diff options
author | Dave Cobbley <david.j.cobbley@linux.intel.com> | 2018-08-14 20:05:37 +0300 |
---|---|---|
committer | Brad Bishop <bradleyb@fuzziesquirrel.com> | 2018-08-23 04:26:31 +0300 |
commit | eb8dc40360f0cfef56fb6947cc817a547d6d9bc6 (patch) | |
tree | de291a73dc37168da6370e2cf16c347d1eba9df8 /meta-openembedded/meta-oe/recipes-support/xrdp | |
parent | 9c3cf826d853102535ead04cebc2d6023eff3032 (diff) | |
download | openbmc-eb8dc40360f0cfef56fb6947cc817a547d6d9bc6.tar.xz |
[Subtree] Removing import-layers directory
As part of the move to subtrees, need to bring all the import layers
content to the top level.
Change-Id: I4a163d10898cbc6e11c27f776f60e1a470049d8f
Signed-off-by: Dave Cobbley <david.j.cobbley@linux.intel.com>
Signed-off-by: Brad Bishop <bradleyb@fuzziesquirrel.com>
Diffstat (limited to 'meta-openembedded/meta-oe/recipes-support/xrdp')
6 files changed, 394 insertions, 0 deletions
diff --git a/meta-openembedded/meta-oe/recipes-support/xrdp/xrdp/0001-Added-req_distinguished_name-in-etc-xrdp-openssl.con.patch b/meta-openembedded/meta-oe/recipes-support/xrdp/xrdp/0001-Added-req_distinguished_name-in-etc-xrdp-openssl.con.patch new file mode 100644 index 000000000..5e7fca02a --- /dev/null +++ b/meta-openembedded/meta-oe/recipes-support/xrdp/xrdp/0001-Added-req_distinguished_name-in-etc-xrdp-openssl.con.patch @@ -0,0 +1,33 @@ +From d705b1d666cb8713d86ea6fb2fc45c424128285a Mon Sep 17 00:00:00 2001 +From: Lei Maohui <leimaohui@cn.fujitsu.com> +Date: Fri, 1 Dec 2017 10:24:50 +0900 +Subject: [PATCH] Added req_distinguished_name in /etc/xrdp/openssl.conf, + otherwise, cert.pem can't be created. + +Signed-off-by: Lei Maohui <leimaohui@cn.fujitsu.com> +--- + keygen/openssl.conf | 8 ++++++++ + 1 file changed, 8 insertions(+) + +diff --git a/keygen/openssl.conf b/keygen/openssl.conf +index 09db6c2..f077d72 100644 +--- a/keygen/openssl.conf ++++ b/keygen/openssl.conf +@@ -4,6 +4,14 @@ distinguished_name = req_distinguished_name + x509_extensions = v3_ca + + [req_distinguished_name] ++# Certificate subject ++#countryName = US ++#stateOrProvinceName = CA ++#localityName = Sunnyvale ++#organizationName = xrdp ++#organizationalUnitName = ++commonName = XRDP ++#emailAddress = + + [v3_ca] + # Extensions for a typical CA - PKIX recommendation. +-- +1.8.4.2 + diff --git a/meta-openembedded/meta-oe/recipes-support/xrdp/xrdp/0001-Fix-of-CVE-2017-16927.patch b/meta-openembedded/meta-oe/recipes-support/xrdp/xrdp/0001-Fix-of-CVE-2017-16927.patch new file mode 100644 index 000000000..4c93647f6 --- /dev/null +++ b/meta-openembedded/meta-oe/recipes-support/xrdp/xrdp/0001-Fix-of-CVE-2017-16927.patch @@ -0,0 +1,148 @@ +Subject: [PATCH] Fix CVE-2017-16927 + +sesman: scpv0, accept variable length data fields + +Upstream-Status: Backport + +--- + sesman/libscp/libscp_v0.c | 32 +++++++++++++++++++++++++------- + 1 file changed, 25 insertions(+), 7 deletions(-) + +diff --git a/sesman/libscp/libscp_v0.c b/sesman/libscp/libscp_v0.c +index 5a0c8bf..5693407 100644 +--- a/sesman/libscp/libscp_v0.c ++++ b/sesman/libscp/libscp_v0.c +@@ -161,7 +161,7 @@ scp_v0s_accept(struct SCP_CONNECTION *c, struct SCP_SESSION **s, int skipVchk) + struct SCP_SESSION *session = 0; + tui16 sz; + tui32 code = 0; +- char buf[257]; ++ char *buf = 0; + + if (!skipVchk) + { +@@ -226,27 +226,31 @@ scp_v0s_accept(struct SCP_CONNECTION *c, struct SCP_SESSION **s, int skipVchk) + + /* reading username */ + in_uint16_be(c->in_s, sz); +- buf[sz] = '\0'; ++ buf = g_new0(char, sz); + in_uint8a(c->in_s, buf, sz); +- ++ buf[sz] = '\0'; + if (0 != scp_session_set_username(session, buf)) + { + scp_session_destroy(session); + log_message(LOG_LEVEL_WARNING, "[v0:%d] connection aborted: error setting username", __LINE__); ++ g_free(buf); + return SCP_SERVER_STATE_INTERNAL_ERR; + } ++ g_free(buf); + + /* reading password */ + in_uint16_be(c->in_s, sz); +- buf[sz] = '\0'; ++ buf = g_new0(char, sz); + in_uint8a(c->in_s, buf, sz); +- ++ buf[sz] = '\0'; + if (0 != scp_session_set_password(session, buf)) + { + scp_session_destroy(session); + log_message(LOG_LEVEL_WARNING, "[v0:%d] connection aborted: error setting password", __LINE__); ++ g_free(buf); + return SCP_SERVER_STATE_INTERNAL_ERR; + } ++ g_free(buf); + + /* width */ + in_uint16_be(c->in_s, sz); +@@ -272,9 +276,11 @@ scp_v0s_accept(struct SCP_CONNECTION *c, struct SCP_SESSION **s, int skipVchk) + + if (sz > 0) + { ++ buf = g_new0(char, sz); + in_uint8a(c->in_s, buf, sz); + buf[sz] = '\0'; + scp_session_set_domain(session, buf); ++ g_free(buf); + } + } + +@@ -285,9 +291,11 @@ scp_v0s_accept(struct SCP_CONNECTION *c, struct SCP_SESSION **s, int skipVchk) + + if (sz > 0) + { ++ buf = g_new0(char, sz); + in_uint8a(c->in_s, buf, sz); + buf[sz] = '\0'; + scp_session_set_program(session, buf); ++ g_free(buf); + } + } + +@@ -298,9 +306,11 @@ scp_v0s_accept(struct SCP_CONNECTION *c, struct SCP_SESSION **s, int skipVchk) + + if (sz > 0) + { ++ buf = g_new0(char, sz); + in_uint8a(c->in_s, buf, sz); + buf[sz] = '\0'; + scp_session_set_directory(session, buf); ++ g_free(buf); + } + } + +@@ -311,9 +321,11 @@ scp_v0s_accept(struct SCP_CONNECTION *c, struct SCP_SESSION **s, int skipVchk) + + if (sz > 0) + { ++ buf = g_new0(char, sz); + in_uint8a(c->in_s, buf, sz); + buf[sz] = '\0'; + scp_session_set_client_ip(session, buf); ++ g_free(buf); + } + } + } +@@ -332,29 +344,35 @@ scp_v0s_accept(struct SCP_CONNECTION *c, struct SCP_SESSION **s, int skipVchk) + scp_session_set_type(session, SCP_GW_AUTHENTICATION); + /* reading username */ + in_uint16_be(c->in_s, sz); +- buf[sz] = '\0'; ++ buf = g_new0(char, sz); + in_uint8a(c->in_s, buf, sz); ++ buf[sz] = '\0'; + + /* g_writeln("Received user name: %s",buf); */ + if (0 != scp_session_set_username(session, buf)) + { + scp_session_destroy(session); + /* until syslog merge log_message(s_log, LOG_LEVEL_WARNING, "[v0:%d] connection aborted: error setting username", __LINE__);*/ ++ g_free(buf); + return SCP_SERVER_STATE_INTERNAL_ERR; + } ++ g_free(buf); + + /* reading password */ + in_uint16_be(c->in_s, sz); +- buf[sz] = '\0'; ++ buf = g_new0(char, sz); + in_uint8a(c->in_s, buf, sz); ++ buf[sz] = '\0'; + + /* g_writeln("Received password: %s",buf); */ + if (0 != scp_session_set_password(session, buf)) + { + scp_session_destroy(session); + /* until syslog merge log_message(s_log, LOG_LEVEL_WARNING, "[v0:%d] connection aborted: error setting password", __LINE__); */ ++ g_free(buf); + return SCP_SERVER_STATE_INTERNAL_ERR; + } ++ g_free(buf); + } + else + { +-- +2.7.4 + diff --git a/meta-openembedded/meta-oe/recipes-support/xrdp/xrdp/0001-Fix-sesman.ini-and-xrdp.ini.patch b/meta-openembedded/meta-oe/recipes-support/xrdp/xrdp/0001-Fix-sesman.ini-and-xrdp.ini.patch new file mode 100644 index 000000000..deaadde8c --- /dev/null +++ b/meta-openembedded/meta-oe/recipes-support/xrdp/xrdp/0001-Fix-sesman.ini-and-xrdp.ini.patch @@ -0,0 +1,75 @@ +From a9c460f158d68c1b3de6a31ce853de5379977695 Mon Sep 17 00:00:00 2001 +From: Lei Maohui <leimaohui@cn.fujitsu.com> +Date: Thu, 30 Nov 2017 11:10:04 +0900 +Subject: [PATCH] Fix sesman.ini and xrdp.ini + +Signed-off-by: Lei Maohui <leimaohui@cn.fujitsu.com> +--- + sesman/sesman.ini | 20 ++++++-------------- + xrdp/xrdp.ini | 10 ---------- + 2 files changed, 6 insertions(+), 24 deletions(-) + +diff --git a/sesman/sesman.ini b/sesman/sesman.ini +index 8225ee4..c09189e 100644 +--- a/sesman/sesman.ini ++++ b/sesman/sesman.ini +@@ -54,12 +54,14 @@ LogLevel=DEBUG + EnableSyslog=1 + SyslogLevel=DEBUG + +-[X11rdp] +-param=X11rdp +-param=-bs ++[Xorg] ++param=Xorg ++param=-config ++param=xrdp/xorg.conf ++param=-noreset + param=-nolisten + param=tcp +-param=-uds ++ + + [Xvnc] + param=Xvnc +@@ -70,16 +72,6 @@ param=-localhost + param=-dpi + param=96 + +-[Xorg] +-param=Xorg +-param=-config +-param=xrdp/xorg.conf +-param=-noreset +-param=-nolisten +-param=tcp +-param=-logfile +-param=.xorgxrdp.%s.log +- + [Chansrv] + ; drive redirection, defaults to xrdp_client if not set + FuseMountName=thinclient_drives +diff --git a/xrdp/xrdp.ini b/xrdp/xrdp.ini +index cb6d7c3..9f63a69 100644 +--- a/xrdp/xrdp.ini ++++ b/xrdp/xrdp.ini +@@ -157,16 +157,6 @@ ip=127.0.0.1 + port=-1 + code=20 + +-[X11rdp] +-name=X11rdp +-lib=libxup.so +-username=ask +-password=ask +-ip=127.0.0.1 +-port=-1 +-xserverbpp=24 +-code=10 +- + [Xvnc] + name=Xvnc + lib=libvnc.so +-- +1.8.4.2 + diff --git a/meta-openembedded/meta-oe/recipes-support/xrdp/xrdp/0001-Fix-the-compile-error.patch b/meta-openembedded/meta-oe/recipes-support/xrdp/xrdp/0001-Fix-the-compile-error.patch new file mode 100644 index 000000000..82b279085 --- /dev/null +++ b/meta-openembedded/meta-oe/recipes-support/xrdp/xrdp/0001-Fix-the-compile-error.patch @@ -0,0 +1,35 @@ +Subject: [PATCH] Fix the make error + +Fix the compile error: + *** No rule to make target '../librfxcodec/src/.libs/librfxencode.a', needed by 'xrdp'. Stop.. + +Signed-off-by: Zheng Ruoqin <zhengrq.fnst@cn.fujitsu.com> +--- + xrdp/Makefile.am | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/xrdp/Makefile.am b/xrdp/Makefile.am +index a259ef3..d5505b2 100644 +--- a/xrdp/Makefile.am ++++ b/xrdp/Makefile.am +@@ -23,7 +23,7 @@ endif + if XRDP_RFXCODEC + AM_CPPFLAGS += -DXRDP_RFXCODEC + AM_CPPFLAGS += -I$(top_srcdir)/librfxcodec/include +-XRDP_EXTRA_LIBS += $(top_builddir)/librfxcodec/src/.libs/librfxencode.a ++XRDP_EXTRA_LIBS += $(top_builddir)/librfxcodec/src/.libs/librfxencode.la + endif + + if XRDP_PIXMAN +@@ -35,7 +35,7 @@ endif + if XRDP_PAINTER + AM_CPPFLAGS += -DXRDP_PAINTER + AM_CPPFLAGS += -I$(top_srcdir)/libpainter/include +-XRDP_EXTRA_LIBS += $(top_builddir)/libpainter/src/.libs/libpainter.a ++XRDP_EXTRA_LIBS += $(top_builddir)/libpainter/src/.libs/libpainter.la + endif + + sbin_PROGRAMS = \ +-- +2.7.4 + diff --git a/meta-openembedded/meta-oe/recipes-support/xrdp/xrdp/xrdp.sysconfig b/meta-openembedded/meta-oe/recipes-support/xrdp/xrdp/xrdp.sysconfig new file mode 100644 index 000000000..39f500a33 --- /dev/null +++ b/meta-openembedded/meta-oe/recipes-support/xrdp/xrdp/xrdp.sysconfig @@ -0,0 +1,4 @@ +# put some options here + +XRDP_OPTIONS="" +SESMAN_OPTIONS="" diff --git a/meta-openembedded/meta-oe/recipes-support/xrdp/xrdp_0.9.4.bb b/meta-openembedded/meta-oe/recipes-support/xrdp/xrdp_0.9.4.bb new file mode 100644 index 000000000..3ef7c9853 --- /dev/null +++ b/meta-openembedded/meta-oe/recipes-support/xrdp/xrdp_0.9.4.bb @@ -0,0 +1,99 @@ +SUMMARY = "An open source remote desktop protocol(rdp) server." + +LICENSE = "Apache-2.0" +LIC_FILES_CHKSUM = "file://COPYING;md5=72cfbe4e7bd33a0a1de9630c91195c21 \ +" + +inherit distro_features_check autotools pkgconfig useradd systemd + +DEPENDS = "openssl virtual/libx11 libxfixes libxrandr libpam nasm-native" + +REQUIRED_DISTRO_FEATURES = "x11 pam" + +SRC_URI = "git://github.com/neutrinolabs/xrdp.git \ + file://xrdp.sysconfig \ + file://0001-Fix-sesman.ini-and-xrdp.ini.patch \ + file://0001-Added-req_distinguished_name-in-etc-xrdp-openssl.con.patch \ + file://0001-Fix-the-compile-error.patch \ + file://0001-Fix-of-CVE-2017-16927.patch \ + " + +SRCREV = "c295dd61b882e8b56677cf12791f43634f9190b5" + +PV = "0.9.4+git${SRCPV}" + +S = "${WORKDIR}/git" + +PACKAGECONFIG ??= "" +PACKAGECONFIG[fuse] = " --enable-fuse, --disable-fuse, fuse" + +USERADD_PACKAGES = "${PN}" +GROUPADD_PARAM_${PN} = "--system xrdp" +USERADD_PARAM_${PN} = "--system --home /var/run/xrdp -g xrdp \ + --no-create-home --shell /bin/false xrdp" + +FILES_${PN} += "${datadir}/dbus-1/services/*.service \ + ${datadir}/dbus-1/accessibility-services/*.service " + +FILES_${PN}-dev += "${libdir}/xrdp/libcommon.so \ + ${libdir}/xrdp/libxrdp.so \ + ${libdir}/xrdp/libscp.so \ + ${libdir}/xrdp/libxrdpapi.so " + +EXTRA_OECONF = "--enable-pam-config=suse" + +do_configure_prepend() { + cd ${S} + ./bootstrap + cd - +} + +do_compile_prepend() { + sed -i 's/(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am/(MAKE) $(AM_MAKEFLAGS) install-exec-am/g' ${S}/keygen/Makefile.in +} + + +do_install_append() { + install -d ${D}${sysconfdir} + install -d ${D}${sysconfdir}/xrdp + install -d ${D}${sysconfdir}/xrdp/pam.d + install -d ${D}${sysconfdir}/sysconfig/xrdp + + # deal with systemd unit files + install -d ${D}${systemd_unitdir}/system + install -m 0644 ${S}/instfiles/xrdp.service.in ${D}${systemd_unitdir}/system/xrdp.service + install -m 0644 ${S}/instfiles/xrdp-sesman.service.in ${D}${systemd_unitdir}/system/xrdp-sesman.service + sed -i -e 's,@localstatedir@,${localstatedir},g' ${D}${systemd_unitdir}/system/xrdp.service ${D}${systemd_unitdir}/system/xrdp-sesman.service + sed -i -e 's,@sysconfdir@,${sysconfdir},g' ${D}${systemd_unitdir}/system/xrdp.service ${D}${systemd_unitdir}/system/xrdp-sesman.service + sed -i -e 's,@sbindir@,${sbindir},g' ${D}${systemd_unitdir}/system/xrdp.service ${D}${systemd_unitdir}/system/xrdp-sesman.service + + install -m 0644 ${S}/instfiles/*.ini ${D}${sysconfdir}/xrdp/ + install -m 0644 ${S}/sesman/sesman.ini ${D}${sysconfdir}/xrdp/ + install -m 0644 ${S}/sesman/startwm.sh ${D}${sysconfdir}/xrdp/ + install -m 0644 ${S}/xrdp/xrdp.ini ${D}${sysconfdir}/xrdp/ + install -m 0644 ${S}/xrdp/xrdp_keyboard.ini ${D}${sysconfdir}/xrdp/ + install -m 0644 ${S}/instfiles/xrdp.sh ${D}${sysconfdir}/xrdp/ + install -m 0644 ${S}/keygen/openssl.conf ${D}${sysconfdir}/xrdp/ + install -m 0644 ${WORKDIR}/xrdp.sysconfig ${D}${sysconfdir}/sysconfig/xrdp/ + chown xrdp:xrdp ${D}${sysconfdir}/xrdp +} + +SYSTEMD_SERVICE_${PN} = "xrdp.service xrdp-sesman.service" + +pkg_postinst_${PN}() { + if test -z "$D" + then + if test -x ${bindir}/xrdp-keygen + then + ${bindir}/xrdp-keygen xrdp ${sysconfdir}/xrdp/rsakeys.ini >/dev/null + fi + if test ! -s ${sysconfdir}/xrdp/cert.pem + then + openssl req -x509 -newkey rsa:2048 -sha256 -nodes -days 3652 \ + -keyout ${sysconfdir}/xrdp/key.pem \ + -out ${sysconfdir}/xrdp/cert.pem \ + -config ${sysconfdir}/xrdp/openssl.conf >/dev/null 2>&1 + chmod 400 ${sysconfdir}/xrdp/key.pem + fi + fi +} |