Bug 235885 - [PATCH] net/rdesktop: update to 1.8.4
Summary: [PATCH] net/rdesktop: update to 1.8.4
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Some People
Assignee: Kurt Jaeger
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2019-02-20 16:03 UTC by Greg Veldman
Modified: 2019-02-22 18:00 UTC (History)
4 users (show)

See Also:
bugzilla: maintainer-feedback? (gregf)

Attachments
update to 1.8.4 and change to GitHub (1.62 KB, patch)
2019-02-20 16:03 UTC, Greg Veldman 		no flags Details | Diff
patch-v2 (2.99 KB, patch)
2019-02-22 06:20 UTC, Kurt Jaeger 		pi: maintainer-approval?
Details | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Greg Veldman 2019-02-20 16:03:24 UTC 
Created attachment 202189 [details]
update to 1.8.4 and change to GitHub

Rdesktop-1.8.4 fixes several security vulnerabilities (see https://github.com/rdesktop/rdesktop/releases/tag/v1.8.4).  VuXML should probably also be updated with these, though I'm not sure what the proper way to do this is.  Will try adding ports secteam to this...

Also, this port is now distributed from GitHub.
Comment 1 Walter Schwarzenfeld 2019-02-20 16:09:53 UTC 
see also: bug #229029.
Comment 2 Walter Schwarzenfeld 2019-02-20 16:10:45 UTC 
See also: bug #235885.
Comment 3 Walter Schwarzenfeld 2019-02-20 16:12:26 UTC 
Sorry for the last comment.
Comment 4 Kurt Jaeger freebsd_committer freebsd_triage 2019-02-22 06:20:43 UTC 
Created attachment 202251 [details]
patch-v2

testbuilds are fine, portlint checks are fine, pkg-plist fixed.
Comment 5 commit-hook freebsd_committer freebsd_triage 2019-02-22 06:34:27 UTC 
A commit references this bug:

Author: pi
Date: Fri Feb 22 06:34:05 UTC 2019
New revision: 493554
URL: https://svnweb.freebsd.org/changeset/ports/493554

Log:
  net/rdesktop: update 1.8.3 -> 1.8.4

  - many more CVEs are fixed by this upgrade, see Relnotes

  PR:		235885, 229029
  Submitted by:	Greg Veldman <freebsd@gregv.net>
  Reviewed by:	w.schwarzenfeld@utanet.at, brnd, cem, joneum
  Approved by:	gregf@hugops.pw (maintainer timeout)
  Relnotes:	https://github.com/rdesktop/rdesktop/releases/tag/v1.8.4
  Security:	CVE-2018-8794
  MFH:		2019Q1
  Differential Revision:	https://reviews.freebsd.org/D18566

Changes:
  head/net/rdesktop/Makefile
  head/net/rdesktop/distinfo
  head/net/rdesktop/files/patch-configure
  head/net/rdesktop/pkg-plist
Comment 6 commit-hook freebsd_committer freebsd_triage 2019-02-22 08:41:09 UTC 
A commit references this bug:

Author: pi
Date: Fri Feb 22 08:40:58 UTC 2019
New revision: 493562
URL: https://svnweb.freebsd.org/changeset/ports/493562

Log:
  MFH: r493554

  net/rdesktop: update 1.8.3 -> 1.8.4

  - many more CVEs are fixed by this upgrade, see Relnotes

  PR:		235885, 229029
  Submitted by:	Greg Veldman <freebsd@gregv.net>
  Reviewed by:	w.schwarzenfeld@utanet.at, brnd, cem, joneum
  Approved by:	gregf@hugops.pw (maintainer timeout)
  Relnotes:	https://github.com/rdesktop/rdesktop/releases/tag/v1.8.4
  Security:	CVE-2018-8794
  Differential Revision:	https://reviews.freebsd.org/D18566
  Approved by:	ports-secteam (joneum)

Changes:
_U  branches/2019Q1/
  branches/2019Q1/net/rdesktop/Makefile
  branches/2019Q1/net/rdesktop/distinfo
  branches/2019Q1/net/rdesktop/files/patch-configure
  branches/2019Q1/net/rdesktop/pkg-plist
Comment 7 commit-hook freebsd_committer freebsd_triage 2019-02-22 17:58:35 UTC 
A commit references this bug:

Author: pi
Date: Fri Feb 22 17:58:16 UTC 2019
New revision: 493578
URL: https://svnweb.freebsd.org/changeset/ports/493578

Log:
  security/vuxml: dokument rdesktop < 1.8.4 vulnerabilities

  PR:		235885, 229029

Changes:
  head/security/vuxml/vuln.xml
Comment 8 Kurt Jaeger freebsd_committer freebsd_triage 2019-02-22 18:00:45 UTC 
Thanks to all involved!