[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#923199: marked as done (openssh-server has a false dependency on libpam-systemd)

Your message dated Tue, 26 Feb 2019 15:36:26 +0000
with message-id <E1gyemQ-000Iks-Ih@fasolo.debian.org>
and subject line Bug#923199: fixed in openssh 1:7.9p1-7
has caused the Debian Bug report #923199,
regarding openssh-server has a false dependency on libpam-systemd
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
923199: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=923199
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message --- 
Package: openssh-server
Version: 1:7.9p1-6
Severity: serious
Tags: newcomer
Justification: Policy 7.2

openssh-server has a hard dependency on libpam-systemd. Violates "Depends: This declares an absolute dependcy...
The Depends field should be used if the depended-on package is required for the depending package to provide a significant amount of functionality."

While this dependency makes sense if systemd is actually running, it makes no sense at all if it isn't running. In general with most libpam-* packages,
almost no hard dependency is appropriate as the entire authentication stack may be hijacked on-site with the original libpam libraries not even
being loaded.

Fix: change Depends: libpam-systemd to Recommends: libpam-systemd

-- System Information:
Debian Release: buster/sid
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.19.0-2-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) (ignored: LC_ALL set to en_US.UTF-8), LANGUAGE=en_US.UTF-8 (charmap=UTF-8) (ignored: LC_ALL set to en_US.UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: sysvinit (via /sbin/init)
LSM: AppArmor: enabled

Versions of packages openssh-server depends on:
ii  adduser                3.118
ii  debconf [debconf-2.0]  1.5.70
ii  dpkg                   1.19.2
ii  libaudit1              1:2.8.4-2
ii  libc6                  2.28-7
ii  libcom-err2            1.44.5-1
ii  libgssapi-krb5-2       1.17-1
ii  libkrb5-3              1.17-1
ii  libpam-modules         1.3.1-5
ii  libpam-runtime         1.3.1-5
ii  libpam0g               1.3.1-5
ii  libselinux1            2.8-1+b1
ii  libssl1.1              1.1.1a-1
ii  libsystemd0            240-6
ii  libwrap0               7.6.q-27
ii  lsb-base               10.2018112800
ii  openssh-client         1:7.9p1-6
ii  openssh-sftp-server    1:7.9p1-6
ii  procps                 2:3.3.15-2
ii  ucf                    3.0038+nmu1
ii  zlib1g                 1:1.2.11.dfsg-1

Versions of packages openssh-server recommends:
ii  libpam-systemd-apt-holepunch [libpam-systemd]  1
ii  ncurses-term                                   6.1+20181013-2
ii  xauth                                          1:1.0.10-1

Versions of packages openssh-server suggests:
ii  ksshaskpass [ssh-askpass]  4:5.14.5-1
pn  molly-guard                <none>
pn  monkeysphere               <none>
pn  rssh                       <none>
pn  ufw                        <none>

-- debconf information excluded

--- End Message ---
--- Begin Message --- 
Source: openssh
Source-Version: 1:7.9p1-7

We believe that the bug you reported is fixed in the latest version of
openssh, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 923199@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Colin Watson <cjwatson@debian.org> (supplier of updated openssh package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Tue, 26 Feb 2019 15:13:23 +0000
Source: openssh
Architecture: source
Version: 1:7.9p1-7
Distribution: unstable
Urgency: medium
Maintainer: Debian OpenSSH Maintainers <debian-ssh@lists.debian.org>
Changed-By: Colin Watson <cjwatson@debian.org>
Closes: 922365 923199
Changes:
 openssh (1:7.9p1-7) unstable; urgency=medium
 .
   * Recommend "default-logind | logind | libpam-systemd" rather than just
     libpam-systemd (closes: #923199).  (I've retained libpam-systemd as an
     alternative for a while to avoid backporting accidents, although it can
     be removed later.)
   * Pass "--exec /usr/sbin/sshd" to start-stop-daemon on stop as well as
     start and pass "--chuid 0:0" on start, to avoid problems with non-root
     groups leaking into the ownership of /run/sshd.pid (closes: #922365).
Checksums-Sha1:
 93a6971861c20ea3bf8ec69eb1d5840f2a9b896d 3161 openssh_7.9p1-7.dsc
 fe020e626859d3f47cbda04b32f10ba6971b7918 168740 openssh_7.9p1-7.debian.tar.xz
 1d2f5cc273900b58005bceb5a1bfafe774320c01 15011 openssh_7.9p1-7_source.buildinfo
Checksums-Sha256:
 666d29e1eed2c914043b088b54e7de6974ab1738ba2bf71aa01357f642f0efa1 3161 openssh_7.9p1-7.dsc
 3a359f3eb47dd46afd24c345d0a85fd698b47a699d2266d922291801225e4702 168740 openssh_7.9p1-7.debian.tar.xz
 42ac97072c4800ec688eb53e36caecf48fcd0626fef46b41bdd4f876e476eb7c 15011 openssh_7.9p1-7_source.buildinfo
Files:
 fdce630f22deba0e57b269be1012e296 3161 net standard openssh_7.9p1-7.dsc
 877b3312935438c25ee8f74151c55a25 168740 net standard openssh_7.9p1-7.debian.tar.xz
 dfeadff6621a627022d5db911cc30d30 15011 net standard openssh_7.9p1-7_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEErApP8SYRtvzPAcEROTWH2X2GUAsFAlx1WDMACgkQOTWH2X2G
UAth2Q//YVaU2cDpepKl0mQ9NrZk6KO1Cyv+8TNF/YaDl/wyRRmZaGKtsaVRtskc
5sxVmdCurHNGImDZ6eAaqg3HrU28XGW1vufxUQE9rALbuJTqHA1lcWqafzYqvQuq
fz1A+xZhfkFTLfaYysL4eUhq43UPt1ssX5pMtunYxzvYymammW1bFych6Zl8LbGX
I5hKu+y1JmR/BSzAKooFgKK2AuyCBEK7fi+oIqzYPPGOk8Tp/rEJOUInYYAG1Z5Z
ViVCdOOuyYrT6Id/8QL5RSs8sJEegu5ejkGw89z5Fdxap+tzLLK2xOfUShDbP0+k
cOj2syAZ+ji2cEDqu/aOKrmv2eflqRUWz5WDo98uub7Y/Uu1jsa5b2EoiGjYx0wn
G8q3nopC8oaQ9gbR7zYtaJnlkM2X+rF1U5njaGsGnKYcpZuSzR+LAFfNlTmF/PNG
MwG7+rvPAXsh9du60zNDYu+FJJcsTQU6Gu3dgFqQR/yIa4ebI/Px1jFNmreoyaIz
i3uPSk6OPKJZkOSCahbPem1cOR+VnH0/DqxItz+ozOKq0H2p1mpcKEEUQ9FNacuu
LIaK6TaacsBDDA6qQ+4cYGsaHrjl2SJ0P0ePbIuZzUxlkCHRNDB1aI5hKgnTovt8
t3WV4oMOYXFDQcqnfqLMewAioXZd8sVKIknZu34WLDt+/xO9AEg=
=/LUY
-----END PGP SIGNATURE-----

--- End Message ---
Reply to: