summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorDarren Tucker <dtucker@zip.com.au>2013-06-11 03:26:10 +0200
committerDarren Tucker <dtucker@zip.com.au>2013-06-11 03:26:10 +0200
commit6d8bd57448b45b42809da32857d7804444349ee7 (patch)
tree6c693d94198b7df2157202405964151847e50251
parent - dtucker@cvs.openbsd.org 2013/06/07 15:37:52 (diff)
downloadopenssh-6d8bd57448b45b42809da32857d7804444349ee7.tar.xz
openssh-6d8bd57448b45b42809da32857d7804444349ee7.zip
- (dtucker) [Makefile.in configure.ac fixalgorithms] Remove unsupported
algorithms (Ciphers, MACs and HostKeyAlgorithms) from man pages.
-rw-r--r--ChangeLog2
-rw-r--r--Makefile.in9
-rw-r--r--configure.ac24
-rwxr-xr-xfixalgorithms26
4 files changed, 54 insertions, 7 deletions
diff --git a/ChangeLog b/ChangeLog
index a9a8cbce1..a7ab9a693 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -9,6 +9,8 @@
on a broken network, the backgrounded mux master will exit when the
Control Persist time expires rather than hanging around indefinitely.
bz#1917, also reported and tested by tedu@. ok djm@ markus@.
+ - (dtucker) [Makefile.in configure.ac fixalgorithms] Remove unsupported
+ algorithms (Ciphers, MACs and HostKeyAlgorithms) from man pages.
20130605
- (dtucker) [myproposal.h] Enable sha256 kex methods based on the presence of
diff --git a/Makefile.in b/Makefile.in
index d6f6a7924..92c95a928 100644
--- a/Makefile.in
+++ b/Makefile.in
@@ -1,4 +1,4 @@
-# $Id: Makefile.in,v 1.339 2013/06/05 19:12:35 dtucker Exp $
+# $Id: Makefile.in,v 1.340 2013/06/11 01:26:10 dtucker Exp $
# uncomment if you run a non bourne compatable shell. Ie. csh
#SHELL = @SH@
@@ -121,6 +121,8 @@ PATHSUBS = \
-e 's|/usr/bin:/bin:/usr/sbin:/sbin|@user_path@|g'
FIXPATHSCMD = $(SED) $(PATHSUBS)
+FIXALGORITHMSCMD= $(SHELL) $(srcdir)/fixalgorithms $(SED) \
+ @UNSUPPORTED_ALGORITHMS@
all: $(CONFIGFILES) $(MANPAGES) $(TARGETS)
@@ -184,9 +186,10 @@ $(MANPAGES): $(MANPAGES_IN)
manpage=$(srcdir)/`echo $@ | sed 's/\.out$$//'`; \
fi; \
if test "$(MANTYPE)" = "man"; then \
- $(FIXPATHSCMD) $${manpage} | $(AWK) -f $(srcdir)/mdoc2man.awk > $@; \
+ $(FIXPATHSCMD) $${manpage} | $(FIXALGORITHMSCMD) | \
+ $(AWK) -f $(srcdir)/mdoc2man.awk > $@; \
else \
- $(FIXPATHSCMD) $${manpage} > $@; \
+ $(FIXPATHSCMD) $${manpage} | $(FIXALGORITHMSCMD) > $@; \
fi
$(CONFIGFILES): $(CONFIGFILES_IN)
diff --git a/configure.ac b/configure.ac
index bce5d7b17..e6ec2768f 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1,4 +1,4 @@
-# $Id: configure.ac,v 1.534 2013/06/05 22:30:21 dtucker Exp $
+# $Id: configure.ac,v 1.535 2013/06/11 01:26:10 dtucker Exp $
#
# Copyright (c) 1999-2004 Damien Miller
#
@@ -15,7 +15,7 @@
# OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
AC_INIT([OpenSSH], [Portable], [openssh-unix-dev@mindrot.org])
-AC_REVISION($Revision: 1.534 $)
+AC_REVISION($Revision: 1.535 $)
AC_CONFIG_SRCDIR([ssh.c])
AC_LANG([C])
@@ -2394,6 +2394,8 @@ AC_LINK_IFELSE(
],
[
AC_MSG_RESULT([no])
+ unsupported_algorithms="$unsupported_cipers \
+ aes128-gcm@openssh.com aes256-gcm@openssh.com"
]
)
@@ -2434,8 +2436,15 @@ fi
AC_CHECK_FUNCS([crypt DES_crypt])
# Search for SHA256 support in libc and/or OpenSSL
-AC_CHECK_FUNCS([SHA256_Update EVP_sha256], [TEST_SSH_SHA256=yes],
- [TEST_SSH_SHA256=no])
+AC_CHECK_FUNCS([SHA256_Update EVP_sha256],
+ [TEST_SSH_SHA256=yes],
+ [TEST_SSH_SHA256=no
+ unsupported_algorithms="$unsupported_algorithms \
+ hmac-sha2-256 hmac-sha2-512 \
+ diffie-hellman-group-exchange-sha256 \
+ hmac-sha2-256-etm@openssh.com hmac-sha2-512-etm@openssh.com"
+ ]
+)
AC_SUBST([TEST_SSH_SHA256])
# Check complete ECC support in OpenSSL
@@ -2466,6 +2475,12 @@ AC_LINK_IFELSE(
AC_MSG_RESULT([no])
TEST_SSH_ECC=no
COMMENT_OUT_ECC="#no ecc#"
+ unsupported_algorithms="$unsupported_algorithms \
+ ecdh-sha2-nistp256 ecdh-sha2-nistp384 ecdh-sha2-nistp521 \
+ ecdsa-sha2-nistp256-cert-v01@openssh.com \
+ ecdsa-sha2-nistp384-cert-v01@openssh.com \
+ ecdsa-sha2-nistp521-cert-v01@openssh.com \
+ ecdsa-sha2-nistp256 ecdsa-sha2-nistp384 ecdsa-sha2-nistp521"
]
)
AC_SUBST([TEST_SSH_ECC])
@@ -4541,6 +4556,7 @@ else
fi
AC_CHECK_DECL([BROKEN_GETADDRINFO], [TEST_SSH_IPV6=no])
AC_SUBST([TEST_SSH_IPV6], [$TEST_SSH_IPV6])
+AC_SUBST([UNSUPPORTED_ALGORITHMS], [$unsupported_algorithms])
AC_EXEEXT
AC_CONFIG_FILES([Makefile buildpkg.sh opensshd.init openssh.xml \
diff --git a/fixalgorithms b/fixalgorithms
new file mode 100755
index 000000000..115dce81c
--- /dev/null
+++ b/fixalgorithms
@@ -0,0 +1,26 @@
+#!/bin/sh
+#
+# fixciphers - remove unsupported ciphers from man pages.
+# Usage: fixpaths /path/to/sed cipher1 [cipher2] <infile >outfile
+#
+# Author: Darren Tucker (dtucker at zip com.au). Placed in the public domain.
+
+die() {
+ echo $*
+ exit -1
+}
+
+SED=$1
+shift
+
+for c in $*; do
+ subs="$subs -e /.Dq.$c.*$/d"
+ subs="$subs -e s/$c,//g"
+done
+
+# now remove any entirely empty lines
+subs="$subs -e /^$/d"
+
+${SED} $subs
+
+exit 0