diff options
author | Marcell Meszaros | 2022-03-25 08:45:34 +0100 |
---|---|---|
committer | Marcell Meszaros | 2022-03-25 08:45:34 +0100 |
commit | cf01e7f6b51f027799569dd121d50583855122af (patch) | |
tree | 7a6eba8a8bef21ae468a378231e2345dfb9fc74f | |
parent | 9994e89cf68fa01ff131738927a402b43a616eb1 (diff) | |
download | aur-cf01e7f6b51f027799569dd121d50583855122af.tar.gz |
migrate to newer git source
-rw-r--r-- | .SRCINFO | 36 | ||||
-rw-r--r-- | .gitignore | 5 | ||||
-rw-r--r-- | 0001_fix-cmdline-parser.patch | 360 | ||||
-rw-r--r-- | 0002_handle-old-style-cmdline-options.patch | 64 | ||||
-rw-r--r-- | 0003_copy-data-when-adding-glyph-to-cache.patch | 106 | ||||
-rw-r--r-- | 0004_build-cmake-3.1-compatibility.patch | 78 | ||||
-rw-r--r-- | 0005_release-keys-when-xfreerdp-is-unfocused-to-prevent-s.patch | 42 | ||||
-rw-r--r-- | 0006_fix-null-cert-that-is-not-an-error.patch | 29 | ||||
-rw-r--r-- | 0007_Fix-build-failure-on-x32.patch | 32 | ||||
-rw-r--r-- | 0008-Fix-multiple-security-issues.patch | 756 | ||||
-rw-r--r-- | 0009-enable-TLS-12.patch | 38 | ||||
-rw-r--r-- | CVE-2014-0791.patch | 24 | ||||
-rw-r--r-- | CVE-2018-8786.patch | 25 | ||||
-rw-r--r-- | CVE-2018-8787.patch | 51 | ||||
-rw-r--r-- | CVE-2018-8788.patch | 352 | ||||
-rw-r--r-- | CVE-2018-8789.patch | 27 | ||||
-rw-r--r-- | PKGBUILD | 154 |
17 files changed, 67 insertions, 2112 deletions
@@ -1,12 +1,11 @@ pkgbase = freerdp-1.1.0 - pkgdesc = Free RDP client version 1.1.0 with patches applied by Canonical for Ubuntu bionic version of package + pkgdesc = RDP client legacy version 1.1.0 with patches from Ubuntu Bionic (18.04 LTS) pkgver = 1.1.0 pkgrel = 2 url = http://freerdp.sourceforge.net arch = i686 arch = x86_64 license = GPL - makedepends = git makedepends = krb5 makedepends = cmake makedepends = xorgproto @@ -26,16 +25,7 @@ pkgbase = freerdp-1.1.0 provides = freerdp conflicts = freerdp conflicts = freerdp-git - source = git+https://github.com/FreeRDP/FreeRDP.git#commit=440916eae2e07463912d5fe507677e67096eb083 - source = 0001_fix-cmdline-parser.patch - source = 0002_handle-old-style-cmdline-options.patch - source = 0003_copy-data-when-adding-glyph-to-cache.patch - source = 0004_build-cmake-3.1-compatibility.patch - source = 0005_release-keys-when-xfreerdp-is-unfocused-to-prevent-s.patch - source = 0006_fix-null-cert-that-is-not-an-error.patch - source = 0007_Fix-build-failure-on-x32.patch - source = 0008-Fix-multiple-security-issues.patch - source = 0009-enable-TLS-12.patch + source = FreeRDP-1.1.0-590fa7dbf6ecab58fb70dd57ef6d3ecfdbfc3c4f.tar.gz::https://github.com/FreeRDP/FreeRDP/archive/590fa7dbf6ecab58fb70dd57ef6d3ecfdbfc3c4f.tar.gz source = 1001_hide-internal-symbols.patch source = 1002_update-pkg-config-file.patch source = 1003_multi-arch-include-path.patch @@ -50,22 +40,8 @@ pkgbase = freerdp-1.1.0 source = 1012_typo-fix.patch source = 1013_aligned_meminfo_alignment.patch source = 2001_detect-ffmpeg-on-Debian.patch - source = CVE-2014-0791.patch - source = CVE-2018-8786.patch - source = CVE-2018-8787.patch - source = CVE-2018-8788.patch - source = CVE-2018-8789.patch source = tsmf_ffmpeg.patch - md5sums = SKIP - md5sums = fac4007e3e7c23b97f93c705d3f2b318 - md5sums = b07a139fb9fe6bb58fce28cb6652ad5b - md5sums = 685b9b4ec76e05e21c4c0139ff799424 - md5sums = 7ad9df81edee2b0f50b31c632ed3115e - md5sums = ef594eee59363853c344ec264127dffe - md5sums = 68be4cb0387223439304dbb8260c8f10 - md5sums = 7355210711d6b31eef62cca6dcfb47b3 - md5sums = e6f05798bcd88dedc4088c33ce0550e8 - md5sums = a2b13ddd61b21457493321d6cb2fdea3 + md5sums = 1dd186838d20d757822c2daec959b7a3 md5sums = 4b234f9fd511784b5afc8b509f2a55ca md5sums = e2e046945d90738180a0a74ed1f5716e md5sums = f8ffb6e5892a9f4779035a643c28a69b @@ -80,12 +56,6 @@ pkgbase = freerdp-1.1.0 md5sums = 7c373a53c8506fd14c836c45bbeefddd md5sums = 9d1d6b827a0d6b3f8fa308b85e6917bc md5sums = 1fcc55173b3921698b711cccc9b6594a - md5sums = 30ce3d4083ac14ca1e2d77980a0f1af7 - md5sums = d698f5e4e65363c8a0afc6f8c3375c09 - md5sums = eb5c448d229d5e7825e2cfc6a6bea8e5 - md5sums = 5d3b8f0eb6f7c14cadc8006fd2f396ee - md5sums = 39e69a6d8932a45769f24a0c5c99e1ec md5sums = ce69a20d193e9aec0a2dedd55253405f pkgname = freerdp-1.1.0 - diff --git a/.gitignore b/.gitignore new file mode 100644 index 000000000000..7334925ab911 --- /dev/null +++ b/.gitignore @@ -0,0 +1,5 @@ +* +!.gitignore +!.SRCINFO +!PKGBUILD +!*.patch diff --git a/0001_fix-cmdline-parser.patch b/0001_fix-cmdline-parser.patch deleted file mode 100644 index 824c5ba2a9c9..000000000000 --- a/0001_fix-cmdline-parser.patch +++ /dev/null @@ -1,360 +0,0 @@ -Description: Command line parser fixes. -Author: Bernhard Miklautz <bernhard.miklautz@shacknet.at> -Abstract: - The command line parser had serveral problems when old style syntax - was used. - -diff --git a/client/common/cmdline.c b/client/common/cmdline.c -index 3d0cc2d..34064ea 100644 ---- a/client/common/cmdline.c -+++ b/client/common/cmdline.c -@@ -421,7 +421,7 @@ char** freerdp_command_line_parse_comma_separated_values(char* list, int* count) - int index; - int nCommas; - -- nArgs = nCommas = 0; -+ nCommas = 0; - - for (index = 0; list[index]; index++) - nCommas += (list[index] == ',') ? 1 : 0; -@@ -915,8 +915,13 @@ BOOL freerdp_client_detect_command_line(int argc, char** argv, DWORD* flags) - *flags |= COMMAND_LINE_SIGIL_DASH | COMMAND_LINE_SIGIL_DOUBLE_DASH; - *flags |= COMMAND_LINE_SIGIL_ENABLE_DISABLE; - -- if (windows_cli_count > posix_cli_count) -+ if (posix_cli_status <= COMMAND_LINE_STATUS_PRINT) -+ return compatibility; -+ -+ /* Check, if this may be windows style syntax... */ -+ if ((windows_cli_count && (windows_cli_count >= posix_cli_count)) || (windows_cli_status <= COMMAND_LINE_STATUS_PRINT)) - { -+ windows_cli_count = 1; - *flags = COMMAND_LINE_SEPARATOR_COLON; - *flags |= COMMAND_LINE_SIGIL_SLASH | COMMAND_LINE_SIGIL_PLUS_MINUS; - } -@@ -1020,8 +1025,7 @@ int freerdp_client_parse_command_line_arguments(int argc, char** argv, rdpSettin - freerdp_client_command_line_pre_filter, freerdp_client_command_line_post_filter); - } - -- -- arg = CommandLineFindArgumentA(args, "v"); -+ CommandLineFindArgumentA(args, "v"); - - arg = args; - -diff --git a/client/common/compatibility.c b/client/common/compatibility.c -index 788b413..c7177c2 100644 ---- a/client/common/compatibility.c -+++ b/client/common/compatibility.c -@@ -118,18 +118,25 @@ void freerdp_client_old_parse_hostname(char* str, char** ServerHostname, UINT32* - - int freerdp_client_old_process_plugin(rdpSettings* settings, ADDIN_ARGV* args) - { -+ int args_handled = 0; - if (strcmp(args->argv[0], "cliprdr") == 0) - { -+ args_handled++; - settings->RedirectClipboard = TRUE; - fprintf(stderr, "--plugin cliprdr -> +clipboard\n"); - } - else if (strcmp(args->argv[0], "rdpdr") == 0) - { -+ args_handled++; -+ if (args->argc < 2) -+ return 1; -+ - if ((strcmp(args->argv[1], "disk") == 0) || - (strcmp(args->argv[1], "drive") == 0)) - { - freerdp_addin_replace_argument(args, "disk", "drive"); - freerdp_client_add_device_channel(settings, args->argc - 1, &args->argv[1]); -+ args_handled++; - } - else if (strcmp(args->argv[1], "printer") == 0) - { -@@ -152,15 +159,29 @@ int freerdp_client_old_process_plugin(rdpSettings* settings, ADDIN_ARGV* args) - } - else if (strcmp(args->argv[0], "drdynvc") == 0) - { -+ args_handled++; -+ if (args->argc < 2) -+ return args_handled; -+ - freerdp_client_add_dynamic_channel(settings, args->argc - 1, &args->argv[1]); - } - else if (strcmp(args->argv[0], "rdpsnd") == 0) - { -- freerdp_addin_replace_argument_value(args, args->argv[1], "sys", args->argv[1]); -+ args_handled++; -+ if (args->argc > 2) -+ { -+ args_handled++; -+ freerdp_addin_replace_argument_value(args, args->argv[1], "sys", args->argv[1]); -+ } - freerdp_client_add_static_channel(settings, args->argc, args->argv); - } - else if (strcmp(args->argv[0], "rail") == 0) - { -+ args_handled++; -+ if (args->argc < 2) -+ return 1; -+ -+ args_handled++; - settings->RemoteApplicationProgram = _strdup(args->argv[1]); - } - else -@@ -168,14 +189,12 @@ int freerdp_client_old_process_plugin(rdpSettings* settings, ADDIN_ARGV* args) - freerdp_client_add_static_channel(settings, args->argc, args->argv); - } - -- return 1; -+ return args_handled; - } - - int freerdp_client_old_command_line_pre_filter(void* context, int index, int argc, LPCSTR* argv) - { -- rdpSettings* settings; -- -- settings = (rdpSettings*) context; -+ rdpSettings* settings = (rdpSettings*) context; - - if (index == (argc - 1)) - { -@@ -191,6 +210,8 @@ int freerdp_client_old_command_line_pre_filter(void* context, int index, int arg - return -1; - } - freerdp_client_old_parse_hostname((char*) argv[index], &settings->ServerHostname, &settings->ServerPort); -+ -+ return 1; - } - else - { -@@ -215,20 +236,18 @@ int freerdp_client_old_command_line_pre_filter(void* context, int index, int arg - return -1; - - args = (ADDIN_ARGV*) malloc(sizeof(ADDIN_ARGV)); -- args->argv = (char**) malloc(sizeof(char*) * 5); -+ args->argv = (char**) calloc(argc, sizeof(char*)); - args->argc = 1; - -- args->argv[0] = _strdup(argv[t]); -- - if ((index < argc - 1) && strcmp("--data", argv[index + 1]) == 0) - { - i = 0; - index += 2; -- args->argc = 1; - - while ((index < argc) && (strcmp("--", argv[index]) != 0)) - { - args->argc = 1; -+ args->argv[0] = _strdup(argv[t]); - - for (j = 0, p = (char*) argv[index]; (j < 4) && (p != NULL); j++) - { -@@ -250,8 +269,12 @@ int freerdp_client_old_command_line_pre_filter(void* context, int index, int arg - - if (p != NULL) - { -- length = p - a; -- args->argv[j + 1] = malloc(length + 1); -+ p = strchr(p, ':'); -+ } -+ if (p != NULL) -+ { -+ length = (int) (p - a); -+ args->argv[j + 1] = (char*) malloc(length + 1); - CopyMemory(args->argv[j + 1], a, length); - args->argv[j + 1][length] = '\0'; - p++; -@@ -264,20 +287,33 @@ int freerdp_client_old_command_line_pre_filter(void* context, int index, int arg - args->argc++; - } - -- if (settings->instance) -+ if (settings) - { - freerdp_client_old_process_plugin(settings, args); - } -+ for (i = 0; i < args->argc; i++) -+ free(args->argv[i]); -+ memset(args->argv, 0, argc * sizeof(char*)); - -+ for (i = 0; i < args->argc; i++) -+ free(args->argv[i]); -+ memset(args->argv, 0, argc * sizeof(char*)); - index++; - i++; - } -- } else { -- if (settings->instance) -- { -- freerdp_client_old_process_plugin(settings, args); -- } - } -+ else -+ { -+ if (settings) -+ { -+ args->argv[0] = _strdup(argv[t]); -+ freerdp_client_old_process_plugin(settings, args); -+ free (args->argv[0]); -+ } -+ } -+ -+ free(args->argv); -+ free(args); - - return (index - old_index); - } -diff --git a/client/common/test/CMakeLists.txt b/client/common/test/CMakeLists.txt -index b68ac11..06c2c46 100644 ---- a/client/common/test/CMakeLists.txt -+++ b/client/common/test/CMakeLists.txt -@@ -6,7 +6,9 @@ set(${MODULE_PREFIX}_DRIVER ${MODULE_NAME}.c) - - set(${MODULE_PREFIX}_TESTS - TestClientRdpFile.c -- TestClientChannels.c) -+ TestClientChannels.c -+ TestClientCmdLine.c -+ ) - - create_test_sourcelist(${MODULE_PREFIX}_SRCS - ${${MODULE_PREFIX}_DRIVER} -@@ -15,11 +17,16 @@ create_test_sourcelist(${MODULE_PREFIX}_SRCS - add_executable(${MODULE_NAME} ${${MODULE_PREFIX}_SRCS}) - - set(${MODULE_PREFIX}_LIBS ${${MODULE_PREFIX}_LIBS} freerdp-client) -+set_complex_link_libraries(VARIABLE ${MODULE_PREFIX}_LIBS MONOLITHIC ${MONOLITHIC_BUILD} -+ MODULE freerdp -+ MODULES freerdp-core) - - target_link_libraries(${MODULE_NAME} ${${MODULE_PREFIX}_LIBS}) - - set_target_properties(${MODULE_NAME} PROPERTIES RUNTIME_OUTPUT_DIRECTORY "${TESTING_OUTPUT_DIRECTORY}") - -+ -+ - foreach(test ${${MODULE_PREFIX}_TESTS}) - get_filename_component(TestName ${test} NAME_WE) - add_test(${TestName} ${TESTING_OUTPUT_DIRECTORY}/${MODULE_NAME} ${TestName}) -diff --git a/client/common/test/TestClientCmdLine.c b/client/common/test/TestClientCmdLine.c -new file mode 100644 -index 0000000..66fb662 ---- /dev/null -+++ b/client/common/test/TestClientCmdLine.c -@@ -0,0 +1,113 @@ -+#include <freerdp/client.h> -+#include <freerdp/client/cmdline.h> -+#include <freerdp/settings.h> -+#include <winpr/cmdline.h> -+#include <winpr/spec.h> -+ -+#define TESTCASE(cmd, expected_return) status = freerdp_client_parse_command_line_arguments(ARRAYSIZE(cmd), cmd, settings); \ -+ if (status != expected_return) { \ -+ printf("Test argument %s failed\n", #cmd); \ -+ return -1; \ -+ } -+ -+#define TESTCASE_SUCCESS(cmd) status = freerdp_client_parse_command_line_arguments(ARRAYSIZE(cmd), cmd, settings); \ -+ if (status < 0) { \ -+ printf("Test argument %s failed\n", #cmd); \ -+ return -1; \ -+ } -+ -+int TestClientCmdLine(int argc, char* argv[]) -+{ -+ int status; -+ rdpSettings* settings = freerdp_settings_new(0); -+ -+ char* cmd1[] = {"xfreerdp", "--help"}; -+ TESTCASE(cmd1, COMMAND_LINE_STATUS_PRINT_HELP); -+ -+ char* cmd2[] = {"xfreerdp", "/help"}; -+ TESTCASE(cmd2, COMMAND_LINE_STATUS_PRINT_HELP); -+ -+ char* cmd3[] = {"xfreerdp", "-help"}; -+ TESTCASE(cmd3, COMMAND_LINE_STATUS_PRINT_HELP); -+ -+ char* cmd4[] = {"xfreerdp", "--version"}; -+ TESTCASE(cmd4, COMMAND_LINE_STATUS_PRINT_VERSION); -+ -+ char* cmd5[] = {"xfreerdp", "/version"}; -+ TESTCASE(cmd5, COMMAND_LINE_STATUS_PRINT_VERSION); -+ -+ char* cmd6[] = {"xfreerdp", "-version"}; -+ TESTCASE(cmd6, COMMAND_LINE_STATUS_PRINT_VERSION); -+ -+ char* cmd7[] = {"xfreerdp", "test.freerdp.com"}; -+ TESTCASE_SUCCESS(cmd7); -+ -+ char* cmd8[] = {"xfreerdp", "-v", "test.freerdp.com"}; -+ TESTCASE_SUCCESS(cmd8); -+ -+ char* cmd9[] = {"xfreerdp", "--v", "test.freerdp.com"}; -+ TESTCASE_SUCCESS(cmd9); -+ -+ char* cmd10[] = {"xfreerdp", "/v:test.freerdp.com"}; -+ TESTCASE_SUCCESS(cmd10); -+ -+ char* cmd11[] = {"xfreerdp", "--plugin", "rdpsnd", "--plugin", "rdpdr", "--data", "disk:media:/tmp", "--", "test.freerdp.com" }; -+ TESTCASE_SUCCESS(cmd11); -+ -+ char* cmd12[] = {"xfreerdp", "/sound", "/drive:media:/tmp", "/v:test.freerdp.com" }; -+ TESTCASE_SUCCESS(cmd12); -+ -+ // password gets overwritten therefore it need to be writeable -+ char* cmd13[6] = {"xfreerdp", "-u", "test", "-p", "test", "test.freerdp.com"}; -+ cmd13[4] = malloc(5); -+ strncpy(cmd13[4], "test", 4); -+ TESTCASE_SUCCESS(cmd13); -+ free(cmd13[4]); -+ -+ char* cmd14[] = {"xfreerdp", "-u", "test", "-p", "test", "-v", "test.freerdp.com"}; -+ cmd14[4] = malloc(5); -+ strncpy(cmd14[4], "test", 4); -+ TESTCASE_SUCCESS(cmd14); -+ free(cmd14[4]); -+ -+ char* cmd15[] = {"xfreerdp", "/u:test", "/p:test", "/v:test.freerdp.com"}; -+ cmd15[2] = malloc(7); -+ strncpy(cmd15[2], "/p:test", 6); -+ TESTCASE_SUCCESS(cmd15); -+ free(cmd15[2]); -+ -+#if 0 -+ char* cmd16[] = {"xfreerdp", "-invalid"}; -+ TESTCASE(cmd16, COMMAND_LINE_ERROR_NO_KEYWORD); -+ -+ char* cmd17[] = {"xfreerdp", "--invalid"}; -+ TESTCASE(cmd17, COMMAND_LINE_ERROR_NO_KEYWORD); -+#endif -+ -+ char* cmd18[] = {"xfreerdp", "/kbd-list"}; -+ TESTCASE(cmd18, COMMAND_LINE_STATUS_PRINT); -+ -+ char* cmd19[] = {"xfreerdp", "/monitor-list"}; -+ TESTCASE(cmd19, COMMAND_LINE_STATUS_PRINT); -+ -+ /* -+ * Faulty command misses -- after data and the data for disk is incorrect -+ * This tests was added because it caused a segfault -+ * The command line is "valid" but disk isn't initialized correctly -+ */ -+ char* cmd20[] = { "xfreerdp", "-g", "1920x1200", "-d", "domain", "-u", "username", "-D", "-a", "16", "--plugin", "rdpsnd", "--plugin", "rdpdr", "-data", "disk", "media", "/home/username/media/", "-x", "l", "--rfx", "--ignore-certificate", "--plugin", "cliprdr", "some.host.name.com"}; -+ TESTCASE_SUCCESS(cmd20); -+ -+ /* Command misses -- for data */ -+ char* cmd21[] = { "xfreerdp", "-g", "1920x1200", "-d", "domain", "-u", "username", "-D", "-a", "16", "--plugin", "rdpsnd", "--plugin", "rdpdr", "--data", "disk:media:/home/username/media/", "-x", "l", "--rfx", "--ignore-certificate", "--plugin", "cliprdr", "xxx"}; -+ TESTCASE_SUCCESS(cmd21); -+ if (settings->ServerHostname && !strcmp(settings->ServerHostname, "xxx")){ -+ printf("cmd21 problem - hostname shoudn't be set because -- is missing after data (status %d - %s)", status, settings->ServerHostname); -+ return -1; -+ } -+ char* cmd22[] = { "xfreerdp", "-g", "1920x1200", "-d", "domain", "-u", "username", "-D", "-a", "16", "--plugin", "rdpsnd", "--plugin", "rdpdr", "--data", "disk:media:/home/username/media/", "--", "-x", "l", "--rfx", "--ignore-certificate", "--plugin", "cliprdr", "some.host.name.com"}; -+ TESTCASE_SUCCESS(cmd22); -+ -+ return 0; -+} -+ diff --git a/0002_handle-old-style-cmdline-options.patch b/0002_handle-old-style-cmdline-options.patch deleted file mode 100644 index 6fdb52f7dd18..000000000000 --- a/0002_handle-old-style-cmdline-options.patch +++ /dev/null @@ -1,64 +0,0 @@ -From 85856224f63cd6e356a386f096156ff85e2f64e9 Mon Sep 17 00:00:00 2001 -From: Bernhard Miklautz <bernhard.miklautz@thincast.com> -Date: Tue, 10 Mar 2015 13:10:39 +0100 -Subject: [PATCH] settings: handle collection_add in detection case - -Command line detection is run with dummy settings where not everything -is allocated. Collections (device, dynamic channel and static -channel) didn't handle this case properly. - -(cherry picked from commit e9985c20938954f7df8f57b43c30c74c9d480dde) - -Conflicts: - client/common/test/TestClientCmdLine.c ---- - client/common/test/TestClientCmdLine.c | 5 +++++ - libfreerdp/common/settings.c | 9 +++++++++ - 2 files changed, 14 insertions(+) - ---- a/client/common/test/TestClientCmdLine.c -+++ b/client/common/test/TestClientCmdLine.c -@@ -108,6 +108,11 @@ - char* cmd22[] = { "xfreerdp", "-g", "1920x1200", "-d", "domain", "-u", "username", "-D", "-a", "16", "--plugin", "rdpsnd", "--plugin", "rdpdr", "--data", "disk:media:/home/username/media/", "--", "-x", "l", "--rfx", "--ignore-certificate", "--plugin", "cliprdr", "some.host.name.com"}; - TESTCASE_SUCCESS(cmd22); - -+#if 0 -+ char* cmd23[] = {"xfreerdp -z --plugin cliprdr --plugin rdpsnd --data alsa latency:100 -- --plugin rdpdr --data disk:w7share:/home/w7share -- --plugin drdynvc --data tsmf:decoder:gstreamer -- -u test host.example.com"}; -+ TESTCASE(cmd23, COMMAND_LINE_STATUS_PRINT); -+#endif -+ - return 0; - } - ---- a/libfreerdp/common/settings.c -+++ b/libfreerdp/common/settings.c -@@ -135,6 +135,9 @@ - - void freerdp_device_collection_add(rdpSettings* settings, RDPDR_DEVICE* device) - { -+ if (!settings->DeviceArray) -+ return; -+ - if (settings->DeviceArraySize < (settings->DeviceCount + 1)) - { - settings->DeviceArraySize *= 2; -@@ -204,6 +207,9 @@ - - void freerdp_static_channel_collection_add(rdpSettings* settings, ADDIN_ARGV* channel) - { -+ if (!settings->StaticChannelArray) -+ return; -+ - if (settings->StaticChannelArraySize < (settings->StaticChannelCount + 1)) - { - settings->StaticChannelArraySize *= 2; -@@ -252,6 +258,9 @@ - - void freerdp_dynamic_channel_collection_add(rdpSettings* settings, ADDIN_ARGV* channel) - { -+ if (!settings->DynamicChannelArray) -+ return; -+ - if (settings->DynamicChannelArraySize < (settings->DynamicChannelCount + 1)) - { - settings->DynamicChannelArraySize *= 2; diff --git a/0003_copy-data-when-adding-glyph-to-cache.patch b/0003_copy-data-when-adding-glyph-to-cache.patch deleted file mode 100644 index 8e553f4d112e..000000000000 --- a/0003_copy-data-when-adding-glyph-to-cache.patch +++ /dev/null @@ -1,106 +0,0 @@ -From daea54925b2e8c7606eb22e65ab6b2397306363b Mon Sep 17 00:00:00 2001 -From: Bernhard Miklautz <bmiklautz@thinstuff.at> -Date: Tue, 24 Sep 2013 23:25:18 +0200 -Subject: [PATCH] core/glyph: copy data when adding glyph to cache - -fixes #2439 - -(cherry picked from commit c99d9ee72bae06d19a15cce46eb4f3230a97f296) ---- - libfreerdp/cache/glyph.c | 15 +++++---------- - libfreerdp/core/orders.c | 4 ++-- - libfreerdp/core/update.c | 2 ++ - 3 files changed, 9 insertions(+), 12 deletions(-) - ---- a/libfreerdp/cache/glyph.c -+++ b/libfreerdp/cache/glyph.c -@@ -279,7 +279,7 @@ - if (y == -32768) - y = fast_glyph->bkTop; - -- if (fast_glyph->cbData > 1) -+ if (fast_glyph->cbData > 1 && NULL != fast_glyph->glyphData.aj) - { - /* got option font that needs to go into cache */ - glyph_data = &fast_glyph->glyphData; -@@ -290,7 +290,8 @@ - glyph->cx = glyph_data->cx; - glyph->cy = glyph_data->cy; - glyph->cb = glyph_data->cb; -- glyph->aj = glyph_data->aj; -+ glyph->aj = malloc(glyph_data->cb); -+ CopyMemory(glyph->aj, glyph_data->aj, glyph->cb); - Glyph_New(context, glyph); - - glyph_cache_put(cache->glyph, fast_glyph->cacheId, fast_glyph->data[0], glyph); -@@ -370,16 +371,14 @@ - - if (index > glyph_cache->glyphCache[id].number) - { -- fprintf(stderr, "invalid glyph cache index: %d in cache id: %d\n", index, id); -+ fprintf(stderr, "index %d out of range for cache id: %d\n", index, id); - return NULL; - } - - glyph = glyph_cache->glyphCache[id].entries[index]; - - if (glyph == NULL) -- { -- fprintf(stderr, "invalid glyph at cache index: %d in cache id: %d\n", index, id); -- } -+ fprintf(stderr, "no glyph found at cache index: %d in cache id: %d\n", index, id); - - return glyph; - } -@@ -420,9 +419,7 @@ - *size = (BYTE) glyph_cache->fragCache.entries[index].size; - - if (fragment == NULL) -- { - fprintf(stderr, "invalid glyph fragment at index:%d\n", index); -- } - - return fragment; - } -@@ -437,9 +434,7 @@ - glyph_cache->fragCache.entries[index].size = size; - - if (prevFragment != NULL) -- { - free(prevFragment); -- } - } - - void glyph_cache_register_callbacks(rdpUpdate* update) ---- a/libfreerdp/core/orders.c -+++ b/libfreerdp/core/orders.c -@@ -485,9 +485,7 @@ - Stream_Write_UINT8(s, byte); - } - else -- { - return FALSE; -- } - - return TRUE; - } -@@ -1670,6 +1668,8 @@ - if (Stream_GetRemainingLength(s) < glyph->cb) - return FALSE; - -+ if (glyph->aj) -+ free(glyph->aj); - glyph->aj = (BYTE*) malloc(glyph->cb); - Stream_Read(s, glyph->aj, glyph->cb); - } ---- a/libfreerdp/core/update.c -+++ b/libfreerdp/core/update.c -@@ -1596,6 +1596,8 @@ - - free(update->primary->polyline.points); - free(update->primary->polygon_sc.points); -+ if (NULL != update->primary->fast_glyph.glyphData.aj) -+ free(update->primary->fast_glyph.glyphData.aj); - free(update->primary); - - free(update->secondary); diff --git a/0004_build-cmake-3.1-compatibility.patch b/0004_build-cmake-3.1-compatibility.patch deleted file mode 100644 index 71df3ec5be16..000000000000 --- a/0004_build-cmake-3.1-compatibility.patch +++ /dev/null @@ -1,78 +0,0 @@ -From 1b663ceffe51008af7ae9749e5b7999b2f7d6698 Mon Sep 17 00:00:00 2001 -From: Bernhard Miklautz <bernhard.miklautz@shacknet.at> -Date: Fri, 12 Dec 2014 18:26:45 +0100 -Subject: [PATCH] build: cmake 3.1 compatibility - -* fix problem with REMOVE_DUPLICATES on undefined lists -* since 3.1 file(GLOB FILEPATHS RELATIVE .. returns single / instead of // as - previously - necessary adoptions for regex and matches done. Should - work with all cmake versions. - -Tested with 3.1.0-rc3 - -Origin: upstream, https://github.com/FreeRDP/FreeRDP/commit/1b663ceffe51008af7ae9749e5b7999b2f7d6698?diff=unified - -diff --git a/channels/CMakeLists.txt b/channels/CMakeLists.txt -index d9e8402..006e50f 100644 ---- a/channels/CMakeLists.txt -+++ b/channels/CMakeLists.txt -@@ -202,8 +202,8 @@ set(FILENAME "ChannelOptions.cmake") - file(GLOB FILEPATHS RELATIVE ${CMAKE_CURRENT_SOURCE_DIR} "*/${FILENAME}") - - foreach(FILEPATH ${FILEPATHS}) -- if(${FILEPATH} MATCHES "^([^/]*)//${FILENAME}") -- string(REGEX REPLACE "^([^/]*)//${FILENAME}" "\\1" DIR ${FILEPATH}) -+ if(${FILEPATH} MATCHES "^([^/]*)/+${FILENAME}") -+ string(REGEX REPLACE "^([^/]*)/+${FILENAME}" "\\1" DIR ${FILEPATH}) - set(CHANNEL_OPTION) - include(${FILEPATH}) - if(${CHANNEL_OPTION}) -diff --git a/channels/client/CMakeLists.txt b/channels/client/CMakeLists.txt -index fc42466..a78cdeb 100644 ---- a/channels/client/CMakeLists.txt -+++ b/channels/client/CMakeLists.txt -@@ -30,7 +30,9 @@ set(${MODULE_PREFIX}_SRCS - ${CMAKE_CURRENT_SOURCE_DIR}/channels.c - ${CMAKE_CURRENT_SOURCE_DIR}/channels.h) - -+if(CHANNEL_STATIC_CLIENT_ENTRIES) - list(REMOVE_DUPLICATES CHANNEL_STATIC_CLIENT_ENTRIES) -+endif() - - foreach(STATIC_ENTRY ${CHANNEL_STATIC_CLIENT_ENTRIES}) - foreach(STATIC_MODULE ${CHANNEL_STATIC_CLIENT_MODULES}) -diff --git a/third-party/CMakeLists.txt b/third-party/CMakeLists.txt -index 09b1fd4..610f35e 100644 ---- a/third-party/CMakeLists.txt -+++ b/third-party/CMakeLists.txt -@@ -22,11 +22,11 @@ - file(GLOB all_valid_subdirs RELATIVE ${CMAKE_CURRENT_SOURCE_DIR} "*/CMakeLists.txt") - - foreach(dir ${all_valid_subdirs}) -- if(${dir} MATCHES "^([^/]*)//CMakeLists.txt") -- string(REGEX REPLACE "^([^/]*)//CMakeLists.txt" "\\1" dir_trimmed ${dir}) -+ if(${dir} MATCHES "^([^/]*)/+CMakeLists.txt") -+ string(REGEX REPLACE "^([^/]*)/+CMakeLists.txt" "\\1" dir_trimmed ${dir}) - message(STATUS "Adding third-party component ${dir_trimmed}") - add_subdirectory(${dir_trimmed}) - endif() - endforeach(dir) - --set(THIRD_PARTY_INCLUDES ${THIRD_PARTY_INCLUDES} PARENT_SCOPE) -\ No newline at end of file -+set(THIRD_PARTY_INCLUDES ${THIRD_PARTY_INCLUDES} PARENT_SCOPE) -diff --git a/winpr/libwinpr/CMakeLists.txt b/winpr/libwinpr/CMakeLists.txt -index fdb2bda..7e1603b 100644 ---- a/winpr/libwinpr/CMakeLists.txt -+++ b/winpr/libwinpr/CMakeLists.txt -@@ -32,8 +32,8 @@ set(FILENAME "ModuleOptions.cmake") - file(GLOB FILEPATHS RELATIVE ${CMAKE_CURRENT_SOURCE_DIR} "*/${FILENAME}") - - foreach(FILEPATH ${FILEPATHS}) -- if(${FILEPATH} MATCHES "^([^/]*)//${FILENAME}") -- string(REGEX REPLACE "^([^/]*)//${FILENAME}" "\\1" ${MODULE_PREFIX}_SUBMODULE ${FILEPATH}) -+ if(${FILEPATH} MATCHES "^([^/]*)/+${FILENAME}") -+ string(REGEX REPLACE "^([^/]*)/+${FILENAME}" "\\1" ${MODULE_PREFIX}_SUBMODULE ${FILEPATH}) - set(${MODULE_PREFIX}_SUBMODULES ${${MODULE_PREFIX}_SUBMODULES} ${${MODULE_PREFIX}_SUBMODULE}) - endif() - endforeach(FILEPATH) diff --git a/0005_release-keys-when-xfreerdp-is-unfocused-to-prevent-s.patch b/0005_release-keys-when-xfreerdp-is-unfocused-to-prevent-s.patch deleted file mode 100644 index e45c21c9af0a..000000000000 --- a/0005_release-keys-when-xfreerdp-is-unfocused-to-prevent-s.patch +++ /dev/null @@ -1,42 +0,0 @@ ->From ffa7f0363fa4f0770d0f1ac451d7a5e87d415d7b Mon Sep 17 00:00:00 2001 -From: Seray Rosh <seray.rosh@web.de> -Date: Fri, 27 Feb 2015 16:02:40 +0100 -Subject: [PATCH] fix #778650: release keys when xfreerdp is unfocused to prevent stuck keys - -This fixes https://bugs.debian.org/778650 -Originated from https://github.com/FreeRDP/FreeRDP/pull/2430 -Cherry picked from upstream commit ffa7f0363fa4f0770d0f1ac451d7a5e87d415d7b, ported for debian/1.1.0~git20140921.1.440916e+dfsg1-5 - ---- - -Signed-off-by: Petr Vorel <petr.vorel@gmail.com> ---- - client/X11/xf_event.c | 1 + - client/X11/xf_keyboard.c | 6 ++++++ - 2 files changed, 7 insertions(+) - ---- a/client/X11/xf_event.c -+++ b/client/X11/xf_event.c -@@ -456,6 +456,7 @@ - if (event->xfocus.mode == NotifyWhileGrabbed) - XUngrabKeyboard(xfc->display, CurrentTime); - -+ xf_kbd_release_all_keypress(xfc); - xf_kbd_clear(xfc); - - if (app) ---- a/client/X11/xf_keyboard.c -+++ b/client/X11/xf_keyboard.c -@@ -75,6 +75,12 @@ - if (xfc->pressed_keys[keycode] != NoSymbol) - { - rdp_scancode = freerdp_keyboard_get_rdp_scancode_from_x11_keycode(keycode); -+ -+ // release tab before releasing the windows key. -+ // this stops the start menu from opening on unfocus event. -+ if (rdp_scancode == RDP_SCANCODE_LWIN) -+ freerdp_input_send_keyboard_event_ex(xfc->instance->input, FALSE, RDP_SCANCODE_TAB); -+ - freerdp_input_send_keyboard_event_ex(xfc->instance->input, FALSE, rdp_scancode); - xfc->pressed_keys[keycode] = NoSymbol; - } diff --git a/0006_fix-null-cert-that-is-not-an-error.patch b/0006_fix-null-cert-that-is-not-an-error.patch deleted file mode 100644 index c336c8460ef4..000000000000 --- a/0006_fix-null-cert-that-is-not-an-error.patch +++ /dev/null @@ -1,29 +0,0 @@ -From 603a6378fffd43a67e14ead860bcf9196be6979e Mon Sep 17 00:00:00 2001 -From: Hardening <rdp.effort@gmail.com> -Date: Wed, 7 May 2014 16:12:38 +0200 -Subject: [PATCH] Fix null certificate that is not an error - -v2: Backported to 1.1.0~git20140921.1.440916e+dfsg1-5 by Mike Gabriel <mike.gabriel@das-netzwerkteam.de> ---- - libfreerdp/core/certificate.c | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - ---- a/libfreerdp/core/certificate.c -+++ b/libfreerdp/core/certificate.c -@@ -568,15 +568,12 @@ - UINT32 dwVersion; - int status = 1; - -- if (length < 1) -+ if (length < 4) - { - DEBUG_CERTIFICATE("null server certificate\n"); - return 0; - } - -- if (length < 4) -- return -1; -- - s = Stream_New(server_cert, length); - - Stream_Read_UINT32(s, dwVersion); /* dwVersion (4 bytes) */ diff --git a/0007_Fix-build-failure-on-x32.patch b/0007_Fix-build-failure-on-x32.patch deleted file mode 100644 index 2962d69f4bd4..000000000000 --- a/0007_Fix-build-failure-on-x32.patch +++ /dev/null @@ -1,32 +0,0 @@ ->From 15d5037df438e60f2c5439184dbe7ea232cbd100 Mon Sep 17 00:00:00 2001 -From: Adam Borowski <kilobyte@angband.pl> -Date: Thu, 29 Jan 2015 05:50:12 +0100 -Subject: [PATCH] Fix build failure on x32. - -Unlike i386, x32 can't accept -march=i686 but wants -fPIC, same as amd64 -(both are x86_64 ABIs after all). Thus, check for the __x86_64__ define -instead of pointer width. ---- - CMakeLists.txt | 4 +++- - 1 file changed, 3 insertions(+), 1 deletion(-) - ---- a/CMakeLists.txt -+++ b/CMakeLists.txt -@@ -33,6 +33,7 @@ - # Include cmake modules - include(CheckIncludeFiles) - include(CheckLibraryExists) -+include(CheckSymbolExists) - include(CheckStructHasMember) - include(CMakeDetermineSystem) - include(FindPkgConfig) -@@ -112,7 +113,8 @@ - # Compiler-specific flags - if(CMAKE_COMPILER_IS_GNUCC) - if(CMAKE_SYSTEM_PROCESSOR MATCHES "x86_64" OR CMAKE_SYSTEM_PROCESSOR MATCHES "i686") -- if(CMAKE_SIZEOF_VOID_P EQUAL 8) -+ CHECK_SYMBOL_EXISTS(__x86_64__ "" IS_X86_64) -+ if(IS_X86_64) - set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -fPIC") - else() - set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -march=i686") diff --git a/0008-Fix-multiple-security-issues.patch b/0008-Fix-multiple-security-issues.patch deleted file mode 100644 index df9004bfe45e..000000000000 --- a/0008-Fix-multiple-security-issues.patch +++ /dev/null @@ -1,756 +0,0 @@ -From 03ab68318966c3a22935a02838daaea7b7fbe96c Mon Sep 17 00:00:00 2001 -From: Bernhard Miklautz <bernhard.miklautz@thincast.com> -Date: Thu, 27 Jul 2017 13:24:37 +0200 -Subject: [PATCH] Fix multiple security issues - -Fix the following issues identified by the CISCO TALOS project: - -* TALOS-2017-0336 CVE-2017-2834 -* TALOS-2017-0337 CVE-2017-2835 -* TALOS-2017-0338 CVE-2017-2836 -* TALOS-2017-0339 CVE-2017-2837 -* TALOS-2017-0340 CVE-2017-2838 -* TALOS-2017-0341 CVE-2017-2839 - -Backported based on commit 8292b4558f0684065ce1f58db7783cc426099223. ---- - libfreerdp/core/capabilities.c | 4 +-- - libfreerdp/core/certificate.c | 18 ++++++++----- - libfreerdp/core/certificate.h | 2 +- - libfreerdp/core/connection.c | 17 ++++++------ - libfreerdp/core/gcc.c | 60 ++++++++++++++++++++++++------------------ - libfreerdp/core/info.c | 4 +-- - libfreerdp/core/license.c | 39 ++++++++++++++++++++------- - libfreerdp/core/mcs.c | 17 +++++++++--- - libfreerdp/core/nego.c | 8 +++--- - libfreerdp/core/peer.c | 4 +-- - libfreerdp/core/rdp.c | 37 ++++++++++++++++++++------ - libfreerdp/core/rdp.h | 4 +-- - libfreerdp/core/security.c | 12 ++++----- - libfreerdp/core/security.h | 12 ++++----- - libfreerdp/core/surface.c | 2 +- - libfreerdp/core/tpkt.c | 22 ++++++++++++---- - libfreerdp/core/tpkt.h | 2 +- - libfreerdp/core/transport.c | 6 ++++- - 18 files changed, 174 insertions(+), 96 deletions(-) - -diff --git a/libfreerdp/core/capabilities.c b/libfreerdp/core/capabilities.c -index 4d69b4e..0e3b0de 100644 ---- a/libfreerdp/core/capabilities.c -+++ b/libfreerdp/core/capabilities.c -@@ -3341,12 +3341,12 @@ BOOL rdp_recv_get_active_header(rdpRdp* rdp, wStream* s, UINT16* pChannelId) - - if (rdp->settings->DisableEncryption) - { -- if (!rdp_read_security_header(s, &securityFlags)) -+ if (!rdp_read_security_header(s, &securityFlags, &length)) - return FALSE; - - if (securityFlags & SEC_ENCRYPT) - { -- if (!rdp_decrypt(rdp, s, length - 4, securityFlags)) -+ if (!rdp_decrypt(rdp, s, length, securityFlags)) - { - fprintf(stderr, "rdp_decrypt failed\n"); - return FALSE; -diff --git a/libfreerdp/core/certificate.c b/libfreerdp/core/certificate.c -index 6a28ab3..9a36abe 100644 ---- a/libfreerdp/core/certificate.c -+++ b/libfreerdp/core/certificate.c -@@ -327,10 +327,10 @@ static BOOL certificate_process_server_public_key(rdpCertificate* certificate, w - UINT32 keylen; - UINT32 bitlen; - UINT32 datalen; -- UINT32 modlen; - - if (Stream_GetRemainingLength(s) < 20) - return FALSE; -+ - Stream_Read(s, magic, 4); - - if (memcmp(magic, "RSA1", 4) != 0) -@@ -343,12 +343,16 @@ static BOOL certificate_process_server_public_key(rdpCertificate* certificate, w - Stream_Read_UINT32(s, bitlen); - Stream_Read_UINT32(s, datalen); - Stream_Read(s, certificate->cert_info.exponent, 4); -- modlen = keylen - 8; - -- if (Stream_GetRemainingLength(s) < modlen + 8) // count padding -+ if ((keylen <= 8) || (Stream_GetRemainingLength(s) < keylen)) - return FALSE; -- certificate->cert_info.ModulusLength = modlen; -+ -+ certificate->cert_info.ModulusLength = keylen - 8; - certificate->cert_info.Modulus = malloc(certificate->cert_info.ModulusLength); -+ -+ if (!certificate->cert_info.Modulus) -+ return FALSE; -+ - Stream_Read(s, certificate->cert_info.Modulus, certificate->cert_info.ModulusLength); - /* 8 bytes of zero padding */ - Stream_Seek(s, 8); -@@ -500,7 +504,7 @@ BOOL certificate_read_server_proprietary_certificate(rdpCertificate* certificate - - BOOL certificate_read_server_x509_certificate_chain(rdpCertificate* certificate, wStream* s) - { -- int i; -+ UINT32 i; - UINT32 certLength; - UINT32 numCertBlobs; - BOOL ret; -@@ -513,7 +517,7 @@ BOOL certificate_read_server_x509_certificate_chain(rdpCertificate* certificate, - - certificate->x509_cert_chain = certificate_new_x509_certificate_chain(numCertBlobs); - -- for (i = 0; i < (int) numCertBlobs; i++) -+ for (i = 0; i < numCertBlobs; i++) - { - if (Stream_GetRemainingLength(s) < 4) - return FALSE; -@@ -562,7 +566,7 @@ BOOL certificate_read_server_x509_certificate_chain(rdpCertificate* certificate, - * @param length certificate length - */ - --int certificate_read_server_certificate(rdpCertificate* certificate, BYTE* server_cert, int length) -+int certificate_read_server_certificate(rdpCertificate* certificate, BYTE* server_cert, size_t length) - { - wStream* s; - UINT32 dwVersion; -diff --git a/libfreerdp/core/certificate.h b/libfreerdp/core/certificate.h -index 5008bb4..fb818f5 100644 ---- a/libfreerdp/core/certificate.h -+++ b/libfreerdp/core/certificate.h -@@ -50,7 +50,7 @@ void certificate_free_x509_certificate_chain(rdpX509CertChain* x509_cert_chain); - - BOOL certificate_read_server_proprietary_certificate(rdpCertificate* certificate, wStream* s); - BOOL certificate_read_server_x509_certificate_chain(rdpCertificate* certificate, wStream* s); --int certificate_read_server_certificate(rdpCertificate* certificate, BYTE* server_cert, int length); -+int certificate_read_server_certificate(rdpCertificate* certificate, BYTE* server_cert, size_t length); - - rdpCertificate* certificate_new(void); - void certificate_free(rdpCertificate* certificate); -diff --git a/libfreerdp/core/connection.c b/libfreerdp/core/connection.c -index 9c4c3d7..7e6b2bd 100644 ---- a/libfreerdp/core/connection.c -+++ b/libfreerdp/core/connection.c -@@ -77,19 +77,18 @@ BOOL rdp_client_connect(rdpRdp* rdp) - - if (settings->GatewayEnabled) - { -- char* user; -+ char* user = NULL; - char* domain; - char* cookie; -- int user_length = 0; -+ int user_length = 0; - int domain_length; - int cookie_length; - -- -- if (settings->Username) -- { -- user = settings->Username; -- user_length = strlen(settings->Username); -- } -+ if (settings->Username) -+ { -+ user = settings->Username; -+ user_length = strlen(settings->Username); -+ } - - if (settings->Domain) - domain = settings->Domain; -@@ -365,7 +364,7 @@ static BOOL rdp_server_establish_keys(rdpRdp* rdp, wStream* s) - return FALSE; - } - -- if (!rdp_read_security_header(s, &sec_flags)) -+ if (!rdp_read_security_header(s, &sec_flags, NULL)) - return FALSE; - - if ((sec_flags & SEC_EXCHANGE_PKT) == 0) -diff --git a/libfreerdp/core/gcc.c b/libfreerdp/core/gcc.c -index 316f4f9..27def74 100644 ---- a/libfreerdp/core/gcc.c -+++ b/libfreerdp/core/gcc.c -@@ -830,6 +830,7 @@ BOOL gcc_read_server_security_data(wStream* s, rdpSettings* settings) - - if (Stream_GetRemainingLength(s) < 8) - return FALSE; -+ - Stream_Read_UINT32(s, settings->EncryptionMethods); /* encryptionMethod */ - Stream_Read_UINT32(s, settings->EncryptionLevel); /* encryptionLevel */ - -@@ -844,43 +845,50 @@ BOOL gcc_read_server_security_data(wStream* s, rdpSettings* settings) - - if (Stream_GetRemainingLength(s) < 8) - return FALSE; -+ - Stream_Read_UINT32(s, settings->ServerRandomLength); /* serverRandomLen */ - Stream_Read_UINT32(s, settings->ServerCertificateLength); /* serverCertLen */ - -- if (Stream_GetRemainingLength(s) < settings->ServerRandomLength + settings->ServerCertificateLength) -+ if (settings->ServerRandomLength == 0 || settings->ServerCertificateLength == 0) - return FALSE; - -- if (settings->ServerRandomLength > 0) -- { -- /* serverRandom */ -- settings->ServerRandom = (BYTE*) malloc(settings->ServerRandomLength); -- Stream_Read(s, settings->ServerRandom, settings->ServerRandomLength); -- } -- else -- { -+ if (Stream_GetRemainingLength(s) < settings->ServerRandomLength) - return FALSE; -- } - -- if (settings->ServerCertificateLength > 0) -- { -- /* serverCertificate */ -- settings->ServerCertificate = (BYTE*) malloc(settings->ServerCertificateLength); -- Stream_Read(s, settings->ServerCertificate, settings->ServerCertificateLength); -+ /* serverRandom */ -+ settings->ServerRandom = (BYTE*) malloc(settings->ServerRandomLength); -+ if (!settings->ServerRandom) -+ return FALSE; -+ Stream_Read(s, settings->ServerRandom, settings->ServerRandomLength); - -- certificate_free(settings->RdpServerCertificate); -- settings->RdpServerCertificate = certificate_new(); -- data = settings->ServerCertificate; -- length = settings->ServerCertificateLength; -+ /* serverCertificate */ -+ if(Stream_GetRemainingLength(s) < settings->ServerCertificateLength) -+ goto out_fail1; -+ settings->ServerCertificate = (BYTE*) malloc(settings->ServerCertificateLength); -+ if (!settings->ServerCertificate) -+ goto out_fail1; - -- if (certificate_read_server_certificate(settings->RdpServerCertificate, data, length) < 1) -- return FALSE; -- } -- else -- { -- return FALSE; -- } -+ Stream_Read(s, settings->ServerCertificate, settings->ServerCertificateLength); -+ certificate_free(settings->RdpServerCertificate); -+ settings->RdpServerCertificate = certificate_new(); -+ if (!settings->RdpServerCertificate) -+ goto out_fail2; -+ -+ data = settings->ServerCertificate; -+ length = settings->ServerCertificateLength; -+ -+ if (certificate_read_server_certificate(settings->RdpServerCertificate, data, length) < 1) -+ goto out_fail2; - - return TRUE; -+ -+ out_fail2: -+ free(settings->ServerCertificate); -+ settings->ServerCertificate = NULL; -+ out_fail1: -+ free(settings->ServerRandom); -+ settings->ServerRandom = NULL; -+ return FALSE; - } - - static const BYTE initial_signature[] = -diff --git a/libfreerdp/core/info.c b/libfreerdp/core/info.c -index 11435ef..7717731 100644 ---- a/libfreerdp/core/info.c -+++ b/libfreerdp/core/info.c -@@ -441,7 +441,7 @@ BOOL rdp_recv_client_info(rdpRdp* rdp, wStream* s) - if (!rdp_read_header(rdp, s, &length, &channelId)) - return FALSE; - -- if (!rdp_read_security_header(s, &securityFlags)) -+ if (!rdp_read_security_header(s, &securityFlags, &length)) - return FALSE; - - if ((securityFlags & SEC_INFO_PKT) == 0) -@@ -457,7 +457,7 @@ BOOL rdp_recv_client_info(rdpRdp* rdp, wStream* s) - - if (securityFlags & SEC_ENCRYPT) - { -- if (!rdp_decrypt(rdp, s, length - 4, securityFlags)) -+ if (!rdp_decrypt(rdp, s, length, securityFlags)) - { - fprintf(stderr, "rdp_decrypt failed\n"); - return FALSE; -diff --git a/libfreerdp/core/license.c b/libfreerdp/core/license.c -index 88d039e..40bb150 100644 ---- a/libfreerdp/core/license.c -+++ b/libfreerdp/core/license.c -@@ -240,12 +240,12 @@ BOOL license_recv(rdpLicense* license, wStream* s) - return FALSE; - } - -- if (!rdp_read_security_header(s, &securityFlags)) -+ if (!rdp_read_security_header(s, &securityFlags, &length)) - return FALSE; - - if (securityFlags & SEC_ENCRYPT) - { -- if (!rdp_decrypt(license->rdp, s, length - 4, securityFlags)) -+ if (!rdp_decrypt(license->rdp, s, length, securityFlags)) - { - fprintf(stderr, "rdp_decrypt failed\n"); - return FALSE; -@@ -474,25 +474,41 @@ BOOL license_read_product_info(wStream* s, PRODUCT_INFO* productInfo) - - Stream_Read_UINT32(s, productInfo->cbCompanyName); /* cbCompanyName (4 bytes) */ - -- if (Stream_GetRemainingLength(s) < productInfo->cbCompanyName + 4) -+ /* Name must be > 0, but there is no upper limit defined, use UINT32_MAX */ -+ if ((productInfo->cbCompanyName < 2) || (productInfo->cbCompanyName % 2 != 0)) -+ return FALSE; -+ -+ if (Stream_GetRemainingLength(s) < productInfo->cbCompanyName) - return FALSE; - - productInfo->pbCompanyName = (BYTE*) malloc(productInfo->cbCompanyName); -+ if (!productInfo->pbCompanyName) -+ return FALSE; - Stream_Read(s, productInfo->pbCompanyName, productInfo->cbCompanyName); - -+ if (Stream_GetRemainingLength(s) < 4) -+ goto out_fail; -+ - Stream_Read_UINT32(s, productInfo->cbProductId); /* cbProductId (4 bytes) */ - -+ if ((productInfo->cbProductId < 2) || (productInfo->cbProductId % 2 != 0)) -+ goto out_fail; -+ - if (Stream_GetRemainingLength(s) < productInfo->cbProductId) -- { -- free(productInfo->pbCompanyName); -- productInfo->pbCompanyName = NULL; -- return FALSE; -- } -+ goto out_fail; - - productInfo->pbProductId = (BYTE*) malloc(productInfo->cbProductId); -- Stream_Read(s, productInfo->pbProductId, productInfo->cbProductId); -+ if (!productInfo->pbProductId) -+ goto out_fail; - -+ Stream_Read(s, productInfo->pbProductId, productInfo->cbProductId); - return TRUE; -+ -+ out_fail: -+ free(productInfo->pbCompanyName); -+ productInfo->pbCompanyName = NULL; -+ return FALSE; -+ - } - - /** -@@ -796,7 +812,10 @@ BOOL license_read_platform_challenge_packet(rdpLicense* license, wStream* s) - - /* EncryptedPlatformChallenge */ - license->EncryptedPlatformChallenge->type = BB_ANY_BLOB; -- license_read_binary_blob(s, license->EncryptedPlatformChallenge); -+ -+ if (!license_read_binary_blob(s, license->EncryptedPlatformChallenge)) -+ return FALSE; -+ - license->EncryptedPlatformChallenge->type = BB_ENCRYPTED_DATA_BLOB; - - if (Stream_GetRemainingLength(s) < 16) -diff --git a/libfreerdp/core/mcs.c b/libfreerdp/core/mcs.c -index d5ea089..16cf88e 100644 ---- a/libfreerdp/core/mcs.c -+++ b/libfreerdp/core/mcs.c -@@ -197,7 +197,8 @@ BOOL mcs_read_domain_mcspdu_header(wStream* s, enum DomainMCSPDU* domainMCSPDU, - BYTE choice; - enum DomainMCSPDU MCSPDU; - -- *length = tpkt_read_header(s); -+ if (!tpkt_read_header(s, length)) -+ return FALSE; - - if (!tpdu_read_data(s, &li)) - return FALSE; -@@ -332,8 +333,13 @@ BOOL mcs_recv_connect_initial(rdpMcs* mcs, wStream* s) - UINT16 li; - int length; - BOOL upwardFlag; -+ UINT16 tlength; -+ -+ if (!mcs || !s) -+ return FALSE; - -- tpkt_read_header(s); -+ if (!tpkt_read_header(s, &tlength)) -+ return FALSE; - - if (!tpdu_read_data(s, &li)) - return FALSE; -@@ -504,8 +510,13 @@ BOOL mcs_recv_connect_response(rdpMcs* mcs, wStream* s) - BYTE result; - UINT16 li; - UINT32 calledConnectId; -+ UINT16 tlength; - -- tpkt_read_header(s); -+ if (!mcs || !s) -+ return FALSE; -+ -+ if (!tpkt_read_header(s, &tlength)) -+ return FALSE; - - if (!tpdu_read_data(s, &li)) - return FALSE; -diff --git a/libfreerdp/core/nego.c b/libfreerdp/core/nego.c -index 6148e86..bc77eb3 100644 ---- a/libfreerdp/core/nego.c -+++ b/libfreerdp/core/nego.c -@@ -506,9 +506,7 @@ int nego_recv(rdpTransport* transport, wStream* s, void* extra) - UINT16 length; - rdpNego* nego = (rdpNego*) extra; - -- length = tpkt_read_header(s); -- -- if (length == 0) -+ if (!tpkt_read_header(s, &length) || length == 0) - return -1; - - if (!tpdu_read_connection_confirm(s, &li)) -@@ -582,8 +580,10 @@ BOOL nego_read_request(rdpNego* nego, wStream* s) - BYTE li; - BYTE c; - BYTE type; -+ UINT16 length; - -- tpkt_read_header(s); -+ if (!tpkt_read_header(s, &length)) -+ return FALSE; - - if (!tpdu_read_connection_request(s, &li)) - return FALSE; -diff --git a/libfreerdp/core/peer.c b/libfreerdp/core/peer.c -index eb4ad60..b9bad7e 100644 ---- a/libfreerdp/core/peer.c -+++ b/libfreerdp/core/peer.c -@@ -179,12 +179,12 @@ static int peer_recv_tpkt_pdu(freerdp_peer* client, wStream* s) - - if (rdp->settings->DisableEncryption) - { -- if (!rdp_read_security_header(s, &securityFlags)) -+ if (!rdp_read_security_header(s, &securityFlags, &length)) - return -1; - - if (securityFlags & SEC_ENCRYPT) - { -- if (!rdp_decrypt(rdp, s, length - 4, securityFlags)) -+ if (!rdp_decrypt(rdp, s, length, securityFlags)) - { - fprintf(stderr, "rdp_decrypt failed\n"); - return -1; -diff --git a/libfreerdp/core/rdp.c b/libfreerdp/core/rdp.c -index 1a4704d..bb35bd9 100644 ---- a/libfreerdp/core/rdp.c -+++ b/libfreerdp/core/rdp.c -@@ -77,13 +77,17 @@ static const char* const DATA_PDU_TYPE_STRINGS[] = - * @param flags security flags - */ - --BOOL rdp_read_security_header(wStream* s, UINT16* flags) -+BOOL rdp_read_security_header(wStream* s, UINT16* flags, UINT16* length) - { - /* Basic Security Header */ -- if (Stream_GetRemainingLength(s) < 4) -+ if (Stream_GetRemainingLength(s) < 4 || (length && (*length < 4))) - return FALSE; - Stream_Read_UINT16(s, *flags); /* flags */ - Stream_Seek(s, 2); /* flagsHi (unused) */ -+ -+ if (length) -+ *length -= 4; -+ - return TRUE; - } - -@@ -249,6 +253,9 @@ BOOL rdp_read_header(rdpRdp* rdp, wStream* s, UINT16* length, UINT16* channel_id - return FALSE; - } - -+ if (*length < 8) -+ return FALSE; -+ - if (*length - 8 > Stream_GetRemainingLength(s)) - return FALSE; - -@@ -273,8 +280,12 @@ BOOL rdp_read_header(rdpRdp* rdp, wStream* s, UINT16* length, UINT16* channel_id - if (Stream_GetRemainingLength(s) < 5) - return FALSE; - -- per_read_integer16(s, &initiator, MCS_BASE_CHANNEL_ID); /* initiator (UserId) */ -- per_read_integer16(s, channel_id, 0); /* channelId */ -+ if (!per_read_integer16(s, &initiator, MCS_BASE_CHANNEL_ID)) /* initiator (UserId) */ -+ return FALSE; -+ -+ if (!per_read_integer16(s, channel_id, 0)) /* channelId */ -+ return FALSE; -+ - Stream_Seek(s, 1); /* dataPriority + Segmentation (0x70) */ - - if (!per_read_length(s, length)) /* userData (OCTET_STRING) */ -@@ -701,16 +712,20 @@ BOOL rdp_recv_out_of_sequence_pdu(rdpRdp* rdp, wStream* s) - * @param length int - */ - --BOOL rdp_decrypt(rdpRdp* rdp, wStream* s, int length, UINT16 securityFlags) -+BOOL rdp_decrypt(rdpRdp* rdp, wStream* s, INT32 length, UINT16 securityFlags) - { - BYTE cmac[8]; - BYTE wmac[8]; - -+ if (!rdp || !s || length < 0) -+ return FALSE; -+ - if (rdp->settings->EncryptionMethods == ENCRYPTION_METHOD_FIPS) - { - UINT16 len; - BYTE version, pad; - BYTE* sig; -+ INT64 padLength; - - if (Stream_GetRemainingLength(s) < 12) - return FALSE; -@@ -723,6 +738,10 @@ BOOL rdp_decrypt(rdpRdp* rdp, wStream* s, int length, UINT16 securityFlags) - Stream_Seek(s, 8); /* signature */ - - length -= 12; -+ padLength = length - pad; -+ -+ if (length <= 0 || padLength <= 0) -+ return FALSE; - - if (!security_fips_decrypt(Stream_Pointer(s), length, rdp)) - { -@@ -741,11 +760,13 @@ BOOL rdp_decrypt(rdpRdp* rdp, wStream* s, int length, UINT16 securityFlags) - return TRUE; - } - -- if (Stream_GetRemainingLength(s) < 8) -+ if (Stream_GetRemainingLength(s) < sizeof(wmac)) - return FALSE; - - Stream_Read(s, wmac, sizeof(wmac)); - length -= sizeof(wmac); -+ if (length <= 0) -+ return FALSE; - - if (!security_decrypt(Stream_Pointer(s), length, rdp)) - return FALSE; -@@ -795,12 +816,12 @@ static int rdp_recv_tpkt_pdu(rdpRdp* rdp, wStream* s) - - if (rdp->settings->DisableEncryption) - { -- if (!rdp_read_security_header(s, &securityFlags)) -+ if (!rdp_read_security_header(s, &securityFlags, &length)) - return -1; - - if (securityFlags & (SEC_ENCRYPT | SEC_REDIRECTION_PKT)) - { -- if (!rdp_decrypt(rdp, s, length - 4, securityFlags)) -+ if (!rdp_decrypt(rdp, s, length, securityFlags)) - { - fprintf(stderr, "rdp_decrypt failed\n"); - return -1; -diff --git a/libfreerdp/core/rdp.h b/libfreerdp/core/rdp.h -index fc73026..7bcfc27 100644 ---- a/libfreerdp/core/rdp.h -+++ b/libfreerdp/core/rdp.h -@@ -160,7 +160,7 @@ struct rdp_rdp - BOOL deactivation_reactivation; - }; - --BOOL rdp_read_security_header(wStream* s, UINT16* flags); -+BOOL rdp_read_security_header(wStream* s, UINT16* flags, UINT16* length); - void rdp_write_security_header(wStream* s, UINT16 flags); - - BOOL rdp_read_share_control_header(wStream* s, UINT16* length, UINT16* type, UINT16* channel_id); -@@ -202,6 +202,6 @@ void rdp_free(rdpRdp* rdp); - #define DEBUG_RDP(fmt, ...) DEBUG_NULL(fmt, ## __VA_ARGS__) - #endif - --BOOL rdp_decrypt(rdpRdp* rdp, wStream* s, int length, UINT16 securityFlags); -+BOOL rdp_decrypt(rdpRdp* rdp, wStream* s, INT32 length, UINT16 securityFlags); - - #endif /* __RDP_H */ -diff --git a/libfreerdp/core/security.c b/libfreerdp/core/security.c -index 5684528..dc9b2fc 100644 ---- a/libfreerdp/core/security.c -+++ b/libfreerdp/core/security.c -@@ -475,7 +475,7 @@ BOOL security_key_update(BYTE* key, BYTE* update_key, int key_len) - return TRUE; - } - --BOOL security_encrypt(BYTE* data, int length, rdpRdp* rdp) -+BOOL security_encrypt(BYTE* data, size_t length, rdpRdp* rdp) - { - if (rdp->encrypt_use_count >= 4096) - { -@@ -490,7 +490,7 @@ BOOL security_encrypt(BYTE* data, int length, rdpRdp* rdp) - return TRUE; - } - --BOOL security_decrypt(BYTE* data, int length, rdpRdp* rdp) -+BOOL security_decrypt(BYTE* data, size_t length, rdpRdp* rdp) - { - if (rdp->rc4_decrypt_key == NULL) - return FALSE; -@@ -507,7 +507,7 @@ BOOL security_decrypt(BYTE* data, int length, rdpRdp* rdp) - return TRUE; - } - --void security_hmac_signature(const BYTE* data, int length, BYTE* output, rdpRdp* rdp) -+void security_hmac_signature(const BYTE* data, size_t length, BYTE* output, rdpRdp* rdp) - { - BYTE buf[20]; - BYTE use_count_le[4]; -@@ -522,20 +522,20 @@ void security_hmac_signature(const BYTE* data, int length, BYTE* output, rdpRdp* - memmove(output, buf, 8); - } - --BOOL security_fips_encrypt(BYTE* data, int length, rdpRdp* rdp) -+BOOL security_fips_encrypt(BYTE* data, size_t length, rdpRdp* rdp) - { - crypto_des3_encrypt(rdp->fips_encrypt, length, data, data); - rdp->encrypt_use_count++; - return TRUE; - } - --BOOL security_fips_decrypt(BYTE* data, int length, rdpRdp* rdp) -+BOOL security_fips_decrypt(BYTE* data, size_t length, rdpRdp* rdp) - { - crypto_des3_decrypt(rdp->fips_decrypt, length, data, data); - return TRUE; - } - --BOOL security_fips_check_signature(const BYTE* data, int length, const BYTE* sig, rdpRdp* rdp) -+BOOL security_fips_check_signature(const BYTE* data, size_t length, const BYTE* sig, rdpRdp* rdp) - { - BYTE buf[20]; - BYTE use_count_le[4]; -diff --git a/libfreerdp/core/security.h b/libfreerdp/core/security.h -index ffcebdf..c6b6038 100644 ---- a/libfreerdp/core/security.h -+++ b/libfreerdp/core/security.h -@@ -37,12 +37,12 @@ void security_mac_signature(rdpRdp *rdp, const BYTE* data, UINT32 length, BYTE* - void security_salted_mac_signature(rdpRdp *rdp, const BYTE* data, UINT32 length, BOOL encryption, BYTE* output); - BOOL security_establish_keys(const BYTE* client_random, rdpRdp* rdp); - --BOOL security_encrypt(BYTE* data, int length, rdpRdp* rdp); --BOOL security_decrypt(BYTE* data, int length, rdpRdp* rdp); -+BOOL security_encrypt(BYTE* data, size_t length, rdpRdp* rdp); -+BOOL security_decrypt(BYTE* data, size_t length, rdpRdp* rdp); - --void security_hmac_signature(const BYTE* data, int length, BYTE* output, rdpRdp* rdp); --BOOL security_fips_encrypt(BYTE* data, int length, rdpRdp* rdp); --BOOL security_fips_decrypt(BYTE* data, int length, rdpRdp* rdp); --BOOL security_fips_check_signature(const BYTE* data, int length, const BYTE* sig, rdpRdp* rdp); -+void security_hmac_signature(const BYTE* data, size_t length, BYTE* output, rdpRdp* rdp); -+BOOL security_fips_encrypt(BYTE* data, size_t length, rdpRdp* rdp); -+BOOL security_fips_decrypt(BYTE* data, size_t length, rdpRdp* rdp); -+BOOL security_fips_check_signature(const BYTE* data, size_t length, const BYTE* sig, rdpRdp* rdp); - - #endif /* __SECURITY_H */ -diff --git a/libfreerdp/core/surface.c b/libfreerdp/core/surface.c -index 992a3dd..15b2257 100644 ---- a/libfreerdp/core/surface.c -+++ b/libfreerdp/core/surface.c -@@ -85,7 +85,7 @@ int update_recv_surfcmds(rdpUpdate* update, UINT32 size, wStream* s) - { - BYTE* mark; - UINT16 cmdType; -- UINT32 cmdLength; -+ UINT32 cmdLength = 0; - - while (size > 2) - { -diff --git a/libfreerdp/core/tpkt.c b/libfreerdp/core/tpkt.c -index 5689d62..900e288 100644 ---- a/libfreerdp/core/tpkt.c -+++ b/libfreerdp/core/tpkt.c -@@ -81,25 +81,37 @@ BOOL tpkt_verify_header(wStream* s) - * @return length - */ - --UINT16 tpkt_read_header(wStream* s) -+BOOL tpkt_read_header(wStream* s, UINT16* length) - { - BYTE version; -- UINT16 length; -+ -+ if (Stream_GetRemainingLength(s) < 1) -+ return FALSE; - - Stream_Peek_UINT8(s, version); - - if (version == 3) - { -+ UINT16 len; -+ -+ if (Stream_GetRemainingLength(s) < 4) -+ return FALSE; -+ - Stream_Seek(s, 2); -- Stream_Read_UINT16_BE(s, length); -+ Stream_Read_UINT16_BE(s, len); -+ -+ if (len < 4) -+ return FALSE; -+ -+ *length = len; - } - else - { - /* not a TPKT header */ -- length = 0; -+ *length = 0; - } - -- return length; -+ return TRUE; - } - - /** -diff --git a/libfreerdp/core/tpkt.h b/libfreerdp/core/tpkt.h -index af984c1..9b51749 100644 ---- a/libfreerdp/core/tpkt.h -+++ b/libfreerdp/core/tpkt.h -@@ -28,7 +28,7 @@ - #define TPKT_HEADER_LENGTH 4 - - BOOL tpkt_verify_header(wStream* s); --UINT16 tpkt_read_header(wStream* s); -+BOOL tpkt_read_header(wStream* s, UINT16* length); - void tpkt_write_header(wStream* s, UINT16 length); - - #endif /* __TPKT_H */ -diff --git a/libfreerdp/core/transport.c b/libfreerdp/core/transport.c -index 0f29c6c..bc45dc8 100644 ---- a/libfreerdp/core/transport.c -+++ b/libfreerdp/core/transport.c -@@ -673,7 +673,11 @@ int transport_check_fds(rdpTransport** ptransport) - return 0; - } - -- length = tpkt_read_header(transport->ReceiveBuffer); -+ if (!tpkt_read_header(transport->ReceiveBuffer, &length)) -+ { -+ fprintf(stderr, "transport_check_fds: problem reading tpkt header.\n"); -+ return -1; -+ } - } - else if (nla_verify_header(transport->ReceiveBuffer)) - { --- -2.1.4 - diff --git a/0009-enable-TLS-12.patch b/0009-enable-TLS-12.patch deleted file mode 100644 index 50c63bba77cd..000000000000 --- a/0009-enable-TLS-12.patch +++ /dev/null @@ -1,38 +0,0 @@ -From 3ba81cbd5a59434f3053665e9fc4a432afd0db20 Mon Sep 17 00:00:00 2001 -From: Bernhard Miklautz <bernhard.miklautz@shacknet.at> -Date: Thu, 10 Aug 2017 09:31:21 +0200 -Subject: [PATCH 1/1] enable TLS 1+ - -Currently TLS version 1.0 is used implicitly by using the TLSv1_method. -To be able to also use TLS 1.1 and later use SSLv23_client_method -instead. To make sure SSLv2 or SSLv3 isn't used disable them. - -cherry-picked from aa80f63b4ab19101cbdc376f7e0613ed410fee11 ---- - libfreerdp/crypto/tls.c | 8 +++++++- - 1 file changed, 7 insertions(+), 1 deletion(-) - ---- a/libfreerdp/crypto/tls.c -+++ b/libfreerdp/crypto/tls.c -@@ -102,7 +102,7 @@ - int connection_status; - char *hostname; - -- tls->ctx = SSL_CTX_new(TLSv1_client_method()); -+ tls->ctx = SSL_CTX_new(SSLv23_client_method()); - - if (tls->ctx == NULL) - { -@@ -141,6 +141,12 @@ - */ - options |= SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS; - -+ /** -+ * disable SSLv2 and SSLv3 -+ */ -+ options |= SSL_OP_NO_SSLv2; -+ options |= SSL_OP_NO_SSLv3; -+ - SSL_CTX_set_options(tls->ctx, options); - - tls->ssl = SSL_new(tls->ctx); diff --git a/CVE-2014-0791.patch b/CVE-2014-0791.patch deleted file mode 100644 index 42939bc46b6a..000000000000 --- a/CVE-2014-0791.patch +++ /dev/null @@ -1,24 +0,0 @@ -From f1d6afca6ae620f9855a33280bdc6f3ad9153be0 Mon Sep 17 00:00:00 2001 -From: Hardening <rdp.effort@gmail.com> -Date: Wed, 8 Jan 2014 16:12:51 +0100 -Subject: [PATCH] Fix CVE-2014-0791 - -This patch fixes CVE-2014-0791, the remaining length in the stream is checked -before doing some malloc(). ---- - libfreerdp/core/license.c | 2 ++ - 1 file changed, 2 insertions(+) - -Index: freerdp-1.1.0~git20140921.1.440916e+dfsg1/libfreerdp/core/license.c -=================================================================== ---- freerdp-1.1.0~git20140921.1.440916e+dfsg1.orig/libfreerdp/core/license.c 2017-08-23 11:07:13.453296923 -0400 -+++ freerdp-1.1.0~git20140921.1.440916e+dfsg1/libfreerdp/core/license.c 2017-08-23 11:07:13.449296923 -0400 -@@ -677,6 +677,8 @@ BOOL license_read_scope_list(wStream* s, - return FALSE; - - Stream_Read_UINT32(s, scopeCount); /* ScopeCount (4 bytes) */ -+ if (scopeCount > Stream_GetRemainingLength(s) / 4) /* every blob is at least 4 bytes */ -+ return FALSE; - - scopeList->count = scopeCount; - scopeList->array = (LICENSE_BLOB*) malloc(sizeof(LICENSE_BLOB) * scopeCount); diff --git a/CVE-2018-8786.patch b/CVE-2018-8786.patch deleted file mode 100644 index e3ede30eff07..000000000000 --- a/CVE-2018-8786.patch +++ /dev/null @@ -1,25 +0,0 @@ -Backport of: - -From 445a5a42c500ceb80f8fa7f2c11f3682538033f3 Mon Sep 17 00:00:00 2001 -From: Armin Novak <armin.novak@thincast.com> -Date: Mon, 22 Oct 2018 16:25:13 +0200 -Subject: [PATCH] Fixed CVE-2018-8786 - -Thanks to Eyal Itkin from Check Point Software Technologies. ---- - libfreerdp/core/update.c | 8 +++----- - 1 file changed, 3 insertions(+), 5 deletions(-) - -Index: freerdp-1.1.0~git20140921.1.440916e+dfsg1/libfreerdp/core/update.c -=================================================================== ---- freerdp-1.1.0~git20140921.1.440916e+dfsg1.orig/libfreerdp/core/update.c -+++ freerdp-1.1.0~git20140921.1.440916e+dfsg1/libfreerdp/core/update.c -@@ -119,7 +119,7 @@ BOOL update_read_bitmap(rdpUpdate* updat - - if (bitmap_update->number > bitmap_update->count) - { -- UINT16 count; -+ UINT32 count; - - count = bitmap_update->number * 2; - diff --git a/CVE-2018-8787.patch b/CVE-2018-8787.patch deleted file mode 100644 index 49b5c3959f79..000000000000 --- a/CVE-2018-8787.patch +++ /dev/null @@ -1,51 +0,0 @@ -Backport of: - -From 09b9d4f1994a674c4ec85b4947aa656eda1aed8a Mon Sep 17 00:00:00 2001 -From: Armin Novak <armin.novak@thincast.com> -Date: Mon, 22 Oct 2018 16:30:20 +0200 -Subject: [PATCH] Fixed CVE-2018-8787 - -Thanks to Eyal Itkin from Check Point Software Technologies. ---- - libfreerdp/gdi/graphics.c | 10 +++++++++- - 1 file changed, 9 insertions(+), 1 deletion(-) - -Index: freerdp-1.1.0~git20140921.1.440916e+dfsg1/libfreerdp/gdi/graphics.c -=================================================================== ---- freerdp-1.1.0~git20140921.1.440916e+dfsg1.orig/libfreerdp/gdi/graphics.c -+++ freerdp-1.1.0~git20140921.1.440916e+dfsg1/libfreerdp/gdi/graphics.c -@@ -23,6 +23,7 @@ - - #include <winpr/crt.h> - -+#include <stdint.h> - #include <freerdp/gdi/dc.h> - #include <freerdp/gdi/brush.h> - #include <freerdp/gdi/shape.h> -@@ -98,7 +99,7 @@ void gdi_Bitmap_Decompress(rdpContext* c - BYTE* data, int width, int height, int bpp, int length, - BOOL compressed, int