summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-13 08:22:28 +0000
committerDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-13 08:22:28 +0000
commit07b1e3bdb87c5d752dd09ccd778ab476c4b84c6e (patch)
tree4484114a577eb870fea118e78b011915561ddce8
parentReleasing progress-linux version 1:9.7p1-2~progress7.99u1. (diff)
downloadopenssh-07b1e3bdb87c5d752dd09ccd778ab476c4b84c6e.tar.xz
openssh-07b1e3bdb87c5d752dd09ccd778ab476c4b84c6e.zip
Merging debian version 1:9.7p1-3.
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
-rw-r--r--debian/.git-dpm4
-rw-r--r--debian/changelog15
-rw-r--r--debian/control2
-rw-r--r--debian/patches/authorized-keys-man-symlink.patch2
-rw-r--r--debian/patches/conch-ssh-rsa.patch42
-rw-r--r--debian/patches/debian-banner.patch2
-rw-r--r--debian/patches/debian-config.patch2
-rw-r--r--debian/patches/dnssec-sshfp.patch2
-rw-r--r--debian/patches/doc-hash-tab-completion.patch2
-rw-r--r--debian/patches/gnome-ssh-askpass2-icon.patch2
-rw-r--r--debian/patches/gssapi.patch6
-rw-r--r--debian/patches/keepalive-extensions.patch2
-rw-r--r--debian/patches/maxhostnamelen.patch2
-rw-r--r--debian/patches/mention-ssh-keygen-on-keychange.patch2
-rw-r--r--debian/patches/no-openssl-version-status.patch2
-rw-r--r--debian/patches/openbsd-docs.patch2
-rw-r--r--debian/patches/package-versioning.patch2
-rw-r--r--debian/patches/regress-conch-dev-zero.patch39
-rw-r--r--debian/patches/restore-authorized_keys2.patch2
-rw-r--r--debian/patches/restore-tcp-wrappers.patch2
-rw-r--r--debian/patches/revert-ipqos-defaults.patch2
-rw-r--r--debian/patches/scp-quoting.patch2
-rw-r--r--debian/patches/selinux-role.patch2
-rw-r--r--debian/patches/series3
-rw-r--r--debian/patches/shell-path.patch2
-rw-r--r--debian/patches/skip-utimensat-test-on-zfs.patch2
-rw-r--r--debian/patches/ssh-agent-setgid.patch2
-rw-r--r--debian/patches/ssh-argv0.patch2
-rw-r--r--debian/patches/ssh-vulnkey-compat.patch2
-rw-r--r--debian/patches/syslog-level-silent.patch2
-rw-r--r--debian/patches/systemd-readiness.patch2
-rw-r--r--debian/patches/systemd-socket-activation.patch2
-rw-r--r--debian/patches/user-group-modes.patch2
-rw-r--r--debian/patches/zero-call-used-regs-m68k.patch30
-rwxr-xr-xdebian/rules6
-rwxr-xr-xdebian/run-tests2
-rw-r--r--debian/salsa-ci.yml10
-rwxr-xr-xdebian/tests/regress2
38 files changed, 130 insertions, 83 deletions
diff --git a/debian/.git-dpm b/debian/.git-dpm
index be248d5..430b68a 100644
--- a/debian/.git-dpm
+++ b/debian/.git-dpm
@@ -1,6 +1,6 @@
# see git-dpm(1) from git-dpm package
-3a5a49f1a4355e7f75ec350cb13f46ea835058da
-3a5a49f1a4355e7f75ec350cb13f46ea835058da
+7dc177f6145fd9f52b0ba7a072c3fd4739720a65
+7dc177f6145fd9f52b0ba7a072c3fd4739720a65
cf05e8418c088a6e5712344cecaf6ee2d5eb550f
cf05e8418c088a6e5712344cecaf6ee2d5eb550f
openssh_9.7p1.orig.tar.gz
diff --git a/debian/changelog b/debian/changelog
index 3db0d2a..86e5e1f 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,18 @@
+openssh (1:9.7p1-3) unstable; urgency=medium
+
+ * Fix gssapi-keyex declaration further (thanks, Andreas Hasenack;
+ LP: #2053146).
+ * Extend -fzero-call-used-regs check to catch m68k gcc bug (closes:
+ #1067243).
+ * debian/tests/regress: Set a different IP address for UNKNOWN.
+ * Re-enable ssh-askpass-gnome on all architectures.
+ * regress: Redirect conch stdin from /dev/zero (re-enables conch interop
+ tests).
+ * Drop "Work around RSA SHA-2 signature issues in conch" patch (no longer
+ needed now that Twisted is fixed).
+
+ -- Colin Watson <cjwatson@debian.org> Sun, 31 Mar 2024 11:55:38 +0100
+
openssh (1:9.7p1-2~progress7.99u1) graograman-backports; urgency=medium
* Uploading to graograman-backports, remaining changes:
diff --git a/debian/control b/debian/control
index 3d4f16f..c21abfb 100644
--- a/debian/control
+++ b/debian/control
@@ -9,7 +9,7 @@ Build-Depends: debhelper (>= 13.1~),
libaudit-dev [linux-any],
libedit-dev,
libfido2-dev (>= 1.5.0) [linux-any],
- libgtk-3-dev [!armel !armhf !hppa !m68k !powerpc !sh4] <!pkg.openssh.nognome>,
+ libgtk-3-dev <!pkg.openssh.nognome>,
libkrb5-dev | heimdal-dev,
libpam0g-dev | libpam-dev,
libselinux1-dev [linux-any],
diff --git a/debian/patches/authorized-keys-man-symlink.patch b/debian/patches/authorized-keys-man-symlink.patch
index 70596b9..2a183b1 100644
--- a/debian/patches/authorized-keys-man-symlink.patch
+++ b/debian/patches/authorized-keys-man-symlink.patch
@@ -1,4 +1,4 @@
-From 1714f9926d197f8015c17081bc582904b908aceb Mon Sep 17 00:00:00 2001
+From 8c2f7f932f143c330a74389d094117d7c85f51f9 Mon Sep 17 00:00:00 2001
From: Tomas Pospisek <tpo_deb@sourcepole.ch>
Date: Sun, 9 Feb 2014 16:10:07 +0000
Subject: Install authorized_keys(5) as a symlink to sshd(8)
diff --git a/debian/patches/conch-ssh-rsa.patch b/debian/patches/conch-ssh-rsa.patch
deleted file mode 100644
index 1025adc..0000000
--- a/debian/patches/conch-ssh-rsa.patch
+++ /dev/null
@@ -1,42 +0,0 @@
-From 1a567ea25bebb83f7765cf05401e974f855e6938 Mon Sep 17 00:00:00 2001
-From: Colin Watson <cjwatson@debian.org>
-Date: Tue, 15 Feb 2022 18:25:35 +0000
-Subject: Work around RSA SHA-2 signature issues in conch
-
-This was supposed to be fixed in Twisted upstream
-(https://twistedmatrix.com/trac/ticket/9765), and that fix is in Debian
-now. However, regression tests still seem to fail in GitLab CI but not
-locally (see e.g.
-https://salsa.debian.org/ssh-team/openssh/-/jobs/3513178). Leave this
-in place for now until we figure out what's wrong.
-
-Forwarded: not-needed
-Last-Update: 2022-11-14
-
-Patch-Name: conch-ssh-rsa.patch
----
- regress/test-exec.sh | 11 +++++++++++
- 1 file changed, 11 insertions(+)
-
-diff --git a/regress/test-exec.sh b/regress/test-exec.sh
-index 56e98159c..bec44adb5 100644
---- a/regress/test-exec.sh
-+++ b/regress/test-exec.sh
-@@ -752,6 +752,17 @@ REGRESS_INTEROP_CONCH=no
- if test -x "$CONCH" ; then
- REGRESS_INTEROP_CONCH=yes
- fi
-+case "$SCRIPT" in
-+*conch*) ;;
-+*) REGRESS_INTEROP_CONCH=no
-+esac
-+
-+if test "$REGRESS_INTEROP_CONCH" = "yes" ; then
-+ # Work around missing support for RSA SHA-2 signatures:
-+ # https://twistedmatrix.com/trac/ticket/9765
-+ echo HostKeyAlgorithms +ssh-rsa >> $OBJ/sshd_config
-+ echo PubkeyAcceptedAlgorithms +ssh-rsa >> $OBJ/sshd_config
-+fi
-
- # If PuTTY is present, new enough and we are running a PuTTY test, prepare
- # keys and configuration.
