Xpra

Latest version: v6.0.1

Safety actively analyzes 640563 Python packages for vulnerabilities to keep your Python projects secure.

Scan your dependencies

Page 8 of 10

4.2.3

* network layer:
- ensure the http headers cache is never modified unintentionally
- invalid packet encoder names should not cause fatal errors
- preserve audio packets chunking (avoids an HTML5 client bug)
- prefer https links
- prefer sha256 to sha1 for file transfer checksums
- mmap setup error handling
- `sndbuf_bytes` value was incorrect (currently unused)
- socket timeout too long - broke VNC connections
- AES DoS with unreasonably large number of password stretching iterations
- tone down http content security policy for the HTML5 client
- parsing of remote ssh command output
- reply with a 404 if we have no http data to send
- stricter validation of challenge digest attribute
- stricter validation of packet indexes
- specifying invalid compressors should not be fatal
- handle more VNC clients correctly
- server errors when VNC clients are connected
- proxy sessions not found due to socket-dirs
- mmap group lookup
* encodings:
- don't enable video encoders not present in 'encodings' option
- ffmpeg H264 errors with unreleased version
- ffmpeg codecs silencing too many warnings
- vpx encoder lossless mode detection
- potential race conditions in the proxy server's encoder loop
- visual corruption with scaled jpeg updates
- incorrect error messages with the jpeg YUV decoder
- error in 'void' paint events (currently unused)
- CUDA 11.4 and Ampere cards
- RPM build errors when CUDA is disabled
- restrict the number of NVENC errors tagged as transient
- more robust OpenGL picture decoding sanity checks
* packaging and platforms:
- find the fakeXinerama library more reliably on all platforms
- platform detection for CentOS / RedHat
- missing default configuration files on MS Windows
- missing webp with latest Pillow builds on MacOS
- build fix for non-amd64 Debian (missing nvfbc)
* clipboard selections getting stuck with MS Windows and MacOS clients
* clipboard errors with some packet encoders sending strings
* authentication modules not honouring `socket-dirs` option
* make it easier to dismiss the splash screen
* ssh password and key dialogs timing out without being shown
* menu loading race condition causing empty start menu
* window size hints may not have been honoured (rare case)
* honour the force-replace-wm flag when upgrading
* correctly handle command timeouts when probing servers
* test scripts and command line tools fixups: unit tests, U2F tool, audio test, etc
* system tray save-to-file debugging failures
* minor cosmetic fixes to logging messages, unreachable code, icon loading errors
* make it easier to run in a prefixed installation

4.2.2

Not secure
* don't build ffmpeg codecs on i386 (crashy)
* prevent crashes caused by svg conversion done in a thread
* always stop the 'new-stream' notification process
* prevent subprocesses from becoming zombies
* clean server on 'stop' or 'exit'
* fix application geometry issues
* show correct default values with "xpra --help"
* source and source-start errors on CentOS 8
* stop responding to 'info' requests when shutting down
* network layer:
* honour the packet-encoding and compressors options
* rencode packet encoder is not thread safe!
* packet errors with bencoder and None values
* don't assume the packet encoders handle bytes and / or strings
* client issues:
* backwards compatibility with v3 servers for ssh start
* incorrect client exit code
* icon theme errors should not be fatal (triggered on MacOS)
* subcommands:
* 'start-gui' invalid options shown
* 'sessions' and 'displays' subcommands do not need a display
* fix hidden 'wmname' utility subcommand
* many subcommands should send debug logging to stderr
* platform issues:
* MacOS dock flickering with 'start-gui'
* MacOS splash screen hiding password prompts
* menu loading:
* try harder to find valid menu entries to use
* skip entries that cannot be executed
* don't block the main thread when loading menus
* xpra top:
* handle unicode window titles correctly
* fix screen corruption due to threading
* fix latency always showing as zero
* packaging fixes:
* Debian packages now correctly use /etc/default for systemd service configuration
* MacOS updates for latest GTK3 builds
* add missing C++ files for MS Windows builds
* DEB missing dependency on gst-launch needed for silence detection
* audio:
* pipeline errors with aac encoder
* X11 warning when starting microphone forwarding from the command line
* minor / cosmetic fixes:
* cropped icons shown in html5 client connect page
* logging, error handling
* remove unused pulseaudio directories
* '1080p' resize-display string matching

