From roger.serwy@gmail.com Tue Jan 21 07:40:04 2014 Received: (at submit) by bugs.x2go.org; 21 Jan 2014 06:40:05 +0000 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on ymir.das-netzwerkteam.de X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,FREEMAIL_FROM, T_DKIM_INVALID autolearn=ham version=3.3.2 Received: from mail-ig0-f175.google.com (mail-ig0-f175.google.com [209.85.213.175]) by ymir (Postfix) with ESMTPS id B3BA35DB16 for ; Tue, 21 Jan 2014 07:40:03 +0100 (CET) Received: by mail-ig0-f175.google.com with SMTP id uq10so10010425igb.2 for ; Mon, 20 Jan 2014 22:40:02 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=message-id:date:from:user-agent:mime-version:to:subject :content-type:content-transfer-encoding; bh=padCO4g1/z+TPjEXaHrhsvMLcp+xTDR4XtLv61ZLKDM=; b=Lyze8LfRQt2x/06vXtQOXycNm3xgTstOK9cXq5+TOXyrdyX0qH6gpt9Lhn6I7Sn3/G I7Y/lgfF9GSvAqTtCQBY+Xs49EVbrG6gXSC6sS1euhj3yfef1LTwahC9vVIxJnneoRkE KMzdr310/BVmlscYXdlIXAfdBdSGZj6FGghn2YhS/SJGcafaJrPIneKtot5vaPdFSH5E zWGIIKy9LgEdYIVOgVepYMdwQ03N7bp/cDQhrzky5VsuHXQqI4Old8ZXCnaBEiN1WzZ1 YTX64K/HrHcSbL8oMEfB91VMcZObsm/CA2Jr5nFdZR8oLgQxlEgjxAGtp2W9OXkl8pk4 XS+g== X-Received: by 10.51.17.101 with SMTP id gd5mr16252699igd.25.1390286402161; Mon, 20 Jan 2014 22:40:02 -0800 (PST) Received: from [192.168.2.6] (99-4-166-139.lightspeed.caryil.sbcglobal.net. [99.4.166.139]) by mx.google.com with ESMTPSA id h6sm9091450igy.8.2014.01.20.22.40.01 for (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Mon, 20 Jan 2014 22:40:01 -0800 (PST) Message-ID: <52DE1642.1090802@gmail.com> Date: Tue, 21 Jan 2014 00:40:02 -0600 From: "Roger D. Serwy" User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.2.0 MIME-Version: 1.0 To: submit@bugs.x2go.org Subject: x2goclient pollutes ~/.ssh/authorized_keys Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Package: x2goclient Version: 4.0.1.2 Severity: Grave I am using ArchLinux Linux 3.12.6-1-ARCH #1 SMP PREEMPT Fri Dec 20 19:39:00 CET 2013 When "Client side printing support" is enabled, x2goclient appends an entry to ~/.ssh/authorized_keys. Worse, these entries are not removed when exiting x2goclient. This is a security risk, as the user did not intend to allow permanent access to that particular key, especially when the client computer runs an OpenSSH server. Performing chmod -w ~/.ssh/authorized_keys and then running x2goclient with client side printing gives an error message: "Unable to write : /home/serwy/.ssh/authorized_keys". This message is generated in void ONMainWindow::startX2goMount() at line 8867 in onmainwindow.cpp. x2goclient shouldn't need to write to ~/.ssh/authorized_keys. Regards, Roger Serwy From mike.gabriel@das-netzwerkteam.de Thu Jan 8 15:02:26 2015 Received: (at 405) by bugs.x2go.org; 8 Jan 2015 14:02:28 +0000 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on ymir.das-netzwerkteam.de X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,URIBL_BLOCKED autolearn=ham version=3.3.2 Received: from freya.das-netzwerkteam.de (freya.das-netzwerkteam.de [88.198.48.199]) by ymir.das-netzwerkteam.de (Postfix) with ESMTPS id 251105DB53; Thu, 8 Jan 2015 15:02:26 +0100 (CET) Received: from grimnir.das-netzwerkteam.de (grimnir.das-netzwerkteam.de [78.46.204.98]) by freya.das-netzwerkteam.de (Postfix) with ESMTPS id 9CC6112356; Thu, 8 Jan 2015 15:02:25 +0100 (CET) Received: from localhost (localhost [127.0.0.1]) by grimnir.das-netzwerkteam.de (Postfix) with ESMTP id 79E533BAED; Thu, 8 Jan 2015 15:02:25 +0100 (CET) X-Virus-Scanned: Debian amavisd-new at grimnir.das-netzwerkteam.de Received: from grimnir.das-netzwerkteam.de ([127.0.0.1]) by localhost (grimnir.das-netzwerkteam.de [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id OGpnTH2l23lD; Thu, 8 Jan 2015 15:02:24 +0100 (CET) Received: from grimnir.das-netzwerkteam.de (localhost [127.0.0.1]) by grimnir.das-netzwerkteam.de (Postfix) with ESMTPS id 966F33C8A4; Thu, 8 Jan 2015 15:02:24 +0100 (CET) Received: from bifrost.das-netzwerkteam.de (bifrost.das-netzwerkteam.de [178.62.101.154]) by mail.das-netzwerkteam.de (Horde Framework) with HTTP; Thu, 08 Jan 2015 14:02:24 +0000 Date: Thu, 08 Jan 2015 14:02:24 +0000 Message-ID: <20150108140224.Horde.MLAtxVhvtoyFimrbtQjO9Q8@mail.das-netzwerkteam.de> From: Mike Gabriel To: 405@bugs.x2go.org Cc: 405-submitter@bugs.x2go.org