summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--debian/changelog7
-rw-r--r--debian/openssh-server-udeb.dirs2
-rw-r--r--debian/openssh-server.if-up4
-rw-r--r--debian/openssh-server.postinst8
-rw-r--r--debian/openssh-server.preinst6
-rw-r--r--debian/openssh-server.ssh.init22
-rw-r--r--debian/openssh-server.ssh.upstart2
-rwxr-xr-xdebian/rules3
-rw-r--r--debian/systemd/sshd.conf2
9 files changed, 32 insertions, 24 deletions
diff --git a/debian/changelog b/debian/changelog
index 15a6958ad..6c59cebed 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,10 @@
1openssh (1:7.4p1-10) UNRELEASED; urgency=medium
2
3 * Move privilege separation directory and PID file from /var/run/ to /run/
4 (closes: #760422, #856825).
5
6 -- Colin Watson <cjwatson@debian.org> Wed, 29 Mar 2017 23:44:13 +0100
7
1openssh (1:7.4p1-9) unstable; urgency=medium 8openssh (1:7.4p1-9) unstable; urgency=medium
2 9
3 * Fix null pointer dereference in ssh-keygen; this fixes an autopkgtest 10 * Fix null pointer dereference in ssh-keygen; this fixes an autopkgtest
diff --git a/debian/openssh-server-udeb.dirs b/debian/openssh-server-udeb.dirs
index 2ce0d81d6..e730fc43d 100644
--- a/debian/openssh-server-udeb.dirs
+++ b/debian/openssh-server-udeb.dirs
@@ -1 +1 @@
var/run/sshd run/sshd
diff --git a/debian/openssh-server.if-up b/debian/openssh-server.if-up
index 915284cc6..525c2153b 100644
--- a/debian/openssh-server.if-up
+++ b/debian/openssh-server.if-up
@@ -25,8 +25,8 @@ if [ ! -e /usr/sbin/sshd ]; then
25 exit 0 25 exit 0
26fi 26fi
27 27
28if [ ! -f /var/run/sshd.pid ] || \ 28if [ ! -f /run/sshd.pid ] || \
29 [ "$(ps -p "$(cat /var/run/sshd.pid)" -o comm=)" != sshd ]; then 29 [ "$(ps -p "$(cat /run/sshd.pid)" -o comm=)" != sshd ]; then
30 exit 0 30 exit 0
31fi 31fi
32 32
diff --git a/debian/openssh-server.postinst b/debian/openssh-server.postinst
index 90d346674..f0ebe48b8 100644
--- a/debian/openssh-server.postinst
+++ b/debian/openssh-server.postinst
@@ -111,7 +111,7 @@ fix_statoverride() {
111 111
112setup_sshd_user() { 112setup_sshd_user() {
113 if ! getent passwd sshd >/dev/null; then 113 if ! getent passwd sshd >/dev/null; then
114 adduser --quiet --system --no-create-home --home /var/run/sshd --shell /usr/sbin/nologin sshd 114 adduser --quiet --system --no-create-home --home /run/sshd --shell /usr/sbin/nologin sshd
115 fi 115 fi
116} 116}
117 117
@@ -125,14 +125,14 @@ if [ "$action" = configure ]; then
125 rm -f /etc/ssh/primes 125 rm -f /etc/ssh/primes
126 fi 126 fi
127 if dpkg --compare-versions "$2" lt-nl 1:5.5p1-6; then 127 if dpkg --compare-versions "$2" lt-nl 1:5.5p1-6; then
128 rm -f /var/run/sshd/.placeholder 128 rm -f /run/sshd/.placeholder
129 fi 129 fi
130 if dpkg --compare-versions "$2" lt-nl 1:6.2p2-3 && \ 130 if dpkg --compare-versions "$2" lt-nl 1:6.2p2-3 && \
131 which initctl >/dev/null && initctl version 2>/dev/null | grep -q upstart && \ 131 which initctl >/dev/null && initctl version 2>/dev/null | grep -q upstart && \
132 ! status ssh 2>/dev/null | grep -q ' start/'; then 132 ! status ssh 2>/dev/null | grep -q ' start/'; then
133 # We must stop the sysvinit-controlled sshd before we can 133 # We must stop the sysvinit-controlled sshd before we can
134 # restart it under Upstart. 134 # restart it under Upstart.
135 start-stop-daemon --stop --quiet --oknodo --pidfile /var/run/sshd.pid || true 135 start-stop-daemon --stop --quiet --oknodo --pidfile /run/sshd.pid || true
136 fi 136 fi
137 if dpkg --compare-versions "$2" lt-nl 1:6.5p1-2 && \ 137 if dpkg --compare-versions "$2" lt-nl 1:6.5p1-2 && \
138 deb-systemd-helper debian-installed ssh.socket && \ 138 deb-systemd-helper debian-installed ssh.socket && \
@@ -146,7 +146,7 @@ if [ "$action" = configure ]; then
146 [ -d /run/systemd/system ]; then 146 [ -d /run/systemd/system ]; then
147 # We must stop the sysvinit-controlled sshd before we can 147 # We must stop the sysvinit-controlled sshd before we can
148 # restart it under systemd. 148 # restart it under systemd.
