Package: x2goclient; Maintainer for x2goclient is X2Go Developers <x2go-dev@lists.x2go.org>; Source for x2goclient is src:x2goclient.
Reported by: Andrew Cherry <acherry@alcf.anl.gov>
Date: Fri, 20 Nov 2015 17:05:02 UTC
Severity: normal
Tags: pending
Found in version 4.0.5.1
Fixed in version 4.1.1.0
Done: X2Go Release Manager X2Go Release Manager <git-admin@x2go.org>
Bug is archived. No further changes may be made.
View this report as an mbox folder, status mbox, maintainer mbox
Report forwarded
to x2go-dev@lists.x2go.org, X2Go Developers <x2go-dev@lists.x2go.org>
:
Bug#966
; Package x2goclient
.
(Fri, 20 Nov 2015 17:05:02 GMT) (full text, mbox, link).
Acknowledgement sent
to Andrew Cherry <acherry@alcf.anl.gov>
:
New Bug report received and forwarded. Copy sent to X2Go Developers <x2go-dev@lists.x2go.org>
.
(Fri, 20 Nov 2015 17:05:02 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.x2go.org (full text, mbox, reply):
Package: x2goclient Version: 4.0.5.1 On our systems, security policy requires us to use OTP tokens for login, which means that all SSH connections are keyboard-interactive. In addition, we use /etc/issue.net to print a warning banner before the SSH password prompt. When x2goclient connects, the string variable containing the output for the password prompt ('pr' in sshmasterconnection.cpp) includes the banner as well, and since the check for "Password: " is a strict equality check, the password prompt is not recognized. The simple patch below seems to do the trick to get around this issue: --- sshmasterconnection.cpp 2015-11-20 11:37:44.000000000 -0500 +++ /Users/acherry/sshmasterconnection.cpp 2015-11-20 11:37:24.000000000 -0500 @@ -866,7 +866,7 @@ x2goDebug<<"Prompt[0]: |"<<prompt<<"|"<<endl; #endif QString pr=prompt; - if(pr=="Password: ") + if(pr.endsWith("Password: ")) { #ifdef DEBUG x2goDebug<<"Password request"<<endl; @@ -874,7 +874,7 @@ ssh_userauth_kbdint_setanswer(my_ssh_session,0,pass.toAscii()); return userChallengeAuth(); } - if(pr=="Verification code: ") + if(pr.endsWith("Verification code: ")) { #ifdef DEBUG x2goDebug<<"Verification code request"<<endl;
Information forwarded
to x2go-dev@lists.x2go.org, X2Go Developers <x2go-dev@lists.x2go.org>
:
Bug#966
; Package x2goclient
.
(Sat, 17 Sep 2016 14:00:02 GMT) (full text, mbox, link).
Acknowledgement sent
to Mike DePaulo <mikedep333@gmail.com>
:
Extra info received and forwarded to list. Copy sent to X2Go Developers <x2go-dev@lists.x2go.org>
.
(Sat, 17 Sep 2016 14:00:03 GMT) (full text, mbox, link).
Message #10 received at 966@bugs.x2go.org (full text, mbox, reply):
Hi Andrew, Sorry for the long delay. I ran a test with X2Go Client 4.0.5.1, and the connection was successful. This is the output from the command-line ssh: $ ssh 192.168.1.20 Test banner! Password: Last login: Sat Sep 17 09:43:55 2016 [mike@dropship ~]$ Note that the banner is configured with "Banner /etc/issue.net" in sshd_config. Also note that there has been restructuring of our code, both before and after 4.0.5.1's release, to improve our handling of keyboard-interactive authentication. Specifically, commits 10405481 & c5ee1ba6 (2016-01-29, before 4.0.5.1) and 044f22fd (2016-06-19, after 4.0.5.1, part of bug #1027). If you are still having trouble, please copy & paste the output from the command-line ssh. If you have Windows clients, use cygwin ssh. Also, please confirm that you are using "Banner /etc/issue.net" in order to display the banner. -Mike
Information forwarded
to x2go-dev@lists.x2go.org, X2Go Developers <x2go-dev@lists.x2go.org>
:
Bug#966
; Package x2goclient
.
(Tue, 29 Aug 2017 17:05:01 GMT) (full text, mbox, link).
Acknowledgement sent
to "Cherry, Andrew J." <acherry@alcf.anl.gov>
:
Extra info received and forwarded to list. Copy sent to X2Go Developers <x2go-dev@lists.x2go.org>
.
(Tue, 29 Aug 2017 17:05:02 GMT) (full text, mbox, link).
Message #15 received at 966@bugs.x2go.org (full text, mbox, reply):
I've done some additional testing, prompted by your mention of the banner being configured using the Banner option in sshd_config. It turns out we are *not* using the sshd config option -- instead, we are displaying the banner using the pam_echo module, configured with the following line in /etc/pam.d/sshd: auth optional pam_echo.so file=/etc/issue.net What I've found so far is that the same /etc/issue.net plays nice with x2go when configured via the Banner option, but causes an auth failure when configured using pam_echo.so. I'm going to do some more digging to see if I can figure out what the difference is. Oddly, if I cut/paste the output from the OpenSSH client (on Linux) up to and including the Password: prompt, and do a diff between the two, they are byte-for-byte identical. By the way, the reason we use pam_echo.so instead of the Banner option is because we actually have two banners -- /etc/issue/net for the standard security boilerplate which is always displayed, and /etc/issue.alcf which is normally empty but is populated with information during our scheduled maintenance windows when logins are disabled. However, I've confirmed that the problem still occurs even if I configure pam_echo.so to only display /etc/issue.net -Andrew
Information forwarded
to x2go-dev@lists.x2go.org, X2Go Developers <x2go-dev@lists.x2go.org>
:
Bug#966
; Package x2goclient
.
(Tue, 29 Aug 2017 20:20:01 GMT) (full text, mbox, link).
Acknowledgement sent
to "Cherry, Andrew J." <acherry@alcf.anl.gov>
:
Extra info received and forwarded to list. Copy sent to X2Go Developers <x2go-dev@lists.x2go.org>
.
(Tue, 29 Aug 2017 20:20:02 GMT) (full text, mbox, link).
Message #20 received at 966@bugs.x2go.org (full text, mbox, reply):
One more note about reproducing this -- I've found that pam_echo.so only prints the banner *before* the password prompt if sshd is configured with "ChallengeResponseAuthentication yes" (which we happen to have due to our CryptoCard token usage). -Andrew > On Aug 29, 2017, at 12:52 PM, Cherry, Andrew J. <acherry@alcf.anl.gov> wrote: > > I've done some additional testing, prompted by your mention of the banner being configured using the Banner option in sshd_config. It turns out we are *not* using the sshd config option -- instead, we are displaying the banner using the pam_echo module, configured with the following line in /etc/pam.d/sshd: > > auth optional pam_echo.so file=/etc/issue.net > > What I've found so far is that the same /etc/issue.net plays nice with x2go when configured via the Banner option, but causes an auth failure when configured using pam_echo.so. > > I'm going to do some more digging to see if I can figure out what the difference is. Oddly, if I cut/paste the output from the OpenSSH client (on Linux) up to and including the Password: prompt, and do a diff between the two, they are byte-for-byte identical. > > By the way, the reason we use pam_echo.so instead of the Banner option is because we actually have two banners -- /etc/issue/net for the standard security boilerplate which is always displayed, and /etc/issue.alcf which is normally empty but is populated with information during our scheduled maintenance windows when logins are disabled. However, I've confirmed that the problem still occurs even if I configure pam_echo.so to only display /etc/issue.net > > -Andrew >
Information forwarded
to x2go-dev@lists.x2go.org, X2Go Developers <x2go-dev@lists.x2go.org>
:
Bug#966
; Package x2goclient
.
(Wed, 30 Aug 2017 02:15:02 GMT) (full text, mbox, link).
Acknowledgement sent
to "Cherry, Andrew J." <acherry@alcf.anl.gov>
:
Extra info received and forwarded to list. Copy sent to X2Go Developers <x2go-dev@lists.x2go.org>
.
(Wed, 30 Aug 2017 02:15:02 GMT) (full text, mbox, link).
Message #25 received at 966@bugs.x2go.org (full text, mbox, reply):
I did some more experimentation, and it looks like the following specific conditions are needed to reproduce the problem we're having: 1. Banner configured in /etc/pam.d/sshd using pam_echo.so, e.g.: auth optional pam_echo.so file=/etc/issue.net 2. The following config changes in sshd_config: ChallengeResponseAuthentication yes PasswordAuthentication no > On Aug 29, 2017, at 4:17 PM, Cherry, Andrew J. <acherry@alcf.anl.gov> wrote: > > One more note about reproducing this -- I've found that pam_echo.so only prints the banner *before* the password prompt if sshd is configured with "ChallengeResponseAuthentication yes" (which we happen to have due to our CryptoCard token usage). > > -Andrew > >> On Aug 29, 2017, at 12:52 PM, Cherry, Andrew J. <acherry@alcf.anl.gov> wrote: >> >> I've done some additional testing, prompted by your mention of the banner being configured using the Banner option in sshd_config. It turns out we are *not* using the sshd config option -- instead, we are displaying the banner using the pam_echo module, configured with the following line in /etc/pam.d/sshd: >> >> auth optional pam_echo.so file=/etc/issue.net >> >> What I've found so far is that the same /etc/issue.net plays nice with x2go when configured via the Banner option, but causes an auth failure when configured using pam_echo.so. >> >> I'm going to do some more digging to see if I can figure out what the difference is. Oddly, if I cut/paste the output from the OpenSSH client (on Linux) up to and including the Password: prompt, and do a diff between the two, they are byte-for-byte identical. >> >> By the way, the reason we use pam_echo.so instead of the Banner option is because we actually have two banners -- /etc/issue/net for the standard security boilerplate which is always displayed, and /etc/issue.alcf which is normally empty but is populated with information during our scheduled maintenance windows when logins are disabled. However, I've confirmed that the problem still occurs even if I configure pam_echo.so to only display /etc/issue.net >> >> -Andrew >> >
Information forwarded
to x2go-dev@lists.x2go.org, X2Go Developers <x2go-dev@lists.x2go.org>
:
Bug#966
; Package x2goclient
.
(Fri, 01 Sep 2017 06:15:01 GMT) (full text, mbox, link).
Acknowledgement sent
to Mihai Moldovan <ionic@ionic.de>
:
Extra info received and forwarded to list. Copy sent to X2Go Developers <x2go-dev@lists.x2go.org>
.
(Fri, 01 Sep 2017 06:15:01 GMT) (full text, mbox, link).
Message #30 received at 966@bugs.x2go.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
On 08/30/2017 04:10 AM, Cherry, Andrew J. wrote: > I did some more experimentation, and it looks like the following specific > conditions are needed to reproduce the problem we're having: > > 1. Banner configured in /etc/pam.d/sshd using pam_echo.so, e.g.: > > auth optional pam_echo.so file=/etc/issue.net > > 2. The following config changes in sshd_config: > > ChallengeResponseAuthentication yes PasswordAuthentication no This sort of makes sense. If challenge response auth is turned on and normal password authentication is turned off, X2Go Client expects a certain challenge response string to come up. If none of the built-in strings match, authentication is marked as failed, since it cannot proceed with password authentication (i.e., the keyboard-interactive method.) The patch you initially provided merely ignores whatever data comes first and then matches on the password prompt. Am I correct that in any case challenge auth is being used? The problem certainly is that pam_echo.so outputs data before the prompt. I'm reluctant to apply your patch, since I'm not sure that this is actually good practice. Allowing arbitrary data before the password prompt doesn't make a lot of sense to me, although I could probably do that. We have a set of hardcoded prompts that are recognized as challenge auth prompts, namely these listed here: https://code.x2go.org/gitweb?p=x2goclient.git;a=blob;f=src/sshmasterconnection.cpp;h=0556299002e6402e332efe478d8ec7f83ab0ac57;hb=HEAD#l59 The requirement is that challenge auth prompts either contain *challenge* or that they *start* with the known prompts. Maybe it would make sense to check each consecutive *line* explicitly? Would that make sense to you? I guess that would fix your problem. Mihai
[signature.asc (application/pgp-signature, attachment)]
Information forwarded
to x2go-dev@lists.x2go.org, X2Go Developers <x2go-dev@lists.x2go.org>
:
Bug#966
; Package x2goclient
.
(Fri, 01 Sep 2017 06:35:01 GMT) (full text, mbox, link).
Acknowledgement sent
to Mihai Moldovan <ionic@ionic.de>
:
Extra info received and forwarded to list. Copy sent to X2Go Developers <x2go-dev@lists.x2go.org>
.
(Fri, 01 Sep 2017 06:35:01 GMT) (full text, mbox, link).
Message #35 received at 966@bugs.x2go.org (full text, mbox, reply):
tag #966 pending fixed #966 4.1.0.1 thanks Hello, X2Go issue #966 (src:x2goclient) reported by you has been fixed in X2Go Git. You can see the changelog below, and you can check the diff of the fix at: http://code.x2go.org/gitweb?p=x2goclient.git;a=commitdiff;h=ad62687 The issue will most likely be fixed in src:x2goclient (4.1.0.1). light+love X2Go Git Admin (on behalf of the sender of this mail) --- commit ad6268711062cbabbe0ec67d67d1f0df38b43217 Author: Mihai Moldovan <ionic@ionic.de> Date: Fri Sep 1 08:32:14 2017 +0200 src/sshmasterconnection: ignore "garbage", but require at least one line to start with a known challenge auth prompt. Fixes: #966. diff --git a/debian/changelog b/debian/changelog index 0b11622..9ed36f0 100644 --- a/debian/changelog +++ b/debian/changelog @@ -182,6 +182,8 @@ x2goclient (4.1.0.1-0x2go1) UNRELEASED; urgency=medium effect on this behavior, so removing it again. - Makefile: add comment explaining why we need to do this in the first place and why it's so complicated. + - src/sshmasterconnection: ignore "garbage", but require at least one line + to start with a known challenge auth prompt. Fixes: #966. * x2goclient.spec: - Respect %{optflags} and pass QMAKE_STRIP=: to fix missing debug info issues.
Added tag(s) pending.
Request was from Mihai Moldovan <ionic@ionic.de>
to control@bugs.x2go.org
.
(Fri, 01 Sep 2017 06:35:02 GMT) (full text, mbox, link).
Marked as fixed in versions 4.1.0.1.
Request was from Mihai Moldovan <ionic@ionic.de>
to control@bugs.x2go.org
.
(Fri, 01 Sep 2017 06:35:02 GMT) (full text, mbox, link).
Message sent on
to Andrew Cherry <acherry@alcf.anl.gov>
:
Bug#966.
(Fri, 01 Sep 2017 06:35:02 GMT) (full text, mbox, link).
No longer marked as fixed in versions 4.1.0.1.
Request was from Mihai Moldovan <ionic@ionic.de>
to control@bugs.x2go.org
.
(Sun, 29 Oct 2017 07:20:01 GMT) (full text, mbox, link).
Marked as fixed in versions 4.1.1.0.
Request was from Mihai Moldovan <ionic@ionic.de>
to control@bugs.x2go.org
.
(Sun, 29 Oct 2017 07:20:01 GMT) (full text, mbox, link).
Information forwarded
to x2go-dev@lists.x2go.org, X2Go Developers <x2go-dev@lists.x2go.org>
:
Bug#966
; Package x2goclient
.
(Sun, 29 Oct 2017 07:50:09 GMT) (full text, mbox, link).
Acknowledgement sent
to X2Go Release Manager X2Go Release Manager <git-admin@x2go.org>
:
Extra info received and forwarded to list. Copy sent to X2Go Developers <x2go-dev@lists.x2go.org>
.
(Sun, 29 Oct 2017 07:50:09 GMT) (full text, mbox, link).
Message #51 received at 966@bugs.x2go.org (full text, mbox, reply):
close #966 thanks Hello, we are very hopeful that X2Go issue #966 reported by you has been resolved in the new release (4.1.1.0) of the X2Go source project »src:x2goclient«. You can view the complete changelog entry of src:x2goclient (4.1.1.0) below, and you can use the following link to view all the code changes between this and the last release of src:x2goclient. http://code.x2go.org/gitweb?p=x2goclient.git;a=commitdiff;h=eafcb63c2ac63ae7ce43886949945e710c81bd3d;hp=add03ee78f3dcbee3317bf17a08dcb2cbeb12ee7 If you feel that the issue has not been resolved satisfyingly, feel free to reopen this bug report or submit a follow-up report with further observations described based on the new released version of src:x2goclient. Thanks a lot for contributing to X2Go!!! light+love X2Go Git Admin (on behalf of the sender of this mail) --- X2Go Component: src:x2goclient Version: 4.1.1.0-0x2go1 Status: RELEASE Date: Sun, 29 Oct 2017 08:43:45 +0100 Fixes: 31 499 592 870 930 966 1093 1100 1119 1121 1152 1165 1185 1186 Changes: x2goclient (4.1.1.0-0x2go1) RELEASED; urgency=medium . [ Mihai Moldovan ] * New upstream version (4.1.1.0): - src/sshmasterconnection.cpp: use ssh_channel_listen_forward () instead of ssh_forward_listen () for newer libssh versions. Fixes: #870. - src/sshmasterconnection.cpp: with libssh 0.6.0 and newer, get the public key via ssh_get_server_publickey () (0.8.0 and higher) or ssh_get_publickey () (0.7.x and lower) and its hash via ssh_get_publickey_hash () instead of using the deprecated ssh_get_pubkey_hash () function. Additionally, replace free () with the more appropriate ssh_string_free_char () function after using ssh_get_hexa (). This will break on very old