Package: release.debian.org Severity: normal User: release.debian....@packages.debian.org Usertags: unblock
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Please unblock package xrdp The new upload fixes a security issue, CVE-2017-6967. debdiff attached. unblock xrdp/0.9.1-8 - -- System Information: Debian Release: 9.0 APT prefers unstable APT policy: (500, 'unstable'), (500, 'testing'), (500, 'stable') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 4.9.0-2-amd64 (SMP w/4 CPU cores) Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) -----BEGIN PGP SIGNATURE----- iQJ4BAEBCABiFiEEPJ1UpHV1wCb7F/0mt5o8FqDE8pYFAlj+RsoxGmh0dHBzOi8v d3d3LmRvbWluaWstZ2VvcmdlLmRlL2dwZy1wb2xpY3kudHh0LmFzYxIcbmlrQG5h dHVyYWxuZXQuZGUACgkQt5o8FqDE8paFIA//cjCuExHwFCdQEA704IKCqjYNJI7/ GI5u2qNK/2LX54y5F9+cc0yqiAPZ964wynyPc+3ZGidWVBPz1bkNACwHTsxGFxrP fkgfCsiuMEfFpq63VB3ui+0R/WTxFyNdza0nJt8V3/S6afP5KzxvIa4++oTVLnJj cpXOgVrxa2u00/mH3zo4+yZOwhjFqgmcB2qEIoUdhlDq5oRYZG5W6y68yFqIF+7w YeUF3ISDgPDY7ngCxuGHU9aGVkY+Yb/8be/AF5JhQNuTNrMrXQVoZnosGyVWY12e ER/KGt0Xfj+REi1e0Y3Qi6Ik4fTe1JChXOaLOKFGfXoeqkFzZjFwrSVEnoDT5dJ8 h0m3tjHuxuYSPmahK+seO/K0V2nHUR4NV2QUNOj1k/9g2aUZCrFjWpjXADLKqJy8 ll6xkcc5GKwbDZG0hNOH/OoWfEb3u+xhNq7vTPMiuu/43omPsJO3bf/sm0AeQKLk wuBQAg8GAb68KpasTyZeUEY6CS484TPN9GY+1MZmnQmIjEgOLKVinv2NpXHZBQjU Bc2HNeK2nRXxXgkJ1IDYKnprD5fNPMr/1UNkXWOxAdaRCXDrAZcaAnkUuZ3wBsnX Dd0RLQzfX83aiUw/X2Rf0al/QhyiinqN5e0Hx/OLCgd5pGEDKqT+sBQ7RKT2ng74 EUR5uCBxv5Sl2ww= =XzFs -----END PGP SIGNATURE-----
diff -Nru xrdp-0.9.1/debian/changelog xrdp-0.9.1/debian/changelog --- xrdp-0.9.1/debian/changelog 2017-02-18 16:46:17.000000000 +0100 +++ xrdp-0.9.1/debian/changelog 2017-04-24 20:14:36.000000000 +0200 @@ -1,3 +1,9 @@ +xrdp (0.9.1-8) unstable; urgency=medium + + * Fix CVE-2017-6967. (Closes: #858143, #855536) + + -- Dominik George <n...@naturalnet.de> Mon, 24 Apr 2017 20:14:36 +0200 + xrdp (0.9.1-7) unstable; urgency=medium * Fix RFX with large tile sets, e.g. full HD displays. (Closes: #855387) diff -Nru xrdp-0.9.1/debian/patches/cve-2017-6967.diff xrdp-0.9.1/debian/patches/cve-2017-6967.diff --- xrdp-0.9.1/debian/patches/cve-2017-6967.diff 1970-01-01 01:00:00.000000000 +0100 +++ xrdp-0.9.1/debian/patches/cve-2017-6967.diff 2017-04-24 20:14:36.000000000 +0200 @@ -0,0 +1,91 @@ +From: Jay Sorg <jay.s...@gmail.com> +Date: Mon, 20 Mar 2017 18:59:44 -0700 +Subject: [PATCH] sesman: move auth/pam calls to main process +Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=858143 +Origin: https://github.com/neutrinolabs/xrdp/commit/4b8a33e087ee9cf5556b40b717cd7e8ff243b3c3 + +--- a/sesman/scp_v0.c ++++ b/sesman/scp_v0.c +@@ -36,6 +36,7 @@ scp_v0_process(struct SCP_CONNECTION *c, + tbus data; + struct session_item *s_item; + int errorcode = 0; ++ int do_auth_end = 1; + + data = auth_userpass(s->username, s->password, &errorcode); + +@@ -131,6 +132,9 @@ scp_v0_process(struct SCP_CONNECTION *c, + log_message(LOG_LEVEL_INFO, "starting Xorg session..."); + display = session_start(data, SESMAN_SESSION_TYPE_XORG, s); + } ++ /* if the session started up ok, auth_end will be called on ++ sig child */ ++ do_auth_end = display == 0; + } + else + { +@@ -151,5 +155,8 @@ scp_v0_process(struct SCP_CONNECTION *c, + { + scp_v0s_deny_connection(c); + } +- auth_end(data); ++ if (do_auth_end) ++ { ++ auth_end(data); ++ } + } +--- a/sesman/scp_v1.c ++++ b/sesman/scp_v1.c +@@ -38,7 +38,7 @@ void DEFAULT_CC + scp_v1_process(struct SCP_CONNECTION *c, struct SCP_SESSION *s) + { + long data; +- int display; ++ int display = 0; + int retries; + int current_try; + enum SCP_SERVER_STATES_E e; +@@ -46,6 +46,7 @@ scp_v1_process(struct SCP_CONNECTION *c, + struct session_item *sitem; + int scount; + SCP_SID sid; ++ int do_auth_end = 1; + + retries = g_cfg->sec.login_retry; + current_try = retries; +@@ -124,14 +125,21 @@ scp_v1_process(struct SCP_CONNECTION *c, + log_message(LOG_LEVEL_INFO, "starting Xvnc session..."); + display = session_start(data, SESMAN_SESSION_TYPE_XVNC, s); + } +- else ++ else if (SCP_SESSION_TYPE_XRDP == s->type) + { + log_message(LOG_LEVEL_INFO, "starting X11rdp session..."); + display = session_start(data, SESMAN_SESSION_TYPE_XRDP, s); + } ++ else if (SCP_SESSION_TYPE_XORG == s->type) ++ { ++ log_message(LOG_LEVEL_INFO, "starting Xorg session..."); ++ display = session_start(data, SESMAN_SESSION_TYPE_XORG, s); ++ } ++ /* if the session started up ok, auth_end will be called on ++ sig child */ ++ do_auth_end = display == 0; + + e = scp_v1s_connect_new_session(c, display); +- + switch (e) + { + case SCP_SERVER_STATE_OK: +@@ -197,7 +205,10 @@ scp_v1_process(struct SCP_CONNECTION *c, + } + + /* cleanup */ +- auth_end(data); ++ if (do_auth_end) ++ { ++ auth_end(data); ++ } + g_free(slist); + } + diff -Nru xrdp-0.9.1/debian/patches/series xrdp-0.9.1/debian/patches/series --- xrdp-0.9.1/debian/patches/series 2017-02-17 13:08:38.000000000 +0100 +++ xrdp-0.9.1/debian/patches/series 2017-04-24 20:14:36.000000000 +0200 @@ -9,3 +9,4 @@ lfs.diff kb_jp.diff highres.diff +cve-2017-6967.diff
