Mike DePaulo | 13 Jul 01:13 2014
Picon

X2Go Client for Windows (4.0.2.1+hotfix1) released


Dear all,

This is to announce a new Windows-specific release of the X2Go
component ,,x2goclient''

  o x2goclient "4.0.2.1" will not be released because bug #546 was
discovered in it. Instead, "4.0.2.1+hotfix1" is the 1st release for
the series of hotfixes and builds for 4.0.2.1 . It contains the fix
for bug #546.

This hotfix release was built from the source for commit d2e0bf7 on
the release\4.0.2.x branch:
http://code.x2go.org/gitweb?p=x2goclient.git;a=commit;h=d2e0bf707653cbd5ba140cd0e04af00f4aab8872

For the Windows-specific release notes for this release, see this page:
http://wiki.x2go.org/doku.php/doc:release-notes-mswin:x2goclient-4.0.2.1

You can also read the see the original announcement about 4.0.2.1:
http://permalink.gmane.org/gmane.linux.terminal-server.x2go.announce/120
That announcement is also located here:
http://lists.x2go.org/pipermail/x2go-announcements/2014/000205.html

Regards,
Mike DePaulo
Mike Gabriel | 11 Jul 13:21 2014
Picon

X2Go Client (4.0.2.1) released

Dear all,

the X2Go project is proud to announce a new release of the X2Go
component ,,x2goclient''.

New gains of this version of ,,x2goclient'' are:

   o New command line options: --keep-trayicon, --hide-foldersharing,
     --close-disconnect (see below for details)
   o Fix FTBFS on arm64 architectures
   o Fix X2Go Client icon in Mac OS X's docker
   o Many many improvement around the Windows version of X2Go Client
     (thanks to Michael DePaulo for giving so much of his energy and
     time into the MS Windows maintenance of X2Go Client).

X2Go Component: x2goclient
Version: 4.0.2.1
Status: RELEASE
Date: Fri, 11 Jul 2014 12:23:59 +0200
Fixes these bug report(s): 235 364 365 421 478 498 502 514 528
Changes:
  x2goclient (4.0.2.1) RELEASED; urgency=low
  .
    [ Mike Gabriel ]
    * New upstream release (4.0.2.1):
      - Fix FTBFS on arm64 (and others) architecture. (Fixes: #498).
      - Only show session name in notification bubbles with debugging
        enabled. (Fixes: #364).
      - New command line option (--keep-trayicon). With that options set,
        we force X2Go client to only use the default "accelerated X" as
(Continue reading)

Mike Gabriel | 9 Jul 19:48 2014
Picon

Cooperation of X2Go and QVD for NX maintenance

Dear all,

I recently got in contact with Nicolas Arenas Alonso and Nito Martinez  
from the Quindel group (located in Spain) [1].

Those guys bring forth a software product called TheQVD (The Quality  
Virtual Desktop) [2]. The project does similar things that X2Go does.  
In fact, they use NX 3.5 from NoMachine internally like we do in X2Go.  
Already a year ago, I noticed their activity on TheQVD and thought..  
"Ahaaa!?!".

Now, a couple of weeks back we received a patch for libxcomp3 that  
fixes an FTBFS (fails to build from source) for nx-libs-lite against  
Android [3].

Furthermore, I noticed that the developers from TheQVD starting  
pulling in X2Go's version of NX [4] into their developing Git [5].

That opportunity I used to get in contact with the patch provider of  
the Android patch (Nito Martinez).

After having exchanged several mails, we have decided to join forces  
on the maintenance of nx-libs (aka NX redistributed). We (speaking  
with my X2Go release manager hat on) are happy to have found another  
partner who is focussed on pushing forward the NX development (and  
possibly also the rebasing of NX against latest X.Org).

Current common interests are:

   o bring NX to mobile devices
(Continue reading)

Mike Gabriel | 30 Jun 14:59 2014
Picon

NX-redistributed (3.5.0.27) released

Dear all,

unfortunately I had to make two consecutive follow-up releases of the
X2Go component ,,nx-libs''.

Fixes of these versions of ,,nx-libs'' are:

   o Make sure all patches end-up in the release tarball.
   o Split up patch 210 to allow generation of the nx-libs-lite
     tarball.

X2Go Component: nx-libs
Version: 3.5.0.27
Status: RELEASE
Date: Mon, 30 Jun 2014 14:53:27 +0200
Changes:
  nx-libs (3.5.0.27) RELEASED; urgency=medium
  .
    * Split up patch 210 (for correct creation nx-libs, nx-libs-lite tarballs):
      + 210_nxagent_save_session_state.full.patch
      + 210_nxcomp_save_session_state.full+lite.patch
  .
  nx-libs (3.5.0.26) RELEASED; urgency=medium
  .
    * Fix patch names:
      + 212_nxcomp_build-on-Android.patch ->
          212_nxcomp_build-on-Android.full+lite.patch
      + 302_nx-X11_xkbbasedir-detection.patch ->
          302_nx-X11_xkbbasedir-detection.full.patch

(Continue reading)

Mike Gabriel | 30 Jun 14:39 2014
Picon

NX-redistributed (3.5.0.25) released

Dear all,

the X2Go project is proud to announce a new release of the X2Go
component ,,nx-libs''.

New gains of this version of ,,nx-libs'' are:

   o Add kernel socket namespace support. Fixes failing
     nxproxy/nxagent execution on systems where pam_namespace.so
     is in use.
   o Fix xkeyboard-2.6 incompatibility issues. (Maybe not all of them,
     so please report back...).
   o Fix PPC64 support. (Thanks to Mihai Moldovan for digging into this!!!)
   o Allow building nxproxy/nxcomp on Android. (Thanks to Nito Martínez
     from the QVD project for sending in this patch).
   o New option: -state <statefile>. More accurately detect the
     current session state via an external status file. This is part
     of the bugfix for X2Go BTS issue #302.
   o Allow clipboard={none,client,server,both} as NX option.
   o Plus some minor issues (see changelog below...)

X2Go Component: nx-libs
Version: 3.5.0.25
Status: RELEASE
Date: Mon, 30 Jun 2014 14:05:46 +0200
Fixes these bug report(s): 40 339 490 504 505 515 516
Changes:
  nx-libs (3.5.0.25) RELEASED; urgency=low
  .
    [ Mihai Moldovan ]
(Continue reading)

Mike Gabriel | 19 Jun 09:39 2014
Picon

Important information: Wrong version of X2Go Server in Baikal LTS Debian archive

Dear all,

== Summary ==

we got informed by John McMonagle [1] about wrong package versions in  
the Debian archive of X2Go. Unfortunately, I only grasped the severity  
of that bug report a couple of days back.

In February 2014, a development snapshot of x2goserver* packages found  
their way into the Debian-based package archive of X2Go Baikal LTS [2].

This is of course a severe issue and after cross-checking last Monday,  
I reverted those uploads and provided the correct package versions  
(X2Go Server 4.0.0.11). No other area of the package archive was  
affected, only the Baikal LTS packages of X2Go Server for Debian.

== How to downgrade ==

Follow these steps for downgrading the development snapshot  
(4.1.0.0-preview) to the current Baikal LTS release of X2Go Server  
(4.0.0.11).

Open a terminal and run these commands...

   $ apt-get update
   $ apt-cache show x2goserver

   ### you should see two version of package x2goserver
   ### x2goserver 4.1.0.0-0x2go1~<something> (which is the currently  
installed version)
(Continue reading)

Mike DePaulo | 8 Jun 03:53 2014
Picon

X2Go Client for Windows (4.0.2.0+build4) released


Dear all,

this is to announce a new Windows-specific security update release of
the X2Go component ,,x2goclient''.
The change in this release of ,,x2goclient'' is:

  o Cygwin OpenSSL was updated from 1.0.1g-1 to 1.0.1h-1. This fixes
the 6 security vulnerabilities in the OpenSSL Security Advisory [05
Jun 2014]: CVE-2014-0224, CVE-2014-0221, CVE-2014-0195, CVE-2014-0198,
CVE-2010-5298 & CVE-2014-3470

Note that the previous announcement on 4.0.2.0+build3 was about Win32
OpenSSL being updated. Now, Cygwin OpenSSL has also been updated. With
4.0.2.0+build4, all versions of OpenSSL bundled with X2Go Client for
Windows have been updated.

All Windows users of 4.0.2.0+build3 and earlier are strongly
encouraged to update to 4.0.2.0+build4.
This includes users of the "misc" fonts and "full" fonts builds.

