diff options
Diffstat (limited to 'debian/patches/debian-banner.patch')
| -rw-r--r-- | debian/patches/debian-banner.patch | 62 |
1 files changed, 31 insertions, 31 deletions
diff --git a/debian/patches/debian-banner.patch b/debian/patches/debian-banner.patch index fd0443b..9bbcf9d 100644 --- a/debian/patches/debian-banner.patch +++ b/debian/patches/debian-banner.patch @@ -1,4 +1,4 @@ -From 6bed4d1be79474891ebaa62259919f14acf28273 Mon Sep 17 00:00:00 2001 +From b054afdc85f743749259187c2cd8e396d76f442b Mon Sep 17 00:00:00 2001 From: Kees Cook <kees@debian.org> Date: Sun, 9 Feb 2014 16:10:06 +0000 Subject: Add DebianBanner server configuration option @@ -8,7 +8,7 @@ initial protocol handshake, for those scared by package-versioning.patch. Bug-Debian: http://bugs.debian.org/562048 Forwarded: not-needed -Last-Update: 2024-07-03 +Last-Update: 2024-09-22 Patch-Name: debian-banner.patch --- @@ -22,10 +22,10 @@ Patch-Name: debian-banner.patch 7 files changed, 23 insertions(+), 5 deletions(-) diff --git a/kex.c b/kex.c -index 744fb27fb..e872ab02e 100644 +index 19b1fcaa8..ca6d5b53d 100644 --- a/kex.c +++ b/kex.c -@@ -1239,7 +1239,7 @@ send_error(struct ssh *ssh, char *msg) +@@ -1237,7 +1237,7 @@ send_error(struct ssh *ssh, char *msg) */ int kex_exchange_identification(struct ssh *ssh, int timeout_ms, @@ -34,7 +34,7 @@ index 744fb27fb..e872ab02e 100644 { int remote_major, remote_minor, mismatch, oerrno = 0; size_t len, n; -@@ -1257,7 +1257,8 @@ kex_exchange_identification(struct ssh *ssh, int timeout_ms, +@@ -1255,7 +1255,8 @@ kex_exchange_identification(struct ssh *ssh, int timeout_ms, if (version_addendum != NULL && *version_addendum == '\0') version_addendum = NULL; if ((r = sshbuf_putf(our_version, "SSH-%d.%d-%s%s%s\r\n", @@ -45,10 +45,10 @@ index 744fb27fb..e872ab02e 100644 version_addendum == NULL ? "" : version_addendum)) != 0) { oerrno = errno; diff --git a/kex.h b/kex.h -index d3c57a329..5ca4f9a5e 100644 +index cd6a40333..6a08023d0 100644 --- a/kex.h +++ b/kex.h -@@ -213,7 +213,7 @@ void kex_proposal_populate_entries(struct ssh *, char *prop[PROPOSAL_MAX], +@@ -215,7 +215,7 @@ void kex_proposal_populate_entries(struct ssh *, char *prop[PROPOSAL_MAX], const char *, const char *, const char *, const char *, const char *); void kex_proposal_free_entries(char *prop[PROPOSAL_MAX]); @@ -58,45 +58,45 @@ index d3c57a329..5ca4f9a5e 100644 struct kex *kex_new(void); int kex_ready(struct ssh *, char *[PROPOSAL_MAX]); diff --git a/servconf.c b/servconf.c -index 169b9ff07..81511bc86 100644 +index 1d5c143ba..49a066df8 100644 --- a/servconf.c +++ b/servconf.c -@@ -217,6 +217,7 @@ initialize_server_options(ServerOptions *options) - options->num_channel_timeouts = 0; +@@ -219,6 +219,7 @@ initialize_server_options(ServerOptions *options) options->unused_connection_timeout = -1; options->sshd_session_path = NULL; + options->refuse_connection = -1; + options->debian_banner = -1; } /* Returns 1 if a string option is unset or set to "none" or 0 otherwise. */ -@@ -501,6 +502,8 @@ fill_default_server_options(ServerOptions *options) - options->unused_connection_timeout = 0; - if (options->sshd_session_path == NULL) +@@ -507,6 +508,8 @@ fill_default_server_options(ServerOptions *options) options->sshd_session_path = xstrdup(_PATH_SSHD_SESSION); + if (options->refuse_connection == -1) + options->refuse_connection = 0; + if (options->debian_banner == -1) + options->debian_banner = 1; assemble_algorithms(options); -@@ -585,6 +588,7 @@ typedef enum { +@@ -591,6 +594,7 @@ typedef enum { sExposeAuthInfo, sRDomain, sPubkeyAuthOptions, sSecurityKeyProvider, sRequiredRSASize, sChannelTimeout, sUnusedConnectionTimeout, - sSshdSessionPath, + sSshdSessionPath, sRefuseConnection, + sDebianBanner, sDeprecated, sIgnore, sUnsupported } ServerOpCodes; -@@ -763,6 +767,7 @@ static struct { - { "channeltimeout", sChannelTimeout, SSHCFG_ALL }, +@@ -770,6 +774,7 @@ static struct { { "unusedconnectiontimeout", sUnusedConnectionTimeout, SSHCFG_ALL }, { "sshdsessionpath", sSshdSessionPath, SSHCFG_GLOBAL }, + { "refuseconnection", sRefuseConnection, SSHCFG_ALL }, + { "debianbanner", sDebianBanner, SSHCFG_GLOBAL }, { NULL, sBadOption, 0 } }; -@@ -2702,6 +2707,10 @@ process_server_config_line_depth(ServerOptions *options, char *line, - charptr = &options->sshd_session_path; - goto parse_filename; +@@ -2725,6 +2730,10 @@ process_server_config_line_depth(ServerOptions *options, char *line, + multistate_ptr = multistate_flag; + goto parse_multistate; + case sDebianBanner: + intptr = &options->debian_banner; @@ -105,22 +105,22 @@ index 169b9ff07..81511bc86 100644 case sDeprecated: case sIgnore: case sUnsupported: -@@ -3251,6 +3260,7 @@ dump_config(ServerOptions *o) - dump_cfg_fmtint(sStreamLocalBindUnlink, o->fwd_opts.streamlocal_bind_unlink); +@@ -3278,6 +3287,7 @@ dump_config(ServerOptions *o) dump_cfg_fmtint(sFingerprintHash, o->fingerprint_hash); dump_cfg_fmtint(sExposeAuthInfo, o->expose_userauth_info); + dump_cfg_fmtint(sRefuseConnection, o->refuse_connection); + dump_cfg_fmtint(sDebianBanner, o->debian_banner); /* string arguments */ dump_cfg_string(sPidFile, o->pid_file); diff --git a/servconf.h b/servconf.h -index c1e2751ee..1532e5420 100644 +index 26819aa92..00c834403 100644 --- a/servconf.h +++ b/servconf.h -@@ -251,6 +251,8 @@ typedef struct { - int unused_connection_timeout; - +@@ -254,6 +254,8 @@ typedef struct { char *sshd_session_path; + + int refuse_connection; + + int debian_banner; } ServerOptions; @@ -140,12 +140,12 @@ index cbfc20735..f9d3a1ff2 100644 /* Put the connection into non-blocking mode. */ diff --git a/sshd-session.c b/sshd-session.c -index b6e544108..2a512dd74 100644 +index 1d7cdd00a..a9e1cf4f6 100644 --- a/sshd-session.c +++ b/sshd-session.c -@@ -1303,7 +1303,7 @@ main(int ac, char **av) - if (!debug_flag) - alarm(options.login_grace_time); +@@ -1314,7 +1314,7 @@ main(int ac, char **av) + fatal("login grace time setitimer failed"); + } - if ((r = kex_exchange_identification(ssh, -1, + if ((r = kex_exchange_identification(ssh, -1, options.debian_banner, @@ -153,7 +153,7 @@ index b6e544108..2a512dd74 100644 sshpkt_fatal(ssh, r, "banner exchange"); diff --git a/sshd_config.5 b/sshd_config.5 -index 5dd656869..81671fb99 100644 +index 11a8e922f..ed2f74060 100644 --- a/sshd_config.5 +++ b/sshd_config.5 @@ -629,6 +629,11 @@ or |