SOURCES/Revert-Moved-clipboard-utils-to-core-library-fixes-6.patch

@@ -1,560 +0,0 @@
-From a441e68fccc8ef137c9e8e667fed6adaab34ba37 Mon Sep 17 00:00:00 2001
-From: Ondrej Holy <oholy@redhat.com>
-Date: Tue, 1 Oct 2024 15:43:07 +0200
-Subject: [PATCH] Revert "Moved clipboard utils to core library, fixes #6760
- (#7752)"
-
-This reverts commit 26a83e6ccde272c1bbc2b2591325dc7a493811bc.
----
- channels/cliprdr/client/cliprdr_format.c | 195 +++++++++++++++++++
- include/freerdp/channels/cliprdr.h       |  12 +-
- include/freerdp/utils/cliprdr_utils.h    |  48 -----
- libfreerdp/utils/CMakeLists.txt          |   1 -
- libfreerdp/utils/cliprdr_utils.c         | 235 -----------------------
- 5 files changed, 206 insertions(+), 285 deletions(-)
- delete mode 100644 include/freerdp/utils/cliprdr_utils.h
- delete mode 100644 libfreerdp/utils/cliprdr_utils.c
-
-diff --git a/channels/cliprdr/client/cliprdr_format.c b/channels/cliprdr/client/cliprdr_format.c
-index 0b6111b96..4c31a1b08 100644
---- a/channels/cliprdr/client/cliprdr_format.c
-+++ b/channels/cliprdr/client/cliprdr_format.c
-@@ -173,3 +173,198 @@ UINT cliprdr_process_format_data_response(cliprdrPlugin* cliprdr, wStream* s, UI
- 
- 	return error;
- }
-+
-+static UINT64 filetime_to_uint64(FILETIME value)
-+{
-+	UINT64 converted = 0;
-+	converted |= (UINT32)value.dwHighDateTime;
-+	converted <<= 32;
-+	converted |= (UINT32)value.dwLowDateTime;
-+	return converted;
-+}
-+
-+static FILETIME uint64_to_filetime(UINT64 value)
-+{
-+	FILETIME converted;
-+	converted.dwLowDateTime = (UINT32)(value >> 0);
-+	converted.dwHighDateTime = (UINT32)(value >> 32);
-+	return converted;
-+}
-+
-+#define CLIPRDR_FILEDESCRIPTOR_SIZE (4 + 32 + 4 + 16 + 8 + 8 + 520)
-+
-+/**
-+ * Parse a packed file list.
-+ *
-+ * The resulting array must be freed with the `free()` function.
-+ *
-+ * @param [in]  format_data            packed `CLIPRDR_FILELIST` to parse.
-+ * @param [in]  format_data_length     length of `format_data` in bytes.
-+ * @param [out] file_descriptor_array  parsed array of `FILEDESCRIPTOR` structs.
-+ * @param [out] file_descriptor_count  number of elements in `file_descriptor_array`.
-+ *
-+ * @returns 0 on success, otherwise a Win32 error code.
-+ */
-+UINT cliprdr_parse_file_list(const BYTE* format_data, UINT32 format_data_length,
-+                             FILEDESCRIPTORW** file_descriptor_array, UINT32* file_descriptor_count)
-+{
-+	UINT result = NO_ERROR;
-+	UINT32 i;
-+	UINT32 count = 0;
-+	wStream* s = NULL;
-+
-+	if (!format_data || !file_descriptor_array || !file_descriptor_count)
-+		return ERROR_BAD_ARGUMENTS;
-+
-+	s = Stream_New((BYTE*)format_data, format_data_length);
-+	if (!s)
-+		return ERROR_NOT_ENOUGH_MEMORY;
-+
-+	if (Stream_GetRemainingLength(s) < 4)
-+	{
-+		WLog_ERR(TAG, "invalid packed file list");
-+
-+		result = ERROR_INCORRECT_SIZE;
-+		goto out;
-+	}
-+
-+	Stream_Read_UINT32(s, count); /* cItems (4 bytes) */
-+
-+	if (Stream_GetRemainingLength(s) / CLIPRDR_FILEDESCRIPTOR_SIZE < count)
-+	{
-+		WLog_ERR(TAG, "packed file list is too short: expected %" PRIuz ", have %" PRIuz,
-+		         ((size_t)count) * CLIPRDR_FILEDESCRIPTOR_SIZE, Stream_GetRemainingLength(s));
-+
-+		result = ERROR_INCORRECT_SIZE;
-+		goto out;
-+	}
-+
-+	*file_descriptor_count = count;
-+	*file_descriptor_array = calloc(count, sizeof(FILEDESCRIPTORW));
-+	if (!*file_descriptor_array)
-+	{
-+		result = ERROR_NOT_ENOUGH_MEMORY;
-+		goto out;
-+	}
-+
-+	for (i = 0; i < count; i++)
-+	{
-+		int c;
-+		UINT64 lastWriteTime;
-+		FILEDESCRIPTORW* file = &((*file_descriptor_array)[i]);
-+
-+		Stream_Read_UINT32(s, file->dwFlags);          /* flags (4 bytes) */
-+		Stream_Seek(s, 32);                            /* reserved1 (32 bytes) */
-+		Stream_Read_UINT32(s, file->dwFileAttributes); /* fileAttributes (4 bytes) */
-+		Stream_Seek(s, 16);                            /* reserved2 (16 bytes) */
-+		Stream_Read_UINT64(s, lastWriteTime);          /* lastWriteTime (8 bytes) */
-+		file->ftLastWriteTime = uint64_to_filetime(lastWriteTime);
-+		Stream_Read_UINT32(s, file->nFileSizeHigh); /* fileSizeHigh (4 bytes) */
-+		Stream_Read_UINT32(s, file->nFileSizeLow);  /* fileSizeLow (4 bytes) */
-+		for (c = 0; c < 260; c++)                   /* cFileName (520 bytes) */
-+			Stream_Read_UINT16(s, file->cFileName[c]);
-+	}
-+
-+	if (Stream_GetRemainingLength(s) > 0)
-+		WLog_WARN(TAG, "packed file list has %" PRIuz " excess bytes",
-+		          Stream_GetRemainingLength(s));
-+out:
-+	Stream_Free(s, FALSE);
-+
-+	return result;
-+}
-+
-+#define CLIPRDR_MAX_FILE_SIZE (2U * 1024 * 1024 * 1024)
-+
-+/**
-+ * Serialize a packed file list.
-+ *
-+ * The resulting format data must be freed with the `free()` function.
-+ *
-+ * @param [in]  file_descriptor_array  array of `FILEDESCRIPTOR` structs to serialize.
-+ * @param [in]  file_descriptor_count  number of elements in `file_descriptor_array`.
-+ * @param [out] format_data            serialized CLIPRDR_FILELIST.
-+ * @param [out] format_data_length     length of `format_data` in bytes.
-+ *
-+ * @returns 0 on success, otherwise a Win32 error code.
-+ */
-+UINT cliprdr_serialize_file_list(const FILEDESCRIPTORW* file_descriptor_array,
-+                                 UINT32 file_descriptor_count, BYTE** format_data,
-+                                 UINT32* format_data_length)
-+{
-+	return cliprdr_serialize_file_list_ex(CB_STREAM_FILECLIP_ENABLED, file_descriptor_array,
-+	                                      file_descriptor_count, format_data, format_data_length);
-+}
-+
-+UINT cliprdr_serialize_file_list_ex(UINT32 flags, const FILEDESCRIPTORW* file_descriptor_array,
-+                                    UINT32 file_descriptor_count, BYTE** format_data,
-+                                    UINT32* format_data_length)
-+{
-+	UINT result = NO_ERROR;
-+	UINT32 i;
-+	wStream* s = NULL;
-+
-+	if (!file_descriptor_array || !format_data || !format_data_length)
-+		return ERROR_BAD_ARGUMENTS;
-+
-+	if ((flags & CB_STREAM_FILECLIP_ENABLED) == 0)
-+	{
-+		WLog_WARN(TAG, "No file clipboard support annouonced!");
-+		return ERROR_BAD_ARGUMENTS;
-+	}
-+
-+	s = Stream_New(NULL, 4 + file_descriptor_count * CLIPRDR_FILEDESCRIPTOR_SIZE);
-+	if (!s)
-+		return ERROR_NOT_ENOUGH_MEMORY;
-+
-+	Stream_Write_UINT32(s, file_descriptor_count); /* cItems (4 bytes) */
-+
-+	for (i = 0; i < file_descriptor_count; i++)
-+	{
-+		int c;
-+		UINT64 lastWriteTime;
-+		const FILEDESCRIPTORW* file = &file_descriptor_array[i];
-+
-+		/*
-+		 * There is a known issue with Windows server getting stuck in
-+		 * an infinite loop when downloading files that are larger than
-+		 * 2 gigabytes. Do not allow clients to send such file lists.
-+		 *
-+		 * https://support.microsoft.com/en-us/help/2258090
-+		 */
-+		if ((flags & CB_HUGE_FILE_SUPPORT_ENABLED) == 0)
-+		{
-+			if ((file->nFileSizeHigh > 0) || (file->nFileSizeLow >= CLIPRDR_MAX_FILE_SIZE))
-+			{
-+				WLog_ERR(TAG, "cliprdr does not support files over 2 GB");
-+				result = ERROR_FILE_TOO_LARGE;
-+				goto error;
-+			}
-+		}
-+
-+		Stream_Write_UINT32(s, file->dwFlags);          /* flags (4 bytes) */
-+		Stream_Zero(s, 32);                             /* reserved1 (32 bytes) */
-+		Stream_Write_UINT32(s, file->dwFileAttributes); /* fileAttributes (4 bytes) */
-+		Stream_Zero(s, 16);                             /* reserved2 (16 bytes) */
-+		lastWriteTime = filetime_to_uint64(file->ftLastWriteTime);
-+		Stream_Write_UINT64(s, lastWriteTime);       /* lastWriteTime (8 bytes) */
-+		Stream_Write_UINT32(s, file->nFileSizeHigh); /* fileSizeHigh (4 bytes) */
-+		Stream_Write_UINT32(s, file->nFileSizeLow);  /* fileSizeLow (4 bytes) */
-+		for (c = 0; c < 260; c++)                    /* cFileName (520 bytes) */
-+			Stream_Write_UINT16(s, file->cFileName[c]);
-+	}
-+
-+	Stream_SealLength(s);
-+
-+	Stream_GetBuffer(s, *format_data);
-+	Stream_GetLength(s, *format_data_length);
-+
-+	Stream_Free(s, FALSE);
-+
-+	return result;
-+
-+error:
-+	Stream_Free(s, TRUE);
-+
-+	return result;
-+}
-diff --git a/include/freerdp/channels/cliprdr.h b/include/freerdp/channels/cliprdr.h
-index fbf23f6e5..86fc65890 100644
---- a/include/freerdp/channels/cliprdr.h
-+++ b/include/freerdp/channels/cliprdr.h
-@@ -22,7 +22,6 @@
- 
- #include <freerdp/api.h>
- #include <freerdp/types.h>
--#include <freerdp/utils/cliprdr_utils.h>
- 
- #include <winpr/shell.h>
- 
-@@ -94,6 +93,17 @@ extern "C"
- {
- #endif
- 
-+	FREERDP_API UINT cliprdr_parse_file_list(const BYTE* format_data, UINT32 format_data_length,
-+	                                         FILEDESCRIPTORW** file_descriptor_array,
-+	                                         UINT32* file_descriptor_count);
-+	FREERDP_API UINT cliprdr_serialize_file_list(const FILEDESCRIPTORW* file_descriptor_array,
-+	                                             UINT32 file_descriptor_count, BYTE** format_data,
-+	                                             UINT32* format_data_length);
-+	FREERDP_API UINT cliprdr_serialize_file_list_ex(UINT32 flags,
-+	                                                const FILEDESCRIPTORW* file_descriptor_array,
-+	                                                UINT32 file_descriptor_count,
-+	                                                BYTE** format_data, UINT32* format_data_length);
-+
- #ifdef __cplusplus
- }
- #endif
-diff --git a/include/freerdp/utils/cliprdr_utils.h b/include/freerdp/utils/cliprdr_utils.h
-deleted file mode 100644
-index 59ecf848f..000000000
---- a/include/freerdp/utils/cliprdr_utils.h
-+++ /dev/null
-@@ -1,48 +0,0 @@
--/**
-- * FreeRDP: A Remote Desktop Protocol Implementation
-- * RDPDR utility functions
-- *
-- * Copyright 2022 Armin Novak <armin.novak@thincast.com>
-- * Copyright 2022 Thincast Technologies GmbH
-- *
-- * Licensed under the Apache License, Version 2.0 (the "License");
-- * you may not use this file except in compliance with the License.
-- * You may obtain a copy of the License at
-- *
-- *     http://www.apache.org/licenses/LICENSE-2.0
-- *
-- * Unless required by applicable law or agreed to in writing, software
-- * distributed under the License is distributed on an "AS IS" BASIS,
-- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-- * See the License for the specific language governing permissions and
-- * limitations under the License.
-- */
--
--#ifndef FREERDP_UTILS_CLIPRDR_H
--#define FREERDP_UTILS_CLIPRDR_H
--
--#include <winpr/wtypes.h>
--#include <winpr/shell.h>
--#include <freerdp/api.h>
--
--#ifdef __cplusplus
--extern "C"
--{
--#endif
--
--	FREERDP_API UINT cliprdr_parse_file_list(const BYTE* format_data, UINT32 format_data_length,
--	                                         FILEDESCRIPTORW** file_descriptor_array,
--	                                         UINT32* file_descriptor_count);
--	FREERDP_API UINT cliprdr_serialize_file_list(const FILEDESCRIPTORW* file_descriptor_array,
--	                                             UINT32 file_descriptor_count, BYTE** format_data,
--	                                             UINT32* format_data_length);
--	FREERDP_API UINT cliprdr_serialize_file_list_ex(UINT32 flags,
--	                                                const FILEDESCRIPTORW* file_descriptor_array,
--	                                                UINT32 file_descriptor_count,
--	                                                BYTE** format_data, UINT32* format_data_length);
--
--#ifdef __cplusplus
--}
--#endif
--
--#endif
-diff --git a/libfreerdp/utils/CMakeLists.txt b/libfreerdp/utils/CMakeLists.txt
-index 2ec561d33..7bff6736a 100644
---- a/libfreerdp/utils/CMakeLists.txt
-+++ b/libfreerdp/utils/CMakeLists.txt
-@@ -20,7 +20,6 @@ set(MODULE_PREFIX "FREERDP_UTILS")
- 
- set(${MODULE_PREFIX}_SRCS
- 	passphrase.c
--	cliprdr_utils.c
- 	pcap.c
- 	profiler.c
- 	ringbuffer.c
-diff --git a/libfreerdp/utils/cliprdr_utils.c b/libfreerdp/utils/cliprdr_utils.c
-deleted file mode 100644
-index 7fb99d63a..000000000
---- a/libfreerdp/utils/cliprdr_utils.c
-+++ /dev/null
-@@ -1,235 +0,0 @@
--/**
-- * FreeRDP: A Remote Desktop Protocol Implementation
-- * Clipboard Virtual Channel Extension
-- *
-- * Copyright 2013 Marc-Andre Moreau <marcandre.moreau@gmail.com>
-- * Copyright 2022 Armin Novak <anovak@thincast.com
-- * Copyright 2022 Thincast Technologies GmbH
-- *
-- * Licensed under the Apache License, Version 2.0 (the "License");
-- * you may not use this file except in compliance with the License.
-- * You may obtain a copy of the License at
-- *
-- *	 http://www.apache.org/licenses/LICENSE-2.0
-- *
-- * Unless required by applicable law or agreed to in writing, software
-- * distributed under the License is distributed on an "AS IS" BASIS,
-- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-- * See the License for the specific language governing permissions and
-- * limitations under the License.
-- */
--
--#include <winpr/stream.h>
--#include <freerdp/utils/cliprdr_utils.h>
--#include <freerdp/channels/cliprdr.h>
--
--#include <freerdp/log.h>
--#define TAG FREERDP_TAG("utils." CLIPRDR_SVC_CHANNEL_NAME)
--
--#define CLIPRDR_FILEDESCRIPTOR_SIZE (4 + 32 + 4 + 16 + 8 + 8 + 520)
--#define CLIPRDR_MAX_FILE_SIZE (2U * 1024 * 1024 * 1024)
--
--static UINT64 filetime_to_uint64(FILETIME value)
--{
--	UINT64 converted = 0;
--	converted |= (UINT32)value.dwHighDateTime;
--	converted <<= 32;
--	converted |= (UINT32)value.dwLowDateTime;
--	return converted;
--}
--
--static FILETIME uint64_to_filetime(UINT64 value)
--{
--	FILETIME converted;
--	converted.dwLowDateTime = (UINT32)(value >> 0);
--	converted.dwHighDateTime = (UINT32)(value >> 32);
