Hello community, here is the log from the commit of package xrdp for openSUSE:Factory checked in at 2018-01-09 14:53:18 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/xrdp (Old) and /work/SRC/openSUSE:Factory/.xrdp.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "xrdp" Tue Jan 9 14:53:18 2018 rev:13 rq:562291 version:0.9.5 Changes: -------- --- /work/SRC/openSUSE:Factory/xrdp/xrdp.changes 2017-11-24 10:57:14.738203754 +0100 +++ /work/SRC/openSUSE:Factory/.xrdp.new/xrdp.changes 2018-01-09 14:53:18.803464110 +0100 @@ -1,0 +2,30 @@ +Thu Jan 4 08:43:48 UTC 2018 - [email protected] + +- Update to version 0.9.5 + + Security fixes + - Fix local denial of service (CVE-2017-16927) #958 #979 + + New features + - Add a new log level TRACE more verbose than DEBUG #835 #944 + - SSH agent forwarding via RDP #867 #868 FreeRDP/FreeRDP#4122 + - Support horizontal wheel properly #928 + + Bug fixes + - Avoid use of hard-coded sesman port #895 + - Workaround for corrupted display with Windows Server 2008 + using NeutrinoRDP #869 + - Fix glitch in audio redirection by AAC #910 #936 + - Implement vsock support #930 #935 #948 + - Avoid 100% CPU usage on SSL accept #956 + + Other changes + - Add US Dvorak keyboard #929 + - Suppress some misleading logs #964 + - Add Finnish keyboard #972 + - Add more user-friendlier description about Xorg config #974 + - Renew pulseaudio document #984 #985 + - Lots of cleanups and refactoring + + Known issues + - Audio redirection by MP3 codec doesn't sound with some + client, use AAC instead #965 +- Update xrdp-default-config.patch +- Update xrdp-fate318398-change-expired-password.patch + +------------------------------------------------------------------- Old: ---- xrdp-0.9.4.tar.gz xrdp-0.9.4.tar.gz.asc New: ---- xrdp-0.9.5.tar.gz xrdp-0.9.5.tar.gz.asc ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ xrdp.spec ++++++ --- /var/tmp/diff_new_pack.UQI0PF/_old 2018-01-09 14:53:19.671423420 +0100 +++ /var/tmp/diff_new_pack.UQI0PF/_new 2018-01-09 14:53:19.675423232 +0100 @@ -1,7 +1,7 @@ # # spec file for package xrdp # -# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -23,7 +23,7 @@ %define _fwdefdir %{_sysconfdir}/sysconfig/SuSEfirewall2.d/services Name: xrdp -Version: 0.9.4 +Version: 0.9.5 Release: 0 Summary: Remote desktop protocol (RDP) server License: Apache-2.0 and GPL-2.0+ ++++++ xrdp-0.9.4.tar.gz -> xrdp-0.9.5.tar.gz ++++++ ++++ 5476 lines of diff (skipped) ++++++ xrdp-default-config.patch ++++++ --- /var/tmp/diff_new_pack.UQI0PF/_old 2018-01-09 14:53:20.171399981 +0100 +++ /var/tmp/diff_new_pack.UQI0PF/_new 2018-01-09 14:53:20.175399793 +0100 @@ -1,8 +1,8 @@ -diff --git a/sesman/sesman.ini b/sesman/sesman.ini -index 8225ee44..37c78169 100644 ---- a/sesman/sesman.ini -+++ b/sesman/sesman.ini -@@ -18,7 +18,7 @@ AlwaysGroupCheck=false +Index: b/sesman/sesman.ini +=================================================================== +--- a/sesman/sesman.ini 2018-01-04 15:37:57.612073999 +0800 ++++ b/sesman/sesman.ini 2018-01-04 