[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#1008772: marked as done (xrdp: Please integrate NMUs and gitlab MR)



Your message dated Fri, 12 Apr 2024 07:36:50 +0200
with message-id <74a09e6edffc46f6ef00d551ec006731@phys.ethz.ch>
and subject line xrdp: Please integrate NMUs and gitlab MR
has caused the Debian Bug report #1008772,
regarding xrdp: Please integrate NMUs and gitlab MR
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
1008772: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1008772
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message ---
Source: xrdp
Version: 0.9.17-2
Severity: wishlist
Tags: patch
User: devel@kali.org
Usertags: origin-kali

Hello,

I have just uploaded an NMU prepared by a Kali contributor (in the NM
queue). Please find the relevant "git am" patches attached. (The two
patches by Arnaud are also in https://salsa.debian.org/arnaudr/xrdp)

It fixes CVE-2022-23613 and nothing else.

I noticed that you have open MR on Gitlab that it would be good to handle.
There's a former NMU that was never acked and that doesn't appear in
debian/changelog.

https://salsa.debian.org/debian-remote-team/xrdp/-/merge_requests


-- System Information:
Debian Release: bookworm/sid
  APT prefers stable-security
  APT policy: (500, 'stable-security'), (500, 'oldoldstable'), (500, 'unstable'), (500, 'stable'), (500, 'oldstable'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 5.16.0-5-amd64 (SMP w/16 CPU threads; PREEMPT)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

-- 
Raphaël Hertzog
>From 6b20339946d23bae9848c00533d006a35ba16990 Mon Sep 17 00:00:00 2001
From: Arnaud Rebillout <arnaudr@kali.org>
Date: Fri, 1 Apr 2022 08:25:06 +0700
Subject: [PATCH 1/3] Import upstream patch to fix CVE-2022-23613 (Closes:
 #1005304)

---
 debian/patches/cve-2022-23613.diff | 47 ++++++++++++++++++++++++++++++
 debian/patches/series              |  1 +
 2 files changed, 48 insertions(+)
 create mode 100644 debian/patches/cve-2022-23613.diff

diff --git a/debian/patches/cve-2022-23613.diff b/debian/patches/cve-2022-23613.diff
new file mode 100644
index 00000000..0a5ebdf1
--- /dev/null
+++ b/debian/patches/cve-2022-23613.diff
@@ -0,0 +1,47 @@
+From: matt335672 <30179339+matt335672@users.noreply.github.com>
+Date: Wed, 2 Feb 2022 10:39:50 +0000
+Subject: [PATCH] Add lower bound to sesman data input size check
+Origin: upstream, https://github.com/neutrinolabs/xrdp/commit/4def30ab
+
+---
+ sesman/sesman.c | 8 +++++---
+ 1 file changed, 5 insertions(+), 3 deletions(-)
+
+diff --git a/sesman/sesman.c b/sesman/sesman.c
+index a85769053..e2b057e6a 100644
+--- a/sesman/sesman.c
++++ b/sesman/sesman.c
+@@ -276,6 +276,7 @@ sesman_close_all(void)
+ static int
+ sesman_data_in(struct trans *self)
+ {
++#define HEADER_SIZE 8
+     int version;
+     int size;
+ 
+@@ -283,9 +284,9 @@ sesman_data_in(struct trans *self)
+     {
+         in_uint32_be(self->in_s, version);
+         in_uint32_be(self->in_s, size);
+-        if (size > self->in_s->size)
++        if (size < HEADER_SIZE || size > self->in_s->size)
+         {
+-            LOG(LOG_LEVEL_ERROR, "sesman_data_in: bad message size");
++            LOG(LOG_LEVEL_ERROR, "sesman_data_in: bad message size %d", size);
+             return 1;
+         }
+         self->header_size = size;
+@@ -302,11 +303,12 @@ sesman_data_in(struct trans *self)
+             return 1;
+         }
+         /* reset for next message */
+-        self->header_size = 8;
++        self->header_size = HEADER_SIZE;
+         self->extra_flags = 0;
+         init_stream(self->in_s, 0); /* Reset input stream pointers */
+     }
+     return 0;
++#undef HEADER_SIZE
+ }
+ 
+ /******************************************************************************/
diff --git a/debian/patches/series b/debian/patches/series
index ecf3e815..a3757c8a 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -8,3 +8,4 @@ pulse-debian.patch
 var-run.diff
 document-certs.diff
 fix-environment.diff
+cve-2022-23613.diff
-- 
2.35.1

>From a0e029b28413f8900845e9e7135c252885b6d5ae Mon Sep 17 00:00:00 2001
From: Arnaud Rebillout <arnaudr@kali.org>
Date: Fri, 1 Apr 2022 09:34:56 +0700
Subject: [PATCH 2/3] Update changelog for 0.9.17-2.1 release

---
 debian/changelog | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/debian/changelog b/debian/changelog
index 5773a467..527cfa87 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,9 @@
+xrdp (0.9.17-2.1) unstable; urgency=medium
+
+  * Import upstream patch to fix CVE-2022-23613 (Closes: #1005304)
+
+ -- Arnaud Rebillout <arnaudr@kali.org>  Fri, 01 Apr 2022 09:34:47 +0700
+
 xrdp (0.9.17-2) unstable; urgency=medium
 
   * Initialise the environment properly (Closes: #996418, #984782)
-- 
2.35.1

>From 9f4ac4afcee73ce567e5734ba2cacfd1789fb23c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Rapha=C3=ABl=20Hertzog?= <raphael@offensive-security.com>
Date: Fri, 1 Apr 2022 08:44:24 +0200
Subject: [PATCH 3/3] Add non-maintainer upload to changelog entry.

---
 debian/changelog | 1 +
 1 file changed, 1 insertion(+)

diff --git a/debian/changelog b/debian/changelog
index 527cfa87..1a502830 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,5 +1,6 @@
 xrdp (0.9.17-2.1) unstable; urgency=medium
 
+  * Non-maintainer upload.
   * Import upstream patch to fix CVE-2022-23613 (Closes: #1005304)
 
  -- Arnaud Rebillout <arnaudr@kali.org>  Fri, 01 Apr 2022 09:34:47 +0700
-- 
2.35.1


--- End Message ---
--- Begin Message ---
According to the current situation, the MR has been closed,
and the issue resolved long ago with newer versions of xrdp, thus closing this bug.

Best,
Alex

--- End Message ---

Reply to: