kentpeacock / rpms / openssh

Forked from rpms/openssh 2 years ago
Clone
1d31ef
diff -up openssh-7.4p1/configure.ac.vendor openssh-7.4p1/configure.ac
1d31ef
--- openssh-7.4p1/configure.ac.vendor	2017-02-10 10:45:54.977836854 +0100
1d31ef
+++ openssh-7.4p1/configure.ac	2017-02-10 10:45:54.995836725 +0100
1d31ef
@@ -4930,6 +4930,12 @@ AC_ARG_WITH([lastlog],
f09e2e
 		fi
f09e2e
 	]
f09e2e
 )
f09e2e
+AC_ARG_ENABLE(vendor-patchlevel,
f09e2e
+  [  --enable-vendor-patchlevel=TAG  specify a vendor patch level],
f09e2e
+  [AC_DEFINE_UNQUOTED(SSH_VENDOR_PATCHLEVEL,[SSH_RELEASE "-" "$enableval"],[Define to your vendor patch level, if it has been modified from the upstream source release.])
f09e2e
+   SSH_VENDOR_PATCHLEVEL="$enableval"],
f09e2e
+  [AC_DEFINE(SSH_VENDOR_PATCHLEVEL,SSH_RELEASE,[Define to your vendor patch level, if it has been modified from the upstream source release.])
f09e2e
+   SSH_VENDOR_PATCHLEVEL=none])
f09e2e
 
f09e2e
 dnl lastlog, [uw]tmpx? detection
f09e2e
 dnl  NOTE: set the paths in the platform section to avoid the
1d31ef
@@ -5194,6 +5200,7 @@ echo "           Translate v4 in v6 hack
f09e2e
 echo "                  BSD Auth support: $BSD_AUTH_MSG"
f09e2e
 echo "              Random number source: $RAND_MSG"
f09e2e
 echo "             Privsep sandbox style: $SANDBOX_STYLE"
f09e2e
+echo "                Vendor patch level: $SSH_VENDOR_PATCHLEVEL"
f09e2e
 
f09e2e
 echo ""
f09e2e
 
1d31ef
diff -up openssh-7.4p1/servconf.c.vendor openssh-7.4p1/servconf.c
1d31ef
--- openssh-7.4p1/servconf.c.vendor	2016-12-19 05:59:41.000000000 +0100
1d31ef
+++ openssh-7.4p1/servconf.c	2017-02-10 10:45:54.995836725 +0100
1d31ef
@@ -143,6 +143,7 @@ initialize_server_options(ServerOptions
f09e2e
 	options->max_authtries = -1;
f09e2e
 	options->max_sessions = -1;
f09e2e
 	options->banner = NULL;
f09e2e
+	options->show_patchlevel = -1;
f09e2e
 	options->use_dns = -1;
f09e2e
 	options->client_alive_interval = -1;
f09e2e
 	options->client_alive_count_max = -1;
1d31ef
@@ -325,6 +326,8 @@ fill_default_server_options(ServerOption
f09e2e
 		options->ip_qos_bulk = IPTOS_THROUGHPUT;
f09e2e
 	if (options->version_addendum == NULL)
f09e2e
 		options->version_addendum = xstrdup("");
f09e2e
+	if (options->show_patchlevel == -1)
f09e2e
+		options->show_patchlevel = 0;
1d31ef
 	if (options->fwd_opts.streamlocal_bind_mask == (mode_t)-1)
1d31ef
 		options->fwd_opts.streamlocal_bind_mask = 0177;
1d31ef
 	if (options->fwd_opts.streamlocal_bind_unlink == -1)
1d31ef
@@ -402,7 +405,7 @@ typedef enum {
1d31ef
 	sIgnoreUserKnownHosts, sCiphers, sMacs, sPidFile,
1d31ef
 	sGatewayPorts, sPubkeyAuthentication, sPubkeyAcceptedKeyTypes,
1d31ef
 	sXAuthLocation, sSubsystem, sMaxStartups, sMaxAuthTries, sMaxSessions,
f09e2e
-	sBanner, sUseDNS, sHostbasedAuthentication,
f09e2e
+	sBanner, sShowPatchLevel, sUseDNS, sHostbasedAuthentication,
1d31ef
 	sHostbasedUsesNameFromPacketOnly, sHostbasedAcceptedKeyTypes,
1d31ef
 	sHostKeyAlgorithms,
1d31ef
 	sClientAliveInterval, sClientAliveCountMax, sAuthorizedKeysFile,
1d31ef
@@ -528,6 +531,7 @@ static struct {
f09e2e
 	{ "maxauthtries", sMaxAuthTries, SSHCFG_ALL },
f09e2e
 	{ "maxsessions", sMaxSessions, SSHCFG_ALL },
f09e2e
 	{ "banner", sBanner, SSHCFG_ALL },
f09e2e
+	{ "showpatchlevel", sShowPatchLevel, SSHCFG_GLOBAL },
f09e2e
 	{ "usedns", sUseDNS, SSHCFG_GLOBAL },
f09e2e
 	{ "verifyreversemapping", sDeprecated, SSHCFG_GLOBAL },
f09e2e
 	{ "reversemappingcheck", sDeprecated, SSHCFG_GLOBAL },
1d31ef
@@ -1369,6 +1373,10 @@ process_server_config_line(ServerOptions
f09e2e
 		multistate_ptr = multistate_privsep;
f09e2e
 		goto parse_multistate;
f09e2e
 
