D18566.id.diff
No OneTemporary
Actions

Size

8 KB

Referenced Files

None

Subscribers

None

D18566.id.diff
View Options

	Index: net/rdesktop/Makefile
	===================================================================
	--- net/rdesktop/Makefile
	+++ net/rdesktop/Makefile
	@@ -3,6 +3,7 @@

	PORTNAME= rdesktop
	PORTVERSION= 1.8.3
	+PORTREVISION= 1
	CATEGORIES= net comms ipv6
	MASTER_SITES= SF

	@@ -10,8 +11,9 @@
	COMMENT= RDP client for Windows NT/2000/2003 Terminal Server

	LICENSE= GPLv3
	+LICENSE_FILE= ${WRKSRC}/COPYING

	-USE_XORG= x11
	+USE_XORG= x11 xrandr
	USES= gmake iconv pkgconfig ssl
	CONFIGURE_ARGS+= ${ICONV_CONFIGURE_ARG} --disable-credssp
	GNU_CONFIGURE= yes
	Index: net/rdesktop/distinfo
	===================================================================
	--- net/rdesktop/distinfo
	+++ net/rdesktop/distinfo
	@@ -1,2 +1,3 @@
	+TIMESTAMP = 1529982832
	SHA256 (rdesktop-1.8.3.tar.gz) = 88b20156b34eff5f1b453f7c724e0a3ff9370a599e69c01dc2bf0b5e650eece4
	SIZE (rdesktop-1.8.3.tar.gz) = 320212
	Index: net/rdesktop/files/patch-openssl
	===================================================================
	--- /dev/null
	+++ net/rdesktop/files/patch-openssl
	@@ -0,0 +1,125 @@
	+From bd6aa6acddf0ba640a49834807872f4cc0d0a773 Mon Sep 17 00:00:00 2001
	+From: Jani Hakala <jjhakala@gmail.com>
	+Date: Thu, 16 Jun 2016 14:28:15 +0300
	+Subject: [PATCH] Fix OpenSSL 1.1 compability issues
	+
	+Some data types have been made opaque in OpenSSL version 1.1 so
	+stack allocation and accessing struct fields directly does not work.
	+---
	+ ssl.c \| 65 ++++++++++++++++++++++++++++++++++++++++-------------------------
	+ 1 file changed, 40 insertions(+), 25 deletions(-)
	+
	+diff --git a/ssl.c b/ssl.c
	+index 4875125..032e9b9 100644
	+--- ssl.c.orig
	++++ ssl.c
	+@@ -88,7 +88,7 @@ rdssl_rsa_encrypt(uint8 * out, uint8 * in, int len, uint32 modulus_size, uint8 *
	+ uint8 * exponent)
	+ {
	+ BN_CTX *ctx;
	+- BIGNUM mod, exp, x, y;
	++ BIGNUM mod, exp, x, y;
	+ uint8 inr[SEC_MAX_MODULUS_SIZE];
	+ int outlen;
	+
	+@@ -98,24 +98,24 @@ rdssl_rsa_encrypt(uint8 * out, uint8 * in, int len, uint32 modulus_size, uint8 *
	+ reverse(inr, len);
	+
	+ ctx = BN_CTX_new();
	+- BN_init(&mod);
	+- BN_init(&exp);
	+- BN_init(&x);
	+- BN_init(&y);
	+-
	+- BN_bin2bn(modulus, modulus_size, &mod);
	+- BN_bin2bn(exponent, SEC_EXPONENT_SIZE, &exp);
	+- BN_bin2bn(inr, len, &x);
	+- BN_mod_exp(&y, &x, &exp, &mod, ctx);
	+- outlen = BN_bn2bin(&y, out);
	++ mod = BN_new();
	++ exp = BN_new();
	++ x = BN_new();
	++ y = BN_new();
	++
	++ BN_bin2bn(modulus, modulus_size, mod);
	++ BN_bin2bn(exponent, SEC_EXPONENT_SIZE, exp);
	++ BN_bin2bn(inr, len, x);
	++ BN_mod_exp(y, x, exp, mod, ctx);
	++ outlen = BN_bn2bin(y, out);
	+ reverse(out, outlen);
	+ if (outlen < (int) modulus_size)
	+ memset(out + outlen, 0, modulus_size - outlen);
	+
	+- BN_free(&y);
	+- BN_clear_free(&x);
	+- BN_free(&exp);
	+- BN_free(&mod);
	++ BN_free(y);
	++ BN_clear_free(x);
	++ BN_free(exp);
	++ BN_free(mod);
	+ BN_CTX_free(ctx);
	+ }
	+
	+@@ -146,12 +146,20 @@ rdssl_cert_to_rkey(RDSSL_CERT * cert, uint32 * key_len)
	+
	+ Kudos to Richard Levitte for the following (. intiutive .)
	+ lines of code that resets the OID and let's us extract the key. */
	+- nid = OBJ_obj2nid(cert->cert_info->key->algor->algorithm);
	++
	++ X509_PUBKEY *key = NULL;
	++ X509_ALGOR *algor = NULL;
	++
	++ key = X509_get_X509_PUBKEY(cert);
	++ algor = X509_PUBKEY_get0_param(NULL, NULL, 0, &algor, key);
	++
	++ nid = OBJ_obj2nid(algor->algorithm);
	++
	+ if ((nid == NID_md5WithRSAEncryption) \|\| (nid == NID_shaWithRSAEncryption))
	+ {
	+ DEBUG_RDP5(("Re-setting algorithm type to RSA in server certificate\n"));
	+- ASN1_OBJECT_free(cert->cert_info->key->algor->algorithm);
	+- cert->cert_info->key->algor->algorithm = OBJ_nid2obj(NID_rsaEncryption);
	++ X509_PUBKEY_set0_param(key, OBJ_nid2obj(NID_rsaEncryption),
	++ 0, NULL, NULL, 0);
	+ }
	+ epk = X509_get_pubkey(cert);
	+ if (NULL == epk)
	+@@ -201,14 +209,24 @@ rdssl_rkey_get_exp_mod(RDSSL_RKEY * rkey, uint8 * exponent, uint32 max_exp_len,
	+ {
	+ int len;
	+
	+- if ((BN_num_bytes(rkey->e) > (int) max_exp_len) \|\|
	+- (BN_num_bytes(rkey->n) > (int) max_mod_len))
	++ BIGNUM *e = NULL;
	++ BIGNUM *n = NULL;
	++
	++#if OPENSSL_VERSION_NUMBER < 0x10100000L
	++ e = rkey->e;
	++ n = rkey->n;
	++#else
	++ RSA_get0_key(rkey, &e, &n, NULL);
	++#endif
	++
	++ if ((BN_num_bytes(e) > (int) max_exp_len) \|\|
	++ (BN_num_bytes(n) > (int) max_mod_len))
	+ {
	+ return 1;
	+ }
	+- len = BN_bn2bin(rkey->e, exponent);
	++ len = BN_bn2bin(e, exponent);
	+ reverse(exponent, len);
	+- len = BN_bn2bin(rkey->n, modulus);
	++ len = BN_bn2bin(n, modulus);
	+ reverse(modulus, len);
	+ return 0;
	+ }
	+@@ -229,8 +247,5 @@ void
	+ rdssl_hmac_md5(const void key, int key_len, const unsigned char msg, int msg_len,
	+ unsigned char *md)
	+ {
	+- HMAC_CTX ctx;
	+- HMAC_CTX_init(&ctx);
	+ HMAC(EVP_md5(), key, key_len, msg, msg_len, md, NULL);
	+- HMAC_CTX_cleanup(&ctx);
	+ }
	Index: net/rdesktop/files/patch-openssl2
	===================================================================
	--- /dev/null
	+++ net/rdesktop/files/patch-openssl2
	@@ -0,0 +1,55 @@
	+From c6e8e1074b8ac57de6c80c4e3ed38e105b4d94f1 Mon Sep 17 00:00:00 2001
	+From: Henrik Andersson <hean01@cendio.com>
	+Date: Mon, 24 Oct 2016 10:24:35 +0200
	+Subject: [PATCH] Fix crash in rdssl_cert_to_rkey.
	+
	+This crash was introduced by merging OpenSSL 1.1 PR done on
	+commit 50b39d11. Where algor was overwritten with return value
	+of X509_PUBKEY_get0_param(). I also added additional error
	+handling for X509_get_X509_PUBKEY.
	+
	+Thanks to TingPing that found this error in PR.
	+---
	+ ssl.c \| 15 ++++++++++++++-
	+ 1 file changed, 14 insertions(+), 1 deletion(-)
	+
	+diff --git a/ssl.c b/ssl.c
	+index 032e9b9..07d7aa5 100644
	+--- ssl.c.orig
	++++ ssl.c
	+@@ -3,6 +3,7 @@
	+ Secure sockets abstraction layer
	+ Copyright (C) Matthew Chapman <matthewc.unsw.edu.au> 1999-2008
	+ Copyright (C) Jay Sorg <j@american-data.com> 2006-2008
	++ Copyright (C) Henrik Andersson <hean01@cendio.com> 2016
	+
	+ This program is free software: you can redistribute it and/or modify
	+ it under the terms of the GNU General Public License as published by
	+@@ -140,6 +141,7 @@ rdssl_cert_to_rkey(RDSSL_CERT * cert, uint32 * key_len)
	+ EVP_PKEY *epk = NULL;
	+ RDSSL_RKEY *lkey;
	+ int nid;
	++ int ret;
	+
	+ /* By some reason, Microsoft sets the OID of the Public RSA key to
	+ the oid for "MD5 with RSA Encryption" instead of "RSA Encryption"
	+@@ -151,7 +153,18 @@ rdssl_cert_to_rkey(RDSSL_CERT * cert, uint32 * key_len)
	+ X509_ALGOR *algor = NULL;
	+
	+ key = X509_get_X509_PUBKEY(cert);
	+- algor = X509_PUBKEY_get0_param(NULL, NULL, 0, &algor, key);
	++ if (key == NULL)
	++ {
	++ error("Failed to get public key from certificate.\n");
	++ return NULL;
	++ }
	++
	++ ret = X509_PUBKEY_get0_param(NULL, NULL, 0, &algor, key);
	++ if (ret != 1)
	++ {
	++ error("Faild to get algorithm used for public key.\n");
	++ return NULL;
	++ }
	+
	+ nid = OBJ_obj2nid(algor->algorithm);
	+
	Index: net/rdesktop/files/patch-openssl3
	===================================================================
	--- /dev/null
	+++ net/rdesktop/files/patch-openssl3
	@@ -0,0 +1,70 @@
	+Logical backport of the following patch from rdesktop git, to 1.8.3 release.
	+Significantly, it fixes the reversal of 'n' and 'e' parameters to
	+RSA_get0_key() in rdssl_rkey_get_exp_mod() introduced in files/patch-openssl.
	+
	+From a3dfceefc2c729243b71270e3f503fa2dd57ec8d Mon Sep 17 00:00:00 2001
	+From: Alexander Zakharov <uglym8@gmail.com>
	+Date: Wed, 21 Jun 2017 15:28:31 +0300
	+Subject: [PATCH] Workaround for key caching in OpenSSL > 1.1.0
	+
	+Since v.1.1.0 the key caching has been added to OpenSSL.
	+After X.509 had been parsed there is no point in changing of key
	+algorithm as the key had already been decoded and cached result will
	+be returned anyway. (check crypto/x509/x_pubkey.c: X509_PUBKEY_get0())
	+---
	+ ssl.c \| 34 ++++++++++++++++++++++++++++++++--
	+ 1 file changed, 32 insertions(+), 2 deletions(-)
	+
	+diff --git a/ssl.c b/ssl.c
	+index c248449e..45d8ee42 100644
	+--- ssl.c.orig
	++++ ssl.c
	+@@ -143,6 +143,11 @@
	+ int nid;
	+ int ret;
	+
	++ const unsigned char *p;
	++ int pklen;
	++
	++ RSA *rsa = NULL;
	++
	+ /* By some reason, Microsoft sets the OID of the Public RSA key to
	+ the oid for "MD5 with RSA Encryption" instead of "RSA Encryption"
	+
	+@@ -170,10 +175,27 @@
	+
	+ if ((nid == NID_md5WithRSAEncryption) \|\| (nid == NID_shaWithRSAEncryption))
	+ {
	++#if OPENSSL_VERSION_NUMBER < 0x10100000L
	+ DEBUG_RDP5(("Re-setting algorithm type to RSA in server certificate\n"));
	+ X509_PUBKEY_set0_param(key, OBJ_nid2obj(NID_rsaEncryption),
	+ 0, NULL, NULL, 0);
	++#else
	++ if (!X509_PUBKEY_get0_param(NULL, &p, &pklen, NULL, key)) {
	++ error("failed to get algorithm used for public key.\n");
	++ return NULL;
	++ }
	++
	++ if (!(rsa = d2i_RSAPublicKey(NULL, &p, pklen))) {
	++ error("failed to extract public key from certificate.\n");
	++ return NULL;
	++ }
	++
	++ lkey = RSAPublicKey_dup(rsa);
	++ *key_len = RSA_size(lkey);
	++ return lkey;
	++#endif
	+ }
	++
	+ epk = X509_get_pubkey(cert);
	+ if (NULL == epk)
	+ {
	+@@ -229,7 +251,7 @@
	+ e = rkey->e;
	+ n = rkey->n;
	+ #else
	+- RSA_get0_key(rkey, &e, &n, NULL);
	++ RSA_get0_key(rkey, &n, &e, NULL);
	+ #endif
	+
	+ if ((BN_num_bytes(e) > (int) max_exp_len) \|\|

File Metadata

Mime Type: text/plain
Expires: Tue, Dec 23, 7:21 PM (15 h, 35 m)
Storage Engine: blob
Storage Format: Raw Data
Storage Handle: 27190568
Default Alt Text: D18566.id.diff (8 KB)

D18566.id.diffNo OneTemporaryActions

D18566.id.diffView Options

File Metadata

Event Timeline

D18566.id.diff
No OneTemporary
Actions

D18566.id.diff
View Options