2012-02-06 21:15:10 +00:00
diff -up openssh-5.9p1/configure.ac.vendor openssh-5.9p1/configure.ac
--- openssh-5.9p1/configure.ac.vendor 2012-02-06 17:35:37.439855272 +0100
+++ openssh-5.9p1/configure.ac 2012-02-06 17:35:37.510219862 +0100
@@ -4135,6 +4135,12 @@ AC_ARG_WITH([lastlog],
2011-09-07 13:12:54 +00:00
fi
]
)
+AC_ARG_ENABLE(vendor-patchlevel,
+ [ --enable-vendor-patchlevel=TAG specify a vendor patch level],
+ [AC_DEFINE_UNQUOTED(SSH_VENDOR_PATCHLEVEL,[SSH_RELEASE "-" "$enableval"],[Define to your vendor patch level, if it has been modified from the upstream source release.])
+ SSH_VENDOR_PATCHLEVEL="$enableval"],
+ [AC_DEFINE(SSH_VENDOR_PATCHLEVEL,SSH_RELEASE,[Define to your vendor patch level, if it has been modified from the upstream source release.])
+ SSH_VENDOR_PATCHLEVEL=none])
dnl lastlog, [uw]tmpx? detection
dnl NOTE: set the paths in the platform section to avoid the
2012-02-06 21:15:10 +00:00
@@ -4361,6 +4367,7 @@ echo " Translate v4 in v6 hack
2011-09-07 13:12:54 +00:00
echo " BSD Auth support: $BSD_AUTH_MSG"
echo " Random number source: $RAND_MSG"
echo " Privsep sandbox style: $SANDBOX_STYLE"
+echo " Vendor patch level: $SSH_VENDOR_PATCHLEVEL"
echo ""
2012-02-06 21:15:10 +00:00
diff -up openssh-5.9p1/servconf.c.vendor openssh-5.9p1/servconf.c
--- openssh-5.9p1/servconf.c.vendor 2012-02-06 17:35:37.432972267 +0100
+++ openssh-5.9p1/servconf.c 2012-02-06 17:37:58.806272833 +0100
@@ -125,6 +125,7 @@ initialize_server_options(ServerOptions
2011-09-07 13:12:54 +00:00
options->max_authtries = -1;
options->max_sessions = -1;
options->banner = NULL;
+ options->show_patchlevel = -1;
options->use_dns = -1;
options->client_alive_interval = -1;
options->client_alive_count_max = -1;
2012-02-06 21:15:10 +00:00
@@ -283,6 +284,8 @@ fill_default_server_options(ServerOption
2011-09-07 13:12:54 +00:00
options->ip_qos_interactive = IPTOS_LOWDELAY;
if (options->ip_qos_bulk == -1)
options->ip_qos_bulk = IPTOS_THROUGHPUT;
+ if (options->show_patchlevel == -1)
+ options->show_patchlevel = 0;
/* Turn privilege separation on by default */
if (use_privsep == -1)
2012-02-06 21:15:10 +00:00
@@ -321,7 +324,7 @@ typedef enum {
2011-09-07 13:12:54 +00:00
sIgnoreUserKnownHosts, sCiphers, sMacs, sProtocol, sPidFile,
sGatewayPorts, sPubkeyAuthentication, sXAuthLocation, sSubsystem,
sMaxStartups, sMaxAuthTries, sMaxSessions,
- sBanner, sUseDNS, sHostbasedAuthentication,
+ sBanner, sShowPatchLevel, sUseDNS, sHostbasedAuthentication,
2012-02-06 21:15:10 +00:00
sHostbasedUsesNameFromPacketOnly, sClientAliveInterval,
sClientAliveCountMax, sAuthorizedKeysFile,
sGssAuthentication, sGssCleanupCreds, sAcceptEnv, sPermitTunnel,
@@ -436,6 +439,7 @@ static struct {
2011-09-07 13:12:54 +00:00
{ "maxauthtries", sMaxAuthTries, SSHCFG_ALL },
{ "maxsessions", sMaxSessions, SSHCFG_ALL },
{ "banner", sBanner, SSHCFG_ALL },
+ { "showpatchlevel", sShowPatchLevel, SSHCFG_GLOBAL },
{ "usedns", sUseDNS, SSHCFG_GLOBAL },
{ "verifyreversemapping", sDeprecated, SSHCFG_GLOBAL },
{ "reversemappingcheck", sDeprecated, SSHCFG_GLOBAL },
2012-02-06 21:15:10 +00:00
@@ -1092,6 +1096,10 @@ process_server_config_line(ServerOptions
2011-09-07 13:12:54 +00:00
multistate_ptr = multistate_privsep;
goto parse_multistate;
+ case sShowPatchLevel:
+ intptr = &options->show_patchlevel;
+ goto parse_flag;
+
case sAllowUsers:
while ((arg = strdelim(&cp)) && *arg != '\0') {
if (options->num_allow_users >= MAX_ALLOW_USERS)
2012-02-06 21:15:10 +00:00
@@ -1807,6 +1815,7 @@ dump_config(ServerOptions *o)
2011-09-07 13:12:54 +00:00
dump_cfg_fmtint(sUseLogin, o->use_login);
dump_cfg_fmtint(sCompression, o->compression);
