Debian Patches
Status for freerdp3/3.15.0+dfsg-2.1+deb13u3
| Patch | Description | Author | Forwarded | Bugs | Origin | Last update |
|---|---|---|---|---|---|---|
| client-sdl-force-primary-monitor-in-windowed-mode.patch | [client,sdl] force primary monitor in windowed mode | Armin Novak <armin.novak@thincast.com> | not-needed | upstream, https://github.com/FreeRDP/FreeRDP/commit/fca297421953d4f277fa0739cd0dc98e7c0b9d6a | 2025-04-14 | |
| client-sdl-only-draw-to-window-if-connected.patch | [client,sdl] only draw to window if connected | Armin Novak <armin.novak@thincast.com> | not-needed | upstream, https://github.com/FreeRDP/FreeRDP/commit/ce8fc4e0f41efc55cf26e82fafce6f23e1dac2af | 2025-04-15 | |
| core-settings-handle-empty-OrderSupport-and-received.patch | [core,settings] handle empty OrderSupport and received capabilities | Armin Novak <armin.novak@thincast.com> | not-needed | upstream, https://github.com/FreeRDP/FreeRDP/commit/e92f0170e49ff0095a76e79d2444ec899a3e3d83 | 2025-04-15 | |
| crypto-certificate-Add-a-fallback-for-weak-RSA-keys.patch | [crypto,certificate] Add a fallback for weak RSA keys X509_dup fails with weak RSA keys. RDP security does still use them, so add a fallback to recreate the X509 from the raw RSA data. |
Armin Novak <armin.novak@thincast.com> | not-needed | upstream, https://github.com/FreeRDP/FreeRDP/commit/88a3c94adc5abab5d4fbbf6bc5feaf663d6c5736 | 2025-04-15 | |
| rdpei-server-Fix-incorrect-PDU-length-read.patch | rdpei/server: Fix incorrect PDU length read The PDU length is a 32-bit unsigned integer and not a 16-bit one. |
Pascal Nowack <Pascal.Nowack@gmx.de> | not-needed | upstream, https://github.com/FreeRDP/FreeRDP/commit/a16cb1da635ac9832178c35fbbf169441f694536 | 2025-04-19 | |
| cmake-json-improve-json-detection.patch | [cmake,json] improve json detection | akallabeth <akallabeth@posteo.net> | not-needed | upstream, https://github.com/FreeRDP/FreeRDP/commit/0eefdbdb40ca2e4e75b21845459ce9e8f6360b44 | 2025-04-17 | |
| client-sdl-fix-SDL-ttf-usage.patch | [client,sdl] fix SDL-ttf usage * hide library in sdl/dialogs, do not call functions from outside |
akallabeth <akallabeth@posteo.net> | not-needed | upstream, https://github.com/FreeRDP/FreeRDP/commit/45d42d1db32f45152d53664baf17e75693eaa46d | 2025-04-22 | |
| cache-glyph-fix-GLYPH_FRAGMENT_USE.patch | [cache,glyph] fix GLYPH_FRAGMENT_USE | akallabeth <akallabeth@posteo.net> | not-needed | upstream, https://github.com/FreeRDP/FreeRDP/commit/39ca16f4aa5559b91a05271b72450ef447391d06 | 2025-04-22 | |
| winpr-sysinfo-use-a-single-clock-to-provide-System-a.patch | [winpr,sysinfo] use a single clock to provide System and Local time ... rather than a different one for second and sub-second part |
Mark Nauwelaerts <mnauw@users.sourceforge.net> | not-needed | upstream, https://github.com/FreeRDP/FreeRDP/commit/b7a2eecaa145398ed177f726379a8b0de58f24ca | 2025-04-22 | |
| fix-resources-remove-MimeType-from-desktop-file.patch | fix [resources]: remove MimeType from desktop file freerdp-file.desktop.template contains the MimeType handler and handles the arguments. |
Bernhard Miklautz <bernhard.miklautz@thincast.com> | not-needed | upstream, https://github.com/FreeRDP/FreeRDP/commit/2ac047d472d3cb07b208c4704ce9c2e33a8520d3 | 2025-04-23 | |
| gcc-fix-server-side-connection-with-multiple-monitor.patch | gcc: fix server-side connection with multiple monitor The check was inverted and so any connection with multiple monitors was failing. |
David Fort <contact@hardening-consulting.com> | not-needed | upstream, https://github.com/FreeRDP/FreeRDP/commit/801c3fdda3f556abf9b4771205ff9ded57893c8f | 2025-04-23 | |
| CVE-2025-4478.patch | transport: Initialize function pointers after resource allocation The transport instance is freed when an error occurs. If the TransportDisconnect function pointer is initialized it causes SIGSEGV during free. |
Jonas Ă…dahl <jadahl@gmail.com> | not-needed | upstream, https://github.com/FreeRDP/FreeRDP/commit/a4bb702aa62e4fad91ca99142de075265555ec18 | 2025-05-13 | |
| core-redirection-Ensure-stream-has-space-for-cert.patch | core/redirection: Ensure stream has enough space for the certificate Instead of checking whether enough space for the certificate is available, simply use Stream_EnsureRemainingCapacity() to extend the buffer size if needed. Otherwise, server redirection might fail despite having a valid certificate. See also: https://gitlab.gnome.org/GNOME/gnome-remote-desktop/-/issues/274 |
