Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package xrdp for openSUSE:Factory checked in at 2026-06-25 10:56:53 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/xrdp (Old) and /work/SRC/openSUSE:Factory/.xrdp.new.2088 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "xrdp" Thu Jun 25 10:56:53 2026 rev:64 rq:1361569 version:0.10.6 Changes: -------- --- /work/SRC/openSUSE:Factory/xrdp/xrdp.changes 2026-06-03 20:27:09.737008256 +0200 +++ /work/SRC/openSUSE:Factory/.xrdp.new.2088/xrdp.changes 2026-06-25 10:59:00.877108981 +0200 @@ -1,0 +2,289 @@ +Thu Jun 18 01:28:47 UTC 2026 - Yifan Jiang <[email protected]> + +- Recommend pipewire-module-xrdp to bridge pipewire audio. + +------------------------------------------------------------------- +Wed Jun 17 03:49:19 UTC 2026 - Yifan Jiang <[email protected]> + +- Generate key/cert pair to enable ssl security layer by default + + Add xrdp-ensure-cert.sh + + Add xrdp-ensure-cert.patch + +------------------------------------------------------------------- +Wed Jun 10 02:30:48 UTC 2026 - Yifan Jiang <[email protected]> + +- Update sesman.ini: + + Introduce MaxDisplayNumber=1000 to support SUSE large + X11DisplayOffset=200 +- Update xrdp.ini: + + Align the logo section with the latest upstream +- Rebase patches: + + xrdp-support-KillDisconnected-for-Xvnc.patch + + xrdp-avahi.diff +- Drop upstreamed patches: + + xrdp-systemd-services.patch + + xrdp-Moved-initgroups-call-to-before-auth_start_session.patch + + xrdp-Add-function-to-get-user-information-by-UID.patch + + xrdp-fix-username-in-env.patch + +------------------------------------------------------------------- +Wed Jun 10 02:21:29 UTC 2026 - Yifan Jiang <[email protected]> + +- Update to version 0.10.6: + + Security Fixes + * Resolved CVE-2026-32105, CVE-2026-32107, CVE-2026-32623, + CVE-2026-32624, CVE-2026-33145, CVE-2026-33516, + CVE-2026-33689, and CVE-2026-35512. + + Drop upstreamed patches + * xrdp-CVE-2026-35512.patch + * xrdp-CVE-2026-32624.patch + * xrdp-CVE-2026-32107.patch + * xrdp-CVE-2026-32623.patch + * xrdp-CVE-2026-33145.patch + * xrdp-CVE-2026-33689.patch + * xrdp-CVE-2026-32105-1-fips-slowpath.patch + * xrdp-CVE-2026-32105-2-fips-fastpath.patch + * xrdp-CVE-2026-32105-3-nonfips-slowpath.patch + * xrdp-CVE-2026-32105-4-nonfips-fastpath.patch + + New Features + * Added support for xorgxrdp bug fixes + neutrinolabs/xorgxrdp#249 and neutrinolabs/xorgxrdp#342 + (#3721). + + Bug Fixes + * Honour pass_shell_as_env setting only if the user + explicitly sets a shell (#3725). + * Blocked attempts to create a NULL authentication file + when utilizing VNC over UDS (#3727). + * Corrected layout alignment issues with the Brazilian + ABNT2 keyboard mapping (#3728, #3736). + * Addressed a 'file exists' installation block when + overwriting an existing xrdp setup (#3780). + + Changes for Packagers or Developers + * The unfinished PIV smartcard support is now disabled by + default due to potential security risks; it can be + manually re-enabled via --enable-smartcard for + non-production environments (#3759). + + General & Deprecations + * The use_vsock parameter in xrdp.ini is deprecated. Use + 'port=vsock://' instead. +- Changes since 0.10.1: + + Update to version 0.10.5: + - Security Fixes + * Resolved CVE-2025-68670: Fixed improper bounds checking + on domain string lengths to prevent stack-based buffer + overflows. + - New Features + * Added support for running the xrdp daemon completely + unprivileged via the service manager (#3599, #3603). + * Enabled recording of TLS pre-master secrets to + facilitate easier network packet captures (#3617). + * Added FuseRootReportMaxFree parameter to mitigate 'no + free space' computation bugs in various file managers + (#3639). + * Allowed alternate shell names to be passed to startwm.sh + via environment variables for tighter system policy + controls (#3624, #3651). + * Updated fallback Xorg path hooks in sesman.ini to + support newer Linux distributions (#3663). + * Integrated a Slovenian keyboard layout mapping (#3668, + #3670). + * xrdpapi: Introduced a native binding hook to monitor + session connection and disconnection events (#3693). + - Bug Fixes + * Allowed empty X11 UTF8_STRING blocks to be copied and + pasted to the clipboard system (#3580, #3582). + * Patched a v0.10.x regression that broke connections to + VNC servers lacking ExtendedDesktopSize encoding