X2Go Bug report logs - #507
profile manager: add clipboard config parameter

version graph

Package: pyhoca-gui; Maintainer for pyhoca-gui is X2Go Developers <x2go-dev@lists.x2go.org>; Source for pyhoca-gui is src:pyhoca-gui.

Reported by: Christoph Anton Mitterer <calestyo@scientia.net>

Date: Mon, 1 Jul 2013 02:48:02 UTC

Severity: grave

Tags: pending, security

Fixed in version 0.5.0.0

Done: Mike Gabriel <mike.gabriel@das-netzwerkteam.de>

Bug is archived. No further changes may be made.

Full log


🔗 View this message in rfc822 format

MIME-Version: 1.0
X-Mailer: MIME-tools 5.502 (Entity 5.502)
X-Loop: owner@bugs.x2go.org
From: owner@bugs.x2go.org (X2Go Bug Tracking System)
Subject: Bug#507 closed by Mike Gabriel <mike.gabriel@das-netzwerkteam.de>
 (X2Go issue (in src:pyhoca-gui) has been marked as closed)
Message-ID: <handler.507.c.14138025844782.notifdone@bugs.x2go.org>
References: <20141020105443.E47705DB45@ymir.das-netzwerkteam.de>
X-X2go-PR-Keywords: security pending
X-X2go-PR-Message: they-closed 507
X-X2go-PR-Package: pyhoca-gui
X-X2go-PR-Source: pyhoca-gui
Date: Mon, 20 Oct 2014 11:00:08 +0000
Content-Type: multipart/mixed; boundary="----------=_1413802808-7131-0"
[Message part 1 (text/plain, inline)]
This is an automatic notification regarding your Bug report
which was filed against the pyhoca-gui package:

#507: profile manager: add clipboard config parameter

It has been closed by Mike Gabriel <mike.gabriel@das-netzwerkteam.de>.

Their explanation is attached below along with your original report.
If this explanation is unsatisfactory and you have not received a
better one in a separate message then please contact Mike Gabriel <mike.gabriel@das-netzwerkteam.de> by
replying to this email.


-- 
X2Go Bug Tracking System
Contact owner@bugs.x2go.org with problems
[Message part 2 (message/rfc822, inline)]
From: Mike Gabriel <mike.gabriel@das-netzwerkteam.de>
To: 507-submitter@bugs.x2go.org
Cc: control@bugs.x2go.org, 507@bugs.x2go.org
Subject: X2Go issue (in src:pyhoca-gui) has been marked as closed
Date: Mon, 20 Oct 2014 12:54:43 +0200 (CEST)
close #507
thanks

Hello,

we are very hopeful that X2Go issue #507 reported by you
has been resolved in the new release (0.5.0.0) of the
X2Go source project »src:pyhoca-gui«.

You can view the complete changelog entry of src:pyhoca-gui (0.5.0.0)
below, and you can use the following link to view all the code changes
between this and the last release of src:pyhoca-gui.

    http://code.x2go.org/gitweb?p=pyhoca-gui.git;a=commitdiff;h=457c1eff6ca84f56fe911851e5cb2cc66a9b6f75;hp=954e9b1019724590c343ccb95a33d3d83da9614e

If you feel that the issue has not been resolved satisfyingly, feel
free to reopen this bug report or submit a follow-up report with
further observations described based on the new released version
of src:pyhoca-gui.

Thanks a lot for contributing to X2Go!!!

light+love
X2Go Git Admin (on behalf of the sender of this mail)

