Accepting request 818275 from home:yfjiang:branches:X11:RemoteDesktop

- Update to version 0.9.13.1 + This is a security fix release that includes fixes for the following local buffer overflow vulnerability (bsc#1173580): https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-4044 - Rebase xrdp-fate318398-change-expired-password.patch OBS-URL: https://build.opensuse.org/request/show/818275 OBS-URL: https://build.opensuse.org/package/show/X11:RemoteDesktop/xrdp?expand=0&rev=84
2020-07-03 02:31:03 +00:00 · 2020-07-03 02:31:03 +00:00 · 7ba98f7ee3
commit 7ba98f7ee3
parent 668c3398e5
7 changed files with 101 additions and 100 deletions
--- a/xrdp-0.9.13.1.tar.gz
+++ b/xrdp-0.9.13.1.tar.gz
@ -0,0 +1,3 @@
 version https://git-lfs.github.com/spec/v1
 oid sha256:e90a15404c060c378a91b3b51899415122e801863b8a00e4ea42a106b184108c
 size 1878031
--- a/xrdp-0.9.13.1.tar.gz.asc
+++ b/xrdp-0.9.13.1.tar.gz.asc
@ -0,0 +1,16 @@
 -----BEGIN PGP SIGNATURE-----
 iQIzBAABCAAdFiEEGKuDipBxZ3RZFIcZA5k7QGXnGTsFAl764e4ACgkQA5k7QGXn
 GTvL6g/+JGmCorupzV7CYN3ThrT8FZtOuYpm3cXQtkpvMMZb7LgzoCn96UWoVnnF
 ldg3cdCvhDtf08Am619Uo1Qtet2Qk1w9ssdEChaz+dN/kw6BB88KtbehIaxEmsu7
 G+NSIQxC6T7gOSEwxNL35gv55fJgmBIyptri592awqIM7Y46704mELoDaHeIu0Je
 B5R9eTuL0Pi02gcWA/8XDnYY6yg1xlh23+Z+yXqKbpX+qltEpuKff+eIDhM1m/N2
 Nd3/sHii9dvX3vXhdq2iH14sk4d701rJ6s+Qfw3iE7UcJLPwiIAIfepj3MU4bo8G
 qwbQwrRHOCTRHlRV9DfQ2ZXqadP52w9D7ZQPE9Iqyk8UBJx3Gd1I8drg2iNBIkeK
 w7sLfJmDdVgyMJjSbQ0CWMkTSzhIpdlRLeDdafusmLwLokpgVWPCeBEc2oW24A7B
 gNysT3iur1vqYpx5PtgAf7eQ9/NqUKLS/nfVfvvCde0apXLgTUIUjOfR5fCkn6VA
 OuqbysoYg+U99iQ/Yy4HWDO9msSf5V8ZoaMggxenbD9OQtJVgu8eaUqory+3jmQe
 MNKUUtdFzy1DYTqkby8hN+ipL0jLA7DQWncx2+w9f0+Vh1t3uBP3z2YnzSORJXFX
 P0CUtlQp0IJxBHqvuItVcOA5aPpErJNz45/UxVjk9btxGiU6feE=
 =n35S
 -----END PGP SIGNATURE-----
--- a/xrdp-0.9.13.tar.gz
+++ b/xrdp-0.9.13.tar.gz
@ -1,3 +0,0 @@
 version https://git-lfs.github.com/spec/v1
 oid sha256:59fe6f32f17e7b86c132e069ee96b754f0555b1197e44e4d070e85591d0271ff
 size 1865444
--- a/xrdp-0.9.13.tar.gz.asc
+++ b/xrdp-0.9.13.tar.gz.asc
@ -1,16 +0,0 @@
 -----BEGIN PGP SIGNATURE-----
 iQIzBAABCAAdFiEEYezqu/K7QOOjXfMKn3LNvAG/EOsFAl5obDYACgkQn3LNvAG/
 EOtPBBAAghM5yYVTLoUU98wOCM8Gx8PQlDaHsWHz6FKzGIo1QgkUaZs4Ixe1CrEi
 ZjInippgf0jSSve/7/KG1WSUDON3bfqSi6y4/wH/vOigy6fKsVUOcIxKtvtABWyR
 iE/jZBt6hoTyHg5DU8jS9KZGHHWUFaPbkgr59FG1lJIjkrqgqRuwK58O3Vrh3zOX
 q9fsHmZ0ZJp/KDUw23OB3yTj6H203SVylBHYQIsc/0EjTCYACU69Oib43pOaphy9
 +9k+kolw86blHk1BY1S16iR3XlG6T/eYzGvRwsyBH9Rqu1nzBwDqACGZfEoZu+hR
 G45sllpuG/VLxjP6JLwZZg56nskiKWlNnkicxGkKhhLANDDm9xf7jGsALaiOp89t
 uwPGJhW7NfHxfNyIDyL+OopLHu0l0qg2O48ATofzqkqEhZicCE1orRXjmKdYrVd0
 rBRVpVaHhU6HAM7qf5QgdmFpyV52aln1O7iaooOx9Axng+4AWagaLyox81k0NNCD
 v7KCsDObuZJWrYa/PmxpxP+ZYRATLvYQjJGfDK6M9k36+jG2Eu9WIDT0ImYIvZ6H
 qWSSqGv20fbmOCpV798NtTbaTPTMWv+XF0xRunU7kxkEJtKwNwPP53Z/ed01oACp
 ZlqCHU/OBAqweVq2t9RkGLhIEq0gVR1BT2BCc1CvAEUkgMCf114=
 =6+xK
 -----END PGP SIGNATURE-----
--- a/xrdp-fate318398-change-expired-password.patch
+++ b/xrdp-fate318398-change-expired-password.patch
@ -1,19 +1,19 @@
-Index: b/sesman/auth.h
+Index: xrdp-0.9.13.1/sesman/auth.h
 ===================================================================
--- a/sesman/auth.h	2017-10-26 13:30:12.000000000 +0800
+--- xrdp-0.9.13.1.orig/sesman/auth.h
-+++ b/sesman/auth.h	2018-01-04 16:40:32.178890000 +0800
+++ xrdp-0.9.13.1/sesman/auth.h
-@@ -106,4 +106,6 @@
+@@ -106,4 +106,6 @@ auth_check_pwd_chg(const char *user);
 int
 auth_change_pwd(const char *user, const char *newpwd);
 +int
 +auth_change_pwd_pam(char* user, char* pass, char* newpwd);
 #endif
-Index: b/sesman/libscp/libscp_session.c
+Index: xrdp-0.9.13.1/sesman/libscp/libscp_session.c
 ===================================================================
--- a/sesman/libscp/libscp_session.c	2017-10-26 13:30:12.000000000 +0800
+--- xrdp-0.9.13.1.orig/sesman/libscp/libscp_session.c
-+++ b/sesman/libscp/libscp_session.c	2018-01-04 16:40:32.178890000 +0800
+++ xrdp-0.9.13.1/sesman/libscp/libscp_session.c
-@@ -75,6 +75,10 @@
+@@ -75,6 +75,10 @@ scp_session_set_type(struct SCP_SESSION
             s->type = SCP_GW_AUTHENTICATION;
             break;
@ -24,7 +24,7 @@ Index: b/sesman/libscp/libscp_session.c
         case SCP_SESSION_TYPE_MANAGE:
             s->type = SCP_SESSION_TYPE_MANAGE;
             s->mng = (struct SCP_MNG_DATA *)g_malloc(sizeof(struct SCP_MNG_DATA), 1);
-@@ -231,6 +235,32 @@
+@@ -231,6 +235,32 @@ scp_session_set_password(struct SCP_SESS
         return 1;
     }
@ -57,10 +57,10 @@ Index: b/sesman/libscp/libscp_session.c
     return 0;
 }
-Index: b/sesman/libscp/libscp_types.h
+Index: xrdp-0.9.13.1/sesman/libscp/libscp_types.h
 ===================================================================
--- a/sesman/libscp/libscp_types.h	2017-10-04 12:44:21.000000000 +0800
+--- xrdp-0.9.13.1.orig/sesman/libscp/libscp_types.h
-+++ b/sesman/libscp/libscp_types.h	2018-01-04 16:40:32.178890000 +0800
+++ xrdp-0.9.13.1/sesman/libscp/libscp_types.h
@@ -47,6 +47,7 @@
  * XRDP sends this command to let sesman verify if the user is allowed
  * to use the gateway */
@ -69,7 +69,7 @@ Index: b/sesman/libscp/libscp_types.h
 #define SCP_ADDRESS_TYPE_IPV4 0x00
 #define SCP_ADDRESS_TYPE_IPV6 0x01
-@@ -77,6 +78,7 @@
+@@ -81,6 +82,7 @@ struct SCP_SESSION
   char  locale[18];
   char* username;
   char* password;
@ -77,41 +77,33 @@ Index: b/sesman/libscp/libscp_types.h
   char* hostname;
   tui8  addr_type;
   tui32 ipv4addr;
-Index: b/sesman/libscp/libscp_v0.c
+Index: xrdp-0.9.13.1/sesman/libscp/libscp_v0.c
 ===================================================================
--- a/sesman/libscp/libscp_v0.c	2017-12-27 22:30:25.000000000 +0800
+--- xrdp-0.9.13.1.orig/sesman/libscp/libscp_v0.c
-+++ b/sesman/libscp/libscp_v0.c	2018-01-04 17:09:58.859805998 +0800
+++ xrdp-0.9.13.1/sesman/libscp/libscp_v0.c
-@@ -329,9 +329,8 @@
+@@ -383,9 +383,9 @@ scp_v0s_init_session(struct SCP_CONNECTI
             }
         }
     }
 -    else if (code == SCP_GW_AUTHENTICATION)
 +    else if (code == SCP_GW_AUTHENTICATION || code == SCP_GW_CHAUTHTOK)
     {
 -        /* g_writeln("Command is SCP_GW_AUTHENTICATION"); */
         session = scp_session_create();
         if (0 == session)
@@ -341,7 +340,7 @@
         }
         scp_session_set_version(session, version);
 -        scp_session_set_type(session, SCP_GW_AUTHENTICATION);
 +        scp_session_set_type(session, code);
         /* reading username */
-         in_uint16_be(c->in_s, sz);
+         if (!in_string16(c->in_s, buf, "username", __LINE__))
-         buf = g_new0(char, sz + 1);
+         {
-@@ -358,6 +357,23 @@
+@@ -399,6 +399,23 @@ scp_v0s_init_session(struct SCP_CONNECTI
             return SCP_SERVER_STATE_INTERNAL_ERR;
         }
         g_free(buf);
 +        if (code == SCP_GW_CHAUTHTOK)
 +        {
 +            /* reading new password */
-+            in_uint16_be(c->in_s, sz);
+            if (!in_string16(c->in_s, buf, "passwd", __LINE__))
-+            buf = g_new0(char, sz + 1);
+            {
-+            in_uint8a(c->in_s, buf, sz);
+                    return SCP_SERVER_STATE_SIZE_ERR;
-+            buf[sz] = '\0';
+            }
 +
 +            if (0 != scp_session_set_newpass(session, buf))
 +            {
@ -123,9 +115,9 @@ Index: b/sesman/libscp/libscp_v0.c
 +        }
 +
         /* reading password */
-         in_uint16_be(c->in_s, sz);
+         if (!in_string16(c->in_s, buf, "passwd", __LINE__))
-         buf = g_new0(char, sz + 1);
+         {
-@@ -435,12 +451,13 @@
+@@ -530,12 +547,13 @@ scp_v0s_deny_connection(struct SCP_CONNE
 /******************************************************************************/
 enum SCP_SERVER_STATES_E
@ -141,11 +133,11 @@ Index: b/sesman/libscp/libscp_v0.c
     out_uint16_be(c->out_s, value);  /* reply code  */
     out_uint16_be(c->out_s, 0);  /* dummy data */
     s_mark_end(c->out_s);
-Index: b/sesman/libscp/libscp_v0.h
+Index: xrdp-0.9.13.1/sesman/libscp/libscp_v0.h
 ===================================================================
--- a/sesman/libscp/libscp_v0.h	2017-07-19 12:23:49.000000000 +0800
+--- xrdp-0.9.13.1.orig/sesman/libscp/libscp_v0.h
-+++ b/sesman/libscp/libscp_v0.h	2018-01-04 16:40:32.182893999 +0800
+++ xrdp-0.9.13.1/sesman/libscp/libscp_v0.h
-@@ -79,6 +79,6 @@
+@@ -79,6 +79,6 @@ scp_v0s_deny_connection(struct SCP_CONNE
  * @return
  */
 enum SCP_SERVER_STATES_E
@ -153,11 +145,11 @@ Index: b/sesman/libscp/libscp_v0.h
 +scp_v0s_replyauthentication(struct SCP_CONNECTION* c, unsigned short int value, tui8 type);
 #endif
-Index: b/sesman/scp_v0.c
+Index: xrdp-0.9.13.1/sesman/scp_v0.c
 ===================================================================
--- a/sesman/scp_v0.c	2017-10-26 13:30:12.000000000 +0800
+--- xrdp-0.9.13.1.orig/sesman/scp_v0.c
-+++ b/sesman/scp_v0.c	2018-01-04 16:40:32.182893999 +0800
+++ xrdp-0.9.13.1/sesman/scp_v0.c
-@@ -42,6 +42,13 @@
+@@ -42,6 +42,13 @@ scp_v0_process(struct SCP_CONNECTION *c,
     int errorcode = 0;
     bool_t do_auth_end = 1;
@ -171,7 +163,7 @@ Index: b/sesman/scp_v0.c
     data = auth_userpass(s->username, s->password, &errorcode);
     if (s->type == SCP_GW_AUTHENTICATION)
-@@ -53,14 +60,14 @@
+@@ -53,14 +60,14 @@ scp_v0_process(struct SCP_CONNECTION *c,
             if (1 == access_login_allowed(s->username))
             {
                 /* the user is member of the correct groups. */
@ -188,7 +180,7 @@ Index: b/sesman/scp_v0.c
                 log_message(LOG_LEVEL_INFO, "Username okey but group problem for "
                             "user: %s", s->username);
                 /* g_writeln("user password ok, but group problem"); */
-@@ -71,7 +78,7 @@
+@@ -71,7 +78,7 @@ scp_v0_process(struct SCP_CONNECTION *c,
             /* g_writeln("username or password error"); */
             log_message(LOG_LEVEL_INFO, "Username or password error for user: %s",
                         s->username);
@ -197,11 +189,11 @@ Index: b/sesman/scp_v0.c
         }
     }
     else if (data)
-Index: b/sesman/verify_user_pam.c
+Index: xrdp-0.9.13.1/sesman/verify_user_pam.c
 ===================================================================
--- a/sesman/verify_user_pam.c	2017-11-27 09:42:43.000000000 +0800
+--- xrdp-0.9.13.1.orig/sesman/verify_user_pam.c
-+++ b/sesman/verify_user_pam.c	2018-01-04 16:40:32.182893999 +0800
+++ xrdp-0.9.13.1/sesman/verify_user_pam.c
-@@ -38,6 +38,7 @@
+@@ -38,6 +38,7 @@ struct t_user_pass
 {
     char user[256];
     char pass[256];
@ -209,7 +201,7 @@ Index: b/sesman/verify_user_pam.c
 };
 struct t_auth_info
-@@ -86,6 +87,55 @@
+@@ -86,6 +87,55 @@ verify_pam_conv(int num_msg, const struc
 }
 /******************************************************************************/
@ -265,7 +257,7 @@ Index: b/sesman/verify_user_pam.c
 static void
 get_service_name(char *service_name)
 {
-@@ -103,6 +153,52 @@
+@@ -103,6 +153,52 @@ get_service_name(char *service_name)
 }
 /******************************************************************************/
@ -318,11 +310,11 @@ Index: b/sesman/verify_user_pam.c
 /* returns long, zero is no go
  Stores the detailed error code in the errorcode variable*/
-Index: b/xrdp/xrdp_login_wnd.c
+Index: xrdp-0.9.13.1/xrdp/xrdp_login_wnd.c
 ===================================================================
--- a/xrdp/xrdp_login_wnd.c	2017-11-27 09:42:43.000000000 +0800
+--- xrdp-0.9.13.1.orig/xrdp/xrdp_login_wnd.c
-+++ b/xrdp/xrdp_login_wnd.c	2018-01-04 16:40:32.182893999 +0800
+++ xrdp-0.9.13.1/xrdp/xrdp_login_wnd.c
-@@ -187,7 +187,14 @@
+@@ -187,7 +187,14 @@ xrdp_wm_cancel_clicked(struct xrdp_bitma
     {
         if (wnd->wm != 0)
         {
@ -338,7 +330,7 @@ Index: b/xrdp/xrdp_login_wnd.c
             {
                 g_set_wait_obj(wnd->wm->pro_layer->self_term_event);
             }
-@@ -245,7 +252,29 @@
+@@ -245,7 +252,29 @@ xrdp_wm_ok_clicked(struct xrdp_bitmap *w
     }
     else
     {
@ -369,7 +361,7 @@ Index: b/xrdp/xrdp_login_wnd.c
     }
     return 0;
-@@ -545,6 +574,32 @@
+@@ -545,6 +574,32 @@ xrdp_wm_login_notify(struct xrdp_bitmap
     return 0;
 }
@ -402,7 +394,7 @@ Index: b/xrdp/xrdp_login_wnd.c
 /******************************************************************************/
 static int
 xrdp_wm_login_fill_in_combo(struct xrdp_wm *self, struct xrdp_bitmap *b)
-@@ -825,6 +880,103 @@
+@@ -825,6 +880,103 @@ xrdp_login_wnd_create(struct xrdp_wm *se
     return 0;
 }
@ -506,11 +498,11 @@ Index: b/xrdp/xrdp_login_wnd.c
 /**
  * Load configuration from xrdp.ini file
-Index: b/xrdp/xrdp_mm.c
+Index: xrdp-0.9.13.1/xrdp/xrdp_mm.c
 ===================================================================
--- a/xrdp/xrdp_mm.c	2017-12-27 22:30:26.000000000 +0800
+--- xrdp-0.9.13.1.orig/xrdp/xrdp_mm.c
-+++ b/xrdp/xrdp_mm.c	2018-01-04 16:40:32.182893999 +0800
+++ xrdp-0.9.13.1/xrdp/xrdp_mm.c
-@@ -1458,7 +1458,7 @@
+@@ -1781,7 +1781,7 @@ xrdp_mm_sesman_data_in(struct trans *tra
 /*********************************************************************/
 /* return 0 on success */
 static int
@ -519,7 +511,7 @@ Index: b/xrdp/xrdp_mm.c
 {
     int reply;
     int rec = 32+1; /* 32 is reserved for PAM failures this means connect failure */
-@@ -1486,7 +1486,8 @@
+@@ -1809,7 +1809,8 @@ access_control(char *username, char *pas
             make_stream(out_s);
             init_stream(out_s, 500);
             s_push_layer(out_s, channel_hdr, 8);
@ -529,7 +521,7 @@ Index: b/xrdp/xrdp_mm.c
             index = g_strlen(username);
             out_uint16_be(out_s, index);
             out_uint8a(out_s, username, index);
-@@ -1494,6 +1495,14 @@
+@@ -1817,6 +1818,14 @@ access_control(char *username, char *pas
             index = g_strlen(password);
             out_uint16_be(out_s, index);
             out_uint8a(out_s, password, index);
@ -544,7 +536,7 @@ Index: b/xrdp/xrdp_mm.c
             s_mark_end(out_s);
             s_pop_layer(out_s, channel_hdr);
             out_uint32_be(out_s, 0); /* version */
-@@ -1523,15 +1532,19 @@
+@@ -1846,15 +1855,19 @@ access_control(char *username, char *pas
                             in_uint16_be(in_s, pAM_errorcode); /* this variable holds the PAM error code if the variable is >32 it is a "invented" code */
                             in_uint16_be(in_s, dummy);
@ -568,7 +560,7 @@ Index: b/xrdp/xrdp_mm.c
                         }
                         else
                         {
-@@ -1849,7 +1862,7 @@
+@@ -2172,7 +2185,7 @@ xrdp_mm_connect(struct xrdp_mm *self)
     char port[8];
     char chansrvport[256];
 #ifndef USE_NOPAM
@ -577,7 +569,7 @@ Index: b/xrdp/xrdp_mm.c
     char pam_auth_sessionIP[256];
     char pam_auth_password[256];
     char pam_auth_username[256];
-@@ -1889,7 +1902,7 @@
+@@ -2212,7 +2225,7 @@ xrdp_mm_connect(struct xrdp_mm *self)
 #ifndef USE_NOPAM
         else if (g_strcasecmp(name, "pamusername") == 0)
         {
@ -586,7 +578,7 @@ Index: b/xrdp/xrdp_mm.c
             g_strncpy(pam_auth_username, value, 255);
         }
         else if (g_strcasecmp(name, "pamsessionmng") == 0)
-@@ -1917,45 +1930,56 @@
+@@ -2240,45 +2253,56 @@ xrdp_mm_connect(struct xrdp_mm *self)
     }
 #ifndef USE_NOPAM
@ -674,7 +666,7 @@ Index: b/xrdp/xrdp_mm.c
     }
 #endif
-@@ -2048,6 +2072,59 @@
+@@ -2374,6 +2398,59 @@ xrdp_mm_connect(struct xrdp_mm *self)
     return rv;
 }
@ -734,11 +726,11 @@ Index: b/xrdp/xrdp_mm.c
 /*****************************************************************************/
 int
 xrdp_mm_get_wait_objs(struct xrdp_mm *self,
-Index: b/xrdp/xrdp_types.h
+Index: xrdp-0.9.13.1/xrdp/xrdp_types.h
 ===================================================================
--- a/xrdp/xrdp_types.h	2017-07-19 12:23:49.000000000 +0800
+--- xrdp-0.9.13.1.orig/xrdp/xrdp_types.h
-+++ b/xrdp/xrdp_types.h	2018-01-04 16:40:32.182893999 +0800
+++ xrdp-0.9.13.1/xrdp/xrdp_types.h
-@@ -325,6 +325,7 @@
+@@ -329,6 +329,7 @@ struct xrdp_wm
   struct xrdp_cache* cache;
   int palette[256];
   struct xrdp_bitmap* login_window;
@ -746,11 +738,11 @@ Index: b/xrdp/xrdp_types.h
   /* generic colors */
   int black;
   int grey;
-Index: b/xrdp/xrdp_wm.c
+Index: xrdp-0.9.13.1/xrdp/xrdp_wm.c
 ===================================================================
--- a/xrdp/xrdp_wm.c	2018-01-04 16:40:31.998709999 +0800
+--- xrdp-0.9.13.1.orig/xrdp/xrdp_wm.c
-+++ b/xrdp/xrdp_wm.c	2018-01-04 16:40:32.182893999 +0800
+++ xrdp-0.9.13.1/xrdp/xrdp_wm.c
-@@ -1896,6 +1896,34 @@
+@@ -1990,6 +1990,34 @@ xrdp_wm_login_mode_changed(struct xrdp_w
         self->dragging = 0;
         xrdp_wm_set_login_mode(self, 11);
     }
@ -785,7 +777,7 @@ Index: b/xrdp/xrdp_wm.c
     return 0;
 }
-@@ -1940,11 +1968,19 @@
+@@ -2034,11 +2062,19 @@ xrdp_wm_log_wnd_notify(struct xrdp_bitma
             xrdp_bitmap_invalidate(wm->screen, &rect);
             /* if module is gone, reset the session when ok is clicked */
@ -806,7 +798,7 @@ Index: b/xrdp/xrdp_wm.c
             }
         }
     }
-@@ -2006,6 +2042,9 @@
+@@ -2100,6 +2136,9 @@ xrdp_wm_show_log(struct xrdp_wm *self)
         return 0;
     }
--- a/xrdp.changes
+++ b/xrdp.changes
@ -1,3 +1,12 @@
 -------------------------------------------------------------------
 Thu Jul  2 07:07:16 UTC 2020 - Yifan Jiang <yfjiang@suse.com>
 - Update to version 0.9.13.1
  + This is a security fix release that includes fixes for the
    following local buffer overflow vulnerability (bsc#1173580):
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-4044
 - Rebase xrdp-fate318398-change-expired-password.patch
 -------------------------------------------------------------------
 Wed Jun 17 08:36:17 UTC 2020 - Dominique Leuenberger <dimstar@opensuse.org>
--- a/xrdp.spec
+++ b/xrdp.spec
@ -22,7 +22,7 @@
 %endif
 Name:           xrdp
-Version:        0.9.13
+Version:        0.9.13.1
 Release:        0
 Summary:        Remote desktop protocol (RDP) server
 License:        Apache-2.0 AND GPL-2.0-or-later