migrate to newer git source

17 files changed, 67 insertions, 2112 deletions

diff --git a/.SRCINFO b/.SRCINFO
index fa9f847fcccb..c318e4b05106 100644
--- a/.SRCINFO
+++ b/.SRCINFO
@@ -1,12 +1,11 @@
 pkgbase = freerdp-1.1.0
-	pkgdesc = Free RDP client version 1.1.0 with patches applied by Canonical for Ubuntu bionic version of package
+	pkgdesc = RDP client legacy version 1.1.0 with patches from Ubuntu Bionic (18.04 LTS)
 	pkgver = 1.1.0
 	pkgrel = 2
 	url = http://freerdp.sourceforge.net
 	arch = i686
 	arch = x86_64
 	license = GPL
-	makedepends = git
 	makedepends = krb5
 	makedepends = cmake
 	makedepends = xorgproto
@@ -26,16 +25,7 @@ pkgbase = freerdp-1.1.0
 	provides = freerdp
 	conflicts = freerdp
 	conflicts = freerdp-git
-	source = git+https://github.com/FreeRDP/FreeRDP.git#commit=440916eae2e07463912d5fe507677e67096eb083
-	source = 0001_fix-cmdline-parser.patch
-	source = 0002_handle-old-style-cmdline-options.patch
-	source = 0003_copy-data-when-adding-glyph-to-cache.patch
-	source = 0004_build-cmake-3.1-compatibility.patch
-	source = 0005_release-keys-when-xfreerdp-is-unfocused-to-prevent-s.patch
-	source = 0006_fix-null-cert-that-is-not-an-error.patch
-	source = 0007_Fix-build-failure-on-x32.patch
-	source = 0008-Fix-multiple-security-issues.patch
-	source = 0009-enable-TLS-12.patch
+	source = FreeRDP-1.1.0-590fa7dbf6ecab58fb70dd57ef6d3ecfdbfc3c4f.tar.gz::https://github.com/FreeRDP/FreeRDP/archive/590fa7dbf6ecab58fb70dd57ef6d3ecfdbfc3c4f.tar.gz
 	source = 1001_hide-internal-symbols.patch
 	source = 1002_update-pkg-config-file.patch
 	source = 1003_multi-arch-include-path.patch
@@ -50,22 +40,8 @@ pkgbase = freerdp-1.1.0
 	source = 1012_typo-fix.patch
 	source = 1013_aligned_meminfo_alignment.patch
 	source = 2001_detect-ffmpeg-on-Debian.patch
-	source = CVE-2014-0791.patch
-	source = CVE-2018-8786.patch
-	source = CVE-2018-8787.patch
-	source = CVE-2018-8788.patch
-	source = CVE-2018-8789.patch
 	source = tsmf_ffmpeg.patch
-	md5sums = SKIP
-	md5sums = fac4007e3e7c23b97f93c705d3f2b318
-	md5sums = b07a139fb9fe6bb58fce28cb6652ad5b
-	md5sums = 685b9b4ec76e05e21c4c0139ff799424
-	md5sums = 7ad9df81edee2b0f50b31c632ed3115e
-	md5sums = ef594eee59363853c344ec264127dffe
-	md5sums = 68be4cb0387223439304dbb8260c8f10
-	md5sums = 7355210711d6b31eef62cca6dcfb47b3
-	md5sums = e6f05798bcd88dedc4088c33ce0550e8
-	md5sums = a2b13ddd61b21457493321d6cb2fdea3
+	md5sums = 1dd186838d20d757822c2daec959b7a3
 	md5sums = 4b234f9fd511784b5afc8b509f2a55ca
 	md5sums = e2e046945d90738180a0a74ed1f5716e
 	md5sums = f8ffb6e5892a9f4779035a643c28a69b
@@ -80,12 +56,6 @@ pkgbase = freerdp-1.1.0
 	md5sums = 7c373a53c8506fd14c836c45bbeefddd
 	md5sums = 9d1d6b827a0d6b3f8fa308b85e6917bc
 	md5sums = 1fcc55173b3921698b711cccc9b6594a
-	md5sums = 30ce3d4083ac14ca1e2d77980a0f1af7
-	md5sums = d698f5e4e65363c8a0afc6f8c3375c09
-	md5sums = eb5c448d229d5e7825e2cfc6a6bea8e5
-	md5sums = 5d3b8f0eb6f7c14cadc8006fd2f396ee
-	md5sums = 39e69a6d8932a45769f24a0c5c99e1ec
 	md5sums = ce69a20d193e9aec0a2dedd55253405f
 
 pkgname = freerdp-1.1.0
-
diff --git a/.gitignore b/.gitignore
new file mode 100644
index 000000000000..7334925ab911
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1,5 @@
+*
+!.gitignore
+!.SRCINFO
+!PKGBUILD
+!*.patch
diff --git a/0001_fix-cmdline-parser.patch b/0001_fix-cmdline-parser.patch
deleted file mode 100644
index 824c5ba2a9c9..000000000000
--- a/0001_fix-cmdline-parser.patch
+++ /dev/null
@@ -1,360 +0,0 @@
-Description: Command line parser fixes.
-Author: Bernhard Miklautz <bernhard.miklautz@shacknet.at>
-Abstract:
- The command line parser had serveral problems when old style syntax
- was used.
-
-diff --git a/client/common/cmdline.c b/client/common/cmdline.c
-index 3d0cc2d..34064ea 100644
---- a/client/common/cmdline.c
-+++ b/client/common/cmdline.c
-@@ -421,7 +421,7 @@ char** freerdp_command_line_parse_comma_separated_values(char* list, int* count)
- 	int index;
- 	int nCommas;
- 
--	nArgs = nCommas = 0;
-+	nCommas = 0;
- 
- 	for (index = 0; list[index]; index++)
- 		nCommas += (list[index] == ',') ? 1 : 0;
-@@ -915,8 +915,13 @@ BOOL freerdp_client_detect_command_line(int argc, char** argv, DWORD* flags)
- 	*flags |= COMMAND_LINE_SIGIL_DASH | COMMAND_LINE_SIGIL_DOUBLE_DASH;
- 	*flags |= COMMAND_LINE_SIGIL_ENABLE_DISABLE;
- 
--	if (windows_cli_count > posix_cli_count)
-+	if (posix_cli_status <= COMMAND_LINE_STATUS_PRINT)
-+		return compatibility;
-+
-+	/* Check, if this may be windows style syntax... */
-+	if ((windows_cli_count && (windows_cli_count >= posix_cli_count)) || (windows_cli_status <= COMMAND_LINE_STATUS_PRINT))
- 	{
-+		windows_cli_count = 1;
- 		*flags = COMMAND_LINE_SEPARATOR_COLON;
- 		*flags |= COMMAND_LINE_SIGIL_SLASH | COMMAND_LINE_SIGIL_PLUS_MINUS;
- 	}
-@@ -1020,8 +1025,7 @@ int freerdp_client_parse_command_line_arguments(int argc, char** argv, rdpSettin
- 				freerdp_client_command_line_pre_filter, freerdp_client_command_line_post_filter);
- 	}
- 
--
--	arg = CommandLineFindArgumentA(args, "v");
-+	CommandLineFindArgumentA(args, "v");
- 
- 	arg = args;
- 
-diff --git a/client/common/compatibility.c b/client/common/compatibility.c
-index 788b413..c7177c2 100644
---- a/client/common/compatibility.c
-+++ b/client/common/compatibility.c
-@@ -118,18 +118,25 @@ void freerdp_client_old_parse_hostname(char* str, char** ServerHostname, UINT32*
- 
- int freerdp_client_old_process_plugin(rdpSettings* settings, ADDIN_ARGV* args)
- {
-+	int args_handled = 0;
- 	if (strcmp(args->argv[0], "cliprdr") == 0)
- 	{
-+		args_handled++;
- 		settings->RedirectClipboard = TRUE;
- 		fprintf(stderr, "--plugin cliprdr -> +clipboard\n");
- 	}
- 	else if (strcmp(args->argv[0], "rdpdr") == 0)
- 	{
-+		args_handled++;
-+		if (args->argc < 2)
-+			return 1;
-+
- 		if ((strcmp(args->argv[1], "disk") == 0) ||
- 			(strcmp(args->argv[1], "drive") == 0))
- 		{
- 			freerdp_addin_replace_argument(args, "disk", "drive");
- 			freerdp_client_add_device_channel(settings, args->argc - 1, &args->argv[1]);
-+			args_handled++;
- 		}
- 		else if (strcmp(args->argv[1], "printer") == 0)
- 		{
-@@ -152,15 +159,29 @@ int freerdp_client_old_process_plugin(rdpSettings* settings, ADDIN_ARGV* args)
- 	}
- 	else if (strcmp(args->argv[0], "drdynvc") == 0)
- 	{
-+		args_handled++;
-+		if (args->argc < 2)
-+			return args_handled;
-+
- 		freerdp_client_add_dynamic_channel(settings, args->argc - 1, &args->argv[1]);
- 	}
- 	else if (strcmp(args->argv[0], "rdpsnd") == 0)
- 	{
--		freerdp_addin_replace_argument_value(args, args->argv[1], "sys", args->argv[1]);
-+		args_handled++;
-+		if (args->argc > 2)
-+		{
-+			args_handled++;
-+			freerdp_addin_replace_argument_value(args, args->argv[1], "sys", args->argv[1]);
-+		}
- 		freerdp_client_add_static_channel(settings, args->argc, args->argv);
- 	}
- 	else if (strcmp(args->argv[0], "rail") == 0)
- 	{
-+		args_handled++;
-+		if (args->argc < 2)
-+			return 1;
-+
-+		args_handled++;
- 		settings->RemoteApplicationProgram = _strdup(args->argv[1]);
- 	}
- 	else
-@@ -168,14 +189,12 @@ int freerdp_client_old_process_plugin(rdpSettings* settings, ADDIN_ARGV* args)
- 		freerdp_client_add_static_channel(settings, args->argc, args->argv);
- 	}
- 
--	return 1;
-+	return args_handled;
- }
- 
- int freerdp_client_old_command_line_pre_filter(void* context, int index, int argc, LPCSTR* argv)
- {
--	rdpSettings* settings;
--
--	settings = (rdpSettings*) context;
-+	rdpSettings* settings = (rdpSettings*) context;
- 
- 	if (index == (argc - 1))
- 	{
-@@ -191,6 +210,8 @@ int freerdp_client_old_command_line_pre_filter(void* context, int index, int arg
- 				return -1;
- 			}
- 			freerdp_client_old_parse_hostname((char*) argv[index], &settings->ServerHostname, &settings->ServerPort);
-+
-+			return 1;
- 		}
- 		else
- 		{
-@@ -215,20 +236,18 @@ int freerdp_client_old_command_line_pre_filter(void* context, int index, int arg
- 			return -1;
- 
- 		args = (ADDIN_ARGV*) malloc(sizeof(ADDIN_ARGV));
--		args->argv = (char**) malloc(sizeof(char*) * 5);
-+		args->argv = (char**) calloc(argc, sizeof(char*));
- 		args->argc = 1;
- 
--		args->argv[0] = _strdup(argv[t]);
--
- 		if ((index < argc - 1) && strcmp("--data", argv[index + 1]) == 0)
- 		{
- 			i = 0;
- 			index += 2;
--			args->argc = 1;
- 
- 			while ((index < argc) && (strcmp("--", argv[index]) != 0))
- 			{
- 				args->argc = 1;
-+				args->argv[0] = _strdup(argv[t]);
- 
- 				for (j = 0, p = (char*) argv[index]; (j < 4) && (p != NULL); j++)
- 				{
-@@ -250,8 +269,12 @@ int freerdp_client_old_command_line_pre_filter(void* context, int index, int arg
- 
- 					if (p != NULL)
- 					{
--						length = p - a;
--						args->argv[j + 1] = malloc(length + 1);
-+						p = strchr(p, ':');
-+					}
-+					if (p != NULL)
-+					{
-+						length = (int) (p - a);
-+						args->argv[j + 1] = (char*) malloc(length + 1);
- 						CopyMemory(args->argv[j + 1], a, length);
- 						args->argv[j + 1][length] = '\0';
- 						p++;
-@@ -264,20 +287,33 @@ int freerdp_client_old_command_line_pre_filter(void* context, int index, int arg
- 					args->argc++;
- 				}
- 
--				if (settings->instance)
-+				if (settings)
- 				{
- 					freerdp_client_old_process_plugin(settings, args);
- 				}
-+				for (i = 0; i < args->argc; i++)
-+					free(args->argv[i]);
-+				memset(args->argv, 0, argc * sizeof(char*));
- 
-+				for (i = 0; i < args->argc; i++)
-+					free(args->argv[i]);
-+				memset(args->argv, 0, argc * sizeof(char*));
- 				index++;
- 				i++;
- 			}
--		} else {
--				if (settings->instance)
--				{
--					freerdp_client_old_process_plugin(settings, args);
--				}
- 		}
-+		else
-+		{
-+			if (settings)
-+			{
-+				args->argv[0] = _strdup(argv[t]);
-+				freerdp_client_old_process_plugin(settings, args);
-+				free (args->argv[0]);
-+			}
-+		}
-+
-+		free(args->argv);
-+		free(args);
- 
- 		return (index - old_index);
- 	}
-diff --git a/client/common/test/CMakeLists.txt b/client/common/test/CMakeLists.txt
-index b68ac11..06c2c46 100644
---- a/client/common/test/CMakeLists.txt
-+++ b/client/common/test/CMakeLists.txt
-@@ -6,7 +6,9 @@ set(${MODULE_PREFIX}_DRIVER ${MODULE_NAME}.c)
- 
- set(${MODULE_PREFIX}_TESTS
- 	TestClientRdpFile.c
--	TestClientChannels.c)
-+	TestClientChannels.c
-+	TestClientCmdLine.c
-+	)
- 
- create_test_sourcelist(${MODULE_PREFIX}_SRCS
- 	${${MODULE_PREFIX}_DRIVER}
-@@ -15,11 +17,16 @@ create_test_sourcelist(${MODULE_PREFIX}_SRCS
- add_executable(${MODULE_NAME} ${${MODULE_PREFIX}_SRCS})
- 
- set(${MODULE_PREFIX}_LIBS ${${MODULE_PREFIX}_LIBS} freerdp-client)
-+set_complex_link_libraries(VARIABLE ${MODULE_PREFIX}_LIBS MONOLITHIC ${MONOLITHIC_BUILD}
-+		MODULE freerdp
-+		MODULES freerdp-core)
- 
- target_link_libraries(${MODULE_NAME} ${${MODULE_PREFIX}_LIBS})
- 
- set_target_properties(${MODULE_NAME} PROPERTIES RUNTIME_OUTPUT_DIRECTORY "${TESTING_OUTPUT_DIRECTORY}")
- 
-+
-+
- foreach(test ${${MODULE_PREFIX}_TESTS})
- 	get_filename_component(TestName ${test} NAME_WE)
- 	add_test(${TestName} ${TESTING_OUTPUT_DIRECTORY}/${MODULE_NAME} ${TestName})
-diff --git a/client/common/test/TestClientCmdLine.c b/client/common/test/TestClientCmdLine.c
-new file mode 100644
-index 0000000..66fb662
---- /dev/null
-+++ b/client/common/test/TestClientCmdLine.c
-@@ -0,0 +1,113 @@
-+#include <freerdp/client.h>
-+#include <freerdp/client/cmdline.h>
-+#include <freerdp/settings.h>
-+#include <winpr/cmdline.h>
-+#include <winpr/spec.h>
-+
-+#define TESTCASE(cmd, expected_return) status = freerdp_client_parse_command_line_arguments(ARRAYSIZE(cmd), cmd, settings); \
-+   if (status != expected_return) { \
-+      printf("Test argument %s failed\n", #cmd); \
-+       return -1; \
-+    }
-+
-+#define TESTCASE_SUCCESS(cmd) status = freerdp_client_parse_command_line_arguments(ARRAYSIZE(cmd), cmd, settings); \
-+   if (status < 0) { \
-+     printf("Test argument %s failed\n", #cmd); \
-+     return -1; \
-+   }
-+
-+int TestClientCmdLine(int argc, char* argv[])
-+{
-+	int status;
-+	rdpSettings* settings = freerdp_settings_new(0);
-+
-+	char* cmd1[] = {"xfreerdp", "--help"};
-+	TESTCASE(cmd1, COMMAND_LINE_STATUS_PRINT_HELP);
-+
-+	char* cmd2[] = {"xfreerdp", "/help"};
-+	TESTCASE(cmd2, COMMAND_LINE_STATUS_PRINT_HELP);
-+
-+	char* cmd3[] = {"xfreerdp", "-help"};
-+	TESTCASE(cmd3, COMMAND_LINE_STATUS_PRINT_HELP);
-+
-+	char* cmd4[] = {"xfreerdp", "--version"};
-+	TESTCASE(cmd4, COMMAND_LINE_STATUS_PRINT_VERSION);
-+
-+	char* cmd5[] = {"xfreerdp", "/version"};
-+	TESTCASE(cmd5, COMMAND_LINE_STATUS_PRINT_VERSION);
-+
-+	char* cmd6[] = {"xfreerdp", "-version"};
-+	TESTCASE(cmd6, COMMAND_LINE_STATUS_PRINT_VERSION);
-+
-+	char* cmd7[] = {"xfreerdp", "test.freerdp.com"};
-+	TESTCASE_SUCCESS(cmd7);
-+
-+	char* cmd8[] = {"xfreerdp", "-v", "test.freerdp.com"};
-+	TESTCASE_SUCCESS(cmd8);
-+
-+	char* cmd9[] = {"xfreerdp", "--v", "test.freerdp.com"};
-+	TESTCASE_SUCCESS(cmd9);
-+
-+	char* cmd10[] = {"xfreerdp", "/v:test.freerdp.com"};
-+	TESTCASE_SUCCESS(cmd10);
-+
-+	char* cmd11[] = {"xfreerdp", "--plugin", "rdpsnd", "--plugin", "rdpdr", "--data", "disk:media:/tmp", "--", "test.freerdp.com" };
-+	TESTCASE_SUCCESS(cmd11);
-+
-+	char* cmd12[] = {"xfreerdp", "/sound", "/drive:media:/tmp", "/v:test.freerdp.com" };
-+	TESTCASE_SUCCESS(cmd12);
-+
-+	// password gets overwritten therefore it need to be writeable
-+	char* cmd13[6] = {"xfreerdp", "-u", "test", "-p", "test", "test.freerdp.com"};
-+	cmd13[4] = malloc(5);
-+	strncpy(cmd13[4], "test", 4);
-+	TESTCASE_SUCCESS(cmd13);
-+	free(cmd13[4]);
-+
-+	char* cmd14[] = {"xfreerdp", "-u", "test", "-p", "test", "-v", "test.freerdp.com"};
-+	cmd14[4] = malloc(5);
-+	strncpy(cmd14[4], "test", 4);
-+	TESTCASE_SUCCESS(cmd14);
-+	free(cmd14[4]);
-+
-+	char* cmd15[] = {"xfreerdp", "/u:test", "/p:test", "/v:test.freerdp.com"};
-+	cmd15[2] = malloc(7);
-+	strncpy(cmd15[2], "/p:test", 6);
-+	TESTCASE_SUCCESS(cmd15);
-+	free(cmd15[2]);
-+
-+#if 0
-+	char* cmd16[] = {"xfreerdp", "-invalid"};
-+	TESTCASE(cmd16, COMMAND_LINE_ERROR_NO_KEYWORD);
-+
-+	char* cmd17[] = {"xfreerdp", "--invalid"};
-+	TESTCASE(cmd17, COMMAND_LINE_ERROR_NO_KEYWORD);
-+#endif
-+
-+	char* cmd18[] = {"xfreerdp", "/kbd-list"};
-+	TESTCASE(cmd18, COMMAND_LINE_STATUS_PRINT);
-+
-+	char* cmd19[] = {"xfreerdp", "/monitor-list"};
-+	TESTCASE(cmd19, COMMAND_LINE_STATUS_PRINT);
-+
-+	/* 
-+	 * Faulty command misses -- after data and the data for disk is incorrect
-+	 * This tests was added because it caused a segfault
-+	 * The command line is "valid" but disk isn't initialized correctly 
-+	 */
-+	char* cmd20[] = { "xfreerdp", "-g", "1920x1200", "-d", "domain", "-u", "username", "-D", "-a", "16", "--plugin", "rdpsnd", "--plugin", "rdpdr", "-data", "disk", "media", "/home/username/media/", "-x", "l", "--rfx", "--ignore-certificate", "--plugin", "cliprdr", "some.host.name.com"};
-+	TESTCASE_SUCCESS(cmd20);
-+
-+	/* Command misses -- for data */
-+	char* cmd21[] = { "xfreerdp", "-g", "1920x1200", "-d", "domain", "-u", "username", "-D", "-a", "16", "--plugin", "rdpsnd", "--plugin", "rdpdr", "--data", "disk:media:/home/username/media/", "-x", "l", "--rfx", "--ignore-certificate", "--plugin", "cliprdr", "xxx"};
-+	TESTCASE_SUCCESS(cmd21);
-+	if (settings->ServerHostname && !strcmp(settings->ServerHostname, "xxx")){
-+		printf("cmd21 problem - hostname shoudn't be set because -- is missing after data (status %d - %s)", status, settings->ServerHostname);
-+		return -1;
-+	}
-+	char* cmd22[] = { "xfreerdp", "-g", "1920x1200", "-d", "domain", "-u", "username", "-D", "-a", "16", "--plugin", "rdpsnd", "--plugin", "rdpdr", "--data", "disk:media:/home/username/media/", "--", "-x", "l", "--rfx", "--ignore-certificate", "--plugin", "cliprdr", "some.host.name.com"};
-+	TESTCASE_SUCCESS(cmd22);
-+
-+	return 0;
-+}
-+
diff --git a/0002_handle-old-style-cmdline-options.patch b/0002_handle-old-style-cmdline-options.patch
deleted file mode 100644
index 6fdb52f7dd18..000000000000
--- a/0002_handle-old-style-cmdline-options.patch
+++ /dev/null
@@ -1,64 +0,0 @@
-From 85856224f63cd6e356a386f096156ff85e2f64e9 Mon Sep 17 00:00:00 2001
-From: Bernhard Miklautz <bernhard.miklautz@thincast.com>
-Date: Tue, 10 Mar 2015 13:10:39 +0100
-Subject: [PATCH] settings: handle collection_add in detection case
-
-Command line detection is run with dummy settings where not everything
-is allocated. Collections (device, dynamic channel and static
-channel) didn't handle this case properly.
-
-(cherry picked from commit e9985c20938954f7df8f57b43c30c74c9d480dde)
-
-Conflicts:
-    client/common/test/TestClientCmdLine.c
----
- client/common/test/TestClientCmdLine.c | 5 +++++
- libfreerdp/common/settings.c           | 9 +++++++++
- 2 files changed, 14 insertions(+)
-
---- a/client/common/test/TestClientCmdLine.c
-+++ b/client/common/test/TestClientCmdLine.c
-@@ -108,6 +108,11 @@
- 	char* cmd22[] = { "xfreerdp", "-g", "1920x1200", "-d", "domain", "-u", "username", "-D", "-a", "16", "--plugin", "rdpsnd", "--plugin", "rdpdr", "--data", "disk:media:/home/username/media/", "--", "-x", "l", "--rfx", "--ignore-certificate", "--plugin", "cliprdr", "some.host.name.com"};
- 	TESTCASE_SUCCESS(cmd22);
- 
-+#if 0
-+	char* cmd23[] = {"xfreerdp -z --plugin cliprdr --plugin rdpsnd --data alsa latency:100 -- --plugin rdpdr --data disk:w7share:/home/w7share -- --plugin drdynvc --data tsmf:decoder:gstreamer -- -u test host.example.com"};
-+	TESTCASE(cmd23, COMMAND_LINE_STATUS_PRINT);
-+#endif
-+
- 	return 0;
- }
- 
---- a/libfreerdp/common/settings.c
-+++ b/libfreerdp/common/settings.c
-@@ -135,6 +135,9 @@
- 
- void freerdp_device_collection_add(rdpSettings* settings, RDPDR_DEVICE* device)
- {
-+	if (!settings->DeviceArray)
-+		return;
-+
- 	if (settings->DeviceArraySize < (settings->DeviceCount + 1))
- 	{
- 		settings->DeviceArraySize *= 2;
-@@ -204,6 +207,9 @@
- 
- void freerdp_static_channel_collection_add(rdpSettings* settings, ADDIN_ARGV* channel)
- {
-+	if (!settings->StaticChannelArray)
-+		return;
-+
- 	if (settings->StaticChannelArraySize < (settings->StaticChannelCount + 1))
- 	{
- 		settings->StaticChannelArraySize *= 2;
-@@ -252,6 +258,9 @@
- 
- void freerdp_dynamic_channel_collection_add(rdpSettings* settings, ADDIN_ARGV* channel)
- {
-+	if (!settings->DynamicChannelArray)
-+		return;
-+
- 	if (settings->DynamicChannelArraySize < (settings->DynamicChannelCount + 1))
- 	{
- 		settings->DynamicChannelArraySize *= 2;
diff --git a/0003_copy-data-when-adding-glyph-to-cache.patch b/0003_copy-data-when-adding-glyph-to-cache.patch
deleted file mode 100644
index 8e553f4d112e..000000000000
--- a/0003_copy-data-when-adding-glyph-to-cache.patch
+++ /dev/null
@@ -1,106 +0,0 @@
-From daea54925b2e8c7606eb22e65ab6b2397306363b Mon Sep 17 00:00:00 2001
-From: Bernhard Miklautz <bmiklautz@thinstuff.at>
-Date: Tue, 24 Sep 2013 23:25:18 +0200
-Subject: [PATCH] core/glyph: copy data when adding glyph to cache
-
-fixes #2439
-
-(cherry picked from commit c99d9ee72bae06d19a15cce46eb4f3230a97f296)
----
- libfreerdp/cache/glyph.c | 15 +++++----------
- libfreerdp/core/orders.c |  4 ++--
- libfreerdp/core/update.c |  2 ++
- 3 files changed, 9 insertions(+), 12 deletions(-)
-
---- a/libfreerdp/cache/glyph.c
-+++ b/libfreerdp/cache/glyph.c
-@@ -279,7 +279,7 @@
- 	if (y == -32768)
- 		y = fast_glyph->bkTop;
- 
--	if (fast_glyph->cbData > 1)
-+	if (fast_glyph->cbData > 1 && NULL != fast_glyph->glyphData.aj)
- 	{
- 		/* got option font that needs to go into cache */
- 		glyph_data = &fast_glyph->glyphData;
-@@ -290,7 +290,8 @@
- 		glyph->cx = glyph_data->cx;
- 		glyph->cy = glyph_data->cy;
- 		glyph->cb = glyph_data->cb;
--		glyph->aj = glyph_data->aj;
-+		glyph->aj = malloc(glyph_data->cb);
-+		CopyMemory(glyph->aj, glyph_data->aj, glyph->cb);
- 		Glyph_New(context, glyph);
- 
- 		glyph_cache_put(cache->glyph, fast_glyph->cacheId, fast_glyph->data[0], glyph);
-@@ -370,16 +371,14 @@
- 
- 	if (index > glyph_cache->glyphCache[id].number)
- 	{
--		fprintf(stderr, "invalid glyph cache index: %d in cache id: %d\n", index, id);
-+		fprintf(stderr, "index %d out of range for cache id: %d\n", index, id);
- 		return NULL;
- 	}
- 
- 	glyph = glyph_cache->glyphCache[id].entries[index];
- 
- 	if (glyph == NULL)
--	{
--		fprintf(stderr, "invalid glyph at cache index: %d in cache id: %d\n", index, id);
--	}
-+		fprintf(stderr, "no glyph found at cache index: %d in cache id: %d\n", index, id);
- 
- 	return glyph;
- }
-@@ -420,9 +419,7 @@
- 	*size = (BYTE) glyph_cache->fragCache.entries[index].size;
- 
- 	if (fragment == NULL)
--	{
- 		fprintf(stderr, "invalid glyph fragment at index:%d\n", index);
--	}
- 
- 	return fragment;
- }
-@@ -437,9 +434,7 @@
- 	glyph_cache->fragCache.entries[index].size = size;
- 
- 	if (prevFragment != NULL)
--	{
- 		free(prevFragment);
--	}
- }
- 
- void glyph_cache_register_callbacks(rdpUpdate* update)
---- a/libfreerdp/core/orders.c
-+++ b/libfreerdp/core/orders.c
-@@ -485,9 +485,7 @@
- 		Stream_Write_UINT8(s, byte);
- 	}
- 	else
--	{
- 		return FALSE;
--	}
- 
- 	return TRUE;
- }
-@@ -1670,6 +1668,8 @@
- 			if (Stream_GetRemainingLength(s) < glyph->cb)
- 				return FALSE;
- 
-+			if (glyph->aj)
-+				free(glyph->aj);
- 			glyph->aj = (BYTE*) malloc(glyph->cb);
- 			Stream_Read(s, glyph->aj, glyph->cb);
- 		}
---- a/libfreerdp/core/update.c
-+++ b/libfreerdp/core/update.c
-@@ -1596,6 +1596,8 @@
- 
- 		free(update->primary->polyline.points);
- 		free(update->primary->polygon_sc.points);
-+		if (NULL != update->primary->fast_glyph.glyphData.aj)
-+			free(update->primary->fast_glyph.glyphData.aj);
- 		free(update->primary);
- 
- 		free(update->secondary);
diff --git a/0004_build-cmake-3.1-compatibility.patch b/0004_build-cmake-3.1-compatibility.patch
deleted file mode 100644
index 71df3ec5be16..000000000000
--- a/0004_build-cmake-3.1-compatibility.patch
+++ /dev/null
@@ -1,78 +0,0 @@
-From 1b663ceffe51008af7ae9749e5b7999b2f7d6698 Mon Sep 17 00:00:00 2001
-From: Bernhard Miklautz <bernhard.miklautz@shacknet.at>
-Date: Fri, 12 Dec 2014 18:26:45 +0100
-Subject: [PATCH] build: cmake 3.1 compatibility
-
-* fix problem with REMOVE_DUPLICATES on undefined lists
-* since 3.1 file(GLOB FILEPATHS RELATIVE .. returns single / instead of // as
-  previously - necessary adoptions for regex and matches done. Should
-	work with all cmake versions.
