Accepting request 793853 from home:weberho:branches:X11:RemoteDesktop

- Added cairo support for scaling - Cleaned up spec - Removed patch freerdp-Fix-realloc-return-handling.patch - Added pkgconfig(libusb-1.0) for building - Added new package for freerdp-proxy - Cleaned up spec file - Updated to release 2.0.0 * Fixed CVEs: - CVE-2020-11521 - CVE-2020-11522 - CVE-2020-11523 - CVE-2020-11524 - CVE-2020-11525 - CVE-2020-11526 * Fixed security related issues: - gh#FreeRDP/FreeRDP#6005 - gh#FreeRDP/FreeRDP#6006 - gh#FreeRDP/FreeRDP#6007 - gh#FreeRDP/FreeRDP#6008 - gh#FreeRDP/FreeRDP#6009 - gh#FreeRDP/FreeRDP#6010 - gh#FreeRDP/FreeRDP#6011 - gh#FreeRDP/FreeRDP#6012 - gh#FreeRDP/FreeRDP#6013 * sha256 is now used instead of sha1 to fingerprint certificates. This will invalidate all hosts in FreeRDP known_hosts2 file and causes a prompt if a new connection is established after the update * First version of the RDP proxy was added (gh#FreeRDP/FreeRDP#5372) thanks to @kubistika * Smartcard received some refactoring. Missing functions were added and input validation was improved (gh#FreeRDP/FreeRDP#5884) * A new option /cert that unifies all certificate related options (gh#FreeRDP/FreeRDP#5880) The old options (cert-ignore, cert-deny, cert-name, cert-tofu) are still available but marked as deprecated * Support for Remote Assistance Protocol Version 2 [MS-RA] * The DirectFB client was removed because it was unmaintained * Unified initialization of OrderSupport * Fix for licensing against Windows Server 2003 * Font smoothing is now enabled per default * Smart scaling for Wayland using libcairo was added (gh#FreeRDP/FreeRDP#5215) * Unified update->BeginPaint and update->EndPaint * An image scaling API for software drawing was added * Rail was updated to the latest spec version 28.0 * Support for H.264 in the shadow server is now detected at runtime * Add mask=<value> option for /gfx and /gfx-h264 (gh#FreeRDP/FreeRDP#5771) * A new option /timeout was added to adjust the TCP ACK timeout (gh#FreeRDP/FreeRDP#5987) OBS-URL: https://build.opensuse.org/request/show/793853 OBS-URL: https://build.opensuse.org/package/show/X11:RemoteDesktop/freerdp?expand=0&rev=93
2020-04-14 12:02:57 +00:00 · 2020-04-14 12:02:57 +00:00 · c255afafe7
commit c255afafe7
parent 948bab9897
5 changed files with 107 additions and 203 deletions
--- a/FreeRDP-2.0.0-rc4.tar.gz
+++ b/FreeRDP-2.0.0-rc4.tar.gz
@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:3406f3bfab63f81c1533029a5bf73949ff60f22f6e155c5a08005b8b8afe6d49
-size 6615213
--- a/FreeRDP-2.0.0.tar.gz
+++ b/FreeRDP-2.0.0.tar.gz
@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:6f5202240119f79bb9f23c82b71ab17b493d92571bfd3f59ca6dcad11d77030d
+size 6812941
--- a/freerdp-Fix-realloc-return-handling.patch
+++ b/freerdp-Fix-realloc-return-handling.patch
