Include the Debian version in our identification

This makes it easier to audit networks for versions patched against security vulnerabilities. It has little detrimental effect, as attackers will generally just try attacks rather than bothering to scan for vulnerable-looking version strings. (However, see debian-banner.patch.) Forwarded: not-needed Last-Update: 2023-12-18 Patch-Name: package-versioning.patch
author: Matthew Vernon <matthew@debian.org> 2014-02-09 16:10:05 +0000
committer: Colin Watson <cjwatson@debian.org> 2024-03-11 14:56:56 +0000
commit: 31e03515a6e193df4e706e6c770c333aeeaaae62 (patch)
tree: 009b51499179d330046e3e265939fd7f8995971b
parent: 6b9bc7ba6d48ed340129f3e4edcd30a70f6e4a76 (diff)
2 files changed, 7 insertions, 2 deletions
diff --git a/kex.c b/kex.c
index e4a2362bd..4e988e39b 100644
--- a/kex.c
+++ b/kex.c
@@ -1563,7 +1563,7 @@ kex_exchange_identification(struct ssh *ssh, int timeout_ms,
 	if (version_addendum != NULL && *version_addendum == '\0')
 		version_addendum = NULL;
 	if ((r = sshbuf_putf(our_version, "SSH-%d.%d-%s%s%s\r\n",
-	    PROTOCOL_MAJOR_2, PROTOCOL_MINOR_2, SSH_VERSION,
+	    PROTOCOL_MAJOR_2, PROTOCOL_MINOR_2, SSH_RELEASE,
 	    version_addendum == NULL ? "" : " ",
 	    version_addendum == NULL ? "" : version_addendum)) != 0) {
 		oerrno = errno;
diff --git a/version.h b/version.h
index 052a5817b..0124a77d3 100644
--- a/version.h
+++ b/version.h
@@ -3,4 +3,9 @@
 #define SSH_VERSION	"OpenSSH_9.7"
 
 #define SSH_PORTABLE	"p1"
-#define SSH_RELEASE	SSH_VERSION SSH_PORTABLE
+#define SSH_RELEASE_MINIMUM	SSH_VERSION SSH_PORTABLE
+#ifdef SSH_EXTRAVERSION
+#define SSH_RELEASE	SSH_RELEASE_MINIMUM " " SSH_EXTRAVERSION
+#else
+#define SSH_RELEASE	SSH_RELEASE_MINIMUM
+#endif
author	Matthew Vernon <matthew@debian.org>	2014-02-09 16:10:05 +0000
committer	Colin Watson <cjwatson@debian.org>	2024-03-11 14:56:56 +0000
commit	31e03515a6e193df4e706e6c770c333aeeaaae62 (patch)
tree	009b51499179d330046e3e265939fd7f8995971b
parent	6b9bc7ba6d48ed340129f3e4edcd30a70f6e4a76 (diff)