changeset 1278:ab85a4ae04ba

network/openssh: upgrade to 8.8p1
author David Demelier <markand@malikania.fr>
date Mon, 15 Nov 2021 09:07:09 +0100
parents cbb174b1c555
children 46e278d09c6b
files network/openssh/CVE-2018-20685.patch network/openssh/CVE-2019-6109.patch network/openssh/CVE-2019-6111.patch network/openssh/openssh.sh network/openssh/openssh.sha1 network/openssh/sshd
diffstat 6 files changed, 13 insertions(+), 511 deletions(-) [+]
line wrap: on
line diff
--- a/network/openssh/CVE-2018-20685.patch	Thu Nov 11 07:36:45 2021 +0100
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,33 +0,0 @@
-From 6010c0303a422a9c5fa8860c061bf7105eb7f8b2 Mon Sep 17 00:00:00 2001
-From: "djm@openbsd.org" <djm@openbsd.org>
-Date: Fri, 16 Nov 2018 03:03:10 +0000
-Subject: [PATCH] upstream: disallow empty incoming filename or ones that refer
- to the
-
-current directory; based on report/patch from Harry Sintonen
-
-OpenBSD-Commit-ID: f27651b30eaee2df49540ab68d030865c04f6de9
----
- scp.c | 5 +++--
- 1 file changed, 3 insertions(+), 2 deletions(-)
-
-diff --git a/scp.c b/scp.c
-index 60682c687..4f3fdcd3d 100644
---- a/scp.c
-+++ b/scp.c
-@@ -1,4 +1,4 @@
--/* $OpenBSD: scp.c,v 1.197 2018/06/01 04:31:48 dtucker Exp $ */
-+/* $OpenBSD: scp.c,v 1.198 2018/11/16 03:03:10 djm Exp $ */
- /*
-  * scp - secure remote copy.  This is basically patched BSD rcp which
-  * uses ssh to do the data transfer (instead of using rcmd).
-@@ -1106,7 +1106,8 @@ sink(int argc, char **argv)
- 			SCREWUP("size out of range");
- 		size = (off_t)ull;
- 
--		if ((strchr(cp, '/') != NULL) || (strcmp(cp, "..") == 0)) {
-+		if (*cp == '\0' || strchr(cp, '/') != NULL ||
-+		    strcmp(cp, ".") == 0 || strcmp(cp, "..") == 0) {
- 			run_err("error: unexpected filename: %s", cp);
- 			exit(1);
- 		}
--- a/network/openssh/CVE-2019-6109.patch	Thu Nov 11 07:36:45 2021 +0100
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,276 +0,0 @@
-From 11b88754cadcad0ba79b4ffcc127223248dccb54 Mon Sep 17 00:00:00 2001
-From: "dtucker@openbsd.org" <dtucker@openbsd.org>
-Date: Wed, 23 Jan 2019 08:01:46 +0000
-Subject: upstream: Sanitize scp filenames via snmprintf. To do this we move
-
-the progressmeter formatting outside of signal handler context and have the
-atomicio callback called for EINTR too.  bz#2434 with contributions from djm
-and jjelen at redhat.com, ok djm@
-
-OpenBSD-Commit-ID: 1af61c1f70e4f3bd8ab140b9f1fa699481db57d8
-
-CVE-2019-6109
-
-Origin: backport, https://anongit.mindrot.org/openssh.git/commit/?id=8976f1c4b2721c26e878151f52bdf346dfe2d54c
-Bug-Debian: https://bugs.debian.org/793412
-Last-Update: 2019-02-08
-
-Patch-Name: sanitize-scp-filenames-via-snmprintf.patch
----
- atomicio.c      | 20 ++++++++++++++-----
- progressmeter.c | 53 ++++++++++++++++++++++---------------------------
- progressmeter.h |  3 ++-
- scp.c           |  1 +
- sftp-client.c   | 16 ++++++++-------
- 5 files changed, 51 insertions(+), 42 deletions(-)
-
-diff --git a/atomicio.c b/atomicio.c
-index f854a06f5..d91bd7621 100644
---- a/atomicio.c
-+++ b/atomicio.c
-@@ -1,4 +1,4 @@
--/* $OpenBSD: atomicio.c,v 1.28 2016/07/27 23:18:12 djm Exp $ */
-+/* $OpenBSD: atomicio.c,v 1.29 2019/01/23 08:01:46 dtucker Exp $ */
- /*
-  * Copyright (c) 2006 Damien Miller. All rights reserved.
