Debian User Forums

[k829king]

I went to use xfreerdp that has previously worked fine but I now get

Code: Select all

xfreerdp /v:192.168.1.87:3389 /f /relax-order-checks +glyph-cache
[08:29:45:773] [5236:5237] [INFO][com.freerdp.client.common.cmdline] - loading channelEx cliprdr
[08:29:45:778] [5236:5237] [ERROR][com.freerdp.core.transport] - BIO_should_retry returned a system error 32: Broken pipe
[08:29:45:778] [5236:5237] [ERROR][com.freerdp.core.nego] - Protocol Security Negotiation Failure
[08:29:45:778] [5236:5237] [ERROR][com.freerdp.core] - freerdp_set_last_error ERRCONNECT_SECURITY_NEGO_CONNECT_FAILED [0x0002000C]
[08:29:45:778] [5236:5237] [ERROR][com.freerdp.core.connection] - Error: protocol security negotiation or connection failure


Where to start looking. btw I have recently run synaptic update and in list of updates was RDP ... is there easy way to check and revert?

[cuckooflew]

This package does not seem to exist for Debian stable (buster), https://packages.debian.org/stretch/freerdp-x11 all though you don't mention what version of Debian your using...

is there easy way to check and revert?

Might depend on your idea of easy,..

[k829king]

sorry it is Debian 10 (buster) with caveat that there are some backports in it.
package is called freerdp2-x11 (which is in both)

[Head_on_a_Stick]

is there easy way to check and revert?

Code: Select all

# apt install /var/cache/apt/archives/freedrp2-x11_2.0.0~git20190204.1.2693389a+dfsg1-1+deb10u1.deb

[k829king]

so in my /var/cache/apt/archives I have

Code: Select all

freerdp2-x11_2.0.0~git20190204.1.2693389a+dfsg1-1+deb10u2_amd64.deb

which if I go

Code: Select all

https://packages.debian.org/buster/amd64/freerdp2-x11/download

is the name of the download. Are you saying to re-install it?

I thought I saw it being being updated but I suspect it must have been xrdp given the embedded dates in the above and that the

Code: Select all

xrdp_0.9.9-1+deb10u1_amd64.deb

is a recent change, and labelled as a security related release ... which my connections now fail on something security related.
need work out why and options roll back or apply updates on the other unit (if can)

[Head_on_a_Stick]

so in my /var/cache/apt/archives I have

Code: Select all

freerdp2-x11_2.0.0~git20190204.1.2693389a+dfsg1-1+deb10u2_amd64.deb

So you don't have the older version then? Do you run 'apt clean'? That clears the cache of old packages and would prevent you from rolling back.

[LE_746F6D617A7A69]

Rollback is possible also without having an old package in the cache:

Code: Select all

$>apt-cache policy <package_name> #show available versions
$>apt-get install <package_name>=<package_version> #install specific package version

As a last resort, You can download a package from snapshots: http://snapshot.debian.org/

But I think that the best solution would be to find out what have changed in the new version - f.e. maybe it's sufficient to change some of the configuration options.

[k829king]

Do you run 'apt clean'?

Not that I know of, but there doesn't appear to be older versions sitting in the apt cache

Code: Select all

$ sudo apt-cache policy xrdp
xrdp:
  Installed: 0.9.9-1+deb10u1
  Candidate: 0.9.9-1+deb10u1
  Version table:
 *** 0.9.9-1+deb10u1 500
        500 http://security.debian.org/debian-security buster/updates/main amd64 Packages
        100 /var/lib/dpkg/status
     0.9.9-1 500
        500 http://ftp.uk.debian.org/debian buster/main amd64 Packages

$ sudo apt-cache policy libfreerdp-client2-2
libfreerdp-client2-2:
  Installed: 2.0.0~git20190204.1.2693389a+dfsg1-1+deb10u2
  Candidate: 2.0.0~git20190204.1.2693389a+dfsg1-1+deb10u2
  Version table:
     2.0.0~git20190204.1.2693389a+dfsg1-2~bpo10+1 100
        100 http://ftp.uk.debian.org/debian buster-backports/main amd64 Packages
        100 http://deb.debian.org/debian buster-backports/main amd64 Packages
 *** 2.0.0~git20190204.1.2693389a+dfsg1-1+deb10u2 500
        500 http://ftp.uk.debian.org/debian buster/main amd64 Packages
        100 /var/lib/dpkg/status


on this unit xrdp is dated 19July2020 and libfreerdp is dated 13June2020, it definitely worked before this.
the unit attempting to be connected to is Deb9 that these packages have not been updated since Feb 2019 it was definitely working between these two units between then and June this year.
and on a (much older) LMDE2 unit it still works.
So I presume it is something in one or both of the following that has created this, but I'm not sure if I can revert to previous or how to go about trying to diagnose what it doesn't like

Code: Select all

freerdp2 (2.0.0~git20190204.1.2693389a+dfsg1-1+deb10u2) buster; urgency=medium

  [ Bernhard Miklautz ]
  * debian/patches - security releated backports from upstream
    * Add 0003-Fixed-6007-Boundary-checks-in-rdp_read_flow_control.patch
    * Add 0004-Fixed-6009-Bounds-checks-in-autodetect_recv_bandwidt.patch
    * Add 0005-Fixed-6006-bounds-checks-in-update_read_synchronize.patch
    * Add 0006-Fixed-6005-Bounds-checks-in-update_read_bitmap_data.patch
    * Add 0007-Fixed-6011-Bounds-check-in-rdp_read_font_capability.patch
    * Add 0008-Fixed-6013-Check-new-length-is-0.patch
    * Add 0009-Fix-6010-Check-length-in-read_icon_info.patch
    * Add 0010-Use-substreams-to-parse-gcc_read_server_data_blocks.patch
    * Add 0011-Fixed-Stream_-macros-bracing-arguments.patch
    * Add 0012-Use-safe-seek-for-capability-parsing.patch
    * Add 0013-Fixed-CVE-2020-11525-Out-of-bounds-read-in-bitmap_ca.patch
      (CVE-2020-11525).
    * Add 0014-Fixed-6012-CVE-2020-11526-Out-of-bounds-read-in-upda.patch
      (CVE-2020-11526).
    * Add 0015-Fix-CVE-2020-11523-clamp-invalid-rectangles-to-size-.patch
      (CVE-2020-11523).
    * Add 0016-Fix-CVE-2020-11524-out-of-bounds-access-in-interleav.patch
      (CVE-2020-11524).
    * Add 0017-Fixed-CVE-2020-11522-Limit-number-of-DELTA_RECT-to-4.patch
      (CVE-2020-11522).
    * Add 0018-Fixed-CVE-2020-11521-Out-of-bounds-write-in-planar-c.patch
      (CVE-2020-11521).
    * Add 0019-Fixed-possible-NULL-access.patch
    * Add 0020-Check-for-int-overflow-in-gdi_InvalidateRegion.patch

  [ Mike Gabriel ]
  * debian/patches:
    + Add 0002_fix-channels-smartcard-fix-statusw-call.patch. Fix smartcard
      login failures. (Closes: #919281).

 -- Mike Gabriel <sunweaver@debian.org>  Mon, 01 Jun 2020 13:08:46 +0200
 = = =

xrdp (0.9.9-1+deb10u1) buster-security; urgency=high

  * Non-maintainer upload by the Security Team.
  * libscp v1 server set height twice, and not set width
  * xrdp-sesman can be crashed remotely over port 3350 (CVE-2020-4044)
    (Closes: #964573)
  * Fixed CVE-2020-4044 CI errors

 -- Salvatore Bonaccorso <carnil@debian.org>  Sun, 19 Jul 2020 17:02:11 +0200

xrdp (0.9.9-1) unstable; urgency=medium

  [ Thorsten Glaser ]
  * Fix errorlevel returned by init script in case of errors.
  * Correct asymmetry in init script try-restart message verbosity.

  [ Dominik George ]
  * New upstream version.
    + Adds Spanish Latina American keymap. (Closes: #911902)
  * Refresh patches.

 -- Dominik George <natureshadow@debian.org>  Sun, 13 Jan 2019 13:49:36 +0100