Package Release Info

freerdp2-2.11.7-bp160.1.14

Update Info: Base Release
Available in Package Hub : 16.0

platforms

AArch64
ppc64le
s390x
x86-64

subpackages

freerdp2

freerdp2-devel

freerdp2-proxy

freerdp2-server

libfreerdp2-2

libwinpr2-2

winpr2-devel

Change Logs

* Mon Jun 03 2024 Hans-Peter Jansen <hpj@urpla.net>

- Update to 2.11.7
  + Backported oss-fuzz fixes
- Update to 2.11.6
  + CVE:
  * CVE-2024-32041 [Low[ OutOfBound Read in
    zgfx_decompress_segment
  * CVE-2024-32039 [Moderate] Integer overflow & OutOfBound Write
    in clear_decompress_residual_data
  * CVE-2024-32040 [Low] integer underflow in nsc_rle_decode
  * CVE-2024-32458 [Low] OutOfBound Read in planar_skip_plane_rle
  * CVE-2024-32459 [Low] OutOfBound Read in ncrush_decompress
  * CVE-2024-32460 [Low] OutOfBound Read in
    interleaved_decompress
  + Noteworthy changes:
  * Backported #10077
- Remove these patches, applied upstream:
  + freerdp-CVE-2023-40574-to-2023-40576.patch
  + freerdp-CVE-2024-32658.patch
  + freerdp-CVE-2024-32659.patch
  + freerdp-CVE-2024-32660.patch

* Thu May 23 2024 Daike Yu <yu.daike@suse.com>

- Multiple CVE fixes
  + Add freerdp-CVE-2024-32659.patch (bsc#1223346, CVE-2024-32659)
  - out-of-bounds read if `((nWidth == 0) and (nHeight == 0))`
  + Add freerdp-CVE-2024-32660.patch (bsc#1223347, CVE-2024-32660)
  - client crash via invalid huge allocation size
  + Add freerdp-CVE-2024-32661.patch (bsc#1223348, CVE-2024-32661)
  - client NULL pointer dereference
  + Add freerdp-CVE-2024-32658.patch (bsc#1223353, CVE-2024-32658)
  - out-of-bounds read in Interleaved RLE Bitmap Codec in FreeRDP based clients

* Wed Apr 10 2024 Hans-Peter Jansen <hpj@urpla.net>

- Add xfreerdp binary/man builds back with new name: xfreerdp2

* Tue Apr 09 2024 Christophe Marin <christophe@krop.fr>

- Add patch to avoid unneeded dependencies when using winpr-devel:
  * 0001-Don-t-add-winpr-cli-tools-to-exported-CMake-targets.patch

* Tue Apr 02 2024 Joan Torres <joan.torres@suse.com>

- Update Source0 URL to make it valid with the actual Source0.

* Tue Mar 26 2024 Joan Torres <joan.torres@suse.com>

- Fix file conflict of wlog.7 with freerdp3

* Thu Mar 14 2024 Joan Torres <joan.torres@suse.com>

- Update to version 2.11.5:
  * Fix integer overflow in progressive decoder
  * Update OpenSSL API usage for compatiblility with newer versions (#9747)
  * Prevent NULL dereference for single thread decoder (#9712)

* Thu Mar 14 2024 Joan Torres <joan.torres@suse.com>

- Modify package names to freerdp2:
  * This allows to have a freerdp version 2 and freerdp version 3
    simultaneously installed

* Tue Feb 06 2024 Daike Yu <yu.daike@suse.com>

- Add freerdp-CVE-2023-40574-to-2023-40576.patch
  * Fix CVE-2023-40574 - bsc#1214869
    Out-Of-Bounds Write in general_YUV444ToRGB_8u_P3AC4R_BGRX
  * Fix CVE-2023-40575 - bsc#1214870
    Out-Of-Bounds Read in general_YUV444ToRGB_8u_P3AC4R_BGRX
  * Fix CVE-2023-40576 - bsc#1214871
    Out-Of-Bounds Read in RleDecompress

* Thu Nov 16 2023 Christophe Marin <christophe@krop.fr>

- Fix winpr-devel dependencies. WinePRTargets-*.cmake defines
  CMake targets for winpr-hash and winpr-makecert. They have to be
  present.