Subject: X2GO Client pollutes .ssh/authorized_keys User-Agent: Internet Messaging Program (IMP) H5 (6.2.2) Accept-Language: en,de Organization: DAS-NETZWERKTEAM X-Originating-IP: 178.62.101.154 X-Remote-Browser: Mozilla/5.0 (X11; Linux x86_64; rv:32.0) Gecko/20100101 Firefox/32.0 Iceweasel/32.0 Content-Type: multipart/signed; boundary="=_z5h12zGu__g_kmsJ5J2ySg1"; protocol="application/pgp-signature"; micalg=pgp-sha1 MIME-Version: 1.0 This message is in MIME format and has been PGP signed. --=_z5h12zGu__g_kmsJ5J2ySg1 Content-Type: text/plain; charset=UTF-8; format=flowed; DelSp=Yes Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Control: tag -1 confirmed Control: reassign -1 x2goserver Control: retitle -1 x2gomountdirs/sshfs hangs indefinitely if=20=20 client-side=20sshd is down Hi, I have spent the last 1.5 days with hunting down the cause for #405. The phenomenon is: o client-side is Linux (or maybe Mac OS X) o sshd ist not running on the client machine o the session profile has printing or client-side folder sharing enabled If X2Go Client launches a remote session it does the following things: o set up a reverse port forwarding tunnel that allows : -> : o if sshd is not running, the above will still work... o then x2gomountdirs is evoked... o ... which attempts to run sshfs against : o however, in X2Go Client this triggers an I/O error because the client-= side sshd is not listening / not running I studied the X2Go Client code (sshmasterconnection.cpp and=20=20 sshprocess.cpp)=20very deeply and added several new debug messages +=20=20 improved=20the debugging output of existing messages. In X2Go Client, the mounting of a client-side folder uses two SSH=20=20 channel=20inside this reverse port forwarding tunnel: o one SSH channel for the tunnel itself o one SSH channel per x2gomountdirs command call evoked on the server Furthermore, X2Go Client can detect if failures occur in x2gomountdirs=20= =20 this=20way: o something strange happens while executing the command (SSH=20=20 disconnects=20etc.) o the stdOut of the evoked command (x2gomountdirs) is empty while=20=20 stdErr=20is not So, (and I did not know this), all X2Go Server side commands=20=20 (/usr/bin/x2go*)=20should properly write to stderr if things go wrong=20=20 and=20leave stdOut untouched at the same time. The problem now is: if x2gomountdirs is not detected as "failing"=20=20 (which=20it is not), the sshfs pubkey required for client-side folder=20=20 sharing=20is not removed from the .ssh/authorized_keys file. Furthermore, X2Go Client detects the I/O errors on the sshfs tunnel=20=20 channel,=20but cannot relate to that to the x2gomountdirs command evoked=20= =20 via=20the SSH command channel. My first attempts targetted getting X2Go Client to tidy up the=20=20 authorized_keys=20file whenever a tunnel failure occurs. X2Go Client=20=20 should=20be able to detect this, but this would require a partial=20=20 redesign=20of the complete reverse port forwarding mechanism. I=20=20 disrecommend=20doing this for the current X2Go Client implementation,=20=20 but=20we should keep it in the back of our heads for a later redesign.=20= =20 It=20took about 8h to come to this conclusion. My second approach (and I will commit soon is this): o evoke sshfs command with "timeout 30 sshfs " o print error messages to STDERR (not to STDOUT) o and make sure we unregister the mount point if sshfs fails (with=20=20 fusermount=20-u) Wit this approach, X2Go Client tries to call x2gomountdirs,=20=20 x2gomountdirs=20fails after 30 seconds with error messages printed to=20=20 STDERR.=20This gets caught by X2Go Client and then the=20=20 post-startX2goMount=20code is triggered which removes the used pubkey=20=20 from=20~/.ssh/authorized_keys. Commit will come in a minute... Greets, Mike --=20 DAS-NETZWERKTEAM mike=20gabriel, herweg 7, 24357 fleckeby fon: +49 (1520) 1976 148 GnuPG Key ID 0x25771B31 mail: mike.gabriel@das-netzwerkteam.de, http://das-netzwerkteam.de freeBusy: https://mail.das-netzwerkteam.de/freebusy/m.gabriel%40das-netzwerkteam.de.x= fb --=_z5h12zGu__g_kmsJ5J2ySg1 Content-Type: application/pgp-signature Content-Description: Digitale PGP-Signatur Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAABAgAGBQJUro3vAAoJEJr0azAldxsxFJ0QAIjQQ2HbJ2O8Z2oHk7E5PLoj