summaryrefslogtreecommitdiffstats
path: root/debian/patches/package-versioning.patch
diff options
context:
space:
mode:
Diffstat (limited to 'debian/patches/package-versioning.patch')
-rw-r--r--debian/patches/package-versioning.patch61
1 files changed, 61 insertions, 0 deletions
diff --git a/debian/patches/package-versioning.patch b/debian/patches/package-versioning.patch
new file mode 100644
index 0000000..809c788
--- /dev/null
+++ b/debian/patches/package-versioning.patch
@@ -0,0 +1,61 @@
+From b258a00bedcf29200b394c671c6deb1e53157f32 Mon Sep 17 00:00:00 2001
+From: Matthew Vernon <matthew@debian.org>
+Date: Sun, 9 Feb 2014 16:10:05 +0000
+Subject: Include the Debian version in our identification
+
+This makes it easier to audit networks for versions patched against security
+vulnerabilities. It has little detrimental effect, as attackers will
+generally just try attacks rather than bothering to scan for
+vulnerable-looking version strings. (However, see debian-banner.patch.)
+
+Forwarded: not-needed
+Last-Update: 2017-10-04
+
+Patch-Name: package-versioning.patch
+---
+ sshconnect.c | 2 +-
+ sshd.c | 2 +-
+ version.h | 7 ++++++-
+ 3 files changed, 8 insertions(+), 3 deletions(-)
+
+diff --git a/sshconnect.c b/sshconnect.c
+index 158e8146f..b9418e277 100644
+--- a/sshconnect.c
++++ b/sshconnect.c
+@@ -609,7 +609,7 @@ send_client_banner(int connection_out, int minor1)
+ {
+ /* Send our own protocol version identification. */
+ xasprintf(&client_version_string, "SSH-%d.%d-%.100s\r\n",
+- PROTOCOL_MAJOR_2, PROTOCOL_MINOR_2, SSH_VERSION);
++ PROTOCOL_MAJOR_2, PROTOCOL_MINOR_2, SSH_RELEASE);
+ if (atomicio(vwrite, connection_out, client_version_string,
+ strlen(client_version_string)) != strlen(client_version_string))
+ fatal("write: %.100s", strerror(errno));
+diff --git a/sshd.c b/sshd.c
+index 2bc6679e5..9481272fc 100644
+--- a/sshd.c
++++ b/sshd.c
+@@ -384,7 +384,7 @@ sshd_exchange_identification(struct ssh *ssh, int sock_in, int sock_out)
+ char remote_version[256]; /* Must be at least as big as buf. */
+
+ xasprintf(&server_version_string, "SSH-%d.%d-%.100s%s%s\r\n",
+- PROTOCOL_MAJOR_2, PROTOCOL_MINOR_2, SSH_VERSION,
++ PROTOCOL_MAJOR_2, PROTOCOL_MINOR_2, SSH_RELEASE,
+ *options.version_addendum == '\0' ? "" : " ",
+ options.version_addendum);
+
+diff --git a/version.h b/version.h
+index 422dfbc3a..5e1ce0426 100644
+--- a/version.h
++++ b/version.h
+@@ -3,4 +3,9 @@
+ #define SSH_VERSION "OpenSSH_7.9"
+
+ #define SSH_PORTABLE "p1"
+-#define SSH_RELEASE SSH_VERSION SSH_PORTABLE
++#define SSH_RELEASE_MINIMUM SSH_VERSION SSH_PORTABLE
++#ifdef SSH_EXTRAVERSION
++#define SSH_RELEASE SSH_RELEASE_MINIMUM " " SSH_EXTRAVERSION
++#else
++#define SSH_RELEASE SSH_RELEASE_MINIMUM
++#endif