[meta-oe,1/3] freerdp: patch CVE-2026-23530

Message ID	20260224170448.1310931-1-skandigraun@gmail.com
State	Under Review
Headers	show Return-Path: <skandigraun@gmail.com> ip: 209.85.128.53, mailfrom: skandigraun@gmail.com) From: Gyorgy Sarvari <skandigraun@gmail.com> To: openembedded-devel@lists.openembedded.org Subject: [meta-oe][PATCH 1/3] freerdp: patch CVE-2026-23530 Date: Tue, 24 Feb 2026 18:04:46 +0100 Message-ID: <20260224170448.1310931-1-skandigraun@gmail.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit
Series	[meta-oe,1/3] freerdp: patch CVE-2026-23530 \| expand [meta-oe,1/3] freerdp: patch CVE-2026-23530 [meta-oe,2/3] freerdp: patch CVE-2026-23532 [meta-python,3/3] python3-nltk: upgrade 3.9.2 -> 3.9.3

Message ID

20260224170448.1310931-1-skandigraun@gmail.com

State

Under Review

Headers

From: Gyorgy Sarvari <skandigraun@gmail.com>
To: openembedded-devel@lists.openembedded.org
Subject: [meta-oe][PATCH 1/3] freerdp: patch CVE-2026-23530
Date: Tue, 24 Feb 2026 18:04:46 +0100
Message-ID: <20260224170448.1310931-1-skandigraun@gmail.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit

Series

[meta-oe,1/3] freerdp: patch CVE-2026-23530 | expand

Commit Message

Gyorgy Sarvari Feb. 24, 2026, 5:04 p.m. UTC

Details: https://nvd.nist.gov/vuln/detail/CVE-2026-23530

The related Github advisory[1] contains an amalysis of the
vulenrability, describing the issue and the root cause also.

Backported the commit that implemented the solution described
in the advisory.

[1]: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-r4hv-852m-fq7p

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
---
 .../freerdp/freerdp/CVE-2026-23530.patch      | 28 +++++++++++++++++++
 .../recipes-support/freerdp/freerdp_2.11.7.bb |  1 +
 2 files changed, 29 insertions(+)
 create mode 100644 meta-oe/recipes-support/freerdp/freerdp/CVE-2026-23530.patch

diff --git a/meta-oe/recipes-support/freerdp/freerdp/CVE-2026-23530.patch b/meta-oe/recipes-support/freerdp/freerdp/CVE-2026-23530.patch
new file mode 100644
index 0000000000..4aac13de93
--- /dev/null
+++ b/meta-oe/recipes-support/freerdp/freerdp/CVE-2026-23530.patch
@@ -0,0 +1,28 @@ 
+From 6f61d18e9707cebe9d7d64346c66da780c7094c4 Mon Sep 17 00:00:00 2001
+From: akallabeth <akallabeth@posteo.net>
+Date: Thu, 15 Jan 2026 12:02:02 +0100
+Subject: [PATCH] fix decoder length checks
+
+CVE: CVE-2026-23530
+Upstream-Status: Backport [https://github.com/FreeRDP/FreeRDP/commit/1bab198a2edd0d0e6e1627d21a433151ea190500]
+Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
+---
+ libfreerdp/codec/planar.c | 5 +++++
+ 1 file changed, 5 insertions(+)
+
+diff --git a/libfreerdp/codec/planar.c b/libfreerdp/codec/planar.c
+index fe27011e1..1cb2e22bc 100644
+--- a/libfreerdp/codec/planar.c
++++ b/libfreerdp/codec/planar.c
+@@ -616,6 +616,11 @@ BOOL planar_decompress(BITMAP_PLANAR_CONTEXT* planar, const BYTE* pSrcData, UINT
+ 	WINPR_ASSERT(planar);
+ 	WINPR_ASSERT(prims);
+ 
++	if (planar->maxWidth < nSrcWidth)
++		return FALSE;
++	if (planar->maxHeight < nSrcHeight)
++		return FALSE;
++
+ 	if (nDstStep <= 0)
+ 		nDstStep = nDstWidth * GetBytesPerPixel(DstFormat);
+ 
diff --git a/meta-oe/recipes-support/freerdp/freerdp_2.11.7.bb b/meta-oe/recipes-support/freerdp/freerdp_2.11.7.bb
index 63dc177cbe..d4efcccdbd 100644
--- a/meta-oe/recipes-support/freerdp/freerdp_2.11.7.bb
+++ b/meta-oe/recipes-support/freerdp/freerdp_2.11.7.bb
@@ -27,6 +27,7 @@  SRC_URI = "git://github.com/FreeRDP/FreeRDP.git;branch=stable-2.0;protocol=https
            file://CVE-2026-22854.patch \
            file://CVE-2026-22855.patch \
            file://CVE-2026-22852.patch \
+           file://CVE-2026-23530.patch \
            "

[meta-oe,1/3] freerdp: patch CVE-2026-23530

Commit Message

Patch