-  * Copyright (c) 2005 Anil Madhavapeddy. All rights reserved.
-@@ -65,9 +65,14 @@ atomicio6(ssize_t (*f) (int, void *, size_t), int fd, void *_s, size_t n,
- 		res = (f) (fd, s + pos, n - pos);
- 		switch (res) {
- 		case -1:
--			if (errno == EINTR)
-+			if (errno == EINTR) {
-+				/* possible SIGALARM, update callback */
-+				if (cb != NULL && cb(cb_arg, 0) == -1) {
-+					errno = EINTR;
-+					return pos;
-+				}
- 				continue;
--			if (errno == EAGAIN || errno == EWOULDBLOCK) {
-+			} else if (errno == EAGAIN || errno == EWOULDBLOCK) {
- #ifndef BROKEN_READ_COMPARISON
- 				(void)poll(&pfd, 1, -1);
- #endif
-@@ -122,9 +127,14 @@ atomiciov6(ssize_t (*f) (int, const struct iovec *, int), int fd,
- 		res = (f) (fd, iov, iovcnt);
- 		switch (res) {
- 		case -1:
--			if (errno == EINTR)
-+			if (errno == EINTR) {
-+				/* possible SIGALARM, update callback */
-+				if (cb != NULL && cb(cb_arg, 0) == -1) {
-+					errno = EINTR;
-+					return pos;
-+				}
- 				continue;
--			if (errno == EAGAIN || errno == EWOULDBLOCK) {
-+			} else if (errno == EAGAIN || errno == EWOULDBLOCK) {
- #ifndef BROKEN_READV_COMPARISON
- 				(void)poll(&pfd, 1, -1);
- #endif
-diff --git a/progressmeter.c b/progressmeter.c
-index fe9bf52e4..add462dde 100644
---- a/progressmeter.c
-+++ b/progressmeter.c
-@@ -1,4 +1,4 @@
--/* $OpenBSD: progressmeter.c,v 1.45 2016/06/30 05:17:05 dtucker Exp $ */
-+/* $OpenBSD: progressmeter.c,v 1.46 2019/01/23 08:01:46 dtucker Exp $ */
- /*
-  * Copyright (c) 2003 Nils Nordman.  All rights reserved.
-  *
-@@ -31,6 +31,7 @@
- 
- #include <errno.h>
- #include <signal.h>
-+#include <stdarg.h>
- #include <stdio.h>
- #include <string.h>
- #include <time.h>
-@@ -39,6 +40,7 @@
- #include "progressmeter.h"
- #include "atomicio.h"
- #include "misc.h"
-+#include "utf8.h"
- 
- #define DEFAULT_WINSIZE 80
- #define MAX_WINSIZE 512
-@@ -61,7 +63,7 @@ static void setscreensize(void);
- void refresh_progress_meter(void);
- 
- /* signal handler for updating the progress meter */
--static void update_progress_meter(int);
-+static void sig_alarm(int);
- 
- static double start;		/* start progress */
- static double last_update;	/* last progress update */
-@@ -74,6 +76,7 @@ static long stalled;		/* how long we have been stalled */
- static int bytes_per_second;	/* current speed in bytes per second */
- static int win_size;		/* terminal window size */
- static volatile sig_atomic_t win_resized; /* for window resizing */
-+static volatile sig_atomic_t alarm_fired;
- 
- /* units for format_size */
- static const char unit[] = " KMGT";
-@@ -126,9 +129,17 @@ refresh_progress_meter(void)
- 	off_t bytes_left;
- 	int cur_speed;
- 	int hours, minutes, seconds;
--	int i, len;
- 	int file_len;
- 
-+	if ((!alarm_fired && !win_resized) || !can_output())
-+		return;
-+	alarm_fired = 0;
-+
-+	if (win_resized) {
-+		setscreensize();
-+		win_resized = 0;
-+	}
-+
- 	transferred = *counter - (cur_pos ? cur_pos : start_pos);
- 	cur_pos = *counter;
- 	now = monotime_double();
-@@ -158,16 +169,11 @@ refresh_progress_meter(void)
- 
- 	/* filename */
- 	buf[0] = '\0';
--	file_len = win_size - 35;
-+	file_len = win_size - 36;
