User Tools

Site Tools


doc:release-notes-mswin:x2goclient-4.0.2.1

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
doc:release-notes-mswin:x2goclient-4.0.2.1 [2014/07/13 12:31]
mikedep333 [Major Windows-specific changes since 4.0.2.0+build4] clarify version numbering
doc:release-notes-mswin:x2goclient-4.0.2.1 [2014/10/10 11:59]
mikedep333 4.0.2.1+hotfix1+build6: Update wording
Line 1: Line 1:
 ====== Windows-Specific Release notes for X2Go Client 4.0.2.1 ====== ====== Windows-Specific Release notes for X2Go Client 4.0.2.1 ======
 +
 +===== Security Update: 4.0.2.1+hotfix1+build6 =====
 +
 +On 2014-10-10, 4.0.2.1+hotfix1+build6 was released with the following changes:
 +CVE-2014-6278
 +    - Windows: Cygwin Bash (sh.exe) updated from 4.1.14-7 to 4.1.17-9. 4.1.17-9 fixes CVE-2014-6278.
 +    - Windows: The aforementioned Cygwin Bash update also fixes the vulnerabilities fixed in 4.1.16-8, CVE-2014-7186, CVE-2014-7187, CVE-2014-6277.
 +    - Windows: Cygwin krb5 (Kerberos) updated from 1.12.1-2 to 1.12.2-1, which fixes CVE-2014-4341 through -4345.
 +
 +For the exact details of the bash and krb5 updates, see the respective release announcements:
 +https://cygwin.com/ml/cygwin-announce/2014-10/msg00015.html
 +
 +https://cygwin.com/ml/cygwin-announce/2014-10/msg00004.html
 +
 +https://cygwin.com/ml/cygwin-announce/2014-10/msg00008.html
 +
 +As with most vulnerabilities in 3rd party software, the X2Go project has not done an analysis of whether X2Go Client was actually affected by these vulnerabilities. In fact, it seems unlikely that X2Go Client for Windows is affected by the krb5 vulnerabilities because X2Go Client for Windows uses PuTTY for Kerberos authentication instead. (Cygwin krb5 is merely installed because it is a dependency of Cygwin SSH.) However, as a precaution, we are releasing this updated build of X2Go Client for Windows. Unless an analysis is performed, we strongly encourage all users to update. This includes users of the "misc" fonts and "full" fonts builds.
 +
 +===== Security Update: 4.0.2.1+hotfix1+build5 =====
 +
 +On 2014-09-30, 4.0.2.1+hotfix1+build5 was released with the following changes:
 +
 +    - Windows: Cygwin Bash (sh.exe) updated from 4.1.10-4 to 4.1.14-7. This fixes the "Shellshock" vulnerability.
 +
 +For the exact details of the bash update, see the Cygwin Bash release announcement for 4.1.14-7
 +
 +https://cygwin.com/ml/cygwin-announce/2014-09/msg00040.html
 +
 +The X2Go project has not done an analysis of whether X2Go Client was actually affected by the "Shellshock" vulnerability. However, as a precaution, we are releasing this updated build of X2Go Client for Windows with the fixed cygwin bash. Unless an analysis is performed, we strongly encourage all users to update. This includes users of the "misc" fonts and "full" fonts builds.
 +
 +===== Bugfix Update: 4.0.2.1+hotfix1+build4 =====
 +
 +On 2014-09-02, 4.0.2.1+hotfix1+build4 was released with the following changes:
 +
 +    - Windows: Fix missing VcXsrv/zlib1.dll . The impact of this bug was that VcXsrv would not start if the cwd was changed from the x2goclient directory. (The start menu and desktop shortcuts do have the x2goclient directory as the cwd. So they were not affected.) (Fixes: #587)
 +
 +Users are advised to update from 4.0.2.1+hotfix1+build3 to 4.0.2.1+hotfix1+build4 if they are affected by this bug.
 +
 +===== Security Update: 4.0.2.1+hotfix1+build3 =====
 +
 +On 2014-08-09, 4.0.2.1+hotfix1+build3 was released with the following changes:
 +
 +    - Windows: Win32 OpenSSL updated from 1.0.1h to 1.0.1i, which fixes the 9 CVEs announced on 2014-08-06.
 +    - Windows: Cygwin OpenSSL updated from 1.0.1h-1 to 1.0.1i-1, which fixes the 9 CVEs announced on 2014-08-06.
 +
 +All users of 4.0.2.1+hotfix1 and earlier are strongly encouraged to update to 4.0.2.1+hotfix1+build3. This includes users of the “misc” fonts and “full” fonts builds.
 +
 +Also, please note:
 +
 +    - x2goclient "4.0.2.1+hotfix1+build2" was posted to http://code.x2go.org/releases/ , but users should ignore it because bug #564 was discovered in it. This bug was part of the manually performed build process. "4.0.2.1+hotfix1+build3" should be used instead, it contains the fix for bug #564.
  
 ===== Major Windows-specific changes since 4.0.2.0+build4 ===== ===== Major Windows-specific changes since 4.0.2.0+build4 =====
Line 15: Line 65:
 ===== Available Builds ===== ===== Available Builds =====
  
-All builds with version "4.0.2.1+hotfix1" in their filename are current.+All builds with version "4.0.2.1+hotfix1+build6" in their filename are current.
  
 <note>There will be no regular release of "4.0.2.1" because bug [[http://bugs.x2go.org/cgi-bin/bugreport.cgi?bug=546|546]] was discovered at the last minute. Instead, "4.0.2.1+hotfix1" will be the 1st released version of 4.0.2.1. It contains a fix for said bug.</note> <note>There will be no regular release of "4.0.2.1" because bug [[http://bugs.x2go.org/cgi-bin/bugreport.cgi?bug=546|546]] was discovered at the last minute. Instead, "4.0.2.1+hotfix1" will be the 1st released version of 4.0.2.1. It contains a fix for said bug.</note>
Line 21: Line 71:
 ==== Current Builds ==== ==== Current Builds ====
  
-The regular build, x2goclient-4.0.2.1+hotfix1-setup.exe, is available under this folder here:+The regular build, x2goclient-4.0.2.1+hotfix1+build6-setup.exe, is available under this folder: 
 +  * http://code.x2go.org/releases/binary-win32/x2goclient/releases/4.0.2.1+hotfix1+build6/ 
 + 
 +The "misc" fonts build, x2goclient-4.0.2.1+hotfix1+build6-miscfonts-setup.exe, is available under the folder listed below. See the "Noteworthy Windows-Specific Bugs" below for more info. 
 +   
 +The "full" fonts build, x2goclient-4.0.2.1+hotfix1+build6-fullfonts-setup.exe, is available under the folder listed below. See the "Noteworthy Windows-Specific Bugs" below for more info. 
 + 
 +A debug build, x2goclient-4.0.2.1+hotfix1+build6-debug-setup.exe, is also available under the folder listed below. If you experience a bug and would like to assist with debugging it, this build is for you. It does not include any of the fonts. 
 + 
 +  * http://code.x2go.org/releases/binary-win32/x2goclient/releases/4.0.2.1+hotfix1+build6/non-default-builds/ 
 + 
 + 
 +==== Previous Builds ==== 
 + 
 +The regular builds, x2goclient-4.0.2.1+hotfix1 through x2goclient-4.0.2.1+hotfix1+build5-setup.exe, are available under these folders: 
 +  * http://code.x2go.org/releases/binary-win32/x2goclient/releases/4.0.2.1+hotfix1+build5/ 
 +  * http://code.x2go.org/releases/binary-win32/x2goclient/releases/4.0.2.1+hotfix1+build4/ 
 +  * http://code.x2go.org/releases/binary-win32/x2goclient/releases/4.0.2.1+hotfix1+build3/
   * http://code.x2go.org/releases/binary-win32/x2goclient/releases/4.0.2.1+hotfix1/   * http://code.x2go.org/releases/binary-win32/x2goclient/releases/4.0.2.1+hotfix1/
  
-The "misc" fonts build, x2goclient-4.0.2.1+hotfix1-miscfonts-setup.exe, is available under the folder listed below. See the "Noteworthy Windows-Specific Bugs" below for more info.+ 
 +The "misc" fonts builds, x2goclient-4.0.2.1+hotfix1-miscfonts-setup.exe through x2goclient-4.0.2.1+hotfix1+build5-miscfonts-setup.exe, are available under the folders listed below. See the "Noteworthy Windows-Specific Bugs" below for more info.
      
-The "full" fonts build, x2goclient-4.0.2.1+hotfix1-fullfonts-setup.exe, is available under the folder listed below. See the "Noteworthy Windows-Specific Bugs" below for more info.+The "full" fonts builds, x2goclient-4.0.2.1+hotfix1-fullfonts-setup.exe through x2goclient-4.0.2.1+hotfix1+build5-fullfonts-setup.exe, are available under the folder listed below. See the "Noteworthy Windows-Specific Bugs" below for more info.
  
-A debug build, x2goclient-4.0.2.1+hotfix1-debug-setup.exe, is also available under the folder listed below. If you experience a bug and would like to assist with debugging it, this build is for you. It does not include any of the fonts.+Debug builds x2goclient-4.0.2.1+hotfix1-debug-setup.exe through x2goclient-4.0.2.1+hotfix1+build5-debug-setup.exe, are also available under the folder listed below. If you experience a bug and would like to assist with debugging it, these builds are for you. They do not include any of the fonts.
  
-* http://code.x2go.org/releases/binary-win32/x2goclient/releases/4.0.2.1+hotfix1/non-default-builds/+  * http://code.x2go.org/releases/binary-win32/x2goclient/releases/4.0.2.1+hotfix1+build5/non-default-builds/ 
 +  * http://code.x2go.org/releases/binary-win32/x2goclient/releases/4.0.2.1+hotfix1+build4/non-default-builds/ 
 +  * http://code.x2go.org/releases/binary-win32/x2goclient/releases/4.0.2.1+hotfix1+build3/non-default-builds/ 
 +  * http://code.x2go.org/releases/binary-win32/x2goclient/releases/4.0.2.1+hotfix1/non-default-builds/
  
 ===== Supported Windows Versions ===== ===== Supported Windows Versions =====
doc/release-notes-mswin/x2goclient-4.0.2.1.txt · Last modified: 2014/10/10 11:59 by mikedep333