15:38:02.957413999 +0800 +@@ -18,7 +18,7 @@ ;; X11DisplayOffset - x11 display number offset ; Type: integer ; Default: 10 @@ -11,7 +11,7 @@ ;; MaxSessions - maximum number of connections to an xrdp server ; Type: integer -@@ -50,9 +50,9 @@ Policy=Default +@@ -50,9 +50,9 @@ [Logging] LogFile=xrdp-sesman.log @@ -22,13 +22,13 @@ +EnableSyslog=0 +SyslogLevel=ERROR - [X11rdp] - param=X11rdp -diff --git a/xrdp/xrdp.ini b/xrdp/xrdp.ini -index cb6d7c36..f4c75c88 100644 ---- a/xrdp/xrdp.ini -+++ b/xrdp/xrdp.ini -@@ -74,7 +74,7 @@ grey=dedede + ; + ; Session definitions - startup command-line parameters for each session type +Index: b/xrdp/xrdp.ini +=================================================================== +--- a/xrdp/xrdp.ini 2018-01-04 15:37:57.612073999 +0800 ++++ b/xrdp/xrdp.ini 2018-01-04 15:59:09.282474000 +0800 +@@ -76,7 +76,7 @@ #ls_title=My Login Title ; top level window background color in RGB format @@ -37,7 +37,7 @@ ; width and height of login screen ls_width=350 -@@ -117,9 +117,9 @@ ls_btn_cancel_height=30 +@@ -119,9 +119,9 @@ [Logging] LogFile=xrdp.log @@ -50,10 +50,10 @@ ; LogLevel and SysLogLevel could by any of: core, error, warning, info or debug [Channels] -@@ -148,34 +148,24 @@ tcutils=true - ; Session types - ; - +@@ -153,34 +153,24 @@ + ; Some session types such as Xorg, X11rdp and Xvnc start a display server. + ; Startup command-line parameters for the display server are configured + ; in sesman.ini. See and configure also sesman.ini. -[Xorg] -name=Xorg -lib=libxup.so @@ -93,7 +93,7 @@ [console] name=console -@@ -184,28 +174,7 @@ ip=127.0.0.1 +@@ -189,28 +179,7 @@ port=5900 username=na password=ask ++++++ xrdp-fate318398-change-expired-password.patch ++++++ --- /var/tmp/diff_new_pack.UQI0PF/_old 2018-01-09 14:53:20.187399231 +0100 +++ /var/tmp/diff_new_pack.UQI0PF/_new 2018-01-09 14:53:20.187399231 +0100 @@ -1,19 +1,19 @@ -diff --git a/sesman/auth.h b/sesman/auth.h -index 56f7809..4dd3836 100644 ---- a/sesman/auth.h -+++ b/sesman/auth.h -@@ -106,4 +106,6 @@ auth_check_pwd_chg(const char *user); +Index: b/sesman/auth.h +=================================================================== +--- a/sesman/auth.h 2017-10-26 13:30:12.000000000 +0800 ++++ b/sesman/auth.h 2018-01-04 16:40:32.178890000 +0800 +@@ -106,4 +106,6 @@ int auth_change_pwd(const char *user, const char *newpwd); +int +auth_change_pwd_pam(char* user, char* pass, char* newpwd); #endif -diff --git a/sesman/libscp/libscp_session.c b/sesman/libscp/libscp_session.c -index 8df34b3..54d08ae 100644 ---- a/sesman/libscp/libscp_session.c -+++ b/sesman/libscp/libscp_session.c -@@ -75,6 +75,10 @@ scp_session_set_type(struct SCP_SESSION *s, tui8 type) +Index: b/sesman/libscp/libscp_session.c +=================================================================== +--- a/sesman/libscp/libscp_session.c 2017-10-26 13:30:12.000000000 +0800 ++++ b/sesman/libscp/libscp_session.c 2018-01-04 16:40:32.178890000 +0800 +@@ -75,6 +75,10 @@ s->type = SCP_GW_AUTHENTICATION; break; @@ -24,10 +24,15 @@ case SCP_SESSION_TYPE_MANAGE: s->type = SCP_SESSION_TYPE_MANAGE; s->mng = (struct SCP_MNG_DATA *)g_malloc(sizeof(struct SCP_MNG_DATA), 1); -@@ -236,6 +240,32 @@ scp_session_set_password(struct SCP_SESSION *s, const char *str) +@@ -231,6 +235,32 @@ + return 1; + } - /*******************************************************************/ - int ++ return 0; ++} ++ ++/*******************************************************************/ ++int +scp_session_set_newpass(struct SCP_SESSION *s, char *str) +{ + if (0 == str) @@ -49,18 +54,13 @@ + return 1; + } + -+ return 0; -+} -+ -+/*******************************************************************/ -+int - scp_session_set_domain(struct SCP_SESSION *s, const char *str) - { - if (0 == str) -diff --git a/sesman/libscp/libscp_types.h b/sesman/libscp/libscp_types.h -index 8cb9166..b4441da 100644 ---- a/sesman/libscp/libscp_types.h -+++ b/sesman/libscp/libscp_types.h + return 0; + } + +Index: b/sesman/libscp/libscp_types.h +=================================================================== +--- a/sesman/libscp/libscp_types.h 2017-10-04 12:44:21.000000000 +0800 ++++ b/sesman/libscp/libscp_types.h 2018-01-04 16:40:32.178890000 +0800 @@ -47,6 +47,7 @@ * XRDP sends this command to let sesman verify if the user is allowed * to use the gateway */ @@ -69,7 +69,7 @@ #define SCP_ADDRESS_TYPE_IPV4 0x00 #define SCP_ADDRESS_TYPE_IPV6 0x01 -@@ -77,6 +78,7 @@ struct SCP_SESSION +@@ -77,6 +78,7 @@ char locale[18]; char* username; char* password; @@ -77,11 +77,11 @@ char* hostname; tui8 addr_type; tui32 ipv4addr; -diff --git a/sesman/libscp/libscp_v0.c b/sesman/libscp/libscp_v0.c -index 5a0c8bf..4b3fc98 100644 ---- a/sesman/libscp/libscp_v0.c -+++ b/sesman/libscp/libscp_v0.c -@@ -317,9 +317,8 @@ scp_v0s_accept(struct SCP_CONNECTION *c, struct SCP_SESSION **s, int skipVchk) +Index: b/sesman/libscp/libscp_v0.c +=================================================================== +--- a/sesman/libscp/libscp_v0.c 2017-12-27 22:30:25.000000000 +0800 ++++ b/sesman/libscp/libscp_v0.c 2018-01-04 17:09:58.859805998 +0800 +@@ -329,9 +329,8 @@ } } } @@ -92,7 +92,7 @@ session = scp_session_create(); if (0 == session) -@@ -329,7 +328,7 @@ scp_v0s_accept(struct SCP_CONNECTION *c, struct SCP_SESSION **s, int skipVchk) +@@ -341,7 +340,7 @@ } scp_session_set_version(session, version); @@ -100,28 +100,32 @@ + scp_session_set_type(session, code); /* reading username */ in_uint16_be(c->in_s, sz); - buf[sz] = '\0'; -@@ -342,6 +341,19 @@ scp_v0s_accept(struct SCP_CONNECTION *c, struct SCP_SESSION **s, int skipVchk) - /* until syslog merge log_message(s_log, LOG_LEVEL_WARNING, "[v0:%d] connection aborted: error setting username", __LINE__);*/ - return SCP_SERVER_STATE_INTERNAL_ERR; + buf = g_new0(char, sz + 1); +@@ -358,6 +357,23 @@ } + g_free(buf); + + if (code == SCP_GW_CHAUTHTOK) + { + /* reading new password */ + in_uint16_be(c->in_s, sz); -+ buf[sz] = '\0'; ++ buf = g_new0(char, sz + 1); + in_uint8a(c->in_s, buf, sz); ++ buf[sz] = '\0'; + + if (0 != scp_session_set_newpass(session, buf)) + { + scp_session_destroy(session); ++ g_free(buf); + return SCP_SERVER_STATE_INTERNAL_ERR; + } ++ g_free(buf); + } - ++ /* reading password */ in_uint16_be(c->in_s, sz); -@@ -417,12 +429,13 @@ scp_v0s_deny_connection(struct SCP_CONNECTION *c) + buf = g_new0(char, sz + 1); +@@ -435,12 +451,13 @@ /******************************************************************************/ enum SCP_SERVER_STATES_E @@ -137,11 +141,11 @@ out_uint16_be(c->out_s, value); /* reply code */ out_uint16_be(c->out_s, 0); /* dummy data */ s_mark_end(c->out_s); -diff --git a/sesman/libscp/libscp_v0.h b/sesman/libscp/libscp_v0.h -index 21fc16c..ae54619 100644 ---- a/sesman/libscp/libscp_v0.h -+++ b/sesman/libscp/libscp_v0.h -@@ -79,6 +79,6 @@ scp_v0s_deny_connection(struct SCP_CONNECTION* c); +Index: b/sesman/libscp/libscp_v0.h +=================================================================== +--- a/sesman/libscp/libscp_v0.h 2017-07-19 12:23:49.000000000 +0800 ++++ b/sesman/libscp/libscp_v0.h 2018-01-04 16:40:32.182893999 +0800 +@@ -79,6 +79,6 @@ * @return */ enum SCP_SERVER_STATES_E @@ -149,11 +153,11 @@ +scp_v0s_replyauthentication(struct SCP_CONNECTION* c, unsigned short int value, tui8 type); #endif -diff --git a/sesman/scp_v0.c b/sesman/scp_v0.c -index de00068..51f1af7 100644 ---- a/sesman/scp_v0.c -+++ b/sesman/scp_v0.c -@@ -42,6 +42,13 @@ scp_v0_process(struct SCP_CONNECTION *c, struct SCP_SESSION *s) +Index: b/sesman/scp_v0.c +=================================================================== +--- a/sesman/scp_v0.c 2017-10-26 13:30:12.000000000 +0800 ++++ b/sesman/scp_v0.c 2018-01-04 16:40:32.182893999 +0800 +@@ -42,6 +42,13 @@ int errorcode = 0; bool_t do_auth_end = 1; @@ -167,7 +171,7 @@ data = auth_userpass(s->username, s->password, &errorcode); if (s->type == SCP_GW_AUTHENTICATION) -@@ -53,14 +60,14 @@ scp_v0_process(struct SCP_CONNECTION *c, struct SCP_SESSION *s) +@@ -53,14 +60,14 @@ if (1 == access_login_allowed(s->username)) { /* the user is member of the correct groups. */ @@ -184,7 +188,7 @@ log_message(LOG_LEVEL_INFO, "Username okey but group problem for " "user: %s", s->username); /* g_writeln("user password ok, but group problem"); */ -@@ -71,7 +78,7 @@ scp_v0_process(struct SCP_CONNECTION *c, struct SCP_SESSION *s) +@@ -71,7 +78,7 @@ /* g_writeln("username or password error"); */ log_message(LOG_LEVEL_INFO, "Username or password error for user: %s", s->username); @@ -193,11 +197,11 @@ } } else if (data) -diff --git a/sesman/verify_user_pam.c b/sesman/verify_user_pam.c -index 15174c2..d996470 100644 ---- a/sesman/verify_user_pam.c -+++ b/sesman/verify_user_pam.c -@@ -38,6 +38,7 @@ struct t_user_pass +Index: b/sesman/verify_user_pam.c +=================================================================== +--- a/sesman/verify_user_pam.c 2017-11-27 09:42:43.000000000 +0800 ++++ b/sesman/verify_user_pam.c 2018-01-04 16:40:32.182893999 +0800 +@@ -38,6 +38,7 @@ { char user[256]; char pass[256]; @@ -205,7 +209,7 @@ }; struct t_auth_info -@@ -86,6 +87,55 @@ verify_pam_conv(int