- 	if (file_len > 0) {
--		len = snprintf(buf, file_len + 1, "\r%s", file);
--		if (len < 0)
--			len = 0;
--		if (len >= file_len + 1)
--			len = file_len;
--		for (i = len; i < file_len; i++)
--			buf[i] = ' ';
--		buf[file_len] = '\0';
-+		buf[0] = '\r';
-+		snmprintf(buf+1, sizeof(buf)-1 , &file_len, "%*s",
-+		    file_len * -1, file);
- 	}
- 
- 	/* percent of transfer done */
-@@ -228,22 +234,11 @@ refresh_progress_meter(void)
- 
- /*ARGSUSED*/
- static void
--update_progress_meter(int ignore)
-+sig_alarm(int ignore)
- {
--	int save_errno;
--
--	save_errno = errno;
--
--	if (win_resized) {
--		setscreensize();
--		win_resized = 0;
--	}
--	if (can_output())
--		refresh_progress_meter();
--
--	signal(SIGALRM, update_progress_meter);
-+	signal(SIGALRM, sig_alarm);
-+	alarm_fired = 1;
- 	alarm(UPDATE_INTERVAL);
--	errno = save_errno;
- }
- 
- void
-@@ -259,10 +254,9 @@ start_progress_meter(const char *f, off_t filesize, off_t *ctr)
- 	bytes_per_second = 0;
- 
- 	setscreensize();
--	if (can_output())
--		refresh_progress_meter();
-+	refresh_progress_meter();
- 
--	signal(SIGALRM, update_progress_meter);
-+	signal(SIGALRM, sig_alarm);
- 	signal(SIGWINCH, sig_winch);
- 	alarm(UPDATE_INTERVAL);
- }
-@@ -286,6 +280,7 @@ stop_progress_meter(void)
- static void
- sig_winch(int sig)
- {
-+	signal(SIGWINCH, sig_winch);
- 	win_resized = 1;
- }
- 
-diff --git a/progressmeter.h b/progressmeter.h
-index bf179dca6..8f6678060 100644
---- a/progressmeter.h
-+++ b/progressmeter.h
-@@ -1,4 +1,4 @@
--/* $OpenBSD: progressmeter.h,v 1.3 2015/01/14 13:54:13 djm Exp $ */
-+/* $OpenBSD: progressmeter.h,v 1.4 2019/01/23 08:01:46 dtucker Exp $ */
- /*
-  * Copyright (c) 2002 Nils Nordman.  All rights reserved.
-  *
-@@ -24,4 +24,5 @@
-  */
- 
- void	start_progress_meter(const char *, off_t, off_t *);
-+void	refresh_progress_meter(void);
- void	stop_progress_meter(void);
-diff --git a/scp.c b/scp.c
-index 7163d33dc..80308573c 100644
---- a/scp.c
-+++ b/scp.c
-@@ -593,6 +593,7 @@ scpio(void *_cnt, size_t s)
- 	off_t *cnt = (off_t *)_cnt;
- 
- 	*cnt += s;
-+	refresh_progress_meter();
- 	if (limit_kbps > 0)
- 		bandwidth_limit(&bwlimit, s);
- 	return 0;
-diff --git a/sftp-client.c b/sftp-client.c
-index 4986d6d8d..2bc698f86 100644
---- a/sftp-client.c
-+++ b/sftp-client.c
-@@ -101,7 +101,9 @@ sftpio(void *_bwlimit, size_t amount)
- {
- 	struct bwlimit *bwlimit = (struct bwlimit *)_bwlimit;
- 
--	bandwidth_limit(bwlimit, amount);
-+	refresh_progress_meter();
-+	if (bwlimit != NULL)
-+		bandwidth_limit(bwlimit, amount);
- 	return 0;
- }
- 
-@@ -121,8 +123,8 @@ send_msg(struct sftp_conn *conn, struct sshbuf *m)
- 	iov[1].iov_base = (u_char *)sshbuf_ptr(m);
- 	iov[1].iov_len = sshbuf_len(m);
- 
--	if (atomiciov6(writev, conn->fd_out, iov, 2,
--	    conn->limit_kbps > 0 ? sftpio : NULL, &conn->bwlimit_out) !=
-+	if (atomiciov6(writev, conn->fd_out, iov, 2, sftpio,
-+	    conn->limit_kbps > 0 ? &conn->bwlimit_out : NULL) !=
- 	    sshbuf_len(m) + sizeof(mlen))
- 		fatal("Couldn't send packet: %s", strerror(errno));
- 
-@@ -138,8 +140,8 @@ get_msg_extended(struct sftp_conn *conn, struct sshbuf *m, int initial)
- 
- 	if ((r = sshbuf_reserve(m, 4, &p)) != 0)
- 		fatal("%s: buffer error: %s", __func__, ssh_err(r));
--	if (atomicio6(read, conn->fd_in, p, 4,
--	    conn->limit_kbps > 0 ? sftpio : NULL, &conn->bwlimit_in) != 4) {
-+	if (atomicio6(read, conn->fd_in, p, 4, sftpio,
-+	    conn->limit_kbps > 0 ? &conn->bwlimit_in : NULL) != 4) {
- 		if (errno == EPIPE || errno == ECONNRESET)
- 			fatal("Connection closed");
- 		else
-@@ -157,8 +159,8 @@ get_msg_extended(struct sftp_conn *conn, struct sshbuf *m, int initial)
- 
- 	if ((r = sshbuf_reserve(m, msg_len, &p)) != 0)
- 		fatal("%s: buffer error: %s", __func__, ssh_err(r));
--	if (atomicio6(read, conn->fd_in, p, msg_len,
--	    conn->limit_kbps > 0 ? sftpio : NULL, &conn->bwlimit_in)
-+	if (atomicio6(read, conn->fd_in, p, msg_len, sftpio,
-+	    conn->limit_kbps > 0 ? &conn->bwlimit_in : NULL)
- 	    != msg_len) {
- 		if (errno == EPIPE)
- 			fatal("Connection closed");
--- a/network/openssh/CVE-2019-6111.patch	Thu Nov 11 07:36:45 2021 +0100
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,187 +0,0 @@
-From 125924e47db3713a85a70e0f8d6c23818d2ea054 Mon Sep 17 00:00:00 2001
-From: "djm@openbsd.org" <djm@openbsd.org>
-Date: Sat, 26 Jan 2019 22:41:28 +0000
-Subject: upstream: check in scp client that filenames sent during
-
-remote->local directory copies satisfy the wildcard specified by the user.
-
-This checking provides some protection against a malicious server
-sending unexpected filenames, but it comes at a risk of rejecting wanted
-files due to differences between client and server wildcard expansion rules.
-
-For this reason, this also adds a new -T flag to disable the check.
-
-reported by Harry Sintonen
-fix approach suggested by markus@;
-has been in snaps for ~1wk courtesy deraadt@
-
-OpenBSD-Commit-ID: 00f44b50d2be8e321973f3c6d014260f8f7a8eda
-
-CVE-2019-6111
-
-Origin: backport, https://anongit.mindrot.org/openssh.git/commit/?id=391ffc4b9d31fa1f4ad566499fef9176ff8a07dc
-Last-Update: 2019-02-08
-
-Patch-Name: check-filenames-in-scp-client.patch
----
- scp.1 | 12 +++++++++++-
- scp.c | 37 +++++++++++++++++++++++++++++--------
- 2 files changed, 40 insertions(+), 9 deletions(-)
-
-diff --git a/scp.1 b/scp.1
-index 0e5cc1b2d..397e77091 100644
---- a/scp.1
-+++ b/scp.1
-@@ -18,7 +18,7 @@
- .Nd secure copy (remote file copy program)
- .Sh SYNOPSIS
- .Nm scp
--.Op Fl 346BCpqrv
-+.Op Fl 346BCpqrTv
- .Op Fl c Ar cipher
- .Op Fl F Ar ssh_config
- .Op Fl i Ar identity_file
-@@ -208,6 +208,16 @@ to use for the encrypted connection.
- The program must understand
- .Xr ssh 1
- options.
-+.It Fl T
-+Disable strict filename checking.
-+By default when copying files from a remote host to a local directory
-+.Nm
-+checks that the received filenames match those requested on the command-line
-+to prevent the remote end from sending unexpected or unwanted files.
-+Because of differences in how various operating systems and shells interpret
-+filename wildcards, these checks may cause wanted files to be rejected.
-+This option disables these checks at the expense of fully trusting that
-+the server will not send unexpected filenames.
- .It Fl v
- Verbose mode.
