summarylogtreecommitdiffstats
diff options
context:
space:
mode:
authorBrian Bidulock2019-07-26 13:45:44 -0600
committerBrian Bidulock2019-07-26 13:45:44 -0600
commit4d67bd6a10253dcc952ee7634015242f5848fce3 (patch)
tree96fbac09ff5fa009b8c1a9f733d84fb8e235e75b
parent973a9eff819a73a2df40686b16d699f146bfa39a (diff)
downloadaur-4d67bd6a10253dcc952ee7634015242f5848fce3.tar.gz
build with current openssl
-rw-r--r--.SRCINFO8
-rw-r--r--Makefile.patch11
-rw-r--r--PKGBUILD20
-rw-r--r--openssl1.1.patch199
4 files changed, 232 insertions, 6 deletions
diff --git a/.SRCINFO b/.SRCINFO
index b1ca19c62b4..dafe2f0181b 100644
--- a/.SRCINFO
+++ b/.SRCINFO
@@ -1,7 +1,7 @@
pkgbase = ssvnc-nojava
pkgdesc = SSL/SSH VNC viewer no java
pkgver = 1.0.29
- pkgrel = 7
+ pkgrel = 8
url = http://www.karlrunge.com/x11vnc/ssvnc.html
arch = i686
arch = x86_64
@@ -10,7 +10,9 @@ pkgbase = ssvnc-nojava
makedepends = imake
depends = libjpeg>=7
depends = libxaw
+ depends = openssl
depends = tk
+ depends = tcl
optdepends = perl
optdepends = xterm
optdepends = smbclient
@@ -19,7 +21,11 @@ pkgbase = ssvnc-nojava
provides = ssvnc
conflicts = ssvnc
source = http://downloads.sf.net/sourceforge/ssvnc/ssvnc-1.0.29.src.tar.gz
+ source = openssl1.1.patch
+ source = Makefile.patch
md5sums = 52201aeb0417c2a0fe83639e52da6ae5
+ md5sums = 6a119a5748a231f63c96044a2761845f
+ md5sums = 7d35673003f4f25a046c48f803e76e65
pkgname = ssvnc-nojava
diff --git a/Makefile.patch b/Makefile.patch
new file mode 100644
index 00000000000..dea3eca23b9
--- /dev/null
+++ b/Makefile.patch
@@ -0,0 +1,11 @@
+diff -aur ultraftp.orig/Makefile ultraftp/Makefile
+--- ultraftp.orig/Makefile 2019-06-19 18:37:41.913323155 +0200
++++ ultraftp/Makefile 2019-06-19 18:37:47.759989787 +0200
+@@ -3,7 +3,6 @@
+ SOURCES = $(shell echo *.java)
+ CLASSES = $(SOURCES:%.java=%.class)
+ ARCHIVE = ultraftp.jar
+-JC_ARGS = -target 1.4 -source 1.4
+
+ all: $(CLASSES) $(ARCHIVE)
+
diff --git a/PKGBUILD b/PKGBUILD
index 21a9a0a9458..e1ffce51fc9 100644
--- a/PKGBUILD
+++ b/PKGBUILD
@@ -5,22 +5,32 @@
pkgname=ssvnc-nojava
_pkgname=ssvnc
pkgver=1.0.29
-pkgrel=7
+pkgrel=8
pkgdesc="SSL/SSH VNC viewer no java"
arch=('i686' 'x86_64')
url="http://www.karlrunge.com/x11vnc/ssvnc.html"
license=('GPL')
groups=('network')
-depends=('libjpeg>=7' 'libxaw' 'tk')
+depends=('libjpeg>=7' 'libxaw' 'openssl' 'tk' 'tcl')
provides=(${_pkgname})
conflicts=(${_pkgname})
makedepends=('imake')
optdepends=('perl' 'xterm' 'smbclient' 'avahi' 'stunnel')
-source=(http://downloads.sf.net/sourceforge/$_pkgname/$_pkgname-$pkgver.src.tar.gz)
-md5sums=('52201aeb0417c2a0fe83639e52da6ae5')
+source=(http://downloads.sf.net/sourceforge/$_pkgname/$_pkgname-$pkgver.src.tar.gz
+ openssl1.1.patch
+ Makefile.patch)
+md5sums=('52201aeb0417c2a0fe83639e52da6ae5'
+ '6a119a5748a231f63c96044a2761845f'
+ '7d35673003f4f25a046c48f803e76e65')
+
+prepare() {
+ cd "$_pkgname-$pkgver"
+ patch -p1 < "../openssl1.1.patch"
+ patch -p0 < "../Makefile.patch"
+}
build() {
- cd "$srcdir/$_pkgname-$pkgver"
+ cd "$_pkgname-$pkgver"
sed -i '/wr_tool/s/\$(PREFIX)\/\$(LIB)\/\([^/]*$\)/\/usr\/lib\/ssvnc\/\1/' Makefile
make JSRC= config
make JSRC= all
diff --git a/openssl1.1.patch b/openssl1.1.patch
new file mode 100644
index 00000000000..0ee278f9eea
--- /dev/null
+++ b/openssl1.1.patch
@@ -0,0 +1,199 @@
+--- a/vncstorepw/ultravnc_dsm_helper.c
++++ b/vncstorepw/ultravnc_dsm_helper.c
+@@ -414,7 +414,9 @@ void enc_do(char *ciph, char *keyfile, c
+ if (strstr(p, "md5+") == p) {
+ Digest = EVP_md5(); p += strlen("md5+");
+ } else if (strstr(p, "sha+") == p) {
+- Digest = EVP_sha(); p += strlen("sha+");
++ fprintf(stderr, "%s: obsolete hash algorithm: SHA-0\n",
++ prog, s);
++ exit(1);
+ } else if (strstr(p, "sha1+") == p) {
+ Digest = EVP_sha1(); p += strlen("sha1+");
+ } else if (strstr(p, "ripe+") == p) {
+@@ -655,8 +657,10 @@ static void enc_xfer(int sock_fr, int so
+ */
+ unsigned char E_keystr[EVP_MAX_KEY_LENGTH];
+ unsigned char D_keystr[EVP_MAX_KEY_LENGTH];
+- EVP_CIPHER_CTX E_ctx, D_ctx;
+- EVP_CIPHER_CTX *ctx = NULL;
++ //openssl1.1.patch - Do NOT create two context and only use one
++ // - that's silly.
++ //EVP_CIPHER_CTX *E_ctx, *D_ctx;
++ EVP_CIPHER_CTX *ctx;
+
+ unsigned char buf[BSIZE], out[BSIZE];
+ unsigned char *psrc = NULL, *keystr;
+@@ -698,11 +702,14 @@ static void enc_xfer(int sock_fr, int so
+ encsym = encrypt ? "+" : "-";
+
+ /* use the encryption/decryption context variables below */
++ ctx = EVP_CIPHER_CTX_new();
++ if (!ctx) {
++ fprintf(stderr, "Failed to create encryption/decryption context.\n");
++ goto finished;
++ }
+ if (encrypt) {
+- ctx = &E_ctx;
+ keystr = E_keystr;
+ } else {
+- ctx = &D_ctx;
+ keystr = D_keystr;
+ }
+
+@@ -797,7 +804,6 @@ static void enc_xfer(int sock_fr, int so
+ if (whoops) {
+ fprintf(stderr, "%s: %s - WARNING: MSRC4 mode and IGNORING random salt\n", prog, encstr);
+ fprintf(stderr, "%s: %s - WARNING: and initialization vector!!\n", prog, encstr);
+- EVP_CIPHER_CTX_init(ctx);
+ if (pw_in) {
+ /* for pw=xxxx a md5 hash is used */
+ EVP_BytesToKey(Cipher, Digest, NULL, (unsigned char *) keydata,
+@@ -816,7 +822,6 @@ static void enc_xfer(int sock_fr, int so
+
+ EVP_BytesToKey(Cipher, Digest, NULL, (unsigned char *) keydata,
+ keydata_len, 1, keystr, ivec);
+- EVP_CIPHER_CTX_init(ctx);
+ EVP_CipherInit_ex(ctx, Cipher, NULL, keystr, ivec,
+ encrypt);
+ }
+@@ -836,9 +841,9 @@ static void enc_xfer(int sock_fr, int so
+ in_salt = salt;
+ }
+
+- if (ivec_size < Cipher->iv_len && !securevnc) {
++ if (ivec_size < EVP_CIPHER_iv_length(Cipher) && !securevnc) {
+ fprintf(stderr, "%s: %s - WARNING: short IV %d < %d\n",
+- prog, encstr, ivec_size, Cipher->iv_len);
++ prog, encstr, ivec_size, EVP_CIPHER_iv_length(Cipher));
+ }
+
+ /* make the hashed value and place in keystr */
+@@ -877,9 +882,6 @@ static void enc_xfer(int sock_fr, int so
+ }
+
+
+- /* initialize the context */
+- EVP_CIPHER_CTX_init(ctx);
+-
+
+ /* set the cipher & initialize */
+
+@@ -986,6 +988,7 @@ static void enc_xfer(int sock_fr, int so
+ /* transfer done (viewer exited or some error) */
+ finished:
+
++ if (ctx) EVP_CIPHER_CTX_free(ctx);
+ fprintf(stderr, "\n%s: %s - close sock_to\n", prog, encstr);
+ close(sock_to);
+
+@@ -1060,14 +1063,14 @@ static int securevnc_server_rsa_save_dia
+ }
+
+ static char *rsa_md5_sum(unsigned char* rsabuf) {
+- EVP_MD_CTX md;
++ EVP_MD_CTX *md = EVP_MD_CTX_create();
+ char digest[EVP_MAX_MD_SIZE], tmp[16];
+ char md5str[EVP_MAX_MD_SIZE * 8];
+ unsigned int i, size = 0;
+
+- EVP_DigestInit(&md, EVP_md5());
+- EVP_DigestUpdate(&md, rsabuf, SECUREVNC_RSA_PUBKEY_SIZE);
+- EVP_DigestFinal(&md, (unsigned char *)digest, &size);
++ EVP_DigestInit(md, EVP_md5());
++ EVP_DigestUpdate(md, rsabuf, SECUREVNC_RSA_PUBKEY_SIZE);
++ EVP_DigestFinal(md, (unsigned char *)digest, &size);
+
+ memset(md5str, 0, sizeof(md5str));
+ for (i=0; i < size; i++) {
+@@ -1075,6 +1078,7 @@ static char *rsa_md5_sum(unsigned char*
+ sprintf(tmp, "%02x", (int) uc);
+ strcat(md5str, tmp);
+ }
++ EVP_MD_CTX_destroy(md);
+ return strdup(md5str);
+ }
+
+@@ -1184,7 +1188,7 @@ static void sslexit(char *msg) {
+
+ static void securevnc_setup(int conn1, int conn2) {
+ RSA *rsa = NULL;
+- EVP_CIPHER_CTX init_ctx;
++ EVP_CIPHER_CTX *init_ctx = EVP_CIPHER_CTX_new();
+ unsigned char keystr[EVP_MAX_KEY_LENGTH];
+ unsigned char *rsabuf, *rsasav;
+ unsigned char *encrypted_keybuf;
+@@ -1203,6 +1207,8 @@ static void securevnc_setup(int conn1, i
+
+ ERR_load_crypto_strings();
+
++ if (!init_ctx) sslexit("securevnc_setup: EVP_CIPHER_CTX_new() failed");
++
+ /* alloc and read from server the 270 comprising the rsa public key: */
+ rsabuf = (unsigned char *) calloc(SECUREVNC_RSA_PUBKEY_SIZE, 1);
+ rsasav = (unsigned char *) calloc(SECUREVNC_RSA_PUBKEY_SIZE, 1);
+@@ -1323,8 +1329,7 @@ static void securevnc_setup(int conn1, i
+ /*
+ * Back to the work involving the tmp obscuring key:
+ */
+- EVP_CIPHER_CTX_init(&init_ctx);
+- rc = EVP_CipherInit_ex(&init_ctx, EVP_rc4(), NULL, initkey, NULL, 1);
++ rc = EVP_CipherInit_ex(init_ctx, EVP_rc4(), NULL, initkey, NULL, 1);
+ if (rc == 0) {
+ sslexit("securevnc_setup: EVP_CipherInit_ex(init_ctx) failed");
+ }
+@@ -1340,13 +1345,13 @@ static void securevnc_setup(int conn1, i
+ /* decode with the tmp key */
+ if (n > 0) {
+ memset(to_viewer, 0, sizeof(to_viewer));
+- if (EVP_CipherUpdate(&init_ctx, to_viewer, &len, buf, n) == 0) {
++ if (EVP_CipherUpdate(init_ctx, to_viewer, &len, buf, n) == 0) {
+ sslexit("securevnc_setup: EVP_CipherUpdate(init_ctx) failed");
+ exit(1);
+ }
+ to_viewer_len = len;
+ }
+- EVP_CIPHER_CTX_cleanup(&init_ctx);
++ EVP_CIPHER_CTX_free(init_ctx);
+ free(initkey);
+
+ /* print what we would send to the viewer (sent below): */
+@@ -1407,7 +1412,7 @@ static void securevnc_setup(int conn1, i
+
+ if (client_auth_req && client_auth) {
+ RSA *client_rsa = load_client_auth(client_auth);
+- EVP_MD_CTX dctx;
++ EVP_MD_CTX *dctx = EVP_MD_CTX_create();
+ unsigned char digest[EVP_MAX_MD_SIZE], *signature;
+ unsigned int ndig = 0, nsig = 0;
+
+@@ -1421,8 +1426,8 @@ static void securevnc_setup(int conn1, i
+ exit(1);
+ }
+
+- EVP_DigestInit(&dctx, EVP_sha1());
+- EVP_DigestUpdate(&dctx, keystr, SECUREVNC_KEY_SIZE);
++ EVP_DigestInit(dctx, EVP_sha1());
++ EVP_DigestUpdate(dctx, keystr, SECUREVNC_KEY_SIZE);
+ /*
+ * Without something like the following MITM is still possible.
+ * This is because the MITM knows keystr and can use it with
+@@ -1433,7 +1438,7 @@ static void securevnc_setup(int conn1, i
+ * he doesn't have Viewer_ClientAuth.pkey.
+ */
+ if (0) {
+- EVP_DigestUpdate(&dctx, rsasav, SECUREVNC_RSA_PUBKEY_SIZE);
++ EVP_DigestUpdate(dctx, rsasav, SECUREVNC_RSA_PUBKEY_SIZE);
+ if (!keystore_verified) {
+ fprintf(stderr, "securevnc_setup:\n");
+ fprintf(stderr, "securevnc_setup: Warning: even *WITH* Client Authentication in SecureVNC,\n");
+@@ -1456,7 +1461,8 @@ static void securevnc_setup(int conn1, i
+ fprintf(stderr, "securevnc_setup:\n");
+ }
+ }
+- EVP_DigestFinal(&dctx, (unsigned char *)digest, &ndig);
++ EVP_DigestFinal(dctx, (unsigned char *)digest, &ndig);
++ EVP_MD_CTX_destroy(dctx);
+
+ signature = (unsigned char *) calloc(RSA_size(client_rsa), 1);
+ RSA_sign(NID_sha1, digest, ndig, signature, &nsig, client_rsa);