diff --git a/debian/changelog b/debian/changelog index 4aefd40..296c226 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,13 @@ +openssh (1:9.7p1-4deepin1) unstable; urgency=medium + + * Refresh and re-apply deepin patches: + deepin-extra-version.patch + deepin-ssh-connect-idle-timeout.patch + deepin-ssh-keygen-privatekey-file-perm.patch + * Update openssh-server.ucf-md5sum. + + -- Tianyu Chen Sun, 07 Apr 2024 15:23:02 +0800 + openssh (1:9.7p1-4) unstable; urgency=medium * Rework systemd readiness notification and socket activation patches to diff --git a/debian/openssh-server.ucf-md5sum b/debian/openssh-server.ucf-md5sum index 6100e96..0e375c8 100644 --- a/debian/openssh-server.ucf-md5sum +++ b/debian/openssh-server.ucf-md5sum @@ -110,7 +110,7 @@ d96ecd9064ea650c44372a5a33d3e497 4e03b4df60cd00c651777ec14ff76aef # From 1:9.2p1-1: -b8e751f62cf86a18bc30cdaae494b03f -b89c8626d43128cdb233536439e00566 -5f589fb3658df8cb7cce8505cf821e40 -8d7588b06f81ef23bea8d84442af8e68 +a2cdc592eacf8a884829729418005d27 +84066063a3f2c9412d5df7a7a0e6e293 +8933d57d77504756fdde370bbdd08ee1 +49d53e44b746ec2ad2103ac2860f97ff diff --git a/debian/patches/deepin-extra-version.patch b/debian/patches/deepin-extra-version.patch new file mode 100644 index 0000000..789b2e5 --- /dev/null +++ b/debian/patches/deepin-extra-version.patch @@ -0,0 +1,11 @@ +--- a/version.h ++++ b/version.h +@@ -5,7 +5,7 @@ + #define SSH_PORTABLE "p1" + #define SSH_RELEASE_MINIMUM SSH_VERSION SSH_PORTABLE + #ifdef SSH_EXTRAVERSION +-#define SSH_RELEASE SSH_RELEASE_MINIMUM " " SSH_EXTRAVERSION ++#define SSH_RELEASE SSH_RELEASE_MINIMUM " " "Deepin" + #else + #define SSH_RELEASE SSH_RELEASE_MINIMUM + #endif diff --git a/debian/patches/deepin-ssh-connect-idle-timeout.patch b/debian/patches/deepin-ssh-connect-idle-timeout.patch new file mode 100644 index 0000000..a7f889a --- /dev/null +++ b/debian/patches/deepin-ssh-connect-idle-timeout.patch @@ -0,0 +1,20 @@ +Description: 完成 ssh、tty登录超时自动退出需求实现 + 增加sshd默认配置项,ssh连接之后900秒无操作,自动退出 + +Origin: https://gerrit.uniontech.com/plugins/gitiles/base/openssh/+/202f13d0e50e7d3fe478ad39be7c59ab3ed30b52 +Task: https://pms.uniontech.com/zentao/task-view-60279.html +Last-Update: 2022-05-19 + +--- openssh-9.0p1.orig/sshd_config ++++ openssh-9.0p1/sshd_config +@@ -97,8 +97,8 @@ PrintMotd no + #TCPKeepAlive yes + #PermitUserEnvironment no + #Compression delayed +-#ClientAliveInterval 0 +-#ClientAliveCountMax 3 ++ClientAliveInterval 900 ++ClientAliveCountMax 1 + #UseDNS no + #PidFile /var/run/sshd.pid + #MaxStartups 10:30:100 diff --git a/debian/patches/deepin-ssh-keygen-privatekey-file-perm.patch b/debian/patches/deepin-ssh-keygen-privatekey-file-perm.patch new file mode 100644 index 0000000..635829e --- /dev/null +++ b/debian/patches/deepin-ssh-keygen-privatekey-file-perm.patch @@ -0,0 +1,18 @@ +Description: + TODO: Put a short summary on the line above and replace this paragraph + +Origin: https://gerrit.uniontech.com/plugins/gitiles/base/openssh/+/1aaa80cba01428f8738878a826db83fd1aeed6c4 +Task: https://pms.uniontech.com/zentao/task-view-60275.html +Last-Update: 2022-05-20 + +--- openssh-9.0p1.orig/sshbuf-io.c ++++ openssh-9.0p1/sshbuf-io.c +@@ -102,7 +102,7 @@ sshbuf_write_file(const char *path, stru + { + int fd, oerrno; + +- if ((fd = open(path, O_WRONLY | O_CREAT | O_TRUNC, 0644)) == -1) ++ if ((fd = open(path, O_WRONLY | O_CREAT | O_TRUNC, 0400)) == -1) + return SSH_ERR_SYSTEM_ERROR; + if (atomicio(vwrite, fd, sshbuf_mutable_ptr(buf), + sshbuf_len(buf)) != sshbuf_len(buf) || close(fd) != 0) { diff --git a/debian/patches/series b/debian/patches/series index 0f25d97..3eae986 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -28,3 +28,6 @@ skip-utimensat-test-on-zfs.patch zero-call-used-regs-m68k.patch regress-conch-dev-zero.patch configure-cache-vars.patch +deepin-extra-version.patch +deepin-ssh-connect-idle-timeout.patch +deepin-ssh-keygen-privatekey-file-perm.patch