Home
Reading
Searching
Subscribe
Sponsors
Statistics
Posting
Contact
Spam
Lists
Links
About
Hosting
Filtering
Features Download
Marketing
Archives
FAQ
Blog
 
Gmane
From: Mike Gabriel <mike.gabriel-QcRmU36LScxyC2I0vPwN6RvVK+yQ3ZXh <at> public.gmane.org>
Subject: X2Go Session Broker (0.0.2.1) released
Newsgroups: gmane.linux.terminal-server.x2go.announce
Date: Sunday 19th May 2013 12:57:53 UTC (over 3 years ago)
Dear all,

the X2Go project is proud to announce a new release of the X2Go
component ,,x2gobroker''.

New gains of this version of ,,x2gobroker'' are:

   o Vulnerability fix. With previous versions it was easily possible for
an
     attacker to execute arbitrary code as uid root(!).
   o Fix setting X2GOBROKER_SESSIONPROFILES variable via WSGI SetEnv
   o Populate install stanza in Makefile (for RPM packaging)
   o Bug closures: #201, #210, #211 (see below)

WARNING::: The above mentioned vulnerability fix demands that you  
upgrade all your X2Go Session Broker installations to version 0.0.2.1.


X2Go Component: x2gobroker
Version: 0.0.2.1
Status: RELEASE
Date: Sun, 19 May 2013 12:41:06 +0200
Changes:
  x2gobroker (0.0.2.1) RELEASED; urgency=low
  .
    [ Mike Gabriel ]
    * New upstream version (0.0.2.1):
      - Remove trailing slashes from ManagementServer URLs.
      - In Apache2 vhost configuration example, move WSGI environment
        variable settings into VirtualHost setup.
      - Remove unused, not-yet-developed broker backends and frontends.
      - Remove old cruft from x2gobroker.conf.
      - Security fix for setuid wrapper x2gobroker-agent.c. Hard-code path
to
        x2gobroker-agent.pl during build via defining a macro in the
Makefile.
        Thanks to Richard Weinberger for spotting this!!!
      - Handle URLs in plain WebUI that have slashes (and subpaths) in the
        backend name.
      - In WSGI mode: only populate os.environ with variables matching
        »X2GOBROKER_*«.
      - Make X2GOBROKER_SESSIONPROFILES configurable via a SetEnv WSGI
        parameter in the httpd configuration possible. (Fixes: #210).
    * Provide init scripts and *.default files outside of /debian folder
(as
      they are also relevant for non-Debian packaging).
  .
    [ Jan Engelhardt ]
    * New upstream version (0.0.2.1):
      - Populate install target of Makefile. (Fixes: #201).
      - Install man pages and default files through Makefile, as well.
(Fixes:
        #211).


Regards,
Mike Gabriel


-- 

DAS-NETZWERKTEAM
mike gabriel, herweg 7, 24357 fleckeby
fon: +49 (1520) 1976 148

GnuPG Key ID 0x25771B31
mail: [email protected], http://das-netzwerkteam.de

freeBusy:
https://mail.das-netzwerkteam.de/freebusy/m.gabriel%40das-netzwerkteam.de.xfb
 
CD: 3ms