[arch-commits] Commit in rdesktop/trunk (3 files)

Jelle van der Waa jelle at archlinux.org
Mon Feb 11 09:23:31 UTC 2019


    Date: Monday, February 11, 2019 @ 09:23:30
  Author: jelle
Revision: 431724

upgpkg: rdesktop 1.8.4-1


Fix FS#61652, security release.

Modified:
  rdesktop/trunk/PKGBUILD
Deleted:
  rdesktop/trunk/bd6aa6acddf0ba640a49834807872f4cc0d0a773.patch
  rdesktop/trunk/c6e8e1074b8ac57de6c80c4e3ed38e105b4d94f1.patch

------------------------------------------------+
 PKGBUILD                                       |   20 +--
 bd6aa6acddf0ba640a49834807872f4cc0d0a773.patch |  125 -----------------------
 c6e8e1074b8ac57de6c80c4e3ed38e105b4d94f1.patch |   55 ----------
 3 files changed, 7 insertions(+), 193 deletions(-)

Modified: PKGBUILD
===================================================================
--- PKGBUILD	2019-02-11 08:49:17 UTC (rev 431723)
+++ PKGBUILD	2019-02-11 09:23:30 UTC (rev 431724)
@@ -3,29 +3,23 @@
 # Contributor: Dan McGee <dan at archlinux.org>
 
 pkgname=rdesktop
-pkgver=1.8.3
-pkgrel=4
+pkgver=1.8.4
+pkgrel=1
 pkgdesc="An open source client for Windows Remote Desktop Services"
 arch=('x86_64')
 url="http://www.rdesktop.org/"
 license=('GPL3')
 depends=('libao' 'libsamplerate' 'xorg-xrandr' 'pcsclite' 'libgssglue')
-source=("http://downloads.sourceforge.net/${pkgname}/${pkgname}-${pkgver}.tar.gz"
-        rdesktop-send_physical_buttons.diff
-        bd6aa6acddf0ba640a49834807872f4cc0d0a773.patch
-        c6e8e1074b8ac57de6c80c4e3ed38e105b4d94f1.patch
-        )
-md5sums=('86e8b368a7c715e74ded92e0d7912dc5'
-         'cbfb12729e7f28e497afb883cc42022b'
-         '5682991379199228a296b34ba51942a4'
-         '940db07a63df082fbbf3cb509a7c42aa')
+source=(https://github.com/rdesktop/rdesktop/archive/v${pkgver}.tar.gz rdesktop-send_physical_buttons.diff)
+sha512sums=('31f2418bf12164e64bf3fa44089ab49d3ea18ed5b02b09b12b98f0e4f9f331d57c17eed8912df76209bc10c34671aa082f39f18b9e87b5bcc23b1aa90a5d103e'
+            'a51d3d8a048cc5b67d872e9bfee91bfecd055c4bbf202cca3e768eb51dfd12e30e55ccee5431cec6ba20de818e1f0b94d4fe953f43828ee8b84f1fb7e4ffccec')
 
 prepare() {
   cd ${pkgname}-${pkgver}
   # FS#15113
   patch -i "${srcdir}/rdesktop-send_physical_buttons.diff"
-  patch -Np1 -i ${srcdir}/bd6aa6acddf0ba640a49834807872f4cc0d0a773.patch
-  patch -Np1 -i ${srcdir}/c6e8e1074b8ac57de6c80c4e3ed38e105b4d94f1.patch
+  
+  ./bootstrap
 }
 
 build() {

Deleted: bd6aa6acddf0ba640a49834807872f4cc0d0a773.patch
===================================================================
--- bd6aa6acddf0ba640a49834807872f4cc0d0a773.patch	2019-02-11 08:49:17 UTC (rev 431723)
+++ bd6aa6acddf0ba640a49834807872f4cc0d0a773.patch	2019-02-11 09:23:30 UTC (rev 431724)
@@ -1,125 +0,0 @@
-From bd6aa6acddf0ba640a49834807872f4cc0d0a773 Mon Sep 17 00:00:00 2001
-From: Jani Hakala <jjhakala at gmail.com>
-Date: Thu, 16 Jun 2016 14:28:15 +0300
-Subject: [PATCH] Fix OpenSSL 1.1 compability issues
-
-Some data types have been made opaque in OpenSSL version 1.1 so
-stack allocation and accessing struct fields directly does not work.
----
- ssl.c | 65 ++++++++++++++++++++++++++++++++++++++++-------------------------
- 1 file changed, 40 insertions(+), 25 deletions(-)
-
-diff --git a/ssl.c b/ssl.c
-index 4875125..032e9b9 100644
---- a/ssl.c
-+++ b/ssl.c
-@@ -88,7 +88,7 @@ rdssl_rsa_encrypt(uint8 * out, uint8 * in, int len, uint32 modulus_size, uint8 *
- 		  uint8 * exponent)
- {
- 	BN_CTX *ctx;
--	BIGNUM mod, exp, x, y;
-+	BIGNUM *mod, *exp, *x, *y;
- 	uint8 inr[SEC_MAX_MODULUS_SIZE];
- 	int outlen;
- 
-@@ -98,24 +98,24 @@ rdssl_rsa_encrypt(uint8 * out, uint8 * in, int len, uint32 modulus_size, uint8 *
- 	reverse(inr, len);
- 
- 	ctx = BN_CTX_new();
--	BN_init(&mod);
--	BN_init(&exp);
--	BN_init(&x);
--	BN_init(&y);
--
--	BN_bin2bn(modulus, modulus_size, &mod);
--	BN_bin2bn(exponent, SEC_EXPONENT_SIZE, &exp);
--	BN_bin2bn(inr, len, &x);
--	BN_mod_exp(&y, &x, &exp, &mod, ctx);
--	outlen = BN_bn2bin(&y, out);
-+	mod = BN_new();
-+	exp = BN_new();
-+	x = BN_new();
-+	y = BN_new();
-+
-+	BN_bin2bn(modulus, modulus_size, mod);
-+	BN_bin2bn(exponent, SEC_EXPONENT_SIZE, exp);
-+	BN_bin2bn(inr, len, x);
-+	BN_mod_exp(y, x, exp, mod, ctx);
-+	outlen = BN_bn2bin(y, out);
- 	reverse(out, outlen);
- 	if (outlen < (int) modulus_size)
- 		memset(out + outlen, 0, modulus_size - outlen);
- 
--	BN_free(&y);
--	BN_clear_free(&x);
--	BN_free(&exp);
--	BN_free(&mod);
-+	BN_free(y);
-+	BN_clear_free(x);
-+	BN_free(exp);
-+	BN_free(mod);
- 	BN_CTX_free(ctx);
- }
- 
-@@ -146,12 +146,20 @@ rdssl_cert_to_rkey(RDSSL_CERT * cert, uint32 * key_len)
- 
- 	   Kudos to Richard Levitte for the following (. intiutive .) 
- 	   lines of code that resets the OID and let's us extract the key. */
--	nid = OBJ_obj2nid(cert->cert_info->key->algor->algorithm);
-+
-+	X509_PUBKEY *key = NULL;
-+	X509_ALGOR *algor = NULL;
-+
-+	key = X509_get_X509_PUBKEY(cert);
-+	algor = X509_PUBKEY_get0_param(NULL, NULL, 0, &algor, key);
-+
-+	nid = OBJ_obj2nid(algor->algorithm);
-+
- 	if ((nid == NID_md5WithRSAEncryption) || (nid == NID_shaWithRSAEncryption))
- 	{
- 		DEBUG_RDP5(("Re-setting algorithm type to RSA in server certificate\n"));
--		ASN1_OBJECT_free(cert->cert_info->key->algor->algorithm);
--		cert->cert_info->key->algor->algorithm = OBJ_nid2obj(NID_rsaEncryption);
-+		X509_PUBKEY_set0_param(key, OBJ_nid2obj(NID_rsaEncryption),
-+				       0, NULL, NULL, 0);
- 	}
- 	epk = X509_get_pubkey(cert);
- 	if (NULL == epk)
-@@ -201,14 +209,24 @@ rdssl_rkey_get_exp_mod(RDSSL_RKEY * rkey, uint8 * exponent, uint32 max_exp_len,
- {
- 	int len;
- 
--	if ((BN_num_bytes(rkey->e) > (int) max_exp_len) ||
--	    (BN_num_bytes(rkey->n) > (int) max_mod_len))
-+	BIGNUM *e = NULL;
-+	BIGNUM *n = NULL;
-+
-+#if OPENSSL_VERSION_NUMBER < 0x10100000L
-+	e = rkey->e;
-+	n = rkey->n;
-+#else
-+	RSA_get0_key(rkey, &e, &n, NULL);
-+#endif
-+
-+	if ((BN_num_bytes(e) > (int) max_exp_len) ||
-+	    (BN_num_bytes(n) > (int) max_mod_len))
- 	{
- 		return 1;
- 	}
--	len = BN_bn2bin(rkey->e, exponent);
-+	len = BN_bn2bin(e, exponent);
- 	reverse(exponent, len);
--	len = BN_bn2bin(rkey->n, modulus);
-+	len = BN_bn2bin(n, modulus);
- 	reverse(modulus, len);
- 	return 0;
- }
-@@ -229,8 +247,5 @@ void
- rdssl_hmac_md5(const void *key, int key_len, const unsigned char *msg, int msg_len,
- 	       unsigned char *md)
- {
--	HMAC_CTX ctx;
--	HMAC_CTX_init(&ctx);
- 	HMAC(EVP_md5(), key, key_len, msg, msg_len, md, NULL);
--	HMAC_CTX_cleanup(&ctx);
- }

Deleted: c6e8e1074b8ac57de6c80c4e3ed38e105b4d94f1.patch
===================================================================
--- c6e8e1074b8ac57de6c80c4e3ed38e105b4d94f1.patch	2019-02-11 08:49:17 UTC (rev 431723)
+++ c6e8e1074b8ac57de6c80c4e3ed38e105b4d94f1.patch	2019-02-11 09:23:30 UTC (rev 431724)
@@ -1,55 +0,0 @@
-From c6e8e1074b8ac57de6c80c4e3ed38e105b4d94f1 Mon Sep 17 00:00:00 2001
-From: Henrik Andersson <hean01 at cendio.com>
-Date: Mon, 24 Oct 2016 10:24:35 +0200
-Subject: [PATCH] Fix crash in rdssl_cert_to_rkey.
-
-This crash was introduced by merging OpenSSL 1.1 PR done on
-commit 50b39d11. Where algor was overwritten with return value
-of X509_PUBKEY_get0_param(). I also added additional error
-handling for X509_get_X509_PUBKEY.
-
-Thanks to TingPing that found this error in PR.
----
- ssl.c | 15 ++++++++++++++-
- 1 file changed, 14 insertions(+), 1 deletion(-)
-
-diff --git a/ssl.c b/ssl.c
-index 032e9b9..07d7aa5 100644
---- a/ssl.c
-+++ b/ssl.c
-@@ -3,6 +3,7 @@
-    Secure sockets abstraction layer
-    Copyright (C) Matthew Chapman <matthewc.unsw.edu.au> 1999-2008
-    Copyright (C) Jay Sorg <j at american-data.com> 2006-2008
-+   Copyright (C) Henrik Andersson <hean01 at cendio.com> 2016
- 
-    This program is free software: you can redistribute it and/or modify
-    it under the terms of the GNU General Public License as published by
-@@ -140,6 +141,7 @@ rdssl_cert_to_rkey(RDSSL_CERT * cert, uint32 * key_len)
- 	EVP_PKEY *epk = NULL;
- 	RDSSL_RKEY *lkey;
- 	int nid;
-+	int ret;
- 
- 	/* By some reason, Microsoft sets the OID of the Public RSA key to
- 	   the oid for "MD5 with RSA Encryption" instead of "RSA Encryption"
-@@ -151,7 +153,18 @@ rdssl_cert_to_rkey(RDSSL_CERT * cert, uint32 * key_len)
- 	X509_ALGOR *algor = NULL;
- 
- 	key = X509_get_X509_PUBKEY(cert);
--	algor = X509_PUBKEY_get0_param(NULL, NULL, 0, &algor, key);
-+	if (key == NULL)
-+	{
-+		error("Failed to get public key from certificate.\n");
-+		return NULL;
-+	}
-+
-+	ret = X509_PUBKEY_get0_param(NULL, NULL, 0, &algor, key);
-+	if (ret != 1)
-+	{
-+		error("Faild to get algorithm used for public key.\n");
-+		return NULL;
-+	}
- 
- 	nid = OBJ_obj2nid(algor->algorithm);
- 



More information about the arch-commits mailing list