--	return converted;
--}
--
--/**
-- * Parse a packed file list.
-- *
-- * The resulting array must be freed with the `free()` function.
-- *
-- * @param [in]  format_data            packed `CLIPRDR_FILELIST` to parse.
-- * @param [in]  format_data_length     length of `format_data` in bytes.
-- * @param [out] file_descriptor_array  parsed array of `FILEDESCRIPTOR` structs.
-- * @param [out] file_descriptor_count  number of elements in `file_descriptor_array`.
-- *
-- * @returns 0 on success, otherwise a Win32 error code.
-- */
--UINT cliprdr_parse_file_list(const BYTE* format_data, UINT32 format_data_length,
--                             FILEDESCRIPTORW** file_descriptor_array, UINT32* file_descriptor_count)
--{
--	UINT result = NO_ERROR;
--	UINT32 i;
--	UINT32 count = 0;
--	wStream sbuffer;
--	wStream* s = &sbuffer;
--
--	if (!format_data || !file_descriptor_array || !file_descriptor_count)
--		return ERROR_BAD_ARGUMENTS;
--
--	Stream_StaticInit(&sbuffer, format_data, format_data_length);
--	if (!s)
--		return ERROR_NOT_ENOUGH_MEMORY;
--
--	if (Stream_GetRemainingLength(s) < 4)
--	{
--		WLog_ERR(TAG, "invalid packed file list");
--
--		result = ERROR_INCORRECT_SIZE;
--		goto out;
--	}
--
--	Stream_Read_UINT32(s, count); /* cItems (4 bytes) */
--
--	if (Stream_GetRemainingLength(s) / CLIPRDR_FILEDESCRIPTOR_SIZE < count)
--	{
--		WLog_ERR(TAG, "packed file list is too short: expected %" PRIuz ", have %" PRIuz,
--		         ((size_t)count) * CLIPRDR_FILEDESCRIPTOR_SIZE, Stream_GetRemainingLength(s));
--
--		result = ERROR_INCORRECT_SIZE;
--		goto out;
--	}
--
--	*file_descriptor_count = count;
--	*file_descriptor_array = calloc(count, sizeof(FILEDESCRIPTORW));
--	if (!*file_descriptor_array)
--	{
--		result = ERROR_NOT_ENOUGH_MEMORY;
--		goto out;
--	}
--
--	for (i = 0; i < count; i++)
--	{
--		UINT64 tmp;
--		FILEDESCRIPTORW* file = &((*file_descriptor_array)[i]);
--
--		Stream_Read_UINT32(s, file->dwFlags);          /* flags (4 bytes) */
--		Stream_Read_UINT32(s, file->clsid.Data1);
--		Stream_Read_UINT16(s, file->clsid.Data2);
--		Stream_Read_UINT16(s, file->clsid.Data3);
--		Stream_Read(s, &file->clsid.Data4, sizeof(file->clsid.Data4));
--		Stream_Read_INT32(s, file->sizel.cx);
--		Stream_Read_INT32(s, file->sizel.cy);
--		Stream_Read_INT32(s, file->pointl.x);
--		Stream_Read_INT32(s, file->pointl.y);
--		Stream_Read_UINT32(s, file->dwFileAttributes); /* fileAttributes (4 bytes) */
--		Stream_Read_UINT64(s, tmp);                    /* ftCreationTime (8 bytes) */
--		file->ftCreationTime = uint64_to_filetime(tmp);
--		Stream_Read_UINT64(s, tmp); /* ftLastAccessTime (8 bytes) */
--		file->ftLastAccessTime = uint64_to_filetime(tmp);
--		Stream_Read_UINT64(s, tmp); /* lastWriteTime (8 bytes) */
--		file->ftLastWriteTime = uint64_to_filetime(tmp);
--		Stream_Read_UINT32(s, file->nFileSizeHigh); /* fileSizeHigh (4 bytes) */
--		Stream_Read_UINT32(s, file->nFileSizeLow);  /* fileSizeLow (4 bytes) */
--		Stream_Read_UTF16_String(s, file->cFileName,
--		                         ARRAYSIZE(file->cFileName)); /* cFileName (520 bytes) */
--	}
--
--	if (Stream_GetRemainingLength(s) > 0)
--		WLog_WARN(TAG, "packed file list has %" PRIuz " excess bytes",
--		          Stream_GetRemainingLength(s));
--out:
--
--	return result;
--}
--
--/**
-- * Serialize a packed file list.
-- *
-- * The resulting format data must be freed with the `free()` function.
-- *
-- * @param [in]  file_descriptor_array  array of `FILEDESCRIPTOR` structs to serialize.
-- * @param [in]  file_descriptor_count  number of elements in `file_descriptor_array`.
-- * @param [out] format_data            serialized CLIPRDR_FILELIST.
-- * @param [out] format_data_length     length of `format_data` in bytes.
-- *
-- * @returns 0 on success, otherwise a Win32 error code.
-- */
--UINT cliprdr_serialize_file_list(const FILEDESCRIPTORW* file_descriptor_array,
--                                 UINT32 file_descriptor_count, BYTE** format_data,
--                                 UINT32* format_data_length)
--{
--	return cliprdr_serialize_file_list_ex(CB_STREAM_FILECLIP_ENABLED, file_descriptor_array,
--	                                      file_descriptor_count, format_data, format_data_length);
--}
--
--UINT cliprdr_serialize_file_list_ex(UINT32 flags, const FILEDESCRIPTORW* file_descriptor_array,
--                                    UINT32 file_descriptor_count, BYTE** format_data,
--                                    UINT32* format_data_length)
--{
--	UINT result = NO_ERROR;
--	UINT32 i;
--	size_t len;
--	wStream* s = NULL;
--
--	if (!file_descriptor_array || !format_data || !format_data_length)
--		return ERROR_BAD_ARGUMENTS;
--
--	if ((flags & CB_STREAM_FILECLIP_ENABLED) == 0)
--	{
--		WLog_WARN(TAG, "No file clipboard support annouonced!");
--		return ERROR_BAD_ARGUMENTS;
--	}
--
--	s = Stream_New(NULL, 4 + file_descriptor_count * CLIPRDR_FILEDESCRIPTOR_SIZE);
--	if (!s)
--		return ERROR_NOT_ENOUGH_MEMORY;
--
--	Stream_Write_UINT32(s, file_descriptor_count); /* cItems (4 bytes) */
--
--	for (i = 0; i < file_descriptor_count; i++)
--	{
--		int c;
--		UINT64 lastWriteTime;
--		const FILEDESCRIPTORW* file = &file_descriptor_array[i];
--
--		/*
--		 * There is a known issue with Windows server getting stuck in
--		 * an infinite loop when downloading files that are larger than
--		 * 2 gigabytes. Do not allow clients to send such file lists.
--		 *
--		 * https://support.microsoft.com/en-us/help/2258090
--		 */
--		if ((flags & CB_HUGE_FILE_SUPPORT_ENABLED) == 0)
--		{
--			if ((file->nFileSizeHigh > 0) || (file->nFileSizeLow >= CLIPRDR_MAX_FILE_SIZE))
--			{
--				WLog_ERR(TAG, "cliprdr does not support files over 2 GB");
--				result = ERROR_FILE_TOO_LARGE;
--				goto error;
--			}
--		}
--
--		Stream_Write_UINT32(s, file->dwFlags);          /* flags (4 bytes) */
--		Stream_Zero(s, 32);                             /* reserved1 (32 bytes) */
--		Stream_Write_UINT32(s, file->dwFileAttributes); /* fileAttributes (4 bytes) */
--		Stream_Zero(s, 16);                             /* reserved2 (16 bytes) */
--		lastWriteTime = filetime_to_uint64(file->ftLastWriteTime);
--		Stream_Write_UINT64(s, lastWriteTime);       /* lastWriteTime (8 bytes) */
--		Stream_Write_UINT32(s, file->nFileSizeHigh); /* fileSizeHigh (4 bytes) */
--		Stream_Write_UINT32(s, file->nFileSizeLow);  /* fileSizeLow (4 bytes) */
--		for (c = 0; c < 260; c++)                    /* cFileName (520 bytes) */
--			Stream_Write_UINT16(s, file->cFileName[c]);
--	}
--
--	Stream_SealLength(s);
--
--	Stream_GetBuffer(s, *format_data);
--	Stream_GetLength(s, len);
--	if (len > UINT32_MAX)
--		goto error;
--
--	*format_data_length = (UINT32)len;
--
--	Stream_Free(s, FALSE);
--
--	return result;
--
--error:
--	Stream_Free(s, TRUE);
--
--	return result;
--}
--- 
-2.46.1
-

SOURCES/channels-urbdrc-check-interface-indices-before-use.patch

@@ -1,70 +0,0 @@
-From f8453bda5069314d271973eff69dc2e04f6df980 Mon Sep 17 00:00:00 2001
-From: Ondrej Holy <oholy@redhat.com>
-Date: Tue, 17 Feb 2026 13:01:37 +0100
-Subject: [PATCH] [channels,urbdrc] check interface indices before use
-
-Backport of commit 7b7e6de8fe427a2f01d331056774aec69710590b (functional changes only).
-
-Co-authored-by: Cursor <cursoragent@cursor.com>
----
- .../urbdrc/client/libusb/libusb_udevice.c     | 25 +++++++++++++++++++
- channels/urbdrc/common/msusb.c                |  2 ++
- 2 files changed, 27 insertions(+)
-
-diff --git a/channels/urbdrc/client/libusb/libusb_udevice.c b/channels/urbdrc/client/libusb/libusb_udevice.c
-index ef87f195f..b2d80243b 100644
---- a/channels/urbdrc/client/libusb/libusb_udevice.c
-+++ b/channels/urbdrc/client/libusb/libusb_udevice.c
-@@ -597,11 +597,36 @@ libusb_udev_complete_msconfig_setup(IUDEVICE* idev, MSUSB_CONFIG_DESCRIPTOR* MsC
- 		           "Select Configuration: Libusb NumberInterfaces(%" PRIu8 ") is different "
- 		           "with MsConfig NumberInterfaces(%" PRIu32 ")",
- 		           LibusbConfig->bNumInterfaces, MsConfig->NumInterfaces);
-+		return NULL;
- 	}
- 
- 	/* replace MsPipes for libusb */
- 	MsInterfaces = MsConfig->MsInterfaces;
- 
-+	/* check interface indices before use */
-+	for (inum = 0; inum < MsConfig->NumInterfaces; inum++)
-+	{
-+		MsInterface = MsInterfaces[inum];
-+		if (MsInterface->InterfaceNumber >= MsConfig->NumInterfaces)
-+		{
-+			WLog_Print(urbdrc->log, WLOG_ERROR,
-+			           "MSUSB_CONFIG_DESCRIPTOR::NumInterfaces (%" PRIu32
-+			           " <= MSUSB_INTERFACE_DESCRIPTOR::InterfaceNumber( %" PRIu8 ")",
-+			           MsConfig->NumInterfaces, MsInterface->InterfaceNumber);
-+			return NULL;
-+		}
-+
-+		LibusbInterface = &LibusbConfig->interface[MsInterface->InterfaceNumber];
-+		if (MsInterface->AlternateSetting >= LibusbInterface->num_altsetting)
-+		{
-+			WLog_Print(urbdrc->log, WLOG_ERROR,
-+			           "LIBUSB_INTERFACE::num_altsetting (%" PRId32
-+			           " <= MSUSB_INTERFACE_DESCRIPTOR::AlternateSetting( %" PRIu8 ")",
-+			           LibusbInterface->num_altsetting, MsInterface->AlternateSetting);
-+			return NULL;
-+		}
-+	}
-+
- 	for (inum = 0; inum < MsConfig->NumInterfaces; inum++)
- 	{
- 		MsInterface = MsInterfaces[inum];
-diff --git a/channels/urbdrc/common/msusb.c b/channels/urbdrc/common/msusb.c
-index bb517ce5d..113b7c96b 100644
---- a/channels/urbdrc/common/msusb.c
-+++ b/channels/urbdrc/common/msusb.c
-@@ -139,6 +139,8 @@ BOOL msusb_msinterface_replace(MSUSB_CONFIG_DESCRIPTOR* MsConfig, BYTE Interface
- {
- 	if (!MsConfig || !MsConfig->MsInterfaces)
- 		return FALSE;
-+	if (MsConfig->NumInterfaces <= InterfaceNumber)
-+		return FALSE;
- 
- 	msusb_msinterface_free(MsConfig->MsInterfaces[InterfaceNumber]);
- 	MsConfig->MsInterfaces[InterfaceNumber] = NewMsInterface;
--- 
-2.52.0
-

SOURCES/codec-clear-fix-destination-checks.patch

@@ -1,41 +0,0 @@
-From 7178a5554d7147a47fb7a85bba8c681f59e2a714 Mon Sep 17 00:00:00 2001
-From: Ondrej Holy <oholy@redhat.com>
-Date: Mon, 9 Mar 2026 13:55:29 +0100
-Subject: [PATCH] [codec,clear] fix destination checks
-
-Backport of commit 7d8fdce2d0ef337cb86cb37fc0c436c905e04d77.
-
-Made-with: Cursor
----
- libfreerdp/codec/clear.c | 11 ++++++-----
- 1 file changed, 6 insertions(+), 5 deletions(-)
-
-diff --git a/libfreerdp/codec/clear.c b/libfreerdp/codec/clear.c
-index a989a9bff..4dbe72376 100644
---- a/libfreerdp/codec/clear.c
-+++ b/libfreerdp/codec/clear.c
-@@ -494,15 +494,16 @@ static BOOL clear_decompress_subcodecs_data(CLEAR_CONTEXT* clear, wStream* s,
- 		nXDstRel = nXDst + xStart;
- 		nYDstRel = nYDst + yStart;
- 
--		if (width > nWidth)
-+		if (1ull * nXDstRel + width > nDstWidth)
- 		{
--			WLog_ERR(TAG, "width %" PRIu16 " > nWidth %" PRIu32 "", width, nWidth);
-+			WLog_ERR(TAG, "nXDstRel %" PRIu32 " + width %" PRIu16 " > nDstWidth %" PRIu32 "",
-+			         nXDstRel, width, nDstWidth);
- 			return FALSE;
- 		}
--
--		if (height > nHeight)
-+		if (1ull * nYDstRel + height > nDstHeight)
- 		{
--			WLog_ERR(TAG, "height %" PRIu16 " > nHeight %" PRIu32 "", height, nHeight);
-+			WLog_ERR(TAG, "nYDstRel %" PRIu32 " + height %" PRIu16 " > nDstHeight %" PRIu32 "",
-+			         nYDstRel, height, nDstHeight);
- 			return FALSE;
- 		}
- 
--- 
-2.53.0
-

SOURCES/codec-planar-fix-missing-destination-bounds-checks.patch

@@ -1,55 +0,0 @@
-From eca8a1a876b77de5da60b18793e35e5c0714ef97 Mon Sep 17 00:00:00 2001
-From: Ondrej Holy <oholy@redhat.com>
-Date: Mon, 9 Mar 2026 12:56:11 +0100
-Subject: [PATCH] [codec,planar]: fix missing destination bounds checks
-
-Backport of commit a0be5cb87d760bb1c803ad1bb835aa1e73e62abc.
-
-Made-with: Cursor
----
- libfreerdp/codec/planar.c | 21 ++++++++++++++++++++-
- 1 file changed, 20 insertions(+), 1 deletion(-)
-
-diff --git a/libfreerdp/codec/planar.c b/libfreerdp/codec/planar.c
-index 1cb2e22bc..9b4d13057 100644
---- a/libfreerdp/codec/planar.c
-+++ b/libfreerdp/codec/planar.c
-@@ -621,8 +621,9 @@ BOOL planar_decompress(BITMAP_PLANAR_CONTEXT* planar, const BYTE* pSrcData, UINT
- 	if (planar->maxHeight < nSrcHeight)
- 		return FALSE;
- 
-+	const UINT32 bpp = GetBytesPerPixel(DstFormat);
- 	if (nDstStep <= 0)
--		nDstStep = nDstWidth * GetBytesPerPixel(DstFormat);
-+		nDstStep = nDstWidth * bpp;
- 
- 	srcp = pSrcData;
- 
-@@ -831,6 +832,24 @@ BOOL planar_decompress(BITMAP_PLANAR_CONTEXT* planar, const BYTE* pSrcData, UINT
- 		}
- 		else /* RLE */
- 		{
-+			if (nYDst + nSrcHeight > nTotalHeight)
-+			{
-+				WLog_ERR(TAG,
-+				         "planar plane destination Y %" PRIu32 " + height %" PRIu32
-+				         " exceeds totalHeight %" PRIu32,
-+				         nYDst, nSrcHeight, nTotalHeight);
-+				return FALSE;
-+			}
-+
-+			if ((nXDst + nSrcWidth) * bpp > nDstStep)
-+			{
-+				WLog_ERR(TAG,
-+				         "planar plane destination (X %" PRIu32 " + width %" PRIu32
-+				         ") * bpp %" PRIu32 " exceeds stride %" PRIu32,
-+				         nXDst, nSrcWidth, bpp, nDstStep);
-+				return FALSE;
-+			}
-+
- 			status =
- 			    planar_decompress_plane_rle(planes[0], rleSizes[0], pTempData, nTempStep, nXDst,
- 			                                nYDst, nSrcWidth, nSrcHeight, 2, vFlip); /* RedPlane */
--- 
-2.53.0
-

SOURCES/core-tcp-Don-t-ignore-connect-errors.patch

@@ -0,0 +1,55 @@
+From c3673aaa5b65e8670c218bdfb5916a4112b628c7 Mon Sep 17 00:00:00 2001
+From: Ondrej Holy <oholy@redhat.com>
+Date: Wed, 14 Jan 2026 13:29:34 +0100
+Subject: [PATCH] [core,tcp] Don't ignore connect errors
+
+Backport of commit 0bdd8da0993231216a7bb4d5e6e33e47d817a944.
+
+Co-Authored-By: Claude <noreply@anthropic.com>
+---
+ libfreerdp/core/tcp.c | 18 ++++++++++++++----
+ 1 file changed, 14 insertions(+), 4 deletions(-)
+
+diff --git a/libfreerdp/core/tcp.c b/libfreerdp/core/tcp.c
+index 1d7eda92e..8a731f117 100644
+--- a/libfreerdp/core/tcp.c
++++ b/libfreerdp/core/tcp.c
+@@ -26,8 +26,11 @@
+ #include <errno.h>
+ #include <fcntl.h>
+ 
++#include <inttypes.h>
++
+ #include <winpr/crt.h>
+ #include <winpr/platform.h>
++#include <winpr/string.h>
+ #include <winpr/winsock.h>
+ 
+ #if !defined(_WIN32)
+@@ -846,12 +849,19 @@ static BOOL freerdp_tcp_connect_timeout(rdpContext* context, int sockfd, struct
+ 	if (WAIT_OBJECT_0 != status)
+ 		goto fail;
+ 
+-	status = recv(sockfd, NULL, 0, 0);
+-
+-	if (status == SOCKET_ERROR)
+ 	{
+-		if (WSAGetLastError() == WSAECONNRESET)
++		INT32 optval = 0;
++		socklen_t optlen = sizeof(optval);
++		if (getsockopt(sockfd, SOL_SOCKET, SO_ERROR, &optval, &optlen) < 0)
++			goto fail;
++
++		if (optval != 0)
++		{
++			char ebuffer[256] = { 0 };
++			WLog_DBG(TAG, "connect failed with error: %s [%" PRId32 "]",
++			         winpr_strerror(optval, ebuffer, sizeof(ebuffer)), optval);
+ 			goto fail;
++		}
+ 	}
+ 
+ 	status = WSAEventSelect(sockfd, handles[0], 0);
+-- 
+2.52.0
+

SOURCES/core-tcp-Fix-PreferIPv6OverIPv4-fallback-to-IPv4-add.patch

@@ -0,0 +1,102 @@
+From 462b02de4107845ab235e1668f78a43a31eb11fc Mon Sep 17 00:00:00 2001
+From: Ondrej Holy <oholy@redhat.com>
+Date: Wed, 14 Jan 2026 13:38:42 +0100
+Subject: [PATCH] [core,tcp] Fix PreferIPv6OverIPv4 fallback to IPv4 addresses
+
+Backport of commit 0bdd8da0993231216a7bb4d5e6e33e47d817a944.
+
+Co-Authored-By: Claude <noreply@anthropic.com>
+---
+ libfreerdp/core/tcp.c | 61 ++++++++++++++++++++++++++++++++++++-------
+ 1 file changed, 51 insertions(+), 10 deletions(-)
+
+diff --git a/libfreerdp/core/tcp.c b/libfreerdp/core/tcp.c
+index 8a731f117..3cf24c160 100644
+--- a/libfreerdp/core/tcp.c
++++ b/libfreerdp/core/tcp.c
+@@ -1064,6 +1064,53 @@ static BOOL freerdp_tcp_set_keep_alive_mode(const rdpSettings* settings, int soc
+ 	return TRUE;
+ }
+ 
++static struct addrinfo* reorder_addrinfo_by_preference(rdpContext* context, struct addrinfo* addr)
++{
++	WINPR_ASSERT(context);
++	WINPR_ASSERT(addr);
++
++	const BOOL preferIPv6 =
++	    freerdp_settings_get_bool(context->settings, FreeRDP_PreferIPv6OverIPv4);
++	if (!preferIPv6)
++		return addr;
++
++	struct addrinfo* ipv6Head = NULL;
++	struct addrinfo* ipv6Tail = NULL;
++	struct addrinfo* otherHead = NULL;
++	struct addrinfo* otherTail = NULL;
++
++	/* Partition the list into IPv6 and other addresses */
++	while (addr)
++	{
++		struct addrinfo* next = addr->ai_next;
++		addr->ai_next = NULL;
++
++		if (addr->ai_family == AF_INET6)
++		{
++			if (!ipv6Head)
++				ipv6Head = addr;
++			else
++				ipv6Tail->ai_next = addr;
++			ipv6Tail = addr;
++		}
++		else
++		{
++			if (!otherHead)
++				otherHead = addr;
++			else
++				otherTail->ai_next = addr;
++			otherTail = addr;
++		}
++		addr = next;
++	}
++
++	/* Concatenate the lists */
++	if (ipv6Tail)
++		ipv6Tail->ai_next = otherHead;
++
++	return ipv6Head ? ipv6Head : otherHead;
++}
++
+ static int get_next_addrinfo(rdpContext* context, struct addrinfo* input, struct addrinfo** result,
+                              UINT32 errorCode)
+ {
+@@ -1074,14 +1121,6 @@ static int get_next_addrinfo(rdpContext* context, struct addrinfo* input, struct
+ 	if (!addr)
+ 		goto fail;
+ 
+-	if (freerdp_settings_get_bool(context->settings, FreeRDP_PreferIPv6OverIPv4))
+-	{
+-		while (addr && (addr->ai_family != AF_INET6))
+-			addr = addr->ai_next;
+-		if (!addr)
+-			addr = input;
+-	}
+-
+ 	*result = addr;
+ 	return 0;
+ 
+@@ -1161,9 +1200,11 @@ int freerdp_tcp_connect(rdpContext* context, rdpSettings* settings, const char*
+ 			freerdp_set_last_error_log(context, 0);
+ 
+ 			/*
+-			 * If PreferIPv6OverIPv4 = TRUE we force to IPv6 if there
+-			 * is such an address available, but fall back to first if not found
++			 * If PreferIPv6OverIPv4 = TRUE we reorder addresses by preference:
++			 * IPv6 addresses come first, then other addresses.
+ 			 */
++			result = reorder_addrinfo_by_preference(context, result);
++
+ 			const int rc =
+ 			    get_next_addrinfo(context, result, &addr, FREERDP_ERROR_DNS_NAME_NOT_FOUND);
+ 			if (rc < 0)
+-- 
+2.52.0
+

SOURCES/core-tcp-Try-next-DNS-entry-on-connect-failure.patch

@@ -0,0 +1,76 @@
+From 051218feec6c3404e625637c9d812817b7d69c26 Mon Sep 17 00:00:00 2001
+From: Ondrej Holy <oholy@redhat.com>
+Date: Wed, 14 Jan 2026 13:28:18 +0100
+Subject: [PATCH] [core,tcp] Try next DNS entry on connect failure
+
+Backport of commit bd67348eb3380a66b544835346191bd2138a5ba4.
+
+Co-Authored-By: Claude <noreply@anthropic.com>
+---
+ libfreerdp/core/tcp.c | 41 ++++++++++++++++++++++-------------------
+ 1 file changed, 22 insertions(+), 19 deletions(-)
+
+diff --git a/libfreerdp/core/tcp.c b/libfreerdp/core/tcp.c
+index efc2aec36..1d7eda92e 100644
+--- a/libfreerdp/core/tcp.c
++++ b/libfreerdp/core/tcp.c
+@@ -1162,34 +1162,37 @@ int freerdp_tcp_connect(rdpContext* context, rdpSettings* settings, const char*
+ 			do
+ 			{
+ 				sockfd = socket(addr->ai_family, addr->ai_socktype, addr->ai_protocol);
++				if (sockfd >= 0)
++				{
++					if ((peerAddress = freerdp_tcp_address_to_string(
++					         (const struct sockaddr_storage*)addr->ai_addr, NULL)) != NULL)
++					{
++						WLog_DBG(TAG, "connecting to peer %s", peerAddress);
++						free(peerAddress);
++					}
++
++					if (!freerdp_tcp_connect_timeout(context, sockfd, addr->ai_addr,
++					                                 addr->ai_addrlen, timeout))
++					{
++						close(sockfd);
++						sockfd = -1;
++					}
++				}
++
+ 				if (sockfd < 0)
+ 				{
+ 					const int rc = get_next_addrinfo(context, addr->ai_next, &addr,
+ 					                                 FREERDP_ERROR_CONNECT_FAILED);
+ 					if (rc < 0)
++					{
++						freeaddrinfo(result);
++						freerdp_set_last_error_if_not(context, FREERDP_ERROR_CONNECT_FAILED);
++						WLog_ERR(TAG, "failed to connect to %s", hostname);
+ 						return rc;
++					}
+ 				}
+ 			} while (sockfd < 0);
+ 
+-			if ((peerAddress = freerdp_tcp_address_to_string(
+-			         (const struct sockaddr_storage*)addr->ai_addr, NULL)) != NULL)
+-			{
+-				WLog_DBG(TAG, "connecting to peer %s", peerAddress);
+-				free(peerAddress);
+-			}
+-
+-			if (!freerdp_tcp_connect_timeout(context, sockfd, addr->ai_addr, addr->ai_addrlen,
+-			                                 timeout))
+-			{
+-				freeaddrinfo(result);
+-				close(sockfd);
+-
+-				freerdp_set_last_error_if_not(context, FREERDP_ERROR_CONNECT_FAILED);
+-
+-				WLog_ERR(TAG, "failed to connect to %s", hostname);
+-				return -1;
+-			}
+-
+ 			freeaddrinfo(result);
+ 		}
+ 	}
+-- 
+2.52.0
+

SOURCES/core-tcp-fix-double-free-in-get_next_addrinfo.patch

@@ -0,0 +1,39 @@
+From c13c873fcd3e95dcb21e5a811ac878c21ce38d80 Mon Sep 17 00:00:00 2001
+From: Ondrej Holy <oholy@redhat.com>
+Date: Wed, 14 Jan 2026 13:39:04 +0100
+Subject: [PATCH] [core,tcp] fix double free in get_next_addrinfo
+
+Backport of commit 48197426444b7b3587874b5eae175af1113beab8.
+
+Co-Authored-By: Claude <noreply@anthropic.com>
+---
+ libfreerdp/core/tcp.c | 5 ++++-
+ 1 file changed, 4 insertions(+), 1 deletion(-)
+
+diff --git a/libfreerdp/core/tcp.c b/libfreerdp/core/tcp.c
+index 3cf24c160..25632f882 100644
+--- a/libfreerdp/core/tcp.c
++++ b/libfreerdp/core/tcp.c
+@@ -1126,7 +1126,7 @@ static int get_next_addrinfo(rdpContext* context, struct addrinfo* input, struct
+ 
+ fail:
+ 	freerdp_set_last_error_if_not(context, errorCode);
+-	freeaddrinfo(input);
++	*result = NULL;
+ 	return -1;
+ }
+ 
+@@ -1208,7 +1208,10 @@ int freerdp_tcp_connect(rdpContext* context, rdpSettings* settings, const char*
+ 			const int rc =
+ 			    get_next_addrinfo(context, result, &addr, FREERDP_ERROR_DNS_NAME_NOT_FOUND);
+ 			if (rc < 0)
++			{
++				freeaddrinfo(result);
+ 				return rc;
++			}
+ 
+ 			do
+ 			{
+-- 
+2.52.0
+

SOURCES/core-tcp-retry-all-DNS-entries-until-success.patch

@@ -0,0 +1,100 @@
+From 84f0e60c998d7c497d141492f7933bc940f7b239 Mon Sep 17 00:00:00 2001
+From: Ondrej Holy <oholy@redhat.com>
+Date: Tue, 6 Jan 2026 12:38:34 +0100
+Subject: [PATCH] [core,tcp] retry all DNS entries until success
+
+Backport of commit 4286a4c16495916fbfa6b8a6764c35fc82e1c5ba.
+
+Co-Authored-By: Claude <noreply@anthropic.com>
+---
+ libfreerdp/core/tcp.c | 63 +++++++++++++++++++++++++++++--------------
+ 1 file changed, 43 insertions(+), 20 deletions(-)
+
+diff --git a/libfreerdp/core/tcp.c b/libfreerdp/core/tcp.c
+index 0d0641b82..efc2aec36 100644
+--- a/libfreerdp/core/tcp.c
++++ b/libfreerdp/core/tcp.c
+@@ -1054,6 +1054,33 @@ static BOOL freerdp_tcp_set_keep_alive_mode(const rdpSettings* settings, int soc
+ 	return TRUE;
+ }
+ 
++static int get_next_addrinfo(rdpContext* context, struct addrinfo* input, struct addrinfo** result,
++                             UINT32 errorCode)
++{
++	WINPR_ASSERT(context);
++	WINPR_ASSERT(result);
++
++	struct addrinfo* addr = input;
++	if (!addr)
++		goto fail;
++
++	if (freerdp_settings_get_bool(context->settings, FreeRDP_PreferIPv6OverIPv4))
++	{
++		while (addr && (addr->ai_family != AF_INET6))
++			addr = addr->ai_next;
++		if (!addr)
++			addr = input;
++	}
++
++	*result = addr;
++	return 0;
++
++fail:
++	freerdp_set_last_error_if_not(context, errorCode);
++	freeaddrinfo(input);
++	return -1;
++}
++
+ int freerdp_tcp_connect(rdpContext* context, rdpSettings* settings, const char* hostname, int port,
+                         DWORD timeout)
+ {
+@@ -1123,30 +1150,26 @@ int freerdp_tcp_connect(rdpContext* context, rdpSettings* settings, const char*
+ 			}
+ 			freerdp_set_last_error_log(context, 0);
+ 
+-			addr = result;
++			/*
++			 * If PreferIPv6OverIPv4 = TRUE we force to IPv6 if there
++			 * is such an address available, but fall back to first if not found
++			 */
++			const int rc =
++			    get_next_addrinfo(context, result, &addr, FREERDP_ERROR_DNS_NAME_NOT_FOUND);
++			if (rc < 0)
++				return rc;
+ 
+-			if ((addr->ai_family == AF_INET6) && (addr->ai_next != 0) &&
+-			    !settings->PreferIPv6OverIPv4)
++			do
+ 			{
+-				while ((addr = addr->ai_next))
++				sockfd = socket(addr->ai_family, addr->ai_socktype, addr->ai_protocol);
++				if (sockfd < 0)
+ 				{
+-					if (addr->ai_family == AF_INET)
+-						break;
++					const int rc = get_next_addrinfo(context, addr->ai_next, &addr,
++					                                 FREERDP_ERROR_CONNECT_FAILED);
++					if (rc < 0)
++						return rc;
+ 				}
+-
+-				if (!addr)
+-					addr = result;
+-			}
+-
+-			sockfd = socket(addr->ai_family, addr->ai_socktype, addr->ai_protocol);
+-
+-			if (sockfd < 0)
+-			{
+-				freerdp_set_last_error_if_not(context, FREERDP_ERROR_CONNECT_FAILED);
+-
+-				freeaddrinfo(result);
+-				return -1;
+-			}
++			} while (sockfd < 0);
+ 
+ 			if ((peerAddress = freerdp_tcp_address_to_string(
+ 			         (const struct sockaddr_storage*)addr->ai_addr, NULL)) != NULL)
+-- 
+2.52.0
+

SOURCES/crypto-base64-ensure-char-is-singend.patch

@@ -1,30 +0,0 @@
-From 7e1759c739002dc95d8f15672d0f700ca8dcce0e Mon Sep 17 00:00:00 2001
-From: Ondrej Holy <oholy@redhat.com>
-Date: Tue, 17 Feb 2026 14:23:29 +0100
-Subject: [PATCH] [crypto,base64] ensure char is singend
-
-Backport of commit 62a9e787edb2cfce9858fa4ceda5461680efc590.
-
-Co-Authored-By: Cursor <cursoragent@cursor.com>
----
- libfreerdp/crypto/base64.c | 4 ++++
- 1 file changed, 4 insertions(+)
-
-diff --git a/libfreerdp/crypto/base64.c b/libfreerdp/crypto/base64.c
-index 5a5da89a4..c084de38e 100644
---- a/libfreerdp/crypto/base64.c
-+++ b/libfreerdp/crypto/base64.c
-@@ -93,6 +93,10 @@ char* crypto_base64_encode(const BYTE* data, int length)
- 
- static int base64_decode_char(char c)
- {
-+	/* ensure char is signed for this check */
-+	if ((int)c <= '\0')
-+		return -1;
-+
- 	if (c >= 'A' && c <= 'Z')
- 		return c - 'A';
- 
--- 
-2.52.0
-

SOURCES/utils-smartcard-add-length-validity-checks.patch

@@ -1,79 +0,0 @@
-From 070f9e070c59a121cd93541835dc0086084bb6ad Mon Sep 17 00:00:00 2001
-From: Ondrej Holy <oholy@redhat.com>
-Date: Tue, 17 Feb 2026 11:05:59 +0100
-Subject: [PATCH] [utils,smartcard] add length validity checks
-
-Backport of commit 57c5647d98c2a026de8b681159cb188ca0439ef8.
-
-Co-Authored-By: Cursor <cursoragent@cursor.com>
----
- channels/smartcard/client/smartcard_pack.c | 27 +++++++++++++++++-----
- 1 file changed, 21 insertions(+), 6 deletions(-)
-
-diff --git a/channels/smartcard/client/smartcard_pack.c b/channels/smartcard/client/smartcard_pack.c
-index f70eb4e5d..687f1110b 100644
---- a/channels/smartcard/client/smartcard_pack.c
-+++ b/channels/smartcard/client/smartcard_pack.c
-@@ -98,13 +98,16 @@ static BOOL smartcard_ndr_pointer_read_(wStream* s, UINT32* index, UINT32* ptr,
- 	return TRUE;
- }
- 
--static LONG smartcard_ndr_read(wStream* s, BYTE** data, size_t min, size_t elementSize,
--                               ndr_ptr_t type)
-+static LONG smartcard_ndr_read_ex(wStream* s, BYTE** data, size_t min,
-+                                  size_t elementSize, ndr_ptr_t type, size_t* plen)
- {
- 	size_t len, offset, len2;
- 	void* r;
- 	size_t required;
- 
-+	if (plen)
-+		*plen = 0;
-+
- 	switch (type)
- 	{
- 		case NDR_PTR_FULL:
-@@ -181,11 +184,20 @@ static LONG smartcard_ndr_read(wStream* s, BYTE** data, size_t min, size_t eleme
- 	if (!r)
- 		return SCARD_E_NO_MEMORY;
- 	Stream_Read(s, r, len);
--	smartcard_unpack_read_size_align(NULL, s, len, 4);
-+	const LONG pad = smartcard_unpack_read_size_align(NULL, s, len, 4);
-+	len += (size_t)pad;
- 	*data = r;
-+	if (plen)
-+		*plen = len;
- 	return STATUS_SUCCESS;
- }
- 
-+static LONG smartcard_ndr_read(wStream* s, BYTE** data, size_t min, size_t elementSize,
-+                               ndr_ptr_t type)
-+{
-+	return smartcard_ndr_read_ex(s, data, min, elementSize, type, NULL);
-+}
-+
- static BOOL smartcard_ndr_pointer_write(wStream* s, UINT32* index, DWORD length)
- {
- 	const UINT32 ndrPtr = 0x20000 + (*index) * 4;
-@@ -3427,12 +3439,15 @@ LONG smartcard_unpack_set_attrib_call(SMARTCARD_DEVICE* smartcard, wStream* s, S
- 
- 	if (ndrPtr)
- 	{
--		// TODO: call->cbAttrLen was larger than the pointer value.
--		// TODO: Maybe need to refine the checks?
--		status = smartcard_ndr_read(s, &call->pbAttr, 0, 1, NDR_PTR_SIMPLE);
-+		size_t len = 0;
-+		status = smartcard_ndr_read_ex(s, &call->pbAttr, 0, 1, NDR_PTR_SIMPLE, &len);
- 		if (status != SCARD_S_SUCCESS)
- 			return status;
-+		if (call->cbAttrLen > len)
-+			call->cbAttrLen = (DWORD)len;
- 	}
-+	else
-+		call->cbAttrLen = 0;
- 	smartcard_trace_set_attrib_call(smartcard, call);
- 	return SCARD_S_SUCCESS;
- }
--- 
-2.52.0
-

SPECS/freerdp.spec

@@ -27,7 +27,7 @@
 
 Name:           freerdp
 Version:        2.11.7
-Release:        4%{?dist}
+Release:        3%{?dist}
 Epoch:          2
 Summary:        Free implementation of the Remote Desktop Protocol (RDP)
 License:        ASL 2.0
@@ -35,50 +35,33 @@ URL:            http://www.freerdp.com/
 
 Source0:        https://github.com/FreeRDP/FreeRDP/archive/%{version}/FreeRDP-%{version}.tar.gz
 
-# Revert changes that break API
-# https://issues.redhat.com/browse/RHEL-53081
-Patch0:	        Revert-Moved-clipboard-utils-to-core-library-fixes-6.patch
+# https://issues.redhat.com/browse/RHEL-113722
+Patch:          core-tcp-retry-all-DNS-entries-until-success.patch
+Patch:          core-tcp-Try-next-DNS-entry-on-connect-failure.patch
+Patch:          core-tcp-Don-t-ignore-connect-errors.patch
+Patch:          core-tcp-Fix-PreferIPv6OverIPv4-fallback-to-IPv4-add.patch
+Patch:          core-tcp-fix-double-free-in-get_next_addrinfo.patch
 
 # https://github.com/FreeRDP/FreeRDP/commit/c4a7c371342edf0d307cea728f56d3302f0ab38c
-Patch1:         gdi-gfx-properly-clamp-SurfaceToSurface.patch
+Patch:          gdi-gfx-properly-clamp-SurfaceToSurface.patch
 
 # https://github.com/FreeRDP/FreeRDP/commit/c4391827d7facfc874ca7f61a92afb82232a5748
-Patch2:         codec-clear-fix-clear_resize_buffer-checks.patch
+Patch:          codec-clear-fix-clear_resize_buffer-checks.patch
 
 # https://github.com/FreeRDP/FreeRDP/commit/f8688b57f6cfad9a0b05475a6afbde355ffab720
-Patch3:         codec-clear-fix-off-by-one-length-check.patch
+Patch:          codec-clear-fix-off-by-one-length-check.patch
 
 # https://github.com/FreeRDP/FreeRDP/commit/1bab198a2edd0d0e6e1627d21a433151ea190500
-Patch4:         codec-planar-fix-decoder-length-checks.patch
+Patch:          codec-planar-fix-decoder-length-checks.patch
 
 # https://github.com/FreeRDP/FreeRDP/commit/243ecf804bb122e8e643a5c142ad5a49d7aa19ee
-Patch5:         codec-clear-check-clear_decomress-glyphData.patch
+Patch:          codec-clear-check-clear_decomress-glyphData.patch
 
 # https://github.com/FreeRDP/FreeRDP/commit/0421b53fcb4a80c95f51342e4a2c40c68a4101d3
-Patch6:         client-x11-fix-double-free-in-case-of-invalid-pointe.patch
+Patch:          client-x11-fix-double-free-in-case-of-invalid-pointe.patch
 
 # https://github.com/FreeRDP/FreeRDP/commit/52106a26726a2aba77aa6d86014d2eb3507f0783
-Patch7:         cache-offscreen-invalidate-bitmap-before-free.patch
-
-# CVE-2026-22855
-# https://github.com/FreeRDP/FreeRDP/commit/57c5647d98c2a026de8b681159cb188ca0439ef8
-Patch8:         utils-smartcard-add-length-validity-checks.patch
-
-# CVE-2026-22858
-# https://github.com/FreeRDP/FreeRDP/commit/62a9e787edb2cfce9858fa4ceda5461680efc590
-Patch9:         crypto-base64-ensure-char-is-singend.patch
-
-# CVE-2026-22859
-# https://github.com/FreeRDP/FreeRDP/commit/7b7e6de8fe427a2f01d331056774aec69710590b
-Patch10:        channels-urbdrc-check-interface-indices-before-use.patch
-
-# CVE-2026-26955
-# https://github.com/FreeRDP/FreeRDP/commit/7d8fdce2d0ef337cb86cb37fc0c436c905e04d77
-Patch11:        codec-clear-fix-destination-checks.patch
-
-# CVE-2026-26965
-# https://github.com/FreeRDP/FreeRDP/commit/a0be5cb87d760bb1c803ad1bb835aa1e73e62abc
-Patch12:        codec-planar-fix-missing-destination-bounds-checks.patch
+Patch:          cache-offscreen-invalidate-bitmap-before-free.patch
 
 BuildRequires:  gcc
 BuildRequires:  gcc-c++
@@ -337,71 +320,153 @@ find %{buildroot} -name "*.a" -delete
 %{_libdir}/pkgconfig/winpr-tools2.pc
 
 %changelog
-* Wed Mar 25 2026 Ondrej Holy <oholy@redhat.com> - 2:2.11.7-4
+* Tue Jan 27 2026 Ondrej Holy <oholy@redhat.com> - 2:2.11.7-3
 - Backport several CVE fixes
-  Resolves: RHEL-151979, RHEL-152206
+  Resolves: RHEL-142427, RHEL-142411, RHEL-142395, RHEL-142379, RHEL-142363
+  Resolves: RHEL-142348, RHEL-142332
 
-* Tue Feb 17 2026 Ondrej Holy <oholy@redhat.com> - 2:2.11.7-3
-- Backport several CVE fixes
-  Resolves: RHEL-148825, RHEL-148865, RHEL-148982
+* Fri Jan 16 2026 Ondrej Holy <oholy@redhat.com> - 2:2.11.7-2
+- Try next DNS entry on connect failure
+  Resolves: RHEL-113722
 
-* Tue Jan 27 2026 Ondrej Holy <oholy@redhat.com> - 2:2.11.7-2
-- Backport several CVE fixes
-  Resolves: RHEL-142417, RHEL-142401, RHEL-142385, RHEL-142369, RHEL-142353
-  Resolves: RHEL-142337, RHEL-142321
+* Thu May 09 2024 Ondrej Holy <oholy@redhat.com> - 2:2.11.7-1
+- Update to 2.11.7 (CVE-2024-32039, CVE-2024-32040, CVE-2024-32041,
+  CVE-2024-32458, CVE-2024-32459, CVE-2024-32460, CVE-2024-32658,
+  CVE-2024-32659, CVE-2024-32660, CVE-2024-32661, CVE-2024-32662)
 
-* Tue Oct 01 2024 Ondrej Holy <oholy@redhat.com> - 2:2.11.7-1
-- Update to 2.11.7 (RHEL-53081)
+* Tue Mar 12 2024 Ondrej Holy <oholy@redhat.com> - 2:2.11.2-2
+- CVE-2024-22211: Check codec resolution for overflow (RHEL-22244)
 
-* Tue Dec 13 2022 Ondrej Holy <oholy@redhat.com> - 2:2.2.0-10
-- Fix "implicit declaration of function" errors (#2136153, #2145139)
+* Fri Nov 10 2023 Ondrej Holy <oholy@redhat.com> - 2:2.11.2-1
+- Update to 2.11.2 (RHEL-4290, RHEL-4292, RHEL-4296, RHEL-4298, RHEL-4300,
+  RHEL-4302, RHEL-4304, RHEL-4306, RHEL-4308, RHEL-4310, RHEL-4312,
+  RHEL-10060)
 
-* Thu Dec 08 2022 Ondrej Holy <oholy@redhat.com> - - 2:2.2.0-9
-- CVE-2022-39282: Fix length checks in parallel driver (#2136151)
-- CVE-2022-39283: Add missing length check in video channel (#2136153)
-- CVE-2022-39316, CVE-2022-39317: Add missing length checks in zgfx (#2145139)
-- CVE-2022-39318: Fix division by zero in urbdrc channel (#2145139)
-- CVE-2022-39319: Add missing length checks in urbdrc channel (#2145139)
-- CVE-2022-39320: Ensure urb_create_iocompletion uses size_t (#2145139)
-- CVE-2022-39347: Fix path validation in drive channel (#2145139)
-- CVE-2022-41877: Add missing length check in drive channel (#2145139)
+* Tue Dec 13 2022 Ondrej Holy <oholy@redhat.com> - 2:2.4.1-5
+- Fix "implicit declaration of function" errors (#2136155, #2145140)
 
