From 9c606546e950ca82d71fa90821fa2c9df3a25d20bd83235069135c219322d084 Mon Sep 17 00:00:00 2001
From: Yifan Jiang <yfjiang@suse.com>
Date: Thu, 2 Nov 2023 01:36:38 +0000
Subject: [PATCH] Accepting request 1118552 from home:dimstar:Factory

- Update to version 0.9.23.1:
  + Security fix: Unchecked access to font glyph info
    (CVE-2023-42822).
- Changes from version 0.9.23:
  + General announcement: Running xrdp and xrdp-sesman on separate
    hosts is still supported by this release, but is now
    deprecated. This is not secure. A future v1.0 release will
    replace the TCP socket used between these processes with a Unix
    Domain Socket, and then cross-host running will not be
    possible.
  + Security fix: Improper handling of session establishment errors
    allows bypassing OS-level session restrictions
    (CVE-2023-40184).
  + Bug fixes:
    - Environment variables set by PAM modules are no longer
      restricted to around 250 characters.
    - X11 clipboard clients now no longer hang when requesting a
      clipboard format which isn't available.

OBS-URL: https://build.opensuse.org/request/show/1118552
OBS-URL: https://build.opensuse.org/package/show/X11:RemoteDesktop/xrdp?expand=0&rev=121
---
 xrdp-0.9.22.1.tar.gz     |  3 ---
 xrdp-0.9.22.1.tar.gz.asc | 16 ----------------
 xrdp-0.9.23.1.tar.gz     |  3 +++
 xrdp-0.9.23.1.tar.gz.asc | 17 +++++++++++++++++
 xrdp.changes             | 22 ++++++++++++++++++++++
 xrdp.spec                |  2 +-
 6 files changed, 43 insertions(+), 20 deletions(-)
 delete mode 100644 xrdp-0.9.22.1.tar.gz
 delete mode 100644 xrdp-0.9.22.1.tar.gz.asc
 create mode 100644 xrdp-0.9.23.1.tar.gz
 create mode 100644 xrdp-0.9.23.1.tar.gz.asc

diff --git a/xrdp-0.9.22.1.tar.gz b/xrdp-0.9.22.1.tar.gz
deleted file mode 100644
index ccbd54a..0000000
--- a/xrdp-0.9.22.1.tar.gz
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:6dd320cfe9594a2aaa78f90adfe1bb550f9ce3f58bd9fc312dd30d003cb7f3cb
-size 2059401
diff --git a/xrdp-0.9.22.1.tar.gz.asc b/xrdp-0.9.22.1.tar.gz.asc
deleted file mode 100644
index 17b7fd3..0000000
--- a/xrdp-0.9.22.1.tar.gz.asc
+++ /dev/null
@@ -1,16 +0,0 @@
------BEGIN PGP SIGNATURE-----
-
-iQIzBAABCAAdFiEEGKuDipBxZ3RZFIcZA5k7QGXnGTsFAmRsEM0ACgkQA5k7QGXn
-GTvOXA//cvi3R0CMIOtTCb8LYXEeH6+S8c4Mr/FDvvWn/7+lKcDG2T/d5dLkLobn
-oQjmdnFT/aTlcQau5tlbpRms5zYjT9uAx4CCQ6pQENEbzlq4hB4yQ8ue8b9Up08v
-4W0JyMZYpq96Hd1VgNOf+MBkLsHbKsCPB8f6GqEWvdMIrRtBTvP4pb+BxLgKxcZ8
-afWRcjymgVUBRgwzAP2KAiOhFM6aVCUVf0JQ97YxhZWMt2+IWwl0MvJW4otztMC/
-FgOomfdXnkhUKjdN5GTbG4mwBF4NiLSQirQfdFp+mkpZMTQNoqkahymXbAv9O525
-mqpItW59MjkonlvpPwX3ZiRBjOezOFhq/tAyKUWJ2FxYG7YRuVM50rrI8bhIQ90N
-JO2KIwfLcki+wNDNlYYZvUFV6vdjwIOWy26gtsu0sTCSH7BIZ9kezxhfYiY9BBGN
-6XuCtz6/rbcF89a7pMJoME+obGDlemp7vmhAf5R3pjtXjfj62eIfxefvjt0w1rvU
-fujowcsgOUWAQ3evMSedrjThdD6fETbNc9nHCtum0SzMcupTZp4bBhDR2eaVv4QF
-kd+BwG0vE+tiWDs6xeKrxhNS/Ok80B7coFeynuzALQXxVQk69e7mTmZtotkRAwx2
-+hXaVl+EjuskKFPevrz6TlIzQYNj7qyjhgGbJ4HllUcsJdc7Wa4=
-=ePiK
------END PGP SIGNATURE-----
diff --git a/xrdp-0.9.23.1.tar.gz b/xrdp-0.9.23.1.tar.gz
new file mode 100644
index 0000000..9a5fff6
--- /dev/null
+++ b/xrdp-0.9.23.1.tar.gz
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:8fb71f6b90c2769fa0e02032c17e3c7ac70785c724d59fa1e08a9af5b9e7f5ca
+size 2063776
diff --git a/xrdp-0.9.23.1.tar.gz.asc b/xrdp-0.9.23.1.tar.gz.asc
new file mode 100644
index 0000000..714daf0
--- /dev/null
+++ b/xrdp-0.9.23.1.tar.gz.asc
@@ -0,0 +1,17 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQJCBAABCAAsFiEEGKuDipBxZ3RZFIcZA5k7QGXnGTsFAmUUbdQOHG1ldGFAdm1l
+dGEuanAACgkQA5k7QGXnGTuVPw/5AfWdTM/iEsLBe30FekSF/4FDT56kw+evMFaI
+WAf5Nxb08oPIMvpB8jRY7objvCbuKEsAnWqp+yvDuQKbEu1C31YY9afmo0OGABuU
+NxSgPGueCCWwQJrSHMGGucTwjeHBbeRY4MsCs0WcuLiODCG37bflnQiXwfJIya1Q
+8ywzJuOF995HoB2uSWaV7edZicIxlZVv/WoB4PJvXPUKmnXTceEgFjZE6XI+ht2S
+dkftgmu763fUVLL9tDTetHmLLXJYCS/Q+gnsJdT6RUDz7Bpfaj657M56GHXX3dOU
+uzNzip7xWAbfabwMgq/9dHGHeJPn9trg3IbGUd6+hX5aeUCfssqeP53jOJvmOs3k
+lvtXWImD7pbO4EQjQ+MP9TLTAMVPQa2vrpdcxw3X6pMRjZjWZLebPHyY0O0MPiPJ
+tZ0FCRe3VTmYXiFVFF690zoqHX8Ld+ri8kyxSJqE7WEfnJkhVxSZ0UDzXojuAnbY
+AFo+5kgJF6pFeaAAUgvRnTKIvoRT2H5+/xL2gaFqqKsBPBetP3qjjHUlsueGEA+2
+8gPGAF4/91EVrGeh95zLNagHqbudVa9RvZGVTdwU3DnRArKkHurFIGwBhi5MDJYJ
+URY61BFz7nm5yGL2MEn8l/9YsogT6KQxasivEy8vBL5xnLEeKV5rNUK+/Lq0sdU6
+CXX4CcM=
+=42Cl
+-----END PGP SIGNATURE-----
diff --git a/xrdp.changes b/xrdp.changes
index 83ff2bf..d2268a9 100644
--- a/xrdp.changes
+++ b/xrdp.changes
@@ -1,3 +1,25 @@
+-------------------------------------------------------------------
+Wed Oct 18 09:23:35 UTC 2023 - Dominique Leuenberger <dimstar@opensuse.org>
+
+- Update to version 0.9.23.1:
+  + Security fix: Unchecked access to font glyph info
+    (CVE-2023-42822).
+- Changes from version 0.9.23:
+  + General announcement: Running xrdp and xrdp-sesman on separate
+    hosts is still supported by this release, but is now
+    deprecated. This is not secure. A future v1.0 release will
+    replace the TCP socket used between these processes with a Unix
+    Domain Socket, and then cross-host running will not be
+    possible.
+  + Security fix: Improper handling of session establishment errors
+    allows bypassing OS-level session restrictions
+    (CVE-2023-40184).
+  + Bug fixes:
+    - Environment variables set by PAM modules are no longer
+      restricted to around 250 characters.
+    - X11 clipboard clients now no longer hang when requesting a
+      clipboard format which isn't available.
+
 -------------------------------------------------------------------
 Thu Aug  3 04:01:39 UTC 2023 - Linnaea Lavia <linnaea@lavia.moe>
 
diff --git a/xrdp.spec b/xrdp.spec
index 26e8160..c2073ff 100644
--- a/xrdp.spec
+++ b/xrdp.spec
@@ -22,7 +22,7 @@
 %endif
 
 Name:           xrdp
-Version:        0.9.22.1
+Version:        0.9.23.1
 Release:        0
 Summary:        Remote desktop protocol (RDP) server
 License:        Apache-2.0 AND GPL-2.0-or-later