For more info on this release, see this page:
http://wiki.x2go.org/doku.php/doc:release-notes-mswin:x2goclient-4.0.2.0

Regards,
Mike DePaulo
Mike DePaulo | 8 Jun 03:44 2014
Picon

X2Go Client for Windows (4.0.2.0+build3) released


Dear all,

this is to announce a new Windows-specific security update release of
the X2Go component ,,x2goclient''.
The change in this release of ,,x2goclient'' is:

  o Win32 OpenSSL was updated from 1.0.1g to 1.0.1h. This fixes the 6
security vulnerabilities in the OpenSSL Security Advisory [05 Jun
2014]: CVE-2014-0224, CVE-2014-0221, CVE-2014-0195, CVE-2014-0198,
CVE-2010-5298 & CVE-2014-3470

An announcement will be sent out shortly about 4.0.2.0+build4, which
also fixes these 6 vulnerability in Cygwin OpenSSL. 4.0.2.0+build4 is
already available to download.

All Windows users of 4.0.2.0+build2 and earlier are strongly
encouraged to update to 4.0.2.0+build4 (instead of 4.0.2.0+build3.)
This includes users of the "misc" fonts and "full" fonts builds.

For more info on this release, see this page:
http://wiki.x2go.org/doku.php/doc:release-notes-mswin:x2goclient-4.0.2.0

Regards,
Mike DePaulo
Mike DePaulo | 29 May 14:28 2014
Picon

X2Go Client for Windows (4.0.2.0+build2) released


Dear all,

this is to announce a new Windows-specific security update release of
the X2Go component ,,x2goclient''.
The change in this release of ,,x2goclient'' is:

  o VcXsrv was updated from 1.4.3.1 to 1.4.3.2. The difference is that
VcXsrv 1.14.3.2 has backported fixes for X.Org vulnerabilities
CVE-2014-0209, CVE-2014-0210, and CVE-2014-0211.

All Windows users of 4.0.2.0 are strongly encouraged to update to
4.0.2.0+build2. This includes users of the ?misc? fonts and ?full?
fonts builds.

For more info on this release, see this page:
http://wiki.x2go.org/doku.php/doc:release-notes-mswin:x2goclient-4.0.2.0

Regards,
Mike DePaulo
Michael DePaulo | 19 May 18:35 2014
Picon

X2Go Announcement on Heartbleed (CVE-2014-0160)

I originally sent this email to x2go-announcements@... on
2014-05-08 (UTC Time.) I am re-sending the email now because there was
an issue that prevented x2go-announcements@... from being
synced with GMANE.org.
--------

The following is the X2Go project's announcement on heartbleed
(CVE-2014-0160) and what actions users & system administrators should
take.

1. When X2Go (both X2Go Client and X2Go Server) is used without an
X2Go Session Broker, X2Go is not vulnerable.

If you do use X2Go without a session broker, no action is required in
terms of X2Go.

We still strongly advise you to install your Linux distro's patch for OpenSSL.

We also advise updating X2Go Client for Windows to 4.0.2.0, and X2Go
client for Mac OS X to 4.0.2.0, in order to avoid vulnerability
scanners flagging X2Go Client as vulnerable.

2. When X2Go is used with an X2Go Session Broker, these X2Go
components are vulnerable if the following conditions are met:

a. X2Go Session Broker: If the Linux distro uses OpenSSL 1.0.1, the
Linux distro's CVE-2014-0160 patch is not installed, and HTTPS is
enabled.
(If you are using x2gobroker-wsgi, HTTPS would be enabled in your
apache configuration. If you are using x2gobroker-daemon, it would be
(Continue reading)

Mike Gabriel | 18 May 11:39 2014
Picon

CUPS X2Go Backend (3.0.1.0) released

Dear all,

the X2Go project is proud to announce a new release of the X2Go
component ,,cups-x2go''.

New gains of this version of ,,cups-x2go'' are:

      o Provide example .spec file for RPM packaging
      o A little README that points you to more documentation
      o Debian packaging improvements

Note: I just checked our announcements mailing list and saw that this post
did not make it to our RSS feed at GMANE. Re-sending this mail, now  
that the RSS
sync with our mailing lists has been fixed.

X2Go Component: cups-x2go
Version: 3.0.1.0
Status: RELEASE
Date: Fri, 09 May 2014 09:16:45 +0200
Fixes these bug report(s): 298 299
Changes:
     cups-x2go (3.0.1.0) RELEASED; urgency=low
     .
       * New upstream version (3.0.1.0):
         - Add license file. (Fixes: #298).
         - Add a short README that provides some getting started
           information. (Fixes: #299).
       * debian/source/format:
         + Switch to format 1.0.
(Continue reading)


Gmane