1 files changed, 47 insertions, 0 deletions

diff --git a/debian/patches/package-versioning.patch b/debian/patches/package-versioning.patch
new file mode 100644
index 0000000..daa1473
--- /dev/null
+++ b/debian/patches/package-versioning.patch
@@ -0,0 +1,47 @@
+From 707144d399b9fc959a4f6be3fd8e239c208c88ff Mon Sep 17 00:00:00 2001
+From: Matthew Vernon <matthew@debian.org>
+Date: Sun, 9 Feb 2014 16:10:05 +0000
+Subject: Include the Debian version in our identification
+
+This makes it easier to audit networks for versions patched against security
+vulnerabilities.  It has little detrimental effect, as attackers will
+generally just try attacks rather than bothering to scan for
+vulnerable-looking version strings.  (However, see debian-banner.patch.)
+
+Forwarded: not-needed
+Last-Update: 2019-06-05
+
+Patch-Name: package-versioning.patch
+---
+ kex.c     | 2 +-
+ version.h | 7 ++++++-
+ 2 files changed, 7 insertions(+), 2 deletions(-)
+
+diff --git a/kex.c b/kex.c
+index 751cfc710..ce7bb5b3b 100644
+--- a/kex.c
++++ b/kex.c
+@@ -1243,7 +1243,7 @@ kex_exchange_identification(struct ssh *ssh, int timeout_ms,
+ 	if (version_addendum != NULL && *version_addendum == '\0')
+ 		version_addendum = NULL;
+ 	if ((r = sshbuf_putf(our_version, "SSH-%d.%d-%.100s%s%s\r\n",
+-	   PROTOCOL_MAJOR_2, PROTOCOL_MINOR_2, SSH_VERSION,
++	   PROTOCOL_MAJOR_2, PROTOCOL_MINOR_2, SSH_RELEASE,
+ 	    version_addendum == NULL ? "" : " ",
+ 	    version_addendum == NULL ? "" : version_addendum)) != 0) {
+ 		oerrno = errno;
+diff --git a/version.h b/version.h
+index c2f9c55bb..480cd59e1 100644
+--- a/version.h
++++ b/version.h
+@@ -3,4 +3,9 @@
+ #define SSH_VERSION	"OpenSSH_8.4"
+ 
+ #define SSH_PORTABLE	"p1"
+-#define SSH_RELEASE	SSH_VERSION SSH_PORTABLE
++#define SSH_RELEASE_MINIMUM	SSH_VERSION SSH_PORTABLE
++#ifdef SSH_EXTRAVERSION
++#define SSH_RELEASE	SSH_RELEASE_MINIMUM " " SSH_EXTRAVERSION
++#else
++#define SSH_RELEASE	SSH_RELEASE_MINIMUM
++#endif