1 files changed, 25 insertions, 25 deletions
diff --git a/debian/patches/debian-banner.patch b/debian/patches/debian-banner.patch
index 49219cf93..ab64cbed5 100644
--- a/debian/patches/debian-banner.patch
+++ b/debian/patches/debian-banner.patch
@@ -1,4 +1,4 @@
-From 9fcad888f4dbf0ecc0c7e87b6ef0f8d88d7ac3ec Mon Sep 17 00:00:00 2001
+From 114c8a8fb488cbe39507edb75c51198a4b9e8b24 Mon Sep 17 00:00:00 2001
 From: Kees Cook <kees@debian.org>
 Date: Sun, 9 Feb 2014 16:10:06 +0000
 Subject: Add DebianBanner server configuration option
@@ -8,7 +8,7 @@ initial protocol handshake, for those scared by package-versioning.patch.
 Bug-Debian: http://bugs.debian.org/562048
 Forwarded: not-needed
-Last-Update: 2013-09-14
+Last-Update: 2014-10-07
 Patch-Name: debian-banner.patch
 ---
@@ -19,10 +19,10 @@ Patch-Name: debian-banner.patch
 4 files changed, 18 insertions(+), 1 deletion(-)
 diff --git a/servconf.c b/servconf.c
-index 90de888..37fd2de 100644
+index a252487..6c7741a 100644
 --- a/servconf.c
 +++ b/servconf.c
-@@ -156,6 +156,7 @@ initialize_server_options(ServerOptions *options)
+@@ -160,6 +160,7 @@ initialize_server_options(ServerOptions *options)
        options->ip_qos_interactive = -1;
        options->ip_qos_bulk = -1;
        options->version_addendum = NULL;
@@ -30,34 +30,34 @@ index 90de888..37fd2de 100644
 }
 
 void
-@@ -309,6 +310,8 @@ fill_default_server_options(ServerOptions *options)
+@@ -321,6 +322,8 @@ fill_default_server_options(ServerOptions *options)
-                options->ip_qos_bulk = IPTOS_THROUGHPUT;
+                options->fwd_opts.streamlocal_bind_mask = 0177;
-        if (options->version_addendum == NULL)
+        if (options->fwd_opts.streamlocal_bind_unlink == -1)
-                options->version_addendum = xstrdup("");
+                options->fwd_opts.streamlocal_bind_unlink = 0;
 +       if (options->debian_banner == -1)
 +               options->debian_banner = 1;
        /* Turn privilege separation on by default */
        if (use_privsep == -1)
                use_privsep = PRIVSEP_NOSANDBOX;
-@@ -359,6 +362,7 @@ typedef enum {
+@@ -373,6 +376,7 @@ typedef enum {
-        sKexAlgorithms, sIPQoS, sVersionAddendum,
+        sAuthenticationMethods, sHostKeyAgent, sPermitUserRC,
-        sAuthorizedKeysCommand, sAuthorizedKeysCommandUser,
+        sStreamLocalBindMask, sStreamLocalBindUnlink,
-        sAuthenticationMethods, sHostKeyAgent,
+        sAllowStreamLocalForwarding,
 +       sDebianBanner,
        sDeprecated, sUnsupported
 } ServerOpCodes;
 
-@@ -496,6 +500,7 @@ static struct {
+@@ -514,6 +518,7 @@ static struct {
-        { "authorizedkeyscommanduser", sAuthorizedKeysCommandUser, SSHCFG_ALL },
+        { "streamlocalbindmask", sStreamLocalBindMask, SSHCFG_ALL },
-        { "versionaddendum", sVersionAddendum, SSHCFG_GLOBAL },
+        { "streamlocalbindunlink", sStreamLocalBindUnlink, SSHCFG_ALL },
-        { "authenticationmethods", sAuthenticationMethods, SSHCFG_ALL },
+        { "allowstreamlocalforwarding", sAllowStreamLocalForwarding, SSHCFG_ALL },
 +       { "debianbanner", sDebianBanner, SSHCFG_GLOBAL },
        { NULL, sBadOption, 0 }
 };
 
-@@ -1654,6 +1659,10 @@ process_server_config_line(ServerOptions *options, char *line,
+@@ -1697,6 +1702,10 @@ process_server_config_line(ServerOptions *options, char *line,
-                }
+                intptr = &options->fwd_opts.streamlocal_bind_unlink;
-                return 0;
+                goto parse_flag;
 
 +       case sDebianBanner:
 +               intptr = &options->debian_banner;
@@ -67,10 +67,10 @@ index 90de888..37fd2de 100644
                logit("%s line %d: Deprecated option %s",
                    filename, linenum, arg);
 diff --git a/servconf.h b/servconf.h
-index c922eb5..dcd1c2a 100644
+index f8265a8..fa48804 100644
 --- a/servconf.h
 +++ b/servconf.h
-@@ -186,6 +186,8 @@ typedef struct {
+@@ -188,6 +188,8 @@ typedef struct {
 
        u_int   num_auth_methods;
        char   *auth_methods[MAX_AUTH_METHODS];
@@ -80,10 +80,10 @@ index c922eb5..dcd1c2a 100644
 
