Package Details: guacamole-server 0.9.13-1

Git Clone URL: (read-only)
Package Base: guacamole-server
Description: Guacamole proxy daemon
Upstream URL:
Keywords: guacamole
Licenses: GPL3
Replaces: guacd, libguac, libguac-client-rdp, libguac-client-ssh, libguac-client-vnc
Submitter: ShyPixie
Maintainer: figue (figuepluto, jfigueras)
Last Packager: figue
Votes: 18
Popularity: 1.182069
First Submitted: 2013-09-17 15:21
Last Updated: 2017-10-15 19:12

Dependencies (18)

Required by (0)

Sources (2)

Latest Comments

figue commented on 2017-10-17 21:28

@robocop thanks again. In my case, I can't revert to older versions because of security concerns in my company. Anyway it's really great that you could workaround the RDP issue.

I read some time ago in guacamole mail list that they would wait until FreeRDP 2.0 stable were released to patch guacamole code, because of the constant changes in FreeRDP synthax.

If you are really interested, write in guacamole mail list to keep the focus :)

robocop commented on 2017-10-17 15:50

I managed to connect via RDP on fully updated arch headless installation (except freerdp of course, which is: 1.2.0_beta1+android9-1 from: 9-Nov-2014 16:50 [])

# standard situation is when you are building guacamole-server, you will see that rdp protocol support cannot be detected
# guacamole at this time requires older version of freerdp (i dont know how old exactly, i have succesfuly tried this one, so i moved on)
pacman -U
# i chose default options regarding dependencies
pacman -Qi freerdp | grep Version
# output: Version : 1.2.0_beta1+android9-1
# at this point, when you build guacamole-server package, you will see that rdp is supported as guacamole can find all freerdp files
# but when you try connect to rdp connection via guacamole-client, you can see in journal logs that "rdp support is not installed"
# then i noticed that freerdp is broken as you can see with following command
xfreerdp /version
# output: xfreerdp: error while loading shared libraries: cannot open shared object file: No such file or directory
# maybe this error prevented guacamole from using freerdp, so i installed missing package (pacman -Ss libavcodec)
pacman -S ffmpeg2.8
xfreerdp /version
# output: This is FreeRDP version 1.2.0-beta1 (git n/a)
# error with freerdp is gone
# next step is: ....rebuild and install guacamole from aur....
systemctl daemon-reload
systemctl restart guacd
systemctl restart tomcat7
# after these steps i was able to connect via rdp

Tip: when you see in journal logs: guacd Error connecting to RDP server
Check you connection in user-mapping.xml, i had to use all parameters: hostname,port,username,domain,password,ignore-cert=true,security=any
When i set last possible parameter <param name="security">any</param>, error was gone and connection was succesful

@figue: looks great

figue commented on 2017-10-15 19:14

@robocop what do you think?

robocop commented on 2017-10-14 10:41

Based on my further tests, xorg-fonts-alias is not required by guacamole, but one of the following packages (monospace font) was required on my headless installation:
dina-font - very small font in browser on my 4k monitor + rendering some special characters is wrong (arrows in lsblk)
ttf-inconsolata - font size is ok, but again problem with special characters (arrows in lsblk)
terminus-font - font size is ok and also special characters is rendered ok

figue commented on 2017-10-10 21:28

I have xorg-fonts-alias installed (is a dependency of another package installed before, so maybe we need it). But I don't have terminus-font. Can you do me a favor? Check if guacamole really need *any* monospace font... you could try removing terminus and see if with dina-font or ttf-inconsolata guacamole also works.

Thank you!

robocop commented on 2017-10-10 20:23

i was unable to connect (ssh connection) without installing missing fonts from packages:
pacman -S xorg-fonts-alias
# error was still: Display initialization failed, so i installed also terminus-font (based on information from forum:
pacman -S terminus-font
# error disappeared and ssh connection was made sucessfully

Logs: (log level was increased to trace via /etc/guacamole/guacd.conf, before that the message "display..." was not present, please note that client was immediately disconnected after connection with guacd was made)
Oct 10 22:04:19 xx guacd[15909]: User "@f27ca92c-1843-48ba-bb66-a6e9d10b1652" joined connection "$9470bd6b-97a3-4b20-9d89-57675476269c" (1 users now present)
Oct 10 22:04:19 xx jsvc.exec[5363]: 22:04:19.881 [http-bio-8080-exec-4] INFO o.a.g.tunnel.TunnelRequestService - User "yy" connected to connection "zz".
Oct 10 22:04:19 xx guacd[15909]: Unable to get font "monospace"
Oct 10 22:04:19 xx guacd[15909]: Display initialization failed
Oct 10 22:04:19 xx guacd[15909]: User "@f27ca92c-1843-48ba-bb66-a6e9d10b1652" disconnected (0 users remain)
Oct 10 22:04:19 xx guacd[15909]: Last user of connection "$9470bd6b-97a3-4b20-9d89-57675476269c" disconnected

uname: Linux xx 4.13.3-1-ARCH #1 SMP PREEMPT Thu Sep 21 20:33:16 CEST 2017 x86_64 GNU/Linux

Maybe candidate for another dependency? I have headless server installation.

figue commented on 2017-10-04 08:17

@jayray out-of-date is only for exactly that: when new version is released.

RDP is not working since FreeRDP 1.2.0.

You can vote or request support for FreeRDP 2.0 in jira's upstream:

figue commented on 2017-07-23 09:39

@gekkoman I missed your comment. Thanks for the patch. I was looking a while ago in project's github and I saw a patch for Openssl 1.1, so it will added in next release.

@Phoenix I've successfully built guacd in my Cubietruck (armv7h). I can start the daemon, so it seems it works (I can't test with a client right now), so architecture added in arch array. Download again the PKGBUILD, please. You will also have to build libtelnet (adding armv7h manually to PKGBUILD) and uuid. Good luck!

Phoenix commented on 2017-07-22 19:21

Request for support of armv7h

gekkoman commented on 2017-05-03 06:58

Upstream issue: wont compile against openssl_1.1 due to API changes

RDP detection broken as per previous.

Had a quick play and the following compiles against openssl_1.1

diff -ru -x '*.lo' -x '*.o' -x '*.la' -x '*.a' -x '*.Plo' -x '*.Tpo' src/guacamole-server-0.9.12-incubating/src/common-ssh/buffer.c orig/guacamole-server-0.9.12-incubating/src/common-ssh/buffer.c
--- src/guacamole-server-0.9.12-incubating/src/common-ssh/buffer.c 2017-05-03 03:23:20.563784201 +1000
+++ orig/guacamole-server-0.9.12-incubating/src/common-ssh/buffer.c 2017-03-19 11:38:03.000000000 +1100
@@ -54,7 +54,7 @@
*buffer += length;

-void guac_common_ssh_buffer_write_bignum(char** buffer, const BIGNUM* value) {
+void guac_common_ssh_buffer_write_bignum(char** buffer, BIGNUM* value) {

unsigned char* bn_buffer;
int length;
diff -ru -x '*.lo' -x '*.o' -x '*.la' -x '*.a' -x '*.Plo' -x '*.Tpo' src/guacamole-server-0.9.12-incubating/src/common-ssh/common-ssh/buffer.h orig/guacamole-server-0.9.12-incubating/src/common-ssh/common-ssh/buffer.h
--- src/guacamole-server-0.9.12-incubating/src/common-ssh/common-ssh/buffer.h 2017-05-03 03:29:01.013794762 +1000
+++ orig/guacamole-server-0.9.12-incubating/src/common-ssh/common-ssh/buffer.h 2017-03-19 11:38:03.000000000 +1100
@@ -76,7 +76,7 @@
* @param value
* The value to write.
-void guac_common_ssh_buffer_write_bignum(char** buffer, const BIGNUM* value);
+void guac_common_ssh_buffer_write_bignum(char** buffer, BIGNUM* value);

* Writes the given data the given buffer, advancing the buffer pointer by the
diff -ru -x '*.lo' -x '*.o' -x '*.la' -x '*.a' -x '*.Plo' -x '*.Tpo' src/guacamole-server-0.9.12-incubating/src/common-ssh/key.c orig/guacamole-server-0.9.12-incubating/src/common-ssh/key.c
--- src/guacamole-server-0.9.12-incubating/src/common-ssh/key.c 2017-05-03 03:26:48.373790647 +1000
+++ orig/guacamole-server-0.9.12-incubating/src/common-ssh/key.c 2017-03-19 11:38:03.000000000 +1100
@@ -43,8 +43,6 @@
char* public_key;
char* pos;

- const BIGNUM *n, *e, *p, *q, *g, *pub;
/* Create BIO for reading key from memory */
key_bio = BIO_new_mem_buf(data, length);

@@ -73,9 +71,8 @@

/* Derive public key */
guac_common_ssh_buffer_write_string(&pos, "ssh-rsa", sizeof("ssh-rsa")-1);
- RSA_get0_key(rsa_key, &n, &e, NULL);
- guac_common_ssh_buffer_write_bignum(&pos, e);
- guac_common_ssh_buffer_write_bignum(&pos, n);
+ guac_common_ssh_buffer_write_bignum(&pos, rsa_key->e);
+ guac_common_ssh_buffer_write_bignum(&pos, rsa_key->n);

/* Save public key to structure */
key->public_key = public_key;
@@ -108,12 +105,10 @@

/* Derive public key */
guac_common_ssh_buffer_write_string(&pos, "ssh-dss", sizeof("ssh-dss")-1);
- DSA_get0_pqg(dsa_key, &p, &q, &g);
- DSA_get0_key(dsa_key, &pub, NULL);
- guac_common_ssh_buffer_write_bignum(&pos, p);
- guac_common_ssh_buffer_write_bignum(&pos, q);
- guac_common_ssh_buffer_write_bignum(&pos, g);
- guac_common_ssh_buffer_write_bignum(&pos, pub);
+ guac_common_ssh_buffer_write_bignum(&pos, dsa_key->p);
+ guac_common_ssh_buffer_write_bignum(&pos, dsa_key->q);
+ guac_common_ssh_buffer_write_bignum(&pos, dsa_key->g);
+ guac_common_ssh_buffer_write_bignum(&pos, dsa_key->pub_key);

/* Save public key to structure */
key->public_key = public_key;
@@ -161,20 +156,19 @@
int length, unsigned char* sig) {

const EVP_MD* md;
- EVP_MD_CTX *md_ctx=EVP_MD_CTX_new();
+ EVP_MD_CTX md_ctx;

unsigned char digest[EVP_MAX_MD_SIZE];
unsigned int dlen, len;
- const BIGNUM *pr = NULL, *ps = NULL;

/* Get SHA1 digest */
if ((md = EVP_get_digestbynid(NID_sha1)) == NULL)
return -1;

/* Digest data */
- EVP_DigestInit(md_ctx, md);
- EVP_DigestUpdate(md_ctx, data, length);
- EVP_DigestFinal(md_ctx, digest, &dlen);
+ EVP_DigestInit(&md_ctx, md);
+ EVP_DigestUpdate(&md_ctx, data, length);
+ EVP_DigestFinal(&md_ctx, digest, &dlen);

/* Sign with key */
switch (key->type) {
@@ -188,10 +182,10 @@

DSA_SIG* dsa_sig = DSA_do_sign(digest, dlen, key->dsa);
if (dsa_sig != NULL) {
- DSA_SIG_get0(dsa_sig, &pr, &ps);
/* Compute size of each half of signature */
- int rlen = BN_num_bytes(pr);
- int slen = BN_num_bytes(ps);
+ int rlen = BN_num_bytes(dsa_sig->r);
+ int slen = BN_num_bytes(dsa_sig->s);

/* Ensure each number is within the required size */
@@ -201,11 +195,11 @@
memset(sig, 0, DSA_SIG_SIZE);

/* Add R at the end of the first block of the signature */
- BN_bn2bin(pr, sig + DSA_SIG_SIZE
+ BN_bn2bin(dsa_sig->r, sig + DSA_SIG_SIZE

/* Add S at the end of the second block of the signature */
- BN_bn2bin(ps, sig + DSA_SIG_SIZE - slen);
+ BN_bn2bin(dsa_sig->s, sig + DSA_SIG_SIZE - slen);

/* Done */
diff -ru -x '*.lo' -x '*.o' -x '*.la' -x '*.a' -x '*.Plo' -x '*.Tpo' src/guacamole-server-0.9.12-incubating/src/common-ssh/ssh.c orig/guacamole-server-0.9.12-incubating/src/common-ssh/ssh.c
--- src/guacamole-server-0.9.12-incubating/src/common-ssh/ssh.c 2017-05-03 03:16:42.227105179 +1000
+++ orig/guacamole-server-0.9.12-incubating/src/common-ssh/ssh.c 2017-03-19 11:38:03.000000000 +1100
@@ -67,20 +67,18 @@
* The line number of the function setting the lock, for debugging
* purposes.
static void guac_common_ssh_openssl_locking_callback(int mode, int n,
const char* file, int line){

- // Lock given mutex upon request
+ /* Lock given mutex upon request */
if (mode & CRYPTO_LOCK)

- // Unlock given mutex upon request
+ /* Unlock given mutex upon request */
else if (mode & CRYPTO_UNLOCK)


* Called by OpenSSL when determining the current thread ID.
@@ -88,9 +86,9 @@
* @return
* An ID which uniquely identifies the current thread.
-/*static unsigned long guac_common_ssh_openssl_id_callback() {
+static unsigned long guac_common_ssh_openssl_id_callback() {
return (unsigned long) pthread_self();

* Creates the given number of mutexes, such that OpenSSL will have at least

All comments