[pull] devel from neutrinolabs:devel #22
Open
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
![pull[bot]](https://avatars.githubusercontent.com/in/12910?s=60&v=4){kind=small}
The existing code contains separate TLS and non-TLS code paths for hadling channel join PDUs. This was introduced in 8fdc1ba and was based on a misunderstanding of where in the connection sequence the TLS client hello is processed (if a TLS connection is negotiated). The assumption was the TLS client hello is received after the channel join PDUs. However, it is actually received immediately after the X.224 Connection Confirm PDU some time before channel join requests are processed. Consequently, there is no reason not to adopt a single code path for handling channel joins.
We always now indicate we support skipping channel joins. If the client indicates this too, expect no channel join requests from the client. If we do get some, process them anyway.
Improve channel join request processing
The size of the listen_port for sesman cannot exceed XRDP_SOCKETS_MAXPATH. We should use this value rather than an arbitrary value of 256.
The sesman tools have some private functions to make syncronous calls to sesman over SCP. This commit moves these calls to a new module scp_sync in libipm so that they can be utilised by other parts of xrdp (i.e. chansrv)
THe SCP interface is modified so that a program can connect to sesman and ask for the sockdir to be created for the currently authenticated user
Chansrv now checks for the user sockdir being present. If it isn't, it connects to chansrv and requests it be created. This also needs the sesman port to be added to the chansrv config struct.
The code to determine the socket address of chansrv when using a manually started xrdp-chansrv may need some help determining the UID of the session. This commit allows a UID to be optionally specified in the DISPLAY() function, if the code is unable to determine the UID automatically from the connection parameters. If a manual chansrvport is entered, xrdp now logs what it is connecting to, to assist in debugging.
Fix v0.10.x regressions in standalone chansrv
Ask for no videos on the bug form
Move to fuse3
SSL_CTX_set_ecdh_auto() was introduced for OpenSSL 1.0.2. It has no effect for OpenSSL 1.1.0 and later. For versions before 1.0.2 and after (and including 1.1.0) it should not be called. The macro was erroneously being called twice for OpenSSL 3.0.0 and later - this has also been remedied
Clarify size limit for uploaded videos
Some desktop environments are now checking for free space before copying files to a destination. To support this, the FUSE filesystem needs to convert the statvfs() system call to the relevent PDUs from [MS-RDPEFS]
Chromium 130 won't save to our filesystem if we don't return a max filename length. Dummy parameters were tried for inode counts, but these do not seem to be necessary. Not also that btrfs foes not return values for these fields.
Update cppcheck version to 2.16.0
A regression introduced in cppcheck 2.15.0 has been fixed in 2.16.0
Re-introduce -DHAVE_BOOST to cppcheck builds
xrdp.8.in: Fix "SEE ALSO" refs to `xrdp-sesman`, `xrdp-sesrun`
xrdp_wm_clear_popup() clears down a popup window, but does not clear the pointer. This can potentially lead to a double-free on the popup window bitmap.
The automated Coverity scan does not currently include neutrinordp Two problems fixed:- 1) MAX_STATIC_CHANNELS at 31 is bigger than freerdp->sessings->channels (16) 2) pamusername in the mod parameters is assumed to be 256 bytes when it is written to.
Fix more coverity warnings
Package for RPM-based systems is lame-devel rather than lamemp3-devel
Fix typo around lame development package
We found during deployment that it is possible for some configurations to have the build-time noopenh264 library installed, rather than the openh264 library. This causes a failure which is difficult to diagnose.
Add additional check to prevent Coverity assuming the worst
file descriptors cannot be zero when not in use. This commit enforces that for the test TCP proxy.
THe previous commit unmasked another potential error in Coverity, which is addressed by tightening up return value restrictions.
Address more Coverity warnings
Coverity seems to have some problems with the loop(s) copying data from one socket to another, in that it assume that eventually an integer overflow will occur. It's not obvious why this should be flagged, but this seems likely to be a false positive. This commit avoids the integer issue by using a simple pointer + count mechanism. The socket copy code has been placed in a separate function - before it was duplicated. Minor fixes have been made to error reporting around the connection code.
Update TCP proxy to address Coverity errors
This Coverity issue was encountered in a private build, but does not appear to be in the Github CI build. Coverity is suspecting a copy-paste betweem these lines in sound.c:- 1838: xstream_copyin(s, &g_stream_inp->data[g_stream_inp->size - g_bytes_in_stream], i); 1844: xstream_copyin(s, &g_stream_inp->data[g_stream_inp->size - g_bytes_in_stream], g_bytes_in_stream); An inspection of the code shows this to bre a false positive
More coverity fixes
Bump Cirrus CI to 14.2
Add Hungarian keyboard
Cope with broken OpenH264 encoder
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
See Commits and Changes for more details.
Created by
pull[bot]
Can you help keep this open source service alive? 💖 Please sponsor : )