diff options
author | Patrick J Volkerding <volkerdi@slackware.com> | 2023-02-02 22:52:48 +0000 |
---|---|---|
committer | Eric Hameleers <alien@slackware.com> | 2023-02-03 13:30:32 +0100 |
commit | ad40d2a62a3d9772ffd95038a73f7e957c39950b (patch) | |
tree | c7be9c070876740641f1deb2df2ea27b4563db9c /patches/source/openssh/doinst.sh | |
parent | 7453cf8b304eae3ce386c64fe1739e21b2559edb (diff) | |
download | current-ad40d2a62a3d9772ffd95038a73f7e957c39950b.tar.gz current-ad40d2a62a3d9772ffd95038a73f7e957c39950b.tar.xz |
Thu Feb 2 22:52:48 UTC 202320230202225248_15.0
patches/packages/openssh-9.2p1-x86_64-1_slack15.0.txz: Upgraded.
This release contains fixes for two security problems and a memory safety
problem. The memory safety problem is not believed to be exploitable, but
upstream reports most network-reachable memory faults as security bugs.
This update contains some potentially incompatible changes regarding the
scp utility. For more information, see:
https://www.openssh.com/releasenotes.html#9.0
For more information, see:
https://www.openssh.com/releasenotes.html#9.2
(* Security fix *)
Diffstat (limited to 'patches/source/openssh/doinst.sh')
-rw-r--r-- | patches/source/openssh/doinst.sh | 53 |
1 files changed, 53 insertions, 0 deletions
diff --git a/patches/source/openssh/doinst.sh b/patches/source/openssh/doinst.sh new file mode 100644 index 000000000..ba1d1cdd3 --- /dev/null +++ b/patches/source/openssh/doinst.sh @@ -0,0 +1,53 @@ +config() { + NEW="$1" + OLD="`dirname $NEW`/`basename $NEW .new`" + # If there's no config file by that name, mv it over: + if [ ! -r $OLD ]; then + mv $NEW $OLD + elif [ "`cat $OLD | md5sum`" = "`cat $NEW | md5sum`" ]; then # toss the redundant copy + rm $NEW + fi + # Otherwise, we leave the .new copy for the admin to consider... +} +preserve_perms() { + NEW="$1" + OLD="$(dirname ${NEW})/$(basename ${NEW} .new)" + if [ -e ${OLD} ]; then + cp -a ${OLD} ${NEW}.incoming + cat ${NEW} > ${NEW}.incoming + touch -r ${NEW} ${NEW}.incoming + mv ${NEW}.incoming ${NEW} + fi + config ${NEW} +} + +if [ -r etc/pam.d/sshd.new ]; then + config etc/pam.d/sshd.new +fi +config etc/default/sshd.new +config etc/ssh/ssh_config.new +config etc/ssh/sshd_config.new +preserve_perms etc/rc.d/rc.sshd.new +if [ -e etc/rc.d/rc.sshd.new ]; then + mv etc/rc.d/rc.sshd.new etc/rc.d/rc.sshd +fi + +# If the sshd user/group/shadow don't exist, add them: + +if ! grep -q "^sshd:" etc/passwd ; then + echo "sshd:x:33:33:sshd:/:" >> etc/passwd +fi + +if ! grep -q "^sshd:" etc/group ; then + echo "sshd::33:sshd" >> etc/group +fi + +if ! grep -q "^sshd:" etc/shadow ; then + echo "sshd:*:9797:0:::::" >> etc/shadow +fi + +# Add a btmp file to store login failure if one doesn't exist: +if [ ! -r var/log/btmp ]; then + ( cd var/log ; umask 077 ; touch btmp ) +fi + |