Bug 245517 - net/freerdp: Update to 2.1.1
Summary: net/freerdp: Update to 2.1.1
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: Normal Affects Many People
Assignee: Kyle Evans
URL: https://github.com/FreeRDP/FreeRDP/re...
Keywords: needs-qa, security
Depends on:
Blocks:
 
Reported: 2020-04-10 19:40 UTC by Vladimir Druzenko
Modified: 2020-06-17 02:15 UTC (History)
4 users (show)

See Also:
bugzilla: maintainer-feedback? (kevans)
koobs: merge-quarterly?

Attachments
Update to 2.0.0 (5.00 KB, patch)
2020-04-10 19:40 UTC, Vladimir Druzenko 		no flags Details | Diff
Update to 2.1.0 (6.25 KB, patch)
2020-05-15 18:39 UTC, Vladimir Druzenko 		no flags Details | Diff
Update to 2.1.1 (6.25 KB, patch)
2020-05-25 18:37 UTC, Vladimir Druzenko 		no flags Details | Diff
Update to 2.1.1 (7.42 KB, patch)
2020-05-27 20:21 UTC, Vladimir Druzenko 		kevans: maintainer-approval+
Details | Diff
svn(1) diff against the ports tree (1.65 KB, patch)
2020-05-28 00:44 UTC, Kyle Evans 		no flags Details | Diff
Proposed vuxml entry (1.76 KB, patch)
2020-05-28 00:46 UTC, Kyle Evans 		koobs: maintainer-approval? (koobs)
 Details | Diff
Show Obsolete (4) View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Vladimir Druzenko freebsd_committer freebsd_triage 2020-04-10 19:40:46 UTC 
Created attachment 213259 [details]
Update to 2.0.0

FreeRDP 2.0.0 require newer version of libusb compared to base system have.
There are several errors during build.

1. Undeclared LIBUSB_CLASS_PHYSICAL, patch (hack?) is:
--- channels/urbdrc/client/libusb/libusb_udevice.h.orig
+++ channels/urbdrc/client/libusb/libusb_udevice.h
@@ -75,4 +75,8 @@
                            BYTE dev_number);
 const char* usb_interface_class_to_string(uint8_t class);
 
+#ifndef LIBUSB_CLASS_PHYSICAL
+#define LIBUSB_CLASS_PHYSICAL 5
+#endif
+
 #endif /* FREERDP_CHANNEL_URBDRC_CLIENT_LIBUSB_UDEVICE_H */

2. Undeclared LIBUSB_CAP_HAS_HOTPLUG - doesn't know how to do better than just add:
#ifndef LIBUSB_CAP_HAS_HOTPLUG
#define LIBUSB_CAP_HAS_HOTPLUG 0x0001
#endif

3. No include file mntent.h - got solution from devel/fam.

4. Undeclared O_TMPFILE in FreeBSD. Fix is here: 
PATCHFILES=     3929226.patch:-p1
https://github.com/FreeRDP/FreeRDP/commit/39292268308a3fd6233c2863df22232725d22b3a

--- a/uwac/libuwac/uwac-os.c
+++ b/uwac/libuwac/uwac-os.c
@@ -33,6 +33,11 @@
 #define USE_SHM
 #endif
 
+/* uClibc and uClibc-ng don't provide O_TMPFILE */
+#ifndef O_TMPFILE
+#define O_TMPFILE (020000000 | O_DIRECTORY)
+#endif
+
 #include <sys/types.h>
 #include <sys/socket.h>
 #ifdef USE_SHM

5. Doesn't know is msusb.h needed - it was moved in sources, and I removed it from pkg-plist.

After that it build fine and connect via rdp to server. Tested on 12.1 amd64.
Comment 1 Kyle Evans freebsd_committer freebsd_triage 2020-04-10 19:49:15 UTC 
Looping hselasky@ in on this for points #1 and #2, as he's the libusb maintainer.
Comment 2 Vladimir Druzenko freebsd_committer freebsd_triage 2020-05-15 18:39:11 UTC 
Created attachment 214534 [details]
Update to 2.1.0

Released 2.1.0 with a lot of CVE fixed:

# 2020-05-05  Version 2.1.0
Important notes:
* fix multiple CVEs: CVE-2020-11039, CVE-2020-11038, CVE-2020-11043, CVE-2020-11040, CVE-2020-11041, CVE-2020-11019, CVE-2020-11017, CVE-2020-11018

# 2020-04-09  Version 2.0.0
Important notes:
* fix multiple CVEs: CVE-2020-11521 CVE-2020-11522 CVE-2020-11523 CVE-2020-11524 CVE-2020-11525 CVE-2020-11526

https://github.com/FreeRDP/FreeRDP/blob/2.1.0/ChangeLog
Comment 3 Vladimir Druzenko freebsd_committer freebsd_triage 2020-05-25 18:37:50 UTC 
Created attachment 214848 [details]
Update to 2.1.1

More CVEs.
2020-05-20 Version 2.1.1:
* CVE: GHSL-2020-100 OOB Read in ntlm_read_ChallengeMessage
* CVE: GHSL-2020-101 OOB Read in security_fips_decrypt due to uninitialized value
* CVE: GHSL-2020-102 OOB Write in crypto_rsa_common
Comment 4 Vladimir Druzenko freebsd_committer freebsd_triage 2020-05-27 20:21:08 UTC 
Created attachment 214934 [details]
Update to 2.1.1

It was old file.
Comment 5 Kyle Evans freebsd_committer freebsd_triage 2020-05-28 00:44:12 UTC 
Created attachment 214940 [details]
svn(1) diff against the ports tree

Proposed VuXML entry.
Comment 6 Kyle Evans freebsd_committer freebsd_triage 2020-05-28 00:46:22 UTC 
Created attachment 214941 [details]
Proposed vuxml entry

Include the 2.1.1 vulns, too
Comment 7 Kyle Evans freebsd_committer freebsd_triage 2020-05-28 00:50:38 UTC 
FreeRDP patch LGTM; CC'ing koobs@ as my mentor. Can you confirm that you've ran this through testport?

i was hoping Hans would pitch in on the libusb-related part, but alas; I'll poke him about it afterwards.
Comment 8 Kubilay Kocak freebsd_committer freebsd_triage 2020-06-08 03:27:31 UTC 
Comment on attachment 214941 [details]
Proposed vuxml entry

@Kyle does the vuxml entry pass make validate? If so:

Approved by: koobs (mentor)
Comment 9 Kyle Evans freebsd_committer freebsd_triage 2020-06-08 04:20:33 UTC 
Looking over it again, the uwac part (O_TMPFILE) is a bit wrong for FreeBSD. It would have worked for testing because the open() call would fail, but I've submitted a more proper solution upstream [0] in case the invalid bit that's getting set eventually gets defined and breaks FreeRDP.

I'm doing one last test build, then I will commit -- probably in the morning, because it's getting late and I'm still rebuilding llvm.

[0] https://github.com/FreeRDP/FreeRDP/pull/626
Comment 10 Vladimir Druzenko freebsd_committer freebsd_triage 2020-06-08 12:38:51 UTC 
(In reply to Kyle Evans from comment #9)
> [0] https://github.com/FreeRDP/FreeRDP/pull/626
https://github.com/FreeRDP/FreeRDP/pull/6268
Comment 11 commit-hook freebsd_committer freebsd_triage 2020-06-08 15:49:52 UTC 
A commit references this bug:

Author: kevans
Date: Mon Jun  8 15:49:06 UTC 2020
New revision: 538227
URL: https://svnweb.freebsd.org/changeset/ports/538227

Log:
  security/vuxml: document new vulnerabilities in net/freerdp < 2.1.0

  PR:		246931, 245517
  Obtained from:	https://github.com/FreeRDP/FreeRDP/blob/2.1.0/ChangeLog
  Approved by:	koobs (mentor)

Changes:
  head/security/vuxml/vuln.xml
Comment 12 commit-hook freebsd_committer freebsd_triage 2020-06-08 15:52:55 UTC 
A commit references this bug:

Author: kevans
Date: Mon Jun  8 15:51:57 UTC 2020
New revision: 538228
URL: https://svnweb.freebsd.org/changeset/ports/538228

Log:
  net/freerdp: update to 2.1.0

  This update incorporates many features and improvements since 2.0.0-rc4,
  as well as a large mass of security fixes.