num_msg, const struct pam_message **msg, +@@ -86,6 +87,55 @@ } /******************************************************************************/ @@ -261,7 +265,7 @@ static void get_service_name(char *service_name) { -@@ -102,6 +152,52 @@ get_service_name(char *service_name) +@@ -103,6 +153,52 @@ } /******************************************************************************/ @@ -314,11 +318,11 @@ /* returns long, zero is no go Stores the detailed error code in the errorcode variable*/ -diff --git a/xrdp/xrdp_login_wnd.c b/xrdp/xrdp_login_wnd.c -index 49477a1..160a1ef 100644 ---- a/xrdp/xrdp_login_wnd.c -+++ b/xrdp/xrdp_login_wnd.c -@@ -181,7 +181,14 @@ xrdp_wm_cancel_clicked(struct xrdp_bitmap *wnd) +Index: b/xrdp/xrdp_login_wnd.c +=================================================================== +--- a/xrdp/xrdp_login_wnd.c 2017-11-27 09:42:43.000000000 +0800 ++++ b/xrdp/xrdp_login_wnd.c 2018-01-04 16:40:32.182893999 +0800 +@@ -187,7 +187,14 @@ { if (wnd->wm != 0) { @@ -334,7 +338,7 @@ { g_set_wait_obj(wnd->wm->pro_layer->self_term_event); } -@@ -239,7 +246,29 @@ xrdp_wm_ok_clicked(struct xrdp_bitmap *wnd) +@@ -245,7 +252,29 @@ } else { @@ -365,7 +369,7 @@ } return 0; -@@ -516,6 +545,32 @@ xrdp_wm_login_notify(struct xrdp_bitmap *wnd, +@@ -545,6 +574,32 @@ return 0; } @@ -398,10 +402,11 @@ /******************************************************************************/ static int xrdp_wm_login_fill_in_combo(struct xrdp_wm *self, struct xrdp_bitmap *b) -@@ -789,6 +844,103 @@ xrdp_login_wnd_create(struct xrdp_wm *self) +@@ -825,6 +880,103 @@ + return 0; } - ++ +/******************************************************************************/ +int +xrdp_newpass_wnd_create(struct xrdp_wm *self) @@ -498,15 +503,14 @@ + + return 0; +} -+ + /** * Load configuration from xrdp.ini file - * -diff --git a/xrdp/xrdp_mm.c b/xrdp/xrdp_mm.c -index ba4227c..4e15f88 100644 ---- a/xrdp/xrdp_mm.c -+++ b/xrdp/xrdp_mm.c -@@ -1458,7 +1458,7 @@ xrdp_mm_sesman_data_in(struct trans *trans) +Index: b/xrdp/xrdp_mm.c +=================================================================== +--- a/xrdp/xrdp_mm.c 2017-12-27 22:30:26.000000000 +0800 ++++ b/xrdp/xrdp_mm.c 2018-01-04 16:40:32.182893999 +0800 +@@ -1458,7 +1458,7 @@ /*********************************************************************/ /* return 0 on success */ static int @@ -515,7 +519,7 @@ { int reply; int rec = 32+1; /* 32 is reserved for PAM failures this means connect failure */ -@@ -1484,7 +1484,8 @@ access_control(char *username, char *password, char *srv) +@@ -1486,7 +1486,8 @@ make_stream(out_s); init_stream(out_s, 500); s_push_layer(out_s, channel_hdr, 8); @@ -525,7 +529,7 @@ index = g_strlen(username); out_uint16_be(out_s, index); out_uint8a(out_s, username, index); -@@ -1492,6 +1493,14 @@ access_control(char *username, char *password, char *srv) +@@ -1494,6 +1495,14 @@ index = g_strlen(password); out_uint16_be(out_s, index); out_uint8a(out_s, password, index); @@ -540,7 +544,7 @@ s_mark_end(out_s); s_pop_layer(out_s, channel_hdr); out_uint32_be(out_s, 