Package: release.debian.org Severity: normal Tags: stretch User: release.debian....@packages.debian.org Usertags: pu
Dear Debian stretch Release Team, in Debian LTS, we are currently discussing a complex update of the freerdp (v1.1) package. The current status is this: * since March 2018 freerdp in stretch (and jessie) (Git snapshot of never released v1.1) is unusable against latest Windows servers. All Windows OS versions switched to RDP proto version 6 plus CredSSP version 3) and the freerdp versions in Debian jessie/stretch do not support that. * for people using Debian stretch, the only viable work-around is using freerdp2 from stretch-backports. * people using Debian jessie LTS don't have any options (except from upgrading to stretch and using freerdp2 from stretch-bpo). * currently, we know of four unfixed CVE issues in freerdp (v1.1) (that are fixed in buster's freerdp2. With my Debian LTS contributor hat on, I have started working on the open freerdp CVE issues (which luckily appeared in a Ubuntu security update, so not much work on this side) _and_ ... ... I have started backporting the required patches (at least these: [1,2,3]) to get RDP proto version 6 working in Debian jessie's freerdp v1.1 version. This complete endeavour for LTS only makes sense if the stable release team is open to accepting such a complex change to Debian stretch, too. While working on these patches, I regularly get feedback from FreeRDP upstream developer Bernhard Miklautz. The Git version [4] of the proposed upload is not yet ready. After feedback from Bernhard, I will have to backport various WinPR API calls that are used around the RDP proto v6 implementation. So this whole thing is still work in progress. The reason for this mail is: if the stable release team declines this update, then we neither will bring it to Debian jessie LTS. Please give me a beacon single (mainly a "yes, go ahead", or a "no, no way!"). Please let me know, if you need more info to consider. Cheers, Mike [1] https://salsa.debian.org/debian-remote-team/freerdp-1.1-legacy/blob/debian/stretch/updates/debian/patches/0010_add-support-for-credssp-version-3.patch [2] https://salsa.debian.org/debian-remote-team/freerdp-1.1-legacy/blob/debian/stretch/updates/debian/patches/0011_add-support-for-proto-version-6.patch [3] https://salsa.debian.org/debian-remote-team/freerdp-1.1-legacy/blob/debian/stretch/updates/debian/patches/0012-fix-nla-don-t-use-server-version.patch [4] https://salsa.debian.org/debian-remote-team/freerdp-1.1-legacy/tree/debian/stretch/updates -- System Information: Debian Release: 9.6 APT prefers stable APT policy: (990, 'stable'), (500, 'stable-updates') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 4.9.0-8-amd64 (SMP w/4 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system)