Change logs for freerdp2 source package in Noble

freerdp2 (2.11.5+dfsg1-1build2) noble; urgency=medium

  * No-change rebuild against libssl3t64.

 -- Colin Watson <email address hidden>  Mon, 15 Apr 2024 19:28:29 +0100

freerdp2 (2.11.5+dfsg1-1build1) noble; urgency=medium

  * No-change rebuild for CVE-2024-3094

 -- Steve Langasek <email address hidden>  Sun, 31 Mar 2024 05:22:54 +0000

freerdp2 (2.11.5+dfsg1-1) unstable; urgency=medium

  * New upstream release.
    - CVE-2024-22211: Fix integer overflow in progressive decoder. (Closes:
      #1061173).
  * Upload time_t64 changes to unstable. (Closes: #1061952).
  * debian/watch:
    + Adjust so we only see 2.x release.
  * debian/control:
    + Switch from pkg-config to pkgconf. Thanks, lintian.

 -- Mike Gabriel <email address hidden>  Mon, 25 Mar 2024 16:09:04 +0100

freerdp2 (2.11.2+dfsg1-1build3) noble; urgency=medium

  * No-change rebuild against libcups2t64.

 -- Michael Hudson-Doyle <email address hidden>  Wed, 20 Mar 2024 13:47:50 +1300

freerdp2 (2.11.2+dfsg1-1build2) noble; urgency=medium

  * No-change rebuild against libssl3t64

 -- Steve Langasek <email address hidden>  Mon, 04 Mar 2024 17:56:08 +0000

freerdp2 (2.11.2+dfsg1-1build1) noble; urgency=medium

  * No-change rebuild for ICU soname change.

 -- Matthias Klose <email address hidden>  Tue, 19 Dec 2023 11:06:12 +0100

freerdp2 (2.11.2+dfsg1-1) unstable; urgency=medium

  * New upstream release. (Closes: #1051638).
  * Fixed security issues since v2.11.0:
    - CVE-2023-40589: [codec,ncrush] fix index checks properly verify all
      offsets while decoding data.
    - CVE-2023-40567: Fix out-of-bounds write in the
      `clear_decompress_bands_data` function.
    - CVE-2023-40188: Fix out-of-bounds read in the `general_LumaToYUV444`
      function.
    - CVE-2023-40186: Fix out-of-bounds write in the `gdi_CreateSurface`
      function.
    - CVE-2023-40181: Fix out-of-bounds read in the `zgfx_decompress_segment`
      function.
    - CVE-2023-39356: Fix out-of-bounds read in the `gdi_multi_opaque_rect`
      function.
    - CVE-2023-39355: Fix use-after-free in processing
      `RDPGFX_CMDID_RESETGRAPHICS` packets.
    - CVE-2023-39354: Fix out-of-bounds read in the `nsc_rle_decompress_data`
      function.
    - CVE-2023-39353: Fix missing offset validation leading to out-of-bounds
      read in the `libfreerdp/codec/rfx.c` file.
    - CVE-2023-39352: Fix invalid offset validation leading to out-of-bounds
      write.
    - CVE-2023-39351: Fix null-pointer-dereference leading a crash in the
      RemoteFX (rfx) handling.
    - CVE-2023-39350: Fix integer underflow leading to DOS (e.g. abort due to
      `WINPR_ASSERT` with default compilation flags).
  * debian/patches:
    + Drop 0001_fix_ftbfs_1041377.patch. Applied upstream.
  * debian/control:
    + Add B-D: libkrb5-dev.
  * debian/rules:
    + Add -DWITH_KERBEROS=ON configure option. (Closes: #1036095).
  * debian/watch:
    + Rework file. Find all released versions of freerdp2. (Closes: #1053317).
      Thanks to Tobias Frost for sending a patch.

 -- Mike Gabriel <email address hidden>  Sun, 01 Oct 2023 23:21:15 +0200

freerdp2 (2.10.0+dfsg1-1.1ubuntu1) mantic; urgency=medium

  * SECURITY UPDATE: integer underflow
    - debian/patches/CVE-2023-39350.patch: validates package length to prevent
      possible out of bound read
    - CVE-2023-39350
  * SECURITY UPDATE: null pointer dereference
    - debian/patches/CVE-2023-39351.patch: frees content of currentMessage on
      fail to prevent null pointer access when processing next package
    - CVE-2023-39351
  * SECURITY UPDATE: missing offset validation
    - debian/patches/CVE-2023-39353-01.patch: validates offset to prevent
      possible out of bound read
    - debian/patches/CVE-2023-39353-02.patch: fixes issues with the original
      patch
    - CVE-2023-39353
  * SECURITY UPDATE: missing input validation
    - debian/patches/CVE-2023-39354.patch: validates input length to prevent
      possible out of bound read
    - CVE-2023-39354
  * SECURITY UPDATE: integer underflow
    - debian/patches/CVE-2023-40181.patch: fixes cBitsRemaining calculation to
      prevent possible out of bound read
    - CVE-2023-40181
  * SECURITY UPDATE: integer overflow
    - debian/patches/CVE-2023-40186.patch: fixes integer multiplication to
      prevent possible out of bound write
    - CVE-2023-40186
  * SECURITY UPDATE: missing input validation
    - debian/patches/ensure_integer_width.patch: ensures integer width
    - debian/patches/CVE-2023-40188.patch: validates input length to prevent
      possible out of bound read
    - CVE-2023-40188
  * SECURITY UPDATE: missing offset validation
    - debian/patches/CVE-2023-40567.patch: validates offset to prevent
      possible out of bound write
    - CVE-2023-40567
  * SECURITY UPDATE: incorrect parameter calculation
    - debian/patches/CVE-2023-40569.patch: fixes nXSrc and nYSrc calculation
      to prevent possible out of bound write
    - CVE-2023-40569
  * SECURITY UPDATE: global buffer overflow
    - debian/patches/CVE-2023-40589.patch: fixes index checks
    - CVE-2023-40589

 -- Jorge Sancho Larraz <email address hidden>  Wed, 04 Oct 2023 15:07:16 +0200