Bug 245517 - net/freerdp: Update to 2.1.1
Summary: net/freerdp: Update to 2.1.1
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: Normal Affects Many People
Assignee: Kyle Evans
URL: https://github.com/FreeRDP/FreeRDP/re...
Keywords: needs-qa, security
Depends on:
Blocks:
 
Reported: 2020-04-10 19:40 UTC by Vladimir Druzenko
Modified: 2020-06-17 02:15 UTC (History)
4 users (show)

See Also:
bugzilla: maintainer-feedback? (kevans)
koobs: merge-quarterly?


Attachments
Update to 2.0.0 (5.00 KB, patch)
2020-04-10 19:40 UTC, Vladimir Druzenko
no flags Details | Diff
Update to 2.1.0 (6.25 KB, patch)
2020-05-15 18:39 UTC, Vladimir Druzenko
no flags Details | Diff
Update to 2.1.1 (6.25 KB, patch)
2020-05-25 18:37 UTC, Vladimir Druzenko
no flags Details | Diff
Update to 2.1.1 (7.42 KB, patch)
2020-05-27 20:21 UTC, Vladimir Druzenko
kevans: maintainer-approval+
Details | Diff
svn(1) diff against the ports tree (1.65 KB, patch)
2020-05-28 00:44 UTC, Kyle Evans
no flags Details | Diff
Proposed vuxml entry (1.76 KB, patch)
2020-05-28 00:46 UTC, Kyle Evans
koobs: maintainer-approval? (koobs)
Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Vladimir Druzenko freebsd_committer freebsd_triage 2020-04-10 19:40:46 UTC
Created attachment 213259 [details]
Update to 2.0.0

FreeRDP 2.0.0 require newer version of libusb compared to base system have.
There are several errors during build.

1. Undeclared LIBUSB_CLASS_PHYSICAL, patch (hack?) is:
--- channels/urbdrc/client/libusb/libusb_udevice.h.orig
+++ channels/urbdrc/client/libusb/libusb_udevice.h
@@ -75,4 +75,8 @@
                            BYTE dev_number);
 const char* usb_interface_class_to_string(uint8_t class);
 
+#ifndef LIBUSB_CLASS_PHYSICAL
+#define LIBUSB_CLASS_PHYSICAL 5
+#endif
+
 #endif /* FREERDP_CHANNEL_URBDRC_CLIENT_LIBUSB_UDEVICE_H */

2. Undeclared LIBUSB_CAP_HAS_HOTPLUG - doesn't know how to do better than just add:
#ifndef LIBUSB_CAP_HAS_HOTPLUG
#define LIBUSB_CAP_HAS_HOTPLUG 0x0001
#endif

3. No include file mntent.h - got solution from devel/fam.

4. Undeclared O_TMPFILE in FreeBSD. Fix is here: 
PATCHFILES=     3929226.patch:-p1
https://github.com/FreeRDP/FreeRDP/commit/39292268308a3fd6233c2863df22232725d22b3a

--- a/uwac/libuwac/uwac-os.c
+++ b/uwac/libuwac/uwac-os.c
@@ -33,6 +33,11 @@
 #define USE_SHM
 #endif
 
+/* uClibc and uClibc-ng don't provide O_TMPFILE */
+#ifndef O_TMPFILE
+#define O_TMPFILE (020000000 | O_DIRECTORY)
+#endif
+
 #include <sys/types.h>
 #include <sys/socket.h>
 #ifdef USE_SHM

5. Doesn't know is msusb.h needed - it was moved in sources, and I removed it from pkg-plist.

After that it build fine and connect via rdp to server. Tested on 12.1 amd64.
Comment 1 Kyle Evans freebsd_committer freebsd_triage 2020-04-10 19:49:15 UTC
Looping hselasky@ in on this for points #1 and #2, as he's the libusb maintainer.
Comment 2 Vladimir Druzenko freebsd_committer freebsd_triage 2020-05-15 18:39:11 UTC
Created attachment 214534 [details]
Update to 2.1.0

Released 2.1.0 with a lot of CVE fixed:

# 2020-05-05  Version 2.1.0
Important notes:
* fix multiple CVEs: CVE-2020-11039, CVE-2020-11038, CVE-2020-11043, CVE-2020-11040, CVE-2020-11041, CVE-2020-11019, CVE-2020-11017, CVE-2020-11018

# 2020-04-09  Version 2.0.0
Important notes:
* fix multiple CVEs: CVE-2020-11521 CVE-2020-11522 CVE-2020-11523 CVE-2020-11524 CVE-2020-11525 CVE-2020-11526

https://github.com/FreeRDP/FreeRDP/blob/2.1.0/ChangeLog
Comment 3 Vladimir Druzenko freebsd_committer freebsd_triage 2020-05-25 18:37:50 UTC
Created attachment 214848 [details]
Update to 2.1.1

More CVEs.
2020-05-20 Version 2.1.1:
* CVE: GHSL-2020-100 OOB Read in ntlm_read_ChallengeMessage
* CVE: GHSL-2020-101 OOB Read in security_fips_decrypt due to uninitialized value
* CVE: GHSL-2020-102 OOB Write in crypto_rsa_common
Comment 4 Vladimir Druzenko freebsd_committer freebsd_triage 2020-05-27 20:21:08 UTC
Created attachment 214934 [details]
Update to 2.1.1

It was old file.
Comment 5 Kyle Evans freebsd_committer freebsd_triage 2020-05-28 00:44:12 UTC
Created attachment 214940 [details]
svn(1) diff against the ports tree

Proposed VuXML entry.
Comment 6 Kyle Evans freebsd_committer freebsd_triage 2020-05-28 00:46:22 UTC
Created attachment 214941 [details]
Proposed vuxml entry

Include the 2.1.1 vulns, too
Comment 7 Kyle Evans freebsd_committer freebsd_triage 2020-05-28 00:50:38 UTC
FreeRDP patch LGTM; CC'ing koobs@ as my mentor. Can you confirm that you've ran this through testport?

i was hoping Hans would pitch in on the libusb-related part, but alas; I'll poke him about it afterwards.
Comment 8 Kubilay Kocak freebsd_committer freebsd_triage 2020-06-08 03:27:31 UTC
Comment on attachment 214941 [details]
Proposed vuxml entry

@Kyle does the vuxml entry pass make validate? If so:

Approved by: koobs (mentor)
Comment 9 Kyle Evans freebsd_committer freebsd_triage 2020-06-08 04:20:33 UTC
Looking over it again, the uwac part (O_TMPFILE) is a bit wrong for FreeBSD. It would have worked for testing because the open() call would fail, but I've submitted a more proper solution upstream [0] in case the invalid bit that's getting set eventually gets defined and breaks FreeRDP.

I'm doing one last test build, then I will commit -- probably in the morning, because it's getting late and I'm still rebuilding llvm.

[0] https://github.com/FreeRDP/FreeRDP/pull/626
Comment 10 Vladimir Druzenko freebsd_committer freebsd_triage 2020-06-08 12:38:51 UTC
(In reply to Kyle Evans from comment #9)
> [0] https://github.com/FreeRDP/FreeRDP/pull/626
https://github.com/FreeRDP/FreeRDP/pull/6268
Comment 11 commit-hook freebsd_committer freebsd_triage 2020-06-08 15:49:52 UTC
A commit references this bug:

Author: kevans
Date: Mon Jun  8 15:49:06 UTC 2020
New revision: 538227
URL: https://svnweb.freebsd.org/changeset/ports/538227

Log:
  security/vuxml: document new vulnerabilities in net/freerdp < 2.1.0

  PR:		246931, 245517
  Obtained from:	https://github.com/FreeRDP/FreeRDP/blob/2.1.0/ChangeLog
  Approved by:	koobs (mentor)

Changes:
  head/security/vuxml/vuln.xml
Comment 12 commit-hook freebsd_committer freebsd_triage 2020-06-08 15:52:55 UTC
A commit references this bug:

Author: kevans
Date: Mon Jun  8 15:51:57 UTC 2020
New revision: 538228
URL: https://svnweb.freebsd.org/changeset/ports/538228

Log:
  net/freerdp: update to 2.1.0

  This update incorporates many features and improvements since 2.0.0-rc4,
  as well as a large mass of security fixes.

  Full changelog available:
  https://github.com/FreeRDP/FreeRDP/blob/2.1.0/ChangeLog

  PR:		245517
  Approved by:	koobs (mentor)
  MFH:		2020Q2
  Security:	669f3fe8-a07a-11ea-b83e-f0def1f5c5a2

Changes:
  head/net/freerdp/Makefile
  head/net/freerdp/distinfo
  head/net/freerdp/files/mntent.h
  head/net/freerdp/files/patch-channels_urbdrc_client_libusb_libusb__udevice.h
  head/net/freerdp/files/patch-channels_urbdrc_client_libusb_libusb__udevman.c
  head/net/freerdp/pkg-plist
Comment 13 Kyle Evans freebsd_committer freebsd_triage 2020-06-08 15:53:35 UTC
Committed, thanks!
Comment 14 Vladimir Druzenko freebsd_committer freebsd_triage 2020-06-08 16:21:47 UTC
(In reply to commit-hook from comment #12)
> net/freerdp: update to 2.1.0
2.1.1
Comment 15 Vladimir Druzenko freebsd_committer freebsd_triage 2020-06-08 19:11:21 UTC
It's not so important, but

patch-client_Wayland_CMakeLists.txt:
-@@ -39,5 +39,12 @@ target_link_libraries(${MODULE_NAME} ${$
+@@ -46,5 +46,12 @@ target_link_libraries(${MODULE_NAME} ${$

patch-client_X11_CMakeLists.txt:
-@@ -111,7 +111,11 @@ if(WITH_MANPAGES)
+@@ -126,7 +126,11 @@ if(WITH_MANPAGES)
Comment 16 commit-hook freebsd_committer freebsd_triage 2020-06-17 02:15:01 UTC
A commit references this bug:

Author: kevans
Date: Wed Jun 17 02:14:25 UTC 2020
New revision: 539399
URL: https://svnweb.freebsd.org/changeset/ports/539399

Log:
  MFH: r538228 r538329

  net/freerdp: update to 2.1.0

  This update incorporates many features and improvements since 2.0.0-rc4,
  as well as a large mass of security fixes.

  Full changelog available:
  https://github.com/FreeRDP/FreeRDP/blob/2.1.0/ChangeLog

  PR:		245517
  Approved by:	koobs (mentor)
  Security:	669f3fe8-a07a-11ea-b83e-f0def1f5c5a2

  net/freerdp: fix build on FreeBSD 11.x

  Apparently this hadn't been caught in my test matrix -- it seems that later
  versions of FreeBSD have a getmntent() definition that masked this error.

  mntent_compat.c has been adopted from devel/fam, though a better solution
  should be sought out going into the future.

  Approved by:	koobs (mentor, implicit, just-fix-it)

  Approved by:	ports-secteam (joneum)

Changes:
_U  branches/2020Q2/
  branches/2020Q2/net/freerdp/Makefile
  branches/2020Q2/net/freerdp/distinfo
  branches/2020Q2/net/freerdp/files/mntent.h
  branches/2020Q2/net/freerdp/files/mntent_compat.c
  branches/2020Q2/net/freerdp/files/patch-channels_rdpdr_client_CMakeLists.txt
  branches/2020Q2/net/freerdp/files/patch-channels_urbdrc_client_libusb_libusb__udevice.h
  branches/2020Q2/net/freerdp/files/patch-channels_urbdrc_client_libusb_libusb__udevman.c
  branches/2020Q2/net/freerdp/pkg-plist