diff --git a/ChangeLog b/ChangeLog index a9a8cbce1..a7ab9a693 100644 --- a/ChangeLog +++ b/ChangeLog @@ -9,6 +9,8 @@ on a broken network, the backgrounded mux master will exit when the Control Persist time expires rather than hanging around indefinitely. bz#1917, also reported and tested by tedu@. ok djm@ markus@. + - (dtucker) [Makefile.in configure.ac fixalgorithms] Remove unsupported + algorithms (Ciphers, MACs and HostKeyAlgorithms) from man pages. 20130605 - (dtucker) [myproposal.h] Enable sha256 kex methods based on the presence of diff --git a/Makefile.in b/Makefile.in index d6f6a7924..92c95a928 100644 --- a/Makefile.in +++ b/Makefile.in @@ -1,4 +1,4 @@ -# $Id: Makefile.in,v 1.339 2013/06/05 19:12:35 dtucker Exp $ +# $Id: Makefile.in,v 1.340 2013/06/11 01:26:10 dtucker Exp $ # uncomment if you run a non bourne compatable shell. Ie. csh #SHELL = @SH@ @@ -121,6 +121,8 @@ PATHSUBS = \ -e 's|/usr/bin:/bin:/usr/sbin:/sbin|@user_path@|g' FIXPATHSCMD = $(SED) $(PATHSUBS) +FIXALGORITHMSCMD= $(SHELL) $(srcdir)/fixalgorithms $(SED) \ + @UNSUPPORTED_ALGORITHMS@ all: $(CONFIGFILES) $(MANPAGES) $(TARGETS) @@ -184,9 +186,10 @@ $(MANPAGES): $(MANPAGES_IN) manpage=$(srcdir)/`echo $@ | sed 's/\.out$$//'`; \ fi; \ if test "$(MANTYPE)" = "man"; then \ - $(FIXPATHSCMD) $${manpage} | $(AWK) -f $(srcdir)/mdoc2man.awk > $@; \ + $(FIXPATHSCMD) $${manpage} | $(FIXALGORITHMSCMD) | \ + $(AWK) -f $(srcdir)/mdoc2man.awk > $@; \ else \ - $(FIXPATHSCMD) $${manpage} > $@; \ + $(FIXPATHSCMD) $${manpage} | $(FIXALGORITHMSCMD) > $@; \ fi $(CONFIGFILES): $(CONFIGFILES_IN) diff --git a/configure.ac b/configure.ac index bce5d7b17..e6ec2768f 100644 --- a/configure.ac +++ b/configure.ac @@ -1,4 +1,4 @@ -# $Id: configure.ac,v 1.534 2013/06/05 22:30:21 dtucker Exp $ +# $Id: configure.ac,v 1.535 2013/06/11 01:26:10 dtucker Exp $ # # Copyright (c) 1999-2004 Damien Miller # @@ -15,7 +15,7 @@ # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. AC_INIT([OpenSSH], [Portable], [openssh-unix-dev@mindrot.org]) -AC_REVISION($Revision: 1.534 $) +AC_REVISION($Revision: 1.535 $) AC_CONFIG_SRCDIR([ssh.c]) AC_LANG([C]) @@ -2394,6 +2394,8 @@ AC_LINK_IFELSE( ], [ AC_MSG_RESULT([no]) + unsupported_algorithms="$unsupported_cipers \ + aes128-gcm@openssh.com aes256-gcm@openssh.com" ] ) @@ -2434,8 +2436,15 @@ fi AC_CHECK_FUNCS([crypt DES_crypt]) # Search for SHA256 support in libc and/or OpenSSL -AC_CHECK_FUNCS([SHA256_Update EVP_sha256], [TEST_SSH_SHA256=yes], - [TEST_SSH_SHA256=no]) +AC_CHECK_FUNCS([SHA256_Update EVP_sha256], + [TEST_SSH_SHA256=yes], + [TEST_SSH_SHA256=no + unsupported_algorithms="$unsupported_algorithms \ + hmac-sha2-256 hmac-sha2-512 \ + diffie-hellman-group-exchange-sha256 \ + hmac-sha2-256-etm@openssh.com hmac-sha2-512-etm@openssh.com" + ] +) AC_SUBST([TEST_SSH_SHA256]) # Check complete ECC support in OpenSSL @@ -2466,6 +2475,12 @@ AC_LINK_IFELSE( AC_MSG_RESULT([no]) TEST_SSH_ECC=no COMMENT_OUT_ECC="#no ecc#" + unsupported_algorithms="$unsupported_algorithms \ + ecdh-sha2-nistp256 ecdh-sha2-nistp384 ecdh-sha2-nistp521 \ + ecdsa-sha2-nistp256-cert-v01@openssh.com \ + ecdsa-sha2-nistp384-cert-v01@openssh.com \ + ecdsa-sha2-nistp521-cert-v01@openssh.com \ + ecdsa-sha2-nistp256 ecdsa-sha2-nistp384 ecdsa-sha2-nistp521" ] ) AC_SUBST([TEST_SSH_ECC]) @@ -4541,6 +4556,7 @@ else fi AC_CHECK_DECL([BROKEN_GETADDRINFO], [TEST_SSH_IPV6=no]) AC_SUBST([TEST_SSH_IPV6], [$TEST_SSH_IPV6]) +AC_SUBST([UNSUPPORTED_ALGORITHMS], [$unsupported_algorithms]) AC_EXEEXT AC_CONFIG_FILES([Makefile buildpkg.sh opensshd.init openssh.xml \ diff --git a/fixalgorithms b/fixalgorithms new file mode 100755 index 000000000..115dce81c --- /dev/null +++ b/fixalgorithms @@ -0,0 +1,26 @@ +#!/bin/sh +# +# fixciphers - remove unsupported ciphers from man pages. +# Usage: fixpaths /path/to/sed cipher1 [cipher2] outfile +# +# Author: Darren Tucker (dtucker at zip com.au). Placed in the public domain. + +die() { + echo $* + exit -1 +} + +SED=$1 +shift + +for c in $*; do + subs="$subs -e /.Dq.$c.*$/d" + subs="$subs -e s/$c,//g" +done + +# now remove any entirely empty lines +subs="$subs -e /^$/d" + +${SED} $subs + +exit 0