Hello community, here is the log from the commit of package rdesktop for openSUSE:Factory checked in at 2018-02-06 16:47:19 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/rdesktop (Old) and /work/SRC/openSUSE:Factory/.rdesktop.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "rdesktop" Tue Feb 6 16:47:19 2018 rev:34 rq:572340 version:1.8.3 Changes: -------- --- /work/SRC/openSUSE:Factory/rdesktop/rdesktop.changes 2015-08-11 08:27:13.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.rdesktop.new/rdesktop.changes 2018-02-06 16:47:20.849140643 +0100 @@ -1,0 +2,9 @@ +Sat Feb 3 13:41:52 UTC 2018 - [email protected] + +- Added rdesktop-Fix-OpenSSL-1.1-compability-issues.patch + and rdesktop-Fix-crash-in-rdssl_cert_to_rkey.patch to fix + Factory build + +- Added rdesktop-Fix-keymap-script.patch + +------------------------------------------------------------------- New: ---- rdesktop-Fix-OpenSSL-1.1-compability-issues.patch rdesktop-Fix-crash-in-rdssl_cert_to_rkey.patch rdesktop-Fix-keymap-script.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ rdesktop.spec ++++++ --- /var/tmp/diff_new_pack.h9zsL9/_old 2018-02-06 16:47:21.609105082 +0100 +++ /var/tmp/diff_new_pack.h9zsL9/_new 2018-02-06 16:47:21.613104895 +0100 @@ -1,7 +1,7 @@ # # spec file for package rdesktop # -# Copyright (c) 2015 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -26,6 +26,12 @@ Source: http://prdownloads.sourceforge.net/rdesktop/%{name}-%{version}.tar.gz ## FIX-openSUSE: remove "Don't depend on pkg-config" Patch0: rdesktop-fix_pkgconfig_check.patch +# PATCH-FIX-UPSTREAM rdesktop-Fix-OpenSSL-1.1-compability-issues.patch +Patch1: rdesktop-Fix-OpenSSL-1.1-compability-issues.patch +# PATCH-FIX-UPSTREAM rdesktop-Fix-crash-in-rdssl_cert_to_rkey.patch +Patch2: rdesktop-Fix-crash-in-rdssl_cert_to_rkey.patch +# PATCH-FIX-OPENSUSE rdesktop-Fix-keymap-script.patch +Patch3: rdesktop-Fix-keymap-script.patch BuildRequires: alsa-devel BuildRequires: autoconf BuildRequires: automake @@ -49,6 +55,12 @@ %prep %setup -q %patch0 +%if 0%{?suse_version} > 1110 +%patch1 -p1 +%patch2 -p1 +%endif +%patch3 -p1 + ## rpmlint # incorrect-fsf-address /usr/share/rdesktop/keymaps/convert-map perl -p -i -e 's|^# Foundation.*|# Foundation, 51 Franklin Street, Suite 500, Boston, MA 02110-1335, USA|' keymaps/convert-map ++++++ rdesktop-Fix-OpenSSL-1.1-compability-issues.patch ++++++ >From bd6aa6acddf0ba640a49834807872f4cc0d0a773 Mon Sep 17 00:00:00 2001 From: Jani Hakala <[email protected]> Date: Thu, 16 Jun 2016 14:28:15 +0300 Subject: [PATCH] Fix OpenSSL 1.1 compability issues Some data types have been made opaque in OpenSSL version 1.1 so stack allocation and accessing struct fields directly does not work. --- ssl.c | 65 ++++++++++++++++++++++++++++++++++++++++------------------------- 1 file changed, 40 insertions(+), 25 deletions(-) diff --git a/ssl.c b/ssl.c index 4875125..032e9b9 100644 --- a/ssl.c +++ b/ssl.c @@ -88,7 +88,7 @@ rdssl_rsa_encrypt(uint8 * out, uint8 * in, int len, uint32 modulus_size, uint8 * uint8 * exponent) { BN_CTX *ctx; - BIGNUM mod, exp, x, y; + BIGNUM *mod, *exp, *x, *y; uint8 inr[SEC_MAX_MODULUS_SIZE]; int outlen; @@ -98,24 +98,24 @@ rdssl_rsa_encrypt(uint8 * out, uint8 * in, int len, uint32 modulus_size, uint8 * reverse(inr, len); ctx = BN_CTX_new(); - BN_init(&mod); - BN_init(&exp); - BN_init(&x); - BN_init(&y); - - BN_bin2bn(modulus, modulus_size, &mod); - BN_bin2bn(exponent, SEC_EXPONENT_SIZE, &exp); - BN_bin2bn(inr, len, &x); - BN_mod_exp(&y, &x, &exp, &mod, ctx); - outlen = BN_bn2bin(&y, out); + mod = BN_new(); + exp = BN_new(); + x = BN_new(); + y = BN_new(); + + BN_bin2bn(modulus, modulus_size, mod); + BN_bin2bn(exponent, SEC_EXPONENT_SIZE, exp); + BN_bin2bn(inr, len, x); + BN_mod_exp(y, x, exp, mod, ctx); + outlen = BN_bn2bin(y, out); reverse(out, outlen); if (outlen < (int) modulus_size) memset(out + outlen, 0, modulus_size - outlen); - BN_free(&y); - BN_clear_free(&x); - BN_free(&exp); - BN_free(&mod); + BN_free(y); + BN_clear_free(x); + BN_free(exp); + BN_free(mod); BN_CTX_free(ctx); } @@ -146,12 +146,20 @@ rdssl_cert_to_rkey(RDSSL_CERT * cert, uint32 * key_len) Kudos to Richard Levitte for the following (. intiutive .) lines of code that resets the OID and let's us extract the key. */ - nid = OBJ_obj2nid(cert->cert_info->key->algor->algorithm); + + X509_PUBKEY *key = NULL; + X509_ALGOR *algor = NULL; + + key = X509_get_X509_PUBKEY(cert); + algor = X509_PUBKEY_get0_param(NULL, NULL, 0, &algor, key); + + nid = OBJ_obj2nid(algor->algorithm); + if ((nid == NID_md5WithRSAEncryption) || (nid == NID_shaWithRSAEncryption)) { DEBUG_RDP5(("Re-setting algorithm type to RSA in server certificate\n")); - ASN1_OBJECT_free(cert->cert_info->key->algor->algorithm); - cert->cert_info->key->algor->algorithm = OBJ_nid2obj(NID_rsaEncryption); + X509_PUBKEY_set0_param(key, OBJ_nid2obj(NID_rsaEncryption), + 0, NULL, NULL, 0); } epk = X509_get_pubkey(cert); if (NULL == epk) @@ -201,14 +209,24 @@ rdssl_rkey_get_exp_mod(RDSSL_RKEY * rkey, uint8 * exponent, uint32 max_exp_len, { int len; - if ((BN_num_bytes(rkey->e) > (int) max_exp_len) || - (BN_num_bytes(rkey->n) > (int) max_mod_len)) + BIGNUM *e = NULL; + BIGNUM *n = NULL; + +#if OPENSSL_VERSION_NUMBER < 0x10100000L + e = rkey->e; + n = rkey->n; +#else + RSA_get0_key(rkey, &e, &n, NULL); +#endif + + if ((BN_num_bytes(e) > (int) max_exp_len) || + (BN_num_bytes(n) > (int) max_mod_len)) { return 1; } - len = BN_bn2bin(rkey->e, exponent); + len = BN_bn2bin(e, exponent); reverse(exponent, len); - len = BN_bn2bin(rkey->n, modulus); + len = BN_bn2bin(n, modulus); reverse(modulus, len); return 0; } @@ -229,8 +247,5 @@ void rdssl_hmac_md5(const void *key, int key_len, const unsigned char *msg, int msg_len, unsigned char *md) { - HMAC_CTX ctx; - HMAC_CTX_init(&ctx); HMAC(EVP_md5(), key, key_len, msg, msg_len, md, NULL); - HMAC_CTX_cleanup(&ctx); } ++++++ rdesktop-Fix-crash-in-rdssl_cert_to_rkey.patch ++++++ >From c6e8e1074b8ac57de6c80c4e3ed38e105b4d94f1 Mon Sep 17 00:00:00 2001 From: Henrik Andersson <[email protected]> Date: Mon, 24 Oct 2016 10:24:35 +0200 Subject: [PATCH] Fix crash in rdssl_cert_to_rkey. This crash was introduced by merging OpenSSL 1.1 PR done on commit 50b39d11. Where algor was overwritten with return value of X509_PUBKEY_get0_param(). I also added additional error handling for X509_get_X509_PUBKEY. Thanks to TingPing that found this error in PR. --- ssl.c | 15 ++++++++++++++- 1 file changed, 14 insertions(+), 1 deletion(-) diff --git a/ssl.c b/ssl.c index 032e9b9e..07d7aa50 100644 --- a/ssl.c +++ b/ssl.c @@ -3,6 +3,7 @@ Secure sockets abstraction layer Copyright (C) Matthew Chapman <matthewc.unsw.edu.au> 1999-2008 Copyright (C) Jay Sorg <[email protected]> 2006-2008 + Copyright (C) Henrik Andersson <[email protected]> 2016 This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -140,6 +141,7 @@ rdssl_cert_to_rkey(RDSSL_CERT * cert, uint32 * key_len) EVP_PKEY *epk = NULL; RDSSL_RKEY *lkey; int nid; + int ret; /* By some reason, Microsoft sets the OID of the Public RSA key to the oid for "MD5 with RSA Encryption" instead of "RSA Encryption" @@ -151,7 +153,18 @@ rdssl_cert_to_rkey(RDSSL_CERT * cert, uint32 * key_len) X509_ALGOR *algor = NULL; key = X509_get_X509_PUBKEY(cert); - algor = X509_PUBKEY_get0_param(NULL, NULL, 0, &algor, key); + if (key == NULL) + { + error("Failed to get public key from certificate.\n"); + return NULL; + } + + ret = X509_PUBKEY_get0_param(NULL, NULL, 0, &algor, key); + if (ret != 1) + { + error("Faild to get algorithm used for public key.\n"); + return NULL; + } nid = OBJ_obj2nid(algor->algorithm); ++++++ rdesktop-Fix-keymap-script.patch ++++++ Index: rdesktop-1.8.3/keymaps/convert-map =================================================================== --- rdesktop-1.8.3.orig/keymaps/convert-map +++ rdesktop-1.8.3/keymaps/convert-map @@ -1,4 +1,5 @@ -#!/usr/bin/env python2 +#!/usr/bin/python2 +# -*- coding: utf-8 -*- # -*-Python-*- # # Copyright 2001 Peter Åstrand <[email protected]> for Cendio AB
