summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--debian/.git-dpm4
-rw-r--r--debian/changelog10
-rw-r--r--debian/patches/authorized-keys-man-symlink.patch2
-rw-r--r--debian/patches/configure-cache-vars.patch2
-rw-r--r--debian/patches/debian-banner.patch4
-rw-r--r--debian/patches/debian-config.patch2
-rw-r--r--debian/patches/dnssec-sshfp.patch2
-rw-r--r--debian/patches/doc-hash-tab-completion.patch2
-rw-r--r--debian/patches/gnome-ssh-askpass2-icon.patch2
-rw-r--r--debian/patches/keepalive-extensions.patch2
-rw-r--r--debian/patches/maxhostnamelen.patch2
-rw-r--r--debian/patches/mention-ssh-keygen-on-keychange.patch2
-rw-r--r--debian/patches/no-openssl-version-status.patch2
-rw-r--r--debian/patches/openbsd-docs.patch2
-rw-r--r--debian/patches/package-versioning.patch2
-rw-r--r--debian/patches/pam-avoid-unknown-host.patch2
-rw-r--r--debian/patches/regress-conch-dev-zero.patch2
-rw-r--r--debian/patches/restore-authorized_keys2.patch2
-rw-r--r--debian/patches/restore-tcp-wrappers.patch8
-rw-r--r--debian/patches/revert-ipqos-defaults.patch2
-rw-r--r--debian/patches/scp-quoting.patch2
-rw-r--r--debian/patches/selinux-role.patch4
-rw-r--r--debian/patches/shell-path.patch2
-rw-r--r--debian/patches/skip-utimensat-test-on-zfs.patch2
-rw-r--r--debian/patches/ssh-agent-setgid.patch2
-rw-r--r--debian/patches/ssh-argv0.patch2
-rw-r--r--debian/patches/ssh-vulnkey-compat.patch2
-rw-r--r--debian/patches/syslog-level-silent.patch2
-rw-r--r--debian/patches/systemd-socket-activation.patch19
-rw-r--r--debian/patches/user-group-modes.patch2
-rw-r--r--debian/tests/control10
-rwxr-xr-xdebian/tests/socket-activation27
32 files changed, 95 insertions, 39 deletions
diff --git a/debian/.git-dpm b/debian/.git-dpm
index 14852c6..41261a9 100644
--- a/debian/.git-dpm
+++ b/debian/.git-dpm
@@ -1,6 +1,6 @@
# see git-dpm(1) from git-dpm package
-7406e666efe2d19e93cf6f50735b3a927bc3dfce
-7406e666efe2d19e93cf6f50735b3a927bc3dfce
+97c671bccd4f923e2bb814516ad7bf1d9261709c
+97c671bccd4f923e2bb814516ad7bf1d9261709c
725afb3e99dbbda1d8c34a3dfc031dc9b0bb5dbe
725afb3e99dbbda1d8c34a3dfc031dc9b0bb5dbe
openssh_9.8p1.orig.tar.gz
diff --git a/debian/changelog b/debian/changelog
index 36bb642..e2db8b9 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,13 @@
+openssh (1:9.8p1-2) unstable; urgency=medium
+
+ * Don't close sockets passed by systemd socket activation (closes:
+ #1077765).
+ * Add an autopkgtest for socket activation.
+ * Consult /etc/hosts.{allow,deny} as "sshd", not "sshd-session" (closes:
+ #1077799).
