* [Buildroot] [PATCH 1/1] package/freerdp: security bump to version 2.1.1
@ 2020-05-21 14:39 Fabrice Fontaine
2020-05-22 7:57 ` Peter Korsgaard
2020-05-31 21:10 ` Peter Korsgaard
0 siblings, 2 replies; 3+ messages in thread
From: Fabrice Fontaine @ 2020-05-21 14:39 UTC (permalink / raw)
To: buildroot
From ChangeLog:
- CVE: GHSL-2020-100 OOB Read in ntlm_read_ChallengeMessage
- CVE: GHSL-2020-101 OOB Read in security_fips_decrypt due to
uninitialized value
- CVE: GHSL-2020-102 OOB Write in crypto_rsa_common
- Enforce synchronous legacy RDP encryption count (#6156)
- Fixed some leaks and crashes missed in 2.1.0
- Removed dynamic channel listener limits
- Lots of resource cleanup fixes (clang sanitizers)
https://github.com/FreeRDP/FreeRDP/blob/2.1.1/ChangeLog
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
---
package/freerdp/freerdp.hash | 4 ++--
package/freerdp/freerdp.mk | 2 +-
2 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/package/freerdp/freerdp.hash b/package/freerdp/freerdp.hash
index b94ca10533..a6100271fd 100644
--- a/package/freerdp/freerdp.hash
+++ b/package/freerdp/freerdp.hash
@@ -1,5 +1,5 @@
-# From https://pub.freerdp.com/releases/freerdp-2.0.1.tar.gz.sha256
-sha256 2c4841c6a52fb153346436447708cbae7b479a7d8112d093e95d8c98f084be1b freerdp-2.1.0.tar.gz
+# From https://pub.freerdp.com/releases/freerdp-2.1.1.tar.gz.sha256
+sha256 6c6bf72fba1058ca6524c040d0825e4cdaa88682884a6c1c360e1cd5b8e21723 freerdp-2.1.1.tar.gz
# Locally calculated
sha256 cfc7749b96f63bd31c3c42b5c471bf756814053e847c10f3eb003417bc523d30 LICENSE
diff --git a/package/freerdp/freerdp.mk b/package/freerdp/freerdp.mk
index d3038bd5c2..f3bc26ac52 100644
--- a/package/freerdp/freerdp.mk
+++ b/package/freerdp/freerdp.mk
@@ -4,7 +4,7 @@
#
################################################################################
-FREERDP_VERSION = 2.1.0
+FREERDP_VERSION = 2.1.1
FREERDP_SITE = https://pub.freerdp.com/releases
FREERDP_DEPENDENCIES = libglib2 openssl zlib
FREERDP_LICENSE = Apache-2.0
--
2.26.2
^ permalink raw reply related [flat|nested] 3+ messages in thread
* [Buildroot] [PATCH 1/1] package/freerdp: security bump to version 2.1.1
2020-05-21 14:39 [Buildroot] [PATCH 1/1] package/freerdp: security bump to version 2.1.1 Fabrice Fontaine
@ 2020-05-22 7:57 ` Peter Korsgaard
2020-05-31 21:10 ` Peter Korsgaard
1 sibling, 0 replies; 3+ messages in thread
From: Peter Korsgaard @ 2020-05-22 7:57 UTC (permalink / raw)
To: buildroot
>>>>> "Fabrice" == Fabrice Fontaine <fontaine.fabrice@gmail.com> writes:
> From ChangeLog:
> - CVE: GHSL-2020-100 OOB Read in ntlm_read_ChallengeMessage
> - CVE: GHSL-2020-101 OOB Read in security_fips_decrypt due to
> uninitialized value
> - CVE: GHSL-2020-102 OOB Write in crypto_rsa_common
> - Enforce synchronous legacy RDP encryption count (#6156)
> - Fixed some leaks and crashes missed in 2.1.0
> - Removed dynamic channel listener limits
> - Lots of resource cleanup fixes (clang sanitizers)
> https://github.com/FreeRDP/FreeRDP/blob/2.1.1/ChangeLog
> Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Committed, thanks.
--
Bye, Peter Korsgaard
^ permalink raw reply [flat|nested] 3+ messages in thread
* [Buildroot] [PATCH 1/1] package/freerdp: security bump to version 2.1.1
2020-05-21 14:39 [Buildroot] [PATCH 1/1] package/freerdp: security bump to version 2.1.1 Fabrice Fontaine
2020-05-22 7:57 ` Peter Korsgaard
@ 2020-05-31 21:10 ` Peter Korsgaard
1 sibling, 0 replies; 3+ messages in thread
From: Peter Korsgaard @ 2020-05-31 21:10 UTC (permalink / raw)
To: buildroot
>>>>> "Fabrice" == Fabrice Fontaine <fontaine.fabrice@gmail.com> writes:
> From ChangeLog:
> - CVE: GHSL-2020-100 OOB Read in ntlm_read_ChallengeMessage
> - CVE: GHSL-2020-101 OOB Read in security_fips_decrypt due to
> uninitialized value
> - CVE: GHSL-2020-102 OOB Write in crypto_rsa_common
> - Enforce synchronous legacy RDP encryption count (#6156)
> - Fixed some leaks and crashes missed in 2.1.0
> - Removed dynamic channel listener limits
> - Lots of resource cleanup fixes (clang sanitizers)
> https://github.com/FreeRDP/FreeRDP/blob/2.1.1/ChangeLog
> Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Committed to 2020.02.x, thanks.
--
Bye, Peter Korsgaard
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2020-05-31 21:10 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-05-21 14:39 [Buildroot] [PATCH 1/1] package/freerdp: security bump to version 2.1.1 Fabrice Fontaine
2020-05-22 7:57 ` Peter Korsgaard
2020-05-31 21:10 ` Peter Korsgaard
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.