1 files changed, 47 insertions, 0 deletions
diff --git a/debian/patches/package-versioning.patch b/debian/patches/package-versioning.patch
new file mode 100644
index 000000000..0d2be82dc
--- /dev/null
+++ b/debian/patches/package-versioning.patch
@@ -0,0 +1,47 @@
+From 85e700a732e9a308eeee67f5a284e19fd6befbb8 Mon Sep 17 00:00:00 2001
+From: Matthew Vernon <matthew@debian.org>
+Date: Sun, 9 Feb 2014 16:10:05 +0000
+Subject: Include the Debian version in our identification
+This makes it easier to audit networks for versions patched against security
+vulnerabilities.  It has little detrimental effect, as attackers will
+generally just try attacks rather than bothering to scan for
+vulnerable-looking version strings.  (However, see debian-banner.patch.)
+Forwarded: not-needed
+Last-Update: 2019-06-05
+Patch-Name: package-versioning.patch
+---
+ kex.c     | 2 +-
+ version.h | 7 ++++++-
+ 2 files changed, 7 insertions(+), 2 deletions(-)
+diff --git a/kex.c b/kex.c
+index a2a4794e8..be354206d 100644
+--- a/kex.c
+++ b/kex.c
+@@ -1186,7 +1186,7 @@ kex_exchange_identification(struct ssh *ssh, int timeout_ms,
+        if (version_addendum != NULL && *version_addendum == '\0')
+                version_addendum = NULL;
+        if ((r = sshbuf_putf(our_version, "SSH-%d.%d-%.100s%s%s\r\n",
+-          PROTOCOL_MAJOR_2, PROTOCOL_MINOR_2, SSH_VERSION,
+          PROTOCOL_MAJOR_2, PROTOCOL_MINOR_2, SSH_RELEASE,
+            version_addendum == NULL ? "" : " ",
+            version_addendum == NULL ? "" : version_addendum)) != 0) {
+                error("%s: sshbuf_putf: %s", __func__, ssh_err(r));
+diff --git a/version.h b/version.h
+index 806ead9a6..599c859e6 100644
+--- a/version.h
+++ b/version.h
+@@ -3,4 +3,9 @@
+ #define SSH_VERSION    "OpenSSH_8.0"
+ 
+ #define SSH_PORTABLE   "p1"
+-#define SSH_RELEASE    SSH_VERSION SSH_PORTABLE
+#define SSH_RELEASE_MINIMUM    SSH_VERSION SSH_PORTABLE
+#ifdef SSH_EXTRAVERSION
+#define SSH_RELEASE    SSH_RELEASE_MINIMUM " " SSH_EXTRAVERSION
+#else
+#define SSH_RELEASE    SSH_RELEASE_MINIMUM
+#endif

diff --git a/debian/patches/package-versioning.patch b/debian/patches/package-versioning.patch new file mode 100644 index 000000000..0d2be82dc --- /dev/null +++ b/debian/patches/package-versioning.patch
@@ -0,0 +1,47 @@
	1	From 85e700a732e9a308eeee67f5a284e19fd6befbb8 Mon Sep 17 00:00:00 2001
	2	From: Matthew Vernon <matthew@debian.org>
	3	Date: Sun, 9 Feb 2014 16:10:05 +0000
	4	Subject: Include the Debian version in our identification
	5
	6	This makes it easier to audit networks for versions patched against security
	7	vulnerabilities. It has little detrimental effect, as attackers will
	8	generally just try attacks rather than bothering to scan for
	9	vulnerable-looking version strings. (However, see debian-banner.patch.)
	10
	11	Forwarded: not-needed
	12	Last-Update: 2019-06-05
	13
	14	Patch-Name: package-versioning.patch
	15	---
	16	kex.c \| 2 +-
	17	version.h \| 7 ++++++-
	18	2 files changed, 7 insertions(+), 2 deletions(-)
	19
	20	diff --git a/kex.c b/kex.c
	21	index a2a4794e8..be354206d 100644
	22	--- a/kex.c
	23	+++ b/kex.c
	24	@@ -1186,7 +1186,7 @@ kex_exchange_identification(struct ssh *ssh, int timeout_ms,
	25	if (version_addendum != NULL && *version_addendum == '\0')
	26	version_addendum = NULL;
	27	if ((r = sshbuf_putf(our_version, "SSH-%d.%d-%.100s%s%s\r\n",
	28	- PROTOCOL_MAJOR_2, PROTOCOL_MINOR_2, SSH_VERSION,
	29	+ PROTOCOL_MAJOR_2, PROTOCOL_MINOR_2, SSH_RELEASE,
	30	version_addendum == NULL ? "" : " ",
	31	version_addendum == NULL ? "" : version_addendum)) != 0) {
	32	error("%s: sshbuf_putf: %s", __func__, ssh_err(r));
	33	diff --git a/version.h b/version.h
	34	index 806ead9a6..599c859e6 100644
	35	--- a/version.h
	36	+++ b/version.h
	37	@@ -3,4 +3,9 @@
	38	#define SSH_VERSION "OpenSSH_8.0"
	39
	40	#define SSH_PORTABLE "p1"
	41	-#define SSH_RELEASE SSH_VERSION SSH_PORTABLE
	42	+#define SSH_RELEASE_MINIMUM SSH_VERSION SSH_PORTABLE
	43	+#ifdef SSH_EXTRAVERSION
	44	+#define SSH_RELEASE SSH_RELEASE_MINIMUM " " SSH_EXTRAVERSION
	45	+#else
	46	+#define SSH_RELEASE SSH_RELEASE_MINIMUM
	47	+#endif