+
+ -- Colin Watson <cjwatson@debian.org> Fri, 02 Aug 2024 17:08:58 +0100
+
openssh (1:9.8p1-1) unstable; urgency=medium
* New upstream release (https://www.openssh.com/releasenotes.html#9.8p1):
diff --git a/debian/patches/authorized-keys-man-symlink.patch b/debian/patches/authorized-keys-man-symlink.patch
index 2d8f535..e014ae5 100644
--- a/debian/patches/authorized-keys-man-symlink.patch
+++ b/debian/patches/authorized-keys-man-symlink.patch
@@ -1,4 +1,4 @@
-From 7f7594950af2dac444ade5023a88acaa157d4824 Mon Sep 17 00:00:00 2001
+From fa2050cccface30a90effecf902ac69779e684a5 Mon Sep 17 00:00:00 2001
From: Tomas Pospisek <tpo_deb@sourcepole.ch>
Date: Sun, 9 Feb 2014 16:10:07 +0000
Subject: Install authorized_keys(5) as a symlink to sshd(8)
diff --git a/debian/patches/configure-cache-vars.patch b/debian/patches/configure-cache-vars.patch
index 0ec03e7..86481d7 100644
--- a/debian/patches/configure-cache-vars.patch
+++ b/debian/patches/configure-cache-vars.patch
@@ -1,4 +1,4 @@
-From 569bdb6931b8dba91036cf8dce41b56ca343e10f Mon Sep 17 00:00:00 2001
+From 322f3ff14422182dff32e0dc51c1d0b23b8cba0e Mon Sep 17 00:00:00 2001
From: Colin Watson <cjwatson@debian.org>
Date: Wed, 3 Apr 2024 11:52:04 +0100
Subject: Add Autoconf cache variables for OSSH_CHECK_*FLAG_*
diff --git a/debian/patches/debian-banner.patch b/debian/patches/debian-banner.patch
index fd69273..fd0443b 100644
--- a/debian/patches/debian-banner.patch
+++ b/debian/patches/debian-banner.patch
@@ -1,4 +1,4 @@
-From be94b157653742db3310bc565356a8e553bfd741 Mon Sep 17 00:00:00 2001
+From 6bed4d1be79474891ebaa62259919f14acf28273 Mon Sep 17 00:00:00 2001
From: Kees Cook <kees@debian.org>
Date: Sun, 9 Feb 2014 16:10:06 +0000
Subject: Add DebianBanner server configuration option
@@ -140,7 +140,7 @@ index cbfc20735..f9d3a1ff2 100644
/* Put the connection into non-blocking mode. */
diff --git a/sshd-session.c b/sshd-session.c
-index f0fd85367..1f38a0de9 100644
+index b6e544108..2a512dd74 100644
--- a/sshd-session.c
+++ b/sshd-session.c
@@ -1303,7 +1303,7 @@ main(int ac, char **av)
diff --git a/debian/patches/debian-config.patch b/debian/patches/debian-config.patch
index 2add806..ee3b297 100644
--- a/debian/patches/debian-config.patch
+++ b/debian/patches/debian-config.patch
@@ -1,4 +1,4 @@
-From 72b01845849043dbf3edde4d0b1a728ff05d8630 Mon Sep 17 00:00:00 2001
+From 8b067a754bdeac8fcdab1fbb2010651cf07b1b61 Mon Sep 17 00:00:00 2001
From: Colin Watson <cjwatson@debian.org>
Date: Sun, 9 Feb 2014 16:10:18 +0000
Subject: Various Debian-specific configuration changes
diff --git a/debian/patches/dnssec-sshfp.patch b/debian/patches/dnssec-sshfp.patch
index a2164e0..6e78215 100644
--- a/debian/patches/dnssec-sshfp.patch
+++ b/debian/patches/dnssec-sshfp.patch
@@ -1,4 +1,4 @@
-From 022ab25237b3da32705eb88d74f01590ca121625 Mon Sep 17 00:00:00 2001
+From 0d8aedb659c1c3892a9ba071ea003530ea8ca1b3 Mon Sep 17 00:00:00 2001
From: Colin Watson <cjwatson@debian.org>
Date: Sun, 9 Feb 2014 16:10:01 +0000
Subject: Force use of DNSSEC even if "options edns0" isn't in resolv.conf
diff --git a/debian/patches/doc-hash-tab-completion.patch b/debian/patches/doc-hash-tab-completion.patch
