[Bug 268539] net/freerdp: Update to 2.9.0 (CVE-2022-39316, CVE-2022-39317, CVE-2022-39318, CVE-2022-39319, CVE-2022-39320, CVE-2022-41877, CVE-2022-39347)

Reply: bugzilla-noreply_a_freebsd.org: "[Bug 268539] net/freerdp: Update to 2.9.0 (CVE-2022-39316, CVE-2022-39317, CVE-2022-39318, CVE-2022-39319, CVE-2022-39320, CVE-2022-41877, CVE-2022-39347)"
Reply: bugzilla-noreply_a_freebsd.org: "[Bug 268539] net/freerdp: Update to 2.9.0 (CVE-2022-39316, CVE-2022-39317, CVE-2022-39318, CVE-2022-39319, CVE-2022-39320, CVE-2022-41877, CVE-2022-39347)"
Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: <bugzilla-noreply_at_freebsd.org>
Date: Sat, 24 Dec 2022 13:57:59 UTC

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=268539

            Bug ID: 268539
           Summary: net/freerdp: Update to 2.9.0 (CVE-2022-39316,
                    CVE-2022-39317, CVE-2022-39318, CVE-2022-39319,
                    CVE-2022-39320, CVE-2022-41877, CVE-2022-39347)
           Product: Ports & Packages
           Version: Latest
          Hardware: Any
               URL: https://www.freerdp.com/2022/11/16/2_9_0-release
                OS: Any
            Status: New
          Severity: Affects Many People
          Priority: ---
         Component: Individual Port(s)
          Assignee: ports-bugs@FreeBSD.org
          Reporter: vvd@unislabs.com
 Attachment #239000 maintainer-approval+
             Flags:
             Flags: maintainer-feedback+

Created attachment 239000
  --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=239000&action=edit
Update to 2.9.0

Tested on 13.1-p5 amd64: check-plist, install, run and connect to server.

# 2022-11-16 Version 2.9.0

Notewhorth changes:
* Backported #8252: Support sending server redirection PDU
* Backported #8406: Ensure X11 client cursor is never smaller 1x1
* Backported #8403: Fixed multiple client side input validation issues
  (CVE-2022-39316, CVE-2022-39317, CVE-2022-39318, CVE-2022-39319,
         CVE-2022-39320, CVE-2022-41877, CVE-2022-39347)
* Backported #7282: Proxy server now discards input events sent before
  activation was received
* Backported #8324: Internal replacements for md4, md5 and hmac-md5
   For the time being the RDP protocol requires these outdated hash
   algorithms. So any distribution that wants to ship a working
   FreeRDP should check the options WITH_INTERNAL_MD4 (and depending
   on OpenSSL deprecation status WITH_INTERNAL_MD5)

Fixed issues:
* Backported #8341: Null checks in winpr_Digest_Free
* Backported #8335: Missing NULL return in winpr_Digest_New
* Backported #8192: Support for audin version 2 microphone channel
* Backported #7282: Discard input events before activation (Fixes #8374)

-- 
You are receiving this mail because:
You are the assignee for the bug.