dump_cfg_fmtint(sGatewayPorts, o->gateway_ports);
+ dump_cfg_fmtint(sShowPatchLevel, o->show_patchlevel);
dump_cfg_fmtint(sUseDNS, o->use_dns);
dump_cfg_fmtint(sAllowTcpForwarding, o->allow_tcp_forwarding);
dump_cfg_fmtint(sUsePrivilegeSeparation, use_privsep);
2012-02-06 21:15:10 +00:00
diff -up openssh-5.9p1/servconf.h.vendor openssh-5.9p1/servconf.h
--- openssh-5.9p1/servconf.h.vendor 2012-02-06 17:35:37.434095467 +0100
+++ openssh-5.9p1/servconf.h 2012-02-06 17:35:37.512225786 +0100
@@ -140,6 +140,7 @@ typedef struct {
2011-09-07 13:12:54 +00:00
int max_authtries;
int max_sessions;
char *banner; /* SSH-2 banner message */
+ int show_patchlevel; /* Show vendor patch level to clients */
int use_dns;
int client_alive_interval; /*
* poke the client this often to
2012-02-06 21:15:10 +00:00
diff -up openssh-5.9p1/sshd_config.vendor openssh-5.9p1/sshd_config
--- openssh-5.9p1/sshd_config.vendor 2012-02-06 17:35:37.499226201 +0100
+++ openssh-5.9p1/sshd_config 2012-02-06 17:35:37.515220444 +0100
@@ -112,6 +112,7 @@ X11Forwarding yes
#Compression delayed
#ClientAliveInterval 0
#ClientAliveCountMax 3
+#ShowPatchLevel no
#UseDNS yes
#PidFile /var/run/sshd.pid
#MaxStartups 10
diff -up openssh-5.9p1/sshd_config.0.vendor openssh-5.9p1/sshd_config.0
--- openssh-5.9p1/sshd_config.0.vendor 2012-02-06 17:35:37.500225787 +0100
+++ openssh-5.9p1/sshd_config.0 2012-02-06 17:35:37.513225808 +0100
2011-09-07 13:12:54 +00:00
@@ -556,6 +556,11 @@ DESCRIPTION
Defines the number of bits in the ephemeral protocol version 1
server key. The minimum value is 512, and the default is 1024.
+ ShowPatchLevel
+ Specifies whether sshd will display the specific patch level of
+ the binary in the server identification string. The patch level
+ is set at compile-time. The default is M-bM-^@M-^\noM-bM-^@M-^].
+
StrictModes
Specifies whether sshd(8) should check file modes and ownership
of the user's files and home directory before accepting login.
2012-02-06 21:15:10 +00:00
diff -up openssh-5.9p1/sshd_config.5.vendor openssh-5.9p1/sshd_config.5
--- openssh-5.9p1/sshd_config.5.vendor 2012-02-06 17:35:37.500225787 +0100
+++ openssh-5.9p1/sshd_config.5 2012-02-06 17:35:37.514220449 +0100
@@ -982,6 +982,14 @@ This option applies to protocol version
2011-09-07 13:12:54 +00:00
.It Cm ServerKeyBits
Defines the number of bits in the ephemeral protocol version 1 server key.
The minimum value is 512, and the default is 1024.
+.It Cm ShowPatchLevel
+Specifies whether
+.Nm sshd
+will display the patch level of the binary in the identification string.
+The patch level is set at compile-time.
+The default is
+.Dq no .
+This option applies to protocol version 1 only.
.It Cm StrictModes
Specifies whether
.Xr sshd 8
2012-02-06 21:15:10 +00:00
diff -up openssh-5.9p1/sshd.c.vendor openssh-5.9p1/sshd.c
--- openssh-5.9p1/sshd.c.vendor 2012-02-06 17:35:37.485230832 +0100
+++ openssh-5.9p1/sshd.c 2012-02-06 17:35:37.513225808 +0100
@@ -431,7 +431,7 @@ sshd_exchange_identification(int sock_in
minor = PROTOCOL_MINOR_1;
}
snprintf(buf, sizeof buf, "SSH-%d.%d-%.100s%s", major, minor,
- SSH_VERSION, newline);
+ (options.show_patchlevel == 1) ? SSH_VENDOR_PATCHLEVEL : SSH_VERSION, newline);
server_version_string = xstrdup(buf);
/* Send our protocol version identification. */
@@ -1634,7 +1634,8 @@ main(int ac, char **av)
exit(1);
}
- debug("sshd version %.100s", SSH_RELEASE);
+ debug("sshd version %.100s",
+ (options.show_patchlevel == 1) ? SSH_VENDOR_PATCHLEVEL : SSH_RELEASE);
/* Store privilege separation user for later use if required. */
if ((privsep_pw = getpwnam(SSH_PRIVSEP_USER)) == NULL) {
