* Sat May 03 2025 Andreas Stieger <andreas.stieger@gmx.de>
- update to 0.9.26:
* Fall back to IPv4 if IPv6 capable but don't have an IPv6
address set
* Remove tcutils channel from xrdp.ini
* Remove duplicate DEBUG output
* Fix drive redirection regression
* Fix bug when pasting image to LibreOffice
- includes changes from 0.9.25.1:
* Fix mouse wheel scrolling in Xvnc session
- includes changes from 0.9.25:
* touchpad inertial scrolling
* If the client announces support for the Image RemoteFX codec it
is logged
- includes changes from 0.9.24:
* Checking group membership should now work better on systems
using directory services
* Pasting more than 32K characters of text to the clipboard now
succeeds
* An incompatibility with FreeRDP 2.11.2 in the drive redirector
has been fixed
- Rebase xrdp-systemd-services.patch
* Tue Jan 14 2025 Dominique Leuenberger <dimstar@opensuse.org>
- Fix escaping of commented out patch: with RPM 4.20, %patch
becomes a standard, expandable macro, that can span more than one
line. Commenting out with #%patch can thus lead to invalid
results.
* Fri May 24 2024 Thorsten Kukuk <kukuk@suse.com>
- Drop initscripts-legacy support [jsc#PED264]
- Drop rc<service> symlinks [jsc#PED-264], [jsc#PED-266]
* Mon Feb 26 2024 Dominique Leuenberger <dimstar@opensuse.org>
- Use %patch -P N instead of deprecated %patchN.
* Thu Nov 30 2023 Mike Gabriel <mike.gabriel@das-netzwerkteam.de>
- Trivial rebase of xrdp-disable-8-bpp-vnc-support.patch.
- Trivial rebase of xrdp-support-KillDisconnected-for-Xvnc.patch.
- Rebase xrdp-avahi.diff.
- Rebase xrdp-bsc965647-allow-admin-choose-desktop.patch. Add MATE Desktop
support. Launch all desktop session in a dbus-run-session context to
avoid violent interference with simultaneously running local sessions.
- Trivial rebase of xrdp-filter-tab-from-mstsc-on-focus-change.patch.
- Disable xrdp-fate318398-change-expired-password.patch. It does not apply
cleanly since xrdp 0.9.18. Reconsider its usage.
* Wed Oct 18 2023 Dominique Leuenberger <dimstar@opensuse.org>
- Update to version 0.9.23.1:
+ Security fix: Unchecked access to font glyph info
(CVE-2023-42822).
- Changes from version 0.9.23:
+ General announcement: Running xrdp and xrdp-sesman on separate
hosts is still supported by this release, but is now
deprecated. This is not secure. A future v1.0 release will
replace the TCP socket used between these processes with a Unix
Domain Socket, and then cross-host running will not be
possible.
+ Security fix: Improper handling of session establishment errors
allows bypassing OS-level session restrictions
(CVE-2023-40184).
+ Bug fixes:
- Environment variables set by PAM modules are no longer
restricted to around 250 characters.
- X11 clipboard clients now no longer hang when requesting a
clipboard format which isn't available.
* Thu Aug 03 2023 Linnaea Lavia <linnaea@lavia.moe>
- Update to version 0.9.22
+ New features
- Empty passwords are no longer automatically passed through to sesman for authentication
- Don't try to listen on the scard socket if it isn't there
- The directory where PAM configuration files are installed can now be set with --with-pamconfdir
- Sesman can now be configured to ignore alternate shells passed from the client
- Allow longer UserWindowManager strings
- openSuSE Tumbleweed move to /usr/lib/pam.d is now supported in the installation scripts
- VNC backend session now supports extra mouse buttons 6, 7 and 8
+ Bug fixes
- Minor documentation fixes
- Memory management fixes to list module
- Fix some noise when MP3/AAC are in use and some logging improvements
- Fix potential NULL dereferences in chansrv
- An erroneous free in the smartcard handling code has been removed
- Passwords are no longer left on the heap in sesman
- Set permissions on pcsc socket dir to owner only
+ Security fixes
- CVE-2022-23468
- CVE-2022-23477
- CVE-2022-23478
- CVE-2022-23479
- CVE-2022-23480
- CVE-2022-23481
- CVE-2022-23482
- CVE-2022-23483
- CVE-2022-23484
- CVE-2022-23493
- Drop upstreamed patches:
xrdp-CVE-2022-23468.patch
xrdp-CVE-2022-23477.patch
xrdp-CVE-2022-23478.patch
xrdp-CVE-2022-23479.patch
xrdp-CVE-2022-23480.patch
xrdp-CVE-2022-23481.patch
xrdp-CVE-2022-23482.patch
xrdp-CVE-2022-23483.patch
xrdp-CVE-2022-23484.patch
xrdp-CVE-2022-23493.patch
xrdp-make-pamconfdir-configurable.patch
xrdp-update-pam.d-path.patch
* Tue Jun 06 2023 Dominique Leuenberger <dimstar@opensuse.org>
- Do not call %stop_on_removal and %restart_on_update in
%preun/%postun: those macros would require at least some
%parameters and actually are the same as the already used
%%service_del_preun and %service_del_postun.
* Wed Mar 08 2023 Yifan Jiang <yfjiang@suse.com>
- Enable --with-pamconfdir=/usr/lib/pam.d on Tumbleweed
(gh#neutrinolabs/xrdp!2552 bsc#1208121).
* Wed Mar 08 2023 Yifan Jiang <yfjiang@suse.com>
- Add xrdp-make-pamconfdir-configurable.patch: Apply upstream
implementation and introduce --with-pamconfdir at build time
(gh#neutrinolabs/xrdp!2552 bsc#1208121).
- Drop xrdp-fix-search-pam-vendor-dir.patch