Bug#988612: unblock: freerdp2/2.3.0+dfsg1-2
Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: unblock
Please unblock package freerdp2
This upload brings various stability improvements cherry-picked from
upstream (and discussed with upstream).
* debian/watch:
+ Fix Github watch URL.
-> Enables watching of new upstream releases again.
* debian/patches:
+ Backport changes from 2.3.2 (bound checks, API compat fixes, Smartcard
issues fixes, etc.).
- 0001-Added-compatibility-define.patch
- 0003-Reverted-connectErrorCode-removal.patch
- 0004-Fixed-a-leak-on-mouse-cursor-updates.patch
- 0007-Fixed-format-string-in-smartcard_trace_state_return.patch
- 0008-Fixed-linking-dependencies-for-client-geometry-chann.patch
- 0010-Fixed-smartcard_convert_string_list-with-0-length.patch
- 0012-Parse-on-a-copy-of-the-argument-string-for-printer.patch
- 0015-Fix-xf_Pointer_SetPosition-with-smart-sizing.patch
- 0017-Backported-6865-Disable-websockets-command-line-opti.patch
- 0019-Check-smartcard_convert_string_list-for-NULL-string.patch
- 0020-Use-specific-names-for-drive-hotplug-special-values.patch
- 0021-Filter-RDPDR-types-other-than-drives-on-windows-hotp.patch
- 0023-use-tlsOut-BIO-when-using-websocket-in-rdg_bio_ctrl.patch
- 0024-Added-bounds-checks-to-gfx-commands.patch
- 0025-Added-bounds-check-in-rdpgfx_recv_wire_to_surface_1_.patch
- 0026-Added-fuzzying-test-for-planar-decoder.patch
- 0027-Added-missing-bounds-check.patch
- 0028-Fixed-mac-issues-with-smartcard-context-cleanup-6890.patch
- 0031-Fix-monitor-list.patch
- 0032-Fixed-CodeQL-warnings.patch
- 0033-Reverted-winpr_BinToHexString-argument-change.patch
-> Dearly recommended changes by FreeRDP upstream. Various bounds checks, memleaks, etc.
* debian/patches:
+ Add 0034-Fixed-6938-Remote-app-mode-clipboard-fix.patch. In remote app
mode the _FREERDP_TIMESTAMP_PROPERTY does not work. Therefore ignore it.
+ Add 0035-Fixed-6989-Use-X509_STORE_set_default_paths.patch. Fix Windows
10 logon when using an internal trusted root CA.
-> Two upcoming upstream stable backports (pending for FreeRDP 2.3.3).
For production setups both are a must have.
[ Reason ]
The changeset provides more stability to the FreeRDP binaries and
libraries. Clipboard in seamless RDP application are fixed, Windows
logon in corporate environments are fixes by this version.
[ Impact ]
Users of FreeRDP would be recommended to switch over to FreeRDP from
bullseye-backports (once they are available).
[ Tests ]
Manual tests against Windows 2012 Server, Windows 10 VM and Windows 2016 Server.
[ Risks ]
The chanages have also been tested with xRDP. The xRDP Server behaves well with these
changes installed on the server, also logons against xRDP work ok.
[ Checklist ]
[x] all changes are documented in the d/changelog
[x] I reviewed all changes and I approve them
[x] attach debdiff against the package in testing
[ Other info ]
The changeset has been discussed with and approved by upstream FreeRPD
developers Bernhard Miklautz and akallabeth (IRC nick, real name not
known).
unblock freerdp2/2.3.0+dfsg1-2
diff -Nru freerdp2-2.3.0+dfsg1/debian/changelog freerdp2-2.3.0+dfsg1/debian/changelog
--- freerdp2-2.3.0+dfsg1/debian/changelog 2021-02-25 16:14:52.000000000 +0100
+++ freerdp2-2.3.0+dfsg1/debian/changelog 2021-05-16 23:42:19.000000000 +0200
@@ -1,3 +1,39 @@
+freerdp2 (2.3.0+dfsg1-2) unstable; urgency=medium
+
+ * debian/watch:
+ + Fix Github watch URL.
+ * debian/patches:
+ + Backport changes from 2.3.2 (bound checks, API compat fixes, Smartcard
+ issues fixes, etc.).
+ - 0001-Added-compatibility-define.patch
+ - 0003-Reverted-connectErrorCode-removal.patch
+ - 0004-Fixed-a-leak-on-mouse-cursor-updates.patch
+ - 0007-Fixed-format-string-in-smartcard_trace_state_return.patch
+ - 0008-Fixed-linking-dependencies-for-client-geometry-chann.patch
+ - 0010-Fixed-smartcard_convert_string_list-with-0-length.patch
+ - 0012-Parse-on-a-copy-of-the-argument-string-for-printer.patch
+ - 0015-Fix-xf_Pointer_SetPosition-with-smart-sizing.patch
+ - 0017-Backported-6865-Disable-websockets-command-line-opti.patch
+ - 0019-Check-smartcard_convert_string_list-for-NULL-string.patch
+ - 0020-Use-specific-names-for-drive-hotplug-special-values.patch
+ - 0021-Filter-RDPDR-types-other-than-drives-on-windows-hotp.patch
+ - 0023-use-tlsOut-BIO-when-using-websocket-in-rdg_bio_ctrl.patch
+ - 0024-Added-bounds-checks-to-gfx-commands.patch
+ - 0025-Added-bounds-check-in-rdpgfx_recv_wire_to_surface_1_.patch
+ - 0026-Added-fuzzying-test-for-planar-decoder.patch
+ - 0027-Added-missing-bounds-check.patch
+ - 0028-Fixed-mac-issues-with-smartcard-context-cleanup-6890.patch
+ - 0031-Fix-monitor-list.patch
+ - 0032-Fixed-CodeQL-warnings.patch
+ - 0033-Reverted-winpr_BinToHexString-argument-change.patch
+ * debian/patches:
+ + Add 0034-Fixed-6938-Remote-app-mode-clipboard-fix.patch. In remote app
+ mode the _FREERDP_TIMESTAMP_PROPERTY does not work. Therefore ignore it.
+ + Add 0035-Fixed-6989-Use-X509_STORE_set_default_paths.patch. Fix Windows
+ 10 logon when using an internal trusted root CA.
+
+ -- Mike Gabriel <sunweaver@debian.org> Sun, 16 May 2021 23:42:19 +0200
+
freerdp2 (2.3.0+dfsg1-1) unstable; urgency=medium
[ Fabio Fantoni ]
diff -Nru freerdp2-2.3.0+dfsg1/debian/patches/0001-Added-compatibility-define.patch freerdp2-2.3.0+dfsg1/debian/patches/0001-Added-compatibility-define.patch
--- freerdp2-2.3.0+dfsg1/debian/patches/0001-Added-compatibility-define.patch 1970-01-01 01:00:00.000000000 +0100
+++ freerdp2-2.3.0+dfsg1/debian/patches/0001-Added-compatibility-define.patch 2021-04-29 11:57:14.000000000 +0200
@@ -0,0 +1,24 @@
+From 1ff1906545bacb3eb7608155984dd4642647b736 Mon Sep 17 00:00:00 2001
+From: akallabeth <akallabeth@posteo.net>
+Date: Sat, 27 Feb 2021 08:29:46 +0100
+Subject: [PATCH 01/36] Added compatibility define
+
+---
+ winpr/include/winpr/shell.h | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/winpr/include/winpr/shell.h b/winpr/include/winpr/shell.h
+index 72931a01b..f88291e43 100644
+--- a/winpr/include/winpr/shell.h
++++ b/winpr/include/winpr/shell.h
+@@ -86,6 +86,7 @@ typedef enum
+
+ /* Deprecated, here for compatibility */
+ #define FD_SHOWPROGRESSUI FD_PROGRESSUI
++#define FD_WRITESTIME FD_WRITETIME
+
+ /* FILEDESCRIPTOR.dwFileAttributes */
+ #define FILE_ATTRIBUTE_READONLY 0x00000001
+--
+2.30.2
+
diff -Nru freerdp2-2.3.0+dfsg1/debian/patches/0003-Reverted-connectErrorCode-removal.patch freerdp2-2.3.0+dfsg1/debian/patches/0003-Reverted-connectErrorCode-removal.patch
--- freerdp2-2.3.0+dfsg1/debian/patches/0003-Reverted-connectErrorCode-removal.patch 1970-01-01 01:00:00.000000000 +0100
+++ freerdp2-2.3.0+dfsg1/debian/patches/0003-Reverted-connectErrorCode-removal.patch 2021-04-29 11:55:48.000000000 +0200
@@ -0,0 +1,149 @@
+From 73753f8af40de20703858fff37a762b7f5580bb0 Mon Sep 17 00:00:00 2001
+From: akallabeth <akallabeth@posteo.net>
+Date: Sat, 27 Feb 2021 08:35:33 +0100
+Subject: [PATCH 03/36] Reverted connectErrorCode removal
+
+Reverted changes from e4b30a5cb6100a8ea4f320b829c9c5712ed4a783
+removing the symbol/define, keep the changes for the clients.
+Mark as deprecated
+---
+ include/freerdp/error.h | 25 +++++++++++++++++
+ libfreerdp/core/errinfo.c | 2 ++
+ libfreerdp/core/freerdp.c | 58 +++++++++++++++++++++++++++++++++++++++
+ 3 files changed, 85 insertions(+)
+
+diff --git a/include/freerdp/error.h b/include/freerdp/error.h
+index 0fb51608b..a928a645a 100644
+--- a/include/freerdp/error.h
++++ b/include/freerdp/error.h
+@@ -177,6 +177,31 @@ extern "C"
+ FREERDP_API const char* freerdp_get_error_info_name(UINT32 code);
+ FREERDP_API const char* freerdp_get_error_info_category(UINT32 code);
+
++ /**
++ * DEPRECATED!
++ * This static variable holds an error code if the return value from connect is FALSE.
++ * This variable is always set to 0 in the beginning of the connect sequence.
++ * The returned code can be used to inform the user of the detailed connect error.
++ * The value can hold one of the defined error codes below OR an error according to errno
++ */
++
++ FREERDP_API extern int connectErrorCode;
++
++#define ERRORSTART 10000
++#define PREECONNECTERROR ERRORSTART + 1
++#define UNDEFINEDCONNECTERROR ERRORSTART + 2
++#define POSTCONNECTERROR ERRORSTART + 3
++#define DNSERROR ERRORSTART + 4 /* general DNS ERROR */
++#define DNSNAMENOTFOUND ERRORSTART + 5 /* EAI_NONAME */
++#define CONNECTERROR \
++ ERRORSTART + 6 /* a connect error if errno is not define during tcp connect \
++ */
++#define MCSCONNECTINITIALERROR ERRORSTART + 7
++#define TLSCONNECTERROR ERRORSTART + 8
++#define AUTHENTICATIONERROR ERRORSTART + 9
++#define INSUFFICIENTPRIVILEGESERROR ERRORSTART + 10
++#define CANCELEDBYUSER ERRORSTART + 11
++
+ /**
+ * FreeRDP Context Error Codes
+ */
+diff --git a/libfreerdp/core/errinfo.c b/libfreerdp/core/errinfo.c
+index abfe96efd..e635847dc 100644
+--- a/libfreerdp/core/errinfo.c
++++ b/libfreerdp/core/errinfo.c
+@@ -34,6 +34,8 @@
+ ERRINFO_##_code, "ERRINFO_" #_code, ERRINFO_##_code##_STRING, category \
+ }
+
++int connectErrorCode;
++
+ /* Protocol-independent codes */
+
+ #define ERRINFO_RPC_INITIATED_DISCONNECT_STRING \
+diff --git a/libfreerdp/core/freerdp.c b/libfreerdp/core/freerdp.c
+index 81183e76d..9094bc346 100644
+--- a/libfreerdp/core/freerdp.c
++++ b/libfreerdp/core/freerdp.c
+@@ -55,6 +55,8 @@
+
+ #define TAG FREERDP_TAG("core")
+
++/* connectErrorCode is 'extern' in error.h. See comment there.*/
++
+ UINT freerdp_channel_add_init_handle_data(rdpChannelHandles* handles, void* pInitHandle,
+ void* pUserData)
+ {
+@@ -161,6 +163,7 @@ BOOL freerdp_connect(freerdp* instance)
+
+ /* We always set the return code to 0 before we start the connect sequence*/
+ instance->ConnectionCallbackState = CLIENT_STATE_INITIAL;
++ connectErrorCode = 0;
+ freerdp_set_last_error_log(instance->context, FREERDP_ERROR_SUCCESS);
+ clearChannelError(instance->context);
+ ResetEvent(instance->context->abortEvent);
+@@ -890,6 +893,61 @@ void freerdp_set_last_error_ex(rdpContext* context, UINT32 lastError, const char
+ }
+
+ context->LastError = lastError;
++
++ switch (lastError)
++ {
++ case FREERDP_ERROR_PRE_CONNECT_FAILED:
++ connectErrorCode = PREECONNECTERROR;
++ break;
++
++ case FREERDP_ERROR_CONNECT_UNDEFINED:
++ connectErrorCode = UNDEFINEDCONNECTERROR;
++ break;
++
++ case FREERDP_ERROR_POST_CONNECT_FAILED:
++ connectErrorCode = POSTCONNECTERROR;
++ break;
++
++ case FREERDP_ERROR_DNS_ERROR:
++ connectErrorCode = DNSERROR;
++ break;
++
++ case FREERDP_ERROR_DNS_NAME_NOT_FOUND:
++ connectErrorCode = DNSNAMENOTFOUND;
++ break;
++
++ case FREERDP_ERROR_CONNECT_FAILED:
++ connectErrorCode = CONNECTERROR;
++ break;
++
++ case FREERDP_ERROR_MCS_CONNECT_INITIAL_ERROR:
++ connectErrorCode = MCSCONNECTINITIALERROR;
++ break;
++
++ case FREERDP_ERROR_TLS_CONNECT_FAILED:
++ connectErrorCode = TLSCONNECTERROR;
++ break;
++
++ case FREERDP_ERROR_AUTHENTICATION_FAILED:
++ connectErrorCode = AUTHENTICATIONERROR;
++ break;
++
++ case FREERDP_ERROR_INSUFFICIENT_PRIVILEGES:
++ connectErrorCode = INSUFFICIENTPRIVILEGESERROR;
++ break;
++
++ case FREERDP_ERROR_CONNECT_CANCELLED:
++ connectErrorCode = CANCELEDBYUSER;
++ break;
++
++ case FREERDP_ERROR_SECURITY_NEGO_CONNECT_FAILED:
++ connectErrorCode = CONNECTERROR;
++ break;
++
++ case FREERDP_ERROR_CONNECT_TRANSPORT_FAILED:
++ connectErrorCode = CONNECTERROR;
++ break;
++ }
+ }
+
+ const char* freerdp_get_logon_error_info_type(UINT32 type)
+--
+2.30.2
+
