1 files changed, 50 insertions, 0 deletions
diff --git a/debian/patches/package-versioning.patch b/debian/patches/package-versioning.patch
new file mode 100644
index 000000000..ffd416d98
--- /dev/null
+++ b/debian/patches/package-versioning.patch
@@ -0,0 +1,50 @@
+Description: Include the Debian version in our identification
+ This makes it easier to audit networks for versions patched against
+ security vulnerabilities.  It has little detrimental effect, as attackers
+ will generally just try attacks rather than bothering to scan for
+ vulnerable-looking version strings.  (However, see debian-banner.patch.)
+Author: Matthew Vernon <matthew@debian.org>
+Forwarded: not-needed
+Last-Update: 2010-02-28
+Index: b/sshconnect.c
+===================================================================
+--- a/sshconnect.c
+++ b/sshconnect.c
+@@ -556,7 +556,7 @@
+        snprintf(buf, sizeof buf, "SSH-%d.%d-%.100s%s",
+            compat20 ? PROTOCOL_MAJOR_2 : PROTOCOL_MAJOR_1,
+            compat20 ? PROTOCOL_MINOR_2 : minor1,
+-           SSH_VERSION, compat20 ? "\r\n" : "\n");
+           SSH_RELEASE, compat20 ? "\r\n" : "\n");
+        if (roaming_atomicio(vwrite, connection_out, buf, strlen(buf))
+            != strlen(buf))
+                fatal("write: %.100s", strerror(errno));
+Index: b/sshd.c
+===================================================================
+--- a/sshd.c
+++ b/sshd.c
+@@ -422,7 +422,7 @@
+                minor = PROTOCOL_MINOR_1;
+        }
+        snprintf(buf, sizeof buf, "SSH-%d.%d-%.100s%s", major, minor,
+-           SSH_VERSION, newline);
+           SSH_RELEASE, newline);
+        server_version_string = xstrdup(buf);
+ 
+        /* Send our protocol version identification. */
+Index: b/version.h
+===================================================================
+--- a/version.h
+++ b/version.h
+@@ -3,4 +3,9 @@
+ #define SSH_VERSION    "OpenSSH_5.7"
+ 
+ #define SSH_PORTABLE   "p1"
+-#define SSH_RELEASE    SSH_VERSION SSH_PORTABLE
+#define SSH_RELEASE_MINIMUM    SSH_VERSION SSH_PORTABLE
+#ifdef SSH_EXTRAVERSION
+#define SSH_RELEASE    SSH_RELEASE_MINIMUM " " SSH_EXTRAVERSION
+#else
+#define SSH_RELEASE    SSH_RELEASE_MINIMUM
+#endif

diff --git a/debian/patches/package-versioning.patch b/debian/patches/package-versioning.patch new file mode 100644 index 000000000..ffd416d98 --- /dev/null +++ b/debian/patches/package-versioning.patch
@@ -0,0 +1,50 @@
	1	Description: Include the Debian version in our identification
	2	This makes it easier to audit networks for versions patched against
	3	security vulnerabilities. It has little detrimental effect, as attackers
	4	will generally just try attacks rather than bothering to scan for
	5	vulnerable-looking version strings. (However, see debian-banner.patch.)
	6	Author: Matthew Vernon <matthew@debian.org>
	7	Forwarded: not-needed
	8	Last-Update: 2010-02-28
	9
	10	Index: b/sshconnect.c
	11	===================================================================
	12	--- a/sshconnect.c
	13	+++ b/sshconnect.c
	14	@@ -556,7 +556,7 @@
	15	snprintf(buf, sizeof buf, "SSH-%d.%d-%.100s%s",
	16	compat20 ? PROTOCOL_MAJOR_2 : PROTOCOL_MAJOR_1,
	17	compat20 ? PROTOCOL_MINOR_2 : minor1,
	18	- SSH_VERSION, compat20 ? "\r\n" : "\n");
	19	+ SSH_RELEASE, compat20 ? "\r\n" : "\n");
	20	if (roaming_atomicio(vwrite, connection_out, buf, strlen(buf))
	21	!= strlen(buf))
	22	fatal("write: %.100s", strerror(errno));
	23	Index: b/sshd.c
	24	===================================================================
	25	--- a/sshd.c
	26	+++ b/sshd.c
	27	@@ -422,7 +422,7 @@
	28	minor = PROTOCOL_MINOR_1;
	29	}
	30	snprintf(buf, sizeof buf, "SSH-%d.%d-%.100s%s", major, minor,
	31	- SSH_VERSION, newline);
	32	+ SSH_RELEASE, newline);
	33	server_version_string = xstrdup(buf);
	34
	35	/* Send our protocol version identification. */
	36	Index: b/version.h
	37	===================================================================
	38	--- a/version.h
	39	+++ b/version.h
	40	@@ -3,4 +3,9 @@
	41	#define SSH_VERSION "OpenSSH_5.7"
	42
	43	#define SSH_PORTABLE "p1"
	44	-#define SSH_RELEASE SSH_VERSION SSH_PORTABLE
	45	+#define SSH_RELEASE_MINIMUM SSH_VERSION SSH_PORTABLE
	46	+#ifdef SSH_EXTRAVERSION
	47	+#define SSH_RELEASE SSH_RELEASE_MINIMUM " " SSH_EXTRAVERSION
	48	+#else
	49	+#define SSH_RELEASE SSH_RELEASE_MINIMUM
	50	+#endif