diff -Nru openssh-8.4p1/debian/changelog openssh-8.4p1/debian/changelog
--- openssh-8.4p1/debian/changelog	2021-08-19 05:04:01.000000000 -0500
+++ openssh-8.4p1/debian/changelog	2021-08-26 13:51:02.000000000 -0500
@@ -1,3 +1,11 @@
+openssh (1:8.4p1-6ubuntu1) impish; urgency=low
+
+  * Merge from Debian unstable (LP: #1941799). Remaining changes:
+    - Cherry-pick seccomp fixes for glibc 2.33 thanks to Dave Jones for
+      reports on armhf.
+
+ -- William 'jawn-smith' Wilson <william.wilson@canonical.com>  Thu, 26 Aug 2021 12:51:02 -0600
+
 openssh (1:8.4p1-6) unstable; urgency=medium
 
   [ Colin Watson ]
@@ -15,12 +23,56 @@
 
  -- Colin Watson <cjwatson@debian.org>  Thu, 19 Aug 2021 11:04:01 +0100
 
+openssh (1:8.4p1-5ubuntu2) impish; urgency=medium
+
+  * d/systemd/ssh@.service: preserve the systemd managed runtime directory to
+    ensure parallel processes will not disrupt one another when halting
+    (LP: #1905285) (closes: #934663)
+
+ -- Athos Ribeiro <athos.ribeiro@canonical.com>  Mon, 05 Jul 2021 09:21:03 -0300
+
+openssh (1:8.4p1-5ubuntu1) hirsute; urgency=medium
+
+  * Merge with Debian; remaining changes:
+    - Cherry-pick seccomp fixes for glibc 2.33 thanks to Dave Jones for
+      reports on armhf.
+
+ -- Matthias Klose <doko@ubuntu.com>  Tue, 23 Mar 2021 15:27:12 +0100
+
 openssh (1:8.4p1-5) unstable; urgency=high
 
   * CVE-2021-28041: Fix double free in ssh-agent(1) (closes: #984940).
 
  -- Colin Watson <cjwatson@debian.org>  Sat, 13 Mar 2021 09:59:40 +0000
 
+openssh (1:8.4p1-4ubuntu2) hirsute; urgency=medium
+
+  * SECURITY UPDATE: double-free memory corruption in ssh-agent
+    - debian/patches/CVE-2021-28041.patch: set ext_name to NULL after
+      freeing it so it doesn't get freed again later on in ssh-agent.c.
+    - CVE-2021-28041
+
+ -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Tue, 09 Mar 2021 08:44:15 -0500
+
+openssh (1:8.4p1-4ubuntu1) hirsute; urgency=medium
+
+  * Cherry-pick seccomp fixes for glibc 2.33 thanks to Dave Jones for
+    reports on armhf.
+
+ -- Dimitri John Ledkov <xnox@ubuntu.com>  Tue, 23 Feb 2021 12:55:46 +0000
+
+openssh (1:8.4p1-4build2) hirsute; urgency=medium
+
+  * No-change rebuild to drop the udeb package.
+
+ -- Matthias Klose <doko@ubuntu.com>  Mon, 22 Feb 2021 10:35:45 +0100
+
+openssh (1:8.4p1-4build1) hirsute; urgency=medium
+
+  * No change rebuild with fixed ownership.
+
+ -- Dimitri John Ledkov <xnox@ubuntu.com>  Tue, 16 Feb 2021 15:19:19 +0000
+
 openssh (1:8.4p1-4) unstable; urgency=medium
 
   * Avoid using libmd's <sha2.h> even if it's installed (closes: #982705).
@@ -6102,3 +6154,4 @@
   * Initial release
 
