diff -Nru openssh-8.2p1/debian/changelog openssh-8.2p1/debian/changelog
--- openssh-8.2p1/debian/changelog	2021-12-13 08:47:26.000000000 +0000
+++ openssh-8.2p1/debian/changelog	2022-04-24 04:37:12.000000000 +0000
@@ -1,9 +1,20 @@
-openssh (1:8.2p1-4ubuntu0.4ppa1+obfuscated~focal) focal; urgency=medium
+openssh (1:8.2p1-4ubuntu0.5ppa1+obfuscated~focal) focal; urgency=medium
 
   * Add handshake obfuscation
     - debian/patches/obfuscated-handshake.patch
 
- -- zinglau <zinglau2015@gmail.com>  Mon, 13 Dec 2021 16:46:32 +0000
+ -- zinglau <zinglau2015@gmail.com>  Sun, 24 Apr 2022 12:35:39 +0000
+
+openssh (1:8.2p1-4ubuntu0.5) focal; urgency=medium
+
+  * d/p/fix-connect-timeout-overflow.patch: prevent ConnectTimeout overflow.
+    (LP: #1903516)
+
+  [ Sergio Durigan Junior ]
+  * d/p/lp1966591-upstream-preserve-group-world-read-permission-on-kno.patch:
+    Preserve group/world read permissions on known_hosts. (LP: #1966591)
+
+ -- Athos Ribeiro <athos.ribeiro@canonical.com>  Wed, 30 Mar 2022 10:03:15 -0300
 
 openssh (1:8.2p1-4ubuntu0.4) focal; urgency=medium
 
diff -Nru openssh-8.2p1/debian/patches/fix-connect-timeout-overflow.patch openssh-8.2p1/debian/patches/fix-connect-timeout-overflow.patch
--- openssh-8.2p1/debian/patches/fix-connect-timeout-overflow.patch	1970-01-01 00:00:00.000000000 +0000
+++ openssh-8.2p1/debian/patches/fix-connect-timeout-overflow.patch	2022-04-24 04:34:40.000000000 +0000
@@ -0,0 +1,34 @@
+From 819b44e8b9af6ce18d3ec7505b9f461bf7991a1f Mon Sep 17 00:00:00 2001
+From: "dtucker@openbsd.org" <dtucker@openbsd.org>
+Date: Thu, 12 Nov 2020 22:38:57 +0000
+Subject: [PATCH] upstream: Prevent integer overflow when ridiculously large
+
+ConnectTimeout is specified, capping the effective value (for most platforms)
+at 24 days. bz#3229, ok djm@
+
+OpenBSD-Commit-ID: 62d4c4b7b87d111045f8e9f28b5b532d17ac5bc0
+
+Bug: https://bugzilla.mindrot.org/show_bug.cgi?id=3229
+Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1903516
+Origin: upstream, http://anongit.mindrot.org/openssh.git/commit/?id=819b44e8b9af6ce18d3ec7505b9f461bf7991a1f
+Last-Update: 2022-03-30
+---
+ ssh.c | 7 +++++--
+ 1 file changed, 5 insertions(+), 2 deletions(-)
+
+Index: openssh-8.2p1/ssh.c
+===================================================================
+--- openssh-8.2p1.orig/ssh.c	2022-04-24 12:34:18.000000000 +0800
++++ openssh-8.2p1/ssh.c	2022-04-24 12:34:18.000000000 +0800
+@@ -1421,7 +1421,10 @@
+ 			cleanup_exit(255); /* resolve_host logs the error */
+ 	}
+ 
+-	timeout_ms = options.connection_timeout * 1000;
++	if (options.connection_timeout >= INT_MAX/1000)
++		timeout_ms = INT_MAX;
++	else
++		timeout_ms = options.connection_timeout * 1000;
+ 
+ 	/* Open a connection to the remote host. */
+ 	if (ssh_connect(ssh, host, host_arg, addrs, &hostaddr, options.port,
diff -Nru openssh-8.2p1/debian/patches/lp1966591-upstream-preserve-group-world-read-permission-on-kno.patch openssh-8.2p1/debian/patches/lp1966591-upstream-preserve-group-world-read-permission-on-kno.patch
--- openssh-8.2p1/debian/patches/lp1966591-upstream-preserve-group-world-read-permission-on-kno.patch	1970-01-01 00:00:00.000000000 +0000
+++ openssh-8.2p1/debian/patches/lp1966591-upstream-preserve-group-world-read-permission-on-kno.patch	2022-03-30 13:03:15.000000000 +0000
@@ -0,0 +1,46 @@
+From: "djm@openbsd.org" <djm@openbsd.org>
+Date: Wed, 13 May 2020 09:55:57 +0000
+Subject: upstream: preserve group/world read permission on known_hosts
+
+file across runs of "ssh-keygen -Rf /path". The old behaviour was to remove
+all rights for group/other. bz#3146 ok dtucker@
+
+OpenBSD-Commit-ID: dc369d0e0b5dd826430c63fd5f4b269953448a8a
+
+Origin: backport, https://github.com/openssh/openssh-portable/commit/f2d84f1b3fa68d77c99238d4c645d0266fae2a74
+Bug: https://bugzilla.mindrot.org/show_bug.cgi?id=3146
+Bug-Ubuntu: https://bugs.launchpad.net/openssh/+bug/1966591
+Applied-Upstream: 8.4
+---
+ ssh-keygen.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+Index: openssh/ssh-keygen.c
+===================================================================
+--- openssh.orig/ssh-keygen.c	2022-03-31 16:57:47.213946688 -0400
++++ openssh/ssh-keygen.c	2022-03-31 16:57:47.213946688 -0400
+@@ -1305,6 +1305,7 @@
+ 	int r, fd, oerrno, inplace = 0;
+ 	struct known_hosts_ctx ctx;
+ 	u_int foreach_options;
++	struct stat sb;
+ 
+ 	if (!have_identity) {
+ 		cp = tilde_expand_filename(_PATH_SSH_USER_HOSTFILE, pw->pw_uid);
+@@ -1314,6 +1315,8 @@
+ 		free(cp);
+ 		have_identity = 1;
+ 	}
++	if (stat(identity_file, &sb) != 0)
++		fatal("Cannot stat %s: %s", identity_file, strerror(errno));
+ 
+ 	memset(&ctx, 0, sizeof(ctx));
+ 	ctx.out = stdout;
+@@ -1340,6 +1343,7 @@
+ 			unlink(tmp);
+ 			fatal("fdopen: %s", strerror(oerrno));
+ 		}
++		fchmod(fd, sb.st_mode & 0644);
+ 		inplace = 1;
+ 	}
+ 	/* XXX support identity_file == "-" for stdin */
diff -Nru openssh-8.2p1/debian/patches/match-host-certs-w-public-keys.patch openssh-8.2p1/debian/patches/match-host-certs-w-public-keys.patch
--- openssh-8.2p1/debian/patches/match-host-certs-w-public-keys.patch	2021-12-13 08:46:05.000000000 +0000
+++ openssh-8.2p1/debian/patches/match-host-certs-w-public-keys.patch	2022-03-30 13:03:15.000000000 +0000
@@ -17,10 +17,8 @@
  sshd.c | 4 ++--
  1 file changed, 2 insertions(+), 2 deletions(-)
 