systems with a hopelessly outdated libssh version, but we do not care about these systems in the first place. - src/sshmasterconnection.cpp: replace string_free () with its successor ssh_string_free (). Will break on ancient systems, but we don't care. - src/sshmasterconnection.cpp: replace deprecated channel_new () function with ssh_channel_new (). Might break on ancient systems, but we don't care. Also, add error handling in case ssh_channel_new () failed... - src/sshmasterconnection.cpp: replace deprecated channel_open_forward () function with ssh_channel_open_forward (). Might break on ancient systems, but we don't care. - src/sshmasterconnection.cpp: replace deprecated channel_open_session () function with ssh_channel_open_session (). Might break on ancient systems, but we don't care. - src/sshmasterconnection.cpp: replace deprecated channel_request_exec () function with ssh_channel_request_exec (). Might break on ancient systems, but we don't care. - src/sshmasterconnection.cpp: replace deprecated channel_poll () function with ssh_channel_poll (). Might break on ancient systems, but we don't care. - src/sshmasterconnection.cpp: replace deprecated channel_read () function with ssh_channel_read (). Might break on ancient systems, but we don't care. - src/sshmasterconnection.cpp: replace deprecated channel_is_eof () function with ssh_channel_is_eof (). Might break on ancient systems, but we don't care. - src/sshmasterconnection.cpp: replace deprecated channel_write () function with ssh_channel_write (). Might break on ancient systems, but we don't care. - src/sshmasterconnection.cpp: replace deprecated channel_send_eof () function with ssh_channel_send_eof (). Might break on ancient systems, but we don't care. - src/sshmasterconnection.cpp: replace deprecated channel_close () function with ssh_channel_close (). Might break on ancient systems, but we don't care. - src/sshmasterconnection.cpp: replace deprecated channel_free () function with ssh_channel_free (). Might break on ancient systems, but we don't care. - src/sshmasterconnection.cpp: use QString::arg () to insert function name and thus deduplicate error translation messages. Also re-add the full stop sign and remove it when needed for x2goDebug. - src/sshmasterconnection.cpp: fix up some debug strings. - src/sshmasterconnection.cpp: port more occurrences of "QString to C string" akin to 1b21d75f2c10609f3586f5b5e0b4ceb7fca83fdd. - src/sshmasterconnection.cpp: enable parsing of ~/.ssh/config. Fixes: #1121. Shorthands as host names and other bells and whistles like inferred port or user name values are now supported. - src/{onmainwindow,httpbrokerclient}.cpp: fix up error/warning message displayed when the server-specified key is unknown, but we have another key type stored already. - src/pulsemanager.cpp: fix up a debug string. Qt drops a space where I'd like to have one and inserts a space where I'd like none, so work around that fancifully. - src/sshmasterconnection.cpp: libssh < 0.6.0 does not have the ssh_options_get () API, but instead expects users to pull out information directly from the ssh_session structure. This fixes compile issues on systems with older libssh versions. - src/sshmasterconnection.cpp: turns out libssh < 0.6.0 doesn't support fetching the host, port and username parameters at all. We're in the clear for non-SSH-proxied connections and can use config file parsing, but have to disable config file parsing in the proxy settings, as there's no way to query the remote endpoint information. As a result we will be unable to open a new socket to the remote endpoint and proxying will fail badly. - src/x2goutils.cpp: ensure that add_to_path () also processes the first value passed. Fixes startup problems in MacPorts. Fixes: #1093. - res/i18n/x2goclient_et.ts: various fixups for the Estonian translation file. - res/i18n/x2goclient_*.ts: go the extra mile and fix up translation files manually after the "anothertype" fix in 8e503d89ee2d03a313c3deff11f0516fce503022. - {src/{onmainwindow,httpbrokerclient}.cpp,res/i18n/x2goclient_*.ts}: fix another occurrence of a string missing a space separator between words and update translation files. - src/onmainwindow.cpp: don't duplicate depth warning message needlessly, use correct plural forms in translations and split string up in a translation-friendly form. I'll leave translators to handle this beast, as languages are unique in the number of plural forms and the like. - {src/printdialog.cpp,res/i18n/x2goclient_*.ts}: drop spurious left-over parenthesis in warning message and adapt translations. - src/onmainwindow.cpp: make the "not loading translator" message non-translatable, as it doesn't make a lot of sense to actually translate it. - {src/{configdialog,x2goutils}.cpp,res/i18n/x2goclient_*.ts}: change XQuartz project homepage references, adapt translations. - src/pulsemanager.{cpp,h}: make get_* () functions const. - src/pulsemanager.{cpp,h}: make is_server_running () const. - src/pulsemanager.{cpp,h}: add new pulse_version_valid_ boolean class member variable, set it correctly and use it whenever the version is accessed. - src/pulsemanager.cpp: make fetch_pulseaudio_version () more resilient. Instead of aborting hard when the version number could not be detected, break out of the loops only. We can make stuff work, even if the version is unknown. Or just continue without PA support as such. - src/pulsemanager.{cpp,h}: add show_startup_warning () for both PA server and (debug) startup sound playback. - src/pulsemanager.cpp: check server_binary_ before using it and jump over code that assumes the PA server binary to be available. - src/pulsemanager.cpp: don't fail hard on OS X if the PA server binary could not be found in the constructor. We can live without PA and will show a warning message to the user later on when PA is supposed to be started. - src/pulsemanager.cpp: deduplicate warning/error messages - make use of show_startup_warning (). This does imply changes to the translation files, coming up next. - res/i18n/x2goclient_*.ts: regenerate translation files and fix up some SSH and PulseManager messages manually, where possible. - src/x2ogutils.h: guard UNUSED macro definition. - {macbuild.sh,src/{x2goutils.h,{pulsemanager,onmainwindow}.cpp}, x2goclient.pro}: make MacPorts prefix selectable at compile time. Much cleaner for downstream package maintainers (like, for instance, MacPorts itself.) - res/i18n/x2goclient_fi.ts: remove outdated comment. - src/sshprocess.cpp: bind direct tunnel socket to localhost instead of any address. Fixes: #31. - src/onmainwindow.cpp: check for sessionExplorer->getLastSession() to be valid in all places but obvious ones. Fixes: #499. - src/sshmasterconnection.cpp: use new PKI-based libssh API for public key authentication for libssh 0.6.0 and higher. Fixes: #1119. - src/sshmasterconnection.cpp: add YubiKey challenge auth prompt. - src/sshmasterconnection.cpp: fix compile errors on pre-libssh-0.6.0 systems and add a TOCTU-race check to see if the file exists prior to calling privatekey_from_file () on such systems. Additionally fix a type issue. - macbuild.sh: fix long-standing issue that made the DMG bundle contain a symlink made up of only a space to /Applications. - res/img/icons/dmg: add new image disk.svg, used as the basis for the new OS X DMG bundle icon. - res/img/icons/dmg: add new disk-drive-and-x2goclient icon for use as the volume icon of the OS X DMG bundle. - macbuild.sh: use the new volume icon that actually also looks like a disk drive. Fixes: #930. - src/onmainwindow.cpp: typo fix only. - src/onmainwindow.cpp: do not automatically set login user name to current system user if empty. Unbreaks default user name fetching via libssh. Might break some use cases (especially RDP, XDMCP). - src/x2goclient.cpp: revert change bypassing the UNIX cleanup helper. - src/onmainwindow.cpp: revert old behavior and select user name field after a session has been suspended/terminated if user name was not provided. Do not insert an user name, though, but leave it to autodetection by default. - src/sshmasterconnection.cpp: fix SSH-proxied connections with port numbers of zero. In order to authenticate the remote server, SSH-proxied connections must be reset to their remote host and port values after connecting via the SSH tunnel. If the original port value was zero, setting it was skipped, leading to connections like $REMOTE_HOST:$PROXY_PORT, which is certainly wrong. Fetch the inferred port value and set this instead, fixing this issue. - Makefile: add new QMAKE_OPTS variable so that packagers can pass additional options to qmake directly. - src/sshmasterconnection.cpp: typo fix in log message only. - src/sshmasterconnection.cpp: don't leak ssh_session data, free it once we're done with it. - Makefile: qmake seems to act weird if QMAKE_C(XX)FLAGS starts with a space followed by additional non-whitespace characters. Refactor the variables a bit to work around this issue. - Makefile: turns out the only somewhat portable way to do something like this is via shell hackery. - Makefile: reset to the original state and make sure that we don't pass CXXFLAGS on to the actual build process to not override the values generated by qmake. - Makefile: the only way to prevent variables on the command line to be passed down seems to be to remove them from MAKEOVERRIDES. .MAKEOVERRIDES is the FreeBSD-make-equivalent variable. MAKEFLAGS has no effect on this behavior, so removing it again. - Makefile: add comment explaining why we need to do this in the first place and why it's so complicated. - src/sshmasterconnection: ignore "garbage", but require at least one line to start with a known challenge auth prompt. Fixes: #966. - x2goclient.pro: add libssh_threads library. We need this since X2Go Client is multi-threaded. - copy-deps-win32.bat: also copy libssh_threads.dll to go with the previous change. - src/{onmainwindow,sshmasterconnection}.{cpp,h}: correctly initialize and finalize libssh. We ought to do both only once - in our main thread. Previously, we initialized libssh in a new thread, which might be problematic. - src/sessionexplorer.cpp: open the correct tab when editing a session from the exports menu. - src/onmainwindow.cpp: try to workaround window placement if settings contain a (newly) invalid position (e.g., a position that refers to a disconnected display.) - src/onmainwindow.cpp: try to find a display that can hold the window's position fetched from the sizes settings. Use the default if none could be found. - src/onmainwindow.cpp: fix up main window position check; use QRect.intersects (). - src/pulsemanager.{cpp,h}: rename shutdownState to shutdown_state_, reorder in initializer list. - res/i18n/: regenerate translations. - res/i18n/x2goclient_es.ts: fixup Spanish translation file. - res/i18n/x2goclient_et.ts: fixup some typos in the Estonian translation file. - res/i18n/x2goclient_sv.ts: add singular form to translation entry as discussed on list. - res/i18n/x2goclient_es.ts: add singular form to translation entry as discussed off list. - res/i18n/x2goclient_nl.ts: various fixups for Dutch translation file. - res/i18n/x2goclient_nb_no.ts: various fixups for Bokmål (Norway) translation file. - res/i18n/x2goclient_nl.ts: fix whitespace issues in Dutch translation file and re-add numerus form translation. - res/i18n/x2goclient_nb_no.ts: various fixups for Bokmål (Norway) translation file, including numerus form. - src/sshmasterconnection.cpp: for proxied connections, fetch the user name matching the given host, not proxy host. - res/i18n/x2goclient_fi.ts: various fixups for Finnish translation file. - res/i18n/x2goclient_fi.ts: another tiny whitespace fixup for Finnish translation file. - src/onmainwindow.cpp: fix "XMDCP" typo. - res/i18n/x2goclient_de.ts: various fixups for German translation file. - src/onmainwindow.cpp: fix "loose" vs. "lose" spelling mistake. - res/i18n/x2goclient_et.ts: remove obsolete and wrongly capitalized "x2go" part from an Estonian translation message. - res/i18n/x2goclient_sv.ts: minor whitespace fixup. - res/i18n/x2goclient_*.ts: apply "XMDCP" -> "XDMCP" fix manually to translation files. - res/i18n/x2goclient_nb_no.ts: remove obsolete comments (leading to problems when regenerating translation files.) - res/i18n/x2goclient_nl.ts: remove obsolete comments (leading to problems when regenerating translation files.) - res/i18n/x2goclient_*.ts: regenerate translations. - res/i18n/x2goclient_fi.ts: various fixups for Finnish translation file. - src/sshmasterconnection.cpp: spelling fix. (Quiting -> Quitting) - x2gobrowserplugin-2.4_1/src/qtbrowserplugin.cpp: spelling fix. (convertable -> convertible) * x2goclient.spec: - Respect %{optflags} and pass QMAKE_STRIP=: to fix missing debug info issues. . [ Oleksandr Shneyder ] * New upstream version (4.1.1.0): - Interaction with SSH server (for example for changing expired password). Fixes: #592. - Fixing setting widget style issue in InteractionDialog on Windows client. - SSH Interaction for SSH Broker and SSH Server. - SSH Iteraction for method keyboard-interactive. - Move PulseManager MsgBox functions to main window: GUI functions should be used only from main thread. - Check "norecord" option on the first start of PulseAudio. - Disable/Enable PulseAudio in config dialog. New command line options: --disable-pulse to disable start of PulseAudio --disable-pulse-record to disable audio input. - Check if PulseAudio running at session start and resuming when sound is enabled. Show warning if PulseAudio not running and disable the sound support for the session to avoid session freezes. - Add session config file option "sshproxysamekey". With this option client will use for proxy authentication same key as for X2Go server. This is important in first case for broker users, where key can be generated "on the fly". Maybe it makes sence to add this option in UI and command line later. - Correct negative display coordinates for FS sessions. . [ Robert Parts ] * New upstream version (4.1.1.0): - res/i18n/x2goclient_et.ts: update Estonian translation file. - res/i18n/x2goclient_et.ts: update Estonian translation file. . [ Martti Pitkänen ] * New upstream version (4.1.1.0): - res/i18n/x2goclient_fi.ts: update Finnish translation file. - res/i18n/x2goclient_fi.ts: update Finnish translation file. - res/i18n/x2goclient_fi.ts: update Finnish translation file. . [ Mike DePaulo ] * New upstream version (4.1.1.0): - Windows: Upgrade PulseAudio from 6.0 to 7.1 Fixes: #1152 Issues with audio when playing HTML5 videos - Windows: Remove uninstaller from start menu. It is still available in "Programs and Features". - Windows: Upgrade Win32 OpenSSL from 1.0.1t to 1.0.2k Fixes numerous CVEs - Windows: Upgrade libssh from 0.7.0 to 0.7.4 (while maintaining Pageant support). The possibly relevant changes are: + CVE-2016-0739 was fixed + improved id_ed25519 support + numerous bug fixes - Windows: Update PuTTY from 0.67 to 0.68 The possibly relevant changes are: + CVE-2016-6167 was fixed (did not affect X2Go Client by default because the installation dir is not writeable by users) + CVE-2017-6542 was fixed - Don't override PATH for the actual session or application command. Fixes: #1100 . [ Walid Moghrabi ] * New upstream version (4.1.1.0): - {src/{help.cpp,onmainwindow.{cpp,h}},man/man1/x2goclient.1}: let --background take a directory and randomly pick an SVG file in there. Fixes: #1165. - {src/{help.cpp,onmainwindow.{cpp,h}},man/man1/x2goclient.1}: pass-through broker credentials when connecting to a direct RDP session. Fixes: #1185. Adds a new --broker-use-creds-for-session parameter. - src/onmainwindow.cpp: support --close-disconnect for direct RDP sessions. Fixes: #1186. . [ Daniel Lindgren ] * New upstream version (4.1.1.0): - res/i18n/x2goclient_sv.ts: update Swedish translation file. . [ Ricardo Díaz Martín ] * New upstream release (4.1.1.0): - res/i18n/x2goclient_es.ts: update Spanish translation file. . [ Jos Wolfkamp ] * New upstream version (4.1.1.0): - res/i18n/x2goclient_nl.ts: update Dutch translation file. - res/i18n/x2goclient_nl.ts: update Dutch translation file. . [ Klaus Ade Johnstad ] * New upstream version (4.1.1.0): - res/i18n/x2goclient_nb_no.ts: update Bokmål (Norway) translation file. - res/i18n/x2goclient_nb_no.ts: update Bokmål (Norway) translation file. . [ Stefan Baur ] * New upstream release (4.1.1.0): - res/i18n/x2goclient_de.ts: update German translation file. . [ Sébastien Ducoulombier ] * New upstream version (4.1.1.0): - res/i18n/x2goclient_fr.ts: update French translation file.
Marked Bug as done
Request was from X2Go Release Manager X2Go Release Manager <git-admin@x2go.org>
to control@bugs.x2go.org
.
(Sun, 29 Oct 2017 07:50:10 GMT) (full text, mbox, link).
Notification sent
to Andrew Cherry <acherry@alcf.anl.gov>
:
Bug acknowledged by developer.
(Sun, 29 Oct 2017 07:50:11 GMT) (full text, mbox, link).
Message sent on
to Andrew Cherry <acherry@alcf.anl.gov>
:
Bug#966.
(Sun, 29 Oct 2017 07:50:20 GMT) (full text, mbox, link).
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.x2go.org>
to internal_control@bugs.x2go.org
.
(Mon, 27 Nov 2017 06:24:03 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.