-
-Tested with 3.1.0-rc3
-
-Origin: upstream, https://github.com/FreeRDP/FreeRDP/commit/1b663ceffe51008af7ae9749e5b7999b2f7d6698?diff=unified
-
-diff --git a/channels/CMakeLists.txt b/channels/CMakeLists.txt
-index d9e8402..006e50f 100644
---- a/channels/CMakeLists.txt
-+++ b/channels/CMakeLists.txt
-@@ -202,8 +202,8 @@ set(FILENAME "ChannelOptions.cmake")
- file(GLOB FILEPATHS RELATIVE ${CMAKE_CURRENT_SOURCE_DIR} "*/${FILENAME}")
- 
- foreach(FILEPATH ${FILEPATHS})
--	if(${FILEPATH} MATCHES "^([^/]*)//${FILENAME}")
--		string(REGEX REPLACE "^([^/]*)//${FILENAME}" "\\1" DIR ${FILEPATH})
-+	if(${FILEPATH} MATCHES "^([^/]*)/+${FILENAME}")
-+		string(REGEX REPLACE "^([^/]*)/+${FILENAME}" "\\1" DIR ${FILEPATH})
- 		set(CHANNEL_OPTION)
- 		include(${FILEPATH})
- 		if(${CHANNEL_OPTION})
-diff --git a/channels/client/CMakeLists.txt b/channels/client/CMakeLists.txt
-index fc42466..a78cdeb 100644
---- a/channels/client/CMakeLists.txt
-+++ b/channels/client/CMakeLists.txt
-@@ -30,7 +30,9 @@ set(${MODULE_PREFIX}_SRCS
- 	${CMAKE_CURRENT_SOURCE_DIR}/channels.c
- 	${CMAKE_CURRENT_SOURCE_DIR}/channels.h)
- 
-+if(CHANNEL_STATIC_CLIENT_ENTRIES)
- list(REMOVE_DUPLICATES CHANNEL_STATIC_CLIENT_ENTRIES)
-+endif()
- 
- foreach(STATIC_ENTRY ${CHANNEL_STATIC_CLIENT_ENTRIES})
- 	foreach(STATIC_MODULE ${CHANNEL_STATIC_CLIENT_MODULES})
-diff --git a/third-party/CMakeLists.txt b/third-party/CMakeLists.txt
-index 09b1fd4..610f35e 100644
---- a/third-party/CMakeLists.txt
-+++ b/third-party/CMakeLists.txt
-@@ -22,11 +22,11 @@
- file(GLOB all_valid_subdirs RELATIVE ${CMAKE_CURRENT_SOURCE_DIR} "*/CMakeLists.txt")
- 
- foreach(dir ${all_valid_subdirs})
--	if(${dir} MATCHES "^([^/]*)//CMakeLists.txt")
--		string(REGEX REPLACE "^([^/]*)//CMakeLists.txt" "\\1" dir_trimmed ${dir})
-+	if(${dir} MATCHES "^([^/]*)/+CMakeLists.txt")
-+		string(REGEX REPLACE "^([^/]*)/+CMakeLists.txt" "\\1" dir_trimmed ${dir})
- 		message(STATUS "Adding third-party component ${dir_trimmed}")
- 		add_subdirectory(${dir_trimmed})
- 	endif()
- endforeach(dir)
- 
--set(THIRD_PARTY_INCLUDES ${THIRD_PARTY_INCLUDES} PARENT_SCOPE)
-\ No newline at end of file
-+set(THIRD_PARTY_INCLUDES ${THIRD_PARTY_INCLUDES} PARENT_SCOPE)
-diff --git a/winpr/libwinpr/CMakeLists.txt b/winpr/libwinpr/CMakeLists.txt
-index fdb2bda..7e1603b 100644
---- a/winpr/libwinpr/CMakeLists.txt
-+++ b/winpr/libwinpr/CMakeLists.txt
-@@ -32,8 +32,8 @@ set(FILENAME "ModuleOptions.cmake")
- file(GLOB FILEPATHS RELATIVE ${CMAKE_CURRENT_SOURCE_DIR} "*/${FILENAME}")
- 
- foreach(FILEPATH ${FILEPATHS})
--	if(${FILEPATH} MATCHES "^([^/]*)//${FILENAME}")
--		string(REGEX REPLACE "^([^/]*)//${FILENAME}" "\\1" ${MODULE_PREFIX}_SUBMODULE ${FILEPATH})
-+	if(${FILEPATH} MATCHES "^([^/]*)/+${FILENAME}")
-+		string(REGEX REPLACE "^([^/]*)/+${FILENAME}" "\\1" ${MODULE_PREFIX}_SUBMODULE ${FILEPATH})
- 		set(${MODULE_PREFIX}_SUBMODULES ${${MODULE_PREFIX}_SUBMODULES} ${${MODULE_PREFIX}_SUBMODULE})
- 	endif()
- endforeach(FILEPATH)
diff --git a/0005_release-keys-when-xfreerdp-is-unfocused-to-prevent-s.patch b/0005_release-keys-when-xfreerdp-is-unfocused-to-prevent-s.patch
deleted file mode 100644
index e45c21c9af0a..000000000000
--- a/0005_release-keys-when-xfreerdp-is-unfocused-to-prevent-s.patch
+++ /dev/null
@@ -1,42 +0,0 @@
->From ffa7f0363fa4f0770d0f1ac451d7a5e87d415d7b Mon Sep 17 00:00:00 2001
-From: Seray Rosh <seray.rosh@web.de>
-Date: Fri, 27 Feb 2015 16:02:40 +0100
-Subject: [PATCH] fix #778650: release keys when xfreerdp is unfocused to prevent stuck keys
-
-This fixes https://bugs.debian.org/778650
-Originated from https://github.com/FreeRDP/FreeRDP/pull/2430
-Cherry picked from upstream commit ffa7f0363fa4f0770d0f1ac451d7a5e87d415d7b, ported for debian/1.1.0~git20140921.1.440916e+dfsg1-5
-
----
-
-Signed-off-by: Petr Vorel <petr.vorel@gmail.com>
----
- client/X11/xf_event.c    | 1 +
- client/X11/xf_keyboard.c | 6 ++++++
- 2 files changed, 7 insertions(+)
-
---- a/client/X11/xf_event.c
-+++ b/client/X11/xf_event.c
-@@ -456,6 +456,7 @@
- 	if (event->xfocus.mode == NotifyWhileGrabbed)
- 		XUngrabKeyboard(xfc->display, CurrentTime);
- 
-+	xf_kbd_release_all_keypress(xfc);
- 	xf_kbd_clear(xfc);
- 
- 	if (app)
---- a/client/X11/xf_keyboard.c
-+++ b/client/X11/xf_keyboard.c
-@@ -75,6 +75,12 @@
- 		if (xfc->pressed_keys[keycode] != NoSymbol)
- 		{
- 			rdp_scancode = freerdp_keyboard_get_rdp_scancode_from_x11_keycode(keycode);
-+
-+			// release tab before releasing the windows key.
-+			// this stops the start menu from opening on unfocus event.
-+			if (rdp_scancode == RDP_SCANCODE_LWIN)
-+				freerdp_input_send_keyboard_event_ex(xfc->instance->input, FALSE, RDP_SCANCODE_TAB);
-+
- 			freerdp_input_send_keyboard_event_ex(xfc->instance->input, FALSE, rdp_scancode);
- 			xfc->pressed_keys[keycode] = NoSymbol;
- 		}
diff --git a/0006_fix-null-cert-that-is-not-an-error.patch b/0006_fix-null-cert-that-is-not-an-error.patch
deleted file mode 100644
index c336c8460ef4..000000000000
--- a/0006_fix-null-cert-that-is-not-an-error.patch
+++ /dev/null
@@ -1,29 +0,0 @@
-From 603a6378fffd43a67e14ead860bcf9196be6979e Mon Sep 17 00:00:00 2001
-From: Hardening <rdp.effort@gmail.com>
-Date: Wed, 7 May 2014 16:12:38 +0200
-Subject: [PATCH] Fix null certificate that is not an error
-
-v2: Backported to 1.1.0~git20140921.1.440916e+dfsg1-5 by Mike Gabriel <mike.gabriel@das-netzwerkteam.de>
----
- libfreerdp/core/certificate.c | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
---- a/libfreerdp/core/certificate.c
-+++ b/libfreerdp/core/certificate.c
-@@ -568,15 +568,12 @@
- 	UINT32 dwVersion;
- 	int status = 1;
- 
--	if (length < 1)
-+	if (length < 4)
- 	{
- 		DEBUG_CERTIFICATE("null server certificate\n");
- 		return 0;
- 	}
- 
--	if (length < 4)
--		return -1;
--
- 	s = Stream_New(server_cert, length);
- 
- 	Stream_Read_UINT32(s, dwVersion); /* dwVersion (4 bytes) */
diff --git a/0007_Fix-build-failure-on-x32.patch b/0007_Fix-build-failure-on-x32.patch
deleted file mode 100644
index 2962d69f4bd4..000000000000
--- a/0007_Fix-build-failure-on-x32.patch
+++ /dev/null
@@ -1,32 +0,0 @@
->From 15d5037df438e60f2c5439184dbe7ea232cbd100 Mon Sep 17 00:00:00 2001
-From: Adam Borowski <kilobyte@angband.pl>
-Date: Thu, 29 Jan 2015 05:50:12 +0100
-Subject: [PATCH] Fix build failure on x32.
-
-Unlike i386, x32 can't accept -march=i686 but wants -fPIC, same as amd64
-(both are x86_64 ABIs after all).  Thus, check for the __x86_64__ define
-instead of pointer width.
----
- CMakeLists.txt | 4 +++-
- 1 file changed, 3 insertions(+), 1 deletion(-)
-
---- a/CMakeLists.txt
-+++ b/CMakeLists.txt
-@@ -33,6 +33,7 @@
- # Include cmake modules
- include(CheckIncludeFiles)
- include(CheckLibraryExists)
-+include(CheckSymbolExists)
- include(CheckStructHasMember)
- include(CMakeDetermineSystem)
- include(FindPkgConfig)
-@@ -112,7 +113,8 @@
- # Compiler-specific flags
- if(CMAKE_COMPILER_IS_GNUCC)
- 	if(CMAKE_SYSTEM_PROCESSOR MATCHES "x86_64" OR CMAKE_SYSTEM_PROCESSOR MATCHES "i686")
--		if(CMAKE_SIZEOF_VOID_P EQUAL 8)
-+		CHECK_SYMBOL_EXISTS(__x86_64__ "" IS_X86_64)
-+		if(IS_X86_64)
- 			set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -fPIC")
- 		else()
- 			set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -march=i686")
diff --git a/0008-Fix-multiple-security-issues.patch b/0008-Fix-multiple-security-issues.patch
deleted file mode 100644
index df9004bfe45e..000000000000
--- a/0008-Fix-multiple-security-issues.patch
+++ /dev/null
@@ -1,756 +0,0 @@
-From 03ab68318966c3a22935a02838daaea7b7fbe96c Mon Sep 17 00:00:00 2001
-From: Bernhard Miklautz <bernhard.miklautz@thincast.com>
-Date: Thu, 27 Jul 2017 13:24:37 +0200
-Subject: [PATCH] Fix multiple security issues
-
-Fix the following issues identified by the CISCO TALOS project:
-
-* TALOS-2017-0336 CVE-2017-2834
-* TALOS-2017-0337 CVE-2017-2835
-* TALOS-2017-0338 CVE-2017-2836
-* TALOS-2017-0339 CVE-2017-2837
-* TALOS-2017-0340 CVE-2017-2838
-* TALOS-2017-0341 CVE-2017-2839
-
-Backported based on commit 8292b4558f0684065ce1f58db7783cc426099223.
