summaryrefslogtreecommitdiff
path: root/debian/patches/debian-banner.patch
diff options
context:
space:
mode:
Diffstat (limited to 'debian/patches/debian-banner.patch')
-rw-r--r--debian/patches/debian-banner.patch53
1 files changed, 26 insertions, 27 deletions
diff --git a/debian/patches/debian-banner.patch b/debian/patches/debian-banner.patch
index 0d998fdd4..47a2fe372 100644
--- a/debian/patches/debian-banner.patch
+++ b/debian/patches/debian-banner.patch
@@ -1,4 +1,4 @@
1From 7d20d00ea24ec0c3fffacc80ab271d0699d198c6 Mon Sep 17 00:00:00 2001 1From 90c1c8771b61dd3ee0eacb4e1cfac404dc42f4b0 Mon Sep 17 00:00:00 2001
2From: Kees Cook <kees@debian.org> 2From: Kees Cook <kees@debian.org>
3Date: Sun, 9 Feb 2014 16:10:06 +0000 3Date: Sun, 9 Feb 2014 16:10:06 +0000
4Subject: Add DebianBanner server configuration option 4Subject: Add DebianBanner server configuration option
@@ -8,7 +8,7 @@ initial protocol handshake, for those scared by package-versioning.patch.
8 8
9Bug-Debian: http://bugs.debian.org/562048 9Bug-Debian: http://bugs.debian.org/562048
10Forwarded: not-needed 10Forwarded: not-needed
11Last-Update: 2020-02-21 11Last-Update: 2020-06-07
12 12
13Patch-Name: debian-banner.patch 13Patch-Name: debian-banner.patch
14--- 14---
@@ -17,24 +17,24 @@ Patch-Name: debian-banner.patch
17 servconf.c | 9 +++++++++ 17 servconf.c | 9 +++++++++
18 servconf.h | 2 ++ 18 servconf.h | 2 ++
19 sshconnect.c | 2 +- 19 sshconnect.c | 2 +-
20 sshd.c | 3 ++- 20 sshd.c | 2 +-
21 sshd_config.5 | 5 +++++ 21 sshd_config.5 | 5 +++++
22 7 files changed, 23 insertions(+), 5 deletions(-) 22 7 files changed, 22 insertions(+), 5 deletions(-)
23 23
24diff --git a/kex.c b/kex.c 24diff --git a/kex.c b/kex.c
25index f638942d3..2abfbb95a 100644 25index 0e64bf760..aa5acaac3 100644
26--- a/kex.c 26--- a/kex.c
27+++ b/kex.c 27+++ b/kex.c
28@@ -1226,7 +1226,7 @@ send_error(struct ssh *ssh, char *msg) 28@@ -1225,7 +1225,7 @@ send_error(struct ssh *ssh, char *msg)
29 */ 29 */
30 int 30 int
31 kex_exchange_identification(struct ssh *ssh, int timeout_ms, 31 kex_exchange_identification(struct ssh *ssh, int timeout_ms,
32- const char *version_addendum) 32- const char *version_addendum)
33+ int debian_banner, const char *version_addendum) 33+ int debian_banner, const char *version_addendum)
34 { 34 {
35 int remote_major, remote_minor, mismatch; 35 int remote_major, remote_minor, mismatch, oerrno = 0;
36 size_t len, i, n; 36 size_t len, i, n;
37@@ -1244,7 +1244,8 @@ kex_exchange_identification(struct ssh *ssh, int timeout_ms, 37@@ -1243,7 +1243,8 @@ kex_exchange_identification(struct ssh *ssh, int timeout_ms,
38 if (version_addendum != NULL && *version_addendum == '\0') 38 if (version_addendum != NULL && *version_addendum == '\0')
39 version_addendum = NULL; 39 version_addendum = NULL;
40 if ((r = sshbuf_putf(our_version, "SSH-%d.%d-%.100s%s%s\r\n", 40 if ((r = sshbuf_putf(our_version, "SSH-%d.%d-%.100s%s%s\r\n",
@@ -43,7 +43,7 @@ index f638942d3..2abfbb95a 100644
43+ debian_banner ? SSH_RELEASE : SSH_RELEASE_MINIMUM, 43+ debian_banner ? SSH_RELEASE : SSH_RELEASE_MINIMUM,
44 version_addendum == NULL ? "" : " ", 44 version_addendum == NULL ? "" : " ",
45 version_addendum == NULL ? "" : version_addendum)) != 0) { 45 version_addendum == NULL ? "" : version_addendum)) != 0) {
46 error("%s: sshbuf_putf: %s", __func__, ssh_err(r)); 46 oerrno = errno;
47diff --git a/kex.h b/kex.h 47diff --git a/kex.h b/kex.h
48index fe7141414..938dca03b 100644 48index fe7141414..938dca03b 100644
49--- a/kex.h 49--- a/kex.h
@@ -58,7 +58,7 @@ index fe7141414..938dca03b 100644
58 struct kex *kex_new(void); 58 struct kex *kex_new(void);
59 int kex_ready(struct ssh *, char *[PROPOSAL_MAX]); 59 int kex_ready(struct ssh *, char *[PROPOSAL_MAX]);
60diff --git a/servconf.c b/servconf.c 60diff --git a/servconf.c b/servconf.c
61index bf3cd84a4..7bbc25c2e 100644 61index ff5b9436c..cf4e52f3b 100644
62--- a/servconf.c 62--- a/servconf.c