149 start-stop-daemon --stop --quiet --oknodo --pidfile /var/run/sshd.pid --exec /usr/sbin/sshd || true 149 start-stop-daemon --stop --quiet --oknodo --pidfile /run/sshd.pid --exec /usr/sbin/sshd || true
150 fi 150 fi
151fi 151fi
152 152
diff --git a/debian/openssh-server.preinst b/debian/openssh-server.preinst
index 9fb5d350e..f5b75124e 100644
--- a/debian/openssh-server.preinst
+++ b/debian/openssh-server.preinst
@@ -7,9 +7,9 @@ version=$2
7if [ "$action" = upgrade ] || [ "$action" = install ] 7if [ "$action" = upgrade ] || [ "$action" = install ]
8then 8then
9 if dpkg --compare-versions "$version" lt 1:5.5p1-6 && \ 9 if dpkg --compare-versions "$version" lt 1:5.5p1-6 && \
10 [ -d /var/run/sshd ]; then 10 [ -d /run/sshd ]; then
11 # make sure /var/run/sshd is not removed on upgrades 11 # make sure /run/sshd is not removed on upgrades
12 touch /var/run/sshd/.placeholder 12 touch /run/sshd/.placeholder
13 fi 13 fi
14fi 14fi
15 15
diff --git a/debian/openssh-server.ssh.init b/debian/openssh-server.ssh.init
index bda7a92b8..70a6c38f2 100644
--- a/debian/openssh-server.ssh.init
+++ b/debian/openssh-server.ssh.init
@@ -66,9 +66,9 @@ check_dev_null() {
66 66
67check_privsep_dir() { 67check_privsep_dir() {
68 # Create the PrivSep empty dir if necessary 68 # Create the PrivSep empty dir if necessary
69 if [ ! -d /var/run/sshd ]; then 69 if [ ! -d /run/sshd ]; then
70 mkdir /var/run/sshd 70 mkdir /run/sshd
71 chmod 0755 /var/run/sshd 71 chmod 0755 /run/sshd
72 fi 72 fi
73} 73}
74 74
@@ -87,7 +87,7 @@ case "$1" in
87 check_for_no_start 87 check_for_no_start
88 check_dev_null 88 check_dev_null
89 log_daemon_msg "Starting OpenBSD Secure Shell server" "sshd" || true 89 log_daemon_msg "Starting OpenBSD Secure Shell server" "sshd" || true
90 if start-stop-daemon --start --quiet --oknodo --pidfile /var/run/sshd.pid --exec /usr/sbin/sshd -- $SSHD_OPTS; then 90 if start-stop-daemon --start --quiet --oknodo --pidfile /run/sshd.pid --exec /usr/sbin/sshd -- $SSHD_OPTS; then
91 log_end_msg 0 || true 91 log_end_msg 0 || true
92 else 92 else
93 log_end_msg 1 || true 93 log_end_msg 1 || true
@@ -96,7 +96,7 @@ case "$1" in
96 stop) 96 stop)
97 check_for_upstart 0 97 check_for_upstart 0
98 log_daemon_msg "Stopping OpenBSD Secure Shell server" "sshd" || true 98 log_daemon_msg "Stopping OpenBSD Secure Shell server" "sshd" || true
99 if start-stop-daemon --stop --quiet --oknodo --pidfile /var/run/sshd.pid; then 99 if start-stop-daemon --stop --quiet --oknodo --pidfile /run/sshd.pid; then
100 log_end_msg 0 || true 100 log_end_msg 0 || true
101 else 101 else
102 log_end_msg 1 || true 102 log_end_msg 1 || true
@@ -108,7 +108,7 @@ case "$1" in
108 check_for_no_start 108 check_for_no_start
109 check_config 109 check_config
110 log_daemon_msg "Reloading OpenBSD Secure Shell server's configuration" "sshd" || true 110 log_daemon_msg "Reloading OpenBSD Secure Shell server's configuration" "sshd" || true
111 if start-stop-daemon --stop --signal 1 --quiet --oknodo --pidfile /var/run/sshd.pid --exec /usr/sbin/sshd; then 111 if start-stop-daemon --stop --signal 1 --quiet --oknodo --pidfile /run/sshd.pid --exec /usr/sbin/sshd; then
112 log_end_msg 0 || true 112 log_end_msg 0 || true
113 else 113 else
114 log_end_msg 1 || true 114 log_end_msg 1 || true
@@ -120,10 +120,10 @@ case "$1" in
120 check_privsep_dir 120 check_privsep_dir
121 check_config 121 check_config
122 log_daemon_msg "Restarting OpenBSD Secure Shell server" "sshd" || true 122 log_daemon_msg "Restarting OpenBSD Secure Shell server" "sshd" || true
