summaryrefslogtreecommitdiff
path: root/debian/patches/package-versioning.patch
diff options
context:
space:
mode:
Diffstat (limited to 'debian/patches/package-versioning.patch')
-rw-r--r--debian/patches/package-versioning.patch54
1 files changed, 54 insertions, 0 deletions
diff --git a/debian/patches/package-versioning.patch b/debian/patches/package-versioning.patch
new file mode 100644
index 000000000..392afc073
--- /dev/null
+++ b/debian/patches/package-versioning.patch
@@ -0,0 +1,54 @@
1Description: Include the Debian version in our identification
2 This makes it easier to audit networks for versions patched against
3 security vulnerabilities. It has little detrimental effect, as attackers
4 will generally just try attacks rather than bothering to scan for
5 vulnerable-looking version strings. (However, see debian-banner.patch.)
6Author: Matthew Vernon <matthew@debian.org>
7Forwarded: not-needed
8Last-Update: 2013-09-14
9
10Index: b/sshconnect.c
11===================================================================
12--- a/sshconnect.c
13+++ b/sshconnect.c
14@@ -442,10 +442,10 @@
15 /* Send our own protocol version identification. */
16 if (compat20) {
17 xasprintf(&client_version_string, "SSH-%d.%d-%.100s\r\n",
18- PROTOCOL_MAJOR_2, PROTOCOL_MINOR_2, SSH_VERSION);
19+ PROTOCOL_MAJOR_2, PROTOCOL_MINOR_2, SSH_RELEASE);
20 } else {
21 xasprintf(&client_version_string, "SSH-%d.%d-%.100s\n",
22- PROTOCOL_MAJOR_1, minor1, SSH_VERSION);
23+ PROTOCOL_MAJOR_1, minor1, SSH_RELEASE);
24 }
25 if (roaming_atomicio(vwrite, connection_out, client_version_string,
26 strlen(client_version_string)) != strlen(client_version_string))
27Index: b/sshd.c
28===================================================================
29--- a/sshd.c
30+++ b/sshd.c
31@@ -440,7 +440,7 @@
32 }
33
34 xasprintf(&server_version_string, "SSH-%d.%d-%.100s%s%s%s",
35- major, minor, SSH_VERSION,
36+ major, minor, SSH_RELEASE,
37 *options.version_addendum == '\0' ? "" : " ",
38 options.version_addendum, newline);
39
40Index: b/version.h
41===================================================================
42--- a/version.h
43+++ b/version.h
44@@ -3,4 +3,9 @@
45 #define SSH_VERSION "OpenSSH_6.4"
46
47 #define SSH_PORTABLE "p1"
48-#define SSH_RELEASE SSH_VERSION SSH_PORTABLE
49+#define SSH_RELEASE_MINIMUM SSH_VERSION SSH_PORTABLE
50+#ifdef SSH_EXTRAVERSION
51+#define SSH_RELEASE SSH_RELEASE_MINIMUM " " SSH_EXTRAVERSION
52+#else
53+#define SSH_RELEASE SSH_RELEASE_MINIMUM
54+#endif