Pascal Nowack <Pascal.Nowack@gmx.de> | not-needed | debian | upstream, https://github.com/FreeRDP/FreeRDP/pull/11762 | 2025-08-06 |
| core-redirection-Ensure-stream-has-space-for-all-params.patch | core/redirection: Ensure stream has enough space for all parameters While commit a08e3fc5315af8a10c9b1d1333ec3c3d1066a172 fixed the case, where the stream did not have enough space for the target certificate, it did miss out a few other cases where the remaining length is just checked, but not increased when needed. Fix this by now also covering the remaining cases. |
Pascal Nowack <Pascal.Nowack@gmx.de> | not-needed | debian | upstream, https://github.com/FreeRDP/FreeRDP/pull/11830 | 2025-08-31 |
| client-desktop-fix-StartupWMClass-setting.patch | [client,desktop] fix StartupWMClass setting | akallabeth <akallabeth@posteo.net> | not-needed | upstream, https://github.com/FreeRDP/FreeRDP/pull/11708 | 2025-06-26 | |
| client-x11-fix-clipboard-issues.patch | [client,x11] fix clipboard issues * better logging of requested formats * properly remember local format ID to paste diff --git a/client/X11/xf_cliprdr.c b/client/X11/xf_cliprdr.c |
akallabeth <akallabeth@posteo.net> | not-needed | debian upstream | upstream, https://github.com/FreeRDP/FreeRDP/pull/11724 | 2025-07-03 |
| client-sdl-lock-primary-while-used-CVE-2026-22851.patch | [client,sdl] lock primary while used "[client,sdl] lock primary while used", not only single missing lock were added, but the lock type has been changed in other places. In 3.15 the lock type was std::lock_guard<CriticalSection>, later it were changed to std::scoped_lock, and when adding the missing lock, the lock type were changed again to std::unique_lock. Here for 3.15, add just the missing lock, of the same type as used elsewhere (std::lock_guard<CriticalSection>). So the fix becomes a one-liner. |
akallabeth <akallabeth@posteo.net> | not-needed | upstream | upstream, https://github.com/FreeRDP/FreeRDP/commit/98deec9ec0a048cd5fb99076f40253cc387b4864 | 2025-12-31 |
| channels-audin-free-up-old-audio-formats-CVE-2026-22852.patch | [channels,audin] free up old audio formats | akallabeth <akallabeth@posteo.net> | not-needed | upstream | upstream, https://github.com/FreeRDP/FreeRDP/commit/cd1ffa112cfbe1b40a9fd57e299a8ea12e23df0d | 2026-01-10 |
| channels-rdpear-add-checks-for-itemSize-CVE-2026-22853.patch | [channels,rdpear] add checks for itemSize when a ndr read function is called with invalid arguments abort early. |
akallabeth <akallabeth@posteo.net> | not-needed | upstream | upstream, https://github.com/FreeRDP/FreeRDP/commit/19f48dc7d615984a24a9be89f50ef9eb8f9bdb6a | 2026-01-12 |
| channels-drive-fix-constant-type-CVE-2026-22854.patch | [channels,drive] fix constant type ensure constant is of 64bit integer type |
akallabeth <akallabeth@posteo.net> | not-needed | upstream | upstream, https://github.com/FreeRDP/FreeRDP/commit/3da319570c8a6be0a79b3306f1ed354c4a943259 | 2026-01-12 |
| utils-smartcard-handle-output-buffer-too-small.patch | [utils,smartcard] handle output buffer too small | akallabeth <akallabeth@posteo.net> | not-needed | upstream, https://github.com/FreeRDP/FreeRDP/commit/60330fc7715070e8633f17ad46fd2f61503dfa2c | 2025-05-07 | |
| utils-smartcard-improve-trace-log.patch | [utils,smartcard] improve trace log | akallabeth <akallabeth@posteo.net> | not-needed | upstream, https://github.com/FreeRDP/FreeRDP/commit/2e7e6dde87f1e1e117a05ff737361aebbd57d770 | 2025-04-14 | |
| utils-smartcard-better-logging-and-error-checks.patch | [utils,smartcard] better logging and error checks * Use wLog as argument where possible to reduce the number of WLog_Get calls * Do better failure checks to avoid reading invalid memory |
akallabeth <akallabeth@posteo.net> | not-needed | upstream, https://github.com/FreeRDP/FreeRDP/commit/6b80a2d4ef934a8e9355fcf5131490e5f256fa67 | 2025-05-27 | |
| utils-smartcard-add-length-validity-checks-CVE-2026-22855.patch | [utils,smartcard] add length validity checks in smartcard_unpack_set_attrib_call input length validity checks were missing. |
akallabeth <akallabeth@posteo.net> | not-needed | upstream | upstream, https://github.com/FreeRDP/FreeRDP/commit/57c5647d98c2a026de8b681159cb188ca0439ef8 | 2026-01-11 |
| channels-serial-explicitly-lock-serial-IrpThreads-CVE-2026-22856.patch | [channels,serial] explicitly lock serial->IrpThreads | akallabeth <akallabeth@posteo.net> | not-needed | upstream | upstream, https://github.com/FreeRDP/FreeRDP/commit/675c20f08f32ca5ec06297108bdf30147d6e2cd9 | 2026-01-13 |
| channels-serial-fix-use-after-free-CVE-2026-22857.patch | [channels,serial] fix use after free | akallabeth <akallabeth@posteo.net> | not-needed | upstream | upstream, https://github.com/FreeRDP/FreeRDP/commit/e99e33aea8c5e480e224f4a167947dfacf4584a2 | 2026-01-11 |
| crypto-base64-ensure-char-is-singend.patch | [crypto,base64] ensure char is singend | akallabeth <akallabeth@posteo.net> | not-needed | upstream, https://github.com/FreeRDP/FreeRDP/commit/62a9e787edb2cfce9858fa4ceda5461680efc590 | 2026-01-10 | |
| crypto-base64-do-proper-length-checks-CVE-2026-22858.patch | [crypto,base64] do proper length checks relying on casting is error prone, so do proper index range checks. (Mjt: adjust inline=>INLINE) |
akallabeth <akallabeth@posteo.net> | not-needed | upstream | upstream, https://github.com/FreeRDP/FreeRDP/commit/011737296d0aa674a086fdc89839951b08129e54 | 2026-01-10 |
| channels-urbdrc-check-interface-indices-before-use-CVE-2026-22859.patch | [channels,urbdrc] check interface indices before use | akallabeth <akallabeth@posteo.net> | not-needed | upstream | upstream, https://github.com/FreeRDP/FreeRDP/commit/7b7e6de8fe427a2f01d331056774aec69710590b | 2026-01-10 |
| codec-planar-fix-decoder-length-checks-CVE-2026-23530.patch | [codec,planar] fix decoder length checks | akallabeth <akallabeth@posteo.net> | not-needed | upstream | upstream, https://github.com/FreeRDP/FreeRDP/commit/1bab198a2edd0d0e6e1627d21a433151ea190500 | 2026-01-15 |
| codec-clear-fix-missing-length-checks-CVE-2026-23531.patch | [codec,clear] fix missing length checks | akallabeth <akallabeth@posteo.net> | not-needed | upstream | upstream, https://github.com/FreeRDP/FreeRDP/commit/25102b432fb37916a1a553d7ef8fd940c6e52c3f | 2026-01-15 |
| gdi-gfx-properly-clamp-SurfaceToSurface-CVE-2026-23532.patch | [gdi,gfx] properly clamp SurfaceToSurface | akallabeth <akallabeth@posteo.net> | not-needed | upstream | upstream, https://github.com/FreeRDP/FreeRDP/commit/c4a7c371342edf0d307cea728f56d3302f0ab38c | 2026-01-15 |
| codec-clear-fix-clear_resize_buffer-checks-CVE-2026-23533.patch | [codec,clear] fix clear_resize_buffer checks | akallabeth <akallabeth@posteo.net> | not-needed | upstream | upstream, https://github.com/FreeRDP/FreeRDP/commit/c4391827d7facfc874ca7f61a92afb82232a5748 | 2026-01-15 |
| codec-clear-fix-off-by-one-length-check-CVE-2026-23534.patch | [codec,clear] fix off by one length check | akallabeth <akallabeth@posteo.net> | not-needed | upstream | upstream, https://github.com/FreeRDP/FreeRDP/commit/f8688b57f6cfad9a0b05475a6afbde355ffab720 | 2026-01-15 |
| codec-color-add-freerdp_glyph_convert_ex-CVE-2026-23732.patch | [codec,color] add freerdp_glyph_convert_ex The function freerdp_glyph_convert does not check input buffer length, deprecate it and provide a replacement that does properly check. |
akallabeth <akallabeth@posteo.net> | not-needed | upstream | upstream, https://github.com/FreeRDP/FreeRDP/commit/3bc1eeb4f63ceec9a696af194e4c1ea0e67ff60c | 2026-01-16 |
| gdi-graphics-Use-freerdp_glyph_convert_ex-CVE-2026-23732.patch | [gdi,graphics] Use freerdp_glyph_convert_ex | akallabeth <akallabeth@posteo.net> | not-needed | upstream | upstream, https://github.com/FreeRDP/FreeRDP/commit/9f0eb3b7d43069a1e973464bcb43d1ef965ae65e | 2026-01-16 |
| client-x11-fix-double-free-in-case-of-invalid-pointe-CVE-2026-23883.patch | [client,x11] fix double free in case of invalid pointer | akallabeth <akallabeth@posteo.net> | not-needed | upstream | upstream, https://github.com/FreeRDP/FreeRDP/commit/0421b53fcb4a80c95f51342e4a2c40c68a4101d3 | 2026-01-19 |
| cache-offscreen-invalidate-bitmap-before-free-CVE-2026-23884.patch | [cache,offscreen] invalidate bitmap before free First ensure the bitmap is no longer used for drawing before calling the free function. |
akallabeth <akallabeth@posteo.net> | not-needed | upstream | upstream, https://github.com/FreeRDP/FreeRDP/commit/52106a26726a2aba77aa6d86014d2eb3507f0783 | 2026-01-19 |
