From patchwork Thu Jan 22 05:43:52 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gyorgy Sarvari X-Patchwork-Id: 79377 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id EA458C44500 for ; Thu, 22 Jan 2026 05:44:06 +0000 (UTC) Received: from mail-wm1-f44.google.com (mail-wm1-f44.google.com [209.85.128.44]) by mx.groups.io with SMTP id smtpd.msgproc02-g2.31036.1769060641214990337 for ; Wed, 21 Jan 2026 21:44:01 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20230601 header.b=JDAlsQ1W; spf=pass (domain: gmail.com, ip: 209.85.128.44, mailfrom: skandigraun@gmail.com) Received: by mail-wm1-f44.google.com with SMTP id 5b1f17b1804b1-4801d24d91bso5785115e9.2 for ; Wed, 21 Jan 2026 21:44:00 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1769060639; x=1769665439; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:message-id:date:subject:to :from:from:to:cc:subject:date:message-id:reply-to; bh=Dua3Ilc3uDGCusC+cMRsCxZedGCkKjb3NOW1wOmbEi0=; b=JDAlsQ1Wx7qKEV1zEvu/RODdsq9kuXc22wVDml7GdEVrvHhwKyj7HUOKQhBA0pa+wy KvOcY+XoNTP0jD+q5Ej5OzpLKgC5yQoPLah638qu5UOWtfT9Nt7Aelw7MbEB9w575BQu Hz4he4saeQhHrBqzkXSl4AnYpoGfa0ekH1rlgLZog9fsx7291kVOUumVWVivysinMcgb 2cL48XfQ8O76q7XsQhhIIUF+E+5xnlek3IPqcfyJyZZNAhD2vSKptWvAM6Qe2FGtj2UP NAKXqQMH1OavtbB0Ka0H6arBk9mL+hyBdb2SnYYcaP06i2E4tAkEiDJYhfvBZkm0daNz rN9w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1769060639; x=1769665439; h=content-transfer-encoding:mime-version:message-id:date:subject:to :from:x-gm-gg:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=Dua3Ilc3uDGCusC+cMRsCxZedGCkKjb3NOW1wOmbEi0=; b=gDV3NIUgvy7bq170tYNq2teneQ9JMrfJsUDrmpD8IRzJ6kQD5TP/9XFgvhzLhiKGna lI7ngi+RK9/7uF+HU9XSRGOy+h8L6xitH06afTIUd/hJriu8P74Zj9RQ103S+10TJY7n S3Y6DrR8PxIf1hx6KEgP9KhZNsH3t1ZkrakkwAv5/S2GM5+jJkMagEd5zvAMkddX6AjY njKUfIbP77RAh7e/rreFFD/PFIab6OvRDaWGEwR+X0xktDCheZQZqYzOr3cqeXbDnaEb Y7Yu33Hp8/mDgWpIurTS6izQsA1uY64tL9rrMW9/6A6QIb5qCyXSkTEISN9+veMk+pW3 FteQ== X-Gm-Message-State: AOJu0YzBFI/hrKymKFZO42Yow/+DmtbQiAyutwwhYwkbKPP2BPQ6fPPN OGCx9UYdjtWuK2Z5WSwjcHn+aOirGAacnvrfmeTGmJ0GbcV9ZLMH9dGgaB+OPQ== X-Gm-Gg: AZuq6aIYi+7jAVwLp9t6mTc7m4wcrkp01RQH6fjS6Et70EkKhNwm/+Zxk4JDceO1ntz Pc1s2CXQiR5Xo9jLyK1UXMYzfSwDOT+ZeUZpl3XakdaKLP5AKG3Nex+85TTuwo/t4AkNHt4bm7K cT1eoR4wZnQg64fRXcHVg1bQPapkNdUQuNs1rIiiAos+5aNv379UIjfWgjayMq8crp0Y2FRoZZ2 y4rcAOFcFf/CVqwsOncAvOki23y0zdm6x2ils/crA2r+Md6SWthsYR/nnpMQ+RwVIy43Q44jvBl j6PjAYuUjF9PNEEM9Oo7jEi9n8uGICMXM5OD0wiiJs7OA0zVVGBSKGltKgv6SJz21bkK12PBQvi YgiQT2zACEXPsyWDz7iIeWVstAVOyj3unNkJ4lxfmPAcH5YKKch3LnYv3ukIMtZjs2ZmvfNGJju qGDboHe9eWMTz0qZ0h2dg= X-Received: by 2002:a05:600c:8b0c:b0:47e:e2ec:9960 with SMTP id 5b1f17b1804b1-4803e804534mr107941475e9.35.1769060639023; Wed, 21 Jan 2026 21:43:59 -0800 (PST) Received: from desktop ([51.154.145.205]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-480424aa344sm43912035e9.3.2026.01.21.21.43.57 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 21 Jan 2026 21:43:58 -0800 (PST) From: Gyorgy Sarvari To: openembedded-devel@lists.openembedded.org Subject: [meta-oe][kirkstone][PATCH 1/5] freerdp: add ptest support Date: Thu, 22 Jan 2026 06:43:52 +0100 Message-ID: <20260122054356.3570391-1-skandigraun@gmail.com> X-Mailer: git-send-email 2.52.0 MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Thu, 22 Jan 2026 05:44:06 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-devel/message/123725 The tests take about 50s to execute on my machine. Signed-off-by: Gyorgy Sarvari --- .../recipes-support/freerdp/freerdp/run-ptest | 66 +++++++++++++++++++ .../recipes-support/freerdp/freerdp_2.6.1.bb | 24 ++++++- 2 files changed, 89 insertions(+), 1 deletion(-) create mode 100644 meta-oe/recipes-support/freerdp/freerdp/run-ptest diff --git a/meta-oe/recipes-support/freerdp/freerdp/run-ptest b/meta-oe/recipes-support/freerdp/freerdp/run-ptest new file mode 100644 index 0000000000..5a765cadf0 --- /dev/null +++ b/meta-oe/recipes-support/freerdp/freerdp/run-ptest @@ -0,0 +1,66 @@ +#!/bin/sh +#These test cases were determined by running the actual test binary +#which lists all available test cases. Couldn't find a way to just simply +#run all. Also, BusyBox seems to have no associative array support, so +#plain variables are used with eval. +TestAsn="TestAsn1Module TestAsn1Encoder TestAsn1Decoder TestAsn1Encode TestAsn1Decode TestAsn1String TestAsn1Integer TestAsn1Compare TestAsn1BerEnc TestAsn1BerDec TestAsn1DerEnc TestAsn1DerDec" +TestClient="TestClientRdpFile TestClientChannels TestClientCmdLine" +TestClipboard="TestClipboardFormats" +TestCommon="TestCommonAssistance" +TestCore="TestVersion TestSettings" +TestCredUI="TestCredUIParseUserName TestCredUIConfirmCredentials TestCredUIPromptForCredentials TestCredUICmdLinePromptForCredentials" +TestCrt="TestTypes TestFormatSpecifiers TestAlignment TestString TestUnicodeConversion" +TestCrypto="TestCryptoHash TestCryptoRand TestCryptoCipher TestCryptoProtectData TestCryptoProtectMemory TestCryptoCertEnumCertificatesInStore" +TestDsParse="TestDsMakeSpn TestDsCrackNames" +TestEnvironment="TestEnvironmentGetEnvironmentStrings TestEnvironmentSetEnvironmentVariable TestEnvironmentMergeEnvironmentStrings TestEnvironmentGetSetEB" +TestError="TestErrorSetLastError" +TestFile="TestFileCreateFile TestFileDeleteFile TestFileReadFile TestSetFileAttributes TestFileWriteFile TestFilePatternMatch TestFileFindFirstFile TestFileFindFirstFileEx TestFileFindNextFile TestFileGetStdHandle" +TestFreeRDPCodec="TestFreeRDPRegion TestFreeRDPCodecMppc TestFreeRDPCodecNCrush TestFreeRDPCodecXCrush TestFreeRDPCodecZGfx TestFreeRDPCodecPlanar TestFreeRDPCodecClear TestFreeRDPCodecInterleaved TestFreeRDPCodecProgressive TestFreeRDPCodecRemoteFX" +TestFreeRDPCrypto="TestKnownHosts TestBase64 Test_x509_cert_info" +TestFreeRDPUtils="TestRingBuffer" +TestGdi="TestGdiRop3 TestGdiLine TestGdiRegion TestGdiRect TestGdiBitBlt TestGdiCreate TestGdiEllipse TestGdiClip" +TestInterlocked="TestInterlockedAccess TestInterlockedSList TestInterlockedDList" +TestIo="TestIoDevice TestIoGetOverlappedResult" +TestLibrary="TestLibraryLoadLibrary TestLibraryGetProcAddress TestLibraryGetModuleFileName" +TestLocale="TestLocaleFormatMessage" +TestMemory="TestMemoryCreateFileMapping" +TestNt="TestNtCreateFile TestNtCurrentTeb" +TestPath="TestPathCchAddBackslash TestPathCchRemoveBackslash TestPathCchAddBackslashEx TestPathCchRemoveBackslashEx TestPathCchAddExtension TestPathCchAppend TestPathCchAppendEx TestPathCchCanonicalize TestPathCchCanonicalizeEx TestPathAllocCanonicalize TestPathCchCombine TestPathCchCombineEx TestPathAllocCombine TestPathCchFindExtension TestPathCchRenameExtension TestPathCchRemoveExtension TestPathCchIsRoot TestPathIsUNCEx TestPathCchSkipRoot TestPathCchStripToRoot TestPathCchStripPrefix TestPathCchRemoveFileSpec TestPathShell TestPathMakePath" +TestPipe="TestPipeCreatePipe TestPipeCreateNamedPipe TestPipeCreateNamedPipeOverlapped" +TestPool="TestPoolIO TestPoolSynch TestPoolThread TestPoolTimer TestPoolWork" +TestPrimitives="TestPrimitivesAdd TestPrimitivesAlphaComp TestPrimitivesAndOr TestPrimitivesColors TestPrimitivesCopy TestPrimitivesSet TestPrimitivesShift TestPrimitivesSign TestPrimitivesYUV TestPrimitivesYCbCr TestPrimitivesYCoCg" +TestRdTk="TestRdTkNinePatch" +TestSecurity="TestSecurityToken" +TestSmartCard="TestSmartCardListReaders" +TestSspi="TestQuerySecurityPackageInfo TestEnumerateSecurityPackages TestInitializeSecurityContext TestAcquireCredentialsHandle TestCredSSP TestNTLM" +TestSynch="TestSynchInit TestSynchEvent TestSynchMutex TestSynchBarrier TestSynchCritical TestSynchSemaphore TestSynchThread TestSynchMultipleThreads TestSynchTimerQueue TestSynchWaitableTimer TestSynchWaitableTimerAPC TestSynchAPC" +TestSysInfo="TestGetNativeSystemInfo TestCPUFeatures TestGetComputerName TestSystemTime TestLocalTime" +TestThread="TestThreadCommandLineToArgv TestThreadCreateProcess TestThreadExitThread" +TestWinPR="TestIntrinsics TestTypes" +TestWinPRUtils="TestIni TestVersion TestImage TestBipBuffer TestBacktrace TestQueue TestPrint TestPubSub TestStream TestBitStream TestArrayList TestLinkedList TestListDictionary TestCmdLine TestWLog TestWLogCallback TestHashTable TestBufferPool TestStreamPool TestMessageQueue TestMessagePipe" +TestWnd="TestWndCreateWindowEx TestWndWmCopyData" +TestWtsApi="TestWtsApiEnumerateProcesses TestWtsApiEnumerateSessions TestWtsApiQuerySessionInformation TestWtsApiSessionNotification TestWtsApiShutdownSystem TestWtsApiWaitSystemEvent" + +run_test(){ + tc=$(eval "echo \$${1}") + if [ -z "$tc" -o "$tc" = ".so" ]; then + return + fi + + EXTRA_ARG="" + if [ "$1" = "TestFile" ]; then + # this testcase needs an extra argument + EXTRA_ARG="TestFileArea" + fi + + for t in $tc; do + ./$1 $t $EXTRA_ARG > ../${1}_${t}.out && echo PASS: $1 $t || echo FAIL: $1 $t + done +} + + +cd Testing + +for testbin in *; do + run_test $testbin +done diff --git a/meta-oe/recipes-support/freerdp/freerdp_2.6.1.bb b/meta-oe/recipes-support/freerdp/freerdp_2.6.1.bb index 205f7b0cd7..5122a2d057 100644 --- a/meta-oe/recipes-support/freerdp/freerdp_2.6.1.bb +++ b/meta-oe/recipes-support/freerdp/freerdp_2.6.1.bb @@ -8,13 +8,16 @@ SECTION = "net" LICENSE = "Apache-2.0" LIC_FILES_CHKSUM = "file://LICENSE;md5=3b83ef96387f14655fc854ddc3c6bd57" -inherit pkgconfig cmake gitpkgv +inherit pkgconfig cmake gitpkgv ptest + +RDEPENDS:${PN}-ptest += "coreutils pcsc-lite-lib" PE = "1" PKGV = "${GITPKGVTAG}" SRCREV = "658a72980f6e93241d927c46cfa664bf2547b8b1" SRC_URI = "git://github.com/FreeRDP/FreeRDP.git;branch=stable-2.0;protocol=https \ + file://run-ptest \ file://winpr-makecert-Build-with-install-RPATH.patch \ file://CVE-2022-39316.patch \ file://CVE-2022-39318-39319.patch \ @@ -43,6 +46,7 @@ EXTRA_OECMAKE += " \ PACKAGECONFIG ??= " \ ${@bb.utils.filter('DISTRO_FEATURES', 'directfb pam pulseaudio wayland x11', d)}\ + ${@bb.utils.contains('PTEST_ENABLED', '1', 'test', '', d)} \ gstreamer cups pcsc \ " @@ -55,6 +59,7 @@ PACKAGECONFIG[pcsc] = "-DWITH_PCSC=ON,-DWITH_PCSC=OFF,pcsc-lite" PACKAGECONFIG[pulseaudio] = "-DWITH_PULSEAUDIO=ON,-DWITH_PULSEAUDIO=OFF,pulseaudio" PACKAGECONFIG[gstreamer] = "-DWITH_GSTREAMER_1_0=ON,-DWITH_GSTREAMER_1_0=OFF,gstreamer1.0 gstreamer1.0-plugins-base" PACKAGECONFIG[cups] = "-DWITH_CUPS=ON,-DWITH_CUPS=OFF,cups" +PACKAGECONFIG[test] = "-DBUILD_TESTING=ON,-DBUILD_TESTING=OFF" PACKAGES =+ "libfreerdp" @@ -63,6 +68,14 @@ FILES:libfreerdp = "${libdir}/lib*${SOLIBS}" PACKAGES_DYNAMIC += "^libfreerdp-plugin-.*" +do_configure:prepend() { + if ${@bb.utils.contains('PTEST_ENABLED', '1', 'true', 'false', d)}; then + sed -i 's,CMAKE_CURRENT_SOURCE_DIR,"${PTEST_PATH}/test_data",' ${S}/libfreerdp/codec/test/TestFreeRDPCodecProgressive.c + sed -i 's,\${CMAKE_CURRENT_SOURCE_DIR},"${PTEST_PATH}/test_data",' ${S}/libfreerdp/crypto/test/CMakeLists.txt + sed -i 's,\${CMAKE_CURRENT_SOURCE_DIR},${PTEST_PATH}/test_data,' ${S}/winpr/libwinpr/utils/test/CMakeLists.txt + fi +} + # we will need winpr-makecert to generate TLS certificates do_install:append () { install -d ${D}${bindir} @@ -71,6 +84,15 @@ do_install:append () { rm -rf ${D}${libdir}/freerdp } +do_install_ptest() { + install -d ${D}${PTEST_PATH}/test_data + cp -r ${B}/Testing ${D}${PTEST_PATH} + install -m 0644 ${S}/libfreerdp/codec/test/progressive.bmp ${D}${PTEST_PATH}/test_data/ + install -m 0644 ${S}/libfreerdp/crypto/test/Test_x509_cert_info.pem ${D}${PTEST_PATH}/test_data/ + install -m 0644 ${S}/winpr/libwinpr/utils/test/lodepng_32bit.png ${D}${PTEST_PATH}/test_data/ + install -m 0644 ${S}/winpr/libwinpr/utils/test/lodepng_32bit.bmp ${D}${PTEST_PATH}/test_data/ +} + python populate_packages:prepend () { freerdp_root = d.expand('${libdir}/freerdp') From patchwork Thu Jan 22 05:43:53 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gyorgy Sarvari X-Patchwork-Id: 79380 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 0F9EDD625F3 for ; Thu, 22 Jan 2026 05:44:07 +0000 (UTC) Received: from mail-wm1-f46.google.com (mail-wm1-f46.google.com [209.85.128.46]) by mx.groups.io with SMTP id smtpd.msgproc02-g2.31037.1769060641488948251 for ; Wed, 21 Jan 2026 21:44:01 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20230601 header.b=EUu4GV23; spf=pass (domain: gmail.com, ip: 209.85.128.46, mailfrom: skandigraun@gmail.com) Received: by mail-wm1-f46.google.com with SMTP id 5b1f17b1804b1-47ee4539adfso5758895e9.3 for ; Wed, 21 Jan 2026 21:44:01 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1769060640; x=1769665440; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=gybwpHdc37L2sS1C0hKFh60Dqm5n/Swgiy6iMy9lKSM=; b=EUu4GV23oF2IvnnCkT9hludm6+cybG16aENr0HmMyJoSFv0OhgSzXWYeRVPIiwHIsb QHWIXxwgyK8uuNhrBIXTHJ1nqkyyLKcIo2TtDOrZW3mzFWJhnNsHKEFd/ej1098FjM6B aX+nAW7Tj2eW7xxzd2bbMHUuFGzxqy2BukwDcIndktNfchoGr1C8UJYp+t2NQAAKjYi9 FCi8V8niiKQ+1gTmcqCWJGWkyWG0M3kHqwpClAWl3CkmFlq4FSlhrFCBM+6ptbm/0nfz eF3WV77B6CkGqCyeKB1lrjQhscx2tGM4Og4sAte/o33W5RHNWfDXdPWgLNZbwgeiIDdI sXQg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1769060640; x=1769665440; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=gybwpHdc37L2sS1C0hKFh60Dqm5n/Swgiy6iMy9lKSM=; b=WwA55Fez4JO2pz3kOWBGiHKNtNeVQJ8KWAPqghTnS/2SAVlzslkpDIfbt6aqDs0FXW x+yLrK7/1FpHGRcFSATuU2t43zpA074XKGQRcfdGIiSAj6rYH3he1++KrCt6VSCQRCfL zyRX+/KkqQC4FzDKePdv82hzIPhr16yKCLal4Fo6oV/vaWZphnm3gnWv3qZEu8PsWJgS LfrjRE0CPWMFzL1uUNGNHF2xN9ulSKwk9tiN3MMi1hq426gg3Y3D9onyQyEIUZmjBlnK l6KCkn4mFXoZc2fgbvwPCDrP6dm4TJUzqd1YBNgZh6pLxTxXthBPn+SAIrUPYehu+pjy z94A== X-Gm-Message-State: AOJu0Yz2+jKzp8azl6S5ksomp/Tq5jwseIa4R4YQMEXSpYs81NUVX5P6 skKRMvDakZrx32Gs4CxqVd6vTA5MdbW5GaDKS+gPSi+sEvTC5klWyQhYzhmneA== X-Gm-Gg: AZuq6aJXLN+wdz+4/1rjPMR3llQCJTUPOuxVc5tiDIjFBFCbqIH8qm4/CoP8aP2e6Ok ltwxoLAXzUyfb67h7SovSPql8RFRfjPlCaAkFSr2eM8jvRiF17Gwv5eOJZUTsXCwXrfWRlvXCyA GVTv7Tc/qkgMosRrLtPbIOGf7jtanc1oOWA+4Zv/93MxhN1F6Pj710eM+SxtCX301zPTYQZC4jI IeMSZVVXR1FzORTQmS43+vPG16KVT3sxUm94zh89Ph2Vzl1LbosC1du7GlyYX3s+fSJSxgScLaM 1XJyMMB8yHBi/plFopVd7z1RrfjQlg8/KOIEEcykJAoXmYNPDV2hWte9bMaz25Jgz8FnEp4Gt25 JtbmGylkObg2V61BfEsuUWKoaR4VjeuYcCVKIqKRgJS2P4RPuSobuCVbjmFg+rTWXUeLkatg/tH cYvbIoJeSS X-Received: by 2002:a05:600c:3e0d:b0:47e:e2ec:995b with SMTP id 5b1f17b1804b1-48046a2dc0fmr33871295e9.9.1769060639728; Wed, 21 Jan 2026 21:43:59 -0800 (PST) Received: from desktop ([51.154.145.205]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-480424aa344sm43912035e9.3.2026.01.21.21.43.59 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 21 Jan 2026 21:43:59 -0800 (PST) From: Gyorgy Sarvari To: openembedded-devel@lists.openembedded.org Subject: [meta-oe][kirkstone][PATCH 2/5] freerdp: patch CVE-2023-40589 Date: Thu, 22 Jan 2026 06:43:53 +0100 Message-ID: <20260122054356.3570391-2-skandigraun@gmail.com> X-Mailer: git-send-email 2.52.0 In-Reply-To: <20260122054356.3570391-1-skandigraun@gmail.com> References: <20260122054356.3570391-1-skandigraun@gmail.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Thu, 22 Jan 2026 05:44:07 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-devel/message/123726 Details: https://nvd.nist.gov/vuln/detail/CVE-2023-40589 Pick the patch that was identified[1] by Debian to solve the issue on the 2.x branch. [1]: https://security-tracker.debian.org/tracker/CVE-2023-40589 Signed-off-by: Gyorgy Sarvari --- .../freerdp/freerdp/CVE-2023-40589.patch | 319 ++++++++++++++++++ .../recipes-support/freerdp/freerdp_2.6.1.bb | 1 + 2 files changed, 320 insertions(+) create mode 100644 meta-oe/recipes-support/freerdp/freerdp/CVE-2023-40589.patch diff --git a/meta-oe/recipes-support/freerdp/freerdp/CVE-2023-40589.patch b/meta-oe/recipes-support/freerdp/freerdp/CVE-2023-40589.patch new file mode 100644 index 0000000000..8f87cae3b6 --- /dev/null +++ b/meta-oe/recipes-support/freerdp/freerdp/CVE-2023-40589.patch @@ -0,0 +1,319 @@ +From 2bbed980cf8cf9066d96e9aa29afcedc540ee47c Mon Sep 17 00:00:00 2001 +From: Armin Novak +Date: Mon, 28 Aug 2023 09:06:42 +0200 +Subject: [PATCH] fix index checks + +properly verify all offsets while decoding data. + +(cherry picked from commit 880285c332a1d98334fd8fa4b06c10fba0fb6959) + +CVE: CVE-2023-40589 +Upstream-Status: Backport [https://github.com/FreeRDP/FreeRDP/commit/c659973bb4cd65c065f2fe1a807dbc6805c684c6] +Signed-off-by: Gyorgy Sarvari +--- + libfreerdp/codec/ncrush.c | 137 ++++++++++++++++++++++++++++++-------- + 1 file changed, 108 insertions(+), 29 deletions(-) + +diff --git a/libfreerdp/codec/ncrush.c b/libfreerdp/codec/ncrush.c +index 3d6a216d3..c1d622a9c 100644 +--- a/libfreerdp/codec/ncrush.c ++++ b/libfreerdp/codec/ncrush.c +@@ -1994,15 +1994,9 @@ int ncrush_decompress(NCRUSH_CONTEXT* ncrush, BYTE* pSrcData, UINT32 SrcSize, BY + UINT32* pDstSize, UINT32 flags) + { + UINT32 index; +- UINT32 bits; +- INT32 nbits; +- const BYTE* SrcPtr; +- const BYTE* SrcEnd; +- UINT16 Mask; + BYTE Literal; + UINT32 IndexLEC; + UINT32 BitLength; +- UINT32 MaskedBits; + UINT32 CopyOffset; + UINT32 CopyLength; + UINT32 OldCopyOffset; +@@ -2010,9 +2004,6 @@ int ncrush_decompress(NCRUSH_CONTEXT* ncrush, BYTE* pSrcData, UINT32 SrcSize, BY + UINT32 LengthOfMatch; + UINT32 CopyOffsetIndex; + UINT32 OffsetCacheIndex; +- BYTE* HistoryPtr; +- BYTE* HistoryBuffer; +- BYTE* HistoryBufferEnd; + UINT32 CopyOffsetBits; + UINT32 CopyOffsetBase; + UINT32 LengthOfMatchBits; +@@ -2021,8 +2012,8 @@ int ncrush_decompress(NCRUSH_CONTEXT* ncrush, BYTE* pSrcData, UINT32 SrcSize, BY + if (ncrush->HistoryEndOffset != 65535) + return -1001; + +- HistoryBuffer = ncrush->HistoryBuffer; +- HistoryBufferEnd = &HistoryBuffer[ncrush->HistoryEndOffset]; ++ BYTE* HistoryBuffer = ncrush->HistoryBuffer; ++ const BYTE* HistoryBufferEnd = &HistoryBuffer[ncrush->HistoryEndOffset]; + + if (flags & PACKET_AT_FRONT) + { +@@ -2041,7 +2032,7 @@ int ncrush_decompress(NCRUSH_CONTEXT* ncrush, BYTE* pSrcData, UINT32 SrcSize, BY + ZeroMemory(&(ncrush->OffsetCache), sizeof(ncrush->OffsetCache)); + } + +- HistoryPtr = ncrush->HistoryPtr; ++ BYTE* HistoryPtr = ncrush->HistoryPtr; + + if (!(flags & PACKET_COMPRESSED)) + { +@@ -2050,17 +2041,19 @@ int ncrush_decompress(NCRUSH_CONTEXT* ncrush, BYTE* pSrcData, UINT32 SrcSize, BY + return 1; + } + +- SrcEnd = &pSrcData[SrcSize]; +- nbits = 32; +- bits = get_dword(pSrcData); +- SrcPtr = pSrcData + 4; ++ const BYTE* SrcEnd = &pSrcData[SrcSize]; ++ const BYTE* SrcPtr = pSrcData + 4; + ++ INT32 nbits = 32; ++ UINT32 bits = get_dword(pSrcData); + while (1) + { + while (1) + { +- Mask = get_word(&HuffTableMask[29]); +- MaskedBits = bits & Mask; ++ const UINT16 Mask = get_word(&HuffTableMask[29]); ++ const UINT32 MaskedBits = bits & Mask; ++ if (MaskedBits >= ARRAYSIZE(HuffTableLEC)) ++ return -1; + IndexLEC = HuffTableLEC[MaskedBits] & 0xFFF; + BitLength = HuffTableLEC[MaskedBits] >> 12; + bits >>= BitLength; +@@ -2096,8 +2089,10 @@ int ncrush_decompress(NCRUSH_CONTEXT* ncrush, BYTE* pSrcData, UINT32 SrcSize, BY + return -1004; + + CopyOffset = ncrush->OffsetCache[OffsetCacheIndex]; +- Mask = get_word(&HuffTableMask[21]); +- MaskedBits = bits & Mask; ++ const UINT16 Mask = get_word(&HuffTableMask[21]); ++ const UINT32 MaskedBits = bits & Mask; ++ if (MaskedBits > ARRAYSIZE(HuffTableLOM)) ++ return -1; + LengthOfMatch = HuffTableLOM[MaskedBits] & 0xFFF; + BitLength = HuffTableLOM[MaskedBits] >> 12; + bits >>= BitLength; +@@ -2106,13 +2101,23 @@ int ncrush_decompress(NCRUSH_CONTEXT* ncrush, BYTE* pSrcData, UINT32 SrcSize, BY + if (!NCrushFetchBits(&SrcPtr, &SrcEnd, &nbits, &bits)) + return -1; + ++ if (LengthOfMatch >= ARRAYSIZE(LOMBitsLUT)) ++ return -1; ++ + LengthOfMatchBits = LOMBitsLUT[LengthOfMatch]; ++ ++ if (LengthOfMatch >= ARRAYSIZE(LOMBaseLUT)) ++ return -1; + LengthOfMatchBase = LOMBaseLUT[LengthOfMatch]; + + if (LengthOfMatchBits) + { +- Mask = get_word(&HuffTableMask[(2 * LengthOfMatchBits) + 3]); +- MaskedBits = bits & Mask; ++ const size_t idx = (2ull * LengthOfMatchBits) + 3ull; ++ if (idx >= ARRAYSIZE(HuffTableMask)) ++ return -1; ++ ++ const UINT16 Mask = get_word(&HuffTableMask[idx]); ++ const UINT32 MaskedBits = bits & Mask; + bits >>= LengthOfMatchBits; + nbits -= LengthOfMatchBits; + LengthOfMatchBase += MaskedBits; +@@ -2127,15 +2132,28 @@ int ncrush_decompress(NCRUSH_CONTEXT* ncrush, BYTE* pSrcData, UINT32 SrcSize, BY + } + else + { ++ if (CopyOffsetIndex >= ARRAYSIZE(CopyOffsetBitsLUT)) ++ return -1; ++ + CopyOffsetBits = CopyOffsetBitsLUT[CopyOffsetIndex]; ++ ++ if (CopyOffsetIndex >= ARRAYSIZE(CopyOffsetBaseLUT)) ++ return -1; + CopyOffsetBase = CopyOffsetBaseLUT[CopyOffsetIndex]; + CopyOffset = CopyOffsetBase - 1; + + if (CopyOffsetBits) + { +- Mask = get_word(&HuffTableMask[(2 * CopyOffsetBits) + 3]); +- MaskedBits = bits & Mask; +- CopyOffset = CopyOffsetBase + MaskedBits - 1; ++ const size_t idx = (2ull * CopyOffsetBits) + 3ull; ++ if (idx >= ARRAYSIZE(HuffTableMask)) ++ return -1; ++ ++ const UINT16 Mask = get_word(&HuffTableMask[idx]); ++ const UINT32 MaskedBits = bits & Mask; ++ const UINT32 tmp = CopyOffsetBase + MaskedBits; ++ if (tmp < 1) ++ return -1; ++ CopyOffset = tmp - 1; + bits >>= CopyOffsetBits; + nbits -= CopyOffsetBits; + +@@ -2143,8 +2161,11 @@ int ncrush_decompress(NCRUSH_CONTEXT* ncrush, BYTE* pSrcData, UINT32 SrcSize, BY + return -1; + } + +- Mask = get_word(&HuffTableMask[21]); +- MaskedBits = bits & Mask; ++ const UINT16 Mask = get_word(&HuffTableMask[21]); ++ const UINT32 MaskedBits = bits & Mask; ++ if (MaskedBits >= ARRAYSIZE(HuffTableLOM)) ++ return -1; ++ + LengthOfMatch = HuffTableLOM[MaskedBits] & 0xFFF; + BitLength = HuffTableLOM[MaskedBits] >> 12; + bits >>= BitLength; +@@ -2153,13 +2174,23 @@ int ncrush_decompress(NCRUSH_CONTEXT* ncrush, BYTE* pSrcData, UINT32 SrcSize, BY + if (!NCrushFetchBits(&SrcPtr, &SrcEnd, &nbits, &bits)) + return -1; + ++ if (LengthOfMatch >= ARRAYSIZE(LOMBitsLUT)) ++ return -1; ++ + LengthOfMatchBits = LOMBitsLUT[LengthOfMatch]; ++ ++ if (LengthOfMatch >= ARRAYSIZE(LOMBaseLUT)) ++ return -1; + LengthOfMatchBase = LOMBaseLUT[LengthOfMatch]; + + if (LengthOfMatchBits) + { +- Mask = get_word(&HuffTableMask[(2 * LengthOfMatchBits) + 3]); +- MaskedBits = bits & Mask; ++ const size_t idx = (2ull * LengthOfMatchBits) + 3ull; ++ if (idx >= ARRAYSIZE(HuffTableMask)) ++ return -1; ++ ++ const UINT16 Mask = get_word(&HuffTableMask[idx]); ++ const UINT32 MaskedBits = bits & Mask; + bits >>= LengthOfMatchBits; + nbits -= LengthOfMatchBits; + LengthOfMatchBase += MaskedBits; +@@ -2583,7 +2614,12 @@ int ncrush_compress(NCRUSH_CONTEXT* ncrush, BYTE* pSrcData, UINT32 SrcSize, BYTE + } + + IndexLEC = Literal; ++ if (IndexLEC >= ARRAYSIZE(HuffLengthLEC)) ++ return -1; + BitLength = HuffLengthLEC[IndexLEC]; ++ ++ if (IndexLEC * 2ull >= ARRAYSIZE(HuffCodeLEC)) ++ return -1; + CodeLEC = get_word(&HuffCodeLEC[IndexLEC * 2]); + + if (BitLength > 15) +@@ -2666,9 +2702,18 @@ int ncrush_compress(NCRUSH_CONTEXT* ncrush, BYTE* pSrcData, UINT32 SrcSize, BYTE + bits = CopyOffset; + + CopyOffsetIndex = ncrush->HuffTableCopyOffset[bits + 2]; ++ ++ if (CopyOffsetIndex >= ARRAYSIZE(CopyOffsetBitsLUT)) ++ return -1; ++ + CopyOffsetBits = CopyOffsetBitsLUT[CopyOffsetIndex]; + IndexLEC = 257 + CopyOffsetIndex; ++ if (IndexLEC >= ARRAYSIZE(HuffLengthLEC)) ++ return -1; + BitLength = HuffLengthLEC[IndexLEC]; ++ ++ if (IndexLEC * 2ull >= ARRAYSIZE(HuffCodeLEC)) ++ return -1; + CodeLEC = get_word(&HuffCodeLEC[IndexLEC * 2]); + + if (BitLength > 15) +@@ -2687,13 +2732,23 @@ int ncrush_compress(NCRUSH_CONTEXT* ncrush, BYTE* pSrcData, UINT32 SrcSize, BYTE + else + IndexCO = ncrush->HuffTableLOM[MatchLength]; + ++ if (IndexCO >= ARRAYSIZE(HuffLengthLOM)) ++ return -1; + BitLength = HuffLengthLOM[IndexCO]; ++ ++ if (IndexCO >= ARRAYSIZE(LOMBitsLUT)) ++ return -1; + IndexLOM = LOMBitsLUT[IndexCO]; ++ ++ if (IndexCO >= ARRAYSIZE(HuffCodeLOM)) ++ return -1; + NCrushWriteBits(&DstPtr, &accumulator, &offset, HuffCodeLOM[IndexCO], BitLength); + Mask = ((1 << IndexLOM) - 1); + MaskedBits = (MatchLength - 2) & Mask; + NCrushWriteBits(&DstPtr, &accumulator, &offset, MaskedBits, IndexLOM); + ++ if (IndexCO >= ARRAYSIZE(LOMBaseLUT)) ++ return -1; + if ((MaskedBits + LOMBaseLUT[IndexCO]) != MatchLength) + return -1010; + } +@@ -2701,7 +2756,11 @@ int ncrush_compress(NCRUSH_CONTEXT* ncrush, BYTE* pSrcData, UINT32 SrcSize, BYTE + { + /* CopyOffset in OffsetCache */ + IndexLEC = 289 + OffsetCacheIndex; ++ if (IndexLEC >= ARRAYSIZE(HuffLengthLEC)) ++ return -1; + BitLength = HuffLengthLEC[IndexLEC]; ++ if (IndexLEC * 2ull >= ARRAYSIZE(HuffCodeLEC)) ++ return -1; + CodeLEC = get_word(&HuffCodeLEC[IndexLEC * 2]); + + if (BitLength >= 15) +@@ -2714,13 +2773,24 @@ int ncrush_compress(NCRUSH_CONTEXT* ncrush, BYTE* pSrcData, UINT32 SrcSize, BYTE + else + IndexCO = ncrush->HuffTableLOM[MatchLength]; + ++ if (IndexCO >= ARRAYSIZE(HuffLengthLOM)) ++ return -1; ++ + BitLength = HuffLengthLOM[IndexCO]; ++ ++ if (IndexCO >= ARRAYSIZE(LOMBitsLUT)) ++ return -1; + IndexLOM = LOMBitsLUT[IndexCO]; ++ ++ if (IndexCO >= ARRAYSIZE(HuffCodeLOM)) ++ return -1; + NCrushWriteBits(&DstPtr, &accumulator, &offset, HuffCodeLOM[IndexCO], BitLength); + Mask = ((1 << IndexLOM) - 1); + MaskedBits = (MatchLength - 2) & Mask; + NCrushWriteBits(&DstPtr, &accumulator, &offset, MaskedBits, IndexLOM); + ++ if (IndexCO >= ARRAYSIZE(LOMBaseLUT)) ++ return -1; + if ((MaskedBits + LOMBaseLUT[IndexCO]) != MatchLength) + return -1012; + } +@@ -2745,6 +2815,10 @@ int ncrush_compress(NCRUSH_CONTEXT* ncrush, BYTE* pSrcData, UINT32 SrcSize, BYTE + Literal = *SrcPtr++; + HistoryPtr++; + IndexLEC = Literal; ++ if (IndexLEC >= ARRAYSIZE(HuffLengthLEC)) ++ return -1; ++ if (IndexLEC * 2ull >= ARRAYSIZE(HuffCodeLEC)) ++ return -1; + BitLength = HuffLengthLEC[IndexLEC]; + CodeLEC = get_word(&HuffCodeLEC[IndexLEC * 2]); + +@@ -2817,6 +2891,11 @@ static int ncrush_generate_tables(NCRUSH_CONTEXT* context) + else + i = context->HuffTableLOM[k]; + ++ if (i >= ARRAYSIZE(LOMBitsLUT)) ++ return -1; ++ if (i >= ARRAYSIZE(LOMBaseLUT)) ++ return -1; ++ + if (((((1 << LOMBitsLUT[i]) - 1) & (k - 2)) + LOMBaseLUT[i]) != k) + return -1; + } diff --git a/meta-oe/recipes-support/freerdp/freerdp_2.6.1.bb b/meta-oe/recipes-support/freerdp/freerdp_2.6.1.bb index 5122a2d057..e422d46a81 100644 --- a/meta-oe/recipes-support/freerdp/freerdp_2.6.1.bb +++ b/meta-oe/recipes-support/freerdp/freerdp_2.6.1.bb @@ -30,6 +30,7 @@ SRC_URI = "git://github.com/FreeRDP/FreeRDP.git;branch=stable-2.0;protocol=https file://CVE-2023-39353.patch \ file://CVE-2023-40181.patch \ file://CVE-2023-40569.patch \ + file://CVE-2023-40589.patch \ " S = "${WORKDIR}/git" From patchwork Thu Jan 22 05:43:54 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gyorgy Sarvari X-Patchwork-Id: 79378 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 0F078C44536 for ; Thu, 22 Jan 2026 05:44:07 +0000 (UTC) Received: from mail-wm1-f54.google.com (mail-wm1-f54.google.com [209.85.128.54]) by mx.groups.io with SMTP id smtpd.msgproc01-g2.31389.1769060643173768148 for ; Wed, 21 Jan 2026 21:44:03 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20230601 header.b=JZ1o2RwN; spf=pass (domain: gmail.com, ip: 209.85.128.54, mailfrom: skandigraun@gmail.com) Received: by mail-wm1-f54.google.com with SMTP id 5b1f17b1804b1-47d63594f7eso4655955e9.0 for ; Wed, 21 Jan 2026 21:44:02 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1769060641; x=1769665441; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=QLAKl7finsTvNaXFlKbODvvGz6Ld35ZWA0V7fvXM4rc=; b=JZ1o2RwN1Bri9Uuv3Elk05hp0lF7WZvpSsDFraiUvytZQTE3e1ZI/aBA2lrDJP7FB0 2gQD1RyLpQTbnV9UoWdPuY/51EWZVzHo40NekTJvLnp7hL73V5xneyGJBNGyCtTUz/Be C69aLApbDPie8Q4b2rywYdJSig97Y2D8yBiUMwTZ6WXxdyiD1TqIqxY2iWh+m8HEvBxP vyzcwbrF10F2OgAZ9C3vH+qhwBYkotvishSijY8MYBbrLohDuWHpdMW+nDtVmDeyEpx+ IAeii+jnB8cxtqyiTCuxe5ASIysagPbBRk8sWyXM37Hg0MKfmnB0plcRddgsCDznx9xy IDOw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1769060641; x=1769665441; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=QLAKl7finsTvNaXFlKbODvvGz6Ld35ZWA0V7fvXM4rc=; b=PrIZJTkqvd27WtFs8tS8HbQHhZXGHfZx5HQ++SM/tTEOoaCk0e3XhAXyTDaQWmWxO0 A9856qy8mikPEggfyDm/MFa3iEze0h7ZzYYC23Mr7+JRwCOI2df7PgY5M0Tr3mD70W2C SMS4mp8bm3m/XcG65zIUi5K5G6k1WuHsr/NrrxQGSktXWoDYrOIlx08S6ysCAYKJCiJ0 +awZVsxOuJdFviYKO08DVthVOzPNZRrFseBw8tumuIUlS8OHmoeE9Jl15Oh7EIHkUgNw