pxcloud/freerdp2
5
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
274 Commits 8 Branches 78 Tags 14 MiB
9c2cb890eb
Commit Graph

274 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Tobias Frost
9c2cb890eb Import fix for CVE-2022-39283 - closes also #1021659 2023-11-12 13:08:09 +01:00
Tobias Frost
1cddd4643a Import fix for CVE-2022-39282 (Closes: #1021659) 2023-11-12 12:44:19 +01:00
Tobias Frost
ad925990b3 Fix changelog date. 2023-11-12 12:24:32 +01:00
Tobias Frost
cb0fee7d81 Prepare changelog for upload to LTS. 2023-11-12 12:23:35 +01:00
Tobias Frost
343a6e9965 Fixing whitespaces in d/changelog and a typo in a patch. 2023-11-12 12:08:01 +01:00
Tobias Frost
180fc8f332 fix 0052-CVE-2022-24883.patch -- it stopped applying after dropping patch 0051. 2023-10-29 14:23:10 +01:00
Tobias Frost
326341043d Drop patch for CVE-2022-24882 
the patch does not work with 2.3.0, needs more investiagion.
 2023-10-29 14:22:13 +01:00
Tobias Frost
b7fad42bde CVE-2022-41877 - Missing input length validation in drive channel 2023-10-29 00:12:43 +02:00
Tobias Frost
eb2c3e598e CVE-2022-39347 - Missing path sanitation with drive channel 2023-10-28 23:26:25 +02:00
Tobias Frost
ae332a9e65 CVE-2022-39319 - Missing length validation in urbdrc channel 2023-10-29 10:45:28 +01:00
Tobias Frost
9abf5f033b Import fix for CVE-2022-39318 - Division by zero in urbdrc channel 2023-10-29 10:14:56 +01:00
Tobias Frost
56d1291988 Import fix for CVE-2022-39316 - Out of bound read in zgfx decoder 2023-10-29 10:12:55 +01:00
Tobias Frost
3f665697f0 Import fix for CVE-2022-24883 - FreeRDP Server authentication might allow invalid credentials to pass. 2023-10-29 10:09:48 +01:00
Tobias Frost
a8d9578fb9 Import fix for CVE-2022-24882 - Server side NTLM does not properly check parameters. 2023-10-28 20:16:13 +02:00
Tobias Frost
14442af9ac Import fix for CVE-2021-41160 - Improper region checks in all clients allow out of bound write to memory (Closes: #1001062) 2023-10-28 18:36:39 +02:00
Tobias Frost
8f234906e9 Fix wrong number CVE changelog entry. 2023-10-07 20:03:39 +02:00
Tobias Frost
6ebfab5ec1 Prepare changelog for upload. 2023-10-07 17:31:07 +02:00
Tobias Frost
bb305bcdf7 Fix segfault in CVE-2023-39355.patch 
(and use posix_memalign instead of memalign)
 2023-10-07 17:08:05 +02:00
Tobias Frost
f1641af0fd Touch changelog timestamp. 2023-10-07 13:29:57 +02:00
Tobias Frost
b743b819c0 CVE-2023-40589 2023-10-07 13:29:15 +02:00
Tobias Frost
d9179e0766 CVE-2023-40569 2023-10-07 13:27:15 +02:00
Tobias Frost
24c51f4ed8 CVE-2023-40188.patch 2023-10-07 13:17:33 +02:00
Tobias Frost
f6f2bf7896 CVE-2023-40186 2023-10-07 13:11:23 +02:00
Tobias Frost
0f3fd7d339 0045-CVE-2023-40181.patch 2023-10-07 12:53:23 +02:00
Tobias Frost
d1217c6dad Apply upstream patch for CVE-2023-40567. 2023-10-07 12:53:18 +02:00
Tobias Frost
09055cabae Backport upstream patch for CVE-2023-39356. 2023-10-07 12:33:20 +02:00
Tobias Frost
ab18013d96 Backport CVE-2023-39354. 2023-10-07 12:07:10 +02:00
Tobias Frost
2dacc519e5 Backport patch for CVE-2023-39353. 2023-10-07 11:28:59 +02:00
Tobias Frost
792f6a14d1 Backport patch for CVE-2023-39352. 2023-10-07 11:10:12 +02:00
Tobias Frost
a4c483bc30 Cherry-pick upstream patch for CVE-2023-39351. 2023-10-07 10:58:09 +02:00
Tobias Frost
43cbb16760 Revisit CVE-2023-39350 after updates/clarifactions from upstream. 2023-10-07 10:51:05 +02:00
Tobias Frost
500b4499a7 Backport CVE-2023-40589. 
replaced WINPR_ASSERT with plain assert, as this macro is defined only in later versions and if verbose asserting is disabled it will actually do assert() itself.
 2023-10-03 11:14:37 +02:00
Tobias Frost
6ae95183f4 Backport of CVE-2023-39355 
upstream is using in later version aligned memory allocation, so using memaling to simulate that.
That of course required to memset it afterwards, as upstream used calloc for the allocation before.
 2023-10-03 10:57:01 +02:00
Tobias Frost
21305b53c4 Disable piuparts and blhc 
piuparts is broken for buster
blhc is failing, but not going to fix that for the DLA.
 2023-10-03 10:15:50 +02:00
Tobias Frost
efc916e1a4 CVE-2023-39354 2023-10-03 10:08:48 +02:00
Tobias Frost
b6e609f697 CVE-2023-39350 2023-10-03 10:07:13 +02:00
Tobias Frost
0333c99067 Enable Salsa CI 2023-10-03 09:35:54 +02:00
Tobias Frost
6e4db706a5 Debian release 2.3.0+dfsg1-2+deb11u1 
-----BEGIN PGP SIGNATURE-----
 
