From m.c.dixon@leeds.ac.uk Tue Oct 11 17:03:29 2016 Received: (at submit) by bugs.x2go.org; 11 Oct 2016 15:03:35 +0000 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on ymir.das-netzwerkteam.de X-Spam-Level: X-Spam-Status: No, score=0.8 required=3.0 tests=BAYES_50,SPF_HELO_PASS autolearn=ham version=3.3.2 Received: from localhost (localhost [127.0.0.1]) by ymir.das-netzwerkteam.de (Postfix) with ESMTP id 059BF3BCE1 for ; Tue, 11 Oct 2016 17:03:29 +0200 (CEST) X-Virus-Scanned: Debian amavisd-new at ymir.das-netzwerkteam.de Received: from ymir.das-netzwerkteam.de ([127.0.0.1]) by localhost (ymir.das-netzwerkteam.de [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id EQVmTkyu3z5p for ; Tue, 11 Oct 2016 17:03:22 +0200 (CEST) X-Greylist: delayed 2773 seconds by postgrey-1.34 at ymir.das-netzwerkteam.de; Tue, 11 Oct 2016 17:03:22 CEST Received: from mhost02h.leeds.ac.uk (mhost02h.leeds.ac.uk [129.11.77.151]) by ymir.das-netzwerkteam.de (Postfix) with ESMTPS id 47FC03BCDA for ; Tue, 11 Oct 2016 17:03:22 +0200 (CEST) Received: from mhost04c.leeds.ac.uk (mhost04c-smtps.leeds.ac.uk [129.11.76.129]) by mhost02h.leeds.ac.uk (8.14.4/8.14.4) with ESMTP id u9BEH8nQ023305 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Tue, 11 Oct 2016 15:17:08 +0100 Received: from isssun11.leeds.ac.uk (isssun11.leeds.ac.uk [129.11.152.8]) (authenticated bits=0) by mhost04c.leeds.ac.uk (8.14.9/8.14.9) with ESMTP id u9BEH78b001491 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Tue, 11 Oct 2016 15:17:08 +0100 (BST) Date: Tue, 11 Oct 2016 15:17:07 +0100 (BST) From: Mark Dixon X-X-Sender: mark@bodgerer To: submit@bugs.x2go.org Subject: xterm's shell started from x2goclient has wrong PATH Message-ID: User-Agent: Alpine 2.20 (LRH 67 2015-01-07) MIME-Version: 1.0 Content-Type: text/plain; format=flowed; charset=US-ASCII X-UOL-RateLimit: userRateLimit[a:m.c.dixon@leeds.ac.uk,c:4.794119074013803,l:500.0] Package: x2goclient Version: 4.0.5.1 When an xterm is started via the x2goclient (either using the Published Applications feature, or asking for a 'Single application' of 'Terminal'), the PATH environment variable in the environment given to the user is not set as expected. What I see from the xterm's shell: $ echo $PATH /usr/local/bin:/usr/bin:/bin:/opt/puppetlabs/bin:/apps/bin What I see from an ordinary ssh login: $ echo $PATH /apps/mpi/bin:/apps/developers/libraries/openmpi/2.0.0/1/intel-16.0.2/bin:/apps/developers/compilers/intel/16.0.2/1/default/compilers_and_libraries_2016.2.181/linux/bin/intel64:/apps/developers/compilers/intel/16.0.2/1/default/debugger_2016/gdb/intel64_mic/bin:/usr/lib64/qt-3.3/bin:/usr/local/bin:/usr/bin:/usr/local/sbin:/usr/sbin:/opt/puppetlabs/bin:/apps/bin This seems to be triggered by the fix for bug #336 (commit 4eb1fd1), which introduced the following characters into the launch commands in src/sshprocess.cpp: export PATH=\"/usr/local/bin:/usr/bin:/bin\"; This causes a problem because the login scripts are sourced both before and after the PATH is overridden. The way that some ordinary login scripts are written behave badly in this situation - here are some examples on our CentOS 7 system: Example 1, /etc/profile.d/qt.sh (from OS package qt3-3.3.8b-51.el7.x86_64) contains: # Qt initialization script (sh) # In multilib environments there is a preferred architecture, 64 bit over 32 bit in x86_64, # ppc64. When a conflict is found between two packages corresponding with different arches, # the installed file is the one from the preferred arch. This is very common for executables # in /usr/bin, for example. If the file /usr/bin/foo is found in an x86_64 package and in # an i386 package, the executable from x86_64 will be installe if [ -z "${QTDIR}" ]; then case `uname -m` in x86_64 | ia64 | s390x | ppc64) QT_PREFIXES="/usr/lib64/qt-3.3 /usr/lib/qt-3.3" ;; * ) QT_PREFIXES="/usr/lib/qt-3.3 /usr/lib64/qt-3.3" ;; esac for QTDIR in ${QT_PREFIXES} ; do test -d "${QTDIR}" && break done unset QT_PREFIXES if ! echo ${PATH} | /bin/grep -q $QTDIR/bin ; then PATH=$QTDIR/bin:${PATH} fi QTINC="$QTDIR/include" QTLIB="$QTDIR/lib" export QTDIR QTINC QTLIB PATH fi The first time this runs, PATH, QTDIR and the rest of the QT environment is set normally. PATH is then overridden by the x2go client. The second time this runs, $QTDIR is not a zero length string, so $QTDIR/bin is not added back to the PATH. This explains why /usr/lib64/qt-3.3/bin does not appear in xterm's bash PATH environment variable. Example 2, /etc/profile.d/modules.sh We have the 'module' command installed (http://modules.sourceforge.net/) and doing something like this: # Setup 'module' environment case "$0" in -bash|bash|*/bash) . /apps/Modules/default/init/bash ;; -ksh|ksh|*/ksh) . /apps/Modules/default/init/ksh ;; -sh|sh|*/sh) . /apps/Modules/default/init/sh ;; *) . /apps/Modules/default/init/sh ;; # default for scripts esac Followed by /etc/profile.d/zz_modules.sh with: # Load default module 'user' module load user The first time this runs, PATH, the rest of the module environment and the default module are set/loaded normally, including LOADEDMODULES (which keeps track of what modules are loaded). PATH is then overridden by the x2goclient. The second time this runs, modules.sh runs normally, but the module load command in zz_modules.sh doesn't do anything as LOADEDMODULES tells it that it has already loaded 'user'. PATH remains incorrect, although other environment variables (LD_LIBRARY_PATH, etc.) are correct. To be honest, I don't understand the logic of the bug that originally prompted the change, #336. If an attacker has access to the user's account on the remote system, there are endless possibilities for them to infiltrate the x2go client with arbitrary data. Additionally, the fix for #336 unexpectedly limits the number of places a system administrator is permitted to install x2go. Can someone help, please? Getting rid of overriding the server-side PATH in the client, or other solution, would allow us to offer x2go to our users, which would be really cool. Thanks, Mark From mikedep333@gmail.com Thu Mar 16 12:07:47 2017 Received: (at 1100) by bugs.x2go.org; 16 Mar 2017 11:07:47 +0000 X-Spam-Checker-Version: SpamAssassin 3.4.1 (2015-04-28) on ymir.das-netzwerkteam.de X-Spam-Level: * X-Spam-Status: No, score=1.2 required=3.0 tests=BAYES_50,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,FREEMAIL_FROM,RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL, RCVD_IN_SORBS_SPAM autolearn=no autolearn_force=no version=3.4.1 Received: from localhost (localhost [127.0.0.1]) by ymir.das-netzwerkteam.de (Postfix) with ESMTP id DAB065DAD0 for <1100@bugs.x2go.org>; Thu, 16 Mar 2017 12:07:46 +0100 (CET) X-Virus-Scanned: Debian amavisd-new at ymir.das-netzwerkteam.de Received: from ymir.das-netzwerkteam.de ([127.0.0.1]) by localhost (ymir.das-netzwerkteam.de [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id f-RTf_WSwvED for <1100@bugs.x2go.org>; Thu, 16 Mar 2017 12:07:40 +0100 (CET) Received: from mail-wm0-f49.google.com (mail-wm0-f49.google.com [74.125.82.49]) by ymir.das-netzwerkteam.de (Postfix) with ESMTPS id D6BE15DA4A for <1100@bugs.x2go.org>; Thu, 16 Mar 2017 12:07:39 +0100 (CET) Received: by mail-wm0-f49.google.com with SMTP id n11so108878027wma.1 for <1100@bugs.x2go.org>; Thu, 16 Mar 2017 04:07:39 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:from:date:message-id:subject:to; bh=clarvIoF9/Z/M/1UhTdV2BlombfJBKoXM144u/yKHvU=; b=DfUjYyi7yO9QmRSGF2XxdHTPiji6eJNRHJOa1ZQbz7RvG4x2VJ5skMR7L/KVr90NxS qr6WajLlEz1suR6D+LFSL4QG/Ob49WxWSgN0R9W9KY8FyOHX+2cWLBDVrTCdBsgDLZbS u4eqKsiww4I0IDbAkuserBcQ1fv4j96eSzzsKUiaHQIovsHNSdo5xTbIpFoxKnGMO4Ot KrtlbIf8ZwL+3H/SWgzl4cwfqibM78UJ3qHnvg7MvcsOd7pP/pUmOQTEKIk9vN/LO1/G UA9l8TtKkfQmhuwfStNtHxjEZ66Y0ILi1aob4xZsMNzP+M2TK6zM/DUVw92IOhC0O+o9 ZuCQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=clarvIoF9/Z/M/1UhTdV2BlombfJBKoXM144u/yKHvU=; b=tVPGh9ldKHWx7Qk6RjXnUedZsLZdmrgvKaqPTbHOTL6+9HSDkRrr0Y70nSXs9JuEaz gs2m02R989uLTnBVul5ez3MfieIX4+iNi1ilOrPQfdQjACXWuFxY40gxdmk2C4zvTJ++ uft4WDfQWPvRle7cTO2CrF/NcSKiifac4jelTud1mZMsGPDb8WBVgEB3pXsznOdRbo9K mE492yvRtuZ+a4TUF21/GDJizG5V4QKlWDGHp/7AIZ1Nk7Sn4jWnolUGUBZV8bXqvNct qciRVIDbiHLrzZdydtb4gIT0eiA53z81UsPZgUnmdS1Ilnh1MDhpXN6qCBUDDkfk/2js Z7SA== X-Gm-Message-State: AFeK/H3u+2CcWv/FLzsUsbNqVmCroyx+vCGrb5XsyTtF7OeKBCNQhozxGUV28pcXsa0sYzKMvboX//uYwhBhxA== X-Received: by 10.28.146.207 with SMTP id u198mr4931113wmd.103.1489662459292; Thu, 16 Mar 2017 04:07:39 -0700 (PDT) MIME-Version: 1.0 Received: by 10.28.196.197 with HTTP; Thu, 16 Mar 2017 04:07:38 -0700 (PDT) From: Mike DePaulo Date: Thu, 16 Mar 2017 07:07:38 -0400 Message-ID: Subject: Looking in to how to solve this To: 1100@bugs.x2go.org Content-Type: text/plain; charset=UTF-8 FYI, I am currently looking into how to solve this. I do not want to simply revert to the old functionality. From ezellma@ornl.gov Tue Mar 21 22:20:56 2017 Received: (at 1100) by bugs.x2go.org; 21 Mar 2017 21:20:58 +0000 X-Spam-Checker-Version: SpamAssassin 3.4.1 (2015-04-28) on ymir.das-netzwerkteam.de X-Spam-Level: X-Spam-Status: No, score=0.7 required=3.0 tests=BAYES_50,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,SPF_HELO_PASS autolearn=ham autolearn_force=no version=3.4.1 Received: from localhost (localhost [127.0.0.1]) by ymir.das-netzwerkteam.de (Postfix) with ESMTP id 45A215DAD0 for <1100@bugs.x2go.org>; Tue, 21 Mar 2017 22:20:56 +0100 (CET) X-Virus-Scanned: Debian amavisd-new at ymir.das-netzwerkteam.de Received: from ymir.das-netzwerkteam.de ([127.0.0.1]) by localhost (ymir.das-netzwerkteam.de [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Rvjc1XO24JEx for <1100@bugs.x2go.org>; Tue, 21 Mar 2017 22:20:49 +0100 (CET) X-Greylist: delayed 627 seconds by postgrey-1.35 at ymir.das-netzwerkteam.de; Tue, 21 Mar 2017 22:20:48 CET Received: from mta02.ornl.gov (mta02.ornl.gov [128.219.177.136]) by ymir.das-netzwerkteam.de (Postfix) with ESMTPS id 83B8D5DA4B for <1100@bugs.x2go.org>; Tue, 21 Mar 2017 22:20:47 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ornl.gov; i=@ornl.gov; q=dns/txt; s=p20151116; t=1490131248; x=1521667248; h=from:to:subject:date:message-id:content-id: content-transfer-encoding:mime-version; bh=9AESayAyl35IcmbEQg+ZVY2y8HQQSmpKiRbkx10ljCQ=; b=p+Ru5sQKv7kFbsleNR2VetWU/qKwDzBGrRijq/Mh84Ms/QG/3/nqph4K Hu9PDbla8pI0uzx2G9gEGhKS91NvLX/4RthF6X6eiqTnmzBDYvU21OkRP JmNRJMFnKaxVGxBXZvTpd5BpDkmifQhpkzj6di8WDmWLRUus/kaZHur6t 3b++KTPiI8UjGJ+vf/y5VBceqGhlxm+rZ/r/uYREzlcjQp6CkK/IZ9Jzu QTSKTEWhezkCj+AIjCUA/9tlQH8VSjaCF5kE6fovmqZrkEUp8ZKtvJze/ aRHQc9+99oW67RGnpYER+BhLTw83/J+f6gT5wXTCGYOuHcSkUhWmgSJxY Q==; X-SG: RELAYLIST X-IronPort-AV: E=Sophos;i="5.36,201,1486443600"; d="scan'208";a="8195498" Received: from emgwy1.ornl.gov ([160.91.254.9]) by iron2.ornl.gov with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 21 Mar 2017 17:10:17 -0400 Received: from EXCHOS31.ornl.gov (exchos31.ornl.gov [128.219.12.151]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by emgwy1.ornl.gov (Postfix) with ESMTPS id 3vnlp15j6Dz7tF7 for <1100@bugs.x2go.org>; Tue, 21 Mar 2017 17:10:17 -0400 (EDT) Received: from EXCHOS30.ornl.gov (128.219.12.150) by EXCHOS31.ornl.gov (128.219.12.151) with Microsoft SMTP Server (TLS) id 15.0.1178.4; Tue, 21 Mar 2017 17:10:17 -0400 Received: from EXCHCS31.ornl.gov (128.219.12.145) by EXCHOS30.ornl.gov (128.219.12.150) with Microsoft SMTP Server (TLS) id 15.0.1178.4; Tue, 21 Mar 2017 17:10:17 -0400 Received: from EXCHCS31.ornl.gov ([fe80::cde0:6908:129a:fa57]) by EXCHCS31.ornl.gov ([fe80::cde0:6908:129a:fa57%16]) with mapi id 15.00.1178.000; Tue, 21 Mar 2017 17:10:16 -0400 From: "Ezell, Matthew A." To: "1100@bugs.x2go.org" <1100@bugs.x2go.org> Subject: Solution Proposal Thread-Topic: Solution Proposal Thread-Index: AQHSooeJZjqC3+izBE6oFGeFPFirkQ== Date: Tue, 21 Mar 2017 21:10:16 +0000 Message-ID: <4D7014AD-633C-47C6-972E-682DB0282F70@ornl.gov> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: user-agent: Microsoft-MacOutlook/f.1e.0.170107 x-ms-exchange-messagesentrepresentingtype: 1 x-ms-exchange-transport-fromentityheader: Hosted x-originating-ip: [128.219.12.132] Content-Type: text/plain; charset="utf-8" Content-ID: <773F3CA56DD2EA45BDE7029C931473F7@ornl.gov> Content-Transfer-Encoding: base64 MIME-Version: 1.0 SeKAmW0gbm90IHN1cmUgSSB1bmRlcnN0YW5kIHdoYXQgbmVmYXJpb3VzIGJlaGF2aW9yICMzMzYg aXMgc3VwcG9zZWQgdG8gcHJldmVudCBlaXRoZXIuICBJdCBkaWQsIHVuZm9ydHVuYXRlbHksIG1h a2UgeDJnbyB1bnVzYWJsZSBpbiBvdXIgZW52aXJvbm1lbnQuDQoNCkkgcHJvcG9zZSBvbmUgb2Yg dGhlIGZvbGxvd2luZyBzb2x1dGlvbnM6DQoNCjEuIFJldmVydCB0aGUgYmVoYXZpb3IgKHNvdW5k cyBsaWtlIHRoaXMgaXNu4oCZdCBnb2luZyB0byBoYXBwZW4/KQ0KMi4gQWRkIGEg4oCYc2VjdXJl IHBhdGjigJkgYm9vbGVhbiBzZXNzaW9uIG9wdGlvbiBpbiB0aGUgY2xpZW50ICh5b3UgY2FuIGxl YXZlIGl0IG9uIGJ5IGRlZmF1bHQsIEnigJlsbCBoYXZlIG15IHVzZXJzIHR1cm4gaXQgb2ZmKQ0K My4gSW4gdGhlIGNsaWVudCwgaGFyZCBjb2RlIHRoZSBmdWxsIHBhdGggdG8gdGhlIHgyZ28gc2Vy dmVyIGFuZCBjb252ZXJ0IHgyZ28gdG8gdXNlIGFsbCBhYnNvbHV0ZSBwYXRocyAoaG9wZWZ1bGx5 IHRoaXMgcHJldmVudHMgYWxsIHRoZSBzYW1lIHRoaW5ncyBhcyAjMzM2IHdpdGhvdXQgdGhlIHNp ZGUgZWZmZWN0KQ0KNC4gT3B0aW9uIDMsIGJ1dCBhZGQgYW4g4oCYeDJnbyBzZXJ2ZXIgYmluYXJ5 4oCZIHN0cmluZyBzZXNzaW9uIG9wdGlvbiBpbiB0aGUgY2xpZW50IGluIGNhc2UgdGhlIGFkbWlu IGluc3RhbGxlZCB4MmdvIGluIGFuIGFsdGVybmF0ZSBsb2NhdGlvbg0KNS4gU2F2ZSB0aGUgcGF0 aCBiZWZvcmUgc2V0dGluZyBpdCAoZXhwb3J0IFgyR09TQVZFUEFUSD0kUEFUSDsgZXhwb3J0IFBB VEg9PHNhZmVfcGF0aD47IGNtZCkuICBUaGVuLCBzb21ld2hlcmUgYWZ0ZXIgYWxsIHRoZSB4Mmdv IHN0dWZmIGhhcyBiZWVuIHJ1biwgcmVzdG9yZSB0aGUgb3JpZ2luYWwgcGF0aA0KDQpJ4oCZbGwg YmUgaGFwcHkgdG8gdGVzdCBpbXBsZW1lbnRhdGlvbnMgb25jZSB0aGUgY29yZSBkZXZlbG9wZXJz IGRldGVybWluZSB0aGUgYmVzdCBwYXRoIGZvcndhcmQuDQoNClRoYW5rcywNCn5NYXR0DQoNCg== From x2go@ymir.das-netzwerkteam.de Sun Apr 2 15:02:00 2017 Received: (at 1100) by bugs.x2go.org; 2 Apr 2017 13:02:01 +0000 X-Spam-Checker-Version: SpamAssassin 3.4.1 (2015-04-28) on ymir.das-netzwerkteam.de X-Spam-Level: X-Spam-Status: No, score=-2.0 required=3.0 tests=ALL_TRUSTED,BAYES_00, DKIM_ADSP_CUSTOM_MED,FREEMAIL_FROM,NML_ADSP_CUSTOM_MED,URIBL_BLOCKED autolearn=no autolearn_force=no version=3.4.1 Received: from localhost (localhost [127.0.0.1]) by ymir.das-netzwerkteam.de (Postfix) with ESMTP id 5FD765DB55; Sun, 2 Apr 2017 15:02:00 +0200 (CEST) X-Virus-Scanned: Debian amavisd-new at ymir.das-netzwerkteam.de Received: from ymir.das-netzwerkteam.de ([127.0.0.1]) by localhost (ymir.das-netzwerkteam.de [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id NEjKFofbazh9; Sun, 2 Apr 2017 15:01:53 +0200 (CEST) Received: by ymir.das-netzwerkteam.de (Postfix, from userid 1005) id 150105DB5D; Sun, 2 Apr 2017 15:01:52 +0200 (CEST) From: =?utf-8?q?Mike_DePaulo?= To: 1100-submitter@bugs.x2go.org Cc: control@bugs.x2go.org, 1100@bugs.x2go.org Subject: X2Go issue (in src:x2goclient) has been marked as pending for release Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: 8bit X-Mailer: http://snipr.com/post-receive-tag-pending Message-Id: <20170402130153.150105DB5D@ymir.das-netzwerkteam.de> Date: Sun, 2 Apr 2017 15:01:52 +0200 (CEST) tag #1100 pending fixed #1100 4.1.0.1 thanks Hello, X2Go issue #1100 (src:x2goclient) reported by you has been fixed in X2Go Git. You can see the changelog below, and you can check the diff of the fix at: http://code.x2go.org/gitweb?p=x2goclient.git;a=commitdiff;h=d164a70 The issue will most likely be fixed in src:x2goclient (4.1.0.1). light+love X2Go Git Admin (on behalf of the sender of this mail) --- commit d164a700ba7e243f5038ef925208872f48f9c757 Author: Mike DePaulo Date: Thu Mar 30 18:51:41 2017 -0400 Don't override PATH for the actual session or application command. Fixes: #1100 diff --git a/debian/changelog b/debian/changelog index 42c1e52..8e71aeb 100644 --- a/debian/changelog +++ b/debian/changelog @@ -180,6 +180,9 @@ x2goclient (4.1.0.1-0x2go1) UNRELEASED; urgency=medium default because the installation dir is not writeable by users) + CVE-2017-6542 was fixed + - Don't override PATH for the actual session or application + command. + Fixes: #1100 [ Seth Galitzer ] * New upstream version (4.1.0.1): From ionic@ionic.de Thu Oct 12 08:13:34 2017 Received: (at control) by bugs.x2go.org; 12 Oct 2017 06:13:36 +0000 X-Spam-Checker-Version: SpamAssassin 3.4.1 (2015-04-28) on ymir.das-netzwerkteam.de X-Spam-Level: ** X-Spam-Status: No, score=2.5 required=3.0 tests=BAYES_40,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,MISSING_SUBJECT,RDNS_NONE autolearn=no autolearn_force=no version=3.4.1 Received: from localhost (localhost [127.0.0.1]) by ymir.das-netzwerkteam.de (Postfix) with ESMTP id 2CC965DAC9 for ; Thu, 12 Oct 2017 08:13:34 +0200 (CEST) X-Virus-Scanned: Debian amavisd-new at ymir.das-netzwerkteam.de Received: from ymir.das-netzwerkteam.de ([127.0.0.1]) by localhost (ymir.das-netzwerkteam.de [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id IMzXhSIY1NrA for ; Thu, 12 Oct 2017 08:13:24 +0200 (CEST) X-Greylist: delayed 376 seconds by postgrey-1.35 at ymir.das-netzwerkteam.de; Thu, 12 Oct 2017 08:13:23 CEST Received: from mail.ionic.de (unknown [IPv6:2001:41d0:a:588b:1::2]) by ymir.das-netzwerkteam.de (Postfix) with ESMTP id E292E5DAC8 for ; Thu, 12 Oct 2017 08:13:23 +0200 (CEST) Received: from [10.30.16.15] (178.162.222.41.adsl.inet-telecom.org [178.162.222.41]) by mail.ionic.de (Postfix) with ESMTPSA id C479C4F0060C for ; Thu, 12 Oct 2017 08:07:04 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=ionic.de; s=default; t=1507788424; bh=kCxs6my5kXoV+TJEizduCJ0HCcicaU8pN5JTXpVk9VE=; h=To:From:Date:From; b=DXX7y5K8LT3LCZDXVq/0OK3i24DvHI8LU4iC/8Akz12NmJr04y+utjWpFU6jTfa5j gz3b5lP6G7d747Jz+TlJk+GHqXL9uFpYWz0hdsfd9brZU9LCtWKGIIGzmz/ETSqdzz Z6XBQ9l/16s+bu6wKz8wHUVtLsR62rkKX2nBviTY= To: control@bugs.x2go.org From: Mihai Moldovan Message-ID: Date: Thu, 12 Oct 2017 08:07:04 +0200 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.3.0 MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="erWHmhUGn62BCFVVhJLGKQinT6BQmktlS" This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --erWHmhUGn62BCFVVhJLGKQinT6BQmktlS Content-Type: multipart/mixed; boundary="J3coTCf4Kkj3X69ssnHtpqiug49pbCvKj"; protected-headers="v1" From: Mihai Moldovan To: control@bugs.x2go.org Message-ID: --J3coTCf4Kkj3X69ssnHtpqiug49pbCvKj Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: quoted-printable fixed 1100 4.1.1.0 reassign 1018 x2goclient 4.0.5.1 reassign 1199 x2goclient 4.0.5.1 forcemerge 1018 1100 forcemerge 1199 1100 thanks --J3coTCf4Kkj3X69ssnHtpqiug49pbCvKj-- --erWHmhUGn62BCFVVhJLGKQinT6BQmktlS Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIzBAEBCgAdFiEEbhHQj3UzgcdE8cg8H9Yu2W4lOocFAlnfBogACgkQH9Yu2W4l OocbVQ/+OB65Drzw7CD9iut0ht8eJfcwsR2+Hj76dJ4SNg478UJujzJhnvbTxrkF NaXPxAEQC5soTDKQzSE4rb+YWn70WxElgpXl4LlnZP/1QZLufftoJg/FzgFQJRYu aoi5Lf1F/P/Sdj2BtH7q2iBvR8IWqtT1GhakFTy8zNp7CzGrBeJXlQcCT62CLJQJ +RAFdOcp/3W5tWij8sG2+OisujhDgkUBFbULvelTBqeaYi9KipgHvKD4wheAdj5q hnOFzeLktf8m1E6NUh7BNmZwPpQtAarxXZdCqqnMh3xSZRY+l5DaENCNdY3sEBt7 F5au66O5IkPZOkUqAm49RaMBKFRakj+4oFeXM5Lrujx5idDzb+EbK2rKt9BjELtx AaIbz//SuKFGpAqFioNxZocBMZKN+STL7OmIJvcT/PoyDd/yuYM0u7jiBW23ieBF awKmUCXWQqVmG4ijKwkupISpid7JLNU3MZRdIQvaKpiggNB2Sy3PAFoS11UA4OIk rBJ9FdpHXkssDO8s+om9IbwYou76pE9J+Zvduo0P5nkwLnfS/bKGyzpxm72BQFvD FOEuJ5zjl5RiBKV+vczeHVUI55idiZMlVYftwakxp811SS32DJ7Kc9pnyaOvbNiW mgN94wp+Kdv0genWCECuieZ7wwx4u0iM9HBpCODZwaU3RLxnwjI= =UQCr -----END PGP SIGNATURE----- --erWHmhUGn62BCFVVhJLGKQinT6BQmktlS-- From x2go@ymir.das-netzwerkteam.de Sun Oct 29 08:46:12 2017 Received: (at 1100) by bugs.x2go.org; 29 Oct 2017 07:46:21 +0000 X-Spam-Checker-Version: SpamAssassin 3.4.1 (2015-04-28) on ymir.das-netzwerkteam.de X-Spam-Level: X-Spam-Status: No, score=-2.9 required=3.0 tests=ALL_TRUSTED,BAYES_00, URIBL_BLOCKED autolearn=unavailable autolearn_force=no version=3.4.1 Received: from localhost (localhost [127.0.0.1]) by ymir.das-netzwerkteam.de (Postfix) with ESMTP id 8E5415DAD3; Sun, 29 Oct 2017 08:46:12 +0100 (CET) X-Virus-Scanned: Debian amavisd-new at ymir.das-netzwerkteam.de Received: from ymir.das-netzwerkteam.de ([127.0.0.1]) by localhost (ymir.das-netzwerkteam.de [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xBZFVy_Ev3fz; Sun, 29 Oct 2017 08:46:08 +0100 (CET) Received: by ymir.das-netzwerkteam.de (Postfix, from userid 1005) id DAD795DAD7; Sun, 29 Oct 2017 08:45:52 +0100 (CET) From: =?utf-8?q?X2Go_Release_Manager?= X2Go Release Manager To: 1100-submitter@bugs.x2go.org Cc: control@bugs.x2go.org, 1100@bugs.x2go.org Subject: X2Go issue (in src:x2goclient) has been marked as closed Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: 8bit Message-Id: <20171029074552.DAD795DAD7@ymir.das-netzwerkteam.de> Date: Sun, 29 Oct 2017 08:45:52 +0100 (CET) close #1100 thanks Hello, we are very hopeful that X2Go issue #1100 reported by you has been resolved in the new release (4.1.1.0) of the X2Go source project »src:x2goclient«. You can view the complete changelog entry of src:x2goclient (4.1.1.0) below, and you can use the following link to view all the code changes between this and the last release of src:x2goclient. http://code.x2go.org/gitweb?p=x2goclient.git;a=commitdiff;h=eafcb63c2ac63ae7ce43886949945e710c81bd3d;hp=add03ee78f3dcbee3317bf17a08dcb2cbeb12ee7 If you feel that the issue has not been resolved satisfyingly, feel free to reopen this bug report or submit a follow-up report with further observations described based on the new released version of src:x2goclient. Thanks a lot for contributing to X2Go!!! light+love X2Go Git Admin (on behalf of the sender of this mail) --- X2Go Component: src:x2goclient Version: 4.1.1.0-0x2go1 Status: RELEASE Date: Sun, 29 Oct 2017 08:43:45 +0100 Fixes: 31 499 592 870 930 966 1093 1100 1119 1121 1152 1165 1185 1186 Changes: x2goclient (4.1.1.0-0x2go1) RELEASED; urgency=medium . [ Mihai Moldovan ] * New upstream version (4.1.1.0): - src/sshmasterconnection.cpp: use ssh_channel_listen_forward () instead of ssh_forward_listen () for newer libssh versions. Fixes: #870. - src/sshmasterconnection.cpp: with libssh 0.6.0 and newer, get the public key via ssh_get_server_publickey () (0.8.0 and higher) or ssh_get_publickey () (0.7.x and lower) and its hash via ssh_get_publickey_hash () instead of using the deprecated ssh_get_pubkey_hash () function. Additionally, replace free () with the more appropriate ssh_string_free_char () function after using ssh_get_hexa (). This will break on very old systems with a hopelessly outdated libssh version, but we do not care about these systems in the first place. - src/sshmasterconnection.cpp: replace string_free () with its successor ssh_string_free (). Will break on ancient systems, but we don't care. - src/sshmasterconnection.cpp: replace deprecated channel_new () function with ssh_channel_new (). Might break on ancient systems, but we don't care. Also, add error handling in case ssh_channel_new () failed... - src/sshmasterconnection.cpp: replace deprecated channel_open_forward () function with ssh_channel_open_forward (). Might break on ancient systems, but we don't care. - src/sshmasterconnection.cpp: replace deprecated channel_open_session () function with ssh_channel_open_session (). Might break on ancient systems, but we don't care. - src/sshmasterconnection.cpp: replace deprecated channel_request_exec () function with ssh_channel_request_exec (). Might break on ancient systems, but we don't care. - src/sshmasterconnection.cpp: replace deprecated channel_poll () function with ssh_channel_poll (). Might break on ancient systems, but we don't care. - src/sshmasterconnection.cpp: replace deprecated channel_read () function with ssh_channel_read (). Might break on ancient systems, but we don't care. - src/sshmasterconnection.cpp: replace deprecated channel_is_eof () function with ssh_channel_is_eof (). Might break on ancient systems, but we don't care. - src/sshmasterconnection.cpp: replace deprecated channel_write () function with ssh_channel_write (). Might break on ancient systems, but we don't care. - src/sshmasterconnection.cpp: replace deprecated channel_send_eof () function with ssh_channel_send_eof (). Might break on ancient systems, but we don't care. - src/sshmasterconnection.cpp: replace deprecated channel_close () function with ssh_channel_close (). Might break on ancient systems, but we don't care. - src/sshmasterconnection.cpp: replace deprecated channel_free () function with ssh_channel_free (). Might break on ancient systems, but we don't care. - src/sshmasterconnection.cpp: use QString::arg () to insert function name and thus deduplicate error translation messages. Also re-add the full stop sign and remove it when needed for x2goDebug. - src/sshmasterconnection.cpp: fix up some debug strings. - src/sshmasterconnection.cpp: port more occurrences of "QString to C string" akin to 1b21d75f2c10609f3586f5b5e0b4ceb7fca83fdd. - src/sshmasterconnection.cpp: enable parsing of ~/.ssh/config. Fixes: #1121. Shorthands as host names and other bells and whistles like inferred port or user name values are now supported. - src/{onmainwindow,httpbrokerclient}.cpp: fix up error/warning