From unknown Fri Mar 29 05:35:03 2024 X-Loop: owner@bugs.x2go.org Subject: Bug#666: point out that x2gobroker is not a security feature Reply-To: Stefan Baur , 666@bugs.x2go.org Resent-From: Stefan Baur Resent-To: x2go-dev@lists.x2go.org Resent-CC: X2Go Developers X-Loop: owner@bugs.x2go.org Resent-Date: Fri, 07 Nov 2014 00:00:02 +0000 Resent-Message-ID: Resent-Sender: owner@bugs.x2go.org X-X2Go-PR-Message: report 666 X-X2Go-PR-Package: x2gobroker X-X2Go-PR-Keywords: Received: via spool by submit@bugs.x2go.org id=B.141531814222456 (code B); Fri, 07 Nov 2014 00:00:02 +0000 Received: (at submit) by bugs.x2go.org; 6 Nov 2014 23:55:42 +0000 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on ymir.das-netzwerkteam.de X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,URIBL_BLOCKED autolearn=ham version=3.3.2 Received: from mout.kundenserver.de (mout.kundenserver.de [212.227.17.10]) by ymir.das-netzwerkteam.de (Postfix) with ESMTPS id 09B475DEA7 for ; Fri, 7 Nov 2014 00:55:41 +0100 (CET) Received: from [192.168.0.3] (HSI-KBW-078-043-170-197.hsi4.kabel-badenwuerttemberg.de [78.43.170.197]) by mrelayeu.kundenserver.de (node=mreue102) with ESMTP (Nemesis) id 0M8hmN-1Y0mFX0FN5-00wFtX; Fri, 07 Nov 2014 00:50:40 +0100 Message-ID: <545C095F.2020707@baur-itcs.de> Date: Fri, 07 Nov 2014 00:50:55 +0100 From: Stefan Baur User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:31.0) Gecko/20100101 Thunderbird/31.2.0 MIME-Version: 1.0 To: submit@bugs.x2go.org Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Provags-ID: V02:K0:m8LNWoQmEuzRwnakkAPyKKbg34uesauIohxoLVE37vk EqitIA6oZMxOTQr1sRXl6rMgBV3nlicY04sEBwhPhWi6SqTGC/ eVnN/Oescp5mXzQEmqLp682qgjCHtLcBrDMAHhmLVRq491ap1h 33rF3OiRk7iN+0LPwwuIV6hRkfKa6rNvMtXhhZWh4TMUEAAWPF U1NHfj7yK4rk5S6OAxRYKOC881XV7lHgvOdh8+URH/JFoCcrqw uxMLTWOCL/pDdu7fbJy9oCWydmKj2Eb3RmpmIVK/Upe0VjyURb zAOIErGbJcTsXaNQdFJxcP8UN20jEW0SQ6+rqFXQfJuAoxDoh/ 4fvq6pZfJQxA5PtZhaHbPb2wTVrjy/kmDs36tv6yH X-UI-Out-Filterresults: notjunk:1; -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Package: x2gobroker Severity: wishlist Please add a prominent note to x2gobroker's man page that it is *not* intended as a security feature - a user can still launch x2goclient without the broker parameter and set it to run any executable the user has exec permission for on the server. As always, group membership and file permissions *MUST* (MUST as defined in RFC2119 https://www.ietf.org/rfc/rfc2119.txt) be used to limit a user's access to executables on the server. - -Stefan - -- BAUR-ITCS UG (haftungsbeschränkt) Geschäftsführer: Stefan Baur Eichenäckerweg 10, 89081 Ulm | Registergericht Ulm, HRB 724364 Fon/Fax 0731 40 34 66-36/-35 | USt-IdNr.: DE268653243 -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (MingW32) iQEcBAEBAgAGBQJUXAlfAAoJEG7d9BjNvlEZ+eAH/06sGKiAbYx5Lzf5ehEZcM/R 5lumXu0SOVHsCIen/KRAHP+MQ+wvGngNawo0PZsJBZyhvHQ/SeUMrotR3MSPFB3S ZDYvznt4LEfBbKbm4uabBmFOiSndFaFlyZzwt95z/SrAdaLidphUXlkTI0Mu5UOI qVQbZWtBUNmEF+I1MalAvpGCZ+JK3BpSg88Y7XDqZvQfTcUUBxr9MGWBxKL5CHlK Lt6jIZzXdxX+RWK7SmA5zYpUCG7yZcR6EzSnq7U1cDqW3XNG/QvddvS4IL04/u/U 068Tl/gHhKr3vquDjyMjXnuP8TbBFuTmDb6qbJeyY+UrC/n5kmXIlFRrBkZPnKM= =ej1y -----END PGP SIGNATURE----- From unknown Fri Mar 29 05:35:03 2024 X-Loop: owner@bugs.x2go.org Subject: Bug#666: [X2Go-Dev] Bug#666: point out that x2gobroker is not a security feature Reply-To: Mike Gabriel , 666@bugs.x2go.org Resent-From: Mike Gabriel Resent-To: x2go-dev@lists.x2go.org Resent-CC: X2Go Developers X-Loop: owner@bugs.x2go.org Resent-Date: Thu, 08 Jan 2015 23:45:00 +0000 Resent-Message-ID: Resent-Sender: owner@bugs.x2go.org X-X2Go-PR-Message: followup 666 X-X2Go-PR-Package: x2gobroker X-X2Go-PR-Keywords: Received: via spool by 666-submit@bugs.x2go.org id=B666.142076066624308 (code B ref 666); Thu, 08 Jan 2015 23:45:00 +0000 Received: (at 666) by bugs.x2go.org; 8 Jan 2015 23:44:26 +0000 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on ymir.das-netzwerkteam.de X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,URIBL_BLOCKED autolearn=ham version=3.3.2 Received: from freya.das-netzwerkteam.de (freya.das-netzwerkteam.de [88.198.48.199]) by ymir.das-netzwerkteam.de (Postfix) with ESMTPS id 1C20F3BC4F for <666@bugs.x2go.org>; Fri, 9 Jan 2015 00:44:25 +0100 (CET) Received: from grimnir.das-netzwerkteam.de (grimnir.das-netzwerkteam.de [78.46.204.98]) by freya.das-netzwerkteam.de (Postfix) with ESMTPS id C8CDD9F3; Fri, 9 Jan 2015 00:44:24 +0100 (CET) Received: from localhost (localhost [127.0.0.1]) by grimnir.das-netzwerkteam.de (Postfix) with ESMTP id B480D3BA1F; Fri, 9 Jan 2015 00:44:24 +0100 (CET) X-Virus-Scanned: Debian amavisd-new at grimnir.das-netzwerkteam.de Received: from grimnir.das-netzwerkteam.de ([127.0.0.1]) by localhost (grimnir.das-netzwerkteam.de [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hVhLXny9kVXo; Fri, 9 Jan 2015 00:44:24 +0100 (CET) Received: from grimnir.das-netzwerkteam.de (localhost [127.0.0.1]) by grimnir.das-netzwerkteam.de (Postfix) with ESMTPS id 5D27D3BA08; Fri, 9 Jan 2015 00:44:24 +0100 (CET) Received: from p5B3B8A30.dip0.t-ipconnect.de (p5B3B8A30.dip0.t-ipconnect.de [91.59.138.48]) by mail.das-netzwerkteam.de (Horde Framework) with HTTP; Thu, 08 Jan 2015 23:44:24 +0000 Date: Thu, 08 Jan 2015 23:44:24 +0000 Message-ID: <20150108234424.Horde.ofgocuZ8EobF8khVLgaqLg2@mail.das-netzwerkteam.de> From: Mike Gabriel To: Stefan Baur , 666@bugs.x2go.org In-Reply-To: <545C095F.2020707@baur-itcs.de> User-Agent: Internet Messaging Program (IMP) H5 (6.2.2) Accept-Language: en,de Organization: DAS-NETZWERKTEAM X-Originating-IP: 91.59.138.48 X-Remote-Browser: Mozilla/5.0 (X11; Linux x86_64; rv:32.0) Gecko/20100101 Firefox/32.0 Iceweasel/32.0 Content-Type: multipart/signed; boundary="=_4ML1exOe5JmNiMKgENfGKg3"; protocol="application/pgp-signature"; micalg=pgp-sha1 MIME-Version: 1.0 This message is in MIME format and has been PGP signed. --=_4ML1exOe5JmNiMKgENfGKg3 Content-Type: text/plain; charset=utf-8; format=flowed; DelSp=Yes Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Hi Stefan, On Fr 07 Nov 2014 00:50:55 CET, Stefan Baur wrote: > Package: x2gobroker > Severity: wishlist > > Please add a prominent note to x2gobroker's man page that it is *not* > intended as a security feature - a user can still launch x2goclient > without the broker parameter and set it to run any executable the user > has exec permission for on the server. > > As always, group membership and file permissions *MUST* (MUST as > defined in RFC2119 https://www.ietf.org/rfc/rfc2119.txt) be used to > limit a user's access to executables on the server. > > - -Stefan Do you think you could write down such an additional note for the man=20=20 page=20and send it back to this bug (in plain text)? I will work that text into the man page then. Thanks, Mike PS: if you will, tag this bug with "patch" once you have sent that=20=20 text=20passage... --=20 DAS-NETZWERKTEAM mike=20gabriel, herweg 7, 24357 fleckeby fon: +49 (1520) 1976 148 GnuPG Key ID 0x25771B31 mail: mike.gabriel@das-netzwerkteam.de, http://das-netzwerkteam.de freeBusy: https://mail.das-netzwerkteam.de/freebusy/m.gabriel%40das-netzwerkteam.de.x= fb --=_4ML1exOe5JmNiMKgENfGKg3 Content-Type: application/pgp-signature Content-Description: Digitale PGP-Signatur Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAABAgAGBQJUrxZYAAoJEJr0azAldxsxQpoP/jmPyK/OjB+1DEr7oQFvqmb/ XTvAjEHqjZD+uAIvFbOg+r73DscdpWkrqD1G/atZFenx0k3pBKWdF7mL7yoxlXrk yWRL1QW6AccjvuD/UQShRrpVmQpLldhfUwysYQAE+MoYKOkndUsVjnFAR+R9+61J KjbPMAhfpkt+6HH/toxJKlFPUg0yNILAUNljPw33omuveasz/IUizb6Ov3UT+y0S Rh31uUT3QnGIpCT+K8ORnujie72K7FBbipaLaDM74tKx0ZK65hLe22qzBZ/rQT28 tU85NEMgIObRtsBuIAxexYJukxtP4h+AjDTKRcqDmK0NpDiyVZIeL/iIFKUQBUv3 crr16ADgCGxPeCbkLyO/T3KL/OhKfaEDxxPnhmdFwhd9BlwUibF8j+paC5HicOl9 xiVaSyKYH0Y64AgW1x5Qh17s6I0j/E2wYU6prLog01HH/GeADk0ObsTSNu3Lw2/n gJg387QHs7WSF9ypiRJ+3W+g1xpv5vVp+5qaaAJCon6u0451Flpm5oZzlt5qfPvG XV9z72w/239FjeIVOvrADupeN1gqvjFML0+899yVWQ3IjhWOYvVvyDpwFc+Ham3V UwJGnpWwbTsTEroxaiAkoQ0xYFpxek/29DYwepi+i06CXHLHpZdwXTU9nczPLYhG J2xfxUKa/K9WuNM9agXj =ldA+ -----END PGP SIGNATURE----- --=_4ML1exOe5JmNiMKgENfGKg3-- From unknown Fri Mar 29 05:35:03 2024 X-Loop: owner@bugs.x2go.org Subject: Bug#666: [X2Go-Dev] Bug#666: point out that x2gobroker is not a security feature Reply-To: Stefan Baur , 666@bugs.x2go.org Resent-From: Stefan Baur Resent-To: x2go-dev@lists.x2go.org Resent-CC: X2Go Developers X-Loop: owner@bugs.x2go.org Resent-Date: Fri, 09 Jan 2015 10:25:01 +0000 Resent-Message-ID: Resent-Sender: owner@bugs.x2go.org X-X2Go-PR-Message: followup 666 X-X2Go-PR-Package: x2gobroker X-X2Go-PR-Keywords: Received: via spool by 666-submit@bugs.x2go.org id=B666.14207989895657 (code B ref 666); Fri, 09 Jan 2015 10:25:01 +0000 Received: (at 666) by bugs.x2go.org; 9 Jan 2015 10:23:09 +0000 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on ymir.das-netzwerkteam.de X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00 autolearn=ham version=3.3.2 Received: from mout.kundenserver.de (mout.kundenserver.de [212.227.17.24]) by ymir.das-netzwerkteam.de (Postfix) with ESMTPS id 7181A5DEA9 for <666@bugs.x2go.org>; Fri, 9 Jan 2015 11:23:07 +0100 (CET) Received: from [192.168.0.3] ([188.105.114.135]) by mrelayeu.kundenserver.de (mreue101) with ESMTPSA (Nemesis) id 0LfzrP-1XSkG90hCd-00paEm; Fri, 09 Jan 2015 11:23:06 +0100 Message-ID: <54AFAC4E.8060103@baur-itcs.de> Date: Fri, 09 Jan 2015 11:24:14 +0100 From: Stefan Baur User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:31.0) Gecko/20100101 Thunderbird/31.3.0 MIME-Version: 1.0 To: Mike Gabriel , 666@bugs.x2go.org References: <20150108234424.Horde.ofgocuZ8EobF8khVLgaqLg2@mail.das-netzwerkteam.de> In-Reply-To: <20150108234424.Horde.ofgocuZ8EobF8khVLgaqLg2@mail.das-netzwerkteam.de> Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Provags-ID: V03:K0:lSDPjNFXCkJVt9gh08FNB6INTZAIIcnwxMT1ytLfoCsHVdBvcpY i4nMEKkx1sYMkWfeg6LY7Zw9Npg3VRPFE0qa1mgoc01MsUoXixytnDViC534LKV/np0gCQg XZaloxdurTmzSOzbwosPTW86XlIJcbkG117z7E9s/GV0w2WuIYHEpCmCDKp15N1N2lZW88F 9ZjoQbpOVpUSg2uzev97Q== X-UI-Out-Filterresults: notjunk:1; -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Control: tag -1 patch Control: clone -1 -2 Control: retitle -2 point out that X2GoServer's Published Application Mode is not a security feature Control: tag -2 patch Control: severity -2 wishlist Control: package -2 x2goserver > Do you think you could write down such an additional note for the > man page and send it back to this bug (in plain text)? > I will work that text into the man page then. > PS: if you will, tag this bug with "patch" once you have sent that > text passage... @Mike#1, I tried to clone and retitle this bug for X2GoServer's Published Application Mode. Please verify that this worked. - -Stefan This is the notice for X2GoBroker. For X2GoServer's PAM, see below. SECURITY NOTICE Users are advised to not misinterpret X2GoBroker's capabilites as a security feature. Even when using X2GoBroker, it is still possible for users to locally configure an X2GoClient with any setting they want, and use that to connect. So if you're trying to keep users from running a certain application on the host, using X2GoBroker to "lock" the configuration is the *wrong* way. The users will still be able to run that application by creating their own, local configuration file and using that. To keep users from running an application on the server, you have to use *filesystem permissions*. In the simplest case, this means setting chmod 750 or 550 on the particular application on the host, and making sure the users in question are not the owner and also not a member of the group specified for the application. Notice for X2GoServer's PAM (Published Application Mode) is here: SECURITY NOTICE Users are advised to not misinterpret X2GoServer's Published Application Mode as a security feature. Even when using Published Application Mode, it is still possible for users to locally configure an X2GoClient with any setting they want, and use that to connect. So if you're trying to keep users from running a certain application on the host, using Published Application Mode to "lock" the configuration is the *wrong* way. The users will still be able to run that application by creating their own, local configuration file and using that. To keep users from running an application on the server, you have to use *filesystem permissions*. In the simplest case, this means setting chmod 750 or 550 on the particular application on the host, and making sure the users in question are not the owner and also not a member of the group specified for the application. - -- BAUR-ITCS UG (haftungsbeschränkt) Geschäftsführer: Stefan Baur Eichenäckerweg 10, 89081 Ulm | Registergericht Ulm, HRB 724364 Fon/Fax 0731 40 34 66-36/-35 | USt-IdNr.: DE268653243 -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (MingW32) iQEcBAEBAgAGBQJUr6xOAAoJEG7d9BjNvlEZMQ4IAJWMnnvvfP8RyN+nc52Se2ue A2uA5K6XAl7+vXajF+v/LNnkWsqowE0Z/Z5MGdzfpAPblHRF4qjVqUmcGLAK0lfH wauk9MxlmV3M+W+0wUoVbjlHcuCWs3USoefqw4ncLXMoYiokSOnmgY4wFzaRWSi9 yu7WeO9JQyphTODQoHGydDjVPiez00eOrW4cFGBccljr+O1wMjXe5fTK4igILEfd UYcLcCqSLuR/E0q7kL4ja8M+1ZaTkqcS2971pnBXF+xdBRDYe9HTBTDJC8XOyIwB z9zvEbQ5We3dc8H+ZJY12DVhgmAiTi53S2MF81NPrEJ41la1Wri8eV5oLy6aNDE= =BVtu -----END PGP SIGNATURE----- From X2Go-ML-1@baur-itcs.de Fri Jan 9 12:14:21 2015 Received: (at control) by bugs.x2go.org; 9 Jan 2015 11:14:22 +0000 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on ymir.das-netzwerkteam.de X-Spam-Level: X-Spam-Status: No, score=-0.1 required=5.0 tests=BAYES_00,MISSING_SUBJECT autolearn=no version=3.3.2 Received: from mout.kundenserver.de (mout.kundenserver.de [212.227.126.187]) by ymir.das-netzwerkteam.de (Postfix) with ESMTPS id AB6055DEA9 for ; Fri, 9 Jan 2015 12:14:21 +0100 (CET) Received: from [192.168.0.3] ([188.105.114.135]) by mrelayeu.kundenserver.de (mreue003) with ESMTPSA (Nemesis) id 0M1TP3-1XpOGi18Rd-00tUAU for ; Fri, 09 Jan 2015 12:14:21 +0100 Message-ID: <54AFB851.3020104@baur-itcs.de> Date: Fri, 09 Jan 2015 12:15:29 +0100 From: Stefan Baur User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:31.0) Gecko/20100101 Thunderbird/31.3.0 MIME-Version: 1.0 To: control@bugs.x2go.org Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Provags-ID: V03:K0:3pO4rllIK8aNhcbBPvnTwutKlorPVt37LD/D62+kwkcYBLzd0Za YiyI34YMFOYiHWAG3CA8IcGr7lRPw87k2+fz5ut7iqUkPJstrhLdsdi/PAiFQ9I+5li/t0L lyWJSlJmyrAXaHW7amfx16++jKTr66tkY7OqmQOGtun7je/UwVn6HuZ0r9aTB8h+flz2gkn Lsm8+TchBfM6/dF8ukXTg== X-UI-Out-Filterresults: notjunk:1; -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 reassign 728 x2goserver thanks - -- BAUR-ITCS UG (haftungsbeschränkt) Geschäftsführer: Stefan Baur Eichenäckerweg 10, 89081 Ulm | Registergericht Ulm, HRB 724364 Fon/Fax 0731 40 34 66-36/-35 | USt-IdNr.: DE268653243 -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (MingW32) iQEcBAEBAgAGBQJUr7hRAAoJEG7d9BjNvlEZr8EH/3P3eLXP5XBxE2AaX7BObgCf WGQliZUPmSuvTLNbExLOc2ODalG9UOjz6GM8KWofCQJ/E5MS37W53+AjqtzTC3cQ 6DWCt7OS5aS5Ufz+4g2UG850vU4LSeuar8hf7kB/MeVuzZlgvfWsc2a3XNYY6yOF xr2yBIWEcCjMTuF8Z+j2+QYc4Vc4zN2cIpZpnn6r0Tcve4EBbKfUNYGg3BlTlw1N 0Csjiy8wMSh68Q4JfrWq2+MQYGfZxrojVpG/x7HCOTkNfIRVYkO4lYMKFvIHXUYx