|
|
f09e2e |
diff -up openssh-6.2p1/configure.ac.vendor openssh-6.2p1/configure.ac
|
|
|
f09e2e |
--- openssh-6.2p1/configure.ac.vendor 2013-03-25 19:34:01.277495179 +0100
|
|
|
f09e2e |
+++ openssh-6.2p1/configure.ac 2013-03-25 19:34:01.377495818 +0100
|
|
|
f09e2e |
@@ -4420,6 +4420,12 @@ AC_ARG_WITH([lastlog],
|
|
|
f09e2e |
fi
|
|
|
f09e2e |
]
|
|
|
f09e2e |
)
|
|
|
f09e2e |
+AC_ARG_ENABLE(vendor-patchlevel,
|
|
|
f09e2e |
+ [ --enable-vendor-patchlevel=TAG specify a vendor patch level],
|
|
|
f09e2e |
+ [AC_DEFINE_UNQUOTED(SSH_VENDOR_PATCHLEVEL,[SSH_RELEASE "-" "$enableval"],[Define to your vendor patch level, if it has been modified from the upstream source release.])
|
|
|
f09e2e |
+ SSH_VENDOR_PATCHLEVEL="$enableval"],
|
|
|
f09e2e |
+ [AC_DEFINE(SSH_VENDOR_PATCHLEVEL,SSH_RELEASE,[Define to your vendor patch level, if it has been modified from the upstream source release.])
|
|
|
f09e2e |
+ SSH_VENDOR_PATCHLEVEL=none])
|
|
|
f09e2e |
|
|
|
f09e2e |
dnl lastlog, [uw]tmpx? detection
|
|
|
f09e2e |
dnl NOTE: set the paths in the platform section to avoid the
|
|
|
f09e2e |
@@ -4681,6 +4687,7 @@ echo " Translate v4 in v6 hack
|
|
|
f09e2e |
echo " BSD Auth support: $BSD_AUTH_MSG"
|
|
|
f09e2e |
echo " Random number source: $RAND_MSG"
|
|
|
f09e2e |
echo " Privsep sandbox style: $SANDBOX_STYLE"
|
|
|
f09e2e |
+echo " Vendor patch level: $SSH_VENDOR_PATCHLEVEL"
|
|
|
f09e2e |
|
|
|
f09e2e |
echo ""
|
|
|
f09e2e |
|
|
|
f09e2e |
diff -up openssh-6.2p1/servconf.c.vendor openssh-6.2p1/servconf.c
|
|
|
f09e2e |
--- openssh-6.2p1/servconf.c.vendor 2013-03-25 19:34:01.197494668 +0100
|
|
|
f09e2e |
+++ openssh-6.2p1/servconf.c 2013-03-25 19:34:01.379495831 +0100
|
|
|
f09e2e |
@@ -128,6 +128,7 @@ initialize_server_options(ServerOptions
|
|
|
f09e2e |
options->max_authtries = -1;
|
|
|
f09e2e |
options->max_sessions = -1;
|
|
|
f09e2e |
options->banner = NULL;
|
|
|
f09e2e |
+ options->show_patchlevel = -1;
|
|
|
f09e2e |
options->use_dns = -1;
|
|
|
f09e2e |
options->client_alive_interval = -1;
|
|
|
f09e2e |
options->client_alive_count_max = -1;
|
|
|
f09e2e |
@@ -287,6 +288,9 @@ fill_default_server_options(ServerOption
|
|
|
f09e2e |
options->ip_qos_bulk = IPTOS_THROUGHPUT;
|
|
|
f09e2e |
if (options->version_addendum == NULL)
|
|
|
f09e2e |
options->version_addendum = xstrdup("");
|
|
|
f09e2e |
+ if (options->show_patchlevel == -1)
|
|
|
f09e2e |
+ options->show_patchlevel = 0;
|
|
|
f09e2e |
+
|
|
|
f09e2e |
/* Turn privilege separation on by default */
|
|
|
f09e2e |
if (use_privsep == -1)
|
|
|
f09e2e |
use_privsep = PRIVSEP_NOSANDBOX;
|
|
|
f09e2e |
@@ -324,7 +328,7 @@ typedef enum {
|
|
|
f09e2e |
sIgnoreUserKnownHosts, sCiphers, sMacs, sProtocol, sPidFile,
|
|
|
f09e2e |
sGatewayPorts, sPubkeyAuthentication, sXAuthLocation, sSubsystem,
|
|
|
f09e2e |
sMaxStartups, sMaxAuthTries, sMaxSessions,
|
|
|
f09e2e |
- sBanner, sUseDNS, sHostbasedAuthentication,
|
|
|
f09e2e |
+ sBanner, sShowPatchLevel, sUseDNS, sHostbasedAuthentication,
|
|
|
f09e2e |
sHostbasedUsesNameFromPacketOnly, sClientAliveInterval,
|
|
|
f09e2e |
sClientAliveCountMax, sAuthorizedKeysFile,
|
|
|
f09e2e |
sGssAuthentication, sGssCleanupCreds, sAcceptEnv, sPermitTunnel,
