diff options
| -rw-r--r-- | .SRCINFO | 8 | ||||
| -rw-r--r-- | Makefile.patch | 11 | ||||
| -rw-r--r-- | PKGBUILD | 20 | ||||
| -rw-r--r-- | openssl1.1.patch | 199 |
4 files changed, 232 insertions, 6 deletions
@@ -1,7 +1,7 @@ pkgbase = ssvnc-nojava pkgdesc = SSL/SSH VNC viewer no java pkgver = 1.0.29 - pkgrel = 7 + pkgrel = 8 url = http://www.karlrunge.com/x11vnc/ssvnc.html arch = i686 arch = x86_64 @@ -10,7 +10,9 @@ pkgbase = ssvnc-nojava makedepends = imake depends = libjpeg>=7 depends = libxaw + depends = openssl depends = tk + depends = tcl optdepends = perl optdepends = xterm optdepends = smbclient @@ -19,7 +21,11 @@ pkgbase = ssvnc-nojava provides = ssvnc conflicts = ssvnc source = http://downloads.sf.net/sourceforge/ssvnc/ssvnc-1.0.29.src.tar.gz + source = openssl1.1.patch + source = Makefile.patch md5sums = 52201aeb0417c2a0fe83639e52da6ae5 + md5sums = 6a119a5748a231f63c96044a2761845f + md5sums = 7d35673003f4f25a046c48f803e76e65 pkgname = ssvnc-nojava diff --git a/Makefile.patch b/Makefile.patch new file mode 100644 index 000000000000..dea3eca23b97 --- /dev/null +++ b/Makefile.patch @@ -0,0 +1,11 @@ +diff -aur ultraftp.orig/Makefile ultraftp/Makefile +--- ultraftp.orig/Makefile 2019-06-19 18:37:41.913323155 +0200 ++++ ultraftp/Makefile 2019-06-19 18:37:47.759989787 +0200 +@@ -3,7 +3,6 @@ + SOURCES = $(shell echo *.java) + CLASSES = $(SOURCES:%.java=%.class) + ARCHIVE = ultraftp.jar +-JC_ARGS = -target 1.4 -source 1.4 + + all: $(CLASSES) $(ARCHIVE) + @@ -5,22 +5,32 @@ pkgname=ssvnc-nojava _pkgname=ssvnc pkgver=1.0.29 -pkgrel=7 +pkgrel=8 pkgdesc="SSL/SSH VNC viewer no java" arch=('i686' 'x86_64') url="http://www.karlrunge.com/x11vnc/ssvnc.html" license=('GPL') groups=('network') -depends=('libjpeg>=7' 'libxaw' 'tk') +depends=('libjpeg>=7' 'libxaw' 'openssl' 'tk' 'tcl') provides=(${_pkgname}) conflicts=(${_pkgname}) makedepends=('imake') optdepends=('perl' 'xterm' 'smbclient' 'avahi' 'stunnel') -source=(http://downloads.sf.net/sourceforge/$_pkgname/$_pkgname-$pkgver.src.tar.gz) -md5sums=('52201aeb0417c2a0fe83639e52da6ae5') +source=(http://downloads.sf.net/sourceforge/$_pkgname/$_pkgname-$pkgver.src.tar.gz + openssl1.1.patch + Makefile.patch) +md5sums=('52201aeb0417c2a0fe83639e52da6ae5' + '6a119a5748a231f63c96044a2761845f' + '7d35673003f4f25a046c48f803e76e65') + +prepare() { + cd "$_pkgname-$pkgver" + patch -p1 < "../openssl1.1.patch" + patch -p0 < "../Makefile.patch" +} build() { - cd "$srcdir/$_pkgname-$pkgver" + cd "$_pkgname-$pkgver" sed -i '/wr_tool/s/\$(PREFIX)\/\$(LIB)\/\([^/]*$\)/\/usr\/lib\/ssvnc\/\1/' Makefile make JSRC= config make JSRC= all diff --git a/openssl1.1.patch b/openssl1.1.patch new file mode 100644 index 000000000000..0ee278f9eea3 --- /dev/null +++ b/openssl1.1.patch @@ -0,0 +1,199 @@ +--- a/vncstorepw/ultravnc_dsm_helper.c ++++ b/vncstorepw/ultravnc_dsm_helper.c +@@ -414,7 +414,9 @@ void enc_do(char *ciph, char *keyfile, c + if (strstr(p, "md5+") == p) { + Digest = EVP_md5(); p += strlen("md5+"); + } else if (strstr(p, "sha+") == p) { +- Digest = EVP_sha(); p += strlen("sha+"); ++ fprintf(stderr, "%s: obsolete hash algorithm: SHA-0\n", ++ prog, s); ++ exit(1); + } else if (strstr(p, "sha1+") == p) { + Digest = EVP_sha1(); p += strlen("sha1+"); + } else if (strstr(p, "ripe+") == p) { +@@ -655,8 +657,10 @@ static void enc_xfer(int sock_fr, int so + */ + unsigned char E_keystr[EVP_MAX_KEY_LENGTH]; + unsigned char D_keystr[EVP_MAX_KEY_LENGTH]; +- EVP_CIPHER_CTX E_ctx, D_ctx; +- EVP_CIPHER_CTX *ctx = NULL; ++ //openssl1.1.patch - Do NOT create two context and only use one ++ // - that's silly. ++ //EVP_CIPHER_CTX *E_ctx, *D_ctx; ++ EVP_CIPHER_CTX *ctx; + + unsigned char buf[BSIZE], out[BSIZE]; + unsigned char *psrc = NULL, *keystr; +@@ -698,11 +702,14 @@ static void enc_xfer(int sock_fr, int so + encsym = encrypt ? "+" : "-"; + + /* use the encryption/decryption context variables below */ ++ ctx = EVP_CIPHER_CTX_new(); ++ if (!ctx) { ++ fprintf(stderr, "Failed to create encryption/decryption context.\n"); ++ goto finished; ++ } + if (encrypt) { +- ctx = &E_ctx; + keystr = E_keystr; + } else { +- ctx = &D_ctx; + keystr = D_keystr; + } + +@@ -797,7 +804,6 @@ static void enc_xfer(int sock_fr, int so + if (whoops) { + fprintf(stderr, "%s: %s - WARNING: MSRC4 mode and IGNORING random salt\n", prog, encstr); + fprintf(stderr, "%s: %s - WARNING: and initialization vector!!\n", prog, encstr); +- EVP_CIPHER_CTX_init(ctx); + if (pw_in) { + /* for pw=xxxx a md5 hash is used */ + EVP_BytesToKey(Cipher, Digest, NULL, (unsigned char *) keydata, +@@ -816,7 +822,6 @@ static void enc_xfer(int sock_fr, int so + + EVP_BytesToKey(Cipher, Digest, NULL, (unsigned char *) keydata, + keydata_len, 1, keystr, ivec); +- EVP_CIPHER_CTX_init(ctx); + EVP_CipherInit_ex(ctx, Cipher, NULL, keystr, ivec, + encrypt); + } +@@ -836,9 +841,9 @@ static void enc_xfer(int sock_fr, int so + in_salt = salt; + } + +- if (ivec_size < Cipher->iv_len && !securevnc) { ++ if (ivec_size < EVP_CIPHER_iv_length(Cipher) && !securevnc) { + fprintf(stderr, "%s: %s - WARNING: short IV %d < %d\n", +- prog, encstr, ivec_size, Cipher->iv_len); ++ prog, encstr, ivec_size, EVP_CIPHER_iv_length(Cipher)); + } + + /* make the hashed value and place in keystr */ +@@ -877,9 +882,6 @@ static void enc_xfer(int sock_fr, int so + } + + +- /* initialize the context */ +- EVP_CIPHER_CTX_init(ctx); +- + + /* set the cipher & initialize */ + +@@ -986,6 +988,7 @@ static void enc_xfer(int sock_fr, int so + /* transfer done (viewer exited or some error) */ + finished: + ++ if (ctx) EVP_CIPHER_CTX_free(ctx); + fprintf(stderr, "\n%s: %s - close sock_to\n", prog, encstr); + close(sock_to); + +@@ -1060,14 +1063,14 @@ static int securevnc_server_rsa_save_dia + } + + static char *rsa_md5_sum(unsigned char* rsabuf) { +- EVP_MD_CTX md; ++ EVP_MD_CTX *md = EVP_MD_CTX_create(); + char digest[EVP_MAX_MD_SIZE], tmp[16]; + char md5str[EVP_MAX_MD_SIZE * 8]; + unsigned int i, size = 0; + +- EVP_DigestInit(&md, EVP_md5()); +- EVP_DigestUpdate(&md, rsabuf, SECUREVNC_RSA_PUBKEY_SIZE); +- EVP_DigestFinal(&md, (unsigned char *)digest, &size); ++ EVP_DigestInit(md, EVP_md5()); ++ EVP_DigestUpdate(md, rsabuf, SECUREVNC_RSA_PUBKEY_SIZE); ++ EVP_DigestFinal(md, (unsigned char *)digest, &size); + + memset(md5str, 0, sizeof(md5str)); + for (i=0; i < size; i++) { +@@ -1075,6 +1078,7 @@ static char *rsa_md5_sum(unsigned char* + sprintf(tmp, "%02x", (int) uc); + strcat(md5str, tmp); + } ++ EVP_MD_CTX_destroy(md); + return strdup(md5str); + } + +@@ -1184,7 +1188,7 @@ static void sslexit(char *msg) { + + static void securevnc_setup(int conn1, int conn2) { + RSA *rsa = NULL; +- EVP_CIPHER_CTX init_ctx; ++ EVP_CIPHER_CTX *init_ctx = EVP_CIPHER_CTX_new(); + unsigned char keystr[EVP_MAX_KEY_LENGTH]; + unsigned char *rsabuf, *rsasav; + unsigned char *encrypted_keybuf; +@@ -1203,6 +1207,8 @@ static void securevnc_setup(int conn1, i + + ERR_load_crypto_strings(); + ++ if (!init_ctx) sslexit("securevnc_setup: EVP_CIPHER_CTX_new() failed"); ++ + /* alloc and read from server the 270 comprising the rsa public key: */ + rsabuf = (unsigned char *) calloc(SECUREVNC_RSA_PUBKEY_SIZE, 1); + rsasav = (unsigned char *) calloc(SECUREVNC_RSA_PUBKEY_SIZE, 1); +@@ -1323,8 +1329,7 @@ static void securevnc_setup(int conn1, i + /* + * Back to the work involving the tmp obscuring key: + */ +- EVP_CIPHER_CTX_init(&init_ctx); +- rc = EVP_CipherInit_ex(&init_ctx, EVP_rc4(), NULL, initkey, NULL, 1); ++ rc = EVP_CipherInit_ex(init_ctx, EVP_rc4(), NULL, initkey, NULL, 1); + if (rc == 0) { + sslexit("securevnc_setup: EVP_CipherInit_ex(init_ctx) failed"); + } +@@ -1340,13 +1345,13 @@ static void securevnc_setup(int conn1, i + /* decode with the tmp key */ + if (n > 0) { + memset(to_viewer, 0, sizeof(to_viewer)); +- if (EVP_CipherUpdate(&init_ctx, to_viewer, &len, buf, n) == 0) { ++ if (EVP_CipherUpdate(init_ctx, to_viewer, &len, buf, n) == 0) { + sslexit("securevnc_setup: EVP_CipherUpdate(init_ctx) failed"); + exit(1); + } + to_viewer_len = len; + } +- EVP_CIPHER_CTX_cleanup(&init_ctx); ++ EVP_CIPHER_CTX_free(init_ctx); + free(initkey); + + /* print what we would send to the viewer (sent below): */ +@@ -1407,7 +1412,7 @@ static void securevnc_setup(int conn1, i + + if (client_auth_req && client_auth) { + RSA *client_rsa = load_client_auth(client_auth); +- EVP_MD_CTX dctx; ++ EVP_MD_CTX *dctx = EVP_MD_CTX_create(); + unsigned char digest[EVP_MAX_MD_SIZE], *signature; + unsigned int ndig = 0, nsig = 0; + +@@ -1421,8 +1426,8 @@ static void securevnc_setup(int conn1, i + exit(1); + } + +- EVP_DigestInit(&dctx, EVP_sha1()); +- EVP_DigestUpdate(&dctx, keystr, SECUREVNC_KEY_SIZE); ++ EVP_DigestInit(dctx, EVP_sha1()); ++ EVP_DigestUpdate(dctx, keystr, SECUREVNC_KEY_SIZE); + /* + * Without something like the following MITM is still possible. + * This is because the MITM knows keystr and can use it with +@@ -1433,7 +1438,7 @@ static void securevnc_setup(int conn1, i + * he doesn't have Viewer_ClientAuth.pkey. + */ + if (0) { +- EVP_DigestUpdate(&dctx, rsasav, SECUREVNC_RSA_PUBKEY_SIZE); ++ EVP_DigestUpdate(dctx, rsasav, SECUREVNC_RSA_PUBKEY_SIZE); + if (!keystore_verified) { + fprintf(stderr, "securevnc_setup:\n"); + fprintf(stderr, "securevnc_setup: Warning: even *WITH* Client Authentication in SecureVNC,\n"); +@@ -1456,7 +1461,8 @@ static void securevnc_setup(int conn1, i + fprintf(stderr, "securevnc_setup:\n"); + } + } +- EVP_DigestFinal(&dctx, (unsigned char *)digest, &ndig); ++ EVP_DigestFinal(dctx, (unsigned char *)digest, &ndig); ++ EVP_MD_CTX_destroy(dctx); + + signature = (unsigned char *) calloc(RSA_size(client_rsa), 1); + RSA_sign(NID_sha1, digest, ndig, signature, &nsig, client_rsa); |