ssh: retire client VersionAddendum

FreeBSD introduced VersionAddendum for the server as a local change in 2001 in commit 933ca70f8f and later extended it to the client in commit 9e2cbe04ff. In 2012 upstream added support for server VersionAddendum, in commit 23528816dc10. They do not support it for the client. The argument for supporting this in the client is not nearly as strong as for the server, so retire this option to reduce the scope of our local patch set. This also avoids some cases of conflicts in ssh_config during update, as a user's configuration would typically follow the commented-out default VersionAddendum value. Reviewed by: gordon, glebius Relnotes: yes Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D32930
2022-04-23 15:40:48 -04:00 · 2022-04-23 15:40:48 -04:00 · bffe60ead0
commit bffe60ead0
parent 901df07a47
7 changed files with 5 additions and 46 deletions
--- a/crypto/openssh/readconf.c
+++ b/crypto/openssh/readconf.c
@ -67,7 +67,6 @@
 #include "uidswap.h"
 #include "myproposal.h"
 #include "digest.h"
-#include "version.h"

 /* Format of the configuration file:

@ -142,7 +141,6 @@ static int process_config_line_depth(Options *options, struct passwd *pw,

 typedef enum {
 	oBadOption,
-	oVersionAddendum,
 	oHost, oMatch, oInclude,
 	oForwardAgent, oForwardX11, oForwardX11Trusted, oForwardX11Timeout,
 	oGatewayPorts, oExitOnForwardFailure,
@ -329,7 +327,7 @@ static struct {
 	{ "tcprcvbuf", oDeprecated },
 	{ "noneenabled", oUnsupported },
 	{ "noneswitch", oUnsupported },
-	{ "versionaddendum", oVersionAddendum },
+	{ "versionaddendum", oDeprecated },

 	{ NULL, oBadOption }
 };
@ -1983,22 +1981,6 @@ process_config_line_depth(Options *options, struct passwd *pw, const char *host,
 		intptr = &options->fork_after_authentication;
 		goto parse_flag;

-	case oVersionAddendum:
-		if (str == NULL)
-			fatal("%.200s line %d: Missing argument.", filename,
-			    linenum);
-		len = strspn(str, WHITESPACE);
-		if (*activep && options->version_addendum == NULL) {
-			if (strcasecmp(str + len, "none") == 0)
-				options->version_addendum = xstrdup("");
-			else if (strchr(str + len, '\r') != NULL)
-				fatal("%.200s line %d: Invalid argument",
-				    filename, linenum);
-			else
-				options->version_addendum = xstrdup(str + len);
-		}
-		return 0;
-
 	case oIgnoreUnknown:
 		charptr = &options->ignored_unknown;
 		goto parse_string;
@ -2353,7 +2335,6 @@ void
 initialize_options(Options * options)
 {
 	memset(options, 'X', sizeof(*options));
-	options->version_addendum = NULL;
 	options->forward_agent = -1;
 	options->forward_agent_sock_path = NULL;
 	options->forward_x11 = -1;
@ -2731,8 +2712,6 @@ fill_default_options(Options * options)
 	/* options->hostname will be set in the main program if appropriate */
 	/* options->host_key_alias should not be set by default */
 	/* options->preferred_authentications will be set in ssh */
-	if (options->version_addendum == NULL)
-		options->version_addendum = xstrdup(SSH_VERSION_FREEBSD);

 	/* success */
 	ret = 0;
--- a/crypto/openssh/readconf.h
+++ b/crypto/openssh/readconf.h
@ -169,8 +169,6 @@ typedef struct {
 	char   *hostbased_accepted_algos;
 	char   *pubkey_accepted_algos;

-	char   *version_addendum; /* Appended to SSH banner */
-
 	char   *jump_user;
 	char   *jump_host;
 	int	jump_port;
--- a/crypto/openssh/ssh.1
+++ b/crypto/openssh/ssh.1
@ -584,7 +584,6 @@ For full details of the options listed below, and their possible values, see
 .It User
 .It UserKnownHostsFile
 .It VerifyHostKeyDNS
-.It VersionAddendum
 .It VisualHostKey
 .It XAuthLocation
 .El
--- a/crypto/openssh/ssh.c
+++ b/crypto/openssh/ssh.c
@ -872,14 +872,8 @@ main(int ac, char **av)
 			}
 			break;
 		case 'V':
-			if (options.version_addendum != NULL &&
-			    *options.version_addendum != '\0')
-				fprintf(stderr, "%s %s, %s\n", SSH_RELEASE,
-				    options.version_addendum,
-				    SSH_OPENSSL_VERSION);
-			else
-				fprintf(stderr, "%s, %s\n", SSH_RELEASE,
-				    SSH_OPENSSL_VERSION);
+			fprintf(stderr, "%s, %s\n",
+			    SSH_RELEASE, SSH_OPENSSL_VERSION);
 			if (opt == 'V')
 				exit(0);
 			break;
@ -1146,7 +1140,6 @@ main(int ac, char **av)
 	    !use_syslog);

 	if (debug_flag)
-		/* version_addendum is always NULL at this point */
 		logit("%s, %s", SSH_RELEASE, SSH_OPENSSL_VERSION);

 	/* Parse the configuration files */
--- a/crypto/openssh/ssh_config
+++ b/crypto/openssh/ssh_config
@ -45,4 +45,3 @@
 #   RekeyLimit 1G 1h
 #   UserKnownHostsFile ~/.ssh/known_hosts.d/%k
 #   VerifyHostKeyDNS yes
-#   VersionAddendum FreeBSD-20220415
--- a/crypto/openssh/ssh_config.5
+++ b/crypto/openssh/ssh_config.5
@ -34,7 +34,7 @@
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
 .\" $OpenBSD: ssh_config.5,v 1.371 2022/03/31 17:58:44 naddy Exp $
-.Dd $Mdocdate: March 31 2022 $
+.Dd $Mdocdate: August 19 2022 $
 .Dt SSH_CONFIG 5
 .Os
 .Sh NAME
@ -1974,14 +1974,6 @@ See also
 .Sx VERIFYING HOST KEYS
 in
 .Xr ssh 1 .
-.It Cm VersionAddendum
-Specifies a string to append to the regular version string to identify
-OS- or site-specific modifications.
-The default is
-.Dq FreeBSD-20220415 .
-The value
-.Cm none
-may be used to disable this.
 .It Cm VisualHostKey
 If this flag is set to
 .Cm yes ,
--- a/crypto/openssh/sshconnect.c
+++ b/crypto/openssh/sshconnect.c
@ -1553,8 +1553,7 @@ ssh_login(struct ssh *ssh, Sensitive *sensitive, const char *orighost,
 	lowercase(host);

 	/* Exchange protocol version identification strings with the server. */
-	if ((r = kex_exchange_identification(ssh, timeout_ms,
-	    options.version_addendum)) != 0)
+	if ((r = kex_exchange_identification(ssh, timeout_ms, NULL)) != 0)
 		sshpkt_fatal(ssh, r, "banner exchange");

 	/* Put the connection into non-blocking mode. */