support + (#3540, #3584). + * Fixed a v0.10.x regression impacting PAM group + evaluation logic (#3594). + * Resolved protocol inconsistencies with the [MS-RDPBCGR] + specification block (#3608). + * Cleaned up uninitialized data references inside the + verify_user_pam_userpass.c module (#3638). + * Fixed intermittent daemon crashes triggered when the RFX + encoder is actively resized (#3590, #3644). + * Corrected a GFX engine regression that disrupted proper + operation of the JPEG encoder sub-system (#3649). + * Fixed a file management regression where the xrdp PID + file was unexpectedly deleted (#3650). + * Ensured VNC ports specified directly by the user are not + overwritten when bypassed by sesman (#3674). + * Fixed a 0.9.x regression where connections failed if the + FreeRDP client passed the /workarea parameter (#3618, + #3676). + * Corrected a crash occurring when a display resize event + is triggered while drdynvc is disabled (#3672, #3680). + * Fixed getgrouplist() compatibility to ensure successful + compilation on macOS environments (#3575). + * Addressed various static analysis warnings raised by + Coverity (#3656) alongside documentation tweaks (#3665). + - Internal Changes + * Cleared an unnecessary sys/signal.h header include that + triggered compilation warnings on MUSL-C toolchains + (#3679). + + Update to version 0.10.4.1: + - Bug Fixes + * Fixed a critical regression that prevented xorgxrdp + v0.10.4 backend pairings from functioning properly with + this version release (#3561). + + Update to version 0.10.4: + - New Features + * Introduced the vmconnect configuration parameter in + xrdp.ini to expose additional virtualization security + tracking features when operating inside Hyper-V virtual + environments (#3524). + * Integrated Latvian keyboard layout support (#3511, + #3519). + - Bug Fixes + * Refined systemd initialization detection logic on + Debian-derived operating systems (#3497, #3502). + * Resolved an interoperability bug where xrdp sessions + failed when brokered by Quest/OneIdentity Safeguard for + Privileged Sessions (#3498, #3507). + * Fixed a startup race condition inside chansrv that + prevented the service from being cleanly terminated on + exit (#3482). + * Addressed a potential double-free hazard present during + chansrv exit routines (#3546). + * Rectified several Coverity-identified static analysis + warnings (#3508). + - Internal Changes + * Upgraded the embedded TOML-C99 parser dependency to the + latest upstream state (#3530). + + Update to version 0.10.3: + - General Announcements & Core Behavioral Shifts + * Introduced experimental utmp/wtmp session tracking + support. Actions are logged solely during session + creation/destruction. + - New Features + * Added configuration support to explicitly declare the + thread pool count assigned to the x264 compression + encoder (#3366, #3367). + * Provided a mechanism to substitute colon characters (:) + passed inside client share names with alternate + characters (#3389). + * Integrated a Hungarian keyboard layout configuration + mapping (#3424, #3430). + * Optimized keyboard fallback routing structures inside + xorgxrdp to handle complex multi-variant maps like + Brazil ABNT2 (#3478). + * Introduced a more secure 'Xvnc over Unix Domain Socket' + session mode for Enterprise FIPS environments (#3453). + - Bug Fixes + * Resolved several memory leak conditions (#3380, #3388). + * Implemented error handling path fixes for environments + containing a mis-installed or broken openh264 encoder + binary (#3405, #3432). + * Mitigated FIPS-compliant enterprise configuration errors + (Bug #2518) via the introduction of the new Unix Domain + Socket session architecture (#3453). + * Fixed a FreeBSD specific conflict where xrdp occasionally + attempted to claim display IDs already utilized by + active SSH X11-forwarding sessions (#3381, #3456). + * Fixed Coverity engine warnings (#3411, #3423) and + updated project documentation (#3403). + - Internal Changes + * Bumped the FreeBSD CI validation matrix platform up to + 14.2 (#3427). + - Changes for Packagers or Developers + * Added configuration capability to customize the exact + subdirectory location for configurations (#3369). + * Packagers must explicitly append the --enable-utmp + compile flag to enable the experimental utmp framework + features. + + Update to version 0.10.2: + - Highlights + * H.264 Graphics Remoting: Officially introduced H.264 + video stream graphics compression encoding, substantially + lowering bandwidth utilization. + * Unprivileged Daemon Operation: Officially enabled support + to isolate the main xrdp daemon execution block under a + distinct, unprivileged user account. + - New Features + * Allowed FUSE filesystem mount configurations to execute + direct I/O routines, bypassing the kernel block cache + layer (#3260). + * Enabled compliant remote clients to entirely skip + virtual channel join handshakes (#3282). + * Added discrete frame capture interval configuration + items inside xrdp for both H.264 and RFX codecs + independently (#3317). + * Added statvfs system call passthrough capabilities on + the FUSE storage layer backend (#3304). + * Allowed packagers to define a custom target log path + for the chansrv file logger (#3344). + * Integrated Czech keyboard layout support (#3348, #3358). + - Bug Fixes + * Enhanced the channel redirector pipeline by removing + rigid filename length caps and improving compatibility + hooks for FreeRDP clients (#3165, #3194). + * Fixed an accounting bug that led to misreported graphic + cache allocation limits (#3212). + * Clarified the inline documentation descriptions for the + Policy variable inside sesman.ini (#3235). + * Repaired a regression that broke connection pathways + targeting non-resizable VNC environments (#3242). + * Patched a chansrv functionality breakage affecting + standalone VNC sessions, introduced during the socket + directory transition (#3283). + * Corrected AltGr modifier mapping behaviors on standard + Spanish keyboard layouts (#3313). + * Resolved a FUSE layer conflict preventing the KDE Dolphin + file manager from successfully writing files back onto + mapped client drives (#3300). + * Added explicit packaging inclusions for pam_limits.so on + Debian and downstream targets (#3347). + - Internal Changes + * Updated internal CI code quality engines: cppcheck to + v2.15.0 and astyle to 3.4.14 (#3232, #3309, #3314). + * Dropped the legacy xrdp_sec_in_mcs_data() internal + function block (#3273). + - Changes for Packagers or Developers + * Modified the build sequence so xrdp.ini and sesman.ini + macro substitutions occur dynamically during compiling + (#3187, #3188). + * Elevated the baseline libfuse requirement to versions + strictly greater than > 3.1.0 (#3284). + + Update to version 0.10.1: + - Security Fixes + * Unauthenticated RDP security scan finding / partial auth + bypass (no CVE). + - New Features + * Allowed client connection quality properties to + dynamically dictate selected GFX-RFX lossy compression + levels (#3183). + - Bug Fixes + * Fixed a regression inside the creation loop of the + chansrv FUSE directory hierarchy (#3088). + * Added missing systemd dependency entries targeting + network-online.target (#3088). + * Resolved a session listing processing race that caused + improper display allocations (#3088). + * Patched a memory fault (SEGV) caused during active GFX + display resizing actions (#3088). + * Resolved tracking bugs associated with the US Dvorak + keyboard layout specification (#3088). + * Fixed a regression preventing clipboard image payloads + from being pasted into LibreOffice sheets and documents + (#3102, #3120). + * Corrected a GFX negotiation failure condition when the + max_bpp parameter configuration was set too low (#3118, + #3122). + * Fixed a coordinate placement bug causing multi-monitor + GFX displays to misalign upon minimize or maximize + actions (#3075, #3127). + * Fixed missing file inclusion targets within release + packaging tarball generation routines (#3149, #3150). + * Corrected logical processing for the session selection + assignment rule when set to policy 'I' (#3167, #3171). + * Cleared an unneeded licensing handshake phase that + caused handshake interruptions for FIPS-compliant RDP + clients (#3132). + * Extended maximum resolution display limitations to allow + client screens wider than 4096 pixels (#3083). + - Internal Changes + * Bumped the base FreeBSD automated regression testing + platform instance to 13.3 (#3088). + +------------------------------------------------------------------- Old: ---- xrdp-0.9.27.tar.gz xrdp-0.9.27.tar.gz.asc xrdp-Add-function-to-get-user-information-by-UID.patch xrdp-CVE-2026-32105-1-fips-slowpath.patch xrdp-CVE-2026-32105-2-fips-fastpath.patch