Bug 248198 - net/freerdp: Update to 2.2.0 with fixed CVE-2020-15103
Summary: net/freerdp: Update to 2.2.0 with fixed CVE-2020-15103
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Many People
Assignee: Kyle Evans
URL: https://www.freerdp.com/2020/07/20/2_...
Keywords:
Depends on:
Blocks:
 
Reported: 2020-07-23 08:07 UTC by Vladimir Druzenko
Modified: 2020-07-28 18:30 UTC (History)
1 user (show)

See Also:
bugzilla: maintainer-feedback? (kevans)
vvd: maintainer-feedback?
vvd: merge-quarterly?

Attachments
Update to 2.2.0 with fixed CVE-2020-15103 (1.56 KB, patch)
2020-07-23 08:07 UTC, Vladimir Druzenko 		no flags Details | Diff
Update to 2.2.0 with fixed CVE-2020-15103 (1.90 KB, patch)
2020-07-23 10:21 UTC, Vladimir Druzenko 		vvd: maintainer-approval?
Details | Diff
Show Obsolete (1) View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Vladimir Druzenko freebsd_committer freebsd_triage 2020-07-23 08:07:01 UTC 
Created attachment 216690 [details]
Update to 2.2.0 with fixed CVE-2020-15103

https://github.com/FreeRDP/FreeRDP/releases/tag/2.2.0

FreeRDP version 2.2.0
    SECURITY: CVE-2020-15103 - Integer overflow due to missing input sanitation in rdpegfx channel
    #6263 Sound & mic - filter GSM codec for microphone redirection
    #6335: windows client title length
    #6370 - "Alternate Secondary Drawing Order UNKNOWN"
    #6298 - remoteapp with dialog is disconnecting when it loses focus
    #6299 - v2.1.2: Can't connect to Windows7
Noteworty changes:
    fix: memory leak in nsc
    urbdrc
        some fixes and improvements
    build
        use cmake to detect getlogin_r
        improve asan checks/detection
    server/proxy
        new: support for heartbeats
        new: support for rail handshake ex flags
        fix: possible race condition with redirects

Tested on 12.1 amd64: make test/check-plist/install and run.
Comment 1 Vladimir Druzenko freebsd_committer freebsd_triage 2020-07-23 10:21:41 UTC 
Created attachment 216696 [details]
Update to 2.2.0 with fixed CVE-2020-15103

+ switch to use release tarball: https://pub.freerdp.com/releases/
Comment 2 commit-hook freebsd_committer freebsd_triage 2020-07-28 04:38:59 UTC 
A commit references this bug:

Author: kevans
Date: Tue Jul 28 04:38:20 UTC 2020
New revision: 543570
URL: https://svnweb.freebsd.org/changeset/ports/543570

Log:
  security/vuxml: document new vulnerability in net/freerdp < 2.2.0

  PR:		248198

Changes:
  head/security/vuxml/vuln.xml
Comment 3 commit-hook freebsd_committer freebsd_triage 2020-07-28 04:41:02 UTC 
A commit references this bug:

Author: kevans
Date: Tue Jul 28 04:40:49 UTC 2020
New revision: 543571
URL: https://svnweb.freebsd.org/changeset/ports/543571

Log:
  net/freerdp: update to security/bugfix release 2.2.0

  This update primarily fixes CVE-2020-15103. See the full changelog for
  other bugfixes that were included:

  https://github.com/FreeRDP/FreeRDP/releases/tag/2.2.0

  PR:		248198
  Submitted by:	VVD <vvd unislabs com>
  MFH:		2020Q3
  Security:	a955cdb7-d089-11ea-8c6f-080027eedc6a

Changes:
  head/net/freerdp/Makefile
  head/net/freerdp/distinfo
  head/net/freerdp/pkg-plist
Comment 4 Vladimir Druzenko freebsd_committer freebsd_triage 2020-07-28 06:01:35 UTC 
Thanks!
Comment 5 commit-hook freebsd_committer freebsd_triage 2020-07-28 18:30:28 UTC 
A commit references this bug:

Author: kevans
Date: Tue Jul 28 18:30:10 UTC 2020
New revision: 543627
URL: https://svnweb.freebsd.org/changeset/ports/543627

Log:
  MFH: r543571

  net/freerdp: update to security/bugfix release 2.2.0

  This update primarily fixes CVE-2020-15103. See the full changelog for
  other bugfixes that were included:

  https://github.com/FreeRDP/FreeRDP/releases/tag/2.2.0

  PR:		248198
  Submitted by:	VVD <vvd unislabs com>
  Security:	a955cdb7-d089-11ea-8c6f-080027eedc6a

  Approved by:	ports-secteam (joneum)

Changes:
_U  branches/2020Q3/
  branches/2020Q3/net/freerdp/Makefile
  branches/2020Q3/net/freerdp/distinfo
  branches/2020Q3/net/freerdp/pkg-plist