diff options
-rw-r--r-- | debian/changelog | 7 | ||||
-rw-r--r-- | debian/openssh-server-udeb.dirs | 2 | ||||
-rw-r--r-- | debian/openssh-server.if-up | 4 | ||||
-rw-r--r-- | debian/openssh-server.postinst | 8 | ||||
-rw-r--r-- | debian/openssh-server.preinst | 6 | ||||
-rw-r--r-- | debian/openssh-server.ssh.init | 22 | ||||
-rw-r--r-- | debian/openssh-server.ssh.upstart | 2 | ||||
-rwxr-xr-x | debian/rules | 3 | ||||
-rw-r--r-- | debian/systemd/sshd.conf | 2 |
9 files changed, 32 insertions, 24 deletions
diff --git a/debian/changelog b/debian/changelog index 15a6958ad..6c59cebed 100644 --- a/debian/changelog +++ b/debian/changelog | |||
@@ -1,3 +1,10 @@ | |||
1 | openssh (1:7.4p1-10) UNRELEASED; urgency=medium | ||
2 | |||
3 | * Move privilege separation directory and PID file from /var/run/ to /run/ | ||
4 | (closes: #760422, #856825). | ||
5 | |||
6 | -- Colin Watson <cjwatson@debian.org> Wed, 29 Mar 2017 23:44:13 +0100 | ||
7 | |||
1 | openssh (1:7.4p1-9) unstable; urgency=medium | 8 | openssh (1:7.4p1-9) unstable; urgency=medium |
2 | 9 | ||
3 | * Fix null pointer dereference in ssh-keygen; this fixes an autopkgtest | 10 | * Fix null pointer dereference in ssh-keygen; this fixes an autopkgtest |
diff --git a/debian/openssh-server-udeb.dirs b/debian/openssh-server-udeb.dirs index 2ce0d81d6..e730fc43d 100644 --- a/debian/openssh-server-udeb.dirs +++ b/debian/openssh-server-udeb.dirs | |||
@@ -1 +1 @@ | |||
var/run/sshd | run/sshd | ||
diff --git a/debian/openssh-server.if-up b/debian/openssh-server.if-up index 915284cc6..525c2153b 100644 --- a/debian/openssh-server.if-up +++ b/debian/openssh-server.if-up | |||
@@ -25,8 +25,8 @@ if [ ! -e /usr/sbin/sshd ]; then | |||
25 | exit 0 | 25 | exit 0 |
26 | fi | 26 | fi |
27 | 27 | ||
28 | if [ ! -f /var/run/sshd.pid ] || \ | 28 | if [ ! -f /run/sshd.pid ] || \ |
29 | [ "$(ps -p "$(cat /var/run/sshd.pid)" -o comm=)" != sshd ]; then | 29 | [ "$(ps -p "$(cat /run/sshd.pid)" -o comm=)" != sshd ]; then |
30 | exit 0 | 30 | exit 0 |
31 | fi | 31 | fi |
32 | 32 | ||
diff --git a/debian/openssh-server.postinst b/debian/openssh-server.postinst index 90d346674..f0ebe48b8 100644 --- a/debian/openssh-server.postinst +++ b/debian/openssh-server.postinst | |||
@@ -111,7 +111,7 @@ fix_statoverride() { | |||
111 | 111 | ||
112 | setup_sshd_user() { | 112 | setup_sshd_user() { |
113 | if ! getent passwd sshd >/dev/null; then | 113 | if ! getent passwd sshd >/dev/null; then |
114 | adduser --quiet --system --no-create-home --home /var/run/sshd --shell /usr/sbin/nologin sshd | 114 | adduser --quiet --system --no-create-home --home /run/sshd --shell /usr/sbin/nologin sshd |
115 | fi | 115 | fi |
116 | } | 116 | } |
117 | 117 | ||
@@ -125,14 +125,14 @@ if [ "$action" = configure ]; then | |||
125 | rm -f /etc/ssh/primes | 125 | rm -f /etc/ssh/primes |
126 | fi | 126 | fi |
127 | if dpkg --compare-versions "$2" lt-nl 1:5.5p1-6; then | 127 | if dpkg --compare-versions "$2" lt-nl 1:5.5p1-6; then |
128 | rm -f /var/run/sshd/.placeholder | 128 | rm -f /run/sshd/.placeholder |
129 | fi | 129 | fi |
130 | if dpkg --compare-versions "$2" lt-nl 1:6.2p2-3 && \ | 130 | if dpkg --compare-versions "$2" lt-nl 1:6.2p2-3 && \ |
131 | which initctl >/dev/null && initctl version 2>/dev/null | grep -q upstart && \ | 131 | which initctl >/dev/null && initctl version 2>/dev/null | grep -q upstart && \ |
132 | ! status ssh 2>/dev/null | grep -q ' start/'; then | 132 | ! status ssh 2>/dev/null | grep -q ' start/'; then |
133 | # We must stop the sysvinit-controlled sshd before we can | 133 | # We must stop the sysvinit-controlled sshd before we can |
134 | # restart it under Upstart. | 134 | # restart it under Upstart. |
135 | start-stop-daemon --stop --quiet --oknodo --pidfile /var/run/sshd.pid || true | 135 | start-stop-daemon --stop --quiet --oknodo --pidfile /run/sshd.pid || true |
136 | fi | 136 | fi |
137 | if dpkg --compare-versions "$2" lt-nl 1:6.5p1-2 && \ | 137 | if dpkg --compare-versions "$2" lt-nl 1:6.5p1-2 && \ |
138 | deb-systemd-helper debian-installed ssh.socket && \ | 138 | deb-systemd-helper debian-installed ssh.socket && \ |
@@ -146,7 +146,7 @@ if [ "$action" = configure ]; then | |||
146 | [ -d /run/systemd/system ]; then | 146 | [ -d /run/systemd/system ]; then |
147 | # We must stop the sysvinit-controlled sshd before we can | 147 | # We must stop the sysvinit-controlled sshd before we can |
148 | # restart it under systemd. | 148 | # restart it under systemd. |
149 | start-stop-daemon --stop --quiet --oknodo --pidfile /var/run/sshd.pid --exec /usr/sbin/sshd || true | 149 | start-stop-daemon --stop --quiet --oknodo --pidfile /run/sshd.pid --exec /usr/sbin/sshd || true |
150 | fi | 150 | fi |
151 | fi | 151 | fi |
152 | 152 | ||
diff --git a/debian/openssh-server.preinst b/debian/openssh-server.preinst index 9fb5d350e..f5b75124e 100644 --- a/debian/openssh-server.preinst +++ b/debian/openssh-server.preinst | |||
@@ -7,9 +7,9 @@ version=$2 | |||
7 | if [ "$action" = upgrade ] || [ "$action" = install ] | 7 | if [ "$action" = upgrade ] || [ "$action" = install ] |
8 | then | 8 | then |
9 | if dpkg --compare-versions "$version" lt 1:5.5p1-6 && \ | 9 | if dpkg --compare-versions "$version" lt 1:5.5p1-6 && \ |
10 | [ -d /var/run/sshd ]; then | 10 | [ -d /run/sshd ]; then |
11 | # make sure /var/run/sshd is not removed on upgrades | 11 | # make sure /run/sshd is not removed on upgrades |
12 | touch /var/run/sshd/.placeholder | 12 | touch /run/sshd/.placeholder |
13 | fi | 13 | fi |
14 | fi | 14 | fi |
15 | 15 | ||
diff --git a/debian/openssh-server.ssh.init b/debian/openssh-server.ssh.init index bda7a92b8..70a6c38f2 100644 --- a/debian/openssh-server.ssh.init +++ b/debian/openssh-server.ssh.init | |||
@@ -66,9 +66,9 @@ check_dev_null() { | |||
66 | 66 | ||
67 | check_privsep_dir() { | 67 | check_privsep_dir() { |
68 | # Create the PrivSep empty dir if necessary | 68 | # Create the PrivSep empty dir if necessary |
69 | if [ ! -d /var/run/sshd ]; then | 69 | if [ ! -d /run/sshd ]; then |
70 | mkdir /var/run/sshd | 70 | mkdir /run/sshd |
71 | chmod 0755 /var/run/sshd | 71 | chmod 0755 /run/sshd |
72 | fi | 72 | fi |
73 | } | 73 | } |
74 | 74 | ||
