Apologies, I screwed up by sending the patch to control twice. No idea why I did that..... Here it is again: Here's a patch to fix this bug. Tested by upgrading a woody chroot to the current version without and with the patch. Without patch: sshd_config before: (notice the nonsensical permissions) [root@godzukee:/etc/ssh]# ls -l sshd_* --wxrw---x 1 root root 2045 Oct 23 20:30 sshd_config sshd_config after upgrade to ssh in testing: [root@godzukee:/etc/ssh]# ls -l sshd* -rw-r--r-- 1 root root 2059 Oct 23 20:31 sshd_config --wxrw---x 1 root root 2045 Oct 23 20:30 sshd_config.dpkg-old With patch: sshd_config before: (nonsensical permissions again) [root@godzukee:/etc/ssh]# ls -l sshd_* --wxrw---x 1 root root 2045 Oct 23 20:54 sshd_config sshd config after upgrade to patched ssh: [root@godzukee:/etc/ssh]# ls -l sshd_* --wxrw---x 1 root root 2059 Oct 23 20:55 sshd_config --wxrw---x 1 root root 2045 Oct 23 20:54 sshd_config.dpkg-old I've prepared an NMU. The diff can be found at: http://www.brain.ncl.ac.uk/~mark/debian/ssh-nmu/ I'm pretty sure that non-DDs aren't supposed to be able to prepare NMUs but have done this in order that when I eventually enter NM, I can point my AM at this report and NMU to demonstrate that I know how to do it! The actual interdiff is attached to this report for use by the maintainer. Thanks, hope this is useful, Mark -- Mark Hymers, University of Newcastle Medical School Intercalating Medical Student (MBBS / PhD)
diff -u openssh-3.8.1p1/debian/changelog openssh-3.8.1p1/debian/changelog --- openssh-3.8.1p1/debian/changelog +++ openssh-3.8.1p1/debian/changelog @@ -1,3 +1,11 @@ +openssh (1:3.8.1p1-8.sarge2) unstable; urgency=high + + * Non-maintainer upload + * Maintain file permissions when changing options in sshd_config. + (closes: #276754) + + -- Mark Hymers <mark.hymers@ncl.ac.uk> Sat, 23 Oct 2004 20:58:43 +0100 + openssh (1:3.8.1p1-8.sarge.1) unstable; urgency=high * If PasswordAuthentication is disabled, then offer to disable diff -u openssh-3.8.1p1/debian/postinst openssh-3.8.1p1/debian/postinst --- openssh-3.8.1p1/debian/postinst +++ openssh-3.8.1p1/debian/postinst @@ -13,7 +13,16 @@ exit 0 fi - +# This routine takes two file names, copies the first to the +# second ensuring that permissions are maintained ignoring umask +copyfile() { + basefile="$1" + targetfile="$2" + existingumask="$(umask)" + umask 0000 + cp -a "$basefile" "$targetfile" + umask "$existingumask" +} check_idea_key() { #check for old host_key files using IDEA, which openssh does not support @@ -42,6 +51,9 @@ option="$1" value="$2" + # Do this in order to preseve file permissions + copyfile /etc/ssh/sshd_config /etc/ssh/sshd_config.dpkg-new + perl -e ' $option = $ARGV[0]; $value = $ARGV[1]; $done = 0; while (<STDIN>) { @@ -132,7 +144,9 @@ # Upgrade from pre-3.7: UsePAM needed to maintain standard # Debian configuration. echo -n 'Upgrading sshd_config (old version in .dpkg-old) ...' - cp -a /etc/ssh/sshd_config /etc/ssh/sshd_config.dpkg-old + copyfile /etc/ssh/sshd_config /etc/ssh/sshd_config.dpkg-old + # Do this to preserve file permissions + copyfile /etc/ssh/sshd_config /etc/ssh/sshd_config.dpkg-new perl -pe 's/^(PAMAuthenticationViaKbdInt|RhostsAuthentication)\b/#$1/i' \ /etc/ssh/sshd_config > /etc/ssh/sshd_config.dpkg-new echo >> /etc/ssh/sshd_config.dpkg-new @@ -152,6 +166,8 @@ #Preserve old sshd_config before generating a new one if [ -e /etc/ssh/sshd_config ] ; then mv /etc/ssh/sshd_config /etc/ssh/sshd_config.dpkg-old + # Preserve file permissions if we already have a file + copyfile /etc/ssh/sshd_config.dpkg-old /etc/ssh/sshd_config fi cat <<EOF > /etc/ssh/sshd_config
Attachment:
signature.asc
Description: Digital signature