From bffe60ead024a1fdf4312eaec5892435a7f6b4c5 Mon Sep 17 00:00:00 2001 From: Ed Maste Date: Sat, 23 Apr 2022 15:40:48 -0400 Subject: [PATCH] ssh: retire client VersionAddendum FreeBSD introduced VersionAddendum for the server as a local change in 2001 in commit 933ca70f8f88 and later extended it to the client in commit 9e2cbe04ff4f. In 2012 upstream added support for server VersionAddendum, in commit 23528816dc10. They do not support it for the client. The argument for supporting this in the client is not nearly as strong as for the server, so retire this option to reduce the scope of our local patch set. This also avoids some cases of conflicts in ssh_config during update, as a user's configuration would typically follow the commented-out default VersionAddendum value. Reviewed by: gordon, glebius Relnotes: yes Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D32930 --- crypto/openssh/readconf.c | 23 +---------------------- crypto/openssh/readconf.h | 2 -- crypto/openssh/ssh.1 | 1 - crypto/openssh/ssh.c | 11 ++--------- crypto/openssh/ssh_config | 1 - crypto/openssh/ssh_config.5 | 10 +--------- crypto/openssh/sshconnect.c | 3 +-- 7 files changed, 5 insertions(+), 46 deletions(-) diff --git a/crypto/openssh/readconf.c b/crypto/openssh/readconf.c index 0a59470a74a..a5317990de1 100644 --- a/crypto/openssh/readconf.c +++ b/crypto/openssh/readconf.c @@ -67,7 +67,6 @@ #include "uidswap.h" #include "myproposal.h" #include "digest.h" -#include "version.h" /* Format of the configuration file: @@ -142,7 +141,6 @@ static int process_config_line_depth(Options *options, struct passwd *pw, typedef enum { oBadOption, - oVersionAddendum, oHost, oMatch, oInclude, oForwardAgent, oForwardX11, oForwardX11Trusted, oForwardX11Timeout, oGatewayPorts, oExitOnForwardFailure, @@ -329,7 +327,7 @@ static struct { { "tcprcvbuf", oDeprecated }, { "noneenabled", oUnsupported }, { "noneswitch", oUnsupported }, - { "versionaddendum", oVersionAddendum }, + { "versionaddendum", oDeprecated }, { NULL, oBadOption } }; @@ -1983,22 +1981,6 @@ parse_pubkey_algos: intptr = &options->fork_after_authentication; goto parse_flag; - case oVersionAddendum: - if (str == NULL) - fatal("%.200s line %d: Missing argument.", filename, - linenum); - len = strspn(str, WHITESPACE); - if (*activep && options->version_addendum == NULL) { - if (strcasecmp(str + len, "none") == 0) - options->version_addendum = xstrdup(""); - else if (strchr(str + len, '\r') != NULL) - fatal("%.200s line %d: Invalid argument", - filename, linenum); - else - options->version_addendum = xstrdup(str + len); - } - return 0; - case oIgnoreUnknown: charptr = &options->ignored_unknown; goto parse_string; @@ -2353,7 +2335,6 @@ void initialize_options(Options * options) { memset(options, 'X', sizeof(*options)); - options->version_addendum = NULL; options->forward_agent = -1; options->forward_agent_sock_path = NULL; options->forward_x11 = -1; @@ -2731,8 +2712,6 @@ fill_default_options(Options * options) /* options->hostname will be set in the main program if appropriate */ /* options->host_key_alias should not be set by default */ /* options->preferred_authentications will be set in ssh */ - if (options->version_addendum == NULL) - options->version_addendum = xstrdup(SSH_VERSION_FREEBSD); /* success */ ret = 0; diff --git a/crypto/openssh/readconf.h b/crypto/openssh/readconf.h index 31f4acb4708..ded13c943d3 100644 --- a/crypto/openssh/readconf.h +++ b/crypto/openssh/readconf.h @@ -169,8 +169,6 @@ typedef struct { char *hostbased_accepted_algos; char *pubkey_accepted_algos; - char *version_addendum; /* Appended to SSH banner */ - char *jump_user; char *jump_host; int jump_port; diff --git a/crypto/openssh/ssh.1 b/crypto/openssh/ssh.1 index be43e87134b..4a4f1683a82 100644 --- a/crypto/openssh/ssh.1 +++ b/crypto/openssh/ssh.1 @@ -584,7 +584,6 @@ For full details of the options listed below, and their possible values, see .It User .It UserKnownHostsFile .It VerifyHostKeyDNS -.It VersionAddendum .It VisualHostKey .It XAuthLocation .El diff --git a/crypto/openssh/ssh.c b/crypto/openssh/ssh.c index 860ad31954a..359127df04b 100644 --- a/crypto/openssh/ssh.c +++ b/crypto/openssh/ssh.c @@ -872,14 +872,8 @@ main(int ac, char **av) } break; case 'V': - if (options.version_addendum != NULL && - *options.version_addendum != '\0') - fprintf(stderr, "%s %s, %s\n", SSH_RELEASE, - options.version_addendum, - SSH_OPENSSL_VERSION); - else - fprintf(stderr, "%s, %s\n", SSH_RELEASE, - SSH_OPENSSL_VERSION); + fprintf(stderr, "%s, %s\n", + SSH_RELEASE, SSH_OPENSSL_VERSION); if (opt == 'V') exit(0); break; @@ -1146,7 +1140,6 @@ main(int ac, char **av) !use_syslog); if (debug_flag) - /* version_addendum is always NULL at this point */ logit("%s, %s", SSH_RELEASE, SSH_OPENSSL_VERSION); /* Parse the configuration files */ diff --git a/crypto/openssh/ssh_config b/crypto/openssh/ssh_config index 7c7ad542e4e..306e8f950ef 100644 --- a/crypto/openssh/ssh_config +++ b/crypto/openssh/ssh_config @@ -45,4 +45,3 @@ # RekeyLimit 1G 1h # UserKnownHostsFile ~/.ssh/known_hosts.d/%k # VerifyHostKeyDNS yes -# VersionAddendum FreeBSD-20220415 diff --git a/crypto/openssh/ssh_config.5 b/crypto/openssh/ssh_config.5 index 04d66e24d74..f87bdd01531 100644 --- a/crypto/openssh/ssh_config.5 +++ b/crypto/openssh/ssh_config.5 @@ -34,7 +34,7 @@ .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" .\" $OpenBSD: ssh_config.5,v 1.371 2022/03/31 17:58:44 naddy Exp $ -.Dd $Mdocdate: March 31 2022 $ +.Dd $Mdocdate: August 19 2022 $ .Dt SSH_CONFIG 5 .Os .Sh NAME @@ -1974,14 +1974,6 @@ See also .Sx VERIFYING HOST KEYS in .Xr ssh 1 . -.It Cm VersionAddendum -Specifies a string to append to the regular version string to identify -OS- or site-specific modifications. -The default is -.Dq FreeBSD-20220415 . -The value -.Cm none -may be used to disable this. .It Cm VisualHostKey If this flag is set to .Cm yes , diff --git a/crypto/openssh/sshconnect.c b/crypto/openssh/sshconnect.c index 8030583c50a..ebecc83747b 100644 --- a/crypto/openssh/sshconnect.c +++ b/crypto/openssh/sshconnect.c @@ -1553,8 +1553,7 @@ ssh_login(struct ssh *ssh, Sensitive *sensitive, const char *orighost, lowercase(host); /* Exchange protocol version identification strings with the server. */ - if ((r = kex_exchange_identification(ssh, timeout_ms, - options.version_addendum)) != 0) + if ((r = kex_exchange_identification(ssh, timeout_ms, NULL)) != 0) sshpkt_fatal(ssh, r, "banner exchange"); /* Put the connection into non-blocking mode. */