Skip site navigation (1)Skip section navigation (2) 
Date:      Sat, 24 Dec 2022 13:57:59 +0000
From:      bugzilla-noreply@freebsd.org
To:        ports-bugs@FreeBSD.org
Subject:   [Bug 268539] net/freerdp: Update to 2.9.0 (CVE-2022-39316, CVE-2022-39317, CVE-2022-39318, CVE-2022-39319, CVE-2022-39320, CVE-2022-41877, CVE-2022-39347)
Message-ID:  <bug-268539-7788@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help 
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D268539

            Bug ID: 268539
           Summary: net/freerdp: Update to 2.9.0 (CVE-2022-39316,
                    CVE-2022-39317, CVE-2022-39318, CVE-2022-39319,
                    CVE-2022-39320, CVE-2022-41877, CVE-2022-39347)
           Product: Ports & Packages
           Version: Latest
          Hardware: Any
               URL: https://www.freerdp.com/2022/11/16/2_9_0-release
                OS: Any
            Status: New
          Severity: Affects Many People
          Priority: ---
         Component: Individual Port(s)
          Assignee: ports-bugs@FreeBSD.org
          Reporter: vvd@unislabs.com
 Attachment #239000 maintainer-approval+
             Flags:
             Flags: maintainer-feedback+

Created attachment 239000
  --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=3D239000&action=
=3Dedit
Update to 2.9.0

Tested on 13.1-p5 amd64: check-plist, install, run and connect to server.

# 2022-11-16 Version 2.9.0

Notewhorth changes:
* Backported #8252: Support sending server redirection PDU
* Backported #8406: Ensure X11 client cursor is never smaller 1x1
* Backported #8403: Fixed multiple client side input validation issues
  (CVE-2022-39316, CVE-2022-39317, CVE-2022-39318, CVE-2022-39319,
         CVE-2022-39320, CVE-2022-41877, CVE-2022-39347)
* Backported #7282: Proxy server now discards input events sent before
  activation was received
* Backported #8324: Internal replacements for md4, md5 and hmac-md5
   For the time being the RDP protocol requires these outdated hash
   algorithms. So any distribution that wants to ship a working
   FreeRDP should check the options WITH_INTERNAL_MD4 (and depending
   on OpenSSL deprecation status WITH_INTERNAL_MD5)

Fixed issues:
* Backported #8341: Null checks in winpr_Digest_Free
* Backported #8335: Missing NULL return in winpr_Digest_New
* Backported #8192: Support for audin version 2 microphone channel
* Backported #7282: Discard input events before activation (Fixes #8374)

--=20
You are receiving this mail because:
You are the assignee for the bug.=

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-268539-7788>