[Desktop-packages] [Bug 1873514] Re: Ubuntu uses insecure FreeRDP version
2.1.1 is now in all releases: https://usn.ubuntu.com/4379-1/ ** Changed in: freerdp2 (Ubuntu) Status: Confirmed => Fix Released -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to freerdp2 in Ubuntu. https://bugs.launchpad.net/bugs/1873514 Title: Ubuntu uses insecure FreeRDP version Status in freerdp2 package in Ubuntu: Fix Released Bug description: FreeRDP has been released some days ago and fixes several security issues as can be seen at https://github.com/FreeRDP/FreeRDP/blob/2.0.0/ChangeLog. However Ubuntu and in particular 20.04 does not yet provide the released version but uses an outdated version. Please upgrade to the released version of FreeRDP before releasing 20.04. Thanks, Joachim To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/freerdp2/+bug/1873514/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
[Desktop-packages] [Bug 1873514] Re: Ubuntu uses insecure FreeRDP version
Thanks. I deliberately wasn't going to use cairo instead of libswscale as I read it may cause performance issues for image scaling. I didn't test it so some testing is needed to see if it matters or is even used with guacamole. -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to freerdp2 in Ubuntu. https://bugs.launchpad.net/bugs/1873514 Title: Ubuntu uses insecure FreeRDP version Status in freerdp2 package in Ubuntu: Confirmed Bug description: FreeRDP has been released some days ago and fixes several security issues as can be seen at https://github.com/FreeRDP/FreeRDP/blob/2.0.0/ChangeLog. However Ubuntu and in particular 20.04 does not yet provide the released version but uses an outdated version. Please upgrade to the released version of FreeRDP before releasing 20.04. Thanks, Joachim To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/freerdp2/+bug/1873514/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
[Desktop-packages] [Bug 1873514] Re: Ubuntu uses insecure FreeRDP version
You can get untested packages in the security team PPA here: https://launchpad.net/~ubuntu-security- proposed/+archive/ubuntu/ppa/+packages -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to freerdp2 in Ubuntu. https://bugs.launchpad.net/bugs/1873514 Title: Ubuntu uses insecure FreeRDP version Status in freerdp2 package in Ubuntu: Confirmed Bug description: FreeRDP has been released some days ago and fixes several security issues as can be seen at https://github.com/FreeRDP/FreeRDP/blob/2.0.0/ChangeLog. However Ubuntu and in particular 20.04 does not yet provide the released version but uses an outdated version. Please upgrade to the released version of FreeRDP before releasing 20.04. Thanks, Joachim To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/freerdp2/+bug/1873514/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
[Desktop-packages] [Bug 1873514] Re: Ubuntu uses insecure FreeRDP version
Thanks much appreciated. I've got a development build from the freerdp- daily PPA but it's pretty clear that the symbols still need appropriate mapping. The Debian build has some it for the 2.1.0 build they started. It's clearly some kind of backwards compatibility logic but I'm unclear on intent. I'm still trying to figure out if the new freerdp2-2.1.1 package really should have libswscale support. That is desirable to the guacamole package but it is unclear if that package will need the support in freerdp2. I suspect it would be easy to add with a libswscale-dev build require to freerdp2's packaging and it should pick it up. -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to freerdp2 in Ubuntu. https://bugs.launchpad.net/bugs/1873514 Title: Ubuntu uses insecure FreeRDP version Status in freerdp2 package in Ubuntu: Confirmed Bug description: FreeRDP has been released some days ago and fixes several security issues as can be seen at https://github.com/FreeRDP/FreeRDP/blob/2.0.0/ChangeLog. However Ubuntu and in particular 20.04 does not yet provide the released version but uses an outdated version. Please upgrade to the released version of FreeRDP before releasing 20.04. Thanks, Joachim To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/freerdp2/+bug/1873514/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
[Desktop-packages] [Bug 1873514] Re: Ubuntu uses insecure FreeRDP version
FYI, my current plan is to release 2.1.1 to all Ubuntu stable releases. I am currently fixing incompatibilities with the new version in vinagre, gnome-boxes, and remmina. -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to freerdp2 in Ubuntu. https://bugs.launchpad.net/bugs/1873514 Title: Ubuntu uses insecure FreeRDP version Status in freerdp2 package in Ubuntu: Confirmed Bug description: FreeRDP has been released some days ago and fixes several security issues as can be seen at https://github.com/FreeRDP/FreeRDP/blob/2.0.0/ChangeLog. However Ubuntu and in particular 20.04 does not yet provide the released version but uses an outdated version. Please upgrade to the released version of FreeRDP before releasing 20.04. Thanks, Joachim To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/freerdp2/+bug/1873514/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
[Desktop-packages] [Bug 1873514] Re: Ubuntu uses insecure FreeRDP version
FYI a Debian developer has started on freerdp 2.1.0, nothing is released as of yet. I took a look at all the symbols in that package and was taking the wrong approach so I didn't use my attempt. The freerdp-daily repository guys have also kindly packaged 2.1.1. -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to freerdp2 in Ubuntu. https://bugs.launchpad.net/bugs/1873514 Title: Ubuntu uses insecure FreeRDP version Status in freerdp2 package in Ubuntu: Confirmed Bug description: FreeRDP has been released some days ago and fixes several security issues as can be seen at https://github.com/FreeRDP/FreeRDP/blob/2.0.0/ChangeLog. However Ubuntu and in particular 20.04 does not yet provide the released version but uses an outdated version. Please upgrade to the released version of FreeRDP before releasing 20.04. Thanks, Joachim To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/freerdp2/+bug/1873514/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
[Desktop-packages] [Bug 1873514] Re: Ubuntu uses insecure FreeRDP version
I suspect freerdp2 was derailed in politics much like the stalls and eventual removal of a package for guacamole-server. What is currently deployed in Ubuntu focal is a alpha development snapshot of freerdp2 2.0.0 which is buggy to the point of being unusable for Apache guacamole and has significant security holes. There are 14 CVEs currently listed as fixed in freerdp 2.1.0. The advisories, which are a recent additional reflective of the maturity of the product, can be found here: https://github.com/FreeRDP/FreeRDP/security/advisories It's hard to get an exact number on security issues between that development snapshot and the stable release but freerdp went through a lot of development before the recent stable releases appeared. Hundreds to thousands of issues fixed and some of them will have had security impact. An alpha development snapshot may been needed temporarily in an LTS release but it should be replaced with something stable once it is available. I have no interest in the politics and have not managed to navigate the bureaucracy needed to contribute packages to Debian and Ubuntu. I am trying to see if I can leverage the freerdp2 daily builds to build a stable package for freerdp 2.1.1 which is the current stable release. I'm also trying to see if I can take the 0.9.9 Debian package of Apache Guacamole and rebuild it around 1.1.0 and eventually 1.2.0 as that release is what will be stable on 20.04. If someone can help grease inclusion of the resulting packages that would be appreciated. -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to freerdp2 in Ubuntu. https://bugs.launchpad.net/bugs/1873514 Title: Ubuntu uses insecure FreeRDP version Status in freerdp2 package in Ubuntu: Confirmed Bug description: FreeRDP has been released some days ago and fixes several security issues as can be seen at https://github.com/FreeRDP/FreeRDP/blob/2.0.0/ChangeLog. However Ubuntu and in particular 20.04 does not yet provide the released version but uses an outdated version. Please upgrade to the released version of FreeRDP before releasing 20.04. Thanks, Joachim To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/freerdp2/+bug/1873514/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
[Desktop-packages] [Bug 1873514] Re: Ubuntu uses insecure FreeRDP version
sha256 is now used instead of sha1 - this is probably as important as the (yet unpublished) CVEs as it is seen as a breaking change by some colleagues. The change is however only breaking for those that donĀ“t install trustworthy certificates. -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to freerdp2 in Ubuntu. https://bugs.launchpad.net/bugs/1873514 Title: Ubuntu uses insecure FreeRDP version Status in freerdp2 package in Ubuntu: Confirmed Bug description: FreeRDP has been released some days ago and fixes several security issues as can be seen at https://github.com/FreeRDP/FreeRDP/blob/2.0.0/ChangeLog. However Ubuntu and in particular 20.04 does not yet provide the released version but uses an outdated version. Please upgrade to the released version of FreeRDP before releasing 20.04. Thanks, Joachim To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/freerdp2/+bug/1873514/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
[Desktop-packages] [Bug 1873514] Re: Ubuntu uses insecure FreeRDP version
Thank you for your bug report, it sounds a bit late now to include it before release but should be a security update to at least fix the CVE issues ** Changed in: freerdp2 (Ubuntu) Importance: Undecided => High ** Changed in: freerdp2 (Ubuntu) Status: New => Confirmed -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to freerdp2 in Ubuntu. https://bugs.launchpad.net/bugs/1873514 Title: Ubuntu uses insecure FreeRDP version Status in freerdp2 package in Ubuntu: Confirmed Bug description: FreeRDP has been released some days ago and fixes several security issues as can be seen at https://github.com/FreeRDP/FreeRDP/blob/2.0.0/ChangeLog. However Ubuntu and in particular 20.04 does not yet provide the released version but uses an outdated version. Please upgrade to the released version of FreeRDP before releasing 20.04. Thanks, Joachim To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/freerdp2/+bug/1873514/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
[Desktop-packages] [Bug 1873514] Re: Ubuntu uses insecure FreeRDP version
** Information type changed from Private Security to Public Security -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to freerdp2 in Ubuntu. https://bugs.launchpad.net/bugs/1873514 Title: Ubuntu uses insecure FreeRDP version Status in freerdp2 package in Ubuntu: New Bug description: FreeRDP has been released some days ago and fixes several security issues as can be seen at https://github.com/FreeRDP/FreeRDP/blob/2.0.0/ChangeLog. However Ubuntu and in particular 20.04 does not yet provide the released version but uses an outdated version. Please upgrade to the released version of FreeRDP before releasing 20.04. Thanks, Joachim To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/freerdp2/+bug/1873514/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp