--- Begin Message ---
- To: Debian Bug Tracking System <submit@bugs.debian.org>
- Subject: openssh-client: ssh client with enabled compression wrong debug output
- From: Sven-Haegar Koch <haegar@sdinet.de>
- Date: Fri, 04 Sep 2015 02:28:39 +0200
- Message-id: <20150904002839.30932.86572.reportbug@aurora.sdinet.de>
Package: openssh-client
Version: 1:6.9p1-1
Severity: minor
Tags: upstream
Dear Maintainer,
When running ssh with verbose output and enabled compression
(ssh -v -C foo@bar.example) after the exit of the remote program the ssh client
is supposed to output the number of transferred bytes.
Connection to bar.example closed.
Transferred: sent 232132, received 843904 bytes, in 7006.0 seconds
Bytes per second: sent 33.1, received 120.5
debug1: Exit status 0
debug1: compress outgoing: raw data 132597, compressed 53344, factor 0.40
debug1: compress incoming: raw data 53344, compressed 132597, factor 2.49
At the bottom the compress incoming line just repeats the values of the
previous outgoing line in different order, instead of displaying the real
values.
Greetings
Haegar
-- System Information:
Debian Release: stretch/sid
APT prefers unstable
APT policy: (500, 'unstable'), (500, 'stable'), (101, 'experimental')
Architecture: i386 (x86_64)
Foreign Architectures: amd64
Kernel: Linux 3.16.0-4-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Init: sysvinit (via /sbin/init)
Versions of packages openssh-client depends on:
ii adduser 3.113+nmu3
ii dpkg 1.18.2
ii libc6 2.19-19
ii libedit2 3.1-20150325-1
ii libgssapi-krb5-2 1.13.2+dfsg-2
ii libselinux1 2.3-2+b1
ii libssl1.0.0 1.0.2d-1
ii passwd 1:4.2-3
ii zlib1g 1:1.2.8.dfsg-2+b1
Versions of packages openssh-client recommends:
ii xauth 1:1.0.9-1
Versions of packages openssh-client suggests:
pn keychain <none>
pn libpam-ssh <none>
pn monkeysphere <none>
ii ssh-askpass 1:1.2.4.1-9
-- Configuration Files:
/etc/ssh/ssh_config changed [not included]
-- no debconf information
--- End Message ---
--- Begin Message ---
Source: openssh
Source-Version: 1:7.5p1-5
We believe that the bug you reported is fixed in the latest version of
openssh, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 797964@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Colin Watson <cjwatson@debian.org> (supplier of updated openssh package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Sun, 18 Jun 2017 12:08:42 +0100
Source: openssh
Binary: openssh-client openssh-client-ssh1 openssh-server openssh-sftp-server ssh ssh-krb5 ssh-askpass-gnome openssh-client-udeb openssh-server-udeb
Architecture: source
Version: 1:7.5p1-5
Distribution: unstable
Urgency: medium
Maintainer: Debian OpenSSH Maintainers <debian-ssh@lists.debian.org>
Changed-By: Colin Watson <cjwatson@debian.org>
Description:
openssh-client - secure shell (SSH) client, for secure access to remote machines
openssh-client-ssh1 - secure shell (SSH) client for legacy SSH1 protocol
openssh-client-udeb - secure shell client for the Debian installer (udeb)
openssh-server - secure shell (SSH) server, for secure access from remote machines
openssh-server-udeb - secure shell server for the Debian installer (udeb)
openssh-sftp-server - secure shell (SSH) sftp server module, for SFTP access from remot
ssh - secure shell client and server (metapackage)
ssh-askpass-gnome - interactive X program to prompt users for a passphrase for ssh-ad
ssh-krb5 - secure shell client and server (transitional package)
Closes: 407754 797964
Changes:
openssh (1:7.5p1-5) unstable; urgency=medium
.
* Upload to unstable.
* Fix syntax error in debian/copyright.
.
openssh (1:7.5p1-4) experimental; urgency=medium
.
* Drop README.Debian section on privilege separation, as it's no longer
optional.
* Only call "initctl set-env" from agent-launch if $UPSTART_SESSION is set
(LP: #1689299).
* Fix incoming compression statistics (thanks, Russell Coker; closes:
#797964).
* Relicense debian/* under a two-clause BSD licence for bidirectional
compatibility with upstream, with permission from Matthew Vernon and
others.
.
openssh (1:7.5p1-3) experimental; urgency=medium
.
* Fix debian/adjust-openssl-dependencies to account for preferring
libssl1.0-dev.
* Adjust OpenSSL dependencies for openssh-client-ssh1 too.
* Fix purge failure when /etc/ssh has already somehow been removed
(LP: #1682817).
* Ensure that /etc/ssh exists before trying to create /etc/ssh/sshd_config
(LP: #1685022).
.
openssh (1:7.5p1-2) experimental; urgency=medium
.
* Add missing header on Linux/s390.
* Fix syntax error on Linux/X32.
.
openssh (1:7.5p1-1) experimental; urgency=medium
.
* New upstream release (https://www.openssh.com/txt/release-7.5):
- SECURITY: ssh(1), sshd(8): Fix weakness in CBC padding oracle
countermeasures that allowed a variant of the attack fixed in OpenSSH
7.3 to proceed. Note that the OpenSSH client disables CBC ciphers by
default, sshd offers them as lowest-preference options and will remove
them by default entirely in the next release.
- This release deprecates the sshd_config UsePrivilegeSeparation option,
thereby making privilege separation mandatory (closes: #407754).
- The format of several log messages emitted by the packet code has
changed to include additional information about the user and their
authentication state. Software that monitors ssh/sshd logs may need
to account for these changes.
- ssh(1), sshd(8): Support "=-" syntax to easily remove methods from
algorithm lists, e.g. Ciphers=-*cbc.
- sshd(1): Fix NULL dereference crash when key exchange start messages
are sent out of sequence.
- ssh(1), sshd(8): Allow form-feed characters to appear in configuration
files.
- sshd(8): Fix regression in OpenSSH 7.4 support for the server-sig-algs
extension, where SHA2 RSA signature methods were not being correctly
advertised.
- ssh(1), ssh-keygen(1): Fix a number of case-sensitivity bugs in
known_hosts processing.
- ssh(1): Allow ssh to use certificates accompanied by a private key
file but no corresponding plain *.pub public key.
- ssh(1): When updating hostkeys using the UpdateHostKeys option, accept
RSA keys if HostkeyAlgorithms contains any RSA keytype. Previously,
ssh could ignore RSA keys when only the ssh-rsa-sha2-* methods were
enabled in HostkeyAlgorithms and not the old ssh-rsa method.
- ssh(1): Detect and report excessively long configuration file lines.
- Merge a number of fixes found by Coverity and reported via Redhat and
FreeBSD. Includes fixes for some memory and file descriptor leaks in
error paths.
- ssh(1), sshd(8): When logging long messages to stderr, don't truncate
"\r\n" if the length of the message exceeds the buffer.
- ssh(1): Fully quote [host]:port in generated ProxyJump/-J command-
line; avoid confusion over IPv6 addresses and shells that treat square
bracket characters specially.
- Fix various fallout and sharp edges caused by removing SSH protocol 1
support from the server, including the server banner string being
incorrectly terminated with only \n (instead of \r\n), confusing error
messages from ssh-keyscan, and a segfault in sshd if protocol v.1 was
enabled for the client and sshd_config contained references to legacy
keys.
- ssh(1), sshd(8): Free fd_set on connection timeout.
- sftp(1): Fix division by zero crash in "df" output when server returns
zero total filesystem blocks/inodes.
- ssh(1), ssh-add(1), ssh-keygen(1), sshd(8): Translate OpenSSL errors
encountered during key loading to more meaningful error codes.
- ssh-keygen(1): Sanitise escape sequences in key comments sent to
printf but preserve valid UTF-8 when the locale supports it.
- ssh(1), sshd(8): Return reason for port forwarding failures where
feasible rather than always "administratively prohibited".
- sshd(8): Fix deadlock when AuthorizedKeysCommand or
AuthorizedPrincipalsCommand produces a lot of output and a key is
matched early.
- ssh(1): Fix typo in ~C error message for bad port forward
cancellation.
- ssh(1): Show a useful error message when included config files can't
be opened.
- sshd_config(5): Repair accidentally-deleted mention of %k token in
AuthorizedKeysCommand.
- sshd(8): Remove vestiges of previously removed LOGIN_PROGRAM.
- ssh-agent(1): Relax PKCS#11 whitelist to include libexec and common
32-bit compatibility library directories.
- sftp-client(1): Fix non-exploitable integer overflow in SSH2_FXP_NAME
response handling.
- ssh-agent(1): Fix regression in 7.4 of deleting PKCS#11-hosted keys.
It was not possible to delete them except by specifying their full
physical path.
- sshd(8): Avoid sandbox errors for Linux S390 systems using an ICA
crypto coprocessor.
- sshd(8): Fix non-exploitable weakness in seccomp-bpf sandbox arg
inspection.
- ssh-keygen(1), ssh(1), sftp(1): Fix output truncation for various that
contain non-printable characters where the codeset in use is ASCII.
Checksums-Sha1:
b04a282b907cc0626636d085cbaed106cb029ee3 2892 openssh_7.5p1-5.dsc
a840646cc73e2a944059cdaae613f8b9549678a8 158776 openssh_7.5p1-5.debian.tar.xz
a3ca5ffc61a4619c4c017bef919b9c72df884fce 13528 openssh_7.5p1-5_source.buildinfo
Checksums-Sha256:
f39775e585cb084eb5f477b5d34d143635f03398491a220513c9879b8d87a92b 2892 openssh_7.5p1-5.dsc
f23a12c7e5f2d8dabfa55e310ef7dfcbe94d15464470681ea114f022cdd842c3 158776 openssh_7.5p1-5.debian.tar.xz
656411e101d1586354ac9726d95cff5c4743c4f5f3e0a71d9fa607278d87e000 13528 openssh_7.5p1-5_source.buildinfo
Files:
a991857086599a0c65b2697e5f73ed58 2892 net standard openssh_7.5p1-5.dsc
be3034e764fb9c648fbb2023954e4878 158776 net standard openssh_7.5p1-5.debian.tar.xz
017713a31ab70964adc457d439d03106 13528 net standard openssh_7.5p1-5_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEErApP8SYRtvzPAcEROTWH2X2GUAsFAllGX2EACgkQOTWH2X2G
UAsGPw//WLQOsu6QuiFCJMCzZ5m6ur4dNoDDFSobCpPeYfYcGBe6Ejb1eXKsrI1q
d9ftmP8qWfKTtUMwGyEfhfL+VGDjlY+wMYu++O6X+AvJmW/NQLg9gChcXqGjlSt9
PYlm7G/ejEMVOkm12Ay+m86Yjx5/PdMecmrBecg0e/irtprjNOVD1U1m9sb+vVOd
3Z/flmBhsq891LH7M3URTFRtk80C1jpz+EwI4jg2Hz+1eIItAf47MTi4rkRAOZbq
jz/EC4fnCCSZuIPClofhVkYiEJD25NDDMQ3lylHSyQJoNF/RNMZaUoFxsxDEBWXP
WumdQZKYX6YhDNzijQvM3C7aEBjkYNbN/XMOjq5fAG3Jdhrj28jmzM7mrfQdcREV
fgda7q1YxEoLYy+buew9kn38xGvCT4TQArWx27jv2LUX0nDqI2DieMoS0YLwHy7k
4pKgGZxznz/8vfSwNaEzhreDJTCeNTMsamqcEsQRCCrpY+gS/3pGjNY2WcCcWHyd
vsR8xjvU+tY2TrxuSDUwX6riHdO+l56U3lhzlcsiMrq3aqHJSdTifTx9OnbgN6fy
bb0zBVj1Tdr4pSwUYDZ3dJLmhVUJdyb+DTkrNfch8ns4NcY6UgRbVHIXldMe0mX/
Etv1eq0vopT+XSat6dKxqwY7dJIXkRT3ClluwN0q69ZJX8XYQj8=
=/Z34
-----END PGP SIGNATURE-----
--- End Message ---