From 292cb544ab6ce3ec3c80a760951c1b4d7137d02c9ccbbf95f0fa5eb1b5f0a340 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tom=C3=A1=C5=A1=20Chv=C3=A1tal?= Date: Sun, 7 Jan 2018 09:02:53 +0000 Subject: [PATCH] Accepting request 562234 from home:zhangxiaofei:branches:X11:RemoteDesktop - Update to version 0.9.5 + Security fixes - Fix local denial of service (CVE-2017-16927) #958 #979 + New features - Add a new log level TRACE more verbose than DEBUG #835 #944 - SSH agent forwarding via RDP #867 #868 FreeRDP/FreeRDP#4122 - Support horizontal wheel properly #928 + Bug fixes - Avoid use of hard-coded sesman port #895 - Workaround for corrupted display with Windows Server 2008 using NeutrinoRDP #869 - Fix glitch in audio redirection by AAC #910 #936 - Implement vsock support #930 #935 #948 - Avoid 100% CPU usage on SSL accept #956 + Other changes - Add US Dvorak keyboard #929 - Suppress some misleading logs #964 - Add Finnish keyboard #972 - Add more user-friendlier description about Xorg config #974 - Renew pulseaudio document #984 #985 - Lots of cleanups and refactoring + Known issues - Audio redirection by MP3 codec doesn't sound with some client, use AAC instead #965 - Update xrdp-default-config.patch - Update xrdp-fate318398-change-expired-password.patch - Replace references to /var/adm/fillup-templates with new OBS-URL: https://build.opensuse.org/request/show/562234 OBS-URL: https://build.opensuse.org/package/show/X11:RemoteDesktop/xrdp?expand=0&rev=31 --- xrdp-0.9.4.tar.gz | 3 - xrdp-0.9.4.tar.gz.asc | 16 -- xrdp-0.9.5.tar.gz | 3 + xrdp-0.9.5.tar.gz.asc | 16 ++ xrdp-default-config.patch | 38 ++-- xrdp-fate318398-change-expired-password.patch | 196 +++++++++--------- xrdp.changes | 32 ++- xrdp.spec | 4 +- 8 files changed, 171 insertions(+), 137 deletions(-) delete mode 100644 xrdp-0.9.4.tar.gz delete mode 100644 xrdp-0.9.4.tar.gz.asc create mode 100644 xrdp-0.9.5.tar.gz create mode 100644 xrdp-0.9.5.tar.gz.asc diff --git a/xrdp-0.9.4.tar.gz b/xrdp-0.9.4.tar.gz deleted file mode 100644 index 6b2ce5e..0000000 --- a/xrdp-0.9.4.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:059e362db550b58a108117e6538363d90f07edd0a54810affae977a6b0bb6ea7 -size 3069778 diff --git a/xrdp-0.9.4.tar.gz.asc b/xrdp-0.9.4.tar.gz.asc deleted file mode 100644 index bb49526..0000000 --- a/xrdp-0.9.4.tar.gz.asc +++ /dev/null @@ -1,16 +0,0 @@ ------BEGIN PGP SIGNATURE----- - -iQIzBAABCAAdFiEEYezqu/K7QOOjXfMKn3LNvAG/EOsFAlnMYCQACgkQn3LNvAG/ -EOt/uxAAizV1Qtbo8pRO1hpXSDi2xe2c/r5OHFUumWsBxyfVw8JlaNzt2FujtXFu -/WYb8juMbEAdnzzGypFEXpO52xoNBJdQJUhNEMPUS90ljgnyoS8zdmUkVOeYs1o2 -2RdDPV9e9Okc+9o9/Ej3amESVptrCW/hCP66pvVBbqQJmE+fG97jtXwPl1tmvCUQ -kjYlIidq/n1TYabp9vj4wLmUqG/huJmRZuo1JpkcodZhqcE1jMi68P311tQOrCvR -qFYsYTliD5bdjkAQYgD/tBJ+1XJKM+iNV5vjoIB2V9FGrr0+T2kXllJjRulInnlj -9g0NYqITbZGCmKpndBaloI5mAVVotz8Ksk0CkBp6kBuByhr/ZawzqZMJZGX2FUUP -hD64nmUooZ3g7fQOLXdS678IOFHUmTSlVvV0qXbo7wFm8JbyW57iyLQZ+g4Tr/sO -ntXpLdiUN+KVstTEtUCCdBt3XrHaIh0BnKzLj/tT5O3q2PAB2H9zIFJIsgSeW9UP -FurI1oqFzgiEEAFpx6macdyu+kxLtcyOQDia8PqQajXlAB4f+TOIpAO4PWpIOwYq -h54BVxAo0ro28g8SQREfwLWuAbesb62tSNLBwg9pecFIsui3cb7hRDvJvNTxj0vy -SMqXxNpWK7AT1WnPzOTRh/sqSasKpBuIGs0L7z2ZCuJc8Ec1IxQ= -=3aMB ------END PGP SIGNATURE----- diff --git a/xrdp-0.9.5.tar.gz b/xrdp-0.9.5.tar.gz new file mode 100644 index 0000000..d4bc4e8 --- /dev/null +++ b/xrdp-0.9.5.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:0c66b06204237745be3f0a75bfdd22a2b27de97740490256964bb5082efb0042 +size 3082700 diff --git a/xrdp-0.9.5.tar.gz.asc b/xrdp-0.9.5.tar.gz.asc new file mode 100644 index 0000000..1bbdd7a --- /dev/null +++ b/xrdp-0.9.5.tar.gz.asc @@ -0,0 +1,16 @@ +-----BEGIN PGP SIGNATURE----- + +iQIzBAABCAAdFiEEYezqu/K7QOOjXfMKn3LNvAG/EOsFAlpDsoAACgkQn3LNvAG/ +EOteVw/7B0IejeTHWlnk4XZ9bSSX6v6n3QPDbAAPa9tPW4gzS8pIbteOUXmPv4Dx +88LVgn80U3rjU+Dkm3F7unfqV7Ath8xQjzPSS98YkMwYKTKDqMtr0RNY6/+CMKBH +6GN1jSCcKNd+wqCLA4+ySdMO5/llL8r3qmNrOAllSd6THcxyTcVNLF9b73J5RObU +okbTK0lz6KUDHyiCiibHfKbgm0hpowIzsNiKiBzlmaaHdpkNKW1Z93DyT5DXJFse +wjiy3FCGSB/KLv07015ZH72jkNetttgZ/GKGozFWWbdPrl39NjJlJMyzv+LU152x +5tEAYdblyVdGQMDFwxwXMA685EIk1D7ee098d+JmsPhujMy89+GLf1hD/obr2yCk +DrvTgPyTJpK8YXHDomg0NKwGdiilh3oMcv4/IgVKdqqTUqQXOnkcLmm7PSBy6c8Q +tWRVz23xUhqoBbvLTL48REuCx3QyjS2zQnh1UQ/WBNkpwpSSV3ePlgLyqhT3lFNR +kWa0SD6lwODPih2U1VJs9q8J4l905ZjAr9jTNF4v3WFRrIyZANs1je9y+EkCCneS +/sBeo5RaBGEZtufA3XrUiWig8jvMPZssmFcvtqe83KB5sxaNrBmb/eCBHLwcjVdp +5SJjH672FmCGDw0EFwcu9+QGbhajckFjlBVvCS5m9Np8MGKn9xc= +=wQUi +-----END PGP SIGNATURE----- diff --git a/xrdp-default-config.patch b/xrdp-default-config.patch index d03e2cc..2d0633a 100644 --- a/xrdp-default-config.patch +++ b/xrdp-default-config.patch @@ -1,8 +1,8 @@ -diff --git a/sesman/sesman.ini b/sesman/sesman.ini -index 8225ee44..37c78169 100644 ---- a/sesman/sesman.ini -+++ b/sesman/sesman.ini -@@ -18,7 +18,7 @@ AlwaysGroupCheck=false +Index: b/sesman/sesman.ini +=================================================================== +--- a/sesman/sesman.ini 2018-01-04 15:37:57.612073999 +0800 ++++ b/sesman/sesman.ini 2018-01-04 15:38:02.957413999 +0800 +@@ -18,7 +18,7 @@ ;; X11DisplayOffset - x11 display number offset ; Type: integer ; Default: 10 @@ -11,7 +11,7 @@ index 8225ee44..37c78169 100644 ;; MaxSessions - maximum number of connections to an xrdp server ; Type: integer -@@ -50,9 +50,9 @@ Policy=Default +@@ -50,9 +50,9 @@ [Logging] LogFile=xrdp-sesman.log @@ -22,13 +22,13 @@ index 8225ee44..37c78169 100644 +EnableSyslog=0 +SyslogLevel=ERROR - [X11rdp] - param=X11rdp -diff --git a/xrdp/xrdp.ini b/xrdp/xrdp.ini -index cb6d7c36..f4c75c88 100644 ---- a/xrdp/xrdp.ini -+++ b/xrdp/xrdp.ini -@@ -74,7 +74,7 @@ grey=dedede + ; + ; Session definitions - startup command-line parameters for each session type +Index: b/xrdp/xrdp.ini +=================================================================== +--- a/xrdp/xrdp.ini 2018-01-04 15:37:57.612073999 +0800 ++++ b/xrdp/xrdp.ini 2018-01-04 15:59:09.282474000 +0800 +@@ -76,7 +76,7 @@ #ls_title=My Login Title ; top level window background color in RGB format @@ -37,7 +37,7 @@ index cb6d7c36..f4c75c88 100644 ; width and height of login screen ls_width=350 -@@ -117,9 +117,9 @@ ls_btn_cancel_height=30 +@@ -119,9 +119,9 @@ [Logging] LogFile=xrdp.log @@ -50,10 +50,10 @@ index cb6d7c36..f4c75c88 100644 ; LogLevel and SysLogLevel could by any of: core, error, warning, info or debug [Channels] -@@ -148,34 +148,24 @@ tcutils=true - ; Session types - ; - +@@ -153,34 +153,24 @@ + ; Some session types such as Xorg, X11rdp and Xvnc start a display server. + ; Startup command-line parameters for the display server are configured + ; in sesman.ini. See and configure also sesman.ini. -[Xorg] -name=Xorg -lib=libxup.so @@ -93,7 +93,7 @@ index cb6d7c36..f4c75c88 100644 [console] name=console -@@ -184,28 +174,7 @@ ip=127.0.0.1 +@@ -189,28 +179,7 @@ port=5900 username=na password=ask diff --git a/xrdp-fate318398-change-expired-password.patch b/xrdp-fate318398-change-expired-password.patch index 34b78d7..6b75742 100644 --- a/xrdp-fate318398-change-expired-password.patch +++ b/xrdp-fate318398-change-expired-password.patch @@ -1,19 +1,19 @@ -diff --git a/sesman/auth.h b/sesman/auth.h -index 56f7809..4dd3836 100644 ---- a/sesman/auth.h -+++ b/sesman/auth.h -@@ -106,4 +106,6 @@ auth_check_pwd_chg(const char *user); +Index: b/sesman/auth.h +=================================================================== +--- a/sesman/auth.h 2017-10-26 13:30:12.000000000 +0800 ++++ b/sesman/auth.h 2018-01-04 16:40:32.178890000 +0800 +@@ -106,4 +106,6 @@ int auth_change_pwd(const char *user, const char *newpwd); +int +auth_change_pwd_pam(char* user, char* pass, char* newpwd); #endif -diff --git a/sesman/libscp/libscp_session.c b/sesman/libscp/libscp_session.c -index 8df34b3..54d08ae 100644 ---- a/sesman/libscp/libscp_session.c -+++ b/sesman/libscp/libscp_session.c -@@ -75,6 +75,10 @@ scp_session_set_type(struct SCP_SESSION *s, tui8 type) +Index: b/sesman/libscp/libscp_session.c +=================================================================== +--- a/sesman/libscp/libscp_session.c 2017-10-26 13:30:12.000000000 +0800 ++++ b/sesman/libscp/libscp_session.c 2018-01-04 16:40:32.178890000 +0800 +@@ -75,6 +75,10 @@ s->type = SCP_GW_AUTHENTICATION; break; @@ -24,10 +24,15 @@ index 8df34b3..54d08ae 100644 case SCP_SESSION_TYPE_MANAGE: s->type = SCP_SESSION_TYPE_MANAGE; s->mng = (struct SCP_MNG_DATA *)g_malloc(sizeof(struct SCP_MNG_DATA), 1); -@@ -236,6 +240,32 @@ scp_session_set_password(struct SCP_SESSION *s, const char *str) +@@ -231,6 +235,32 @@ + return 1; + } - /*******************************************************************/ - int ++ return 0; ++} ++ ++/*******************************************************************/ ++int +scp_session_set_newpass(struct SCP_SESSION *s, char *str) +{ + if (0 == str) @@ -49,18 +54,13 @@ index 8df34b3..54d08ae 100644 + return 1; + } + -+ return 0; -+} -+ -+/*******************************************************************/ -+int - scp_session_set_domain(struct SCP_SESSION *s, const char *str) - { - if (0 == str) -diff --git a/sesman/libscp/libscp_types.h b/sesman/libscp/libscp_types.h -index 8cb9166..b4441da 100644 ---- a/sesman/libscp/libscp_types.h -+++ b/sesman/libscp/libscp_types.h + return 0; + } + +Index: b/sesman/libscp/libscp_types.h +=================================================================== +--- a/sesman/libscp/libscp_types.h 2017-10-04 12:44:21.000000000 +0800 ++++ b/sesman/libscp/libscp_types.h 2018-01-04 16:40:32.178890000 +0800 @@ -47,6 +47,7 @@ * XRDP sends this command to let sesman verify if the user is allowed * to use the gateway */ @@ -69,7 +69,7 @@ index 8cb9166..b4441da 100644 #define SCP_ADDRESS_TYPE_IPV4 0x00 #define SCP_ADDRESS_TYPE_IPV6 0x01 -@@ -77,6 +78,7 @@ struct SCP_SESSION +@@ -77,6 +78,7 @@ char locale[18]; char* username; char* password; @@ -77,11 +77,11 @@ index 8cb9166..b4441da 100644 char* hostname; tui8 addr_type; tui32 ipv4addr; -diff --git a/sesman/libscp/libscp_v0.c b/sesman/libscp/libscp_v0.c -index 5a0c8bf..4b3fc98 100644 ---- a/sesman/libscp/libscp_v0.c -+++ b/sesman/libscp/libscp_v0.c -@@ -317,9 +317,8 @@ scp_v0s_accept(struct SCP_CONNECTION *c, struct SCP_SESSION **s, int skipVchk) +Index: b/sesman/libscp/libscp_v0.c +=================================================================== +--- a/sesman/libscp/libscp_v0.c 2017-12-27 22:30:25.000000000 +0800 ++++ b/sesman/libscp/libscp_v0.c 2018-01-04 17:09:58.859805998 +0800 +@@ -329,9 +329,8 @@ } } } @@ -92,7 +92,7 @@ index 5a0c8bf..4b3fc98 100644 session = scp_session_create(); if (0 == session) -@@ -329,7 +328,7 @@ scp_v0s_accept(struct SCP_CONNECTION *c, struct SCP_SESSION **s, int skipVchk) +@@ -341,7 +340,7 @@ } scp_session_set_version(session, version); @@ -100,28 +100,32 @@ index 5a0c8bf..4b3fc98 100644 + scp_session_set_type(session, code); /* reading username */ in_uint16_be(c->in_s, sz); - buf[sz] = '\0'; -@@ -342,6 +341,19 @@ scp_v0s_accept(struct SCP_CONNECTION *c, struct SCP_SESSION **s, int skipVchk) - /* until syslog merge log_message(s_log, LOG_LEVEL_WARNING, "[v0:%d] connection aborted: error setting username", __LINE__);*/ - return SCP_SERVER_STATE_INTERNAL_ERR; + buf = g_new0(char, sz + 1); +@@ -358,6 +357,23 @@ } + g_free(buf); + + if (code == SCP_GW_CHAUTHTOK) + { + /* reading new password */ + in_uint16_be(c->in_s, sz); -+ buf[sz] = '\0'; ++ buf = g_new0(char, sz + 1); + in_uint8a(c->in_s, buf, sz); ++ buf[sz] = '\0'; + + if (0 != scp_session_set_newpass(session, buf)) + { + scp_session_destroy(session); ++ g_free(buf); + return SCP_SERVER_STATE_INTERNAL_ERR; + } ++ g_free(buf); + } - ++ /* reading password */ in_uint16_be(c->in_s, sz); -@@ -417,12 +429,13 @@ scp_v0s_deny_connection(struct SCP_CONNECTION *c) + buf = g_new0(char, sz + 1); +@@ -435,12 +451,13 @@ /******************************************************************************/ enum SCP_SERVER_STATES_E @@ -137,11 +141,11 @@ index 5a0c8bf..4b3fc98 100644 out_uint16_be(c->out_s, value); /* reply code */ out_uint16_be(c->out_s, 0); /* dummy data */ s_mark_end(c->out_s); -diff --git a/sesman/libscp/libscp_v0.h b/sesman/libscp/libscp_v0.h -index 21fc16c..ae54619 100644 ---- a/sesman/libscp/libscp_v0.h -+++ b/sesman/libscp/libscp_v0.h -@@ -79,6 +79,6 @@ scp_v0s_deny_connection(struct SCP_CONNECTION* c); +Index: b/sesman/libscp/libscp_v0.h +=================================================================== +--- a/sesman/libscp/libscp_v0.h 2017-07-19 12:23:49.000000000 +0800 ++++ b/sesman/libscp/libscp_v0.h 2018-01-04 16:40:32.182893999 +0800 +@@ -79,6 +79,6 @@ * @return */ enum SCP_SERVER_STATES_E @@ -149,11 +153,11 @@ index 21fc16c..ae54619 100644 +scp_v0s_replyauthentication(struct SCP_CONNECTION* c, unsigned short int value, tui8 type); #endif -diff --git a/sesman/scp_v0.c b/sesman/scp_v0.c -index de00068..51f1af7 100644 ---- a/sesman/scp_v0.c -+++ b/sesman/scp_v0.c -@@ -42,6 +42,13 @@ scp_v0_process(struct SCP_CONNECTION *c, struct SCP_SESSION *s) +Index: b/sesman/scp_v0.c +=================================================================== +--- a/sesman/scp_v0.c 2017-10-26 13:30:12.000000000 +0800 ++++ b/sesman/scp_v0.c 2018-01-04 16:40:32.182893999 +0800 +@@ -42,6 +42,13 @@ int errorcode = 0; bool_t do_auth_end = 1; @@ -167,7 +171,7 @@ index de00068..51f1af7 100644 data = auth_userpass(s->username, s->password, &errorcode); if (s->type == SCP_GW_AUTHENTICATION) -@@ -53,14 +60,14 @@ scp_v0_process(struct SCP_CONNECTION *c, struct SCP_SESSION *s) +@@ -53,14 +60,14 @@ if (1 == access_login_allowed(s->username)) { /* the user is member of the correct groups. */ @@ -184,7 +188,7 @@ index de00068..51f1af7 100644 log_message(LOG_LEVEL_INFO, "Username okey but group problem for " "user: %s", s->username); /* g_writeln("user password ok, but group problem"); */ -@@ -71,7 +78,7 @@ scp_v0_process(struct SCP_CONNECTION *c, struct SCP_SESSION *s) +@@ -71,7 +78,7 @@ /* g_writeln("username or password error"); */ log_message(LOG_LEVEL_INFO, "Username or password error for user: %s", s->username); @@ -193,11 +197,11 @@ index de00068..51f1af7 100644 } } else if (data) -diff --git a/sesman/verify_user_pam.c b/sesman/verify_user_pam.c -index 15174c2..d996470 100644 ---- a/sesman/verify_user_pam.c -+++ b/sesman/verify_user_pam.c -@@ -38,6 +38,7 @@ struct t_user_pass +Index: b/sesman/verify_user_pam.c +=================================================================== +--- a/sesman/verify_user_pam.c 2017-11-27 09:42:43.000000000 +0800 ++++ b/sesman/verify_user_pam.c 2018-01-04 16:40:32.182893999 +0800 +@@ -38,6 +38,7 @@ { char user[256]; char pass[256]; @@ -205,7 +209,7 @@ index 15174c2..d996470 100644 }; struct t_auth_info -@@ -86,6 +87,55 @@ verify_pam_conv(int num_msg, const struct pam_message **msg, +@@ -86,6 +87,55 @@ } /******************************************************************************/ @@ -261,7 +265,7 @@ index 15174c2..d996470 100644 static void get_service_name(char *service_name) { -@@ -102,6 +152,52 @@ get_service_name(char *service_name) +@@ -103,6 +153,52 @@ } /******************************************************************************/ @@ -314,11 +318,11 @@ index 15174c2..d996470 100644 /* returns long, zero is no go Stores the detailed error code in the errorcode variable*/ -diff --git a/xrdp/xrdp_login_wnd.c b/xrdp/xrdp_login_wnd.c -index 49477a1..160a1ef 100644 ---- a/xrdp/xrdp_login_wnd.c -+++ b/xrdp/xrdp_login_wnd.c -@@ -181,7 +181,14 @@ xrdp_wm_cancel_clicked(struct xrdp_bitmap *wnd) +Index: b/xrdp/xrdp_login_wnd.c +=================================================================== +--- a/xrdp/xrdp_login_wnd.c 2017-11-27 09:42:43.000000000 +0800 ++++ b/xrdp/xrdp_login_wnd.c 2018-01-04 16:40:32.182893999 +0800 +@@ -187,7 +187,14 @@ { if (wnd->wm != 0) { @@ -334,7 +338,7 @@ index 49477a1..160a1ef 100644 { g_set_wait_obj(wnd->wm->pro_layer->self_term_event); } -@@ -239,7 +246,29 @@ xrdp_wm_ok_clicked(struct xrdp_bitmap *wnd) +@@ -245,7 +252,29 @@ } else { @@ -365,7 +369,7 @@ index 49477a1..160a1ef 100644 } return 0; -@@ -516,6 +545,32 @@ xrdp_wm_login_notify(struct xrdp_bitmap *wnd, +@@ -545,6 +574,32 @@ return 0; } @@ -398,10 +402,11 @@ index 49477a1..160a1ef 100644 /******************************************************************************/ static int xrdp_wm_login_fill_in_combo(struct xrdp_wm *self, struct xrdp_bitmap *b) -@@ -789,6 +844,103 @@ xrdp_login_wnd_create(struct xrdp_wm *self) +@@ -825,6 +880,103 @@ + return 0; } - ++ +/******************************************************************************/ +int +xrdp_newpass_wnd_create(struct xrdp_wm *self) @@ -498,15 +503,14 @@ index 49477a1..160a1ef 100644 + + return 0; +} -+ + /** * Load configuration from xrdp.ini file - * -diff --git a/xrdp/xrdp_mm.c b/xrdp/xrdp_mm.c -index ba4227c..4e15f88 100644 ---- a/xrdp/xrdp_mm.c -+++ b/xrdp/xrdp_mm.c -@@ -1458,7 +1458,7 @@ xrdp_mm_sesman_data_in(struct trans *trans) +Index: b/xrdp/xrdp_mm.c +=================================================================== +--- a/xrdp/xrdp_mm.c 2017-12-27 22:30:26.000000000 +0800 ++++ b/xrdp/xrdp_mm.c 2018-01-04 16:40:32.182893999 +0800 +@@ -1458,7 +1458,7 @@ /*********************************************************************/ /* return 0 on success */ static int @@ -515,7 +519,7 @@ index ba4227c..4e15f88 100644 { int reply; int rec = 32+1; /* 32 is reserved for PAM failures this means connect failure */ -@@ -1484,7 +1484,8 @@ access_control(char *username, char *password, char *srv) +@@ -1486,7 +1486,8 @@ make_stream(out_s); init_stream(out_s, 500); s_push_layer(out_s, channel_hdr, 8); @@ -525,7 +529,7 @@ index ba4227c..4e15f88 100644 index = g_strlen(username); out_uint16_be(out_s, index); out_uint8a(out_s, username, index); -@@ -1492,6 +1493,14 @@ access_control(char *username, char *password, char *srv) +@@ -1494,6 +1495,14 @@ index = g_strlen(password); out_uint16_be(out_s, index); out_uint8a(out_s, password, index); @@ -540,7 +544,7 @@ index ba4227c..4e15f88 100644 s_mark_end(out_s); s_pop_layer(out_s, channel_hdr); out_uint32_be(out_s, 0); /* version */ -@@ -1521,15 +1530,19 @@ access_control(char *username, char *password, char *srv) +@@ -1523,15 +1532,19 @@ in_uint16_be(in_s, pAM_errorcode); /* this variable holds the PAM error code if the variable is >32 it is a "invented" code */ in_uint16_be(in_s, dummy); @@ -564,7 +568,7 @@ index ba4227c..4e15f88 100644 } else { -@@ -1847,7 +1860,7 @@ xrdp_mm_connect(struct xrdp_mm *self) +@@ -1849,7 +1862,7 @@ char port[8]; char chansrvport[256]; #ifndef USE_NOPAM @@ -573,7 +577,7 @@ index ba4227c..4e15f88 100644 char pam_auth_sessionIP[256]; char pam_auth_password[256]; char pam_auth_username[256]; -@@ -1887,7 +1900,7 @@ xrdp_mm_connect(struct xrdp_mm *self) +@@ -1889,7 +1902,7 @@ #ifndef USE_NOPAM else if (g_strcasecmp(name, "pamusername") == 0) { @@ -582,7 +586,7 @@ index ba4227c..4e15f88 100644 g_strncpy(pam_auth_username, value, 255); } else if (g_strcasecmp(name, "pamsessionmng") == 0) -@@ -1915,45 +1928,56 @@ xrdp_mm_connect(struct xrdp_mm *self) +@@ -1917,45 +1930,56 @@ } #ifndef USE_NOPAM @@ -670,10 +674,11 @@ index ba4227c..4e15f88 100644 } #endif -@@ -2047,6 +2071,59 @@ xrdp_mm_connect(struct xrdp_mm *self) +@@ -2048,6 +2072,59 @@ + return rv; } - /*****************************************************************************/ ++/*****************************************************************************/ +/* return 0 on success */ +int +xrdp_mm_change_expired_password(struct xrdp_mm *self) @@ -726,15 +731,14 @@ index ba4227c..4e15f88 100644 + return rv; +} + -+/*****************************************************************************/ + /*****************************************************************************/ int xrdp_mm_get_wait_objs(struct xrdp_mm *self, - tbus *read_objs, int *rcount, -diff --git a/xrdp/xrdp_types.h b/xrdp/xrdp_types.h -index 75c70ee..344e7fc 100644 ---- a/xrdp/xrdp_types.h -+++ b/xrdp/xrdp_types.h -@@ -325,6 +325,7 @@ struct xrdp_wm +Index: b/xrdp/xrdp_types.h +=================================================================== +--- a/xrdp/xrdp_types.h 2017-07-19 12:23:49.000000000 +0800 ++++ b/xrdp/xrdp_types.h 2018-01-04 16:40:32.182893999 +0800 +@@ -325,6 +325,7 @@ struct xrdp_cache* cache; int palette[256]; struct xrdp_bitmap* login_window; @@ -742,11 +746,11 @@ index 75c70ee..344e7fc 100644 /* generic colors */ int black; int grey; -diff --git a/xrdp/xrdp_wm.c b/xrdp/xrdp_wm.c -index 8a6695f..238c5cf 100644 ---- a/xrdp/xrdp_wm.c -+++ b/xrdp/xrdp_wm.c -@@ -1855,6 +1855,34 @@ xrdp_wm_login_mode_changed(struct xrdp_wm *self) +Index: b/xrdp/xrdp_wm.c +=================================================================== +--- a/xrdp/xrdp_wm.c 2018-01-04 16:40:31.998709999 +0800 ++++ b/xrdp/xrdp_wm.c 2018-01-04 16:40:32.182893999 +0800 +@@ -1896,6 +1896,34 @@ self->dragging = 0; xrdp_wm_set_login_mode(self, 11); } @@ -781,7 +785,7 @@ index 8a6695f..238c5cf 100644 return 0; } -@@ -1899,11 +1927,19 @@ xrdp_wm_log_wnd_notify(struct xrdp_bitmap *wnd, +@@ -1940,11 +1968,19 @@ xrdp_bitmap_invalidate(wm->screen, &rect); /* if module is gone, reset the session when ok is clicked */ @@ -802,7 +806,7 @@ index 8a6695f..238c5cf 100644 } } } -@@ -1965,6 +2001,9 @@ xrdp_wm_show_log(struct xrdp_wm *self) +@@ -2006,6 +2042,9 @@ return 0; } diff --git a/xrdp.changes b/xrdp.changes index 55b8ac1..d4ac4a5 100644 --- a/xrdp.changes +++ b/xrdp.changes @@ -1,7 +1,37 @@ +------------------------------------------------------------------- +Thu Jan 4 08:43:48 UTC 2018 - fezhang@suse.com + +- Update to version 0.9.5 + + Security fixes + - Fix local denial of service (CVE-2017-16927) #958 #979 + + New features + - Add a new log level TRACE more verbose than DEBUG #835 #944 + - SSH agent forwarding via RDP #867 #868 FreeRDP/FreeRDP#4122 + - Support horizontal wheel properly #928 + + Bug fixes + - Avoid use of hard-coded sesman port #895 + - Workaround for corrupted display with Windows Server 2008 + using NeutrinoRDP #869 + - Fix glitch in audio redirection by AAC #910 #936 + - Implement vsock support #930 #935 #948 + - Avoid 100% CPU usage on SSL accept #956 + + Other changes + - Add US Dvorak keyboard #929 + - Suppress some misleading logs #964 + - Add Finnish keyboard #972 + - Add more user-friendlier description about Xorg config #974 + - Renew pulseaudio document #984 #985 + - Lots of cleanups and refactoring + + Known issues + - Audio redirection by MP3 codec doesn't sound with some + client, use AAC instead #965 +- Update xrdp-default-config.patch +- Update xrdp-fate318398-change-expired-password.patch + ------------------------------------------------------------------- Thu Nov 23 13:36:58 UTC 2017 - rbrown@suse.com -- Replace references to /var/adm/fillup-templates with new +- Replace references to /var/adm/fillup-templates with new %_fillupdir macro (boo#1069468) ------------------------------------------------------------------- diff --git a/xrdp.spec b/xrdp.spec index 11c2e58..e74f078 100644 --- a/xrdp.spec +++ b/xrdp.spec @@ -1,7 +1,7 @@ # # spec file for package xrdp # -# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -23,7 +23,7 @@ %define _fwdefdir %{_sysconfdir}/sysconfig/SuSEfirewall2.d/services Name: xrdp -Version: 0.9.4 +Version: 0.9.5 Release: 0 Summary: Remote desktop protocol (RDP) server License: Apache-2.0 and GPL-2.0+