The issue seems to be that the CVE fixes changed the path interpretation to be literal.
See https://git.libssh.org/projects/libssh.git/commit/src/scp.c?id=3830c7ae6eec751b7618d3fc159cb5bb3c8806a6 If that's intentional, and I think it is, then I will need to change this behavior in X2Go Client directly instead and this bug report would be invalid. -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to libssh in Ubuntu. https://bugs.launchpad.net/bugs/1856795 Title: X2Go Client broken by 0.8.0~20170825.94fa1e38-1ubuntu0.5 Status in libssh package in Ubuntu: Confirmed Bug description: The recent CVE fix broke SCP support in libssh, which X2Go Client (x2goclient) relies on. Sessions now fail with error messages such as "SCP: Warning: status code 1 received: scp: ~username/.x2go/ssh: No such file or directory\n". (Also note the literal "\n" there, but I guess we don't really need to care about that.) The previous version worked fine and rolling the libssh4 package back fixes this issue, but also leaves users vulnerable to the fixed security issue in its scp implementation. I've been looking at the debdiff, but spotting the actual changes is very difficult due to the reformatting that was done at the same time. This degraded the patch(es) into one big blob. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libssh/+bug/1856795/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : [email protected] Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
