2017-01-02 14:42:13 +00:00
diff -up openssh-7.4p1/configure.ac.vendor openssh-7.4p1/configure.ac
--- openssh-7.4p1/configure.ac.vendor 2016-12-23 13:34:51.681253844 +0100
+++ openssh-7.4p1/configure.ac 2016-12-23 13:34:51.694253847 +0100
@@ -4930,6 +4930,12 @@ AC_ARG_WITH([lastlog],
2013-10-08 15:04:51 +00:00
fi
]
2011-09-07 13:12:54 +00:00
)
+AC_ARG_ENABLE(vendor-patchlevel,
+ [ --enable-vendor-patchlevel=TAG specify a vendor patch level],
+ [AC_DEFINE_UNQUOTED(SSH_VENDOR_PATCHLEVEL,[SSH_RELEASE "-" "$enableval"],[Define to your vendor patch level, if it has been modified from the upstream source release.])
+ SSH_VENDOR_PATCHLEVEL="$enableval"],
+ [AC_DEFINE(SSH_VENDOR_PATCHLEVEL,SSH_RELEASE,[Define to your vendor patch level, if it has been modified from the upstream source release.])
+ SSH_VENDOR_PATCHLEVEL=none])
2013-10-08 15:04:51 +00:00
2011-09-07 13:12:54 +00:00
dnl lastlog, [uw]tmpx? detection
dnl NOTE: set the paths in the platform section to avoid the
2017-01-02 14:42:13 +00:00
@@ -5194,6 +5200,7 @@ echo " Translate v4 in v6 hack
2011-09-07 13:12:54 +00:00
echo " BSD Auth support: $BSD_AUTH_MSG"
echo " Random number source: $RAND_MSG"
echo " Privsep sandbox style: $SANDBOX_STYLE"
+echo " Vendor patch level: $SSH_VENDOR_PATCHLEVEL"
echo ""
2017-01-02 14:42:13 +00:00
diff -up openssh-7.4p1/servconf.c.vendor openssh-7.4p1/servconf.c
--- openssh-7.4p1/servconf.c.vendor 2016-12-19 05:59:41.000000000 +0100
+++ openssh-7.4p1/servconf.c 2016-12-23 13:36:07.555268628 +0100
@@ -143,6 +143,7 @@ initialize_server_options(ServerOptions
2011-09-07 13:12:54 +00:00
options->max_authtries = -1;
options->max_sessions = -1;
options->banner = NULL;
+ options->show_patchlevel = -1;
options->use_dns = -1;
options->client_alive_interval = -1;
options->client_alive_count_max = -1;
2017-01-02 14:42:13 +00:00
@@ -325,6 +326,8 @@ fill_default_server_options(ServerOption
2011-09-07 13:12:54 +00:00
options->ip_qos_bulk = IPTOS_THROUGHPUT;
2012-09-14 20:18:22 +00:00
if (options->version_addendum == NULL)
options->version_addendum = xstrdup("");
2011-09-07 13:12:54 +00:00
+ if (options->show_patchlevel == -1)
2012-09-14 20:18:22 +00:00
+ options->show_patchlevel = 0;
2015-01-20 12:18:45 +00:00
if (options->fwd_opts.streamlocal_bind_mask == (mode_t)-1)
options->fwd_opts.streamlocal_bind_mask = 0177;
if (options->fwd_opts.streamlocal_bind_unlink == -1)
2017-01-02 14:42:13 +00:00
@@ -402,7 +405,7 @@ typedef enum {
sIgnoreUserKnownHosts, sCiphers, sMacs, sPidFile,
2015-03-20 13:56:04 +00:00
sGatewayPorts, sPubkeyAuthentication, sPubkeyAcceptedKeyTypes,
sXAuthLocation, sSubsystem, sMaxStartups, sMaxAuthTries, sMaxSessions,
