diff mbox series

[meta-oe,scarthgap] freerdp3: drop CVE-2025-68118 patch

Message ID 20260112064454.100076-1-skandigraun@gmail.com
State New
Headers show
Series [meta-oe,scarthgap] freerdp3: drop CVE-2025-68118 patch | expand

Commit Message

Gyorgy Sarvari Jan. 12, 2026, 6:44 a.m. UTC 
The CVE is also ignored in the same recipe, because it is a Windows-
only vulnerability. Due to this, the patch isn't required.

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
---
 .../freerdp/freerdp3/CVE-2025-68118.patch     | 57 -------------------
 .../recipes-support/freerdp/freerdp3_3.4.0.bb |  1 -
 2 files changed, 58 deletions(-)
 delete mode 100644 meta-oe/recipes-support/freerdp/freerdp3/CVE-2025-68118.patch
diff mbox series

Patch

diff --git a/meta-oe/recipes-support/freerdp/freerdp3/CVE-2025-68118.patch b/meta-oe/recipes-support/freerdp/freerdp3/CVE-2025-68118.patch
deleted file mode 100644
index 8077d61292..0000000000
--- a/meta-oe/recipes-support/freerdp/freerdp3/CVE-2025-68118.patch
+++ /dev/null
@@ -1,57 +0,0 @@ 
-From 054ff633bb1eac3d165a501d5eb691af1faf0538 Mon Sep 17 00:00:00 2001
-From: akallabeth <akallabeth@posteo.net>
-Date: Sat, 13 Dec 2025 17:28:43 +0100
-Subject: [PATCH] [crypto,certificate_data] add some hostname sanitation
-
-CVE: CVE-2025-68118
-Upstream-Status: Backport [https://github.com/FreeRDP/FreeRDP/commit/83d96a81f320cb8a047fd4ef059a6fe4016dbeec]
-(cherry picked from commit 83d96a81f320cb8a047fd4ef059a6fe4016dbeec)
-Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
----
- libfreerdp/crypto/certificate_data.c | 14 +++++++++++---
- 1 file changed, 11 insertions(+), 3 deletions(-)
-
-diff --git a/libfreerdp/crypto/certificate_data.c b/libfreerdp/crypto/certificate_data.c
-index a48beb448..6408d5d3c 100644
---- a/libfreerdp/crypto/certificate_data.c
-+++ b/libfreerdp/crypto/certificate_data.c
-@@ -33,6 +33,8 @@
- #include <freerdp/crypto/certificate_data.h>
- 
- #include "certificate.h"
-+#include <freerdp/log.h>
-+#define TAG FREERDP_TAG("crypto.certificate_data")
- 
- #include <freerdp/log.h>
- #define TAG FREERDP_TAG("crypto")
-@@ -64,8 +66,9 @@ static BOOL freerdp_certificate_data_load_cache(rdpCertificateData* data)
- 	WINPR_ASSERT(data);
- 
- 	freerdp_certificate_data_hash_(data->hostname, data->port, data->cached_hash,
--	                               sizeof(data->cached_hash));
--	if (strnlen(data->cached_hash, sizeof(data->cached_hash)) == 0)
-+	                               sizeof(data->cached_hash) - 1);
-+	const size_t len = strnlen(data->cached_hash, sizeof(data->cached_hash));
-+	if ((len == 0) || (len >= sizeof(data->cached_hash)))
- 		goto fail;
- 
- 	data->cached_subject = freerdp_certificate_get_subject(data->cert);
-@@ -97,6 +100,11 @@ static rdpCertificateData* freerdp_certificate_data_new_nocopy(const char* hostn
- 
- 	if (!hostname || !xcert)
- 		goto fail;
-+	if (strnlen(hostname, MAX_PATH) >= MAX_PATH)
-+	{
-+		WLog_ERR(TAG, "hostname exceeds length limits");
-+		goto fail;
-+	}
- 
- 	certdata = (rdpCertificateData*)calloc(1, sizeof(rdpCertificateData));
- 
-@@ -251,5 +259,5 @@ char* freerdp_certificate_data_hash(const char* hostname, UINT16 port)
- {
- 	char name[MAX_PATH + 10] = { 0 };
- 	freerdp_certificate_data_hash_(hostname, port, name, sizeof(name));
--	return _strdup(name);
-+	return strndup(name, sizeof(name));
- }
diff --git a/meta-oe/recipes-support/freerdp/freerdp3_3.4.0.bb b/meta-oe/recipes-support/freerdp/freerdp3_3.4.0.bb
index 6e27efb5ce..55cb356be2 100644
--- a/meta-oe/recipes-support/freerdp/freerdp3_3.4.0.bb
+++ b/meta-oe/recipes-support/freerdp/freerdp3_3.4.0.bb
@@ -20,7 +20,6 @@  SRC_URI = "git://github.com/FreeRDP/FreeRDP.git;branch=master;protocol=https \
            file://CVE-2024-32661.patch \
            file://CVE-2024-32662.patch \
            file://CVE-2025-4478.patch \
-           file://CVE-2025-68118.patch \
            "
 
 S = "${WORKDIR}/git"