commit 12f07fad925f1c1c0c97132b80d0bbbca73c1aaa Author: Jan Palus <at...@pld-linux.org> Date: Thu Oct 21 11:41:21 2021 +0200
up to 2.4.1 freerdp2.spec | 8 ++- openssl3.patch | 150 --------------------------------------------------------- 2 files changed, 3 insertions(+), 155 deletions(-) --- diff --git a/freerdp2.spec b/freerdp2.spec index ddc2bb4..9218e1b 100644 --- a/freerdp2.spec +++ b/freerdp2.spec @@ -36,16 +36,15 @@ Summary: Remote Desktop Protocol client Summary(pl.UTF-8): Klient protokołu RDP Name: freerdp2 -Version: 2.4.0 -Release: 3 +Version: 2.4.1 +Release: 1 License: Apache v2.0 Group: Applications/Communications Source0: https://pub.freerdp.com/releases/freerdp-%{version}.tar.gz -# Source0-md5: fb5556945b41dad362a03b23f330b971 +# Source0-md5: a46c2fd303b9c131120162377e962dbb Patch0: freerdp-opt.patch Patch1: freerdp-gsm.patch Patch2: docbook-xsl.patch -Patch3: openssl3.patch URL: http://www.freerdp.com/ %{?with_directfb:BuildRequires: DirectFB-devel} %{?with_opencl:BuildRequires: OpenCL-devel} @@ -196,7 +195,6 @@ wykorzystujących biblioteki FreeRDP 2. %patch0 -p1 %patch1 -p1 %patch2 -p1 -%patch3 -p1 cat << EOF > xfreerdp.desktop [Desktop Entry] diff --git a/openssl3.patch b/openssl3.patch deleted file mode 100644 index 8c4c74c..0000000 --- a/openssl3.patch +++ /dev/null @@ -1,150 +0,0 @@ -From 26bf2816c3e0daeaf524c47cf0fcda8ae13b65ad Mon Sep 17 00:00:00 2001 -From: Ondrej Holy <oh...@redhat.com> -Date: Wed, 12 May 2021 12:48:15 +0200 -Subject: [PATCH] Fix FIPS mode support and build with OpenSSL 3.0 - -FreeRDP fails to build with OpenSSL 3.0 because of usage of the `FIPS_mode` -and `FIPS_mode_set` functions, which were removed there. Just a note that -the FIPS mode is not supported by OpenSSL 1.1.* although the mentioned -functions are still there (see https://wiki.openssl.org/index.php/FIPS_modules). -Let's make FreeRDP build with OpenSSL 3.0 and fix the FIPS mode support. - -See: https://bugzilla.redhat.com/show_bug.cgi?id=1952937 ---- - winpr/libwinpr/utils/ssl.c | 8 ++++++++ - 1 file changed, 8 insertions(+) - -diff --git a/winpr/libwinpr/utils/ssl.c b/winpr/libwinpr/utils/ssl.c -index 3a859039034..03b23af43ac 100644 ---- a/winpr/libwinpr/utils/ssl.c -+++ b/winpr/libwinpr/utils/ssl.c -@@ -244,9 +244,17 @@ static BOOL winpr_enable_fips(DWORD flags) - #else - WLog_DBG(TAG, "Ensuring openssl fips mode is ENabled"); - -+#if defined(OPENSSL_VERSION_MAJOR) && (OPENSSL_VERSION_MAJOR >= 3) -+ if (!EVP_default_properties_is_fips_enabled(NULL)) -+#else - if (FIPS_mode() != 1) -+#endif - { -+#if defined(OPENSSL_VERSION_MAJOR) && (OPENSSL_VERSION_MAJOR >= 3) -+ if (EVP_set_default_properties(NULL, "fips=yes")) -+#else - if (FIPS_mode_set(1)) -+#endif - WLog_INFO(TAG, "Openssl fips mode ENabled!"); - else - { -From 0c81c73c8d770fd5ffbc541dc176da515b66686b Mon Sep 17 00:00:00 2001 -From: Mike Gilbert <flop...@gentoo.org> -Date: Sun, 1 Aug 2021 12:14:43 -0400 -Subject: [PATCH] winpr: avoid calling FIPS_mode() with OpenSSL 3.0 - -Fixes: 26bf2816c3e0daeaf524c47cf0fcda8ae13b65ad ---- - winpr/libwinpr/utils/ssl.c | 2 ++ - 1 file changed, 2 insertions(+) - -diff --git a/winpr/libwinpr/utils/ssl.c b/winpr/libwinpr/utils/ssl.c -index 03b23af43ac..74ef156e7b0 100644 ---- a/winpr/libwinpr/utils/ssl.c -+++ b/winpr/libwinpr/utils/ssl.c -@@ -364,6 +364,8 @@ BOOL winpr_FIPSMode(void) - { - #if (OPENSSL_VERSION_NUMBER < 0x10001000L) || defined(LIBRESSL_VERSION_NUMBER) - return FALSE; -+#elif defined(OPENSSL_VERSION_MAJOR) && (OPENSSL_VERSION_MAJOR >= 3) -+ return (EVP_default_properties_is_fips_enabled(NULL) == 1); - #else - return (FIPS_mode() == 1); - #endif -From a79e09d97435bfdf4fdd439d76d847ba8dcbb445 Mon Sep 17 00:00:00 2001 -From: Ondrej Holy <oh...@redhat.com> -Date: Tue, 3 Aug 2021 08:39:21 +0200 -Subject: [PATCH 1/2] winpr/crypto: Exit cleanly when EVP_EncryptInit_ex fails - -The `EVP_EncryptInit_ex` function may fail in certain configurations. -Consequently, FreeRDP segfaults in `EVP_CIPHER_CTX_set_key_length`. -Let's handle the `EVP_EncryptInit_ex` failures and exit cleanly in -such case. ---- - winpr/libwinpr/crypto/cipher.c | 13 +++++++++++-- - 1 file changed, 11 insertions(+), 2 deletions(-) - -diff --git a/winpr/libwinpr/crypto/cipher.c b/winpr/libwinpr/crypto/cipher.c -index c47595b145d..bd52cfeedb6 100644 ---- a/winpr/libwinpr/crypto/cipher.c -+++ b/winpr/libwinpr/crypto/cipher.c -@@ -66,7 +66,12 @@ static WINPR_RC4_CTX* winpr_RC4_New_Internal(const BYTE* key, size_t keylen, BOO - return NULL; - - EVP_CIPHER_CTX_init((EVP_CIPHER_CTX*)ctx); -- EVP_EncryptInit_ex((EVP_CIPHER_CTX*)ctx, evp, NULL, NULL, NULL); -+ if (EVP_EncryptInit_ex((EVP_CIPHER_CTX*)ctx, evp, NULL, NULL, NULL) != 1) -+ { -+ EVP_CIPHER_CTX_free ((EVP_CIPHER_CTX*)ctx); -+ return NULL; -+ } -+ - /* EVP_CIPH_FLAG_NON_FIPS_ALLOW does not exist before openssl 1.0.1 */ - #if !(OPENSSL_VERSION_NUMBER < 0x10001000L) - -@@ -75,7 +80,11 @@ static WINPR_RC4_CTX* winpr_RC4_New_Internal(const BYTE* key, size_t keylen, BOO - - #endif - EVP_CIPHER_CTX_set_key_length((EVP_CIPHER_CTX*)ctx, keylen); -- EVP_EncryptInit_ex((EVP_CIPHER_CTX*)ctx, NULL, NULL, key, NULL); -+ if (EVP_EncryptInit_ex((EVP_CIPHER_CTX*)ctx, NULL, NULL, key, NULL) != 1) -+ { -+ EVP_CIPHER_CTX_free ((EVP_CIPHER_CTX*)ctx); -+ return NULL; -+ } - #elif defined(WITH_MBEDTLS) && defined(MBEDTLS_ARC4_C) - - if (!(ctx = (WINPR_RC4_CTX*)calloc(1, sizeof(mbedtls_arc4_context)))) - -From e1f63dba5c63302b8a5e9d33c9ffe5580105de72 Mon Sep 17 00:00:00 2001 -From: Ondrej Holy <oh...@redhat.com> -Date: Tue, 3 Aug 2021 08:47:13 +0200 -Subject: [PATCH 2/2] winpr/crypto: Load legacy provider to fix rc4 with - OpenSSL 3.0 - -Currently, the `EVP_EncryptInit_ex` function fails for rc4 with OpenSSL 3.0. -This is becuase rc4 is provided by the legacy provider which is not loaded -by default. Let's explicitly load the legacy provider to make FreeRDP work -with OpenSSL 3.0. - -Relates: https://github.com/openssl/openssl/issues/14392 -Fixes: https://github.com/FreeRDP/FreeRDP/issues/6604 ---- - winpr/libwinpr/crypto/cipher.c | 9 +++++++++ - 1 file changed, 9 insertions(+) - -diff --git a/winpr/libwinpr/crypto/cipher.c b/winpr/libwinpr/crypto/cipher.c -index bd52cfeedb6..75d25a1c79c 100644 ---- a/winpr/libwinpr/crypto/cipher.c -+++ b/winpr/libwinpr/crypto/cipher.c -@@ -29,6 +29,9 @@ - #include <openssl/rc4.h> - #include <openssl/des.h> - #include <openssl/evp.h> -+#if defined(OPENSSL_VERSION_MAJOR) && (OPENSSL_VERSION_MAJOR >= 3) -+#include <openssl/provider.h> -+#endif - #endif - - #ifdef WITH_MBEDTLS -@@ -57,6 +60,12 @@ static WINPR_RC4_CTX* winpr_RC4_New_Internal(const BYTE* key, size_t keylen, BOO - - #if defined(WITH_OPENSSL) - -+ -+#if defined(OPENSSL_VERSION_MAJOR) && (OPENSSL_VERSION_MAJOR >= 3) -+ if (OSSL_PROVIDER_load(NULL, "legacy") == NULL) -+ return NULL; -+#endif -+ - if (!(ctx = (WINPR_RC4_CTX*)EVP_CIPHER_CTX_new())) - return NULL; - ================================================================ ---- gitweb: http://git.pld-linux.org/gitweb.cgi/packages/freerdp2.git/commitdiff/12f07fad925f1c1c0c97132b80d0bbbca73c1aaa _______________________________________________ pld-cvs-commit mailing list pld-cvs-commit@lists.pld-linux.org http://lists.pld-linux.org/mailman/listinfo/pld-cvs-commit