Bug 248198

Summary:

net/freerdp: Update to 2.2.0 with fixed CVE-2020-15103

Product:

Ports & Packages

Reporter:

Vladimir Druzenko <vvd>

Component:

Individual Port(s)

Assignee:

Kyle Evans <kevans>

Status:

Closed FIXED

Severity:

Affects Many People

CC:

ports-secteam

Priority:

---

Flags:

bugzilla: maintainer-feedback? (kevans)
vvd: maintainer-feedback?
vvd: merge-quarterly?

Version:

Latest

Hardware:

Any

OS:

Any

URL:

https://www.freerdp.com/2020/07/20/2_2_0-released

Attachments:

Description	Flags
Update to 2.2.0 with fixed CVE-2020-15103	none
Update to 2.2.0 with fixed CVE-2020-15103	vvd: maintainer-approval?

Description Vladimir Druzenko freebsd_committer

2020-07-23 08:07:01 UTC

Created attachment 216690 [details]
Update to 2.2.0 with fixed CVE-2020-15103

https://github.com/FreeRDP/FreeRDP/releases/tag/2.2.0

FreeRDP version 2.2.0
    SECURITY: CVE-2020-15103 - Integer overflow due to missing input sanitation in rdpegfx channel
    #6263 Sound & mic - filter GSM codec for microphone redirection
    #6335: windows client title length
    #6370 - "Alternate Secondary Drawing Order UNKNOWN"
    #6298 - remoteapp with dialog is disconnecting when it loses focus
    #6299 - v2.1.2: Can't connect to Windows7
Noteworty changes:
    fix: memory leak in nsc
    urbdrc
        some fixes and improvements
    build
        use cmake to detect getlogin_r
        improve asan checks/detection
    server/proxy
        new: support for heartbeats
        new: support for rail handshake ex flags
        fix: possible race condition with redirects

Tested on 12.1 amd64: make test/check-plist/install and run.

Comment 1 Vladimir Druzenko freebsd_committer

2020-07-23 10:21:41 UTC

Created attachment 216696 [details]
Update to 2.2.0 with fixed CVE-2020-15103

+ switch to use release tarball: https://pub.freerdp.com/releases/

Comment 2 commit-hook freebsd_committer

2020-07-28 04:38:59 UTC

A commit references this bug:

Author: kevans
Date: Tue Jul 28 04:38:20 UTC 2020
New revision: 543570
URL: https://svnweb.freebsd.org/changeset/ports/543570

Log:
  security/vuxml: document new vulnerability in net/freerdp < 2.2.0

  PR:		248198

Changes:
  head/security/vuxml/vuln.xml

Comment 3 commit-hook freebsd_committer

2020-07-28 04:41:02 UTC

A commit references this bug:

Author: kevans
Date: Tue Jul 28 04:40:49 UTC 2020
New revision: 543571
URL: https://svnweb.freebsd.org/changeset/ports/543571

Log:
  net/freerdp: update to security/bugfix release 2.2.0

  This update primarily fixes CVE-2020-15103. See the full changelog for
  other bugfixes that were included:

  https://github.com/FreeRDP/FreeRDP/releases/tag/2.2.0

  PR:		248198
  Submitted by:	VVD <vvd unislabs com>
  MFH:		2020Q3
  Security:	a955cdb7-d089-11ea-8c6f-080027eedc6a

Changes:
  head/net/freerdp/Makefile
  head/net/freerdp/distinfo
  head/net/freerdp/pkg-plist

Comment 4 Vladimir Druzenko freebsd_committer

2020-07-28 06:01:35 UTC

Thanks!

Comment 5 commit-hook freebsd_committer

2020-07-28 18:30:28 UTC

A commit references this bug:

Author: kevans
Date: Tue Jul 28 18:30:10 UTC 2020
New revision: 543627
URL: https://svnweb.freebsd.org/changeset/ports/543627

Log:
  MFH: r543571

  net/freerdp: update to security/bugfix release 2.2.0

  This update primarily fixes CVE-2020-15103. See the full changelog for
  other bugfixes that were included:

  https://github.com/FreeRDP/FreeRDP/releases/tag/2.2.0

  PR:		248198
  Submitted by:	VVD <vvd unislabs com>
  Security:	a955cdb7-d089-11ea-8c6f-080027eedc6a

  Approved by:	ports-secteam (joneum)

Changes:
_U  branches/2020Q3/
  branches/2020Q3/net/freerdp/Makefile
  branches/2020Q3/net/freerdp/distinfo
  branches/2020Q3/net/freerdp/pkg-plist