diff -Nru freerdp2-2.3.0+dfsg1/debian/patches/0004-Fixed-a-leak-on-mouse-cursor-updates.patch freerdp2-2.3.0+dfsg1/debian/patches/0004-Fixed-a-leak-on-mouse-cursor-updates.patch
--- freerdp2-2.3.0+dfsg1/debian/patches/0004-Fixed-a-leak-on-mouse-cursor-updates.patch 1970-01-01 01:00:00.000000000 +0100
+++ freerdp2-2.3.0+dfsg1/debian/patches/0004-Fixed-a-leak-on-mouse-cursor-updates.patch 2021-04-29 11:55:48.000000000 +0200
@@ -0,0 +1,37 @@
+From d88480fc48d9599a8d46e255e13ed9dbb89defde Mon Sep 17 00:00:00 2001
+From: akallabeth <akallabeth@posteo.net>
+Date: Sat, 27 Feb 2021 17:37:35 +0100
+Subject: [PATCH 04/36] Fixed a leak on mouse cursor updates
+
+---
+ client/X11/xf_graphics.c | 12 ++++++------
+ 1 file changed, 6 insertions(+), 6 deletions(-)
+
+diff --git a/client/X11/xf_graphics.c b/client/X11/xf_graphics.c
+index 20d54f50c..54a4b9cc7 100644
+--- a/client/X11/xf_graphics.c
++++ b/client/X11/xf_graphics.c
+@@ -305,14 +305,14 @@ static BOOL _xf_Pointer_GetCursorForCurrentScale(rdpContext* context, const rdpP
+ ci.yhot = pointer->yPos * yscale;
+ size = ci.height * ci.width * GetBytesPerPixel(CursorFormat);
+
+- if (!(ci.pixels = (XcursorPixel*)_aligned_malloc(size, 16)))
+- {
+- xf_unlock_x11(xfc);
+- return FALSE;
+- }
+-
+ if (xscale != 1 || yscale != 1)
+ {
++ if (!(ci.pixels = (XcursorPixel*)_aligned_malloc(size, 16)))
++ {
++ xf_unlock_x11(xfc);
++ return FALSE;
++ }
++
+ if (!freerdp_image_scale((BYTE*)ci.pixels, CursorFormat, 0, 0, 0, ci.width, ci.height,
+ (BYTE*)xpointer->cursorPixels, CursorFormat, 0, 0, 0,
+ pointer->width, pointer->height))
+--
+2.30.2
+
diff -Nru freerdp2-2.3.0+dfsg1/debian/patches/0007-Fixed-format-string-in-smartcard_trace_state_return.patch freerdp2-2.3.0+dfsg1/debian/patches/0007-Fixed-format-string-in-smartcard_trace_state_return.patch
--- freerdp2-2.3.0+dfsg1/debian/patches/0007-Fixed-format-string-in-smartcard_trace_state_return.patch 1970-01-01 01:00:00.000000000 +0100
+++ freerdp2-2.3.0+dfsg1/debian/patches/0007-Fixed-format-string-in-smartcard_trace_state_return.patch 2021-04-29 11:55:48.000000000 +0200
@@ -0,0 +1,46 @@
+From 69ff618ebc142b53062115fab1547eb5ff2c25d7 Mon Sep 17 00:00:00 2001
+From: akallabeth <akallabeth@posteo.net>
+Date: Tue, 2 Mar 2021 07:50:17 +0100
+Subject: [PATCH 07/36] Fixed format string in smartcard_trace_state_return
+
+(cherry picked from commit ca96c4450707d39dbd5c94f2b1c4ae807789b012)
+---
+ channels/smartcard/client/smartcard_pack.c | 11 +++++++----
+ 1 file changed, 7 insertions(+), 4 deletions(-)
+
+diff --git a/channels/smartcard/client/smartcard_pack.c b/channels/smartcard/client/smartcard_pack.c
+index f5987d4b5..ed0301bb2 100644
+--- a/channels/smartcard/client/smartcard_pack.c
++++ b/channels/smartcard/client/smartcard_pack.c
+@@ -1307,21 +1307,24 @@ static void smartcard_trace_status_return(SMARTCARD_DEVICE* smartcard, const Sta
+ static void smartcard_trace_state_return(SMARTCARD_DEVICE* smartcard, const State_Return* ret)
+ {
+ char buffer[1024];
+-
++ char* state;
+ WINPR_UNUSED(smartcard);
+
+ if (!WLog_IsLevelActive(WLog_Get(TAG), g_LogLevel))
+ return;
+
++ state = SCardGetReaderStateString(ret->dwState);
+ WLog_LVL(TAG, g_LogLevel, "Reconnect_Return {");
+ WLog_LVL(TAG, g_LogLevel, " ReturnCode: %s (0x%08" PRIX32 ")",
+ SCardGetErrorString(ret->ReturnCode), ret->ReturnCode);
+- WLog_LVL(TAG, g_LogLevel, " dwState: %s (0x%08" PRIX32 ")", ret->dwState);
+- WLog_LVL(TAG, g_LogLevel, " dwProtocol: %s (0x%08" PRIX32 ")", ret->dwProtocol);
+- WLog_LVL(TAG, g_LogLevel, " cbAtrLen: %s (0x%08" PRIX32 ")", ret->cbAtrLen);
++ WLog_LVL(TAG, g_LogLevel, " dwState: %s (0x%08" PRIX32 ")", state, ret->dwState);
++ WLog_LVL(TAG, g_LogLevel, " dwProtocol: %s (0x%08" PRIX32 ")",
++ SCardGetProtocolString(ret->dwProtocol), ret->dwProtocol);
++ WLog_LVL(TAG, g_LogLevel, " cbAtrLen: (0x%08" PRIX32 ")", ret->cbAtrLen);
+ WLog_LVL(TAG, g_LogLevel, " rgAtr: %s",
+ smartcard_array_dump(ret->rgAtr, sizeof(ret->rgAtr), buffer, sizeof(buffer)));
+ WLog_LVL(TAG, g_LogLevel, "}");
++ free(state);
+ }
+
+ static void smartcard_trace_reconnect_return(SMARTCARD_DEVICE* smartcard,
+--
+2.30.2
+
diff -Nru freerdp2-2.3.0+dfsg1/debian/patches/0008-Fixed-linking-dependencies-for-client-geometry-chann.patch freerdp2-2.3.0+dfsg1/debian/patches/0008-Fixed-linking-dependencies-for-client-geometry-chann.patch
--- freerdp2-2.3.0+dfsg1/debian/patches/0008-Fixed-linking-dependencies-for-client-geometry-chann.patch 1970-01-01 01:00:00.000000000 +0100
+++ freerdp2-2.3.0+dfsg1/debian/patches/0008-Fixed-linking-dependencies-for-client-geometry-chann.patch 2021-04-29 11:55:48.000000000 +0200
@@ -0,0 +1,30 @@
+From de743a836a982807cbb88efdebb66c09eea010f2 Mon Sep 17 00:00:00 2001
+From: akallabeth <akallabeth@posteo.net>
+Date: Tue, 1 Dec 2020 11:44:14 +0100
+Subject: [PATCH 08/36] Fixed linking dependencies for client geometry channel
+
+(cherry picked from commit 7056433c8ecd045912fecb896ffa2eac3aad1410)
+---
+ channels/geometry/client/CMakeLists.txt | 5 +++--
+ 1 file changed, 3 insertions(+), 2 deletions(-)
+
+diff --git a/channels/geometry/client/CMakeLists.txt b/channels/geometry/client/CMakeLists.txt
+index ea28bff9d..ac9fdc407 100644
+--- a/channels/geometry/client/CMakeLists.txt
++++ b/channels/geometry/client/CMakeLists.txt
+@@ -25,9 +25,10 @@ include_directories(..)
+
+ add_channel_client_library(${MODULE_PREFIX} ${MODULE_NAME} ${CHANNEL_NAME} TRUE "DVCPluginEntry")
+
+-
+-
+ set(${MODULE_PREFIX}_LIBS ${${MODULE_PREFIX}_LIBS} winpr)
++if (NOT BUILTIN_CHANNELS OR NOT BUILD_SHARED_LIBS)
++ set(${MODULE_PREFIX}_LIBS ${${MODULE_PREFIX}_LIBS} freerdp-client)
++endif()
+
+ target_link_libraries(${MODULE_NAME} ${${MODULE_PREFIX}_LIBS})
+
+--
+2.30.2
+
diff -Nru freerdp2-2.3.0+dfsg1/debian/patches/0010-Fixed-smartcard_convert_string_list-with-0-length.patch freerdp2-2.3.0+dfsg1/debian/patches/0010-Fixed-smartcard_convert_string_list-with-0-length.patch
--- freerdp2-2.3.0+dfsg1/debian/patches/0010-Fixed-smartcard_convert_string_list-with-0-length.patch 1970-01-01 01:00:00.000000000 +0100
+++ freerdp2-2.3.0+dfsg1/debian/patches/0010-Fixed-smartcard_convert_string_list-with-0-length.patch 2021-04-29 11:55:48.000000000 +0200
@@ -0,0 +1,45 @@
+From 471cda7ef304afb27c2fd1aa5a59078c7401e46e Mon Sep 17 00:00:00 2001
+From: Armin Novak <armin.novak@thincast.com>
+Date: Wed, 3 Mar 2021 11:39:55 +0100
+Subject: [PATCH 10/36] Fixed smartcard_convert_string_list with 0 length
+
+(cherry picked from commit e9904e286f43dea5940182b25740730c55e7c8a6)
+---
+ channels/smartcard/client/smartcard_pack.c | 12 ++++++++----
+ 1 file changed, 8 insertions(+), 4 deletions(-)
+
+diff --git a/channels/smartcard/client/smartcard_pack.c b/channels/smartcard/client/smartcard_pack.c
+index ed0301bb2..83c9d3023 100644
+--- a/channels/smartcard/client/smartcard_pack.c
++++ b/channels/smartcard/client/smartcard_pack.c
+@@ -351,8 +351,11 @@ static char* smartcard_convert_string_list(const void* in, size_t bytes, BOOL un
+
+ if (unicode)
+ {
+- length = (bytes / 2);
+- if (ConvertFromUnicode(CP_UTF8, 0, string.wz, (int)length, &mszA, 0, NULL, NULL) !=
++ length = (bytes / sizeof(WCHAR)) - 1;
++ mszA = (char*)calloc(length + 1, sizeof(WCHAR));
++ if (!mszA)
++ return NULL;
++ if (ConvertFromUnicode(CP_UTF8, 0, string.wz, (int)length, &mszA, length + 1, NULL, NULL) !=
+ (int)length)
+ {
+ free(mszA);
+@@ -362,10 +365,11 @@ static char* smartcard_convert_string_list(const void* in, size_t bytes, BOOL un
+ else
+ {
+ length = bytes;
+- mszA = (char*)malloc(length);
++ mszA = (char*)calloc(length, sizeof(char));
+ if (!mszA)
+ return NULL;
+- CopyMemory(mszA, string.sz, length);
++ CopyMemory(mszA, string.sz, length - 1);
++ mszA[length - 1] = '\0';
+ }
+
+ for (index = 0; index < length - 1; index++)
+--
+2.30.2
+
diff -Nru freerdp2-2.3.0+dfsg1/debian/patches/0012-Parse-on-a-copy-of-the-argument-string-for-printer.patch freerdp2-2.3.0+dfsg1/debian/patches/0012-Parse-on-a-copy-of-the-argument-string-for-printer.patch
--- freerdp2-2.3.0+dfsg1/debian/patches/0012-Parse-on-a-copy-of-the-argument-string-for-printer.patch 1970-01-01 01:00:00.000000000 +0100
+++ freerdp2-2.3.0+dfsg1/debian/patches/0012-Parse-on-a-copy-of-the-argument-string-for-printer.patch 2021-04-29 11:55:48.000000000 +0200
@@ -0,0 +1,49 @@
+From 9ce4bc351f188ee52786c6f3a6b4ee1b48926bfd Mon Sep 17 00:00:00 2001
+From: akallabeth <akallabeth@posteo.net>
+Date: Thu, 4 Mar 2021 14:26:35 +0100
+Subject: [PATCH 12/36] Parse on a copy of the argument string for printer
+
+If done on original the wrong backend is loaded on autoreconnect
+
+(cherry picked from commit af1c6ebcb49c93d636817ec98f74d07cba9d7f26)
+---
+ channels/printer/client/printer_main.c | 9 ++++++---
+ 1 file changed, 6 insertions(+), 3 deletions(-)
+
+diff --git a/channels/printer/client/printer_main.c b/channels/printer/client/printer_main.c
+index dbcc07dc5..170ecb15b 100644
+--- a/channels/printer/client/printer_main.c
++++ b/channels/printer/client/printer_main.c
+@@ -979,7 +979,7 @@ printer_DeviceServiceEntry
+
+ device = (RDPDR_PRINTER*)pEntryPoints->device;
+ name = device->Name;
+- driver_name = device->DriverName;
++ driver_name = _strdup(device->DriverName);
+
+ /* Secondary argument is one of the following:
+ *
+@@ -1016,7 +1016,8 @@ printer_DeviceServiceEntry
+ if (!driver)
+ {
+ WLog_ERR(TAG, "Could not get a printer driver!");
+- return CHANNEL_RC_INITIALIZATION_ERROR;
++ error = CHANNEL_RC_INITIALIZATION_ERROR;
++ goto fail;
+ }
+
+ if (name && name[0])
+@@ -1064,7 +1065,9 @@ printer_DeviceServiceEntry
+ }
+
+ fail:
+- driver->ReleaseRef(driver);
++ free(driver_name);
++ if (driver)
++ driver->ReleaseRef(driver);
+
+ return error;
+ }
+--
+2.30.2
+
diff -Nru freerdp2-2.3.0+dfsg1/debian/patches/0015-Fix-xf_Pointer_SetPosition-with-smart-sizing.patch freerdp2-2.3.0+dfsg1/debian/patches/0015-Fix-xf_Pointer_SetPosition-with-smart-sizing.patch
--- freerdp2-2.3.0+dfsg1/debian/patches/0015-Fix-xf_Pointer_SetPosition-with-smart-sizing.patch 1970-01-01 01:00:00.000000000 +0100
+++ freerdp2-2.3.0+dfsg1/debian/patches/0015-Fix-xf_Pointer_SetPosition-with-smart-sizing.patch 2021-04-29 11:55:48.000000000 +0200
@@ -0,0 +1,99 @@
+From 899be1b564ac4f4803de5b81e0711821403d9ed1 Mon Sep 17 00:00:00 2001
+From: akallabeth <akallabeth@posteo.net>
+Date: Mon, 8 Mar 2021 13:52:29 +0100
+Subject: [PATCH 15/36] Fix xf_Pointer_SetPosition with smart-sizing
+
+(cherry picked from commit d3e3ab7b5d5ce376ba72fa1fc0aee2f25c9682b4)
+---
+ client/X11/xf_event.c | 31 +++++++++++++++++++++++++++++++
+ client/X11/xf_event.h | 1 +
+ client/X11/xf_graphics.c | 5 ++++-
+ 3 files changed, 36 insertions(+), 1 deletion(-)
+
+diff --git a/client/X11/xf_event.c b/client/X11/xf_event.c
+index 60fe9c6b3..99577b1a1 100644
+--- a/client/X11/xf_event.c
++++ b/client/X11/xf_event.c
+@@ -262,6 +262,37 @@ static BOOL xf_event_execute_action_script(xfContext* xfc, const XEvent* event)
+ return TRUE;
+ }
+
++void xf_adjust_coordinates_to_screen(xfContext* xfc, UINT32* x, UINT32* y)
++{
++ rdpSettings* settings;
++ INT64 tx, ty;
++
++ if (!xfc || !xfc->context.settings || !y || !x)
++ return;
++
++ settings = xfc->context.settings;
++ tx = *x;
++ ty = *y;
++ if (!xfc->remote_app)
++ {
++#ifdef WITH_XRENDER
++
++ if (xf_picture_transform_required(xfc))
++ {
++ double xScalingFactor = xfc->scaledWidth / (double)settings->DesktopWidth;
++ double yScalingFactor = xfc->scaledHeight / (double)settings->DesktopHeight;
++ tx = ((tx + xfc->offset_x) * xScalingFactor);
++ ty = ((ty + xfc->offset_y) * yScalingFactor);
++ }
++
++#endif
++ }
++
++ CLAMP_COORDINATES(tx, ty);
++ *x = tx;
++ *y = ty;
++}
++
+ void xf_event_adjust_coordinates(xfContext* xfc, int* x, int* y)
+ {
+ rdpSettings* settings;
+diff --git a/client/X11/xf_event.h b/client/X11/xf_event.h
+index 185c83c7c..2269d3eea 100644
+--- a/client/X11/xf_event.h
++++ b/client/X11/xf_event.h
+@@ -33,6 +33,7 @@ void xf_event_SendClientEvent(xfContext* xfc, xfWindow* window, Atom atom, unsig
+ ...);
+
+ void xf_event_adjust_coordinates(xfContext* xfc, int* x, int* y);
++void xf_adjust_coordinates_to_screen(xfContext* xfc, UINT32* x, UINT32* y);
+
+ BOOL xf_generic_MotionNotify(xfContext* xfc, int x, int y, int state, Window window, BOOL app);
+ BOOL xf_generic_ButtonPress(xfContext* xfc, int x, int y, int button, Window window, BOOL app);
+diff --git a/client/X11/xf_graphics.c b/client/X11/xf_graphics.c
+index 54a4b9cc7..1700092f8 100644
+--- a/client/X11/xf_graphics.c
++++ b/client/X11/xf_graphics.c
+@@ -37,6 +37,7 @@
+
+ #include "xf_graphics.h"
+ #include "xf_gdi.h"
++#include "xf_event.h"
+
+ #include <freerdp/log.h>
+ #define TAG CLIENT_TAG("x11")
+@@ -521,6 +522,8 @@ static BOOL xf_Pointer_SetPosition(rdpContext* context, UINT32 x, UINT32 y)
+ if (xfc->remote_app && !xfc->focused)
+ return TRUE;
+
++ xf_adjust_coordinates_to_screen(xfc, &x, &y);
++
+ xf_lock_x11(xfc);
+
+ rc = XGetWindowAttributes(xfc->display, handle, ¤t);
+@@ -541,7 +544,7 @@ static BOOL xf_Pointer_SetPosition(rdpContext* context, UINT32 x, UINT32 y)
+
+ rc = XWarpPointer(xfc->display, None, handle, 0, 0, 0, 0, x, y);
+ if (rc == 0)
+- WLog_WARN(TAG, "xf_Pointer_SetPosition: XWrapPointer==%d", rc);
++ WLog_WARN(TAG, "xf_Pointer_SetPosition: XWarpPointer==%d", rc);
+ tmp.event_mask = current.your_event_mask;
+ rc = XChangeWindowAttributes(xfc->display, handle, CWEventMask, &tmp);
+ if (rc == 0)
+--
+2.30.2
+
diff -Nru freerdp2-2.3.0+dfsg1/debian/patches/0017-Backported-6865-Disable-websockets-command-line-opti.patch freerdp2-2.3.0+dfsg1/debian/patches/0017-Backported-6865-Disable-websockets-command-line-opti.patch
--- freerdp2-2.3.0+dfsg1/debian/patches/0017-Backported-6865-Disable-websockets-command-line-opti.patch 1970-01-01 01:00:00.000000000 +0100
+++ freerdp2-2.3.0+dfsg1/debian/patches/0017-Backported-6865-Disable-websockets-command-line-opti.patch 2021-04-29 12:04:00.000000000 +0200
@@ -0,0 +1,145 @@
+From f4c87729e393c4f9f522d2731078655f469d9b12 Mon Sep 17 00:00:00 2001
+From: akallabeth <akallabeth@posteo.net>
+Date: Mon, 8 Mar 2021 14:31:17 +0100
+Subject: [PATCH 17/36] Backported #6865: Disable websockets command line
+ option
+
+---
+ client/common/cmdline.c | 30 ++++++++++++++-----
+ client/common/cmdline.h | 4 +--
+ include/freerdp/settings.h | 4 ++-
+ libfreerdp/common/settings_getters.c | 7 +++++
+ libfreerdp/common/settings_str.c | 1 +
+ libfreerdp/core/gateway/rdg.c | 4 ++-
+ .../core/test/settings_property_lists.h | 1 +
+ 7 files changed, 39 insertions(+), 12 deletions(-)
+
+--- a/client/common/cmdline.c
++++ b/client/common/cmdline.c
+@@ -2234,15 +2234,29 @@
+ settings->GatewayRpcTransport = TRUE;
+ settings->GatewayHttpTransport = FALSE;
+ }
+- else if (_stricmp(arg->Value, "http") == 0)
++ else
+ {
+- settings->GatewayRpcTransport = FALSE;
+- settings->GatewayHttpTransport = TRUE;
+- }
+- else if (_stricmp(arg->Value, "auto") == 0)
+- {
+- settings->GatewayRpcTransport = TRUE;
+- settings->GatewayHttpTransport = TRUE;
++ char* c = strchr(arg->Value, ',');
++ if (c)
++ {
++ *c++ = '\0';
++ if (_stricmp(c, "no-websockets") != 0)
++ {
++ return COMMAND_LINE_ERROR_UNEXPECTED_VALUE;
++ }
++ freerdp_settings_set_bool(settings, FreeRDP_GatewayHttpUseWebsockets, FALSE);
++ }
++
++ if (_stricmp(arg->Value, "http") == 0)
++ {
++ settings->GatewayRpcTransport = FALSE;
++ settings->GatewayHttpTransport = TRUE;
++ }
++ else if (_stricmp(arg->Value, "auto") == 0)
++ {
++ settings->GatewayRpcTransport = TRUE;
++ settings->GatewayHttpTransport = TRUE;
++ }
+ }
+ }
+ CommandLineSwitchCase(arg, "gat")
+--- a/client/common/cmdline.h
++++ b/client/common/cmdline.h
+@@ -180,8 +180,8 @@
+ { "gp", COMMAND_LINE_VALUE_REQUIRED, "<password>", NULL, NULL, -1, NULL, "Gateway password" },
+ { "grab-keyboard", COMMAND_LINE_VALUE_BOOL, NULL, BoolValueTrue, NULL, -1, NULL,
+ "Grab keyboard" },
+- { "gt", COMMAND_LINE_VALUE_REQUIRED, "[rpc|http|auto]", NULL, NULL, -1, NULL,
+- "Gateway transport type" },
++ { "gt", COMMAND_LINE_VALUE_REQUIRED, "[rpc|http[,no-websockets]|auto[,no-websockets]]", NULL,
++ NULL, -1, NULL, "Gateway transport type" },
+ { "gu", COMMAND_LINE_VALUE_REQUIRED, "[[<domain>\\]<user>|<user>[@<domain>]]", NULL, NULL, -1,
+ NULL, "Gateway username" },
+ { "gat", COMMAND_LINE_VALUE_REQUIRED, "<access token>", NULL, NULL, -1, NULL,
+--- a/include/freerdp/settings.h
++++ b/include/freerdp/settings.h
+@@ -751,6 +751,7 @@
+ #define FreeRDP_GatewayAccessToken (1997)
+ #define FreeRDP_GatewayAcceptedCert (1998)
+ #define FreeRDP_GatewayAcceptedCertLength (1999)
++#define FreeRDP_GatewayHttpUseWebsockets (2000)
+ #define FreeRDP_ProxyType (2015)
+ #define FreeRDP_ProxyHostname (2016)
+ #define FreeRDP_ProxyPort (2017)
+@@ -1252,7 +1253,8 @@
+ ALIGN64 char* GatewayAccessToken; /* 1997 */
+ ALIGN64 char* GatewayAcceptedCert; /* 1998 */
+ ALIGN64 UINT32 GatewayAcceptedCertLength; /* 1999 */
+- UINT64 padding2015[2015 - 2000]; /* 2000 */
++ ALIGN64 BOOL GatewayHttpUseWebsockets; /* 2000 */
++ UINT64 padding2015[2015 - 2001]; /* 2001 */
+
+ /* Proxy */
+ ALIGN64 UINT32 ProxyType; /* 2015 */
+--- a/libfreerdp/common/settings_getters.c
++++ b/libfreerdp/common/settings_getters.c
+@@ -192,6 +192,9 @@
+ case FreeRDP_GatewayHttpTransport:
+ return settings->GatewayHttpTransport;
+
++ case FreeRDP_GatewayHttpUseWebsockets:
++ return settings->GatewayHttpUseWebsockets;
++
+ case FreeRDP_GatewayRpcTransport:
+ return settings->GatewayRpcTransport;
+
+@@ -754,6 +757,10 @@
+ settings->GatewayHttpTransport = val;
+ break;
+
++ case FreeRDP_GatewayHttpUseWebsockets:
++ settings->GatewayHttpUseWebsockets = val;
++ break;
++
+ case FreeRDP_GatewayRpcTransport:
+ settings->GatewayRpcTransport = val;
+ break;
+--- a/libfreerdp/common/settings_str.c
++++ b/libfreerdp/common/settings_str.c
+@@ -74,6 +74,7 @@
+ { FreeRDP_GatewayBypassLocal, 0, "FreeRDP_GatewayBypassLocal" },
+ { FreeRDP_GatewayEnabled, 0, "FreeRDP_GatewayEnabled" },
+ { FreeRDP_GatewayHttpTransport, 0, "FreeRDP_GatewayHttpTransport" },
++ { FreeRDP_GatewayHttpUseWebsockets, 0, "FreeRDP_GatewayHttpUseWebsockets" },
+ { FreeRDP_GatewayRpcTransport, 0, "FreeRDP_GatewayRpcTransport" },
+ { FreeRDP_GatewayUdpTransport, 0, "FreeRDP_GatewayUdpTransport" },
+ { FreeRDP_GatewayUseSameCredentials, 0, "FreeRDP_GatewayUseSameCredentials" },
+--- a/libfreerdp/core/gateway/rdg.c
++++ b/libfreerdp/core/gateway/rdg.c
+@@ -2547,7 +2547,9 @@
+ !http_context_set_user_agent(rdg->http, "MS-RDGateway/1.0") ||
+ !http_context_set_host(rdg->http, rdg->settings->GatewayHostname) ||
+ !http_context_set_rdg_connection_id(rdg->http, bracedUuid) ||
+- !http_context_enable_websocket_upgrade(rdg->http, TRUE))
++ !http_context_enable_websocket_upgrade(
++ rdg->http,
++ freerdp_settings_get_bool(rdg->settings, FreeRDP_GatewayHttpUseWebsockets)))
+ {
+ goto rdg_alloc_error;
+ }
+--- a/libfreerdp/core/test/settings_property_lists.h
++++ b/libfreerdp/core/test/settings_property_lists.h
+@@ -63,6 +63,7 @@
+ FreeRDP_GatewayBypassLocal,
+ FreeRDP_GatewayEnabled,
+ FreeRDP_GatewayHttpTransport,
++ FreeRDP_GatewayHttpUseWebsockets,
+ FreeRDP_GatewayRpcTransport,
+ FreeRDP_GatewayUdpTransport,
+ FreeRDP_GatewayUseSameCredentials,
diff -Nru freerdp2-2.3.0+dfsg1/debian/patches/0019-Check-smartcard_convert_string_list-for-NULL-string.patch freerdp2-2.3.0+dfsg1/debian/patches/0019-Check-smartcard_convert_string_list-for-NULL-string.patch
--- freerdp2-2.3.0+dfsg1/debian/patches/0019-Check-smartcard_convert_string_list-for-NULL-string.patch 1970-01-01 01:00:00.000000000 +0100
+++ freerdp2-2.3.0+dfsg1/debian/patches/0019-Check-smartcard_convert_string_list-for-NULL-string.patch 2021-04-29 11:55:48.000000000 +0200
@@ -0,0 +1,31 @@
+From 42f9dff46f736eb3f58d4bb1731710bda00608f9 Mon Sep 17 00:00:00 2001
+From: akallabeth <akallabeth@posteo.net>
+Date: Tue, 9 Mar 2021 09:22:39 +0100
+Subject: [PATCH 19/36] Check smartcard_convert_string_list for NULL string
+
+In #6821 it has been reported that there are buggy smartcard
+drivers that report a string size but fail to allocate the string
+itself. This check avoids a crash with such input parameters
+
+(cherry picked from commit f8b1e662b33f7b8f77cf6582d549348c2d048a2e)
+---
+ channels/smartcard/client/smartcard_pack.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/channels/smartcard/client/smartcard_pack.c b/channels/smartcard/client/smartcard_pack.c
+index 83c9d3023..f70eb4e5d 100644
+--- a/channels/smartcard/client/smartcard_pack.c
++++ b/channels/smartcard/client/smartcard_pack.c
+@@ -349,6 +349,9 @@ static char* smartcard_convert_string_list(const void* in, size_t bytes, BOOL un
+ if (bytes < 1)
+ return NULL;
+
++ if (in == NULL)
++ return NULL;
++
+ if (unicode)
+ {
+ length = (bytes / sizeof(WCHAR)) - 1;
+--
+2.30.2
+
diff -Nru freerdp2-2.3.0+dfsg1/debian/patches/0020-Use-specific-names-for-drive-hotplug-special-values.patch freerdp2-2.3.0+dfsg1/debian/patches/0020-Use-specific-names-for-drive-hotplug-special-values.patch
--- freerdp2-2.3.0+dfsg1/debian/patches/0020-Use-specific-names-for-drive-hotplug-special-values.patch 1970-01-01 01:00:00.000000000 +0100
+++ freerdp2-2.3.0+dfsg1/debian/patches/0020-Use-specific-names-for-drive-hotplug-special-values.patch 2021-04-29 12:04:04.000000000 +0200
@@ -0,0 +1,57 @@
+From 187cbdfe2c0abdef554306394d12a9b28a5100eb Mon Sep 17 00:00:00 2001
+From: akallabeth <akallabeth@posteo.net>
+Date: Tue, 9 Mar 2021 12:09:58 +0100
+Subject: [PATCH 20/36] Use specific names for drive hotplug special values
+
+(cherry picked from commit b1be3d78fcc63a5842f7707a139b2582a4a42b21)
+---
+ client/common/cmdline.c | 24 ++++++++++++++++++++++--
+ 1 file changed, 22 insertions(+), 2 deletions(-)
+
+--- a/client/common/cmdline.c
++++ b/client/common/cmdline.c
+@@ -120,6 +120,23 @@
+ return TRUE;
+ }
+
++static char* name_from_path(const char* path)
++{
++ const char* name = "NULL";
++ if (path)
++ {
++ if (_strnicmp(path, "%", 2) == 0)
++ name = "home";
++ else if (_strnicmp(path, "*", 2) == 0)
++ name = "hotplug-all";
++ else if (_strnicmp(path, "DynamicDrives", 2) == 0)
++ name = "hotplug";
++ else
++ name = path;
++ }
++ return _strdup(name);
++}
++
+ static BOOL freerdp_client_add_drive(rdpSettings* settings, const char* path, const char* name)
+ {
+ RDPDR_DRIVE* drive;
+@@ -151,8 +168,10 @@
+ goto fail;
+ }
+ else /* We need a name to send to the server. */
+- if (!(drive->Name = _strdup(path)))
+- goto fail;
++ {
++ if (!(drive->Name = name_from_path(path)))
++ goto fail;
++ }
+
+ if (!path || !freerdp_sanitize_drive_name(drive->Name, "\\/", "__"))
+ goto fail;
+@@ -3557,6 +3576,7 @@
+ /* Syntax: Comma seperated list of the following entries:
+ * '*' ... Redirect all drives, including hotplug
+ * 'DynamicDrives' ... hotplug
++ * '%' ... user home directory
+ * <label>(<path>) ... One or more paths to redirect.
+ * <path>(<label>) ... One or more paths to redirect.
+ * <path> ... One or more paths to redirect.
