From nobody Wed Jan 04 03:01:38 2023 X-Original-To: ports-bugs@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4NmvWl4G77z2qst9 for ; Wed, 4 Jan 2023 03:01:39 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4NmvWl3BPhz3w49 for ; Wed, 4 Jan 2023 03:01:39 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1672801299; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=CEoq8BOstmV09ORAcuNI27uvWrYVwyMpfv0ol3ew2LI=; b=RSjqcT8t/NRaqiIaa+R0H8JRl39x5JCaltr5jV8VGi5xE/OIEI7Xnvq59e/6mks8S0VC1b sHmYBIQ0TNg6IvaZHT+xqxdI6dVs3dJ7CWSqO/Rx8IS2U35oedYjmeTtT73pQw6rQVQIlm QLR3OCYOnfuyw3f3JlDzE03RstZIuz5U5HA5rvyup9QnWCD9n6T/1yfcR2Ncff21Jm1WD9 aFdgLKS+1RJStL2GnknCmcxznNdxqS2qLUS6QfDlK9GZ7AQSuFp4n+eYpVMDfXA5nh+bRp wyt8VAWwGsa+MUhfNsToClukXAef7gANIjbMk89DoCidNLZ1r+zkh/izQCjERA== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1672801299; a=rsa-sha256; cv=none; b=LYF2VaPeIIugGzDc4rVSRPIAentEcSjtNO1hs0AFdo56yZ7QiJwlkAYE9bjgFo4dmJ94lI pmXQWK9uPITqVwJAijuogTxoCaZdoVNiDdgHfgeoTAdltWOzgrVNBYy//AFL6CEWsigvl5 TmP84Y66qXD7FGihTlFOXC/2xBTtA0RuINlGAqZG2xRYIqGzL5wpM0pyfRrSAo95Oss65O 5fL8AX1HFiOdJJbqW3QkUnj1Pf8NXl0Uus2hLYgqM0Nm7yW6aOJj+4pVYwx62PjoTKDvvo +VpYLxtgGlXnhaqcSPiwEmL5+thMPfBZFHn4MViPSBCXRgMOaiBv3rGPgk+BZw== Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4NmvWl2FRJzvhd for ; Wed, 4 Jan 2023 03:01:39 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id 30431dUC032654 for ; Wed, 4 Jan 2023 03:01:39 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id 30431duX032653 for ports-bugs@FreeBSD.org; Wed, 4 Jan 2023 03:01:39 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: ports-bugs@FreeBSD.org Subject: [Bug 264528] net/freerdp: NLA fails to connect through gateway after 13.1 upgrade: rdg_process_close_packet:freerdp_set_last_error_ex E_PROXY_INTERNALERROR [0x800759D8] Date: Wed, 04 Jan 2023 03:01:38 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Ports & Packages X-Bugzilla-Component: Individual Port(s) X-Bugzilla-Version: Latest X-Bugzilla-Keywords: needs-qa X-Bugzilla-Severity: Affects Only Me X-Bugzilla-Who: alt2600@icloud.com X-Bugzilla-Status: Open X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: ports-bugs@FreeBSD.org X-Bugzilla-Flags: maintainer-feedback? merge-quarterly? X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated List-Id: Ports bug reports List-Archive: https://lists.freebsd.org/archives/freebsd-ports-bugs List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-ports-bugs@freebsd.org X-BeenThere: freebsd-ports-bugs@freebsd.org MIME-Version: 1.0 X-ThisMailContainsUnwantedMimeParts: N https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D264528 --- Comment #19 from alt2600@icloud.com --- (In reply to VVD from comment #17) Specifically on my 13.0 box that works, with version 2.7.0 when I posted the bug report, I will not upgraded the only thing that allows my connections f= or remote work, versus 13.1 both report the same. Not even sure it would even build the new ones without fighting ports not necessarily supporting 13.0 anymore, and again, not messing with my money maker. > RequestedProtocols: 3 > =E2=80=A6 > selected_protocol: 2 also, on the 2.9.0 upgrade on my 13.1 box I noticed upstream noted in their repos notes on this patch to 2.9.0 some new options to have freerdp use and internal version of the hmac hashes for md4 and md5 which are needed by rdp= but maybe no longer enabled in our openssl because they are cracked algorithms. WITH_INTERNAL_MD5 and WITH_INTERNAL_MD4 cmake variables in the winpr sub-project cmake files in WRKSRC. I would post the patch that enabled them= as options, but despite confirming they were seen in the CMakeCache.txt for the BUILD dir, they made no seeming difference. I got the same failed connection message about internal error when I tried to use that version. I had hoped = for the Christmas Miracle the day ahead of some remote work being allowed for t= he holidays, but it woudn't connect. I did notice that we seem to be enabling WITH_MBEDTLS but that gets disabled when using openssl which is also enable= d in the CMAKEARGS, similarly WITH_OPENSLES per configure: -- Finding required feature OpenSSL for cryptography (encryption, certifica= te validation, hashing functions) -- Found OpenSSL: /usr/lib/libssl.so;/usr/lib/libcrypto.so (found