| core-info-fix-missing-NULL-check-CVE-2026-23948.patch | [core,info] fix missing NULL check | akallabeth <akallabeth@posteo.net> | not-needed | upstream | upstream, https://github.com/FreeRDP/FreeRDP/commit/4d44e3c097656a8b9ec696353647b0888ca45860 | 2026-01-19 |
| clang-warnings-fix-Wjump-misses-init-drdynvc_main.patch | [clang,warnings] fix Wjump-misses-init | Armin Novak <armin.novak@thincast.com> | not-needed | upstream, https://github.com/FreeRDP/FreeRDP/commit/3c95b2729bb8f6dfb7e6926f52dc7edb9bb5fc58 | 2026-01-08 | |
| channels-drdynvc-reset-channel_callback-before-close-CVE-2026-24491.patch | [channels,drdynvc] reset channel_callback before close The channel_callback usually frees up the memory of the callback. To ensure that there is no access to any of the data structures in it invalidate the pointer used to access it before a free. diff --git a/channels/drdynvc/client/drdynvc_main.c b/channels/drdynvc/client/drdynvc_main.c |
akallabeth <akallabeth@posteo.net> | not-needed | upstream | upstream, https://github.com/FreeRDP/FreeRDP/commit/e02e052f6692550e539d10f99de9c35a23492db2 | 2026-01-26 |
| channels-drdynvc-check-pointer-before-reset.patch | [channels,drdynvc] check pointer before reset | Armin Novak <armin.novak@thincast.com> | not-needed | upstream, https://github.com/FreeRDP/FreeRDP/commit/cb7f295bc750de86480d60a3b58cebc56a57a1c4 | 2026-01-27 | |
| channels-urbdrc-do-not-free-MsConfig-on-failure-CVE-2026-24675.patch | [channels,urbdrc] do not free MsConfig on failure let the channel handle it later. |
akallabeth <akallabeth@posteo.net> | not-needed | upstream | upstream, https://github.com/FreeRDP/FreeRDP/commit/d676518809c319eec15911c705c13536036af2ae | 2026-01-26 |
| channels-audin-reset-audin-format-CVE-2026-24676.patch | [channels,audin] reset audin->format Whenever the underlying structure changes reset the pointer to NULL |
akallabeth <akallabeth@posteo.net> | not-needed | upstream | upstream, https://github.com/FreeRDP/FreeRDP/commit/026b81ae5831ac1598d8f7371e0d0996fac7db00 | 2026-01-26 |
| clang-warnings-fix-Wjump-misses-init-remdesk_main.patch | [clang,warnings] fix Wjump-misses-init | Armin Novak <armin.novak@thincast.com> | not-needed | upstream, https://github.com/FreeRDP/FreeRDP/commit/f7ee8dadcee9aa567bb13f99ce349a1f5f87fde4 | 2026-01-08 | |
| channels-rdpecam-improve-log-messages.patch | [channels,rdpecam] improve log messages diff --git a/channels/rdpecam/client/camera_device_main.c b/channels/rdpecam/client/camera_device_main.c |
akallabeth <akallabeth@posteo.net> | not-needed | upstream, https://github.com/FreeRDP/FreeRDP/commit/d80d9bf2ce5f117c69ff760f377c1bdf4060b082 | 2025-12-01 | |
| rdpecam-fix-camera-sample-grabbing.patch | rdpecam: fix camera sample grabbing Before this patch we had a behavior where there was a credit of 8 samples that could be sent to the server with no corresponding sample request. So in the right conditions, we were having situations where the server was receiving samples that it has not requested, and so it was dropping them. The visible effect was small artifacts in the camera stream when i-frames where dropped, and more serious ones when the dropped content was containing key frames. This issue has also been reported when xfreerdp connects on g-r-d as #11990. This patch reworks the frame grabbing workflow: when the frame grabbing thread calls the sample callback we check if a sample is already pending, waiting to be sent to the server. If that's the case and the camera's input format supports frame dropping we just refresh the pending frame with the new one. If the input format can't drop frames (like with h264 and mjpg) we wait until the current pending frame is sent. So now frames can be sent either when we receive a sample request from the server, or when the sample callback is invoked. |
David Fort <contact@hardening-consulting.com> | not-needed | upstream, https://github.com/FreeRDP/FreeRDP/commit/32e64c1e98d9218944a054a5046fc012c15f38aa | 2025-12-04 | |
| channels-rpdecam-log-dropped-samples.patch | [channels,rpdecam] log dropped samples | akallabeth <akallabeth@posteo.net> | not-needed | upstream, https://github.com/FreeRDP/FreeRDP/commit/c118d3df18dd6884ef110ffffafc5494f82cd438 | 2025-12-05 | |
| channels-rdpecam-ensure-sws-context-size-matches-CVE-2026-24677.patch | [channels,rdpecam] ensure sws context size matches | akallabeth <akallabeth@posteo.net> | not-needed | upstream | upstream, https://github.com/FreeRDP/FreeRDP/commit/d2d4f449312ddafd4a4c6c8a4f856c7f0d44a3b5 | 2026-01-26 |
| channels-rdpecam-ensure-all-streams-are-stopped-CVE-2026-24678.patch | [channels,rdpecam] ensure all streams are stopped When closing the channel ensure there are no more streams running. |
akallabeth <akallabeth@posteo.net> | not-needed | upstream | upstream, https://github.com/FreeRDP/FreeRDP/commit/f3ab1a16139036179d9852745fdade18fec11600 | 2026-01-26 |
| channels-urbdrc-ensure-InterfaceNumber-is-within-ran-CVE-2026-24679.patch | [channels,urbdrc] ensure InterfaceNumber is within range | akallabeth <akallabeth@posteo.net> | not-needed | upstream | upstream, https://github.com/FreeRDP/FreeRDP/commit/2d563a50be17c1b407ca448b1321378c0726dd31 | 2026-01-26 |
| client-sdl-reset-pointer-after-memory-release-CVE-2026-24680.patch | [client,sdl] reset pointer after memory release | akallabeth <akallabeth@posteo.net> | not-needed | upstream | upstream, https://github.com/FreeRDP/FreeRDP/commit/c42ecbd183b001e76bfc3614cddfad0034acc758 | 2026-01-26 |
| channels-urbdrc-cancel-all-usb-transfers-on-channel--CVE-2026-24681.patch | [channels,urbdrc] cancel all usb transfers on channel close | akallabeth <akallabeth@posteo.net> | not-needed | upstream | upstream, https://github.com/FreeRDP/FreeRDP/commit/414f701464929c217f2509bcbd6d2c1f00f7ed73 | 2026-01-26 |
| channels-audin-fix-audin_server_recv_formats-cleanup-CVE-2026-24682.patch | [channels,audin] fix audin_server_recv_formats cleanup | akallabeth <akallabeth@posteo.net> | not-needed | upstream | upstream, https://github.com/FreeRDP/FreeRDP/commit/1c5c74223179d425a1ce6dbbb6a3dd2a958b7aee | 2026-01-26 |
| channels-ainput-lock-context-when-updating-listener-CVE-2026-24683.patch | [channels,ainput] lock context when updating listener | akallabeth <akallabeth@posteo.net> | not-needed | upstream | upstream, https://github.com/FreeRDP/FreeRDP/commit/d9ca272dce7a776ab475e9b1a8e8c3d2968c8486 | 2026-01-26 |
| channels-rdpsnd-terminate-thread-before-free-CVE-2026-24684.patch | [channels,rdpsnd] terminate thread before free Ensure that the optional rdpsnd thread is terminated and the message queue freed up before releasing the channel context memory |
akallabeth <akallabeth@posteo.net> | not-needed | upstream | upstream, https://github.com/FreeRDP/FreeRDP/commit/622bb7b4402491ca003f47472d0e478132673696 | 2026-01-26 |
| channel-rdpsnd-only-clean-up-thread-before-free-CVE-2026-24684.patch | [channel,rdpsnd] only clean up thread before free rdpsnd channel usually has multiple instances (static, dynamic, ...) so ensure only to terminate the handler thread when the channel is actually closed for good. |
akallabeth <akallabeth@posteo.net> | not-needed | upstream | upstream, https://github.com/FreeRDP/FreeRDP/commit/afa6851dc80835d3101e40fcef51b6c5c0f43ea5 | 2026-01-28 |
| winpr-wlog-Add-specialized-text-log-functions.patch | [winpr,wlog] Add specialized text log functions (channels-rdpecam-add-value-range-checks.patch) which uses functions provided in this change. format strings usage, which is fixed by the next upstream patch. The issues the next patch fixes, were in the code for a long time, but due to missing arguments checking, went unnoticed. so to be backwards- and forward-compatible, we use libwinpr3-partial-api-3-17 trick in the symbols and control files. The generic WLog_PrintMessage(VA) functions lack proper checks of the supplied format strings. Add WLog_PrintTextMessage(VA) functions that do compile time checks of supplied format strings to uncover usage errors early and use them in the logger macros. |
akallabeth <akallabeth@posteo.net> | not-needed | upstream, https://github.com/FreeRDP/FreeRDP/commit/df89b04424599bed520461f10c1893509189f862 | 2025-08-13 | |
| warnings-Fix-format-string-errors-partial.patch | [warnings] Fix format string errors has been identified and fixed in usage of printf-format-strings. This is a partial upstream commit, with only hunks which can be applied to 3.15 are left, and hunks which don't apply, were deleted. Diffstat is for the original upstream patch. * Fix casts of format string arguments (%p requires void*) * Fix format string to match type of arguments |
akallabeth <akallabeth@posteo.net> | not-needed | upstream, https://github.com/FreeRDP/FreeRDP/commit/65f18983edfcfbf02614273f2b9da405f96562fe | 2025-08-13 | |