0); /* version */ -@@ -1521,15 +1530,19 @@ access_control(char *username, char *password, char *srv) +@@ -1523,15 +1532,19 @@ in_uint16_be(in_s, pAM_errorcode); /* this variable holds the PAM error code if the variable is >32 it is a "invented" code */ in_uint16_be(in_s, dummy); @@ -564,7 +568,7 @@ } else { -@@ -1847,7 +1860,7 @@ xrdp_mm_connect(struct xrdp_mm *self) +@@ -1849,7 +1862,7 @@ char port[8]; char chansrvport[256]; #ifndef USE_NOPAM @@ -573,7 +577,7 @@ char pam_auth_sessionIP[256]; char pam_auth_password[256]; char pam_auth_username[256]; -@@ -1887,7 +1900,7 @@ xrdp_mm_connect(struct xrdp_mm *self) +@@ -1889,7 +1902,7 @@ #ifndef USE_NOPAM else if (g_strcasecmp(name, "pamusername") == 0) { @@ -582,7 +586,7 @@ g_strncpy(pam_auth_username, value, 255); } else if (g_strcasecmp(name, "pamsessionmng") == 0) -@@ -1915,45 +1928,56 @@ xrdp_mm_connect(struct xrdp_mm *self) +@@ -1917,45 +1930,56 @@ } #ifndef USE_NOPAM @@ -670,10 +674,11 @@ } #endif -@@ -2047,6 +2071,59 @@ xrdp_mm_connect(struct xrdp_mm *self) +@@ -2048,6 +2072,59 @@ + return rv; } - /*****************************************************************************/ ++/*****************************************************************************/ +/* return 0 on success */ +int +xrdp_mm_change_expired_password(struct xrdp_mm *self) @@ -726,15 +731,14 @@ + return rv; +} + -+/*****************************************************************************/ + /*****************************************************************************/ int xrdp_mm_get_wait_objs(struct xrdp_mm *self, - tbus *read_objs, int *rcount, -diff --git a/xrdp/xrdp_types.h b/xrdp/xrdp_types.h -index 75c70ee..344e7fc 100644 ---- a/xrdp/xrdp_types.h -+++ b/xrdp/xrdp_types.h -@@ -325,6 +325,7 @@ struct xrdp_wm +Index: b/xrdp/xrdp_types.h +=================================================================== +--- a/xrdp/xrdp_types.h 2017-07-19 12:23:49.000000000 +0800 ++++ b/xrdp/xrdp_types.h 2018-01-04 16:40:32.182893999 +0800 +@@ -325,6 +325,7 @@ struct xrdp_cache* cache; int palette[256]; struct xrdp_bitmap* login_window; @@ -742,11 +746,11 @@ /* generic colors */ int black; int grey; -diff --git a/xrdp/xrdp_wm.c b/xrdp/xrdp_wm.c -index 8a6695f..238c5cf 100644 ---- a/xrdp/xrdp_wm.c -+++ b/xrdp/xrdp_wm.c -@@ -1855,6 +1855,34 @@ xrdp_wm_login_mode_changed(struct xrdp_wm *self) +Index: b/xrdp/xrdp_wm.c +=================================================================== +--- a/xrdp/xrdp_wm.c 2018-01-04 16:40:31.998709999 +0800 ++++ b/xrdp/xrdp_wm.c 2018-01-04 16:40:32.182893999 +0800 +@@ -1896,6 +1896,34 @@ self->dragging = 0; xrdp_wm_set_login_mode(self, 11); } @@ -781,7 +785,7 @@ return 0; } -@@ -1899,11 +1927,19 @@ xrdp_wm_log_wnd_notify(struct xrdp_bitmap *wnd, +@@ -1940,11 +1968,19 @@ xrdp_bitmap_invalidate(wm->screen, &rect); /* if module is gone, reset the session when ok is clicked */ @@ -802,7 +806,7 @@ } } } -@@ -1965,6 +2001,9 @@ xrdp_wm_show_log(struct xrdp_wm *self) +@@ -2006,6 +2042,9 @@ return 0; }
