diff options
| author | Gyorgy Sarvari <skandigraun@gmail.com> | 2026-02-02 17:37:14 +0100 |
|---|---|---|
| committer | Khem Raj <raj.khem@gmail.com> | 2026-02-04 20:53:30 -0800 |
| commit | 7c54c935cb6c3b5d96554d9fd3de72e5240f72aa (patch) | |
| tree | d5ecedfa3906a76d17795d55f63c27b0442094b1 | |
| parent | 9205d2c95eaccfd780ce6a61362e9f58395dd6ae (diff) | |
| download | meta-openembedded-7c54c935cb6c3b5d96554d9fd3de72e5240f72aa.tar.gz | |
xrdp: upgrade 0.10.4.1 -> 0.10.5
Contains fix for CVE-2025-68670.
Drop patch that is included in this release.
Changelog:
Security fixes:
- CVE-2025-68670
New features:
- It is now possible to start the xrdp daemon entirely unprivileged from the service manager.
If you do this certain restrictions will apply. See
https://github.com/neutrinolabs/xrdp/wiki/Running-the-xrdp-process-as-non-root for details.
- TLS pre-master secrets can now be recorded for packet captures
- Add a FuseRootReportMaxFree to work around 'no free space' issues with some file managers
- Alternate shell names can now be passed to startwm.sh in an environment variable for more
system management control
- Updated Xorg paths in sesman.ini to include more recent distros
- Add Slovenian keyboard
- xrdpapi: Add a way to monitor connect/disconnect events
Bug fixes:
- Allow an empty X11 UTF8_STRING to be pasted to the clipboard
- Fix a regression introduced in v0.10.x, where it became impossible to connect to a VNC server
which did not support the ExtendedDesktopSize encoding
- Fix a regression introduced in v0.10.x related to PAM groups handling
- Inconsistencies with [MS-RDPBCGR] have been addressed
- A reference to uninitialised data within the verify_user_pam_userpass.c module has been fixed
- Prevent some possible crashes when the RFX encoder is resized
- Fixes a regression introduced by GFX development which prevented the JPEG encoder from working
correctly
- Fixes a regression introduced by #2974 which resulted in the xrdp PID file being deleted
unexpectedly
- Do not overwrite a VNC port set by the user when not using sesman
- Fix regression from 0.9.x when freerdp client uses /workarea
- Fixes a crash where a resize is attempted with drdynvc disabled
- getgrouplist() now compiles on MacOS
- Various Coverity warnings have been addressed
- Documentation improvements
Internal changes:
- An unnecessary include of sys/signal.h causing a compile warning on MUSL-C has been removed
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
| -rw-r--r-- | meta-oe/recipes-support/xrdp/xrdp/fix-compiling-with-musl.patch | 27 | ||||
| -rw-r--r-- | meta-oe/recipes-support/xrdp/xrdp_0.10.5.bb (renamed from meta-oe/recipes-support/xrdp/xrdp_0.10.4.1.bb) | 4 |
2 files changed, 1 insertions, 30 deletions
diff --git a/meta-oe/recipes-support/xrdp/xrdp/fix-compiling-with-musl.patch b/meta-oe/recipes-support/xrdp/xrdp/fix-compiling-with-musl.patch deleted file mode 100644 index c716229ab6..0000000000 --- a/meta-oe/recipes-support/xrdp/xrdp/fix-compiling-with-musl.patch +++ /dev/null | |||
| @@ -1,27 +0,0 @@ | |||
| 1 | |||
| 2 | sys/signal.h does almost the same in both glibc and musl: it includes "signal.h" | ||
| 3 | |||
| 4 | However with musl there is also a warning macro about this, which is interpreted as | ||
| 5 | an error during building. | ||
| 6 | |||
| 7 | Fixes error: | ||
| 8 | |||
| 9 | | In file included from ../../sources/xrdp-0.10.4.1/waitforx/waitforx.c:5: | ||
| 10 | | <...>/usr/include/sys/signal.h:1:2: error: #warning redirecting incorrect #include <sys/signal.h> to <signal.h> [-Werror=cpp] | ||
| 11 | | 1 | #warning redirecting incorrect #include <sys/signal.h> to <signal.h> | ||
| 12 | | | ^~~~~~~ | ||
| 13 | | cc1: all warnings being treated as errors | ||
| 14 | |||
| 15 | Upstream-Status: Submitted [https://github.com/neutrinolabs/xrdp/pull/3678] | ||
| 16 | Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> | ||
| 17 | |||
| 18 | --- ./waitforx/waitforx.c.orig 2025-11-25 14:38:46.464337398 +0100 | ||
| 19 | +++ ./waitforx/waitforx.c 2025-11-25 14:38:52.007441093 +0100 | ||
| 20 | @@ -2,7 +2,6 @@ | ||
| 21 | #include <signal.h> | ||
| 22 | #include <stdio.h> | ||
| 23 | #include <stdlib.h> | ||
| 24 | -#include <sys/signal.h> | ||
| 25 | #include <unistd.h> | ||
| 26 | |||
| 27 | #include "config_ac.h" | ||
diff --git a/meta-oe/recipes-support/xrdp/xrdp_0.10.4.1.bb b/meta-oe/recipes-support/xrdp/xrdp_0.10.5.bb index 8203ada8e5..8d7c5807f2 100644 --- a/meta-oe/recipes-support/xrdp/xrdp_0.10.4.1.bb +++ b/meta-oe/recipes-support/xrdp/xrdp_0.10.5.bb | |||
| @@ -17,9 +17,7 @@ SRC_URI = "https://github.com/neutrinolabs/${BPN}/releases/download/v${PV}/${BPN | |||
| 17 | file://0001-arch-Define-NO_NEED_ALIGN-on-ppc64.patch \ | 17 | file://0001-arch-Define-NO_NEED_ALIGN-on-ppc64.patch \ |
| 18 | file://0001-mark-count-with-unused-attribute.patch \ | 18 | file://0001-mark-count-with-unused-attribute.patch \ |
| 19 | " | 19 | " |
| 20 | SRC_URI:append:libc-musl = " file://fix-compiling-with-musl.patch" | 20 | SRC_URI[sha256sum] = "9abc96d164de4b1c40e2f3f537d0593d052a640cf3388978c133715ea69fb123" |
| 21 | |||
| 22 | SRC_URI[sha256sum] = "52eadf3e86c57be0de0b9d5c184b52a7946a070746d3eb04b5089dd6d42f8f5f" | ||
| 23 | 21 | ||
| 24 | UPSTREAM_CHECK_URI = "https://github.com/neutrinolabs/xrdp/releases" | 22 | UPSTREAM_CHECK_URI = "https://github.com/neutrinolabs/xrdp/releases" |
| 25 | UPSTREAM_CHECK_REGEX = "releases/tag/v(?P<pver>\d+(\.\d+)+)" | 23 | UPSTREAM_CHECK_REGEX = "releases/tag/v(?P<pver>\d+(\.\d+)+)" |