Debian Bug report logs - #407088
openssh-client: scp output alignment bug with UTF-8/multibyte sequences

Reply or subscribe to this bug.

Toggle useless messages

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Vincent Lefevre <vincent@vinc17.org>

To: Debian Bug Tracking System <submit@bugs.debian.org>

Subject: openssh-client: scp output alignment bug with UTF-8/multibyte sequences

Date: Tue, 16 Jan 2007 04:00:07 +0100

Package: openssh-client
Version: 1:4.3p2-8
Severity: minor

In UTF-8 locales:

$ scp é z localhost:/tmp
é                                            100%    0     0.0KB/s   00:00    
z                                             100%    0     0.0KB/s   00:00    

It seems that scp thinks that "é" has two characters since it has
two bytes in UTF-8.

-- System Information:
Debian Release: 4.0
  APT prefers unstable
  APT policy: (500, 'unstable'), (500, 'testing'), (500, 'stable')
Architecture: i386 (i686)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.6.18-3-686-bigmem
Locale: LANG=POSIX, LC_CTYPE=en_US.ISO8859-1 (charmap=ISO-8859-1)

Versions of packages openssh-client depends on:
ii  adduser  3.101                           Add and remove users and groups
ii  debconf  1.5.11                          Debian configuration management sy
ii  dpkg     1.13.25                         package maintenance system for Deb
ii  libc6    2.3.6.ds1-10                    GNU C Library: Shared libraries
ii  libcomer 1.39+1.40-WIP-2006.11.14+dfsg-1 common error description library
ii  libedit2 2.9.cvs.20050518-2.2            BSD editline and history libraries
ii  libkrb53 1.4.4-6                         MIT Kerberos runtime libraries
ii  libncurs 5.5-5                           Shared libraries for terminal hand
ii  libssl0. 0.9.8c-4                        SSL shared libraries
ii  passwd   1:4.0.18.1-6                    change and administer password and
ii  zlib1g   1:1.2.3-13                      compression library - runtime

openssh-client recommends no packages.

-- no debconf information

Message #20 received at 407088-close@bugs.debian.org (full text, mbox, reply):

