Commit Graph

18394 Commits

Author SHA1 Message Date
akallabeth
93649f62cd [ci] add workflow_dispatch to all
* Add an option to manually trigger a run of the workflow
* Trigger all on pull_request_target (less error prone, does not execute
  code from pull request but base branch)
* Remove scheduled run from CodeQL
2024-02-09 08:59:50 +01:00
akallabeth
8ba27a7992 [ci,tidy] add xsltproc and docbook-xsl to deps 2024-02-09 08:11:05 +01:00
akallabeth
119409a155 [ci] add image dependencies to workflow 2024-02-09 08:11:05 +01:00
matoro
e08c4acb50 [ci] add multiarch workflow 2024-02-09 08:11:05 +01:00
akallabeth
31942b0817 [ci,tidy] fix apt_packages 2024-02-08 22:47:11 +01:00
akallabeth
cad7e007f5 [ci] fix clang-tidy workflow 2024-02-08 20:37:49 +01:00
akallabeth
60e02aab8a [ci] fix clang-tidy package installation 2024-02-08 19:44:35 +01:00
akallabeth
44fcb3326d [ci] add clang-tidy 2024-02-08 15:12:37 +01:00
akallabeth
e8d1bc5f4b [server,sample] fix resource location
if binary versioning is enabled the installation path was wrong.
2024-02-08 09:47:56 +01:00
akallabeth
897f0adcae [client,mac] fix CAPS handling
* do not change capslock if state did not change (triggered by multiple
  flagsChanged calls while autorepeat of a pressed key)
* add debug log for flagsChanged
2024-02-07 14:14:21 +01:00
akallabeth
0cea2461c1 [server,sample] use wImage to load cursor icon
replace the custom PPM loader with the winpr_image* family of functions.
2024-02-07 13:14:02 +01:00
akallabeth
eb8b2828dc [server,sample] provide sample-icons formats
provide the cursor icon in different formats.
2024-02-07 13:14:02 +01:00
akallabeth
31763e2f80 [ci,nightly] enable image support for flatpak 2024-02-07 10:04:08 +01:00
akallabeth
ca3ec975cb [ci,nightly] enable image support for rpm 2024-02-07 10:04:08 +01:00
akallabeth
c315c80295 [ci,nightly] enable image support for debian 2024-02-07 10:04:08 +01:00
akallabeth
9a51830434 [codec,jpeg] use winpr image for jpeg 2024-02-07 10:04:08 +01:00
akallabeth
b5660035ae [winpr,image] add support for WebP, JPEG and libpng 2024-02-07 10:04:08 +01:00
akallabeth
5bb618330d [client,win] DesktopOrientaion is of type UINT16
Fixes #9841, use proper getter for settings key
2024-02-07 08:03:24 +01:00
David Benjamin
72bc3578a0 clang-format 2024-02-07 07:53:37 +01:00
David Benjamin
7548be62c3 Support RSA-PSS certificates in x509_utils_get_signature_alg
RSA-PSS in X.509 is truly horrible, and OpenSSL does not expose very good APIs
to extract this, even though the library does handle it internally. Instead, we
must tediously unwrap RFC 4055's unnecessarily complicated encoding of
RFC 8017's unnecessarily flexible RSA-PSS definition.
2024-02-07 07:53:37 +01:00
David Benjamin
f987e304ee Add some tests for x509_utils_get_signature_alg
Temporarily disable the RSA-PSS tests for now, but this is enough for a
regression test for the previous issue.
2024-02-07 07:53:37 +01:00
David Benjamin
bee7f94e93 [crypto,x509] fix tls-server-end-point signature algorithm selection
This reverts commit 00baf58a71. That
change appears to have been incorrect. It's described as simplying
retrieving the "default signature digest", but it actually changed the
function's behavior entirely. The function wasn't retrieving defaults
previously.

A certificate contains, among other things, a public key and a
signature. The public key is the public key of the subject. However, the
signature was generated by the issuer. That is, if I get a certificate
from a CA, the public key will be my public key and the signature will
be my CA's signature over the certificate contents.

Now, the original code returned the digest used in the certificate's
signature. That is, it tells you which signature algorithm did my *CA*
use to sign my certificate.

The new code extracts the certificate's public key (my public key, not
the CA's). This doesn't necessarily tell you the signature algorithm, so
it then asks OpenSSL what the "default" signature algorithm would it use
with the key. This notion of "default" is ad-hoc and has changed over
time with OpenSSL releases. It doesn't correspond to any particular
protocol semantics. It's not necessarily the signature algorithm of the
certificate.

Now, looking at where this function is used, it's called by
freerdp_certificate_get_signature_alg, which is called by
tls_get_channel_binding to compute the tls-server-end-point channel
binding. That code cites RFC 5929, which discusses picking the hash
algorithm based on the certificate's signatureAlgorithm:

https://www.rfc-editor.org/rfc/rfc5929#section-4.1

That is, the old version of the code was correct and the
"simplification" broke it. Revert this and restore the original version.

I suspect this went unnoticed because, almost all the time, both the old
and new code picked SHA-256 and it was fine. But if the certificate was,
say, signed with SHA-384, the new code would compute the wrong channel
binding.
2024-02-07 07:53:37 +01:00
akallabeth
2fffcd64b9 [winpr] use winpr_strerror instead of strerror
use the wrapper from WinPR to use the best implementation available.
2024-02-06 15:45:47 +01:00
akallabeth
c415ec1110 [winpr,utils] use strerror_s or strerror_r
prefer to use strerror_s over strerror_r and strerror to convert errno
to strings.
2024-02-06 15:45:47 +01:00
akallabeth
ba8cf8cf21 [build] fix Wmismatched-deallocator warnings
With custom malloc function attributes the fail path in the _New
functions produces warnings due to allocator mismatches. Silence them.
2024-02-05 08:16:55 +01:00
Isaac Klein
763462d0a9 include null byte in Authorization Request PDU
The RDS AAD Auth PDUs have no packet headers to indicate length.
Instead, these packets are zero-terminated strings. Somehow, Windows
accepts Authentication Request PDUs without a terminating null byte
during regular connections, but not through WVD websocket gateways.
2024-02-04 13:00:48 +01:00
akallabeth
bb42d425ed [gcc,clang] add support for attribute(malloc)
Mark all malloc like functions and add their appropriate free function
to let the compiler complain on mismatches
2024-02-02 15:10:40 +01:00
Vic Lee
5559e59f40 [channels] Add synchronous static channel setting. 2024-02-01 15:06:23 +01:00
Armin Novak
33764e603a [common,addin] make plugin loader path configurable
* Add new option WITH_ABSOLUTE_PLUGIN_LOAD_PATHS to allow overriding
  platform default option (load channel plugins with absolute paths or
  from environment search paths)
* Fix freerdp_get_dynamic_addin_install_path: use native platform path
  separators
2024-01-30 09:48:52 +01:00
akallabeth
5cb463e74b [channel,rdpgfx] disable client side caps
If no image scaling is available disable capabilities that require image
scaling to function properly
2024-01-29 19:26:18 +01:00
akallabeth
278a56263b [channels,rdpgfx] add server side channel checks
check if the message is allowed in current channel state.
2024-01-29 19:26:18 +01:00
akallabeth
01e415b801 [channel,rdpgfx] use dynamic WLog for server channel 2024-01-29 19:26:18 +01:00
akallabeth
4add7836fa [server,shadow] wait for rdpegfx channel ready
we need to wait until the capability messages are exchanged before
starting to issue gfx commands
2024-01-29 19:26:18 +01:00
akallabeth
e067e9dc6d [core,peer] fix typo 2024-01-29 11:52:22 +01:00
akallabeth
8b04ab53eb [cmake] disable WITH_WEBVIEW if not build on linux/bsd 2024-01-29 10:01:23 +01:00
akallabeth
2cd64ba424 [cmake] fallback cJSON detection 2024-01-29 09:34:59 +01:00
akallabeth
4f2d9ac313 [packaging] clean debian rules 2024-01-29 09:34:59 +01:00
akallabeth
f22d3065cb [cmake] fix manpage generation dependencies 2024-01-29 09:34:59 +01:00
akallabeth
902832ca76 [client,common] fix clipboard command line
allow both, +/- and /clipboard style options.
2024-01-29 09:23:58 +01:00
akallabeth
cefe847683 [core,gateway] use FREERDP_USER_AGENT define
Define FREERDP_USER_AGENT in version.h to be used by gateway http user
agent
2024-01-29 08:46:29 +01:00
akallabeth
ebebc5b2a7 [cmake] set policy CMP0138 NEW
with CMake >= 3.24 use the parent project compiler settings for
check_ipo_supported as it might fail otherwise.
2024-01-29 08:46:29 +01:00
Armin Novak
f61d1fd66a [cmake] fix clang-format detection 2024-01-25 10:36:52 +01:00
akallabeth
187001ed55 link executables to static runtime 2024-01-25 09:40:10 +01:00
akallabeth
fc47a019df [clang] unify tool detection 2024-01-25 09:40:10 +01:00
akallabeth
aa9a9564ac [ci] enable clang-tidy for ci builds 2024-01-25 09:40:10 +01:00
akallabeth
98daeb812e [cmake] add clang-format versions
add new versions of clang-format to detection script
2024-01-25 09:40:10 +01:00
akallabeth
15d9e5e01a [cmake] add clang-tidy support 2024-01-25 09:40:10 +01:00
akallabeth
465745131e [client,sdl] fix verbose logging
only call SDL_DestroyTexture if texture != NULL
2024-01-22 13:09:25 +01:00
Vic Lee
f2794daf38 [core,transport] make blocking mode available to transport IO interface. 2024-01-22 12:57:01 +01:00
akallabeth
bc23b205b5 [release] start new development cycle 2024-01-19 09:57:41 +01:00