Debian Bug report logs - #562048
allow for the package-specific version banner to be suppressed

version graph

Package: openssh; Maintainer for openssh is Debian OpenSSH Maintainers <debian-ssh@lists.debian.org>;

Reported by: Kees Cook <kees@debian.org>

Date: Tue, 22 Dec 2009 09:21:09 UTC

Severity: wishlist

Tags: patch

Found in version 1:5.1p1-8

Fixed in version openssh/1:5.2p1-2

Done: Colin Watson <cjwatson@debian.org>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, Debian OpenSSH Maintainers <debian-ssh@lists.debian.org>:
Bug#562048; Package openssh. (Tue, 22 Dec 2009 09:21:19 GMT) Full text and rfc822 format available.

Acknowledgement sent to Kees Cook <kees@debian.org>:
New Bug report received and forwarded. Copy sent to Debian OpenSSH Maintainers <debian-ssh@lists.debian.org>. (Tue, 22 Dec 2009 09:21:20 GMT) Full text and rfc822 format available.

Message #5 received at submit@bugs.debian.org (full text, mbox):

From: Kees Cook <kees@debian.org>
To: Debian Bugs <submit@bugs.debian.org>
Subject: allow for the package-specific version banner to be suppressed
Date: Tue, 22 Dec 2009 01:18:49 -0800
[Message part 1 (text/plain, inline)]
Package: openssh
Version: 1:5.1p1-8
Severity: wishlist
Tags: patch

Hi!

It is sometimes desirable to suppress the exact package version of
openssh that is reported during the initial protocol handshake.

While attempts we made to more completely deal with this upstream were
rejected[1], the "EXTRAVERSION" variable appears to be a Debian-specific
change.  This means there should be a way to have a Debian-specific
sshd variable be proposed to disable the EXTRAVERSION portion of the
protocol greeting:

SSH-2.0-OpenSSH_5.1p1

instead of

SSH-2.0-OpenSSH_5.1p1 Debian-8

This patch introduces ReportExtraversion (which defaults to "yes").  When
set to "no", "Debian-8" is left off the protocol greeting.

Thanks!

-Kees

[1]://bugzilla.mindrot.org/show_bug.cgi?id=764

-- 
Kees Cook                                            @debian.org
[report-extraversion.patch (text/x-diff, attachment)]

Information forwarded to debian-bugs-dist@lists.debian.org, Debian OpenSSH Maintainers <debian-ssh@lists.debian.org>:
Bug#562048; Package openssh. (Fri, 15 Jan 2010 23:06:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to Kees Cook <kees@debian.org>:
Extra info received and forwarded to list. Copy sent to Debian OpenSSH Maintainers <debian-ssh@lists.debian.org>. (Fri, 15 Jan 2010 23:06:03 GMT) Full text and rfc822 format available.

Message #10 received at 562048@bugs.debian.org (full text, mbox):

From: Kees Cook <kees@debian.org>
To: 562048@bugs.debian.org
Subject: updated to name option "DebianBanner"
Date: Fri, 15 Jan 2010 15:04:06 -0800
[Message part 1 (text/plain, inline)]
Hi,

This patch renames the config variable to "DebianBanner", as a way to make
it clearly a non-upstream configuration option.

Thanks,

-Kees

-- 
Kees Cook                                            @debian.org
[banner-disable.patch (text/x-diff, attachment)]

Information forwarded to debian-bugs-dist@lists.debian.org, Debian OpenSSH Maintainers <debian-ssh@lists.debian.org>:
Bug#562048; Package openssh. (Sat, 16 Jan 2010 00:27:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to Colin Watson <cjwatson@debian.org>:
Extra info received and forwarded to list. Copy sent to Debian OpenSSH Maintainers <debian-ssh@lists.debian.org>. (Sat, 16 Jan 2010 00:27:03 GMT) Full text and rfc822 format available.

Message #15 received at 562048@bugs.debian.org (full text, mbox):

From: Colin Watson <cjwatson@debian.org>
To: Kees Cook <kees@debian.org>, 562048@bugs.debian.org
Subject: Re: Bug#562048: updated to name option "DebianBanner"
Date: Sat, 16 Jan 2010 00:07:28 +0000
tags 562048 pending
thanks

On Fri, Jan 15, 2010 at 03:04:06PM -0800, Kees Cook wrote:
> This patch renames the config variable to "DebianBanner", as a way to make
> it clearly a non-upstream configuration option.