index 4963bcd..3c2b05b 100644
--- a/debian/patches/doc-hash-tab-completion.patch
+++ b/debian/patches/doc-hash-tab-completion.patch
@@ -1,4 +1,4 @@
-From 51e122be591845078beddc2aa6734d83d4fbe7a1 Mon Sep 17 00:00:00 2001
+From cceb89a954534c1bed67d20613fe8aa82bec37e4 Mon Sep 17 00:00:00 2001
From: Colin Watson <cjwatson@debian.org>
Date: Sun, 9 Feb 2014 16:10:11 +0000
Subject: Document that HashKnownHosts may break tab-completion
diff --git a/debian/patches/gnome-ssh-askpass2-icon.patch b/debian/patches/gnome-ssh-askpass2-icon.patch
index a32dac4..b10014b 100644
--- a/debian/patches/gnome-ssh-askpass2-icon.patch
+++ b/debian/patches/gnome-ssh-askpass2-icon.patch
@@ -1,4 +1,4 @@
-From 63d6710f076590ec1672e95d19a2fced8bd34189 Mon Sep 17 00:00:00 2001
+From fac5d188210df34ace8c8f1f6f47c2a72e01c535 Mon Sep 17 00:00:00 2001
From: Vincent Untz <vuntz@ubuntu.com>
Date: Sun, 9 Feb 2014 16:10:16 +0000
Subject: Give the ssh-askpass-gnome window a default icon
diff --git a/debian/patches/keepalive-extensions.patch b/debian/patches/keepalive-extensions.patch
index a828ce2..a5f8c57 100644
--- a/debian/patches/keepalive-extensions.patch
+++ b/debian/patches/keepalive-extensions.patch
@@ -1,4 +1,4 @@
-From fb7c10aae7ed2d9216b16ae5e172f45a2bdcd336 Mon Sep 17 00:00:00 2001
+From 92c7e83658c40484aa7a0fa977a45de38461beef Mon Sep 17 00:00:00 2001
From: Richard Kettlewell <rjk@greenend.org.uk>
Date: Sun, 9 Feb 2014 16:09:52 +0000
Subject: Various keepalive extensions
diff --git a/debian/patches/maxhostnamelen.patch b/debian/patches/maxhostnamelen.patch
index d7f37fc..af2bf16 100644
--- a/debian/patches/maxhostnamelen.patch
+++ b/debian/patches/maxhostnamelen.patch
@@ -1,4 +1,4 @@
-From 95b7dc366c3f27e7bd524a64bae2754eef9935d5 Mon Sep 17 00:00:00 2001
+From 5ffb02dd0478b1ceb24dd356d0ccad7cb7ec728b Mon Sep 17 00:00:00 2001
From: Svante Signell <svante.signell@gmail.com>
Date: Fri, 5 Nov 2021 23:22:53 +0000
Subject: Define MAXHOSTNAMELEN on GNU/Hurd
diff --git a/debian/patches/mention-ssh-keygen-on-keychange.patch b/debian/patches/mention-ssh-keygen-on-keychange.patch
index 4c2aab3..393de6f 100644
--- a/debian/patches/mention-ssh-keygen-on-keychange.patch
+++ b/debian/patches/mention-ssh-keygen-on-keychange.patch
@@ -1,4 +1,4 @@
-From 63207b21b9f33cf60e79a9c0484e609c5bf4c08b Mon Sep 17 00:00:00 2001
+From 1c3c2c02b1d68675b121d87d1ffee84113659c93 Mon Sep 17 00:00:00 2001
From: Scott Moser <smoser@ubuntu.com>
Date: Sun, 9 Feb 2014 16:10:03 +0000
Subject: Mention ssh-keygen in ssh fingerprint changed warning
diff --git a/debian/patches/no-openssl-version-status.patch b/debian/patches/no-openssl-version-status.patch
index 4f937be..3f2ca27 100644
--- a/debian/patches/no-openssl-version-status.patch
+++ b/debian/patches/no-openssl-version-status.patch
@@ -1,4 +1,4 @@
-From 302f656d6976c077f55f75a339f63b0c30a6c447 Mon Sep 17 00:00:00 2001
+From d03bde90030a339d7e4e39273cb3eadadfb99320 Mon Sep 17 00:00:00 2001
From: Kurt Roeckx <kurt@roeckx.be>
Date: Sun, 9 Feb 2014 16:10:14 +0000
Subject: Don't check the status field of the OpenSSL version
diff --git a/debian/patches/openbsd-docs.patch b/debian/patches/openbsd-docs.patch