----
- libfreerdp/core/capabilities.c |  4 +--
- libfreerdp/core/certificate.c  | 18 ++++++++-----
- libfreerdp/core/certificate.h  |  2 +-
- libfreerdp/core/connection.c   | 17 ++++++------
- libfreerdp/core/gcc.c          | 60 ++++++++++++++++++++++++------------------
- libfreerdp/core/info.c         |  4 +--
- libfreerdp/core/license.c      | 39 ++++++++++++++++++++-------
- libfreerdp/core/mcs.c          | 17 +++++++++---
- libfreerdp/core/nego.c         |  8 +++---
- libfreerdp/core/peer.c         |  4 +--
- libfreerdp/core/rdp.c          | 37 ++++++++++++++++++++------
- libfreerdp/core/rdp.h          |  4 +--
- libfreerdp/core/security.c     | 12 ++++-----
- libfreerdp/core/security.h     | 12 ++++-----
- libfreerdp/core/surface.c      |  2 +-
- libfreerdp/core/tpkt.c         | 22 ++++++++++++----
- libfreerdp/core/tpkt.h         |  2 +-
- libfreerdp/core/transport.c    |  6 ++++-
- 18 files changed, 174 insertions(+), 96 deletions(-)
-
-diff --git a/libfreerdp/core/capabilities.c b/libfreerdp/core/capabilities.c
-index 4d69b4e..0e3b0de 100644
---- a/libfreerdp/core/capabilities.c
-+++ b/libfreerdp/core/capabilities.c
-@@ -3341,12 +3341,12 @@ BOOL rdp_recv_get_active_header(rdpRdp* rdp, wStream* s, UINT16* pChannelId)
- 
- 	if (rdp->settings->DisableEncryption)
- 	{
--		if (!rdp_read_security_header(s, &securityFlags))
-+		if (!rdp_read_security_header(s, &securityFlags, &length))
- 			return FALSE;
- 
- 		if (securityFlags & SEC_ENCRYPT)
- 		{
--			if (!rdp_decrypt(rdp, s, length - 4, securityFlags))
-+			if (!rdp_decrypt(rdp, s, length, securityFlags))
- 			{
- 				fprintf(stderr, "rdp_decrypt failed\n");
- 				return FALSE;
-diff --git a/libfreerdp/core/certificate.c b/libfreerdp/core/certificate.c
-index 6a28ab3..9a36abe 100644
---- a/libfreerdp/core/certificate.c
-+++ b/libfreerdp/core/certificate.c
-@@ -327,10 +327,10 @@ static BOOL certificate_process_server_public_key(rdpCertificate* certificate, w
- 	UINT32 keylen;
- 	UINT32 bitlen;
- 	UINT32 datalen;
--	UINT32 modlen;
- 
- 	if (Stream_GetRemainingLength(s) < 20)
- 		return FALSE;
-+
- 	Stream_Read(s, magic, 4);
- 
- 	if (memcmp(magic, "RSA1", 4) != 0)
-@@ -343,12 +343,16 @@ static BOOL certificate_process_server_public_key(rdpCertificate* certificate, w
- 	Stream_Read_UINT32(s, bitlen);
- 	Stream_Read_UINT32(s, datalen);
- 	Stream_Read(s, certificate->cert_info.exponent, 4);
--	modlen = keylen - 8;
- 
--	if (Stream_GetRemainingLength(s) < modlen + 8)	// count padding
-+	if ((keylen <= 8) || (Stream_GetRemainingLength(s) < keylen))
- 		return FALSE;
--	certificate->cert_info.ModulusLength = modlen;
-+
-+	certificate->cert_info.ModulusLength = keylen - 8;
- 	certificate->cert_info.Modulus = malloc(certificate->cert_info.ModulusLength);
-+
-+	if (!certificate->cert_info.Modulus)
-+		return FALSE;
-+
- 	Stream_Read(s, certificate->cert_info.Modulus, certificate->cert_info.ModulusLength);
- 	/* 8 bytes of zero padding */
- 	Stream_Seek(s, 8);
-@@ -500,7 +504,7 @@ BOOL certificate_read_server_proprietary_certificate(rdpCertificate* certificate
- 
- BOOL certificate_read_server_x509_certificate_chain(rdpCertificate* certificate, wStream* s)
- {
--	int i;
-+	UINT32 i;
- 	UINT32 certLength;
- 	UINT32 numCertBlobs;
- 	BOOL ret;
-@@ -513,7 +517,7 @@ BOOL certificate_read_server_x509_certificate_chain(rdpCertificate* certificate,
- 
- 	certificate->x509_cert_chain = certificate_new_x509_certificate_chain(numCertBlobs);
- 
--	for (i = 0; i < (int) numCertBlobs; i++)
-+	for (i = 0; i < numCertBlobs; i++)
- 	{
- 		if (Stream_GetRemainingLength(s) < 4)
- 			return FALSE;
-@@ -562,7 +566,7 @@ BOOL certificate_read_server_x509_certificate_chain(rdpCertificate* certificate,
-  * @param length certificate length
-  */
- 
--int certificate_read_server_certificate(rdpCertificate* certificate, BYTE* server_cert, int length)
-+int certificate_read_server_certificate(rdpCertificate* certificate, BYTE* server_cert, size_t length)
- {
- 	wStream* s;
- 	UINT32 dwVersion;
-diff --git a/libfreerdp/core/certificate.h b/libfreerdp/core/certificate.h
-index 5008bb4..fb818f5 100644
---- a/libfreerdp/core/certificate.h
-+++ b/libfreerdp/core/certificate.h
-@@ -50,7 +50,7 @@ void certificate_free_x509_certificate_chain(rdpX509CertChain* x509_cert_chain);
- 
- BOOL certificate_read_server_proprietary_certificate(rdpCertificate* certificate, wStream* s);
- BOOL certificate_read_server_x509_certificate_chain(rdpCertificate* certificate, wStream* s);
--int certificate_read_server_certificate(rdpCertificate* certificate, BYTE* server_cert, int length);
-+int certificate_read_server_certificate(rdpCertificate* certificate, BYTE* server_cert, size_t length);
- 
- rdpCertificate* certificate_new(void);
- void certificate_free(rdpCertificate* certificate);
-diff --git a/libfreerdp/core/connection.c b/libfreerdp/core/connection.c
-index 9c4c3d7..7e6b2bd 100644
---- a/libfreerdp/core/connection.c
-+++ b/libfreerdp/core/connection.c
-@@ -77,19 +77,18 @@ BOOL rdp_client_connect(rdpRdp* rdp)
- 
- 	if (settings->GatewayEnabled)
- 	{
--        char* user;
-+		char* user = NULL;
- 		char* domain;
- 		char* cookie;
--        int user_length = 0;
-+		int user_length = 0;
- 		int domain_length;
- 		int cookie_length;
- 
--
--        if (settings->Username)
--        {
--            user = settings->Username;
--            user_length = strlen(settings->Username);
--        }
-+		if (settings->Username)
-+		{
-+			user = settings->Username;
-+			user_length = strlen(settings->Username);
-+		}
- 
- 		if (settings->Domain)
- 			domain = settings->Domain;
-@@ -365,7 +364,7 @@ static BOOL rdp_server_establish_keys(rdpRdp* rdp, wStream* s)
- 		return FALSE;
- 	}
- 
--	if (!rdp_read_security_header(s, &sec_flags))
-+	if (!rdp_read_security_header(s, &sec_flags, NULL))
- 		return FALSE;
- 
- 	if ((sec_flags & SEC_EXCHANGE_PKT) == 0)
-diff --git a/libfreerdp/core/gcc.c b/libfreerdp/core/gcc.c
-index 316f4f9..27def74 100644
---- a/libfreerdp/core/gcc.c
-+++ b/libfreerdp/core/gcc.c
-@@ -830,6 +830,7 @@ BOOL gcc_read_server_security_data(wStream* s, rdpSettings* settings)
- 
- 	if (Stream_GetRemainingLength(s) < 8)
- 		return FALSE;
-+
- 	Stream_Read_UINT32(s, settings->EncryptionMethods); /* encryptionMethod */
- 	Stream_Read_UINT32(s, settings->EncryptionLevel); /* encryptionLevel */
- 
-@@ -844,43 +845,50 @@ BOOL gcc_read_server_security_data(wStream* s, rdpSettings* settings)
- 
- 	if (Stream_GetRemainingLength(s) < 8)
- 		return FALSE;
-+
- 	Stream_Read_UINT32(s, settings->ServerRandomLength); /* serverRandomLen */
- 	Stream_Read_UINT32(s, settings->ServerCertificateLength); /* serverCertLen */
- 
--	if (Stream_GetRemainingLength(s) < settings->ServerRandomLength + settings->ServerCertificateLength)
-+	if (settings->ServerRandomLength == 0 || settings->ServerCertificateLength == 0)
- 		return FALSE;
- 
--	if (settings->ServerRandomLength > 0)
--	{
--		/* serverRandom */
--		settings->ServerRandom = (BYTE*) malloc(settings->ServerRandomLength);
--		Stream_Read(s, settings->ServerRandom, settings->ServerRandomLength);
--	}
--	else
--	{
-+	if (Stream_GetRemainingLength(s) < settings->ServerRandomLength)
- 		return FALSE;
--	}
- 
--	if (settings->ServerCertificateLength > 0)
--	{
--		/* serverCertificate */
--		settings->ServerCertificate = (BYTE*) malloc(settings->ServerCertificateLength);
--		Stream_Read(s, settings->ServerCertificate, settings->ServerCertificateLength);
-+	/* serverRandom */
-+	settings->ServerRandom = (BYTE*) malloc(settings->ServerRandomLength);
-+	if (!settings->ServerRandom)
-+		return FALSE;
-+	Stream_Read(s, settings->ServerRandom, settings->ServerRandomLength);
- 
--		certificate_free(settings->RdpServerCertificate);
--		settings->RdpServerCertificate = certificate_new();
--		data = settings->ServerCertificate;
--		length = settings->ServerCertificateLength;
-+	/* serverCertificate */
-+	if(Stream_GetRemainingLength(s) < settings->ServerCertificateLength)
-+		goto out_fail1;
-+	settings->ServerCertificate = (BYTE*) malloc(settings->ServerCertificateLength);
-+	if (!settings->ServerCertificate)
-+		goto out_fail1;
- 
--		if (certificate_read_server_certificate(settings->RdpServerCertificate, data, length) < 1)
--			return FALSE;
--	}
--	else
--	{
--		return FALSE;
--	}
-+	Stream_Read(s, settings->ServerCertificate, settings->ServerCertificateLength);
-+	certificate_free(settings->RdpServerCertificate);
-+	settings->RdpServerCertificate = certificate_new();
-+	if (!settings->RdpServerCertificate)
-+		goto out_fail2;
-+
-+	data = settings->ServerCertificate;
-+	length = settings->ServerCertificateLength;
-+
-+	if (certificate_read_server_certificate(settings->RdpServerCertificate, data, length) < 1)
-+		goto out_fail2;
- 
- 	return TRUE;
-+
-+	out_fail2:
-+		free(settings->ServerCertificate);
-+		settings->ServerCertificate = NULL;
-+	out_fail1:
-+		free(settings->ServerRandom);
-+		settings->ServerRandom = NULL;
-+		return FALSE;
- }
- 
- static const BYTE initial_signature[] =
-diff --git a/libfreerdp/core/info.c b/libfreerdp/core/info.c
-index 11435ef..7717731 100644
---- a/libfreerdp/core/info.c
-+++ b/libfreerdp/core/info.c
-@@ -441,7 +441,7 @@ BOOL rdp_recv_client_info(rdpRdp* rdp, wStream* s)
- 	if (!rdp_read_header(rdp, s, &length, &channelId))
- 		return FALSE;
- 
--	if (!rdp_read_security_header(s, &securityFlags))
-+	if (!rdp_read_security_header(s, &securityFlags, &length))
- 		return FALSE;
- 
- 	if ((securityFlags & SEC_INFO_PKT) == 0)
-@@ -457,7 +457,7 @@ BOOL rdp_recv_client_info(rdpRdp* rdp, wStream* s)
- 
- 		if (securityFlags & SEC_ENCRYPT)
- 		{
--			if (!rdp_decrypt(rdp, s, length - 4, securityFlags))
-+			if (!rdp_decrypt(rdp, s, length, securityFlags))
- 			{
- 				fprintf(stderr, "rdp_decrypt failed\n");
- 				return FALSE;
-diff --git a/libfreerdp/core/license.c b/libfreerdp/core/license.c
-index 88d039e..40bb150 100644
---- a/libfreerdp/core/license.c
-+++ b/libfreerdp/core/license.c
-@@ -240,12 +240,12 @@ BOOL license_recv(rdpLicense* license, wStream* s)
- 		return FALSE;
- 	}
- 
--	if (!rdp_read_security_header(s, &securityFlags))
-+	if (!rdp_read_security_header(s, &securityFlags, &length))
- 		return FALSE;
- 
- 	if (securityFlags & SEC_ENCRYPT)
- 	{
