Version in base suite: 10.0p1-7+deb13u1
Version in overlay suite: 10.0p1-7+deb13u3

Base version: openssh_10.0p1-7+deb13u3
Target version: openssh_10.0p1-7+deb13u4
Base file: /srv/ftp-master.debian.org/ftp/pool/main/o/openssh/openssh_10.0p1-7+deb13u3.dsc
Target file: /srv/ftp-master.debian.org/policy/pool/main/o/openssh/openssh_10.0p1-7+deb13u4.dsc

 .git-dpm                                       |    4 -
 changelog                                      |    7 ++
 patches/avoid-channel-isatty-overloading.patch |   67 +++++++++++++++++++++++++
 patches/series                                 |    1 
 4 files changed, 77 insertions(+), 2 deletions(-)

dpkg-source: warning: cannot verify inline signature for /srv/release.debian.org/tmp/tmp6da4jh4z/openssh_10.0p1-7+deb13u3.dsc: no acceptable signature found
dpkg-source: warning: cannot verify inline signature for /srv/release.debian.org/tmp/tmp6da4jh4z/openssh_10.0p1-7+deb13u4.dsc: no acceptable signature found
diff -Nru openssh-10.0p1/debian/.git-dpm openssh-10.0p1/debian/.git-dpm
--- openssh-10.0p1/debian/.git-dpm	2026-05-05 10:25:39.000000000 +0000
+++ openssh-10.0p1/debian/.git-dpm	2026-05-06 12:33:32.000000000 +0000
@@ -1,6 +1,6 @@
 # see git-dpm(1) from git-dpm package
-4207d8a7a4060cad77ec1b78ff08f3e0546c4fbd
-4207d8a7a4060cad77ec1b78ff08f3e0546c4fbd
+aa43d30c43eee0901aa8e3993b47c712e4d4ae16
+aa43d30c43eee0901aa8e3993b47c712e4d4ae16
 860fa104f07024318a40065f07708daa5753f55d
 860fa104f07024318a40065f07708daa5753f55d
 openssh_10.0p1.orig.tar.gz
diff -Nru openssh-10.0p1/debian/changelog openssh-10.0p1/debian/changelog
--- openssh-10.0p1/debian/changelog	2026-05-05 10:25:39.000000000 +0000
+++ openssh-10.0p1/debian/changelog	2026-05-06 12:33:32.000000000 +0000
@@ -1,3 +1,10 @@
+openssh (1:10.0p1-7+deb13u4) trixie; urgency=medium
+
+  * Don't reuse c->isatty for signalling that the remote channel has a tty
+    attached (closes: #1135798).
+
+ -- Colin Watson <cjwatson@debian.org>  Wed, 06 May 2026 13:33:32 +0100
+
 openssh (1:10.0p1-7+deb13u3) trixie; urgency=medium
 
   * Backport minor security fixes from 10.3p1:
diff -Nru openssh-10.0p1/debian/patches/avoid-channel-isatty-overloading.patch openssh-10.0p1/debian/patches/avoid-channel-isatty-overloading.patch
--- openssh-10.0p1/debian/patches/avoid-channel-isatty-overloading.patch	1970-01-01 00:00:00.000000000 +0000
+++ openssh-10.0p1/debian/patches/avoid-channel-isatty-overloading.patch	2026-05-06 12:33:32.000000000 +0000
@@ -0,0 +1,67 @@
+From aa43d30c43eee0901aa8e3993b47c712e4d4ae16 Mon Sep 17 00:00:00 2001
+From: "djm@openbsd.org" <djm@openbsd.org>
+Date: Tue, 7 Oct 2025 08:02:32 +0000
+Subject: upstream: don't reuse c->isatty for signalling that the remote
+ channel
+
+has a tty attached as this causes side effects, e.g. in channel_handle_rfd().
+bz3872
+
+ok markus@
+
+OpenBSD-Commit-ID: 4cd8a9f641498ca6089442e59bad0fd3dcbe85f8
+
+Origin: upstream, https://anongit.mindrot.org/openssh.git/commit/?id=979cbc2c1e0c9cd2f60d45d8d1da69519ec425cf
+Bug-Debian: https://bugs.debian.org/1135798
+Last-Update: 2026-05-06
+
+Patch-Name: avoid-channel-isatty-overloading.patch
+---
+ channels.c | 7 ++++---
+ channels.h | 1 +
+ 2 files changed, 5 insertions(+), 3 deletions(-)
+
+diff --git a/channels.c b/channels.c
+index 1a8f8ad4a..1fe9710a4 100644
+--- a/channels.c
++++ b/channels.c
+@@ -368,7 +368,7 @@ channel_classify(struct ssh *ssh, Channel *c)
+ {
+ 	struct ssh_channels *sc = ssh->chanctxt;
+ 	const char *type = c->xctype == NULL ? c->ctype : c->xctype;
+-	const char *classifier = c->isatty ?
++	const char *classifier = (c->isatty || c->remote_has_tty) ?
+ 	    sc->bulk_classifier_tty : sc->bulk_classifier_notty;
+ 
+ 	c->bulk = type != NULL && match_pattern_list(type, classifier, 0) == 1;
+@@ -572,7 +572,7 @@ channel_new(struct ssh *ssh, char *ctype, int type, int rfd, int wfd, int efd,
+ void
+ channel_set_tty(struct ssh *ssh, Channel *c)
+ {
+-	c->isatty = 1;
++	c->remote_has_tty = 1;
+ 	channel_classify(ssh, c);
+ }
+ 
+@@ -1063,7 +1063,8 @@ channel_format_status(const Channel *c)
+ 	    c->rfd, c->wfd, c->efd, c->sock, c->ctl_chan,
+ 	    c->have_ctl_child_id ? "c" : "nc", c->ctl_child_id,
+ 	    c->io_want, c->io_ready,
+-	    c->isatty ? "T" : "", c->bulk ? "B" : "I");
++	    c->isatty ? "T" : (c->remote_has_tty ? "RT" : ""),
++	    c->bulk ? "B" : "I");
+ 	return ret;
+ }
+ 
+diff --git a/channels.h b/channels.h
+index a84c9dfdd..b33db8d8e 100644
+--- a/channels.h
++++ b/channels.h
+@@ -145,6 +145,7 @@ struct Channel {
+ 	int     ctl_chan;	/* control channel (multiplexed connections) */
+ 	uint32_t ctl_child_id;	/* child session for mux controllers */
+ 	int	have_ctl_child_id;/* non-zero if ctl_child_id is valid */
++	int     remote_has_tty;	/* remote side has a tty */
+ 	int     isatty;		/* rfd is a tty */
+ #ifdef _AIX
+ 	int     wfd_isatty;	/* wfd is a tty */
diff -Nru openssh-10.0p1/debian/patches/series openssh-10.0p1/debian/patches/series
--- openssh-10.0p1/debian/patches/series	2026-05-05 10:25:39.000000000 +0000
+++ openssh-10.0p1/debian/patches/series	2026-05-06 12:33:32.000000000 +0000
@@ -40,3 +40,4 @@
 ipqos-deprecate-tos-keywords.patch
 ipqos-set-at-runtime.patch
 ipqos-set-extended-type.patch
+avoid-channel-isatty-overloading.patch