diff --git a/SOURCES/1-Add-support-for-Wildcard-Certificates-2-For-Gatewa.patch b/SOURCES/1-Add-support-for-Wildcard-Certificates-2-For-Gatewa.patch new file mode 100644 index 0000000..aea1b6a --- /dev/null +++ b/SOURCES/1-Add-support-for-Wildcard-Certificates-2-For-Gatewa.patch @@ -0,0 +1,132 @@ +From 3da7c6207ebc4002bc1b0260d7d7c581c2fd635e Mon Sep 17 00:00:00 2001 +From: Chris +Date: Mon, 17 Jun 2013 21:19:01 +0200 +Subject: [PATCH 3/5] 1) Add support for Wildcard Certificates 2) For Gateway + connections compare against gateway host name instead of target host + +--- + libfreerdp-core/tls.c | 66 ++++++++++++++++++++++++++++++++++++++++++++------- + libfreerdp-core/tls.h | 1 + + 2 files changed, 58 insertions(+), 9 deletions(-) + +diff --git a/libfreerdp-core/tls.c b/libfreerdp-core/tls.c +index b05100e..db09960 100644 +--- a/libfreerdp-core/tls.c ++++ b/libfreerdp-core/tls.c +@@ -25,6 +25,7 @@ + boolean tls_connect(rdpTls* tls) + { + int connection_status; ++ char *hostname; + + tls->ctx = SSL_CTX_new(TLSv1_client_method()); + +@@ -80,7 +81,13 @@ boolean tls_connect(rdpTls* tls) + return false; + } + +- if (!tls_verify_certificate(tls, tls->cert, tls->settings->hostname)) { ++ if (tls->settings->ts_gateway) ++ hostname = tls->settings->tsg_hostname; ++ else ++ hostname = tls->settings->hostname; ++ ++ if (!tls_verify_certificate(tls, tls->cert, hostname)) ++ { + printf("tls_connect: certificate not trusted, aborting.\n"); + tls_disconnect(tls); + return false; +@@ -253,6 +260,50 @@ CryptoCert tls_get_certificate(rdpTls* tls) + return cert; + } + ++boolean tls_match_hostname(char *pattern, int pattern_length, char *hostname) ++{ ++ if (strlen(hostname) == pattern_length) ++ { ++ if (memcmp((void*) hostname, (void*) pattern, pattern_length) == 0) ++ return TRUE; ++ } ++ ++ /* ccpp: Check for wildcard certificates */ ++ if (memchr(pattern, '*', pattern_length) != NULL) ++ { ++ /* The wildcard matches one subdomain level (all except a dot) */ ++ ++ int pattern_position = 0; ++ int hostname_position = 0; ++ ++ for(; hostname[hostname_position] && pattern_position < pattern_length; pattern_position++, hostname_position++) ++ { ++ if( pattern[pattern_position] == '*' ) { ++ while( hostname[hostname_position] != '.' && hostname[hostname_position] != '\0' ) ++ hostname_position++; ++ ++ pattern_position++; ++ } ++ ++ if (hostname[hostname_position] != pattern[pattern_position] ) ++ { ++ return FALSE; ++ } ++ } ++ } ++ ++ if (pattern_length > 2 && pattern[0] == '*' && pattern[1] == '.') ++ { ++ char *check_hostname = &hostname[ strlen(hostname) - pattern_length+1 ]; ++ if (memcmp((void*) check_hostname, (void*) &pattern[1], pattern_length - 1) == 0 ) ++ { ++ return TRUE; ++ } ++ } ++ ++ return FALSE; ++} ++ + boolean tls_verify_certificate(rdpTls* tls, CryptoCert cert, char* hostname) + { + int match; +@@ -288,11 +339,8 @@ boolean tls_verify_certificate(rdpTls* tls, CryptoCert cert, char* hostname) + + if (common_name != NULL) + { +- if (strlen(hostname) == common_name_length) +- { +- if (memcmp((void*) hostname, (void*) common_name, common_name_length) == 0) +- hostname_match = true; +- } ++ if (tls_match_hostname(common_name, common_name_length, hostname)) ++ hostname_match = TRUE; + } + + /* compare against alternative names */ +@@ -301,10 +349,10 @@ boolean tls_verify_certificate(rdpTls* tls, CryptoCert cert, char* hostname) + { + for (index = 0; index < alt_names_count; index++) + { +- if (strlen(hostname) == alt_names_lengths[index]) ++ if (tls_match_hostname(alt_names[index], alt_names_lengths[index], hostname)) + { +- if (memcmp((void*) hostname, (void*) alt_names[index], alt_names_lengths[index]) == 0) +- hostname_match = true; ++ hostname_match = TRUE; ++ break; + } + } + } +diff --git a/libfreerdp-core/tls.h b/libfreerdp-core/tls.h +index e941dd0..b2218f9 100644 +--- a/libfreerdp-core/tls.h ++++ b/libfreerdp-core/tls.h +@@ -50,6 +50,7 @@ int tls_read(rdpTls* tls, uint8* data, int length); + int tls_write(rdpTls* tls, uint8* data, int length); + + CryptoCert tls_get_certificate(rdpTls* tls); ++boolean tls_match_hostname(char *pattern, int pattern_length, char *hostname); + boolean tls_verify_certificate(rdpTls* tls, CryptoCert cert, char* hostname); + void tls_print_certificate_error(char* hostname, char* fingerprint); + void tls_print_certificate_name_mismatch_error(char* hostname, char* common_name, char** alt_names, int alt_names_count); +-- +2.5.5 + diff --git a/SOURCES/Fixed-a-possible-buffer-overflow-issue.patch b/SOURCES/Fixed-a-possible-buffer-overflow-issue.patch new file mode 100644 index 0000000..9053d62 --- /dev/null +++ b/SOURCES/Fixed-a-possible-buffer-overflow-issue.patch @@ -0,0 +1,25 @@ +From f341cd43bf1e780664dcf55aaff46feee92a86b9 Mon Sep 17 00:00:00 2001 +From: Chris +Date: Mon, 17 Jun 2013 21:49:29 +0200 +Subject: [PATCH 5/5] Fixed a possible buffer overflow issue + +--- + libfreerdp-core/tls.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/libfreerdp-core/tls.c b/libfreerdp-core/tls.c +index 2fbaa2c..ed4d0cb 100644 +--- a/libfreerdp-core/tls.c ++++ b/libfreerdp-core/tls.c +@@ -268,7 +268,7 @@ boolean tls_match_hostname(char *pattern, int pattern_length, char *hostname) + return TRUE; + } + +- if (pattern_length > 2 && pattern[0] == '*' && pattern[1] == '.') ++ if (pattern_length > 2 && pattern[0] == '*' && pattern[1] == '.' && strlen(hostname) >= pattern_length) + { + char *check_hostname = &hostname[ strlen(hostname) - pattern_length+1 ]; + if (memcmp((void*) check_hostname, (void*) &pattern[1], pattern_length - 1) == 0 ) +-- +2.5.5 + diff --git a/SOURCES/Using-the-more-efficient-code-for-comparing-host-nam.patch b/SOURCES/Using-the-more-efficient-code-for-comparing-host-nam.patch new file mode 100644 index 0000000..617a339 --- /dev/null +++ b/SOURCES/Using-the-more-efficient-code-for-comparing-host-nam.patch @@ -0,0 +1,47 @@ +From 500b87127e6c4edc5f7182cc1a5261c4f96f38e1 Mon Sep 17 00:00:00 2001 +From: Chris +Date: Mon, 17 Jun 2013 21:26:35 +0200 +Subject: [PATCH 4/5] Using the more efficient code for comparing