942da943f3
Fixes the following security issues: - CVE-2018-8785: FreeRDP prior to version 2.0.0-rc4 contains a Heap-Based Buffer Overflow in function zgfx_decompress() that results in a memory corruption and probably even a remote code execution. - CVE-2018-8786: FreeRDP prior to version 2.0.0-rc4 contains an Integer Truncation that leads to a Heap-Based Buffer Overflow in function update_read_bitmap_update() and results in a memory corruption and probably even a remote code execution. - CVE-2018-8787: FreeRDP prior to version 2.0.0-rc4 contains an Integer Overflow that leads to a Heap-Based Buffer Overflow in function gdi_Bitmap_Decompress() and results in a memory corruption and probably even a remote code execution. - CVE-2018-8788: FreeRDP prior to version 2.0.0-rc4 contains an Out-Of-Bounds Write of up to 4 bytes in function nsc_rle_decode() that results in a memory corruption and possibly even a remote code execution. - CVE-2018-8789: FreeRDP prior to version 2.0.0-rc4 contains several Out-Of-Bounds Reads in the NTLM Authentication module that results in a Denial of Service (segfault). For details, see the upstream PR: https://github.com/FreeRDP/FreeRDP/pull/5031 Add support to set tls security level (for openssl >= 1.1.0), for RDP protocol version 10 (needed for windows 10 and windows server 2016). Also have some fix and features, seee21b72c95f
Signed-off-by: Alexey Lukyanchuk <skif@skif-web.ru> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com> (cherry picked from commit1e91d89bf1
) [Peter: mention security fixes] Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
267 lines
7.8 KiB
Makefile
267 lines
7.8 KiB
Makefile
################################################################################
|
|
#
|
|
# freerdp
|
|
#
|
|
################################################################################
|
|
|
|
FREERDP_VERSION = 2.0.0-rc4
|
|
FREERDP_SITE = $(call github,FreeRDP,FreeRDP,$(FREERDP_VERSION))
|
|
FREERDP_DEPENDENCIES = libglib2 openssl zlib
|
|
FREERDP_LICENSE = Apache-2.0
|
|
FREERDP_LICENSE_FILES = LICENSE
|
|
|
|
FREERDP_INSTALL_STAGING = YES
|
|
|
|
FREERDP_CONF_OPTS = -DWITH_MANPAGES=OFF -Wno-dev
|
|
|
|
ifeq ($(BR2_PACKAGE_FREERDP_GSTREAMER),y)
|
|
FREERDP_CONF_OPTS += -DWITH_GSTREAMER_0_10=ON
|
|
FREERDP_DEPENDENCIES += gstreamer gst-plugins-base libxml2
|
|
else
|
|
FREERDP_CONF_OPTS += -DWITH_GSTREAMER_0_10=OFF
|
|
endif
|
|
|
|
ifeq ($(BR2_PACKAGE_FREERDP_GSTREAMER1),y)
|
|
FREERDP_CONF_OPTS += -DWITH_GSTREAMER_1_0=ON
|
|
FREERDP_DEPENDENCIES += gstreamer1 gst1-plugins-base
|
|
else
|
|
FREERDP_CONF_OPTS += -DWITH_GSTREAMER_1_0=OFF
|
|
endif
|
|
|
|
ifeq ($(BR2_PACKAGE_CUPS),y)
|
|
FREERDP_CONF_OPTS += -DWITH_CUPS=ON
|
|
FREERDP_DEPENDENCIES += cups
|
|
else
|
|
FREERDP_CONF_OPTS += -DWITH_CUPS=OFF
|
|
endif
|
|
|
|
ifeq ($(BR2_PACKAGE_FFMPEG),y)
|
|
FREERDP_CONF_OPTS += -DWITH_FFMPEG=ON
|
|
FREERDP_DEPENDENCIES += ffmpeg
|
|
else
|
|
FREERDP_CONF_OPTS += -DWITH_FFMPEG=OFF
|
|
endif
|
|
|
|
ifeq ($(BR2_PACKAGE_ALSA_LIB_MIXER),y)
|
|
FREERDP_CONF_OPTS += -DWITH_ALSA=ON
|
|
FREERDP_DEPENDENCIES += alsa-lib
|
|
else
|
|
FREERDP_CONF_OPTS += -DWITH_ALSA=OFF
|
|
endif
|
|
|
|
ifeq ($(BR2_PACKAGE_PULSEAUDIO),y)
|
|
FREERDP_CONF_OPTS += -DWITH_PULSEAUDIO=ON
|
|
FREERDP_DEPENDENCIES += pulseaudio
|
|
else
|
|
FREERDP_CONF_OPTS += -DWITH_PULSEAUDIO=OFF
|
|
endif
|
|
|
|
# For the systemd journal
|
|
ifeq ($(BR2_PACKAGE_SYSTEMD),y)
|
|
FREERDP_CONF_OPTS += -DWITH_LIBSYSTEMD=ON
|
|
FREERDP_DEPENDENCIES += systemd
|
|
else
|
|
FREERDP_CONF_OPTS += -DWITH_LIBSYSTEMD=OFF
|
|
endif
|
|
|
|
ifeq ($(BR2_ARM_CPU_HAS_NEON),y)
|
|
FREERDP_CONF_OPTS += -DWITH_NEON=ON
|
|
else
|
|
FREERDP_CONF_OPTS += -DWITH_NEON=OFF
|
|
endif
|
|
|
|
ifeq ($(BR2_X86_CPU_HAS_SSE2),y)
|
|
FREERDP_CONF_OPTS += -DWITH_SSE2=ON
|
|
else
|
|
FREERDP_CONF_OPTS += -DWITH_SSE2=OFF
|
|
endif
|
|
|
|
ifeq ($(BR2_arm)$(BR2_armeb),y)
|
|
FREERDP_CONF_OPTS += -DARM_FP_ABI=$(GCC_TARGET_FLOAT_ABI)
|
|
endif
|
|
|
|
#---------------------------------------
|
|
# Enabling server and/or client
|
|
|
|
# Clients and server interface must always be enabled to build the
|
|
# corresponding libraries.
|
|
FREERDP_CONF_OPTS += -DWITH_SERVER_INTERFACE=ON
|
|
FREERDP_CONF_OPTS += -DWITH_CLIENT_INTERFACE=ON
|
|
|
|
ifeq ($(BR2_PACKAGE_FREERDP_SERVER),y)
|
|
FREERDP_CONF_OPTS += -DWITH_SERVER=ON
|
|
endif
|
|
|
|
ifneq ($(BR2_PACKAGE_FREERDP_CLIENT_X11)$(BR2_PACKAGE_FREERDP_CLIENT_WL),)
|
|
FREERDP_CONF_OPTS += -DWITH_CLIENT=ON
|
|
endif
|
|
|
|
#---------------------------------------
|
|
# Libraries for client and/or server
|
|
|
|
# The FreeRDP buildsystem uses non-orthogonal options. For example it
|
|
# is not possible to build the server and the wayland client without
|
|
# also building the X client. That's because the dependencies of the
|
|
# server (the X libraries) are a superset of those of the X client.
|
|
# So, as soon as FreeRDP is configured for the server and the wayland
|
|
# client, it will believe it also has to build the X client, because
|
|
# the libraries it needs are enabled.
|
|
#
|
|
# Furthermore, the shadow server is always built, even if there's nothing
|
|
# it can serve (i.e. the X libs are disabled).
|
|
#
|
|
# So, we do not care whether we build too much; we remove, as
|
|
# post-install hooks, whatever we do not want.
|
|
|
|
# If Xorg is enabled, and the server or the X client are, then libX11
|
|
# and libXext are forcibly enabled at the Kconfig level. However, if
|
|
# Xorg is enabled but neither the server nor the X client are, then
|
|
# there's nothing that guarantees those two libs are enabled. So we
|
|
# really must check for them.
|
|
ifeq ($(BR2_PACKAGE_XLIB_LIBX11)$(BR2_PACKAGE_XLIB_LIBXEXT),yy)
|
|
FREERDP_DEPENDENCIES += xlib_libX11 xlib_libXext
|
|
FREERDP_CONF_OPTS += -DWITH_X11=ON
|
|
else
|
|
FREERDP_CONF_OPTS += -DWITH_X11=OFF
|
|
endif
|
|
|
|
# The following libs are either optional or mandatory only for either
|
|
# the server or the client. A mandatory library for either one is
|
|
# selected from Kconfig, so we can make it conditional here
|
|
ifeq ($(BR2_PACKAGE_XLIB_LIBXCURSOR),y)
|
|
FREERDP_CONF_OPTS += -DWITH_XCURSOR=ON
|
|
FREERDP_DEPENDENCIES += xlib_libXcursor
|
|
else
|
|
FREERDP_CONF_OPTS += -DWITH_XCURSOR=OFF
|
|
endif
|
|
|
|
ifeq ($(BR2_PACKAGE_XLIB_LIBXDAMAGE),y)
|
|
FREERDP_CONF_OPTS += -DWITH_XDAMAGE=ON
|
|
FREERDP_DEPENDENCIES += xlib_libXdamage
|
|
else
|
|
FREERDP_CONF_OPTS += -DWITH_XDAMAGE=OFF
|
|
endif
|
|
|
|
ifeq ($(BR2_PACKAGE_XLIB_LIBXFIXES),y)
|
|
FREERDP_CONF_OPTS += -DWITH_XFIXES=ON
|
|
FREERDP_DEPENDENCIES += xlib_libXfixes
|
|
else
|
|
FREERDP_CONF_OPTS += -DWITH_XFIXES=OFF
|
|
endif
|
|
|
|
ifeq ($(BR2_PACKAGE_XLIB_LIBXI),y)
|
|
FREERDP_CONF_OPTS += -DWITH_XI=ON
|
|
FREERDP_DEPENDENCIES += xlib_libXi
|
|
else
|
|
FREERDP_CONF_OPTS += -DWITH_XI=OFF
|
|
endif
|
|
|
|
ifeq ($(BR2_PACKAGE_XLIB_LIBXINERAMA),y)
|
|
FREERDP_CONF_OPTS += -DWITH_XINERAMA=ON
|
|
FREERDP_DEPENDENCIES += xlib_libXinerama
|
|
else
|
|
FREERDP_CONF_OPTS += -DWITH_XINERAMA=OFF
|
|
endif
|
|
|
|
ifeq ($(BR2_PACKAGE_XLIB_LIBXKBFILE),y)
|
|
FREERDP_CONF_OPTS += -DWITH_XKBFILE=ON
|
|
FREERDP_DEPENDENCIES += xlib_libxkbfile
|
|
else
|
|
FREERDP_CONF_OPTS += -DWITH_XKBFILE=OFF
|
|
endif
|
|
|
|
ifeq ($(BR2_PACKAGE_XLIB_LIBXRANDR),y)
|
|
FREERDP_CONF_OPTS += -DWITH_XRANDR=ON
|
|
FREERDP_DEPENDENCIES += xlib_libXrandr
|
|
else
|
|
FREERDP_CONF_OPTS += -DWITH_XRANDR=OFF
|
|
endif
|
|
|
|
ifeq ($(BR2_PACKAGE_XLIB_LIBXRENDER),y)
|
|
FREERDP_CONF_OPTS += -DWITH_XRENDER=ON
|
|
FREERDP_DEPENDENCIES += xlib_libXrender
|
|
else
|
|
FREERDP_CONF_OPTS += -DWITH_XRENDER=OFF
|
|
endif
|
|
|
|
ifeq ($(BR2_PACKAGE_XLIB_LIBXTST),y)
|
|
FREERDP_CONF_OPTS += -DWITH_XTEST=ON
|
|
FREERDP_DEPENDENCIES += xlib_libXtst
|
|
else
|
|
FREERDP_CONF_OPTS += -DWITH_XTEST=OFF
|
|
endif
|
|
|
|
ifeq ($(BR2_PACKAGE_XLIB_LIBXV),y)
|
|
FREERDP_CONF_OPTS += -DWITH_XV=ON
|
|
FREERDP_DEPENDENCIES += xlib_libXv
|
|
else
|
|
FREERDP_CONF_OPTS += -DWITH_XV=OFF
|
|
endif
|
|
|
|
ifeq ($(BR2_PACKAGE_FREERDP_CLIENT_WL),y)
|
|
FREERDP_DEPENDENCIES += wayland libxkbcommon
|
|
FREERDP_CONF_OPTS += \
|
|
-DWITH_WAYLAND=ON \
|
|
-DWAYLAND_SCANNER=$(HOST_DIR)/bin/wayland-scanner
|
|
else
|
|
FREERDP_CONF_OPTS += -DWITH_WAYLAND=OFF
|
|
endif
|
|
|
|
#---------------------------------------
|
|
# Post-install hooks to cleanup and install missing stuff
|
|
|
|
# Shadow server is always installed, no matter what, so we manually
|
|
# remove it if the user does not want the server.
|
|
ifeq ($(BR2_PACKAGE_FREERDP_SERVER),)
|
|
define FREERDP_RM_SHADOW_SERVER
|
|
rm -f $(TARGET_DIR)/usr/bin/freerdp-shadow
|
|
endef
|
|
FREERDP_POST_INSTALL_TARGET_HOOKS += FREERDP_RM_SHADOW_SERVER
|
|
endif # ! server
|
|
|
|
# X client is always built as soon as a client is enabled and the
|
|
# necessary libs are enabled (e.g. because of the server), so manually
|
|
# remove it if the user does not want it.
|
|
ifeq ($(BR2_PACKAGE_FREERDP_CLIENT_X11),)
|
|
define FREERDP_RM_CLIENT_X11
|
|
rm -f $(TARGET_DIR)/usr/bin/xfreerdp
|
|
rm -f $(TARGET_DIR)/usr/lib/libxfreerdp-client*
|
|
endef
|
|
FREERDP_POST_INSTALL_TARGET_HOOKS += FREERDP_RM_CLIENT_X11
|
|
define FREERDP_RM_CLIENT_X11_LIB
|
|
rm -f $(STAGING_DIR)/usr/lib/libxfreerdp-client*
|
|
endef
|
|
FREERDP_POST_INSTALL_STAGING_HOOKS += FREERDP_RM_CLIENT_X11_LIB
|
|
endif # ! X client
|
|
|
|
# Wayland client is always built as soon as wayland is enabled, so
|
|
# manually remove it if the user does not want it.
|
|
ifeq ($(BR2_PACKAGE_FREERDP_CLIENT_WL),)
|
|
define FREERDP_RM_CLIENT_WL
|
|
rm -f $(TARGET_DIR)/usr/bin/wlfreerdp
|
|
endef
|
|
FREERDP_POST_INSTALL_TARGET_HOOKS += FREERDP_RM_CLIENT_WL
|
|
endif
|
|
|
|
# Remove static libraries in unusual dir
|
|
define FREERDP_CLEANUP
|
|
rm -rf $(TARGET_DIR)/usr/lib/freerdp
|
|
endef
|
|
FREERDP_POST_INSTALL_TARGET_HOOKS += FREERDP_CLEANUP
|
|
|
|
# Install the server key and certificate, so that a client can connect.
|
|
# A user can override them with its own in a post-build script, if needed.
|
|
# We install them even if the server is not enabled, since another server
|
|
# can be built and linked with libfreerdp (e.g. weston with the RDP
|
|
# backend). Key and cert are installed world-readable, so non-root users
|
|
# can start a server.
|
|
define FREERDP_INSTALL_KEYS
|
|
$(INSTALL) -m 0644 -D $(@D)/server/Sample/server.key \
|
|
$(TARGET_DIR)/etc/freerdp/keys/server.key
|
|
$(INSTALL) -m 0644 -D $(@D)/server/Sample/server.crt \
|
|
$(TARGET_DIR)/etc/freerdp/keys/server.crt
|
|
endef
|
|
FREERDP_POST_INSTALL_TARGET_HOOKS += FREERDP_INSTALL_KEYS
|
|
|
|
$(eval $(cmake-package))
|