3 files changed, 4 insertions, 229 deletions
diff --git a/meta-oe/recipes-support/xrdp/xrdp/0001-Fix-of-CVE-2017-16927.patch b/meta-oe/recipes-support/xrdp/xrdp/0001-Fix-of-CVE-2017-16927.patch
deleted file mode 100644
index 4c93647f67..0000000000
--- a/meta-oe/recipes-support/xrdp/xrdp/0001-Fix-of-CVE-2017-16927.patch
+++ /dev/null
@@ -1,148 +0,0 @@
-Subject: [PATCH] Fix CVE-2017-16927
-sesman: scpv0, accept variable length data fields
-Upstream-Status: Backport 
---
- sesman/libscp/libscp_v0.c | 32 +++++++++++++++++++++++++-------
- 1 file changed, 25 insertions(+), 7 deletions(-)
-diff --git a/sesman/libscp/libscp_v0.c b/sesman/libscp/libscp_v0.c
-index 5a0c8bf..5693407 100644
--- a/sesman/libscp/libscp_v0.c
-+++ b/sesman/libscp/libscp_v0.c
-@@ -161,7 +161,7 @@ scp_v0s_accept(struct SCP_CONNECTION *c, struct SCP_SESSION **s, int skipVchk)
-     struct SCP_SESSION *session = 0;
-     tui16 sz;
-     tui32 code = 0;
-    char buf[257];
-+    char *buf = 0;
- 
-     if (!skipVchk)
-     {
-@@ -226,27 +226,31 @@ scp_v0s_accept(struct SCP_CONNECTION *c, struct SCP_SESSION **s, int skipVchk)
- 
-         /* reading username */
-         in_uint16_be(c->in_s, sz);
-        buf[sz] = '\0';
-+        buf = g_new0(char, sz);
-         in_uint8a(c->in_s, buf, sz);
-
-+        buf[sz] = '\0';
-         if (0 != scp_session_set_username(session, buf))
-         {
-             scp_session_destroy(session);
-             log_message(LOG_LEVEL_WARNING, "[v0:%d] connection aborted: error setting username", __LINE__);
-+            g_free(buf);
-             return SCP_SERVER_STATE_INTERNAL_ERR;
-         }
-+        g_free(buf);
- 
-         /* reading password */
-         in_uint16_be(c->in_s, sz);
-        buf[sz] = '\0';
-+        buf = g_new0(char, sz);
-         in_uint8a(c->in_s, buf, sz);
-
-+        buf[sz] = '\0';
-         if (0 != scp_session_set_password(session, buf))
-         {
-             scp_session_destroy(session);
-             log_message(LOG_LEVEL_WARNING, "[v0:%d] connection aborted: error setting password", __LINE__);
-+            g_free(buf);
-             return SCP_SERVER_STATE_INTERNAL_ERR;
-         }
-+        g_free(buf);
- 
-         /* width */
-         in_uint16_be(c->in_s, sz);
-@@ -272,9 +276,11 @@ scp_v0s_accept(struct SCP_CONNECTION *c, struct SCP_SESSION **s, int skipVchk)
- 
-             if (sz > 0)
-             {
-+                buf = g_new0(char, sz);
-                 in_uint8a(c->in_s, buf, sz);
-                 buf[sz] = '\0';
-                 scp_session_set_domain(session, buf);
-+                g_free(buf);
-             }
-         }
- 
-@@ -285,9 +291,11 @@ scp_v0s_accept(struct SCP_CONNECTION *c, struct SCP_SESSION **s, int skipVchk)
- 
-             if (sz > 0)
-             {
-+                buf = g_new0(char, sz);
-                 in_uint8a(c->in_s, buf, sz);
-                 buf[sz] = '\0';
-                 scp_session_set_program(session, buf);
-+                g_free(buf);
-             }
-         }
- 
-@@ -298,9 +306,11 @@ scp_v0s_accept(struct SCP_CONNECTION *c, struct SCP_SESSION **s, int skipVchk)
- 
-             if (sz > 0)
-             {
-+                buf = g_new0(char, sz);
-                 in_uint8a(c->in_s, buf, sz);
-                 buf[sz] = '\0';
-                 scp_session_set_directory(session, buf);
-+                g_free(buf);
-             }
-         }
- 
-@@ -311,9 +321,11 @@ scp_v0s_accept(struct SCP_CONNECTION *c, struct SCP_SESSION **s, int skipVchk)
- 
-             if (sz > 0)
-             {
-+                buf = g_new0(char, sz);
-                 in_uint8a(c->in_s, buf, sz);
-                 buf[sz] = '\0';
-                 scp_session_set_client_ip(session, buf);
-+                g_free(buf);
-             }
-         }
-     }
-@@ -332,29 +344,35 @@ scp_v0s_accept(struct SCP_CONNECTION *c, struct SCP_SESSION **s, int skipVchk)
-         scp_session_set_type(session, SCP_GW_AUTHENTICATION);
-         /* reading username */
-         in_uint16_be(c->in_s, sz);
-        buf[sz] = '\0';
-+        buf = g_new0(char, sz);
-         in_uint8a(c->in_s, buf, sz);
-+        buf[sz] = '\0';
- 
-         /* g_writeln("Received user name: %s",buf); */
-         if (0 != scp_session_set_username(session, buf))
-         {
-             scp_session_destroy(session);
-             /* until syslog merge log_message(s_log, LOG_LEVEL_WARNING, "[v0:%d] connection aborted: error setting        username", __LINE__);*/
-+            g_free(buf);
-             return SCP_SERVER_STATE_INTERNAL_ERR;
-         }
-+        g_free(buf);
- 
-         /* reading password */
-         in_uint16_be(c->in_s, sz);
-        buf[sz] = '\0';
-+        buf = g_new0(char, sz);
-         in_uint8a(c->in_s, buf, sz);
-+        buf[sz] = '\0';
- 
-         /* g_writeln("Received password: %s",buf); */
-         if (0 != scp_session_set_password(session, buf))
-         {
-             scp_session_destroy(session);
-             /* until syslog merge log_message(s_log, LOG_LEVEL_WARNING, "[v0:%d] connection aborted: error setting password", __LINE__); */
-+            g_free(buf);
-             return SCP_SERVER_STATE_INTERNAL_ERR;
-         }
-+        g_free(buf);
-     }
-     else
-     {
-- 
-2.7.4
diff --git a/meta-oe/recipes-support/xrdp/xrdp/0001-Fix-sesman.ini-and-xrdp.ini.patch b/meta-oe/recipes-support/xrdp/xrdp/0001-Fix-sesman.ini-and-xrdp.ini.patch
deleted file mode 100644
index deaadde8c7..0000000000
--- a/meta-oe/recipes-support/xrdp/xrdp/0001-Fix-sesman.ini-and-xrdp.ini.patch
+++ /dev/null
@@ -1,75 +0,0 @@
-From a9c460f158d68c1b3de6a31ce853de5379977695 Mon Sep 17 00:00:00 2001
-From: Lei Maohui <leimaohui@cn.fujitsu.com>
-Date: Thu, 30 Nov 2017 11:10:04 +0900
-Subject: [PATCH] Fix sesman.ini and xrdp.ini
-Signed-off-by: Lei Maohui <leimaohui@cn.fujitsu.com>
---
- sesman/sesman.ini | 20 ++++++--------------
- xrdp/xrdp.ini     | 10 ----------
- 2 files changed, 6 insertions(+), 24 deletions(-)
-diff --git a/sesman/sesman.ini b/sesman/sesman.ini
-index 8225ee4..c09189e 100644
--- a/sesman/sesman.ini
-+++ b/sesman/sesman.ini
-@@ -54,12 +54,14 @@ LogLevel=DEBUG
- EnableSyslog=1
- SyslogLevel=DEBUG
- 
-[X11rdp]
-param=X11rdp
-param=-bs
-+[Xorg]
-+param=Xorg
-+param=-config
-+param=xrdp/xorg.conf
-+param=-noreset
- param=-nolisten
- param=tcp
-param=-uds
-+
- 
- [Xvnc]
- param=Xvnc
-@@ -70,16 +72,6 @@ param=-localhost
- param=-dpi
- param=96
- 
-[Xorg]
-param=Xorg
-param=-config
-param=xrdp/xorg.conf
-param=-noreset
-param=-nolisten
-param=tcp
-param=-logfile
-param=.xorgxrdp.%s.log
-
- [Chansrv]
- ; drive redirection, defaults to xrdp_client if not set
- FuseMountName=thinclient_drives
-diff --git a/xrdp/xrdp.ini b/xrdp/xrdp.ini
-index cb6d7c3..9f63a69 100644
--- a/xrdp/xrdp.ini
-+++ b/xrdp/xrdp.ini
-@@ -157,16 +157,6 @@ ip=127.0.0.1
- port=-1
- code=20
- 
-[X11rdp]
-name=X11rdp
-lib=libxup.so
-username=ask
-password=ask
-ip=127.0.0.1
-port=-1
-xserverbpp=24
-code=10
-
- [Xvnc]
- name=Xvnc
- lib=libvnc.so
-- 
-1.8.4.2
diff --git a/meta-oe/recipes-support/xrdp/xrdp_0.9.4.bb b/meta-oe/recipes-support/xrdp/xrdp_0.9.11.bb
index 3ef7c9853f..75caf8d6bb 100644
--- a/meta-oe/recipes-support/xrdp/xrdp_0.9.4.bb
+++ b/meta-oe/recipes-support/xrdp/xrdp_0.9.11.bb
@@ -12,15 +12,13 @@ REQUIRED_DISTRO_FEATURES = "x11 pam"
 SRC_URI = "git://github.com/neutrinolabs/xrdp.git \
           file://xrdp.sysconfig \
-           file://0001-Fix-sesman.ini-and-xrdp.ini.patch \
           file://0001-Added-req_distinguished_name-in-etc-xrdp-openssl.con.patch \
           file://0001-Fix-the-compile-error.patch \
-           file://0001-Fix-of-CVE-2017-16927.patch \
           "
-SRCREV = "c295dd61b882e8b56677cf12791f43634f9190b5"
+SRCREV = "1e4b03eb3c9aa7173de251a328c93c073dcc0fca"
-PV = "0.9.4+git${SRCPV}"
+PV = "0.9.11"
 S = "${WORKDIR}/git"
@@ -68,9 +66,9 @@ do_install_append() {
        sed -i -e 's,@sbindir@,${sbindir},g' ${D}${systemd_unitdir}/system/xrdp.service ${D}${systemd_unitdir}/system/xrdp-sesman.service
        install -m 0644 ${S}/instfiles/*.ini ${D}${sysconfdir}/xrdp/
-        install -m 0644 ${S}/sesman/sesman.ini ${D}${sysconfdir}/xrdp/
+        install -m 0644 ${S}/sesman/sesman.ini.in ${D}${sysconfdir}/xrdp/
        install -m 0644 ${S}/sesman/startwm.sh ${D}${sysconfdir}/xrdp/
-        install -m 0644 ${S}/xrdp/xrdp.ini ${D}${sysconfdir}/xrdp/
+        install -m 0644 ${S}/xrdp/xrdp.ini.in ${D}${sysconfdir}/xrdp/
        install -m 0644 ${S}/xrdp/xrdp_keyboard.ini ${D}${sysconfdir}/xrdp/
        install -m 0644 ${S}/instfiles/xrdp.sh ${D}${sysconfdir}/xrdp/
        install -m 0644 ${S}/keygen/openssl.conf ${D}${sysconfdir}/xrdp/

diff --git a/meta-oe/recipes-support/xrdp/xrdp/0001-Fix-of-CVE-2017-16927.patch b/meta-oe/recipes-support/xrdp/xrdp/0001-Fix-of-CVE-2017-16927.patch deleted file mode 100644 index 4c93647f67..0000000000 --- a/meta-oe/recipes-support/xrdp/xrdp/0001-Fix-of-CVE-2017-16927.patch +++ /dev/null
@@ -1,148 +0,0 @@
1	Subject: [PATCH] Fix CVE-2017-16927
2
3	sesman: scpv0, accept variable length data fields
4
5	Upstream-Status: Backport
6
7	---
8	sesman/libscp/libscp_v0.c \| 32 +++++++++++++++++++++++++-------
9	1 file changed, 25 insertions(+), 7 deletions(-)
10
11	diff --git a/sesman/libscp/libscp_v0.c b/sesman/libscp/libscp_v0.c
12	index 5a0c8bf..5693407 100644
13	--- a/sesman/libscp/libscp_v0.c
14	+++ b/sesman/libscp/libscp_v0.c
15	@@ -161,7 +161,7 @@ scp_v0s_accept(struct SCP_CONNECTION c, struct SCP_SESSION *s, int skipVchk)
16	struct SCP_SESSION *session = 0;
17	tui16 sz;
18	tui32 code = 0;
19	- char buf[257];
20	+ char *buf = 0;
21
22	if (!skipVchk)
23	{
24	@@ -226,27 +226,31 @@ scp_v0s_accept(struct SCP_CONNECTION c, struct SCP_SESSION *s, int skipVchk)
25
26	/* reading username */
27	in_uint16_be(c->in_s, sz);
28	- buf[sz] = '\0';
29	+ buf = g_new0(char, sz);
30	in_uint8a(c->in_s, buf, sz);
31	-
32	+ buf[sz] = '\0';
33	if (0 != scp_session_set_username(session, buf))
34	{
35	scp_session_destroy(session);
36	log_message(LOG_LEVEL_WARNING, "[v0:%d] connection aborted: error setting username", __LINE__);
37	+ g_free(buf);
38	return SCP_SERVER_STATE_INTERNAL_ERR;
39	}
40	+ g_free(buf);
41
42	/* reading password */
43	in_uint16_be(c->in_s, sz);
44	- buf[sz] = '\0';
45	+ buf = g_new0(char, sz);
46	in_uint8a(c->in_s, buf, sz);
47	-
48	+ buf[sz] = '\0';
49	if (0 != scp_session_set_password(session, buf))
50	{
51	scp_session_destroy(session);
52	log_message(LOG_LEVEL_WARNING, "[v0:%d] connection aborted: error setting password", __LINE__);
53	+ g_free(buf);
54	return SCP_SERVER_STATE_INTERNAL_ERR;
55	}
56	+ g_free(buf);
57
58	/* width */
59	in_uint16_be(c->in_s, sz);
60	@@ -272,9 +276,11 @@ scp_v0s_accept(struct SCP_CONNECTION c, struct SCP_SESSION *s, int skipVchk)
61
62	if (sz > 0)
63	{
64	+ buf = g_new0(char, sz);
65	in_uint8a(c->in_s, buf, sz);
66	buf[sz] = '\0';
67	scp_session_set_domain(session, buf);
68	+ g_free(buf);
69	}
70	}
71
72	@@ -285,9 +291,11 @@ scp_v0s_accept(struct SCP_CONNECTION c, struct SCP_SESSION *s, int skipVchk)
73
74	if (sz > 0)
75	{
76	+ buf = g_new0(char, sz);
77	in_uint8a(c->in_s, buf, sz);
78	buf[sz] = '\0';
79	scp_session_set_program(session, buf);
80	+ g_free(buf);
81	}
82	}
83
84	@@ -298,9 +306,11 @@ scp_v0s_accept(struct SCP_CONNECTION c, struct SCP_SESSION *s, int skipVchk)
85
86	if (sz > 0)
87	{
88	+ buf = g_new0(char, sz);
89	in_uint8a(c->in_s, buf, sz);
90	buf[sz] = '\0';
91	scp_session_set_directory(session, buf);
92	+ g_free(buf);
93	}
94	}
95
96	@@ -311,9 +321,11 @@ scp_v0s_accept(struct SCP_CONNECTION c, struct SCP_SESSION *s, int skipVchk)
97
98	if (sz > 0)
99	{
100	+ buf = g_new0(char, sz);
101	in_uint8a(c->in_s, buf, sz);
102	buf[sz] = '\0';
103	scp_session_set_client_ip(session, buf);
104	+ g_free(buf);
105	}
106	}
107	}
108	@@ -332,29 +344,35 @@ scp_v0s_accept(struct SCP_CONNECTION c, struct SCP_SESSION *s, int skipVchk)
109	scp_session_set_type(session, SCP_GW_AUTHENTICATION);
110	/* reading username */
111	in_uint16_be(c->in_s, sz);
112	- buf[sz] = '\0';
113	+ buf = g_new0(char, sz);
114	in_uint8a(c->in_s, buf, sz);
115	+ buf[sz] = '\0';
116
117	/* g_writeln("Received user name: %s",buf); */
118	if (0 != scp_session_set_username(session, buf))
119	{
120	scp_session_destroy(session);
121	/* until syslog merge log_message(s_log, LOG_LEVEL_WARNING, "[v0:%d] connection aborted: error setting username", __LINE__);*/
122	+ g_free(buf);
123	return SCP_SERVER_STATE_INTERNAL_ERR;
124	}
125	+ g_free(buf);
126
127	/* reading password */
128	in_uint16_be(c->in_s, sz);
129	- buf[sz] = '\0';
130	+ buf = g_new0(char, sz);
131	in_uint8a(c->in_s, buf, sz);
132	+ buf[sz] = '\0';
133
134	/* g_writeln("Received password: %s",buf); */
135	if (0 != scp_session_set_password(session, buf))
136	{
137	scp_session_destroy(session);
138	/* until syslog merge log_message(s_log, LOG_LEVEL_WARNING, "[v0:%d] connection aborted: error setting password", __LINE__); */
139	+ g_free(buf);
140	return SCP_SERVER_STATE_INTERNAL_ERR;
141	}
142	+ g_free(buf);
143	}
144	else
145	{
146	--
147	2.7.4
148


diff --git a/meta-oe/recipes-support/xrdp/xrdp/0001-Fix-sesman.ini-and-xrdp.ini.patch b/meta-oe/recipes-support/xrdp/xrdp/0001-Fix-sesman.ini-and-xrdp.ini.patch deleted file mode 100644 index deaadde8c7..0000000000 --- a/meta-oe/recipes-support/xrdp/xrdp/0001-Fix-sesman.ini-and-xrdp.ini.patch +++ /dev/null
@@ -1,75 +0,0 @@
1	From a9c460f158d68c1b3de6a31ce853de5379977695 Mon Sep 17 00:00:00 2001
2	From: Lei Maohui <leimaohui@cn.fujitsu.com>
3	Date: Thu, 30 Nov 2017 11:10:04 +0900
4	Subject: [PATCH] Fix sesman.ini and xrdp.ini
5
6	Signed-off-by: Lei Maohui <leimaohui@cn.fujitsu.com>
7	---
8	sesman/sesman.ini \| 20 ++++++--------------
9	xrdp/xrdp.ini \| 10 ----------
10	2 files changed, 6 insertions(+), 24 deletions(-)
11
12	diff --git a/sesman/sesman.ini b/sesman/sesman.ini
13	index 8225ee4..c09189e 100644
14	--- a/sesman/sesman.ini
15	+++ b/sesman/sesman.ini
16	@@ -54,12 +54,14 @@ LogLevel=DEBUG
17	EnableSyslog=1
18	SyslogLevel=DEBUG
19
20	-[X11rdp]
21	-param=X11rdp
22	-param=-bs
23	+[Xorg]
24	+param=Xorg
25	+param=-config
26	+param=xrdp/xorg.conf
27	+param=-noreset
28	param=-nolisten
29	param=tcp
30	-param=-uds
31	+
32
33	[Xvnc]
34	param=Xvnc
35	@@ -70,16 +72,6 @@ param=-localhost
36	param=-dpi
37	param=96
38
39	-[Xorg]
40	-param=Xorg
41	-param=-config
42	-param=xrdp/xorg.conf
43	-param=-noreset
44	-param=-nolisten
45	-param=tcp
46	-param=-logfile
47	-param=.xorgxrdp.%s.log
48	-
49	[Chansrv]
50	; drive redirection, defaults to xrdp_client if not set
51	FuseMountName=thinclient_drives
52	diff --git a/xrdp/xrdp.ini b/xrdp/xrdp.ini
53	index cb6d7c3..9f63a69 100644
54	--- a/xrdp/xrdp.ini
55	+++ b/xrdp/xrdp.ini
56	@@ -157,16 +157,6 @@ ip=127.0.0.1
57	port=-1
58	code=20
59
60	-[X11rdp]
61	-name=X11rdp
62	-lib=libxup.so
63	-username=ask
64	-password=ask
65	-ip=127.0.0.1
66	-port=-1
67	-xserverbpp=24
68	-code=10
69	-
70	[Xvnc]
71	name=Xvnc
72	lib=libvnc.so
73	--
74	1.8.4.2
75


diff --git a/meta-oe/recipes-support/xrdp/xrdp_0.9.4.bb b/meta-oe/recipes-support/xrdp/xrdp_0.9.11.bb index 3ef7c9853f..75caf8d6bb 100644 --- a/meta-oe/recipes-support/xrdp/xrdp_0.9.4.bb +++ b/meta-oe/recipes-support/xrdp/xrdp_0.9.11.bb
@@ -12,15 +12,13 @@ REQUIRED_DISTRO_FEATURES = "x11 pam"
12		12
13	SRC_URI = "git://github.com/neutrinolabs/xrdp.git \	13	SRC_URI = "git://github.com/neutrinolabs/xrdp.git \
14	file://xrdp.sysconfig \	14	file://xrdp.sysconfig \
15	file://0001-Fix-sesman.ini-and-xrdp.ini.patch \
16	file://0001-Added-req_distinguished_name-in-etc-xrdp-openssl.con.patch \	15	file://0001-Added-req_distinguished_name-in-etc-xrdp-openssl.con.patch \
17	file://0001-Fix-the-compile-error.patch \	16	file://0001-Fix-the-compile-error.patch \
18	file://0001-Fix-of-CVE-2017-16927.patch \
19	"	17	"
20		18
21	SRCREV = "c295dd61b882e8b56677cf12791f43634f9190b5"	19	SRCREV = "1e4b03eb3c9aa7173de251a328c93c073dcc0fca"
22		20
23	PV = "0.9.4+git${SRCPV}"	21	PV = "0.9.11"
24		22
25	S = "${WORKDIR}/git"	23	S = "${WORKDIR}/git"
26		24
@@ -68,9 +66,9 @@ do_install_append() {
68	sed -i -e 's,@sbindir@,${sbindir},g' ${D}${systemd_unitdir}/system/xrdp.service ${D}${systemd_unitdir}/system/xrdp-sesman.service	66	sed -i -e 's,@sbindir@,${sbindir},g' ${D}${systemd_unitdir}/system/xrdp.service ${D}${systemd_unitdir}/system/xrdp-sesman.service
69		67
70	install -m 0644 ${S}/instfiles/*.ini ${D}${sysconfdir}/xrdp/	68	install -m 0644 ${S}/instfiles/*.ini ${D}${sysconfdir}/xrdp/
71	install -m 0644 ${S}/sesman/sesman.ini ${D}${sysconfdir}/xrdp/	69	install -m 0644 ${S}/sesman/sesman.ini.in ${D}${sysconfdir}/xrdp/
72	install -m 0644 ${S}/sesman/startwm.sh ${D}${sysconfdir}/xrdp/	70	install -m 0644 ${S}/sesman/startwm.sh ${D}${sysconfdir}/xrdp/
73	install -m 0644 ${S}/xrdp/xrdp.ini ${D}${sysconfdir}/xrdp/	71	install -m 0644 ${S}/xrdp/xrdp.ini.in ${D}${sysconfdir}/xrdp/
74	install -m 0644 ${S}/xrdp/xrdp_keyboard.ini ${D}${sysconfdir}/xrdp/	72	install -m 0644 ${S}/xrdp/xrdp_keyboard.ini ${D}${sysconfdir}/xrdp/
75	install -m 0644 ${S}/instfiles/xrdp.sh ${D}${sysconfdir}/xrdp/	73	install -m 0644 ${S}/instfiles/xrdp.sh ${D}${sysconfdir}/xrdp/
76	install -m 0644 ${S}/keygen/openssl.conf ${D}${sysconfdir}/xrdp/	74	install -m 0644 ${S}/keygen/openssl.conf ${D}${sysconfdir}/xrdp/