Bug#941810: buster-pu: package openssh/1:7.9p1-10
Hi Colin,
On Sun, Oct 06, 2019 at 08:03:19PM +0100, Colin Watson wrote:
> On Sun, Oct 06, 2019 at 04:22:23PM +0200, Salvatore Bonaccorso wrote:
> > On Sat, Oct 05, 2019 at 10:39:29PM +0100, Colin Watson wrote:
> > > https://bugs.debian.org/941663 reports an OpenSSH regression on old
> > > kernels prompted by the interaction between an OpenSSL update and a
> > > seccomp filter; https://bugs.debian.org/941665 and
> > > https://github.com/openssh/openssh-portable/pull/149 have more details.
> > > The patch is an easy one to cherry-pick, and I've attached the resulting
> > > diff. I'd like approval to upload it.
> > >
> > > I'm not sure where's best to upload this to. Although I've filed this
> > > as a stable update request, there's an argument that perhaps it should
> > > be issued through the same channels as the OpenSSL update
> > > (stable-security and then copied to stable-proposed-updates, according
> > > to https://tracker.debian.org/pkg/openssl), so I've CCed team@security.
> > > Any advice?
> >
> > Okay let's be on the safe side and update openssh for this functional
> > regression via buster-security.
> >
> > Can you adjust the changelog accordingly and upload to
> > security-master? (Make sure to build with -sa, and to not include a
> > _{arch}.buildinfo file in case you perform a source only upload).
>
> Done. I usually get something wrong in the mechanics of doing security
> uploads, but maybe I got it right for once.
Looks good so far!
> I don't have a pre-3.19 system around to test this on, but I at least
> made sure that an ordinary buster system (with 4.19) is fine.
I was able to reproduce the issue in a buster LXC container running on
a host with < 3.19 kernel (specifically reproduced with a jessie
host). Will double check the fixed packages as well in that setup.
Regards,
Salvatore
Reply to: