From 5a76d8a8ee89378ca1ae9271ee59ce4939101588 Mon Sep 17 00:00:00 2001 From: Fabrice Fontaine Date: Thu, 21 Oct 2021 18:55:32 +0200 Subject: [PATCH] package/freerdp: security bump to version 2.4.1 - Fix CVE-2021-41159: Improper client input validation for gateway connections allows to overwrite memory - Fix CVE-2021-41160: Improper region checks in all clients allow out of bound write to memory https://github.com/FreeRDP/FreeRDP/releases/tag/2.4.1 Signed-off-by: Fabrice Fontaine Signed-off-by: Thomas Petazzoni (cherry picked from commit f5dc5f47f567ff3cfc0e782503d659d462b3d212) Signed-off-by: Peter Korsgaard --- package/freerdp/freerdp.hash | 4 ++-- package/freerdp/freerdp.mk | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/package/freerdp/freerdp.hash b/package/freerdp/freerdp.hash index a6cc16c9ad..637e57e8b0 100644 --- a/package/freerdp/freerdp.hash +++ b/package/freerdp/freerdp.hash @@ -1,5 +1,5 @@ -# From https://pub.freerdp.com/releases/freerdp-2.4.0.tar.gz.sha256 -sha256 10ec9b06d74182b354ae288c8e621d94c0fb189b0c3b14a59867ab4c414c08b5 freerdp-2.4.0.tar.gz +# From https://pub.freerdp.com/releases/freerdp-2.4.1.tar.gz.sha256 +sha256 ef75c87926643a0d0041f6556e343ac037380d4260c64885e7cdd20da0147edf freerdp-2.4.1.tar.gz # Locally calculated sha256 cfc7749b96f63bd31c3c42b5c471bf756814053e847c10f3eb003417bc523d30 LICENSE diff --git a/package/freerdp/freerdp.mk b/package/freerdp/freerdp.mk index 1ff6feeaa7..40a3904024 100644 --- a/package/freerdp/freerdp.mk +++ b/package/freerdp/freerdp.mk @@ -4,7 +4,7 @@ # ################################################################################ -FREERDP_VERSION = 2.4.0 +FREERDP_VERSION = 2.4.1 FREERDP_SITE = https://pub.freerdp.com/releases FREERDP_DEPENDENCIES = libglib2 openssl zlib FREERDP_LICENSE = Apache-2.0