summaryrefslogtreecommitdiff
path: root/debian
diff options
context:
space:
mode:
Diffstat (limited to 'debian')
-rw-r--r--debian/.git-dpm4
-rw-r--r--debian/README.Debian20
-rw-r--r--debian/changelog8
-rw-r--r--debian/patches/revert-ipqos-defaults.patch93
-rw-r--r--debian/patches/series1
5 files changed, 124 insertions, 2 deletions
diff --git a/debian/.git-dpm b/debian/.git-dpm
index 6e6c8addb..65e73673d 100644
--- a/debian/.git-dpm
+++ b/debian/.git-dpm
@@ -1,6 +1,6 @@
1# see git-dpm(1) from git-dpm package 1# see git-dpm(1) from git-dpm package
27a3fa37583d4abf128f7f4c6eb1e7ffc90115eab 26b56cd57db9061296231f14d537f1ebaf25e8877
37a3fa37583d4abf128f7f4c6eb1e7ffc90115eab 36b56cd57db9061296231f14d537f1ebaf25e8877
43d246f10429fc9a37b98eabef94fe8dc7c61002b 43d246f10429fc9a37b98eabef94fe8dc7c61002b
53d246f10429fc9a37b98eabef94fe8dc7c61002b 53d246f10429fc9a37b98eabef94fe8dc7c61002b
6openssh_7.9p1.orig.tar.gz 6openssh_7.9p1.orig.tar.gz
diff --git a/debian/README.Debian b/debian/README.Debian
index 48f42c4e8..dbe6c2958 100644
--- a/debian/README.Debian
+++ b/debian/README.Debian
@@ -270,6 +270,26 @@ For further discussion, see:
270 270
271 https://bugs.launchpad.net/bugs/1674330 271 https://bugs.launchpad.net/bugs/1674330
272 272
273IPQoS defaults reverted to pre-7.8 values
274-----------------------------------------
275
276OpenSSH 7.8 changed the default IPQoS settings to use DSCP AF21 for
277interactive traffic and CS1 for bulk. This caused some problems with other
278software ("iptables -m tos" and VMware), so Debian's OpenSSH reverts this
279change for the time being.
280
281This is *temporary*, and we expect to come back into sync with upstream
282OpenSSH once those other issues have been fixed. If you want to restore the
283upstream default, add this to ssh_config and sshd_config:
284
285 IPQoS af21 cs1
286
287For further discussion, see:
288
289 https://bugs.debian.org/923879
290 https://bugs.debian.org/926229
291 https://bugs.launchpad.net/1822370
292
273-- 293--
274Matthew Vernon <matthew@debian.org> 294Matthew Vernon <matthew@debian.org>
275Colin Watson <cjwatson@debian.org> 295Colin Watson <cjwatson@debian.org>
diff --git a/debian/changelog b/debian/changelog
index cc103b7ff..49cd2ad29 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,11 @@
1openssh (1:7.9p1-10) UNRELEASED; urgency=medium
2
3 * Temporarily revert IPQoS defaults to pre-7.8 values until issues with
4 "iptables -m tos" and VMware have been fixed (closes: #923879, #926229;
5 LP: #1822370).
6
7 -- Colin Watson <cjwatson@debian.org> Mon, 08 Apr 2019 10:57:05 +0100
8
1openssh (1:7.9p1-9) unstable; urgency=medium 9openssh (1:7.9p1-9) unstable; urgency=medium
2 10
3 * Apply upstream patch to make scp handle shell-style brace expansions 11 * Apply upstream patch to make scp handle shell-style brace expansions
diff --git a/debian/patches/revert-ipqos-defaults.patch b/debian/patches/revert-ipqos-defaults.patch
new file mode 100644
index 000000000..a329b9be1
--- /dev/null
+++ b/debian/patches/revert-ipqos-defaults.patch
@@ -0,0 +1,93 @@
1From 6b56cd57db9061296231f14d537f1ebaf25e8877 Mon Sep 17 00:00:00 2001
2From: Colin Watson <cjwatson@debian.org>
3Date: Mon, 8 Apr 2019 10:46:29 +0100
4Subject: Revert "upstream: Update default IPQoS in ssh(1), sshd(8) to DSCP
5 AF21 for"
6
7This reverts commit 5ee8448ad7c306f05a9f56769f95336a8269f379.