--		if (!rdp_decrypt(license->rdp, s, length - 4, securityFlags))
-+		if (!rdp_decrypt(license->rdp, s, length, securityFlags))
- 		{
- 			fprintf(stderr, "rdp_decrypt failed\n");
- 			return FALSE;
-@@ -474,25 +474,41 @@ BOOL license_read_product_info(wStream* s, PRODUCT_INFO* productInfo)
- 
- 	Stream_Read_UINT32(s, productInfo->cbCompanyName); /* cbCompanyName (4 bytes) */
- 
--	if (Stream_GetRemainingLength(s) < productInfo->cbCompanyName + 4)
-+	/* Name must be > 0, but there is no upper limit defined, use UINT32_MAX */
-+	if ((productInfo->cbCompanyName < 2) || (productInfo->cbCompanyName % 2 != 0))
-+		return FALSE;
-+
-+	if (Stream_GetRemainingLength(s) < productInfo->cbCompanyName)
- 		return FALSE;
- 
- 	productInfo->pbCompanyName = (BYTE*) malloc(productInfo->cbCompanyName);
-+	if (!productInfo->pbCompanyName)
-+		return FALSE;
- 	Stream_Read(s, productInfo->pbCompanyName, productInfo->cbCompanyName);
- 
-+	if (Stream_GetRemainingLength(s) < 4)
-+		goto out_fail;
-+
- 	Stream_Read_UINT32(s, productInfo->cbProductId); /* cbProductId (4 bytes) */
- 
-+	if ((productInfo->cbProductId < 2) || (productInfo->cbProductId % 2 != 0))
-+		goto out_fail;
-+
- 	if (Stream_GetRemainingLength(s) < productInfo->cbProductId)
--	{
--		free(productInfo->pbCompanyName);
--		productInfo->pbCompanyName = NULL;
--		return FALSE;
--	}
-+		goto out_fail;
- 
- 	productInfo->pbProductId = (BYTE*) malloc(productInfo->cbProductId);
--	Stream_Read(s, productInfo->pbProductId, productInfo->cbProductId);
-+	if (!productInfo->pbProductId)
-+		goto out_fail;
- 
-+	Stream_Read(s, productInfo->pbProductId, productInfo->cbProductId);
- 	return TRUE;
-+
-+	out_fail:
-+		free(productInfo->pbCompanyName);
-+		productInfo->pbCompanyName = NULL;
-+		return FALSE;
-+
- }
- 
- /**
-@@ -796,7 +812,10 @@ BOOL license_read_platform_challenge_packet(rdpLicense* license, wStream* s)
- 
- 	/* EncryptedPlatformChallenge */
- 	license->EncryptedPlatformChallenge->type = BB_ANY_BLOB;
--	license_read_binary_blob(s, license->EncryptedPlatformChallenge);
-+
-+	if (!license_read_binary_blob(s, license->EncryptedPlatformChallenge))
-+		return FALSE;
-+
- 	license->EncryptedPlatformChallenge->type = BB_ENCRYPTED_DATA_BLOB;
- 
- 	if (Stream_GetRemainingLength(s) < 16)
-diff --git a/libfreerdp/core/mcs.c b/libfreerdp/core/mcs.c
-index d5ea089..16cf88e 100644
---- a/libfreerdp/core/mcs.c
-+++ b/libfreerdp/core/mcs.c
-@@ -197,7 +197,8 @@ BOOL mcs_read_domain_mcspdu_header(wStream* s, enum DomainMCSPDU* domainMCSPDU,
- 	BYTE choice;
- 	enum DomainMCSPDU MCSPDU;
- 
--	*length = tpkt_read_header(s);
-+	if (!tpkt_read_header(s, length))
-+		return FALSE;
- 
- 	if (!tpdu_read_data(s, &li))
- 		return FALSE;
-@@ -332,8 +333,13 @@ BOOL mcs_recv_connect_initial(rdpMcs* mcs, wStream* s)
- 	UINT16	li;
- 	int length;
- 	BOOL upwardFlag;
-+	UINT16 tlength;
-+
-+	if (!mcs || !s)
-+		return FALSE;
- 
--	tpkt_read_header(s);
-+	if (!tpkt_read_header(s, &tlength))
-+		return FALSE;
- 
- 	if (!tpdu_read_data(s, &li))
- 		return FALSE;
-@@ -504,8 +510,13 @@ BOOL mcs_recv_connect_response(rdpMcs* mcs, wStream* s)
- 	BYTE result;
- 	UINT16 li;
- 	UINT32 calledConnectId;
-+	UINT16 tlength;
- 
--	tpkt_read_header(s);
-+	if (!mcs || !s)
-+		return FALSE;
-+
-+	if (!tpkt_read_header(s, &tlength))
-+		return FALSE;
- 
- 	if (!tpdu_read_data(s, &li))
- 		return FALSE;
-diff --git a/libfreerdp/core/nego.c b/libfreerdp/core/nego.c
-index 6148e86..bc77eb3 100644
---- a/libfreerdp/core/nego.c
-+++ b/libfreerdp/core/nego.c
-@@ -506,9 +506,7 @@ int nego_recv(rdpTransport* transport, wStream* s, void* extra)
- 	UINT16 length;
- 	rdpNego* nego = (rdpNego*) extra;
- 
--	length = tpkt_read_header(s);
--
--	if (length == 0)
-+	if (!tpkt_read_header(s, &length) || length == 0)
- 		return -1;
- 
- 	if (!tpdu_read_connection_confirm(s, &li))
-@@ -582,8 +580,10 @@ BOOL nego_read_request(rdpNego* nego, wStream* s)
- 	BYTE li;
- 	BYTE c;
- 	BYTE type;
-+	UINT16 length;
- 
--	tpkt_read_header(s);
-+	if (!tpkt_read_header(s, &length))
-+		return FALSE;
- 
- 	if (!tpdu_read_connection_request(s, &li))
- 		return FALSE;
-diff --git a/libfreerdp/core/peer.c b/libfreerdp/core/peer.c
-index eb4ad60..b9bad7e 100644
---- a/libfreerdp/core/peer.c
-+++ b/libfreerdp/core/peer.c
-@@ -179,12 +179,12 @@ static int peer_recv_tpkt_pdu(freerdp_peer* client, wStream* s)
- 
- 	if (rdp->settings->DisableEncryption)
- 	{
--		if (!rdp_read_security_header(s, &securityFlags))
-+		if (!rdp_read_security_header(s, &securityFlags, &length))
- 			return -1;
- 
- 		if (securityFlags & SEC_ENCRYPT)
- 		{
--			if (!rdp_decrypt(rdp, s, length - 4, securityFlags))
-+			if (!rdp_decrypt(rdp, s, length, securityFlags))
- 			{
- 				fprintf(stderr, "rdp_decrypt failed\n");
- 				return -1;
-diff --git a/libfreerdp/core/rdp.c b/libfreerdp/core/rdp.c
-index 1a4704d..bb35bd9 100644
---- a/libfreerdp/core/rdp.c
-+++ b/libfreerdp/core/rdp.c
-@@ -77,13 +77,17 @@ static const char* const DATA_PDU_TYPE_STRINGS[] =
-  * @param flags security flags
-  */
- 
--BOOL rdp_read_security_header(wStream* s, UINT16* flags)
-+BOOL rdp_read_security_header(wStream* s, UINT16* flags, UINT16* length)
- {
- 	/* Basic Security Header */
--	if (Stream_GetRemainingLength(s) < 4)
-+	if (Stream_GetRemainingLength(s) < 4 || (length && (*length < 4)))
- 		return FALSE;
- 	Stream_Read_UINT16(s, *flags); /* flags */
- 	Stream_Seek(s, 2); /* flagsHi (unused) */
-+
-+	if (length)
-+		*length -= 4;
-+
- 	return TRUE;
- }
- 
-@@ -249,6 +253,9 @@ BOOL rdp_read_header(rdpRdp* rdp, wStream* s, UINT16* length, UINT16* channel_id
- 			return FALSE;
- 	}
- 
-+	if (*length < 8)
-+		return FALSE;
-+
- 	if (*length - 8 > Stream_GetRemainingLength(s))
- 		return FALSE;
- 
-@@ -273,8 +280,12 @@ BOOL rdp_read_header(rdpRdp* rdp, wStream* s, UINT16* length, UINT16* channel_id
- 	if (Stream_GetRemainingLength(s) < 5)
- 		return FALSE;
- 
--	per_read_integer16(s, &initiator, MCS_BASE_CHANNEL_ID); /* initiator (UserId) */
--	per_read_integer16(s, channel_id, 0); /* channelId */
-+	if (!per_read_integer16(s, &initiator, MCS_BASE_CHANNEL_ID)) /* initiator (UserId) */
-+		return FALSE;
-+
-+	if (!per_read_integer16(s, channel_id, 0)) /* channelId */
-+		return FALSE;
-+
- 	Stream_Seek(s, 1); /* dataPriority + Segmentation (0x70) */
- 
- 	if (!per_read_length(s, length)) /* userData (OCTET_STRING) */
-@@ -701,16 +712,20 @@ BOOL rdp_recv_out_of_sequence_pdu(rdpRdp* rdp, wStream* s)
-  * @param length int
-  */
- 
--BOOL rdp_decrypt(rdpRdp* rdp, wStream* s, int length, UINT16 securityFlags)
-+BOOL rdp_decrypt(rdpRdp* rdp, wStream* s, INT32 length, UINT16 securityFlags)
- {
- 	BYTE cmac[8];
- 	BYTE wmac[8];
- 
-+	if (!rdp || !s || length < 0)
-+		return FALSE;
-+
- 	if (rdp->settings->EncryptionMethods == ENCRYPTION_METHOD_FIPS)
- 	{
- 		UINT16 len;
- 		BYTE version, pad;
- 		BYTE* sig;
-+		INT64 padLength;
- 
- 		if (Stream_GetRemainingLength(s) < 12)
- 			return FALSE;
-@@ -723,6 +738,10 @@ BOOL rdp_decrypt(rdpRdp* rdp, wStream* s, int length, UINT16 securityFlags)
- 		Stream_Seek(s, 8);	/* signature */
- 
- 		length -= 12;
-+		padLength = length - pad;
-+
-+		if (length <= 0 || padLength <= 0)
-+			return FALSE;
- 
- 		if (!security_fips_decrypt(Stream_Pointer(s), length, rdp))
- 		{
-@@ -741,11 +760,13 @@ BOOL rdp_decrypt(rdpRdp* rdp, wStream* s, int length, UINT16 securityFlags)
- 		return TRUE;
- 	}
- 
--	if (Stream_GetRemainingLength(s) < 8)
-+	if (Stream_GetRemainingLength(s) < sizeof(wmac))
- 		return FALSE;
- 
- 	Stream_Read(s, wmac, sizeof(wmac));
- 	length -= sizeof(wmac);
-+	if (length <= 0)
-+		return FALSE;
- 
- 	if (!security_decrypt(Stream_Pointer(s), length, rdp))
- 		return FALSE;
-@@ -795,12 +816,12 @@ static int rdp_recv_tpkt_pdu(rdpRdp* rdp, wStream* s)
- 
- 	if (rdp->settings->DisableEncryption)
- 	{
--		if (!rdp_read_security_header(s, &securityFlags))
-+		if (!rdp_read_security_header(s, &securityFlags, &length))
- 			return -1;
- 
- 		if (securityFlags & (SEC_ENCRYPT | SEC_REDIRECTION_PKT))
- 		{
--			if (!rdp_decrypt(rdp, s, length - 4, securityFlags))
-+			if (!rdp_decrypt(rdp, s, length, securityFlags))
- 			{
- 				fprintf(stderr, "rdp_decrypt failed\n");
- 				return -1;
-diff --git a/libfreerdp/core/rdp.h b/libfreerdp/core/rdp.h
-index fc73026..7bcfc27 100644
---- a/libfreerdp/core/rdp.h
-+++ b/libfreerdp/core/rdp.h
-@@ -160,7 +160,7 @@ struct rdp_rdp
- 	BOOL deactivation_reactivation;
- };
- 
--BOOL rdp_read_security_header(wStream* s, UINT16* flags);
-+BOOL rdp_read_security_header(wStream* s, UINT16* flags, UINT16* length);
- void rdp_write_security_header(wStream* s, UINT16 flags);
- 
- BOOL rdp_read_share_control_header(wStream* s, UINT16* length, UINT16* type, UINT16* channel_id);
-@@ -202,6 +202,6 @@ void rdp_free(rdpRdp* rdp);
- #define DEBUG_RDP(fmt, ...) DEBUG_NULL(fmt, ## __VA_ARGS__)
- #endif
- 
--BOOL rdp_decrypt(rdpRdp* rdp, wStream* s, int length, UINT16 securityFlags);
-+BOOL rdp_decrypt(rdpRdp* rdp, wStream* s, INT32 length, UINT16 securityFlags);
- 
- #endif /* __RDP_H */
-diff --git a/libfreerdp/core/security.c b/libfreerdp/core/security.c
-index 5684528..dc9b2fc 100644
---- a/libfreerdp/core/security.c
-+++ b/libfreerdp/core/security.c
-@@ -475,7 +475,7 @@ BOOL security_key_update(BYTE* key, BYTE* update_key, int key_len)
- 	return TRUE;
- }
- 
--BOOL security_encrypt(BYTE* data, int length, rdpRdp* rdp)
-+BOOL security_encrypt(BYTE* data, size_t length, rdpRdp* rdp)
- {
- 	if (rdp->encrypt_use_count >= 4096)
- 	{
-@@ -490,7 +490,7 @@ BOOL security_encrypt(BYTE* data, int length, rdpRdp* rdp)
- 	return TRUE;
- }
- 
--BOOL security_decrypt(BYTE* data, int length, rdpRdp* rdp)
-+BOOL security_decrypt(BYTE* data, size_t length, rdpRdp* rdp)
- {
- 	if (rdp->rc4_decrypt_key == NULL)
- 		return FALSE;
-@@ -507,7 +507,7 @@ BOOL security_decrypt(BYTE* data, int length, rdpRdp* rdp)
- 	return TRUE;
- }
- 
--void security_hmac_signature(const BYTE* data, int length, BYTE* output, rdpRdp* rdp)
-+void security_hmac_signature(const BYTE* data, size_t length, BYTE* output, rdpRdp* rdp)
- {
- 	BYTE buf[20];
- 	BYTE use_count_le[4];
-@@ -522,20 +522,20 @@ void security_hmac_signature(const BYTE* data, int length, BYTE* output, rdpRdp*
- 	memmove(output, buf, 8);
