summaryrefslogtreecommitdiffstats
path: root/debian/patches/debian-banner.patch
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--debian/patches/debian-banner.patch62
1 files changed, 31 insertions, 31 deletions
diff --git a/debian/patches/debian-banner.patch b/debian/patches/debian-banner.patch
index fd0443b..9bbcf9d 100644
--- a/debian/patches/debian-banner.patch
+++ b/debian/patches/debian-banner.patch
@@ -1,4 +1,4 @@
-From 6bed4d1be79474891ebaa62259919f14acf28273 Mon Sep 17 00:00:00 2001
+From b054afdc85f743749259187c2cd8e396d76f442b Mon Sep 17 00:00:00 2001
From: Kees Cook <kees@debian.org>
Date: Sun, 9 Feb 2014 16:10:06 +0000
Subject: Add DebianBanner server configuration option
@@ -8,7 +8,7 @@ initial protocol handshake, for those scared by package-versioning.patch.
Bug-Debian: http://bugs.debian.org/562048
Forwarded: not-needed
-Last-Update: 2024-07-03
+Last-Update: 2024-09-22
Patch-Name: debian-banner.patch
---
@@ -22,10 +22,10 @@ Patch-Name: debian-banner.patch
7 files changed, 23 insertions(+), 5 deletions(-)
diff --git a/kex.c b/kex.c
-index 744fb27fb..e872ab02e 100644
+index 19b1fcaa8..ca6d5b53d 100644
--- a/kex.c
+++ b/kex.c
-@@ -1239,7 +1239,7 @@ send_error(struct ssh *ssh, char *msg)
+@@ -1237,7 +1237,7 @@ send_error(struct ssh *ssh, char *msg)
*/
int
kex_exchange_identification(struct ssh *ssh, int timeout_ms,
@@ -34,7 +34,7 @@ index 744fb27fb..e872ab02e 100644
{
int remote_major, remote_minor, mismatch, oerrno = 0;
size_t len, n;
-@@ -1257,7 +1257,8 @@ kex_exchange_identification(struct ssh *ssh, int timeout_ms,
+@@ -1255,7 +1255,8 @@ kex_exchange_identification(struct ssh *ssh, int timeout_ms,
if (version_addendum != NULL && *version_addendum == '\0')
version_addendum = NULL;
if ((r = sshbuf_putf(our_version, "SSH-%d.%d-%s%s%s\r\n",
@@ -45,10 +45,10 @@ index 744fb27fb..e872ab02e 100644
version_addendum == NULL ? "" : version_addendum)) != 0) {
oerrno = errno;
diff --git a/kex.h b/kex.h
-index d3c57a329..5ca4f9a5e 100644
+index cd6a40333..6a08023d0 100644
--- a/kex.h
+++ b/kex.h
-@@ -213,7 +213,7 @@ void kex_proposal_populate_entries(struct ssh *, char *prop[PROPOSAL_MAX],
+@@ -215,7 +215,7 @@ void kex_proposal_populate_entries(struct ssh *, char *prop[PROPOSAL_MAX],
const char *, const char *, const char *, const char *, const char *);
void kex_proposal_free_entries(char *prop[PROPOSAL_MAX]);
@@ -58,45 +58,45 @@ index d3c57a329..5ca4f9a5e 100644
struct kex *kex_new(void);
int kex_ready(struct ssh *, char *[PROPOSAL_MAX]);
diff --git a/servconf.c b/servconf.c
-index 169b9ff07..81511bc86 100644
+index 1d5c143ba..49a066df8 100644
--- a/servconf.c
+++ b/servconf.c
-@@ -217,6 +217,7 @@ initialize_server_options(ServerOptions *options)
- options->num_channel_timeouts = 0;
+@@ -219,6 +219,7 @@ initialize_server_options(ServerOptions *options)
options->unused_connection_timeout = -1;
options->sshd_session_path = NULL;
+ options->refuse_connection = -1;
+ options->debian_banner = -1;
}
/* Returns 1 if a string option is unset or set to "none" or 0 otherwise. */
-@@ -501,6 +502,8 @@ fill_default_server_options(ServerOptions *options)
- options->unused_connection_timeout = 0;
- if (options->sshd_session_path == NULL)