2011-09-07 13:12:54 +00:00
- sBanner, sUseDNS, sHostbasedAuthentication,
+ sBanner, sShowPatchLevel, sUseDNS, sHostbasedAuthentication,
2015-03-20 13:56:04 +00:00
sHostbasedUsesNameFromPacketOnly, sHostbasedAcceptedKeyTypes,
2015-08-13 15:43:12 +00:00
sHostKeyAlgorithms,
2015-03-20 13:56:04 +00:00
sClientAliveInterval, sClientAliveCountMax, sAuthorizedKeysFile,
2017-01-02 14:42:13 +00:00
@@ -528,6 +531,7 @@ static struct {
2011-09-07 13:12:54 +00:00
{ "maxauthtries", sMaxAuthTries, SSHCFG_ALL },
{ "maxsessions", sMaxSessions, SSHCFG_ALL },
{ "banner", sBanner, SSHCFG_ALL },
+ { "showpatchlevel", sShowPatchLevel, SSHCFG_GLOBAL },
{ "usedns", sUseDNS, SSHCFG_GLOBAL },
{ "verifyreversemapping", sDeprecated, SSHCFG_GLOBAL },
{ "reversemappingcheck", sDeprecated, SSHCFG_GLOBAL },
2017-01-02 14:42:13 +00:00
@@ -1369,6 +1373,10 @@ process_server_config_line(ServerOptions
2017-03-20 14:55:43 +00:00
intptr = &options->disable_forwarding;
goto parse_flag;
2011-09-07 13:12:54 +00:00
+ case sShowPatchLevel:
+ intptr = &options->show_patchlevel;
+ goto parse_flag;
+
case sAllowUsers:
while ((arg = strdelim(&cp)) && *arg != '\0') {
if (options->num_allow_users >= MAX_ALLOW_USERS)
2017-01-02 14:42:13 +00:00
@@ -2269,6 +2277,7 @@ dump_config(ServerOptions *o)
dump_cfg_fmtint(sPermitUserEnvironment, o->permit_user_env);
2011-09-07 13:12:54 +00:00
dump_cfg_fmtint(sCompression, o->compression);
2015-01-20 12:18:45 +00:00
dump_cfg_fmtint(sGatewayPorts, o->fwd_opts.gateway_ports);
2011-09-07 13:12:54 +00:00
+ dump_cfg_fmtint(sShowPatchLevel, o->show_patchlevel);
dump_cfg_fmtint(sUseDNS, o->use_dns);
dump_cfg_fmtint(sAllowTcpForwarding, o->allow_tcp_forwarding);
2015-06-24 12:11:59 +00:00
dump_cfg_fmtint(sAllowAgentForwarding, o->allow_agent_forwarding);
2017-01-02 14:42:13 +00:00
diff -up openssh-7.4p1/servconf.h.vendor openssh-7.4p1/servconf.h
--- openssh-7.4p1/servconf.h.vendor 2016-12-19 05:59:41.000000000 +0100
+++ openssh-7.4p1/servconf.h 2016-12-23 13:34:51.694253847 +0100
@@ -149,6 +149,7 @@ typedef struct {
2011-09-07 13:12:54 +00:00
int max_authtries;
int max_sessions;
char *banner; /* SSH-2 banner message */
+ int show_patchlevel; /* Show vendor patch level to clients */
int use_dns;
int client_alive_interval; /*
* poke the client this often to
2017-01-02 14:42:13 +00:00
diff -up openssh-7.4p1/sshd_config.0.vendor openssh-7.4p1/sshd_config.0
--- openssh-7.4p1/sshd_config.0.vendor 2016-12-23 13:34:51.695253847 +0100
+++ openssh-7.4p1/sshd_config.0 2016-12-23 13:36:53.146277511 +0100
@@ -792,6 +792,11 @@ DESCRIPTION
ssh-keygen(1). For more information on KRLs, see the KEY
REVOCATION LISTS section in ssh-keygen(1).