|
|
|
f09e2e |
@@ -439,6 +443,7 @@ static struct {
|
|
|
f09e2e |
{ "maxauthtries", sMaxAuthTries, SSHCFG_ALL },
|
|
|
f09e2e |
{ "maxsessions", sMaxSessions, SSHCFG_ALL },
|
|
|
f09e2e |
{ "banner", sBanner, SSHCFG_ALL },
|
|
|
f09e2e |
+ { "showpatchlevel", sShowPatchLevel, SSHCFG_GLOBAL },
|
|
|
f09e2e |
{ "usedns", sUseDNS, SSHCFG_GLOBAL },
|
|
|
f09e2e |
{ "verifyreversemapping", sDeprecated, SSHCFG_GLOBAL },
|
|
|
f09e2e |
{ "reversemappingcheck", sDeprecated, SSHCFG_GLOBAL },
|
|
|
f09e2e |
@@ -1163,6 +1168,10 @@ process_server_config_line(ServerOptions
|
|
|
f09e2e |
multistate_ptr = multistate_privsep;
|
|
|
f09e2e |
goto parse_multistate;
|
|
|
f09e2e |
|
|
|
f09e2e |
+ case sShowPatchLevel:
|
|
|
f09e2e |
+ intptr = &options->show_patchlevel;
|
|
|
f09e2e |
+ goto parse_flag;
|
|
|
f09e2e |
+
|
|
|
f09e2e |
case sAllowUsers:
|
|
|
f09e2e |
while ((arg = strdelim(&cp)) && *arg != '\0') {
|
|
|
f09e2e |
if (options->num_allow_users >= MAX_ALLOW_USERS)
|
|
|
f09e2e |
@@ -1950,6 +1959,7 @@ dump_config(ServerOptions *o)
|
|
|
f09e2e |
dump_cfg_fmtint(sUseLogin, o->use_login);
|
|
|
f09e2e |
dump_cfg_fmtint(sCompression, o->compression);
|
|
|
f09e2e |
dump_cfg_fmtint(sGatewayPorts, o->gateway_ports);
|
|
|
f09e2e |
+ dump_cfg_fmtint(sShowPatchLevel, o->show_patchlevel);
|
|
|
f09e2e |
dump_cfg_fmtint(sUseDNS, o->use_dns);
|
|
|
f09e2e |
dump_cfg_fmtint(sAllowTcpForwarding, o->allow_tcp_forwarding);
|
|
|
f09e2e |
dump_cfg_fmtint(sUsePrivilegeSeparation, use_privsep);
|
|
|
f09e2e |
diff -up openssh-6.2p1/servconf.h.vendor openssh-6.2p1/servconf.h
|
|
|
f09e2e |
--- openssh-6.2p1/servconf.h.vendor 2013-01-09 05:56:45.000000000 +0100
|
|
|
f09e2e |
+++ openssh-6.2p1/servconf.h 2013-03-25 19:34:01.379495831 +0100
|
|
|
f09e2e |
@@ -147,6 +147,7 @@ typedef struct {
|
|
|
f09e2e |
int max_authtries;
|
|
|
f09e2e |
int max_sessions;
|
|
|
f09e2e |
char *banner; /* SSH-2 banner message */
|
|
|
f09e2e |
+ int show_patchlevel; /* Show vendor patch level to clients */
|
|
|
f09e2e |
int use_dns;
|
|
|
f09e2e |
int client_alive_interval; /*
|
|
|
f09e2e |
* poke the client this often to
|
|
|
f09e2e |
diff -up openssh-6.2p1/sshd_config.vendor openssh-6.2p1/sshd_config
|
|
|
f09e2e |
--- openssh-6.2p1/sshd_config.vendor 2013-03-25 19:34:01.380495837 +0100
|
|
|
f09e2e |
+++ openssh-6.2p1/sshd_config 2013-03-25 19:44:43.471296362 +0100
|
|
|
f09e2e |
@@ -118,6 +118,7 @@ UsePrivilegeSeparation sandbox # Defaul
|
|
|
f09e2e |
#Compression delayed
|
|
|
f09e2e |
#ClientAliveInterval 0
|
|
|
f09e2e |
#ClientAliveCountMax 3
|
|
|
f09e2e |
+#ShowPatchLevel no
|
|
|
f09e2e |
#UseDNS yes
|
|
|
f09e2e |
#PidFile /var/run/sshd.pid
|
|
|
f09e2e |
#MaxStartups 10:30:100
|
|
|
f09e2e |
diff -up openssh-6.2p1/sshd_config.0.vendor openssh-6.2p1/sshd_config.0
|
|
|
f09e2e |
--- openssh-6.2p1/sshd_config.0.vendor 2013-03-25 19:34:01.361495716 +0100
|
|
|
f09e2e |
+++ openssh-6.2p1/sshd_config.0 2013-03-25 19:34:01.381495844 +0100
|
|
|
f09e2e |
@@ -595,6 +595,11 @@ DESCRIPTION
|
|
|
f09e2e |
Defines the number of bits in the ephemeral protocol version 1
|
|
|
f09e2e |
server key. The minimum value is 512, and the default is 1024.
