From mikedep333@gmail.com Mon Oct 20 15:18:10 2014 Received: (at submit) by bugs.x2go.org; 20 Oct 2014 13:18:11 +0000 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on ymir.das-netzwerkteam.de X-Spam-Level: X-Spam-Status: No, score=0.8 required=5.0 tests=BAYES_50,FREEMAIL_FROM, T_DKIM_INVALID,URIBL_BLOCKED autolearn=ham version=3.3.2 Received: from mail-wg0-f51.google.com (mail-wg0-f51.google.com [74.125.82.51]) by ymir.das-netzwerkteam.de (Postfix) with ESMTPS id F37865DB47 for ; Mon, 20 Oct 2014 15:18:09 +0200 (CEST) Received: by mail-wg0-f51.google.com with SMTP id b13so5421506wgh.22 for ; Mon, 20 Oct 2014 06:18:09 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:date:message-id:subject:from:to:content-type; bh=yf0UXX2gwuwqXuI4vXxXcEJCoGWV2OMPd0OclqWX26Y=; b=Cv+FBkY1RS0Ym5RXxEV/TyfwlnS+0AFvkdqg0fgVk8TDiWkLH1m1S/2a5MUpAcLG5c baBgfuMU/BjHvbZtKvIK60mpeNr5zNCyh3234SB59xG5hvt3FTTeQNfsKUiXVM0MFO3V wAWMNhuZ6Mxp7+TsD63tSAUvF7ZeMXTxjBkm3oLPT8CNegOMvRUvXadFrV933wF9viph pHbKbyM6TU93xP3Jasy3t/0oU4JvM0Do7JUOVAtU0J7XZJOMGE9FPnit2jPe+yBVPhfK jX4dvli2s8OjenOsA1PLcrHuNpXoaHAFBUPpm0Su81iv9OMM6/eQ7KSRQPsrREyev+KN FOwg== MIME-Version: 1.0 X-Received: by 10.194.239.10 with SMTP id vo10mr33450327wjc.29.1413811089600; Mon, 20 Oct 2014 06:18:09 -0700 (PDT) Received: by 10.180.211.11 with HTTP; Mon, 20 Oct 2014 06:18:09 -0700 (PDT) Date: Mon, 20 Oct 2014 09:18:09 -0400 Message-ID: Subject: PyHoca-GUI for Windows 0.5.0.0-pre02 has PyCrypto 2.6.0 with CVE-2013-1445 From: Michael DePaulo To: submit@bugs.x2go.org Content-Type: text/plain; charset=UTF-8 package: pyhoca-gui version: 0.5.0.0-pre02 NOTE: This bug is specifically about the Windows builds of PyHoca-GUI. When I built PyHoca-GUI 0.5.0.0-pre02 for for Windows, I used the latest Windows build of PyCrypto, 2.6, available here (and linked to from the wiki): http://www.voidspace.org.uk/python/modules.shtml#pycrypto Unfortunately, there is a vulnerability (CVE-2013-1445) in 2.6. 2.6.1 was released to fix it: https://github.com/dlitz/pycrypto/blob/7fd528d03b5eae58eef6fd219af5d9ac9c83fa50/ChangeLog I am attempting to find a Windows build of PyCrypto 2.6.1 for Python 2.7 32-bit. This is blocking my release of PyHoca-GUI 0.5.0.0 for Windows. if I cannot find one, I will try to build PyCrypto 2.6.1 myself. I welcome any help. -Mike#2 From mikedep333@gmail.com Mon Oct 20 15:34:36 2014 Received: (at 646) by bugs.x2go.org; 20 Oct 2014 13:34:37 +0000 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on ymir.das-netzwerkteam.de X-Spam-Level: X-Spam-Status: No, score=0.8 required=5.0 tests=BAYES_50,FREEMAIL_FROM, T_DKIM_INVALID,URIBL_BLOCKED autolearn=ham version=3.3.2 Received: from mail-wi0-f173.google.com (mail-wi0-f173.google.com [209.85.212.173]) by ymir.das-netzwerkteam.de (Postfix) with ESMTPS id 7EA945DB47 for <646@bugs.x2go.org>; Mon, 20 Oct 2014 15:34:36 +0200 (CEST) Received: by mail-wi0-f173.google.com with SMTP id fb4so7177848wid.0 for <646@bugs.x2go.org>; Mon, 20 Oct 2014 06:34:35 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:date:message-id:subject:from:to:content-type; bh=Z6MokwED/dVQ0IfTrhzYEUC39rJleQex+R/s4W/9sG4=; b=LyFDMqP45bNOSCBpKElSs6WHh8errTaTw3XJxd6bUVKf71PKbLJSgcrMOze5mRcBXs nV71zVfrxUUsXuq657nYRULorDQ7UtIWgbyII5/XpjYYUQTWzwValy6SD0eaZ9RaWbZL DBEDbL3v8nkRjKud7Ut2jyItPmLP9I/KFCX34tV7KayL3EB+BA8JqCO2+KFLPwhUOCO2 y+1gyKKV+0yhcQHMw63uQMxfpH/wx14gmCJj5rhWiCKxk1bB6m/ZZhFZhkwH2yt35L8h ogV/bhhIshsm+HHKAE22rJn7+Hflr464yj+2zeti6Gz0VT5DDTzShGkqY/XM7KLmC590 ZF6A== MIME-Version: 1.0 X-Received: by 10.194.239.10 with SMTP id vo10mr33593455wjc.29.1413812075667; Mon, 20 Oct 2014 06:34:35 -0700 (PDT) Received: by 10.180.211.11 with HTTP; Mon, 20 Oct 2014 06:34:35 -0700 (PDT) Date: Mon, 20 Oct 2014 09:34:35 -0400 Message-ID: Subject: Found a build! From: Michael DePaulo To: 646@bugs.x2go.org Content-Type: text/plain; charset=UTF-8 http://blog.tkbe.org/archive/pre-compiled-binaries-for-pycrypto-2-6-1-py27-on-win7/ In case that blog ever goes down, here are the direct links and md5sums: https://www.dropbox.com/s/8kf7vrlc59bxqi3/pycrypto-2.6.1-cp27-none-win32.whl?dl=0 aa791ce84cc2713f468fcc759154f47f https://www.dropbox.com/s/nd6h6ay0z4u6u0o/pycrypto-2.6.1.win32-py2.7.exe?dl=0 1a8cec46705cc83fcd77d24b6c9d079c From x2go@ymir.das-netzwerkteam.de Sat Jan 24 21:04:15 2015 Received: (at 646) by bugs.x2go.org; 24 Jan 2015 20:04:32 +0000 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on ymir.das-netzwerkteam.de X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,FREEMAIL_FROM, NO_RELAYS,URIBL_BLOCKED autolearn=unavailable version=3.3.2 Received: by ymir.das-netzwerkteam.de (Postfix, from userid 1005) id 2C1683BC69; Sat, 24 Jan 2015 21:04:15 +0100 (CET) From: Mike DePaulo To: 646-submitter@bugs.x2go.org Cc: control@bugs.x2go.org, 646@bugs.x2go.org Subject: X2Go issue (in src:pyhoca-gui) has been marked as pending for release Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: 8bit X-Mailer: http://snipr.com/post-receive-tag-pending Message-Id: <20150124200415.2C1683BC69@ymir.das-netzwerkteam.de> Date: Sat, 24 Jan 2015 21:04:15 +0100 (CET) tag #646 pending fixed #646 0.5.0.4 thanks Hello, X2Go issue #646 (src:pyhoca-gui) reported by you has been fixed in X2Go Git. You can see the changelog below, and you can check the diff of the fix at: http://code.x2go.org/gitweb?p=pyhoca-gui.git;a=commitdiff;h=06284de The issue will most likely be fixed in src:pyhoca-gui (0.5.0.4). light+love X2Go Git Admin (on behalf of the sender of this mail) --- commit 06284de76076ac1cd27b7a979ca7087498e41f40 Author: Mike DePaulo Date: Sat Jan 24 15:03:49 2015 -0500 Update changelog about Python (lib) updates diff --git a/debian/changelog b/debian/changelog index 3b15a2e..6decc15 100644 --- a/debian/changelog +++ b/debian/changelog @@ -27,6 +27,9 @@ pyhoca-gui (0.5.0.4-0x2go1) UNRELEASED; urgency=medium - Windows: Update nxproxy's Cygwin libraries from the latest versions as of 2014-06-09 to the latest versions as of 2014-10-18. + - Windows: Update python from 2.7.8 to 2.7.9 + - Windows: Update bundled Python libraries to latest versions + as of 2015-01-24 (Fixes: #646) -- Mike Gabriel Thu, 27 Nov 2014 12:34:20 +0100 From x2go@ymir.das-netzwerkteam.de Sun Jan 25 13:10:38 2015 Received: (at 646) by bugs.x2go.org; 25 Jan 2015 12:11:11 +0000 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on ymir.das-netzwerkteam.de X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,NO_RELAYS, URIBL_BLOCKED autolearn=unavailable version=3.3.2 Received: by ymir.das-netzwerkteam.de (Postfix, from userid 1005) id EFB1E5DB35; Sun, 25 Jan 2015 13:10:37 +0100 (CET) From: Mike Gabriel To: 646-submitter@bugs.x2go.org Cc: control@bugs.x2go.org, 646@bugs.x2go.org Subject: X2Go issue (in src:pyhoca-gui) has been marked as closed Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: 8bit Message-Id: <20150125121037.EFB1E5DB35@ymir.das-netzwerkteam.de> Date: Sun, 25 Jan 2015 13:10:37 +0100 (CET) close #646 thanks Hello, we are very hopeful that X2Go issue #646 reported by you has been resolved in the new release (0.5.0.4) of the X2Go source project »src:pyhoca-gui«. You can view the complete changelog entry of src:pyhoca-gui (0.5.0.4) below, and you can use the following link to view all the code changes between this and the last release of src:pyhoca-gui. http://code.x2go.org/gitweb?p=pyhoca-gui.git;a=commitdiff;h=513509dcb4ef0552feb1ddaa33f2a86834606499;hp=7a414287b6ead1e4c40d6678d7d82541d267b1a9 If you feel that the issue has not been resolved satisfyingly, feel free to reopen this bug report or submit a follow-up report with further observations described based on the new released version of src:pyhoca-gui. Thanks a lot for contributing to X2Go!!! light+love X2Go Git Admin (on behalf of the sender of this mail) --- X2Go Component: src:pyhoca-gui Version: 0.5.0.4-0x2go1 Status: RELEASE Date: Sun, 25 Jan 2015 13:08:20 +0100 Fixes: 108 646 649 Changes: pyhoca-gui (0.5.0.4-0x2go1) RELEASED; urgency=medium . [ Mike Gabriel ] * New upstream version (0.5.0.4): - Provide empty Turkish translation file. . [ Mark Pedersen-Cook ] * New upstream version (0.5.0.4): - Update Danish translation file. Thanks to Niels Thykier for feedback. . [ Kaan Ozdincer ] * New upstream version (0.5.0.4): - Add Turkish translation to PyHoca-GUI. . [ Mike DePaulo ] * New upstream version (0.5.0.4): - Fix win32 build (missing win32gui.pyd) (Fixes: #649) - Windows: Install VcXsrv "misc" fonts by default, and make all 4 font groups optional: misc, 75dpi, 100dpi and others (Fixes: #108) Note: The fact that all the fonts are included makes the installer about 30MB larger. - Windows: Upgrade from VcXsrv-xp 1.14.3.2 to VcXsrv 1.15.2.2-xp+vc2013+x2go1 This new major version includes security fixes such as: OpenSSL update to 1.0.1k xorg-server CVE-2014-8091..8103 fixes - Windows: Update nxproxy's Cygwin libraries from the latest versions as of 2014-06-09 to the latest versions as of 2014-10-18. - Windows: Update bundled Python to 2.7.9 - Windows: Update bundled Python libraries to latest versions as of 2015-01-24 (Fixes: #646) From unknown Fri Mar 29 11:22:56 2024 MIME-Version: 1.0 X-Mailer: MIME-tools 5.502 (Entity 5.502) X-Loop: owner@bugs.x2go.org From: owner@bugs.x2go.org (X2Go Bug Tracking System) Subject: Bug#646 closed by Mike Gabriel (X2Go issue (in src:pyhoca-gui) has been marked as closed) Message-ID: References: <20150125121037.EFB1E5DB35@ymir.das-netzwerkteam.de> X-X2go-PR-Keywords: pending X-X2go-PR-Message: they-closed 646 X-X2go-PR-Package: pyhoca-gui X-X2go-PR-Source: pyhoca-gui Date: Sun, 25 Jan 2015 12:15:07 +0000 Content-Type: multipart/mixed; boundary="----------=_1422188108-24196-0" This is a multi-part message in MIME format... ------------=_1422188108-24196-0 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=utf-8 This is an automatic notification regarding your Bug report which was filed against the pyhoca-gui package: #646: PyHoca-GUI for Windows 0.5.0.0-pre02 has PyCrypto 2.6.0 with CVE-2013= -1445 It has been closed by Mike Gabriel . Their explanation is attached below along with your original report. If this explanation is unsatisfactory and you have not received a better one in a separate message then please contact Mike Gabriel by replying to this email. --=20 X2Go Bug Tracking System Contact owner@bugs.x2go.org with problems ------------=_1422188108-24196-0 Content-Type: message/rfc822 Content-Disposition: inline Content-Transfer-Encoding: 7bit Received: (at control) by bugs.x2go.org; 25 Jan 2015 12:11:19 +0000 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on ymir.das-netzwerkteam.de X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,NO_RELAYS, URIBL_BLOCKED autolearn=unavailable version=3.3.2 Received: by ymir.das-netzwerkteam.de (Postfix, from userid 1005) id EFB1E5DB35; Sun, 25 Jan 2015 13:10:37 +0100 (CET) From: Mike Gabriel To: 646-submitter@bugs.x2go.org Cc: control@bugs.x2go.org, 646@bugs.x2go.org Subject: X2Go issue (in src:pyhoca-gui) has been marked as closed Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: 8bit Message-Id: <20150125121037.EFB1E5DB35@ymir.das-netzwerkteam.de> Date: Sun, 25 Jan 2015 13:10:37 +0100 (CET) close #646 thanks Hello, we are very hopeful that X2Go issue #646 reported by you has been resolved in the new release (0.5.0.4) of the X2Go source project »src:pyhoca-gui«. You can view the complete changelog entry of src:pyhoca-gui (0.5.0.4) below, and you can use the following link to view all the code changes between this and the last release of src:pyhoca-gui. http://code.x2go.org/gitweb?p=pyhoca-gui.git;a=commitdiff;h=513509dcb4ef0552feb1ddaa33f2a86834606499;hp=7a414287b6ead1e4c40d6678d7d82541d267b1a9 If you feel that the issue has not been resolved satisfyingly, feel free to reopen this bug report or submit a follow-up report with further observations described based on the new released version of src:pyhoca-gui. Thanks a lot for contributing to X2Go!!! light+love X2Go Git Admin (on behalf of the sender of this mail) --- X2Go Component: src:pyhoca-gui Version: 0.5.0.4-0x2go1 Status: RELEASE Date: Sun, 25 Jan 2015 13:08:20 +0100 Fixes: 108 646 649 Changes: pyhoca-gui (0.5.0.4-0x2go1) RELEASED; urgency=medium . [ Mike Gabriel ] * New upstream version (0.5.0.4): - Provide empty Turkish translation file. . [ Mark Pedersen-Cook ] * New upstream version (0.5.0.4): - Update Danish translation file. Thanks to Niels Thykier for feedback. . [ Kaan Ozdincer ] * New upstream version (0.5.0.4): - Add Turkish translation to PyHoca-GUI. . [ Mike DePaulo ] * New upstream version (0.5.0.4): - Fix win32 build (missing win32gui.pyd) (Fixes: #649) - Windows: Install VcXsrv "misc" fonts by default, and make all 4 font groups optional: misc, 75dpi, 100dpi and others (Fixes: #108) Note: The fact that all the fonts are included makes the installer about 30MB larger. - Windows: Upgrade from VcXsrv-xp 1.14.3.2 to VcXsrv 1.15.2.2-xp+vc2013+x2go1 This new major version includes security fixes such as: OpenSSL update to 1.0.1k xorg-server CVE-2014-8091..8103 fixes - Windows: Update nxproxy's Cygwin libraries from the latest versions as of 2014-06-09 to the latest versions as of 2014-10-18. - Windows: Update bundled Python to 2.7.9 - Windows: Update bundled Python libraries to latest versions as of 2015-01-24 (Fixes: #646) ------------=_1422188108-24196-0 Content-Type: message/rfc822 Content-Disposition: inline Content-Transfer-Encoding: 7bit Received: (at submit) by bugs.x2go.org; 20 Oct 2014 13:18:11 +0000 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on ymir.das-netzwerkteam.de X-Spam-Level: X-Spam-Status: No, score=0.8 required=5.0 tests=BAYES_50,FREEMAIL_FROM, T_DKIM_INVALID,URIBL_BLOCKED autolearn=ham version=3.3.2 Received: from mail-wg0-f51.google.com (mail-wg0-f51.google.com [74.125.82.51]) by ymir.das-netzwerkteam.de (Postfix) with ESMTPS id F37865DB47 for ; Mon, 20 Oct 2014 15:18:09 +0200 (CEST) Received: by mail-wg0-f51.google.com with SMTP id b13so5421506wgh.22 for ; Mon, 20 Oct 2014 06:18:09 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:date:message-id:subject:from:to:content-type; bh=yf0UXX2gwuwqXuI4vXxXcEJCoGWV2OMPd0OclqWX26Y=; b=Cv+FBkY1RS0Ym5RXxEV/TyfwlnS+0AFvkdqg0fgVk8TDiWkLH1m1S/2a5MUpAcLG5c baBgfuMU/BjHvbZtKvIK60mpeNr5zNCyh3234SB59xG5hvt3FTTeQNfsKUiXVM0MFO3V wAWMNhuZ6Mxp7+TsD63tSAUvF7ZeMXTxjBkm3oLPT8CNegOMvRUvXadFrV933wF9viph pHbKbyM6TU93xP3Jasy3t/0oU4JvM0Do7JUOVAtU0J7XZJOMGE9FPnit2jPe+yBVPhfK jX4dvli2s8OjenOsA1PLcrHuNpXoaHAFBUPpm0Su81iv9OMM6/eQ7KSRQPsrREyev+KN FOwg== MIME-Version: 1.0 X-Received: by 10.194.239.10 with SMTP id vo10mr33450327wjc.29.1413811089600; Mon, 20 Oct 2014 06:18:09 -0700 (PDT) Received: by 10.180.211.11 with HTTP; Mon, 20 Oct 2014 06:18:09 -0700 (PDT) Date: Mon, 20 Oct 2014 09:18:09 -0400 Message-ID: Subject: PyHoca-GUI for Windows 0.5.0.0-pre02 has PyCrypto 2.6.0 with CVE-2013-1445 From: Michael DePaulo To: submit@bugs.x2go.org Content-Type: text/plain; charset=UTF-8 package: pyhoca-gui version: 0.5.0.0-pre02 NOTE: This bug is specifically about the Windows builds of PyHoca-GUI. When I built PyHoca-GUI 0.5.0.0-pre02 for for Windows, I used the latest Windows build of PyCrypto, 2.6, available here (and linked to from the wiki): http://www.voidspace.org.uk/python/modules.shtml#pycrypto Unfortunately, there is a vulnerability (CVE-2013-1445) in 2.6. 2.6.1 was released to fix it: https://github.com/dlitz/pycrypto/blob/7fd528d03b5eae58eef6fd219af5d9ac9c83fa50/ChangeLog I am attempting to find a Windows build of PyCrypto 2.6.1 for Python 2.7 32-bit. This is blocking my release of PyHoca-GUI 0.5.0.0 for Windows. if I cannot find one, I will try to build PyCrypto 2.6.1 myself. I welcome any help. -Mike#2 ------------=_1422188108-24196-0-- From unknown Fri Mar 29 11:22:56 2024 Received: (at fakecontrol) by fakecontrolmessage; To: internal_control@bugs.x2go.org From: Debbugs Internal Request Subject: Internal Control Message-Id: Bug archived. Date: Mo, 23 Feb 2015 06:24:01 +0000 User-Agent: Fakemail v42.6.9 # A New Hope # A long time ago, in a galaxy far, far away # something happened. # # Magically this resulted in the following # action being taken, but this fake control # message doesn't tell you why it happened # # The action: # Bug archived. thanks # This fakemail brought to you by your local debbugs # administrator