message displayed when the server-specified key is unknown, but we have another key type stored already. - src/pulsemanager.cpp: fix up a debug string. Qt drops a space where I'd like to have one and inserts a space where I'd like none, so work around that fancifully. - src/sshmasterconnection.cpp: libssh < 0.6.0 does not have the ssh_options_get () API, but instead expects users to pull out information directly from the ssh_session structure. This fixes compile issues on systems with older libssh versions. - src/sshmasterconnection.cpp: turns out libssh < 0.6.0 doesn't support fetching the host, port and username parameters at all. We're in the clear for non-SSH-proxied connections and can use config file parsing, but have to disable config file parsing in the proxy settings, as there's no way to query the remote endpoint information. As a result we will be unable to open a new socket to the remote endpoint and proxying will fail badly. - src/x2goutils.cpp: ensure that add_to_path () also processes the first value passed. Fixes startup problems in MacPorts. Fixes: #1093. - res/i18n/x2goclient_et.ts: various fixups for the Estonian translation file. - res/i18n/x2goclient_*.ts: go the extra mile and fix up translation files manually after the "anothertype" fix in 8e503d89ee2d03a313c3deff11f0516fce503022. - {src/{onmainwindow,httpbrokerclient}.cpp,res/i18n/x2goclient_*.ts}: fix another occurrence of a string missing a space separator between words and update translation files. - src/onmainwindow.cpp: don't duplicate depth warning message needlessly, use correct plural forms in translations and split string up in a translation-friendly form. I'll leave translators to handle this beast, as languages are unique in the number of plural forms and the like. - {src/printdialog.cpp,res/i18n/x2goclient_*.ts}: drop spurious left-over parenthesis in warning message and adapt translations. - src/onmainwindow.cpp: make the "not loading translator" message non-translatable, as it doesn't make a lot of sense to actually translate it. - {src/{configdialog,x2goutils}.cpp,res/i18n/x2goclient_*.ts}: change XQuartz project homepage references, adapt translations. - src/pulsemanager.{cpp,h}: make get_* () functions const. - src/pulsemanager.{cpp,h}: make is_server_running () const. - src/pulsemanager.{cpp,h}: add new pulse_version_valid_ boolean class member variable, set it correctly and use it whenever the version is accessed. - src/pulsemanager.cpp: make fetch_pulseaudio_version () more resilient. Instead of aborting hard when the version number could not be detected, break out of the loops only. We can make stuff work, even if the version is unknown. Or just continue without PA support as such. - src/pulsemanager.{cpp,h}: add show_startup_warning () for both PA server and (debug) startup sound playback. - src/pulsemanager.cpp: check server_binary_ before using it and jump over code that assumes the PA server binary to be available. - src/pulsemanager.cpp: don't fail hard on OS X if the PA server binary could not be found in the constructor. We can live without PA and will show a warning message to the user later on when PA is supposed to be started. - src/pulsemanager.cpp: deduplicate warning/error messages - make use of show_startup_warning (). This does imply changes to the translation files, coming up next. - res/i18n/x2goclient_*.ts: regenerate translation files and fix up some SSH and PulseManager messages manually, where possible. - src/x2ogutils.h: guard UNUSED macro definition. - {macbuild.sh,src/{x2goutils.h,{pulsemanager,onmainwindow}.cpp}, x2goclient.pro}: make MacPorts prefix selectable at compile time. Much cleaner for downstream package maintainers (like, for instance, MacPorts itself.) - res/i18n/x2goclient_fi.ts: remove outdated comment. - src/sshprocess.cpp: bind direct tunnel socket to localhost instead of any address. Fixes: #31. - src/onmainwindow.cpp: check for sessionExplorer->getLastSession() to be valid in all places but obvious ones. Fixes: #499. - src/sshmasterconnection.cpp: use new PKI-based libssh API for public key authentication for libssh 0.6.0 and higher. Fixes: #1119. - src/sshmasterconnection.cpp: add YubiKey challenge auth prompt. - src/sshmasterconnection.cpp: fix compile errors on pre-libssh-0.6.0 systems and add a TOCTU-race check to see if the file exists prior to calling privatekey_from_file () on such systems. Additionally fix a type issue. - macbuild.sh: fix long-standing issue that made the DMG bundle contain a symlink made up of only a space to /Applications. - res/img/icons/dmg: add new image disk.svg, used as the basis for the new OS X DMG bundle icon. - res/img/icons/dmg: add new disk-drive-and-x2goclient icon for use as the volume icon of the OS X DMG bundle. - macbuild.sh: use the new volume icon that actually also looks like a disk drive. Fixes: #930. - src/onmainwindow.cpp: typo fix only. - src/onmainwindow.cpp: do not automatically set login user name to current system user if empty. Unbreaks default user name fetching via libssh. Might break some use cases (especially RDP, XDMCP). - src/x2goclient.cpp: revert change bypassing the UNIX cleanup helper. - src/onmainwindow.cpp: revert old behavior and select user name field after a session has been suspended/terminated if user name was not provided. Do not insert an user name, though, but leave it to autodetection by default. - src/sshmasterconnection.cpp: fix SSH-proxied connections with port numbers of zero. In order to authenticate the remote server, SSH-proxied connections must be reset to their remote host and port values after connecting via the SSH tunnel. If the original port value was zero, setting it was skipped, leading to connections like $REMOTE_HOST:$PROXY_PORT, which is certainly wrong. Fetch the inferred port value and set this instead, fixing this issue. - Makefile: add new QMAKE_OPTS variable so that packagers can pass additional options to qmake directly. - src/sshmasterconnection.cpp: typo fix in log message only. - src/sshmasterconnection.cpp: don't leak ssh_session data, free it once we're done with it. - Makefile: qmake seems to act weird if QMAKE_C(XX)FLAGS starts with a space followed by additional non-whitespace characters. Refactor the variables a bit to work around this issue. - Makefile: turns out the only somewhat portable way to do something like this is via shell hackery. - Makefile: reset to the original state and make sure that we don't pass CXXFLAGS on to the actual build process to not override the values generated by qmake. - Makefile: the only way to prevent variables on the command line to be passed down seems to be to remove them from MAKEOVERRIDES. .MAKEOVERRIDES is the FreeBSD-make-equivalent variable. MAKEFLAGS has no effect on this behavior, so removing it again. - Makefile: add comment explaining why we need to do this in the first place and why it's so complicated. - src/sshmasterconnection: ignore "garbage", but require at least one line to start with a known challenge auth prompt. Fixes: #966. - x2goclient.pro: add libssh_threads library. We need this since X2Go Client is multi-threaded. - copy-deps-win32.bat: also copy libssh_threads.dll to go with the previous change. - src/{onmainwindow,sshmasterconnection}.{cpp,h}: correctly initialize and finalize libssh. We ought to do both only once - in our main thread. Previously, we initialized libssh in a new thread, which might be problematic. - src/sessionexplorer.cpp: open the correct tab when editing a session from the exports menu. - src/onmainwindow.cpp: try to workaround window placement if settings contain a (newly) invalid position (e.g., a position that refers to a disconnected display.) - src/onmainwindow.cpp: try to find a display that can hold the window's position fetched from the sizes settings. Use the default if none could be found. - src/onmainwindow.cpp: fix up main window position check; use QRect.intersects (). - src/pulsemanager.{cpp,h}: rename shutdownState to shutdown_state_, reorder in initializer list. - res/i18n/: regenerate translations. - res/i18n/x2goclient_es.ts: fixup Spanish translation file. - res/i18n/x2goclient_et.ts: fixup some typos in the Estonian translation file. - res/i18n/x2goclient_sv.ts: add singular form to translation entry as discussed on list. - res/i18n/x2goclient_es.ts: add singular form to translation entry as discussed off list. - res/i18n/x2goclient_nl.ts: various fixups for Dutch translation file. - res/i18n/x2goclient_nb_no.ts: various fixups for Bokmål (Norway) translation file. - res/i18n/x2goclient_nl.ts: fix whitespace issues in Dutch translation file and re-add numerus form translation. - res/i18n/x2goclient_nb_no.ts: various fixups for Bokmål (Norway) translation file, including numerus form. - src/sshmasterconnection.cpp: for proxied connections, fetch the user name matching the given host, not proxy host. - res/i18n/x2goclient_fi.ts: various fixups for Finnish translation file. - res/i18n/x2goclient_fi.ts: another tiny whitespace fixup for Finnish translation file. - src/onmainwindow.cpp: fix "XMDCP" typo. - res/i18n/x2goclient_de.ts: various fixups for German translation file. - src/onmainwindow.cpp: fix "loose" vs. "lose" spelling mistake. - res/i18n/x2goclient_et.ts: remove obsolete and wrongly capitalized "x2go" part from an Estonian translation message. - res/i18n/x2goclient_sv.ts: minor whitespace fixup. - res/i18n/x2goclient_*.ts: apply "XMDCP" -> "XDMCP" fix manually to translation files. - res/i18n/x2goclient_nb_no.ts: remove obsolete comments (leading to problems when regenerating translation files.) - res/i18n/x2goclient_nl.ts: remove obsolete comments (leading to problems when regenerating translation files.) - res/i18n/x2goclient_*.ts: regenerate translations. - res/i18n/x2goclient_fi.ts: various fixups for Finnish translation file. - src/sshmasterconnection.cpp: spelling fix. (Quiting -> Quitting) - x2gobrowserplugin-2.4_1/src/qtbrowserplugin.cpp: spelling fix. (convertable -> convertible) * x2goclient.spec: - Respect %{optflags} and pass QMAKE_STRIP=: to fix missing debug info issues. . [ Oleksandr Shneyder ] * New upstream version (4.1.1.0): - Interaction with SSH server (for example for changing expired password). Fixes: #592. - Fixing setting widget style issue in InteractionDialog on Windows client. - SSH Interaction for SSH Broker and SSH Server. - SSH Iteraction for method keyboard-interactive. - Move PulseManager MsgBox functions to main window: GUI functions should be used only from main thread. - Check "norecord" option on the first start of PulseAudio. - Disable/Enable PulseAudio in config dialog. New command line options: --disable-pulse to disable start of PulseAudio --disable-pulse-record to disable audio input. - Check if PulseAudio running at session start and resuming when sound is enabled. Show warning if PulseAudio not running and disable the sound support for the session to avoid session freezes. - Add session config file option "sshproxysamekey". With this option client will use for proxy authentication same key as for X2Go server. This is important in first case for broker users, where key can be generated "on the fly". Maybe it makes sence to add this option in UI and command line later. - Correct negative display coordinates for FS sessions. . [ Robert Parts ] * New upstream version (4.1.1.0): - res/i18n/x2goclient_et.ts: update Estonian translation file. - res/i18n/x2goclient_et.ts: update Estonian translation file. . [ Martti Pitkänen ] * New upstream version (4.1.1.0): - res/i18n/x2goclient_fi.ts: update Finnish translation file. - res/i18n/x2goclient_fi.ts: update Finnish translation file. - res/i18n/x2goclient_fi.ts: update Finnish translation file. . [ Mike DePaulo ] * New upstream version (4.1.1.0): - Windows: Upgrade PulseAudio from 6.0 to 7.1 Fixes: #1152 Issues with audio when playing HTML5 videos - Windows: Remove uninstaller from start menu. It is still available in "Programs and Features". - Windows: Upgrade Win32 OpenSSL from 1.0.1t to 1.0.2k Fixes numerous CVEs - Windows: Upgrade libssh from 0.7.0 to 0.7.4 (while maintaining Pageant support). The possibly relevant changes are: + CVE-2016-0739 was fixed + improved id_ed25519 support + numerous bug fixes - Windows: Update PuTTY from 0.67 to 0.68 The possibly relevant changes are: + CVE-2016-6167 was fixed (did not affect X2Go Client by default because the installation dir is not writeable by users) + CVE-2017-6542 was fixed - Don't override PATH for the actual session or application command. Fixes: #1100 . [ Walid Moghrabi ] * New upstream version (4.1.1.0): - {src/{help.cpp,onmainwindow.{cpp,h}},man/man1/x2goclient.1}: let --background take a directory and randomly pick an SVG file in there. Fixes: #1165. - {src/{help.cpp,onmainwindow.{cpp,h}},man/man1/x2goclient.1}: pass-through broker credentials when connecting to a direct RDP session. Fixes: #1185. Adds a new --broker-use-creds-for-session parameter. - src/onmainwindow.cpp: support --close-disconnect for direct RDP sessions. Fixes: #1186. . [ Daniel Lindgren ] * New upstream version (4.1.1.0): - res/i18n/x2goclient_sv.ts: update Swedish translation file. . [ Ricardo Díaz Martín ] * New upstream release (4.1.1.0): - res/i18n/x2goclient_es.ts: update Spanish translation file. . [ Jos Wolfkamp ] * New upstream version (4.1.1.0): - res/i18n/x2goclient_nl.ts: update Dutch translation file. - res/i18n/x2goclient_nl.ts: update Dutch translation file. . [ Klaus Ade Johnstad ] * New upstream version (4.1.1.0): - res/i18n/x2goclient_nb_no.ts: update Bokmål (Norway) translation file. - res/i18n/x2goclient_nb_no.ts: update Bokmål (Norway) translation file. . [ Stefan Baur ] * New upstream release (4.1.1.0): - res/i18n/x2goclient_de.ts: update German translation file. . [ Sébastien Ducoulombier ] * New upstream version (4.1.1.0): - res/i18n/x2goclient_fr.ts: update French translation file. From unknown Fri Mar 29 08:09:50 2024 MIME-Version: 1.0 X-Mailer: MIME-tools 5.507 (Entity 5.507) X-Loop: owner@bugs.x2go.org From: owner@bugs.x2go.org (X2Go Bug Tracking System) Subject: Bug#1100 closed by X2Go Release Manager X2Go Release Manager (X2Go issue (in src:x2goclient) has been marked as closed) Message-ID: References: <20171029074552.DAD795DAD7@ymir.das-netzwerkteam.de> X-X2go-PR-Keywords: pending X-X2go-PR-Message: they-closed 1100 X-X2go-PR-Package: x2goclient X-X2go-PR-Source: x2goclient Date: Sun, 29 Oct 2017 07:50:11 +0000 Content-Type: multipart/mixed; boundary="----------=_1509263411-25183-0" This is a multi-part message in MIME format... ------------=_1509263411-25183-0 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=utf-8 This is an automatic notification regarding your Bug report which was filed against the x2goclient package: #1100: xterm's shell started from x2goclient has wrong PATH It has been closed by X2Go Release Manager X2Go Release Manager . Their explanation is attached below along with your original report. If this explanation is unsatisfactory and you have not received a better one in a separate message then please contact X2Go Release Manager X= 2Go Release Manager by replying to this email. --=20 X2Go Bug Tracking System Contact owner@bugs.x2go.org with problems ------------=_1509263411-25183-0 Content-Type: message/rfc822 Content-Disposition: inline Content-Transfer-Encoding: 7bit Received: (at control) by bugs.x2go.org; 29 Oct 2017 07:46:29 +0000 X-Spam-Checker-Version: SpamAssassin 3.4.1 (2015-04-28) on ymir.das-netzwerkteam.de X-Spam-Level: X-Spam-Status: No, score=-2.9 required=3.0 tests=ALL_TRUSTED,BAYES_00, URIBL_BLOCKED autolearn=unavailable autolearn_force=no version=3.4.1 Received: from localhost (localhost [127.0.0.1]) by ymir.das-netzwerkteam.de (Postfix) with ESMTP id 8E5415DAD3; Sun, 29 Oct 2017 08:46:12 +0100 (CET) X-Virus-Scanned: Debian amavisd-new at ymir.das-netzwerkteam.de Received: from ymir.das-netzwerkteam.de ([127.0.0.1]) by localhost (ymir.das-netzwerkteam.de [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xBZFVy_Ev3fz; Sun, 29 Oct 2017 08:46:08 +0100 (CET) Received: by ymir.das-netzwerkteam.de (Postfix, from userid 1005) id DAD795DAD7; Sun, 29 Oct 2017 08:45:52 +0100 (CET) From: =?utf-8?q?X2Go_Release_Manager?= X2Go Release Manager To: 1100-submitter@bugs.x2go.org Cc: control@bugs.x2go.org, 1100@bugs.x2go.org Subject: X2Go issue (in src:x2goclient) has been marked as closed Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: 8bit Message-Id: <20171029074552.DAD795DAD7@ymir.das-netzwerkteam.de> Date: Sun, 29 Oct 2017 08:45:52 +0100 (CET) close #1100 thanks Hello, we are very hopeful that X2Go issue #1100 reported by you has been resolved in the new release (4.1.1.0) of the X2Go source project »src:x2goclient«. You can view the complete changelog entry of src:x2goclient (4.1.1.0) below, and you can use the following link to view all the code changes between this and the last release of src:x2goclient. http://code.x2go.org/gitweb?p=x2goclient.git;a=commitdiff;h=eafcb63c2ac63ae7ce43886949945e710c81bd3d;hp=add03ee78f3dcbee3317bf17a08dcb2cbeb12ee7 If you feel that the issue has not been resolved satisfyingly, feel free to reopen this bug report or submit a follow-up report with further observations described based on the new released version of src:x2goclient. Thanks a lot for contributing to X2Go!!! light+love X2Go Git Admin (on behalf of the sender of this mail) --- X2Go Component: src:x2goclient Version: 4.1.1.0-0x2go1 Status: RELEASE Date: Sun, 29 Oct 2017 08:43:45 +0100 Fixes: 31 499 592 870 930 966 1093 1100 1119 1121 1152 1165 1185 1186 Changes: x2goclient (4.1.1.0-0x2go1) RELEASED; urgency=medium . [ Mihai Moldovan ] * New upstream version (4.1.1.0): - src/sshmasterconnection.cpp: use ssh_channel_listen_forward () instead of ssh_forward_listen () for newer libssh versions. Fixes: #870. - src/sshmasterconnection.cpp: with libssh 0.6.0 and newer, get the public key via ssh_get_server_publickey () (0.8.0 and higher) or ssh_get_publickey () (0.7.x and lower) and its hash via ssh_get_publickey_hash () instead of using the deprecated ssh_get_pubkey_hash () function. Additionally, replace free () with the more appropriate ssh_string_free_char () function after using ssh_get_hexa (). This will break on very old systems with a hopelessly outdated libssh version, but we do not care about these systems in the first place. - src/sshmasterconnection.cpp: replace string_free () with its successor ssh_string_free (). Will break on ancient systems, but we don't care. - src/sshmasterconnection.cpp: replace deprecated channel_new () function with ssh_channel_new (). Might break on ancient systems, but we don't care. Also, add error handling in case ssh_channel_new () failed... - src/sshmasterconnection.cpp: replace deprecated channel_open_forward () function with ssh_channel_open_forward (). Might break on ancient systems, but we don't care. - src/sshmasterconnection.cpp: replace deprecated channel_open_session () function with ssh_channel_open_session (). Might break on ancient systems, but we don't care. - src/sshmasterconnection.cpp: replace deprecated channel_request_exec () function with ssh_channel_request_exec (). Might break on ancient systems, but we don't care. - src/sshmasterconnection.cpp: replace deprecated channel_poll () function with ssh_channel_poll (). Might break on ancient systems, but we don't care. - src/sshmasterconnection.cpp: replace deprecated channel_read () function with ssh_channel_read (). Might break on ancient systems, but we don't care. - src/sshmasterconnection.cpp: replace deprecated channel_is_eof () function with ssh_channel_is_eof (). Might break on ancient systems, but we don't care. - src/sshmasterconnection.cpp: replace deprecated channel_write () function with ssh_channel_write (). Might break on ancient systems, but we don't care. - src/sshmasterconnection.cpp: replace deprecated channel_send_eof () function with ssh_channel_send_eof (). Might break on ancient systems, but we don't care. - src/sshmasterconnection.cpp: replace deprecated channel_close () function with ssh_channel_close (). Might break on ancient systems, but we don't care. - src/sshmasterconnection.cpp: replace deprecated channel_free () function with ssh_channel_free (). Might break on ancient systems, but we don't care. - src/sshmasterconnection.cpp: use QString::arg () to insert function name and thus deduplicate error translation messages. Also re-add the full stop sign and remove it when needed for x2goDebug. - src/sshmasterconnection.cpp: fix up some debug strings. - src/sshmasterconnection.cpp: port more occurrences of "QString to C string" akin to 1b21d75f2c10609f3586f5b5e0b4ceb7fca83fdd. - src/sshmasterconnection.cpp: enable parsing of ~/.ssh/config. Fixes: #1121. Shorthands as host names and other bells and whistles like inferred port or user name values are now supported. - src/{onmainwindow,httpbrokerclient}.cpp: fix up error/warning message displayed when the server-specified key is unknown, but we have another key type stored already. - src/pulsemanager.cpp: fix up a debug string. Qt drops a space where I'd like to have one and inserts a space where I'd like none, so work around that fancifully. - src/sshmasterconnection.cpp: libssh < 0.6.0 does not have the ssh_options_get () API, but instead expects users to pull out information directly from the ssh_session structure. This fixes compile issues on systems with older libssh versions. - src/sshmasterconnection.cpp: turns out libssh < 0.6.0 doesn't support fetching the host, port and username parameters at all. We're in the clear for non-SSH-proxied connections and can use config file parsing, but have to disable config file parsing in the proxy settings, as there's no way to query the remote endpoint information. As a result we will be unable to open a new socket to the remote endpoint and proxying will fail badly. - src/x2goutils.cpp: ensure that add_to_path () also processes the first value passed. Fixes startup problems in MacPorts. Fixes: #1093. - res/i18n/x2goclient_et.ts: various fixups for the Estonian translation file. - res/i18n/x2goclient_*.ts: go the extra mile and fix up translation files manually after the "anothertype" fix in 8e503d89ee2d03a313c3deff11f0516fce503022. - {src/{onmainwindow,httpbrokerclient}.cpp,res/i18n/x2goclient_*.ts}: fix another occurrence of a string missing a space separator between words and update translation files. - src/onmainwindow.cpp: don't duplicate depth warning message needlessly, use correct plural forms in translations and split string up in a translation-friendly form. I'll leave translators to handle this beast, as languages are unique in the number of plural forms and the like. - {src/printdialog.cpp,res/i18n/x2goclient_*.ts}: drop spurious left-over parenthesis in warning message and adapt translations. - src/onmainwindow.cpp: make the "not loading translator" message non-translatable, as it doesn't make a lot of sense to actually translate it. - {src/{configdialog,x2goutils}.cpp,res/i18n/x2goclient_*.ts}: change XQuartz project homepage references, adapt translations. - src/pulsemanager.{cpp,h}: make get_* () functions const. - src/pulsemanager.{cpp,h}: make is_server_running () const. - src/pulsemanager.{cpp,h}: add new pulse_version_valid_ boolean class member variable, set it correctly and use it whenever the version is accessed. - src/pulsemanager.cpp: make fetch_pulseaudio_version () more resilient. Instead of aborting hard when the version number could not be detected, break out of the loops only. We can make stuff work, even if the version is unknown. Or just continue without PA support as such. - src/pulsemanager.{cpp,h}: add show_startup_warning () for both PA server and (debug) startup sound playback. - src/pulsemanager.cpp: check server_binary_ before using it and jump over code that assumes the PA server binary to be available. - src/pulsemanager.cpp: don't fail hard on OS X if the PA server binary could not be found in the constructor. We can live without PA and will show a warning message to the user later on when PA is supposed to be started. - src/pulsemanager.cpp: deduplicate warning/error messages - make use of show_startup_warning (). This does imply changes to the translation files, coming up next. - res/i18n/x2goclient_*.ts: regenerate translation files and fix up some SSH and PulseManager messages manually, where possible. - src/x2ogutils.h: guard UNUSED macro definition. - {macbuild.sh,src/{x2goutils.h,{pulsemanager,onmainwindow}.cpp}, x2goclient.pro}: make MacPorts prefix selectable at compile time. Much cleaner for downstream package maintainers (like, for instance, MacPorts itself.) - res/i18n/x2goclient_fi.ts: remove outdated comment. - src/sshprocess.cpp: bind direct tunnel socket to localhost instead of any address. Fixes: #31. - src/onmainwindow.cpp: check for sessionExplorer->getLastSession() to be valid in all places but obvious ones. Fixes: #499. - src/sshmasterconnection.cpp: use new PKI-based libssh API for public key authentication for libssh 0.6.0 and higher. Fixes: #1119. - src/sshmasterconnection.cpp: add YubiKey challenge auth prompt. - src/sshmasterconnection.cpp: fix compile errors on pre-libssh-0.6.0 systems and add a TOCTU-race check to see if the file exists prior to calling privatekey_from_file () on such systems. Additionally fix a type issue. - macbuild.sh: fix long-standing issue that made the DMG bundle contain a symlink made up of only a space to /Applications. - res/img/icons/dmg: add new image disk.svg, used as the basis for the new OS X DMG bundle icon. - res/img/icons/dmg: add new disk-drive-and-x2goclient icon for use as the volume icon of the OS X DMG bundle. - macbuild.sh: use the new volume icon that actually also looks like a disk drive. Fixes: #930. - src/onmainwindow.cpp: typo fix only. - src/onmainwindow.cpp: do not automatically set login user name to current system user if empty. Unbreaks default user name fetching via libssh. Might break some use cases (especially RDP, XDMCP). - src/x2goclient.cpp: revert change bypassing the UNIX cleanup helper. - src/onmainwindow.cpp: revert old behavior and select user name field after a session has been suspended/terminated if user name was not provided. Do not insert an user name, though, but leave it to autodetection by default. - src/sshmasterconnection.cpp: fix SSH-proxied connections with port numbers of zero. In order to authenticate the remote server, SSH-proxied connections must be reset to their remote host and port values after connecting via the SSH tunnel. If the original port value was zero, setting it was skipped, leading to connections like $REMOTE_HOST:$PROXY_PORT, which is certainly wrong. Fetch the inferred port value and set this instead, fixing this issue. - Makefile: add new QMAKE_OPTS variable so that packagers can pass additional options to qmake directly. - src/sshmasterconnection.cpp: typo fix in log message only. - src/sshmasterconnection.cpp: don't leak ssh_session data, free it once we're done with it. - Makefile: qmake seems to act weird if QMAKE_C(XX)FLAGS starts with a space followed by additional non-whitespace characters. Refactor the variables a bit to work around this issue. - Makefile: turns out the only somewhat portable way to do something like this is via shell hackery. - Makefile: reset to the original state and make sure that we don't pass CXXFLAGS on to the actual build process to not override the values generated by qmake. - Makefile: the only way to prevent variables on the command line to be passed down seems to be to remove them from MAKEOVERRIDES. .MAKEOVERRIDES is the FreeBSD-make-equivalent variable. MAKEFLAGS has no effect on this behavior, so removing it again. - Makefile: add comment explaining why we need to do this in the first place and why it's so complicated. - src/sshmasterconnection: ignore "garbage", but require at least one line to start with a known challenge auth prompt. Fixes: #966. - x2goclient.pro: add libssh_threads library. We need this since X2Go Client is multi-threaded. - copy-deps-win32.bat: also copy libssh_threads.dll to go with the previous change. - src/{onmainwindow,sshmasterconnection}.{cpp,h}: correctly initialize and finalize libssh. We ought to do both only once - in our main thread. Previously, we initialized libssh in a new thread, which might be problematic. - src/sessionexplorer.cpp: open the correct tab when editing a session from the exports menu. - src/onmainwindow.cpp: try to workaround window placement if settings contain a (newly) invalid position (e.g., a position that refers to a disconnected display.) - src/onmainwindow.cpp: try to find a display that can hold the window's position fetched from the sizes settings. Use the default if none could be found. - src/onmainwindow.cpp: fix up main window position check; use QRect.intersects (). - src/pulsemanager.{cpp,h}: rename shutdownState to shutdown_state_, reorder in initializer list. - res/i18n/: regenerate translations. - res/i18n/x2goclient_es.ts: fixup Spanish translation file. - res/i18n/x2goclient_et.ts: fixup some typos in the Estonian translation file. - res/i18n/x2goclient_sv.ts: add singular form to translation entry as discussed on list. - res/i18n/x2goclient_es.ts: add singular form to translation entry as discussed off list. - res/i18n/x2goclient_nl.ts: various fixups for Dutch translation file. - res/i18n/x2goclient_nb_no.ts: various fixups for Bokmål (Norway) translation file. - res/i18n/x2goclient_nl.ts: fix whitespace issues in Dutch translation file and re-add numerus form translation. - res/i18n/x2goclient_nb_no.ts: various fixups for Bokmål (Norway) translation file, including numerus form. - src/sshmasterconnection.cpp: for proxied connections, fetch the user name matching the given host, not proxy host. - res/i18n/x2goclient_fi.ts: various fixups for Finnish translation file. - res/i18n/x2goclient_fi.ts: another tiny whitespace fixup for Finnish translation file. - src/onmainwindow.cpp: fix "XMDCP" typo. - res/i18n/x2goclient_de.ts: various fixups for German translation file. - src/onmainwindow.cpp: fix "loose" vs. "lose" spelling mistake. - res/i18n/x2goclient_et.ts: remove obsolete and wrongly capitalized "x2go" part from an Estonian translation message. - res/i18n/x2goclient_sv.ts: minor whitespace fixup. - res/i18n/x2goclient_*.ts: apply "XMDCP" -> "XDMCP" fix manually to translation files. - res/i18n/x2goclient_nb_no.ts: remove obsolete comments (leading to problems when regenerating translation files.) - res/i18n/x2goclient_nl.ts: remove obsolete comments (leading to problems when regenerating translation files.) - res/i18n/x2goclient_*.ts: regenerate translations. - res/i18n/x2goclient_fi.ts: various fixups for Finnish translation file. - src/sshmasterconnection.cpp: spelling fix. (Quiting -> Quitting) - x2gobrowserplugin-2.4_1/src/qtbrowserplugin.cpp: spelling fix. (convertable -> convertible) * x2goclient.spec: - Respect %{optflags} and pass QMAKE_STRIP=: to fix missing debug info issues. . [ Oleksandr Shneyder ] * New upstream version (4.1.1.0): - Interaction with SSH server (for example for changing expired password). Fixes: #592. - Fixing setting widget style issue in InteractionDialog on Windows client. - SSH Interaction for SSH Broker and SSH Server. - SSH Iteraction for method keyboard-interactive. - Move PulseManager MsgBox functions to main window: GUI functions should be used only from main thread. - Check "norecord" option on the first start of PulseAudio. - Disable/Enable PulseAudio in config dialog. New command line options: --disable-pulse to disable start of PulseAudio --disable-pulse-record to disable audio input. - Check if PulseAudio running at session start and resuming when sound is enabled. Show warning if PulseAudio not running and disable the sound support for the session to avoid session freezes. - Add session config file option "sshproxysamekey". With this option client will use for proxy authentication same key as for X2Go server. This is important in first case for broker users, where key can be generated "on the fly". Maybe it makes sence to add this option in UI and command line later. - Correct negative display coordinates for FS sessions. . [ Robert Parts ] * New upstream version (4.1.1.0): - res/i18n/x2goclient_et.ts: update Estonian translation file. - res/i18n/x2goclient_et.ts: update Estonian translation file. . [ Martti Pitkänen ] * New upstream version (4.1.1.0): - res/i18n/x2goclient_fi.ts: update Finnish translation file. - res/i18n/x2goclient_fi.ts: update Finnish translation file. - res/i18n/x2goclient_fi.ts: update Finnish translation file. . [ Mike DePaulo ] * New upstream version (4.1.1.0): - Windows: Upgrade PulseAudio from 6.0 to 7.1 Fixes: #1152 Issues with audio when playing HTML5 videos - Windows: Remove uninstaller from start menu. It is still available in "Programs and Features". - Windows: Upgrade Win32 OpenSSL from 1.0.1t to 1.0.2k Fixes numerous CVEs - Windows: Upgrade libssh from 0.7.0 to 0.7.4 (while maintaining Pageant support). The possibly relevant changes are: + CVE-2016-0739 was fixed + improved id_ed25519 support + numerous bug fixes - Windows: Update PuTTY from 0.67 to 0.68 The possibly relevant changes are: + CVE-2016-6167 was fixed (did not affect X2Go Client by default because the installation dir is not writeable by users) + CVE-2017-6542 was fixed - Don't override PATH for the actual session or application command. Fixes: #1100 . [ Walid Moghrabi ] * New upstream version (4.1.1.0): - {src/{help.cpp,onmainwindow.{cpp,h}},man/man1/x2goclient.1}: let --background take a directory and randomly pick an SVG file in there. Fixes: #1165. - {src/{help.cpp,onmainwindow.{cpp,h}},man/man1/x2goclient.1}: pass-through broker credentials when connecting to a direct RDP session. Fixes: #1185. Adds a new --broker-use-creds-for-session parameter. - src/onmainwindow.cpp: support --close-disconnect for direct RDP sessions. Fixes: #1186. . [ Daniel Lindgren ] * New upstream version (4.1.1.0): - res/i18n/x2goclient_sv.ts: update Swedish translation file. . [ Ricardo Díaz Martín ] * New upstream release (4.1.1.0): - res/i18n/x2goclient_es.ts: update Spanish translation file. . [ Jos Wolfkamp ] * New upstream version (4.1.1.0): - res/i18n/x2goclient_nl.ts: update Dutch translation file. - res/i18n/x2goclient_nl.ts: update Dutch translation file. . [ Klaus Ade Johnstad ] * New upstream version (4.1.1.0): - res/i18n/x2goclient_nb_no.ts: update Bokmål (Norway) translation file. - res/i18n/x2goclient_nb_no.ts: update Bokmål (Norway) translation file. . [ Stefan Baur ] * New upstream release (4.1.1.0): - res/i18n/x2goclient_de.ts: update German translation file. . [ Sébastien Ducoulombier ] * New upstream version (4.1.1.0): - res/i18n/x2goclient_fr.ts: update French translation file. ------------=_1509263411-25183-0 Content-Type: message/rfc822 Content-Disposition: inline Content-Transfer-Encoding: 7bit Received: (at submit) by bugs.x2go.org; 11 Oct 2016 15:03:35 +0000 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on ymir.das-netzwerkteam.de X-Spam-Level: X-Spam-Status: No, score=0.8 required=3.0 tests=BAYES_50,SPF_HELO_PASS autolearn=ham version=3.3.2 Received: from localhost (localhost [127.0.0.1]) by ymir.das-netzwerkteam.de (Postfix) with ESMTP id 059BF3BCE1 for ; Tue, 11 Oct 2016 17:03:29 +0200 (CEST) X-Virus-Scanned: Debian amavisd-new at ymir.das-netzwerkteam.de Received: from ymir.das-netzwerkteam.de ([127.0.0.1]) by localhost (ymir.das-netzwerkteam.de [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id EQVmTkyu3z5p for ; Tue, 11 Oct 2016 17:03:22 +0200 (CEST) X-Greylist: delayed 2773 seconds by postgrey-1.34 at ymir.das-netzwerkteam.de; Tue, 11 Oct 2016 17:03:22 CEST Received: from mhost02h.leeds.ac.uk (mhost02h.leeds.ac.uk [129.11.77.151]) by ymir.das-netzwerkteam.de (Postfix) with ESMTPS id 47FC03BCDA for ; Tue, 11 Oct 2016 17:03:22 +0200 (CEST) Received: from mhost04c.leeds.ac.uk (mhost04c-smtps.leeds.ac.uk [129.11.76.129]) by mhost02h.leeds.ac.uk (8.14.4/8.14.4) with ESMTP id u9BEH8nQ023305 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Tue, 11 Oct 2016 15:17:08 +0100 Received: from isssun11.leeds.ac.uk (isssun11.leeds.ac.uk [129.11.152.8]) (authenticated bits=0) by mhost04c.leeds.ac.uk (8.14.9/8.14.9) with ESMTP id u9BEH78b001491 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Tue, 11 Oct 2016 15:17:08 +0100 (BST) Date: Tue, 11 Oct 2016 15:17:07 +0100 (BST) From: Mark Dixon X-X-Sender: mark@bodgerer To: submit@bugs.x2go.org Subject: xterm's shell started from x2goclient has wrong PATH Message-ID: User-Agent: Alpine 2.20 (LRH 67 2015-01-07) MIME-Version: 1.0 Content-Type: text/plain; format=flowed; charset=US-ASCII X-UOL-RateLimit: userRateLimit[a:m.c.dixon@leeds.ac.uk,c:4.794119074013803,l:500.0] Package: x2goclient Version: 4.0.5.1 When an xterm is started via the x2goclient (either using the Published Applications feature, or asking for a 'Single application' of 'Terminal'), the PATH environment variable in the environment given to the user is not set as expected. What I see from the xterm's shell: $ echo $PATH /usr/local/bin:/usr/bin:/bin:/opt/puppetlabs/bin:/apps/bin What I see from an ordinary ssh login: $ echo $PATH /apps/mpi/bin:/apps/developers/libraries/openmpi/2.0.0/1/intel-16.0.2/bin:/apps/developers/compilers/intel/16.0.2/1/default/compilers_and_libraries_2016.2.181/linux/bin/intel64:/apps/developers/compilers/intel/16.0.2/1/default/debugger_2016/gdb/intel64_mic/bin:/usr/lib64/qt-3.3/bin:/usr/local/bin:/usr/bin:/usr/local/sbin:/usr/sbin:/opt/puppetlabs/bin:/apps/bin This seems to be triggered by the fix for bug #336 (commit 4eb1fd1), which introduced the following characters into the launch commands in src/sshprocess.cpp: export PATH=\"/usr/local/bin:/usr/bin:/bin\"; This causes a problem because the login scripts are sourced both before and after the PATH is overridden. The way that some ordinary login scripts are written behave badly in this situation - here are some examples on our CentOS 7 system: Example 1, /etc/profile.d/qt.sh (from OS package qt3-3.3.8b-51.el7.x86_64) contains: # Qt initialization script (sh) # In multilib environments there is a preferred architecture, 64 bit over 32 bit in x86_64, # ppc64. When a conflict is found between two packages corresponding with different arches, # the installed file is the one from the preferred arch. This is very common for executables # in /usr/bin, for example. If the file /usr/bin/foo is found in an x86_64 package and in # an i386 package, the executable from x86_64 will be installe if [ -z "${QTDIR}" ]; then case `uname -m` in x86_64 | ia64 | s390x | ppc64) QT_PREFIXES="/usr/lib64/qt-3.3 /usr/lib/qt-3.3" ;; * ) QT_PREFIXES="/usr/lib/qt-3.3 /usr/lib64/qt-3.3" ;; esac for QTDIR in ${QT_PREFIXES} ; do test -d "${QTDIR}" && break done unset QT_PREFIXES if ! echo ${PATH} | /bin/grep -q $QTDIR/bin ; then PATH=$QTDIR/bin:${PATH} fi QTINC="$QTDIR/include" QTLIB="$QTDIR/lib" export QTDIR QTINC QTLIB PATH fi The first time this runs, PATH, QTDIR and the rest of the QT environment is set normally. PATH is then overridden by the x2go client. The second time this runs, $QTDIR is not a zero length string, so $QTDIR/bin is not added back to the PATH. This explains why /usr/lib64/qt-3.3/bin does not appear in xterm's bash PATH environment variable. Example 2, /etc/profile.d/modules.sh We have the 'module' command installed (http://modules.sourceforge.net/) and doing something like this: # Setup 'module' environment case "$0" in -bash|bash|*/bash) . /apps/Modules/default/init/bash ;; -ksh|ksh|*/ksh) . /apps/Modules/default/init/ksh ;; -sh|sh|*/sh) . /apps/Modules/default/init/sh ;; *) . /apps/Modules/default/init/sh ;; # default for scripts esac Followed by /etc/profile.d/zz_modules.sh with: # Load default module 'user' module load user The first time this runs, PATH, the rest of the module environment and the default module are set/loaded normally, including LOADEDMODULES (which keeps track of what modules are loaded). PATH is then overridden by the x2goclient. The second time this runs, modules.sh runs normally, but the module load command in zz_modules.sh doesn't do anything as LOADEDMODULES tells it that it has already loaded 'user'. PATH remains incorrect, although other environment variables (LD_LIBRARY_PATH, etc.) are correct. To be honest, I don't understand the logic of the bug that originally prompted the change, #336. If an attacker has access to the user's account on the remote system, there are endless possibilities for them to infiltrate the x2go client with arbitrary data. Additionally, the fix for #336 unexpectedly limits the number of places a system administrator is permitted to install x2go. Can someone help, please? Getting rid of overriding the server-side PATH in the client, or other solution, would allow us to offer x2go to our users, which would be really cool. Thanks, Mark ------------=_1509263411-25183-0-- From unknown Fri Mar 29 08:09:50 2024 Received: (at fakecontrol) by fakecontrolmessage; To: internal_control@bugs.x2go.org From: Debbugs Internal Request Subject: Internal Control Message-Id: Bug archived. Date: Mon, 27 Nov 2017 06:24:02 +0000 User-Agent: Fakemail v42.6.9 # A New Hope # A long time ago, in a galaxy far, far away # something happened. # # Magically this resulted in the following # action being taken, but this fake control # message doesn't tell you why it happened # # The action: # Bug archived. thanks # This fakemail brought to you by your local debbugs # administrator