diff -Nru freerdp2-2.3.0+dfsg1/debian/patches/0021-Filter-RDPDR-types-other-than-drives-on-windows-hotp.patch freerdp2-2.3.0+dfsg1/debian/patches/0021-Filter-RDPDR-types-other-than-drives-on-windows-hotp.patch
--- freerdp2-2.3.0+dfsg1/debian/patches/0021-Filter-RDPDR-types-other-than-drives-on-windows-hotp.patch 1970-01-01 01:00:00.000000000 +0100
+++ freerdp2-2.3.0+dfsg1/debian/patches/0021-Filter-RDPDR-types-other-than-drives-on-windows-hotp.patch 2021-04-29 11:55:48.000000000 +0200
@@ -0,0 +1,36 @@
+From c37593d9fc84f6344381cbfcf0631d3798d169b0 Mon Sep 17 00:00:00 2001
+From: Armin Novak <armin.novak@thincast.com>
+Date: Tue, 9 Mar 2021 12:23:37 +0100
+Subject: [PATCH 21/36] Filter RDPDR types other than drives on windows hotplug
+
+(cherry picked from commit 6f599eabbedace4adc215186783deec680057003)
+---
+ channels/rdpdr/client/rdpdr_main.c | 5 ++++-
+ 1 file changed, 4 insertions(+), 1 deletion(-)
+
+diff --git a/channels/rdpdr/client/rdpdr_main.c b/channels/rdpdr/client/rdpdr_main.c
+index e59bf0f64..617ea4287 100644
+--- a/channels/rdpdr/client/rdpdr_main.c
++++ b/channels/rdpdr/client/rdpdr_main.c
+@@ -129,7 +129,7 @@ static UINT drive_hotplug_thread_terminate(rdpdrPlugin* rdpdr)
+
+ #elif _WIN32
+
+-BOOL check_path(char* path)
++BOOL check_path(const char* path)
+ {
+ UINT type = GetDriveTypeA(path);
+
+@@ -244,6 +244,9 @@ LRESULT CALLBACK hotplug_proc(HWND hWnd, UINT Msg, WPARAM wParam, LPARAM lParam)
+ device_ext = (DEVICE_DRIVE_EXT*)ListDictionary_GetItemValue(
+ rdpdr->devman->devices, (void*)keys[j]);
+
++ if (device_ext->device.type != RDPDR_DTYP_FILESYSTEM)
++ continue;
++
+ if (device_ext->path[0] == drive_name_upper ||
+ device_ext->path[0] == drive_name_lower)
+ {
+--
+2.30.2
+
diff -Nru freerdp2-2.3.0+dfsg1/debian/patches/0023-use-tlsOut-BIO-when-using-websocket-in-rdg_bio_ctrl.patch freerdp2-2.3.0+dfsg1/debian/patches/0023-use-tlsOut-BIO-when-using-websocket-in-rdg_bio_ctrl.patch
--- freerdp2-2.3.0+dfsg1/debian/patches/0023-use-tlsOut-BIO-when-using-websocket-in-rdg_bio_ctrl.patch 1970-01-01 01:00:00.000000000 +0100
+++ freerdp2-2.3.0+dfsg1/debian/patches/0023-use-tlsOut-BIO-when-using-websocket-in-rdg_bio_ctrl.patch 2021-04-29 11:55:48.000000000 +0200
@@ -0,0 +1,57 @@
+From c1387856692d28ded58f66bff2e294edf0f9c0ac Mon Sep 17 00:00:00 2001
+From: akarl <mike@mwsys.mine.bz>
+Date: Fri, 5 Mar 2021 18:19:06 +0100
+Subject: [PATCH 23/36] use tlsOut BIO when using websocket in rdg_bio_ctrl
+
+(cherry picked from commit 0e19c443e41cdc031a38a6ea24298972420af778)
+---
+ libfreerdp/core/gateway/rdg.c | 12 ++++++++++--
+ 1 file changed, 10 insertions(+), 2 deletions(-)
+
+diff --git a/libfreerdp/core/gateway/rdg.c b/libfreerdp/core/gateway/rdg.c
+index 4ac98b1c9..ff2d06aa5 100644
+--- a/libfreerdp/core/gateway/rdg.c
++++ b/libfreerdp/core/gateway/rdg.c
+@@ -1537,7 +1537,7 @@ DWORD rdg_get_event_handles(rdpRdg* rdg, HANDLE* events, DWORD count)
+ return 0;
+ }
+
+- if (rdg->tlsIn && rdg->tlsIn->bio)
++ if (!rdg->transferEncoding.isWebsocketTransport && rdg->tlsIn && rdg->tlsIn->bio)
+ {
+ if (events && (nCount < count))
+ {
+@@ -2403,7 +2403,8 @@ static long rdg_bio_ctrl(BIO* bio, int cmd, long arg1, void* arg2)
+ if (cmd == BIO_CTRL_FLUSH)
+ {
+ (void)BIO_flush(tlsOut->bio);
+- (void)BIO_flush(tlsIn->bio);
++ if (!rdg->transferEncoding.isWebsocketTransport)
++ (void)BIO_flush(tlsIn->bio);
+ status = 1;
+ }
+ else if (cmd == BIO_C_SET_NONBLOCK)
+@@ -2418,6 +2419,10 @@ static long rdg_bio_ctrl(BIO* bio, int cmd, long arg1, void* arg2)
+ else if (cmd == BIO_C_WRITE_BLOCKED)
+ {
+ BIO* bio = tlsIn->bio;
++
++ if (rdg->transferEncoding.isWebsocketTransport)
++ bio = tlsOut->bio;
++
+ status = BIO_write_blocked(bio);
+ }
+ else if (cmd == BIO_C_WAIT_READ)
+@@ -2437,6 +2442,9 @@ static long rdg_bio_ctrl(BIO* bio, int cmd, long arg1, void* arg2)
+ int timeout = (int)arg1;
+ BIO* bio = tlsIn->bio;
+
++ if (rdg->transferEncoding.isWebsocketTransport)
++ bio = tlsOut->bio;
++
+ if (BIO_write_blocked(bio))
+ status = BIO_wait_write(bio, timeout);
+ else if (BIO_read_blocked(bio))
+--
+2.30.2
+
diff -Nru freerdp2-2.3.0+dfsg1/debian/patches/0024-Added-bounds-checks-to-gfx-commands.patch freerdp2-2.3.0+dfsg1/debian/patches/0024-Added-bounds-checks-to-gfx-commands.patch
--- freerdp2-2.3.0+dfsg1/debian/patches/0024-Added-bounds-checks-to-gfx-commands.patch 1970-01-01 01:00:00.000000000 +0100
+++ freerdp2-2.3.0+dfsg1/debian/patches/0024-Added-bounds-checks-to-gfx-commands.patch 2021-04-29 11:55:48.000000000 +0200
@@ -0,0 +1,85 @@
+From 9308d0c6365861fbd2eafa0a0881acef460cfc15 Mon Sep 17 00:00:00 2001
+From: Armin Novak <armin.novak@thincast.com>
+Date: Fri, 12 Mar 2021 09:12:28 +0100
+Subject: [PATCH 24/36] Added bounds checks to gfx commands
+
+(cherry picked from commit dd61853142a07af0eca80c901292075373a6b2d6)
+---
+ libfreerdp/gdi/gfx.c | 33 +++++++++++++++++++++++++++++++++
+ 1 file changed, 33 insertions(+)
+
+diff --git a/libfreerdp/gdi/gfx.c b/libfreerdp/gdi/gfx.c
+index 238c8138d..2221cc3f7 100644
+--- a/libfreerdp/gdi/gfx.c
++++ b/libfreerdp/gdi/gfx.c
+@@ -42,6 +42,27 @@ static BOOL is_rect_valid(const RECTANGLE_16* rect, size_t width, size_t height)
+ return TRUE;
+ }
+
++static BOOL is_within_surface(const gdiGfxSurface* surface, const RDPGFX_SURFACE_COMMAND* cmd)
++{
++ RECTANGLE_16 rect;
++ if (!surface || !cmd)
++ return FALSE;
++ rect.left = cmd->left;
++ rect.top = cmd->top;
++ rect.right = cmd->right;
++ rect.bottom = cmd->bottom;
++ if (!is_rect_valid(&rect, surface->width, surface->height))
++ {
++ WLog_ERR(TAG,
++ "%s: Command rect %" PRIu32 "x" PRIu32 "-" PRIu32 "x" PRIu32
++ " not within bounds of " PRIu32 "x" PRIu32,
++ __FUNCTION__, rect.left, rect.top, cmd->width, cmd->height, surface->width,
++ surface->height);
++ return FALSE;
++ }
++ return TRUE;
++}
++
+ static DWORD gfx_align_scanline(DWORD widthInBytes, DWORD alignment)
+ {
+ const UINT32 align = alignment;
+@@ -259,6 +280,9 @@ static UINT gdi_SurfaceCommand_Uncompressed(rdpGdi* gdi, RdpgfxClientContext* co
+ return ERROR_NOT_FOUND;
+ }
+
++ if (!is_within_surface(surface, cmd))
++ return ERROR_INVALID_DATA;
++
+ if (!freerdp_image_copy(surface->data, surface->format, surface->scanline, cmd->left, cmd->top,
+ cmd->width, cmd->height, cmd->data, cmd->format, 0, 0, 0, NULL,
+ FREERDP_FLIP_NONE))
+@@ -414,6 +438,9 @@ static UINT gdi_SurfaceCommand_Planar(rdpGdi* gdi, RdpgfxClientContext* context,
+
+ DstData = surface->data;
+
++ if (!is_within_surface(surface, cmd))
++ return ERROR_INVALID_DATA;
++
+ if (!planar_decompress(surface->codecs->planar, cmd->data, cmd->length, cmd->width, cmd->height,
+ DstData, surface->format, surface->scanline, cmd->left, cmd->top,
+ cmd->width, cmd->height, FALSE))
+@@ -686,6 +713,9 @@ static UINT gdi_SurfaceCommand_Alpha(rdpGdi* gdi, RdpgfxClientContext* context,
+ return ERROR_NOT_FOUND;
+ }
+
++ if (!is_within_surface(surface, cmd))
++ return ERROR_INVALID_DATA;
++
+ Stream_Read_UINT16(&s, alphaSig);
+ Stream_Read_UINT16(&s, compressed);
+
+@@ -815,6 +845,9 @@ static UINT gdi_SurfaceCommand_Progressive(rdpGdi* gdi, RdpgfxClientContext* con
+ return ERROR_NOT_FOUND;
+ }
+
++ if (!is_within_surface(surface, cmd))
++ return ERROR_INVALID_DATA;
++
+ rc = progressive_create_surface_context(surface->codecs->progressive, cmd->surfaceId,
+ surface->width, surface->height);
+
+--
+2.30.2
+
diff -Nru freerdp2-2.3.0+dfsg1/debian/patches/0025-Added-bounds-check-in-rdpgfx_recv_wire_to_surface_1_.patch freerdp2-2.3.0+dfsg1/debian/patches/0025-Added-bounds-check-in-rdpgfx_recv_wire_to_surface_1_.patch
--- freerdp2-2.3.0+dfsg1/debian/patches/0025-Added-bounds-check-in-rdpgfx_recv_wire_to_surface_1_.patch 1970-01-01 01:00:00.000000000 +0100
+++ freerdp2-2.3.0+dfsg1/debian/patches/0025-Added-bounds-check-in-rdpgfx_recv_wire_to_surface_1_.patch 2021-04-29 11:55:48.000000000 +0200
@@ -0,0 +1,37 @@
+From 9249d900c466d3341f4c4e072fc535e9aecc0e9d Mon Sep 17 00:00:00 2001
+From: Armin Novak <armin.novak@thincast.com>
+Date: Fri, 12 Mar 2021 09:29:55 +0100
+Subject: [PATCH 25/36] Added bounds check in rdpgfx_recv_wire_to_surface_1_pdu
+
+(cherry picked from commit 5fc3846f7793d4afe48387ac3aeffd4ad6852bab)
+---
+ channels/rdpgfx/client/rdpgfx_main.c | 13 +++++++++++++
+ 1 file changed, 13 insertions(+)
+
+diff --git a/channels/rdpgfx/client/rdpgfx_main.c b/channels/rdpgfx/client/rdpgfx_main.c
+index 94b5b68de..67b3a7db4 100644
+--- a/channels/rdpgfx/client/rdpgfx_main.c
++++ b/channels/rdpgfx/client/rdpgfx_main.c
+@@ -999,6 +999,19 @@ static UINT rdpgfx_recv_wire_to_surface_1_pdu(RDPGFX_CHANNEL_CALLBACK* callback,
+ cmd.data = pdu.bitmapData;
+ cmd.extra = NULL;
+
++ if (cmd.right < cmd.left)
++ {
++ WLog_Print(gfx->log, WLOG_ERROR, "RecvWireToSurface1Pdu right=%" PRIu32 " < left=%" PRIu32,
++ cmd.right, cmd.left);
++ return ERROR_INVALID_DATA;
++ }
++ if (cmd.bottom < cmd.top)
++ {
++ WLog_Print(gfx->log, WLOG_ERROR, "RecvWireToSurface1Pdu bottom=%" PRIu32 " < top=%" PRIu32,
++ cmd.bottom, cmd.top);
++ return ERROR_INVALID_DATA;
++ }
++
+ if ((error = rdpgfx_decode(gfx, &cmd)))
+ WLog_Print(gfx->log, WLOG_ERROR, "rdpgfx_decode failed with error %" PRIu32 "!", error);
+
+--
+2.30.2
+
diff -Nru freerdp2-2.3.0+dfsg1/debian/patches/0026-Added-fuzzying-test-for-planar-decoder.patch freerdp2-2.3.0+dfsg1/debian/patches/0026-Added-fuzzying-test-for-planar-decoder.patch
--- freerdp2-2.3.0+dfsg1/debian/patches/0026-Added-fuzzying-test-for-planar-decoder.patch 1970-01-01 01:00:00.000000000 +0100
+++ freerdp2-2.3.0+dfsg1/debian/patches/0026-Added-fuzzying-test-for-planar-decoder.patch 2021-04-29 11:55:48.000000000 +0200
@@ -0,0 +1,153 @@
+From bd3f9cfd9fda7da05b1a12fe9e48c69e3ac45e67 Mon Sep 17 00:00:00 2001
+From: Armin Novak <armin.novak@thincast.com>
+Date: Fri, 12 Mar 2021 10:07:44 +0100
+Subject: [PATCH 26/36] Added fuzzying test for planar decoder
+
+(cherry picked from commit 9bbc2cd094ac837a8f1196e80e7643c00436e486)
+---
+ .../codec/test/TestFreeRDPCodecPlanar.c | 116 ++++++++++++++++++
+ 1 file changed, 116 insertions(+)
+
+diff --git a/libfreerdp/codec/test/TestFreeRDPCodecPlanar.c b/libfreerdp/codec/test/TestFreeRDPCodecPlanar.c
+index b1235ec8e..aac0a9f54 100644
+--- a/libfreerdp/codec/test/TestFreeRDPCodecPlanar.c
++++ b/libfreerdp/codec/test/TestFreeRDPCodecPlanar.c
+@@ -3,6 +3,7 @@
+
+ #include <winpr/crt.h>
+ #include <winpr/print.h>
++#include <winpr/crypto.h>
+
+ #include <freerdp/freerdp.h>
+ #include <freerdp/codec/color.h>
+@@ -5650,12 +5651,127 @@ fail:
+ return rc;
+ }
+
++static UINT32 prand(UINT32 max)
++{
++ UINT32 tmp;
++ if (max <= 1)
++ return 1;
++ winpr_RAND((BYTE*)&tmp, sizeof(tmp));
++ return tmp % (max - 1) + 1;
++}
++
++static BOOL FuzzPlanar(void)
++{
++ UINT32 x;
++ BOOL rc = FALSE;
++ const DWORD planarFlags = PLANAR_FORMAT_HEADER_NA | PLANAR_FORMAT_HEADER_RLE;
++ BITMAP_PLANAR_CONTEXT* planar = freerdp_bitmap_planar_context_new(planarFlags, 64, 64);
++
++ if (!planar)
++ goto fail;
++
++ for (x = 0; x < 10000; x++)
++ {
++ BYTE data[0x10000] = { 0 };
++ size_t dataSize = 0x10000;
++ BYTE dstData[0x10000] = { 0 };
++
++ UINT32 DstFormat;
++ UINT32 nDstStep;
++ UINT32 nXDst;
++ UINT32 nYDst;
++ UINT32 nDstWidth;
++ UINT32 nDstHeight;
++ BOOL invalid = TRUE;
++ do
++ {
++ switch (prand(17) - 1)
++ {
++ case 0:
++ DstFormat = PIXEL_FORMAT_RGB8;
++ break;
++ case 1:
++ DstFormat = PIXEL_FORMAT_BGR15;
++ break;
++ case 2:
++ DstFormat = PIXEL_FORMAT_RGB15;
++ break;
++ case 3:
++ DstFormat = PIXEL_FORMAT_ABGR15;
++ break;
++ case 4:
++ DstFormat = PIXEL_FORMAT_ABGR15;
++ break;
++ case 5:
++ DstFormat = PIXEL_FORMAT_BGR16;
++ break;
++ case 6:
++ DstFormat = PIXEL_FORMAT_RGB16;
++ break;
++ case 7:
++ DstFormat = PIXEL_FORMAT_BGR24;
++ break;
++ case 8:
++ DstFormat = PIXEL_FORMAT_RGB24;
++ break;
++ case 9:
++ DstFormat = PIXEL_FORMAT_BGRA32;
++ break;
++ case 10:
++ DstFormat = PIXEL_FORMAT_BGRX32;
++ break;
++ case 11:
++ DstFormat = PIXEL_FORMAT_RGBA32;
++ break;
++ case 12:
++ DstFormat = PIXEL_FORMAT_RGBX32;
++ break;
++ case 13:
++ DstFormat = PIXEL_FORMAT_ABGR32;
++ break;
++ case 14:
++ DstFormat = PIXEL_FORMAT_XBGR32;
++ break;
++ case 15:
++ DstFormat = PIXEL_FORMAT_ARGB32;
++ break;
++ case 16:
++ DstFormat = PIXEL_FORMAT_XRGB32;
++ break;
++ default:
++ break;
++ }
++ nDstStep = prand(sizeof(dstData));
++ nXDst = prand(nDstStep);
++ nYDst = prand(sizeof(dstData) / nDstStep);
++ nDstWidth = prand(nDstStep / GetBytesPerPixel(DstFormat));
++ nDstHeight = prand(sizeof(dstData) / nDstStep);
++ invalid = nXDst * GetBytesPerPixel(DstFormat) + (nYDst + nDstHeight) * nDstStep >
++ sizeof(dstData);
++ } while (invalid);
++ printf("DstFormat=%s, nXDst=%" PRIu32 ", nYDst=%" PRIu32 ", nDstWidth=%" PRIu32
++ ", nDstHeight=%" PRIu32 ", nDstStep=%" PRIu32 ", total size=%" PRIuz "\n",
++ FreeRDPGetColorFormatName(DstFormat), nXDst, nYDst, nDstWidth, nDstHeight, nDstStep,
++ sizeof(dstData));
++ planar_decompress(planar, data, dataSize, prand(4096), prand(4096), dstData, DstFormat,
++ nDstStep, nXDst, nYDst, nDstWidth, nDstHeight, prand(2));
++ }
++
++ rc = TRUE;
++fail:
++ freerdp_bitmap_planar_context_free(planar);
++ return rc;
++}
++
+ int TestFreeRDPCodecPlanar(int argc, char* argv[])
+ {
+ UINT32 x;
+ WINPR_UNUSED(argc);
+ WINPR_UNUSED(argv);
+
++ if (!FuzzPlanar())
++ return -2;
++
+ for (x = 0; x < colorFormatCount; x++)
+ {
+ if (!TestPlanar(colorFormatList[x]))
+--
+2.30.2
+
diff -Nru freerdp2-2.3.0+dfsg1/debian/patches/0027-Added-missing-bounds-check.patch freerdp2-2.3.0+dfsg1/debian/patches/0027-Added-missing-bounds-check.patch
--- freerdp2-2.3.0+dfsg1/debian/patches/0027-Added-missing-bounds-check.patch 1970-01-01 01:00:00.000000000 +0100
+++ freerdp2-2.3.0+dfsg1/debian/patches/0027-Added-missing-bounds-check.patch 2021-04-29 11:55:48.000000000 +0200
@@ -0,0 +1,96 @@
+From 602fb7d788446969ccfedb8dab4a9abd0ab7df23 Mon Sep 17 00:00:00 2001
+From: Armin Novak <armin.novak@thincast.com>
+Date: Fri, 12 Mar 2021 10:15:51 +0100
+Subject: [PATCH 27/36] Added missing bounds check.
+
+(cherry picked from commit 2e6069d95b997d0dc7d2cc118255570d22f0ae0c)
+---
+ libfreerdp/codec/planar.c | 23 +++++++++++++++++++----
+ 1 file changed, 19 insertions(+), 4 deletions(-)
+
+diff --git a/libfreerdp/codec/planar.c b/libfreerdp/codec/planar.c
+index f31c2d46a..8588a9e21 100644
+--- a/libfreerdp/codec/planar.c
++++ b/libfreerdp/codec/planar.c
+@@ -508,7 +508,7 @@ static INLINE BOOL writeLine(BYTE** ppRgba, UINT32 DstFormat, UINT32 width, cons
+ static INLINE BOOL planar_decompress_planes_raw(const BYTE* pSrcData[4], BYTE* pDstData,
+ UINT32 DstFormat, UINT32 nDstStep, UINT32 nXDst,
+ UINT32 nYDst, UINT32 nWidth, UINT32 nHeight,
+- BOOL vFlip)
++ BOOL vFlip, UINT32 totalHeight)
+ {
+ INT32 y;
+ INT32 beg, end, inc;
+@@ -516,6 +516,7 @@ static INLINE BOOL planar_decompress_planes_raw(const BYTE* pSrcData[4], BYTE* p
+ const BYTE* pG = pSrcData[1];
+ const BYTE* pB = pSrcData[2];
+ const BYTE* pA = pSrcData[3];
++ const UINT32 bpp = GetBytesPerPixel(DstFormat);
+
+ if (vFlip)
+ {
+@@ -530,9 +531,20 @@ static INLINE BOOL planar_decompress_planes_raw(const BYTE* pSrcData[4], BYTE* p
+ inc = 1;
+ }
+
++ if (nYDst + nHeight > totalHeight)
++ return FALSE;
++
++ if ((nXDst + nWidth) * bpp > nDstStep)
++ return FALSE;
++
+ for (y = beg; y != end; y += inc)
+ {
+- BYTE* pRGB = &pDstData[((nYDst + y) * nDstStep) + (nXDst * GetBytesPerPixel(DstFormat))];
++ BYTE* pRGB;
++
++ if (y > (INT64)nHeight)
++ return FALSE;
++
++ pRGB = &pDstData[((nYDst + y) * nDstStep) + (nXDst * bpp)];
+
+ if (!writeLine(&pRGB, DstFormat, nWidth, &pR, &pG, &pB, &pA))
+ return FALSE;
+@@ -739,6 +751,7 @@ BOOL planar_decompress(BITMAP_PLANAR_CONTEXT* planar, const BYTE* pSrcData, UINT
+ UINT32 TempFormat;
+ BYTE* pTempData = pDstData;
+ UINT32 nTempStep = nDstStep;
++ UINT32 nTotalHeight = nYDst + nDstHeight;
+
+ if (useAlpha)
+ TempFormat = PIXEL_FORMAT_BGRA32;
+@@ -749,12 +762,13 @@ BOOL planar_decompress(BITMAP_PLANAR_CONTEXT* planar, const BYTE* pSrcData, UINT
+ {
+ pTempData = planar->pTempData;
+ nTempStep = planar->nTempStep;
++ nTotalHeight = planar->maxHeight;
+ }
+
+ if (!rle) /* RAW */
+ {
+ if (!planar_decompress_planes_raw(planes, pTempData, TempFormat, nTempStep, nXDst,
+- nYDst, nSrcWidth, nSrcHeight, vFlip))
++ nYDst, nSrcWidth, nSrcHeight, vFlip, nTotalHeight))
+ return FALSE;
+
+ if (alpha)
+@@ -819,6 +833,7 @@ BOOL planar_decompress(BITMAP_PLANAR_CONTEXT* planar, const BYTE* pSrcData, UINT
+ UINT32 TempFormat;
+ BYTE* pTempData = planar->pTempData;
+ UINT32 nTempStep = planar->nTempStep;
++ UINT32 nTotalHeight = planar->maxHeight;
+
+ if (useAlpha)
+ TempFormat = PIXEL_FORMAT_BGRA32;
+@@ -901,7 +916,7 @@ BOOL planar_decompress(BITMAP_PLANAR_CONTEXT* planar, const BYTE* pSrcData, UINT
+ }
+
+ if (!planar_decompress_planes_raw(planes, pTempData, TempFormat, nTempStep, nXDst,
+- nYDst, nSrcWidth, nSrcHeight, vFlip))
++ nYDst, nSrcWidth, nSrcHeight, vFlip, nTotalHeight))
+ return FALSE;
+
+ if (alpha)
+--
+2.30.2
+
diff -Nru freerdp2-2.3.0+dfsg1/debian/patches/0028-Fixed-mac-issues-with-smartcard-context-cleanup-6890.patch freerdp2-2.3.0+dfsg1/debian/patches/0028-Fixed-mac-issues-with-smartcard-context-cleanup-6890.patch
--- freerdp2-2.3.0+dfsg1/debian/patches/0028-Fixed-mac-issues-with-smartcard-context-cleanup-6890.patch 1970-01-01 01:00:00.000000000 +0100
+++ freerdp2-2.3.0+dfsg1/debian/patches/0028-Fixed-mac-issues-with-smartcard-context-cleanup-6890.patch 2021-04-29 11:55:48.000000000 +0200
@@ -0,0 +1,63 @@
+From 9ba06525d6bef66d457264e202fbb8f38473a686 Mon Sep 17 00:00:00 2001
+From: akallabeth <akallabeth@users.noreply.github.com>
+Date: Fri, 12 Mar 2021 08:56:23 +0100
+Subject: [PATCH 28/36] Fixed mac issues with smartcard context cleanup (#6890)
+
+(cherry picked from commit b8a8ae4622a2c426c54c300b32c50316f0af42b0)
+---
+ channels/smartcard/client/smartcard_main.c | 25 +++-------------------
+ 1 file changed, 3 insertions(+), 22 deletions(-)
+
+diff --git a/channels/smartcard/client/smartcard_main.c b/channels/smartcard/client/smartcard_main.c
+index 82fb58728..2df4c14e3 100644
+--- a/channels/smartcard/client/smartcard_main.c
++++ b/channels/smartcard/client/smartcard_main.c
+@@ -180,6 +180,7 @@ void smartcard_context_free(void* pCtx)
+
+ /* cancel blocking calls like SCardGetStatusChange */
+ SCardCancel(pContext->hContext);
++ SCardReleaseContext(pContext->hContext);
+
+ if (MessageQueue_PostQuit(pContext->IrpQueue, 0) &&
+ (WaitForSingleObject(pContext->thread, INFINITE) == WAIT_FAILED))
+@@ -237,7 +238,7 @@ static void smartcard_release_all_contexts(SMARTCARD_DEVICE* smartcard)
+
+ /* Put thread to sleep so that PC/SC can process the cancel requests. This fixes a race
+ * condition that sometimes caused the pc/sc daemon to crash on MacOS (_xpc_api_misuse) */
+- Sleep(100);
++ SleepEx(100, FALSE);
+
+ /**
+ * Call SCardReleaseContext on remaining contexts and remove them from rgSCardContextList.
+@@ -251,27 +252,7 @@ static void smartcard_release_all_contexts(SMARTCARD_DEVICE* smartcard)
+
+ for (index = 0; index < keyCount; index++)
+ {
+- pContext = (SMARTCARD_CONTEXT*)ListDictionary_Remove(smartcard->rgSCardContextList,
+- (void*)pKeys[index]);
+-
+- if (!pContext)
+- continue;
+-
+- hContext = pContext->hContext;
+-
+- if (SCardIsValidContext(hContext) == SCARD_S_SUCCESS)
+- {
+- SCardReleaseContext(hContext);
+-
+- if (MessageQueue_PostQuit(pContext->IrpQueue, 0) &&
+- (WaitForSingleObject(pContext->thread, INFINITE) == WAIT_FAILED))
+- WLog_ERR(TAG, "WaitForSingleObject failed with error %" PRIu32 "!",
+- GetLastError());
+-
+- CloseHandle(pContext->thread);
+- MessageQueue_Free(pContext->IrpQueue);
+- free(pContext);
+- }
++ ListDictionary_SetItemValue(smartcard->rgSCardContextList, (void*)pKeys[index], NULL);
+ }
+
+ free(pKeys);
+--
+2.30.2
+
diff -Nru freerdp2-2.3.0+dfsg1/debian/patches/0031-Fix-monitor-list.patch freerdp2-2.3.0+dfsg1/debian/patches/0031-Fix-monitor-list.patch
--- freerdp2-2.3.0+dfsg1/debian/patches/0031-Fix-monitor-list.patch 1970-01-01 01:00:00.000000000 +0100
+++ freerdp2-2.3.0+dfsg1/debian/patches/0031-Fix-monitor-list.patch 2021-04-29 11:55:48.000000000 +0200
@@ -0,0 +1,29 @@
+From 9e1e3185128146f74f4b4694b56caa1478a0df77 Mon Sep 17 00:00:00 2001
+From: Armin Novak <armin.novak@thincast.com>
+Date: Fri, 12 Mar 2021 11:53:34 +0100
+Subject: [PATCH 31/36] Fix /monitor-list
+
+---
+ client/X11/cli/xfreerdp.c | 4 +---
+ 1 file changed, 1 insertion(+), 3 deletions(-)
+
+diff --git a/client/X11/cli/xfreerdp.c b/client/X11/cli/xfreerdp.c
+index 5b7021944..8db4d39e7 100644
+--- a/client/X11/cli/xfreerdp.c
++++ b/client/X11/cli/xfreerdp.c
+@@ -59,11 +59,9 @@ int main(int argc, char* argv[])
+ status = freerdp_client_settings_parse_command_line(context->settings, argc, argv, FALSE);
+ if (status)
+ {
+- BOOL list = settings->ListMonitors;
+-
+ rc = freerdp_client_settings_command_line_status_print(settings, status, argc, argv);
+
+- if (list)
++ if (settings->ListMonitors)
+ xf_list_monitors(xfc);
+
+ goto out;
+--
+2.30.2
+
diff -Nru freerdp2-2.3.0+dfsg1/debian/patches/0032-Fixed-CodeQL-warnings.patch freerdp2-2.3.0+dfsg1/debian/patches/0032-Fixed-CodeQL-warnings.patch
--- freerdp2-2.3.0+dfsg1/debian/patches/0032-Fixed-CodeQL-warnings.patch 1970-01-01 01:00:00.000000000 +0100
+++ freerdp2-2.3.0+dfsg1/debian/patches/0032-Fixed-CodeQL-warnings.patch 2021-04-29 11:55:48.000000000 +0200
@@ -0,0 +1,680 @@
+From 7beda29158ece1234c41e5502d44062c79ac9dba Mon Sep 17 00:00:00 2001
+From: akallabeth <akallabeth@posteo.net>
+Date: Mon, 25 Jan 2021 10:06:01 +0100
+Subject: [PATCH 32/36] Fixed CodeQL warnings
+
+(cherry picked from commit 95a9e60827c91cb9b924d7ce3c220c30bd36907d)
+---
+ channels/rdpsnd/server/rdpsnd_main.c | 2 +-
+ .../urbdrc/client/libusb/libusb_udevman.c | 2 +-
+ channels/video/client/video_main.c | 4 +--
+ client/Wayland/wlf_pointer.c | 4 +--
+ client/X11/xf_gdi.c | 4 +--
+ client/X11/xf_gfx.c | 4 +--
+ client/X11/xf_graphics.c | 6 ++--
+ client/X11/xf_rail.c | 4 +--
+ libfreerdp/codec/clear.c | 4 +--
+ libfreerdp/codec/color.c | 6 ++--
+ libfreerdp/codec/h264.c | 6 ++--
+ libfreerdp/codec/nsc_encode.c | 4 +--
+ libfreerdp/codec/nsc_sse2.c | 4 +--
+ libfreerdp/codec/progressive.c | 4 +--
+ libfreerdp/core/gcc.c | 8 +++---
+ libfreerdp/gdi/bitmap.c | 3 +-
+ libfreerdp/gdi/gdi.c | 2 +-
+ libfreerdp/gdi/gfx.c | 6 ++--
+ libfreerdp/gdi/graphics.c | 2 +-
+ libfreerdp/gdi/shape.c | 2 +-
+ libfreerdp/gdi/video.c | 2 +-
+ libfreerdp/primitives/prim_copy.c | 4 +--
+ libfreerdp/primitives/primitives.c | 2 +-
+ uwac/libuwac/uwac-window.c | 9 +++---
+ winpr/include/winpr/print.h | 2 +-
+ winpr/libwinpr/utils/lodepng/lodepng.c | 28 ++++++++++---------
+ winpr/libwinpr/utils/print.c | 13 ++++-----
+ 27 files changed, 72 insertions(+), 69 deletions(-)
+
+diff --git a/channels/rdpsnd/server/rdpsnd_main.c b/channels/rdpsnd/server/rdpsnd_main.c
+index cb9f5fe92..be0ca149f 100644
+--- a/channels/rdpsnd/server/rdpsnd_main.c
++++ b/channels/rdpsnd/server/rdpsnd_main.c
+@@ -422,7 +422,7 @@ static UINT rdpsnd_server_send_wave_pdu(RdpsndServerContext* context, UINT16 wTi
+ Stream_Seek(s, 3); /* bPad */
+ start = Stream_GetPosition(s);
+ src = context->priv->out_buffer;
+- length = context->priv->out_pending_frames * context->priv->src_bytes_per_frame;
++ length = context->priv->out_pending_frames * context->priv->src_bytes_per_frame * 1ULL;
+
+ if (!freerdp_dsp_encode(context->priv->dsp_context, context->src_format, src, length, s))
+ return ERROR_INTERNAL_ERROR;
+diff --git a/channels/urbdrc/client/libusb/libusb_udevman.c b/channels/urbdrc/client/libusb/libusb_udevman.c
+index ec7b0b322..1638b8c13 100644
+--- a/channels/urbdrc/client/libusb/libusb_udevman.c
++++ b/channels/urbdrc/client/libusb/libusb_udevman.c
+@@ -536,7 +536,7 @@ static BOOL device_is_filtered(struct libusb_device* dev,
+
+ for (x = 0; x < config->bNumInterfaces; x++)
+ {
+- uint8_t y;
++ int y;
+ const struct libusb_interface* ifc = &config->interface[x];
+ for (y = 0; y < ifc->num_altsetting; y++)
+ {
+diff --git a/channels/video/client/video_main.c b/channels/video/client/video_main.c
+index 10fb30d1a..a21e7cdf2 100644
+--- a/channels/video/client/video_main.c
++++ b/channels/video/client/video_main.c
+@@ -666,7 +666,7 @@ static void video_timer(VideoClientContext* video, UINT64 now)
+ presentation = frame->presentation;
+
+ priv->publishedFrames++;
+- memcpy(presentation->surfaceData, frame->surfaceData, frame->w * frame->h * 4);
++ memcpy(presentation->surfaceData, frame->surfaceData, frame->w * frame->h * 4ULL);
+
+ video->showSurface(video, presentation->surface);
+
+@@ -848,7 +848,7 @@ static UINT video_VideoData(VideoClientContext* context, TSMM_VIDEO_DATA* data)
+ frame->w = presentation->SourceWidth;
+ frame->h = presentation->SourceHeight;
+
+- frame->surfaceData = BufferPool_Take(priv->surfacePool, frame->w * frame->h * 4);
++ frame->surfaceData = BufferPool_Take(priv->surfacePool, frame->w * frame->h * 4ULL);
+ if (!frame->surfaceData)
+ {
+ WLog_ERR(TAG, "unable to allocate frame data");
+diff --git a/client/Wayland/wlf_pointer.c b/client/Wayland/wlf_pointer.c
+index 64166590c..decde7ff3 100644
+--- a/client/Wayland/wlf_pointer.c
++++ b/client/Wayland/wlf_pointer.c
+@@ -42,7 +42,7 @@ static BOOL wlf_Pointer_New(rdpContext* context, rdpPointer* pointer)
+ if (!ptr)
+ return FALSE;
+
+- ptr->size = pointer->width * pointer->height * 4;
++ ptr->size = pointer->width * pointer->height * 4ULL;
+ ptr->data = _aligned_malloc(ptr->size, 16);
+
+ if (!ptr->data)
+@@ -92,7 +92,7 @@ static BOOL wlf_Pointer_Set(rdpContext* context, const rdpPointer* pointer)
+ !wlf_scale_coordinates(context, &w, &h, FALSE))
+ return FALSE;
+
+- size = w * h * 4;
++ size = w * h * 4ULL;
+ data = malloc(size);
+
+ if (!data)
+diff --git a/client/X11/xf_gdi.c b/client/X11/xf_gdi.c
+index 949e62d12..4f52853bf 100644
+--- a/client/X11/xf_gdi.c
++++ b/client/X11/xf_gdi.c
+@@ -231,7 +231,7 @@ static Pixmap xf_brush_new(xfContext* xfc, UINT32 width, UINT32 height, UINT32 b
+ if (data)
+ {