Thanks.  I've applied this to our bzr branch, with the only further
change being to sort the documentation of the key properly in
sshd_config(5).

-- 
Colin Watson                                       [cjwatson@debian.org]




Added tag(s) pending. Request was from Colin Watson <cjwatson@debian.org> to control@bugs.debian.org. (Sat, 16 Jan 2010 00:27:04 GMT) Full text and rfc822 format available.

Reply sent to Colin Watson <cjwatson@debian.org>:
You have taken responsibility. (Sat, 16 Jan 2010 04:21:12 GMT) Full text and rfc822 format available.

Notification sent to Kees Cook <kees@debian.org>:
Bug acknowledged by developer. (Sat, 16 Jan 2010 04:21:12 GMT) Full text and rfc822 format available.

Message #22 received at 562048-close@bugs.debian.org (full text, mbox):

From: Colin Watson <cjwatson@debian.org>
To: 562048-close@bugs.debian.org
Subject: Bug#562048: fixed in openssh 1:5.2p1-2
Date: Sat, 16 Jan 2010 04:17:21 +0000
Source: openssh
Source-Version: 1:5.2p1-2

We believe that the bug you reported is fixed in the latest version of
openssh, which is due to be installed in the Debian FTP archive:

openssh-client-udeb_5.2p1-2_i386.udeb
  to main/o/openssh/openssh-client-udeb_5.2p1-2_i386.udeb
openssh-client_5.2p1-2_i386.deb
  to main/o/openssh/openssh-client_5.2p1-2_i386.deb
openssh-server-udeb_5.2p1-2_i386.udeb
  to main/o/openssh/openssh-server-udeb_5.2p1-2_i386.udeb
openssh-server_5.2p1-2_i386.deb
  to main/o/openssh/openssh-server_5.2p1-2_i386.deb
openssh_5.2p1-2.diff.gz
  to main/o/openssh/openssh_5.2p1-2.diff.gz
openssh_5.2p1-2.dsc
  to main/o/openssh/openssh_5.2p1-2.dsc
ssh-askpass-gnome_5.2p1-2_i386.deb
  to main/o/openssh/ssh-askpass-gnome_5.2p1-2_i386.deb
ssh-krb5_5.2p1-2_all.deb
  to main/o/openssh/ssh-krb5_5.2p1-2_all.deb
ssh_5.2p1-2_all.deb
  to main/o/openssh/ssh_5.2p1-2_all.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 562048@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Colin Watson <cjwatson@debian.org> (supplier of updated openssh package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Sat, 16 Jan 2010 01:28:58 +0000
Source: openssh
Binary: openssh-client openssh-server ssh ssh-krb5 ssh-askpass-gnome openssh-client-udeb openssh-server-udeb
Architecture: source all i386
Version: 1:5.2p1-2
Distribution: unstable
Urgency: low
Maintainer: Debian OpenSSH Maintainers <debian-ssh@lists.debian.org>
Changed-By: Colin Watson <cjwatson@debian.org>
Description: 
 openssh-client - secure shell (SSH) client, for secure access to remote machines
 openssh-client-udeb - secure shell client for the Debian installer (udeb)
 openssh-server - secure shell (SSH) server, for secure access from remote machines
 openssh-server-udeb - secure shell server for the Debian installer (udeb)
 ssh        - secure shell client and server (metapackage)
 ssh-askpass-gnome - interactive X program to prompt users for a passphrase for ssh-ad
 ssh-krb5   - secure shell client and server (transitional package)
Closes: 562048
Changes: 
 openssh (1:5.2p1-2) unstable; urgency=low
 .
   [ Colin Watson ]
   * Backport from upstream:
     - After sshd receives a SIGHUP, ignore subsequent HUPs while sshd
       re-execs itself.  Prevents two HUPs in quick succession from resulting
       in sshd dying (LP: #497781).
     - Output a debug if we can't open an existing keyfile (LP: #505301).
   * Use host compiler for ssh-askpass-gnome when cross-compiling.
   * Don't run tests when cross-compiling.