- Causes
-diff --git a/scp.c b/scp.c
-index 1971c80cd..035037bcc 100644
---- a/scp.c
-+++ b/scp.c
-@@ -94,6 +94,7 @@
- #include <dirent.h>
- #include <errno.h>
- #include <fcntl.h>
-+#include <fnmatch.h>
- #include <limits.h>
- #include <locale.h>
- #include <pwd.h>
-@@ -383,14 +384,14 @@ void verifydir(char *);
- struct passwd *pwd;
- uid_t userid;
- int errs, remin, remout;
--int pflag, iamremote, iamrecursive, targetshouldbedirectory;
-+int Tflag, pflag, iamremote, iamrecursive, targetshouldbedirectory;
- 
- #define	CMDNEEDS	64
- char cmd[CMDNEEDS];		/* must hold "rcp -r -p -d\0" */
- 
- int response(void);
- void rsource(char *, struct stat *);
--void sink(int, char *[]);
-+void sink(int, char *[], const char *);
- void source(int, char *[]);
- void tolocal(int, char *[]);
- void toremote(int, char *[]);
-@@ -429,8 +430,9 @@ main(int argc, char **argv)
- 	addargs(&args, "-oRemoteCommand=none");
- 	addargs(&args, "-oRequestTTY=no");
- 
--	fflag = tflag = 0;
--	while ((ch = getopt(argc, argv, "dfl:prtvBCc:i:P:q12346S:o:F:")) != -1)
-+	fflag = Tflag = tflag = 0;
-+	while ((ch = getopt(argc, argv,
-+	    "dfl:prtTvBCc:i:P:q12346S:o:F:")) != -1) {
- 		switch (ch) {
- 		/* User-visible flags. */
- 		case '1':
-@@ -509,9 +511,13 @@ main(int argc, char **argv)
- 			setmode(0, O_BINARY);
- #endif
- 			break;
-+		case 'T':
-+			Tflag = 1;
-+			break;
- 		default:
- 			usage();
- 		}
-+	}
- 	argc -= optind;
- 	argv += optind;
- 
-@@ -542,7 +548,7 @@ main(int argc, char **argv)
- 	}
- 	if (tflag) {
- 		/* Receive data. */
--		sink(argc, argv);
-+		sink(argc, argv, NULL);
- 		exit(errs != 0);
- 	}
- 	if (argc < 2)
-@@ -800,7 +806,7 @@ tolocal(int argc, char **argv)
- 			continue;
- 		}
- 		free(bp);
--		sink(1, argv + argc - 1);
-+		sink(1, argv + argc - 1, src);
- 		(void) close(remin);
- 		remin = remout = -1;
- 	}
-@@ -976,7 +982,7 @@ rsource(char *name, struct stat *statp)
- 	 (sizeof(type) != 4 && sizeof(type) != 8))
- 
- void
--sink(int argc, char **argv)
-+sink(int argc, char **argv, const char *src)
- {
- 	static BUF buffer;
- 	struct stat stb;
-@@ -992,6 +998,7 @@ sink(int argc, char **argv)
- 	unsigned long long ull;
- 	int setimes, targisdir, wrerrno = 0;
- 	char ch, *cp, *np, *targ, *why, *vect[1], buf[2048], visbuf[2048];
-+	char *src_copy = NULL, *restrict_pattern = NULL;
- 	struct timeval tv[2];
- 
- #define	atime	tv[0]
-@@ -1016,6 +1023,17 @@ sink(int argc, char **argv)
- 	(void) atomicio(vwrite, remout, "", 1);
- 	if (stat(targ, &stb) == 0 && S_ISDIR(stb.st_mode))
- 		targisdir = 1;
-+	if (src != NULL && !iamrecursive && !Tflag) {
-+		/*
-+		 * Prepare to try to restrict incoming filenames to match
-+		 * the requested destination file glob.
