new file mode 100644
@@ -0,0 +1,28 @@
+From 060f7b71c2ae62c2253a387efe27b0593d04a1ae Mon Sep 17 00:00:00 2001
+From: Christian Beier <info@christianbeier.net>
+Date: Sat, 21 Nov 2020 12:52:31 +0100
+Subject: [PATCH] libvncclient: free vncRec memory in rfbClientCleanup()
+
+Otherwise we leak memory. Spotted by Ramin Farajpour Cami
+<ramin.blackhat@gmail.com>, thanks!
+
+CVE: CVE-2020-29260
+Upstream-Status: Backport [https://github.com/LibVNC/libvncserver/commit/bef41f6ec4097a8ee094f90a1b34a708fbd757ec]
+Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
+---
+ libvncclient/vncviewer.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/libvncclient/vncviewer.c b/libvncclient/vncviewer.c
+index d6b91f02..0a1bdcf6 100644
+--- a/libvncclient/vncviewer.c
++++ b/libvncclient/vncviewer.c
+@@ -534,6 +534,8 @@ void rfbClientCleanup(rfbClient* client) {
+ client->clientData = next;
+ }
+
++ free(client->vncRec);
++
+ if (client->sock != RFB_INVALID_SOCKET)
+ rfbCloseSocket(client->sock);
+ if (client->listenSock != RFB_INVALID_SOCKET)
@@ -44,7 +44,9 @@ FILES:libvncclient = "${libdir}/libvncclient.*"
inherit cmake
-SRC_URI = "git://github.com/LibVNC/libvncserver;branch=master;protocol=https"
+SRC_URI = "git://github.com/LibVNC/libvncserver;branch=master;protocol=https \
+ file://CVE-2020-29260.patch \
+ "
SRCREV = "2aa20dad4c23c18948d3f63b33f9dfec1f837729"
S = "${WORKDIR}/git"
Details: https://nvd.nist.gov/vuln/detail/CVE-2020-29260 Pick the patch referenced by the NVD report. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> --- .../libvncserver/CVE-2020-29260.patch | 28 +++++++++++++++++++ .../libvncserver/libvncserver_0.9.13.bb | 4 ++- 2 files changed, 31 insertions(+), 1 deletion(-) create mode 100644 meta-oe/recipes-graphics/libvncserver/libvncserver/CVE-2020-29260.patch