 iQJVBAABCAA/FiEEm/uu6GwKpf+/IgeCmvRrMCV3GzEFAmInCfghHG1pa2UuZ2Fi
 cmllbEBkYXMtbmV0endlcmt0ZWFtLmRlAAoJEJr0azAldxsxnVsP/iCyxT55ot9U
 DP/mn1sY4R10wEu306RiSHYpIHdhoI5zmpwywq936DC/J7WUebZD0PZfANv5lioX
 VwoJSVXUhsvk67VTR77zFsTwU66E4mtvruh6rP0SO6ooRRbqQedVFsZAAMbugHAL
 3bMPMbJ1jklWsIui/x3ggmEQ5wy8c1kOIttn8PXmo/h4P3cOuuHDSJM1y0BpoqIs
 P7MsK3TTycobUg1sgrtrj/rKrIeqiS3NRZQ0VSiHunSCQdPYPm5CChSaVsgyAenC
 VmnU5+pLSgBYunMh7OFUQCgdBQzKnUIZ9BSxc3ybRnW5hqREpdcwMZ8Nf8oLluEw
 1FYSaqNKpfP0CkwkjWO0qPXiWIoqZIhGC1xA5SivNf2poWkmhhwLH+PXZFHCmlFc
 ba8iFrG9gt4tSM45mVbpJTHbNTHjwsQpbHB+V9zyWt5VC5zsdzsIn1Kxl8obGdvD
 JN+3oo9yTrVw4Mh5fmN52aRtmrd/QVeJKTBv8zN9L7LFi/8Bwb5P7lsqlArNOpQi
 oL1xt6Uv2nHowCteue75DKEt3Q7hxKUrZFtjTPjbuv2ZJk2TSJ27rv9RQ4dhj7hO
 RCDg2sa/AMnyrj0pK9wtaRpUrhAuKEHRfs+8n39z2aqi6CMbMM3p3P8DB2bjhpcc
 v1IXrs60cxRvsg1zhL2bhk1KCAVJrkZc
 =01RW
 -----END PGP SIGNATURE-----

Merge tag 'debian/2.3.0+dfsg1-2+deb11u1' into debian/buster to prepare a
backport for buster.

