Bug 248198 - net/freerdp: Update to 2.2.0 with fixed CVE-2020-15103
Summary: net/freerdp: Update to 2.2.0 with fixed CVE-2020-15103
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Many People
Assignee: Kyle Evans
URL: https://www.freerdp.com/2020/07/20/2_...
Keywords:
Depends on:
Blocks:
 
Reported: 2020-07-23 08:07 UTC by VVD
Modified: 2020-07-28 18:30 UTC (History)
1 user (show)

See Also:
bugzilla: maintainer-feedback? (kevans)
vvd: maintainer-feedback?
vvd: merge-quarterly?


Attachments
Update to 2.2.0 with fixed CVE-2020-15103 (1.56 KB, patch)
2020-07-23 08:07 UTC, VVD
no flags Details | Diff
Update to 2.2.0 with fixed CVE-2020-15103 (1.90 KB, patch)
2020-07-23 10:21 UTC, VVD
vvd: maintainer-approval?
Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description VVD 2020-07-23 08:07:01 UTC
Created attachment 216690 [details]
Update to 2.2.0 with fixed CVE-2020-15103

https://github.com/FreeRDP/FreeRDP/releases/tag/2.2.0

FreeRDP version 2.2.0
    SECURITY: CVE-2020-15103 - Integer overflow due to missing input sanitation in rdpegfx channel
    #6263 Sound & mic - filter GSM codec for microphone redirection
    #6335: windows client title length
    #6370 - "Alternate Secondary Drawing Order UNKNOWN"
    #6298 - remoteapp with dialog is disconnecting when it loses focus
    #6299 - v2.1.2: Can't connect to Windows7
Noteworty changes:
    fix: memory leak in nsc
    urbdrc
        some fixes and improvements
    build
        use cmake to detect getlogin_r
        improve asan checks/detection
    server/proxy
        new: support for heartbeats
        new: support for rail handshake ex flags
        fix: possible race condition with redirects

Tested on 12.1 amd64: make test/check-plist/install and run.
Comment 1 VVD 2020-07-23 10:21:41 UTC
Created attachment 216696 [details]
Update to 2.2.0 with fixed CVE-2020-15103

+ switch to use release tarball: https://pub.freerdp.com/releases/
Comment 2 commit-hook freebsd_committer 2020-07-28 04:38:59 UTC
A commit references this bug:

Author: kevans
Date: Tue Jul 28 04:38:20 UTC 2020
New revision: 543570
URL: https://svnweb.freebsd.org/changeset/ports/543570

Log:
  security/vuxml: document new vulnerability in net/freerdp < 2.2.0

  PR:		248198

Changes:
  head/security/vuxml/vuln.xml
Comment 3 commit-hook freebsd_committer 2020-07-28 04:41:02 UTC
A commit references this bug:

Author: kevans
Date: Tue Jul 28 04:40:49 UTC 2020
New revision: 543571
URL: https://svnweb.freebsd.org/changeset/ports/543571

Log:
  net/freerdp: update to security/bugfix release 2.2.0

  This update primarily fixes CVE-2020-15103. See the full changelog for
  other bugfixes that were included:

  https://github.com/FreeRDP/FreeRDP/releases/tag/2.2.0

  PR:		248198
  Submitted by:	VVD <vvd unislabs com>
  MFH:		2020Q3
  Security:	a955cdb7-d089-11ea-8c6f-080027eedc6a

Changes:
  head/net/freerdp/Makefile
  head/net/freerdp/distinfo
  head/net/freerdp/pkg-plist
Comment 4 VVD 2020-07-28 06:01:35 UTC
Thanks!
Comment 5 commit-hook freebsd_committer 2020-07-28 18:30:28 UTC
A commit references this bug:

Author: kevans
Date: Tue Jul 28 18:30:10 UTC 2020
New revision: 543627
URL: https://svnweb.freebsd.org/changeset/ports/543627

Log:
  MFH: r543571

  net/freerdp: update to security/bugfix release 2.2.0

  This update primarily fixes CVE-2020-15103. See the full changelog for
  other bugfixes that were included:

  https://github.com/FreeRDP/FreeRDP/releases/tag/2.2.0

  PR:		248198
  Submitted by:	VVD <vvd unislabs com>
  Security:	a955cdb7-d089-11ea-8c6f-080027eedc6a

  Approved by:	ports-secteam (joneum)

Changes:
_U  branches/2020Q3/
  branches/2020Q3/net/freerdp/Makefile
  branches/2020Q3/net/freerdp/distinfo
  branches/2020Q3/net/freerdp/pkg-plist