Mike Gabriel | 19 May 14:57 2013
Picon

X2Go Session Broker (0.0.2.1) released

Dear all,

the X2Go project is proud to announce a new release of the X2Go
component ,,x2gobroker''.

New gains of this version of ,,x2gobroker'' are:

   o Vulnerability fix. With previous versions it was easily possible for an
     attacker to execute arbitrary code as uid root(!).
   o Fix setting X2GOBROKER_SESSIONPROFILES variable via WSGI SetEnv
   o Populate install stanza in Makefile (for RPM packaging)
   o Bug closures: #201, #210, #211 (see below)

WARNING::: The above mentioned vulnerability fix demands that you  
upgrade all your X2Go Session Broker installations to version 0.0.2.1.

X2Go Component: x2gobroker
Version: 0.0.2.1
Status: RELEASE
Date: Sun, 19 May 2013 12:41:06 +0200
Changes:
  x2gobroker (0.0.2.1) RELEASED; urgency=low
  .
    [ Mike Gabriel ]
    * New upstream version (0.0.2.1):
      - Remove trailing slashes from ManagementServer URLs.
      - In Apache2 vhost configuration example, move WSGI environment
        variable settings into VirtualHost setup.
      - Remove unused, not-yet-developed broker backends and frontends.
      - Remove old cruft from x2gobroker.conf.
      - Security fix for setuid wrapper x2gobroker-agent.c. Hard-code path to
        x2gobroker-agent.pl during build via defining a macro in the Makefile.
        Thanks to Richard Weinberger for spotting this!!!
      - Handle URLs in plain WebUI that have slashes (and subpaths) in the
        backend name.
      - In WSGI mode: only populate os.environ with variables matching
        »X2GOBROKER_*«.
      - Make X2GOBROKER_SESSIONPROFILES configurable via a SetEnv WSGI
        parameter in the httpd configuration possible. (Fixes: #210).
    * Provide init scripts and *.default files outside of /debian folder (as
      they are also relevant for non-Debian packaging).
  .
    [ Jan Engelhardt ]
    * New upstream version (0.0.2.1):
      - Populate install target of Makefile. (Fixes: #201).
      - Install man pages and default files through Makefile, as well. (Fixes:
        #211).

Regards,
Mike Gabriel

-- 

DAS-NETZWERKTEAM
mike gabriel, herweg 7, 24357 fleckeby
fon: +49 (1520) 1976 148

GnuPG Key ID 0x25771B31
mail: mike.gabriel@..., http://das-netzwerkteam.de

freeBusy:
https://mail.das-netzwerkteam.de/freebusy/m.gabriel%40das-netzwerkteam.de.xfb
Dear all,

the X2Go project is proud to announce a new release of the X2Go
component ,,x2gobroker''.

New gains of this version of ,,x2gobroker'' are:

   o Vulnerability fix. With previous versions it was easily possible for an
     attacker to execute arbitrary code as uid root(!).
   o Fix setting X2GOBROKER_SESSIONPROFILES variable via WSGI SetEnv
   o Populate install stanza in Makefile (for RPM packaging)
   o Bug closures: #201, #210, #211 (see below)

WARNING::: The above mentioned vulnerability fix demands that you  
upgrade all your X2Go Session Broker installations to version 0.0.2.1.

X2Go Component: x2gobroker
Version: 0.0.2.1
Status: RELEASE
Date: Sun, 19 May 2013 12:41:06 +0200
Changes:
  x2gobroker (0.0.2.1) RELEASED; urgency=low
  .
    [ Mike Gabriel ]
    * New upstream version (0.0.2.1):
      - Remove trailing slashes from ManagementServer URLs.
      - In Apache2 vhost configuration example, move WSGI environment
        variable settings into VirtualHost setup.
      - Remove unused, not-yet-developed broker backends and frontends.
      - Remove old cruft from x2gobroker.conf.
      - Security fix for setuid wrapper x2gobroker-agent.c. Hard-code path to
        x2gobroker-agent.pl during build via defining a macro in the Makefile.
        Thanks to Richard Weinberger for spotting this!!!
      - Handle URLs in plain WebUI that have slashes (and subpaths) in the
        backend name.
      - In WSGI mode: only populate os.environ with variables matching
        »X2GOBROKER_*«.
      - Make X2GOBROKER_SESSIONPROFILES configurable via a SetEnv WSGI
        parameter in the httpd configuration possible. (Fixes: #210).
    * Provide init scripts and *.default files outside of /debian folder (as
      they are also relevant for non-Debian packaging).
  .
    [ Jan Engelhardt ]
    * New upstream version (0.0.2.1):
      - Populate install target of Makefile. (Fixes: #201).
      - Install man pages and default files through Makefile, as well. (Fixes:
        #211).

Regards,
Mike Gabriel

--

-- 

DAS-NETZWERKTEAM
mike gabriel, herweg 7, 24357 fleckeby
fon: +49 (1520) 1976 148

GnuPG Key ID 0x25771B31
mail: mike.gabriel@..., http://das-netzwerkteam.de

freeBusy:
https://mail.das-netzwerkteam.de/freebusy/m.gabriel%40das-netzwerkteam.de.xfb

Gmane