1 files changed, 54 insertions, 0 deletions
diff --git a/debian/patches/package-versioning.patch b/debian/patches/package-versioning.patch
new file mode 100644
index 000000000..2be45ebf8
--- /dev/null
+++ b/debian/patches/package-versioning.patch
@@ -0,0 +1,54 @@
+Description: Include the Debian version in our identification
+ This makes it easier to audit networks for versions patched against
+ security vulnerabilities.  It has little detrimental effect, as attackers
+ will generally just try attacks rather than bothering to scan for
+ vulnerable-looking version strings.  (However, see debian-banner.patch.)
+Author: Matthew Vernon <matthew@debian.org>
+Forwarded: not-needed
+Last-Update: 2013-09-14
+Index: b/sshconnect.c
+===================================================================
+--- a/sshconnect.c
+++ b/sshconnect.c
+@@ -442,10 +442,10 @@
+        /* Send our own protocol version identification. */
+        if (compat20) {
+                xasprintf(&client_version_string, "SSH-%d.%d-%.100s\r\n",
+-                   PROTOCOL_MAJOR_2, PROTOCOL_MINOR_2, SSH_VERSION);
+                   PROTOCOL_MAJOR_2, PROTOCOL_MINOR_2, SSH_RELEASE);
+        } else {
+                xasprintf(&client_version_string, "SSH-%d.%d-%.100s\n",
+-                   PROTOCOL_MAJOR_1, minor1, SSH_VERSION);
+                   PROTOCOL_MAJOR_1, minor1, SSH_RELEASE);
+        }
+        if (roaming_atomicio(vwrite, connection_out, client_version_string,
+            strlen(client_version_string)) != strlen(client_version_string))
+Index: b/sshd.c
+===================================================================
+--- a/sshd.c
+++ b/sshd.c
+@@ -440,7 +440,7 @@
+        }
+ 
+        xasprintf(&server_version_string, "SSH-%d.%d-%.100s%s%s%s",
+-           major, minor, SSH_VERSION,
+           major, minor, SSH_RELEASE,
+            *options.version_addendum == '\0' ? "" : " ",
+            options.version_addendum, newline);
+ 
+Index: b/version.h
+===================================================================
+--- a/version.h
+++ b/version.h
+@@ -3,4 +3,9 @@
+ #define SSH_VERSION    "OpenSSH_6.3"
+ 
+ #define SSH_PORTABLE   "p1"
+-#define SSH_RELEASE    SSH_VERSION SSH_PORTABLE
+#define SSH_RELEASE_MINIMUM    SSH_VERSION SSH_PORTABLE
+#ifdef SSH_EXTRAVERSION
+#define SSH_RELEASE    SSH_RELEASE_MINIMUM " " SSH_EXTRAVERSION
+#else
+#define SSH_RELEASE    SSH_RELEASE_MINIMUM
+#endif

diff --git a/debian/patches/package-versioning.patch b/debian/patches/package-versioning.patch new file mode 100644 index 000000000..2be45ebf8 --- /dev/null +++ b/debian/patches/package-versioning.patch
@@ -0,0 +1,54 @@
	1	Description: Include the Debian version in our identification
	2	This makes it easier to audit networks for versions patched against
	3	security vulnerabilities. It has little detrimental effect, as attackers
	4	will generally just try attacks rather than bothering to scan for
	5	vulnerable-looking version strings. (However, see debian-banner.patch.)
	6	Author: Matthew Vernon <matthew@debian.org>
	7	Forwarded: not-needed
	8	Last-Update: 2013-09-14
	9
	10	Index: b/sshconnect.c
	11	===================================================================
	12	--- a/sshconnect.c
	13	+++ b/sshconnect.c
	14	@@ -442,10 +442,10 @@
	15	/* Send our own protocol version identification. */
	16	if (compat20) {
	17	xasprintf(&client_version_string, "SSH-%d.%d-%.100s\r\n",
	18	- PROTOCOL_MAJOR_2, PROTOCOL_MINOR_2, SSH_VERSION);
	19	+ PROTOCOL_MAJOR_2, PROTOCOL_MINOR_2, SSH_RELEASE);
	20	} else {
	21	xasprintf(&client_version_string, "SSH-%d.%d-%.100s\n",
	22	- PROTOCOL_MAJOR_1, minor1, SSH_VERSION);
	23	+ PROTOCOL_MAJOR_1, minor1, SSH_RELEASE);
	24	}
	25	if (roaming_atomicio(vwrite, connection_out, client_version_string,
	26	strlen(client_version_string)) != strlen(client_version_string))
	27	Index: b/sshd.c
	28	===================================================================
	29	--- a/sshd.c
	30	+++ b/sshd.c
	31	@@ -440,7 +440,7 @@
	32	}
	33
	34	xasprintf(&server_version_string, "SSH-%d.%d-%.100s%s%s%s",
	35	- major, minor, SSH_VERSION,
	36	+ major, minor, SSH_RELEASE,
	37	*options.version_addendum == '\0' ? "" : " ",
	38	options.version_addendum, newline);
	39
	40	Index: b/version.h
	41	===================================================================
	42	--- a/version.h
	43	+++ b/version.h
	44	@@ -3,4 +3,9 @@
	45	#define SSH_VERSION "OpenSSH_6.3"
	46
	47	#define SSH_PORTABLE "p1"
	48	-#define SSH_RELEASE SSH_VERSION SSH_PORTABLE
	49	+#define SSH_RELEASE_MINIMUM SSH_VERSION SSH_PORTABLE
	50	+#ifdef SSH_EXTRAVERSION
	51	+#define SSH_RELEASE SSH_RELEASE_MINIMUM " " SSH_EXTRAVERSION
	52	+#else
	53	+#define SSH_RELEASE SSH_RELEASE_MINIMUM
	54	+#endif