Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package xrdp for openSUSE:Factory checked in at 2023-08-08 15:55:13 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/xrdp (Old) and /work/SRC/openSUSE:Factory/.xrdp.new.22712 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "xrdp" Tue Aug 8 15:55:13 2023 rev:53 rq:1102815 version:0.9.22.1 Changes: -------- --- /work/SRC/openSUSE:Factory/xrdp/xrdp.changes 2023-06-11 19:58:21.236271832 +0200 +++ /work/SRC/openSUSE:Factory/.xrdp.new.22712/xrdp.changes 2023-08-08 15:55:29.997205626 +0200 @@ -1,0 +2,45 @@ +Thu Aug 3 04:01:39 UTC 2023 - Linnaea Lavia <[email protected]> + +- Update to version 0.9.22 + + New features + - Empty passwords are no longer automatically passed through to sesman for authentication + - Don't try to listen on the scard socket if it isn't there + - The directory where PAM configuration files are installed can now be set with --with-pamconfdir + - Sesman can now be configured to ignore alternate shells passed from the client + - Allow longer UserWindowManager strings + - openSuSE Tumbleweed move to /usr/lib/pam.d is now supported in the installation scripts + - VNC backend session now supports extra mouse buttons 6, 7 and 8 + + Bug fixes + - Minor documentation fixes + - Memory management fixes to list module + - Fix some noise when MP3/AAC are in use and some logging improvements + - Fix potential NULL dereferences in chansrv + - An erroneous free in the smartcard handling code has been removed + - Passwords are no longer left on the heap in sesman + - Set permissions on pcsc socket dir to owner only + + Security fixes + - CVE-2022-23468 + - CVE-2022-23477 + - CVE-2022-23478 + - CVE-2022-23479 + - CVE-2022-23480 + - CVE-2022-23481 + - CVE-2022-23482 + - CVE-2022-23483 + - CVE-2022-23484 + - CVE-2022-23493 +- Drop upstreamed patches: + xrdp-CVE-2022-23468.patch + xrdp-CVE-2022-23477.patch + xrdp-CVE-2022-23478.patch + xrdp-CVE-2022-23479.patch + xrdp-CVE-2022-23480.patch + xrdp-CVE-2022-23481.patch + xrdp-CVE-2022-23482.patch + xrdp-CVE-2022-23483.patch + xrdp-CVE-2022-23484.patch + xrdp-CVE-2022-23493.patch + xrdp-make-pamconfdir-configurable.patch + xrdp-update-pam.d-path.patch + +------------------------------------------------------------------- Old: ---- xrdp-0.9.20.tar.gz xrdp-0.9.20.tar.gz.asc xrdp-CVE-2022-23468.patch xrdp-CVE-2022-23477.patch xrdp-CVE-2022-23478.patch xrdp-CVE-2022-23479.patch xrdp-CVE-2022-23480.patch xrdp-CVE-2022-23481.patch xrdp-CVE-2022-23482.patch xrdp-CVE-2022-23483.patch xrdp-CVE-2022-23484.patch xrdp-CVE-2022-23493.patch xrdp-make-pamconfdir-configurable.patch xrdp-update-pam.d-path.patch New: ---- xrdp-0.9.22.1.tar.gz xrdp-0.9.22.1.tar.gz.asc ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ xrdp.spec ++++++ --- /var/tmp/diff_new_pack.bz3C5p/_old 2023-08-08 15:55:31.089212460 +0200 +++ /var/tmp/diff_new_pack.bz3C5p/_new 2023-08-08 15:55:31.093212485 +0200 @@ -22,7 +22,7 @@ %endif Name: xrdp -Version: 0.9.20 +Version: 0.9.22.1 Release: 0 Summary: Remote desktop protocol (RDP) server License: Apache-2.0 AND GPL-2.0-or-later @@ -44,30 +44,6 @@ Patch5: xrdp-support-KillDisconnected-for-Xvnc.patch # PATCH-FIX-OPENSUSE xrdp-systemd-services.patch boo#1138954 boo#1144327 - [email protected] -- Let systemd handle the daemons Patch6: xrdp-systemd-services.patch -# PATCH-FIX-UPSTREAM xrdp-update-pam.d-path.patch bsc#1203468 - [email protected] -- update install script to accommodate with pam.d path move -Patch7: xrdp-update-pam.d-path.patch -# PATCH-FIX-UPSTREAM xrdp-CVE-2022-23468.patch bsc#1206300 - [email protected] -- Buffer overflow in xrdp_login_wnd_create() -Patch8: xrdp-CVE-2022-23468.patch -# PATCH-FIX-UPSTREAM xrdp-CVE-2022-23478.patch bsc#1206302 - [email protected] -- Out of Bound Write in xrdp_mm_trans_process_drdynvc_chan -Patch9: xrdp-CVE-2022-23478.patch -# PATCH-FIX-UPSTREAM xrdp-CVE-2022-23479.patch bsc#1206303 - [email protected] -- Buffer overflow in xrdp_mm_chan_data_in() function -Patch10: xrdp-CVE-2022-23479.patch -# PATCH-FIX-UPSTREAM xrdp-CVE-2022-23480.patch bsc#1206306 - [email protected] -- Buffer overflow in devredir_proc_client_devlist_announce_req -Patch11: xrdp-CVE-2022-23480.patch -# PATCH-FIX-UPSTREAM xrdp-CVE-2022-23481.patch bsc#1206307 - [email protected] -- Out of Bound Read in xrdp_caps_process_confirm_active() -Patch12: xrdp-CVE-2022-23481.patch -# PATCH-FIX-UPSTREAM xrdp-CVE-2022-23482.patch bsc#1206310 - [email protected] -- Out of Bound Read in xrdp_sec_process_mcs_data_CS_CORE() -Patch13: xrdp-CVE-2022-23482.patch -# PATCH-FIX-UPSTREAM xrdp-CVE-2022-23483.patch bsc#1206311 - [email protected] -- Out of Bound Read in libxrdp_send_to_channel() -Patch14: xrdp-CVE-2022-23483.patch -# PATCH-FIX-UPSTREAM xrdp-CVE-2022-23484.patch bsc#1206312 - [email protected] -- Integer Overflow in xrdp_mm_process_rail_update_window_text() -Patch15: xrdp-CVE-2022-23484.patch -# PATCH-FIX-UPSTREAM xrdp-CVE-2022-23493.patch bsc#1206313 - [email protected] -- Out of Bound Read in xrdp_mm_trans_process_drdynvc_channel_close() -Patch16: xrdp-CVE-2022-23493.patch -# PATCH-FIX-UPSTREAM xrdp-CVE-2022-23477.patch bsc#1206301 - [email protected] -- Buffer over flow in audin_send_open() function -Patch17: xrdp-CVE-2022-23477.patch -# PATCH-FIX-UPSTREAM xrdp-make-pamconfdir-configurable.patch gh#neutrinolabs/xrdp!2552 bsc#1208121 - [email protected] -- Configure pam.d directory at build time -Patch18: xrdp-make-pamconfdir-configurable.patch # Keep SLE only patches on the bottom starting from patch number 1001 # PATCH-FEATURE-SLE xrdp-avahi.diff bnc#586785 - [email protected] -- Add Avahi support. @@ -130,18 +106,6 @@ %patch4 -p1 %patch5 -p1 %patch6 -p1 -%patch7 -p1 -%patch8 -p1 -%patch9 -p1 -%patch10 -p1 -%patch11 -p1 -%patch12 -p1 -%patch13 -p1 -%patch14 -p1 -%patch15 -p1 -%patch16 -p1 -%patch17 -p1 -%patch18 -p1 %if 0%{?sle_version} %patch1001 -p1 %patch1002 -p1 ++++++ xrdp-0.9.20.tar.gz -> xrdp-0.9.22.1.tar.gz ++++++ ++++ 3013 lines of diff (skipped)