xrdp-CVE-2026-32105-3-nonfips-slowpath.patch xrdp-CVE-2026-32105-4-nonfips-fastpath.patch xrdp-CVE-2026-32107.patch xrdp-CVE-2026-32623.patch xrdp-CVE-2026-32624.patch xrdp-CVE-2026-33145.patch xrdp-CVE-2026-33689.patch xrdp-CVE-2026-35512.patch xrdp-Moved-initgroups-call-to-before-auth_start_session.patch xrdp-fix-username-in-env.patch xrdp-systemd-services.patch New: ---- xrdp-0.10.6.tar.gz xrdp-0.10.6.tar.gz.asc xrdp-ensure-cert.patch xrdp-ensure-cert.sh ----------(Old B)---------- Old: + xrdp-Moved-initgroups-call-to-before-auth_start_session.patch + xrdp-Add-function-to-get-user-information-by-UID.patch + xrdp-fix-username-in-env.patch Old: * xrdp-CVE-2026-33689.patch * xrdp-CVE-2026-32105-1-fips-slowpath.patch * xrdp-CVE-2026-32105-2-fips-fastpath.patch Old: * xrdp-CVE-2026-32105-1-fips-slowpath.patch * xrdp-CVE-2026-32105-2-fips-fastpath.patch * xrdp-CVE-2026-32105-3-nonfips-slowpath.patch Old: * xrdp-CVE-2026-32105-2-fips-fastpath.patch * xrdp-CVE-2026-32105-3-nonfips-slowpath.patch * xrdp-CVE-2026-32105-4-nonfips-fastpath.patch Old: * xrdp-CVE-2026-32105-3-nonfips-slowpath.patch * xrdp-CVE-2026-32105-4-nonfips-fastpath.patch + New Features Old: * xrdp-CVE-2026-32624.patch * xrdp-CVE-2026-32107.patch * xrdp-CVE-2026-32623.patch Old: * xrdp-CVE-2026-32107.patch * xrdp-CVE-2026-32623.patch * xrdp-CVE-2026-33145.patch Old: * xrdp-CVE-2026-35512.patch * xrdp-CVE-2026-32624.patch * xrdp-CVE-2026-32107.patch Old: * xrdp-CVE-2026-32623.patch * xrdp-CVE-2026-33145.patch * xrdp-CVE-2026-33689.patch Old: * xrdp-CVE-2026-33145.patch * xrdp-CVE-2026-33689.patch * xrdp-CVE-2026-32105-1-fips-slowpath.patch Old: + Drop upstreamed patches * xrdp-CVE-2026-35512.patch * xrdp-CVE-2026-32624.patch Old: + xrdp-systemd-services.patch + xrdp-Moved-initgroups-call-to-before-auth_start_session.patch + xrdp-Add-function-to-get-user-information-by-UID.patch Old: + xrdp-Add-function-to-get-user-information-by-UID.patch + xrdp-fix-username-in-env.patch Old:- Drop upstreamed patches: + xrdp-systemd-services.patch + xrdp-Moved-initgroups-call-to-before-auth_start_session.patch ----------(Old E)---------- ----------(New B)---------- New: + Add xrdp-ensure-cert.sh + Add xrdp-ensure-cert.patch ----------(New E)---------- ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ xrdp.spec ++++++ --- /var/tmp/diff_new_pack.KhLQ6C/_old 2026-06-25 10:59:01.769138799 +0200 +++ /var/tmp/diff_new_pack.KhLQ6C/_new 2026-06-25 10:59:01.773138932 +0200 @@ -22,7 +22,7 @@ %endif Name: xrdp -Version: 0.9.27 +Version: 0.10.6 Release: 0 Summary: Remote desktop protocol (RDP) server License: Apache-2.0 AND GPL-2.0-or-later @@ -34,6 +34,7 @@ Source4: sysconfig.xrdp Source6: xrdp.ini Source7: sesman.ini +Source8: xrdp-ensure-cert.sh Source100: %{name}-rpmlintrc # PATCH-FIX-OPENSUSE xrdp-pam.patch - [email protected] refreshed by [email protected] Patch1: xrdp-pam.patch @@ -41,34 +42,8 @@ Patch2: xrdp-disable-8-bpp-vnc-support.patch # PATCH-FIX-OPENSUSE xrdp-support-KillDisconnected-for-Xvnc.patch boo#1101506 - [email protected] -- Support the KillDisconnected option for TigerVNC Xvnc sessions Patch3: xrdp-support-KillDisconnected-for-Xvnc.patch -# PATCH-FIX-OPENSUSE xrdp-systemd-services.patch boo#1138954 boo#1144327 - [email protected] -- Let systemd handle the daemons -Patch4: xrdp-systemd-services.patch -# PATCH-FIX-UPSTREAM xrdp-Add-function-to-get-user-information-by-UID.patch bsc#1211740 - [email protected] -- Moved initgroups call to before auth_start_session() -Patch21: xrdp-Moved-initgroups-call-to-before-auth_start_session.patch -# PATCH-FEATURE-UPSTREAM xrdp-Add-function-to-get-user-information-by-UID.patch bsc#1211740 - [email protected] -- Add function to get user information by UID -Patch22: xrdp-Add-function-to-get-user-information-by-UID.patch -# PATCH-FIX-OPENSUSE xrdp-fix-username-in-env.patch bsc#1211740 - [email protected] -- convert username in USER and LOGNAME env variables to canonical form -Patch23: xrdp-fix-username-in-env.patch -# PATCH-FIX-UPSTREAM xrdp-CVE-2026-32105-1-fips-slowpath.patch bsc#1262312 - [email protected] -- Check HMAC on FIPS slowpath input -Patch24: xrdp-CVE-2026-32105-1-fips-slowpath.patch -# PATCH-FIX-UPSTREAM xrdp-CVE-2026-32105-2-fips-fastpath.patch bsc#1262312 - [email protected] -- Check HMAC on FIPS fastpath input -Patch25: xrdp-CVE-2026-32105-2-fips-fastpath.patch -# PATCH-FIX-UPSTREAM xrdp-CVE-2026-32105-3-nonfips-slowpath.patch bsc#1262312 - [email protected] -- Check HMAC on non-FIPS slowpath input -Patch26: xrdp-CVE-2026-32105-3-nonfips-slowpath.patch -# PATCH-FIX-UPSTREAM xrdp-CVE-2026-32105-4-nonfips-fastpath.patch bsc#1262312 - [email protected] -- Check HMAC on non-FIPS fastpath input -Patch27: xrdp-CVE-2026-32105-4-nonfips-fastpath.patch -# PATCH-FIX-UPSTREAM xrdp-CVE-2026-32624.patch bsc#1262321 - [email protected] -- Fix buffer overflow if domain sep used -Patch28: xrdp-CVE-2026-32624.patch -# PATCH-FIX-UPSTREAM xrdp-CVE-2026-32107.patch bsc#1262313 - [email protected] -- Exit on failure of env_set_user() -Patch29: xrdp-CVE-2026-32107.patch -# PATCH-FIX-UPSTREAM xrdp-CVE-2026-32623.patch bsc#1262316 - [email protected] -- adding length and status checks in neutrinordp fragment reassembly -Patch30: xrdp-CVE-2026-32623.patch -# PATCH-FIX-UPSTREAM xrdp-CVE-2026-33145.patch bsc#1262331 - [email protected] -- Default AllowAlternateShell to 'no' -Patch31: xrdp-CVE-2026-33145.patch -# PATCH-FIX-UPSTREAM xrdp-CVE-2026-33689.patch bsc#1262332 - [email protected] -- Fix length check on channel open -Patch32: xrdp-CVE-2026-33689.patch -# PATCH-FIX-UPSTREAM xrdp-CVE-2026-35512.patch bsc#1262333 - [email protected] -- Check length for the EGFX dynamic virtual channel -Patch33: xrdp-CVE-2026-35512.patch +# PATCH-FIX-OPENSUSE xrdp-ensure-cert.patch bsc#1266233 bsc#1266325 - [email protected] -- generate key/cert to support default tls security layer +Patch4: xrdp-ensure-cert.patch # Keep SLE only patches on the bottom starting from patch number 1001 # PATCH-FEATURE-SLE xrdp-avahi.diff bnc#586785 - [email protected] -- Add Avahi support. Patch1001: xrdp-avahi.diff @@ -84,7 +59,7 @@ BuildRequires: autoconf BuildRequires: automake BuildRequires: fdupes -BuildRequires: fuse-devel +BuildRequires: imlib2-devel BuildRequires: libX11-devel BuildRequires: libXfixes-devel BuildRequires: libXrandr-devel @@ -94,8 +69,11 @@ BuildRequires: openssl-devel BuildRequires: pam-devel BuildRequires: pkg-config +BuildRequires: pkgconfig(fuse3) +BuildRequires: pkgconfig(pixman-1) BuildRequires: pkgconfig(systemd) Requires: xorg-x11-Xvnc +Recommends: pipewire-module-xrdp Recommends: xorgxrdp BuildRoot: %{_tmppath}/%{name}-%{version}-build @@ -106,45 +84,16 @@ %package devel Summary: Development files for xrdp Group: Development/Libraries/C and C++ -Requires: libpainter0 = %{version} -Requires: librfxencode0 = %{version} %description devel This package contains the development headers for xrdp. -%package -n libpainter0 -Summary: Library for manipulating memory bitmaps -Group: System/Libraries - -%description -n libpainter0 -This package contains libraries for manipulating memory bitmaps. - -%package -n librfxencode0 -Summary: Library for the JPEG2000 codec for RDP -Group: System/Libraries - -%description -n librfxencode0 -This package contains libraries for the JPEG2000 codec for RDP. - %prep %setup -q %patch -P 1 -p1 %patch -P 2 -p1 %patch -P 3 -p1 %patch -P 4 -p1 -%patch -P 21 -p1 -%patch -P 22 -p1 -%patch -P 23 -p1 -#%%patch -P 24 -p1 -#%%patch -P 25 -p1 -#%%patch -P 26 -p1 -#%%patch -P 27 -p1 -%patch -P 28 -p1 -%patch -P 29 -p1 -%patch -P 30 -p1 -%patch -P 31 -p1 -%patch -P 32 -p1 -%patch -P 33 -p1 %if 0%{?sle_version} %patch -P 1001 -p1 %patch -P 1002 -p1 @@ -157,6 +106,9 @@ %build sh ./bootstrap +%ifarch i586 +CFLAGS="$RPM_OPT_FLAGS -D_FILE_OFFSET_BITS=64" \ +%endif %configure \ --enable-ipv6 \ --enable-painter \ @@ -165,7 +117,8 @@ --with-pamconfdir=%{_pam_vendordir} \ %endif --enable-vsock \ - --enable-fuse + --enable-fuse \ + --enable-pixman make %{?_smp_mflags} V=1 %install @@ -175,6 +128,7 @@ mkdir -p %{buildroot}/%{_fillupdir} install -m 644 %{SOURCE4} %{buildroot}/%{_fillupdir}/sysconfig.xrdp install -m 644 %{SOURCE6} %{SOURCE7} %{buildroot}/%{_sysconfdir}/xrdp/ +install -Dm0755 %{SOURCE8} %{buildroot}%{_libexecdir}/xrdp/xrdp-ensure-cert # remove a private key and certification file generated during make and # use certification file created at the post phase @@ -220,19 +174,12 @@ %service_del_postun xrdp.service %service_del_postun xrdp-sesman.service -%post -n libpainter0 -p /sbin/ldconfig - -%postun -n libpainter0 -p /sbin/ldconfig - -%post -n librfxencode0 -p /sbin/ldconfig - -%postun -n librfxencode0 -p /sbin/ldconfig - %files %defattr(-,root,root) %dir %{_datadir}/xrdp %dir %{_libdir}/xrdp +%dir %{_libexecdir}/xrdp %if 0%{?suse_version} > 1500 %{_pam_vendordir}/xrdp-sesman %else @@ -246,9 +193,14 @@ %{_mandir}/man5/* %{_mandir}/man8/* %{_sbindir}/xrdp* +%{_libexecdir}/xrdp/waitforx +%{_libexecdir}/xrdp/xrdp-sesexec +%{_libexecdir}/xrdp/xrdp-droppriv +%{_libexecdir}/xrdp/xrdp-ensure-cert %dir %{_sysconfdir}/xrdp %config(noreplace) %{_sysconfdir}/xrdp/km*.ini %dir %{_sysconfdir}/xrdp/pulse +%config(noreplace) %{_sysconfdir}/xrdp/gfx.toml %config(noreplace) %{_sysconfdir}/xrdp/pulse/default.pa %config(noreplace) %{_sysconfdir}/xrdp/reconnectwm.sh %ghost %config(noreplace) %{_sysconfdir}/xrdp/rsakeys.ini @@ -257,6 +209,9 @@ %config(noreplace) %{_sysconfdir}/xrdp/sesman.ini %config(noreplace) %{_sysconfdir}/xrdp/xrdp.ini +%exclude %{_libdir}/libpainter.* +%exclude %{_libdir}/pkgconfig/libpainter.pc + %{_unitdir}/xrdp* %ghost %{_localstatedir}/log/xrdp-sesman.log @@ -269,15 +224,6 @@ %{_includedir}/painter.h %{_includedir}/rfxcodec_* %{_includedir}/xrdp_* -%{_libdir}/libpainter.so -%{_libdir}/librfxencode.so -%{_libdir}/pkgconfig/libpainter.pc %{_libdir}/pkgconfig/rfxcodec.pc %{_libdir}/pkgconfig/xrdp.pc -%files -n libpainter0 -%{_libdir}/libpainter.so.* - -%files -n librfxencode0 -%{_libdir}/librfxencode.so.* - ++++++ sesman.ini ++++++ --- /var/tmp/diff_new_pack.KhLQ6C/_old 2026-06-25 10:59:01.813140269 +0200 +++ /var/tmp/diff_new_pack.KhLQ6C/_new 2026-06-25 10:59:01.817140403 +0200 @@ -34,6 +34,15 @@ ; Default: 0 MaxSessions=50 +;; MaxDisplayNumer - maximum number considered for an X display +; Type: integer +; Default: 63 +; +; IANA only allocates TCP ports up to 6063 for X servers. If you are not +; allowing TCP connections to your X servers you may safely increase this +; number. +MaxDisplayNumber=1000 + ;; KillDisconnected - kill disconnected sessions ; Type: boolean ; Default: false ++++++ xrdp-0.9.27.tar.gz -> xrdp-0.10.6.tar.gz ++++++ ++++ 117388 lines of diff (skipped) ++++++ xrdp-avahi.diff ++++++ --- /var/tmp/diff_new_pack.KhLQ6C/_old 2026-06-25 10:59:02.605166744 +0200 +++ /var/tmp/diff_new_pack.KhLQ6C/_new 2026-06-25 10:59:02.613167012 +0200 @@ -1,51 +1,51 @@ -Index: xrdp-0.9.27/configure.ac +Index: xrdp-0.10.6/configure.ac =================================================================== ---- xrdp-0.9.27.orig/configure.ac -+++ xrdp-0.9.27/configure.ac -@@ -9,6 +9,7 @@ AC_CONFIG_MACRO_DIR([m4]) - AC_PROG_CC - AC_PROG_LIBTOOL +--- xrdp-0.10.6.orig/configure.ac ++++ xrdp-0.10.6/configure.ac +@@ -13,6 +13,7 @@ AC_PROG_LN_S + AC_C_CONST + LT_INIT +PKG_CHECK_MODULES(AVAHI, avahi-client >= 0.6.4) PKG_PROG_PKG_CONFIG if test "x$PKG_CONFIG" = "x"; then AC_MSG_ERROR([please install pkg-config]) -Index: xrdp-0.9.27/xrdp/Makefile.am +Index: xrdp-0.10.6/xrdp/Makefile.am =================================================================== ---- xrdp-0.9.27.orig/xrdp/Makefile.am -+++ xrdp-0.9.27/xrdp/Makefile.am -@@ -14,6 +14,7 @@ AM_CPPFLAGS = \ - -I$(top_srcdir)/common \ - -I$(top_srcdir)/sesman/libscp \ +--- xrdp-0.10.6.orig/xrdp/Makefile.am ++++ xrdp-0.10.6/xrdp/Makefile.am +@@ -16,6 +16,7 @@ AM_CPPFLAGS = \ -I$(top_srcdir)/libxrdp \ + -I$(top_srcdir)/third_party \ + -I$(top_srcdir)/third_party/tomlc99 \ + $(AVAHI_CFLAGS) $(IMLIB2_CFLAGS) XRDP_EXTRA_LIBS = -@@ -44,6 +45,7 @@ xrdp_SOURCES = \ +@@ -61,6 +62,7 @@ xrdp_SOURCES = \ lang.c \ xrdp.c \ xrdp.h \ + xrdp_avahi.c \ + xrdp.ini.in \ xrdp_bitmap.c \ xrdp_bitmap_load.c \ - xrdp_bitmap_common.c \ -@@ -65,6 +67,7 @@ xrdp_LDADD = \ - $(top_builddir)/sesman/libscp/libscp.la \ +@@ -89,6 +91,7 @@ xrdp_LDADD = \ + $(top_builddir)/libipm/libipm.la \ $(top_builddir)/libxrdp/libxrdp.la \ - $(IMLIB2_LIBS) \ + $(top_builddir)/third_party/tomlc99/libtoml.la \ + $(AVAHI_LIBS) \ + $(IMLIB2_LIBS) \ $(XRDP_EXTRA_LIBS) - xrdpsysconfdir=$(sysconfdir)/xrdp -Index: xrdp-0.9.27/xrdp/xrdp.h +Index: xrdp-0.10.6/xrdp/xrdp.h =================================================================== ---- xrdp-0.9.27.orig/xrdp/xrdp.h -+++ xrdp-0.9.27/xrdp/xrdp.h -@@ -582,3 +582,10 @@ server_add_char_alpha(struct xrdp_mod *m - int - server_session_info(struct xrdp_mod *mod, const char *data, int data_bytes); - +--- xrdp-0.10.6.orig/xrdp/xrdp.h ++++ xrdp-0.10.6/xrdp/xrdp.h +@@ -693,5 +693,12 @@ int + server_egfx_cmd(struct xrdp_mod *v, + char *cmd, int cmd_bytes, + char *data, int data_bytes); +/* xrdp_avahi.c */ +int +xrdp_avahi_init(void); @@ -53,10 +53,12 @@ +xrdp_avahi_fini(void); +void +xrdp_avahi_get_port(char *port); -Index: xrdp-0.9.27/xrdp/xrdp_avahi.c + + #endif +Index: xrdp-0.10.6/xrdp/xrdp_avahi.c =================================================================== --- /dev/null -+++ xrdp-0.9.27/xrdp/xrdp_avahi.c ++++ xrdp-0.10.6/xrdp/xrdp_avahi.c @@ -0,0 +1,182 @@ +/* + This program is free software; you can redistribute it and/or modify @@ -188,7 +190,7 @@ + + /* see if port or address is in xrdp.ini file */ + g_snprintf(cfg_file, 255, "%s/xrdp.ini", XRDP_CFG_PATH); -+ fd = g_file_open(cfg_file); ++ fd = g_file_open_ro(cfg_file); + + if (fd != -1) + { @@ -240,10 +242,10 @@ + if (fd != -1) + g_file_close(fd); +} -Index: xrdp-0.9.27/common/arch.h +Index: xrdp-0.10.6/common/arch.h =================================================================== ---- xrdp-0.9.27.orig/common/arch.h -+++ xrdp-0.9.27/common/arch.h +--- xrdp-0.10.6.orig/common/arch.h ++++ xrdp-0.10.6/common/arch.h @@ -22,27 +22,7 @@ #include <stdlib.h> #include <string.h> ++++++ xrdp-bsc965647-allow-admin-choose-desktop.patch ++++++ --- /var/tmp/diff_new_pack.KhLQ6C/_old 2026-06-25 10:59:02.629167546 +0200 +++ /var/tmp/diff_new_pack.KhLQ6C/_new 2026-06-25 10:59:02.641167948 +0200 @@ -1,8 +1,8 @@ -Index: xrdp-0.9.23.1/sesman/startwm.sh +Index: xrdp-0.10.6/sesman/startwm.sh =================================================================== ---- xrdp-0.9.23.1.orig/sesman/startwm.sh -+++ xrdp-0.9.23.1/sesman/startwm.sh -@@ -58,54 +58,54 @@ post_start() +--- xrdp-0.10.6.orig/sesman/startwm.sh ++++ xrdp-0.10.6/sesman/startwm.sh +@@ -75,75 +75,54 @@ get_xdg_session_startupcmd() #start the window manager wm_start() { @@ -14,6 +14,27 @@ - # debian - if [ -r /etc/X11/Xsession ]; then - pre_start +- +- # if you want to start preferred desktop environment, +- # add following line, +- # [ -n "$XRDP_SESSION" ] && export DESKTOP_SESSION=<your preferred desktop> +- # in either of following file. +- # 1. ~/.profile +- # 2. create a file (any_filename.sh is OK) in /etc/profile.d +- # <your preferred desktop> shall be one of "ls -1 /usr/share/xsessions/|cut -d. -f1" +- # e.g. [ -n "$XRDP_SESSION" ] && export DESKTOP_SESSION=ubuntu +- +- # Alternatively, set "PassShellAsEnv=DESKTOP_SESSION" in sesman.ini, which +- # lets the user specify the required session directly. +- +- # STARTUP is the default startup command. +- # if $1 is empty and STARTUP was not set +- # /etc/X11/Xsession.d/50x11-common_determine-startup will fallback to +- # x-session-manager +- if [ -z "$STARTUP" ] && [ -n "$DESKTOP_SESSION" ]; then +- get_xdg_session_startupcmd "$DESKTOP_SESSION" +- fi +- - . /etc/X11/Xsession - post_start - exit 0 @@ -105,7 +126,7 @@ } #. /etc/environment -@@ -122,6 +122,8 @@ wm_start() +@@ -160,6 +139,8 @@ wm_start() # includes # auth required pam_env.so readenv=1 ++++++ xrdp-ensure-cert.patch ++++++ Index: xrdp-0.10.6/instfiles/xrdp.service.in =================================================================== --- xrdp-0.10.6.orig/instfiles/xrdp.service.in +++ xrdp-0.10.6/instfiles/xrdp.service.in @@ -8,6 +8,7 @@ After=network-online.target xrdp-sesman. Type=exec EnvironmentFile=-@sysconfdir@/sysconfig/xrdp EnvironmentFile=-@sysconfdir@/default/xrdp +ExecStartPre=-/usr/libexec/xrdp/xrdp-ensure-cert ExecStart=@sbindir@/xrdp $XRDP_OPTIONS --nodaemon SystemCallArchitectures=native SystemCallFilter=@system-service ++++++ xrdp-ensure-cert.sh ++++++ #!/bin/sh set -eu CERT=/etc/xrdp/cert.pem KEY=/etc/xrdp/key.pem if [ -s "$CERT" ] && [ -s "$KEY" ]; then exit 0 fi install -d -m 0755 /etc/xrdp HOSTNAME_FQDN=$(hostname -f 2>/dev/null || hostname) openssl req \ -x509 \ -newkey rsa:2048 \ -nodes \ -subj "/CN=${HOSTNAME_FQDN}" \ -keyout "$KEY" \ -out "$CERT" \ -days 3650 chmod 0600 "$KEY" chmod 0644 "$CERT" exit 0 ++++++ xrdp-fix-old-gcc-error.patch ++++++ --- /var/tmp/diff_new_pack.KhLQ6C/_old 2026-06-25 10:59:02.725170755 +0200 +++ /var/tmp/diff_new_pack.KhLQ6C/_new 2026-06-25 10:59:02.725170755 +0200 @@ -1,14 +1,14 @@ -Index: xrdp-0.9.27/common/guid.c +Index: xrdp-0.10.6/common/guid.c =================================================================== ---- xrdp-0.9.27.orig/common/guid.c -+++ xrdp-0.9.27/common/guid.c -@@ -33,7 +33,7 @@ +--- xrdp-0.10.6.orig/common/guid.c ++++ xrdp-0.10.6/common/guid.c +@@ -42,7 +42,7 @@ enum struct guid guid_new(void) { - struct guid guid = {0}; + struct guid guid = {{0}}; g_random(guid.g, sizeof(guid.g)); - return guid; - } + /* Show this UUID as conforming to