- Trivial rebase of xrdp-disable-8-bpp-vnc-support.patch.
- Trivial rebase of xrdp-support-KillDisconnected-for-Xvnc.patch.
- Rebase xrdp-avahi.diff.
- Rebase xrdp-bsc965647-allow-admin-choose-desktop.patch. Add MATE Desktop
support. Launch all desktop session in a dbus-run-session context to
avoid violent interference with simultaneously running local sessions.
- Trivial rebase of xrdp-filter-tab-from-mstsc-on-focus-change.patch.
- Disable xrdp-fate318398-change-expired-password.patch. It does not apply
cleanly since xrdp 0.9.18. Reconsider its usage.
OBS-URL: https://build.opensuse.org/request/show/1130161
OBS-URL: https://build.opensuse.org/package/show/X11:RemoteDesktop/xrdp?expand=0&rev=123
- Update to version 0.9.23.1:
+ Security fix: Unchecked access to font glyph info
(CVE-2023-42822).
- Changes from version 0.9.23:
+ General announcement: Running xrdp and xrdp-sesman on separate
hosts is still supported by this release, but is now
deprecated. This is not secure. A future v1.0 release will
replace the TCP socket used between these processes with a Unix
Domain Socket, and then cross-host running will not be
possible.
+ Security fix: Improper handling of session establishment errors
allows bypassing OS-level session restrictions
(CVE-2023-40184).
+ Bug fixes:
- Environment variables set by PAM modules are no longer
restricted to around 250 characters.
- X11 clipboard clients now no longer hang when requesting a
clipboard format which isn't available.
OBS-URL: https://build.opensuse.org/request/show/1118552
OBS-URL: https://build.opensuse.org/package/show/X11:RemoteDesktop/xrdp?expand=0&rev=121
- Update to version 0.9.22
+ New features
- Empty passwords are no longer automatically passed through to sesman for authentication
- Don't try to listen on the scard socket if it isn't there
- The directory where PAM configuration files are installed can now be set with --with-pamconfdir
- Sesman can now be configured to ignore alternate shells passed from the client
- Allow longer UserWindowManager strings
- openSuSE Tumbleweed move to /usr/lib/pam.d is now supported in the installation scripts
- VNC backend session now supports extra mouse buttons 6, 7 and 8
+ Bug fixes
- Minor documentation fixes
- Memory management fixes to list module
- Fix some noise when MP3/AAC are in use and some logging improvements
- Fix potential NULL dereferences in chansrv
- An erroneous free in the smartcard handling code has been removed
- Passwords are no longer left on the heap in sesman
- Set permissions on pcsc socket dir to owner only
- Drop upstreamed patches:
xrdp-CVE-2022-23468.patch
xrdp-CVE-2022-23477.patch
xrdp-CVE-2022-23478.patch
xrdp-CVE-2022-23479.patch
xrdp-CVE-2022-23480.patch
xrdp-CVE-2022-23481.patch
xrdp-CVE-2022-23482.patch
xrdp-CVE-2022-23483.patch
xrdp-CVE-2022-23484.patch
xrdp-CVE-2022-23493.patch
xrdp-make-pamconfdir-configurable.patch
xrdp-update-pam.d-path.patch
OBS-URL: https://build.opensuse.org/request/show/1102086
OBS-URL: https://build.opensuse.org/package/show/X11:RemoteDesktop/xrdp?expand=0&rev=119
- xrdp-CVE-2022-23477.patch (bsc#1206301)
+ Buffer over flow in audin_send_open() function
- Security fixes:
+ xrdp-CVE-2022-23468.patch (bsc#1206300)
* Buffer overflow in xrdp_login_wnd_create()
+ xrdp-CVE-2022-23478.patch (bsc#1206302)
* Out of Bound Write in xrdp_mm_trans_process_drdynvc_chan
+ xrdp-CVE-2022-23479.patch (bsc#1206303)
* Buffer overflow in xrdp_mm_chan_data_in() function
+ xrdp-CVE-2022-23480.patch (bsc#1206306)
* Buffer overflow in devredir_proc_client_devlist_announce_req
+ xrdp-CVE-2022-23481.patch (bsc#1206307)
* Out of Bound Read in xrdp_caps_process_confirm_active()
+ xrdp-CVE-2022-23482.patch (bsc#1206310)
+ Out of Bound Read in xrdp_sec_process_mcs_data_CS_CORE()
+ xrdp-CVE-2022-23483.patch (bsc#1206311)
+ Out of Bound REad in libxrdp_send_to_channel()
+ xrdp-CVE-2022-23484.patch (bsc#1206312)
+ Integer Overflow in xrdp_mm_process_rail_update_window_text()
+ xrdp-CVE-2022-23493.patch (bsc#1206313)
+ Out of Bound Read in xrdp_mm_trans_process_drdynvc_channel_close()
OBS-URL: https://build.opensuse.org/request/show/1057176
OBS-URL: https://build.opensuse.org/package/show/X11:RemoteDesktop/xrdp?expand=0&rev=106
- Update to version 0.9.19
+ New features
- loongarch support
- Improved Fail2ban support
- Both inbound and outbound clipboards can now be restricted for text,
files or images
- Versions 0.13 and later of checklib can undefine the pre-processor
symbol HAVE_STDINT_H
- The OpenSSL 3 EVP interface is now fully supported
- The logging of TLS/non-TLS security negotiation has been improved
- Unified and improved logging
- Status values for the DRDYNVC channel are now available in
libxrdp/xrdp_channel.h
- Backgrounds and logos on the login screen can now be zoomed and scaled
- The performance settings for NeutrinoRDP can be now configured
- clipboard: log file transfer for the purpose of audit
- Client's Keyboard layout now can be overridden by xrdp configuration
for debugging purposes
- On-the-fly resolution change now supported for Xvnc and Xorg
- xrdp can now use key algorithms other than RSA for TLS
- chansrv can now work on DISPLAY=:0 so it can be used with
x11vnc/Vino/etc sessions
+ Bug fixes
- Privilege escalation on xrdp-sesman: CVE-2022-23613
- Some situations where zombie processes could exist have been resolved
- Null-pointer exceptions which can happen in the logging module addressed
- Some minor logging errors have been corrected
- The signal handling in sesman has been reworked to prevent race conditions
when a child exits
- Logging is improved for security protocol level decisions
- Failure to attach to the memory area shared with xorgxrdp now logged
- Remote drive redirection now works if printer redirection is also
requested by the client
- config value has been added which allows copy-pasting of files to work
with Nautilus for GNOME 3 versions >= 3.29.92
- Fix some regressions in sesman auth modules
- Fix TS_PLAY_SOUND_PDU_DATA to set the correct frequency and duration
- Fix password leakage to logs in NeutrinoRDP module
- Remove *.txt as docs because of files not found (improvements in man pages)
OBS-URL: https://build.opensuse.org/request/show/978632
OBS-URL: https://build.opensuse.org/package/show/X11:RemoteDesktop/xrdp?expand=0&rev=98
- Rework files section: do not add config(noreplace) marker on the
directory /etc/xrdp, but only on the content of the directory.
+ the config(noreplace) marker on the dircreates a rpm metadata
marker, which can be identified as conflicting with other
packages also owning /etc/xrdp, without the marker
+ The re-org of the files section happens to also fix warnings
about files listed twice.
The old buildlog contained entries like
```
[ 124s] warning: File listed twice: /etc/xrdp
[ 124s] warning: File listed twice: /etc/xrdp/km-00000406.ini
[ 124s] warning: File listed twice: /etc/xrdp/km-00000407.ini
[ 124s] warning: File listed twice: /etc/xrdp/km-00000409.ini
[ 124s] warning: File listed twice: /etc/xrdp/km-0000040a.ini
[ 124s] warning: File listed twice: /etc/xrdp/km-0000040b.ini
[ 124s] warning: File listed twice: /etc/xrdp/km-0000040c.ini
[ 124s] warning: File listed twice: /etc/xrdp/km-00000410.ini
[ 124s] warning: File listed twice: /etc/xrdp/km-00000411.ini
```
OBS-URL: https://build.opensuse.org/request/show/951614
OBS-URL: https://build.opensuse.org/package/show/X11:RemoteDesktop/xrdp?expand=0&rev=95
- Update to version 0.9.15
+ New features
- Allow token sign in without autologon for SSO (#1667#1668)
- Norwegian keyboard support (#1675)
- Improved config support for chansrv (#1635)
- Unified chansrv, sesman and libxrdp logging (#1633#1708#1738)
- Support SUSE move to /usr/etc (#1702)
- Parameters may now be specified for user-specified shell
(#1270#1695)
- xrdp executables now allow alternative config files to be
specified with -c (#1588#1650#1651)
- sesrun improvements (#1741)
- Drive redirection location can now be specified (#1048)
+ Bug fixes
- Additional buffer overflow checks (#1662)
- genkeymap array size conflict fixed (#1691)
- Buffering issue with neutrinordp over a slow link fixed
(#1608 1634)
- Prevent PAM info message from causing authentication failure
(#1727)
- Try harder to clean up socket files on session exit (#1740#1756)
- xrdp-chansrv become defunct in docker while file copy (#1658)
- Drop xrdp-buildfix.patch: fixed upstream
- Drop xrdp-default-config.patch. Add patched sources xrdp.ini and
sesman.ini to avoid frequent rebases
- Drop xrdp-usr-etc-support.patch: fixed upstream
- Rebase xrdp-avahi.diff
- Rebase xrdp-fate318398-change-expired-password.patch
OBS-URL: https://build.opensuse.org/request/show/860663
OBS-URL: https://build.opensuse.org/package/show/X11:RemoteDesktop/xrdp?expand=0&rev=92
- Update to version 0.9.14
+ New features
- Multi monitor and resize support for Xvnc backend #1343
For more details see
https://github.com/neutrinolabs/xrdp/wiki/Xvnc-backend-:-Multi-monitor-and-resize-support
- Support Programmer Dvorak Keyboard #1663
+ Bug fixes
- Fix odd shift key behavior (workaround) #397#1522
- Fix internal username/password buffer is smaller than RDP
protocol specification #1648#1653
- Fix possible memory out-of-bounds accesses #1549
- Fix memory allocation overflow #1557
- Prevent chansrv input channels being scanned during a server
reset #1595
- Ignore TS_MULTIFRAGMENTUPDATE_CAPABILITYSET from client if fp
disabled #1593
+ Known issues
- FreeRDP 2.0.0-rc4 or later might not able to connect to xrdp
due to xrdp's bad-mannered behaviour, add +glyph-cache option
to FreeRDP to connect #1266
- Audio redirection by MP3 codec doesn't sound with some
client, use AAC instead #965
- Drop xrdp-fate319683-allow-vnc-resizing.patch: fixed upstream
- Rebase xrdp-default-config.patch
- Rebase xrdp-disable-8-bpp-vnc-support.patch
- Rebase xrdp-fate318398-change-expired-password.patch
OBS-URL: https://build.opensuse.org/request/show/834273
OBS-URL: https://build.opensuse.org/package/show/X11:RemoteDesktop/xrdp?expand=0&rev=87