  -- Dan Brosemer <odin@linuxfreak.com>  Wed, 27 Oct 1999 19:39:46 -0500
+
diff -Nru openssh-8.4p1/debian/control openssh-8.4p1/debian/control
--- openssh-8.4p1/debian/control	2021-08-19 05:04:01.000000000 -0500
+++ openssh-8.4p1/debian/control	2021-08-19 09:44:56.000000000 -0500
@@ -1,7 +1,8 @@
 Source: openssh
 Section: net
 Priority: standard
-Maintainer: Debian OpenSSH Maintainers <debian-ssh@lists.debian.org>
+Maintainer: Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com>
+XSBC-Original-Maintainer: Debian OpenSSH Maintainers <debian-ssh@lists.debian.org>
 Build-Depends: autotools-dev,
                debhelper (>= 9.20160709~),
                debhelper-compat (= 9),
diff -Nru openssh-8.4p1/debian/patches/0f90440ca70abab947acbd77795e9f130967956c.patch openssh-8.4p1/debian/patches/0f90440ca70abab947acbd77795e9f130967956c.patch
--- openssh-8.4p1/debian/patches/0f90440ca70abab947acbd77795e9f130967956c.patch	1969-12-31 18:00:00.000000000 -0600
+++ openssh-8.4p1/debian/patches/0f90440ca70abab947acbd77795e9f130967956c.patch	2021-07-05 07:21:03.000000000 -0500
@@ -0,0 +1,25 @@
+From 0f90440ca70abab947acbd77795e9f130967956c Mon Sep 17 00:00:00 2001
+From: Darren Tucker <dtucker@dtucker.net>
+Date: Fri, 20 Nov 2020 13:37:54 +1100
+Subject: [PATCH] Add new pselect6_time64 syscall on ARM.
+
+This is apparently needed on armhfp/armv7hl.  bz#3232, patch from
+jjelen at redhat.com.
+---
+ sandbox-seccomp-filter.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/sandbox-seccomp-filter.c b/sandbox-seccomp-filter.c
+index e0768c0636..5065ae7efc 100644
+--- a/sandbox-seccomp-filter.c
++++ b/sandbox-seccomp-filter.c
+@@ -267,6 +267,9 @@ static const struct sock_filter preauth_insns[] = {
+ #ifdef __NR_pselect6
+ 	SC_ALLOW(__NR_pselect6),
+ #endif
++#ifdef __NR_pselect6_time64
++	SC_ALLOW(__NR_pselect6_time64),
++#endif
+ #ifdef __NR_read
+ 	SC_ALLOW(__NR_read),
+ #endif
diff -Nru openssh-8.4p1/debian/patches/1bb130ed34721d46452529d094d9bbf045607d79.patch openssh-8.4p1/debian/patches/1bb130ed34721d46452529d094d9bbf045607d79.patch
--- openssh-8.4p1/debian/patches/1bb130ed34721d46452529d094d9bbf045607d79.patch	1969-12-31 18:00:00.000000000 -0600
+++ openssh-8.4p1/debian/patches/1bb130ed34721d46452529d094d9bbf045607d79.patch	2021-07-05 07:21:03.000000000 -0500
@@ -0,0 +1,25 @@
+From 1bb130ed34721d46452529d094d9bbf045607d79 Mon Sep 17 00:00:00 2001
+From: Darren Tucker <dtucker@dtucker.net>
+Date: Thu, 11 Feb 2021 10:18:05 +1100
+Subject: [PATCH] Add __NR_futex_time64 to seccomp sandbox.
+
+This is apparently needed for (some) 32 bit platforms with glibc 2.33.
+Patch from nix at esperi.org.uk and jjelen at redhat.com via bz#3260.
+---
+ sandbox-seccomp-filter.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/sandbox-seccomp-filter.c b/sandbox-seccomp-filter.c
+index d942b5e167..d8dc7120bd 100644
+--- a/sandbox-seccomp-filter.c
++++ b/sandbox-seccomp-filter.c
+@@ -207,6 +207,9 @@ static const struct sock_filter preauth_insns[] = {
+ #ifdef __NR_futex
+ 	SC_ALLOW(__NR_futex),
+ #endif
++#ifdef __NR_futex_time64
++	SC_ALLOW(__NR_futex_time64),
++#endif
+ #ifdef __NR_geteuid
+ 	SC_ALLOW(__NR_geteuid),
+ #endif
diff -Nru openssh-8.4p1/debian/patches/2e0beff67def2120f4b051b1016d7fbf84823e78.patch openssh-8.4p1/debian/patches/2e0beff67def2120f4b051b1016d7fbf84823e78.patch
--- openssh-8.4p1/debian/patches/2e0beff67def2120f4b051b1016d7fbf84823e78.patch	1969-12-31 18:00:00.000000000 -0600
+++ openssh-8.4p1/debian/patches/2e0beff67def2120f4b051b1016d7fbf84823e78.patch	2021-07-05 07:21:03.000000000 -0500
@@ -0,0 +1,23 @@
+From 2e0beff67def2120f4b051b1016d7fbf84823e78 Mon Sep 17 00:00:00 2001
+From: Luca Weiss <luca@z3ntu.xyz>
+Date: Sun, 8 Nov 2020 14:19:23 +0100
+Subject: [PATCH] Deny (non-fatal) statx in preauth privsep child.
+
+---
+ sandbox-seccomp-filter.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/sandbox-seccomp-filter.c b/sandbox-seccomp-filter.c
+index 5065ae7efc..d942b5e167 100644
+--- a/sandbox-seccomp-filter.c
++++ b/sandbox-seccomp-filter.c
+@@ -181,6 +181,9 @@ static const struct sock_filter preauth_insns[] = {
+ #ifdef __NR_ipc
+ 	SC_DENY(__NR_ipc, EACCES),
+ #endif
++#ifdef __NR_statx
++	SC_DENY(__NR_statx, EACCES),
++#endif
+ 
+ 	/* Syscalls to permit */
+ #ifdef __NR_brk
diff -Nru openssh-8.4p1/debian/patches/series openssh-8.4p1/debian/patches/series
--- openssh-8.4p1/debian/patches/series	2021-08-19 05:04:01.000000000 -0500
+++ openssh-8.4p1/debian/patches/series	2021-08-26 13:17:18.000000000 -0500
@@ -26,4 +26,7 @@
 revert-x32-sandbox-breakage.patch
 ssh-copy-id-heredoc-syntax.patch
 ssh-agent-double-free.patch
+0f90440ca70abab947acbd77795e9f130967956c.patch
+2e0beff67def2120f4b051b1016d7fbf84823e78.patch
+1bb130ed34721d46452529d094d9bbf045607d79.patch
 regress-includes.patch