X2Go Bug report logs - #928
x2goclient 4.0.5.0 overwrites user's shell

version graph

Package: x2goclient; Maintainer for x2goclient is X2Go Developers <x2go-dev@lists.x2go.org>; Source for x2goclient is src:x2goclient.

Reported by: Orion Poplawski <orion@cora.nwra.com>

Date: Tue, 25 Aug 2015 17:30:02 UTC

Severity: normal

Tags: patch, pending

Found in version 4.0.5.0

Fixed in version 4.0.5.1

Done: X2Go Release Manager <git-admin@x2go.org>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to x2go-dev@lists.x2go.org, X2Go Developers <x2go-dev@lists.x2go.org>:
Bug#928; Package x2goclient. (Tue, 25 Aug 2015 17:30:02 GMT) (full text, mbox, link).


Acknowledgement sent to Orion Poplawski <orion@cora.nwra.com>:
New Bug report received and forwarded. Copy sent to X2Go Developers <x2go-dev@lists.x2go.org>. (Tue, 25 Aug 2015 17:30:02 GMT) (full text, mbox, link).


Message #5 received at submit@bugs.x2go.org (full text, mbox, reply):

From: Orion Poplawski <orion@cora.nwra.com>
To: submit@bugs.x2go.org
Subject: x2goclient 4.0.5.0 overwrites user's shell
Date: Tue, 25 Aug 2015 11:28:02 -0600
[Message part 1 (text/plain, inline)]
Package: x2goclient
Version: 4.0.5.0
Tags: patch

See https://bugzilla.redhat.com/show_bug.cgi?id=1256799

Description of problem:
After upgrading x2goclient my system assigned shell of /bin/zsh is ignored and
forcefully set to /bin/bash

The shift to running everything under /bin/bash had the side effect of setting
SHELL to /bin/bash, which is then what terminal emulators and others use for
spawning shells.

If we specify -l to bash it runs as a login shell, sources the proper startup
files and sets SHELL to whatever getpwent() returns for the login shell.

However, this also opens the door for things like ~/.bash_logout to get run
which executes "clear", which emits:

TERM environment variable not set.

when TERM is empty as it is here.  So we also set TERM=dumb to work around that.


It might be nice to add the ability to distinguish between a session startup
command and other utility commands (x2gomountdirs, etc.) and only add -l to
the session startup commands.  This is probably more appropriate.

-- 
Orion Poplawski
Technical Manager                     303-415-9701 x222
NWRA, Boulder/CoRA Office             FAX: 303-415-9702
3380 Mitchell Lane                       orion@nwra.com
Boulder, CO 80301                   http://www.nwra.com
[x2goclient-shell.patch (text/x-patch, attachment)]

Information forwarded to x2go-dev@lists.x2go.org, X2Go Developers <x2go-dev@lists.x2go.org>:
Bug#928; Package x2goclient. (Thu, 14 Jan 2016 04:20:02 GMT) (full text, mbox, link).


Acknowledgement sent to Mihai Moldovan <ionic@ionic.de>:
Extra info received and forwarded to list. Copy sent to X2Go Developers <x2go-dev@lists.x2go.org>. (Thu, 14 Jan 2016 04:20:03 GMT) (full text, mbox, link).


Message #10 received at 928@bugs.x2go.org (full text, mbox, reply):

From: Mihai Moldovan <ionic@ionic.de>
To: 928-submitter@bugs.x2go.org
Cc: control@bugs.x2go.org, 928@bugs.x2go.org
Subject: X2Go issue (in src:x2goclient) has been marked as pending for release
Date: Thu, 14 Jan 2016 05:15:01 +0100 (CET)
tag #928 pending
fixed #928 4.0.5.1
thanks

Hello,

X2Go issue #928 (src:x2goclient) reported by you has been
fixed in X2Go Git. You can see the changelog below, and you can
check the diff of the fix at:

    http://code.x2go.org/gitweb?p=x2goclient.git;a=commitdiff;h=256e30d

The issue will most likely be fixed in src:x2goclient (4.0.5.1).

light+love
X2Go Git Admin (on behalf of the sender of this mail)

---
commit 256e30d47178a7d4c8f8e25317d60a4fca673a3d
Author: Orion Poplawski <orion@cora.nwra.com>
Date:   Thu Jan 14 03:16:49 2016 +0100

    ssh{process,masterconnection}.cpp: run bash as a login shell when invoking any command remotely. Fixes: #928.
    
