Bug#1008772: xrdp: Please integrate NMUs and gitlab MR

2022-04-01 Thread Dominik George 
Hi,

> I have just uploaded an NMU prepared by a Kali contributor (in the NM
> queue). Please find the relevant "git am" patches attached. (The two
> patches by Arnaud are also in https://salsa.debian.org/arnaudr/xrdp)
> 
> It fixes CVE-2022-23613 and nothing else.

Thanks a lot!

> I noticed that you have open MR on Gitlab that it would be good to handle.
> There's a former NMU that was never acked and that doesn't appear in
> debian/changelog.
> 
> https://salsa.debian.org/debian-remote-team/xrdp/-/merge_requests

Yep, I am clearly behind on my maintenance work…

I am resolving all of that with the next upload based on the current
upstream version 0.9.19.

-nik


signature.asc
Description: PGP signature

Bug#1008772: xrdp: Please integrate NMUs and gitlab MR

2022-04-01 Thread Arnaud Rebillout 
On Fri, 1 Apr 2022 08:55:45 +0200 Raphael Hertzog 
 wrote:

> I have just uploaded an NMU prepared by a Kali contributor (in the NM
> queue). Please find the relevant "git am" patches attached. (The two
> patches by Arnaud are also in https://salsa.debian.org/arnaudr/xrdp)

I have opened a MR with the changes: 
https://salsa.debian.org/debian-remote-team/xrdp/-/merge_requests/7/commits


--
Arnaud Rebillout / Offensive Security / Kali Linux Developer

Bug#1008772: xrdp: Please integrate NMUs and gitlab MR

2022-04-01 Thread Raphael Hertzog 
Source: xrdp
Version: 0.9.17-2
Severity: wishlist
Tags: patch
User: de...@kali.org
Usertags: origin-kali

Hello,

I have just uploaded an NMU prepared by a Kali contributor (in the NM
queue). Please find the relevant "git am" patches attached. (The two
patches by Arnaud are also in https://salsa.debian.org/arnaudr/xrdp)

It fixes CVE-2022-23613 and nothing else.

I noticed that you have open MR on Gitlab that it would be good to handle.
There's a former NMU that was never acked and that doesn't appear in
debian/changelog.

https://salsa.debian.org/debian-remote-team/xrdp/-/merge_requests


-- System Information:
Debian Release: bookworm/sid
  APT prefers stable-security
  APT policy: (500, 'stable-security'), (500, 'oldoldstable'), (500, 
'unstable'), (500, 'stable'), (500, 'oldstable'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 5.16.0-5-amd64 (SMP w/16 CPU threads; PREEMPT)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

-- 
Raphaël Hertzog
>From 6b20339946d23bae9848c00533d006a35ba16990 Mon Sep 17 00:00:00 2001
From: Arnaud Rebillout 
Date: Fri, 1 Apr 2022 08:25:06 +0700
Subject: [PATCH 1/3] Import upstream patch to fix CVE-2022-23613 (Closes:
 #1005304)

---
 debian/patches/cve-2022-23613.diff | 47 ++
 debian/patches/series  |  1 +
 2 files changed, 48 insertions(+)
 create mode 100644 debian/patches/cve-2022-23613.diff

diff --git a/debian/patches/cve-2022-23613.diff b/debian/patches/cve-2022-23613.diff
new file mode 100644
index ..0a5ebdf1
--- /dev/null
+++ b/debian/patches/cve-2022-23613.diff
@@ -0,0 +1,47 @@
+From: matt335672 <30179339+matt335...@users.noreply.github.com>
+Date: Wed, 2 Feb 2022 10:39:50 +
+Subject: [PATCH] Add lower bound to sesman data input size check
+Origin: upstream, https://github.com/neutrinolabs/xrdp/commit/4def30ab
+
+---
+ sesman/sesman.c | 8 +---
+ 1 file changed, 5 insertions(+), 3 deletions(-)
+
+diff --git a/sesman/sesman.c b/sesman/sesman.c
+index a85769053..e2b057e6a 100644
+--- a/sesman/sesman.c
 b/sesman/sesman.c
+@@ -276,6 +276,7 @@ sesman_close_all(void)
+ static int
+ sesman_data_in(struct trans *self)
+ {
++#define HEADER_SIZE 8
+ int version;
+ int size;
+ 
+@@ -283,9 +284,9 @@ sesman_data_in(struct trans *self)
+ {
+ in_uint32_be(self->in_s, version);
+ in_uint32_be(self->in_s, size);
+-if (size > self->in_s->size)
++if (size < HEADER_SIZE || size > self->in_s->size)
+ {
+-LOG(LOG_LEVEL_ERROR, "sesman_data_in: bad message size");
++LOG(LOG_LEVEL_ERROR, "sesman_data_in: bad message size %d", size);
+ return 1;
+ }
+ self->header_size = size;
+@@ -302,11 +303,12 @@ sesman_data_in(struct trans *self)
+ return 1;
+ }
+ /* reset for next message */
+-self->header_size = 8;
++self->header_size = HEADER_SIZE;
+ self->extra_flags = 0;
+ init_stream(self->in_s, 0); /* Reset input stream pointers */
+ }
+ return 0;
++#undef HEADER_SIZE
+ }
+ 
+ /**/
diff --git a/debian/patches/series b/debian/patches/series
index ecf3e815..a3757c8a 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -8,3 +8,4 @@ pulse-debian.patch
 var-run.diff
 document-certs.diff
 fix-environment.diff
+cve-2022-23613.diff
-- 
2.35.1

>From a0e029b28413f8900845e9e7135c252885b6d5ae Mon Sep 17 00:00:00 2001
From: Arnaud Rebillout 
Date: Fri, 1 Apr 2022 09:34:56 +0700
Subject: [PATCH 2/3] Update changelog for 0.9.17-2.1 release

---
 debian/changelog | 6 ++
 1 file changed, 6 insertions(+)

diff --git a/debian/changelog b/debian/changelog
index 5773a467..527cfa87 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,9 @@
+xrdp (0.9.17-2.1) unstable; urgency=medium
+
+  * Import upstream patch to fix CVE-2022-23613 (Closes: #1005304)
+
+ -- Arnaud Rebillout   Fri, 01 Apr 2022 09:34:47 +0700
+
 xrdp (0.9.17-2) unstable; urgency=medium
 
   * Initialise the environment properly (Closes: #996418, #984782)
-- 
2.35.1

>From 9f4ac4afcee73ce567e5734ba2cacfd1789fb23c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Rapha=C3=ABl=20Hertzog?= 
Date: Fri, 1 Apr 2022 08:44:24 +0200
Subject: [PATCH 3/3] Add non-maintainer upload to changelog entry.

---
 debian/changelog | 1 +
 1 file changed, 1 insertion(+)

diff --git a/debian/changelog b/debian/changelog
index 527cfa87..1a502830 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,5 +1,6 @@
 xrdp (0.9.17-2.1) unstable; urgency=medium
 
+  * Non-maintainer upload.
   * Import upstream patch to fix CVE-2022-23613 (Closes: #1005304)
 
  -- Arnaud Rebillout   Fri, 01 Apr 2022 09:34:47 +0700
-- 
2.35.1