Bug#861117: marked as done (unblock: xrdp/0.9.1-8)

[owner@bugs.debian.org (Debian Bug Tracking System)]

Your message dated Tue, 25 Apr 2017 06:33:00 +0000
with message-id <edb314d9-3d1c-2e67-ba53-02e490afba1f@thykier.net>
and subject line Re: Bug#861117: unblock: xrdp/0.9.1-8
has caused the Debian Bug report #861117,
regarding unblock: xrdp/0.9.1-8
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
861117: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=861117
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

• To: Debian Bug Tracking System <submit@bugs.debian.org>
• Subject: unblock: xrdp/0.9.1-8
• From: Dominik George <nik@naturalnet.de>
• Date: Mon, 24 Apr 2017 20:41:14 +0200
• Message-id: <[🔎] 149305927489.30498.17726124734450642757.reportbug@portux.lan.naturalnet.de>

Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: unblock

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Please unblock package xrdp

The new upload fixes a security issue, CVE-2017-6967.

debdiff attached.

unblock xrdp/0.9.1-8

- -- System Information:
Debian Release: 9.0
  APT prefers unstable
  APT policy: (500, 'unstable'), (500, 'testing'), (500, 'stable')
Architecture: amd64
 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.9.0-2-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)

-----BEGIN PGP SIGNATURE-----

iQJ4BAEBCABiFiEEPJ1UpHV1wCb7F/0mt5o8FqDE8pYFAlj+RsoxGmh0dHBzOi8v
d3d3LmRvbWluaWstZ2VvcmdlLmRlL2dwZy1wb2xpY3kudHh0LmFzYxIcbmlrQG5h
dHVyYWxuZXQuZGUACgkQt5o8FqDE8paFIA//cjCuExHwFCdQEA704IKCqjYNJI7/
GI5u2qNK/2LX54y5F9+cc0yqiAPZ964wynyPc+3ZGidWVBPz1bkNACwHTsxGFxrP
fkgfCsiuMEfFpq63VB3ui+0R/WTxFyNdza0nJt8V3/S6afP5KzxvIa4++oTVLnJj
cpXOgVrxa2u00/mH3zo4+yZOwhjFqgmcB2qEIoUdhlDq5oRYZG5W6y68yFqIF+7w
YeUF3ISDgPDY7ngCxuGHU9aGVkY+Yb/8be/AF5JhQNuTNrMrXQVoZnosGyVWY12e
ER/KGt0Xfj+REi1e0Y3Qi6Ik4fTe1JChXOaLOKFGfXoeqkFzZjFwrSVEnoDT5dJ8
h0m3tjHuxuYSPmahK+seO/K0V2nHUR4NV2QUNOj1k/9g2aUZCrFjWpjXADLKqJy8
ll6xkcc5GKwbDZG0hNOH/OoWfEb3u+xhNq7vTPMiuu/43omPsJO3bf/sm0AeQKLk
wuBQAg8GAb68KpasTyZeUEY6CS484TPN9GY+1MZmnQmIjEgOLKVinv2NpXHZBQjU
Bc2HNeK2nRXxXgkJ1IDYKnprD5fNPMr/1UNkXWOxAdaRCXDrAZcaAnkUuZ3wBsnX
Dd0RLQzfX83aiUw/X2Rf0al/QhyiinqN5e0Hx/OLCgd5pGEDKqT+sBQ7RKT2ng74
EUR5uCBxv5Sl2ww=
=XzFs
-----END PGP SIGNATURE-----

diff -Nru xrdp-0.9.1/debian/changelog xrdp-0.9.1/debian/changelog
--- xrdp-0.9.1/debian/changelog	2017-02-18 16:46:17.000000000 +0100
+++ xrdp-0.9.1/debian/changelog	2017-04-24 20:14:36.000000000 +0200
@@ -1,3 +1,9 @@
+xrdp (0.9.1-8) unstable; urgency=medium
+
+  * Fix CVE-2017-6967. (Closes: #858143, #855536)
+
+ -- Dominik George <nik@naturalnet.de>  Mon, 24 Apr 2017 20:14:36 +0200
+
 xrdp (0.9.1-7) unstable; urgency=medium
 
   * Fix RFX with large tile sets, e.g. full HD displays. (Closes: #855387)
diff -Nru xrdp-0.9.1/debian/patches/cve-2017-6967.diff xrdp-0.9.1/debian/patches/cve-2017-6967.diff
--- xrdp-0.9.1/debian/patches/cve-2017-6967.diff	1970-01-01 01:00:00.000000000 +0100
+++ xrdp-0.9.1/debian/patches/cve-2017-6967.diff	2017-04-24 20:14:36.000000000 +0200
@@ -0,0 +1,91 @@
+From: Jay Sorg <jay.sorg@gmail.com>
+Date: Mon, 20 Mar 2017 18:59:44 -0700
+Subject: [PATCH] sesman: move auth/pam calls to main process
+Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=858143
+Origin: https://github.com/neutrinolabs/xrdp/commit/4b8a33e087ee9cf5556b40b717cd7e8ff243b3c3
+
+--- a/sesman/scp_v0.c
++++ b/sesman/scp_v0.c
+@@ -36,6 +36,7 @@ scp_v0_process(struct SCP_CONNECTION *c,
+     tbus data;
+     struct session_item *s_item;
+     int errorcode = 0;
++    int do_auth_end = 1;
+ 
+     data = auth_userpass(s->username, s->password, &errorcode);
+ 
+@@ -131,6 +132,9 @@ scp_v0_process(struct SCP_CONNECTION *c,
+                     log_message(LOG_LEVEL_INFO, "starting Xorg session...");
+                     display = session_start(data, SESMAN_SESSION_TYPE_XORG, s);
+                 }
++                /* if the session started up ok, auth_end will be called on
++                   sig child */
++                do_auth_end = display == 0;
+             }
+             else
+             {
+@@ -151,5 +155,8 @@ scp_v0_process(struct SCP_CONNECTION *c,
+     {
+         scp_v0s_deny_connection(c);
+     }
+-    auth_end(data);
++    if (do_auth_end)
++    {
++        auth_end(data);
++    }
+ }
+--- a/sesman/scp_v1.c
++++ b/sesman/scp_v1.c
+@@ -38,7 +38,7 @@ void DEFAULT_CC
+ scp_v1_process(struct SCP_CONNECTION *c, struct SCP_SESSION *s)
+ {
+     long data;
+-    int display;
++    int display = 0;
+     int retries;
+     int current_try;
+     enum SCP_SERVER_STATES_E e;
+@@ -46,6 +46,7 @@ scp_v1_process(struct SCP_CONNECTION *c,
+     struct session_item *sitem;
+     int scount;
+     SCP_SID sid;
++    int do_auth_end = 1;
+ 
+     retries = g_cfg->sec.login_retry;
+     current_try = retries;
+@@ -124,14 +125,21 @@ scp_v1_process(struct SCP_CONNECTION *c,
+             log_message(LOG_LEVEL_INFO, "starting Xvnc session...");
+             display = session_start(data, SESMAN_SESSION_TYPE_XVNC, s);
+         }
+-        else
++        else if (SCP_SESSION_TYPE_XRDP == s->type)
+         {
+             log_message(LOG_LEVEL_INFO, "starting X11rdp session...");
+             display = session_start(data, SESMAN_SESSION_TYPE_XRDP, s);
+         }
++        else if (SCP_SESSION_TYPE_XORG == s->type)
++        {
++            log_message(LOG_LEVEL_INFO, "starting Xorg session...");
++            display = session_start(data, SESMAN_SESSION_TYPE_XORG, s);
++        }
++        /* if the session started up ok, auth_end will be called on
++           sig child */
++        do_auth_end = display == 0;
+ 
+         e = scp_v1s_connect_new_session(c, display);
+-
+         switch (e)
+         {
+             case SCP_SERVER_STATE_OK:
+@@ -197,7 +205,10 @@ scp_v1_process(struct SCP_CONNECTION *c,
+     }
+ 
+     /* cleanup */
+-    auth_end(data);
++    if (do_auth_end)
++    {
++        auth_end(data);
++    }
+     g_free(slist);
+ }
+ 
diff -Nru xrdp-0.9.1/debian/patches/series xrdp-0.9.1/debian/patches/series
--- xrdp-0.9.1/debian/patches/series	2017-02-17 13:08:38.000000000 +0100
+++ xrdp-0.9.1/debian/patches/series	2017-04-24 20:14:36.000000000 +0200
@@ -9,3 +9,4 @@
 lfs.diff
 kb_jp.diff
 highres.diff
+cve-2017-6967.diff

--- End Message ---

--- Begin Message ---

• To: Dominik George <nik@naturalnet.de>, 861117-done@bugs.debian.org
• Subject: Re: Bug#861117: unblock: xrdp/0.9.1-8
• From: Niels Thykier <niels@thykier.net>
• Date: Tue, 25 Apr 2017 06:33:00 +0000
• Message-id: <edb314d9-3d1c-2e67-ba53-02e490afba1f@thykier.net>
• In-reply-to: <[🔎] 149305927489.30498.17726124734450642757.reportbug@portux.lan.naturalnet.de>
• References: <[🔎] 149305927489.30498.17726124734450642757.reportbug@portux.lan.naturalnet.de>

Dominik George:
> Package: release.debian.org
> Severity: normal
> User: release.debian.org@packages.debian.org
> Usertags: unblock
> 
> Please unblock package xrdp
> 
> The new upload fixes a security issue, CVE-2017-6967.
> 
> debdiff attached.
> 
> unblock xrdp/0.9.1-8
> 
> [...]

Unblocked, thanks.

~Niels

--- End Message ---