From c255afafe7b2b6d9c1982e56571f8fe32db76db8fcff888df3adf3db9fe6f52a Mon Sep 17 00:00:00 2001 From: Johannes Weberhofer Date: Tue, 14 Apr 2020 12:02:57 +0000 Subject: [PATCH] Accepting request 793853 from home:weberho:branches:X11:RemoteDesktop - Added cairo support for scaling - Cleaned up spec - Removed patch freerdp-Fix-realloc-return-handling.patch - Added pkgconfig(libusb-1.0) for building - Added new package for freerdp-proxy - Cleaned up spec file - Updated to release 2.0.0 * Fixed CVEs: - CVE-2020-11521 - CVE-2020-11522 - CVE-2020-11523 - CVE-2020-11524 - CVE-2020-11525 - CVE-2020-11526 * Fixed security related issues: - gh#FreeRDP/FreeRDP#6005 - gh#FreeRDP/FreeRDP#6006 - gh#FreeRDP/FreeRDP#6007 - gh#FreeRDP/FreeRDP#6008 - gh#FreeRDP/FreeRDP#6009 - gh#FreeRDP/FreeRDP#6010 - gh#FreeRDP/FreeRDP#6011 - gh#FreeRDP/FreeRDP#6012 - gh#FreeRDP/FreeRDP#6013 * sha256 is now used instead of sha1 to fingerprint certificates. This will invalidate all hosts in FreeRDP known_hosts2 file and causes a prompt if a new connection is established after the update * First version of the RDP proxy was added (gh#FreeRDP/FreeRDP#5372) thanks to @kubistika * Smartcard received some refactoring. Missing functions were added and input validation was improved (gh#FreeRDP/FreeRDP#5884) * A new option /cert that unifies all certificate related options (gh#FreeRDP/FreeRDP#5880) The old options (cert-ignore, cert-deny, cert-name, cert-tofu) are still available but marked as deprecated * Support for Remote Assistance Protocol Version 2 [MS-RA] * The DirectFB client was removed because it was unmaintained * Unified initialization of OrderSupport * Fix for licensing against Windows Server 2003 * Font smoothing is now enabled per default * Smart scaling for Wayland using libcairo was added (gh#FreeRDP/FreeRDP#5215) * Unified update->BeginPaint and update->EndPaint * An image scaling API for software drawing was added * Rail was updated to the latest spec version 28.0 * Support for H.264 in the shadow server is now detected at runtime * Add mask= option for /gfx and /gfx-h264 (gh#FreeRDP/FreeRDP#5771) * A new option /timeout was added to adjust the TCP ACK timeout (gh#FreeRDP/FreeRDP#5987) OBS-URL: https://build.opensuse.org/request/show/793853 OBS-URL: https://build.opensuse.org/package/show/X11:RemoteDesktop/freerdp?expand=0&rev=93 --- FreeRDP-2.0.0-rc4.tar.gz | 3 - FreeRDP-2.0.0.tar.gz | 3 + freerdp-Fix-realloc-return-handling.patch | 174 ---------------------- freerdp.changes | 59 ++++++++ freerdp.spec | 71 +++++---- 5 files changed, 107 insertions(+), 203 deletions(-) delete mode 100644 FreeRDP-2.0.0-rc4.tar.gz create mode 100644 FreeRDP-2.0.0.tar.gz delete mode 100644 freerdp-Fix-realloc-return-handling.patch diff --git a/FreeRDP-2.0.0-rc4.tar.gz b/FreeRDP-2.0.0-rc4.tar.gz deleted file mode 100644 index 2cefe61..0000000 --- a/FreeRDP-2.0.0-rc4.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:3406f3bfab63f81c1533029a5bf73949ff60f22f6e155c5a08005b8b8afe6d49 -size 6615213 diff --git a/FreeRDP-2.0.0.tar.gz b/FreeRDP-2.0.0.tar.gz new file mode 100644 index 0000000..c4a4571 --- /dev/null +++ b/FreeRDP-2.0.0.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:6f5202240119f79bb9f23c82b71ab17b493d92571bfd3f59ca6dcad11d77030d +size 6812941 diff --git a/freerdp-Fix-realloc-return-handling.patch b/freerdp-Fix-realloc-return-handling.patch deleted file mode 100644 index f9a581e..0000000 --- a/freerdp-Fix-realloc-return-handling.patch +++ /dev/null @@ -1,174 +0,0 @@ -From 9fee4ae076b1ec97b97efb79ece08d1dab4df29a Mon Sep 17 00:00:00 2001 -From: Armin Novak -Date: Fri, 4 Oct 2019 14:49:30 +0200 -Subject: [PATCH] Fixed #5645: realloc return handling - ---- - client/X11/generate_argument_docbook.c | 33 +++++++++++++++++++++++++++------ - libfreerdp/codec/region.c | 17 ++++++++++++++--- - winpr/libwinpr/utils/lodepng/lodepng.c | 6 +++++- - 3 files changed, 46 insertions(+), 10 deletions(-) - -diff --git a/client/X11/generate_argument_docbook.c b/client/X11/generate_argument_docbook.c -index b700539e2..1a3ebf563 100644 ---- a/client/X11/generate_argument_docbook.c -+++ b/client/X11/generate_argument_docbook.c -@@ -9,6 +9,7 @@ - LPSTR tr_esc_str(LPCSTR arg, bool format) - { - LPSTR tmp = NULL; -+ LPSTR tmp2 = NULL; - size_t cs = 0, x, ds, len; - size_t s; - -@@ -25,7 +26,12 @@ LPSTR tr_esc_str(LPCSTR arg, bool format) - ds = s + 1; - - if (s) -- tmp = (LPSTR)realloc(tmp, ds * sizeof(CHAR)); -+ { -+ tmp2 = (LPSTR)realloc(tmp, ds * sizeof(CHAR)); -+ if (!tmp2) -+ free(tmp); -+ tmp = tmp2; -+ } - - if (NULL == tmp) - { -@@ -43,7 +49,10 @@ LPSTR tr_esc_str(LPCSTR arg, bool format) - case '<': - len = format ? 13 : 4; - ds += len - 1; -- tmp = (LPSTR)realloc(tmp, ds * sizeof(CHAR)); -+ tmp2 = (LPSTR)realloc(tmp, ds * sizeof(CHAR)); -+ if (!tmp2) -+ free(tmp); -+ tmp = tmp2; - - if (NULL == tmp) - { -@@ -64,7 +73,10 @@ LPSTR tr_esc_str(LPCSTR arg, bool format) - case '>': - len = format ? 14 : 4; - ds += len - 1; -- tmp = (LPSTR)realloc(tmp, ds * sizeof(CHAR)); -+ tmp2 = (LPSTR)realloc(tmp, ds * sizeof(CHAR)); -+ if (!tmp2) -+ free(tmp); -+ tmp = tmp2; - - if (NULL == tmp) - { -@@ -84,7 +96,10 @@ LPSTR tr_esc_str(LPCSTR arg, bool format) - - case '\'': - ds += 5; -- tmp = (LPSTR)realloc(tmp, ds * sizeof(CHAR)); -+ tmp2 = (LPSTR)realloc(tmp, ds * sizeof(CHAR)); -+ if (!tmp2) -+ free(tmp); -+ tmp = tmp2; - - if (NULL == tmp) - { -@@ -102,7 +117,10 @@ LPSTR tr_esc_str(LPCSTR arg, bool format) - - case '"': - ds += 5; -- tmp = (LPSTR)realloc(tmp, ds * sizeof(CHAR)); -+ tmp2 = (LPSTR)realloc(tmp, ds * sizeof(CHAR)); -+ if (!tmp2) -+ free(tmp); -+ tmp = tmp2; - - if (NULL == tmp) - { -@@ -120,7 +138,10 @@ LPSTR tr_esc_str(LPCSTR arg, bool format) - - case '&': - ds += 4; -- tmp = (LPSTR)realloc(tmp, ds * sizeof(CHAR)); -+ tmp2 = (LPSTR)realloc(tmp, ds * sizeof(CHAR)); -+ if (!tmp2) -+ free(tmp); -+ tmp = tmp2; - - if (NULL == tmp) - { -diff --git a/libfreerdp/codec/region.c b/libfreerdp/codec/region.c -index 2bc866538..c5d19c806 100644 ---- a/libfreerdp/codec/region.c -+++ b/libfreerdp/codec/region.c -@@ -467,8 +467,12 @@ static BOOL region16_simplify_bands(REGION16* region) - - if (finalNbRects != nbRects) - { -- int allocSize = sizeof(REGION16_DATA) + (finalNbRects * sizeof(RECTANGLE_16)); -- region->data = realloc(region->data, allocSize); -+ REGION16_DATA* data; -+ size_t allocSize = sizeof(REGION16_DATA) + (finalNbRects * sizeof(RECTANGLE_16)); -+ data = realloc(region->data, allocSize); -+ if (!data) -+ free(region->data); -+ region->data = data; - - if (!region->data) - { -@@ -485,10 +489,12 @@ static BOOL region16_simplify_bands(REGION16* region) - - BOOL region16_union_rect(REGION16* dst, const REGION16* src, const RECTANGLE_16* rect) - { -+ REGION16_DATA* data; - const RECTANGLE_16* srcExtents; - RECTANGLE_16* dstExtents; - const RECTANGLE_16* currentBand, *endSrcRect, *nextBand; - REGION16_DATA* newItems = NULL; -+ REGION16_DATA* tmpItems = NULL; - RECTANGLE_16* dstRect = NULL; - UINT32 usedRects, srcNbRects; - UINT16 topInterBand; -@@ -673,7 +679,11 @@ BOOL region16_union_rect(REGION16* dst, const REGION16* src, const RECTANGLE_16* - dstExtents->bottom = MAX(rect->bottom, srcExtents->bottom); - dstExtents->right = MAX(rect->right, srcExtents->right); - newItems->size = sizeof(REGION16_DATA) + (usedRects * sizeof(RECTANGLE_16)); -- dst->data = realloc(newItems, newItems->size); -+ tmpItems = realloc(newItems, newItems->size); -+ if (!tmpItems) -+ free(newItems); -+ newItems = tmpItems; -+ dst->data = newItems; - - if (!dst->data) - { -@@ -717,6 +727,7 @@ BOOL region16_intersects_rect(const REGION16* src, const RECTANGLE_16* arg2) - - BOOL region16_intersect_rect(REGION16* dst, const REGION16* src, const RECTANGLE_16* rect) - { -+ REGION16_DATA* data; - REGION16_DATA* newItems; - const RECTANGLE_16* srcPtr, *endPtr, *srcExtents; - RECTANGLE_16* dstPtr; -diff --git a/winpr/libwinpr/utils/lodepng/lodepng.c b/winpr/libwinpr/utils/lodepng/lodepng.c -index 741a953b8..b48c881a2 100644 ---- a/winpr/libwinpr/utils/lodepng/lodepng.c -+++ b/winpr/libwinpr/utils/lodepng/lodepng.c -@@ -841,11 +841,15 @@ unsigned lodepng_huffman_code_lengths(unsigned* lengths, const unsigned* frequen - static unsigned HuffmanTree_makeFromFrequencies(HuffmanTree* tree, const unsigned* frequencies, - size_t mincodes, size_t numcodes, unsigned maxbitlen) - { -+ unsigned* lengths; - unsigned error = 0; - while(!frequencies[numcodes - 1] && numcodes > mincodes) numcodes--; /*trim zeroes*/ - tree->maxbitlen = maxbitlen; - tree->numcodes = (unsigned)numcodes; /*number of symbols*/ -- tree->lengths = (unsigned*)realloc(tree->lengths, numcodes * sizeof(unsigned)); -+ lengths = (unsigned*)realloc(tree->lengths, numcodes * sizeof(unsigned)); -+ if (!lengths) -+ free(tree->lengths); -+ tree->lengths = lengths; - if(!tree->lengths) return 83; /*alloc fail*/ - /*initialize all lengths to 0*/ - memset(tree->lengths, 0, numcodes * sizeof(unsigned)); --- -2.16.4 - diff --git a/freerdp.changes b/freerdp.changes index f8903ad..e12902f 100644 --- a/freerdp.changes +++ b/freerdp.changes @@ -1,3 +1,62 @@ +------------------------------------------------------------------- +Mon Apr 13 05:23:54 UTC 2020 - Johannes Weberhofer + +- Added cairo support for scaling +- Cleaned up spec + +------------------------------------------------------------------- +Sun Apr 12 06:06:44 UTC 2020 - Johannes Weberhofer + +- Removed patch freerdp-Fix-realloc-return-handling.patch +- Added pkgconfig(libusb-1.0) for building +- Added new package for freerdp-proxy +- Cleaned up spec file + +- Updated to release 2.0.0 + + * Fixed CVEs: + - CVE-2020-11521 + - CVE-2020-11522 + - CVE-2020-11523 + - CVE-2020-11524 + - CVE-2020-11525 + - CVE-2020-11526 + + * Fixed security related issues: + - gh#FreeRDP/FreeRDP#6005 + - gh#FreeRDP/FreeRDP#6006 + - gh#FreeRDP/FreeRDP#6007 + - gh#FreeRDP/FreeRDP#6008 + - gh#FreeRDP/FreeRDP#6009 + - gh#FreeRDP/FreeRDP#6010 + - gh#FreeRDP/FreeRDP#6011 + - gh#FreeRDP/FreeRDP#6012 + - gh#FreeRDP/FreeRDP#6013 + + * sha256 is now used instead of sha1 to fingerprint certificates. This will + invalidate all hosts in FreeRDP known_hosts2 file and causes a prompt if a + new connection is established after the update + + * First version of the RDP proxy was added (gh#FreeRDP/FreeRDP#5372) + thanks to @kubistika + * Smartcard received some refactoring. Missing functions were added and input + validation was improved (gh#FreeRDP/FreeRDP#5884) + * A new option /cert that unifies all certificate related options (gh#FreeRDP/FreeRDP#5880) + The old options (cert-ignore, cert-deny, cert-name, cert-tofu) are still + available but marked as deprecated + * Support for Remote Assistance Protocol Version 2 [MS-RA] + * The DirectFB client was removed because it was unmaintained + * Unified initialization of OrderSupport + * Fix for licensing against Windows Server 2003 + * Font smoothing is now enabled per default + * Smart scaling for Wayland using libcairo was added (gh#FreeRDP/FreeRDP#5215) + * Unified update->BeginPaint and update->EndPaint + * An image scaling API for software drawing was added + * Rail was updated to the latest spec version 28.0 + * Support for H.264 in the shadow server is now detected at runtime + * Add mask= option for /gfx and /gfx-h264 (gh#FreeRDP/FreeRDP#5771) + * A new option /timeout was added to adjust the TCP ACK timeout (gh#FreeRDP/FreeRDP#5987) + ------------------------------------------------------------------- Fri Mar 20 07:09:25 UTC 2020 - Guillaume GARDET diff --git a/freerdp.spec b/freerdp.spec index d65a09b..74b0814 100644 --- a/freerdp.spec +++ b/freerdp.spec @@ -1,7 +1,7 @@ # # spec file for package freerdp # -# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2020 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -15,24 +15,28 @@ # Please submit bugfixes or comments via https://bugs.opensuse.org/ # -%ifarch aarch64 %arm -%define _lto_cflags %{nil} -%endif +# X264 and OPENH264 are disabled because openSUSE does not provide the codecs +# enable -DWITH_GSSAPI=ON again after #gh/FreeRDP/FreeRDP/4348 has been fixed +# +#global _with_ffmpeg 1 +#global _with_x264 1 +#global _with_openh264 1 +# %define major_version 2 %define uwac_version 0 %define uwac_package %{uwac_version}-%{uwac_version} -%define version_file 2.0.0-rc4 +%ifarch aarch64 %{arm} +%define _lto_cflags %{nil} +%endif Name: freerdp -Version: 2.0.0~rc4 +Version: 2.0.0 Release: 0 Summary: Remote Desktop Viewer Client License: Apache-2.0 Group: Productivity/Networking/Other -Url: http://www.freerdp.com/ -Source0: https://github.com/FreeRDP/FreeRDP/archive/%{version_file}.tar.gz#/FreeRDP-%{version_file}.tar.gz -# PATCH-FIX-UPSTREAM freerdp-Fix-realloc-return-handling.patch boo#1153163 boo#1153164 gh#FreeRDP/FreeRDP#5645 - fezhang@suse.com -- Fix realloc return handling that results in memory leaks -Patch1: freerdp-Fix-realloc-return-handling.patch +URL: https://www.freerdp.com/ +Source0: https://github.com/FreeRDP/FreeRDP/archive/%{version}.tar.gz#/FreeRDP-%{version}.tar.gz BuildRequires: chrpath BuildRequires: cmake >= 2.8 BuildRequires: cups-devel @@ -46,6 +50,7 @@ BuildRequires: pkgconfig BuildRequires: xmlto BuildRequires: zlib-devel BuildRequires: pkgconfig(alsa) +BuildRequires: pkgconfig(cairo) BuildRequires: pkgconfig(gstreamer-1.0) BuildRequires: pkgconfig(gstreamer-plugins-base-1.0) BuildRequires: pkgconfig(icu-i18n) @@ -53,6 +58,7 @@ BuildRequires: pkgconfig(krb5) BuildRequires: pkgconfig(libpcsclite) BuildRequires: pkgconfig(libpulse) BuildRequires: pkgconfig(libsystemd) +BuildRequires: pkgconfig(libusb-1.0) BuildRequires: pkgconfig(openssl) BuildRequires: pkgconfig(wayland-client) BuildRequires: pkgconfig(wayland-scanner) @@ -93,6 +99,15 @@ This package contains a server-side implementation which can export a desktop via the Remote Desktop Protocol (RDP) following the Microsoft Open Specifications. +%package proxy +Summary: Remote Desktop Security and Monitorig Proxy Server +Group: Productivity/Networking/Other + +%description proxy +This package contains a proxy that allows to select specific features and +channels allowed for all connections passing through. +It allows monitoring of the running sessions. + %package -n lib%{name}%{major_version} Summary: Remote Desktop Viewer client library Group: System/Libraries @@ -155,9 +170,7 @@ This package contains header files for developing applications that use the uwac library. %prep -%setup -q -n FreeRDP-%{version_file} - -%patch1 -p1 +%setup -q -n FreeRDP-%{version} %build if [ -z "$SOURCE_DATE_EPOCH" ]; then @@ -166,14 +179,13 @@ fi export LDFLAGS="-pie" export CFLAGS="%{optflags} -fPIE -pie" -# X264 and OPENH264 are disabled because openSUSE does not provide the codecs -# enable -DWITH_GSSAPI=ON again after #gh/FreeRDP/FreeRDP/4348 has been fixed %cmake \ -DCMAKE_INSTALL_PREFIX=%{_prefix} \ -DCMAKE_INSTALL_LIBDIR=%{_lib} \ -DCMAKE_SKIP_RPATH=ON \ -DWITH_ALSA=ON \ -DWITH_PCSC=ON \ + -DWITH_CAIRO=ON \ -DWITH_CUPS=ON \ -DWITH_PULSE=ON \ %ifarch %{ix86} x86_64 @@ -186,16 +198,20 @@ export CFLAGS="%{optflags} -fPIE -pie" -DCHANNEL_GEOMETRY=ON \ -DWITH_CHANNELS=ON \ -DWITH_DIRECTFB=OFF \ - -DWITH_FFMPEG=OFF \ + -DWITH_FFMPEG=%{?_with_ffmpeg:ON}%{?!_with_ffmpeg:OFF} \ -DWITH_GSM=ON \ + -DWITH_GSSAPI=%{?_with_gss:ON}%{?!_with_gss:OFF} \ + -DWITH_GSTREAMER_0_10=OFF \ -DWITH_GSTREAMER_1_0=ON \ -DWITH_ICU=ON \ -DWITH_IPP=OFF \ -DWITH_JPEG=ON \ -DWITH_KRB5=ON \ -DWITH_LIBRARY_VERSIONING=ON \ + -DWITH_OPENH264=%{?_with_openh264:ON}%{?!_with_openh264:OFF} \ -DWITH_OPENSSL=ON \ -DWITH_X11=ON \ + -DWITH_X264=%{?_with_x264:ON}%{?!_with_x264:OFF} \ -DWITH_XCURSOR=ON \ -DWITH_XEXT=ON \ -DWITH_XKBFILE=ON \ @@ -205,7 +221,7 @@ export CFLAGS="%{optflags} -fPIE -pie" -DWITH_XV=ON \ -DWITH_ZLIB=ON -make %{?_smp_mflags} +%make_build %install cd build @@ -221,23 +237,26 @@ cd build %files %{_bindir}/x%{name} -%{_mandir}/man1/x%{name}.1%{ext_man} -%{_mandir}/man7/wlog.7%{ext_man} +%{_mandir}/man1/x%{name}.1%{?ext_man} +%{_mandir}/man7/wlog.7%{?ext_man} %files wayland %{_bindir}/wl%{name} -%{_mandir}/man1/wl%{name}.1%{ext_man} +%{_mandir}/man1/wl%{name}.1%{?ext_man} %files server %{_bindir}/%{name}-shadow-cli %{_bindir}/winpr-hash %{_bindir}/winpr-makecert -%{_mandir}/man1/%{name}-shadow-cli.1%{ext_man} -%{_mandir}/man1/winpr-hash.1%{ext_man} -%{_mandir}/man1/winpr-makecert.1%{ext_man} +%{_mandir}/man1/%{name}-shadow-cli.1%{?ext_man} +%{_mandir}/man1/winpr-hash.1%{?ext_man} +%{_mandir}/man1/winpr-makecert.1%{?ext_man} + +%files proxy +%{_bindir}/%{name}-proxy %files -n lib%{name}%{major_version} -%doc LICENSE +%license LICENSE %{_libdir}/lib%{name}%{major_version}.so.* %{_libdir}/lib%{name}-client%{major_version}.so.* %{_libdir}/lib%{name}-shadow%{major_version}.so.* @@ -257,7 +276,7 @@ cd build %{_libdir}/pkgconfig/%{name}-shadow%{major_version}.pc %files -n libwinpr%{major_version} -%doc LICENSE +%license LICENSE %{_libdir}/libwinpr%{major_version}.so.* %{_libdir}/libwinpr-tools%{major_version}.so.* @@ -270,7 +289,7 @@ cd build %{_libdir}/pkgconfig/winpr-tools%{major_version}.pc %files -n libuwac%{uwac_package} -%doc LICENSE +%license LICENSE %{_libdir}/libuwac%{uwac_version}.so.* %files -n uwac%{uwac_package}-devel