diff options
Diffstat (limited to 'debian/patches/debian-banner.patch')
-rw-r--r-- | debian/patches/debian-banner.patch | 98 |
1 files changed, 98 insertions, 0 deletions
diff --git a/debian/patches/debian-banner.patch b/debian/patches/debian-banner.patch new file mode 100644 index 000000000..22b1e4c14 --- /dev/null +++ b/debian/patches/debian-banner.patch | |||
@@ -0,0 +1,98 @@ | |||
1 | Description: Add DebianBanner server configuration option | ||
2 | Setting this to "no" causes sshd to omit the Debian revision from its | ||
3 | initial protocol handshake, for those scared by package-versioning.patch. | ||
4 | Author: Kees Cook <kees@debian.org> | ||
5 | Bug-Debian: http://bugs.debian.org/562048 | ||
6 | Forwarded: not-needed | ||
7 | Last-Update: 2012-09-07 | ||
8 | |||
9 | Index: b/servconf.c | ||
10 | =================================================================== | ||
11 | --- a/servconf.c | ||
12 | +++ b/servconf.c | ||
13 | @@ -146,6 +146,7 @@ | ||
14 | options->ip_qos_interactive = -1; | ||
15 | options->ip_qos_bulk = -1; | ||
16 | options->version_addendum = NULL; | ||
17 | + options->debian_banner = -1; | ||
18 | } | ||
19 | |||
20 | void | ||
21 | @@ -295,6 +296,8 @@ | ||
22 | options->ip_qos_bulk = IPTOS_THROUGHPUT; | ||
23 | if (options->version_addendum == NULL) | ||
24 | options->version_addendum = xstrdup(""); | ||
25 | + if (options->debian_banner == -1) | ||
26 | + options->debian_banner = 1; | ||
27 | /* Turn privilege separation on by default */ | ||
28 | if (use_privsep == -1) | ||
29 | use_privsep = PRIVSEP_NOSANDBOX; | ||
30 | @@ -343,6 +346,7 @@ | ||
31 | sZeroKnowledgePasswordAuthentication, sHostCertificate, | ||
32 | sRevokedKeys, sTrustedUserCAKeys, sAuthorizedPrincipalsFile, | ||
33 | sKexAlgorithms, sIPQoS, sVersionAddendum, | ||
34 | + sDebianBanner, | ||
35 | sDeprecated, sUnsupported | ||
36 | } ServerOpCodes; | ||
37 | |||
38 | @@ -479,6 +483,7 @@ | ||
39 | { "kexalgorithms", sKexAlgorithms, SSHCFG_GLOBAL }, | ||
40 | { "ipqos", sIPQoS, SSHCFG_ALL }, | ||
41 | { "versionaddendum", sVersionAddendum, SSHCFG_GLOBAL }, | ||
42 | + { "debianbanner", sDebianBanner, SSHCFG_GLOBAL }, | ||
43 | { NULL, sBadOption, 0 } | ||
44 | }; | ||
45 | |||
46 | @@ -1538,6 +1543,10 @@ | ||
47 | } | ||
48 | return 0; | ||
49 | |||
50 | + case sDebianBanner: | ||
51 | + intptr = &options->debian_banner; | ||
52 | + goto parse_int; | ||
53 | + | ||
54 | case sDeprecated: | ||
55 | logit("%s line %d: Deprecated option %s", | ||
56 | filename, linenum, arg); | ||
57 | Index: b/servconf.h | ||
58 | =================================================================== | ||
59 | --- a/servconf.h | ||
60 | +++ b/servconf.h | ||
61 | @@ -172,6 +172,7 @@ | ||
62 | char *authorized_principals_file; | ||
63 | |||
64 | char *version_addendum; /* Appended to SSH banner */ | ||
65 | + int debian_banner; | ||
66 | } ServerOptions; | ||
67 | |||
68 | /* Information about the incoming connection as used by Match */ | ||
69 | Index: b/sshd.c | ||
70 | =================================================================== | ||
71 | --- a/sshd.c | ||
72 | +++ b/sshd.c | ||
73 | @@ -425,7 +425,8 @@ | ||
74 | } | ||
75 | |||
76 | xasprintf(&server_version_string, "SSH-%d.%d-%.100s%s%s%s", | ||
77 | - major, minor, SSH_RELEASE, | ||
78 | + major, minor, | ||
79 | + options.debian_banner ? SSH_RELEASE : SSH_RELEASE_MINIMUM, | ||
80 | *options.version_addendum == '\0' ? "" : " ", | ||
81 | options.version_addendum, newline); | ||
82 | |||
83 | Index: b/sshd_config.5 | ||
84 | =================================================================== | ||
85 | --- a/sshd_config.5 | ||
86 | +++ b/sshd_config.5 | ||
87 | @@ -342,6 +342,11 @@ | ||
88 | .Dq no . | ||
89 | The default is | ||
90 | .Dq delayed . | ||
91 | +.It Cm DebianBanner | ||
92 | +Specifies whether the distribution-specified extra version suffix is | ||
93 | +included during initial protocol handshake. | ||
94 | +The default is | ||
95 | +.Dq yes . | ||
96 | .It Cm DenyGroups | ||
97 | This keyword can be followed by a list of group name patterns, separated | ||
98 | by spaces. | ||