+ brushFormat = gdi_get_pixel_format(bpp);
+- cdata = (BYTE*)_aligned_malloc(width * height * 4, 16);
++ cdata = (BYTE*)_aligned_malloc(width * height * 4ULL, 16);
+ freerdp_image_copy(cdata, gdi->dstFormat, 0, 0, 0, width, height, data, brushFormat, 0, 0,
+ 0, &xfc->context.gdi->palette, FREERDP_FLIP_NONE);
+ image = XCreateImage(xfc->display, xfc->visual, xfc->depth, ZPixmap, 0, (char*)cdata, width,
+@@ -1066,7 +1066,7 @@ static BOOL xf_gdi_surface_bits(rdpContext* context, const SURFACE_BITS_COMMAND*
+ case RDP_CODEC_ID_NONE:
+ pSrcData = cmd->bmp.bitmapData;
+ format = gdi_get_pixel_format(cmd->bmp.bpp);
+- size = cmd->bmp.width * cmd->bmp.height * GetBytesPerPixel(format);
++ size = cmd->bmp.width * cmd->bmp.height * GetBytesPerPixel(format) * 1ULL;
+ if (size > cmd->bmp.bitmapDataLength)
+ {
+ WLog_ERR(TAG, "Short nocodec message: got %" PRIu32 " bytes, require %" PRIuz,
+diff --git a/client/X11/xf_gfx.c b/client/X11/xf_gfx.c
+index cb3423ea0..97d3ad3cc 100644
+--- a/client/X11/xf_gfx.c
++++ b/client/X11/xf_gfx.c
+@@ -288,7 +288,7 @@ static UINT xf_CreateSurface(RdpgfxClientContext* context,
+
+ surface->gdi.scanline = surface->gdi.width * GetBytesPerPixel(surface->gdi.format);
+ surface->gdi.scanline = x11_pad_scanline(surface->gdi.scanline, xfc->scanline_pad);
+- size = surface->gdi.scanline * surface->gdi.height;
++ size = surface->gdi.scanline * surface->gdi.height * 1ULL;
+ surface->gdi.data = (BYTE*)_aligned_malloc(size, 16);
+
+ if (!surface->gdi.data)
+@@ -312,7 +312,7 @@ static UINT xf_CreateSurface(RdpgfxClientContext* context,
+ UINT32 bytes = GetBytesPerPixel(gdi->dstFormat);
+ surface->stageScanline = width * bytes;
+ surface->stageScanline = x11_pad_scanline(surface->stageScanline, xfc->scanline_pad);
+- size = surface->stageScanline * surface->gdi.height;
++ size = surface->stageScanline * surface->gdi.height * 1ULL;
+ surface->stage = (BYTE*)_aligned_malloc(size, 16);
+
+ if (!surface->stage)
+diff --git a/client/X11/xf_graphics.c b/client/X11/xf_graphics.c
+index 1700092f8..8de32c557 100644
+--- a/client/X11/xf_graphics.c
++++ b/client/X11/xf_graphics.c
+@@ -125,7 +125,7 @@ static BOOL xf_Bitmap_New(rdpContext* context, rdpBitmap* bitmap)
+
+ if ((INT64)depth != xfc->depth)
+ {
+- if (!(data = _aligned_malloc(bitmap->width * bitmap->height * 4, 16)))
++ if (!(data = _aligned_malloc(bitmap->width * bitmap->height * 4ULL, 16)))
+ goto unlock;
+
+ if (!freerdp_image_copy(data, gdi->dstFormat, 0, 0, 0, bitmap->width, bitmap->height,
+@@ -304,7 +304,7 @@ static BOOL _xf_Pointer_GetCursorForCurrentScale(rdpContext* context, const rdpP
+ ci.height = yTargetSize;
+ ci.xhot = pointer->xPos * xscale;
+ ci.yhot = pointer->yPos * yscale;
+- size = ci.height * ci.width * GetBytesPerPixel(CursorFormat);
++ size = ci.height * ci.width * GetBytesPerPixel(CursorFormat) * 1ULL;
+
+ if (xscale != 1 || yscale != 1)
+ {
+@@ -391,7 +391,7 @@ static BOOL xf_Pointer_New(rdpContext* context, rdpPointer* pointer)
+ xpointer->nCursors = 0;
+ xpointer->mCursors = 0;
+
+- size = pointer->height * pointer->width * GetBytesPerPixel(CursorFormat);
++ size = pointer->height * pointer->width * GetBytesPerPixel(CursorFormat) * 1ULL;
+
+ if (!(xpointer->cursorPixels = (XcursorPixel*)_aligned_malloc(size, 16)))
+ return FALSE;
+diff --git a/client/X11/xf_rail.c b/client/X11/xf_rail.c
+index 59d30b355..770234f7d 100644
+--- a/client/X11/xf_rail.c
++++ b/client/X11/xf_rail.c
+@@ -532,7 +532,7 @@ static xfRailIconCache* RailIconCache_New(rdpSettings* settings)
+
+ cache->numCaches = settings->RemoteAppNumIconCaches;
+ cache->numCacheEntries = settings->RemoteAppNumIconCacheEntries;
+- cache->entries = calloc(cache->numCaches * cache->numCacheEntries, sizeof(xfRailIcon));
++ cache->entries = calloc(cache->numCaches * cache->numCacheEntries * 1ULL, sizeof(xfRailIcon));
+
+ if (!cache->entries)
+ {
+@@ -602,7 +602,7 @@ static BOOL convert_rail_icon(const ICON_INFO* iconInfo, xfRailIcon* railIcon)
+ long* pixels;
+ int i;
+ int nelements;
+- argbPixels = calloc(iconInfo->width * iconInfo->height, 4);
++ argbPixels = calloc(iconInfo->width * iconInfo->height * 1ULL, 4);
+
+ if (!argbPixels)
+ goto error;
+diff --git a/libfreerdp/codec/clear.c b/libfreerdp/codec/clear.c
+index 083f1aa97..fadd98e67 100644
+--- a/libfreerdp/codec/clear.c
++++ b/libfreerdp/codec/clear.c
+@@ -566,7 +566,7 @@ static BOOL resize_vbar_entry(CLEAR_CONTEXT* clear, CLEAR_VBAR_ENTRY* vBarEntry)
+ const UINT32 diffSize = (vBarEntry->count - vBarEntry->size) * bpp;
+ BYTE* tmp;
+ vBarEntry->size = vBarEntry->count;
+- tmp = (BYTE*)realloc(vBarEntry->pixels, vBarEntry->count * bpp);
++ tmp = (BYTE*)realloc(vBarEntry->pixels, vBarEntry->count * bpp * 1ULL);
+
+ if (!tmp)
+ {
+@@ -980,7 +980,7 @@ static BOOL clear_decompress_glyph_data(CLEAR_CONTEXT* clear, wStream* s, UINT32
+ if (glyphEntry->count > glyphEntry->size)
+ {
+ BYTE* tmp;
+- tmp = realloc(glyphEntry->pixels, glyphEntry->count * bpp);
++ tmp = realloc(glyphEntry->pixels, glyphEntry->count * bpp * 1ULL);
+
+ if (!tmp)
+ {
+diff --git a/libfreerdp/codec/color.c b/libfreerdp/codec/color.c
+index a0fce37ef..edbfcd4ed 100644
+--- a/libfreerdp/codec/color.c
++++ b/libfreerdp/codec/color.c
+@@ -56,7 +56,7 @@ BYTE* freerdp_glyph_convert(UINT32 width, UINT32 height, const BYTE* data)
+ * means of accessing individual pixels in blitting operations
+ */
+ scanline = (width + 7) / 8;
+- dstData = (BYTE*)_aligned_malloc(width * height, 16);
++ dstData = (BYTE*)_aligned_malloc(width * height * 1ULL, 16);
+
+ if (!dstData)
+ return NULL;
+@@ -545,7 +545,7 @@ BOOL freerdp_image_copy_from_pointer_data(BYTE* pDstData, UINT32 DstFormat, UINT
+ for (y = nYDst; y < nHeight; y++)
+ {
+ BYTE* pDstLine = &pDstData[y * nDstStep + nXDst * dstBytesPerPixel];
+- memset(pDstLine, 0, dstBytesPerPixel * (nWidth - nXDst));
++ memset(pDstLine, 0, dstBytesPerPixel * (nWidth - nXDst) * 1ULL);
+ }
+
+ switch (xorBpp)
+@@ -742,7 +742,7 @@ BOOL freerdp_image_fill(BYTE* pDstData, DWORD DstFormat, UINT32 nDstStep, UINT32
+ for (y = 1; y < nHeight; y++)
+ {
+ BYTE* pDstLine = &pDstData[(y + nYDst) * nDstStep + nXDst * bpp];
+- memcpy(pDstLine, pFirstDstLineXOffset, nWidth * bpp);
++ memcpy(pDstLine, pFirstDstLineXOffset, nWidth * bpp * 1ULL);
+ }
+
+ return TRUE;
+diff --git a/libfreerdp/codec/h264.c b/libfreerdp/codec/h264.c
+index 8756c5838..00b812b29 100644
+--- a/libfreerdp/codec/h264.c
++++ b/libfreerdp/codec/h264.c
+@@ -63,9 +63,9 @@ BOOL avc420_ensure_buffer(H264_CONTEXT* h264, UINT32 stride, UINT32 width, UINT3
+ _aligned_free(h264->pYUVData[0]);
+ _aligned_free(h264->pYUVData[1]);
+ _aligned_free(h264->pYUVData[2]);
+- h264->pYUVData[0] = _aligned_malloc(h264->iStride[0] * height, 16);
+- h264->pYUVData[1] = _aligned_malloc(h264->iStride[1] * height, 16);
+- h264->pYUVData[2] = _aligned_malloc(h264->iStride[2] * height, 16);
++ h264->pYUVData[0] = _aligned_malloc(h264->iStride[0] * height * 1ULL, 16);
++ h264->pYUVData[1] = _aligned_malloc(h264->iStride[1] * height * 1ULL, 16);
++ h264->pYUVData[2] = _aligned_malloc(h264->iStride[2] * height * 1ULL, 16);
+
+ if (!h264->pYUVData[0] || !h264->pYUVData[1] || !h264->pYUVData[2])
+ return FALSE;
+diff --git a/libfreerdp/codec/nsc_encode.c b/libfreerdp/codec/nsc_encode.c
+index 501558c1c..fd9626a6d 100644
+--- a/libfreerdp/codec/nsc_encode.c
++++ b/libfreerdp/codec/nsc_encode.c
+@@ -273,8 +273,7 @@ static BOOL nsc_encode_argb_to_aycocg(NSC_CONTEXT* context, const BYTE* data, UI
+
+ static BOOL nsc_encode_subsampling(NSC_CONTEXT* context)
+ {
+- UINT16 x;
+- UINT16 y;
++ UINT32 y;
+ UINT32 tempWidth;
+ UINT32 tempHeight;
+
+@@ -292,6 +291,7 @@ static BOOL nsc_encode_subsampling(NSC_CONTEXT* context)
+
+ for (y = 0; y<tempHeight>> 1; y++)
+ {
++ UINT32 x;
+ BYTE* co_dst = context->priv->PlaneBuffers[1] + y * (tempWidth >> 1);
+ BYTE* cg_dst = context->priv->PlaneBuffers[2] + y * (tempWidth >> 1);
+ const INT8* co_src0 = (INT8*)context->priv->PlaneBuffers[1] + (y << 1) * tempWidth;
+diff --git a/libfreerdp/codec/nsc_sse2.c b/libfreerdp/codec/nsc_sse2.c
+index 3e393c902..7f101652d 100644
+--- a/libfreerdp/codec/nsc_sse2.c
++++ b/libfreerdp/codec/nsc_sse2.c
+@@ -320,8 +320,7 @@ static BOOL nsc_encode_argb_to_aycocg_sse2(NSC_CONTEXT* context, const BYTE* dat
+
+ static void nsc_encode_subsampling_sse2(NSC_CONTEXT* context)
+ {
+- UINT16 x;
+- UINT16 y;
++ UINT32 y;
+ BYTE* co_dst;
+ BYTE* cg_dst;
+ INT8* co_src0;
+@@ -338,6 +337,7 @@ static void nsc_encode_subsampling_sse2(NSC_CONTEXT* context)
+
+ for (y = 0; y<tempHeight>> 1; y++)
+ {
++ UINT32 x;
+ co_dst = context->priv->PlaneBuffers[1] + y * (tempWidth >> 1);
+ cg_dst = context->priv->PlaneBuffers[2] + y * (tempWidth >> 1);
+ co_src0 = (INT8*)context->priv->PlaneBuffers[1] + (y << 1) * tempWidth;
+diff --git a/libfreerdp/codec/progressive.c b/libfreerdp/codec/progressive.c
+index 8ef0b9081..8e7a49d5f 100644
+--- a/libfreerdp/codec/progressive.c
++++ b/libfreerdp/codec/progressive.c
+@@ -411,7 +411,7 @@ static INLINE BOOL progressive_tile_allocate(RFX_PROGRESSIVE_TILE* tile)
+ tile->stride = 4 * tile->width;
+
+ {
+- size_t dataLen = tile->stride * tile->height;
++ size_t dataLen = tile->stride * tile->height * 1ULL;
+ tile->data = (BYTE*)_aligned_malloc(dataLen, 16);
+ }
+
+@@ -2299,7 +2299,7 @@ INT32 progressive_decompress_ex(PROGRESSIVE_CONTEXT* progressive, const BYTE* pS
+
+ for (i = 0; i < surface->numUpdatedTiles; i++)
+ {
+- UINT32 nbUpdateRects;
++ UINT32 nbUpdateRects, j;
+ const RECTANGLE_16* updateRects;
+ RECTANGLE_16 updateRect;
+ RFX_PROGRESSIVE_TILE* tile = &surface->tiles[surface->updatedTileIndices[i]];
+diff --git a/libfreerdp/core/gcc.c b/libfreerdp/core/gcc.c
+index 06536dc06..52787ad70 100644
+--- a/libfreerdp/core/gcc.c
++++ b/libfreerdp/core/gcc.c
+@@ -35,8 +35,8 @@
+
+ static BOOL gcc_read_client_cluster_data(wStream* s, rdpMcs* mcs, UINT16 blockLength);
+ static BOOL gcc_read_client_core_data(wStream* s, rdpMcs* mcs, UINT16 blockLength);
+-static BOOL gcc_read_client_data_blocks(wStream* s, rdpMcs* mcs, int length);
+-static BOOL gcc_read_server_data_blocks(wStream* s, rdpMcs* mcs, int length);
++static BOOL gcc_read_client_data_blocks(wStream* s, rdpMcs* mcs, UINT16 length);
++static BOOL gcc_read_server_data_blocks(wStream* s, rdpMcs* mcs, UINT16 length);
+ static BOOL gcc_read_user_data_header(wStream* s, UINT16* type, UINT16* length);
+ static void gcc_write_user_data_header(wStream* s, UINT16 type, UINT16 length);
+
+@@ -379,7 +379,7 @@ void gcc_write_conference_create_response(wStream* s, wStream* userData)
+ 0); /* array of server data blocks */
+ }
+
+-BOOL gcc_read_client_data_blocks(wStream* s, rdpMcs* mcs, int length)
++BOOL gcc_read_client_data_blocks(wStream* s, rdpMcs* mcs, UINT16 length)
+ {
+ UINT16 type;
+ UINT16 blockLength;
+@@ -518,7 +518,7 @@ BOOL gcc_write_client_data_blocks(wStream* s, rdpMcs* mcs)
+ return TRUE;
+ }
+
+-BOOL gcc_read_server_data_blocks(wStream* s, rdpMcs* mcs, int length)
++BOOL gcc_read_server_data_blocks(wStream* s, rdpMcs* mcs, UINT16 length)
+ {
+ UINT16 type;
+ UINT16 offset = 0;
+diff --git a/libfreerdp/gdi/bitmap.c b/libfreerdp/gdi/bitmap.c
+index 902cb50a0..8fde46556 100644
+--- a/libfreerdp/gdi/bitmap.c
++++ b/libfreerdp/gdi/bitmap.c
+@@ -147,7 +147,8 @@ HGDI_BITMAP gdi_CreateCompatibleBitmap(HGDI_DC hdc, UINT32 nWidth, UINT32 nHeigh
+ hBitmap->format = hdc->format;
+ hBitmap->width = nWidth;
+ hBitmap->height = nHeight;
+- hBitmap->data = _aligned_malloc(nWidth * nHeight * GetBytesPerPixel(hBitmap->format), 16);
++ hBitmap->data =
++ _aligned_malloc(nWidth * nHeight * GetBytesPerPixel(hBitmap->format) * 1ULL, 16);
+ hBitmap->free = _aligned_free;
+
+ if (!hBitmap->data)
+diff --git a/libfreerdp/gdi/gdi.c b/libfreerdp/gdi/gdi.c
+index b624e1174..5ca905b01 100644
+--- a/libfreerdp/gdi/gdi.c
++++ b/libfreerdp/gdi/gdi.c
+@@ -1057,7 +1057,7 @@ static BOOL gdi_surface_bits(rdpContext* context, const SURFACE_BITS_COMMAND* cm
+
+ case RDP_CODEC_ID_NONE:
+ format = gdi_get_pixel_format(cmd->bmp.bpp);
+- size = cmd->bmp.width * cmd->bmp.height * GetBytesPerPixel(format);
++ size = cmd->bmp.width * cmd->bmp.height * GetBytesPerPixel(format) * 1ULL;
+ if (size > cmd->bmp.bitmapDataLength)
+ {
+ WLog_ERR(TAG, "Short nocodec message: got %" PRIu32 " bytes, require %" PRIuz,
+diff --git a/libfreerdp/gdi/gfx.c b/libfreerdp/gdi/gfx.c
+index 2221cc3f7..a3b7505c5 100644
+--- a/libfreerdp/gdi/gfx.c
++++ b/libfreerdp/gdi/gfx.c
+@@ -726,7 +726,7 @@ static UINT gdi_SurfaceCommand_Alpha(rdpGdi* gdi, RdpgfxClientContext* context,
+ {
+ UINT32 x, y;
+
+- if (Stream_GetRemainingLength(&s) < cmd->height * cmd->width)
++ if (Stream_GetRemainingLength(&s) < cmd->height * cmd->width * 1ULL)
+ return ERROR_INVALID_DATA;
+
+ for (y = cmd->top; y < cmd->top + cmd->height; y++)
+@@ -1024,8 +1024,8 @@ static UINT gdi_CreateSurface(RdpgfxClientContext* context,
+ goto fail;
+ }
+
+- surface->scanline = gfx_align_scanline(surface->width * 4, 16);
+- surface->data = (BYTE*)_aligned_malloc(surface->scanline * surface->height, 16);
++ surface->scanline = gfx_align_scanline(surface->width * 4UL, 16);
++ surface->data = (BYTE*)_aligned_malloc(surface->scanline * surface->height * 1ULL, 16);
+
+ if (!surface->data)
+ {
+diff --git a/libfreerdp/gdi/graphics.c b/libfreerdp/gdi/graphics.c
+index 3bcf3730d..c8b5fc913 100644
+--- a/libfreerdp/gdi/graphics.c
++++ b/libfreerdp/gdi/graphics.c
+@@ -52,7 +52,7 @@ HGDI_BITMAP gdi_create_bitmap(rdpGdi* gdi, UINT32 nWidth, UINT32 nHeight, UINT32
+ return NULL;
+
+ nDstStep = nWidth * GetBytesPerPixel(gdi->dstFormat);
+- pDstData = _aligned_malloc(nHeight * nDstStep, 16);
++ pDstData = _aligned_malloc(nHeight * nDstStep * 1ULL, 16);
+
+ if (!pDstData)
+ return NULL;
+diff --git a/libfreerdp/gdi/shape.c b/libfreerdp/gdi/shape.c
+index 9d9ae4d80..6c45e0c92 100644
+--- a/libfreerdp/gdi/shape.c
++++ b/libfreerdp/gdi/shape.c
+@@ -158,7 +158,7 @@ BOOL gdi_FillRect(HGDI_DC hdc, const HGDI_RECT rect, HGDI_BRUSH hbr)
+ for (y = 1; y < nHeight; y++)
+ {
+ BYTE* dstp = gdi_get_bitmap_pointer(hdc, nXDest, nYDest + y);
+- memcpy(dstp, srcp, nWidth * formatSize);
++ memcpy(dstp, srcp, nWidth * formatSize * 1ULL);
+ }
+
+ break;
+diff --git a/libfreerdp/gdi/video.c b/libfreerdp/gdi/video.c
+index a543cbecb..0e12c52e7 100644
+--- a/libfreerdp/gdi/video.c
++++ b/libfreerdp/gdi/video.c
+@@ -66,7 +66,7 @@ static VideoSurface* gdiVideoCreateSurface(VideoClientContext* video, BYTE* data
+ ret->base.w = width;
+ ret->base.h = height;
+ ret->scanline = width * bpp;
+- ret->image = _aligned_malloc(ret->scanline * height, 16);
++ ret->image = _aligned_malloc(ret->scanline * height * 1ULL, 16);
+
+ if (!ret->image)
+ {
+diff --git a/libfreerdp/primitives/prim_copy.c b/libfreerdp/primitives/prim_copy.c
+index 03f1d7c8c..ae841d0c4 100644
+--- a/libfreerdp/primitives/prim_copy.c
++++ b/libfreerdp/primitives/prim_copy.c
+@@ -60,14 +60,14 @@ static BOOL memory_regions_overlap_2d(const BYTE* p1, int p1Step, int p1Size, co
+
+ if (p1m <= p2m)
+ {
+- ULONG_PTR p1mEnd = p1m + (height - 1) * p1Step + width * p1Size;
++ ULONG_PTR p1mEnd = p1m + (height - 1) * p1Step * 1ULL + width * p1Size * 1ULL;
+
+ if (p1mEnd > p2m)
+ return TRUE;
+ }
+ else
+ {
+- ULONG_PTR p2mEnd = p2m + (height - 1) * p2Step + width * p2Size;
++ ULONG_PTR p2mEnd = p2m + (height - 1) * p2Step * 1ULL + width * p2Size * 1ULL;
+
+ if (p2mEnd > p1m)
+ return TRUE;
+diff --git a/libfreerdp/primitives/primitives.c b/libfreerdp/primitives/primitives.c
+index a1cd7ea85..26c6338f6 100644
+--- a/libfreerdp/primitives/primitives.c
++++ b/libfreerdp/primitives/primitives.c
+@@ -157,7 +157,7 @@ static primitives_YUV_benchmark* primitives_YUV_benchmark_init(primitives_YUV_be
+ if (!buf)
+ goto fail;
+
+- winpr_RAND(buf, roi->width * roi->height);
++ winpr_RAND(buf, roi->width * roi->height * 1ULL);
+ ret->steps[i] = roi->width;
+ }
+
+diff --git a/uwac/libuwac/uwac-window.c b/uwac/libuwac/uwac-window.c
+index 13a2c2e78..bf70af2f1 100644
+--- a/uwac/libuwac/uwac-window.c
++++ b/uwac/libuwac/uwac-window.c
+@@ -316,14 +316,14 @@ int UwacWindowShmAllocBuffers(UwacWindow* w, int nbuffers, int allocSize, uint32
+
+ w->buffers = newBuffers;
+ memset(w->buffers + w->nbuffers, 0, sizeof(UwacBuffer) * nbuffers);
+- fd = uwac_create_anonymous_file(allocSize * nbuffers);
++ fd = uwac_create_anonymous_file(allocSize * nbuffers * 1ULL);
+
+ if (fd < 0)
+ {
+ return UWAC_ERROR_INTERNAL;
+ }
+
+- data = mmap(NULL, allocSize * nbuffers, PROT_READ | PROT_WRITE, MAP_SHARED, fd, 0);
++ data = mmap(NULL, allocSize * nbuffers * 1ULL, PROT_READ | PROT_WRITE, MAP_SHARED, fd, 0);
+
+ if (data == MAP_FAILED)
+ {
+@@ -335,7 +335,7 @@ int UwacWindowShmAllocBuffers(UwacWindow* w, int nbuffers, int allocSize, uint32
+
+ if (!pool)
+ {
+- munmap(data, allocSize * nbuffers);
++ munmap(data, allocSize * nbuffers * 1ULL);
+ ret = UWAC_ERROR_NOMEMORY;
+ goto error_mmap;
+ }
+@@ -755,7 +755,8 @@ UwacReturnCode UwacWindowSubmitBuffer(UwacWindow* window, bool copyContentForNex
+ return UWAC_ERROR_NOMEMORY;
+
+ if (copyContentForNextFrame)
+- memcpy(nextDrawingBuffer->data, pendingBuffer->data, window->stride * window->height);
++ memcpy(nextDrawingBuffer->data, pendingBuffer->data,
++ window->stride * window->height * 1ULL);
+
+ UwacSubmitBufferPtr(window, pendingBuffer);
+ return UWAC_SUCCESS;
+diff --git a/winpr/include/winpr/print.h b/winpr/include/winpr/print.h
+index 5adf0c445..d75ffdba5 100644
+--- a/winpr/include/winpr/print.h
++++ b/winpr/include/winpr/print.h
+@@ -40,7 +40,7 @@ extern "C"
+ WINPR_API void winpr_CArrayDump(const char* tag, UINT32 lvl, const BYTE* data, int length,
+ int width);
+
+- WINPR_API char* winpr_BinToHexString(const BYTE* data, int length, BOOL space);
++ WINPR_API char* winpr_BinToHexString(const BYTE* data, size_t length, BOOL space);
+
+ WINPR_API int wprintfx(const char* fmt, ...);
+ WINPR_API int wvprintfx(const char* fmt, va_list args);
+diff --git a/winpr/libwinpr/utils/lodepng/lodepng.c b/winpr/libwinpr/utils/lodepng/lodepng.c
+index 87f85080e..89878e074 100644
+--- a/winpr/libwinpr/utils/lodepng/lodepng.c
++++ b/winpr/libwinpr/utils/lodepng/lodepng.c
+@@ -3026,7 +3026,7 @@ size_t lodepng_get_raw_size(unsigned w, unsigned h, const LodePNGColorMode* colo
+ /*in an idat chunk, each scanline is a multiple of 8 bits, unlike the lodepng output buffer*/
+ static size_t lodepng_get_raw_size_idat(unsigned w, unsigned h, const LodePNGColorMode* color)
+ {
+- return h * ((w * lodepng_get_bpp(color) + 7) / 8);
++ return h * ((w * lodepng_get_bpp(color) + 7ULL) / 8ULL);
+ }
+ #endif /*LODEPNG_COMPILE_DECODER*/
+ #endif /*LODEPNG_COMPILE_PNG*/
+@@ -3814,7 +3814,7 @@ unsigned lodepng_convert(unsigned char* out, const unsigned char* in, LodePNGCol
+ {
+ size_t i;
+ ColorTree tree;
+- size_t numpixels = w * h;
++ size_t numpixels = w * h * 1ULL;
+
+ if (lodepng_color_mode_equal(mode_out, mode_in))
+ {
+@@ -3917,7 +3917,7 @@ unsigned get_color_profile(LodePNGColorProfile* profile, const unsigned char* in
+ unsigned error = 0;
+ size_t i;
+ ColorTree tree;
+- size_t numpixels = w * h;
++ size_t numpixels = w * h * 1ULL;
+
+ unsigned colored_done = lodepng_is_greyscale_type(mode) ? 1 : 0;
+ unsigned alpha_done = lodepng_can_have_alpha(mode) ? 0 : 1;
+@@ -4223,11 +4223,11 @@ static void Adam7_getpassvalues(unsigned passw[7], unsigned passh[7], size_t fil
+ /*if passw[i] is 0, it's 0 bytes, not 1 (no filtertype-byte)*/
+ filter_passstart[i + 1] =
+ filter_passstart[i] +
+- ((passw[i] && passh[i]) ? passh[i] * (1 + (passw[i] * bpp + 7) / 8) : 0);
++ ((passw[i] && passh[i]) ? passh[i] * (1ULL + (passw[i] * bpp + 7ULL) / 8ULL) : 0);
+ /*bits padded if needed to fill full byte at end of each scanline*/
+- padded_passstart[i + 1] = padded_passstart[i] + passh[i] * ((passw[i] * bpp + 7) / 8);
++ padded_passstart[i + 1] = padded_passstart[i] + passh[i] * ((passw[i] * bpp + 7ULL) / 8ULL);
+ /*only padded at end of reduced image*/
+- passstart[i + 1] = passstart[i] + (passh[i] * passw[i] * bpp + 7) / 8;
++ passstart[i + 1] = passstart[i] + (passh[i] * passw[i] * bpp + 7ULL) / 8ULL;
+ }
+ }
+
+@@ -4538,7 +4538,7 @@ static unsigned postProcessScanlines(unsigned char* out, unsigned char* in, unsi
+ if (bpp < 8 && w * bpp != ((w * bpp + 7) / 8) * 8)
+ {
+ CERROR_TRY_RETURN(unfilter(in, in, w, h, bpp));
+- removePaddingBits(out, in, w * bpp, ((w * bpp + 7) / 8) * 8, h);
++ removePaddingBits(out, in, w * bpp * 1ULL, ((w * bpp + 7ULL) / 8ULL) * 8ULL, h);
+ }
+ /*we can immediatly filter into the out buffer, no other steps needed*/
+ else
+@@ -4563,8 +4563,9 @@ static unsigned postProcessScanlines(unsigned char* out, unsigned char* in, unsi
+ /*remove padding bits in scanlines; after this there still may be padding
+ bits between the different reduced images: each reduced image still starts nicely at
+ a byte*/
+- removePaddingBits(&in[passstart[i]], &in[padded_passstart[i]], passw[i] * bpp,
+- ((passw[i] * bpp + 7) / 8) * 8, passh[i]);
++ removePaddingBits(&in[passstart[i]], &in[padded_passstart[i]],
++ passw[i] * bpp * 1ULL, ((passw[i] * bpp + 7ULL) / 8ULL) * 8ULL,
++ passh[i]);
+ }
+ }
+
+@@ -6049,12 +6050,12 @@ static unsigned preProcessScanlines(unsigned char** out, size_t* outsize, const
+ /*non multiple of 8 bits per scanline, padding bits needed per scanline*/
+ if (bpp < 8 && w * bpp != ((w * bpp + 7) / 8) * 8)
+ {
+- unsigned char* padded = (unsigned char*)calloc(h * ((w * bpp + 7) / 8), 1);
++ unsigned char* padded = (unsigned char*)calloc(h * ((w * bpp + 7ULL) / 8ULL), 1);
+ if (!padded)
+ error = 83; /*alloc fail*/
+ if (!error)
+ {
+- addPaddingBits(padded, in, ((w * bpp + 7) / 8) * 8, w * bpp, h);
++ addPaddingBits(padded, in, ((w * bpp + 7ULL) / 8ULL) * 8ULL, w * bpp * 1ULL, h);
+ error = filter(*out, padded, w, h, &info_png->color, settings);
+ }
+ free(padded);
+@@ -6097,8 +6098,9 @@ static unsigned preProcessScanlines(unsigned char** out, size_t* outsize, const
+ padded_passstart[i + 1] - padded_passstart[i], sizeof(unsigned char));
+ if (!padded)
+ ERROR_BREAK(83); /*alloc fail*/
+- addPaddingBits(padded, &adam7[passstart[i]], ((passw[i] * bpp + 7) / 8) * 8,
+- passw[i] * bpp, passh[i]);
++ addPaddingBits(padded, &adam7[passstart[i]],
++ ((passw[i] * bpp + 7ULL) / 8ULL) * 8ULL, passw[i] * bpp * 1ULL,
++ passh[i] * 1ULL);
+ error = filter(&(*out)[filter_passstart[i]], padded, passw[i], passh[i],
+ &info_png->color, settings);
+ free(padded);
+diff --git a/winpr/libwinpr/utils/print.c b/winpr/libwinpr/utils/print.c
+index c56cf5f6f..e3257b146 100644
+--- a/winpr/libwinpr/utils/print.c
++++ b/winpr/libwinpr/utils/print.c
+@@ -158,23 +158,22 @@ void winpr_CArrayDump(const char* tag, UINT32 level, const BYTE* data, int lengt
+ free(buffer);
+ }
+
+-char* winpr_BinToHexString(const BYTE* data, int length, BOOL space)
++char* winpr_BinToHexString(const BYTE* data, size_t length, BOOL space)
+ {
+- int i;
++ size_t i;
+ int n;
+ char* p;
+- int ln, hn;
+- char bin2hex[] = "0123456789ABCDEF";
++ const char bin2hex[] = "0123456789ABCDEF";
+ n = space ? 3 : 2;
+- p = (char*)malloc((length + 1) * n);
++ p = (char*)malloc((length + 1ULL) * n);
+
+ if (!p)
+ return NULL;
+
+ for (i = 0; i < length; i++)
+ {
+- ln = data[i] & 0xF;
+- hn = (data[i] >> 4) & 0xF;
++ int ln = data[i] & 0xF;
++ int hn = (data[i] >> 4) & 0xF;
+ p[i * n] = bin2hex[hn];
+ p[(i * n) + 1] = bin2hex[ln];
+
+--
+2.30.2
+
diff -Nru freerdp2-2.3.0+dfsg1/debian/patches/0033-Reverted-winpr_BinToHexString-argument-change.patch freerdp2-2.3.0+dfsg1/debian/patches/0033-Reverted-winpr_BinToHexString-argument-change.patch
--- freerdp2-2.3.0+dfsg1/debian/patches/0033-Reverted-winpr_BinToHexString-argument-change.patch 1970-01-01 01:00:00.000000000 +0100
+++ freerdp2-2.3.0+dfsg1/debian/patches/0033-Reverted-winpr_BinToHexString-argument-change.patch 2021-04-29 11:55:48.000000000 +0200
@@ -0,0 +1,40 @@
+From bed161ce5081b1aae422beef9ca5722eba022280 Mon Sep 17 00:00:00 2001
+From: Armin Novak <armin.novak@thincast.com>
+Date: Fri, 12 Mar 2021 12:24:42 +0100
+Subject: [PATCH 33/36] Reverted winpr_BinToHexString argument change
+
+keep API compatible.