H9h5nQGteTep6IxHLDUGVjxOiTGWtoOcS4jzFy0G8e72ZTJsW7ntQGmxZzHauiQ= =bRwG -----END PGP SIGNATURE----- From unknown Fri Mar 29 05:35:03 2024 X-Loop: owner@bugs.x2go.org Subject: Bug#728: X2Go issue (in src:x2goserver) has been marked as pending for release Reply-To: Mike Gabriel , 728@bugs.x2go.org Resent-From: Mike Gabriel Resent-To: x2go-dev@lists.x2go.org Resent-CC: X2Go Developers X-Loop: owner@bugs.x2go.org Resent-Date: Thu, 05 Feb 2015 11:45:02 +0000 Resent-Message-ID: Resent-Sender: owner@bugs.x2go.org X-X2Go-PR-Message: followup 728 X-X2Go-PR-Package: x2goserver X-X2Go-PR-Keywords: patch Received: via spool by 728-submit@bugs.x2go.org id=B728.14231365872479 (code B ref 728); Thu, 05 Feb 2015 11:45:02 +0000 Received: (at 728) by bugs.x2go.org; 5 Feb 2015 11:43:07 +0000 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on ymir.das-netzwerkteam.de X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,NO_RELAYS, URIBL_BLOCKED autolearn=unavailable version=3.3.2 Received: by ymir.das-netzwerkteam.de (Postfix, from userid 1005) id 67DF53BE61; Thu, 5 Feb 2015 12:42:50 +0100 (CET) From: Mike Gabriel To: 728-submitter@bugs.x2go.org Cc: control@bugs.x2go.org, 728@bugs.x2go.org Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: 8bit X-Mailer: http://snipr.com/post-receive-tag-pending Message-Id: <20150205114250.67DF53BE61@ymir.das-netzwerkteam.de> Date: Thu, 5 Feb 2015 12:42:50 +0100 (CET) tag #728 pending fixed #728 4.0.1.19 thanks Hello, X2Go issue #728 (src:x2goserver) reported by you has been fixed in X2Go Git. You can see the changelog below, and you can check the diff of the fix at: http://code.x2go.org/gitweb?p=x2goserver.git;a=commitdiff;h=7fed553 The issue will most likely be fixed in src:x2goserver (4.0.1.19). light+love X2Go Git Admin (on behalf of the sender of this mail) --- commit 7fed5538087dcb3ef76128f1830a61b0fc3cbdd9 Author: Mike Gabriel Date: Thu Feb 5 12:41:58 2015 +0100 Add man page for x2gogetapps. Weave into that a security / disclaimer message as proposed by Stefan Baur. (Fixes: #728). diff --git a/debian/changelog b/debian/changelog index 1839221..d58144d 100644 --- a/debian/changelog +++ b/debian/changelog @@ -71,6 +71,8 @@ x2goserver (4.0.1.19-0x2go1) UNRELEASED; urgency=medium that. Works around a too-old DBD::SQLite package on SLE 11.x. - Legacy for applications (and X2Go scripts) that expect $SSH_CLIENT to be set in the X2Go session's environment. (Fixes: #644). + - Add man page for x2gogetapps. Weave into that a security / disclaimer + message as proposed by Stefan Baur. (Fixes: #728). * debian/control: + Add D (x2goserver): libfile-which-perl. + Add C (x2goserver: x2godesktopsharing (<< 3.1.1.2-0~). (Fixes: #700). From unknown Fri Mar 29 05:35:03 2024 X-Loop: owner@bugs.x2go.org Subject: Bug#728: X2Go issue (in src:x2goserver) has been marked as closed Reply-To: X2Go Release Manager , 728@bugs.x2go.org Resent-From: X2Go Release Manager Resent-To: x2go-dev@lists.x2go.org Resent-CC: X2Go Developers X-Loop: owner@bugs.x2go.org Resent-Date: Tue, 24 Feb 2015 20:55:26 +0000 Resent-Message-ID: Resent-Sender: owner@bugs.x2go.org X-X2Go-PR-Message: followup 728 X-X2Go-PR-Package: x2goserver X-X2Go-PR-Keywords: pending patch Received: via spool by 728-submit@bugs.x2go.org id=B728.142481129913402 (code B ref 728); Tue, 24 Feb 2015 20:55:26 +0000 Received: (at 728) by bugs.x2go.org; 24 Feb 2015 20:54:59 +0000 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on ymir.das-netzwerkteam.de X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,NO_RELAYS, URIBL_BLOCKED autolearn=ham version=3.3.2 Received: by ymir.das-netzwerkteam.de (Postfix, from userid 1005) id 9F1443BE81; Tue, 24 Feb 2015 21:54:15 +0100 (CET) From: X2Go Release Manager To: 728-submitter@bugs.x2go.org Cc: control@bugs.x2go.org, 728@bugs.x2go.org Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: 8bit Message-Id: <20150224205416.9F1443BE81@ymir.das-netzwerkteam.de> Date: Tue, 24 Feb 2015 21:54:15 +0100 (CET) close #728 thanks Hello, we are very hopeful that X2Go issue #728 reported by you has been resolved in the new release (4.0.1.19) of the X2Go source project »src:x2goserver«. You can view the complete changelog entry of src:x2goserver (4.0.1.19) below, and you can use the following link to view all the code changes between this and the last release of src:x2goserver. http://code.x2go.org/gitweb?p=x2goserver.git;a=commitdiff;h=49c91751e560ad09ab4490cc3bd6687509c05755;hp=724d2eefe399485a71e79c705a0aad125e853230 If you feel that the issue has not been resolved satisfyingly, feel free to reopen this bug report or submit a follow-up report with further observations described based on the new released version of src:x2goserver. Thanks a lot for contributing to X2Go!!! light+love X2Go Git Admin (on behalf of the sender of this mail) --- X2Go Component: src:x2goserver Version: 4.0.1.19-0x2go1 Status: RELEASE Date: Tue, 24 Feb 2015 21:49:22 +0100 Fixes: 405 632 633 638 644 664 668 671 672 675 676 678 697 698 700 712 715 727 728 770 Changes: x2goserver (4.0.1.19-0x2go1) RELEASED; urgency=medium . [ Mike Gabriel ] * New upstream version (4.0.1.19): - Use File::Which to detect if sshfs command is available before trying to mount a client-side folder. - Be a bit more tolerant when trying to detect if a desktop icon is to be removed (using regexp, not eq). - Xsession script: Prevent bash failures when sourcing external bash scripts beyond our scope. (Fixes: #632, #675). - x2gogetapps: Support scanning of sub-directories when searching for .desktop files. We allow to dive down one level into subdirs, we on purpose do not recursively dive into the complete subtree. (Fixes: #633). - Make man2html an optional tool. Don't fail if it is missing on the build system (required for openSUSE/SLES builds). - Fix x2goserver-xsession/Makefile on SUSE. Detect SUSE distro and create Xsession related directory symlinks (xinitrc.d and Xclients.d). - Hack for x2goserver-xsession/Makefile during SUSE builds. If directoy /usr/share/doc/packages/brp-check-suse is present, the build env is also considered to be a SUSE system. - Trigger Xsession code for SUSE systems (look for /etc/SUSE-brand or /etc/SuSE-release for SUSE system recognition). (Fixes: #671). - x2gosqlitewrapper.c: Fix rpmlint error: no-return-in-nonvoid-function. Return the exitcode of execve(). - Fix gramma in error message (in x2goresume-session). - x2gocleansessions: Call x2gormforward also on terminated sessions. This will make sure that re-assigned ports are really available on new session startup. - x2golistsessions(_root): Only update session state in session DB if x2goagent's state file really exists. This addresses a problem that occurs when x2golistsessions gets called via an x2gobroker-agent. The x2golistsessions script may show session states (--all-servers) of sessions on other servers that have session states files on their remote /tmp dirs. These files are not accessible for that x2golistsessions script and should simply be ignored. (Fixes: #638). - Provide pam_namespace support for has_agent_state_file() function. - Fix missing session list output if state file does not exist on the machine that runs x2golistsessions(_root). - Accept more verbose "DENY" output from x2godesktopsharing. - Make sure that all "su"-to-user-contexts use /bin/sh for wrapping around the executed command (in x2gocleansessions and x2golistsessions_root). - Also enforce /bin/sh as shell in su command in x2goprint. - README.i18n: Add file that explains the translation workflow for this package. Thanks to Mark Pedersen-Cook for drafting this file. - Make SSH agent forwarding work after having reconnected via SSH and having resumed a session. (Fixes: #672). Thanks to Robert Siemer for coming up with that idea. - Fix cross-user X2Go Desktop Sharing after being broken by implementing clipboard mode feature (and probably other code changes). - Document session startup / resumption failures (and their reasons) in server-side log output. - Handle AD domain users gracefully when X2Go is used with SQLite DB backend. (Fixes: #664). - Improve sanitizer, use 'x2gosid' sanitizer for session IDs everywhere. Drop unused 'pnixusername' sanitizer in 4.0.1.x release of X2Go Server. - Allow usernames in session IDs of length 48 chars. - Start sshfs with a timeout of 30 seconds (because it never finishes if something is wrong with the client-side TCP socket). Also remove/unmount mountpoints erroneously registered sshfs mountpoints if sshfs command times out. Furthermore, print errors to STDERR (not STDOUT). (Fixes: #405). - Handle execution of ss command from Perl script x2golistdesktops in a way that not only works on Debian, but also on Fedora et al. (Fixes: #727). - Provide legacy support for old File::Path packages in x2godbadmin. (Fixes: #715). - Fix wrong evocation of x2gosyslog ("error" -> "err"). - Use "undef $dbh" instead of "$dbh->disconnect()". Fixes SQLite3 issues on SLE 11.x. - Only call $dbh->sqlite_busy_timeout() if the $dbh object is capable of that. Works around a too-old DBD::SQLite package on SLE 11.x. - Legacy for applications (and X2Go scripts) that expect $SSH_CLIENT to be set in the X2Go session's environment. (Fixes: #644). - Add man page for x2gogetapps. Weave into that a security / disclaimer message as proposed by Stefan Baur. (Fixes: #728). * debian/control: + Add D (x2goserver): libfile-which-perl. + Add C (x2goserver: x2godesktopsharing (<< 3.1.1.2-0~). (Fixes: #700). + Bump Standards: to 3.9.6. No changes needed. + Don't depend on libdb-pg-perl for armhf builds. (Fixes: #712). Thanks to Heinrich Schuchardt for providing information on this. + Upgrade to D again (bin:package x2goserver): xfonts-base (Fixes: #770). * debian/x2goserver.docs: + Install README.i18n file into bin:package x2goserver. * x2goserver.spec: + Add to R: perl(File::Which). + Additionally adapt to building on openSUSE/SLES. + No shell expansion possible in obs-build, detect perl version only for non-SUSE builds. + Add to R: x2goserver-xsession. + Don't mention /etc/x2go/x2gosql/sql twice (directly and with wildcard). + No %{_sysconfdir}/x2go/Xclients.d on SUSE systems. + Use %{_localstatedir} instead of %{_sharedstatedir}. + Use proper if... then... clauses. + For SUSE builds: Add to R: shadow (useradd, groupadd). + Replace historical "egrep" with "grep -E". + Systemd support for SUSE >= 12.10. + Set %defattr macro for every bin:package. + SUSE and Fedora/RHEL have different package group names. + Add x2goserver-rpmlintrc file to handle some rpmlint errors and warnings. + SUSE has openssh, but no openssh-server. + Add to R (x2goserver): perl-X2Go-Server. + Add to R (diverse): perl(Config::Simple), perl(Switch) and perl(Capture::Tiny). + Add to R (x2goserver): perl(File::BaseDir). + Don't hard-code /var/lib/ in $HOME path of to-be-created user "x2gouser". + Add to BR: findutils. + For Fedora-like systems, don't make x2goserver bin:package authoritative for non-X2Go directories. (Fixes: #676). + Remove macro call %systemd_pre for Fedora/EPEL-7 builds. No such macro in Fedora/RHEL7. (Fixes: 698). + Create system user x2gouser with $HOME in /var/lib/x2go. (Fixes: #697). + Always set BuildRoot: parameter. + BuildRequires: SUSE <= 11.3 has xorg-x11, not xinit. + Requires (x2goserver-xsession): SUSE <= 11.3 has xorg-x11, not xinit. + No Bashisms in scriptlets. + rpmlint requires shared-mime-info at build time on SLE <= 11.3. + "%set_permissions" / "%verify_permissions" macros are not know in SLE <= 11.3. Using "%run permissions" and "%verify permissions" instead. + On SUSE, add permissions.d/x2goserver. + Fix SQLite wrapper permissions (02775 -> 02755) + Use if then clauses for creating user/group x2goprint. . [ Matthew L. Dailey ] * New upstream version (4.0.1.19): - x2gocleansessions: Redirect stdin, stdout and stderr to /dev/null, test for the existence of the file descriptor before issuing the close, only capture the file descriptor backreference in the regex and send any close failures to syslog. (Fixes: #678). . [ Lars Wendler ] * New upstream version (4.0.1.19): - Use "printf" instead of "echo -n". (Fixes: #668). From unknown Fri Mar 29 05:35:03 2024 MIME-Version: 1.0 X-Mailer: MIME-tools 5.502 (Entity 5.502) X-Loop: owner@bugs.x2go.org From: owner@bugs.x2go.org (X2Go Bug Tracking System) Subject: Bug#728 closed by X2Go Release Manager (X2Go issue (in src:x2goserver) has been marked as closed) Message-ID: References: <20150224205416.9F1443BE81@ymir.das-netzwerkteam.de> X-X2go-PR-Keywords: pending patch X-X2go-PR-Message: they-closed 728 X-X2go-PR-Package: x2goserver X-X2go-PR-Source: x2goserver Date: Tue, 24 Feb 2015 20:56:12 +0000 Content-Type: multipart/mixed; boundary="----------=_1424811372-14109-0" This is a multi-part message in MIME format... ------------=_1424811372-14109-0 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=utf-8 This is an automatic notification regarding your Bug report which was filed against the x2goserver package: #728: point out that X2GoServer's Published Application It has been closed by X2Go Release Manager . Their explanation is attached below along with your original report. If this explanation is unsatisfactory and you have not received a better one in a separate message then please contact X2Go Release Manager <= git-admin@x2go.org> by replying to this email. --=20 X2Go Bug Tracking System Contact owner@bugs.x2go.org with problems ------------=_1424811372-14109-0 Content-Type: message/rfc822 Content-Disposition: inline Content-Transfer-Encoding: 7bit Received: (at control) by bugs.x2go.org; 24 Feb 2015 20:55:27 +0000 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on ymir.das-netzwerkteam.de X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,NO_RELAYS, URIBL_BLOCKED autolearn=unavailable version=3.3.2 Received: by ymir.das-netzwerkteam.de (Postfix, from userid 1005) id 9F1443BE81; Tue, 24 Feb 2015 21:54:15 +0100 (CET) From: X2Go Release Manager To: 728-submitter@bugs.x2go.org Cc: control@bugs.x2go.org, 728@bugs.x2go.org Subject: X2Go issue (in src:x2goserver) has been marked as closed Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: 8bit Message-Id: <20150224205416.9F1443BE81@ymir.das-netzwerkteam.de> Date: Tue, 24 Feb 2015 21:54:15 +0100 (CET) close #728 thanks Hello, we are very hopeful that X2Go issue #728 reported by you has been resolved in the new release (4.0.1.19) of the X2Go source project »src:x2goserver«. You can view the complete changelog entry of src:x2goserver (4.0.1.19) below, and you can use the following link to view all the code changes between this and the last release of src:x2goserver. http://code.x2go.org/gitweb?p=x2goserver.git;a=commitdiff;h=49c91751e560ad09ab4490cc3bd6687509c05755;hp=724d2eefe399485a71e79c705a0aad125e853230 If you feel that the issue has not been resolved satisfyingly, feel free to reopen this bug report or submit a follow-up report with further observations described based on the new released version of src:x2goserver. Thanks a lot for contributing to X2Go!!! light+love X2Go Git Admin (on behalf of the sender of this mail) --- X2Go Component: src:x2goserver Version: 