8
9The IPQoS default changes have some unfortunate interactions with
10iptables (see https://bugs.debian.org/923880) and VMware, so I'm
11temporarily reverting them until those have been fixed.
12
13Bug-Debian: https://bugs.debian.org/923879
14Bug-Debian: https://bugs.debian.org/926229
15Bug-Ubuntu: https://bugs.launchpad.net/1822370
16Last-Update: 2019-04-08
17
18Patch-Name: revert-ipqos-defaults.patch
19---
20 readconf.c | 4 ++--
21 servconf.c | 4 ++--
22 ssh_config.5 | 6 ++----
23 sshd_config.5 | 6 ++----
24 4 files changed, 8 insertions(+), 12 deletions(-)
25
26diff --git a/readconf.c b/readconf.c
27index 661b8bf40..6d046f063 100644
28--- a/readconf.c
29+++ b/readconf.c
30@@ -2133,9 +2133,9 @@ fill_default_options(Options * options)
31 if (options->visual_host_key == -1)
32 options->visual_host_key = 0;
33 if (options->ip_qos_interactive == -1)
34- options->ip_qos_interactive = IPTOS_DSCP_AF21;
35+ options->ip_qos_interactive = IPTOS_LOWDELAY;
36 if (options->ip_qos_bulk == -1)
37- options->ip_qos_bulk = IPTOS_DSCP_CS1;
38+ options->ip_qos_bulk = IPTOS_THROUGHPUT;
39 if (options->request_tty == -1)
40 options->request_tty = REQUEST_TTY_AUTO;
41 if (options->proxy_use_fdpass == -1)
42diff --git a/servconf.c b/servconf.c
43index c5dd617ef..bf2669147 100644
44--- a/servconf.c
45+++ b/servconf.c
46@@ -403,9 +403,9 @@ fill_default_server_options(ServerOptions *options)
47 if (options->permit_tun == -1)
48 options->permit_tun = SSH_TUNMODE_NO;
49 if (options->ip_qos_interactive == -1)
50- options->ip_qos_interactive = IPTOS_DSCP_AF21;
51+ options->ip_qos_interactive = IPTOS_LOWDELAY;
52 if (options->ip_qos_bulk == -1)
53- options->ip_qos_bulk = IPTOS_DSCP_CS1;
54+ options->ip_qos_bulk = IPTOS_THROUGHPUT;
55 if (options->version_addendum == NULL)
56 options->version_addendum = xstrdup("");
57 if (options->fwd_opts.streamlocal_bind_mask == (mode_t)-1)
58diff --git a/ssh_config.5 b/ssh_config.5
59index 1a8e24bd1..f6c1b3b33 100644
60--- a/ssh_config.5
61+++ b/ssh_config.5
62@@ -1055,11 +1055,9 @@ If one argument is specified, it is used as the packet class unconditionally.
63 If two values are specified, the first is automatically selected for
64 interactive sessions and the second for non-interactive sessions.
65 The default is
66-.Cm af21
67-(Low-Latency Data)
68+.Cm lowdelay
69 for interactive sessions and
70-.Cm cs1
71-(Lower Effort)
72+.Cm throughput
73 for non-interactive sessions.
74 .It Cm KbdInteractiveAuthentication
75 Specifies whether to use keyboard-interactive authentication.
76diff --git a/sshd_config.5 b/sshd_config.5
77index ba50a30f1..03f813e72 100644
78--- a/sshd_config.5
79+++ b/sshd_config.5
80@@ -866,11 +866,9 @@ If one argument is specified, it is used as the packet class unconditionally.
81 If two values are specified, the first is automatically selected for
82 interactive sessions and the second for non-interactive sessions.
83 The default is
84-.Cm af21
85-(Low-Latency Data)
86+.Cm lowdelay
87 for interactive sessions and
88-.Cm cs1
89-(Lower Effort)
90+.Cm throughput
91 for non-interactive sessions.
92 .It Cm KbdInteractiveAuthentication
93 Specifies whether to allow keyboard-interactive authentication.
diff --git a/debian/patches/series b/debian/patches/series
index ff6011442..b0da97283 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -31,3 +31,4 @@ check-filenames-in-scp-client.patch
31fix-key-type-check.patch 31fix-key-type-check.patch
32request-rsa-sha2-cert-signatures.patch 32request-rsa-sha2-cert-signatures.patch
33scp-handle-braces.patch 33scp-handle-braces.patch
34revert-ipqos-defaults.patch