diff --git a/debian/patches/debian-banner.patch b/debian/patches/debian-banner.patch
index 4873a86..bfdf8ec 100644
--- a/debian/patches/debian-banner.patch
+++ b/debian/patches/debian-banner.patch
@@ -1,4 +1,4 @@
-From 1ec718d6b26bebc1c2c8b8774097c2a3d4805542 Mon Sep 17 00:00:00 2001
+From 30df3f03ff91b648414b35bdc697ce9127a9fe90 Mon Sep 17 00:00:00 2001
From: Kees Cook <kees@debian.org>
Date: Sun, 9 Feb 2014 16:10:06 +0000
Subject: Add DebianBanner server configuration option
diff --git a/debian/patches/debian-config.patch b/debian/patches/debian-config.patch
index 362b630..f53bac5 100644
--- a/debian/patches/debian-config.patch
+++ b/debian/patches/debian-config.patch
@@ -1,4 +1,4 @@
-From 0790e776cbf191c6c621de01259dfe32623fd13e Mon Sep 17 00:00:00 2001
+From 4f52dcf6ce616f6e674d6af0ceebb3e2f6b147a3 Mon Sep 17 00:00:00 2001
From: Colin Watson <cjwatson@debian.org>
Date: Sun, 9 Feb 2014 16:10:18 +0000
Subject: Various Debian-specific configuration changes
diff --git a/debian/patches/dnssec-sshfp.patch b/debian/patches/dnssec-sshfp.patch
index 6de17c8..9d4cb3c 100644
--- a/debian/patches/dnssec-sshfp.patch
+++ b/debian/patches/dnssec-sshfp.patch
@@ -1,4 +1,4 @@
-From 95996e9626ca13ca67e75e0158bb50057fadfa3b Mon Sep 17 00:00:00 2001
+From 2d07e4a73975fd8b478680e8a4490fc6c48a6390 Mon Sep 17 00:00:00 2001
From: Colin Watson <cjwatson@debian.org>
Date: Sun, 9 Feb 2014 16:10:01 +0000
Subject: Force use of DNSSEC even if "options edns0" isn't in resolv.conf
diff --git a/debian/patches/doc-hash-tab-completion.patch b/debian/patches/doc-hash-tab-completion.patch
index 4e9f5ba..6f648b0 100644
--- a/debian/patches/doc-hash-tab-completion.patch
+++ b/debian/patches/doc-hash-tab-completion.patch
@@ -1,4 +1,4 @@
-From 9932c1a0e0a092767e8084d24b2efcab590910d1 Mon Sep 17 00:00:00 2001
+From a783425eb21dfb3e4432dbbdb7e4e0653a436e7e Mon Sep 17 00:00:00 2001
From: Colin Watson <cjwatson@debian.org>
Date: Sun, 9 Feb 2014 16:10:11 +0000
Subject: Document that HashKnownHosts may break tab-completion
diff --git a/debian/patches/gnome-ssh-askpass2-icon.patch b/debian/patches/gnome-ssh-askpass2-icon.patch
index da85da8..e055cab 100644
--- a/debian/patches/gnome-ssh-askpass2-icon.patch
+++ b/debian/patches/gnome-ssh-askpass2-icon.patch
@@ -1,4 +1,4 @@
-From 88b6d6e61aa61bae505ab5ce332380be4fe1b1b3 Mon Sep 17 00:00:00 2001
+From 808d4d2c8a93272e5ec08a27024e76efd491ce14 Mon Sep 17 00:00:00 2001
From: Vincent Untz <vuntz@ubuntu.com>
Date: Sun, 9 Feb 2014 16:10:16 +0000
Subject: Give the ssh-askpass-gnome window a default icon
diff --git a/debian/patches/gssapi.patch b/debian/patches/gssapi.patch
index b943ba7..7c3ba4a 100644
--- a/debian/patches/gssapi.patch
+++ b/debian/patches/gssapi.patch
@@ -1,4 +1,4 @@
-From 156d561811630c66f06068ee7892b3cbf90f0d1a Mon Sep 17 00:00:00 2001
+From 4431708c5c325cdbcf802e5d86ea1f4da78c1b50 Mon Sep 17 00:00:00 2001
From: Simon Wilkinson <simon@sxw.org.uk>
Date: Sun, 9 Feb 2014 16:09:48 +0000
Subject: GSSAPI key exchange support
@@ -256,7 +256,7 @@ index 3b380d9bb..8ccf06370 100644
* Return the canonical name of the host in the other side of the current
* connection. The host name is cached, so it is efficient to call this
diff --git a/auth2-gss.c b/auth2-gss.c
-index f72a38998..c3b8e6288 100644
+index f72a38998..052c7b80f 100644
--- a/auth2-gss.c
+++ b/auth2-gss.c
@@ -1,7 +1,7 @@
@@ -276,7 +276,7 @@ index f72a38998..c3b8e6288 100644
+ * The 'gssapi_keyex' userauth mechanism.
