[X2Go-Dev] Bug#1428: X2Go issue (in src:x2goclient) has been marked as pending for release
Mihai Moldovan
ionic at ionic.de
Fri Dec 20 20:32:49 CET 2019
tag #1428 pending
fixed #1428 4.1.2.2
thanks
Hello,
X2Go issue #1428 (src:x2goclient) reported by you has been
fixed in X2Go Git. You can see the changelog below, and you can
check the diff of the fix at:
http://code.x2go.org/gitweb?p=x2goclient.git;a=commitdiff;h=ce559d1
The issue will most likely be fixed in src:x2goclient (4.1.2.2).
light+love
X2Go Git Admin (on behalf of the sender of this mail)
---
commit ce559d163a943737fe4160f7233925df2eee1f9a
Author: Mihai Moldovan <ionic at ionic.de>
Date: Fri Dec 20 20:27:31 2019 +0100
src/sshprocess.cpp: strip ~/, ~user{,/}, ${HOME}{,/} and $HOME{,/} from destination paths in scp mode. Fixes: #1428.
This was already necessary for pascp (PuTTY-based Windows solution for
Kerberos support), but newer libssh versions with the CVE-2019-14889
also interpret paths as literal strings.
diff --git a/debian/changelog b/debian/changelog
index 504d6ae..9f84281 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -135,6 +135,11 @@ x2goclient (4.1.2.2-0x2go1) UNRELEASED; urgency=medium
sound weird first, but this behavior is consistent between all
applications - tray icons can be clicked via either button and will
always trigger a context menu. Let X2Go Client behave the same way.
+ - src/sshprocess.cpp: strip ~/, ~user{,/}, ${HOME}{,/} and $HOME{,/} from
+ destination paths in scp mode. Fixes: #1428. This was already necessary
+ for pascp (PuTTY-based Windows solution for Kerberos support), but newer
+ libssh versions with the CVE-2019-14889 also interpret paths as literal
+ strings.
* debian/control:
+ Add build-depend on pkg-config.
* x2goclient.spec:
More information about the x2go-dev
mailing list