netbsd-bugs: bin/23212: openssh /etc/moduli copied by postinstall should be etcupdate

Subject: bin/23212: openssh /etc/moduli copied by postinstall should be etcupdate
To: None <gnats-bugs@gnats.NetBSD.org>
From: None <wsimpson@greendragon.com>
List: netbsd-bugs
Date: 10/21/2003 00:26:46

>Number:         23212
>Category:       bin
>Synopsis:       openssh /etc/moduli copied by postinstall should be etcupdate
>Confidential:   no
>Severity:       critical
>Priority:       high
>Responsible:    bin-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Tue Oct 21 00:27:00 UTC 2003
>Closed-Date:
>Last-Modified:
>Originator:     william allen simpson
>Release:        1.6ZD
>Organization:
daydreamer
>Environment:
NetBSD dreamer.citi.umich.edu 1.6ZD NetBSD 1.6ZD (GENERIC) #1: Mon Oct 20 12:54:15 EDT 2003  current@dreamer.citi.umich.edu:/usr/obj/sys/arch/i386/compile/GENERIC i386
>Description:
when running postinstall, saw:

ssh fix:
        Copied /home/current/src/crypto/dist/ssh/moduli to ///etc/moduli

This is a disaster!  Updating system will revert to old openssh moduli, instead of newer locally generated moduli.  This defeats the purpose of having a moduli file (not compiled list) in the first place!

Instead, /etc/moduli should be handled by etcupdate!

>How-To-Repeat:
./build.sh -O /usr/obj -T ../tools install=/ 
/home/current/src/etc/postinstall -s /home/current/src -d // fix rc ssh makedev obsolete


>Fix:

>Release-Note:
>Audit-Trail:
>Unformatted: