Apologies, I screwed up by sending the patch to control twice. No idea why I did that..... Here it is again: Here's a patch to fix this bug. Tested by upgrading a woody chroot to the current version without and with the patch. Without patch: sshd_config before: (notice the nonsensical permissions) [root@godzukee:/etc/ssh]# ls -l sshd_* --wxrw---x 1 root root 2045 Oct 23 20:30 sshd_config sshd_config after upgrade to ssh in testing: [root@godzukee:/etc/ssh]# ls -l sshd* -rw-r--r-- 1 root root 2059 Oct 23 20:31 sshd_config --wxrw---x 1 root root 2045 Oct 23 20:30 sshd_config.dpkg-old With patch: sshd_config before: (nonsensical permissions again) [root@godzukee:/etc/ssh]# ls -l sshd_* --wxrw---x 1 root root 2045 Oct 23 20:54 sshd_config sshd config after upgrade to patched ssh: [root@godzukee:/etc/ssh]# ls -l sshd_* --wxrw---x 1 root root 2059 Oct 23 20:55 sshd_config --wxrw---x 1 root root 2045 Oct 23 20:54 sshd_config.dpkg-old I've prepared an NMU. The diff can be found at: http://www.brain.ncl.ac.uk/~mark/debian/ssh-nmu/ I'm pretty sure that non-DDs aren't supposed to be able to prepare NMUs but have done this in order that when I eventually enter NM, I can point my AM at this report and NMU to demonstrate that I know how to do it! The actual interdiff is attached to this report for use by the maintainer. Thanks, hope this is useful, Mark -- Mark Hymers, University of Newcastle Medical School Intercalating Medical Student (MBBS / PhD)
diff -u openssh-3.8.1p1/debian/changelog openssh-3.8.1p1/debian/changelog
--- openssh-3.8.1p1/debian/changelog
+++ openssh-3.8.1p1/debian/changelog
@@ -1,3 +1,11 @@
+openssh (1:3.8.1p1-8.sarge2) unstable; urgency=high
+
+ * Non-maintainer upload
+ * Maintain file permissions when changing options in sshd_config.
+ (closes: #276754)
+
+ -- Mark Hymers <mark.hymers@ncl.ac.uk> Sat, 23 Oct 2004 20:58:43 +0100
+
openssh (1:3.8.1p1-8.sarge.1) unstable; urgency=high
* If PasswordAuthentication is disabled, then offer to disable
diff -u openssh-3.8.1p1/debian/postinst openssh-3.8.1p1/debian/postinst
--- openssh-3.8.1p1/debian/postinst
+++ openssh-3.8.1p1/debian/postinst
@@ -13,7 +13,16 @@
exit 0
fi
-
+# This routine takes two file names, copies the first to the
+# second ensuring that permissions are maintained ignoring umask
+copyfile() {
+ basefile="$1"
+ targetfile="$2"
+ existingumask="$(umask)"
+ umask 0000
+ cp -a "$basefile" "$targetfile"
+ umask "$existingumask"
+}
check_idea_key() {
#check for old host_key files using IDEA, which openssh does not support
@@ -42,6 +51,9 @@
option="$1"
value="$2"
+ # Do this in order to preseve file permissions
+ copyfile /etc/ssh/sshd_config /etc/ssh/sshd_config.dpkg-new
+
perl -e '
$option = $ARGV[0]; $value = $ARGV[1]; $done = 0;
while (<STDIN>) {
@@ -132,7 +144,9 @@
# Upgrade from pre-3.7: UsePAM needed to maintain standard
# Debian configuration.
echo -n 'Upgrading sshd_config (old version in .dpkg-old) ...'
- cp -a /etc/ssh/sshd_config /etc/ssh/sshd_config.dpkg-old
+ copyfile /etc/ssh/sshd_config /etc/ssh/sshd_config.dpkg-old
+ # Do this to preserve file permissions
+ copyfile /etc/ssh/sshd_config /etc/ssh/sshd_config.dpkg-new
perl -pe 's/^(PAMAuthenticationViaKbdInt|RhostsAuthentication)\b/#$1/i' \
/etc/ssh/sshd_config > /etc/ssh/sshd_config.dpkg-new
echo >> /etc/ssh/sshd_config.dpkg-new
@@ -152,6 +166,8 @@
#Preserve old sshd_config before generating a new one
if [ -e /etc/ssh/sshd_config ] ; then
mv /etc/ssh/sshd_config /etc/ssh/sshd_config.dpkg-old
+ # Preserve file permissions if we already have a file
+ copyfile /etc/ssh/sshd_config.dpkg-old /etc/ssh/sshd_config
fi
cat <<EOF > /etc/ssh/sshd_config
Attachment:
signature.asc
Description: Digital signature