    Because this opens the door for ~/.bash_logout and friend scripts to be
    executed, which may contain calls to ncurses' reset or clear, also set
    the TERM variable to dump to not have unexpected output on stderr at
    logout time.

diff --git a/debian/changelog b/debian/changelog
index 7cee1e5..a3d37fa 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -53,6 +53,14 @@ x2goclient (4.0.5.1-0x2go1) UNRELEASED; urgency=low
     - Windows: Update bundled Win32 OpenSSL from 1.0.1p to 1.0.1q,
       which fixes the multiple CVEs announced on 2015-12-03.
 
+  [ Orion Poplawski ]
+  * New upstream release (4.0.5.1):
+    - ssh{process,masterconnection}.cpp: run bash as a login shell when
+      invoking any command remotely. Fixes: #928. Because this opens the door
+      for ~/.bash_logout and friend scripts to be executed, which may contain
+      calls to ncurses' reset or clear, also set the TERM variable to dump to
+      not have unexpected output on stderr at logout time.
+
  -- X2Go Release Manager <git-admin@x2go.org>  Tue, 28 Jul 2015 06:05:27 +0200
 
 x2goclient (4.0.5.0-0x2go1) unstable; urgency=low


Added tag(s) pending. Request was from Mihai Moldovan <ionic@ionic.de> to control@bugs.x2go.org. (Thu, 14 Jan 2016 04:20:05 GMT) (full text, mbox, link).


Marked as fixed in versions 4.0.5.1. Request was from Mihai Moldovan <ionic@ionic.de> to control@bugs.x2go.org. (Thu, 14 Jan 2016 04:20:05 GMT) (full text, mbox, link).


Message sent on to Orion Poplawski <orion@cora.nwra.com>:
Bug#928. (Thu, 14 Jan 2016 04:20:08 GMT) (full text, mbox, link).


Information forwarded to x2go-dev@lists.x2go.org, X2Go Developers <x2go-dev@lists.x2go.org>:
Bug#928; Package x2goclient. (Thu, 24 Mar 2016 20:40:10 GMT) (full text, mbox, link).


Acknowledgement sent to X2Go Release Manager <git-admin@x2go.org>:
Extra info received and forwarded to list. Copy sent to X2Go Developers <x2go-dev@lists.x2go.org>. (Thu, 24 Mar 2016 20:40:11 GMT) (full text, mbox, link).


Message #22 received at 928@bugs.x2go.org (full text, mbox, reply):

From: X2Go Release Manager <git-admin@x2go.org>
To: 928-submitter@bugs.x2go.org
Cc: control@bugs.x2go.org, 928@bugs.x2go.org
Subject: X2Go issue (in src:x2goclient) has been marked as closed
Date: Thu, 24 Mar 2016 21:38:46 +0100 (CET)
close #928
thanks

Hello,

we are very hopeful that X2Go issue #928 reported by you
has been resolved in the new release (4.0.5.1) of the
X2Go source project »src:x2goclient«.

You can view the complete changelog entry of src:x2goclient (4.0.5.1)
below, and you can use the following link to view all the code changes
between this and the last release of src:x2goclient.

    http://code.x2go.org/gitweb?p=x2goclient.git;a=commitdiff;h=4f91293625f1b3c12a1fa0a414424557d82fc65a;hp=b69667ef6d5f762b988e756a85a429792871e88c

If you feel that the issue has not been resolved satisfyingly, feel
free to reopen this bug report or submit a follow-up report with
further observations described based on the new released version
of src:x2goclient.

Thanks a lot for contributing to X2Go!!!

light+love
X2Go Git Admin (on behalf of the sender of this mail)

---
X2Go Component: src:x2goclient
Version: 4.0.5.1-0x2go1
Status: RELEASE
Date: Thu, 24 Mar 2016 21:35:30 +0100
Fixes: 487 772 860 916 921 927 928 945 948 953 973 987 1000
Changes: 
 x2goclient (4.0.5.1-0x2go1) RELEASED; urgency=low
 .
   [ Mihai Moldovan ]
   * New upstream release (4.0.5.1):
     - onmainwindow.cpp: include sshd PID file path option in quotes to support
       whitespaces within the var directory path on Windows. Add comment to
       revisit this later on non-Windows-platforms, too. Fixes: #916.
     - onmainwindow.cpp: do NOT reformat. Reverts most of the previous commit
       because it breaks code logic.
     - res/txt/packs: add adaptive method.
     - {macbuild.sh,x2goclient.pro}: pass MacPorts library and include path's
       to qmake. Due to the qt4-mac's changes, we do not automatically get
       these values automatically "appended" in a usable way anymore.
     - x2gosettings.cpp: let centralSettings () return false on Windows.
     - onmainwindow.cpp: be more precise in slotScDaemonError () regarding
       unknown and undefined errors.
     - onmainwindow.{cpp,h}: don't use a hardcoded path to xmodmap on OS X and
       handle errors more gracefully. Fixes: #487.
     - x2goclient.pro: fix typo --stdlib=... -> -stdlib=... Fixes: #973.
     - onmainwindow.cpp: add some more error handling for parsing the return
       value of x2golistsessions. As it turns out, it can happen that "invalid"
       strings are inserted in there, for instance by the perl interpreter
       itself. We need to skip over these, or the client crashes when splitting
       up the invalid lines.
     - macbuild.sh: add stdlib forcing. Should not be used unless you really
       know what you're doing. If you ponder using this, you probably don't.
     - res/resources.rcc: add Turkish translation file. Fixes: #987.
     - onmainwindow.cpp: use lowercase version of locale. Fixes: #953.
       Fixes loading up the nb_NO translation file, which is actually baked as
       nb_no into the binary.
     - sshmasterconnection.cpp: let challenge-auth-based login attempts
       fallback to normal password authentication if the initial
       challenge-auth-based attempt was unsuccessful.
     - sshmasterconnection.{cpp,h}: support variable number of
       challenge-auth-code-based prompts.
     - sshmasterconnection.cpp: don't check prompts for full string equality -
       a matching prefix is good enough. Amongst others, this fixes errors in
       conditions where the prompt does not contain a trailing whitespace, but
       X2Go Client expects one.
     - sshmasterconnection.cpp: add OATH TOTP prompt prefix. Fixes: #860.
     - res/i18n: refresh translation files again.
     - res/i18n/x2goclient_nb_no.ts: replace "X-Serv..." with "X.Org Server"
       where applicable.
     - res/i18n/x2goclient_nb_no.ts: correctly use "XQuartz" where necessary.
     - res/i18n/x2goclient_nb_no.ts: whitespace only.
     - res/i18n/x2goclient_nb_no.ts: fix up some "x2go" -> "X2Go" errors.
     - res/i18n/x2goclient_nb_no.ts: mark translation strings needing some care
       ("x2go..." -> "X2Go...") as unfinished for later fixup.
     - res/i18n/x2goclient_nb_no.ts: fix (meta data) typo introduced with last
       commit.
     - res/i18n/x2goclient_nl.ts: fixup translation by respecting the original
       messages' format and other changes.
     - res/i18n/x2goclient_de.ts: fixup translation by respecting the original
       messages' format, fixing typos and general improvements.
     - res/i18n/x2goclient_es.ts: fixup translation by respecting the original
       messages' format and other changes.
     - res/i18n/x2goclient_sv.ts: fixup translation by respecting the original
       messages' format and other changes.
   * debian/control:
     - Change apache2-dev | libc6-dev build dependency back to apache2-dev
       only. Otherwise, apache2-dev is not installed at all, even though
       theoretically available. The initial reasoning for this dependency type,
       apache2-dev not being available on all Ubuntu/Debian platforms, is not
       true anymore.
     - Change apache2-dev build dependency yet again to apache2-dev |
       apache2-threaded-dev. Turns out all Debian distros but wheezy (currently
       oldstable) have an apache2-dev package. Even oldoldstable (squeeze)
       does...
 .
   [ Oleksandr Shneyder ]
   * New upstream release (4.0.5.1):
     - xsettingswidget: compile only on Windows.
     - Add support for new style command line options of xfreerdp on direct RDP
       connections. (Fixes: #772).
     - Replace "::" with "_" for the desktop link name on Windows.
     - Fix direct RDP in broker mode.
     - Fix crashing client when editing session from SessionManageDialog.
       Fixes: #921.
     - Configure audio input in pulseaudio on Windows.
     - Reconnect ssh broker in case of IO Error.
     - Reformat source onmainwindow.cpp.
     - Disable settings editing if a directory with central settings is exists.
     - Format long names on session buttons.
     - Central settings for Linux, Mac and Windows.
     - Fix VCXSRV parameter to disable PRIMARY clipboard in X2Go Client for Windows. Fixes: #927.
     - Fix reading settings for direct RDP connections in broker mode.
     - Auto accept RSA Keys for SSH Broker with --add-to-known-hosts option.
 .
   [ Mike Gabriel ]
   * New upstream release (4.0.5.1):
     - xinerama.conf: Don't choke if screen coordintate lines in xinerama.conf
       start with a dash ("-"). (Fixes: #948).
 .
   [ Mike DePaulo ]
   * New upstream release (4.0.5.1):
     - Windows: Update bundled Win32 OpenSSL from 1.0.1p to 1.0.1q,
       which fixes the multiple CVEs announced on 2015-12-03.
     - Windows: Upgrade Cygwin components to latest versions as of
       2016-01-21, except for the Cygwin DLL which is still at 1.7.33
       in order to avoid breaking folder sharing and printer sharing
       due to 1.7.34's ACL/permissions changes.
       (authorized_keys file would often have mode 660 instead of 600)
       The latest components include most notably:
         + openssh 6.8p1-1-x2go1 -> 7.1p2-1-x2go1 (security update)
         + openssl 1.0.2d-1 -> 1.0.2e-1 (security update)
     - Windows: Update nxproxy from 3.5.0.31 to 3.5.0.32
     - Windows: Update Unicode NSIS from 2.46.5 to 2.50.0 Pre-release,
       which fixes the DLL hijacking security vuln (NSIS bug 1125.)
     - Windows: Update PuTTY from 0.64 to 0.66, which fixes
       CVE-2015-5309.
     - Windows: Remove libzip. libssh no longer uses it.
 .
   [ Orion Poplawski ]
   * New upstream release (4.0.5.1):
     - ssh{process,masterconnection}.cpp: run bash as a login shell when
       invoking any command remotely. Fixes: #928. Because this opens the door
       for ~/.bash_logout and friend scripts to be executed, which may contain
       calls to ncurses' reset or clear, also set the TERM variable to dump to
       not have unexpected output on stderr at logout time.
     - sshmasterconnection.cpp: check correct variable for validity: public key
       instead of private key (again.) Fixes: #945.
 .
   [ Klaus Ade Johnstad ]
   * New upstream version (4.0.5.1):
     - res/i18n/x2goclient_nb_no.ts: update Bokmål (Norway) translation file.
 .
   [ Heinrich Schuchardt ]
   * New upstream version (4.0.5.1):
     - sshmasterconnection.cpp: don't fetch invalid proxy socket. Fixes: #1000.
       From http://doc.qt.io/qt-4.8/qabstractsocket.html#socketDescriptor:
       The socket descriptor is not available when QAbstractSocket is in
       UnconnectedState.
       So we have to connect to the proxy server first before retrieving the
       native socket.
 .
   [ Daniel Lindgren ]
   * New upstream version (4.0.5.1):
     - res/i18n/x2goclient_sv.ts: update Swedish translation file.
 .
   [ Sébastien Ducoulombier ]
   * New upstream version (4.0.5.1):
     - res/i18n/x2goclient_fr.ts: update French translation file.
 .
   [ Jos Wolfkamp ]
   * New upstream version (4.0.5.1):
     - res/i18n/x2goclient_nl.ts: update Dutch translation file.
 .
   [ Stefan Baur ]
   * New upstream release (4.0.5.1):
     - res/i18n/x2goclient_de.ts: update German translation file.
 .
   [ Ricardo Díaz Martín ]
   * New upstream release (4.0.5.1):
     - res/i18n/x2goclient_es.ts: update Spanish translation file.


Message sent on to Orion Poplawski <orion@cora.nwra.com>:
Bug#928. (Thu, 24 Mar 2016 20:40:40 GMT) (full text, mbox, link).


Marked Bug as done Request was from X2Go Release Manager <git-admin@x2go.org> to control@bugs.x2go.org. (Thu, 24 Mar 2016 20:40:46 GMT) (full text, mbox, link).


Notification sent to Orion Poplawski <orion@cora.nwra.com>:
Bug acknowledged by developer. (Thu, 24 Mar 2016 20:40:46 GMT) (full text, mbox, link).


Bug archived. Request was from Debbugs Internal Request <owner@bugs.x2go.org> to internal_control@bugs.x2go.org. (Fri, 22 Apr 2016 05:24:02 GMT) (full text, mbox, link).


Send a report that this bug log contains spam.


X2Go Developers <owner@bugs.x2go.org>. Last modified: Tue Sep 10 21:12:08 2024; Machine Name: ymir.das-netzwerkteam.de

X2Go Bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.