---
X2Go Component: src:pyhoca-gui
Version: 0.5.0.0-0x2go1
Status: RELEASE
Date: Mon, 20 Oct 2014 12:51:05 +0200
Fixes: 19 394 460 507 533 534 548
Changes: 
 pyhoca-gui (0.5.0.0-0x2go1) RELEASED; urgency=low
 .
   [ Mike Gabriel ]
   * New upstream version (0.5.0.0):
     - (Now really) Support Python wxWidgets 3.0.
     - Add X2Go Session Broker support.
     - Adapt to new backend concept found in Python X2Go (>= 0.5.0.0).
     - Move most code of the pyhoca-gui executable into a dedicated class
       named PyHocaGUI_Launcher.
     - Allow automatic image branding (splash, about image, tray icon) by
       setting another application name than the default.
     - Rename icon files to match default application name (PyHoca-GUI).
     - Make default cmdline option parameters overridable before the
       arg parser gets initialized.
     - Make SCRIPT_NAME in setup.py configurable (monkey-patchable).
     - Make setup.py importable, only run setup() function on direct calls.
     - Don't refer to py2exe anymore in nsis_template's naming scheme.
     - Provide separate mswin_logging module.
     - Install more modules into setup.exe: hmac (for ecdsa).
     - NSIS script: empty installation destination before installing new files
       into $INSTDIR.
     - Allow appname based mini icons on About... windows.
     - Make the hover text of the tray icon brandable (drop hard-coded
       PyHoca-GUI application name).
     - NSIS script: make sure SetOutPath gets called at the beginning of
       every section.
     - Show printing preferences when tray icon is in restricted mode.
     - Session profile manager: the host parameter will be of type ListType
       for future versions of Python X2Go (>= 0.5.0.0).
     - Focus the user name field on logon if no user name is stored in the
       session profile.
     - Re-order cmdline sections (man page, defaults.py).
     - Optimize menu rendering. Reduce accessing session profile data as best
       as is possible.
     - Provide cmdline option --broker-cacertfile. Enable https:// connections
       with SSL certificates that have been self-signed against a non-public
       root-CA certificate file.
     - Handle "Connection refused" errors during broker login attempts.
     - Gracefully handle "Connection refused" errors after a broker login has
       already been successful.
     - Properly set focus in broker logon window (default: password, if no
       username
       provided: username, if no URL provided: broker-URL field).
     - Fix check_running() method in PyHocaGUI_Launcher on MS Windows.
     - Make broker support available for the MS Windows build of PyHoca-GUI.
     - Make check_running() test terminal server / multi-session safe.
       (Fixes: #19).
     - Windows PyHoca-GUI.log file: create with PID in file name. On log file
       creation try removing all old log files that are not still open.
     - Create Windows log file folder before attempting clean up (old log file
       removal).
     - Make sure new session profiles are mutable in the session profile manager
       GUI.
     - Gray-out Apply button in session profile GUI on profile creation.
     - Windows builder: Explicitly add the requests module to the set of
       bundled Python modules.
     - In session profile manager GUI: handle multiple clicks on the Apply button
       gracefully.
     - Notification about multiply started PyHoca-GUI instances. Don't hard code the
       application name.
     - Fix path name detection for default icons. (Fixes: #394).
     - Update English / German translation.
     - Add subsystem string support for HOOK_forward_tunnel_setup_failed hook.
     - Improve NX performance by reducing reactivity of wx widgets.
     - Grey-out all SSH related options for DirectRDP sessions.
     - Make the clipboard mode configurable through the session profile manager
       window. (Fixes: #507).
     - Make the published applications menu tree more robust against unknown
       icon image types.
     - Prepare for running against wxPython 3.0. More testing needed. (Fixes:
       #534).
     - Rename LICENSE.txt to COPYING.
     - Add Keywords= field to pyhoca-gui.desktop file.
     - Don't flood PyHocaGUI._eventid_(uns)hared_folders_map dict with