@ -1,174 +0,0 @@
-From 9fee4ae076b1ec97b97efb79ece08d1dab4df29a Mon Sep 17 00:00:00 2001
-From: Armin Novak <armin.novak@thincast.com>
-Date: Fri, 4 Oct 2019 14:49:30 +0200
-Subject: [PATCH] Fixed #5645: realloc return handling
-
---
- client/X11/generate_argument_docbook.c | 33 +++++++++++++++++++++++++++------
- libfreerdp/codec/region.c              | 17 ++++++++++++++---
- winpr/libwinpr/utils/lodepng/lodepng.c |  6 +++++-
- 3 files changed, 46 insertions(+), 10 deletions(-)
-
-diff --git a/client/X11/generate_argument_docbook.c b/client/X11/generate_argument_docbook.c
-index b700539e2..1a3ebf563 100644
--- a/client/X11/generate_argument_docbook.c
-+++ b/client/X11/generate_argument_docbook.c
-@@ -9,6 +9,7 @@
- LPSTR tr_esc_str(LPCSTR arg, bool format)
- {
- 	LPSTR tmp = NULL;
-+	LPSTR tmp2 = NULL;
- 	size_t cs = 0, x, ds, len;
- 	size_t s;
- 
-@@ -25,7 +26,12 @@ LPSTR tr_esc_str(LPCSTR arg, bool format)
- 	ds = s + 1;
- 
- 	if (s)
-		tmp = (LPSTR)realloc(tmp, ds * sizeof(CHAR));
-+	{
-+		tmp2 = (LPSTR)realloc(tmp, ds * sizeof(CHAR));
-+		if (!tmp2)
-+			free(tmp);
-+		tmp = tmp2;
-+	}
- 
- 	if (NULL == tmp)
- 	{
-@@ -43,7 +49,10 @@ LPSTR tr_esc_str(LPCSTR arg, bool format)
- 			case '<':
- 				len = format ? 13 : 4;
- 				ds += len - 1;
-				tmp = (LPSTR)realloc(tmp, ds * sizeof(CHAR));
-+				tmp2 = (LPSTR)realloc(tmp, ds * sizeof(CHAR));
-+				if (!tmp2)
-+					free(tmp);
-+				tmp = tmp2;
- 
- 				if (NULL == tmp)
- 				{
-@@ -64,7 +73,10 @@ LPSTR tr_esc_str(LPCSTR arg, bool format)
- 			case '>':
- 				len = format ? 14 : 4;
- 				ds += len - 1;
-				tmp = (LPSTR)realloc(tmp, ds * sizeof(CHAR));
-+				tmp2 = (LPSTR)realloc(tmp, ds * sizeof(CHAR));
-+				if (!tmp2)
-+					free(tmp);
-+				tmp = tmp2;
- 
- 				if (NULL == tmp)
- 				{
-@@ -84,7 +96,10 @@ LPSTR tr_esc_str(LPCSTR arg, bool format)
- 
- 			case '\'':
- 				ds += 5;
-				tmp = (LPSTR)realloc(tmp, ds * sizeof(CHAR));
-+				tmp2 = (LPSTR)realloc(tmp, ds * sizeof(CHAR));
-+				if (!tmp2)
-+					free(tmp);
-+				tmp = tmp2;
- 
- 				if (NULL == tmp)
- 				{
-@@ -102,7 +117,10 @@ LPSTR tr_esc_str(LPCSTR arg, bool format)
- 
- 			case '"':
- 				ds += 5;
-				tmp = (LPSTR)realloc(tmp, ds * sizeof(CHAR));
-+				tmp2 = (LPSTR)realloc(tmp, ds * sizeof(CHAR));
-+				if (!tmp2)
-+					free(tmp);
-+				tmp = tmp2;
- 
- 				if (NULL == tmp)
- 				{
-@@ -120,7 +138,10 @@ LPSTR tr_esc_str(LPCSTR arg, bool format)
- 
- 			case '&':
- 				ds += 4;
-				tmp = (LPSTR)realloc(tmp, ds * sizeof(CHAR));
-+				tmp2 = (LPSTR)realloc(tmp, ds * sizeof(CHAR));
-+				if (!tmp2)
-+					free(tmp);
-+				tmp = tmp2;
- 
- 				if (NULL == tmp)
- 				{
-diff --git a/libfreerdp/codec/region.c b/libfreerdp/codec/region.c
-index 2bc866538..c5d19c806 100644
--- a/libfreerdp/codec/region.c
-+++ b/libfreerdp/codec/region.c
-@@ -467,8 +467,12 @@ static BOOL region16_simplify_bands(REGION16* region)
- 
- 	if (finalNbRects != nbRects)
- 	{
-		int allocSize = sizeof(REGION16_DATA) + (finalNbRects * sizeof(RECTANGLE_16));
-		region->data = realloc(region->data, allocSize);
-+		REGION16_DATA* data;
-+		size_t allocSize = sizeof(REGION16_DATA) + (finalNbRects * sizeof(RECTANGLE_16));
-+		data = realloc(region->data, allocSize);
-+		if (!data)
-+			free(region->data);
-+		region->data = data;
- 
- 		if (!region->data)
- 		{
-@@ -485,10 +489,12 @@ static BOOL region16_simplify_bands(REGION16* region)
- 
- BOOL region16_union_rect(REGION16* dst, const REGION16* src, const RECTANGLE_16* rect)
- {
-+	REGION16_DATA* data;
- 	const RECTANGLE_16* srcExtents;
- 	RECTANGLE_16* dstExtents;
- 	const RECTANGLE_16* currentBand, *endSrcRect, *nextBand;
- 	REGION16_DATA* newItems = NULL;
-+	REGION16_DATA* tmpItems = NULL;
- 	RECTANGLE_16* dstRect = NULL;
- 	UINT32 usedRects, srcNbRects;
- 	UINT16 topInterBand;
-@@ -673,7 +679,11 @@ BOOL region16_union_rect(REGION16* dst, const REGION16* src, const RECTANGLE_16*
- 	dstExtents->bottom = MAX(rect->bottom, srcExtents->bottom);
- 	dstExtents->right = MAX(rect->right, srcExtents->right);
- 	newItems->size = sizeof(REGION16_DATA) + (usedRects * sizeof(RECTANGLE_16));
-	dst->data = realloc(newItems, newItems->size);
-+	tmpItems = realloc(newItems, newItems->size);
-+	if (!tmpItems)
-+		free(newItems);
-+	newItems = tmpItems;
-+	dst->data = newItems;
- 
- 	if (!dst->data)
- 	{
-@@ -717,6 +727,7 @@ BOOL region16_intersects_rect(const REGION16* src, const RECTANGLE_16* arg2)
- 
- BOOL region16_intersect_rect(REGION16* dst, const REGION16* src, const RECTANGLE_16* rect)
- {
-+	REGION16_DATA* data;
- 	REGION16_DATA* newItems;
- 	const RECTANGLE_16* srcPtr, *endPtr, *srcExtents;
- 	RECTANGLE_16* dstPtr;
-diff --git a/winpr/libwinpr/utils/lodepng/lodepng.c b/winpr/libwinpr/utils/lodepng/lodepng.c
-index 741a953b8..b48c881a2 100644
--- a/winpr/libwinpr/utils/lodepng/lodepng.c
-+++ b/winpr/libwinpr/utils/lodepng/lodepng.c
-@@ -841,11 +841,15 @@ unsigned lodepng_huffman_code_lengths(unsigned* lengths, const unsigned* frequen
- static unsigned HuffmanTree_makeFromFrequencies(HuffmanTree* tree, const unsigned* frequencies,
-                                                 size_t mincodes, size_t numcodes, unsigned maxbitlen)
- {
-+	unsigned* lengths;
-   unsigned error = 0;
-   while(!frequencies[numcodes - 1] && numcodes > mincodes) numcodes--; /*trim zeroes*/
-   tree->maxbitlen = maxbitlen;
-   tree->numcodes = (unsigned)numcodes; /*number of symbols*/
-  tree->lengths = (unsigned*)realloc(tree->lengths, numcodes * sizeof(unsigned));
-+  lengths = (unsigned*)realloc(tree->lengths, numcodes * sizeof(unsigned));
-+	if (!lengths)
-+		free(tree->lengths);
-+	tree->lengths = lengths;
