Bug 247406

Summary: deskutils/anydesk: Update to 5.5.5
Product: Ports & Packages Reporter: Martin Filla <freebsd>
Component: Individual Port(s)Assignee: Jochen Neumeister <joneum>
Status: Closed FIXED    
Severity: Affects Many People CC: 0mp, freebsd, joneum, lcook, ports-secteam
Priority: Normal Keywords: buildisok, needs-qa, security
Version: LatestFlags: koobs: merge-quarterly?
Hardware: Any   
OS: Any   
URL: https://download.anydesk.com/changelog.txt
Attachments:
Description Flags
anydesk.patch
none
anydesk.patch freebsd: maintainer-approval+

Description Martin Filla 2020-06-19 08:40:14 UTC
Created attachment 215765 [details]
anydesk.patch

Update anydesk to version 5.5.5
Comment 1 Lewis Cook freebsd_committer freebsd_triage 2020-06-19 08:44:48 UTC
^Triage:

- If there is a changelog or release notes URL available for this version, please add it to the URL field

- Please set the maintainer-approval attachment flag (to +) on patches for ports you maintain to signify approval

Attachment -> Details -> maintainer-approval [+]
Comment 2 Automation User 2020-06-19 08:48:36 UTC
Build info is available at https://gitlab.com/swills/freebsd-ports/pipelines/157957363
Comment 3 Martin Filla 2020-06-19 08:54:37 UTC
Created attachment 215766 [details]
anydesk.patch
Comment 4 Lewis Cook freebsd_committer freebsd_triage 2020-06-19 08:59:22 UTC
(In reply to Martin Filla from comment #3)
For future reference, you can change the maintainer-approval flag to [+] on already existing attachments without needing to re-submit another. ;)

^Lewis
Comment 5 Automation User 2020-06-19 09:03:15 UTC
Build info is available at https://gitlab.com/swills/freebsd-ports/pipelines/157962981
Comment 6 Martin Filla 2020-06-29 12:01:23 UTC
(In reply to Lewis Cook from comment #4)

This are next links for issues
https://nvd.nist.gov/vuln/detail/CVE-2020-13160
https://www.exploit-database.net/?id=102449
Comment 7 commit-hook freebsd_committer 2020-07-04 15:38:30 UTC
A commit references this bug:

Author: joneum
Date: Sat Jul  4 15:37:59 UTC 2020
New revision: 541220
URL: https://svnweb.freebsd.org/changeset/ports/541220

Log:
  Add entry for anydesk

  PR:		247406
  Sponsored by:	Netzkommune GmbH

Changes:
  head/security/vuxml/vuln.xml
Comment 9 commit-hook freebsd_committer 2020-07-05 09:03:37 UTC
A commit references this bug:

Author: joneum
Date: Sun Jul  5 09:03:26 UTC 2020
New revision: 541261
URL: https://svnweb.freebsd.org/changeset/ports/541261

Log:
  Update to 5.5.5

  This Update fix CVE-2020-13160: AnyDesk before 5.5.3 on Linux and FreeBSD has a format string vulnerability that can be exploited for remote code execution.

  PR:		247406
  Submitted by:	Martin Filla <freebsd@sysctl.cz> (maintainer)
  MFH:		2020Q3
  Security:	4344861a-be0b-11ea-9172-4c72b94353b5
  Sponsored by:	Netzkommune GmbH

Changes:
  head/deskutils/anydesk/Makefile
  head/deskutils/anydesk/distinfo
Comment 10 commit-hook freebsd_committer 2020-07-05 09:06:40 UTC
A commit references this bug:

Author: joneum
Date: Sun Jul  5 09:06:12 UTC 2020
New revision: 541262
URL: https://svnweb.freebsd.org/changeset/ports/541262

Log:
  MFH: r541261

  Update to 5.5.5

  This Update fix CVE-2020-13160: AnyDesk before 5.5.3 on Linux and FreeBSD has a format string vulnerability that can be exploited for remote code execution.

  PR:		247406
  Submitted by:	Martin Filla <freebsd@sysctl.cz> (maintainer)
  Security:	4344861a-be0b-11ea-9172-4c72b94353b5
  Sponsored by:	Netzkommune GmbH

  Approved by:	ports-secteam (with hat)

Changes:
_U  branches/2020Q3/
  branches/2020Q3/deskutils/anydesk/Makefile
  branches/2020Q3/deskutils/anydesk/distinfo
Comment 11 Mateusz Piotrowski freebsd_committer 2020-11-02 22:35:24 UTC
Was the license block commented out on purpose?

The terms of use suggest that we might need to stop distributing this package:

> In particular, the Customer shall not be permitted to duplicate, edit, make publicly accessible or sell the software or parts thereof.