       non-valid-anymore event IDs.
     - pyhoca-gui.desktop: Set Categories: to Network;RemoteAccess;.
     - setup.py: Install .mo files into DESTDIR.
     - brokerlogin.py: Fix parameter error when evoking message box.
     - More reliably handle errors in a given --broker-url option value.
   * debian/control:
     + Add D (bin:package pyhoca-gui): python-cups. (Fixes: #460).
   * pyhoca-gui.spec:
     + Adapt to building on openSUSE/SLES.
     + openSUSE has python-notify whereas Fedora/RHEL has notify-python.
     + openSUSE (at least >= 12.3) has wxPython 2.9. So let's use it. (On openSUSE
       13.1, pyhoca-gui segfaults with wxPython 2.8).
     + Try to build the .po -> .mo files during package build.
     + Install locale files into bin:package.
     + No extra BR on gettext, intltool will pull it in anyway.
 .
   [ Mike DePaulo ]
   * New upstream version (0.5.0.0):
     - Windows: Set the pyhoca-gui icon on pyhoca-gui.exe (Fixes: #548)
       The icon will show up in Task Manager too.
     - Windows: Upgrade PulseAudio from 1.1 to 5.0-rev18 from OBS.
       Fixes choppy sound in Adobe Flash Player (Fixes: #533)
     - Windows: Upgrade from VcXsrv 1.14.2.0 to VcXsrv-xp 1.14.3.2
       Windows: Update nxproxy from 3.5.0.12 to 3.5.0.27
       (linked against latest cygwin packages as of 2014-06-09)
     - Windows: Update Python from an earlier version of 2.7.x to 2.7.8
     - Windows: Update wxPython from 2.9.x to 3.0.0.0
     - Windows: Updates/Upgrades to other libraries also
     - Windows: List as "PyHoca-GUI (A graphical X2Go client)"
       instead of "PyHoca-GUI" in add/remove programs
     - Windows: Use Unicode NSIS instead of regular NSIS.
       See x2goclient bug #528 for reasoning.
     - Windows: Reduce size of NSIS installer by switching to lzma solid compression
     - Windows: Numerous other improvements to NSIS installer.
       For example, in add/remove programs, add version string, icon, size, etc.
 .
   [ Daniel Lindgren ]
   * New upstream version (0.5.0.0):
     - Update Swedish translation file.
 .
   [ Ricardo Díaz Martín ]
   * New upstream version (0.5.0.0):
     - Update Spanish translation file (2x).
 .
   [ Martti Pitkänen ]
   * New upstream version (0.5.0.0):
     - Add Finnish translation file.
 .
   [ Jos Wolfram ]
   * New upstream version (0.5.0.0):
     - Update Dutch translation file.
 .
   [ Robert Parts ]
   * New upstream version (0.5.0.0):
     - Add Estonian translation file.
 .
   [ Klaus Ade Johnstad ]
   * New upstream version (0.5.0.0):
     - Update Bokmal (Norway) translation file.
 .
   * Translation status:
     + UNTRANSLATED - bg: 0 translated messages, 398 untranslated messages.
     + INCOMPLETE - da: 350 translated messages, 28 fuzzy translations, 20 untranslated
       messages.
     + OK - de: 398 translated messages.
     + OK - en: 398 translated messages.
     + OK - es: 398 translated messages.
     + INCOMPLETE - et: 366 translated messages, 32 untranslated messages.
     + UNTRANSLATED - fr: 0 translated messages, 398 untranslated messages.
     + BROKEN - fi: 0 translated messages, 188 fuzzy translations, 210 untranslated messages.
     + OK - nb_NO: 398 translated messages.
     + OK - nl: 398 translated messages.
     + INCOMPLETE - ru: 351 translated messages, 28 fuzzy translations, 19 untranslated
       messages.
     + OK - sv: 398 translated messages.

[Message part 3 (message/rfc822, inline)]
From: Christoph Anton Mitterer <calestyo@scientia.net>
To: submit@bugs.x2go.org
Subject: SECURITY: x2goclient allows clipboard sniffing
Date: Mon, 01 Jul 2013 04:38:28 +0200
Package: x2goclient
Severity: grave
Tags: security

Hi.

From: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=714588


It seems that per default (and I even found no way to disable it)
x2goclient (and perhaps other
related tools?) transmit the content of the clipboard to the remote
host.

As this may easily contain passwords or other sensitive information,
this is a extremely
critical hole.


Cheers,
Chris.

Send a report that this bug log contains spam.


X2Go Developers <owner@bugs.x2go.org>. Last modified: Wed Dec 4 08:31:34 2024; Machine Name: ymir.das-netzwerkteam.de

X2Go Bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.