+ */
+static int
-+userauth_gsskeyex(struct ssh *ssh)
++userauth_gsskeyex(struct ssh *ssh, const char *method)
+{
+ Authctxt *authctxt = ssh->authctxt;
+ int r, authenticated = 0;
diff --git a/debian/patches/keepalive-extensions.patch b/debian/patches/keepalive-extensions.patch
index 139084a..3b207db 100644
--- a/debian/patches/keepalive-extensions.patch
+++ b/debian/patches/keepalive-extensions.patch
@@ -1,4 +1,4 @@
-From 2b4e16a9212c0c8924e528e45871c75bfb0662b3 Mon Sep 17 00:00:00 2001
+From 50a68a21649c42d5587e78cab2c63ee3add81dd4 Mon Sep 17 00:00:00 2001
From: Richard Kettlewell <rjk@greenend.org.uk>
Date: Sun, 9 Feb 2014 16:09:52 +0000
Subject: Various keepalive extensions
diff --git a/debian/patches/maxhostnamelen.patch b/debian/patches/maxhostnamelen.patch
index a09bb86..4cfe801 100644
--- a/debian/patches/maxhostnamelen.patch
+++ b/debian/patches/maxhostnamelen.patch
@@ -1,4 +1,4 @@
-From 50bdc8330d6fa86723d493e0d6a2a4fd7ebdccd9 Mon Sep 17 00:00:00 2001
+From 25f238231292eefa02a723b84de6428baca3b7ab Mon Sep 17 00:00:00 2001
From: Svante Signell <svante.signell@gmail.com>
Date: Fri, 5 Nov 2021 23:22:53 +0000
Subject: Define MAXHOSTNAMELEN on GNU/Hurd
diff --git a/debian/patches/mention-ssh-keygen-on-keychange.patch b/debian/patches/mention-ssh-keygen-on-keychange.patch
index 7a0ab27..a26d2b1 100644
--- a/debian/patches/mention-ssh-keygen-on-keychange.patch
+++ b/debian/patches/mention-ssh-keygen-on-keychange.patch
@@ -1,4 +1,4 @@
-From d063a438467f31908ef2cfa124f7e648237926d2 Mon Sep 17 00:00:00 2001
+From 60c7e9102d69c1b2a50fd58c9a322d8e6d1d2117 Mon Sep 17 00:00:00 2001
From: Scott Moser <smoser@ubuntu.com>
Date: Sun, 9 Feb 2014 16:10:03 +0000
Subject: Mention ssh-keygen in ssh fingerprint changed warning
diff --git a/debian/patches/no-openssl-version-status.patch b/debian/patches/no-openssl-version-status.patch
index 313e61e..1fc4765 100644
--- a/debian/patches/no-openssl-version-status.patch
+++ b/debian/patches/no-openssl-version-status.patch
@@ -1,4 +1,4 @@
-From 4c461060f1d0477b582b7b2ee112c8d8925bf446 Mon Sep 17 00:00:00 2001
+From 03ba0382a8ac499aba50aa0203d89586fa785628 Mon Sep 17 00:00:00 2001
From: Kurt Roeckx <kurt@roeckx.be>
Date: Sun, 9 Feb 2014 16:10:14 +0000
Subject: Don't check the status field of the OpenSSL version
diff --git a/debian/patches/openbsd-docs.patch b/debian/patches/openbsd-docs.patch
index a21fcfd..b8eb435 100644
--- a/debian/patches/openbsd-docs.patch
+++ b/debian/patches/openbsd-docs.patch
@@ -1,4 +1,4 @@
-From 469b4b6649073a7d42ad897db0985c74c776c8ad Mon Sep 17 00:00:00 2001
+From 5ec3ad9b1f13f624244f7dea20d43e8972ce9e97 Mon Sep 17 00:00:00 2001
From: Colin Watson <cjwatson@debian.org>
Date: Sun, 9 Feb 2014 16:10:09 +0000
Subject: Adjust various OpenBSD-specific references in manual pages
diff --git a/debian/patches/package-versioning.patch b/debian/patches/package-versioning.patch
index 1507190..1a81e91 100644
--- a/debian/patches/package-versioning.patch
+++ b/debian/patches/package-versioning.patch
@@ -1,4 +1,4 @@
-From 1a1c5dad468ae8bc92ab599c5fb31e0ecff8b291 Mon Sep 17 00:00:00 2001
+From eb68bf3cb81031d4a765b9c7745842bb49b7b3bb Mon Sep 17 00:00:00 2001
From: Matthew Vernon <matthew@debian.org>
Date: Sun, 9 Feb 2014 16:10:05 +0000
Subject: Include the Debian version in our identification
diff --git a/debian/patches/regress-conch-dev-zero.patch b/debian/patches/regress-conch-dev-zero.patch
new file mode 100644
index 0000000..fed6e66
--- /dev/null
+++ b/debian/patches/regress-conch-dev-zero.patch
@@ -0,0 +1,39 @@
+From 7dc177f6145fd9f52b0ba7a072c3fd4739720a65 Mon Sep 17 00:00:00 2001
+From: Colin Watson <cjwatson@debian.org>
+Date: Sun, 31 Mar 2024 00:24:11 +0000
+Subject: regress: Redirect conch stdin from /dev/zero
+
+This is more convenient than requiring a controlling terminal.
