Contains fix for CVE-2025-68670. Drop patch that is included in this release.
Changelog: Security fixes: - CVE-2025-68670 New features: - It is now possible to start the xrdp daemon entirely unprivileged from the service manager. If you do this certain restrictions will apply. See https://github.com/neutrinolabs/xrdp/wiki/Running-the-xrdp-process-as-non-root for details. - TLS pre-master secrets can now be recorded for packet captures - Add a FuseRootReportMaxFree to work around 'no free space' issues with some file managers - Alternate shell names can now be passed to startwm.sh in an environment variable for more system management control - Updated Xorg paths in sesman.ini to include more recent distros - Add Slovenian keyboard - xrdpapi: Add a way to monitor connect/disconnect events Bug fixes: - Allow an empty X11 UTF8_STRING to be pasted to the clipboard - Fix a regression introduced in v0.10.x, where it became impossible to connect to a VNC server which did not support the ExtendedDesktopSize encoding - Fix a regression introduced in v0.10.x related to PAM groups handling - Inconsistencies with [MS-RDPBCGR] have been addressed - A reference to uninitialised data within the verify_user_pam_userpass.c module has been fixed - Prevent some possible crashes when the RFX encoder is resized - Fixes a regression introduced by GFX development which prevented the JPEG encoder from working correctly - Fixes a regression introduced by #2974 which resulted in the xrdp PID file being deleted unexpectedly - Do not overwrite a VNC port set by the user when not using sesman - Fix regression from 0.9.x when freerdp client uses /workarea - Fixes a crash where a resize is attempted with drdynvc disabled - getgrouplist() now compiles on MacOS - Various Coverity warnings have been addressed - Documentation improvements Internal changes: - An unnecessary include of sys/signal.h causing a compile warning on MUSL-C has been removed Signed-off-by: Gyorgy Sarvari <[email protected]> --- .../xrdp/xrdp/fix-compiling-with-musl.patch | 27 ------------------- .../xrdp/{xrdp_0.10.4.1.bb => xrdp_0.10.5.bb} | 4 +-- 2 files changed, 1 insertion(+), 30 deletions(-) delete mode 100644 meta-oe/recipes-support/xrdp/xrdp/fix-compiling-with-musl.patch rename meta-oe/recipes-support/xrdp/{xrdp_0.10.4.1.bb => xrdp_0.10.5.bb} (96%) diff --git a/meta-oe/recipes-support/xrdp/xrdp/fix-compiling-with-musl.patch b/meta-oe/recipes-support/xrdp/xrdp/fix-compiling-with-musl.patch deleted file mode 100644 index c716229ab6..0000000000 --- a/meta-oe/recipes-support/xrdp/xrdp/fix-compiling-with-musl.patch +++ /dev/null @@ -1,27 +0,0 @@ - -sys/signal.h does almost the same in both glibc and musl: it includes "signal.h" - -However with musl there is also a warning macro about this, which is interpreted as -an error during building. - -Fixes error: - -| In file included from ../../sources/xrdp-0.10.4.1/waitforx/waitforx.c:5: -| <...>/usr/include/sys/signal.h:1:2: error: #warning redirecting incorrect #include <sys/signal.h> to <signal.h> [-Werror=cpp] -| 1 | #warning redirecting incorrect #include <sys/signal.h> to <signal.h> -| | ^~~~~~~ -| cc1: all warnings being treated as errors - -Upstream-Status: Submitted [https://github.com/neutrinolabs/xrdp/pull/3678] -Signed-off-by: Gyorgy Sarvari <[email protected]> - ---- ./waitforx/waitforx.c.orig 2025-11-25 14:38:46.464337398 +0100 -+++ ./waitforx/waitforx.c 2025-11-25 14:38:52.007441093 +0100 -@@ -2,7 +2,6 @@ - #include <signal.h> - #include <stdio.h> - #include <stdlib.h> --#include <sys/signal.h> - #include <unistd.h> - - #include "config_ac.h" diff --git a/meta-oe/recipes-support/xrdp/xrdp_0.10.4.1.bb b/meta-oe/recipes-support/xrdp/xrdp_0.10.5.bb similarity index 96% rename from meta-oe/recipes-support/xrdp/xrdp_0.10.4.1.bb rename to meta-oe/recipes-support/xrdp/xrdp_0.10.5.bb index 8203ada8e5..8d7c5807f2 100644 --- a/meta-oe/recipes-support/xrdp/xrdp_0.10.4.1.bb +++ b/meta-oe/recipes-support/xrdp/xrdp_0.10.5.bb @@ -17,9 +17,7 @@ SRC_URI = "https://github.com/neutrinolabs/${BPN}/releases/download/v${PV}/${BPN file://0001-arch-Define-NO_NEED_ALIGN-on-ppc64.patch \ file://0001-mark-count-with-unused-attribute.patch \ " -SRC_URI:append:libc-musl = " file://fix-compiling-with-musl.patch" - -SRC_URI[sha256sum] = "52eadf3e86c57be0de0b9d5c184b52a7946a070746d3eb04b5089dd6d42f8f5f" +SRC_URI[sha256sum] = "9abc96d164de4b1c40e2f3f537d0593d052a640cf3388978c133715ea69fb123" UPSTREAM_CHECK_URI = "https://github.com/neutrinolabs/xrdp/releases"; UPSTREAM_CHECK_REGEX = "releases/tag/v(?P<pver>\d+(\.\d+)+)"
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#124070): https://lists.openembedded.org/g/openembedded-devel/message/124070 Mute This Topic: https://lists.openembedded.org/mt/117599352/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