codec_id) - { -- UINT16 size; -+ UINT32 size; - RFX_MESSAGE* msg; - BYTE* src; - BYTE* dst; -@@ -107,7 +108,16 @@ void gdi_Bitmap_Decompress(rdpContext* c - rdpGdi* gdi; - BOOL status; - -- size = width * height * ((bpp + 7) / 8); -+ size = width * height; -+ -+ if (bpp <= 0 || width <= 0 || height <= 0 || -+ width > (UINT32_MAX / height) || -+ size > (UINT32_MAX / (bpp + 7) / 8)) -+ { -+ printf("Invalid parameters, unable to decompress bitmap\n"); -+ return; -+ } -+ size *= (bpp + 7) / 8; - - if (bitmap->data == NULL) - bitmap->data = (BYTE*) malloc(size); diff --git a/CVE-2018-8788.patch b/CVE-2018-8788.patch deleted file mode 100644 index 68ab84486736..000000000000 --- a/CVE-2018-8788.patch +++ /dev/null @@ -1,352 +0,0 @@ -Backport of: - -From d1112c279bd1a327e8e4d0b5f371458bf2579659 Mon Sep 17 00:00:00 2001 -From: Armin Novak <armin.novak@thincast.com> -Date: Mon, 22 Oct 2018 16:52:21 +0200 -Subject: [PATCH] Fixed CVE-2018-8788 - -Thanks to Eyal Itkin from Check Point Software Technologies. ---- - include/freerdp/codec/nsc.h | 4 +- - libfreerdp/codec/nsc.c | 94 +++++++++++++++++++++++++++++------ - libfreerdp/codec/nsc_encode.c | 62 ++++++++++++++++------- - libfreerdp/codec/nsc_encode.h | 2 +- - libfreerdp/codec/nsc_sse2.c | 4 +- - 5 files changed, 130 insertions(+), 36 deletions(-) - -Index: freerdp-1.1.0~git20140921.1.440916e+dfsg1/include/freerdp/codec/nsc.h -=================================================================== ---- freerdp-1.1.0~git20140921.1.440916e+dfsg1.orig/include/freerdp/codec/nsc.h -+++ freerdp-1.1.0~git20140921.1.440916e+dfsg1/include/freerdp/codec/nsc.h -@@ -59,8 +59,8 @@ struct _NSC_CONTEXT - /* color palette allocated by the application */ - const BYTE* palette; - -- void (*decode)(NSC_CONTEXT* context); -- void (*encode)(NSC_CONTEXT* context, BYTE* bmpdata, int rowstride); -+ BOOL (*decode)(NSC_CONTEXT* context); -+ BOOL (*encode)(NSC_CONTEXT* context, BYTE* bmpdata, int rowstride); - - NSC_CONTEXT_PRIV* priv; - }; -Index: freerdp-1.1.0~git20140921.1.440916e+dfsg1/libfreerdp/codec/nsc.c -=================================================================== ---- freerdp-1.1.0~git20140921.1.440916e+dfsg1.orig/libfreerdp/codec/nsc.c -+++ freerdp-1.1.0~git20140921.1.440916e+dfsg1/libfreerdp/codec/nsc.c -@@ -43,7 +43,7 @@ - #define NSC_INIT_SIMD(_nsc_context) do { } while (0) - #endif - --static void nsc_decode(NSC_CONTEXT* context) -+static BOOL nsc_decode(NSC_CONTEXT* context) - { - UINT16 x; - UINT16 y; -@@ -60,11 +60,18 @@ static void nsc_decode(NSC_CONTEXT* cont - INT16 g_val; - INT16 b_val; - BYTE* bmpdata; -+ size_t pos = 0; -+ -+ if (!context) -+ return FALSE; - - bmpdata = context->bmpdata; - rw = ROUND_UP_TO(context->width, 8); - shift = context->nsc_stream.ColorLossLevel - 1; /* colorloss recovery + YCoCg shift */ - -+ if (!bmpdata) -+ return FALSE; -+ - for (y = 0; y < context->height; y++) - { - if (context->nsc_stream.ChromaSubSamplingLevel > 0) -@@ -88,6 +95,11 @@ static void nsc_decode(NSC_CONTEXT* cont - r_val = y_val + co_val - cg_val; - g_val = y_val + cg_val; - b_val = y_val - co_val - cg_val; -+ -+ if (pos + 4 > context->bmpdata_length) -+ return FALSE; -+ -+ pos += 4; - *bmpdata++ = MINMAX(b_val, 0, 0xFF); - *bmpdata++ = MINMAX(g_val, 0, 0xFF); - *bmpdata++ = MINMAX(r_val, 0, 0xFF); -@@ -98,9 +110,11 @@ static void nsc_decode(NSC_CONTEXT* cont - aplane++; - } - } -+ -+ return TRUE; - } - --static void nsc_rle_decode(BYTE* in, BYTE* out, UINT32 origsz) -+static BOOL nsc_rle_decode(BYTE* in, BYTE* out, UINT32 outSize, UINT32 origsz) - { - UINT32 len; - UINT32 left; -@@ -113,6 +127,10 @@ static void nsc_rle_decode(BYTE* in, BYT - - if (left == 5) - { -+ if (outSize < 1) -+ return FALSE; -+ -+ outSize--; - *out++ = value; - left--; - } -@@ -130,6 +148,10 @@ static void nsc_rle_decode(BYTE* in, BYT - len = *((UINT32*) in); - in += 4; - } -+ if (outSize < len) -+ return FALSE; -+ -+ outSize -= len; - memset(out, value, len); - out += len; - left -= len; -@@ -141,16 +163,24 @@ static void nsc_rle_decode(BYTE* in, BYT - } - } - -- *((UINT32*)out) = *((UINT32*)in); -+ if ((outSize < 4) || (left < 4)) -+ return FALSE; -+ -+ memcpy(out, in, 4); -+ return TRUE; - } - --static void nsc_rle_decompress_data(NSC_CONTEXT* context) -+static BOOL nsc_rle_decompress_data(NSC_CONTEXT* context) - { - UINT16 i; - BYTE* rle; - UINT32 origsize; - UINT32 planesize; - -+ -+ if (!context) -+ return FALSE; -+ - rle = context->nsc_stream.Planes; - - for (i = 0; i < 4; i++) -@@ -159,14 +189,30 @@ static void nsc_rle_decompress_data(NSC_ - planesize = context->nsc_stream.PlaneByteCount[i]; - - if (planesize == 0) -+ { -+ if (context->priv->plane_buf_length < origsize) -+ return FALSE; -+ - memset(context->priv->plane_buf[i], 0xff, origsize); -+ } - else if (planesize < origsize) -- nsc_rle_decode(rle, context->priv->plane_buf[i], origsize); -+ { -+ if (!nsc_rle_decode(rle, context->priv->plane_buf[i], context->priv->plane_buf_length, -+ origsize)) -+ return FALSE; -+ } - else -+ { -+ if (context->priv->plane_buf_length < origsize) -+ return FALSE; -+ - memcpy(context->priv->plane_buf[i], rle, origsize); -+ } - - rle += planesize; - } -+ -+ return TRUE; - } - - static void nsc_stream_initialize(NSC_CONTEXT* context, wStream* s) -@@ -337,12 +383,24 @@ void nsc_process_message(NSC_CONTEXT* co - Stream_Free(s, FALSE); - - /* RLE decode */ -- PROFILER_ENTER(context->priv->prof_nsc_rle_decompress_data); -- nsc_rle_decompress_data(context); -- PROFILER_EXIT(context->priv->prof_nsc_rle_decompress_data); -+ { -+ BOOL rc; -+ PROFILER_ENTER(context->priv->prof_nsc_rle_decompress_data); -+ rc = nsc_rle_decompress_data(context); -+ PROFILER_EXIT(context->priv->prof_nsc_rle_decompress_data); -+ -+ if (!rc) -+ return; -+ } - - /* Colorloss recover, Chroma supersample and AYCoCg to ARGB Conversion in one step */ -- PROFILER_ENTER(context->priv->prof_nsc_decode); -- context->decode(context); -- PROFILER_EXIT(context->priv->prof_nsc_decode); -+ { -+ BOOL rc; -+ PROFILER_ENTER(context->priv->prof_nsc_decode); -+ rc = context->decode(context); -+ PROFILER_EXIT(context->priv->prof_nsc_decode); -+ -+ if (!rc) -+ return; -+ } - } -Index: freerdp-1.1.0~git20140921.1.440916e+dfsg1/libfreerdp/codec/nsc_encode.c -=================================================================== ---- freerdp-1.1.0~git20140921.1.440916e+dfsg1.orig/libfreerdp/codec/nsc_encode.c -+++ freerdp-1.1.0~git20140921.1.440916e+dfsg1/libfreerdp/codec/nsc_encode.c -@@ -67,7 +67,7 @@ static void nsc_context_initialize_encod - } - } - --static void nsc_encode_argb_to_aycocg(NSC_CONTEXT* context, BYTE* bmpdata, int rowstride) -+static BOOL nsc_encode_argb_to_aycocg(NSC_CONTEXT* context, BYTE* bmpdata, int rowstride) - { - UINT16 x; - UINT16 y; -@@ -85,10 +85,20 @@ static void nsc_encode_argb_to_aycocg(NS - UINT32 tempWidth; - UINT32 tempHeight; - -+ if (!context || bmpdata || (rowstride == 0)) -+ return FALSE; -+ - tempWidth = ROUND_UP_TO(context->width, 8); - tempHeight = ROUND_UP_TO(context->height, 2); - rw = (context->nsc_stream.ChromaSubSamplingLevel > 0 ? tempWidth : context->width); - ccl = context->nsc_stream.ColorLossLevel; -+ -+ if (context->priv->plane_buf_length < rw * rowstride) -+ return FALSE; -+ -+ if (rw < rowstride * 2) -+ return FALSE; -+ - yplane = context->priv->plane_buf[0]; - coplane = context->priv->plane_buf[1]; - cgplane = context->priv->plane_buf[2]; -@@ -196,32 +206,38 @@ static void nsc_encode_argb_to_aycocg(NS - memcpy(coplane + rw, coplane, rw); - memcpy(cgplane + rw, cgplane, rw); - } -+ -+ return TRUE; - } - --static void nsc_encode_subsampling(NSC_CONTEXT* context) -+static BOOL nsc_encode_subsampling(NSC_CONTEXT* context) - { - UINT16 x; - UINT16 y; -- BYTE* co_dst; -- BYTE* cg_dst; -- INT8* co_src0; -- INT8* co_src1; -- INT8* cg_src0; -- INT8* cg_src1; - UINT32 tempWidth; - UINT32 tempHeight; - -+ -+ if (!context) -+ return FALSE; -+ - tempWidth = ROUND_UP_TO(context->width, 8); - tempHeight = ROUND_UP_TO(context->height, 2); - -+ if (tempHeight == 0) -+ return FALSE; -+ -+ if (tempWidth > context->priv->plane_buf_length / tempHeight) -+ return FALSE; -+ - for (y = 0; y < tempHeight >> 1; y++) - { -- co_dst = context->priv->plane_buf[1] + y * (tempWidth >> 1); -- cg_dst = context->priv->plane_buf[2] + y * (tempWidth >> 1); -- co_src0 = (INT8*) context->priv->plane_buf[1] + (y << 1) * tempWidth; -- co_src1 = co_src0 + tempWidth; -- cg_src0 = (INT8*) context->priv->plane_buf[2] + (y << 1) * tempWidth; -- cg_src1 = cg_src0 + tempWidth; -+ BYTE* co_dst = context->priv->plane_buf[1] + y * (tempWidth >> 1); -+ BYTE* cg_dst = context->priv->plane_buf[2] + y * (tempWidth >> 1); -+ const INT8* co_src0 = (INT8*) context->priv->plane_buf[1] + (y << 1) * tempWidth; -+ const INT8* co_src1 = co_src0 + tempWidth; -+ const INT8* cg_src0 = (INT8*) context->priv->plane_buf[2] + (y << 1) * tempWidth; -+ const INT8* cg_src1 = cg_src0 + tempWidth; - for (x = 0; x < tempWidth >> 1; x++) - { - *co_dst++ = (BYTE) (((INT16) *co_src0 + (INT16) *(co_src0 + 1) + -@@ -234,18 +250,28 @@ static void nsc_encode_subsampling(NSC_C - cg_src1 += 2; - } - } -+ -+ return TRUE; - } - --void nsc_encode(NSC_CONTEXT* context, BYTE* bmpdata, int rowstride) -+BOOL nsc_encode(NSC_CONTEXT* context, BYTE* bmpdata, int rowstride) - { -- nsc_encode_argb_to_aycocg(context, bmpdata, rowstride); -+ if (!context || !bmpdata || (rowstride == 0)) -+ return FALSE; -+ -+ if (!nsc_encode_argb_to_aycocg(context, bmpdata, rowstride)) -+ return FALSE; -+ - if (context->nsc_stream.ChromaSubSamplingLevel > 0) - { -- nsc_encode_subsampling(context); -+ if (!nsc_encode_subsampling(context)) -+ return FALSE; - } -+ -+ return TRUE; - } - --static UINT32 nsc_rle_encode(BYTE* in, BYTE* out, UINT32 origsz) -+static UINT32 nsc_rle_encode(const BYTE* in, BYTE* out, UINT32 origsz) - { - UINT32 left; - UINT32 runlength = 1; -Index: freerdp-1.1.0~git20140921.1.440916e+dfsg1/libfreerdp/codec/nsc_sse2.c -=================================================================== ---- freerdp-1.1.0~git20140921.1.440916e+dfsg1.orig/libfreerdp/codec/nsc_sse2.c -+++ freerdp-1.1.0~git20140921.1.440916e+dfsg1/libfreerdp/codec/nsc_sse2.c -@@ -333,13 +333,15 @@ static void nsc_encode_subsampling_sse2( - } - } - --static void nsc_encode_sse2(NSC_CONTEXT* context, BYTE* bmpdata, int rowstride) -+static BOOL nsc_encode_sse2(NSC_CONTEXT* context, BYTE* bmpdata, int rowstride) - { - nsc_encode_argb_to_aycocg_sse2(context, bmpdata, rowstride); - if (context->nsc_stream.ChromaSubSamplingLevel > 0) - { - nsc_encode_subsampling_sse2(context); - } -+ -+ return TRUE; - } - - void nsc_init_sse2(NSC_CONTEXT* context) -Index: freerdp-1.1.0~git20140921.1.440916e+dfsg1/libfreerdp/codec/nsc_encode.h -=================================================================== ---- freerdp-1.1.0~git20140921.1.440916e+dfsg1.orig/libfreerdp/codec/nsc_encode.h -+++ freerdp-1.1.0~git20140921.1.440916e+dfsg1/libfreerdp/codec/nsc_encode.h -@@ -20,6 +20,6 @@ - #ifndef __NSC_ENCODE_H - #define __NSC_ENCODE_H - --void nsc_encode(NSC_CONTEXT* context, BYTE* bmpdata, int rowstride); -+BOOL nsc_encode(NSC_CONTEXT* context, BYTE* bmpdata, int rowstride); - - #endif diff --git a/CVE-2018-8789.patch b/CVE-2018-8789.patch deleted file mode 100644 index 1aec14058174..000000000000 --- a/CVE-2018-8789.patch +++ /dev/null @@ -1,27 +0,0 @@ -Backport of: - -From 2ee663f39dc8dac3d9988e847db19b2d7e3ac8c6 Mon Sep 17 00:00:00 2001 -From: Armin Novak <armin.novak@thincast.com> -Date: Mon, 22 Oct 2018 16:00:03 +0200 -Subject: [PATCH] Fixed CVE-2018-8789 - -Thanks to Eyal Itkin from Check Point Software Technologies. ---- - winpr/libwinpr/sspi/NTLM/ntlm_message.c | 24 +++++++++++++----------- - 1 file changed, 13 insertions(+), 11 deletions(-) - -Index: freerdp-1.1.0~git20140921.1.440916e+dfsg1/winpr/libwinpr/sspi/NTLM/ntlm_message.c -=================================================================== ---- freerdp-1.1.0~git20140921.1.440916e+dfsg1.orig/winpr/libwinpr/sspi/NTLM/ntlm_message.c -+++ freerdp-1.1.0~git20140921.1.440916e+dfsg1/winpr/libwinpr/sspi/NTLM/ntlm_message.c -@@ -146,6 +146,10 @@ void ntlm_read_message_fields_buffer(wSt - { - if (fields->Len > 0) - { -+ const UINT64 offset = (UINT64)fields->BufferOffset + (UINT64)fields->Len; -+ -+ if (offset > Stream_Length(s)) -+ return; - fields->Buffer = malloc(fields->Len); - Stream_SetPosition(s, fields->BufferOffset); - Stream_Read(s, fields->Buffer, fields->Len); @@ -1,113 +1,77 @@ -# Maintainer: Vladislav Petrov <ejiek@mail.ru> +# Contributor: Marcell Meszaros < marcell.meszaros AT runbox.eu > +# Contributor: Vladislav Petrov <ejiek@mail.ru> + pkgname=freerdp-1.1.0 _pkgname=freerdp +_projname=FreeRDP pkgver=1.1.0 pkgrel=2 -pkgdesc="Free RDP client version 1.1.0 with patches applied by Canonical for Ubuntu bionic version of package" +pkgdesc='RDP client legacy version 1.1.0 with patches from Ubuntu Bionic (18.04 LTS)' arch=('i686' 'x86_64') url="http://freerdp.sourceforge.net" license=('GPL') depends=('openssl-1.0' 'libxcursor' 'libcups' 'alsa-lib' 'libxext' 'libxdamage' 'ffmpeg' 'libxkbfile' 'libxinerama' 'libxv' 'libpulse') -makedepends=('git' 'krb5' 'cmake' 'xorgproto' 'xmlto' 'docbook-xsl') +makedepends=('krb5' 'cmake' 'xorgproto' 'xmlto' 'docbook-xsl') conflicts=('freerdp' 'freerdp-git') provides=('freerdp') -source=(git+https://github.com/FreeRDP/FreeRDP.git#commit=440916eae2e07463912d5fe507677e67096eb083 - 0001_fix-cmdline-parser.patch - 0002_handle-old-style-cmdline-options.patch - 0003_copy-data-when-adding-glyph-to-cache.patch - 0004_build-cmake-3.1-compatibility.patch - 0005_release-keys-when-xfreerdp-is-unfocused-to-prevent-s.patch - 0006_fix-null-cert-that-is-not-an-error.patch - 0007_Fix-build-failure-on-x32.patch - 0008-Fix-multiple-security-issues.patch - 0009-enable-TLS-12.patch - 1001_hide-internal-symbols.patch - 1002_update-pkg-config-file.patch - 1003_multi-arch-include-path.patch - 1004_64-bit-architectures.patch - 1005_parse-buffer-endianess.patch - 1006_test-unicode-endianess.patch - 1007_detect-arm-arch-correctly.patch - 1008_gcc-fPIC-on-arm64.patch - 1009_libusb-debug.patch - 1010_libudev-link.patch - 1011_ffmpeg-2.9.patch - 1012_typo-fix.patch - 1013_aligned_meminfo_alignment.patch - 2001_detect-ffmpeg-on-Debian.patch - CVE-2014-0791.patch - CVE-2018-8786.patch - CVE-2018-8787.patch - CVE-2018-8788.patch - CVE-2018-8789.patch - tsmf_ffmpeg.patch) -md5sums=('SKIP' - 'fac4007e3e7c23b97f93c705d3f2b318' - 'b07a139fb9fe6bb58fce28cb6652ad5b' - '685b9b4ec76e05e21c4c0139ff799424' - '7ad9df81edee2b0f50b31c632ed3115e' - 'ef594eee59363853c344ec264127dffe' - '68be4cb0387223439304dbb8260c8f10' - '7355210711d6b31eef62cca6dcfb47b3' - 'e6f05798bcd88dedc4088c33ce0550e8' - 'a2b13ddd61b21457493321d6cb2fdea3' - '4b234f9fd511784b5afc8b509f2a55ca' - 'e2e046945d90738180a0a74ed1f5716e' - 'f8ffb6e5892a9f4779035a643c28a69b' - 'f45f4ccbb75bc375b66c1f26516638e4' - '4d806b51c39fb31d151dd1ad2d0d7bef' - 'b00de13c7d72b7140fc7979636446aac' - 'c6e549c8ab2db539daf780e999d5defa' - '081bef0c3443f2abb4509e8827f18404' - 'b189033a55f32fe940f1643b5a848480' - '50ce07e227a119cc14f68b1e9da6e502' - '2849fc753e757b3e28242327c6e592db' - '7c373a53c8506fd14c836c45bbeefddd' - '9d1d6b827a0d6b3f8fa308b85e6917bc' - '1fcc55173b3921698b711cccc9b6594a' - '30ce3d4083ac14ca1e2d77980a0f1af7' - 'd698f5e4e65363c8a0afc6f8c3375c09' - 'eb5c448d229d5e7825e2cfc6a6bea8e5' - '5d3b8f0eb6f7c14cadc8006fd2f396ee' - '39e69a6d8932a45769f24a0c5c99e1ec' - 'ce69a20d193e9aec0a2dedd55253405f') +_commit='590fa7dbf6ecab58fb70dd57ef6d3ecfdbfc3c4f' +source=("${_projname}-${pkgver}-${_commit}.tar.gz::https://github.com/${_projname}/${_projname}/archive/${_commit}.tar.gz" + 1001_hide-internal-symbols.patch + 1002_update-pkg-config-file.patch + 1003_multi-arch-include-path.patch + 1004_64-bit-architectures.patch + 1005_parse-buffer-endianess.patch + 1006_test-unicode-endianess.patch + 1007_detect-arm-arch-correctly.patch + 1008_gcc-fPIC-on-arm64.patch + 1009_libusb-debug.patch + 1010_libudev-link.patch + 1011_ffmpeg-2.9.patch + 1012_typo-fix.patch + 1013_aligned_meminfo_alignment.patch + 2001_detect-ffmpeg-on-Debian.patch + tsmf_ffmpeg.patch) +md5sums=('1dd186838d20d757822c2daec959b7a3' + '4b234f9fd511784b5afc8b509f2a55ca' + 'e2e046945d90738180a0a74ed1f5716e' + 'f8ffb6e5892a9f4779035a643c28a69b' + 'f45f4ccbb75bc375b66c1f26516638e4' + '4d806b51c39fb31d151dd1ad2d0d7bef' + 'b00de13c7d72b7140fc7979636446aac' + 'c6e549c8ab2db539daf780e999d5defa' + '081bef0c3443f2abb4509e8827f18404' + 'b189033a55f32fe940f1643b5a848480' + '50ce07e227a119cc14f68b1e9da6e502' + '2849fc753e757b3e28242327c6e592db' + '7c373a53c8506fd14c836c45bbeefddd' + '9d1d6b827a0d6b3f8fa308b85e6917bc' + '1fcc55173b3921698b711cccc9b6594a' + 'ce69a20d193e9aec0a2dedd55253405f') prepare() { - cd $srcdir/FreeRDP - patch -Np1 -i ../0001_fix-cmdline-parser.patch - patch -Np1 -i ../0002_handle-old-style-cmdline-options.patch - patch -Np1 -i ../0003_copy-data-when-adding-glyph-to-cache.patch - patch -Np1 -i ../0004_build-cmake-3.1-compatibility.patch - patch -Np1 -i ../0005_release-keys-when-xfreerdp-is-unfocused-to-prevent-s.patch - patch -Np1 -i ../0006_fix-null-cert-that-is-not-an-error.patch - patch -Np1 -i ../0007_Fix-build-failure-on-x32.patch - patch -Np1 -i ../0008-Fix-multiple-security-issues.patch - patch -Np1 -i ../0009-enable-TLS-12.patch - patch -Np1 -i ../1001_hide-internal-symbols.patch - patch -Np1 -i ../1002_update-pkg-config-file.patch - patch -Np1 -i ../1003_multi-arch-include-path.patch - patch -Np1 -i ../1004_64-bit-architectures.patch - patch -Np1 -i ../1005_parse-buffer-endianess.patch - patch -Np1 -i ../1006_test-unicode-endianess.patch - patch -Np1 -i ../1007_detect-arm-arch-correctly.patch - patch -Np1 -i ../1008_gcc-fPIC-on-arm64.patch - patch -Np1 -i ../1009_libusb-debug.patch - patch -Np1 -i ../1010_libudev-link.patch - patch -Np1 -i ../1011_ffmpeg-2.9.patch - patch -Np1 -i ../1012_typo-fix.patch - patch -Np1 -i ../1013_aligned_meminfo_alignment.patch - patch -Np1 -i ../2001_detect-ffmpeg-on-Debian.patch - patch -Np1 -i ../CVE-2014-0791.patch - patch -Np1 -i ../CVE-2018-8786.patch - patch -Np1 -i ../CVE-2018-8787.patch - patch -Np1 -i ../CVE-2018-8788.patch - patch -Np1 -i ../CVE-2018-8789.patch - patch -Np1 -i ../tsmf_ffmpeg.patch + cd "${_projname}-${_commit}" + (set -x + patch --verbose --forward --strip=1 --unified --input=../1001_hide-internal-symbols.patch + patch --verbose --forward --strip=1 --unified --input=../1002_update-pkg-config-file.patch + patch --verbose --forward --strip=1 --unified --input=../1003_multi-arch-include-path.patch + patch --verbose --forward --strip=1 --unified --input=../1004_64-bit-architectures.patch + patch --verbose --forward --strip=1 --unified --input=../1005_parse-buffer-endianess.patch + patch --verbose --forward --strip=1 --unified --input=../1006_test-unicode-endianess.patch + patch --verbose --forward --strip=1 --unified --input=../1007_detect-arm-arch-correctly.patch + patch --verbose --forward --strip=1 --unified --input=../1008_gcc-fPIC-on-arm64.patch + patch --verbose --forward --strip=1 --unified --input=../1009_libusb-debug.patch + patch --verbose --forward --strip=1 --unified --input=../1010_libudev-link.patch + patch --verbose --forward --strip=1 --unified --input=../1011_ffmpeg-2.9.patch + patch --verbose --forward --strip=1 --unified --input=../1012_typo-fix.patch + patch --verbose --forward --strip=1 --unified --input=../1013_aligned_meminfo_alignment.patch + patch --verbose --forward --strip=1 --unified --input=../2001_detect-ffmpeg-on-Debian.patch + patch --verbose --forward --strip=1 --unified --input=../tsmf_ffmpeg.patch + ) } build() { - cd $srcdir/FreeRDP + cd "${_projname}-${_commit}" cmake \ -DCMAKE_INSTALL_PREFIX=/usr \ -DCMAKE_INSTALL_LIBDIR=lib \ @@ -121,6 +85,6 @@ build() { } package() { - cd $srcdir/FreeRDP + cd "${_projname}-${_commit}" make DESTDIR="${pkgdir}" install } |