2011-09-07 13:12:54 +00:00
+ ShowPatchLevel
+ Specifies whether sshd will display the specific patch level of
+ the binary in the server identification string. The patch level
+ is set at compile-time. The default is M-bM-^@M-^\noM-bM-^@M-^].
+
2015-01-20 12:18:45 +00:00
StreamLocalBindMask
Sets the octal file creation mode mask (umask) used when creating
a Unix-domain socket file for local or remote port forwarding.
2017-01-02 14:42:13 +00:00
diff -up openssh-7.4p1/sshd_config.5.vendor openssh-7.4p1/sshd_config.5
--- openssh-7.4p1/sshd_config.5.vendor 2016-12-23 13:34:51.695253847 +0100
+++ openssh-7.4p1/sshd_config.5 2016-12-23 13:37:17.482282253 +0100
@@ -1334,6 +1334,13 @@ an OpenSSH Key Revocation List (KRL) as
.Xr ssh-keygen 1 .
For more information on KRLs, see the KEY REVOCATION LISTS section in
.Xr ssh-keygen 1 .
2011-09-07 13:12:54 +00:00
+.It Cm ShowPatchLevel
+Specifies whether
+.Nm sshd
+will display the patch level of the binary in the identification string.
+The patch level is set at compile-time.
+The default is
+.Dq no .
2015-01-20 12:18:45 +00:00
.It Cm StreamLocalBindMask
Sets the octal file creation mode mask
.Pq umask
2017-01-02 14:42:13 +00:00
diff -up openssh-7.4p1/sshd_config.vendor openssh-7.4p1/sshd_config
--- openssh-7.4p1/sshd_config.vendor 2016-12-23 13:34:51.690253846 +0100
+++ openssh-7.4p1/sshd_config 2016-12-23 13:34:51.695253847 +0100
@@ -105,6 +105,7 @@ X11Forwarding yes
2015-08-13 15:43:12 +00:00
#Compression delayed
#ClientAliveInterval 0
#ClientAliveCountMax 3
+#ShowPatchLevel no
#UseDNS no
#PidFile /var/run/sshd.pid
#MaxStartups 10:30:100
2017-01-02 14:42:13 +00:00
diff -up openssh-7.4p1/sshd.c.vendor openssh-7.4p1/sshd.c
--- openssh-7.4p1/sshd.c.vendor 2016-12-23 13:34:51.682253844 +0100
+++ openssh-7.4p1/sshd.c 2016-12-23 13:38:32.434296856 +0100
@@ -367,7 +367,8 @@ sshd_exchange_identification(struct ssh
char remote_version[256]; /* Must be at least as big as buf. */
2015-08-13 15:43:12 +00:00
2017-03-20 14:55:43 +00:00
xasprintf(&server_version_string, "SSH-%d.%d-%.100s%s%s\r\n",
2017-01-02 14:42:13 +00:00
- PROTOCOL_MAJOR_2, PROTOCOL_MINOR_2, SSH_VERSION,
+ PROTOCOL_MAJOR_2, PROTOCOL_MINOR_2,
+ (options.show_patchlevel == 1) ? SSH_VENDOR_PATCHLEVEL : SSH_VERSION,
2015-08-13 15:43:12 +00:00
*options.version_addendum == '\0' ? "" : " ",
2017-03-20 14:55:43 +00:00
options.version_addendum);
2015-08-13 15:43:12 +00:00
2017-01-02 14:42:13 +00:00
@@ -1650,7 +1651,8 @@ main(int ac, char **av)
2015-08-13 15:43:12 +00:00
exit(1);
}
- debug("sshd version %s, %s", SSH_VERSION,
+ debug("sshd version %s, %s",
+ (options.show_patchlevel == 1) ? SSH_VENDOR_PATCHLEVEL : SSH_VERSION,
#ifdef WITH_OPENSSL
SSLeay_version(SSLEAY_VERSION)
#else