|
|
|
f09e2e |
|
|
|
f09e2e |
+ ShowPatchLevel
|
|
|
f09e2e |
+ Specifies whether sshd will display the specific patch level of
|
|
|
f09e2e |
+ the binary in the server identification string. The patch level
|
|
|
f09e2e |
+ is set at compile-time. The default is M-bM-^@M-^\noM-bM-^@M-^].
|
|
|
f09e2e |
+
|
|
|
f09e2e |
StrictModes
|
|
|
f09e2e |
Specifies whether sshd(8) should check file modes and ownership
|
|
|
f09e2e |
of the user's files and home directory before accepting login.
|
|
|
f09e2e |
diff -up openssh-6.2p1/sshd_config.5.vendor openssh-6.2p1/sshd_config.5
|
|
|
f09e2e |
--- openssh-6.2p1/sshd_config.5.vendor 2013-03-25 19:34:01.362495722 +0100
|
|
|
f09e2e |
+++ openssh-6.2p1/sshd_config.5 2013-03-25 19:34:01.382495850 +0100
|
|
|
f09e2e |
@@ -1019,6 +1019,14 @@ This option applies to protocol version
|
|
|
f09e2e |
.It Cm ServerKeyBits
|
|
|
f09e2e |
Defines the number of bits in the ephemeral protocol version 1 server key.
|
|
|
f09e2e |
The minimum value is 512, and the default is 1024.
|
|
|
f09e2e |
+.It Cm ShowPatchLevel
|
|
|
f09e2e |
+Specifies whether
|
|
|
f09e2e |
+.Nm sshd
|
|
|
f09e2e |
+will display the patch level of the binary in the identification string.
|
|
|
f09e2e |
+The patch level is set at compile-time.
|
|
|
f09e2e |
+The default is
|
|
|
f09e2e |
+.Dq no .
|
|
|
f09e2e |
+This option applies to protocol version 1 only.
|
|
|
f09e2e |
.It Cm StrictModes
|
|
|
f09e2e |
Specifies whether
|
|
|
f09e2e |
.Xr sshd 8
|
|
|
f09e2e |
diff -up openssh-6.2p1/sshd.c.vendor openssh-6.2p1/sshd.c
|
|
|
f09e2e |
--- openssh-6.2p1/sshd.c.vendor 2013-03-25 19:34:01.332495531 +0100
|
|
|
f09e2e |
+++ openssh-6.2p1/sshd.c 2013-03-25 19:44:11.864112092 +0100
|
|
|
f09e2e |
@@ -442,7 +442,7 @@ sshd_exchange_identification(int sock_in
|
|
|
f09e2e |
}
|
|
|
f09e2e |
|
|
|
f09e2e |
xasprintf(&server_version_string, "SSH-%d.%d-%.100s%s%s%s",
|
|
|
f09e2e |
- major, minor, SSH_VERSION,
|
|
|
f09e2e |
+ major, minor, (options.show_patchlevel == 1) ? SSH_VENDOR_PATCHLEVEL : SSH_VERSION,
|
|
|
f09e2e |
*options.version_addendum == '\0' ? "" : " ",
|
|
|
f09e2e |
options.version_addendum, newline);
|
|
|
f09e2e |
|
|
|
f09e2e |
@@ -1675,7 +1675,8 @@ main(int ac, char **av)
|
|
|
f09e2e |
exit(1);
|
|
|
f09e2e |
}
|
|
|
f09e2e |
|
|
|
f09e2e |
- debug("sshd version %s, %s", SSH_VERSION,
|
|
|
f09e2e |
+ debug("sshd version %s, %s",
|
|
|
f09e2e |
+ (options.show_patchlevel == 1) ? SSH_VENDOR_PATCHLEVEL : SSH_VERSION,
|
|
|
f09e2e |
SSLeay_version(SSLEAY_VERSION));
|
|
|
f09e2e |
|
|
|
f09e2e |
/* Store privilege separation user for later use if required. */
|