Bug 259386 - net/freerdp: Update to 2.4.1
Summary: net/freerdp: Update to 2.4.1
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Some People
Assignee: Tobias C. Berner
URL: https://github.com/FreeRDP/FreeRDP/re...
Keywords:
Depends on:
Blocks:
 
Reported: 2021-10-23 20:07 UTC by VVD
Modified: 2021-10-30 15:29 UTC (History)
1 user (show)

See Also:
vvd: maintainer-feedback+
tcberner: merge-quarterly+


Attachments
Update to 2.4.1 (835 bytes, patch)
2021-10-23 20:07 UTC, VVD
vvd: maintainer-approval+
Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description VVD 2021-10-23 20:07:09 UTC
Created attachment 228968 [details]
Update to 2.4.1

Tested on 12.2-p10 amd64: check-plist, build, install, run.

FreeRDP version 2.4.1

Noteworthy changes:
    Refactored RPC gateway parsing code
    OpenSSL 3.0 compatibility fixes
    USB redirection: fixed transfer lengths

Fixed issues:
    #7363: Length checks in ConvertUTF8toUTF16
    #7349: Added checks for bitmap width and heigth values

Important notes:
    CVE-2021-41159: Improper client input validation for gateway connections allows to overwrite memory
    CVE-2021-41160: Improper region checks in all clients allow out of bound write to memory
Comment 1 commit-hook freebsd_committer 2021-10-30 13:48:35 UTC
A commit in branch main references this bug:

URL: https://cgit.FreeBSD.org/ports/commit/?id=a698098ee923a4a9a41e0d34938b6a95633bf278

commit a698098ee923a4a9a41e0d34938b6a95633bf278
Author:     VVD <vvd@unislabs.com>
AuthorDate: 2021-10-30 13:43:09 +0000
Commit:     Tobias C. Berner <tcberner@FreeBSD.org>
CommitDate: 2021-10-30 13:47:14 +0000

    net/freerdp: update to 2.4.1

    Noteworthy changes:
        * Refactored RPC gateway parsing code
        * OpenSSL 3.0 compatibility fixes
        * USB redirection: fixed transfer lengths

    Fixed issues:
        * #7363: Length checks in ConvertUTF8toUTF16
        * #7349: Added checks for bitmap width and heigth values

    Important notes:
        * CVE-2021-41159: Improper client input validation for gateway
          connections allows to overwrite memory
        * CVE-2021-41160: Improper region checks in all clients allow out of
          bound write to memory

    PR:             259386

 net/freerdp/Makefile | 3 +--
 net/freerdp/distinfo | 6 +++---
 2 files changed, 4 insertions(+), 5 deletions(-)
Comment 2 commit-hook freebsd_committer 2021-10-30 14:14:39 UTC
A commit in branch 2021Q4 references this bug:

URL: https://cgit.FreeBSD.org/ports/commit/?id=69d25555f33e662fd5131e5279ee74733844f845

commit 69d25555f33e662fd5131e5279ee74733844f845
Author:     VVD <vvd@unislabs.com>
AuthorDate: 2021-10-30 13:43:09 +0000
Commit:     Tobias C. Berner <tcberner@FreeBSD.org>
CommitDate: 2021-10-30 14:13:59 +0000

    net/freerdp: update to 2.4.1

    Noteworthy changes:
        * Refactored RPC gateway parsing code
        * OpenSSL 3.0 compatibility fixes
        * USB redirection: fixed transfer lengths

    Fixed issues:
        * #7363: Length checks in ConvertUTF8toUTF16
        * #7349: Added checks for bitmap width and heigth values

    Important notes:
        * CVE-2021-41159: Improper client input validation for gateway
          connections allows to overwrite memory
        * CVE-2021-41160: Improper region checks in all clients allow out of
          bound write to memory

    PR:             259386
    (cherry picked from commit a698098ee923a4a9a41e0d34938b6a95633bf278)

 net/freerdp/Makefile | 4 ++--
 net/freerdp/distinfo | 6 +++---
 2 files changed, 5 insertions(+), 5 deletions(-)
Comment 3 Tobias C. Berner freebsd_committer 2021-10-30 15:29:49 UTC
Committed. thanks.