User Tools

Site Tools


doc:release-notes-mswin:x2goclient-4.0.2.0

Windows-Specific Release notes for X2Go Client 4.0.2.0

Security Update: 4.0.2.0+build4

On 2014-06-08, 4.0.2.0+build4 was released with the following changes:

  • Cygwin OpenSSL was updated from 1.0.1g-1 to 1.0.1h-1. This fixes the 6 security vulnerabilities in the OpenSSL Security Advisory [05 Jun 2014]: CVE-2014-0224, CVE-2014-0221, CVE-2014-0195, CVE-2014-0198, CVE-2010-5298 & CVE-2014-3470

All users of 4.0.2.0+build3 and earlier are strongly encouraged to update to 4.0.2.0+build4. This includes users of the “misc” fonts and “full” fonts builds.

Security Update: 4.0.2.0+build3

On 2014-06-08, 4.0.2.0+build3 was released with the following changes:

  • Win32 OpenSSL was updated from 1.0.1g to 1.0.1h. This fixes the 6 security vulnerabilities in the OpenSSL Security Advisory [05 Jun 2014]: CVE-2014-0224, CVE-2014-0221, CVE-2014-0195, CVE-2014-0198, CVE-2010-5298 & CVE-2014-3470

All users of 4.0.2.0+build2 and earlier are strongly encouraged to update to 4.0.2.0+build3. This includes users of the “misc” fonts and “full” fonts builds.

Security Update: 4.0.2.0+build2

On 2014-05-27, 4.0.2.0+build2 was released with the following changes:

  • VcXsrv was updated from 1.4.3.1 to 1.4.3.2. The difference is that VcXsrv 1.14.3.2 has backported fixes for X.Org vulnerabilities CVE-2014-0209, CVE-2014-0210, and CVE-2014-0211. (All are from May 13, 2014) (Note that we have not determined whether or not X2Go could actually trigger them. They are however now fixed in the VcXsrv code.)

All users of 4.0.2.0 and earlier are strongly encouraged to update to 4.0.2.0+build2. This includes users of the “misc” fonts and “full” fonts builds.

Major Windows-specific changes since 4.0.1.3+build2

Continued compatibility with Windows XP

Since version 3.99.0.0, X2Go Client for Windows has bundled VcXsrv. VcXsrv is the only port of the X.org X Server to Windows that is both actively maintained and open source.

However, recent versions of VcXsrv have dropped compatibility with Windows XP.

In order to maintain XP compatibility, the X2Go project has rebuilt VcXsrv 1.14.3 with MSVC 2012's v110_xp toolset instead of the v110 toolset. Fixes for the VcXsrv vulnerabilities since 1.14.3 (CVE-2013-4396 & CVE-2013-6462) were backported. We have numbered this version of VcXsrv as “1.14.3.1”. (Now updated to “1.14.3.2”.)

For the time being, the source code to this version of VcXsrv is available here:

And binary installer builds are available here:

We are currently attempting to upstream these changes on a separate branch of VcXsrv.

Also, note that the X2Go Project strongly urges all its users to migrate away from Windows XP now that Microsoft will no longer provide any more security patches for it. We are providing continued compatibility with Windows XP because X2Go Client can be part of an organization's solution to migrate away from Windows XP to Linux. (Because with X2Go, the user's applications run on Linux, not on Windows.) We intend to maintain XP compatibility until at least April 30th 2015, unless major technical obstacles arise.

PulseAudio 5.0

PulseAudio 5.0 is now bundled instead of PulseAudio 1.1. Furthermore, 5.0 has been patched to include the fix for bug #363 (choppy audio in Flash Player). This eliminates the need for a separate “interims” builds with PulseAudio 0.9.6

Special thanks to Tanu Kaskinen and other members of the upstream PulseAudio project for making this possible.

PulseAudio 5.0 win32 is built via the OBS here:

And a .zip file with the binaries is available here:

Available Builds

All builds with version “4.0.2.0+build4” in their filename are current.

Current Builds

The regular build is available here:

Until a new version of X2Go Client is released, this link on the home page is the aforementioned version & build: http://code.x2go.org/releases/X2GoClient_latest_mswin32-setup.exe

There is no longer an “interims” build with PulseAudio 0.9.6 because PulseAudio 1.1 has been upgraded to PulseAudio 5.0, and it includes a fix for X2Go Bug 363. If a regression is discovered in PulseAudio 5.0, an “interims” build with PulseAudio 0.9.6 will be released.

The “misc” fonts build is available here. See the “Noteworthy Windows-Specific Bugs” below for more info.

The “full” fonts build is available here. See the “Noteworthy Windows-Specific Bugs” below for more info.

A debug build is available here. If you experience a bug and would like to assist with debugging it, this build is for you. It does not include any of the fonts.

Previous Builds

The regular build is available here:

There is no longer an “interims” build with PulseAudio 0.9.6 because PulseAudio 1.1 has been upgraded to PulseAudio 5.0, and it includes a fix for X2Go Bug 363. If a regression is discovered in PulseAudio 5.0, an “interims” build with PulseAudio 0.9.6 will be released.

The “misc” fonts build is available here. See the “Noteworthy Windows-Specific Bugs” below for more info.

The “full” fonts build is available here. See the “Noteworthy Windows-Specific Bugs” below for more info.

A debug build is available here. If you experience a bug and would like to assist with debugging it, this build is for you. It does not include any of the fonts.

Compatible Windows Versions

X2Go Client is currently only released as a 32-bit x86 build. Both 32-bit x86 and 64-bit x86 versions of Windows are supported via this build.

  • Windows XP 32-bit SP3
  • Windows XP 64-bit SP2
  • Windows Vista SP2
  • Windows 7 SP1
  • Windows 8
  • Windows 8.1 (with or without “Update 1”)

These versions of Windows without the latest (specified) service pack may be compatible, but are rarely (if ever) tested.

Corresponding server versions of Windows are also compatible, but receive minimal testing:

  • Windows Server 2003 SP2
  • Windows Server 2003 R2 SP2
  • Windows Server 2008 SP2
  • Windows Server 2008 R2 SP1
  • Windows Server 2012
  • Windows Server 2012 R2 (with or without “Update 1”)

Any incompatibility or bug with a specific version of Windows should be reported via our bug-tracker.

Installation Instructions

Windows-Specific Bug Fixes

As mentioned in the regular release notes:

  • Reapply KDE on Windows's patch for Pageant support to libssh 0.5.5. (Fixes: #448)
  • Fix compatibility with PulseAudio 3.0 & later through new cookie handling. (Fixes: #422)
  • The regular build X2Go Client now includes a fix for bug #363 (choppy audio in Flash Player). Users no longer need to install an “interims” build for that a fix.

The following bugfixes are not mentioned in the regular release notes. (They are not mentioned in the regular release notes because they do not consist of fixes to X2GoClient's source code, only to the dependencies bundled.):

  • CVE-2014-0160 “Heartbleed” vulnerability (Note: X2Go Client was only affected by the heartbleed vulnerability when connecting to a an X2Go session broker over HTTPS. Even though X2Go Client uses libssh and cygwin's openssh, which both in turn use openssl, they were never affected because the SSH protocol does not contain the SSL heartbeat. For more info on why SSH implementations are not affected, read Red hat's solution article. The only difference between that solution article and X2Go Client is that the vulnerable library file is ssleay32.dll and the non-affected library files are both libeay32.dll and cygcrypto-1.0.0.dll .)
  • Compared to 4.0.1.3, bug #229 (support for https broker connections) was fixed. However, it was also fixed in 4.0.1.3+build2. This bugfix is being mentioned here because some users may not be aware of 4.0.1.3+build2. (Ironically, the fix was to add ssleay32.dll, which means that the heartbleed vulnerability was only ever present in 4.0.1.3+build2.)
  • The following security vulnerabilities in VcXsrv: CVE-2013-4396 (Oct. 8, 2013), CVE-2013-6462 (Jan. 7, 2014) (Note that we have not determined whether or not X2Go could actually trigger them. They are however now fixed in the VcXsrv code.)

Noteworthy Windows-Specific Bugs

  • bug 108 - Certain specialized applications fail to start (or exhibit font-related bugs) due to the fonts not being installed on the X2Go Client. This can be worked around by using the x2goclient-4.0.2.0-miscfonts-setup.exe installer located here: http://code.x2go.org/releases/binary-win32/x2goclient/tmp/ . If the problem still persists, try using x2goclient-4.0.2.0-fullfonts-setup.exe instead. Note that these installers are a temporary measure until a permanent solution is implemented.
  • bug 109 - x2goclient refuses to start after selecting a nonexistent external X server. To prevent this bug, do not select to use an external X server without specifying the path to an external X server that is actually installed. (The default path usually does not exist.) If you are experiencing this bug, work around it by setting this registry value: HKEY_CURRENT_USER\Software\Obviously Nice\x2goclient\settings\useintx = true
doc/release-notes-mswin/x2goclient-4.0.2.0.txt · Last modified: 2014/06/08 01:49 by mikedep333