   * Drop change from 1:3.6.1p2-5 to disable cmsg_type check for file
     descriptor passing when running on Linux 2.0.  The previous stable
     release of Debian dropped support for Linux 2.4, let alone 2.0, so this
     very likely has no remaining users depending on it.
 .
   [ Kees Cook ]
   * Implement DebianBanner server configuration flag that can be set to "no"
     to allow sshd to run without the Debian-specific extra version in the
     initial protocol handshake (closes: #562048).
Checksums-Sha1: 
 fe9561e6026c4b6af1a95216f040277589891577 1645 openssh_5.2p1-2.dsc
 4052e6a58cc513357c1782dd7c63adfd22e9e7ad 231856 openssh_5.2p1-2.diff.gz
 faacf560a071dbf5604f296cbdc28d9553d7ca33 1216 ssh_5.2p1-2_all.deb
 24ed0668cf596f56f185d1470f0e3f0a42c33e1f 73078 ssh-krb5_5.2p1-2_all.deb
 ce28fa88ece5078cf197e89e0dddf6767fbe5fb0 747802 openssh-client_5.2p1-2_i386.deb
 13e9934f0f4ff9b215ffe4f462ca4ade0fa8fd5e 278714 openssh-server_5.2p1-2_i386.deb
 624d26ae91c091abffd1dd910b19f5c90dc152e6 80616 ssh-askpass-gnome_5.2p1-2_i386.deb
 ce1451b9bd3553e73dcd580a62791046ba9ccbf8 175624 openssh-client-udeb_5.2p1-2_i386.udeb
 e4ba15121a630988bd12977e989db40e870a2cdb 197922 openssh-server-udeb_5.2p1-2_i386.udeb
Checksums-Sha256: 
 296620380d150cdcaf8f1ff68e334dc33708e81e4fdfd45326c1c39e5026a19d 1645 openssh_5.2p1-2.dsc
 7964d3ae780f17eada12becbe5eeb8eef1ec04d93e7131c23c357925aacdcca1 231856 openssh_5.2p1-2.diff.gz
 572826fe43765b4b285da48821e801c80817f314907dacd0bac5dc36d0315010 1216 ssh_5.2p1-2_all.deb
 42b9eae3ea7751338b2a61f674435ed342be61db0280eff7103693ca7ab559d8 73078 ssh-krb5_5.2p1-2_all.deb
 854073dfdaf0e9d8d0361e510abef027dc531364014973c30ce757363d98c0b1 747802 openssh-client_5.2p1-2_i386.deb
 277cb10ed245aaf9f0b700a4f08b777b4e99b4f98edda40cf6b1bfd9dda66e67 278714 openssh-server_5.2p1-2_i386.deb
 5afa8747f86df33225d4de615c8d9adc9d24497364c650157ea1bdae81582d1d 80616 ssh-askpass-gnome_5.2p1-2_i386.deb
 7df2a0eb4620d1eda6c82e9c7e52f6ec13aab3ec2dd37d6e92f690e5165c49b3 175624 openssh-client-udeb_5.2p1-2_i386.udeb
 05006048f0cad5b5725ba9e6a90da624d94e10406866f8fe0a1b4e8f3e613a78 197922 openssh-server-udeb_5.2p1-2_i386.udeb
Files: 
 16f778133fca11cad3b9555e0e762de3 1645 net standard openssh_5.2p1-2.dsc
 3ee3a4c0d14a6108a9502d1ffdc807c1 231856 net standard openssh_5.2p1-2.diff.gz
 e05426f053a031cb2ba7080f2a02d8dd 1216 net extra ssh_5.2p1-2_all.deb
 256d470b431b44ec440f1f803b5f682d 73078 net extra ssh-krb5_5.2p1-2_all.deb
 2e2a8db08ef46d46c7805a7b3af27495 747802 net standard openssh-client_5.2p1-2_i386.deb
 502a3bbae2862c26d77825b16df7dabd 278714 net optional openssh-server_5.2p1-2_i386.deb
 20b07c5648b5f15bd63c5a23dc12f6df 80616 gnome optional ssh-askpass-gnome_5.2p1-2_i386.deb
 3f5ed0ecabfad785cf05a50642e0c74d 175624 debian-installer optional openssh-client-udeb_5.2p1-2_i386.udeb
 9306b83dee877077269b0524fd4fbf53 197922 debian-installer optional openssh-server-udeb_5.2p1-2_i386.udeb
Package-Type: udeb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Colin Watson <cjwatson@debian.org> -- Debian developer

iD8DBQFLUTgu9t0zAhD6TNERAjJhAJ46b6s9EJXYiKrPmPzffMlDqJj57wCghH/q
6Hl4boX7xmR44m4KQA7IzTI=
=gJJn
-----END PGP SIGNATURE-----





Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Wed, 24 Feb 2010 07:31:05 GMT) Full text and rfc822 format available.

Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Fri Apr 18 11:45:44 2014; Machine Name: buxtehude.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.