From d88410ca42b833f4bf31bda70074a15ff47d68d3 Mon Sep 17 00:00:00 2001 From: Zheng Ruoqin Date: Mon, 16 Sep 2019 16:19:27 +0800 Subject: xrdp: 0.9.4 -> 0.9.11 1) Upgrade xrdp from 0.9.4 to 0.9.11. 2) Remove patch that is included in 0.9.11. 0001-Fix-of-CVE-2017-16927.patch 3) Remove patch that is not suitable for 0.9.11. 0001-Fix-sesman.ini-and-xrdp.ini.patch Signed-off-by: Zheng Ruoqin Signed-off-by: Khem Raj --- .../xrdp/xrdp/0001-Fix-of-CVE-2017-16927.patch | 148 --------------------- .../xrdp/0001-Fix-sesman.ini-and-xrdp.ini.patch | 75 ----------- meta-oe/recipes-support/xrdp/xrdp_0.9.11.bb | 97 ++++++++++++++ meta-oe/recipes-support/xrdp/xrdp_0.9.4.bb | 99 -------------- 4 files changed, 97 insertions(+), 322 deletions(-) delete mode 100644 meta-oe/recipes-support/xrdp/xrdp/0001-Fix-of-CVE-2017-16927.patch delete mode 100644 meta-oe/recipes-support/xrdp/xrdp/0001-Fix-sesman.ini-and-xrdp.ini.patch create mode 100644 meta-oe/recipes-support/xrdp/xrdp_0.9.11.bb delete mode 100644 meta-oe/recipes-support/xrdp/xrdp_0.9.4.bb (limited to 'meta-oe/recipes-support') diff --git a/meta-oe/recipes-support/xrdp/xrdp/0001-Fix-of-CVE-2017-16927.patch b/meta-oe/recipes-support/xrdp/xrdp/0001-Fix-of-CVE-2017-16927.patch deleted file mode 100644 index 4c93647f67..0000000000 --- a/meta-oe/recipes-support/xrdp/xrdp/0001-Fix-of-CVE-2017-16927.patch +++ /dev/null @@ -1,148 +0,0 @@ -Subject: [PATCH] Fix CVE-2017-16927 - -sesman: scpv0, accept variable length data fields - -Upstream-Status: Backport - ---- - sesman/libscp/libscp_v0.c | 32 +++++++++++++++++++++++++------- - 1 file changed, 25 insertions(+), 7 deletions(-) - -diff --git a/sesman/libscp/libscp_v0.c b/sesman/libscp/libscp_v0.c -index 5a0c8bf..5693407 100644 ---- a/sesman/libscp/libscp_v0.c -+++ b/sesman/libscp/libscp_v0.c -@@ -161,7 +161,7 @@ scp_v0s_accept(struct SCP_CONNECTION *c, struct SCP_SESSION **s, int skipVchk) - struct SCP_SESSION *session = 0; - tui16 sz; - tui32 code = 0; -- char buf[257]; -+ char *buf = 0; - - if (!skipVchk) - { -@@ -226,27 +226,31 @@ scp_v0s_accept(struct SCP_CONNECTION *c, struct SCP_SESSION **s, int skipVchk) - - /* reading username */ - in_uint16_be(c->in_s, sz); -- buf[sz] = '\0'; -+ buf = g_new0(char, sz); - in_uint8a(c->in_s, buf, sz); -- -+ buf[sz] = '\0'; - if (0 != scp_session_set_username(session, buf)) - { - scp_session_destroy(session); - log_message(LOG_LEVEL_WARNING, "[v0:%d] connection aborted: error setting username", __LINE__); -+ g_free(buf); - return SCP_SERVER_STATE_INTERNAL_ERR; - } -+ g_free(buf); - - /* reading password */ - in_uint16_be(c->in_s, sz); -- buf[sz] = '\0'; -+ buf = g_new0(char, sz); - in_uint8a(c->in_s, buf, sz); -- -+ buf[sz] = '\0'; - if (0 != scp_session_set_password(session, buf)) - { - scp_session_destroy(session); - log_message(LOG_LEVEL_WARNING, "[v0:%d] connection aborted: error setting password", __LINE__); -+ g_free(buf); - return SCP_SERVER_STATE_INTERNAL_ERR; - } -+ g_free(buf); - - /* width */ - in_uint16_be(c->in_s, sz); -@@ -272,9 +276,11 @@ scp_v0s_accept(struct SCP_CONNECTION *c, struct SCP_SESSION **s, int skipVchk) - - if (sz > 0) - { -+ buf = g_new0(char, sz); - in_uint8a(c->in_s, buf, sz); - buf[sz] = '\0'; - scp_session_set_domain(session, buf); -+ g_free(buf); - } - } - -@@ -285,9 +291,11 @@ scp_v0s_accept(struct SCP_CONNECTION *c, struct SCP_SESSION **s, int skipVchk) - - if (sz > 0) - { -+ buf = g_new0(char, sz); - in_uint8a(c->in_s, buf, sz); - buf[sz] = '\0'; - scp_session_set_program(session, buf); -+ g_free(buf); - } - } - -@@ -298,9 +306,11 @@ scp_v0s_accept(struct SCP_CONNECTION *c, struct SCP_SESSION **s, int skipVchk) - - if (sz > 0) - { -+ buf = g_new0(char, sz); - in_uint8a(c->in_s, buf, sz); - buf[sz] = '\0'; - scp_session_set_directory(session, buf); -+ g_free(buf); - } - } - -@@ -311,9 +321,11 @@ scp_v0s_accept(struct SCP_CONNECTION *c, struct SCP_SESSION **s, int skipVchk) - - if (sz > 0) - { -+ buf = g_new0(char, sz); - in_uint8a(c->in_s, buf, sz); - buf[sz] = '\0'; - scp_session_set_client_ip(session, buf); -+ g_free(buf); - } - } - } -@@ -332,29 +344,35 @@ scp_v0s_accept(struct SCP_CONNECTION *c, struct SCP_SESSION **s, int skipVchk) - scp_session_set_type(session, SCP_GW_AUTHENTICATION); - /* reading username */ - in_uint16_be(c->in_s, sz); -- buf[sz] = '\0'; -+ buf = g_new0(char, sz); - in_uint8a(c->in_s, buf, sz); -+ buf[sz] = '\0'; - - /* g_writeln("Received user name: %s",buf); */ - if (0 != scp_session_set_username(session, buf)) - { - scp_session_destroy(session); - /* until syslog merge log_message(s_log, LOG_LEVEL_WARNING, "[v0:%d] connection aborted: error setting username", __LINE__);*/ -+ g_free(buf); - return SCP_SERVER_STATE_INTERNAL_ERR; - } -+ g_free(buf); - - /* reading password */ - in_uint16_be(c->in_s, sz); -- buf[sz] = '\0'; -+ buf = g_new0(char, sz); - in_uint8a(c->in_s, buf, sz); -+ buf[sz] = '\0'; - - /* g_writeln("Received password: %s",buf); */ - if (0 != scp_session_set_password(session, buf)) - { - scp_session_destroy(session); - /* until syslog merge log_message(s_log, LOG_LEVEL_WARNING, "[v0:%d] connection aborted: error setting password", __LINE__); */ -+ g_free(buf); - return SCP_SERVER_STATE_INTERNAL_ERR; - } -+ g_free(buf); - } - else - { --- -2.7.4 - diff --git a/meta-oe/recipes-support/xrdp/xrdp/0001-Fix-sesman.ini-and-xrdp.ini.patch b/meta-oe/recipes-support/xrdp/xrdp/0001-Fix-sesman.ini-and-xrdp.ini.patch deleted file mode 100644 index deaadde8c7..0000000000 --- a/meta-oe/recipes-support/xrdp/xrdp/0001-Fix-sesman.ini-and-xrdp.ini.patch +++ /dev/null @@ -1,75 +0,0 @@ -From a9c460f158d68c1b3de6a31ce853de5379977695 Mon Sep 17 00:00:00 2001 -From: Lei Maohui -Date: Thu, 30 Nov 2017 11:10:04 +0900 -Subject: [PATCH] Fix sesman.ini and xrdp.ini - -Signed-off-by: Lei Maohui ---- - sesman/sesman.ini | 20 ++++++-------------- - xrdp/xrdp.ini | 10 ---------- - 2 files changed, 6 insertions(+), 24 deletions(-) - -diff --git a/sesman/sesman.ini b/sesman/sesman.ini -index 8225ee4..c09189e 100644 ---- a/sesman/sesman.ini -+++ b/sesman/sesman.ini -@@ -54,12 +54,14 @@ LogLevel=DEBUG - EnableSyslog=1 - SyslogLevel=DEBUG - --[X11rdp] --param=X11rdp --param=-bs -+[Xorg] -+param=Xorg -+param=-config -+param=xrdp/xorg.conf -+param=-noreset - param=-nolisten - param=tcp --param=-uds -+ - - [Xvnc] - param=Xvnc -@@ -70,16 +72,6 @@ param=-localhost - param=-dpi - param=96 - --[Xorg] --param=Xorg --param=-config --param=xrdp/xorg.conf --param=-noreset --param=-nolisten --param=tcp --param=-logfile --param=.xorgxrdp.%s.log -- - [Chansrv] - ; drive redirection, defaults to xrdp_client if not set - FuseMountName=thinclient_drives -diff --git a/xrdp/xrdp.ini b/xrdp/xrdp.ini -index cb6d7c3..9f63a69 100644 ---- a/xrdp/xrdp.ini -+++ b/xrdp/xrdp.ini -@@ -157,16 +157,6 @@ ip=127.0.0.1 - port=-1 - code=20 - --[X11rdp] --name=X11rdp --lib=libxup.so --username=ask --password=ask --ip=127.0.0.1 --port=-1 --xserverbpp=24 --code=10 -- - [Xvnc] - name=Xvnc - lib=libvnc.so --- -1.8.4.2 - diff --git a/meta-oe/recipes-support/xrdp/xrdp_0.9.11.bb b/meta-oe/recipes-support/xrdp/xrdp_0.9.11.bb new file mode 100644 index 0000000000..75caf8d6bb --- /dev/null +++ b/meta-oe/recipes-support/xrdp/xrdp_0.9.11.bb @@ -0,0 +1,97 @@ +SUMMARY = "An open source remote desktop protocol(rdp) server." + +LICENSE = "Apache-2.0" +LIC_FILES_CHKSUM = "file://COPYING;md5=72cfbe4e7bd33a0a1de9630c91195c21 \ +" + +inherit distro_features_check autotools pkgconfig useradd systemd + +DEPENDS = "openssl virtual/libx11 libxfixes libxrandr libpam nasm-native" + +REQUIRED_DISTRO_FEATURES = "x11 pam" + +SRC_URI = "git://github.com/neutrinolabs/xrdp.git \ + file://xrdp.sysconfig \ + file://0001-Added-req_distinguished_name-in-etc-xrdp-openssl.con.patch \ + file://0001-Fix-the-compile-error.patch \ + " + +SRCREV = "1e4b03eb3c9aa7173de251a328c93c073dcc0fca" + +PV = "0.9.11" + +S = "${WORKDIR}/git" + +PACKAGECONFIG ??= "" +PACKAGECONFIG[fuse] = " --enable-fuse, --disable-fuse, fuse" + +USERADD_PACKAGES = "${PN}" +GROUPADD_PARAM_${PN} = "--system xrdp" +USERADD_PARAM_${PN} = "--system --home /var/run/xrdp -g xrdp \ + --no-create-home --shell /bin/false xrdp" + +FILES_${PN} += "${datadir}/dbus-1/services/*.service \ + ${datadir}/dbus-1/accessibility-services/*.service " + +FILES_${PN}-dev += "${libdir}/xrdp/libcommon.so \ + ${libdir}/xrdp/libxrdp.so \ + ${libdir}/xrdp/libscp.so \ + ${libdir}/xrdp/libxrdpapi.so " + +EXTRA_OECONF = "--enable-pam-config=suse" + +do_configure_prepend() { + cd ${S} + ./bootstrap + cd - +} + +do_compile_prepend() { + sed -i 's/(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am/(MAKE) $(AM_MAKEFLAGS) install-exec-am/g' ${S}/keygen/Makefile.in +} + + +do_install_append() { + install -d ${D}${sysconfdir} + install -d ${D}${sysconfdir}/xrdp + install -d ${D}${sysconfdir}/xrdp/pam.d + install -d ${D}${sysconfdir}/sysconfig/xrdp + + # deal with systemd unit files + install -d ${D}${systemd_unitdir}/system + install -m 0644 ${S}/instfiles/xrdp.service.in ${D}${systemd_unitdir}/system/xrdp.service + install -m 0644 ${S}/instfiles/xrdp-sesman.service.in ${D}${systemd_unitdir}/system/xrdp-sesman.service + sed -i -e 's,@localstatedir@,${localstatedir},g' ${D}${systemd_unitdir}/system/xrdp.service ${D}${systemd_unitdir}/system/xrdp-sesman.service + sed -i -e 's,@sysconfdir@,${sysconfdir},g' ${D}${systemd_unitdir}/system/xrdp.service ${D}${systemd_unitdir}/system/xrdp-sesman.service + sed -i -e 's,@sbindir@,${sbindir},g' ${D}${systemd_unitdir}/system/xrdp.service ${D}${systemd_unitdir}/system/xrdp-sesman.service + + install -m 0644 ${S}/instfiles/*.ini ${D}${sysconfdir}/xrdp/ + install -m 0644 ${S}/sesman/sesman.ini.in ${D}${sysconfdir}/xrdp/ + install -m 0644 ${S}/sesman/startwm.sh ${D}${sysconfdir}/xrdp/ + install -m 0644 ${S}/xrdp/xrdp.ini.in ${D}${sysconfdir}/xrdp/ + install -m 0644 ${S}/xrdp/xrdp_keyboard.ini ${D}${sysconfdir}/xrdp/ + install -m 0644 ${S}/instfiles/xrdp.sh ${D}${sysconfdir}/xrdp/ + install -m 0644 ${S}/keygen/openssl.conf ${D}${sysconfdir}/xrdp/ + install -m 0644 ${WORKDIR}/xrdp.sysconfig ${D}${sysconfdir}/sysconfig/xrdp/ + chown xrdp:xrdp ${D}${sysconfdir}/xrdp +} + +SYSTEMD_SERVICE_${PN} = "xrdp.service xrdp-sesman.service" + +pkg_postinst_${PN}() { + if test -z "$D" + then + if test -x ${bindir}/xrdp-keygen + then + ${bindir}/xrdp-keygen xrdp ${sysconfdir}/xrdp/rsakeys.ini >/dev/null + fi + if test ! -s ${sysconfdir}/xrdp/cert.pem + then + openssl req -x509 -newkey rsa:2048 -sha256 -nodes -days 3652 \ + -keyout ${sysconfdir}/xrdp/key.pem \ + -out ${sysconfdir}/xrdp/cert.pem \ + -config ${sysconfdir}/xrdp/openssl.conf >/dev/null 2>&1 + chmod 400 ${sysconfdir}/xrdp/key.pem + fi + fi +} diff --git a/meta-oe/recipes-support/xrdp/xrdp_0.9.4.bb b/meta-oe/recipes-support/xrdp/xrdp_0.9.4.bb deleted file mode 100644 index 3ef7c9853f..0000000000 --- a/meta-oe/recipes-support/xrdp/xrdp_0.9.4.bb +++ /dev/null @@ -1,99 +0,0 @@ -SUMMARY = "An open source remote desktop protocol(rdp) server." - -LICENSE = "Apache-2.0" -LIC_FILES_CHKSUM = "file://COPYING;md5=72cfbe4e7bd33a0a1de9630c91195c21 \ -" - -inherit distro_features_check autotools pkgconfig useradd systemd - -DEPENDS = "openssl virtual/libx11 libxfixes libxrandr libpam nasm-native" - -REQUIRED_DISTRO_FEATURES = "x11 pam" - -SRC_URI = "git://github.com/neutrinolabs/xrdp.git \ - file://xrdp.sysconfig \ - file://0001-Fix-sesman.ini-and-xrdp.ini.patch \ - file://0001-Added-req_distinguished_name-in-etc-xrdp-openssl.con.patch \ - file://0001-Fix-the-compile-error.patch \ - file://0001-Fix-of-CVE-2017-16927.patch \ - " - -SRCREV = "c295dd61b882e8b56677cf12791f43634f9190b5" - -PV = "0.9.4+git${SRCPV}" - -S = "${WORKDIR}/git" - -PACKAGECONFIG ??= "" -PACKAGECONFIG[fuse] = " --enable-fuse, --disable-fuse, fuse" - -USERADD_PACKAGES = "${PN}" -GROUPADD_PARAM_${PN} = "--system xrdp" -USERADD_PARAM_${PN} = "--system --home /var/run/xrdp -g xrdp \ - --no-create-home --shell /bin/false xrdp" - -FILES_${PN} += "${datadir}/dbus-1/services/*.service \ - ${datadir}/dbus-1/accessibility-services/*.service " - -FILES_${PN}-dev += "${libdir}/xrdp/libcommon.so \ - ${libdir}/xrdp/libxrdp.so \ - ${libdir}/xrdp/libscp.so \ - ${libdir}/xrdp/libxrdpapi.so " - -EXTRA_OECONF = "--enable-pam-config=suse" - -do_configure_prepend() { - cd ${S} - ./bootstrap - cd - -} - -do_compile_prepend() { - sed -i 's/(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am/(MAKE) $(AM_MAKEFLAGS) install-exec-am/g' ${S}/keygen/Makefile.in -} - - -do_install_append() { - install -d ${D}${sysconfdir} - install -d ${D}${sysconfdir}/xrdp - install -d ${D}${sysconfdir}/xrdp/pam.d - install -d ${D}${sysconfdir}/sysconfig/xrdp - - # deal with systemd unit files - install -d ${D}${systemd_unitdir}/system - install -m 0644 ${S}/instfiles/xrdp.service.in ${D}${systemd_unitdir}/system/xrdp.service - install -m 0644 ${S}/instfiles/xrdp-sesman.service.in ${D}${systemd_unitdir}/system/xrdp-sesman.service - sed -i -e 's,@localstatedir@,${localstatedir},g' ${D}${systemd_unitdir}/system/xrdp.service ${D}${systemd_unitdir}/system/xrdp-sesman.service - sed -i -e 's,@sysconfdir@,${sysconfdir},g' ${D}${systemd_unitdir}/system/xrdp.service ${D}${systemd_unitdir}/system/xrdp-sesman.service - sed -i -e 's,@sbindir@,${sbindir},g' ${D}${systemd_unitdir}/system/xrdp.service ${D}${systemd_unitdir}/system/xrdp-sesman.service - - install -m 0644 ${S}/instfiles/*.ini ${D}${sysconfdir}/xrdp/ - install -m 0644 ${S}/sesman/sesman.ini ${D}${sysconfdir}/xrdp/ - install -m 0644 ${S}/sesman/startwm.sh ${D}${sysconfdir}/xrdp/ - install -m 0644 ${S}/xrdp/xrdp.ini ${D}${sysconfdir}/xrdp/ - install -m 0644 ${S}/xrdp/xrdp_keyboard.ini ${D}${sysconfdir}/xrdp/ - install -m 0644 ${S}/instfiles/xrdp.sh ${D}${sysconfdir}/xrdp/ - install -m 0644 ${S}/keygen/openssl.conf ${D}${sysconfdir}/xrdp/ - install -m 0644 ${WORKDIR}/xrdp.sysconfig ${D}${sysconfdir}/sysconfig/xrdp/ - chown xrdp:xrdp ${D}${sysconfdir}/xrdp -} - -SYSTEMD_SERVICE_${PN} = "xrdp.service xrdp-sesman.service" - -pkg_postinst_${PN}() { - if test -z "$D" - then - if test -x ${bindir}/xrdp-keygen - then - ${bindir}/xrdp-keygen xrdp ${sysconfdir}/xrdp/rsakeys.ini >/dev/null - fi - if test ! -s ${sysconfdir}/xrdp/cert.pem - then - openssl req -x509 -newkey rsa:2048 -sha256 -nodes -days 3652 \ - -keyout ${sysconfdir}/xrdp/key.pem \ - -out ${sysconfdir}/xrdp/cert.pem \ - -config ${sysconfdir}/xrdp/openssl.conf >/dev/null 2>&1 - chmod 400 ${sysconfdir}/xrdp/key.pem - fi - fi -} -- cgit 1.2.3-korg