[meta-oe,01/13] freerdp: patch CVE-2026-22852

Message ID	20260223191850.1049304-1-skandigraun@gmail.com
State	New
Headers	show Return-Path: <skandigraun@gmail.com> ip: 209.85.221.54, mailfrom: skandigraun@gmail.com) From: Gyorgy Sarvari <skandigraun@gmail.com> To: openembedded-devel@lists.openembedded.org Subject: [meta-oe][PATCH 01/13] freerdp: patch CVE-2026-22852 Date: Mon, 23 Feb 2026 20:18:38 +0100 Message-ID: <20260223191850.1049304-1-skandigraun@gmail.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit
Series	[meta-oe,01/13] freerdp: patch CVE-2026-22852 \| expand [meta-oe,01/13] freerdp: patch CVE-2026-22852 [meta-oe,02/13] freerdp: ignore CVE-2026-22853 [meta-gnome,03/13] gimp: ignore already fixed CVEs [meta-gnome,04/13] gnome-shell: ignore CVE-2021-3982 [meta-oe,05/13] libcdio: mark CVE-2024-36600 fixed [meta-multimedia,06/13] minidlna: ignore CVE-2024-51442 [meta-oe,07/13] openjpeg: patch CVE-2023-39327 [meta-oe,08/13] polkit: add info about CVE-2016-2568 [meta-oe,09/13] protobuf: ignore CVE-2026-0994 [meta-oe,10/13] live555: upgrade 20210824 -> 20260112 [meta-python,11/13] python3-pillow: upgrade 12.1.0 -> 12.1.1 [meta-python,12/13] python3-werkzeug: upgrade 3.1.5 -> 3.1.6 [meta-webserver,13/13] webmin: patch CVE-2025-67738

Message ID

20260223191850.1049304-1-skandigraun@gmail.com

State

New

Headers

From: Gyorgy Sarvari <skandigraun@gmail.com>
To: openembedded-devel@lists.openembedded.org
Subject: [meta-oe][PATCH 01/13] freerdp: patch CVE-2026-22852
Date: Mon, 23 Feb 2026 20:18:38 +0100
Message-ID: <20260223191850.1049304-1-skandigraun@gmail.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit

Series

[meta-oe,01/13] freerdp: patch CVE-2026-22852 | expand

Commit Message

Gyorgy Sarvari Feb. 23, 2026, 7:18 p.m. UTC

Details: https://nvd.nist.gov/vuln/detail/CVE-2026-22852

The related github advisory[1] comes with an analysis of the
vulnerability, including pointing to the vulnerable code
snippet. Backported the commit that touched the mentioned
code part in the fixed version, and is in line with the
description of the issue.

Ptests passed successfully.

[1]: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-9chc-g79v-4qq4

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
---
 .../freerdp/freerdp/CVE-2026-22852.patch      | 27 +++++++++++++++++++
 .../recipes-support/freerdp/freerdp_2.11.7.bb |  1 +
 2 files changed, 28 insertions(+)
 create mode 100644 meta-oe/recipes-support/freerdp/freerdp/CVE-2026-22852.patch

Comments

Gyorgy Sarvari Feb. 23, 2026, 7:20 p.m. UTC | #1

This one is arguably an opinionated patch. Feel free to speak up if you
don't like it.


On 2/23/26 20:18, Gyorgy Sarvari via lists.openembedded.org wrote:
> Details: https://nvd.nist.gov/vuln/detail/CVE-2024-51442
>
> The description of the vulnerability says "attacker [...] execute arbitrary
> OS commands via a specially crafted minidlna.conf configuration file".
>
> There is no official fix for this CVE, and upstream seems to be inactive
> for the past 3 years.
>
> The reason for ignoring this CVE is that the referenced minidlna.conf
> file is in the /etc folder, and the file is not world-writable. Which
> means that this vulnerability can be exploited only when someone is
> root - but if the attacker is already root, they don't need to resort
> to minidlna config-file modifications to execute any command they want.
>
> Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
> ---
>  meta-multimedia/recipes-multimedia/minidlna/minidlna.inc | 1 +
>  1 file changed, 1 insertion(+)
>
> diff --git a/meta-multimedia/recipes-multimedia/minidlna/minidlna.inc b/meta-multimedia/recipes-multimedia/minidlna/minidlna.inc
> index cb2a1865e8..0dd297098c 100644
> --- a/meta-multimedia/recipes-multimedia/minidlna/minidlna.inc
> +++ b/meta-multimedia/recipes-multimedia/minidlna/minidlna.inc
> @@ -43,3 +43,4 @@ SYSTEMD_SERVICE:${PN} = "minidlna.service"
>  INITSCRIPT_NAME = "minidlna"
>  INITSCRIPT_PARAMS = "defaults 90"
>  
> +CVE_STATUS[CVE-2024-51442] = "not-applicable-config: vulnerability requires root access"
>
> -=-=-=-=-=-=-=-=-=-=-=-
> Links: You receive all messages sent to this group.
> View/Reply Online (#124560): https://lists.openembedded.org/g/openembedded-devel/message/124560
> Mute This Topic: https://lists.openembedded.org/mt/117963231/6084445
> Group Owner: openembedded-devel+owner@lists.openembedded.org
> Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [skandigraun@gmail.com]
> -=-=-=-=-=-=-=-=-=-=-=-
>

diff --git a/meta-oe/recipes-support/freerdp/freerdp/CVE-2026-22852.patch b/meta-oe/recipes-support/freerdp/freerdp/CVE-2026-22852.patch
new file mode 100644
index 0000000000..aa6952fb7d
--- /dev/null
+++ b/meta-oe/recipes-support/freerdp/freerdp/CVE-2026-22852.patch
@@ -0,0 +1,27 @@ 
+From e3391e8d160f4b1b43d53b4a7d462a3601c45408 Mon Sep 17 00:00:00 2001
+From: akallabeth <akallabeth@posteo.net>
+Date: Sat, 10 Jan 2026 08:36:38 +0100
+Subject: [PATCH] free up old audio formats
+
+CVE: CVE-2026-22852
+Upstream-Status: Backport [https://github.com/FreeRDP/FreeRDP/commit/cd1ffa112cfbe1b40a9fd57e299a8ea12e23df0d]
+Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
+---
+ channels/audin/client/audin_main.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/channels/audin/client/audin_main.c b/channels/audin/client/audin_main.c
+index 23561b153..5ffe09127 100644
+--- a/channels/audin/client/audin_main.c
++++ b/channels/audin/client/audin_main.c
+@@ -219,6 +219,10 @@ static UINT audin_process_formats(AUDIN_PLUGIN* audin, AUDIN_CHANNEL_CALLBACK* c
+ 	}
+ 
+ 	Stream_Seek_UINT32(s); /* cbSizeFormatsPacket */
++
++	audio_formats_free(callback->formats, callback->formats_count);
++	callback->formats_count = 0;
++
+ 	callback->formats = audio_formats_new(NumFormats);
+ 
+ 	if (!callback->formats)
diff --git a/meta-oe/recipes-support/freerdp/freerdp_2.11.7.bb b/meta-oe/recipes-support/freerdp/freerdp_2.11.7.bb
index 3ee4f99c1a..70198a1e21 100644
--- a/meta-oe/recipes-support/freerdp/freerdp_2.11.7.bb
+++ b/meta-oe/recipes-support/freerdp/freerdp_2.11.7.bb
@@ -26,6 +26,7 @@  SRC_URI = "git://github.com/FreeRDP/FreeRDP.git;branch=stable-2.0;protocol=https
            file://CVE-2024-32661.patch \
            file://CVE-2026-22854.patch \
            file://CVE-2026-22855.patch \
+           file://CVE-2026-22852.patch \
            "

[meta-oe,01/13] freerdp: patch CVE-2026-22852

Commit Message

Comments

Patch