index dfbbade..8774599 100644
--- a/debian/patches/openbsd-docs.patch
+++ b/debian/patches/openbsd-docs.patch
@@ -1,4 +1,4 @@
-From 8fb4b76677be4fdb1ce0e45148b4c2d40f177964 Mon Sep 17 00:00:00 2001
+From 169d164b95c9f068cbf5fc9860029690f9bf19d3 Mon Sep 17 00:00:00 2001
From: Colin Watson <cjwatson@debian.org>
Date: Sun, 9 Feb 2014 16:10:09 +0000
Subject: Adjust various OpenBSD-specific references in manual pages
diff --git a/debian/patches/package-versioning.patch b/debian/patches/package-versioning.patch
index dd905fc..0caca0d 100644
--- a/debian/patches/package-versioning.patch
+++ b/debian/patches/package-versioning.patch
@@ -1,4 +1,4 @@
-From 4d194d912805d3314bd610cca3eca2e6a927ab7f Mon Sep 17 00:00:00 2001
+From 184037a22103428f83d1e8d14c09631aef14dc2f Mon Sep 17 00:00:00 2001
From: Matthew Vernon <matthew@debian.org>
Date: Sun, 9 Feb 2014 16:10:05 +0000
Subject: Include the Debian version in our identification
diff --git a/debian/patches/pam-avoid-unknown-host.patch b/debian/patches/pam-avoid-unknown-host.patch
index f034a8d..8c8d78a 100644
--- a/debian/patches/pam-avoid-unknown-host.patch
+++ b/debian/patches/pam-avoid-unknown-host.patch
@@ -1,4 +1,4 @@
-From 7406e666efe2d19e93cf6f50735b3a927bc3dfce Mon Sep 17 00:00:00 2001
+From 97c671bccd4f923e2bb814516ad7bf1d9261709c Mon Sep 17 00:00:00 2001
From: Daan De Meyer <daan.j.demeyer@gmail.com>
Date: Mon, 20 Mar 2023 20:22:14 +0100
Subject: Only set PAM_RHOST if the remote host is not "UNKNOWN"
diff --git a/debian/patches/regress-conch-dev-zero.patch b/debian/patches/regress-conch-dev-zero.patch
index a1f8670..95f7aab 100644
--- a/debian/patches/regress-conch-dev-zero.patch
+++ b/debian/patches/regress-conch-dev-zero.patch
@@ -1,4 +1,4 @@
-From 5f5e44903a2dbd0381d4395e53444d17b2d1b494 Mon Sep 17 00:00:00 2001
+From e3d47eadb58dda63a125eecaa722ce7891c75356 Mon Sep 17 00:00:00 2001
From: Colin Watson <cjwatson@debian.org>
Date: Sun, 31 Mar 2024 00:24:11 +0000
Subject: regress: Redirect conch stdin from /dev/zero
diff --git a/debian/patches/restore-authorized_keys2.patch b/debian/patches/restore-authorized_keys2.patch
index 015efa8..b061307 100644
--- a/debian/patches/restore-authorized_keys2.patch
+++ b/debian/patches/restore-authorized_keys2.patch
@@ -1,4 +1,4 @@
-From 48001bae6c31c7d0e1c73a134456ccd109041892 Mon Sep 17 00:00:00 2001
+From 69f63b1e4919e4a51cb199fa81fa318bc517bbd2 Mon Sep 17 00:00:00 2001
From: Colin Watson <cjwatson@debian.org>
Date: Sun, 5 Mar 2017 02:02:11 +0000
Subject: Restore reading authorized_keys2 by default
diff --git a/debian/patches/restore-tcp-wrappers.patch b/debian/patches/restore-tcp-wrappers.patch
index 7ea30ff..fdd3c61 100644
--- a/debian/patches/restore-tcp-wrappers.patch
+++ b/debian/patches/restore-tcp-wrappers.patch
@@ -1,4 +1,4 @@
-From 33df9974b50dda9718f7e31ca8568432edd97168 Mon Sep 17 00:00:00 2001
+From 0ff8d4f5356adbdebdbdbf951713d22b1e8e264e Mon Sep 17 00:00:00 2001
From: Colin Watson <cjwatson@debian.org>
Date: Tue, 7 Oct 2014 13:22:41 +0100
Subject: Restore TCP wrappers support
@@ -18,7 +18,7 @@ but it at least probably doesn't involve dropping this feature shortly
before a freeze.
Forwarded: not-needed
-Last-Update: 2024-07-03
+Last-Update: 2024-08-02
Patch-Name: restore-tcp-wrappers.patch
---
@@ -103,7 +103,7 @@ index dc274329f..f6bca2631 100644
echo " libldns support: $LDNS_MSG"
echo " Solaris process contract support: $SPC_MSG"
diff --git a/sshd-session.c b/sshd-session.c
-index ab88db7c5..a9fa63224 100644
+index ab88db7c5..dff1fefbe 100644
--- a/sshd-session.c
+++ b/sshd-session.c
@@ -110,6 +110,13 @@
@@ -131,7 +131,7 @@ index ab88db7c5..a9fa63224 100644
+ if (ssh_packet_connection_is_on_socket(ssh)) {
+ struct request_info req;
+
-+ request_init(&req, RQ_DAEMON, __progname, RQ_FILE, sock_in, 0);
++ request_init(&req, RQ_DAEMON, "sshd", RQ_FILE, sock_in, 0);
+ fromhost(&req);
+
+ if (!hosts_access(&req)) {
diff --git a/debian/patches/revert-ipqos-defaults.patch b/debian/patches/revert-ipqos-defaults.patch
index 6a19674..2758571 100644
--- a/debian/patches/revert-ipqos-defaults.patch
+++ b/debian/patches/revert-ipqos-defaults.patch
@@ -1,4 +1,4 @@
-From 32d1b39b53a11db1efbb6ac84ea589bc7b699e35 Mon Sep 17 00:00:00 2001
+From 91663a43be78a3b33c0cc055033d648269a4f98c Mon Sep 17 00:00:00 2001
From: Colin Watson <cjwatson@debian.org>
Date: Mon, 8 Apr 2019 10:46:29 +0100
Subject: Revert "upstream: Update default IPQoS in ssh(1), sshd(8) to DSCP
diff --git a/debian/patches/scp-quoting.patch b/debian/patches/scp-quoting.patch
index 2a6fb1f..2c64f53 100644
--- a/debian/patches/scp-quoting.patch
+++ b/debian/patches/scp-quoting.patch
@@ -1,4 +1,4 @@
-From 2dd3363f6032ac203829e941bdac111e1dcf7012 Mon Sep 17 00:00:00 2001
+From 75bbbbd155147a06ebf5bcc1b2ae9bf08c127cf0 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Nicolas=20Valc=C3=A1rcel?= <nvalcarcel@ubuntu.com>
Date: Sun, 9 Feb 2014 16:09:59 +0000
Subject: Adjust scp quoting in verbose mode
diff --git a/debian/patches/selinux-role.patch b/debian/patches/selinux-role.patch
index c160e00..c481c3b 100644
--- a/debian/patches/selinux-role.patch
+++ b/debian/patches/selinux-role.patch
@@ -1,4 +1,4 @@
-From 1b327bbfa9728e3e2f9ec02371b94069c9664f2f Mon Sep 17 00:00:00 2001
+From 1003c8e9926862f7f01fad4a9004766aa47948d1 Mon Sep 17 00:00:00 2001
From: Manoj Srivastava <srivasta@debian.org>
Date: Sun, 9 Feb 2014 16:09:49 +0000
Subject: Handle SELinux authorisation roles
@@ -414,7 +414,7 @@ index 344a1ddf9..20ea822a7 100644
const char *session_get_remote_name_or_ip(struct ssh *, u_int, int);
diff --git a/sshd-session.c b/sshd-session.c
-index a9fa63224..f0fd85367 100644
+index dff1fefbe..b6e544108 100644
--- a/sshd-session.c
+++ b/sshd-session.c
@@ -438,7 +438,7 @@ privsep_postauth(struct ssh *ssh, Authctxt *authctxt)
diff --git a/debian/patches/shell-path.patch b/debian/patches/shell-path.patch
index 8bb7463..0fb8602 100644
--- a/debian/patches/shell-path.patch
+++ b/debian/patches/shell-path.patch
@@ -1,4 +1,4 @@
-From 71863958087495c9d4a4c83ca6e3fbed58ae4e81 Mon Sep 17 00:00:00 2001
+From 693e1ad72a8bc084f804451beaad6f941921b435 Mon Sep 17 00:00:00 2001
From: Colin Watson <cjwatson@debian.org>
Date: Sun, 9 Feb 2014 16:10:00 +0000
Subject: Look for $SHELL on the path for ProxyCommand/LocalCommand
diff --git a/debian/patches/skip-utimensat-test-on-zfs.patch b/debian/patches/skip-utimensat-test-on-zfs.patch
index c6cf03c..5a9a489 100644
--- a/debian/patches/skip-utimensat-test-on-zfs.patch
+++ b/debian/patches/skip-utimensat-test-on-zfs.patch
@@ -1,4 +1,4 @@
-From 2c0e4142af77c5c70cc81a87f5d263cef3c73ac2 Mon Sep 17 00:00:00 2001
+From 1cf8791cab882050d43f539da1464eb308eca92e Mon Sep 17 00:00:00 2001
From: Colin Watson <cjwatson@debian.org>
Date: Mon, 11 Mar 2024 16:24:49 +0000
Subject: Skip utimensat test on ZFS
diff --git a/debian/patches/ssh-agent-setgid.patch b/debian/patches/ssh-agent-setgid.patch
index 04b283a..4c5641e 100644
--- a/debian/patches/ssh-agent-setgid.patch
+++ b/debian/patches/ssh-agent-setgid.patch
@@ -1,4 +1,4 @@
-From 0b96d5e106fc2e4bc1ff04c7527c731f1a0d0aea Mon Sep 17 00:00:00 2001
+From 2e73396b1e30fed205ad9daf4575f26e24b6cf63 Mon Sep 17 00:00:00 2001
From: Colin Watson <cjwatson@debian.org>
Date: Sun, 9 Feb 2014 16:10:13 +0000
Subject: Document consequences of ssh-agent being setgid in ssh-agent(1)
diff --git a/debian/patches/ssh-argv0.patch b/debian/patches/ssh-argv0.patch
index 6679961..7b45493 100644
--- a/debian/patches/ssh-argv0.patch
+++ b/debian/patches/ssh-argv0.patch
@@ -1,4 +1,4 @@
-From 9d91d0ec92d7b3e6cd5404fa447fc9eea35bb870 Mon Sep 17 00:00:00 2001
+From b53a7a6dc0eb0375ef367780fd66c86e182bc67c Mon Sep 17 00:00:00 2001
From: Colin Watson <cjwatson@debian.org>
Date: Sun, 9 Feb 2014 16:10:10 +0000
Subject: ssh(1): Refer to ssh-argv0(1)
diff --git a/debian/patches/ssh-vulnkey-compat.patch b/debian/patches/ssh-vulnkey-compat.patch
index d0c82ea..b63fe3c 100644
--- a/debian/patches/ssh-vulnkey-compat.patch
+++ b/debian/patches/ssh-vulnkey-compat.patch
@@ -1,4 +1,4 @@
-From 996f025eb2f6521e3fb4a7b527ec4eaceebe8156 Mon Sep 17 00:00:00 2001
+From 127ffecd39fa5f1b61506e6060c4a4cdec64f019 Mon Sep 17 00:00:00 2001
From: Colin Watson <cjwatson@ubuntu.com>
Date: Sun, 9 Feb 2014 16:09:50 +0000
Subject: Accept obsolete ssh-vulnkey configuration options
diff --git a/debian/patches/syslog-level-silent.patch b/debian/patches/syslog-level-silent.patch
index d6f5d84..e32e7fd 100644
--- a/debian/patches/syslog-level-silent.patch
+++ b/debian/patches/syslog-level-silent.patch
@@ -1,4 +1,4 @@
-From 0b5e808eb7513943a5270563729da56c66ece9ad Mon Sep 17 00:00:00 2001
+From 297eb3e9ae97bdd2e944efd9fdbdcf7f78514b79 Mon Sep 17 00:00:00 2001
From: Natalie Amery <nmamery@chiark.greenend.org.uk>
Date: Sun, 9 Feb 2014 16:09:54 +0000
Subject: "LogLevel SILENT" compatibility
diff --git a/debian/patches/systemd-socket-activation.patch b/debian/patches/systemd-socket-activation.patch
index bd7aca3..7a9c0ca 100644
--- a/debian/patches/systemd-socket-activation.patch
+++ b/debian/patches/systemd-socket-activation.patch
@@ -1,4 +1,4 @@
-From 496d8d99583423c054311e85738102a5d9185016 Mon Sep 17 00:00:00 2001
+From 05c8e02a8f6df17722a95fc11cf315865f90e024 Mon Sep 17 00:00:00 2001
From: Steve Langasek <steve.langasek@ubuntu.com>
Date: Thu, 1 Sep 2022 16:03:37 +0100
Subject: Support systemd socket activation
@@ -10,13 +10,13 @@ of the sshd daemon without becoming incompatible with config options
like ClientAliveCountMax.
Author: Colin Watson <cjwatson@debian.org>
-Last-Update: 2024-07-03
+Last-Update: 2024-08-02
Patch-Name: systemd-socket-activation.patch
---
configure.ac | 1 +
- sshd.c | 131 +++++++++++++++++++++++++++++++++++++++++++++------
- 2 files changed, 118 insertions(+), 14 deletions(-)
+ sshd.c | 133 +++++++++++++++++++++++++++++++++++++++++++++------
+ 2 files changed, 119 insertions(+), 15 deletions(-)
diff --git a/configure.ac b/configure.ac
index f6bca2631..ee6aca972 100644
@@ -31,7 +31,7 @@ index f6bca2631..ee6aca972 100644
case `uname -r` in
1.*|2.0.*)
diff --git a/sshd.c b/sshd.c
-index 54c65dfe6..bc0127c9c 100644
+index 54c65dfe6..51d5357b9 100644
--- a/sshd.c
+++ b/sshd.c
@@ -93,10 +93,18 @@
@@ -194,3 +194,12 @@ index 54c65dfe6..bc0127c9c 100644
if (!num_listen_socks)
fatal("Cannot bind any address.");
}
+@@ -1344,7 +1447,7 @@ main(int ac, char **av)
+ if (!test_flag && !do_dump_cfg && !path_absolute(av[0]))
+ fatal("sshd requires execution with an absolute path");
+
+- closefrom(STDERR_FILENO + 1);
++ closefrom(STDERR_FILENO + 1 + SYSTEMD_OFFSET);
+
+ /* Reserve fds we'll need later for reexec things */
+ if ((devnull = open(_PATH_DEVNULL, O_RDWR)) == -1)
diff --git a/debian/patches/user-group-modes.patch b/debian/patches/user-group-modes.patch
index 194c730..b649927 100644
--- a/debian/patches/user-group-modes.patch
+++ b/debian/patches/user-group-modes.patch
@@ -1,4 +1,4 @@
-From 04ef461f5d8a7ec8840db50ccb841aaa26687b6e Mon Sep 17 00:00:00 2001
+From c02212390140a127d47873d8d27081466bd5daeb Mon Sep 17 00:00:00 2001
From: Colin Watson <cjwatson@debian.org>
Date: Sun, 9 Feb 2014 16:09:58 +0000
Subject: Allow harmless group-writability
diff --git a/debian/tests/control b/debian/tests/control
index f7c0afb..0f5a493 100644
--- a/debian/tests/control
+++ b/debian/tests/control
@@ -25,3 +25,13 @@ Depends:
krb5-admin-server,
krb5-kdc,
openssh-server,
+
+Tests:
+ socket-activation,
+Restrictions:
+ allow-stderr,
+ isolation-container,
+ needs-root,
+Depends:
+ openssh-server,
+ sudo,
diff --git a/debian/tests/socket-activation b/debian/tests/socket-activation
new file mode 100755
index 0000000..20a0d0b
--- /dev/null
+++ b/debian/tests/socket-activation
@@ -0,0 +1,27 @@
+#! /bin/sh
+set -e
+
+testuser="testuser$$"
+adduser --quiet --disabled-password --gecos "" "$testuser"
+sudo -u "$testuser" mkdir -m700 "/home/$testuser/.ssh"
+sudo -u "$testuser" \
+ ssh-keygen -t ed25519 -N '' -f "/home/$testuser/.ssh/id_ed25519"
+sudo -u "$testuser" \
+ cp "/home/$testuser/.ssh/id_ed25519.pub" \
+ "/home/$testuser/.ssh/authorized_keys"
+
+cleanup () {
+ if [ $? -ne 0 ]; then
+ echo "## Something failed"
+ echo
+ echo "## ssh server log"
+ journalctl -b -u ssh.service --lines 100
+ fi
+}
+
+trap cleanup EXIT
+
+systemctl disable --now ssh.service
+systemctl enable --now ssh.socket
+sudo -u "$testuser" \
+ ssh -oStrictHostKeyChecking=accept-new "$testuser@localhost" date