xrdp: patch CVE-2023-40184

Details: https://nvd.nist.gov/vuln/detail/CVE-2023-40184 Pick the patch that is associated with the github advisory[1], which is a backported version of the patch that is referenced by the nvd report. [1]: https://github.com/neutrinolabs/xrdp/security/advisories/GHSA-f489-557v-47jq Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
author: Gyorgy Sarvari <skandigraun@gmail.com> 2025-12-04 08:56:34 +0100
committer: Anuj Mittal <anuj.mittal@oss.qualcomm.com> 2025-12-04 14:10:11 +0530
commit: 259e4f9266680f4afd2c54a3a4a6358151edf41b (patch)
tree: 692f2b9790f29d40407aea96c93151d09894a424
parent: f81041bb39d0fb10bbf3c0edcae47a65c573088c (diff)
download: meta-openembedded-259e4f9266680f4afd2c54a3a4a6358151edf41b.tar.gz
2 files changed, 74 insertions, 0 deletions
diff --git a/meta-oe/recipes-support/xrdp/xrdp/CVE-2023-40184.patch b/meta-oe/recipes-support/xrdp/xrdp/CVE-2023-40184.patch
new file mode 100644
index 0000000000..c4a6a1b862
--- /dev/null
+++ b/meta-oe/recipes-support/xrdp/xrdp/CVE-2023-40184.patch
@@ -0,0 +1,73 @@
+From 322d11b431e4773f77aaeb764571a3a8d60f9fca Mon Sep 17 00:00:00 2001
+From: matt335672 <30179339+matt335672@users.noreply.github.com>
+Date: Sat, 19 Aug 2023 13:26:44 +0100
+Subject: [PATCH] [v0.9] Check auth_start_session() result
+CVE: CVE-2023-40184
+Upstream-Status: Backport [https://github.com/neutrinolabs/xrdp/commit/8c5b7cdff3929dc59c5f13e33cec839ed45d1c34]
+Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
+---
+ sesman/session.c         |  7 ++++++-
+ sesman/verify_user_pam.c | 24 ++++++++++++++++++++++--
+ 2 files changed, 28 insertions(+), 3 deletions(-)
+diff --git a/sesman/session.c b/sesman/session.c
+index 441f8d3a60..d352f5e859 100644
+--- a/sesman/session.c
+++ b/sesman/session.c
+@@ -526,7 +526,12 @@ session_start_fork(tbus data, tui8 type, struct SCP_SESSION *s)
+         g_delete_wait_obj(g_sigchld_event);
+         g_delete_wait_obj(g_term_event);
+ 
+-        auth_start_session(data, display);
+        if (auth_start_session(data, display) != 0)
+        {
+            // Errors are logged by the auth module, as they are
+            // specific to that module
+            g_exit(1);
+        }
+         sesman_close_all();
+         g_sprintf(geometry, "%dx%d", s->width, s->height);
+         g_sprintf(depth, "%d", s->bpp);
+diff --git a/sesman/verify_user_pam.c b/sesman/verify_user_pam.c
+index a34d83cd7d..ed17397fc3 100644
+--- a/sesman/verify_user_pam.c
+++ b/sesman/verify_user_pam.c
+@@ -316,8 +316,8 @@ auth_userpass(const char *user, const char *pass, int *errorcode)
+ 
+ /******************************************************************************/
+ /* returns error */
+-int
+-auth_start_session(long in_val, int in_display)
+static int
+auth_start_session_private(long in_val, int in_display)
+ {
+     struct t_auth_info *auth_info;
+     int error;
+@@ -357,6 +357,26 @@ auth_start_session(long in_val, int in_display)
+     return 0;
+ }
+ 
+/******************************************************************************/
+/**
+ * Main routine to start a session
+ *
+ * Calls the private routine and logs an additional error if the private
+ * routine fails
+ */
+int
+auth_start_session(long in_val, int in_display)
+{
+    int result = auth_start_session_private(in_val, in_display);
+    if (result != 0)
+    {
+        LOG(LOG_LEVEL_ERROR,
+            "Can't start PAM session. See PAM logging for more info");
+    }
+
+    return result;
+}
+
+ /******************************************************************************/
+ /* returns error */
+ int
diff --git a/meta-oe/recipes-support/xrdp/xrdp_0.9.20.bb b/meta-oe/recipes-support/xrdp/xrdp_0.9.20.bb
index f3d11522ac..5a1d904a15 100644
--- a/meta-oe/recipes-support/xrdp/xrdp_0.9.20.bb
+++ b/meta-oe/recipes-support/xrdp/xrdp_0.9.20.bb
@@ -27,6 +27,7 @@ SRC_URI = "https://github.com/neutrinolabs/${BPN}/releases/download/v${PV}/${BPN
           file://CVE-2022-23483.patch \
           file://CVE-2022-23484.patch \
           file://CVE-2022-23493.patch \
+           file://CVE-2023-40184.patch \
           "
 SRC_URI[sha256sum] = "db693401da95b71b4d4e4c99aeb569a546dbdbde343f6d3302b0c47653277abb"
author	Gyorgy Sarvari <skandigraun@gmail.com>	2025-12-04 08:56:34 +0100
committer	Anuj Mittal <anuj.mittal@oss.qualcomm.com>	2025-12-04 14:10:11 +0530
commit	259e4f9266680f4afd2c54a3a4a6358151edf41b (patch)
tree	692f2b9790f29d40407aea96c93151d09894a424
parent	f81041bb39d0fb10bbf3c0edcae47a65c573088c (diff)
download	meta-openembedded-259e4f9266680f4afd2c54a3a4a6358151edf41b.tar.gz

diff --git a/meta-oe/recipes-support/xrdp/xrdp/CVE-2023-40184.patch b/meta-oe/recipes-support/xrdp/xrdp/CVE-2023-40184.patch new file mode 100644 index 0000000000..c4a6a1b862 --- /dev/null +++ b/meta-oe/recipes-support/xrdp/xrdp/CVE-2023-40184.patch
@@ -0,0 +1,73 @@
		1	From 322d11b431e4773f77aaeb764571a3a8d60f9fca Mon Sep 17 00:00:00 2001
		2	From: matt335672 <30179339+matt335672@users.noreply.github.com>
		3	Date: Sat, 19 Aug 2023 13:26:44 +0100
		4	Subject: [PATCH] [v0.9] Check auth_start_session() result
		5
		6	CVE: CVE-2023-40184
		7	Upstream-Status: Backport [https://github.com/neutrinolabs/xrdp/commit/8c5b7cdff3929dc59c5f13e33cec839ed45d1c34]
		8	Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
		9	---
		10	sesman/session.c \| 7 ++++++-
		11	sesman/verify_user_pam.c \| 24 ++++++++++++++++++++++--
		12	2 files changed, 28 insertions(+), 3 deletions(-)
		13
		14	diff --git a/sesman/session.c b/sesman/session.c
		15	index 441f8d3a60..d352f5e859 100644
		16	--- a/sesman/session.c
		17	+++ b/sesman/session.c
		18	@@ -526,7 +526,12 @@ session_start_fork(tbus data, tui8 type, struct SCP_SESSION *s)
		19	g_delete_wait_obj(g_sigchld_event);
		20	g_delete_wait_obj(g_term_event);
		21
		22	- auth_start_session(data, display);
		23	+ if (auth_start_session(data, display) != 0)
		24	+ {
		25	+ // Errors are logged by the auth module, as they are
		26	+ // specific to that module
		27	+ g_exit(1);
		28	+ }
		29	sesman_close_all();
		30	g_sprintf(geometry, "%dx%d", s->width, s->height);
		31	g_sprintf(depth, "%d", s->bpp);
		32	diff --git a/sesman/verify_user_pam.c b/sesman/verify_user_pam.c
		33	index a34d83cd7d..ed17397fc3 100644
		34	--- a/sesman/verify_user_pam.c
		35	+++ b/sesman/verify_user_pam.c
		36	@@ -316,8 +316,8 @@ auth_userpass(const char user, const char pass, int *errorcode)
		37
		38	/******************************************************************************/
		39	/* returns error */
		40	-int
		41	-auth_start_session(long in_val, int in_display)
		42	+static int
		43	+auth_start_session_private(long in_val, int in_display)
		44	{
		45	struct t_auth_info *auth_info;
		46	int error;
		47	@@ -357,6 +357,26 @@ auth_start_session(long in_val, int in_display)
		48	return 0;
		49	}
		50
		51	+/******************************************************************************/
		52	+/**
		53	+ * Main routine to start a session
		54	+ *
		55	+ * Calls the private routine and logs an additional error if the private
		56	+ * routine fails
		57	+ */
		58	+int
		59	+auth_start_session(long in_val, int in_display)
		60	+{
		61	+ int result = auth_start_session_private(in_val, in_display);
		62	+ if (result != 0)
		63	+ {
		64	+ LOG(LOG_LEVEL_ERROR,
		65	+ "Can't start PAM session. See PAM logging for more info");
		66	+ }
		67	+
		68	+ return result;
		69	+}
		70	+
		71	/******************************************************************************/
		72	/* returns error */
		73	int


diff --git a/meta-oe/recipes-support/xrdp/xrdp_0.9.20.bb b/meta-oe/recipes-support/xrdp/xrdp_0.9.20.bb index f3d11522ac..5a1d904a15 100644 --- a/meta-oe/recipes-support/xrdp/xrdp_0.9.20.bb +++ b/meta-oe/recipes-support/xrdp/xrdp_0.9.20.bb
@@ -27,6 +27,7 @@ SRC_URI = "https://github.com/neutrinolabs/${BPN}/releases/download/v${PV}/${BPN
27	file://CVE-2022-23483.patch \	27	file://CVE-2022-23483.patch \
28	file://CVE-2022-23484.patch \	28	file://CVE-2022-23484.patch \
29	file://CVE-2022-23493.patch \	29	file://CVE-2022-23493.patch \
		30	file://CVE-2023-40184.patch \
30	"	31	"
31		32
32	SRC_URI[sha256sum] = "db693401da95b71b4d4e4c99aeb569a546dbdbde343f6d3302b0c47653277abb"	33	SRC_URI[sha256sum] = "db693401da95b71b4d4e4c99aeb569a546dbdbde343f6d3302b0c47653277abb"