Skip to content
GitLab
Projects Groups Topics Snippets
  • /
  • Help
    • Help
    • Support
    • Community forum
    • Submit feedback
    • Contribute to GitLab
  • Register
  • Sign in
  • aports aports
  • Project information
    • Project information
    • Activity
    • Labels
    • Members
  • Repository
    • Repository
    • Files
    • Commits
    • Branches
    • Tags
    • Graph
    • Compare revisions
  • Issues 667
    • Issues 667
    • List
    • Boards
    • Service Desk
    • Milestones
  • Merge requests 286
    • Merge requests 286
  • CI/CD
    • CI/CD
    • Pipelines
    • Jobs
    • Schedules
  • Deployments
    • Deployments
    • Releases
  • Activity
  • Graph
  • Create a new issue
  • Jobs
  • Commits
  • Issue Boards
Collapse sidebar

Our ARM infrastructure is unreachable at the moment, so CI jobs will time-out and packages will not be updated until the servers are back.

  • alpinealpine
  • aportsaports
  • Issues
  • #12811
Closed
Open
Issue created Jul 01, 2021 by Leo@LeoDeveloper

xrdp contains default keys generated at build-time

Hi maxice8,

Package xrdp in Alpine contains private key. Same key for every system using that package, compromised by publishing package.
Please consider rebuilding package excluding keys contained in files /etc/xrdp/key.pem, /etc/xrdp/cert.pem, /etc/rsakeys.ini.

I'm writing to you as mails sent to Alan are rejected, and you were updating package most recently.
I found issue when xrdp was proposed for Void.

Regards,
[REDACTED]

I wonder if we should move the process to .post-install so a different key is generated in every install.

@kaniini tagging you since I can't find a @team/security, if possible assign to the appropriate party.

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information
Assignee
Assign to
Time tracking