f09e2e
+	case sShowPatchLevel:
f09e2e
+		intptr = &options->show_patchlevel;
f09e2e
+		goto parse_flag;
f09e2e
+
f09e2e
 	case sAllowUsers:
f09e2e
 		while ((arg = strdelim(&cp)) && *arg != '\0') {
f09e2e
 			if (options->num_allow_users >= MAX_ALLOW_USERS)
1d31ef
@@ -2269,6 +2277,7 @@ dump_config(ServerOptions *o)
1d31ef
 	dump_cfg_fmtint(sPermitUserEnvironment, o->permit_user_env);
f09e2e
 	dump_cfg_fmtint(sCompression, o->compression);
1d31ef
 	dump_cfg_fmtint(sGatewayPorts, o->fwd_opts.gateway_ports);
f09e2e
+	dump_cfg_fmtint(sShowPatchLevel, o->show_patchlevel);
f09e2e
 	dump_cfg_fmtint(sUseDNS, o->use_dns);
f09e2e
 	dump_cfg_fmtint(sAllowTcpForwarding, o->allow_tcp_forwarding);
1d31ef
 	dump_cfg_fmtint(sAllowAgentForwarding, o->allow_agent_forwarding);
1d31ef
diff -up openssh-7.4p1/servconf.h.vendor openssh-7.4p1/servconf.h
1d31ef
--- openssh-7.4p1/servconf.h.vendor	2016-12-19 05:59:41.000000000 +0100
1d31ef
+++ openssh-7.4p1/servconf.h	2017-02-10 10:45:54.995836725 +0100
1d31ef
@@ -149,6 +149,7 @@ typedef struct {
f09e2e
 	int	max_authtries;
f09e2e
 	int	max_sessions;
f09e2e
 	char   *banner;			/* SSH-2 banner message */
f09e2e
+	int	show_patchlevel;	/* Show vendor patch level to clients */
f09e2e
 	int	use_dns;
f09e2e
 	int	client_alive_interval;	/*
f09e2e
 					 * poke the client this often to
1d31ef
diff -up openssh-7.4p1/sshd_config.5.vendor openssh-7.4p1/sshd_config.5
1d31ef
--- openssh-7.4p1/sshd_config.5.vendor	2017-02-10 10:45:54.990836761 +0100
1d31ef
+++ openssh-7.4p1/sshd_config.5	2017-02-10 10:45:54.996836718 +0100
1d31ef
@@ -1334,6 +1334,14 @@ an OpenSSH Key Revocation List (KRL) as
1d31ef
 .Xr ssh-keygen 1 .
1d31ef
 For more information on KRLs, see the KEY REVOCATION LISTS section in
1d31ef
 .Xr ssh-keygen 1 .
f09e2e
+.It Cm ShowPatchLevel 
f09e2e
+Specifies whether 
f09e2e
+.Nm sshd 
f09e2e
+will display the patch level of the binary in the identification string. 
f09e2e
+The patch level is set at compile-time. 
f09e2e
+The default is 
f09e2e
+.Dq no . 
f09e2e
+This option applies to protocol version 1 only. 
1d31ef
 .It Cm StreamLocalBindMask
1d31ef
 Sets the octal file creation mode mask
1d31ef
 .Pq umask
1d31ef
diff -up openssh-7.4p1/sshd_config.vendor openssh-7.4p1/sshd_config
1d31ef
--- openssh-7.4p1/sshd_config.vendor	2017-02-10 10:45:54.990836761 +0100
1d31ef
+++ openssh-7.4p1/sshd_config	2017-02-10 10:45:54.996836718 +0100
1d31ef
@@ -105,6 +105,7 @@ X11Forwarding yes
1d31ef
 #Compression delayed
1d31ef
 #ClientAliveInterval 0
1d31ef
 #ClientAliveCountMax 3
1d31ef
+#ShowPatchLevel no
1d31ef
 #UseDNS no
1d31ef
 #PidFile /var/run/sshd.pid
1d31ef
 #MaxStartups 10:30:100
1d31ef
diff -up openssh-7.4p1/sshd.c.vendor openssh-7.4p1/sshd.c
1d31ef
--- openssh-7.4p1/sshd.c.vendor	2017-02-10 10:45:54.996836718 +0100
1d31ef
+++ openssh-7.4p1/sshd.c	2017-02-10 10:48:41.633648667 +0100
1d31ef
@@ -367,7 +367,8 @@ sshd_exchange_identification(struct ssh
1d31ef
 	char remote_version[256];	/* Must be at least as big as buf. */
f09e2e
 
f09e2e
 	xasprintf(&server_version_string, "SSH-%d.%d-%.100s%s%s%s",
1d31ef
-	    PROTOCOL_MAJOR_2, PROTOCOL_MINOR_2, SSH_VERSION,
1d31ef
+	    PROTOCOL_MAJOR_2, PROTOCOL_MINOR_2,
1d31ef
+	    (options.show_patchlevel == 1) ? SSH_VENDOR_PATCHLEVEL : SSH_VERSION,
f09e2e
 	    *options.version_addendum == '\0' ? "" : " ",
f09e2e
 	    options.version_addendum, newline);
f09e2e
 
1d31ef
@@ -1654,7 +1655,8 @@ main(int ac, char **av)
f09e2e
 		exit(1);
f09e2e
 	}
f09e2e
 
f09e2e
-	debug("sshd version %s, %s", SSH_VERSION,
f09e2e
+	debug("sshd version %s, %s",
f09e2e
+	    (options.show_patchlevel == 1) ? SSH_VENDOR_PATCHLEVEL : SSH_VERSION,
1d31ef
 #ifdef WITH_OPENSSL
1d31ef
 	    SSLeay_version(SSLEAY_VERSION)
1d31ef
 #else