--- Begin Message ---
- To: Debian Bug Tracking System <submit@bugs.debian.org>
- Subject: openssh-server: scp copies filenames with extended characters in the wrong character set, or sshd does not know about local locale for filenames
- From: Wouter Van Hemel <debian@publica.duodecim.org>
- Date: Tue, 31 Oct 2006 02:08:54 +0200
- Message-id: <20061031000854.4435.42518.reportbug@senta.domo.duodecim.org>
Package: openssh-server
Version: 1:4.3p2-5.1
Severity: minor
If you copy files from one system to another with scp, the filenames don't
always end up in the expected character set. For instance, when files are
copied from a iso-8859-(1/15) locale machine to a machine with UTF-8
locale, the filenames show up unreadable to local console and X programs.
The openssh server probably needs to be aware of the local locale; but
that will probably not solve the case where one user's locale differs from
the system locale, unless the character sets happen to be rather compatible.
Am I missing an easy way to make sure filesnames are stored with local
locale settings (in non-interactive login sessions such as scp)?
-- System Information:
Debian Release: testing/unstable
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: i386 (i686)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.18
Locale: LANG=C, LC_CTYPE=nl_BE.UTF-8 (charmap=UTF-8)
Versions of packages openssh-server depends on:
ii adduser 3.99 Add and remove users and groups
ii debconf 1.5.7 Debian configuration management sy
ii dpkg 1.13.24 package maintenance system for Deb
ii libc6 2.3.6.ds1-7 GNU C Library: Shared libraries
ii libcomer 1.39+1.40-WIP-2006.10.02+dfsg-2 common error description library
ii libkrb53 1.4.4-3 MIT Kerberos runtime libraries
ii libpam-m 0.79-4 Pluggable Authentication Modules f
ii libpam-r 0.79-4 Runtime support for the PAM librar
ii libpam0g 0.79-4 Pluggable Authentication Modules l
ii libselin 1.32-2 SELinux shared libraries
ii libssl0. 0.9.8c-3 SSL shared libraries
ii libwrap0 7.6.dbs-11 Wietse Venema's TCP wrappers libra
ii openssh- 1:4.3p2-5.1 Secure shell client, an rlogin/rsh
ii zlib1g 1:1.2.3-13 compression library - runtime
openssh-server recommends no packages.
-- debconf information:
ssh/insecure_rshd:
ssh/insecure_telnetd:
ssh/new_config: true
* ssh/use_old_init_script: true
ssh/encrypted_host_key_but_no_keygen:
ssh/disable_cr_auth: false
--- End Message ---
--- Begin Message ---
Source: openssh
Source-Version: 1:7.3p1-1
We believe that the bug you reported is fixed in the latest version of
openssh, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 396295@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Colin Watson <cjwatson@debian.org> (supplier of updated openssh package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Sun, 07 Aug 2016 22:45:26 +0100
Source: openssh
Binary: openssh-client openssh-client-ssh1 openssh-server openssh-sftp-server ssh ssh-krb5 ssh-askpass-gnome openssh-client-udeb openssh-server-udeb
Architecture: source
Version: 1:7.3p1-1
Distribution: unstable
Urgency: medium
Maintainer: Debian OpenSSH Maintainers <debian-ssh@lists.debian.org>
Changed-By: Colin Watson <cjwatson@debian.org>
Description:
openssh-client - secure shell (SSH) client, for secure access to remote machines
openssh-client-ssh1 - secure shell (SSH) client for legacy SSH1 protocol
openssh-client-udeb - secure shell client for the Debian installer (udeb)
openssh-server - secure shell (SSH) server, for secure access from remote machines
openssh-server-udeb - secure shell server for the Debian installer (udeb)
openssh-sftp-server - secure shell (SSH) sftp server module, for SFTP access from remot
ssh - secure shell client and server (metapackage)
ssh-askpass-gnome - interactive X program to prompt users for a passphrase for ssh-ad
ssh-krb5 - secure shell client and server (transitional package)
Closes: 337041 396295 407088 536031
Changes:
openssh (1:7.3p1-1) unstable; urgency=medium
.
* New upstream release (http://www.openssh.com/txt/release-7.3):
- SECURITY: sshd(8): Mitigate a potential denial-of-service attack
against the system's crypt(3) function via sshd(8). An attacker could
send very long passwords that would cause excessive CPU use in
crypt(3). sshd(8) now refuses to accept password authentication
requests of length greater than 1024 characters.
- SECURITY: ssh(1), sshd(8): Fix observable timing weakness in the CBC
padding oracle countermeasures. Note that CBC ciphers are disabled by
default and only included for legacy compatibility.
- SECURITY: ssh(1), sshd(8): Improve operation ordering of MAC
verification for Encrypt-then-MAC (EtM) mode transport MAC algorithms
to verify the MAC before decrypting any ciphertext. This removes the
possibility of timing differences leaking facts about the plaintext,
though no such leakage has been observed.
- ssh(1): Add a ProxyJump option and corresponding -J command-line flag
to allow simplified indirection through a one or more SSH bastions or
"jump hosts".
- ssh(1): Add an IdentityAgent option to allow specifying specific agent
sockets instead of accepting one from the environment.
- ssh(1): Allow ExitOnForwardFailure and ClearAllForwardings to be
optionally overridden when using ssh -W.
- ssh(1), sshd(8): Implement support for the IUTF8 terminal mode as per
draft-sgtatham-secsh-iutf8-00 (closes: #337041, LP: #394570).
- ssh(1), sshd(8): Add support for additional fixed Diffie-Hellman 2K,
4K and 8K groups from draft-ietf-curdle-ssh-kex-sha2-03.
- ssh-keygen(1), ssh(1), sshd(8): Support SHA256 and SHA512 RSA
signatures in certificates.
- ssh(1): Add an Include directive for ssh_config(5) files (closes:
#536031).
- ssh(1): Permit UTF-8 characters in pre-authentication banners sent
from the server.
- ssh(1), sshd(8): Reduce the syslog level of some relatively common
protocol events from LOG_CRIT.
- sshd(8): Refuse AuthenticationMethods="" in configurations and accept
AuthenticationMethods=any for the default behaviour of not requiring
multiple authentication.
- sshd(8): Remove obsolete and misleading "POSSIBLE BREAK-IN ATTEMPT!"
message when forward and reverse DNS don't match.
- ssh(1): Deduplicate LocalForward and RemoteForward entries to fix
failures when both ExitOnForwardFailure and hostname canonicalisation
are enabled.
- sshd(8): Remove fallback from moduli to obsolete "primes" file that
was deprecated in 2001 (LP: #1528251).
- sshd_config(5): Correct description of UseDNS: it affects ssh hostname
processing for authorized_keys, not known_hosts.
- sshd(8): Send ClientAliveInterval pings when a time-based RekeyLimit
is set; previously keepalive packets were not being sent.
- sshd(8): Whitelist more architectures to enable the seccomp-bpf
sandbox.
- scp(1): Respect the local user's LC_CTYPE locale (closes: #396295).
- Take character display widths into account for the progressmeter
(closes: #407088).
Checksums-Sha1:
1696e0c90be02c5ab37c283422be50c5c9c3de67 2884 openssh_7.3p1-1.dsc
bfade84283fcba885e2084343ab19a08c7d123a5 1522617 openssh_7.3p1.orig.tar.gz
e384b5ef8d31c23bdab9cdd216284500ffc1f942 153400 openssh_7.3p1-1.debian.tar.xz
Checksums-Sha256:
61e8414cb2ed2a72ee15053511d3a2f55ace4b8fb76fff2d901ec67d4a1cf5ba 2884 openssh_7.3p1-1.dsc
3ffb989a6dcaa69594c3b550d4855a5a2e1718ccdde7f5e36387b424220fbecc 1522617 openssh_7.3p1.orig.tar.gz
a9a96b33427697afb344d6c82078abc54da411f108b19949c9f3378b947b4971 153400 openssh_7.3p1-1.debian.tar.xz
Files:
f4140e6c58f897bebd9db969be5c63fc 2884 net standard openssh_7.3p1-1.dsc
dfadd9f035d38ce5d58a3bf130b86d08 1522617 net standard openssh_7.3p1.orig.tar.gz
28764a8e122da612b35b36bcbf23b2cf 153400 net standard openssh_7.3p1-1.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
Comment: Colin Watson <cjwatson@debian.org> -- Debian developer
iQIVAwUBV6etsTk1h9l9hlALAQiPUQ/+IC9t/bgqKFE73f34nVZZ1zuONs4+ykn6
7asE52PNycFrZ7mt3vvxrrSgDAh5ixJhWKZQP6tfhX6d4QMi3hFM0MNNpVF+eqE3
FynWWwqpkT/wEenj88hngmHSZb9heYCtXri6D1AzpKYbsQFEIQkMPO48mllxBmbj
aQVjm5UKbfZrFjrayNE4XC0Aqkhlc2HOPKTtNexZb4xantsAkJcyE/oDztI8rbcn
56cTxiMpsHmJ8dlO6tvZTYwOqwso7S+H/A3u3923mKfswyrHpIjCYjq9eAQuDlCD
mjSUWdQIW0YlQ/Hfws2lX8mUopw8eKwCWovrF0y/XHZTXqtU+3jkWlliZCjJYh0o
6u9FntqHlP7nuVLsw8Ek/4QfB2uvuckMBaAt+2EoWtCJfvS/1SxyHkXSXpGPpLhO
WtmwYVLRlv0a5adUXLgbAPJKDh6k2XTXpyoif4gZHU+zfLCHt8PE98heZCCou7QN
GN7H/WuF6LxooWqUv7fERyjG5wAGt3DH+aUoExPY++uovLlo7jLE94XtSyEV67yL
Qa3Ek57IBXaMhMGLJmV5v/Ut5xRd58YuCvDIGsFqwTTKfjzXGO05qLqgUogJftgJ
JEGXDqSwUplEaQUzOR86CGKXeNcUMRe2RkVbBqj7bxguL6/NI5rf7DMtApqiTlgx
UT1nfn54N9M=
=DYzz
-----END PGP SIGNATURE-----
--- End Message ---