From owner-freebsd-ports@FreeBSD.ORG Wed Jan 13 13:41:03 2010 Return-Path: Delivered-To: FreeBSD-Ports@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 2A411106566C for ; Wed, 13 Jan 2010 13:41:03 +0000 (UTC) (envelope-from jhellenthal@gmail.com) Received: from mail-qy0-f174.google.com (mail-qy0-f174.google.com [209.85.221.174]) by mx1.freebsd.org (Postfix) with ESMTP id CCDBB8FC08 for ; Wed, 13 Jan 2010 13:41:02 +0000 (UTC) Received: by qyk4 with SMTP id 4so10701323qyk.7 for ; Wed, 13 Jan 2010 05:41:02 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:sender:date:from:to:cc :subject:in-reply-to:message-id:references:user-agent :x-openpgp-key-id:x-openpgp-key-fingerprint:mime-version :content-type; bh=QNEab0SRXTzToVXauBAabTzGxCBRRlSJiLStG00LALg=; b=Uen9qgVLyBuLIXAzyoCNf6Ko0HxomUVFTDg4VxXVRoAR+X1fRthU0l6QEqOWxeN3hq JWlBORNk1BYtBKid6TQmK+fwa6XkaI/nOnx8RY2XDo0F0FiSt2KfVTgmjEli/tP5zRtW /qo1ooK2gxn+qtMTI11z25ndYSu+cOQOXVZiA= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=sender:date:from:to:cc:subject:in-reply-to:message-id:references :user-agent:x-openpgp-key-id:x-openpgp-key-fingerprint:mime-version :content-type; b=E7oEnVwwCESFvBaluwN1zASfthNfXho2GvlIqEEwKfvMhyRmbOOfLNkrj3zPrFutyv +oJzarI0/yit978iB4uZuAngbpdsxV+rKPB5Pn5Q0i04W6N8bkhYXfATG+etwfZ5LIvF /srkl/bORBTUv9rxPxOcDZM/LjlsWz7xSbKic= Received: by 10.224.86.130 with SMTP id s2mr18529329qal.85.1263390062052; Wed, 13 Jan 2010 05:41:02 -0800 (PST) Received: from centel.dataix.local (ppp-22.23.dialinfree.com [209.172.22.23]) by mx.google.com with ESMTPS id 8sm14803713qwj.53.2010.01.13.05.40.57 (version=TLSv1/SSLv3 cipher=RC4-MD5); Wed, 13 Jan 2010 05:41:01 -0800 (PST) Sender: "J. Hellenthal" Date: Wed, 13 Jan 2010 08:40:49 -0500 From: jhell To: Denis Barov In-Reply-To: <20100113132953.GH12583@sepulca.yandex.ru> Message-ID: References: <20100113132953.GH12583@sepulca.yandex.ru> User-Agent: Alpine 2.00 (BSF 1167 2008-08-23) X-OpenPGP-Key-Id: 0x89D8547E X-OpenPGP-Key-Fingerprint: 85EF E26B 07BB 3777 76BE B12A 9057 8789 89D8 547E MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed Cc: dwcjr@inethouston.net, dindin@dindin.ru, FreeBSD Ports Subject: Re: patch for security/openssh-portable X-BeenThere: freebsd-ports@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Porting software to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 13 Jan 2010 13:41:03 -0000 On Wed, 13 Jan 2010 08:29, dindin@ wrote: > Probably you want VersionAddendum option in sshd_config? > No. To my understanding and my last tests VersionAddendum and is only a Addendum or did not work which spurred me to patch up the Makefile in the first place. Thanks for the thought though but I did not miss that option. > Wed, Jan 13, 2010 at 08:14 -0500 jhell: >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA1 >> >> >> >> Request. >> >> Attached is a patch against security/openssh-portable Makefile to remove >> FreeBSD version and openssl version from its version reply string. >> >> This changes it from its default reply to: SSH-2.0-OpenSSH_5.2p1 >> >> I would rather leave a prober guessing rather than giving the information >> he needs to analyze a large number of hosts quickly. >> >> - -- >> >> Wed Jan 13 08:06:17 2010 >> >> jhell >> >> -----BEGIN PGP SIGNATURE----- >> Version: GnuPG v2.0.14 (FreeBSD) >> >> iQEcBAEBAgAGBQJLTceJAAoJEJBXh4mJ2FR+nrMH/jzYBXWyUXueQFrGYJnovskV >> uSDme/bxd+iwVlsAyGPNK8Ub8oQC9725ohh0a8N6rcotENODPJyXRh0c9Gz5Kr3D >> 81opHf+qE6Z0Awhb3FcNYf/jCve4TOj5MZpzdy1peZ6pwJXA8BM7YbrP1+OFlQRN >> yu3HuNg/LQyx0Rk0kVzVISLInpdmndC/OBtCjLwBuGb0Np/WYshuNOr739jOodcL >> Odqa94apkhZpm8yI5+P6tQdf/RMOpn/PgB0MidLt3hH2Ayxpm903Wrs9p4d6xzc8 >> i2tZR8crdHCwjO5TRHITWmc273XZychU24P8HIC06GP56pG8jClFR1XSqBCpZMY= >> =fKHX >> -----END PGP SIGNATURE----- > >> --- Makefile.orig 2009-12-30 15:14:04.646162156 -0500 >> +++ Makefile 2009-12-30 15:15:36.939692199 -0500 >> @@ -229,11 +229,9 @@ >> -e 's|%%RC_SCRIPT_NAME%%|${RC_SCRIPT_NAME}|' ${WRKSRC}/sshd.8 >> @${REINPLACE_CMD} -E -e 's|SSH_VERSION|TMP_SSH_VERSION|' \ >> -e 's|.*SSH_RELEASE.*||' ${WRKSRC}/version.h >> - @${ECHO_CMD} '#define FREEBSD_PORT_VERSION " FreeBSD-${PKGNAME}"' >> \ >> + @${ECHO_CMD} '#define SSH_VERSION TMP_SSH_VERSION SSH_PORTABLE' >> \ >> ${WRKSRC}/version.h >> - @${ECHO_CMD} '#define SSH_VERSION TMP_SSH_VERSION SSH_PORTABLE FREEBSD_PORT_VERSION' >> \ >> - ${WRKSRC}/version.h >> - @${ECHO_CMD} '#define SSH_RELEASE TMP_SSH_VERSION SSH_PORTABLE FREEBSD_PORT_VERSION' >> \ >> + @${ECHO_CMD} '#define SSH_RELEASE TMP_SSH_VERSION SSH_PORTABLE' >> \ >> ${WRKSRC}/version.h >> .if defined(WITH_HPN) >> @${REINPLACE_CMD} -e 's|TMP_SSH_VERSION SSH_PORTABLE|TMP_SSH_VERSION SSH_PORTABLE SSH_HPN|' \ > > > -- Wed Jan 13 08:38:24 2010 It may not be able to take your machine down, but it can fill up your Internet Pipe. jhell