On Sun, Oct 06, 2019 at 04:22:23PM +0200, Salvatore Bonaccorso wrote: > On Sat, Oct 05, 2019 at 10:39:29PM +0100, Colin Watson wrote: > > https://bugs.debian.org/941663 reports an OpenSSH regression on old > > kernels prompted by the interaction between an OpenSSL update and a > > seccomp filter; https://bugs.debian.org/941665 and > > https://github.com/openssh/openssh-portable/pull/149 have more details. > > The patch is an easy one to cherry-pick, and I've attached the resulting > > diff. I'd like approval to upload it. > > > > I'm not sure where's best to upload this to. Although I've filed this > > as a stable update request, there's an argument that perhaps it should > > be issued through the same channels as the OpenSSL update > > (stable-security and then copied to stable-proposed-updates, according > > to https://tracker.debian.org/pkg/openssl), so I've CCed team@security. > > Any advice? > > Okay let's be on the safe side and update openssh for this functional > regression via buster-security. > > Can you adjust the changelog accordingly and upload to > security-master? (Make sure to build with -sa, and to not include a > _{arch}.buildinfo file in case you perform a source only upload).
Done. I usually get something wrong in the mechanics of doing security uploads, but maybe I got it right for once. I don't have a pre-3.19 system around to test this on, but I at least made sure that an ordinary buster system (with 4.19) is fine. -- Colin Watson [cjwat...@debian.org]
