pool/xrdp
SHA256
4
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Accepting request 818275 from home:yfjiang:branches:X11:RemoteDesktop

Browse Source 
- Update to version 0.9.13.1
  + This is a security fix release that includes fixes for the
    following local buffer overflow vulnerability (bsc#1173580):
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-4044
- Rebase xrdp-fate318398-change-expired-password.patch

OBS-URL: https://build.opensuse.org/request/show/818275
OBS-URL: https://build.opensuse.org/package/show/X11:RemoteDesktop/xrdp?expand=0&rev=84
This commit is contained in:
Felix Zhang 2020-07-03 02:31:03 +00:00 committed by Git OBS Bridge
parent 668c3398e5
commit 7ba98f7ee3
7 changed files with 101 additions and 100 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
xrdp-0.9.13.1.tar.gz Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:e90a15404c060c378a91b3b51899415122e801863b8a00e4ea42a106b184108c
size 1878031

16
xrdp-0.9.13.1.tar.gz.asc Normal file
View File

@ -0,0 +1,16 @@
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEGKuDipBxZ3RZFIcZA5k7QGXnGTsFAl764e4ACgkQA5k7QGXn
GTvL6g/+JGmCorupzV7CYN3ThrT8FZtOuYpm3cXQtkpvMMZb7LgzoCn96UWoVnnF
ldg3cdCvhDtf08Am619Uo1Qtet2Qk1w9ssdEChaz+dN/kw6BB88KtbehIaxEmsu7
G+NSIQxC6T7gOSEwxNL35gv55fJgmBIyptri592awqIM7Y46704mELoDaHeIu0Je
B5R9eTuL0Pi02gcWA/8XDnYY6yg1xlh23+Z+yXqKbpX+qltEpuKff+eIDhM1m/N2
Nd3/sHii9dvX3vXhdq2iH14sk4d701rJ6s+Qfw3iE7UcJLPwiIAIfepj3MU4bo8G
qwbQwrRHOCTRHlRV9DfQ2ZXqadP52w9D7ZQPE9Iqyk8UBJx3Gd1I8drg2iNBIkeK
w7sLfJmDdVgyMJjSbQ0CWMkTSzhIpdlRLeDdafusmLwLokpgVWPCeBEc2oW24A7B
gNysT3iur1vqYpx5PtgAf7eQ9/NqUKLS/nfVfvvCde0apXLgTUIUjOfR5fCkn6VA
OuqbysoYg+U99iQ/Yy4HWDO9msSf5V8ZoaMggxenbD9OQtJVgu8eaUqory+3jmQe
MNKUUtdFzy1DYTqkby8hN+ipL0jLA7DQWncx2+w9f0+Vh1t3uBP3z2YnzSORJXFX
P0CUtlQp0IJxBHqvuItVcOA5aPpErJNz45/UxVjk9btxGiU6feE=
=n35S
-----END PGP SIGNATURE-----

3
xrdp-0.9.13.tar.gz
View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:59fe6f32f17e7b86c132e069ee96b754f0555b1197e44e4d070e85591d0271ff
size 1865444

16
xrdp-0.9.13.tar.gz.asc
View File

@ -1,16 +0,0 @@
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEYezqu/K7QOOjXfMKn3LNvAG/EOsFAl5obDYACgkQn3LNvAG/
EOtPBBAAghM5yYVTLoUU98wOCM8Gx8PQlDaHsWHz6FKzGIo1QgkUaZs4Ixe1CrEi
ZjInippgf0jSSve/7/KG1WSUDON3bfqSi6y4/wH/vOigy6fKsVUOcIxKtvtABWyR
iE/jZBt6hoTyHg5DU8jS9KZGHHWUFaPbkgr59FG1lJIjkrqgqRuwK58O3Vrh3zOX
q9fsHmZ0ZJp/KDUw23OB3yTj6H203SVylBHYQIsc/0EjTCYACU69Oib43pOaphy9
+9k+kolw86blHk1BY1S16iR3XlG6T/eYzGvRwsyBH9Rqu1nzBwDqACGZfEoZu+hR
G45sllpuG/VLxjP6JLwZZg56nskiKWlNnkicxGkKhhLANDDm9xf7jGsALaiOp89t
uwPGJhW7NfHxfNyIDyL+OopLHu0l0qg2O48ATofzqkqEhZicCE1orRXjmKdYrVd0
rBRVpVaHhU6HAM7qf5QgdmFpyV52aln1O7iaooOx9Axng+4AWagaLyox81k0NNCD
v7KCsDObuZJWrYa/PmxpxP+ZYRATLvYQjJGfDK6M9k36+jG2Eu9WIDT0ImYIvZ6H
qWSSqGv20fbmOCpV798NtTbaTPTMWv+XF0xRunU7kxkEJtKwNwPP53Z/ed01oACp
ZlqCHU/OBAqweVq2t9RkGLhIEq0gVR1BT2BCc1CvAEUkgMCf114=
=6+xK
-----END PGP SIGNATURE-----

152
xrdp-fate318398-change-expired-password.patch
View File

@ -1,19 +1,19 @@
Index: b/sesman/auth.h
Index: xrdp-0.9.13.1/sesman/auth.h
===================================================================
--- a/sesman/auth.h 2017-10-26 13:30:12.000000000 +0800
+++ b/sesman/auth.h 2018-01-04 16:40:32.178890000 +0800
@@ -106,4 +106,6 @@
--- xrdp-0.9.13.1.orig/sesman/auth.h
+++ xrdp-0.9.13.1/sesman/auth.h
@@ -106,4 +106,6 @@ auth_check_pwd_chg(const char *user);
int
auth_change_pwd(const char *user, const char *newpwd);
+int
+auth_change_pwd_pam(char* user, char* pass, char* newpwd);
#endif
Index: b/sesman/libscp/libscp_session.c
Index: xrdp-0.9.13.1/sesman/libscp/libscp_session.c
===================================================================
--- a/sesman/libscp/libscp_session.c 2017-10-26 13:30:12.000000000 +0800
+++ b/sesman/libscp/libscp_session.c 2018-01-04 16:40:32.178890000 +0800
@@ -75,6 +75,10 @@
--- xrdp-0.9.13.1.orig/sesman/libscp/libscp_session.c
+++ xrdp-0.9.13.1/sesman/libscp/libscp_session.c
@@ -75,6 +75,10 @@ scp_session_set_type(struct SCP_SESSION
s->type = SCP_GW_AUTHENTICATION;
break;
@ -24,7 +24,7 @@ Index: b/sesman/libscp/libscp_session.c
case SCP_SESSION_TYPE_MANAGE:
s->type = SCP_SESSION_TYPE_MANAGE;
s->mng = (struct SCP_MNG_DATA *)g_malloc(sizeof(struct SCP_MNG_DATA), 1);
@@ -231,6 +235,32 @@
@@ -231,6 +235,32 @@ scp_session_set_password(struct SCP_SESS
return 1;
}
@ -57,10 +57,10 @@ Index: b/sesman/libscp/libscp_session.c
return 0;
}
Index: b/sesman/libscp/libscp_types.h
Index: xrdp-0.9.13.1/sesman/libscp/libscp_types.h
===================================================================
--- a/sesman/libscp/libscp_types.h 2017-10-04 12:44:21.000000000 +0800
+++ b/sesman/libscp/libscp_types.h 2018-01-04 16:40:32.178890000 +0800
--- xrdp-0.9.13.1.orig/sesman/libscp/libscp_types.h
+++ xrdp-0.9.13.1/sesman/libscp/libscp_types.h
@@ -47,6 +47,7 @@
* XRDP sends this command to let sesman verify if the user is allowed
* to use the gateway */
@ -69,7 +69,7 @@ Index: b/sesman/libscp/libscp_types.h
#define SCP_ADDRESS_TYPE_IPV4 0x00
#define SCP_ADDRESS_TYPE_IPV6 0x01
@@ -77,6 +78,7 @@
@@ -81,6 +82,7 @@ struct SCP_SESSION
char locale[18];
char* username;
char* password;
@ -77,41 +77,33 @@ Index: b/sesman/libscp/libscp_types.h
char* hostname;
tui8 addr_type;
tui32 ipv4addr;
Index: b/sesman/libscp/libscp_v0.c
Index: xrdp-0.9.13.1/sesman/libscp/libscp_v0.c
===================================================================
--- a/sesman/libscp/libscp_v0.c 2017-12-27 22:30:25.000000000 +0800
+++ b/sesman/libscp/libscp_v0.c 2018-01-04 17:09:58.859805998 +0800
@@ -329,9 +329,8 @@
--- xrdp-0.9.13.1.orig/sesman/libscp/libscp_v0.c
+++ xrdp-0.9.13.1/sesman/libscp/libscp_v0.c
@@ -383,9 +383,9 @@ scp_v0s_init_session(struct SCP_CONNECTI
}
}
}
- else if (code == SCP_GW_AUTHENTICATION)
+ else if (code == SCP_GW_AUTHENTICATION || code == SCP_GW_CHAUTHTOK)
{
- /* g_writeln("Command is SCP_GW_AUTHENTICATION"); */
session = scp_session_create();
if (0 == session)
@@ -341,7 +340,7 @@
}
scp_session_set_version(session, version);
- scp_session_set_type(session, SCP_GW_AUTHENTICATION);
+ scp_session_set_type(session, code);
/* reading username */
in_uint16_be(c->in_s, sz);
buf = g_new0(char, sz + 1);
@@ -358,6 +357,23 @@
if (!in_string16(c->in_s, buf, "username", __LINE__))
{
@@ -399,6 +399,23 @@ scp_v0s_init_session(struct SCP_CONNECTI
return SCP_SERVER_STATE_INTERNAL_ERR;
}
g_free(buf);
+ if (code == SCP_GW_CHAUTHTOK)
+ {
+ /* reading new password */
+ in_uint16_be(c->in_s, sz);
+ buf = g_new0(char, sz + 1);
+ in_uint8a(c->in_s, buf, sz);
+ buf[sz] = '\0';
+ if (!in_string16(c->in_s, buf, "passwd", __LINE__))
+ {
+ return SCP_SERVER_STATE_SIZE_ERR;
+ }
+
+ if (0 != scp_session_set_newpass(session, buf))
+ {
@ -123,9 +115,9 @@ Index: b/sesman/libscp/libscp_v0.c
+ }
+
/* reading password */
in_uint16_be(c->in_s, sz);
buf = g_new0(char, sz + 1);
@@ -435,12 +451,13 @@
if (!in_string16(c->in_s, buf, "passwd", __LINE__))
{
@@ -530,12 +547,13 @@ scp_v0s_deny_connection(struct SCP_CONNE
/******************************************************************************/
enum SCP_SERVER_STATES_E
@ -141,11 +133,11 @@ Index: b/sesman/libscp/libscp_v0.c
out_uint16_be(c->out_s, value); /* reply code */
out_uint16_be(c->out_s, 0); /* dummy data */
s_mark_end(c->out_s);
Index: b/sesman/libscp/libscp_v0.h
Index: xrdp-0.9.13.1/sesman/libscp/libscp_v0.h
===================================================================
--- a/sesman/libscp/libscp_v0.h 2017-07-19 12:23:49.000000000 +0800
+++ b/sesman/libscp/libscp_v0.h 2018-01-04 16:40:32.182893999 +0800
@@ -79,6 +79,6 @@
--- xrdp-0.9.13.1.orig/sesman/libscp/libscp_v0.h
+++ xrdp-0.9.13.1/sesman/libscp/libscp_v0.h
@@ -79,6 +79,6 @@ scp_v0s_deny_connection(struct SCP_CONNE
* @return
*/
enum SCP_SERVER_STATES_E
@ -153,11 +145,11 @@ Index: b/sesman/libscp/libscp_v0.h
+scp_v0s_replyauthentication(struct SCP_CONNECTION* c, unsigned short int value, tui8 type);
#endif
Index: b/sesman/scp_v0.c
Index: xrdp-0.9.13.1/sesman/scp_v0.c
===================================================================
--- a/sesman/scp_v0.c 2017-10-26 13:30:12.000000000 +0800
+++ b/sesman/scp_v0.c 2018-01-04 16:40:32.182893999 +0800
@@ -42,6 +42,13 @@
--- xrdp-0.9.13.1.orig/sesman/scp_v0.c
+++ xrdp-0.9.13.1/sesman/scp_v0.c
@@ -42,6 +42,13 @@ scp_v0_process(struct SCP_CONNECTION *c,
int errorcode = 0;
bool_t do_auth_end = 1;
@ -171,7 +163,7 @@ Index: b/sesman/scp_v0.c
data = auth_userpass(s->username, s->password, &errorcode);
if (s->type == SCP_GW_AUTHENTICATION)
@@ -53,14 +60,14 @@
@@ -53,14 +60,14 @@ scp_v0_process(struct SCP_CONNECTION *c,
if (1 == access_login_allowed(s->username))
{
/* the user is member of the correct groups. */
@ -188,7 +180,7 @@ Index: b/sesman/scp_v0.c
log_message(LOG_LEVEL_INFO, "Username okey but group problem for "
"user: %s", s->username);
/* g_writeln("user password ok, but group problem"); */
@@ -71,7 +78,7 @@
@@ -71,7 +78,7 @@ scp_v0_process(struct SCP_CONNECTION *c,
/* g_writeln("username or password error"); */
log_message(LOG_LEVEL_INFO, "Username or password error for user: %s",
s->username);
@ -197,11 +189,11 @@ Index: b/sesman/scp_v0.c
}
}
else if (data)
Index: b/sesman/verify_user_pam.c
Index: xrdp-0.9.13.1/sesman/verify_user_pam.c
===================================================================
--- a/sesman/verify_user_pam.c 2017-11-27 09:42:43.000000000 +0800
+++ b/sesman/verify_user_pam.c 2018-01-04 16:40:32.182893999 +0800
@@ -38,6 +38,7 @@
--- xrdp-0.9.13.1.orig/sesman/verify_user_pam.c
+++ xrdp-0.9.13.1/sesman/verify_user_pam.c
@@ -38,6 +38,7 @@ struct t_user_pass
{
char user[256];
char pass[256];
@ -209,7 +201,7 @@ Index: b/sesman/verify_user_pam.c
};
struct t_auth_info
@@ -86,6 +87,55 @@
@@ -86,6 +87,55 @@ verify_pam_conv(int num_msg, const struc
}
/******************************************************************************/
@ -265,7 +257,7 @@ Index: b/sesman/verify_user_pam.c
static void
get_service_name(char *service_name)
{
@@ -103,6 +153,52 @@
@@ -103,6 +153,52 @@ get_service_name(char *service_name)
}
/******************************************************************************/
@ -318,11 +310,11 @@ Index: b/sesman/verify_user_pam.c
/* returns long, zero is no go
Stores the detailed error code in the errorcode variable*/
Index: b/xrdp/xrdp_login_wnd.c
Index: xrdp-0.9.13.1/xrdp/xrdp_login_wnd.c
===================================================================
--- a/xrdp/xrdp_login_wnd.c 2017-11-27 09:42:43.000000000 +0800
+++ b/xrdp/xrdp_login_wnd.c 2018-01-04 16:40:32.182893999 +0800
@@ -187,7 +187,14 @@
--- xrdp-0.9.13.1.orig/xrdp/xrdp_login_wnd.c
+++ xrdp-0.9.13.1/xrdp/xrdp_login_wnd.c
@@ -187,7 +187,14 @@ xrdp_wm_cancel_clicked(struct xrdp_bitma
{
if (wnd->wm != 0)
{
@ -338,7 +330,7 @@ Index: b/xrdp/xrdp_login_wnd.c
{
g_set_wait_obj(wnd->wm->pro_layer->self_term_event);
}
@@ -245,7 +252,29 @@
@@ -245,7 +252,29 @@ xrdp_wm_ok_clicked(struct xrdp_bitmap *w
}
else
{
@ -369,7 +361,7 @@ Index: b/xrdp/xrdp_login_wnd.c
}
return 0;
@@ -545,6 +574,32 @@
@@ -545,6 +574,32 @@ xrdp_wm_login_notify(struct xrdp_bitmap
return 0;
}
@ -402,7 +394,7 @@ Index: b/xrdp/xrdp_login_wnd.c
/******************************************************************************/
static int
xrdp_wm_login_fill_in_combo(struct xrdp_wm *self, struct xrdp_bitmap *b)
@@ -825,6 +880,103 @@
@@ -825,6 +880,103 @@ xrdp_login_wnd_create(struct xrdp_wm *se
return 0;
}
@ -506,11 +498,11 @@ Index: b/xrdp/xrdp_login_wnd.c
/**
* Load configuration from xrdp.ini file
Index: b/xrdp/xrdp_mm.c
Index: xrdp-0.9.13.1/xrdp/xrdp_mm.c
===================================================================
--- a/xrdp/xrdp_mm.c 2017-12-27 22:30:26.000000000 +0800
+++ b/xrdp/xrdp_mm.c 2018-01-04 16:40:32.182893999 +0800
@@ -1458,7 +1458,7 @@
--- xrdp-0.9.13.1.orig/xrdp/xrdp_mm.c
+++ xrdp-0.9.13.1/xrdp/xrdp_mm.c
@@ -1781,7 +1781,7 @@ xrdp_mm_sesman_data_in(struct trans *tra
/*********************************************************************/
/* return 0 on success */
static int
@ -519,7 +511,7 @@ Index: b/xrdp/xrdp_mm.c
{
int reply;
int rec = 32+1; /* 32 is reserved for PAM failures this means connect failure */
@@ -1486,7 +1486,8 @@
@@ -1809,7 +1809,8 @@ access_control(char *username, char *pas
make_stream(out_s);
init_stream(out_s, 500);
s_push_layer(out_s, channel_hdr, 8);
@ -529,7 +521,7 @@ Index: b/xrdp/xrdp_mm.c
index = g_strlen(username);
out_uint16_be(out_s, index);
out_uint8a(out_s, username, index);
@@ -1494,6 +1495,14 @@
@@ -1817,6 +1818,14 @@ access_control(char *username, char *pas
index = g_strlen(password);
out_uint16_be(out_s, index);
out_uint8a(out_s, password, index);
@ -544,7 +536,7 @@ Index: b/xrdp/xrdp_mm.c
s_mark_end(out_s);
s_pop_layer(out_s, channel_hdr);
out_uint32_be(out_s, 0); /* version */
@@ -1523,15 +1532,19 @@
@@ -1846,15 +1855,19 @@ access_control(char *username, char *pas
in_uint16_be(in_s, pAM_errorcode); /* this variable holds the PAM error code if the variable is >32 it is a "invented" code */
in_uint16_be(in_s, dummy);
@ -568,7 +560,7 @@ Index: b/xrdp/xrdp_mm.c
}
else
{
@@ -1849,7 +1862,7 @@
@@ -2172,7 +2185,7 @@ xrdp_mm_connect(struct xrdp_mm *self)
char port[8];
char chansrvport[256];
#ifndef USE_NOPAM
@ -577,7 +569,7 @@ Index: b/xrdp/xrdp_mm.c
char pam_auth_sessionIP[256];
char pam_auth_password[256];
char pam_auth_username[256];
@@ -1889,7 +1902,7 @@
@@ -2212,7 +2225,7 @@ xrdp_mm_connect(struct xrdp_mm *self)
#ifndef USE_NOPAM
else if (g_strcasecmp(name, "pamusername") == 0)
{
@ -586,7 +578,7 @@ Index: b/xrdp/xrdp_mm.c
g_strncpy(pam_auth_username, value, 255);
}
else if (g_strcasecmp(name, "pamsessionmng") == 0)
@@ -1917,45 +1930,56 @@
@@ -2240,45 +2253,56 @@ xrdp_mm_connect(struct xrdp_mm *self)
}
#ifndef USE_NOPAM
@ -674,7 +666,7 @@ Index: b/xrdp/xrdp_mm.c
}
#endif
@@ -2048,6 +2072,59 @@
@@ -2374,6 +2398,59 @@ xrdp_mm_connect(struct xrdp_mm *self)
return rv;
}
@ -734,11 +726,11 @@ Index: b/xrdp/xrdp_mm.c
/*****************************************************************************/
int
xrdp_mm_get_wait_objs(struct xrdp_mm *self,
Index: b/xrdp/xrdp_types.h
Index: xrdp-0.9.13.1/xrdp/xrdp_types.h
===================================================================
--- a/xrdp/xrdp_types.h 2017-07-19 12:23:49.000000000 +0800
+++ b/xrdp/xrdp_types.h 2018-01-04 16:40:32.182893999 +0800
@@ -325,6 +325,7 @@
--- xrdp-0.9.13.1.orig/xrdp/xrdp_types.h
+++ xrdp-0.9.13.1/xrdp/xrdp_types.h
@@ -329,6 +329,7 @@ struct xrdp_wm
struct xrdp_cache* cache;
int palette[256];
struct xrdp_bitmap* login_window;
@ -746,11 +738,11 @@ Index: b/xrdp/xrdp_types.h
/* generic colors */
int black;
int grey;
Index: b/xrdp/xrdp_wm.c
Index: xrdp-0.9.13.1/xrdp/xrdp_wm.c
===================================================================
--- a/xrdp/xrdp_wm.c 2018-01-04 16:40:31.998709999 +0800
+++ b/xrdp/xrdp_wm.c 2018-01-04 16:40:32.182893999 +0800
@@ -1896,6 +1896,34 @@
--- xrdp-0.9.13.1.orig/xrdp/xrdp_wm.c
+++ xrdp-0.9.13.1/xrdp/xrdp_wm.c
@@ -1990,6 +1990,34 @@ xrdp_wm_login_mode_changed(struct xrdp_w
self->dragging = 0;
xrdp_wm_set_login_mode(self, 11);
}
@ -785,7 +777,7 @@ Index: b/xrdp/xrdp_wm.c
return 0;
}
@@ -1940,11 +1968,19 @@
@@ -2034,11 +2062,19 @@ xrdp_wm_log_wnd_notify(struct xrdp_bitma
xrdp_bitmap_invalidate(wm->screen, &rect);
/* if module is gone, reset the session when ok is clicked */
@ -806,7 +798,7 @@ Index: b/xrdp/xrdp_wm.c
}
}
}
@@ -2006,6 +2042,9 @@
@@ -2100,6 +2136,9 @@ xrdp_wm_show_log(struct xrdp_wm *self)
return 0;
}

9
xrdp.changes
View File

@ -1,3 +1,12 @@
-------------------------------------------------------------------
Thu Jul 2 07:07:16 UTC 2020 - Yifan Jiang <yfjiang@suse.com>
- Update to version 0.9.13.1
+ This is a security fix release that includes fixes for the
following local buffer overflow vulnerability (bsc#1173580):
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-4044
- Rebase xrdp-fate318398-change-expired-password.patch
-------------------------------------------------------------------
Wed Jun 17 08:36:17 UTC 2020 - Dominique Leuenberger <dimstar@opensuse.org>

2
xrdp.spec
View File

@ -22,7 +22,7 @@
%endif
Name: xrdp
Version: 0.9.13
Version: 0.9.13.1
Release: 0
Summary: Remote desktop protocol (RDP) server
License: Apache-2.0 AND GPL-2.0-or-later