Date: Wed, 04 Jan 2023 03:01:38 +0000 From: bugzilla-noreply@freebsd.org To: ports-bugs@FreeBSD.org Subject: [Bug 264528] net/freerdp: NLA fails to connect through gateway after 13.1 upgrade: rdg_process_close_packet:freerdp_set_last_error_ex E_PROXY_INTERNALERROR [0x800759D8] Message-ID: <bug-264528-7788-zKT6Tomdko@https.bugs.freebsd.org/bugzilla/> In-Reply-To: <bug-264528-7788@https.bugs.freebsd.org/bugzilla/> References: <bug-264528-7788@https.bugs.freebsd.org/bugzilla/>
next in thread | previous in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D264528 --- Comment #19 from alt2600@icloud.com --- (In reply to VVD from comment #17) Specifically on my 13.0 box that works, with version 2.7.0 when I posted the bug report, I will not upgraded the only thing that allows my connections f= or remote work, versus 13.1 both report the same. Not even sure it would even build the new ones without fighting ports not necessarily supporting 13.0 anymore, and again, not messing with my money maker. > RequestedProtocols: 3 > =E2=80=A6 > selected_protocol: 2 also, on the 2.9.0 upgrade on my 13.1 box I noticed upstream noted in their repos notes on this patch to 2.9.0 some new options to have freerdp use and internal version of the hmac hashes for md4 and md5 which are needed by rdp= but maybe no longer enabled in our openssl because they are cracked algorithms. WITH_INTERNAL_MD5 and WITH_INTERNAL_MD4 cmake variables in the winpr sub-project cmake files in WRKSRC. I would post the patch that enabled them= as options, but despite confirming they were seen in the CMakeCache.txt for the BUILD dir, they made no seeming difference. I got the same failed connection message about internal error when I tried to use that version. I had hoped = for the Christmas Miracle the day ahead of some remote work being allowed for t= he holidays, but it woudn't connect. I did notice that we seem to be enabling WITH_MBEDTLS but that gets disabled when using openssl which is also enable= d in the CMAKEARGS, similarly WITH_OPENSLES per configure: -- Finding required feature OpenSSL for cryptography (encryption, certifica= te validation, hashing functions) -- Found OpenSSL: /usr/lib/libssl.so;/usr/lib/libcrypto.so (found version "1.1.1o")=20 -- Skipping optional feature MbedTLS for cryptography (encryption, certific= ate validation, hashing functions) -- Enable feature MbedTLS using "-DWITH_MBEDTLS=3DON" -- Skipping optional feature OpenSLES for multimedia (OpenSLES audio / vide= o) -- Enable feature OpenSLES using "-DWITH_OPENSLES=3DON" note sure on the MBEDTLS or why it wouldn't be used, but i do have it installed, but I do not have opensles seemingly installed so maybe cmake is= nt finding those libraries when built in the wild? Not sure what they do exact= ly, but they are in the default CMAKEARGS for the port to be turned on. I just assume this needs basic openssl, but after going back to the office basic f= ull time excepting the holidays, I haven't put a lot into testing this much more except when I see the new releases in ports. ### attempted use patch I don't know it would be good to attach because it didn't work so I put it inline here. Ignore the bits on OS version checking, and the bits where it took way to much effort for me to make CMake add the option to the cache and process its use in the project, reasons to clean the patch up before I attach too. I had sought to make it auto enable the optio= n if it was a 13.1 system or newer, but that code never worked so I left them as knobs, which seemed to not help the situation out in my case. Not sure they matter as the 2.7.0 version in the old ports tree on my RDP connection VM h= as the same message in configure of not actually using them, or maybe no speci= fic pieces of those. I only mention since this is loosly connected to ssl, so m= aybe no issue at all. Did not try turning off OpenSSL leaving those set, and try= ing the internal md4 & md5 methods that do the hmac algorithm for them as neede= d by rdp protocol.=20 diff --git a/net/freerdp/Makefile b/net/freerdp/Makefile index 8481edcbc6f1..c606e485c0f7 100644 --- a/net/freerdp/Makefile +++ b/net/freerdp/Makefile @@ -37,7 +37,7 @@ PLIST_SUB+=3D PATCHVERSION=3D"${PATCHVERSION}" PLIST_SUB+=3D MAJORVERSION=3D"${MAJORVERSION}" OPTIONS_DEFINE=3D ALSA BROKENFOCUS CUPS FAAC FAAD FFMPEG GSM GSTREAMER \ - ICU JPEG KERBEROS LAME MANPAGES OPENH264 PCSC \ + ICU INTERNALMD4 INTERNALMD5 JPEG KERBEROS LAME MANP= AGES OPENH264 PCSC \ PULSEAUDIO SOXR WAYLAND X11 OPTIONS_DEFAULT=3D CUPS GSTREAMER ICU KERBEROS MANPAGES SWSCALE WAYL= AND X11 OPTIONS_RADIO=3D SCALE @@ -84,6 +84,19 @@ GSTREAMER_LIB_DEPENDS=3D=20=20=20=20=20=20 libgstbase-1.0.so:multimedia/gstreamer1 ICU_LIB_DEPENDS=3D libicuuc.so:devel/icu ICU_CMAKE_BOOL=3D WITH_ICU +INTERNALMD4_DESC=3D Use Internal MD4 hashes instead of OpenSSL +#INTERNALMD4_CMAKE_ON=3D WITH_INTERNAL_MD4 +INTERNALMD4_CMAKE_BOOL=3D WITH_INTERNAL_MD4 +#INTERNALMD4_CONFIGURE_ENV+=3D WITH_INTERNAL_MD4 +#INTERNALMD4_CMAKE_ARGS+=3D -D WITH_INTERNAL_MD4:BOOL=3DON + +INTERNALMD5_DESC=3D Use Internal MD5 hashes instead of OpenSSL +#INTERNALMD5_CMAKE_ON=3D -DWITH_INTERNAL_MD5:BOOL=3DON +INTERNALMD5_CMAKE_BOOL=3D WITH_INTERNAL_MD5 +#INTERNALMD5_CONFIGURE_ENV+=3D WITH_INTERNAL_MD5 +#INTERNALMD5_CMAKE_ARGS+=3D -D WITH_INTERNAL_MD5:BOOL=3DON +#INTERNALMD5_CMAKE_ARGS+=3D -UWITH_INTERNAL_MD5 -DWITH_INTERNAL_MD5:B= OOL=3DON + JPEG_USES=3D jpeg JPEG_CMAKE_BOOL=3D WITH_JPEG @@ -141,6 +154,19 @@ X11_CMAKE_OFF=3D -DWITH_X11:BOOL=3DOFF -DWITH_XKBFILE:BOOL=3DOFF X11_USES=3D xorg X11_USE=3D=20=20=20=20=20=20=20=20=20=20=20=20=20=20 xorg=3Dx11,xcursor,xext,xorgproto,xfixes,xi,xinerama,xkbfile,xrandr,xrender= ,xv +# Detect freebsd 1301000 and autoenable INTERNALMD4 and INTERNALMD5 for gateway support +# Work around rdp using bad legacy hash algorithms and OpenSSL not enabling them on >13.1 +#.include <bsd.port.options.mk> +#.if ${OPSYS} =3D=3D FreeBSD && ${OSVERSION} >=3D 1301000 +#.if empty(PORT_OPTIONS:MINTERNALMD4) && empty(PORT_OPTIONS:MINTERNALMD5) +#BROKEN=3D NLS support requires QT4 frontend. Run 'make config' ag= ain! +#.endif +#OPTIONS_SET+=3D INTERNALMD4 INTERNALMD5 +#INTERNALMD4=3D ON +#INTERNALMD5=3D ON +#.endif + + post-patch: @${REINPLACE_CMD} -e 's|gsm/gsm.h|gsm.h|' \ ${WRKSRC}/cmake/FindGSM.cmake \ @@ -150,4 +176,5 @@ pre-configure: ${CP} ${FILESDIR}/mntent.h ${WRKSRC}/rdtk/include ${CP} ${FILESDIR}/mntent_compat.c ${WRKSRC}/channels/rdpdr/client + .include <bsd.port.mk> --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-264528-7788-zKT6Tomdko>