+
+Forwarded: https://bugzilla.mindrot.org/show_bug.cgi?id=3676
+Last-Update: 2024-03-31
+
+Patch-Name: regress-conch-dev-zero.patch
+---
+ regress/conch-ciphers.sh | 6 +-----
+ 1 file changed, 1 insertion(+), 5 deletions(-)
+
+diff --git a/regress/conch-ciphers.sh b/regress/conch-ciphers.sh
+index 26b606d65..22168570c 100644
+--- a/regress/conch-ciphers.sh
++++ b/regress/conch-ciphers.sh
+@@ -7,10 +7,6 @@ if test "x$REGRESS_INTEROP_CONCH" != "xyes" ; then
+ skip "conch interop tests not enabled"
+ fi
+
+-if ! [ -t 0 ]; then
+- skip "conch interop tests requires a controlling terminal"
+-fi
+-
+ start_sshd
+
+ for c in aes256-ctr aes256-cbc aes192-ctr aes192-cbc aes128-ctr aes128-cbc \
+@@ -21,7 +17,7 @@ for c in aes256-ctr aes256-cbc aes192-ctr aes192-cbc aes128-ctr aes128-cbc \
+ # in conch
+ ${CONCH} --identity $OBJ/ssh-ed25519 --port $PORT --user $USER -e none \
+ --known-hosts $OBJ/known_hosts --notty --noagent --nox11 -n \
+- 127.0.0.1 "cat ${DATA}" 2>/dev/null | cat > ${COPY}
++ 127.0.0.1 "cat ${DATA}" </dev/zero 2>/dev/null | cat > ${COPY}
+ if [ $? -ne 0 ]; then
+ fail "ssh cat $DATA failed"
+ fi
diff --git a/debian/patches/restore-authorized_keys2.patch b/debian/patches/restore-authorized_keys2.patch
index 0593a62..a614c3c 100644
--- a/debian/patches/restore-authorized_keys2.patch
+++ b/debian/patches/restore-authorized_keys2.patch
@@ -1,4 +1,4 @@
-From b384c589793e821d84beb06517a7a2a57252fe08 Mon Sep 17 00:00:00 2001
+From 629d831d473ca49b8593e4a711012bb812e544b7 Mon Sep 17 00:00:00 2001
From: Colin Watson <cjwatson@debian.org>
Date: Sun, 5 Mar 2017 02:02:11 +0000
Subject: Restore reading authorized_keys2 by default
diff --git a/debian/patches/restore-tcp-wrappers.patch b/debian/patches/restore-tcp-wrappers.patch
index 08f409f..ee53872 100644
--- a/debian/patches/restore-tcp-wrappers.patch
+++ b/debian/patches/restore-tcp-wrappers.patch
@@ -1,4 +1,4 @@
-From eb0b8c59654fd04802c6a558027bbe3d9c22e3ff Mon Sep 17 00:00:00 2001
+From f6856e554804e6bd6c93fb48bea73a26f912ad7f Mon Sep 17 00:00:00 2001
From: Colin Watson <cjwatson@debian.org>
Date: Tue, 7 Oct 2014 13:22:41 +0100
Subject: Restore TCP wrappers support
diff --git a/debian/patches/revert-ipqos-defaults.patch b/debian/patches/revert-ipqos-defaults.patch
index c371708..619328b 100644
--- a/debian/patches/revert-ipqos-defaults.patch
+++ b/debian/patches/revert-ipqos-defaults.patch
@@ -1,4 +1,4 @@
-From 24c6df47a8a17754e4d23fd4331c3fb35290a09d Mon Sep 17 00:00:00 2001
+From c6529b6eeabc3312e7b0c00c8451a496eb5d8ae6 Mon Sep 17 00:00:00 2001
From: Colin Watson <cjwatson@debian.org>
Date: Mon, 8 Apr 2019 10:46:29 +0100
Subject: Revert "upstream: Update default IPQoS in ssh(1), sshd(8) to DSCP
diff --git a/debian/patches/scp-quoting.patch b/debian/patches/scp-quoting.patch
index 4885406..f450ef7 100644
--- a/debian/patches/scp-quoting.patch
+++ b/debian/patches/scp-quoting.patch
@@ -1,4 +1,4 @@
-From c598a3560a7962dfe0d121e34d18e5e099d6199f Mon Sep 17 00:00:00 2001
