freerdp2 (2.2.0+dfsg1-0ubuntu0.18.04.4) bionic-security; urgency=medium

  * SECURITY UPDATE: out of bounds read via parallel driver
    - debian/patches/CVE-2022-39282.patch: fix length checks in parallel
      driver in channels/parallel/client/parallel_main.c.
    - CVE-2022-39282
  * SECURITY UPDATE: out of bounds read via video channel
    - debian/patches/CVE-2022-39283.patch: fixed missing length check in
      video channel in channels/video/client/video_main.c.
    - CVE-2022-39283
  * SECURITY UPDATE: out of bounds reads in ZGFX decoder component
    - debian/patches/CVE-2022-39316_7.patch: added missing length checks in
      zgfx_decompress_segment in libfreerdp/codec/zgfx.c.
    - CVE-2022-39316
    - CVE-2022-39317
  * SECURITY UPDATE: missing input validation in urbdrc
    - debian/patches/CVE-2022-39318.patch: fixed division by zero in urbdrc
      in channels/urbdrc/client/libusb/libusb_udevice.c.
    - CVE-2022-39318
  * SECURITY UPDATE: missing input length validation in urbdrc
    - debian/patches/CVE-2022-39319-1.patch: fixed missing input buffer
      length check in urbdrc in channels/urbdrc/client/data_transfer.c.
    - debian/patches/CVE-2022-39319-2.patch: added missing length check in
      urb_control_transfer in channels/urbdrc/client/data_transfer.c.
    - CVE-2022-39319
  * SECURITY UPDATE: out of bounds read in usb
    - debian/patches/CVE-2022-39320.patch: ensure urb_create_iocompletion
      uses size_t for calculation in
      channels/urbdrc/client/data_transfer.c.
    - CVE-2022-39320
  * SECURITY UPDATE: missing path canonicalization and base path check
    for drive channel
    - debian/patches/CVE-2022-39347-1.patch: added function _wcsncmp in
      winpr/include/winpr/string.h, winpr/libwinpr/crt/string.c.
    - debian/patches/CVE-2022-39347-2.patch: fix wcs*cmp and wcs*len checks
      in winpr/libwinpr/crt/string.c.
    - debian/patches/CVE-2022-39347-3.patch: added wcsstr implementation in
      winpr/include/winpr/string.h, winpr/libwinpr/crt/string.c.
    - debian/patches/CVE-2022-39347-4.patch: fixed path validation in drive
      channel in channels/drive/client/drive_file.c,
      channels/drive/client/drive_file.h,
      channels/drive/client/drive_main.c.
    - CVE-2022-39347

 -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Mon, 21 Nov 2022 11:20:15 -0500

freerdp2 (2.2.0+dfsg1-0ubuntu0.18.04.3) bionic-security; urgency=medium

  * SECURITY UPDATE: authentication bypass via empty password values
    - debian/patches/CVE-2022-24882.patch: fix return code confusion in
      winpr/libwinpr/sspi/NTLM/ntlm_av_pairs.*,
      winpr/libwinpr/sspi/NTLM/ntlm_compute.*,
      winpr/libwinpr/sspi/NTLM/ntlm_message.c.
    - CVE-2022-24882
  * SECURITY UPDATE: authentication bypass via incorrect SAM file path
    - debian/patches/CVE-2022-24883.patch: clean up ntlm_fetch_ntlm_v2_hash
      in winpr/libwinpr/sspi/NTLM/ntlm_compute.c.
    - CVE-2022-24883

 -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Mon, 06 Jun 2022 09:23:21 -0400

freerdp2 (2.2.0+dfsg1-0ubuntu0.18.04.2) bionic-security; urgency=medium

  * SECURITY UPDATE: OOB Write
    - debian/patches/CVE-2021-41159-and-41160.patch: add checks
      in multiple files and added checks for bitmap
      width and heigth values in order to avoid out
      of bounds write in
      libfreerdp/core/gateway/ncacn_http.c,
      libfreerdp/core/gateway/rdg.c,
      libfreerdp/core/gateway/rpc.c,
      libfreerdp/core/gateway/rpc.h,
      libfreerdp/core/gateway/rpc_bind.c,
      libfreerdp/core/gateway/rpc_bind.h,
      libfreerdp/core/gateway/rpc_client.c,
      libfreerdp/core/gateway/rpc_client.h,
      libfreerdp/core/gateway/rpc_fault.c,
      libfreerdp/core/gateway/rts.c,
      libfreerdp/core/gateway/rts.h,
      libfreerdp/core/gateway/rts_signature.c,
      libfreerdp/core/gateway/rts_signature.h,
      libfreerdp/core/gateway/tsg.c,
      libfreerdp/core/orders.c,
      libfreerdp/core/surface.c,
      libfreerdp/core/update.c.
    - CVE-2021-41159
    - CVE-2021-41160

 -- Leonidas Da Silva Barbosa <leo.barbosa@canonical.com>  Mon, 08 Nov 2021 16:16:27 -0300

freerdp2 (2.2.0+dfsg1-0ubuntu0.18.04.1) bionic-security; urgency=medium

  * Updated to 2.2.0 to fix multiple security issues.
    - debian/*symbols: updated for new version.
    - CVE-2020-4030, CVE-2020-4031, CVE-2020-4032, CVE-2020-4033,
      CVE-2020-11095, CVE-2020-11096, CVE-2020-11097, CVE-2020-11098,
      CVE-2020-11099, CVE-2020-15103

 -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Wed, 26 Aug 2020 08:37:50 -0400

freerdp2 (2.1.1+dfsg1-0ubuntu0.18.04.1) bionic-security; urgency=medium

  * Updated to 2.1.1 to fix multiple security issues.
    - debian/patches/*.patch: removed, no longer needed with new version.
    - debian/patches/1001_spelling-fixes.patch: fix spelling mistake.
    - debian/rules: set WITH_PROXY=OFF for now.
    - debian/control: added libcairo2-dev to Build-Depends.
    - debian/rules: set WITH_CAIRO=ON.
    - debian/control: added libicu-dev to Build-Depends.
    - debian/rules: set WITH_ICU=ON.
    - debian/*symbols: updated for new version.
    - CVE-2019-17177, CVE-2020-11042, CVE-2020-11044, CVE-2020-11045,
      CVE-2020-11046, CVE-2020-11047, CVE-2020-11048, CVE-2020-11049,
      CVE-2020-11058, CVE-2020-11521, CVE-2020-11522, CVE-2020-11523,
      CVE-2020-11524, CVE-2020-11525, CVE-2020-11526, CVE-2020-13396,
      CVE-2020-13397, CVE-2020-13398, CVE-2018-1000852

 -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Tue, 26 May 2020 13:03:15 -0400

freerdp2 (2.0.0~git20170725.1.1648deb+dfsg1-7ubuntu0.1) bionic-security; urgency=medium

  * SECURITY UPDATE: Heap based buffer overflow in zgfx_decompress_segment
    - debian/patches/CVE-2018-8784.patch: Add checks to ensure not to overflow output
      buffer in libfreerdp/codec/zgfx.c. Based on upstream patch.
    - CVE-2018-8784
  * SECURITY UPDATE: Heap based buffer overflow in zgfx_decompress
    - debian/patches/CVE-2018-8785.patch: Add checks to ensure not to overflow output
      buffer in libfreerdp/codec/zgfx.c. Based on upstream patch.
    - CVE-2018-8785
  * SECURITY UPDATE: Integer truncation in update_read_bitmap_update
    - debian/patches/CVE-2018-8786.patch: Promote count to 32-bit integer
      type to avoid integer truncation in libfreerdp/core/update.c. Based on
      upstream patch.
    - CVE-2018-8786
  * SECURITY UPDATE: Integer overflow in gdi_Bitmap_Decompress
    - debian/patches/CVE-2018-8787.patch: Check for and avoid possible
      integer overflow in libfreerdp/gdi/graphics.c. Based on upstream
      patch.
    - CVE-2018-8787
  * SECURITY UPDATE: Buffer overflow in nsc_rle_decode
    - debian/patches/CVE-2018-8788.patch: Check for lengths and avoid
      possible buffer overflow overflow in libfreerdp/codec/nsc.c and
      libfreerdp/codec/nsc_encode.c. Based on upstream patch.
    - CVE-2018-8788
  * SECURITY UPDATE: Out-of-bounds read in ntlm_read_message_fields_buffer
    - debian/patches/CVE-2018-8789.patch: Ensure to use 64-bit integer
      type when checking offset against stream length in
      winpr/libwinpr/sspi/NTLM/ntlm_message.c. Based on upstream patch.
    - CVE-2018-8789

 -- Alex Murray <alex.murray@canonical.com>  Mon, 10 Dec 2018 13:50:31 +1030

freerdp2 (2.0.0~git20170725.1.1648deb+dfsg1-7) unstable; urgency=medium

  * Team upload.