- }
- 
--BOOL security_fips_encrypt(BYTE* data, int length, rdpRdp* rdp)
-+BOOL security_fips_encrypt(BYTE* data, size_t length, rdpRdp* rdp)
- {
- 	crypto_des3_encrypt(rdp->fips_encrypt, length, data, data);
- 	rdp->encrypt_use_count++;
- 	return TRUE;
- }
- 
--BOOL security_fips_decrypt(BYTE* data, int length, rdpRdp* rdp)
-+BOOL security_fips_decrypt(BYTE* data, size_t length, rdpRdp* rdp)
- {
- 	crypto_des3_decrypt(rdp->fips_decrypt, length, data, data);
- 	return TRUE;
- }
- 
--BOOL security_fips_check_signature(const BYTE* data, int length, const BYTE* sig, rdpRdp* rdp)
-+BOOL security_fips_check_signature(const BYTE* data, size_t length, const BYTE* sig, rdpRdp* rdp)
- {
- 	BYTE buf[20];
- 	BYTE use_count_le[4];
-diff --git a/libfreerdp/core/security.h b/libfreerdp/core/security.h
-index ffcebdf..c6b6038 100644
---- a/libfreerdp/core/security.h
-+++ b/libfreerdp/core/security.h
-@@ -37,12 +37,12 @@ void security_mac_signature(rdpRdp *rdp, const BYTE* data, UINT32 length, BYTE*
- void security_salted_mac_signature(rdpRdp *rdp, const BYTE* data, UINT32 length, BOOL encryption, BYTE* output);
- BOOL security_establish_keys(const BYTE* client_random, rdpRdp* rdp);
- 
--BOOL security_encrypt(BYTE* data, int length, rdpRdp* rdp);
--BOOL security_decrypt(BYTE* data, int length, rdpRdp* rdp);
-+BOOL security_encrypt(BYTE* data, size_t length, rdpRdp* rdp);
-+BOOL security_decrypt(BYTE* data, size_t length, rdpRdp* rdp);
- 
--void security_hmac_signature(const BYTE* data, int length, BYTE* output, rdpRdp* rdp);
--BOOL security_fips_encrypt(BYTE* data, int length, rdpRdp* rdp);
--BOOL security_fips_decrypt(BYTE* data, int length, rdpRdp* rdp);
--BOOL security_fips_check_signature(const BYTE* data, int length, const BYTE* sig, rdpRdp* rdp);
-+void security_hmac_signature(const BYTE* data, size_t length, BYTE* output, rdpRdp* rdp);
-+BOOL security_fips_encrypt(BYTE* data, size_t length, rdpRdp* rdp);
-+BOOL security_fips_decrypt(BYTE* data, size_t length, rdpRdp* rdp);
-+BOOL security_fips_check_signature(const BYTE* data, size_t length, const BYTE* sig, rdpRdp* rdp);
- 
- #endif /* __SECURITY_H */
-diff --git a/libfreerdp/core/surface.c b/libfreerdp/core/surface.c
-index 992a3dd..15b2257 100644
---- a/libfreerdp/core/surface.c
-+++ b/libfreerdp/core/surface.c
-@@ -85,7 +85,7 @@ int update_recv_surfcmds(rdpUpdate* update, UINT32 size, wStream* s)
- {
- 	BYTE* mark;
- 	UINT16 cmdType;
--	UINT32 cmdLength;
-+	UINT32 cmdLength = 0;
- 
- 	while (size > 2)
- 	{
-diff --git a/libfreerdp/core/tpkt.c b/libfreerdp/core/tpkt.c
-index 5689d62..900e288 100644
---- a/libfreerdp/core/tpkt.c
-+++ b/libfreerdp/core/tpkt.c
-@@ -81,25 +81,37 @@ BOOL tpkt_verify_header(wStream* s)
-  * @return length
-  */
- 
--UINT16 tpkt_read_header(wStream* s)
-+BOOL tpkt_read_header(wStream* s, UINT16* length)
- {
- 	BYTE version;
--	UINT16 length;
-+
-+	if (Stream_GetRemainingLength(s) < 1)
-+		return FALSE;
- 
- 	Stream_Peek_UINT8(s, version);
- 
- 	if (version == 3)
- 	{
-+		UINT16 len;
-+
-+		if (Stream_GetRemainingLength(s) < 4)
-+			return FALSE;
-+
- 		Stream_Seek(s, 2);
--		Stream_Read_UINT16_BE(s, length);
-+		Stream_Read_UINT16_BE(s, len);
-+
-+		if (len < 4)
-+			return FALSE;
-+
-+		*length = len;
- 	}
- 	else
- 	{
- 		/* not a TPKT header */
--		length = 0;
-+		*length = 0;
- 	}
- 
--	return length;
-+	return TRUE;
- }
- 
- /**
-diff --git a/libfreerdp/core/tpkt.h b/libfreerdp/core/tpkt.h
-index af984c1..9b51749 100644
---- a/libfreerdp/core/tpkt.h
-+++ b/libfreerdp/core/tpkt.h
-@@ -28,7 +28,7 @@
- #define TPKT_HEADER_LENGTH	4
- 
- BOOL tpkt_verify_header(wStream* s);
--UINT16 tpkt_read_header(wStream* s);
-+BOOL tpkt_read_header(wStream* s, UINT16* length);
- void tpkt_write_header(wStream* s, UINT16 length);
- 
- #endif /* __TPKT_H */
-diff --git a/libfreerdp/core/transport.c b/libfreerdp/core/transport.c
-index 0f29c6c..bc45dc8 100644
---- a/libfreerdp/core/transport.c
-+++ b/libfreerdp/core/transport.c
-@@ -673,7 +673,11 @@ int transport_check_fds(rdpTransport** ptransport)
- 				return 0;
- 			}
- 
--			length = tpkt_read_header(transport->ReceiveBuffer);
-+			if (!tpkt_read_header(transport->ReceiveBuffer, &length))
-+			{
-+				fprintf(stderr, "transport_check_fds: problem reading tpkt header.\n");
-+				return -1;
-+			}
- 		}
- 		else if (nla_verify_header(transport->ReceiveBuffer))
- 		{
--- 
-2.1.4
-
diff --git a/0009-enable-TLS-12.patch b/0009-enable-TLS-12.patch
deleted file mode 100644
index 50c63bba77cd..000000000000
--- a/0009-enable-TLS-12.patch
+++ /dev/null
@@ -1,38 +0,0 @@
-From 3ba81cbd5a59434f3053665e9fc4a432afd0db20 Mon Sep 17 00:00:00 2001
-From: Bernhard Miklautz <bernhard.miklautz@shacknet.at>
-Date: Thu, 10 Aug 2017 09:31:21 +0200
-Subject: [PATCH 1/1] enable TLS 1+
-
-Currently TLS version 1.0 is used implicitly by using the TLSv1_method.
-To be able to also use TLS 1.1 and later use SSLv23_client_method
-instead. To make sure SSLv2 or SSLv3 isn't used disable them.
-
-cherry-picked from aa80f63b4ab19101cbdc376f7e0613ed410fee11
----
- libfreerdp/crypto/tls.c | 8 +++++++-
- 1 file changed, 7 insertions(+), 1 deletion(-)
-
---- a/libfreerdp/crypto/tls.c
-+++ b/libfreerdp/crypto/tls.c
-@@ -102,7 +102,7 @@
- 	int connection_status;
- 	char *hostname;
- 
--	tls->ctx = SSL_CTX_new(TLSv1_client_method());
-+	tls->ctx = SSL_CTX_new(SSLv23_client_method());
- 
- 	if (tls->ctx == NULL)
- 	{
-@@ -141,6 +141,12 @@
- 	 */
- 	options |= SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS;
- 
-+	/**
-+	 * disable SSLv2 and SSLv3
-+	 */
-+	options |= SSL_OP_NO_SSLv2;
-+	options |= SSL_OP_NO_SSLv3;
-+
- 	SSL_CTX_set_options(tls->ctx, options);
- 
- 	tls->ssl = SSL_new(tls->ctx);
diff --git a/CVE-2014-0791.patch b/CVE-2014-0791.patch
deleted file mode 100644
index 42939bc46b6a..000000000000
--- a/CVE-2014-0791.patch
+++ /dev/null
@@ -1,24 +0,0 @@
-From f1d6afca6ae620f9855a33280bdc6f3ad9153be0 Mon Sep 17 00:00:00 2001
-From: Hardening <rdp.effort@gmail.com>
-Date: Wed, 8 Jan 2014 16:12:51 +0100
-Subject: [PATCH] Fix CVE-2014-0791
-
-This patch fixes CVE-2014-0791, the remaining length in the stream is checked
-before doing some malloc().
----
- libfreerdp/core/license.c | 2 ++
- 1 file changed, 2 insertions(+)
-
-Index: freerdp-1.1.0~git20140921.1.440916e+dfsg1/libfreerdp/core/license.c
-===================================================================
---- freerdp-1.1.0~git20140921.1.440916e+dfsg1.orig/libfreerdp/core/license.c	2017-08-23 11:07:13.453296923 -0400
-+++ freerdp-1.1.0~git20140921.1.440916e+dfsg1/libfreerdp/core/license.c	2017-08-23 11:07:13.449296923 -0400
-@@ -677,6 +677,8 @@ BOOL license_read_scope_list(wStream* s,
- 		return FALSE;
- 
- 	Stream_Read_UINT32(s, scopeCount); /* ScopeCount (4 bytes) */
-+	if (scopeCount > Stream_GetRemainingLength(s) / 4)  /* every blob is at least 4 bytes */
-+		return FALSE;
- 
- 	scopeList->count = scopeCount;
- 	scopeList->array = (LICENSE_BLOB*) malloc(sizeof(LICENSE_BLOB) * scopeCount);
diff --git a/CVE-2018-8786.patch b/CVE-2018-8786.patch
deleted file mode 100644
index e3ede30eff07..000000000000
--- a/CVE-2018-8786.patch
+++ /dev/null
@@ -1,25 +0,0 @@
-Backport of:
-
-From 445a5a42c500ceb80f8fa7f2c11f3682538033f3 Mon Sep 17 00:00:00 2001
-From: Armin Novak <armin.novak@thincast.com>
-Date: Mon, 22 Oct 2018 16:25:13 +0200
-Subject: [PATCH] Fixed CVE-2018-8786
-
-Thanks to Eyal Itkin from Check Point Software Technologies.
----
- libfreerdp/core/update.c | 8 +++-----
- 1 file changed, 3 insertions(+), 5 deletions(-)
-
-Index: freerdp-1.1.0~git20140921.1.440916e+dfsg1/libfreerdp/core/update.c
-===================================================================
---- freerdp-1.1.0~git20140921.1.440916e+dfsg1.orig/libfreerdp/core/update.c
-+++ freerdp-1.1.0~git20140921.1.440916e+dfsg1/libfreerdp/core/update.c
-@@ -119,7 +119,7 @@ BOOL update_read_bitmap(rdpUpdate* updat
- 
- 	if (bitmap_update->number > bitmap_update->count)
- 	{
--		UINT16 count;
-+		UINT32 count;
- 
- 		count = bitmap_update->number * 2;
- 
diff --git a/CVE-2018-8787.patch b/CVE-2018-8787.patch
deleted file mode 100644
index 49b5c3959f79..000000000000
--- a/CVE-2018-8787.patch
+++ /dev/null
@@ -1,51 +0,0 @@
-Backport of:
-
-From 09b9d4f1994a674c4ec85b4947aa656eda1aed8a Mon Sep 17 00:00:00 2001
-From: Armin Novak <armin.novak@thincast.com>
-Date: Mon, 22 Oct 2018 16:30:20 +0200
-Subject: [PATCH] Fixed CVE-2018-8787
-
-Thanks to Eyal Itkin from Check Point Software Technologies.
----
- libfreerdp/gdi/graphics.c | 10 +++++++++-
- 1 file changed, 9 insertions(+), 1 deletion(-)
-
-Index: freerdp-1.1.0~git20140921.1.440916e+dfsg1/libfreerdp/gdi/graphics.c
-===================================================================
---- freerdp-1.1.0~git20140921.1.440916e+dfsg1.orig/libfreerdp/gdi/graphics.c
-+++ freerdp-1.1.0~git20140921.1.440916e+dfsg1/libfreerdp/gdi/graphics.c
-@@ -23,6 +23,7 @@
- 
- #include <winpr/crt.h>
- 
-+#include <stdint.h>
- #include <freerdp/gdi/dc.h>
- #include <freerdp/gdi/brush.h>
- #include <freerdp/gdi/shape.h>
-@@ -98,7 +99,7 @@ void gdi_Bitmap_Decompress(rdpContext* c
- 		BYTE* data, int width, int height, int bpp, int length,
- 		BOOL compressed, int codec_id)
- {
--	UINT16 size;
-+	UINT32 size;
- 	RFX_MESSAGE* msg;
- 	BYTE* src;
- 	BYTE* dst;
-@@ -107,7 +108,16 @@ void gdi_Bitmap_Decompress(rdpContext* c
- 	rdpGdi* gdi;
- 	BOOL status;
- 
--	size = width * height * ((bpp + 7) / 8);
-+	size = width * height;
-+
-+       if (bpp <= 0 || width <= 0 || height <= 0 ||
-+	   width > (UINT32_MAX / height) ||
-+	   size > (UINT32_MAX / (bpp + 7) / 8))
-+       {
-+		printf("Invalid parameters, unable to decompress bitmap\n");
-+		return;
-+       }
-+	size *= (bpp + 7) / 8;
- 
- 	if (bitmap->data == NULL)
- 		bitmap->data = (BYTE*) malloc(size);
diff --git a/CVE-2018-8788.patch b/CVE-2018-8788.patch
deleted file mode 100644
index 68ab84486736..000000000000
--- a/CVE-2018-8788.patch
+++ /dev/null
@@ -1,352 +0,0 @@
-Backport of:
-
-From d1112c279bd1a327e8e4d0b5f371458bf2579659 Mon Sep 17 00:00:00 2001
-From: Armin Novak <armin.novak@thincast.com>
-Date: Mon, 22 Oct 2018 16:52:21 +0200
-Subject: [PATCH] Fixed CVE-2018-8788
-
-Thanks to Eyal Itkin from Check Point Software Technologies.
