diff options
Diffstat (limited to 'source/xap/rdesktop')
-rw-r--r-- | source/xap/rdesktop/02-Fix-OpenSSL-1.1-compability-issues.patch | 125 | ||||
-rwxr-xr-x | source/xap/rdesktop/rdesktop.SlackBuild | 26 | ||||
-rw-r--r-- | source/xap/rdesktop/slack-desc | 8 |
3 files changed, 147 insertions, 12 deletions
diff --git a/source/xap/rdesktop/02-Fix-OpenSSL-1.1-compability-issues.patch b/source/xap/rdesktop/02-Fix-OpenSSL-1.1-compability-issues.patch new file mode 100644 index 00000000..17c41eef --- /dev/null +++ b/source/xap/rdesktop/02-Fix-OpenSSL-1.1-compability-issues.patch @@ -0,0 +1,125 @@ +From bd6aa6acddf0ba640a49834807872f4cc0d0a773 Mon Sep 17 00:00:00 2001 +From: Jani Hakala <jjhakala@gmail.com> +Date: Thu, 16 Jun 2016 14:28:15 +0300 +Subject: [PATCH] Fix OpenSSL 1.1 compability issues + +Some data types have been made opaque in OpenSSL version 1.1 so +stack allocation and accessing struct fields directly does not work. +--- + ssl.c | 65 ++++++++++++++++++++++++++++++++++++++++------------------------- + 1 file changed, 40 insertions(+), 25 deletions(-) + +diff --git a/ssl.c b/ssl.c +index 4875125..032e9b9 100644 +--- a/ssl.c ++++ b/ssl.c +@@ -88,7 +88,7 @@ rdssl_rsa_encrypt(uint8 * out, uint8 * in, int len, uint32 modulus_size, uint8 * + uint8 * exponent) + { + BN_CTX *ctx; +- BIGNUM mod, exp, x, y; ++ BIGNUM *mod, *exp, *x, *y; + uint8 inr[SEC_MAX_MODULUS_SIZE]; + int outlen; + +@@ -98,24 +98,24 @@ rdssl_rsa_encrypt(uint8 * out, uint8 * in, int len, uint32 modulus_size, uint8 * + reverse(inr, len); + + ctx = BN_CTX_new(); +- BN_init(&mod); +- BN_init(&exp); +- BN_init(&x); +- BN_init(&y); +- +- BN_bin2bn(modulus, modulus_size, &mod); +- BN_bin2bn(exponent, SEC_EXPONENT_SIZE, &exp); +- BN_bin2bn(inr, len, &x); +- BN_mod_exp(&y, &x, &exp, &mod, ctx); +- outlen = BN_bn2bin(&y, out); ++ mod = BN_new(); ++ exp = BN_new(); ++ x = BN_new(); ++ y = BN_new(); ++ ++ BN_bin2bn(modulus, modulus_size, mod); ++ BN_bin2bn(exponent, SEC_EXPONENT_SIZE, exp); ++ BN_bin2bn(inr, len, x); ++ BN_mod_exp(y, x, exp, mod, ctx); ++ outlen = BN_bn2bin(y, out); + reverse(out, outlen); + if (outlen < (int) modulus_size) + memset(out + outlen, 0, modulus_size - outlen); + +- BN_free(&y); +- BN_clear_free(&x); +- BN_free(&exp); +- BN_free(&mod); ++ BN_free(y); ++ BN_clear_free(x); ++ BN_free(exp); ++ BN_free(mod); + BN_CTX_free(ctx); + } + +@@ -146,12 +146,20 @@ rdssl_cert_to_rkey(RDSSL_CERT * cert, uint32 * key_len) + + Kudos to Richard Levitte for the following (. intiutive .) + lines of code that resets the OID and let's us extract the key. */ +- nid = OBJ_obj2nid(cert->cert_info->key->algor->algorithm); ++ ++ X509_PUBKEY *key = NULL; ++ X509_ALGOR *algor = NULL; ++ ++ key = X509_get_X509_PUBKEY(cert); ++ algor = X509_PUBKEY_get0_param(NULL, NULL, 0, &algor, key); ++ ++ nid = OBJ_obj2nid(algor->algorithm); ++ + if ((nid == NID_md5WithRSAEncryption) || (nid == NID_shaWithRSAEncryption)) + { + DEBUG_RDP5(("Re-setting algorithm type to RSA in server certificate\n")); +- ASN1_OBJECT_free(cert->cert_info->key->algor->algorithm); +- cert->cert_info->key->algor->algorithm = OBJ_nid2obj(NID_rsaEncryption); ++ X509_PUBKEY_set0_param(key, OBJ_nid2obj(NID_rsaEncryption), ++ 0, NULL, NULL, 0); + } + epk = X509_get_pubkey(cert); + if (NULL == epk) +@@ -201,14 +209,24 @@ rdssl_rkey_get_exp_mod(RDSSL_RKEY * rkey, uint8 * exponent, uint32 max_exp_len, + { + int len; + +- if ((BN_num_bytes(rkey->e) > (int) max_exp_len) || +- (BN_num_bytes(rkey->n) > (int) max_mod_len)) ++ BIGNUM *e = NULL; ++ BIGNUM *n = NULL; ++ ++#if OPENSSL_VERSION_NUMBER < 0x10100000L ++ e = rkey->e; ++ n = rkey->n; ++#else ++ RSA_get0_key(rkey, &e, &n, NULL); ++#endif ++ ++ if ((BN_num_bytes(e) > (int) max_exp_len) || ++ (BN_num_bytes(n) > (int) max_mod_len)) + { + return 1; + } +- len = BN_bn2bin(rkey->e, exponent); ++ len = BN_bn2bin(e, exponent); + reverse(exponent, len); +- len = BN_bn2bin(rkey->n, modulus); ++ len = BN_bn2bin(n, modulus); + reverse(modulus, len); + return 0; + } +@@ -229,8 +247,5 @@ void + rdssl_hmac_md5(const void *key, int key_len, const unsigned char *msg, int msg_len, + unsigned char *md) + { +- HMAC_CTX ctx; +- HMAC_CTX_init(&ctx); + HMAC(EVP_md5(), key, key_len, msg, msg_len, md, NULL); +- HMAC_CTX_cleanup(&ctx); + } diff --git a/source/xap/rdesktop/rdesktop.SlackBuild b/source/xap/rdesktop/rdesktop.SlackBuild index 068573dd..1b3fed84 100755 --- a/source/xap/rdesktop/rdesktop.SlackBuild +++ b/source/xap/rdesktop/rdesktop.SlackBuild @@ -1,6 +1,6 @@ -#!/bin/sh +#!/bin/bash -# Copyright 2006, 2008, 2009, 2011, 2012, 2013, 2014 Patrick J. Volkerding, Sebeka, MN, USA +# Copyright 2006, 2008, 2009, 2011, 2012, 2013, 2014, 2018 Patrick J. Volkerding, Sebeka, MN, USA # All rights reserved. # # Redistribution and use of this script, with or without modification, is @@ -20,23 +20,32 @@ # OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF # ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +cd $(dirname $0) ; CWD=$(pwd) PKGNAM=rdesktop VERSION=${VERSION:-$(echo $PKGNAM-*.tar.?z* | rev | cut -f 3- -d . | cut -f 1 -d - | rev)} -BUILD=${BUILD:-1} +BUILD=${BUILD:-3} # Automatically determine the architecture we're building on: if [ -z "$ARCH" ]; then case "$( uname -m )" in - i?86) export ARCH=i486 ;; + i?86) export ARCH=i586 ;; arm*) export ARCH=arm ;; # Unless $ARCH is already set, use uname -m for all other archs: *) export ARCH=$( uname -m ) ;; esac fi -if [ "$ARCH" = "i486" ]; then - SLKCFLAGS="-O2 -march=i486 -mtune=i686" +# If the variable PRINT_PACKAGE_NAME is set, then this script will report what +# the name of the created package would be, and then exit. This information +# could be useful to other scripts. +if [ ! -z "${PRINT_PACKAGE_NAME}" ]; then + echo "$PKGNAM-$VERSION-$ARCH-$BUILD.txz" + exit 0 +fi + +if [ "$ARCH" = "i586" ]; then + SLKCFLAGS="-O2 -march=i586 -mtune=i686" LIBDIRSUFFIX="" elif [ "$ARCH" = "s390" ]; then SLKCFLAGS="-O2" @@ -48,7 +57,6 @@ fi NUMJOBS=${NUMJOBS:-" -j7 "} -CWD=$(pwd) TMP=${TMP:-/tmp} PKG=$TMP/package-${PKGNAM} rm -rf $PKG @@ -59,6 +67,8 @@ rm -rf ${PKGNAM}-${VERSION} tar xvf $CWD/${PKGNAM}-$VERSION.tar.?z* || exit 1 cd ${PKGNAM}-$VERSION || exit 1 +zcat $CWD/02-Fix-OpenSSL-1.1-compability-issues.patch.gz | patch -p1 --verbose || exit 1 + # Make sure ownerships and permissions are sane: chown -R root:root . find . \ @@ -77,7 +87,7 @@ CFLAGS="$SLKCFLAGS" \ --disable-credssp \ --with-ipv6 \ --mandir=/usr/man \ - --build=$ARCH-slackware-linux + --build=$ARCH-slackware-linux || exit 1 # Build and install: make $NUMJOBS || make || exit 1 diff --git a/source/xap/rdesktop/slack-desc b/source/xap/rdesktop/slack-desc index 283da1cd..aa2660c4 100644 --- a/source/xap/rdesktop/slack-desc +++ b/source/xap/rdesktop/slack-desc @@ -1,8 +1,8 @@ # HOW TO EDIT THIS FILE: -# The "handy ruler" below makes it easier to edit a package description. Line +# The "handy ruler" below makes it easier to edit a package description. Line # up the first '|' above the ':' following the base package name, and the '|' -# on the right side marks the last column you can put a character in. You must -# make exactly 11 lines for the formatting to be correct. It's also +# on the right side marks the last column you can put a character in. You must +# make exactly 11 lines for the formatting to be correct. It's also # customary to leave one space after the ':'. |-----handy-ruler------------------------------------------------------| @@ -12,7 +12,7 @@ rdesktop: rdesktop is a client for Remote Desktop Protocol (RDP), used in a rdesktop: number of Microsoft products including Windows NT Terminal Server, rdesktop: Windows 2000 Server, Windows XP, and Windows 2003 Server. rdesktop: -rdesktop: For more information, see: http://www.rdesktop.org +rdesktop: For more information, see: http://www.rdesktop.org rdesktop: rdesktop: rdesktop: |