Package: xrdp Version: 0.9.1-9 Severity: important Tags: patch Dear Maintainer,
I am experiencing quite a nasty bug with xrdp Debian Stretch which causes heavy CPU usage on some occasions. As such I cannot use it in production. I am running/testing this on a minimal Debian LXDE-core installation. Can you please check the following thread (https://github.com/neutrinolabs/xrdp/issues/872). It explains all the details. It is suggested by the developers to apply a small patch. And also to upgrade the unstable Debian branch to the latest version (0.9.4 instead of 0.9.1). I am also attaching the config files. They are default with extra things disabled to keep the footprint and functionality minimal. -- System Information: Debian Release: 9.1 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 4.9.0-3-amd64 (SMP w/1 CPU core) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US:en (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages xrdp depends on: ii adduser 3.115 ii init-system-helpers 1.48 ii libc6 2.24-11+deb9u1 ii libfuse2 2.9.7-1 ii libjpeg62-turbo 1:1.5.1-2 ii libopus0 1.2~alpha2-1 ii libpam0g 1.1.8-3.6 ii libssl1.1 1.1.0f-3 ii libx11-6 2:1.6.4-3 ii libxfixes3 1:5.0.3-1 ii libxrandr2 2:1.5.1-1 ii lsb-base 9.20161125 ii ssl-cert 1.0.39 Versions of packages xrdp recommends: pn fuse <none> ii xorgxrdp 0.9.1-9 Versions of packages xrdp suggests: pn guacamole <none> Versions of packages xorgxrdp depends on: ii libc6 2.24-11+deb9u1 pn xorg-input-abi-24 <none> ii xserver-xorg-core [xorg-video-abi-23] 2:1.19.2-1+deb9u1 Versions of packages xorgxrdp recommends: ii xorg 1:7.7+19 Versions of packages xrdp is related to: pn vnc-server <none> pn xserver-xorg-legacy <none> -- Configuration Files: /etc/xrdp/sesman.ini changed: [Globals] ListenAddress=127.0.0.1 ListenPort=3350 EnableUserWindowManager=true UserWindowManager=startwm.sh DefaultWindowManager=startwm.sh [Security] AllowRootLogin=true MaxLoginRetry=4 TerminalServerUsers=tsusers TerminalServerAdmins=tsadmins ; When AlwaysGroupCheck=false access will be permitted ; if the group TerminalServerUsers is not defined. AlwaysGroupCheck=false [Sessions] ;; X11DisplayOffset - x11 display number offset ; Type: integer ; Default: 10 X11DisplayOffset=10 ;; MaxSessions - maximum number of connections to an xrdp server ; Type: integer ; Default: 0 MaxSessions=1 ;; KillDisconnected - kill disconnected sessions ; Type: boolean ; Default: false ; if 1, true, or yes, kill session after 60 seconds KillDisconnected=false ;; IdleTimeLimit - when to disconnect idle sessions ; Type: integer ; Default: 0 ; if not zero, the seconds without mouse or keyboard input before disconnect ; not complete yet IdleTimeLimit=0 ;; DisconnectedTimeLimit - when to kill idle sessions ; Type: integer ; Default: 0 ; if not zero, the seconds before a disconnected session is killed ; min 60 seconds DisconnectedTimeLimit=0 ;; Policy - session allocation policy ; Type: enum [ "Default" | "UBD" | "UBI" | "UBC" | "UBDI" | "UBDC" ] ; Default: Xrdp:<User,BitPerPixel> and Xvnc:<User,BitPerPixel,DisplaySize> ; "UBD" session per <User,BitPerPixel,DisplaySize> ; "UBI" session per <User,BitPerPixel,IPAddr> ; "UBC" session per <User,BitPerPixel,Connection> ; "UBDI" session per <User,BitPerPixel,DisplaySize,IPAddr> ; "UBDC" session per <User,BitPerPixel,DisplaySize,Connection> Policy=Default [Logging] LogFile=xrdp-sesman.log LogLevel=DEBUG EnableSyslog=1 SyslogLevel=DEBUG [Xorg] param=Xorg param=-config param=xrdp/xorg.conf param=-noreset param=-nolisten param=tcp [Xvnc] param=Xvnc param=-bs param=-nolisten param=tcp param=-localhost param=-dpi param=96 [Chansrv] ; drive redirection, defaults to xrdp_client if not set FuseMountName=thinclient_drives [SessionVariables] PULSE_SCRIPT=/etc/xrdp/pulse/default.pa /etc/xrdp/xrdp.ini changed: [Globals] ; xrdp.ini file version number ini_version=1 ; fork a new process for each incoming connection fork=false ; tcp port to listen port=3389 ; regulate if the listening socket use socket option tcp_nodelay ; no buffering will be performed in the TCP stack tcp_nodelay=true ; regulate if the listening socket use socket option keepalive ; if the network connection disappear without close messages the connection will be closed tcp_keepalive=true ; security layer can be 'tls', 'rdp' or 'negotiate' ; for client compatible layer security_layer=negotiate ; minimum security level allowed for client ; can be 'none', 'low', 'medium', 'high', 'fips' crypt_level=high ; X.509 certificate and private key ; openssl req -x509 -newkey rsa:2048 -nodes -keyout key.pem -out cert.pem -days 365 certificate= key_file= ; specify whether SSLv3 should be disabled ; set TLS cipher suites ; Section name to use for automatic login if the client sends username ; and password. If empty, the domain name sent by the client is used. ; If empty and no domain name is given, the first suitable section in ; this file will be used. autorun= allow_channels=true allow_multimon=true bitmap_cache=true bitmap_compression=true bulk_compression=true max_bpp=32 new_cursors=true ; fastpath - can be 'input', 'output', 'both', 'none' use_fastpath=both ; when true, userid/password *must* be passed on cmd line ; You can set the PAM error text in a gateway setup (MAX 256 chars) ; ; colors used by windows in RGB format ; blue=009cb5 grey=dedede ; ; configure login screen ; ; Login Screen Window Title ; top level window background color in RGB format ls_top_window_bg_color=009cb5 ; width and height of login screen ls_width=350 ls_height=430 ; login screen background color in RGB format ls_bg_color=dedede ; optional background image filename (bmp format). ; logo ; full path to bmp-file or file in shared folder ls_logo_filename= ls_logo_x_pos=55 ls_logo_y_pos=50 ; for positioning labels such as username, password etc ls_label_x_pos=30 ls_label_width=60 ; for positioning text and combo boxes next to above labels ls_input_x_pos=110 ls_input_width=210 ; y pos for first label and combo box ls_input_y_pos=220 ; OK button ls_btn_ok_x_pos=142 ls_btn_ok_y_pos=370 ls_btn_ok_width=85 ls_btn_ok_height=30 ; Cancel button ls_btn_cancel_x_pos=237 ls_btn_cancel_y_pos=370 ls_btn_cancel_width=85 ls_btn_cancel_height=30 [Logging] LogFile=xrdp.log LogLevel=DEBUG EnableSyslog=true SyslogLevel=DEBUG ; LogLevel and SysLogLevel could by any of: core, error, warning, info or debug [Channels] ; Channel names not listed here will be blocked by XRDP. ; You can block any channel by setting its value to false. ; IMPORTANT! All channels are not supported in all use ; cases even if you set all values to true. ; You can override these settings on each session type ; These settings are only used if allow_channels=true rdpdr=false rdpsnd=false drdynvc=false cliprdr=true rail=false xrdpvr=false tcutils=false ; for debugging xrdp, in section xrdp1, change port=-1 to this: ; for debugging xrdp, add following line to section xrdp1 ; ; Session types ; [Xorg] name=Xorg lib=libxup.so username=ask password=ask ip=127.0.0.1 port=-1 code=20 ; You can override the common channel settings for each session type /etc/xrdp/xrdp_keyboard.ini changed: ; ; RDP Keyboard <-> X11 Keyboard layout map ; ; How this file works: ; 1. load the file and scan each section to find matching "keyboard_type" ; and "keyboard_subtype" based on the values received from the client. ; If not found, then jump to default section. ; 2. in the selected section, look for "rdp_layouts" and "layouts_map". ; Based on the "keylayout" value from the client, find the right x11 ; layout value. ; 3. model/variant are inferred based on the "keyboard_type" and ; "keyboard_subtype", but they can be overridden. ; ; ; RDP Keyboard Type (http://msdn.microsoft.com/en-us/library/cc240563.aspx) ; ; 0 is not a valid value ; ; 1 - IBM PC/XT or compatible (83-key) keyboard ; 2 - Olivetti "ICO" (102-key) keyboard ; 3 - IBM PC/AT (84-key) or similar keyboard ; 4 - IBM enhanced (101- or 102-key) keyboard ; 5 - Nokia 1050 and similar keyboards ; 6 - Nokia 9140 and similar keyboards ; 7 - Japanese keyboard ; ; RDP Keyboard Subtype is vendor dependent. XRDP defines as follows: ; ; 0 is not a valid value ; ; 1 - Standard ; 2 - FreeRDP JP keyboard ; 3 - Macintosh ; ... - < any vendor dependent subtype > ; ; The list can be augmented. ; ; default [default] ; keyboard_type and keyboard_subtype is not read for default section. It ; is only a placeholder to keep consistency. Default model/variant are ; platform dependent, and could be overridden if needed. keyboard_type=0 keyboard_subtype=0 ; user could override variant and model, but generally they should be inferred ; automatically based on keyboard type and subtype ;variant= ;model= ; A list of supported RDP keyboard layouts rdp_layouts=default_rdp_layouts ; The map from RDP keyboard layout to X11 keyboard layout layouts_map=default_layouts_map [default_rdp_layouts] rdp_layout_us=0x00000409 rdp_layout_de=0x00000407 rdp_layout_fr=0x0000040C rdp_layout_it=0x00000410 rdp_layout_jp=0x00000411 rdp_layout_jp=0xe0010411 rdp_layout_jp=0xe0200411 rdp_layout_jp=0xe0210411 rdp_layout_kr=0x00000412 rdp_layout_ru=0x00000419 rdp_layout_se=0x0000041D rdp_layout_ch=0x00000807 rdp_layout_pt=0x00000816 rdp_layout_br=0x00000416 rdp_layout_pl=0x00000415 rdp_layout_be=0x00000813 ; <rdp layout name> = <X11 keyboard layout value> [default_layouts_map] rdp_layout_us=us rdp_layout_de=de rdp_layout_fr=fr rdp_layout_it=it rdp_layout_jp=jp rdp_layout_kr=kr rdp_layout_ru=ru rdp_layout_se=se rdp_layout_ch=ch rdp_layout_pt=pt rdp_layout_br=br(abnt2) rdp_layout_pl=pl rdp_layout_be=be ; if two sections have the same keyboard_type and keyboard_subtype, then ; the latter could override the former. [rdp_keyboard_mac] keyboard_type=4 keyboard_subtype=3 rdp_layouts=default_rdp_layouts layouts_map=rdp_layouts_map_mac [rdp_keyboard_jp] keyboard_type=7 keyboard_subtype=2 model=pc105 rdp_layouts=default_rdp_layouts layouts_map=default_layouts_map [rdp_layouts_map_mac] rdp_layout_us=us rdp_layout_de=de rdp_layout_fr=fr rdp_layout_jp=jp rdp_layout_kr=kr rdp_layout_it=it rdp_layout_ru=ru rdp_layout_se=se rdp_layout_ch=ch rdp_layout_pt=pt rdp_layout_br=br(abnt2) rdp_layout_pl=pl -- no debconf information
