Bug 248198

Summary: net/freerdp: Update to 2.2.0 with fixed CVE-2020-15103
Product: Ports & Packages Reporter: VVD <vvd>
Component: Individual Port(s)Assignee: Kyle Evans <kevans>
Status: Closed FIXED    
Severity: Affects Many People CC: ports-secteam
Priority: --- Flags: bugzilla: maintainer-feedback? (kevans)
vvd: maintainer-feedback?
vvd: merge-quarterly?
Version: Latest   
Hardware: Any   
OS: Any   
URL: https://www.freerdp.com/2020/07/20/2_2_0-released
Attachments:
Description Flags
Update to 2.2.0 with fixed CVE-2020-15103
none
Update to 2.2.0 with fixed CVE-2020-15103 vvd: maintainer-approval?

Description VVD 2020-07-23 08:07:01 UTC
Created attachment 216690 [details]
Update to 2.2.0 with fixed CVE-2020-15103

https://github.com/FreeRDP/FreeRDP/releases/tag/2.2.0

FreeRDP version 2.2.0
    SECURITY: CVE-2020-15103 - Integer overflow due to missing input sanitation in rdpegfx channel
    #6263 Sound & mic - filter GSM codec for microphone redirection
    #6335: windows client title length
    #6370 - "Alternate Secondary Drawing Order UNKNOWN"
    #6298 - remoteapp with dialog is disconnecting when it loses focus
    #6299 - v2.1.2: Can't connect to Windows7
Noteworty changes:
    fix: memory leak in nsc
    urbdrc
        some fixes and improvements
    build
        use cmake to detect getlogin_r
        improve asan checks/detection
    server/proxy
        new: support for heartbeats
        new: support for rail handshake ex flags
        fix: possible race condition with redirects

Tested on 12.1 amd64: make test/check-plist/install and run.
Comment 1 VVD 2020-07-23 10:21:41 UTC
Created attachment 216696 [details]
Update to 2.2.0 with fixed CVE-2020-15103

+ switch to use release tarball: https://pub.freerdp.com/releases/
Comment 2 commit-hook freebsd_committer 2020-07-28 04:38:59 UTC
A commit references this bug:

Author: kevans
Date: Tue Jul 28 04:38:20 UTC 2020
New revision: 543570
URL: https://svnweb.freebsd.org/changeset/ports/543570

Log:
  security/vuxml: document new vulnerability in net/freerdp < 2.2.0

  PR:		248198

Changes:
  head/security/vuxml/vuln.xml
Comment 3 commit-hook freebsd_committer 2020-07-28 04:41:02 UTC
A commit references this bug:

Author: kevans
Date: Tue Jul 28 04:40:49 UTC 2020
New revision: 543571
URL: https://svnweb.freebsd.org/changeset/ports/543571

Log:
  net/freerdp: update to security/bugfix release 2.2.0

  This update primarily fixes CVE-2020-15103. See the full changelog for
  other bugfixes that were included:

  https://github.com/FreeRDP/FreeRDP/releases/tag/2.2.0

  PR:		248198
  Submitted by:	VVD <vvd unislabs com>
  MFH:		2020Q3
  Security:	a955cdb7-d089-11ea-8c6f-080027eedc6a

Changes:
  head/net/freerdp/Makefile
  head/net/freerdp/distinfo
  head/net/freerdp/pkg-plist
Comment 4 VVD 2020-07-28 06:01:35 UTC
Thanks!
Comment 5 commit-hook freebsd_committer 2020-07-28 18:30:28 UTC
A commit references this bug:

Author: kevans
Date: Tue Jul 28 18:30:10 UTC 2020
New revision: 543627
URL: https://svnweb.freebsd.org/changeset/ports/543627

Log:
  MFH: r543571

  net/freerdp: update to security/bugfix release 2.2.0

  This update primarily fixes CVE-2020-15103. See the full changelog for
  other bugfixes that were included:

  https://github.com/FreeRDP/FreeRDP/releases/tag/2.2.0

  PR:		248198
  Submitted by:	VVD <vvd unislabs com>
  Security:	a955cdb7-d089-11ea-8c6f-080027eedc6a

  Approved by:	ports-secteam (joneum)

Changes:
_U  branches/2020Q3/
  branches/2020Q3/net/freerdp/Makefile
  branches/2020Q3/net/freerdp/distinfo
  branches/2020Q3/net/freerdp/pkg-plist