diff -Nru openssh-8.4p1/debian/changelog openssh-8.4p1/debian/changelog --- openssh-8.4p1/debian/changelog 2021-07-05 07:21:03.000000000 -0500 +++ openssh-8.4p1/debian/changelog 2021-08-26 13:51:02.000000000 -0500 @@ -1,3 +1,28 @@ +openssh (1:8.4p1-6ubuntu1) impish; urgency=low + + * Merge from Debian unstable (LP: #1941799). Remaining changes: + - Cherry-pick seccomp fixes for glibc 2.33 thanks to Dave Jones for + reports on armhf. + + -- William 'jawn-smith' Wilson Thu, 26 Aug 2021 12:51:02 -0600 + +openssh (1:8.4p1-6) unstable; urgency=medium + + [ Colin Watson ] + * Rename ssh group to _ssh (closes: #990456). It's only used by + ssh-agent. + * debian/tests/regress: Don't fail cleanup if haveged isn't running. + * Backport from upstream: + - Add includes.h to compat tests (closes: #992134, LP: #1939751). + * Use "command -v" in maintainer scripts rather than "which". + + [ Athos Ribeiro ] + * d/systemd/ssh@.service: preserve the systemd managed runtime directory to + ensure parallel processes will not disrupt one another when halting + (LP: #1905285) (closes: #934663) + + -- Colin Watson Thu, 19 Aug 2021 11:04:01 +0100 + openssh (1:8.4p1-5ubuntu2) impish; urgency=medium * d/systemd/ssh@.service: preserve the systemd managed runtime directory to @@ -6129,3 +6154,4 @@ * Initial release -- Dan Brosemer Wed, 27 Oct 1999 19:39:46 -0500 + diff -Nru openssh-8.4p1/debian/.git-dpm openssh-8.4p1/debian/.git-dpm --- openssh-8.4p1/debian/.git-dpm 2021-07-05 07:21:03.000000000 -0500 +++ openssh-8.4p1/debian/.git-dpm 2021-08-19 09:44:57.000000000 -0500 @@ -1,6 +1,6 @@ # see git-dpm(1) from git-dpm package -421db3656dcafbe810226463bf27a18a0b1c3186 -421db3656dcafbe810226463bf27a18a0b1c3186 +2162a13f07d50e14e386f473530cc1558d39a9df +2162a13f07d50e14e386f473530cc1558d39a9df 2b2c99658e3e8ed452e28f88f9cdbcdfb2a461cb 2b2c99658e3e8ed452e28f88f9cdbcdfb2a461cb openssh_8.4p1.orig.tar.gz diff -Nru openssh-8.4p1/debian/openssh-client.postinst openssh-8.4p1/debian/openssh-client.postinst --- openssh-8.4p1/debian/openssh-client.postinst 2021-07-05 07:21:03.000000000 -0500 +++ openssh-8.4p1/debian/openssh-client.postinst 2021-08-19 09:44:56.000000000 -0500 @@ -23,12 +23,22 @@ done } +update_ssh_group_name() { + # The _ssh group used to be called ssh, but that could clash with + # locally-created user accounts. Since this only exists as an + # otherwise-empty group to which ssh-agent is installed setgid, it's + # easy to rename. + if getent group ssh >/dev/null && ! getent group _ssh >/dev/null; then + groupmod -n _ssh ssh + fi +} + set_ssh_agent_permissions() { - if ! getent group ssh >/dev/null; then - addgroup --system --quiet ssh + if ! getent group _ssh >/dev/null; then + addgroup --system --quiet --force-badname _ssh fi if ! dpkg-statoverride --list /usr/bin/ssh-agent >/dev/null; then - chgrp ssh /usr/bin/ssh-agent + chgrp _ssh /usr/bin/ssh-agent chmod 2755 /usr/bin/ssh-agent fi } @@ -36,6 +46,9 @@ if [ "$action" = configure ]; then create_alternatives + if dpkg --compare-versions "$2" lt-nl 1:8.4p1-6~; then + update_ssh_group_name + fi set_ssh_agent_permissions fi diff -Nru openssh-8.4p1/debian/openssh-client.postrm openssh-8.4p1/debian/openssh-client.postrm --- openssh-8.4p1/debian/openssh-client.postrm 2021-07-05 07:21:03.000000000 -0500 +++ openssh-8.4p1/debian/openssh-client.postrm 2021-08-19 09:44:56.000000000 -0500 @@ -13,7 +13,7 @@ rm -f /etc/ssh/ssh_known_hosts /etc/ssh/ssh_known_hosts2 [ ! -d /etc/ssh ] || rmdir --ignore-fail-on-non-empty /etc/ssh - if which delgroup >/dev/null 2>&1; then + if command -v delgroup >/dev/null 2>&1; then delgroup --quiet ssh > /dev/null || true fi ;; diff -Nru openssh-8.4p1/debian/openssh-server.postinst openssh-8.4p1/debian/openssh-server.postinst --- openssh-8.4p1/debian/openssh-server.postinst 2021-07-05 07:21:03.000000000 -0500 +++ openssh-8.4p1/debian/openssh-server.postinst 2021-08-19 09:44:56.000000000 -0500 @@ -49,7 +49,7 @@ printf %s "$msg" ssh-keygen -q -f "$file" -N '' "$@" echo - if which restorecon >/dev/null 2>&1; then + if command -v restorecon >/dev/null 2>&1; then restorecon "$file" "$file.pub" fi ssh-keygen -l -f "$file.pub" diff -Nru openssh-8.4p1/debian/openssh-server.postrm openssh-8.4p1/debian/openssh-server.postrm --- openssh-8.4p1/debian/openssh-server.postrm 2021-07-05 07:21:03.000000000 -0500 +++ openssh-8.4p1/debian/openssh-server.postrm 2021-08-19 09:44:56.000000000 -0500 @@ -17,16 +17,16 @@ for ext in .ucf-new .ucf-old .ucf-dist ""; do rm -f "/etc/ssh/sshd_config$ext" done - if which ucf >/dev/null 2>&1; then + if command -v ucf >/dev/null 2>&1; then ucf --purge /etc/ssh/sshd_config fi - if which ucfr >/dev/null 2>&1; then + if command -v ucfr >/dev/null 2>&1; then ucfr --purge openssh-server /etc/ssh/sshd_config fi rm -f /etc/ssh/sshd_not_to_be_run [ ! -d /etc/ssh ] || rmdir --ignore-fail-on-non-empty /etc/ssh - if which deluser >/dev/null 2>&1; then + if command -v deluser >/dev/null 2>&1; then deluser --quiet sshd > /dev/null || true fi ;; diff -Nru openssh-8.4p1/debian/patches/regress-includes.patch openssh-8.4p1/debian/patches/regress-includes.patch --- openssh-8.4p1/debian/patches/regress-includes.patch 1969-12-31 18:00:00.000000000 -0600 +++ openssh-8.4p1/debian/patches/regress-includes.patch 2021-08-19 05:04:01.000000000 -0500 @@ -0,0 +1,127 @@ +From 2162a13f07d50e14e386f473530cc1558d39a9df Mon Sep 17 00:00:00 2001 +From: Darren Tucker +Date: Wed, 11 Aug 2021 09:21:09 +1000 +Subject: Add includes.h to compat tests. + +On platforms where closefrom returns void (eg glibc>=2.34) the prototype +for closefrom in its compat tests would cause compile errors. Remove +this and have the tests pull in the compat headers in the same way as +the main code. bz#3336. + +Origin: upstream, https://anongit.mindrot.org/openssh.git/commit/?id=419aa01123db5ff5dbc68b2376ef23b222862338 +Bug: https://bugzilla.mindrot.org/show_bug.cgi?id=3336 +Bug-Debian: https://bugs.debian.org/992134 +Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1939751 +Last-Update: 2021-08-13 + +Patch-Name: regress-includes.patch +--- + openbsd-compat/regress/Makefile.in | 2 +- + openbsd-compat/regress/closefromtest.c | 4 ++-- + openbsd-compat/regress/opensslvertest.c | 2 ++ + openbsd-compat/regress/snprintftest.c | 2 ++ + openbsd-compat/regress/strduptest.c | 2 ++ + openbsd-compat/regress/strtonumtest.c | 2 ++ + openbsd-compat/regress/utimensattest.c | 2 ++ + 7 files changed, 13 insertions(+), 3 deletions(-) + +diff --git a/openbsd-compat/regress/Makefile.in b/openbsd-compat/regress/Makefile.in +index c5aae61e2..dd8cdc4b7 100644 +--- a/openbsd-compat/regress/Makefile.in ++++ b/openbsd-compat/regress/Makefile.in +@@ -7,7 +7,7 @@ VPATH=@srcdir@ + CC=@CC@ + LD=@LD@ + CFLAGS=@CFLAGS@ +-CPPFLAGS=-I. -I.. -I$(srcdir) -I$(srcdir)/.. @CPPFLAGS@ @DEFS@ ++CPPFLAGS=-I. -I.. -I../.. -I$(srcdir) -I$(srcdir)/.. -I$(srcdir)/../.. @CPPFLAGS@ @DEFS@ + EXEEXT=@EXEEXT@ + LIBCOMPAT=../libopenbsd-compat.a + LIBS=@LIBS@ +diff --git a/openbsd-compat/regress/closefromtest.c b/openbsd-compat/regress/closefromtest.c +index 82ffeb9a7..7a69fb2b1 100644 +--- a/openbsd-compat/regress/closefromtest.c ++++ b/openbsd-compat/regress/closefromtest.c +@@ -14,6 +14,8 @@ + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + ++#include "includes.h" ++ + #include + #include + +@@ -24,8 +26,6 @@ + + #define NUM_OPENS 10 + +-int closefrom(int); +- + void + fail(char *msg) + { +diff --git a/openbsd-compat/regress/opensslvertest.c b/openbsd-compat/regress/opensslvertest.c +index 58474873d..669396d9f 100644 +--- a/openbsd-compat/regress/opensslvertest.c ++++ b/openbsd-compat/regress/opensslvertest.c +@@ -14,6 +14,8 @@ + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + ++#include "includes.h" ++ + #include + #include + +diff --git a/openbsd-compat/regress/snprintftest.c b/openbsd-compat/regress/snprintftest.c +index 6dc2e222a..a3134db1c 100644 +--- a/openbsd-compat/regress/snprintftest.c ++++ b/openbsd-compat/regress/snprintftest.c +@@ -17,6 +17,8 @@ + + #define BUFSZ 2048 + ++#include "includes.h" ++ + #include + #include + #include +diff --git a/openbsd-compat/regress/strduptest.c b/openbsd-compat/regress/strduptest.c +index 7f6d779be..8a3ccf771 100644 +--- a/openbsd-compat/regress/strduptest.c ++++ b/openbsd-compat/regress/strduptest.c +@@ -14,6 +14,8 @@ + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + ++#include "includes.h" ++ + #include + #include + +diff --git a/openbsd-compat/regress/strtonumtest.c b/openbsd-compat/regress/strtonumtest.c +index 50ca5bd22..46bd2b916 100644 +--- a/openbsd-compat/regress/strtonumtest.c ++++ b/openbsd-compat/regress/strtonumtest.c +@@ -17,6 +17,8 @@ + + /* OPENBSD ORIGINAL: regress/lib/libc/strtonum/strtonumtest.c */ + ++#include "includes.h" ++ + #include + #include + #include +diff --git a/openbsd-compat/regress/utimensattest.c b/openbsd-compat/regress/utimensattest.c +index 24312e5d8..bbc66c485 100644 +--- a/openbsd-compat/regress/utimensattest.c ++++ b/openbsd-compat/regress/utimensattest.c +@@ -14,6 +14,8 @@ + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + ++#include "includes.h" ++ + #include + #include + diff -Nru openssh-8.4p1/debian/patches/series openssh-8.4p1/debian/patches/series --- openssh-8.4p1/debian/patches/series 2021-07-05 07:21:03.000000000 -0500 +++ openssh-8.4p1/debian/patches/series 2021-08-26 13:17:18.000000000 -0500 @@ -29,3 +29,4 @@ 0f90440ca70abab947acbd77795e9f130967956c.patch 2e0beff67def2120f4b051b1016d7fbf84823e78.patch 1bb130ed34721d46452529d094d9bbf045607d79.patch +regress-includes.patch diff -Nru openssh-8.4p1/debian/tests/regress openssh-8.4p1/debian/tests/regress --- openssh-8.4p1/debian/tests/regress 2021-07-05 07:21:03.000000000 -0500 +++ openssh-8.4p1/debian/tests/regress 2021-08-19 09:44:57.000000000 -0500 @@ -13,7 +13,7 @@ systemctl disable haveged || true systemctl stop haveged || true else - start-stop-daemon --stop --quiet \ + start-stop-daemon --stop --quiet --oknodo \ --retry=TERM/30/KILL/5 \ --pidfile "$AUTOPKGTEST_TMP/haveged.pid" \ --name haveged