Bug 245517

Summary: net/freerdp: Update to 2.1.1
Product: Ports & Packages Reporter: VVD <vvd>
Component: Individual Port(s)Assignee: Kyle Evans <kevans>
Status: Closed FIXED    
Severity: Affects Many People CC: dpetrov67, hselasky, koobs, ports-secteam
Priority: Normal Keywords: needs-qa, security
Version: LatestFlags: bugzilla: maintainer-feedback? (kevans)
koobs: merge-quarterly?
Hardware: Any   
OS: Any   
URL: https://github.com/FreeRDP/FreeRDP/releases/tag/2.1.1
Description Flags
Update to 2.0.0
Update to 2.1.0
Update to 2.1.1
Update to 2.1.1
kevans: maintainer-approval+
svn(1) diff against the ports tree
Proposed vuxml entry koobs: maintainer-approval? (koobs)

Description VVD 2020-04-10 19:40:46 UTC
Created attachment 213259 [details]
Update to 2.0.0

FreeRDP 2.0.0 require newer version of libusb compared to base system have.
There are several errors during build.

1. Undeclared LIBUSB_CLASS_PHYSICAL, patch (hack?) is:
--- channels/urbdrc/client/libusb/libusb_udevice.h.orig
+++ channels/urbdrc/client/libusb/libusb_udevice.h
@@ -75,4 +75,8 @@
                            BYTE dev_number);
 const char* usb_interface_class_to_string(uint8_t class);

2. Undeclared LIBUSB_CAP_HAS_HOTPLUG - doesn't know how to do better than just add:

3. No include file mntent.h - got solution from devel/fam.

4. Undeclared O_TMPFILE in FreeBSD. Fix is here: 
PATCHFILES=     3929226.patch:-p1

--- a/uwac/libuwac/uwac-os.c
+++ b/uwac/libuwac/uwac-os.c
@@ -33,6 +33,11 @@
 #define USE_SHM
+/* uClibc and uClibc-ng don't provide O_TMPFILE */
+#ifndef O_TMPFILE
+#define O_TMPFILE (020000000 | O_DIRECTORY)
 #include <sys/types.h>
 #include <sys/socket.h>
 #ifdef USE_SHM

5. Doesn't know is msusb.h needed - it was moved in sources, and I removed it from pkg-plist.

After that it build fine and connect via rdp to server. Tested on 12.1 amd64.
Comment 1 Kyle Evans freebsd_committer 2020-04-10 19:49:15 UTC
Looping hselasky@ in on this for points #1 and #2, as he's the libusb maintainer.
Comment 2 VVD 2020-05-15 18:39:11 UTC
Created attachment 214534 [details]
Update to 2.1.0

Released 2.1.0 with a lot of CVE fixed:

# 2020-05-05  Version 2.1.0
Important notes:
* fix multiple CVEs: CVE-2020-11039, CVE-2020-11038, CVE-2020-11043, CVE-2020-11040, CVE-2020-11041, CVE-2020-11019, CVE-2020-11017, CVE-2020-11018

# 2020-04-09  Version 2.0.0
Important notes:
* fix multiple CVEs: CVE-2020-11521 CVE-2020-11522 CVE-2020-11523 CVE-2020-11524 CVE-2020-11525 CVE-2020-11526

Comment 3 VVD 2020-05-25 18:37:50 UTC
Created attachment 214848 [details]
Update to 2.1.1

More CVEs.
2020-05-20 Version 2.1.1:
* CVE: GHSL-2020-100 OOB Read in ntlm_read_ChallengeMessage
* CVE: GHSL-2020-101 OOB Read in security_fips_decrypt due to uninitialized value
* CVE: GHSL-2020-102 OOB Write in crypto_rsa_common
Comment 4 VVD 2020-05-27 20:21:08 UTC
Created attachment 214934 [details]
Update to 2.1.1

It was old file.
Comment 5 Kyle Evans freebsd_committer 2020-05-28 00:44:12 UTC
Created attachment 214940 [details]
svn(1) diff against the ports tree

Proposed VuXML entry.
Comment 6 Kyle Evans freebsd_committer 2020-05-28 00:46:22 UTC
Created attachment 214941 [details]
Proposed vuxml entry

