Package: release.debian.org Severity: normal Tags: stretch User: release.debian....@packages.debian.org Usertags: pu
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Dear stable release managers, I would like to update xrdp in stretch. xrdp 0.9.1-9 has a bug marked as important in the BTS, causing xrdp to go into an endless loop whewn shutting down an SSL context and causing very high load on the system when it does. https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=876976 Find attached the debdiff between the current stable version and the proposed update. Cheers, Nik - -- System Information: Debian Release: buster/sid APT prefers unstable-debug APT policy: (500, 'unstable-debug'), (500, 'unstable'), (1, 'experimental-debug') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 4.12.0-2-amd64 (SMP w/4 CPU cores) Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), LANGUAGE=en (charmap=UTF-8) Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) -----BEGIN PGP SIGNATURE----- iQJ4BAEBCABiFiEEPJ1UpHV1wCb7F/0mt5o8FqDE8pYFAlnnJwkxGmh0dHBzOi8v d3d3LmRvbWluaWstZ2VvcmdlLmRlL2dwZy1wb2xpY3kudHh0LmFzYxIcbmlrQG5h dHVyYWxuZXQuZGUACgkQt5o8FqDE8pZwuRAApyqFBZMpTFICL5NOrVXnC43+W0I5 q2ft6ukZ+9nhSMYsFCohxtqthfzn3YW2CcSHBmfk5Ig/+UST+zARiw48qM+a0/pW Wr9gsK2UMlnSve1R/4kw5NKfFfAxTF1L+JGvvAbEwfsM42jLdQkQOb/7uc8oe+bE OEKs+HvU5PcsAGv4beoLANtWzikg1nIoukppyRPaZx3HY3iGZv5NVRmrY68mWYHM /Z8dv4spg6qpCOt8PrMmIe7K2SbS4apUKNDjbgh/BFAkHSKQs3xpBKeGmtFak4oM mc2GmvHfcDG74qqNOn0Z/NwKaQhBUWjEx/Ok45ctNWcKObk5WZ02G5zrhYz7K7J6 Y0QKoC+f1E8zH0iQAhW80AaOIFZfT1OonNLpxQcc/JECQYSIxZsr/e6EAEeQWCeV OUCLZh/7tBpnRwzXKAEr36QGlKfyjtchCnbgfFO+2yiaOIc2mn8Lx5QgSUnv+vlV HGqVvdtZecDKz862zKew495Xuf16gBxg95zS5sfKzLEG+xzspr41Pve+QC25rJry BV3OsrS4IhpMaOUQEyJhY+AncWX0ZvWQraPF7Ise5YWiI5sjIFGmQkjqjoT2QiB/ pFYnOUaPv7zkPaBI3NL4+GZyMskPba16gnL0032HrIRhFdAerXd6bUBtX50Gq9FF jfjCKuq2/VZbMzY= =z88f -----END PGP SIGNATURE-----
diff -Nru xrdp-0.9.1/debian/changelog xrdp-0.9.1/debian/changelog --- xrdp-0.9.1/debian/changelog 2017-05-04 18:59:10.000000000 +0200 +++ xrdp-0.9.1/debian/changelog 2017-10-18 11:56:31.000000000 +0200 @@ -1,3 +1,11 @@ +xrdp (0.9.1-9+deb9u1) stable; urgency=medium + + * Fix high CPU load on SSL shutdown. (Closes: #876976) + + xrdp could in some situations cause permanent high load on a + system if an SSL shutdown got into an endless loop. + + -- Dominik George <n...@naturalnet.de> Wed, 18 Oct 2017 11:56:31 +0200 + xrdp (0.9.1-9) unstable; urgency=high * Revisit incomplete fix for CVE-2017-6967. (Closes: #858143) diff -Nru xrdp-0.9.1/debian/patches/fix-876976.patch xrdp-0.9.1/debian/patches/fix-876976.patch --- xrdp-0.9.1/debian/patches/fix-876976.patch 1970-01-01 01:00:00.000000000 +0100 +++ xrdp-0.9.1/debian/patches/fix-876976.patch 2017-10-18 11:53:29.000000000 +0200 @@ -0,0 +1,16 @@ +From: Jay Sorg <jay.s...@gmail.com> +Origin: https://github.com/neutrinolabs/xrdp/commit/2c96908ea500880c71d3593dd2b2b5b5275bdbf5 +Subject: if SSL_shutdown fails, only call one more time +Bug: https://github.com/neutrinolabs/xrdp/issues/872 +Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=876976 +--- a/common/ssl_calls.c ++++ b/common/ssl_calls.c +@@ -754,7 +754,7 @@ ssl_tls_disconnect(struct ssl_tls *self) + return 0; + } + status = SSL_shutdown(self->ssl); +- while (status != 1) ++ if (status != 1) + { + status = SSL_shutdown(self->ssl); + if (status <= 0) diff -Nru xrdp-0.9.1/debian/patches/series xrdp-0.9.1/debian/patches/series --- xrdp-0.9.1/debian/patches/series 2017-04-27 12:48:33.000000000 +0200 +++ xrdp-0.9.1/debian/patches/series 2017-10-18 11:50:09.000000000 +0200 @@ -10,3 +10,4 @@ kb_jp.diff highres.diff cve-2017-6967.diff +fix-876976.patch