Summary: | net/freerdp: Update to 2.9.0 (CVE-2022-39316, CVE-2022-39317, CVE-2022-39318, CVE-2022-39319, CVE-2022-39320, CVE-2022-39347, CVE-2022-41877) | ||||||||
---|---|---|---|---|---|---|---|---|---|
Product: | Ports & Packages | Reporter: | Vladimir Druzenko <vvd> | ||||||
Component: | Individual Port(s) | Assignee: | Nuno Teixeira <eduardo> | ||||||
Status: | Closed FIXED | ||||||||
Severity: | Affects Many People | CC: | eduardo | ||||||
Priority: | --- | Flags: | vvd:
maintainer-feedback+
vvd: merge-quarterly? |
||||||
Version: | Latest | ||||||||
Hardware: | Any | ||||||||
OS: | Any | ||||||||
URL: | https://www.freerdp.com/2022/11/16/2_9_0-release | ||||||||
Attachments: |
|
Hello, Working on a vuxml entry. Created attachment 239001 [details]
vuxml entry
Use this PR to submit any changes to vuxml if needed.
A commit in branch main references this bug: URL: https://cgit.FreeBSD.org/ports/commit/?id=0b16928300fd7e1377e0200456d73dc6cb03d65e commit 0b16928300fd7e1377e0200456d73dc6cb03d65e Author: VVD <vvd@unislabs.com> AuthorDate: 2022-12-24 15:44:41 +0000 Commit: Nuno Teixeira <eduardo@FreeBSD.org> CommitDate: 2022-12-24 15:48:09 +0000 net/freerdp: Update to 2.9.0 (security fixes) Notewhorth changes: * Backported #8252: Support sending server redirection PDU * Backported #8406: Ensure X11 client cursor is never smaller 1x1 * Backported #8403: Fixed multiple client side input validation issues (CVE-2022-39316, CVE-2022-39317, CVE-2022-39318, CVE-2022-39319, CVE-2022-39320, CVE-2022-41877, CVE-2022-39347) * Backported #7282: Proxy server now discards input events sent before activation was received * Backported #8324: Internal replacements for md4, md5 and hmac-md5 For the time being the RDP protocol requires these outdated hash algorithms. So any distribution that wants to ship a working FreeRDP should check the options WITH_INTERNAL_MD4 (and depending on OpenSSL deprecation status WITH_INTERNAL_MD5) Fixed issues: * Backported #8341: Null checks in winpr_Digest_Free * Backported #8335: Missing NULL return in winpr_Digest_New * Backported #8192: Support for audin version 2 microphone channel * Backported #7282: Discard input events before activation (Fixes #8374) ChangeLog: https://www.freerdp.com/2022/11/16/2_9_0-release PR: 268539 MFH: 2022Q4 Security: 1f0421b1-8398-11ed-973d-002b67dfc673 net/freerdp/Makefile | 5 +---- net/freerdp/distinfo | 6 +++--- 2 files changed, 4 insertions(+), 7 deletions(-) A commit in branch main references this bug: URL: https://cgit.FreeBSD.org/ports/commit/?id=d3a551156d23de88dc83df9551ccb3a225efd67c commit d3a551156d23de88dc83df9551ccb3a225efd67c Author: Nuno Teixeira <eduardo@FreeBSD.org> AuthorDate: 2022-12-24 15:07:21 +0000 Commit: Nuno Teixeira <eduardo@FreeBSD.org> CommitDate: 2022-12-24 15:48:09 +0000 security/vuxml: Document FreeRDP multiple vulnerabilities PR: 268539 security/vuxml/vuln/2022.xml | 44 ++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 44 insertions(+) A commit in branch 2022Q4 references this bug: URL: https://cgit.FreeBSD.org/ports/commit/?id=5d1e679770b943a5946132de106c3d6e2ee7854c commit 5d1e679770b943a5946132de106c3d6e2ee7854c Author: VVD <vvd@unislabs.com> AuthorDate: 2022-12-24 15:44:41 +0000 Commit: Nuno Teixeira <eduardo@FreeBSD.org> CommitDate: 2022-12-24 16:06:21 +0000 net/freerdp: Update to 2.9.0 (security fixes) Notewhorth changes: * Backported #8252: Support sending server redirection PDU * Backported #8406: Ensure X11 client cursor is never smaller 1x1 * Backported #8403: Fixed multiple client side input validation issues (CVE-2022-39316, CVE-2022-39317, CVE-2022-39318, CVE-2022-39319, CVE-2022-39320, CVE-2022-41877, CVE-2022-39347) * Backported #7282: Proxy server now discards input events sent before activation was received * Backported #8324: Internal replacements for md4, md5 and hmac-md5 For the time being the RDP protocol requires these outdated hash algorithms. So any distribution that wants to ship a working FreeRDP should check the options WITH_INTERNAL_MD4 (and depending on OpenSSL deprecation status WITH_INTERNAL_MD5) Fixed issues: * Backported #8341: Null checks in winpr_Digest_Free * Backported #8335: Missing NULL return in winpr_Digest_New * Backported #8192: Support for audin version 2 microphone channel * Backported #7282: Discard input events before activation (Fixes #8374) ChangeLog: https://www.freerdp.com/2022/11/16/2_9_0-release PR: 268539 MFH: 2022Q4 Security: 1f0421b1-8398-11ed-973d-002b67dfc673 (cherry picked from commit 0b16928300fd7e1377e0200456d73dc6cb03d65e) net/freerdp/Makefile | 6 ++---- net/freerdp/distinfo | 6 +++--- 2 files changed, 5 insertions(+), 7 deletions(-) Committed, thanks! |
Created attachment 239000 [details] Update to 2.9.0 Tested on 13.1-p5 amd64: check-plist, install, run and connect to server. # 2022-11-16 Version 2.9.0 Notewhorth changes: * Backported #8252: Support sending server redirection PDU * Backported #8406: Ensure X11 client cursor is never smaller 1x1 * Backported #8403: Fixed multiple client side input validation issues (CVE-2022-39316, CVE-2022-39317, CVE-2022-39318, CVE-2022-39319, CVE-2022-39320, CVE-2022-41877, CVE-2022-39347) * Backported #7282: Proxy server now discards input events sent before activation was received * Backported #8324: Internal replacements for md4, md5 and hmac-md5 For the time being the RDP protocol requires these outdated hash algorithms. So any distribution that wants to ship a working FreeRDP should check the options WITH_INTERNAL_MD4 (and depending on OpenSSL deprecation status WITH_INTERNAL_MD5) Fixed issues: * Backported #8341: Null checks in winpr_Digest_Free * Backported #8335: Missing NULL return in winpr_Digest_New * Backported #8192: Support for audin version 2 microphone channel * Backported #7282: Discard input events before activation (Fixes #8374)