kudKpF5+z/rGQ+KtX/TpS1PXmMfROISLkVvDIM4HgMVVLloWklsB7kYIcuxi5KLY vAH/zwJV8uximXZcDfvxpGKtkp8C1PjIt17kQgRBf0ox52RpjpKXp6xhqa3/vNPi pxZ+DzrCHuOSci03Nv+f5Nl2Je49DH1eXJ52SQNNnqSt4gSpEi6B1Fj0tjY5wwwd pZYZ7VfIfaHzidIGoSjgEApx/BNEGPkCmy9+Bu/1teKribt12CasyPfNLSm9eMSf FdUlg+KBMNO+wijfJJ/q4jhRAKo/4XHoF2Goqi/Cy0syM4HrkOmJRdqEx23UUeKW Vye99xPEUGtAm9/CuRn0CLcmEeLYB836WpdF0jYG70NXwcpFyZoLHN/Nr6IWeqF+ MWz1VbwKYPYV7rIoXZgFVe69ITKW1AjkzRWPRSAgWKqbzR3UM+/UaDjLtikui6z8 YRTwAWyWHLbaQBVq1hteu0T3EmaOR20rjXMvXLc53eUzSYKJmY3PCggtMiTA8DIC DOynRrIzYnIek0bj4rUtzdCPB2LvM01YElz+/ioYctovR6+Hd2ENjjxNjt+Ni9bI pVvezmR7BLk2Gr14XP6JisNtyxhIBwdMB8fSI5pPkNVoe/M+auHAmBESpWQe1iEf 1eLZ0YpoMlR21xTMjk4q =xD8p -----END PGP SIGNATURE----- --=_z5h12zGu__g_kmsJ5J2ySg1-- From x2go@ymir.das-netzwerkteam.de Thu Jan 8 15:23:52 2015 Received: (at 405) by bugs.x2go.org; 8 Jan 2015 14:24:01 +0000 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on ymir.das-netzwerkteam.de X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,NO_RELAYS, URIBL_BLOCKED autolearn=unavailable version=3.3.2 Received: by ymir.das-netzwerkteam.de (Postfix, from userid 1005) id 5B4E25DB80; Thu, 8 Jan 2015 15:23:52 +0100 (CET) From: Mike Gabriel To: 405-submitter@bugs.x2go.org Cc: control@bugs.x2go.org, 405@bugs.x2go.org Subject: X2Go issue (in src:x2goserver) has been marked as pending for release Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: 8bit X-Mailer: http://snipr.com/post-receive-tag-pending Message-Id: <20150108142352.5B4E25DB80@ymir.das-netzwerkteam.de> Date: Thu, 8 Jan 2015 15:23:52 +0100 (CET) tag #405 pending fixed #405 4.0.1.19 thanks Hello, X2Go issue #405 (src:x2goserver) reported by you has been fixed in X2Go Git. You can see the changelog below, and you can check the diff of the fix at: http://code.x2go.org/gitweb?p=x2goserver.git;a=commitdiff;h=d6b726d The issue will most likely be fixed in src:x2goserver (4.0.1.19). light+love X2Go Git Admin (on behalf of the sender of this mail) --- commit d6b726dc6b9ad2945d3a3218ce2eeaef6474257a Author: Mike Gabriel Date: Thu Jan 8 13:26:21 2015 +0100 Start sshfs with a timeout of 30 seconds (because it never finishes if something is wrong with the client-side TCP socket). Also remove/unmount mountpoints erroneously registered sshfs mountpoints if sshfs command times out. (Fixes: #405). diff --git a/debian/changelog b/debian/changelog index 4d34828..bf219da 100644 --- a/debian/changelog +++ b/debian/changelog @@ -55,6 +55,11 @@ x2goserver (4.0.1.19-0x2go1) UNRELEASED; urgency=medium - Improve sanitizer, use 'x2gosid' sanitizer for session IDs everywhere. Drop unused 'pnixusername' sanitizer in 4.0.1.x release of X2Go Server. - Allow usernames in session IDs of length 48 chars. + - Start sshfs with a timeout of 30 seconds (because it never finishes if + something is wrong with the client-side TCP socket). Also remove/unmount + mountpoints erroneously registered sshfs mountpoints if sshfs command + times out. Furthermore, print errors to STDERR (not STDOUT). (Fixes: + #405). * debian/control: + Add D (x2goserver): libfile-which-perl. + Add C (x2goserver: x2godesktopsharing (<< 3.1.1.2). From x2go@ymir.das-netzwerkteam.de Tue Feb 24 21:54:04 2015 Received: (at control) by bugs.x2go.org; 24 Feb 2015 20:54:37 +0000 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on ymir.das-netzwerkteam.de X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,NO_RELAYS, URIBL_BLOCKED autolearn=unavailable version=3.3.2 Received: by ymir.das-netzwerkteam.de (Postfix, from userid 1005) id 7E1213BE61; Tue, 24 Feb 2015 21:54:04 +0100 (CET) From: X2Go Release Manager To: 405-submitter@bugs.x2go.org Cc: control@bugs.x2go.org, 405@bugs.x2go.org Subject: X2Go issue (in src:x2goserver) has been marked as closed Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: 8bit Message-Id: <20150224205404.7E1213BE61@ymir.das-netzwerkteam.de> Date: Tue, 24 Feb 2015 21:54:04 +0100 (CET) close #405 thanks Hello, we are very hopeful that X2Go issue #405 reported by you has been resolved in the new release (4.0.1.19) of the X2Go source project »src:x2goserver«. You can view the complete changelog entry of src:x2goserver (4.0.1.19) below, and you can use the following link to view all the code changes between this and the last release of