4.0.1.19-0x2go1 Status: RELEASE Date: Tue, 24 Feb 2015 21:49:22 +0100 Fixes: 405 632 633 638 644 664 668 671 672 675 676 678 697 698 700 712 715 727 728 770 Changes: x2goserver (4.0.1.19-0x2go1) RELEASED; urgency=medium . [ Mike Gabriel ] * New upstream version (4.0.1.19): - Use File::Which to detect if sshfs command is available before trying to mount a client-side folder. - Be a bit more tolerant when trying to detect if a desktop icon is to be removed (using regexp, not eq). - Xsession script: Prevent bash failures when sourcing external bash scripts beyond our scope. (Fixes: #632, #675). - x2gogetapps: Support scanning of sub-directories when searching for .desktop files. We allow to dive down one level into subdirs, we on purpose do not recursively dive into the complete subtree. (Fixes: #633). - Make man2html an optional tool. Don't fail if it is missing on the build system (required for openSUSE/SLES builds). - Fix x2goserver-xsession/Makefile on SUSE. Detect SUSE distro and create Xsession related directory symlinks (xinitrc.d and Xclients.d). - Hack for x2goserver-xsession/Makefile during SUSE builds. If directoy /usr/share/doc/packages/brp-check-suse is present, the build env is also considered to be a SUSE system. - Trigger Xsession code for SUSE systems (look for /etc/SUSE-brand or /etc/SuSE-release for SUSE system recognition). (Fixes: #671). - x2gosqlitewrapper.c: Fix rpmlint error: no-return-in-nonvoid-function. Return the exitcode of execve(). - Fix gramma in error message (in x2goresume-session). - x2gocleansessions: Call x2gormforward also on terminated sessions. This will make sure that re-assigned ports are really available on new session startup. - x2golistsessions(_root): Only update session state in session DB if x2goagent's state file really exists. This addresses a problem that occurs when x2golistsessions gets called via an x2gobroker-agent. The x2golistsessions script may show session states (--all-servers) of sessions on other servers that have session states files on their remote /tmp dirs. These files are not accessible for that x2golistsessions script and should simply be ignored. (Fixes: #638). - Provide pam_namespace support for has_agent_state_file() function. - Fix missing session list output if state file does not exist on the machine that runs x2golistsessions(_root). - Accept more verbose "DENY" output from x2godesktopsharing. - Make sure that all "su"-to-user-contexts use /bin/sh for wrapping around the executed command (in x2gocleansessions and x2golistsessions_root). - Also enforce /bin/sh as shell in su command in x2goprint. - README.i18n: Add file that explains the translation workflow for this package. Thanks to Mark Pedersen-Cook for drafting this file. - Make SSH agent forwarding work after having reconnected via SSH and having resumed a session. (Fixes: #672). Thanks to Robert Siemer for coming up with that idea. - Fix cross-user X2Go Desktop Sharing after being broken by implementing clipboard mode feature (and probably other code changes). - Document session startup / resumption failures (and their reasons) in server-side log output. - Handle AD domain users gracefully when X2Go is used with SQLite DB backend. (Fixes: #664). - Improve sanitizer, use 'x2gosid' sanitizer for session IDs everywhere. Drop unused 'pnixusername' sanitizer in 4.0.1.x release of X2Go Server. - Allow usernames in session IDs of length 48 chars. - Start sshfs with a timeout of 30 seconds (because it never finishes if something is wrong with the client-side TCP socket). Also remove/unmount mountpoints erroneously registered sshfs mountpoints if sshfs command times out. Furthermore, print errors to STDERR (not STDOUT). (Fixes: #405). - Handle execution of ss command from Perl script x2golistdesktops in a way that not only works on Debian, but also on Fedora et al. (Fixes: #727). - Provide legacy support for old File::Path packages in x2godbadmin. (Fixes: #715). - Fix wrong evocation of x2gosyslog ("error" -> "err"). - Use "undef $dbh" instead of "$dbh->disconnect()". Fixes SQLite3 issues on SLE 11.x. - Only call $dbh->sqlite_busy_timeout() if the $dbh object is capable of that. Works around a too-old DBD::SQLite package on SLE 11.x. - Legacy for applications (and X2Go scripts) that expect $SSH_CLIENT to be set in the X2Go session's environment. (Fixes: #644). - Add man page for x2gogetapps. Weave into that a security / disclaimer message as proposed by Stefan Baur. (Fixes: #728). * debian/control: + Add D (x2goserver): libfile-which-perl. + Add C (x2goserver: x2godesktopsharing (<< 3.1.1.2-0~). (Fixes: #700). + Bump Standards: to 3.9.6. No changes needed. + Don't depend on libdb-pg-perl for armhf builds. (Fixes: #712). Thanks to Heinrich Schuchardt for providing information on this. + Upgrade to D again (bin:package x2goserver): xfonts-base (Fixes: #770). * debian/x2goserver.docs: + Install README.i18n file into bin:package x2goserver. * x2goserver.spec: + Add to R: perl(File::Which). + Additionally adapt to building on openSUSE/SLES. + No