From unknown Tue Apr 28 18:25:27 2026
MIME-Version: 1.0
X-Mailer: MIME-tools 5.502 (Entity 5.502)
X-Loop: owner@bugs.x2go.org
From: owner@bugs.x2go.org (X2Go Bug Tracking System)
Subject: Bug#333 closed by Mike Gabriel <mike.gabriel@das-netzwerkteam.de>
 (X2Go issue (in src:x2goclient) has been marked as closed)
Message-ID: <handler.333.c.13872921465774.notifdone@bugs.x2go.org>
References: <20131217145521.D841D5DB37@ymir>
X-X2go-PR-Keywords: confirmed pending
X-X2go-PR-Message: they-closed 333
X-X2go-PR-Package: x2goclient
X-X2go-PR-Source: x2goclient
Date: Tue, 17 Dec 2013 15:03:06 +0000
Content-Type: multipart/mixed; boundary="----------=_1387292586-10914-0"

This is a multi-part message in MIME format...

------------=_1387292586-10914-0
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset=utf-8

This is an automatic notification regarding your Bug report
which was filed against the x2goclient package:

#333: users can inject data into X2Go Client using .bashrc

It has been closed by Mike Gabriel <mike.gabriel@das-netzwerkteam.de>.

Their explanation is attached below along with your original report.
If this explanation is unsatisfactory and you have not received a
better one in a separate message then please contact Mike Gabriel <mike.gab=
riel@das-netzwerkteam.de> by
replying to this email.


--=20
X2Go Bug Tracking System
Contact owner@bugs.x2go.org with problems

------------=_1387292586-10914-0
Content-Type: message/rfc822
Content-Disposition: inline
Content-Transfer-Encoding: 7bit

Received: (at control) by bugs.x2go.org; 17 Dec 2013 14:55:46 +0000
X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on
	ymir.das-netzwerkteam.de
X-Spam-Level: 
X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,NO_RELAYS,
	URIBL_BLOCKED autolearn=unavailable version=3.3.2
Received: by ymir (Postfix, from userid 1005)
	id D841D5DB37; Tue, 17 Dec 2013 15:55:21 +0100 (CET)
From: Mike Gabriel <mike.gabriel@das-netzwerkteam.de>
To: 333-submitter@bugs.x2go.org
Cc: control@bugs.x2go.org, 333@bugs.x2go.org
Subject: X2Go issue (in src:x2goclient) has been marked as closed
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
Message-Id: <20131217145521.D841D5DB37@ymir>
Date: Tue, 17 Dec 2013 15:55:21 +0100 (CET)

close #333
thanks

Hello,

we are very hopeful that X2Go issue #333 reported by you
has been resolved in the new release (4.0.1.2) of the
X2Go source project »src:x2goclient«.

You can view the complete changelog entry of src:x2goclient (4.0.1.2)
below, and you can use the following link to view all the code changes
between this and the last release of src:x2goclient.

    http://code.x2go.org/gitweb?p=x2goclient.git;a=commitdiff;h=34591fd62844b2b955e6a4bf3cf44d4759c5e44c;hp=d5ff7886ae22a1e36541570e7095fac9860af6e8

If you feel that the issue has not been resolved satisfyingly, feel
free to reopen this bug report or submit a follow-up report with
further observations described based on the new released version
of src:x2goclient.

Thanks a lot for contributing to X2Go!!!

light+love
X2Go Git Admin (on behalf of the sender of this mail)

---
X2Go Component: src:x2goclient
Version: 4.0.1.2-0x2go2
Status: RELEASE
Date: Tue, 17 Dec 2013 15:21:38 +0100
Fixes: 139 230 241 311 315 316 328 333
Changes: 
 x2goclient (4.0.1.2-0x2go2) RELEASED; urgency=low
 .
   [ Mike Gabriel ]
   * New upstream version (4.0.1.2):
     - Provide Keywords: key in .desktop file.
     - Add NSIS packaging files for win32 builds to source tree.
       (Files provided by Oleksandr Shneyder, thanks!!!).
     - Rename win32 desktop and startmenu icon from "X2goClient" to "X2Go
       Client".
     - Store broker HTTPS certificate exceptions in
       $HOME/.x2go/ssl/exceptions (before: $HOME/ssl/exceptions).
       (Fixes: #328).
     - Perform sanity checks on data that comes in from X2Go Servers.
       Prohibit the execution of arbitrary code via the ~/.bashrc file.
       (Fixes: #333).
     - Add option --broker-cacertfile. Allow usage of non-system-wide
       installed (self-signed) SSL certificate chains for https (SSL)
       session broker connections. (Fixes: #311).
     - Update man page for new --tray-icon cmdline option.
     - Update man page for --broker-url. Explain the syntax of <URL>.
     - Properly handle (=expand) the "~" character in key filenames. (Brought to
       attention by Eldamir on IRC. Thanks!).
     - Expand tilde operator for all other file paths handed over to X2Go Client
       via sessions file or cmdline parameter.
     - Syntax fix of x2goclient.desktop file.
     - Test for various file locations of the pulseaudio cookie file.
     - Allow patching of qmake-qt4 executable path in Makefile.
     - Make qmake-qt4 and lrelease path in Makefile easily replacable (as
       RHEL-5 does not have those tools in $PATH).
     - Make sure that build_client and build_plugin are not build with parallel
       make.
     - Make x2goplugin-provider installable via Makefile.
   * Pull-in packaging changes from Debian.
   * debian/source/format:
     + Switch to format 1.0.
   * x2goclient.spec:
     + Ship x2goclient.spec (RPM package definitions) in upstream project.
       (Thanks to the Fedora package maintainers).
     + Clear (Fedora package) changelog.
     + Make package build on Fedora/EPEL versions that do not have the
       qtbrowserplugin package.
     + For EPEL-5 builds: replace full path to qmake-qt4 and lrelease.
     + Split up package into bin:packages: x2goclient, x2goplugin,
       x2goplugin-provider.
     + Make sure lrelease-qt4 is executed (not just lrelease).
 .
   [ Ricardo Díaz Martín ]
   * New upstream versino (4.0.1.2):
     - Strip whitespaces off of user name, host name and other
       strings when loading / saving session profiles.(Fixes: #315).
     - New option --tray-icon. Force showing the tray icon, even for
       hidden sessions. Also allow creation of .desktop files with
       --tray-icon optionally being enabled. (Fixes: #316).
     - Update Spanish translation.
 .
   [ Oleksandr Shneyder ]
   * New upstream version (4.0.1.2):
     - Support for keys "shadowuser" "shadowdisplay" and "shadowmode" in
       config file. This allows choosing the default display for shadow
       sessions.
     - Support for GSSApi(Kerberos 5) authentication. Using ssh/scp commands
       on Linux and Mac and plink/pscp on Windows.
     - Support for ChallengeResponseAuthentication (Google Authenticator)
     - Setting main window focus on mac (Fixes: #139).
     - Additional check if authentication with GSSApi successfull
     - c121b7e2d3d83abdc2d7a29637bc3294e38b2ec3 broke checking if remote
       command produce only stderr and not stdout. It made x2goclient crash
       if x2gostartagent send LIMIT error. Current commit fixes this issue.
     - SshMasterConnection should use current user name if no user name is
       specified in session settings
     - GSSApi(Kerberos 5) authentication for sshproxy and sshbroker
     - fixed GSSApi(Kerberos 5) authentication for sshproxy and sshbroker
       on windows
 .
   [ Heinrich Schuchardt ]
   * New upstream version (4.0.1.2):
     - Handle SSH host key changes more elegantly and allow user interaction
       if such a host key change occurs. (Fixes: #241).
 .
   [ Michael DePaulo ]
   * New upstream version (4.0.1.2):
     - win32: Add uninstall information to Add/Remove Programs. (Fixes: #230).


------------=_1387292586-10914-0
Content-Type: message/rfc822
Content-Disposition: inline
Content-Transfer-Encoding: 7bit

Received: (at submit) by bugs.x2go.org; 21 Oct 2013 12:41:43 +0000
X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on
	ymir.das-netzwerkteam.de
X-Spam-Level: 
X-Spam-Status: No, score=-0.6 required=5.0 tests=BAYES_00,HTML_MESSAGE,
	RCVD_IN_BL_SPAMCOP_NET,RCVD_IN_DNSWL_BLOCKED autolearn=no version=3.3.2
X-Greylist: delayed 4199 seconds by postgrey-1.34 at ymir; Mon, 21 Oct 2013 14:41:42 CEST
Received: from smtp122.dfw.emailsrvr.com (smtp122.dfw.emailsrvr.com [67.192.241.122])
	by ymir (Postfix) with ESMTPS id DBE4A5DB16
	for <submit@bugs.x2go.org>; Mon, 21 Oct 2013 14:41:42 +0200 (CEST)
Received: from localhost (localhost.localdomain [127.0.0.1])
	by smtp12.relay.dfw1a.emailsrvr.com (SMTP Server) with ESMTP id 14F15300DC
	for <submit@bugs.x2go.org>; Sat, 19 Oct 2013 12:22:47 -0400 (EDT)
X-Virus-Scanned: OK
Received: from smtp66.iad3a.emailsrvr.com (smtp66.iad3a.emailsrvr.com [173.203.187.66])
	by smtp12.relay.dfw1a.emailsrvr.com (SMTP Server) with ESMTPS id E72D230335
	for <submit@bugs.x2go.org>; Sat, 19 Oct 2013 12:22:46 -0400 (EDT)
Received: from localhost (localhost.localdomain [127.0.0.1])
	by smtp1.relay.iad3a.emailsrvr.com (SMTP Server) with ESMTP id 07F02600BB;
	Sat, 19 Oct 2013 12:22:44 -0400 (EDT)
X-Virus-Scanned: OK
Received: from app40.wa-webapps.iad3a (relay.iad3a.rsapps.net [172.27.255.110])
	by smtp1.relay.iad3a.emailsrvr.com (SMTP Server) with ESMTP id DB48D600B8;
	Sat, 19 Oct 2013 12:22:43 -0400 (EDT)
Received: from halwitz.org (localhost.localdomain [127.0.0.1])
	by app40.wa-webapps.iad3a (Postfix) with ESMTP id 9C18F300044;
	Sat, 19 Oct 2013 12:22:43 -0400 (EDT)
Received: by beta.apps.rackspace.com
    (Authenticated sender: halbert@halwitz.org, from: halbert@halwitz.org) 
    with HTTP; Sat, 19 Oct 2013 12:22:43 -0400 (EDT)
Date: Sat, 19 Oct 2013 12:22:43 -0400 (EDT)
Subject: x2go client crashes if .bashrc prints anything
From: "Dan Halbert" <halbert@halwitz.org>
To: submit@bugs.x2go.org
MIME-Version: 1.0
Content-Type: multipart/alternative;boundary="----=_20131019122243000000_69938"
Importance: Normal
X-Priority: 3 (Normal)
X-Type: html
Message-ID: <1382199763.63727452@beta.apps.rackspace.com>
X-Mailer: webmail7.0

------=_20131019122243000000_69938
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

=0APackage: x2goclient=0AVersion: 4.0.0.3=0A =0AIf I put an=0Aecho "testing=
"   # exact text doesn't matter=0A =0Aat the top of my .bashrc, then the x2=
goclient crashes immediately when trying to start a session.=0A =0A(The cra=
sh does not occur if I put a similar statement in .bash_login.)=0A =0AI hav=
e reproduced this on the Windows client; I believe a colleague saw it on bo=
th the Windows and Linux clients.=0A =0AThe x2go server being used is  4.0.=
1.6-0~712~precise1.=0A=0A
------=_20131019122243000000_69938
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

<font face=3D"arial" size=3D"2"><p style=3D"margin:0;padding:0;">Package: x=
2goclient</p>=0A<p style=3D"margin:0;padding:0;">Version: 4.0.0.3</p>=0A<p =
style=3D"margin:0;padding:0;">&nbsp;</p>=0A<p style=3D"margin:0;padding:0;"=
>If I put an</p>=0A<p style=3D"margin:0;padding:0;">echo "testing"&nbsp;&nb=
sp; # exact text doesn't matter</p>=0A<p style=3D"margin:0;padding:0;">&nbs=
p;</p>=0A<p style=3D"margin:0;padding:0;">at the top of my .bashrc, then th=
e x2goclient crashes immediately when trying to start a session.</p>=0A<p s=
tyle=3D"margin:0;padding:0;">&nbsp;</p>=0A<p style=3D"margin:0;padding:0;">=
(The crash does not occur if I put a similar statement in .bash_login.)</p>=
=0A<p style=3D"margin:0;padding:0;">&nbsp;</p>=0A<p style=3D"margin:0;paddi=
ng:0;">I have reproduced this on the Windows client; I believe a colleague =
saw it on both the Windows and Linux clients.</p>=0A<p style=3D"margin:0;pa=
dding:0;">&nbsp;</p>=0A<p style=3D"margin:0;padding:0;">The x2go server bei=
ng used is&nbsp; 4.0.1.6-0~712~precise1.<br /><br /></p></font>
------=_20131019122243000000_69938--

------------=_1387292586-10914-0--