+From 5c274c836094e9091ebad95435d79780a4316020 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Nicolas=20Valc=C3=A1rcel?= <nvalcarcel@ubuntu.com>
Date: Sun, 9 Feb 2014 16:09:59 +0000
Subject: Adjust scp quoting in verbose mode
diff --git a/debian/patches/selinux-role.patch b/debian/patches/selinux-role.patch
index ab745cc..4287d28 100644
--- a/debian/patches/selinux-role.patch
+++ b/debian/patches/selinux-role.patch
@@ -1,4 +1,4 @@
-From 600da3fe528ebd7d07e40c064af332f447ece282 Mon Sep 17 00:00:00 2001
+From 13a9ed0149b0861aac9c6c6f078ff42a5d8839f0 Mon Sep 17 00:00:00 2001
From: Manoj Srivastava <srivasta@debian.org>
Date: Sun, 9 Feb 2014 16:09:49 +0000
Subject: Handle SELinux authorisation roles
diff --git a/debian/patches/series b/debian/patches/series
index 74fb8b7..90ac393 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -23,9 +23,10 @@ debian-config.patch
restore-authorized_keys2.patch
revert-ipqos-defaults.patch
maxhostnamelen.patch
-conch-ssh-rsa.patch
systemd-socket-activation.patch
skip-utimensat-test-on-zfs.patch
+zero-call-used-regs-m68k.patch
+regress-conch-dev-zero.patch
progress-linux/0001-ssh-keygen-default-rsa-size.patch
progress-linux/0002-ssh-keygen-default-ecdsa-size.patch
progress-linux/0003-ssh_config-update.patch
diff --git a/debian/patches/shell-path.patch b/debian/patches/shell-path.patch
index ce44ea4..40fec93 100644
--- a/debian/patches/shell-path.patch
+++ b/debian/patches/shell-path.patch
@@ -1,4 +1,4 @@
-From 3f074c0c57936f7a8f30a3b29231b52e640156b7 Mon Sep 17 00:00:00 2001
+From 09466af13847aea5aa2ff17c29181c6e55e31dc2 Mon Sep 17 00:00:00 2001
From: Colin Watson <cjwatson@debian.org>
Date: Sun, 9 Feb 2014 16:10:00 +0000
Subject: Look for $SHELL on the path for ProxyCommand/LocalCommand
diff --git a/debian/patches/skip-utimensat-test-on-zfs.patch b/debian/patches/skip-utimensat-test-on-zfs.patch
index 9a4440f..7707531 100644
--- a/debian/patches/skip-utimensat-test-on-zfs.patch
+++ b/debian/patches/skip-utimensat-test-on-zfs.patch
@@ -1,4 +1,4 @@
-From 3a5a49f1a4355e7f75ec350cb13f46ea835058da Mon Sep 17 00:00:00 2001
+From 4c1c5dc36c96a8e6dd34fd43caf83d292a33b797 Mon Sep 17 00:00:00 2001
From: Colin Watson <cjwatson@debian.org>
Date: Mon, 11 Mar 2024 16:24:49 +0000
Subject: Skip utimensat test on ZFS
diff --git a/debian/patches/ssh-agent-setgid.patch b/debian/patches/ssh-agent-setgid.patch
index 44faed9..1f78cef 100644
--- a/debian/patches/ssh-agent-setgid.patch
+++ b/debian/patches/ssh-agent-setgid.patch
@@ -1,4 +1,4 @@
-From c6bcbc31b9d32bf7245b986ca2faee3ef232a63d Mon Sep 17 00:00:00 2001
+From 93c14bbee1fee649dd5b8f0e5fa7f8904b1a2a71 Mon Sep 17 00:00:00 2001
From: Colin Watson <cjwatson@debian.org>
Date: Sun, 9 Feb 2014 16:10:13 +0000
Subject: Document consequences of ssh-agent being setgid in ssh-agent(1)
diff --git a/debian/patches/ssh-argv0.patch b/debian/patches/ssh-argv0.patch
index e1b1a42..b2e7bbf 100644
--- a/debian/patches/ssh-argv0.patch
+++ b/debian/patches/ssh-argv0.patch
@@ -1,4 +1,4 @@
-From be35ece5eed3d3848aee30edae9cd7b05fa8f351 Mon Sep 17 00:00:00 2001