-Index: openssh-8.2p1/sshd.c
-===================================================================
---- openssh-8.2p1.orig/sshd.c	2021-12-13 16:45:20.000000000 +0800
-+++ openssh-8.2p1/sshd.c	2021-12-13 16:45:20.000000000 +0800
+--- a/sshd.c
++++ b/sshd.c
 @@ -1896,7 +1896,7 @@
  		/* Find matching private key */
  		for (j = 0; j < options.num_host_key_files; j++) {
diff -Nru openssh-8.2p1/debian/patches/obfuscated-handshake.patch openssh-8.2p1/debian/patches/obfuscated-handshake.patch
--- openssh-8.2p1/debian/patches/obfuscated-handshake.patch	2021-12-13 08:49:42.000000000 +0000
+++ openssh-8.2p1/debian/patches/obfuscated-handshake.patch	2022-04-24 04:36:41.000000000 +0000
@@ -2,8 +2,8 @@
 Author: zinglau <zinglau2015@gmail.com>
 Index: openssh-8.2p1/Makefile.in
 ===================================================================
---- openssh-8.2p1.orig/Makefile.in	2021-12-13 16:45:20.000000000 +0800
-+++ openssh-8.2p1/Makefile.in	2021-12-13 16:46:21.598858301 +0800
+--- openssh-8.2p1.orig/Makefile.in	2022-04-24 12:34:18.000000000 +0800
++++ openssh-8.2p1/Makefile.in	2022-04-24 12:35:18.257011408 +0800
 @@ -111,7 +111,7 @@
  	sntrup4591761.o kexsntrup4591761x25519.o kexgen.o \
  	kexgssc.o \
@@ -15,8 +15,8 @@
  
