Fix patch, build with openssl.

0001-transmission-build-against-openssl-1.1.0.patch

@@ -0,0 +1,124 @@
+From 1108498d2a1a9c47931f41b04f248616b29383d6 Mon Sep 17 00:00:00 2001
+From: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>
+Date: Mon, 5 Sep 2016 21:49:07 +0000
+Subject: [PATCH] transmission: build against openssl 1.1.0
+
+Signed-off-by: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>
+---
+ libtransmission/crypto-utils-openssl.c | 73 ++++++++++++++++++++++++++++++++--
+ 1 file changed, 69 insertions(+), 4 deletions(-)
+
+diff --git a/libtransmission/crypto-utils-openssl.c b/libtransmission/crypto-utils-openssl.c
+index 77a628bea..16a37b205 100644
+--- a/libtransmission/crypto-utils-openssl.c
++++ b/libtransmission/crypto-utils-openssl.c
+@@ -230,6 +230,61 @@ tr_rc4_process (tr_rc4_ctx_t   handle,
+ ****
+ ***/
+ 
++#if OPENSSL_VERSION_NUMBER < 0x10100000
++static inline int
++DH_set0_pqg (DH     * dh,
++             BIGNUM * p,
++             BIGNUM * q,
++             BIGNUM * g)
++{
++  /* If the fields p and g in d are NULL, the corresponding input
++   * parameters MUST be non-NULL.  q may remain NULL.
++   */
++  if ((dh->p == NULL && p == NULL)
++      || (dh->g == NULL && g == NULL))
++    return 0;
++
++  if (p != NULL) {
++    BN_free (dh->p);
++    dh->p = p;
++  }
++  if (q != NULL) {
++    BN_free (dh->q);
++    dh->q = q;
++  }
++  if (g != NULL) {
++    BN_free (dh->g);
++    dh->g = g;
++  }
++
++  if (q != NULL) {
++    dh->length = BN_num_bits (q);
++  }
++
++  return 1;
++}
++
++static inline int
++DH_set_length (DH   * dh,
++               long   length)
++{
++	dh->length = length;
++	return 1;
++}
++
++static inline void
++DH_get0_key(const DH      * dh,
++            const BIGNUM ** pub_key,
++            const BIGNUM ** priv_key)
++{
++  if (pub_key != NULL)
++    *pub_key = dh->pub_key;
++  if (priv_key != NULL)
++    *priv_key = dh->priv_key;
++}
++
++#endif
++
+ tr_dh_ctx_t
+ tr_dh_new (const uint8_t * prime_num,
+            size_t          prime_num_length,
+@@ -237,13 +292,19 @@ tr_dh_new (const uint8_t * prime_num,
+            size_t          generator_num_length)
+ {
+   DH * handle = DH_new ();
++  BIGNUM * p, * g;
+ 
+   assert (prime_num != NULL);
+   assert (generator_num != NULL);
++  p = BN_bin2bn (prime_num, prime_num_length, NULL);
++  g = BN_bin2bn (generator_num, generator_num_length, NULL);
+ 
+-  if (!check_pointer (handle->p = BN_bin2bn (prime_num, prime_num_length, NULL)) ||
+-      !check_pointer (handle->g = BN_bin2bn (generator_num, generator_num_length, NULL)))
++  if (!check_pointer (p) ||
++      !check_pointer (g) ||
++      !DH_set0_pqg (handle, p, NULL, g))
+     {
++      BN_free (p);
++      BN_free (g);
+       DH_free (handle);
+       handle = NULL;
+     }
+@@ -268,16 +329,20 @@ tr_dh_make_key (tr_dh_ctx_t   raw_handle,
+ {
+   DH * handle = raw_handle;
+   int dh_size, my_public_key_length;
++  const BIGNUM * hand_pub_key;
+ 
+   assert (handle != NULL);
+   assert (public_key != NULL);
+ 
+-  handle->length = private_key_length * 8;
++
++  DH_set_length(handle, private_key_length * 8);
+ 
+   if (!check_result (DH_generate_key (handle)))
+     return false;
+ 
+-  my_public_key_length = BN_bn2bin (handle->pub_key, public_key);
++  DH_get0_key (handle, &hand_pub_key, NULL);
++
++  my_public_key_length = BN_bn2bin (hand_pub_key, public_key);
+   dh_size = DH_size (handle);
+ 
+   tr_dh_align_key (public_key, my_public_key_length, dh_size);
+-- 
+2.14.3
+

CVE-2018-5702.patch

@@ -25,33 +25,33 @@ Subject: [PATCH] mitigate dns rebinding attacks against daemon
  7 files changed, 121 insertions(+), 9 deletions(-)
 
 diff --git a/libtransmission/quark.c b/libtransmission/quark.c
-index 30cc2bca4..6de4bc221 100644
+index 30cc2bca4..b4fd7aabd 100644
 --- a/libtransmission/quark.c
 +++ b/libtransmission/quark.c
-@@ -297,6 +297,8 @@ static const struct tr_key_struct my_static[] =
+@@ -289,6 +289,8 @@ static const struct tr_key_struct my_static[] =
-   { "rpc-version-minimum", 19 },
+   { "rpc-authentication-required", 27 },
-   { "rpc-whitelist", 13 },
+   { "rpc-bind-address", 16 },
-   { "rpc-whitelist-enabled", 21 },
+   { "rpc-enabled", 11 },
 +  { "rpc-host-whitelist", 18 },
 +  { "rpc-host-whitelist-enabled", 26 },
-   { "scrape", 6 },
+   { "rpc-password", 12 },
-   { "scrape-paused-torrents-enabled", 30 },
+   { "rpc-port", 8 },
-   { "scrapeState", 11 },
+   { "rpc-url", 7 },
 diff --git a/libtransmission/quark.h b/libtransmission/quark.h
-index 7f5212733..21723dea9 100644
+index 7f5212733..17464be8f 100644
 --- a/libtransmission/quark.h
 +++ b/libtransmission/quark.h
-@@ -299,6 +299,8 @@ enum
+@@ -291,6 +291,8 @@ enum
-   TR_KEY_rpc_version_minimum,
+   TR_KEY_rpc_authentication_required,
-   TR_KEY_rpc_whitelist,
+   TR_KEY_rpc_bind_address,
-   TR_KEY_rpc_whitelist_enabled,
+   TR_KEY_rpc_enabled,
 +  TR_KEY_rpc_host_whitelist,
 +  TR_KEY_rpc_host_whitelist_enabled,
-   TR_KEY_scrape,
+   TR_KEY_rpc_password,
-   TR_KEY_scrape_paused_torrents_enabled,
+   TR_KEY_rpc_port,
-   TR_KEY_scrapeState,
+   TR_KEY_rpc_url,
 diff --git a/libtransmission/rpc-server.c b/libtransmission/rpc-server.c
-index a3485f3fa..a048dc8aa 100644
+index a3485f3fa..292cd5fce 100644
 --- a/libtransmission/rpc-server.c
 +++ b/libtransmission/rpc-server.c
 @@ -52,6 +52,7 @@ struct tr_rpc_server
@@ -84,6 +84,10 @@ index a3485f3fa..a048dc8aa 100644
 +
 +    char const* const host = evhttp_find_header(req->input_headers, "Host");
 +
++    // If whitelist is disabled, no restrictions.
++    if (!server->isHostWhitelistEnabled)
++        return true;
++
 +    /* No host header, invalid request. */
 +    if (host == NULL)
 +    {
@@ -101,17 +105,13 @@ index a3485f3fa..a048dc8aa 100644
 +    }
 +
 +    /* Otherwise, hostname must be whitelisted. */
-+    if (server->isHostWhitelistEnabled)
++    for (tr_list* l = server->hostWhitelist; l != NULL; l = l->next) {
-+    {
-+        for (tr_list* l = server->hostWhitelist; l != NULL; l = l->next)
-+        {
 +        if (tr_wildmat(hostname, l->data))
 +        {
 +            tr_free(hostname);
 +            return true;
 +        }
 +    }
-+    }
 +
 +    tr_free(hostname);
 +    return false;

transmission.spec

@@ -2,7 +2,7 @@
 
 Name:           transmission
 Version:        2.92
-Release:        11%{?dist}
+Release:        12%{?dist}
 Summary:        A lightweight GTK+ BitTorrent client
 # See COPYING. This licensing situation is... special.
 License:        MIT and GPLv2
@@ -16,8 +16,10 @@ Patch1:		transmission-libsystemd.patch
 Patch2:		transmission-fdlimits.patch
 # https://github.com/transmission/transmission/pull/468
 Patch3:		CVE-2018-5702.patch
+# Cherry-picked from upstream
+Patch4:		0001-transmission-build-against-openssl-1.1.0.patch
 
-BuildRequires:  compat-openssl10-devel >= 0.9.4
+BuildRequires:  openssl-devel >= 1.1.0
 BuildRequires:  glib2-devel >= 2.32.0
 BuildRequires:  gtk3-devel >= 3.2.0
 BuildRequires:  libnotify-devel >= 0.4.3
@@ -97,6 +99,7 @@ exit 0
 %patch1 -p0
 %patch2 -p0
 %patch3 -p1
+%patch4 -p1
 
 # fix icon location for Transmission Qt
 sed -i 's|Icon=%{name}-qt|Icon=%{name}|g' qt/%{name}-qt.desktop
@@ -121,6 +124,9 @@ pushd qt
 	make %{?_smp_mflags}
 popd
 
+%check
+make %{?_smp_mflags} check
+
 %install
 mkdir -p %{buildroot}%{_unitdir}
 install -m0644 daemon/transmission-daemon.service  %{buildroot}%{_unitdir}/
@@ -232,6 +238,10 @@ EOF
 %doc %{_mandir}/man1/transmission-qt.*
 
 %changelog
+* Tue Jan 23 2018 Gwyn Ciesla <limburgher@gmail.com> - 2.92-12
+- Patch for openssl 1.1.x
+- Corrected CVE-2018-5702 patch.
+
 * Tue Jan 16 2018 Peter Robinson <pbrobinson@fedoraproject.org> 2.92-11
 - Upstream fix for CVE-2018-5702 (Mitigate dns rebinding attacks against daemon)