src:x2goserver. http://code.x2go.org/gitweb?p=x2goserver.git;a=commitdiff;h=49c91751e560ad09ab4490cc3bd6687509c05755;hp=724d2eefe399485a71e79c705a0aad125e853230 If you feel that the issue has not been resolved satisfyingly, feel free to reopen this bug report or submit a follow-up report with further observations described based on the new released version of src:x2goserver. Thanks a lot for contributing to X2Go!!! light+love X2Go Git Admin (on behalf of the sender of this mail) --- X2Go Component: src:x2goserver Version: 4.0.1.19-0x2go1 Status: RELEASE Date: Tue, 24 Feb 2015 21:49:22 +0100 Fixes: 405 632 633 638 644 664 668 671 672 675 676 678 697 698 700 712 715 727 728 770 Changes: x2goserver (4.0.1.19-0x2go1) RELEASED; urgency=medium . [ Mike Gabriel ] * New upstream version (4.0.1.19): - Use File::Which to detect if sshfs command is available before trying to mount a client-side folder. - Be a bit more tolerant when trying to detect if a desktop icon is to be removed (using regexp, not eq). - Xsession script: Prevent bash failures when sourcing external bash scripts beyond our scope. (Fixes: #632, #675). - x2gogetapps: Support scanning of sub-directories when searching for .desktop files. We allow to dive down one level into subdirs, we on purpose do not recursively dive into the complete subtree. (Fixes: #633). - Make man2html an optional tool. Don't fail if it is missing on the build system (required for openSUSE/SLES builds). - Fix x2goserver-xsession/Makefile on SUSE. Detect SUSE distro and create Xsession related directory symlinks (xinitrc.d and Xclients.d). - Hack for x2goserver-xsession/Makefile during SUSE builds. If directoy /usr/share/doc/packages/brp-check-suse is present, the build env is also considered to be a SUSE system. - Trigger Xsession code for SUSE systems (look for /etc/SUSE-brand or /etc/SuSE-release for SUSE system recognition). (Fixes: #671). - x2gosqlitewrapper.c: Fix rpmlint error: no-return-in-nonvoid-function. Return the exitcode of execve(). - Fix gramma in error message (in x2goresume-session). - x2gocleansessions: Call x2gormforward also on terminated sessions. This will make sure that re-assigned ports are really available on new session startup. - x2golistsessions(_root): Only update session state in session DB if x2goagent's state file really exists. This addresses a problem that occurs when x2golistsessions gets called via an x2gobroker-agent. The x2golistsessions script may show session states (--all-servers) of sessions on other servers that have session states files on their remote /tmp dirs. These files are not accessible for that x2golistsessions script and should simply be ignored. (Fixes: #638). - Provide pam_namespace support for has_agent_state_file() function. - Fix missing session list output if state file does not exist on the machine that runs x2golistsessions(_root). - Accept more verbose "DENY" output from x2godesktopsharing. - Make sure that all "su"-to-user-contexts use /bin/sh for wrapping around the executed command (in x2gocleansessions and x2golistsessions_root). - Also enforce /bin/sh as shell in su command in x2goprint. - README.i18n: Add file that explains the translation workflow for this package. Thanks to Mark Pedersen-Cook for drafting this file. - Make SSH agent forwarding work after having reconnected via SSH and having resumed a session. (Fixes: #672). Thanks to Robert Siemer for coming up with that idea. - Fix cross-user X2Go Desktop Sharing after being broken by implementing clipboard mode feature (and probably other code changes). - Document session startup / resumption failures (and their reasons) in server-side log output. - Handle AD domain users gracefully when X2Go is used with SQLite DB backend. (Fixes: #664). - Improve sanitizer, use 'x2gosid' sanitizer for session IDs everywhere. Drop unused 'pnixusername' sanitizer in 4.0.1.x release of X2Go Server. - Allow usernames in session IDs of length 48 chars. - Start sshfs with a timeout of 30 seconds (because it never finishes if something is wrong with the client-side TCP socket). Also remove/unmount mountpoints erroneously registered sshfs mountpoints if sshfs command times out. Furthermore, print errors to STDERR (not STDOUT). (Fixes: #405). - Handle execution of ss command from Perl script x2golistdesktops in a way that not only works on Debian, but also on Fedora et al. (Fixes: #727). - Provide legacy support for old File::Path packages in x2godbadmin. (Fixes: #715). - Fix wrong evocation of x2gosyslog ("error" -> "err"). - Use "undef $dbh" instead of "$dbh->disconnect()". Fixes SQLite3 issues on SLE 11.x. - Only call $dbh->sqlite_busy_timeout() if the $dbh object is capable of that. Works around a too-old DBD::SQLite package on SLE 11.x. - Legacy for applications (and X2Go scripts) that expect $SSH_CLIENT to be set in the X2Go session's environment. (Fixes: #644). - Add man page for x2gogetapps. Weave into that a security / disclaimer message as proposed by Stefan Baur. (Fixes: #728). * debian/control: + Add D (x2goserver): libfile-which-perl. + Add C (x2goserver: x2godesktopsharing (<< 3.1.1.2-0~). (Fixes: #700). + Bump Standards: to 3.9.6. No changes needed. + Don't depend on libdb-pg-perl for armhf builds. (Fixes: #712). Thanks to Heinrich Schuchardt for providing information on this. + Upgrade to D again (bin:package x2goserver): xfonts-base (Fixes: #770). * debian/x2goserver.docs: + Install README.i18n file into bin:package x2goserver. * x2goserver.spec: + Add to R: perl(File::Which). + Additionally adapt to building on openSUSE/SLES. + No shell expansion possible in obs-build, detect perl version only for non-SUSE builds. + Add to R: x2goserver-xsession. + Don't mention /etc/x2go/x2gosql/sql twice (directly and with wildcard). + No %{_sysconfdir}/x2go/Xclients.d on SUSE systems. + Use %{_localstatedir} instead of %{_sharedstatedir}. + Use proper if... then... clauses. + For SUSE builds: Add to R: shadow (useradd, groupadd). + Replace historical "egrep" with "grep -E". + Systemd support for SUSE >= 12.10. + Set %defattr macro for every bin:package. + SUSE and Fedora/RHEL have different package group names. + Add x2goserver-rpmlintrc file to handle some rpmlint errors and warnings. + SUSE has openssh, but no openssh-server. + Add to R (x2goserver): perl-X2Go-Server. + Add to R (diverse): perl(Config::Simple), perl(Switch) and perl(Capture::Tiny). + Add to R (x2goserver): perl(File::BaseDir). + Don't hard-code /var/lib/ in $HOME path of to-be-created user "x2gouser". + Add to BR: findutils. + For Fedora-like systems, don't make x2goserver bin:package authoritative for non-X2Go directories. (Fixes: #676). + Remove macro call %systemd_pre for Fedora/EPEL-7 builds. No such macro in Fedora/RHEL7. (Fixes: 698). + Create system user x2gouser with $HOME in /var/lib/x2go. (Fixes: #697). + Always set BuildRoot: parameter. + BuildRequires: SUSE <= 11.3 has xorg-x11, not xinit. + Requires (x2goserver-xsession): SUSE <= 11.3 has xorg-x11, not xinit. + No Bashisms in scriptlets. + rpmlint requires shared-mime-info at build time on SLE <= 11.3. + "%set_permissions" / "%verify_permissions" macros are not know in SLE <= 11.3. Using "%run permissions" and "%verify permissions" instead. + On SUSE, add permissions.d/x2goserver. + Fix SQLite wrapper permissions (02775 -> 02755) + Use if then clauses for creating user/group x2goprint. . [ Matthew L. Dailey ] * New upstream version (4.0.1.19): - x2gocleansessions: Redirect stdin, stdout and stderr to /dev/null, test for the existence of the file descriptor before issuing the close, only capture the file descriptor backreference in the regex and send any close failures to syslog. (Fixes: #678). . [ Lars Wendler ] * New upstream version (4.0.1.19): - Use "printf" instead of "echo -n". (Fixes: #668). From unknown Thu Mar 28 15:05:28 2024 MIME-Version: 1.0 X-Mailer: MIME-tools 5.502 (Entity 5.502) X-Loop: owner@bugs.x2go.org From: owner@bugs.x2go.org (X2Go Bug Tracking System) Subject: Bug#405 closed by X2Go Release Manager (X2Go issue (in src:x2goserver) has been marked as closed) Message-ID: References: <20150224205404.7E1213BE61@ymir.das-netzwerkteam.de> X-X2go-PR-Keywords: confirmed pending X-X2go-PR-Message: they-closed 405 X-X2go-PR-Package: x2goserver X-X2go-PR-Source: x2goserver Date: Tue, 24 Feb 2015 20:55:38 +0000 Content-Type: multipart/mixed; boundary="----------=_1424811338-13799-0" This is a multi-part message in MIME format... ------------=_1424811338-13799-0 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=utf-8 This is an automatic notification regarding your Bug report which was filed against the x2goserver package: #405: x2gomountdirs/sshfs hangs indefinitely if It has been closed by X2Go Release Manager . Their explanation is attached below along with your original report. If this explanation is unsatisfactory and you have not received a better one in a separate message then please contact X2Go Release Manager <= git-admin@x2go.org> by replying to this email. --=20 X2Go Bug Tracking System Contact owner@bugs.x2go.org with problems ------------=_1424811338-13799-0 Content-Type: message/rfc822 Content-Disposition: inline Content-Transfer-Encoding: 7bit Received: (at control) by bugs.x2go.org; 24 Feb 2015 20:54:37 +0000 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on ymir.das-netzwerkteam.de X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,NO_RELAYS, URIBL_BLOCKED autolearn=unavailable version=3.3.2 Received: by ymir.das-netzwerkteam.de (Postfix, from userid 1005) id 7E1213BE61; Tue, 24 Feb 2015 21:54:04 +0100 (CET) From: X2Go Release Manager To: 405-submitter@bugs.x2go.org Cc: control@bugs.x2go.org, 405@bugs.x2go.org Subject: X2Go issue (in src:x2goserver) has been marked as closed Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: 8bit Message-Id: <20150224205404.7E1213BE61@ymir.das-netzwerkteam.de> Date: Tue, 24 Feb 2015 21:54:04 +0100 (CET) close #405 thanks Hello, we are very hopeful that X2Go issue #405 reported by you has been resolved in the new release (4.0.1.19) of the X2Go source project »src:x2goserver«. You can view the complete changelog entry of src:x2goserver (4.0.1.19) below, and you can use the following link to view all the code changes between this and the last release of src:x2goserver. http://code.x2go.org/gitweb?p=x2goserver.git;a=commitdiff;h=49c91751e560ad09ab4490cc3bd6687509c05755;hp=724d2eefe399485a71e79c705a0aad125e853230 If you feel that the issue has not been resolved satisfyingly, feel free to reopen this bug report or submit a follow-up report with further observations described based on the new released version of src:x2goserver. Thanks a lot for contributing to X2Go!!! light+love X2Go Git Admin (on behalf of the sender of this mail) --- X2Go Component: src:x2goserver Version: 4.0.1.19-0x2go1 Status: RELEASE Date: Tue, 24 Feb 2015 21:49:22 +0100 Fixes: 405 632 633 638 644 664 668 671 672 675 676 678 697 698 700 712 715 727 728 770 Changes: x2goserver (4.0.1.19-0x2go1) RELEASED; urgency=medium . [ Mike Gabriel ] * New upstream version (4.0.1.19): - Use File::Which to detect if sshfs command is available before trying to mount a client-side folder. - Be a bit more tolerant when trying to detect if a desktop icon is to be removed (using regexp, not eq). - Xsession script: Prevent bash failures when sourcing external bash scripts beyond our scope. (Fixes: #632, #675). - x2gogetapps: Support scanning of sub-directories when searching for .desktop files. We allow to dive down one level into subdirs, we on purpose do not recursively dive into the complete subtree. (Fixes: #633). - Make man2html an optional tool. Don't fail if it is missing on the build system (required for openSUSE/SLES builds). - Fix x2goserver-xsession/Makefile on SUSE. Detect SUSE distro and create Xsession related directory symlinks (xinitrc.d and Xclients.d). - Hack for x2goserver-xsession/Makefile during SUSE builds. If directoy /usr/share/doc/packages/brp-check-suse is present, the build env is also considered to be a SUSE system. - Trigger Xsession code for SUSE systems (look for /etc/SUSE-brand or /etc/SuSE-release for SUSE system recognition). (Fixes: #671). - x2gosqlitewrapper.c: Fix rpmlint error: no-return-in-nonvoid-function. Return the exitcode of execve(). - Fix gramma in error message (in x2goresume-session). - x2gocleansessions: Call x2gormforward also on terminated sessions. This will make sure that re-assigned ports are really available on new session startup. - x2golistsessions(_root): Only update session state in session DB if x2goagent's state file really exists. This addresses a problem that occurs when x2golistsessions gets called via an x2gobroker-agent. The x2golistsessions script may show session states (--all-servers) of sessions on other servers that have session states files on their remote /tmp dirs. These files are not accessible for that x2golistsessions script and should simply be ignored. (Fixes: #638). - Provide pam_namespace support for has_agent_state_file() function. - Fix missing session list output if state file does not exist on the machine that runs x2golistsessions(_root). - Accept more verbose "DENY" output from x2godesktopsharing. - Make sure that all "su"-to-user-contexts use /bin/sh for wrapping around the executed command (in x2gocleansessions and x2golistsessions_root). - Also enforce /bin/sh as shell in su command in x2goprint. - README.i18n: Add file that explains the translation workflow for this package. Thanks to Mark Pedersen-Cook for drafting this file. - Make SSH agent forwarding work after having reconnected via SSH and having resumed a session. (Fixes: #672). Thanks to Robert Siemer for coming up with that idea. - Fix cross-user X2Go Desktop Sharing after being broken by implementing clipboard mode feature (and probably other code changes). - Document session startup / resumption failures (and their reasons) in server-side log output. - Handle AD domain users gracefully when X2Go is used with SQLite DB backend. (Fixes: #664). - Improve sanitizer, use 'x2gosid' sanitizer for session IDs everywhere. Drop unused 'pnixusername' sanitizer in 4.0.1.x release of X2Go Server. - Allow usernames in session IDs of length 48 chars. - Start sshfs with a timeout of 30 seconds (because it never finishes if something is wrong with the client-side TCP socket). Also remove/unmount mountpoints erroneously registered sshfs mountpoints if sshfs command times out. Furthermore, print errors to STDERR (not STDOUT). (Fixes: #405). - Handle execution of ss command from Perl script x2golistdesktops in a way that not only works on Debian, but also on Fedora et al. (Fixes: #727). - Provide legacy support for old File::Path packages in x2godbadmin. (Fixes: #715). - Fix wrong evocation of x2gosyslog ("error" -> "err"). - Use "undef $dbh" instead of "$dbh->disconnect()". Fixes SQLite3 issues on SLE 11.x. - Only call $dbh->sqlite_busy_timeout() if the $dbh object is capable of that. Works around a too-old DBD::SQLite package on SLE 11.x. - Legacy for applications (and X2Go scripts) that expect $SSH_CLIENT to be set in the X2Go session's environment. (Fixes: #644). - Add man page for x2gogetapps. Weave into that a security / disclaimer message as proposed by Stefan Baur. (Fixes: #728). * debian/control: + Add D (x2goserver): libfile-which-perl. + Add C (x2goserver: x2godesktopsharing (<< 3.1.1.2-0~). (Fixes: #700). + Bump Standards: to 3.9.6. No changes needed. + Don't depend on libdb-pg-perl for armhf builds. (Fixes: #712). Thanks to Heinrich Schuchardt for providing information on this. + Upgrade to D again (bin:package x2goserver): xfonts-base (Fixes: #770). * debian/x2goserver.docs: + Install README.i18n file into bin:package x2goserver. * x2goserver.spec: + Add to R: perl(File::Which). + Additionally adapt to building on openSUSE/SLES. + No shell expansion possible in obs-build, detect perl version only for non-SUSE builds. + Add to R: x2goserver-xsession. + Don't mention /etc/x2go/x2gosql/sql twice (directly and with wildcard). + No %{_sysconfdir}/x2go/Xclients.d on SUSE systems. + Use %{_localstatedir} instead of %{_sharedstatedir}. + Use proper if... then... clauses. + For SUSE builds: Add to R: shadow (useradd, groupadd). + Replace historical "egrep" with "grep -E". + Systemd support for SUSE >= 12.10. + Set %defattr macro for every bin:package. + SUSE and Fedora/RHEL have different package group names. + Add x2goserver-rpmlintrc file to handle some rpmlint errors and warnings. + SUSE has openssh, but no openssh-server. + Add to R (x2goserver): perl-X2Go-Server. + Add to R (diverse): perl(Config::Simple), perl(Switch) and perl(Capture::Tiny). + Add to R (x2goserver): perl(File::BaseDir). + Don't hard-code /var/lib/ in $HOME path of to-be-created user "x2gouser". + Add to BR: findutils. + For Fedora-like systems, don't make x2goserver bin:package authoritative for non-X2Go directories. (Fixes: #676). + Remove macro call %systemd_pre for Fedora/EPEL-7 builds. No such macro in Fedora/RHEL7. (Fixes: 698). + Create system user x2gouser with $HOME in /var/lib/x2go. (Fixes: #697). + Always set BuildRoot: parameter. + BuildRequires: SUSE <= 11.3 has xorg-x11, not xinit. + Requires (x2goserver-xsession): SUSE <= 11.3 has xorg-x11, not xinit. + No Bashisms in scriptlets. + rpmlint requires shared-mime-info at build time on SLE <= 11.3. + "%set_permissions" / "%verify_permissions" macros are not know in SLE <= 11.3. Using "%run permissions" and "%verify permissions" instead. + On SUSE, add permissions.d/x2goserver. + Fix SQLite wrapper permissions (02775 -> 02755) + Use if then clauses for creating user/group x2goprint. . [ Matthew L. Dailey ] * New upstream version (4.0.1.19): - x2gocleansessions: Redirect stdin, stdout and stderr to /dev/null, test for the existence of the file descriptor before issuing the close, only capture the file descriptor backreference in the regex and send any close failures to syslog. (Fixes: #678). . [ Lars Wendler ] * New upstream version (4.0.1.19): - Use "printf" instead of "echo -n". (Fixes: #668). ------------=_1424811338-13799-0 Content-Type: message/rfc822 Content-Disposition: inline Content-Transfer-Encoding: 7bit Received: (at submit) by bugs.x2go.org; 21 Jan 2014 06:40:05 +0000 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on ymir.das-netzwerkteam.de X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,FREEMAIL_FROM, T_DKIM_INVALID autolearn=ham version=3.3.2 Received: from mail-ig0-f175.google.com (mail-ig0-f175.google.com [209.85.213.175]) by ymir (Postfix) with ESMTPS id B3BA35DB16 for ; Tue, 21 Jan 2014 07:40:03 +0100 (CET) Received: by mail-ig0-f175.google.com with SMTP id uq10so10010425igb.2 for ; Mon, 20 Jan 2014 22:40:02 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=message-id:date:from:user-agent:mime-version:to:subject :content-type:content-transfer-encoding; bh=padCO4g1/z+TPjEXaHrhsvMLcp+xTDR4XtLv61ZLKDM=; b=Lyze8LfRQt2x/06vXtQOXycNm3xgTstOK9cXq5+TOXyrdyX0qH6gpt9Lhn6I7Sn3/G I7Y/lgfF9GSvAqTtCQBY+Xs49EVbrG6gXSC6sS1euhj3yfef1LTwahC9vVIxJnneoRkE KMzdr310/BVmlscYXdlIXAfdBdSGZj6FGghn2YhS/SJGcafaJrPIneKtot5vaPdFSH5E zWGIIKy9LgEdYIVOgVepYMdwQ03N7bp/cDQhrzky5VsuHXQqI4Old8ZXCnaBEiN1WzZ1 YTX64K/HrHcSbL8oMEfB91VMcZObsm/CA2Jr5nFdZR8oLgQxlEgjxAGtp2W9OXkl8pk4 XS+g== X-Received: by 10.51.17.101 with SMTP id gd5mr16252699igd.25.1390286402161; Mon, 20 Jan 2014 22:40:02 -0800 (PST) Received: from [192.168.2.6] (99-4-166-139.lightspeed.caryil.sbcglobal.net. [99.4.166.139]) by mx.google.com with ESMTPSA id h6sm9091450igy.8.2014.01.20.22.40.01 for (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Mon, 20 Jan 2014 22:40:01 -0800 (PST) Message-ID: <52DE1642.1090802@gmail.com> Date: Tue, 21 Jan 2014 00:40:02 -0600 From: "Roger D. Serwy" User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.2.0 MIME-Version: 1.0 To: submit@bugs.x2go.org Subject: x2goclient pollutes ~/.ssh/authorized_keys Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Package: x2goclient Version: 4.0.1.2 Severity: Grave I am using ArchLinux Linux 3.12.6-1-ARCH #1 SMP PREEMPT Fri Dec 20 19:39:00 CET 2013 When "Client side printing support" is enabled, x2goclient appends an entry to ~/.ssh/authorized_keys. Worse, these entries are not removed when exiting x2goclient. This is a security risk, as the user did not intend to allow permanent access to that particular key, especially when the client computer runs an OpenSSH server. Performing chmod -w ~/.ssh/authorized_keys and then running x2goclient with client side printing gives an error message: "Unable to write : /home/serwy/.ssh/authorized_keys". This message is generated in void ONMainWindow::startX2goMount() at line 8867 in onmainwindow.cpp. x2goclient shouldn't need to write to ~/.ssh/authorized_keys. Regards, Roger Serwy ------------=_1424811338-13799-0-- From unknown Thu Mar 28 15:05:28 2024 Received: (at fakecontrol) by fakecontrolmessage; To: internal_control@bugs.x2go.org From: Debbugs Internal Request Subject: Internal Control Message-Id: Bug archived. Date: Mi, 25 =?UTF-8?Q?M=C3=83=C2=A4r?= 2015 06:24:01 +0000 User-Agent: Fakemail v42.6.9 # A New Hope # A long time ago, in a galaxy far, far away # something happened. # # Magically this resulted in the following # action being taken, but this fake control # message doesn't tell you why it happened # # The action: # Bug archived. thanks # This fakemail brought to you by your local debbugs # administrator