diff options
Diffstat (limited to '')
-rw-r--r-- | debian/patches/package-versioning.patch | 47 |
1 files changed, 47 insertions, 0 deletions
diff --git a/debian/patches/package-versioning.patch b/debian/patches/package-versioning.patch new file mode 100644 index 0000000..8529c23 --- /dev/null +++ b/debian/patches/package-versioning.patch @@ -0,0 +1,47 @@ +From 720ad1a8e62ff52438766b49f8413ac55b17f570 Mon Sep 17 00:00:00 2001 +From: Matthew Vernon <matthew@debian.org> +Date: Sun, 9 Feb 2014 16:10:05 +0000 +Subject: Include the Debian version in our identification + +This makes it easier to audit networks for versions patched against security +vulnerabilities. It has little detrimental effect, as attackers will +generally just try attacks rather than bothering to scan for +vulnerable-looking version strings. (However, see debian-banner.patch.) + +Forwarded: not-needed +Last-Update: 2021-11-05 + +Patch-Name: package-versioning.patch +--- + kex.c | 2 +- + version.h | 7 ++++++- + 2 files changed, 7 insertions(+), 2 deletions(-) + +diff --git a/kex.c b/kex.c +index c259e00fc..32858e65c 100644 +--- a/kex.c ++++ b/kex.c +@@ -1290,7 +1290,7 @@ kex_exchange_identification(struct ssh *ssh, int timeout_ms, + if (version_addendum != NULL && *version_addendum == '\0') + version_addendum = NULL; + if ((r = sshbuf_putf(our_version, "SSH-%d.%d-%.100s%s%s\r\n", +- PROTOCOL_MAJOR_2, PROTOCOL_MINOR_2, SSH_VERSION, ++ PROTOCOL_MAJOR_2, PROTOCOL_MINOR_2, SSH_RELEASE, + version_addendum == NULL ? "" : " ", + version_addendum == NULL ? "" : version_addendum)) != 0) { + oerrno = errno; +diff --git a/version.h b/version.h +index d83ae5b94..a7d5ecef6 100644 +--- a/version.h ++++ b/version.h +@@ -3,4 +3,9 @@ + #define SSH_VERSION "OpenSSH_9.2" + + #define SSH_PORTABLE "p1" +-#define SSH_RELEASE SSH_VERSION SSH_PORTABLE ++#define SSH_RELEASE_MINIMUM SSH_VERSION SSH_PORTABLE ++#ifdef SSH_EXTRAVERSION ++#define SSH_RELEASE SSH_RELEASE_MINIMUM " " SSH_EXTRAVERSION ++#else ++#define SSH_RELEASE SSH_RELEASE_MINIMUM ++#endif |