+From 50eb278261460a0ddc942b72b1542910c17966ad Mon Sep 17 00:00:00 2001
From: Colin Watson <cjwatson@debian.org>
Date: Sun, 9 Feb 2014 16:10:10 +0000
Subject: ssh(1): Refer to ssh-argv0(1)
diff --git a/debian/patches/ssh-vulnkey-compat.patch b/debian/patches/ssh-vulnkey-compat.patch
index a5196da..f517596 100644
--- a/debian/patches/ssh-vulnkey-compat.patch
+++ b/debian/patches/ssh-vulnkey-compat.patch
@@ -1,4 +1,4 @@
-From 3058f5b885688bb8f660b97506080e67856f8422 Mon Sep 17 00:00:00 2001
+From 2d6d05de518be9a3b3724a951e9dcb57e4c6124e Mon Sep 17 00:00:00 2001
From: Colin Watson <cjwatson@ubuntu.com>
Date: Sun, 9 Feb 2014 16:09:50 +0000
Subject: Accept obsolete ssh-vulnkey configuration options
diff --git a/debian/patches/syslog-level-silent.patch b/debian/patches/syslog-level-silent.patch
index 3281b3a..7704549 100644
--- a/debian/patches/syslog-level-silent.patch
+++ b/debian/patches/syslog-level-silent.patch
@@ -1,4 +1,4 @@
-From 289063d080305b43743ba16c0fef2c0d96068993 Mon Sep 17 00:00:00 2001
+From 1b1705fba0225804c8ecec8b3a911d4407248c91 Mon Sep 17 00:00:00 2001
From: Natalie Amery <nmamery@chiark.greenend.org.uk>
Date: Sun, 9 Feb 2014 16:09:54 +0000
Subject: "LogLevel SILENT" compatibility
diff --git a/debian/patches/systemd-readiness.patch b/debian/patches/systemd-readiness.patch
index c2120d0..8f1e1ae 100644
--- a/debian/patches/systemd-readiness.patch
+++ b/debian/patches/systemd-readiness.patch
@@ -1,4 +1,4 @@
-From e53b37df6356d224810f083e79ff662206243889 Mon Sep 17 00:00:00 2001
+From b939a041afc3938937a3e9d2495202cf1a7b90ab Mon Sep 17 00:00:00 2001
From: Michael Biebl <biebl@debian.org>
Date: Mon, 21 Dec 2015 16:08:47 +0000
Subject: Add systemd readiness notification support
diff --git a/debian/patches/systemd-socket-activation.patch b/debian/patches/systemd-socket-activation.patch
index 80b3860..9867ccf 100644
--- a/debian/patches/systemd-socket-activation.patch
+++ b/debian/patches/systemd-socket-activation.patch
@@ -1,4 +1,4 @@
-From 3b17dcc797febf6d8ebf0474a4fa835b14a6ec11 Mon Sep 17 00:00:00 2001
+From d4af38f9aa8f2daa0ae01b994666116f1420d305 Mon Sep 17 00:00:00 2001
From: Steve Langasek <steve.langasek@ubuntu.com>
Date: Thu, 1 Sep 2022 16:03:37 +0100
Subject: Support systemd socket activation
diff --git a/debian/patches/user-group-modes.patch b/debian/patches/user-group-modes.patch
index dc443de..163039d 100644
--- a/debian/patches/user-group-modes.patch
+++ b/debian/patches/user-group-modes.patch
@@ -1,4 +1,4 @@
-From 191cadd9a252e1b53aea3e65ae5d348b73e96b8a Mon Sep 17 00:00:00 2001
+From 673c225f85e2666e10be71a1d87225de2bb2aeb2 Mon Sep 17 00:00:00 2001
From: Colin Watson <cjwatson@debian.org>
Date: Sun, 9 Feb 2014 16:09:58 +0000
Subject: Allow harmless group-writability
diff --git a/debian/patches/zero-call-used-regs-m68k.patch b/debian/patches/zero-call-used-regs-m68k.patch
new file mode 100644
index 0000000..1e90eaa
--- /dev/null
+++ b/debian/patches/zero-call-used-regs-m68k.patch
@@ -0,0 +1,30 @@
