On Tue, May 05, 2026 at 09:42:31PM -0400, Jon wrote:
I'm not sure if this is the right way to file a bug against something sitting in stable-proposed-updates. I'm flagging it as important only because it would be a notable regression if it reached stable.
Oops - thanks for the heads-up! CCing #1135624 so that the release team is aware of the regression.
The recent upload of OpenSSH to trixie-p-u backported the IPQoS changes from 10.1p1 without including the fix for bz#3872 https://bugzilla.mindrot.org/show_bug.cgi?id=3872 https://anongit.mindrot.org/openssh.git/commit/?h=V_10_1&id=979cbc2c1e0c9cd2f60d45d8d1da69519ec425cf I've confirmed that the bug appears in the package sitting in trixie-p-u
I'm test-building the attached patch, and will upload to trixie-p-u if it checks out.
-- Colin Watson (he/him) [[email protected]]
diff -Nru openssh-10.0p1/debian/.git-dpm openssh-10.0p1/debian/.git-dpm --- openssh-10.0p1/debian/.git-dpm 2026-05-05 11:25:39.000000000 +0100 +++ openssh-10.0p1/debian/.git-dpm 2026-05-06 12:01:39.000000000 +0100 @@ -1,6 +1,6 @@ # see git-dpm(1) from git-dpm package -4207d8a7a4060cad77ec1b78ff08f3e0546c4fbd -4207d8a7a4060cad77ec1b78ff08f3e0546c4fbd +aa43d30c43eee0901aa8e3993b47c712e4d4ae16 +aa43d30c43eee0901aa8e3993b47c712e4d4ae16 860fa104f07024318a40065f07708daa5753f55d 860fa104f07024318a40065f07708daa5753f55d openssh_10.0p1.orig.tar.gz diff -Nru openssh-10.0p1/debian/changelog openssh-10.0p1/debian/changelog --- openssh-10.0p1/debian/changelog 2026-05-05 11:25:39.000000000 +0100 +++ openssh-10.0p1/debian/changelog 2026-05-06 12:01:40.000000000 +0100 @@ -1,3 +1,10 @@ +openssh (1:10.0p1-7+deb13u4) UNRELEASED; urgency=medium + + * Don't reuse c->isatty for signalling that the remote channel has a tty + attached (closes: #1135798). + + -- Colin Watson <[email protected]> Wed, 06 May 2026 12:01:40 +0100 + openssh (1:10.0p1-7+deb13u3) trixie; urgency=medium * Backport minor security fixes from 10.3p1: diff -Nru openssh-10.0p1/debian/patches/avoid-channel-isatty-overloading.patch openssh-10.0p1/debian/patches/avoid-channel-isatty-overloading.patch --- openssh-10.0p1/debian/patches/avoid-channel-isatty-overloading.patch 1970-01-01 01:00:00.000000000 +0100 +++ openssh-10.0p1/debian/patches/avoid-channel-isatty-overloading.patch 2026-05-06 12:01:39.000000000 +0100 @@ -0,0 +1,67 @@ +From aa43d30c43eee0901aa8e3993b47c712e4d4ae16 Mon Sep 17 00:00:00 2001 +From: "[email protected]" <[email protected]> +Date: Tue, 7 Oct 2025 08:02:32 +0000 +Subject: upstream: don't reuse c->isatty for signalling that the remote + channel + +has a tty attached as this causes side effects, e.g. in channel_handle_rfd(). +bz3872 + +ok markus@ + +OpenBSD-Commit-ID: 4cd8a9f641498ca6089442e59bad0fd3dcbe85f8 + +Origin: upstream, https://anongit.mindrot.org/openssh.git/commit/?id=979cbc2c1e0c9cd2f60d45d8d1da69519ec425cf +Bug-Debian: https://bugs.debian.org/1135798 +Last-Update: 2026-05-06 + +Patch-Name: avoid-channel-isatty-overloading.patch +--- + channels.c | 7 ++++--- + channels.h | 1 + + 2 files changed, 5 insertions(+), 3 deletions(-) + +diff --git a/channels.c b/channels.c +index 1a8f8ad4a..1fe9710a4 100644 +--- a/channels.c ++++ b/channels.c +@@ -368,7 +368,7 @@ channel_classify(struct ssh *ssh, Channel *c) + { + struct ssh_channels *sc = ssh->chanctxt; + const char *type = c->xctype == NULL ? c->ctype : c->xctype; +- const char *classifier = c->isatty ? ++ const char *classifier = (c->isatty || c->remote_has_tty) ? + sc->bulk_classifier_tty : sc->bulk_classifier_notty; + + c->bulk = type != NULL && match_pattern_list(type, classifier, 0) == 1; +@@ -572,7 +572,7 @@ channel_new(struct ssh *ssh, char *ctype, int type, int rfd, int wfd, int efd, + void + channel_set_tty(struct ssh *ssh, Channel *c) + { +- c->isatty = 1; ++ c->remote_has_tty = 1; + channel_classify(ssh, c); + } + +@@ -1063,7 +1063,8 @@ channel_format_status(const Channel *c) + c->rfd, c->wfd, c->efd, c->sock, c->ctl_chan, + c->have_ctl_child_id ? "c" : "nc", c->ctl_child_id, + c->io_want, c->io_ready, +- c->isatty ? "T" : "", c->bulk ? "B" : "I"); ++ c->isatty ? "T" : (c->remote_has_tty ? "RT" : ""), ++ c->bulk ? "B" : "I"); + return ret; + } + +diff --git a/channels.h b/channels.h +index a84c9dfdd..b33db8d8e 100644 +--- a/channels.h ++++ b/channels.h +@@ -145,6 +145,7 @@ struct Channel { + int ctl_chan; /* control channel (multiplexed connections) */ + uint32_t ctl_child_id; /* child session for mux controllers */ + int have_ctl_child_id;/* non-zero if ctl_child_id is valid */ ++ int remote_has_tty; /* remote side has a tty */ + int isatty; /* rfd is a tty */ + #ifdef _AIX + int wfd_isatty; /* wfd is a tty */ diff -Nru openssh-10.0p1/debian/patches/series openssh-10.0p1/debian/patches/series --- openssh-10.0p1/debian/patches/series 2026-05-05 11:25:39.000000000 +0100 +++ openssh-10.0p1/debian/patches/series 2026-05-06 12:01:39.000000000 +0100 @@ -40,3 +40,4 @@ ipqos-deprecate-tos-keywords.patch ipqos-set-at-runtime.patch ipqos-set-extended-type.patch +avoid-channel-isatty-overloading.patch