  [ Bernhard Miklautz ]
  * debian/patches
    + add 0002-fix-nla-don-t-use-server-version.patch to fix
      NLA connection problems with latest Windows update.
  * debian/libwinpr2-2.docs
    + add to fix lintian error "missing-notice-file-for-apache-license"

  [ Matteo F. Vescovi ]
  * debian/control: S-V bump 4.1.1 -> 4.1.3 (no changes needed)
  * debian/control: Vcs-* fields updated to point to salsa
  * debian/: debhelper bump 9 -> 11
  * debian/rules: "--parallel" parameter dropped
  * debian/control: autotools-dev b-dep dropped
  * debian/rules: fix dpkg-architecture variables

 -- Matteo F. Vescovi <mfv@debian.org>  Thu, 15 Mar 2018 14:35:27 +0100

freerdp2 (2.0.0~git20170725.1.1648deb+dfsg1-6) unstable; urgency=medium

  [ Mike Gabriel ]
  * debian/changelog:
    + Post-upload fix of 2.0.0~git20170725.1.1648deb+dfsg1-5 stanza. We forgot
      to mention inclusion of pkg-info.pkg into debian/rules.

  [ Jeremy Bicha ]
  * debian/rules:
    + Disable FFmpeg and GSM on Ubuntu (Closes: #880157)
  * debian/gbp.conf:
    + Add this file.

 -- Mike Gabriel <sunweaver@debian.org>  Thu, 02 Nov 2017 12:10:06 +0100

freerdp2 (2.0.0~git20170725.1.1648deb+dfsg1-5) unstable; urgency=medium

  * debian/{control,rules}:
    + Don't build the wayland part of FreeRDP on non-Linux systems.
    + Explicitly have libsystemd-dev as B-D. Disable building against
      libsystemd-dev for non-Linux host.
  * debian/control:
    + Bump Standards-Version: to 4.1.1. No changes needed.
    + Remove Multi-Arch: same field (for bin:pkg freerdp2-dev). (Closes:
      #874222).
  * debian/rules:
    + FreeRDP2 does not build against oss4's alsa layer. Thus, deactivating
      alsa support on non-linux hosts.
    + Avoid using dpkg-parsechangelog.
    + Include pkg-info.pkg from dpkg to have DEB_SOURCE and DEB_VERSION
      available.
  * debian/{control,*.install}:
    + Process with wrap-and-sort -t -s -a.
  * debian/copyright{,.in}:
    + White-space fix.
  * debian/libwinpr2-2.symbols{.kfreebsd-*,hurd-*}:
    + The libwinpr/comm/comm_serial_sys.c API is Linux-only.
  * debian/patches:
    + Add 1003_fix-FTBFS-on-kFreeBSD.patch,
          1004_FreeBSD-is-not-kFreeBSD.patch.
      Fix upstream passages for building against GNU/kFreeBSD.

 -- Mike Gabriel <sunweaver@debian.org>  Sun, 22 Oct 2017 00:30:08 +0200

freerdp2 (2.0.0~git20170725.1.1648deb+dfsg1-4) unstable; urgency=medium

  * debian/control:
    + Fix typo in newly added dependency for freerdp2-dev.
  * debian/rules:
    + Improve fix for build support on armel. Thanks to Adrian Bunk. (Closes:
      #874164).

 -- Mike Gabriel <mike.gabriel@das-netzwerkteam.de>  Mon, 09 Oct 2017 15:55:42 +0200

freerdp2 (2.0.0~git20170725.1.1648deb+dfsg1-3) unstable; urgency=medium

  * debian/control:
    + Add D (freerdp-dev): libfreerdp-shadow-subsystem2-2 (same binary version}.
      (Closes: #877456).

 -- Mike Gabriel <sunweaver@debian.org>  Mon, 09 Oct 2017 11:15:16 +0200

freerdp2 (2.0.0~git20170725.1.1648deb+dfsg1-2) unstable; urgency=medium

  * debian/changelog:
    + post-upload add closure of #871150
  * debian/rules:
    + For armel builds set -DARM_FP_ABI=hard and -DWITH_NEON=off. Fixes FTBFS
      on Debian armel.

 -- Mike Gabriel <sunweaver@debian.org>  Sun, 01 Oct 2017 12:51:27 +0200

freerdp2 (2.0.0~git20170725.1.1648deb+dfsg1-1) unstable; urgency=medium

  [ Bernhard Miklautz ]
  * import git snapshot for 2.0.0-rc0 from upstream (Closes: #854689, #851600)
    - Obtained from master branch of http://github.com/FreeRDP/FreeRDP.
      Commit hash: 1648deb435ad52206f7aa2afe4b4dff71d9329bc
    + fixes CVE-2017-2834, CVE-2017-2835, CVE-2017-2836,
      CVE-2017-2837, CVE-2017-2838, CVE-2017-2839
    + update copyright
    + update symbols
  * debian/control:
    - Remove B:/R: rules (freerdp2-dev): libfreerdp-dev and freerdp2-dev don't
      have conflicting file names anymore
  * debian/patches
    + add 0001-Fix-gstreamer-1.0-detection.patch - fix gstreamer detection with
      recent cmake versions. (Closes: #871150).

  [ Mike Gabriel ]
  * debian/{control,*.install,*.symbols}:
    + Let package names match sonames.
  * debian/control:
    + Bump Standards-Version: to 4.0.0. No changes needed.
  * lintian issue unused-override spelling-error-in-binary
    usr/lib/x86_64-linux-gnu/libfreerdp-server.so.2.0.0 UNK(N)OWN
    not triggered anymore.
  * debian/patches:
    + Add 1001_Typo-Fixes.patch and 1002_macro-fix-in-man-pages.patch.
      Some cosmetic improvements (typos, man page flaws).

 -- Mike Gabriel <sunweaver@debian.org>  Tue, 01 Aug 2017 10:37:14 +0000

freerdp2 (2.0.0~git20161130.1.e60d0d5+dfsg1-1) unstable; urgency=medium

  * Upload to unstable.
  * debian/control:
    + Add B:/R: rules (freerdp2-dev): freerdp2-dev has files of the same name
      as libfreerdp-dev from FreeRDP 1.1. (Closes: #848235).

 -- Mike Gabriel <sunweaver@debian.org>  Tue, 27 Dec 2016 11:39:55 +0100

freerdp2 (2.0.0~git20161130.1.e60d0d5+dfsg1-1~exp1) experimental; urgency=medium

  * Initial (experimental) upload to Debian of FreeRDP v2. (Closes: #824358,
    #814676).

  [ Bernhard Miklautz ]
  * import git snapshot from upstream:
    - Obtained from master branch of http://github.com/FreeRDP/FreeRDP.
      Commit hash: f8285956097451f829d7da3455c45e3de39092e6
  * debian/rules
    + use BUILTIN_CHANNELS cmake define instead of the obsolete
      STATIC_CHANNELS
  * update copyright
  * libwinpr2
    + include wlog.1 man page

  [ Mike Gabriel ]
  * debian/control:
    + Maintenance umbrella is: Debian Remote Maintainers team.
    + Mention Windows 2012r2 explicitly in LONG_DESCRIPTIONs (freerdp-x11,
      freerdp-wayland).
    + Tidy up SYNOPSES and LONG_DESCRIPTIONs for new libwinpr-tools2(-dbg)
      shared libraries.
    + Bump Standards-Version: to 3.9.8. No changes needed.
  * debian/{control,rules}:
    + Build with -DCHANNEL_URBDRC_CLIENT=ON and -DCHANNEL_URBDRC=ON only on
      Linux OSes.
    + dbgsym: Don't build dbg:packages anymore.
      See https://wiki.debian.org/AutomaticDebugPackages.
  * debian/copyright:
    + Update auto-generated copyright.in template.
    + Update to match latest upstream Git snapshot.
    + Finalize for initial upload to Debian.
  * lintian:
    + Some executables (winpr-hash, winpr-makecert, wlfreerdp,
      freerdp-shadow-cli) don't yet have man pages. This is work in progress on
      the upstream part.
    + Ignore spelling error that was originally done by Microsoft and now is
      part of the RDP protocol.

 -- Mike Gabriel <sunweaver@debian.org>  Thu, 01 Dec 2016 02:19:59 +0100

freerdp2 (2.0.0~git20160503.1.f828595+dfsg1-1) UNRELEASED; urgency=medium

  [ Bernhard Miklautz ]
  * import git snapshot from upstream:
    - Obtained from master branch of http://github.com/FreeRDP/FreeRDP.
      Commit hash: f8285956097451f829d7da3455c45e3de39092e6
  * integrate upstream changes
    + new library libwinpr-tools
  * debian/rules:
    + build with WITH_CLIENT_INTERFACE=OFF this removes libxfreerdp-client
  * debian/libfreerdp-shadow2.symbols
    + remove symbols obsoleted by libwinpr-tools
  * debian/control
    + add dependency in libwinpr2-dev to libwinpr-tools2

 -- Bernhard Miklautz <bernhard.miklautz@shacknet.at>  Tue, 03 May 2016 18:54:42 +0200

freerdp2 (2.0.0~git20160502.1.a7ca42e+dfsg1-1) UNRELEASED; urgency=medium

  [ Bernhard Miklautz ]
  * import git snapshot from upstream:
    - Obtained from master branch of http://github.com/FreeRDP/FreeRDP.
      Commit hash: a7ca42ec17e545b90d6a08c84bd4967e8b472c01
  * integrate upstream changes
    - remove rdtk - not exported as library anymore
  * debian/patches
    - remove 1001_typo-fixes.patch - already upstream

 -- Bernhard Miklautz <bernhard.miklautz@shacknet.at>  Mon, 02 May 2016 18:42:42 +0200

freerdp2 (2.0.0~git20160317.1.75ae3f5+dfsg1-1) UNRELEASED; urgency=medium

  [ Bernhard Miklautz ]
  * Import git snapshot from upstream:
    - Obtained from master branch of http://github.com/FreeRDP/FreeRDP.
      Commit hash: 75ae3f58df5a14b4a67439aca96061a9c2ea5040
  * Reflect upstream changes
    - increase version numbers to 2 for rdtk and winpr
  * debian/rules
    + get-orig-source: don't add git refs in the generated ChangeLog

  [ Mike Gabriel ]
  * debian/control:
    + Bump Standards: to 3.9.7. No changes needed.
    + Make bin:pkg winpr-utils Priority: optional to match priority of
      bin:pkg freerdp2-dev.
    + Make bin:pkg winpr-utils Multi-Arch: foreign.
    + freerdp2-shadow-x11 is not a debug package. Thus, dropping Section:
      debug field.
  * Split-off libxfreerdp-client.so.2.0.0 into its own bin:pkg.
  * debian/*.symbols:
    + Add .symbols files for all shared libraries.
  * debian/freerdp2-x11.lintian-overrides:
    + Override not required anymore.
  * debian/libfreerdp-client2.install:
    + Don't ship empty directory.
  * debian/{freerdp2-dev.install,rules}:
    + Don't install static libraries into dev:pkg freerdp2-dev.
    + Ship libxfreerdp-client.so in freerdp2-dev bin:pkg.
  * debian/patches:
    + Add 1001_typo-fixes.patch. Provide spelling fixes in messages.

 -- Bernhard Miklautz <bernhard.miklautz@shacknet.at>  Thu, 17 Mar 2016 11:42:03 +0000

freerdp2 (2.0.0~git20160229.1.b4b8239+dfsg1-1) UNRELEASED; urgency=medium

  * Import git snapshot from upstream:
    - Obtained from master branch of http://github.com/FreeRDP/FreeRDP.
      Commit hash: b4b8239bf642a6cc41b2558e55be1b44577aa5dd
  * Enable wayland support
    + Add package for libuwac (using wayland as a client)
    + add package freerdp2-wayland
  * Ship the shadowing libraries in an extra package
    - libfreerdp-shadow2
  * debian/control:
    - Fix some typos and trailing white spaces

 -- Bernhard Miklautz <bernhard.miklautz@shacknet.at>  Mon, 29 Feb 2016 16:50:52 +0000

freerdp2 (2.0.0~git20160115.1.e2dbe5e+dfsg1-2) UNRELEASED; urgency=medium
  [ Bernhard Miklautz]
  * rename freerdp-x11 to freerdp2-x11 and
    freerdp-shadow-x11 to freerdp2-shadow-x11
  * freerdp2-dev: install missing files
  * debian/control
    + Use encrypted URLs for Vcs-*: field.
    + Add B-D on dpkg-dev (>= 1.16.1.1) (required for buildflags.mk)
  * debian/rules:
    + Enable all hardening flags.

  [ Jakub Adam]
  * install missing files into libwinpr1-dev
  * Use architecture-agnostic paths in debian/rules

 -- Bernhard Miklautz <bernhard.miklautz@shacknet.at>  Tue, 23 Feb 2016 15:50:04 +0000

freerdp2 (2.0.0~git20160115.1.e2dbe5e+dfsg1-1) UNRELEASED; urgency=medium

  * Initial release
  * Import git snapshot from upstream:
    - Obtained from master branch of http://github.com/FreeRDP/FreeRDP.
      Using commit hash: e2dbe5ee2db83b62a83ddf3c7cc45b5ed53f40b1

 -- Bernhard Miklautz <bernhard.miklautz@shacknet.at>  Fri, 15 Jan 2016 17:40:33 +0100