----
- include/freerdp/codec/nsc.h   |  4 +-
- libfreerdp/codec/nsc.c        | 94 +++++++++++++++++++++++++++++------
- libfreerdp/codec/nsc_encode.c | 62 ++++++++++++++++-------
- libfreerdp/codec/nsc_encode.h |  2 +-
- libfreerdp/codec/nsc_sse2.c   |  4 +-
- 5 files changed, 130 insertions(+), 36 deletions(-)
-
-Index: freerdp-1.1.0~git20140921.1.440916e+dfsg1/include/freerdp/codec/nsc.h
-===================================================================
---- freerdp-1.1.0~git20140921.1.440916e+dfsg1.orig/include/freerdp/codec/nsc.h
-+++ freerdp-1.1.0~git20140921.1.440916e+dfsg1/include/freerdp/codec/nsc.h
-@@ -59,8 +59,8 @@ struct _NSC_CONTEXT
- 	/* color palette allocated by the application */
- 	const BYTE* palette;
- 
--	void (*decode)(NSC_CONTEXT* context);
--	void (*encode)(NSC_CONTEXT* context, BYTE* bmpdata, int rowstride);
-+	BOOL (*decode)(NSC_CONTEXT* context);
-+	BOOL (*encode)(NSC_CONTEXT* context, BYTE* bmpdata, int rowstride);
- 
- 	NSC_CONTEXT_PRIV* priv;
- };
-Index: freerdp-1.1.0~git20140921.1.440916e+dfsg1/libfreerdp/codec/nsc.c
-===================================================================
---- freerdp-1.1.0~git20140921.1.440916e+dfsg1.orig/libfreerdp/codec/nsc.c
-+++ freerdp-1.1.0~git20140921.1.440916e+dfsg1/libfreerdp/codec/nsc.c
-@@ -43,7 +43,7 @@
- #define NSC_INIT_SIMD(_nsc_context) do { } while (0)
- #endif
- 
--static void nsc_decode(NSC_CONTEXT* context)
-+static BOOL nsc_decode(NSC_CONTEXT* context)
- {
- 	UINT16 x;
- 	UINT16 y;
-@@ -60,11 +60,18 @@ static void nsc_decode(NSC_CONTEXT* cont
- 	INT16 g_val;
- 	INT16 b_val;
- 	BYTE* bmpdata;
-+	size_t pos = 0;
-+
-+	if (!context)
-+		return FALSE;
- 
- 	bmpdata = context->bmpdata;
- 	rw = ROUND_UP_TO(context->width, 8);
- 	shift = context->nsc_stream.ColorLossLevel - 1; /* colorloss recovery + YCoCg shift */
- 
-+	if (!bmpdata)
-+		return FALSE;
-+
- 	for (y = 0; y < context->height; y++)
- 	{
- 		if (context->nsc_stream.ChromaSubSamplingLevel > 0)
-@@ -88,6 +95,11 @@ static void nsc_decode(NSC_CONTEXT* cont
- 			r_val = y_val + co_val - cg_val;
- 			g_val = y_val + cg_val;
- 			b_val = y_val - co_val - cg_val;
-+
-+			if (pos + 4 > context->bmpdata_length)
-+				return FALSE;
-+
-+			pos += 4;
- 			*bmpdata++ = MINMAX(b_val, 0, 0xFF);
- 			*bmpdata++ = MINMAX(g_val, 0, 0xFF);
- 			*bmpdata++ = MINMAX(r_val, 0, 0xFF);
-@@ -98,9 +110,11 @@ static void nsc_decode(NSC_CONTEXT* cont
- 			aplane++;
- 		}
- 	}
-+
-+	return TRUE;
- }
- 
--static void nsc_rle_decode(BYTE* in, BYTE* out, UINT32 origsz)
-+static BOOL nsc_rle_decode(BYTE* in, BYTE* out, UINT32 outSize, UINT32 origsz)
- {
- 	UINT32 len;
- 	UINT32 left;
-@@ -113,6 +127,10 @@ static void nsc_rle_decode(BYTE* in, BYT
- 
- 		if (left == 5)
- 		{
-+			if (outSize < 1)
-+				return FALSE;
-+
-+			outSize--;
- 			*out++ = value;
- 			left--;
- 		}
-@@ -130,6 +148,10 @@ static void nsc_rle_decode(BYTE* in, BYT
- 				len = *((UINT32*) in);
- 				in += 4;
- 			}
-+			if (outSize < len)
-+				return FALSE;
-+
-+			outSize -= len;
- 			memset(out, value, len);
- 			out += len;
- 			left -= len;
-@@ -141,16 +163,24 @@ static void nsc_rle_decode(BYTE* in, BYT
- 		}
- 	}
- 
--	*((UINT32*)out) = *((UINT32*)in);
-+	if ((outSize < 4) || (left < 4))
-+		return FALSE;
-+
-+	memcpy(out, in, 4);
-+	return TRUE;
- }
- 
--static void nsc_rle_decompress_data(NSC_CONTEXT* context)
-+static BOOL nsc_rle_decompress_data(NSC_CONTEXT* context)
- {
- 	UINT16 i;
- 	BYTE* rle;
- 	UINT32 origsize;
- 	UINT32 planesize;
- 
-+
-+	if (!context)
-+		return FALSE;
-+
- 	rle = context->nsc_stream.Planes;
- 
- 	for (i = 0; i < 4; i++)
-@@ -159,14 +189,30 @@ static void nsc_rle_decompress_data(NSC_
- 		planesize = context->nsc_stream.PlaneByteCount[i];
- 
- 		if (planesize == 0)
-+		{
-+			if (context->priv->plane_buf_length < origsize)
-+				return FALSE;
-+
- 			memset(context->priv->plane_buf[i], 0xff, origsize);
-+		}
- 		else if (planesize < origsize)
--			nsc_rle_decode(rle, context->priv->plane_buf[i], origsize);
-+		{
-+			if (!nsc_rle_decode(rle, context->priv->plane_buf[i], context->priv->plane_buf_length,
-+			                    origsize))
-+				return FALSE;
-+		}
- 		else
-+		{
-+			if (context->priv->plane_buf_length < origsize)
-+				return FALSE;
-+
- 			memcpy(context->priv->plane_buf[i], rle, origsize);
-+		}
- 
- 		rle += planesize;
- 	}
-+
-+	return TRUE;
- }
- 
- static void nsc_stream_initialize(NSC_CONTEXT* context, wStream* s)
-@@ -337,12 +383,24 @@ void nsc_process_message(NSC_CONTEXT* co
- 	Stream_Free(s, FALSE);
- 
- 	/* RLE decode */
--	PROFILER_ENTER(context->priv->prof_nsc_rle_decompress_data);
--	nsc_rle_decompress_data(context);
--	PROFILER_EXIT(context->priv->prof_nsc_rle_decompress_data);
-+	{
-+		BOOL rc;
-+		PROFILER_ENTER(context->priv->prof_nsc_rle_decompress_data);
-+		rc = nsc_rle_decompress_data(context);
-+		PROFILER_EXIT(context->priv->prof_nsc_rle_decompress_data);
-+
-+		if (!rc)
-+                  return;
-+	}
- 
- 	/* Colorloss recover, Chroma supersample and AYCoCg to ARGB Conversion in one step */
--	PROFILER_ENTER(context->priv->prof_nsc_decode);
--	context->decode(context);
--	PROFILER_EXIT(context->priv->prof_nsc_decode);
-+	{
-+		BOOL rc;
-+		PROFILER_ENTER(context->priv->prof_nsc_decode);
-+		rc = context->decode(context);
-+		PROFILER_EXIT(context->priv->prof_nsc_decode);
-+
-+		if (!rc)
-+                  return;
-+	}
- }
-Index: freerdp-1.1.0~git20140921.1.440916e+dfsg1/libfreerdp/codec/nsc_encode.c
-===================================================================
---- freerdp-1.1.0~git20140921.1.440916e+dfsg1.orig/libfreerdp/codec/nsc_encode.c
-+++ freerdp-1.1.0~git20140921.1.440916e+dfsg1/libfreerdp/codec/nsc_encode.c
-@@ -67,7 +67,7 @@ static void nsc_context_initialize_encod
- 	}
- }
- 
--static void nsc_encode_argb_to_aycocg(NSC_CONTEXT* context, BYTE* bmpdata, int rowstride)
-+static BOOL nsc_encode_argb_to_aycocg(NSC_CONTEXT* context, BYTE* bmpdata, int rowstride)
- {
- 	UINT16 x;
- 	UINT16 y;
-@@ -85,10 +85,20 @@ static void nsc_encode_argb_to_aycocg(NS
- 	UINT32 tempWidth;
- 	UINT32 tempHeight;
- 
-+	if (!context || bmpdata || (rowstride == 0))
-+		return FALSE;
-+
- 	tempWidth = ROUND_UP_TO(context->width, 8);
- 	tempHeight = ROUND_UP_TO(context->height, 2);
- 	rw = (context->nsc_stream.ChromaSubSamplingLevel > 0 ? tempWidth : context->width);
- 	ccl = context->nsc_stream.ColorLossLevel;
-+
-+	if (context->priv->plane_buf_length < rw * rowstride)
-+		return FALSE;
-+
-+	if (rw < rowstride * 2)
-+		return FALSE;
-+
- 	yplane = context->priv->plane_buf[0];
- 	coplane = context->priv->plane_buf[1];
- 	cgplane = context->priv->plane_buf[2];
-@@ -196,32 +206,38 @@ static void nsc_encode_argb_to_aycocg(NS
- 		memcpy(coplane + rw, coplane, rw);
- 		memcpy(cgplane + rw, cgplane, rw);
- 	}
-+
-+	return TRUE;
- }
- 
--static void nsc_encode_subsampling(NSC_CONTEXT* context)
-+static BOOL nsc_encode_subsampling(NSC_CONTEXT* context)
- {
- 	UINT16 x;
- 	UINT16 y;
--	BYTE* co_dst;
--	BYTE* cg_dst;
--	INT8* co_src0;
--	INT8* co_src1;
--	INT8* cg_src0;
--	INT8* cg_src1;
- 	UINT32 tempWidth;
- 	UINT32 tempHeight;
- 
-+
-+	if (!context)
-+		return FALSE;
-+
- 	tempWidth = ROUND_UP_TO(context->width, 8);
- 	tempHeight = ROUND_UP_TO(context->height, 2);
- 
-+	if (tempHeight == 0)
-+		return FALSE;
-+
-+	if (tempWidth > context->priv->plane_buf_length / tempHeight)
-+		return FALSE;
-+
- 	for (y = 0; y < tempHeight >> 1; y++)
- 	{
--		co_dst = context->priv->plane_buf[1] + y * (tempWidth >> 1);
--		cg_dst = context->priv->plane_buf[2] + y * (tempWidth >> 1);
--		co_src0 = (INT8*) context->priv->plane_buf[1] + (y << 1) * tempWidth;
--		co_src1 = co_src0 + tempWidth;
--		cg_src0 = (INT8*) context->priv->plane_buf[2] + (y << 1) * tempWidth;
--		cg_src1 = cg_src0 + tempWidth;
-+		BYTE* co_dst = context->priv->plane_buf[1] + y * (tempWidth >> 1);
-+		BYTE* cg_dst = context->priv->plane_buf[2] + y * (tempWidth >> 1);
-+		const INT8* co_src0 = (INT8*) context->priv->plane_buf[1] + (y << 1) * tempWidth;
-+		const INT8* co_src1 = co_src0 + tempWidth;
-+		const INT8* cg_src0 = (INT8*) context->priv->plane_buf[2] + (y << 1) * tempWidth;
-+		const INT8* cg_src1 = cg_src0 + tempWidth;
- 		for (x = 0; x < tempWidth >> 1; x++)
- 		{
- 			*co_dst++ = (BYTE) (((INT16) *co_src0 + (INT16) *(co_src0 + 1) +
-@@ -234,18 +250,28 @@ static void nsc_encode_subsampling(NSC_C
- 			cg_src1 += 2;
- 		}
- 	}
-+
-+	return TRUE;
- }
- 
--void nsc_encode(NSC_CONTEXT* context, BYTE* bmpdata, int rowstride)
-+BOOL nsc_encode(NSC_CONTEXT* context, BYTE* bmpdata, int rowstride)
- {
--	nsc_encode_argb_to_aycocg(context, bmpdata, rowstride);
-+	if (!context || !bmpdata || (rowstride == 0))
-+		return FALSE;
-+
-+	if (!nsc_encode_argb_to_aycocg(context, bmpdata, rowstride))
-+		return FALSE;
-+
- 	if (context->nsc_stream.ChromaSubSamplingLevel > 0)
- 	{
--		nsc_encode_subsampling(context);
-+		if (!nsc_encode_subsampling(context))
-+			return FALSE;
- 	}
-+
-+	return TRUE;
- }
- 
--static UINT32 nsc_rle_encode(BYTE* in, BYTE* out, UINT32 origsz)
-+static UINT32 nsc_rle_encode(const BYTE* in, BYTE* out, UINT32 origsz)
- {
- 	UINT32 left;
- 	UINT32 runlength = 1;
-Index: freerdp-1.1.0~git20140921.1.440916e+dfsg1/libfreerdp/codec/nsc_sse2.c
-===================================================================
---- freerdp-1.1.0~git20140921.1.440916e+dfsg1.orig/libfreerdp/codec/nsc_sse2.c
-+++ freerdp-1.1.0~git20140921.1.440916e+dfsg1/libfreerdp/codec/nsc_sse2.c
-@@ -333,13 +333,15 @@ static void nsc_encode_subsampling_sse2(
- 	}
- }
- 
--static void nsc_encode_sse2(NSC_CONTEXT* context, BYTE* bmpdata, int rowstride)
-+static BOOL nsc_encode_sse2(NSC_CONTEXT* context, BYTE* bmpdata, int rowstride)
- {
- 	nsc_encode_argb_to_aycocg_sse2(context, bmpdata, rowstride);
- 	if (context->nsc_stream.ChromaSubSamplingLevel > 0)
- 	{
- 		nsc_encode_subsampling_sse2(context);
- 	}
-+
-+	return TRUE;
- }
- 
- void nsc_init_sse2(NSC_CONTEXT* context)
-Index: freerdp-1.1.0~git20140921.1.440916e+dfsg1/libfreerdp/codec/nsc_encode.h
-===================================================================
---- freerdp-1.1.0~git20140921.1.440916e+dfsg1.orig/libfreerdp/codec/nsc_encode.h
-+++ freerdp-1.1.0~git20140921.1.440916e+dfsg1/libfreerdp/codec/nsc_encode.h
-@@ -20,6 +20,6 @@
- #ifndef __NSC_ENCODE_H
- #define __NSC_ENCODE_H
- 
--void nsc_encode(NSC_CONTEXT* context, BYTE* bmpdata, int rowstride);
-+BOOL nsc_encode(NSC_CONTEXT* context, BYTE* bmpdata, int rowstride);
- 
- #endif
diff --git a/CVE-2018-8789.patch b/CVE-2018-8789.patch
deleted file mode 100644
index 1aec14058174..000000000000
--- a/CVE-2018-8789.patch
+++ /dev/null
@@ -1,27 +0,0 @@
-Backport of:
-
-From 2ee663f39dc8dac3d9988e847db19b2d7e3ac8c6 Mon Sep 17 00:00:00 2001
-From: Armin Novak <armin.novak@thincast.com>
-Date: Mon, 22 Oct 2018 16:00:03 +0200
-Subject: [PATCH] Fixed CVE-2018-8789
-
-Thanks to Eyal Itkin from Check Point Software Technologies.