-   if(!tree->lengths) return 83; /*alloc fail*/
-   /*initialize all lengths to 0*/
-   memset(tree->lengths, 0, numcodes * sizeof(unsigned));
-- 
-2.16.4
-
--- a/freerdp.changes
+++ b/freerdp.changes
@ -1,3 +1,62 @@
+-------------------------------------------------------------------
+Mon Apr 13 05:23:54 UTC 2020 - Johannes Weberhofer <jweberhofer@weberhofer.at>
+
+- Added cairo support for scaling
+- Cleaned up spec
+
+-------------------------------------------------------------------
+Sun Apr 12 06:06:44 UTC 2020 - Johannes Weberhofer <jweberhofer@weberhofer.at>
+
+- Removed patch freerdp-Fix-realloc-return-handling.patch
+- Added pkgconfig(libusb-1.0) for building
+- Added new package for freerdp-proxy
+- Cleaned up spec file
+
+- Updated to release 2.0.0
+
+  * Fixed CVEs:
+    - CVE-2020-11521
+    - CVE-2020-11522
+    - CVE-2020-11523
+    - CVE-2020-11524
+    - CVE-2020-11525
+    - CVE-2020-11526
+
+  * Fixed security related issues:
+    - gh#FreeRDP/FreeRDP#6005
+    - gh#FreeRDP/FreeRDP#6006
+    - gh#FreeRDP/FreeRDP#6007
+    - gh#FreeRDP/FreeRDP#6008
+    - gh#FreeRDP/FreeRDP#6009
+    - gh#FreeRDP/FreeRDP#6010
+    - gh#FreeRDP/FreeRDP#6011
+    - gh#FreeRDP/FreeRDP#6012
+    - gh#FreeRDP/FreeRDP#6013
+
+  * sha256 is now used instead of sha1 to fingerprint certificates. This will
+    invalidate all hosts in FreeRDP known_hosts2 file and causes a prompt if a
+    new connection is established after the update
+
+  * First version of the RDP proxy was added (gh#FreeRDP/FreeRDP#5372)
+    thanks to @kubistika
+  * Smartcard received some refactoring. Missing functions were added and input
+    validation was improved (gh#FreeRDP/FreeRDP#5884)
+  * A new option /cert that unifies all certificate related options (gh#FreeRDP/FreeRDP#5880)  
+    The old options (cert-ignore, cert-deny, cert-name, cert-tofu) are still
+    available but marked as deprecated
+  * Support for Remote Assistance Protocol Version 2 [MS-RA]
+  * The DirectFB client was removed because it was unmaintained
+  * Unified initialization of OrderSupport
+  * Fix for licensing against Windows Server 2003
+  * Font smoothing is now enabled per default
+  * Smart scaling for Wayland using libcairo was added (gh#FreeRDP/FreeRDP#5215)
+  * Unified update->BeginPaint and update->EndPaint
+  * An image scaling API for software drawing was added
+  * Rail was updated to the latest spec version 28.0
+  * Support for H.264 in the shadow server is now detected at runtime
+  * Add mask=<value> option for /gfx and /gfx-h264  (gh#FreeRDP/FreeRDP#5771)
+  * A new option /timeout was added to adjust the TCP ACK timeout (gh#FreeRDP/FreeRDP#5987)
+
 -------------------------------------------------------------------
 Fri Mar 20 07:09:25 UTC 2020 - Guillaume GARDET <guillaume.gardet@opensuse.org>

--- a/freerdp.spec
+++ b/freerdp.spec
@ -1,7 +1,7 @@
 #
 # spec file for package freerdp
 #
-# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2020 SUSE LLC
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@ -15,24 +15,28 @@
 # Please submit bugfixes or comments via https://bugs.opensuse.org/
 #

-%ifarch aarch64 %arm
-%define _lto_cflags %{nil}
-%endif

+# X264 and OPENH264 are disabled because openSUSE does not provide the codecs
+# enable -DWITH_GSSAPI=ON again after #gh/FreeRDP/FreeRDP/4348 has been fixed
+#
+#global _with_ffmpeg 1
+#global _with_x264 1
+#global _with_openh264 1
+#
 %define major_version 2
 %define uwac_version 0
 %define uwac_package %{uwac_version}-%{uwac_version}
-%define version_file 2.0.0-rc4
+%ifarch aarch64 %{arm}
+%define _lto_cflags %{nil}
+%endif
 Name:           freerdp
-Version:        2.0.0~rc4
+Version:        2.0.0
 Release:        0
 Summary:        Remote Desktop Viewer Client
 License:        Apache-2.0
 Group:          Productivity/Networking/Other
-Url:            http://www.freerdp.com/
-Source0:        https://github.com/FreeRDP/FreeRDP/archive/%{version_file}.tar.gz#/FreeRDP-%{version_file}.tar.gz
-# PATCH-FIX-UPSTREAM freerdp-Fix-realloc-return-handling.patch boo#1153163 boo#1153164 gh#FreeRDP/FreeRDP#5645 - fezhang@suse.com -- Fix realloc return handling that results in memory leaks
-Patch1:         freerdp-Fix-realloc-return-handling.patch
+URL:            https://www.freerdp.com/
+Source0:        https://github.com/FreeRDP/FreeRDP/archive/%{version}.tar.gz#/FreeRDP-%{version}.tar.gz
 BuildRequires:  chrpath
 BuildRequires:  cmake >= 2.8
 BuildRequires:  cups-devel
@ -46,6 +50,7 @@ BuildRequires:  pkgconfig
 BuildRequires:  xmlto
 BuildRequires:  zlib-devel
 BuildRequires:  pkgconfig(alsa)
+BuildRequires:  pkgconfig(cairo)
 BuildRequires:  pkgconfig(gstreamer-1.0)
 BuildRequires:  pkgconfig(gstreamer-plugins-base-1.0)
 BuildRequires:  pkgconfig(icu-i18n)
@ -53,6 +58,7 @@ BuildRequires:  pkgconfig(krb5)
 BuildRequires:  pkgconfig(libpcsclite)
 BuildRequires:  pkgconfig(libpulse)
 BuildRequires:  pkgconfig(libsystemd)
+BuildRequires:  pkgconfig(libusb-1.0)
 BuildRequires:  pkgconfig(openssl)
 BuildRequires:  pkgconfig(wayland-client)
 BuildRequires:  pkgconfig(wayland-scanner)
@ -93,6 +99,15 @@ This package contains a server-side implementation which can export a desktop
 via the Remote Desktop Protocol (RDP) following the Microsoft Open
 Specifications.

+%package proxy
+Summary:        Remote Desktop Security and Monitorig Proxy Server
+Group:          Productivity/Networking/Other
+
+%description proxy
+This package contains a proxy that allows to select specific features and
+channels allowed for all connections passing through.
+It allows monitoring of the running sessions.
+
 %package -n lib%{name}%{major_version}
 Summary:        Remote Desktop Viewer client library
 Group:          System/Libraries
@ -155,9 +170,7 @@ This package contains header files for developing applications that
 use the uwac library.

 %prep
-%setup -q -n FreeRDP-%{version_file}
-
-%patch1 -p1
+%setup -q -n FreeRDP-%{version}

 %build
 if [ -z "$SOURCE_DATE_EPOCH" ]; then
@ -166,14 +179,13 @@ fi
 export LDFLAGS="-pie"
 export CFLAGS="%{optflags} -fPIE -pie"

-# X264 and OPENH264 are disabled because openSUSE does not provide the codecs
-# enable -DWITH_GSSAPI=ON again after #gh/FreeRDP/FreeRDP/4348 has been fixed
 %cmake \
 	-DCMAKE_INSTALL_PREFIX=%{_prefix} \
 	-DCMAKE_INSTALL_LIBDIR=%{_lib} \
 	-DCMAKE_SKIP_RPATH=ON \
 	-DWITH_ALSA=ON \
 	-DWITH_PCSC=ON \
+	-DWITH_CAIRO=ON \
 	-DWITH_CUPS=ON \
 	-DWITH_PULSE=ON \
 %ifarch %{ix86} x86_64
@ -186,16 +198,20 @@ export CFLAGS="%{optflags} -fPIE -pie"
 	-DCHANNEL_GEOMETRY=ON \
 	-DWITH_CHANNELS=ON \
 	-DWITH_DIRECTFB=OFF \
-	-DWITH_FFMPEG=OFF \
+	-DWITH_FFMPEG=%{?_with_ffmpeg:ON}%{?!_with_ffmpeg:OFF} \
 	-DWITH_GSM=ON \
+	-DWITH_GSSAPI=%{?_with_gss:ON}%{?!_with_gss:OFF} \
+	-DWITH_GSTREAMER_0_10=OFF \
 	-DWITH_GSTREAMER_1_0=ON \
 	-DWITH_ICU=ON \
 	-DWITH_IPP=OFF \
 	-DWITH_JPEG=ON \
 	-DWITH_KRB5=ON \
 	-DWITH_LIBRARY_VERSIONING=ON \
+	-DWITH_OPENH264=%{?_with_openh264:ON}%{?!_with_openh264:OFF} \
 	-DWITH_OPENSSL=ON \
 	-DWITH_X11=ON \
+	-DWITH_X264=%{?_with_x264:ON}%{?!_with_x264:OFF} \
 	-DWITH_XCURSOR=ON \
 	-DWITH_XEXT=ON \
 	-DWITH_XKBFILE=ON \
@ -205,7 +221,7 @@ export CFLAGS="%{optflags} -fPIE -pie"
 	-DWITH_XV=ON \
 	-DWITH_ZLIB=ON

-make %{?_smp_mflags}
+%make_build

 %install
 cd build
@ -221,23 +237,26 @@ cd build

 %files
 %{_bindir}/x%{name}
-%{_mandir}/man1/x%{name}.1%{ext_man}
-%{_mandir}/man7/wlog.7%{ext_man}
+%{_mandir}/man1/x%{name}.1%{?ext_man}
+%{_mandir}/man7/wlog.7%{?ext_man}

 %files wayland
 %{_bindir}/wl%{name}
-%{_mandir}/man1/wl%{name}.1%{ext_man}
+%{_mandir}/man1/wl%{name}.1%{?ext_man}

 %files server
 %{_bindir}/%{name}-shadow-cli
 %{_bindir}/winpr-hash
 %{_bindir}/winpr-makecert
-%{_mandir}/man1/%{name}-shadow-cli.1%{ext_man}
-%{_mandir}/man1/winpr-hash.1%{ext_man}
-%{_mandir}/man1/winpr-makecert.1%{ext_man}
+%{_mandir}/man1/%{name}-shadow-cli.1%{?ext_man}
+%{_mandir}/man1/winpr-hash.1%{?ext_man}
+%{_mandir}/man1/winpr-makecert.1%{?ext_man}
+
+%files proxy
+%{_bindir}/%{name}-proxy

 %files -n lib%{name}%{major_version}
-%doc LICENSE
+%license LICENSE
 %{_libdir}/lib%{name}%{major_version}.so.*
 %{_libdir}/lib%{name}-client%{major_version}.so.*
 %{_libdir}/lib%{name}-shadow%{major_version}.so.*
@ -257,7 +276,7 @@ cd build
 %{_libdir}/pkgconfig/%{name}-shadow%{major_version}.pc

 %files -n libwinpr%{major_version}
-%doc LICENSE
+%license LICENSE
 %{_libdir}/libwinpr%{major_version}.so.*
 %{_libdir}/libwinpr-tools%{major_version}.so.*

@ -270,7 +289,7 @@ cd build
 %{_libdir}/pkgconfig/winpr-tools%{major_version}.pc

 %files -n libuwac%{uwac_package}
-%doc LICENSE
+%license LICENSE
 %{_libdir}/libuwac%{uwac_version}.so.*

 %files -n uwac%{uwac_package}-devel