xrdp (0.9.21.1-1~deb11u1) bullseye-security; urgency=high * Non-maintainer upload. * Fix CVE-2022-23468, CVE-2022-23477, CVE-2022-23478, CVE-2022-23479, CVE-2022-23480, CVE-2022-23481, CVE-2022-23482, CVE-2022-23483, CVE-2022-23484 and CVE-2022-23493. Multiple security vulnerabilities have been found in xrdp, a remote desktop protocol server. Buffer overflows and out-of-bound writes may cause a denial of service or other unspecified impact. -- Markus Koschany Mon, 11 Sep 2023 12:53:28 +0200 xrdp (0.9.21.1-1) unstable; urgency=medium * New upstream version. (Closes: #1025879) + Refresh patches. + Refresh d/copyright. * Bump Standards-Version to 4.6.2; no changes needed. -- Dominik George Tue, 20 Dec 2022 11:09:50 +0100 xrdp (0.9.19-1) unstable; urgency=medium * New upstream version. * Acknowledge NMUs - thanks to arnaudr and carnil! * Drop patch for CVE-2022-23613; included upstream. * Refresh patches. * Also source ~/.profile in startwm; thanks to Raphaël Halimi (Closes: #1005159) * Install logrotate configuration; thanks to Evan Linde (Closes: #990806) * Update d/copyright. -- Dominik George Fri, 01 Apr 2022 12:08:42 +0200 xrdp (0.9.17-2.1) unstable; urgency=medium * Non-maintainer upload. * Import upstream patch to fix CVE-2022-23613 (Closes: #1005304) -- Arnaud Rebillout Fri, 01 Apr 2022 09:34:47 +0700 xrdp (0.9.17-2) unstable; urgency=medium * Initialise the environment properly (Closes: #996418, #984782) (LP#1911435) -- Thorsten Glaser Thu, 28 Oct 2021 18:37:04 +0200 xrdp (0.9.17-1) unstable; urgency=medium * New upstream release. (Closes: #983843, #970380) + Refresh patches. + Build-dep on check for unit tests. + Update d/copyright. * Bump Standards-Version to 4.6.0 (no changes needed). * Do not rm_conffile /etc/pam.d/xrdp-sesman. -- Dominik George Wed, 29 Sep 2021 11:45:06 +0200 xrdp (0.9.15-1) unstable; urgency=medium [ Thorsten Glaser ] * Do not source /etc/profile twice in startwm.sh * Drop xrdp-pulseaudio-installer (defunct) from Suggests * README.Debian: Link current pulseaudio-module-xrdp instructions * d/p/pulse-debian.patch: Update comment w.r.t. the above [ Dominik George ] * New upstream release. * Bump Standards-Version. + No changes needed. * Refresh patches. * Add new files to d/copyright. -- Dominik George Mon, 01 Mar 2021 22:27:36 +0100 xrdp (0.9.12-1.1) unstable; urgency=medium * Non-maintainer upload. * xrdp-sesman can be crashed remotely over port 3350 (CVE-2020-4044) (Closes: #964573) * Fixed CVE-2020-4044 CI errors -- Salvatore Bonaccorso Sun, 19 Jul 2020 17:11:20 +0200 xrdp (0.9.12-1) unstable; urgency=low * Update Homepage link * New upstream version (Closes: #925890) * Bump Policy & debhelper; update build system * Address lintian’s concerns, update lintian overrides * d/p/document-certs.diff: Address #860890 with documentation * d/xrdp.init: redirect xrdp stdout into nirvana (Closes: #883358) -- Thorsten Glaser Sat, 11 Jan 2020 02:40:04 +0100 xrdp (0.9.9-1) unstable; urgency=medium [ Thorsten Glaser ] * Fix errorlevel returned by init script in case of errors. * Correct asymmetry in init script try-restart message verbosity. [ Dominik George ] * New upstream version. + Adds Spanish Latina American keymap. (Closes: #911902) * Refresh patches. -- Dominik George Sun, 13 Jan 2019 13:49:36 +0100 xrdp (0.9.8-2) unstable; urgency=medium * Bring back pulse module path patch. -- Dominik George Thu, 27 Sep 2018 10:34:12 +0200 xrdp (0.9.8-1) unstable; urgency=medium * New upstream version. (Closes: #885029) + Heads up: This disables TLSv1 and TLSv1.1 by default! + PulseAudio modules are not part of this source anymore. (Closes: #902004) * Bump Standards-Version to 4.2.1. + No changes required. * Refresh patches. * Update copyright. + Remove xorg/* files as x11rdp was removed from sources. + Remove sesman/chansrv/pulse/* as it was removed from the sources. + Add minor new instfiles. -- Dominik George Wed, 26 Sep 2018 21:58:17 +0200 xrdp (0.9.6-1) unstable; urgency=medium * Salsa migration. + Change VCS-URLs. * Change team mailing list in Maintainer field. * New upstream release. * Split xorgxrdp out into separate source package. * Update my mail address in Uploaders. -- Dominik George Sat, 31 Mar 2018 19:39:03 +0200 xrdp (0.9.5-2) unstable; urgency=medium [ Thorsten Glaser ] * Re-enable asm code for i386, the fixed upstream is included now. [ Dominik George ] * Enable vsock. + Requested by Craig White and Justin Terry from Microsoft. * Fix lintian issues. + Use HTTPS copyright format URL. + Move source{.,/}lintian-overrides. + Replace dh_systemd_start with dh_installsystemd call. -- Dominik George Fri, 16 Feb 2018 16:42:50 +0100 xrdp (0.9.5-1) unstable; urgency=medium * New upstream version. + Remove patches applied upstream. + Refresh other patches. + Update debian/copyright. * Call X.org directly and remove notes about the wrapper. * Bump Standards-Version to 4.1.3, no changes needed. * Bump compat level to 11, no changes needed. -- Dominik George Sun, 07 Jan 2018 22:24:28 +0100 xrdp (0.9.4-5) unstable; urgency=medium [ Dominik George ] * Add package to build PulseAudio modules. + Thanks to Wolfgang Schweer for the initial idea! * Update README.Debian. [ Thorsten Glaser ] * Fix typos. * Upload separately from the previous version targetting NEW. -- Thorsten Glaser Fri, 22 Dec 2017 17:09:14 +0100 xrdp (0.9.4-4) unstable; urgency=high [ Dominik George ] * Fix (possibly exploitable) high CPU load in ssl_tls_accept. (Closes: #884453) * Source /etc/profile in startwm. (Closes: #882246) + Thanks to Wolfgang Schweer! * Update README.Debian. * Update bug report instructions. [ Thorsten Glaser ] * Allow user profile to override /etc/default/locale. * Upload to unstable, next upload is likely to idle in NEW for a bit. * Disable asm code for i386: xorgxrdp v0.2.4 does not contain the fix. -- Thorsten Glaser Fri, 22 Dec 2017 17:06:00 +0100 xrdp (0.9.4-3) unstable; urgency=high * Fix regression introduced by last upload. (Closes: #884702) + Upstream's patch for CVE-2017-16927 turned out to be broken. Thanks to Willem Mulder for reporting. -- Dominik George Wed, 20 Dec 2017 19:40:16 +0100 xrdp (0.9.4-2) unstable; urgency=high [ Dominik George ] * Fix typo in previous changelog. * Fix CVE-2017-16927. (Closes: #882463) * Bump Standards-Version. + No changes needed. [ Thorsten Glaser ] * Place missing log_end_msg in init script. * Run libpainter/bootstrap as well. * Re-enable SIMD on any-i386. * Cherry-pick missing parts from experimental branch. * Fix another typo in previous changelog. -- Dominik George Fri, 15 Dec 2017 02:10:18 +0100 xrdp (0.9.4-1) unstable; urgency=medium * New upstream version. (Closes: #876976, #858098, #864230, #867494) + Includes xorgxrdp 0.2.4. + Refreshed patches. + Updated d/copyright. + Japanese keyboard patch is not needed anymore, applied upstream. + High resolution RFX patch is not needed anymore, applied upstream. + FreeBSD patch is not needed anymore, applied upstream. + Socket path patch is not needed anymore, made configurable upstream. + CVE-2017-6967 patch is not needed anymore, applied upstream. * Update to policy version 4.1.1 (no changes needed). -- Dominik George Mon, 09 Oct 2017 19:00:08 +0200 xrdp (0.9.1-9) unstable; urgency=high * Revisit incomplete fix for CVE-2017-6967. (Closes: #858143) -- Dominik George Thu, 04 May 2017 18:59:10 +0200 xrdp (0.9.1-8) unstable; urgency=medium * Fix CVE-2017-6967. (Closes: #858143, #855536) -- Dominik George Mon, 24 Apr 2017 20:14:36 +0200 xrdp (0.9.1-7) unstable; urgency=medium * Fix RFX with large tile sets, e.g. full HD displays. (Closes: #855387) -- Dominik George Sat, 18 Feb 2017 16:46:17 +0100 xrdp (0.9.1-6) unstable; urgency=medium * Fix japanese keyboard detection. (Closes: #854847) -- Dominik George Mon, 13 Feb 2017 21:09:43 +0100 xrdp (0.9.1-5) unstable; urgency=medium * Ensure creation of /run directory. (Closes: #854548) -- Dominik George Thu, 09 Feb 2017 12:47:36 +0100 xrdp (0.9.1-4) unstable; urgency=high [ Thorsten Glaser ] * Fix up PAM conffile handling for upgrades from jessie{,-backports}. * Fix build on non-linux architectures. (Closes: #831663) + Don’t use FUSE on the Hurd, it does not support enough of it yet. + Add GNU/kFreeBSD support to NASM format detection autoconfigury. * Remove patch to make stack not executable in *.asm files; upstrem fixed this already. * Enable Large File Support, as pointed out by lintian. * Disable assembly code on any-i386 for now, it must be ported (partially rewritten) for PIC support. [ Dominik George ] * Update/minimise systemd service file patch. + Also moves sockpath related part to sockpath patch. * Switch back to compat level 10. -- Dominik George Wed, 25 Jan 2017 18:10:11 +0100 xrdp (0.9.1-3) unstable; urgency=medium * Fix up last changelog entry. * Update bug-control. + Report status of xserver-xorg-legacy. -- Dominik George Sun, 15 Jan 2017 00:30:44 +0100 xrdp (0.9.1-2) unstable; urgency=medium * Do not ship initial cert/key generated during build. + Makes build reproducible. -- Dominik George Sun, 01 Jan 2017 11:58:02 +0100 xrdp (0.9.1-1) unstable; urgency=medium [ Dominik George ] * New upstream release. + Now has an upstream changelog. + Enables xauth cookies to prevent unauthorised X server access. + Enables libpainter for clients not supporting drawing orders. + Fixes MS RDP client on Android and others. * Replaced debian/rules get-orig-source with uscan. * Re-enabled watch file. * Turned into MUT package. + Incorporates xorgxrdp 0.2.0. * Update list of keymap conffiles to be removed on upgrade. (Closes: #845701, #847844) * Move back to compat level 9 to allow easier backporting. * Update VCS fields due to pkg-remote repo space restructuring. [ Thorsten Glaser ] * xrdp Recommends fuse, so that remote drive sharing actually works. -- Dominik George Fri, 23 Dec 2016 11:59:32 +0100 xrdp (0.9.1~2016121126+git5171fa7-1) unstable; urgency=medium * New upstream commit picked. + Disables privilege elevation in X server. + Fix CVE-2013-1430. * Add upstream metadata. (Closes: #847401) * Fix autorun on direct client login. (Closes: #846055) * Do not force X core pointer (-retro) anymore to allow efficient pointer usage over RDP. -- Dominik George Sun, 11 Dec 2016 14:55:09 +0100 xrdp (0.9.1~20161126+git589b29f-2) unstable; urgency=medium * Remove X log redirection to /dev/null. (Closes: #846160) * Fix up config patch broken in previous upload. (Closes: #846055) -- Dominik George Tue, 29 Nov 2016 12:59:21 +0100 xrdp (0.9.1~20161126+git589b29f-1) unstable; urgency=medium * New upstream commit picked. + Bug fix for some socket issues. (Closes: #832112) + Bug fix for machines without IPv6. (Closes: #839266, #843981) * Remove old four-nibble keymap conffiles. (Closes: #845701) * Move git to pkg-remote. * Update patches. -- Dominik George Sat, 26 Nov 2016 12:52:19 +0100 xrdp (0.9.1~20161119+gite8308d5-1) unstable; urgency=medium * New upstream commit picked. + Drop patches merged by upstream. + Drop some patches that had unnecessary diversions from upstream. + Update remaining patches. + Enables a test suite for xorgxrdp. * Update patch headers. * Move to Debian Remote Maintainers team. -- Dominik George Tue, 22 Nov 2016 17:16:51 +0100 xrdp (0.9.0~20161027+gitc524b06-1) unstable; urgency=medium * New upstream version 0.9.0~20161027+gitc524b06. * Remove unnecessary dh-systemd dependency. * Depend on lsb-base. * Suggest guacamole. * Fix build with OpenSSL 1.1.0. (Closes: #828610) * Be more aggressive when creating /var/run directories. + Fixes upgrade path from 0.6.1. (Closes: #828868) * Move old, duplicate pam config to new name. + Fixes upgrade path from 0.6.1. (Closes: #836583) * Fix VCS URLs. -- Dominik George Thu, 27 Oct 2016 22:53:12 +0200 xrdp (0.9.0~20161006+git132cc10-1) unstable; urgency=medium [ Dominik George ] * New upstream version 0.9.0~20161006+git132cc10 - Improve many log messages. - Fixes for build on kfreebsd. - Fix typos and wording of docs and man pages. - Fixes to memory allocation and related things. - Fix in multi-monitor support in x11rdp. - Fix a segfault in x11rdp. - Better region rendring code with pixman. - Fix for issues with non-ASCII characters in clipboard. - Add advanced SSL options in xrdp.ini - Disable SSLv2 by default. - Some keyboard fixes in x11rdp. - Add en-gb keyboard mapping. - Fixes to socket handling. * Refresh quilt patches. * Refresh patches * Update copyright. * Move to team maintenance (Debian Edu Packaging Team). -- Mike Gabriel Fri, 07 Oct 2016 12:50:16 +0200 xrdp (0.9.0~20160601+git703fedd-3) unstable; urgency=medium * Properly handle conffile on upgrade (Closes: #826901) -- Dominik George Fri, 10 Jun 2016 08:14:25 +0200 xrdp (0.9.0~20160601+git703fedd-2) unstable; urgency=medium * Fix build on non-linux platforms (due to systemd dependency). -- Dominik George Wed, 08 Jun 2016 11:42:36 +0200 xrdp (0.9.0~20160601+git703fedd-1) unstable; urgency=medium [ Dominik George, Thorsten Glaser ] * New upstream release. + Taken from git because there are no recent releases + DFSG-free upstream, no more need for Debian patches + Working x11rdp backend (native X server access) + librfxcodec (better bitmap handling) + Better input handling (keymapping, pointer events) + xrdp's default backend is now xorgxrdp instead of VNC. This makes it get rid of various VNC-related issues and use of VNC is discouraged. (Closes: #666731, #688083, #685130, #774447, #816098, #469215, #780053, #654788, #709595, #709594, #735678, #798643, #469754, #741160) * Some changes in default config: + xorgxrdp is now default + Hide files/mountpoints in users' homes using dotfiles and XDG cache dir * Add systemd support * Full license audit * Better integrated X session startup script * Change of maintainership (Closes: #719624) * Add reportbug note about VNC backend issues * Make sure to report on relevant backend packages in reportbug [ Andreas Tille ] * Add myself as Uploader * cme fix dpkg-control * cme fix dpkg-copyright * Refresh quilt patches * Build-Depends: libxrandr-dev * Fix minor issues in d/rules * Fix license of files in common/* * Remove unused lintian-overrides * Fix section of manpage xrdp-dis.1 * Fix spelling issue * Remove RPATH [ Mike Gabriel ] * debian/copyright: + Add auto-genericated template for copyright file. * debian/copyright: + Various format fixes in Copyright: fields. + Place all license texts at EOF. + No blanks in short license tags. + Add upstream contact's name. * debian/control: * Add myself to Uploaders: field. * Upload sponsored and reviewed by Mike Gabriel. -- Dominik George Fri, 03 Jun 2016 00:14:00 +0200 xrdp (0.6.1-2) unstable; urgency=medium [ Johannes Schauer ] * Check for libtoolize rather than libtool. Closes: #761793 [ Vincent Bernat ] * Upload to unstable. * Bump Standards-Version to 3.9.6. -- Vincent Bernat Tue, 07 Oct 2014 21:35:25 +0200 xrdp (0.6.1-1) unstable; urgency=low * New upstream release. * Add Norvegian keyboard definition, thanks to Dag-Erling Smørgrav. Closes: #709588 * Use /etc/xrdp/km-default.ini as a fallback for keyboard definition before trying `en-US`. Patch from Petter Reinholdtsen. Closes: #709590. * Drop session reuse patch which was integrated upstream. Closes: #710007. * Update Vcs-* fields. * Bump Standards-Version to 3.9.5. * Add Lintian overrides for missing manual pages. -- Vincent Bernat Sat, 18 Jan 2014 14:50:45 +0100 xrdp (0.6.0-1) unstable; urgency=low * New upstream version. Closes: #687039. * Drop 07-unix-socks-in-var-run.patch: upstream now creates a dedicated directory for Unix sockets in /tmp (with mkdtemp). * Drop the following patches, applied upstream: + alt-gr-fix.patch + keycode-fix.patch * Bump Standards-Version to 3.9.3. * Enable hardening. -- Vincent Bernat Sat, 29 Sep 2012 13:00:49 +0200 xrdp (0.5.0-2) unstable; urgency=low * Remove sesman logs on purge. Closes: #656212. * Don't create /var/log/sesman.log in postinst. sesman is now able to create it. * Don't create Unix socket in /tmp. Put them in /var/run/xrdp. Closes: #656210. * Bump Standards-Version to 3.9.2. -- Vincent Bernat Sun, 22 Jan 2012 13:14:11 +0100 xrdp (0.5.0-1) unstable; urgency=low * New upstream version. + This version also happens to fix linking problems. Closes: #615803. * Support for some non-US keyboards whose keycodes may be greater than 128 with a patch from Sasajima. Closes: #610961. -- Vincent Bernat Sun, 18 Sep 2011 20:38:04 +0200 xrdp (0.5.0~20100303cvs-6) unstable; urgency=low * Add a patch to fix Alt-Gr issues with Windows TS client. Closes: #584666. * Bump Standards-Version to 3.9.1. -- Vincent Bernat Wed, 11 Aug 2010 18:47:30 +0200 xrdp (0.5.0~20100303cvs-5) unstable; urgency=low * Rewrite of init.d by Javier Fernández-Sanguino Peña to be LSB compliant. Closes: #589757. * Bump Standards-Version to 3.9.0. -- Vincent Bernat Sat, 24 Jul 2010 16:40:34 +0200 xrdp (0.5.0~20100303cvs-4) unstable; urgency=low * Add a patch to fall back to US keymap if the correct keymap is not found in /etc/xrdp. Closes: #575477. -- Vincent Bernat Sat, 01 May 2010 20:09:05 +0200 xrdp (0.5.0~20100303cvs-3) unstable; urgency=low * Ensure that /var/run/xrdp is owned by xrdp:xrdp. Closes: #575438. -- Vincent Bernat Thu, 25 Mar 2010 21:25:52 +0100 xrdp (0.5.0~20100303cvs-2) unstable; urgency=low * Allow to reuse an existing session, thanks to a patch from Daniel Baumann. Closes: #573258. -- Vincent Bernat Wed, 10 Mar 2010 22:08:30 +0100 xrdp (0.5.0~20100303cvs-1) unstable; urgency=low * New upstream release (0.5.0) from CVS repository. + Upstream now provide a free font, therefore, we use pristine sources and we can drop 01sans_font.dpatch. + Drop most of the other patchs since they have been merged upstream. + Windows 7 RDP client can now connect. Closes: #572764. + Session selection is now available. Closes: #523281. + Mapping problems seems to be fixed. Closes: #483365. + No more unneeded awakening. Closes: #447377. * Bump Standards-Version to 3.8.4. * Switch to 3.0 (quilt) format. * Switch to debhelper 7. * Fix path to xrdp and xrdp-sesman in init.d script. * Drop debian/watch, we use a CVS version. * Build-Depends on libx*-dev since it is now requested by configure. -- Vincent Bernat Mon, 08 Mar 2010 21:27:35 +0100 xrdp (0.4.1~dfsg-2) unstable; urgency=low * Don't chown /var/run/xrdp in postinst since it is done in init.d but create it to not rely on adduser doing it. -- Vincent Bernat Sun, 27 Sep 2009 09:20:56 +0200 xrdp (0.4.1~dfsg-1) unstable; urgency=low * Package xrdp 0.4.1. Remove 09vista_mstc.dpatch and 10mono_cursor.dpatch since they were included upstream. This new version happens to fix LDAP login. Closes: #547999, #548002. LP: #429637. * Export locale settings from /etc/default/locale, thanks to a suggestion from Alessandro Vietta. Closes: #528032. * Fix a bus error on ARM, thanks to a patch from Sven-Ola Tuecke. Closes: #544384. * Update Standards-Version to 3.8.3. No changes required. * Don't ship /var/run/xrdp since it is created in init.d. -- Vincent Bernat Sat, 26 Sep 2009 17:37:20 +0200 xrdp (0.4.0~dfsg-9) unstable; urgency=high * Fix CVE-2008-5902 and CVE-2008-5904 with the help of patches proposed by Ondrej Kolacek. The patch fixing CVE-2008-5902 also happens to fix CVE-2008-5903 by checking boundary before calling add_char_at(). This closes: #511641. * Really add patch to fix monochrome cursor issue. * Also updates Standards-Version and add ${misc:Depends} macro. * Don't use Pa macro in xrdp-keygen manual page. -- Vincent Bernat Fri, 23 Jan 2009 21:29:14 +0100 xrdp (0.4.0~dfsg-8) unstable; urgency=low * Add a patch to fix monochrome cursor issue -- Vincent Bernat Tue, 03 Jun 2008 00:17:16 +0200 xrdp (0.4.0~dfsg-7) unstable; urgency=medium * Due to OpenSSL weak random number generator, rsakeys.ini contains weak keys. We remove them on upgrade without any warning since they are not checked by any client. -- Vincent Bernat Wed, 21 May 2008 06:49:20 +0200 xrdp (0.4.0~dfsg-6) unstable; urgency=low * Add Vcs-* fields to debian/control * Convert debian/copyright to machine-readable format (Closes: #469074) * Add a patch to support Visa SP1 mstc application, thanks to Jay Sorg -- Vincent Bernat Thu, 08 May 2008 22:31:41 +0200 xrdp (0.4.0~dfsg-5) unstable; urgency=low * Package sessvc which was left out (Closes: #465210). * Sleep a bit after stopping so that xrdp can be restarted on upgrade. * Add an option in /etc/default/xrdp to avoid to restart xrdp on upgrade, thanks to a suggestion from Ola Lundqvist (Closes: #472186). -- Vincent Bernat Wed, 26 Mar 2008 20:45:12 +0100 xrdp (0.4.0~dfsg-4) unstable; urgency=low * Add a patch to fix missing keys in fr and de layout. Layout enhancements are welcome! (Closes: #440912) * Bump Standards-Version to 3.7.3 * Add XS-DM-Upload field to debian/control -- Vincent Bernat Sat, 02 Feb 2008 00:53:59 +0100 xrdp (0.4.0~dfsg-3) unstable; urgency=low * Delete user and group on purge. * Do not delete xrdp user on postinst if it exists, thanks to Trent W. Buck (Closes: #435671). * Provide a more generic PAM configuration file. * Run sesman as root to allow him to use PAM properly (Closes: #435667). * Fix file paths in man pages. -- Vincent Bernat Sun, 05 Aug 2007 20:33:55 +0200 xrdp (0.4.0~dfsg-2) unstable; urgency=low * Includes a keygen utility from CVS to generate a fresh keypair on first start and ensure that permissions are correct. (Closes: #435076). * Removes redundant "open source" mention in description, thanks to Josh Triplett (Closes: #435061). * Add a watch file * Now running the daemon as xrdp user -- Vincent Bernat Sun, 29 Jul 2007 13:05:46 +0200 xrdp (0.4.0~dfsg-1) unstable; urgency=low * Initial release (Closes: #391103) -- Vincent Bernat Wed, 11 Jul 2007 09:13:08 +0200