123 start-stop-daemon --stop --quiet --oknodo --retry 30 --pidfile /var/run/sshd.pid 123 start-stop-daemon --stop --quiet --oknodo --retry 30 --pidfile /run/sshd.pid
124 check_for_no_start log_end_msg 124 check_for_no_start log_end_msg
125 check_dev_null log_end_msg 125 check_dev_null log_end_msg
126 if start-stop-daemon --start --quiet --oknodo --pidfile /var/run/sshd.pid --exec /usr/sbin/sshd -- $SSHD_OPTS; then 126 if start-stop-daemon --start --quiet --oknodo --pidfile /run/sshd.pid --exec /usr/sbin/sshd -- $SSHD_OPTS; then
127 log_end_msg 0 || true 127 log_end_msg 0 || true
128 else 128 else
129 log_end_msg 1 || true 129 log_end_msg 1 || true
@@ -136,13 +136,13 @@ case "$1" in
136 check_config 136 check_config
137 log_daemon_msg "Restarting OpenBSD Secure Shell server" "sshd" || true 137 log_daemon_msg "Restarting OpenBSD Secure Shell server" "sshd" || true
138 RET=0 138 RET=0
139 start-stop-daemon --stop --quiet --retry 30 --pidfile /var/run/sshd.pid || RET="$?" 139 start-stop-daemon --stop --quiet --retry 30 --pidfile /run/sshd.pid || RET="$?"
140 case $RET in 140 case $RET in
141 0) 141 0)
142 # old daemon stopped 142 # old daemon stopped
143 check_for_no_start log_end_msg 143 check_for_no_start log_end_msg
144 check_dev_null log_end_msg 144 check_dev_null log_end_msg
145 if start-stop-daemon --start --quiet --oknodo --pidfile /var/run/sshd.pid --exec /usr/sbin/sshd -- $SSHD_OPTS; then 145 if start-stop-daemon --start --quiet --oknodo --pidfile /run/sshd.pid --exec /usr/sbin/sshd -- $SSHD_OPTS; then
146 log_end_msg 0 || true 146 log_end_msg 0 || true
147 else 147 else
148 log_end_msg 1 || true 148 log_end_msg 1 || true
@@ -163,7 +163,7 @@ case "$1" in
163 163
164 status) 164 status)
165 check_for_upstart 1 165 check_for_upstart 1
166 status_of_proc -p /var/run/sshd.pid /usr/sbin/sshd sshd && exit 0 || exit $? 166 status_of_proc -p /run/sshd.pid /usr/sbin/sshd sshd && exit 0 || exit $?
167 ;; 167 ;;
168 168
169 *) 169 *)
diff --git a/debian/openssh-server.ssh.upstart b/debian/openssh-server.ssh.upstart
index b34cbff5d..9b0e95450 100644
--- a/debian/openssh-server.ssh.upstart
+++ b/debian/openssh-server.ssh.upstart
@@ -21,7 +21,7 @@ pre-start script
21 test -x /usr/sbin/sshd || { stop; exit 0; } 21 test -x /usr/sbin/sshd || { stop; exit 0; }
22 test -e /etc/ssh/sshd_not_to_be_run && { stop; exit 0; } 22 test -e /etc/ssh/sshd_not_to_be_run && { stop; exit 0; }
23 23
24 mkdir -p -m0755 /var/run/sshd 24 mkdir -p -m0755 /run/sshd
25end script 25end script
26 26
27# if you used to set SSHD_OPTS in /etc/default/ssh, you can change the 27# if you used to set SSHD_OPTS in /etc/default/ssh, you can change the
diff --git a/debian/rules b/debian/rules
index 6b3b335b4..c1aa9785c 100755
--- a/debian/rules
+++ b/debian/rules
@@ -68,7 +68,8 @@ confflags += --libexecdir=\$${prefix}/lib/openssh
68confflags += --disable-strip 68confflags += --disable-strip
69confflags += --with-mantype=doc 69confflags += --with-mantype=doc
70confflags += --with-4in6 70confflags += --with-4in6
71confflags += --with-privsep-path=/var/run/sshd 71confflags += --with-privsep-path=/run/sshd
72confflags += --with-pid-dir=/run
72 73
73# The Hurd needs libcrypt for res_query et al. 74# The Hurd needs libcrypt for res_query et al.
74ifeq ($(DEB_HOST_ARCH_OS),hurd) 75ifeq ($(DEB_HOST_ARCH_OS),hurd)
diff --git a/debian/systemd/sshd.conf b/debian/systemd/sshd.conf
index ab7302189..4fbeba1e8 100644
--- a/debian/systemd/sshd.conf
+++ b/debian/systemd/sshd.conf
@@ -1 +1 @@
d /var/run/sshd 0755 root root d /run/sshd 0755 root root