Bug 259386 - net/freerdp: Update to 2.4.1
Summary: net/freerdp: Update to 2.4.1
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Some People
Assignee: Tobias C. Berner
URL: https://github.com/FreeRDP/FreeRDP/re...
Keywords:
Depends on:
Blocks:
 
Reported: 2021-10-23 20:07 UTC by Vladimir Druzenko
Modified: 2021-10-30 15:29 UTC (History)
1 user (show)

See Also:
vvd: maintainer-feedback+
tcberner: merge-quarterly+

Attachments
Update to 2.4.1 (835 bytes, patch)
2021-10-23 20:07 UTC, Vladimir Druzenko 		vvd: maintainer-approval+
Details | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Vladimir Druzenko freebsd_committer freebsd_triage 2021-10-23 20:07:09 UTC 
Created attachment 228968 [details]
Update to 2.4.1

Tested on 12.2-p10 amd64: check-plist, build, install, run.

FreeRDP version 2.4.1

Noteworthy changes:
    Refactored RPC gateway parsing code
    OpenSSL 3.0 compatibility fixes
    USB redirection: fixed transfer lengths

Fixed issues:
    #7363: Length checks in ConvertUTF8toUTF16
    #7349: Added checks for bitmap width and heigth values

Important notes:
    CVE-2021-41159: Improper client input validation for gateway connections allows to overwrite memory
    CVE-2021-41160: Improper region checks in all clients allow out of bound write to memory
Comment 1 commit-hook freebsd_committer freebsd_triage 2021-10-30 13:48:35 UTC 
A commit in branch main references this bug:

URL: https://cgit.FreeBSD.org/ports/commit/?id=a698098ee923a4a9a41e0d34938b6a95633bf278

commit a698098ee923a4a9a41e0d34938b6a95633bf278
Author:     VVD <vvd@unislabs.com>
AuthorDate: 2021-10-30 13:43:09 +0000
Commit:     Tobias C. Berner <tcberner@FreeBSD.org>
CommitDate: 2021-10-30 13:47:14 +0000

    net/freerdp: update to 2.4.1

    Noteworthy changes:
        * Refactored RPC gateway parsing code
        * OpenSSL 3.0 compatibility fixes
        * USB redirection: fixed transfer lengths

    Fixed issues:
        * #7363: Length checks in ConvertUTF8toUTF16
        * #7349: Added checks for bitmap width and heigth values

    Important notes:
        * CVE-2021-41159: Improper client input validation for gateway
          connections allows to overwrite memory
        * CVE-2021-41160: Improper region checks in all clients allow out of
          bound write to memory

    PR:             259386

 net/freerdp/Makefile | 3 +--
 net/freerdp/distinfo | 6 +++---
 2 files changed, 4 insertions(+), 5 deletions(-)
Comment 2 commit-hook freebsd_committer freebsd_triage 2021-10-30 14:14:39 UTC 
A commit in branch 2021Q4 references this bug:

URL: https://cgit.FreeBSD.org/ports/commit/?id=69d25555f33e662fd5131e5279ee74733844f845

commit 69d25555f33e662fd5131e5279ee74733844f845
Author:     VVD <vvd@unislabs.com>
AuthorDate: 2021-10-30 13:43:09 +0000
Commit:     Tobias C. Berner <tcberner@FreeBSD.org>
CommitDate: 2021-10-30 14:13:59 +0000

    net/freerdp: update to 2.4.1

    Noteworthy changes:
        * Refactored RPC gateway parsing code
        * OpenSSL 3.0 compatibility fixes
        * USB redirection: fixed transfer lengths

    Fixed issues:
        * #7363: Length checks in ConvertUTF8toUTF16
        * #7349: Added checks for bitmap width and heigth values

    Important notes:
        * CVE-2021-41159: Improper client input validation for gateway
          connections allows to overwrite memory
        * CVE-2021-41160: Improper region checks in all clients allow out of
          bound write to memory

    PR:             259386
    (cherry picked from commit a698098ee923a4a9a41e0d34938b6a95633bf278)

 net/freerdp/Makefile | 4 ++--
 net/freerdp/distinfo | 6 +++---
 2 files changed, 5 insertions(+), 5 deletions(-)
Comment 3 Tobias C. Berner freebsd_committer freebsd_triage 2021-10-30 15:29:49 UTC 
Committed. thanks.