Dear all,
the X2Go project is proud to announce a new release of the X2Go component ,,x2goserver''.
This release pulls in all changes that got introduced in our Baikal LTS release 4.0.0.8, including a severe vulnerability in x2gocleansessions. Gains of the LTS version 4.0.0.8 of ,,x2goserver'' are:
o Improve parsing of the NX session.log file. Fix session suspending/resuming when in fails in some occasions. o Fix severe vulnerability in x2gocleansessions. o Sanitize session ID string, port numbers, display numbers and agent PID numbers before writing them as strings to the session DB.
Please note::: This release fixes a severe vulnerability in X2Go Server that allowed an attacker with user permissions to gain root access to the X2Go Server machine. Everyone, please upgrade your X2Go Server installations.
New gains of the version 4.0.1.10 of ,,x2goserver'' are:
o Fix x2goresume-session that we broke in 4.0.1.9. o Fix the x2goserver-fmbindings Makefile. o Allow enabling/disabling of TCP listening of x2goagent. o Provide Xsession support for RPM based distribution.
This version of X2Go Server is the first version that we as X2Go upstream also provide as RPM packages for Fedora [1] and EPEL-5 and EPEL-6 [2].
[1] http://wiki.x2go.org/doku.php/wiki:repositories:fedora [2] http://wiki.x2go.org/doku.php/wiki:repositories:epel
X2Go Component: x2goserver
Version: 4.0.1.10
Status: RELEASE
Date: Fri, 03 Jan 2014 11:34:36 +0100
Fixes these bug report(s): 354 355
Changes:
x2goserver (4.0.1.10) RELEASED; urgency=low
.
* New upstream version (4.0.1.10):
- Fix x2goresume-session. The several parameters placed into the
NX options
file are expected by x2goresume-session at very specific
positions. This
we broke by trying to fix the fullscreen/geometry issue in
x2gostartagent.
Thanks to Harvey Eneman for tracking this down!!! (Fixes: #355).
- x2goserver-fmbindings/Makefile: install x2gofm.
- x2goserver-fmbindings/Makefile: install share/applications and
share/mime.
- x2goserver-printing/Makefile: create feature.d directory
before installing
files into it.
- Handle TCP listening of x2goagent in x2goagent.options. (Fixes: #354).
- Clean up Makefiles, remove commented out lines.
- Use xkb ruleset 'base' rather than xfree86 as on RHEL systems the
xfree86 symlink to base ruleset does not exist.
- Grab systemd service file from Fedora and ship it upstream.
- Provide RHEL/Fedora support in x2goserver-xsession.
- Only sanity check for existence of /etc/x2go/Xsession.d on Debian
(derived) systems.
- Provide man page for x2goserver.conf.
* x2goserver.spec:
+ Ship x2goserver.spec (RPM package definitions) in upstream project.
(Thanks to the Fedora package maintainers). File differs from
the Fedora
file already.
+ Add init script for RPM based distro. Taken from the Fedora
package.
+ Clear (Fedora package) changelog.
Regards, Mike Gabriel
--
DAS-NETZWERKTEAM mike gabriel, herweg 7, 24357 fleckeby fon: +49 (1520) 1976 148
GnuPG Key ID 0x25771B31 mail: mike.gabriel@das-netzwerkteam.de, http://das-netzwerkteam.de
freeBusy: https://mail.das-netzwerkteam.de/freebusy/m.gabriel%40das-netzwerkteam.de.xf...