+---
+ winpr/include/winpr/print.h | 2 +-
+ winpr/libwinpr/utils/print.c | 2 +-
+ 2 files changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/winpr/include/winpr/print.h b/winpr/include/winpr/print.h
+index d75ffdba5..5adf0c445 100644
+--- a/winpr/include/winpr/print.h
++++ b/winpr/include/winpr/print.h
+@@ -40,7 +40,7 @@ extern "C"
+ WINPR_API void winpr_CArrayDump(const char* tag, UINT32 lvl, const BYTE* data, int length,
+ int width);
+
+- WINPR_API char* winpr_BinToHexString(const BYTE* data, size_t length, BOOL space);
++ WINPR_API char* winpr_BinToHexString(const BYTE* data, int length, BOOL space);
+
+ WINPR_API int wprintfx(const char* fmt, ...);
+ WINPR_API int wvprintfx(const char* fmt, va_list args);
+diff --git a/winpr/libwinpr/utils/print.c b/winpr/libwinpr/utils/print.c
+index e3257b146..1ab074a1c 100644
+--- a/winpr/libwinpr/utils/print.c
++++ b/winpr/libwinpr/utils/print.c
+@@ -158,7 +158,7 @@ void winpr_CArrayDump(const char* tag, UINT32 level, const BYTE* data, int lengt
+ free(buffer);
+ }
+
+-char* winpr_BinToHexString(const BYTE* data, size_t length, BOOL space)
++char* winpr_BinToHexString(const BYTE* data, int length, BOOL space)
+ {
+ size_t i;
+ int n;
+--
+2.30.2
+
diff -Nru freerdp2-2.3.0+dfsg1/debian/patches/0034-Fixed-6938-Remote-app-mode-clipboard-fix.patch freerdp2-2.3.0+dfsg1/debian/patches/0034-Fixed-6938-Remote-app-mode-clipboard-fix.patch
--- freerdp2-2.3.0+dfsg1/debian/patches/0034-Fixed-6938-Remote-app-mode-clipboard-fix.patch 1970-01-01 01:00:00.000000000 +0100
+++ freerdp2-2.3.0+dfsg1/debian/patches/0034-Fixed-6938-Remote-app-mode-clipboard-fix.patch 2021-05-16 23:30:49.000000000 +0200
@@ -0,0 +1,32 @@
+From f3aa8251145fe1bd917aebd3b9e0ab65d396e78e Mon Sep 17 00:00:00 2001
+From: akallabeth <akallabeth@posteo.net>
+Date: Fri, 16 Apr 2021 10:50:08 +0200
+Subject: [PATCH] Fixed #6938: Remote app mode clipboard fix
+
+In remote app mode the _FREERDP_TIMESTAMP_PROPERTY does not work.
+Therefore ignore it
+
+(cherry picked from commit f2254f0b09a5fbc424ef3876cb47b03d83963c38)
+---
+ client/X11/xf_cliprdr.c | 5 ++++-
+ 1 file changed, 4 insertions(+), 1 deletion(-)
+
+diff --git a/client/X11/xf_cliprdr.c b/client/X11/xf_cliprdr.c
+index 0e6cd036f..4b22edd38 100644
+--- a/client/X11/xf_cliprdr.c
++++ b/client/X11/xf_cliprdr.c
+@@ -1423,7 +1423,10 @@ static UINT xf_cliprdr_server_format_list(CliprdrClientContext* context,
+ }
+
+ ret = xf_cliprdr_send_client_format_list_response(clipboard, TRUE);
+- xf_cliprdr_prepare_to_set_selection_owner(xfc, clipboard);
++ if (xfc->remote_app)
++ xf_cliprdr_set_selection_owner(xfc, clipboard, CurrentTime);
++ else
++ xf_cliprdr_prepare_to_set_selection_owner(xfc, clipboard);
+ return ret;
+ }
+
+--
+2.30.2
+
diff -Nru freerdp2-2.3.0+dfsg1/debian/patches/0035-Fixed-6989-Use-X509_STORE_set_default_paths.patch freerdp2-2.3.0+dfsg1/debian/patches/0035-Fixed-6989-Use-X509_STORE_set_default_paths.patch
--- freerdp2-2.3.0+dfsg1/debian/patches/0035-Fixed-6989-Use-X509_STORE_set_default_paths.patch 1970-01-01 01:00:00.000000000 +0100
+++ freerdp2-2.3.0+dfsg1/debian/patches/0035-Fixed-6989-Use-X509_STORE_set_default_paths.patch 2021-05-16 23:34:40.000000000 +0200
@@ -0,0 +1,28 @@
+From eaadeff1fc529f73d01a2a9699f840171c654e38 Mon Sep 17 00:00:00 2001
+From: akallabeth <akallabeth@posteo.net>
+Date: Mon, 3 May 2021 08:27:31 +0200
+Subject: [PATCH] Fixed #6989: Use X509_STORE_set_default_paths
+
+(cherry picked from commit b528ecde4f68d297b8464855a7ae0e02d36b78fc)
+---
+ libfreerdp/crypto/crypto.c | 4 +---
+ 1 file changed, 1 insertion(+), 3 deletions(-)
+
+diff --git a/libfreerdp/crypto/crypto.c b/libfreerdp/crypto/crypto.c
+index e61bd3bf1..82df956c2 100644
+--- a/libfreerdp/crypto/crypto.c
++++ b/libfreerdp/crypto/crypto.c
+@@ -846,9 +846,7 @@ BOOL x509_verify_certificate(CryptoCert cert, const char* certificate_store_path
+ NULL);
+ #endif
+
+- lookup = X509_STORE_add_lookup(cert_ctx, X509_LOOKUP_file());
+-
+- if (lookup == NULL)
++ if (X509_STORE_set_default_paths(cert_ctx) != 1)
+ goto end;
+
+ lookup = X509_STORE_add_lookup(cert_ctx, X509_LOOKUP_hash_dir());
+--
+2.30.2
+
diff -Nru freerdp2-2.3.0+dfsg1/debian/patches/2002_revert-e4b30a5cb6100a8ea4f320b829c9c5712ed4a783.patch freerdp2-2.3.0+dfsg1/debian/patches/2002_revert-e4b30a5cb6100a8ea4f320b829c9c5712ed4a783.patch
--- freerdp2-2.3.0+dfsg1/debian/patches/2002_revert-e4b30a5cb6100a8ea4f320b829c9c5712ed4a783.patch 2021-02-25 16:08:00.000000000 +0100
+++ freerdp2-2.3.0+dfsg1/debian/patches/2002_revert-e4b30a5cb6100a8ea4f320b829c9c5712ed4a783.patch 1970-01-01 01:00:00.000000000 +0100
@@ -1,166 +0,0 @@
-Description: This is a revert of upstream commit e4b30a5cb6100a8ea4f320b829c9c5712ed4a783 (breaking ABI compatibility with FreeRDP 2.2.0)
-Author: Mike Gabriel <mike.gabriel@das-netzwerkteam.de>
-
-#diff --git a/client/Mac/cli/AppDelegate.m b/client/Mac/cli/AppDelegate.m
-#index b7abcde70..698695676 100644
-#--- a/client/Mac/cli/AppDelegate.m
-#+++ b/client/Mac/cli/AppDelegate.m
-#@@ -199,7 +199,6 @@ void mac_set_view_size(rdpContext *context, MRDPView *view);
-#
-# void AppDelegate_ConnectionResultEventHandler(void *ctx, ConnectionResultEventArgs *e)
-# {
-#- rdpContext *context = (rdpContext *)ctx;
-# NSLog(@"ConnectionResult event result:%d\n", e->result);
-#
-# if (_singleDelegate)
-#@@ -207,15 +206,11 @@ void AppDelegate_ConnectionResultEventHandler(void *ctx, ConnectionResultEventAr
-# if (e->result != 0)
-# {
-# NSString *message = nil;
-#- DWORD code = freerdp_get_last_error(context);
-#- switch (code)
-#+
-#+ if (connectErrorCode == AUTHENTICATIONERROR)
-# {
-#- case FREERDP_ERROR_AUTHENTICATION_FAILED:
-#- message = [NSString
-#- stringWithFormat:@"%@", @"Authentication failure, check credentials."];
-#- break;
-#- default:
-#- break;
-#+ message = [NSString
-#+ stringWithFormat:@"%@", @"Authentication failure, check credentials."];
-# }
-#
-# // Making sure this should be invoked on the main UI thread.
-diff --git a/include/freerdp/error.h b/include/freerdp/error.h
-index 0fb51608b..f9d4b6ab0 100644
---- a/include/freerdp/error.h
-+++ b/include/freerdp/error.h
-@@ -177,6 +177,30 @@ extern "C"
- FREERDP_API const char* freerdp_get_error_info_name(UINT32 code);
- FREERDP_API const char* freerdp_get_error_info_category(UINT32 code);
-
-+ /**
-+ * This static variable holds an error code if the return value from connect is FALSE.
-+ * This variable is always set to 0 in the beginning of the connect sequence.
-+ * The returned code can be used to inform the user of the detailed connect error.
-+ * The value can hold one of the defined error codes below OR an error according to errno
-+ */
-+
-+ FREERDP_API extern int connectErrorCode;
-+
-+#define ERRORSTART 10000
-+#define PREECONNECTERROR ERRORSTART + 1
-+#define UNDEFINEDCONNECTERROR ERRORSTART + 2
-+#define POSTCONNECTERROR ERRORSTART + 3
-+#define DNSERROR ERRORSTART + 4 /* general DNS ERROR */
-+#define DNSNAMENOTFOUND ERRORSTART + 5 /* EAI_NONAME */
-+#define CONNECTERROR \
-+ ERRORSTART + 6 /* a connect error if errno is not define during tcp connect \
-+ */
-+#define MCSCONNECTINITIALERROR ERRORSTART + 7
-+#define TLSCONNECTERROR ERRORSTART + 8
-+#define AUTHENTICATIONERROR ERRORSTART + 9
-+#define INSUFFICIENTPRIVILEGESERROR ERRORSTART + 10
-+#define CANCELEDBYUSER ERRORSTART + 11
-+
- /**
- * FreeRDP Context Error Codes
- */
-diff --git a/libfreerdp/core/errinfo.c b/libfreerdp/core/errinfo.c
-index abfe96efd..e635847dc 100644
---- a/libfreerdp/core/errinfo.c
-+++ b/libfreerdp/core/errinfo.c
-@@ -34,6 +34,8 @@
- ERRINFO_##_code, "ERRINFO_" #_code, ERRINFO_##_code##_STRING, category \
- }
-
-+int connectErrorCode;
-+
- /* Protocol-independent codes */
-
- #define ERRINFO_RPC_INITIATED_DISCONNECT_STRING \
-diff --git a/libfreerdp/core/freerdp.c b/libfreerdp/core/freerdp.c
-index 81183e76d..9094bc346 100644
---- a/libfreerdp/core/freerdp.c
-+++ b/libfreerdp/core/freerdp.c
-@@ -55,6 +55,8 @@
-
- #define TAG FREERDP_TAG("core")
-
-+/* connectErrorCode is 'extern' in error.h. See comment there.*/
-+
- UINT freerdp_channel_add_init_handle_data(rdpChannelHandles* handles, void* pInitHandle,
- void* pUserData)
- {
-@@ -161,6 +163,7 @@ BOOL freerdp_connect(freerdp* instance)
-
- /* We always set the return code to 0 before we start the connect sequence*/
- instance->ConnectionCallbackState = CLIENT_STATE_INITIAL;
-+ connectErrorCode = 0;
- freerdp_set_last_error_log(instance->context, FREERDP_ERROR_SUCCESS);
- clearChannelError(instance->context);
- ResetEvent(instance->context->abortEvent);
-@@ -890,6 +893,61 @@ void freerdp_set_last_error_ex(rdpContext* context, UINT32 lastError, const char
- }
-
- context->LastError = lastError;
-+
-+ switch (lastError)
-+ {
-+ case FREERDP_ERROR_PRE_CONNECT_FAILED:
-+ connectErrorCode = PREECONNECTERROR;
-+ break;
-+
-+ case FREERDP_ERROR_CONNECT_UNDEFINED:
-+ connectErrorCode = UNDEFINEDCONNECTERROR;
-+ break;
-+
-+ case FREERDP_ERROR_POST_CONNECT_FAILED:
-+ connectErrorCode = POSTCONNECTERROR;
-+ break;
-+
-+ case FREERDP_ERROR_DNS_ERROR:
-+ connectErrorCode = DNSERROR;
-+ break;
-+
-+ case FREERDP_ERROR_DNS_NAME_NOT_FOUND:
-+ connectErrorCode = DNSNAMENOTFOUND;
-+ break;
-+
-+ case FREERDP_ERROR_CONNECT_FAILED:
-+ connectErrorCode = CONNECTERROR;
-+ break;
-+
-+ case FREERDP_ERROR_MCS_CONNECT_INITIAL_ERROR:
-+ connectErrorCode = MCSCONNECTINITIALERROR;
-+ break;
-+
-+ case FREERDP_ERROR_TLS_CONNECT_FAILED:
-+ connectErrorCode = TLSCONNECTERROR;
-+ break;
-+
-+ case FREERDP_ERROR_AUTHENTICATION_FAILED:
-+ connectErrorCode = AUTHENTICATIONERROR;
-+ break;
-+
-+ case FREERDP_ERROR_INSUFFICIENT_PRIVILEGES:
-+ connectErrorCode = INSUFFICIENTPRIVILEGESERROR;
-+ break;
-+
-+ case FREERDP_ERROR_CONNECT_CANCELLED:
-+ connectErrorCode = CANCELEDBYUSER;
-+ break;
-+
-+ case FREERDP_ERROR_SECURITY_NEGO_CONNECT_FAILED:
-+ connectErrorCode = CONNECTERROR;
-+ break;
-+
-+ case FREERDP_ERROR_CONNECT_TRANSPORT_FAILED:
-+ connectErrorCode = CONNECTERROR;
-+ break;
-+ }
- }
-
- const char* freerdp_get_logon_error_info_type(UINT32 type)
diff -Nru freerdp2-2.3.0+dfsg1/debian/patches/series freerdp2-2.3.0+dfsg1/debian/patches/series
--- freerdp2-2.3.0+dfsg1/debian/patches/series 2021-02-25 16:07:13.000000000 +0100
+++ freerdp2-2.3.0+dfsg1/debian/patches/series 2021-05-16 23:35:05.000000000 +0200
@@ -1,2 +1,24 @@
2001-fake-git-revision.patch
-2002_revert-e4b30a5cb6100a8ea4f320b829c9c5712ed4a783.patch
+0001-Added-compatibility-define.patch
+0003-Reverted-connectErrorCode-removal.patch
+0004-Fixed-a-leak-on-mouse-cursor-updates.patch
+0007-Fixed-format-string-in-smartcard_trace_state_return.patch
+0008-Fixed-linking-dependencies-for-client-geometry-chann.patch
+0010-Fixed-smartcard_convert_string_list-with-0-length.patch
+0012-Parse-on-a-copy-of-the-argument-string-for-printer.patch
+0015-Fix-xf_Pointer_SetPosition-with-smart-sizing.patch
+0017-Backported-6865-Disable-websockets-command-line-opti.patch
+0019-Check-smartcard_convert_string_list-for-NULL-string.patch
+0020-Use-specific-names-for-drive-hotplug-special-values.patch
+0021-Filter-RDPDR-types-other-than-drives-on-windows-hotp.patch
+0023-use-tlsOut-BIO-when-using-websocket-in-rdg_bio_ctrl.patch
+0024-Added-bounds-checks-to-gfx-commands.patch
+0025-Added-bounds-check-in-rdpgfx_recv_wire_to_surface_1_.patch
+0026-Added-fuzzying-test-for-planar-decoder.patch
+0027-Added-missing-bounds-check.patch
+0028-Fixed-mac-issues-with-smartcard-context-cleanup-6890.patch
+0031-Fix-monitor-list.patch
+0032-Fixed-CodeQL-warnings.patch
+0033-Reverted-winpr_BinToHexString-argument-change.patch
+0034-Fixed-6938-Remote-app-mode-clipboard-fix.patch
+0035-Fixed-6989-Use-X509_STORE_set_default_paths.patch
diff -Nru freerdp2-2.3.0+dfsg1/debian/watch freerdp2-2.3.0+dfsg1/debian/watch
--- freerdp2-2.3.0+dfsg1/debian/watch 2021-02-25 16:14:52.000000000 +0100
+++ freerdp2-2.3.0+dfsg1/debian/watch 2021-04-29 11:53:21.000000000 +0200
@@ -3,5 +3,5 @@
filenamemangle=s/.*\/v?([\d\.-]+)\.tar\.gz/freerdp-$1.tar.gz/,\
dversionmangle=s/\+dfsg1//,\
repacksuffix=+dfsg1 \
-https://github.com/FreeRDP/FreeRDP/tags .*/archive/v?([\d\.]+).tar.gz \
+https://github.com/FreeRDP/FreeRDP/tags .*/archive/refs/tags/v?([\d\.]+).tar.gz \
debian
Reply to: