diff options
Diffstat (limited to 'meta-openembedded/meta-oe/recipes-support/xrdp/xrdp')
5 files changed, 295 insertions, 0 deletions
diff --git a/meta-openembedded/meta-oe/recipes-support/xrdp/xrdp/0001-Added-req_distinguished_name-in-etc-xrdp-openssl.con.patch b/meta-openembedded/meta-oe/recipes-support/xrdp/xrdp/0001-Added-req_distinguished_name-in-etc-xrdp-openssl.con.patch new file mode 100644 index 000000000..5e7fca02a --- /dev/null +++ b/meta-openembedded/meta-oe/recipes-support/xrdp/xrdp/0001-Added-req_distinguished_name-in-etc-xrdp-openssl.con.patch @@ -0,0 +1,33 @@ +From d705b1d666cb8713d86ea6fb2fc45c424128285a Mon Sep 17 00:00:00 2001 +From: Lei Maohui <leimaohui@cn.fujitsu.com> +Date: Fri, 1 Dec 2017 10:24:50 +0900 +Subject: [PATCH] Added req_distinguished_name in /etc/xrdp/openssl.conf, + otherwise, cert.pem can't be created. + +Signed-off-by: Lei Maohui <leimaohui@cn.fujitsu.com> +--- + keygen/openssl.conf | 8 ++++++++ + 1 file changed, 8 insertions(+) + +diff --git a/keygen/openssl.conf b/keygen/openssl.conf +index 09db6c2..f077d72 100644 +--- a/keygen/openssl.conf ++++ b/keygen/openssl.conf +@@ -4,6 +4,14 @@ distinguished_name = req_distinguished_name + x509_extensions = v3_ca + + [req_distinguished_name] ++# Certificate subject ++#countryName = US ++#stateOrProvinceName = CA ++#localityName = Sunnyvale ++#organizationName = xrdp ++#organizationalUnitName = ++commonName = XRDP ++#emailAddress = + + [v3_ca] + # Extensions for a typical CA - PKIX recommendation. +-- +1.8.4.2 + diff --git a/meta-openembedded/meta-oe/recipes-support/xrdp/xrdp/0001-Fix-of-CVE-2017-16927.patch b/meta-openembedded/meta-oe/recipes-support/xrdp/xrdp/0001-Fix-of-CVE-2017-16927.patch new file mode 100644 index 000000000..4c93647f6 --- /dev/null +++ b/meta-openembedded/meta-oe/recipes-support/xrdp/xrdp/0001-Fix-of-CVE-2017-16927.patch @@ -0,0 +1,148 @@ +Subject: [PATCH] Fix CVE-2017-16927 + +sesman: scpv0, accept variable length data fields + +Upstream-Status: Backport + +--- + sesman/libscp/libscp_v0.c | 32 +++++++++++++++++++++++++------- + 1 file changed, 25 insertions(+), 7 deletions(-) + +diff --git a/sesman/libscp/libscp_v0.c b/sesman/libscp/libscp_v0.c +index 5a0c8bf..5693407 100644 +--- a/sesman/libscp/libscp_v0.c ++++ b/sesman/libscp/libscp_v0.c +@@ -161,7 +161,7 @@ scp_v0s_accept(struct SCP_CONNECTION *c, struct SCP_SESSION **s, int skipVchk) + struct SCP_SESSION *session = 0; + tui16 sz; + tui32 code = 0; +- char buf[257]; ++ char *buf = 0; + + if (!skipVchk) + { +@@ -226,27 +226,31 @@ scp_v0s_accept(struct SCP_CONNECTION *c, struct SCP_SESSION **s, int skipVchk) + + /* reading username */ + in_uint16_be(c->in_s, sz); +- buf[sz] = '\0'; ++ buf = g_new0(char, sz); + in_uint8a(c->in_s, buf, sz); +- ++ buf[sz] = '\0'; + if (0 != scp_session_set_username(session, buf)) + { + scp_session_destroy(session); + log_message(LOG_LEVEL_WARNING, "[v0:%d] connection aborted: error setting username", __LINE__); ++ g_free(buf); + return SCP_SERVER_STATE_INTERNAL_ERR; + } ++ g_free(buf); + + /* reading password */ + in_uint16_be(c->in_s, sz); +- buf[sz] = '\0'; ++ buf = g_new0(char, sz); + in_uint8a(c->in_s, buf, sz); +- ++ buf[sz] = '\0'; + if (0 != scp_session_set_password(session, buf)) + { + scp_session_destroy(session); + log_message(LOG_LEVEL_WARNING, "[v0:%d] connection aborted: error setting password", __LINE__); ++ g_free(buf); + return SCP_SERVER_STATE_INTERNAL_ERR; + } ++ g_free(buf); + + /* width */ + in_uint16_be(c->in_s, sz); +@@ -272,9 +276,11 @@ scp_v0s_accept(struct SCP_CONNECTION *c, struct SCP_SESSION **s, int skipVchk) + + if (sz > 0) + { ++ buf = g_new0(char, sz); + in_uint8a(c->in_s, buf, sz); + buf[sz] = '\0'; + scp_session_set_domain(session, buf); ++ g_free(buf); + } + } + +@@ -285,9 +291,11 @@ scp_v0s_accept(struct SCP_CONNECTION *c, struct SCP_SESSION **s, int skipVchk) + + if (sz > 0) + { ++ buf = g_new0(char, sz); + in_uint8a(c->in_s, buf, sz); + buf[sz] = '\0'; + scp_session_set_program(session, buf); ++ g_free(buf); + } + } + +@@ -298,9 +306,11 @@ scp_v0s_accept(struct SCP_CONNECTION *c, struct SCP_SESSION **s, int skipVchk) + + if (sz > 0) + { ++ buf = g_new0(char, sz); + in_uint8a(c->in_s, buf, sz); + buf[sz] = '\0'; + scp_session_set_directory(session, buf); ++ g_free(buf); + } + } + +@@ -311,9 +321,11 @@ scp_v0s_accept(struct SCP_CONNECTION *c, struct SCP_SESSION **s, int skipVchk) + + if (sz > 0) + { ++ buf = g_new0(char, sz); + in_uint8a(c->in_s, buf, sz); + buf[sz] = '\0'; + scp_session_set_client_ip(session, buf); ++ g_free(buf); + } + } + } +@@ -332,29 +344,35 @@ scp_v0s_accept(struct SCP_CONNECTION *c, struct SCP_SESSION **s, int skipVchk) + scp_session_set_type(session, SCP_GW_AUTHENTICATION); + /* reading username */ + in_uint16_be(c->in_s, sz); +- buf[sz] = '\0'; ++ buf = g_new0(char, sz); + in_uint8a(c->in_s, buf, sz); ++ buf[sz] = '\0'; + + /* g_writeln("Received user name: %s",buf); */ + if (0 != scp_session_set_username(session, buf)) + { + scp_session_destroy(session); + /* until syslog merge log_message(s_log, LOG_LEVEL_WARNING, "[v0:%d] connection aborted: error setting username", __LINE__);*/ ++ g_free(buf); + return SCP_SERVER_STATE_INTERNAL_ERR; + } ++ g_free(buf); + + /* reading password */ + in_uint16_be(c->in_s, sz); +- buf[sz] = '\0'; ++ buf = g_new0(char, sz); + in_uint8a(c->in_s, buf, sz); ++ buf[sz] = '\0'; + + /* g_writeln("Received password: %s",buf); */ + if (0 != scp_session_set_password(session, buf)) + { + scp_session_destroy(session); + /* until syslog merge log_message(s_log, LOG_LEVEL_WARNING, "[v0:%d] connection aborted: error setting password", __LINE__); */ ++ g_free(buf); + return SCP_SERVER_STATE_INTERNAL_ERR; + } ++ g_free(buf); + } + else + { +-- +2.7.4 + diff --git a/meta-openembedded/meta-oe/recipes-support/xrdp/xrdp/0001-Fix-sesman.ini-and-xrdp.ini.patch b/meta-openembedded/meta-oe/recipes-support/xrdp/xrdp/0001-Fix-sesman.ini-and-xrdp.ini.patch new file mode 100644 index 000000000..deaadde8c --- /dev/null +++ b/meta-openembedded/meta-oe/recipes-support/xrdp/xrdp/0001-Fix-sesman.ini-and-xrdp.ini.patch @@ -0,0 +1,75 @@ +From a9c460f158d68c1b3de6a31ce853de5379977695 Mon Sep 17 00:00:00 2001 +From: Lei Maohui <leimaohui@cn.fujitsu.com> +Date: Thu, 30 Nov 2017 11:10:04 +0900 +Subject: [PATCH] Fix sesman.ini and xrdp.ini + +Signed-off-by: Lei Maohui <leimaohui@cn.fujitsu.com> +--- + sesman/sesman.ini | 20 ++++++-------------- + xrdp/xrdp.ini | 10 ---------- + 2 files changed, 6 insertions(+), 24 deletions(-) + +diff --git a/sesman/sesman.ini b/sesman/sesman.ini +index 8225ee4..c09189e 100644 +--- a/sesman/sesman.ini ++++ b/sesman/sesman.ini +@@ -54,12 +54,14 @@ LogLevel=DEBUG + EnableSyslog=1 + SyslogLevel=DEBUG + +-[X11rdp] +-param=X11rdp +-param=-bs ++[Xorg] ++param=Xorg ++param=-config ++param=xrdp/xorg.conf ++param=-noreset + param=-nolisten + param=tcp +-param=-uds ++ + + [Xvnc] + param=Xvnc +@@ -70,16 +72,6 @@ param=-localhost + param=-dpi + param=96 + +-[Xorg] +-param=Xorg +-param=-config +-param=xrdp/xorg.conf +-param=-noreset +-param=-nolisten +-param=tcp +-param=-logfile +-param=.xorgxrdp.%s.log +- + [Chansrv] + ; drive redirection, defaults to xrdp_client if not set + FuseMountName=thinclient_drives +diff --git a/xrdp/xrdp.ini b/xrdp/xrdp.ini +index cb6d7c3..9f63a69 100644 +--- a/xrdp/xrdp.ini ++++ b/xrdp/xrdp.ini +@@ -157,16 +157,6 @@ ip=127.0.0.1 + port=-1 + code=20 + +-[X11rdp] +-name=X11rdp +-lib=libxup.so +-username=ask +-password=ask +-ip=127.0.0.1 +-port=-1 +-xserverbpp=24 +-code=10 +- + [Xvnc] + name=Xvnc + lib=libvnc.so +-- +1.8.4.2 + diff --git a/meta-openembedded/meta-oe/recipes-support/xrdp/xrdp/0001-Fix-the-compile-error.patch b/meta-openembedded/meta-oe/recipes-support/xrdp/xrdp/0001-Fix-the-compile-error.patch new file mode 100644 index 000000000..82b279085 --- /dev/null +++ b/meta-openembedded/meta-oe/recipes-support/xrdp/xrdp/0001-Fix-the-compile-error.patch @@ -0,0 +1,35 @@ +Subject: [PATCH] Fix the make error + +Fix the compile error: + *** No rule to make target '../librfxcodec/src/.libs/librfxencode.a', needed by 'xrdp'. Stop.. + +Signed-off-by: Zheng Ruoqin <zhengrq.fnst@cn.fujitsu.com> +--- + xrdp/Makefile.am | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/xrdp/Makefile.am b/xrdp/Makefile.am +index a259ef3..d5505b2 100644 +--- a/xrdp/Makefile.am ++++ b/xrdp/Makefile.am +@@ -23,7 +23,7 @@ endif + if XRDP_RFXCODEC + AM_CPPFLAGS += -DXRDP_RFXCODEC + AM_CPPFLAGS += -I$(top_srcdir)/librfxcodec/include +-XRDP_EXTRA_LIBS += $(top_builddir)/librfxcodec/src/.libs/librfxencode.a ++XRDP_EXTRA_LIBS += $(top_builddir)/librfxcodec/src/.libs/librfxencode.la + endif + + if XRDP_PIXMAN +@@ -35,7 +35,7 @@ endif + if XRDP_PAINTER + AM_CPPFLAGS += -DXRDP_PAINTER + AM_CPPFLAGS += -I$(top_srcdir)/libpainter/include +-XRDP_EXTRA_LIBS += $(top_builddir)/libpainter/src/.libs/libpainter.a ++XRDP_EXTRA_LIBS += $(top_builddir)/libpainter/src/.libs/libpainter.la + endif + + sbin_PROGRAMS = \ +-- +2.7.4 + diff --git a/meta-openembedded/meta-oe/recipes-support/xrdp/xrdp/xrdp.sysconfig b/meta-openembedded/meta-oe/recipes-support/xrdp/xrdp/xrdp.sysconfig new file mode 100644 index 000000000..39f500a33 --- /dev/null +++ b/meta-openembedded/meta-oe/recipes-support/xrdp/xrdp/xrdp.sysconfig @@ -0,0 +1,4 @@ +# put some options here + +XRDP_OPTIONS="" +SESMAN_OPTIONS="" |
