From unknown Fri Mar 29 07:59:42 2024 MIME-Version: 1.0 X-Mailer: MIME-tools 5.502 (Entity 5.502) X-Loop: owner@bugs.x2go.org From: owner@bugs.x2go.org (X2Go Bug Tracking System) Subject: Bug#333 closed by Mike Gabriel (X2Go issue (in src:x2goclient) has been marked as closed) Message-ID: References: <20131217145521.D841D5DB37@ymir> X-X2go-PR-Keywords: confirmed pending X-X2go-PR-Message: they-closed 333 X-X2go-PR-Package: x2goclient X-X2go-PR-Source: x2goclient Date: Tue, 17 Dec 2013 15:03:06 +0000 Content-Type: multipart/mixed; boundary="----------=_1387292586-10914-0" This is a multi-part message in MIME format... ------------=_1387292586-10914-0 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=utf-8 This is an automatic notification regarding your Bug report which was filed against the x2goclient package: #333: users can inject data into X2Go Client using .bashrc It has been closed by Mike Gabriel . Their explanation is attached below along with your original report. If this explanation is unsatisfactory and you have not received a better one in a separate message then please contact Mike Gabriel by replying to this email. --=20 X2Go Bug Tracking System Contact owner@bugs.x2go.org with problems ------------=_1387292586-10914-0 Content-Type: message/rfc822 Content-Disposition: inline Content-Transfer-Encoding: 7bit Received: (at control) by bugs.x2go.org; 17 Dec 2013 14:55:46 +0000 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on ymir.das-netzwerkteam.de X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,NO_RELAYS, URIBL_BLOCKED autolearn=unavailable version=3.3.2 Received: by ymir (Postfix, from userid 1005) id D841D5DB37; Tue, 17 Dec 2013 15:55:21 +0100 (CET) From: Mike Gabriel To: 333-submitter@bugs.x2go.org Cc: control@bugs.x2go.org, 333@bugs.x2go.org Subject: X2Go issue (in src:x2goclient) has been marked as closed Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: 8bit Message-Id: <20131217145521.D841D5DB37@ymir> Date: Tue, 17 Dec 2013 15:55:21 +0100 (CET) close #333 thanks Hello, we are very hopeful that X2Go issue #333 reported by you has been resolved in the new release (4.0.1.2) of the X2Go source project »src:x2goclient«. You can view the complete changelog entry of src:x2goclient (4.0.1.2) below, and you can use the following link to view all the code changes between this and the last release of src:x2goclient. http://code.x2go.org/gitweb?p=x2goclient.git;a=commitdiff;h=34591fd62844b2b955e6a4bf3cf44d4759c5e44c;hp=d5ff7886ae22a1e36541570e7095fac9860af6e8 If you feel that the issue has not been resolved satisfyingly, feel free to reopen this bug report or submit a follow-up report with further observations described based on the new released version of src:x2goclient. Thanks a lot for contributing to X2Go!!! light+love X2Go Git Admin (on behalf of the sender of this mail) --- X2Go Component: src:x2goclient Version: 4.0.1.2-0x2go2 Status: RELEASE Date: Tue, 17 Dec 2013 15:21:38 +0100 Fixes: 139 230 241 311 315 316 328 333 Changes: x2goclient (4.0.1.2-0x2go2) RELEASED; urgency=low . [ Mike Gabriel ] * New upstream version (4.0.1.2): - Provide Keywords: key in .desktop file. - Add NSIS packaging files for win32 builds to source tree. (Files provided by Oleksandr Shneyder, thanks!!!). - Rename win32 desktop and startmenu icon from "X2goClient" to "X2Go Client". - Store broker HTTPS certificate exceptions in $HOME/.x2go/ssl/exceptions (before: $HOME/ssl/exceptions). (Fixes: #328). - Perform sanity checks on data that comes in from X2Go Servers. Prohibit the execution of arbitrary code via the ~/.bashrc file. (Fixes: #333). - Add option --broker-cacertfile. Allow usage of non-system-wide installed (self-signed) SSL certificate chains for https (SSL) session broker connections. (Fixes: #311). - Update man page for new --tray-icon cmdline option. - Update man page for --broker-url. Explain the syntax of . - Properly handle (=expand) the "~" character in key filenames. (Brought to attention by Eldamir on IRC. Thanks!). - Expand tilde operator for all other file paths handed over to X2Go Client via sessions file or cmdline parameter. - Syntax fix of x2goclient.desktop file. - Test for various file locations of the pulseaudio cookie file. - Allow patching of qmake-qt4 executable path in Makefile. - Make qmake-qt4 and lrelease path in Makefile easily replacable (as RHEL-5 does not have those tools in $PATH). - Make sure that build_client and build_plugin are not build with parallel make. - Make x2goplugin-provider installable via Makefile. * Pull-in packaging changes from Debian. * debian/source/format: + Switch to format 1.0. * x2goclient.spec: + Ship x2goclient.spec (RPM package definitions) in upstream project. (Thanks to the Fedora package maintainers). + Clear (Fedora package) changelog. + Make package build on Fedora/EPEL versions that do not have the qtbrowserplugin package. + For EPEL-5 builds: replace full path to qmake-qt4 and lrelease. + Split up package into bin:packages: x2goclient, x2goplugin, x2goplugin-provider. + Make sure lrelease-qt4 is executed (not just lrelease). . [ Ricardo Díaz Martín ] * New upstream versino (4.0.1.2): - Strip whitespaces off of user name, host name and other strings when loading / saving session profiles.(Fixes: #315). - New option --tray-icon. Force showing the tray icon, even for hidden sessions. Also allow creation of .desktop files with --tray-icon optionally being enabled. (Fixes: #316). - Update Spanish translation. . [ Oleksandr Shneyder ] * New upstream version (4.0.1.2): - Support for keys "shadowuser" "shadowdisplay" and "shadowmode" in config file. This allows choosing the default display for shadow sessions. - Support for GSSApi(Kerberos 5) authentication. Using ssh/scp commands on Linux and Mac and plink/pscp on Windows. - Support for ChallengeResponseAuthentication (Google Authenticator) - Setting main window focus on mac (Fixes: #139). - Additional check if authentication with GSSApi successfull - c121b7e2d3d83abdc2d7a29637bc3294e38b2ec3 broke checking if remote command produce only stderr and not stdout. It made x2goclient crash if x2gostartagent send LIMIT error. Current commit fixes this issue. - SshMasterConnection should use current user name if no user name is specified in session settings - GSSApi(Kerberos 5) authentication for sshproxy and sshbroker - fixed GSSApi(Kerberos 5) authentication for sshproxy and sshbroker on windows . [ Heinrich Schuchardt ] * New upstream version (4.0.1.2): - Handle SSH host key changes more elegantly and allow user interaction if such a host key change occurs. (Fixes: #241). . [ Michael DePaulo ] * New upstream version (4.0.1.2): - win32: Add uninstall information to Add/Remove Programs. (Fixes: #230). ------------=_1387292586-10914-0 Content-Type: message/rfc822 Content-Disposition: inline Content-Transfer-Encoding: 7bit Received: (at submit) by bugs.x2go.org; 21 Oct 2013 12:41:43 +0000 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on ymir.das-netzwerkteam.de X-Spam-Level: X-Spam-Status: No, score=-0.6 required=5.0 tests=BAYES_00,HTML_MESSAGE, RCVD_IN_BL_SPAMCOP_NET,RCVD_IN_DNSWL_BLOCKED autolearn=no version=3.3.2 X-Greylist: delayed 4199 seconds by postgrey-1.34 at ymir; Mon, 21 Oct 2013 14:41:42 CEST Received: from smtp122.dfw.emailsrvr.com (smtp122.dfw.emailsrvr.com [67.192.241.122]) by ymir (Postfix) with ESMTPS id DBE4A5DB16 for ; Mon, 21 Oct 2013 14:41:42 +0200 (CEST) Received: from localhost (localhost.localdomain [127.0.0.1]) by smtp12.relay.dfw1a.emailsrvr.com (SMTP Server) with ESMTP id 14F15300DC for ; Sat, 19 Oct 2013 12:22:47 -0400 (EDT) X-Virus-Scanned: OK Received: from smtp66.iad3a.emailsrvr.com (smtp66.iad3a.emailsrvr.com [173.203.187.66]) by smtp12.relay.dfw1a.emailsrvr.com (SMTP Server) with ESMTPS id E72D230335 for ; Sat, 19 Oct 2013 12:22:46 -0400 (EDT) Received: from localhost (localhost.localdomain [127.0.0.1]) by smtp1.relay.iad3a.emailsrvr.com (SMTP Server) with ESMTP id 07F02600BB; Sat, 19 Oct 2013 12:22:44 -0400 (EDT) X-Virus-Scanned: OK Received: from app40.wa-webapps.iad3a (relay.iad3a.rsapps.net [172.27.255.110]) by smtp1.relay.iad3a.emailsrvr.com (SMTP Server) with ESMTP id DB48D600B8; Sat, 19 Oct 2013 12:22:43 -0400 (EDT) Received: from halwitz.org (localhost.localdomain [127.0.0.1]) by app40.wa-webapps.iad3a (Postfix) with ESMTP id 9C18F300044; Sat, 19 Oct 2013 12:22:43 -0400 (EDT) Received: by beta.apps.rackspace.com (Authenticated sender: halbert@halwitz.org, from: halbert@halwitz.org) with HTTP; Sat, 19 Oct 2013 12:22:43 -0400 (EDT) Date: Sat, 19 Oct 2013 12:22:43 -0400 (EDT) Subject: x2go client crashes if .bashrc prints anything From: "Dan Halbert" To: submit@bugs.x2go.org MIME-Version: 1.0 Content-Type: multipart/alternative;boundary="----=_20131019122243000000_69938" Importance: Normal X-Priority: 3 (Normal) X-Type: html Message-ID: <1382199763.63727452@beta.apps.rackspace.com> X-Mailer: webmail7.0 ------=_20131019122243000000_69938 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable =0APackage: x2goclient=0AVersion: 4.0.0.3=0A =0AIf I put an=0Aecho "testing= " # exact text doesn't matter=0A =0Aat the top of my .bashrc, then the x2= goclient crashes immediately when trying to start a session.=0A =0A(The cra= sh does not occur if I put a similar statement in .bash_login.)=0A =0AI hav= e reproduced this on the Windows client; I believe a colleague saw it on bo= th the Windows and Linux clients.=0A =0AThe x2go server being used is 4.0.= 1.6-0~712~precise1.=0A=0A ------=_20131019122243000000_69938 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable

Package: x= 2goclient

=0A

Version: 4.0.0.3

=0A

 

=0A

If I put an

=0A

echo "testing" &nb= sp; # exact text doesn't matter

=0A

&nbs= p;

=0A

at the top of my .bashrc, then th= e x2goclient crashes immediately when trying to start a session.

=0A

 

=0A

= (The crash does not occur if I put a similar statement in .bash_login.)

= =0A

 

=0A

I have reproduced this on the Windows client; I believe a colleague = saw it on both the Windows and Linux clients.

=0A

 

=0A

The x2go server bei= ng used is  4.0.1.6-0~712~precise1.

------=_20131019122243000000_69938-- ------------=_1387292586-10914-0--