 /* Information about the incoming connection as used by Match */
 diff --git a/sshd.c b/sshd.c
-index af9b8f1..665c0b9 100644
+index 1710e71..87331c1 100644
 --- a/sshd.c
 +++ b/sshd.c
-@@ -440,7 +440,8 @@ sshd_exchange_identification(int sock_in, int sock_out)
+@@ -443,7 +443,8 @@ sshd_exchange_identification(int sock_in, int sock_out)
        }
 
        xasprintf(&server_version_string, "SSH-%d.%d-%.100s%s%s%s",
@@ -94,10 +94,10 @@ index af9b8f1..665c0b9 100644
            options.version_addendum, newline);
 
 diff --git a/sshd_config.5 b/sshd_config.5
-index 2164d58..8f078f6 100644
+index 2843048..58997d3 100644
 --- a/sshd_config.5
 +++ b/sshd_config.5
-@@ -413,6 +413,11 @@ or
+@@ -447,6 +447,11 @@ or
 .Dq no .
 The default is
 .Dq delayed .

diff --git a/debian/patches/debian-banner.patch b/debian/patches/debian-banner.patch index 49219cf93..ab64cbed5 100644 --- a/debian/patches/debian-banner.patch +++ b/debian/patches/debian-banner.patch
@@ -1,4 +1,4 @@
1	From 9fcad888f4dbf0ecc0c7e87b6ef0f8d88d7ac3ec Mon Sep 17 00:00:00 2001	1	From 114c8a8fb488cbe39507edb75c51198a4b9e8b24 Mon Sep 17 00:00:00 2001
2	From: Kees Cook <kees@debian.org>	2	From: Kees Cook <kees@debian.org>
3	Date: Sun, 9 Feb 2014 16:10:06 +0000	3	Date: Sun, 9 Feb 2014 16:10:06 +0000
4	Subject: Add DebianBanner server configuration option	4	Subject: Add DebianBanner server configuration option
@@ -8,7 +8,7 @@ initial protocol handshake, for those scared by package-versioning.patch.
8		8
9	Bug-Debian: http://bugs.debian.org/562048	9	Bug-Debian: http://bugs.debian.org/562048
10	Forwarded: not-needed	10	Forwarded: not-needed
11	Last-Update: 2013-09-14	11	Last-Update: 2014-10-07
12		12
13	Patch-Name: debian-banner.patch	13	Patch-Name: debian-banner.patch
14	---	14	---
@@ -19,10 +19,10 @@ Patch-Name: debian-banner.patch
19	4 files changed, 18 insertions(+), 1 deletion(-)	19	4 files changed, 18 insertions(+), 1 deletion(-)
20		20
21	diff --git a/servconf.c b/servconf.c	21	diff --git a/servconf.c b/servconf.c
22	index 90de888..37fd2de 100644	22	index a252487..6c7741a 100644
23	--- a/servconf.c	23	--- a/servconf.c
24	+++ b/servconf.c	24	+++ b/servconf.c
25	@@ -156,6 +156,7 @@ initialize_server_options(ServerOptions *options)	25	@@ -160,6 +160,7 @@ initialize_server_options(ServerOptions *options)
26	options->ip_qos_interactive = -1;	26	options->ip_qos_interactive = -1;
27	options->ip_qos_bulk = -1;	27	options->ip_qos_bulk = -1;
28	options->version_addendum = NULL;	28	options->version_addendum = NULL;
@@ -30,34 +30,34 @@ index 90de888..37fd2de 100644
30	}	30	}
31		31
32	void	32	void
33	@@ -309,6 +310,8 @@ fill_default_server_options(ServerOptions *options)	33	@@ -321,6 +322,8 @@ fill_default_server_options(ServerOptions *options)
34	options->ip_qos_bulk = IPTOS_THROUGHPUT;	34	options->fwd_opts.streamlocal_bind_mask = 0177;
35	if (options->version_addendum == NULL)	35	if (options->fwd_opts.streamlocal_bind_unlink == -1)
36	options->version_addendum = xstrdup("");	36	options->fwd_opts.streamlocal_bind_unlink = 0;
37	+ if (options->debian_banner == -1)	37	+ if (options->debian_banner == -1)
38	+ options->debian_banner = 1;	38	+ options->debian_banner = 1;
39	/* Turn privilege separation on by default */	39	/* Turn privilege separation on by default */
40	if (use_privsep == -1)	40	if (use_privsep == -1)
41	use_privsep = PRIVSEP_NOSANDBOX;	41	use_privsep = PRIVSEP_NOSANDBOX;
42	@@ -359,6 +362,7 @@ typedef enum {	42	@@ -373,6 +376,7 @@ typedef enum {
43	sKexAlgorithms, sIPQoS, sVersionAddendum,	43	sAuthenticationMethods, sHostKeyAgent, sPermitUserRC,
44	sAuthorizedKeysCommand, sAuthorizedKeysCommandUser,	44	sStreamLocalBindMask, sStreamLocalBindUnlink,
45	sAuthenticationMethods, sHostKeyAgent,	45	sAllowStreamLocalForwarding,
46	+ sDebianBanner,	46	+ sDebianBanner,
47	sDeprecated, sUnsupported	47	sDeprecated, sUnsupported
48	} ServerOpCodes;	48	} ServerOpCodes;
49		49
50	@@ -496,6 +500,7 @@ static struct {	50	@@ -514,6 +518,7 @@ static struct {
51	{ "authorizedkeyscommanduser", sAuthorizedKeysCommandUser, SSHCFG_ALL },	51	{ "streamlocalbindmask", sStreamLocalBindMask, SSHCFG_ALL },
52	{ "versionaddendum", sVersionAddendum, SSHCFG_GLOBAL },	52	{ "streamlocalbindunlink", sStreamLocalBindUnlink, SSHCFG_ALL },
53	{ "authenticationmethods", sAuthenticationMethods, SSHCFG_ALL },	53	{ "allowstreamlocalforwarding", sAllowStreamLocalForwarding, SSHCFG_ALL },
54	+ { "debianbanner", sDebianBanner, SSHCFG_GLOBAL },	54	+ { "debianbanner", sDebianBanner, SSHCFG_GLOBAL },
55	{ NULL, sBadOption, 0 }	55	{ NULL, sBadOption, 0 }
56	};	56	};
57		57
58	@@ -1654,6 +1659,10 @@ process_server_config_line(ServerOptions options, char line,	58	@@ -1697,6 +1702,10 @@ process_server_config_line(ServerOptions options, char line,
59	}	59	intptr = &options->fwd_opts.streamlocal_bind_unlink;
60	return 0;	60	goto parse_flag;
61		61
62	+ case sDebianBanner:	62	+ case sDebianBanner:
63	+ intptr = &options->debian_banner;	63	+ intptr = &options->debian_banner;
@@ -67,10 +67,10 @@ index 90de888..37fd2de 100644
67	logit("%s line %d: Deprecated option %s",	67	logit("%s line %d: Deprecated option %s",
68	filename, linenum, arg);	68	filename, linenum, arg);
69	diff --git a/servconf.h b/servconf.h	69	diff --git a/servconf.h b/servconf.h
70	index c922eb5..dcd1c2a 100644	70	index f8265a8..fa48804 100644
71	--- a/servconf.h	71	--- a/servconf.h
72	+++ b/servconf.h	72	+++ b/servconf.h
73	@@ -186,6 +186,8 @@ typedef struct {	73	@@ -188,6 +188,8 @@ typedef struct {
74		74
75	u_int num_auth_methods;	75	u_int num_auth_methods;
76	char *auth_methods[MAX_AUTH_METHODS];	76	char *auth_methods[MAX_AUTH_METHODS];
@@ -80,10 +80,10 @@ index c922eb5..dcd1c2a 100644
80		80
81	/* Information about the incoming connection as used by Match */	81	/* Information about the incoming connection as used by Match */
82	diff --git a/sshd.c b/sshd.c	82	diff --git a/sshd.c b/sshd.c
83	index af9b8f1..665c0b9 100644	83	index 1710e71..87331c1 100644
84	--- a/sshd.c	84	--- a/sshd.c
85	+++ b/sshd.c	85	+++ b/sshd.c
86	@@ -440,7 +440,8 @@ sshd_exchange_identification(int sock_in, int sock_out)	86	@@ -443,7 +443,8 @@ sshd_exchange_identification(int sock_in, int sock_out)
87	}	87	}
88		88
89	xasprintf(&server_version_string, "SSH-%d.%d-%.100s%s%s%s",	89	xasprintf(&server_version_string, "SSH-%d.%d-%.100s%s%s%s",
@@ -94,10 +94,10 @@ index af9b8f1..665c0b9 100644
94	options.version_addendum, newline);	94	options.version_addendum, newline);
95		95
96	diff --git a/sshd_config.5 b/sshd_config.5	96	diff --git a/sshd_config.5 b/sshd_config.5
97	index 2164d58..8f078f6 100644	97	index 2843048..58997d3 100644
98	--- a/sshd_config.5	98	--- a/sshd_config.5
99	+++ b/sshd_config.5	99	+++ b/sshd_config.5
100	@@ -413,6 +413,11 @@ or	100	@@ -447,6 +447,11 @@ or
101	.Dq no .	101	.Dq no .
102	The default is	102	The default is
103	.Dq delayed .	103	.Dq delayed .