X2Go Release Manager X2Go Release Manager
2018-06-23 02:19:38 UTC
close #1258
thanks
Hello,
we are very hopeful that X2Go issue #1258 reported by you
has been resolved in the new release (4.1.2.0) of the
X2Go source project »src:x2goclient«.
You can view the complete changelog entry of src:x2goclient (4.1.2.0)
below, and you can use the following link to view all the code changes
between this and the last release of src:x2goclient.
http://code.x2go.org/gitweb?p=x2goclient.git;a=commitdiff;h=81565e3e4bd7ee380f72d68ff002aa18501230d4;hp=d8f5e5a4a51724ef3620e7f347644338e2449444
If you feel that the issue has not been resolved satisfyingly, feel
free to reopen this bug report or submit a follow-up report with
further observations described based on the new released version
of src:x2goclient.
Thanks a lot for contributing to X2Go!!!
light+love
X2Go Git Admin (on behalf of the sender of this mail)
---
X2Go Component: src:x2goclient
Version: 4.1.2.0-0x2go1
Status: RELEASE
Date: Fri, 22 Jun 2018 22:30:29 +0200
Fixes: 1156 1258 1263
Changes:
x2goclient (4.1.2.0-0x2go1) RELEASED; urgency=medium
.
[ Mike DePaulo ]
* New upstream version (4.1.2.0):
- src/sshmasterconnection.cpp: Do not attempt to perform Interaction with
SSH Server (e.g. for changing expired password) when using
GSSAPI/Kerberos because the interaction code does not support it yet.
Fixes: #1258
- Windows: Update PuTTY from 0.68 to 0.70, which fixes PuTTY vulns
vuln-indirect-dll-hijack-2 & vuln-indirect-dll-hijack-3.
Note that x2goclient was only ever affected if the permissions on the
installation folder were changed to give users write access, or if
x2goclient was copied/extracted to a folder where users could write.
- Windows: Update Win32 OpenSSL from 1.0.2k to 1.0.2n
Fixes several CVEs
- Windows: Upgrade bundled VcXsrv from 1.17.0.0-3 (X2Go/Arctica Build)
to 1.20.0.0 (upstream build)
+ Fixes https://github.com/ArcticaProject/nx-libs/issues/600
+ Incompatible with XP & Vista
+ Unmodified except for strip-nondeterminism being run on .gz files
.
[ Oleksandr Shneyder ]
* New upstream version (4.1.2.0):
- don't start gpg agent for PGP card authentication. Use system agent instead.
- change search string for pcsc_scan.
- destroy unused SSH sessions for LDAP authentication.
.
[ Mihai Moldovan ]
* New upstream version (4.1.2.0):
- misc: update version to 4.1.2.0.
- res/img/svg: add new lxqt.svg icon file (really helix.svg).
- res/img/icons/*x*: add new rasterized lxqt.png files in different sizes.
- res/qresources.qrc: add new lxqt files.
- src/{onmainwindow.cpp,session{button,widget}.{cpp,h}}: add support for
LXQt. Fixes: #1263.
- src/sshmasterconnection.cpp: stop libssh/OpenSSL from querying for a
passphrase if started with a controlling terminal.
- x2goclient.pro: remove plugin references.
- misc: change http:// to https:// where appropriate, but in actual code
and translation files for now.
- Makefile: remove plugin references.
- Makefile: remove x2goclient_*.qm files in clean rule.
- x2gobrowserplugin-2.4_1/: remove.
- provider/: remove.
- INSTALL: remove plugin references.
- {{build,config}_win_plugin.bat,config_linux_{,static_}plugin.sh}:
remove.
- config_win.bat: remove plugin references.
- src/{configdialog.cpp,onmainwindow{.cpp,{,_privat}.h}}: remove plugin
references.
- src/editconnectiondialog.cpp: do not connect signals to slots that do
not exist on non-Linux platforms.
- src/onmainwindow.cpp: add -nopn parameter to VcXsrv startup options,
making the binary fail if it wasn't able to bind the requested port on
all addresses.
- src/onmainwindow.cpp: print out current DISPLAY value in debug log while
starting X.Org Server on Windows.
- src/onmainwindow.{cpp,h}: don't error out directly if starting the X.Org
Server failed on Windows. Instead, try starting it three times, each
time with a higher DISPLAY offset. On busy client machines, several
clients raced for the sockets previously and often failed to start. Also
check if the server binary actually is still alive before doing the TCP
connection checks. A dead server won't be able to listen on a socket in
the first place.
- {src/{onmainwindow.{cpp,h},help.cpp},man/man1/x2goclient.1}: add new
option --xserver-start-limit, replacing the formerly hardcoded limit of
three tries.
- src/onmainwindow.{cpp,h}: fix compile error on Windows - use std::size_t
instead of std::ssize_t, treat zero as infinity value while parsing
option value.
- src/onmainwindow.cpp: handle a disabled X.Org Server start limit
correctly.
- src/onmainwindow.cpp: fix other compile errors/typos.
- src/onmainwindow.cpp: another compile error/typo fix.
- src/onmainwindow.cpp: let client recognize new --xserver-start-limit
param correctly.
- src/onmainwindow.cpp: add -silent-dup-error parameter to VcXsrv startup
options, forcing it to silently fail without showing a dialog and thus
keeping the process running.
- src/onmainwindow.cpp: re-add periodic xmodmap keyboard sync for OS
X/macOS platforms. Was dropped some time ago by accident.
- src/onmainwindow.cpp: fix compile error on OS X/macOS.
- copy-deps-win32.bat: update to 20160121-4 Cygwin bundle, shipping with
chgrp.
- src/onmainwindow.cpp: fix user-facing error messages in Windows X.Org
Server startup functions.
- src/pulsemanager.cpp: use QByteArray's constData () instead of data (),
since we'll never modify the data anyway.
- src/onmainwindow.cpp: hook-in chgrp for ~/.x2go/etc on Windows platforms
to work around a Cygwin permissions bug. Fixes: #1156.
- src/onmainwindow.cpp: QProcess:nullDevice () is only available on Qt
5.2+, so use a workaround for older versions.
- src/onmainwindow.cpp: actually pass the correct group ID to the chgrp
call and make sure that the warning dialog box also appears whenever the
exit code indicates a failure.
- src/onmainwindow.{cpp,h}: remove Cygwin permissions workaround via
chgrp.
- copy-deps-win32.bat: update to 20180615-1 Cygwin bundle, shipping with
a further modified OpenSSH Server version at 7.7p1-1-x2go1 and without
chgrp.
- src/onmainwindow.cpp: disable private host key permissions check in
OpenSSH Server on Windows. Fixes: #1156.
- res/i18n/x2goclient_*.ts: update translation files.
- res/i18n/x2goclient_fi.ts: whitespace and other fixups.
- res/i18n/x2goclient_fi.ts: add missing numerus form translation and
other fixups.
- res/i18n/x2goclient_de.ts: another fixup I previously forgot about.
- res/i18n/x2goclient_et.ts: whitespace and meta data fixup.
- res/i18n/x2goclient_et.ts: typo fix: on+ma -> oma.
* x2goclient.spec:
- Remove plugin references.
* debian/rules:
- Remove plugin references.
- Remove x2goclient_*.qm files removal.
* debian/control:
- Convert plugin packages to dummy transitional packages with no
dependencies, remove other plugin references.
* debian/:
- x2goplugin{,-provider}.install: clear out.
- {x2goplugin.dirs,x2goplugin-provider.dirs,x2goplugin-provider.links,
x2goplugin-provider.post*}: remove.
* debian/copyright:
- Remove plugin references.
.
[ Martti Pitkänen ]
* New upstream version (4.1.2.0):
- res/i18n/x2goclient_fi.ts: update Finnish translation file.
.
[ Stefan Baur ]
* New upstream release (4.1.2.0):
- res/i18n/x2goclient_de.ts: update German translation file.
.
[ Sébastien Ducoulombier ]
* New upstream version (4.1.2.0):
- res/i18n/x2goclient_fr.ts: update French translation file.
.
[ Robert Parts ]
* New upstream version (4.1.2.0):
- res/i18n/x2goclient_et.ts: update Estonian translation file.
thanks
Hello,
we are very hopeful that X2Go issue #1258 reported by you
has been resolved in the new release (4.1.2.0) of the
X2Go source project »src:x2goclient«.
You can view the complete changelog entry of src:x2goclient (4.1.2.0)
below, and you can use the following link to view all the code changes
between this and the last release of src:x2goclient.
http://code.x2go.org/gitweb?p=x2goclient.git;a=commitdiff;h=81565e3e4bd7ee380f72d68ff002aa18501230d4;hp=d8f5e5a4a51724ef3620e7f347644338e2449444
If you feel that the issue has not been resolved satisfyingly, feel
free to reopen this bug report or submit a follow-up report with
further observations described based on the new released version
of src:x2goclient.
Thanks a lot for contributing to X2Go!!!
light+love
X2Go Git Admin (on behalf of the sender of this mail)
---
X2Go Component: src:x2goclient
Version: 4.1.2.0-0x2go1
Status: RELEASE
Date: Fri, 22 Jun 2018 22:30:29 +0200
Fixes: 1156 1258 1263
Changes:
x2goclient (4.1.2.0-0x2go1) RELEASED; urgency=medium
.
[ Mike DePaulo ]
* New upstream version (4.1.2.0):
- src/sshmasterconnection.cpp: Do not attempt to perform Interaction with
SSH Server (e.g. for changing expired password) when using
GSSAPI/Kerberos because the interaction code does not support it yet.
Fixes: #1258
- Windows: Update PuTTY from 0.68 to 0.70, which fixes PuTTY vulns
vuln-indirect-dll-hijack-2 & vuln-indirect-dll-hijack-3.
Note that x2goclient was only ever affected if the permissions on the
installation folder were changed to give users write access, or if
x2goclient was copied/extracted to a folder where users could write.
- Windows: Update Win32 OpenSSL from 1.0.2k to 1.0.2n
Fixes several CVEs
- Windows: Upgrade bundled VcXsrv from 1.17.0.0-3 (X2Go/Arctica Build)
to 1.20.0.0 (upstream build)
+ Fixes https://github.com/ArcticaProject/nx-libs/issues/600
+ Incompatible with XP & Vista
+ Unmodified except for strip-nondeterminism being run on .gz files
.
[ Oleksandr Shneyder ]
* New upstream version (4.1.2.0):
- don't start gpg agent for PGP card authentication. Use system agent instead.
- change search string for pcsc_scan.
- destroy unused SSH sessions for LDAP authentication.
.
[ Mihai Moldovan ]
* New upstream version (4.1.2.0):
- misc: update version to 4.1.2.0.
- res/img/svg: add new lxqt.svg icon file (really helix.svg).
- res/img/icons/*x*: add new rasterized lxqt.png files in different sizes.
- res/qresources.qrc: add new lxqt files.
- src/{onmainwindow.cpp,session{button,widget}.{cpp,h}}: add support for
LXQt. Fixes: #1263.
- src/sshmasterconnection.cpp: stop libssh/OpenSSL from querying for a
passphrase if started with a controlling terminal.
- x2goclient.pro: remove plugin references.
- misc: change http:// to https:// where appropriate, but in actual code
and translation files for now.
- Makefile: remove plugin references.
- Makefile: remove x2goclient_*.qm files in clean rule.
- x2gobrowserplugin-2.4_1/: remove.
- provider/: remove.
- INSTALL: remove plugin references.
- {{build,config}_win_plugin.bat,config_linux_{,static_}plugin.sh}:
remove.
- config_win.bat: remove plugin references.
- src/{configdialog.cpp,onmainwindow{.cpp,{,_privat}.h}}: remove plugin
references.
- src/editconnectiondialog.cpp: do not connect signals to slots that do
not exist on non-Linux platforms.
- src/onmainwindow.cpp: add -nopn parameter to VcXsrv startup options,
making the binary fail if it wasn't able to bind the requested port on
all addresses.
- src/onmainwindow.cpp: print out current DISPLAY value in debug log while
starting X.Org Server on Windows.
- src/onmainwindow.{cpp,h}: don't error out directly if starting the X.Org
Server failed on Windows. Instead, try starting it three times, each
time with a higher DISPLAY offset. On busy client machines, several
clients raced for the sockets previously and often failed to start. Also
check if the server binary actually is still alive before doing the TCP
connection checks. A dead server won't be able to listen on a socket in
the first place.
- {src/{onmainwindow.{cpp,h},help.cpp},man/man1/x2goclient.1}: add new
option --xserver-start-limit, replacing the formerly hardcoded limit of
three tries.
- src/onmainwindow.{cpp,h}: fix compile error on Windows - use std::size_t
instead of std::ssize_t, treat zero as infinity value while parsing
option value.
- src/onmainwindow.cpp: handle a disabled X.Org Server start limit
correctly.
- src/onmainwindow.cpp: fix other compile errors/typos.
- src/onmainwindow.cpp: another compile error/typo fix.
- src/onmainwindow.cpp: let client recognize new --xserver-start-limit
param correctly.
- src/onmainwindow.cpp: add -silent-dup-error parameter to VcXsrv startup
options, forcing it to silently fail without showing a dialog and thus
keeping the process running.
- src/onmainwindow.cpp: re-add periodic xmodmap keyboard sync for OS
X/macOS platforms. Was dropped some time ago by accident.
- src/onmainwindow.cpp: fix compile error on OS X/macOS.
- copy-deps-win32.bat: update to 20160121-4 Cygwin bundle, shipping with
chgrp.
- src/onmainwindow.cpp: fix user-facing error messages in Windows X.Org
Server startup functions.
- src/pulsemanager.cpp: use QByteArray's constData () instead of data (),
since we'll never modify the data anyway.
- src/onmainwindow.cpp: hook-in chgrp for ~/.x2go/etc on Windows platforms
to work around a Cygwin permissions bug. Fixes: #1156.
- src/onmainwindow.cpp: QProcess:nullDevice () is only available on Qt
5.2+, so use a workaround for older versions.
- src/onmainwindow.cpp: actually pass the correct group ID to the chgrp
call and make sure that the warning dialog box also appears whenever the
exit code indicates a failure.
- src/onmainwindow.{cpp,h}: remove Cygwin permissions workaround via
chgrp.
- copy-deps-win32.bat: update to 20180615-1 Cygwin bundle, shipping with
a further modified OpenSSH Server version at 7.7p1-1-x2go1 and without
chgrp.
- src/onmainwindow.cpp: disable private host key permissions check in
OpenSSH Server on Windows. Fixes: #1156.
- res/i18n/x2goclient_*.ts: update translation files.
- res/i18n/x2goclient_fi.ts: whitespace and other fixups.
- res/i18n/x2goclient_fi.ts: add missing numerus form translation and
other fixups.
- res/i18n/x2goclient_de.ts: another fixup I previously forgot about.
- res/i18n/x2goclient_et.ts: whitespace and meta data fixup.
- res/i18n/x2goclient_et.ts: typo fix: on+ma -> oma.
* x2goclient.spec:
- Remove plugin references.
* debian/rules:
- Remove plugin references.
- Remove x2goclient_*.qm files removal.
* debian/control:
- Convert plugin packages to dummy transitional packages with no
dependencies, remove other plugin references.
* debian/:
- x2goplugin{,-provider}.install: clear out.
- {x2goplugin.dirs,x2goplugin-provider.dirs,x2goplugin-provider.links,
x2goplugin-provider.post*}: remove.
* debian/copyright:
- Remove plugin references.
.
[ Martti Pitkänen ]
* New upstream version (4.1.2.0):
- res/i18n/x2goclient_fi.ts: update Finnish translation file.
.
[ Stefan Baur ]
* New upstream release (4.1.2.0):
- res/i18n/x2goclient_de.ts: update German translation file.
.
[ Sébastien Ducoulombier ]
* New upstream version (4.1.2.0):
- res/i18n/x2goclient_fr.ts: update French translation file.
.
[ Robert Parts ]
* New upstream version (4.1.2.0):
- res/i18n/x2goclient_et.ts: update Estonian translation file.