Commit Graph

282 Commits

Author SHA1 Message Date
Bojan Smojver
4b1af7e079 Use epoch in version dependency.
Provide SELinux scriptlets.
2017-04-13 15:22:09 +10:00
Bojan Smojver
294ba5281a Adjust Fedora README file for SELinux changes. 2017-04-13 08:31:21 +10:00
Bojan Smojver
75d49d9d76 Add SELinux policy sub-package. 2017-04-12 22:15:12 +10:00
Bojan Smojver
24e3a2139d Own /usr/libexec/xrdp directory. 2017-04-11 11:23:00 +10:00
Bojan Smojver
ba89333c84 Move scripts to /usr/libexec/xrdp, so that they get labelled as bin_t. 2017-04-11 11:16:53 +10:00
Bojan Smojver
c89b807752 Rework starting of Xorg to use setpriv, directly from xrdp.
Document SELinux deficiencies.
2017-04-08 16:24:24 +10:00
Bojan Smojver
0e2197f37f Fix the name of the renamed patch. 2017-04-07 14:19:03 +10:00
Bojan Smojver
c248a7d1ef Avoid SELinux context transition after prctl() call by using setpriv. 2017-04-07 14:13:47 +10:00
Bojan Smojver
2824937920 Do not attempt xrdp restarts, may cause dnf transaction problems.
Stop depending on Xorg server, xorgxrdp already does.
Add README.Fedora.
2017-04-04 08:49:00 +10:00
Bojan Smojver
9b7edb41eb Stop using /usr/libexec/Xorg, not present on EL7. 2017-04-03 19:04:12 +10:00
Bojan Smojver
ef84d9ffb3 Add nasm to the list of build requirements. 2017-03-31 11:38:39 +11:00
Bojan Smojver
19dd11b67f Bump up to 0.9.2. 2017-03-31 11:37:08 +11:00
Pavel Roskin
84a28878e6 Upload xrdp-0.9.2.tar.gz 2017-03-29 23:59:01 -07:00
Bojan Smojver
1316fae0cf Revert "Patch CVE-2017-6967."
This reverts commit 34847db9aa.
2017-03-21 19:34:09 +11:00
Bojan Smojver
a009df5bb7 Revert "Correct the patch for CVE-2017-6967."
This reverts commit 39eedd2899.
2017-03-21 19:34:04 +11:00
Bojan Smojver
39eedd2899 Correct the patch for CVE-2017-6967. 2017-03-21 19:25:13 +11:00
Bojan Smojver
34847db9aa Patch CVE-2017-6967. 2017-03-21 19:12:27 +11:00
Bojan Smojver
fdd3ba2522 Bump up release number. 2017-03-14 15:39:33 +11:00
Bojan Smojver
5e20737406 Require tigervnc-server-minimal again, make it default.
Comment out references to X11rdp.
2017-03-14 15:35:35 +11:00
Pavel Roskin
f1350805d5 Revert the last change, it's not working on f25 2017-03-11 00:07:43 -08:00
Pavel Roskin
cf3b9a55dc Set tls_ciphers to PROFILE=SYSTEM, disable SSLv3
See https://fedoraproject.org/wiki/Packaging:CryptoPolicies
2017-03-10 14:24:08 -08:00
Pavel Roskin
e27e31d616 Exclude *.so files for non-modules 2017-03-10 13:08:40 -08:00
Pavel Roskin
81cb1033b1 Call xrdp-keygen with full path in %posttrans 2017-03-10 10:31:17 -08:00
Pavel Roskin
3c9d286368 Require Xsession
- Require /etc/X11/xinit/Xsession, it's called from startwm.sh
2017-03-10 09:13:02 -08:00
Pavel Roskin
d3c649536b Use xorgxrdp by default
- Make xrdp depend on xorgxrdp, not on tigervnc-server-minimal
- Make Xorg backend default
- Call /usr/libexec/Xorg directly to avoid permission checks
2017-03-09 15:51:11 -08:00
Bojan Smojver
2d35ec095a Require openssl in posttrans phase.
Move conditional restart to posttrans phase.
2017-02-21 05:15:28 +11:00
Bojan Smojver
7271948d04 Move key/cert generation to posttrans phase. 2017-02-20 15:13:56 +11:00
Bojan Smojver
341ecd47bb Fix log file rotation.
PID files do not exist, so sending a HUP will not be possible. Use
copytruncate instead. Create option is irrelevant in that case.

Also, include xrdp.log file.
2017-02-16 10:02:51 +11:00
Fedora Release Engineering
3a33d2ee40 - Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild 2017-02-11 18:08:46 +00:00
Pavel Roskin
041d3cee4a Enable hardened build, it's required for daemons that run as root 2017-02-08 00:24:48 -08:00
Pavel Roskin
5504de0cad Be careful to only package xrdp headers in xrdp-devel 2017-01-25 01:17:08 -08:00
Pavel Roskin
c02680c663 Use version 0.9.1-1 for the package, it was never built 2017-01-24 00:54:06 -08:00
Pavel Roskin
cb6a7d777b Fix permissions on keys and certificates
Make sure to generate them with mode 400. Adjust permissions on
preexisiting keys. Regenerate empty keys.
2017-01-24 00:11:42 -08:00
Pavel Roskin
6277dbab0f Enable libpainter for compatibility with "noorders" clients 2017-01-23 23:46:02 -08:00
Pavel Roskin
c90b0028bb Put Xvnc first, then Xorg and X11rdp, remove rdp-any
Until xorgxrdp package is ready and is a dependency of xrdp, Xvnc should
be first. Enable X11rdp, but put it to the end of the list. rdp-any is
beyond repair and has been deleted in git, so don't leave it even
commented out.
2017-01-23 23:34:41 -08:00
Pavel Roskin
dcc8234cc7 Remove duplicate files, prepare 0.9.1-2 build 2017-01-23 23:13:54 -08:00
Pavel Roskin
993073e124 Stop services on package removal (see bug 1349083) 2017-01-23 22:51:59 -08:00
Pavel Roskin
7e4969065f Mark xrdp.log as ghost, don't create empty xrdp-sesman.log 2017-01-22 22:45:41 -08:00
Pavel Roskin
703134b7c4 Add expanded openssl.conf to sources, use no location in certificate 2017-01-22 22:23:24 -08:00
Pavel Roskin
74dabc2cd6 Split out xrdp-devel package 2017-01-22 20:10:58 -08:00
Pavel Roskin
5872e948e0 Add fastpath hotfix 2017-01-22 12:31:24 -08:00
Pavel Roskin
66c205af73 Restore patch for *.service files
Thanks to Bojan Smojver.
2017-01-22 11:59:32 -08:00
Pavel Roskin
ab7b4e9cce Don't package xrdp.sh, it's for systems without systemd 2016-12-27 00:32:11 -08:00
Pavel Roskin
1ab54b8592 Move key generation to the post-install stage
Don't package any keys. Generate the keys only if they are missing. Keep
the keys on uninstall.

For TLS keys, increase validity to 10 years. No need to have xrdp stop
working in one year.
2016-12-27 00:22:59 -08:00
Pavel Roskin
85247383dc Use %make_build and %make_install 2016-12-26 23:50:42 -08:00
Pavel Roskin
b3f77696e1 Use %autosetup instead of %setup and %patch 2016-12-26 23:38:44 -08:00
Pavel Roskin
91f91dc6ef Exclude *.a and *.la from package instead of removing them 2016-12-26 23:19:25 -08:00
Pavel Roskin
a8b78e203e Express build dependencies using pkgconfig() when pkg-config is used 2016-12-26 22:57:38 -08:00
Pavel Roskin
c4014bc858 Remove build dependencies on autotools
xrdp is properly packaged now, and we are not patching any file that is
processed by autotools.
2016-12-26 22:47:37 -08:00
Pavel Roskin
d1afc2981b Remove xrdp-sestest reference, it's not installed 2016-12-26 22:00:45 -08:00