088168 +0200
	85	@@ -140,6 +140,7 @@ typedef struct {
9d8fd3ad SS	86	int max_authtries;
	87	int max_sessions;
	88	char banner; / SSH-2 banner message */
	89	+ int show_patchlevel; /* Show vendor patch level to clients */
	90	int use_dns;
	91	int client_alive_interval; /*
	92	* poke the client this often to
43c69e28 SS	93	diff -up openssh-6.1p1/sshd_config.vendor openssh-6.1p1/sshd_config
	94	--- openssh-6.1p1/sshd_config.vendor 2012-09-14 20:36:49.507087759 +0200
	95	+++ openssh-6.1p1/sshd_config 2012-09-14 20:36:49.565088175 +0200
	96	@@ -114,6 +114,7 @@ UsePrivilegeSeparation sandbox # Defaul
	97	#Compression delayed
	98	#ClientAliveInterval 0
	99	#ClientAliveCountMax 3
	100	+#ShowPatchLevel no
	101	#UseDNS yes
	102	#PidFile /var/run/sshd.pid
	103	#MaxStartups 10
	104	diff -up openssh-6.1p1/sshd_config.0.vendor openssh-6.1p1/sshd_config.0
	105	--- openssh-6.1p1/sshd_config.0.vendor 2012-09-14 20:36:49.510087780 +0200
	106	+++ openssh-6.1p1/sshd_config.0 2012-09-14 20:36:49.567088190 +0200
	107	@@ -558,6 +558,11 @@ DESCRIPTION
9d8fd3ad SS	108	Defines the number of bits in the ephemeral protocol version 1
	109	server key. The minimum value is 512, and the default is 1024.
	110
	111	+ ShowPatchLevel
	112	+ Specifies whether sshd will display the specific patch level of
	113	+ the binary in the server identification string. The patch level
	114	+ is set at compile-time. The default is M-bM-^@M-^\noM-bM-^@M-^].
	115	+
	116	StrictModes
	117	Specifies whether sshd(8) should check file modes and ownership
	118	of the user's files and home directory before accepting login.
43c69e28 SS	119	diff -up openssh-6.1p1/sshd_config.5.vendor openssh-6.1p1/sshd_config.5
	120	--- openssh-6.1p1/sshd_config.5.vendor 2012-09-14 20:36:49.512087794 +0200
	121	+++ openssh-6.1p1/sshd_config.5 2012-09-14 20:36:49.568088198 +0200
	122	@@ -978,6 +978,14 @@ This option applies to protocol version
9d8fd3ad SS	123	.It Cm ServerKeyBits
	124	Defines the number of bits in the ephemeral protocol version 1 server key.
	125	The minimum value is 512, and the default is 1024.
	126	+.It Cm ShowPatchLevel
	127	+Specifies whether
	128	+.Nm sshd
	129	+will display the patch level of the binary in the identification string.
	130	+The patch level is set at compile-time.
	131	+The default is
	132	+.Dq no .
	133	+This option applies to protocol version 1 only.
	134	.It Cm StrictModes
	135	Specifies whether
	136	.Xr sshd 8
43c69e28 SS	137	diff -up openssh-6.1p1/sshd.c.vendor openssh-6.1p1/sshd.c
	138	--- openssh-6.1p1/sshd.c.vendor 2012-09-14 20:36:49.399086981 +0200
	139	+++ openssh-6.1p1/sshd.c 2012-09-14 20:47:30.696088744 +0200
	140	@@ -433,7 +433,7 @@ sshd_exchange_identification(int sock_in
	141	}
	142
	143	xasprintf(&server_version_string, "SSH-%d.%d-%.100s%s%s%s",
	144	- major, minor, SSH_VERSION,
	145	+ major, minor, (options.show_patchlevel == 1) ? SSH_VENDOR_PATCHLEVEL : SSH_VERSION,
	146	*options.version_addendum == '\0' ? "" : " ",
	147	options.version_addendum, newline);
	148
	149	@@ -1635,7 +1635,8 @@ main(int ac, char **av)
	150	exit(1);
	151	}
	152
	153	- debug("sshd version %.100s", SSH_RELEASE);
	154	+ debug("sshd version %.100s",
	155	+ (options.show_patchlevel == 1) ? SSH_VENDOR_PATCHLEVEL : SSH_RELEASE);
	156
	157	/* Store privilege separation user for later use if required. */
	158	if ((privsep_pw = getpwnam(SSH_PRIVSEP_USER)) == NULL) {