+@@ -507,6 +508,8 @@ fill_default_server_options(ServerOptions *options)
options->sshd_session_path = xstrdup(_PATH_SSHD_SESSION);
+ if (options->refuse_connection == -1)
+ options->refuse_connection = 0;
+ if (options->debian_banner == -1)
+ options->debian_banner = 1;
assemble_algorithms(options);
-@@ -585,6 +588,7 @@ typedef enum {
+@@ -591,6 +594,7 @@ typedef enum {
sExposeAuthInfo, sRDomain, sPubkeyAuthOptions, sSecurityKeyProvider,
sRequiredRSASize, sChannelTimeout, sUnusedConnectionTimeout,
- sSshdSessionPath,
+ sSshdSessionPath, sRefuseConnection,
+ sDebianBanner,
sDeprecated, sIgnore, sUnsupported
} ServerOpCodes;
-@@ -763,6 +767,7 @@ static struct {
- { "channeltimeout", sChannelTimeout, SSHCFG_ALL },
+@@ -770,6 +774,7 @@ static struct {
{ "unusedconnectiontimeout", sUnusedConnectionTimeout, SSHCFG_ALL },
{ "sshdsessionpath", sSshdSessionPath, SSHCFG_GLOBAL },
+ { "refuseconnection", sRefuseConnection, SSHCFG_ALL },
+ { "debianbanner", sDebianBanner, SSHCFG_GLOBAL },
{ NULL, sBadOption, 0 }
};
-@@ -2702,6 +2707,10 @@ process_server_config_line_depth(ServerOptions *options, char *line,
- charptr = &options->sshd_session_path;
- goto parse_filename;
+@@ -2725,6 +2730,10 @@ process_server_config_line_depth(ServerOptions *options, char *line,
+ multistate_ptr = multistate_flag;
+ goto parse_multistate;
+ case sDebianBanner:
+ intptr = &options->debian_banner;
@@ -105,22 +105,22 @@ index 169b9ff07..81511bc86 100644
case sDeprecated:
case sIgnore:
case sUnsupported:
-@@ -3251,6 +3260,7 @@ dump_config(ServerOptions *o)
- dump_cfg_fmtint(sStreamLocalBindUnlink, o->fwd_opts.streamlocal_bind_unlink);
+@@ -3278,6 +3287,7 @@ dump_config(ServerOptions *o)
dump_cfg_fmtint(sFingerprintHash, o->fingerprint_hash);
dump_cfg_fmtint(sExposeAuthInfo, o->expose_userauth_info);
+ dump_cfg_fmtint(sRefuseConnection, o->refuse_connection);
+ dump_cfg_fmtint(sDebianBanner, o->debian_banner);
/* string arguments */
dump_cfg_string(sPidFile, o->pid_file);
diff --git a/servconf.h b/servconf.h
-index c1e2751ee..1532e5420 100644
+index 26819aa92..00c834403 100644
--- a/servconf.h
+++ b/servconf.h
-@@ -251,6 +251,8 @@ typedef struct {
- int unused_connection_timeout;
-
+@@ -254,6 +254,8 @@ typedef struct {
char *sshd_session_path;
+
+ int refuse_connection;
+
+ int debian_banner;
} ServerOptions;
@@ -140,12 +140,12 @@ index cbfc20735..f9d3a1ff2 100644
/* Put the connection into non-blocking mode. */
diff --git a/sshd-session.c b/sshd-session.c
-index b6e544108..2a512dd74 100644
+index 1d7cdd00a..a9e1cf4f6 100644
--- a/sshd-session.c
+++ b/sshd-session.c
-@@ -1303,7 +1303,7 @@ main(int ac, char **av)
- if (!debug_flag)
- alarm(options.login_grace_time);
+@@ -1314,7 +1314,7 @@ main(int ac, char **av)
+ fatal("login grace time setitimer failed");
+ }
- if ((r = kex_exchange_identification(ssh, -1,
+ if ((r = kex_exchange_identification(ssh, -1, options.debian_banner,
@@ -153,7 +153,7 @@ index b6e544108..2a512dd74 100644
sshpkt_fatal(ssh, r, "banner exchange");
diff --git a/sshd_config.5 b/sshd_config.5
-index 5dd656869..81671fb99 100644
+index 11a8e922f..ed2f74060 100644
--- a/sshd_config.5
+++ b/sshd_config.5
@@ -629,6 +629,11 @@ or