1 files changed, 65 insertions, 0 deletions
diff --git a/debian/patches/package-versioning.patch b/debian/patches/package-versioning.patch
new file mode 100644
index 000000000..99a2167b3
--- /dev/null
+++ b/debian/patches/package-versioning.patch
@@ -0,0 +1,65 @@
+From 03b1ae877da1db4c517747bee89f1a494cce8566 Mon Sep 17 00:00:00 2001
+From: Matthew Vernon <matthew@debian.org>
+Date: Sun, 9 Feb 2014 16:10:05 +0000
+Subject: Include the Debian version in our identification
+This makes it easier to audit networks for versions patched against security
+vulnerabilities.  It has little detrimental effect, as attackers will
+generally just try attacks rather than bothering to scan for
+vulnerable-looking version strings.  (However, see debian-banner.patch.)
+Forwarded: not-needed
+Last-Update: 2013-09-14
+Patch-Name: package-versioning.patch
+---
+ sshconnect.c | 4 ++--
+ sshd.c       | 2 +-
+ version.h    | 7 ++++++-
+ 3 files changed, 9 insertions(+), 4 deletions(-)
+diff --git a/sshconnect.c b/sshconnect.c
+index 4ff5c73..a2fbf9e 100644
+--- a/sshconnect.c
+++ b/sshconnect.c
+@@ -517,10 +517,10 @@ send_client_banner(int connection_out, int minor1)
+        /* Send our own protocol version identification. */
+        if (compat20) {
+                xasprintf(&client_version_string, "SSH-%d.%d-%.100s\r\n",
+-                   PROTOCOL_MAJOR_2, PROTOCOL_MINOR_2, SSH_VERSION);
+                   PROTOCOL_MAJOR_2, PROTOCOL_MINOR_2, SSH_RELEASE);
+        } else {
+                xasprintf(&client_version_string, "SSH-%d.%d-%.100s\n",
+-                   PROTOCOL_MAJOR_1, minor1, SSH_VERSION);
+                   PROTOCOL_MAJOR_1, minor1, SSH_RELEASE);
+        }
+        if (roaming_atomicio(vwrite, connection_out, client_version_string,
+            strlen(client_version_string)) != strlen(client_version_string))
+diff --git a/sshd.c b/sshd.c
+index 0a30101..82168a1 100644
+--- a/sshd.c
+++ b/sshd.c
+@@ -440,7 +440,7 @@ sshd_exchange_identification(int sock_in, int sock_out)
+        }
+ 
+        xasprintf(&server_version_string, "SSH-%d.%d-%.100s%s%s%s",
+-           major, minor, SSH_VERSION,
+           major, minor, SSH_RELEASE,
+            *options.version_addendum == '\0' ? "" : " ",
+            options.version_addendum, newline);
+ 
+diff --git a/version.h b/version.h
+index 83d70c6..0c6ea0f 100644
+--- a/version.h
+++ b/version.h
+@@ -3,4 +3,9 @@
+ #define SSH_VERSION    "OpenSSH_6.5"
+ 
+ #define SSH_PORTABLE   "p1"
+-#define SSH_RELEASE    SSH_VERSION SSH_PORTABLE
+#define SSH_RELEASE_MINIMUM    SSH_VERSION SSH_PORTABLE
+#ifdef SSH_EXTRAVERSION
+#define SSH_RELEASE    SSH_RELEASE_MINIMUM " " SSH_EXTRAVERSION
+#else
+#define SSH_RELEASE    SSH_RELEASE_MINIMUM
+#endif

diff --git a/debian/patches/package-versioning.patch b/debian/patches/package-versioning.patch new file mode 100644 index 000000000..99a2167b3 --- /dev/null +++ b/debian/patches/package-versioning.patch
@@ -0,0 +1,65 @@
	1	From 03b1ae877da1db4c517747bee89f1a494cce8566 Mon Sep 17 00:00:00 2001
	2	From: Matthew Vernon <matthew@debian.org>
	3	Date: Sun, 9 Feb 2014 16:10:05 +0000
	4	Subject: Include the Debian version in our identification
	5
	6	This makes it easier to audit networks for versions patched against security
	7	vulnerabilities. It has little detrimental effect, as attackers will
	8	generally just try attacks rather than bothering to scan for
	9	vulnerable-looking version strings. (However, see debian-banner.patch.)
	10
	11	Forwarded: not-needed
	12	Last-Update: 2013-09-14
	13
	14	Patch-Name: package-versioning.patch
	15	---
	16	sshconnect.c \| 4 ++--
	17	sshd.c \| 2 +-
	18	version.h \| 7 ++++++-
	19	3 files changed, 9 insertions(+), 4 deletions(-)
	20
	21	diff --git a/sshconnect.c b/sshconnect.c
	22	index 4ff5c73..a2fbf9e 100644
	23	--- a/sshconnect.c
	24	+++ b/sshconnect.c
	25	@@ -517,10 +517,10 @@ send_client_banner(int connection_out, int minor1)
	26	/* Send our own protocol version identification. */
	27	if (compat20) {
	28	xasprintf(&client_version_string, "SSH-%d.%d-%.100s\r\n",
	29	- PROTOCOL_MAJOR_2, PROTOCOL_MINOR_2, SSH_VERSION);
	30	+ PROTOCOL_MAJOR_2, PROTOCOL_MINOR_2, SSH_RELEASE);
	31	} else {
	32	xasprintf(&client_version_string, "SSH-%d.%d-%.100s\n",
	33	- PROTOCOL_MAJOR_1, minor1, SSH_VERSION);
	34	+ PROTOCOL_MAJOR_1, minor1, SSH_RELEASE);
	35	}
	36	if (roaming_atomicio(vwrite, connection_out, client_version_string,
	37	strlen(client_version_string)) != strlen(client_version_string))
	38	diff --git a/sshd.c b/sshd.c
	39	index 0a30101..82168a1 100644
	40	--- a/sshd.c
	41	+++ b/sshd.c
	42	@@ -440,7 +440,7 @@ sshd_exchange_identification(int sock_in, int sock_out)
	43	}
	44
	45	xasprintf(&server_version_string, "SSH-%d.%d-%.100s%s%s%s",
	46	- major, minor, SSH_VERSION,
	47	+ major, minor, SSH_RELEASE,
	48	*options.version_addendum == '\0' ? "" : " ",
	49	options.version_addendum, newline);
	50
	51	diff --git a/version.h b/version.h
	52	index 83d70c6..0c6ea0f 100644
	53	--- a/version.h
	54	+++ b/version.h
	55	@@ -3,4 +3,9 @@
	56	#define SSH_VERSION "OpenSSH_6.5"
	57
	58	#define SSH_PORTABLE "p1"
	59	-#define SSH_RELEASE SSH_VERSION SSH_PORTABLE
	60	+#define SSH_RELEASE_MINIMUM SSH_VERSION SSH_PORTABLE
	61	+#ifdef SSH_EXTRAVERSION
	62	+#define SSH_RELEASE SSH_RELEASE_MINIMUM " " SSH_EXTRAVERSION
	63	+#else
	64	+#define SSH_RELEASE SSH_RELEASE_MINIMUM
	65	+#endif