From 3115064e04541741d558cbb7b8ecab49ea1c0af9 Mon Sep 17 00:00:00 2001
From: Dominik George <natureshadow@debian.org>
Date: Thu, 28 Feb 2019 19:08:30 +0000
Subject: Correctly handle conffile move to openssh-server

Closes: #919344
---
 debian/changelog                  |  4 ++++
 debian/openssh-client.maintscript |  1 +
 debian/openssh-server.postinst    | 10 ++++++++++
 3 files changed, 15 insertions(+)
 create mode 100644 debian/openssh-client.maintscript

diff --git a/debian/changelog b/debian/changelog
index 75d338a73..9545f9606 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,5 +1,6 @@
 openssh (1:7.9p1-8) UNRELEASED; urgency=medium
 
+  [ Colin Watson ]
   * Apply upstream patch to fix bug in HostbasedAcceptedKeyTypes and
     PubkeyAcceptedKeyTypes options in the case where only RSA-SHA2 signature
     types were specified.
@@ -7,6 +8,9 @@ openssh (1:7.9p1-8) UNRELEASED; urgency=medium
     rsa-sha2-{256|512}-cert-v01@openssh.com cert algorithms (closes:
     #923419).
 
+  [ Dominik George ]
+  * Correctly handle conffile move to openssh-server (closes: #919344).
+
  -- Colin Watson <cjwatson@debian.org>  Thu, 28 Feb 2019 10:33:32 +0000
 
 openssh (1:7.9p1-7) unstable; urgency=medium
diff --git a/debian/openssh-client.maintscript b/debian/openssh-client.maintscript
new file mode 100644
index 000000000..e39db9ac5
--- /dev/null
+++ b/debian/openssh-client.maintscript
@@ -0,0 +1 @@
+rm_conffile /etc/ssh/moduli 1:7.9p1-8~
diff --git a/debian/openssh-server.postinst b/debian/openssh-server.postinst
index ae273e9c8..552b0744e 100644
--- a/debian/openssh-server.postinst
+++ b/debian/openssh-server.postinst
@@ -148,6 +148,16 @@ if [ "$action" = configure ]; then
 	    # restart it under systemd.
 	    start-stop-daemon --stop --quiet --oknodo --pidfile /run/sshd.pid --exec /usr/sbin/sshd || true
 	fi
+	if dpkg --compare-versions "$2" lt-nl 1:7.9p1-5 && \
+	   [ -f /etc/ssh/moduli.dpkg-bak ]; then
+	    # Handle /etc/ssh/moduli being moved from openssh-client to
+	    # openssh-server.  If there were no user modifications, then we
+	    # don't need to do anything special here; but if there were,
+	    # then the dpkg-maintscript-helper calls from openssh-client's
+	    # maintainer scripts will have saved the old file as .dpkg-bak,
+	    # which we now move back into place.
+	    mv /etc/ssh/moduli.dpkg-bak /etc/ssh/moduli
+	fi
 fi
 
 #DEBHELPER#
-- 
cgit v1.2.3