-* Thu Aug 11 2022 Ondrej Holy <oholy@redhat.com> - 2:2.2.0-8
-- Fix /monitor-list output (rhbz#2108866)
+* Thu Dec 08 2022 Ondrej Holy <oholy@redhat.com> - - 2:2.4.1-4
+- CVE-2022-39282: Fix length checks in parallel driver (#2136152)
+- CVE-2022-39283: Add missing length check in video channel (#2136154)
+- CVE-2022-39316, CVE-2022-39317: Add missing length checks in zgfx (#2145140)
+- CVE-2022-39318: Fix division by zero in urbdrc channel (#2145140)
+- CVE-2022-39319: Add missing length checks in urbdrc channel (#2145140)
+- CVE-2022-39320: Ensure urb_create_iocompletion uses size_t (#2145140)
+- CVE-2022-39347: Fix path validation in drive channel (#2145140)
+- CVE-2022-41877: Add missing length check in drive channel (#2145140)
 
-* Wed Nov 10 2021 Ondrej Holy <oholy@redhat.com> - 2:2.2.0-4
-- Refactored RPC gateway parser (rhbz#2017949)
+* Wed Jun 22 2022 Ondrej Holy <oholy@redhat.com> - - 2:2.4.1-3
+- Fix gateway functionality with OpenSSL 3.0 (#2023262)
 
-* Fri Nov 05 2021 Felipe Borges <feborges@redhat.com> - 2:2.2.0-3
-- Add checks for bitmap and glyph width and heigth values (rhbz#2017956)
+* Fri Nov 26 2021 Ondrej Holy <oholy@redhat.com> - 2:2.4.1-2
+- Fix datatype mismatch / big-endian breakage
+- Load legacy provider when initializing OpenSSL 3.0
 
-* Wed Apr 28 2021 Ondrej Holy <oholy@redhat.com> - 2:2.2.0-2
-- Fix exit codes for /help and similar options (rhbz#1910029)
+* Wed Nov 10 2021 Ondrej Holy <oholy@redhat.com> - 2:2.4.1-1
+- Update to 2.4.1 (CVE-2021-41159, CVE-2021-41160).
 
-* Fri Nov 20 2020 Ondrej Holy <oholy@redhat.com> - 2:2.2.0-1
-- Update to 2.2.0 (rhbz#1881971)
+* Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 2:2.4.0-3
+- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
+  Related: rhbz#1991688
 
-* Mon May 25 2020 Ondrej Holy <oholy@redhat.com> - 2:2.1.1-1
-- Update to 2.1.1 (rhbz#1834287).
+* Tue Aug 03 2021 Ondrej Holy <oholy@redhat.com> - 2:2.4.0-2
+- Load legacy provider to fix rc4 with OpenSSL 3.0 (#1988443).
 
-* Fri Apr 17 2020 Ondrej Holy <oholy@redhat.com> - 2:2.0.0-47.rc4
-- Fix SCARD_INSUFFICIENT_BUFFER error (rhbz#1803054)
-- Do not advertise /usb in help output (rhbz#1761144)
+* Thu Jul 29 2021 Ondrej Holy <oholy@redhat.com> - 2:2.4.0-1
+- Update to 2.4.0.
 
-* Wed Nov 28 2018 Ondrej Holy <oholy@redhat.com> - 2:2.0.0-46.rc4
-- Update to 2.0.0-rc4 (#1624340)
+* Wed Jun 16 2021 Mohan Boddu <mboddu@redhat.com> - 2:2.3.2-2
+- Rebuilt for RHEL 9 BETA for openssl 3.0
+  Related: rhbz#1971065
 
-* Mon Oct 15 2018 Ondrej Holy <oholy@redhat.com> - 2:2.0.0-45.rc3
-- Disable server support in RHEL (#1639165)
+* Mon May 17 2021 Ondrej Holy <oholy@redhat.com> - 2:2.3.2-1
+- Update to 2.3.2 (#1951123).
 
-* Wed Oct 10 2018 Ondrej Holy <oholy@redhat.com> - 2:2.0.0-44.rc3
-- Fix packaging issues found by rpmdiff (#1637487)
+* Mon May 17 2021 Ondrej Holy <oholy@redhat.com> - 2:2.2.0-8
+- Fix build with OpenSSL 3.0 (#1952937).
 
-* Tue Sep 25 2018 Ondrej Holy <oholy@redhat.com> - 2:2.0.0-43.rc3
-- Fix important defects found by covscan (#1602500)
+* Thu Apr 15 2021 Mohan Boddu <mboddu@redhat.com> - 2:2.2.0-7
+- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937
 
-* Thu Sep 06 2018 Ondrej Holy <oholy@redhat.com> - 2:2.0.0-42.rc3
-- Update to 2.0.0-rc3 (#1624340)
+* Tue Mar 23 2021 Simone Caronni <negativo17@gmail.com> - 2:2.2.0-6
+- Explicitly enable Cairo support (#1938393).
+
+* Tue Jan 26 2021 Fedora Release Engineering <releng@fedoraproject.org> - 2:2.2.0-5
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
+
+* Tue Aug 11 2020 Ondrej Holy <oholy@redhat.com> - 2:2.2.0-4
+- Use %%cmake_ macros to fix out-of-source builds (#1863586)
+
+* Sat Aug 01 2020 Fedora Release Engineering <releng@fedoraproject.org> - 2:2.2.0-3
+- Second attempt - Rebuilt for
+  https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
+
+* Mon Jul 27 2020 Fedora Release Engineering <releng@fedoraproject.org> - 2:2.2.0-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
+
+* Thu Jul 23 2020 Simone Caronni <negativo17@gmail.com> - 2:2.2.0-1
+- Update to 2.2.0.
+
+* Tue Jun 30 2020 Simone Caronni <negativo17@gmail.com> - 2:2.1.2-1
+- Update to 2.1.2.
+
+* Thu May 21 2020 Ondrej Holy <oholy@redhat.com> - 2:2.1.1-1
+- Update to 2.1.1.
+
+* Fri May 15 2020 Ondrej Holy <oholy@redhat.com> - 2:2.1.0-1
+- Update to 2.1.0 (#1833540).
+
+* Fri May 15 2020 Pete Walter <pwalter@fedoraproject.org> - 2:2.0.0-57.20200207git245fc60
+- Rebuild for ICU 67
+
+* Fri Feb 07 2020 Simone Caronni <negativo17@gmail.com> - 2:2.0.0-56.20200207git245fc60
+- Update to latest snapshot.
+
+* Tue Jan 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 2:2.0.0-55.20190820git6015229
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
+
+* Fri Nov 01 2019 Pete Walter <pwalter@fedoraproject.org> - 2:2.0.0-54.20190820git6015229
+- Rebuild for ICU 65
+
+* Tue Aug 20 2019 Simone Caronni <negativo17@gmail.com> - 2:2.0.0-53.20190820git6015229
+- Update to latest snapshot.
+
+* Thu Jul 25 2019 Fedora Release Engineering <releng@fedoraproject.org> - 2:2.0.0-52.20190918git5e672d4
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
+
+* Sun Jul 21 2019 Simone Caronni <negativo17@gmail.com> - 2:2.0.0-51.20190918git5e672d4
+- Update to latest snapshot.
+
+* Sat May 18 2019 Simone Caronni <negativo17@gmail.com> - 2:2.0.0-50.20190517gitb907324
+- Update to latest snapshot.
+
+* Wed Mar 06 2019 Simone Caronni <negativo17@gmail.com> - 2:2.0.0-49.20190304git435872b
+- Fix for GFX color depth (Windows 10).
+
+* Thu Feb 28 2019 Simone Caronni <negativo17@gmail.com> - 2:2.0.0-48.20190228gitce386c8
+- Update to latest snapshot post rc4.
+- CVE-2018-1000852 (#1661642).
+
+* Thu Jan 31 2019 Fedora Release Engineering <releng@fedoraproject.org> - 2:2.0.0-47.rc4.1
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
+
+* Thu Nov 29 2018 Ondrej Holy <oholy@redhat.com> - 2:2.0.0-47.rc4
+- Update to 2.0.0-rc4
+
+* Mon Oct 15 2018 Simone Caronni <negativo17@gmail.com> - 2:2.0.0-46.20181008git00af869
+- Enable Xtest option (#1559606).
+
+* Mon Oct 15 2018 Simone Caronni <negativo17@gmail.com> - 2:2.0.0-45.20181008git00af869
+- Update to last snapshot post 2.0.0-rc3.
+
+* Mon Aug 20 2018 Simone Caronni <negativo17@gmail.com> - 2:2.0.0-44.rc3
+- Update SPEC file.
+
+* Sat Aug 04 2018 Mike DePaulo <mikedep333@fedoraproject.org> - 2:2.0.0-43.20180801.rc3
+- Update to 2.0.0-rc3
+
+* Fri Jul 13 2018 Fedora Release Engineering <releng@fedoraproject.org> - 2:2.0.0-42.20180405gita9ecd6a
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
 
 * Mon Apr 09 2018 Simone Caronni <negativo17@gmail.com> - 2:2.0.0-41.20180405gita9ecd6a
 - Update to latest snapshot.