| channels-rdpecam-add-value-range-checks.patch | [channels,rdpecam] add value range checksComment: When reading a enum value from network, first check the value range and abort with a log message if an invalid value is found |
akallabeth <akallabeth@posteo.net> | not-needed | upstream, https://github.com/FreeRDP/FreeRDP/commit/508a0db07c8216e86edd1ce7f7f8398342868a91 | 2026-01-09 | |
| channels-rdpecam-fix-PROPERTY_DESCRIPTION-parsing.patch | [channels,rdpecam] fix PROPERTY_DESCRIPTION parsing * The Capabilities field is a mask, so allow combination of all valid values. * Adjust header to hold a mask * Use enum to define constants for parsed values |
akallabeth <akallabeth@posteo.net> | not-needed | upstream, https://github.com/FreeRDP/FreeRDP/commit/067524438a284d06c78b124c5858d8773279f70f | 2026-01-28 | |
| channels-rdpgfx-check-available-stream-length-CVE-2026-25941.patch | [channels,rdpgfx] check available stream length | Armin Novak <armin.novak@thincast.com> | not-needed | upstream | upstream, https://github.com/FreeRDP/FreeRDP/commit/2e3b77e28ac6a398897d28ba464dcc5dfab9c9e2 | 2026-02-09 |
| client-x11-fix-xf_rail_window_common-cleanup-CVE-2026-26986.patch | [client,x11] fix xf_rail_window_common cleanup leave the appWindow for later cleanup. |
Armin Novak <armin.novak@thincast.com> | not-needed | upstream | upstream, https://github.com/FreeRDP/FreeRDP/commit/b4f0f0a18fe53aa8d47d062f91471f4e9c5e0d51 | 2026-02-09 |
| client-x11-stringfiy-functions-for-RAILS-CVE-2026-25942.patch | [client,x11] stringfiy functions for RAILS | Armin Novak <armin.novak@thincast.com> | not-needed | upstream | upstream, https://github.com/FreeRDP/FreeRDP/commit/9362a0bf8dda04eedbca07d5dfaec1044e67cc6b | 2026-02-09 |
| client-X11-fix-clipboard-update-CVE-2026-25997.patch | [client,X11] fix clipboard update Synchronize channel thread with RDP thread when accessing clipboard formats |
Armin Novak <armin.novak@thincast.com> | not-needed | upstream | upstream, https://github.com/FreeRDP/FreeRDP/commit/58409406afe7c2a8a71ed2dc8e22075be4f41c0c | 2026-02-09 |
| client-x11-lock-appWindow-CVE-2026-25952-CVE-2026-25953-CVE-2026-25954.patch | [client,x11] lock appWindow When using xf_rail_get_window lock the hash talbe until xf_rail_return_window diff --git a/client/X11/xf_event.c b/client/X11/xf_event.c |
Armin Novak <armin.novak@thincast.com> | not-needed | upstream | upstream, https://github.com/FreeRDP/FreeRDP/commit/1994e9844212a6dfe0ff12309fef520e888986b5 | 2026-02-09 |
| client-x11-fix-missing-includes.patch | [client,x11] fix missing includes | akallabeth <akallabeth@posteo.net> | not-needed | upstream, https://github.com/FreeRDP/FreeRDP/commit/479cea48ccc40c1e28b77043dc58d475367a80b5 | 2025-05-22 | |
| client-x11-destroy-XImage-on-window-unmap-CVE-2026-25955.patch | [client,x11] destroy XImage on window unmap When unmapping rails window destroy the cached XImage of appWindow |
Armin Novak <armin.novak@thincast.com> | not-needed | upstream | upstream, https://github.com/FreeRDP/FreeRDP/commit/169d358734509e82663a0d6a0085ae726d439d8e | 2026-02-09 |
| client-x11-lock-cache-when-providing-data-CVE-2026-25959.patch | [client,x11] lock cache when providing data | Armin Novak <armin.novak@thincast.com> | not-needed | upstream | upstream, https://github.com/FreeRDP/FreeRDP/commit/d3e8b3b9365be96a4f11dda149d71b3287227d0a | 2026-02-09 |
| codec-color-fix-input-length-checks-CVE-2026-26271.patch | [codec,color] fix input length checks * check cbBitsMask meets expected length * Add logging for length failures |
Armin Novak <armin.novak@thincast.com> | not-needed | upstream | upstream, https://github.com/FreeRDP/FreeRDP/commit/f5e20403d6e325e11b68129803f967fb5aeec1cb | 2026-02-13 |
| utils-smartcard-check-stream-length-on-padding-CVE-2026-27015.patch | [utils,smartcard] check stream length on padding When reading optional padding in smartcard channel check if padding is actually there. |
Armin Novak <armin.novak@thincast.com> | not-needed | upstream | upstream, https://github.com/FreeRDP/FreeRDP/commit/65d59d3b3c2f630f2ea862687ecf5f95f8115244 | 2026-02-15 |
| codec-clear-fix-missing-destination-boundary-checks-CVE-2026-26955.patch | [codec,clear] fix missing destination boundary checks | Armin Novak <armin.novak@thincast.com> | not-needed | upstream | upstream, https://github.com/FreeRDP/FreeRDP/commit/0746639629cc0eb1eb61e880c626c8db393665cf | 2026-02-15 |