RFC4122 (section 4.1.1) */ + guid.g[E_CLOCK_SEQ_HI_AND_RESERVED] &= ~0x40; /* Clear bit 6 */ ++++++ xrdp-pam.patch ++++++ --- /var/tmp/diff_new_pack.KhLQ6C/_old 2026-06-25 10:59:02.749171558 +0200 +++ /var/tmp/diff_new_pack.KhLQ6C/_new 2026-06-25 10:59:02.757171826 +0200 @@ -1,10 +1,10 @@ -Index: b/instfiles/pam.d/xrdp-sesman.suse +Index: xrdp-0.10.6/instfiles/pam.d/xrdp-sesman.suse =================================================================== ---- a/instfiles/pam.d/xrdp-sesman.suse 2019-04-18 13:38:26.000000000 +0800 -+++ b/instfiles/pam.d/xrdp-sesman.suse 2019-08-05 12:10:27.492234081 +0800 -@@ -2,4 +2,6 @@ - auth include common-auth - account include common-account +--- xrdp-0.10.6.orig/instfiles/pam.d/xrdp-sesman.suse ++++ xrdp-0.10.6/instfiles/pam.d/xrdp-sesman.suse +@@ -8,4 +8,6 @@ session required pam_loginuid.so + session optional pam_lastlog2.so silent + session include common-session +session optional pam_keyinit.so force revoke +session required pam_loginuid.so ++++++ xrdp-support-KillDisconnected-for-Xvnc.patch ++++++ --- /var/tmp/diff_new_pack.KhLQ6C/_old 2026-06-25 10:59:02.797173163 +0200 +++ /var/tmp/diff_new_pack.KhLQ6C/_new 2026-06-25 10:59:02.805173430 +0200 @@ -1,22 +1,33 @@ -Index: xrdp-0.9.23.1/sesman/session.c +Index: xrdp-0.10.6/sesman/sesexec/session.c =================================================================== ---- xrdp-0.9.23.1.orig/sesman/session.c 2023-11-30 21:35:45.365863285 +0100 -+++ xrdp-0.9.23.1/sesman/session.c 2023-11-30 21:35:45.361863283 +0100 -@@ -825,6 +825,16 @@ +--- xrdp-0.10.6.orig/sesman/sesexec/session.c ++++ xrdp-0.10.6/sesman/sesexec/session.c +@@ -422,6 +422,7 @@ prepare_xvnc_xserver_params(const struct + char screen[32] = {0}; /* display number */ + char geometry[32] = {0}; + char depth[32] = {0}; ++ char text[256]; + char guid_str[GUID_STR_SIZE]; + const char *xserver; - g_free(passwd_file); +@@ -475,9 +476,17 @@ prepare_xvnc_xserver_params(const struct + NULL); + } -+ /* translate sesman.ini options KillDisconnected and DisconnectedTimeLimit -+ * into TigerVNC Xvnc parameteres */ -+ if (g_cfg->sess.kill_disconnected != 0 || -+ g_cfg->sess.max_disc_time != 0) -+ { -+ list_add_item(xserver_params, (tintptr)g_strdup("-MaxDisconnectionTime")); -+ g_snprintf(text, 255, "%d", g_cfg->sess.max_disc_time < 60 ? 60 : g_cfg->sess.max_disc_time); -+ list_add_item(xserver_params, (tintptr)g_strdup(text)); -+ } ++ /* translate sesman.ini options KillDisconnected and DisconnectedTimeLimit ++ * into TigerVNC Xvnc parameteres */ ++ if (g_cfg->sess.kill_disconnected != 0 || ++ g_cfg->sess.max_disc_time != 0) ++ { ++ list_add_item(params, (tintptr)g_strdup("-MaxDisconnectionTime")); ++ g_snprintf(text, sizeof(text), "%d", g_cfg->sess.max_disc_time < 60 ? 60 : g_cfg->sess.max_disc_time); ++ list_add_item(params, (tintptr)g_strdup(text)); ++ } + - /* additional parameters from sesman.ini file */ - //config_read_xserver_params(SESMAN_SESSION_TYPE_XVNC, - // xserver_params); + /* additional parameters from sesman.ini file */ +- //config_read_xserver_params(SCP_SESSION_TYPE_XVNC, +- // xserver_params); + list_append_list_strdup(g_cfg->vnc_params, params, 1); + } + return params; ++++++ xrdp.ini ++++++ --- /var/tmp/diff_new_pack.KhLQ6C/_old 2026-06-25 10:59:02.865175436 +0200 +++ /var/tmp/diff_new_pack.KhLQ6C/_new 2026-06-25 10:59:02.873175703 +0200 @@ -114,31 +114,37 @@ #ls_background_image= ; logo -; full path to bmp-file or file in shared folder +; full path to file or file in shared folder. BMP format is always supported, +; but other formats will be supported if xrdp is build with imlib2 +; For transform values, see 'ls_background_transform'. The logo width and +; logo height are ignored for a transform of 'none'. ls_logo_filename= +ls_logo_transform=scale +ls_logo_width=250 +ls_logo_height=110 ls_logo_x_pos=55 -ls_logo_y_pos=50 +ls_logo_y_pos=35 ; for positioning labels such as username, password etc ls_label_x_pos=30 -ls_label_width=65 +ls_label_width=68 ; for positioning text and combo boxes next to above labels ls_input_x_pos=110 ls_input_width=210 ; y pos for first label and combo box -ls_input_y_pos=220 +ls_input_y_pos=158 ; OK button ls_btn_ok_x_pos=142 -ls_btn_ok_y_pos=370 +ls_btn_ok_y_pos=308 ls_btn_ok_width=85 ls_btn_ok_height=30 ; Cancel button ls_btn_cancel_x_pos=237 -ls_btn_cancel_y_pos=370 +ls_btn_cancel_y_pos=308 ls_btn_cancel_width=85 ls_btn_cancel_height=30