  Full changelog available:
  https://github.com/FreeRDP/FreeRDP/blob/2.1.0/ChangeLog

  PR:		245517
  Approved by:	koobs (mentor)
  MFH:		2020Q2
  Security:	669f3fe8-a07a-11ea-b83e-f0def1f5c5a2

Changes:
  head/net/freerdp/Makefile
  head/net/freerdp/distinfo
  head/net/freerdp/files/mntent.h
  head/net/freerdp/files/patch-channels_urbdrc_client_libusb_libusb__udevice.h
  head/net/freerdp/files/patch-channels_urbdrc_client_libusb_libusb__udevman.c
  head/net/freerdp/pkg-plist
Comment 13 Kyle Evans freebsd_committer freebsd_triage 2020-06-08 15:53:35 UTC 
Committed, thanks!
Comment 14 Vladimir Druzenko freebsd_committer freebsd_triage 2020-06-08 16:21:47 UTC 
(In reply to commit-hook from comment #12)
> net/freerdp: update to 2.1.0
2.1.1
Comment 15 Vladimir Druzenko freebsd_committer freebsd_triage 2020-06-08 19:11:21 UTC 
It's not so important, but

patch-client_Wayland_CMakeLists.txt:
-@@ -39,5 +39,12 @@ target_link_libraries(${MODULE_NAME} ${$
+@@ -46,5 +46,12 @@ target_link_libraries(${MODULE_NAME} ${$

patch-client_X11_CMakeLists.txt:
-@@ -111,7 +111,11 @@ if(WITH_MANPAGES)
+@@ -126,7 +126,11 @@ if(WITH_MANPAGES)
Comment 16 commit-hook freebsd_committer freebsd_triage 2020-06-17 02:15:01 UTC 
A commit references this bug:

Author: kevans
Date: Wed Jun 17 02:14:25 UTC 2020
New revision: 539399
URL: https://svnweb.freebsd.org/changeset/ports/539399

Log:
  MFH: r538228 r538329

  net/freerdp: update to 2.1.0

  This update incorporates many features and improvements since 2.0.0-rc4,
  as well as a large mass of security fixes.

  Full changelog available:
  https://github.com/FreeRDP/FreeRDP/blob/2.1.0/ChangeLog

  PR:		245517
  Approved by:	koobs (mentor)
  Security:	669f3fe8-a07a-11ea-b83e-f0def1f5c5a2

  net/freerdp: fix build on FreeBSD 11.x

  Apparently this hadn't been caught in my test matrix -- it seems that later
  versions of FreeBSD have a getmntent() definition that masked this error.

  mntent_compat.c has been adopted from devel/fam, though a better solution
  should be sought out going into the future.

  Approved by:	koobs (mentor, implicit, just-fix-it)

  Approved by:	ports-secteam (joneum)

Changes:
_U  branches/2020Q2/
  branches/2020Q2/net/freerdp/Makefile
  branches/2020Q2/net/freerdp/distinfo
  branches/2020Q2/net/freerdp/files/mntent.h
  branches/2020Q2/net/freerdp/files/mntent_compat.c
  branches/2020Q2/net/freerdp/files/patch-channels_rdpdr_client_CMakeLists.txt
  branches/2020Q2/net/freerdp/files/patch-channels_urbdrc_client_libusb_libusb__udevice.h
  branches/2020Q2/net/freerdp/files/patch-channels_urbdrc_client_libusb_libusb__udevman.c
  branches/2020Q2/net/freerdp/pkg-plist