| Message ID | 20250320202606.1679616-1-peter.marko@siemens.com |
|---|---|
| State | Accepted |
| Headers | show |
| Series | [meta-something,1/3] freerdp: patch CVE-2024-32661 | expand |
Thanks for the patches, I noticed the subject line says meta-something for the layer name which I did not understand, is that a typo? On Thu, Mar 20, 2025 at 1:26 PM Peter Marko via lists.openembedded.org <peter.marko=siemens.com@lists.openembedded.org> wrote: > > From: Peter Marko <peter.marko@siemens.com> > > Pick commit [1] as mentioned in [2] or [3]. > > [1] https://github.com/FreeRDP/FreeRDP/commit/71e463e31b4d69f4022d36bfc814592f56600793 > [2] https://nvd.nist.gov/vuln/detail/CVE-2024-32661 > [3] https://security-tracker.debian.org/tracker/CVE-2024-32661 > > Signed-off-by: Peter Marko <peter.marko@siemens.com> > --- > .../freerdp/freerdp/CVE-2024-32661.patch | 27 +++++++++++++++++++ > .../recipes-support/freerdp/freerdp_2.11.7.bb | 1 + > 2 files changed, 28 insertions(+) > create mode 100644 meta-oe/recipes-support/freerdp/freerdp/CVE-2024-32661.patch > > diff --git a/meta-oe/recipes-support/freerdp/freerdp/CVE-2024-32661.patch b/meta-oe/recipes-support/freerdp/freerdp/CVE-2024-32661.patch > new file mode 100644 > index 0000000000..002135b5e4 > --- /dev/null > +++ b/meta-oe/recipes-support/freerdp/freerdp/CVE-2024-32661.patch > @@ -0,0 +1,27 @@ > +From 71e463e31b4d69f4022d36bfc814592f56600793 Mon Sep 17 00:00:00 2001 > +From: akallabeth <akallabeth@posteo.net> > +Date: Sun, 21 Apr 2024 13:56:13 +0200 > +Subject: [PATCH] [core,info] fix missing check in rdp_write_logon_info_v1 > + > +CVE: CVE-2024-32661 > +Upstream-Status: Backport [https://github.com/FreeRDP/FreeRDP/commit/71e463e31b4d69f4022d36bfc814592f56600793] > +Signed-off-by: Peter Marko <peter.marko@siemens.com> > +--- > + libfreerdp/core/info.c | 4 ++++ > + 1 file changed, 4 insertions(+) > + > +diff --git a/libfreerdp/core/info.c b/libfreerdp/core/info.c > +index 7d6eec137..3395e4d2e 100644 > +--- a/libfreerdp/core/info.c > ++++ b/libfreerdp/core/info.c > +@@ -1322,6 +1322,10 @@ static BOOL rdp_write_logon_info_v1(wStream* s, logon_info* info) > + return FALSE; > + > + /* domain */ > ++ WINPR_ASSERT(info); > ++ if (!info->domain || !info->username) > ++ return FALSE; > ++ > + ilen = ConvertToUnicode(CP_UTF8, 0, info->domain, -1, &wString, 0); > + > + if (ilen < 0) > diff --git a/meta-oe/recipes-support/freerdp/freerdp_2.11.7.bb b/meta-oe/recipes-support/freerdp/freerdp_2.11.7.bb > index ee4d4530d6..870c3ffe2f 100644 > --- a/meta-oe/recipes-support/freerdp/freerdp_2.11.7.bb > +++ b/meta-oe/recipes-support/freerdp/freerdp_2.11.7.bb > @@ -20,6 +20,7 @@ SRC_URI = "git://github.com/FreeRDP/FreeRDP.git;branch=stable-2.0;protocol=https > file://0001-Fix-const-qualifier-error.patch \ > file://0002-Do-not-install-tools-a-CMake-targets.patch \ > file://0001-Fixed-compilation-warnings-in-ainput-channel.patch \ > + file://CVE-2024-32661.patch \ > " > > S = "${WORKDIR}/git" > > -=-=-=-=-=-=-=-=-=-=-=- > Links: You receive all messages sent to this group. > View/Reply Online (#116142): https://lists.openembedded.org/g/openembedded-devel/message/116142 > Mute This Topic: https://lists.openembedded.org/mt/111816531/1997914 > Group Owner: openembedded-devel+owner@lists.openembedded.org > Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [raj.khem@gmail.com] > -=-=-=-=-=-=-=-=-=-=-=- >
It's a copy paste from my template. Previously I was always having meta-oe for everyting (e.g. meta-python). I guess I'll return my template back to meta-oe, as that looks better if I forget to change it. Peter > -----Original Message----- > From: Khem Raj <raj.khem@gmail.com> > Sent: Thursday, March 20, 2025 21:32 > To: Marko, Peter (FT D EU SK BFS1) <Peter.Marko@siemens.com> > Cc: openembedded-devel@lists.openembedded.org > Subject: Re: [oe] [meta-something][PATCH 1/3] freerdp: patch CVE-2024-32661 > > Thanks for the patches, I noticed the subject line says meta-something > for the layer name which I did not understand, is that a typo? > > On Thu, Mar 20, 2025 at 1:26 PM Peter Marko via lists.openembedded.org > <peter.marko=siemens.com@lists.openembedded.org> wrote: > > > > From: Peter Marko <peter.marko@siemens.com> > > > > Pick commit [1] as mentioned in [2] or [3]. > > > > [1] > https://github.com/FreeRDP/FreeRDP/commit/71e463e31b4d69f4022d36bfc81459 > 2f56600793 > > [2] https://nvd.nist.gov/vuln/detail/CVE-2024-32661 > > [3] https://security-tracker.debian.org/tracker/CVE-2024-32661 > > > > Signed-off-by: Peter Marko <peter.marko@siemens.com> > > --- > > .../freerdp/freerdp/CVE-2024-32661.patch | 27 +++++++++++++++++++ > > .../recipes-support/freerdp/freerdp_2.11.7.bb | 1 + > > 2 files changed, 28 insertions(+) > > create mode 100644 meta-oe/recipes-support/freerdp/freerdp/CVE-2024- > 32661.patch > > > > diff --git a/meta-oe/recipes-support/freerdp/freerdp/CVE-2024-32661.patch > b/meta-oe/recipes-support/freerdp/freerdp/CVE-2024-32661.patch > > new file mode 100644 > > index 0000000000..002135b5e4 > > --- /dev/null > > +++ b/meta-oe/recipes-support/freerdp/freerdp/CVE-2024-32661.patch > > @@ -0,0 +1,27 @@ > > +From 71e463e31b4d69f4022d36bfc814592f56600793 Mon Sep 17 00:00:00 > 2001 > > +From: akallabeth <akallabeth@posteo.net> > > +Date: Sun, 21 Apr 2024 13:56:13 +0200 > > +Subject: [PATCH] [core,info] fix missing check in rdp_write_logon_info_v1 > > + > > +CVE: CVE-2024-32661 > > +Upstream-Status: Backport > [https://github.com/FreeRDP/FreeRDP/commit/71e463e31b4d69f4022d36bfc81459 > 2f56600793] > > +Signed-off-by: Peter Marko <peter.marko@siemens.com> > > +--- > > + libfreerdp/core/info.c | 4 ++++ > > + 1 file changed, 4 insertions(+) > > + > > +diff --git a/libfreerdp/core/info.c b/libfreerdp/core/info.c > > +index 7d6eec137..3395e4d2e 100644 > > +--- a/libfreerdp/core/info.c > > ++++ b/libfreerdp/core/info.c > > +@@ -1322,6 +1322,10 @@ static BOOL rdp_write_logon_info_v1(wStream* s, > logon_info* info) > > + return FALSE; > > + > > + /* domain */ > > ++ WINPR_ASSERT(info); > > ++ if (!info->domain || !info->username) > > ++ return FALSE; > > ++ > > + ilen = ConvertToUnicode(CP_UTF8, 0, info->domain, -1, &wString, 0); > > + > > + if (ilen < 0) > > diff --git a/meta-oe/recipes-support/freerdp/freerdp_2.11.7.bb b/meta-oe/recipes- > support/freerdp/freerdp_2.11.7.bb > > index ee4d4530d6..870c3ffe2f 100644 > > --- a/meta-oe/recipes-support/freerdp/freerdp_2.11.7.bb > > +++ b/meta-oe/recipes-support/freerdp/freerdp_2.11.7.bb > > @@ -20,6 +20,7 @@ SRC_URI = > "git://github.com/FreeRDP/FreeRDP.git;branch=stable-2.0;protocol=https > > file://0001-Fix-const-qualifier-error.patch \ > > file://0002-Do-not-install-tools-a-CMake-targets.patch \ > > file://0001-Fixed-compilation-warnings-in-ainput-channel.patch \ > > + file://CVE-2024-32661.patch \ > > " > > > > S = "${WORKDIR}/git" > > > > -=-=-=-=-=-=-=-=-=-=-=- > > Links: You receive all messages sent to this group. > > View/Reply Online (#116142): https://lists.openembedded.org/g/openembedded- > devel/message/116142 > > Mute This Topic: https://lists.openembedded.org/mt/111816531/1997914 > > Group Owner: openembedded-devel+owner@lists.openembedded.org > > Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub > [raj.khem@gmail.com] > > -=-=-=-=-=-=-=-=-=-=-=- > >
On Thu, Mar 20, 2025 at 1:36 PM Marko, Peter <Peter.Marko@siemens.com> wrote: > It's a copy paste from my template. > Previously I was always having meta-oe for everyting (e.g. meta-python). > I guess I'll return my template back to meta-oe, as that looks better if I > forget to change it. Thanks for clarifying you can scriptize It to insert the correct layer name in generated patches > > Peter > > > -----Original Message----- > > From: Khem Raj <raj.khem@gmail.com> > > Sent: Thursday, March 20, 2025 21:32 > > To: Marko, Peter (FT D EU SK BFS1) <Peter.Marko@siemens.com> > > Cc: openembedded-devel@lists.openembedded.org > > Subject: Re: [oe] [meta-something][PATCH 1/3] freerdp: patch > CVE-2024-32661 > > > > Thanks for the patches, I noticed the subject line says meta-something > > for the layer name which I did not understand, is that a typo? > > > > On Thu, Mar 20, 2025 at 1:26 PM Peter Marko via lists.openembedded.org > > <peter.marko=siemens.com@lists.openembedded.org> wrote: > > > > > > From: Peter Marko <peter.marko@siemens.com> > > > > > > Pick commit [1] as mentioned in [2] or [3]. > > > > > > [1] > > https://github.com/FreeRDP/FreeRDP/commit/71e463e31b4d69f4022d36bfc81459 > > 2f56600793 > > > [2] https://nvd.nist.gov/vuln/detail/CVE-2024-32661 > > > [3] https://security-tracker.debian.org/tracker/CVE-2024-32661 > > > > > > Signed-off-by: Peter Marko <peter.marko@siemens.com> > > > --- > > > .../freerdp/freerdp/CVE-2024-32661.patch | 27 +++++++++++++++++++ > > > .../recipes-support/freerdp/freerdp_2.11.7.bb | 1 + > > > 2 files changed, 28 insertions(+) > > > create mode 100644 meta-oe/recipes-support/freerdp/freerdp/CVE-2024- > > 32661.patch > > > > > > diff --git > a/meta-oe/recipes-support/freerdp/freerdp/CVE-2024-32661.patch > > b/meta-oe/recipes-support/freerdp/freerdp/CVE-2024-32661.patch > > > new file mode 100644 > > > index 0000000000..002135b5e4 > > > --- /dev/null > > > +++ b/meta-oe/recipes-support/freerdp/freerdp/CVE-2024-32661.patch > > > @@ -0,0 +1,27 @@ > > > +From 71e463e31b4d69f4022d36bfc814592f56600793 Mon Sep 17 00:00:00 > > 2001 > > > +From: akallabeth <akallabeth@posteo.net> > > > +Date: Sun, 21 Apr 2024 13:56:13 +0200 > > > +Subject: [PATCH] [core,info] fix missing check in > rdp_write_logon_info_v1 > > > + > > > +CVE: CVE-2024-32661 > > > +Upstream-Status: Backport > > [ > https://github.com/FreeRDP/FreeRDP/commit/71e463e31b4d69f4022d36bfc81459 > > 2f56600793] > > > +Signed-off-by: Peter Marko <peter.marko@siemens.com> > > > +--- > > > + libfreerdp/core/info.c | 4 ++++ > > > + 1 file changed, 4 insertions(+) > > > + > > > +diff --git a/libfreerdp/core/info.c b/libfreerdp/core/info.c > > > +index 7d6eec137..3395e4d2e 100644 > > > +--- a/libfreerdp/core/info.c > > > ++++ b/libfreerdp/core/info.c > > > +@@ -1322,6 +1322,10 @@ static BOOL rdp_write_logon_info_v1(wStream* s, > > logon_info* info) > > > + return FALSE; > > > + > > > + /* domain */ > > > ++ WINPR_ASSERT(info); > > > ++ if (!info->domain || !info->username) > > > ++ return FALSE; > > > ++ > > > + ilen = ConvertToUnicode(CP_UTF8, 0, info->domain, -1, > &wString, 0); > > > + > > > + if (ilen < 0) > > > diff --git a/meta-oe/recipes-support/freerdp/freerdp_2.11.7.bb > b/meta-oe/recipes- > > support/freerdp/freerdp_2.11.7.bb > > > index ee4d4530d6..870c3ffe2f 100644 > > > --- a/meta-oe/recipes-support/freerdp/freerdp_2.11.7.bb > > > +++ b/meta-oe/recipes-support/freerdp/freerdp_2.11.7.bb > > > @@ -20,6 +20,7 @@ SRC_URI = > > "git://github.com/FreeRDP/FreeRDP.git;branch=stable-2.0;protocol=https > > > file://0001-Fix-const-qualifier-error.patch \ > > > file://0002-Do-not-install-tools-a-CMake-targets.patch \ > > > > file://0001-Fixed-compilation-warnings-in-ainput-channel.patch \ > > > + file://CVE-2024-32661.patch \ > > > " > > > > > > S = "${WORKDIR}/git" > > > > > > -=-=-=-=-=-=-=-=-=-=-=- > > > Links: You receive all messages sent to this group. > > > View/Reply Online (#116142): > https://lists.openembedded.org/g/openembedded- > > devel/message/116142 > > > Mute This Topic: https://lists.openembedded.org/mt/111816531/1997914 > > > Group Owner: openembedded-devel+owner@lists.openembedded.org > > > Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub > > [raj.khem@gmail.com] > > > -=-=-=-=-=-=-=-=-=-=-=- > > > >
diff --git a/meta-oe/recipes-support/freerdp/freerdp/CVE-2024-32661.patch b/meta-oe/recipes-support/freerdp/freerdp/CVE-2024-32661.patch new file mode 100644 index 0000000000..002135b5e4 --- /dev/null +++ b/meta-oe/recipes-support/freerdp/freerdp/CVE-2024-32661.patch @@ -0,0 +1,27 @@ +From 71e463e31b4d69f4022d36bfc814592f56600793 Mon Sep 17 00:00:00 2001 +From: akallabeth <akallabeth@posteo.net> +Date: Sun, 21 Apr 2024 13:56:13 +0200 +Subject: [PATCH] [core,info] fix missing check in rdp_write_logon_info_v1 + +CVE: CVE-2024-32661 +Upstream-Status: Backport [https://github.com/FreeRDP/FreeRDP/commit/71e463e31b4d69f4022d36bfc814592f56600793] +Signed-off-by: Peter Marko <peter.marko@siemens.com> +--- + libfreerdp/core/info.c | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/libfreerdp/core/info.c b/libfreerdp/core/info.c +index 7d6eec137..3395e4d2e 100644 +--- a/libfreerdp/core/info.c ++++ b/libfreerdp/core/info.c +@@ -1322,6 +1322,10 @@ static BOOL rdp_write_logon_info_v1(wStream* s, logon_info* info) + return FALSE; + + /* domain */ ++ WINPR_ASSERT(info); ++ if (!info->domain || !info->username) ++ return FALSE; ++ + ilen = ConvertToUnicode(CP_UTF8, 0, info->domain, -1, &wString, 0); + + if (ilen < 0) diff --git a/meta-oe/recipes-support/freerdp/freerdp_2.11.7.bb b/meta-oe/recipes-support/freerdp/freerdp_2.11.7.bb index ee4d4530d6..870c3ffe2f 100644 --- a/meta-oe/recipes-support/freerdp/freerdp_2.11.7.bb +++ b/meta-oe/recipes-support/freerdp/freerdp_2.11.7.bb @@ -20,6 +20,7 @@ SRC_URI = "git://github.com/FreeRDP/FreeRDP.git;branch=stable-2.0;protocol=https file://0001-Fix-const-qualifier-error.patch \ file://0002-Do-not-install-tools-a-CMake-targets.patch \ file://0001-Fixed-compilation-warnings-in-ainput-channel.patch \ + file://CVE-2024-32661.patch \ " S = "${WORKDIR}/git"