[pkg-remote-commits] [xrdp] 02/06: Update changelog and patches.
Dominik George
natureshadow-guest at moszumanska.debian.org
Sun Jan 7 16:09:02 UTC 2018
This is an automated email from the git hooks/post-receive script.
natureshadow-guest pushed a commit to branch master
in repository xrdp.
commit c442d41fead36d94164ad6fc5161902b589828b1
Author: Dominik George <nik at naturalnet.de>
Date: Sun Jan 7 16:04:44 2018 +0100
Update changelog and patches.
---
debian/changelog | 8 ++
debian/patches/config.diff | 44 ++++------
debian/patches/cve-2017-16927.patch | 137 -------------------------------
debian/patches/fix-ssl-accept-load.patch | 23 ------
debian/patches/fix_perms.diff | 14 +---
debian/patches/lfs.diff | 2 +-
debian/patches/series | 2 -
debian/patches/shutup-daemon.diff | 2 +-
8 files changed, 29 insertions(+), 203 deletions(-)
diff --git a/debian/changelog b/debian/changelog
index 4558a13..a8d94b1 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,11 @@
+xrdp (0.9.5-1) unstable; urgency=medium
+
+ * New upstream version.
+ + Remove patches applied upstream.
+ + Refresh other patches.
+
+ -- Dominik George <nik at naturalnet.de> Sun, 07 Jan 2018 16:04:02 +0100
+
xrdp (0.9.4-4) unstable; urgency=high
* Fix (possibly exploitable) high CPU load in ssl_tls_accept.
diff --git a/debian/patches/config.diff b/debian/patches/config.diff
index 8bff5d1..6ec4bae 100644
--- a/debian/patches/config.diff
+++ b/debian/patches/config.diff
@@ -2,38 +2,26 @@ From: Dominik George <nik at naturalnet.de>
Subject: Use xorgxrdp instead of x11rdp
--- a/sesman/sesman.ini
+++ b/sesman/sesman.ini
-@@ -54,12 +54,13 @@ LogLevel=DEBUG
- EnableSyslog=1
- SyslogLevel=DEBUG
+@@ -68,7 +68,7 @@ SyslogLevel=DEBUG
+ ; Arch Linux : param=/usr/bin/Xorg or param=Xorg
+ ; CentOS 7 : param=/usr/bin/Xorg or param=Xorg
+ ;
+-param=Xorg
++param=/usr/lib/xorg/Xorg
+ ; Leave the rest paramaters as-is unless you understand what will happen.
+ param=-config
+ param=xrdp/xorg.conf
+@@ -78,13 +78,6 @@ param=tcp
+ param=-logfile
+ param=.xorgxrdp.%s.log
-[X11rdp]
-param=X11rdp
-param=-bs
-+[Xorg]
-+param=Xorg
-+param=-config
-+param=xrdp/xorg.conf
-+param=-noreset
- param=-nolisten
- param=tcp
--param=-uds
-
- [Xvnc]
- param=Xvnc
-@@ -70,16 +71,6 @@ param=-localhost
- param=-dpi
- param=96
-
--[Xorg]
--param=Xorg
--param=-config
--param=xrdp/xorg.conf
--param=-noreset
-param=-nolisten
-param=tcp
--param=-logfile
--param=.xorgxrdp.%s.log
+-param=-uds
-
- [Chansrv]
- ; drive redirection, defaults to xrdp_client if not set
- FuseMountName=thinclient_drives
+ [Xvnc]
+ param=Xvnc
+ param=-bs
diff --git a/debian/patches/cve-2017-16927.patch b/debian/patches/cve-2017-16927.patch
deleted file mode 100644
index 81d133f..0000000
--- a/debian/patches/cve-2017-16927.patch
+++ /dev/null
@@ -1,137 +0,0 @@
-From: Idan Freiberg
-Subject: sesman: scpv0, accept variable length data fields
-Origin: https://github.com/neutrinolabs/xrdp/commit/ebd0510a7d4dab906b6e01570205dfa530d1f7bf.diff
-Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=882463
---- a/sesman/libscp/libscp_v0.c
-+++ b/sesman/libscp/libscp_v0.c
-@@ -161,7 +161,7 @@ scp_v0s_accept(struct SCP_CONNECTION *c,
- struct SCP_SESSION *session = 0;
- tui16 sz;
- tui32 code = 0;
-- char buf[257];
-+ char *buf = 0;
-
- if (!skipVchk)
- {
-@@ -226,27 +226,31 @@ scp_v0s_accept(struct SCP_CONNECTION *c,
-
- /* reading username */
- in_uint16_be(c->in_s, sz);
-- buf[sz] = '\0';
-+ buf = g_new0(char, sz + 1);
- in_uint8a(c->in_s, buf, sz);
--
-+ buf[sz] = '\0';
- if (0 != scp_session_set_username(session, buf))
- {
- scp_session_destroy(session);
- log_message(LOG_LEVEL_WARNING, "[v0:%d] connection aborted: error setting username", __LINE__);
-+ g_free(buf);
- return SCP_SERVER_STATE_INTERNAL_ERR;
- }
-+ g_free(buf);
-
- /* reading password */
- in_uint16_be(c->in_s, sz);
-- buf[sz] = '\0';
-+ buf = g_new0(char, sz + 1);
- in_uint8a(c->in_s, buf, sz);
--
-+ buf[sz] = '\0';
- if (0 != scp_session_set_password(session, buf))
- {
- scp_session_destroy(session);
- log_message(LOG_LEVEL_WARNING, "[v0:%d] connection aborted: error setting password", __LINE__);
-+ g_free(buf);
- return SCP_SERVER_STATE_INTERNAL_ERR;
- }
-+ g_free(buf);
-
- /* width */
- in_uint16_be(c->in_s, sz);
-@@ -272,9 +276,11 @@ scp_v0s_accept(struct SCP_CONNECTION *c,
-
- if (sz > 0)
- {
-+ buf = g_new0(char, sz + 1);
- in_uint8a(c->in_s, buf, sz);
- buf[sz] = '\0';
- scp_session_set_domain(session, buf);
-+ g_free(buf);
- }
- }
-
-@@ -285,9 +291,11 @@ scp_v0s_accept(struct SCP_CONNECTION *c,
-
- if (sz > 0)
- {
-+ buf = g_new0(char, sz + 1);
- in_uint8a(c->in_s, buf, sz);
- buf[sz] = '\0';
- scp_session_set_program(session, buf);
-+ g_free(buf);
- }
- }
-
-@@ -298,9 +306,11 @@ scp_v0s_accept(struct SCP_CONNECTION *c,
-
- if (sz > 0)
- {
-+ buf = g_new0(char, sz + 1);
- in_uint8a(c->in_s, buf, sz);
- buf[sz] = '\0';
- scp_session_set_directory(session, buf);
-+ g_free(buf);
- }
- }
-
-@@ -311,9 +321,11 @@ scp_v0s_accept(struct SCP_CONNECTION *c,
-
- if (sz > 0)
- {
-+ buf = g_new0(char, sz + 1);
- in_uint8a(c->in_s, buf, sz);
- buf[sz] = '\0';
- scp_session_set_client_ip(session, buf);
-+ g_free(buf);
- }
- }
- }
-@@ -332,29 +344,35 @@ scp_v0s_accept(struct SCP_CONNECTION *c,
- scp_session_set_type(session, SCP_GW_AUTHENTICATION);
- /* reading username */
- in_uint16_be(c->in_s, sz);
-- buf[sz] = '\0';
-+ buf = g_new0(char, sz + 1);
- in_uint8a(c->in_s, buf, sz);
-+ buf[sz] = '\0';
-
- /* g_writeln("Received user name: %s",buf); */
- if (0 != scp_session_set_username(session, buf))
- {
- scp_session_destroy(session);
- /* until syslog merge log_message(s_log, LOG_LEVEL_WARNING, "[v0:%d] connection aborted: error setting username", __LINE__);*/
-+ g_free(buf);
- return SCP_SERVER_STATE_INTERNAL_ERR;
- }
-+ g_free(buf);
-
- /* reading password */
- in_uint16_be(c->in_s, sz);
-- buf[sz] = '\0';
-+ buf = g_new0(char, sz + 1);
- in_uint8a(c->in_s, buf, sz);
-+ buf[sz] = '\0';
-
- /* g_writeln("Received password: %s",buf); */
- if (0 != scp_session_set_password(session, buf))
- {
- scp_session_destroy(session);
- /* until syslog merge log_message(s_log, LOG_LEVEL_WARNING, "[v0:%d] connection aborted: error setting password", __LINE__); */
-+ g_free(buf);
- return SCP_SERVER_STATE_INTERNAL_ERR;
- }
-+ g_free(buf);
- }
- else
- {
diff --git a/debian/patches/fix-ssl-accept-load.patch b/debian/patches/fix-ssl-accept-load.patch
deleted file mode 100644
index 0455961..0000000
--- a/debian/patches/fix-ssl-accept-load.patch
+++ /dev/null
@@ -1,23 +0,0 @@
-From: jsorg71
-Subject: Avoid 100% CPU load on ssl_tls_accept
-Origin: https://github.com/neutrinolabs/xrdp/commit/a9eb21e6d73d94989dc0fa221824b0625b37b7aa.diff
-Bug: https://github.com/neutrinolabs/xrdp/issues/954
-Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=884453
---- a/common/ssl_calls.c
-+++ b/common/ssl_calls.c
-@@ -651,6 +651,15 @@ ssl_tls_accept(struct ssl_tls *self, lon
- * SSL_ERROR_WANT_READ
- * SSL_ERROR_WANT_WRITE
- */
-+ switch (SSL_get_error(self->ssl, connection_status))
-+ {
-+ case SSL_ERROR_WANT_READ:
-+ g_sck_can_recv(self->trans->sck, SSL_WANT_READ_WRITE_TIMEOUT);
-+ break;
-+ case SSL_ERROR_WANT_WRITE:
-+ g_sck_can_send(self->trans->sck, SSL_WANT_READ_WRITE_TIMEOUT);
-+ break;
-+ }
- }
- else
- {
diff --git a/debian/patches/fix_perms.diff b/debian/patches/fix_perms.diff
index 48b0bf7..b69a7a3 100644
--- a/debian/patches/fix_perms.diff
+++ b/debian/patches/fix_perms.diff
@@ -8,7 +8,7 @@ Forwarded: https://github.com/neutrinolabs/xorgxrdp/pull/16
https://github.com/neutrinolabs/xrdp/pull/464
--- a/common/os_calls.c
+++ b/common/os_calls.c
-@@ -124,7 +124,7 @@ g_mk_socket_path(const char *app_name)
+@@ -127,7 +127,7 @@ g_mk_socket_path(const char *app_name)
return 1;
}
}
@@ -30,20 +30,12 @@ Forwarded: https://github.com/neutrinolabs/xorgxrdp/pull/16
i = atoi(display);
--- a/xorgxrdp/module/rdpClientCon.c
+++ b/xorgxrdp/module/rdpClientCon.c
-@@ -1217,7 +1217,7 @@ rdpClientConInit(rdpPtr dev)
+@@ -1219,7 +1219,7 @@ rdpClientConInit(rdpPtr dev)
return 0;
}
}
- g_chmod_hex(socket_dir, 0x1777);
+ g_chmod_hex(socket_dir, 0x3777);
}
- i = atoi(display);
- if (i < 1)
-@@ -1238,6 +1238,7 @@ rdpClientConInit(rdpPtr dev)
- return 1;
- }
- g_sck_listen(dev->listen_sck);
-+ g_chmod_hex(dev->uds_data, 0x0660);
- rdpClientConAddEnabledDevice(dev->pScreen, dev->listen_sck);
- }
+ errno = 0;
diff --git a/debian/patches/lfs.diff b/debian/patches/lfs.diff
index 5059346..b9df6fb 100644
--- a/debian/patches/lfs.diff
+++ b/debian/patches/lfs.diff
@@ -13,7 +13,7 @@ Reviewed-by: Dominik George <nik at naturalnet.de>
AC_C_CONST
AC_PROG_LIBTOOL
-@@ -361,4 +363,5 @@ AC_CONFIG_FILES([
+@@ -365,4 +367,5 @@ AC_CONFIG_FILES([
xup/Makefile
])
diff --git a/debian/patches/series b/debian/patches/series
index bdeada4..14466bb 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -5,6 +5,4 @@ fix_perms.diff
shutup-daemon.diff
systemd.diff
lfs.diff
-cve-2017-16927.patch
-fix-ssl-accept-load.patch
pulse-debian.patch
diff --git a/debian/patches/shutup-daemon.diff b/debian/patches/shutup-daemon.diff
index d567bdf..2e64d3d 100644
--- a/debian/patches/shutup-daemon.diff
+++ b/debian/patches/shutup-daemon.diff
@@ -2,7 +2,7 @@ From: Thorsten Glaser <tg at mirbsd.org>
Subject: don’t spit on the console when starting
--- a/common/log.c
+++ b/common/log.c
-@@ -387,11 +387,6 @@ internal_config_read_logging(int file, s
+@@ -393,11 +393,6 @@ internal_config_read_logging(int file, s
/* try to create path if not exist */
g_create_path(lc->log_file);
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-remote/xrdp.git
More information about the pkg-remote-commits
mailing list