Bug 235885

Summary: [PATCH] net/rdesktop: update to 1.8.4
Product: Ports & Packages Reporter: Greg Veldman <freebsd>
Component: Individual Port(s)Assignee: Kurt Jaeger <pi>
Status: Closed FIXED    
Severity: Affects Some People CC: gregf, pi, ports-secteam, w.schwarzenfeld
Priority: --- Flags: bugzilla: maintainer-feedback? (gregf)
Version: Latest   
Hardware: Any   
OS: Any   
Attachments:
Description Flags
update to 1.8.4 and change to GitHub
none
patch-v2 pi: maintainer-approval?

Description Greg Veldman 2019-02-20 16:03:24 UTC
Created attachment 202189 [details]
update to 1.8.4 and change to GitHub

Rdesktop-1.8.4 fixes several security vulnerabilities (see https://github.com/rdesktop/rdesktop/releases/tag/v1.8.4).  VuXML should probably also be updated with these, though I'm not sure what the proper way to do this is.  Will try adding ports secteam to this...

Also, this port is now distributed from GitHub.
Comment 1 Walter Schwarzenfeld freebsd_triage 2019-02-20 16:09:53 UTC
see also: bug #229029.
Comment 2 Walter Schwarzenfeld freebsd_triage 2019-02-20 16:10:45 UTC
See also: bug #235885.
Comment 3 Walter Schwarzenfeld freebsd_triage 2019-02-20 16:12:26 UTC
Sorry for the last comment.
Comment 4 Kurt Jaeger freebsd_committer 2019-02-22 06:20:43 UTC
Created attachment 202251 [details]
patch-v2

testbuilds are fine, portlint checks are fine, pkg-plist fixed.
Comment 5 commit-hook freebsd_committer 2019-02-22 06:34:27 UTC
A commit references this bug:

Author: pi
Date: Fri Feb 22 06:34:05 UTC 2019
New revision: 493554
URL: https://svnweb.freebsd.org/changeset/ports/493554

Log:
  net/rdesktop: update 1.8.3 -> 1.8.4

  - many more CVEs are fixed by this upgrade, see Relnotes

  PR:		235885, 229029
  Submitted by:	Greg Veldman <freebsd@gregv.net>
  Reviewed by:	w.schwarzenfeld@utanet.at, brnd, cem, joneum
  Approved by:	gregf@hugops.pw (maintainer timeout)
  Relnotes:	https://github.com/rdesktop/rdesktop/releases/tag/v1.8.4
  Security:	CVE-2018-8794
  MFH:		2019Q1
  Differential Revision:	https://reviews.freebsd.org/D18566

Changes:
  head/net/rdesktop/Makefile
  head/net/rdesktop/distinfo
  head/net/rdesktop/files/patch-configure
  head/net/rdesktop/pkg-plist
Comment 6 commit-hook freebsd_committer 2019-02-22 08:41:09 UTC
A commit references this bug:

Author: pi
Date: Fri Feb 22 08:40:58 UTC 2019
New revision: 493562
URL: https://svnweb.freebsd.org/changeset/ports/493562

Log:
  MFH: r493554

  net/rdesktop: update 1.8.3 -> 1.8.4

  - many more CVEs are fixed by this upgrade, see Relnotes

  PR:		235885, 229029
  Submitted by:	Greg Veldman <freebsd@gregv.net>
  Reviewed by:	w.schwarzenfeld@utanet.at, brnd, cem, joneum
  Approved by:	gregf@hugops.pw (maintainer timeout)
  Relnotes:	https://github.com/rdesktop/rdesktop/releases/tag/v1.8.4
  Security:	CVE-2018-8794
  Differential Revision:	https://reviews.freebsd.org/D18566
  Approved by:	ports-secteam (joneum)

Changes:
_U  branches/2019Q1/
  branches/2019Q1/net/rdesktop/Makefile
  branches/2019Q1/net/rdesktop/distinfo
  branches/2019Q1/net/rdesktop/files/patch-configure
  branches/2019Q1/net/rdesktop/pkg-plist
Comment 7 commit-hook freebsd_committer 2019-02-22 17:58:35 UTC
A commit references this bug:

Author: pi
Date: Fri Feb 22 17:58:16 UTC 2019
New revision: 493578
URL: https://svnweb.freebsd.org/changeset/ports/493578

Log:
  security/vuxml: dokument rdesktop < 1.8.4 vulnerabilities

  PR:		235885, 229029

Changes:
  head/security/vuxml/vuln.xml
Comment 8 Kurt Jaeger freebsd_committer 2019-02-22 18:00:45 UTC
Thanks to all involved!