From: Marek Vasut <marex@denx.de>
To: openembedded-devel@lists.openembedded.org
Cc: raj.khem@gmail.com, Marek Vasut <marex@denx.de>,
Alexander Kanavin <alex@linutronix.de>
Subject: [meta-oe][dunfell][PATCH 4/5] freerdp: Upgrade 2.3.0 -> 2.4.1
Date: Tue, 11 Jan 2022 23:47:13 +0100 [thread overview]
Message-ID: <20220111224714.1289840-4-marex@denx.de> (raw)
In-Reply-To: <20220111224714.1289840-1-marex@denx.de>
Upgrade freerdp to latest stable 2.x version and drop
OpenSSL 3.x backports which are already upstream.
(cherry picked from commit 2b571a394acc3e006f0207c2152f3f895816c695)
Signed-off-by: Marek Vasut <marex@denx.de>
Cc: Alexander Kanavin <alex@linutronix.de>
Cc: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
CVE: CVE-2021-41159 CVE-2021-41160
---
CVEs added per https://lwn.net/Articles/876306/
---
...e-support-and-build-with-OpenSSL-3.0.patch | 43 -------------------
...d-calling-FIPS_mode-with-OpenSSL-3.0.patch | 28 ------------
.../{freerdp_2.3.0.bb => freerdp_2.4.1.bb} | 4 +-
3 files changed, 1 insertion(+), 74 deletions(-)
delete mode 100644 meta-oe/recipes-support/freerdp/freerdp/0001-Fix-FIPS-mode-support-and-build-with-OpenSSL-3.0.patch
delete mode 100644 meta-oe/recipes-support/freerdp/freerdp/0002-winpr-avoid-calling-FIPS_mode-with-OpenSSL-3.0.patch
rename meta-oe/recipes-support/freerdp/{freerdp_2.3.0.bb => freerdp_2.4.1.bb} (94%)
diff --git a/meta-oe/recipes-support/freerdp/freerdp/0001-Fix-FIPS-mode-support-and-build-with-OpenSSL-3.0.patch b/meta-oe/recipes-support/freerdp/freerdp/0001-Fix-FIPS-mode-support-and-build-with-OpenSSL-3.0.patch
deleted file mode 100644
index 04fe644d4..000000000
--- a/meta-oe/recipes-support/freerdp/freerdp/0001-Fix-FIPS-mode-support-and-build-with-OpenSSL-3.0.patch
+++ /dev/null
@@ -1,43 +0,0 @@
-From f703b1184229796d504a2e833f72ace4cc605d15 Mon Sep 17 00:00:00 2001
-From: Ondrej Holy <oholy@redhat.com>
-Date: Wed, 12 May 2021 12:48:15 +0200
-Subject: [PATCH 1/2] Fix FIPS mode support and build with OpenSSL 3.0
-
-FreeRDP fails to build with OpenSSL 3.0 because of usage of the `FIPS_mode`
-and `FIPS_mode_set` functions, which were removed there. Just a note that
-the FIPS mode is not supported by OpenSSL 1.1.* although the mentioned
-functions are still there (see https://wiki.openssl.org/index.php/FIPS_modules).
-Let's make FreeRDP build with OpenSSL 3.0 and fix the FIPS mode support.
-
-See: https://bugzilla.redhat.com/show_bug.cgi?id=1952937
-Upstream-Status: Backport
-Signed-off-by: Alexander Kanavin <alex@linutronix.de>
----
- winpr/libwinpr/utils/ssl.c | 8 ++++++++
- 1 file changed, 8 insertions(+)
-
-diff --git a/winpr/libwinpr/utils/ssl.c b/winpr/libwinpr/utils/ssl.c
-index 3a8590390..03b23af43 100644
---- a/winpr/libwinpr/utils/ssl.c
-+++ b/winpr/libwinpr/utils/ssl.c
-@@ -244,9 +244,17 @@ static BOOL winpr_enable_fips(DWORD flags)
- #else
- WLog_DBG(TAG, "Ensuring openssl fips mode is ENabled");
-
-+#if defined(OPENSSL_VERSION_MAJOR) && (OPENSSL_VERSION_MAJOR >= 3)
-+ if (!EVP_default_properties_is_fips_enabled(NULL))
-+#else
- if (FIPS_mode() != 1)
-+#endif
- {
-+#if defined(OPENSSL_VERSION_MAJOR) && (OPENSSL_VERSION_MAJOR >= 3)
-+ if (EVP_set_default_properties(NULL, "fips=yes"))
-+#else
- if (FIPS_mode_set(1))
-+#endif
- WLog_INFO(TAG, "Openssl fips mode ENabled!");
- else
- {
---
-2.20.1
-
diff --git a/meta-oe/recipes-support/freerdp/freerdp/0002-winpr-avoid-calling-FIPS_mode-with-OpenSSL-3.0.patch b/meta-oe/recipes-support/freerdp/freerdp/0002-winpr-avoid-calling-FIPS_mode-with-OpenSSL-3.0.patch
deleted file mode 100644
index 728638e15..000000000
--- a/meta-oe/recipes-support/freerdp/freerdp/0002-winpr-avoid-calling-FIPS_mode-with-OpenSSL-3.0.patch
+++ /dev/null
@@ -1,28 +0,0 @@
-From 4dbf108c0ae5e997d5c432f3da4b4c5fd7b35373 Mon Sep 17 00:00:00 2001
-From: Mike Gilbert <floppym@gentoo.org>
-Date: Sun, 1 Aug 2021 12:14:43 -0400
-Subject: [PATCH 2/2] winpr: avoid calling FIPS_mode() with OpenSSL 3.0
-
-Fixes: 26bf2816c3e0daeaf524c47cf0fcda8ae13b65ad
-Upstream-Status: Backport
-Signed-off-by: Alexander Kanavin <alex@linutronix.de>
----
- winpr/libwinpr/utils/ssl.c | 2 ++
- 1 file changed, 2 insertions(+)
-
-diff --git a/winpr/libwinpr/utils/ssl.c b/winpr/libwinpr/utils/ssl.c
-index 03b23af43..74ef156e7 100644
---- a/winpr/libwinpr/utils/ssl.c
-+++ b/winpr/libwinpr/utils/ssl.c
-@@ -364,6 +364,8 @@ BOOL winpr_FIPSMode(void)
- {
- #if (OPENSSL_VERSION_NUMBER < 0x10001000L) || defined(LIBRESSL_VERSION_NUMBER)
- return FALSE;
-+#elif defined(OPENSSL_VERSION_MAJOR) && (OPENSSL_VERSION_MAJOR >= 3)
-+ return (EVP_default_properties_is_fips_enabled(NULL) == 1);
- #else
- return (FIPS_mode() == 1);
- #endif
---
-2.20.1
-
diff --git a/meta-oe/recipes-support/freerdp/freerdp_2.3.0.bb b/meta-oe/recipes-support/freerdp/freerdp_2.4.1.bb
similarity index 94%
rename from meta-oe/recipes-support/freerdp/freerdp_2.3.0.bb
rename to meta-oe/recipes-support/freerdp/freerdp_2.4.1.bb
index 57170f68a..7ea7b71ef 100644
--- a/meta-oe/recipes-support/freerdp/freerdp_2.3.0.bb
+++ b/meta-oe/recipes-support/freerdp/freerdp_2.4.1.bb
@@ -13,11 +13,9 @@ inherit pkgconfig cmake gitpkgv
PE = "1"
PKGV = "${GITPKGVTAG}"
-SRCREV = "14c7f7aed7dd4e2454ee0cd81028b9f790885021"
+SRCREV = "d39a7ba5c38e3ba3b99b1558dc2ab0970cbfb0c5"
SRC_URI = "git://github.com/FreeRDP/FreeRDP.git;branch=stable-2.0;protocol=https \
file://winpr-makecert-Build-with-install-RPATH.patch \
- file://0001-Fix-FIPS-mode-support-and-build-with-OpenSSL-3.0.patch \
- file://0002-winpr-avoid-calling-FIPS_mode-with-OpenSSL-3.0.patch \
"
S = "${WORKDIR}/git"
--
2.34.1
next prev parent reply other threads:[~2022-01-11 22:47 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-01-11 22:47 [meta-oe][dunfell][PATCH 1/5] freerdp: Upgrade to 2.2.0 Marek Vasut
2022-01-11 22:47 ` [meta-oe][dunfell][PATCH 2/5] freerdp: Upgrade 2.2.0 -> 2.3.0 Marek Vasut
2022-01-11 22:47 ` [meta-oe][dunfell][PATCH 3/5] freerdp: backport openssl 3.x patches Marek Vasut
2022-01-12 4:43 ` [oe] " akuster808
2022-01-12 4:59 ` Marek Vasut
2022-01-11 22:47 ` Marek Vasut [this message]
2022-01-11 22:47 ` [meta-oe][dunfell][PATCH 5/5] freerdp: Add missing libusb1 dependency Marek Vasut
2022-01-12 4:42 ` [oe] [meta-oe][dunfell][PATCH 1/5] freerdp: Upgrade to 2.2.0 akuster808
2022-01-12 4:57 ` Marek Vasut
2022-01-15 13:43 ` akuster808
2022-01-15 15:45 ` Marek Vasut
[not found] ` <47b66e62-0682-38c7-6c03-a53427fdf4d9@gmail.com>
2022-01-16 18:21 ` Marek Vasut
2022-01-17 17:34 ` Marta Rybczynska
2022-01-17 22:21 ` Marek Vasut
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20220111224714.1289840-4-marex@denx.de \
--to=marex@denx.de \
--cc=alex@linutronix.de \
--cc=openembedded-devel@lists.openembedded.org \
--cc=raj.khem@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.