@@ -87,7 +87,7 @@ case "$1" in | |||
87 | check_for_no_start | 87 | check_for_no_start |
88 | check_dev_null | 88 | check_dev_null |
89 | log_daemon_msg "Starting OpenBSD Secure Shell server" "sshd" || true | 89 | log_daemon_msg "Starting OpenBSD Secure Shell server" "sshd" || true |
90 | if start-stop-daemon --start --quiet --oknodo --pidfile /var/run/sshd.pid --exec /usr/sbin/sshd -- $SSHD_OPTS; then | 90 | if start-stop-daemon --start --quiet --oknodo --pidfile /run/sshd.pid --exec /usr/sbin/sshd -- $SSHD_OPTS; then |
91 | log_end_msg 0 || true | 91 | log_end_msg 0 || true |
92 | else | 92 | else |
93 | log_end_msg 1 || true | 93 | log_end_msg 1 || true |
@@ -96,7 +96,7 @@ case "$1" in | |||
96 | stop) | 96 | stop) |
97 | check_for_upstart 0 | 97 | check_for_upstart 0 |
98 | log_daemon_msg "Stopping OpenBSD Secure Shell server" "sshd" || true | 98 | log_daemon_msg "Stopping OpenBSD Secure Shell server" "sshd" || true |
99 | if start-stop-daemon --stop --quiet --oknodo --pidfile /var/run/sshd.pid; then | 99 | if start-stop-daemon --stop --quiet --oknodo --pidfile /run/sshd.pid; then |
100 | log_end_msg 0 || true | 100 | log_end_msg 0 || true |
101 | else | 101 | else |
102 | log_end_msg 1 || true | 102 | log_end_msg 1 || true |
@@ -108,7 +108,7 @@ case "$1" in | |||
108 | check_for_no_start | 108 | check_for_no_start |
109 | check_config | 109 | check_config |
110 | log_daemon_msg "Reloading OpenBSD Secure Shell server's configuration" "sshd" || true | 110 | log_daemon_msg "Reloading OpenBSD Secure Shell server's configuration" "sshd" || true |
111 | if start-stop-daemon --stop --signal 1 --quiet --oknodo --pidfile /var/run/sshd.pid --exec /usr/sbin/sshd; then | 111 | if start-stop-daemon --stop --signal 1 --quiet --oknodo --pidfile /run/sshd.pid --exec /usr/sbin/sshd; then |
112 | log_end_msg 0 || true | 112 | log_end_msg 0 || true |
113 | else | 113 | else |
114 | log_end_msg 1 || true | 114 | log_end_msg 1 || true |
@@ -120,10 +120,10 @@ case "$1" in | |||
120 | check_privsep_dir | 120 | check_privsep_dir |
121 | check_config | 121 | check_config |
122 | log_daemon_msg "Restarting OpenBSD Secure Shell server" "sshd" || true | 122 | log_daemon_msg "Restarting OpenBSD Secure Shell server" "sshd" || true |
123 | start-stop-daemon --stop --quiet --oknodo --retry 30 --pidfile /var/run/sshd.pid | 123 | start-stop-daemon --stop --quiet --oknodo --retry 30 --pidfile /run/sshd.pid |
124 | check_for_no_start log_end_msg | 124 | check_for_no_start log_end_msg |
125 | check_dev_null log_end_msg | 125 | check_dev_null log_end_msg |
126 | if start-stop-daemon --start --quiet --oknodo --pidfile /var/run/sshd.pid --exec /usr/sbin/sshd -- $SSHD_OPTS; then | 126 | if start-stop-daemon --start --quiet --oknodo --pidfile /run/sshd.pid --exec /usr/sbin/sshd -- $SSHD_OPTS; then |
127 | log_end_msg 0 || true | 127 | log_end_msg 0 || true |
128 | else | 128 | else |
129 | log_end_msg 1 || true | 129 | log_end_msg 1 || true |
@@ -136,13 +136,13 @@ case "$1" in | |||
136 | check_config | 136 | check_config |
137 | log_daemon_msg "Restarting OpenBSD Secure Shell server" "sshd" || true | 137 | log_daemon_msg "Restarting OpenBSD Secure Shell server" "sshd" || true |
138 | RET=0 | 138 | RET=0 |
139 | start-stop-daemon --stop --quiet --retry 30 --pidfile /var/run/sshd.pid || RET="$?" | 139 | start-stop-daemon --stop --quiet --retry 30 --pidfile /run/sshd.pid || RET="$?" |
140 | case $RET in | 140 | case $RET in |
141 | 0) | 141 | 0) |
142 | # old daemon stopped | 142 | # old daemon stopped |
143 | check_for_no_start log_end_msg | 143 | check_for_no_start log_end_msg |
144 | check_dev_null log_end_msg | 144 | check_dev_null log_end_msg |
145 | if start-stop-daemon --start --quiet --oknodo --pidfile /var/run/sshd.pid --exec /usr/sbin/sshd -- $SSHD_OPTS; then | 145 | if start-stop-daemon --start --quiet --oknodo --pidfile /run/sshd.pid --exec /usr/sbin/sshd -- $SSHD_OPTS; then |
146 | log_end_msg 0 || true | 146 | log_end_msg 0 || true |
147 | else | 147 | else |
148 | log_end_msg 1 || true | 148 | log_end_msg 1 || true |
@@ -163,7 +163,7 @@ case "$1" in | |||
163 | 163 | ||
164 | status) | 164 | status) |
165 | check_for_upstart 1 | 165 | check_for_upstart 1 |
166 | status_of_proc -p /var/run/sshd.pid /usr/sbin/sshd sshd && exit 0 || exit $? | 166 | status_of_proc -p /run/sshd.pid /usr/sbin/sshd sshd && exit 0 || exit $? |
167 | ;; | 167 | ;; |
168 | 168 | ||
169 | *) | 169 | *) |
diff --git a/debian/openssh-server.ssh.upstart b/debian/openssh-server.ssh.upstart index b34cbff5d..9b0e95450 100644 --- a/debian/openssh-server.ssh.upstart +++ b/debian/openssh-server.ssh.upstart | |||
@@ -21,7 +21,7 @@ pre-start script | |||
21 | test -x /usr/sbin/sshd || { stop; exit 0; } | 21 | test -x /usr/sbin/sshd || { stop; exit 0; } |
22 | test -e /etc/ssh/sshd_not_to_be_run && { stop; exit 0; } | 22 | test -e /etc/ssh/sshd_not_to_be_run && { stop; exit 0; } |
23 | 23 | ||
24 | mkdir -p -m0755 /var/run/sshd | 24 | mkdir -p -m0755 /run/sshd |
25 | end script | 25 | end script |
26 | 26 | ||
27 | # if you used to set SSHD_OPTS in /etc/default/ssh, you can change the | 27 | # if you used to set SSHD_OPTS in /etc/default/ssh, you can change the |
diff --git a/debian/rules b/debian/rules index 6b3b335b4..c1aa9785c 100755 --- a/debian/rules +++ b/debian/rules | |||
@@ -68,7 +68,8 @@ confflags += --libexecdir=\$${prefix}/lib/openssh | |||
68 | confflags += --disable-strip | 68 | confflags += --disable-strip |
69 | confflags += --with-mantype=doc | 69 | confflags += --with-mantype=doc |
70 | confflags += --with-4in6 | 70 | confflags += --with-4in6 |
71 | confflags += --with-privsep-path=/var/run/sshd | 71 | confflags += --with-privsep-path=/run/sshd |
72 | confflags += --with-pid-dir=/run | ||
72 | 73 | ||
73 | # The Hurd needs libcrypt for res_query et al. | 74 | # The Hurd needs libcrypt for res_query et al. |
74 | ifeq ($(DEB_HOST_ARCH_OS),hurd) | 75 | ifeq ($(DEB_HOST_ARCH_OS),hurd) |
diff --git a/debian/systemd/sshd.conf b/debian/systemd/sshd.conf index ab7302189..4fbeba1e8 100644 --- a/debian/systemd/sshd.conf +++ b/debian/systemd/sshd.conf | |||
@@ -1 +1 @@ | |||
d /var/run/sshd 0755 root root | d /run/sshd 0755 root root | ||