1 files changed, 93 insertions, 0 deletions
diff --git a/debian/patches/revert-ipqos-defaults.patch b/debian/patches/revert-ipqos-defaults.patch
new file mode 100644
index 000000000..b84cef134
--- /dev/null
+++ b/debian/patches/revert-ipqos-defaults.patch
@@ -0,0 +1,93 @@
+From 3728919292c05983372954d27426f7d966813139 Mon Sep 17 00:00:00 2001
+From: Colin Watson <cjwatson@debian.org>
+Date: Mon, 8 Apr 2019 10:46:29 +0100
+Subject: Revert "upstream: Update default IPQoS in ssh(1), sshd(8) to DSCP
+ AF21 for"
+This reverts commit 5ee8448ad7c306f05a9f56769f95336a8269f379.
+The IPQoS default changes have some unfortunate interactions with
+iptables (see https://bugs.debian.org/923880) and VMware, so I'm
+temporarily reverting them until those have been fixed.
+Bug-Debian: https://bugs.debian.org/923879
+Bug-Debian: https://bugs.debian.org/926229
+Bug-Ubuntu: https://bugs.launchpad.net/bugs/1822370
+Last-Update: 2019-04-08
+Patch-Name: revert-ipqos-defaults.patch
+---
+ readconf.c    | 4 ++--
+ servconf.c    | 4 ++--
+ ssh_config.5  | 6 ++----
+ sshd_config.5 | 6 ++----
+ 4 files changed, 8 insertions(+), 12 deletions(-)
+diff --git a/readconf.c b/readconf.c
+index e676b6be6..c60df5602 100644
+--- a/readconf.c
+++ b/readconf.c
+@@ -2298,9 +2298,9 @@ fill_default_options(Options * options)
+        if (options->visual_host_key == -1)
+                options->visual_host_key = 0;
+        if (options->ip_qos_interactive == -1)
+-               options->ip_qos_interactive = IPTOS_DSCP_AF21;
+               options->ip_qos_interactive = IPTOS_LOWDELAY;
+        if (options->ip_qos_bulk == -1)
+-               options->ip_qos_bulk = IPTOS_DSCP_CS1;
+               options->ip_qos_bulk = IPTOS_THROUGHPUT;
+        if (options->request_tty == -1)
+                options->request_tty = REQUEST_TTY_AUTO;
+        if (options->proxy_use_fdpass == -1)
+diff --git a/servconf.c b/servconf.c
+index f9eb778d6..98afcfcec 100644
+--- a/servconf.c
+++ b/servconf.c
+@@ -453,9 +453,9 @@ fill_default_server_options(ServerOptions *options)
+        if (options->permit_tun == -1)
+                options->permit_tun = SSH_TUNMODE_NO;
+        if (options->ip_qos_interactive == -1)
+-               options->ip_qos_interactive = IPTOS_DSCP_AF21;
+               options->ip_qos_interactive = IPTOS_LOWDELAY;
+        if (options->ip_qos_bulk == -1)
+-               options->ip_qos_bulk = IPTOS_DSCP_CS1;
+               options->ip_qos_bulk = IPTOS_THROUGHPUT;
+        if (options->version_addendum == NULL)
+                options->version_addendum = xstrdup("");
+        if (options->fwd_opts.streamlocal_bind_mask == (mode_t)-1)
+diff --git a/ssh_config.5 b/ssh_config.5
+index 6d6c59521..080d289a7 100644
+--- a/ssh_config.5
+++ b/ssh_config.5
+@@ -1156,11 +1156,9 @@ If one argument is specified, it is used as the packet class unconditionally.
+ If two values are specified, the first is automatically selected for
+ interactive sessions and the second for non-interactive sessions.
+ The default is
+-.Cm af21
+-(Low-Latency Data)
+.Cm lowdelay
+ for interactive sessions and
+-.Cm cs1
+-(Lower Effort)
+.Cm throughput
+ for non-interactive sessions.
+ .It Cm KbdInteractiveAuthentication
+ Specifies whether to use keyboard-interactive authentication.
+diff --git a/sshd_config.5 b/sshd_config.5
+index 472001dd1..a555e7ec3 100644
+--- a/sshd_config.5
+++ b/sshd_config.5
+@@ -925,11 +925,9 @@ If one argument is specified, it is used as the packet class unconditionally.
+ If two values are specified, the first is automatically selected for
+ interactive sessions and the second for non-interactive sessions.
+ The default is
+-.Cm af21
+-(Low-Latency Data)
+.Cm lowdelay
+ for interactive sessions and
+-.Cm cs1
+-(Lower Effort)
+.Cm throughput
+ for non-interactive sessions.
+ .It Cm KbdInteractiveAuthentication
+ Specifies whether to allow keyboard-interactive authentication.

