Bug#878996: stretch-pu: package xrdp/0.9.1-9
Package: release.debian.org
Severity: normal
Tags: stretch
User: release.debian.org@packages.debian.org
Usertags: pu
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Dear stable release managers,
I would like to update xrdp in stretch.
xrdp 0.9.1-9 has a bug marked as important in the BTS, causing xrdp to
go into an endless loop whewn shutting down an SSL context and causing
very high load on the system when it does.
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=876976
Find attached the debdiff between the current stable version and the
proposed update.
Cheers,
Nik
- -- System Information:
Debian Release: buster/sid
APT prefers unstable-debug
APT policy: (500, 'unstable-debug'), (500, 'unstable'), (1, 'experimental-debug')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 4.12.0-2-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), LANGUAGE=en (charmap=UTF-8)
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
-----BEGIN PGP SIGNATURE-----
iQJ4BAEBCABiFiEEPJ1UpHV1wCb7F/0mt5o8FqDE8pYFAlnnJwkxGmh0dHBzOi8v
d3d3LmRvbWluaWstZ2VvcmdlLmRlL2dwZy1wb2xpY3kudHh0LmFzYxIcbmlrQG5h
dHVyYWxuZXQuZGUACgkQt5o8FqDE8pZwuRAApyqFBZMpTFICL5NOrVXnC43+W0I5
q2ft6ukZ+9nhSMYsFCohxtqthfzn3YW2CcSHBmfk5Ig/+UST+zARiw48qM+a0/pW
Wr9gsK2UMlnSve1R/4kw5NKfFfAxTF1L+JGvvAbEwfsM42jLdQkQOb/7uc8oe+bE
OEKs+HvU5PcsAGv4beoLANtWzikg1nIoukppyRPaZx3HY3iGZv5NVRmrY68mWYHM
/Z8dv4spg6qpCOt8PrMmIe7K2SbS4apUKNDjbgh/BFAkHSKQs3xpBKeGmtFak4oM
mc2GmvHfcDG74qqNOn0Z/NwKaQhBUWjEx/Ok45ctNWcKObk5WZ02G5zrhYz7K7J6
Y0QKoC+f1E8zH0iQAhW80AaOIFZfT1OonNLpxQcc/JECQYSIxZsr/e6EAEeQWCeV
OUCLZh/7tBpnRwzXKAEr36QGlKfyjtchCnbgfFO+2yiaOIc2mn8Lx5QgSUnv+vlV
HGqVvdtZecDKz862zKew495Xuf16gBxg95zS5sfKzLEG+xzspr41Pve+QC25rJry
BV3OsrS4IhpMaOUQEyJhY+AncWX0ZvWQraPF7Ise5YWiI5sjIFGmQkjqjoT2QiB/
pFYnOUaPv7zkPaBI3NL4+GZyMskPba16gnL0032HrIRhFdAerXd6bUBtX50Gq9FF
jfjCKuq2/VZbMzY=
=z88f
-----END PGP SIGNATURE-----
diff -Nru xrdp-0.9.1/debian/changelog xrdp-0.9.1/debian/changelog
--- xrdp-0.9.1/debian/changelog 2017-05-04 18:59:10.000000000 +0200
+++ xrdp-0.9.1/debian/changelog 2017-10-18 11:56:31.000000000 +0200
@@ -1,3 +1,11 @@
+xrdp (0.9.1-9+deb9u1) stable; urgency=medium
+
+ * Fix high CPU load on SSL shutdown. (Closes: #876976)
+ + xrdp could in some situations cause permanent high load on a
+ system if an SSL shutdown got into an endless loop.
+
+ -- Dominik George <nik@naturalnet.de> Wed, 18 Oct 2017 11:56:31 +0200
+
xrdp (0.9.1-9) unstable; urgency=high
* Revisit incomplete fix for CVE-2017-6967. (Closes: #858143)
diff -Nru xrdp-0.9.1/debian/patches/fix-876976.patch xrdp-0.9.1/debian/patches/fix-876976.patch
--- xrdp-0.9.1/debian/patches/fix-876976.patch 1970-01-01 01:00:00.000000000 +0100
+++ xrdp-0.9.1/debian/patches/fix-876976.patch 2017-10-18 11:53:29.000000000 +0200
@@ -0,0 +1,16 @@
+From: Jay Sorg <jay.sorg@gmail.com>
+Origin: https://github.com/neutrinolabs/xrdp/commit/2c96908ea500880c71d3593dd2b2b5b5275bdbf5
+Subject: if SSL_shutdown fails, only call one more time
+Bug: https://github.com/neutrinolabs/xrdp/issues/872
+Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=876976
+--- a/common/ssl_calls.c
++++ b/common/ssl_calls.c
+@@ -754,7 +754,7 @@ ssl_tls_disconnect(struct ssl_tls *self)
+ return 0;
+ }
+ status = SSL_shutdown(self->ssl);
+- while (status != 1)
++ if (status != 1)
+ {
+ status = SSL_shutdown(self->ssl);
+ if (status <= 0)
diff -Nru xrdp-0.9.1/debian/patches/series xrdp-0.9.1/debian/patches/series
--- xrdp-0.9.1/debian/patches/series 2017-04-27 12:48:33.000000000 +0200
+++ xrdp-0.9.1/debian/patches/series 2017-10-18 11:50:09.000000000 +0200
@@ -10,3 +10,4 @@
kb_jp.diff
highres.diff
cve-2017-6967.diff
+fix-876976.patch
Reply to: