diff --git a/.freerdp.metadata b/.freerdp.metadata index e0aa7bd..304b0ea 100644 --- a/.freerdp.metadata +++ b/.freerdp.metadata @@ -1 +1 @@ -bd50ce9d8807499e14884a3019e9f42b40f3480b SOURCES/FreeRDP-2.0.0-rc4.tar.gz +74013042a9d8bdbfd58f0a887f197702183c0df9 SOURCES/FreeRDP-2.1.1.tar.gz diff --git a/.gitignore b/.gitignore index 7aad2fe..6e0a6ee 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1 @@ -SOURCES/FreeRDP-2.0.0-rc4.tar.gz +SOURCES/FreeRDP-2.1.1.tar.gz diff --git a/SOURCES/Fix-CVE-2020-11523-clamp-invalid-rectangles-to-size-.patch b/SOURCES/Fix-CVE-2020-11523-clamp-invalid-rectangles-to-size-.patch deleted file mode 100644 index af2b802..0000000 --- a/SOURCES/Fix-CVE-2020-11523-clamp-invalid-rectangles-to-size-.patch +++ /dev/null @@ -1,69 +0,0 @@ -From bda8e5ebfb772c0de3832d77b49749538c61eb14 Mon Sep 17 00:00:00 2001 -From: akallabeth -Date: Mon, 30 Mar 2020 17:32:04 +0200 -Subject: [PATCH] Fix CVE-2020-11523: clamp invalid rectangles to size 0 - -Thanks to Sunglin and HuanGMz from Knownsec 404 ---- - libfreerdp/gdi/region.c | 36 ++++++++++++++++++++++++++++++++++-- - 1 file changed, 34 insertions(+), 2 deletions(-) - -diff --git a/libfreerdp/gdi/region.c b/libfreerdp/gdi/region.c -index d3b28b562..1ffbf79bf 100644 ---- a/libfreerdp/gdi/region.c -+++ b/libfreerdp/gdi/region.c -@@ -37,6 +37,19 @@ - - #define TAG FREERDP_TAG("gdi.region") - -+static char* gdi_rect_str(char* buffer, size_t size, const HGDI_RECT rect) -+{ -+ if (!buffer || (size < 1) || !rect) -+ return NULL; -+ -+ _snprintf(buffer, size - 1, -+ "[top/left=%" PRId32 "x%" PRId32 "-bottom/right%" PRId32 "x%" PRId32 "]", rect->top, -+ rect->left, rect->bottom, rect->right); -+ buffer[size - 1] = '\0'; -+ -+ return buffer; -+} -+ - /** - * Create a region from rectangular coordinates.\n - * @msdn{dd183514} -@@ -134,10 +147,29 @@ INLINE void gdi_RectToCRgn(const HGDI_RECT rect, - INT32* x, INT32* y, - INT32* w, INT32* h) - { -+ INT64 tmp; - *x = rect->left; - *y = rect->top; -- *w = rect->right - rect->left + 1; -- *h = rect->bottom - rect->top + 1; -+ tmp = rect->right - rect->left + 1; -+ if ((tmp < 0) || (tmp > INT32_MAX)) -+ { -+ char buffer[256]; -+ WLog_ERR(TAG, "[%s] rectangle invalid %s", __FUNCTION__, -+ gdi_rect_str(buffer, sizeof(buffer), rect)); -+ *w = 0; -+ } -+ else -+ *w = tmp; -+ tmp = rect->bottom - rect->top + 1; -+ if ((tmp < 0) || (tmp > INT32_MAX)) -+ { -+ char buffer[256]; -+ WLog_ERR(TAG, "[%s] rectangle invalid %s", __FUNCTION__, -+ gdi_rect_str(buffer, sizeof(buffer), rect)); -+ *h = 0; -+ } -+ else -+ *h = tmp; - } - - /** --- -2.26.2 - diff --git a/SOURCES/Fix-CVE-2020-11524-out-of-bounds-access-in-interleav.patch b/SOURCES/Fix-CVE-2020-11524-out-of-bounds-access-in-interleav.patch deleted file mode 100644 index c117ff1..0000000 --- a/SOURCES/Fix-CVE-2020-11524-out-of-bounds-access-in-interleav.patch +++ /dev/null @@ -1,42 +0,0 @@ -From b62b942e805cdfdfd1e71ec752c08091d4c3229f Mon Sep 17 00:00:00 2001 -From: akallabeth -Date: Mon, 30 Mar 2020 18:05:17 +0200 -Subject: [PATCH] Fix CVE-2020-11524: out of bounds access in interleaved - -Thanks to Sunglin and HuanGMz from Knownsec 404 ---- - libfreerdp/codec/include/bitmap.c | 4 ++++ - libfreerdp/codec/interleaved.c | 2 +- - 2 files changed, 5 insertions(+), 1 deletion(-) - -diff --git a/libfreerdp/codec/include/bitmap.c b/libfreerdp/codec/include/bitmap.c -index 602d1b333..734ed136d 100644 ---- a/libfreerdp/codec/include/bitmap.c -+++ b/libfreerdp/codec/include/bitmap.c -@@ -338,6 +338,10 @@ static INLINE BOOL RLEDECOMPRESS(const BYTE* pbSrcBuffer, UINT32 cbSrcBuffer, - case MEGA_MEGA_COLOR_IMAGE: - runLength = ExtractRunLength(code, pbSrc, &advance); - pbSrc = pbSrc + advance; -+ -+ if (!ENSURE_CAPACITY(pbDest, pbDestEnd, runLength)) -+ return FALSE; -+ - UNROLL(runLength, - { - SRCREADPIXEL(temp, pbSrc); -diff --git a/libfreerdp/codec/interleaved.c b/libfreerdp/codec/interleaved.c -index a3fe7dd3f..0d36e9b9f 100644 ---- a/libfreerdp/codec/interleaved.c -+++ b/libfreerdp/codec/interleaved.c -@@ -215,7 +215,7 @@ static INLINE BOOL ensure_capacity(const BYTE* start, const BYTE* end, size_t si - { - const size_t available = (uintptr_t)end - (uintptr_t)start; - const BOOL rc = available >= size * base; -- return rc; -+ return rc && (start <= end); - } - - static INLINE void write_pixel_8(BYTE* _buf, BYTE _pix) --- -2.26.2 - diff --git a/SOURCES/Fixed-CVE-2020-11521-Out-of-bounds-write-in-planar-c.patch b/SOURCES/Fixed-CVE-2020-11521-Out-of-bounds-write-in-planar-c.patch deleted file mode 100644 index 46bc238..0000000 --- a/SOURCES/Fixed-CVE-2020-11521-Out-of-bounds-write-in-planar-c.patch +++ /dev/null @@ -1,92 +0,0 @@ -From d9f3c98918912de94af033fbab9578188ad46cf7 Mon Sep 17 00:00:00 2001 -From: akallabeth -Date: Mon, 30 Mar 2020 18:18:12 +0200 -Subject: [PATCH] Fixed CVE-2020-11521: Out of bounds write in planar codec. - -Thanks to Sunglin and HuanGMz from Knownsec 404 ---- - libfreerdp/codec/planar.c | 15 ++++++++------- - libfreerdp/core/orders.c | 6 ++++++ - 2 files changed, 14 insertions(+), 7 deletions(-) - -diff --git a/libfreerdp/codec/planar.c b/libfreerdp/codec/planar.c -index 98f2495e2..34c48d786 100644 ---- a/libfreerdp/codec/planar.c -+++ b/libfreerdp/codec/planar.c -@@ -42,10 +42,9 @@ static INLINE BYTE* freerdp_bitmap_planar_delta_encode_plane( - static INLINE INT32 planar_skip_plane_rle(const BYTE* pSrcData, UINT32 SrcSize, - UINT32 nWidth, UINT32 nHeight) - { -+ UINT32 used = 0; - UINT32 x, y; - BYTE controlByte; -- const BYTE* pRLE = pSrcData; -- const BYTE* pEnd = &pSrcData[SrcSize]; - - for (y = 0; y < nHeight; y++) - { -@@ -54,10 +53,10 @@ static INLINE INT32 planar_skip_plane_rle(const BYTE* pSrcData, UINT32 SrcSize, - int cRawBytes; - int nRunLength; - -- if (pRLE >= pEnd) -+ if (used >= SrcSize) - return -1; - -- controlByte = *pRLE++; -+ controlByte = pSrcData[used++]; - nRunLength = PLANAR_CONTROL_BYTE_RUN_LENGTH(controlByte); - cRawBytes = PLANAR_CONTROL_BYTE_RAW_BYTES(controlByte); - -@@ -72,19 +71,21 @@ static INLINE INT32 planar_skip_plane_rle(const BYTE* pSrcData, UINT32 SrcSize, - cRawBytes = 0; - } - -- pRLE += cRawBytes; -+ used += cRawBytes; - x += cRawBytes; - x += nRunLength; - - if (x > nWidth) - return -1; - -- if (pRLE > pEnd) -+ if (used > SrcSize) - return -1; - } - } - -- return (INT32)(pRLE - pSrcData); -+ if (used > INT32_MAX) -+ return -1; -+ return (INT32)used; - } - - static INLINE INT32 planar_decompress_plane_rle(const BYTE* pSrcData, UINT32 SrcSize, -diff --git a/libfreerdp/core/orders.c b/libfreerdp/core/orders.c -index 9f3489f17..e44f0dead 100644 ---- a/libfreerdp/core/orders.c -+++ b/libfreerdp/core/orders.c -@@ -1961,6 +1961,9 @@ static CACHE_BITMAP_ORDER* update_read_cache_bitmap_order(rdpUpdate* update, wSt - } - } - -+ if (cache_bitmap->bitmapLength == 0) -+ goto fail; -+ - if (Stream_GetRemainingLength(s) < cache_bitmap->bitmapLength) - goto fail; - -@@ -2095,6 +2098,9 @@ static CACHE_BITMAP_V2_ORDER* update_read_cache_bitmap_v2_order(rdpUpdate* updat - } - } - -+ if (cache_bitmap_v2->bitmapLength == 0) -+ goto fail; -+ - if (Stream_GetRemainingLength(s) < cache_bitmap_v2->bitmapLength) - goto fail; - --- -2.26.2 - diff --git a/SOURCES/winpr-library-Use-RTLD_GLOBAL-for-dlopen.patch b/SOURCES/winpr-library-Use-RTLD_GLOBAL-for-dlopen.patch new file mode 100644 index 0000000..1f3878b --- /dev/null +++ b/SOURCES/winpr-library-Use-RTLD_GLOBAL-for-dlopen.patch @@ -0,0 +1,32 @@ +From d8cd671cc68d503757e32eb80f7a4dee44e47754 Mon Sep 17 00:00:00 2001 +From: Ondrej Holy +Date: Wed, 27 May 2020 08:43:00 +0200 +Subject: [PATCH] winpr/library: Use RTLD_GLOBAL for dlopen + +LoadLibraryA implementation uses the RTLD_LOCAL flag for dlopen currently. +This flag doesn't allow the symbols to be used by the subsequently loaded +libraries. This is a problem for the video channel when -DBUILTIN_CHANNELS=OFF +is used as it uses functions from the geometry channel. Let's use RTLD_GLOBAL +instead to prevent "undefined symbol" errors in such cases. + +Fixes: https://github.com/FreeRDP/FreeRDP/issues/6236 +--- + winpr/libwinpr/library/library.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/winpr/libwinpr/library/library.c b/winpr/libwinpr/library/library.c +index f44a96d27..8d33227b2 100644 +--- a/winpr/libwinpr/library/library.c ++++ b/winpr/libwinpr/library/library.c +@@ -125,7 +125,7 @@ HMODULE LoadLibraryA(LPCSTR lpLibFileName) + return hModule; + #else + HMODULE library; +- library = dlopen(lpLibFileName, RTLD_LOCAL | RTLD_LAZY); ++ library = dlopen(lpLibFileName, RTLD_GLOBAL | RTLD_LAZY); + + if (!library) + { +-- +2.26.2 + diff --git a/SPECS/freerdp.spec b/SPECS/freerdp.spec index 304d3a3..6f67d18 100644 --- a/SPECS/freerdp.spec +++ b/SPECS/freerdp.spec @@ -1,5 +1,3 @@ -%global gittag 2.0.0-rc4 - # Can be rebuilt with FFmpeg/H264 support enabled by passing "--with=ffmpeg", # "--with=x264" or "--with=openh264" to mock/rpmbuild; or by globally setting # these variables: @@ -16,19 +14,23 @@ # https://bugzilla.redhat.com/show_bug.cgi?id=1639165 %{!?rhel:%global _with_server 1} +# Disable support for missing codecs in RHEL +%{!?rhel:%global _with_soxr 1} +%if 0%{?fedora} || 0%{?rhel} >= 8 +%global _with_lame 1 +%endif + Name: freerdp -Version: 2.0.0 -Release: 46.rc4%{?dist}.1 +Version: 2.1.1 +Release: 1%{?dist} Epoch: 2 Summary: Free implementation of the Remote Desktop Protocol (RDP) License: ASL 2.0 URL: http://www.freerdp.com/ -Source0: https://github.com/FreeRDP/FreeRDP/archive/%{gittag}/FreeRDP-%{gittag}.tar.gz +Source0: https://github.com/FreeRDP/FreeRDP/archive/%{version}/FreeRDP-%{version}.tar.gz -Patch1: Fixed-CVE-2020-11521-Out-of-bounds-write-in-planar-c.patch -Patch2: Fix-CVE-2020-11523-clamp-invalid-rectangles-to-size-.patch -Patch3: Fix-CVE-2020-11524-out-of-bounds-access-in-interleav.patch +Patch1: winpr-library-Use-RTLD_GLOBAL-for-dlopen.patch BuildRequires: gcc BuildRequires: gcc-c++ @@ -36,6 +38,8 @@ BuildRequires: alsa-lib-devel BuildRequires: cmake >= 2.8 BuildRequires: cups-devel BuildRequires: gsm-devel +%{?_with_lame:BuildRequires: lame-devel} +BuildRequires: libicu-devel BuildRequires: libjpeg-turbo-devel BuildRequires: libX11-devel BuildRequires: libXcursor-devel @@ -54,6 +58,7 @@ BuildRequires: xmlto BuildRequires: zlib-devel BuildRequires: multilib-rpm-config +BuildRequires: pkgconfig(cairo) BuildRequires: pkgconfig(dbus-1) BuildRequires: pkgconfig(dbus-glib-1) BuildRequires: pkgconfig(glib-2.0) @@ -68,7 +73,9 @@ BuildRequires: pkgconfig(gstreamer-video-1.0) BuildRequires: pkgconfig(libpcsclite) BuildRequires: pkgconfig(libpulse) BuildRequires: pkgconfig(libsystemd) +BuildRequires: pkgconfig(libusb-1.0) BuildRequires: pkgconfig(openssl) +%{?_with_soxr:BuildRequires: pkgconfig(soxr)} BuildRequires: pkgconfig(wayland-client) BuildRequires: pkgconfig(wayland-scanner) BuildRequires: pkgconfig(xkbcommon) @@ -78,7 +85,7 @@ BuildRequires: pkgconfig(libavcodec) >= 57.48.101 BuildRequires: pkgconfig(libavutil) } -Provides: xfreerdp = %{version}-%{release} +Provides: xfreerdp = %{?epoch}:%{version}-%{release} Requires: %{name}-libs%{?_isa} = %{?epoch}:%{version}-%{release} Requires: libwinpr%{?_isa} = %{?epoch}:%{version}-%{release} @@ -126,7 +133,7 @@ the RDP protocol. %package -n libwinpr Summary: Windows Portable Runtime Provides: %{name}-libwinpr = %{?epoch}:%{version}-%{release} -Obsoletes: %{name}-libwinpr < %{?epoch}:%{version}-%{release} +Obsoletes: %{name}-libwinpr < 1:1.2.0 %description -n libwinpr WinPR provides API compatibility for applications targeting non-Windows @@ -144,7 +151,7 @@ The %{name}-libwinpr-devel package contains libraries and header files for developing applications that use %{name}-libwinpr. %prep -%autosetup -p1 -n FreeRDP-%{gittag} +%autosetup -p1 -n FreeRDP-%{version} # Rpmlint fixes find . -name "*.h" -exec chmod 664 {} \; @@ -163,8 +170,10 @@ find . -name "*.c" -exec chmod 664 {} \; -DWITH_GSSAPI=%{?_with_gss:ON}%{?!