host names + +--- + libfreerdp-core/tls.c | 24 ------------------------ + 1 file changed, 24 deletions(-) + +diff --git a/libfreerdp-core/tls.c b/libfreerdp-core/tls.c +index db09960..2fbaa2c 100644 +--- a/libfreerdp-core/tls.c ++++ b/libfreerdp-core/tls.c +@@ -268,30 +268,6 @@ boolean tls_match_hostname(char *pattern, int pattern_length, char *hostname) + return TRUE; + } + +- /* ccpp: Check for wildcard certificates */ +- if (memchr(pattern, '*', pattern_length) != NULL) +- { +- /* The wildcard matches one subdomain level (all except a dot) */ +- +- int pattern_position = 0; +- int hostname_position = 0; +- +- for(; hostname[hostname_position] && pattern_position < pattern_length; pattern_position++, hostname_position++) +- { +- if( pattern[pattern_position] == '*' ) { +- while( hostname[hostname_position] != '.' && hostname[hostname_position] != '\0' ) +- hostname_position++; +- +- pattern_position++; +- } +- +- if (hostname[hostname_position] != pattern[pattern_position] ) +- { +- return FALSE; +- } +- } +- } +- + if (pattern_length > 2 && pattern[0] == '*' && pattern[1] == '.') + { + char *check_hostname = &hostname[ strlen(hostname) - pattern_length+1 ]; +-- +2.5.5 + diff --git a/SOURCES/cover-the-case-of-servers-asking-for-cached-bitmaps-.patch b/SOURCES/cover-the-case-of-servers-asking-for-cached-bitmaps-.patch new file mode 100644 index 0000000..e419fcc --- /dev/null +++ b/SOURCES/cover-the-case-of-servers-asking-for-cached-bitmaps-.patch @@ -0,0 +1,37 @@ +From 807e2ee016386a396b7b57c3c675ff64e8b12f74 Mon Sep 17 00:00:00 2001 +From: Daryl Poe +Date: Thu, 25 Jul 2013 15:01:56 -0600 +Subject: [PATCH] cover the case of servers asking for cached bitmaps they have + never defined + +--- + libfreerdp-cache/bitmap.c | 6 ++++++ + 1 file changed, 6 insertions(+) + +diff --git a/libfreerdp-cache/bitmap.c b/libfreerdp-cache/bitmap.c +index c1583ac..9ed241d 100644 +--- a/libfreerdp-cache/bitmap.c ++++ b/libfreerdp-cache/bitmap.c +@@ -33,6 +33,9 @@ void update_gdi_memblt(rdpContext* context, MEMBLT_ORDER* memblt) + else + bitmap = bitmap_cache_get(cache->bitmap, (uint8) memblt->cacheId, memblt->cacheIndex); + ++ /* XP-SP2 servers sometimes ask for cached bitmaps they've never defined. */ ++ if (bitmap == NULL) return; ++ + memblt->bitmap = bitmap; + IFCALL(cache->bitmap->MemBlt, context, memblt); + } +@@ -47,6 +50,9 @@ void update_gdi_mem3blt(rdpContext* context, MEM3BLT_ORDER* mem3blt) + else + bitmap = bitmap_cache_get(cache->bitmap, (uint8) mem3blt->cacheId, mem3blt->cacheIndex); + ++ /* XP-SP2 servers sometimes ask for cached bitmaps they've never defined. */ ++ if (bitmap == NULL) return; ++ + mem3blt->bitmap = bitmap; + IFCALL(cache->bitmap->Mem3Blt, context, mem3blt); + } +-- +2.5.0 + diff --git a/SOURCES/fix-issue-530-NLA-password-asked-after-certificate-r.patch b/SOURCES/fix-issue-530-NLA-password-asked-after-certificate-r.patch new file mode 100644 index 0000000..6d6851e --- /dev/null +++ b/SOURCES/fix-issue-530-NLA-password-asked-after-certificate-r.patch @@ -0,0 +1,30 @@ +From 3941b9078775c31e37b8b4bd89cee06beac3aef1 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Rapha=C3=ABl=20Rigo?= +Date: Tue, 10 Apr 2012 22:24:08 +0200 +Subject: [PATCH 2/5] fix issue #530 "NLA password asked after certificate + refusal" close connection when the certificate is not trusted + +--- + libfreerdp-core/tls.c | 5 ++++- + 1 file changed, 4 insertions(+), 1 deletion(-) + +diff --git a/libfreerdp-core/tls.c b/libfreerdp-core/tls.c +index 942b430..b05100e 100644 +--- a/libfreerdp-core/tls.c ++++ b/libfreerdp-core/tls.c +@@ -80,8 +80,11 @@ boolean tls_connect(rdpTls* tls) + return false; + } + +- if (!tls_verify_certificate(tls, tls->cert, tls->settings->hostname)) ++ if (!tls_verify_certificate(tls, tls->cert, tls->settings->hostname)) { ++ printf("tls_connect: certificate not trusted, aborting.\n"); + tls_disconnect(tls); ++ return false; ++ } + + return true; + } +-- +2.5.5 + diff --git a/SOURCES/libfreerdp-core-verify-TLS-certificate-with-both-TLS.patch b/SOURCES/libfreerdp-core-verify-TLS-certificate-with-both-TLS.patch new file mode 100644 index 0000000..f1329f3 --- /dev/null +++ b/SOURCES/libfreerdp-core-verify-TLS-certificate-with-both-TLS.patch @@ -0,0 +1,220 @@ +From 53fa7e1e996f23818e17ab59f1cb1849c533472d Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Marc-Andr=C3=A9=20Moreau?= +Date: Sun, 12 Feb 2012 12:46:53 -0500 +Subject: [PATCH 1/5] libfreerdp-core: verify TLS certificate with both TLS and + NLA + +--- + libfreerdp-core/credssp.c | 44 ++++++++------------------------------------ + libfreerdp-core/credssp.h | 1 - + libfreerdp-core/nego.c | 5 ++++- + libfreerdp-core/tls.c | 19 +++++++++++++++++++ + libfreerdp-core/tls.h | 2 ++ + libfreerdp-core/transport.c | 1 + + 6 files changed, 34 insertions(+), 38 deletions(-) + +diff --git a/libfreerdp-core/credssp.c b/libfreerdp-core/credssp.c +index e269a21..6ef40e1 100644 +--- a/libfreerdp-core/credssp.c ++++ b/libfreerdp-core/credssp.c +@@ -119,33 +119,6 @@ int credssp_ntlmssp_init(rdpCredssp* credssp) + } + + /** +- * Get TLS public key. +- * @param credssp +- */ +- +-int credssp_get_public_key(rdpCredssp* credssp) +-{ +- int status; +- CryptoCert cert; +- +- cert = tls_get_certificate(credssp->transport->tls); +- +- if (cert == NULL) +- { +- printf("credssp_get_public_key: tls_get_certificate failed to return the server certificate.\n"); +- return 0; +- } +- +- if (!tls_verify_certificate(credssp->transport->tls, cert, credssp->transport->settings->hostname)) +- tls_disconnect(credssp->transport->tls); +- +- status = crypto_cert_get_public_key(cert, &credssp->public_key); +- crypto_cert_free(cert); +- +- return status; +-} +- +-/** + * Authenticate with server using CredSSP. + * @param credssp + * @return 1 if authentication is successful +@@ -160,9 +133,6 @@ int credssp_authenticate(rdpCredssp* credssp) + if (credssp_ntlmssp_init(credssp) == 0) + return 0; + +- if (credssp_get_public_key(credssp) == 0) +- return 0; +- + /* NTLMSSP NEGOTIATE MESSAGE */ + stream_attach(s, negoTokenBuffer, 2048); + ntlmssp_send(ntlmssp, s); +@@ -223,16 +193,18 @@ int credssp_authenticate(rdpCredssp* credssp) + void credssp_encrypt_public_key(rdpCredssp* credssp, rdpBlob* d) + { + uint8* p; ++ rdpTls* tls; + uint8 signature[16]; + rdpBlob encrypted_public_key; + NTLMSSP *ntlmssp = credssp->ntlmssp; ++ tls = credssp->transport->tls; + +- freerdp_blob_alloc(d, credssp->public_key.length + 16); +- ntlmssp_encrypt_message(ntlmssp, &credssp->public_key, &encrypted_public_key, signature); ++ freerdp_blob_alloc(d, tls->public_key.length + 16); ++ ntlmssp_encrypt_message(ntlmssp, &tls->public_key, &encrypted_public_key, signature); + + #ifdef WITH_DEBUG_NLA +- printf("Public Key (length = %d)\n", credssp->public_key.length); +- freerdp_hexdump(credssp->public_key.data, credssp->public_key.length); ++ printf("Public Key (length = %d)\n", tls->public_key.length); ++ freerdp_hexdump(tls->public_key.data, tls->public_key.length); + printf("\n"); + + printf("Encrypted Public Key (length = %d)\n", encrypted_public_key.length); +@@ -264,6 +236,7 @@ int credssp_verify_public_key(rdpCredssp* credssp, rdpBlob* d) + uint8* signature; + rdpBlob public_key; + rdpBlob encrypted_public_key; ++ rdpTls* tls = credssp->transport->tls; + + signature = d->data; + encrypted_public_key.data = (void*) (signature + 16); +@@ -271,7 +244,7 @@ int credssp_verify_public_key(rdpCredssp* credssp, rdpBlob* d) + + ntlmssp_decrypt_message(credssp->ntlmssp, &encrypted_public_key, &public_key, signature); + +- p1 = (uint8*) credssp->public_key.data; ++ p1 = (uint8*) tls->public_key.data; + p2 = (uint8*) public_key.data; + + p2[0]--; +@@ -661,7 +634,6 @@ void credssp_free(rdpCredssp* credssp) + { + if (credssp != NULL) + { +- freerdp_blob_free(&credssp->public_key); + freerdp_blob_free(&credssp->ts_credentials); + + ntlmssp_free(credssp->ntlmssp); +diff --git a/libfreerdp-core/credssp.h b/libfreerdp-core/credssp.h +index 3277425..d98554a 100644 +--- a/libfreerdp-core/credssp.h ++++ b/libfreerdp-core/credssp.h +@@ -40,7 +40,6 @@ struct rdp_credssp + rdpBlob pubKeyAuth; + rdpBlob authInfo; + int send_seq_num; +- rdpBlob public_key; + rdpBlob ts_credentials; + rdpSettings* settings; + CryptoRc4 rc4_seal_state; +diff --git a/libfreerdp-core/nego.c b/libfreerdp-core/nego.c +index 7eb810b..ab4da37 100644 +--- a/libfreerdp-core/nego.c ++++ b/libfreerdp-core/nego.c +@@ -256,8 +256,10 @@ void nego_attempt_rdp(rdpNego* nego) + boolean nego_recv_response(rdpNego* nego) + { + STREAM* s = transport_recv_stream_init(nego->transport, 1024); ++ + if (transport_read(nego->transport, s) < 0) + return false; ++ + return nego_recv(nego->transport, s, nego->transport->recv_extra); + } + +@@ -319,6 +321,7 @@ boolean nego_read_request(rdpNego* nego, STREAM* s) + + tpkt_read_header(s); + li = tpdu_read_connection_request(s); ++ + if (li != stream_get_left(s) + 6) + { + printf("Incorrect TPDU length indicator.\n"); +@@ -403,7 +406,7 @@ boolean nego_send_negotiation_request(rdpNego* nego) + { + int cookie_length = strlen(nego->cookie); + stream_write(s, "Cookie: mstshash=", 17); +- stream_write(s, (uint8*)nego->cookie, cookie_length); ++ stream_write(s, (uint8*) nego->cookie, cookie_length); + stream_write_uint8(s, 0x0D); /* CR */ + stream_write_uint8(s, 0x0A); /* LF */ + length += cookie_length + 19; +diff --git a/libfreerdp-core/tls.c b/libfreerdp-core/tls.c +index 106f9ca..942b430 100644 +--- a/libfreerdp-core/tls.c ++++ b/libfreerdp-core/tls.c +@@ -66,6 +66,23 @@ boolean tls_connect(rdpTls* tls) + return false; + } + ++ tls->cert = tls_get_certificate(tls); ++ ++ if (tls->cert == NULL) ++ { ++ printf("tls_connect: tls_get_certificate failed to return the server certificate.\n"); ++ return false; ++ } ++ ++ if (!crypto_cert_get_public_key(tls->cert, &tls->public_key)) ++ { ++ printf("tls_connect: crypto_cert_get_public_key failed to return the server public key.\n"); ++ return false; ++ } ++ ++ if (!tls_verify_certificate(tls, tls->cert, tls->settings->hostname)) ++ tls_disconnect(tls); ++ + return true; + } + +@@ -433,6 +450,8 @@ void tls_free(rdpTls* tls) + if (tls->ctx) + SSL_CTX_free(tls->ctx); + ++ freerdp_blob_free(&tls->public_key); ++ + certificate_store_free(tls->certificate_store); + + xfree(tls); +diff --git a/libfreerdp-core/tls.h b/libfreerdp-core/tls.h +index c3f2f59..e941dd0 100644 +--- a/libfreerdp-core/tls.h ++++ b/libfreerdp-core/tls.h +@@ -36,6 +36,8 @@ struct rdp_tls + SSL* ssl; + int sockfd; + SSL_CTX* ctx; ++ CryptoCert cert; ++ rdpBlob public_key; + rdpSettings* settings; + rdpCertificateStore* certificate_store; + }; +diff --git a/libfreerdp-core/transport.c b/libfreerdp-core/transport.c +index df43a8e..f4c28d8 100644 +--- a/libfreerdp-core/transport.c ++++ b/libfreerdp-core/transport.c +@@ -72,6 +72,7 @@ boolean transport_disconnect(rdpTransport* transport) + { + if (transport->layer == TRANSPORT_LAYER_TLS) + tls_disconnect(transport->tls); ++ + return tcp_disconnect(transport->tcp); + } + +-- +2.5.5 + diff --git a/SOURCES/rdpsnd-pulse-Fix-crash-if-device-isn-t-specified.patch b/SOURCES/rdpsnd-pulse-Fix-crash-if-device-isn-t-specified.patch new file mode 100644 index 0000000..40bafd5 --- /dev/null +++ b/SOURCES/rdpsnd-pulse-Fix-crash-if-device-isn-t-specified.patch @@ -0,0 +1,31 @@ +From 800c865bd79e3e4437cceb3219246cfad152205b Mon Sep 17 00:00:00 2001 +From: Ondrej Holy +Date: Thu, 11 Jun 2015 13:35:21 +0200 +Subject: [PATCH] rdpsnd/pulse: Fix crash if device isn't specified + +Freerdp crashes if pulseaudio device isn't specified on commandline, i.e.: +xfreerdp --plugin rdpsnd --data pulse + +The crash occurs, because data[1] is NULL and it is passed into strlen +function. We have to check whether data[1] was set before calling strlen +to fix this crash. +--- + channels/rdpsnd/pulse/rdpsnd_pulse.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/channels/rdpsnd/pulse/rdpsnd_pulse.c b/channels/rdpsnd/pulse/rdpsnd_pulse.c +index 1a331f0..54892cd 100644 +--- a/channels/rdpsnd/pulse/rdpsnd_pulse.c ++++ b/channels/rdpsnd/pulse/rdpsnd_pulse.c +@@ -474,7 +474,7 @@ int FreeRDPRdpsndDeviceEntry(PFREERDP_RDPSND_DEVICE_ENTRY_POINTS pEntryPoints) + data = pEntryPoints->plugin_data; + if (data && strcmp((char*)data->data[0], "pulse") == 0) + { +- if(strlen((char*)data->data[1]) > 0) ++ if(data->data[1] && strlen((char*)data->data[1]) > 0) + pulse->device_name = xstrdup((char*)data->data[1]); + else + pulse->device_name = NULL; +-- +2.5.0 + diff --git a/SPECS/freerdp.spec b/SPECS/freerdp.spec index cfaadbc..64c1cac 100644 --- a/SPECS/freerdp.spec +++ b/SPECS/freerdp.spec @@ -1,6 +1,6 @@ Name: freerdp Version: 1.0.2 -Release: 6%{?dist}.1 +Release: 10%{?dist} Summary: Remote Desktop Protocol client Group: Applications/Communications @@ -38,6 +38,22 @@ Patch3: libfreerdp-core-fix-issue-436.patch # https://bugzilla.redhat.com/show_bug.cgi?id=1296654 Patch4: fix-crashes-in-pulseaudio.patch +# Fix crash if pulseaudio device isn't specified +# https://bugzilla.redhat.com/show_bug.cgi?id=1067543 +Patch5: rdpsnd-pulse-Fix-crash-if-device-isn-t-specified.patch + +# Fix crash if requested bitmap isn't in cache +# https://bugzilla.redhat.com/show_bug.cgi?id=1311164 +Patch6: cover-the-case-of-servers-asking-for-cached-bitmaps-.patch + +# Add support for wildcard certificates +# https://bugzilla.redhat.com/show_bug.cgi?id=1275241 +Patch7: libfreerdp-core-verify-TLS-certificate-with-both-TLS.patch +Patch8: fix-issue-530-NLA-password-asked-after-certificate-r.patch +Patch9: 1-Add-support-for-Wildcard-Certificates-2-For-Gatewa.patch +Patch10: Using-the-more-efficient-code-for-comparing-host-nam.patch +Patch11: Fixed-a-possible-buffer-overflow-issue.patch + %description The xfreerdp Remote Desktop Protocol (RDP) client from the FreeRDP project. @@ -88,6 +104,13 @@ developing applications that use %{name}-libs. %patch2 -p1 %patch3 -p1 -b .fix-invalid-dereference %patch4 -p1 -b .fix-crashes-in-pulseaudio +%patch5 -p1 -b .rdpsnd-pulse-fix-crash-if-device-isn-t-specified +%patch6 -p1 -b .cover-the-case-of-servers-asking-for-cached-bitmaps-.patch +%patch7 -p1 -b .libfreerdp-core-verify-TLS-certificate-with-both-TLS +%patch8 -p1 -b .fix-issue-530-NLA-password-asked-after-certificate-r +%patch9 -p1 -b .1-Add-support-for-Wildcard-Certificates-2-For-Gatewa +%patch10 -p1 -b .Using-the-more-efficient-code-for-comparing-host-nam +%patch11 -p1 -b .Fixed-a-possible-buffer-overflow-issue cat << EOF > xfreerdp.desktop [Desktop Entry] @@ -177,9 +200,18 @@ gtk-update-icon-cache %{_datadir}/icons/hicolor &>/dev/null || : %changelog -* Fri Jan 15 2016 Ondrej Holy - 1.0.2-6.el7_2.1 +* Mon Apr 18 2016 Ondrej Holy - 1.0.2-10 +- Add support for wildcard certificates (#1275241) + +* Wed Apr 6 2016 Ondrej Holy - 1.0.2-9 +- Fix crash if requested bitmap isn't in cache (#1311164) + +* Wed Apr 6 2016 Ondrej Holy - 1.0.2-8 +- Fix crash if pulseaudio device isn't specified (#1067543) + +* Fri Jan 15 2016 Ondrej Holy - 1.0.2-7 - Fix crashes in pulseaudio -- Resolves: #1298832 +- Resolves: #1210049 * Thu Mar 19 2015 Ondrej Holy - 1.0.2-6 - Fix crash during CA verification caused by invalid pointer dereference