+From 781d9de6499eb979e9f1a66242bcf58250a1f21e Mon Sep 17 00:00:00 2001
+From: Colin Watson <cjwatson@debian.org>
+Date: Thu, 21 Mar 2024 10:20:21 +0000
+Subject: Extend -fzero-call-used-regs check to catch m68k gcc bug
+
+Bug: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=110934
+Bug-Debian: https://bugs.debian.org/1067243
+Forwarded: https://bugzilla.mindrot.org/show_bug.cgi?id=3673
+Last-Update: 2024-03-24
+
+Patch-Name: zero-call-used-regs-m68k.patch
+---
+ m4/openssh.m4 | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/m4/openssh.m4 b/m4/openssh.m4
+index 033df501c..176a8d1c9 100644
+--- a/m4/openssh.m4
++++ b/m4/openssh.m4
+@@ -20,7 +20,10 @@ char *f2(char *s, ...) {
+ va_end(args);
+ return strdup(ret);
+ }
++int i;
++double d;
+ const char *f3(int s) {
++ i = (int)d;
+ return s ? "good" : "gooder";
+ }
+ int main(int argc, char **argv) {
diff --git a/debian/rules b/debian/rules
index f3fa87f..6184bef 100755
--- a/debian/rules
+++ b/debian/rules
@@ -108,10 +108,6 @@ ifeq ($(shell dpkg-vendor --is Ubuntu && echo yes) $(DEB_HOST_ARCH), yes i386)
BUILD_PACKAGES += -Nopenssh-tests
endif
-ifeq ($(DEB_HOST_ARCH_BITS)$(filter i386,$(DEB_HOST_ARCH_CPU)),32)
- BUILD_PACKAGES += -Nssh-askpass-gnome
-endif
-
%:
dh $@ --with=runit $(BUILD_PACKAGES)
@@ -136,11 +132,9 @@ ifeq ($(filter noudeb,$(DEB_BUILD_PROFILES)),)
$(MAKE) -C debian/build-udeb $(PARALLEL) ASKPASS_PROGRAM='/usr/bin/ssh-askpass' ssh scp sftp sshd ssh-keygen
endif
-ifneq ($(DEB_HOST_ARCH_BITS)$(filter i386,$(DEB_HOST_ARCH_CPU)),32)
ifeq ($(filter pkg.openssh.nognome,$(DEB_BUILD_PROFILES)),)
$(MAKE) -C contrib gnome-ssh-askpass3 CC='$(CC) $(CPPFLAGS) $(CFLAGS) -Wall -Wl,--as-needed $(LDFLAGS)' PKG_CONFIG=$(PKG_CONFIG)
endif
-endif
override_dh_auto_build-indep:
diff --git a/debian/run-tests b/debian/run-tests
index 52fcaf7..def9494 100755
--- a/debian/run-tests
+++ b/debian/run-tests
@@ -38,7 +38,7 @@ make -C "$tmp/regress" \
TEST_SSH_IPV6=yes \
TEST_SSH_ECC=yes \
TEST_SSH_UNSAFE_PERMISSIONS=1 \
- "$@" </dev/zero || ret="$?"
+ "$@" || ret="$?"
if [ "$ret" -ne 0 ]; then
for log in failed-regress.log failed-ssh.log failed-sshd.log; do
if [ -e "$tmp/regress/$log" ]; then
diff --git a/debian/salsa-ci.yml b/debian/salsa-ci.yml
index 8424db4..d69c6e7 100644
--- a/debian/salsa-ci.yml
+++ b/debian/salsa-ci.yml
@@ -1,3 +1,13 @@
---
include:
- https://salsa.debian.org/salsa-ci-team/pipeline/raw/master/recipes/debian.yml
+
+variables:
+ SALSA_CI_ENABLE_BUILD_PACKAGE_PROFILES: 1
+
+test-build-profiles:
+ extends: .test-build-package-profiles
+ parallel:
+ matrix:
+ - BUILD_PROFILES: noudeb
+ - BUILD_PROFILES: pkg.openssh.nognome
diff --git a/debian/tests/regress b/debian/tests/regress
index 41108ce..72b1151 100755
--- a/debian/tests/regress
+++ b/debian/tests/regress
@@ -73,7 +73,7 @@ EOF
# tests with "UsePAM yes" appears to be to make "UNKNOWN"
# resolvable.
if ! grep -q '[[:space:]]UNKNOWN$' /etc/hosts; then
- echo '127.0.0.1 UNKNOWN' >>/etc/hosts
+ echo '127.0.0.2 UNKNOWN' >>/etc/hosts
ADDED_HOST=:
fi