This is an automated email from the git hooks/post-receive script. x2go pushed a change to branch release/4.1.1.1-mswin in repository x2goclient. at 049aa6f Update debian/changelog that commit "Do not attempt to perform Interaction with SSH Server" Fixes: #1258 This branch includes the following new commits: new caeef2b Update changelog assuming 4.1.1.1-2018.03.01 release is successful. new d6485b2 Do not attempt to perform Interaction with SSH Server new 0370515 Windows: Update PuTTY from 0.68 to 0.70 new 049aa6f Update debian/changelog that commit "Do not attempt to perform Interaction with SSH Server" Fixes: #1258 The 4 revisions listed above as "new" are entirely new to this repository and will be described in separate emails. The revisions listed as "adds" were already present in the repository and have only been added to this reference. -- Alioth's /home/x2go-admin/maintenancescripts/git/hooks/post-receive-email on /srv/git/code.x2go.org/x2goclient.git
This is an automated email from the git hooks/post-receive script. x2go pushed a commit to branch release/4.1.1.1-mswin in repository x2goclient. commit 03705156000c7311804e80a42bf430c6eb171716 Author: Mike DePaulo <mikedep333@gmail.com> Date: Sun Feb 18 23:08:27 2018 -0500 Windows: Update PuTTY from 0.68 to 0.70 --- copy-deps-win32.bat | 2 +- debian/changelog | 5 +++++ 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/copy-deps-win32.bat b/copy-deps-win32.bat index 1fe50b5..6c3d32c 100755 --- a/copy-deps-win32.bat +++ b/copy-deps-win32.bat @@ -11,7 +11,7 @@ xcopy /E /Y %1\MinGW-DLLs\i686-4.8.2-release-posix-dwarf-rt_v3-rev3\libstdc++ xcopy /E /Y %1\MinGW-DLLs\i686-4.8.2-release-posix-dwarf-rt_v3-rev3\libwinpthread-1.dll %3\ || exit /b %errorlevel% xcopy /E /Y %1\MSVC-DLLs\2013-12.0.21005.1-x86\msvcr120.dll %3\ || exit /b %errorlevel% xcopy /E /Y %1\pulse\7.1-2.2_bin %3\ || exit /b %errorlevel% -xcopy /E /Y %1\PuTTY\0.68_bin %3\ || exit /b %errorlevel% +xcopy /E /Y %1\PuTTY\0.70_bin %3\ || exit /b %errorlevel% xcopy /E /Y /I %1\VcXsrv\1.17.0.0-3_bin %3\VcXsrv || exit /b %errorlevel% xcopy /E /Y %1\zlib\1.2.8_bin\zlib1.dll %3\ || exit /b %errorlevel% xcopy /E /Y %1\zlib\x86-mingw4-1.2.7-1_bin\bin\libz.dll %3\ || exit /b %errorlevel% diff --git a/debian/changelog b/debian/changelog index 4463ac7..0cd1c48 100644 --- a/debian/changelog +++ b/debian/changelog @@ -4,6 +4,11 @@ x2goclient (4.1.1.1-2018.03.01) unstable; urgency=medium - src/sshmasterconnection.cpp: Do not attempt to perform Interaction with SSH Server (e.g. for changing expired password) when using GSSAPI/Kerberos because the interaction code does not support it yet. + - Windows: Update PuTTY from 0.68 to 0.70, which fixes PuTTY vulns + vuln-indirect-dll-hijack-2 & vuln-indirect-dll-hijack-3. + Note that x2goclient was only ever affected if the permissions on the + installation folder were changed to give users write access, or if + x2goclient was copied/extracted to a folder where users could write. -- Mike DePaulo <mikedep333@gmail.com> Wed, 28 Feb 2018 20:53:41 -0500 -- Alioth's /home/x2go-admin/maintenancescripts/git/hooks/post-receive-email on /srv/git/code.x2go.org/x2goclient.git
This is an automated email from the git hooks/post-receive script. x2go pushed a commit to branch release/4.1.1.1-mswin in repository x2goclient. commit d6485b2c04a50f5dbaf6b1f751b5120e589fa118 Author: Mike DePaulo <mikedep333@gmail.com> Date: Sun Feb 18 19:52:22 2018 -0500 Do not attempt to perform Interaction with SSH Server (e.g. for changing expired password) when using GSSAPI/Kerberos because the interaction code does not support it yet. --- debian/changelog | 3 +++ src/sshmasterconnection.cpp | 38 ++++++++++++++++++++++---------------- 2 files changed, 25 insertions(+), 16 deletions(-) diff --git a/debian/changelog b/debian/changelog index 35e1c0b..4463ac7 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,6 +1,9 @@ x2goclient (4.1.1.1-2018.03.01) unstable; urgency=medium [ Mike DePaulo ] * New upstream version (4.1.1.1-2018.03.01): + - src/sshmasterconnection.cpp: Do not attempt to perform Interaction with + SSH Server (e.g. for changing expired password) when using + GSSAPI/Kerberos because the interaction code does not support it yet. -- Mike DePaulo <mikedep333@gmail.com> Wed, 28 Feb 2018 20:53:41 -0500 diff --git a/src/sshmasterconnection.cpp b/src/sshmasterconnection.cpp index be327c6..0772f3f 100644 --- a/src/sshmasterconnection.cpp +++ b/src/sshmasterconnection.cpp @@ -725,23 +725,29 @@ void SshMasterConnection::run() #ifdef DEBUG x2goDebug<<"User authentication OK."; #endif - if(checkLogin()) - { - x2goDebug<<"Login Check - OK"; + // checkLogin() is currently specific to libssh. + if(kerberos) emit connectionOk(host); - } - else - { - x2goDebug<<"Login Check - Failed"; -// if(!interactionInterrupt) - { - emit finishInteraction(this); - } - ssh_disconnect ( my_ssh_session ); - ssh_free ( my_ssh_session ); - quit(); - return; - } + else + { + if(checkLogin()) + { + x2goDebug<<"Login Check - OK"; + emit connectionOk(host); + } + else + { + x2goDebug<<"Login Check - Failed"; +// if(!interactionInterrupt) + { + emit finishInteraction(this); + } + ssh_disconnect ( my_ssh_session ); + ssh_free ( my_ssh_session ); + quit(); + return; + } + } } else { -- Alioth's /home/x2go-admin/maintenancescripts/git/hooks/post-receive-email on /srv/git/code.x2go.org/x2goclient.git
This is an automated email from the git hooks/post-receive script. x2go pushed a commit to branch release/4.1.1.1-mswin in repository x2goclient. commit caeef2b43d3e0fe121582daba9a2836203195ad7 Author: Mike DePaulo <mikedep333@gmail.com> Date: Wed Feb 28 20:55:13 2018 -0500 Update changelog assuming 4.1.1.1-2018.03.01 release is successful. --- debian/changelog | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/debian/changelog b/debian/changelog index bd584fd..35e1c0b 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,9 @@ +x2goclient (4.1.1.1-2018.03.01) unstable; urgency=medium + [ Mike DePaulo ] + * New upstream version (4.1.1.1-2018.03.01): + + -- Mike DePaulo <mikedep333@gmail.com> Wed, 28 Feb 2018 20:53:41 -0500 + x2goclient (4.1.1.1-0x2go1) unstable; urgency=medium [ Mihai Moldovan ] -- Alioth's /home/x2go-admin/maintenancescripts/git/hooks/post-receive-email on /srv/git/code.x2go.org/x2goclient.git
This is an automated email from the git hooks/post-receive script. x2go pushed a commit to branch release/4.1.1.1-mswin in repository x2goclient. commit 049aa6f14913fa8b95ed07231b16294aaa7d672c Author: Mike DePaulo <mikedep333@gmail.com> Date: Sun Feb 18 23:34:31 2018 -0500 Update debian/changelog that commit "Do not attempt to perform Interaction with SSH Server" Fixes: #1258 --- debian/changelog | 1 + 1 file changed, 1 insertion(+) diff --git a/debian/changelog b/debian/changelog index 0cd1c48..5783353 100644 --- a/debian/changelog +++ b/debian/changelog @@ -4,6 +4,7 @@ x2goclient (4.1.1.1-2018.03.01) unstable; urgency=medium - src/sshmasterconnection.cpp: Do not attempt to perform Interaction with SSH Server (e.g. for changing expired password) when using GSSAPI/Kerberos because the interaction code does not support it yet. + Fixes: #1258 - Windows: Update PuTTY from 0.68 to 0.70, which fixes PuTTY vulns vuln-indirect-dll-hijack-2 & vuln-indirect-dll-hijack-3. Note that x2goclient was only ever affected if the permissions on the -- Alioth's /home/x2go-admin/maintenancescripts/git/hooks/post-receive-email on /srv/git/code.x2go.org/x2goclient.git
-
git-admin@x2go.org