-+		 */
-+		if ((src_copy = strdup(src)) == NULL)
-+			fatal("strdup failed");
-+		if ((restrict_pattern = strrchr(src_copy, '/')) != NULL) {
-+			*restrict_pattern++ = '\0';
-+		}
-+	}
- 	for (first = 1;; first = 0) {
- 		cp = buf;
- 		if (atomicio(read, remin, cp, 1) != 1)
-@@ -1120,6 +1138,9 @@ sink(int argc, char **argv)
- 			run_err("error: unexpected filename: %s", cp);
- 			exit(1);
- 		}
-+		if (restrict_pattern != NULL &&
-+		    fnmatch(restrict_pattern, cp, 0) != 0)
-+			SCREWUP("filename does not match request");
- 		if (targisdir) {
- 			static char *namebuf;
- 			static size_t cursize;
-@@ -1157,7 +1178,7 @@ sink(int argc, char **argv)
- 					goto bad;
- 			}
- 			vect[0] = xstrdup(np);
--			sink(1, vect);
-+			sink(1, vect, src);
- 			if (setimes) {
- 				setimes = 0;
- 				if (utimes(vect[0], tv) < 0)
--- a/network/openssh/openssh.sh	Thu Nov 11 07:36:45 2021 +0100
+++ b/network/openssh/openssh.sh	Mon Nov 15 09:07:09 2021 +0100
@@ -16,16 +16,16 @@
 #
 
 PKGNAME=openssh
-PKGVERSION=7.9p1
+PKGVERSION=8.8p1
 PKGREVISION=1
 PKGLICENSE="BSD"
 PKGSUMMARY="OpenBSD ssh implementation"
 PKGDOWNLOAD="https://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/$PKGNAME-$PKGVERSION.tar.gz"
 PKGDEPENDS="libressl"
 PKGOPTIONS="PAM SELINUX"
-PKGUIDS="sshd:100"
-PKGGIDS="sshd:100"
-PKGPROTECT="etc/rc.d/sshd etc/ssh/ssh_config etc/ssh/sshd_config"
+PKGUIDS="_sshd:100"
+PKGGIDS="_sshd:100"
+PKGPROTECT="etc/vinit.d/sshd etc/ssh/ssh_config etc/ssh/sshd_config"
 
 : ${CHOST:=$(uname -m)-linux-musl}
 : ${CBUILD:=$(uname -m)-linux-musl}
@@ -52,13 +52,9 @@
 build()
 {
 	rm -rf $PKGNAME-$PKGVERSION
-	tar xvf $PKGNAME-$PKGVERSION.tar.gz
+	tar -xvf $PKGNAME-$PKGVERSION.tar.gz
 	cd $PKGNAME-$PKGVERSION
 
-	patch -p1 < ../CVE-2018-20685.patch
-	patch -p1 < ../CVE-2019-6109.patch
-	patch -p1 < ../CVE-2019-6111.patch
-
 	CC="$CC" \
 	CFLAGS="$CFLAGS" \
 	LDFLAGS="$LDFLAGS" \
@@ -69,12 +65,14 @@
 		--prefix= \
 		--sysconfdir=/etc/ssh \
 		--with-pid-dir=/var/run \
+		--with-privsep-user=_sshd \
 		--sbindir=/bin \
 		$with_pam \
 		$with_selinux
 	make
 	make install DESTDIR=$DESTDIR
-	install -D -m 0644 ../sshd $DESTDIR/etc/rc.d/sshd
+	mkdir -p $DESTDIR/etc/vinit.d
+	cp ../sshd $DESTDIR/etc/vinit.d
 
 	cd ..
 	rm -rf $PKGNAME-$PKGVERSION
--- a/network/openssh/openssh.sha1	Thu Nov 11 07:36:45 2021 +0100
+++ b/network/openssh/openssh.sha1	Mon Nov 15 09:07:09 2021 +0100
@@ -1,1 +1,1 @@
-993aceedea8ecabb1d0dd7293508a361891c4eaa  openssh-7.9p1.tar.gz
+1eb964897a4372f6fb96c7effeb509ec71c379c9  openssh-8.8p1.tar.gz
--- a/network/openssh/sshd	Thu Nov 11 07:36:45 2021 +0100
+++ b/network/openssh/sshd	Mon Nov 15 09:07:09 2021 +0100
@@ -1,6 +1,6 @@
 #!/bin/busybox sh
 #
-# /etc/rc.d/sshd -- run control script for sshd
+# /etc/vinit.d/sshd -- run control script for sshd
 #
 # Copyright (c) 2019 David Demelier <markand@malikania.fr>
 #
@@ -17,8 +17,8 @@
 # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 #
 
-if [ -f /etc/rc.conf ]; then
-	. /etc/rc.conf
+if [ -f /etc/vinit.conf ]; then
+	. /etc/vinit.conf
 fi
 
 : ${SSHD_CMD:=/bin/sshd}
@@ -44,7 +44,7 @@
 		echo "sshd is already running with pid: $(cat $SSHD_PID)"
 	else
 		echo "Starting sshd: $SSHD_CMD $SSHD_ARGS"
-		$SSHD_CMD $SSHD_ARGS -p $SSHD_PID
+		$SSHD_CMD $SSHD_ARGS
 	fi
 }