openssh: Update to 5.9p1.

[people/ms/ipfire-3.x.git] / openssh / patches / openssh-5.9p1-vendor.patch

diff --git a/openssh/patches/openssh-5.9p1-vendor.patch b/openssh/patches/openssh-5.9p1-vendor.patch
new file mode 100644 (file)
index 0000000..3e63d3b
--- /dev/null
+++ b/openssh/patches/openssh-5.9p1-vendor.patch
@@ -0,0 +1,157 @@
+diff -up openssh-5.9p0/configure.ac.vendor openssh-5.9p0/configure.ac
+--- openssh-5.9p0/configure.ac.vendor  2011-09-03 20:24:29.899501572 +0200
++++ openssh-5.9p0/configure.ac 2011-09-03 20:24:39.153501595 +0200
+@@ -4131,6 +4131,12 @@ AC_ARG_WITH([lastlog],
+               fi
+       ]
+ )
++AC_ARG_ENABLE(vendor-patchlevel,
++  [  --enable-vendor-patchlevel=TAG  specify a vendor patch level],
++  [AC_DEFINE_UNQUOTED(SSH_VENDOR_PATCHLEVEL,[SSH_RELEASE "-" "$enableval"],[Define to your vendor patch level, if it has been modified from the upstream source release.])
++   SSH_VENDOR_PATCHLEVEL="$enableval"],
++  [AC_DEFINE(SSH_VENDOR_PATCHLEVEL,SSH_RELEASE,[Define to your vendor patch level, if it has been modified from the upstream source release.])
++   SSH_VENDOR_PATCHLEVEL=none])
+ 
+ dnl lastlog, [uw]tmpx? detection
+ dnl  NOTE: set the paths in the platform section to avoid the
+@@ -4357,6 +4363,7 @@ echo "           Translate v4 in v6 hack
+ echo "                  BSD Auth support: $BSD_AUTH_MSG"
+ echo "              Random number source: $RAND_MSG"
+ echo "             Privsep sandbox style: $SANDBOX_STYLE"
++echo "                Vendor patch level: $SSH_VENDOR_PATCHLEVEL"
+ 
+ echo ""
+ 
+diff -up openssh-5.9p0/servconf.c.vendor openssh-5.9p0/servconf.c
+--- openssh-5.9p0/servconf.c.vendor    2011-09-03 20:24:29.080500853 +0200
++++ openssh-5.9p0/servconf.c   2011-09-03 20:27:15.727564566 +0200
+@@ -130,6 +130,7 @@ initialize_server_options(ServerOptions
+       options->max_authtries = -1;
+       options->max_sessions = -1;
+       options->banner = NULL;
++      options->show_patchlevel = -1;
+       options->use_dns = -1;
+       options->client_alive_interval = -1;
+       options->client_alive_count_max = -1;
+@@ -300,6 +301,8 @@ fill_default_server_options(ServerOption
+               options->ip_qos_interactive = IPTOS_LOWDELAY;
+       if (options->ip_qos_bulk == -1)
+               options->ip_qos_bulk = IPTOS_THROUGHPUT;
++      if (options->show_patchlevel == -1)
++              options->show_patchlevel = 0;
+ 
+       /* Turn privilege separation on by default */
+       if (use_privsep == -1)
+@@ -338,7 +341,7 @@ typedef enum {
+       sIgnoreUserKnownHosts, sCiphers, sMacs, sProtocol, sPidFile,
+       sGatewayPorts, sPubkeyAuthentication, sXAuthLocation, sSubsystem,
+       sMaxStartups, sMaxAuthTries, sMaxSessions,
+-      sBanner, sUseDNS, sHostbasedAuthentication,
++      sBanner, sShowPatchLevel, sUseDNS, sHostbasedAuthentication,
+       sHostbasedUsesNameFromPacketOnly, sTwoFactorAuthentication,
+       sSecondPubkeyAuthentication, sSecondGssAuthentication,
+       sSecondPasswordAuthentication, sSecondKbdInteractiveAuthentication,
+@@ -470,6 +473,7 @@ static struct {
+       { "maxauthtries", sMaxAuthTries, SSHCFG_ALL },
+       { "maxsessions", sMaxSessions, SSHCFG_ALL },
+       { "banner", sBanner, SSHCFG_ALL },
++      { "showpatchlevel", sShowPatchLevel, SSHCFG_GLOBAL },
+       { "usedns", sUseDNS, SSHCFG_GLOBAL },
+       { "verifyreversemapping", sDeprecated, SSHCFG_GLOBAL },
+       { "reversemappingcheck", sDeprecated, SSHCFG_GLOBAL },
+@@ -1152,6 +1156,10 @@ process_server_config_line(ServerOptions
+               multistate_ptr = multistate_privsep;
+               goto parse_multistate;
+ 
++      case sShowPatchLevel:
++              intptr = &options->show_patchlevel;
++              goto parse_flag;
++
+       case sAllowUsers:
+               while ((arg = strdelim(&cp)) && *arg != '\0') {
+                       if (options->num_allow_users >= MAX_ALLOW_USERS)
+@@ -1849,6 +1857,7 @@ dump_config(ServerOptions *o)
+       dump_cfg_fmtint(sUseLogin, o->use_login);
+       dump_cfg_fmtint(sCompression, o->compression);
+       dump_cfg_fmtint(sGatewayPorts, o->gateway_ports);
++      dump_cfg_fmtint(sShowPatchLevel, o->show_patchlevel);
+       dump_cfg_fmtint(sUseDNS, o->use_dns);
+       dump_cfg_fmtint(sAllowTcpForwarding, o->allow_tcp_forwarding);
+       dump_cfg_fmtint(sUsePrivilegeSeparation, use_privsep);
+diff -up openssh-5.9p0/servconf.h.vendor openssh-5.9p0/servconf.h
+--- openssh-5.9p0/servconf.h.vendor    2011-09-03 20:24:29.179632045 +0200
++++ openssh-5.9p0/servconf.h   2011-09-03 20:24:39.426502323 +0200
+@@ -148,6 +148,7 @@ typedef struct {
+       int     max_authtries;
+       int     max_sessions;
+       char   *banner;                 /* SSH-2 banner message */
++      int     show_patchlevel;        /* Show vendor patch level to clients */
+       int     use_dns;
+       int     client_alive_interval;  /*
+                                        * poke the client this often to
+diff -up openssh-5.9p0/sshd.c.vendor openssh-5.9p0/sshd.c
+--- openssh-5.9p0/sshd.c.vendor        2011-09-03 20:24:35.987501565 +0200
++++ openssh-5.9p0/sshd.c       2011-09-03 20:24:39.542501643 +0200
+@@ -431,7 +431,7 @@ sshd_exchange_identification(int sock_in
+               minor = PROTOCOL_MINOR_1;
+       }
+       snprintf(buf, sizeof buf, "SSH-%d.%d-%.100s%s", major, minor,
+-          SSH_VERSION, newline);
++         (options.show_patchlevel == 1) ? SSH_VENDOR_PATCHLEVEL : SSH_VERSION, newline);
+       server_version_string = xstrdup(buf);
+ 
+       /* Send our protocol version identification. */
+@@ -1627,7 +1627,8 @@ main(int ac, char **av)
+               exit(1);
+       }
+ 
+-      debug("sshd version %.100s", SSH_RELEASE);
++      debug("sshd version %.100s",
++            (options.show_patchlevel == 1) ? SSH_VENDOR_PATCHLEVEL : SSH_RELEASE);
+ 
+       /* Store privilege separation user for later use if required. */
+       if ((privsep_pw = getpwnam(SSH_PRIVSEP_USER)) == NULL) {
+diff -up openssh-5.9p0/sshd_config.0.vendor openssh-5.9p0/sshd_config.0
+--- openssh-5.9p0/sshd_config.0.vendor 2011-09-03 20:24:37.524438185 +0200
++++ openssh-5.9p0/sshd_config.0        2011-09-03 20:24:39.677508255 +0200
+@@ -556,6 +556,11 @@ DESCRIPTION
+              Defines the number of bits in the ephemeral protocol version 1
+              server key.  The minimum value is 512, and the default is 1024.
+ 
++     ShowPatchLevel
++           Specifies whether sshd will display the specific patch level of
++           the binary in the server identification string.  The patch level
++           is set at compile-time.  The default is M-bM-^@M-^\noM-bM-^@M-^].
++
+      StrictModes
+              Specifies whether sshd(8) should check file modes and ownership
+              of the user's files and home directory before accepting login.
+diff -up openssh-5.9p0/sshd_config.5.vendor openssh-5.9p0/sshd_config.5
+--- openssh-5.9p0/sshd_config.5.vendor 2011-09-03 20:24:37.640442022 +0200
++++ openssh-5.9p0/sshd_config.5        2011-09-03 20:24:40.176544206 +0200
+@@ -952,6 +952,14 @@ This option applies to protocol version
+ .It Cm ServerKeyBits
+ Defines the number of bits in the ephemeral protocol version 1 server key.
+ The minimum value is 512, and the default is 1024.
++.It Cm ShowPatchLevel 
++Specifies whether 
++.Nm sshd 
++will display the patch level of the binary in the identification string. 
++The patch level is set at compile-time. 
++The default is 
++.Dq no . 
++This option applies to protocol version 1 only. 
+ .It Cm StrictModes
+ Specifies whether
+ .Xr sshd 8
+diff -up openssh-5.9p0/sshd_config.vendor openssh-5.9p0/sshd_config
+--- openssh-5.9p0/sshd_config.vendor   2011-09-03 20:24:37.770439735 +0200
++++ openssh-5.9p0/sshd_config  2011-09-03 20:24:40.278628002 +0200
+@@ -120,6 +120,7 @@ X11Forwarding yes
+ #Compression delayed
+ #ClientAliveInterval 0
+ #ClientAliveCountMax 3
++#ShowPatchLevel no
+ #UseDNS yes
+ #PidFile /var/run/sshd.pid
+ #MaxStartups 10