_with_gss:OFF} \ -DWITH_GSTREAMER_1_0=ON -DWITH_GSTREAMER_0_10=OFF \ -DGSTREAMER_1_0_INCLUDE_DIRS=%{_includedir}/gstreamer-1.0 \ + -DWITH_ICU=ON \ -DWITH_IPP=OFF \ -DWITH_JPEG=ON \ + -DWITH_LAME=%{?_with_lame:ON}%{?!_with_lame:OFF} \ -DWITH_MANPAGES=ON \ -DWITH_OPENH264=%{?_with_openh264:ON}%{?!_with_openh264:OFF} \ -DWITH_OPENSSL=ON \ @@ -174,6 +183,7 @@ find . -name "*.c" -exec chmod 664 {} \; -DWITH_SERVER_INTERFACE=%{?_with_server:ON}%{?!_with_server:OFF} \ -DWITH_SHADOW_X11=%{?_with_server:ON}%{?!_with_server:OFF} \ -DWITH_SHADOW_MAC=%{?_with_server:ON}%{?!_with_server:OFF} \ + -DWITH_SOXR=%{?_with_soxr:ON}%{?!_with_soxr:OFF} \ -DWITH_WAYLAND=ON \ -DWITH_X11=ON \ -DWITH_X264=%{?_with_x264:ON}%{?!_with_x264:OFF} \ @@ -188,6 +198,7 @@ find . -name "*.c" -exec chmod 664 {} \; -DWITH_ZLIB=ON \ %ifarch x86_64 -DWITH_SSE2=ON \ + -DWITH_VAAPI=%{?_with_ffmpeg:ON}%{?!_with_ffmpeg:OFF} \ %else -DWITH_SSE2=OFF \ %endif @@ -205,10 +216,10 @@ find . -name "*.c" -exec chmod 664 {} \; %endif . -make %{?_smp_mflags} +%make_build pushd winpr/tools/makecert-cli -make %{?_smp_mflags} +%make_build popd %install @@ -219,27 +230,19 @@ find %{buildroot} -name "*.a" -delete %multilib_fix_c_header --file %{_includedir}/freerdp2/freerdp/build-config.h -%post libs -p /sbin/ldconfig - -%postun libs -p /sbin/ldconfig - -%post -n libwinpr -p /sbin/ldconfig - -%postun -n libwinpr -p /sbin/ldconfig - %files %{_bindir}/winpr-hash %{_bindir}/winpr-makecert %{_bindir}/wlfreerdp %{_bindir}/xfreerdp -%{_mandir}/man1/winpr-hash.1.* -%{_mandir}/man1/winpr-makecert.1.* -%{_mandir}/man1/wlfreerdp.1.* -%{_mandir}/man1/xfreerdp.1.* +%{_mandir}/man1/winpr-hash.1* +%{_mandir}/man1/winpr-makecert.1* +%{_mandir}/man1/wlfreerdp.1* +%{_mandir}/man1/xfreerdp.1* %files libs %license LICENSE -%doc README ChangeLog +%doc README.md ChangeLog %{_libdir}/freerdp2/ %{_libdir}/libfreerdp-client2.so.* %{?_with_server: @@ -279,14 +282,14 @@ find %{buildroot} -name "*.a" -delete %{?_with_server: %files server +%{_bindir}/freerdp-proxy %{_bindir}/freerdp-shadow-cli -%{_mandir}/man1/freerdp-shadow-cli.1.* +%{_mandir}/man1/freerdp-shadow-cli.1* } %files -n libwinpr -%{!?_licensedir:%global license %%doc} %license LICENSE -%doc README ChangeLog +%doc README.md ChangeLog %{_libdir}/libwinpr2.so.* %{_libdir}/libwinpr-tools2.so.* @@ -299,10 +302,12 @@ find %{buildroot} -name "*.a" -delete %{_libdir}/pkgconfig/winpr-tools2.pc %changelog -* Wed May 20 2020 Ondrej Holy - 2:2.0.0-46.rc4.1 -- CVE-2020-11521: Fix out-of-bounds write in planar.c (#1837632) -- CVE-2020-11523: Fix integer overflow in region.c (#1837633) -- CVE-2020-11524: Fix out-of-bounds write in interleaved.c (#1837631) +* Mon May 25 2020 Ondrej Holy - 2:2.1.1-1 +- Update to 2.1.1 (rhbz#1834287). + +* Fri Apr 17 2020 Ondrej Holy - 2:2.0.0-47.rc4 +- Fix SCARD_INSUFFICIENT_BUFFER error (rhbz#1803054) +- Do not advertise /usb in help output (rhbz#1761144) * Wed Nov 28 2018 Ondrej Holy - 2:2.0.0-46.rc4 - Update to 2.0.0-rc4 (#1624340)