63+++ b/servconf.c 63+++ b/servconf.c
64@@ -194,6 +194,7 @@ initialize_server_options(ServerOptions *options) 64@@ -194,6 +194,7 @@ initialize_server_options(ServerOptions *options)
@@ -94,7 +94,7 @@ index bf3cd84a4..7bbc25c2e 100644
94 { NULL, sBadOption, 0 } 94 { NULL, sBadOption, 0 }
95 }; 95 };
96 96
97@@ -2382,6 +2387,10 @@ process_server_config_line_depth(ServerOptions *options, char *line, 97@@ -2393,6 +2398,10 @@ process_server_config_line_depth(ServerOptions *options, char *line,
98 *charptr = xstrdup(arg); 98 *charptr = xstrdup(arg);
99 break; 99 break;
100 100
@@ -106,10 +106,10 @@ index bf3cd84a4..7bbc25c2e 100644
106 case sIgnore: 106 case sIgnore:
107 case sUnsupported: 107 case sUnsupported:
108diff --git a/servconf.h b/servconf.h 108diff --git a/servconf.h b/servconf.h
109index 3f47ea25e..3fa05fcac 100644 109index 253cad97e..5a2b60512 100644
110--- a/servconf.h 110--- a/servconf.h
111+++ b/servconf.h 111+++ b/servconf.h
112@@ -221,6 +221,8 @@ typedef struct { 112@@ -226,6 +226,8 @@ typedef struct {
113 int expose_userauth_info; 113 int expose_userauth_info;
114 u_int64_t timing_secret; 114 u_int64_t timing_secret;
115 char *sk_provider; 115 char *sk_provider;
@@ -119,37 +119,36 @@ index 3f47ea25e..3fa05fcac 100644
119 119
120 /* Information about the incoming connection as used by Match */ 120 /* Information about the incoming connection as used by Match */
121diff --git a/sshconnect.c b/sshconnect.c 121diff --git a/sshconnect.c b/sshconnect.c
122index b796d3c8a..9f2412e0d 100644 122index f20d3e792..1e5b8ea5a 100644
123--- a/sshconnect.c 123--- a/sshconnect.c
124+++ b/sshconnect.c 124+++ b/sshconnect.c
125@@ -1292,7 +1292,7 @@ ssh_login(struct ssh *ssh, Sensitive *sensitive, const char *orighost, 125@@ -1293,7 +1293,7 @@ ssh_login(struct ssh *ssh, Sensitive *sensitive, const char *orighost,
126 lowercase(host); 126 lowercase(host);
127 127
128 /* Exchange protocol version identification strings with the server. */ 128 /* Exchange protocol version identification strings with the server. */
129- if (kex_exchange_identification(ssh, timeout_ms, NULL) != 0) 129- if ((r = kex_exchange_identification(ssh, timeout_ms, NULL)) != 0)
130+ if (kex_exchange_identification(ssh, timeout_ms, 1, NULL) != 0) 130+ if ((r = kex_exchange_identification(ssh, timeout_ms, 1, NULL)) != 0)
131 cleanup_exit(255); /* error already logged */ 131 sshpkt_fatal(ssh, r, "banner exchange");
132 132
133 /* Put the connection into non-blocking mode. */ 133 /* Put the connection into non-blocking mode. */
134diff --git a/sshd.c b/sshd.c 134diff --git a/sshd.c b/sshd.c
135index 65916fc6d..da876a900 100644 135index e8b332ca4..baee13506 100644
136--- a/sshd.c 136--- a/sshd.c
137+++ b/sshd.c 137+++ b/sshd.c
138@@ -2187,7 +2187,8 @@ main(int ac, char **av) 138@@ -2181,7 +2181,7 @@ main(int ac, char **av)
139 if (!debug_flag) 139 if (!debug_flag)
140 alarm(options.login_grace_time); 140 alarm(options.login_grace_time);
141 141
142- if (kex_exchange_identification(ssh, -1, options.version_addendum) != 0) 142- if ((r = kex_exchange_identification(ssh, -1,
143+ if (kex_exchange_identification(ssh, -1, options.debian_banner, 143+ if ((r = kex_exchange_identification(ssh, -1, options.debian_banner,
144+ options.version_addendum) != 0) 144 options.version_addendum)) != 0)
145 cleanup_exit(255); /* error already logged */ 145 sshpkt_fatal(ssh, r, "banner exchange");
146 146
147 ssh_packet_set_nonblocking(ssh);
148diff --git a/sshd_config.5 b/sshd_config.5 147diff --git a/sshd_config.5 b/sshd_config.5
149index ebd09f891..c926f584c 100644 148index 9f093be1f..753ceda10 100644
150--- a/sshd_config.5 149--- a/sshd_config.5
151+++ b/sshd_config.5 150+++ b/sshd_config.5
152@@ -542,6 +542,11 @@ or 151@@ -540,6 +540,11 @@ or
153 .Cm no . 152 .Cm no .
154 The default is 153 The default is
155 .Cm yes . 154 .Cm yes .
generated by cgit v1.2.3 (git 2.39.1) at 2024-05-19 05:15:57 +0000