freerdp2 (2.10.0+dfsg1-1) unstable; urgency=medium * New upstream release. - Fix android build scripts, use CMake from SDK. - Fix connection negotiation with mstsc/msrdc. - [ntlm]: use rfc5929 binding hash algorithm. - [channels,printer] Fixed reference counting. - Fix uwac pixman. - Fix Rdp security. - [client,x11] Detect key autorepeat. - [build] add channel path to RPATH. - Fix build with BUILTIN_CHANNELS=OFF. - revert changes so that the osmajortype/osminortype is not overwritten. - [uwac] do not use iso C functions. - [winpr,sam] fix inalid NULL arguments. - Fix incompatible function pointer types. - Ignore data PDUs for DVCs that were not opened successfully. - [channel,urbdrc] fix type of usb hotplug callback. - Extended info enforce limits. - [core] add missing redirection fields. * debian/control: + Bump Standards-Version: to 4.6.2. No changes needed. * debian/copyright: + Update copyright attributions. + Update auto-generated copyright.in file. * debian/libfreerdp2-2.symbols: + Update symbols. -- Mike Gabriel <sunweaver@debian.org> Sun, 26 Feb 2023 21:59:16 +0100 freerdp2 (2.9.0+dfsg1-1) unstable; urgency=medium * New upstream release. (Closes: #1024511). - CVE-2022-39316: Resolve out of bound read in ZGFX decoder component. - CVE-2022-39317: Resolve missing a range check for input offset index in ZGFX decoder. - CVE-2022-39318: Resolve missing input validation in `urbdrc` channel. - CVE-2022-39319: Resolve missing input length validation in the `urbdrc` channel - CVE-2022-39320: Resolve attempting integer addition on too narrow types leading to allocation of a buffer too small holding the data written. - CVE-2022-39347: Resolve missing path canonicalization and base path check for `drive` channel. - CVE-2022-41877: Resolv missing input length validation in `drive` channel. - Test if packages' executables can be run without 'undefined symbol: winpr_PathMakePath' error. (Closes: #1024758). * debian/copyright: + Update auto-generated copyright.in file. + Update copyright attributions. * debian/*.symbols: + Update .symbols files. -- Mike Gabriel <sunweaver@debian.org> Mon, 28 Nov 2022 09:51:57 +0100 freerdp2 (2.8.1+dfsg1-1) unstable; urgency=medium * New upstream release. (Closes: #1021659). - Fixes CVE-2022-39282, CVE-2022-39283. * debian/patches: + Drop 1001_amend-DumpThreadHandles-inclusion.patch. Resolved upstream. -- Mike Gabriel <sunweaver@debian.org> Wed, 12 Oct 2022 23:26:31 +0200 freerdp2 (2.8.0+dfsg1-1) unstable; urgency=medium * New upstream version. (Closes: #1016491). * debian/control: + Bump Standards-Version: to 4.6.1. No changes needed. * debian/copyright: + Update auto-generated copyright.in file. + Update copyright attributions. * debian/patches: + Drop 1001_keep-symbol-DumpThreadHandles-if-debugging-is-disabled.patch. Similar solution applied upstream, but only partially, it seems. + Add 1001_amend-DumpThreadHandles-inclusion.patch. Amend missing adjustment in thread.h. * debian/*.symbols: + Update .symbols files for 2.8.0. -- Mike Gabriel <sunweaver@debian.org> Tue, 16 Aug 2022 23:19:34 +0200 freerdp2 (2.7.0+dfsg1-1) unstable; urgency=medium * New upstream release. * debian/copyright: + Update auto-generated copyright.in file. + Update copyright attributions. * debian/*.symbols: + Update .symbols for 2.7.0. -- Mike Gabriel <sunweaver@debian.org> Wed, 27 Apr 2022 16:49:43 +0200 freerdp2 (2.6.1+dfsg1-3) unstable; urgency=medium * debian/patches: + Add 1001_keep-symbol-DumpThreadHandles-if-debugging-is-disabled.patch. Keep DumpThreadHandles as a symbol even if WITH_DEBUG_THREADS is OFF. * Revert "debian/libwinpr2-2.symbols: Update symbols." -- Mike Gabriel <sunweaver@debian.org> Tue, 08 Mar 2022 08:25:13 +0100 freerdp2 (2.6.1+dfsg1-2) unstable; urgency=medium [ Bernhard Miklautz ] * debian/rules: + Disable additional debug logging. (Closes: #1006683). + Use ffmpeg for audio decoding if available to support additional audio formats. * debian/control: + Drop unused gstreamer dependencies libgstreamer1.0-dev and libgstreamer-plugins-base1.0-dev. * debian/libwinpr2-2.symbols: + Update symbols. -- Mike