Include the 2.1.1 vulns, too
Comment 7 Kyle Evans freebsd_committer 2020-05-28 00:50:38 UTC
FreeRDP patch LGTM; CC'ing koobs@ as my mentor. Can you confirm that you've ran this through testport?

i was hoping Hans would pitch in on the libusb-related part, but alas; I'll poke him about it afterwards.
Comment 8 Kubilay Kocak freebsd_committer freebsd_triage 2020-06-08 03:27:31 UTC
Comment on attachment 214941 [details]
Proposed vuxml entry

@Kyle does the vuxml entry pass make validate? If so:

Approved by: koobs (mentor)
Comment 9 Kyle Evans freebsd_committer 2020-06-08 04:20:33 UTC
Looking over it again, the uwac part (O_TMPFILE) is a bit wrong for FreeBSD. It would have worked for testing because the open() call would fail, but I've submitted a more proper solution upstream [0] in case the invalid bit that's getting set eventually gets defined and breaks FreeRDP.

I'm doing one last test build, then I will commit -- probably in the morning, because it's getting late and I'm still rebuilding llvm.

[0] https://github.com/FreeRDP/FreeRDP/pull/626
Comment 11 commit-hook freebsd_committer 2020-06-08 15:49:52 UTC
A commit references this bug:

Author: kevans
Date: Mon Jun  8 15:49:06 UTC 2020
New revision: 538227
URL: https://svnweb.freebsd.org/changeset/ports/538227

  security/vuxml: document new vulnerabilities in net/freerdp < 2.1.0

  PR:		246931, 245517
  Obtained from:	https://github.com/FreeRDP/FreeRDP/blob/2.1.0/ChangeLog
  Approved by:	koobs (mentor)

Comment 12 commit-hook freebsd_committer 2020-06-08 15:52:55 UTC
A commit references this bug:

Author: kevans
Date: Mon Jun  8 15:51:57 UTC 2020
New revision: 538228
URL: https://svnweb.freebsd.org/changeset/ports/538228

  net/freerdp: update to 2.1.0

  This update incorporates many features and improvements since 2.0.0-rc4,
  as well as a large mass of security fixes.

  Full changelog available:

  PR:		245517
  Approved by:	koobs (mentor)
  MFH:		2020Q2
  Security:	669f3fe8-a07a-11ea-b83e-f0def1f5c5a2

Comment 13 Kyle Evans freebsd_committer 2020-06-08 15:53:35 UTC
Committed, thanks!
Comment 14 VVD 2020-06-08 16:21:47 UTC
(In reply to commit-hook from comment #12)
> net/freerdp: update to 2.1.0
Comment 15 VVD 2020-06-08 19:11:21 UTC
It's not so important, but

-@@ -39,5 +39,12 @@ target_link_libraries(${MODULE_NAME} ${$
+@@ -46,5 +46,12 @@ target_link_libraries(${MODULE_NAME} ${$

-@@ -111,7 +111,11 @@ if(WITH_MANPAGES)
+@@ -126,7 +126,11 @@ if(WITH_MANPAGES)
Comment 16 commit-hook freebsd_committer 2020-06-17 02:15:01 UTC
A commit references this bug:

Author: kevans
Date: Wed Jun 17 02:14:25 UTC 2020
New revision: 539399
URL: https://svnweb.freebsd.org/changeset/ports/539399

  MFH: r538228 r538329

  net/freerdp: update to 2.1.0

  This update incorporates many features and improvements since 2.0.0-rc4,
  as well as a large mass of security fixes.

  Full changelog available:

  PR:		245517
  Approved by:	koobs (mentor)
  Security:	669f3fe8-a07a-11ea-b83e-f0def1f5c5a2

  net/freerdp: fix build on FreeBSD 11.x

  Apparently this hadn't been caught in my test matrix -- it seems that later
  versions of FreeBSD have a getmntent() definition that masked this error.

  mntent_compat.c has been adopted from devel/fam, though a better solution
  should be sought out going into the future.

  Approved by:	koobs (mentor, implicit, just-fix-it)

  Approved by:	ports-secteam (joneum)

_U  branches/2020Q2/