Bug 259386

Summary: net/freerdp: Update to 2.4.1
Product: Ports & Packages Reporter: Vladimir Druzenko <vvd>
Component: Individual Port(s)Assignee: Tobias C. Berner <tcberner>
Status: Closed FIXED    
Severity: Affects Some People CC: tcberner
Priority: --- Flags: vvd: maintainer-feedback+
tcberner: merge-quarterly+
Version: Latest   
Hardware: Any   
OS: Any   
URL: https://github.com/FreeRDP/FreeRDP/releases/tag/2.4.1
Attachments:
Description Flags
Update to 2.4.1 vvd: maintainer-approval+

Description Vladimir Druzenko freebsd_committer freebsd_triage 2021-10-23 20:07:09 UTC 
Created attachment 228968 [details]
Update to 2.4.1

Tested on 12.2-p10 amd64: check-plist, build, install, run.

FreeRDP version 2.4.1

Noteworthy changes:
    Refactored RPC gateway parsing code
    OpenSSL 3.0 compatibility fixes
    USB redirection: fixed transfer lengths

Fixed issues:
    #7363: Length checks in ConvertUTF8toUTF16
    #7349: Added checks for bitmap width and heigth values

Important notes:
    CVE-2021-41159: Improper client input validation for gateway connections allows to overwrite memory
    CVE-2021-41160: Improper region checks in all clients allow out of bound write to memory
Comment 1 commit-hook freebsd_committer freebsd_triage 2021-10-30 13:48:35 UTC 
A commit in branch main references this bug:

URL: https://cgit.FreeBSD.org/ports/commit/?id=a698098ee923a4a9a41e0d34938b6a95633bf278

commit a698098ee923a4a9a41e0d34938b6a95633bf278
Author:     VVD <vvd@unislabs.com>
AuthorDate: 2021-10-30 13:43:09 +0000
Commit:     Tobias C. Berner <tcberner@FreeBSD.org>
CommitDate: 2021-10-30 13:47:14 +0000

    net/freerdp: update to 2.4.1

    Noteworthy changes:
        * Refactored RPC gateway parsing code
        * OpenSSL 3.0 compatibility fixes
        * USB redirection: fixed transfer lengths

    Fixed issues:
        * #7363: Length checks in ConvertUTF8toUTF16
        * #7349: Added checks for bitmap width and heigth values

    Important notes:
        * CVE-2021-41159: Improper client input validation for gateway
          connections allows to overwrite memory
        * CVE-2021-41160: Improper region checks in all clients allow out of
          bound write to memory

    PR:             259386

 net/freerdp/Makefile | 3 +--
 net/freerdp/distinfo | 6 +++---
 2 files changed, 4 insertions(+), 5 deletions(-)
Comment 2 commit-hook freebsd_committer freebsd_triage 2021-10-30 14:14:39 UTC 
A commit in branch 2021Q4 references this bug:

URL: https://cgit.FreeBSD.org/ports/commit/?id=69d25555f33e662fd5131e5279ee74733844f845

commit 69d25555f33e662fd5131e5279ee74733844f845
Author:     VVD <vvd@unislabs.com>
AuthorDate: 2021-10-30 13:43:09 +0000
Commit:     Tobias C. Berner <tcberner@FreeBSD.org>
CommitDate: 2021-10-30 14:13:59 +0000

    net/freerdp: update to 2.4.1

    Noteworthy changes:
        * Refactored RPC gateway parsing code
        * OpenSSL 3.0 compatibility fixes
        * USB redirection: fixed transfer lengths

    Fixed issues:
        * #7363: Length checks in ConvertUTF8toUTF16
        * #7349: Added checks for bitmap width and heigth values

    Important notes:
        * CVE-2021-41159: Improper client input validation for gateway
          connections allows to overwrite memory
        * CVE-2021-41160: Improper region checks in all clients allow out of
          bound write to memory

    PR:             259386
    (cherry picked from commit a698098ee923a4a9a41e0d34938b6a95633bf278)

 net/freerdp/Makefile | 4 ++--
 net/freerdp/distinfo | 6 +++---
 2 files changed, 5 insertions(+), 5 deletions(-)
Comment 3 Tobias C. Berner freebsd_committer freebsd_triage 2021-10-30 15:29:49 UTC 
Committed. thanks.