diff options
Diffstat (limited to 'debian/patches/package-versioning.patch')
| -rw-r--r-- | debian/patches/package-versioning.patch | 61 |
1 files changed, 61 insertions, 0 deletions
diff --git a/debian/patches/package-versioning.patch b/debian/patches/package-versioning.patch new file mode 100644 index 0000000..809c788 --- /dev/null +++ b/debian/patches/package-versioning.patch @@ -0,0 +1,61 @@ +From b258a00bedcf29200b394c671c6deb1e53157f32 Mon Sep 17 00:00:00 2001 +From: Matthew Vernon <matthew@debian.org> +Date: Sun, 9 Feb 2014 16:10:05 +0000 +Subject: Include the Debian version in our identification + +This makes it easier to audit networks for versions patched against security +vulnerabilities. It has little detrimental effect, as attackers will +generally just try attacks rather than bothering to scan for +vulnerable-looking version strings. (However, see debian-banner.patch.) + +Forwarded: not-needed +Last-Update: 2017-10-04 + +Patch-Name: package-versioning.patch +--- + sshconnect.c | 2 +- + sshd.c | 2 +- + version.h | 7 ++++++- + 3 files changed, 8 insertions(+), 3 deletions(-) + +diff --git a/sshconnect.c b/sshconnect.c +index 158e8146f..b9418e277 100644 +--- a/sshconnect.c ++++ b/sshconnect.c +@@ -609,7 +609,7 @@ send_client_banner(int connection_out, int minor1) + { + /* Send our own protocol version identification. */ + xasprintf(&client_version_string, "SSH-%d.%d-%.100s\r\n", +- PROTOCOL_MAJOR_2, PROTOCOL_MINOR_2, SSH_VERSION); ++ PROTOCOL_MAJOR_2, PROTOCOL_MINOR_2, SSH_RELEASE); + if (atomicio(vwrite, connection_out, client_version_string, + strlen(client_version_string)) != strlen(client_version_string)) + fatal("write: %.100s", strerror(errno)); +diff --git a/sshd.c b/sshd.c +index 2bc6679e5..9481272fc 100644 +--- a/sshd.c ++++ b/sshd.c +@@ -384,7 +384,7 @@ sshd_exchange_identification(struct ssh *ssh, int sock_in, int sock_out) + char remote_version[256]; /* Must be at least as big as buf. */ + + xasprintf(&server_version_string, "SSH-%d.%d-%.100s%s%s\r\n", +- PROTOCOL_MAJOR_2, PROTOCOL_MINOR_2, SSH_VERSION, ++ PROTOCOL_MAJOR_2, PROTOCOL_MINOR_2, SSH_RELEASE, + *options.version_addendum == '\0' ? "" : " ", + options.version_addendum); + +diff --git a/version.h b/version.h +index 422dfbc3a..5e1ce0426 100644 +--- a/version.h ++++ b/version.h +@@ -3,4 +3,9 @@ + #define SSH_VERSION "OpenSSH_7.9" + + #define SSH_PORTABLE "p1" +-#define SSH_RELEASE SSH_VERSION SSH_PORTABLE ++#define SSH_RELEASE_MINIMUM SSH_VERSION SSH_PORTABLE ++#ifdef SSH_EXTRAVERSION ++#define SSH_RELEASE SSH_RELEASE_MINIMUM " " SSH_EXTRAVERSION ++#else ++#define SSH_RELEASE SSH_RELEASE_MINIMUM ++#endif |