diff --git a/.freerdp.metadata b/.freerdp.metadata index 55fb7ee..e0aa7bd 100644 --- a/.freerdp.metadata +++ b/.freerdp.metadata @@ -1 +1 @@ -6c21e7f1505c64eeff056497bdd7b64551d34f5b SOURCES/freerdp-1.0.2.tar.gz +bd50ce9d8807499e14884a3019e9f42b40f3480b SOURCES/FreeRDP-2.0.0-rc4.tar.gz diff --git a/.gitignore b/.gitignore index ed350f2..7aad2fe 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1 @@ -SOURCES/freerdp-1.0.2.tar.gz +SOURCES/FreeRDP-2.0.0-rc4.tar.gz diff --git a/SOURCES/0001-xfreerdp.1.xml-Don-t-claim-to-support-multiple-conne.patch b/SOURCES/0001-xfreerdp.1.xml-Don-t-claim-to-support-multiple-conne.patch deleted file mode 100644 index 002d6e7..0000000 --- a/SOURCES/0001-xfreerdp.1.xml-Don-t-claim-to-support-multiple-conne.patch +++ /dev/null @@ -1,27 +0,0 @@ -From c2565b1cf9a6d50e1e94ae78224ba0fd72b2fa10 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?S=C3=B8ren=20Sandmann=20Pedersen?= -Date: Tue, 30 Jul 2013 05:48:35 -0400 -Subject: [PATCH 1/3] xfreerdp.1.xml: Don't claim to support multiple connections - -The 1.0.x series doesn't support multiple connections, so the man page -shouldn't indicate that it does. ---- - client/X11/xfreerdp.1.xml | 2 +- - 1 files changed, 1 insertions(+), 1 deletions(-) - -diff --git a/client/X11/xfreerdp.1.xml b/client/X11/xfreerdp.1.xml -index e1ce29e..d3b090b 100644 ---- a/client/X11/xfreerdp.1.xml -+++ b/client/X11/xfreerdp.1.xml -@@ -22,7 +22,7 @@ - 2011-08-27 - - -- xfreerdp [options] server[:port] [[options] server[:port] …] -+ xfreerdp [options] server[:port] - - - --- -1.7.1 - diff --git a/SOURCES/0002-Replace-itemizedlist-s-with-variablelist-s.patch b/SOURCES/0002-Replace-itemizedlist-s-with-variablelist-s.patch deleted file mode 100644 index b7234de..0000000 --- a/SOURCES/0002-Replace-itemizedlist-s-with-variablelist-s.patch +++ /dev/null @@ -1,294 +0,0 @@ -From d2c6eae775bfa8b22246a12e85825a63d27c43fe Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?S=C3=B8ren=20Sandmann=20Pedersen?= -Date: Tue, 30 Jul 2013 05:49:45 -0400 -Subject: [PATCH 2/3] Replace s with s - -The version of DocBook in RHEL 6 generates an indent for -itemizedlists, but doesn't generate the corresponding -outdent. Workaround this by replacing the itemizedlists with -variablelists. - -This patch is not intended for upstream since it's a hack around a bug -in the RHEL 6 version of docbook. ---- - client/X11/xfreerdp.1.xml | 220 +++++++++++++++++++++++++++------------------ - 1 files changed, 132 insertions(+), 88 deletions(-) - -diff --git a/client/X11/xfreerdp.1.xml b/client/X11/xfreerdp.1.xml -index d3b090b..363a245 100644 ---- a/client/X11/xfreerdp.1.xml -+++ b/client/X11/xfreerdp.1.xml -@@ -79,7 +79,7 @@ - - - Set the domain used in authentication to -- domain. -+ domain. - - - -@@ -104,29 +104,38 @@ - - - Sets the size of the FreeRDP window (and of the remote desktop, when establishing a new connection). -- geometry can have one of the following forms: -- -- -- -- WxH - -- in this case the resulting window will be of -- WxH pixels. -- -- -- -- -- P% - -- in this case the resulting window will be P% -- of your screen. -- -- -- -- -- The special keyword workarea - -- in this case the resulting window will be of the same size as your workarea. -- -- -- -+ geometry can -+ have one of the following forms: -+ -+ -+ -+ WxH -+ -+ -+ -+ in this case the resulting window will be of -+ WxH pixels. -+ -+ -+ -+ -+ P% -+ -+ -+ in this case the resulting window will be P% -+ of your screen. -+ -+ -+ -+ -+ The special keyword workarea -+ -+ -+ in this case the resulting window will be of the same size as your workarea. -+ -+ -+ -+ - - - -@@ -211,57 +220,93 @@ - - Set the experience performance flags. - flag can be one of: -- -- -- -- m - (modem): Equivalent to 15. -- -- -- -- -- b - (broadband): Equivalent to 1. -- -- -- -- -- l - (lan): Equivalent to 0. -- -- -- -- -- num - A hexadecimal number that -- represents a bit-mask, were numbers mean the following -- Taken from -- MS-RDPBCGR Section 2.2.1.11.1.1.1 - Extended Info Packet: -- -- -- 1: Disable desktop wallpaper. -- -- -- 2: Disable full-window drag (only the window outline is displayed when the window is moved). -- -- -- 4: Disable menu animations. -- -- -- 8: Disable user interface themes. -- -- -- 20: Disable mouse cursor shadows. -- -- -- 40: Disable cursor blinking. -- -- -- 80: Enable font smoothing. -- -- -- 100: Enable Desktop Composition. -- -- -- -- -- -+ -+ -+ m - (modem) -+ -+ -+ Equivalent to 15. -+ -+ -+ -+ -+ b - (broadband) -+ -+ -+ Equivalent to 1. -+ -+ -+ -+ -+ l - (lan) -+ -+ -+ Equivalent to 0. -+ -+ -+ -+ -+ num -+ -+ -+ A hexadecimal number that -+ represents a bit-mask, were numbers mean the following -+ Taken from -+ MS-RDPBCGR Section 2.2.1.11.1.1.1 - Extended Info Packet: -+ -+ -+ 1 -+ -+ Disable desktop wallpaper. -+ -+ -+ -+ 2 -+ -+ Disable full-window drag (only the window outline is displayed when the window is moved). -+ -+ -+ -+ 4 -+ -+ Disable menu animations. -+ -+ -+ -+ 8 -+ -+ Disable user interface themes. -+ -+ -+ -+ 20 -+ -+ Disable mouse cursor shadows. -+ -+ -+ -+ 40 -+ -+ Disable cursor blinking. -+ -+ -+ -+ 80 -+ -+ Enable font smoothing. -+ -+ -+ -+ 100 -+ -+ Enable Desktop Composition. -+ -+ -+ -+ -+ -+ -+ - - - -@@ -300,8 +345,8 @@ - - - Only authenticates. This is useful to test your credentials (username and password). -- Returns status code 0 if the client can connect. Requires a username, -- password and connection host at the command line. -+ Returns status code 0 if the client can connect. Requires a username, -+ password and connection host at the command line. - - - -@@ -351,9 +396,9 @@ - --from-stdin - - Prompts for unspecified arguments -u username, -p -- password, -d domain and connection host. This is useful to -- hide arguments from ps. Also useful for scripts that will -- feed these arguments to the client via (what else?) stdin. -+ password, -d domain and connection host. This is useful to -+ hide arguments from ps. Also useful for scripts that will -+ feed these arguments to the client via (what else?) stdin. - - - -@@ -473,8 +518,7 @@ - --ntlm version - - -- force NTLM protocol version to be version, which can be one of 1 or 2. -+ force NTLM protocol version to be version, which can be one of 1 or 2. - - - -@@ -511,14 +555,14 @@ - - - -- --version -- -- -+ --version -+ -+ - Print version information. - -- -- -- -+ -+ -+ - --disable-wallpaper - - --- -1.7.1 - diff --git a/SOURCES/1-Add-support-for-Wildcard-Certificates-2-For-Gatewa.patch b/SOURCES/1-Add-support-for-Wildcard-Certificates-2-For-Gatewa.patch deleted file mode 100644 index fab256a..0000000 --- a/SOURCES/1-Add-support-for-Wildcard-Certificates-2-For-Gatewa.patch +++ /dev/null @@ -1,132 +0,0 @@ -From 3da7c6207ebc4002bc1b0260d7d7c581c2fd635e Mon Sep 17 00:00:00 2001 -From: Chris -Date: Mon, 17 Jun 2013 21:19:01 +0200 -Subject: [PATCH 3/5] 1) Add support for Wildcard Certificates 2) For Gateway - connections compare against gateway host name instead of target host - ---- - libfreerdp-core/tls.c | 66 ++++++++++++++++++++++++++++++++++++++++++++------- - libfreerdp-core/tls.h | 1 + - 2 files changed, 58 insertions(+), 9 deletions(-) - -diff --git a/libfreerdp-core/tls.c b/libfreerdp-core/tls.c -index b05100e..db09960 100644 ---- a/libfreerdp-core/tls.c -+++ b/libfreerdp-core/tls.c -@@ -25,6 +25,7 @@ - boolean tls_connect(rdpTls* tls) - { - int connection_status; -+ char *hostname; - - tls->ctx = SSL_CTX_new(TLSv1_client_method()); - -@@ -80,7 +81,13 @@ boolean tls_connect(rdpTls* tls) - return false; - } - -- if (!tls_verify_certificate(tls, tls->cert, tls->settings->hostname)) { -+ if (tls->settings->ts_gateway) -+ hostname = tls->settings->tsg_hostname; -+ else -+ hostname = tls->settings->hostname; -+ -+ if (!tls_verify_certificate(tls, tls->cert, hostname)) -+ { - printf("tls_connect: certificate not trusted, aborting.\n"); - tls_disconnect(tls); - return false; -@@ -253,6 +260,50 @@ CryptoCert tls_get_certificate(rdpTls* tls) - return cert; - } - -+boolean tls_match_hostname(char *pattern, int pattern_length, char *hostname) -+{ -+ if (strlen(hostname) == pattern_length) -+ { -+ if (memcmp((void*) hostname, (void*) pattern, pattern_length) == 0) -+ return true; -+ } -+ -+ /* ccpp: Check for wildcard certificates */ -+ if (memchr(pattern, '*', pattern_length) != NULL) -+ { -+ /* The wildcard matches one subdomain level (all except a dot) */ -+ -+ int pattern_position = 0; -+ int hostname_position = 0; -+ -+ for(; hostname[hostname_position] && pattern_position < pattern_length; pattern_position++, hostname_position++) -+ { -+ if( pattern[pattern_position] == '*' ) { -+ while( hostname[hostname_position] != '.' && hostname[hostname_position] != '\0' ) -+ hostname_position++; -+ -+ pattern_position++; -+ } -+ -+ if (hostname[hostname_position] != pattern[pattern_position] ) -+ { -+ return false; -+ } -+ } -+ } -+ -+ if (pattern_length > 2 && pattern[0] == '*' && pattern[1] == '.') -+ { -+ char *check_hostname = &hostname[ strlen(hostname) - pattern_length+1 ]; -+ if (memcmp((void*) check_hostname, (void*) &pattern[1], pattern_length - 1) == 0 ) -+ { -+ return true; -+ } -+ } -+ -+ return false; -+} -+ - boolean tls_verify_certificate(rdpTls* tls, CryptoCert cert, char* hostname) - { - int match; -@@ -288,11 +339,8 @@ boolean tls_verify_certificate(rdpTls* tls, CryptoCert cert, char* hostname) - - if (common_name != NULL) - { -- if (strlen(hostname) == common_name_length) -- { -- if (memcmp((void*) hostname, (void*) common_name, common_name_length) == 0) -- hostname_match = true; -- } -+ if (tls_match_hostname(common_name, common_name_length, hostname)) -+ hostname_match = true; - } - - /* compare against alternative names */ -@@ -301,10 +349,10 @@ boolean tls_verify_certificate(rdpTls* tls, CryptoCert cert, char* hostname) - { - for (index = 0; index < alt_names_count; index++) - { -- if (strlen(hostname) == alt_names_lengths[index]) -+ if (tls_match_hostname(alt_names[index], alt_names_lengths[index], hostname)) - { -- if (memcmp((void*) hostname, (void*) alt_names[index], alt_names_lengths[index]) == 0) -- hostname_match = true; -+ hostname_match = true; -+ break; - } - } - } -diff --git a/libfreerdp-core/tls.h b/libfreerdp-core/tls.h -index e941dd0..b2218f9 100644 ---- a/libfreerdp-core/tls.h -+++ b/libfreerdp-core/tls.h -@@ -50,6 +50,7 @@ int tls_read(rdpTls* tls, uint8* data, int length); - int tls_write(rdpTls* tls, uint8* data, int length); - - CryptoCert tls_get_certificate(rdpTls* tls); -+boolean tls_match_hostname(char *pattern, int pattern_length, char *hostname); - boolean tls_verify_certificate(rdpTls* tls, CryptoCert cert, char* hostname); - void tls_print_certificate_error(char* hostname, char* fingerprint); - void tls_print_certificate_name_mismatch_error(char* hostname, char* common_name, char** alt_names, int alt_names_count); --- -2.5.5 - diff --git a/SOURCES/Add-description-for-available-plugins.patch b/SOURCES/Add-description-for-available-plugins.patch deleted file mode 100644 index 88ce93e..0000000 --- a/SOURCES/Add-description-for-available-plugins.patch +++ /dev/null @@ -1,163 +0,0 @@ -From 0c050bb8cde65b0ac368f06bfd5ec36cccf87a83 Mon Sep 17 00:00:00 2001 -From: Ondrej Holy -Date: Fri, 9 Jun 2017 09:49:11 +0200 -Subject: [PATCH] Add description for available plugins - -The man pages lack info about available plugins and its functionality. -Add description for available plugins and their parameters. - -It is based on info from upstream wiki pages: -https://github.com/FreeRDP/FreeRDP/wiki/Plugins -https://github.com/FreeRDP/FreeRDP/wiki/CommandLineInterface - -Removed mention about ALSA mixer support since it is not built in RHEL. ---- - client/X11/xfreerdp.1.xml | 140 ++++++++++++++++++++++++++++++++++++++++++++-- - 1 file changed, 136 insertions(+), 4 deletions(-) - -diff --git a/client/X11/xfreerdp.1.xml b/client/X11/xfreerdp.1.xml -index 6ccf42fc8..3b1dc675e 100644 ---- a/client/X11/xfreerdp.1.xml -+++ b/client/X11/xfreerdp.1.xml -@@ -438,10 +438,134 @@ - - - -- --plugin pluginname -- -- -- load pluginname -+ --plugin plugin [--data data --] -+ -+ -+ Load one of the following plugin: -+ -+ -+ cliprdr -+ -+ -+ Synchronize client and server clipboard data. -+ -+ -+ -+ -+ drdynvc --data subplugin [subplugin ...] -- -+ -+ -+ Enable multimedia redirection. -+ The subplugin must be one of the following: -+ -+ -+ -+ audin -+ -+ -+ Redirect audio recording device to the server. -+ -+ -+ -+ -+ tsmf -+ -+ -+ Enable video redirection. The --plugin rdpsnd needs to be enabled as well. -+ -+ -+ -+ -+ -+ -+ -+ rdpsnd [--data [subplugin] [latency:latency] --] -+ -+ -+ Enable audio output using one of the following subplugin and with a given latency in ms: -+ -+ -+ -+ pulse -+ -+ -+ Use PulseAudio mixer. -+ -+ -+ -+ -+ -+ -+ -+ rail --data executable[:workingdir[:arguments]] -- -+ -+ -+ Launch one executable in a workingdir with given arguments. -+ You must use --app before you can use rail. -+ -+ -+ -+ -+ rdpdbg -+ -+ -+ Enable debugging virtual channel. -+ -+ -+ -+ -+ rdpdr --data subplugin [subplugin ...] -- -+ -+ -+ Redirect filesystem devices on your client to the server. -+ If you want any redirection to work with Windows Server 2012 and newer you must use --plugin rdpsnd before you use any rdpdr options. -+ The subplugin must be one of the following: -+ -+ -+ -+ drive:name:path -+ -+ -+ Redirect system path as disk with name. -+ -+ -+ -+ -+ smartcard[:name] -+ -+ -+ Redirect smartcard with name. -+ -+ -+ -+ -+ serial:port:device -+ -+ -+ Redirect serial device (e.g. /dev/ttyS0) to port (e.g. COM0). -+ -+ -+ -+ -+ parallel:port:device -+ -+ -+ Redirect parallel device (e.g. /dev/lp0) to port (e.g. LPT0). -+ -+ -+ -+ -+ printer:cupsname:drivername -+ -+ -+ Redirect printer with cupsname and drivername. -+ -+ -+ -+ -+ -+ -+ - - - --- -2.14.1 - diff --git a/SOURCES/CVE-2018-8786.patch b/SOURCES/CVE-2018-8786.patch deleted file mode 100644 index d3ba04a..0000000 --- a/SOURCES/CVE-2018-8786.patch +++ /dev/null @@ -1,14 +0,0 @@ -diff --git a/libfreerdp-core/update.c b/libfreerdp-core/update.c -index c828b2214..5af9f6ab1 100644 ---- a/libfreerdp-core/update.c -+++ b/libfreerdp-core/update.c -@@ -90,7 +90,7 @@ void update_read_bitmap(rdpUpdate* update, STREAM* s, BITMAP_UPDATE* bitmap_upda - - if (bitmap_update->number > bitmap_update->count) - { -- uint16 count; -+ uint32 count; - - count = bitmap_update->number * 2; - - diff --git a/SOURCES/CVE-2018-8787.patch b/SOURCES/CVE-2018-8787.patch deleted file mode 100644 index 8d88554..0000000 --- a/SOURCES/CVE-2018-8787.patch +++ /dev/null @@ -1,34 +0,0 @@ -diff --git a/libfreerdp-gdi/graphics.c b/libfreerdp-gdi/graphics.c -index 04816334c..5a49bd365 100644 ---- a/libfreerdp-gdi/graphics.c -+++ b/libfreerdp-gdi/graphics.c -@@ -30,6 +30,8 @@ - #include - #include - -+#include -+ - #include "graphics.h" - - /* Bitmap Class */ -@@ -89,9 +91,18 @@ void gdi_Bitmap_Paint(rdpContext* context, rdpBitmap* bitmap) - void gdi_Bitmap_Decompress(rdpContext* context, rdpBitmap* bitmap, - uint8* data, int width, int height, int bpp, int length, boolean compressed) - { -- uint16 size; -+ uint32 size = width * height; -+ int bpp_op = (bpp + 7) / 8; -+ -+ if ((bpp == 0) || -+ (width == 0) || (height == 0) || (width > UINT32_MAX / height) || -+ (size > (UINT32_MAX / bpp_op))) -+ { -+ printf("gdi_Bitmap_Decompress failed\n"); -+ abort(); -+ } - -- size = width * height * (bpp + 7) / 8; -+ size *= bpp_op; - - if (bitmap->data == NULL) - bitmap->data = (uint8*) xmalloc(size); diff --git a/SOURCES/CVE-2018-8788.patch b/SOURCES/CVE-2018-8788.patch deleted file mode 100644 index a8ae95f..0000000 --- a/SOURCES/CVE-2018-8788.patch +++ /dev/null @@ -1,88 +0,0 @@ -diff --git a/libfreerdp-codec/nsc.c b/libfreerdp-codec/nsc.c -index a39bdd33e..a86ea80f4 100644 ---- a/libfreerdp-codec/nsc.c -+++ b/libfreerdp-codec/nsc.c -@@ -217,6 +217,11 @@ void nsc_rle_decode(STREAM* in, STREAM* out, uint32 origsz) - - if (i == 5) - { -+ if (stream_get_left(out) < 1) -+ { -+ printf("nsc_rle_decode failed"); -+ abort(); -+ } - stream_write_uint8(out,value); - i-=1; - } -@@ -228,6 +233,11 @@ void nsc_rle_decode(STREAM* in, STREAM* out, uint32 origsz) - { - uint8 len; - stream_read_uint8(in, len); -+ if (stream_get_left(out) < len+2) -+ { -+ printf("nsc_rle_decode failed"); -+ abort(); -+ } - stream_set_byte(out, value, len+2); - i -= (len+2); - } -@@ -236,17 +246,32 @@ void nsc_rle_decode(STREAM* in, STREAM* out, uint32 origsz) - uint32 len; - stream_seek(in, 1); - stream_read_uint32(in, len); -+ if (stream_get_left (out) < len) -+ { -+ printf("nsc_rle_decode failed"); -+ abort(); -+ } - stream_set_byte(out, value, len); - i -= len; - } - } - else - { -+ if (stream_get_left(out) < 1) -+ { -+ printf("nsc_rle_decode failed"); -+ abort(); -+ } - stream_write_uint8(out, value); - i -= 1; - } - } - -+ if (stream_get_left(out) < 4) -+ { -+ printf("nsc_rle_decode failed"); -+ abort(); -+ } - stream_copy(out, in, 4); - } - -@@ -264,11 +289,25 @@ void nsc_rle_decompress_data(NSC_CONTEXT* context) - origsize = context->OrgByteCount[i]; - - if (i == 3 && context->nsc_stream->PlaneByteCount[i] == 0) -+ { -+ if (stream_get_left(context->org_buf[i]) < origsize) -+ { -+ printf("nsc_rle_decompress_data failed"); -+ abort(); -+ } - stream_set_byte(context->org_buf[i], 0xff, origsize); -+ } - else if (context->nsc_stream->PlaneByteCount[i] < origsize) - nsc_rle_decode(rles, context->org_buf[i], origsize); - else -+ { -+ if (stream_get_left(context->org_buf[i]) < origsize) -+ { -+ printf("nsc_rle_decompress_data failed"); -+ abort(); -+ } - stream_copy(context->org_buf[i], rles, origsize); -+ } - - context->org_buf[i]->p = context->org_buf[i]->data; - } - diff --git a/SOURCES/FIPS-mode-support.patch b/SOURCES/FIPS-mode-support.patch deleted file mode 100644 index 5787ef3..0000000 --- a/SOURCES/FIPS-mode-support.patch +++ /dev/null @@ -1,342 +0,0 @@ -From 1511f1959b2a48cb2d41550441df366276e3c5cb Mon Sep 17 00:00:00 2001 -From: Ondrej Holy -Date: Tue, 7 Nov 2017 14:57:12 +0100 -Subject: [PATCH] FIPS mode support - ---- - libfreerdp-core/certificate.c | 17 +++++++----- - libfreerdp-core/connection.c | 3 +++ - libfreerdp-core/crypto.c | 61 ++++++++++++++++++++++++++++++++++++++----- - libfreerdp-core/crypto.h | 6 +++-- - libfreerdp-core/license.c | 15 ++++++++--- - libfreerdp-core/nego.c | 5 +++- - libfreerdp-core/security.c | 33 +++++++++++++++++++---- - libfreerdp-utils/args.c | 3 --- - 8 files changed, 116 insertions(+), 27 deletions(-) - -diff --git a/libfreerdp-core/certificate.c b/libfreerdp-core/certificate.c -index 801ed3609..1fd2cd216 100644 ---- a/libfreerdp-core/certificate.c -+++ b/libfreerdp-core/certificate.c -@@ -276,15 +276,19 @@ static boolean certificate_process_server_public_key(rdpCertificate* certificate - - static boolean certificate_process_server_public_signature(rdpCertificate* certificate, uint8* sigdata, int sigdatalen, STREAM* s, uint32 siglen) - { -- uint8 md5hash[CRYPTO_MD5_DIGEST_LENGTH]; -+ /*uint8 md5hash[CRYPTO_MD5_DIGEST_LENGTH];*/ - uint8 encsig[TSSK_KEY_LENGTH + 8]; - uint8 sig[TSSK_KEY_LENGTH]; -- CryptoMd5 md5ctx; -+ /*CryptoMd5 md5ctx;*/ - int i, sum; - -- md5ctx = crypto_md5_init(); -+ /* Do not bother with validation of server proprietary certificate. The use of MD5 here is not allowed under FIPS. */ -+ /* Since the validation is not protecting against anything since the private/public keys are well known and documented in */ -+ /* MS-RDPBCGR section 5.3.3.1, we are not gaining any security by using MD5 for signature comparison. Rather then use MD5 */ -+ /* here we just dont do the validation to avoid its use. Historically, freerdp has been ignoring a failed validation anyways. */ -+ /*md5ctx = crypto_md5_init(); - crypto_md5_update(md5ctx, sigdata, sigdatalen); -- crypto_md5_final(md5ctx, md5hash); -+ crypto_md5_final(md5ctx, md5hash);*/ - - stream_read(s, encsig, siglen); - -@@ -304,11 +308,12 @@ static boolean certificate_process_server_public_signature(rdpCertificate* certi - crypto_rsa_public_decrypt(encsig, siglen, TSSK_KEY_LENGTH, tssk_modulus, tssk_exponent, sig); - - /* Verify signature. */ -- if (memcmp(md5hash, sig, sizeof(md5hash)) != 0) -+ /* Do not bother with validation of server proprietary certificate as described above. */ -+ /*if (memcmp(md5hash, sig, sizeof(md5hash)) != 0) - { - printf("certificate_process_server_public_signature: invalid signature\n"); - //return false; -- } -+ }*/ - - /* - * Verify rest of decrypted data: -diff --git a/libfreerdp-core/connection.c b/libfreerdp-core/connection.c -index 7e1769ee4..7853c86bd 100644 ---- a/libfreerdp-core/connection.c -+++ b/libfreerdp-core/connection.c -@@ -65,6 +65,9 @@ boolean rdp_client_connect(rdpRdp* rdp) - uint32 selectedProtocol; - rdpSettings* settings = rdp->settings; - -+ if (FIPS_mode() == 1) -+ settings->nla_security = false; -+ - nego_init(rdp->nego); - nego_set_target(rdp->nego, settings->hostname, settings->port); - nego_set_cookie(rdp->nego, settings->username); -diff --git a/libfreerdp-core/crypto.c b/libfreerdp-core/crypto.c -index a0e2ccb9d..e6115b867 100644 ---- a/libfreerdp-core/crypto.c -+++ b/libfreerdp-core/crypto.c -@@ -37,34 +37,81 @@ void crypto_sha1_final(CryptoSha1 sha1, uint8* out_data) - xfree(sha1); - } - --CryptoMd5 crypto_md5_init(void) -+static CryptoMd5 crypto_md5_init_internal(boolean override_fips) - { - CryptoMd5 md5 = xmalloc(sizeof(*md5)); -- MD5_Init(&md5->md5_ctx); -+ -+ EVP_MD_CTX_init(&md5->md5_ctx); -+ if (override_fips) -+ EVP_MD_CTX_set_flags(&md5->md5_ctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW); -+ if (EVP_DigestInit_ex(&md5->md5_ctx, EVP_md5(), NULL) != 1) -+ { -+ printf("EVP_DigestInit_ex failed\n"); -+ abort(); -+ } -+ - return md5; - } - -+CryptoMd5 crypto_md5_init(void) -+{ -+ return crypto_md5_init_internal(false); -+} -+ -+CryptoMd5 crypto_md5_init_allow_fips(void) -+{ -+ return crypto_md5_init_internal(true); -+} -+ - void crypto_md5_update(CryptoMd5 md5, const uint8* data, uint32 length) - { -- MD5_Update(&md5->md5_ctx, data, length); -+ EVP_DigestUpdate(&md5->md5_ctx, data, length); - } - - void crypto_md5_final(CryptoMd5 md5, uint8* out_data) - { -- MD5_Final(out_data, &md5->md5_ctx); -+ EVP_DigestFinal_ex(&md5->md5_ctx, out_data, NULL); - xfree(md5); - } - --CryptoRc4 crypto_rc4_init(const uint8* key, uint32 length) -+static CryptoRc4 crypto_rc4_init_internal(const uint8* key, uint32 length, boolean override_fips) - { - CryptoRc4 rc4 = xmalloc(sizeof(*rc4)); -- RC4_set_key(&rc4->rc4_key, length, key); -+ -+ EVP_CIPHER_CTX_init(&rc4->rc4_ctx); -+ if (EVP_EncryptInit_ex(&rc4->rc4_ctx, EVP_rc4(), NULL, NULL, NULL) != 1) -+ { -+ printf("EVP_EncryptInit_ex failed\n"); -+ abort(); -+ } -+ -+ if (override_fips) -+ EVP_CIPHER_CTX_set_flags(&rc4->rc4_ctx, EVP_CIPH_FLAG_NON_FIPS_ALLOW); -+ -+ EVP_CIPHER_CTX_set_key_length(&rc4->rc4_ctx, length); -+ if (EVP_EncryptInit_ex(&rc4->rc4_ctx, NULL, NULL, key, NULL) != 1) -+ { -+ printf("EVP_EncryptInit_ex failed\n"); -+ abort(); -+ } -+ - return rc4; - } - -+CryptoRc4 crypto_rc4_init(const uint8* key, uint32 length) -+{ -+ return crypto_rc4_init_internal(key, length, false); -+} -+ -+CryptoRc4 crypto_rc4_init_allow_fips(const uint8* key, uint32 length) -+{ -+ return crypto_rc4_init_internal(key, length, true); -+} -+ - void crypto_rc4(CryptoRc4 rc4, uint32 length, const uint8* in_data, uint8* out_data) - { -- RC4(&rc4->rc4_key, length, in_data, out_data); -+ int outputLength; -+ EVP_CipherUpdate(&rc4->rc4_ctx, out_data, &outputLength, in_data, length); - } - - void crypto_rc4_free(CryptoRc4 rc4) -diff --git a/libfreerdp-core/crypto.h b/libfreerdp-core/crypto.h -index 15afca8a4..a595c3831 100644 ---- a/libfreerdp-core/crypto.h -+++ b/libfreerdp-core/crypto.h -@@ -54,12 +54,12 @@ struct crypto_sha1_struct - - struct crypto_md5_struct - { -- MD5_CTX md5_ctx; -+ EVP_MD_CTX md5_ctx; - }; - - struct crypto_rc4_struct - { -- RC4_KEY rc4_key; -+ EVP_CIPHER_CTX rc4_ctx; - }; - - struct crypto_des3_struct -@@ -86,11 +86,13 @@ void crypto_sha1_final(CryptoSha1 sha1, uint8* out_data); - #define CRYPTO_MD5_DIGEST_LENGTH MD5_DIGEST_LENGTH - typedef struct crypto_md5_struct* CryptoMd5; - CryptoMd5 crypto_md5_init(void); -+CryptoMd5 crypto_md5_init_allow_fips(void); - void crypto_md5_update(CryptoMd5 md5, const uint8* data, uint32 length); - void crypto_md5_final(CryptoMd5 md5, uint8* out_data); - - typedef struct crypto_rc4_struct* CryptoRc4; - CryptoRc4 crypto_rc4_init(const uint8* key, uint32 length); -+CryptoRc4 crypto_rc4_init_allow_fips(const uint8* key, uint32 length); - void crypto_rc4(CryptoRc4 rc4, uint32 length, const uint8* in_data, uint8* out_data); - void crypto_rc4_free(CryptoRc4 rc4); - -diff --git a/libfreerdp-core/license.c b/libfreerdp-core/license.c -index 60b9f9366..7e5734069 100644 ---- a/libfreerdp-core/license.c -+++ b/libfreerdp-core/license.c -@@ -295,7 +295,10 @@ void license_generate_hwid(rdpLicense* license) - memset(license->hwid, 0, HWID_LENGTH); - mac_address = license->rdp->transport->tcp->mac_address; - -- md5 = crypto_md5_init(); -+ /* Allow FIPS override for use of MD5 here, really this does not have to be MD5 as we are just taking a MD5 hash of the 6 bytes of 0's(macAddress) */ -+ /* and filling in the Data1-Data4 fields of the CLIENT_HARDWARE_ID structure(from MS-RDPELE section 2.2.2.3.1). This is for RDP licensing packets */ -+ /* which will already be encrypted under FIPS, so the use of MD5 here is not for sensitive data protection. */ -+ md5 = crypto_md5_init_allow_fips(); - crypto_md5_update(md5, mac_address, 6); - crypto_md5_final(md5, &license->hwid[HWID_PLATFORM_ID_LENGTH]); - } -@@ -354,7 +357,10 @@ void license_decrypt_platform_challenge(rdpLicense* license) - license->platform_challenge->length = - license->encrypted_platform_challenge->length; - -- rc4 = crypto_rc4_init(license->licensing_encryption_key, LICENSING_ENCRYPTION_KEY_LENGTH); -+ /* Allow FIPS override for use of RC4 here, this is only used for decrypting the MACData field of the */ -+ /* Server Platform Challenge packet (from MS-RDPELE section 2.2.2.4). This is for RDP licensing packets */ -+ /* which will already be encrypted under FIPS, so the use of RC4 here is not for sensitive data protection. */ -+ rc4 = crypto_rc4_init_allow_fips(license->licensing_encryption_key, LICENSING_ENCRYPTION_KEY_LENGTH); - - crypto_rc4(rc4, license->encrypted_platform_challenge->length, - license->encrypted_platform_challenge->data, -@@ -829,8 +835,11 @@ void license_send_platform_challenge_response_packet(rdpLicense* license) - security_mac_data(license->mac_salt_key, buffer, length, mac_data); - xfree(buffer); - -+ /* Allow FIPS override for use of RC4 here, this is only used for encrypting the EncryptedHWID field of the */ -+ /* Client Platform Challenge Response packet (from MS-RDPELE section 2.2.2.5). This is for RDP licensing packets */ -+ /* which will already be encrypted under FIPS, so the use of RC4 here is not for sensitive data protection. */ - buffer = (uint8*) xmalloc(HWID_LENGTH); -- rc4 = crypto_rc4_init(license->licensing_encryption_key, LICENSING_ENCRYPTION_KEY_LENGTH); -+ rc4 = crypto_rc4_init_allow_fips(license->licensing_encryption_key, LICENSING_ENCRYPTION_KEY_LENGTH); - crypto_rc4(rc4, HWID_LENGTH, license->hwid, buffer); - crypto_rc4_free(rc4); - -diff --git a/libfreerdp-core/nego.c b/libfreerdp-core/nego.c -index 7eb810bba..199870408 100644 ---- a/libfreerdp-core/nego.c -+++ b/libfreerdp-core/nego.c -@@ -89,7 +89,10 @@ boolean nego_connect(rdpNego* nego) - if(nego->selected_protocol == PROTOCOL_RDP) - { - nego->transport->settings->encryption = true; -- nego->transport->settings->encryption_method = ENCRYPTION_METHOD_40BIT | ENCRYPTION_METHOD_128BIT | ENCRYPTION_METHOD_FIPS; -+ if (FIPS_mode() != 1) -+ nego->transport->settings->encryption_method = ENCRYPTION_METHOD_40BIT | ENCRYPTION_METHOD_128BIT | ENCRYPTION_METHOD_FIPS; -+ else -+ nego->transport->settings->encryption_method = ENCRYPTION_METHOD_FIPS; - nego->transport->settings->encryption_level = ENCRYPTION_LEVEL_CLIENT_COMPATIBLE; - } - -diff --git a/libfreerdp-core/security.c b/libfreerdp-core/security.c -index d93c3b9a8..d93390de2 100644 ---- a/libfreerdp-core/security.c -+++ b/libfreerdp-core/security.c -@@ -131,7 +131,10 @@ static void security_salted_hash(uint8* salt, uint8* input, int length, uint8* s - crypto_sha1_final(sha1, sha1_digest); - - /* SaltedHash(Salt, Input, Salt1, Salt2) = MD5(S + SHA1_Digest) */ -- md5 = crypto_md5_init(); -+ /* Allow FIPS override for use of MD5 here, this is used for creating hashes of the premaster_secret and master_secret */ -+ /* used for RDP licensing as described in MS-RDPELE. This is for RDP licensing packets */ -+ /* which will already be encrypted under FIPS, so the use of MD5 here is not for sensitive data protection. */ -+ md5 = crypto_md5_init_allow_fips(); - crypto_md5_update(md5, salt, 48); /* Salt (48 bytes) */ - crypto_md5_update(md5, sha1_digest, sizeof(sha1_digest)); /* SHA1_Digest */ - crypto_md5_final(md5, output); -@@ -182,10 +185,24 @@ void security_md5_16_32_32(uint8* in0, uint8* in1, uint8* in2, uint8* output) - crypto_md5_final(md5, output); - } - -+void security_md5_16_32_32_allow_fips(uint8* in0, uint8* in1, uint8* in2, uint8* output) -+{ -+ CryptoMd5 md5; -+ -+ md5 = crypto_md5_init_allow_fips(); -+ crypto_md5_update(md5, in0, 16); -+ crypto_md5_update(md5, in1, 32); -+ crypto_md5_update(md5, in2, 32); -+ crypto_md5_final(md5, output); -+} -+ - void security_licensing_encryption_key(uint8* session_key_blob, uint8* client_random, uint8* server_random, uint8* output) - { - /* LicensingEncryptionKey = MD5(Second128Bits(SessionKeyBlob) + ClientRandom + ServerRandom)) */ -- security_md5_16_32_32(&session_key_blob[16], client_random, server_random, output); -+ /* Allow FIPS use of MD5 here, this is just used for creating the licensing encryption key as described in MS-RDPELE. */ -+ /* This is for RDP licensing packets which will already be encrypted under FIPS, so the use of MD5 here is not for */ -+ /* sensitive data protection. */ -+ security_md5_16_32_32_allow_fips(&session_key_blob[16], client_random, server_random, output); - } - - void security_uint32_le(uint8* output, uint32 value) -@@ -216,7 +233,10 @@ void security_mac_data(uint8* mac_salt_key, uint8* data, uint32 length, uint8* o - crypto_sha1_final(sha1, sha1_digest); - - /* MacData = MD5(MacSaltKey + pad2 + SHA1_Digest) */ -- md5 = crypto_md5_init(); -+ /* Allow FIPS override for use of MD5 here, this is only used for creating the MACData field of the */ -+ /* Client Platform Challenge Response packet (from MS-RDPELE section 2.2.2.5). This is for RDP licensing packets */ -+ /* which will already be encrypted under FIPS, so the use of MD5 here is not for sensitive data protection. */ -+ md5 = crypto_md5_init_allow_fips(); - crypto_md5_update(md5, mac_salt_key, 16); /* MacSaltKey */ - crypto_md5_update(md5, pad2, sizeof(pad2)); /* pad2 */ - crypto_md5_update(md5, sha1_digest, sizeof(sha1_digest)); /* SHA1_Digest */ -@@ -400,9 +420,12 @@ boolean security_establish_keys(uint8* client_random, rdpRdp* rdp) - security_md5_16_32_32(&session_key_blob[32], client_random, - server_random, rdp->decrypt_key); - } else { -- security_md5_16_32_32(&session_key_blob[16], client_random, -+ /* Allow FIPS use of MD5 here, this is just used for generation of the SessionKeyBlob as described in MS-RDPELE. */ -+ /* This is for RDP licensing packets which will already be encrypted under FIPS, so the use of MD5 here is not */ -+ /* for sensitive data protection. */ -+ security_md5_16_32_32_allow_fips(&session_key_blob[16], client_random, - server_random, rdp->decrypt_key); -- security_md5_16_32_32(&session_key_blob[32], client_random, -+ security_md5_16_32_32_allow_fips(&session_key_blob[32], client_random, - server_random, rdp->encrypt_key); - } - -diff --git a/libfreerdp-utils/args.c b/libfreerdp-utils/args.c -index d9b08c41f..333742536 100644 ---- a/libfreerdp-utils/args.c -+++ b/libfreerdp-utils/args.c -@@ -550,9 +550,6 @@ int freerdp_parse_args(rdpSettings* settings, int argc, char** argv, - settings->rdp_security = true; - settings->tls_security = false; - settings->nla_security = false; -- settings->encryption = true; -- settings->encryption_method = ENCRYPTION_METHOD_40BIT | ENCRYPTION_METHOD_128BIT | ENCRYPTION_METHOD_FIPS; -- settings->encryption_level = ENCRYPTION_LEVEL_CLIENT_COMPATIBLE; - } - else if (strncmp("tls", argv[index], 1) == 0) /* TLS */ - { --- -2.15.0 - diff --git a/SOURCES/Fix-NTLM-on-big-endian.patch b/SOURCES/Fix-NTLM-on-big-endian.patch deleted file mode 100644 index 7cf7e0c..0000000 --- a/SOURCES/Fix-NTLM-on-big-endian.patch +++ /dev/null @@ -1,133 +0,0 @@ -From 25d31015255cf1b80dae76a3654ba0d62c4d71d5 Mon Sep 17 00:00:00 2001 -From: Ondrej Holy -Date: Wed, 27 Sep 2017 15:56:35 +0200 -Subject: [PATCH 1/2] Fix NTLM on big endian - -Based on fixes from master: -https://github.com/FreeRDP/FreeRDP/pull/3284 ---- - libfreerdp-core/ntlmssp.c | 39 +++++++++++++++++++++++++++++---------- - 1 file changed, 29 insertions(+), 10 deletions(-) - -diff --git a/libfreerdp-core/ntlmssp.c b/libfreerdp-core/ntlmssp.c -index 84ad319c3..8f69878cf 100644 ---- a/libfreerdp-core/ntlmssp.c -+++ b/libfreerdp-core/ntlmssp.c -@@ -126,6 +126,13 @@ static const char* const AV_PAIRS_STRINGS[] = - "MsvChannelBindings" - }; - -+#define Data_Write_UINT32(_d, _v) do { \ -+ *((uint8*) _d) = (_v) & 0xFF; \ -+ *((uint8*) _d + 1) = ((_v) >> 8) & 0xFF; \ -+ *((uint8*) _d + 2) = ((_v) >> 16) & 0xFF; \ -+ *((uint8*) _d + 3) = ((_v) >> 24) & 0xFF; \ -+} while (0) -+ - /** - * Set NTLMSSP username. - * @param ntlmssp -@@ -138,7 +145,9 @@ void ntlmssp_set_username(NTLMSSP* ntlmssp, char* username) - - if (username != NULL) - { -- ntlmssp->username.data = freerdp_uniconv_out(ntlmssp->uniconv, username, (size_t*) &(ntlmssp->username.length)); -+ size_t length; -+ ntlmssp->username.data = freerdp_uniconv_out(ntlmssp->uniconv, username, &length); -+ ntlmssp->username.length = length; - } - } - -@@ -154,7 +163,9 @@ void ntlmssp_set_domain(NTLMSSP* ntlmssp, char* domain) - - if (domain != NULL) - { -- ntlmssp->domain.data = freerdp_uniconv_out(ntlmssp->uniconv, domain, (size_t*) &(ntlmssp->domain.length)); -+ size_t length; -+ ntlmssp->domain.data = freerdp_uniconv_out(ntlmssp->uniconv, domain, &length); -+ ntlmssp->domain.length = length; - } - } - -@@ -170,7 +181,9 @@ void ntlmssp_set_password(NTLMSSP* ntlmssp, char* password) - - if (password != NULL) - { -- ntlmssp->password.data = freerdp_uniconv_out(ntlmssp->uniconv, password, (size_t*) &(ntlmssp->password.length)); -+ size_t length; -+ ntlmssp->password.data = freerdp_uniconv_out(ntlmssp->uniconv, password, &length); -+ ntlmssp->password.length = length; - } - } - -@@ -186,7 +199,9 @@ void ntlmssp_set_workstation(NTLMSSP* ntlmssp, char* workstation) - - if (workstation != NULL) - { -- ntlmssp->workstation.data = freerdp_uniconv_out(ntlmssp->uniconv, workstation, (size_t*) &(ntlmssp->workstation.length)); -+ size_t length; -+ ntlmssp->workstation.data = freerdp_uniconv_out(ntlmssp->uniconv, workstation, &length); -+ ntlmssp->workstation.length = length; - } - } - -@@ -1185,11 +1200,13 @@ void ntlmssp_encrypt_message(NTLMSSP* ntlmssp, rdpBlob* msg, rdpBlob* encrypted_ - uint8 digest[16]; - uint8 checksum[8]; - uint32 version = 1; -+ uint32 value; - - /* Compute the HMAC-MD5 hash of ConcatenationOf(seq_num,msg) using the client signing key */ - HMAC_CTX_init(&hmac_ctx); - HMAC_Init_ex(&hmac_ctx, ntlmssp->client_signing_key, 16, EVP_md5(), NULL); -- HMAC_Update(&hmac_ctx, (void*) &ntlmssp->send_seq_num, 4); -+ Data_Write_UINT32(&value, ntlmssp->send_seq_num); -+ HMAC_Update(&hmac_ctx, (void*) &value, 4); - HMAC_Update(&hmac_ctx, msg->data, msg->length); - HMAC_Final(&hmac_ctx, digest, NULL); - -@@ -1203,9 +1220,9 @@ void ntlmssp_encrypt_message(NTLMSSP* ntlmssp, rdpBlob* msg, rdpBlob* encrypted_ - crypto_rc4(ntlmssp->send_rc4_seal, 8, digest, checksum); - - /* Concatenate version, ciphertext and sequence number to build signature */ -- memcpy(signature, (void*) &version, 4); -+ Data_Write_UINT32(signature, version); - memcpy(&signature[4], (void*) checksum, 8); -- memcpy(&signature[12], (void*) &(ntlmssp->send_seq_num), 4); -+ Data_Write_UINT32(&signature[12], ntlmssp->send_seq_num); - - HMAC_CTX_cleanup(&hmac_ctx); - -@@ -1230,6 +1247,7 @@ int ntlmssp_decrypt_message(NTLMSSP* ntlmssp, rdpBlob* encrypted_msg, rdpBlob* m - uint8 checksum[8]; - uint32 version = 1; - uint8 expected_signature[16]; -+ uint32 value; - - /* Allocate space for encrypted message */ - freerdp_blob_alloc(msg, encrypted_msg->length); -@@ -1240,7 +1258,8 @@ int ntlmssp_decrypt_message(NTLMSSP* ntlmssp, rdpBlob* encrypted_msg, rdpBlob* m - /* Compute the HMAC-MD5 hash of ConcatenationOf(seq_num,msg) using the client signing key */ - HMAC_CTX_init(&hmac_ctx); - HMAC_Init_ex(&hmac_ctx, ntlmssp->server_signing_key, 16, EVP_md5(), NULL); -- HMAC_Update(&hmac_ctx, (void*) &ntlmssp->recv_seq_num, 4); -+ Data_Write_UINT32(&value, ntlmssp->recv_seq_num); -+ HMAC_Update(&hmac_ctx, (void*) &value, 4); - HMAC_Update(&hmac_ctx, msg->data, msg->length); - HMAC_Final(&hmac_ctx, digest, NULL); - -@@ -1248,9 +1267,9 @@ int ntlmssp_decrypt_message(NTLMSSP* ntlmssp, rdpBlob* encrypted_msg, rdpBlob* m - crypto_rc4(ntlmssp->recv_rc4_seal, 8, digest, checksum); - - /* Concatenate version, ciphertext and sequence number to build signature */ -- memcpy(expected_signature, (void*) &version, 4); -+ Data_Write_UINT32(expected_signature, version); - memcpy(&expected_signature[4], (void*) checksum, 8); -- memcpy(&expected_signature[12], (void*) &(ntlmssp->recv_seq_num), 4); -+ Data_Write_UINT32(&expected_signature[12], ntlmssp->recv_seq_num); - - if (memcmp(signature, expected_signature, 16) != 0) - { --- -2.14.2 - diff --git a/SOURCES/Fix-colors-on-big-endian.patch b/SOURCES/Fix-colors-on-big-endian.patch deleted file mode 100644 index 4033176..0000000 --- a/SOURCES/Fix-colors-on-big-endian.patch +++ /dev/null @@ -1,532 +0,0 @@ -From 5e1aa9e1a4ed8ca4119a6e5b4db554af5367784e Mon Sep 17 00:00:00 2001 -From: Ondrej Holy -Date: Tue, 3 Oct 2017 09:25:25 +0200 -Subject: [PATCH 2/2] Fix colors on big endian - -Based on fixes from master: -https://github.com/FreeRDP/FreeRDP/pull/4135 ---- - client/X11/xf_graphics.c | 31 +++++++++++++++++- - client/X11/xfreerdp.c | 4 +++ - libfreerdp-codec/bitmap.c | 7 ++-- - libfreerdp-codec/color.c | 83 +++++++++++++++++++++++++++++++++++------------ - libfreerdp-gdi/16bpp.c | 17 +++++++--- - libfreerdp-gdi/32bpp.c | 21 +++++++++--- - 6 files changed, 129 insertions(+), 34 deletions(-) - -diff --git a/client/X11/xf_graphics.c b/client/X11/xf_graphics.c -index ed5f9bc25..0bd4e9378 100644 ---- a/client/X11/xf_graphics.c -+++ b/client/X11/xf_graphics.c -@@ -49,6 +49,8 @@ void xf_Bitmap_New(rdpContext* context, rdpBitmap* bitmap) - { - image = XCreateImage(xfi->display, xfi->visual, xfi->depth, - ZPixmap, 0, (char*) data, bitmap->width, bitmap->height, xfi->scanline_pad, 0); -+ image->byte_order = LSBFirst; -+ image->bitmap_bit_order = LSBFirst; - - XPutImage(xfi->display, pixmap, xfi->gc, image, 0, 0, 0, 0, bitmap->width, bitmap->height); - XFree(image); -@@ -89,6 +91,8 @@ void xf_Bitmap_Paint(rdpContext* context, rdpBitmap* bitmap) - - image = XCreateImage(xfi->display, xfi->visual, xfi->depth, - ZPixmap, 0, (char*) bitmap->data, bitmap->width, bitmap->height, xfi->scanline_pad, 0); -+ image->byte_order = LSBFirst; -+ image->bitmap_bit_order = LSBFirst; - - XPutImage(xfi->display, xfi->primary, xfi->gc, - image, 0, 0, bitmap->left, bitmap->top, width, height); -@@ -149,6 +153,13 @@ void xf_Bitmap_SetSurface(rdpContext* context, rdpBitmap* bitmap, boolean primar - - /* Pointer Class */ - -+#define Data_Read_UINT32(_d, _v) do { _v = \ -+ (uint32)(*((uint8*) _d)) + \ -+ (((uint32)(*((uint8*) _d + 1))) << 8) + \ -+ (((uint32)(*((uint8*) _d + 2))) << 16) + \ -+ (((uint32)(*((uint8*) _d + 3))) << 24); \ -+} while (0) -+ - void xf_Pointer_New(rdpContext* context, rdpPointer* pointer) - { - XcursorImage ci; -@@ -170,6 +181,25 @@ void xf_Pointer_New(rdpContext* context, rdpPointer* pointer) - pointer->width, pointer->height, pointer->xorBpp, xfi->clrconv); - } - -+ if (xfi->big_endian) -+ { -+ int x, y; -+ uint32* pixel; -+ uint32 value; -+ -+ pixel = (uint32*) ci.pixels; -+ -+ for (y = 0; y < ci.height; y++) -+ { -+ for (x = 0; x < ci.width; x++) -+ { -+ Data_Read_UINT32(pixel, value); -+ *pixel = value; -+ pixel++; -+ } -+ } -+ } -+ - ((xfPointer*) pointer)->cursor = XcursorImageLoadCursor(xfi->display, &ci); - xfree(ci.pixels); - } -@@ -209,7 +239,6 @@ void xf_Glyph_New(rdpContext* context, rdpGlyph* glyph) - - image = XCreateImage(xfi->display, xfi->visual, 1, - ZPixmap, 0, (char*) glyph->aj, glyph->cx, glyph->cy, 8, scanline); -- - image->byte_order = MSBFirst; - image->bitmap_bit_order = MSBFirst; - -diff --git a/client/X11/xfreerdp.c b/client/X11/xfreerdp.c -index 2d0e6704d..786cc0bd8 100644 ---- a/client/X11/xfreerdp.c -+++ b/client/X11/xfreerdp.c -@@ -181,6 +181,8 @@ void xf_sw_desktop_resize(rdpContext* context) - XDestroyImage(xfi->image); - xfi->image = XCreateImage(xfi->display, xfi->visual, xfi->depth, ZPixmap, 0, - (char*) gdi->primary_buffer, gdi->width, gdi->height, xfi->scanline_pad, 0); -+ xfi->image->byte_order = LSBFirst; -+ xfi->image->bitmap_bit_order = LSBFirst; - } - } - } -@@ -707,6 +709,8 @@ boolean xf_post_connect(freerdp* instance) - - xfi->image = XCreateImage(xfi->display, xfi->visual, xfi->depth, ZPixmap, 0, - (char*) xfi->primary_buffer, xfi->width, xfi->height, xfi->scanline_pad, 0); -+ xfi->image->byte_order = LSBFirst; -+ xfi->image->bitmap_bit_order = LSBFirst; - - xfi->bmp_codec_none = (uint8*) xmalloc(64 * 64 * 4); - -diff --git a/libfreerdp-codec/bitmap.c b/libfreerdp-codec/bitmap.c -index 635a583aa..aafffc39b 100644 ---- a/libfreerdp-codec/bitmap.c -+++ b/libfreerdp-codec/bitmap.c -@@ -214,9 +214,10 @@ static uint32 ExtractRunLength(uint32 code, uint8* pbOrderHdr, uint32* advance) - #undef WRITEFIRSTLINEFGBGIMAGE - #undef RLEDECOMPRESS - #undef RLEEXTRA --#define DESTWRITEPIXEL(_buf, _pix) ((uint16*)(_buf))[0] = (uint16)(_pix) --#define DESTREADPIXEL(_pix, _buf) _pix = ((uint16*)(_buf))[0] --#define SRCREADPIXEL(_pix, _buf) _pix = ((uint16*)(_buf))[0] -+#define DESTWRITEPIXEL(_buf, _pix) do { (_buf)[0] = (uint8)(_pix); \ -+ (_buf)[1] = (uint8)((_pix) >> 8); } while (0) -+#define DESTREADPIXEL(_pix, _buf) _pix = (_buf)[0] | ((_buf)[1] << 8) -+#define SRCREADPIXEL(_pix, _buf) _pix = (_buf)[0] | ((_buf)[1] << 8) - #define DESTNEXTPIXEL(_buf) _buf += 2 - #define SRCNEXTPIXEL(_buf) _buf += 2 - #define WRITEFGBGIMAGE WriteFgBgImage16to16 -diff --git a/libfreerdp-codec/color.c b/libfreerdp-codec/color.c -index ff3bacb79..dbff7b159 100644 ---- a/libfreerdp-codec/color.c -+++ b/libfreerdp-codec/color.c -@@ -25,6 +25,30 @@ - #include - #include - -+#define Data_Read_UINT32(_d, _v) do { _v = \ -+ (uint32)(*((uint8*) _d)) + \ -+ (((uint32)(*((uint8*) _d + 1))) << 8) + \ -+ (((uint32)(*((uint8*) _d + 2))) << 16) + \ -+ (((uint32)(*((uint8*) _d + 3))) << 24); \ -+} while (0) -+ -+#define Data_Write_UINT32(_d, _v) do { \ -+ *((uint8*) _d) = (_v) & 0xFF; \ -+ *((uint8*) _d + 1) = ((_v) >> 8) & 0xFF; \ -+ *((uint8*) _d + 2) = ((_v) >> 16) & 0xFF; \ -+ *((uint8*) _d + 3) = ((_v) >> 24) & 0xFF; \ -+} while (0) -+ -+#define Data_Read_UINT16(_d, _v) do { _v = \ -+ (uint16)(*((uint8*) _d)) + \ -+ (((uint16)(*((uint8*) _d + 1))) << 8); \ -+} while (0) -+ -+#define Data_Write_UINT16(_d, _v) do { \ -+ *((uint8*) _d) = (_v) & 0xFF; \ -+ *((uint8*) _d + 1) = ((_v) >> 8) & 0xFF; \ -+} while (0) -+ - int freerdp_get_pixel(uint8 * data, int x, int y, int width, int height, int bpp) - { - int start; -@@ -32,6 +56,7 @@ int freerdp_get_pixel(uint8 * data, int x, int y, int width, int height, int bpp - uint16 *src16; - uint32 *src32; - int red, green, blue; -+ uint32 pixel; - - switch (bpp) - { -@@ -45,7 +70,9 @@ int freerdp_get_pixel(uint8 * data, int x, int y, int width, int height, int bpp - case 15: - case 16: - src16 = (uint16*) data; -- return src16[y * width + x]; -+ src16 += y * width + x; -+ Data_Read_UINT16 (src16, pixel); -+ return pixel; - case 24: - data += y * width * 3; - data += x * 3; -@@ -55,7 +82,9 @@ int freerdp_get_pixel(uint8 * data, int x, int y, int width, int height, int bpp - return RGB24(red, green, blue); - case 32: - src32 = (uint32*) data; -- return src32[y * width + x]; -+ src32 += y * width + x; -+ Data_Read_UINT32 (src32, pixel); -+ return pixel; - default: - break; - } -@@ -82,7 +111,8 @@ void freerdp_set_pixel(uint8* data, int x, int y, int width, int height, int bpp - else if (bpp == 32) - { - dst32 = (int*) data; -- dst32[y * width + x] = pixel; -+ dst32 += y * width + x; -+ Data_Write_UINT32 (dst32, pixel); - } - } - -@@ -383,7 +413,7 @@ uint8* freerdp_image_convert_8bpp(uint8* srcData, uint8* dstData, int width, int - green = clrconv->palette->entries[pixel].green; - blue = clrconv->palette->entries[pixel].blue; - pixel = (clrconv->invert) ? BGR15(red, green, blue) : RGB15(red, green, blue); -- *dst16 = pixel; -+ Data_Write_UINT16 (dst16, pixel); - dst16++; - } - return dstData; -@@ -402,7 +432,7 @@ uint8* freerdp_image_convert_8bpp(uint8* srcData, uint8* dstData, int width, int - green = clrconv->palette->entries[pixel].green; - blue = clrconv->palette->entries[pixel].blue; - pixel = (clrconv->invert) ? BGR16(red, green, blue) : RGB16(red, green, blue); -- *dst16 = pixel; -+ Data_Write_UINT16 (dst16, pixel); - dst16++; - } - return dstData; -@@ -422,7 +452,7 @@ uint8* freerdp_image_convert_8bpp(uint8* srcData, uint8* dstData, int width, int - green = clrconv->palette->entries[pixel].green; - blue = clrconv->palette->entries[pixel].blue; - pixel = (clrconv->invert) ? RGB32(red, green, blue) : BGR32(red, green, blue); -- *dst32 = pixel; -+ Data_Write_UINT32 (dst32, pixel); - dst32++; - } - return dstData; -@@ -460,11 +490,11 @@ uint8* freerdp_image_convert_15bpp(uint8* srcData, uint8* dstData, int width, in - dst32 = (uint32 *) dstData; - for (i = width * height; i > 0; i--) - { -- pixel = *src16; -+ Data_Read_UINT16 (src16, pixel); - src16++; - GetBGR15(red, green, blue, pixel); - pixel = (clrconv->invert) ? RGB32(red, green, blue) : BGR32(red, green, blue); -- *dst32 = pixel; -+ Data_Write_UINT32 (dst32, pixel); - dst32++; - } - return dstData; -@@ -478,12 +508,12 @@ uint8* freerdp_image_convert_15bpp(uint8* srcData, uint8* dstData, int width, in - dst16 = (uint16 *) dstData; - for (i = width * height; i > 0; i--) - { -- pixel = *src16; -+ Data_Read_UINT16 (src16, pixel); - src16++; - GetRGB_555(red, green, blue, pixel); - RGB_555_565(red, green, blue); - pixel = (clrconv->invert) ? BGR565(red, green, blue) : RGB565(red, green, blue); -- *dst16 = pixel; -+ Data_Write_UINT16 (dst16, pixel); - dst16++; - } - return dstData; -@@ -508,12 +538,15 @@ uint8* freerdp_image_convert_16bpp(uint8* srcData, uint8* dstData, int width, in - uint8 red, green, blue; - uint16* src16 = (uint16 *) srcData; - uint16* dst16 = (uint16 *) dstData; -+ uint32 pixel; - - for (i = width * height; i > 0; i--) - { -- GetRGB_565(red, green, blue, (*src16)); -+ Data_Read_UINT16 (src16, pixel); -+ GetRGB_565(red, green, blue, pixel); - RGB_565_555(red, green, blue); -- (*dst16) = (clrconv->invert) ? BGR555(red, green, blue) : RGB555(red, green, blue); -+ pixel = (clrconv->invert) ? BGR555(red, green, blue) : RGB555(red, green, blue); -+ Data_Write_UINT16 (dst16, pixel); - src16++; - dst16++; - } -@@ -531,6 +564,7 @@ uint8* freerdp_image_convert_16bpp(uint8* srcData, uint8* dstData, int width, in - uint8 *dst8; - uint16 *src16; - uint8 red, green, blue; -+ uint32 pixel; - - if (dstData == NULL) - dstData = (uint8*) malloc(width * height * 3); -@@ -540,7 +574,8 @@ uint8* freerdp_image_convert_16bpp(uint8* srcData, uint8* dstData, int width, in - - for (i = width * height; i > 0; i--) - { -- GetBGR16(red, green, blue, *src16); -+ Data_Read_UINT16 (src16, pixel); -+ GetBGR16(red, green, blue, pixel); - src16++; - - if (clrconv->invert) -@@ -574,11 +609,11 @@ uint8* freerdp_image_convert_16bpp(uint8* srcData, uint8* dstData, int width, in - - for (i = width * height; i > 0; i--) - { -- pixel = *src16; -+ Data_Read_UINT16 (src16, pixel); - src16++; - GetBGR16(red, green, blue, pixel); - pixel = (clrconv->invert) ? RGB32(red, green, blue) : BGR32(red, green, blue); -- *dst32 = pixel; -+ Data_Write_UINT32 (dst32, pixel); - dst32++; - } - return dstData; -@@ -619,6 +654,7 @@ uint8* freerdp_image_convert_32bpp(uint8* srcData, uint8* dstData, int width, in - uint16 *dst16; - uint32 *src32; - uint8 red, green, blue; -+ uint32 pixel; - - if (dstData == NULL) - dstData = (uint8*) malloc(width * height * 2); -@@ -628,8 +664,10 @@ uint8* freerdp_image_convert_32bpp(uint8* srcData, uint8* dstData, int width, in - - for (index = 0; index < width * height; index++) - { -- GetBGR32(blue, green, red, *src32); -- *dst16 = (clrconv->invert) ? BGR16(red, green, blue) : RGB16(red, green, blue); -+ Data_Read_UINT32 (src32, pixel); -+ GetBGR32(blue, green, red, pixel); -+ pixel = (clrconv->invert) ? BGR16(red, green, blue) : RGB16(red, green, blue); -+ Data_Write_UINT16 (dst16, pixel); - src32++; - dst16++; - } -@@ -878,6 +916,7 @@ uint8* freerdp_mono_image_convert(uint8* srcData, int width, int height, int src - int bitIndex; - uint8 redBg, greenBg, blueBg; - uint8 redFg, greenFg, blueFg; -+ uint32 pixel; - - switch (srcBpp) - { -@@ -941,12 +980,13 @@ uint8* freerdp_mono_image_convert(uint8* srcData, int width, int height, int src - { - if ((bitMask >> bitIndex) & 0x01) - { -- *dst16 = bgcolor; -+ pixel = bgcolor; - } - else - { -- *dst16 = fgcolor; -+ pixel = fgcolor; - } -+ Data_Write_UINT16 (dst16, pixel); - dst16++; - } - srcData++; -@@ -967,12 +1007,13 @@ uint8* freerdp_mono_image_convert(uint8* srcData, int width, int height, int src - { - if ((bitMask >> bitIndex) & 0x01) - { -- *dst32 = (clrconv->invert) ? BGR32(redBg, greenBg, blueBg) : RGB32(redBg, greenBg, blueBg); -+ pixel = (clrconv->invert) ? BGR32(redBg, greenBg, blueBg) : RGB32(redBg, greenBg, blueBg); - } - else - { -- *dst32 = (clrconv->invert) ? BGR32(redFg, greenFg, blueFg) : RGB32(redFg, greenFg, blueFg); -+ pixel = (clrconv->invert) ? BGR32(redFg, greenFg, blueFg) : RGB32(redFg, greenFg, blueFg); - } -+ Data_Write_UINT32 (dst32, pixel); - dst32++; - } - srcData++; -diff --git a/libfreerdp-gdi/16bpp.c b/libfreerdp-gdi/16bpp.c -index 1b2a2e65d..dd52060ce 100644 ---- a/libfreerdp-gdi/16bpp.c -+++ b/libfreerdp-gdi/16bpp.c -@@ -66,6 +66,11 @@ uint16 gdi_get_color_16bpp(HGDI_DC hdc, GDI_COLOR color) - return color16; - } - -+#define Data_Write_UINT16(_d, _v) do { \ -+ *((uint8*) _d) = (_v) & 0xFF; \ -+ *((uint8*) _d + 1) = ((_v) >> 8) & 0xFF; \ -+} while (0) -+ - int FillRect_16bpp(HGDI_DC hdc, HGDI_RECT rect, HGDI_BRUSH hbr) - { - int x, y; -@@ -90,7 +95,7 @@ int FillRect_16bpp(HGDI_DC hdc, HGDI_RECT rect, HGDI_BRUSH hbr) - { - for (x = 0; x < nWidth; x++) - { -- *dstp = color16; -+ Data_Write_UINT16(dstp, color16); - dstp++; - } - } -@@ -373,11 +378,13 @@ static int BitBlt_DSPDxax_16bpp(HGDI_DC hdcDest, int nXDest, int nYDest, int nWi - uint16 src16; - uint16 color16; - HGDI_BITMAP hSrcBmp; -+ uint16 pat; - - /* D = (S & P) | (~S & D) */ - /* DSPDxax, used to draw glyphs */ - - color16 = gdi_get_color_16bpp(hdcDest, hdcDest->textColor); -+ Data_Write_UINT16(&pat, color16); - - hSrcBmp = (HGDI_BITMAP) hdcSrc->selectedObject; - -@@ -397,7 +404,7 @@ static int BitBlt_DSPDxax_16bpp(HGDI_DC hdcDest, int nXDest, int nYDest, int nWi - for (x = 0; x < nWidth; x++) - { - src16 = (*srcp << 8) | *srcp; -- *dstp = (src16 & color16) | (~src16 & *dstp); -+ *dstp = (src16 & pat) | (~src16 & *dstp); - srcp++; - dstp++; - } -@@ -580,7 +587,7 @@ static int BitBlt_PATCOPY_16bpp(HGDI_DC hdcDest, int nXDest, int nYDest, int nWi - { - for (x = 0; x < nWidth; x++) - { -- *dstp = color16; -+ Data_Write_UINT16(dstp, color16); - dstp++; - } - } -@@ -613,10 +620,12 @@ static int BitBlt_PATINVERT_16bpp(HGDI_DC hdcDest, int nXDest, int nYDest, int n - uint16* dstp; - uint16* patp; - uint16 color16; -+ uint16 pat; - - if (hdcDest->brush->style == GDI_BS_SOLID) - { - color16 = gdi_get_color_16bpp(hdcDest, hdcDest->brush->color); -+ Data_Write_UINT16(&pat, color16); - - for (y = 0; y < nHeight; y++) - { -@@ -626,7 +635,7 @@ static int BitBlt_PATINVERT_16bpp(HGDI_DC hdcDest, int nXDest, int nYDest, int n - { - for (x = 0; x < nWidth; x++) - { -- *dstp ^= color16; -+ *dstp ^= pat; - dstp++; - } - } -diff --git a/libfreerdp-gdi/32bpp.c b/libfreerdp-gdi/32bpp.c -index 5e946b0d5..536a7f57b 100644 ---- a/libfreerdp-gdi/32bpp.c -+++ b/libfreerdp-gdi/32bpp.c -@@ -53,6 +53,13 @@ uint32 gdi_get_color_32bpp(HGDI_DC hdc, GDI_COLOR color) - return color32; - } - -+#define Data_Write_UINT32(_d, _v) do { \ -+ *((uint8*) _d) = (_v) & 0xFF; \ -+ *((uint8*) _d + 1) = ((_v) >> 8) & 0xFF; \ -+ *((uint8*) _d + 2) = ((_v) >> 16) & 0xFF; \ -+ *((uint8*) _d + 3) = ((_v) >> 24) & 0xFF; \ -+} while (0) -+ - int FillRect_32bpp(HGDI_DC hdc, HGDI_RECT rect, HGDI_BRUSH hbr) - { - int x, y; -@@ -76,7 +83,7 @@ int FillRect_32bpp(HGDI_DC hdc, HGDI_RECT rect, HGDI_BRUSH hbr) - { - for (x = 0; x < nWidth; x++) - { -- *dstp = color32; -+ Data_Write_UINT32(dstp, color32); - dstp++; - } - } -@@ -390,11 +397,13 @@ static int BitBlt_DSPDxax_32bpp(HGDI_DC hdcDest, int nXDest, int nYDest, int nWi - uint8* patp; - uint32 color32; - HGDI_BITMAP hSrcBmp; -+ uint32 pat; - - /* D = (S & P) | (~S & D) */ - /* DSPDxax, used to draw glyphs */ - - color32 = gdi_get_color_32bpp(hdcDest, hdcDest->textColor); -+ Data_Write_UINT32(&pat, color32); - - hSrcBmp = (HGDI_BITMAP) hdcSrc->selectedObject; - srcp = hSrcBmp->data; -@@ -414,7 +423,7 @@ static int BitBlt_DSPDxax_32bpp(HGDI_DC hdcDest, int nXDest, int nYDest, int nWi - { - for (x = 0; x < nWidth; x++) - { -- patp = (uint8*) &color32; -+ patp = (uint8*) &pat; - - *dstp = (*srcp & *patp) | (~(*srcp) & *dstp); - dstp++; -@@ -609,7 +618,7 @@ static int BitBlt_PATCOPY_32bpp(HGDI_DC hdcDest, int nXDest, int nYDest, int nWi - { - for (x = 0; x < nWidth; x++) - { -- *dstp = color32; -+ Data_Write_UINT32(dstp, color32); - dstp++; - } - } -@@ -642,10 +651,12 @@ static int BitBlt_PATINVERT_32bpp(HGDI_DC hdcDest, int nXDest, int nYDest, int n - uint32* dstp; - uint32* patp; - uint32 color32; -- -+ uint32 pat; -+ - if (hdcDest->brush->style == GDI_BS_SOLID) - { - color32 = gdi_get_color_32bpp(hdcDest, hdcDest->brush->color); -+ Data_Write_UINT32(&pat, color32); - - for (y = 0; y < nHeight; y++) - { -@@ -655,7 +666,7 @@ static int BitBlt_PATINVERT_32bpp(HGDI_DC hdcDest, int nXDest, int nYDest, int n - { - for (x = 0; x < nWidth; x++) - { -- *dstp ^= color32; -+ *dstp ^= pat; - dstp++; - } - } --- -2.14.2 - diff --git a/SOURCES/Fix-smartcard-usage-in-manpage.patch b/SOURCES/Fix-smartcard-usage-in-manpage.patch deleted file mode 100644 index b3dee4f..0000000 --- a/SOURCES/Fix-smartcard-usage-in-manpage.patch +++ /dev/null @@ -1,28 +0,0 @@ -From ed30c466c91dc3888352ca11bfc4cb36f34f0265 Mon Sep 17 00:00:00 2001 -From: Ondrej Holy -Date: Thu, 25 Jan 2018 13:19:39 +0100 -Subject: [PATCH] Fix smartcard usage in manpage - -Man page has been updated according to the wiki. Unfortunately, wiki -mentions "smartcard" subplugin, which was introduced later, but -stable-1.0 uses just scard. Let's fix the man page accordingly. ---- - client/X11/xfreerdp.1.xml | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/client/X11/xfreerdp.1.xml b/client/X11/xfreerdp.1.xml -index 3b1dc675e..039e87d92 100644 ---- a/client/X11/xfreerdp.1.xml -+++ b/client/X11/xfreerdp.1.xml -@@ -539,7 +539,7 @@ - - - -- smartcard[:name] -+ scard[:name] - - - Redirect smartcard with name. --- -2.16.1 - diff --git a/SOURCES/Fixed-a-possible-buffer-overflow-issue.patch b/SOURCES/Fixed-a-possible-buffer-overflow-issue.patch deleted file mode 100644 index 8871085..0000000 --- a/SOURCES/Fixed-a-possible-buffer-overflow-issue.patch +++ /dev/null @@ -1,25 +0,0 @@ -From f341cd43bf1e780664dcf55aaff46feee92a86b9 Mon Sep 17 00:00:00 2001 -From: Chris -Date: Mon, 17 Jun 2013 21:49:29 +0200 -Subject: [PATCH 5/5] Fixed a possible buffer overflow issue - ---- - libfreerdp-core/tls.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/libfreerdp-core/tls.c b/libfreerdp-core/tls.c -index 2fbaa2c..ed4d0cb 100644 ---- a/libfreerdp-core/tls.c -+++ b/libfreerdp-core/tls.c -@@ -268,7 +268,7 @@ boolean tls_match_hostname(char *pattern, int pattern_length, char *hostname) - return true; - } - -- if (pattern_length > 2 && pattern[0] == '*' && pattern[1] == '.') -+ if (pattern_length > 2 && pattern[0] == '*' && pattern[1] == '.' && strlen(hostname) >= pattern_length) - { - char *check_hostname = &hostname[ strlen(hostname) - pattern_length+1 ]; - if (memcmp((void*) check_hostname, (void*) &pattern[1], pattern_length - 1) == 0 ) --- -2.5.5 - diff --git a/SOURCES/Using-the-more-efficient-code-for-comparing-host-nam.patch b/SOURCES/Using-the-more-efficient-code-for-comparing-host-nam.patch deleted file mode 100644 index f9943c3..0000000 --- a/SOURCES/Using-the-more-efficient-code-for-comparing-host-nam.patch +++ /dev/null @@ -1,47 +0,0 @@ -From 500b87127e6c4edc5f7182cc1a5261c4f96f38e1 Mon Sep 17 00:00:00 2001 -From: Chris -Date: Mon, 17 Jun 2013 21:26:35 +0200 -Subject: [PATCH 4/5] Using the more efficient code for comparing host names - ---- - libfreerdp-core/tls.c | 24 ------------------------ - 1 file changed, 24 deletions(-) - -diff --git a/libfreerdp-core/tls.c b/libfreerdp-core/tls.c -index db09960..2fbaa2c 100644 ---- a/libfreerdp-core/tls.c -+++ b/libfreerdp-core/tls.c -@@ -268,30 +268,6 @@ boolean tls_match_hostname(char *pattern, int pattern_length, char *hostname) - return true; - } - -- /* ccpp: Check for wildcard certificates */ -- if (memchr(pattern, '*', pattern_length) != NULL) -- { -- /* The wildcard matches one subdomain level (all except a dot) */ -- -- int pattern_position = 0; -- int hostname_position = 0; -- -- for(; hostname[hostname_position] && pattern_position < pattern_length; pattern_position++, hostname_position++) -- { -- if( pattern[pattern_position] == '*' ) { -- while( hostname[hostname_position] != '.' && hostname[hostname_position] != '\0' ) -- hostname_position++; -- -- pattern_position++; -- } -- -- if (hostname[hostname_position] != pattern[pattern_position] ) -- { -- return false; -- } -- } -- } -- - if (pattern_length > 2 && pattern[0] == '*' && pattern[1] == '.') - { - char *check_hostname = &hostname[ strlen(hostname) - pattern_length+1 ]; --- -2.5.5 - diff --git a/SOURCES/build-config.h b/SOURCES/build-config.h new file mode 100644 index 0000000..42c4a81 --- /dev/null +++ b/SOURCES/build-config.h @@ -0,0 +1,9 @@ +#include + +#if __WORDSIZE == 32 +#include "build-config-32.h" +#elif __WORDSIZE == 64 +#include "build-config-64.h" +#else +#error "Unknown word size" +#endif diff --git a/SOURCES/cover-the-case-of-servers-asking-for-cached-bitmaps-.patch b/SOURCES/cover-the-case-of-servers-asking-for-cached-bitmaps-.patch deleted file mode 100644 index e419fcc..0000000 --- a/SOURCES/cover-the-case-of-servers-asking-for-cached-bitmaps-.patch +++ /dev/null @@ -1,37 +0,0 @@ -From 807e2ee016386a396b7b57c3c675ff64e8b12f74 Mon Sep 17 00:00:00 2001 -From: Daryl Poe -Date: Thu, 25 Jul 2013 15:01:56 -0600 -Subject: [PATCH] cover the case of servers asking for cached bitmaps they have - never defined - ---- - libfreerdp-cache/bitmap.c | 6 ++++++ - 1 file changed, 6 insertions(+) - -diff --git a/libfreerdp-cache/bitmap.c b/libfreerdp-cache/bitmap.c -index c1583ac..9ed241d 100644 ---- a/libfreerdp-cache/bitmap.c -+++ b/libfreerdp-cache/bitmap.c -@@ -33,6 +33,9 @@ void update_gdi_memblt(rdpContext* context, MEMBLT_ORDER* memblt) - else - bitmap = bitmap_cache_get(cache->bitmap, (uint8) memblt->cacheId, memblt->cacheIndex); - -+ /* XP-SP2 servers sometimes ask for cached bitmaps they've never defined. */ -+ if (bitmap == NULL) return; -+ - memblt->bitmap = bitmap; - IFCALL(cache->bitmap->MemBlt, context, memblt); - } -@@ -47,6 +50,9 @@ void update_gdi_mem3blt(rdpContext* context, MEM3BLT_ORDER* mem3blt) - else - bitmap = bitmap_cache_get(cache->bitmap, (uint8) mem3blt->cacheId, mem3blt->cacheIndex); - -+ /* XP-SP2 servers sometimes ask for cached bitmaps they've never defined. */ -+ if (bitmap == NULL) return; -+ - mem3blt->bitmap = bitmap; - IFCALL(cache->bitmap->Mem3Blt, context, mem3blt); - } --- -2.5.0 - diff --git a/SOURCES/fix-crashes-in-pulseaudio.patch b/SOURCES/fix-crashes-in-pulseaudio.patch deleted file mode 100644 index 4803bba..0000000 --- a/SOURCES/fix-crashes-in-pulseaudio.patch +++ /dev/null @@ -1,32 +0,0 @@ -From fe2a549e5d6dd9352a6d14c1d0d45a5c263c5d06 Mon Sep 17 00:00:00 2001 -From: Ondrej Holy -Date: Thu, 11 Jun 2015 13:25:35 +0200 -Subject: [PATCH] rdpsnd/pulse: Fix crashes in pulseaudio - -Function pa_stream_trigger has to be called under lock to avoid -following crashes on asserts: - -Assertion 'e->mainloop->n_enabled_defer_events > 0' failed at pulse/mainloop.c:257, function mainloop_defer_enable(). Aborting. -Assertion '!e->next' failed at pulsecore/queue.c:104, function pa_queue_pop(). Aborting. -Assertion 'q->front' failed at pulsecore/queue.c:81, function pa_queue_push(). Aborting. ---- - channels/rdpsnd/pulse/rdpsnd_pulse.c | 2 ++ - 1 file changed, 2 insertions(+) - -diff --git a/channels/rdpsnd/pulse/rdpsnd_pulse.c b/channels/rdpsnd/pulse/rdpsnd_pulse.c -index 1a331f0..0fcedef 100644 ---- a/channels/rdpsnd/pulse/rdpsnd_pulse.c -+++ b/channels/rdpsnd/pulse/rdpsnd_pulse.c -@@ -452,7 +452,9 @@ static void rdpsnd_pulse_start(rdpsndDevicePlugin* device) - if (!pulse->stream) - return; - -+ pa_threaded_mainloop_lock(pulse->mainloop); - pa_stream_trigger(pulse->stream, NULL, NULL); -+ pa_threaded_mainloop_unlock(pulse->mainloop); - } - - int FreeRDPRdpsndDeviceEntry(PFREERDP_RDPSND_DEVICE_ENTRY_POINTS pEntryPoints) --- -2.5.0 - diff --git a/SOURCES/fix-issue-530-NLA-password-asked-after-certificate-r.patch b/SOURCES/fix-issue-530-NLA-password-asked-after-certificate-r.patch deleted file mode 100644 index 6d6851e..0000000 --- a/SOURCES/fix-issue-530-NLA-password-asked-after-certificate-r.patch +++ /dev/null @@ -1,30 +0,0 @@ -From 3941b9078775c31e37b8b4bd89cee06beac3aef1 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Rapha=C3=ABl=20Rigo?= -Date: Tue, 10 Apr 2012 22:24:08 +0200 -Subject: [PATCH 2/5] fix issue #530 "NLA password asked after certificate - refusal" close connection when the certificate is not trusted - ---- - libfreerdp-core/tls.c | 5 ++++- - 1 file changed, 4 insertions(+), 1 deletion(-) - -diff --git a/libfreerdp-core/tls.c b/libfreerdp-core/tls.c -index 942b430..b05100e 100644 ---- a/libfreerdp-core/tls.c -+++ b/libfreerdp-core/tls.c -@@ -80,8 +80,11 @@ boolean tls_connect(rdpTls* tls) - return false; - } - -- if (!tls_verify_certificate(tls, tls->cert, tls->settings->hostname)) -+ if (!tls_verify_certificate(tls, tls->cert, tls->settings->hostname)) { -+ printf("tls_connect: certificate not trusted, aborting.\n"); - tls_disconnect(tls); -+ return false; -+ } - - return true; - } --- -2.5.5 - diff --git a/SOURCES/libfreerdp-core-fix-issue-436.patch b/SOURCES/libfreerdp-core-fix-issue-436.patch deleted file mode 100644 index 26c3a28..0000000 --- a/SOURCES/libfreerdp-core-fix-issue-436.patch +++ /dev/null @@ -1,25 +0,0 @@ -From aa7b83ff1e97ac394f76b0968acc1d9f55a11d41 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Marc-Andr=C3=A9=20Moreau?= -Date: Wed, 15 Feb 2012 16:33:51 -0500 -Subject: [PATCH] libfreerdp-core: fix issue #436 - ---- - libfreerdp-core/crypto.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/libfreerdp-core/crypto.c b/libfreerdp-core/crypto.c -index b79ac7a..7b5c895 100644 ---- a/libfreerdp-core/crypto.c -+++ b/libfreerdp-core/crypto.c -@@ -443,7 +443,7 @@ char** crypto_cert_subject_alt_name(X509* xcert, int* count, int** lengths) - { - length = ASN1_STRING_to_UTF8(&string, subject_alt_name->d.dNSName); - strings[*count] = (char*) string; -- *lengths[*count] = length; -+ (*lengths)[*count] = length; - (*count)++; - } - } --- -2.1.0 - diff --git a/SOURCES/libfreerdp-core-verify-TLS-certificate-with-both-TLS.patch b/SOURCES/libfreerdp-core-verify-TLS-certificate-with-both-TLS.patch deleted file mode 100644 index f1329f3..0000000 --- a/SOURCES/libfreerdp-core-verify-TLS-certificate-with-both-TLS.patch +++ /dev/null @@ -1,220 +0,0 @@ -From 53fa7e1e996f23818e17ab59f1cb1849c533472d Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Marc-Andr=C3=A9=20Moreau?= -Date: Sun, 12 Feb 2012 12:46:53 -0500 -Subject: [PATCH 1/5] libfreerdp-core: verify TLS certificate with both TLS and - NLA - ---- - libfreerdp-core/credssp.c | 44 ++++++++------------------------------------ - libfreerdp-core/credssp.h | 1 - - libfreerdp-core/nego.c | 5 ++++- - libfreerdp-core/tls.c | 19 +++++++++++++++++++ - libfreerdp-core/tls.h | 2 ++ - libfreerdp-core/transport.c | 1 + - 6 files changed, 34 insertions(+), 38 deletions(-) - -diff --git a/libfreerdp-core/credssp.c b/libfreerdp-core/credssp.c -index e269a21..6ef40e1 100644 ---- a/libfreerdp-core/credssp.c -+++ b/libfreerdp-core/credssp.c -@@ -119,33 +119,6 @@ int credssp_ntlmssp_init(rdpCredssp* credssp) - } - - /** -- * Get TLS public key. -- * @param credssp -- */ -- --int credssp_get_public_key(rdpCredssp* credssp) --{ -- int status; -- CryptoCert cert; -- -- cert = tls_get_certificate(credssp->transport->tls); -- -- if (cert == NULL) -- { -- printf("credssp_get_public_key: tls_get_certificate failed to return the server certificate.\n"); -- return 0; -- } -- -- if (!tls_verify_certificate(credssp->transport->tls, cert, credssp->transport->settings->hostname)) -- tls_disconnect(credssp->transport->tls); -- -- status = crypto_cert_get_public_key(cert, &credssp->public_key); -- crypto_cert_free(cert); -- -- return status; --} -- --/** - * Authenticate with server using CredSSP. - * @param credssp - * @return 1 if authentication is successful -@@ -160,9 +133,6 @@ int credssp_authenticate(rdpCredssp* credssp) - if (credssp_ntlmssp_init(credssp) == 0) - return 0; - -- if (credssp_get_public_key(credssp) == 0) -- return 0; -- - /* NTLMSSP NEGOTIATE MESSAGE */ - stream_attach(s, negoTokenBuffer, 2048); - ntlmssp_send(ntlmssp, s); -@@ -223,16 +193,18 @@ int credssp_authenticate(rdpCredssp* credssp) - void credssp_encrypt_public_key(rdpCredssp* credssp, rdpBlob* d) - { - uint8* p; -+ rdpTls* tls; - uint8 signature[16]; - rdpBlob encrypted_public_key; - NTLMSSP *ntlmssp = credssp->ntlmssp; -+ tls = credssp->transport->tls; - -- freerdp_blob_alloc(d, credssp->public_key.length + 16); -- ntlmssp_encrypt_message(ntlmssp, &credssp->public_key, &encrypted_public_key, signature); -+ freerdp_blob_alloc(d, tls->public_key.length + 16); -+ ntlmssp_encrypt_message(ntlmssp, &tls->public_key, &encrypted_public_key, signature); - - #ifdef WITH_DEBUG_NLA -- printf("Public Key (length = %d)\n", credssp->public_key.length); -- freerdp_hexdump(credssp->public_key.data, credssp->public_key.length); -+ printf("Public Key (length = %d)\n", tls->public_key.length); -+ freerdp_hexdump(tls->public_key.data, tls->public_key.length); - printf("\n"); - - printf("Encrypted Public Key (length = %d)\n", encrypted_public_key.length); -@@ -264,6 +236,7 @@ int credssp_verify_public_key(rdpCredssp* credssp, rdpBlob* d) - uint8* signature; - rdpBlob public_key; - rdpBlob encrypted_public_key; -+ rdpTls* tls = credssp->transport->tls; - - signature = d->data; - encrypted_public_key.data = (void*) (signature + 16); -@@ -271,7 +244,7 @@ int credssp_verify_public_key(rdpCredssp* credssp, rdpBlob* d) - - ntlmssp_decrypt_message(credssp->ntlmssp, &encrypted_public_key, &public_key, signature); - -- p1 = (uint8*) credssp->public_key.data; -+ p1 = (uint8*) tls->public_key.data; - p2 = (uint8*) public_key.data; - - p2[0]--; -@@ -661,7 +634,6 @@ void credssp_free(rdpCredssp* credssp) - { - if (credssp != NULL) - { -- freerdp_blob_free(&credssp->public_key); - freerdp_blob_free(&credssp->ts_credentials); - - ntlmssp_free(credssp->ntlmssp); -diff --git a/libfreerdp-core/credssp.h b/libfreerdp-core/credssp.h -index 3277425..d98554a 100644 ---- a/libfreerdp-core/credssp.h -+++ b/libfreerdp-core/credssp.h -@@ -40,7 +40,6 @@ struct rdp_credssp - rdpBlob pubKeyAuth; - rdpBlob authInfo; - int send_seq_num; -- rdpBlob public_key; - rdpBlob ts_credentials; - rdpSettings* settings; - CryptoRc4 rc4_seal_state; -diff --git a/libfreerdp-core/nego.c b/libfreerdp-core/nego.c -index 7eb810b..ab4da37 100644 ---- a/libfreerdp-core/nego.c -+++ b/libfreerdp-core/nego.c -@@ -256,8 +256,10 @@ void nego_attempt_rdp(rdpNego* nego) - boolean nego_recv_response(rdpNego* nego) - { - STREAM* s = transport_recv_stream_init(nego->transport, 1024); -+ - if (transport_read(nego->transport, s) < 0) - return false; -+ - return nego_recv(nego->transport, s, nego->transport->recv_extra); - } - -@@ -319,6 +321,7 @@ boolean nego_read_request(rdpNego* nego, STREAM* s) - - tpkt_read_header(s); - li = tpdu_read_connection_request(s); -+ - if (li != stream_get_left(s) + 6) - { - printf("Incorrect TPDU length indicator.\n"); -@@ -403,7 +406,7 @@ boolean nego_send_negotiation_request(rdpNego* nego) - { - int cookie_length = strlen(nego->cookie); - stream_write(s, "Cookie: mstshash=", 17); -- stream_write(s, (uint8*)nego->cookie, cookie_length); -+ stream_write(s, (uint8*) nego->cookie, cookie_length); - stream_write_uint8(s, 0x0D); /* CR */ - stream_write_uint8(s, 0x0A); /* LF */ - length += cookie_length + 19; -diff --git a/libfreerdp-core/tls.c b/libfreerdp-core/tls.c -index 106f9ca..942b430 100644 ---- a/libfreerdp-core/tls.c -+++ b/libfreerdp-core/tls.c -@@ -66,6 +66,23 @@ boolean tls_connect(rdpTls* tls) - return false; - } - -+ tls->cert = tls_get_certificate(tls); -+ -+ if (tls->cert == NULL) -+ { -+ printf("tls_connect: tls_get_certificate failed to return the server certificate.\n"); -+ return false; -+ } -+ -+ if (!crypto_cert_get_public_key(tls->cert, &tls->public_key)) -+ { -+ printf("tls_connect: crypto_cert_get_public_key failed to return the server public key.\n"); -+ return false; -+ } -+ -+ if (!tls_verify_certificate(tls, tls->cert, tls->settings->hostname)) -+ tls_disconnect(tls); -+ - return true; - } - -@@ -433,6 +450,8 @@ void tls_free(rdpTls* tls) - if (tls->ctx) - SSL_CTX_free(tls->ctx); - -+ freerdp_blob_free(&tls->public_key); -+ - certificate_store_free(tls->certificate_store); - - xfree(tls); -diff --git a/libfreerdp-core/tls.h b/libfreerdp-core/tls.h -index c3f2f59..e941dd0 100644 ---- a/libfreerdp-core/tls.h -+++ b/libfreerdp-core/tls.h -@@ -36,6 +36,8 @@ struct rdp_tls - SSL* ssl; - int sockfd; - SSL_CTX* ctx; -+ CryptoCert cert; -+ rdpBlob public_key; - rdpSettings* settings; - rdpCertificateStore* certificate_store; - }; -diff --git a/libfreerdp-core/transport.c b/libfreerdp-core/transport.c -index df43a8e..f4c28d8 100644 ---- a/libfreerdp-core/transport.c -+++ b/libfreerdp-core/transport.c -@@ -72,6 +72,7 @@ boolean transport_disconnect(rdpTransport* transport) - { - if (transport->layer == TRANSPORT_LAYER_TLS) - tls_disconnect(transport->tls); -+ - return tcp_disconnect(transport->tcp); - } - --- -2.5.5 - diff --git a/SOURCES/rdpsnd-pulse-Fix-crash-if-device-isn-t-specified.patch b/SOURCES/rdpsnd-pulse-Fix-crash-if-device-isn-t-specified.patch deleted file mode 100644 index 40bafd5..0000000 --- a/SOURCES/rdpsnd-pulse-Fix-crash-if-device-isn-t-specified.patch +++ /dev/null @@ -1,31 +0,0 @@ -From 800c865bd79e3e4437cceb3219246cfad152205b Mon Sep 17 00:00:00 2001 -From: Ondrej Holy -Date: Thu, 11 Jun 2015 13:35:21 +0200 -Subject: [PATCH] rdpsnd/pulse: Fix crash if device isn't specified - -Freerdp crashes if pulseaudio device isn't specified on commandline, i.e.: -xfreerdp --plugin rdpsnd --data pulse - -The crash occurs, because data[1] is NULL and it is passed into strlen -function. We have to check whether data[1] was set before calling strlen -to fix this crash. ---- - channels/rdpsnd/pulse/rdpsnd_pulse.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/channels/rdpsnd/pulse/rdpsnd_pulse.c b/channels/rdpsnd/pulse/rdpsnd_pulse.c -index 1a331f0..54892cd 100644 ---- a/channels/rdpsnd/pulse/rdpsnd_pulse.c -+++ b/channels/rdpsnd/pulse/rdpsnd_pulse.c -@@ -474,7 +474,7 @@ int FreeRDPRdpsndDeviceEntry(PFREERDP_RDPSND_DEVICE_ENTRY_POINTS pEntryPoints) - data = pEntryPoints->plugin_data; - if (data && strcmp((char*)data->data[0], "pulse") == 0) - { -- if(strlen((char*)data->data[1]) > 0) -+ if(data->data[1] && strlen((char*)data->data[1]) > 0) - pulse->device_name = xstrdup((char*)data->data[1]); - else - pulse->device_name = NULL; --- -2.5.0 - diff --git a/SOURCES/release-keys-when-xfreerdp-is-unfocused-to-prevent-s.patch b/SOURCES/release-keys-when-xfreerdp-is-unfocused-to-prevent-s.patch deleted file mode 100644 index c1341c2..0000000 --- a/SOURCES/release-keys-when-xfreerdp-is-unfocused-to-prevent-s.patch +++ /dev/null @@ -1,47 +0,0 @@ -From 1d12ad20cbd07b0aeb49ac9544de451c9f43f04c Mon Sep 17 00:00:00 2001 -From: Seray Rosh -Date: Fri, 27 Feb 2015 16:02:40 +0100 -Subject: [PATCH 2/2] release keys when xfreerdp is unfocused to prevent stuck - keys - -https://github.com/FreeRDP/FreeRDP/issues/2104 -https://github.com/FreeRDP/FreeRDP/pull/2430 - -Backported by Ondrej Holy . ---- - client/X11/xf_event.c | 2 ++ - client/X11/xf_keyboard.c | 5 +++++ - 2 files changed, 7 insertions(+) - -diff --git a/client/X11/xf_event.c b/client/X11/xf_event.c -index cbcfc65..1475214 100644 ---- a/client/X11/xf_event.c -+++ b/client/X11/xf_event.c -@@ -356,6 +356,8 @@ boolean xf_event_FocusOut(xfInfo* xfi, XEvent* event, boolean app) - if (event->xfocus.mode == NotifyWhileGrabbed) - XUngrabKeyboard(xfi->display, CurrentTime); - -+ xf_kbd_release_all_keypress(xfi); -+ - if (app) - xf_rail_send_activate(xfi, event->xany.window, false); - -diff --git a/client/X11/xf_keyboard.c b/client/X11/xf_keyboard.c -index e94b362..fb14015 100644 ---- a/client/X11/xf_keyboard.c -+++ b/client/X11/xf_keyboard.c -@@ -63,6 +63,11 @@ void xf_kbd_release_all_keypress(xfInfo* xfi) - { - rdp_scancode = freerdp_kbd_get_scancode_by_keycode(keycode, &extended); - -+ // release tab before releasing the windows key. -+ // this stops the start menu from opening on unfocus event. -+ if (rdp_scancode == 0x5B && extended) /* Left Windows Key */ -+ xfi->instance->input->KeyboardEvent(xfi->instance->input, KBD_FLAGS_RELEASE, 0x0F); /* Tab up */ -+ - flags = KBD_FLAGS_RELEASE; - flags |= (extended) ? KBD_FLAGS_EXTENDED : 0; - xfi->instance->input->KeyboardEvent(xfi->instance->input, flags, rdp_scancode); --- -2.9.3 - diff --git a/SOURCES/remove-unncessary-NULL-ptr-check.patch b/SOURCES/remove-unncessary-NULL-ptr-check.patch deleted file mode 100644 index e7e0d01..0000000 --- a/SOURCES/remove-unncessary-NULL-ptr-check.patch +++ /dev/null @@ -1,29 +0,0 @@ -From 4720596d610e5406d0445433f1a079fc84858fa7 Mon Sep 17 00:00:00 2001 -From: cool -Date: Thu, 9 Feb 2012 22:20:52 -1100 -Subject: [PATCH] remove unncessary NULL ptr check - ---- - libfreerdp-utils/memory.c | 6 ------ - 1 file changed, 6 deletions(-) - -diff --git a/libfreerdp-utils/memory.c b/libfreerdp-utils/memory.c -index d4d17a620..676fd3ffa 100644 ---- a/libfreerdp-utils/memory.c -+++ b/libfreerdp-utils/memory.c -@@ -82,12 +82,6 @@ void* xrealloc(void* ptr, size_t size) - if (size < 1) - size = 1; - -- if (ptr == NULL) -- { -- printf("xrealloc: null pointer given\n"); -- return NULL; -- } -- - mem = realloc(ptr, size); - - if (mem == NULL) --- -2.14.1 - diff --git a/SOURCES/tls-enable-tls-1.patch b/SOURCES/tls-enable-tls-1.patch deleted file mode 100644 index f20d76f..0000000 --- a/SOURCES/tls-enable-tls-1.patch +++ /dev/null @@ -1,32 +0,0 @@ -diff --git a/libfreerdp-core/tls.c b/libfreerdp-core/tls.c -index 106f9cae3..2e3f32d63 100644 ---- a/libfreerdp-core/tls.c -+++ b/libfreerdp-core/tls.c -@@ -26,8 +26,9 @@ boolean tls_connect(rdpTls* tls) - { - int connection_status; - char *hostname; -+ int options = 0; - -- tls->ctx = SSL_CTX_new(TLSv1_client_method()); -+ tls->ctx = SSL_CTX_new(SSLv23_client_method()); - - if (tls->ctx == NULL) - { -@@ -43,7 +44,15 @@ boolean tls_connect(rdpTls* tls) - * block padding is normally used, but the Microsoft TLS implementation - * won't recognize it and will disconnect you after sending a TLS alert. - */ -- SSL_CTX_set_options(tls->ctx, SSL_OP_ALL); -+ options |= SSL_OP_ALL; -+ -+ /** -+ * disable SSLv2 and SSLv3 -+ */ -+ options |= SSL_OP_NO_SSLv2; -+ options |= SSL_OP_NO_SSLv3; -+ -+ SSL_CTX_set_options(tls->ctx, options); - - tls->ssl = SSL_new(tls->ctx); - diff --git a/SOURCES/x11-release-all-pressed-keys-when-window-is-unmapped.patch b/SOURCES/x11-release-all-pressed-keys-when-window-is-unmapped.patch deleted file mode 100644 index 097ce39..0000000 --- a/SOURCES/x11-release-all-pressed-keys-when-window-is-unmapped.patch +++ /dev/null @@ -1,75 +0,0 @@ -From 4db610f292aca3ae4ed0bb59ed1972202a1c6b27 Mon Sep 17 00:00:00 2001 -From: Vic Lee -Date: Wed, 11 Apr 2012 12:37:47 +0800 -Subject: [PATCH 1/2] x11: release all pressed keys when window is unmapped. - -https://github.com/FreeRDP/FreeRDP/pull/547 - -Backported by Ondrej Holy . ---- - client/X11/xf_event.c | 2 ++ - client/X11/xf_keyboard.c | 22 ++++++++++++++++++++++ - client/X11/xf_keyboard.h | 1 + - 3 files changed, 25 insertions(+) - -diff --git a/client/X11/xf_event.c b/client/X11/xf_event.c -index b5c381f..cbcfc65 100644 ---- a/client/X11/xf_event.c -+++ b/client/X11/xf_event.c -@@ -507,6 +507,8 @@ boolean xf_event_UnmapNotify(xfInfo* xfi, XEvent* event, boolean app) - rdpWindow* window; - rdpRail* rail = ((rdpContext*) xfi->context)->rail; - -+ xf_kbd_release_all_keypress(xfi); -+ - if (app != true) - return true; - -diff --git a/client/X11/xf_keyboard.c b/client/X11/xf_keyboard.c -index cb82fa4..e94b362 100644 ---- a/client/X11/xf_keyboard.c -+++ b/client/X11/xf_keyboard.c -@@ -50,6 +50,28 @@ void xf_kbd_unset_keypress(xfInfo* xfi, uint8 keycode) - return; - } - -+void xf_kbd_release_all_keypress(xfInfo* xfi) -+{ -+ int keycode; -+ uint16 flags; -+ uint8 rdp_scancode; -+ boolean extended; -+ -+ for (keycode = 0; keycode < sizeof(xfi->pressed_keys) / sizeof(xfi->pressed_keys[0]); keycode++) -+ { -+ if (xfi->pressed_keys[keycode] != NoSymbol) -+ { -+ rdp_scancode = freerdp_kbd_get_scancode_by_keycode(keycode, &extended); -+ -+ flags = KBD_FLAGS_RELEASE; -+ flags |= (extended) ? KBD_FLAGS_EXTENDED : 0; -+ xfi->instance->input->KeyboardEvent(xfi->instance->input, flags, rdp_scancode); -+ -+ xfi->pressed_keys[keycode] = NoSymbol; -+ } -+ } -+} -+ - boolean xf_kbd_key_pressed(xfInfo* xfi, KeySym keysym) - { - KeyCode keycode = XKeysymToKeycode(xfi->display, keysym); -diff --git a/client/X11/xf_keyboard.h b/client/X11/xf_keyboard.h -index 92e08fc..e316f07 100644 ---- a/client/X11/xf_keyboard.h -+++ b/client/X11/xf_keyboard.h -@@ -28,6 +28,7 @@ - void xf_kbd_init(xfInfo* xfi); - void xf_kbd_set_keypress(xfInfo* xfi, uint8 keycode, KeySym keysym); - void xf_kbd_unset_keypress(xfInfo* xfi, uint8 keycode); -+void xf_kbd_release_all_keypress(xfInfo* xfi); - boolean xf_kbd_key_pressed(xfInfo* xfi, KeySym keysym); - void xf_kbd_send_key(xfInfo* xfi, boolean down, uint8 keycode); - int xf_kbd_read_keyboard_state(xfInfo* xfi); --- -2.9.3 - diff --git a/SPECS/freerdp.spec b/SPECS/freerdp.spec index 8efc64f..ef091b9 100644 --- a/SPECS/freerdp.spec +++ b/SPECS/freerdp.spec @@ -1,111 +1,94 @@ -Name: freerdp -Version: 1.0.2 -Release: 15%{?dist}.1 -Summary: Remote Desktop Protocol client +%global gittag 2.0.0-rc4 + +# Can be rebuilt with FFmpeg/H264 support enabled by passing "--with=ffmpeg", +# "--with=x264" or "--with=openh264" to mock/rpmbuild; or by globally setting +# these variables: + +#global _with_ffmpeg 1 +#global _with_x264 1 +#global _with_openh264 1 + +# Momentarily disable GSS support +# https://github.com/FreeRDP/FreeRDP/issues/4348 +#global _with_gss 1 -Group: Applications/Communications +# Disable server support in RHEL +# https://bugzilla.redhat.com/show_bug.cgi?id=1639165 +%{!?rhel:%global _with_server 1} + +Name: freerdp +Version: 2.0.0 +Release: 1.rc4%{?dist} +Summary: Free implementation of the Remote Desktop Protocol (RDP) License: ASL 2.0 URL: http://www.freerdp.com/ -Source0: http://pub.freerdp.com/releases/%{name}-%{version}.tar.gz -BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) -BuildRequires: cmake -BuildRequires: xmlto -BuildRequires: openssl-devel +Source0: https://github.com/FreeRDP/FreeRDP/archive/%{gittag}/FreeRDP-%{gittag}.tar.gz +Source1: build-config.h + +BuildRequires: gcc +BuildRequires: gcc-c++ +BuildRequires: alsa-lib-devel +BuildRequires: cmake >= 2.8 +BuildRequires: cups-devel +BuildRequires: gsm-devel +BuildRequires: libjpeg-turbo-devel BuildRequires: libX11-devel -BuildRequires: libXext-devel -BuildRequires: libXinerama-devel BuildRequires: libXcursor-devel BuildRequires: libXdamage-devel -BuildRequires: libXv-devel +BuildRequires: libXext-devel +BuildRequires: libXi-devel +BuildRequires: libXinerama-devel BuildRequires: libxkbfile-devel -BuildRequires: pulseaudio-libs-devel -BuildRequires: cups-devel -BuildRequires: pcsc-lite-devel -BuildRequires: desktop-file-utils +BuildRequires: libXrandr-devel +%{?_with_server:BuildRequires: libXtst-devel} +BuildRequires: libXv-devel +%{?_with_openh264:BuildRequires: openh264-devel} +%{?_with_x264:BuildRequires: x264-devel} +%{?_with_server:BuildRequires: pam-devel} +BuildRequires: xmlto +BuildRequires: zlib-devel + +BuildRequires: pkgconfig(dbus-1) +BuildRequires: pkgconfig(dbus-glib-1) +BuildRequires: pkgconfig(glib-2.0) +BuildRequires: pkgconfig(gstreamer-1.0) +BuildRequires: pkgconfig(gstreamer-base-1.0) +BuildRequires: pkgconfig(gstreamer-app-1.0) +BuildRequires: pkgconfig(gstreamer-audio-1.0) +BuildRequires: pkgconfig(gstreamer-fft-1.0) +BuildRequires: pkgconfig(gstreamer-pbutils-1.0) +BuildRequires: pkgconfig(gstreamer-video-1.0) +%{?_with_gss:BuildRequires: pkgconfig(krb5) >= 1.13} +BuildRequires: pkgconfig(libpcsclite) +BuildRequires: pkgconfig(libpulse) +BuildRequires: pkgconfig(libsystemd) +BuildRequires: pkgconfig(openssl) +BuildRequires: pkgconfig(wayland-client) +BuildRequires: pkgconfig(wayland-scanner) +BuildRequires: pkgconfig(xkbcommon) + +%{?_with_ffmpeg: +BuildRequires: pkgconfig(libavcodec) >= 57.48.101 +BuildRequires: pkgconfig(libavutil) +} Provides: xfreerdp = %{version}-%{release} Requires: %{name}-libs%{?_isa} = %{version}-%{release} -Requires: %{name}-plugins%{?_isa} = %{version}-%{release} - -Patch0: 0001-xfreerdp.1.xml-Don-t-claim-to-support-multiple-conne.patch -Patch1: 0002-Replace-itemizedlist-s-with-variablelist-s.patch - -# https://bugzilla.redhat.com/show_bug.cgi?id=1186916 -Patch3: libfreerdp-core-fix-issue-436.patch - -# https://bugzilla.redhat.com/show_bug.cgi?id=1296654 -Patch4: fix-crashes-in-pulseaudio.patch - -# Fix crash if pulseaudio device isn't specified -# https://bugzilla.redhat.com/show_bug.cgi?id=1067543 -Patch5: rdpsnd-pulse-Fix-crash-if-device-isn-t-specified.patch - -# Fix crash if requested bitmap isn't in cache -# https://bugzilla.redhat.com/show_bug.cgi?id=1311164 -Patch6: cover-the-case-of-servers-asking-for-cached-bitmaps-.patch - -# Add support for wildcard certificates -# https://bugzilla.redhat.com/show_bug.cgi?id=1275241 -Patch7: libfreerdp-core-verify-TLS-certificate-with-both-TLS.patch -Patch8: fix-issue-530-NLA-password-asked-after-certificate-r.patch -Patch9: 1-Add-support-for-Wildcard-Certificates-2-For-Gatewa.patch -Patch10: Using-the-more-efficient-code-for-comparing-host-nam.patch -Patch11: Fixed-a-possible-buffer-overflow-issue.patch - -# Prevent stucked keys on focus out and unmap events -# https://bugzilla.redhat.com/show_bug.cgi?id=1415069 -Patch12: x11-release-all-pressed-keys-when-window-is-unmapped.patch -Patch13: release-keys-when-xfreerdp-is-unfocused-to-prevent-s.patch - -# Fix crashes when copying images -# https://bugzilla.redhat.com/show_bug.cgi?id=1417536 -Patch14: remove-unncessary-NULL-ptr-check.patch - -# Enable TLS 1.1 connections and later -# https://bugzilla.redhat.com/show_bug.cgi?id=1312967 -Patch15: tls-enable-tls-1.patch - -# Add description for available plugins -# https://bugzilla.redhat.com/show_bug.cgi?id=1428041 -Patch16: Add-description-for-available-plugins.patch -Patch20: Fix-smartcard-usage-in-manpage.patch - -# Fix NTLM on big endian -# https://bugzilla.redhat.com/show_bug.cgi?id=1204742 -Patch17: Fix-NTLM-on-big-endian.patch - -# Fix colors on big endian -# https://bugzilla.redhat.com/show_bug.cgi?id=1308810 -Patch18: Fix-colors-on-big-endian.patch - -# Add FIPS mode support -# https://bugzilla.redhat.com/show_bug.cgi?id=1363811 -Patch19: FIPS-mode-support.patch - -# Fix CVE-2018-8786 -# https://bugzilla.redhat.com/show_bug.cgi?id=1684152 -Patch21: CVE-2018-8786.patch - -# Fix CVE-2018-8787 -# https://bugzilla.redhat.com/show_bug.cgi?id=1684156 -Patch22: CVE-2018-8787.patch - -# Fix CVE-2018-8788 -# https://bugzilla.redhat.com/show_bug.cgi?id=1684163 -Patch23: CVE-2018-8788.patch +Requires: libwinpr%{?_isa} = %{version}-%{release} %description -The xfreerdp Remote Desktop Protocol (RDP) client from the FreeRDP +The xfreerdp & wlfreerdp Remote Desktop Protocol (RDP) clients from the FreeRDP project. -xfreerdp can connect to RDP servers such as Microsoft Windows +xfreerdp & wlfreerdp can connect to RDP servers such as Microsoft Windows machines, xrdp and VirtualBox. - %package libs Summary: Core libraries implementing the RDP protocol -Group: Applications/Communications +Requires: libwinpr%{?_isa} = %{version}-%{release} +Obsoletes: %{name}-plugins < 2.0.0 +Provides: %{name}-plugins = %{version}-%{release} %description libs libfreerdp-core can be embedded in applications. @@ -114,148 +97,206 @@ applications together with libfreerdp-core. libfreerdp-core can be extended with plugins handling RDP channels. - -%package plugins -Summary: Plugins for handling the standard RDP channels -Group: Applications/Communications -Requires: %{name}-libs%{?_isa} = %{version}-%{release} -%description plugins -A set of plugins to the channel manager implementing the standard virtual -channels extending RDP core functionality. For instance, sounds, clipboard -sync, disk/printer redirection, etc. - - %package devel Summary: Development files for %{name} -Group: Development/Libraries Requires: %{name}-libs%{?_isa} = %{version}-%{release} Requires: pkgconfig +Requires: cmake >= 2.8 %description devel -The %{name}-devel package contains libraries and header files for -developing applications that use %{name}-libs. - - -%prep - -%setup -q - -%patch0 -p1 -%patch1 -p1 -%patch3 -p1 -b .fix-invalid-dereference -%patch4 -p1 -b .fix-crashes-in-pulseaudio -%patch5 -p1 -b .rdpsnd-pulse-fix-crash-if-device-isn-t-specified -%patch6 -p1 -b .cover-the-case-of-servers-asking-for-cached-bitmaps-.patch -%patch7 -p1 -b .libfreerdp-core-verify-TLS-certificate-with-both-TLS -%patch8 -p1 -b .fix-issue-530-NLA-password-asked-after-certificate-r -%patch9 -p1 -b .1-Add-support-for-Wildcard-Certificates-2-For-Gatewa -%patch10 -p1 -b .Using-the-more-efficient-code-for-comparing-host-nam -%patch11 -p1 -b .Fixed-a-possible-buffer-overflow-issue -%patch12 -p1 -b .x11-release-all-pressed-keys-when-window-is-unmapped -%patch13 -p1 -b .release-keys-when-xfreerdp-is-unfocused-to-prevent-s -%patch14 -p1 -b .remove-unncessary-NULL-ptr-check -%patch15 -p1 -b .tls-enable-tls-1 -%patch16 -p1 -b .Add-description-for-available-plugins -%patch17 -p1 -b .Fix-NTLM-on-big-endian -%patch18 -p1 -b .Fix-colors-on-big-endian -%patch19 -p1 -b .FIPS-mode-support -%patch20 -p1 -b .Fix-smartcard-usage-in-manpage -%patch21 -p1 -b .CVE-2018-8786 -%patch22 -p1 -b .CVE-2018-8787 -%patch23 -p1 -b .CVE-2018-8788 - -cat << EOF > xfreerdp.desktop -[Desktop Entry] -Type=Application -Name=X FreeRDP -NoDisplay=true -Comment=Connect to RDP server and display remote desktop -Icon=%{name} -Exec=/usr/bin/xfreerdp -Terminal=false -Categories=Network;RemoteAccess; -EOF +The %{name}-devel package contains libraries and header files for developing +applications that use %{name}-libs. +%{?_with_server: +%package server +Summary: Server support for %{name} +Requires: libwinpr%{?_isa} = %{version}-%{release} +Requires: %{name}-libs%{?_isa} = %{version}-%{release} -%build +%description server +The %{name}-server package contains servers which can export a desktop via +the RDP protocol. +} -%cmake \ - -DWITH_CUPS=ON \ - -DWITH_PCSC=ON \ - -DWITH_PULSEAUDIO=ON \ - -DWITH_X11=ON \ - -DWITH_XCURSOR=ON \ - -DWITH_XEXT=ON \ - -DWITH_XINERAMA=ON \ - -DWITH_XKBFILE=ON \ - -DWITH_XV=ON \ - -DWITH_ALSA=OFF \ - -DWITH_CUNIT=OFF \ - -DWITH_DIRECTFB=OFF \ - -DWITH_FFMPEG=OFF \ - -DWITH_SSE2=OFF \ - -DCMAKE_INSTALL_LIBDIR:PATH=%{_lib} \ - . +%package -n libwinpr +Summary: Windows Portable Runtime +Provides: %{name}-libwinpr = %{version}-%{release} -make %{?_smp_mflags} +%description -n libwinpr +WinPR provides API compatibility for applications targeting non-Windows +environments. When on Windows, the original native API is being used instead of +the equivalent WinPR implementation, without having to modify the code using it. +%package -n libwinpr-devel +Summary: Windows Portable Runtime development files +Requires: libwinpr%{?_isa} = %{version}-%{release} +Requires: pkgconfig +Requires: cmake >= 2.8 -%install -rm -rf $RPM_BUILD_ROOT +%description -n libwinpr-devel +The %{name}-libwinpr-devel package contains libraries and header files for +developing applications that use %{name}-libwinpr. -make install DESTDIR=$RPM_BUILD_ROOT INSTALL='install -p' +%prep +%autosetup -p1 -n FreeRDP-%{gittag} -# No need for keymap files when using xkbfile -rm -rf $RPM_BUILD_ROOT/usr/share/freerdp +# Rpmlint fixes +find . -name "*.h" -exec chmod 664 {} \; +find . -name "*.c" -exec chmod 664 {} \; -desktop-file-install --dir=$RPM_BUILD_ROOT%{_datadir}/applications xfreerdp.desktop -install -p -D resources/FreeRDP_Icon_256px.png $RPM_BUILD_ROOT%{_datadir}/icons/hicolor/256x256/apps/%{name}.png +%build +%cmake %{?_cmake_skip_rpath} \ + -DCMAKE_INSTALL_LIBDIR:PATH=%{_lib} \ + -DWITH_ALSA=ON \ + -DWITH_CUPS=ON \ + -DWITH_CHANNELS=ON -DBUILTIN_CHANNELS=OFF \ + -DWITH_CLIENT=ON \ + -DWITH_DIRECTFB=OFF \ + -DWITH_FFMPEG=%{?_with_ffmpeg:ON}%{?!_with_ffmpeg:OFF} \ + -DWITH_GSM=ON \ + -DWITH_GSSAPI=%{?_with_gss:ON}%{?!_with_gss:OFF} \ + -DWITH_GSTREAMER_1_0=ON -DWITH_GSTREAMER_0_10=OFF \ + -DGSTREAMER_1_0_INCLUDE_DIRS=%{_includedir}/gstreamer-1.0 \ + -DWITH_IPP=OFF \ + -DWITH_JPEG=ON \ + -DWITH_MANPAGES=ON \ + -DWITH_OPENH264=%{?_with_openh264:ON}%{?!_with_openh264:OFF} \ + -DWITH_OPENSSL=ON \ + -DWITH_PCSC=ON \ + -DWITH_PULSE=ON \ + -DWITH_SERVER=%{?_with_server:ON}%{?!_with_server:OFF} \ + -DWITH_SERVER_INTERFACE=%{?_with_server:ON}%{?!_with_server:OFF} \ + -DWITH_SHADOW_X11=%{?_with_server:ON}%{?!_with_server:OFF} \ + -DWITH_SHADOW_MAC=%{?_with_server:ON}%{?!_with_server:OFF} \ + -DWITH_WAYLAND=ON \ + -DWITH_X11=ON \ + -DWITH_X264=%{?_with_x264:ON}%{?!_with_x264:OFF} \ + -DWITH_XCURSOR=ON \ + -DWITH_XEXT=ON \ + -DWITH_XKBFILE=ON \ + -DWITH_XI=ON \ + -DWITH_XINERAMA=ON \ + -DWITH_XRENDER=ON \ + -DWITH_XTEST=%{?_with_server:ON}%{?!_with_server:OFF} \ + -DWITH_XV=ON \ + -DWITH_ZLIB=ON \ +%ifarch x86_64 + -DWITH_SSE2=ON \ +%else + -DWITH_SSE2=OFF \ +%endif +%ifarch armv7hl + -DARM_FP_ABI=hard \ + -DWITH_NEON=OFF \ +%endif +%ifarch armv7hnl + -DARM_FP_ABI=hard \ + -DWITH_NEON=ON \ +%endif +%ifarch armv5tel armv6l armv7l + -DARM_FP_ABI=soft \ + -DWITH_NEON=OFF \ +%endif + . +make %{?_smp_mflags} -%clean -rm -rf $RPM_BUILD_ROOT +pushd winpr/tools/makecert-cli +make %{?_smp_mflags} +popd +%install +%make_install +%make_install COMPONENT=tools -%post -# This is no gtk application, but try to integrate nicely with GNOME if it is available -gtk-update-icon-cache %{_datadir}/icons/hicolor &>/dev/null || : +find %{buildroot} -name "*.a" -delete +# build-config.h is not multilib clean and multilib-rpm-config is not available +mv $RPM_BUILD_ROOT/%{_includedir}/freerdp2/freerdp/build-config.h $RPM_BUILD_ROOT/%{_includedir}/freerdp2/freerdp/build-config-`getconf LONG_BIT`.h +install -m 644 %{SOURCE1} $RPM_BUILD_ROOT/%{_includedir}/freerdp2/freerdp/ %post libs -p /sbin/ldconfig - %postun libs -p /sbin/ldconfig +%post -n libwinpr -p /sbin/ldconfig + +%postun -n libwinpr -p /sbin/ldconfig %files -%defattr(-,root,root,-) +%{_bindir}/winpr-hash +%{_bindir}/winpr-makecert +%{_bindir}/wlfreerdp %{_bindir}/xfreerdp -%{_mandir}/man1/xfreerdp.* -%{_datadir}/applications/xfreerdp.desktop -%{_datadir}/icons/hicolor/256x256/apps/%{name}.png +%{_mandir}/man1/winpr-hash.1.* +%{_mandir}/man1/winpr-makecert.1.* +%{_mandir}/man1/wlfreerdp.1.* +%{_mandir}/man1/xfreerdp.1.* %files libs -%defattr(-,root,root,-) -%doc LICENSE README ChangeLog -%{_libdir}/lib%{name}-*.so.* -%dir %{_libdir}/%{name}/ - -%files plugins -%defattr(-,root,root,-) -%{_libdir}/%{name}/* +%license LICENSE +%doc README ChangeLog +%{_libdir}/freerdp2/ +%{_libdir}/libfreerdp-client2.so.* +%{?_with_server: +%{_libdir}/libfreerdp-server2.so.* +%{_libdir}/libfreerdp-shadow2.so.* +%{_libdir}/libfreerdp-shadow-subsystem2.so.* +} +%{_libdir}/libfreerdp2.so.* +%{_libdir}/libuwac0.so.* +%{_mandir}/man7/wlog.* %files devel -%defattr(-,root,root,-) -%{_includedir}/%{name}/ -%{_libdir}/lib%{name}-*.so -%{_libdir}/pkgconfig/%{name}.pc - +%{_includedir}/freerdp2 +%{_includedir}/uwac0 +%{_libdir}/cmake/FreeRDP2 +%{_libdir}/cmake/FreeRDP-Client2 +%{?_with_server: +%{_libdir}/cmake/FreeRDP-Server2 +%{_libdir}/cmake/FreeRDP-Shadow2 +} +%{_libdir}/cmake/uwac0 +%{_libdir}/libfreerdp-client2.so +%{?_with_server: +%{_libdir}/libfreerdp-server2.so +%{_libdir}/libfreerdp-shadow2.so +%{_libdir}/libfreerdp-shadow-subsystem2.so +} +%{_libdir}/libfreerdp2.so +%{_libdir}/libuwac0.so +%{_libdir}/pkgconfig/freerdp2.pc +%{_libdir}/pkgconfig/freerdp-client2.pc +%{?_with_server: +%{_libdir}/pkgconfig/freerdp-server2.pc +%{_libdir}/pkgconfig/freerdp-shadow2.pc +} +%{_libdir}/pkgconfig/uwac0.pc + +%{?_with_server: +%files server +%{_bindir}/freerdp-shadow-cli +%{_mandir}/man1/freerdp-shadow-cli.1.* +} + +%files -n libwinpr +%{!?_licensedir:%global license %%doc} +%license LICENSE +%doc README ChangeLog +%{_libdir}/libwinpr2.so.* +%{_libdir}/libwinpr-tools2.so.* + +%files -n libwinpr-devel +%{_libdir}/cmake/WinPR2 +%{_includedir}/winpr2 +%{_libdir}/libwinpr2.so +%{_libdir}/libwinpr-tools2.so +%{_libdir}/pkgconfig/winpr2.pc +%{_libdir}/pkgconfig/winpr-tools2.pc %changelog -* Fri Mar 8 2019 Ondrej Holy - 1.0.2-15.1 -- Fix CVE-2018-8786 (#1684152) -- Fix CVE-2018-8787 (#1684156) -- Fix CVE-2018-8788 (#1684163) +* Wed Feb 20 2019 Ondrej Holy - 2.0.0-1.rc4 +- Update to 2.0.0-rc4 (#1291254) * Wed Jan 31 2018 Ondrej Holy - 1.0.2-15 - Fix smartcard usage in manpage (#1428041)