to6FHsPK/bJ4TQEhbe8Nvqi3vnz3Y3OEHxwG3UKFx/mX8LyvmKR5TKr8sSnXfE2JOg56 o0XA== X-Gm-Message-State: AOJu0YwjeZpo6gCT13s0pOW4iJKClYc+daS3EuX92emj2uFIwaQbXWuj 9X72wRTUOV0dFTDd4swvlvCL8LiVOGK6bz+lZ19c8vmfKPIbrF6lqkfYptj6LQ== X-Gm-Gg: AZuq6aIjsreqVNRreZjnxm41S0jhiG6ZJQ1fCqTG3AS15e2lmlDwf3YyOGFjowJp05C gljcETtknIybCIw7OEYjhBeyH4dqMh2o5Bs3PIFwVhT8vhlNpoSYCxk/qn/5OA7k155W0r3YbXB SAFKQ3LAjvh1hgDCMPy80bUSYkaaJx9mO0CSvJwaf6foNk395IzYVPoqx/HDcNEDSm3OMpcDpTA fXOiH2WSg+W7XhYYubP9IrRCHtoBgODeqfesWHAGgf6poG1nfRXh0BCzX/pjS1SGJoOA74Owyq/ bgYXorwhcxAV3CVer1XlGDU/pknlviBZ/BaAWdJP51otY7p+zVZLdxKU1vAOBdty0CDGn9Qgx5l 29t6Kf5wD4skGGnGlWfl2+raapc/2XKwiXXSxmA1m3dMBDOAAiEFLJeG3gJXaTFwOySqVndRfWo Ni1gW/9fy5lZs/kjQ9YhQ= X-Received: by 2002:a05:600c:34c9:b0:480:25ae:9993 with SMTP id 5b1f17b1804b1-4802ce16557mr214976135e9.20.1769060641452; Wed, 21 Jan 2026 21:44:01 -0800 (PST) Received: from desktop ([51.154.145.205]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-480424aa344sm43912035e9.3.2026.01.21.21.43.59 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 21 Jan 2026 21:44:01 -0800 (PST) From: Gyorgy Sarvari To: openembedded-devel@lists.openembedded.org Subject: [meta-oe][kirkstone][PATCH 3/5] freerdp: patch CVE-2024-22211 Date: Thu, 22 Jan 2026 06:43:54 +0100 Message-ID: <20260122054356.3570391-3-skandigraun@gmail.com> X-Mailer: git-send-email 2.52.0 In-Reply-To: <20260122054356.3570391-1-skandigraun@gmail.com> References: <20260122054356.3570391-1-skandigraun@gmail.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Thu, 22 Jan 2026 05:44:07 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-devel/message/123727 Details: https://nvd.nist.gov/vuln/detail/CVE-2024-22211 Pick the patch that is referenced by the NVD report as the solution. Signed-off-by: Gyorgy Sarvari --- .../freerdp/freerdp/CVE-2024-22211.patch | 36 +++++++++++++++++++ .../recipes-support/freerdp/freerdp_2.6.1.bb | 1 + 2 files changed, 37 insertions(+) create mode 100644 meta-oe/recipes-support/freerdp/freerdp/CVE-2024-22211.patch diff --git a/meta-oe/recipes-support/freerdp/freerdp/CVE-2024-22211.patch b/meta-oe/recipes-support/freerdp/freerdp/CVE-2024-22211.patch new file mode 100644 index 0000000000..394094be16 --- /dev/null +++ b/meta-oe/recipes-support/freerdp/freerdp/CVE-2024-22211.patch @@ -0,0 +1,36 @@ +From 4d3dcfcf537a32ffbebbdba11a7b0748baec4e31 Mon Sep 17 00:00:00 2001 +From: Armin Novak +Date: Sat, 13 Jan 2024 21:01:55 +0100 +Subject: [PATCH] check resolution for overflow + +If the codec resolution is too large return an error as the internal +buffers would otherwise overflow. + +(cherry picked from commit 44edab1deae4f8c901c00a00683f888cef36d853) + +CVE: CVE-2024-22211 +Upstream-Status: Backport [https://github.com/FreeRDP/FreeRDP/commit/aeac3040cc99eeaff1e1171a822114c857b9dca9] +Signed-off-by: Gyorgy Sarvari +--- + libfreerdp/codec/planar.c | 8 +++++++- + 1 file changed, 7 insertions(+), 1 deletion(-) + +diff --git a/libfreerdp/codec/planar.c b/libfreerdp/codec/planar.c +index 12b9f6daf..58d4e4bae 100644 +--- a/libfreerdp/codec/planar.c ++++ b/libfreerdp/codec/planar.c +@@ -1486,7 +1486,13 @@ BOOL freerdp_bitmap_planar_context_reset(BITMAP_PLANAR_CONTEXT* context, UINT32 + context->bgr = FALSE; + context->maxWidth = ALIGN(width, 4); + context->maxHeight = ALIGN(height, 4); +- context->maxPlaneSize = context->maxWidth * context->maxHeight; ++ const UINT64 tmp = (UINT64)context->maxWidth * context->maxHeight; ++ if (tmp > UINT32_MAX) ++ return FALSE; ++ context->maxPlaneSize = tmp; ++ ++ if (context->maxWidth > UINT32_MAX /4) ++ return FALSE; + context->nTempStep = context->maxWidth * 4; + free(context->planesBuffer); + free(context->pTempData); diff --git a/meta-oe/recipes-support/freerdp/freerdp_2.6.1.bb b/meta-oe/recipes-support/freerdp/freerdp_2.6.1.bb index e422d46a81..9ad95e1700 100644 --- a/meta-oe/recipes-support/freerdp/freerdp_2.6.1.bb +++ b/meta-oe/recipes-support/freerdp/freerdp_2.6.1.bb @@ -31,6 +31,7 @@ SRC_URI = "git://github.com/FreeRDP/FreeRDP.git;branch=stable-2.0;protocol=https file://CVE-2023-40181.patch \ file://CVE-2023-40569.patch \ file://CVE-2023-40589.patch \ + file://CVE-2024-22211.patch \ " S = "${WORKDIR}/git" From patchwork Thu Jan 22 05:43:55 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gyorgy Sarvari X-Patchwork-Id: 79379 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 00979D625EF for ; Thu, 22 Jan 2026 05:44:06 +0000 (UTC) Received: from mail-wm1-f48.google.com (mail-wm1-f48.google.com [209.85.128.48]) by mx.groups.io with SMTP id smtpd.msgproc02-g2.31039.1769060643841868056 for ; Wed, 21 Jan 2026 21:44:04 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20230601 header.b=SxElv2qU; spf=pass (domain: gmail.com, ip: 209.85.128.48, mailfrom: skandigraun@gmail.com) Received: by mail-wm1-f48.google.com with SMTP id 5b1f17b1804b1-47ee937ecf2so4200685e9.0 for ; Wed, 21 Jan 2026 21:44:03 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1769060642; x=1769665442; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=bOvbhWNs+ESR1muZy/lqKD68AjyWWseRc+YW+jkjZXc=; b=SxElv2qU5uiHfcCpOOhqcCS9Zaa/1mlMLnoitb1SY7CEmBCDftVqy7ZD/ze3AxygJN R7SyXDH8K8Jr60yhbYLNsvCtcDW9LeaQE+y1JN3DxnOAZs0NQkT4Co2v9a8a+B/iqs1Z VYjR40hULRQrNvF1EP4Fjsjo/+P1zRNh8ZB2Ck31nuB+VzjmwIP3gIB/1/xPYSY9bmjV uZMzRQW47VZwhhoN4yA3gUr5guWDxLcHb/MV0hKVfrFiscE102ARGYZ2b+x+iF62favY OUZxPJDX7PyyP/it4obyQ275AAzx3yd70i7JYy08zKk1xURaR47VcGiQJ4fA2AIP+eNN J7pw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1769060642; x=1769665442; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=bOvbhWNs+ESR1muZy/lqKD68AjyWWseRc+YW+jkjZXc=; b=ds8CZ299Ya9Nzj8ki8TKTNkaMZ5aTi9upADePl/GH8lQxKjUVMXSbkxIyNjydHueXz sSDHVLIAieJZC46xv9F3pcUPCgjgR359TCliuvcC63Xzs7+jTqMGucR4wk2OKscVLasl gHnhT6H8W3mh3LtxHhixD8IuJGaF7g6nzm4uomaWEzV8hL5aX7gVc7k00ebjQRFjn69I gyzOabOkZ0QnNqxEgHqKHaOTHMFZruzfhZkmSpkt51pKhaQq21h6joKcF3mY59Z/S2Sc qDoJG2VnhRvXZ7WiRw0AYUN7WKVNGJ1r0Dgu98Fsb1lSBFu+6ilIxiywCKfuWrBD0hox t5fA== X-Gm-Message-State: AOJu0YwNY1g9HKWMjTJ8lf25DmFckAA1D99tv24NOBngBxTpaEC7jir1 TBuoGhBcpX1grtmoD/D9TV8cQUnlJvthJj8yha6seUFwVD0S6RryjQnTw/PylQ== X-Gm-Gg: AZuq6aJEeo3jg4HfqxxAK+oe7RTSYghp3ksPOTuUp3+86m9epHL25dr8Y2zNtUacphj Gl1BvZTaLzNMU/NvECTyXCGo6hdnxxJ6bcXgIqdOqPXfQ4IO3slkVGi8IeSCEfxKdiES9dUNKEs ybJJrC/R02y+TW+wfjik2cygW31GCScxvIilhb+FOvCA7793/7qYeb+5b7hjIrc6Gi7jdvLFKT4 8ab1bnKad8HYgd0f6PnF04aLdStKqyrJWHNlkyLIIkI+hR/o7GPoqpCdbLdKkwo2/iRl3ZF+Qmx 79vMXdItR5r9BMCUOS2hJW/d5cML2BLp/uaBInGQWEzrpM9craSYnrRz0plIpjw8wMyues2f5ul aDjeax88Ja4TmEH3/+35igOgQiAVL+DhP90ftP0x0eYfE9NtZSzli/ja1ChK01EPBFaMiIDvQdP Q51/fw8bge X-Received: by 2002:a05:600c:4f4a:b0:46e:59bd:f7e2 with SMTP id 5b1f17b1804b1-48047087235mr30212245e9.11.1769060642113; Wed, 21 Jan 2026 21:44:02 -0800 (PST) Received: from desktop ([51.154.145.205]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-480424aa344sm43912035e9.3.2026.01.21.21.44.01 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 21 Jan 2026 21:44:01 -0800 (PST) From: Gyorgy Sarvari To: openembedded-devel@lists.openembedded.org Subject: [meta-oe][kirkstone][PATCH 4/5] freerdp: patch CVE-2024-32039 Date: Thu, 22 Jan 2026 06:43:55 +0100 Message-ID: <20260122054356.3570391-4-skandigraun@gmail.com> X-Mailer: git-send-email 2.52.0 In-Reply-To: <20260122054356.3570391-1-skandigraun@gmail.com> References: <20260122054356.3570391-1-skandigraun@gmail.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Thu, 22 Jan 2026 05:44:06 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-devel/message/123728 Details: https://nvd.nist.gov/vuln/detail/CVE-2024-32039 Pick the commit that is marked to resolve this vulerability, mentioned by the Github advisory[1]. [1]: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-q5h8-7j42-j4r9 Signed-off-by: Gyorgy Sarvari --- .../freerdp/freerdp/CVE-2024-32039.patch | 78 +++++++++++++++++++ .../recipes-support/freerdp/freerdp_2.6.1.bb | 1 + 2 files changed, 79 insertions(+) create mode 100644 meta-oe/recipes-support/freerdp/freerdp/CVE-2024-32039.patch diff --git a/meta-oe/recipes-support/freerdp/freerdp/CVE-2024-32039.patch b/meta-oe/recipes-support/freerdp/freerdp/CVE-2024-32039.patch new file mode 100644 index 0000000000..4def7320b9 --- /dev/null +++ b/meta-oe/recipes-support/freerdp/freerdp/CVE-2024-32039.patch @@ -0,0 +1,78 @@ +From 519c08d4720950dbeef8e671431ff8a6ea4e2927 Mon Sep 17 00:00:00 2001 +From: akallabeth +Date: Tue, 16 Apr 2024 08:35:05 +0200 +Subject: [PATCH] fix integer overflow + +reorder check to prevent possible integer overflow + +(cherry picked from commit 3a2a241b8fcfee853e35cc54bec00375096fedd9) + +CVE: CVE-2024-32039 +Upstream-Status: Backport [https://github.com/FreeRDP/FreeRDP/commit/d88ad1acd142769650a6159906ac90f46a766265] +Signed-off-by: Gyorgy Sarvari +--- + libfreerdp/codec/clear.c | 2 +- + libfreerdp/codec/zgfx.c | 16 +++++++++++----- + 2 files changed, 12 insertions(+), 6 deletions(-) + +diff --git a/libfreerdp/codec/clear.c b/libfreerdp/codec/clear.c +index fadd98e67..0e169cf9d 100644 +--- a/libfreerdp/codec/clear.c ++++ b/libfreerdp/codec/clear.c +@@ -410,7 +410,7 @@ static BOOL clear_decompress_residual_data(CLEAR_CONTEXT* clear, wStream* s, + } + } + +- if ((pixelIndex + runLengthFactor) > pixelCount) ++ if ((pixelIndex >= pixelCount) || (runLengthFactor > (pixelCount - pixelIndex))) + { + WLog_ERR(TAG, + "pixelIndex %" PRIu32 " + runLengthFactor %" PRIu32 " > pixelCount %" PRIu32 +diff --git a/libfreerdp/codec/zgfx.c b/libfreerdp/codec/zgfx.c +index 4489b3798..3ed5067c8 100644 +--- a/libfreerdp/codec/zgfx.c ++++ b/libfreerdp/codec/zgfx.c +@@ -23,6 +23,8 @@ + #include "config.h" + #endif + ++#include ++ + #include + #include + #include +@@ -230,7 +232,10 @@ static BOOL zgfx_decompress_segment(ZGFX_CONTEXT* zgfx, wStream* stream, size_t + BYTE* pbSegment; + size_t cbSegment; + +- if (!zgfx || !stream || (segmentSize < 2)) ++ assert((zgfx) && "Assert failed: zgfx"); ++ assert((stream) && "Assert failed: stream"); ++ ++ if (segmentSize < 2) + return FALSE; + + cbSegment = segmentSize - 1; +@@ -349,8 +354,9 @@ static BOOL zgfx_decompress_segment(ZGFX_CONTEXT* zgfx, wStream* stream, size_t + + if (count > sizeof(zgfx->OutputBuffer) - zgfx->OutputCount) + return FALSE; +- +- if (count > zgfx->cBitsRemaining / 8) ++ else if (count > zgfx->cBitsRemaining / 8) ++ return FALSE; ++ else if (zgfx->pbInputCurrent + count > zgfx->pbInputEnd) + return FALSE; + + CopyMemory(&(zgfx->OutputBuffer[zgfx->OutputCount]), zgfx->pbInputCurrent, +@@ -377,8 +383,8 @@ int zgfx_decompress(ZGFX_CONTEXT* zgfx, const BYTE* pSrcData, UINT32 SrcSize, BY + BYTE descriptor; + wStream* stream = Stream_New((BYTE*)pSrcData, SrcSize); + +- if (!stream) +- return -1; ++ assert((zgfx) && "Assert failed: zgfx"); ++ assert((stream) && "Assert failed: stream"); + + if (Stream_GetRemainingLength(stream) < 1) + goto fail; diff --git a/meta-oe/recipes-support/freerdp/freerdp_2.6.1.bb b/meta-oe/recipes-support/freerdp/freerdp_2.6.1.bb index 9ad95e1700..c616a55958 100644 --- a/meta-oe/recipes-support/freerdp/freerdp_2.6.1.bb +++ b/meta-oe/recipes-support/freerdp/freerdp_2.6.1.bb @@ -32,6 +32,7 @@ SRC_URI = "git://github.com/FreeRDP/FreeRDP.git;branch=stable-2.0;protocol=https file://CVE-2023-40569.patch \ file://CVE-2023-40589.patch \ file://CVE-2024-22211.patch \ + file://CVE-2024-32039.patch \ " S = "${WORKDIR}/git" From patchwork Thu Jan 22 05:43:56 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gyorgy Sarvari X-Patchwork-Id: 79376 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id F3D7CD625EB for ; Thu, 22 Jan 2026 05:44:06 +0000 (UTC) Received: from mail-wm1-f54.google.com (mail-wm1-f54.google.com [209.85.128.54]) by mx.groups.io with SMTP id smtpd.msgproc02-g2.31040.1769060644505359088 for ; Wed, 21 Jan 2026 21:44:04 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20230601 header.b=AMvS+XJX; spf=pass (domain: gmail.com, ip: 209.85.128.54, mailfrom: skandigraun@gmail.com) Received: by mail-wm1-f54.google.com with SMTP id 5b1f17b1804b1-47ee0291921so4611525e9.3 for ; Wed, 21 Jan 2026 21:44:04 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1769060643; x=1769665443; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=WyaRnZ37tQn4BW3UnQmS4wmnC8BhvsmaFtiQHkfFlfE=; b=AMvS+XJXm3H4tXAWjr7xPkXwqesHb9hOwiSGm+1HloZm2md2d05iel7ydU93FYS8zx MCnYbUqY5aN297cceNuICRZY7czRnzALn3VERyBUuy75vlLX0x+o+54jBC1HF+2QLNST /P1t+bO6O0gJc5cd++Qlr1sZIVGuP/Pt3w0rl1e0EJ2j1d6ZSqVlC8iIMltiX0eSusNw ekoSrMI4pi+07YwOnr33wpbSlGlA+L+/BcdYQOePPdFlrplX21PiDf7OfAVyEBdaHisS SEOnSSz6BD0nYqucXhLBo3b00CE8zZWJeDeoaSEzioo5Y3f004HJGbkbm2xLRSGFIBhR yEfA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1769060643; x=1769665443; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=WyaRnZ37tQn4BW3UnQmS4wmnC8BhvsmaFtiQHkfFlfE=; b=tMRIFQB1XtD8CAnZ4Os9OlpRKNcOv9GeiTgDwLidzJ9ksSUTingk0kC847PwEpD7Yy hjPNuJnZsbM3V1HCQsjmrGGUHL5T1Gu09Ny9ByFwuewxcDf/jszVR1+y6wGzV37BRiT5 ZlGWu9ngekK06Ragr3M8tlOUEDprsa5qntRqW1pWXxmurmvCfhB6uMJstjTAL4zfvLZR DHLwCL0MbC9ZkTsLSklmLkg7Se0RfVvkfVs3kHsQ53agg9rvAtrA8859R35x3NwDamSU ayVllVKe5dczohG98UzDd0DnO6Lc32ceNGavwVTOtKviaP3FFTLlBUg5Vq6PH68hJjxB yl0A== X-Gm-Message-State: AOJu0Yz4eG15aSFIIK8d2z14YswrgltmzN7406/KVeTrzYcTd5W/vnPE myO/yonNlzPdOH4dajjjBs9d5oglIjM8Pp01c7CE78a3mA0CxoRJIJorwdvQcg== X-Gm-Gg: AZuq6aJiKk0xCH9la6I1ETeF6Ajus4thcMFV6Ayhdkk12RaaLILIQUCVe1TJ+HemQ/5 Is/zJhEUW+6fNSlUxypTLHlDyOov4DnCjAnIgFQyJ/9ggHg7MrWFDT02q7sCZGH8rXT1Poa5/tE AqjIc6AW55eFjMlfd2x0ZzoIwxvTLaaGygUB7QDK8/+YfO2l4jYm4jsS6tk05MujJ6ARiCFEu82 Q0ICYXIr1ZnUnVpVKy9vq18bEHeU3KmordWwEk+qtfBETxqzDkB00fpVifK85Tum6ZSxlvTj/I0 NINFAMTPpHJQuKA0UUoHb1evdWUBDfiQED0LiO/yCQmqwKIY0hKXMNooxIkmiexgHy4iDH4c/TS tWyIvbN3TC60567ZzP1YpB5Jtw9XBim0KVLtm86BB8ikGH2i70EmMzHpCR4KjsP+RmzOVDRfRM2 mt11MfXZyH X-Received: by 2002:a05:600c:45d1:b0:477:7ae0:cd6e with SMTP id 5b1f17b1804b1-4801eab5602mr273750755e9.5.1769060642771; Wed, 21 Jan 2026 21:44:02 -0800 (PST) Received: from desktop ([51.154.145.205]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-480424aa344sm43912035e9.3.2026.01.21.21.44.02 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 21 Jan 2026 21:44:02 -0800 (PST) From: Gyorgy Sarvari To: openembedded-devel@lists.openembedded.org Subject: [meta-oe][kirkstone][PATCH 5/5] freerdp: patch CVE-2024-32040 Date: Thu, 22 Jan 2026 06:43:56 +0100 Message-ID: <20260122054356.3570391-5-skandigraun@gmail.com> X-Mailer: git-send-email 2.52.0 In-Reply-To: <20260122054356.3570391-1-skandigraun@gmail.com> References: <20260122054356.3570391-1-skandigraun@gmail.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Thu, 22 Jan 2026 05:44:06 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-devel/message/123729 Details: https://nvd.nist.gov/vuln/detail/CVE-2024-32040 Pick the patch that is marked to resolve this vulnerability, from the related Github advisory[1]. [1]: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-23c5-cp23-h2h5 Signed-off-by: Gyorgy Sarvari --- .../freerdp/freerdp/CVE-2024-32040.patch | 30 +++++++++++++++++++ .../recipes-support/freerdp/freerdp_2.6.1.bb | 1 + 2 files changed, 31 insertions(+) create mode 100644 meta-oe/recipes-support/freerdp/freerdp/CVE-2024-32040.patch diff --git a/meta-oe/recipes-support/freerdp/freerdp/CVE-2024-32040.patch b/meta-oe/recipes-support/freerdp/freerdp/CVE-2024-32040.patch new file mode 100644 index 0000000000..670cad23f0 --- /dev/null +++ b/meta-oe/recipes-support/freerdp/freerdp/CVE-2024-32040.patch @@ -0,0 +1,30 @@ +From a7e801f42a3a71332cca22aedccfcda378b8dfcc Mon Sep 17 00:00:00 2001 +From: akallabeth +Date: Tue, 16 Apr 2024 08:26:37 +0200 +Subject: [PATCH] fix missing check + +in nsc_rle_decode abort if there are more bytes to be read then there +are left. + +(cherry picked from commit fb4f2d6e4db563077afcae4d270ba78ff905f6cf) + +CVE: CVE-2024-32040 +Upstream-Status: Backport [https://github.com/FreeRDP/FreeRDP/commit/5893b5f277db38b0040c572b078de838b84cfc07] +Signed-off-by: Gyorgy Sarvari +--- + libfreerdp/codec/nsc.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/libfreerdp/codec/nsc.c b/libfreerdp/codec/nsc.c +index dc3a978ed..007364ee7 100644 +--- a/libfreerdp/codec/nsc.c ++++ b/libfreerdp/codec/nsc.c +@@ -147,7 +147,7 @@ static BOOL nsc_rle_decode(BYTE* in, BYTE* out, UINT32 outSize, UINT32 originalS + len |= ((UINT32)(*in++)) << 24U; + } + +- if (outSize < len) ++ if ((outSize < len) || (left < len)) + return FALSE; + + outSize -= len; diff --git a/meta-oe/recipes-support/freerdp/freerdp_2.6.1.bb b/meta-oe/recipes-support/freerdp/freerdp_2.6.1.bb index c616a55958..06aac0325f 100644 --- a/meta-oe/recipes-support/freerdp/freerdp_2.6.1.bb +++ b/meta-oe/recipes-support/freerdp/freerdp_2.6.1.bb @@ -33,6 +33,7 @@ SRC_URI = "git://github.com/FreeRDP/FreeRDP.git;branch=stable-2.0;protocol=https file://CVE-2023-40589.patch \ file://CVE-2024-22211.patch \ file://CVE-2024-32039.patch \ + file://CVE-2024-32040.patch \ " S = "${WORKDIR}/git"