Gabriel <sunweaver@debian.org> Tue, 08 Mar 2022 08:02:25 +0100 freerdp2 (2.6.1+dfsg1-1) unstable; urgency=medium * New upstream release. * debian/patches: + Drop 2001-fake-git-revision.patch. Not required anymore. * debian/copyright: + Update copyright attributions. + Update auto-generated copyright.in file. -- Mike Gabriel <sunweaver@debian.org> Tue, 08 Mar 2022 07:36:20 +0100 freerdp2 (2.6.0+dfsg1-1) unstable; urgency=medium * New upstream release. * debian/copyright: + Update list of files in Files-Excluded: field. + Update copyright attributions. + Update auto-generated copyright.in file. * debian/libfreerdp-server2-2.symbols: + Update symbols. -- Mike Gabriel <sunweaver@debian.org> Sat, 26 Feb 2022 21:46:12 +0100 freerdp2 (2.5.0+dfsg1-1) unstable; urgency=medium * New upstream release. - Support OpenSSL 3.0. (Closes: #996286). * debian/patches: + Mark 2001-fake-git-revision.patch as non-forwardable. * debian/copyright: + Update auto-generated copyright.in file. + Update copyright attributions. -- Mike Gabriel <sunweaver@debian.org> Mon, 14 Feb 2022 08:14:09 +0100 freerdp2 (2.4.1+dfsg1-1) unstable; urgency=medium * New upstream release. (Closes: #999727). - CVE-2021-41160: Fix improper region checks in all clients that allowed out of bound write to memory. (Closes: #1001062). - CVE-2021-41159: Fix improper client input validation for gateway connections that allowed one to overwrite memory. (Closes: #1001061). * debian/patches/: + Drop all patches pulled in from upstream recently. All part of 2.4.0. * debian/copyright: + Update auto-generated copyright.in template/reference file. * debian/control: + Bump Standards-Version: to 4.6.0. No changes needed. * debian/libwinpr2-2.symbols: + Update symbols. * debian/copyright: + Update copyright attributions. + Update auto-generated copyright.in reference file. -- Mike Gabriel <sunweaver@debian.org> Thu, 09 Dec 2021 23:16:59 +0100 freerdp2 (2.3.0+dfsg1-2) unstable; urgency=medium * debian/watch: + Fix Github watch URL. * debian/patches: + Backport changes from 2.3.2 (bound checks, API compat fixes, Smartcard issues fixes, etc.). - 0001-Added-compatibility-define.patch - 0003-Reverted-connectErrorCode-removal.patch - 0004-Fixed-a-leak-on-mouse-cursor-updates.patch - 0007-Fixed-format-string-in-smartcard_trace_state_return.patch - 0008-Fixed-linking-dependencies-for-client-geometry-chann.patch - 0010-Fixed-smartcard_convert_string_list-with-0-length.patch - 0012-Parse-on-a-copy-of-the-argument-string-for-printer.patch - 0015-Fix-xf_Pointer_SetPosition-with-smart-sizing.patch - 0017-Backported-6865-Disable-websockets-command-line-opti.patch - 0019-Check-smartcard_convert_string_list-for-NULL-string.patch - 0020-Use-specific-names-for-drive-hotplug-special-values.patch - 0021-Filter-RDPDR-types-other-than-drives-on-windows-hotp.patch - 0023-use-tlsOut-BIO-when-using-websocket-in-rdg_bio_ctrl.patch - 0024-Added-bounds-checks-to-gfx-commands.patch - 0025-Added-bounds-check-in-rdpgfx_recv_wire_to_surface_1_.patch - 0026-Added-fuzzying-test-for-planar-decoder.patch - 0027-Added-missing-bounds-check.patch - 0028-Fixed-mac-issues-with-smartcard-context-cleanup-6890.patch - 0031-Fix-monitor-list.patch - 0032-Fixed-CodeQL-warnings.patch - 0033-Reverted-winpr_BinToHexString-argument-change.patch * debian/patches: + Add 0034-Fixed-6938-Remote-app-mode-clipboard-fix.patch. In remote app mode the _FREERDP_TIMESTAMP_PROPERTY does not work. Therefore ignore it. + Add 0035-Fixed-6989-Use-X509_STORE_set_default_paths.patch. Fix Windows 10 logon when using an internal trusted root CA. -- Mike Gabriel <sunweaver@debian.org> Sun, 16 May 2021 23:42:19 +0200 freerdp2 (2.3.0+dfsg1-1) unstable; urgency=medium [ Fabio Fantoni ] * debian/control: + Add missed binary version deps to avoid issue in some cases like upgrade to -backports. (Closes: #964147) [ Mike Gabriel ] * New upstream release. (Closes: #893733, #903646). * debian/control: + Bump to Standards-Version: 4.5.1. No changes needed. * debian/copyright: + Update auto-generated copyright.in file. + Update copyright attributions: * debian/patches: + Drop 1001_spelling-fixes.patch. Applied upstream. + Revert upstream's removal of the connectErrorCode symbol via 2002_revert-e4b30a5cb6100a8ea4f320b829c9c5712ed4a783.patch. This re-instates ABI compatibility with FreeRDP 2.2.0. * debian/*.symbols: + Update symbols for FreeRDP 2.3.0. * debian/watch: + Switch to format version 4. -- Mike Gabriel <sunweaver@debian.org> Thu, 25 Feb 2021 16:14:52 +0100 freerdp2 (2.2.0+dfsg1-1) unstable; urgency=medium * New upstream release. + CVE-2020-15103: Integer overflow due to missing input sanitation in rdpegfx channel. (Closes: #965979). * debian/patches: + Drop 0001-mask-CACHED_BRUSH-when-checking-brush-style.patch. Applied upstream. * debian/copyright: + Update copyright attributions. * debian/libfreerdp2-2.symbols: + Update symbols. * debian/libfreerdp-server2-2.symbols: + Update symbols. -- Mike Gabriel <sunweaver@debian.org> Tue, 25 Aug 2020 09:17:57 +0200 freerdp2 (2.1.2+dfsg1-2) unstable; urgency=medium [ Konstantin Demin ] * debian/patches: + Add 0001-mask-CACHED_BRUSH-when-checking-brush-style.patch. Fix regression introduced in 2.1.2. -- Mike Gabriel <sunweaver@debian.org> Thu, 02 Jul 2020 15:02:32 +0200 freerdp2 (2.1.2+dfsg1-1) unstable; urgency=medium * New upstream release. - CVE-2020-4033: Out of bound read in RLEDECOMPRESS - CVE-2020-4031: Use-After-Free in gdi_SelectObject - CVE-2020-4032: Integer casting vulnerability in `update_recv_secondary_order` - CVE-2020-4030: OOB read in `TrioParse` - CVE-2020-11099: OOB Read in license_read_new_or_upgrade_license_packet - CVE-2020-11098: Out-of-bound read in glyph_cache_put - CVE-2020-11097: OOB read in ntlm_av_pair_get - CVE-2020-11095: Global OOB read in update_recv_primary_order - CVE-2020-11096: Global OOB read in update_read_cache_bitmap_v3_order * debian/copyright: + Update auto-generated copyright.in file. + Update copyright attributions. * debian/libwinpr2-2.symbols: + Update symbols. -- Mike Gabriel <sunweaver@debian.org> Mon, 29 Jun 2020 14:03:55 +0200 freerdp2 (2.1.1+dfsg1-1) unstable; urgency=medium [ Konstantin Demin ] * New upstream release. - Fix smartcard login failures. (Closes: #919281) - Fix crash when /gfx option is used with /sound option. (Closes: #940925). * debian/{copyright,rules,watch}: + Use upstream tarball instead of Git snapshot. * debian/control: + Drop needless libdbus-glib-1-dev. (Closes: #955840). + Bump Standards-Version: to 4.5.0. No changes needed. + wrap-and-sort Build-Depends. + Update Homepage URL scheme to https. * debian/patches: + Drop 0001_CVE-2019-17177.patch. Applied upstream. + Drop 0002_fix-channels-smartcard-fix-statusw-call.patch. Applied upstream. + Refresh 1001_spelling-fixes.patch. + Add 2001-fake-git-revision.patch. avoid Git interaction during build. * debian/copyright: + Update upstream Source URL scheme to https. * debian/rules: + Rework layout. + Don't build freerdp-proxy so far. + Specify correct build type. + Fix build-time headers. + Enable extended debug logging in freerdp2 itself. * debian/{control,rules}: + Enable image scaling support in freerdp. * debian/*.symbols: + Update symbols files. [ Mike Gabriel ] * debian/control: + Add B-D: libpam0g-dev. (Closes: #958230). + Bump DH compat level to version 13. * debian/rules: + Re-add get-orig-source target for developers' convenience. * debian/copyright: + Update auto-generated copyright.in file. + Update copyright attributions. -- Mike Gabriel <sunweaver@debian.org> Wed, 27 May 2020 21:54:38 +0200 freerdp2 (2.0.0~git20190204.1.2693389a+dfsg1-2) unstable; urgency=medium * debian/control: + Bump Standards-Version: to 4.4.1. No changes needed. + Add Rules-Requires-Root: field and set it to 'no'. * debian/patches: + Add 0001_CVE-2019-17177.patch. Fix realloc return handling. (CVE-2019-17177). * debian/rules: + Drop dbgsym:migration dh_strip overrides. -- Mike Gabriel <sunweaver@debian.org> Mon, 16 Dec 2019 11:25:24 +0100 # Older entries have been removed from this changelog. # To read the complete changelog use `apt changelog libwinpr2-2`.
Generated by dwww version 1.15 on Wed Jun 26 23:23:40 CEST 2024.