xrdp: 0.9.9 -> 0.9.21, xorgxrdp: 0.2.9 -> 0.9.19

1 files changed, 15 insertions, 27 deletions

diff --git a/pkgs/applications/networking/remote/xrdp/default.nix b/pkgs/applications/networking/remote/xrdp/default.nix
index 3744451f3e282..b7c51d70dfecb 100644
--- a/pkgs/applications/networking/remote/xrdp/default.nix
+++ b/pkgs/applications/networking/remote/xrdp/default.nix
@@ -3,13 +3,13 @@
 let
   xorgxrdp = stdenv.mkDerivation rec {
     pname = "xorgxrdp";
-    version = "0.2.9";
+    version = "0.9.19";
 
     src = fetchFromGitHub {
       owner = "neutrinolabs";
       repo = "xorgxrdp";
       rev = "v${version}";
-      sha256 = "1bhp5x47hajhinvglmc4vxxnpjvfjm6369njb3ghqfr7c5xypvzr";
+      hash = "sha256-WI1KyJDQkmNHwweZMbNd2KUfawaieoGMDMQfeD12cZs=";
     };
 
     nativeBuildInputs = [ pkg-config autoconf automake which libtool nasm ];
@@ -34,21 +34,23 @@ let
   };
 
   xrdp = stdenv.mkDerivation rec {
-    version = "0.9.9";
+    version = "0.9.21.1";
     pname = "xrdp";
 
     src = fetchFromGitHub {
-      owner = "volth";
+      owner = "neutrinolabs";
       repo = "xrdp";
-      rev = "refs/tags/runtime-cfg-path-${version}";  # Fixes https://github.com/neutrinolabs/xrdp/issues/609; not a patch on top of the official repo because "xorgxrdp.configureFlags" above includes "xrdp.src" which must be patched already
+      rev = "v${version}";
       fetchSubmodules = true;
-      sha256 = "0ynj6pml4f38y8571ryhifza57wfqg4frdrjcwzw3fmryiznfm1z";
+      hash = "sha256-/o052ij+Tpcw5/k1UyP6OGOzrtBwh3jRkftStIEhUF0=";
     };
 
-    nativeBuildInputs = [ pkg-config autoconf automake which libtool nasm ];
+    nativeBuildInputs = [ pkg-config autoconf automake which libtool nasm perl ];
 
     buildInputs = [ openssl systemd pam fuse libjpeg libopus xorg.libX11 xorg.libXfixes xorg.libXrandr ];
 
+    patches = [ ./dynamic_config.patch ];
+
     postPatch = ''
       substituteInPlace sesman/xauth.c --replace "xauth -q" "${xorg.xauth}/bin/xauth -q"
     '';
@@ -58,23 +60,23 @@ let
       ./bootstrap
     '';
     dontDisableStatic = true;
-    configureFlags = [ "--with-systemdsystemunitdir=/var/empty" "--enable-ipv6" "--enable-jpeg" "--enable-fuse" "--enable-rfxcodec" "--enable-opus" ];
+    configureFlags = [ "--with-systemdsystemunitdir=/var/empty" "--enable-ipv6" "--enable-jpeg" "--enable-fuse" "--enable-rfxcodec" "--enable-opus" "--enable-pam-config=unix" ];
 
     installFlags = [ "DESTDIR=$(out)" "prefix=" ];
 
     postInstall = ''
-      # remove generated keys (as non-determenistic) and upstart script
-      rm $out/etc/xrdp/{rsakeys.ini,key.pem,cert.pem,xrdp.sh}
+      # remove generated keys (as non-deterministic)
+      rm $out/etc/xrdp/{rsakeys.ini,key.pem,cert.pem}
 
       cp $src/keygen/openssl.conf $out/share/xrdp/openssl.conf
 
       substituteInPlace $out/etc/xrdp/sesman.ini --replace /etc/xrdp/pulse $out/etc/xrdp/pulse
 
       # remove all session types except Xorg (they are not supported by this setup)
-      ${perl}/bin/perl -i -ne 'print unless /\[(X11rdp|Xvnc|console|vnc-any|sesman-any|rdp-any|neutrinordp-any)\]/ .. /^$/' $out/etc/xrdp/xrdp.ini
+      perl -i -ne 'print unless /\[(X11rdp|Xvnc|console|vnc-any|sesman-any|rdp-any|neutrinordp-any)\]/ .. /^$/' $out/etc/xrdp/xrdp.ini
 
       # remove all session types and then add Xorg
-      ${perl}/bin/perl -i -ne 'print unless /\[(X11rdp|Xvnc|Xorg)\]/ .. /^$/' $out/etc/xrdp/sesman.ini
+      perl -i -ne 'print unless /\[(X11rdp|Xvnc|Xorg)\]/ .. /^$/' $out/etc/xrdp/sesman.ini
 
       cat >> $out/etc/xrdp/sesman.ini <<EOF
 
@@ -98,22 +100,8 @@ let
       description = "An open source RDP server";
       homepage = "https://github.com/neutrinolabs/xrdp";
       license = licenses.asl20;
-      maintainers = [ ];
+      maintainers = with maintainers; [ chvp ];
       platforms = platforms.linux;
-      knownVulnerabilities = [
-        "CVE-2020-4044"
-        "CVE-2022-23468"
-        "CVE-2022-23477"
-        "CVE-2022-23478"
-        "CVE-2022-23479"
-        "CVE-2022-23480"
-        "CVE-2022-23481"
-        "CVE-2022-23482"
-        "CVE-2022-23483"
-        "CVE-2022-23484"
-        "CVE-2022-23493"
-        "CVE-2022-23613"
-      ];
     };
   };
 in xrdp