Debian release 2.3.0+dfsg1-2+deb11u1

Adapt to buster.
 2023-10-03 01:16:50 +02:00
Mike Gabriel
0359d79a4b upload to bullseye (debian/2.3.0+dfsg1-2+deb11u1) 2022-03-08 08:46:53 +01:00
Mike Gabriel
6dd3e7854d debian/patches: Trivial rebase of 1001_keep-symbol-DumpThreadHandles-if-debugging-is-disabled.patch against v2.3.0. 2022-03-08 08:45:25 +01:00
Mike Gabriel
03201de47f debian/patches: Add 1001_keep-symbol-DumpThreadHandles-if-debugging-is-disabled.patch. Keep DumpThreadHandles as a symbol even if WITH_DEBUG_THREADS is OFF. 
(cherry picked from commit f726052dd4)
 2022-03-08 08:44:42 +01:00
Bernhard Miklautz
4db4aa6d33 debian/rules: Disable additional debug logging. (Closes: #1006683). 
(cherry picked from commit a90b67e6c0)
 2022-03-08 08:15:32 +01:00
Mike Gabriel
21d2367ceb upload to unstable (debian/2.3.0+dfsg1-2) 2021-05-16 23:57:27 +02:00
Mike Gabriel
1a69e83215 debian/patches: Add 0035-Fixed-6989-Use-X509_STORE_set_default_paths.patch. Fix Windows 10 logon when using an internal trusted root CA. 2021-05-16 23:37:01 +02:00
Mike Gabriel
91e29c5e59 debian/patches: Add 0034-Fixed-6938-Remote-app-mode-clipboard-fix.patch. In remote app mode the _FREERDP_TIMESTAMP_PROPERTY does not work. Therefore ignore it. 2021-05-16 23:32:35 +02:00
Mike Gabriel
ff70cab82f debian/patches: add forgotten patch files 2021-04-29 12:34:37 +02:00
Mike Gabriel
2d7707f3f8 debian/changelog: update from Git history 2021-04-29 12:18:15 +02:00
Mike Gabriel
fc8bd9add6 debian/patches: Backport changes from 2.3.2 (bound checks, API compat fixes, Smartcard issues fixes, etc.). 
0001-Added-compatibility-define.patch
    0003-Reverted-connectErrorCode-removal.patch
    0004-Fixed-a-leak-on-mouse-cursor-updates.patch
    0007-Fixed-format-string-in-smartcard_trace_state_return.patch
    0008-Fixed-linking-dependencies-for-client-geometry-chann.patch
    0010-Fixed-smartcard_convert_string_list-with-0-length.patch
    0012-Parse-on-a-copy-of-the-argument-string-for-printer.patch
    0015-Fix-xf_Pointer_SetPosition-with-smart-sizing.patch
    0017-Backported-6865-Disable-websockets-command-line-opti.patch
    0019-Check-smartcard_convert_string_list-for-NULL-string.patch
    0020-Use-specific-names-for-drive-hotplug-special-values.patch
    0021-Filter-RDPDR-types-other-than-drives-on-windows-hotp.patch
    0023-use-tlsOut-BIO-when-using-websocket-in-rdg_bio_ctrl.patch
    0024-Added-bounds-checks-to-gfx-commands.patch
    0025-Added-bounds-check-in-rdpgfx_recv_wire_to_surface_1_.patch
    0026-Added-fuzzying-test-for-planar-decoder.patch
    0027-Added-missing-bounds-check.patch
    0028-Fixed-mac-issues-with-smartcard-context-cleanup-6890.patch
    0031-Fix-monitor-list.patch
    0032-Fixed-CodeQL-warnings.patch
    0033-Reverted-winpr_BinToHexString-argument-change.patch
 2021-04-29 12:05:39 +02:00
Mike Gabriel
a58a05cff9 debian/watch: Fix Github watch URL. 2021-04-29 11:54:12 +02:00
Mike Gabriel
702fe3f9aa upload to unstable (debian/2.3.0+dfsg1-1) 2021-02-25 16:50:58 +01:00