From: Colin Watson <cjwatson@debian.org>

To: 407088-close@bugs.debian.org

Subject: Bug#407088: fixed in openssh 1:7.3p1-1

Date: Sun, 07 Aug 2016 22:48:14 +0000

Source: openssh
Source-Version: 1:7.3p1-1

We believe that the bug you reported is fixed in the latest version of
openssh, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 407088@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Colin Watson <cjwatson@debian.org> (supplier of updated openssh package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Sun, 07 Aug 2016 22:45:26 +0100
Source: openssh
Binary: openssh-client openssh-client-ssh1 openssh-server openssh-sftp-server ssh ssh-krb5 ssh-askpass-gnome openssh-client-udeb openssh-server-udeb
Architecture: source
Version: 1:7.3p1-1
Distribution: unstable
Urgency: medium
Maintainer: Debian OpenSSH Maintainers <debian-ssh@lists.debian.org>
Changed-By: Colin Watson <cjwatson@debian.org>
Description:
 openssh-client - secure shell (SSH) client, for secure access to remote machines
 openssh-client-ssh1 - secure shell (SSH) client for legacy SSH1 protocol
 openssh-client-udeb - secure shell client for the Debian installer (udeb)
 openssh-server - secure shell (SSH) server, for secure access from remote machines
 openssh-server-udeb - secure shell server for the Debian installer (udeb)
 openssh-sftp-server - secure shell (SSH) sftp server module, for SFTP access from remot
 ssh        - secure shell client and server (metapackage)
 ssh-askpass-gnome - interactive X program to prompt users for a passphrase for ssh-ad
 ssh-krb5   - secure shell client and server (transitional package)
Closes: 337041 396295 407088 536031
Changes:
 openssh (1:7.3p1-1) unstable; urgency=medium
 .
   * New upstream release (http://www.openssh.com/txt/release-7.3):
     - SECURITY: sshd(8): Mitigate a potential denial-of-service attack
       against the system's crypt(3) function via sshd(8).  An attacker could
       send very long passwords that would cause excessive CPU use in
       crypt(3).  sshd(8) now refuses to accept password authentication
       requests of length greater than 1024 characters.
     - SECURITY: ssh(1), sshd(8): Fix observable timing weakness in the CBC
       padding oracle countermeasures.  Note that CBC ciphers are disabled by
       default and only included for legacy compatibility.
     - SECURITY: ssh(1), sshd(8): Improve operation ordering of MAC
       verification for Encrypt-then-MAC (EtM) mode transport MAC algorithms
       to verify the MAC before decrypting any ciphertext.  This removes the
       possibility of timing differences leaking facts about the plaintext,
       though no such leakage has been observed.
     - ssh(1): Add a ProxyJump option and corresponding -J command-line flag
       to allow simplified indirection through a one or more SSH bastions or
       "jump hosts".
     - ssh(1): Add an IdentityAgent option to allow specifying specific agent
       sockets instead of accepting one from the environment.
     - ssh(1): Allow ExitOnForwardFailure and ClearAllForwardings to be
       optionally overridden when using ssh -W.
     - ssh(1), sshd(8): Implement support for the IUTF8 terminal mode as per
       draft-sgtatham-secsh-iutf8-00 (closes: #337041, LP: #394570).
     - ssh(1), sshd(8): Add support for additional fixed Diffie-Hellman 2K,
       4K and 8K groups from draft-ietf-curdle-ssh-kex-sha2-03.
     - ssh-keygen(1), ssh(1), sshd(8): Support SHA256 and SHA512 RSA
       signatures in certificates.
     - ssh(1): Add an Include directive for ssh_config(5) files (closes:
       #536031).
     - ssh(1): Permit UTF-8 characters in pre-authentication banners sent
       from the server.
     - ssh(1), sshd(8): Reduce the syslog level of some relatively common
       protocol events from LOG_CRIT.
     - sshd(8): Refuse AuthenticationMethods="" in configurations and accept
       AuthenticationMethods=any for the default behaviour of not requiring
       multiple authentication.
     - sshd(8): Remove obsolete and misleading "POSSIBLE BREAK-IN ATTEMPT!"
       message when forward and reverse DNS don't match.
     - ssh(1): Deduplicate LocalForward and RemoteForward entries to fix
       failures when both ExitOnForwardFailure and hostname canonicalisation
       are enabled.
     - sshd(8): Remove fallback from moduli to obsolete "primes" file that
       was deprecated in 2001 (LP: #1528251).
     - sshd_config(5): Correct description of UseDNS: it affects ssh hostname
       processing for authorized_keys, not known_hosts.
     - sshd(8): Send ClientAliveInterval pings when a time-based RekeyLimit
       is set; previously keepalive packets were not being sent.
     - sshd(8): Whitelist more architectures to enable the seccomp-bpf
       sandbox.
     - scp(1): Respect the local user's LC_CTYPE locale (closes: #396295).
     - Take character display widths into account for the progressmeter
       (closes: #407088).
Checksums-Sha1:
 1696e0c90be02c5ab37c283422be50c5c9c3de67 2884 openssh_7.3p1-1.dsc
 bfade84283fcba885e2084343ab19a08c7d123a5 1522617 openssh_7.3p1.orig.tar.gz
 e384b5ef8d31c23bdab9cdd216284500ffc1f942 153400 openssh_7.3p1-1.debian.tar.xz
Checksums-Sha256:
 61e8414cb2ed2a72ee15053511d3a2f55ace4b8fb76fff2d901ec67d4a1cf5ba 2884 openssh_7.3p1-1.dsc
 3ffb989a6dcaa69594c3b550d4855a5a2e1718ccdde7f5e36387b424220fbecc 1522617 openssh_7.3p1.orig.tar.gz
 a9a96b33427697afb344d6c82078abc54da411f108b19949c9f3378b947b4971 153400 openssh_7.3p1-1.debian.tar.xz
Files:
 f4140e6c58f897bebd9db969be5c63fc 2884 net standard openssh_7.3p1-1.dsc
 dfadd9f035d38ce5d58a3bf130b86d08 1522617 net standard openssh_7.3p1.orig.tar.gz
 28764a8e122da612b35b36bcbf23b2cf 153400 net standard openssh_7.3p1-1.debian.tar.xz

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
Comment: Colin Watson <cjwatson@debian.org> -- Debian developer

iQIVAwUBV6etsTk1h9l9hlALAQiPUQ/+IC9t/bgqKFE73f34nVZZ1zuONs4+ykn6
7asE52PNycFrZ7mt3vvxrrSgDAh5ixJhWKZQP6tfhX6d4QMi3hFM0MNNpVF+eqE3
FynWWwqpkT/wEenj88hngmHSZb9heYCtXri6D1AzpKYbsQFEIQkMPO48mllxBmbj
aQVjm5UKbfZrFjrayNE4XC0Aqkhlc2HOPKTtNexZb4xantsAkJcyE/oDztI8rbcn
56cTxiMpsHmJ8dlO6tvZTYwOqwso7S+H/A3u3923mKfswyrHpIjCYjq9eAQuDlCD
mjSUWdQIW0YlQ/Hfws2lX8mUopw8eKwCWovrF0y/XHZTXqtU+3jkWlliZCjJYh0o
6u9FntqHlP7nuVLsw8Ek/4QfB2uvuckMBaAt+2EoWtCJfvS/1SxyHkXSXpGPpLhO
WtmwYVLRlv0a5adUXLgbAPJKDh6k2XTXpyoif4gZHU+zfLCHt8PE98heZCCou7QN
GN7H/WuF6LxooWqUv7fERyjG5wAGt3DH+aUoExPY++uovLlo7jLE94XtSyEV67yL
Qa3Ek57IBXaMhMGLJmV5v/Ut5xRd58YuCvDIGsFqwTTKfjzXGO05qLqgUogJftgJ
JEGXDqSwUplEaQUzOR86CGKXeNcUMRe2RkVbBqj7bxguL6/NI5rf7DMtApqiTlgx
UT1nfn54N9M=
=DYzz
-----END PGP SIGNATURE-----

Message #29 received at 407088@bugs.debian.org (full text, mbox, reply):

From: Vincent Lefevre <vincent@vinc17.net>

To: Colin Watson <cjwatson@debian.org>

Cc: 407088@bugs.debian.org

Subject: Re: Bug#407088: fixed in openssh 1:7.3p1-1

Date: Mon, 8 Aug 2016 15:50:33 +0200

Control: reopen -1
Control: found -1 1:7.3p1-1

On 2016-08-07 22:48:14 +0000, Colin Watson wrote:
> Source: openssh
> Source-Version: 1:7.3p1-1
> 
> We believe that the bug you reported is fixed in the latest version of
> openssh, which is due to be installed in the Debian FTP archive.
[...]
>      - Take character display widths into account for the progressmeter
>        (closes: #407088).
[...]

No, it is not fixed. After upgrading and restarting sshd (this should
not be necessary, but just to make sure it wasn't related to this):

cventin:~> scp é z localhost:/tmp
Connected to cventin (from 127.0.0.1)
é                                            100%    0     0.0KB/s   00:00    
z                                             100%  486     1.3MB/s   00:00    

And note that this is not related to the character display width,
but apparently to the number of bytes taken by the character.

cventin:~> locale
LANG=POSIX
LANGUAGE=
LC_CTYPE=en_US.UTF-8
LC_NUMERIC="POSIX"
LC_TIME=en_DK
LC_COLLATE=POSIX
LC_MONETARY="POSIX"
LC_MESSAGES="POSIX"
LC_PAPER="POSIX"
LC_NAME="POSIX"
LC_ADDRESS="POSIX"
LC_TELEPHONE="POSIX"
LC_MEASUREMENT="POSIX"
LC_IDENTIFICATION="POSIX"
LC_ALL=

-- 
Vincent Lefèvre <vincent@vinc17.net> - Web: <https://www.vinc17.net/>
100% accessible validated (X)HTML - Blog: <https://www.vinc17.net/blog/>
Work: CR INRIA - computer arithmetic / AriC project (LIP, ENS-Lyon)

Send a report that this bug log contains spam.