Contains fix for CVE-2025-68670.
Drop patch that is included in this release.
Changelog:
Security fixes:
- CVE-2025-68670
New features:
- It is now possible to start the xrdp daemon entirely unprivileged from the service manager.
If you do this certain restrictions will apply. See
https://github.com/neutrinolabs/xrdp/wiki/Running-the-xrdp-process-as-non-root for details.
- TLS pre-master secrets can now be recorded for packet captures
- Add a FuseRootReportMaxFree to work around 'no free space' issues with some file managers
- Alternate shell names can now be passed to startwm.sh in an environment variable for more
system management control
- Updated Xorg paths in sesman.ini to include more recent distros
- Add Slovenian keyboard
- xrdpapi: Add a way to monitor connect/disconnect events
Bug fixes:
- Allow an empty X11 UTF8_STRING to be pasted to the clipboard
- Fix a regression introduced in v0.10.x, where it became impossible to connect to a VNC server
which did not support the ExtendedDesktopSize encoding
- Fix a regression introduced in v0.10.x related to PAM groups handling
- Inconsistencies with [MS-RDPBCGR] have been addressed
- A reference to uninitialised data within the verify_user_pam_userpass.c module has been fixed
- Prevent some possible crashes when the RFX encoder is resized
- Fixes a regression introduced by GFX development which prevented the JPEG encoder from working
correctly
- Fixes a regression introduced by #2974 which resulted in the xrdp PID file being deleted
unexpectedly
- Do not overwrite a VNC port set by the user when not using sesman
- Fix regression from 0.9.x when freerdp client uses /workarea
- Fixes a crash where a resize is attempted with drdynvc disabled
- getgrouplist() now compiles on MacOS
- Various Coverity warnings have been addressed
- Documentation improvements
Internal changes:
- An unnecessary include of sys/signal.h causing a compile warning on MUSL-C has been removed
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
It takes under 10 seconds to run the suite.
Executed succesfully on x86-64, with musl and glibc.
The recipe requires pam DISTRO_FEATURE to be present.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Adding UPSTREAM_CHECK_URI and UPSTREAM_CHECK_REGEX fix
UNKNOWN_BROKEN status from running devtool check-upgrade-status.
The next version of the package can be found from upstream
sources.
Signed-off-by: Alexandre Truong <alexandre.truong@smile.fr>
Reviewed-by: Yoann Congal <yoann.congal@smile.fr>
Replace references of WORKDIR with UNPACKDIR where it makes sense to do
so in preparation for changing the default value of UNPACKDIR.
Signed-off-by: Khem Raj <raj.khem@gmail.com>
There is new patch-status QA check in oe-core:
https://git.openembedded.org/openembedded-core/commit/?id=76a685bfcf927593eac67157762a53259089ea8a
This is temporary work around just to hide _many_ warnings from
optional patch-status (if you add it to WARN_QA).
This just added
Upstream-Status: Pending
everywhere without actually investigating what's the proper status.
This is just to hide current QA warnings and to catch new .patch files being
added without Upstream-Status, but the number of Pending patches is now terrible:
5 (26%) meta-xfce
6 (50%) meta-perl
15 (42%) meta-webserver
21 (36%) meta-gnome
25 (57%) meta-filesystems
26 (43%) meta-initramfs
45 (45%) meta-python
47 (55%) meta-multimedia
312 (63%) meta-networking
756 (61%) meta-oe
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Changelog:
==========
New features
---------------
-Both inbound and outbound clipboards can now be restricted for text, files or images
Bug fixes
-----------
-CVE-2022-23613: Privilege escalation on xrdp-sesman (This fix is also in the out-of-band v0.9.18.1 release)
-The versions of imlib2 used on RHEL 7 and 8 are now detected correctly (#2118)
-Some situations where zombie processes could exist have been resolved (#2146, #2151, #2168)
-Some null-pointer exceptions which can happen in the logging module have been addressed (#2149)
-Some minor logging errors have been corrected (#2152)
-The signal handling in sesman has been reworked to prevent race conditions
when a child exits. This has also made it possible to reliably reload the sesman configuration with SIGHUP (#1729, #2168)
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
- Fixed build error with openssl 3.0 according to the suggestion of upsream.
Please reference to https://github.com/neutrinolabs/xrdp/issues/2121.
- Upgraded from 0.9.17 to 0.9.18.
- git repository of xrdp has recursive sources, so, reference to Fedora, modified SRC_URI to a tarball download URL of github.
Signed-off-by: Lei Maohui <leimaohui@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
This patch updates SRC_URIs using git to include branch=master if no branch is set
and also to use protocol=https for github urls as generated by the conversion script
in OE-Core.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
This is the result of automated script (0.9.1) conversion:
oe-core/scripts/contrib/convert-overrides.py .
converting the metadata to use ":" as the override character instead of "_".
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Drop redundant setting of PV in recipe
Fix build on riscv and musl
Do not install xrdp.sh, it does not exist anymore
Fix build with gcc 9+
Signed-off-by: Khem Raj <raj.khem@gmail.com>
1) Upgrade xrdp from 0.9.4 to 0.9.11.
2) Remove patch that is included in 0.9.11.
0001-Fix-of-CVE-2017-16927.patch
3) Remove patch that is not suitable for 0.9.11.
0001-Fix-sesman.ini-and-xrdp.ini.patch
Signed-off-by: Zheng Ruoqin <zhengrq.fnst@cn.fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Add --enable-fuse option to enable cpliboard when copying from window OS to linux.
Signed-off-by: Zheng Ruoqin <zhengrq.fnst@cn.fujitsu.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Add some scripts and patches for xrdp to make it work properly.
Signed-off-by: Zheng Ruoqin <zhengrq.fnst@cn.fujitsu.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