4.2.1

Not secure
* build and packaging fixes:
* missing dependencies
* nvjpeg DEB packaging
* OpenBSD build fix
* compilation errors on Ubuntu Bionic
* DEB packages were missing some files (fixes audio silence detection)
* correct DEB dependency on 'dns' module for SSHFP support
* remove unused outdated code
* remove runtime dependency on distutils for 'which'
* cryptic error when a pkg_config file is missing
* proxy server:
* deadlocks when queues fill up too quickly
* honour mode and display
* disconnections under heavy load
* MS Windows:
* spurious OpenGL warnings during sanity checks
* printer enumeration crash and stalls
* small cursors showing random pixel values
* updated MS Windows GStreamer module list
* MacOS:
* MacOS GStreamer packaging of dylib modules, man page
* MacOS update to GTK 3.24.30
* MacOS Big Sur error with 'Xpra_Browser' subcommand
* Network:
* fix RFB server protocol, sockets not timing out with VNC clients
* invalid error when bind option points to a directory
* detect wifi network connections more reliably
* fix 'xpra' packet type auto detection
* default to ssl-mode if the 'wss' socket option is not specified
* 'keydata' connection attribute should override other options
* correct exit code for encryption errors
* Encodings:
* disable vaapi in ffmpeg codec by default (crashy / buggy)
* NVENC errors when retrying after a transient failure
* scroll detection bugs
* webp encoder invalid memory access (corruption)
* notification forwarding errors with SVG icons
* disable SVG icon resizing (potential crashes on some platforms)
* missing log prefix for 'xpra recover' subcommand
* faster server startup failures: don't wait for things that were not started (ie: audio)
* fix commands started twice when upgrading (ie: ibus-daemon)
* local start with explicit attach was broken on Posix
* 'attach' option should not be forwarded to the server (which then fails)
* invalid window resize counter (used for resize loop prevention)
* missing icon errors when html5 client disconnects from system-wide proxy server
* file transfer errors when a 'top' client is connected
* don't claim that non-interactive clients use the screen
* retry once after X11 query tree errors during startup
* provide XDG_RUNTIME_DIR if it is not defined
* add new 3x4K Xdummy modeline
* minor cosmetic and debug logging fixes

4.2

Not secure
* select session attributes from list of options exposed by the server
* detect vertical refresh rate
* hide on-screen keyboard by default on non-mobile devices
* tell server to prefer encodings with native decoders
* updated documentation
* build and packaging fixes, add easy 'deb' and 'rpm' build targets
* support older versions of brotli
* fix missing clipboard events
* fix window focus tracking issues
* fix AES encryption (broken by rencoder)

4.1.3

Not secure
* fix window geometry constraints being applied wrong b5bfa92c32e6fc6c185eeb26e85b41cf726db606
* fix xpra start failures when the display is already running (with use-display=auto) 3077
* fix vp9 libvpx encoder failures with older library versions b24f91a7dae9abde0f709375ae6f34fddfaf32e1
* fix 'xpra top' errors when the version string is missing 035c7c91ddd316850151d2656681c05dbf80cdb5
* fix server errors when non interactive clients are connected (ie: 'xpra top') 3089, 3084
* fix http server error on incomplete installations 9f2a80ecde043c7548fe3bb6f693448c18ab4c8e
* fix http server builtin script handler ebab0e7b30b33f89b01eba88895a93d06633601d
* fix icon loading errors causing empty start menus 4d9c8bc51683c9dcdcc06a2652a38b836ea625c1
* fix compilation against ffmpeg 4.4 and later on some distributions (ie: CentOS 8) 8d583c27bac240759606610dfcc9ba61658ca12b
* exit more quickly with a failure if the VFB failed to start c91509ec0b0dfe939bc240b86137692bfa13b7ce
* correctly replace existing notifications with the gtk notifier backend 95c6116fc5062bc7da4598f83959f23a702e402d
* silence some rare errors and stacktraces bff6fceddfa5d55e15c2c5debe1e0c1d19f81f81, b594b363e773fa7aa43eb028521f7d83e7d75797, ebb4aa44870eda7abb990bbc5d712f34ddc72022
* support CUDA 11.3 7f3f6e8d3e7686c4e66b8b5687de34dc71c30ab0

4.1.2

Not secure
build and packaging fixes

Page 8 of 10

© 2024 Safety CLI Cybersecurity Inc. All Rights Reserved.