Hi,
This patch renames the config variable to "DebianBanner", as a way to make
it clearly a non-upstream configuration option.
Thanks,
-Kees
--
Kees Cook @debian.org
diff -uNrp openssh-5.1p1~/debian/changelog openssh-5.1p1/debian/changelog
--- openssh-5.1p1~/debian/changelog 2009-12-22 01:16:09.000000000 -0800
+++ openssh-5.1p1/debian/changelog 2009-12-22 01:11:57.986834956 -0800
@@ -1,3 +1,12 @@
+openssh (1:5.1p1-9) unstable; urgency=low
+
+ * servconf.[ch], sshd.c, version.h, sshd_config.5: implement
+ DebianBanner server configuration flag that can be set to
+ "no" to allow sshd to run without the Debian-specific extra version
+ in the initial protocol handshake.
+
+ -- Kees Cook <k...@debian.org> Tue, 22 Dec 2009 01:11:04 -0800
+
openssh (1:5.1p1-8) unstable; urgency=low
* Build with just -fPIC on mips/mipsel, not -fPIE as well (thanks, LIU Qi;
diff -uNrp openssh-5.1p1~/servconf.c openssh-5.1p1/servconf.c
--- openssh-5.1p1~/servconf.c 2009-12-22 01:16:09.000000000 -0800
+++ openssh-5.1p1/servconf.c 2009-12-22 01:10:50.496829718 -0800
@@ -130,6 +130,7 @@ initialize_server_options(ServerOptions
options->num_permitted_opens = -1;
options->adm_forced_command = NULL;
options->chroot_directory = NULL;
+ options->debian_banner = -1;
}
void
@@ -267,6 +268,8 @@ fill_default_server_options(ServerOption
options->authorized_keys_file = _PATH_SSH_USER_PERMITTED_KEYS;
if (options->permit_tun == -1)
options->permit_tun = SSH_TUNMODE_NO;
+ if (options->debian_banner == -1)
+ options->debian_banner = 1;
/* Turn privilege separation on by default */
if (use_privsep == -1)
@@ -313,6 +316,7 @@ typedef enum {
sAcceptEnv, sPermitTunnel,
sMatch, sPermitOpen, sForceCommand, sChrootDirectory,
sUsePrivilegeSeparation, sAllowAgentForwarding,
+ sDebianBanner,
sDeprecated, sUnsupported
} ServerOpCodes;
@@ -435,6 +439,7 @@ static struct {
{ "permitopen", sPermitOpen, SSHCFG_ALL },
{ "forcecommand", sForceCommand, SSHCFG_ALL },
{ "chrootdirectory", sChrootDirectory, SSHCFG_ALL },
+ { "debianbanner", sDebianBanner, SSHCFG_GLOBAL },
{ NULL, sBadOption, 0 }
};
@@ -1313,6 +1318,10 @@ process_server_config_line(ServerOptions
*charptr = xstrdup(arg);
break;
+ case sDebianBanner:
+ intptr = &options->debian_banner;
+ goto parse_int;
+
case sDeprecated:
logit("%s line %d: Deprecated option %s",
filename, linenum, arg);
diff -uNrp openssh-5.1p1~/servconf.h openssh-5.1p1/servconf.h
--- openssh-5.1p1~/servconf.h 2009-12-22 01:16:09.000000000 -0800
+++ openssh-5.1p1/servconf.h 2009-12-22 01:10:50.496829718 -0800
@@ -151,6 +151,8 @@ typedef struct {
int num_permitted_opens;
+ int debian_banner;
+
char *chroot_directory;
} ServerOptions;
diff -uNrp openssh-5.1p1~/sshd.c openssh-5.1p1/sshd.c
--- openssh-5.1p1~/sshd.c 2009-12-22 01:16:09.000000000 -0800
+++ openssh-5.1p1/sshd.c 2009-12-22 01:10:50.496829718 -0800
@@ -425,7 +425,8 @@ sshd_exchange_identification(int sock_in
minor = PROTOCOL_MINOR_1;
}
snprintf(buf, sizeof buf, "SSH-%d.%d-%.100s%s", major, minor,
- SSH_RELEASE, newline);
+ options.debian_banner ? SSH_RELEASE : SSH_RELEASE_MINIMUM,
+ newline);
server_version_string = xstrdup(buf);
/* Send our protocol version identification. */
diff -uNrp openssh-5.1p1~/sshd_config.5 openssh-5.1p1/sshd_config.5
--- openssh-5.1p1~/sshd_config.5 2009-12-22 01:16:09.000000000 -0800
+++ openssh-5.1p1/sshd_config.5 2009-12-22 01:10:50.496829718 -0800
@@ -862,6 +862,11 @@ Specifies whether public key authenticat
The default is
.Dq yes .
Note that this option applies to protocol version 2 only.
+.It Cm DebianBanner
+Specifies whether the distribution-specified extra version suffix is
+included during initial protocol handshake.
+The default is
+.Dq yes .
.It Cm RhostsRSAAuthentication
Specifies whether rhosts or /etc/hosts.equiv authentication together
with successful RSA host authentication is allowed.
diff -uNrp openssh-5.1p1~/version.h openssh-5.1p1/version.h
--- openssh-5.1p1~/version.h 2009-12-22 01:16:09.000000000 -0800
+++ openssh-5.1p1/version.h 2009-12-22 01:10:50.496829718 -0800
@@ -3,8 +3,9 @@
#define SSH_VERSION "OpenSSH_5.1"
#define SSH_PORTABLE "p1"
+#define SSH_RELEASE_MINIMUM SSH_VERSION SSH_PORTABLE
#ifdef SSH_EXTRAVERSION
-#define SSH_RELEASE SSH_VERSION SSH_PORTABLE " " SSH_EXTRAVERSION
+#define SSH_RELEASE SSH_RELEASE_MINIMUM " " SSH_EXTRAVERSION
#else
-#define SSH_RELEASE SSH_VERSION SSH_PORTABLE
+#define SSH_RELEASE SSH_RELEASE_MINIMUM
#endif