 Index: openssh-8.2p1/kex.c
 ===================================================================
---- openssh-8.2p1.orig/kex.c	2021-12-13 16:45:20.000000000 +0800
-+++ openssh-8.2p1/kex.c	2021-12-13 16:46:21.598858301 +0800
+--- openssh-8.2p1.orig/kex.c	2022-04-24 12:34:18.000000000 +0800
++++ openssh-8.2p1/kex.c	2022-04-24 12:35:18.257011408 +0800
 @@ -59,6 +59,7 @@
  #include "monitor.h"
  #include "xmalloc.h"
@@ -101,7 +101,7 @@
 Index: openssh-8.2p1/obfuscate.c
 ===================================================================
 --- /dev/null	1970-01-01 00:00:00.000000000 +0000
-+++ openssh-8.2p1/obfuscate.c	2021-12-13 16:46:21.598858301 +0800
++++ openssh-8.2p1/obfuscate.c	2022-04-24 12:35:18.257011408 +0800
 @@ -0,0 +1,220 @@
 +#include "includes.h"
 +#include <openssl/evp.h>
@@ -326,7 +326,7 @@
 Index: openssh-8.2p1/obfuscate.h
 ===================================================================
 --- /dev/null	1970-01-01 00:00:00.000000000 +0000
-+++ openssh-8.2p1/obfuscate.h	2021-12-13 16:46:21.602858299 +0800
++++ openssh-8.2p1/obfuscate.h	2022-04-24 12:35:18.257011408 +0800
 @@ -0,0 +1,10 @@
 +#ifndef _OBFUSCATE_H
 +#define _OBFUSCATE_H
@@ -341,7 +341,7 @@
 Index: openssh-8.2p1/packet.c
 ===================================================================
 --- openssh-8.2p1.orig/packet.c	2020-02-14 08:40:54.000000000 +0800
-+++ openssh-8.2p1/packet.c	2021-12-13 16:46:21.602858299 +0800
++++ openssh-8.2p1/packet.c	2022-04-24 12:35:18.257011408 +0800
 @@ -94,6 +94,7 @@
  #include "channels.h"
  #include "ssh.h"
@@ -415,7 +415,7 @@
 Index: openssh-8.2p1/packet.h
 ===================================================================
 --- openssh-8.2p1.orig/packet.h	2020-02-14 08:40:54.000000000 +0800
-+++ openssh-8.2p1/packet.h	2021-12-13 16:46:21.602858299 +0800
++++ openssh-8.2p1/packet.h	2022-04-24 12:35:18.257011408 +0800
 @@ -179,6 +179,9 @@
  void	sshpkt_fatal(struct ssh *ssh, int r, const char *fmt, ...)
  	    __attribute__((format(printf, 3, 4)));
@@ -428,8 +428,8 @@
  int	sshpkt_putb(struct ssh *ssh, const struct sshbuf *b);
 Index: openssh-8.2p1/readconf.c
 ===================================================================
---- openssh-8.2p1.orig/readconf.c	2021-12-13 16:45:20.000000000 +0800
-+++ openssh-8.2p1/readconf.c	2021-12-13 16:46:21.602858299 +0800
+--- openssh-8.2p1.orig/readconf.c	2022-04-24 12:34:18.000000000 +0800
++++ openssh-8.2p1/readconf.c	2022-04-24 12:35:18.257011408 +0800
 @@ -145,7 +145,7 @@
  	oHost, oMatch, oInclude,
  	oForwardAgent, oForwardX11, oForwardX11Trusted, oForwardX11Timeout,
@@ -476,8 +476,8 @@
  	options->request_tty = -1;
 Index: openssh-8.2p1/readconf.h
 ===================================================================
---- openssh-8.2p1.orig/readconf.h	2021-12-13 16:45:20.000000000 +0800
-+++ openssh-8.2p1/readconf.h	2021-12-13 16:46:21.602858299 +0800
+--- openssh-8.2p1.orig/readconf.h	2022-04-24 12:34:18.000000000 +0800
++++ openssh-8.2p1/readconf.h	2022-04-24 12:35:18.257011408 +0800
 @@ -146,6 +146,8 @@
  	int	permit_local_command;
  	char	*remote_command;
@@ -489,8 +489,8 @@
  
 Index: openssh-8.2p1/scp.c
 ===================================================================
---- openssh-8.2p1.orig/scp.c	2021-12-13 16:45:20.000000000 +0800
-+++ openssh-8.2p1/scp.c	2021-12-13 16:46:21.602858299 +0800
+--- openssh-8.2p1.orig/scp.c	2022-04-24 12:34:18.000000000 +0800
++++ openssh-8.2p1/scp.c	2022-04-24 12:35:18.257011408 +0800
 @@ -436,7 +436,7 @@
  
  	fflag = Tflag = tflag = 0;
@@ -518,8 +518,8 @@
  			addargs(&args, "-%c", ch);
 Index: openssh-8.2p1/servconf.c
 ===================================================================
---- openssh-8.2p1.orig/servconf.c	2021-12-13 16:45:20.000000000 +0800
-+++ openssh-8.2p1/servconf.c	2021-12-13 16:46:21.602858299 +0800
+--- openssh-8.2p1.orig/servconf.c	2022-04-24 12:34:18.000000000 +0800
++++ openssh-8.2p1/servconf.c	2022-04-24 12:35:18.261011331 +0800
 @@ -95,6 +95,7 @@
  
  	/* Standard Options */
@@ -616,8 +616,8 @@
   parse_time:
 Index: openssh-8.2p1/servconf.h
 ===================================================================
---- openssh-8.2p1.orig/servconf.h	2021-12-13 16:45:20.000000000 +0800
-+++ openssh-8.2p1/servconf.h	2021-12-13 16:46:21.602858299 +0800
+--- openssh-8.2p1.orig/servconf.h	2022-04-24 12:34:18.000000000 +0800
++++ openssh-8.2p1/servconf.h	2022-04-24 12:35:18.261011331 +0800
 @@ -201,6 +201,11 @@
  	u_int   num_permitted_listens;
  
@@ -633,7 +633,7 @@
 Index: openssh-8.2p1/sftp.c
 ===================================================================
 --- openssh-8.2p1.orig/sftp.c	2020-02-14 08:40:54.000000000 +0800
-+++ openssh-8.2p1/sftp.c	2021-12-13 16:46:21.606858297 +0800
++++ openssh-8.2p1/sftp.c	2022-04-24 12:35:18.261011331 +0800
 @@ -2409,12 +2409,13 @@
  	infile = stdin;
  
@@ -659,8 +659,8 @@
  			break;
 Index: openssh-8.2p1/ssh.c
 ===================================================================
---- openssh-8.2p1.orig/ssh.c	2021-12-13 16:45:20.000000000 +0800
-+++ openssh-8.2p1/ssh.c	2021-12-13 16:46:21.606858297 +0800
+--- openssh-8.2p1.orig/ssh.c	2022-04-24 12:34:18.000000000 +0800
++++ openssh-8.2p1/ssh.c	2022-04-24 12:35:18.261011331 +0800
 @@ -203,13 +203,14 @@
  usage(void)
  {
@@ -703,8 +703,8 @@
  		}
 Index: openssh-8.2p1/sshconnect.c
 ===================================================================
---- openssh-8.2p1.orig/sshconnect.c	2021-12-13 16:45:20.000000000 +0800
-+++ openssh-8.2p1/sshconnect.c	2021-12-13 16:46:21.606858297 +0800
+--- openssh-8.2p1.orig/sshconnect.c	2022-04-24 12:34:18.000000000 +0800
++++ openssh-8.2p1/sshconnect.c	2022-04-24 12:35:18.261011331 +0800
 @@ -64,6 +64,7 @@
  #include "monitor_fdpass.h"
  #include "ssh2.h"
@@ -750,8 +750,8 @@
  		cleanup_exit(255); /* error already logged */
 Index: openssh-8.2p1/sshd.c
 ===================================================================
---- openssh-8.2p1.orig/sshd.c	2021-12-13 16:45:20.000000000 +0800
-+++ openssh-8.2p1/sshd.c	2021-12-13 16:46:21.606858297 +0800
+--- openssh-8.2p1.orig/sshd.c	2022-04-24 12:34:18.000000000 +0800
++++ openssh-8.2p1/sshd.c	2022-04-24 12:35:18.261011331 +0800
 @@ -122,6 +122,7 @@
  #include "ssh-gss.h"
  #endif
@@ -824,8 +824,8 @@
  			error("Unable to get agent socket: %s", ssh_err(r));
 Index: openssh-8.2p1/sshd_config
 ===================================================================
---- openssh-8.2p1.orig/sshd_config	2021-12-13 16:45:20.000000000 +0800
-+++ openssh-8.2p1/sshd_config	2021-12-13 16:46:21.606858297 +0800
+--- openssh-8.2p1.orig/sshd_config	2022-04-24 12:34:18.000000000 +0800
++++ openssh-8.2p1/sshd_config	2022-04-24 12:35:18.261011331 +0800
 @@ -13,6 +13,8 @@
  Include /etc/ssh/sshd_config.d/*.conf
  
diff -Nru openssh-8.2p1/debian/patches/series openssh-8.2p1/debian/patches/series
--- openssh-8.2p1/debian/patches/series	2021-12-13 08:46:06.000000000 +0000
+++ openssh-8.2p1/debian/patches/series	2022-04-24 04:34:55.000000000 +0000
@@ -26,4 +26,6 @@
 lp-1876320-upstream-Do-not-call-process_queued_listen_addrs-for.patch
 CVE-2021-28041.patch
 match-host-certs-w-public-keys.patch
+lp1966591-upstream-preserve-group-world-read-permission-on-kno.patch
+fix-connect-timeout-overflow.patch
 obfuscated-handshake.patch