diff --git a/debian/patches/revert-ipqos-defaults.patch b/debian/patches/revert-ipqos-defaults.patch new file mode 100644 index 000000000..b84cef134 --- /dev/null +++ b/debian/patches/revert-ipqos-defaults.patch
@@ -0,0 +1,93 @@
	1	From 3728919292c05983372954d27426f7d966813139 Mon Sep 17 00:00:00 2001
	2	From: Colin Watson <cjwatson@debian.org>
	3	Date: Mon, 8 Apr 2019 10:46:29 +0100
	4	Subject: Revert "upstream: Update default IPQoS in ssh(1), sshd(8) to DSCP
	5	AF21 for"
	6
	7	This reverts commit 5ee8448ad7c306f05a9f56769f95336a8269f379.
	8
	9	The IPQoS default changes have some unfortunate interactions with
	10	iptables (see https://bugs.debian.org/923880) and VMware, so I'm
	11	temporarily reverting them until those have been fixed.
	12
	13	Bug-Debian: https://bugs.debian.org/923879
	14	Bug-Debian: https://bugs.debian.org/926229
	15	Bug-Ubuntu: https://bugs.launchpad.net/bugs/1822370
	16	Last-Update: 2019-04-08
	17
	18	Patch-Name: revert-ipqos-defaults.patch
	19	---
	20	readconf.c \| 4 ++--
	21	servconf.c \| 4 ++--
	22	ssh_config.5 \| 6 ++----
	23	sshd_config.5 \| 6 ++----
	24	4 files changed, 8 insertions(+), 12 deletions(-)
	25
	26	diff --git a/readconf.c b/readconf.c
	27	index e676b6be6..c60df5602 100644
	28	--- a/readconf.c
	29	+++ b/readconf.c
	30	@@ -2298,9 +2298,9 @@ fill_default_options(Options * options)
	31	if (options->visual_host_key == -1)
	32	options->visual_host_key = 0;
	33	if (options->ip_qos_interactive == -1)
	34	- options->ip_qos_interactive = IPTOS_DSCP_AF21;
	35	+ options->ip_qos_interactive = IPTOS_LOWDELAY;
	36	if (options->ip_qos_bulk == -1)
	37	- options->ip_qos_bulk = IPTOS_DSCP_CS1;
	38	+ options->ip_qos_bulk = IPTOS_THROUGHPUT;
	39	if (options->request_tty == -1)
	40	options->request_tty = REQUEST_TTY_AUTO;
	41	if (options->proxy_use_fdpass == -1)
	42	diff --git a/servconf.c b/servconf.c
	43	index f9eb778d6..98afcfcec 100644
	44	--- a/servconf.c
	45	+++ b/servconf.c
	46	@@ -453,9 +453,9 @@ fill_default_server_options(ServerOptions *options)
	47	if (options->permit_tun == -1)
	48	options->permit_tun = SSH_TUNMODE_NO;
	49	if (options->ip_qos_interactive == -1)
	50	- options->ip_qos_interactive = IPTOS_DSCP_AF21;
	51	+ options->ip_qos_interactive = IPTOS_LOWDELAY;
	52	if (options->ip_qos_bulk == -1)
	53	- options->ip_qos_bulk = IPTOS_DSCP_CS1;
	54	+ options->ip_qos_bulk = IPTOS_THROUGHPUT;
	55	if (options->version_addendum == NULL)
	56	options->version_addendum = xstrdup("");
	57	if (options->fwd_opts.streamlocal_bind_mask == (mode_t)-1)
	58	diff --git a/ssh_config.5 b/ssh_config.5
	59	index 6d6c59521..080d289a7 100644
	60	--- a/ssh_config.5
	61	+++ b/ssh_config.5
	62	@@ -1156,11 +1156,9 @@ If one argument is specified, it is used as the packet class unconditionally.
	63	If two values are specified, the first is automatically selected for
	64	interactive sessions and the second for non-interactive sessions.
	65	The default is
	66	-.Cm af21
	67	-(Low-Latency Data)
	68	+.Cm lowdelay
	69	for interactive sessions and
	70	-.Cm cs1
	71	-(Lower Effort)
	72	+.Cm throughput
	73	for non-interactive sessions.
	74	.It Cm KbdInteractiveAuthentication
	75	Specifies whether to use keyboard-interactive authentication.
	76	diff --git a/sshd_config.5 b/sshd_config.5
	77	index 472001dd1..a555e7ec3 100644
	78	--- a/sshd_config.5
	79	+++ b/sshd_config.5
	80	@@ -925,11 +925,9 @@ If one argument is specified, it is used as the packet class unconditionally.
	81	If two values are specified, the first is automatically selected for
	82	interactive sessions and the second for non-interactive sessions.
	83	The default is
	84	-.Cm af21
	85	-(Low-Latency Data)
	86	+.Cm lowdelay
	87	for interactive sessions and
	88	-.Cm cs1
	89	-(Lower Effort)
	90	+.Cm throughput
	91	for non-interactive sessions.
	92	.It Cm KbdInteractiveAuthentication
	93	Specifies whether to allow keyboard-interactive authentication.