----
- winpr/libwinpr/sspi/NTLM/ntlm_message.c | 24 +++++++++++++-----------
- 1 file changed, 13 insertions(+), 11 deletions(-)
-
-Index: freerdp-1.1.0~git20140921.1.440916e+dfsg1/winpr/libwinpr/sspi/NTLM/ntlm_message.c
-===================================================================
---- freerdp-1.1.0~git20140921.1.440916e+dfsg1.orig/winpr/libwinpr/sspi/NTLM/ntlm_message.c
-+++ freerdp-1.1.0~git20140921.1.440916e+dfsg1/winpr/libwinpr/sspi/NTLM/ntlm_message.c
-@@ -146,6 +146,10 @@ void ntlm_read_message_fields_buffer(wSt
- {
- 	if (fields->Len > 0)
- 	{
-+		const UINT64 offset = (UINT64)fields->BufferOffset + (UINT64)fields->Len;
-+
-+		if (offset > Stream_Length(s))
-+			return;
- 		fields->Buffer = malloc(fields->Len);
- 		Stream_SetPosition(s, fields->BufferOffset);
- 		Stream_Read(s, fields->Buffer, fields->Len);
diff --git a/PKGBUILD b/PKGBUILD
index ddcd7b1fd0d4..a4a477d1c986 100644
--- a/PKGBUILD
+++ b/PKGBUILD
@@ -1,113 +1,77 @@
-# Maintainer: Vladislav Petrov <ejiek@mail.ru>
+# Contributor: Marcell Meszaros < marcell.meszaros AT runbox.eu >
+# Contributor: Vladislav Petrov <ejiek@mail.ru>
+
 pkgname=freerdp-1.1.0
 _pkgname=freerdp
+_projname=FreeRDP
 pkgver=1.1.0
 pkgrel=2
-pkgdesc="Free RDP client version 1.1.0 with patches applied by Canonical for Ubuntu bionic version of package"
+pkgdesc='RDP client legacy version 1.1.0 with patches from Ubuntu Bionic (18.04 LTS)'
 arch=('i686' 'x86_64')
 url="http://freerdp.sourceforge.net"
 license=('GPL')
 depends=('openssl-1.0' 'libxcursor' 'libcups' 'alsa-lib' 'libxext' 'libxdamage'
          'ffmpeg' 'libxkbfile' 'libxinerama' 'libxv' 'libpulse')
-makedepends=('git' 'krb5' 'cmake' 'xorgproto' 'xmlto' 'docbook-xsl')
+makedepends=('krb5' 'cmake' 'xorgproto' 'xmlto' 'docbook-xsl')
 conflicts=('freerdp' 'freerdp-git')
 provides=('freerdp')
-source=(git+https://github.com/FreeRDP/FreeRDP.git#commit=440916eae2e07463912d5fe507677e67096eb083
-	0001_fix-cmdline-parser.patch
-	0002_handle-old-style-cmdline-options.patch
-	0003_copy-data-when-adding-glyph-to-cache.patch
-	0004_build-cmake-3.1-compatibility.patch
-	0005_release-keys-when-xfreerdp-is-unfocused-to-prevent-s.patch
-	0006_fix-null-cert-that-is-not-an-error.patch
-	0007_Fix-build-failure-on-x32.patch
-	0008-Fix-multiple-security-issues.patch
-	0009-enable-TLS-12.patch
-	1001_hide-internal-symbols.patch
-	1002_update-pkg-config-file.patch
-	1003_multi-arch-include-path.patch
-	1004_64-bit-architectures.patch
-	1005_parse-buffer-endianess.patch
-	1006_test-unicode-endianess.patch
-	1007_detect-arm-arch-correctly.patch
-	1008_gcc-fPIC-on-arm64.patch
-	1009_libusb-debug.patch
-	1010_libudev-link.patch
-	1011_ffmpeg-2.9.patch
-	1012_typo-fix.patch
-	1013_aligned_meminfo_alignment.patch
-	2001_detect-ffmpeg-on-Debian.patch
-	CVE-2014-0791.patch
-	CVE-2018-8786.patch
-	CVE-2018-8787.patch
-	CVE-2018-8788.patch
-	CVE-2018-8789.patch
-	tsmf_ffmpeg.patch)
-md5sums=('SKIP'
-	'fac4007e3e7c23b97f93c705d3f2b318'
-	'b07a139fb9fe6bb58fce28cb6652ad5b'
-	'685b9b4ec76e05e21c4c0139ff799424'
-	'7ad9df81edee2b0f50b31c632ed3115e'
-	'ef594eee59363853c344ec264127dffe'
-	'68be4cb0387223439304dbb8260c8f10'
-	'7355210711d6b31eef62cca6dcfb47b3'
-	'e6f05798bcd88dedc4088c33ce0550e8'
-	'a2b13ddd61b21457493321d6cb2fdea3'
-	'4b234f9fd511784b5afc8b509f2a55ca'
-	'e2e046945d90738180a0a74ed1f5716e'
-	'f8ffb6e5892a9f4779035a643c28a69b'
-	'f45f4ccbb75bc375b66c1f26516638e4'
-	'4d806b51c39fb31d151dd1ad2d0d7bef'
-	'b00de13c7d72b7140fc7979636446aac'
-	'c6e549c8ab2db539daf780e999d5defa'
-	'081bef0c3443f2abb4509e8827f18404'
-	'b189033a55f32fe940f1643b5a848480'
-	'50ce07e227a119cc14f68b1e9da6e502'
-	'2849fc753e757b3e28242327c6e592db'
-	'7c373a53c8506fd14c836c45bbeefddd'
-	'9d1d6b827a0d6b3f8fa308b85e6917bc'
-	'1fcc55173b3921698b711cccc9b6594a'
-	'30ce3d4083ac14ca1e2d77980a0f1af7'
-	'd698f5e4e65363c8a0afc6f8c3375c09'
-	'eb5c448d229d5e7825e2cfc6a6bea8e5'
-	'5d3b8f0eb6f7c14cadc8006fd2f396ee'
-	'39e69a6d8932a45769f24a0c5c99e1ec'
-	'ce69a20d193e9aec0a2dedd55253405f')
+_commit='590fa7dbf6ecab58fb70dd57ef6d3ecfdbfc3c4f'
+source=("${_projname}-${pkgver}-${_commit}.tar.gz::https://github.com/${_projname}/${_projname}/archive/${_commit}.tar.gz"
+        1001_hide-internal-symbols.patch
+        1002_update-pkg-config-file.patch
+        1003_multi-arch-include-path.patch
+        1004_64-bit-architectures.patch
+        1005_parse-buffer-endianess.patch
+        1006_test-unicode-endianess.patch
+        1007_detect-arm-arch-correctly.patch
+        1008_gcc-fPIC-on-arm64.patch
+        1009_libusb-debug.patch
+        1010_libudev-link.patch
+        1011_ffmpeg-2.9.patch
+        1012_typo-fix.patch
+        1013_aligned_meminfo_alignment.patch
+        2001_detect-ffmpeg-on-Debian.patch
+        tsmf_ffmpeg.patch)
+md5sums=('1dd186838d20d757822c2daec959b7a3'
+        '4b234f9fd511784b5afc8b509f2a55ca'
+        'e2e046945d90738180a0a74ed1f5716e'
+        'f8ffb6e5892a9f4779035a643c28a69b'
+        'f45f4ccbb75bc375b66c1f26516638e4'
+        '4d806b51c39fb31d151dd1ad2d0d7bef'
+        'b00de13c7d72b7140fc7979636446aac'
+        'c6e549c8ab2db539daf780e999d5defa'
+        '081bef0c3443f2abb4509e8827f18404'
+        'b189033a55f32fe940f1643b5a848480'
+        '50ce07e227a119cc14f68b1e9da6e502'
+        '2849fc753e757b3e28242327c6e592db'
+        '7c373a53c8506fd14c836c45bbeefddd'
+        '9d1d6b827a0d6b3f8fa308b85e6917bc'
+        '1fcc55173b3921698b711cccc9b6594a'
+        'ce69a20d193e9aec0a2dedd55253405f')
 
 prepare() {
-  cd $srcdir/FreeRDP
-  patch -Np1 -i ../0001_fix-cmdline-parser.patch
-  patch -Np1 -i ../0002_handle-old-style-cmdline-options.patch
-  patch -Np1 -i ../0003_copy-data-when-adding-glyph-to-cache.patch
-  patch -Np1 -i ../0004_build-cmake-3.1-compatibility.patch
-  patch -Np1 -i ../0005_release-keys-when-xfreerdp-is-unfocused-to-prevent-s.patch
-  patch -Np1 -i ../0006_fix-null-cert-that-is-not-an-error.patch
-  patch -Np1 -i ../0007_Fix-build-failure-on-x32.patch
-  patch -Np1 -i ../0008-Fix-multiple-security-issues.patch
-  patch -Np1 -i ../0009-enable-TLS-12.patch
-  patch -Np1 -i ../1001_hide-internal-symbols.patch
-  patch -Np1 -i ../1002_update-pkg-config-file.patch
-  patch -Np1 -i ../1003_multi-arch-include-path.patch
-  patch -Np1 -i ../1004_64-bit-architectures.patch
-  patch -Np1 -i ../1005_parse-buffer-endianess.patch
-  patch -Np1 -i ../1006_test-unicode-endianess.patch
-  patch -Np1 -i ../1007_detect-arm-arch-correctly.patch
-  patch -Np1 -i ../1008_gcc-fPIC-on-arm64.patch
-  patch -Np1 -i ../1009_libusb-debug.patch
-  patch -Np1 -i ../1010_libudev-link.patch
-  patch -Np1 -i ../1011_ffmpeg-2.9.patch
-  patch -Np1 -i ../1012_typo-fix.patch
-  patch -Np1 -i ../1013_aligned_meminfo_alignment.patch
-  patch -Np1 -i ../2001_detect-ffmpeg-on-Debian.patch
-  patch -Np1 -i ../CVE-2014-0791.patch
-  patch -Np1 -i ../CVE-2018-8786.patch
-  patch -Np1 -i ../CVE-2018-8787.patch
-  patch -Np1 -i ../CVE-2018-8788.patch
-  patch -Np1 -i ../CVE-2018-8789.patch
-  patch -Np1 -i ../tsmf_ffmpeg.patch
+  cd "${_projname}-${_commit}"
+  (set -x
+    patch --verbose --forward --strip=1 --unified --input=../1001_hide-internal-symbols.patch
+    patch --verbose --forward --strip=1 --unified --input=../1002_update-pkg-config-file.patch
+    patch --verbose --forward --strip=1 --unified --input=../1003_multi-arch-include-path.patch
+    patch --verbose --forward --strip=1 --unified --input=../1004_64-bit-architectures.patch
+    patch --verbose --forward --strip=1 --unified --input=../1005_parse-buffer-endianess.patch
+    patch --verbose --forward --strip=1 --unified --input=../1006_test-unicode-endianess.patch
+    patch --verbose --forward --strip=1 --unified --input=../1007_detect-arm-arch-correctly.patch
+    patch --verbose --forward --strip=1 --unified --input=../1008_gcc-fPIC-on-arm64.patch
+    patch --verbose --forward --strip=1 --unified --input=../1009_libusb-debug.patch
+    patch --verbose --forward --strip=1 --unified --input=../1010_libudev-link.patch
+    patch --verbose --forward --strip=1 --unified --input=../1011_ffmpeg-2.9.patch
+    patch --verbose --forward --strip=1 --unified --input=../1012_typo-fix.patch
+    patch --verbose --forward --strip=1 --unified --input=../1013_aligned_meminfo_alignment.patch
+    patch --verbose --forward --strip=1 --unified --input=../2001_detect-ffmpeg-on-Debian.patch
+    patch --verbose --forward --strip=1 --unified --input=../tsmf_ffmpeg.patch
+  )
 }
 
 build() {
-  cd $srcdir/FreeRDP
+  cd "${_projname}-${_commit}"
   cmake \
         -DCMAKE_INSTALL_PREFIX=/usr \
         -DCMAKE_INSTALL_LIBDIR=lib \
@@ -121,6 +85,6 @@ build() {
 }
 
 package() {
-  cd $srcdir/FreeRDP
+  cd "${_projname}-${_commit}"
   make DESTDIR="${pkgdir}" install
 }