From nobody Fri Oct 20 00:14:35 2023 X-Original-To: stable@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4SBQ7w5Pc2z4y3C3 for ; Fri, 20 Oct 2023 00:14:52 +0000 (UTC) (envelope-from bc979@lafn.org) Received: from mail.sermon-archive.info (sermon-archive.info [47.181.130.121]) by mx1.freebsd.org (Postfix) with ESMTP id 4SBQ7w2nq0z4fnM for ; Fri, 20 Oct 2023 00:14:52 +0000 (UTC) (envelope-from bc979@lafn.org) Authentication-Results: mx1.freebsd.org; none Received: from smtpclient.apple (unknown [10.0.1.251]) by mail.sermon-archive.info (Postfix) with ESMTPSA id 4SBQ7n2FSnz2fjV0; Thu, 19 Oct 2023 17:14:45 -0700 (PDT) Content-Type: text/plain; charset=us-ascii List-Id: Production branch of FreeBSD source code List-Archive: https://lists.freebsd.org/archives/freebsd-stable List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-stable@freebsd.org X-BeenThere: freebsd-stable@freebsd.org Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3731.700.6\)) Subject: Re: FreeBSD Errata Notice FreeBSD-EN-23:09.freebsd-update [REVISED] From: Doug Hardie In-Reply-To: <14ed5f0c-9dbc-48d6-959c-750f2db726d4@quip.cz> Date: Thu, 19 Oct 2023 17:14:35 -0700 Cc: Tomoaki AOKI , stable@freebsd.org Content-Transfer-Encoding: quoted-printable Message-Id: References: <20231003230335.0B92113333@freefall.freebsd.org> <765ea31d-8f07-4916-b6fd-ba220dec80dc@inoc.net> <20231020062618.9618dcfd42b083720d5dbd12@dec.sakura.ne.jp> <14ed5f0c-9dbc-48d6-959c-750f2db726d4@quip.cz> To: Miroslav Lachman <000.fbsd@quip.cz> X-Mailer: Apple Mail (2.3731.700.6) X-Virus-Scanned: clamav-milter 1.1.2 at mail X-Virus-Status: Clean X-Spamd-Bar: ---- X-Rspamd-Pre-Result: action=no action; module=replies; Message is reply to one we originated X-Spamd-Result: default: False [-4.00 / 15.00]; REPLY(-4.00)[]; ASN(0.00)[asn:5650, ipnet:47.181.128.0/18, country:US] X-Rspamd-Queue-Id: 4SBQ7w2nq0z4fnM > On Oct 19, 2023, at 16:16, Miroslav Lachman <000.fbsd@quip.cz> wrote: >=20 > On 19/10/2023 21:26, Tomoaki AOKI wrote: >> On Thu, 19 Oct 2023 19:53:08 +0000 >> Miroslav Lachman <000.fbsd@quip.cz> wrote: >=20 > [..] >=20 >>> It is hackery workaround. freebsd-update must not overwrite user >>> modified files without safe merge of conflicts. yet it did it in the >>> past, for example pf.conf and some other vital files. >>>=20 >>> Kind regards >>> Miroslav Lachman >> I don't think it hackery. >> What should have been is that default sshf_config to be >> in /etc/defaults and /etc/defaults/rc.conf points to it, and anyone >> needs custom settings to create sshd_config in /etc/ssh (or in >> somewhere else), like rc.conf case. >=20 > I don't think /etc/ssh/sshd_config is the default not intended to be = edited. I am on FreeBSD from 4.x times and it was always supposed to be = modifed by users and was handled by mergemaster or etcupdate. If = freebsd-update cannot deal with it then it is a bug in freebsd-update. > All in all pre-installed /etc/ssh/sshd_config has almost everything = commented out because defaults are built in. While that has been the norm since 2.5, it does have a significant = problem that changes to sshd configuration variables do not get = incorporated into updated systems easily. Yes, mergemaster will = somewhat show you the new configuration items, they are not always = obvious and are very easy to ignore. There was one update to sshd that = caused it not to function without the new variable. I don't recall the = version or variable anymore, but it caused me days of problems trying to = figure out why I couldn't connect to my servers. I believe that adding a couple lines of sh code to the end of sshd.conf = would cause it to read /usr/local/etc/sshd.conf and avoid those issues. = That is done in other places in the rc process. -- Doug=