| codec-clear-fix-destination-checks-CVE-2026-26955.patch | [codec,clear] fix destination checks check against the correct nDstWidth/nDstHeight |
Armin Novak <armin.novak@thincast.com> | not-needed | upstream | upstream, https://github.com/FreeRDP/FreeRDP/commit/7d8fdce2d0ef337cb86cb37fc0c436c905e04d77 | 2026-02-16 |
| codec-planar-fix-missing-destination-bounds-checks-CVE-2026-26965.patch | [codec,planar] fix missing destination bounds checks | Armin Novak <armin.novak@thincast.com> | not-needed | upstream | upstream, https://github.com/FreeRDP/FreeRDP/commit/a0be5cb87d760bb1c803ad1bb835aa1e73e62abc | 2026-02-16 |
| codec-h264-validate-rectangles-before-use-CVE-2026-29774.patch | [codec,h264] validate rectangles before use | Armin Novak <armin.novak@thincast.com> | not-needed | upstream | upstream, https://github.com/FreeRDP/FreeRDP/commit/6482b7a92fff3959582cef052d1967ad6bde3738 | 2026-02-28 |
| cache-bitmap-overallocate-bitmap-cache-CVE-2026-29775.patch | [cache,bitmap] overallocate bitmap cache | Armin Novak <armin.novak@thincast.com> | not-needed | upstream | upstream, https://github.com/FreeRDP/FreeRDP/commit/ffad58fd2b329efd81a3239e9d7e3c927b8e503f | 2026-02-28 |
| core-order-fix-const-correctness.patch | [core,order] fix const correctness diff --git a/libfreerdp/core/orders.c b/libfreerdp/core/orders.c index 3085765ec..c27b474ae 100644 |
Armin Novak <armin.novak@thincast.com> | not-needed | upstream, https://github.com/FreeRDP/FreeRDP/commit/b8f5b9c719c269010caf6dbd5929cef684e154b4 | 2025-04-23 | |
| core-orders-improve-input-validation-CVE-2026-29776.patch | [core,orders] improve input validation check length before subtracting. Might underflow and be cought by the next check, but lets be strict. |
Armin Novak <armin.novak@thincast.com> | not-needed | upstream | upstream, https://github.com/FreeRDP/FreeRDP/commit/a9e0abf2eac8c2e370fa155bf1abb9d044c0ca8a | 2026-03-03 |
| codec-nsc-bounds-checks-and-doxygen.patch | [codec,nsc] bounds checks and doxygen * Improve doxygen for nsc_process_message * Improve bounds checks for nsc_process_message |
Armin Novak <armin.novak@thincast.com> | not-needed | upstream, https://github.com/FreeRDP/FreeRDP/commit/f4d74c33fd58e9e9e4e52d75b0d1255af8fa4b53 | 2026-02-15 | |
| codec-nsc-log-decoder-function-parameter-issues.patch | [codec,nsc] log decoder function parameter issues | Armin Novak <armin.novak@thincast.com> | not-needed | upstream, https://github.com/FreeRDP/FreeRDP/commit/caf6e7f2ecd2d71cd70719956f7d60bcacb1701b | 2026-02-17 | |
| codec-nsc-fix-use-of-nsc_process_message.patch | [codec,nsc] fix use of nsc_process_message the second width/height argument should reflect the destination buffer pixel size |
Armin Novak <armin.novak@thincast.com> | not-needed | upstream, https://github.com/FreeRDP/FreeRDP/commit/169971607cece48384cb94632b829bd57336af0f | 2026-02-17 | |
| codec-nsc-limit-copy-area-in-nsc_process_message-CVE-2026-31806.patch | [codec,nsc] limit copy area in nsc_process_message the rectangle decoded might not fit into the destination buffer. Limit width and height of the area to copy to the one fitting. (Mjt: backport to debian trixie version) |
Armin Novak <armin.novak@thincast.com> | not-needed | upstream | upstream, https://github.com/FreeRDP/FreeRDP/commit/83d9aedea278a74af3e490ff5eeb889c016dbb2b | 2026-03-09 |
| codec-dsp-fix-array-bounds-checks-CVE-2026-31883-CVE-2026-31885.patch | [codec,dsp] fix array bounds checks * assert array indices where caller value is an internal constant * add missing length/bounds checks |
Armin Novak <armin.novak@thincast.com> | not-needed | upstream | upstream, https://github.com/FreeRDP/FreeRDP/commit/83d9aedea278a74af3e490ff5eeb889c016dbb2b | 2026-03-10 |
| codec-dsp-add-format-checks-CVE-2026-31884.patch | [codec,dsp] add format checks To avoid issues with invalid audio format settings always check before use. |
Armin Novak <armin.novak@thincast.com> | not-needed | upstream | upstream, https://github.com/FreeRDP/FreeRDP/commit/03b48b3601d867afccac1cdc6081de7a275edce7 | 2026-03-10 |
| codec-planar-add-early-length-check-to-avoid-oob-rea-CVE-2026-31897.patch | [codec,planar] add early length check to avoid oob read | Armin Novak <armin.novak@thincast.com> | not-needed | upstream | upstream, https://github.com/FreeRDP/FreeRDP/commit/cd27c8faca0eeb0d4309cc5837dfdf3c42eba4e7 | 2026-03-10 |
| core-gateway-Check-rpcconn_common_hdr_t-auth_length--CVE-2026-33952.patch | [core,gateway] Check rpcconn_common_hdr_t::auth_length is valid Do sanity checks for rpcconn_common_hdr_t::auth_length read from network, abort if the value is out of range. |
Armin Novak <armin.novak@thincast.com> | not-needed | upstream | upstream, https://github.com/FreeRDP/FreeRDP/commit/4ac0b6467d371a1ad47c1f751c5b305e4c068adb | 2026-03-25 |
| codec-dsp-fix-IMA-ADPCM-sample-clamping-CVE-2026-33977.patch | [codec,dsp] fix IMA ADPCM sample clamping | Armin Novak <armin.novak@thincast.com> | not-needed | upstream | upstream, https://github.com/FreeRDP/FreeRDP/commit/9be3f03d94a50892fd58a9f7dee72b2313c69b47 | 2026-03-25 |
| winpr-sspi-Fix-context-nullptr-handling-CVE-2026-33995.patch | [winpr,sspi] Fix context nullptr handling Unify reset of PCredHandle and PCtxtHandle in all DeleteSecurityContext and FreeCredentialsHandle implementations. |
Armin Novak <armin.novak@thincast.com> | not-needed | upstream | upstream, https://github.com/FreeRDP/FreeRDP/commit/8078b8af1359055972e4fb2f509f543b69169391 | 2026-03-25 |
| codec-clear-update-CLEAR_VBAR_ENTRY-size-after-alloc-CVE-2026-33984.patch | [codec,clear] update CLEAR_VBAR_ENTRY::size after alloc | Armin Novak <armin.novak@thincast.com> | not-needed | upstream | upstream, https://github.com/FreeRDP/FreeRDP/commit/dc7fdb165095139be779a4000199bc1706b06ad5 | 2026-03-25 |
| codec-progressive-Fail-progressive_rfx_quant_sub-on--CVE-2026-33983.patch | [codec,progressive] Fail progressive_rfx_quant_sub on invalid values | Armin Novak <armin.novak@thincast.com> | not-needed | upstream | upstream, https://github.com/FreeRDP/FreeRDP/commit/78188ab479c8e6eb9ba2475b3732c76b4bbe5425 | 2026-03-25 |
| codec-clear-Update-CLEAR_GLYPH_ENTRY-count-after-all-CVE-2026-33985.patch | [codec,clear] Update CLEAR_GLYPH_ENTRY::count after alloc Ensure the value is always properly related to an existing buffer. |
Armin Novak <armin.novak@thincast.com> | not-needed | upstream | upstream, https://github.com/FreeRDP/FreeRDP/commit/c49d1ad43b8c7b32794d0250f2623c2dccd7ef25 | 2026-03-25 |
| codec-h264-update-H264_CONTEXT-width-height-after-al-CVE-2026-33986.patch | [codec,h264] update H264_CONTEXT::width,height after alloc Ensure the width/height values are only updated after the buffers were successfully allocated. |
Armin Novak <armin.novak@thincast.com> | not-needed | upstream | upstream, https://github.com/FreeRDP/FreeRDP/commit/f6e43e208958140074ae9bb93cd0c9045a371c77 | 2026-03-25 |
| cache-persistent-update-PERSISTENT_CACHE_ENTRY-size--CVE-2026-33987.patch | [cache,persistent] update PERSISTENT_CACHE_ENTRY::size after realloc Avoid invalid PERSISTENT_CACHE_ENTRY::size values in case realloc fails. |
Armin Novak <armin.novak@thincast.com> | not-needed | upstream | upstream, https://github.com/FreeRDP/FreeRDP/commit/1a890eb43492b5eb707cb3dd6fc908f696e8fc1c | 2026-03-25 |
| cache-persist-use-winpr_aligned_calloc-CVE-2026-33982.patch | [cache,persist] use winpr_aligned_calloc Consistently use winpr_aligned_* family for allocating/freeing the buffers. |
Armin Novak <armin.novak@thincast.com> | not-needed | upstream | upstream, https://github.com/FreeRDP/FreeRDP/commit/a48dbde2c8a5b8b70a9d1c045d969a71afd6284c | 2026-03-25 |
| clang-warnings-fix-Wjump-misses-init.patch | [clang,warnings] fix Wjump-misses-init | Armin Novak <armin.novak@thincast.com> | not-needed | upstream, https://github.com/FreeRDP/FreeRDP/commit/15b0085ddfbb0e98ad189311fe9d652ea502adcc | 2026-01-08 | |
| channels-drive-refine-bounds-checks-CVE-2026-40254.patch | [channels,drive] refine bounds checks * better logging, fix wrong path component printed * ensure path does not end with path/.. diff --git a/channels/drive/client/drive_file.c b/channels/drive/client/drive_file.c |
Armin Novak <armin.novak@thincast.com> | not-needed | upstream | upstream, https://github.com/FreeRDP/FreeRDP/commit/f502dbb8462597fbe5b97f890359dfdecb525bf7 | 2026-04-10 |
All known versions for source package 'freerdp3'
- 3.26.0+dfsg-1 (sid, forky)
- 3.24.2+dfsg-1~bpo13+1 (trixie-backports)
- 3.15.0+dfsg-2.1+deb13u3 (trixie)
- 3.10.3+dfsg-1~bpo12+1 (bookworm-backports)