CVE-2022-39282: /parallel (parallel port redirection) may send
uninitialized data to the server
CVE-2022-39283: /video may read uninitialized data, decode it as
audio/video and display the result
some LibreSSL-related ones.
I've added another (bio_info_cb*)(void*) -> (BIO_info_cb*)(void*) patch,
like the existing one in libfreerdp/crypto/tls.c (not new in 2.8.0, but
I missed it in build log before).
Re-enabling execinfo.h detection led to a build failure on sparc64 and
to a potential runtime failure because of missing backtrace symbols.
Explicitly link libwinpr against libexecinfo the same way as epoll-shims
is handled. While here, set COMPILER_LANGS=c as there is no C++ here.
ok ajacoutot
apply against the old code in the version we have, and we can't update until
either we get posix timer_create() etc, or an alternative timer implementation
is written
and tweak COMMENT (including replace Windows Terminal Server with RDP
suggested by denis@).
We are stuck at 2.0rc1 for now as newer versions need posix timers in
the OS, or an alternative implementation to be provided.
members to using SSL_in_(connect|accept)_init to fix following visibility
changes in libressl. While there, switch from TLSv1.0-only TLSv1_client_method
to SSLv23_client_method allowing newer TLS versions. Diff from jsing.
Disable the SSL 3.0/TLS 1.0 CBC vulnerability workaround since this breaks
NLA - the remote host will return a TLS alert 50, terminating the session.
This flag used to be part of SSL_OP_ALL, however was removed in r1.36 of
lib/libssl/src/ssl/ssl.h.
Issue reported by and fix tested by sthen@
ok sthen@
The following issues have been resolved:
629 - Password is shown when typed with parameter --from-stdin
698 - --from-stdin always prompts for password, even when it is piped in
793 - Fix for segfaults caused by wrong command line specified
799 - colors are wrong
806 - 1.0.2-rc1 problem with xfreerdp reparenting into X window
843 - stable-1.0 core dump with --authonly
(http://sourceforge.net/mailarchive/message.php?msg_id=30299739)
Also enabled smartcard support. Diff by Sergey Bronnikov.
Help with weird distfile name from sthen@.
ok sthen@