shell expansion possible in obs-build, detect perl version only for non-SUSE builds. + Add to R: x2goserver-xsession. + Don't mention /etc/x2go/x2gosql/sql twice (directly and with wildcard). + No %{_sysconfdir}/x2go/Xclients.d on SUSE systems. + Use %{_localstatedir} instead of %{_sharedstatedir}. + Use proper if... then... clauses. + For SUSE builds: Add to R: shadow (useradd, groupadd). + Replace historical "egrep" with "grep -E". + Systemd support for SUSE >= 12.10. + Set %defattr macro for every bin:package. + SUSE and Fedora/RHEL have different package group names. + Add x2goserver-rpmlintrc file to handle some rpmlint errors and warnings. + SUSE has openssh, but no openssh-server. + Add to R (x2goserver): perl-X2Go-Server. + Add to R (diverse): perl(Config::Simple), perl(Switch) and perl(Capture::Tiny). + Add to R (x2goserver): perl(File::BaseDir). + Don't hard-code /var/lib/ in $HOME path of to-be-created user "x2gouser". + Add to BR: findutils. + For Fedora-like systems, don't make x2goserver bin:package authoritative for non-X2Go directories. (Fixes: #676). + Remove macro call %systemd_pre for Fedora/EPEL-7 builds. No such macro in Fedora/RHEL7. (Fixes: 698). + Create system user x2gouser with $HOME in /var/lib/x2go. (Fixes: #697). + Always set BuildRoot: parameter. + BuildRequires: SUSE <= 11.3 has xorg-x11, not xinit. + Requires (x2goserver-xsession): SUSE <= 11.3 has xorg-x11, not xinit. + No Bashisms in scriptlets. + rpmlint requires shared-mime-info at build time on SLE <= 11.3. + "%set_permissions" / "%verify_permissions" macros are not know in SLE <= 11.3. Using "%run permissions" and "%verify permissions" instead. + On SUSE, add permissions.d/x2goserver. + Fix SQLite wrapper permissions (02775 -> 02755) + Use if then clauses for creating user/group x2goprint. . [ Matthew L. Dailey ] * New upstream version (4.0.1.19): - x2gocleansessions: Redirect stdin, stdout and stderr to /dev/null, test for the existence of the file descriptor before issuing the close, only capture the file descriptor backreference in the regex and send any close failures to syslog. (Fixes: #678). . [ Lars Wendler ] * New upstream version (4.0.1.19): - Use "printf" instead of "echo -n". (Fixes: #668). ------------=_1424811372-14109-0 Content-Type: message/rfc822 Content-Disposition: inline Content-Transfer-Encoding: 7bit Received: (at submit) by bugs.x2go.org; 6 Nov 2014 23:55:42 +0000 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on ymir.das-netzwerkteam.de X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,URIBL_BLOCKED autolearn=ham version=3.3.2 Received: from mout.kundenserver.de (mout.kundenserver.de [212.227.17.10]) by ymir.das-netzwerkteam.de (Postfix) with ESMTPS id 09B475DEA7 for ; Fri, 7 Nov 2014 00:55:41 +0100 (CET) Received: from [192.168.0.3] (HSI-KBW-078-043-170-197.hsi4.kabel-badenwuerttemberg.de [78.43.170.197]) by mrelayeu.kundenserver.de (node=mreue102) with ESMTP (Nemesis) id 0M8hmN-1Y0mFX0FN5-00wFtX; Fri, 07 Nov 2014 00:50:40 +0100 Message-ID: <545C095F.2020707@baur-itcs.de> Date: Fri, 07 Nov 2014 00:50:55 +0100 From: Stefan Baur User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:31.0) Gecko/20100101 Thunderbird/31.2.0 MIME-Version: 1.0 To: submit@bugs.x2go.org Subject: point out that x2gobroker is not a security feature Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Provags-ID: V02:K0:m8LNWoQmEuzRwnakkAPyKKbg34uesauIohxoLVE37vk EqitIA6oZMxOTQr1sRXl6rMgBV3nlicY04sEBwhPhWi6SqTGC/ eVnN/Oescp5mXzQEmqLp682qgjCHtLcBrDMAHhmLVRq491ap1h 33rF3OiRk7iN+0LPwwuIV6hRkfKa6rNvMtXhhZWh4TMUEAAWPF U1NHfj7yK4rk5S6OAxRYKOC881XV7lHgvOdh8+URH/JFoCcrqw uxMLTWOCL/pDdu7fbJy9oCWydmKj2Eb3RmpmIVK/Upe0VjyURb zAOIErGbJcTsXaNQdFJxcP8UN20jEW0SQ6+rqFXQfJuAoxDoh/ 4fvq6pZfJQxA5PtZhaHbPb2wTVrjy/kmDs36tv6yH X-UI-Out-Filterresults: notjunk:1; -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Package: x2gobroker Severity: wishlist Please add a prominent note to x2gobroker's man page that it is *not* intended as a security feature - a user can still launch x2goclient without the broker parameter and set it to run any executable the user has exec permission for on the server. As always, group membership and file permissions *MUST* (MUST as defined in RFC2119 https://www.ietf.org/rfc/rfc2119.txt) be used to limit a user's access to executables on the server. - -Stefan - -- BAUR-ITCS UG (haftungsbeschränkt) Geschäftsführer: Stefan Baur Eichenäckerweg 10, 89081 Ulm | Registergericht Ulm, HRB 724364 Fon/Fax 0731 40 34 66-36/-35 | USt-IdNr.: DE268653243 -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (MingW32) iQEcBAEBAgAGBQJUXAlfAAoJEG7d9BjNvlEZ+eAH/06sGKiAbYx5Lzf5ehEZcM/R 5lumXu0SOVHsCIen/KRAHP+MQ+wvGngNawo0PZsJBZyhvHQ/SeUMrotR3MSPFB3S ZDYvznt4LEfBbKbm4uabBmFOiSndFaFlyZzwt95z/SrAdaLidphUXlkTI0Mu5UOI qVQbZWtBUNmEF+I1MalAvpGCZ+JK3BpSg88Y7XDqZvQfTcUUBxr9MGWBxKL5CHlK Lt6jIZzXdxX+RWK7SmA5zYpUCG7yZcR6EzSnq7U1cDqW3XNG/QvddvS4IL04/u/U 068Tl/gHhKr3vquDjyMjXnuP8TbBFuTmDb6qbJeyY+UrC/n5kmXIlFRrBkZPnKM= =ej1y -----END PGP SIGNATURE----- ------------=_1424811372-14109-0--