version "1.1.1o")=20 -- Skipping optional feature MbedTLS for cryptography (encryption, certific= ate validation, hashing functions) -- Enable feature MbedTLS using "-DWITH_MBEDTLS=3DON" -- Skipping optional feature OpenSLES for multimedia (OpenSLES audio / vide= o) -- Enable feature OpenSLES using "-DWITH_OPENSLES=3DON" note sure on the MBEDTLS or why it wouldn't be used, but i do have it installed, but I do not have opensles seemingly installed so maybe cmake is= nt finding those libraries when built in the wild? Not sure what they do exact= ly, but they are in the default CMAKEARGS for the port to be turned on. I just assume this needs basic openssl, but after going back to the office basic f= ull time excepting the holidays, I haven't put a lot into testing this much more except when I see the new releases in ports. ### attempted use patch I don't know it would be good to attach because it didn't work so I put it inline here. Ignore the bits on OS version checking, and the bits where it took way to much effort for me to make CMake add the option to the cache and process its use in the project, reasons to clean the patch up before I attach too. I had sought to make it auto enable the optio= n if it was a 13.1 system or newer, but that code never worked so I left them as knobs, which seemed to not help the situation out in my case. Not sure they matter as the 2.7.0 version in the old ports tree on my RDP connection VM h= as the same message in configure of not actually using them, or maybe no speci= fic pieces of those. I only mention since this is loosly connected to ssl, so m= aybe no issue at all. Did not try turning off OpenSSL leaving those set, and try= ing the internal md4 & md5 methods that do the hmac algorithm for them as neede= d by rdp protocol.=20 diff --git a/net/freerdp/Makefile b/net/freerdp/Makefile index 8481edcbc6f1..c606e485c0f7 100644 --- a/net/freerdp/Makefile +++ b/net/freerdp/Makefile @@ -37,7 +37,7 @@ PLIST_SUB+=3D PATCHVERSION=3D"${PATCHVERSION}" PLIST_SUB+=3D MAJORVERSION=3D"${MAJORVERSION}" OPTIONS_DEFINE=3D ALSA BROKENFOCUS CUPS FAAC FAAD FFMPEG GSM GSTREAMER \ - ICU JPEG KERBEROS LAME MANPAGES OPENH264 PCSC \ + ICU INTERNALMD4 INTERNALMD5 JPEG KERBEROS LAME MANP= AGES OPENH264 PCSC \ PULSEAUDIO SOXR WAYLAND X11 OPTIONS_DEFAULT=3D CUPS GSTREAMER ICU KERBEROS MANPAGES SWSCALE WAYL= AND X11 OPTIONS_RADIO=3D SCALE @@ -84,6 +84,19 @@ GSTREAMER_LIB_DEPENDS=3D=20=20=20=20=20=20 libgstbase-1.0.so:multimedia/gstreamer1 ICU_LIB_DEPENDS=3D libicuuc.so:devel/icu ICU_CMAKE_BOOL=3D WITH_ICU +INTERNALMD4_DESC=3D Use Internal MD4 hashes instead of OpenSSL +#INTERNALMD4_CMAKE_ON=3D WITH_INTERNAL_MD4 +INTERNALMD4_CMAKE_BOOL=3D WITH_INTERNAL_MD4 +#INTERNALMD4_CONFIGURE_ENV+=3D WITH_INTERNAL_MD4 +#INTERNALMD4_CMAKE_ARGS+=3D -D WITH_INTERNAL_MD4:BOOL=3DON + +INTERNALMD5_DESC=3D Use Internal MD5 hashes instead of OpenSSL +#INTERNALMD5_CMAKE_ON=3D -DWITH_INTERNAL_MD5:BOOL=3DON +INTERNALMD5_CMAKE_BOOL=3D WITH_INTERNAL_MD5 +#INTERNALMD5_CONFIGURE_ENV+=3D WITH_INTERNAL_MD5 +#INTERNALMD5_CMAKE_ARGS+=3D -D WITH_INTERNAL_MD5:BOOL=3DON +#INTERNALMD5_CMAKE_ARGS+=3D -UWITH_INTERNAL_MD5 -DWITH_INTERNAL_MD5:B= OOL=3DON + JPEG_USES=3D jpeg JPEG_CMAKE_BOOL=3D WITH_JPEG @@ -141,6 +154,19 @@ X11_CMAKE_OFF=3D -DWITH_X11:BOOL=3DOFF -DWITH_XKBFILE:BOOL=3DOFF X11_USES=3D xorg X11_USE=3D=20=20=20=20=20=20=20=20=20=20=20=20=20=20 xorg=3Dx11,xcursor,xext,xorgproto,xfixes,xi,xinerama,xkbfile,xrandr,xrender= ,xv +# Detect freebsd 1301000 and autoenable INTERNALMD4 and INTERNALMD5 for gateway support +# Work around rdp using bad legacy hash algorithms and OpenSSL not enabling them on >13.1 +#.include +#.if ${OPSYS} =3D=3D FreeBSD && ${OSVERSION} >=3D 1301000 +#.if empty(PORT_OPTIONS:MINTERNALMD4) && empty(PORT_OPTIONS:MINTERNALMD5) +#BROKEN=3D NLS support requires QT4 frontend. Run 'make config' ag= ain! +#.endif +#OPTIONS_SET+=3D INTERNALMD4 INTERNALMD5 +#INTERNALMD4=3D ON +#INTERNALMD5=3D ON +#.endif + + post-patch: @${REINPLACE_CMD} -e 's|gsm/gsm.h|gsm.h|' \ ${WRKSRC}/cmake/FindGSM.cmake \ @@ -150,4 +176,5 @@ pre-configure: ${CP} ${FILESDIR}/mntent.h ${WRKSRC}/rdtk/include ${CP} ${FILESDIR}/mntent_compat.c ${WRKSRC}/channels/rdpdr/client + .include --=20 You are receiving this mail because: You are the assignee for the bug.=