Created attachment 213259 [details]
Update to 2.0.0
FreeRDP 2.0.0 require newer version of libusb compared to base system have.
There are several errors during build.
1. Undeclared LIBUSB_CLASS_PHYSICAL, patch (hack?) is:
@@ -75,4 +75,8 @@
const char* usb_interface_class_to_string(uint8_t class);
+#define LIBUSB_CLASS_PHYSICAL 5
#endif /* FREERDP_CHANNEL_URBDRC_CLIENT_LIBUSB_UDEVICE_H */
2. Undeclared LIBUSB_CAP_HAS_HOTPLUG - doesn't know how to do better than just add:
#define LIBUSB_CAP_HAS_HOTPLUG 0x0001
3. No include file mntent.h - got solution from devel/fam.
4. Undeclared O_TMPFILE in FreeBSD. Fix is here:
@@ -33,6 +33,11 @@
+/* uClibc and uClibc-ng don't provide O_TMPFILE */
+#define O_TMPFILE (020000000 | O_DIRECTORY)
5. Doesn't know is msusb.h needed - it was moved in sources, and I removed it from pkg-plist.
After that it build fine and connect via rdp to server. Tested on 12.1 amd64.
Looping hselasky@ in on this for points #1 and #2, as he's the libusb maintainer.
Created attachment 214534 [details]
Update to 2.1.0
Released 2.1.0 with a lot of CVE fixed:
# 2020-05-05 Version 2.1.0
* fix multiple CVEs: CVE-2020-11039, CVE-2020-11038, CVE-2020-11043, CVE-2020-11040, CVE-2020-11041, CVE-2020-11019, CVE-2020-11017, CVE-2020-11018
# 2020-04-09 Version 2.0.0
* fix multiple CVEs: CVE-2020-11521 CVE-2020-11522 CVE-2020-11523 CVE-2020-11524 CVE-2020-11525 CVE-2020-11526
Created attachment 214848 [details]
Update to 2.1.1
2020-05-20 Version 2.1.1:
* CVE: GHSL-2020-100 OOB Read in ntlm_read_ChallengeMessage
* CVE: GHSL-2020-101 OOB Read in security_fips_decrypt due to uninitialized value
* CVE: GHSL-2020-102 OOB Write in crypto_rsa_common
Created attachment 214934 [details]
Update to 2.1.1
It was old file.
Created attachment 214940 [details]
svn(1) diff against the ports tree
Proposed VuXML entry.
Created attachment 214941 [details]
Proposed vuxml entry
Include the 2.1.1 vulns, too
FreeRDP patch LGTM; CC'ing koobs@ as my mentor. Can you confirm that you've ran this through testport?
i was hoping Hans would pitch in on the libusb-related part, but alas; I'll poke him about it afterwards.